【软件限制】:30次试用
【破解工具】:TRW2000娃娃修改版、FI2.5、AspackDie、W32Dasm8.93黄金版
—————————————————————————————
【过 程】:
用户名:fly
试炼码:13572468901234567
MMMaker.exe是ASPACK 2.11壳,用AspackDie脱之。504K->1.52M。
反汇编。关键提示都在,省点事。
—————————————————————————————
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BFB88(C)
|
:004BFBFA 8B45FC mov eax, dword ptr [ebp-04]
:004BFBFD 8B80E0020000 mov eax, dword ptr [eax+000002E0]
:004BFC03 E83839F7FF call 00433540
:004BFC08 8D45F8 lea eax, dword ptr [ebp-08]
:004BFC0B E844F6FEFF call 004AF254
====>关键CALL!F8进入!
:004BFC10 84C0 test al, al
:004BFC12 750F jne 004BFC23
====>不跳则OVER!
* Possible StringData Ref from Code Obj ->"无效的注册码!"
====>BAD BOY!
:004BFC14 B8C8FD4B00 mov eax, 004BFDC8
:004BFC19 E82295F9FF call 00459140
:004BFC1E E919010000 jmp 004BFD3C
—————————————————————————————
F8进入关键CALL:4BFC0B call 004AF254
* Referenced by a CALL at Addresses:
|:004BFC0B , :004C1D71 , :004CEBBA
|
:004AF254 55 push ebp
:004AF255 8BEC mov ebp, esp
:004AF257 83C4CC add esp, FFFFFFCC
:004AF25A 53 push ebx
:004AF25B 56 push esi
:004AF25C 57 push edi
:004AF25D 33D2 xor edx, edx
:004AF25F 8955CC mov dword ptr [ebp-34], edx
:004AF262 8955D0 mov dword ptr [ebp-30], edx
:004AF265 8955E0 mov dword ptr [ebp-20], edx
:004AF268 8955F0 mov dword ptr [ebp-10], edx
:004AF26B 8955F8 mov dword ptr [ebp-08], edx
:004AF26E 8955F4 mov dword ptr [ebp-0C], edx
:004AF271 8BF0 mov esi, eax
:004AF273 33C0 xor eax, eax
:004AF275 55 push ebp
:004AF276 68B6F44A00 push 004AF4B6
:004AF27B 64FF30 push dword ptr fs:[eax]
:004AF27E 648920 mov dword ptr fs:[eax], esp
:004AF281 C645FF00 mov [ebp-01], 00
:004AF285 33FF xor edi, edi
:004AF287 33C0 xor eax, eax
:004AF289 55 push ebp
:004AF28A 686CF44A00 push 004AF46C
:004AF28F 64FF30 push dword ptr fs:[eax]
:004AF292 648920 mov dword ptr fs:[eax], esp
:004AF295 8D45EC lea eax, dword ptr [ebp-14]
:004AF298 8B16 mov edx, dword ptr [esi]
====>EDX=13572468901234567
:004AF29A 8A5209 mov dl, byte ptr [edx+09]
====>取试炼码的第10位!DL=0
:004AF29D 885001 mov byte ptr [eax+01], dl
:004AF2A0 C60001 mov byte ptr [eax], 01
:004AF2A3 8D55EC lea edx, dword ptr [ebp-14]
:004AF2A6 8D45E8 lea eax, dword ptr [ebp-18]
:004AF2A9 E88A37F5FF call 00402A38
:004AF2AE 8D45E4 lea eax, dword ptr [ebp-1C]
:004AF2B1 8B16 mov edx, dword ptr [esi]
====>EDX=13572468901234567
:004AF2B3 8A5206 mov dl, byte ptr [edx+06]
====>取试炼码的第7位!DL=6
:004AF2B6 885001 mov byte ptr [eax+01], dl
:004AF2B9 C60001 mov byte ptr [eax], 01
:004AF2BC 8D55E4 lea edx, dword ptr [ebp-1C]
:004AF2BF 8D45E8 lea eax, dword ptr [ebp-18]
:004AF2C2 B102 mov cl, 02
:004AF2C4 E83F37F5FF call 00402A08
:004AF2C9 8D55E8 lea edx, dword ptr [ebp-18]
:004AF2CC 8D45F0 lea eax, dword ptr [ebp-10]
:004AF2CF E8584BF5FF call 00403E2C
:004AF2D4 8B45F0 mov eax, dword ptr [ebp-10]
:004AF2D7 E8C09DF5FF call 0040909C
:004AF2DC 8BD8 mov ebx, eax
====>把上面所取的2个数连接起来:06
并取其HEX值06入 EBX,以备下面相乘!
:004AF2DE 8D45EC lea eax, dword ptr [ebp-14]
:004AF2E1 8B16 mov edx, dword ptr [esi]
====>EDX=13572468901234567
:004AF2E3 8A520D mov dl, byte ptr [edx+0D]
====>取试炼码的第14位!DL=4
:004AF2E6 885001 mov byte ptr [eax+01], dl
:004AF2E9 C60001 mov byte ptr [eax], 01
:004AF2EC 8D55EC lea edx, dword ptr [ebp-14]
:004AF2EF 8D45E8 lea eax, dword ptr [ebp-18]
:004AF2F2 E84137F5FF call 00402A38
:004AF2F7 8D45E4 lea eax, dword ptr [ebp-1C]
:004AF2FA 8B16 mov edx, dword ptr [esi]
====>EDX=13572468901234567
:004AF2FC 8A5207 mov dl, byte ptr [edx+07]
====>取试炼码的第8位!DL=8
:004AF2FF 885001 mov byte ptr [eax+01], dl
:004AF302 C60001 mov byte ptr [eax], 01
:004AF305 8D55E4 lea edx, dword ptr [ebp-1C]
:004AF308 8D45E8 lea eax, dword ptr [ebp-18]
:004AF30B B102 mov cl, 02
:004AF30D E8F636F5FF call 00402A08
:004AF312 8D55E8 lea edx, dword ptr [ebp-18]
:004AF315 8D45DC lea eax, dword ptr [ebp-24]
:004AF318 E81B37F5FF call 00402A38
:004AF31D 8D45E4 lea eax, dword ptr [ebp-1C]
:004AF320 8B16 mov edx, dword ptr [esi]
====>EDX=13572468901234567
:004AF322 8A5210 mov dl, byte ptr [edx+10]
====>取试炼码的第17位!7
:004AF325 885001 mov byte ptr [eax+01], dl
:004AF328 C60001 mov byte ptr [eax], 01
:004AF32B 8D55E4 lea edx, dword ptr [ebp-1C]
:004AF32E 8D45DC lea eax, dword ptr [ebp-24]
:004AF331 B103 mov cl, 03
:004AF333 E8D036F5FF call 00402A08
:004AF338 8D55DC lea edx, dword ptr [ebp-24]
:004AF33B 8D45D4 lea eax, dword ptr [ebp-2C]
:004AF33E E8F536F5FF call 00402A38
:004AF343 8D45E4 lea eax, dword ptr [ebp-1C]
:004AF346 8B16 mov edx, dword ptr [esi]
====>EDX=13572468901234567
:004AF348 8A5203 mov dl, byte ptr [edx+03]
====>取试炼码的第4位!7
:004AF34B 885001 mov byte ptr [eax+01], dl
:004AF34E C60001 mov byte ptr [eax], 01
:004AF351 8D55E4 lea edx, dword ptr [ebp-1C]
:004AF354 8D45D4 lea eax, dword ptr [ebp-2C]
:004AF357 B104 mov cl, 04
:004AF359 E8AA36F5FF call 00402A08
:004AF35E 8D55D4 lea edx, dword ptr [ebp-2C]
====>EDX=4877
呵呵,上面所取的试炼码的第14位、8位、17位、4位连接起来=4877
:004AF361 8D45E0 lea eax, dword ptr [ebp-20]
:004AF364 E8C34AF5FF call 00403E2C
:004AF369 8B45E0 mov eax, dword ptr [ebp-20]
====>EAX=4877
:004AF36C E82B9DF5FF call 0040909C
====>关键CALL
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
F8进入4AF36C call 0040909C
:0040909C 53 push ebx
:0040909D 56 push esi
:0040909E 83C4F4 add esp, FFFFFFF4
:004090A1 8BD8 mov ebx, eax
:004090A3 8BD4 mov edx, esp
:004090A5 8BC3 mov eax, ebx
:004090A7 E8EC9AFFFF call 00402B98
====>检测上面取的值是否是数字?
并把4877转换成HEX值:130D
:004090AC 8BF0 mov esi, eax
:004090AE 833C2400 cmp dword ptr [esp], 00000000
:004090B2 7419 je 004090CD
====>不跳则OVER!
:004090B4 895C2404 mov dword ptr [esp+04], ebx
:004090B8 C64424080B mov [esp+08], 0B
:004090BD 8D542404 lea edx, dword ptr [esp+04]
:004090C1 A134234D00 mov eax, dword ptr [004D2334]
:004090C6 33C9 xor ecx, ecx
:004090C8 E8BFFAFFFF call 00408B8C
====>BAD BOY!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004090B2(C)
|
:004090CD 8BC6 mov eax, esi
:004090CF 83C40C add esp, 0000000C
:004090D2 5E pop esi
:004090D3 5B pop ebx
:004090D4 C3 ret
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
:004AF371 0FAFD8 imul ebx, eax
====>130D*06=0000724E
即:上面4AF2DC处与4AF369处所得出的值相乘!
:004AF374 8BC3 mov eax, ebx
:004AF376 8D55F8 lea edx, dword ptr [ebp-08]
:004AF379 E87E9CF5FF call 00408FFC
:004AF37E 8B45F8 mov eax, dword ptr [ebp-08]
====>724E(H)=29262(D) 入 EAX
:004AF381 E8024BF5FF call 00403E88
====>求29262的位数
:004AF386 8BD8 mov ebx, eax
====>EBX=5
:004AF388 83FB05 cmp ebx, 00000005
:004AF38B 7F13 jg 004AF3A0
====>如果上面所得的数大于5位,则此处跳去比较。
否则不跳,到下面的4AF395处补F。若还不够6位,则继续补数直至6位!我上面得出5位,因此只补F
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004AF39E(C)
|
:004AF38D 8D45F8 lea eax, dword ptr [ebp-08]
:004AF390 BAD0F44A00 mov edx, 004AF4D0
:004AF395 E8F64AF5FF call 00403E90
====>在29262后接上F =29262F
:004AF39A 43 inc ebx
:004AF39B 83FB06 cmp ebx, 00000006
:004AF39E 75ED jne 004AF38D
----------------------------------------------
一蓑烟雨……任平生!
2003-3-4 0:06:36 [广告] OCN待您的加入 鲜花(0) 鸡蛋(0)
fly
头衔:网眼斑竹
等级:版主
威望:2
文章:473
积分:780
门派:稻草人
注册:2002-11-23
第2楼
——接上贴!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004AF38B(C)
|
:004AF3A0 8B06 mov eax, dword ptr [esi]
====>EAX=13572468901234567
:004AF3A2 8A400C mov al, byte ptr [eax+0C]
====>取试炼码第13位 3 入AL
:004AF3A5 8B55F8 mov edx, dword ptr [ebp-08]
====>29262F 入 EDX
:004AF3A8 3A4205 cmp al, byte ptr [edx+05]
====>第13位 3 与29262F第6位 F 比较!
:004AF3AB 7540 jne 004AF3ED
====>跳则OVER!
:004AF3AD 8B06 mov eax, dword ptr [esi]
====>EAX=13572468901234567
:004AF3AF 8A00 mov al, byte ptr [eax]
====>取试炼码第1位 1 入AL
:004AF3B1 8B55F8 mov edx, dword ptr [ebp-08]
====>29262F 入 EDX
:004AF3B4 3A4203 cmp al, byte ptr [edx+03]
====>第1位 1 与29262F第4位 6 比较!
:004AF3B7 7534 jne 004AF3ED
====>跳则OVER!
:004AF3B9 8B06 mov eax, dword ptr [esi]
====>EAX=13572468901234567
:004AF3BB 8A400B mov al, byte ptr [eax+0B]
====>取试炼码第12位 2 入AL
:004AF3BE 8B55F8 mov edx, dword ptr [ebp-08]
====>29262F 入 EDX
:004AF3C1 3A4202 cmp al, byte ptr [edx+02]
====>第12位 2 与29262F第3位 2 比较!
:004AF3C4 7527 jne 004AF3ED
====>跳则OVER!
:004AF3C6 8B06 mov eax, dword ptr [esi]
====>EAX=13572468901234567
:004AF3C8 8A400F mov al, byte ptr [eax+0F]
====>取试炼码第16位 6 入AL
:004AF3CB 8B55F8 mov edx, dword ptr [ebp-08]
====>29262F 入 EDX
:004AF3CE 3A4201 cmp al, byte ptr [edx+01]
====>第16位 6 与29262F第2位 9 比较!
:004AF3D1 751A jne 004AF3ED
====>跳则OVER!
:004AF3D3 8B06 mov eax, dword ptr [esi]
====>EAX=13572468901234567
:004AF3D5 8A4001 mov al, byte ptr [eax+01]
====>取试炼码第2位 3 入AL
:004AF3D8 8B55F8 mov edx, dword ptr [ebp-08]
====>29262F 入 EDX
:004AF3DB 3A4204 cmp al, byte ptr [edx+04]
====>第2位 3 与29262F第5位 2 比较!
:004AF3DE 750D jne 004AF3ED
====>跳则OVER!
:004AF3E0 8B06 mov eax, dword ptr [esi]
====>EAX=13572468901234567
|
|