- UID
- 1848
注册时间2005-6-1
阅读权限20
最后登录1970-1-1
以武会友
 
TA的每日心情 | 开心
2022-3-15 04:07 |
|---|
签到天数: 76 天 [LV.6]常住居民II
|
申请加入——阿凡提巧选排列3[老版本]—简单得到注册码
=================================================================================
简单过程
=================================================================================
OD栽入,PEID无壳,有错误提示,可以定位下面代码段
005A4588 /. 55 PUSH EBP
005A4589 |. 8BEC MOV EBP,ESP
005A458B |. B9 06000000 MOV ECX,6
005A4590 |> 6A 00 /PUSH 0
005A4592 |. 6A 00 |PUSH 0
005A4594 |. 49 |DEC ECX
005A4595 |.^75 F9 \JNZ SHORT 1_.005A4590
005A4597 |. 53 PUSH EBX
005A4598 |. 56 PUSH ESI
005A4599 |. 8BD8 MOV EBX,EAX
005A459B |. 33C0 XOR EAX,EAX
005A459D |. 55 PUSH EBP
005A459E |. 68 C5475A00 PUSH 1_.005A47C5
005A45A3 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
005A45A6 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
005A45A9 |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
005A45AC |. 8B83 34030000 MOV EAX,DWORD PTR DS:[EBX+334]
005A45B2 |. E8 29AAEBFF CALL 1_.0045EFE0 ; 得到机器码
005A45B7 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
005A45BA |. 50 PUSH EAX
005A45BB |. B9 01000000 MOV ECX,1
005A45C0 |. BA 06000000 MOV EDX,6
005A45C5 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 机器码
005A45C8 |. E8 830AE6FF CALL 1_.00405050
005A45CD |. FF75 F4 PUSH DWORD PTR SS:[EBP-C]
005A45D0 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
005A45D3 |. 50 PUSH EAX
005A45D4 |. B9 01000000 MOV ECX,1
005A45D9 |. BA 01000000 MOV EDX,1
005A45DE |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
005A45E1 |. E8 6A0AE6FF CALL 1_.00405050
005A45E6 |. FF75 F0 PUSH DWORD PTR SS:[EBP-10]
005A45E9 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
005A45EC |. 50 PUSH EAX
005A45ED |. B9 01000000 MOV ECX,1
005A45F2 |. BA 08000000 MOV EDX,8
005A45F7 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 机器码
005A45FA |. E8 510AE6FF CALL 1_.00405050
005A45FF |. FF75 EC PUSH DWORD PTR SS:[EBP-14]
005A4602 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
005A4605 |. 50 PUSH EAX
005A4606 |. B9 01000000 MOV ECX,1
005A460B |. BA 04000000 MOV EDX,4
005A4610 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 机器码
005A4613 |. E8 380AE6FF CALL 1_.00405050
005A4618 |. FF75 E8 PUSH DWORD PTR SS:[EBP-18]
005A461B |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
005A461E |. BA 04000000 MOV EDX,4
005A4623 |. E8 8808E6FF CALL 1_.00404EB0
005A4628 |. 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
005A462B |. 8B83 18030000 MOV EAX,DWORD PTR DS:[EBX+318]
005A4631 |. E8 AAA9EBFF CALL 1_.0045EFE0 ; 取注册名,长度返回在EAX中
005A4636 |. 837D E4 00 CMP DWORD PTR SS:[EBP-1C],0 ; 是否为空
005A463A |. 75 1D JNZ SHORT 1_.005A4659 ; 一定要跳
005A463C |. 6A 20 PUSH 20
005A463E |. B9 D4475A00 MOV ECX,1_.005A47D4
005A4643 |. BA DC475A00 MOV EDX,1_.005A47DC
005A4648 |. A1 80966100 MOV EAX,DWORD PTR DS:[619680]
005A464D |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005A464F |. E8 08B6EDFF CALL 1_.0047FC5C
005A4654 |. E9 44010000 JMP 1_.005A479D
005A4659 |> 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
005A465C |. 8B83 1C030000 MOV EAX,DWORD PTR DS:[EBX+31C]
005A4662 |. E8 79A9EBFF CALL 1_.0045EFE0 ; 取注册码,长度返回在EAX中
005A4667 |. 837D E0 00 CMP DWORD PTR SS:[EBP-20],0 ; 是否为空
005A466B |. 75 1D JNZ SHORT 1_.005A468A ; 一定要跳
005A466D |. 6A 20 PUSH 20
005A466F |. B9 D4475A00 MOV ECX,1_.005A47D4
005A4674 |. BA F0475A00 MOV EDX,1_.005A47F0
005A4679 |. A1 80966100 MOV EAX,DWORD PTR DS:[619680]
005A467E |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005A4680 |. E8 D7B5EDFF CALL 1_.0047FC5C
005A4685 |. E9 13010000 JMP 1_.005A479D
005A468A |> 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
005A468D |. 8B83 1C030000 MOV EAX,DWORD PTR DS:[EBX+31C]
005A4693 |. E8 48A9EBFF CALL 1_.0045EFE0
005A4698 |. 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24] ; 注册码
005A469B |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 2099
005A469E |. E8 910AE6FF CALL 1_.00405134 ; 就是检测注册码最后四位是不是2099,是置1
005A46A3 |. 85C0 TEST EAX,EAX ; EAX为标志位
005A46A5 |. 75 1D JNZ SHORT 1_.005A46C4 ; 一定要跳
005A46A7 |. 6A 20 PUSH 20 ; 下面就是注册失败了
005A46A9 |. B9 D4475A00 MOV ECX,1_.005A47D4
005A46AE |. BA 04485A00 MOV EDX,1_.005A4804 ; 注册失败
005A46B3 |. A1 80966100 MOV EAX,DWORD PTR DS:[619680]
005A46B8 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005A46BA |. E8 9DB5EDFF CALL 1_.0047FC5C
005A46BF |. E9 D9000000 JMP 1_.005A479D
005A46C4 |> 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28] ; 注册码
005A46C7 |. 8B83 1C030000 MOV EAX,DWORD PTR DS:[EBX+31C]
005A46CD |. E8 0EA9EBFF CALL 1_.0045EFE0
005A46D2 |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28] ; 注册码
005A46D5 |. B8 2C485A00 MOV EAX,1_.005A482C ; ASCII "1HA"
005A46DA |. E8 550AE6FF CALL 1_.00405134 ; 就是检测注册码前3位是不是1HA,是EAX置1
005A46DF |. 85C0 TEST EAX,EAX ; 标志位测试
005A46E1 |. 0F8E 9E000000 JLE 1_.005A4785
005A46E7 |. A1 CC916100 MOV EAX,DWORD PTR DS:[6191CC] ; 下面就是把注册信息写进.INI文件
005A46EC |. C600 01 MOV BYTE PTR DS:[EAX],1
005A46EF |. 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
005A46F2 |. 8B83 1C030000 MOV EAX,DWORD PTR DS:[EBX+31C]
005A46F8 |. E8 E3A8EBFF CALL 1_.0045EFE0
005A46FD |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
005A4700 |. 50 PUSH EAX
005A4701 |. A1 C4976100 MOV EAX,DWORD PTR DS:[6197C4]
005A4706 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005A4708 |. B9 38485A00 MOV ECX,1_.005A4838 ; ASCII "HaveReg"
005A470D |. BA 48485A00 MOV EDX,1_.005A4848 ; ASCII "SoftReg"
005A4712 |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
005A4714 |. FF56 04 CALL DWORD PTR DS:[ESI+4]
005A4717 |. 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
005A471A |. 8B83 34030000 MOV EAX,DWORD PTR DS:[EBX+334]
005A4720 |. E8 BBA8EBFF CALL 1_.0045EFE0
005A4725 |. 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30]
005A4728 |. 50 PUSH EAX
005A4729 |. A1 C4976100 MOV EAX,DWORD PTR DS:[6197C4]
005A472E |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005A4730 |. B9 58485A00 MOV ECX,1_.005A4858 ; ASCII "SellID"
005A4735 |. BA 48485A00 MOV EDX,1_.005A4848 ; ASCII "SoftReg"
005A473A |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
005A473C |. FF56 04 CALL DWORD PTR DS:[ESI+4]
005A473F |. A1 3C946100 MOV EAX,DWORD PTR DS:[61943C]
005A4744 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005A4746 |. BA 68485A00 MOV EDX,1_.005A4868
005A474B |. E8 C0A8EBFF CALL 1_.0045F010
005A4750 |. A1 3C946100 MOV EAX,DWORD PTR DS:[61943C]
005A4755 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005A4757 |. 8B80 4C040000 MOV EAX,DWORD PTR DS:[EAX+44C]
005A475D |. 33D2 XOR EDX,EDX
005A475F |. E8 E8CAECFF CALL 1_.0047124C
005A4764 |. 6A 20 PUSH 20
005A4766 |. B9 D4475A00 MOV ECX,1_.005A47D4
005A476B |. BA 78485A00 MOV EDX,1_.005A4878
005A4770 |. A1 80966100 MOV EAX,DWORD PTR DS:[619680]
005A4775 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005A4777 |. E8 E0B4EDFF CALL 1_.0047FC5C
005A477C |. 8BC3 MOV EAX,EBX
005A477E |. E8 017BEDFF CALL 1_.0047C284
005A4783 |. EB 18 JMP SHORT 1_.005A479D
005A4785 |> 6A 20 PUSH 20
005A4787 |. B9 D4475A00 MOV ECX,1_.005A47D4
005A478C |. BA 04485A00 MOV EDX,1_.005A4804
005A4791 |. A1 80966100 MOV EAX,DWORD PTR DS:[619680]
005A4796 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005A4798 |. E8 BFB4EDFF CALL 1_.0047FC5C
005A479D |> 33C0 XOR EAX,EAX
005A479F |. 5A POP EDX
005A47A0 |. 59 POP ECX
005A47A1 |. 59 POP ECX
005A47A2 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
005A47A5 |. 68 CC475A00 PUSH 1_.005A47CC
005A47AA |> 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
005A47AD |. BA 06000000 MOV EDX,6
005A47B2 |. E8 9D03E6FF CALL 1_.00404B54
005A47B7 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
005A47BA |. BA 06000000 MOV EDX,6
005A47BF |. E8 9003E6FF CALL 1_.00404B54
005A47C4 \. C3 RETN
破解总结:
我的注册信息:机器码:0079-249B
注册名:lnn1123
注册码:1HA002099
在我这台机子上只要满足:注册码前三位是1HA,后四位是2099就注册成功了 |
|
IP卡
发表于 2005-8-19 16:54:02
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-8-16 00:06:58