- UID
- 1479
注册时间2005-5-9
阅读权限10
最后登录1970-1-1
周游历练
该用户从未签到
|
飞翔鸟桌面百变专家 V1.1
【加密方式】 注册码
【破解工具】 FlyOD V1.10、W32DASM V8.93
【软件限制】 30次
【破解平台】 Microsoft Windows XP SP2
加了ASPack 2.1 -> Alexey Solodovnikov的外壳,脱掉,Borland Delphi 6.0 - 7.0编写。
由“注册成功,谢谢注册” --4d02e8逐步向上分析
004D013B . 837D FC 00 cmp dword ptr ss:[ebp-4],0
004D013F . 75 0C jnz short 飞翔鸟桌.004D014D
004D0141 . A1 F0724E00 mov eax,dword ptr ds:[4E72F0]
004D0146 . E8 55FFF8FF call 飞翔鸟桌.004600A0
004D014B . EB 51 jmp short 飞翔鸟桌.004D019E
004D014D > 8D55 F0 lea edx,dword ptr ss:[ebp-10]
004D0150 . 8B83 08030000 mov eax,dword ptr ds:[ebx+308]
004D0156 . E8 8D2BF7FF call 飞翔鸟桌.00442CE8
004D015B . 8B45 F0 mov eax,dword ptr ss:[ebp-10]
004D015E . 8D55 F4 lea edx,dword ptr ss:[ebp-C]
004D0161 . E8 4A8BF3FF call 飞翔鸟桌.00408CB0
004D0166 . 837D F4 00 cmp dword ptr ss:[ebp-C],0
004D016A . 75 0C jnz short 飞翔鸟桌.004D0178
004D016C . A1 F0724E00 mov eax,dword ptr ds:[4E72F0]
004D0171 . E8 2AFFF8FF call 飞翔鸟桌.004600A0
004D0176 . EB 26 jmp short 飞翔鸟桌.004D019E
004D0178 > 8BC3 mov eax,ebx
004D017A . E8 71020000 call 飞翔鸟桌.004D03F0--------------关键call,写入标志位
004D017F . 84C0 test al,al
004D0181 74 09 je short 飞翔鸟桌.004D018C-------------标志位比较--必须跳
004D0183 . 8BC3 mov eax,ebx
004D0185 . E8 6E000000 call 飞翔鸟桌.004D01F8
004D018A . EB 12 jmp short 飞翔鸟桌.004D019E
004D018C > B8 F4010000 mov eax,1F4
004D0191 > 48 dec eax
004D0192 .^ 75 FD jnz short 飞翔鸟桌.004D0191
004D0194 . A1 F0724E00 mov eax,dword ptr ds:[4E72F0]
004D0199 . E8 02FFF8FF call 飞翔鸟桌.004600A0
004D019E > 33C0 xor eax,eax
比较完标志位后的处理004D0185 call 飞翔鸟桌.004D01F8
004D01F8 /$ 55 push ebp
004D01F9 |. 8BEC mov ebp,esp
004D01FB |. 33C9 xor ecx,ecx
004D01FD |. 51 push ecx
004D01FE |. 51 push ecx
004D01FF |. 51 push ecx
004D0200 |. 51 push ecx
004D0201 |. 51 push ecx
004D0202 |. 53 push ebx
004D0203 |. 56 push esi
004D0204 |. 57 push edi
004D0205 |. 8945 FC mov dword ptr ss:[ebp-4],eax
004D0208 |. 33C0 xor eax,eax
004D020A |. 55 push ebp
004D020B |. 68 36034D00 push 飞翔鸟桌.004D0336
004D0210 |. 64:FF30 push dword ptr fs:[eax]
004D0213 |. 64:8920 mov dword ptr fs:[eax],esp
004D0216 |. B2 01 mov dl,1
004D0218 |. A1 2C8A4600 mov eax,dword ptr ds:[468A2C]
004D021D |. E8 0A89F9FF call 飞翔鸟桌.00468B2C
004D0222 |. 8BF8 mov edi,eax
004D0224 |. BA 01000080 mov edx,80000001
004D0229 |. 8BC7 mov eax,edi
004D022B |. E8 9C89F9FF call 飞翔鸟桌.00468BCC
004D0230 |. B1 01 mov cl,1
004D0232 |. BA 4C034D00 mov edx,飞翔鸟桌.004D034C ; ASCII "\Software\Microsoft\Windows\CurrentVersion\Explorer\License"
004D0237 |. 8BC7 mov eax,edi
004D0239 |. E8 F289F9FF call 飞翔鸟桌.00468C30
004D023E |. 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004D0241 |. E8 F643F3FF call 飞翔鸟桌.0040463C
004D0246 |. A1 F4724E00 mov eax,dword ptr ds:[4E72F4]
004D024B |. E8 A446F3FF call 飞翔鸟桌.004048F4
004D0250 |. 8BD8 mov ebx,eax
004D0252 |. 85DB test ebx,ebx
004D0254 |. 7E 40 jle short 飞翔鸟桌.004D0296
肯定跳转不管
004D0256 |. BE 01000000 mov esi,1
004D025B |> 8D45 EC /lea eax,dword ptr ss:[ebp-14]
004D025E |. 50 |push eax
004D025F |. B9 01000000 |mov ecx,1
004D0264 |. 8BD6 |mov edx,esi
004D0266 |. A1 F4724E00 |mov eax,dword ptr ds:[4E72F4]
004D026B |. E8 DC48F3FF |call 飞翔鸟桌.00404B4C
004D0270 |. 8B45 EC |mov eax,dword ptr ss:[ebp-14]
004D0273 |. E8 7448F3FF |call 飞翔鸟桌.00404AEC
004D0278 |. 33D2 |xor edx,edx
004D027A |. 8A10 |mov dl,byte ptr ds:[eax]
004D027C |. 83C2 05 |add edx,5
004D027F |. 8D45 F0 |lea eax,dword ptr ss:[ebp-10]
004D0282 |. E8 9545F3FF |call 飞翔鸟桌.0040481C
004D0287 |. 8B55 F0 |mov edx,dword ptr ss:[ebp-10]
004D028A |. 8D45 F8 |lea eax,dword ptr ss:[ebp-8]
004D028D |. E8 6A46F3FF |call 飞翔鸟桌.004048FC
004D0292 |. 46 |inc esi
004D0293 |. 4B |dec ebx
004D0294 |.^ 75 C5 \jnz short 飞翔鸟桌.004D025B
后面是“注册成功,谢谢注册”4d02e8
004D0296 |> B8 F4724E00 mov eax,飞翔鸟桌.004E72F4
004D029B |. 8B55 F8 mov edx,dword ptr ss:[ebp-8]
004D029E |. E8 ED43F3FF call 飞翔鸟桌.00404690
004D02A3 |. 8B0D F4724E00 mov ecx,dword ptr ds:[4E72F4]
004D02A9 |. BA 90034D00 mov edx,飞翔鸟桌.004D0390 ; ASCII "FN ame"
004D017A call 飞翔鸟桌.004D03F0--------------关键call,写入标志位
004D03F0 /$ 55 push ebp
004D03F1 |. 8BEC mov ebp,esp
004D03F3 |. 83C4 E8 add esp,-18
004D03F6 |. 53 push ebx
004D03F7 |. 56 push esi
004D03F8 |. 33D2 xor edx,edx
004D03FA |. 8955 E8 mov dword ptr ss:[ebp-18],edx
004D03FD |. 8955 EC mov dword ptr ss:[ebp-14],edx
004D0400 |. 8955 F4 mov dword ptr ss:[ebp-C],edx
004D0403 |. 8945 FC mov dword ptr ss:[ebp-4],eax
004D0406 |. 33C0 xor eax,eax
004D0408 |. 55 push ebp
004D0409 |. 68 EF044D00 push 飞翔鸟桌.004D04EF
004D040E |. 64:FF30 push dword ptr fs:[eax]
004D0411 |. 64:8920 mov dword ptr fs:[eax],esp
004D0414 |. 33DB xor ebx,ebx
004D0416 |. 8D55 F4 lea edx,dword ptr ss:[ebp-C]
004D0419 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
004D041C |. 8B80 04030000 mov eax,dword ptr ds:[eax+304]
004D0422 |. E8 C128F7FF call 飞翔鸟桌.00442CE8
004D0427 |. 8B45 F4 mov eax,dword ptr ss:[ebp-C]
Stack ss:[0013F9EC]=00F41EB0, (ASCII "chenli")
eax=00000006
004D042A |. E8 C544F3FF call 飞翔鸟桌.004048F4
004D042F |. 8BF0 mov esi,eax
004D0431 |. 85F6 test esi,esi
004D0433 |. 7E 38 jle short 飞翔鸟桌.004D046D
004D0435 |. C745 F0 01000000 mov dword ptr ss:[ebp-10],1
004D043C |> 8D45 EC /lea eax,dword ptr ss:[ebp-14]
004D043F |. 50 |push eax
004D0440 |. B9 01000000 |mov ecx,1
004D0445 |. 8B55 F0 |mov edx,dword ptr ss:[ebp-10]
004D0448 |. 8B45 F4 |mov eax,dword ptr ss:[ebp-C]
004D044B |. E8 FC46F3FF |call 飞翔鸟桌.00404B4C
004D0450 |. 8B45 EC |mov eax,dword ptr ss:[ebp-14]
004D0453 |. E8 9446F3FF |call 飞翔鸟桌.00404AEC
004D0458 |. 8A00 |mov al,byte ptr ds:[eax]
004D045A |. 25 FF000000 |and eax,0FF
004D045F |. 03D8 |add ebx,eax
004D0461 |. 81F3 05FA0B00 |xor ebx,0BFA05
004D0467 |. FF45 F0 |inc dword ptr ss:[ebp-10]
004D046A |. 4E |dec esi
004D046B |.^ 75 CF \jnz short 飞翔鸟桌.004D043C
循环姓名
004D046D |> A1 FC724E00 mov eax,dword ptr ds:[4E72FC]
004D0472 |. 8BD0 mov edx,eax
004D0474 |. C1E0 04 shl eax,4
004D0477 |. 03C2 add eax,edx
004D0479 |. 03D8 add ebx,eax
004D047B |. 81C3 D4A31300 add ebx,13A3D4
004D0481 |. 81F3 8DED5900 xor ebx,59ED8D
004D0487 |. 8D55 E8 lea edx,dword ptr ss:[ebp-18]
004D048A |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
004D048D |. 8B80 08030000 mov eax,dword ptr ds:[eax+308]
004D0493 |. E8 5028F7FF call 飞翔鸟桌.00442CE8
004D0498 |. 8B45 E8 mov eax,dword ptr ss:[ebp-18]
Stack ss:[0013F9E0]=00F7A1AC, (ASCII "987654321")
eax=00000009
004D049B |. E8 748AF3FF call 飞翔鸟桌.00408F14
004D04A0 |. 8BF3 mov esi,ebx
ebx=008042AE
esi=00000000
004D04A2 |. 81F6 2473C400 xor esi,0C47324------常数
esi=008042AE
004D04A8 |. 3BC6 cmp eax,esi
esi=0044318A (飞翔鸟桌.0044318A)异或的结果
eax=3ADE68B1----987654321
004D04AA |. 75 19 jnz short 飞翔鸟桌.004D04C5-------改为je就可以写入标志位
004D04AC |. C645 FB 01 mov byte ptr ss:[ebp-5],1
004D04B0 |. B8 F4724E00 mov eax,飞翔鸟桌.004E72F4
004D04B5 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
004D04B8 |. E8 D341F3FF call 飞翔鸟桌.00404690
004D04BD |. 8935 F8724E00 mov dword ptr ds:[4E72F8],esi
004D04C3 |. EB 04 jmp short 飞翔鸟桌.004D04C9
004D04C5 |> C645 FB 00 mov byte ptr ss:[ebp-5],0
004D04C9 |> 33C0 xor eax,eax
004D04CB |. 5A pop edx
004D04CC |. 59 pop ecx
004D04CD |. 59 pop ecx
004D04CE |. 64:8910 mov dword ptr fs:[eax],edx
004D04D1 |. 68 F6044D00 push 飞翔鸟桌.004D04F6
004D04D6 |> 8D45 E8 lea eax,dword ptr ss:[ebp-18]
004D04D9 |. E8 5E41F3FF call 飞翔鸟桌.0040463C
004D04DE |. 8D45 EC lea eax,dword ptr ss:[ebp-14]
004D04E1 |. E8 5641F3FF call 飞翔鸟桌.0040463C
004D04E6 |. 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004D04E9 |. E8 4E41F3FF call 飞翔鸟桌.0040463C
004D04EE \. C3 retn
004D04EF .^ E9 CC3AF3FF jmp 飞翔鸟桌.00403FC0
004D04F4 .^ EB E0 jmp short 飞翔鸟桌.004D04D6
004D04F6 . 8A45 FB mov al,byte ptr ss:[ebp-5]
004D04F9 . 5E pop esi
004D04FA . 5B pop ebx
004D04FB . 8BE5 mov esp,ebp
004D04FD . 5D pop ebp
004D04FE . C3 retn
004D04FF 90 nop
004D0500 . C705 FC724E00 2AA>mov dword ptr ds:[4E72FC],0BA62A
004D050A . C3 retn
[ 本帖最后由 tigerisme 于 2006-8-27 08:45 编辑 ] |
|
IP卡
发表于 2005-6-23 17:16:43
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2005-6-23 18:29:32
楼主