桌面鋼筆v2.0破解過程,入門級,高手莫入。
破解軟體:桌面鋼筆v2.0
下載地址:http://www.arongsoft.net/soft/4533.htm,阿榕軟體園
除錯工具:OD,PEID
破解平臺:XP
軟體介紹:執行本桌面鋼筆V2.0後,桌面會出現一支鋼筆圖形,按住滑鼠左鍵移動滑鼠可在桌面隨意寫
字畫畫。
破解說明:今天閒得無聊,拿來試試手,失誤之處請見諒。
執行軟體,提示註冊,隨便輸入點註冊,出現錯誤提示。PEID查有UPX殼,弱殼,不想脫了,帶殼除錯。
用OD附加程式,然後用Ultra String Refrence外掛查詢錯誤資訊,一直向上看來到判斷子過程的入口處:
0041C02D push ebp
0041C02E mov ebp,esp
0041C030 sub esp,2C
0041C036 push 0
0041C03B mov ebx,6C4
0041C040 call 桌面鋼筆.0041D199
0041C045 add esp,4
0041C048 push 80000301
0041C04D push 0
0041C04F push eax
0041C050 push 1
0041C055 mov ebx,164
0041C05A call 桌面鋼筆.0041D199
0041C05F add esp,10
0041C062 mov dword ptr ss:[ebp-C],eax
0041C065 mov dword ptr ss:[ebp-8],edx
0041C068 fld qword ptr ss:[ebp-C] ; 機器碼入棧,2111755623
0041C06B fmul qword ptr ds:[412FC0] ; 乘[412FC0]的浮點值46398,得
9.7981237395954E+13
0041C071 fstp qword ptr ss:[ebp-14] ; 出棧
0041C074 fld qword ptr ss:[ebp-14] ; 入棧
0041C077 fadd qword ptr ds:[412FC8] ; 加浮點值1111,結果為9.7981237397065E+13
0041C07D fstp qword ptr ss:[ebp-1C] ; 出棧
0041C080 fld qword ptr ss:[ebp-1C] ; 入棧
0041C083 call 桌面鋼筆.0041A381 ; 取浮點的結果,返回EAX值。跟入
0041A381 push ebp
0041A382 mov ebp,esp
0041A384 add esp,-0C
0041A387 fstcw word ptr ss:[ebp-2]
0041A38A mov ax,word ptr ss:[ebp-2]
0041A38E or ah,0C
0041A391 mov word ptr ss:[ebp-4],ax
0041A395 fldcw word ptr ss:[ebp-4]
0041A398 fistp qword ptr ss:[ebp-C] ; 浮點結果出棧,儲存在[ebp-c],十六進位制
為591D08D98649
0041A39B fldcw word ptr ss:[ebp-2]
0041A39E mov eax,dword ptr ss:[ebp-C] ; 將結果的後8位賦值給eax,即08D98649
0041A3A1 mov edx,dword ptr ss:[ebp-8]
0041A3A4 mov esp,ebp
0041A3A6 pop ebp
0041A3A7 retn
繼續跟蹤:
0041C088 push 80000301
0041C08D push 0
0041C08F push eax ; EAX=08D98649
0041C090 push 1
0041C095 mov ebx,1D4
0041C09A call 桌面鋼筆.0041D199 ; 將EAX的值轉化為字元,即“8D98649”
0041C09F add esp,10
0041C0A2 mov dword ptr ss:[ebp-20],eax
0041C0A5 push 80000004
0041C0AA push 0
0041C0AC mov eax,dword ptr ss:[ebp-20]
0041C0AF test eax,eax
0041C0B1 jnz short 桌面鋼筆.0041C0B8
0041C0B3 mov eax,桌面鋼筆.0040F1D3
0041C0B8 push eax
0041C0B9 push 1
0041C0BE mov ebx,168
0041C0C3 call 桌面鋼筆.0041D199
0041C0C8 add esp,10
0041C0CB mov dword ptr ss:[ebp-24],eax
0041C0CE mov ebx,dword ptr ss:[ebp-20]
0041C0D1 test ebx,ebx
0041C0D3 je short 桌面鋼筆.0041C0DE
0041C0D5 push ebx
0041C0D6 call 桌面鋼筆.0041D181
0041C0DB add esp,4
0041C0DE push -1
0041C0E0 push 8
0041C0E2 push 1601009F
0041C0E7 push 5201009B
0041C0EC call 桌面鋼筆.0041D1A5 ; 獲取輸入碼第一部分
0041C0F1 add esp,10
0041C0F4 mov dword ptr ss:[ebp-28],eax
0041C0F7 mov eax,dword ptr ss:[ebp-24]
0041C0FA push eax ; 正確碼
0041C0FB push dword ptr ss:[ebp-28] ; 輸入碼
0041C0FE call 桌面鋼筆.0041BF09 ; 比較是否相等
0041C103 add esp,8
0041C106 cmp eax,0
0041C109 mov eax,0
0041C10E sete al ; 相等則置1
0041C111 mov dword ptr ss:[ebp-2C],eax ; [ebp-2c]標誌位
0041C114 mov ebx,dword ptr ss:[ebp-28]
0041C117 test ebx,ebx
0041C119 je short 桌面鋼筆.0041C124
0041C11B push ebx
0041C11C call 桌面鋼筆.0041D181
0041C121 add esp,4
0041C124 mov ebx,dword ptr ss:[ebp-24]
0041C127 test ebx,ebx
0041C129 je short 桌面鋼筆.0041C134
0041C12B push ebx
0041C12C call 桌面鋼筆.0041D181
0041C131 add esp,4
0041C134 cmp dword ptr ss:[ebp-2C],0
0041C138 je 桌面鋼筆.0041C4A5 ; 暴破點一
0041C13E push 0
0041C143 mov ebx,6C4
0041C148 call 桌面鋼筆.0041D199
0041C14D add esp,4
0041C150 push 80000301
0041C155 push 0
0041C157 push eax
0041C158 push 1
0041C15D mov ebx,164
0041C162 call 桌面鋼筆.0041D199
0041C167 add esp,10
0041C16A mov dword ptr ss:[ebp-C],eax
0041C16D mov dword ptr ss:[ebp-8],edx
0041C170 fld qword ptr ss:[ebp-C] ; 機器碼入棧,2111755623
0041C173 fmul qword ptr ds:[412FD0] ; 乘12987,得2.7425370275901E+13
0041C179 fstp qword ptr ss:[ebp-14]
0041C17C fld qword ptr ss:[ebp-14]
0041C17F fadd qword ptr ds:[412FD8] ; 加2222,得2.7425370278123E+13
0041C185 fstp qword ptr ss:[ebp-1C]
0041C188 fld qword ptr ss:[ebp-1C]
0041C18B call 桌面鋼筆.0041A381 ; 取浮點的結果,返回EAX值。略
0041C190 push 80000301
0041C195 push 0
0041C197 push eax ; EAX=777408EB
0041C198 push 1
0041C19D mov ebx,1D4
0041C1A2 call 桌面鋼筆.0041D199 ; 將EAX的值轉化為字元,即“777408EB
”
0041C1A7 add esp,10
0041C1AA mov dword ptr ss:[ebp-20],eax
0041C1AD push 80000004
0041C1B2 push 0
0041C1B4 mov eax,dword ptr ss:[ebp-20]
0041C1B7 test eax,eax
0041C1B9 jnz short 桌面鋼筆.0041C1C0
0041C1BB mov eax,桌面鋼筆.0040F1D3
0041C1C0 push eax
0041C1C1 push 1
0041C1C6 mov ebx,168
0041C1CB call 桌面鋼筆.0041D199
0041C1D0 add esp,10
0041C1D3 mov dword ptr ss:[ebp-24],eax
0041C1D6 mov ebx,dword ptr ss:[ebp-20]
0041C1D9 test ebx,ebx
0041C1DB je short 桌面鋼筆.0041C1E6
0041C1DD push ebx
0041C1DE call 桌面鋼筆.0041D181
0041C1E3 add esp,4
0041C1E6 push -1
0041C1E8 push 8
0041C1EA push 160100A1
0041C1EF push 5201009B
0041C1F4 call 桌面鋼筆.0041D1A5 ; 獲得輸入碼第二部分
0041C1F9 add esp,10
0041C1FC mov dword ptr ss:[ebp-28],eax
0041C1FF mov eax,dword ptr ss:[ebp-24]
0041C202 push eax ; 正確碼
0041C203 push dword ptr ss:[ebp-28] ; 輸入碼
0041C206 call 桌面鋼筆.0041BF09 ; 比較是否相等
0041C20B add esp,8
0041C20E cmp eax,0
0041C211 mov eax,0
0041C216 sete al ; 相等則置1
0041C219 mov dword ptr ss:[ebp-2C],eax ; [ebp-2c]標誌位
0041C21C mov ebx,dword ptr ss:[ebp-28]
0041C21F test ebx,ebx
0041C221 je short 桌面鋼筆.0041C22C
0041C223 push ebx
0041C224 call 桌面鋼筆.0041D181
0041C229 add esp,4
0041C22C mov ebx,dword ptr ss:[ebp-24]
0041C22F test ebx,ebx
0041C231 je short 桌面鋼筆.0041C23C
0041C233 push ebx
0041C234 call 桌面鋼筆.0041D181
0041C239 add esp,4
0041C23C cmp dword ptr ss:[ebp-2C],0
0041C240 je 桌面鋼筆.0041C42F ; 暴破點二
0041C246 push 0
0041C24B mov ebx,6C4
0041C250 call 桌面鋼筆.0041D199
0041C255 add esp,4
0041C258 push 80000301
0041C25D push 0
0041C25F push eax
0041C260 push 1
0041C265 mov ebx,164
0041C26A call 桌面鋼筆.0041D199
0041C26F add esp,10
0041C272 mov dword ptr ss:[ebp-C],eax
0041C275 mov dword ptr ss:[ebp-8],edx
0041C278 fld qword ptr ss:[ebp-C] ; 機器碼入棧,2111755623
0041C27B fmul qword ptr ds:[412FE0] ; 乘91548,得1.93403026976832E+14
0041C281 fstp qword ptr ss:[ebp-14]
0041C284 fld qword ptr ss:[ebp-14]
0041C287 fadd qword ptr ds:[412FE8] ; 加3333,得1.93403026980165E+14
0041C28D fstp qword ptr ss:[ebp-1C]
0041C290 fld qword ptr ss:[ebp-1C]
0041C293 call 桌面鋼筆.0041A381 ; 取浮點的結果,返回EAX值。略
0041C298 push 80000301
0041C29D push 0
0041C29F push eax ; EAX=26B8BD45
0041C2A0 push 1
0041C2A5 mov ebx,1D4
0041C2AA call 桌面鋼筆.0041D199 ; 將EAX的值轉化為字元,即“26B8BD45
”
0041C2AF add esp,10
0041C2B2 mov dword ptr ss:[ebp-20],eax
0041C2B5 push 80000004
0041C2BA push 0
0041C2BC mov eax,dword ptr ss:[ebp-20]
0041C2BF test eax,eax
0041C2C1 jnz short 桌面鋼筆.0041C2C8
0041C2C3 mov eax,桌面鋼筆.0040F1D3
0041C2C8 push eax
0041C2C9 push 1
0041C2CE mov ebx,168
0041C2D3 call 桌面鋼筆.0041D199
0041C2D8 add esp,10
0041C2DB mov dword ptr ss:[ebp-24],eax
0041C2DE mov ebx,dword ptr ss:[ebp-20]
0041C2E1 test ebx,ebx
0041C2E3 je short 桌面鋼筆.0041C2EE
0041C2E5 push ebx
0041C2E6 call 桌面鋼筆.0041D181
0041C2EB add esp,4
0041C2EE push -1
0041C2F0 push 8
0041C2F2 push 160100A0
0041C2F7 push 5201009B
0041C2FC call 桌面鋼筆.0041D1A5 ; 獲得輸入碼第三部分
0041C301 add esp,10
0041C304 mov dword ptr ss:[ebp-28],eax
0041C307 mov eax,dword ptr ss:[ebp-24]
0041C30A push eax ; 正確碼
0041C30B push dword ptr ss:[ebp-28] ; 輸入碼
0041C30E call 桌面鋼筆.0041BF09 ; 比較是否相等
0041C313 add esp,8
0041C316 cmp eax,0
0041C319 mov eax,0
0041C31E sete al ; 相等則置1
0041C321 mov dword ptr ss:[ebp-2C],eax ; [ebp-2c]標誌位
0041C324 mov ebx,dword ptr ss:[ebp-28]
0041C327 test ebx,ebx
0041C329 je short 桌面鋼筆.0041C334
0041C32B push ebx
0041C32C call 桌面鋼筆.0041D181
0041C331 add esp,4
0041C334 mov ebx,dword ptr ss:[ebp-24]
0041C337 test ebx,ebx
0041C339 je short 桌面鋼筆.0041C344
0041C33B push ebx
0041C33C call 桌面鋼筆.0041D181
0041C341 add esp,4
0041C344 cmp dword ptr ss:[ebp-2C],0
0041C348 je 桌面鋼筆.0041C3B9 ; 暴破點三
0041C34E call 桌面鋼筆.0041C51A
0041C353 push 80000004
0041C358 push 0
0041C35A push 桌面鋼筆.00412FF0
0041C35F push 80000301
0041C364 push 0
0041C366 push 40
0041C36B push 80000004
0041C370 push 0
0041C372 push 桌面鋼筆.00413001 ; 恭喜你,你已經成功註冊此軟體
0041C377 push 3
0041C37C mov ebx,300
0041C381 call 桌面鋼筆.0041D199
0041C386 add esp,28
0041C389 push 10001
0041C38E push 601009C
0041C393 push 5201009B
0041C398 push 1
0041C39D mov ebx,360
0041C3A2 call 桌面鋼筆.0041D199
0041C3A7 add esp,10
0041C3AA push 0
0041C3AC call 桌面鋼筆.0041D169
0041C3B1 add esp,4
0041C3B4 jmp 桌面鋼筆.0041C42A
小結:分三部分採用浮點計算(用十進位制)註冊碼。算完後取十六進位制的後8位結果為正確碼。
SN1=2111755623*46398+1111=591D08D98649,正確碼為8D98649(首位0不要)
SN2=2111755623*12987+2222=18F1777408EB,正確碼為777408EB
SN3=2111755623*91548+3333=AFE626B8BD45,正確碼為26B8BD45
即註冊碼為8D98649-777408EB-26B8BD45
相關文章
- crackme破解教程(續) (高手莫入) (2千字)2001-03-17
- 最近很忙,剛寫了一篇Uedit32 8.0破解過程(高手莫入)! (12千字)2001-05-07
- Mouse Odometer v2.0破解(入門) (5千字)2000-10-01
- 豪*超級解*別V8+SP1版 怒而解之全過程(新手教程、高手莫入)2004-06-08
- 鋼琴--入門2018-09-05
- 《ICONSCAN 2.4》註冊碼破解 高手莫入! (3千字)2001-05-06
- 《MAGICWIN RELEASE 1.2》註冊碼破解 高手莫入! (2千字)2001-05-07
- HEdit 2.0 的註冊破解過程 <<-------可能過時了高手末入
(8千字)2001-02-23
- 某電子書註冊破解實錄,高手莫入。 (6千字)2002-10-05
- 向真真正正的EJB高手求救!(初級者莫入)2003-05-22
- 《EASY MP3 2.2》的註冊碼破解 高手莫入! (2千字)2001-05-05
- 再貼:軟體管理專家(Flashsoft) 1.05的破解(高手莫入)
(3千字)2001-04-22
- 《OFFLINE EXPLORER 1.0》的註冊碼破解 高手莫入!! (2千字)2001-05-18
- 簡單破解:電子郵件地址搜尋器------->高手莫入 (4千字)2001-06-19
- 破解WorkgroupMail 的30天的時間限制(FCG作業)---高手莫入! (10千字)2015-11-15AI
- PowerArchiver破解過程。2015-11-15Hive
- 儲存過程入門初識2012-06-15儲存過程
- 桌面級3D印表機使用快速入門2017-10-233D
- NUXT SSR初級入門筆記2019-12-14UX筆記
- MFC入門——菜鳥級筆記2016-11-30筆記
- LDA入門級學習筆記2016-05-08LDA筆記
- 財智證券結算軟體2.5 破解註冊碼分析!使用ollydbg 破解註冊動畫!高手莫入! (1千字)2001-11-20動畫
- 破文一篇:易經八卦占卜程式7.0的破解(高手莫入) (8千字)2001-08-31
- 超級鋼琴2024-03-20
- java學習筆記1(入門級)2021-06-20Java筆記
- 破解環球商務資訊釋出系統2.0中文版----------->高手莫入 (5千字)2001-06-10
- 破文三,高手莫入,非常簡單 (2千字)2001-08-01
- Easy Applet Builder破解(入門級) (5千字)2000-10-01APPUI
- 半個前端新手入門Electron的過程2023-02-01前端
- 貫通詞典破解過程2004-12-20
- 破解FlashGet1.65的過程2015-11-15
- 超級個人軟體 V2.5 破解過程! (3千字)2002-03-04
- GNOME Linux 桌面入門2019-12-14Linux
- 我的第2篇破文 高手莫入!! (3千字)2001-11-11
- 鋼鐵廠來了“新員工”破解廢鋼定級行業難題2020-12-03行業
- Electron入門Demo之桌面應用計算器筆記(二)2021-01-21筆記
- RegSnap 2.6破解過程 (610字)2001-02-17
- B-Puzzle Version 5.0破解過程,請高手指點,謝謝!★強烈向初學破解者推薦★ (2千字)2001-11-25