這是我今天破出來的第一個軟體,呵呵,平安夜的早晨很冷的 (9千字)
SWF BROWSER 2。93(今天運氣好二十多分鐘就找到號了,雖然對高手這不算什麼,呵呵,這可是我一週來的最快的一個了,好高興)
開始時間:12/22 14:49
查詢註冊提示句
:004A99C1 E806FEFFFF call 004A97CC
:004A99C6 84C0
test al, al
:004A99C8 0F8492000000 je 004A9A60
跳到the serials number is invalid 偏移0A8DC8h
:004A99CE 6A00
push 00000000
:004A99D0 668B0DA49A4A00 mov cx, word ptr
[004A9AA4]
:004A99D7 B202
mov dl, 02
* Possible StringData Ref from Code Obj ->"Thank you for registering SWF "
->"Browser!"
再找到入口處:
:0043238F 89430C
mov dword ptr [ebx+0C], eax
先改改試試
:004A99C8 0F8492000000 je 004A9A60
還跟登錄檔有關,在成功註冊下面:
* Possible StringData Ref from Code Obj ->"Software\Grooveware Multimedia\SWF
"
->"Browser\Registration"
* Possible StringData Ref from Code Obj ->"Name"
* Possible StringData Ref from Code Obj ->"Serial"
輸入:“xuebuhui ”“68941367”後再啟動時,出錯!開啟登錄檔看看,寫入的資料沒錯,由錯誤型別看,應該是讀取註冊資料時可能由於位元組什麼的不符合,而出現的不可預料的錯誤!
重灌吧,再看看對註冊碼有什麼要求!
繼續時間:12/24 3:31
跟入判斷語句上面的call呼叫:
* Referenced by a CALL at Addresses:
|:004A99C1 , :004AC8B3 , :004AC9EF , :004ACCB3 , :004ACFD9
|:004AE003
|
:004A97CC 55
push ebp ebp入棧
:004A97CD 8BEC
mov ebp, esp ebp=esp
:004A97CF 6A00
push 00000000
:004A97D1 6A00
push 00000000
:004A97D3 6A00
push 00000000
:004A97D5 6A00
push 00000000
:004A97D7 6A00
push 00000000
:004A97D9 6A00
push 00000000
:004A97DB 6A00
push 00000000
:004A97DD 53
push ebx ebx入棧
:004A97DE 56
push esi esi入棧
:004A97DF 57
push edi
:004A97E0 894DF8
mov dword ptr [ebp-08], ecx
:004A97E3 8955FC
mov dword ptr [ebp-04], edx
:004A97E6 8B45FC
mov eax, dword ptr [ebp-04] 使用者名稱到eax
:004A97E9 E81AA8F5FF call 00404008
什麼用處?
:004A97EE 8B45F8
mov eax, dword ptr [ebp-08] 假sn到eax
:004A97F1 E812A8F5FF call 00404008
?
:004A97F6 33C0
xor eax, eax eax清0
:004A97F8 55
push ebp
:004A97F9 68F5984A00 push 004A98F5
:004A97FE 64FF30
push dword ptr fs:[eax]
:004A9801 648920
mov dword ptr fs:[eax], esp
:004A9804 33C0
xor eax, eax eax清0
:004A9806 55
push ebp
:004A9807 68C6984A00 push 004A98C6
:004A980C 64FF30
push dword ptr fs:[eax]
:004A980F 648920
mov dword ptr fs:[eax], esp
:004A9812 33C9
xor ecx, ecx ecx清0
:004A9814 B201
mov dl, 01 dl=01
* Possible StringData Ref from Code Obj ->"0A"
|
:004A9816 A120874A00 mov eax,
dword ptr [004A8720]
:004A981B E84CFCFFFF call 004A946C
:004A9820 8BD8
mov ebx, eax
:004A9822 33D2
xor edx, edx edx清0
:004A9824 8BC3
mov eax, ebx
:004A9826 E879F4FFFF call 004A8CA4
:004A982B 8D45F4
lea eax, dword ptr [ebp-0C]
* Possible StringData Ref from Code Obj ->"1232hfbsdjdh2834121"
|
:004A982E BA10994A00 mov edx,
004A9910
:004A9833 E834A4F5FF call 00403C6C
:004A9838 8B55F4
mov edx, dword ptr [ebp-0C]
:004A983B 8BC3
mov eax, ebx
:004A983D E8B6F1FFFF call 004A89F8
:004A9842 8D4DF0
lea ecx, dword ptr [ebp-10]
:004A9845 8B55FC
mov edx, dword ptr [ebp-04]
:004A9848 8BC3
mov eax, ebx
:004A984A E8F5F2FFFF call 004A8B44
* Possible StringData Ref from Code Obj ->"ewrwk214134g7df2"
|
:004A984F BA2C994A00 mov edx,
004A992C
:004A9854 8BC3
mov eax, ebx
:004A9856 E89DF1FFFF call 004A89F8
:004A985B 8D4DEC
lea ecx, dword ptr [ebp-14]
:004A985E 8B55F0
mov edx, dword ptr [ebp-10]
:004A9861 8BC3
mov eax, ebx
:004A9863 E8DCF2FFFF call 004A8B44
:004A9868 C745E8EFFFFFFF mov [ebp-18], FFFFFFEF
:004A986F 8B45EC
mov eax, dword ptr [ebp-14]
:004A9872 E8DDA5F5FF call 00403E54
:004A9877 85C0
test eax, eax
:004A9879 7E1A
jle 004A9895
:004A987B 8B45EC
mov eax, dword ptr [ebp-14]
:004A987E E8D1A5F5FF call 00403E54
:004A9883 50
push eax
:004A9884 8D45EC
lea eax, dword ptr [ebp-14]
:004A9887 E898A7F5FF call 00404024
:004A988C 8D4DE8
lea ecx, dword ptr [ebp-18]
:004A988F 5A
pop edx
:004A9890 E883FCFFFF call 004A9518
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A9879(C)
|
:004A9895 8B45E8
mov eax, dword ptr [ebp-18]
:004A9898 33D2
xor edx, edx
:004A989A 52
push edx
:004A989B 50
push eax
:004A989C 8D55E4
lea edx, dword ptr [ebp-1C]
:004A989F B820000000 mov eax,
00000020
:004A98A4 E89FF8F5FF call 00409148
:004A98A9 8B55E4
mov edx, dword ptr [ebp-1C]
:004A98AC 8B45F8
mov eax, dword ptr [ebp-08]
:004A98AF E8B0A6F5FF call 00403F64
真假註冊碼的比較
:004A98B4 7504
jne 004A98BA
:004A98B6 B301
mov bl, 01
:004A98B8 EB02
jmp 004A98BC
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A98B4(C)
|
:004A98BA 33DB
xor ebx, ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A98B8(U)
|
:004A98BC 33C0
xor eax, eax
:004A98BE 5A
pop edx
:004A98BF 59
pop ecx
:004A98C0 59
pop ecx
:004A98C1 648910
mov dword ptr fs:[eax], edx
:004A98C4 EB0C
jmp 004A98D2
:004A98C6 E9ED9AF5FF jmp 004033B8
:004A98CB 33DB
xor ebx, ebx
:004A98CD E8429EF5FF call 00403714
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A98C4(U)
|
:004A98D2 33C0
xor eax, eax
:004A98D4 5A
pop edx
:004A98D5 59
pop ecx
:004A98D6 59
pop ecx
:004A98D7 648910
mov dword ptr fs:[eax], edx
:004A98DA 68FC984A00 push 004A98FC
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A98FA(U)
|
:004A98DF 8D45E4
lea eax, dword ptr [ebp-1C]
:004A98E2 E8EDA2F5FF call 00403BD4
:004A98E7 8D45EC
lea eax, dword ptr [ebp-14]
:004A98EA BA05000000 mov edx,
00000005
:004A98EF E804A3F5FF call 00403BF8
:004A98F4 C3
ret
:004A98F5 E9729DF5FF jmp 0040366C
:004A98FA EBE3
jmp 004A98DF
:004A98FC 8BC3
mov eax, ebx
:004A98FE 5F
pop edi
:004A98FF 5E
pop esi
:004A9900 5B
pop ebx
:004A9901 8BE5
mov esp, ebp
:004A9903 5D
pop ebp
:004A9904 C3
ret
-----------------------------------------------------------------------
* Referenced by a CALL at Address:
|:004A981B
|
:004A946C 53
push ebx
:004A946D 56
push esi
:004A946E 84D2
test dl, dl dl為0(實際上是1)
:004A9470 7408
je 004A947A 就跳
:004A9472 83C4F0
add esp, FFFFFFF0 esp=esp-14
:004A9475 E8D29DF5FF call 0040324C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A9470(C)
|
:004A947A 8BDA
mov ebx, edx
:004A947C 8BF0
mov esi, eax
:004A947E 33D2
xor edx, edx
:004A9480 8BC6
mov eax, esi
:004A9482 E8C1ECF6FF call 00418148
:004A9487 B201
mov dl, 01
* Possible StringData Ref from Code Obj ->" TBlowCorelJ"
|
:004A9489 A1C8864A00 mov eax,
dword ptr [004A86C8]
:004A948E E8499AF5FF call 00402EDC
:004A9493 894624
mov dword ptr [esi+24], eax
:004A9496 8BC6
mov eax, esi
:004A9498 84DB
test bl, bl
:004A949A 740F
je 004A94AB
:004A949C E8039EF5FF call 004032A4
:004A94A1 648F0500000000 pop dword ptr fs:[00000000]
:004A94A8 83C40C
add esp, 0000000C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A949A(C)
|
:004A94AB 8BC6
mov eax, esi
:004A94AD 5E
pop esi
:004A94AE 5B
pop ebx
:004A94AF C3
ret
------------------------------------------------------------
用trw在004A98AF中設斷,然後d eax和d edx可以看到自己的真假註冊碼
這裡是Username:XueBuhui 假註冊碼:68941367 真註冊碼:81BDC2D3
相關文章
- 請破破這個軟體 (129字)2000-06-25
- 今天是平安夜,忍不住拿篇破解筆記請各位指教!希望大家平安夜快樂!:) (24千字)2001-12-24筆記
- 用冰天雪地的一個軟體發現居然有版權資訊,呵呵,這次我自己寫個玩玩...喜歡asm的朋友可以看看 (15千字)2002-03-12ASM
- 漫畫:軟體是這樣做出來的2012-12-11
- 我的第一個破解軟體,試驗成功!2013-12-26
- 不錯的軟體,我來寫過程。:) (2千字)2001-05-13
- EMEDITOR V3.0破解過程~~~~~呵呵~~~~~我第一次寫過程~~~~累死我了~~~~呵呵
(14千字)2001-01-11
- 這個軟體是有點麻煩! (2千字)2001-10-28
- 我來貼他的破解。國產軟體怎麼啦?破就破唄,沒什麼大不了的。我就不信他的win98或者是VC++使用正版的。哼...
(2千字)2001-05-19C++
- 這是一篇老文章今天拿來翻譯一下,我的水平很差~請指正!for新手
(4千字)2015-11-15
- 老闆今天問我為什麼公司的資料庫這麼爛,我是這樣回答的......2018-09-14資料庫
- 生命是個軟體,我是個啥?2016-09-08
- 軟體最傑出的十個成功(9,10) (轉)2007-12-23
- 我的破解心得(9) (4千字)2001-03-13
- 我的破解心得(11) (9千字)2001-03-13
- 軟體能為我們帶來什麼???今天算開張!2006-08-13
- 軟體的未來是無碼2018-08-20
- 我第一個做好的彈出選單2017-11-08
- 我是一個壞軟體開發者2013-05-08
- 分析破解某個軟體公司出的理財東東!
(14千字)2015-11-15
- 這是我第一篇文章。開始了我這個程式設計師學習成長的路。內容是我轉載的。2017-02-28程式設計師
- UC:瀏覽器?呵呵 我現在是阿里巴巴的新媒體平臺2016-04-28瀏覽器阿里
- 小弟的一篇湊數的破解文章,是小弟解決的第一個密碼學軟體!(爆破哈!)
(14千字)2002-09-29密碼學
- 我對軟體工程這門課的理解2019-03-02軟體工程
- 這個軟體作者太狂妄了...... (3千字)2001-08-25
- 快來,我悄悄的給你說幾個HashCode的破事。2020-11-02
- 我的第一篇破文,獻給看學學院的!^_^高手免進! (10千字)2015-11-15
- 今天面了個騰訊拿 38K 出來的,讓我見識到了基礎的天花板2022-02-22
- MMO下坡路上的“逆行者”,今天迎來了第一個生日2024-03-25
- CSS世界中那些說起來很冷的知識2018-07-09CSS
- 請高手試試這個軟體的破解,它的保護非常的好,要破它實在是有點難度。
(585字)2000-07-10
- 什麼國產軟體不許破解,我就破就破!!!------FlashSoft1.07破解方法 (2千字)2001-05-19
- VB黑客程式的暴破(修改)一例 (9千字)2003-02-06黑客
- 我的第2篇破文 高手莫入!! (3千字)2001-11-11
- 我的第一篇破文easyoffice 2001 高手莫入!! (1千字)2001-11-04
- 我是如何學習軟體開發的2014-11-13
- 勒索軟體即服務(RaaS)是什麼?這個模型是如何工作的?2022-02-25模型
- 未來的WEB瀏覽體驗是這樣的...2013-07-05Web