| 添加到收藏夹 | 返回目录页 | 上一篇:在线网络电视3.0手记 |
网络填表终结者破解分析
| 下载地址:  http://www.onlinedown.net/soft/8912.htm ------------------------------------------------------------ 破解工具: w32dasm ollydbg 破解目的: 学习~~~ ------------------------------------------------------------ [破解过程] 用户输入:冷枫 假注册码:52225229 详细过程: 004aca52 |. 55 push ebp 004aca53 |. 68 25cd4a00 push 1.004acd25 004aca58 |. 64:ff30 push dword ptr fs:[eax] 004aca5b |. 64:8920 mov dword ptr fs:[eax],esp 004aca5e |. 8d55 fc lea edx,dword ptr ss:[ebp-4] 004aca61 |. 8b83 f4020000 mov eax,dword ptr ds:[ebx+2f4] 004aca67 |. e8 bc40f9ff call 1.00440b28 ↑__//取用户名的位数~~~~~ 004aca6c |. 837 fc 00 cmp dword ptr ss:[ebp-4],0 ↑__//比较是否输入~~ eax=4 输入跳走去,不输入弹出提示~~~~~ 004a70 |. 75 29 jnz short 1.004aca9b 004aca72 |. 68 30100000 push 1030 004aca77 |. 68 34cd4a00 push 1.004acd34 004aca7c |. 68 3ccd4a00 push 1.004acd3c 004aca81 |. 6a 00 push 0 004aca83 |. e8 b0abf5ff call <jmp.&user32.messageboxa> 004aca88 |. 8b83 f4020000 mov eax,dword ptr ds:[ebx+2f4] 004aca8e |. 8b10 mov edx,dword ptr ds:[eax] 004aca90 |. ff92 c0000000 call dword ptr ds:[edx+c0] 004aca96 |. e9 3a020000 jmp 1.004accd5 ↓--从上面到这,来比较注册码位数 004aca9b |> 8d55 f8 lea edx,dword ptr ss:[ebp-8] 004aca9e |. 8b83 f8020000 mov eax,dword ptr ds:[ebx+2f8] 004acaa4 |. e8 7f40f9ff call 1.00440b28 ↑__// 取注册码的位数~~~~~ 004acaa9 |. 837d f8 00 cmp dword ptr ss:[ebp-8],0 ↑__//比较是否输入~~ eax=4 输入跳走去,不输入弹出提示~~ 004acaad |. 75 29 jnz short 1.004acad8 004acaaf |. 68 30100000 push 1030 004acab4 |. 68 34cd4a00 push 1.004acd34 004acab9 |. 68 4ccd4a00 push 1.004acd4c 004acabe |. 6a 00 push 0 004acac0 |. e8 73abf5ff call <jmp.&user32.messageboxa> 004acac5 |. 8b83 f8020000 mov eax,dword ptr ds:[ebx+2f8] 004acacb |. 8b10 mov edx,dword ptr ds:[eax] 004acacd |. ff92 c0000000 call dword ptr ds:[edx+c0] 004acad3 |. e9 fd010000 jmp 1.004accd5 ↓--从上面到这,哈哈,终于来到要点了~~~睁大眼球哦 004acad8 |> 8d45 f0 lea eax,dword ptr ss:[ebp-10] 004acadb |. 50 push eax 004acadc |. 8d55 ec lea edx,dword ptr ss:[ebp-14] 004acadf |. 8b83 fc020000 mov eax,dword ptr ds:[ebx+2fc] 004acae5 |. e8 3e40f9ff call 1.00440b28 ↑__//取机器码位数 0a [我的机器码 1439138432] 004acaea |. 8b45 ec mov eax,dword ptr ss:[ebp-14] ↑__// 将机器码1439138432移到---eax 004acaed |. b9 08000000 mov ecx,8 ↑__//将8移到ecx [从后面跟踪发现,是取机器码前8位,有时跟不懂,慢慢跟几次就会好了] 004acaf2 |. ba 01000000 mov edx,1 ↑__//将8移到edx 应该是从机器码第一位开始取吧~~ 004acaf7 |. e8 1c81f5ff call 1.00404c18 ↑__//取机器码前8位到14391384----eax 004acafc |. 8b45 f0 mov eax,dword ptr ss:[ebp-10] 004acaff |. e8 44c4f5ff call 1.00408f48 ↑__//将机器码前8位的16进制[db9858]到eax 004acb04 |. 8bf0 mov esi,eax ↑__// 将eax16进制[db9858]到esi 004acb06 |. 8d55 e8 lea edx,dword ptr ss:[ebp-18] 004acb09 |. 8b83 f4020000 mov eax,dword ptr ds:[ebx+2f4] 004acb0f |. e8 1440f9ff call 1.00440b28 ↑__//取用户的位数 [4] 004acb14 |. 8b45 e8 mov eax,dword ptr ss:[ebp-18] 004acb17 |. e8 a47ef5ff call 1.004049c0 004acb1c |. 0faff0 imul esi,eax ↑__//用机器码前8位16进制乘用户位数=db9858*4=36e6160 004acb1f |. 8bc6 mov eax,esi ↑__// 36e6160 --->eax 004acb21 |. 05 41c20b00 add eax,0bc241 ↑__// eax [36e6160 ] add 0bc241= 37a23a1 --->真正注册码 004acb26 |. 8d4d f4 lea ecx,dword ptr ss:[ebp-c] 004acb29 |. 33d2 xor edx,edx 004acb2b |. e8 dcc3f5ff call 1.00408f0c 004acb30 |. 8b45 f4 mov eax,dword ptr ss:[ebp-c] 004acb33 |. 50 push eax 004acb34 |. 8d55 e4 lea edx,dword ptr ss:[ebp-1c] ↑__//将真注册码到eax [37a23a1] 004acb37 |. 8b83 f8020000 mov eax,dword ptr ds:[ebx+2f8] 004acb3d |. e8 e63ff9ff call 1.00440b28 004acb42 |. 8b55 e4 mov edx,dword ptr ss:[ebp-1c] ↑__//我们输入的注册码 [52225229] 004acb45 |. 58 pop eax 004acb46 |. e8 b97ff5ff call 1.00404b04 ↑__//比较真假注册码的地方 004acb4b |. 0f85 60010000 jnz 1.004accb1 ↑__//关键跳转,不跳则ok,跳则over 最后得: 冷枫 37a23a1 破解小结: 算法总结: 取机器码前8位,和用户位数,然后用前8位16进制和用户位数相乘,再add 0bc241 就得注册码。 下一篇:超级电脑伴侣1.20
↓相关文章:
|