今天是平安夜,忍不住拿篇破解筆記請各位指教!希望大家平安夜快樂!:) (24千字)
以下是破解wplaypro2.0時的筆記,開始目的只是為了去掉啟動的視窗,後來看了看演算法,也不知道對不對,畢竟才接觸彙編10天,請大家多多指教!
開始時間:12/23 3:54
用trw找到註冊入口00415EF1和出錯點004533AB
入口沒法繼續了,從後面看吧!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045337B(C)
|
:0045339B 6A00
push 00000000
:0045339D 668B0DF0334500 mov cx, word ptr
[004533F0]
:004533A4 B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"The Key is not correct. Please "
->"register WPlay
and receive your "
->"own personal
key."
|
:004533A6 B850344500 mov eax,
00453450
:004533AB E880F3FDFF call 00432730
--------------------
上追:
:0045337B 741E
je 0045339B 改吧!還是假成功!
跳過彈出視窗:
:004260CB 7405
je 004260D2 沒用
:004245F2 E859150000 call 00425B50-----呼叫處,進入(不對)
* Referenced by a CALL at Addresses:
|:004245F2 , :00425D1F
|
:00425B50 53
push ebx
:00425B51 8BD8
mov ebx, eax
:00425B53 8BC3
mov eax, ebx
:00425B55 E836FFFFFF call 00425A90
:00425B5A 84C0
test al, al
:00425B5C 7507
jne 00425B65 改
:00425B5E 8BC3
mov eax, ebx
:00425B60 E86F040000 call 00425FD4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00425B5C(C)
|
:00425B65 5B
pop ebx
:00425B66 C3
ret
中止時間:12/23 4:30左右(失敗)
繼續時間12/23 19:49
找到成功段
:00453374 E813E3FFFF call 0045168C
成功判斷,跟入,見下
:00453379 84C0
test al, al 成功標誌位
:0045337B 741E
je 0045339B
:0045337D 6A00
push 00000000
:0045337F 668B0DF0334500 mov cx, word ptr
[004533F0]
:00453386 B202
mov dl, 02
* Possible StringData Ref from Code Obj ->"Thank you for your registration.
"
->"You are now
a registered WPlay "
->"Pro user."
-----------------------------------------------------
* Referenced by a CALL at Addresses:
|:00453374 , :00482E6A
:0045168C 55
push ebp EBP入棧
:0045168D 8BEC
mov ebp, esp 棧目前指標到ebp
:0045168F 33C9
xor ecx, ecx ecx=0
:00451691 51
push ecx
:00451692 51
push ecx
:00451693 51
push ecx
:00451694 51
push ecx 入四個32位0進棧
:00451695 53
push ebx ebx入棧
:00451696 56
push esi esi入棧
:00451697 57
push edi edi入棧
:00451698 BF40864800 mov edi,
00488640 edi=00488640
:0045169D 33C0
xor eax, eax eax清0
:0045169F 55
push ebp ebp入棧
:004516A0 6842194500 push 00451942
00451942入棧
:004516A5 64FF30
push dword ptr fs:[eax] fs首地址入棧
:004516A8 648920
mov dword ptr fs:[eax], esp 堆疊目前指標入fs
:004516AB C645FF00 mov
[ebp-01], 00 ebp-01=00
:004516AF 8D55F8
lea edx, dword ptr [ebp-08]
:004516B2 A18C7E4800 mov eax,
dword ptr [00487E8C] 不管他
:004516B7 8B8030030000 mov eax, dword
ptr [eax+00000330] eax目前為0
:004516BD E87627FCFF call 00413E38
一個大量呼叫處
:004516C2 8B45F8
mov eax, dword ptr [ebp-08]
:004516C5 E8AA20FBFF call 00403774
:004516CA 83F81E
cmp eax, 0000001E eax與30比較(eax為註冊號長度)
:004516CD 0F854C020000 jne 0045191F
如果不是就玩完(驗證對)
:004516D3 BB01000000 mov ebx,
00000001 ebx清1
:004516D8 8BF7
mov esi, edi
esi=edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004516FB(C)
|
:004516DA 8D55F8
lea edx, dword ptr [ebp-08]
:004516DD A18C7E4800 mov eax,
dword ptr [00487E8C]
:004516E2 8B8030030000 mov eax, dword
ptr [eax+00000330]
:004516E8 E84B27FCFF call 00413E38
:004516ED 8B45F8
mov eax, dword ptr [ebp-08] 註冊號首地址到eax
:004516F0 8A4418FF mov
al, byte ptr [eax+ebx-01] 送一個位元組到al
:004516F4 8806
mov byte ptr [esi], al 此位元組到esi所指處
:004516F6 43
inc ebx
ebx++
:004516F7 46
inc esi
esi++
:004516F8 83FB1F
cmp ebx, 0000001F ebx與30比較
:004516FB 75DD
jne 004516DA 相等時繼續(將註冊號依次送esi)
:004516FD 8A07
mov al, byte ptr [edi] 第一位到al
:004516FF A260864800 mov byte
ptr [00488660], al 再到00488660
:00451704 8A4701
mov al, byte ptr [edi+01] 第二位到al
:00451707 A261864800 mov byte
ptr [00488661], al 再……
:0045170C 8A4702
mov al, byte ptr [edi+02]
:0045170F A262864800 mov byte
ptr [00488662], al
:00451714 8A4703
mov al, byte ptr [edi+03]
:00451717 A263864800 mov byte
ptr [00488663], al edi所指四個位元組(前四個位元組)送到00488663所指處
:0045171C 33DB
xor ebx, ebx
ebx清0
以下設註冊碼從高到低為(a1)(a2).........(a30)
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045174E(C)
:0045171E 8BF3
mov esi, ebx
ebx到esi(先是第一次迴圈)
:00451720 03F6
add esi, esi
esi=esi*2
:00451722 8BC6
mov eax, esi
eax=esi
:00451724 83C005
add eax, 00000005
eax+=5
:00451727 8A0407
mov al, byte ptr [edi+eax] 第五個(a5)到al(eax改變)
:0045172A E8B5FEFFFF call 004515E4
將al中ASCII碼轉為十六進位制存到eax和edx
(註冊碼只允許ASCII的0-9,A-F,a-f)
:0045172F C1E004
shl eax, 04 eax邏輯左移4位(eax*16)
eax=000000(a5)0
:00451732 50
push eax
eax入棧
:00451733 83C606
add esi, 00000006 esi+=00000006
:00451736 8A0437
mov al, byte ptr [edi+esi] (a6)到al(eax改變)
:00451739 E8A6FEFFFF call 004515E4
轉換
:0045173E 5A
pop edx
edx=000000(a5)0
:0045173F 0BD0
or edx, eax
edx與eax進行 或 運算
:00451741 8D4304
lea eax, dword ptr [ebx+04]
:00451744 889060864800 mov byte ptr
[eax+00488660], dl 將dl存到00488664當作第五個
:0045174A 43
inc ebx
ebx++
:0045174B 83FB04
cmp ebx, 00000004 如果不是4
:0045174E 75CE
jne 0045171E
就跳到回去(處理第5,7,9,11個註冊碼存到00488660的第5,6,7,8個)
:00451750 33DB
xor ebx, ebx
否則ebx清0繼續
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451782(C)
|
:00451752 8BF3
mov esi, ebx
esi=ebx
:00451754 03F6
add esi, esi
esi*2
:00451756 8BC6
mov eax, esi
eax=esi
:00451758 83C00E
add eax, 0000000E eax=14
:0045175B 8A0407
mov al, byte ptr [edi+eax] 第15位到al(eax改變)
:0045175E E881FEFFFF call 004515E4
轉換
:00451763 C1E004
shl eax, 04 eax邏輯左移4位
:00451766 50
push eax
eax入棧
:00451767 83C60F
add esi, 0000000F esi+=15
:0045176A 8A0437
mov al, byte ptr [edi+esi] 第16位到al(eax改變)
:0045176D E872FEFFFF call 004515E4
轉換
:00451772 5A
pop edx
入棧的原eax值出棧到edx
:00451773 0BD0
or edx, eax 或運算(al已經變了)
:00451775 8D4308
lea eax, dword ptr [ebx+08]
:00451778 889060864800 mov byte ptr
[eax+00488660], dl 存dl到目標第九位
:0045177E 43
inc ebx
ebx++
:0045177F 83FB04
cmp ebx, 00000004 ebx等於4時
:00451782 75CE
jne 00451752 停止迴圈(4次)(取註冊碼第(15,16),(17,18)(19,20)(21,22)位到目標第9,10,11,12位)
:00451784 8A4712
mov al, byte ptr [edi+12] 註冊碼第13位到al
:00451787 E858FEFFFF call 004515E4
轉換(eax改變)
:0045178C 8BD8
mov ebx, eax
ebx=eax
:0045178E C1E30C
shl ebx, 0C
ebx左移12位(16進位制3位)
:00451791 8A4713
mov al, byte ptr [edi+13] 第14位到al
:00451794 E84BFEFFFF call 004515E4
轉換(eax改變)
:00451799 C1E008
shl eax, 08 eax左移8位
:0045179C 0BD8
or ebx, eax ebx與eax或運算
:0045179E 8A4714
mov al, byte ptr [edi+14] 第15位到al
:004517A1 E83EFEFFFF call 004515E4
轉換(eax改變)
:004517A6 C1E004
shl eax, 04 eax左移4位
:004517A9 0BD8
or ebx, eax ebx再與eax或
:004517AB 8A4715
mov al, byte ptr [edi+15] 第16位到al
:004517AE E831FEFFFF call 004515E4
轉換(eax改變)
:004517B3 0BD8
or ebx, eax ebx再與eax或
:004517B5 8A4716
mov al, byte ptr [edi+16] 第17位到al
:004517B8 E827FEFFFF call 004515E4
轉換(eax改變)
:004517BD 8BF0
mov esi, eax esi=eax
:004517BF C1E61C
shl esi, 1C esi左移28位
:004517C2 8A4717
mov al, byte ptr [edi+17] 第18位到al
:004517C5 E81AFEFFFF call 004515E4
轉換(eax改變)
:004517CA C1E018
shl eax, 18 eax左移24位
:004517CD 0BF0
or esi, eax esi與eax或
:004517CF 8A4718
mov al, byte ptr [edi+18] 第19位到al
:004517D2 E80DFEFFFF call 004515E4
轉換(eax改變)
:004517D7 C1E014
shl eax, 14 eax左移20位
:004517DA 0BF0
or esi, eax esi再與eax或
:004517DC 8A4719
mov al, byte ptr [edi+19] 第20位
:004517DF E800FEFFFF call 004515E4
:004517E4 C1E010
shl eax, 10
:004517E7 0BF0
or esi, eax
:004517E9 8A471A
mov al, byte ptr [edi+1A] 第21位
:004517EC E8F3FDFFFF call 004515E4
:004517F1 C1E00C
shl eax, 0C
:004517F4 0BF0
or esi, eax
:004517F6 8A471B
mov al, byte ptr [edi+1B] 第22位
:004517F9 E8E6FDFFFF call 004515E4
:004517FE C1E008
shl eax, 08
:00451801 0BF0
or esi, eax
:00451803 8A471C
mov al, byte ptr [edi+1C] 第23位
:00451806 E8D9FDFFFF call 004515E4
:0045180B C1E004
shl eax, 04
:0045180E 0BF0
or esi, eax
:00451810 8A471D
mov al, byte ptr [edi+1D] 第24位
:00451813 E8CCFDFFFF call 004515E4
呼叫(此位下面:0045181A的呼叫要用到)
:00451818 0BF0
or esi, eax
esi再於eax或,結果到esi
:0045181A E861FDFFFF call 00451580
呼叫見下
:0045181F 3BD8
cmp ebx, eax 比較ebx與eax
:00451821 0F85F8000000 jne 0045191F
不等於就玩完
:00451827 E888FDFFFF call 004515B4
呼叫類似上一個
:0045182C 3BF0
cmp esi, eax 比較esi與eax
:0045182E 0F85EB000000 jne 0045191F
不等於就玩完
:00451834 8A4707
mov al, byte ptr [edi+07] 註冊碼第8位到al
:00451837 E8A8FDFFFF call 004515E4
還記得這個轉換吧
:0045183C 83F803
cmp eax, 00000003 eax與3比較
:0045183F 0F85DA000000 jne 0045191F
不等於就玩完
:00451845 8A4708
mov al, byte ptr [edi+08]
:00451848 E897FDFFFF call 004515E4
:0045184D 83F802
cmp eax, 00000002
:00451850 0F85C9000000 jne 0045191F
不等於就玩完
:00451856 807F042D cmp
byte ptr [edi+04], 2D
:0045185A 0F85BF000000 jne 0045191F
不等於就玩完
:00451860 807F0D2D cmp
byte ptr [edi+0D], 2D
:00451864 0F85B5000000 jne 0045191F
不等於就玩完
:0045186A 8D45F0
lea eax, dword ptr [ebp-10] 、
:0045186D 8A17
mov dl, byte ptr [edi]
|
:0045186F E89C1EFBFF call 00403710
|
:00451874 8B45F0
mov eax, dword ptr [ebp-10] |
:00451877 8D55F4
lea edx, dword ptr [ebp-0C] |
:0045187A E81546FBFF call 00405E94
》一個塊
:0045187F 8B45F4
mov eax, dword ptr [ebp-0C] |
:00451882 BA5C194500 mov edx,
0045195C
|
:00451887 E8F81FFBFF call 00403884
|
:0045188C 0F858D000000 jne 0045191F
~ 還是玩完
:00451892 8D45F0
lea eax, dword ptr [ebp-10]
:00451895 8A5701
mov dl, byte ptr [edi+01]
:00451898 E8731EFBFF call 00403710
:0045189D 8B45F0
mov eax, dword ptr [ebp-10]
:004518A0 8D55F4
lea edx, dword ptr [ebp-0C]
:004518A3 E8EC45FBFF call 00405E94
:004518A8 8B45F4
mov eax, dword ptr [ebp-0C]
:004518AB BA68194500 mov edx,
00451968
:004518B0 E8CF1FFBFF call 00403884
:004518B5 7568
jne 0045191F
:004518B7 8D45F0
lea eax, dword ptr [ebp-10]
:004518BA 8A5702
mov dl, byte ptr [edi+02]
:004518BD E84E1EFBFF call 00403710
:004518C2 8B45F0
mov eax, dword ptr [ebp-10]
:004518C5 8D55F4
lea edx, dword ptr [ebp-0C]
:004518C8 E8C745FBFF call 00405E94
:004518CD 8B45F4
mov eax, dword ptr [ebp-0C]
:004518D0 BA74194500 mov edx,
00451974
:004518D5 E8AA1FFBFF call 00403884
:004518DA 7543
jne 0045191F
:004518DC 8D45F0
lea eax, dword ptr [ebp-10]
:004518DF 8A5703
mov dl, byte ptr [edi+03]
:004518E2 E8291EFBFF call 00403710
:004518E7 8B45F0
mov eax, dword ptr [ebp-10]
:004518EA 8D55F4
lea edx, dword ptr [ebp-0C]
:004518ED E8A245FBFF call 00405E94
:004518F2 8B45F4
mov eax, dword ptr [ebp-0C]
:004518F5 BA80194500 mov edx,
00451980
:004518FA E8851FFBFF call 00403884
:004518FF 751E
jne 0045191F
:00451901 8A4705
mov al, byte ptr [edi+05]
:00451904 E8DBFCFFFF call 004515E4
轉換
:00451909 83F803
cmp eax, 00000003
:0045190C 7511
jne 0045191F
不等於就玩完
:0045190E 8A4706
mov al, byte ptr [edi+06]
:00451911 E8CEFCFFFF call 004515E4
:00451916 83F802
cmp eax, 00000002
:00451919 7504
jne 0045191F
不等於就玩完
:0045191B C645FF01 mov
[ebp-01], 01
-------------------------------------------------------------------
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004516CD(C), :00451821(C), :0045182E(C), :0045183F(C), :00451850(C)
|:0045185A(C), :00451864(C), :0045188C(C), :004518B5(C), :004518DA(C)
|:004518FF(C), :0045190C(C), :00451919(C)
|
準備返回嘍!
:0045191F 33C0
xor eax, eax
:00451921 5A
pop edx
:00451922 59
pop ecx
:00451923 59
pop ecx
:00451924 648910
mov dword ptr fs:[eax], edx
:00451927 6849194500 push 00451949
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451947(U)
|
:0045192C 8D45F0
lea eax, dword ptr [ebp-10]
:0045192F BA02000000 mov edx,
00000002
:00451934 E8E71CFBFF call 00403620
:00451939 8D45F8
lea eax, dword ptr [ebp-08]
:0045193C E8BF1CFBFF call 00403600
:
:00451941 C3
ret
------------------------------------------------------
ASCII數字轉16進位制數字
* Referenced by a CALL at Addresses:
|:0045172A , :00451739 , :0045175E , :0045176D , :00451787
|:00451794 , :004517A1 , :004517AE , :004517B8 , :004517C5
|:004517D2 , :004517DF , :004517EC , :004517F9 , :00451806
|:00451813 , :00451837 , :00451848 , :00451904 , :00451911
|
:004515E4 3C30
cmp al, 30
:004515E6 7502
jne 004515EA
:004515E8 33D2
xor edx, edx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004515E6(C)
|
:004515EA 3C31
cmp al, 31
:004515EC 7505
jne 004515F3
:004515EE BA01000000 mov edx,
00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004515EC(C)
|
:004515F3 3C32
cmp al, 32
:004515F5 7505
jne 004515FC
:004515F7 BA02000000 mov edx,
00000002
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004515F5(C)
|
:004515FC 3C33
cmp al, 33
:004515FE 7505
jne 00451605
:00451600 BA03000000 mov edx,
00000003
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004515FE(C)
|
:00451605 3C34
cmp al, 34
:00451607 7505
jne 0045160E
:00451609 BA04000000 mov edx,
00000004
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451607(C)
|
:0045160E 3C35
cmp al, 35
:00451610 7505
jne 00451617
:00451612 BA05000000 mov edx,
00000005
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451610(C)
|
:00451617 3C36
cmp al, 36
:00451619 7505
jne 00451620
:0045161B BA06000000 mov edx,
00000006
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451619(C)
|
:00451620 3C37
cmp al, 37
:00451622 7505
jne 00451629
:00451624 BA07000000 mov edx,
00000007
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451622(C)
|
:00451629 3C38
cmp al, 38
:0045162B 7505
jne 00451632
:0045162D BA08000000 mov edx,
00000008
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045162B(C)
|
:00451632 3C39
cmp al, 39
:00451634 7505
jne 0045163B
:00451636 BA09000000 mov edx,
00000009
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451634(C)
|
:0045163B 3C61
cmp al, 61
:0045163D 7404
je 00451643
:0045163F 3C41
cmp al, 41
:00451641 7505
jne 00451648
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045163D(C)
|
:00451643 BA0A000000 mov edx,
0000000A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451641(C)
|
:00451648 3C62
cmp al, 62
:0045164A 7404
je 00451650
:0045164C 3C42
cmp al, 42
:0045164E 7505
jne 00451655
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045164A(C)
|
:00451650 BA0B000000 mov edx,
0000000B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045164E(C)
|
:00451655 3C63
cmp al, 63
:00451657 7404
je 0045165D
:00451659 3C43
cmp al, 43
:0045165B 7505
jne 00451662
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451657(C)
|
:0045165D BA0C000000 mov edx,
0000000C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045165B(C)
|
:00451662 3C64
cmp al, 64
:00451664 7404
je 0045166A
:00451666 3C44
cmp al, 44
:00451668 7505
jne 0045166F
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451664(C)
|
:0045166A BA0D000000 mov edx,
0000000D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451668(C)
|
:0045166F 3C65
cmp al, 65
:00451671 7404
je 00451677
:00451673 3C45
cmp al, 45
:00451675 7505
jne 0045167C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451671(C)
|
:00451677 BA0E000000 mov edx,
0000000E
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451675(C)
|
:0045167C 3C66
cmp al, 66
:0045167E 7404
je 00451684
:00451680 3C46
cmp al, 46
:00451682 7505
jne 00451689
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045167E(C)
|
:00451684 BA0F000000 mov edx,
0000000F
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451682(C)
|
:00451689 8BC2
mov eax, edx
:0045168B C3
ret
------------------------------------------------------------
* Referenced by a CALL at Address:
|:0045181A
|
:00451580 53
push ebx
:00451581 33D2
xor edx, edx
edx清0
:00451583 B908000000 mov ecx,
00000008 ecx=00000008
:00451588 B860864800 mov eax,
00488660 eax=00488660
改變後存號碼的地址
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004515A9(C)
|
:0045158D 33DB
xor ebx, ebx ebx清0
:0045158F 8A18
mov bl, byte ptr [eax] 第一個到bl(ebx改變)
:00451591 33DA
xor ebx, edx ebx與edx(dl為註冊碼第24位)異或
:00451593 81E3FF000000 and ebx, 000000FF
ebx&000000FF(保留bl)
:00451599 8B1C9D745E4800 mov ebx, dword ptr
[4*ebx+00485E74] ebx=[4*ebx+00485E74]地址的值(00485E74
轉換表的地址)
:004515A0 C1EA08
shr edx, 08 edx右移8位(16進位制2位)
:004515A3 33DA
xor ebx, edx
ebx與edx異或(ebx與edx合併)
:004515A5 8BD3
mov edx, ebx
edx=ebx
:004515A7 40
inc eax
eax++
:004515A8 49
dec ecx
ecx--
:004515A9 75E2
jne 0045158D 迴圈8次(註冊轉換碼前8個(共12個))
:004515AB 8BC2
mov eax, edx
eax=edx
:004515AD 25FFFF0000 and eax,
0000FFFF eax&0000FFFF
只取高四位到eax
:004515B2 5B
pop ebx
還原ebx
:004515B3 C3
ret
------------------------------------------------------------
* Referenced by a CALL at Address:
|:00451827
|
:004515B4 53
push ebx
:004515B5 33D2
xor edx, edx
:004515B7 B908000000 mov ecx,
00000008
:004515BC B864864800 mov eax,
00488664 從第5位開始
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004515DD(C)
|
:004515C1 33DB
xor ebx, ebx
:004515C3 8A18
mov bl, byte ptr [eax]
:004515C5 33DA
xor ebx, edx
:004515C7 81E3FF000000 and ebx, 000000FF
:004515CD 8B1C9D745E4800 mov ebx, dword ptr
[4*ebx+00485E74]
:004515D4 C1EA08
shr edx, 08
:004515D7 33DA
xor ebx, edx
:004515D9 8BD3
mov edx, ebx
:004515DB 40
inc eax
:004515DC 49
dec ecx
:004515DD 75E2
jne 004515C1 八次迴圈處理的是註冊變換後碼的8-12位
:004515DF 8BC2
mov eax, edx
:004515E1 5B
pop ebx
:004515E2 C3
ret
---------------------------------------------------------
現在時間:12/23 23:53
繼續時間:12/24 1:2
先試試暴力破解:找到那些跳轉處一個個nop掉,呵呵成功!
現在時間:12/24 1:18 等會兒會分析演算法,不過先去看看其他軟體吧!
相關文章
- 本人首次自己試破解(請各位高手指教一下) (1千字)2000-08-11
- PolyView再破解---請指教 (5千字)2001-01-02View
- 破解過程-----請多多指教 (2千字)2000-12-31
- [翻譯]用dede破解-另一篇~請大家指正~~ (5千字)2015-11-15
- jboss問題,請各位高手指教!2005-09-20
- 用ollydbg破解就是爽,貼出超級屏捕的破解過程和演算法分析,請大家多多指教!! (15千字)2001-12-20演算法
- 《登入奇兵》v3.01的破解---請指教 (4千字)2001-02-16
- 各位新年快樂,小弟在這裡奉上B-Jigsaw6.02的破解給大家拜年!
(21千字)2001-01-24
- 發一篇C#.NET的破解文章,請各位指點指點:)
(12千字)2015-11-15C#
- 平安夜不平靜,ITS要搞大事情!2017-12-24
- jive2.1.2快取問題?各位高手,請指教!!2002-12-23快取
- 翻譯一篇文章,希望大家喜歡。呵呵…… (4千字)2001-11-07
- adapter模式讀書筆記,請多多指教2003-03-21APT模式筆記
- jive2.1.2快取問題?各位高手,請指教!!急2003-03-11快取
- 申請加入BCG破文第一篇:滑鼠增強工具MouseStar 2.1破解過程。請老大多多指教。 (7千字)2001-07-27
- 。先在這裡貼上俺的破解方法。各位請扔磚頭。 (2千字)2015-11-15
- 開源專案BIE大家用過嗎,請指教2004-01-12
- 完美破解ip-tools2.04,不對之處請大家指正. (8千字)2002-02-05
- 請各位有多個專案開發經驗的人事指教2005-04-13
- 請大家慎用聯想筆記本的NOVO功能2007-08-07筆記
- winxp總管破解筆記(一) (8千字)2002-10-07筆記
- 處女作,希望給各位初學者一些幫助^_^ 魔法轉換2.0 beta 1 破解 (7千字)2001-08-07
- 初學者請進(一篇破解javagirl的心得) (2千字)2000-05-09Java
- 這是我今天破出來的第一個軟體,呵呵,平安夜的早晨很冷的 (9千字)2001-12-24
- 大地非典預防系統 V1.0筆記,希望大家注意身體!2015-11-15筆記
- 原型模式(prototype)優缺點和一些疑惑請大家指教2009-11-02原型模式
- 破解XFtpSvr =====> 請進 (5千字)2001-07-01FTPVR
- 用破解Flax2.02的檔案自校驗來祝大家新年快樂 (21千字)2015-11-15
- 各位老師請指教。movsx,cdq是什麼意思。另外這段程式的密碼演算法。謝謝
(2千字)2000-05-28密碼演算法
- 各位好,請大家推薦一本JAVA入門好書.2004-09-19Java
- 破解心得之WinImage篇 (15千字)2001-07-01
- 破解心得之eXeScope篇 (9千字)2001-07-01
- 申請加入BCG之第二篇!博奧彩票白金版破解---破解初學者之嘔血篇 (5千字)2001-10-06
- 申請加入BCG之第一篇!------LC3破解! (2千字)2001-10-06
- 利用工廠類讀取資原始檔,利用反射建立出javabean的思路,請各位指教2007-04-03反射JavaBean
- 大家好,希望各位前輩給予新人一些職業發展的建議2024-05-29
- 《破解webmirror殘記》 (2千字)2001-01-11Web
- 一篇破解入門 (7千字)2000-09-04