- UID
- 36711
注册时间2007-11-3
阅读权限8
最后登录1970-1-1
初入江湖
该用户从未签到
|
这个注册机可不是我能写得出来的,是wan大侠弄得,不过注册机有点问题,在很多机子上不能正常运行。
昨天在网上下了这个注册机后,不能用,本想弃之不用,但网上有找不到其他的注册机了。
这个注册机的问题是一点击生成按钮就弹出错误提示,我用OD跟了跟,发现是读取硬盘序列号的字符不对,改了下就OK了,于是有了个针对原版不能运行的修正版。注意:原版还是要保留的的,修正版只适合原版不能运行的用户!
我试了,官方10.10发布的能够注册,不过exe转flash的还是显示没注册。
新注册飘云阁,正苦恼没有BB下载东东,希望版主能够赏赐一点~~~:loveliness:
呵呵,谢谢大家的支持!为了不辜负版主慷慨赏赐的飘云币,我就简单说说这个注册机的小问题吧。我只是菜鸟一个,高手就莫见笑了哈~~~~
下面是注册机里调用CreateFileA的核心代码:
00450280 $ 55 push ebp
00450281 . 8BEC mov ebp, esp
00450283 . 81C4 B4FDFFFF add esp, -24C
00450289 . 53 push ebx
0045028A . 8985 C0FDFFFF mov dword ptr [ebp-240], eax
00450290 . 8B85 C0FDFFFF mov eax, dword ptr [ebp-240]
00450296 . E8 CD3BFBFF call 00403E68
0045029B . 8D85 C4FDFFFF lea eax, dword ptr [ebp-23C]
004502A1 . 33C9 xor ecx, ecx
004502A3 . BA 3C020000 mov edx, 23C
004502A8 . E8 8328FBFF call 00402B30
004502AD . A1 5C314500 mov eax, dword ptr [45315C]
004502B2 . 8338 02 cmp dword ptr [eax], 2 ; 根据不同硬盘类型调用对应的CreateFileA,特别注意FileName这个参数!
004502B5 . 0F85 11010000 jnz 004503CC
004502BB . 6A 00 push 0 ; /hTemplateFile = NULL
004502BD . 6A 00 push 0 ; |Attributes = 0
004502BF . 6A 03 push 3 ; |Mode = OPEN_EXISTING
004502C1 . 6A 00 push 0 ; |pSecurity = NULL
004502C3 . 6A 03 push 3 ; |ShareMode = FILE_SHARE_READ|FILE_SHARE_WRITE
004502C5 . 68 000000C0 push C0000000 ; |Access = GENERIC_READ|GENERIC_WRITE
004502CA . 68 C0044500 push 004504C0 ; |FileName = "\\.\Scsi0:"
004502CF . E8 3C5BFBFF call <jmp.&kernel32.CreateFileA> ; \CreateFileA
004502D4 . 8985 BCFDFFFF mov dword ptr [ebp-244], eax
004502DA . 83BD BCFDFFFF>cmp dword ptr [ebp-244], -1
004502E1 . 0F84 D3010000 je 004504BA
004502E7 . 33D2 xor edx, edx
004502E9 . 55 push ebp
004502EA . 68 C5034500 push 004503C5
004502EF . 64:FF32 push dword ptr fs:[edx]
004502F2 . 64:8922 mov dword ptr fs:[edx], esp
004502F5 . C785 C4FDFFFF>mov dword ptr [ebp-23C], 1C
004502FF . 8D95 C8FDFFFF lea edx, dword ptr [ebp-238]
00450305 . B9 08000000 mov ecx, 8
0045030A . B8 D4044500 mov eax, 004504D4 ; ASCII "SCSIDISK"
0045030F . E8 A425FBFF call 004028B8
00450314 . C785 D0FDFFFF>mov dword ptr [ebp-230], 2
0045031E . C785 DCFDFFFF>mov dword ptr [ebp-224], 220
00450328 . C785 D4FDFFFF>mov dword ptr [ebp-22C], 1B0501
00450332 . 8D9D C4FDFFFF lea ebx, dword ptr [ebp-23C]
00450338 . 83C3 1C add ebx, 1C
0045033B . 899D B4FDFFFF mov dword ptr [ebp-24C], ebx
00450341 . 8BC3 mov eax, ebx
00450343 . C700 00020000 mov dword ptr [eax], 200
00450349 . C640 0C 00 mov byte ptr [eax+C], 0
0045034D . 83C0 04 add eax, 4
00450350 . C600 00 mov byte ptr [eax], 0
00450353 . C640 01 01 mov byte ptr [eax+1], 1
00450357 . C640 02 01 mov byte ptr [eax+2], 1
0045035B . C640 03 00 mov byte ptr [eax+3], 0
0045035F . C640 04 00 mov byte ptr [eax+4], 0
00450363 . C640 05 A0 mov byte ptr [eax+5], 0A0
00450367 . C640 06 EC mov byte ptr [eax+6], 0EC
0045036B . 6A 00 push 0 ; /pOverlapped = NULL
0045036D . 8D85 B8FDFFFF lea eax, dword ptr [ebp-248] ; |
00450373 . 50 push eax ; |pBytesReturned
00450374 . 68 3C020000 push 23C ; |OutBufferSize = 23C (572.)
00450379 . 8D85 C4FDFFFF lea eax, dword ptr [ebp-23C] ; |
0045037F . 50 push eax ; |OutBuffer
00450380 . 68 3C020000 push 23C ; |InBufferSize = 23C (572.)
00450385 . 8D85 C4FDFFFF lea eax, dword ptr [ebp-23C] ; |
0045038B . 50 push eax ; |InBuffer
0045038C . 68 08D00400 push 4D008 ; |IoControlCode = 4D008
00450391 . 8B85 BCFDFFFF mov eax, dword ptr [ebp-244] ; |
00450397 . 50 push eax ; |hDevice
00450398 . E8 8B5AFBFF call <jmp.&kernel32.DeviceIoControl> ; \DeviceIoControl
0045039D . 85C0 test eax, eax
0045039F . 75 0A jnz short 004503AB
004503A1 . E8 AA35FBFF call 00403950
004503A6 . E9 0F010000 jmp 004504BA
004503AB > 33C0 xor eax, eax
004503AD . 5A pop edx
004503AE . 59 pop ecx
004503AF . 59 pop ecx
004503B0 . 64:8910 mov dword ptr fs:[eax], edx
004503B3 . 68 91044500 push 00450491
004503B8 > 8B85 BCFDFFFF mov eax, dword ptr [ebp-244]
004503BE . 50 push eax ; /hObject
004503BF . E8 345AFBFF call <jmp.&kernel32.CloseHandle> ; \CloseHandle
004503C4 . C3 retn
004503C5 .^ E9 A234FBFF jmp 0040386C
004503CA .^ EB EC jmp short 004503B8
004503CC > 6A 00 push 0 ; /hTemplateFile = NULL
004503CE . 6A 00 push 0 ; |Attributes = 0
004503D0 . 6A 01 push 1 ; |Mode = CREATE_NEW
004503D2 . 6A 00 push 0 ; |pSecurity = NULL
004503D4 . 6A 00 push 0 ; |ShareMode = 0
004503D6 . 6A 00 push 0 ; |Access = 0
004503D8 . 68 E0044500 push 004504E0 ; |FileName = "\\.\SMARTVSD"
004503DD . E8 2E5AFBFF call <jmp.&kernel32.CreateFileA> ; \CreateFileA
004503E2 . 8985 BCFDFFFF mov dword ptr [ebp-244], eax
004503E8 . 83BD BCFDFFFF>cmp dword ptr [ebp-244], -1
004503EF . 0F84 C5000000 je 004504BA
004503F5 . 33D2 xor edx, edx
004503F7 . 55 push ebp
004503F8 . 68 8A044500 push 0045048A
004503FD . 64:FF32 push dword ptr fs:[edx]
00450400 . 64:8922 mov dword ptr fs:[edx], esp
00450403 . 8D9D C4FDFFFF lea ebx, dword ptr [ebp-23C]
00450409 . 8D43 20 lea eax, dword ptr [ebx+20]
0045040C . 8985 B4FDFFFF mov dword ptr [ebp-24C], eax
00450412 . 8BC3 mov eax, ebx
00450414 . C700 00020000 mov dword ptr [eax], 200
0045041A . C640 0C 00 mov byte ptr [eax+C], 0
0045041E . 83C0 04 add eax, 4
00450421 . C600 00 mov byte ptr [eax], 0
00450424 . C640 01 01 mov byte ptr [eax+1], 1
00450428 . C640 02 01 mov byte ptr [eax+2], 1
0045042C . C640 03 00 mov byte ptr [eax+3], 0
00450430 . C640 04 00 mov byte ptr [eax+4], 0
00450434 . C640 05 A0 mov byte ptr [eax+5], 0A0
00450438 . C640 06 EC mov byte ptr [eax+6], 0EC
0045043C . 6A 00 push 0 ; /pOverlapped = NULL
0045043E . 8D85 B8FDFFFF lea eax, dword ptr [ebp-248] ; |
00450444 . 50 push eax ; |pBytesReturned
00450445 . 68 10020000 push 210 ; |OutBufferSize = 210 (528.)
0045044A . 8B85 B4FDFFFF mov eax, dword ptr [ebp-24C] ; |
00450450 . 50 push eax ; |OutBuffer
00450451 . 6A 20 push 20 ; |InBufferSize = 20 (32.)
00450453 . 53 push ebx ; |InBuffer
00450454 . 68 88C00700 push 7C088 ; |IoControlCode = SMART_RCV_DRIVE_DATA
00450459 . 8B85 BCFDFFFF mov eax, dword ptr [ebp-244] ; |
0045045F . 50 push eax ; |hDevice
00450460 . E8 C359FBFF call <jmp.&kernel32.DeviceIoControl> ; \DeviceIoControl
00450465 . 85C0 test eax, eax
00450467 . 75 07 jnz short 00450470
00450469 . E8 E234FBFF call 00403950
0045046E . EB 4A jmp short 004504BA
00450470 > 33C0 xor eax, eax
00450472 . 5A pop edx
00450473 . 59 pop ecx
00450474 . 59 pop ecx
00450475 . 64:8910 mov dword ptr fs:[eax], edx
00450478 . 68 91044500 push 00450491
0045047D > 8B85 BCFDFFFF mov eax, dword ptr [ebp-244]
00450483 . 50 push eax ; /hObject
00450484 . E8 6F59FBFF call <jmp.&kernel32.CloseHandle> ; \CloseHandle
00450489 . C3 retn
0045048A .^ E9 DD33FBFF jmp 0040386C
0045048F .^ EB EC jmp short 0045047D
00450491 . 8B9D B4FDFFFF mov ebx, dword ptr [ebp-24C]
00450497 . 83C3 10 add ebx, 10
0045049A . 8D43 14 lea eax, dword ptr [ebx+14]
0045049D . BA 14000000 mov edx, 14
004504A2 . E8 B9FDFFFF call 00450260
004504A7 . 8D53 14 lea edx, dword ptr [ebx+14]
004504AA . 8B85 C0FDFFFF mov eax, dword ptr [ebp-240]
004504B0 . B9 14000000 mov ecx, 14
004504B5 . E8 9E3AFBFF call 00403F58
004504BA > 5B pop ebx
004504BB . 8BE5 mov esp, ebp
004504BD . 5D pop ebp
004504BE . C3 retn
注意这个判断:
004502B2 . 8338 02 cmp dword ptr [eax], 2 ; 根据不同硬盘类型调用对应的CreateFileA,特别注意FileName这个参数!(也不知道说对了没有,有错误要说啊,我要学习~~~)
004502CA . 68 C0044500 push 004504C0 ; |FileName = "\\.\Scsi0:"
004503D8 . 68 E0044500 push 004504E0 ; |FileName = "\\.\SMARTVSD"
共列举了这两个FileName参数,而我跟踪屏幕录像专家时发现调用的是"\\.\PhysicalDrive0"这个字符串。注册机是针对9.15发布的,也不知道是不是10.10官方新发布的版本改变了这个地方。我试了试简单地把注册机里的"\\.\Scsi0:"改成"\\.\PhysicalDrive0",正好能成功运行!
就这么简单,发个帖子“骗”点飘云币,更希望能够帮到一些朋友注册。
--------------------------------------------------------------------------------------------------------------
动画可以在这里下载:
http://www.3hack.com/soft/dh/qitadong/78189721071246.html
很简单,适合新手
[ 本帖最后由 lynn 于 2008-3-6 18:30 编辑 ] |
评分
-
查看全部评分
|
IP卡
发表于 2007-11-10 11:14:36
提升卡
置顶卡
变色卡
千斤顶
显身卡
楼主
发表于 2007-11-10 17:52:24
发表于 2007-11-10 18:08:20
发表于 2007-11-10 20:48:48
