- UID
- 26814
注册时间2007-2-2
阅读权限20
最后登录1970-1-1
以武会友
 
TA的每日心情 | 开心
2020-11-19 11:04 |
|---|
签到天数: 1 天 [LV.1]初来乍到
|
本帖最后由 DaShanRen 于 2011-9-9 15:26 编辑
看了这个帖子:
https://www.chinapyg.com/viewthread.php?tid=64912
感觉软件可用,想看看注册机算些啥。无奈,嫌我级别不够,不让拉。故而只能采用捣蛋的方式来解决自己所需!
软件的注册验证关键代码如下:- 0049C593 MOV DWORD PTR SS:[EBP-4],9 ; 循环检测==>
- 0049C59A MOV DWORD PTR SS:[EBP-6C],1
- 0049C5A1 MOV DWORD PTR SS:[EBP-74],2
- 0049C5A8 LEA ECX,DWORD PTR SS:[EBP-44]
- 0049C5AB MOV DWORD PTR SS:[EBP-AC],ECX
- 0049C5B1 MOV DWORD PTR SS:[EBP-B4],4008
- 0049C5BB LEA EDX,DWORD PTR SS:[EBP-74]
- 0049C5BE PUSH EDX
- 0049C5BF LEA EAX,DWORD PTR SS:[EBP-30]
- 0049C5C2 PUSH EAX
- 0049C5C3 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaI4Var>; MSVBVM60.__vbaI4Var
- 0049C5C9 PUSH EAX
- 0049C5CA LEA ECX,DWORD PTR SS:[EBP-B4]
- 0049C5D0 PUSH ECX
- 0049C5D1 LEA EDX,DWORD PTR SS:[EBP-84]
- 0049C5D7 PUSH EDX
- 0049C5D8 CALL NEAR DWORD PTR DS:[<&MSVBVM60.#632>] ; 读取注册码一位
- 0049C5DE MOV DWORD PTR SS:[EBP-CC],PDFTiger.00421AF8 ; W
- 0049C5E8 MOV DWORD PTR SS:[EBP-D4],8008
- 0049C5F2 LEA EAX,DWORD PTR SS:[EBP-84]
- 0049C5F8 PUSH EAX
- 0049C5F9 LEA ECX,DWORD PTR SS:[EBP-D4]
- 0049C5FF PUSH ECX
- 0049C600 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>; 检查是否是W
- 0049C606 MOV WORD PTR SS:[EBP-E8],AX
- 0049C60D LEA EDX,DWORD PTR SS:[EBP-84]
- 0049C613 PUSH EDX
- 0049C614 LEA EAX,DWORD PTR SS:[EBP-74]
- 0049C617 PUSH EAX
- 0049C618 PUSH 2
- 0049C61A CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
- 0049C620 ADD ESP,0C
- 0049C623 MOVSX ECX,WORD PTR SS:[EBP-E8]
- 0049C62A TEST ECX,ECX
- 0049C62C JE SHORT PDFTiger.0049C63B
- 0049C62E MOV DWORD PTR SS:[EBP-4],0A
- 0049C635 MOV WORD PTR SS:[EBP-3C],0FFFF ; 保存标志1
- 0049C63B MOV DWORD PTR SS:[EBP-4],0C
- 0049C642 MOV DWORD PTR SS:[EBP-6C],1
- 0049C649 MOV DWORD PTR SS:[EBP-74],2
- 0049C650 LEA EDX,DWORD PTR SS:[EBP-44]
- 0049C653 MOV DWORD PTR SS:[EBP-AC],EDX
- 0049C659 MOV DWORD PTR SS:[EBP-B4],4008
- 0049C663 LEA EAX,DWORD PTR SS:[EBP-74]
- 0049C666 PUSH EAX
- 0049C667 LEA ECX,DWORD PTR SS:[EBP-30]
- 0049C66A PUSH ECX
- 0049C66B CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaI4Var>; MSVBVM60.__vbaI4Var
- 0049C671 PUSH EAX
- 0049C672 LEA EDX,DWORD PTR SS:[EBP-B4]
- 0049C678 PUSH EDX
- 0049C679 LEA EAX,DWORD PTR SS:[EBP-84]
- 0049C67F PUSH EAX
- 0049C680 CALL NEAR DWORD PTR DS:[<&MSVBVM60.#632>] ; 再次读取
- 0049C686 MOV DWORD PTR SS:[EBP-CC],PDFTiger.00421B00 ; D
- 0049C690 MOV DWORD PTR SS:[EBP-D4],8008
- 0049C69A LEA ECX,DWORD PTR SS:[EBP-84]
- 0049C6A0 PUSH ECX
- 0049C6A1 LEA EDX,DWORD PTR SS:[EBP-D4]
- 0049C6A7 PUSH EDX
- 0049C6A8 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>; 检查是否是D
- 0049C6AE MOV WORD PTR SS:[EBP-E8],AX
- 0049C6B5 LEA EAX,DWORD PTR SS:[EBP-84]
- 0049C6BB PUSH EAX
- 0049C6BC LEA ECX,DWORD PTR SS:[EBP-74]
- 0049C6BF PUSH ECX
- 0049C6C0 PUSH 2
- 0049C6C2 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
- 0049C6C8 ADD ESP,0C
- 0049C6CB MOVSX EDX,WORD PTR SS:[EBP-E8]
- 0049C6D2 TEST EDX,EDX
- 0049C6D4 JE SHORT PDFTiger.0049C6E3
- 0049C6D6 MOV DWORD PTR SS:[EBP-4],0D
- 0049C6DD MOV WORD PTR SS:[EBP-34],0FFFF ; 保存标志2
- 0049C6E3 MOV DWORD PTR SS:[EBP-4],0F
- 0049C6EA MOV DWORD PTR SS:[EBP-6C],1
- 0049C6F1 MOV DWORD PTR SS:[EBP-74],2
- 0049C6F8 LEA EAX,DWORD PTR SS:[EBP-44]
- 0049C6FB MOV DWORD PTR SS:[EBP-AC],EAX
- 0049C701 MOV DWORD PTR SS:[EBP-B4],4008
- 0049C70B LEA ECX,DWORD PTR SS:[EBP-74]
- 0049C70E PUSH ECX
- 0049C70F LEA EDX,DWORD PTR SS:[EBP-30]
- 0049C712 PUSH EDX
- 0049C713 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaI4Var>; MSVBVM60.__vbaI4Var
- 0049C719 PUSH EAX
- 0049C71A LEA EAX,DWORD PTR SS:[EBP-B4]
- 0049C720 PUSH EAX
- 0049C721 LEA ECX,DWORD PTR SS:[EBP-84]
- 0049C727 PUSH ECX
- 0049C728 CALL NEAR DWORD PTR DS:[<&MSVBVM60.#632>] ; 再次读取
- 0049C72E MOV DWORD PTR SS:[EBP-CC],PDFTiger.00421B08 ; 8
- 0049C738 MOV DWORD PTR SS:[EBP-D4],8008
- 0049C742 LEA EDX,DWORD PTR SS:[EBP-84]
- 0049C748 PUSH EDX
- 0049C749 LEA EAX,DWORD PTR SS:[EBP-D4]
- 0049C74F PUSH EAX
- 0049C750 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>; 检查是否是8
- 0049C756 MOV WORD PTR SS:[EBP-E8],AX
- 0049C75D LEA ECX,DWORD PTR SS:[EBP-84]
- 0049C763 PUSH ECX
- 0049C764 LEA EDX,DWORD PTR SS:[EBP-74]
- 0049C767 PUSH EDX
- 0049C768 PUSH 2
- 0049C76A CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
- 0049C770 ADD ESP,0C
- 0049C773 MOVSX EAX,WORD PTR SS:[EBP-E8]
- 0049C77A TEST EAX,EAX
- 0049C77C JE SHORT PDFTiger.0049C78B
- 0049C77E MOV DWORD PTR SS:[EBP-4],10
- 0049C785 MOV WORD PTR SS:[EBP-40],0FFFF ; 保存标志3
- 0049C78B MOV DWORD PTR SS:[EBP-4],12
- 0049C792 MOV DWORD PTR SS:[EBP-6C],1
- 0049C799 MOV DWORD PTR SS:[EBP-74],2
- 0049C7A0 LEA ECX,DWORD PTR SS:[EBP-44]
- 0049C7A3 MOV DWORD PTR SS:[EBP-AC],ECX
- 0049C7A9 MOV DWORD PTR SS:[EBP-B4],4008
- 0049C7B3 LEA EDX,DWORD PTR SS:[EBP-74]
- 0049C7B6 PUSH EDX
- 0049C7B7 LEA EAX,DWORD PTR SS:[EBP-30]
- 0049C7BA PUSH EAX
- 0049C7BB CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaI4Var>; MSVBVM60.__vbaI4Var
- 0049C7C1 PUSH EAX
- 0049C7C2 LEA ECX,DWORD PTR SS:[EBP-B4]
- 0049C7C8 PUSH ECX
- 0049C7C9 LEA EDX,DWORD PTR SS:[EBP-84]
- 0049C7CF PUSH EDX
- 0049C7D0 CALL NEAR DWORD PTR DS:[<&MSVBVM60.#632>] ; 再次读取
- 0049C7D6 MOV DWORD PTR SS:[EBP-CC],PDFTiger.00421B10 ; 6
- 0049C7E0 MOV DWORD PTR SS:[EBP-D4],8008
- 0049C7EA LEA EAX,DWORD PTR SS:[EBP-84]
- 0049C7F0 PUSH EAX
- 0049C7F1 LEA ECX,DWORD PTR SS:[EBP-D4]
- 0049C7F7 PUSH ECX
- 0049C7F8 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>; 检查是否是6
- 0049C7FE MOV WORD PTR SS:[EBP-E8],AX
- 0049C805 LEA EDX,DWORD PTR SS:[EBP-84]
- 0049C80B PUSH EDX
- 0049C80C LEA EAX,DWORD PTR SS:[EBP-74]
- 0049C80F PUSH EAX
- 0049C810 PUSH 2
- 0049C812 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
- 0049C818 ADD ESP,0C
- 0049C81B MOVSX ECX,WORD PTR SS:[EBP-E8]
- 0049C822 TEST ECX,ECX
- 0049C824 JE SHORT PDFTiger.0049C833
- 0049C826 MOV DWORD PTR SS:[EBP-4],13
- 0049C82D MOV WORD PTR SS:[EBP-38],0FFFF ; 保存标志4
- 0049C833 MOV DWORD PTR SS:[EBP-4],15
- 0049C83A LEA EDX,DWORD PTR SS:[EBP-114]
- 0049C840 PUSH EDX
- 0049C841 LEA EAX,DWORD PTR SS:[EBP-104]
- 0049C847 PUSH EAX
- 0049C848 LEA ECX,DWORD PTR SS:[EBP-30]
- 0049C84B PUSH ECX
- 0049C84C CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaVarFo>; MSVBVM60.__vbaVarForNext
- 0049C852 MOV DWORD PTR SS:[EBP-130],EAX
- 0049C858 CMP DWORD PTR SS:[EBP-130],0 ;
- 0049C85F JNZ PDFTiger.0049C593 ; 不等则跳--循环检测<==
这一步做完后,再对所作的标记进行检查:- 0049C86C CMP WORD PTR SS:[EBP-3C],0FFFF ; 是否包含字符W
- 0049C871 JNZ PDFTiger.0049CCBB
- 0049C877 CMP WORD PTR SS:[EBP-34],0FFFF ; 是否包含字符D
- 0049C87C JNZ PDFTiger.0049CCBB
- 0049C882 CMP WORD PTR SS:[EBP-40],0FFFF ; 是否包含字符8
- 0049C887 JNZ PDFTiger.0049CCBB
- 0049C88D CMP WORD PTR SS:[EBP-38],0FFFF ; 是否包含字符6
- 0049C892 JNZ PDFTiger.0049CCBB
一、注册码的字符串并不要求都是那四个字符之一,但必须包含有这四个字符;
二、按循环次数来看,注册码应该是16位的,而后面的标志判断只有四个,仅所以这四个字符的随机组合也可以成为有效的注册码;
三、注册成功后,软件并未保存注册码,只是在文件sound.dll的最后做了个标记。如果末尾的两个字符是kk,则表示已经注册。注意这个文件存放在几个位置:安装目录、C盘的Application Data文件夹。
故而,注册机并不神秘。
呜呼,捣蛋结束,结束捣蛋也! |
评分
-
查看全部评分
|
IP卡
发表于 2011-9-9 15:24:40
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2011-9-14 11:36:26
发表于 2011-10-8 22:38:10
发表于 2012-3-1 10:49:28