益智五子棋 2.4追码及做补丁
首发在龙族,放这里和大家交流一下!益智五子棋 2.4追码及做补丁
【破文标题】益智五子棋 2.4
【破文作者】奔跑的鱼
【作者QQ】米有
【作者主页】米有
【破解工具】OD PEiD DEDE W32D
【破解平台】XP SP3
【软件名称】益智五子棋 2.4
【下载地址】http://www.skycn.com/soft/44286.html
更新时间:2008-07-21 15:02:38
【保护方式】序列号
【破解声明】新人,若有不对之处,请多多指教~
【软件介绍】
一款非常有趣的五子棋游戏,支持双人对战和人机对战模式。界面美观,电脑的智能化等级已有一定水平,玩家需要努
力才能战胜;本版本棋力更强,速度更快,有兴趣不妨下载试试!
【破解过程】
运行--注册输入假注册码点注册,弹出注册完成,请重新运行程序!
PEID查为ASPack 2.12 -> Alexey Solodovnikov的壳!
用脱壳软件脱壳之!
脱壳后用PEID查Borland Delphi 6.0 - 7.0
嘿嘿!
用W32D分析,提示来自004B3A08
用DEDE看注册按钮事件!
end
object suiButton1: TsuiButton
Left = 277
Top = 44
Width = 83
Height = 23
UIStyle = MacOS
Font.Charset = GB2312_CHARSET
Font.Color = clNavy
Font.Height = -12
Font.Name = 宋体
Font.Style = []
Caption = 注册验证
AutoSize = False
ParentFont = False
TabOrder = 2
Transparent = True
ModalResult = 0
Layout = blGlyphLeft
Spacing = 4
ResHandle = 0
MouseContinuouslyDownInterval = 100
OnClick = suiButton1Click
end
suiButton1click=004B3984
004B3984 55 push ebp
004B3985 8BEC mov ebp,esp
004B3987 6A 00 push 0
004B3989 6A 00 push 0
004B398B 53 push ebx
004B398C 56 push esi
004B398D 8BF0 mov esi,eax
004B398F 33C0 xor eax,eax
004B3991 55 push ebp
004B3992 68 453A4B00 push WUZIQI_u.004B3A45
004B3997 64:FF30 push dword ptr fs:
004B399A 64:8920 mov dword ptr fs:,esp
004B399D B2 01 mov dl,1
004B399F A1 38484600 mov eax,dword ptr ds:
004B39A4 E8 8F0FFBFF call WUZIQI_u.00464938
004B39A9 8BD8 mov ebx,eax
004B39AB BA 01000080 mov edx,80000001
004B39B0 8BC3 mov eax,ebx
004B39B2 E8 2110FBFF call WUZIQI_u.004649D8
004B39B7 B1 01 mov cl,1
004B39B9 BA 5C3A4B00 mov edx,WUZIQI_u.004B3A5C ; ASCII "Software\wuziqi"
004B39BE 8BC3 mov eax,ebx
004B39C0 E8 7710FBFF call WUZIQI_u.00464A3C ;写入到注册表HKEY_CURRENT_USER\Software\wuziqi
004B39C5 8D55 FC lea edx,dword ptr ss:
004B39C8 8B86 38030000 mov eax,dword ptr ds:
004B39CE E8 21BFF8FF call WUZIQI_u.0043F8F4
004B39D3 8B4D FC mov ecx,dword ptr ss:
004B39D6 BA 743A4B00 mov edx,WUZIQI_u.004B3A74 ; ASCII "RegUser"
004B39DB 8BC3 mov eax,ebx
004B39DD E8 F611FBFF call WUZIQI_u.00464BD8 ;写入用户名
004B39E2 8D55 F8 lea edx,dword ptr ss:
004B39E5 8B86 3C030000 mov eax,dword ptr ds:
004B39EB E8 04BFF8FF call WUZIQI_u.0043F8F4
004B39F0 8B4D F8 mov ecx,dword ptr ss:
004B39F3 BA 843A4B00 mov edx,WUZIQI_u.004B3A84 ; ASCII "RegNo"
004B39F8 8BC3 mov eax,ebx
004B39FA E8 D911FBFF call WUZIQI_u.00464BD8 ;写入密码
004B39FF 8BC3 mov eax,ebx
004B3A01 E8 46FCF4FF call WUZIQI_u.0040364C
004B3A06 6A 40 push 40
004B3A08 B9 8C3A4B00 mov ecx,WUZIQI_u.004B3A8C ; 提示
004B3A0D BA 943A4B00 mov edx,WUZIQI_u.004B3A94 ; 注册完成,请重新运行程序!
004B3A12 A1 F4964B00 mov eax,dword ptr ds:
004B3A17 8B00 mov eax,dword ptr ds:
004B3A19 E8 06C0FAFF call WUZIQI_u.0045FA24 ;//这里弹出提示框
再次运行后这里下断
004B5823 55 push ebp ;//重启后验证的地方
004B5824 68 E85C4B00 push WUZIQI_u.004B5CE8
004B5829 64:FF30 push dword ptr fs:
004B582C 64:8920 mov dword ptr fs:,esp
004B582F C605 74524C00 0>mov byte ptr ds:,0
004B5836 B2 01 mov dl,1
004B5838 A1 38484600 mov eax,dword ptr ds:
004B583D E8 F6F0FAFF call WUZIQI_u.00464938
004B5842 8BF8 mov edi,eax
004B5844 BA 01000080 mov edx,80000001
004B5849 8BC7 mov eax,edi
004B584B E8 88F1FAFF call WUZIQI_u.004649D8
004B5850 B1 01 mov cl,1
004B5852 BA 005D4B00 mov edx,WUZIQI_u.004B5D00 ; ASCII "Software\wuziqi"
004B5857 8BC7 mov eax,edi
004B5859 E8 DEF1FAFF call WUZIQI_u.00464A3C ;打开注册表HKEY_CURRENT_USER\Software\wuziqi
004B585E 8D4D F8 lea ecx,dword ptr ss:
004B5861 BA 185D4B00 mov edx,WUZIQI_u.004B5D18 ; ASCII "RegUser"
004B5866 8BC7 mov eax,edi
004B5868 E8 97F3FAFF call WUZIQI_u.00464C04 ;取用户名
004B586D 8B55 F8 mov edx,dword ptr ss:
004B5870 B8 78524C00 mov eax,WUZIQI_u.004C5278
004B5875 E8 B2EBF4FF call WUZIQI_u.0040442C
004B587A 8D4D F4 lea ecx,dword ptr ss:
004B587D BA 285D4B00 mov edx,WUZIQI_u.004B5D28 ; ASCII "RegNo"
004B5882 8BC7 mov eax,edi
004B5884 E8 7BF3FAFF call WUZIQI_u.00464C04 ;取密码
004B5889 8B45 F4 mov eax,dword ptr ss:
004B588C 50 push eax
004B588D 8D4D F0 lea ecx,dword ptr ss:
004B5890 BA 385D4B00 mov edx,WUZIQI_u.004B5D38 ; ASCII "wuziqiChina"
004B5895 A1 78524C00 mov eax,dword ptr ds:
004B589A E8 05F0FFFF call WUZIQI_u.004B48A4 ;//计算出密码的地方
004B589F 8B55 F0 mov edx,dword ptr ss:
004B58A2 58 pop eax ;//这里的EDX里可以看到真密码
004B58A3 E8 2CEFF4FF call WUZIQI_u.004047D4 ;//这里比较
004B58A8 75 07 jnz short WUZIQI_u.004B58B1 ;//这里是关键跳转
004B58AA C605 74524C00 0>mov byte ptr ds:,1
004B58B1 8BC7 mov eax,edi
004B58B3 E8 94DDF4FF call WUZIQI_u.0040364C
004B58B8 803D 74524C00 0>cmp byte ptr ds:,0
004B58BF 75 27 jnz short WUZIQI_u.004B58E8
004B58C1 8D55 EC lea edx,dword ptr ss:
004B58C4 A1 80B14B00 mov eax,dword ptr ds:
004B58C9 E8 26A0F8FF call WUZIQI_u.0043F8F4
004B58CE 8D45 EC lea eax,dword ptr ss:
004B58D1 BA 4C5D4B00 mov edx,WUZIQI_u.004B5D4C ; 未注册用户
004B58D6 E8 BDEDF4FF call WUZIQI_u.00404698
004B58DB 8B55 EC mov edx,dword ptr ss:
004B58DE A1 80B14B00 mov eax,dword ptr ds:
004B58E3 E8 3CA0F8FF call WUZIQI_u.0043F924
004B58E8 8D45 E8 lea eax,dword ptr ss:
004B58A3 E8 2CEFF4FF call WUZIQI_u.004047D4
这里的EDX
EAX 00B950DC ASCII "987654321"假的
ECX 00000002
EDX 00B959B4 ASCII "B399C1BE9B02D4DD"真的
可以用的注册信息:
ID:奔跑的鱼
密码:B399C1BE9B02D4DD 辛苦楼主,又得学习的了!! 学习了,谢谢楼主分享! 应该是这个算法吧
/:L 好好看一下,学习一下 感谢分享,你真是高手啊,学习 谢谢分享 , 认真学习 ! 不错,我也把这个软件破了一下 感谢楼主分享,追码很容易!算法不简单,4楼好厉害! 004B58BF 75 27 jnz short WUZIQI_u.004B58E8
页:
[1]
2