bootstart6.02版适用于最新版7.xx
对CODE作如下说明
CODE: ***-*****-*****-****
||| ||||| ||||| ||||-C44
||| ||||| ||||| |||--C43
||| ||||| ||||| ||---C42
||| ||||| ||||| |----C41
||| ||||| |||||
||| ||||| |||||------C35
||| ||||| ||||-------C34
||| ||||| |||--------C33
||| ||||| ||---------C32
||| ||||| |----------C31
||| |||||
||| |||||------------C25
||| ||||-------------C24
||| |||--------------C23
||| ||---------------C22
||| |----------------C21
|||
|||------------------C13
||-------------------C12
|--------------------C11
设断点 BPX HMEMCPY
BPX CALLWINDOWPROCA
程序来到 4902E0
:004902E0 E84F19FAFF call 00431C34 <-读入 code
:004902E5 8B45F8 mov eax, dword ptr [ebp-08]
:004902E8 8D55FC lea edx, dword ptr [ebp-04]
:004902EB E84035FCFF call 00453830
:004902F0 8B55FC mov edx, dword ptr [ebp-04]
:004902F3 8D83EC020000 lea eax, dword ptr [ebx+000002EC]
:004902F9 E8BE39F7FF call 00403CBC
:004902FE 8D55F8 lea edx, dword ptr [ebp-08]
:00490301 8B83D0020000 mov eax, dword ptr [ebx+000002D0]
:00490307 E82819FAFF call 00431C34 <-读入 name
程序要走好长可以按 F12 24次,来到此处:
:004ACD37 48 dec eax
:004ACD38 0F8583000000 jne 004ACDC1
:004ACD3E 84DB test bl, bl
:004ACD40 7547 jne 004ACD89
:004ACD42 A1D0714B00 mov eax, dword ptr [004B71D0]
:004ACD47 8B00 mov eax, dword ptr [eax]
:004ACD49 8D90EC020000 lea edx, dword ptr [eax+000002EC]
:004ACD4F 8B8698040000 mov eax, dword ptr [esi+00000498]
:004ACD55 8B00 mov eax, dword ptr [eax]
:004ACD57 8B08 mov ecx, dword ptr [eax]
:004ACD59 FF5114 call [ecx+14]
:004ACD5C 8BD8 mov ebx, eax
:004ACD5E 8D45F8 lea eax, dword ptr [ebp-08]
:004ACD61 E8026FF5FF call 00403C68
:004ACD66 80FB05 cmp bl, 05
:004ACD69 7510 jne 004ACD7B
:004ACD6B 8D45F8 lea eax, dword ptr [ebp-08]
:004ACD6E 8B155C6C4B00 mov edx, dword ptr [004B6C5C]
:004ACD74 8B12 mov edx, dword ptr [edx]
:004ACD76 E8856FF5FF call 00403D00
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004ACD69(C)
|
:004ACD7B 8B4DF8 mov ecx, dword ptr [ebp-08]
:004ACD7E 8BD3 mov edx, ebx
:004ACD80 66B81C00 mov ax, 001C
:004ACD84 E867E3FDFF call 0048B0F0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004ACD40(C)
|
:004ACD89 84DB test bl, bl
:004ACD8B 7534 jne 004ACDC1
:004ACD8D 8D4DFF lea ecx, dword ptr [ebp-01]
:004ACD90 A1D0714B00 mov eax, dword ptr [004B71D0]
:004ACD95 8B00 mov eax, dword ptr [eax]
:004ACD97 8D90EC020000 lea edx, dword ptr [eax+000002EC]
:004ACD9D 8B8698040000 mov eax, dword ptr [esi+00000498]
:004ACDA3 8B00 mov eax, dword ptr [eax]
:004ACDA5 8B18 mov ebx, dword ptr [eax]
:004ACDA7 FF5310 call [ebx+10] <-计算及判断CODE正确性
:004ACDAA 8BD8 mov ebx, eax
:004ACDAC 807DFF00 cmp byte ptr [ebp-01], 00
:004ACDB0 7502 jne 004ACDB4
:004ACDB2 B354 mov bl, 54 <-错误
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004ACDB0(C)
|
:004ACDB4 33C9 xor ecx, ecx
:004ACDB6 8BD3 mov edx, ebx
:004ACDB8 66B81D00 mov ax, 001D
:004ACDBC E82FE3FDFF call 0048B0F0 <-失败对话框
进入:004ACDA7 FF5310 call [ebx+10]此呼叫
还要走好长!!!!!!
核心关键之处:
* Referenced by a CALL at Addresses:
|:0046B92A , :0046B9E1 , :0046CA46
|
:00453ABC 55 push ebp
:00453ABD 8BEC mov ebp, esp
:00453ABF 83C4D8 add esp, FFFFFFD8
:00453AC2 53 push ebx
:00453AC3 56 push esi
:00453AC4 57 push edi
:00453AC5 33C9 xor ecx, ecx
:00453AC7 894DEC mov dword ptr [ebp-14], ecx
:00453ACA 894DE8 mov dword ptr [ebp-18], ecx
:00453ACD 894DD8 mov dword ptr [ebp-28], ecx
:00453AD0 894DF0 mov dword ptr [ebp-10], ecx
:00453AD3 8BF0 mov esi, eax
:00453AD5 8D7DF8 lea edi, dword ptr [ebp-08]
:00453AD8 A5 movsd
:00453AD9 A5 movsd
:00453ADA 8955F4 mov dword ptr [ebp-0C], edx
:00453ADD 8D45F8 lea eax, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->"TRGRegisterInfo"
|
:00453AE0 8B1554394500 mov edx, dword ptr [00453954]
:00453AE6 E8F90BFBFF call 004046E4
:00453AEB 33C0 xor eax, eax
:00453AED 55 push ebp
:00453AEE 68263F4500 push 00453F26
:00453AF3 64FF30 push dword ptr fs:[eax]
:00453AF6 648920 mov dword ptr fs:[eax], esp
:00453AF9 8D55EC lea edx, dword ptr [ebp-14]
:00453AFC 8B45F8 mov eax, dword ptr [ebp-08]
:00453AFF E8A0FBFFFF call 004536A4
:00453B04 8B45EC mov eax, dword ptr [ebp-14]
:00453B07 8D55E8 lea edx, dword ptr [ebp-18]
:00453B0A E8454FFBFF call 00408A54
:00453B0F 8B45E8 mov eax, dword ptr [ebp-18]
:00453B12 8D55EC lea edx, dword ptr [ebp-14]
:00453B15 E816FDFFFF call 00453830
:00453B1A 8B55EC mov edx, dword ptr [ebp-14]
:00453B1D 8D45F8 lea eax, dword ptr [ebp-08]
:00453B20 E8DB01FBFF call 00403D00
:00453B25 8D55EC lea edx, dword ptr [ebp-14]
:00453B28 8B45FC mov eax, dword ptr [ebp-04]
:00453B2B E874FBFFFF call 004536A4
:00453B30 8B45EC mov eax, dword ptr [ebp-14]
:00453B33 8D55E8 lea edx, dword ptr [ebp-18]
:00453B36 E8194FFBFF call 00408A54
:00453B3B 8B45E8 mov eax, dword ptr [ebp-18]
:00453B3E 8D55EC lea edx, dword ptr [ebp-14]
:00453B41 E8EAFCFFFF call 00453830
:00453B46 8B55EC mov edx, dword ptr [ebp-14]
:00453B49 8D45FC lea eax, dword ptr [ebp-04]
:00453B4C E8AF01FBFF call 00403D00
:00453B51 B301 mov bl, 01
:00453B53 84DB test bl, bl
:00453B55 740F je 00453B66
:00453B57 8B45F8 mov eax, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->"REGISTERED USER"
|
:00453B5A BA3C3F4500 mov edx, 00453F3C
:00453B5F E89004FBFF call 00403FF4
:00453B64 7504 jne 00453B6A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B55(C)
|
:00453B66 33C0 xor eax, eax
:00453B68 EB02 jmp 00453B6C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B64(C)
|
:00453B6A B001 mov al, 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B68(U)
|
:00453B6C 8BD8 mov ebx, eax
:00453B6E 84DB test bl, bl
:00453B70 740D je 00453B7F
:00453B72 8B45F8 mov eax, dword ptr [ebp-08]
:00453B75 E86A03FBFF call 00403EE4
:00453B7A 83F80A cmp eax, 0000000A <-NAME的位数大于等于10位
:00453B7D 7D04 jge 00453B83
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B70(C)
|
:00453B7F 33C0 xor eax, eax
:00453B81 EB02 jmp 00453B85
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B7D(C)
|
:00453B83 B001 mov al, 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B81(U)
|
:00453B85 8BD8 mov ebx, eax
:00453B87 84DB test bl, bl
:00453B89 7426 je 00453BB1
:00453B8B 8D45EC lea eax, dword ptr [ebp-14]
:00453B8E 50 push eax
:00453B8F B904000000 mov ecx, 00000004
:00453B94 BA01000000 mov edx, 00000001
:00453B99 8B45FC mov eax, dword ptr [ebp-04]
:00453B9C E84705FBFF call 004040E8
:00453BA1 8B45EC mov eax, dword ptr [ebp-14]
* Possible StringData Ref from Data Obj ->"BM1-"
|
:00453BA4 BA543F4500 mov edx, 00453F54
:00453BA9 E84604FBFF call 00403FF4 <-C1是否等于BM1
:00453BAE 0F94C3 sete bl
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453B89(C)
|
:00453BB1 84DB test bl, bl
:00453BB3 7456 je 00453C0B <-去死
:00453BB5 8B45F8 mov eax, dword ptr [ebp-08]
:00453BB8 E82703FBFF call 00403EE4
:00453BBD 8BD0 mov edx, eax
:00453BBF 8D45EC lea eax, dword ptr [ebp-14]
:00453BC2 E84502FBFF call 00403E0C
:00453BC7 8B45EC mov eax, dword ptr [ebp-14]
:00453BCA 8D55F0 lea edx, dword ptr [ebp-10]
:00453BCD E8B2FDFFFF call 00453984
:00453BD2 8D45EC lea eax, dword ptr [ebp-14]
:00453BD5 50 push eax
:00453BD6 B902000000 mov ecx, 00000002
:00453BDB BA05000000 mov edx, 00000005
:00453BE0 8B45FC mov eax, dword ptr [ebp-04]
:00453BE3 E80005FBFF call 004040E8
:00453BE8 8B45EC mov eax, dword ptr [ebp-14]
:00453BEB 50 push eax
:00453BEC 8D4DE8 lea ecx, dword ptr [ebp-18]
:00453BEF 8B45F0 mov eax, dword ptr [ebp-10]
:00453BF2 0FB600 movzx eax, byte ptr [eax]
:00453BF5 BA02000000 mov edx, 00000002
:00453BFA E8F950FBFF call 00408CF8 <-生成C21 C22
:00453BFF 8B55E8 mov edx, dword ptr [ebp-18] <-真的C21 C22 BPX3
:00453C02 58 pop eax <-假的C21 C22
:00453C03 E8EC03FBFF call 00403FF4
:00453C08 0F94C3 sete bl
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453BB3(C)
|
:00453C0B 84DB test bl, bl
:00453C0D 0F8494000000 je 00453CA7 <-去死
:00453C13 8D45F0 lea eax, dword ptr [ebp-10]
:00453C16 8B55FC mov edx, dword ptr [ebp-04]
:00453C19 E8E200FBFF call 00403D00
:00453C1E 8D45F0 lea eax, dword ptr [ebp-10]
:00453C21 B902000000 mov ecx, 00000002
:00453C26 BA07000000 mov edx, 00000007
:00453C2B E8F804FBFF call 00404128
:00453C30 33F6 xor esi, esi
:00453C32 8B45F0 mov eax, dword ptr [ebp-10]
:00453C35 E8AA02FBFF call 00403EE4
:00453C3A 84C0 test al, al
:00453C3C 7616 jbe 00453C54
:00453C3E B201 mov dl, 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453C52(C)
|
:00453C40 33C9 xor ecx, ecx
:00453C42 8ACA mov cl, dl
:00453C44 8B5DF0 mov ebx, dword ptr [ebp-10]
:00453C47 0FB64C0BFF movzx ecx, byte ptr [ebx+ecx-01]
:00453C4C 6603F1 add si, cx
:00453C4F 42 inc edx
:00453C50 FEC8 dec al
:00453C52 75EC jne 00453C40
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453C3C(C)
|
:00453C54 8D45EC lea eax, dword ptr [ebp-14]
:00453C57 8BD6 mov edx, esi
:00453C59 6681E2FF00 and dx, 00FF
:00453C5E E8A901FBFF call 00403E0C
:00453C63 8B45EC mov eax, dword ptr [ebp-14]
:00453C66 8D55F0 lea edx, dword ptr [ebp-10]
:00453C69 E816FDFFFF call 00453984
:00453C6E 8D45EC lea eax, dword ptr [ebp-14]
:00453C71 50 push eax
:00453C72 B902000000 mov ecx, 00000002
:00453C77 BA07000000 mov edx, 00000007
:00453C7C 8B45FC mov eax, dword ptr [ebp-04]
:00453C7F E86404FBFF call 004040E8
:00453C84 8B45EC mov eax, dword ptr [ebp-14]
:00453C87 50 push eax
:00453C88 8D4DE8 lea ecx, dword ptr [ebp-18]
:00453C8B 8B45F0 mov eax, dword ptr [ebp-10]
:00453C8E 0FB600 movzx eax, byte ptr [eax]
:00453C91 BA02000000 mov edx, 00000002
:00453C96 E85D50FBFF call 00408CF8 <-生成C23 C24 BPX4
:00453C9B 8B55E8 mov edx, dword ptr [ebp-18] <-假的C23 C24 ?写错了!呵呵没有错啦①
:00453C9E 58 pop eax <-假的C23 C24
:00453C9F E85003FBFF call 00403FF4
:00453CA4 0F94C3 sete bl
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453C0D(C)
|
:00453CA7 84DB test bl, bl
:00453CA9 0F848B000000 je 00453D3A <-去死
:00453CAF 8B55F8 mov edx, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->" "
|
:00453CB2 B8643F4500 mov eax, 00453F64
:00453CB7 E81005FBFF call 004041CC <-NAME 中不能有空格
:00453CBC 85C0 test eax, eax
:00453CBE 7E15 jle 00453CD5 <-去死
:00453CC0 8B55F8 mov edx, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->" "
|
:00453CC3 B8643F4500 mov eax, 00453F64
:00453CC8 E8FF04FBFF call 004041CC
:00453CCD 8B55F8 mov edx, dword ptr [ebp-08]
:00453CD0 8A1C02 mov bl, byte ptr [edx+eax]
:00453CD3 EB06 jmp 00453CDB
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453CBE(C)
|
:00453CD5 8B45F8 mov eax, dword ptr [ebp-08]
:00453CD8 8A5801 mov bl, byte ptr [eax+01]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453CD3(U)
|
:00453CDB 8D45EC lea eax, dword ptr [ebp-14]
:00453CDE 50 push eax
:00453CDF B902000000 mov ecx, 00000002
:00453CE4 BA09000000 mov edx, 00000009
:00453CE9 8B45FC mov eax, dword ptr [ebp-04]
:00453CEC E8F703FBFF call 004040E8
:00453CF1 8B45EC mov eax, dword ptr [ebp-14]
:00453CF4 50 push eax
:00453CF5 8BC3 mov eax, ebx
:00453CF7 E868EDFAFF call 00402A64
:00453CFC 8BD0 mov edx, eax
:00453CFE 8D45E4 lea eax, dword ptr [ebp-1C]
:00453D01 885001 mov byte ptr [eax+01], dl
:00453D04 C60001 mov byte ptr [eax], 01
:00453D07 8D55E4 lea edx, dword ptr [ebp-1C]
:00453D0A 8D45E0 lea eax, dword ptr [ebp-20]
:00453D0D E842EEFAFF call 00402B54
* Possible StringData Ref from Data Obj ->"-"
|
:00453D12 BA683F4500 mov edx, 00453F68
:00453D17 8D45E0 lea eax, dword ptr [ebp-20]
:00453D1A B102 mov cl, 02
:00453D1C E803EEFAFF call 00402B24
:00453D21 8D55E0 lea edx, dword ptr [ebp-20]
:00453D24 8D45E8 lea eax, dword ptr [ebp-18]
:00453D27 E85C01FBFF call 00403E88 <-生成C25 NAME的第二个字母
<-F10 代过,就中断在 BPX3 在次运行
<-到此则出现失败对话框??只好清除 中断 3
:00453D2C 8B55E8 mov edx, dword ptr [ebp-18] <-真的C25 BPX5
:00453D2F 58 pop eax <-假的C25
:00453D30 E8BF02FBFF call 00403FF4
:00453D35 0F94C0 sete al
:00453D38 8BD8 mov ebx, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453CA9(C)
|
:00453D3A 84DB test bl, bl
:00453D3C 0F84CB000000 je 00453E0D <-去死
:00453D42 33F6 xor esi, esi
:00453D44 8B45F8 mov eax, dword ptr [ebp-08]
:00453D47 E89801FBFF call 00403EE4
:00453D4C 84C0 test al, al
:00453D4E 7616 jbe 00453D66
:00453D50 B201 mov dl, 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453D64(C)
|
:00453D52 33C9 xor ecx, ecx
:00453D54 8ACA mov cl, dl
:00453D56 8B5DF8 mov ebx, dword ptr [ebp-08]
:00453D59 0FB64C0BFF movzx ecx, byte ptr [ebx+ecx-01]
:00453D5E 6603F1 add si, cx
:00453D61 42 inc edx
:00453D62 FEC8 dec al
:00453D64 75EC jne 00453D52
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453D4E(C)
|
:00453D66 8D45E4 lea eax, dword ptr [ebp-1C]
:00453D69 8BD6 mov edx, esi
:00453D6B 66C1EA08 shr dx, 08
:00453D6F 885001 mov byte ptr [eax+01], dl
:00453D72 C60001 mov byte ptr [eax], 01
:00453D75 8D55E4 lea edx, dword ptr [ebp-1C]
:00453D78 8D45E0 lea eax, dword ptr [ebp-20]
:00453D7B E8D4EDFAFF call 00402B54
:00453D80 8D45DC lea eax, dword ptr [ebp-24]
:00453D83 8BD6 mov edx, esi
:00453D85 6681E2FF00 and dx, 00FF
:00453D8A 885001 mov byte ptr [eax+01], dl
:00453D8D C60001 mov byte ptr [eax], 01
:00453D90 8D55DC lea edx, dword ptr [ebp-24]
:00453D93 8D45E0 lea eax, dword ptr [ebp-20]
:00453D96 B102 mov cl, 02
:00453D98 E887EDFAFF call 00402B24
:00453D9D 8D55E0 lea edx, dword ptr [ebp-20]
:00453DA0 8D45EC lea eax, dword ptr [ebp-14]
:00453DA3 E8E000FBFF call 00403E88
:00453DA8 8B45EC mov eax, dword ptr [ebp-14]
:00453DAB 8D55F0 lea edx, dword ptr [ebp-10]
:00453DAE E8D1FBFFFF call 00453984
:00453DB3 8D45EC lea eax, dword ptr [ebp-14]
:00453DB6 50 push eax
:00453DB7 B904000000 mov ecx, 00000004
:00453DBC BA0B000000 mov edx, 0000000B
:00453DC1 8B45FC mov eax, dword ptr [ebp-04]
:00453DC4 E81F03FBFF call 004040E8
:00453DC9 8B45EC mov eax, dword ptr [ebp-14]
:00453DCC 50 push eax
:00453DCD 8D4DE8 lea ecx, dword ptr [ebp-18]
:00453DD0 8B45F0 mov eax, dword ptr [ebp-10]
:00453DD3 0FB600 movzx eax, byte ptr [eax]
:00453DD6 BA02000000 mov edx, 00000002
:00453DDB E8184FFBFF call 00408CF8
:00453DE0 8D45E8 lea eax, dword ptr [ebp-18]
:00453DE3 50 push eax
:00453DE4 8D4DD8 lea ecx, dword ptr [ebp-28]
:00453DE7 8B45F0 mov eax, dword ptr [ebp-10]
:00453DEA 0FB64001 movzx eax, byte ptr [eax+01]
:00453DEE BA02000000 mov edx, 00000002
:00453DF3 E8004FFBFF call 00408CF8
:00453DF8 8B55D8 mov edx, dword ptr [ebp-28]
:00453DFB 58 pop eax
:00453DFC E8EB00FBFF call 00403EEC <-生成C31 C32 C33 C34
:00453E01 8B55E8 mov edx, dword ptr [ebp-18] <-真的C31 C32 C33 C34 BPX6
:00453E04 58 pop eax <-假的C31 C32 C33 C34
:00453E05 E8EA01FBFF call 00403FF4
:00453E0A 0F94C3 sete bl
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453D3C(C)
|
:00453E0D 84DB test bl, bl
:00453E0F 7460 je 00453E71 <-去死
:00453E11 8D45EC lea eax, dword ptr [ebp-14]
:00453E14 50 push eax
:00453E15 B902000000 mov ecx, 00000002
:00453E1A BA0F000000 mov edx, 0000000F
:00453E1F 8B45FC mov eax, dword ptr [ebp-04]
:00453E22 E8C102FBFF call 004040E8
:00453E27 8B45EC mov eax, dword ptr [ebp-14]
:00453E2A 50 push eax
:00453E2B 8B45F8 mov eax, dword ptr [ebp-08]
:00453E2E 8A00 mov al, byte ptr [eax]
:00453E30 E82FECFAFF call 00402A64
:00453E35 8BD0 mov edx, eax
:00453E37 8D45E4 lea eax, dword ptr [ebp-1C]
:00453E3A 885001 mov byte ptr [eax+01], dl
:00453E3D C60001 mov byte ptr [eax], 01
:00453E40 8D55E4 lea edx, dword ptr [ebp-1C]
:00453E43 8D45E0 lea eax, dword ptr [ebp-20]
:00453E46 E809EDFAFF call 00402B54
* Possible StringData Ref from Data Obj ->"-"
|
:00453E4B BA683F4500 mov edx, 00453F68
:00453E50 8D45E0 lea eax, dword ptr [ebp-20]
:00453E53 B102 mov cl, 02
:00453E55 E8CAECFAFF call 00402B24
:00453E5A 8D55E0 lea edx, dword ptr [ebp-20]
:00453E5D 8D45E8 lea eax, dword ptr [ebp-18]
:00453E60 E82300FBFF call 00403E88 <-生成C35 NAME的第一个字母
:00453E65 8B55E8 mov edx, dword ptr [ebp-18] <-真的C35 BPX7
:00453E68 58 pop eax <-假的C35
:00453E69 E88601FBFF call 00403FF4
:00453E6E 0F94C3 sete bl
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453E0F(C)
|
:00453E71 84DB test bl, bl
:00453E73 747B je 00453EF0 <-去死
:00453E75 8D45EC lea eax, dword ptr [ebp-14]
:00453E78 50 push eax
:00453E79 B902000000 mov ecx, 00000002
:00453E7E BA01000000 mov edx, 00000001
:00453E83 8B45F8 mov eax, dword ptr [ebp-08]
:00453E86 E85D02FBFF call 004040E8
:00453E8B 8B45EC mov eax, dword ptr [ebp-14]
:00453E8E 8D55F0 lea edx, dword ptr [ebp-10]
:00453E91 E8EEFAFFFF call 00453984
:00453E96 8D45EC lea eax, dword ptr [ebp-14]
:00453E99 50 push eax
:00453E9A B909000000 mov ecx, 00000009
:00453E9F BA11000000 mov edx, 00000011
:00453EA4 8B45FC mov eax, dword ptr [ebp-04]
:00453EA7 E83C02FBFF call 004040E8
:00453EAC 8B45EC mov eax, dword ptr [ebp-14]
:00453EAF 50 push eax
:00453EB0 8D4DE8 lea ecx, dword ptr [ebp-18]
:00453EB3 8B45F0 mov eax, dword ptr [ebp-10]
:00453EB6 0FB600 movzx eax, byte ptr [eax]
:00453EB9 BA02000000 mov edx, 00000002
:00453EBE E8354EFBFF call 00408CF8
:00453EC3 8D45E8 lea eax, dword ptr [ebp-18]
:00453EC6 50 push eax
:00453EC7 8D4DD8 lea ecx, dword ptr [ebp-28]
:00453ECA 8B45F0 mov eax, dword ptr [ebp-10]
:00453ECD 0FB64001 movzx eax, byte ptr [eax+01]
:00453ED1 BA02000000 mov edx, 00000002
:00453ED6 E81D4EFBFF call 00408CF8
:00453EDB 8B55D8 mov edx, dword ptr [ebp-28]
:00453EDE 58 pop eax
:00453EDF E80800FBFF call 00403EEC <-生成C41 C42 C43 C44
:00453EE4 8B55E8 mov edx, dword ptr [ebp-18] <-真的C41 C42 C43 C44 BPX8
:00453EE7 58 pop eax <-假的C41 C42 C43 C44
:00453EE8 E80701FBFF call 00403FF4
:00453EED 0F94C3 sete bl
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453E73(C)
|
:00453EF0 8B45F4 mov eax, dword ptr [ebp-0C]
:00453EF3 8818 mov byte ptr [eax], bl
:00453EF5 33C0 xor eax, eax
:00453EF7 5A pop edx
:00453EF8 59 pop ecx
:00453EF9 59 pop ecx
:00453EFA 648910 mov dword ptr fs:[eax], edx
:00453EFD 682D3F4500 push 00453F2D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00453F2B(U)
|
:00453F02 8D45D8 lea eax, dword ptr [ebp-28]
:00453F05 E85EFDFAFF call 00403C68
:00453F0A 8D45E8 lea eax, dword ptr [ebp-18]
:00453F0D BA03000000 mov edx, 00000003
:00453F12 E875FDFAFF call 00403C8C
:00453F17 8D45F8 lea eax, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->"TRGRegisterInfo"
|
:00453F1A 8B1554394500 mov edx, dword ptr [00453954]
:00453F20 E8A706FBFF call 004045CC
:00453F25 C3 ret
:00453F26 E9FDF7FAFF jmp 00403728
:00453F2B EBD5 jmp 00453F02
:00453F2D 5F pop edi
:00453F2E 5E pop esi
:00453F2F 5B pop ebx
:00453F30 8BE5 mov esp, ebp
:00453F32 5D pop ebp
:00453F33 C3 ret
① 至此我们已经得到了除C23 C24的全部注册码,现在我们将得到C23 C24的注册码:
重新运行程序设断点 00453C9E
D EDX
就是正确的 C23 C24
C23 C24 由后面的注册码生成,因此要等到后面的注册码确定后才可以确定
ABCDEFGHIJKLMN BM1-2486B-3157A-7878
BM1-E086B-3157A-7878 <-C21 C22
BM1-E003B-3157A-7878 <-C23 C24
BM1-E003B-EDDAA-7878 <-C31 C32
BM1-E0C5B-EDDAA-7878 <-C23 C24
BM1-E0C5B-EDDAA-AF71 <-C41 C42 C43 C44
BM1-E0D2B-EDDAA-AF71 <-C23 C24
至此注册成功
QWERTYUIOPASDFG BM1-1234W-4567Q-7878
BM1-E134W-4567Q-7878
BM1-E1F7W-4567Q-7878
BM1-E1F7W-EABDQ-7878
BM1-E1A1W-EABDQ-7878 <-出问题了 中断在C21 C22处不走了?只好BD * ???
BM1-E1A1W-EABDQ-BF64
BM1-E18DW-EABDQ-BF64
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
热门文章 去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据
人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>