进球彩压缩饼干 2.50的算法分析(很简单)初学者适合
【破文作者】 Saver【 作者QQ 】 562194
【软件名称】 进球彩压缩饼干 2.50
【下载地址】 http://www.softreg.com.cn/downlo ... -9727-BFEF1E07930D/
----------------------------------------------------------------------------------------------
【加密方式】 无
【破解工具】 w32dasm,od
【软件限制】 限制使用
【破解平台】 XP SP2
----------------------------------------------------------------------------------------------
【软件简介】
■ 商品简介
操作简单,功能强大的进球彩缩水软件.采用独家缩水算法,提供中12保11 中12保10,中12保9,中12保8,自由压缩,五种压缩模式.
■ 详细介绍
操作简单,功能强大的进球彩缩水软件.采用独家缩水算法,提供中12保11
中12保10,中12保9,中12保8,自由压缩五种压缩模式.能缩水8-265倍.两种下注模式(球队模式,比赛模式),可以随便切换.新版本提供数据导入功能.
【文章简介】
查出注册码
----------------------------------------------------------------------------------------------
【破解过程】
经过试用,发现这是款重起验证的软件.
用pe查看发现是delphi写的,用w32打开,查找字符串“"进球彩压缩饼干2.50(已注册)"来到这里
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047D35E(C) ////这个就是关键跳
|
:0047D36C 3B7DF0 cmp edi, dword ptr
:0047D36F 7564 jne 0047D3D5
:0047D371 C705307C4800FFFFFFFF mov dword ptr , FFFFFFFF
* Possible StringData Ref from Code Obj ->"进球彩压缩饼干2.50(已注册)" ////就是这里,先把这个地址记住
:0047D37B BAB4DB4700 mov edx, 0047DBB4
:0047D380 A12C7C4800 mov eax, dword ptr
:0047D385 E85E78FCFF call 00444BE8
:0047D38A EB49 jmp 0047D3D5
/////////////////////////////////////////////////////////////////////
好,现在我们打开od,找到上面这个地址
0047CF84/.55 push ebp
0047CF85|.8BEC mov ebp,esp
0047CF87|.81C4 44FFFFFF add esp,-0BC
0047CF8D|.53 push ebx
0047CF8E|.56 push esi
0047CF8F|.57 push edi
0047CF90|.33C9 xor ecx,ecx
0047CF92|.898D 44FFFFFF mov dword ptr ss:,ecx
0047CF98|.898D 48FFFFFF mov dword ptr ss:,ecx
0047CF9E|.898D 4CFFFFFF mov dword ptr ss:,ecx
0047CFA4|.894D FC mov dword ptr ss:,ecx
0047CFA7|.894D F8 mov dword ptr ss:,ecx
0047CFAA|.894D F4 mov dword ptr ss:,ecx
0047CFAD|.B9 14000000 mov ecx,14
0047CFB2|.8D45 A0 lea eax,dword ptr ss:
0047CFB5|.8B15 AC104000 mov edx,dword ptr ds:
0047CFBB|.E8 9C7AF8FF call 进球彩压.00404A5C
0047CFC0|.B9 14000000 mov ecx,14
0047CFC5|.8D85 50FFFFFF lea eax,dword ptr ss:
0047CFCB|.8B15 AC104000 mov edx,dword ptr ds:
0047CFD1|.E8 867AF8FF call 进球彩压.00404A5C
0047CFD6|.33C0 xor eax,eax
0047CFD8|.55 push ebp
0047CFD9|.68 28D44700 push 进球彩压.0047D428
0047CFDE|.64:FF30 push dword ptr fs:
0047CFE1|.64:8920 mov dword ptr fs:,esp
0047CFE4|.33C0 xor eax,eax
0047CFE6|.A3 307C4800 mov dword ptr ds:,eax
0047CFEB|.A1 2C7C4800 mov eax,dword ptr ds:
0047CFF0|.8B80 0C030000 mov eax,dword ptr ds:
0047CFF6|.BA 01000000 mov edx,1
0047CFFB|.E8 E86FFBFF call 进球彩压.00433FE8
0047D000|.B2 01 mov dl,1
0047D002|.A1 ECF94200 mov eax,dword ptr ds:
0047D007|.E8 E02AFBFF call 进球彩压.0042FAEC
0047D00C|.8BD8 mov ebx,eax
0047D00E|.BA 02000080 mov edx,80000002
0047D013|.8BC3 mov eax,ebx
0047D015|.E8 722BFBFF call 进球彩压.0042FB8C
0047D01A|.B1 01 mov cl,1
0047D01C|.BA 40D44700 mov edx,进球彩压.0047D440 ; ASCII "Software\Directdxq\defaults"
0047D021|.8BC3 mov eax,ebx
0047D023|.E8 C82BFBFF call 进球彩压.0042FBF0
0047D028|.8BC3 mov eax,ebx
0047D02A|.E8 2D2BFBFF call 进球彩压.0042FB5C
0047D02F|.B1 01 mov cl,1
0047D031|.BA 64D44700 mov edx,进球彩压.0047D464 ;ASCII "Software\dxq\defaults"
0047D036|.8BC3 mov eax,ebx
0047D038|.E8 B32BFBFF call 进球彩压.0042FBF0
0047D03D|.8BC3 mov eax,ebx
0047D03F|.E8 182BFBFF call 进球彩压.0042FB5C
0047D044|.B1 01 mov cl,1
0047D046|.BA 84D44700 mov edx,进球彩压.0047D484 ;ASCII "Software\mainsoft\defaults"
0047D04B|.8BC3 mov eax,ebx
0047D04D|.E8 9E2BFBFF call 进球彩压.0042FBF0
0047D052|.8BC3 mov eax,ebx
0047D054|.E8 032BFBFF call 进球彩压.0042FB5C
0047D059|.B1 01 mov cl,1
0047D05B|.BA A8D44700 mov edx,进球彩压.0047D4A8 ;ASCII "Software\124a6s2358\defaults"
0047D060|.8BC3 mov eax,ebx
0047D062|.E8 892BFBFF call 进球彩压.0042FBF0
0047D067|.8BC3 mov eax,ebx
0047D069|.E8 EE2AFBFF call 进球彩压.0042FB5C
0047D06E|.B1 01 mov cl,1
0047D070|.BA D0D44700 mov edx,进球彩压.0047D4D0 ;ASCII "Software\Microsoft\Direct6c2b\defaults"
0047D075|.8BC3 mov eax,ebx
0047D077|.E8 742BFBFF call 进球彩压.0042FBF0
0047D07C|.8D4D F4 lea ecx,dword ptr ss:
0047D07F|.BA 00D54700 mov edx,进球彩压.0047D500 ;ASCII "registry1"
0047D084|.8BC3 mov eax,ebx
0047D086|.E8 2D2DFBFF call 进球彩压.0042FDB8
0047D08B|.8BC3 mov eax,ebx
0047D08D|.E8 CA2AFBFF call 进球彩压.0042FB5C
0047D092|.B1 01 mov cl,1
0047D094|.BA 14D54700 mov edx,进球彩压.0047D514 ;ASCII "Software\coinsoft\defaults"
0047D099|.8BC3 mov eax,ebx ;以上凡是ascii以“software”打头的就是在注册表里要写进的内容
0047D09B|.E8 502BFBFF call 进球彩压.0042FBF0 ;机器码
0047D0A0|.837D F4 00 cmp dword ptr ss:,0
0047D0A4|.0F84 E2020000 je 进球彩压.0047D38C
0047D0AA|.A1 2C7C4800 mov eax,dword ptr ds:
0047D0AF|.8B80 A8030000 mov eax,dword ptr ds:
0047D0B5|.8B55 F4 mov edx,dword ptr ss:
0047D0B8|.E8 2B7BFCFF call 进球彩压.00444BE8
0047D0BD|.8D8D 4CFFFFFF lea ecx,dword ptr ss:
0047D0C3|.BA 38D54700 mov edx,进球彩压.0047D538 ;ASCII "registry2"
0047D0C8|.8BC3 mov eax,ebx
0047D0CA|.E8 E92CFBFF call 进球彩压.0042FDB8
0047D0CF|.83BD 4CFFFFFF 00 cmp dword ptr ss:,0 ;比较是不是没输入注册码
0047D0D6|.0F84 F9020000 je 进球彩压.0047D3D5
0047D0DC|.8D45 A0 lea eax,dword ptr ss:
0047D0DF|.BA 4CD54700 mov edx,进球彩压.0047D54C ;ASCII "6asa21gjk5zx1m5"
0047D0E4|.E8 4370F8FF call 进球彩压.0040412C
0047D0E9|.8D45 A4 lea eax,dword ptr ss:
0047D0EC|.BA 64D54700 mov edx,进球彩压.0047D564 ;ASCII "c512g45df4hjjss"
0047D0F1|.E8 3670F8FF call 进球彩压.0040412C
0047D0F6|.8D45 A8 lea eax,dword ptr ss:
0047D0F9|.BA 7CD54700 mov edx,进球彩压.0047D57C ;ASCII "d1f4f1t4t1er1df"
0047D0FE|.E8 2970F8FF call 进球彩压.0040412C
0047D103|.8D45 AC lea eax,dword ptr ss:
0047D106|.BA 94D54700 mov edx,进球彩压.0047D594 ;ASCII "dsjcnd214mds28d"
0047D10B|.E8 1C70F8FF call 进球彩压.0040412C
0047D110|.8D45 B0 lea eax,dword ptr ss:
0047D113|.BA ACD54700 mov edx,进球彩压.0047D5AC ;ASCII "h8asd2j1l82a1k5"
0047D118|.E8 0F70F8FF call 进球彩压.0040412C
0047D11D|.8D45 B4 lea eax,dword ptr ss:
0047D120|.BA C4D54700 mov edx,进球彩压.0047D5C4 ;ASCII "h9q3as3ghl5ey4j"
0047D125|.E8 0270F8FF call 进球彩压.0040412C
0047D12A|.8D45 B8 lea eax,dword ptr ss:
0047D12D|.BA DCD54700 mov edx,进球彩压.0047D5DC ;ASCII "i74d1v1jk8l4ss5"
0047D132|.E8 F56FF8FF call 进球彩压.0040412C
0047D137|.8D45 BC lea eax,dword ptr ss:
0047D13A|.BA F4D54700 mov edx,进球彩压.0047D5F4 ;ASCII "k2udy47sdg1ju21"
0047D13F|.E8 E86FF8FF call 进球彩压.0040412C
0047D144|.8D45 C0 lea eax,dword ptr ss:
0047D147|.BA 0CD64700 mov edx,进球彩压.0047D60C ;ASCII "k5d12g1m5d2d1yh"
0047D14C|.E8 DB6FF8FF call 进球彩压.0040412C
0047D151|.8D45 C4 lea eax,dword ptr ss:
0047D154|.BA 24D64700 mov edx,进球彩压.0047D624 ;ASCII "kls23512fg12842"
0047D159|.E8 CE6FF8FF call 进球彩压.0040412C
0047D15E|.8D45 C8 lea eax,dword ptr ss:
0047D161|.BA 3CD64700 mov edx,进球彩压.0047D63C ;ASCII "l4c19r5641h4kd4"
0047D166|.E8 C16FF8FF call 进球彩压.0040412C
0047D16B|.8D45 CC lea eax,dword ptr ss:
0047D16E|.BA 54D64700 mov edx,进球彩压.0047D654 ;ASCII "md5tjg2ds6ti6rf"
0047D173|.E8 B46FF8FF call 进球彩压.0040412C
0047D178|.8D45 D0 lea eax,dword ptr ss:
0047D17B|.BA 6CD64700 mov edx,进球彩压.0047D66C ;ASCII "nsf5g6hj6521gh1"
0047D180|.E8 A76FF8FF call 进球彩压.0040412C
0047D185|.8D45 D4 lea eax,dword ptr ss:
0047D188|.BA 84D64700 mov edx,进球彩压.0047D684 ;ASCII "p5d12b1w5s2g5gs"
0047D18D|.E8 9A6FF8FF call 进球彩压.0040412C
0047D192|.8D45 D8 lea eax,dword ptr ss:
0047D195|.BA 9CD64700 mov edx,进球彩压.0047D69C ;ASCII "p85df12sdf8e42f"
0047D19A|.E8 8D6FF8FF call 进球彩压.0040412C
0047D19F|.8D45 DC lea eax,dword ptr ss:
0047D1A2|.BA B4D64700 mov edx,进球彩压.0047D6B4 ;ASCII "rciwemt8fmkask7"
0047D1A7|.E8 806FF8FF call 进球彩压.0040412C
0047D1AC|.8D45 E0 lea eax,dword ptr ss:
0047D1AF|.BA CCD64700 mov edx,进球彩压.0047D6CC ;ASCII "ti45hj11d45f85u"
0047D1B4|.E8 736FF8FF call 进球彩压.0040412C
0047D1B9|.8D45 E4 lea eax,dword ptr ss:
0047D1BC|.BA E4D64700 mov edx,进球彩压.0047D6E4 ;ASCII "vodk3239dfknmas"
0047D1C1|.E8 666FF8FF call 进球彩压.0040412C
0047D1C6|.8D45 E8 lea eax,dword ptr ss:
0047D1C9|.BA FCD64700 mov edx,进球彩压.0047D6FC ;ASCII "wag56g451h5f82a"
0047D1CE|.E8 596FF8FF call 进球彩压.0040412C
0047D1D3|.8D45 EC lea eax,dword ptr ss:
0047D1D6|.BA 14D74700 mov edx,进球彩压.0047D714 ;ASCII "zif8dfs2g4374df"
0047D1DB|.E8 4C6FF8FF call 进球彩压.0040412C
0047D1E0|.8D85 50FFFFFF lea eax,dword ptr ss:
0047D1E6|.BA 2CD74700 mov edx,进球彩压.0047D72C ;ASCII "5s12f12h1s1g2h6s1fgh5hk45841y552as5j85i8sd5s5fj4"
0047D1EB|.E8 3C6FF8FF call 进球彩压.0040412C
0047D1F0|.8D85 54FFFFFF lea eax,dword ptr ss:
0047D1F6|.BA 68D74700 mov edx,进球彩压.0047D768 ;ASCII "x5s5sd51hjj78hf45a4f5f5s45s74ff1j4d56s69as1fs45g"
0047D1FB|.E8 2C6FF8FF call 进球彩压.0040412C
0047D200|.8D85 58FFFFFF lea eax,dword ptr ss:
0047D206|.BA A4D74700 mov edx,进球彩压.0047D7A4 ;ASCII "q1t4h1h2l2ol4r4cdx1s2yh5u6i2k3p41g5256b6g56"
0047D20B|.E8 1C6FF8FF call 进球彩压.0040412C
0047D210|.8D85 5CFFFFFF lea eax,dword ptr ss:
0047D216|.BA D8D74700 mov edx,进球彩压.0047D7D8 ;ASCII "12sdhd1d42c82d2c5d85cde2d458d52d36d58d5d23d"
0047D21B|.E8 0C6FF8FF call 进球彩压.0040412C
0047D220|.8D85 60FFFFFF lea eax,dword ptr ss:
0047D226|.BA 0CD84700 mov edx,进球彩压.0047D80C ;ASCII "nsdf4gfbfmkjsdjkuewnvbfhr7yendhja,3phcmedhrviem378"
0047D22B|.E8 FC6EF8FF call 进球彩压.0040412C
0047D230|.8D85 64FFFFFF lea eax,dword ptr ss:
0047D236|.BA 48D84700 mov edx,进球彩压.0047D848 ;ASCII "d9g4j5h812d2x12g8uj7j1cv2x23h9ik45h2,12l74uj56"
0047D23B|.E8 EC6EF8FF call 进球彩压.0040412C
0047D240|.8D85 68FFFFFF lea eax,dword ptr ss:
0047D246|.BA 80D84700 mov edx,进球彩压.0047D880 ;ASCII "q9y2j223d2a2f56j8jk5k2kk21sd12f85u85g52f1d41h4"
0047D24B|.E8 DC6EF8FF call 进球彩压.0040412C
0047D250|.8D85 6CFFFFFF lea eax,dword ptr ss:
0047D256|.BA B8D84700 mov edx,进球彩压.0047D8B8 ;ASCII "45d55dsv4994ddsss6s2dc5dc41c5d5dc1dcdss556c"
0047D25B|.E8 CC6EF8FF call 进球彩压.0040412C
0047D260|.8D85 70FFFFFF lea eax,dword ptr ss:
0047D266|.BA ECD84700 mov edx,进球彩压.0047D8EC ;ASCII "z85wfg1j7l5f4s5h89rts55f69h9dshavbrx2g8923dfg892x"
0047D26B|.E8 BC6EF8FF call 进球彩压.0040412C
0047D270|.8D85 74FFFFFF lea eax,dword ptr ss:
0047D276|.BA 28D94700 mov edx,进球彩压.0047D928 ;ASCII "y52a23fg45j45sddf812g2hj564u8asf1m18l5as12as8ja"
0047D27B|.E8 AC6EF8FF call 进球彩压.0040412C
0047D280|.8D85 78FFFFFF lea eax,dword ptr ss:
0047D286|.BA 60D94700 mov edx,进球彩压.0047D960 ;ASCII "b45e1f1g45gh5as1f45h85d1a5d5g85t41d41g45d445"
0047D28B|.E8 9C6EF8FF call 进球彩压.0040412C
0047D290|.8D85 7CFFFFFF lea eax,dword ptr ss:
0047D296|.BA 98D94700 mov edx,进球彩压.0047D998 ;ASCII "s45q1f1gh45h12q6t574e5f1g8y41556h1j8g1d2dfv8f74tg1"
0047D29B|.E8 8C6EF8FF call 进球彩压.0040412C
0047D2A0|.8D45 80 lea eax,dword ptr ss:
0047D2A3|.BA D4D94700 mov edx,进球彩压.0047D9D4 ;ASCII "e9j2hm12cx89h2yh4t12c63j69jk6l9k9s32h569k2.2df56f"
0047D2A8|.E8 7F6EF8FF call 进球彩压.0040412C
0047D2AD|.8D45 84 lea eax,dword ptr ss:
0047D2B0|.BA 10DA4700 mov edx,进球彩压.0047DA10 ;ASCII "52g15sq2w4t45s56a68w45fgjk5dssw5e5e12x5j5a5ety5hzs"
0047D2B5|.E8 726EF8FF call 进球彩压.0040412C
0047D2BA|.8D45 88 lea eax,dword ptr ss:
0047D2BD|.BA 4CDA4700 mov edx,进球彩压.0047DA4C ;ASCII "q4h812dfas2j8512df1j78541d12m1a123h485er12d12dfg85"
0047D2C2|.E8 656EF8FF call 进球彩压.0040412C
0047D2C7|.8D45 8C lea eax,dword ptr ss:
0047D2CA|.BA 88DA4700 mov edx,进球彩压.0047DA88 ;ASCII "5ikc983jfg;ldfg83hjdsnmb98rjadjf8ejmflasjdf73jkklg"
0047D2CF|.E8 586EF8FF call 进球彩压.0040412C
0047D2D4|.8D45 90 lea eax,dword ptr ss:
0047D2D7|.BA C4DA4700 mov edx,进球彩压.0047DAC4 ;ASCII "ui8g41f4h89k5k1fg1df45df8gh4j1441dfs41df4h78gh7gh"
0047D2DC|.E8 4B6EF8FF call 进球彩压.0040412C
0047D2E1|.8D45 94 lea eax,dword ptr ss:
0047D2E4|.BA 00DB4700 mov edx,进球彩压.0047DB00 ;ASCII "mdowkwnjghyu5dn3883ghidf9671jddst3bgruehbas56hdf98"
0047D2E9|.E8 3E6EF8FF call 进球彩压.0040412C
0047D2EE|.8D45 98 lea eax,dword ptr ss:
0047D2F1|.BA 3CDB4700 mov edx,进球彩压.0047DB3C ;ASCII "u45a1fgs5jm81248da21fads5f893a52g1a5dfg43j41asda"
0047D2F6|.E8 316EF8FF call 进球彩压.0040412C
0047D2FB|.8D45 9C lea eax,dword ptr ss:
0047D2FE|.BA 78DB4700 mov edx,进球彩压.0047DB78 ;ASCII "p41v78t41sd1n7das1h78k56asd1gad8ga2f1h1das8fh21s5"
0047D303|.E8 246EF8FF call 进球彩压.0040412C
0047D308|.8D55 FC lea edx,dword ptr ss:
0047D30B|.A1 2C7C4800 mov eax,dword ptr ds:
0047D310|.8B80 A8030000 mov eax,dword ptr ds:
0047D316|.E8 9D78FCFF call 进球彩压.00444BB8
0047D31B|.8D4D F8 lea ecx,dword ptr ss:
0047D31E|.BA 38D54700 mov edx,进球彩压.0047D538 ;ASCII "registry2"
0047D323|.8BC3 mov eax,ebx
0047D325|.E8 8E2AFBFF call 进球彩压.0042FDB8
0047D32A|.BF 01000000 mov edi,1
0047D32F|.8D75 A0 lea esi,dword ptr ss: ///////////////////////
0047D332|>8B45 FC /mov eax,dword ptr ss: 你的机器码
0047D335|.8B16 |mov edx,dword ptr ds: 表里的机器码(从上往下找)
0047D337|.E8 6471F8FF |call 进球彩压.004044A0 比较是不是一样
0047D33C|.74 09 |je short 进球彩压.0047D347 一样就跳
0047D33E|.47 |inc edi edi+1,(edi为记数器)(这里保存着有用,下面会比较)
0047D33F|.83C6 04 |add esi,4 指针+4即列表里往下一行
0047D342|.83FF 15 |cmp edi,15 一共可以比较21次
0047D345|.^ 75 EB \jnz short 进球彩压.0047D332 往回走
0047D347|>C745 F0 01000000 mov dword ptr ss:,1 ////////////////////////
0047D34E|.8DB5 50FFFFFF lea esi,dword ptr ss: /////////////////////////
0047D354|>8B45 F8 /mov eax,dword ptr ss: 你的注册码
0047D357|.8B16 |mov edx,dword ptr ds: 表里的注册码
0047D359|.E8 4271F8FF |call 进球彩压.004044A0 比较是否一样
0047D35E|.74 0C |je short 进球彩压.0047D36C 是就跳到注册窗口
0047D360|.FF45 F0 |inc dword ptr ss: 里的值加1(保存,下面比较)
0047D363|.83C6 04 |add esi,4 列表下移一行
0047D366|.837D F0 15 |cmp dword ptr ss:,15 同样比较次数最多为20次
0047D36A|.^ 75 E8 \jnz short 进球彩压.0047D354 跳回比较
0047D36C 3B7D F0 cmp edi,dword ptr ss: 就是这里比较,要在2个列表里都不同的话,还是错误,就算你输入的是正确的注册码
0047D36F 75 64 jnz short 进球彩压.0047D3D5 ;未注册跳到启动
0047D371|.C705 307C4800 FF>mov dword ptr ds:,-1
0047D37B|.BA B4DB4700 mov edx,进球彩压.0047DBB4
0047D380|.A1 2C7C4800 mov eax,dword ptr ds:
0047D385|.E8 5E78FCFF call 进球彩压.00444BE8
0047D38A|.EB 49 jmp short 进球彩压.0047D3D5 ;注册跳到启动窗口(其实和上面的jmp到的地址一样)
0047D38C|>8D85 48FFFFFF lea eax,dword ptr ss:
0047D392|.E8 EDF5FFFF call 进球彩压.0047C984
0047D397|.8B95 48FFFFFF mov edx,dword ptr ss:
0047D39D|.A1 2C7C4800 mov eax,dword ptr ds:
0047D3A2|.8B80 A8030000 mov eax,dword ptr ds:
0047D3A8|.E8 3B78FCFF call 进球彩压.00444BE8
0047D3AD|.8D95 44FFFFFF lea edx,dword ptr ss:
0047D3B3|.A1 2C7C4800 mov eax,dword ptr ds:
0047D3B8|.8B80 A8030000 mov eax,dword ptr ds:
0047D3BE|.E8 F577FCFF call 进球彩压.00444BB8
0047D3C3|.8B8D 44FFFFFF mov ecx,dword ptr ss:
0047D3C9|.BA 00D54700 mov edx,进球彩压.0047D500
0047D3CE|.8BC3 mov eax,ebx
0047D3D0|.E8 B729FBFF call 进球彩压.0042FD8C
0047D3D5|>8BC3 mov eax,ebx ;到这整个过程就结束了
0047D3D7|.E8 8027FBFF call 进球彩压.0042FB5C
0047D3DC|.33C0 xor eax,eax
0047D3DE|.5A pop edx
0047D3DF|.59 pop ecx
0047D3E0|.59 pop ecx
0047D3E1|.64:8910 mov dword ptr fs:,edx
0047D3E4|.68 2FD44700 push 进球彩压.0047D42F
0047D3E9|>8D85 44FFFFFF lea eax,dword ptr ss:
0047D3EF|.E8 A06CF8FF call 进球彩压.00404094
0047D3F4|.8D85 48FFFFFF lea eax,dword ptr ss:
0047D3FA|.BA 02000000 mov edx,2
0047D3FF|.E8 B46CF8FF call 进球彩压.004040B8
0047D404|.8D85 50FFFFFF lea eax,dword ptr ss:
0047D40A|.B9 28000000 mov ecx,28
0047D40F|.8B15 AC104000 mov edx,dword ptr ds:
0047D415|.E8 2E77F8FF call 进球彩压.00404B48
0047D41A|.8D45 F4 lea eax,dword ptr ss:
0047D41D|.BA 03000000 mov edx,3
0047D422|.E8 916CF8FF call 进球彩压.004040B8
0047D427\.C3 retn
如果你的od设置好的话,可以发现整个call很长,一直从47CF84到47D427。
可以发现在这个过程中,出现了很多一长串的字符
从“0047D0CF|.83BD 4CFFFFFF 00 cmp dword ptr ss:,0 ;比较是不是没输入注册码”
到“0047D2FE|.BA 78DB4700 mov edx,进球彩压.0047DB78 ;ASCII "p41v78t41sd1n7das1h78k56asd1gad8ga2f1h1das8fh21s5"”
再回头看看你的机器码,你会发现你的机器码就是这下面20个短的里面的一个,如果你有感觉的话,那么下面那些长的里的一个就是你所需要的注册码了
我通过跟踪知道,机器码对应着唯一的注册码。简单点的话就是这样的,从短的机器码从上往下数,你的机器码和他里面第几个相同,那注册码就是从长的里
开始的第几个。就好比,你的机器码是"p5d12b1w5s2g5gs"这个,在第14个,那注册码也就在第14个,即“"52g15sq2w4t45s56a68w45fgjk5dssw5e5e12x5j5a5ety5hzs"”
这样是不是觉得简单很多啊?好了,今天就OK啦~先这样吧~
(接上)
这个就是上面的比较call“call 进球彩压.004044A0”看起来很长,对我们有用的其实不多
004044A0/$53 push ebx
004044A1|.56 push esi
004044A2|.57 push edi
004044A3|.89C6 mov esi,eax esi=eax=你输入的注册码
004044A5|.89D7 mov edi,edx edi=edx=表里的注册码
004044A7|.39D0 cmp eax,edx 比较2个是否相同
004044A9|.0F84 8F000000 je 进球彩压.0040453E 相同就跳,就出来了
004044AF|.85F6 test esi,esi
004044B1|.74 68 je short 进球彩压.0040451B
004044B3|.85FF test edi,edi
004044B5|.74 6B je short 进球彩压.00404522
(部分代码略)
0040453E|>5F pop edi
0040453F|.5E pop esi
00404540|.5B pop ebx
00404541\.C3 retn
好,现在总结下算法
首先需要有2张表,第一张里是机器码表为:
"6asa21gjk5zx1m5"
"c512g45df4hjjss"
"d1f4f1t4t1er1df"
"dsjcnd214mds28d"
"h8asd2j1l82a1k5"
"h9q3as3ghl5ey4j"
"i74d1v1jk8l4ss5"
"k2udy47sdg1ju21"
"k5d12g1m5d2d1yh"
"kls23512fg12842"
"l4c19r5641h4kd4"
"md5tjg2ds6ti6rf"
"nsf5g6hj6521gh1"
"p5d12b1w5s2g5gs"
"p85df12sdf8e42f"
"rciwemt8fmkask7"
"ti45hj11d45f85u"
"vodk3239dfknmas"
"wag56g451h5f82a"
"zif8dfs2g4374df"
然后第2张表里为注册码表为:
"5s12f12h1s1g2h6s1fgh5hk45841y552as5j85i8sd5s5fj4"
"x5s5sd51hjj78hf45a4f5f5s45s74ff1j4d56s69as1fs45g"
"q1t4h1h2l2ol4r4cdx1s2yh5u6i2k3p41g5256b6g56"
"12sdhd1d42c82d2c5d85cde2d458d52d36d58d5d23d"
"nsdf4gfbfmkjsdjkuewnvbfhr7yendhja,3phcmedhrviem378"
"d9g4j5h812d2x12g8uj7j1cv2x23h9ik45h2,12l74uj56"
"q9y2j223d2a2f56j8jk5k2kk21sd12f85u85g52f1d41h4"
"45d55dsv4994ddsss6s2dc5dc41c5d5dc1dcdss556c"
"z85wfg1j7l5f4s5h89rts55f69h9dshavbrx2g8923dfg892x"
"y52a23fg45j45sddf812g2hj564u8asf1m18l5as12as8ja"
"b45e1f1g45gh5as1f45h85d1a5d5g85t41d41g45d445"
"s45q1f1gh45h12q6t574e5f1g8y41556h1j8g1d2dfv8f74tg1"
"e9j2hm12cx89h2yh4t12c63j69jk6l9k9s32h569k2.2df56f"
"52g15sq2w4t45s56a68w45fgjk5dssw5e5e12x5j5a5ety5hzs"
"q4h812dfas2j8512df1j78541d12m1a123h485er12d12dfg85"
"5ikc983jfg;ldfg83hjdsnmb98rjadjf8ejmflasjdf73jkklg"
"ui8g41f4h89k5k1fg1df45df8gh4j1441dfs41df4h78gh7gh"
"mdowkwnjghyu5dn3883ghidf9671jddst3bgruehbas56hdf98"
"u45a1fgs5jm81248da21fads5f893a52g1a5dfg43j41asda"
"p41v78t41sd1n7das1h78k56asd1gad8ga2f1h1das8fh21s5"
然后就是取得输入的机器码的位置后输出相应位置的注册码
----------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
----------------------------------------------------------------------------------------------
文章写于2005-2-15 21:24:44 追起来一定够累的了,支持。 好。支持一下啊。 好。支持一下啊。
页:
[1]