TA的每日心情 | 开心
2018-7-9 22:48 |
|---|
签到天数: 16 天 [LV.4]偶尔看看III
|
发表于 2006-6-30 13:28:17
|
显示全部楼层
来一份粗粉(粗分析^_^)和内存注册机制作
在所有Call EBX下断拦码
内存方式:ESP
ESP=0012E6BC
写注册机时选
地址指针1层
0012E6BC 0040BE80 UNICODE "xpq4g"
0012E6C0 001A170C UNICODE "fffff"
注册码是从后算起的,所以0041E444中断最后添加
0041E415 . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
0041E41B . 3BC7 CMP EAX,EDI
0041E41D . DBE2 FCLEX
0041E41F . 7D 14 JGE SHORT SuperBoo.0041E435
0041E421 . 8B95 3CFFFFFF MOV EDX,DWORD PTR SS:[EBP-C4]
0041E427 . 68 A0000000 PUSH 0A0
0041E42C . 68 B8B84000 PUSH SuperBoo.0040B8B8
0041E431 . 52 PUSH EDX
0041E432 . 50 PUSH EAX
0041E433 . FFD3 CALL EBX
0041E435 > 8B45 B0 MOV EAX,DWORD PTR SS:[EBP-50]
0041E438 . 8B1D 64104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrCmp
0041E43E . 50 PUSH EAX
0041E43F . 68 80BE4000 PUSH SuperBoo.0040BE80 ; UNICODE "xpq4g"
0041E444 . FFD3 CALL EBX ;
<&MSVBVM60.__vbaStrCmp>-----------------------------------------------下断拦码(5)
0041E446 . 8B4D B4 MOV ECX,DWORD PTR SS:[EBP-4C]
0041E449 . 8BF8 MOV EDI,EAX
0041E44B . F7DF NEG EDI
0041E44D . 1BFF SBB EDI,EDI
0041E44F . 51 PUSH ECX
0041E450 . 47 INC EDI
0041E451 . 68 94B04000 PUSH SuperBoo.0040B094 ; UNICODE "6crcc"
0041E456 . F7DF NEG EDI
0041E458 . FFD3 CALL EBX-----------------------------------下断拦码(4)
0041E45A . 8B55 B8 MOV EDX,DWORD PTR SS:[EBP-48]
0041E45D . F7D8 NEG EAX
0041E45F . 1BC0 SBB EAX,EAX
0041E461 . 52 PUSH EDX
0041E462 . 40 INC EAX
0041E463 . 68 50B14000 PUSH SuperBoo.0040B150 ; UNICODE "frt9j"
0041E468 . F7D8 NEG EAX
0041E46A . 23F8 AND EDI,EAX
0041E46C . FFD3 CALL EBX-----------------------------------下断拦码(3)
0041E46E . F7D8 NEG EAX
0041E470 . 1BC0 SBB EAX,EAX
0041E472 . 40 INC EAX
0041E473 . F7D8 NEG EAX
0041E475 . 23F8 AND EDI,EAX
0041E477 . 8B45 BC MOV EAX,DWORD PTR SS:[EBP-44]
0041E47A . 50 PUSH EAX
0041E47B . 68 40B14000 PUSH SuperBoo.0040B140 ; UNICODE "b9tky"
0041E480 . FFD3 CALL EBX-----------------------------------下断拦码(2)
0041E482 . 8B4D C0 MOV ECX,DWORD PTR SS:[EBP-40]
0041E485 . F7D8 NEG EAX
0041E487 . 1BC0 SBB EAX,EAX
0041E489 . 51 PUSH ECX
0041E48A . 40 INC EAX
0041E48B . 68 D4B14000 PUSH SuperBoo.0040B1D4 ; UNICODE "dg8fv"
0041E490 . F7D8 NEG EAX
0041E492 . 23F8 AND EDI,EAX
0041E494 . FFD3 CALL EBX-----------------------------------下断拦码(1)
0041E496 . 8B55 C4 MOV EDX,DWORD PTR SS:[EBP-3C]
0041E499 . F7D8 NEG EAX
0041E49B . 1BC0 SBB EAX,EAX
0041E49D . 52 PUSH EDX
0041E49E . 40 INC EAX
注册码为:dg8fv-b9tky-frt9j-6crcc-xpq4g
注册机使用方法:
1,输入任意注册码后,点注册认证5次,
即可得注册码。
2,注意“#”号后的不要,“#”号前的为
注册码。
说明一下,最后一部分注册码后有乱码。
不知道是不是注册机编写器的原因,还是内存那个UNICODE字符的原因。我已用“#”区分开了。^_^
那位高手有解决的办法不?记得给我说一下。先谢谢了! |
|
楼主: noTme
IP卡
发表于 2006-6-18 13:14:27
显身卡
发表于 2006-6-22 12:53:05
