TA的每日心情 | 开心
2017-1-5 20:23 |
|---|
签到天数: 14 天 [LV.3]偶尔看看II
|
发表于 2008-3-11 00:56:09
|
显示全部楼层
查找“注册失败”双击到这里:
006DA120 /. 55 push ebp /这里F2下断。
( 然后输入用户名:puti67
假码0123456789012345678900,单击然后注册断下。F8单步)
006DA121 |. 8BEC mov ebp, esp
006DA123 |. 81C4 E0FEFFFF add esp, -120
006DA129 |. 53 push ebx
006DA12A |. 56 push esi
006DA12B |. 33C9 xor ecx, ecx
006DA12D |. 898D E8FEFFFF mov dword ptr [ebp-118], ecx
006DA133 |. 898D E4FEFFFF mov dword ptr [ebp-11C], ecx
006DA139 |. 898D E0FEFFFF mov dword ptr [ebp-120], ecx
006DA13F |. 894D EC mov dword ptr [ebp-14], ecx
006DA142 |. 894D F0 mov dword ptr [ebp-10], ecx
006DA145 |. 894D F4 mov dword ptr [ebp-C], ecx
006DA148 |. 894D FC mov dword ptr [ebp-4], ecx
006DA14B |. 894D F8 mov dword ptr [ebp-8], ecx
006DA14E |. 8BD8 mov ebx, eax
006DA150 |. 33C0 xor eax, eax
006DA152 |. 55 push ebp
006DA153 |. 68 5CA36D00 push 006DA35C
006DA158 |. 64:FF30 push dword ptr fs:[eax]
006DA15B |. 64:8920 mov dword ptr fs:[eax], esp
006DA15E |. 8D55 F8 lea edx, dword ptr [ebp-8]
006DA161 |. 8B83 08030000 mov eax, dword ptr [ebx+308]
006DA167 |. E8 B849DAFF call 0047EB24
006DA16C |. 8B45 F8 mov eax, dword ptr [ebp-8]
006DA16F |. 8D55 FC lea edx, dword ptr [ebp-4]
006DA172 |. E8 D9F7D2FF call 00409950
006DA177 |. 8B55 FC mov edx, dword ptr [ebp-4]
006DA17A |. 8D83 2C030000 lea eax, dword ptr [ebx+32C]
006DA180 |. E8 63ADD2FF call 00404EE8
006DA185 |. 8B83 2C030000 mov eax, dword ptr [ebx+32C]
006DA18B |. E8 C4AFD2FF call 00405154
006DA190 |. 83F8 04 cmp eax, 4 //注册姓名不小于4位
006DA193 |. 7D 3A jge short 006DA1CF
006DA195 |. 6A 00 push 0
006DA197 |. 68 74A36D00 push 006DA374 ; 错误:〖注册姓名〗\n
006DA19C |. FFB3 2C030000 push dword ptr [ebx+32C]
006DA1A2 |. 68 90A36D00 push 006DA390 ; \n
006DA1A7 |. 68 9CA36D00 push 006DA39C ; 长度太短,无法注册!
006DA1AC |. 8D45 F4 lea eax, dword ptr [ebp-C]
006DA1AF |. BA 04000000 mov edx, 4
006DA1B4 |. E8 5BB0D2FF call 00405214
006DA1B9 |. 8B45 F4 mov eax, dword ptr [ebp-C]
006DA1BC |. 66:8B0D B4A36>mov cx, word ptr [6DA3B4]
006DA1C3 |. B2 01 mov dl, 1
006DA1C5 |. E8 2EE7D5FF call 004388F8
006DA1CA |. E9 47010000 jmp 006DA316
006DA1CF |> 8D55 F0 lea edx, dword ptr [ebp-10]
006DA1D2 |. 8B83 0C030000 mov eax, dword ptr [ebx+30C]
006DA1D8 |. E8 4749DAFF call 0047EB24
006DA1DD |. 8B55 F0 mov edx, dword ptr [ebp-10]
006DA1E0 |. 8D83 30030000 lea eax, dword ptr [ebx+330]
006DA1E6 |. E8 FDACD2FF call 00404EE8
006DA1EB |. 8B83 30030000 mov eax, dword ptr [ebx+330]
006DA1F1 |. E8 5EAFD2FF call 00405154
006DA1F6 |. 83F8 16 cmp eax, 16 //注册码等于22位
006DA1F9 |. 74 3A je short 006DA235
006DA1FB |. 6A 00 push 0
006DA1FD |. 68 C0A36D00 push 006DA3C0 ; 错误:〖注册码〗\n
006DA202 |. FFB3 30030000 push dword ptr [ebx+330]
006DA208 |. 68 90A36D00 push 006DA390 ; \n
006DA20D |. 68 DCA36D00 push 006DA3DC ; 长度不符,无法注册!
006DA212 |. 8D45 EC lea eax, dword ptr [ebp-14]
006DA215 |. BA 04000000 mov edx, 4
006DA21A |. E8 F5AFD2FF call 00405214
006DA21F |. 8B45 EC mov eax, dword ptr [ebp-14]
006DA222 |. 66:8B0D B4A36>mov cx, word ptr [6DA3B4]
006DA229 |. B2 01 mov dl, 1
006DA22B |. E8 C8E6D5FF call 004388F8
006DA230 |. E9 E1000000 jmp 006DA316
006DA235 |> 8BC3 mov eax, ebx
006DA237 |. E8 88FCFFFF call 006D9EC4 //这里F7进入
006DA23C |. 84C0 test al, al
006DA23E |. 0F84 BD000000 je 006DA301
006DA244 |. 8BC3 mov eax, ebx
006DA246 |. E8 51FBFFFF call 006D9D9C
006DA24B |. 33F6 xor esi, esi
006DA24D |> 8D85 E4FEFFFF /lea eax, dword ptr [ebp-11C]
006DA253 |. 50 |push eax
006DA254 |. 8BD6 |mov edx, esi
006DA256 |. 03D2 |add edx, edx
006DA258 |. A1 FCF07500 |mov eax, dword ptr [75F0FC]
006DA25D |. 8B00 |mov eax, dword ptr [eax]
006DA25F |. B9 04000000 |mov ecx, 4
006DA264 |. E8 4BB1D2FF |call 004053B4
006DA269 |. 8B85 E4FEFFFF |mov eax, dword ptr [ebp-11C]
006DA26F |. 50 |push eax
006DA270 |. 8D85 E0FEFFFF |lea eax, dword ptr [ebp-120]
006DA276 |. 50 |push eax
006DA277 |. B9 08000000 |mov ecx, 8
006DA27C |. BA 0B000000 |mov edx, 0B
006DA281 |. 8B83 30030000 |mov eax, dword ptr [ebx+330]
006DA287 |. E8 28B1D2FF |call 004053B4
006DA28C |. 8B85 E0FEFFFF |mov eax, dword ptr [ebp-120]
006DA292 |. 8D8D E8FEFFFF |lea ecx, dword ptr [ebp-118]
006DA298 |. 5A |pop edx
006DA299 |. E8 C63BF7FF |call 0064DE64
006DA29E |. 8B95 E8FEFFFF |mov edx, dword ptr [ebp-118]
006DA2A4 |. 8D85 ECFEFFFF |lea eax, dword ptr [ebp-114]
006DA2AA |. B9 FF000000 |mov ecx, 0FF
006DA2AF |. E8 7CAED2FF |call 00405130
006DA2B4 |. 8D95 ECFEFFFF |lea edx, dword ptr [ebp-114]
006DA2BA |. 8BC6 |mov eax, esi
006DA2BC |. C1E0 05 |shl eax, 5
006DA2BF |. 2BC6 |sub eax, esi
006DA2C1 |. 8B0D CCE97500 |mov ecx, dword ptr [75E9CC] ; 111_.0078A930
006DA2C7 |. 8B09 |mov ecx, dword ptr [ecx]
006DA2C9 |. 8D8401 110B00>|lea eax, dword ptr [ecx+eax+B11]
006DA2D0 |. B1 1E |mov cl, 1E
006DA2D2 |. E8 ED90D2FF |call 004033C4
006DA2D7 |. 46 |inc esi
006DA2D8 |. 83FE 03 |cmp esi, 3
006DA2DB |.^ 0F85 6CFFFFFF \jnz 006DA24D
006DA2E1 |. B2 01 mov dl, 1
006DA2E3 |. 8BC3 mov eax, ebx
006DA2E5 |. E8 82F8FFFF call 006D9B6C
006DA2EA |. 6A 00 push 0
006DA2EC |. 66:8B0D B4A36>mov cx, word ptr [6DA3B4]
006DA2F3 |. B2 02 mov dl, 2
006DA2F5 |. B8 FCA36D00 mov eax, 006DA3FC ; 成功注册!感谢您的支
持!请重新启动软件。
006DA2FA |. E8 F9E5D5FF call 004388F8
006DA2FF |. EB 15 jmp short 006DA316
006DA301 |> 6A 00 push 0
006DA303 |. 66:8B0D B4A36>mov cx, word ptr [6DA3B4]
006DA30A |. B2 01 mov dl, 1
006DA30C |. B8 30A46D00 mov eax, 006DA430 //(双击来到了这里) 注册失败:注册码无效!
006DA311 |. E8 E2E5D5FF call 004388F8
006DA316 |> 33C0 xor eax, eax
006DA318 |. 5A pop edx
006DA319 |. 59 pop ecx
006DA31A |. 59 pop ecx
006DA31B |. 64:8910 mov dword ptr fs:[eax], edx
006DA31E |. 68 63A36D00 push 006DA363
006DA323 |> 8D85 E0FEFFFF lea eax, dword ptr [ebp-120]
006DA329 |. BA 03000000 mov edx, 3
006DA32E |. E8 85ABD2FF call 00404EB8
006DA333 |. 8D45 EC lea eax, dword ptr [ebp-14]
006DA336 |. E8 59ABD2FF call 00404E94
006DA33B |. 8D45 F0 lea eax, dword ptr [ebp-10]
006DA33E |. E8 51ABD2FF call 00404E94
006DA343 |. 8D45 F4 lea eax, dword ptr [ebp-C]
006DA346 |. E8 49ABD2FF call 00404E94
006DA34B |. 8D45 F8 lea eax, dword ptr [ebp-8]
006DA34E |. E8 41ABD2FF call 00404E94
006DA353 |. 8D45 FC lea eax, dword ptr [ebp-4]
006DA356 |. E8 39ABD2FF call 00404E94
006DA35B \. C3 retn
F7进入到这里:F8单步
0064DE64 /$ 55 push ebp
0064DE65 |. 8BEC mov ebp, esp
0064DE67 |. 83C4 F0 add esp, -10
0064DE6A |. 53 push ebx
0064DE6B |. 56 push esi
0064DE6C |. 57 push edi
0064DE6D |. 894D F4 mov dword ptr [ebp-C], ecx
0064DE70 |. 8955 F8 mov dword ptr [ebp-8], edx
0064DE73 |. 8945 FC mov dword ptr [ebp-4], eax
0064DE76 |. 8B45 FC mov eax, dword ptr [ebp-4]
0064DE79 |. E8 C674DBFF call 00405344
0064DE7E |. 8B45 F8 mov eax, dword ptr [ebp-8]
0064DE81 |. E8 BE74DBFF call 00405344
0064DE86 |. 33C0 xor eax, eax
0064DE88 |. 55 push ebp
0064DE89 |. 68 2EDF6400 push 0064DF2E
0064DE8E |. 64:FF30 push dword ptr fs:[eax]
0064DE91 |. 64:8920 mov dword ptr fs:[eax], esp
0064DE94 |. 837D F8 00 cmp dword ptr [ebp-8], 0
0064DE98 |. 75 0D jnz short 0064DEA7
0064DE9A |. 8D45 F8 lea eax, dword ptr [ebp-8]
0064DE9D |. BA 44DF6400 mov edx, 0064DF44 ; neo imaging
0064DEA2 |. E8 8570DBFF call 00404F2C
0064DEA7 |> BE 01000000 mov esi, 1
0064DEAC |. 8B45 FC mov eax, dword ptr [ebp-4]
0064DEAF |. E8 A072DBFF call 00405154
0064DEB4 |. 8BF8 mov edi, eax
0064DEB6 |. 85FF test edi, edi
0064DEB8 |. 7E 4E jle short 0064DF08
0064DEBA |. BB 01000000 mov ebx, 1
0064DEBF |> 8B45 FC /mov eax, dword ptr [ebp-4]
0064DEC2 |. 8A4418 FF |mov al, byte ptr [eax+ebx-1]
0064DEC6 |. 24 0F |and al, 0F
0064DEC8 |. 8B55 F8 |mov edx, dword ptr [ebp-8]
0064DECB |. 8A5432 FF |mov dl, byte ptr [edx+esi-1]
0064DECF |. 80E2 0F |and dl, 0F
0064DED2 |. 32C2 |xor al, dl
0064DED4 |. 8845 F3 |mov byte ptr [ebp-D], al
0064DED7 |. 8D45 FC |lea eax, dword ptr [ebp-4]
0064DEDA |. E8 CD74DBFF |call 004053AC
0064DEDF |. 8B55 FC |mov edx, dword ptr [ebp-4]
0064DEE2 |. 8A541A FF |mov dl, byte ptr [edx+ebx-1]
0064DEE6 |. 80E2 F0 |and dl, 0F0
0064DEE9 |. 8A4D F3 |mov cl, byte ptr [ebp-D]
0064DEEC |. 02D1 |add dl, cl
0064DEEE |. 885418 FF |mov byte ptr [eax+ebx-1], dl
0064DEF2 |. 46 |inc esi
0064DEF3 |. 8B45 F8 |mov eax, dword ptr [ebp-8]
0064DEF6 |. E8 5972DBFF |call 00405154
0064DEFB |. 3BF0 |cmp esi, eax
0064DEFD |. 7E 05 |jle short 0064DF04
0064DEFF |. BE 01000000 |mov esi, 1
0064DF04 |> 43 |inc ebx
0064DF05 |. 4F |dec edi
0064DF06 |.^ 75 B7 \jnz short 0064DEBF
0064DF08 |> 8B45 F4 mov eax, dword ptr [ebp-C]
0064DF0B |. 8B55 FC mov edx, dword ptr [ebp-4]
0064DF0E |. E8 D56FDBFF call 00404EE8
0064DF13 |. 33C0 xor eax, eax
0064DF15 |. 5A pop edx
0064DF16 |. 59 pop ecx
0064DF17 |. 59 pop ecx
0064DF18 |. 64:8910 mov dword ptr fs:[eax], edx
0064DF1B |. 68 35DF6400 push 0064DF35
0064DF20 |> 8D45 F8 lea eax, dword ptr [ebp-8]
0064DF23 |. BA 02000000 mov edx, 2
0064DF28 |. E8 8B6FDBFF call 00404EB8
0064DF2D \. C3 retn
0064DF2E .^ E9 C168DBFF jmp 004047F4
0064DF33 .^ EB EB jmp short 0064DF20
0064DF35 . 5F pop edi
0064DF36 . 5E pop esi
0064DF37 . 5B pop ebx
0064DF38 . 8BE5 mov esp, ebp
0064DF3A . 5D pop ebp
0064DF3B . C3 retn //F8到这里(这里返回到006DF1D)
006D9F07 |> 8D4D FC lea ecx, dword ptr [ebp-4]
006D9F0A |. 8B15 FCF07500 mov edx, dword ptr [75F0FC] ; 111_.0078A80C
006D9F10 |. 8B12 mov edx, dword ptr [edx]
006D9F12 |. 8B83 2C030000 mov eax, dword ptr [ebx+32C]
006D9F18 |. E8 473FF7FF call 0064DE64
006D9F1D |. 8D45 F8 lea eax, dword ptr [ebp-8] //返回到了这里,继续F8
006D9F20 |. 50 push eax
006D9F21 |. 8B83 30030000 mov eax, dword ptr [ebx+330]
006D9F27 |. B9 04000000 mov ecx, 4
006D9F2C |. BA 13000000 mov edx, 13
006D9F31 |. E8 7EB4D2FF call 004053B4
006D9F36 |. 8B45 FC mov eax, dword ptr [ebp-4]
006D9F39 |. E8 16B2D2FF call 00405154
006D9F3E |. 8BC8 mov ecx, eax
006D9F40 |. 33DB xor ebx, ebx
006D9F42 |. 8BC1 mov eax, ecx
006D9F44 |. 48 dec eax
006D9F45 |. 85C0 test eax, eax
006D9F47 |. 7C 14 jl short 006D9F5D
006D9F49 |. 40 inc eax
006D9F4A |. 33D2 xor edx, edx
006D9F4C |> 8B75 FC /mov esi, dword ptr [ebp-4]
006D9F4F |. 0FB67416 FF |movzx esi, byte ptr [esi+edx-1]
006D9F54 |. 0FAFF1 |imul esi, ecx
006D9F57 |. 03DE |add ebx, esi
006D9F59 |. 42 |inc edx
006D9F5A |. 48 |dec eax
006D9F5B |.^ 75 EF \jnz short 006D9F4C
006D9F5D |> 81FB 0F270000 cmp ebx, 270F
006D9F63 |. 7E 0E jle short 006D9F73
006D9F65 |. 8BC3 mov eax, ebx
006D9F67 |. B9 10270000 mov ecx, 2710
006D9F6C |. 99 cdq
006D9F6D |. F7F9 idiv ecx
006D9F6F |. 8BDA mov ebx, edx
006D9F71 |. EB 0E jmp short 006D9F81
006D9F73 |> 81FB 28230000 cmp ebx, 2328
006D9F79 |. 7D 06 jge short 006D9F81
006D9F7B |. 81C3 E8030000 add ebx, 3E8
006D9F81 |> 8D45 F4 lea eax, dword ptr [ebp-C]
006D9F84 |. 50 push eax
006D9F85 |. 895D EC mov dword ptr [ebp-14], ebx
006D9F88 |. C645 F0 00 mov byte ptr [ebp-10], 0
006D9F8C |. 8D55 EC lea edx, dword ptr [ebp-14]
006D9F8F |. 33C9 xor ecx, ecx
006D9F91 |. B8 E09F6D00 mov eax, 006D9FE0 ; %4d
006D9F96 |. E8 8912D3FF call 0040B224
006D9F9B |. 8B45 F8 mov eax, dword ptr [ebp-8]
006D9F9E |. 8B55 F4 mov edx, dword ptr [ebp-C]
006D9FA1 |. E8 FAB2D2FF call 004052A0 //F8到这里(这里寄存器提示:
EAX 012D5044 ASCII "7778"
ECX 00000000
EDX 012D7FE4 ASCII "4090")
22位注册码的后四位应该是:4090
006D9FA6 |. 0F94C0 sete al
006D9FA9 |> 8BD8 mov ebx, eax
006D9FAB |. 33C0 xor eax, eax
006D9FAD |. 5A pop edx
006D9FAE |. 59 pop ecx
006D9FAF |. 59 pop ecx
006D9FB0 |. 64:8910 mov dword ptr fs:[eax], edx
006D9FB3 |. 68 CD9F6D00 push 006D9FCD
006D9FB8 |> 8D45 F4 lea eax, dword ptr [ebp-C]
006D9FBB |. BA 03000000 mov edx, 3
006D9FC0 |. E8 F3AED2FF call 00404EB8
006D9FC5 \. C3 retn
注册码共22位,根据用户名算出注册码的后四位,前面的18位可以随意写。我不会分析算法,只是胡乱找到了注册码,请各位大侠批评指正!谢谢!!!
[ 本帖最后由 puti67 于 2008-3-11 01:09 编辑 ] |
评分
-
查看全部评分
|
楼主: zhichuang
IP卡
显身卡
发表于 2008-3-11 18:43:53
发表于 2008-3-12 00:13:51
发表于 2008-3-12 03:22:30
发表于 2008-3-14 14:34:11
发表于 2008-3-14 21:24:53
