紫禁城反黃衛士個人版破解(註冊演算法) (10千字)
紫禁城反黃衛士個人版註冊演算法:
破解工具:TRW2000
Hview
w32dasm 8.93黃金中文版
執行程式,開啟註冊的對話方塊,在註冊框中隨便輸入註冊碼,執行TRW2000,下斷點BPX hmemcpy,按註冊按鈕,被TRW中斷,用PMODULE返回主程式,如下:
:004A12ED 8B8538FEFFFF mov eax, dword
ptr [ebp+FFFFFE38] <====返回到這裡
:004A12F3 8D55F8
lea edx, dword ptr [ebp-08]
:004A12F6 E8417AF6FF call 00408D3C
:004A12FB 8B45F8
mov eax, dword ptr [ebp-08] <====取得第一個註冊框的字元
* Possible StringData Ref from Code Obj ->"KYNT"
|
:004A12FE BAB4164A00 mov edx,
004A16B4
:004A1303 E8983AF6FF call 00404DA0
<=====比較第一個註冊碼是否是KYNT
:004A1308 741A
je 004A1324 <=====如果是則繼續比較註冊碼,所以第一個註冊框的註冊碼一定是KYNT
:004A130A 6A00
push 00000000
:004A130C 668B0DBC164A00 mov cx, word ptr
[004A16BC]
:004A1313 33D2
xor edx, edx
* Possible StringData Ref from Code Obj ->"您輸入的序列號有誤,請檢查輸入。" <====不是KYNT,則註冊失敗
|
:004A1315 B8C8164A00 mov eax,
004A16C8
:004A131A E8753BF9FF call 00434E94
:004A131F E947030000 jmp 004A166B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A1308(C)
|
:004A1324 8D55F4
lea edx, dword ptr [ebp-0C]
:004A1327 8B8314030000 mov eax, dword
ptr [ebx+00000314]
:004A132D E836A1F9FF call 0043B468
:004A1332 8D55F0
lea edx, dword ptr [ebp-10]
:004A1335 8B8318030000 mov eax, dword
ptr [ebx+00000318]
:004A133B E828A1F9FF call 0043B468
:004A1340 8D55EC
lea edx, dword ptr [ebp-14]
:004A1343 8B831C030000 mov eax, dword
ptr [ebx+0000031C]
:004A1349 E81AA1F9FF call 0043B468
:004A134E 8D55E8
lea edx, dword ptr [ebp-18]
:004A1351 8B8320030000 mov eax, dword
ptr [ebx+00000320]
:004A1357 E80CA1F9FF call 0043B468
:004A135C 8D55FC
lea edx, dword ptr [ebp-04]
:004A135F 8B8308030000 mov eax, dword
ptr [ebx+00000308]
:004A1365 E8FEA0F9FF call 0043B468
:004A136A 8B45F8
mov eax, dword ptr [ebp-08]
:004A136D E8EA38F6FF call 00404C5C
<====這段程式碼是比較每一個註冊框中的註冊碼是不是4位
:004A1372 83F804
cmp eax, 00000004
:004A1375 7534
jne 004A13AB
<====不是則註冊失敗
:004A1377 8B45F4
mov eax, dword ptr [ebp-0C]
:004A137A E8DD38F6FF call 00404C5C
:004A137F 83F804
cmp eax, 00000004
:004A1382 7527
jne 004A13AB
:004A1384 8B45F0
mov eax, dword ptr [ebp-10]
:004A1387 E8D038F6FF call 00404C5C
:004A138C 83F804
cmp eax, 00000004
:004A138F 751A
jne 004A13AB
:004A1391 8B45EC
mov eax, dword ptr [ebp-14]
:004A1394 E8C338F6FF call 00404C5C
:004A1399 83F804
cmp eax, 00000004
:004A139C 750D
jne 004A13AB
:004A139E 8B45E8
mov eax, dword ptr [ebp-18]
:004A13A1 E8B638F6FF call 00404C5C
:004A13A6 83F804
cmp eax, 00000004
:004A13A9 741A
je 004A13C5 <=====全部都是4位,則跳到運算註冊碼的程式碼處
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004A1375(C), :004A1382(C), :004A138F(C), :004A139C(C)
|
:004A13AB 6A00
push 00000000
:004A13AD 668B0DBC164A00 mov cx, word ptr
[004A16BC]
:004A13B4 33D2
xor edx, edx
* Possible StringData Ref from Code Obj ->"您輸入的序列號有誤,請檢查輸入。"
|
:004A13B6 B8C8164A00 mov eax,
004A16C8
:004A13BB E8D43AF9FF call 00434E94
:004A13C0 E9A6020000 jmp 004A166B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A13A9(C)
|
:004A13C5 33C0
xor eax, eax
:004A13C7 55
push ebp
:004A13C8 6806144A00 push 004A1406
:004A13CD 64FF30
push dword ptr fs:[eax]
:004A13D0 648920
mov dword ptr fs:[eax], esp
:004A13D3 8B45F4
mov eax, dword ptr [ebp-0C] <==== 取第二個註冊框的註冊碼
:004A13D6 E8317FF6FF call 0040930C
<====註冊碼運算,結果是註冊碼的十六進位制數
:004A13DB 8BD8
mov ebx, eax
<====將結果存入EBX
:004A13DD 8B45F0
mov eax, dword ptr [ebp-10] <==== 取第三個註冊框的註冊碼
:004A13E0 E8277FF6FF call 0040930C
<====註冊碼運算,結果是註冊碼的十六進位制數
:004A13E5 8BF0
mov esi, eax
<====將結果存入ESi
:004A13E7 8B45EC
mov eax, dword ptr [ebp-14] <==== 取第四個註冊框的註冊碼
:004A13EA E81D7FF6FF call 0040930C
<====註冊碼運算,結果是註冊碼的十六進位制數
:004A13EF 8BF8
mov edi, eax
<====將結果存入EDI
:004A13F1 8B45E8
mov eax, dword ptr [ebp-18] <==== 取第五個註冊框的註冊碼
:004A13F4 E8137FF6FF call 0040930C
<====註冊碼運算,結果是註冊碼的十六進位制數
:004A13F9 8945E4
mov dword ptr [ebp-1C], eax <====將結果存入[EBP-1C]
:004A13FC 33C0
xor eax, eax
:004A13FE 5A
pop edx
:004A13FF 59
pop ecx
:004A1400 59
pop ecx
:004A1401 648910
mov dword ptr fs:[eax], edx
:004A1404 EB29
jmp 004A142F
:004A1406 E92D2CF6FF jmp 00404038
:004A140B 6A00
push 00000000
:004A140D 668B0DBC164A00 mov cx, word ptr
[004A16BC]
:004A1414 33D2
xor edx, edx
* Possible StringData Ref from Code Obj ->"您輸入的序列號有誤,請檢查輸入。"
|
:004A1416 B8C8164A00 mov eax,
004A16C8
:004A141B E8743AF9FF call 00434E94
:004A1420 E83F30F6FF call 00404464
:004A1425 E941020000 jmp 004A166B
:004A142A E83530F6FF call 00404464
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A1404(U)
|
:004A142F 81FBE8030000 cmp ebx, 000003E8
<====比較計算結果是否小於3E8(即1000,所以註冊碼必須大於1000,在註冊演算法裡面有相應的指令)
:004A1435 7C19
jl 004A1450
:004A1437 81FEE8030000 cmp esi, 000003E8
:004A143D 7C11
jl 004A1450
:004A143F 81FFE8030000 cmp edi, 000003E8
:004A1445 7C09
jl 004A1450
:004A1447 817DE4E8030000 cmp dword ptr [ebp-1C],
000003E8
:004A144E 7D1A
jge 004A146A <====跳到註冊碼比較的程式碼
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004A1435(C), :004A143D(C), :004A1445(C)
|
:004A1450 6A00
push 00000000
:004A1452 668B0DBC164A00 mov cx, word ptr
[004A16BC]
:004A1459 33D2
xor edx, edx
* Possible StringData Ref from Code Obj ->"您輸入的序列號有誤,請檢查輸入。"
|
:004A145B B8C8164A00 mov eax,
004A16C8
:004A1460 E82F3AF9FF call 00434E94
:004A1465 E901020000 jmp 004A166B
* Referenced by a (U)nconditional or (C)onditional Jump at Address: <=====這裡的程式碼是判斷第二至第五個註冊框的註冊碼是不是全部是相同的,如果全部相同,則註冊失敗
|:004A144E(C)
|
:004A146A 3BF3
cmp esi, ebx <====比較第三組和第二組
:004A146C 7523
jne 004A1491 <====不相等則繼續計算
:004A146E 3BFB
cmp edi, ebx <====比較第四組和第二組
:004A1470 751F
jne 004A1491 <====不相等則繼續計算
:004A1472 3B5DE4
cmp ebx, dword ptr [ebp-1C] <=====比較第五組和第二組
:004A1475 751A
jne 004A1491 <====不相等則繼續計算
:004A1477 6A00
push 00000000 <====註冊失敗
:004A1479 668B0DBC164A00 mov cx, word ptr
[004A16BC]
:004A1480 33D2
xor edx, edx
* Possible StringData Ref from Code Obj ->"您輸入的序列號有誤,請檢查輸入。"
|
:004A1482 B8C8164A00 mov eax,
004A16C8
:004A1487 E8083AF9FF call 00434E94
:004A148C E9DA010000 jmp 004A166B
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004A146C(C), :004A1470(C), :004A1475(C)
|
:004A1491 85DB
test ebx, ebx
:004A1493 740E
je 004A14A3
:004A1495 85F6
test esi, esi
:004A1497 740A
je 004A14A3
:004A1499 85FF
test edi, edi
:004A149B 7406
je 004A14A3
:004A149D 837DE400 cmp
dword ptr [ebp-1C], 00000000
:004A14A1 751A
jne 004A14BD
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004A1493(C), :004A1497(C), :004A149B(C)
|
:004A14A3 6A00
push 00000000
:004A14A5 668B0DBC164A00 mov cx, word ptr
[004A16BC]
:004A14AC 33D2
xor edx, edx
* Possible StringData Ref from Code Obj ->"您輸入的序列號有誤,請檢查輸入。"
|
:004A14AE B8C8164A00 mov eax,
004A16C8
:004A14B3 E8DC39F9FF call 00434E94
:004A14B8 E9AE010000 jmp 004A166B
* Referenced by a (U)nconditional or (C)onditional Jump at Address: <=====計算並比較註冊碼
|:004A14A1(C)
|
:004A14BD 8B45E4
mov eax, dword ptr [ebp-1C] <====從這裡可以整理出計算公式:(第二組+第五組)-第四組=第二組
:004A14C0 03C3
add eax, ebx <====有這個公式你就可以編出序號產生器了
:004A14C2 2BC7
sub eax, edi
:004A14C4 3BF0
cmp esi, eax
:004A14C6 741A
je 004A14E2
:004A14C8 6A00
push 00000000
:004A14CA 668B0DBC164A00 mov cx, word ptr
[004A16BC]
:004A14D1 33D2
xor edx, edx
* Possible StringData Ref from Code Obj ->"您輸入的序列號有誤,請檢查輸入。"
|
:004A14D3 B8C8164A00 mov eax,
004A16C8
:004A14D8 E8B739F9FF call 00434E94
:004A14DD E989010000 jmp 004A166B
相關文章
- 標誌位法破解----美萍反黃衛士2.26 (4千字)2001-07-27
- 如何破解《彩票快車黃金版》註冊碼 (1千字)2001-04-21
- 美萍電腦安全衛士(V7.52標準版)終極破解(註冊法 &
暴力破解法) (1千字)2001-02-24
- 新手破解:敏思硬碟衛士 2.2 (1千字)2001-07-25硬碟
- 美萍網管大師及安全衛士快速查註冊碼。 (1千字)2001-07-18
- 敏思硬碟衛士1.0 (網路版客戶端)的註冊分析(簡單級) (7千字)2001-08-21硬碟客戶端
- 很久沒來這了,上一篇美萍反黃專家2.0註冊碼破解 (8千字)2001-07-19
- 敏思硬碟衛士 v2.2破解手記 (4千字)2001-11-20硬碟
- 豪傑大眼睛共享版註冊碼破解 (1千字)2001-07-08
- 盲打之友V2.5破解(包括註冊演算法) (11千字)2001-10-29演算法
- 美萍反黃專家 版本2.41 破解實錄 (9千字)2001-10-04
- 美萍反黃專家 版本3.2破解實錄 (6千字)2001-12-08
- 破解《推箱子》Ver:1.6(230關) 註冊版 (1千字)2001-04-01
- 開心鬥地主1.6標準版 註冊碼破解 (4千字)2001-04-25
- 《TxEdit 4.6》的註冊碼破解 (11千字)2001-07-28
- Regediter 1.3 破解(得到註冊碼) (9千字)2002-01-23
- 美萍安全衛士v6.9標準版(天意II+W32dasm)破解實戰!
(3千字)2000-09-09ASM
- CuteFTP最新版V4.2.4 線上註冊的破解 (10千字)2001-09-27FTP
- File Shredder 2000破解筆記及註冊演算法 (5千字)2003-04-30筆記演算法
- Diskbase 5.11的破解和註冊演算法(俺是新手) (18千字)2001-05-21演算法
- 註冊碼演算法 (2千字)2001-01-14演算法
- 慧琦網通-IE安全衛士 1.2 破解過程全面分析 (22千字)2002-01-13
- IconToy 3.1 註冊碼快速破解 (11千字)2001-03-02
- 猜數記---BCWIPE註冊半破解 (25千字)2001-04-02
- BabyGame 破解方法及註冊碼錶 (1千字)2001-07-04GAM
- winimp1.11註冊碼破解 (2千字)2000-07-16
- 破解HappyEO電子琴203版的註冊碼。 (7千字)2001-09-28APP
- UltraEdit-32
10註冊碼演算法分析 (19千字)2003-05-17演算法
- 《ICONSCAN 2.4》註冊碼破解 高手莫入! (3千字)2001-05-06
- 《MAGICWIN RELEASE 1.2》註冊碼破解 高手莫入! (2千字)2001-05-07
- 財智老闆通3.04註冊版---註冊演算法分析2003-03-16演算法
- eXeScope
V6.41 的註冊演算法破解2004-05-03演算法
- 財智證券結算軟體2.5 破解註冊碼分析!使用ollydbg 破解註冊動畫!高手莫入! (1千字)2001-11-20動畫
- SMailserver2.5註冊碼的破解手記 (1千字)2001-03-01AIServer
- 《WinImage v5.00.5007 註冊碼破解》 (7千字)2001-05-10
- CDSpace Power+註冊演算法 (7千字)2001-07-27演算法
- 《棋隱》的註冊演算法 (19千字)2001-08-26演算法
- FolderView 1.7
註冊演算法分析 (14千字)2015-11-15View演算法