这几天很清闲,想着无事可做,要追的mm也还远在天边,只好找个软件解解闷:<
光棍的日子不好过呀!
去天空软件站看看,就找了一个国外的东东。
软件名称:SWF scanner V2.6.2
软件大小: 1339 KB
软件语言: 英文
软件类别: 国外软件 / 共享版 / 动画制作
应用平台: Win95/98/NT/2000
界面预览: 无
加入时间: 2002-03-23 11:35:06
浏览次数: 5477
下载次数: 3505
推荐等级:
联 系 人: support@livetronix.com
开 发 商: http://www.livetronix.com/
软件介绍:
SWF Scanner 是一款极佳的分析 Flash 文件(.swf)的工具。可以提取 SWF 文件中的Action Script、图像、声音、按钮等,并可单独进行保存。无论从功能上还是使用上都绝对超过SWF Browser。
载下来。安装。
一启动就要你注册,郁闷!
操家伙,上!
程序不大,先看看有没有壳,没有,vc东东。
然后用w32dasm瞧一瞧又没有什么参考。嘿嘿,还真有。
找到了一个“thank you...”,总之是注册成功了。
好了,到那里仔细研究研究。
然后至少应该记下可疑的程序段的起始地址。
好,最好来,我们动态的走一遍。
点击注册,出现要注册名和注册序号,没关系,填吧
注册名: ericluom
注册号:78787878
ctrl+d 呼出softice
下断:bpx hmemcpy...万能断点真好用啊真好用!
ctrl+d 回到程序,确认注册。
返回softice
下bc * 清除断点
f12 走 20次,然后会有一会儿停顿。没关系。
等回到softice 界面,再按一下f12
光标就到这里了:
:0044C2A5 E898960000 Call 00455942
:0044C2AA 83F801 cmp eax, 00000001
:0044C2AD 0F85AC010000 jne 0044C45F。。。。。你一定要回头看一看啊!啊,你看见跳到
:0044C2B3 837DE800 cmp dword ptr [ebp-18], 00000000这里去的结果了吧?
:0044C2B7 0F8494010000 je 0044C451…………这里程序会要跳哦!注意看看能不能跳!结论是不能跳!ok, give the order: r fl z, enter:>
:0044C2BD 8D8D78FFFFFF lea ecx, dword ptr [ebp+FFFFFF78]
:0044C2C3 E8181C0000 call 0044DEE0
:0044C2C8 C645FC01 mov [ebp-04], 01
:0044C2CC 6802000080 push 80000002
:0044C2D1 8D8D78FFFFFF lea ecx, dword ptr [ebp+FFFFFF78]
:0044C2D7 E8B41C0000 call 0044DF90
:0044C2DC 6A01 push 00000001
:0044C2DE 51 push ecx
:0044C2DF 8BCC mov ecx, esp
:0044C2E1 89A574FFFFFF mov dword ptr [ebp+FFFFFF74], esp
* Possible StringData Ref from Data Obj ->"Software\SWFScanner"
|
:0044C2E7 6850634700 push 00476350
* Reference To: MFC42.Ordinal:0219, Ord:0219h
|
:0044C2EC E81D910000 Call 0045540E
:0044C2F1 89855CFFFFFF mov dword ptr [ebp+FFFFFF5C], eax
:0044C2F7 8D8D78FFFFFF lea ecx, dword ptr [ebp+FFFFFF78]
:0044C2FD E814230000 call 0044E616
:0044C302 898558FFFFFF mov dword ptr [ebp+FFFFFF58], eax
:0044C308 83BD58FFFFFF00 cmp dword ptr [ebp+FFFFFF58], 00000000
:0044C30F 0F84DC000000 je 0044C3F1
:0044C315 51 push ecx
:0044C316 8BCC mov ecx, esp
:0044C318 89A570FFFFFF mov dword ptr [ebp+FFFFFF70], esp
:0044C31E 8D45EC lea eax, dword ptr [ebp-14]……其实你走到这里,下 d *(ebp-14)
:0044C321 50 push eax 再内存窗口上下移动就可以看见注册码了。为什么呢?因为程序在启动的时候首先要检查注册,然后决定是否接着呼出注册窗口。所以……嘿嘿
* Reference To: MFC42.Ordinal:0217, Ord:0217h
|
:0044C322 E8ED900000 Call 00455414
:0044C327 898554FFFFFF mov dword ptr [ebp+FFFFFF54], eax
:0044C32D 8B8D54FFFFFF mov ecx, dword ptr [ebp+FFFFFF54]
:0044C333 898D50FFFFFF mov dword ptr [ebp+FFFFFF50], ecx
:0044C339 C645FC02 mov [ebp-04], 02
:0044C33D 51 push ecx
:0044C33E 8BCC mov ecx, esp
:0044C340 89A56CFFFFFF mov dword ptr [ebp+FFFFFF6C], esp
* Possible StringData Ref from Data Obj ->"user"
|
:0044C346 6864634700 push 00476364
* Reference To: MFC42.Ordinal:0219, Ord:0219h
|
:0044C34B E8BE900000 Call 0045540E
:0044C350 89854CFFFFFF mov dword ptr [ebp+FFFFFF4C], eax
:0044C356 8D8D78FFFFFF lea ecx, dword ptr [ebp+FFFFFF78]
:0044C35C C645FC01 mov [ebp-04], 01
:0044C360 E8CD310000 call 0044F532
:0044C365 898548FFFFFF mov dword ptr [ebp+FFFFFF48], eax
:0044C36B 83BD48FFFFFF00 cmp dword ptr [ebp+FFFFFF48], 00000000
:0044C372 750E jne 0044C382
:0044C374 6A00 push 00000000
:0044C376 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"Error Saving Registration Codes, "
->"..
Registration is incomplete"
|
:0044C378 686C634700 push 0047636C
* Reference To: MFC42.Ordinal:04B0, Ord:04B0h
|
:0044C37D E8C6920000 Call 00455648
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044C372(C)
|
:0044C382 51 push ecx
:0044C383 8BCC mov ecx, esp
:0044C385 89A568FFFFFF mov dword ptr [ebp+FFFFFF68], esp
:0044C38B 8D55F0 lea edx, dword ptr [ebp-10]
:0044C38E 52 push edx
* Reference To: MFC42.Ordinal:0217, Ord:0217h
|
:0044C38F E880900000 Call 00455414
:0044C394 898544FFFFFF mov dword ptr [ebp+FFFFFF44], eax
:0044C39A 8B8544FFFFFF mov eax, dword ptr [ebp+FFFFFF44]
:0044C3A0 898540FFFFFF mov dword ptr [ebp+FFFFFF40], eax
:0044C3A6 C645FC03 mov [ebp-04], 03
:0044C3AA 51 push ecx
:0044C3AB 8BCC mov ecx, esp
:0044C3AD 89A564FFFFFF mov dword ptr [ebp+FFFFFF64], esp
* Possible StringData Ref from Data Obj ->"serial"
|
:0044C3B3 68AC634700 push 004763AC
* Reference To: MFC42.Ordinal:0219, Ord:0219h
|
:0044C3B8 E851900000 Call 0045540E
:0044C3BD 89853CFFFFFF mov dword ptr [ebp+FFFFFF3C], eax
:0044C3C3 8D8D78FFFFFF lea ecx, dword ptr [ebp+FFFFFF78]
:0044C3C9 C645FC01 mov [ebp-04], 01
:0044C3CD E860310000 call 0044F532
:0044C3D2 898538FFFFFF mov dword ptr [ebp+FFFFFF38], eax
:0044C3D8 83BD38FFFFFF00 cmp dword ptr [ebp+FFFFFF38], 00000000
:0044C3DF 750E jne 0044C3EF
:0044C3E1 6A00 push 00000000
:0044C3E3 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"Error Saving Registration Codes, "
->"..
Registration is incomplete"
|
:0044C3E5 68B4634700 push 004763B4
* Reference To: MFC42.Ordinal:04B0, Ord:04B0h
|
:0044C3EA E859920000 Call 00455648
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044C3DF(C)
|
:0044C3EF EB36 jmp 0044C427
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044C30F(C)
|
:0044C3F1 B901000000 mov ecx, 00000001
:0044C3F6 85C9 test ecx, ecx
:0044C3F8 740C je 0044C406
:0044C3FA C78534FFFFFF00000000 mov dword ptr [ebp+FFFFFF34], 00000000
:0044C404 EB13 jmp 0044C419
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044C3F8(C)
|
* Possible StringData Ref from Data Obj ->"Failed to open key
"
|
:0044C406 68F4634700 push 004763F4
:0044C40B E89052FEFF call 004316A0
:0044C410 83C404 add esp, 00000004
:0044C413 898534FFFFFF mov dword ptr [ebp+FFFFFF34], eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044C404(U)
|
:0044C419 6A00 push 00000000
:0044C41B 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"Error Saving Registration Codes, "
->"..
Registration is incomplete"
|
:0044C41D 6808644700 push 00476408
* Reference To: MFC42.Ordinal:04B0, Ord:04B0h
|
:0044C422 E821920000 Call 00455648
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044C3EF(U)
|
:0044C427 6A00 push 00000000
:0044C429 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"Thank you for Registering SWF "
->"Scanner, Please Close the program "
->"and open it again to complete "
->"the process"
|
:0044C42B 6848644700 push 00476448
* Reference To: MFC42.Ordinal:04B0, Ord:04B0h
|
:0044C430 E813920000 Call 00455648……注册成功的消息窗!
:0044C435 8B8D60FFFFFF mov ecx, dword ptr [ebp+FFFFFF60]
* Reference To: MFC42.Ordinal:12F5, Ord:12F5h
|
:0044C43B E838950000 Call 00455978
:0044C440 C645FC00 mov [ebp-04], 00
:0044C444 8D8D78FFFFFF lea ecx, dword ptr [ebp+FFFFFF78]
:0044C44A E8C71A0000 call 0044DF16
:0044C44F EB0E jmp 0044C45F…………成功的跳转噢!:〉
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044C2B7(C)
|
:0044C451 6A00 push 00000000
:0044C453 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"Sorry, The codes you have entered "
->"are invalid. Please Register at "
->"www.livetronix.com"
|
:0044C455 68B4644700 push 004764B4
* Reference To: MFC42.Ordinal:04B0, Ord:04B0h
|
:0044C45A E8E9910000 Call 00455648…………注册失败的消息窗!
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0044C2AD(C), :0044C44F(U)……看看这里!
|
:0044C45F 8B8D60FFFFFF mov ecx, dword ptr [ebp+FFFFFF60]……跳到这里还有戏吗?当然有!
只要你看看它的第二个跳转源就知道了!
* Reference To: MFC42.Ordinal:1118, Ord:1118h
|
:0044C465 E8CC940000 Call 00455936
:0044C46A C745FCFFFFFFFF mov [ebp-04], FFFFFFFF
:0044C471 8D4D88 lea ecx, dword ptr [ebp-78]
:0044C474 E84708FFFF call 0043CCC0
:0044C479 8B4DF4 mov ecx, dword ptr [ebp-0C]
:0044C47C 64890D00000000 mov dword ptr fs:[00000000], ecx
:0044C483 8BE5 mov esp, ebp
:0044C485 5D pop ebp
:0044C486 C3 ret
好了,反正咱们已经达到目的了,俺就不管了。有时间再写注册机吧。
还多亏了好友fwnl的帮助,不然,俺又该继续郁闷了!
MD,我怎么有一点比破解女生还要来的兴奋?
同志们有嘛?
顺便给一个注册:
注册名:ericluom
注册码:SCN-114116122856980-z107z98-0000
|
|