- UID
- 66565
注册时间2010-5-2
阅读权限10
最后登录1970-1-1
周游历练
TA的每日心情 | 开心
2016-11-4 23:26 |
|---|
签到天数: 5 天 [LV.2]偶尔看看I
|
我本来想找出Flash Player Pro软件算法给大家看学习的~~~~~~~~
但是这个算法有4个算法CDLL分析不好做.
因此就把爆破方法给出来.因为这个软件在我填好注册信息点注册按键时不会有相关软件信息.
用PEID查壳是无壳的是 Borland Delphi 写的.有破解知识的都知通过查找按钮事件的方法.来找注册按钮信息!!!把软件载入DEDE
找软件的注册按钮信息.004EC1E0 . 55 PUSH EBP在载入OD!!!!!!!!!!!按Ctrl+G把004EC1E0输入大解定就来了
下的代码中
\*********************************************************************************\
004EC1E0 . 55 PUSH EBP ;在此下断 开始看看这部分代码可以看到004EC3AD有个
004EC1E1 . 8BEC MOV EBP,ESP \MessageBoxA在下一点有 ; ASCII "Username"; ASCII
004EC1E3 . B9 0E000000 MOV ECX,0E ASCII "Username"; ASCII "code"哪就联想这个
004EC1E8 > 6A 00 PUSH 0 MessageBoxA是不是注册的城功信息提示呢!!!!!
004EC1EA . 6A 00 PUSH 0 为什么会就什想因为我们按注册按钮时没有别的信息提示!
004EC1EC . 49 DEC ECX 按F8向下
004EC1ED .^ 75 F9 JNZ SHORT Flash_Pl.004EC1E8
004EC1EF . 53 PUSH EBX
004EC1F0 . 56 PUSH ESI
004EC1F1 . 57 PUSH EDI
004EC1F2 . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004EC1F5 . 33C0 XOR EAX,EAX
004EC1F7 . 55 PUSH EBP
004EC1F8 . 68 9DC64E00 PUSH Flash_Pl.004EC69D
004EC1FD . 64:FF30 PUSH DWORD PTR FS:[EAX]
004EC200 . 64:8920 MOV DWORD PTR FS:[EAX],ESP
004EC203 . 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
004EC206 . E8 8181F1FF CALL Flash_Pl.0040438C
004EC20B . 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
004EC20E . E8 7981F1FF CALL Flash_Pl.0040438C
004EC213 . B2 01 MOV DL,1
004EC215 . A1 F8AE4300 MOV EAX,DWORD PTR DS:[43AEF8]
004EC21A . E8 D9EDF4FF CALL Flash_Pl.0043AFF8
004EC21F . 8945 D8 MOV DWORD PTR SS:[EBP-28],EAX
004EC222 . BA 01000080 MOV EDX,80000001
004EC227 . 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004EC22A . E8 69EEF4FF CALL Flash_Pl.0043B098
004EC22F . B1 01 MOV CL,1
004EC231 . BA B4C64E00 MOV EDX,Flash_Pl.004EC6B4 ; ASCII "\\Software\\Flash Player Pro"
004EC236 . 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004EC239 . E8 C2EEF4FF CALL Flash_Pl.0043B100
004EC23E . 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
004EC241 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004EC244 . 8B80 10030000 MOV EAX,DWORD PTR DS:[EAX+310]
004EC24A . E8 1182F7FF CALL Flash_Pl.00464460 ; 取用户名
004EC24F . 837D D4 00 CMP DWORD PTR SS:[EBP-2C],0
004EC253 . 0F84 0F040000 JE Flash_Pl.004EC668
004EC259 . 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
004EC25C . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004EC25F . 8B80 14030000 MOV EAX,DWORD PTR DS:[EAX+314]
004EC265 . E8 F681F7FF CALL Flash_Pl.00464460 ; 取假码
004EC26A . 837D D0 00 CMP DWORD PTR SS:[EBP-30],0
004EC26E . 0F84 F4030000 JE Flash_Pl.004EC668
004EC274 . 33D2 XOR EDX,EDX
004EC276 . 55 PUSH EBP
004EC277 . 68 61C64E00 PUSH Flash_Pl.004EC661
004EC27C . 64:FF32 PUSH DWORD PTR FS:[EDX]
004EC27F . 64:8922 MOV DWORD PTR FS:[EDX],ESP
004EC282 . 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
004EC285 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004EC288 . 8B80 10030000 MOV EAX,DWORD PTR DS:[EAX+310]
004EC28E . E8 CD81F7FF CALL Flash_Pl.00464460
004EC293 . 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
004EC296 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004EC299 . 8B80 14030000 MOV EAX,DWORD PTR DS:[EAX+314]
004EC29F . E8 BC81F7FF CALL Flash_Pl.00464460
004EC2A4 . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
004EC2A7 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004EC2AA . E8 3DFCFFFF CALL Flash_Pl.004EBEEC 算法CDLL它主要是用假码和固定字串进
004EC2AF . 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34] 运算得一个字串在和下方的字串比较
004EC2B2 . BA D8C64E00 MOV EDX,Flash_Pl.004EC6D8 ; ASCII "60C3C872BF6B924C4B8D841E7B9F8407"
004EC2B7 . E8 DC84F1FF CALL Flash_Pl.00404798 //关键CALL
004EC2BC 0F85 32010000 JNZ Flash_Pl.004EC3F4 //关键跳转中只要把这跳NOP就可以了
004EC2C2 . 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
004EC2C5 . BA 04C74E00 MOV EDX,Flash_Pl.004EC704 ; ASCII
"084104097110107115032102111114032121111117114032114101103105115116114097116105111110033"
004EC2CA . E8 5581F1FF CALL Flash_Pl.00404424
004EC2CF . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
004EC2D2 . BA 64C74E00 MOV EDX,Flash_Pl.004EC764 ; ASCII
"114101103105115116101114032115117099099101115115102117108108121"
004EC2D7 . E8 4881F1FF CALL Flash_Pl.00404424
004EC2DC . 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
004EC2DF . E8 6883F1FF CALL Flash_Pl.0040464C
004EC2E4 . B9 03000000 MOV ECX,3
004EC2E9 . 99 CDQ
004EC2EA . F7F9 IDIV ECX
004EC2EC . 8BF0 MOV ESI,EAX
004EC2EE . 85F6 TEST ESI,ESI
004EC2F0 7E 43 JLE SHORT Flash_Pl.004EC335
004EC2F2 . BF 01000000 MOV EDI,1
004EC2F7 > 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
004EC2FA . 50 PUSH EAX
004EC2FB . 8BC7 MOV EAX,EDI
004EC2FD . 48 DEC EAX
004EC2FE . 8D1440 LEA EDX,DWORD PTR DS:[EAX+EAX*2]
004EC301 . 42 INC EDX
004EC302 . B9 03000000 MOV ECX,3
004EC307 . 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
004EC30A . E8 9D85F1FF CALL Flash_Pl.004048AC
004EC30F . 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]
004EC312 . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
004EC315 . E8 0E6CF1FF CALL Flash_Pl.00402F28
004EC31A . 8BD8 MOV EBX,EAX
004EC31C . 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004EC31F . 8BD3 MOV EDX,EBX
004EC321 . E8 4E82F1FF CALL Flash_Pl.00404574
004EC326 . 8B55 C4 MOV EDX,DWORD PTR SS:[EBP-3C]
004EC329 . 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
004EC32C . E8 2383F1FF CALL Flash_Pl.00404654
004EC331 . 47 INC EDI
004EC332 . 4E DEC ESI
004EC333 .^ 75 C2 JNZ SHORT Flash_Pl.004EC2F7
004EC335 > 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
004EC338 . E8 0F83F1FF CALL Flash_Pl.0040464C
004EC33D . B9 03000000 MOV ECX,3
004EC342 . 99 CDQ
004EC343 . F7F9 IDIV ECX
004EC345 . 8BF0 MOV ESI,EAX
004EC347 . 85F6 TEST ESI,ESI
004EC349 7E 43 JLE SHORT Flash_Pl.004EC38E
004EC34B . BF 01000000 MOV EDI,1
004EC350 > 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
004EC353 . 50 PUSH EAX
004EC354 . 8BC7 MOV EAX,EDI
004EC356 . 48 DEC EAX
004EC357 . 8D1440 LEA EDX,DWORD PTR DS:[EAX+EAX*2]
004EC35A . 42 INC EDX
004EC35B . B9 03000000 MOV ECX,3
004EC360 . 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
004EC363 . E8 4485F1FF CALL Flash_Pl.004048AC
004EC368 . 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40]
004EC36B . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
004EC36E . E8 B56BF1FF CALL Flash_Pl.00402F28
004EC373 . 8BD8 MOV EBX,EAX
004EC375 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
004EC378 . 8BD3 MOV EDX,EBX
004EC37A . E8 F581F1FF CALL Flash_Pl.00404574
004EC37F . 8B55 BC MOV EDX,DWORD PTR SS:[EBP-44]
004EC382 . 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
004EC385 . E8 CA82F1FF CALL Flash_Pl.00404654
004EC38A . 47 INC EDI
004EC38B . 4E DEC ESI
004EC38C .^ 75 C2 JNZ SHORT Flash_Pl.004EC350
004EC38E > 6A 40 PUSH 40
004EC390 . 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004EC393 . E8 B484F1FF CALL Flash_Pl.0040484C
004EC398 . 50 PUSH EAX
004EC399 . 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
004EC39C . E8 AB84F1FF CALL Flash_Pl.0040484C
004EC3A1 . 50 PUSH EAX
004EC3A2 . A1 8C8E5100 MOV EAX,DWORD PTR DS:[518E8C]
004EC3A7 . E8 34E9F7FF CALL Flash_Pl.0046ACE0
004EC3AC . 50 PUSH EAX ; |hOwner
004EC3AD . E8 1AAFF1FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004EC3B2 . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
004EC3B5 . BA ACC74E00 MOV EDX,Flash_Pl.004EC7AC ; ASCII "Username"
004EC3BA . 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004EC3BD . E8 BAF0F4FF CALL Flash_Pl.0043B47C
004EC3C2 . 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
004EC3C5 . BA C0C74E00 MOV EDX,Flash_Pl.004EC7C0 ; ASCII "code";
004EC3CA . 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004EC3CD . E8 AAF0F4FF CALL Flash_Pl.0043B47C
004EC3D2 . 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004EC3D5 . E8 8EECF4FF CALL Flash_Pl.0043B068
004EC3DA . 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004EC3DD . E8 7671F1FF CALL Flash_Pl.00403558
004EC3E2 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004EC3E5 . E8 3E48F9FF CALL Flash_Pl.00480C28
004EC3EA . E8 E179F1FF CALL Flash_Pl.00403DD0
004EC3EF . E9 74020000 JMP Flash_Pl.004EC668
004EC3F4 > 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004EC3F7 . 50 PUSH EAX
004EC3F8 . B9 07000000 MOV ECX,7
004EC3FD . BA 01000000 MOV EDX,1
004EC402 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004EC405 . E8 A284F1FF CALL Flash_Pl.004048AC
004EC40A . 8D55 B8 LEA EDX,DWORD PTR SS:[EBP-48]
004EC40D . 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004EC410 . E8 D7FAFFFF CALL Flash_Pl.004EBEEC
004EC415 . 8B45 B8 MOV EAX,DWORD PTR SS:[EBP-48]
004EC418 . BA D0C74E00 MOV EDX,Flash_Pl.004EC7D0 ; ASCII "22698600A285BDEF56EA4A344B0712F7"
004EC41D . E8 7683F1FF CALL Flash_Pl.00404798
004EC422 . 74 0A JE SHORT Flash_Pl.004EC42E
004EC424 . E8 A779F1FF CALL Flash_Pl.00403DD0
004EC429 . E9 3A020000 JMP Flash_Pl.004EC668
004EC42E > 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004EC431 . 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004EC434 . E8 B3FAFFFF CALL Flash_Pl.004EBEEC
004EC439 . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]
004EC43C . 50 PUSH EAX
004EC43D . B9 02000000 MOV ECX,2
004EC442 . BA 08000000 MOV EDX,8
004EC447 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004EC44A . E8 5D84F1FF CALL Flash_Pl.004048AC
004EC44F . 8B45 B4 MOV EAX,DWORD PTR SS:[EBP-4C]
004EC452 . 50 PUSH EAX
004EC453 . 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
004EC456 . 50 PUSH EAX
004EC457 . B9 02000000 MOV ECX,2
004EC45C . BA 0D000000 MOV EDX,0D
004EC461 . 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004EC464 . E8 4384F1FF CALL Flash_Pl.004048AC
004EC469 . 8B55 B0 MOV EDX,DWORD PTR SS:[EBP-50]
004EC46C . 58 POP EAX
004EC46D . E8 2683F1FF CALL Flash_Pl.00404798
004EC472 . 74 0A JE SHORT Flash_Pl.004EC47E
004EC474 . E8 5779F1FF CALL Flash_Pl.00403DD0
004EC479 . E9 EA010000 JMP Flash_Pl.004EC668
004EC47E > 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58]
004EC481 . 50 PUSH EAX
004EC482 . B9 0B000000 MOV ECX,0B
004EC487 . BA 11000000 MOV EDX,11
004EC48C . 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004EC48F . E8 1884F1FF CALL Flash_Pl.004048AC
004EC494 . 8B45 A8 MOV EAX,DWORD PTR SS:[EBP-58]
004EC497 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
004EC49A . E8 4DFAFFFF CALL Flash_Pl.004EBEEC
004EC49F . 8B55 AC MOV EDX,DWORD PTR SS:[EBP-54]
004EC4A2 . 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004EC4A5 . E8 7A7FF1FF CALL Flash_Pl.00404424
004EC4AA . 8D45 A4 LEA EAX,DWORD PTR SS:[EBP-5C]
004EC4AD . 50 PUSH EAX
004EC4AE . B9 03000000 MOV ECX,3
004EC4B3 . BA 0A000000 MOV EDX,0A
004EC4B8 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004EC4BB . E8 EC83F1FF CALL Flash_Pl.004048AC
004EC4C0 . 8B45 A4 MOV EAX,DWORD PTR SS:[EBP-5C]
004EC4C3 . 50 PUSH EAX
004EC4C4 . 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
004EC4C7 . 50 PUSH EAX
004EC4C8 . B9 03000000 MOV ECX,3
004EC4CD . BA 14000000 MOV EDX,14
004EC4D2 . 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004EC4D5 . E8 D283F1FF CALL Flash_Pl.004048AC
004EC4DA . 8B55 A0 MOV EDX,DWORD PTR SS:[EBP-60]
004EC4DD . 58 POP EAX
004EC4DE . E8 B582F1FF CALL Flash_Pl.00404798
004EC4E3 . 74 0A JE SHORT Flash_Pl.004EC4EF
004EC4E5 . E8 E678F1FF CALL Flash_Pl.00403DD0
004EC4EA . E9 79010000 JMP Flash_Pl.004EC668
004EC4EF > 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
004EC4F2 . BA 04C74E00 MOV EDX,Flash_Pl.004EC704 ; ASCII
"084104097110107115032102111114032121111117114032114101103105115116114097116105111110033"
004EC4F7 . E8 287FF1FF CALL Flash_Pl.00404424
004EC4FC . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
004EC4FF . BA 64C74E00 MOV EDX,Flash_Pl.004EC764 ; ASCII
"114101103105115116101114032115117099099101115115102117108108121"
004EC504 . E8 1B7FF1FF CALL Flash_Pl.00404424
004EC509 . 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
004EC50C . E8 3B81F1FF CALL Flash_Pl.0040464C
004EC511 . B9 03000000 MOV ECX,3
004EC516 . 99 CDQ
004EC517 . F7F9 IDIV ECX
004EC519 . 8BF0 MOV ESI,EAX
004EC51B . 85F6 TEST ESI,ESI
004EC51D . 7E 43 JLE SHORT Flash_Pl.004EC562
004EC51F . BF 01000000 MOV EDI,1
004EC524 > 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
004EC527 . 50 PUSH EAX
004EC528 . 8BC7 MOV EAX,EDI
004EC52A . 48 DEC EAX
004EC52B . 8D1440 LEA EDX,DWORD PTR DS:[EAX+EAX*2]
004EC52E . 42 INC EDX
004EC52F . B9 03000000 MOV ECX,3
004EC534 . 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
004EC537 . E8 7083F1FF CALL Flash_Pl.004048AC
004EC53C . 8B45 9C MOV EAX,DWORD PTR SS:[EBP-64]
004EC53F . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
004EC542 . E8 E169F1FF CALL Flash_Pl.00402F28
004EC547 . 8BD8 MOV EBX,EAX
004EC549 . 8D45 98 LEA EAX,DWORD PTR SS:[EBP-68]
004EC54C . 8BD3 MOV EDX,EBX
004EC54E . E8 2180F1FF CALL Flash_Pl.00404574
004EC553 . 8B55 98 MOV EDX,DWORD PTR SS:[EBP-68]
004EC556 . 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
004EC559 . E8 F680F1FF CALL Flash_Pl.00404654
004EC55E . 47 INC EDI
004EC55F . 4E DEC ESI
004EC560 .^ 75 C2 JNZ SHORT Flash_Pl.004EC524
004EC562 > 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
004EC565 . E8 E280F1FF CALL Flash_Pl.0040464C
004EC56A . B9 03000000 MOV ECX,3
004EC56F . 99 CDQ
004EC570 . F7F9 IDIV ECX
004EC572 . 8BF0 MOV ESI,EAX
004EC574 . 85F6 TEST ESI,ESI
004EC576 . 7E 43 JLE SHORT Flash_Pl.004EC5BB
004EC578 . BF 01000000 MOV EDI,1
004EC57D > 8D45 94 LEA EAX,DWORD PTR SS:[EBP-6C]
004EC580 . 50 PUSH EAX
004EC581 . 8BC7 MOV EAX,EDI
004EC583 . 48 DEC EAX
004EC584 . 8D1440 LEA EDX,DWORD PTR DS:[EAX+EAX*2]
004EC587 . 42 INC EDX
004EC588 . B9 03000000 MOV ECX,3
004EC58D . 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
004EC590 . E8 1783F1FF CALL Flash_Pl.004048AC
004EC595 . 8B45 94 MOV EAX,DWORD PTR SS:[EBP-6C]
004EC598 . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
004EC59B . E8 8869F1FF CALL Flash_Pl.00402F28
004EC5A0 . 8BD8 MOV EBX,EAX
004EC5A2 . 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
004EC5A5 . 8BD3 MOV EDX,EBX
004EC5A7 . E8 C87FF1FF CALL Flash_Pl.00404574
004EC5AC . 8B55 90 MOV EDX,DWORD PTR SS:[EBP-70]
004EC5AF . 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
004EC5B2 . E8 9D80F1FF CALL Flash_Pl.00404654
004EC5B7 . 47 INC EDI
004EC5B8 . 4E DEC ESI
004EC5B9 .^ 75 C2 JNZ SHORT Flash_Pl.004EC57D
004EC5BB > 33C0 XOR EAX,EAX
004EC5BD . 55 PUSH EBP
004EC5BE . 68 17C64E00 PUSH Flash_Pl.004EC617
004EC5C3 . 64:FF30 PUSH DWORD PTR FS:[EAX]
004EC5C6 . 64:8920 MOV DWORD PTR FS:[EAX],ESP
004EC5C9 . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
004EC5CC . BA ACC74E00 MOV EDX,Flash_Pl.004EC7AC ; ASCII "Username"
004EC5D1 . 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004EC5D4 . E8 A3EEF4FF CALL Flash_Pl.0043B47C
004EC5D9 . 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
004EC5DC . BA C0C74E00 MOV EDX,Flash_Pl.004EC7C0 ; ASCII "code"
004EC5E1 . 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004EC5E4 . E8 93EEF4FF CALL Flash_Pl.0043B47C
004EC5E9 . 6A 40 PUSH 40
004EC5EB . 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004EC5EE . E8 5982F1FF CALL Flash_Pl.0040484C
004EC5F3 . 50 PUSH EAX
004EC5F4 . 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
004EC5F7 . E8 5082F1FF CALL Flash_Pl.0040484C
004EC5FC . 50 PUSH EAX
004EC5FD . A1 8C8E5100 MOV EAX,DWORD PTR DS:[518E8C]
004EC602 . E8 D9E6F7FF CALL Flash_Pl.0046ACE0
004EC607 . 50 PUSH EAX ; |hOwner
004EC608 . E8 BFACF1FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004EC60D . 33C0 XOR EAX,EAX
004EC60F . 5A POP EDX
004EC610 . 59 POP ECX
004EC611 . 59 POP ECX
004EC612 . 64:8910 MOV DWORD PTR FS:[EAX],EDX
004EC615 . EB 34 JMP SHORT Flash_Pl.004EC64B
004EC617 .^ E9 1C74F1FF JMP Flash_Pl.00403A38
004EC61C . 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004EC61F . BA FCC74E00 MOV EDX,Flash_Pl.004EC7FC ; ASCII "Flash Player Pro Can not save registraton
information. Please try it again."
004EC624 . E8 FB7DF1FF CALL Flash_Pl.00404424
004EC629 . 6A 10 PUSH 10
004EC62B . 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004EC62E . E8 1982F1FF CALL Flash_Pl.0040484C
004EC633 . 8BD0 MOV EDX,EAX
004EC635 . B9 48C84E00 MOV ECX,Flash_Pl.004EC848 ; ASCII "Error"
004EC63A . A1 D0795100 MOV EAX,DWORD PTR DS:[5179D0]
004EC63F . 8B00 MOV EAX,DWORD PTR DS:[EAX]
004EC641 . E8 567FF9FF CALL Flash_Pl.0048459C
004EC646 . E8 5577F1FF CALL Flash_Pl.00403DA0
004EC64B > 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004EC64E . E8 D545F9FF CALL Flash_Pl.00480C28
004EC653 . 33C0 XOR EAX,EAX
004EC655 . 5A POP EDX
004EC656 . 59 POP ECX
004EC657 . 59 POP ECX
004EC658 . 64:8910 MOV DWORD PTR FS:[EAX],EDX
004EC65B . 68 68C64E00 PUSH Flash_Pl.004EC668
004EC660 > C3 RETN ; RET 用作跳转到 004EC668
004EC661 .^ E9 8676F1FF JMP Flash_Pl.00403CEC
004EC666 .^ EB F8 JMP SHORT Flash_Pl.004EC660
004EC668 > 33C0 XOR EAX,EAX
004EC66A . 5A POP EDX
004EC66B . 59 POP ECX
004EC66C . 59 POP ECX
004EC66D . 64:8910 MOV DWORD PTR FS:[EAX],EDX
004EC670 . 68 A4C64E00 PUSH Flash_Pl.004EC6A4
004EC675 > 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
004EC678 . BA 10000000 MOV EDX,10
004EC67D . E8 2E7DF1FF CALL Flash_Pl.004043B0
004EC682 . 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
004EC685 . BA 02000000 MOV EDX,2
004EC68A . E8 217DF1FF CALL Flash_Pl.004043B0
004EC68F . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
004EC692 . BA 07000000 MOV EDX,7
004EC697 . E8 147DF1FF CALL Flash_Pl.004043B0
004EC69C . C3 RETN
004EC69D .^ E9 4A76F1FF JMP Flash_Pl.00403CEC
004EC6A2 .^ EB D1 JMP SHORT Flash_Pl.004EC675
004EC6A4 . 5F POP EDI
004EC6A5 . 5E POP ESI
004EC6A6 . 5B POP EBX
004EC6A7 . 8BE5 MOV ESP,EBP
004EC6A9 . 5D POP EBP
004EC6AA . C3 RETN
\********************************************************************************************\
我在说说这软件的算法.
1.在软件中有个CALL把字串分别放DS;[EBX] DS;[EBX+4] DS;[EBX+8] DS;[EBX+C]
2.在把假码和这4字串作为参数放入4个算法CALL.进行运算得到的数在和60C3C872BF6B924C4B8D841E7B9F8407比较.想同就注册城功了 |
|
IP卡
发表于 2011-2-15 14:00:12
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2011-2-15 14:12:58
发表于 2012-4-1 21:04:53
发表于 2012-4-2 18:56:26