aCaFeeL's CrackMe V2(外传版) -> [破解我5]最新下载

hackhd · 发表于 2007-12-25 15:39:10

我也来试试啊试。

freesky · 发表于 2007-12-26 10:00:56

拿来学习学习。。。。。

vecri · 发表于 2007-12-26 11:36:31

0041DCD7 55             PUSH EBP
0041DCD8 8BEC          MOV EBP,ESP
0041DCDA 81EC 48000000 SUB ESP,48
0041DCE0 C745 FC 0000000>MOV DWORD PTR SS:[EBP-4],0
0041DCE7 C745 F8 0000000>MOV DWORD PTR SS:[EBP-8],0
0041DCEE C745 F0 0000000>MOV DWORD PTR SS:[EBP-10],0
0041DCF5 C745 F4 0000000>MOV DWORD PTR SS:[EBP-C],0
0041DCFC 6A FF          PUSH -1
0041DCFE 6A 08          PUSH 8
0041DD00 68 C4000116    PUSH 160100C4
0041DD05 68 01000152    PUSH 52010001
0041DD0A E8 300D0000    CALL 破解我2.0041EA3F                      ; 获取用户名
0041DD0F 83C4 10       ADD ESP,10
0041DD12 8945 EC       MOV DWORD PTR SS:[EBP-14],EAX
0041DD15 68 04000080    PUSH 80000004
0041DD1A 6A 00          PUSH 0
0041DD1C 8B45 EC       MOV EAX,DWORD PTR SS:[EBP-14]
0041DD1F 85C0          TEST EAX,EAX
0041DD21 75 05          JNZ SHORT 破解我2.0041DD28
0041DD23 B8 03134100    MOV EAX,破解我2.00411303
0041DD28 50             PUSH EAX
0041DD29 68 01000000    PUSH 1
0041DD2E BB 30010000    MOV EBX,130
0041DD33 E8 FB0C0000    CALL 破解我2.0041EA33                      ; 获取长度
0041DD38 83C4 10       ADD ESP,10
0041DD3B 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
0041DD3E 8B5D EC       MOV EBX,DWORD PTR SS:[EBP-14]
0041DD41 85DB          TEST EBX,EBX
0041DD43 74 09          JE SHORT 破解我2.0041DD4E
0041DD45 53             PUSH EBX
0041DD46 E8 CA0C0000    CALL 破解我2.0041EA15
0041DD4B 83C4 04       ADD ESP,4
0041DD4E 837D E8 06    CMP DWORD PTR SS:[EBP-18],6             ; 用户名长度与6比较
0041DD52 0F8E FF070000 JLE 破解我2.0041E557
0041DD58 6A FF          PUSH -1
0041DD5A 6A 08          PUSH 8
0041DD5C 68 C4000116    PUSH 160100C4
0041DD61 68 01000152    PUSH 52010001
0041DD66 E8 D40C0000    CALL 破解我2.0041EA3F                      ; 还是取用户名
0041DD6B 83C4 10       ADD ESP,10
0041DD6E 8945 EC       MOV DWORD PTR SS:[EBP-14],EAX
0041DD71 8B45 EC       MOV EAX,DWORD PTR SS:[EBP-14]
0041DD74 50             PUSH EAX
0041DD75 8B5D FC       MOV EBX,DWORD PTR SS:[EBP-4]
0041DD78 85DB          TEST EBX,EBX
0041DD7A 74 09          JE SHORT 破解我2.0041DD85
0041DD7C 53             PUSH EBX
0041DD7D E8 930C0000    CALL 破解我2.0041EA15
0041DD82 83C4 04       ADD ESP,4
0041DD85 58             POP EAX
0041DD86 8945 FC       MOV DWORD PTR SS:[EBP-4],EAX
0041DD89 6A FF          PUSH -1
0041DD8B 6A 08          PUSH 8
0041DD8D 68 C3000116    PUSH 160100C3
0041DD92 68 01000152    PUSH 52010001
0041DD97 E8 A30C0000    CALL 破解我2.0041EA3F                      ; 取注册码
0041DD9C 83C4 10       ADD ESP,10
0041DD9F 8945 EC       MOV DWORD PTR SS:[EBP-14],EAX
0041DDA2 68 03134100    PUSH 破解我2.00411303
0041DDA7 FF75 EC       PUSH DWORD PTR SS:[EBP-14]
0041DDAA E8 C4FDFFFF    CALL 破解我2.0041DB73
0041DDAF 83C4 08       ADD ESP,8
0041DDB2 83F8 00       CMP EAX,0
0041DDB5 B8 00000000    MOV EAX,0
0041DDBA 0F95C0       SETNE AL
0041DDBD 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
0041DDC0 8B5D EC       MOV EBX,DWORD PTR SS:[EBP-14]
0041DDC3 85DB          TEST EBX,EBX
0041DDC5 74 09          JE SHORT 破解我2.0041DDD0
0041DDC7 53             PUSH EBX
0041DDC8 E8 480C0000    CALL 破解我2.0041EA15
0041DDCD 83C4 04       ADD ESP,4
0041DDD0 837D E8 00    CMP DWORD PTR SS:[EBP-18],0
0041DDD4 0F84 78070000 JE 破解我2.0041E552
0041DDDA 6A FF          PUSH -1
0041DDDC 6A 08          PUSH 8
0041DDDE 68 C3000116    PUSH 160100C3
0041DDE3 68 01000152    PUSH 52010001
0041DDE8 E8 520C0000    CALL 破解我2.0041EA3F                      ; 取注册码
0041DDED 83C4 10       ADD ESP,10
0041DDF0 8945 EC       MOV DWORD PTR SS:[EBP-14],EAX
0041DDF3 8B45 EC       MOV EAX,DWORD PTR SS:[EBP-14]
0041DDF6 50             PUSH EAX
0041DDF7 8B5D F8       MOV EBX,DWORD PTR SS:[EBP-8]
0041DDFA 85DB          TEST EBX,EBX
0041DDFC 74 09          JE SHORT 破解我2.0041DE07
0041DDFE 53             PUSH EBX
0041DDFF E8 110C0000    CALL 破解我2.0041EA15
0041DE04 83C4 04       ADD ESP,4
0041DE07 58             POP EAX
0041DE08 8945 F8       MOV DWORD PTR SS:[EBP-8],EAX
0041DE0B 6A FF          PUSH -1
0041DE0D 6A 13          PUSH 13
0041DE0F 68 21010116    PUSH 16010121
0041DE14 68 01000152    PUSH 52010001
0041DE19 E8 210C0000    CALL 破解我2.0041EA3F                      ; 取注册方式
0041DE1E 83C4 10       ADD ESP,10
0041DE21 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
0041DE24 837D E8 FF    CMP DWORD PTR SS:[EBP-18],-1
0041DE28 0F85 05000000 JNZ 破解我2.0041DE33
0041DE2E E9 1A070000    JMP 破解我2.0041E54D
0041DE33 68 01030080    PUSH 80000301
0041DE38 6A 00          PUSH 0
0041DE3A 68 01000000    PUSH 1
0041DE3F 68 04000080    PUSH 80000004
0041DE44 6A 00          PUSH 0
0041DE46 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0041DE49 85C0          TEST EAX,EAX
0041DE4B 75 05          JNZ SHORT 破解我2.0041DE52
0041DE4D B8 03134100    MOV EAX,破解我2.00411303
0041DE52 50             PUSH EAX
0041DE53 68 02000000    PUSH 2
0041DE58 BB 44010000    MOV EBX,144
0041DE5D E8 D10B0000    CALL 破解我2.0041EA33                      ; 取用户名中的字母1
0041DE62 83C4 1C       ADD ESP,1C
0041DE65 8945 EC       MOV DWORD PTR SS:[EBP-14],EAX
0041DE68 68 01030080    PUSH 80000301
0041DE6D 6A 00          PUSH 0
0041DE6F 68 07000000    PUSH 7
0041DE74 68 04000080    PUSH 80000004
0041DE79 6A 00          PUSH 0
0041DE7B 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0041DE7E 85C0          TEST EAX,EAX
0041DE80 75 05          JNZ SHORT 破解我2.0041DE87
0041DE82 B8 03134100    MOV EAX,破解我2.00411303
0041DE87 50             PUSH EAX
0041DE88 68 02000000    PUSH 2
0041DE8D BB 44010000    MOV EBX,144
0041DE92 E8 9C0B0000    CALL 破解我2.0041EA33                      ; 取用户名中的字母7
0041DE97 83C4 1C       ADD ESP,1C
0041DE9A 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
0041DE9D DB45 EC       FILD DWORD PTR SS:[EBP-14]
0041DEA0 DD5D E0       FSTP QWORD PTR SS:[EBP-20]
0041DEA3 DD45 E0       FLD QWORD PTR SS:[EBP-20]
0041DEA6 DB45 E8       FILD DWORD PTR SS:[EBP-18]
0041DEA9 DD5D D8       FSTP QWORD PTR SS:[EBP-28]
0041DEAC DC4D D8       FMUL QWORD PTR SS:[EBP-28]             ; 字母1和字母7相乘
0041DEAF DD5D D0       FSTP QWORD PTR SS:[EBP-30]
0041DEB2 8B55 D4       MOV EDX,DWORD PTR SS:[EBP-2C]
0041DEB5 8B45 D0       MOV EAX,DWORD PTR SS:[EBP-30]
0041DEB8 8945 F0       MOV DWORD PTR SS:[EBP-10],EAX
0041DEBB 8955 F4       MOV DWORD PTR SS:[EBP-C],EDX
0041DEBE 68 04000080    PUSH 80000004
0041DEC3 6A 00          PUSH 0
0041DEC5 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0041DEC8 85C0          TEST EAX,EAX
0041DECA 75 05          JNZ SHORT 破解我2.0041DED1
0041DECC B8 03134100    MOV EAX,破解我2.00411303
0041DED1 50             PUSH EAX
0041DED2 68 01000000    PUSH 1
0041DED7 BB 30010000    MOV EBX,130
0041DEDC E8 520B0000    CALL 破解我2.0041EA33                      ; 取用户名长度
0041DEE1 83C4 10       ADD ESP,10
0041DEE4 8945 EC       MOV DWORD PTR SS:[EBP-14],EAX
0041DEE7 6A FF          PUSH -1
0041DEE9 6A 13          PUSH 13
0041DEEB 68 21010116    PUSH 16010121
0041DEF0 68 01000152    PUSH 52010001
0041DEF5 E8 450B0000    CALL 破解我2.0041EA3F                      ; 注册方式
0041DEFA 83C4 10       ADD ESP,10
0041DEFD 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
0041DF00 DB45 EC       FILD DWORD PTR SS:[EBP-14]
0041DF03 DD5D E0       FSTP QWORD PTR SS:[EBP-20]
0041DF06 DD45 E0       FLD QWORD PTR SS:[EBP-20]
0041DF09 DB45 E8       FILD DWORD PTR SS:[EBP-18]
0041DF0C DD5D D8       FSTP QWORD PTR SS:[EBP-28]
0041DF0F DC65 D8       FSUB QWORD PTR SS:[EBP-28]             ; 用户名长度减去注册方式
0041DF12 DD5D D0       FSTP QWORD PTR SS:[EBP-30]
0041DF15 DD45 D0       FLD QWORD PTR SS:[EBP-30]
0041DF18 DC25 04134100 FSUB QWORD PTR DS:[411304]             ; 再减去6
0041DF1E DC1D 0C134100 FCOMP QWORD PTR DS:[41130C]
0041DF24 DFE0          FSTSW AX
0041DF26 F6C4 41       TEST AH,41
0041DF29 0F85 1E060000 JNZ 破解我2.0041E54D
0041DF2F 68 01030080    PUSH 80000301
0041DF34 6A 00          PUSH 0
0041DF36 68 02000000    PUSH 2
0041DF3B 68 04000080    PUSH 80000004
0041DF40 6A 00          PUSH 0
0041DF42 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0041DF45 85C0          TEST EAX,EAX
0041DF47 75 05          JNZ SHORT 破解我2.0041DF4E
0041DF49 B8 03134100    MOV EAX,破解我2.00411303
0041DF4E 50             PUSH EAX
0041DF4F 68 02000000    PUSH 2
0041DF54 BB 44010000    MOV EBX,144
0041DF59 E8 D50A0000    CALL 破解我2.0041EA33                      ; 取字母2
0041DF5E 83C4 1C       ADD ESP,1C
0041DF61 8945 EC       MOV DWORD PTR SS:[EBP-14],EAX
0041DF64 68 01030080    PUSH 80000301
0041DF69 6A 00          PUSH 0
0041DF6B 68 06000000    PUSH 6
0041DF70 68 04000080    PUSH 80000004
0041DF75 6A 00          PUSH 0
0041DF77 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0041DF7A 85C0          TEST EAX,EAX
0041DF7C 75 05          JNZ SHORT 破解我2.0041DF83
0041DF7E B8 03134100    MOV EAX,破解我2.00411303
0041DF83 50             PUSH EAX
0041DF84 68 02000000    PUSH 2
0041DF89 BB 44010000    MOV EBX,144
0041DF8E E8 A00A0000    CALL 破解我2.0041EA33                      ; 取字母6
0041DF93 83C4 1C       ADD ESP,1C
0041DF96 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
0041DF99 DB45 EC       FILD DWORD PTR SS:[EBP-14]
0041DF9C DD5D E0       FSTP QWORD PTR SS:[EBP-20]
0041DF9F DD45 E0       FLD QWORD PTR SS:[EBP-20]
0041DFA2 DB45 E8       FILD DWORD PTR SS:[EBP-18]
0041DFA5 DD5D D8       FSTP QWORD PTR SS:[EBP-28]
0041DFA8 DC4D D8       FMUL QWORD PTR SS:[EBP-28]             ; 字母2与字母6相乘
0041DFAB DD5D D0       FSTP QWORD PTR SS:[EBP-30]
0041DFAE DD45 D0       FLD QWORD PTR SS:[EBP-30]
0041DFB1 DC45 F0       FADD QWORD PTR SS:[EBP-10]             ; 再加上字母1与字母7的积
0041DFB4 DD5D C8       FSTP QWORD PTR SS:[EBP-38]
0041DFB7 8B55 CC       MOV EDX,DWORD PTR SS:[EBP-34]
0041DFBA 8B45 C8       MOV EAX,DWORD PTR SS:[EBP-38]
0041DFBD 8945 F0       MOV DWORD PTR SS:[EBP-10],EAX
0041DFC0 8955 F4       MOV DWORD PTR SS:[EBP-C],EDX
0041DFC3 68 02000080    PUSH 80000002
0041DFC8 6A 00          PUSH 0
0041DFCA 68 00000000    PUSH 0
0041DFCF 6A 00          PUSH 0
0041DFD1 6A 00          PUSH 0
0041DFD3 6A 00          PUSH 0
0041DFD5 68 04000080    PUSH 80000004
0041DFDA 6A 00          PUSH 0
0041DFDC 68 14134100    PUSH 破解我2.00411314                      ; ASCII "79"
0041DFE1 68 04000080    PUSH 80000004
0041DFE6 6A 00          PUSH 0
0041DFE8 8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]
0041DFEB 85C0          TEST EAX,EAX
0041DFED 75 05          JNZ SHORT 破解我2.0041DFF4
0041DFEF B8 03134100    MOV EAX,破解我2.00411303
0041DFF4 50             PUSH EAX
0041DFF5 68 04000000    PUSH 4
0041DFFA BB 48010000    MOV EBX,148
0041DFFF E8 2F0A0000    CALL 破解我2.0041EA33                      ; 在注册码中寻找79
0041E004 83C4 34       ADD ESP,34
0041E007 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
0041E00A 837D E8 FF    CMP DWORD PTR SS:[EBP-18],-1
0041E00E 0F85 05000000 JNZ 破解我2.0041E019                      ; 注册码中必须存在79
0041E014 E9 2F050000    JMP 破解我2.0041E548
0041E019 68 01030080    PUSH 80000301
0041E01E 6A 00          PUSH 0
0041E020 68 03000000    PUSH 3
0041E025 68 04000080    PUSH 80000004
0041E02A 6A 00          PUSH 0
0041E02C 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0041E02F 85C0          TEST EAX,EAX
0041E031 75 05          JNZ SHORT 破解我2.0041E038
0041E033 B8 03134100    MOV EAX,破解我2.00411303
0041E038 50             PUSH EAX
0041E039 68 02000000    PUSH 2
0041E03E BB 44010000    MOV EBX,144
0041E043 E8 EB090000    CALL 破解我2.0041EA33                      ; 取字母3
0041E048 83C4 1C       ADD ESP,1C
0041E04B 8945 EC       MOV DWORD PTR SS:[EBP-14],EAX
0041E04E 68 01030080    PUSH 80000301
0041E053 6A 00          PUSH 0
0041E055 68 05000000    PUSH 5
0041E05A 68 04000080    PUSH 80000004
0041E05F 6A 00          PUSH 0
0041E061 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0041E064 85C0          TEST EAX,EAX
0041E066 75 05          JNZ SHORT 破解我2.0041E06D
0041E068 B8 03134100    MOV EAX,破解我2.00411303
0041E06D 50             PUSH EAX
0041E06E 68 02000000    PUSH 2
0041E073 BB 44010000    MOV EBX,144
0041E078 E8 B6090000    CALL 破解我2.0041EA33                      ; 取字母5
0041E07D 83C4 1C       ADD ESP,1C
0041E080 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
0041E083 DB45 EC       FILD DWORD PTR SS:[EBP-14]
0041E086 DD5D E0       FSTP QWORD PTR SS:[EBP-20]
0041E089 DD45 E0       FLD QWORD PTR SS:[EBP-20]
0041E08C DB45 E8       FILD DWORD PTR SS:[EBP-18]
0041E08F DD5D D8       FSTP QWORD PTR SS:[EBP-28]
0041E092 DC4D D8       FMUL QWORD PTR SS:[EBP-28]             ; 字母3与字母5相乘
0041E095 DD5D D0       FSTP QWORD PTR SS:[EBP-30]
0041E098 DD45 D0       FLD QWORD PTR SS:[EBP-30]
0041E09B DC45 F0       FADD QWORD PTR SS:[EBP-10]             ; 加上上面的和
0041E09E DD5D C8       FSTP QWORD PTR SS:[EBP-38]
0041E0A1 8B55 CC       MOV EDX,DWORD PTR SS:[EBP-34]
0041E0A4 8B45 C8       MOV EAX,DWORD PTR SS:[EBP-38]
0041E0A7 8945 F0       MOV DWORD PTR SS:[EBP-10],EAX
0041E0AA 8955 F4       MOV DWORD PTR SS:[EBP-C],EDX
0041E0AD 68 04000080    PUSH 80000004
0041E0B2 6A 00          PUSH 0
0041E0B4 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0041E0B7 85C0          TEST EAX,EAX
0041E0B9 75 05          JNZ SHORT 破解我2.0041E0C0
0041E0BB B8 03134100    MOV EAX,破解我2.00411303
0041E0C0 50             PUSH EAX
0041E0C1 68 01000000    PUSH 1
0041E0C6 BB 30010000    MOV EBX,130
0041E0CB E8 63090000    CALL 破解我2.0041EA33                      ; 取用户名长度
0041E0D0 83C4 10       ADD ESP,10
0041E0D3 8945 EC       MOV DWORD PTR SS:[EBP-14],EAX
0041E0D6 6A FF          PUSH -1
0041E0D8 6A 13          PUSH 13
0041E0DA 68 21010116    PUSH 16010121
0041E0DF 68 01000152    PUSH 52010001
0041E0E4 E8 56090000    CALL 破解我2.0041EA3F                      ; 取注册方式
0041E0E9 83C4 10       ADD ESP,10
0041E0EC 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
0041E0EF DB45 EC       FILD DWORD PTR SS:[EBP-14]
0041E0F2 DD5D E0       FSTP QWORD PTR SS:[EBP-20]
0041E0F5 DD45 E0       FLD QWORD PTR SS:[EBP-20]
0041E0F8 DB45 E8       FILD DWORD PTR SS:[EBP-18]
0041E0FB DD5D D8       FSTP QWORD PTR SS:[EBP-28]
0041E0FE DC65 D8       FSUB QWORD PTR SS:[EBP-28]             ; 用户名长度减去注册方式
0041E101 DD5D D0       FSTP QWORD PTR SS:[EBP-30]
0041E104 DD45 D0       FLD QWORD PTR SS:[EBP-30]
0041E107 DC25 17134100 FSUB QWORD PTR DS:[411317]             ; 再减8必须等于-1
0041E10D DC1D 1F134100 FCOMP QWORD PTR DS:[41131F]             ; 也就是说用户名长度减去注册方式等于7
0041E113 DFE0          FSTSW AX
0041E115 F6C4 01       TEST AH,1
0041E118 0F84 2A040000 JE 破解我2.0041E548
0041E11E 68 01060080    PUSH 80000601
0041E123 FF75 F4       PUSH DWORD PTR SS:[EBP-C]
0041E126 FF75 F0       PUSH DWORD PTR SS:[EBP-10]
0041E129 68 01000000    PUSH 1
0041E12E BB 70000000    MOV EBX,70
0041E133 E8 FB080000    CALL 破解我2.0041EA33                      ; 对上面产生的和开方
0041E138 83C4 10       ADD ESP,10
0041E13B 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
0041E13E 8955 EC       MOV DWORD PTR SS:[EBP-14],EDX
0041E141 68 01030080    PUSH 80000301
0041E146 6A 00          PUSH 0
0041E148 68 04000000    PUSH 4
0041E14D 68 04000080    PUSH 80000004
0041E152 6A 00          PUSH 0
0041E154 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0041E157 85C0          TEST EAX,EAX
0041E159 75 05          JNZ SHORT 破解我2.0041E160
0041E15B B8 03134100    MOV EAX,破解我2.00411303
0041E160 50             PUSH EAX
0041E161 68 02000000    PUSH 2
0041E166 BB 44010000    MOV EBX,144
0041E16B E8 C3080000    CALL 破解我2.0041EA33                      ; 取字母4
0041E170 83C4 1C       ADD ESP,1C
0041E173 8945 E4       MOV DWORD PTR SS:[EBP-1C],EAX
0041E176 68 01060080    PUSH 80000601
0041E17B 68 00001040    PUSH 40100000
0041E180 68 00000000    PUSH 0
0041E185 DB45 E4       FILD DWORD PTR SS:[EBP-1C]
0041E188 DD5D DC       FSTP QWORD PTR SS:[EBP-24]
0041E18B 68 01060080    PUSH 80000601
0041E190 FF75 E0       PUSH DWORD PTR SS:[EBP-20]
0041E193 FF75 DC       PUSH DWORD PTR SS:[EBP-24]
0041E196 68 02000000    PUSH 2
0041E19B BB 6C000000    MOV EBX,6C
0041E1A0 E8 8E080000    CALL 破解我2.0041EA33                      ; 对用户名的字母4进行4次方运算
0041E1A5 83C4 1C       ADD ESP,1C
0041E1A8 8945 D4       MOV DWORD PTR SS:[EBP-2C],EAX
0041E1AB 8955 D8       MOV DWORD PTR SS:[EBP-28],EDX
0041E1AE DD45 E8       FLD QWORD PTR SS:[EBP-18]             ; 开方后的值
0041E1B1 DC4D D4       FMUL QWORD PTR SS:[EBP-2C]             ; 乘以刚才处理出来的值
0041E1B4 DD5D CC       FSTP QWORD PTR SS:[EBP-34]
0041E1B7 68 01060080    PUSH 80000601
0041E1BC FF75 D0       PUSH DWORD PTR SS:[EBP-30]
0041E1BF FF75 CC       PUSH DWORD PTR SS:[EBP-34]
0041E1C2 68 01000000    PUSH 1
0041E1C7 BB 60000000    MOV EBX,60
0041E1CC E8 62080000    CALL 破解我2.0041EA33                      ; 取整数
0041E1D1 83C4 10       ADD ESP,10
0041E1D4 8945 C0       MOV DWORD PTR SS:[EBP-40],EAX
0041E1D7 DB45 C0       FILD DWORD PTR SS:[EBP-40]
0041E1DA DD5D C0       FSTP QWORD PTR SS:[EBP-40]
0041E1DD 68 01060080    PUSH 80000601
0041E1E2 FF75 C4       PUSH DWORD PTR SS:[EBP-3C]
0041E1E5 FF75 C0       PUSH DWORD PTR SS:[EBP-40]
0041E1E8 68 01000000    PUSH 1
0041E1ED BB 5C000000    MOV EBX,5C
0041E1F2 E8 3C080000    CALL 破解我2.0041EA33                      ; 取绝对值
0041E1F7 83C4 10       ADD ESP,10
0041E1FA 8945 F0       MOV DWORD PTR SS:[EBP-10],EAX
0041E1FD 8955 F4       MOV DWORD PTR SS:[EBP-C],EDX
0041E200 68 01060080    PUSH 80000601
0041E205 FF75 F4       PUSH DWORD PTR SS:[EBP-C]
0041E208 FF75 F0       PUSH DWORD PTR SS:[EBP-10]
0041E20B 68 01000000    PUSH 1
0041E210 BB 68010000    MOV EBX,168
0041E215 E8 19080000    CALL 破解我2.0041EA33                      ; 转为字符串
0041E21A 83C4 10       ADD ESP,10
0041E21D 8945 EC       MOV DWORD PTR SS:[EBP-14],EAX
0041E220 68 02000080    PUSH 80000002
0041E225 6A 00          PUSH 0
0041E227 68 00000000    PUSH 0
0041E22C 6A 00          PUSH 0
0041E22E 6A 00          PUSH 0
0041E230 6A 00          PUSH 0
0041E232 68 04000080    PUSH 80000004
0041E237 6A 00          PUSH 0
0041E239 8B45 EC       MOV EAX,DWORD PTR SS:[EBP-14]
0041E23C 85C0          TEST EAX,EAX
0041E23E 75 05          JNZ SHORT 破解我2.0041E245
0041E240 B8 03134100    MOV EAX,破解我2.00411303
0041E245 50             PUSH EAX
0041E246 68 04000080    PUSH 80000004
0041E24B 6A 00          PUSH 0
0041E24D 8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]
0041E250 85C0          TEST EAX,EAX
0041E252 75 05          JNZ SHORT 破解我2.0041E259
0041E254 B8 03134100    MOV EAX,破解我2.00411303
0041E259 50             PUSH EAX
0041E25A 68 04000000    PUSH 4
0041E25F BB 48010000    MOV EBX,148
0041E264 E8 CA070000    CALL 破解我2.0041EA33                      ; 子串匹配..明码比较
0041E269 83C4 34       ADD ESP,34
0041E26C 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
0041E26F 8B5D EC       MOV EBX,DWORD PTR SS:[EBP-14]
0041E272 85DB          TEST EBX,EBX
0041E274 74 09          JE SHORT 破解我2.0041E27F
0041E276 53             PUSH EBX
0041E277 E8 99070000    CALL 破解我2.0041EA15
0041E27C 83C4 04       ADD ESP,4
0041E27F 837D E8 FF    CMP DWORD PTR SS:[EBP-18],-1
0041E283 0F85 05000000 JNZ 破解我2.0041E28E                      ; 不等于-1则成功.
0041E289 E9 B5020000    JMP 破解我2.0041E543                      ; 说明注册码中必须含有上面产生的字符串

算法总结:
附带C++写的注册机, 代码很简单...很容易看懂整个程序是什么算法:
#include  <iostream>
#include  <cmath>

using  namespace  std;

int  main()
{
unsigned  char  name[] = "vecri20"; //长度-注册方式=7, 我选SN,即注册方式0, 故用户名长度为7(在这里注意: SN, ET, NE, TN分别对应0 1 2 3, 学VC的应该知道)

unsigned  int temp = name[0]*name[6] + name[1]*name[5] + name[2]*name[4];
double result0 = sqrt((double)temp); //对上面产生的整数开方

result0 *= pow((double)name[3], 4); //4次方
int  result = result0;    //将double转为int
result = abs(result);       //取绝对值

char regcode[20] = {0};
sprintf(regcode, "%d79", result); //注册码中必须包含79
cout << regcode << endl;
return  0;
}

阳小子 · 发表于 2007-12-26 12:55:04

总是喜欢看牛人们的分析！/:good

CuteSnail · 发表于 2007-12-26 13:08:23

vecri 好厉害呀！/:good

acafeel · 发表于 2007-12-29 13:28:27

又见vecri嘿嘿:loveliness: :loveliness:

vecri · 发表于 2007-12-29 16:18:37

To acafeel:
呵呵。./:001 等你再出CrackMe时, 我一定还来分析的。...
期待ing

		自动登录	找回密码
密码			加入我们

[原创] aCaFeeL's CrackMe V2(外传版) -> [破解我5]最新下载