計算機軟體水平考試測試系統3.0註冊演算法分析
計算機軟體水平考試測試系統註冊演算法分析
■、作者宣告:初學破解,純屬技術交流,無其它目的。
■、工具:ollyDBg1.09,W32Dasm10,脫殼工具。
■、基本知識:基礎彙編知識,基本工具使用。
■、註冊形式:註冊申請碼+註冊認證碼
■、軟體介紹:
軟體名稱:計算機軟體水平考試測試系統
整理日期:2003.4.29
最新版本:3.0 精華版(高階程式設計師)
檔案大小:14659KB
軟體授權:共享軟體
使用平臺:Win9x/Me/NT/2000/XP
釋出公司:Home
Page
軟體簡介:
這是一個關於“計算機軟體專業技術資格與水平考試”測試系統軟體(高階程式設計師)3.0精華版。該軟體收集了1991年--2001年高階程式設計師軟體水平考試的所有上午試題,和其它書籍上的一些重點試題。使用者可以選擇隨機生成試卷來進行測試,也可以選擇某一型別的題或某一年的題來測試。隨機生成試卷是按照軟體水平考試大綱上的要求來選題的,所選試題型別完全服合考試大綱規定。該軟體還自動計算使用者測試時間,到交卷時間就會提醒使用者交卷。未註冊的使用者,只能做2000年試題。要想使用軟體的所有功能,請先註冊。
■、破解過程:我喜歡全部共享,let's go
假設:
註冊申請碼:76C2-B045-0C72-3C2F
註冊認證碼:1234-2345-3456-4567
一、用脫殼工具脫殼後,在W32Dasm中找出錯資訊:
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:006168E0(C)
|
:0061699D
6A00 push
00000000
* Possible StringData Ref from Code Obj
->"警告框"
|
:0061699F B9186B6100
mov ecx, 00616B18
*
Possible StringData Ref from Code Obj ->"註冊碼錯誤,請與作者聯絡!"
|
:006169A4 BA206B6100
mov edx, 00616B20
:006168BE
83FA10 cmp edx,
00000010
:006168C1 0F85F0000000 jne
006169B7===
:006168C7 8D4DF0
lea ecx, dword ptr [ebp-10]
:006168CA 8B55FC
mov edx, dword ptr [ebp-04]
:006168CD
8B45F4 mov eax,
dword ptr [ebp-0C]
:006168D0 E8E7ECFFFF
call 006155BC
:006168D5 8B45F0
mov eax, dword ptr [ebp-10]
:006168D8 8B55F8
mov edx, dword ptr [ebp-08]
:006168DB
E8CCE1DEFF call 00404AAC
:006168E0
0F85B7000000 jne 0061699D========>出錯啦
:006168E6
8D55BC lea edx,
dword ptr [ebp-44]
二、用ollydbg載入程式,找到下面:
00616791
|. 8BD8 MOV EBX,EAX
00616793
|. 33C0 XOR EAX,EAX
00616795
|. 55 PUSH EBP
00616796
|. 68 2F6A6100 PUSH unpacked.00616A2F
0061679B |.
64:FF30 PUSH DWORD PTR FS:[EAX]
0061679E |.
64:8920 MOV DWORD PTR FS:[EAX],ESP
006167A1 |.
8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
006167A4 |.
50 PUSH EAX
006167A5 |.
A1 9C0C6200 MOV EAX,DWORD PTR DS:[620C9C]
; 註冊申請碼入eax
006167AA |. 8B00
MOV EAX,DWORD PTR DS:[EAX]
; eax為76C2B0450C723C2F
006167AC |. B9 08000000
MOV ECX,8
006167B1 |. BA 05000000 MOV EDX,5
006167B6
|. E8 05E4DEFF CALL unpacked.00404BC0
; 從註冊申請碼第5位開始,共
取8位,即B0450C72
006167BB
|. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
; B0450C72入eax
006167BE |.
50 PUSH EAX
006167BF |.
A1 9C0C6200 MOV EAX,DWORD PTR DS:[620C9C]
006167C4 |. 8B00
MOV EAX,DWORD PTR DS:[EAX]
; 註冊申請碼入eax
006167C6 |. B9
04000000 MOV ECX,4
006167CB |. BA 0D000000 MOV EDX,0D
006167D0
|. E8 EBE3DEFF CALL unpacked.00404BC0
; 從註冊申請碼第13位開始,
共取4位,即3C2F
006167D5
|. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
; 3C2F入eax
006167D8 |. 50
PUSH EAX
006167D9 |. 8D45
E4 LEA EAX,DWORD PTR SS:[EBP-1C]
006167DC |. 50
PUSH EAX
006167DD |. A1
9C0C6200 MOV EAX,DWORD PTR DS:[620C9C]
006167E2 |. 8B00
MOV EAX,DWORD PTR DS:[EAX]
; eax為76C2B0450C723C2F
006167E4 |.
B9 04000000 MOV ECX,4
006167E9 |. BA 01000000
MOV EDX,1
006167EE |. E8 CDE3DEFF CALL unpacked.00404BC0
; 從註冊申請碼第1位開始,共
取4位,即76c2
006167F3
|. 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
; 76C2入edx
006167F6 |. 8D45
F8 LEA EAX,DWORD PTR SS:[EBP-8]
006167F9 |. 59
POP ECX
006167FA |. E8
B5E1DEFF CALL unpacked.004049B4
; 兩串合併為一串,76c23c2f
006167FF |. 8D55
DC LEA EDX,DWORD PTR SS:[EBP-24]
00616802 |. 8B83
60030000 MOV EAX,DWORD PTR DS:[EBX+360]
00616808 |. E8 AFD0E3FF
CALL unpacked.004538BC
; 取註冊認證碼第一串,即
1234
0061680D
|. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
; 1234入eax
00616810 |. 8D55
E0 LEA EDX,DWORD PTR SS:[EBP-20]
00616813 |. E8
0C2CDFFF CALL unpacked.00409424
; 取註冊認證碼第一串,即
1234
00616818
|. FF75 E0 PUSH DWORD PTR SS:[EBP-20]
0061681B
|. 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
0061681E
|. 8B83 64030000 MOV EAX,DWORD PTR DS:[EBX+364]
00616824 |.
E8 93D0E3FF CALL unpacked.004538BC
; 取註冊認證碼第二串,即
2345
00616829
|. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
; 2345入eax
0061682C |. 8D55
D8 LEA EDX,DWORD PTR SS:[EBP-28]
0061682F |. E8
F02BDFFF CALL unpacked.00409424
; 取註冊認證碼第二串,即
2345
00616834
|. FF75 D8 PUSH DWORD PTR SS:[EBP-28]
00616837
|. 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
0061683A
|. 8B83 68030000 MOV EAX,DWORD PTR DS:[EBX+368]
00616840 |.
E8 77D0E3FF CALL unpacked.004538BC
; 取註冊認證碼第三串,即
3456
00616845
|. 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34]
00616848
|. 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0061684B
|. E8 D42BDFFF CALL unpacked.00409424
; 取註冊認證碼第三串,即
3456
00616850
|. FF75 D0 PUSH DWORD PTR SS:[EBP-30]
00616853
|. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
00616856
|. 8B83 6C030000 MOV EAX,DWORD PTR DS:[EBX+36C]
0061685C |.
E8 5BD0E3FF CALL unpacked.004538BC
; 取註冊認證碼第四串,即
4567
00616861
|. 8B45 C4 MOV EAX,DWORD PTR SS:[EBP-3C]
00616864
|. 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00616867
|. E8 B82BDFFF CALL unpacked.00409424
; 取註冊認證碼第四串,即
4567
0061686C
|. FF75 C8 PUSH DWORD PTR SS:[EBP-38]
0061686F
|. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
00616872
|. BA 04000000 MOV EDX,4
00616877 |. E8 ACE1DEFF
CALL unpacked.00404A28
; 四串註冊申請碼合併為一串
,即1234234534564567
0061687C
|. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0061687F
|. E8 E4E0DEFF CALL unpacked.00404968
; 取位數
00616884 |.
8BC8 MOV ECX,EAX
00616886 |.
85C9 TEST ECX,ECX
00616888 |.
75 0F JNZ SHORT unpacked.00616899
; 如為空則跳出錯
0061688A |. B8
446A6100 MOV EAX,unpacked.00616A44
0061688F |. E8 705CE3FF
CALL unpacked.0044C504
00616894 |. E9 36010000 JMP
unpacked.006169CF
00616899 |> 33D2
XOR EDX,EDX
0061689B |. 8B45 F4 MOV
EAX,DWORD PTR SS:[EBP-C] ; 註冊申請碼
1234234534564567入eax
0061689E
|. 8A0410 MOV AL,BYTE PTR DS:[EAX+EDX]
; 註冊申請碼依次入al
006168A1 |.
EB 07 JMP SHORT unpacked.006168AA
006168A3
|> 42 /INC EDX
006168A4
|. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
; 註冊申請碼
1234234534564567入eax
006168A7
|. 8A0410 |MOV AL,BYTE PTR DS:[EAX+EDX]
; 註冊申請碼依次入al
006168AA |>
3C 30 CMP AL,30
;
註冊申請碼一位是否為0
006168AC |. 72 04
|JB SHORT unpacked.006168B2
006168AE |. 3C 39
|CMP AL,39
; 註冊申請碼一位是否為9
006168B0
|. 76 08 |JBE SHORT unpacked.006168BA
006168B2
|> 3C 41 |CMP AL,41
; 註冊申請碼一位是否為A
006168B4 |. 72 08
|JB SHORT unpacked.006168BE
006168B6 |. 3C 46
|CMP AL,46
; 註冊申請碼一位是否為Z
006168B8
|. 77 04 |JA SHORT unpacked.006168BE
006168BA
|> 3BCA |CMP ECX,EDX
006168BC
|.^ 7D E5 \JGE SHORT unpacked.006168A3
; 以上判斷註冊申請碼是否為
數字或字母
006168BE
|> 83FA 10 CMP EDX,10
; 註冊申請碼是否是16位
006168C1 |. 0F85 F0000000 JNZ unpacked.006169B7
006168C7
|. 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
006168CA
|. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
; 上面取得第一串的註冊認證
碼,即B0450C72入edx
006168CD
|. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
; 註冊申請碼
1234234534564567入eax
006168D0
|. E8 E7ECFFFF CALL unpacked.006155BC
; 關鍵call(1)進入,產生串:
BE
02 66 25 50 56 26 2B
006168D5 |. 8B45 F0 MOV
EAX,DWORD PTR SS:[EBP-10]
006168D8 |. 8B55 F8
MOV EDX,DWORD PTR SS:[EBP-8] ; 註冊申請碼取得和另一合併
串,即76C23C2F入edx
006168DB
|. E8 CCE1DEFF CALL unpacked.00404AAC
; 關鍵call(2),進入
006168E0
|. 0F85 B7000000 JNZ unpacked.0061699D
; 跳往出錯
006168E6 |.
8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
006168E9 |.
33C0 XOR EAX,EAX
006168EB |.
E8 50C2DEFF CALL unpacked.00402B40
006168F0 |. 8B45
BC MOV EAX,DWORD PTR SS:[EBP-44]
006168F3 |. 8D55
C0 LEA EDX,DWORD PTR SS:[EBP-40]
006168F6 |. E8
F533DFFF CALL unpacked.00409CF0
006168FB |. 8B55 C0
MOV EDX,DWORD PTR SS:[EBP-40]
006168FE |. 8D45 EC
LEA EAX,DWORD PTR SS:[EBP-14]
資訊變換後儲存在
data\friend.ini
00616901
|. B9 686A6100 MOV ECX,unpacked.00616A68
; ASCII "data\friend.ini"
00616906
|. E8 A9E0DEFF CALL unpacked.004049B4
0061690B |.
8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
---------------
call(1)
006155BC
/$ 55 PUSH EBP
006155BD
|. 8BEC MOV EBP,ESP
006155BF
|. 6A 00 PUSH 0
006155C1 |. 6A
00 PUSH 0
006155C3 |. 6A 00
PUSH 0
006155C5 |. 6A 00
PUSH 0
006155C7 |. 6A 00 PUSH
0
006155C9 |. 53 PUSH
EBX
006155CA |. 56 PUSH
ESI
006155CB |. 57 PUSH
EDI
006155CC |. 8BF9 MOV EDI,ECX
006155CE
|. 8955 F8 MOV DWORD PTR SS:[EBP-8],EDX
006155D1
|. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
006155D4
|. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
; 1234234534564567入eax
006155D7
|. E8 74F5DEFF CALL unpacked.00404B50
006155DC |.
8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
; B0450C72入eax
006155DF |. E8
6CF5DEFF CALL unpacked.00404B50
006155E4 |. 33C0
XOR EAX,EAX
006155E6 |. 55
PUSH EBP
006155E7 |. 68 72566100
PUSH unpacked.00615672
006155EC |. 64:FF30
PUSH DWORD PTR FS:[EAX]
006155EF |. 64:8920
MOV DWORD PTR FS:[EAX],ESP
006155F2 |. 8D45 F4
LEA EAX,DWORD PTR SS:[EBP-C]
006155F5 |. E8 B6F0DEFF CALL
unpacked.004046B0
006155FA |. 8B45 FC MOV
EAX,DWORD PTR SS:[EBP-4] ; 1234234534564567入eax
006155FD
|. E8 66F3DEFF CALL unpacked.00404968
; 取位數
00615602 |.
8BD8 MOV EBX,EAX
00615604 |.
D1FB SAR EBX,1
00615606 |. 79
03 JNS SHORT unpacked.0061560B
00615608 |.
83D3 00 ADC EBX,0
0061560B |> 4B
DEC EBX
0061560C |. 85DB
TEST EBX,EBX
0061560E |. 7C 3A
JL SHORT unpacked.0061564A
00615610 |. 43
INC EBX
00615611 |. 33F6
XOR ESI,ESI
00615613 |> 8D45
F0 /LEA EAX,DWORD PTR SS:[EBP-10]
00615616 |. 50
|PUSH EAX
00615617 |. 8BD6
|MOV EDX,ESI
00615619 |. 03D2
|ADD EDX,EDX
0061561B |. 42
|INC EDX
0061561C |. B9 02000000
|MOV ECX,2
00615621 |. 8B45 FC |MOV
EAX,DWORD PTR SS:[EBP-4] ; 1234234534564567入eax
00615624
|. E8 97F5DEFF |CALL unpacked.00404BC0
; 取兩位申請碼
00615629 |.
8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
; 兩位申請碼入eax
0061562C |. E8 9BFEFFFF
|CALL unpacked.006154CC
; 轉換為十進位制,入eax
00615631 |. 8BD0
|MOV EDX,EAX
00615633 |. 8D45 EC
|LEA EAX,DWORD PTR SS:[EBP-14]
00615636 |. E8 55F2DEFF
|CALL unpacked.00404890
0061563B |. 8B55 EC
|MOV EDX,DWORD PTR SS:[EBP-14]
0061563E |. 8D45 F4
|LEA EAX,DWORD PTR SS:[EBP-C]
00615641 |. E8 2AF3DEFF
|CALL unpacked.00404970
00615646 |. 46
|INC ESI
00615647 |. 4B
|DEC EBX
00615648 |.^ 75 C9
\JNZ SHORT unpacked.00615613 ; 以上為把註冊申請碼轉換為
十進位制,在記憶體中(十六進位制表示):12
34 23 45 34 56 45 67
0061564A |> 8BCF
MOV ECX,EDI
0061564C |. 8B55 F8 MOV
EDX,DWORD PTR SS:[EBP-8] ; B0450C72入edx
0061564F
|. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
; 上面轉換的十進位制(十六進位制
表示):12
34 23 45 34 56 45 67
00615652 |. E8 E9FBFFFF CALL unpacked.00615240
=====================>關鍵call(3)
00615657 |. 33C0
XOR EAX,EAX
00615659 |. 5A
POP EDX
0061565A |. 59
POP ECX
0061565B |. 59
POP ECX
0061565C |. 64:8910
MOV DWORD PTR FS:[EAX],EDX
0061565F |. 68 79566100
PUSH unpacked.00615679
00615664 |> 8D45 EC
LEA EAX,DWORD PTR SS:[EBP-14]
00615667 |. BA 05000000
MOV EDX,5
0061566C |. E8 63F0DEFF CALL unpacked.004046D4
00615671
\. C3 RETN
00615672
.^ E9 45EADEFF JMP unpacked.004040BC
------------------------------------
關鍵call(2)
00404AAC
/$ 53 PUSH EBX
00404AAD
|. 56 PUSH ESI
00404AAE
|. 57 PUSH EDI
00404AAF
|. 89C6 MOV ESI,EAX
00404AB1
|. 89D7 MOV EDI,EDX
00404AB3
|. 39D0 CMP EAX,EDX
; eax為: BE 02 66 25 50 56
26 2B
,edx=76C23C2F
00404AB5 |. 0F84 8F000000 JE unpacked.00404B4A
00404ABB
|. 85F6 TEST ESI,ESI
00404ABD
|. 74 68 JE SHORT unpacked.00404B27
00404ABF
|. 85FF TEST EDI,EDI
00404AC1
|. 74 6B JE SHORT unpacked.00404B2E
00404AC3
|. 8B46 FC MOV EAX,DWORD PTR DS:[ESI-4]
00404AC6
|. 8B57 FC MOV EDX,DWORD PTR DS:[EDI-4]
00404AC9
|. 29D0 SUB EAX,EDX
00404ACB
|. 77 02 JA SHORT unpacked.00404ACF
00404ACD
|. 01C2 ADD EDX,EAX
00404ACF
|> 52 PUSH EDX
00404AD0
|. C1EA 02 SHR EDX,2
00404AD3 |. 74
26 JE SHORT unpacked.00404AFB
00404AD5 |>
8B0E /MOV ECX,DWORD PTR DS:[ESI]
; BE 02 66 25 50 56 26 2B
入ecx
00404AD7
|. 8B1F |MOV EBX,DWORD PTR DS:[EDI]
; ebx=32433637
00404AD9
|. 39D9 |CMP ECX,EBX
00404ADB
|. 75 58 |JNZ SHORT unpacked.00404B35
00404ADD
|. 4A |DEC EDX
00404ADE
|. 74 15 |JE SHORT unpacked.00404AF5
00404AE0
|. 8B4E 04 |MOV ECX,DWORD PTR DS:[ESI+4]
00404AE3
|. 8B5F 04 |MOV EBX,DWORD PTR DS:[EDI+4]
00404AE6
|. 39D9 |CMP ECX,EBX
00404AE8
|. 75 4B |JNZ SHORT unpacked.00404B35
00404AEA
|. 83C6 08 |ADD ESI,8
00404AED |. 83C7
08 |ADD EDI,8
00404AF0 |. 4A
|DEC EDX
00404AF1 |.^ 75 E2
\JNZ SHORT unpacked.00404AD5
00404AF3 |. EB 06
JMP SHORT unpacked.00404AFB
00404AF5 |> 83C6
04 ADD ESI,4
00404AF8 |. 83C7 04
ADD EDI,4
00404AFB |> 5A
POP EDX
00404AFC |. 83E2 03 AND
EDX,3
00404AFF |. 74 22 JE SHORT unpacked.00404B23
00404B01
|. 8B0E MOV ECX,DWORD PTR DS:[ESI]
00404B03
|. 8B1F MOV EBX,DWORD PTR DS:[EDI]
00404B05
|. 38D9 CMP CL,BL
00404B07 |.
75 41 JNZ SHORT unpacked.00404B4A
00404B09
|. 4A DEC EDX
00404B0A
|. 74 17 JE SHORT unpacked.00404B23
00404B0C
|. 38FD CMP CH,BH
00404B0E |.
75 3A JNZ SHORT unpacked.00404B4A
00404B10
|. 4A DEC EDX
00404B11
|. 74 10 JE SHORT unpacked.00404B23
00404B13
|. 81E3 0000FF00 AND EBX,0FF0000
00404B19 |. 81E1 0000FF00
AND ECX,0FF0000
00404B1F |. 39D9 CMP
ECX,EBX
00404B21 |. 75 27 JNZ SHORT
unpacked.00404B4A
00404B23 |> 01C0
ADD EAX,EAX
00404B25 |. EB 23
JMP SHORT unpacked.00404B4A
00404B27 |> 8B57 FC
MOV EDX,DWORD PTR DS:[EDI-4]
00404B2A |. 29D0
SUB EAX,EDX
00404B2C |. EB 1C
JMP SHORT unpacked.00404B4A
00404B2E |> 8B46 FC
MOV EAX,DWORD PTR DS:[ESI-4]
00404B31 |. 29D0
SUB EAX,EDX
00404B33 |. EB 15
JMP SHORT unpacked.00404B4A
00404B35 |>
5A POP EDX
00404B36 |.
38D9 CMP CL,BL
00404B38 |. 75
10 JNZ SHORT unpacked.00404B4A
00404B3A |.
38FD CMP CH,BH
00404B3C |. 75
0C JNZ SHORT unpacked.00404B4A
00404B3E |.
C1E9 10 SHR ECX,10
00404B41 |. C1EB
10 SHR EBX,10
00404B44 |. 38D9
CMP CL,BL
00404B46 |. 75 02
JNZ SHORT unpacked.00404B4A
00404B48 |. 38FD
CMP CH,BH
00404B4A |> 5F
POP EDI
00404B4B |. 5E
POP ESI
00404B4C |. 5B
POP EBX
00404B4D \. C3
RETN
---------------------------------------
關鍵call(3)
00615240
/$ 55 PUSH EBP
00615241
|. 8BEC MOV EBP,ESP
00615243
|. 83C4 CC ADD ESP,-34
00615246 |. 53
PUSH EBX
00615247 |. 56
PUSH ESI
00615248 |. 33DB
XOR EBX,EBX
0061524A |. 895D
CC MOV DWORD PTR SS:[EBP-34],EBX
0061524D |. 895D
D8 MOV DWORD PTR SS:[EBP-28],EBX
00615250 |. 894D
F4 MOV DWORD PTR SS:[EBP-C],ECX
00615253 |. 8955
F8 MOV DWORD PTR SS:[EBP-8],EDX
00615256 |. 8945
FC MOV DWORD PTR SS:[EBP-4],EAX
00615259 |. 8B45
FC MOV EAX,DWORD PTR SS:[EBP-4]
0061525C |. E8
EFF8DEFF CALL unpacked.00404B50
00615261 |. 8B45 F8
MOV EAX,DWORD PTR SS:[EBP-8]
; B0450C72入eax
00615264 |. E8 E7F8DEFF
CALL unpacked.00404B50
00615269 |. 33C0
XOR EAX,EAX
0061526B |. 55
PUSH EBP
0061526C |. 68 B9536100 PUSH unpacked.006153B9
00615271
|. 64:FF30 PUSH DWORD PTR FS:[EAX]
00615274
|. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00615277
|. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
; B0450C72入eax
0061527A |.
E8 E9F6DEFF CALL unpacked.00404968
; 取位數
0061527F |. 83F8 08
CMP EAX,8
00615282 |. 7D 1C
JGE SHORT unpacked.006152A0
00615284 |. EB 0D
JMP SHORT unpacked.00615293
00615286 |> 8D45
F8 /LEA EAX,DWORD PTR SS:[EBP-8]
00615289 |. BA
D0536100 |MOV EDX,unpacked.006153D0
0061528E |. E8 DDF6DEFF
|CALL unpacked.00404970
00615293 |> 8B45 F8
MOV EAX,DWORD PTR SS:[EBP-8]
00615296 |. E8 CDF6DEFF
|CALL unpacked.00404968
0061529B |. 83F8 08
|CMP EAX,8
0061529E |.^ 7C E6 \JL
SHORT unpacked.00615286
006152A0 |> 33DB
XOR EBX,EBX
006152A2 |. 8D45 DC
LEA EAX,DWORD PTR SS:[EBP-24]
006152A5 |> 8B55 F8
/MOV EDX,DWORD PTR SS:[EBP-8]
006152A8 |. 8A141A
|MOV DL,BYTE PTR DS:[EDX+EBX]
006152AB |. 8810
|MOV BYTE PTR DS:[EAX],DL
006152AD |.
43 |INC EBX
006152AE |.
40 |INC EAX
006152AF |.
83FB 08 |CMP EBX,8
006152B2 |.^ 75 F1
\JNZ SHORT unpacked.006152A5
; 以上為把B0450C72轉換為十
六進位制,記憶體中為42
30 34 35 30 43 37 32
006152B4 |. 6A 0F
PUSH 0F
; /Arg1 = 0000000F
006152B6
|. B9 E8B06200 MOV ECX,unpacked.0062B0E8
; |P入ecx
006152BB |. 8D45
DC LEA EAX,DWORD PTR SS:[EBP-24]
; |eax為B0450C72地址
006152BE |. BA 07000000
MOV EDX,7
; |
006152C3 |. E8
64F9FFFF CALL unpacked.00614C2C
; \關鍵call(4),進入
006152C8 |. 8D45 D8
LEA EAX,DWORD PTR SS:[EBP-28]
006152CB |. E8 E0F3DEFF
CALL unpacked.004046B0
006152D0 |. 8B45 FC
MOV EAX,DWORD PTR SS:[EBP-4]
; 轉換為十六進位制的註冊認證
碼入ecx
006152D3 |.
E8 90F6DEFF CALL unpacked.00404968
; 取位數
006152D8 |. 85C0
TEST EAX,EAX
006152DA |. 79 03
JNS SHORT unpacked.006152DF
006152DC |. 83C0
07 ADD EAX,7
006152DF |> C1F8 03
SAR EAX,3
006152E2 |. 48
DEC EAX
006152E3 |. 85C0
TEST EAX,EAX
006152E5 |. 7C 7E
JL SHORT unpacked.00615365
006152E7 |. 40
INC EAX
006152E8 |. 8945 D0
MOV DWORD PTR SS:[EBP-30],EAX
006152EB |. C745 D4 00000>MOV
DWORD PTR SS:[EBP-2C],0
006152F2 |> 33DB
/XOR EBX,EBX
006152F4 |. 8D45 EC
|LEA EAX,DWORD PTR SS:[EBP-14]
006152F7 |> 8B55 D4
|/MOV EDX,DWORD PTR SS:[EBP-2C]
006152FA |. C1E2 03
||SHL EDX,3
006152FD |. 03D3
||ADD EDX,EBX
006152FF |. 8B4D FC
||MOV ECX,DWORD PTR SS:[EBP-4] ; 轉換為十六進位制的註冊認證
碼入ecx
00615302
|. 8A1411 ||MOV DL,BYTE PTR DS:[ECX+EDX]
00615305
|. 8810 ||MOV BYTE PTR DS:[EAX],DL
00615307
|. 43 ||INC EBX
00615308
|. 40 ||INC EAX
00615309
|. 83FB 08 ||CMP EBX,8
0061530C |.^
75 E9 |\JNZ SHORT unpacked.006152F7
0061530E |.
8D45 E4 |LEA EAX,DWORD PTR SS:[EBP-1C]
00615311
|. 50 |PUSH EAX
; /Arg2
00615312 |. 6A 07
|PUSH 7
; |Arg1 = 00000007
00615314
|. 8D55 EC |LEA EDX,DWORD PTR SS:[EBP-14]
; |
00615317 |. B9 07000000
|MOV ECX,7
; |
0061531C |. B0 01
|MOV AL,1
; |
0061531E
|. E8 61FBFFFF |CALL unpacked.00614E84
; \unpacked.00614E84
00615323
|. BB 08000000 |MOV EBX,8
00615328 |. 8D75 E4
|LEA ESI,DWORD PTR SS:[EBP-1C]
0061532B |> 8D45
CC |/LEA EAX,DWORD PTR SS:[EBP-34]
0061532E |. 8A16
||MOV DL,BYTE PTR DS:[ESI]
00615330 |.
E8 5BF5DEFF ||CALL unpacked.00404890
00615335 |. 8B55
CC ||MOV EDX,DWORD PTR SS:[EBP-34]
00615338 |. 8D45
D8 ||LEA EAX,DWORD PTR SS:[EBP-28]
0061533B |. E8
30F6DEFF ||CALL unpacked.00404970
00615340 |. 46
||INC ESI
00615341 |. 4B
||DEC EBX
00615342 |.^ 75 E7
|\JNZ SHORT unpacked.0061532B
00615344 |. FF45
D4 |INC DWORD PTR SS:[EBP-2C]
00615347 |. FF4D
D0 |DEC DWORD PTR SS:[EBP-30]
0061534A |.^ 75 A6
\JNZ SHORT unpacked.006152F2
0061534C |.
EB 17 JMP SHORT unpacked.00615365
0061534E
|> 8B45 D8 /MOV EAX,DWORD PTR SS:[EBP-28]
00615351
|. E8 12F6DEFF |CALL unpacked.00404968
00615356 |.
8BD0 |MOV EDX,EAX
00615358 |.
8D45 D8 |LEA EAX,DWORD PTR SS:[EBP-28]
0061535B
|. B9 01000000 |MOV ECX,1
00615360 |. E8 9BF8DEFF
|CALL unpacked.00404C00
00615365 |> 8B45 D8
MOV EAX,DWORD PTR SS:[EBP-28]
00615368 |. E8 FBF5DEFF
|CALL unpacked.00404968
0061536D |. 85C0
|TEST EAX,EAX
0061536F |. 7E 12
|JLE SHORT unpacked.00615383
00615371 |. 8B45 D8
|MOV EAX,DWORD PTR SS:[EBP-28]
00615374 |. E8 EFF5DEFF
|CALL unpacked.00404968
00615379 |. 8B55 D8
|MOV EDX,DWORD PTR SS:[EBP-28]
0061537C |. 807C02 FF 00
|CMP BYTE PTR DS:[EDX+EAX-1],0
00615381 |.^ 74 CB
\JE SHORT unpacked.0061534E
00615383 |> 8B45 F4
MOV EAX,DWORD PTR SS:[EBP-C]
00615386 |. 8B55
D8 MOV EDX,DWORD PTR SS:[EBP-28]
00615389 |. E8
76F3DEFF CALL unpacked.00404704
0061538E |. 33C0
XOR EAX,EAX
00615390 |. 5A
POP EDX
00615391 |. 59
POP ECX
00615392 |. 59
POP ECX
00615393 |. 64:8910
MOV DWORD PTR FS:[EAX],EDX
00615396 |. 68 C0536100
PUSH unpacked.006153C0
0061539B |> 8D45 CC
LEA EAX,DWORD PTR SS:[EBP-34]
0061539E |. E8 0DF3DEFF CALL
unpacked.004046B0
006153A3 |. 8D45 D8 LEA
EAX,DWORD PTR SS:[EBP-28]
006153A6 |. E8 05F3DEFF CALL unpacked.004046B0
006153AB
|. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
006153AE
|. BA 02000000 MOV EDX,2
006153B3 |. E8 1CF3DEFF
CALL unpacked.004046D4
------------------------------
關鍵call(4)
00614C2C
/$ 55 PUSH EBP
00614C2D
|. 8BEC MOV EBP,ESP
00614C2F
|. 83C4 E4 ADD ESP,-1C
00614C32 |. 53
PUSH EBX
00614C33 |. 56
PUSH ESI
00614C34 |. 57
PUSH EDI
00614C35 |. 8BDA
MOV EBX,EDX
00614C37 |. 85DB
TEST EBX,EBX
00614C39 |. 78 0A
JS SHORT unpacked.00614C45
00614C3B |. C1EB
02 SHR EBX,2
00614C3E |> 8B3498
/MOV ESI,DWORD PTR DS:[EAX+EBX*4] ;
註冊申請碼 0C72 ,B045十六
進位制入esi,即:esi依次為32374330,35343042
00614C41
|. 4B |DEC EBX
00614C42
|. 56 |PUSH ESI
00614C43
|.^ 79 F9 \JNS SHORT unpacked.00614C3E
00614C45
|> 8BC4 MOV EAX,ESP
00614C47
|. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
00614C4A
|. 8D75 F5 LEA ESI,DWORD PTR SS:[EBP-B]
00614C4D
|. 6A 06 PUSH 6
; /Arg1 = 00000006
00614C4F |. 8BCE
MOV ECX,ESI
; |
00614C51 |. E8
46FEFFFF CALL unpacked.00614A9C
; \unpacked.00614A9C
00614C56 |. 8A06
MOV AL,BYTE PTR DS:[ESI]
00614C58 |.
33D2 XOR EDX,EDX
00614C5A |.
8AD0 MOV DL,AL
00614C5C |. C1EA
04 SHR EDX,4
00614C5F |. 8855 F1
MOV BYTE PTR SS:[EBP-F],DL
00614C62 |. C1E0 04
SHL EAX,4
00614C65 |. 8A56 01 MOV DL,BYTE
PTR DS:[ESI+1]
00614C68 |. 33C9 XOR
ECX,ECX
00614C6A |. 8ACA MOV
CL,DL
00614C6C |. C1E9 04 SHR ECX,4
00614C6F
|. 0AC1 OR AL,CL
00614C71 |.
8845 F2 MOV BYTE PTR SS:[EBP-E],AL
00614C74 |.
C1E2 04 SHL EDX,4
00614C77 |. 8A46 02
MOV AL,BYTE PTR DS:[ESI+2]
00614C7A |. 33C9
XOR ECX,ECX
00614C7C |. 8AC8
MOV CL,AL
00614C7E |. C1E9 04
SHR ECX,4
00614C81 |. 0AD1
OR DL,CL
00614C83 |. 8855 F3
MOV BYTE PTR SS:[EBP-D],DL
00614C86 |. C1E0 04
SHL EAX,4
00614C89 |. 8A56 03 MOV DL,BYTE
PTR DS:[ESI+3]
00614C8C |. 33C9 XOR
ECX,ECX
00614C8E |. 8ACA MOV
CL,DL
00614C90 |. C1E9 04 SHR ECX,4
00614C93
|. 0AC1 OR AL,CL
00614C95 |.
8845 F4 MOV BYTE PTR SS:[EBP-C],AL
00614C98 |.
80E2 0F AND DL,0F
00614C9B |. 8855 ED
MOV BYTE PTR SS:[EBP-13],DL
00614C9E |. 8A46
04 MOV AL,BYTE PTR DS:[ESI+4]
00614CA1 |. 8845
EE MOV BYTE PTR SS:[EBP-12],AL
00614CA4 |. 8A46
05 MOV AL,BYTE PTR DS:[ESI+5]
00614CA7 |. 8845
EF MOV BYTE PTR SS:[EBP-11],AL
00614CAA |. 8A46
06 MOV AL,BYTE PTR DS:[ESI+6]
00614CAD |. 8845
F0 MOV BYTE PTR SS:[EBP-10],AL
00614CB0 |. BF
10000000 MOV EDI,10
00614CB5 |. BB C8046200 MOV EBX,unpacked.006204C8
00614CBA
|. 8B75 FC MOV ESI,DWORD PTR SS:[EBP-4]
00614CBD
|> 8D45 F1 /LEA EAX,DWORD PTR SS:[EBP-F]
00614CC0
|. 8A0B |MOV CL,BYTE PTR DS:[EBX]
00614CC2
|. BA 03000000 |MOV EDX,3
00614CC7 |. E8 00FFFFFF
|CALL unpacked.00614BCC
00614CCC |. 8D45 ED
|LEA EAX,DWORD PTR SS:[EBP-13]
00614CCF |. 8A0B
|MOV CL,BYTE PTR DS:[EBX]
00614CD1 |. BA 03000000
|MOV EDX,3
00614CD6 |. E8 F1FEFFFF |CALL unpacked.00614BCC
00614CDB
|. 8A55 F1 |MOV DL,BYTE PTR SS:[EBP-F]
00614CDE
|. C1E2 04 |SHL EDX,4
00614CE1 |. 8A45
F2 |MOV AL,BYTE PTR SS:[EBP-E]
00614CE4 |. 33C9
|XOR ECX,ECX
00614CE6 |. 8AC8
|MOV CL,AL
00614CE8 |. C1E9 04
|SHR ECX,4
00614CEB |. 0AD1
|OR DL,CL
00614CED |. 8855 E6
|MOV BYTE PTR SS:[EBP-1A],DL
00614CF0 |. C1E0 04
|SHL EAX,4
00614CF3 |. 33D2
|XOR EDX,EDX
00614CF5 |. 8A55 F3
|MOV DL,BYTE PTR SS:[EBP-D]
00614CF8 |. C1EA 04
|SHR EDX,4
00614CFB |. 0AC2 |OR
AL,DL
00614CFD |. 8845 E7 |MOV BYTE PTR SS:[EBP-19],AL
00614D00
|. 8A55 F3 |MOV DL,BYTE PTR SS:[EBP-D]
00614D03
|. C1E2 04 |SHL EDX,4
00614D06 |. 8A45
F4 |MOV AL,BYTE PTR SS:[EBP-C]
00614D09 |. 33C9
|XOR ECX,ECX
00614D0B |. 8AC8
|MOV CL,AL
00614D0D |. C1E9 04
|SHR ECX,4
00614D10 |. 0AD1
|OR DL,CL
00614D12 |. 8855 E8
|MOV BYTE PTR SS:[EBP-18],DL
00614D15 |. C1E0 04
|SHL EAX,4
00614D18 |. 0A45 ED
|OR AL,BYTE PTR SS:[EBP-13]
00614D1B |. 8845 E9
|MOV BYTE PTR SS:[EBP-17],AL
00614D1E |. 8A45 EE
|MOV AL,BYTE PTR SS:[EBP-12]
00614D21 |. 8845 EA
|MOV BYTE PTR SS:[EBP-16],AL
00614D24 |. 8A45 EF
|MOV AL,BYTE PTR SS:[EBP-11]
00614D27 |. 8845
EB |MOV BYTE PTR SS:[EBP-15],AL
00614D2A |. 8A45
F0 |MOV AL,BYTE PTR SS:[EBP-10]
00614D2D |. 8845
EC |MOV BYTE PTR SS:[EBP-14],AL
00614D30 |. 6A
05 |PUSH 5
;
/Arg1 = 00000005
00614D32 |. 8BCE |MOV
ECX,ESI
; |
00614D34 |. 8D45 E6
|LEA EAX,DWORD PTR SS:[EBP-1A]
; |
00614D37 |. BA 06000000 |MOV EDX,6
; |
00614D3C |. E8 F3FDFFFF |CALL unpacked.00614B34
; \unpacked.00614B34
00614D41
|. 83C6 06 |ADD ESI,6
00614D44 |. 43
|INC EBX
00614D45 |. 4F
|DEC EDI
00614D46 |.^ 0F85 71FFFFFF
\JNZ unpacked.00614CBD
00614D4C |. 8B7D D8
MOV EDI,DWORD PTR SS:[EBP-28]
00614D4F |. 8B75 DC
MOV ESI,DWORD PTR SS:[EBP-24]
00614D52 |. 8B5D E0
MOV EBX,DWORD PTR SS:[EBP-20]
00614D55 |. 8BE5
MOV ESP,EBP
00614D57 |. 5D
POP EBP
00614D58 \. C2 0400
RETN 4
三、破解:
很不錯的軟體,包含歷年所有試題+解題。
1、完美爆破
00618E50
8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
00618E53
|. E8 54BCDEFF CALL unpacked.00404AAC
00618E58
75 18 JNE SHORT unpacked.00618E72=======>把jne改為je即可註冊成功
cracked
by lordor
03.5.2
寵辱不驚,看亭前花開花落,去留無意,
譭譽由人,望天上雲捲雲舒,聚散由風。
相關文章
- 中國計算機軟體水平考試測試系統2.0演算法分析2015-11-15計算機演算法
- 中國計算機軟體專業技術資格和水平考試考試概況 (轉)2007-08-13計算機
- 計算機軟體專業技術資格和水平考試備考要略(上) (轉)2007-12-04計算機
- 計算機軟體專業技術資格和水平考試備考要略(下) (轉)2007-12-04計算機
- 軟體測試3.02010-01-10
- 走向世界的中國IT考試--軟體水平考試 (轉)2007-12-13
- 中國計算機軟體專業技術資格和水平考試-參考書目 (轉)2007-12-04計算機
- 中國計算機軟體專業技術資格和水平考試結構 (轉)2007-12-04計算機
- 中國計算機軟體專業技術資格和水平考試問答 (轉)2007-12-04計算機
- 歷年軟體設計師考試試題分析2018-04-15
- 軟體測試-測試計劃2020-06-20
- 明年起全國計算機等級考試軟體升級 (轉)2007-12-04計算機
- 計算機等級考試的體會 (轉)2007-12-04計算機
- 軟體測試---單元、整合、系統、驗收測試2020-09-28
- 軟體測試教程之手機軟體測試方法2019-04-09
- 軟體設計師考試要求及考試範圍2024-10-09
- 軟體系統測試有哪些測試過程?系統測試報告如何收費?2022-08-17測試報告
- 軟體測試-需求分析2020-06-20
- 軟體測試案例分析2009-04-17
- 軟體系統功能測試報告2021-10-08測試報告
- 軟體測試BUG參考標準2008-05-29
- 軟體測試計劃與測試方案2023-03-29
- 【軟測試】(兩)計算機組成原理-cpu2015-08-25計算機
- Screen Demo Maker 3.0 註冊演算法分析2003-07-15演算法
- 軟體測試需求分析方法2018-07-17
- 小議軟體測試分析2009-07-13
- 軟體需求分析測試22024-10-14
- xyz計算機等級考試系統(二級c) vb編寫2015-11-15計算機
- 軟體驗收測試和系統測試的區別點2023-05-06
- 軟體測試設計2020-11-17
- 軟考之計算機硬體2017-11-09計算機
- 系統測試軟體的收集整理2004-09-03
- 測試計劃&效能測試分析報告模板(僅供參考)2019-01-14
- 軟體驗收測試有哪些測試方法?北京權威軟體測試機構安利2022-10-12
- 【軟體測試】——介面測試2020-12-26
- 軟體驗收測試 第三方軟體測試 軟體功能測試 軟體資訊保安測試2021-12-08
- 軟體測試學習——移動端功能測試分析2019-09-12
- 門戶系統測試---測試計劃2018-12-10