network spy eval 1.6破解教程【原創】
【軟體名稱】network spy eval 1.6
【下載地址】網上搜尋
【應用平臺】Win9x
【軟體大小】未知
【軟體限制】未知
【破解宣告】破解只是感興趣,無其它目的。失誤之處敬請諸位大俠賜教!
【破解工具】trw2000, peid, W32Dasm
【軟體簡介】功能很全,ping,traceroute hostlookup,finger,listener,scanner,whois,winsock.....,總之上網必備
========================================================================================
【分析過程】
先用peid檢視一下,還好,vc++編寫的軟體,沒有加殼。
執行該程式 ,載入trw2000 ,輸入註冊姓名:subtway , 序列號:78787878 ,
CTRL+M呼入TRW2000 ,輸入bpx hmemcpy ,按F5返回程式,點選register按鈕,TRW攔截,
下pmodule命令,然後按F10一步步來到
.......
0167:004051AD 8D542448 LEA EDX,[ESP+48] //下dedx 顯示:78787878
0167:004051B1 8D442408 LEA EAX,[ESP+08] //下deax 顯示:subtway
0167:004051B5 52 PUSH EDX
0167:004051B6 50 PUSH EAX
0167:004051B7 E8142E0000 CALL 00407FD0 //關鍵call ,按F8進入
0167:004051BC 83C408 ADD ESP,BYTE +08
0167:004051BF 85C0 TEST EAX,EAX
0167:004051C1 744A JZ 0040520D // 註冊碼不對則跳,game over!
0167:004051C3 8B3D28104100 MOV EDI,[00411028]
0167:004051C9 8D4C2408 LEA ECX,[ESP+08]
0167:004051CD 6820024300 PUSH DWORD 00430220
0167:004051D2 51 PUSH ECX
0167:004051D3 6824344100 PUSH DWORD 00413424
0167:004051D8 6884314100 PUSH DWORD 00413184
0167:004051DD FFD7 CALL EDI
0167:004051DF 8D542448 LEA EDX,[ESP+48]
0167:004051E3 6820024300 PUSH DWORD 00430220
0167:004051E8 52 PUSH EDX
0167:004051E9 6838344100 PUSH DWORD 00413438
0167:004051EE 6884314100 PUSH DWORD 00413184
0167:004051F3 FFD7 CALL EDI
0167:004051F5 6A40 PUSH BYTE +40
0167:004051F7 6804364100 PUSH DWORD 00413604
0167:004051FC 68C4354100 PUSH DWORD 004135C4
0167:00405201 56 PUSH ESI
0167:00405202 FF1554114100 CALL `USER32!MessageBoxA` //註冊碼正確的歡迎視窗
0167:00405208 6A01 PUSH BYTE +01
0167:0040520A 56 PUSH ESI
0167:0040520B EB39 JMP SHORT 00405246
0167:0040520D 6A10 PUSH BYTE +10
0167:0040520F 68B8354100 PUSH DWORD 004135B8
0167:00405214 6898354100 PUSH DWORD 00413598
0167:00405219 56 PUSH ESI
0167:0040521A FF1554114100 CALL `USER32!MessageBoxA` // 註冊碼錯誤的歡迎視窗
0167:00405220 5F POP EDI
0167:00405221 B801000000 MOV EAX,01
0167:00405226 5E POP ESI
0167:00405227 81C480000000 ADD ESP,80
.....
追入call後,
0167:00407FD0 83EC20 SUB ESP,BYTE +20
:00407FD3 56 PUSH ESI
:00407FD4 8B742428 MOV ESI,[ESP+28]
:00407FD8 56 PUSH ESI
:00407FD9 FF1560104100 Call dword ptr [00411060]
:00407FDF 83F804 cmp eax, 00000004 //比較註冊姓名位數,小於4則跳,game over
:00407FE2 7D07 jge 00407FEB
:00407FE4 33C0 xor eax, eax
:00407FE6 5E pop esi
:00407FE7 83C420 add esp, 00000020
:00407FEA C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00407FE2(C)
|
:00407FEB 0FBE4601 movsx eax, byte ptr [esi+01] //取姓名第2位u的ASC碼0x75 放入eax
:00407FEF 0FBE4E02 movsx ecx, byte ptr [esi+02] //取姓名第3位b的ASC碼0x62 放入ecx
:00407FF3 D1E0 shl eax, 1 //eax=eax*2=0x75*2=0xea(十進位制234)
:00407FF5 50 push eax
:00407FF6 0FBE4603 movsx eax, byte ptr [esi+03] //取姓名第4位t的ASC碼0x74 放入eax
:00407FFA C1E102 shl ecx, 02 //ecx=ecx*4=0x62*4=0x188(十進位制392)
:00407FFD 51 push ecx
:00407FFE B90A000000 mov ecx, 0000000A //ecx=a(十進位制10)
:00408003 99 cdq
:00408004 F7F9 idiv ecx //用eax的值(0x74)和ecx的值(a)做除法運算,商為b(十進位制11) ,放在eax中,餘數為6(十進位制6) ,放在edx
:00408006 B8A0C634FA mov eax, FA34C6A0 //eax=0xfa34c6a0(十進位制4197762720)
:0040800B 8BCA mov ecx, edx //ecx=edx=6
:0040800D D3E0 shl eax, cl //eax=eax*(2^ecx)=0x8d31a800(十進位制2368841728)
:0040800F 8D4C240C lea ecx, dword ptr [esp+0C]
:00408013 50 push eax
* Possible StringData Ref from Data Obj ->"%010u-%d%d"
|
:00408014 68383B4100 push 00413B38
:00408019 51 push ecx
* Reference To: USER32.wsprintfA, Ord:02B3h
|
:0040801A FF1544114100 Call dword ptr [00411144] //將上述計算的值合成最後的註冊碼 ->2368841728-392234
:00408020 8B542440 mov edx, dword ptr [esp+40]
:00408024 83C414 add esp, 00000014
:00408027 8D442404 lea eax, dword ptr [esp+04]
:0040802B 52 push edx //下dedx,顯示:78787878 ->輸入的註冊碼
:0040802C 50 push eax //下deax,顯示:2368841728-392234 ->正確的註冊碼
* Reference To: KERNEL32.lstrcmpA, Ord:0329h
|
:0040802D FF1544104100 Call dword ptr [00411044] //比較eax和edx,不等則game over!
:00408033 F7D8 neg eax
:00408035 1BC0 sbb eax, eax
:00408037 5E pop esi
:00408038 40 inc eax
:00408039 83C420 add esp, 00000020
:0040803C C3 ret
========================================================================================
【分析總結】
註冊碼只和姓名的二、三、四位有關,序號產生器如下:
//this is a keymaker program of network spy eval 1.6!
#include <iostream.h>
#include <string.h>
#include <stdlib.h>
#include <math.h>
int main()
{
cout<<"the keymaker of network spy eval 1.6"<<endl;
cout<<"========================"<<endl;
cout<<"made by subtway+0"<<endl;
cout<<"========================"<<endl;
cout<<endl;
char s1[20];
cout<<"please input your name:";
cin>>s1;
int len=strlen(s1);
if(len<4)
{cout<<"please input again!your name must has at lease 4 chars!"<<endl;
return 0;
}
else
{
int m1,m2,m3,m4;
unsigned long m5;
m1=s1[1]*2;
m2=s1[2]*4;
m3=s1[3]/10;
m4=s1[3]%10;
m5=0xfa34c6a0*pow(2,m4);
cout<<"your password is: "<<m5<<"-"<<m2<<m1<<endl;
system ("PAUSE");
return 0;
}
}
========================================================================================
【版權資訊】
copyright subtway+0 all rights reserved!
2004-12-25
相關文章
- 原創深思3加密狗破解2015-11-15加密
- [原創]破解-分析Crackme演算法2009-06-13演算法
- 破解spy312.exe實戰! (953字)2000-06-02
- [原創]全國******2012功能破解2015-07-31
- powerDesigner使用教程【原創】2018-01-23
- [原創]IPhone 平臺下破解:Crack Firewall ip2010-03-30iPhone
- [原創]淺談勝新系列軟體的破解2004-12-28
- 【原創】中華通訊錄
pj教程2015-11-15
- ThemeFreak V1.6破解 (8千字)2001-03-07
- 魔術情書
6.55 破解過程+不脫殼打破解補丁【原創】2004-12-07
- 瘋狂單詞v1.6破解 (5千字)2001-11-02
- eval2024-09-10
- desksaver
破解教程2004-12-07
- ezConverter V2.0 簡體中文版的破解(原創)2015-11-15
- wince remote spy 原理2008-03-22REM
- window.eval()和eval()的區別2017-03-31
- JavaScript eval()2018-06-01JavaScript
- eval 命令2024-06-03
- IDEA破解教程2018-09-26Idea
- Spy工具到底如何使用2022-06-13
- 【原創】Struts1.x系列教程(14):動態Form2009-03-02ORM
- 板橋里人:J2EE原創教程和例項2003-08-07
- java 入門教程(非常詳細!1.6w+ 文字)2024-08-19Java
- Navicat 破解版下載,Navicat破解教程2021-10-12
- 1.62024-11-11
- window.eval()和eval()是有區別的2017-04-10
- [原創]Spring教程01--Spring開始篇_Helloworld2018-01-20Spring
- 【原創】Struts1.x系列教程(6):Bean標籤庫2009-01-19Bean
- kali暴力破解教程2015-04-05
- 破解《推箱子》Ver:1.6(230關) 註冊版 (1千字)2001-04-01
- 開心鬥地主1.6標準版 註冊碼破解 (4千字)2001-04-25
- (原創) 如何破解Quartus II 7.2 SP1? (IC Design) (Quartus II) (Nios II)2019-01-07iOS
- [原創]Swift+Sprite Kit中文教程第一篇2014-12-02Swift
- 【原創】Struts1.x系列教程(7):Logic標籤庫2009-01-19
- 原創教程網上實時支付下載已經開通2004-07-12
- 什麼是eval()?eval是用來幹什麼的?2024-07-30
- IntelliJ IDEA 破解教程2019-06-19IntelliJIdea
- Charles破解與抓包教程2018-10-25