CRACK bootstart6.02版 (26千字)
bootstart6.02版適用於最新版7.xx
對CODE作如下說明
CODE: ***-*****-*****-****
||| ||||| ||||| ||||-C44
||| ||||| ||||| |||--C43
||| ||||| ||||| ||---C42
||| ||||| ||||| |----C41
||| ||||| |||||
||| ||||| |||||------C35
||| ||||| ||||-------C34
||| ||||| |||--------C33
||| ||||| ||---------C32
||| ||||| |----------C31
||| |||||
||| |||||------------C25
||| ||||-------------C24
||| |||--------------C23
||| ||---------------C22
||| |----------------C21
|||
|||------------------C13
||-------------------C12
|--------------------C11
設斷點 BPX HMEMCPY
BPX CALLWINDOWPROCA
程式來到 4902E0
:004902E0 E84F19FAFF call 00431C34
<-讀入 code
:004902E5 8B45F8
mov eax, dword ptr [ebp-08]
:004902E8 8D55FC
lea edx, dword ptr [ebp-04]
:004902EB E84035FCFF call 00453830
:004902F0 8B55FC
mov edx, dword ptr [ebp-04]
:004902F3 8D83EC020000 lea eax, dword
ptr [ebx+000002EC]
:004902F9 E8BE39F7FF call 00403CBC
:004902FE 8D55F8
lea edx, dword ptr [ebp-08]
:00490301 8B83D0020000 mov eax, dword
ptr [ebx+000002D0]
:00490307 E82819FAFF call 00431C34
<-讀入
name
程式要走好長可以按 F12 24次,來到此處:
:004ACD37 48
dec eax
:004ACD38 0F8583000000 jne 004ACDC1
:004ACD3E 84DB
test bl, bl
:004ACD40 7547
jne 004ACD89
:004ACD42 A1D0714B00 mov eax,
dword ptr [004B71D0]
:004ACD47 8B00
mov eax, dword ptr [eax]
:004ACD49 8D90EC020000 lea edx, dword
ptr [eax+000002EC]
:004ACD4F 8B8698040000 mov eax, dword
ptr [esi+00000498]
:004ACD55 8B00
mov eax, dword ptr [eax]
:004ACD57 8B08
mov ecx, dword ptr [eax]
:004ACD59 FF5114
call [ecx+14]
:004ACD5C 8BD8
mov ebx, eax
:004ACD5E 8D45F8
lea eax, dword ptr [ebp-08]
:004ACD61 E8026FF5FF call 00403C68
:004ACD66 80FB05
cmp bl, 05
:004ACD69 7510
jne 004ACD7B
:004ACD6B 8D45F8
lea eax, dword ptr [ebp-08]
:004ACD6E 8B155C6C4B00 mov edx, dword
ptr [004B6C5C]
:004ACD74 8B12
mov edx, dword ptr [edx]
:004ACD76 E8856FF5FF call 00403D00
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004ACD69(C)
|
:004ACD7B 8B4DF8
mov ecx, dword ptr [ebp-08]
:004ACD7E 8BD3
mov edx, ebx
:004ACD80 66B81C00 mov
ax, 001C
:004ACD84 E867E3FDFF call 0048B0F0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004ACD40(C)
|
:004ACD89 84DB
test bl, bl
:004ACD8B 7534
jne 004ACDC1
:004ACD8D 8D4DFF
lea ecx, dword ptr [ebp-01]
:004ACD90 A1D0714B00 mov eax,
dword ptr [004B71D0]
:004ACD95 8B00
mov eax, dword ptr [eax]
:004ACD97 8D90EC020000 lea edx, dword
ptr [eax+000002EC]
:004ACD9D 8B8698040000 mov eax, dword
ptr [esi+00000498]
:004ACDA3 8B00
mov eax, dword ptr [eax]
:004ACDA5 8B18
mov ebx, dword ptr [eax]
:004ACDA7 FF5310
call [ebx+10] <-計算及判斷CODE正確性
:004ACDAA 8BD8
mov ebx, eax
:004ACDAC 807DFF00 cmp
byte ptr [ebp-01], 00
:004ACDB0 7502
jne 004ACDB4
:004ACDB2 B354
mov bl, 54 <-錯誤
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004ACDB0(C)
|
:004ACDB4 33C9
xor ecx, ecx
:004ACDB6 8BD3
mov edx, ebx
:004ACDB8 66B81D00 mov
ax, 001D
:004ACDBC E82FE3FDFF call 0048B0F0
<-失敗對話方塊
進入:004ACDA7 FF5310
call [ebx+10]此呼叫
還要走好長!!!!!!
核心關鍵之處:
* Referenced by a CALL at Addresses:
|:0046B92A , :0046B9E1 , :0046CA46
|
:00453ABC 55
push ebp
:00453ABD 8BEC
mov ebp, esp
:00453ABF 83C4D8
add esp, FFFFFFD8
:00453AC2 53
push ebx
:00453AC3 56
push esi
:00453AC4 57
push edi
:00453AC5 33C9
xor ecx, ecx
:00453AC7 894DEC
mov dword ptr [ebp-14], ecx
:00453ACA 894DE8
mov dword ptr [ebp-18], ecx
:00453ACD 894DD8
mov dword ptr [ebp-28], ecx
:00453AD0 894DF0
mov dword ptr [ebp-10], ecx
:00453AD3 8BF0
mov esi, eax
:00453AD5 8D7DF8
lea edi, dword ptr [ebp-08]
:00453AD8 A5
movsd
:00453AD9 A5
movsd
:00453ADA 8955F4
mov dword ptr [ebp-0C], edx
:00453ADD 8D45F8
lea eax, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->"TRGRegisterInfo"
|
:00453AE0 8B1554394500 mov edx, dword
ptr [00453954]
:00453AE6 E8F90BFBFF call 004046E4
:00453AEB 33C0
xor eax, eax
:00453AED 55
push ebp
:00453AEE 68263F4500 push 00453F26
:00453AF3 64FF30
push dword ptr fs:[eax]
:00453AF6 648920
mov dword ptr fs:[eax], esp
:00453AF9 8D55EC
lea edx, dword ptr [ebp-14]
:00453AFC 8B45F8
mov eax, dword ptr [ebp-08]
:00453AFF E8A0FBFFFF call 004536A4
:00453B04 8B45EC
mov eax, dword ptr [ebp-14]
:00453B07 8D55E8
lea edx, dword ptr [ebp-18]
:00453B0A E8454FFBFF call 00408A54
:00453B0F 8B45E8
mov eax, dword ptr [ebp-18]
:00453B12 8D55EC
lea edx, dword ptr [ebp-14]
:00453B15 E816FDFFFF call 00453830
:00453B1A 8B55EC
mov edx, dword ptr [ebp-14]
:00453B1D 8D45F8
lea eax, dword ptr [ebp-08]
:00453B20 E8DB01FBFF call 00403D00
:00453B25 8D55EC
lea edx, dword ptr [ebp-14]
:00453B28 8B45FC
mov eax, dword ptr [ebp-04]
:00453B2B E874FBFFFF call 004536A4
:00453B30 8B45EC
mov eax, dword ptr [ebp-14]
:00453B33 8D55E8
lea edx, dword ptr [ebp-18]
:00453B36 E8194FFBFF call 00408A54
:00453B3B 8B45E8
mov eax, dword ptr [ebp-18]
:00453B3E 8D55EC
lea edx, dword ptr [ebp-14]
:00453B41 E8EAFCFFFF call 00453830
:00453B46 8B55EC
mov edx, dword ptr [ebp-14]
:00453B49 8D45FC
lea eax, dword ptr [ebp-04]
:00453B4C E8AF01FBFF call 00403D00
:00453B51 B301
mov bl, 01
:00453B53 84DB
test bl, bl
:00453B55 740F
je 00453B66
:00453B57 8B45F8
mov eax, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->"REGISTERED USER"
|
:00453B5A BA3C3F4500 mov edx,
00453F3C
:00453B5F E89004FBFF call 00403FF4
:00453B64 7504
jne 00453B6A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B55(C)
|
:00453B66 33C0
xor eax, eax
:00453B68 EB02
jmp 00453B6C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B64(C)
|
:00453B6A B001
mov al, 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B68(U)
|
:00453B6C 8BD8
mov ebx, eax
:00453B6E 84DB
test bl, bl
:00453B70 740D
je 00453B7F
:00453B72 8B45F8
mov eax, dword ptr [ebp-08]
:00453B75 E86A03FBFF call 00403EE4
:00453B7A 83F80A
cmp eax, 0000000A <-NAME的位數大於等於10位
:00453B7D 7D04
jge 00453B83
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B70(C)
|
:00453B7F 33C0
xor eax, eax
:00453B81 EB02
jmp 00453B85
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B7D(C)
|
:00453B83 B001
mov al, 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B81(U)
|
:00453B85 8BD8
mov ebx, eax
:00453B87 84DB
test bl, bl
:00453B89 7426
je 00453BB1
:00453B8B 8D45EC
lea eax, dword ptr [ebp-14]
:00453B8E 50
push eax
:00453B8F B904000000 mov ecx,
00000004
:00453B94 BA01000000 mov edx,
00000001
:00453B99 8B45FC
mov eax, dword ptr [ebp-04]
:00453B9C E84705FBFF call 004040E8
:00453BA1 8B45EC
mov eax, dword ptr [ebp-14]
* Possible StringData Ref from Data Obj ->"BM1-"
|
:00453BA4 BA543F4500 mov edx,
00453F54
:00453BA9 E84604FBFF call 00403FF4
<-C1是否等於BM1
:00453BAE 0F94C3
sete bl
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B89(C)
|
:00453BB1 84DB
test bl, bl
:00453BB3 7456
je 00453C0B <-去死
:00453BB5 8B45F8
mov eax, dword ptr [ebp-08]
:00453BB8 E82703FBFF call 00403EE4
:00453BBD 8BD0
mov edx, eax
:00453BBF 8D45EC
lea eax, dword ptr [ebp-14]
:00453BC2 E84502FBFF call 00403E0C
:00453BC7 8B45EC
mov eax, dword ptr [ebp-14]
:00453BCA 8D55F0
lea edx, dword ptr [ebp-10]
:00453BCD E8B2FDFFFF call 00453984
:00453BD2 8D45EC
lea eax, dword ptr [ebp-14]
:00453BD5 50
push eax
:00453BD6 B902000000 mov ecx,
00000002
:00453BDB BA05000000 mov edx,
00000005
:00453BE0 8B45FC
mov eax, dword ptr [ebp-04]
:00453BE3 E80005FBFF call 004040E8
:00453BE8 8B45EC
mov eax, dword ptr [ebp-14]
:00453BEB 50
push eax
:00453BEC 8D4DE8
lea ecx, dword ptr [ebp-18]
:00453BEF 8B45F0
mov eax, dword ptr [ebp-10]
:00453BF2 0FB600
movzx eax, byte ptr [eax]
:00453BF5 BA02000000 mov edx,
00000002
:00453BFA E8F950FBFF call 00408CF8
<-生成C21 C22
:00453BFF 8B55E8
mov edx, dword ptr [ebp-18] <-真的C21 C22 BPX3
:00453C02 58
pop eax <-假的C21
C22
:00453C03 E8EC03FBFF call 00403FF4
:00453C08 0F94C3
sete bl
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453BB3(C)
|
:00453C0B 84DB
test bl, bl
:00453C0D 0F8494000000 je 00453CA7
<-去死
:00453C13 8D45F0
lea eax, dword ptr [ebp-10]
:00453C16 8B55FC
mov edx, dword ptr [ebp-04]
:00453C19 E8E200FBFF call 00403D00
:00453C1E 8D45F0
lea eax, dword ptr [ebp-10]
:00453C21 B902000000 mov ecx,
00000002
:00453C26 BA07000000 mov edx,
00000007
:00453C2B E8F804FBFF call 00404128
:00453C30 33F6
xor esi, esi
:00453C32 8B45F0
mov eax, dword ptr [ebp-10]
:00453C35 E8AA02FBFF call 00403EE4
:00453C3A 84C0
test al, al
:00453C3C 7616
jbe 00453C54
:00453C3E B201
mov dl, 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453C52(C)
|
:00453C40 33C9
xor ecx, ecx
:00453C42 8ACA
mov cl, dl
:00453C44 8B5DF0
mov ebx, dword ptr [ebp-10]
:00453C47 0FB64C0BFF movzx ecx,
byte ptr [ebx+ecx-01]
:00453C4C 6603F1
add si, cx
:00453C4F 42
inc edx
:00453C50 FEC8
dec al
:00453C52 75EC
jne 00453C40
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453C3C(C)
|
:00453C54 8D45EC
lea eax, dword ptr [ebp-14]
:00453C57 8BD6
mov edx, esi
:00453C59 6681E2FF00 and dx,
00FF
:00453C5E E8A901FBFF call 00403E0C
:00453C63 8B45EC
mov eax, dword ptr [ebp-14]
:00453C66 8D55F0
lea edx, dword ptr [ebp-10]
:00453C69 E816FDFFFF call 00453984
:00453C6E 8D45EC
lea eax, dword ptr [ebp-14]
:00453C71 50
push eax
:00453C72 B902000000 mov ecx,
00000002
:00453C77 BA07000000 mov edx,
00000007
:00453C7C 8B45FC
mov eax, dword ptr [ebp-04]
:00453C7F E86404FBFF call 004040E8
:00453C84 8B45EC
mov eax, dword ptr [ebp-14]
:00453C87 50
push eax
:00453C88 8D4DE8
lea ecx, dword ptr [ebp-18]
:00453C8B 8B45F0
mov eax, dword ptr [ebp-10]
:00453C8E 0FB600
movzx eax, byte ptr [eax]
:00453C91 BA02000000 mov edx,
00000002
:00453C96 E85D50FBFF call 00408CF8
<-生成C23 C24 BPX4
:00453C9B 8B55E8
mov edx, dword ptr [ebp-18] <-假的C23 C24 ?寫錯了!呵呵沒有錯啦①
:00453C9E 58
pop eax <-假的C23
C24
:00453C9F E85003FBFF call 00403FF4
:00453CA4 0F94C3
sete bl
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453C0D(C)
|
:00453CA7 84DB
test bl, bl
:00453CA9 0F848B000000 je 00453D3A
<-去死
:00453CAF 8B55F8
mov edx, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->" "
|
:00453CB2 B8643F4500 mov eax,
00453F64
:00453CB7 E81005FBFF call 004041CC
<-NAME 中不能有空格
:00453CBC 85C0
test eax, eax
:00453CBE 7E15
jle 00453CD5 <-去死
:00453CC0 8B55F8
mov edx, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->" "
|
:00453CC3 B8643F4500 mov eax,
00453F64
:00453CC8 E8FF04FBFF call 004041CC
:00453CCD 8B55F8
mov edx, dword ptr [ebp-08]
:00453CD0 8A1C02
mov bl, byte ptr [edx+eax]
:00453CD3 EB06
jmp 00453CDB
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453CBE(C)
|
:00453CD5 8B45F8
mov eax, dword ptr [ebp-08]
:00453CD8 8A5801
mov bl, byte ptr [eax+01]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453CD3(U)
|
:00453CDB 8D45EC
lea eax, dword ptr [ebp-14]
:00453CDE 50
push eax
:00453CDF B902000000 mov ecx,
00000002
:00453CE4 BA09000000 mov edx,
00000009
:00453CE9 8B45FC
mov eax, dword ptr [ebp-04]
:00453CEC E8F703FBFF call 004040E8
:00453CF1 8B45EC
mov eax, dword ptr [ebp-14]
:00453CF4 50
push eax
:00453CF5 8BC3
mov eax, ebx
:00453CF7 E868EDFAFF call 00402A64
:00453CFC 8BD0
mov edx, eax
:00453CFE 8D45E4
lea eax, dword ptr [ebp-1C]
:00453D01 885001
mov byte ptr [eax+01], dl
:00453D04 C60001
mov byte ptr [eax], 01
:00453D07 8D55E4
lea edx, dword ptr [ebp-1C]
:00453D0A 8D45E0
lea eax, dword ptr [ebp-20]
:00453D0D E842EEFAFF call 00402B54
* Possible StringData Ref from Data Obj ->"-"
|
:00453D12 BA683F4500 mov edx, 00453F68
:00453D17 8D45E0 lea eax, dword ptr [ebp-20]
:00453D1A B102 mov cl, 02
:00453D1C E803EEFAFF call 00402B24
:00453D21 8D55E0 lea edx, dword ptr [ebp-20]
:00453D24 8D45E8 lea eax, dword ptr [ebp-18]
:00453D27 E85C01FBFF call 00403E88 <-生成C25 NAME的第二個字母
<-F10 代過,就中斷在 BPX3 在次執行
<-到此則出現失敗對話方塊??只好清除 中斷 3
:00453D2C 8B55E8 mov edx, dword ptr [ebp-18] <-真的C25 BPX5
:00453D2F 58 pop eax <-假的C25
:00453D30 E8BF02FBFF call 00403FF4
:00453D35 0F94C0 sete al
:00453D38 8BD8 mov ebx, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453CA9(C)
|
:00453D3A 84DB test bl, bl
:00453D3C 0F84CB000000 je 00453E0D <-去死
:00453D42 33F6 xor esi, esi
:00453D44 8B45F8 mov eax, dword ptr [ebp-08]
:00453D47 E89801FBFF call 00403EE4
:00453D4C 84C0 test al, al
:00453D4E 7616 jbe 00453D66
:00453D50 B201 mov dl, 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453D64(C)
|
:00453D52 33C9 xor ecx, ecx
:00453D54 8ACA mov cl, dl
:00453D56 8B5DF8 mov ebx, dword ptr [ebp-08]
:00453D59 0FB64C0BFF movzx ecx, byte ptr [ebx+ecx-01]
:00453D5E 6603F1 add si, cx
:00453D61 42 inc edx
:00453D62 FEC8 dec al
:00453D64 75EC jne 00453D52
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453D4E(C)
|
:00453D66 8D45E4 lea eax, dword ptr [ebp-1C]
:00453D69 8BD6 mov edx, esi
:00453D6B 66C1EA08 shr dx, 08
:00453D6F 885001 mov byte ptr [eax+01], dl
:00453D72 C60001 mov byte ptr [eax], 01
:00453D75 8D55E4 lea edx, dword ptr [ebp-1C]
:00453D78 8D45E0 lea eax, dword ptr [ebp-20]
:00453D7B E8D4EDFAFF call 00402B54
:00453D80 8D45DC lea eax, dword ptr [ebp-24]
:00453D83 8BD6 mov edx, esi
:00453D85 6681E2FF00 and dx, 00FF
:00453D8A 885001 mov byte ptr [eax+01], dl
:00453D8D C60001 mov byte ptr [eax], 01
:00453D90 8D55DC lea edx, dword ptr [ebp-24]
:00453D93 8D45E0 lea eax, dword ptr [ebp-20]
:00453D96 B102 mov cl, 02
:00453D98 E887EDFAFF call 00402B24
:00453D9D 8D55E0 lea edx, dword ptr [ebp-20]
:00453DA0 8D45EC lea eax, dword ptr [ebp-14]
:00453DA3 E8E000FBFF call 00403E88
:00453DA8 8B45EC mov eax, dword ptr [ebp-14]
:00453DAB 8D55F0 lea edx, dword ptr [ebp-10]
:00453DAE E8D1FBFFFF call 00453984
:00453DB3 8D45EC lea eax, dword ptr [ebp-14]
:00453DB6 50 push eax
:00453DB7 B904000000 mov ecx, 00000004
:00453DBC BA0B000000 mov edx, 0000000B
:00453DC1 8B45FC mov eax, dword ptr [ebp-04]
:00453DC4 E81F03FBFF call 004040E8
:00453DC9 8B45EC mov eax, dword ptr [ebp-14]
:00453DCC 50 push eax
:00453DCD 8D4DE8 lea ecx, dword ptr [ebp-18]
:00453DD0 8B45F0 mov eax, dword ptr [ebp-10]
:00453DD3 0FB600 movzx eax, byte ptr [eax]
:00453DD6 BA02000000 mov edx, 00000002
:00453DDB E8184FFBFF call 00408CF8
:00453DE0 8D45E8 lea eax, dword ptr [ebp-18]
:00453DE3 50 push eax
:00453DE4 8D4DD8 lea ecx, dword ptr [ebp-28]
:00453DE7 8B45F0 mov eax, dword ptr [ebp-10]
:00453DEA 0FB64001 movzx eax, byte ptr [eax+01]
:00453DEE BA02000000 mov edx, 00000002
:00453DF3 E8004FFBFF call 00408CF8
:00453DF8 8B55D8 mov edx, dword ptr [ebp-28]
:00453DFB 58 pop eax
:00453DFC E8EB00FBFF call 00403EEC <-生成C31 C32 C33 C34
:00453E01 8B55E8 mov edx, dword ptr [ebp-18] <-真的C31 C32 C33 C34 BPX6
:00453E04 58 pop eax <-假的C31 C32 C33 C34
:00453E05 E8EA01FBFF call 00403FF4
:00453E0A 0F94C3 sete bl
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453D3C(C)
|
:00453E0D 84DB test bl, bl
:00453E0F 7460 je 00453E71 <-去死
:00453E11 8D45EC lea eax, dword ptr [ebp-14]
:00453E14 50 push eax
:00453E15 B902000000 mov ecx, 00000002
:00453E1A BA0F000000 mov edx, 0000000F
:00453E1F 8B45FC mov eax, dword ptr [ebp-04]
:00453E22 E8C102FBFF call 004040E8
:00453E27 8B45EC mov eax, dword ptr [ebp-14]
:00453E2A 50 push eax
:00453E2B 8B45F8 mov eax, dword ptr [ebp-08]
:00453E2E 8A00 mov al, byte ptr [eax]
:00453E30 E82FECFAFF call 00402A64
:00453E35 8BD0 mov edx, eax
:00453E37 8D45E4 lea eax, dword ptr [ebp-1C]
:00453E3A 885001 mov byte ptr [eax+01], dl
:00453E3D C60001 mov byte ptr [eax], 01
:00453E40 8D55E4 lea edx, dword ptr [ebp-1C]
:00453E43 8D45E0 lea eax, dword ptr [ebp-20]
:00453E46 E809EDFAFF call 00402B54
* Possible StringData Ref from Data Obj ->"-"
|
:00453E4B BA683F4500 mov edx, 00453F68
:00453E50 8D45E0 lea eax, dword ptr [ebp-20]
:00453E53 B102 mov cl, 02
:00453E55 E8CAECFAFF call 00402B24
:00453E5A 8D55E0 lea edx, dword ptr [ebp-20]
:00453E5D 8D45E8 lea eax, dword ptr [ebp-18]
:00453E60 E82300FBFF call 00403E88 <-生成C35 NAME的第一個字母
:00453E65 8B55E8 mov edx, dword ptr [ebp-18] <-真的C35 BPX7
:00453E68 58 pop eax <-假的C35
:00453E69 E88601FBFF call 00403FF4
:00453E6E 0F94C3 sete bl
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453E0F(C)
|
:00453E71 84DB test bl, bl
:00453E73 747B je 00453EF0 <-去死
:00453E75 8D45EC lea eax, dword ptr [ebp-14]
:00453E78 50 push eax
:00453E79 B902000000 mov ecx, 00000002
:00453E7E BA01000000 mov edx, 00000001
:00453E83 8B45F8 mov eax, dword ptr [ebp-08]
:00453E86 E85D02FBFF call 004040E8
:00453E8B 8B45EC mov eax, dword ptr [ebp-14]
:00453E8E 8D55F0 lea edx, dword ptr [ebp-10]
:00453E91 E8EEFAFFFF call 00453984
:00453E96 8D45EC lea eax, dword ptr [ebp-14]
:00453E99 50 push eax
:00453E9A B909000000 mov ecx, 00000009
:00453E9F BA11000000 mov edx, 00000011
:00453EA4 8B45FC mov eax, dword ptr [ebp-04]
:00453EA7 E83C02FBFF call 004040E8
:00453EAC 8B45EC mov eax, dword ptr [ebp-14]
:00453EAF 50 push eax
:00453EB0 8D4DE8 lea ecx, dword ptr [ebp-18]
:00453EB3 8B45F0 mov eax, dword ptr [ebp-10]
:00453EB6 0FB600 movzx eax, byte ptr [eax]
:00453EB9 BA02000000 mov edx, 00000002
:00453EBE E8354EFBFF call 00408CF8
:00453EC3 8D45E8 lea eax, dword ptr [ebp-18]
:00453EC6 50 push eax
:00453EC7 8D4DD8 lea ecx, dword ptr [ebp-28]
:00453ECA 8B45F0 mov eax, dword ptr [ebp-10]
:00453ECD 0FB64001 movzx eax, byte ptr [eax+01]
:00453ED1 BA02000000 mov edx, 00000002
:00453ED6 E81D4EFBFF call 00408CF8
:00453EDB 8B55D8 mov edx, dword ptr [ebp-28]
:00453EDE 58 pop eax
:00453EDF E80800FBFF call 00403EEC <-生成C41 C42 C43 C44
:00453EE4 8B55E8 mov edx, dword ptr [ebp-18] <-真的C41 C42 C43 C44 BPX8
:00453EE7 58 pop eax <-假的C41 C42 C43 C44
:00453EE8 E80701FBFF call 00403FF4
:00453EED 0F94C3 sete bl
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453E73(C)
|
:00453EF0 8B45F4 mov eax, dword ptr [ebp-0C]
:00453EF3 8818 mov byte ptr [eax], bl
:00453EF5 33C0 xor eax, eax
:00453EF7 5A pop edx
:00453EF8 59 pop ecx
:00453EF9 59 pop ecx
:00453EFA 648910 mov dword ptr fs:[eax], edx
:00453EFD 682D3F4500 push 00453F2D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453F2B(U)
|
:00453F02 8D45D8 lea eax, dword ptr [ebp-28]
:00453F05 E85EFDFAFF call 00403C68
:00453F0A 8D45E8 lea eax, dword ptr [ebp-18]
:00453F0D BA03000000 mov edx, 00000003
:00453F12 E875FDFAFF call 00403C8C
:00453F17 8D45F8 lea eax, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->"TRGRegisterInfo"
|
:00453F1A 8B1554394500 mov edx, dword ptr [00453954]
:00453F20 E8A706FBFF call 004045CC
:00453F25 C3 ret
:00453F26 E9FDF7FAFF jmp 00403728
:00453F2B EBD5 jmp 00453F02
:00453F2D 5F pop edi
:00453F2E 5E pop esi
:00453F2F 5B pop ebx
:00453F30 8BE5 mov esp, ebp
:00453F32 5D pop ebp
:00453F33 C3 ret
① 至此我們已經得到了除C23 C24的全部註冊碼,現在我們將得到C23 C24的註冊碼:
重新執行程式設斷點 00453C9E
D EDX
就是正確的 C23 C24
C23 C24 由後面的註冊碼生成,因此要等到後面的註冊碼確定後才可以確定
ABCDEFGHIJKLMN BM1-2486B-3157A-7878
BM1-E086B-3157A-7878 <-C21 C22
BM1-E003B-3157A-7878 <-C23 C24
BM1-E003B-EDDAA-7878 <-C31 C32
BM1-E0C5B-EDDAA-7878 <-C23 C24
BM1-E0C5B-EDDAA-AF71 <-C41 C42 C43 C44
BM1-E0D2B-EDDAA-AF71 <-C23 C24
至此註冊成功
QWERTYUIOPASDFG BM1-1234W-4567Q-7878
BM1-E134W-4567Q-7878
BM1-E1F7W-4567Q-7878
BM1-E1F7W-EABDQ-7878
BM1-E1A1W-EABDQ-7878 <-出問題了 中斷在C21 C22處不走了?只好BD * ???
BM1-E1A1W-EABDQ-BF64
BM1-E18DW-EABDQ-BF64
相關文章
- 初學者(26) (9千字)2000-08-17
- FPE 2000 Pro在Crack中的一點應用 (1千字)2001-02-14
- Archicad 26 for Mac 26.0.0國際版+中文版2023-05-15Mac
- Crack之親歷手跡8---破解流風婚紗形象設計系統2002版的序列號加密
(1千字)2015-11-15加密
- 入門習作:木馬克星IPARMOR4.0 30 TIMES LIMITS CRACK AND REG
(10千字)2001-06-22MIT
- Crack之親歷手跡6---破解AuthorWare5的軟體狗() (2千字)2002-03-09
- Archicad 26 for Mac(BIM建模軟體) 26.0.0英文版+中文版2023-11-16Mac
- Archicad 26中文版更新,Mac版archicad 26新功能介紹2023-09-18Mac
- Tray Helper V 3.6演算法分析 (26千字)2015-11-15演算法
- WIFI WPA1/2 Crack for Windows2020-08-19WiFiWindows
- Archicad 26 for Mac(BIM建模軟體) 26.0.0國際版2023-05-15Mac
- ArchiCAD 26 for Mac(三維建模軟體) 26.0.0.6002啟用版2023-11-08Mac
- JSON Crack 資料視覺化工具2022-10-26JSON視覺化
- Tutor 10 How to crack AutoZip 98 v4.02015-11-15
- Tutor 11 How to crack WebZIP V2.72.1352015-11-15Web
- DSP Builder 12.0安裝及crack方法2012-08-25UI
- Crack之親歷手跡3--Delphi程式中是如何獲得一個Edit的Text內容的 (1千字)2002-03-09
- 【辛佳雨】Flex builder 3 beta3 crack2008-06-05FlexUI
- [原創]IPhone 平臺下破解:Crack Firewall ip2010-03-30iPhone
- Tutor13 How to crack Drag And View v4.502015-11-15View
- 標誌位法破解----美萍反黃衛士2.26 (4千字)2001-07-27
- BIM建模軟體:Archicad 26 啟用版2023-04-26
- HostSeek 中文版 簡單破解 (2千字)2001-05-26
- 完美解除安裝7.00版破解 (7千字)2002-03-18
- 智慧狂拼試用版之破解 (1千字)2000-09-04
- VB基礎版版務處理_200502262005-02-26
- BIM建模軟體 Archicad 26 破解版中文「Archicad 26 補丁資源」2023-10-30
- 請問哪位有together6.0的crack檔案?2003-01-05
- 金山毒霸試用版完全破解 (5千字)2001-07-16
- Readbook 1.42版 演算法分析。 (1千字)2015-11-15演算法
- Smooze for Mac(滑鼠平滑滾動神器)1.9.26漢化版2023-11-03Mac
- Crack之親歷手跡4--一個許久以前的心願-FileSplit2X的註冊碼生成器 (1千字)2002-03-09
- Tutor8?How to crack LockDown 2000 3.0 Build 3.0.1.282015-11-15UI
- 屏保自己做2.61版演算法分析! (7千字)2002-02-18演算法
- Unfoxall 2.0 增強版完美破解方法 (2千字)2000-05-17
- IBM SPSS Statistics 26 中文啟用版下載2023-10-08IBMSPSS
- SentinelDOG 破解監理通2000單機版,及網路版 ((1千字)2001-05-04
- Tutor 9 How to crack Second Copy 97 version 5.31 build 962015-11-15UI