FINDITNOW!1.25 or 102 中文版破解心得 (14千字)

這些日子放假在家，想著把技術在提高提高，隨意的下了幾個國產軟體，沒想到一個都搞不定！

技不如人啦。。。

大過年的，為了不讓自己太難過，就找到了這個東西。

FINDITNOW!1.25 or 102 中文版

用trw裝載程式。按f12 14次，來到這裡

016F:00417ACC 837DFC00 CMP DWORD [EBP-04],BYTE +00...游標在此處
016F:00417AD0 7405 JZ 00417AD7
016F:00417AD2 8B4DFC MOV ECX,[EBP-04]
016F:00417AD5 EB05 JMP SHORT 00417ADC
016F:00417AD7 B95C604900 MOV ECX,0049605C
016F:00417ADC 8BF9 MOV EDI,ECX
016F:00417ADE 33C0 XOR EAX,EAX
016F:00417AE0 56 PUSH ESI
016F:00417AE1 83C9FF OR ECX,BYTE -01
016F:00417AE4 F2AE REPNE SCASB
016F:00417AE6 F7D1 NOT ECX
016F:00417AE8 2BF9 SUB EDI,ECX
016F:00417AEA 8DB5ACFBFFFF LEA ESI,[EBP+FFFFFBAC]
016F:00417AF0 87F7 XCHG ESI,EDI
016F:00417AF2 8BD1 MOV EDX,ECX
016F:00417AF4 8BC7 MOV EAX,EDI
016F:00417AF6 C1E902 SHR ECX,02
016F:00417AF9 8D45FC LEA EAX,[EBP-04]
016F:00417AFC F3A5 REP MOVSD
016F:00417AFE 8BCA MOV ECX,EDX
016F:00417B00 BA02000000 MOV EDX,02
016F:00417B05 83E103 AND ECX,BYTE +03
016F:00417B08 F3A4 REP MOVSB
016F:00417B0A 5E POP ESI
016F:00417B0B FF4DE4 DEC DWORD [EBP-1C]
016F:00417B0E E889F30600 CALL 00486E9C
016F:00417B13 66C745D81400 MOV WORD [EBP-28],14
016F:00417B19 33C9 XOR ECX,ECX
016F:00417B1B 894DF8 MOV [EBP-08],ECX
016F:00417B1E 8D55F8 LEA EDX,[EBP-08]
016F:00417B21 FF45E4 INC DWORD [EBP-1C]
016F:00417B24 8B86F8010000 MOV EAX,[ESI+01F8]
016F:00417B2A E85D830300 CALL 0044FE8C
016F:00417B2F 837DF800 CMP DWORD [EBP-08],BYTE +00
016F:00417B33 7405 JZ 00417B3A
016F:00417B35 8B4DF8 MOV ECX,[EBP-08]
016F:00417B38 EB05 JMP SHORT 00417B3F
016F:00417B3A B95D604900 MOV ECX,0049605D
016F:00417B3F 51 PUSH ECX
016F:00417B40 8D85ACFBFFFF LEA EAX,[EBP+FFFFFBAC]
016F:00417B46 50 PUSH EAX
016F:00417B47 E83C360600 CALL 0047B188
016F:00417B4C 83C408 ADD ESP,BYTE +08
016F:00417B4F FF4DE4 DEC DWORD [EBP-1C]
016F:00417B52 8D45F8 LEA EAX,[EBP-08]
016F:00417B55 BA02000000 MOV EDX,02
016F:00417B5A E83DF30600 CALL 00486E9C
016F:00417B5F 33D2 XOR EDX,EDX
016F:00417B61 8D8DACFBFFFF LEA ECX,[EBP+FFFFFBAC]
016F:00417B67 8D85ACFBFFFF LEA EAX,[EBP+FFFFFBAC]
016F:00417B6D EB19 JMP SHORT 00417B88
016F:00417B6F 0FBE18 MOVSX EBX,BYTE [EAX]
016F:00417B72 83FB20 CMP EBX,BYTE +20....來到此處後開始比較名字。名字中不能有空格
016F:00417B75 7410 JZ 00417B87
016F:00417B77 83FB2E CMP EBX,BYTE +2E...名字中不能有"."
016F:00417B7A 740B JZ 00417B87
016F:00417B7C 83FB2D CMP EBX,BYTE +2D...名字中不能有“-”
016F:00417B7F 7406 JZ 00417B87
016F:00417B81 8A18 MOV BL,[EAX].......................取名字的第一位
016F:00417B83 42 INC EDX
016F:00417B84 8819 MOV [ECX],BL
016F:00417B86 41 INC ECX
016F:00417B87 40 INC EAX
016F:00417B88 803800 CMP BYTE [EAX],00
016F:00417B8B 75E2 JNZ 00417B6F (JUMP)....依次取名字
016F:00417B8D C68415ACFBFFFF00 MOV BYTE [EBP+EDX+FFFFFBAC],00
016F:00417B95 8D85ACFBFFFF LEA EAX,[EBP+FFFFFBAC]
016F:00417B9B 50 PUSH EAX
016F:00417B9C E8237B0600 CALL 0047F6C4
016F:00417BA1 59 POP ECX
016F:00417BA2 33D2 XOR EDX,EDX
016F:00417BA4 8D85ACFBFFFF LEA EAX,[EBP+FFFFFBAC]
016F:00417BAA EB0A JMP SHORT 00417BB6
016F:00417BAC C1E202 SHL EDX,02
016F:00417BAF 4A DEC EDX
016F:00417BB0 0FBEC9 MOVSX ECX,CL
016F:00417BB3 03D1 ADD EDX,ECX
016F:00417BB5 40 INC EAX
016F:00417BB6 8A08 MOV CL,[EAX].....取名字和註冊碼的位數
016F:00417BB8 84C9 TEST CL,CL
016F:00417BBA 75F0 JNZ 00417BAC....網上跳取名字再次計算的中間值
016F:00417BBC 8BFA MOV EDI,EDX
016F:00417BBE 81F212EFCDAB XOR EDX,ABCDEF12
016F:00417BC4 81E2FFFF0000 AND EDX,FFFF
016F:00417BCA 81F726594131 XOR EDI,31415926
016F:00417BD0 33DB XOR EBX,EBX
016F:00417BD2 8955AC MOV [EBP-54],EDX
016F:00417BD5 8BC3 MOV EAX,EBX...........
016F:00417BD7 03C0 ADD EAX,EAX
016F:00417BD9 8D55BC LEA EDX,[EBP-44]
016F:00417BDC 03C2 ADD EAX,EDX
016F:00417BDE 50 PUSH EAX
016F:00417BDF 8BCB MOV ECX,EBX
016F:00417BE1 C1E103 SHL ECX,03
016F:00417BE4 8BC7 MOV EAX,EDI
016F:00417BE6 D3F8 SAR EAX,CL
016F:00417BE8 24FF AND AL,FF
016F:00417BEA 50 PUSH EAX
016F:00417BEB E868FEFFFF CALL 00417A58
016F:00417BF0 83C408 ADD ESP,BYTE +08
016F:00417BF3 43 INC EBX
016F:00417BF4 83FB04 CMP EBX,BYTE +04
016F:00417BF7 72DC JC 00417BD5...........網上跳再次計算名字，得後半部分的註冊碼
016F:00417BF9 C645C400 MOV BYTE [EBP-3C],00
016F:00417BFD 33DB XOR EBX,EBX
016F:00417BFF 8BC3 MOV EAX,EBX.......
016F:00417C01 03C0 ADD EAX,EAX
016F:00417C03 8D55B0 LEA EDX,[EBP-50] ......把註冊碼放入edx
016F:00417C06 03C2 ADD EAX,EDX..........把註冊碼放入eax
016F:00417C08 50 PUSH EAX.........d eax,就可以得到八位註冊碼。
016F:00417C09 8BCB MOV ECX,EBX
016F:00417C0B C1E103 SHL ECX,03
016F:00417C0E 8B45AC MOV EAX,[EBP-54]
016F:00417C11 D3F8 SAR EAX,CL
016F:00417C13 24FF AND AL,FF
016F:00417C15 50 PUSH EAX
016F:00417C16 E83DFEFFFF CALL 00417A58
016F:00417C1B 83C408 ADD ESP,BYTE +08
016F:00417C1E 43 INC EBX
016F:00417C1F 83FB02 CMP EBX,BYTE +02
016F:00417C22 72DB JC 00417BFF...........跳，把註冊碼分兩段比對
016F:00417C24 C645B400 MOV BYTE [EBP-4C],00
016F:00417C28 8D55B0 LEA EDX,[EBP-50].......在此處可得一個helperkey:49cd
016F:00417C2B 8D8D84FBFFFF LEA ECX,[EBP+FFFFFB84]
016F:00417C31 52 PUSH EDX
016F:00417C32 685E604900 PUSH DWORD 0049605E
016F:00417C37 51 PUSH ECX
016F:00417C38 E8D3610600 CALL 0047DE10
016F:00417C3D 66C745D82000 MOV WORD [EBP-28],20
016F:00417C43 83C40C ADD ESP,BYTE +0C
016F:00417C46 8D9584FBFFFF LEA EDX,[EBP+FFFFFB84]
016F:00417C4C 8D45F4 LEA EAX,[EBP-0C]
016F:00417C4F E864F10600 CALL 00486DB8
016F:00417C54 FF45E4 INC DWORD [EBP-1C]
016F:00417C57 8B10 MOV EDX,[EAX]
016F:00417C59 8B8610020000 MOV EAX,[ESI+0210]
016F:00417C5F E858820300 CALL 0044FEBC
016F:00417C64 FF4DE4 DEC DWORD [EBP-1C]
016F:00417C67 8D45F4 LEA EAX,[EBP-0C]
016F:00417C6A BA02000000 MOV EDX,02
016F:00417C6F E828F20600 CALL 00486E9C
016F:00417C74 66C745D82C00 MOV WORD [EBP-28],2C
016F:00417C7A 33C9 XOR ECX,ECX
016F:00417C7C 894DF0 MOV [EBP-10],ECX
016F:00417C7F 8D55F0 LEA EDX,[EBP-10]
016F:00417C82 FF45E4 INC DWORD [EBP-1C]
016F:00417C85 8B8604020000 MOV EAX,[ESI+0204]
016F:00417C8B E8FC810300 CALL 0044FE8C
016F:00417C90 837DF000 CMP DWORD [EBP-10],BYTE +00
016F:00417C94 7405 JZ 00417C9B.....no jump!
016F:00417C96 8B4DF0 MOV ECX,[EBP-10].....此處取假的註冊碼
016F:00417C99 EB05 JMP SHORT 00417CA0
016F:00417C9B B96D604900 MOV ECX,0049606D
016F:00417CA0 8BF9 MOV EDI,ECX
016F:00417CA2 33C0 XOR EAX,EAX
016F:00417CA4 56 PUSH ESI
016F:00417CA5 83C9FF OR ECX,BYTE -01
016F:00417CA8 F2AE REPNE SCASB ......press f10 to go on
016F:00417CAA F7D1 NOT ECX
016F:00417CAC 2BF9 SUB EDI,ECX
016F:00417CAE 8DB574FBFFFF LEA ESI,[EBP+FFFFFB74]
016F:00417CB4 87F7 XCHG ESI,EDI
016F:00417CB6 8BD1 MOV EDX,ECX
016F:00417CB8 8BC7 MOV EAX,EDI
016F:00417CBA C1E902 SHR ECX,02
016F:00417CBD 8D45F0 LEA EAX,[EBP-10]
016F:00417CC0 F3A5 REP MOVSD ....press f10 to go on
016F:00417CC2 8BCA MOV ECX,EDX
016F:00417CC4 BA02000000 MOV EDX,02
016F:00417CC9 83E103 AND ECX,BYTE +03
016F:00417CCC F3A4 REP MOVSB ....take care,here you should press f8 to go on,otherwise you will be shown with the crash window!
016F:00417CCE 5E POP ESI
016F:00417CCF FF4DE4 DEC DWORD [EBP-1C]
016F:00417CD2 E8C5F10600 CALL 00486E9C
016F:00417CD7 8D9574FBFFFF LEA EDX,[EBP+FFFFFB74]
016F:00417CDD 8D8574FBFFFF LEA EAX,[EBP+FFFFFB74]
016F:00417CE3 EB18 JMP SHORT 00417CFD
016F:00417CE5 8A08 MOV CL,[EAX]..........
016F:00417CE7 0FBED9 MOVSX EBX,CL
016F:00417CEA 83FB20 CMP EBX,BYTE +20...註冊碼中不能有空格
016F:00417CED 740D JZ 00417CFC
016F:00417CEF 83FB2E CMP EBX,BYTE +2E...註冊碼中不能有“.”
016F:00417CF2 7408 JZ 00417CFC
016F:00417CF4 83FB2D CMP EBX,BYTE +2D...註冊碼中不能有“-”
016F:00417CF7 7403 JZ 00417CFC
016F:00417CF9 880A MOV [EDX],CL
016F:00417CFB 42 INC EDX
016F:00417CFC 40 INC EAX
016F:00417CFD 803800 CMP BYTE [EAX],00...比較註冊碼是否存在
016F:00417D00 75E3 JNZ 00417CE5....跳回！分別取註冊碼比較
016F:00417D02 66C745D83800 MOV WORD [EBP-28],38
016F:00417D08 8D55BC LEA EDX,[EBP-44]
016F:00417D0B 8D45EC LEA EAX,[EBP-14]
016F:00417D0E E8A5F00600 CALL 00486DB8
016F:00417D13 FF45E4 INC DWORD [EBP-1C]
016F:00417D16 8D55EC LEA EDX,[EBP-14]
016F:00417D19 8D8614020000 LEA EAX,[ESI+0214]
016F:00417D1F E8A8F10600 CALL 00486ECC
016F:00417D24 FF4DE4 DEC DWORD [EBP-1C]
016F:00417D27 8D45EC LEA EAX,[EBP-14]
016F:00417D2A BA02000000 MOV EDX,02
016F:00417D2F E868F10600 CALL 00486E9C
016F:00417D34 8D4DBC LEA ECX,[EBP-44]
016F:00417D37 51 PUSH ECX
016F:00417D38 8D8574FBFFFF LEA EAX,[EBP+FFFFFB74]
016F:00417D3E 50 PUSH EAX
016F:00417D3F E874360600 CALL 0047B3B8.....可以追進去看看
016F:00417D44 83C408 ADD ESP,BYTE +08
016F:00417D47 85C0 TEST EAX,EAX
016F:00417D49 750C JNZ 00417D57........此處是關鍵跳轉！
016F:00417D4B C786500100000100+MOV DWORD [ESI+0150],01
016F:00417D55 EB18 JMP SHORT 00417D6F
016F:00417D57 A1BCC54900 MOV EAX,[0049C5BC]...若跳轉來到此處
016F:00417D5C 6A00 PUSH BYTE +00
016F:00417D5E B9CF604900 MOV ECX,004960CF....記憶體中顯示invalidkey
016F:00417D63 BA6E604900 MOV EDX,0049606E
016F:00417D68 8B00 MOV EAX,[EAX]
016F:00417D6A E831F00600 CALL 00486DA0.....出錯視窗！
016F:00417D6F 8B55C8 MOV EDX,[EBP-38]
016F:00417D72 64891500000000 MOV [FS:00],EDX
016F:00417D79 5F POP EDI
016F:00417D7A 5E POP ESI
016F:00417D7B 5B POP EBX
016F:00417D7C 8BE5 MOV ESP,EBP
016F:00417D7E 5D POP EBP

第二部分
016F:0047B3B8 55 PUSH EBP....來到這裡！
016F:0047B3B9 8BEC MOV EBP,ESP
016F:0047B3BB 51 PUSH ECX
016F:0047B3BC 53 PUSH EBX
016F:0047B3BD 56 PUSH ESI
016F:0047B3BE 57 PUSH EDI
016F:0047B3BF 8B7D0C MOV EDI,[EBP+0C]
016F:0047B3C2 8B7508 MOV ESI,[EBP+08]...分別取真假註冊碼
016F:0047B3C5 EB02 JMP SHORT 0047B3C9
016F:0047B3C7 46 INC ESI
016F:0047B3C8 47 INC EDI
016F:0047B3C9 0FBE06 MOVSX EAX,BYTE [ESI]
016F:0047B3CC 50 PUSH EAX
016F:0047B3CD E842430000 CALL 0047F714
016F:0047B3D2 59 POP ECX
016F:0047B3D3 8BD8 MOV EBX,EAX
016F:0047B3D5 50 PUSH EAX
016F:0047B3D6 0FBE17 MOVSX EDX,BYTE [EDI]
016F:0047B3D9 52 PUSH EDX
016F:0047B3DA E835430000 CALL 0047F714
016F:0047B3DF 59 POP ECX
016F:0047B3E0 8845FF MOV [EBP-01],AL
016F:0047B3E3 5A POP EDX
016F:0047B3E4 3AD0 CMP DL,AL
016F:0047B3E6 7504 JNZ 0047B3EC....當然要相等！
016F:0047B3E8 84DB TEST BL,BL
016F:0047B3EA 75DB JNZ 0047B3C7...跳回分別取值進行比較
016F:0047B3EC 33C0 XOR EAX,EAX....eax 清零！
016F:0047B3EE 33D2 XOR EDX,EDX....edx 清零！
016F:0047B3F0 8A55FF MOV DL,[EBP-01]
016F:0047B3F3 8AC3 MOV AL,BL
016F:0047B3F5 2BC2 SUB EAX,EDX
016F:0047B3F7 5F POP EDI
016F:0047B3F8 5E POP ESI
016F:0047B3F9 5B POP EBX
016F:0047B3FA 59 POP ECX
016F:0047B3FB 5D POP EBP

FINDITNOW!1.25 or 102 中文版 破解心得 (14千字)

相關文章

FINDITNOW!1.25 or 102 中文版破解心得 (14千字)