庖丁解牛 V1.29
-
下载页面: http://www.skycn.com/soft/4671.html
软件大小: 261 KB
软件语言: 简体中文
软件类别: 国产软件 / 免费版 / 文件分割
应用平台: Win9x/NT/2000/XP
加入时间: 2002-06-29 14:49:01
下载次数: 40311
推荐等级: ****
开 发 商: http://zlsoft.myetang.com/
【软件简介】:分割合并文件! 庖丁解牛却比其它同类软件智能得多,能最大限度的减少你操作的步骤。分割后会生成Link.bat文件,在没有安装“文件分割机”的电脑上也能轻松合并文件。为纯绿色软件。
【软件限制】:功能限制
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、PEiD、W32Dasm 9.0白金版
—————————————————————————————————
【过 程】:
庖丁解牛.exe 无壳。Borland Delphi 编写。
程序在启动时就已经悄悄的算好了注册码,如果等到注册时再拦截的话就只能看到注册码的比较,而无法分析算法了。所以在反汇编代码里查找蛛丝马迹,忽然看见 GetVolumeInformationA 函数,呵呵,我知道有门了。^O^^O^
呵呵,庖丁系列软件的《庖丁光盘管家》和《我的程序代码库》的算法应该和这个是一样的。
机器码:707E6D8D
试炼码:13572468
—————————————————————————————————
* Possible StringData Ref from Code Obj ->"c:\"
|
:00469AE5 68CCA64600 push 0046A6CC
* Reference To: kernel32.GetVolumeInformationA, Ord:0000h
|
:00469AEA E8BDCEF9FF Call 004069AC
====>呵呵,取我的硬盘序列号
:00469AEF A1D8284700 mov eax, dword ptr [004728D8]
====>EAX=211C1E09
:00469AF4 3584736251 xor eax, 51627384
====>EAX=211C1E09 XOR 51627384=707E6D8D
:00469AF9 33D2 xor edx, edx
:00469AFB 8945D0 mov dword ptr [ebp-30], eax
====>[ebp-30]=EAX=707E6D8D 这就是显示的机器码
:00469AFE 8955D4 mov dword ptr [ebp-2C], edx
:00469B01 FF75D4 push [ebp-2C]
:00469B04 FF75D0 push [ebp-30]
:00469B07 8D9564FEFFFF lea edx, dword ptr [ebp+FFFFFE64]
:00469B0D B808000000 mov eax, 00000008
:00469B12 E8F1EAF9FF call 00408608
:00469B17 8B9564FEFFFF mov edx, dword ptr [ebp+FFFFFE64]
====>EDX=707E6D8D
:00469B1D B8D0284700 mov eax, 004728D0
:00469B22 E8FD9FF9FF call 00403B24
:00469B27 FF75D4 push [ebp-2C]
:00469B2A FF75D0 push [ebp-30]
:00469B2D 8B45D0 mov eax, dword ptr [ebp-30]
:00469B30 8B55D4 mov edx, dword ptr [ebp-2C]
:00469B33 E8C0C7F9FF call 004062F8
====>此CALL求707E6D8D * 707E6D8D!进入!
:00469B38 52 push edx
====>EDX=316EDE4B
:00469B39 50 push eax
====>EAX=65AD5FA9
:00469B3A 8D45DC lea eax, dword ptr [ebp-24]
:00469B3D E892EAF9FF call 004085D4
====>将316EDE4B65AD5FA9转化为10进制值
:00469B42 8D8560FEFFFF lea eax, dword ptr [ebp+FFFFFE60]
====>EAX=3562028770706415529
:00469B48 50 push eax
:00469B49 8B45DC mov eax, dword ptr [ebp-24]
:00469B4C E8FFA1F9FF call 00403D50
====>求3562028770706415529的位数 19位
:00469B51 8BD0 mov edx, eax
====>EDX=EAX=13
:00469B53 83EA08 sub edx, 00000008
====>EDX=13 - 8=B
:00469B56 B908000000 mov ecx, 00000008
:00469B5B 8B45DC mov eax, dword ptr [ebp-24]
====>EAX=3562028770706415529
:00469B5E E8F5A3F9FF call 00403F58
====>此CALL取3562028770706415529的11-18位!
:00469B63 8B8560FEFFFF mov eax, dword ptr [ebp+FFFFFE60]
====>EAX=70641552 取得的11-18位
:00469B69 E816EBF9FF call 00408684
====>求70641552的16进制值=0435E790
:00469B6E 8945D0 mov dword ptr [ebp-30], eax
====>EAX=0435E790
:00469B71 8955D4 mov dword ptr [ebp-2C], edx
:00469B74 A1D8284700 mov eax, dword ptr [004728D8]
====>EAX=211C1E09 硬盘序列号
:00469B79 33D2 xor edx, edx
:00469B7B 3345D0 xor eax, dword ptr [ebp-30]
====>EAX=211C1E09 XOR 0435E790=2529F999
:00469B7E 3355D4 xor edx, dword ptr [ebp-2C]
:00469B81 8945D0 mov dword ptr [ebp-30], eax
:00469B84 8955D4 mov dword ptr [ebp-2C], edx
:00469B87 8D45DC lea eax, dword ptr [ebp-24]
:00469B8A 50 push eax
:00469B8B FF75D4 push [ebp-2C]
:00469B8E FF75D0 push [ebp-30]
:00469B91 8D855CFEFFFF lea eax, dword ptr [ebp+FFFFFE5C]
====>EAX=2529F999
:00469B97 E838EAF9FF call 004085D4
====>将2529F999转化为10进制值623507865
:00469B9C 8B855CFEFFFF mov eax, dword ptr [ebp+FFFFFE5C]
====>EAX=623507865
:00469BA2 E8A9A1F9FF call 00403D50
====>取623507865长度
:00469BA7 83E808 sub eax, 00000008
====>EAX=9 - 8=1
:00469BAA 50 push eax
:00469BAB FF75D4 push [ebp-2C]
:00469BAE FF75D0 push [ebp-30]
:00469BB1 8D8558FEFFFF lea eax, dword ptr [ebp+FFFFFE58]
:00469BB7 E818EAF9FF call 004085D4
:00469BBC 8B8558FEFFFF mov eax, dword ptr [ebp+FFFFFE58]
====>EAX=623507865
:00469BC2 B908000000 mov ecx, 00000008
:00469BC7 5A pop edx
:00469BC8 E88BA3F9FF call 00403F58
====>取623507865的前8位数字!
:00469BCD B8D4284700 mov eax, 004728D4
:00469BD2 8B55DC mov edx, dword ptr [ebp-24]
====>EDX=62350786 呵呵,这就是注册码了!
—————————————————————————————————
进入乘法CALL:00469B33 call 004062F8
* Referenced by a CALL at Addresses:
|:00405214 , :00408B07 , :00408B21 , :00469B33
|
:004062F8 52 push edx
:004062F9 50 push eax
:004062FA 8B442410 mov eax, dword ptr [esp+10]
:004062FE F72424 mul dword ptr [esp]
:00406301 8BC8 mov ecx, eax
:00406303 8B442404 mov eax, dword ptr [esp+04]
====>EAX=707E6D8D
:00406307 F764240C mul [esp+0C]
====>EAX=707E6D8D * 707E6D8D=65AD5FA9
====>EDX=316EDE4B 进位入EDX
:0040630B 03C8 add ecx, eax
:0040630D 8B0424 mov eax, dword ptr [esp]
:00406310 F764240C mul [esp+0C]
:00406314 03D1 add edx, ecx
:00406316 59 pop ecx
:00406317 59 pop ecx
:00406318 C20800 ret 0008
—————————————————————————————————
注册时的比较:
:0046ED00 55 push ebp
:0046ED01 8BEC mov ebp, esp
:0046ED03 6A00 push 00000000
:0046ED05 6A00 push 00000000
:0046ED07 6A00 push 00000000
:0046ED09 53 push ebx
:0046ED0A 56 push esi
:0046ED0B 8BD8 mov ebx, eax
:0046ED0D 33C0 xor eax, eax
:0046ED0F 55 push ebp
:0046ED10 683CEE4600 push 0046EE3C
:0046ED15 64FF30 push dword ptr fs:[eax]
:0046ED18 648920 mov dword ptr fs:[eax], esp
:0046ED1B 8D55FC lea edx, dword ptr [ebp-04]
:0046ED1E 8B8348040000 mov eax, dword ptr [ebx+00000448]
:0046ED24 E8C3DDFBFF call 0042CAEC
====>取得试炼码
:0046ED29 8B45FC mov eax, dword ptr [ebp-04]
====>EAX=13572468
:0046ED2C 8B15D4284700 mov edx, dword ptr [004728D4]
====>EDX=62350786
:0046ED32 E82951F9FF call 00403E60
====>比较CALL!
:0046ED37 7413 je 0046ED4C
====>不跳则OVER!
:0046ED39 8B8348040000 mov eax, dword ptr [ebx+00000448]
:0046ED3F 8B10 mov edx, dword ptr [eax]
:0046ED41 FF92B0000000 call dword ptr [edx+000000B0]
:0046ED47 E9CD000000 jmp 0046EE19
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046ED37(C)
|
:0046ED4C B201 mov dl, 01
:0046ED4E A160674600 mov eax, dword ptr [00466760]
:0046ED53 E8087BFFFF call 00466860
:0046ED58 8BF0 mov esi, eax
:0046ED5A BA02000080 mov edx, 80000002
:0046ED5F 8BC6 mov eax, esi
:0046ED61 E89A7BFFFF call 00466900
:0046ED66 33C9 xor ecx, ecx
====>下面写注册信息
* Possible StringData Ref from Code Obj ->"\software\庖丁解牛"
|
:0046ED68 BA54EE4600 mov edx, 0046EE54
:0046ED6D 8BC6 mov eax, esi
:0046ED6F E8D07CFFFF call 00466A44
:0046ED74 84C0 test al, al
:0046ED76 751A jne 0046ED92
* Possible StringData Ref from Code Obj ->"\software\庖丁解牛"
|
:0046ED78 BA54EE4600 mov edx, 0046EE54
:0046ED7D 8BC6 mov eax, esi
:0046ED7F E8E47BFFFF call 00466968
:0046ED84 33C9 xor ecx, ecx
* Possible StringData Ref from Code Obj ->"\software\庖丁解牛"
|
:0046ED86 BA54EE4600 mov edx, 0046EE54
:0046ED8B 8BC6 mov eax, esi
:0046ED8D E8B27CFFFF call 00466A44
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046ED76(C)
|
:0046ED92 8D55F8 lea edx, dword ptr [ebp-08]
:0046ED95 8B8348040000 mov eax, dword ptr [ebx+00000448]
:0046ED9B E84CDDFBFF call 0042CAEC
:0046EDA0 8B4DF8 mov ecx, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"注册码"
|
:0046EDA3 BA70EE4600 mov edx, 0046EE70
:0046EDA8 8BC6 mov eax, esi
:0046EDAA E8D980FFFF call 00466E88
:0046EDAF 8BC6 mov eax, esi
:0046EDB1 E81A7BFFFF call 004668D0
:0046EDB6 8BC6 mov eax, esi
:0046EDB8 E84B40F9FF call 00402E08
:0046EDBD B201 mov dl, 01
:0046EDBF 8B8360040000 mov eax, dword ptr [ebx+00000460]
:0046EDC5 E83ADCFBFF call 0042CA04
:0046EDCA 8B15D0284700 mov edx, dword ptr [004728D0]
:0046EDD0 8B8378040000 mov eax, dword ptr [ebx+00000478]
:0046EDD6 E841DDFBFF call 0042CB1C
:0046EDDB 8B15D4284700 mov edx, dword ptr [004728D4]
:0046EDE1 8B837C040000 mov eax, dword ptr [ebx+0000047C]
:0046EDE7 E830DDFBFF call 0042CB1C
:0046EDEC 8D55F4 lea edx, dword ptr [ebp-0C]
:0046EDEF A114104700 mov eax, dword ptr [00471014]
:0046EDF4 8B00 mov eax, dword ptr [eax]
:0046EDF6 E815B9FDFF call 0044A710
:0046EDFB 8D45F4 lea eax, dword ptr [ebp-0C]
* Possible StringData Ref from Code Obj ->" 已注册版"
====>呵呵,胜利女神!
|
:0046EDFE BA80EE4600 mov edx, 0046EE80
:0046EE03 E8504FF9FF call 00403D58
:0046EE08 8B55F4 mov edx, dword ptr [ebp-0C]
:0046EE0B 8BC3 mov eax, ebx
:0046EE0D E80ADDFBFF call 0042CB1C
:0046EE12 C605DC28470001 mov byte ptr [004728DC], 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046ED47(U)
|
:0046EE19 33C0 xor eax, eax
:0046EE1B 5A pop edx
:0046EE1C 59 pop ecx
:0046EE1D 59 pop ecx
:0046EE1E 648910 mov dword ptr fs:[eax], edx
:0046EE21 6843EE4600 push 0046EE43
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046EE41(U)
|
:0046EE26 8D45F4 lea eax, dword ptr [ebp-0C]
:0046EE29 E8A24CF9FF call 00403AD0
:0046EE2E 8D45F8 lea eax, dword ptr [ebp-08]
:0046EE31 BA02000000 mov edx, 00000002
:0046EE36 E8B94CF9FF call 00403AF4
:0046EE3B C3 ret
—————————————————————————————————
【KeyMake之内存注册机】:
中断地址:0046ED32
中断次数:1
第一字节:E8
指令长度:5
内存方式:EDX
—————————————————————————————————
【注册信息保存】:
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\庖丁解牛]
"注册码"="62350786"
呵呵,本注册码可以一并注册我机子上的《庖丁光盘管家》和《我的程序代码库》。
—————————————————————————————————
【整 理】:
机器码:707E6D8D
注册码:62350786
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>