破文一篇:易經八卦占卜程式7.0的破解(高手莫入) (8千字)
★易經八卦占卜程式7.0的破解★
共享軟體,註冊費用RMB18(什麼,就這破軟體也要註冊費18元,我倒!),未註冊版無法列印占卜的內容,也無法根據公曆日期換算到農曆日期。
廢話少說,先隨便亂填一氣,蹦出對話方塊“對不起,使用者名稱和註冊碼不匹配。註冊失敗!”。
用W32Dasm反彙編後,查詢該字串,向上看去,來到
:0040905E E8E589FFFF call 00401A48
<--關鍵Call,要跟進
:00409063 84C0
test al, al <--al為標誌暫存器
:00409065 742A
je 00409091 <--跳,則去死
:00409067 6A40
push 00000040
* Possible StringData Ref from Data Obj ->"提示"
|
:00409069 B9B0585200 mov ecx,
005258B0
* Possible StringData Ref from Data Obj ->"恭喜!
註冊成功!"
|
:0040906E BA9E585200 mov edx,
0052589E
:00409073 A104075300 mov eax,
dword ptr [00530704]
:00409078 8B00
mov eax, dword ptr [eax]
:0040907A E8196C1100 call 0051FC98
:0040907F 8B45D0
mov eax, dword ptr [ebp-30]
:00409082 E831000000 call 004090B8
:00409087 8B45D0
mov eax, dword ptr [ebp-30]
:0040908A E8CD010000 call 0040925C
:0040908F EB18
jmp 004090A9
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409065(C)
|
:00409091 6A10
push 00000010
* Possible StringData Ref from Data Obj ->"錯誤"
|
:00409093 B9DF585200 mov ecx,
005258DF
* Possible StringData Ref from Data Obj ->"對不起,使用者名稱和註冊碼不匹配。
註冊失敗!"
|
:00409098 BAB5585200 mov edx,
005258B5
:0040909D A104075300 mov eax,
dword ptr [00530704]
:004090A2 8B00
mov eax, dword ptr [eax]
:004090A4 E8EF6B1100 call 0051FC98
-------------------------------------------------------------------------------------
* Referenced by a CALL at Addresses:
|:004040C2 , :0040905E
|
:00401A48 55
push ebp
:00401A49 8BEC
mov ebp, esp
:00401A4B 83C4B8
add esp, FFFFFFB8
:00401A4E 53
push ebx
:00401A4F 8955F8
mov dword ptr [ebp-08], edx
:00401A52 8945FC
mov dword ptr [ebp-04], eax
:00401A55 B8682E5200 mov eax,
00522E68
:00401A5A E8B5431100 call 00515E14
:00401A5F C745E802000000 mov [ebp-18], 00000002
:00401A66 8D55FC
lea edx, dword ptr [ebp-04]
:00401A69 8D45FC
lea eax, dword ptr [ebp-04]
:00401A6C E813E31100 call 0051FD84
:00401A71 FF45E8
inc [ebp-18]
:00401A74 66C745DC0800 mov [ebp-24],
0008
:00401A7A 8D55F8
lea edx, dword ptr [ebp-08]
:00401A7D 8D45F8
lea eax, dword ptr [ebp-08]
:00401A80 E8FFE21100 call 0051FD84
.......................................省略一大段......................................
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401B03(C)
|
:00401B38 8D45FC
lea eax, dword ptr [ebp-04]
:00401B3B E868010000 call 00401CA8
<--eax返回使用者名稱的長度
:00401B40 8BD8
mov ebx, eax
<--ebx=eax
:00401B42 8D45F8
lea eax, dword ptr [ebp-08]
:00401B45 E85E010000 call 00401CA8
<--eax返回序列號的長度
:00401B4A 3BD8
cmp ebx, eax
<--比較二者是否相等
:00401B4C 7433
je 00401B81
<--不相等,則去死
:00401B4E 33C0
xor eax, eax
:00401B50 50
push eax
:00401B51 FF4DE8
dec [ebp-18]
:00401B54 8D45F8
lea eax, dword ptr [ebp-08]
:00401B57 BA02000000 mov edx,
00000002
:00401B5C E84BE31100 call 0051FEAC
:00401B61 FF4DE8
dec [ebp-18]
:00401B64 8D45FC
lea eax, dword ptr [ebp-04]
:00401B67 BA02000000 mov edx,
00000002
:00401B6C E83BE31100 call 0051FEAC
:00401B71 58
pop eax
:00401B72 8B55CC
mov edx, dword ptr [ebp-34]
:00401B75 64891500000000 mov dword ptr fs:[00000000],
edx
:00401B7C E920010000 jmp 00401CA1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401B4C(C)
|
:00401B81 8D45F8
lea eax, dword ptr [ebp-08]
:00401B84 E81F010000 call 00401CA8
:00401B89 8945BC
mov dword ptr [ebp-44], eax
:00401B8C 8B55BC
mov edx, dword ptr [ebp-44]
:00401B8F 42
inc edx
:00401B90 52
push edx
:00401B91 E816341100 call 00514FAC
:00401B96 59
pop ecx
:00401B97 8945C8
mov dword ptr [ebp-38], eax
:00401B9A 8B4DBC
mov ecx, dword ptr [ebp-44]
:00401B9D 41
inc ecx
:00401B9E 51
push ecx
:00401B9F E808341100 call 00514FAC
:00401BA4 59
pop ecx
:00401BA5 8945C4
mov dword ptr [ebp-3C], eax
:00401BA8 8B55FC
mov edx, dword ptr [ebp-04]
:00401BAB 8B45C8
mov eax, dword ptr [ebp-38]
:00401BAE E8A5771000 call 00509358
:00401BB3 8B55F8
mov edx, dword ptr [ebp-08]
:00401BB6 8B45C4
mov eax, dword ptr [ebp-3C]
:00401BB9 E89A771000 call 00509358
:00401BBE 33C9
xor ecx, ecx
:00401BC0 894DC0
mov dword ptr [ebp-40], ecx
:00401BC3 8B45C0
mov eax, dword ptr [ebp-40]
:00401BC6 8B55BC
mov edx, dword ptr [ebp-44]
:00401BC9 3BC2
cmp eax, edx
:00401BCB 7D64
jge 00401C31
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401C2F(C)
|
:00401BCD 8B4DC8
mov ecx, dword ptr [ebp-38] <--開始迴圈
:00401BD0 8B45C0
mov eax, dword ptr [ebp-40]
:00401BD3 8A1401
mov dl, byte ptr [ecx+eax]
:00401BD6 8855BB
mov byte ptr [ebp-45], dl
:00401BD9 0FBE4DBB movsx
ecx, byte ptr [ebp-45]
:00401BDD 0FBE45BB movsx
eax, byte ptr [ebp-45]
:00401BE1 0FAFC8
imul ecx, eax
:00401BE4 0FBE55BB movsx
edx, byte ptr [ebp-45]
:00401BE8 0FAFCA
imul ecx, edx
:00401BEB 8B45C0
mov eax, dword ptr [ebp-40]
:00401BEE 40
inc eax
:00401BEF 8B55C0
mov edx, dword ptr [ebp-40]
:00401BF2 42
inc edx
:00401BF3 F7EA
imul edx
:00401BF5 2BC8
sub ecx, eax
:00401BF7 8B45C0
mov eax, dword ptr [ebp-40]
:00401BFA 40
inc eax
:00401BFB 0FBE55BB movsx
edx, byte ptr [ebp-45]
:00401BFF F7EA
imul edx
:00401C01 2BC8
sub ecx, eax
:00401C03 51
push ecx
:00401C04 E8C3000000 call 00401CCC
:00401C09 59
pop ecx
:00401C0A B94B000000 mov ecx,
0000004B
:00401C0F 99
cdq
:00401C10 F7F9
idiv ecx
:00401C12 80C230
add dl, 30
:00401C15 8855BA
mov byte ptr [ebp-46], dl <--dl為正確的註冊碼
:00401C18 8B45C8
mov eax, dword ptr [ebp-38]
:00401C1B 8B55C0
mov edx, dword ptr [ebp-40]
:00401C1E 8A4DBA
mov cl, byte ptr [ebp-46] <--cl=dl
:00401C21 880C10
mov byte ptr [eax+edx], cl <--相應註冊碼存入使用者名稱的地址中
:00401C24 FF45C0
inc [ebp-40]
:00401C27 8B45C0
mov eax, dword ptr [ebp-40]
:00401C2A 8B55BC
mov edx, dword ptr [ebp-44]
:00401C2D 3BC2
cmp eax, edx
:00401C2F 7C9C
jl 00401BCD
<--返回迴圈開始處
AirHolder
2001.8.31.
相關文章
- 我的第2篇破文 高手莫入!! (3千字)2001-11-11
- 破文三,高手莫入,非常簡單 (2千字)2001-08-01
- 我的第一篇破文easyoffice 2001 高手莫入!! (1千字)2001-11-04
- 易經八卦彩票占卜程式.V6.3暴力及註冊碼破解,by冷雨飄心[BCG]出品
(5千字)2001-04-23
- crackme破解教程(續) (高手莫入) (2千字)2001-03-17
- 《ICONSCAN 2.4》註冊碼破解 高手莫入! (3千字)2001-05-06
- 《MAGICWIN RELEASE 1.2》註冊碼破解 高手莫入! (2千字)2001-05-07
- 最近很忙,剛寫了一篇Uedit32 8.0破解過程(高手莫入)! (12千字)2001-05-07
- 《EASY MP3 2.2》的註冊碼破解 高手莫入! (2千字)2001-05-05
- 某電子書註冊破解實錄,高手莫入。 (6千字)2002-10-05
- 再貼:軟體管理專家(Flashsoft) 1.05的破解(高手莫入)
(3千字)2001-04-22
- 《OFFLINE EXPLORER 1.0》的註冊碼破解 高手莫入!! (2千字)2001-05-18
- 破解WorkgroupMail 的30天的時間限制(FCG作業)---高手莫入! (10千字)2015-11-15AI
- 用DeDe破解------Ativa Pro v3.18 的破文 (8千字)2001-08-29
- 破解環球商務資訊釋出系統2.0中文版----------->高手莫入 (5千字)2001-06-10
- 簡單破解:電子郵件地址搜尋器------->高手莫入 (4千字)2001-06-19
- 我的第一篇破文,獻給看學學院! 高手免進! (2千字)2002-06-29
- 我的第一篇破文,獻給看學學院的!^_^高手免進! (10千字)2015-11-15
- 爆解windows程式管理大師!V3.0.1(高手莫入) (6千字)2015-11-15Windows
- Java 程式的破解方法 (8千字)2002-08-15Java
- 兩種破解 花貓時間精靈 v1.0 功能限制的方法,本人獻給破解初學者的第一篇破文!高手請匆入內~~
(24千字)2001-10-26
- 財智證券結算軟體2.5 破解註冊碼分析!使用ollydbg 破解註冊動畫!高手莫入! (1千字)2001-11-20動畫
- 破解ThumNailer v7.0 (3千字)2001-08-07AI
- 桌面鋼筆v2.0破解過程,入門級,高手莫入。2015-11-15
- 使用KERNEL32.DLL破解???(譯文)
(8千字)2000-08-29
- 再貼一篇cd-chcek破解譯文 (4千字)2000-08-27
- 我寫的一個記憶體補丁,很基本。。高手莫入。。
(5千字)2015-11-15記憶體
- winzip self-extractor2.1最新版註冊碼找法,僅供剛學破解者,高手莫入。
(1千字)2000-08-06
- 破traceboy2.0 高手勿看! (9千字)2001-01-29
- 一個遊戲的破解,SolSuite 2002。破文處女篇 (3千字)2002-03-26遊戲UI
- 用keymake制序號產生器實戰~高手莫入~~ (1千字)2001-09-30
- HEdit 2.0 的註冊破解過程 <<-------可能過時了高手末入
(8千字)2001-02-23
- 我的第3篇破文 cr--CJSFormater 高手請指導、指導!! (4千字)2001-11-24JSORM
- 一篇破解入門 (7千字)2000-09-04
- pecompact1.50破解過程 (加入BCG的第一篇) (8千字)2001-06-28
- 無名小兵V1.45
VB5 PCODE的破文一篇 (16千字)2002-07-06
- winimage完全破解 (8千字)2001-07-04
- 我的破解心得(8) (2千字)2001-03-13