[原创]姓名八卦预测大师V3.00分析
【破文标题】姓名八卦预测大师V3.00分析【破文作者】飘云
【破解平台】winXP
【作者邮箱】[email protected]
【软件名称】姓名八卦预测大师V3.00
【软件大小】396KB
【下载地址】http://talltree.labsky.com/program/xmbg.exe
【软件说明】八卦姓名预测学渊源于我国诸先贤的哲学思想,是标准的国粹。后经多位易相大师(包括日本的熊崎健翁先生)的发展和完善,现已在命相学中独树一帜。本软件吸取了八卦姓名预测学之精华,又得到武当山紫金观明阳道长的悉心指点,因此本软件的预测结果极为准确。
【破解工具】PEiD 0.92中文版、W32Dasm10.0汉化版、OD
【保护方式】壳+序列号
【破解目的】学习破解。熟练应用各种工具。
【破解声明】我乃小菜鸟一只,偶得一点心得,愿与大家分享:)
【破解步骤】先用PEiD 0.92侦测,晕:ASPack 2.001 -> Alexey Solodovnikov壳;偶没有脱壳机,只好手动了,脱后再查为Borland Delphi 4.0 - 5.0
试着运行软件填入假信息,点“注册”后有错误窗口“密码错!请重新输入”弹出;用W32Dasm10.0反汇编一下!找到了刚才的提示(有两处调用,只找关键)
:0045739C B801000000 mov eax, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004573EE(C)
|
:004573A1 8B4DFC mov ecx, dword ptr
:004573A4 8A4C01FF mov cl, byte ptr
:004573A8 80F939 cmp cl, 39
:004573AB 7708 ja 004573B5
:004573AD 8B5DFC mov ebx, dword ptr
:004573B0 80F930 cmp cl, 30
:004573B3 7337 jnb 004573EC
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004573AB(C)
|
* Possible StringData Ref from Code Obj ->"密码错,请重新输入!"
|
:004573B5 B89C754500 mov eax, 0045759C
:004573BA E82959FFFF call 0044CCE8
:004573BF 8B86D0020000 mov eax, dword ptr
*******接下来用OD载入程序在这里下断分析:
0045739C |.B8 01000000 mov eax,1 EAX初值为1
004573A1 |>8B4D FC /mov ecx,dword ptr ss: ;假序列号送到ECX
004573A4 |.8A4C01 FF |mov cl,byte ptr ds: ;取每一位的ASCII值送到CL
004573A8 |.80F9 39 |cmp cl,39 ;与39(即十进制9)比较
004573AB |.77 08 |ja short dumped_.004573B5 ;大于则跳
004573AD |.8B5D FC |mov ebx,dword ptr ss:
004573B0 |.80F9 30 |cmp cl,30 ;与30(即十进制0)比较
004573B3 |.73 37 |jnb short dumped_.004573EC ;不等于0则跳
004573B5 |>B8 9C754500 |mov eax,dumped_.0045759C
004573BA |.E8 2959FFFF |call dumped_.0044CCE8
004573BF |.8B86 D0020000 |mov eax,dword ptr ds:
004573C5 |.33D2 |xor edx,edx
004573C7 |.E8 D41FFDFF |call dumped_.004293A0
004573CC |.8B86 E0020000 |mov eax,dword ptr ds:
004573D2 |.33D2 |xor edx,edx
004573D4 |.E8 C71FFDFF |call dumped_.004293A0
004573D9 |.8B86 D0020000 |mov eax,dword ptr ds:
004573DF |.8B10 |mov edx,dword ptr ds:
004573E1 |.FF92 B0000000 |call dword ptr ds:
004573E7 |.E9 5A010000 |jmp dumped_.00457546
004573EC |>40 |inc eax
004573ED |.4A |dec edx
004573EE |.^ 75 B1 \jnz short dumped_.004573A1
004573F0 |>8D55 FC lea edx,dword ptr ss:
004573F3 |.8B86 D0020000 mov eax,dword ptr ds:
004573F9 |.E8 721FFDFF call dumped_.00429370
004573FE |.8B45 FC mov eax,dword ptr ss: ;EBP-4是用户名
00457401 |.E8 2AC9FAFF call dumped_.00403D30 ;得到位数
00457406 |.8BD0 mov edx,eax
00457408 |.85D2 test edx,edx
0045740A |.7E 17 jle short dumped_.00457423
0045740C |.B8 01000000 mov eax,1 ;EAX初值1
00457411 |>8B4D FC /mov ecx,dword ptr ss:
00457414 |.0FB64C01 FF |movzx ecx,byte ptr ds: ;取每一位用户名的ASCII码放到ECX
00457419 |.8D0C89 |lea ecx,dword ptr ds: ;ECX=5ECX=5*每一位用户名的ASCII码
0045741C |.014D F4 |add dword ptr ss:,ecx ;累加(我的的初值为5E969359)
0045741F |.40 |inc eax ;计数器加1
00457420 |.4A |dec edx ;位数减1
00457421 |.^ 75 EE \jnz short dumped_.00457411 ;循环
00457423 |>8D95 1CFDFFFF lea edx,dword ptr ss:
00457429 |.8B86 E0020000 mov eax,dword ptr ds:
0045742F |.E8 3C1FFDFF call dumped_.00429370
00457434 |.8B85 1CFDFFFF mov eax,dword ptr ss:
0045743A |.E8 C514FBFF call dumped_.00408904 ;经典比较
0045743F |.3B45 F4 cmp eax,dword ptr ss: ;转换成10进制就是真正的注册码
00457442 74 37 je short dumped_.0045747B ;跳则GAME OVER爆破点
00457444 |.8B86 D0020000 mov eax,dword ptr ds:
0045744A |.33D2 xor edx,edx
0045744C |.E8 4F1FFDFF call dumped_.004293A0
00457451 |.8B86 E0020000 mov eax,dword ptr ds:
00457457 |.33D2 xor edx,edx
00457459 |.E8 421FFDFF call dumped_.004293A0
0045745E |.8B86 D0020000 mov eax,dword ptr ds:
00457464 |.8B10 mov edx,dword ptr ds:
00457466 |.FF92 B0000000 call dword ptr ds:
0045746C |.B8 9C754500 mov eax,dumped_.0045759C
00457471 |.E8 7258FFFF call dumped_.0044CCE8
这个算法比较简单:
每位用户名的ASCII码*5再与的值累加,然后转换成10进制
我的:
用户名:piaoyun
注册码:1586930290 坛主:我们的网页为什么不能用网文快捕(Cyberarticl)来保存呢,请坛主解决这个问题,因为我们的网站有很多优价值得学习资料,如果能保存下来,离线浏览是很方便的。 支持学习--- 看了。。继续学习ing...
页:
[1]