希望杀号公式爆破
希望杀号公式爆破【破文标题】希望杀号公式爆破
【软件名称】希望杀号公式2.06
【破解工具】PEID,W32Dasm
【保护方式】ASPack 2.12 -> Alexey Solodovnikov
现在我们来破解它吧!!看看它是怎么注册的,随便输入一个注册码
(787878我习惯)。出现了错误提示。然后我们用W32DASM载入它,选择“字串
符参考”,找到“"软件已经注册,注册码是:",我们双击它,来到一行代码前
,向上找到关键的跳转
:004B9536 8B45F0 mov eax, dword ptr
:004B9539 E8EAFBFFFF call 004B9128
:004B953E 84C0 test al, al
:004B9540 7562 jne 004B95A4 关键跳转
:004B9542 8B45FC mov eax, dword ptr
:004B9545 8B80E8020000 mov eax, dword ptr
* Possible StringData Ref from Data Obj ->"软件已经注册,注册码是:"
|
:004B954B BA54974B00 mov edx, 004B9754 停在些,往上找!
!
:004B9550 E86B65F7FF call 0042FAC0
:004B9555 8B45FC mov eax, dword ptr
[ 本帖最后由 tigerisme 于 2007-1-21 17:16 编辑 ] 标志位爆破...支持一下
最好给出软件的下载连接
我再来个详细点的,嘿嘿,占兄弟便宜了!!!
我再来个详细点的,嘿嘿,占兄弟便宜了!!!软件下载地址:www.sharebank.com.cn/soft/SoftView_16441.htm
004B93F0 $55 PUSH EBP ;这里是菜单中关于的断点位置
004B93F1 .8BEC MOV EBP,ESP
004B93F3 .83C4 C0 ADD ESP,-40
004B93F6 .53 PUSH EBX
004B93F7 .56 PUSH ESI
004B93F8 .57 PUSH EDI
004B93F9 .33DB XOR EBX,EBX
004B93FB .895D C4 MOV DWORD PTR SS:,EBX
004B93FE .895D C0 MOV DWORD PTR SS:,EBX
004B9401 .895D E0 MOV DWORD PTR SS:,EBX
004B9404 .895D DC MOV DWORD PTR SS:,EBX
004B9407 .895D EC MOV DWORD PTR SS:,EBX
004B940A .895D E8 MOV DWORD PTR SS:,EBX
004B940D .895D E4 MOV DWORD PTR SS:,EBX
004B9410 .84D2 TEST DL,DL
004B9412 .74 08 JE SHORT _UnPacke.004B941C
004B9414 .83C4 F0 ADD ESP,-10
004B9417 .E8 0C9EF4FF CALL _UnPacke.00403228
004B941C >894D F4 MOV DWORD PTR SS:,ECX
004B941F .8855 FB MOV BYTE PTR SS:,DL
004B9422 .8945 FC MOV DWORD PTR SS:,EAX
004B9425 .33C0 XOR EAX,EAX
004B9427 .55 PUSH EBP
004B9428 .68 0B964B00 PUSH _UnPacke.004B960B
004B942D .64:FF30 PUSH DWORD PTR FS:
004B9430 .64:8920 MOV DWORD PTR FS:,ESP
004B9433 .8B4D F4 MOV ECX,DWORD PTR SS:
004B9436 .33D2 XOR EDX,EDX
004B9438 .8B45 FC MOV EAX,DWORD PTR SS:
004B943B .E8 1CD8F8FF CALL _UnPacke.00446C5C ;这里关于软件版本的东东
004B9440 .68 3C964B00 PUSH _UnPacke.004B963C ;v2.06
004B9445 .8D45 E8 LEA EAX,DWORD PTR SS:
004B9448 .50 PUSH EAX
004B9449 .B9 04000000 MOV ECX,4
004B944E .BA 01000000 MOV EDX,1
004B9453 .B8 4C964B00 MOV EAX,_UnPacke.004B964C ;20060602
004B9458 .E8 F7ABF4FF CALL _UnPacke.00404054
004B945D .FF75 E8 PUSH DWORD PTR SS:
004B9460 .68 60964B00 PUSH _UnPacke.004B9660 ;年
004B9465 .8D45 E4 LEA EAX,DWORD PTR SS:
004B9468 .50 PUSH EAX
004B9469 .B8 4C964B00 MOV EAX,_UnPacke.004B964C ;20060602
004B946E .B9 02000000 MOV ECX,2
004B9473 .BA 05000000 MOV EDX,5
004B9478 .E8 D7ABF4FF CALL _UnPacke.00404054
004B947D .FF75 E4 PUSH DWORD PTR SS:
004B9480 .68 6C964B00 PUSH _UnPacke.004B966C ;月出品
004B9485 .8D45 EC LEA EAX,DWORD PTR SS:
004B9488 .BA 05000000 MOV EDX,5
004B948D .E8 7AAAF4FF CALL _UnPacke.00403F0C
004B9492 .8B55 EC MOV EDX,DWORD PTR SS:
004B9495 .8B45 FC MOV EAX,DWORD PTR SS:
004B9498 .8B80 DC020000 MOV EAX,DWORD PTR DS:
004B949E .E8 1D66F7FF CALL _UnPacke.0042FAC0
004B94A3 .B2 01 MOV DL,1
004B94A5 .A1 947D4B00 MOV EAX,DWORD PTR DS:
004B94AA .E8 61EEFFFF CALL _UnPacke.004B8310
004B94AF .8945 F0 MOV DWORD PTR SS:,EAX
004B94B2 .8B45 FC MOV EAX,DWORD PTR SS:
004B94B5 .8B80 D8020000 MOV EAX,DWORD PTR DS:
004B94BB .BA 7C964B00 MOV EDX,_UnPacke.004B967C ;希望杀号公式
004B94C0 .E8 FB65F7FF CALL _UnPacke.0042FAC0
004B94C5 .8B45 FC MOV EAX,DWORD PTR SS:
004B94C8 .8B80 D4020000 MOV EAX,DWORD PTR DS:
004B94CE .BA 94964B00 MOV EDX,_UnPacke.004B9694 ;软件验证用户的自定义公式,绝杀指定类型的号码,统计公式的成功比率,软件界面简洁,统计全面,适合普通彩民研究公式杀号。本软件适用于福彩3D以及排列3彩票。
004B94D3 .E8 E865F7FF CALL _UnPacke.0042FAC0
004B94D8 .8B45 FC MOV EAX,DWORD PTR SS:
004B94DB .8B80 F4020000 MOV EAX,DWORD PTR DS:
004B94E1 .BA 34974B00 MOV EDX,_UnPacke.004B9734 ;http://www.3dsoft.net
004B94E6 .E8 D565F7FF CALL _UnPacke.0042FAC0
004B94EB .33C0 XOR EAX,EAX
004B94ED .55 PUSH EBP
004B94EE .68 D1954B00 PUSH _UnPacke.004B95D1
004B94F3 .64:FF30 PUSH DWORD PTR FS:
004B94F6 .64:8920 MOV DWORD PTR FS:,ESP
004B94F9 .8D45 E0 LEA EAX,DWORD PTR SS:
004B94FC .50 PUSH EAX
004B94FD .8D55 C8 LEA EDX,DWORD PTR SS:
004B9500 .8B45 F0 MOV EAX,DWORD PTR SS:
004B9503 .E8 F8F2FFFF CALL _UnPacke.004B8800
004B9508 .8D55 C8 LEA EDX,DWORD PTR SS:
004B950B .8D45 DC LEA EAX,DWORD PTR SS:
004B950E .E8 DDA8F4FF CALL _UnPacke.00403DF0
004B9513 .8B4D DC MOV ECX,DWORD PTR SS:
004B9516 .BA FDFFFFFF MOV EDX,-3
004B951B .B8 F3FFFFFF MOV EAX,-0D
004B9520 .E8 8FEBFFFF CALL _UnPacke.004B80B4 ;这部份为提取本机机器码的
004B9525 .8B55 E0 MOV EDX,DWORD PTR SS:
004B9528 .8B45 FC MOV EAX,DWORD PTR SS:
004B952B .8B80 E0020000 MOV EAX,DWORD PTR DS:
004B9531 .E8 CAEEFBFF CALL _UnPacke.00478400
004B9536 .8B45 F0 MOV EAX,DWORD PTR SS:
004B9539 .E8 EAFBFFFF CALL _UnPacke.004B9128
004B953E .84C0 TEST AL,AL 这里标志位,未注册为AL=00
004B9540 .74 62 JE SHORT _UnPacke.004B95A4 此处为关键跳,跳则出错
004B9542 .8B45 FC MOV EAX,DWORD PTR SS:
004B9545 .8B80 E8020000 MOV EAX,DWORD PTR DS:
004B954B .BA 54974B00 MOV EDX,_UnPacke.004B9754 ;软件已经注册,注册码是:
004B9550 .E8 6B65F7FF CALL _UnPacke.0042FAC0
004B9555 .8B45 FC MOV EAX,DWORD PTR SS:
004B9558 .8B80 E4020000 MOV EAX,DWORD PTR DS:
004B955E .33D2 XOR EDX,EDX
004B9560 .E8 4364F7FF CALL _UnPacke.0042F9A8
004B9565 .8D45 C4 LEA EAX,DWORD PTR SS:
004B9568 .50 PUSH EAX
004B9569 .8D55 C8 LEA EDX,DWORD PTR SS:
004B956C .8B45 F0 MOV EAX,DWORD PTR SS:
004B956F .E8 ACF2FFFF CALL _UnPacke.004B8820
004B9574 .8D55 C8 LEA EDX,DWORD PTR SS:
004B9577 .8D45 C0 LEA EAX,DWORD PTR SS:
004B957A .E8 71A8F4FF CALL _UnPacke.00403DF0
004B957F .8B4D C0 MOV ECX,DWORD PTR SS:
004B9582 .BA FCFFFFFF MOV EDX,-4
004B9587 .B8 F7FFFFFF MOV EAX,-9
004B958C .E8 23EBFFFF CALL _UnPacke.004B80B4
004B9591 .8B55 C4 MOV EDX,DWORD PTR SS: ;真码出现
004B9594 .8B45 FC MOV EAX,DWORD PTR SS:
004B9597 .8B80 E0020000 MOV EAX,DWORD PTR DS:
004B959D .E8 5EEEFBFF CALL _UnPacke.00478400
004B95A2 .EB 23 JMP SHORT _UnPacke.004B95C7
004B95A4 >8B45 FC MOV EAX,DWORD PTR SS:
004B95A7 .8B80 E8020000 MOV EAX,DWORD PTR DS:
004B95AD .BA 78974B00 MOV EDX,_UnPacke.004B9778 ;软件尚未注册,机器码是:
004B95B2 .E8 0965F7FF CALL _UnPacke.0042FAC0
004B95B7 .8B45 FC MOV EAX,DWORD PTR SS:
004B95BA .8B80 E4020000 MOV EAX,DWORD PTR DS:
004B95C0 .B2 01 MOV DL,1
004B95C2 .E8 E163F7FF CALL _UnPacke.0042F9A8
004B95C7 >33C0 XOR EAX,EAX
004B95C9 .5A POP EDX
004B95CA .59 POP ECX
004B95CB .59 POP ECX
004B95CC .64:8910 MOV DWORD PTR FS:,EDX
004B95CF .EB 12 JMP SHORT _UnPacke.004B95E3
004B95D1 .^ E9 BE9DF4FF JMP _UnPacke.00403394
004B95D6 .8B45 F0 MOV EAX,DWORD PTR SS:
004B95D9 .E8 0A99F4FF CALL _UnPacke.00402EE8
004B95DE .E8 0DA1F4FF CALL _UnPacke.004036F0
004B95E3 >33C0 XOR EAX,EAX
004B95E5 .5A POP EDX
004B95E6 .59 POP ECX
004B95E7 .59 POP ECX
004B95E8 .64:8910 MOV DWORD PTR FS:,EDX
004B95EB .68 12964B00 PUSH _UnPacke.004B9612
004B95F0 >8D45 C0 LEA EAX,DWORD PTR SS:
004B95F3 .BA 02000000 MOV EDX,2
004B95F8 .E8 F3A5F4FF CALL _UnPacke.00403BF0
004B95FD .8D45 DC LEA EAX,DWORD PTR SS:
004B9600 .BA 05000000 MOV EDX,5
004B9605 .E8 E6A5F4FF CALL _UnPacke.00403BF0
004B960A .C3 RETN
修改前
004B953E .84C0 TEST AL,AL 这里标志位,未注册为AL=00
004B9540 .74 62 JE SHORT _UnPacke.004B95A4 此处为关键跳,跳则出错
修改后
004B953E .84C0 TEST AL,AL ;标志位,未注册为00
004B9540 90 NOP ;这里是关键跳转,转则出错
004B9541 90 NOP
补充一个希望杀号公式爆破
004B93F0 $55 PUSH EBP ;这里是菜单中关于的断点位置004B93F1 .8BEC MOV EBP,ESP
004B93F3 .83C4 C0 ADD ESP,-40
004B93F6 .53 PUSH EBX
004B93F7 .56 PUSH ESI
004B93F8 .57 PUSH EDI
004B93F9 .33DB XOR EBX,EBX
004B93FB .895D C4 MOV DWORD PTR SS:,EBX
004B93FE .895D C0 MOV DWORD PTR SS:,EBX
004B9401 .895D E0 MOV DWORD PTR SS:,EBX
004B9404 .895D DC MOV DWORD PTR SS:,EBX
004B9407 .895D EC MOV DWORD PTR SS:,EBX
004B940A .895D E8 MOV DWORD PTR SS:,EBX
004B940D .895D E4 MOV DWORD PTR SS:,EBX
004B9410 .84D2 TEST DL,DL
004B9412 .74 08 JE SHORT _UnPacke.004B941C
004B9414 .83C4 F0 ADD ESP,-10
004B9417 .E8 0C9EF4FF CALL _UnPacke.00403228
004B941C >894D F4 MOV DWORD PTR SS:,ECX
004B941F .8855 FB MOV BYTE PTR SS:,DL
004B9422 .8945 FC MOV DWORD PTR SS:,EAX
004B9425 .33C0 XOR EAX,EAX
004B9427 .55 PUSH EBP
004B9428 .68 0B964B00 PUSH _UnPacke.004B960B
004B942D .64:FF30 PUSH DWORD PTR FS:
004B9430 .64:8920 MOV DWORD PTR FS:,ESP
004B9433 .8B4D F4 MOV ECX,DWORD PTR SS:
004B9436 .33D2 XOR EDX,EDX
004B9438 .8B45 FC MOV EAX,DWORD PTR SS:
004B943B .E8 1CD8F8FF CALL _UnPacke.00446C5C ;这里关于软件版本的东东
004B9440 .68 3C964B00 PUSH _UnPacke.004B963C ;v2.06
004B9445 .8D45 E8 LEA EAX,DWORD PTR SS:
004B9448 .50 PUSH EAX
004B9449 .B9 04000000 MOV ECX,4
004B944E .BA 01000000 MOV EDX,1
004B9453 .B8 4C964B00 MOV EAX,_UnPacke.004B964C ;20060602
004B9458 .E8 F7ABF4FF CALL _UnPacke.00404054
004B945D .FF75 E8 PUSH DWORD PTR SS:
004B9460 .68 60964B00 PUSH _UnPacke.004B9660 ;年
004B9465 .8D45 E4 LEA EAX,DWORD PTR SS:
004B9468 .50 PUSH EAX
004B9469 .B8 4C964B00 MOV EAX,_UnPacke.004B964C ;20060602
004B946E .B9 02000000 MOV ECX,2
004B9473 .BA 05000000 MOV EDX,5
004B9478 .E8 D7ABF4FF CALL _UnPacke.00404054
004B947D .FF75 E4 PUSH DWORD PTR SS:
004B9480 .68 6C964B00 PUSH _UnPacke.004B966C ;月出品
004B9485 .8D45 EC LEA EAX,DWORD PTR SS:
004B9488 .BA 05000000 MOV EDX,5
004B948D .E8 7AAAF4FF CALL _UnPacke.00403F0C
004B9492 .8B55 EC MOV EDX,DWORD PTR SS:
004B9495 .8B45 FC MOV EAX,DWORD PTR SS:
004B9498 .8B80 DC020000 MOV EAX,DWORD PTR DS:
004B949E .E8 1D66F7FF CALL _UnPacke.0042FAC0
004B94A3 .B2 01 MOV DL,1
004B94A5 .A1 947D4B00 MOV EAX,DWORD PTR DS:
004B94AA .E8 61EEFFFF CALL _UnPacke.004B8310
004B94AF .8945 F0 MOV DWORD PTR SS:,EAX
004B94B2 .8B45 FC MOV EAX,DWORD PTR SS:
004B94B5 .8B80 D8020000 MOV EAX,DWORD PTR DS:
004B94BB .BA 7C964B00 MOV EDX,_UnPacke.004B967C ;希望杀号公式
004B94C0 .E8 FB65F7FF CALL _UnPacke.0042FAC0
004B94C5 .8B45 FC MOV EAX,DWORD PTR SS:
004B94C8 .8B80 D4020000 MOV EAX,DWORD PTR DS:
004B94CE .BA 94964B00 MOV EDX,_UnPacke.004B9694 ;软件验证用户的自定义公式,绝杀指定类型的号码,统计公式的成功比率,软件界面简洁,统计全面,适合普通彩民研究公式杀号。本软件适用于福彩3D以及排列3彩票。
004B94D3 .E8 E865F7FF CALL _UnPacke.0042FAC0
004B94D8 .8B45 FC MOV EAX,DWORD PTR SS:
004B94DB .8B80 F4020000 MOV EAX,DWORD PTR DS:
004B94E1 .BA 34974B00 MOV EDX,_UnPacke.004B9734 ;http://www.3dsoft.net
004B94E6 .E8 D565F7FF CALL _UnPacke.0042FAC0
004B94EB .33C0 XOR EAX,EAX
004B94ED .55 PUSH EBP
004B94EE .68 D1954B00 PUSH _UnPacke.004B95D1
004B94F3 .64:FF30 PUSH DWORD PTR FS:
004B94F6 .64:8920 MOV DWORD PTR FS:,ESP
004B94F9 .8D45 E0 LEA EAX,DWORD PTR SS:
004B94FC .50 PUSH EAX
004B94FD .8D55 C8 LEA EDX,DWORD PTR SS:
004B9500 .8B45 F0 MOV EAX,DWORD PTR SS:
004B9503 .E8 F8F2FFFF CALL _UnPacke.004B8800
004B9508 .8D55 C8 LEA EDX,DWORD PTR SS:
004B950B .8D45 DC LEA EAX,DWORD PTR SS:
004B950E .E8 DDA8F4FF CALL _UnPacke.00403DF0
004B9513 .8B4D DC MOV ECX,DWORD PTR SS:
004B9516 .BA FDFFFFFF MOV EDX,-3
004B951B .B8 F3FFFFFF MOV EAX,-0D
004B9520 .E8 8FEBFFFF CALL _UnPacke.004B80B4 ;这部份为提取本机机器码的
004B9525 .8B55 E0 MOV EDX,DWORD PTR SS:
004B9528 .8B45 FC MOV EAX,DWORD PTR SS:
004B952B .8B80 E0020000 MOV EAX,DWORD PTR DS:
004B9531 .E8 CAEEFBFF CALL _UnPacke.00478400
004B9536 .8B45 F0 MOV EAX,DWORD PTR SS:
004B9539 .E8 EAFBFFFF CALL _UnPacke.004B9128
004B953E .84C0 TEST AL,AL 这里标志位,未注册为AL=00
004B9540 .74 62 JE SHORT _UnPacke.004B95A4 此处为关键跳,跳则出错
004B9542 .8B45 FC MOV EAX,DWORD PTR SS:
004B9545 .8B80 E8020000 MOV EAX,DWORD PTR DS:
004B954B .BA 54974B00 MOV EDX,_UnPacke.004B9754 ;软件已经注册,注册码是:
004B9550 .E8 6B65F7FF CALL _UnPacke.0042FAC0
004B9555 .8B45 FC MOV EAX,DWORD PTR SS:
004B9558 .8B80 E4020000 MOV EAX,DWORD PTR DS:
004B955E .33D2 XOR EDX,EDX
004B9560 .E8 4364F7FF CALL _UnPacke.0042F9A8
004B9565 .8D45 C4 LEA EAX,DWORD PTR SS:
004B9568 .50 PUSH EAX
004B9569 .8D55 C8 LEA EDX,DWORD PTR SS:
004B956C .8B45 F0 MOV EAX,DWORD PTR SS:
004B956F .E8 ACF2FFFF CALL _UnPacke.004B8820
004B9574 .8D55 C8 LEA EDX,DWORD PTR SS:
004B9577 .8D45 C0 LEA EAX,DWORD PTR SS:
004B957A .E8 71A8F4FF CALL _UnPacke.00403DF0
004B957F .8B4D C0 MOV ECX,DWORD PTR SS:
004B9582 .BA FCFFFFFF MOV EDX,-4
004B9587 .B8 F7FFFFFF MOV EAX,-9
004B958C .E8 23EBFFFF CALL _UnPacke.004B80B4
004B9591 .8B55 C4 MOV EDX,DWORD PTR SS: ;真码出现
004B9594 .8B45 FC MOV EAX,DWORD PTR SS:
004B9597 .8B80 E0020000 MOV EAX,DWORD PTR DS:
004B959D .E8 5EEEFBFF CALL _UnPacke.00478400
004B95A2 .EB 23 JMP SHORT _UnPacke.004B95C7
004B95A4 >8B45 FC MOV EAX,DWORD PTR SS:
004B95A7 .8B80 E8020000 MOV EAX,DWORD PTR DS:
004B95AD .BA 78974B00 MOV EDX,_UnPacke.004B9778 ;软件尚未注册,机器码是:
004B95B2 .E8 0965F7FF CALL _UnPacke.0042FAC0
004B95B7 .8B45 FC MOV EAX,DWORD PTR SS:
004B95BA .8B80 E4020000 MOV EAX,DWORD PTR DS:
004B95C0 .B2 01 MOV DL,1
004B95C2 .E8 E163F7FF CALL _UnPacke.0042F9A8
004B95C7 >33C0 XOR EAX,EAX
004B95C9 .5A POP EDX
004B95CA .59 POP ECX
004B95CB .59 POP ECX
004B95CC .64:8910 MOV DWORD PTR FS:,EDX
004B95CF .EB 12 JMP SHORT _UnPacke.004B95E3
004B95D1 .^ E9 BE9DF4FF JMP _UnPacke.00403394
004B95D6 .8B45 F0 MOV EAX,DWORD PTR SS:
004B95D9 .E8 0A99F4FF CALL _UnPacke.00402EE8
004B95DE .E8 0DA1F4FF CALL _UnPacke.004036F0
004B95E3 >33C0 XOR EAX,EAX
004B95E5 .5A POP EDX
004B95E6 .59 POP ECX
004B95E7 .59 POP ECX
004B95E8 .64:8910 MOV DWORD PTR FS:,EDX
004B95EB .68 12964B00 PUSH _UnPacke.004B9612
004B95F0 >8D45 C0 LEA EAX,DWORD PTR SS:
004B95F3 .BA 02000000 MOV EDX,2
004B95F8 .E8 F3A5F4FF CALL _UnPacke.00403BF0
004B95FD .8D45 DC LEA EAX,DWORD PTR SS:
004B9600 .BA 05000000 MOV EDX,5
004B9605 .E8 E6A5F4FF CALL _UnPacke.00403BF0
004B960A .C3 RETN
修改前
004B953E .84C0 TEST AL,AL 这里标志位,未注册为AL=00
004B9540 .74 62 JE SHORT _UnPacke.004B95A4 此处为关键跳,跳则出错
修改后
004B953E .84C0 TEST AL,AL ;标志位,未注册为00
004B9540 90 NOP ;这里是关键跳转,转则出错
004B9541 90 NOP 原帖由 tigerisme 于 2007-1-21 17:14 发表
标志位爆破...支持一下
最好给出软件的下载连接
/:D
神猪还没有掌握,建议他(她)去看下飘云老大的关于"标志位"的视频教程;) 他那样也可以么~
又不是非要标志位不可~
能爆破成功即可~;P :victory: 好像无法正确更新数据 学习!!!!!!!!!!!!!!!!!!!!! 能写个注册机就好了 爽!!;P ;P
页:
[1]
2