- UID
- 18845
注册时间2006-7-22
阅读权限10
最后登录1970-1-1
周游历练
TA的每日心情 | 郁闷
2022-10-26 21:54 |
|---|
签到天数: 5 天 [LV.2]偶尔看看I
|
帮助看看啊跟踪了好多天,也没破解,请高手指教!谢谢!!(为了学习破解),文件里面有我的破解过程,跟了很久找不到算法所在处,望老大指点迷津,再声谢谢了!
文件下载地址:http://pickup.mofile.com/1342998039380768
破解说明: 帮助看看啊跟踪了好多天,也没破解,请高手指教!谢谢!!(为了学习破解)
以下是我的分析,就是没有找到软件算法位置:
0065CE7C /. 55 PUSH EBP ;注册入口
0065CE7D |. 8BEC MOV EBP,ESP
0065CE7F |. 33C9 XOR ECX,ECX
0065CE81 |. 51 PUSH ECX
0065CE82 |. 51 PUSH ECX
0065CE83 |. 51 PUSH ECX
0065CE84 |. 51 PUSH ECX
0065CE85 |. 56 PUSH ESI
0065CE86 |. 8BF0 MOV ESI,EAX
0065CE88 |. 33C0 XOR EAX,EAX
0065CE8A |. 55 PUSH EBP
0065CE8B |. 68 7CCF6500 PUSH 店铺电脑.0065CF7C
0065CE90 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0065CE93 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0065CE96 |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
0065CE99 |. 8B86 FC020000 MOV EAX,DWORD PTR DS:[ESI+2FC]
0065CE9F |. E8 08A3E0FF CALL 店铺电脑.004671AC ; 假码的位数传入寄存器EAX中
0065CEA4 |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
0065CEA8 |. 74 36 JE SHORT 店铺电脑.0065CEE0
0065CEAA |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
0065CEAD |. 8B86 FC020000 MOV EAX,DWORD PTR DS:[ESI+2FC]
0065CEB3 |. E8 F4A2E0FF CALL 店铺电脑.004671AC ; 假码的位数传入寄存器EAX中
0065CEB8 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0065CEBB |. E8 F07FDAFF CALL 店铺电脑.00404EB0 ; 假码出现在寄存器EAX中
0065CEC0 |. 83F8 23 CMP EAX,23 ; 对比注册码是否大于35位(十进制)
0065CEC3 |. 7C 1B JL SHORT 店铺电脑.0065CEE0 ; 小于35则跳(结束)
0065CEC5 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0065CEC8 |. 8B86 FC020000 MOV EAX,DWORD PTR DS:[ESI+2FC]
0065CECE |. E8 D9A2E0FF CALL 店铺电脑.004671AC
0065CED3 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0065CED6 |. E8 D57FDAFF CALL 店铺电脑.00404EB0
0065CEDB |. 83F8 34 CMP EAX,34 ; 对比注册码是否大于52位(十进制)
0065CEDE |. 7E 33 JLE SHORT 店铺电脑.0065CF13 ; 小于等于52则跳到认证注册
0065CEE0 |> B8 90CF6500 MOV EAX,店铺电脑.0065CF90 ; 注册信息不正确,如果您尚未获得注册码,请查看购买方法
0065CEE5 |. E8 3AEBDDFF CALL 店铺电脑.0043BA24
0065CEEA |. 6A 03 PUSH 3
0065CEEC |. 68 C8CF6500 PUSH 店铺电脑.0065CFC8 ; _blank
0065CEF1 |. 6A 00 PUSH 0
0065CEF3 |. 68 D0CF6500 PUSH 店铺电脑.0065CFD0 ; http://www.kiwisoft.cn/reg.htm
0065CEF8 |. 68 F0CF6500 PUSH 店铺电脑.0065CFF0 ; open
0065CEFD |. 8BC6 MOV EAX,ESI
0065CEFF |. E8 2C0CE1FF CALL 店铺电脑.0046DB30
0065CF04 |. 50 PUSH EAX ; |hWnd
0065CF05 |. E8 12AEDDFF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
0065CF0A |. 8BC6 MOV EAX,ESI
0065CF0C |. E8 DF76E2FF CALL 店铺电脑.004845F0
0065CF11 |. EB 46 JMP SHORT 店铺电脑.0065CF59
0065CF13 |> 8B15 F0416700 MOV EDX,DWORD PTR DS:[6741F0] ; 店铺电脑.006788D4
0065CF19 |. 8B12 MOV EDX,DWORD PTR DS:[EDX]
0065CF1B |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0065CF1E |. B9 00D06500 MOV ECX,店铺电脑.0065D000 ; license.xml
0065CF23 |. E8 D47FDAFF CALL 店铺电脑.00404EFC ; 建立LICENSE.XML
0065CF28 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0065CF2B |. 8B86 FC020000 MOV EAX,DWORD PTR DS:[ESI+2FC]
0065CF31 |. 8B80 20020000 MOV EAX,DWORD PTR DS:[EAX+220]
0065CF37 |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
0065CF39 |. FF51 74 CALL DWORD PTR DS:[ECX+74]
0065CF3C |. B8 14D06500 MOV EAX,店铺电脑.0065D014 ; 已成功输入,请重新打开软件读取授权信息
0065CF41 |. E8 DEEADDFF CALL 店铺电脑.0043BA24 ; CALL已成功输入,重启软件
0065CF46 |. 8BC6 MOV EAX,ESI
0065CF48 |. E8 A376E2FF CALL 店铺电脑.004845F0
0065CF4D |. A1 F0406700 MOV EAX,DWORD PTR DS:[6740F0]
0065CF52 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0065CF54 |. E8 B3B0E2FF CALL 店铺电脑.0048800C
0065CF59 |> 33C0 XOR EAX,EAX
0065CF5B |. 5A POP EDX
0065CF5C |. 59 POP ECX
0065CF5D |. 59 POP ECX
0065CF5E |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0065CF61 |. 68 83CF6500 PUSH 店铺电脑.0065CF83
0065CF66 |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0065CF69 |. E8 827CDAFF CALL 店铺电脑.00404BF0
0065CF6E |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C] ; 传第一行假码地址到EAX
0065CF71 |. BA 03000000 MOV EDX,3
0065CF76 |. E8 997CDAFF CALL 店铺电脑.00404C14
0065CF7B \. C3 RETN
下面是重启验证的三个地方:
地址=0065BC15
反汇编=MOV ECX,店铺电脑.0065C294
文本字串=license.xml
超级字串参考+ , 条目 4678
地址=0065BC54
反汇编=MOV ECX,店铺电脑.0065C294
文本字串=license.xml
超级字串参考+ , 条目 4690
地址=0065C521
反汇编=MOV ECX,店铺电脑.0065C784
文本字串=license.xml
下面是一段算法,但算出的结果不是注册码
0065BAD3 |. /7E 60 JLE SHORT 店铺电脑.0065BB35
0065BAD5 |. |C745 E8 01000>MOV DWORD PTR SS:[EBP-18],1
0065BADC |> |8B45 FC /MOV EAX,DWORD PTR SS:[EBP-4]
0065BADF |. |8B55 E8 |MOV EDX,DWORD PTR SS:[EBP-18]
0065BAE2 |. |0FB64410 FF |MOVZX EAX,BYTE PTR DS:[EAX+EDX-1]
0065BAE7 |. |03C3 |ADD EAX,EBX
0065BAE9 |. |B9 FF000000 |MOV ECX,0FF
0065BAEE |. |99 |CDQ
0065BAEF |. |F7F9 |IDIV ECX
0065BAF1 |. |8BDA |MOV EBX,EDX
0065BAF3 |. |3B75 F0 |CMP ESI,DWORD PTR SS:[EBP-10]
0065BAF6 |. |7D 03 |JGE SHORT 店铺电脑.0065BAFB
0065BAF8 |. |46 |INC ESI
0065BAF9 |. |EB 05 |JMP SHORT 店铺电脑.0065BB00
0065BAFB |> |BE 01000000 |MOV ESI,1
0065BB00 |> |8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
0065BB03 |. |0FB64430 FF |MOVZX EAX,BYTE PTR DS:[EAX+ESI-1]
0065BB08 |. |33D8 |XOR EBX,EAX
0065BB0A |. |8D45 DC |LEA EAX,DWORD PTR SS:[EBP-24]
0065BB0D |. |50 |PUSH EAX ; /Arg1
0065BB0E |. |895D E0 |MOV DWORD PTR SS:[EBP-20],EBX ; |
0065BB11 |. |C645 E4 00 |MOV BYTE PTR SS:[EBP-1C],0 ; |
0065BB15 |. |8D55 E0 |LEA EDX,DWORD PTR SS:[EBP-20] ; |
0065BB18 |. |33C9 |XOR ECX,ECX ; |
0065BB1A |. |B8 94BB6500 |MOV EAX,店铺电脑.0065BB94 ; |ASCII "%1.2x"
0065BB1F |. |E8 E0F1DAFF |CALL 店铺电脑.0040AD04 ; \店铺电脑.0040AD04
0065BB24 |. |8B55 DC |MOV EDX,DWORD PTR SS:[EBP-24]
0065BB27 |. |8D45 EC |LEA EAX,DWORD PTR SS:[EBP-14]
0065BB2A |. |E8 8993DAFF |CALL 店铺电脑.00404EB8
0065BB2F |. |FF45 E8 |INC DWORD PTR SS:[EBP-18]
0065BB32 |. |4F |DEC EDI
0065BB33 |.^|75 A7 \JNZ SHORT 店铺电脑.0065BADC
[ 本帖最后由 hxssjy 于 2008-4-11 12:39 编辑 ] |
|
IP卡
发表于 2008-3-14 11:47:47
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2008-3-14 23:34:35
楼主
发表于 2008-4-11 13:40:20
发表于 2008-4-29 09:13:38
