交一篇作業---破解Hedit 2.0的註冊碼 (7千字)

交一篇作業---破解Hedit 2.0的註冊碼

簡介：Hexadecimal editor for binary files. Unlimited file size (easily works with GB-sized files), insert and delete, binary and text search, selectable fonts, clipboard support, multiple document interface. Integrates with the Windows 95 or NT 4.0 shell.

使用者名稱：wdfdiablo 註冊碼：7878787878，CTL+D喚出SICE，bpx hmemcpy,點註冊，被SICE攔斷，下BD *清斷點，按f12 n次，來到：

0167:00405077 6A01 PUSH 01
0167:00405079 8BCE MOV ECX,ESI
0167:0040507B E870890100 CALL 0041D9F0
0167:00405080 85C0 TEST EAX,EAX
0167:00405082 7435 JZ 004050B9
0167:00405084 FF7660 PUSH DWORD PTR [ESI+60]
0167:00405087 FF765C PUSH DWORD PTR [ESI+5C]
0167:0040508A 8BCF MOV ECX,EDI
0167:0040508C E82DEFFFFF CALL 00403FBE ；此為算註冊碼的CALL，F8進入
0167:00405091 85C0 TEST EAX,EAX
0167:00405093 7510 JNZ 004050A5 ；不正確則跳到失敗
0167:00405095 6AFF PUSH FF
0167:00405097 6A00 PUSH 00
0167:00405099 6888000000 PUSH 00000088
0167:0040509E E8BCFC0100 CALL 00424D5F ；註冊失敗對話方塊
0167:004050A3 EB14 JMP 004050B9 ；跳出程式
0167:004050A5 FF7660 PUSH DWORD PTR [ESI+60]
0167:004050A8 FF765C PUSH DWORD PTR [ESI+5C]
0167:004050AB 8BCF MOV ECX,EDI

進入後在此處：
0167:00403FBE 55 PUSH EBP
0167:00403FBF 8BEC MOV EBP,ESP
0167:00403FC1 81EC00010000 SUB ESP,00000100
0167:00403FC7 6800010000 PUSH 00000100
0167:00403FCC 8D8D00FFFFFF LEA ECX,[EBP-0100]
0167:00403FD2 FF7508 PUSH DWORD PTR [EBP+08]
0167:00403FD5 51 PUSH ECX
0167:00403FD6 E8054F0000 CALL 00408EE0
0167:00403FDB 83C40C ADD ESP,0C
0167:00403FDE 8D8D00FFFFFF LEA ECX,[EBP-0100]
0167:00403FE4 51 PUSH ECX ;D ECX=wdfdiablo
0167:00403FE5 E856200100 CALL 00416040 ;將使用者名稱轉換為大寫字母WDFDIABLO
0167:00403FEA 83C404 ADD ESP,04
0167:00403FED B904000000 MOV ECX,00000004
0167:00403FF2 8BC1 MOV EAX,ECX
0167:00403FF4 41 INC ECX ;ECX=5
0167:00403FF5 99 CDQ
0167:00403FF6 33C2 XOR EAX,EDX
0167:00403FF8 2BC2 SUB EAX,EDX
0167:00403FFA 83E003 AND EAX,03
0167:00403FFD 33C2 XOR EAX,EDX
0167:00403FFF 2BC2 SUB EAX,EDX
0167:00404001 8A940DFFFEFFFF MOV DL,[ECX+EBP-0101]
0167:00404008 30940500FFFFFF XOR [EAX+EBP-0100],DL
0167:0040400F 81F900010000 CMP ECX,00000100 ；迴圈95次
0167:00404015 7CDB JL 00403FF2
0167:00404017 8B8500FFFFFF MOV EAX,[EBP-0100] ；D EAX=Ox8040551,轉換為十進位制即為
註冊碼
0167:0040401D 85C0 TEST EAX,EAX
0167:0040401F 7D02 JGE 00404023
0167:00404021 F7D8 NEG EAX
0167:00404023 39450C CMP [EBP+0C],EAX
0167:00404026 7509 JNZ 00404031
0167:00404028 85C0 TEST EAX,EAX
0167:0040402A B801000000 MOV EAX,00000001
0167:0040402F 7502 JNZ 00404033
0167:00404031 33C0 XOR EAX,EAX
0167:00404033 8BE5 MOV ESP,EBP
0167:00404035 5D POP EBP
0167:00404036 C20800 RET 0008

整理一下，使用者名稱：wdfdiablo,註冊碼：0134481233

不知哪位高手能用TC2.0寫一下它的序號產生器，感激不盡。

註冊成功後，登錄檔項新增以下鍵值：
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Yuri Software\HEdit\Settings]
"Font"=hex:f3,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,43,6f,75,72,69,65,72,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00
"Hex Address"=dword:00000001
"Upper Characters"=dword:00000000
"Fixed Columns"=dword:00000000
"Text Editor"="notepad.exe"
"Print Margins"=hex:e8,03,00,00,e8,03,00,00,e8,03,00,00,e8,03,00,00
"User Name"="wdfdiablo"
"Registration Number"=dword:08040551
"WindowPos"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,51,00,00,00,51,00,00,00,51,03,00,00,63,02,00,00

大波羅破解
http://wdfdiablo.myetang.com
2001.9.28

交一篇作業---破解Hedit 2.0的註冊碼 (7千字)

相關文章