Diskbase 5.11的破解和註冊演算法(俺是新手) (18千字)
軟體名稱: Diskbase 5.11
軟體下載: www.diskbase.com
軟體用途: 這個軟體的功能類似於CDCollection,就是能夠儲存CD的目錄結構----資料庫,以便離線查詢.
工具: TRW2000 1.22 , W32dasm ,FileInfo v2.43
日期: 2000.5.18
作者: Fengy
特此,感謝toye和 bnbnf大哥對俺的幫助!!!
過程:
1) 使用 FileInfo v2.43 檢測主程式“diskbase.exe”,沒有殼的,是delphi編譯的
2) 用W32dasm反編譯diskbase.exe,結果如下:
主程式:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047735F(C)
|
:004773EE 8B45FC
mov eax, dword ptr [ebp-04]
:004773F1 8D9008020000 lea edx, dword
ptr [eax+00000208]
:004773F7 8B45FC
mov eax, dword ptr [ebp-04]
:004773FA 051C020000 add eax,
0000021C
:004773FF E82CF7FFFF call 00476B30
<<---- 註冊驗證過程,追入
:00477404 84C0
test al, al
:00477406 0F85BD000000 jne 004774C9
<<---- 分界點了
:0047740C C685B0FDFFFF00 mov byte ptr [ebp+FFFFFDB0],
00
* Possible StringData Ref from Code Obj ->"The DiskBase program is now registered.
"
|
<<---- 註冊正確的提示資訊
:00477413 BAFC754700 mov edx,
004775FC
:00477418 8D85B0FDFFFF lea eax, dword
ptr [ebp+FFFFFDB0]
:0047741E E841F4F8FF call 00406864
* Possible StringData Ref from Code Obj ->"Please make a backup copy of the
"
->"file:"
$
$
$
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00477406(C)
|
:004774C9 6A30
push 00000030
* Possible StringData Ref from Code Obj ->"DiskBase Registration"
|
:004774CB B944774700 mov ecx,
00477744
<<---- 註冊錯誤的提示資訊
* Possible StringData Ref from Code Obj ->"This license number is not valid.
"
->"Please check
if you entered all "
->"data in exactly
the same form "
->"in which you
received it."
|
:004774D0 BA5C774700 mov edx,
0047775C
:004774D5 A124864900 mov eax,
dword ptr [00498624]
:004774DA E815F3FAFF call 004267F4
**************************************************************************
* Referenced by a CALL at Addresses: 註冊驗證過程子程式
|:00476BB2 , :004773FF
|
:00476B30 55
push ebp
:00476B31 8BEC
mov ebp, esp
:00476B33 83C4E8
add esp, FFFFFFE8
:00476B36 8955F8
mov dword ptr [ebp-08], edx
:00476B39 8945FC
mov dword ptr [ebp-04], eax
:00476B3C C645F700 mov
[ebp-09], 00
:00476B40 8B45FC
mov eax, dword ptr [ebp-04]
:00476B43 E814F0FFFF call 00475B5C
:00476B48 8B55FC
mov edx, dword ptr [ebp-04]
:00476B4B 81C2A4000000 add edx, 000000A4
:00476B51 B8886B4700 mov eax,
00476B88
:00476B56 E8D1BEF8FF call 00402A2C
:00476B5B 85C0
test eax, eax
:00476B5D 7F20
jg 00476B7F
:00476B5F 8D55F0
lea edx, dword ptr [ebp-10]
:00476B62 8B45FC
mov eax, dword ptr [ebp-04]
:00476B65 E8B6F2FFFF call 00475E20
<<-----
根據你的註冊資訊計算註冊碼子程
:00476B6A 8B45F8
mov eax, dword ptr [ebp-08]
:00476B6D 8B4008
mov eax, dword ptr [eax+08] <<----- eax = 你隨便輸入的註冊碼
:00476B70 3B45F0
cmp eax, dword ptr [ebp-10] <<----- [ebp-10] 正確的註冊碼
:00476B73 750A
jne 00476B7F
<<------不一樣就錯了!!!
:00476B75 837DF000 cmp
dword ptr [ebp-10], 00000000
:00476B79 7404
je 00476B7F
:00476B7B C645F701 mov
[ebp-09], 01
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00476B5D(C), :00476B73(C), :00476B79(C)
|
:00476B7F 8A45F7
mov al, byte ptr [ebp-09]
:00476B82 8BE5
mov esp, ebp
:00476B84 5D
pop ebp
:00476B85 C3
ret
***************************************************************
|
* Referenced by a CALL at Address: 計算regcode的子程式
|:00476B65
|
:00475E20 55
push ebp
:00475E21 8BEC
mov ebp, esp
:00475E23 83C4EC
add esp, FFFFFFEC
:00475E26 8955EC
mov dword ptr [ebp-14], edx
:00475E29 8945F0
mov dword ptr [ebp-10], eax
:00475E2C 33C0
xor eax, eax
:00475E2E 8945F4
mov dword ptr [ebp-0C], eax
:00475E31 C745FC78563412 mov [ebp-04], 12345678
<<---- 以下稱為op1
:00475E38 C745F821436587 mov [ebp-08], 87654321
<<---- 以下稱為op2 ;就是對這兩個引數操作
:00475E3F 55
push ebp
:00475E40 8B45F0
mov eax, dword ptr [ebp-10]
:00475E43 83C024
add eax, 00000024
<<---- name :
:00475E46 E81DFFFFFF call 00475D68
:00475E4B 59
pop ecx
:00475E4C 55
push ebp
:00475E4D 8B45F0
mov eax, dword ptr [ebp-10]
:00475E50 83C064
add eax, 00000064 <<---- organization:
:00475E53 E810FFFFFF call 00475D68
:00475E58 59
pop ecx
:00475E59 55
push ebp
:00475E5A 8B45F0
mov eax, dword ptr [ebp-10] <<---- address1:
:00475E5D 05A4000000 add eax,
000000A4
:00475E62 E801FFFFFF call 00475D68
:00475E67 59
pop ecx
:00475E68 55
push ebp
:00475E69 8B45F0
mov eax, dword ptr [ebp-10]
:00475E6C 05E4000000 add eax,
000000E4 <<-----
address2:
:00475E71 E8F2FEFFFF call 00475D68
:00475E76 59
pop ecx
:00475E77 55
push ebp
:00475E78 8B45F0
mov eax, dword ptr [ebp-10]
:00475E7B 053C010000 add eax,
0000013C <<-----
City:
:00475E80 E8E3FEFFFF call 00475D68
:00475E85 59
pop ecx
:00475E86 8B45F0
mov eax, dword ptr [ebp-10]
:00475E89 698058020000C7000000 imul eax, dword ptr [eax+00000258],
000000C7
:00475E93 0145FC
add dword ptr [ebp-04], eax
:00475E96 8B45F0
mov eax, dword ptr [ebp-10]
:00475E99 8B8058020000 mov eax, dword
ptr [eax+00000258]
:00475E9F 05C7000000 add eax,
000000C7
:00475EA4 F76DF8
imul [ebp-08]
:00475EA7 8945F8
mov dword ptr [ebp-08], eax
:00475EAA 8B45FC
mov eax, dword ptr [ebp-04]
:00475EAD 0345F8
add eax, dword ptr [ebp-08]
:00475EB0 8B55EC
mov edx, dword ptr [ebp-14]
:00475EB3 8902
mov dword ptr [edx], eax
<<---- 註冊碼!!!恭喜!!!
:00475EB5 837DF40A cmp
dword ptr [ebp-0C], 0000000A
:00475EB9 7D07
jge 00475EC2
:00475EBB 8B45EC
mov eax, dword ptr [ebp-14]
:00475EBE 33D2
xor edx, edx
:00475EC0 8910
mov dword ptr [eax], edx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00475EB9(C)
|
:00475EC2 8BE5
mov esp, ebp
:00475EC4 5D
pop ebp
:00475EC5 C3
ret
**********************************************************************
對使用者輸入資訊的處理子程式--------用來生成為計算regcode的引數
|
:00475D68 55
push ebp
:00475D69 8BEC
mov ebp, esp
:00475D6B 81C4F4FEFFFF add esp, FFFFFEF4
:00475D71 56
push esi
:00475D72 57
push edi
:00475D73 8BF0
mov esi, eax
:00475D75 8DBDF4FEFFFF lea edi, dword
ptr [ebp+FFFFFEF4]
:00475D7B 33C9
xor ecx, ecx
:00475D7D 8A0E
mov cl, byte ptr [esi]
:00475D7F 41
inc ecx
:00475D80 F3
repz
:00475D81 A4
movsb
:00475D82 33C0
xor eax, eax
:00475D84 8A85F4FEFFFF mov al, byte
ptr [ebp+FFFFFEF4] <<---- string長度
:00475D8A 85C0
test eax, eax
:00475D8C 0F8E86000000 jle 00475E18
:00475D92 8945F4
mov dword ptr [ebp-0C], eax
:00475D95 C745FC01000000 mov [ebp-04], 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00475E16(C)
|
:00475D9C 8B45FC
mov eax, dword ptr [ebp-04]
:00475D9F 8A8405F4FEFFFF mov al, byte ptr
[ebp+eax-0000010C]
:00475DA6 8845FB
mov byte ptr [ebp-05], al
:00475DA9 807DFB61 cmp
byte ptr [ebp-05], 61 <<---- 'a'
:00475DAD 7206
jb 00475DB5
:00475DAF 807DFB7A cmp
byte ptr [ebp-05], 7A <<---- 'z'
:00475DB3 760C
jbe 00475DC1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00475DAD(C)
|
:00475DB5 807DFB41 cmp
byte ptr [ebp-05], 41 <<----
'A'
:00475DB9 7255
jb 00475E10
:00475DBB 807DFB5A cmp
byte ptr [ebp-05], 5A <<----
'Z'
:00475DBF 774F
ja 00475E10
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00475DB3(C)
|
:00475DC1 8B4508
mov eax, dword ptr [ebp+08]
:00475DC4 FF40F4
inc [eax-0C]
:00475DC7 8A45FB
mov al, byte ptr [ebp-05]
:00475DCA E8DDCCF8FF call 00402AAC
<<---- 轉換為大寫字母
:00475DCF 8845FB
mov byte ptr [ebp-05], al
:00475DD2 8A45FB
mov al, byte ptr [ebp-05]
:00475DD5 8D0480
lea eax, dword ptr [eax+4*eax] <<---- 從這就開始註冊演算法了,一個一個字元.注意!!!
:00475DD8 40
inc eax
:00475DD9 25FF000000 and eax,
000000FF
:00475DDE 8B5508
mov edx, dword ptr [ebp+08]
:00475DE1 0142FC
add dword ptr [edx-04], eax <<-----
[edx-04]= op1 +(string[i]*5+1)& 0xff)
:00475DE4 8B4508
mov eax, dword ptr [ebp+08]
:00475DE7 83C0FC
add eax, FFFFFFFC
:00475DEA B201
mov dl, 01
:00475DEC E81BFFFFFF call 00475D0C
<<---- 註冊演算法一部分
:00475DF1 8A45FB
mov al, byte ptr [ebp-05]
:00475DF4 8D0480
lea eax, dword ptr [eax+4*eax]
:00475DF7 40
inc eax
:00475DF8 25FF000000 and eax,
000000FF
:00475DFD 8B5508
mov edx, dword ptr [ebp+08]
:00475E00 0142F8
add dword ptr [edx-08], eax
:00475E03 8B4508
mov eax, dword ptr [ebp+08]
:00475E06 83C0F8
add eax, FFFFFFF8
:00475E09 B201
mov dl, 01
:00475E0B E828FFFFFF call 00475D38
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00475DB9(C), :00475DBF(C)
|
:00475E10 FF45FC
inc [ebp-04]
:00475E13 FF4DF4
dec [ebp-0C]
:00475E16 7584
jne 00475D9C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00475D8C(C)
|
:00475E18 5F
pop edi
:00475E19 5E
pop esi
:00475E1A 8BE5
mov esp, ebp
:00475E1C 5D
pop ebp
:00475E1D C3
ret
****************************************************************
|
:00475D0C 55
push ebp
:00475D0D 8BEC
mov ebp, esp
:00475D0F 83C4F8
add esp, FFFFFFF8
:00475D12 8855FB
mov byte ptr [ebp-05], dl
:00475D15 8945FC
mov dword ptr [ebp-04], eax
:00475D18 807DFB00 cmp
byte ptr [ebp-05], 00
:00475D1C 7613
jbe 00475D31
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00475D2F(C)
|
:00475D1E 55
push ebp
:00475D1F 8B45FC
mov eax, dword ptr [ebp-04]
:00475D22 E8B1FFFFFF call 00475CD8
:00475D27 59
pop ecx
:00475D28 FE4DFB
dec [ebp-05]
:00475D2B 807DFB00 cmp
byte ptr [ebp-05], 00
:00475D2F 77ED
ja 00475D1E
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00475D1C(C)
|
:00475D31 59
pop ecx
:00475D32 59
pop ecx
:00475D33 5D
pop ebp
:00475D34 C3
ret
****************************************************************
* Referenced by a CALL at Address:
|:00475D22
|
:00475CD8 55
push ebp
:00475CD9 8BEC
mov ebp, esp
:00475CDB 83C4F8
add esp, FFFFFFF8
:00475CDE 8945FC
mov dword ptr [ebp-04], eax
:00475CE1 8B45FC
mov eax, dword ptr [ebp-04]
:00475CE4 F6400380 test
[eax+03], 80
:00475CE8 0F9545FB setne
byte ptr [ebp-05] <<----
對這條語句要理解對,感謝toye&bnbnf
:00475CEC 807DFB00 cmp
byte ptr [ebp-05], 00
:00475CF0 7411
je 00475D03
:00475CF2 8B45FC
mov eax, dword ptr [ebp-04]
:00475CF5 8B00
mov eax, dword ptr [eax]
:00475CF7 03C0
add eax, eax
:00475CF9 83C801
or eax, 00000001
:00475CFC 8B55FC
mov edx, dword ptr [ebp-04]
:00475CFF 8902
mov dword ptr [edx], eax
:00475D01 EB05
jmp 00475D08
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00475CF0(C)
|
:00475D03 8B45FC
mov eax, dword ptr [ebp-04]
:00475D06 D120
shl dword ptr [eax], 1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00475D01(U)
|
:00475D08 59
pop ecx
:00475D09 59
pop ecx
:00475D0A 5D
pop ebp
:00475D0B C3
ret
****************************************************************
* Referenced by a CALL at Address:
|:00475E0B
|
:00475D38 55
push ebp
:00475D39 8BEC
mov ebp, esp
:00475D3B 83C4F8
add esp, FFFFFFF8
:00475D3E 8855FB
mov byte ptr [ebp-05], dl
:00475D41 8945FC
mov dword ptr [ebp-04], eax
:00475D44 33C0
xor eax, eax
:00475D46 8A45FB
mov al, byte ptr [ebp-05]
:00475D49 251F000080 and eax,
8000001F
:00475D4E 7905
jns 00475D55
:00475D50 48
dec eax
:00475D51 83C8E0
or eax, FFFFFFE0
:00475D54 40
inc eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00475D4E(C)
|
:00475D55 B220
mov dl, 20
:00475D57 2AD0
sub dl, al
:00475D59 8B45FC
mov eax, dword ptr [ebp-04]
:00475D5C E8ABFFFFFF call 00475D0C
:00475D61 59
pop ecx
:00475D62 59
pop ecx
:00475D63 5D
pop ebp
:00475D64 C3
ret
在註冊子程式對註冊碼的驗證中(call 00475E20),透過輸入的註冊資訊對 12345678 和87654321
操作,得到註冊碼的.
這裡要注意的是,有兩個flag分別針對0x12345678 和0x87654321運算元,就是setne那.
註冊演算法挺容易看明白的,關鍵是setne的操作.
3)幾點說明
(1)在分界點直接修改jne 004774C9 --->je 004774C9 時,註冊成功,生成keyfile,但是,下次,還提示要求註冊.
(2)對於keyfile的註冊方式,俺有很多地方不太明白,沒概念;論壇上的winrar 和 ultraedit俺還在學習.能不能多介紹一些.
相關文章
- Don't Panic 3.2的破解過程(俺是新手) (3千字)2001-05-15
- 《TxEdit 4.6》的註冊碼破解 (11千字)2001-07-28
- 盲打之友V2.5破解(包括註冊演算法) (11千字)2001-10-29演算法
- BrickShooter 2.1破解心得(新手看看吧) (18千字)2001-03-09
- Cleaner 3.2註冊分析 (18千字)2001-12-09
- MouseStar V3.01註冊演算法分析 (18千字)2015-11-15演算法
- Regediter 1.3 破解(得到註冊碼) (9千字)2002-01-23
- eXeScope
V6.41 的註冊演算法破解2004-05-03演算法
- File Shredder 2000破解筆記及註冊演算法 (5千字)2003-04-30筆記演算法
- 紫禁城反黃衛士個人版破解(註冊演算法) (10千字)2001-10-31演算法
- 註冊碼演算法 (2千字)2001-01-14演算法
- IconToy 3.1 註冊碼快速破解 (11千字)2001-03-02
- 猜數記---BCWIPE註冊半破解 (25千字)2001-04-02
- BabyGame 破解方法及註冊碼錶 (1千字)2001-07-04GAM
- winimp1.11註冊碼破解 (2千字)2000-07-16
- 《棋隱》的註冊演算法 (19千字)2001-08-26演算法
- SMailserver2.5註冊碼的破解手記 (1千字)2001-03-01AIServer
- 《ICONSCAN 2.4》註冊碼破解 高手莫入! (3千字)2001-05-06
- 《MAGICWIN RELEASE 1.2》註冊碼破解 高手莫入! (2千字)2001-05-07
- 一種非明碼比較程式的註冊------NS-SHAFT註冊碼破解 (9千字)2015-11-15
- 轉貼 Ronnier 的 AcqURL 5.1 註冊黑名單的破解 (7千字)2001-05-14
- 財智證券結算軟體2.5 破解註冊碼分析!使用ollydbg 破解註冊動畫!高手莫入! (1千字)2001-11-20動畫
- 《WinImage v5.00.5007 註冊碼破解》 (7千字)2001-05-10
- CDSpace Power+註冊演算法 (7千字)2001-07-27演算法
- FolderView 1.7
註冊演算法分析 (14千字)2015-11-15View演算法
- Vopt99 v4.31的註冊碼破解 (11千字)2000-09-28
- 《EASY MP3 2.2》的註冊碼破解 高手莫入! (2千字)2001-05-05
- CuteFTP最新版V4.2.4 線上註冊的破解 (10千字)2001-09-27FTP
- Active Ebook Compiler的註冊演算法 (14千字)2001-05-09Compile演算法
- 某電子書註冊破解實錄,高手莫入。 (6千字)2002-10-05
- 如何破解《彩票快車黃金版》註冊碼 (1千字)2001-04-21
- 豪傑大眼睛共享版註冊碼破解 (1千字)2001-07-08
- Kugle Regediter 1.0 註冊碼破解法(非明碼) (8千字)2001-11-03
- 黑馬課表管理系統2.6註冊破解 (1千字)2002-01-12
- vTuner Plus 3.0 線上註冊的破解方法一:爆破篇 (7千字)2002-06-16
- 《OFFLINE EXPLORER 1.0》的註冊碼破解 高手莫入!! (2千字)2001-05-18
- 交一篇作業---破解Hedit 2.0的註冊碼 (7千字)2001-09-30
- 重新貼過註冊演算法分析 (16千字)2001-10-23演算法