hanami1005破解手記
軟體下載地址:http://www.pchome.net/dld/download.php?url=themes/hanami1005.zip
軟體大小: 737 KB
軟體語言: 英文
軟體類別: 共享版
應用平臺: Win9x/NT/2000/
【軟體簡介】:用途:可愛的桌面玩具、它可在桌面頂端放置漂亮的櫻花樹、而讓樹葉飄落、相當富含詩意,而程式提供多組花色供選擇、並可調整落葉的方式及風量的大小。
【軟體限制】:NAG +功能限制
【作者宣告】:初學Crack,只是感興趣,沒有其它目的。失誤之處敬請諸位大俠賜教!
【破解工具】:Ollydbg,W32Dasm
―――――――――――――――――――――――――――――――――
【過 程】:
試練碼
註冊名:weifeng
關鍵字:203
註冊碼:12345678
:00406DE1 689C084100
push 0041089C
:00406DE6 E8650E0000 call
00407C50 //假碼後面加上關鍵字的第一位2,變成123456782
:00406DEB 83C408 add
esp, 00000008
:00406DEE E835FEFFFF call
00406C28 //關鍵CALL,跟入
:00406DF3 85C0
test eax, eax
:00406DF5 7518
jne 00406E0F //不跳就OVER
:00406DF7 6A00
push 00000000
* Possible StringData Ref from
Data Obj ->"Error"
|
:00406DF9 68D80F4100 push
00410FD8
* Possible StringData Ref from
Data Obj ->"The registration code entered "
->"is
not correct"
|
//BAD BOY!
:00406DFE 68E00F4100 push
00410FE0
:00406E03 8B4D08 mov
ecx, dword ptr [ebp+08]
:00406E06 51
push ecx
* Reference To: USER32.MessageBoxA,
Ord:01BEh
|
:00406E07 FF1510E24000 Call dword
ptr [0040E210]
:00406E0D EB5A
jmp 00406E69
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00406DF5(C)
|
* Possible Reference to String
Resource ID=00001: "Hanami"
|
:00406E0F C7052C20410001000000 mov dword ptr [0041202C], 00000001
* Possible StringData Ref from
Data Obj ->" "
|
:00406E19 689C084100 push
0041089C
:00406E1E 68C81F4100 push
00411FC8
:00406E23 E8AEFCFFFF call
00406AD6
:00406E28 83C408 add
esp, 00000008
:00406E2B 85C0
test eax, eax
:00406E2D 7418
je 00406E47
:00406E2F 6A00
push 00000000
* Possible StringData Ref from
Data Obj ->"Registration successful"
|
:00406E31 6810104100 push
00411010
* Possible StringData Ref from
Data Obj ->"Registration data saved ok, thank "
->"you
for registering!"
|
//Good Job
:00406E36 6828104100 push
00411028
--------------------------------------關鍵CALL↓(下面的程式碼在OD除錯中複製出來,而上面的是W32DASM反彙編所得)
00406C28 /$ 55 PUSH EBP
00406C29 |. 8BEC MOV EBP,ESP
00406C2B |. 83EC 14 SUB ESP,14
00406C2E |. 68 34204100 PUSH HANAMI.00412034
00406C33 |. 68 9C084100 PUSH HANAMI.0041089C
; ASCII
"123456782"
00406C38 |. E8 43120000 CALL HANAMI.00407E80
00406C3D |. 83C4 08 ADD ESP,8
00406C40 |. 85C0 TEST EAX,EAX
00406C42 |. 75 07 JNZ SHORT HANAMI.00406C4B
00406C44 |. 33C0 XOR EAX,EAX
00406C46 |. E9 BF000000 JMP HANAMI.00406D0A
00406C4B |> 68 9C084100 PUSH HANAMI.0041089C
; ASCII
"123456782"
00406C50 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
00406C53 |. 50 PUSH EAX
00406C54 |. E8 E70F0000 CALL HANAMI.00407C40
00406C59 |. 83C4 08 ADD ESP,8
00406C5C |. 8A4D F6 MOV CL,BYTE PTR SS:[EBP-A]
//cl=SS:[EBP-A]=37 (7的ASCII碼,假碼第7位)
00406C5F |. 884D EC MOV BYTE PTR SS:[EBP-14],CL
//SS:[EBP-14]=CL=37
00406C62 |. C645 F6 00 MOV BYTE PTR SS:[EBP-A],0
00406C66 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
//EDX= SS:[EBP-10]=123456
00406C69 |. 52 PUSH EDX
//EDX=123456入棧
00406C6A |. E8 72130000 CALL HANAMI.00407FE1
//此CALL的主要作用應該就是將123456轉為16進數存入EAX
00406C6F |. 83C4 04 ADD ESP,4
00406C72 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
//SS:[EBP-4]=EAX=1E240(123456的16進數)
00406C75 |. 0FBE45 EC MOVSX EAX,BYTE PTR SS:[EBP-14]
//EAX=SS:[EBP-14]=37
00406C79 |. 8B0C85 3000410>MOV ECX,DWORD PTR DS:[EAX*4+410030]
//ECX=DS:[EAX*4+410030]=72292(10進製為467602)
//將DWORD PTR DS:[EAX*4+410030]改成1E240,12345678就變成萬能註冊碼,改後的程式碼看後面
00406C80 |. 3B4D FC CMP ECX,DWORD PTR SS:[EBP-4]
//將72292與1E240 比較(所以註冊碼為46760278)
00406C83 |. 75 07 JNZ SHORT HANAMI.00406C8C
相等就成功了
00406C85 |. B8 01000000 MOV EAX,1
---------暈了,不行的話還在下面作同樣的比較,呵呵~~一共三處
00406C8A |. EB 7E JMP SHORT HANAMI.00406D0A
00406C8C |> 68 9C084100 PUSH HANAMI.0041089C
; ASCII
"123456782"
00406C91 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
00406C94 |. 52 PUSH EDX
00406C95 |. E8 A60F0000 CALL HANAMI.00407C40
00406C9A |. 83C4 08 ADD ESP,8
00406C9D |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
00406CA0 |. 50 PUSH EAX
00406CA1 |. E8 E4130000 CALL HANAMI.0040808A
00406CA6 |. 83C4 04 ADD ESP,4
00406CA9 |. 8A4D F6 MOV CL,BYTE PTR SS:[EBP-A]
00406CAC |. 884D EC MOV BYTE PTR SS:[EBP-14],CL
00406CAF |. C645 F6 00 MOV BYTE PTR SS:[EBP-A],0
00406CB3 |. 0FBE55 EC MOVSX EDX,BYTE PTR SS:[EBP-14]
00406CB7 |. 8B0495 3000410>MOV EAX,DWORD PTR DS:[EDX*4+410030]
00406CBE |. 3B45 FC CMP EAX,DWORD PTR SS:[EBP-4]
00406CC1 |. 75 07 JNZ SHORT HANAMI.00406CCA
00406CC3 |. B8 01000000 MOV EAX,1
00406CC8 |. EB 40 JMP SHORT HANAMI.00406D0A
00406CCA |> 68 9C084100 PUSH HANAMI.0041089C
; ASCII
"123456782"
00406CCF |. 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
00406CD2 |. 51 PUSH ECX
00406CD3 |. E8 680F0000 CALL HANAMI.00407C40
00406CD8 |. 83C4 08 ADD ESP,8
00406CDB |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
00406CDE |. 52 PUSH EDX
00406CDF |. E8 08130000 CALL HANAMI.00407FEC
00406CE4 |. 83C4 04 ADD ESP,4
00406CE7 |. 8A45 F6 MOV AL,BYTE PTR SS:[EBP-A]
00406CEA |. 8845 EC MOV BYTE PTR SS:[EBP-14],AL
00406CED |. C645 F6 00 MOV BYTE PTR SS:[EBP-A],0
00406CF1 |. 0FBE4D EC MOVSX ECX,BYTE PTR SS:[EBP-14]
00406CF5 |. 8B148D 3000410>MOV EDX,DWORD PTR DS:[ECX*4+410030]
00406CFC |. 3B55 FC CMP EDX,DWORD PTR SS:[EBP-4]
00406CFF |. 75 07 JNZ SHORT HANAMI.00406D08
------------------------------------------
【註冊碼改法】
將
00406C79 MOV
ECX,DWORD PTR DS:[EAX*4+410030]
變成以下程式碼就能將12345678變成萬能註冊碼了,不影響你用真碼註冊,因為三個比較一樣的
00406C79 B9 40E20100 MOV ECX,1E240
00406C7E 90 NOP
00406C7F 90 NOP
-----------------------------------------
【註冊碼】
好像與使用者名稱無關,有一個不明的地方就是DWORD PTR DS:[EAX*4+410030]裡的數,不知道怎麼得來
使用者名稱:任意一個
關鍵字:任意一個
註冊碼:46760278
---------------------------
加上我的漢化補丁:)
補丁下載地址:http://www.jxlb.com/non-cgi//usr/19/19_1412.rar
相關文章
- Bannershop 4.5破解手記2015-11-15
- Irfanview破解手記 (668字)2001-02-02View
- 《Erlang
4.08》另類破解手記2002-06-24
- HTMLock 1.9.3破解手記---演算法分析2003-06-27HTML演算法
- 【 標題:SmartWhoIs 3.0 (build 21) 破解手記
】2000-11-30UI
- GetSmart破解手記 (1011字)2001-02-02
- IEPopupKiller 1.2破解手記--演算法分析2015-11-15演算法
- MySQL Manager 2.8.0.1脫殼破解手記破解分析2004-11-03MySql
- Turbo Note+ 破解手記 (4千字)2001-05-13
- Trojan Remover 4.3.0破解手記 (8千字)2001-08-31REM
- 漢字通破解手記 (19千字)2000-09-06
- QuickCD 1.0.320破解手記--演算法分析2015-11-15UI演算法
- SolSuite v8.0破解手記 (3千字)2001-09-08UI
- ACDSEE4.0的破解手記 (1千字)2002-01-20
- ReGet Junior 2.0破解手記(一) (3千字)2002-02-23
- 轉載:“亂刀”破解手記 (1千字)2000-09-03
- GreenBrowser 1.0.312破解手記--演算法分析2015-11-15演算法
- SeaMoon Pic Hunter 1.2破解手記 (8千字)2015-11-15
- ReGet Junior 2.0破解手記(二) (4千字)2015-11-15
- Golden 5.7 Build 391破解手記--演算法分析2015-11-15GoUI演算法
- ReGet Junior 2.0破解手記(三) (1千字)2015-11-15
- MagicWin 98 Release
1.20 破解手記 (20千字)2002-06-01
- LogoManager 1.18破解手記 (1千字)2001-02-18Go
- 加密MP3光碟破解手記 (1千字)2000-08-02加密
- 快捷反垃圾郵件破解手記--找出註冊碼2015-11-15
- 拱豬大戰 1.8破解手記--演算法分析2015-11-15演算法
- Setup2Go 1.97破解手記--演算法分析2015-11-15Go演算法
- 網咖管理專家9.5破解手記 (6千字)2001-01-26
- 商務郵件專家2.0破解手記 (509字)2001-02-02
- MP3 to EXE v 2.6破解手記 (8千字)2001-09-08
- Lockdown2000_7.0.0.1破解手記 (3千字)2000-05-26
- 乾涸的(Asp maker version 2.2 破解手記) (8千字)2015-11-15
- 新倚天屠龍記的光碟破解手記。 (1千字)2001-01-05
- Altomp3maker 2.11破解手記 (1千字)2001-01-29
- 鸚鵡螺網路助手 1.75 破解手記 (1千字)2001-01-30
- freeceltool 空當接龍工具破解手記 (1千字)2001-01-31
- 區域網資料庫快易通破解手記 (1千字)2001-02-02資料庫
- i-view32註冊碼的破解手記 (778字)2001-02-03View