萬能五筆的破解 (6千字)
萬能五筆的破解:
下載:http://www.tt98.net.cn/wnwb.htm
輸入註冊資訊並下斷點後來這裡:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048CB8D(C)
|
:0048CB74 8B15346D4900 mov edx, dword
ptr [00496D34]
:0048CB7A 0FBFC1
movsx eax, cx
:0048CB7D 8A1402
mov dl, byte ptr [edx+eax]
:0048CB80 80FA3F
cmp dl, 3F
:0048CB83 7406
je 0048CB8B
:0048CB85 3854041C cmp
byte ptr [esp+eax+1C], dl//在這裡比較註冊碼前四個字元是不是"tt98"
:0048CB89 7504
jne 0048CB8F
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048CBEE(C)
|
:0048CBCF A1BC6C4900 mov eax,
dword ptr [00496CBC]
:0048CBD4 0FBFFE
movsx edi, si
:0048CBD7 8A0438
mov al, byte ptr [eax+edi]
:0048CBDA 3C3F
cmp al, 3F
:0048CBDC 740B
je 0048CBE9
:0048CBDE 0FBFD9
movsx ebx, cx
:0048CBE1 03DF
add ebx, edi
:0048CBE3 38441C1C cmp
byte ptr [esp+ebx+1C], al//在這裡比較註冊碼後四個字元是不是"0615"
:0048CBE7 7507
jne 0048CBF0
:0048CC76 668B3D2E6D4900 mov di, word ptr
[00496D2E]
:0048CC7D 8B15B06C4900 mov edx, dword
ptr [00496CB0]//6364
:0048CC83 66C1EF08 shr
di, 08
:0048CC87 668B0D2E6D4900 mov cx, word ptr
[00496D2E]
:0048CC8E 6681E1FF00 and cx,
00FF
:0048CC93 E8F8FAFFFF call 0048C790//關鍵計算被呼叫2次
:0048CC98 03F0
add esi, eax
:0048CC9A 6685FF
test di, di
:0048CC9D 750A
jne 0048CCA9
:0048CC9F 8B15B46C4900 mov edx, dword
ptr [00496CB4]
:0048CCA5 8BCF
mov ecx, edi
:0048CCA7 EB0B
jmp 0048CCB4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048CC9D(C)
|
:0048CCA9 668BCF
mov cx, di
:0048CCAC 8B15B46C4900 mov edx, dword
ptr [00496CB4]
:0048CCB2 6641
inc cx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048CCA7(U)
|
:0048CCB4 E8D7FAFFFF call 0048C790//再計算一次
:0048CCB9 8BC8
mov ecx, eax
:0048CCBB 85C9
test ecx, ecx
:0048CCBD 7507
jne 0048CCC6
:0048CCBF BDFBFFFFFF mov ebp,
FFFFFFFB
:0048CCC4 EB36
jmp 0048CCFC
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048CCBD(C)
|
:0048CCC6 8BC6
mov eax, esi
:0048CCC8 99
cdq
:0048CCC9 F7F9
idiv ecx
:0048CCCB 8BEA
mov ebp, edx
:0048CCCD EB2D
jmp 0048CCFC
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048CC74(C)
|
:0048CCCF 66833D286D490002 cmp word ptr [00496D28],
0002
:0048CCD7 7523
jne 0048CCFC
:0048CCD9 668B152E6D4900 mov dx, word ptr
[00496D2E]
:0048CCE0 A1B46C4900 mov eax,
dword ptr [00496CB4]
:0048CCE5 50
push eax
:0048CCE6 8B0DB06C4900 mov ecx, dword
ptr [00496CB0]
:0048CCEC 51
push ecx
:0048CCED 8B0DC46A4900 mov ecx, dword
ptr [00496AC4]
:0048CCF3 E828FBFFFF call 0048C820
:0048CCF8 8BE8
mov ebp, eax//? eax正確的數字
:0048CCFA 2BEE
sub ebp, esi//? esi假數字
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0048CCC4(U), :0048CCCD(U), :0048CCD7(C)
|
:0048CCFC 85ED
test ebp, ebp
:0048CCFE 7429
je 0048CD29//if jump good boy:>
核心計算一共被呼叫2次,看看
:0048C790 53
push ebx
:0048C791 56
push esi
:0048C792 668BD9
mov bx, cx
:0048C795 57
push edi
:0048C796 55
push ebp
:0048C797 8BF2
mov esi, edx
:0048C799 85F6
test esi, esi
:0048C79B 7475
je 0048C812
:0048C79D 803E00
cmp byte ptr [esi], 00
:0048C7A0 7470
je 0048C812
:0048C7A2 8BFE
mov edi, esi
:0048C7A4 B9FFFFFFFF mov ecx,
FFFFFFFF
:0048C7A9 2BC0
sub eax, eax
:0048C7AB F2
repnz
:0048C7AC AE
scasb
:0048C7AD F7D1
not ecx
:0048C7AF 49
dec ecx//strlen(name)
:0048C7B0 6685DB
test bx, bx
:0048C7B3 7444
je 0048C7F9
:0048C7B5 6683FB01 cmp
bx, 0001
:0048C7B9 743E
je 0048C7F9
:0048C7BB 0FB7FB
movzx edi, bx
:0048C7BE 8BC7
mov eax, edi//eax=0x63
:0048C7C0 99
cdq
:0048C7C1 F7F9
idiv ecx
:0048C7C3 0FBE0416 movsx
eax, byte ptr [esi+edx]
:0048C7C7 0FAFC2
imul eax, edx
:0048C7CA 0FAFC7
imul eax, edi
:0048C7CD 03C1
add eax, ecx
:0048C7CF 33D2
xor edx, edx
:0048C7D1 85C9
test ecx, ecx
:0048C7D3 7E19
jle 0048C7EE
:0048C7D5 8BD9
mov ebx, ecx
:0048C7D7 2BDF
sub ebx, edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048C7EC(C)
|
:0048C7D9 0FBE3C16 movsx
edi, byte ptr [esi+edx]
:0048C7DD 8BEB
mov ebp, ebx
:0048C7DF 2BEA
sub ebp, edx
:0048C7E1 42
inc edx
:0048C7E2 83C56F
add ebp, 0000006F
:0048C7E5 0FAFFD
imul edi, ebp
:0048C7E8 03C7
add eax, edi
:0048C7EA 3BCA
cmp ecx, edx
:0048C7EC 7FEB
jg 0048C7D9
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048C7D3(C)
|
:0048C7EE 85C0
test eax, eax
:0048C7F0 7D25
jge 0048C817
:0048C7F2 F7D8
neg eax
:0048C7F4 5D
pop ebp
:0048C7F5 5F
pop edi
:0048C7F6 5E
pop esi
:0048C7F7 5B
pop ebx
:0048C7F8 C3
ret
序號產生器如下:
#include<stdio.h>
main()
{char name[60];long n,EAX,ESI,EDI,i;
printf("your name:");
gets(name);
n=0X63%strlen(name);
EAX=name[n]*n*0X63+strlen(name);
i=0;
do {
EDI=(strlen(name)-0X63+0X4-
|
|
| 登入後即可評論 |
相關文章
- 萬能五筆2000a+破解《作者:BanhouseMaster》 (3千字)AST
- 萬能五筆2001註冊碼分析及暴力破解 ---可憐的思考者 (27千字)
- 分析破解數字五筆3.0 (2千字)
- 萬能五筆2002分析筆記!筆記
- 智慧五筆 v5.0版的破解文章, (4千字)
- 我的破解心得(6) (3千字)
- 第二個CrackMe的破解 (6千字)
- 暴力破解3 (6千字)
- Registry Crawler 4.0.0.3破解 (6千字)
- WIN10裝了萬能五筆無法使用怎麼辦 WIN10裝了萬能五筆不能使用解決方法Win10
- duelist crackme 2 破解(上) (6千字)
- flashsoft得簡單破解 (6千字)
- 破解OICQ的密碼演算法 (6千字)密碼演算法
- Teleport Pro破解實戰錄 (6千字)
- 申請加入BCG的破解文章之一 (6千字)
- ollydbg破解教學之--------萬能斷點篇斷點
- I am Back :) 貼個安裝程式的破解 (6千字)
- 有誰能名將它完全破解了 (5千字)
- DISKdata v3.2.0之暴力破解 (6千字)
- 使用loader方式破解 arm 1.01 (6千字)
- 破解Advanced Find and Replace V1.2.2 (6千字)
- winxp總管破解筆記(一) (8千字)筆記
- 破解一個CCG的軟體,改半位元組! (6千字)
- 破解YATS32 v8.1 build 6 (2千字)S3UI
- 有聲有色 v3.16破解教程 (6千字)
- image optimizer v3.0之暴力破解 (6千字)
- 網咖管理專家9.5破解手記 (6千字)
- 音樂賀卡廠4.10破解過程 (6千字)
- 蒙泰5.0加密狗破解過程 (6千字)加密
- 破解實錄(六)之 1toX 1.63 (6千字)
- 菜鳥破解錄(10)之 A Day in the Life 1.51 (6千字)
- 菜鳥破解錄 JPEG Optimizer3.15 (6千字)
- 五筆打字練習軟體 (11千字)
- TDMD軟體狗破解方法(帶狗殺狗) (6千字)
- 美萍反黃專家 版本3.2破解實錄 (6千字)
- Audio Compositor v4.4破解手記 (6千字)
- ClassExplorer的破解 (13千字)
- 某電子書註冊破解實錄,高手莫入。 (6千字)