|
|
【破文标题】追出易林八卦彩票预测的注册码
【破文作者】lhl8730
【作者邮箱】[email protected]
【作者主页】无
【破解工具】OD,PEID
【破解平台】XP
【软件名称】易林八卦彩票预测
【软件大小】2278KB
【原版下载】http://www.onlinedown.net/soft/40967.htm
【保护方式】序列号
【软件简介】《周易》是我国古老著名的一部经典,被称为群经之首。是中华民族聪明智慧的结晶。本软件结合周易八卦六爻纳甲预测与周易象数学的经典《焦氏易林》开发而出的,正确使用本软件,可以提高博彩的兴趣和乐趣。软件共分为:选号区、预测区、判断区等三个功能区,通过选号区对所预测彩票全部号码进行五行、八卦、九宫等不同形式的分组,之后在预测区采用六爻起卦或快速起卦等预测方法进行预测,最后根据判断区的易林预测断语等内容确定投注号码。本软件可适用于乐透型彩票10-36选1-8和双色球,以及数字型彩票0-9选3-7。
软件中除了易林预测断语需要注册使用以外,其余功能全部免费使用。
------------------------------------------------------------------------
只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!,
用PEID查是加的这个NsPack V1.4 -> LiuXingPing [Overlay] 壳,应该是北斗的壳,经分析还是个双层壳。用OD脱出来的文件比原文件还大。
试了多次不能运行。脱壳搞不定了,没办法只得直接调试找注册码,又因为在网上没有看到相应的文章,所以把它写了出来,让大家见笑了。
现在开始,用OD打开软件,输入假码,用万能断点,点确定断在
77D3353D F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
77D3353F 8BC8 MOV ECX,EAX
77D33541 83E1 03 AND ECX,3
77D33544 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
77D33546 E8 E3FBFFFF CALL USER32.77D3312E
77D3354B 5F POP EDI
77D3354C 5E POP ESI
77D3354D 8BC3 MOV EAX,EBX
77D3354F 5B POP EBX
77D33550 5D POP EBP
77D33551 C2 1000 RETN 10
77D33554 05 77FEFFFF ADD EAX,-189
77D33559 83F8 08 CMP EAX,8
77D3355C 0F87 6FB10000 JA USER32.77D3E6D1
77D33562 FF2485 D95AD377 JMP DWORD PTR DS:[EAX*4+77D35AD9]
77D33569 6A 01 PUSH 1
77D3356B 6A 01 PUSH 1
77D3356D 53 PUSH EBX
77D3356E 57 PUSH EDI
77D3356F 56 PUSH ESI
77D33570 E8 E7890000 CALL USER32.77D3BF5C
77D33575 817D 0C 8F01000>CMP DWORD PTR SS:[EBP+C],18F
77D3357C 0F84 89270000 JE USER32.77D35D0B
77D33582 E9 0F200000 JMP USER32.77D35596
77D33587 90 NOP
去掉断点,按Ctrl+F9几次,返回到了程序领空,停在这
100A93BC C2 0C00 RETN 0C
100A93BF 8D41 28 LEA EAX,DWORD PTR DS:[ECX+28]
100A93C2 C3 RETN
100A93C3 56 PUSH ESI
100A93C4 8BF1 MOV ESI,ECX
100A93C6 E8 B19B0000 CALL krnln.100B2F7C
100A93CB 8B80 34100000 MOV EAX,DWORD PTR DS:[EAX+1034]
100A93D1 85C0 TEST EAX,EAX
100A93D3 74 07 JE SHORT krnln.100A93DC
100A93D5 56 PUSH ESI
100A93D6 FF7424 0C PUSH DWORD PTR SS:[ESP+C]
100A93DA FFD0 CALL EAX
100A93DC 33C0 XOR EAX,EAX
100A93DE 5E POP ESI
100A93DF C2 0400 RETN 4
100A93E2 56 PUSH ESI
100A93E3 E8 62990000 CALL krnln.100B2D4A
100A93E8 8BF0 MOV ESI,EAX
100A93EA 8B86 CC000000 MOV EAX,DWORD PTR DS:[ESI+CC]
100A93F0 85C0 TEST EAX,EAX
100A93F2 74 17 JE SHORT krnln.100A940B
100A93F4 8B40 1C MOV EAX,DWORD PTR DS:[EAX+1C]
100A93F7 85C0 TEST EAX,EAX
100A93F9 74 10 JE SHORT krnln.100A940B
100A93FB 6A 00 PUSH 0
100A93FD 6A 00 PUSH 0
100A93FF 68 01040000 PUSH 401
100A9404 50 PUSH EAX
100A9405 FF15 20D70B10 CALL DWORD PTR DS:[<&USER32.SendMessageA>; USER32.SendMessageA
100A940B 837C24 08 00 CMP DWORD PTR SS:[ESP+8],0
接下来一直按F8,注意看寄存器窗口值的变化,注意你输入的假码。一直到这假码出现。
100A94D9 6A FF PUSH -1
100A94DB E8 2B2C0000 CALL krnln.100AC10B
100A94E0 EB 0C JMP SHORT krnln.100A94EE阶段 假码出现
100A94E2 8B01 MOV EAX,DWORD PTR DS:[ECX]
100A94E4 FF7424 08 PUSH DWORD PTR SS:[ESP+8]
100A94E8 FF90 88000000 CALL DWORD PTR DS:[EAX+88]
100A94EE 5E POP ESI ; 00F1D0F0
100A94EF C2 0400 RETN 4
接下来再一直按F8到这
0046BA83 83 DB 83 在这里按右键选-分析-的在模块中移除分析
0046BA84 C4 DB C4
0046BA85 10 DB 10
0046BA86 89 DB 89
0046BA87 45 DB 45 ; CHAR 'E'
0046BA88 F8 DB F8
0046BA89 8B DB 8B
0046BA8A 45 DB 45 ; CHAR 'E'
0046BA8B F8 DB F8
0046BA8C 50 DB 50 ; CHAR 'P'
0046BA8D FF DB FF
0046BA8E 75 DB 75 ; CHAR 'u'
0046BA8F FC DB FC
0046BA90 E8 DB E8
0046BA91 D5 DB D5
0046BA92 8F DB 8F
0046BA93 FD DB FD
0046BA94 FF DB FF
0046BA95 83 DB 83
0046BA96 C4 DB C4
0046BA97 08 DB 08
0046BA98 83 DB 83
0046BA99 F8 DB F8
0046BA9A 00 DB 00
0046BA9B B8 DB B8
0046BA9C 00 DB 00
0046BA9D 00 DB 00
0046BA9E 00 DB 00
0046BA9F 00 DB 00
0046BAA0 0F DB 0F
0046BAA1 94 DB 94
0046BAA2 C0 DB C0
0046BAA3 89 DB 89
0046BAA4 45 DB 45 ; CHAR 'E'
0046BAA5 F4 DB F4
0046BAA6 8B DB 8B
0046BAA7 5D DB 5D ; CHAR ']'
在46BA83 处按右键选-分析-中的在模块中移除分析CPU窗口变成了这样:
0046BA83 83C4 10 ADD ESP,10
0046BA86 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0046BA89 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0046BA8C 50 PUSH EAX
0046BA8D FF75 FC PUSH DWORD PTR SS:[EBP-4]
0046BA90 E8 D58FFDFF CALL 易林八卦.00444A6A
0046BA95 83C4 08 ADD ESP,8 在这里真码出现了,OK完成了
0046BA98 83F8 00 CMP EAX,0
0046BA9B B8 00000000 MOV EAX,0
0046BAA0 0F94C0 SETE AL
0046BAA3 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
0046BAA6 8B5D FC MOV EBX,DWORD PTR SS:[EBP-4]
0046BAA9 85DB TEST EBX,EBX
0046BAAB 74 09 JE SHORT 易林八卦.0046BAB6
0046BAAD 53 PUSH EBX
0046BAAE E8 BBEA0000 CALL 易林八卦.0047A56E
0046BAB3 83C4 04 ADD ESP,4
0046BAB6 8B5D F8 MOV EBX,DWORD PTR SS:[EBP-8]
0046BAB9 85DB TEST EBX,EBX
0046BABB 74 09 JE SHORT 易林八卦.0046BAC6
0046BABD 53 PUSH EBX
0046BABE E8 ABEA0000 CALL 易林八卦.0047A56E
0046BAC3 83C4 04 ADD ESP,4
0046BAC6 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
0046BACA 0F84 B4000000 JE 易林八卦.0046BB84 在这里可以做内存补丁,把JE改成JNE就可以了
0046BAD0 E8 8EAEFDFF CALL 易林八卦.00446963
0046BAD5 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0046BAD8 68 04000080 PUSH 80000004
0046BADD 6A 00 PUSH 0
0046BADF 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0046BAE2 85C0 TEST EAX,EAX
0046BAE4 75 05 JNZ SHORT 易林八卦.0046BAEB
0046BAE6 B8 41924000 MOV EAX,易林八卦.00409241
0046BAEB 50 PUSH EAX
0046BAEC 68 04000080 PUSH 80000004
0046BAF1 6A 00 PUSH 0
0046BAF3 68 88924000 PUSH 易林八卦.00409288 ; ASCII "SOFTWARE\test"注册码保存的位置
0046BAF8 68 01030080 PUSH 80000301
0046BAFD 6A 00 PUSH 0
0046BAFF 68 03000000 PUSH 3
0046BB04 68 03000000 PUSH 3
0046BB09 BB A4060000 MOV EBX,6A4
0046BB0E E8 61EA0000 CALL 易林八卦.0047A574
0046BB13 83C4 28 ADD ESP,28
0046BB16 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0046BB19 8B5D FC MOV EBX,DWORD PTR SS:[EBP-4]
0046BB1C 85DB TEST EBX,EBX
0046BB1E 74 09 JE SHORT 易林八卦.0046BB29
0046BB20 53 PUSH EBX
0046BB21 E8 48EA0000 CALL 易林八卦.0047A56E
0046BB26 83C4 04 ADD ESP,4
0046BB29 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
0046BB2D 0F84 51000000 JE 易林八卦.0046BB84
0046BB33 6A 00 PUSH 0
0046BB35 6A 00 PUSH 0
0046BB37 6A 00 PUSH 0
0046BB39 68 01030080 PUSH 80000301
0046BB3E 6A 00 PUSH 0
0046BB40 68 00000000 PUSH 0
------------------------------------------------------------------------
------------------------------------------------------------------------
【版权声明】 本文纯属技术交流[请支持正版], 转载请注明作者并保持文章的完整, 谢谢! |
|
IP卡
发表于 2006-4-27 08:27:35
提升卡
置顶卡
变色卡
千斤顶
显身卡