《TxEdit 4.6》的註冊碼破解 (11千字)
《TxEdit 4.6》的註冊碼破解
目標:TxEdit 4.6
一個簡單易用的文字編譯器,可同時編譯多個檔案,可進行檔案查詢及替換,支援最大10兆的檔案,支
持拖放,可瀏覽Mac和UNIX的文字,可設定自己喜愛工具條,可預先設定9個最多2000字元的宏和9個常用
工具。
軟體類別:共享軟體(30天試用版)
註冊費用:$20.00
執行環境:Win95/98/NT
軟體大小:191 KB
下載網址:http://www.execpc.com/~sbd
作者:RATARICE[BCG]
工具:TRW2000 1.22
過程:
一、 執行軟體,可以輸入註冊碼(非常好!)
二、 瞎填上
User Name: RATARICE[BCG]
Organization: peNcil grOup
Registration: 999999999999
三、 啟動TRW,下bpx hmemcpy。點“OK”,被攔,下pmodule,追到下面程式碼:
:004187A8 E8836A0000 call 0041F230
----------------------->計算註冊碼
:004187AD 83C404
add esp, 00000004
:004187B0 8BE8
mov ebp, eax
:004187B2 56
push esi
:004187B3 E898430000 call 0041CB50
:004187B8 83C404
add esp, 00000004
:004187BB 3D92A71901 cmp eax,
0119A792
:004187C0 7518
jne 004187DA
* Possible StringData Ref from Data Obj ->"Gregory Braun"
|
:004187C2 686CB74200 push 0042B76C
* Reference To: KERNEL32.lstrcpyA, Ord:0296h
|
:004187C7 8B2DC4664400 mov ebp, dword
ptr [004466C4]
:004187CD 56
push esi
:004187CE FFD5
call ebp
* Possible StringData Ref from Data Obj ->"Software Design"
|
:004187D0 6854B74200 push 0042B754
:004187D5 53
push ebx
:004187D6 FFD5
call ebp
:004187D8 EB07
jmp 004187E1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004187C0(C)
|
:004187DA 3D3CCE5F0D cmp eax,
0D5FCE3C
:004187DF 750C
jne 004187ED
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004187D8(U)
|
:004187E1 53
push ebx
:004187E2 56
push esi
:004187E3 E838380000 call 0041C020
:004187E8 83C408
add esp, 00000008
:004187EB 8BE8
mov ebp, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004187DF(C)
|
:004187ED 53
push ebx
:004187EE 56
push esi
:004187EF E82C380000 call 0041C020
------------------------------>計算name和organ
:004187F4 83C408
add esp, 00000008
:004187F7 3BC5
cmp eax, ebp ------------------------------->關鍵比較
:004187F9 741E
je 00418819 -------------------------------->關鍵跳轉
不跳則死!!!
四、 追入上面的兩個CALL:
先追入004187a8,程式碼如下:
* Referenced by a CALL at Addresses:
|:004187A8 , :0041F2E5 , :004226D8 , :0042270B , :0042273D
|
:0041F230 53
push ebx
:0041F231 56
push esi
:0041F232 8B74240C mov
esi, dword ptr [esp+0C]
:0041F236 57
push edi
:0041F237 55
push ebp
:0041F238 BF01000000 mov edi,
00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F26E(U)
|
:0041F23D 393D9CE34200 cmp dword ptr
[0042E39C], edi
:0041F243 7E11
jle 0041F256
:0041F245 6A08
push 00000008
:0041F247 33C0
xor eax, eax
:0041F249 8A06
mov al, byte ptr [esi]
:0041F24B 50
push eax
:0041F24C E89FE2FFFF call 0041D4F0
:0041F251 83C408
add esp, 00000008
:0041F254 EB13
jmp 0041F269
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F243(C)
|
:0041F256 33D2
xor edx, edx
* Possible StringData Ref from Data Obj ->"
((((( "
->" H"
->""
->" "
|
:0041F258 8B0D90E14200 mov ecx, dword
ptr [0042E190]
:0041F25E 8A16
mov dl, byte ptr [esi]
:0041F260 33C0
xor eax, eax
:0041F262 668B0451 mov
ax, word ptr [ecx+2*edx]
:0041F266 83E008
and eax, 00000008
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F254(U)
|
:0041F269 85C0
test eax, eax
:0041F26B 7403
je 0041F270
:0041F26D 46
inc esi
:0041F26E EBCD
jmp 0041F23D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F26B(C)
|
:0041F270 33DB
xor ebx, ebx
:0041F272 8A1E
mov bl, byte ptr [esi]
:0041F274 46
inc esi
:0041F275 8BFB
mov edi, ebx
:0041F277 83FB2D
cmp ebx, 0000002D
:0041F27A 7405
je 0041F281
:0041F27C 83FB2B
cmp ebx, 0000002B
:0041F27F 7505
jne 0041F286
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F27A(C)
|
:0041F281 33DB
xor ebx, ebx
:0041F283 8A1E
mov bl, byte ptr [esi]
:0041F285 46
inc esi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F27F(C)
|
:0041F286 33ED
xor ebp, ebp
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F2BF(U)
|
:0041F288 833D9CE3420001 cmp dword ptr [0042E39C],
00000001
:0041F28F 7E0D
jle 0041F29E
:0041F291 6A04
push 00000004
:0041F293 53
push ebx
:0041F294 E857E2FFFF call 0041D4F0
:0041F299 83C408
add esp, 00000008
:0041F29C EB0F
jmp 0041F2AD
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F28F(C)
|
* Possible StringData Ref from Data Obj ->"
((((( "
->" H"
->""
->" "
|
:0041F29E 8B0D90E14200 mov ecx, dword
ptr [0042E190]
:0041F2A4 33C0
xor eax, eax
:0041F2A6 668B0459 mov
ax, word ptr [ecx+2*ebx] ------------
:0041F2AA 83E004
and eax, 00000004
|
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|關鍵計算
|:0041F29C(U)
|
|
:0041F2AD 85C0
test eax, eax
:0041F2AF 7410
je 0041F2C1
|
:0041F2B1 8D44AD00 lea
eax, dword ptr [ebp+4*ebp]
:0041F2B5 46
inc esi
|
:0041F2B6 8D6C43D0 lea
ebp, dword ptr [ebx+2*eax-30]
:0041F2BA 33DB
xor ebx, ebx
|
:0041F2BC 8A5EFF
mov bl, byte ptr [esi-01]
:0041F2BF EBC7
jmp 0041F288 ----------------------------
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F2AF(C)
|
:0041F2C1 8BC5
mov eax, ebp
:0041F2C3 83FF2D
cmp edi, 0000002D
:0041F2C6 7507
jne 0041F2CF
:0041F2C8 F7D8
neg eax
:0041F2CA 5D
pop ebp
:0041F2CB 5F
pop edi
:0041F2CC 5E
pop esi
:0041F2CD 5B
pop ebx
:0041F2CE C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F2C6(C)
|
:0041F2CF 5D
pop ebp
:0041F2D0 5F
pop edi
:0041F2D1 5E
pop esi
:0041F2D2 5B
pop ebx
:0041F2D3 C3
ret
在追入004187EF,程式碼如下:
* Referenced by a CALL at Addresses:
|:00412652 , :00418629 , :004187E3 , :004187EF
|
:0041C020 8B442404 mov
eax, dword ptr [esp+04]
:0041C024 56
push esi
:0041C025 8B35309B4200 mov esi, dword
ptr [00429B30]
:0041C02B 50
push eax
:0041C02C 81CE78030000 or esi, 00000378
:0041C032 E8190B0000 call 0041CB50
------------------------->計算名字
:0041C037 83C404
add esp, 00000004
:0041C03A 03F0
add esi, eax
:0041C03C 8B44240C mov
eax, dword ptr [esp+0C]
:0041C040 50
push eax
:0041C041 E80A0B0000 call 0041CB50
------------------------->計算組織
:0041C046 83C404
add esp, 00000004
:0041C049 03C6
add eax, esi
:0041C04B 5E
pop esi
:0041C04C C3
ret
發現它呼叫同一個函式,程式碼如下:(都是關鍵計算)
* Referenced by a CALL at Addresses:
|:004187B3 , :0041C032 , :0041C041
|
:0041CB50 53
push ebx
:0041CB51 56
push esi
:0041CB52 8B74240C mov
esi, dword ptr [esp+0C]
:0041CB56 57
push edi
:0041CB57 55
push ebp
:0041CB58 33FF
xor edi, edi
:0041CB5A 56
push esi
* Reference To: KERNEL32.lstrlenA, Ord:029Ch
|
:0041CB5B FF15A8654400 Call dword ptr
[004465A8]
:0041CB61 85F6
test esi, esi
:0041CB63 7432
je 0041CB97
:0041CB65 85C0
test eax, eax
:0041CB67 742E
je 0041CB97
:0041CB69 B900000000 mov ecx,
00000000
:0041CB6E 7E27
jle 0041CB97
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041CB95(C)
|
:0041CB70 0FBE9C0854DB4200 movsx ebx, byte ptr [eax+ecx+0042DB54]
:0041CB78 0FBE2C0E movsx
ebp, byte ptr [esi+ecx]
:0041CB7C 8D5101
lea edx, dword ptr [ecx+01]
:0041CB7F 0FAFDD
imul ebx, ebp
:0041CB82 0FBE898CDB4200 movsx ecx, byte ptr
[ecx+0042DB8C]
:0041CB89 0FAFD9
imul ebx, ecx
:0041CB8C 0FAFDA
imul ebx, edx
:0041CB8F 03FB
add edi, ebx
:0041CB91 8BCA
mov ecx, edx
:0041CB93 3BC2
cmp eax, edx
:0041CB95 7FD9
jg 0041CB70
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0041CB63(C), :0041CB67(C), :0041CB6E(C)
|
:0041CB97 8BC7
mov eax, edi
:0041CB99 5D
pop ebp
:0041CB9A 5F
pop edi
:0041CB9B 5E
pop esi
:0041CB9C 5B
pop ebx
:0041CB9D C3
ret
五、 由於本人能力有限,不能寫出序號產生器,還請大客們指教呀!它好象有一個對照表。
總結:
User Name:RATARICE[BCG]
Organization:peNcil grOup
Registration:4105493258
相關文章
- IconToy 3.1 註冊碼快速破解 (11千字)2001-03-02
- winimp1.11註冊碼破解 (2千字)2000-07-16
- Vopt99 v4.31的註冊碼破解 (11千字)2000-09-28
- Regediter 1.3 破解(得到註冊碼) (9千字)2002-01-23
- BabyGame 破解方法及註冊碼錶 (1千字)2001-07-04GAM
- SMailserver2.5註冊碼的破解手記 (1千字)2001-03-01AIServer
- 一種非明碼比較程式的註冊------NS-SHAFT註冊碼破解 (9千字)2015-11-15
- 《chm幫助編輯器V2.61》註冊碼破解心得: (11千字)2001-02-17
- 《ICONSCAN 2.4》註冊碼破解 高手莫入! (3千字)2001-05-06
- 《MAGICWIN RELEASE 1.2》註冊碼破解 高手莫入! (2千字)2001-05-07
- Kugle Regediter 1.0 註冊碼破解法(非明碼) (8千字)2001-11-03
- 《WinImage v5.00.5007 註冊碼破解》 (7千字)2001-05-10
- 《EASY MP3 2.2》的註冊碼破解 高手莫入! (2千字)2001-05-05
- 盲打之友V2.5破解(包括註冊演算法) (11千字)2001-10-29演算法
- 『凌雲郵神』 註冊碼破解 (非明碼比較的哦 ^_^) (6千字)2001-11-05
- Diskbase 5.11的破解和註冊演算法(俺是新手) (18千字)2001-05-21演算法
- 財智證券結算軟體2.5 破解註冊碼分析!使用ollydbg 破解註冊動畫!高手莫入! (1千字)2001-11-20動畫
- 如何破解《彩票快車黃金版》註冊碼 (1千字)2001-04-21
- 豪傑大眼睛共享版註冊碼破解 (1千字)2001-07-08
- 《OFFLINE EXPLORER 1.0》的註冊碼破解 高手莫入!! (2千字)2001-05-18
- 交一篇作業---破解Hedit 2.0的註冊碼 (7千字)2001-09-30
- Pycharm安裝破解 註冊碼2017-06-25PyCharm
- 開心鬥地主1.6標準版 註冊碼破解 (4千字)2001-04-25
- 如何破解Cool ASCII Art Maker V1.21註冊碼 (2千字)2001-05-03ASCII
- 猜數記---BCWIPE註冊半破解 (25千字)2001-04-02
- 破解HappyEO電子琴203版的註冊碼。 (7千字)2001-09-28APP
- chm幫助編輯器v2.6 註冊碼破解詳談之二*解碼篇* (11千字)2001-02-04
- 破解<<生日字典密碼生成器 v3.7 password>> 的註冊碼 (4千字)2001-10-21密碼
- 檔案密使2.6註冊碼分析詳解 (11千字)2001-11-30
- 某穿牆輔助的註冊碼破解2018-03-10
- Flash ActionScript Tool 的註冊碼! (22千字)2001-05-04
- 轉貼 Ronnier 的 AcqURL 5.1 註冊黑名單的破解 (7千字)2001-05-14
- CuteFTP最新版V4.2.4 線上註冊的破解 (10千字)2001-09-27FTP
- 註冊碼演算法 (2千字)2001-01-14演算法
- 某電子書註冊破解實錄,高手莫入。 (6千字)2002-10-05
- 黑馬課表管理系統2.6註冊破解 (1千字)2002-01-12
- vTuner Plus 3.0 線上註冊的破解方法一:爆破篇 (7千字)2002-06-16
- Navicat for MySQL 11註冊碼\啟用碼2019-02-11MySql