BubbleKing V2.63 完全靜態破解
BubbleKing V2.63 完全靜態破解
下載地址: http://www2.skycn.com/soft/17495.html
剛剛放假,先找一個簡單的小遊戲來練練手.檢查一下,無殼,VC6.0, very good...
用W32Dasm看了看,發現了大概的思路.但有幾個呼叫的函式顯不出來,於是換用IDA,結果一目瞭然了.
.text:0040597D sub_40597D proc near ; DATA XREF: .rdata:00408BF4o
.text:0040597D push esi
.text:0040597E mov esi, ecx
.text:00405980 push 1
.text:00405982 call ?UpdateData@CWnd@@QAEHH@Z ; CWnd::UpdateData(int)
.text:00405987 mov eax, [esi+64h]
.text:0040598A mov eax, [eax-8] ;得到NAME長度
.text:0040598D test eax, eax
.text:0040598F jnz short loc_40599F;長度不能為0
.text:00405991 push 40h
.text:00405993 push offset aWarning ; "Warning"
.text:00405998 push offset aPleaseEnterYou ; "Please enter your name first!"
.text:0040599D jmp short loc_4059DC
.text:0040599F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:0040599F
.text:0040599F loc_40599F: ; CODE XREF: sub_40597D+12j
.text:0040599F cmp eax, 28h
.text:004059A2 jl short loc_4059B2;長度不能大於28h
.text:004059A4 push 40h
.text:004059A6 push offset aWarning ; "Warning"
.text:004059AB push offset aYourNameIsTooL ; "Your name is too long ^_^"
.text:004059B0 jmp short loc_4059DC
.text:004059B2 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:004059B2
.text:004059B2 loc_4059B2: ; CODE XREF: sub_40597D+25j
.text:004059B2 lea eax, [esi+60h]
.text:004059B5 push eax
.text:004059B6 call sub_40590C ;關鍵CALL
.text:004059BB test eax, eax
.text:004059BD pop ecx
.text:004059BE jz short loc_4059D0 ;EAX為0就OVER
.text:004059C0 mov ecx, esi
.text:004059C2 call ?OnOK@CDialog@@MAEXXZ ; CDialog::OnOK(void)
.text:004059C7 mov ecx, esi
.text:004059C9 call ?OnOK@CDialog@@MAEXXZ ; CDialog::OnOK(void)
.text:004059CE pop esi
.text:004059CF retn
.text:004059D0 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:004059D0
.text:004059D0 loc_4059D0: ; CODE XREF: sub_40597D+41j
.text:004059D0 push 40h
.text:004059D2 push offset aHi ; "Hi"
.text:004059D7 push offset aTheRegistratio ; "The registration code you input is inva"...
.text:004059DC
.text:004059DC loc_4059DC: ; CODE XREF: sub_40597D+20j
.text:004059DC ; sub_40597D+33j
.text:004059DC mov ecx, esi
.text:004059DE call ?MessageBoxA@CWnd@@QAEHPBD0I@Z ; CWnd::MessageBoxA(char const *,char const *,uint)
.text:004059E3 pop esi
.text:004059E4 retn
.text:004059E4 sub_40597D endp
進入關鍵的CALL:
.text:0040590C push esi
.text:0040590D mov esi, [esp+arg_0]
.text:00405911 mov eax, [esi] ;EAX處為註冊碼
.text:00405913 cmp dword ptr [eax-8], 12h ;長度必須為12h
.text:00405917 jnz short loc_405979
.text:00405919 cmp byte ptr [eax+5], 2Dh ;第6位必須為2Dh,即"-"
.text:0040591D jnz short loc_405979
.text:0040591F cmp byte ptr [eax+0Ah], 2Dh ;第11位必須為2Dh,即"-"
.text:00405923 jnz short loc_405979
.text:00405925 movsx ecx, byte ptr [eax+10h] ;取第17位
.text:00405929 movsx edx, byte ptr [eax+0Eh] ;取第15位
.text:0040592D sub edx, ecx ;相減
.text:0040592F movsx ecx, byte ptr [eax+2] ;取第3位
.text:00405933 movsx eax, byte ptr [eax] ;取第1位
.text:00405936 sub eax, ecx ;相減
.text:00405938 cmp eax, edx ;結果必須相同
.text:0040593A jnz short loc_405979
.text:0040593C push 61h ;查詢註冊碼是否有61h,即"a"
.text:0040593E mov ecx, esi
.text:00405940 call ?Find@CString@@QBEHD@Z ; CString::Find(char)
.text:00405945 cmp eax, 0FFFFFFFFh
.text:00405948 jz short loc_405979 ;沒有就OVER
.text:0040594A push 62h ;是否有"b"
.text:0040594C mov ecx, esi
.text:0040594E call ?Find@CString@@QBEHD@Z ; CString::Find(char)
.text:00405953 cmp eax, 0FFFFFFFFh
.text:00405956 jnz short loc_405979 ;有就OVER
.text:00405958 push 64h ;是否有"d"
.text:0040595A mov ecx, esi
.text:0040595C call ?Find@CString@@QBEHD@Z ; CString::Find(char)
.text:00405961 cmp eax, 0FFFFFFFFh
.text:00405964 jnz short loc_405979 ;有就OVER
.text:00405966 push 63h ;是否有"c"
.text:00405968 mov ecx, esi
.text:0040596A call ?Find@CString@@QBEHD@Z ; CString::Find(char)
.text:0040596F cmp eax, 0FFFFFFFFh
.text:00405972 jz short loc_405979 ;沒有就OVER
.text:00405974 push 1
.text:00405976 pop eax ;EAX=1,大功告成
.text:00405977 pop esi
.text:00405978 retn
.text:00405979 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:00405979
.text:00405979 loc_405979: ; CODE XREF: sub_40590C+Bj
.text:00405979 ; sub_40590C+11j ...
.text:00405979 xor eax, eax ;註冊碼不符合條件跳到這裡,EAX=0
.text:0040597B pop esi
.text:0040597C retn
.text:0040597C sub_40590C endp
非常簡單的註冊,根本沒運用SoftICE.
一個可用註冊碼: 12345-acxx-1234567 使用者名稱不大於40位,任意
相關文章
- 靜態域與靜態方法2019-07-27
- 靜態2024-12-05
- 偽靜態、靜態和動態的區別2020-12-18
- JavaScript 靜態屬性與靜態方法2018-12-15JavaScript
- net 靜態方法與非靜態方法2024-05-25
- doubleselect 靜態2020-04-05
- 靜態路由2024-10-03路由
- 靜態方法2024-07-26
- Android逆向之旅---靜態方式分析破解視訊編輯應用「Vue」水印問題2018-05-03AndroidVue
- 靜態動態陣列2024-11-28陣列
- .htaccess 偽靜態2018-10-19
- 靜態庫生成2018-06-06
- Java靜態代理2020-10-13Java
- 動靜態庫2024-10-03
- 靜態變數2024-08-11變數
- 靜態屬性2024-07-26
- 靜態點分治2024-06-06
- Linux下快速靜態編譯Qt以及Qt動態/靜態版本共存2018-03-11Linux編譯QT
- Navicat Premium for Mac v12.0.22.0 破解版,完全免費啟用方法之完美破解2019-04-02REMMac
- Java中靜態跟非靜態的區別總結2018-04-13Java
- Android NDK祕籍--編譯靜態庫、呼叫靜態庫2019-04-21Android編譯
- 靜態路由和動態路由2020-10-15路由
- 靜態代理和動態代理2019-05-15
- JAVA 靜態代理 & 動態代理2024-11-21Java
- 靜態庫與動態庫2024-06-22
- Blazor靜態服務端呈現(靜態SSR)身份認證2024-09-17Blazor服務端
- oracle靜態監聽2019-03-19Oracle
- Sanic 靜態檔案2019-04-01
- 靜態程式碼塊2018-08-29
- Java靜態代理模式2018-05-17Java模式
- 靜態主席樹模板2018-09-11
- CentOS配置靜態IP2024-05-18CentOS
- 靜態測試方案2024-01-29
- 例項 靜態 類2020-07-31
- pbootcms偽靜態教程2024-10-04boot
- [Linux]動靜態庫2024-11-30Linux
- Nginx靜態服務2024-08-20Nginx
- 靜態資源管理2018-04-14
- thinkphp Nginx偽靜態2024-07-22PHPNginx