金鋒螢幕保護程式2.0破解

看雪資料發表於2015-11-15

金鋒螢幕保護程式2.0是一款製作螢幕保護的軟體,能夠實現的效果有200多個
,如果你感興趣的話,可以到http://www.jinfengsoft.com下載.
  好了還是看看檔案,用Upx加殼,脫之!看看,原來是Delphi檔案!
  找到關鍵的地方!
  我們輸入註冊碼:1234567890

我們到了下面的地方.......
016F:004BDF67 8B45FC           MOV      EAX,[EBP-04]
016F:004BDF6A E83165F4FF       CALL     004044A0
016F:004BDF6F 83F80A           CMP      EAX,BYTE +0A ;比較註冊碼個數<10?
016F:004BDF72 0F8CEA010000     JL       NEAR 004BE162 ;小於就出錯了!
016F:004BDF78 8D45F4           LEA      EAX,[EBP-0C]
016F:004BDF7B 50               PUSH     EAX
016F:004BDF7C 8D55F0           LEA      EDX,[EBP-10]
016F:004BDF7F 8B86FC020000     MOV      EAX,[ESI+02FC]
016F:004BDF85 E87EE0F9FF       CALL     0045C008
016F:004BDF8A 8B45F0           MOV      EAX,[EBP-10]
016F:004BDF8D B902000000       MOV      ECX,02
016F:004BDF92 BA01000000       MOV      EDX,01
016F:004BDF97 E86467F4FF       CALL     00404700 ;取註冊碼的前2位
016F:004BDF9C 8B4DF4           MOV      ECX,[EBP-0C]
016F:004BDF9F 8D45F8           LEA      EAX,[EBP-08]
016F:004BDFA2 BA50E24B00       MOV      EDX,004BE250
016F:004BDFA7 E84065F4FF       CALL     004044EC
016F:004BDFAC 8B45F8           MOV      EAX,[EBP-08]
016F:004BDFAF E88CA7F4FF       CALL     00408740
016F:004BDFB4 8BD8             MOV      EBX,EAX ;1,2位存入EBX
016F:004BDFB6 8D45E8           LEA      EAX,[EBP-18]
016F:004BDFB9 50               PUSH     EAX
016F:004BDFBA 8D55E4           LEA      EDX,[EBP-1C]
016F:004BDFBD 8B86FC020000     MOV      EAX,[ESI+02FC]
016F:004BDFC3 E840E0F9FF       CALL     0045C008
016F:004BDFC8 8B45E4           MOV      EAX,[EBP-1C]
016F:004BDFCB B902000000       MOV      ECX,02
016F:004BDFD0 BA03000000       MOV      EDX,03 ;取註冊碼的3,4位
016F:004BDFD5 E82667F4FF       CALL     00404700
016F:004BDFDA 8B4DE8           MOV      ECX,[EBP-18]
016F:004BDFDD 8D45EC           LEA      EAX,[EBP-14]
016F:004BDFE0 BA50E24B00       MOV      EDX,004BE250
016F:004BDFE5 E80265F4FF       CALL     004044EC
016F:004BDFEA 8B45EC           MOV      EAX,[EBP-14] ;此時EAX存入3,4位
016F:004BDFED E84EA7F4FF       CALL     00408740
016F:004BDFF2 8BD3             MOV      EDX,EBX ;儲存的1,2為結果送入EDX
016F:004BDFF4 80F20B           XOR      DL,0B 
016F:004BDFF7 81E2FF000000     AND      EDX,FF
016F:004BDFFD 3BC2             CMP      EAX,EDX ;計算的結果進行比較
016F:004BDFFF 0F855D010000     JNZ      NEAR 004BE162 ;不等就出錯
016F:004BE005 80F30B           XOR      BL,0B ;上次的1,2位的值運算
016F:004BE008 8D45DC           LEA      EAX,[EBP-24]
016F:004BE00B 50               PUSH     EAX
016F:004BE00C 8D55D8           LEA      EDX,[EBP-28]
016F:004BE00F 8B86FC020000     MOV      EAX,[ESI+02FC]
016F:004BE015 E8EEDFF9FF       CALL     0045C008
016F:004BE01A 8B45D8           MOV      EAX,[EBP-28]
016F:004BE01D B902000000       MOV      ECX,02
016F:004BE022 BA05000000       MOV      EDX,05
016F:004BE027 E8D466F4FF       CALL     00404700 ;取註冊碼的5,6位
016F:004BE02C 8B4DDC           MOV      ECX,[EBP-24]
016F:004BE02F 8D45E0           LEA      EAX,[EBP-20]
016F:004BE032 BA50E24B00       MOV      EDX,004BE250
016F:004BE037 E8B064F4FF       CALL     004044EC
016F:004BE03C 8B45E0           MOV      EAX,[EBP-20]
016F:004BE03F E8FCA6F4FF       CALL     00408740
016F:004BE044 8BD3             MOV      EDX,EBX ;4BE005處運算的值
016F:004BE046 80F216           XOR      DL,16 
016F:004BE049 81E2FF000000     AND      EDX,FF
016F:004BE04F 3BC2             CMP      EAX,EDX ;與5,6位比較
016F:004BE051 0F850B010000     JNZ      NEAR 004BE162
016F:004BE057 80F316           XOR      BL,16 ;上次的EBX值xor 16H
016F:004BE05A 8D45D0           LEA      EAX,[EBP-30]
016F:004BE05D 50               PUSH     EAX
016F:004BE05E 8D55CC           LEA      EDX,[EBP-34]
016F:004BE061 8B86FC020000     MOV      EAX,[ESI+02FC]
016F:004BE067 E89CDFF9FF       CALL     0045C008
016F:004BE06C 8B45CC           MOV      EAX,[EBP-34]
016F:004BE06F B902000000       MOV      ECX,02
016F:004BE074 BA07000000       MOV      EDX,07
016F:004BE079 E88266F4FF       CALL     00404700  ;取註冊碼的7,8位
016F:004BE07E 8B4DD0           MOV      ECX,[EBP-30]
016F:004BE081 8D45D4           LEA      EAX,[EBP-2C]
016F:004BE084 BA50E24B00       MOV      EDX,004BE250
016F:004BE089 E85E64F4FF       CALL     004044EC
016F:004BE08E 8B45D4           MOV      EAX,[EBP-2C]
016F:004BE091 E8AAA6F4FF       CALL     00408740
016F:004BE096 8BD3             MOV      EDX,EBX ;004BE057處計算的值送給EDX
016F:004BE098 80F221           XOR      DL,21 ;開始計算
016F:004BE09B 81E2FF000000     AND      EDX,FF
016F:004BE0A1 3BC2             CMP      EAX,EDX ;與7,8位比較
016F:004BE0A3 0F85B9000000     JNZ      NEAR 004BE162
016F:004BE0A9 80F321           XOR      BL,21 ;上次的EBX的值xor 21H
016F:004BE0AC 8D45C4           LEA      EAX,[EBP-3C]
016F:004BE0AF 50               PUSH     EAX
016F:004BE0B0 8D55C0           LEA      EDX,[EBP-40]
016F:004BE0B3 8B86FC020000     MOV      EAX,[ESI+02FC]
016F:004BE0B9 E84ADFF9FF       CALL     0045C008
016F:004BE0BE 8B45C0           MOV      EAX,[EBP-40]
016F:004BE0C1 B902000000       MOV      ECX,02
016F:004BE0C6 BA09000000       MOV      EDX,09  ;取9,10位
016F:004BE0CB E83066F4FF       CALL     00404700
016F:004BE0D0 8B4DC4           MOV      ECX,[EBP-3C]
016F:004BE0D3 8D45C8           LEA      EAX,[EBP-38]
016F:004BE0D6 BA50E24B00       MOV      EDX,004BE250
016F:004BE0DB E80C64F4FF       CALL     004044EC
016F:004BE0E0 8B45C8           MOV      EAX,[EBP-38]
016F:004BE0E3 E858A6F4FF       CALL     00408740
016F:004BE0E8 80F32C           XOR      BL,2C ;進行XOR
016F:004BE0EB 33D2             XOR      EDX,EDX ;清0
016F:004BE0ED 8AD3             MOV      DL,BL ;存入DL
016F:004BE0EF 3BC2             CMP      EAX,EDX ;與9,10位比較
016F:004BE0F1 756F             JNZ      004BE162
016F:004BE0F3 8D55BC           LEA      EDX,[EBP-44]
016F:004BE0F6 8B86FC020000     MOV      EAX,[ESI+02FC]
016F:004BE0FC E807DFF9FF       CALL     0045C008
016F:004BE101 8B4DBC           MOV      ECX,[EBP-44]
016F:004BE104 BA5CE24B00       MOV      EDX,004BE25C
016F:004BE109 B86CE24B00       MOV      EAX,004BE26C
016F:004BE10E E889F0FFFF       CALL     004BD19C
016F:004BE113 8D45B8           LEA      EAX,[EBP-48]
016F:004BE116 E83DF9FFFF       CALL     004BDA58
016F:004BE11B 8B4DB8           MOV      ECX,[EBP-48]
016F:004BE11E BA80E24B00       MOV      EDX,004BE280
016F:004BE123 B86CE24B00       MOV      EAX,004BE26C
016F:004BE128 E86FF0FFFF       CALL     004BD19C
016F:004BE12D 6A40             PUSH     BYTE +40
016F:004BE12F 8D55B4           LEA      EDX,[EBP-4C]
016F:004BE132 A1D8AF4C00       MOV      EAX,[004CAFD8]
016F:004BE137 8B00             MOV      EAX,[EAX]
  
  總結一下,透過輸入註冊碼1234567890,分成5組,透過第一組12進行計算
12 xor 0B And FFH,最後的結果和3,4位進行比較!然後在透過上次BL的值
計算儲存到EDX中,然後計算5,6位的值,和輸入的5,6位的值進行比較,依此類
推.可以說是透過計算1,2位值的計算得出3,4位的值,然後透過3,4位的值得到
5,6位的值,然後透過5,6位的值得到7,8位的值,然後透過計算7,8位的值得到
9,10位的值.但是當我們輸入正確的註冊碼時提示"註冊已完成",但是重新啟動
後還是會出現沒有註冊時的視窗,提示你還能用多少天.


我的機器碼是:91F19201BD75E771F7761111D76
註冊碼為:12190F2E02

   
不好意思,一篇爛文又誕生了!  


Made By dengkeng
E-mail:shellc0de@sohu.com
歡迎轉載,請保持文章的完整性

相關文章