破解心得之eXeScope篇 (9千字)
破解心得之eXeScope篇
作者:時空幻影
時間:2001年6月26日
使用工具:Fileinfo v2.43、W32DSM白金版漢化版、TRW2000 v1.22
由於這個軟體沒有加殼,因此破解相對容易一些,且註冊演算法也不復雜,很適合初學者破解。
先執行TRW2000,然後執行該軟體,填好Your Name和ID後,按Ctrl+N啟用TRW2000,然後鍵入"BPX HMEMCPY",
按F5跳回程式,然後點OK就會被攔下,再鍵入"pmodule",繼續按F10。
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A7BAA(C)
|
:004A7BBE 8D55F0
lea edx, dword ptr [ebp-10]
:004A7BC1 8B45FC
mov eax, dword ptr [ebp-04]
:004A7BC4 8B80D0020000 mov eax, dword
ptr [eax+000002D0]
:004A7BCA E885B7F8FF call 00433354
:004A7BCF 8B55F0
mov edx, dword ptr [ebp-10] <--經過幾個RET以後來到這裡
:004A7BD2 A1B8594B00 mov eax,
dword ptr [004B59B8]
:004A7BD7 E830C0F5FF call 00403C0C
:004A7BDC 8D55EC
lea edx, dword ptr [ebp-14]
:004A7BDF 8B45FC
mov eax, dword ptr [ebp-04]
:004A7BE2 8B80D4020000 mov eax, dword
ptr [eax+000002D4]
:004A7BE8 E867B7F8FF call 00433354
:004A7BED 8B55EC
mov edx, dword ptr [ebp-14]
:004A7BF0 A134594B00 mov eax,
dword ptr [004B5934]
:004A7BF5 E812C0F5FF call 00403C0C
:004A7BFA 8B1534594B00 mov edx, dword
ptr [004B5934]
:004A7C00 8B12
mov edx, dword ptr [edx]
:004A7C02 A174574B00 mov eax,
dword ptr [004B5774]
:004A7C07 8B00
mov eax, dword ptr [eax]
:004A7C09 E8DA8D0000 call 004B09E8
<--核心CALL,按F8進入
:004A7C0E 84C0
test al, al
:004A7C10 0F8498000000 je 004A7CAE
<--一定不能跳轉
:004A7C16 A1B8594B00 mov eax,
dword ptr [004B59B8]
:004A7C1B 8B00
mov eax, dword ptr [eax]
:004A7C1D E816C2F5FF call 00403E38
:004A7C22 85C0
test eax, eax
:004A7C24 0F8E84000000 jle 004A7CAE
<--一定不能跳轉
:004A7C2A 8D55E4
lea edx, dword ptr [ebp-1C]
:004A7C2D A1C4594B00 mov eax,
dword ptr [004B59C4]
:004A7C32 8B00
mov eax, dword ptr [eax]
:004A7C34 E82F9BFAFF call 00451768
:004A7C39 8B45E4
mov eax, dword ptr [ebp-1C]
:004A7C3C 8D4DE8
lea ecx, dword ptr [ebp-18]
* Possible StringData Ref from Code Obj ->".ini"
|
:004A7C3F BA0C7D4A00 mov edx,
004A7D0C
:004A7C44 E8F319F6FF call 0040963C
:004A7C49 8B4DE8
mov ecx, dword ptr [ebp-18]
:004A7C4C B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"XuG"
|
:004A7C4E A1906E4700 mov eax,
dword ptr [00476E90]
:004A7C53 E8E0F2FCFF call 00476F38
:004A7C58 8945F8
mov dword ptr [ebp-08], eax
:004A7C5B A1B8594B00 mov eax,
dword ptr [004B59B8]
:004A7C60 8B00
mov eax, dword ptr [eax]
:004A7C62 50
push eax
* Possible StringData Ref from Code Obj ->"Name"
|
:004A7C63 B91C7D4A00 mov ecx,
004A7D1C
* Possible StringData Ref from Code Obj ->"Reg"
|
:004A7C68 BA2C7D4A00 mov edx,
004A7D2C
:004A7C6D 8B45F8
mov eax, dword ptr [ebp-08]
:004A7C70 8B18
mov ebx, dword ptr [eax]
:004A7C72 FF5304
call [ebx+04]
:004A7C75 A134594B00 mov eax,
dword ptr [004B5934]
:004A7C7A 8B00
mov eax, dword ptr [eax]
:004A7C7C 50
push eax
* Possible StringData Ref from Code Obj ->"Reg"
|
:004A7C7D BA2C7D4A00 mov edx,
004A7D2C
:004A7C82 B9387D4A00 mov ecx,
004A7D38
:004A7C87 8B45F8
mov eax, dword ptr [ebp-08]
:004A7C8A 8B18
mov ebx, dword ptr [eax]
:004A7C8C FF5304
call [ebx+04]
:004A7C8F 8B45F8
mov eax, dword ptr [ebp-08]
:004A7C92 E83DB2F5FF call 00402ED4
:004A7C97 A17C574B00 mov eax,
dword ptr [004B577C]
:004A7C9C C60001
mov byte ptr [eax], 01
:004A7C9F 8B45FC
mov eax, dword ptr [ebp-04]
:004A7CA2 C7803402000001000000 mov dword ptr [ebx+00000234], 00000001
:004A7CAC EB20
jmp 004A7CCE
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004A7C10(C), :004A7C24(C)
|
:004A7CAE 6A00
push 00000000
:004A7CB0 8D55E0
lea edx, dword ptr [ebp-20]
* Possible StringData Ref from Code Obj ->"Invalid ID or Name;o^IDO"
<--錯誤資訊對話方塊
|
:004A7CB3 B8447D4A00 mov eax,
004A7D44
:004A7CB8 E8D79D0000 call 004B1A94
:004A7CBD 8B45E0
mov eax, dword ptr [ebp-20]
:004A7CC0 668B0D747D4A00 mov cx, word ptr
[004A7D74]
:004A7CC7 B201
mov dl, 01
:004A7CC9 E88E01FBFF call 00457E5C
在上面的核心CALL按F8進入後會來到如下地方:
* Referenced by a CALL at Addresses:
|:004A7C09 , :004B088C
|
:004B09E8 55
push ebp
:004B09E9 8BEC
mov ebp, esp
:004B09EB 83C4F0
add esp, FFFFFFF0
:004B09EE 8955F8
mov dword ptr [ebp-08], edx
:004B09F1 8945FC
mov dword ptr [ebp-04], eax
:004B09F4 8B45F8
mov eax, dword ptr [ebp-08]
:004B09F7 E8F035F5FF call 00403FEC
:004B09FC 33C0
xor eax, eax
:004B09FE 55
push ebp
:004B09FF 689F0A4B00 push 004B0A9F
:004B0A04 64FF30
push dword ptr fs:[eax]
:004B0A07 648920
mov dword ptr fs:[eax], esp
:004B0A0A C645F700 mov
[ebp-09], 00
:004B0A0E 8B45F8
mov eax, dword ptr [ebp-08]
:004B0A11 E82234F5FF call 00403E38
<--求ID長度
:004B0A16 83F80A
cmp eax, 0000000A <--判斷ID的長度是否等於10
:004B0A19 756E
jne 004B0A89 <--不等的話跳轉,一定不能跳轉
:004B0A1B 8B55F8
mov edx, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"A1910"
|
:004B0A1E B8B80A4B00 mov eax,
004B0AB8 <--[004B0AB8]為"A1910"
:004B0A23 E8FC36F5FF call 00404124
<--判斷ID的前五個字元是否為"A1910"
:004B0A28 48
dec eax
:004B0A29 7410
je 004B0A3B
:004B0A2B 8B55F8
mov edx, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"A1423"
|
:004B0A2E B8C80A4B00 mov eax,
004B0AC8 <--[004B0AC8]為"A1423"
:004B0A33 E8EC36F5FF call 00404124
<--判斷ID的前五個字元是否為"A1423"
:004B0A38 48
dec eax
:004B0A39 754E
jne 004B0A89 <--這個一定不能跳轉
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B0A29(C)
|
:004B0A3B C745F002000000 mov [ebp-10], 00000002
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B0A65(C)
|
:004B0A42 8B45F8
mov eax, dword ptr [ebp-08]
:004B0A45 8B55F0
mov edx, dword ptr [ebp-10]
:004B0A48 8A4410FF mov
al, byte ptr [eax+edx-01]
:004B0A4C 3C30
cmp al, 30
:004B0A4E 7239
jb 004B0A89
:004B0A50 8B45F8
mov eax, dword ptr [ebp-08]
:004B0A53 8B55F0
mov edx, dword ptr [ebp-10]
:004B0A56 8A4410FF mov
al, byte ptr [eax+edx-01]
:004B0A5A 3C39
cmp al, 39
:004B0A5C 772B
ja 004B0A89
:004B0A5E FF45F0
inc [ebp-10]
:004B0A61 837DF00B cmp
dword ptr [ebp-10], 0000000B
:004B0A65 75DB
jne 004B0A42
:004B0A67 8B45F8
mov eax, dword ptr [ebp-08]
:004B0A6A 0FB64008 movzx
eax, byte ptr [eax+08] <--輸入的ID的倒數第二個字元的ASCII碼送入EAX
:004B0A6E 8B55F8
mov edx, dword ptr [ebp-08]
:004B0A71 0FB65209 movzx
edx, byte ptr [edx+09] <--輸入的ID的倒數最後一個字元的ASCII碼送入EDX
:004B0A75 03C2
add eax, edx
:004B0A77 B90A000000 mov ecx,
0000000A
:004B0A7C 33D2
xor edx, edx
:004B0A7E F7F1
div ecx <--EAX除以10
:004B0A80 83FA04
cmp edx, 00000004 <--比較餘數是否等於4
:004B0A83 7504
jne 004B0A89 <--不等於4的話則跳轉,一定不能跳轉
:004B0A85 C645F701 mov
[ebp-09], 01
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004B0A19(C), :004B0A39(C), :004B0A4E(C), :004B0A5C(C), :004B0A83(C)
|
:004B0A89 33C0
xor eax, eax
:004B0A8B 5A
pop edx
:004B0A8C 59
pop ecx
:004B0A8D 59
pop ecx
:004B0A8E 648910
mov dword ptr fs:[eax], edx
:004B0A91 68A60A4B00 push 004B0AA6
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B0AA4(U)
|
:004B0A96 8D45F8
lea eax, dword ptr [ebp-08]
:004B0A99 E81A31F5FF call 00403BB8
:004B0A9E C3
ret
現在我們知道了註冊碼的形式為A1910xxxxx或A1423xxxxx,其中第6、7、8個字元為任意字元,而第9、10個字元的ASCII
碼的和的個位數為4就可以正確的註冊了!!!
相關文章
- eXeScope中文版怎麼啟用?eXeScope安裝啟用使用圖文教程2022-05-16
- 2024/9/10學習心得2024-09-10
- Linux安全-攻擊篇-密碼破解之Hydra工具2020-08-10Linux密碼
- K專案的一些心得之專案管理篇2021-05-05專案管理
- treejs 記錄心得--開篇2020-09-23JS
- 關於WiFi密碼破解的一些心得2020-04-05WiFi密碼
- 被虐心得:《黑暗之魂》9個出色的遊戲設計經驗2019-06-10遊戲設計
- Threes.js入門篇之9 - 全景圖2018-03-14JS
- WaveMetrics Igor Pro 9 破解下載「WaveMetrics Igor Pro 9 金鑰」2023-11-07Go
- RabbitMQ學習心得體會之Exchange2024-10-08MQ
- 最新版Axure RP 9原型設計工具 附 Axure RP 9破解啟用教程2024-01-03原型
- 手動破解之010Editor2024-07-12
- Three.js進階篇之9 - 紋理對映和UV對映2018-03-15JS
- 9年之後2024-03-13
- burpsuite暴力破解之四種方式2020-12-24UI
- 千字分享|自然語言分析NLA2022-05-30
- MySQL 5.7 學習心得之安全相關特性2021-09-09MySql
- 7 年 700 篇技術文章,收穫的 7 個心得2019-03-04
- 魔法塔之謎(9)2021-01-04
- 暴肝兩萬五千字助你通關Servlet2022-03-01Servlet
- 前端日拱一卒D9——ES6筆記之基礎篇2018-08-01前端筆記
- 破解神秘程式碼“3582-490”之謎2021-04-09
- Navicat Premium for Mac v12.0.22.0 破解版,完全免費啟用方法之完美破解2019-04-02REMMac
- 攻擊JavaWeb應用————9、後門篇2018-05-18JavaWeb
- 攻擊JavaWeb應用[9]-Server篇[2]2020-08-19JavaWebServer
- 學習心得之華為數字化轉型框架2022-06-13框架
- 三千字介紹Redis主從+哨兵+叢集2021-09-30Redis
- 《科學》:破解AD神經元死亡之謎!2024-02-20
- 《自然》:破解癌細胞愛“啃”椎骨之謎!2023-11-30
- 《自然》:破解女性更易腹痛和焦慮之迷!2023-04-25
- 休假心得2020-11-09
- Kotlin之UI篇2018-09-01KotlinUI
- JavaScript之開篇2020-10-26JavaScript
- JavaScript之物件篇2021-09-25JavaScript物件
- webpack4.0各個擊破(9)—— karma篇2018-09-03Web
- PHP DIY 系列------框架篇:9. 設計模式2020-02-25PHP框架設計模式
- 9、Ktor學習-部署之容器;2019-03-07
- [electron]終極奧義 五千字教程丟給你2018-09-18
- 三千字講清TypeScript與React的實戰技巧2019-07-26TypeScriptReact