- UID
- 34249
注册时间2007-8-13
阅读权限20
最后登录1970-1-1
以武会友
 
该用户从未签到
|
【文章标题】: 标志位爆破《3D大赢家》
【文章作者】: gongsui
【软件名称】: 3D大赢家4.04
【下载地址】: 自己搜索下载
【加壳方式】: 无
【编写语言】: Borland Delphi | Object Pascal
【使用工具】: die/od
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
输入假码,提示:注册失败!请向软件提供商索取正确的注册码!\n\n联系电话:010-82608000
搜索ASCⅡ
来到这里 0069F090 |. BA 9CF16900 mov edx, 0069F19C ; 注册失败!请向软件提供商索取正确的注册码!\n\n联系电话:010-82608000
上下左右看一下代码,注意跳转、call
0069EFA3 |. 58 pop eax
0069EFA4 |. E8 BB61D6FF call 00405164
0069EFA9 |. 74 3D je short 0069EFE8
0069EFAB |> 8D45 FC lea eax, dword ptr [ebp-4]
0069EFAE |. BA 14F16900 mov edx, 0069F114 ; 对不起,请输入正确的产品编号!
0069EFB3 |. E8 485ED6FF call 00404E00
0069EFB8 |. 6A 30 push 30
0069EFBA |. 8B45 FC mov eax, dword ptr [ebp-4]
0069EFBD |. E8 5662D6FF call 00405218
0069EFC2 |. 8BD0 mov edx, eax
0069EFC4 |. B9 34F16900 mov ecx, 0069F134 ; 系统提示
0069EFC9 |. A1 C4E77100 mov eax, dword ptr [71E7C4]
0069EFCE |. 8B00 mov eax, dword ptr [eax]
0069EFD0 |. E8 0FC1DDFF call 0047B0E4
0069EFD5 |. 8B83 50040000 mov eax, dword ptr [ebx+450]
0069EFDB |. 8B10 mov edx, dword ptr [eax]
0069EFDD |. FF92 C0000000 call dword ptr [edx+C0]
0069EFE3 |. E9 CF000000 jmp 0069F0B7
0069EFE8 |> 8B55 F4 mov edx, dword ptr [ebp-C]
0069EFEB |. A1 58945B00 mov eax, dword ptr [5B9458]
0069EFF0 |. E8 6BB9F1FF call 005BA960
0069EFF5 |. A1 A4E57100 mov eax, dword ptr [71E5A4]
0069EFFA |. 8B55 F4 mov edx, dword ptr [ebp-C]
0069EFFD |. E8 BA5DD6FF call 00404DBC
0069F002 |> 8D55 E0 lea edx, dword ptr [ebp-20]
0069F005 |. 8B83 2C040000 mov eax, dword ptr [ebx+42C]
0069F00B |. E8 2CA6DBFF call 0045963C
0069F010 |. FF75 E0 push dword ptr [ebp-20]
0069F013 |. 8D55 DC lea edx, dword ptr [ebp-24]
0069F016 |. 8B83 30040000 mov eax, dword ptr [ebx+430]
0069F01C |. E8 1BA6DBFF call 0045963C
0069F021 |. FF75 DC push dword ptr [ebp-24]
0069F024 |. 8D55 D8 lea edx, dword ptr [ebp-28]
0069F027 |. 8B83 34040000 mov eax, dword ptr [ebx+434]
0069F02D |. E8 0AA6DBFF call 0045963C
0069F032 |. FF75 D8 push dword ptr [ebp-28]
0069F035 |. 8D55 D4 lea edx, dword ptr [ebp-2C]
0069F038 |. 8B83 38040000 mov eax, dword ptr [ebx+438]
0069F03E |. E8 F9A5DBFF call 0045963C
0069F043 |. FF75 D4 push dword ptr [ebp-2C]
0069F046 |. 8D45 F8 lea eax, dword ptr [ebp-8]
0069F049 |. BA 04000000 mov edx, 4
0069F04E |. E8 8D60D6FF call 004050E0
0069F053 |. 8D55 D0 lea edx, dword ptr [ebp-30]
0069F056 |. 8B45 F8 mov eax, dword ptr [ebp-8]
0069F059 |. E8 EAA8D6FF call 00409948
0069F05E |. 8B55 D0 mov edx, dword ptr [ebp-30]
0069F061 |. 8D45 F8 lea eax, dword ptr [ebp-8]
0069F064 |. E8 975DD6FF call 00404E00
0069F069 |. 8B55 F8 mov edx, dword ptr [ebp-8]
0069F06C |. 8BC3 mov eax, ebx
0069F06E |. E8 D9FDFFFF call 0069EE4C ;关键call
0069F073 |. 84C0 test al, al ;这里是标志位
0069F075 |. 74 16 je short 0069F08D
0069F077 |. 8D45 FC lea eax, dword ptr [ebp-4]
0069F07A |. BA 48F16900 mov edx, 0069F148 ; 注册成功,感谢使用!\n\n请将您的机器序列号及注册码记录下来,以后升级时备用!
0069F07F |. E8 7C5DD6FF call 00404E00
0069F084 |. 8BC3 mov eax, ebx
0069F086 |. E8 3587DDFF call 004777C0
0069F08B |. EB 0D jmp short 0069F09A
0069F08D |> 8D45 FC lea eax, dword ptr [ebp-4]
0069F090 |. BA 9CF16900 mov edx, 0069F19C ; 注册失败!请向软件提供商索取正确的注册码!\n\n联系电话:010-82608000
0069F095 |. E8 665DD6FF call 00404E00
0069F09A |> 6A 40 push 40
0069F09C |. 8B45 FC mov eax, dword ptr [ebp-4]
f7进入0069F06E 的call
0069EE4C 55 push ebp
0069EE4D 8BEC mov ebp, esp
0069EE4F |. 33C9 xor ecx, ecx
0069EE51 |. 51 push ecx
0069EE52 |. 51 push ecx
0069EE53 |. 51 push ecx
0069EE54 |. 51 push ecx
0069EE55 |. 53 push ebx
0069EE56 |. 8955 FC mov dword ptr [ebp-4], edx
0069EE59 |. 8BD8 mov ebx, eax
0069EE5B |. 8B45 FC mov eax, dword ptr [ebp-4]
0069EE5E |. E8 A563D6FF call 00405208
0069EE63 |. 33C0 xor eax, eax
0069EE65 |. 55 push ebp
0069EE66 |. 68 E6EE6900 push 0069EEE6
0069EE6B |. 64:FF30 push dword ptr fs:[eax]
0069EE6E |. 64:8920 mov dword ptr fs:[eax], esp
0069EE71 |. 8D55 F4 lea edx, dword ptr [ebp-C]
0069EE74 |. 8B45 FC mov eax, dword ptr [ebp-4]
0069EE77 |. E8 1CADD6FF call 00409B98
0069EE7C |. 8B55 F4 mov edx, dword ptr [ebp-C]
0069EE7F |. 8D45 FC lea eax, dword ptr [ebp-4]
0069EE82 |. E8 795FD6FF call 00404E00
0069EE87 |. 8D55 F0 lea edx, dword ptr [ebp-10]
0069EE8A |. 8B83 28040000 mov eax, dword ptr [ebx+428]
0069EE90 |. E8 A7A7DBFF call 0045963C
0069EE95 |. 8B45 F0 mov eax, dword ptr [ebp-10]
0069EE98 |. 8D55 F8 lea edx, dword ptr [ebp-8]
0069EE9B |. E8 F8ACD6FF call 00409B98
0069EEA0 |. 8B4D FC mov ecx, dword ptr [ebp-4]
0069EEA3 |. 8B55 F8 mov edx, dword ptr [ebp-8]
0069EEA6 |. A1 58945B00 mov eax, dword ptr [5B9458]
0069EEAB |. E8 6CA9F1FF call 005B981C 关键call
0069EEB0 |. 8BD8 mov ebx, eax
0069EEB2 |. 84DB test bl, bl
0069EEB4 |. 74 0D je short 0069EEC3 ;关键跳转
0069EEB6 |. 8B55 FC mov edx, dword ptr [ebp-4]
0069EEB9 |. A1 58945B00 mov eax, dword ptr [5B9458]
0069EEBE |. E8 65B0F1FF call 005B9F28
0069EEC3 |> 33C0 xor eax, eax
0069EEC5 |. 5A pop edx
0069EEC6 |. 59 pop ecx
0069EEC7 |. 59 pop ecx
0069EEC8 |. 64:8910 mov dword ptr fs:[eax], edx
0069EECB |. 68 EDEE6900 push 0069EEED
0069EED0 |> 8D45 F0 lea eax, dword ptr [ebp-10]
0069EED3 |. E8 905ED6FF call 00404D68
0069EED8 |. 8D45 F4 lea eax, dword ptr [ebp-C]
0069EEDB |. BA 03000000 mov edx, 3
0069EEE0 |. E8 A75ED6FF call 00404D8C
0069EEE5 \. C3 retn
进入0069EEAB的call
005B981C 55 push ebp
005B981D 8BEC mov ebp, esp
005B981F . 51 push ecx
005B9820 . B9 06000000 mov ecx, 6
005B9825 > 6A 00 push 0
005B9827 . 6A 00 push 0
把005B981C 55 push ebp 改成
005B981C B0 01 mov al, 1
005B981E C3 retn
OK,保存。
--------------------------------------------------------------------------------
【版权声明】:勿做商业用途, 谢谢!
2007年09月13日 14:58:
[ 本帖最后由 gongsui 于 2007-9-13 15:05 编辑 ] |
评分
-
查看全部评分
|
IP卡
发表于 2007-9-13 15:02:52
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2007-9-13 16:28:54
发表于 2007-9-13 18:31:02
楼主
发表于 2007-9-13 22:28:41
发表于 2007-9-14 15:33:59