??
字號(hào):
軟件名稱:起名正宗 (Version: 1.3) Qmzz.EXE 1,029KB
下載地點(diǎn):http://www.gregorybraun.com
發(fā) 信 人: 井 風(fēng)
時(shí) 間: 2000-12-25
破解工具:Trw20001.22
解題難度:[專 業(yè)] [學(xué) 士] [碩 士] [博 士]
********
前 言:
此軟件加密水平還算不錯(cuò),使用用戶名和本機(jī)某個(gè)參數(shù)作為計(jì)算源。程序有一處陷井,
因此,有些地方要引起注意。
過 程:
1、注冊(cè)窗口填入:姓名 cccc 注冊(cè)碼 123456789;
2、用“井風(fēng)跟蹤”法找到出錯(cuò)的CALL,詳細(xì)過程參見WINZIP8.0破解教學(xué)篇;
3、分析代碼:
:004A6A66 8B8304030000 mov eax, dword ptr [ebx+00000304]
:004A6A6C E80FB3F8FF call 00431D80
:004A6A71 8B45F0 mov eax, dword ptr [ebp-10]
:004A6A74 8D55F4 lea edx, dword ptr [ebp-0C]
:004A6A77 E88426F6FF call 00409100
:004A6A7C 837DF400 cmp dword ptr [ebp-0C], 00000000 <---比較有否輸入用戶名
:004A6A80 7525 jne 004A6AA7
:004A6A82 6A00 push 00000000
:004A6A84 668B0D746B4A00 mov cx, word ptr [004A6B74]
:004A6A8B B202 mov dl, 02
.
.
.
:004A6AD4 8B8B14030000 mov ecx, dword ptr [ebx+00000314]
:004A6ADA 8B9318030000 mov edx, dword ptr [ebx+00000318]
:004A6AE0 8B830C030000 mov eax, dword ptr [ebx+0000030C]
:004A6AE6 E859F7FFFF call 004A6244 <---深入跟蹤此CALL
:004A6AEB 84C0 test al, al
:004A6AED 7420 je 004A6B0F <---跳則執(zhí)行[A]
:004A6AEF 6A00 push 00000000
:004A6AF1 668B0D746B4A00 mov cx, word ptr [004A6B74]
:004A6AF8 B202 mov dl, 02
:004A6AFA B8AC6B4A00 mov eax, 004A6BAC
:004A6AFF E8C80BFBFF call 004576CC
:004A6B04 B201 mov dl, 01
:004A6B06 8BC3 mov eax, ebx
:004A6B08 E8CFFCFFFF call 004A67DC
:004A6B0D EB15 jmp 004A6B24
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A6AED(C)
|
:004A6B0F 6A00 push 00000000
:004A6B11 668B0D746B4A00 mov cx, word ptr [004A6B74]
:004A6B18 33D2 xor edx, edx
:004A6B1A B8C86B4A00 mov eax, 004A6BC8
:004A6B1F E8A80BFBFF call 004576CC <---執(zhí)行此行出錯(cuò),記為[A]
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004A6AA5(U), :004A6B0D(U)
|
:004A6B24 33C0 xor eax, eax
:004A6B26 5A pop edx
:004A6B27 59 pop ecx
:004A6B28 59 pop ecx
:004A6B29 648910 mov dword ptr fs:[eax], edx
:004A6B2C 686E6B4A00 push 004A6B6E
以下為追入004A6B1F call 004576CC 代碼:
:004A6244 55 push ebp
:004A6245 8BEC mov ebp, esp
:004A6247 81C460FDFFFF add esp, FFFFFD60
:004A624D 53 push ebx
:004A624E 56 push esi
:004A624F 57 push edi
:004A6250 33DB xor ebx, ebx
:004A6252 899D60FEFFFF mov dword ptr [ebp+FFFFFE60], ebx
:004A6258 895DF8 mov dword ptr [ebp-08], ebx
:004A625B 894DFC mov dword ptr [ebp-04], ecx
:004A625E 8BDA mov ebx, edx
:004A6260 8BF8 mov edi, eax
:004A6262 8B4508 mov eax, dword ptr [ebp+08]
:004A6265 E816DEF5FF call 00404080
:004A626A 33C0 xor eax, eax
:004A626C 55 push ebp
:004A626D 68ED634A00 push 004A63ED
:004A6272 64FF30 push dword ptr fs:[eax]
:004A6275 648920 mov dword ptr fs:[eax], esp
:004A6278 8D9560FEFFFF lea edx, dword ptr [ebp+FFFFFE60]
:004A627E 8B4508 mov eax, dword ptr [ebp+08]
:004A6281 E87A2EF6FF call 00409100
:004A6286 83BD60FEFFFF00 cmp dword ptr [ebp+FFFFFE60], 00000000
:004A628D 7507 jne 004A6296
:004A628F 33DB xor ebx, ebx
:004A6291 E92E010000 jmp 004A63C4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A628D(C)
|
:004A6296 8B4D08 mov ecx, dword ptr [ebp+08]
:004A6299 8BD3 mov edx, ebx
:004A629B 8BC7 mov eax, edi
:004A629D E872FAFFFF call 004A5D14
:004A62A2 8BF0 mov esi, eax
:004A62A4 3B75FC cmp esi, dword ptr [ebp-04] <---此處可見正確注冊(cè)碼 ? esi
顯示:HEW C117DB6EE
注意是無符號(hào)數(shù)16進(jìn)制,需轉(zhuǎn)為10進(jìn)制
轉(zhuǎn)化為10進(jìn)制=3246241518
:004A62A7 0F8515010000 jne 004A63C2 <---正確注冊(cè)碼此處不跳
:004A62AD E8F243F6FF call 0040A6A4
:004A62B2 DD5DB0 fstp qword ptr [ebp-50]
:004A62B5 9B wait
:004A62B6 E8E943F6FF call 0040A6A4
:004A62BB DD5DB8 fstp qword ptr [ebp-48]
:004A62BE 9B wait
:004A62BF C645C001 mov [ebp-40], 01
:004A62C3 C645C100 mov [ebp-3F], 00
.
.
.
小 結(jié):
驗(yàn)證注冊(cè)碼方法是比較兩個(gè)寄存器中無符號(hào)數(shù)值,所以要將寄存器中的十六進(jìn)制數(shù)轉(zhuǎn)化為
十進(jìn)制數(shù)(用98系統(tǒng)附件中的科學(xué)型計(jì)算器就很方便)。
注冊(cè)成功后生成文件 _!!19925._Si,里面放的就是你的注冊(cè)碼,它的位置在機(jī)器的windows
目錄下。
我的注冊(cè)碼:
機(jī)器碼 3245818142 3245818142
用 戶 abcd cccc
注冊(cè)碼 3246232782 3246241518
后 記:
有疑問請(qǐng)與我聯(lián)系:hz.cy@163.net?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -