原帖由 puti67 于 2008-3-10 19:33 发表 https://www.chinapyg.com/images/common/back.gif
追码成功,是明码比较的!关键处是在使用题库的时候才会出现。
能不能明示
谢谢!
00526C9C $55 push ebp //这里下断,慢慢跟
00526C9D .8BEC mov ebp, esp
00526C9F .51 push ecx
00526CA0 .B9 0F000000 mov ecx, 0F
00526CA5 >6A 00 push 0
00526CA7 .6A 00 push 0
00526CA9 .49 dec ecx
00526CAA .^ 75 F9 jnz short 00526CA5
00526CAC .51 push ecx
00526CAD .874D FC xchg dword ptr , ecx
00526CB0 .53 push ebx
00526CB1 .56 push esi
00526CB2 .57 push edi
00526CB3 .894D F4 mov dword ptr , ecx
00526CB6 .8955 F8 mov dword ptr , edx
00526CB9 .8945 FC mov dword ptr , eax
00526CBC .33C0 xor eax, eax
00526CBE .55 push ebp
00526CBF .68 EE705200 push 005270EE
00526CC4 .64:FF30 push dword ptr fs:
00526CC7 .64:8920 mov dword ptr fs:, esp
00526CCA .33C0 xor eax, eax
00526CCC .55 push ebp
00526CCD .68 CC705200 push 005270CC
00526CD2 .64:FF30 push dword ptr fs:
00526CD5 .64:8920 mov dword ptr fs:, esp
00526CD8 .33C0 xor eax, eax
00526CDA .8945 F0 mov dword ptr , eax
00526CDD .33C0 xor eax, eax
00526CDF .55 push ebp
00526CE0 .68 846D5200 push 00526D84
00526CE5 .64:FF30 push dword ptr fs:
00526CE8 .64:8920 mov dword ptr fs:, esp
00526CEB .FF75 F8 push dword ptr
00526CEE .8D4D E0 lea ecx, dword ptr
00526CF1 .8B15 38E25900 mov edx, dword ptr ;dumped_1.0059D8E8
00526CF7 .66:8B12 mov dx, word ptr
00526CFA .A1 24E15900 mov eax, dword ptr
00526CFF .8B00 mov eax, dword ptr
00526D01 .E8 768AFEFF call 0050F77C
00526D06 .FF75 E0 push dword ptr
00526D09 .8D45 DC lea eax, dword ptr
00526D0C .E8 CBC5FEFF call 005132DC
00526D11 .FF75 DC push dword ptr
00526D14 .8D45 E8 lea eax, dword ptr
00526D17 .BA 03000000 mov edx, 3
00526D1C .E8 77E7EDFF call 00405498
00526D21 .6A 00 push 0
00526D23 .8D45 D8 lea eax, dword ptr
00526D26 .50 push eax
00526D27 .8D4D D4 lea ecx, dword ptr
00526D2A .8B15 38E25900 mov edx, dword ptr ;dumped_1.0059D8E8
00526D30 .66:8B12 mov dx, word ptr
00526D33 .A1 24E15900 mov eax, dword ptr
00526D38 .8B00 mov eax, dword ptr
00526D3A .E8 3D8AFEFF call 0050F77C
00526D3F .8D45 D4 lea eax, dword ptr
00526D42 .50 push eax
00526D43 .8D45 D0 lea eax, dword ptr
00526D46 .E8 39DDFEFF call 00514A84
00526D4B .8B55 D0 mov edx, dword ptr
00526D4E .58 pop eax
00526D4F .E8 8CE6EDFF call 004053E0
00526D54 .8B55 D4 mov edx, dword ptr
00526D57 .33C9 xor ecx, ecx
00526D59 .8B45 E8 mov eax, dword ptr
00526D5C .E8 9776FEFF call 0050E3F8
00526D61 .8B55 D8 mov edx, dword ptr
00526D64 .8D45 E8 lea eax, dword ptr
00526D67 .E8 28E4EDFF call 00405194
00526D6C .8B55 E8 mov edx, dword ptr
00526D6F .8B45 FC mov eax, dword ptr
00526D72 .8B08 mov ecx, dword ptr
00526D74 .FF51 04 call dword ptr
00526D77 .8945 F0 mov dword ptr , eax
00526D7A .33C0 xor eax, eax
00526D7C .5A pop edx
00526D7D .59 pop ecx
00526D7E .59 pop ecx
00526D7F .64:8910 mov dword ptr fs:, edx
00526D82 .EB 7D jmp short 00526E01
00526D84 .^ E9 33D9EDFF jmp 004046BC
00526D89 .8D55 E4 lea edx, dword ptr
00526D8C .8B45 F8 mov eax, dword ptr
00526D8F .E8 00A1FFFF call 00520E94
00526D94 .837D E4 00 cmp dword ptr , 0
00526D98 .75 28 jnz short 00526DC2
00526D9A .8D4D CC lea ecx, dword ptr
00526D9D .8B15 38E25900 mov edx, dword ptr ;dumped_1.0059D8E8
00526DA3 .66:8B12 mov dx, word ptr
00526DA6 .A1 24E15900 mov eax, dword ptr
00526DAB .8B00 mov eax, dword ptr
00526DAD .E8 CA89FEFF call 0050F77C
00526DB2 .8B4D CC mov ecx, dword ptr
00526DB5 .8D45 E8 lea eax, dword ptr
00526DB8 .8B55 F8 mov edx, dword ptr
00526DBB .E8 64E6EDFF call 00405424
00526DC0 .EB 2C jmp short 00526DEE
00526DC2 >6A 00 push 0
00526DC4 .8D45 E8 lea eax, dword ptr
00526DC7 .50 push eax
00526DC8 .8D4D C8 lea ecx, dword ptr
00526DCB .8B15 38E25900 mov edx, dword ptr ;dumped_1.0059D8E8
00526DD1 .66:8B12 mov dx, word ptr
00526DD4 .A1 24E15900 mov eax, dword ptr
00526DD9 .8B00 mov eax, dword ptr
00526DDB .E8 9C89FEFF call 0050F77C
00526DE0 .8B4D C8 mov ecx, dword ptr
00526DE3 .8B55 E4 mov edx, dword ptr
00526DE6 .8B45 F8 mov eax, dword ptr
00526DE9 .E8 0A76FEFF call 0050E3F8
00526DEE >8B55 E8 mov edx, dword ptr
00526DF1 .8B45 FC mov eax, dword ptr
00526DF4 .8B08 mov ecx, dword ptr
00526DF6 .FF51 04 call dword ptr
00526DF9 .8945 F0 mov dword ptr , eax
00526DFC .E8 E7DCEDFF call 00404AE8
00526E01 >8B45 F0 mov eax, dword ptr
00526E04 .8B10 mov edx, dword ptr
00526E06 .FF92 4C010000 call dword ptr
00526E0C .8945 EC mov dword ptr , eax
00526E0F .837D EC 00 cmp dword ptr , 0
00526E13 0F8E 97020000 jle 005270B0
00526E19 .8B45 EC mov eax, dword ptr
00526E1C .50 push eax
00526E1D .8B45 F4 mov eax, dword ptr
00526E20 .B9 01000000 mov ecx, 1
00526E25 .8B15 D4D25000 mov edx, dword ptr ;dumped_1.0050D2D8
00526E2B .E8 ECF8EDFF call 0040671C
00526E30 .83C4 04 add esp, 4
00526E33 .8B45 F0 mov eax, dword ptr
00526E36 .E8 5125FDFF call 004F938C
00526E3B .8B7D EC mov edi, dword ptr
00526E3E .4F dec edi
00526E3F .85FF test edi, edi
00526E41 0F8C 69020000 jl 005270B0
00526E47 .47 inc edi
00526E48 .33DB xor ebx, ebx
00526E4A >BA 04715200 mov edx, 00527104 ;alltestid
00526E4F .8B45 F0 mov eax, dword ptr
00526E52 .E8 B910FDFF call 004F7F10
00526E57 .8B10 mov edx, dword ptr
00526E59 .FF52 58 call dword ptr
00526E5C .8BF3 mov esi, ebx
00526E5E .C1E6 03 shl esi, 3
00526E61 .2BF3 sub esi, ebx
00526E63 .8B55 F4 mov edx, dword ptr
00526E66 .8B12 mov edx, dword ptr
00526E68 .8904F2 mov dword ptr , eax
00526E6B .BA 18715200 mov edx, 00527118 ;alltest_eplid
00526E70 .8B45 F0 mov eax, dword ptr
00526E73 .E8 9810FDFF call 004F7F10
00526E78 .8B10 mov edx, dword ptr
00526E7A .FF52 58 call dword ptr
00526E7D .8B55 F4 mov edx, dword ptr
00526E80 .8B12 mov edx, dword ptr
00526E82 .8944F2 04 mov dword ptr , eax
00526E86 .BA 30715200 mov edx, 00527130 ;alltest_imgid
00526E8B .8B45 F0 mov eax, dword ptr
00526E8E .E8 7D10FDFF call 004F7F10
00526E93 .8B10 mov edx, dword ptr
00526E95 .FF52 58 call dword ptr
00526E98 .8B55 F4 mov edx, dword ptr
00526E9B .8B12 mov edx, dword ptr
00526E9D .8944F2 08 mov dword ptr , eax
00526EA1 .BA 48715200 mov edx, 00527148 ;atestid
00526EA6 .8B45 F0 mov eax, dword ptr
00526EA9 .E8 6210FDFF call 004F7F10
00526EAE .8B10 mov edx, dword ptr
00526EB0 .FF52 58 call dword ptr
00526EB3 .8B55 F4 mov edx, dword ptr
00526EB6 .8B12 mov edx, dword ptr
00526EB8 .8944F2 0C mov dword ptr , eax
00526EBC .BA 58715200 mov edx, 00527158 ;maintitle
00526EC1 .8B45 F0 mov eax, dword ptr
00526EC4 .E8 4710FDFF call 004F7F10
00526EC9 .8D55 C0 lea edx, dword ptr
00526ECC .8B08 mov ecx, dword ptr
00526ECE .FF51 60 call dword ptr
00526ED1 .8B45 C0 mov eax, dword ptr
00526ED4 .8D55 C4 lea edx, dword ptr
00526ED7 .E8 5C4BEEFF call 0040BA38
00526EDC .8B55 C4 mov edx, dword ptr
00526EDF .8B45 F4 mov eax, dword ptr
00526EE2 .8B00 mov eax, dword ptr
00526EE4 .8D44F0 10 lea eax, dword ptr
00526EE8 .E8 63E2EDFF call 00405150
00526EED .BA 6C715200 mov edx, 0052716C ;a
00526EF2 .8B45 F0 mov eax, dword ptr
00526EF5 .E8 1610FDFF call 004F7F10
00526EFA .8D55 B8 lea edx, dword ptr
00526EFD .8B08 mov ecx, dword ptr
00526EFF .FF51 60 call dword ptr
00526F02 .8B45 B8 mov eax, dword ptr
00526F05 .8D55 BC lea edx, dword ptr
00526F08 .E8 2B4BEEFF call 0040BA38
00526F0D .8B55 BC mov edx, dword ptr
00526F10 .8B45 F4 mov eax, dword ptr
00526F13 .8B00 mov eax, dword ptr
00526F15 .8D44F0 14 lea eax, dword ptr
[ 本帖最后由 puti67 于 2008-3-11 16:06 编辑 ]
原帖由 puti67 于 2008-3-11 16:02 发表 https://www.chinapyg.com/images/common/back.gif
00526C9C $55 push ebp //这里下断,慢慢跟
00526C9D .8BEC mov ebp, esp
00526C9F .51 push ecx
00526CA0 .B9 0F000000 mov ecx, 0F ...
果然如此!
谢谢!
原帖由 puti67 于 2008-3-11 16:02 发表 https://www.chinapyg.com/images/common/back.gif
00526C9C $55 push ebp //这里下断,慢慢跟
00526C9D .8BEC mov ebp, esp
00526C9F .51 push ecx
00526CA0 .B9 0F000000 mov ecx, 0F ...
puti67 应该把过程描述一下,怎么找到这的,呵呵,授人以鱼,不如授之以渔。
破解重在过程而不在于结果,有时候是很需要灵感的!呵呵
[ 本帖最后由 puti67 于 2008-3-12 14:03 编辑 ]
原帖由 puti67 于 2008-3-12 14:02 发表 https://www.chinapyg.com/images/common/back.gif
破解重在过程而不在于结果,有时候是很需要灵感的!呵呵
非常正确!
楼上老大能不能指点下修改方法啊,小弟研究了很长时间,结果找到了它的注册码,可就是找不到修改的方法,没办法,谁让咱是菜鸟.
根据老大的提示,应该是在这一段吧
005AE931 8B7D E4 MOV EDI,DWORD PTR SS: 到这里未注册的EDI的值变为1,注册过的由1变为64
005AE934 4F DEC EDI
005AE935 85FF TEST EDI,EDI
005AE937 0F8C 88020000 JL 1.005AEBC5
005AE93D .47 INC EDI
005AE93E .33DB XOR EBX,EBX
005AE940 >BA 28EC5A00 MOV EDX,1.005AEC28 ;AllTestID
005AE945 .8B45 E8 MOV EAX,DWORD PTR SS:
005AE948 .E8 DB6BF4FF CALL 1.004F5528
005AE94D .8B10 MOV EDX,DWORD PTR DS:
005AE94F .FF52 58 CALL DWORD PTR DS:
005AE952 .6BF3 4D IMUL ESI,EBX,4D
005AE955 .8B55 EC MOV EDX,DWORD PTR SS:
005AE958 .8B12 MOV EDX,DWORD PTR DS:
005AE95A .8904B2 MOV DWORD PTR DS:,EAX
005AE95D .BA 40EC5A00 MOV EDX,1.005AEC40 ;AllTest_EplID
...............................................................
...............................................................
005AEB89 .E8 5ABDE5FF CALL 1.0040A8E8
005AEB8E .8B95 74FFFFFF MOV EDX,DWORD PTR SS:
005AEB94 .8B45 EC MOV EAX,DWORD PTR SS:
005AEB97 .8B00 MOV EAX,DWORD PTR DS:
005AEB99 .8D84B0 300100>LEA EAX,DWORD PTR DS:
005AEBA0 .E8 B36BE5FF CALL 1.00405758
005AEBA5 .8B55 E4 MOV EDX,DWORD PTR SS:
005AEBA8 .4A DEC EDX
005AEBA9 .B9 1CED5A00 MOV ECX,1.005AED1C ;正在生成单选题...
005AEBAE .8BC3 MOV EAX,EBX
005AEBB0 .E8 8F05FFFF CALL 1.0059F144
005AEBB5 .8B45 E8 MOV EAX,DWORD PTR SS:
005AEBB8 .E8 BF80F4FF CALL 1.004F6C7C
005AEBBD .43 INC EBX
005AEBBE .4F DEC EDI
005AEBBF .^ 0F85 7BFDFFFF JNZ 1.005AE940 这里注册的循环
希望老大能指教,谢过了!!!!!!
找到注册码直接注册了,还修改什么?
多学习一点破解方法总是好的
实践证明偶也能找找爆破方法,只不过是时间问题........