軟體名稱:Don't Panic! 4.0
保護方式:註冊碼
破解人:TAE[FCG] TAE[BCG]
軟體簡介:一個過濾網上黃色資訊的軟體!
下載地址:去華軍軟體園搜尋一下吧!呵呵!
破解方法:計算出註冊碼
********************************************
*首先在這裡感謝 小球[CCG]的鼎立相助,呵呵!*
********************************************
執行程式,大家都會吧?呵呵。
找到輸入註冊碼的視窗,什麼?找不到?我倒!
輸入假註冊碼111-111-1111
進入trw的除錯視窗,下斷點hmemcpy
回到程式選“OK”立馬被攔。
F10,然後到了這裡:
* Reference To: USER32.GetDlgItemTextA, Ord:0107h
|
:0041241D 8B2D48E34100 mov ebp, dword
ptr [0041E348]
:00412423 6800010000 push 00000100
:00412428 68043B6500 push 00653B04
* Possible Reference to Dialog: DLGFILEWAIT, CONTROL_ID:0448, ""
|
:00412479 6848040000 push 00000448
:0041247E 83E103
and ecx, 00000003
:00412481 53
push ebx
:00412482 F3
repz
:00412483 A4
movsb
:00412484 FFD5
call ebp
:00412486 BF043C6500 mov edi,
00653C04
:0041248B 83C9FF
or ecx, FFFFFFFF
:0041248E 33C0
xor eax, eax
:00412490 68043B6500 push 00653B04
:00412495 F2
repnz
:00412496 AE
scasb
:00412497 F7D1
not ecx
:00412499 2BF9
sub edi, ecx
:0041249B 8BF7
mov esi, edi
:0041249D 8BD1
mov edx, ecx
:0041249F BF043B6500 mov edi,
00653B04
:004124A4 83C9FF
or ecx, FFFFFFFF
:004124A7 F2
repnz
:004124A8 AE
scasb
:004124A9 8BCA
mov ecx, edx
:004124AB 4F
dec edi
:004124AC C1E902
shr ecx, 02
:004124AF F3
repz
:004124B0 A5
movsd
:004124B1 8BCA
mov ecx, edx
:004124B3 83E103
and ecx, 00000003
:004124B6 F3
repz
:004124B7 A4
movsb
:004124B8 E8F3FEFFFF call 004123B0
\\執行此CAll後假註冊碼就變成了數值型
:004124BD 8BF0
mov esi, eax
:004124BF 56
push esi
:004124C0 E8DBFDFFFF call 004122A0
\\這裡是關鍵
:004124C5 83C408
add esp, 00000008
:004124C8 85C0
test eax, eax
:004124CA 7558
jne 00412524 \\不跳肯定完蛋!
:004124CC 6A10
push 00000010
* Possible StringData Ref from Data Obj ->"Don't Panic!"
|
:004124CE 6810174200 push 00421710
* Possible StringData Ref from Data Obj ->"The registration number you have
"
->"entered is
not valid. Please "
->"enter a valid
registration number."
|
:004124D3 681C334200 push 0042331C
:004124D8 53
push ebx
進入這個call 004123B0,到了這裡:
|:00405419 , :0040CD7A , :0040CDE9 , :0040DFEE , :004124C0
\\很多呼叫喲!
|
:004122A0 8B442404 mov
eax, dword ptr [esp+04]
:004122A4 68D135E2E1 push E1E235D1
\\注意這個數 (1)
:004122A9 681953C633 push 33C65319
\\注意這個數 (2)
:004122AE 50
push eax
:004122AF E8DCFFFFFF call 00412290
\\進去瞧瞧
進入call 00412290,這裡:
:00412290 8B442404 mov
eax, dword ptr [esp+04] \\這個是假註冊碼
:00412294 8B4C240C mov
ecx, dword ptr [esp+0C] \\這個是數(1)
:00412298 33C1
xor eax, ecx
\\異或兩個數
:0041229A 0FAF442408 imul eax,
dword ptr [esp+08] \\然後乘數(2)
:0041229F C3
ret
\\返回到。。。下面
:004122B4 33D2
xor edx, edx
\\清空暫存器edx
:004122B6 B9BB0B0000 mov ecx,
00000BBB \\BBB放到ecx
:004122BB F7F1
div ecx
\\eax除ecx也就是除BBB,餘數放進了edx
:004122BD 83C40C
add esp, 0000000C
:004122C0 8BC2
mov eax, edx
\\餘數給eax
:004122C2 F7D8
neg eax
\\求補
:004122C4 1BC0
sbb eax, eax
\\eax-eax-cf=>eax *eax最後要等於0*
:004122C6 40
inc eax
\\加1 *這裡eax才會變成1.才滿足後面
的條件,這也就是間接要求餘數
為0*
.
.
:004124C8 85C0
test eax, eax
:004124CA 7558
jne 00412524
\\跳過去就爽了!!
* Possible StringData Ref from Data Obj ->"Don't Panic!"
|
:004124CE 6810174200 push 00421710
* Possible StringData Ref from Data Obj ->"The registration number you have
"
->"entered is
not valid. Please "
->"enter a valid
registration number."
演算法:
輸入的註冊碼轉換為數值型與E1E235D1異或再乘33C65319/BBB最後餘數為0即可
一個有效的註冊碼:3789698513
再次感謝 小球[CCG]的鼎立相助,呵呵!