好友
阅读权限10
听众
最后登录1970-1-1
|
昨天做了个补丁,不知道什么原因,管理给删除了,让看版规!还别说 真的没看出问题! 也许是我传的图片多?
还是影响到了第三方(貌似破解的都能影响到第三方)
没计算含量,大鸟飞过 ……请勿用于商业用途! 如果违反了版规,求管理通知,修改,
本人小菜,算法不懂,,只有追踪,呵呵~~
里诺餐饮管理软件(单机版)1.60
OD载入,
搜索字串:已保存了注册信息!下次启动本程序时将会对你的注册码进行验证,如注册码正确,本程序所有功能限制将被解除,您成为我们正式版本用户!
向上到
00663780 . 000A ADD BYTE PTR DS:[EDX],CL
断点运行到这里
00663780 . 000A ADD BYTE PTR DS:[EDX],CL
00663782 . 55 PUSH EBP
00663783 . 5F POP EDI
00663784 . 52 PUSH EDX
00663785 . 65:67:6973 74>IMUL ESI,DWORD PTR GS:[BP+DI+74],7265
0066378E . 8BC0 MOV EAX,EAX
00663790 /$ 55 PUSH EBP
00663791 |. 8BEC MOV EBP,ESP
00663793 |. 51 PUSH ECX
00663794 |. B9 04000000 MOV ECX,4
00663799 |> 6A 00 /PUSH 0
0066379B |. 6A 00 |PUSH 0
0066379D |. 49 |DEC ECX
0066379E |.^ 75 F9 \JNZ SHORT cy.00663799
006637A0 |. 51 PUSH ECX
006637A1 |. 874D FC XCHG DWORD PTR SS:[EBP-4],ECX
006637A4 |. 53 PUSH EBX
006637A5 |. 56 PUSH ESI
006637A6 |. 57 PUSH EDI
006637A7 |. 8BF9 MOV EDI,ECX
006637A9 |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
006637AC |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; >读取机器码 WD-WCAV30632750
006637AF |. E8 7819DAFF CALL cy.0040512C
006637B4 |. 33C0 XOR EAX,EAX
006637B6 |. 55 PUSH EBP
006637B7 |. 68 51396600 PUSH cy.00663951
006637BC |. 64:FF30 PUSH DWORD PTR FS:[EAX]
006637BF |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
006637C2 |. 8BC7 MOV EAX,EDI
006637C4 |. E8 A314DAFF CALL cy.00404C6C
006637C9 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
006637CC |. E8 6B17DAFF CALL cy.00404F3C
006637D1 |. 8BF0 MOV ESI,EAX
006637D3 |. 85F6 TEST ESI,ESI
006637D5 |. 7E 26 JLE SHORT cy.006637FD
006637D7 |. BB 01000000 MOV EBX,1
006637DC |> 8D4D EC /LEA ECX,DWORD PTR SS:[EBP-14] ; >计算机器码
006637DF |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
006637E2 |. 0FB64418 FF |MOVZX EAX,BYTE PTR DS:[EAX+EBX-1]
006637E7 |. 33D2 |XOR EDX,EDX
006637E9 |. E8 066FDAFF |CALL cy.0040A6F4
006637EE |. 8B55 EC |MOV EDX,DWORD PTR SS:[EBP-14]
006637F1 |. 8D45 F8 |LEA EAX,DWORD PTR SS:[EBP-8]
006637F4 |. E8 4B17DAFF |CALL cy.00404F44
006637F9 |. 43 |INC EBX
006637FA |. 4E |DEC ESI
006637FB |.^ 75 DF \JNZ SHORT cy.006637DC ; >计算机器码
006637FD |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 得到ascii值 57442D574341563330363332373530
00663800 |. E8 3717DAFF CALL cy.00404F3C
00663805 |. 8BF0 MOV ESI,EAX
00663807 |. 85F6 TEST ESI,ESI
00663809 |. 7E 2C JLE SHORT cy.00663837
0066380B |. BB 01000000 MOV EBX,1
00663810 |> 8B45 F8 /MOV EAX,DWORD PTR SS:[EBP-8]
00663813 |. E8 2417DAFF |CALL cy.00404F3C
00663818 |. 2BC3 |SUB EAX,EBX
0066381A |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
0066381D |. 8A1402 |MOV DL,BYTE PTR DS:[EDX+EAX]
00663820 |. 8D45 E8 |LEA EAX,DWORD PTR SS:[EBP-18]
00663823 |. E8 2C16DAFF |CALL cy.00404E54
00663828 |. 8B55 E8 |MOV EDX,DWORD PTR SS:[EBP-18]
0066382B |. 8D45 F4 |LEA EAX,DWORD PTR SS:[EBP-C]
0066382E |. E8 1117DAFF |CALL cy.00404F44
00663833 |. 43 |INC EBX
00663834 |. 4E |DEC ESI
00663835 ^ 75 D9 JNZ SHORT cy.00663810
00663837 |> 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0066383A |. 50 PUSH EAX
0066383B |. B9 04000000 MOV ECX,4
00663840 |. BA 01000000 MOV EDX,1
00663845 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00663848 |. E8 4F19DAFF CALL cy.0040519C
0066384D |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
00663850 |. 50 PUSH EAX
00663851 |. B9 04000000 MOV ECX,4
00663856 |. BA 05000000 MOV EDX,5
0066385B |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 得到倒序ascii值倒序035373233363033365143475D24475
0066385E |. E8 3919DAFF CALL cy.0040519C ; 0353
00663863 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 得到前四位
00663866 |. E8 D116DAFF CALL cy.00404F3C
0066386B |. 83F8 04 CMP EAX,4
0066386E |. 7D 2F JGE SHORT cy.0066389F
0066386E |. /7D 2F JGE SHORT cy.0066389F
00663870 |. |8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00663873 |. |E8 C416DAFF CALL cy.00404F3C
00663878 |. |8BD8 MOV EBX,EAX
0066387A |. |83FB 03 CMP EBX,3
0066387D |. |7F 20 JG SHORT cy.0066389F
0066387F |> |8D4D E4 /LEA ECX,DWORD PTR SS:[EBP-1C]
00663882 |. |8BC3 |MOV EAX,EBX
00663884 |. |C1E0 02 |SHL EAX,2
00663887 |. |33D2 |XOR EDX,EDX
00663889 |. |E8 666EDAFF |CALL cy.0040A6F4
0066388E |. |8B55 E4 |MOV EDX,DWORD PTR SS:[EBP-1C]
00663891 |. |8D45 F8 |LEA EAX,DWORD PTR SS:[EBP-8]
00663894 |. |E8 AB16DAFF |CALL cy.00404F44
00663899 |. |43 |INC EBX
0066389A |. |83FB 04 |CMP EBX,4
0066389D |.^|75 E0 \JNZ SHORT cy.0066387F
0066389F |> \8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
006638A2 |. E8 9516DAFF CALL cy.00404F3C
006638A7 |. 83F8 04 CMP EAX,4
006638AA |. 7D 2F JGE SHORT cy.006638DB
006638AC |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
006638AF |. E8 8816DAFF CALL cy.00404F3C
006638B4 |. 8BD8 MOV EBX,EAX
006638B6 |. 83FB 03 CMP EBX,3
006638B9 |. 7F 20 JG SHORT cy.006638DB
006638BB |> 8D4D E0 /LEA ECX,DWORD PTR SS:[EBP-20]
006638BE |. 8BC3 |MOV EAX,EBX
006638C0 |. C1E0 02 |SHL EAX,2
006638C3 |. 33D2 |XOR EDX,EDX
006638C5 |. E8 2A6EDAFF |CALL cy.0040A6F4
006638CA |. 8B55 E0 |MOV EDX,DWORD PTR SS:[EBP-20]
006638CD |. 8D45 F4 |LEA EAX,DWORD PTR SS:[EBP-C]
006638D0 |. E8 6F16DAFF |CALL cy.00404F44
006638D5 |. 43 |INC EBX
006638D6 |. 83FB 04 |CMP EBX,4
006638D9 |.^ 75 E0 \JNZ SHORT cy.006638BB
006638DB |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
006638DE |. BA 68396600 MOV EDX,cy.00663968 ; cyyl845yr67 固定码
006638E3 |. E8 1C14DAFF CALL cy.00404D04
006638E8 |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
006638EB |. 50 PUSH EAX
006638EC |. B9 04000000 MOV ECX,4
006638F1 |. BA 01000000 MOV EDX,1
006638F6 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
006638F9 |. E8 9E18DAFF CALL cy.0040519C
006638FE |. FF75 DC PUSH DWORD PTR SS:[EBP-24] ; 固定码前四位 cyyl
00663901 |. 68 7C396600 PUSH cy.0066397C ; 固定码前四位后加上 -
00663906 |. FF75 F8 PUSH DWORD PTR SS:[EBP-8] ; 在-后加入倒序后ascii值的前四位0353
00663909 |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
0066390C |. 50 PUSH EAX
0066390D |. B9 05000000 MOV ECX,5
00663912 |. BA 05000000 MOV EDX,5
00663917 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; 再次读取固定码
0066391A |. E8 7D18DAFF CALL cy.0040519C
0066391F |. FF75 D8 PUSH DWORD PTR SS:[EBP-28] ; 取固定码的5-9位 845yr
00663922 |. 68 7C396600 PUSH cy.0066397C ; 添加 -
00663927 |. FF75 F4 PUSH DWORD PTR SS:[EBP-C] ; 取ascii的第4-8位
0066392A |. 8BC7 MOV EAX,EDI
0066392C |. BA 06000000 MOV EDX,6
00663931 |. E8 C616DAFF CALL cy.00404FFC
00663936 |. 33C0 XOR EAX,EAX
00663938 |. 5A POP EDX
00663939 |. 59 POP ECX
0066393A |. 59 POP ECX
0066393B |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0066393E |. 68 58396600 PUSH cy.00663958
00663943 |> 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
00663946 |. BA 0A000000 MOV EDX,0A
0066394B |. E8 4013DAFF CALL cy.00404C90 ;
00663950 \. C3 RETN
00663950 \. C3 RETN
00663951 .^ E9 1A0CDAFF JMP cy.00404570
00663956 .^ EB EB JMP SHORT cy.00663943
00663958 . 5F POP EDI
00663959 . 5E POP ESI
0066395A . 5B POP EBX
0066395B . 8BE5 MOV ESP,EBP
0066395D . 5D POP EBP
0066395E . C3 RETN
0066395F 00 DB 00
省下N多字……嘿嘿~~ 对比出现
0066584C . A1 38F77700 MOV EAX,DWORD PTR DS:[77F738]
00665851 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
00665853 . 8B90 10050000 MOV EDX,DWORD PTR DS:[EAX+510]
00665859 . A1 FCF17700 MOV EAX,DWORD PTR DS:[77F1FC]
0066585E . 8B00 MOV EAX,DWORD PTR DS:[EAX]
00665860 . E8 2BDFFFFF CALL cy.00663790
00665865 . 8B55 B4 MOV EDX,DWORD PTR SS:[EBP-4C] ; 真码出现 cyyl-0353845yr-7323
00665868 . A1 38F77700 MOV EAX,DWORD PTR DS:[77F738]
0066586D . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0066586F . 8B80 14050000 MOV EAX,DWORD PTR DS:[EAX+514] ; 假码
00665875 . E8 0EF8D9FF CALL cy.00405088
0066587A . /75 6C JNZ SHORT cy.006658E8 此处对比结果不同 就跳
0066587C A1 38F77700 MOV EAX,DWORD PTR DS:[77F738]
00665881 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
这样注册码就追踪到了! 我是菜菜的超级小菜菜! 不懂算法注册机的写法,没办法只能追注册码或者是爆破
0066587A . /75 6C JNZ SHORT cy.006658E8 此处nop掉就行了,(不过软件推出的时候出现内存不该为***** 我汗~~~ (后来测试真码写入后还是错误,不知道是我这里的原因还是软件原因)
我试过了,可以在此处
00665865 . 8B55 B4 MOV EDX,DWORD PTR SS:[EBP-4C]
下段,直接追到注册码!嘿嘿~~~~
|
免费评分
-
查看全部评分
|
[复制链接]
发表于 2011-3-29 10:57
发表于 2011-3-30 13:17
|
发表于 2011-3-30 10:48
