jiaye系列破解暗桩的方法
本帖最后由 lkou 于 2010-12-4 21:17 编辑按进销存V4.23 (企业版)为例
0071D4C0 > $55 PUSH EBP ;(Initial CPU selection) 程序载入OD后的入口
0071D4C1 .8BEC MOV EBP,ESP
0071D4C3 .83C4 F0 ADD ESP,-10
0071D4C6 .53 PUSH EBX
0071D4C7 .B8 58C97100 MOV EAX,123.0071C958
0071D4CC .E8 239DCEFF CALL 123.004071F4
0071D4D1 .8B1D EC357200 MOV EBX,DWORD PTR DS: ;123.007267E4
0071D4D7 .A1 C8347200 MOV EAX,DWORD PTR DS:
0071D4DC .8B00 MOV EAX,DWORD PTR DS:
0071D4DE .E8 2D2FD5FF CALL 123.00470410
0071D4E3 .33C9 XOR ECX,ECX
0071D4E5 .B2 01 MOV DL,1
0071D4E7 .A1 600A5E00 MOV EAX,DWORD PTR DS:
0071D4EC .E8 5FB7D4FF CALL 123.00468C50
0071D4F1 .8903 MOV DWORD PTR DS:,EAX
0071D4F3 .8B03 MOV EAX,DWORD PTR DS:
0071D4F5 .E8 92F9D4FF CALL 123.0046CE8C
0071D4FA .8B03 MOV EAX,DWORD PTR DS:
0071D4FC .8B10 MOV EDX,DWORD PTR DS:
0071D4FE .FF92 88000000 CALL DWORD PTR DS:
0071D504 .A1 C8347200 MOV EAX,DWORD PTR DS:
0071D509 .8B00 MOV EAX,DWORD PTR DS:
0071D50B .BA D8D67100 MOV EDX,123.0071D6D8 ;佳宜进销存管理软件
0071D510 .E8 072BD5FF CALL 123.0047001C
0071D515 .8B0D C8377200 MOV ECX,DWORD PTR DS: ;123.00726800
0071D51B .A1 C8347200 MOV EAX,DWORD PTR DS:
0071D520 .8B00 MOV EAX,DWORD PTR DS:
0071D522 .8B15 9C285E00 MOV EDX,DWORD PTR DS: ;123.005E28E8
0071D528 .E8 FB2ED5FF CALL 123.00470428
0071D52D .A1 C8377200 MOV EAX,DWORD PTR DS:
0071D532 .8B00 MOV EAX,DWORD PTR DS:
0071D534 .80B8 A0000000>CMP BYTE PTR DS:,0
0071D53B .0F84 7A010000 JE 123.0071D6BB
0071D541 .8B03 MOV EAX,DWORD PTR DS:
0071D543 .8B80 F4020000 MOV EAX,DWORD PTR DS:
0071D549 .BA F4D67100 MOV EDX,123.0071D6F4 ;连接成功,正在登录 .....
0071D54E .E8 7514D3FF CALL 123.0044E9C8
0071D553 .8B03 MOV EAX,DWORD PTR DS:
0071D555 .8B80 F4020000 MOV EAX,DWORD PTR DS:
0071D55B .E8 AC19D3FF CALL 123.0044EF0C
0071D560 .8B0D 7C327200 MOV ECX,DWORD PTR DS: ;123.00726CC4
0071D566 .A1 C8347200 MOV EAX,DWORD PTR DS:
0071D56B .8B00 MOV EAX,DWORD PTR DS:
0071D56D .8B15 64867100 MOV EDX,DWORD PTR DS: ;123.007186B0
0071D573 .E8 B02ED5FF CALL 123.00470428
0071D578 .8B03 MOV EAX,DWORD PTR DS:
0071D57A .8B80 F4020000 MOV EAX,DWORD PTR DS:
0071D580 .BA 18D77100 MOV EDX,123.0071D718 ;连接成功,正在登录 ...
0071D585 .E8 3E14D3FF CALL 123.0044E9C8
0071D58A .8B03 MOV EAX,DWORD PTR DS:
0071D58C .8B80 F4020000 MOV EAX,DWORD PTR DS:
0071D592 .E8 7519D3FF CALL 123.0044EF0C
0071D597 .B8 14000000 MOV EAX,14
0071D59C .E8 7F63D5FF CALL 123.00473920
0071D5A1 .8B03 MOV EAX,DWORD PTR DS:
0071D5A3 .8B80 F4020000 MOV EAX,DWORD PTR DS:
0071D5A9 .BA F4D67100 MOV EDX,123.0071D6F4 ;连接成功,正在登录 .....
0071D5AE .E8 1514D3FF CALL 123.0044E9C8
0071D5B3 .8B03 MOV EAX,DWORD PTR DS:
0071D5B5 .8B80 F4020000 MOV EAX,DWORD PTR DS:
0071D5BB .E8 4C19D3FF CALL 123.0044EF0C
0071D5C0 .8BC3 MOV EAX,EBX
0071D5C2 .E8 F961D5FF CALL 123.004737C0
0071D5C7 .8B0D 74357200 MOV ECX,DWORD PTR DS: ;123.00726CCC
0071D5CD .A1 C8347200 MOV EAX,DWORD PTR DS:
0071D5D2 .8B00 MOV EAX,DWORD PTR DS:
0071D5D4 .8B15 9CC47100 MOV EDX,DWORD PTR DS: ;123.0071C4E8
0071D5DA .E8 492ED5FF CALL 123.00470428
0071D5DF .A1 9C337200 MOV EAX,DWORD PTR DS:
0071D5E4 .8B00 MOV EAX,DWORD PTR DS:
0071D5E6 .E8 55C0ECFF CALL 123.005E9640
0071D5EB .8B15 74377200 MOV EDX,DWORD PTR DS: ;123.0072637C
0071D5F1 .8902 MOV DWORD PTR DS:,EAX
0071D5F3 .A1 74377200 MOV EAX,DWORD PTR DS:
0071D5F8 .8338 00 CMP DWORD PTR DS:,0
0071D5FB /0F8C 94000000 JL 123.0071D695 这个跳转用来区别是否已经注册,我们要改为跳到0071D6D1
0071D601 .A1 74357200 MOV EAX,DWORD PTR DS:
0071D606 .8B00 MOV EAX,DWORD PTR DS:
0071D608 .E8 27F1FFFF CALL 123.0071C734
0071D60D .83E8 01 SUB EAX,1 ;Switch (cases 0..2)
0071D610 .72 05 JB SHORT 123.0071D617
0071D612 .48 DEC EAX
0071D613 .74 10 JE SHORT 123.0071D625
0071D615 .EB 72 JMP SHORT 123.0071D689
0071D617 >A1 C8347200 MOV EAX,DWORD PTR DS: ;Case 0 of switch 0071D60D
0071D61C .8B00 MOV EAX,DWORD PTR DS:
0071D61E .E8 712FD5FF CALL 123.00470594
0071D623 .EB 7A JMP SHORT 123.0071D69F
0071D625 >A1 74357200 MOV EAX,DWORD PTR DS: ;Case 2 of switch 0071D60D
0071D62A .E8 9161D5FF CALL 123.004737C0
0071D62F .33C9 XOR ECX,ECX
0071D631 .B2 01 MOV DL,1
0071D633 .A1 708F5E00 MOV EAX,DWORD PTR DS:
0071D638 .E8 13B6D4FF CALL 123.00468C50
0071D63D .8B15 9C337200 MOV EDX,DWORD PTR DS: ;123.00726818
0071D643 .8902 MOV DWORD PTR DS:,EAX
0071D645 .A1 9C337200 MOV EAX,DWORD PTR DS:
0071D64A .8B00 MOV EAX,DWORD PTR DS:
0071D64C .B2 06 MOV DL,6
0071D64E .E8 49D3D4FF CALL 123.0046A99C
0071D653 .A1 9C337200 MOV EAX,DWORD PTR DS:
0071D658 .8B00 MOV EAX,DWORD PTR DS:
0071D65A .8B10 MOV EDX,DWORD PTR DS:
0071D65C .FF92 E8000000 CALL DWORD PTR DS:
0071D662 .48 DEC EAX
0071D663 .74 18 JE SHORT 123.0071D67D
0071D665 .A1 74377200 MOV EAX,DWORD PTR DS:
0071D66A .8338 00 CMP DWORD PTR DS:,0
0071D66D .7F 0E JG SHORT 123.0071D67D
0071D66F .6A 01 PUSH 1
0071D671 .68 30D77100 PUSH 123.0071D730 ;软件已过期,如需继续使用,请联系供应商...
0071D676 .E8 59A0EBFF CALL <JMP.&PunUnitLib.ShowMess>
0071D67B .EB 4A JMP SHORT 123.0071D6C7
0071D67D >A1 9C337200 MOV EAX,DWORD PTR DS:
0071D682 .E8 3961D5FF CALL 123.004737C0
0071D687 .EB 16 JMP SHORT 123.0071D69F
0071D689 >A1 74357200 MOV EAX,DWORD PTR DS: ;Default case of switch 0071D60D
0071D68E .E8 2D61D5FF CALL 123.004737C0
0071D693 .EB 0A JMP SHORT 123.0071D69F
0071D695 >A1 74357200 MOV EAX,DWORD PTR DS:
0071D69A .E8 2161D5FF CALL 123.004737C0
0071D69F >A1 0C2E7200 MOV EAX,DWORD PTR DS:
0071D6A4 .8B00 MOV EAX,DWORD PTR DS:
0071D6A6 .33D2 XOR EDX,EDX
0071D6A8 .E8 031FEDFF CALL 123.005EF5B0
0071D6AD .A1 C8347200 MOV EAX,DWORD PTR DS:
0071D6B2 .8B00 MOV EAX,DWORD PTR DS:
0071D6B4 .E8 EF2DD5FF CALL 123.004704A8
0071D6B9 .EB 0C JMP SHORT 123.0071D6C7
0071D6BB >A1 C8347200 MOV EAX,DWORD PTR DS:
0071D6C0 .8B00 MOV EAX,DWORD PTR DS:
0071D6C2 .E8 CD2ED5FF CALL 123.00470594
0071D6C7 >5B POP EBX
0071D6C8 .E8 CF72CEFF CALL 123.0040499C
0071D6CD .0000 ADD BYTE PTR DS:,AL
0071D6CF .00FF ADD BH,BH 程序到这里结束
0071D6D1 A1 B4337200 MOV EAX,DWORD PTR DS: 从这里开始就是自己建立的了
0071D6D6 C600 01 MOV BYTE PTR DS:,1
0071D6DB ^ EB B8 JMP SHORT 123.0071D695 重新跳到他应该跳到0071D5FB应该去的位置
最后大家自己测试吧,内存注册机做的很简单的,我就不说了。 很给力啊。收下了。 看看。。。学习 看看学习一下· 学习下 ??????????????????谢谢 看看学习学习 学习下楼主的教程 学习一下{:301_975:} 围观老大...特来捧场
页:
[1]
2