【软件简介】:瀑布屏保。
【软件限制】:30 Day Trial
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、PEiD、W32Dasm 9.0白金版
—————————————————————————
【过 程】:
呵呵,不知道这个东东是否还可以下载。晕,在我60M的Geforce显卡上居然无法流畅运行。
Roaring Falls.exe 无壳。Borland Delphi 编写。
User Name:fly
试 炼 码 :13572468
—————————————————————————
:00460ECD E87EE0FFFF call 0045EF50
:00460ED2 8BB3F0020000 mov esi, dword ptr [ebx+000002F0]
:00460ED8 837E3800 cmp dword ptr [esi+38], 00000000
====>没填名字?
:00460EDC 0F8454010000 je 00461036
====>跳则OVER!
:00460EE2 837E3C00 cmp dword ptr [esi+3C], 00000000
====>没有注册码?
:00460EE6 0F844A010000 je 00461036
====>跳则OVER!
:00460EEC 6A01 push 00000001
:00460EEE 8D45FC lea eax, dword ptr [ebp-04]
:00460EF1 50 push eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00460E8B(C)
|
* Possible StringData Ref from Code Obj ->"235"
|
:00460EF2 B860104600 mov eax, 00461060
====>EAX=235
:00460EF7 E84C6CFAFF call 00407B48
====>取235的16进制值
:00460EFC 8BC8 mov ecx, eax
====>ECX=EAX=EB(H)=235(D) 运算参数
:00460EFE 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:00460F04 8B4038 mov eax, dword ptr [eax+38]
====>EAX=fly
* Possible StringData Ref from Code Obj ->"RfaLLs1"
|
:00460F07 BA6C104600 mov edx, 0046106C
====>EDX=RfaLLs1 运算参数
:00460F0C E80BE5FFFF call 0045F41C
====>算法CALL!进入!
:00460F11 8B55FC mov edx, dword ptr [ebp-04]
====>EDX=EB000AE2 注册码
:00460F14 A1B4394600 mov eax, dword ptr [004639B4]
:00460F19 E82E2AFAFF call 0040394C
:00460F1E A1B4394600 mov eax, dword ptr [004639B4]
:00460F23 8B00 mov eax, dword ptr [eax]
:00460F25 8B93F0020000 mov edx, dword ptr [ebx+000002F0]
:00460F2B 8B523C mov edx, dword ptr [edx+3C]
====>EDX=13572468 试炼码
:00460F2E E8512DFAFF call 00403C84
====>比较CALL!
:00460F33 743C je 00460F71
:00460F35 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:00460F3B FF703C push [eax+3C]
* Possible StringData Ref from Code Obj ->" is not the correct password!"
====>BAD BOY!
:00460F3E 687C104600 push 0046107C
:00460F43 68A4104600 push 004610A4
* Possible StringData Ref from Code Obj ->" Please contact the author at:"
|
:00460F48 68B0104600 push 004610B0
:00460F4D 68A4104600 push 004610A4
* Possible StringData Ref from Code Obj ->"pgj@ix.netcom.com"
|
:00460F52 68D8104600 push 004610D8
:00460F57 8D45FC lea eax, dword ptr [ebp-04]
:00460F5A BA06000000 mov edx, 00000006
:00460F5F E8D02CFAFF call 00403C34
:00460F64 8B45FC mov eax, dword ptr [ebp-04]
:00460F67 E8CC55FEFF call 00446538
:00460F6C E9C5000000 jmp 00461036
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00460F33(C)
|
:00460F71 A1303A4600 mov eax, dword ptr [00463A30]
:00460F76 C60001 mov byte ptr [eax], 01
:00460F79 33D2 xor edx, edx
:00460F7B 8B83E4020000 mov eax, dword ptr [ebx+000002E4]
:00460F81 E8CE53FCFF call 00426354
* Possible StringData Ref from Code Obj ->"Roaring Waterfalls - Registered"
|
:00460F86 BAF4104600 mov edx, 004610F4
:00460F8B 8BC3 mov eax, ebx
:00460F8D E8DA54FCFF call 0042646C
:00460F92 B201 mov dl, 01
:00460F94 A158A04500 mov eax, dword ptr [0045A058]
:00460F99 E8FA91FFFF call 0045A198
:00460F9E 8BF0 mov esi, eax
:00460FA0 B101 mov cl, 01
====>下面是保存注册信息
* Possible StringData Ref from Code Obj ->"##@)(\Roar Falls"
|
:00460FA2 BA1C114600 mov edx, 0046111C
:00460FA7 8BC6 mov eax, esi
:00460FA9 E8DA93FFFF call 0045A388
:00460FAE 6A01 push 00000001
:00460FB0 8D45FC lea eax, dword ptr [ebp-04]
:00460FB3 50 push eax
* Possible StringData Ref from Code Obj ->"126"
|
:00460FB4 B838114600 mov eax, 00461138
:00460FB9 E88A6BFAFF call 00407B48
:00460FBE 8BC8 mov ecx, eax
:00460FC0 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:00460FC6 8B4038 mov eax, dword ptr [eax+38]
* Possible StringData Ref from Code Obj ->"RfaLLs1UsEr"
|
:00460FC9 BA44114600 mov edx, 00461144
:00460FCE E849E4FFFF call 0045F41C
:00460FD3 8B55FC mov edx, dword ptr [ebp-04]
:00460FD6 A104394600 mov eax, dword ptr [00463904]
:00460FDB E86C29FAFF call 0040394C
:00460FE0 8B0D04394600 mov ecx, dword ptr [00463904]
:00460FE6 8B09 mov ecx, dword ptr [ecx]
* Possible StringData Ref from Code Obj ->"User Name"
|
:00460FE8 BA58114600 mov edx, 00461158
:00460FED 8BC6 mov eax, esi
:00460FEF E83095FFFF call 0045A524
:00460FF4 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:00460FFA 8B483C mov ecx, dword ptr [eax+3C]
* Possible StringData Ref from Code Obj ->"Registration"
|
:00460FFD BA6C114600 mov edx, 0046116C
:00461002 8BC6 mov eax, esi
:00461004 E81B95FFFF call 0045A524
:00461009 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:0046100F FF7038 push [eax+38]
:00461012 6884114600 push 00461184
:00461017 68A4104600 push 004610A4
* Possible StringData Ref from Code Obj ->"Thank you for registering and "
->"supporting shareware!"
====>呵呵,胜利女神!
:0046101C 6890114600 push 00461190
:00461021 8D45FC lea eax, dword ptr [ebp-04]
:00461024 BA04000000 mov edx, 00000004
:00461029 E8062CFAFF call 00403C34
:0046102E 8B45FC mov eax, dword ptr [ebp-04]
:00461031 E80255FEFF call 00446538
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00460EDC(C), :00460EE6(C), :00460F6C(U)
|
:00461036 33C0 xor eax, eax
:00461038 5A pop edx
:00461039 59 pop ecx
:0046103A 59 pop ecx
:0046103B 648910 mov dword ptr fs:[eax], edx
:0046103E 6853104600 push 00461053
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00461051(U)
|
:00461043 8D45FC lea eax, dword ptr [ebp-04]
:00461046 E8AD28FAFF call 004038F8
:0046104B C3 ret
|