六合軟體
軟體下載地址:http://myweb.hinet.net/home5/biga/HK6A0723.zip
軟體大小: 1450 KB
軟體語言: 中文
軟體類別: 共享版
應用平臺: ???
【軟體簡介】:六合軟體
【軟體限制】:NAG +功能限制
【作者宣告】:初學Crack,只是感興趣,沒有其它目的。失誤之處敬請諸位大俠賜教!
【破解工具】:Ollydbg,TRW2000
------------------------------------------
【過 程】:第一個試練碼12345-67890-ABCDE-FGHIJ
004ADC29 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
//EAX=SS:[EBP-14]=12345
004ADC2C |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004ADC2F |. E8 44AEF5FF CALL j⑾せX.00408A78SS:[
004ADC34 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004ADC37 |. B9 02000000 MOV ECX,2
004ADC3C |. BA 01000000 MOV EDX,1
004ADC41 |. E8 5A6FF5FF CALL j⑾せX.00404BA0
004ADC46 |. FF75 F4 PUSH DWORD PTR SS:[EBP-C]
//取12345前兩位12
004ADC49 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
004ADC4C |. 50 PUSH EAX
004ADC4D |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
004ADC50 |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
004ADC56 |. E8 F942F9FF CALL j⑾せX.00441F54DS:[
004ADC5B |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
//EAX=SS:[EBP-20]=67890
004ADC5E |. 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
004ADC61 |. E8 12AEF5FF CALL j⑾せX.00408A78SS:[
004ADC66 |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
//EAX=SS:[EBP-1C]=67890
004ADC69 |. B9 01000000 MOV ECX,1
004ADC6E |. BA 05000000 MOV EDX,5
004ADC73 |. E8 286FF5FF CALL j⑾せX.00404BA0
004ADC78 |. FF75 E8 PUSH DWORD PTR SS:[EBP-18]
004ADC7B |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004ADC7E |. 50 PUSH EAX
004ADC7F |. 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
004ADC82 |. 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304]
004ADC88 |. E8 C742F9FF CALL j⑾せX.00441F54DS:[
004ADC8D |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
//EAX=SS:[EBP-2C]=ABCDE
004ADC90 |. 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
004ADC93 |. E8 E0ADF5FF CALL j⑾せX.00408A78SS:[
004ADC98 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
//EAX=SS:[EBP-28]=ABCDE
004ADC9B |. B9 01000000 MOV ECX,1
004ADCA0 |. BA 01000000 MOV EDX,1
004ADCA5 |. E8 F66EF5FF CALL j⑾せX.00404BA0
004ADCAA |. FF75 DC PUSH DWORD PTR SS:[EBP-24]
004ADCAD |. 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
004ADCB0 |. 50 PUSH EAX
004ADCB1 |. 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
004ADCB4 |. 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308]
004ADCBA |. E8 9542F9FF CALL j⑾せX.00441F54DS:[
004ADCBF |. 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]//EAX=SS:[EBP-38]=FGHIJ
004ADCC2 |. 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
004ADCC5 |. E8 AEADF5FF CALL j⑾せX.00408A78SS:[
004ADCCA |. 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34]//EAX=SS:[EBP-34]=FGHIJ
004ADCCD |. B9 02000000 MOV ECX,2
004ADCD2 |. BA 04000000 MOV EDX,4
004ADCD7 |. E8 C46EF5FF CALL j⑾せX.00404BA0
004ADCDC |. FF75 D0 PUSH DWORD PTR SS:[EBP-30]
//SS:[EBP-30]=ij
004ADCDF |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004ADCE2 |. BA 04000000 MOV EDX,4
004ADCE7 |. E8 1C6DF5FF CALL j⑾せX.00404A08
004ADCEC |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004ADCEF |. 50 PUSH EAX
004ADCF0 |. 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
004ADCF3 |. 8B83 F0020000 MOV EAX,DWORD PTR DS:[EBX+2F0]
004ADCF9 |. E8 5642F9FF CALL j⑾せX.00441F54DS:[
004ADCFE |. 8B45 BC MOV EAX,DWORD PTR SS:[EBP-44]
//EAX=SS:[EBP-44]=12345
004ADD01 |. 8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40]
004ADD04 |. E8 6FADF5FF CALL j⑾せX.00408A78SS:[
004ADD09 |. 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40]//EAX=SS:[EBP-40]=12345
004ADD0C |. B9 03000000 MOV ECX,3
004ADD11 |. BA 03000000 MOV EDX,3
004ADD16 |. E8 856EF5FF CALL j⑾せX.00404BA0
004ADD1B |. FF75 C4 PUSH DWORD PTR SS:[EBP-3C]
//SS:[EBP-3C]=345入棧
004ADD1E |. 68 F0E14A00 PUSH j⑾せX.004AE1F0[EBP
004ADD23 |. 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48]
004ADD26 |. 50 PUSH EAX
004ADD27 |. 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
004ADD2A |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
004ADD30 |. E8 1F42F9FF CALL j⑾せX.00441F54DS:[
004ADD35 |. 8B45 B0 MOV EAX,DWORD PTR SS:[EBP-50]//EAX=SS:[EBP-50]=67890
004ADD38 |. 8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C]
004ADD3B |. E8 38ADF5FF CALL j⑾せX.00408A78SS:[
004ADD40 |. 8B45 B4 MOV EAX,DWORD PTR SS:[EBP-4C]//EAX=SS:[EBP-4C]=67890
004ADD43 |. B9 04000000 MOV ECX,4
004ADD48 |. BA 01000000 MOV EDX,1
004ADD4D |. E8 4E6EF5FF CALL j⑾せX.00404BA0
004ADD52 |. FF75 B8 PUSH DWORD PTR SS:[EBP-48]//SS:[EBP-48]=6789入棧
004ADD55 |. B8 044B5100 MOV EAX,j⑾せX.00514B04P-48
004ADD5A |. BA 03000000 MOV EDX,3
004ADD5F |. E8 A46CF5FF CALL j⑾せX.00404A08
004ADD64 |. 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
004ADD67 |. 50 PUSH EAX
004ADD68 |. 8D55 A4 LEA EDX,DWORD PTR SS:[EBP-5C]
004ADD6B |. 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304]
004ADD71 |. E8 DE41F9FF CALL j⑾せX.00441F54DS:[
004ADD76 |. 8B45 A4 MOV EAX,DWORD PTR SS:[EBP-5C]//EAX=SS:[EBP-5C]=ABCDE
004ADD79 |. 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-58]
004ADD7C |. E8 F7ACF5FF CALL j⑾せX.00408A78SS:[
004ADD81 |. 8B45 A8 MOV EAX,DWORD PTR SS:[EBP-58]//EAX=SS:[EBP-58]=ABCDE
004ADD84 |. B9 03000000 MOV ECX,3
//ECX=3
004ADD89 |. BA 02000000 MOV EDX,2
004ADD8E |. E8 0D6EF5FF CALL j⑾せX.00404BA0
004ADD93 |. FF75 AC PUSH DWORD PTR SS:[EBP-54]
//SS:[EBP-54]=BCD入棧
004ADD96 |. 68 F0E14A00 PUSH j⑾せX.004AE1F0[EBP
004ADD9B |. 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
004ADD9E |. 50 PUSH EAX
004ADD9F |. 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
004ADDA2 |. 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304]
004ADDA8 |. E8 A741F9FF CALL j⑾せX.00441F54DS:[
004ADDAD |. 8B45 98 MOV EAX,DWORD PTR SS:[EBP-68]//EAX=SS:[EBP-68]=ABCDE
004ADDB0 |. 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64]
004ADDB3 |. E8 C0ACF5FF CALL j⑾せX.00408A78SS:[
004ADDB8 |. 8B45 9C MOV EAX,DWORD PTR SS:[EBP-64]
004ADDBB |. B9 01000000 MOV ECX,1
004ADDC0 |. BA 05000000 MOV EDX,5
004ADDC5 |. E8 D66DF5FF CALL j⑾せX.00404BA0
004ADDCA |. FF75 A0 PUSH DWORD PTR SS:[EBP-60]
004ADDCD |. 8D45 94 LEA EAX,DWORD PTR SS:[EBP-6C]
004ADDD0 |. 50 PUSH EAX
004ADDD1 |. 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
004ADDD4 |. 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308]
004ADDDA |. E8 7541F9FF CALL j⑾せX.00441F54DS:[
004ADDDF |. 8B45 8C MOV EAX,DWORD PTR SS:[EBP-74]
004ADDE2 |. 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
004ADDE5 |. E8 8EACF5FF CALL j⑾せX.00408A78SS:[
004ADDEA |. 8B45 90 MOV EAX,DWORD PTR SS:[EBP-70]
004ADDED |. B9 03000000 MOV ECX,3
004ADDF2 |. BA 01000000 MOV EDX,1
004ADDF7 |. E8 A46DF5FF CALL j⑾せX.00404BA0
004ADDFC |. FF75 94 PUSH DWORD PTR SS:[EBP-6C]
//SS:[EBP-6C]=FGH入棧
004ADDFF |. B8 084B5100 MOV EAX,j⑾せX.00514B08P-6C
004ADE04 |. BA 04000000 MOV EDX,4
004ADE09 |. E8 FA6BF5FF CALL j⑾せX.00404A08
004ADE0E |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
//EAX=SS:[EBP-4]=120AIJ
//注:第一框中前兩位&第二框中的最後一位&第三框中第一位&第四框中的後兩位
004ADE11 |. BA FCE14A00 MOV EDX,j⑾せX.004AE1FC[EBP
EDX=2X66IS
004ADE16 |. E8 716CF5FF CALL j⑾せX.00404A8CDE4B 比較CALL,比較120AIJ與2X66IS
004ADE1B |. 75 2E JNZ SHORT j⑾せX.004ADE4B
不等就跳,一跳就OVER
004ADE1D |. BA 044B5100 MOV EDX,j⑾せX.00514B044B
004ADE22 |. A1 F8984E00 MOV EAX,DWORD PTR DS:[4E98F8]
004ADE27 |. 8B00 MOV EAX,DWORD PTR
DS:[EAX]
004ADE29 |. E8 4A0B0000 CALL j⑾せX.004AE978DS:[ //演算法CALL,進入
004ADE2E |. 84C0 TEST AL,AL
004ADE30 |. 74 19 JE SHORT j
--------------------------演算法CALL↓
試練碼變成2X345-67896-6ABCDE-FGHIS
004AE978 /$ 55
PUSH EBP
004AE979 |. 8BEC MOV EBP,ESP
004AE97B |. B9 11000000 MOV ECX,11
004AE980 |> 6A 00 /PUSH 0
004AE982 |. 6A 00 |PUSH 0
004AE984 |. 49 |DEC ECX
004AE985 |.^75 F9 \JNZ SHORT j⑾せX.004AE980
004AE987 |. 53 PUSH EBX
004AE988 |. 56 PUSH ESI
004AE989 |. 57 PUSH EDI
004AE98A |. 8BDA MOV EBX,EDX
004AE98C |. BF E4894E00 MOV EDI,j⑾せX.004E89E4
004AE991 |. 33C0 XOR EAX,EAX
004AE993 |. 55 PUSH EBP
004AE994 |. 68 EBEE4A00 PUSH j⑾せX.004AEEEB
004AE999 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004AE99C |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004AE99F |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
004AE9A2 |. 8B13 MOV EDX,DWORD PTR
DS:[EBX]
004AE9A4 |. E8 7F5DF5FF CALL j⑾せX.00404728DS:[
004AE9A9 |. C645 F7 01 MOV BYTE PTR SS:[EBP-9],1
004AE9AD |. B3 01 MOV BL,1
004AE9AF |. C645 F6 00 MOV BYTE PTR SS:[EBP-A],0
004AE9B3 |. C645 F5 00 MOV BYTE PTR SS:[EBP-B],0
004AE9B7 |. C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
004AE9BB |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004AE9BE |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
//EAX=SS:[EBP-8]=345-6789
004AE9C1 |. E8 B2A0F5FF CALL j⑾せX.00408A78SS:[
004AE9C6 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004AE9C9 |. E8 7A5FF5FF CALL j⑾せX.00404948SS:[
004AE9CE |. 83F8 08 CMP EAX,8
//是否為8位,不是就OVER
004AE9D1 |. 75 25 JNZ SHORT j⑾せX.004AE9F8
004AE9D3 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
004AE9D6 |. 50 PUSH EAX
004AE9D7 |. B9 01000000 MOV ECX,1
004AE9DC |. BA 04000000 MOV EDX,4
004AE9E1 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004AE9E4 |. E8 B761F5FF CALL j⑾せX.00404BA0SS:[
004AE9E9 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
004AE9EC |. BA 04EF4A00 MOV EDX,j⑾せX.004AEF04[EBP
004AE9F1 |. E8 9660F5FF CALL j⑾せX.00404A8CF04[
004AE9F6 |. 74 09 JE SHORT j⑾せX.004AEA01
004AE9F8 |> C645 F7 00 MOV BYTE PTR SS:[EBP-9],0
004AE9FC |. E9 92040000 JMP j⑾せX.004AEE93 BP-
004AEA01 |> 8B55 F8 MOV EDX,DWORD PTR
SS:[EBP-8]
004AEA04 |. B8 04EF4A00 MOV EAX,j⑾せX.004AEF04[EBP
004AEA09 |. E8 7662F5FF CALL j⑾せX.00404C84F04[
004AEA0E |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
004AEA11 |. B9 01000000 MOV ECX,1
004AEA16 |. 92 XCHG EAX,EDX
004AEA17 |. E8 C461F5FF CALL j⑾せX.00404BE0
//此CALL作用是去掉“-”號
004AEA1C |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
//EAX=3456789
004AEA1F |. E8 1C61F5FF CALL j⑾せX.00404B40SS:[
004AEA24 |. 8BF0 MOV ESI,EAX
//ESI=EAX=3456789
004AEA26 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
004AEA29 |. 8A16 MOV DL,BYTE PTR
DS:[ESI] //DL=DS:[ESI]=33(注:3的ASCII碼)
004AEA2B |. E8 405EF5FF CALL j⑾せX.00404870:[ES
004AEA30 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004AEA33 |. 8B15 E0894E00 MOV EDX,DWORD PTR DS:[4E89E0] //EDX=ABCDEFGHIJKLMNOPQRSTUVWXYZ
004AEA39 |. E8 4662F5FF CALL j⑾せX.00404C84DS:[ //此CALL的作用是比較3是否為大寫字母
004AEA3E |. 85C0 TEST EAX,EAX
//不是的話EAX就為0,是0就OVER,將EAX的置改為1接著除錯
004AEA40 |. 75 02 JNZ SHORT j⑾せX.004AEA44
004AEA42 |. 33DB XOR EBX,EBX
004AEA44 |> 8D45 E4 LEA EAX,DWORD PTR
SS:[EBP-1C]
004AEA47 |. 8A56 01 MOV DL,BYTE PTR DS:[ESI+1]
//取第二個數4
004AEA4A |. E8 215EF5FF CALL j⑾せX.00404870:[ES
004AEA4F |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
//EDX=0123456789
004AEA52 |. 8B17 MOV EDX,DWORD PTR
DS:[EDI]
004AEA54 |. E8 2B62F5FF CALL j⑾せX.00404C84DS:[ //看是否為0123456789中的數字
004AEA59 |. 85C0 TEST EAX,EAX
//不是的話EAX=0,我們這正好是所以EAX=4+1=5
004AEA5B |. 75 02 JNZ SHORT j⑾せX.004AEA5F
004AEA5D |. 33DB XOR EBX,EBX
004AEA5F |> 8D45 E0 LEA EAX,DWORD PTR
SS:[EBP-20]
004AEA62 |. 8A56 02 MOV DL,BYTE PTR DS:[ESI+2]
//取第三個數5
004AEA65 |. E8 065EF5FF CALL j⑾せX.00404870:[ES
004AEA6A |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
004AEA6D |. 8B17 MOV EDX,DWORD PTR
DS:[EDI]//EDX=0123456789
004AEA6F |. E8 1062F5FF CALL j⑾せX.00404C84DS:[//看是否為0123456789中的數字
004AEA74 |. 85C0 TEST EAX,EAX
//不是的話EAX=0,我們這正好是所以EAX=5+1=6
004AEA76 |. 75 02 JNZ SHORT j⑾せX.004AEA7A
004AEA78 |. 33DB XOR EBX,EBX
004AEA7A |> 8D45 DC LEA EAX,DWORD PTR
SS:[EBP-24]
004AEA7D |. 8A56 03 MOV DL,BYTE PTR DS:[ESI+3]
//取第四個數6
004AEA80 |. E8 EB5DF5FF CALL j⑾せX.00404870:[ES
004AEA85 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
004AEA88 |. 8B15 E0894E00 MOV EDX,DWORD PTR DS:[4E89E0] //EDX=ABCDEFGHIJKLMNOPQRSTUVWXYZ
004AEA8E |. E8 F161F5FF CALL j⑾せX.00404C84DS:[ //是否為大寫字母
004AEA93 |. 85C0 TEST EAX,EAX
//不是的話EAX就為0,是0就OVER,將EAX的置改為1接著除錯
004AEA95 |. 75 02 JNZ SHORT j⑾せX.004AEA99
004AEA97 |. 33DB XOR EBX,EBX
004AEA99 |> 8D45 D8 LEA EAX,DWORD PTR
SS:[EBP-28]
004AEA9C |. 8A56 04 MOV DL,BYTE PTR DS:[ESI+4]
//取第五個數7
004AEA9F |. E8 CC5DF5FF CALL j⑾せX.00404870:[ES
004AEAA4 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004AEAA7 |. 8B17 MOV EDX,DWORD PTR
DS:[EDI]//EDX=0123456789
004AEAA9 |. E8 D661F5FF CALL j⑾せX.00404C84DS:[//看是否為0123456789中的數字
004AEAAE |. 85C0 TEST EAX,EAX//不是的話EAX=0,我們這正好是所以EAX=7+1=8
004AEAB0 |. 75 02 JNZ SHORT j⑾せX.004AEAB4
004AEAB2 |. 33DB XOR EBX,EBX
004AEAB4 |> 8D45 D4 LEA EAX,DWORD PTR
SS:[EBP-2C]
004AEAB7 |. 8A56 05 MOV DL,BYTE PTR DS:[ESI+5]
//取第六個數8
004AEABA |. E8 B15DF5FF CALL j⑾せX.00404870:[ES
004AEABF |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
004AEAC2 |. 8B17 MOV EDX,DWORD PTR
DS:[EDI] //EDX=0123456789
004AEAC4 |. E8 BB61F5FF CALL j⑾せX.00404C84DS:[//看是否為0123456789中的數字
004AEAC9 |. 85C0 TEST EAX,EAX
//不是的話EAX=0,我們這正好是所以EAX=8+1=9
004AEACB |. 75 02 JNZ SHORT j⑾せX.004AEACF
004AEACD |. 33DB XOR EBX,EBX
004AEACF |> 8D45 D0 LEA EAX,DWORD PTR
SS:[EBP-30]
004AEAD2 |. 8A56 06 MOV DL,BYTE PTR DS:[ESI+6]
//取第七個數9
004AEAD5 |. E8 965DF5FF CALL j⑾せX.00404870:[ES
004AEADA |. 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30]
004AEADD |. 8B17 MOV EDX,DWORD PTR
DS:[EDI]
004AEADF |. E8 A061F5FF CALL j⑾せX.00404C84DS:[ //是否為0123456789中的數字
004AEAE4 |. 85C0 TEST EAX,EAX
EAX=A
004AEAE6 |. 75 02 JNZ SHORT j⑾せX.004AEAEA
//不是就OVER
004AEAE8 |. 33DB XOR EBX,EBX
//以上如果有一個不合要求的話EBX清零
004AEAEA |> 84DB TEST BL,BL
004AEAEC |. 0F84 A1030000 JE j⑾せX.004AEE93
//跳到死亡處
------為了滿足上面要求將試練碼再變成2XA45-B7896-6ABCDE-FGHIS------
除錯
004AEAF2 |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
004AEAF5 |. 8A56 04 MOV DL,BYTE PTR DS:[ESI+4]
//取第五個數7的ASCII
004AEAF8 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004AEAFB |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEAFE |. 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
004AEB01 |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
004AEB04 |. E8 1743F5FF CALL j⑾せX.00402E20SS:[
004AEB09 |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004AEB0C |. 33D2 XOR EDX,EDX
004AEB0E |. 8A16 MOV DL,BYTE PTR
DS:[ESI] //DL=DS:[ESI]=41(注:第一個數的ASCII碼)
004AEB10 |. 83EA 19 SUB EDX,19
//EDX=41-19=28(注:(的ASCII碼
004AEB13 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
DS:[EAX+1]=DL=28
004AEB16 |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEB19 |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004AEB1C |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
004AEB1F |. B1 02 MOV CL,2
004AEB21 |. E8 CA42F5FF CALL j⑾せX.00402DF0
004AEB26 |. 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
004AEB29 |. 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
004AEB2C |. E8 EF42F5FF CALL j⑾せX.00402E20SS:[
004AEB31 |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004AEB34 |. 8A56 06 MOV DL,BYTE PTR DS:[ESI+6]
//DL=DS:[ESI+6]=39
004AEB37 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
//DS:[EAX+1]=DL=39
004AEB3A |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEB3D |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004AEB40 |. 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
004AEB43 |. B1 03 MOV CL,3
004AEB45 |. E8 A642F5FF CALL j⑾せX.00402DF0
004AEB4A |. 8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40]
004AEB4D |. 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48]
004AEB50 |. E8 CB42F5FF CALL j⑾せX.00402E20SS:[
004AEB55 |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004AEB58 |. 33D2 XOR EDX,EDX
004AEB5A |. 8A56 03 MOV DL,BYTE PTR DS:[ESI+3]//DL=DS:[ESI+3]=42(注:第四個數B的ASCII碼)
004AEB5D |. 83EA 1E SUB EDX,1E
//EDX=42-1E=24(注:24的ASCII碼為$)
004AEB60 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004AEB63 |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEB66 |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004AEB69 |. 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48]
004AEB6C |. B1 04 MOV CL,4
004AEB6E |. E8 7D42F5FF CALL j⑾せX.00402DF0 //此CALL作用應該是起連線作用
004AEB73 |. 8D55 B8 LEA EDX,DWORD PTR SS:[EBP-48]
//EDX=7(9$
004AEB76 |. 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
004AEB79 |. E8 A242F5FF CALL j⑾せX.00402E20SS:[
004AEB7E |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004AEB81 |. 8A56 02 MOV DL,BYTE PTR DS:[ESI+2]
//dl=35(注:A45B789的第三位,上面幾個都個這樣意思)
004AEB84 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004AEB87 |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEB8A |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004AEB8D |. 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
004AEB90 |. B1 05 MOV CL,5
004AEB92 |. E8 5942F5FF CALL j⑾せX.00402DF0
004AEB97 |. 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
//EDX=7(9$5
004AEB9A |. 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58]
004AEB9D |. E8 7E42F5FF CALL j⑾せX.00402E20SS:[
004AEBA2 |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004AEBA5 |. 8A56 05 MOV DL,BYTE PTR DS:[ESI+5]
//取第六位ASCII,DL=38
004AEBA8 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004AEBAB |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEBAE |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004AEBB1 |. 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58]
004AEBB4 |. B1 06 MOV CL,6
004AEBB6 |. E8 3542F5FF CALL j⑾せX.00402DF0
004AEBBB |. 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-58]
//EDX=7(9$58
004AEBBE |. 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
004AEBC1 |. E8 5A42F5FF CALL j⑾せX.00402E20SS:[
004AEBC6 |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004AEBC9 |. 8A56 01 MOV DL,BYTE PTR DS:[ESI+1]
//取第二位ASCII,DL=34
004AEBCC |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004AEBCF |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEBD2 |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004AEBD5 |. 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
004AEBD8 |. B1 07 MOV CL,7
004AEBDA |. E8 1142F5FF CALL j⑾せX.00402DF0
004AEBDF |. 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
004AEBE2 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004AEBE5 |. E8 025DF5FF CALL j⑾せX.004048ECSS:[
004AEBEA |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
//EAX=7(9$584
004AEBED |. E8 4E5FF5FF CALL j⑾せX.00404B40SS:[
004AEBF2 |. 8BF0 MOV ESI,EAX
//ESI=EAX=7(9$584
下面又開始字母和數字的比較,到這裡我好暈了
004AEBF4 |. 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
004AEBF7 |. 8A56 01 MOV DL,BYTE PTR DS:[ESI+1]
//第二位
004AEBFA |. E8 715CF5FF CALL j⑾せX.00404870:[ES
004AEBFF |. 8B45 9C MOV EAX,DWORD PTR SS:[EBP-64]
004AEC02 |. 8B17 MOV EDX,DWORD PTR
DS:[EDI]
004AEC04 |. E8 7B60F5FF CALL j⑾せX.00404C84DS:[ //0123456789中的數字?
004AEC09 |. 85C0 TEST EAX,EAX //不是的話EAX置0,因為我們現在的不是數字,所以將0改成1,接著除錯
004AEC0B |. 75 02 JNZ SHORT j⑾せX.004AEC0F
004AEC0D |. 33DB XOR EBX,EBX
004AEC0F |> 8D45 98 LEA EAX,DWORD PTR
SS:[EBP-68]
004AEC12 |. 8A56 03 MOV DL,BYTE PTR DS:[ESI+3]
//第四位
004AEC15 |. E8 565CF5FF CALL j⑾せX.00404870:[ES
004AEC1A |. 8B45 98 MOV EAX,DWORD PTR SS:[EBP-68]
004AEC1D |. 8B17 MOV EDX,DWORD PTR
DS:[EDI]
004AEC1F |. E8 6060F5FF CALL j⑾せX.00404C84DS:[ //0123456789中的數字?
004AEC24 |. 85C0 TEST EAX,EAX
//不是的話EAX置0,因為我們現在的不是數字,所以將0改成1,接著除錯
004AEC26 |. 75 02 JNZ SHORT j⑾せX.004AEC2A
004AEC28 |. 33DB XOR EBX,EBX
和上面一樣,要是EAX為0的話EBX就清0,清0就不好了
004AEC2A |> 84DB TEST BL,BL
004AEC2C |. 0F84 61020000 JE j⑾せX.004AEE9
--------先不要暈了,我們又將試練碼改一下才能除錯了,怎麼改?看清了!~
假如我們在上一次假碼中去掉2X66IS就剩下A45B789ABCDEFGH,我們先看前兩框的即A45B789
分別取第一第四個每母的ASCII碼,第一個減19第四個減1E得出的ASCII都要為某數字的ASCII
隨便取一個滿足上面要求的吧。再用2XI45-N6786-6BCDE-FGHIS除錯,經過上面我們可得到一串字元6080574(注:第五位&第一位算得&第七位&第四位算得&第三位&第六位&第二位)
004AEC32 |. 8D45 94
LEA EAX,DWORD PTR SS:[EBP-6C]
004AEC35 |. 8A16 MOV DL,BYTE PTR
DS:[ESI] //取變化後的第一個數(注:變化後的數為6080574)
004AEC37 |. E8 345CF5FF CALL j⑾せX.00404870:[ES
004AEC3C |. 8B45 94 MOV EAX,DWORD PTR SS:[EBP-6C]
004AEC3F |. E8 B4A0F5FF CALL j⑾せX.00408CF8SS:[
004AEC44 |. 8BF8 MOV EDI,EAX
004AEC46 |. 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
004AEC49 |. 8A56 01 MOV DL,BYTE PTR DS:[ESI+1]
//取第二個\
004AEC4C |. E8 1F5CF5FF CALL j⑾せX.00404870:[ES
\
004AEC51 |. 8B45 90 MOV EAX,DWORD PTR SS:[EBP-70]
|
004AEC54 |. E8 9FA0F5FF CALL j⑾せX.00408CF8SS:[
|
004AEC59 |. 03F8 ADD EDI,EAX
//相加
|
004AEC5B |. 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74]
|
004AEC5E |. 8A56 02 MOV DL,BYTE PTR DS:[ESI+2]//取第三個
|
004AEC61 |. E8 0A5CF5FF CALL j⑾せX.00404870:[ES
|
004AEC66 |. 8B45 8C MOV EAX,DWORD PTR SS:[EBP-74]
|
004AEC69 |. E8 8AA0F5FF CALL j⑾せX.00408CF8SS:|[
|
004AEC6E |. 03F8 ADD EDI,EAX
//相加
| |前五位相加
004AEC70 |. 8D45 88 LEA EAX,DWORD PTR SS:[EBP-78]
|
004AEC73 |. 8A56 03 MOV DL,BYTE PTR DS:[ESI+3]//取第四個
|
004AEC76 |. E8 F55BF5FF CALL j⑾せX.00404870:[ES
|
004AEC7B |. 8B45 88 MOV EAX,DWORD PTR SS:[EBP-78]
|
004AEC7E |. E8 75A0F5FF CALL j⑾せX.00408CF8SS:[
|
004AEC83 |. 03F8 ADD EDI,EAX
//相加 |
004AEC85 |. 8D45 84 LEA EAX,DWORD PTR SS:[EBP-7C]
/
004AEC88 |. 8A56 04 MOV DL,BYTE PTR DS:[ESI+4]//取第五個/
004AEC8B |. E8 E05BF5FF CALL j⑾せX.00404870:[ES
/
004AEC90 |. 8B45 84 MOV EAX,DWORD PTR SS:[EBP-7C]
/
004AEC93 |. E8 60A0F5FF CALL j⑾せX.00408CF8SS:[
/
004AEC98 |. 03F8 ADD EDI,EAX
//相加/EDI=6+0+8+0+5=13
004AEC9A |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
004AEC9D |. 8A56 05 MOV DL,BYTE PTR DS:[ESI+5]
004AECA0 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004AECA3 |. C600 01 MOV BYTE PTR DS:[EAX],1
004AECA6 |. 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
004AECA9 |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
004AECAC |. E8 6F41F5FF CALL j⑾せX.00402E20SS:[
004AECB1 |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004AECB4 |. 8A56 06 MOV DL,BYTE PTR DS:[ESI+6]
004AECB7 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004AECBA |. C600 01 MOV BYTE PTR DS:[EAX],1
004AECBD |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004AECC0 |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
004AECC3 |. B1 02 MOV CL,2
004AECC5 |. E8 2641F5FF CALL j⑾せX.00402DF0
004AECCA |. 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
004AECCD |. 8D45 80 LEA EAX,DWORD PTR SS:[EBP-80]
004AECD0 |. E8 175CF5FF CALL j⑾せX.004048ECSS:[
004AECD5 |. 8B45 80 MOV EAX,DWORD PTR SS:[EBP-80]//最後兩位74D=4AH(注:這裡的D為十進位制H為16進位制)
004AECD8 |. E8 1BA0F5FF CALL j⑾せX.00408CF8SS:[
004AECDD |. 3BF8 CMP EDI,EAX
13與4A比較,不等就OVER,將EAX的置改成13,接著除錯
。。。。。刪去了N行,因為大多了,這N行是取變化後的字串的前五位,其ASCII碼為ED85
004AED94 |. 8B85 7CFFFFFF MOV EAX,DWORD PTR SS:[EBP-84]
004AED9A |. E8 599FF5FF CALL j⑾せX.00408CF8SS:[
004AED9F |. 2D 6C670000 SUB EAX,676C //EAX=ED85-676C=8619
004AEDA4 |. B9 07000000 MOV ECX,7
//ECX=7
004AEDA9 |. 99 CDQ
004AEDAA |. F7F9 IDIV ECX
EAX/ECX=1328……1,1328入EAX,餘數1入EDX
004AEDAC |. 85D2 TEST EDX,EDX
004AEDAE |. 75 06 JNZ SHORT j⑾せX.004AEDB6
…………刪了N行,而又是取前5位
004AEE63 |. 8B85 78FFFFFF MOV EAX,DWORD PTR SS:[EBP-88]
004AEE69 |. E8 8A9EF5FF CALL j⑾せX.00408CF8SS:[
004AEE6E |. 2D 6C670000 SUB EAX,676C
004AEE73 |. B9 07000000 MOV ECX,7
004AEE78 |. 99 CDQ
004AEE79 |. F7F9 IDIV ECX
EAX=1328
004AEE7B |. 3D E9030000 CMP EAX,3E9 1328與3E9比較
004AEE80 |. 7C 0D JL SHORT j⑾せX.004AEE8F
不能跳
004AEE82 |. 3D 0F270000 CMP EAX,270F 1328與270F比較
這兩處比較是為是看看商是否為1001到9999之間的數
004AEE87 |. 7F 06 JG SHORT j⑾せX.00?
………………
004ADE29 |. E8 4A0B0000 CALL j⑾せX.004AE978潲Ν??
004ADE2E |. 84C0 TEST AL,AL
如果上面所有都成立的話,AL不為0,若不滿足AL=0
004ADE30 |. 74 19 JE SHORT j⑾せX.004ADE4B
//跳就OVER
004ADE32 |. BA 084B5100 MOV EDX,j⑾せX.00514B08B
004ADE37 |. A1 F8984E00 MOV EAX,DWORD PTR DS:[4E98F8]
004ADE3C |. 8B00 MOV EAX,DWORD PTR
DS:[EAX]
004ADE3E |. E8 4D130000 CALL j⑾せX.004AF190DS:[ //演算法CALL2,跟進,和第一個差不多,不寫了
004ADE43 |. 84C0 TEST AL,AL
004ADE45 |. 0F85 D9000000 JNZ
--------------演算法CALL2
004AF5B7 |. 2D 91300000 SUB EAX,3091 *******就這裡不同
004AF5BC |. B9 07000000 MOV ECX,7
004AF5C1 |. 99 CDQ
004AF5C2 |. F7F9 IDIV ECX
004AF5C4 |. 85D2 TEST EDX,EDX
004AF5C6 |. 75 06 JNZ SHORT j⑾せX.004AF5CE
----------------------------------------------------------------------------------
註冊碼整理:
3E9*7+676C=82CB=33483(注:82CB的十進位制)
3+3+4+8+3=15=21
所以由上面算出註冊碼前兩框為2XL13-V3246
再3E9*7+3091=4BF0=19440(注:4BF0的十進位制)
1+9+4+4+0=18=24
又由上兩式得後兩框真碼為6R80R-114IS
所以2XL13-V3246-6R80R-114IS為一個可用註冊碼
-----------------------------------------------------------------------------------------------------------------------------------------------
登錄檔資訊儲存:
REGEDIT4
[HKEY_CURRENT_USER\Software\BigA]
"6All"="L13V324R80R114"
"Mark6"="2X66IS"
---------------------------------------------------------------------------
序號產生器就留給高手們寫吧,我快累死了
相關文章
- 軟體、軟體危機、軟體工程 (轉)2007-12-04軟體工程
- 軟體工程——軟體測試2014-01-21軟體工程
- 軟體工程——軟體計劃2013-12-11軟體工程
- 軟體工程 第一章 軟體與軟體工程2024-03-13軟體工程
- 軟體測試:軟體缺陷管理2019-08-01
- 軟體“吃”掉了軟體開發2014-04-25
- 軟體開發mac常用軟體2015-01-02Mac
- 軟體2024-04-10
- 《軟體加密與解密》——軟體加軟體相似性比對2012-04-18加密解密
- 軟體測試--中介軟體介紹2021-01-05
- 軟體開發與軟體研發2013-04-10
- 軟體測試--軟體生命週期2024-07-27
- Redis中介軟體與Web中介軟體2024-07-07RedisWeb
- 【軟體工程】軟體設計之總體設計2014-11-02軟體工程
- 微商分銷系統軟體(軟體微商)2020-07-30
- 重拾軟體工程—(2)軟體過程2017-11-06軟體工程
- 德國精品軟體Throttle網路加速軟體2017-11-15
- 軟體工程——軟體維護+物件導向2014-01-23軟體工程物件
- 【軟體工具】SecureCRT 軟體安裝與使用2016-01-06Securecrt
- Linux軟體管理之YUM軟體管理2013-05-23Linux
- websphere中介軟體安裝軟體需求requirement2013-05-23WebUIREM
- [軟體工程]軟體中的量化問題2011-01-13軟體工程
- 網路軟體與桌面軟體的融合2007-11-08
- 中介軟體之訊息中介軟體-pulsar2024-06-09
- 軟體工程-軟體工程層狀模型(EHM)2024-06-11軟體工程模型
- 理解軟體2013-12-07
- 未知軟體2017-08-14
- 軟體工程 .2013-06-19軟體工程
- 軟體破解2008-06-02
- Tai 軟體2024-10-09AI
- 科研軟體2024-04-21
- 軟體工程2024-03-31軟體工程
- 常用軟體2024-06-05
- 軟體驗收測試 第三方軟體測試 軟體功能測試 軟體資訊保安測試2021-12-08
- 軟體研發之道——有關軟體的思考2020-04-07
- 軟體測試真的比不上軟體開發嗎?2019-09-05
- 軟體序列號查詢軟體:Serial Box for Mac2024-01-12Mac
- 進出口軟體(進出口貿易管理軟體)2023-03-01