希望杀号公式爆破

sugar8a · 发表于 2007-1-21 14:35:36

希望杀号公式爆破

【破文标题】希望杀号公式爆破
【软件名称】希望杀号公式2.06
【破解工具】PEID，W32Dasm
【保护方式】ASPack 2.12 -> Alexey Solodovnikov

   现在我们来破解它吧！！看看它是怎么注册的，随便输入一个注册码

（787878我习惯）。出现了错误提示。然后我们用W32DASM载入它，选择“字串

符参考”，找到“"软件已经注册，注册码是："，我们双击它，来到一行代码前

，向上找到关键的跳转

:004B9536 8B45F0                mov eax, dword ptr [ebp-10]
:004B9539 E8EAFBFFFF             call 004B9128
:004B953E 84C0                   test al, al
:004B9540 7562                   jne 004B95A4    关键跳转
:004B9542 8B45FC                mov eax, dword ptr [ebp-04]
:004B9545 8B80E8020000          mov eax, dword ptr [eax+000002E8]

* Possible StringData Ref from Data Obj ->"软件已经注册，注册码是："
                              |
:004B954B BA54974B00             mov edx, 004B9754 停在些，往上找！

！
:004B9550 E86B65F7FF             call 0042FAC0
:004B9555 8B45FC                mov eax, dword ptr [ebp-04]

[ 本帖最后由 tigerisme 于 2007-1-21 17:16 编辑 ]

tigerisme · 发表于 2007-1-21 17:14:58

标志位爆破...支持一下

最好给出软件的下载连接

wyh1983 · 发表于 2007-1-23 21:21:22

我再来个详细点的，嘿嘿，占兄弟便宜了！！！

软件下载地址：www.sharebank.com.cn/soft/SoftView_16441.htm
004B93F0 $  55          PUSH EBP                               ;  这里是菜单中关于的断点位置
004B93F1 .  8BEC       MOV EBP,ESP
004B93F3 .  83C4 C0    ADD ESP,-40
004B93F6 .  53          PUSH EBX
004B93F7 .  56          PUSH ESI
004B93F8 .  57          PUSH EDI
004B93F9 .  33DB       XOR EBX,EBX
004B93FB .  895D C4    MOV DWORD PTR SS:[EBP-3C],EBX
004B93FE .  895D C0    MOV DWORD PTR SS:[EBP-40],EBX
004B9401 .  895D E0    MOV DWORD PTR SS:[EBP-20],EBX
004B9404 .  895D DC    MOV DWORD PTR SS:[EBP-24],EBX
004B9407 .  895D EC    MOV DWORD PTR SS:[EBP-14],EBX
004B940A .  895D E8    MOV DWORD PTR SS:[EBP-18],EBX
004B940D .  895D E4    MOV DWORD PTR SS:[EBP-1C],EBX
004B9410 .  84D2       TEST DL,DL
004B9412 .  74 08       JE SHORT _UnPacke.004B941C
004B9414 .  83C4 F0    ADD ESP,-10
004B9417 .  E8 0C9EF4FF CALL _UnPacke.00403228
004B941C >  894D F4    MOV DWORD PTR SS:[EBP-C],ECX
004B941F .  8855 FB    MOV BYTE PTR SS:[EBP-5],DL
004B9422 .  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
004B9425 .  33C0       XOR EAX,EAX
004B9427 .  55          PUSH EBP
004B9428 .  68 0B964B00 PUSH _UnPacke.004B960B
004B942D .  64:FF30    PUSH DWORD PTR FS:[EAX]
004B9430 .  64:8920    MOV DWORD PTR FS:[EAX],ESP
004B9433 .  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
004B9436 .  33D2       XOR EDX,EDX
004B9438 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B943B .  E8 1CD8F8FF CALL _UnPacke.00446C5C                ;  这里关于软件版本的东东
004B9440 .  68 3C964B00 PUSH _UnPacke.004B963C                ;  v2.06
004B9445 .  8D45 E8    LEA EAX,DWORD PTR SS:[EBP-18]
004B9448 .  50          PUSH EAX
004B9449 .  B9 04000000 MOV ECX,4
004B944E .  BA 01000000 MOV EDX,1
004B9453 .  B8 4C964B00 MOV EAX,_UnPacke.004B964C             ;  20060602
004B9458 .  E8 F7ABF4FF CALL _UnPacke.00404054
004B945D .  FF75 E8    PUSH DWORD PTR SS:[EBP-18]
004B9460 .  68 60964B00 PUSH _UnPacke.004B9660                ;  年
004B9465 .  8D45 E4    LEA EAX,DWORD PTR SS:[EBP-1C]
004B9468 .  50          PUSH EAX
004B9469 .  B8 4C964B00 MOV EAX,_UnPacke.004B964C             ;  20060602
004B946E .  B9 02000000 MOV ECX,2
004B9473 .  BA 05000000 MOV EDX,5
004B9478 .  E8 D7ABF4FF CALL _UnPacke.00404054
004B947D .  FF75 E4    PUSH DWORD PTR SS:[EBP-1C]
004B9480 .  68 6C964B00 PUSH _UnPacke.004B966C                ;  月出品
004B9485 .  8D45 EC    LEA EAX,DWORD PTR SS:[EBP-14]
004B9488 .  BA 05000000 MOV EDX,5
004B948D .  E8 7AAAF4FF CALL _UnPacke.00403F0C
004B9492 .  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
004B9495 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B9498 .  8B80 DC020000 MOV EAX,DWORD PTR DS:[EAX+2DC]
004B949E .  E8 1D66F7FF CALL _UnPacke.0042FAC0
004B94A3 .  B2 01       MOV DL,1
004B94A5 .  A1 947D4B00 MOV EAX,DWORD PTR DS:[4B7D94]
004B94AA .  E8 61EEFFFF CALL _UnPacke.004B8310
004B94AF .  8945 F0    MOV DWORD PTR SS:[EBP-10],EAX
004B94B2 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B94B5 .  8B80 D8020000 MOV EAX,DWORD PTR DS:[EAX+2D8]
004B94BB .  BA 7C964B00 MOV EDX,_UnPacke.004B967C             ;  希望杀号公式
004B94C0 .  E8 FB65F7FF CALL _UnPacke.0042FAC0
004B94C5 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B94C8 .  8B80 D4020000 MOV EAX,DWORD PTR DS:[EAX+2D4]
004B94CE .  BA 94964B00 MOV EDX,_UnPacke.004B9694             ;  软件验证用户的自定义公式，绝杀指定类型的号码，统计公式的成功比率，软件界面简洁，统计全面，适合普通彩民研究公式杀号。本软件适用于福彩3D以及排列3彩票。
004B94D3 .  E8 E865F7FF CALL _UnPacke.0042FAC0
004B94D8 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B94DB .  8B80 F4020000 MOV EAX,DWORD PTR DS:[EAX+2F4]
004B94E1 .  BA 34974B00 MOV EDX,_UnPacke.004B9734             ;  http://www.3dsoft.net
004B94E6 .  E8 D565F7FF CALL _UnPacke.0042FAC0
004B94EB .  33C0       XOR EAX,EAX
004B94ED .  55          PUSH EBP
004B94EE .  68 D1954B00 PUSH _UnPacke.004B95D1
004B94F3 .  64:FF30    PUSH DWORD PTR FS:[EAX]
004B94F6 .  64:8920    MOV DWORD PTR FS:[EAX],ESP
004B94F9 .  8D45 E0    LEA EAX,DWORD PTR SS:[EBP-20]
004B94FC .  50          PUSH EAX
004B94FD .  8D55 C8    LEA EDX,DWORD PTR SS:[EBP-38]
004B9500 .  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004B9503 .  E8 F8F2FFFF CALL _UnPacke.004B8800
004B9508 .  8D55 C8    LEA EDX,DWORD PTR SS:[EBP-38]
004B950B .  8D45 DC    LEA EAX,DWORD PTR SS:[EBP-24]
004B950E .  E8 DDA8F4FF CALL _UnPacke.00403DF0
004B9513 .  8B4D DC    MOV ECX,DWORD PTR SS:[EBP-24]
004B9516 .  BA FDFFFFFF MOV EDX,-3
004B951B .  B8 F3FFFFFF MOV EAX,-0D
004B9520 .  E8 8FEBFFFF CALL _UnPacke.004B80B4                ;  这部份为提取本机机器码的
004B9525 .  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]
004B9528 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B952B .  8B80 E0020000 MOV EAX,DWORD PTR DS:[EAX+2E0]
004B9531 .  E8 CAEEFBFF CALL _UnPacke.00478400
004B9536 .  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004B9539 .  E8 EAFBFFFF CALL _UnPacke.004B9128
004B953E .  84C0       TEST AL,AL                            这里标志位，未注册为AL＝00
004B9540 .  74 62       JE SHORT _UnPacke.004B95A4                此处为关键跳，跳则出错
004B9542 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B9545 .  8B80 E8020000 MOV EAX,DWORD PTR DS:[EAX+2E8]
004B954B .  BA 54974B00 MOV EDX,_UnPacke.004B9754             ;  软件已经注册，注册码是：
004B9550 .  E8 6B65F7FF CALL _UnPacke.0042FAC0
004B9555 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B9558 .  8B80 E4020000 MOV EAX,DWORD PTR DS:[EAX+2E4]
004B955E .  33D2       XOR EDX,EDX
004B9560 .  E8 4364F7FF CALL _UnPacke.0042F9A8
004B9565 .  8D45 C4    LEA EAX,DWORD PTR SS:[EBP-3C]
004B9568 .  50          PUSH EAX
004B9569 .  8D55 C8    LEA EDX,DWORD PTR SS:[EBP-38]
004B956C .  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004B956F .  E8 ACF2FFFF CALL _UnPacke.004B8820
004B9574 .  8D55 C8    LEA EDX,DWORD PTR SS:[EBP-38]
004B9577 .  8D45 C0    LEA EAX,DWORD PTR SS:[EBP-40]
004B957A .  E8 71A8F4FF CALL _UnPacke.00403DF0
004B957F .  8B4D C0    MOV ECX,DWORD PTR SS:[EBP-40]
004B9582 .  BA FCFFFFFF MOV EDX,-4
004B9587 .  B8 F7FFFFFF MOV EAX,-9
004B958C .  E8 23EBFFFF CALL _UnPacke.004B80B4
004B9591 .  8B55 C4    MOV EDX,DWORD PTR SS:[EBP-3C]          ;  真码出现
004B9594 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B9597 .  8B80 E0020000 MOV EAX,DWORD PTR DS:[EAX+2E0]
004B959D .  E8 5EEEFBFF CALL _UnPacke.00478400
004B95A2 .  EB 23       JMP SHORT _UnPacke.004B95C7
004B95A4 >  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B95A7 .  8B80 E8020000 MOV EAX,DWORD PTR DS:[EAX+2E8]
004B95AD .  BA 78974B00 MOV EDX,_UnPacke.004B9778             ;  软件尚未注册，机器码是：
004B95B2 .  E8 0965F7FF CALL _UnPacke.0042FAC0
004B95B7 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B95BA .  8B80 E4020000 MOV EAX,DWORD PTR DS:[EAX+2E4]
004B95C0 .  B2 01       MOV DL,1
004B95C2 .  E8 E163F7FF CALL _UnPacke.0042F9A8
004B95C7 >  33C0       XOR EAX,EAX
004B95C9 .  5A          POP EDX
004B95CA .  59          POP ECX
004B95CB .  59          POP ECX
004B95CC .  64:8910    MOV DWORD PTR FS:[EAX],EDX
004B95CF .  EB 12       JMP SHORT _UnPacke.004B95E3
004B95D1 .^ E9 BE9DF4FF JMP _UnPacke.00403394
004B95D6 .  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004B95D9 .  E8 0A99F4FF CALL _UnPacke.00402EE8
004B95DE .  E8 0DA1F4FF CALL _UnPacke.004036F0
004B95E3 >  33C0       XOR EAX,EAX
004B95E5 .  5A          POP EDX
004B95E6 .  59          POP ECX
004B95E7 .  59          POP ECX
004B95E8 .  64:8910    MOV DWORD PTR FS:[EAX],EDX
004B95EB .  68 12964B00 PUSH _UnPacke.004B9612
004B95F0 >  8D45 C0    LEA EAX,DWORD PTR SS:[EBP-40]
004B95F3 .  BA 02000000 MOV EDX,2
004B95F8 .  E8 F3A5F4FF CALL _UnPacke.00403BF0
004B95FD .  8D45 DC    LEA EAX,DWORD PTR SS:[EBP-24]
004B9600 .  BA 05000000 MOV EDX,5
004B9605 .  E8 E6A5F4FF CALL _UnPacke.00403BF0
004B960A .  C3          RETN

修改前
004B953E .  84C0       TEST AL,AL                            这里标志位，未注册为AL＝00
004B9540 .  74 62       JE SHORT _UnPacke.004B95A4                此处为关键跳，跳则出错

修改后
004B953E .  84C0       TEST AL,AL                            ;  标志位，未注册为00
004B9540    90          NOP                                     ;  这里是关键跳转,转则出错
004B9541    90          NOP

wyh1983 · 发表于 2007-1-23 21:44:53

004B93F0 $  55          PUSH EBP                               ;  这里是菜单中关于的断点位置
004B93F1 .  8BEC       MOV EBP,ESP
004B93F3 .  83C4 C0    ADD ESP,-40
004B93F6 .  53          PUSH EBX
004B93F7 .  56          PUSH ESI
004B93F8 .  57          PUSH EDI
004B93F9 .  33DB       XOR EBX,EBX
004B93FB .  895D C4    MOV DWORD PTR SS:[EBP-3C],EBX
004B93FE .  895D C0    MOV DWORD PTR SS:[EBP-40],EBX
004B9401 .  895D E0    MOV DWORD PTR SS:[EBP-20],EBX
004B9404 .  895D DC    MOV DWORD PTR SS:[EBP-24],EBX
004B9407 .  895D EC    MOV DWORD PTR SS:[EBP-14],EBX
004B940A .  895D E8    MOV DWORD PTR SS:[EBP-18],EBX
004B940D .  895D E4    MOV DWORD PTR SS:[EBP-1C],EBX
004B9410 .  84D2       TEST DL,DL
004B9412 .  74 08       JE SHORT _UnPacke.004B941C
004B9414 .  83C4 F0    ADD ESP,-10
004B9417 .  E8 0C9EF4FF CALL _UnPacke.00403228
004B941C >  894D F4    MOV DWORD PTR SS:[EBP-C],ECX
004B941F .  8855 FB    MOV BYTE PTR SS:[EBP-5],DL
004B9422 .  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
004B9425 .  33C0       XOR EAX,EAX
004B9427 .  55          PUSH EBP
004B9428 .  68 0B964B00 PUSH _UnPacke.004B960B
004B942D .  64:FF30    PUSH DWORD PTR FS:[EAX]
004B9430 .  64:8920    MOV DWORD PTR FS:[EAX],ESP
004B9433 .  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
004B9436 .  33D2       XOR EDX,EDX
004B9438 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B943B .  E8 1CD8F8FF CALL _UnPacke.00446C5C                ;  这里关于软件版本的东东
004B9440 .  68 3C964B00 PUSH _UnPacke.004B963C                ;  v2.06
004B9445 .  8D45 E8    LEA EAX,DWORD PTR SS:[EBP-18]
004B9448 .  50          PUSH EAX
004B9449 .  B9 04000000 MOV ECX,4
004B944E .  BA 01000000 MOV EDX,1
004B9453 .  B8 4C964B00 MOV EAX,_UnPacke.004B964C             ;  20060602
004B9458 .  E8 F7ABF4FF CALL _UnPacke.00404054
004B945D .  FF75 E8    PUSH DWORD PTR SS:[EBP-18]
004B9460 .  68 60964B00 PUSH _UnPacke.004B9660                ;  年
004B9465 .  8D45 E4    LEA EAX,DWORD PTR SS:[EBP-1C]
004B9468 .  50          PUSH EAX
004B9469 .  B8 4C964B00 MOV EAX,_UnPacke.004B964C             ;  20060602
004B946E .  B9 02000000 MOV ECX,2
004B9473 .  BA 05000000 MOV EDX,5
004B9478 .  E8 D7ABF4FF CALL _UnPacke.00404054
004B947D .  FF75 E4    PUSH DWORD PTR SS:[EBP-1C]
004B9480 .  68 6C964B00 PUSH _UnPacke.004B966C                ;  月出品
004B9485 .  8D45 EC    LEA EAX,DWORD PTR SS:[EBP-14]
004B9488 .  BA 05000000 MOV EDX,5
004B948D .  E8 7AAAF4FF CALL _UnPacke.00403F0C
004B9492 .  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
004B9495 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B9498 .  8B80 DC020000 MOV EAX,DWORD PTR DS:[EAX+2DC]
004B949E .  E8 1D66F7FF CALL _UnPacke.0042FAC0
004B94A3 .  B2 01       MOV DL,1
004B94A5 .  A1 947D4B00 MOV EAX,DWORD PTR DS:[4B7D94]
004B94AA .  E8 61EEFFFF CALL _UnPacke.004B8310
004B94AF .  8945 F0    MOV DWORD PTR SS:[EBP-10],EAX
004B94B2 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B94B5 .  8B80 D8020000 MOV EAX,DWORD PTR DS:[EAX+2D8]
004B94BB .  BA 7C964B00 MOV EDX,_UnPacke.004B967C             ;  希望杀号公式
004B94C0 .  E8 FB65F7FF CALL _UnPacke.0042FAC0
004B94C5 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B94C8 .  8B80 D4020000 MOV EAX,DWORD PTR DS:[EAX+2D4]
004B94CE .  BA 94964B00 MOV EDX,_UnPacke.004B9694             ;  软件验证用户的自定义公式，绝杀指定类型的号码，统计公式的成功比率，软件界面简洁，统计全面，适合普通彩民研究公式杀号。本软件适用于福彩3D以及排列3彩票。
004B94D3 .  E8 E865F7FF CALL _UnPacke.0042FAC0
004B94D8 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B94DB .  8B80 F4020000 MOV EAX,DWORD PTR DS:[EAX+2F4]
004B94E1 .  BA 34974B00 MOV EDX,_UnPacke.004B9734             ;  http://www.3dsoft.net
004B94E6 .  E8 D565F7FF CALL _UnPacke.0042FAC0
004B94EB .  33C0       XOR EAX,EAX
004B94ED .  55          PUSH EBP
004B94EE .  68 D1954B00 PUSH _UnPacke.004B95D1
004B94F3 .  64:FF30    PUSH DWORD PTR FS:[EAX]
004B94F6 .  64:8920    MOV DWORD PTR FS:[EAX],ESP
004B94F9 .  8D45 E0    LEA EAX,DWORD PTR SS:[EBP-20]
004B94FC .  50          PUSH EAX
004B94FD .  8D55 C8    LEA EDX,DWORD PTR SS:[EBP-38]
004B9500 .  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004B9503 .  E8 F8F2FFFF CALL _UnPacke.004B8800
004B9508 .  8D55 C8    LEA EDX,DWORD PTR SS:[EBP-38]
004B950B .  8D45 DC    LEA EAX,DWORD PTR SS:[EBP-24]
004B950E .  E8 DDA8F4FF CALL _UnPacke.00403DF0
004B9513 .  8B4D DC    MOV ECX,DWORD PTR SS:[EBP-24]
004B9516 .  BA FDFFFFFF MOV EDX,-3
004B951B .  B8 F3FFFFFF MOV EAX,-0D
004B9520 .  E8 8FEBFFFF CALL _UnPacke.004B80B4                ;  这部份为提取本机机器码的
004B9525 .  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]
004B9528 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B952B .  8B80 E0020000 MOV EAX,DWORD PTR DS:[EAX+2E0]
004B9531 .  E8 CAEEFBFF CALL _UnPacke.00478400
004B9536 .  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004B9539 .  E8 EAFBFFFF CALL _UnPacke.004B9128
004B953E .  84C0       TEST AL,AL                            这里标志位，未注册为AL＝00
004B9540 .  74 62       JE SHORT _UnPacke.004B95A4                此处为关键跳，跳则出错
004B9542 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B9545 .  8B80 E8020000 MOV EAX,DWORD PTR DS:[EAX+2E8]
004B954B .  BA 54974B00 MOV EDX,_UnPacke.004B9754             ;  软件已经注册，注册码是：
004B9550 .  E8 6B65F7FF CALL _UnPacke.0042FAC0
004B9555 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B9558 .  8B80 E4020000 MOV EAX,DWORD PTR DS:[EAX+2E4]
004B955E .  33D2       XOR EDX,EDX
004B9560 .  E8 4364F7FF CALL _UnPacke.0042F9A8
004B9565 .  8D45 C4    LEA EAX,DWORD PTR SS:[EBP-3C]
004B9568 .  50          PUSH EAX
004B9569 .  8D55 C8    LEA EDX,DWORD PTR SS:[EBP-38]
004B956C .  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004B956F .  E8 ACF2FFFF CALL _UnPacke.004B8820
004B9574 .  8D55 C8    LEA EDX,DWORD PTR SS:[EBP-38]
004B9577 .  8D45 C0    LEA EAX,DWORD PTR SS:[EBP-40]
004B957A .  E8 71A8F4FF CALL _UnPacke.00403DF0
004B957F .  8B4D C0    MOV ECX,DWORD PTR SS:[EBP-40]
004B9582 .  BA FCFFFFFF MOV EDX,-4
004B9587 .  B8 F7FFFFFF MOV EAX,-9
004B958C .  E8 23EBFFFF CALL _UnPacke.004B80B4
004B9591 .  8B55 C4    MOV EDX,DWORD PTR SS:[EBP-3C]          ;  真码出现
004B9594 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B9597 .  8B80 E0020000 MOV EAX,DWORD PTR DS:[EAX+2E0]
004B959D .  E8 5EEEFBFF CALL _UnPacke.00478400
004B95A2 .  EB 23       JMP SHORT _UnPacke.004B95C7
004B95A4 >  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B95A7 .  8B80 E8020000 MOV EAX,DWORD PTR DS:[EAX+2E8]
004B95AD .  BA 78974B00 MOV EDX,_UnPacke.004B9778             ;  软件尚未注册，机器码是：
004B95B2 .  E8 0965F7FF CALL _UnPacke.0042FAC0
004B95B7 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004B95BA .  8B80 E4020000 MOV EAX,DWORD PTR DS:[EAX+2E4]
004B95C0 .  B2 01       MOV DL,1
004B95C2 .  E8 E163F7FF CALL _UnPacke.0042F9A8
004B95C7 >  33C0       XOR EAX,EAX
004B95C9 .  5A          POP EDX
004B95CA .  59          POP ECX
004B95CB .  59          POP ECX
004B95CC .  64:8910    MOV DWORD PTR FS:[EAX],EDX
004B95CF .  EB 12       JMP SHORT _UnPacke.004B95E3
004B95D1 .^ E9 BE9DF4FF JMP _UnPacke.00403394
004B95D6 .  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004B95D9 .  E8 0A99F4FF CALL _UnPacke.00402EE8
004B95DE .  E8 0DA1F4FF CALL _UnPacke.004036F0
004B95E3 >  33C0       XOR EAX,EAX
004B95E5 .  5A          POP EDX
004B95E6 .  59          POP ECX
004B95E7 .  59          POP ECX
004B95E8 .  64:8910    MOV DWORD PTR FS:[EAX],EDX
004B95EB .  68 12964B00 PUSH _UnPacke.004B9612
004B95F0 >  8D45 C0    LEA EAX,DWORD PTR SS:[EBP-40]
004B95F3 .  BA 02000000 MOV EDX,2
004B95F8 .  E8 F3A5F4FF CALL _UnPacke.00403BF0
004B95FD .  8D45 DC    LEA EAX,DWORD PTR SS:[EBP-24]
004B9600 .  BA 05000000 MOV EDX,5
004B9605 .  E8 E6A5F4FF CALL _UnPacke.00403BF0
004B960A .  C3          RETN

修改前
004B953E .  84C0       TEST AL,AL                            这里标志位，未注册为AL＝00
004B9540 .  74 62       JE SHORT _UnPacke.004B95A4                此处为关键跳，跳则出错

修改后
004B953E .  84C0       TEST AL,AL                            ;  标志位，未注册为00
004B9540    90          NOP                                     ;  这里是关键跳转,转则出错
004B9541    90          NOP

ZHOU2X · 发表于 2007-1-25 18:29:59

原帖由 tigerisme 于 2007-1-21 17:14 发表
标志位爆破...支持一下

最好给出软件的下载连接

/:D
神猪还没有掌握,建议他(她)去看下飘云老大的关于"标志位"的视频教程;)

avel · 发表于 2007-1-25 22:16:41

他那样也可以么～
又不是非要标志位不可～

能爆破成功即可～;P :victory:

xgyrcl · 发表于 2007-1-30 23:39:50

好像无法正确更新数据

zchh19 · 发表于 2007-2-1 13:10:26

学习！！！！！！！！！！！！！！！！！！！！！

ks5678909 · 发表于 2007-3-15 11:06:31

能写个注册机就好了

暗里着迷 · 发表于 2007-3-15 20:10:42

爽!!;P ;P

		自动登录	找回密码
密码			加入我们

[原创] 希望杀号公式爆破

我再来个详细点的，嘿嘿，占兄弟便宜了！！！

补充一个希望杀号公式爆破