- UID
- 8370
注册时间2006-2-21
阅读权限20
最后登录1970-1-1
以武会友
 
TA的每日心情 | 擦汗
2024-10-29 12:21 |
|---|
签到天数: 12 天 [LV.3]偶尔看看II
|
【破文标题】菜鸟maomaoma的算法练习破文三
【破文作者】maomaoma
【作者邮箱】
【作者主页】无
【破解工具】OD、PEiD
【破解平台】winxp
【软件名称】Easy Desktop Keeper 1.82
【软件大小】841KB
【原版下载】http://86516.onlinedown.net/soft/26289.htm
【保护方式】无
【软件简介】一个多功能的桌面管理工具。可以更换图标,墙纸,管理桌面窗口,抓屏,创建虚拟桌面,设置桌面锁,可以个性化你的桌面,并能提供系统保护的功能。
【破解声明】我是菜鸟,学写破文,还请大侠多多指教:)
------------------------------------------------------------------------
【破解过程】
1、PEiD查主程序无壳(暗自高兴:)),Borland Delphi 6.0 - 7.0编译
2、OD载入,根据注册错误提示字符串“registration code is invalid!”下断点
3、F9运行,输入注册码:12345678,OD断下
4、具体分析过程及代码注释如下:
第一部分:
00493244 /$ 55 push ebp ; OD断下
00493245 |. 8BEC mov ebp, esp
00493247 |. B9 05000000 mov ecx, 5
0049324C |> 6A 00 /push 0
0049324E |. 6A 00 |push 0
00493250 |. 49 |dec ecx
00493251 |.^ 75 F9 \jnz short 0049324C
00493253 |. 51 push ecx
00493254 |. 53 push ebx
00493255 |. 56 push esi
00493256 |. 8BF0 mov esi, eax
00493258 |. 33C0 xor eax, eax
0049325A |. 55 push ebp
0049325B |. 68 C9334900 push 004933C9
00493260 |. 64:FF30 push dword ptr fs:[eax]
00493263 |. 64:8920 mov fs:[eax], esp
00493266 |. 8D55 F4 lea edx, [ebp-C]
00493269 |. 8B86 44030000 mov eax, [esi+344]
0049326F |. E8 0C4BFCFF call 00457D80 ; 取假码
00493274 |. 8B45 F4 mov eax, [ebp-C]
00493277 |. 8D55 F8 lea edx, [ebp-8]
0049327A |. E8 C5CAFEFF call 0047FD44
0049327F |. 8B55 F8 mov edx, [ebp-8]
00493282 |. B8 24D14900 mov eax, 0049D124 ; ASCII "??
00493287 |. E8 500FF7FF call 004041DC
0049328C |. E8 DBFDFFFF call 0049306C ; 关键call,跟进
00493291 |. 8BD8 mov ebx, eax
00493293 |. 84DB test bl, bl
00493295 |. 0F84 DC000000 je 00493377
0049329B |. C686 64030000>mov byte ptr [esi+364], 1
004932A2 |. 8D45 FC lea eax, [ebp-4]
004932A5 |. 50 push eax
004932A6 |. 8D55 F0 lea edx, [ebp-10]
004932A9 |. B8 E0334900 mov eax, 004933E0 ; ac95829f829d9994abaabf8a8bbf82838982a895
004932AE |. E8 AD41FFFF call 00487460
004932B3 |. 8B45 F0 mov eax, [ebp-10]
004932B6 |. 50 push eax
004932B7 |. 8D55 EC lea edx, [ebp-14]
004932BA |. B8 14344900 mov eax, 00493414 ; be828b999a8c9f88b1a0848e9f829e828b99b1a9bfa0bfbeb5
004932BF |. E8 9C41FFFF call 00487460
004932C4 |. 8B55 EC mov edx, [ebp-14]
004932C7 |. A1 2CD14900 mov eax, [49D12C]
004932CC |. 59 pop ecx
004932CD |. E8 9657FFFF call 00488A68
004932D2 |. 8D55 E8 lea edx, [ebp-18]
004932D5 |. A1 24D14900 mov eax, [49D124]
004932DA |. E8 E540FFFF call 004873C4
004932DF |. 8B45 E8 mov eax, [ebp-18]
004932E2 |. 50 push eax
004932E3 |. 8D55 E4 lea edx, [ebp-1C]
004932E6 |. B8 50344900 mov eax, 00493450 ; be9e95a99f95afafbc8e95bebebf
004932EB |. E8 7041FFFF call 00487460
004932F0 |. 8B45 E4 mov eax, [ebp-1C]
004932F3 |. 50 push eax
004932F4 |. 8D45 E0 lea eax, [ebp-20]
004932F7 |. 50 push eax
004932F8 |. B8 14344900 mov eax, 00493414 ; be828b999a8c9f88b1a0848e9f829e828b99b1a9bfa0bfbeb5
004932FD |. 5A pop edx
004932FE |. E8 5D41FFFF call 00487460
00493303 |. 8B55 E0 mov edx, [ebp-20]
00493306 |. A1 2CD14900 mov eax, [49D12C]
0049330B |. 59 pop ecx
0049330C |. E8 FB57FFFF call 00488B0C
00493311 |. 837D FC 00 cmp dword ptr [ebp-4], 0
00493315 |. 75 46 jnz short 0049335D
00493317 |. E8 3074F7FF call 0040A74C
0049331C |. 83C4 F4 add esp, -0C
0049331F |. DB3C24 fstp tbyte ptr [esp] ; |
00493322 |. 9B wait ; |
00493323 |. 8D45 DC lea eax, [ebp-24] ; |
00493326 |. E8 DD6EF7FF call 0040A208 ; \desksave.0040A208
0049332B |. 8B45 DC mov eax, [ebp-24]
0049332E |. 50 push eax
0049332F |. 8D55 D8 lea edx, [ebp-28]
00493332 |. B8 E0334900 mov eax, 004933E0 ; ac95829f829d9994abaabf8a8bbf82838982a895
00493337 |. E8 2441FFFF call 00487460
0049333C |. 8B45 D8 mov eax, [ebp-28]
0049333F |. 50 push eax
00493340 |. 8D45 D4 lea eax, [ebp-2C]
00493343 |. 50 push eax
00493344 |. B8 14344900 mov eax, 00493414 ; be828b999a8c9f88b1a0848e9f829e828b99b1a9bfa0bfbeb5
00493349 |. 5A pop edx
0049334A |. E8 1141FFFF call 00487460
0049334F |. 8B55 D4 mov edx, [ebp-2C]
00493352 |. A1 2CD14900 mov eax, [49D12C]
00493357 |. 59 pop ecx
00493358 |. E8 AF57FFFF call 00488B0C
0049335D |> 6A 40 push 40
0049335F |. B9 70344900 mov ecx, 00493470 ; information
00493364 |. BA 7C344900 mov edx, 0049347C ; registration has been completed successfully!
00493369 |. A1 54B54900 mov eax, [49B554]
0049336E |. 8B00 mov eax, [eax]
00493370 |. E8 2B52FEFF call 004785A0
00493375 |. EB 22 jmp short 00493399
00493377 |> B8 24D14900 mov eax, 0049D124 ; ASCII "??
0049337C |. E8 070EF7FF call 00404188
00493381 |. 6A 10 push 10
00493383 |. B9 AC344900 mov ecx, 004934AC ; error
00493388 |. BA B4344900 mov edx, 004934B4 ; registration code is invalid!
0049338D |. A1 54B54900 mov eax, [49B554]
00493392 |. 8B00 mov eax, [eax]
00493394 |. E8 0752FEFF call 004785A0
00493399 |> 33C0 xor eax, eax
0049339B |. 5A pop edx
0049339C |. 59 pop ecx
0049339D |. 59 pop ecx
0049339E |. 64:8910 mov fs:[eax], edx
004933A1 |. 68 D0334900 push 004933D0
004933A6 |> 8D45 D4 lea eax, [ebp-2C]
004933A9 |. BA 08000000 mov edx, 8
004933AE |. E8 F90DF7FF call 004041AC
004933B3 |. 8D45 F4 lea eax, [ebp-C]
004933B6 |. E8 CD0DF7FF call 00404188
004933BB |. 8D45 F8 lea eax, [ebp-8]
004933BE |. BA 02000000 mov edx, 2
004933C3 |. E8 E40DF7FF call 004041AC
004933C8 \. C3 retn
004933C9 .^ E9 3A07F7FF jmp 00403B08
004933CE .^ EB D6 jmp short 004933A6
004933D0 . 8BC3 mov eax, ebx
004933D2 . 5E pop esi
004933D3 . 5B pop ebx
004933D4 . 8BE5 mov esp, ebp
004933D6 . 5D pop ebp
004933D7 . C3 retn
第二部分:
跟进0049328C |. E8 DBFDFFFF call 0049306C
0049306C /$ 53 push ebx
0049306D |. 56 push esi
0049306E |. 57 push edi
0049306F |. BF 24D14900 mov edi, 0049D124 ; ASCII "??
00493074 |. 33F6 xor esi, esi
00493076 |. 33DB xor ebx, ebx
00493078 |. 8B07 mov eax, [edi]
0049307A |. E8 C913F7FF call 00404448 ; 取假码位数
0049307F |. 83F8 0E cmp eax, 0E ; 注册码位数为14位
00493082 |. 75 67 jnz short 004930EB ; 不等则跳
00493084 |. 8B07 mov eax, [edi]
00493086 |. 8038 33 cmp byte ptr [eax], 33 ; 假码第一位ASCII值与33比较
00493089 |. 0F94C0 sete al
0049308C |. 83E0 7F and eax, 7F
0049308F |. 03F0 add esi, eax
00493091 |. 8B07 mov eax, [edi]
00493093 |. 8078 02 33 cmp byte ptr [eax+2], 33 ; 假码第三位ASCII值与33比较
00493097 |. 0F94C0 sete al
0049309A |. 83E0 7F and eax, 7F
0049309D |. 03F0 add esi, eax
0049309F |. 8B07 mov eax, [edi]
004930A1 |. 8078 03 39 cmp byte ptr [eax+3], 39 ; 假码第四位ASCII值与39比较
004930A5 |. 0F94C0 sete al
004930A8 |. 83E0 7F and eax, 7F
004930AB |. 03F0 add esi, eax
004930AD |. 8B07 mov eax, [edi]
004930AF |. 8078 04 30 cmp byte ptr [eax+4], 30 ; 假码第五位ASCII值与30比较
004930B3 |. 0F94C0 sete al
004930B6 |. 83E0 7F and eax, 7F
004930B9 |. 03F0 add esi, eax
004930BB |. 8B07 mov eax, [edi]
004930BD |. 8078 07 38 cmp byte ptr [eax+7], 38 ; 假码第八位ASCII值与38比较
004930C1 |. 0F94C0 sete al
004930C4 |. 83E0 7F and eax, 7F
004930C7 |. 03F0 add esi, eax
004930C9 |. 8B07 mov eax, [edi]
004930CB |. 8078 08 38 cmp byte ptr [eax+8], 38 ; 假码第九位ASCII值与38比较
004930CF |. 0F94C0 sete al
004930D2 |. 83E0 7F and eax, 7F
004930D5 |. 03F0 add esi, eax
004930D7 |. 8B07 mov eax, [edi]
004930D9 |. 8078 0A 32 cmp byte ptr [eax+A], 32 ; 假码第十一位ASCII值与32比较
004930DD |. 0F94C0 sete al
004930E0 |. 83E0 7F and eax, 7F
004930E3 |. 03F0 add esi, eax
004930E5 |. 83FE 07 cmp esi, 7
004930E8 |. 0F94C3 sete bl
004930EB |> 8BC3 mov eax, ebx
004930ED |. 5F pop edi
004930EE |. 5E pop esi
004930EF |. 5B pop ebx
004930F0 \. C3 retn
------------------------------------------------------------------------
【破解总结】
1、注册码14位,第1位为:3,第3位为:3,第4位为:9,第5位为:0,第8位为:8,第9位为:8,第11位为:2,其它位任意
一组可用注册码:32390678802234
------------------------------------------------------------------------
【版权声明】本文系作者原创, 转载请注明作者并保持文章的完整, 谢谢! |
|
IP卡
发表于 2006-12-9 11:37:05
提升卡
置顶卡
变色卡
千斤顶
显身卡
