飛馬魔法桌布V3.0註冊演算法（適合初學者） (7千字)

飛馬魔法桌布V3.0破解
原版下載地址：http://www.shareware.net.cn/download.asp?id={1382670D-7C41-4D4C-B470-468F46FF75AD}

序號產生器下載：CNCG主頁

破解工具：trw2000

先下斷點：bpx hmemcpy，然後返回到主程式，如下：

:004A8564 E82FB9F9FF call 00443E98
:004A8569 837DF400 cmp dword ptr [ebp-0C], 00000000 <====返回到這裡
:004A856D 0F84C1010000 je 004A8734
:004A8573 8D55F0 lea edx, dword ptr [ebp-10]
:004A8576 8B833C070000 mov eax, dword ptr [ebx+0000073C]
:004A857C E817B9F9FF call 00443E98
:004A8581 837DF000 cmp dword ptr [ebp-10], 00000000
:004A8585 0F84A9010000 je 004A8734
:004A858B 8D55EC lea edx, dword ptr [ebp-14]
:004A858E 8B8340070000 mov eax, dword ptr [ebx+00000740]
:004A8594 E8FFB8F9FF call 00443E98
:004A8599 837DEC00 cmp dword ptr [ebp-14], 00000000
:004A859D 0F8491010000 je 004A8734
:004A85A3 8D55E8 lea edx, dword ptr [ebp-18]
:004A85A6 8B833C070000 mov eax, dword ptr [ebx+0000073C]
:004A85AC E8E7B8F9FF call 00443E98
:004A85B1 8B45E8 mov eax, dword ptr [ebp-18]
:004A85B4 E89BC5F5FF call 00404B54
:004A85B9 E8DA0DF6FF call 00409398
:004A85BE 8BF8 mov edi, eax
:004A85C0 D1EF shr edi, 1
:004A85C2 85FF test edi, edi
:004A85C4 7905 jns 004A85CB
:004A85C6 E8A5B2F5FF call 00403870

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A85C4(C)
|
:004A85CB 8BC7 mov eax, edi
:004A85CD 83C002 add eax, 00000002
:004A85D0 7105 jno 004A85D7
:004A85D2 E8A1B2F5FF call 00403878

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A85D0(C)
|
:004A85D7 E858A1F5FF call 00402734
:004A85DC 8BF0 mov esi, eax
:004A85DE C60600 mov byte ptr [esi], 00
:004A85E1 8D55E4 lea edx, dword ptr [ebp-1C]
:004A85E4 8B833C070000 mov eax, dword ptr [ebx+0000073C]
:004A85EA E8A9B8F9FF call 00443E98
:004A85EF 8B45E4 mov eax, dword ptr [ebp-1C]
:004A85F2 E85DC5F5FF call 00404B54
:004A85F7 8BD0 mov edx, eax
:004A85F9 03D7 add edx, edi
:004A85FB 8BC6 mov eax, esi
:004A85FD E89E0EF6FF call 004094A0
:004A8602 8D55E0 lea edx, dword ptr [ebp-20]
:004A8605 8B833C070000 mov eax, dword ptr [ebx+0000073C]
:004A860B E888B8F9FF call 00443E98
:004A8610 8B45E0 mov eax, dword ptr [ebp-20] <====取申請碼
:004A8613 E8FC06F6FF call 00408D14 <====將申請碼轉換為相應的十六進位制(假設結果為R1)
:004A8618 8BF8 mov edi, eax
:004A861A 8D45DC lea eax, dword ptr [ebp-24]
:004A861D 8BD6 mov edx, esi
:004A861F E870C2F5FF call 00404894
:004A8624 8B45DC mov eax, dword ptr [ebp-24]
:004A8627 E8E806F6FF call 00408D14 <====將申請碼的後5位轉換為相應的十六進位制(假設結果為R2)
:004A862C 03F8 add edi, eax <====R3=R1+R2
:004A862E 7105 jno 004A8635 <====無溢位則跳
:004A8630 E843B2F5FF call 00403878

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A862E(C)
|
:004A8635 81C7753D1E00 add edi, 001E3D75 <====R4=R3+1E3D75H
:004A863B 7105 jno 004A8642
:004A863D E836B2F5FF call 00403878

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A863B(C)
|
:004A8642 8D55D8 lea edx, dword ptr [ebp-28]
:004A8645 8B8344070000 mov eax, dword ptr [ebx+00000744]
:004A864B E848B8F9FF call 00443E98
:004A8650 8B45D8 mov eax, dword ptr [ebp-28]
:004A8653 E804C3F5FF call 0040495C <====獲取使用者名稱長度(L)
:004A8658 03F8 add edi, eax <====R5=R4+L
:004A865A 7105 jno 004A8661
:004A865C E817B2F5FF call 00403878

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A865A(C)
|
:004A8661 897DFC mov dword ptr [ebp-04], edi
:004A8664 8D55F8 lea edx, dword ptr [ebp-08]
:004A8667 8B45FC mov eax, dword ptr [ebp-04]
:004A866A E80506F6FF call 00408C74
:004A866F 8B45F8 mov eax, dword ptr [ebp-08]
:004A8672 E8DDC4F5FF call 00404B54
:004A8677 E81C0DF6FF call 00409398
:004A867C 8BF8 mov edi, eax
:004A867E D1EF shr edi, 1
:004A8680 85FF test edi, edi
:004A8682 7905 jns 004A8689
:004A8684 E8E7B1F5FF call 00403870

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A8682(C)
|
:004A8689 8BC7 mov eax, edi
:004A868B 83C002 add eax, 00000002
:004A868E 7105 jno 004A8695
:004A8690 E8E3B1F5FF call 00403878

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A868E(C)
|
:004A8695 E89AA0F5FF call 00402734
:004A869A 8BF0 mov esi, eax
:004A869C C60600 mov byte ptr [esi], 00
:004A869F 8B45F8 mov eax, dword ptr [ebp-08]
:004A86A2 E8ADC4F5FF call 00404B54
:004A86A7 8BD0 mov edx, eax
:004A86A9 03D7 add edx, edi
:004A86AB 8BC6 mov eax, esi
:004A86AD E8EE0DF6FF call 004094A0
:004A86B2 8D45D4 lea eax, dword ptr [ebp-2C]
:004A86B5 8BD6 mov edx, esi
:004A86B7 E8D8C1F5FF call 00404894
:004A86BC 8B45D4 mov eax, dword ptr [ebp-2C]
:004A86BF E85006F6FF call 00408D14 <====將R5相應的十進位制後5位轉換成十六進位制(R6)
:004A86C4 8BF8 mov edi, eax
:004A86C6 037DFC add edi, dword ptr [ebp-04] <====R7=R6+R5結果就是註冊碼（十六進位制形式）
:004A86C9 7105 jno 004A86D0
:004A86CB E8A8B1F5FF call 00403878

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A86C9(C)
|
:004A86D0 8D55D0 lea edx, dword ptr [ebp-30]
:004A86D3 8B8340070000 mov eax, dword ptr [ebx+00000740]
:004A86D9 E8BAB7F9FF call 00443E98
:004A86DE 8B45D0 mov eax, dword ptr [ebp-30]
:004A86E1 50 push eax
:004A86E2 8D4DCC lea ecx, dword ptr [ebp-34]
:004A86E5 BA01000000 mov edx, 00000001
:004A86EA 8BC7 mov eax, edi
:004A86EC E8E705F6FF call 00408CD8
:004A86F1 8B55CC mov edx, dword ptr [ebp-34]
:004A86F4 58 pop eax
:004A86F5 E8A6C3F5FF call 00404AA0 <====比較註冊碼
:004A86FA 7531 jne 004A872D <====不相同就註冊失敗啦
:004A86FC 6840100000 push 00001040

* Possible StringData Ref from Code Obj ->"提示"
|
:004A8701 6890874A00 push 004A8790

* Possible StringData Ref from Code Obj ->"感謝您的註冊！為儲存註冊資訊，請重新執行魔法壁"
->"紙。"
|
:004A8706 6898874A00 push 004A8798
:004A870B 8BC3 mov eax, ebx
:004A870D E8C61EFAFF call 0044A5D8
:004A8712 50 push eax

飛馬魔法桌布V3.0註冊演算法（適合初學者） (7千字)

相關文章