破解 密碼監聽器 v1.4 註冊碼,順便向BCG組織的各位兄弟問好! (12千字)
破解 密碼監聽器 v1.4 註冊碼
軟體名稱:密碼監聽器 V1.4
軟體簡介:密碼監聽器用於監聽基於WEB的郵箱密碼、POP3收信密碼、FTP登入
密碼,只需在一臺電腦上執行,就可以監聽區域網內任意一臺電腦登入的使用者
名和密碼,並將密碼顯示、儲存,或傳送到使用者指定的郵箱。
破解工具:TRW2000 1.22漢化版、W32DASM 8.93漢化版、FI 2.5。
破解人:飛鷹[BCG]
E-mail:flithawk@263.net
網址:http://flithawk.longcity.net
破解步驟:首先,用 FI 查殼,可知該軟體沒有被加殼;後用 W32DASM 編譯
軟體,查詢註冊碼錯誤資訊“註冊失敗!”,找到後,向上分析就可以知道真
註冊碼和註冊演算法。分析過程如下:
* Possible Reference to Dialog: DialogID_0088, CONTROL_ID:0416, ""
|
:0040D628 6816040000 push 00000416
:0040D62D 8BCD
mov ecx, ebp
* Reference To: MFC42.Ordinal:0C19, Ord:0C19h
|
:0040D62F E8E8250000 Call 0040FC1C
:0040D634 8D4C240C lea
ecx, dword ptr [esp+0C]
* Reference To: MFC42.Ordinal:188A, Ord:188Ah
|
:0040D638 E84F220000 Call 0040F88C
:0040D63D 8D4C240C lea
ecx, dword ptr [esp+0C]
* Reference To: MFC42.Ordinal:188B, Ord:188Bh
|
:0040D641 E840220000 Call 0040F886
:0040D646 8D4C2410 lea
ecx, dword ptr [esp+10]
* Reference To: MFC42.Ordinal:188A, Ord:188Ah
|
:0040D64A E83D220000 Call 0040F88C
:0040D64F 8D4C2410 lea
ecx, dword ptr [esp+10]
* Reference To: MFC42.Ordinal:188B, Ord:188Bh
|
:0040D653 E82E220000 Call 0040F886
:0040D658 8D4C240C lea
ecx, dword ptr [esp+0C]
* Reference To: MFC42.Ordinal:106A, Ord:106Ah
|
:0040D65C E8AF220000 Call 0040F910
* Possible StringData Ref from Data Obj ->"whm_w"
|
:0040D661 6814744100 push 00417414
:0040D666 8D4C2410 lea
ecx, dword ptr [esp+10]
* Reference To: MFC42.Ordinal:03AD, Ord:03ADh
|
:0040D66A E893240000 Call 0040FB02
:0040D66F 8B54240C mov
edx, dword ptr [esp+0C]
:0040D673 33FF
xor edi, edi
:0040D675 33C0
xor eax, eax
:0040D677 8B4AF8
mov ecx, dword ptr [edx-08]
:0040D67A 85C9
test ecx, ecx
:0040D67C 7E0B
jle 0040D689
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040D687(C)
|
:0040D67E 0FBE3410 movsx
esi, byte ptr [eax+edx] ++注
:0040D682 03FE
add edi, esi ++冊
:0040D684 40
inc eax
++碼
:0040D685 3BC1
cmp eax, ecx
++算
:0040D687 7CF5
jl 0040D67E
++法
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040D67C(C)
|
:0040D689 8B542410 mov
edx, dword ptr [esp+10]
:0040D68D 53
push ebx
:0040D68E 8D4C2414 lea
ecx, dword ptr [esp+14]
:0040D692 8B42F8
mov eax, dword ptr [edx-08]
:0040D695 83C0FE
add eax, FFFFFFFE
:0040D698 50
push eax
:0040D699 8D442420 lea
eax, dword ptr [esp+20]
:0040D69D 6A00
push 00000000
:0040D69F 50
push eax
* Reference To: MFC42.Ordinal:10B6, Ord:10B6h
|
:0040D6A0 E8A1220000 Call 0040F946
:0040D6A5 8B00
mov eax, dword ptr [eax]
:0040D6A7 50
push eax
* Reference To: MSVCRT.atol, Ord:023Eh
|
:0040D6A8 FF15A4244100 Call dword ptr
[004124A4]
:0040D6AE 83C404
add esp, 00000004
:0040D6B1 8D4C241C lea
ecx, dword ptr [esp+1C]
:0040D6B5 8BF0
mov esi, eax
* Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:0040D6B7 E810210000 Call 0040F7CC
:0040D6BC 8D4C241C lea
ecx, dword ptr [esp+1C]
:0040D6C0 6A02
push 00000002
:0040D6C2 51
push ecx
:0040D6C3 8D4C241C lea
ecx, dword ptr [esp+1C]
* Reference To: MFC42.Ordinal:164E, Ord:164Eh
|
:0040D6C7 E8A6230000 Call 0040FA72
:0040D6CC 8B00
mov eax, dword ptr [eax]
:0040D6CE 50
push eax
* Reference To: MSVCRT.atoi, Ord:023Dh
|
:0040D6CF FF1578244100 Call dword ptr
[00412478]
:0040D6D5 83C404
add esp, 00000004
:0040D6D8 8D4C241C lea
ecx, dword ptr [esp+1C]
:0040D6DC 8BD8
mov ebx, eax
* Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:0040D6DE E8E9200000 Call 0040F7CC
:0040D6E3 33F3
xor esi, ebx
:0040D6E5 5B
pop ebx
:0040D6E6 3BFE
cmp edi, esi==>真假註冊比較
:0040D6E8 0F85F3000000 jne 0040D7E1==>跳轉則顯示出錯資訊
:0040D6EE 68387E4100 push 00417E38
* Possible StringData Ref from Data Obj ->"whm_w"
|
:0040D6F3 6814744100 push 00417414
:0040D6F8 8D4C2414 lea
ecx, dword ptr [esp+14]
* Reference To: MFC42.Ordinal:1ADD, Ord:1ADDh
|
:0040D6FC E8F1210000 Call 0040F8F2
:0040D701 668B1550A64100 mov dx, word ptr
[0041A650]
:0040D708 B918000000 mov ecx,
00000018
:0040D70D 33C0
xor eax, eax
:0040D70F 8D7C241E lea
edi, dword ptr [esp+1E]
:0040D713 668954241C mov word
ptr [esp+1C], dx
* Possible Reference to Dialog: DialogID_0064
|
:0040D718 6A64
push 00000064
:0040D71A F3
repz
:0040D71B AB
stosd
:0040D71C 66AB
stosw
:0040D71E 8D442420 lea
eax, dword ptr [esp+20]
:0040D722 50
push eax
* Reference To: KERNEL32.GetSystemDirectoryA, Ord:0159h
|
:0040D723 FF1538204100 Call dword ptr
[00412038]
:0040D729 8D4C241C lea
ecx, dword ptr [esp+1C]
:0040D72D 51
push ecx
:0040D72E 8D4C241C lea
ecx, dword ptr [esp+1C]
* Reference To: MFC42.Ordinal:0219, Ord:0219h
|
:0040D732 E85B210000 Call 0040F892
:0040D737 8D4C2414 lea
ecx, dword ptr [esp+14]
:0040D73B C684248800000002 mov byte ptr [esp+00000088],
02
* Reference To: MFC42.Ordinal:021C, Ord:021Ch
|
:0040D743 E8A2200000 Call 0040F7EA
:0040D748 C684248800000003 mov byte ptr [esp+00000088],
03
* Reference To: KERNEL32.GetVersion, Ord:0174h
|
:0040D750 FF153C204100 Call dword ptr
[0041203C]
:0040D756 8B542418 mov
edx, dword ptr [esp+18]
:0040D75A 50
push eax
:0040D75B 52
push edx
:0040D75C 8D44241C lea
eax, dword ptr [esp+1C]
* Possible StringData Ref from Data Obj ->"%s\%ld.ini"
|
:0040D760 683C744100 push 0041743C
:0040D765 50
push eax
* Reference To: MFC42.Ordinal:0B02, Ord:0B02h
|
:0040D766 E8F7200000 Call 0040F862
:0040D76B 8B4C2424 mov
ecx, dword ptr [esp+24]
:0040D76F 8B54241C mov
edx, dword ptr [esp+1C]
* Reference To: KERNEL32.WritePrivateProfileStringA, Ord:02E5h
|
:0040D773 8B351C204100 mov esi, dword
ptr [0041201C]
:0040D779 83C410
add esp, 00000010
:0040D77C 51
push ecx
:0040D77D 52
push edx
* Possible StringData Ref from Data Obj ->"USERNAME"
|
:0040D77E 6830744100 push 00417430
* Possible StringData Ref from Data Obj ->"REGINFO"
|
:0040D783 6828744100 push 00417428
:0040D788 FFD6
call esi
:0040D78A 8B442414 mov
eax, dword ptr [esp+14]
:0040D78E 8B4C2410 mov
ecx, dword ptr [esp+10]
:0040D792 50
push eax
:0040D793 51
push ecx
* Possible StringData Ref from Data Obj ->"PASSWORD"
|
:0040D794 681C744100 push 0041741C
* Possible StringData Ref from Data Obj ->"REGINFO"
|
:0040D799 6828744100 push 00417428
:0040D79E FFD6
call esi
:0040D7A0 6830100000 push 00001030
* Possible StringData Ref from Data Obj ->"註冊資訊"==>繼續向上分析
|
:0040D7A5 68047B4100 push 00417B04
* Possible StringData Ref from Data Obj ->"您成功註冊!"==>成功資訊
|
:0040D7AA 68F47A4100 push 00417AF4
:0040D7AF 8BCD
mov ecx, ebp
* Reference To: MFC42.Ordinal:1080, Ord:1080h
|
:0040D7B1 E812210000 Call 0040F8C8
:0040D7B6 8BCD
mov ecx, ebp
* Reference To: MFC42.Ordinal:12F5, Ord:12F5h
|
:0040D7B8 E80D220000 Call 0040F9CA
:0040D7BD 8D4C2414 lea
ecx, dword ptr [esp+14]
:0040D7C1 C684248800000002 mov byte ptr [esp+00000088],
02
* Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:0040D7C9 E8FE1F0000 Call 0040F7CC
:0040D7CE 8D4C2418 lea
ecx, dword ptr [esp+18]
:0040D7D2 C684248800000001 mov byte ptr [esp+00000088],
01
* Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:0040D7DA E8ED1F0000 Call 0040F7CC
:0040D7DF EB16
jmp 0040D7F7
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040D6E8(C)
|
:0040D7E1 6830100000 push 00001030
* Possible StringData Ref from Data Obj ->"註冊資訊"==>繼續向上分析
|
:0040D7E6 68047B4100 push 00417B04
* Possible StringData Ref from Data Obj ->"註冊失敗!"==>出錯資訊
|
:0040D7EB 68E87A4100 push 00417AE8
:0040D7F0 8BCD
mov ecx, ebp
* Reference To: MFC42.Ordinal:1080, Ord:1080h
|
:0040D7F2 E8D1200000 Call 0040F8C8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040D7DF(U)
|
:0040D7F7 8D4C2410 lea
ecx, dword ptr [esp+10]
:0040D7FB C684248800000000 mov byte ptr [esp+00000088],
00
* Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:0040D803 E8C41F0000 Call 0040F7CC
:0040D808 8D4C240C lea
ecx, dword ptr [esp+0C]
:0040D80C C7842488000000FFFFFFFF mov dword ptr [esp+00000088], FFFFFFFF
* Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:0040D817 E8B01F0000 Call 0040F7CC
:0040D81C 8B8C2480000000 mov ecx, dword ptr
[esp+00000080]
:0040D823 5F
pop edi
:0040D824 5E
pop esi
:0040D825 5D
pop ebp
:0040D826 64890D00000000 mov dword ptr fs:[00000000],
ecx
:0040D82D 81C480000000 add esp, 00000080
:0040D833 C3
ret
再次執行軟體,用 TRW2000 在 0040D6E6 處下斷後,用 ?edi 命令就可以顯
示出真的註冊碼。知道真註冊碼後再把該註冊碼的前後分別加上00,才能註冊
成功。
例如:我的使用者名稱是:flithawk[BCG],用 ?edi 顯示出來的註冊碼是:1888
,則真的註冊碼是:00188800。
用 VB 編寫序號產生器,源程式如下:
Private Sub Command1_Click()
Dim x As Integer, i As Integer, y As String
If Text1.Text = "" Then
MsgBox "使用者名稱不能為空,請重新輸入。", 0, "錯誤"
Text1.SetFocus
Else
x = 0
y = LCase(Text1.Text & "whm_w")
For i = 1 To Len(y)
x = x + Asc(Mid$(y, i, 1))
Next i
Text2.Text = "00" & x & "00"
End If
End Sub
至此,整個軟體的破解完成!
我僅以此篇祝願BCG組織能不斷髮展壯大!我也順便向各位BCG的成員問好,希
望大家以後能多多保持聯絡!
Crack
by 飛鷹[BCG] flithawk@263.net 2001.10.25
相關文章
- 《TxEdit 4.6》的註冊碼破解 (11千字)2001-07-28
- 破解<<生日字典密碼生成器 v3.7 password>> 的註冊碼 (4千字)2001-10-21密碼
- Regediter 1.3 破解(得到註冊碼) (9千字)2002-01-23
- IconToy 3.1 註冊碼快速破解 (11千字)2001-03-02
- BabyGame 破解方法及註冊碼錶 (1千字)2001-07-04GAM
- winimp1.11註冊碼破解 (2千字)2000-07-16
- 新增監聽密碼2016-08-24密碼
- 一種非明碼比較程式的註冊------NS-SHAFT註冊碼破解 (9千字)2015-11-15
- Kugle Regediter 1.0 註冊碼破解法(非明碼) (8千字)2001-11-03
- 設定 Oracle 監聽器密碼(LISTENER)2017-09-07Oracle密碼
- SMailserver2.5註冊碼的破解手記 (1千字)2001-03-01AIServer
- Vue(12)元件的組織結構和元件註冊2021-07-02Vue元件
- 《ICONSCAN 2.4》註冊碼破解 高手莫入! (3千字)2001-05-06
- 《MAGICWIN RELEASE 1.2》註冊碼破解 高手莫入! (2千字)2001-05-07
- 監聽設定密碼2010-07-15密碼
- Oracle監聽器的靜態註冊與動態註冊,以及DB_DOMAIN問題2009-07-08OracleAI
- 『凌雲郵神』 註冊碼破解 (非明碼比較的哦 ^_^) (6千字)2001-11-05
- oracle監聽器動態註冊於靜態註冊的區別2016-11-12Oracle
- 12CR2安裝之後例項不能註冊到監聽器的問題2017-03-22
- 申請加入BCG破文3--加密精靈EncryptGenie22註冊碼破解及序號產生器制作 (5千字)2001-10-28加密
- 《WinImage v5.00.5007 註冊碼破解》 (7千字)2001-05-10
- 監聽動態註冊2016-08-04
- 動態註冊監聽2015-06-08
- 動態監聽註冊2009-08-28
- 《chm幫助編輯器V2.61》註冊碼破解心得: (11千字)2001-02-17
- Pycharm安裝破解 註冊碼2017-06-25PyCharm
- 使用JavaScript給物件修改註冊監聽器2018-09-09JavaScript物件
- Vopt99 v4.31的註冊碼破解 (11千字)2000-09-28
- 《EASY MP3 2.2》的註冊碼破解 高手莫入! (2千字)2001-05-05
- 為監聽設定密碼2008-05-06密碼
- oracle監聽器的靜態和動態註冊2011-04-14Oracle
- 【監聽】動態註冊和靜態註冊2015-11-30
- 如何破解《彩票快車黃金版》註冊碼 (1千字)2001-04-21
- 豪傑大眼睛共享版註冊碼破解 (1千字)2001-07-08
- Oracle監聽的靜態註冊和動態註冊2017-08-30Oracle
- Oracle監聽的動態註冊與靜態註冊2011-09-01Oracle
- 易經八卦彩票占卜程式.V6.3暴力及註冊碼破解,by冷雨飄心[BCG]出品
(5千字)2001-04-23
- PLSQL Developer 12 註冊碼2018-06-07SQLDeveloper