好友
阅读权限30
听众
最后登录1970-1-1
|
【破文标题】十万个为什么1.5破解教程
【破文作者】LCC
【作者邮箱】369899357@qq.com
【破解工具】PEID 、OD
【破解平台】Windows XP SP3
【软件名称】十万个为什么1.5
【原版下载】http://www.onlinedown.net/soft/80.htm
【软件大小】7.39M
【保护方式】注册码
【软件简介】《十万个为什么-计算机应用技巧大全》
------------------------------------------------------------------------------------------------
【破解过程】
今天闲来无事。就找东西玩。看到了一个《十万个为什么-计算机应用技巧大全》
一想,这个是我学破解时候第一个搞的软件,就拿来弄个教程玩玩。各位大牛就不要见笑了!嘿嘿(啪啪,鸡蛋丢过来了)
好了,正式开始。先使用PEID进行查壳:ASPack 2.11 -> Alexey Solodovnikov
接下来就是脱壳。为了省事期间我就不写脱壳的过程了(直接ESP定律几下搞定)
这里我就带壳搞了 ,目的是跟出注册码,做个注册机
如果你脱完了壳就载入OD进行破解。
因为这个软件比较简单些,就直接查找字符串找到 错误的注册码! 处,再往上找到
0047EC8E ^\EB E8 jmp Xwhy10000.0047EC78
这个就是从上面跳过来的。接着往上找,找到段首。进行下断
0047EA88 55 push ebp //段首,在此下断
0047EA89 8BEC mov ebp,esp
0047EA8B B9 08000000 mov ecx,0x8
0047EA90 6A 00 push 0x0
0047EA92 6A 00 push 0x0
0047EA94 49 dec ecx
0047EA95 ^ 75 F9 jnz Xwhy10000.0047EA90
0047EA97 51 push ecx
0047EA98 53 push ebx
0047EA99 56 push esi
0047EA9A 57 push edi
0047EA9B 8945 FC mov dword ptr ss:[ebp-0x4],eax
0047EA9E 33C0 xor eax,eax
0047EAA0 55 push ebp
0047EAA1 68 76ED4700 push why10000.0047ED76
0047EAA6 64:FF30 push dword ptr fs:[eax]
0047EAA9 64:8920 mov dword ptr fs:[eax],esp
0047EAAC 8D55 F0 lea edx,dword ptr ss:[ebp-0x10]
0047EAAF 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0047EAB2 8B80 E0020000 mov eax,dword ptr ds:[eax+0x2E0]
0047EAB8 E8 F3CEFAFF call why10000.0042B9B0
0047EABD 8B45 F0 mov eax,dword ptr ss:[ebp-0x10]
0047EAC0 8D55 F4 lea edx,dword ptr ss:[ebp-0xC]
0047EAC3 E8 E4A3F8FF call why10000.00408EAC
0047EAC8 837D F4 00 cmp dword ptr ss:[ebp-0xC],0x0
0047EACC 75 19 jnz Xwhy10000.0047EAE7
0047EACE BA 84ED4700 mov edx,why10000.0047ED84 ; 提示
0047EAD3 B8 8CED4700 mov eax,why10000.0047ED8C ; 姓名不能为空!
0047EAD8 B9 30000000 mov ecx,0x30
0047EADD E8 E256FFFF call why10000.004741C4
0047EAE2 E9 22020000 jmp why10000.0047ED09
0047EAE7 8D45 EC lea eax,dword ptr ss:[ebp-0x14]
0047EAEA 50 push eax
0047EAEB 8D55 E4 lea edx,dword ptr ss:[ebp-0x1C]
0047EAEE 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0047EAF1 8B80 EC020000 mov eax,dword ptr ds:[eax+0x2EC]
0047EAF7 E8 B4CEFAFF call why10000.0042B9B0
0047EAFC 8B45 E4 mov eax,dword ptr ss:[ebp-0x1C]
0047EAFF 8D55 E8 lea edx,dword ptr ss:[ebp-0x18]
0047EB02 E8 A5A3F8FF call why10000.00408EAC
0047EB07 8B45 E8 mov eax,dword ptr ss:[ebp-0x18]
0047EB0A B9 0C000000 mov ecx,0xC
0047EB0F BA 01000000 mov edx,0x1
0047EB14 E8 AF55F8FF call why10000.004040C8
0047EB19 8B45 EC mov eax,dword ptr ss:[ebp-0x14]
0047EB1C 50 push eax
0047EB1D 8D45 E0 lea eax,dword ptr ss:[ebp-0x20]
0047EB20 50 push eax
0047EB21 8D55 D4 lea edx,dword ptr ss:[ebp-0x2C]
0047EB24 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0047EB27 8B80 E0020000 mov eax,dword ptr ds:[eax+0x2E0]
0047EB2D E8 7ECEFAFF call why10000.0042B9B0
0047EB32 8B45 D4 mov eax,dword ptr ss:[ebp-0x2C]
0047EB35 8D55 D8 lea edx,dword ptr ss:[ebp-0x28]
0047EB38 E8 6FA3F8FF call why10000.00408EAC
0047EB3D 8B45 D8 mov eax,dword ptr ss:[ebp-0x28]
0047EB40 8D4D DC lea ecx,dword ptr ss:[ebp-0x24]
0047EB43 BA A8ED4700 mov edx,why10000.0047EDA8 ; 十万个为什么
0047EB48 E8 3F57FFFF call why10000.0047428C
0047EB4D 8B45 DC mov eax,dword ptr ss:[ebp-0x24]
0047EB50 B9 0C000000 mov ecx,0xC
0047EB55 BA 01000000 mov edx,0x1
0047EB5A E8 6955F8FF call why10000.004040C8
0047EB5F 8B55 E0 mov edx,dword ptr ss:[ebp-0x20]
0047EB62 58 pop eax
0047EB63 E8 6854F8FF call why10000.00403FD0
0047EB68 74 2F je Xwhy10000.0047EB99
0047EB6A 8D55 CC lea edx,dword ptr ss:[ebp-0x34]
0047EB6D 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0047EB70 8B80 EC020000 mov eax,dword ptr ds:[eax+0x2EC]
0047EB76 E8 35CEFAFF call why10000.0042B9B0
0047EB7B 8B45 CC mov eax,dword ptr ss:[ebp-0x34]
0047EB7E 8D55 D0 lea edx,dword ptr ss:[ebp-0x30]
0047EB81 E8 26A3F8FF call why10000.00408EAC
0047EB86 8B45 D0 mov eax,dword ptr ss:[ebp-0x30]
0047EB89 BA C0ED4700 mov edx,why10000.0047EDC0 ; 000000000000000
0047EB8E E8 3D54F8FF call why10000.00403FD0
0047EB93 0F85 5C010000 jnz why10000.0047ECF5
0047EB99 B2 01 mov dl,0x1
0047EB9B A1 18374500 mov eax,dword ptr ds:[0x453718]
0047EBA0 E8 734CFDFF call why10000.00453818
0047EBA5 8945 F8 mov dword ptr ss:[ebp-0x8],eax
0047EBA8 33C0 xor eax,eax
0047EBAA 55 push ebp
0047EBAB 68 89EC4700 push why10000.0047EC89
0047EBB0 64:FF30 push dword ptr fs:[eax]
0047EBB3 64:8920 mov dword ptr fs:[eax],esp
0047EBB6 BA 02000080 mov edx,0x80000002
0047EBBB 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0047EBBE E8 F54CFDFF call why10000.004538B8
0047EBC3 33C0 xor eax,eax
0047EBC5 55 push ebp
0047EBC6 68 3EEC4700 push why10000.0047EC3E
0047EBCB 64:FF30 push dword ptr fs:[eax]
0047EBCE 64:8920 mov dword ptr fs:[eax],esp
0047EBD1 B1 01 mov cl,0x1
0047EBD3 BA D8ED4700 mov edx,why10000.0047EDD8 ; \Software\Net_e_Studio\Why100000\Version1.5
0047EBD8 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0047EBDB E8 404DFDFF call why10000.00453920
0047EBE0 B9 0CEE4700 mov ecx,why10000.0047EE0C ; Yes
0047EBE5 BA 18EE4700 mov edx,why10000.0047EE18 ; IsRegistry
0047EBEA 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0047EBED E8 AA50FDFF call why10000.00453C9C
0047EBF2 8D55 C8 lea edx,dword ptr ss:[ebp-0x38]
0047EBF5 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0047EBF8 8B80 E0020000 mov eax,dword ptr ds:[eax+0x2E0]
0047EBFE E8 ADCDFAFF call why10000.0042B9B0
0047EC03 8B4D C8 mov ecx,dword ptr ss:[ebp-0x38]
0047EC06 BA 2CEE4700 mov edx,why10000.0047EE2C ; RegistryUser
0047EC0B 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0047EC0E E8 8950FDFF call why10000.00453C9C
0047EC13 8D55 C4 lea edx,dword ptr ss:[ebp-0x3C]
0047EC16 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0047EC19 8B80 EC020000 mov eax,dword ptr ds:[eax+0x2EC]
0047EC1F E8 8CCDFAFF call why10000.0042B9B0
0047EC24 8B4D C4 mov ecx,dword ptr ss:[ebp-0x3C]
0047EC27 BA 44EE4700 mov edx,why10000.0047EE44 ; RegistryCode
0047EC2C 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0047EC2F E8 6850FDFF call why10000.00453C9C
0047EC34 33C0 xor eax,eax
0047EC36 5A pop edx
0047EC37 59 pop ecx
0047EC38 59 pop ecx
0047EC39 64:8910 mov dword ptr fs:[eax],edx
0047EC3C EB 2D jmp Xwhy10000.0047EC6B
0047EC3E ^ E9 E147F8FF jmp why10000.00403424
0047EC43 BA 84ED4700 mov edx,why10000.0047ED84 ; 提示
0047EC48 B8 54EE4700 mov eax,why10000.0047EE54 ; Registry Error!
0047EC4D B9 10000000 mov ecx,0x10
0047EC52 E8 6D55FFFF call why10000.004741C4
0047EC57 E8 244BF8FF call why10000.00403780
0047EC5C E8 4F4BF8FF call why10000.004037B0
0047EC61 E9 A3000000 jmp why10000.0047ED09
0047EC66 E8 154BF8FF call why10000.00403780
0047EC6B 33C0 xor eax,eax
0047EC6D 5A pop edx
0047EC6E 59 pop ecx
0047EC6F 59 pop ecx
0047EC70 64:8910 mov dword ptr fs:[eax],edx
0047EC73 68 90EC4700 push why10000.0047EC90 ; ·阙
0047EC78 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0047EC7B E8 084CFDFF call why10000.00453888
0047EC80 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0047EC83 E8 3043F8FF call why10000.00402FB8
0047EC88 C3 retn
0047EC89 ^ E9 4A4AF8FF jmp why10000.004036D8
0047EC8E ^ EB E8 jmp Xwhy10000.0047EC78
0047EC90 A1 A4EA4900 mov eax,dword ptr ds:[0x49EAA4]
0047EC95 8B00 mov eax,dword ptr ds:[eax]
0047EC97 8B80 D0030000 mov eax,dword ptr ds:[eax+0x3D0]
0047EC9D 33D2 xor edx,edx
0047EC9F E8 24CCFAFF call why10000.0042B8C8
0047ECA4 8D55 BC lea edx,dword ptr ss:[ebp-0x44]
0047ECA7 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0047ECAA 8B80 E0020000 mov eax,dword ptr ds:[eax+0x2E0]
0047ECB0 E8 FBCCFAFF call why10000.0042B9B0
0047ECB5 8B4D BC mov ecx,dword ptr ss:[ebp-0x44]
0047ECB8 8D45 C0 lea eax,dword ptr ss:[ebp-0x40]
0047ECBB BA 74EE4700 mov edx,why10000.0047EE74 ; 注册用户!
0047ECC0 E8 4752F8FF call why10000.00403F0C
0047ECC5 8B55 C0 mov edx,dword ptr ss:[ebp-0x40]
0047ECC8 A1 A4EA4900 mov eax,dword ptr ds:[0x49EAA4]
0047ECCD 8B00 mov eax,dword ptr ds:[eax]
0047ECCF 8B80 CC030000 mov eax,dword ptr ds:[eax+0x3CC]
0047ECD5 E8 06CDFAFF call why10000.0042B9E0
0047ECDA BA 84ED4700 mov edx,why10000.0047ED84 ; 提示
0047ECDF B8 80EE4700 mov eax,why10000.0047EE80 ; 注册成功!
0047ECE4 33C9 xor ecx,ecx
0047ECE6 E8 D954FFFF call why10000.004741C4
0047ECEB 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0047ECEE E8 B57CFCFF call why10000.004469A8
0047ECF3 EB 14 jmp Xwhy10000.0047ED09
0047ECF5 BA 94EE4700 mov edx,why10000.0047EE94 ; 警告
0047ECFA B8 9CEE4700 mov eax,why10000.0047EE9C ; 错误的注册码!
0047ECFF B9 30000000 mov ecx,0x30
0047ED04 E8 BB54FFFF call why10000.004741C4
0047ED09 33C0 xor eax,eax
然后运行软件
弹出注册框,现在我们输入注册名和注册码,点注册,OD会暂停到我们刚设置的那个断点上
0047EA88 55 push ebp
现在我们单步往下跟
0047EAF7 E8 B4CEFAFF call why10000.0042B9B0 ; /// 这里出现假码
0047EAFC 8B45 E4 mov eax,dword ptr ss:[ebp-0x1C] ; /// 接着往下走
0047EAFF 8D55 E8 lea edx,dword ptr ss:[ebp-0x18]
0047EB02 E8 A5A3F8FF call why10000.00408EAC
0047EB07 8B45 E8 mov eax,dword ptr ss:[ebp-0x18]
0047EB0A B9 0C000000 mov ecx,0xC
0047EB0F BA 01000000 mov edx,0x1
0047EB14 E8 AF55F8FF call why10000.004040C8
0047EB19 8B45 EC mov eax,dword ptr ss:[ebp-0x14]
0047EB1C 50 push eax
0047EB1D 8D45 E0 lea eax,dword ptr ss:[ebp-0x20]
0047EB20 50 push eax
0047EB21 8D55 D4 lea edx,dword ptr ss:[ebp-0x2C]
0047EB24 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0047EB27 8B80 E0020000 mov eax,dword ptr ds:[eax+0x2E0]
0047EB2D E8 7ECEFAFF call why10000.0042B9B0
0047EB32 8B45 D4 mov eax,dword ptr ss:[ebp-0x2C] ; /// 这里出现用户名
0047EB35 8D55 D8 lea edx,dword ptr ss:[ebp-0x28] ; /// 接着往下走
0047EB38 E8 6FA3F8FF call why10000.00408EAC
0047EB3D 8B45 D8 mov eax,dword ptr ss:[ebp-0x28]
0047EB40 8D4D DC lea ecx,dword ptr ss:[ebp-0x24]
0047EB43 BA A8ED4700 mov edx,why10000.0047EDA8 ; 十万个为什么
0047EB48 E8 3F57FFFF call why10000.0047428C
0047EB4D 8B45 DC mov eax,dword ptr ss:[ebp-0x24] ; /// 这里出现了一串数字
0047EB50 B9 0C000000 mov ecx,0xC ; /// 然后看寄存器里EAX处出现在一串数字
0047EB55 BA 01000000 mov edx,0x1
0047EB5A E8 6955F8FF call why10000.004040C8
0047EB5F 8B55 E0 mov edx,dword ptr ss:[ebp-0x20]
0047EB62 58 pop eax
0047EB63 E8 6854F8FF call why10000.00403FD0 ; /// 到这里注册寄存器EAX处出现了ASCII“123456789”也就是我们的假注册码,EDX处出来的就可以肯定是真注册码了
留意寄存器:
EAX 00C46BDC ASCII "123456789"
ECX 00000000
EDX 00C46BF4 ASCII "212221171317"
其实现在就可以做注册机了。我们再往下跟下试试看是什么情况
算了,不跟了,来做个注册机证实下我们的判断。(因为这个软件已经搞过N次了,不想再走了往下)
拿出KeyMake 选内存注册机 然后找到我们的程序位置,下面添加内存地址。点添加
中断地址:0047EB63
中断次数:1
第一字节:E8
指令长度:5
然后保存下列信息为注册码 打勾
选内存方式--寄存器:选EDX,然后点添加,再点关闭。OK,可以生成注册机了
输入注册名和假码点注册。OK,注册码出来了。我们拿 来试下看能否成功!!!嘻嘻!注册成功,到此我们的破解完成了!!玩去了。88
现在我们退出OD,测试下注册机
------------------------------------------------------------------------------------------------
【破解总结】
对于这种软件其实挺简单的,主要是掌握个好的思路,希望大牛们不要喷我。嘿嘿。躲了。赶快跑
------------------------------------------------------------------------------------------------
【版权声明】2012-04-04 By LCC
------------------------------------------------------------------------------------------------
|
-
-
破文.zip
3.69 KB, 下载次数: 38, 下载积分: 吾爱币 -1 CB
免费评分
-
查看全部评分
|
[复制链接]
发表于 2012-4-4 16:28
发表于 2012-4-4 16:32
|
发表于 2012-4-4 17:17
