:0047980D 52 push edx
:0047980E 50 push eax
:0047980F 8D45E8 lea eax, dword ptr [ebp-18]
:00479812 E8F9EDF8FF call 00408610
:00479817 8B55E8 mov edx, dword ptr [ebp-18]
:0047981A 58 pop eax
:0047981B E860A7F8FF call 00403F80 -------------关键的比较处
:00479820 0F858E000000 jne 004798B4 --------------跳了就game over
* Possible StringData Ref from Code Obj ->"True"
|
:00479826 6870994700 push 00479970
:0047982B 8D45E4 lea eax, dword ptr [ebp-1C]
:0047982E E8C16AFDFF call 004502F4
:00479833 8D45E4 lea eax, dword ptr [ebp-1C]
* Possible StringData Ref from Code Obj ->"\win.ini"
|
:00479836 BA80994700 mov edx, 00479980
:0047983B E838A6F8FF call 00403E78
:00479840 8B45E4 mov eax, dword ptr [ebp-1C]
* Possible StringData Ref from Code Obj ->"RSoft"
|
:00479843 B994994700 mov ecx, 00479994
* Possible StringData Ref from Code Obj ->"NetSoftr"
|
:00479848 BAA4994700 mov edx, 004799A4
:0047984D E8226AFDFF call 00450274
* Possible StringData Ref from Code Obj ->"True"
|
:00479852 6870994700 push 00479970
* Possible StringData Ref from Code Obj ->"RSoft"
|
:00479857 B994994700 mov ecx, 00479994
* Possible StringData Ref from Code Obj ->"bsoftndfile\NetSoftr"
|
:0047985C BAB8994700 mov edx, 004799B8
:00479861 B800000080 mov eax, 80000000
:00479866 E8C968FDFF call 00450134
:0047986B 6A40 push 00000040
* Possible StringData Ref from Code Obj ->"软件注册"
|
:0047986D 6830994700 push 00479930
* Possible StringData Ref from Code Obj ->"感谢您购买本软件,请妥善保管您的注册码。"
|
:00479872 68D0994700 push 004799D0
:00479877 A1B4AA4900 mov eax, dword ptr [0049AAB4]
:0047987C E863BEFBFF call 004356E4
:00479881 50 push eax
* Reference To: user32.MessageBoxA, Ord:0000h
|
:00479882 E8A5D6F8FF Call 00406F2C
:00479887 6A05 push 00000005
:00479889 8D55E0 lea edx, dword ptr [ebp-20]
:0047988C A164964900 mov eax, dword ptr [00499664]
:00479891 8B00 mov eax, dword ptr [eax]
:00479893 E87843FDFF call 0044DC10
:00479898 8B45E0 mov eax, dword ptr [ebp-20]
:0047989B E894A7F8FF call 00404034
:004798A0 50 push eax
* Reference To: kernel32.WinExec, Ord:0000h
|
:004798A1 E89ED0F8FF Call 00406944
:004798A6 A164964900 mov eax, dword ptr [00499664]
:004798AB 8B00 mov eax, dword ptr [eax]
:004798AD E84A3FFDFF call 0044D7FC
:004798B2 EB35 jmp 004798E9
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00479820(C) --------------------- 从这个地方跳过来的
|
:004798B4 6A30 push 00000030
* Possible StringData Ref from Code Obj ->"软件注册"
|
:004798B6 6830994700 push 00479930
* Possible StringData Ref from Code Obj ->"注册码验证出错,请从合法途径取得注册码!"----往上看
|
:004798BB 68FC994700 push 004799FC
:004798C0 A1B4AA4900 mov eax, dword ptr [0049AAB4]
:004798C5 E81ABEFBFF call 004356E4
:004798CA 50 push eax
现在开始破解,打开ollydbg v1.07,调入主程序,在比较注册码的地方(0047981B)按F2下断点,然后按F9运行程序,注册码输入87654321点注册。拦下程序以后,就会在屏幕的右下方看到 927536113(我的注册申请码) 87654321(假的注册码)1855076224(真正的注册码)
整理一下:注册申请码:927536113
注册码:1855076224
至于内存注册机,我太懒了,就不写了!
顺便说一下,让已经注册的版本再变回未注册的版本的方法就是打开win.ini把这行[NetSoftr] RSoft=True给删掉就好了。
总算搞定了
|