申请会员:Error
1、申 请 I D:Error2、个人邮箱:282725619@qq.com
3、原创技术文章:轻松作文XP 调试记录&内存注册机制作
;标题:轻松作文XP 调试记录&内存注册机制作
;作者:Error
;工具:OD,内存注册机软件
;首先找到注册断首:
006F26E8 55 push ebp ; 注册断首
006F26E9 8BEC mov ebp,esp
006F26EB 83C4 F4 add esp,-0xC
006F26EE 53 push ebx
006F26EF 56 push esi
006F26F0 33DB xor ebx,ebx
006F26F2 895D F4 mov dword ptr ss:,ebx
006F26F5 894D F8 mov dword ptr ss:,ecx
006F26F8 8955 FC mov dword ptr ss:,edx
006F26FB 8BF0 mov esi,eax
006F26FD 8B45 FC mov eax,dword ptr ss:
006F2700 E8 9727D1FF call EASYWR~1.00404E9C
006F2705 8B45 F8 mov eax,dword ptr ss: ; 用户名
006F2708 E8 8F27D1FF call EASYWR~1.00404E9C
006F270D 8B45 08 mov eax,dword ptr ss: ; 注册码
006F2710 E8 8727D1FF call EASYWR~1.00404E9C
006F2715 33C0 xor eax,eax
006F2717 55 push ebp
006F2718 68 DA276F00 push EASYWR~1.006F27DA
006F271D 64:FF30 push dword ptr fs:
006F2720 64:8920 mov dword ptr fs:,esp
006F2723 33DB xor ebx,ebx
006F2725 837D FC 00 cmp dword ptr ss:,0x0 ; 检查用户名
006F2729 74 0C je short EASYWR~1.006F2737
006F272B 837D F8 00 cmp dword ptr ss:,0x0
006F272F 74 06 je short EASYWR~1.006F2737
006F2731 837D 08 00 cmp dword ptr ss:,0x0 ; 检查注册码
006F2735 75 0C jnz short EASYWR~1.006F2743
006F2737 B8 F4276F00 mov eax,EASYWR~1.006F27F4 ; 注册码错误
006F273C E8 0FA3D4FF call EASYWR~1.0043CA50
006F2741 EB 74 jmp short EASYWR~1.006F27B7
006F2743 8B45 08 mov eax,dword ptr ss: ; 注册码
006F2746 50 push eax
006F2747 8D45 F4 lea eax,dword ptr ss:
006F274A 8B4D FC mov ecx,dword ptr ss:
006F274D 8B55 F8 mov edx,dword ptr ss:
006F2750 E8 A325D1FF call EASYWR~1.00404CF8
006F2755 8B55 F4 mov edx,dword ptr ss:
006F2758 8B86 38030000 mov eax,dword ptr ds:
006F275E 33C9 xor ecx,ecx
006F2760 E8 B7F2FFFF call EASYWR~1.006F1A1C ; 第一层CALL
006F2765 84C0 test al,al
006F2767 75 0C jnz short EASYWR~1.006F2775
006F2769 B8 08286F00 mov eax,EASYWR~1.006F2808 ; 注册失败!请检查注册码是否正确。
006F276E E8 DDA2D4FF call EASYWR~1.0043CA50
006F2773 EB 42 jmp short EASYWR~1.006F27B7
006F2775 A1 64017000 mov eax,dword ptr ds:
006F277A 8B00 mov eax,dword ptr ds: ; EASYWR~1.006F2264
006F277C 8B98 F0000000 mov ebx,dword ptr ds:
006F2782 8BC3 mov eax,ebx
006F2784 E8 E3F3DBFF call EASYWR~1.004B1B6C
006F2789 8B83 04020000 mov eax,dword ptr ds:
006F278F 8B10 mov edx,dword ptr ds: ; EASYWR~1.006F2264
006F2791 FF52 44 call dword ptr ds:
006F2794 BA 34286F00 mov edx,EASYWR~1.006F2834 ; update zwsys set reged=True
006F2799 8B83 04020000 mov eax,dword ptr ds:
006F279F 8B08 mov ecx,dword ptr ds: ; EASYWR~1.006F2264
006F27A1 FF51 38 call dword ptr ds:
006F27A4 8BC3 mov eax,ebx
006F27A6 E8 6516EDFF call EASYWR~1.005C3E10
006F27AB B3 01 mov bl,0x1
006F27AD B8 58286F00 mov eax,EASYWR~1.006F2858 ; 注册成功!感谢您对我们的支持。
006F27B2 E8 99A2D4FF call EASYWR~1.0043CA50
006F27B7 33C0 xor eax,eax
006F27B9 5A pop edx ; EASYWR~1.006F2A96
006F27BA 59 pop ecx ; EASYWR~1.006F2A96
006F27BB 59 pop ecx ; EASYWR~1.006F2A96
006F27BC 64:8910 mov dword ptr fs:,edx
006F27BF 68 E1276F00 push EASYWR~1.006F27E1
006F27C4 8D45 F4 lea eax,dword ptr ss:
006F27C7 BA 03000000 mov edx,0x3
006F27CC E8 2F22D1FF call EASYWR~1.00404A00
006F27D1 8D45 08 lea eax,dword ptr ss:
006F27D4 E8 0322D1FF call EASYWR~1.004049DC
006F27D9 C3 retn
006F27DA^ E9 5D1BD1FF jmp EASYWR~1.0040433C
006F27DF^ EB E3 jmp short EASYWR~1.006F27C4
006F27E1 8BC3 mov eax,ebx
006F27E3 5E pop esi ; EASYWR~1.006F2A96
006F27E4 5B pop ebx ; EASYWR~1.006F2A96
006F27E5 8BE5 mov esp,ebp
006F27E7 5D pop ebp ; EASYWR~1.006F2A96
006F27E8 C2 0400 retn 0x4
;第一层CALL
006F1A1C 55 push ebp ; 第一个CALL断首
006F1A1D 8BEC mov ebp,esp
006F1A1F 83C4 F0 add esp,-0x10
006F1A22 53 push ebx
006F1A23 33DB xor ebx,ebx
006F1A25 895D F0 mov dword ptr ss:,ebx
006F1A28 895D F4 mov dword ptr ss:,ebx
006F1A2B 894D F8 mov dword ptr ss:,ecx
006F1A2E 8955 FC mov dword ptr ss:,edx
006F1A31 8BD8 mov ebx,eax
006F1A33 8B45 FC mov eax,dword ptr ss:
006F1A36 E8 6134D1FF call EASYWR~1.00404E9C
006F1A3B 8B45 F8 mov eax,dword ptr ss:
006F1A3E E8 5934D1FF call EASYWR~1.00404E9C
006F1A43 8B45 08 mov eax,dword ptr ss: ; 注册码
006F1A46 E8 5134D1FF call EASYWR~1.00404E9C
006F1A4B 33C0 xor eax,eax
006F1A4D 55 push ebp
006F1A4E 68 061B6F00 push EASYWR~1.006F1B06
006F1A53 64:FF30 push dword ptr fs:
006F1A56 64:8920 mov dword ptr fs:,esp
006F1A59 8B45 FC mov eax,dword ptr ss:
006F1A5C E8 4B32D1FF call EASYWR~1.00404CAC
006F1A61 3B43 4C cmp eax,dword ptr ds:
006F1A64 7F 19 jg short EASYWR~1.006F1A7F
006F1A66 8B45 FC mov eax,dword ptr ss:
006F1A69 E8 3E32D1FF call EASYWR~1.00404CAC
006F1A6E 3B43 50 cmp eax,dword ptr ds:
006F1A71 7C 0C jl short EASYWR~1.006F1A7F
006F1A73 8B45 08 mov eax,dword ptr ss: ; 注册码
006F1A76 E8 3132D1FF call EASYWR~1.00404CAC
006F1A7B 85C0 test eax,eax
006F1A7D 75 04 jnz short EASYWR~1.006F1A83
006F1A7F 33DB xor ebx,ebx
006F1A81 EB 60 jmp short EASYWR~1.006F1AE3
006F1A83 8D55 F4 lea edx,dword ptr ss:
006F1A86 8B45 08 mov eax,dword ptr ss: ; 注册码
006F1A89 E8 6E79D1FF call EASYWR~1.004093FC
006F1A8E 8B55 F4 mov edx,dword ptr ss:
006F1A91 8D45 08 lea eax,dword ptr ss:
006F1A94 E8 DB2FD1FF call EASYWR~1.00404A74
006F1A99 8D4D F0 lea ecx,dword ptr ss:
006F1A9C 8B55 FC mov edx,dword ptr ss:
006F1A9F 8BC3 mov eax,ebx
006F1AA1 E8 72FCFFFF call EASYWR~1.006F1718 ; 第二层Call
006F1AA6 8B45 F0 mov eax,dword ptr ss: ; ASCII "00000F54BAE7"
006F1AA9 8B55 08 mov edx,dword ptr ss: ; 注册码
006F1AAC E8 C379D1FF call EASYWR~1.00409474 ; 内存注册机
006F1AB1 85C0 test eax,eax
006F1AB3 74 04 je short EASYWR~1.006F1AB9
006F1AB5 33DB xor ebx,ebx
006F1AB7 EB 2A jmp short EASYWR~1.006F1AE3
006F1AB9 8D43 48 lea eax,dword ptr ds:
006F1ABC 8B55 FC mov edx,dword ptr ss:
006F1ABF E8 6C2FD1FF call EASYWR~1.00404A30
006F1AC4 8D43 54 lea eax,dword ptr ds:
006F1AC7 8B55 F8 mov edx,dword ptr ss:
006F1ACA E8 612FD1FF call EASYWR~1.00404A30
006F1ACF 8D43 5C lea eax,dword ptr ds:
006F1AD2 8B55 08 mov edx,dword ptr ss:
006F1AD5 E8 562FD1FF call EASYWR~1.00404A30
006F1ADA 8BC3 mov eax,ebx
006F1ADC E8 BB010000 call EASYWR~1.006F1C9C
006F1AE1 B3 01 mov bl,0x1
006F1AE3 33C0 xor eax,eax
006F1AE5 5A pop edx ; EASYWR~1.006F2765
006F1AE6 59 pop ecx ; EASYWR~1.006F2765
006F1AE7 59 pop ecx ; EASYWR~1.006F2765
006F1AE8 64:8910 mov dword ptr fs:,edx
006F1AEB 68 0D1B6F00 push EASYWR~1.006F1B0D
006F1AF0 8D45 F0 lea eax,dword ptr ss:
006F1AF3 BA 04000000 mov edx,0x4
006F1AF8 E8 032FD1FF call EASYWR~1.00404A00
006F1AFD 8D45 08 lea eax,dword ptr ss:
006F1B00 E8 D72ED1FF call EASYWR~1.004049DC
006F1B05 C3 retn
006F1B06^ E9 3128D1FF jmp EASYWR~1.0040433C
006F1B0B^ EB E3 jmp short EASYWR~1.006F1AF0
006F1B0D 8BC3 mov eax,ebx
006F1B0F 5B pop ebx ; EASYWR~1.006F2765
006F1B10 8BE5 mov esp,ebp
006F1B12 5D pop ebp ; EASYWR~1.006F2765
006F1B13 C2 0400 retn 0x4
;第二层Call
006F1718 55 push ebp ; 算法部分A
006F1719 8BEC mov ebp,esp
006F171B 83C4 E4 add esp,-0x1C
006F171E 53 push ebx
006F171F 56 push esi
006F1720 57 push edi
006F1721 33DB xor ebx,ebx
006F1723 895D E4 mov dword ptr ss:,ebx
006F1726 895D F4 mov dword ptr ss:,ebx
006F1729 8BF9 mov edi,ecx
006F172B 8955 FC mov dword ptr ss:,edx
006F172E 8BF0 mov esi,eax
006F1730 8B45 FC mov eax,dword ptr ss:
006F1733 E8 6437D1FF call EASYWR~1.00404E9C
006F1738 33C0 xor eax,eax
006F173A 55 push ebp
006F173B 68 31186F00 push EASYWR~1.006F1831
006F1740 64:FF30 push dword ptr fs:
006F1743 64:8920 mov dword ptr fs:,esp
006F1746 8B45 FC mov eax,dword ptr ss:
006F1749 E8 5E35D1FF call EASYWR~1.00404CAC
006F174E 3B46 4C cmp eax,dword ptr ds:
006F1751 7F 0D jg short EASYWR~1.006F1760
006F1753 8B45 FC mov eax,dword ptr ss:
006F1756 E8 5135D1FF call EASYWR~1.00404CAC
006F175B 3B46 50 cmp eax,dword ptr ds:
006F175E 7D 0C jge short EASYWR~1.006F176C
006F1760 8BC7 mov eax,edi
006F1762 E8 7532D1FF call EASYWR~1.004049DC
006F1767 E9 9F000000 jmp EASYWR~1.006F180B
006F176C 8B45 FC mov eax,dword ptr ss:
006F176F E8 3835D1FF call EASYWR~1.00404CAC
006F1774 8BD8 mov ebx,eax
006F1776 EB 31 jmp short EASYWR~1.006F17A9
006F1778 8B45 FC mov eax,dword ptr ss: ; 计算方式=倒序用户名不足以特殊字符补
006F177B 8A4418 FF mov al,byte ptr ds:
006F177F 25 FF000000 and eax,0xFF
006F1784 33D2 xor edx,edx
006F1786 52 push edx
006F1787 50 push eax
006F1788 8B46 68 mov eax,dword ptr ds:
006F178B 8B56 6C mov edx,dword ptr ds:
006F178E E8 DD43D1FF call EASYWR~1.00405B70
006F1793 52 push edx
006F1794 50 push eax
006F1795 8D45 E4 lea eax,dword ptr ss:
006F1798 E8 CB83D1FF call EASYWR~1.00409B68
006F179D 8B55 E4 mov edx,dword ptr ss: ; EASYWR~1.006F1B06
006F17A0 8D45 F4 lea eax,dword ptr ss:
006F17A3 E8 0C35D1FF call EASYWR~1.00404CB4
006F17A8 4B dec ebx
006F17A9 8B45 FC mov eax,dword ptr ss:
006F17AC E8 FB34D1FF call EASYWR~1.00404CAC
006F17B1 83E8 06 sub eax,0x6
006F17B4 3BD8 cmp ebx,eax
006F17B6 7C 04 jl short EASYWR~1.006F17BC
006F17B8 85DB test ebx,ebx
006F17BA^ 7F BC jg short EASYWR~1.006F1778
006F17BC 8D55 F8 lea edx,dword ptr ss:
006F17BF 8B45 F4 mov eax,dword ptr ss: ; ASCII "257211111"
006F17C2 E8 4145D1FF call EASYWR~1.00405D08
006F17C7 8945 E8 mov dword ptr ss:,eax
006F17CA 8955 EC mov dword ptr ss:,edx
006F17CD 8B5E 60 mov ebx,dword ptr ds:
006F17D0 85DB test ebx,ebx
006F17D2 7F 11 jg short EASYWR~1.006F17E5
006F17D4 FF75 EC push dword ptr ss:
006F17D7 FF75 E8 push dword ptr ss:
006F17DA 8BD7 mov edx,edi
006F17DC 33C0 xor eax,eax
006F17DE E8 D583D1FF call EASYWR~1.00409BB8
006F17E3 EB 26 jmp short EASYWR~1.006F180B
006F17E5 FF75 EC push dword ptr ss:
006F17E8 FF75 E8 push dword ptr ss:
006F17EB 8BD7 mov edx,edi
006F17ED 8BC3 mov eax,ebx
006F17EF E8 C483D1FF call EASYWR~1.00409BB8 ; 第三层CALL(根据倒序出来字符串ASCII "257211111"进行第二次计算)
006F17F4 8B07 mov eax,dword ptr ds: ; ASCII "00000F54BAE7"
006F17F6 E8 B134D1FF call EASYWR~1.00404CAC
006F17FB 8BC8 mov ecx,eax
006F17FD 2B4E 60 sub ecx,dword ptr ds:
006F1800 8B56 60 mov edx,dword ptr ds:
006F1803 42 inc edx
006F1804 8BC7 mov eax,edi
006F1806 E8 4137D1FF call EASYWR~1.00404F4C
006F180B 33C0 xor eax,eax
006F180D 5A pop edx ; EASYWR~1.006F1AA6
006F180E 59 pop ecx ; EASYWR~1.006F1AA6
006F180F 59 pop ecx ; EASYWR~1.006F1AA6
006F1810 64:8910 mov dword ptr fs:,edx
006F1813 68 38186F00 push EASYWR~1.006F1838
006F1818 8D45 E4 lea eax,dword ptr ss:
006F181B E8 BC31D1FF call EASYWR~1.004049DC
006F1820 8D45 F4 lea eax,dword ptr ss:
006F1823 E8 B431D1FF call EASYWR~1.004049DC
006F1828 8D45 FC lea eax,dword ptr ss:
006F182B E8 AC31D1FF call EASYWR~1.004049DC
006F1830 C3 retn
006F1831^ E9 062BD1FF jmp EASYWR~1.0040433C
006F1836^ EB E0 jmp short EASYWR~1.006F1818
006F1838 5F pop edi ; EASYWR~1.006F1AA6
006F1839 5E pop esi ; EASYWR~1.006F1AA6
006F183A 5B pop ebx ; EASYWR~1.006F1AA6
006F183B 8BE5 mov esp,ebp
006F183D 5D pop ebp ; EASYWR~1.006F1AA6
006F183E C3 retn
;第三层CALL
00409BB8 55 push ebp ; 算法部分B
00409BB9 8BEC mov ebp,esp
00409BBB 83F8 20 cmp eax,0x20
00409BBE 7E 02 jle short EASYWR~1.00409BC2
00409BC0 31C0 xor eax,eax
00409BC2 56 push esi
00409BC3 89E6 mov esi,esp
00409BC5 83EC 20 sub esp,0x20
00409BC8 B9 10000000 mov ecx,0x10
00409BCD 52 push edx
00409BCE 89C2 mov edx,eax
00409BD0 8D45 08 lea eax,dword ptr ss:
00409BD3 E8 C4FEFFFF call EASYWR~1.00409A9C ; 第四层CALL(核心算法部分)
00409BD8 89F2 mov edx,esi
00409BDA 58 pop eax ; EASYWR~1.006F17F4
00409BDB E8 ECAEFFFF call EASYWR~1.00404ACC
00409BE0 83C4 20 add esp,0x20
00409BE3 5E pop esi ; EASYWR~1.006F17F4
00409BE4 5D pop ebp ; EASYWR~1.006F17F4
00409BE5 C2 0800 retn 0x8
;第四层CALL
00409A99 8D40 00 lea eax,dword ptr ds: ; 算法部分C
00409A9C 08C9 or cl,cl
00409A9E 75 30 jnz short EASYWR~1.00409AD0
00409AA0 B9 0A000000 mov ecx,0xA
00409AA5 F740 04 0000008>test dword ptr ds:,0x80000000
00409AAC 74 22 je short EASYWR~1.00409AD0
00409AAE FF70 04 push dword ptr ds:
00409AB1 FF30 push dword ptr ds:
00409AB3 89E0 mov eax,esp
00409AB5 F71C24 neg dword ptr ss: ; EASYWR~1.00409BD8
00409AB8 835424 04 00 adc dword ptr ss:,0x0
00409ABD F75C24 04 neg dword ptr ss:
00409AC1 E8 0A000000 call EASYWR~1.00409AD0
00409AC6 C646 FF 2D mov byte ptr ds:,0x2D
00409ACA 4E dec esi
00409ACB 41 inc ecx
00409ACC 83C4 08 add esp,0x8
00409ACF C3 retn
00409AD0 56 push esi
00409AD1 83EC 04 sub esp,0x4
00409AD4 D97C24 02 fstcw word ptr ss:
00409AD8 D93C24 fstcw word ptr ss:
00409ADB 66:810C24 000For word ptr ss:,0xF00
00409AE1 D92C24 fldcw word ptr ss:
00409AE4 66:890C24 mov word ptr ss:,cx
00409AE8 D9E8 fld1
00409AEA F740 04 0000008>test dword ptr ds:,0x80000000
00409AF1 74 27 je short EASYWR~1.00409B1A
00409AF3 FF70 04 push dword ptr ds:
00409AF6 FF30 push dword ptr ds:
00409AF8 816424 04 FFFFF>and dword ptr ss:,0x7FFFFFFF
00409B00 68 FFFFFF7F push 0x7FFFFFFF
00409B05 68 FFFFFFFF push -0x1
00409B0A DF6C24 08 fild qword ptr ss:
00409B0E DF2C24 fild qword ptr ss:
00409B11 D8C2 fadd st,st(2)
00409B13 DEC1 faddp st(1),st
00409B15 83C4 10 add esp,0x10
00409B18 EB 02 jmp short EASYWR~1.00409B1C
00409B1A DF28 fild qword ptr ds:
00409B1C DF0424 fild word ptr ss:
00409B1F D9C1 fld st(1)
00409B21 4E dec esi ; 开始
00409B22 D9F8 fprem
00409B24 DF1C24 fistp word ptr ss:
00409B27 DCF9 fdiv st(1),st
00409B29 8A0424 mov al,byte ptr ss:
00409B2C 04 30 add al,0x30
00409B2E 3C 3A cmp al,0x3A
00409B30 72 02 jb short EASYWR~1.00409B34
00409B32 04 07 add al,0x7
00409B34 8806 mov byte ptr ds:,al
00409B36 D9C1 fld st(1)
00409B38 D8D3 fcom st(3)
00409B3A 9B wait
00409B3B DFE0 fstsw ax
00409B3D 9E sahf
00409B3E^ 73 E1 jnb short EASYWR~1.00409B21 ; 循环
00409B40 D96C24 02 fldcw word ptr ss:
00409B44 83C4 04 add esp,0x4
00409B47 DDC3 ffree st(3)
00409B49 DDC2 ffree st(2)
00409B4B DDC1 ffree st(1)
00409B4D DDC0 ffree st
00409B4F 59 pop ecx ; EASYWR~1.00409BD8
00409B50 29F1 sub ecx,esi
00409B52 29CA sub edx,ecx
00409B54 76 10 jbe short EASYWR~1.00409B66
00409B56 29D6 sub esi,edx
00409B58 B0 30 mov al,0x30
00409B5A 01D1 add ecx,edx
00409B5C EB 03 jmp short EASYWR~1.00409B61
00409B5E 880432 mov byte ptr ds:,al
00409B61 4A dec edx
00409B62^ 75 FA jnz short EASYWR~1.00409B5E
00409B64 8806 mov byte ptr ds:,al
00409B66 C3 retn
00409B67 90 nop
00409B68 55 push ebp
00409B69 8BEC mov ebp,esp
00409B6B 56 push esi
00409B6C 89E6 mov esi,esp
00409B6E 83EC 20 sub esp,0x20
00409B71 31C9 xor ecx,ecx
00409B73 50 push eax
00409B74 31D2 xor edx,edx
00409B76 8D45 08 lea eax,dword ptr ss:
00409B79 E8 1EFFFFFF call EASYWR~1.00409A9C
00409B7E 89F2 mov edx,esi
00409B80 58 pop eax ; EASYWR~1.00409BD8
00409B81 E8 46AFFFFF call EASYWR~1.00404ACC
00409B86 83C4 20 add esp,0x20
00409B89 5E pop esi ; EASYWR~1.00409BD8
00409B8A 5D pop ebp ; EASYWR~1.00409BD8
00409B8B C2 0800 retn 0x8
;总结:新人看不懂算法,猜测是固定几组浮点数值,进行运算。各位大侠有愿意指导的,还望多多指教.多谢!
;内存注册机位置:
006F1AAC E8 C379D1FF call EASYWR~1.00409474 ; 内存注册机
006F1AB1 85C0 test eax,eax
已注册成功图片:
【开放注册公告】吾爱破解论坛2017年3月13日九周年开放注册公告
http://www.52pojie.cn/thread-583430-1-1.html
(出处: 吾爱破解论坛)
13号开放注册,到时候自己来注册吧。 Hmily 发表于 2017-3-9 16:21
13号开放注册,到时候自己来注册吧。
尽量,刚好13号是星期一。争取可以申请到账号。谢谢管理员
页:
[1]