eBook Workshop v1.4
-
破解者:HMILY[CCG][BCG]
破解于:2003-4-16
软件名称:eBook Workshop v1.4
说明:软件的算法不难,就是写注册机时有点乱,头都写大了,还没有写完,晕!!!
贴个过程吧先!!!!
注册码有三个框,分别设为x1,x2,x3
* Possible StringData Ref from Code Obj ->"bestloveyang"
|
:004C7B24 BA10854C00 mov edx, 004C8510 ; 字符串 bestloveyang 传入edx 设该字符串为 C_1
:004C7B29 E83EC2F3FF call 00403D6C
:004C7B2E 8D55F8 lea edx, dword ptr [ebp-08]
:004C7B31 8B45FC mov eax, dword ptr [ebp-04]
:004C7B34 E85B6CFFFF call 004BE794
:004C7B39 8B45F8 mov eax, dword ptr [ebp-08] ;注册名计算得到的字符串传入eax 设为C_2
:004C7B3C E813C4F3FF call 00403F54
:004C7B41 8945EC mov dword ptr [ebp-14], eax
:004C7B44 8B45F4 mov eax, dword ptr [ebp-0C]
:004C7B47 E808C4F3FF call 00403F54
:004C7B4C 8945E8 mov dword ptr [ebp-18], eax
:004C7B4F C745F063000000 mov [ebp-10], 00000063 ; 有用 把 0x63 保存到ebp-10
:004C7B56 8D45E0 lea eax, dword ptr [ebp-20]
:004C7B59 B9FF000000 mov ecx, 000000FF
:004C7B5E BA01000000 mov edx, 00000001
:004C7B63 E834C6F3FF call 0040419C
:004C7B68 8D45D8 lea eax, dword ptr [ebp-28]
:004C7B6B B9FF000000 mov ecx, 000000FF
:004C7B70 BA01000000 mov edx, 00000001
:004C7B75 E822C6F3FF call 0040419C
:004C7B7A C745E401000000 mov [ebp-1C], 00000001
:004C7B81 C645DE01 mov [ebp-22], 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7C22(C)
|
:004C7B85 8D45E0 lea eax, dword ptr [ebp-20]
:004C7B88 50 push eax
:004C7B89 8B4DE8 mov ecx, dword ptr [ebp-18]
:004C7B8C 8B55E4 mov edx, dword ptr [ebp-1C]
:004C7B8F 8B45F8 mov eax, dword ptr [ebp-08]
:004C7B92 E8C5C5F3FF call 0040415C
:004C7B97 8B45E4 mov eax, dword ptr [ebp-1C]
:004C7B9A 0345E8 add eax, dword ptr [ebp-18]
:004C7B9D 48 dec eax
:004C7B9E 3B45EC cmp eax, dword ptr [ebp-14]
:004C7BA1 7E16 jle 004C7BB9
:004C7BA3 8B45EC mov eax, dword ptr [ebp-14]
:004C7BA6 40 inc eax
:004C7BA7 2B45E4 sub eax, dword ptr [ebp-1C]
:004C7BAA 8945E8 mov dword ptr [ebp-18], eax
:004C7BAD 807DDE00 cmp byte ptr [ebp-22], 00
:004C7BB1 7406 je 004C7BB9
:004C7BB3 8B45EC mov eax, dword ptr [ebp-14]
:004C7BB6 8945E8 mov dword ptr [ebp-18], eax
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004C7BA1(C), :004C7BB1(C)
|
:004C7BB9 C645DE00 mov [ebp-22], 00
:004C7BBD 8B75E8 mov esi, dword ptr [ebp-18]
:004C7BC0 85F6 test esi, esi
:004C7BC2 7E47 jle 004C7C0B
:004C7BC4 BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7C09(C)
|
:004C7BC9 8B45E0 mov eax, dword ptr [ebp-20]
:004C7BCC 0FB67C18FF movzx edi, byte ptr [eax+ebx-01] ;依次取C_2
:004C7BD1 8B45F4 mov eax, dword ptr [ebp-0C]
:004C7BD4 0FB64418FF movzx eax, byte ptr [eax+ebx-01] ;依次取 C_1;第二次循环C_1又从头取
:004C7BD9 33F8 xor edi, eax ; edi=C_2^C_1
:004C7BDB 8D45E0 lea eax, dword ptr [ebp-20]
:004C7BDE B901000000 mov ecx, 00000001
:004C7BE3 8BD3 mov edx, ebx
:004C7BE5 E8B2C5F3FF call 0040419C
:004C7BEA 8BC7 mov eax, edi
:004C7BEC 8845DF mov byte ptr [ebp-21], al
:004C7BEF 8D45CC lea eax, dword ptr [ebp-34]
:004C7BF2 8A55DF mov dl, byte ptr [ebp-21]
:004C7BF5 E882C2F3FF call 00403E7C
:004C7BFA 8B45CC mov eax, dword ptr [ebp-34]
:004C7BFD 8D55E0 lea edx, dword ptr [ebp-20]
:004C7C00 8BCB mov ecx, ebx
:004C7C02 E8DDC5F3FF call 004041E4
:004C7C07 43 inc ebx
:004C7C08 4E dec esi
:004C7C09 75BE jne 004C7BC9
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7BC2(C)
|
:004C7C0B 8D45D8 lea eax, dword ptr [ebp-28]
:004C7C0E 8B55E0 mov edx, dword ptr [ebp-20] ; 把计算得到的字符串传入edx 此字符串设为 S_1
:004C7C11 E846C3F3FF call 00403F5C
:004C7C16 8B45E8 mov eax, dword ptr [ebp-18]
:004C7C19 0145E4 add dword ptr [ebp-1C], eax
:004C7C1C 8B45E4 mov eax, dword ptr [ebp-1C]
:004C7C1F 3B45EC cmp eax, dword ptr [ebp-14]
:004C7C22 0F8E5DFFFFFF jle 004C7B85
:004C7C28 8D45F8 lea eax, dword ptr [ebp-08]
:004C7C2B 8B55D8 mov edx, dword ptr [ebp-28]
:004C7C2E E839C1F3FF call 00403D6C
:004C7C33 8B45F8 mov eax, dword ptr [ebp-08]
:004C7C36 E819C3F3FF call 00403F54
:004C7C3B 83F804 cmp eax, 00000004
:004C7C3E 7D10 jge 004C7C50
:004C7C40 8D45F8 lea eax, dword ptr [ebp-08]
:004C7C43 8B4DF8 mov ecx, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"love"
|
:004C7C46 BA28854C00 mov edx, 004C8528
:004C7C4B E850C3F3FF call 00403FA0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7C3E(C)
|
:004C7C50 8B45F8 mov eax, dword ptr [ebp-08]
:004C7C53 E8FCC2F3FF call 00403F54
:004C7C58 8BC8 mov ecx, eax
:004C7C5A 83E904 sub ecx, 00000004
:004C7C5D 8D45F8 lea eax, dword ptr [ebp-08]
:004C7C60 BA01000000 mov edx, 00000001
:004C7C65 E832C5F3FF call 0040419C
:004C7C6A 8B45F8 mov eax, dword ptr [ebp-08]
:004C7C6D E8E2C2F3FF call 00403F54
:004C7C72 8945EC mov dword ptr [ebp-14], eax
:004C7C75 8D45D8 lea eax, dword ptr [ebp-28]
:004C7C78 B9FF000000 mov ecx, 000000FF
:004C7C7D BA01000000 mov edx, 00000001
:004C7C82 E815C5F3FF call 0040419C
:004C7C87 8B75EC mov esi, dword ptr [ebp-14]
:004C7C8A 85F6 test esi, esi
:004C7C8C 7E2B jle 004C7CB9
:004C7C8E BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7CB7(C)
|
:004C7C93 8D45D4 lea eax, dword ptr [ebp-2C]
:004C7C96 50 push eax
:004C7C97 8B55EC mov edx, dword ptr [ebp-14]
:004C7C9A 2BD3 sub edx, ebx
:004C7C9C 42 inc edx
:004C7C9D B901000000 mov ecx, 00000001
:004C7CA2 8B45F8 mov eax, dword ptr [ebp-08]
:004C7CA5 E8B2C4F3FF call 0040415C
:004C7CAA 8D45D8 lea eax, dword ptr [ebp-28]
:004C7CAD 8B55D4 mov edx, dword ptr [ebp-2C]
:004C7CB0 E8A7C2F3FF call 00403F5C ; 这一段是把计算得到的后四位字符串取反 此字符串设为 S_2
:004C7CB5 43 inc ebx
:004C7CB6 4E dec esi
:004C7CB7 75DA jne 004C7C93 ; 未取完,继续
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7C8C(C)
|
:004C7CB9 8D45F8 lea eax, dword ptr [ebp-08]
:004C7CBC 8B55D8 mov edx, dword ptr [ebp-28]
:004C7CBF E8A8C0F3FF call 00403D6C
:004C7CC4 8D45D8 lea eax, dword ptr [ebp-28]
:004C7CC7 B9FF000000 mov ecx, 000000FF
:004C7CCC BA01000000 mov edx, 00000001
:004C7CD1 E8C6C4F3FF call 0040419C
:004C7CD6 8D55D8 lea edx, dword ptr [ebp-28]
:004C7CD9 A140034D00 mov eax, dword ptr [004D0340]
:004C7CDE 8B00 mov eax, dword ptr [eax]
:004C7CE0 8B80D4020000 mov eax, dword ptr [eax+000002D4]
:004C7CE6 E8A1B4F6FF call 0043318C
:004C7CEB 8B75EC mov esi, dword ptr [ebp-14]
:004C7CEE 85F6 test esi, esi
:004C7CF0 0F8EB1000000 jle 004C7DA7
:004C7CF6 BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7DA1(C)
|
:004C7CFB 8B45F8 mov eax, dword ptr [ebp-08]
:004C7CFE 0FB67C18FF movzx edi, byte ptr [eax+ebx-01] ; 依次取S_2
:004C7D03 037DF0 add edi, dword ptr [ebp-10]; 依次把S_2与ebp-10里的内容相加 ebp-10就是上面保存的0x63
:004C7D06 81FFFF000000 cmp edi, 000000FF ; 相加的结果是否>0xff
:004C7D0C 7E06 jle 004C7D14
:004C7D0E 81EFFF000000 sub edi, 000000FF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7D0C(C)
|
:004C7D14 85FF test edi, edi
:004C7D16 7D06 jge 004C7D1E ; 比较edi是否<0,不小于则跳
:004C7D18 81C7FF000000 add edi, 000000FF ; 否则edi+0xff
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7D16(C)
|
:004C7D1E 8D45C4 lea eax, dword ptr [ebp-3C]
:004C7D21 8BD3 mov edx, ebx
:004C7D23 4A dec edx
:004C7D24 03D2 add edx, edx
:004C7D26 8B4DD8 mov ecx, dword ptr [ebp-28]
:004C7D29 8A1411 mov dl, byte ptr [ecx+edx]; 取x1的奇数位,即1,3,5,7位
:004C7D2C 885001 mov byte ptr [eax+01], dl
:004C7D2F C60001 mov byte ptr [eax], 01
:004C7D32 8D55C4 lea edx, dword ptr [ebp-3C]
:004C7D35 8D45C0 lea eax, dword ptr [ebp-40]
:004C7D38 E88BADF3FF call 00402AC8
:004C7D3D 8D45BC lea eax, dword ptr [ebp-44]
:004C7D40 8BD3 mov edx, ebx
:004C7D42 4A dec edx
:004C7D43 03D2 add edx, edx
:004C7D45 8B4DD8 mov ecx, dword ptr [ebp-28]
:004C7D48 8A541101 mov dl, byte ptr [ecx+edx+01]; 取x1偶数位,即2,4,6,8位
:004C7D4C 885001 mov byte ptr [eax+01], dl
:004C7D4F C60001 mov byte ptr [eax], 01
:004C7D52 8D55BC lea edx, dword ptr [ebp-44]
:004C7D55 8D45C0 lea eax, dword ptr [ebp-40]
:004C7D58 B102 mov cl, 02
:004C7D5A E839ADF3FF call 00402A98
:004C7D5F 8D55C0 lea edx, dword ptr [ebp-40]
:004C7D62 8D45C8 lea eax, dword ptr [ebp-38]
:004C7D65 E88EC1F3FF call 00403EF8
:004C7D6A 8B45C8 mov eax, dword ptr [ebp-38]
:004C7D6D 50 push eax
:004C7D6E 8D45B8 lea eax, dword ptr [ebp-48]
:004C7D71 50 push eax
:004C7D72 897DB0 mov dword ptr [ebp-50], edi
:004C7D75 C645B400 mov [ebp-4C], 00
:004C7D79 8D55B0 lea edx, dword ptr [ebp-50]
:004C7D7C 33C9 xor ecx, ecx
* Possible StringData Ref from Code Obj ->"%1.2x"
|
:004C7D7E B838854C00 mov eax, 004C8538
:004C7D83 E8201AF4FF call 004097A8
:004C7D88 8B55B8 mov edx, dword ptr [ebp-48]; 把S_2加0x63的十六进进制结果做为注册码的第一部分
:004C7D8B 58 pop eax ; 取x1每两位
:004C7D8C E8D3C2F3FF call 00404064
:004C7D91 0F9445D3 sete byte ptr [ebp-2D]
:004C7D95 807DD300 cmp byte ptr [ebp-2D], 00
:004C7D99 0F84F8060000 je 004C8497 ; 如果注册码相等则不跳,否则game over
:004C7D9F 43 inc ebx
:004C7DA0 4E dec esi
:004C7DA1 0F8554FFFFFF jne 004C7CFB ; 未取完S_2,继续
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7CF0(C)
|
:004C7DA7 8D55F8 lea edx, dword ptr [ebp-08]
:004C7DAA A140034D00 mov eax, dword ptr [004D0340]
:004C7DAF 8B00 mov eax, dword ptr [eax]
:004C7DB1 8B80D0020000 mov eax, dword ptr [eax+000002D0]
:004C7DB7 E8D0B3F6FF call 0043318C
:004C7DBC 8D45F4 lea eax, dword ptr [ebp-0C]
* Possible StringData Ref from Code Obj ->"yangyi"
|
:004C7DBF BA48854C00 mov edx, 004C8548
:004C7DC4 E8A3BFF3FF call 00403D6C
:004C7DC9 8D55F8 lea edx, dword ptr [ebp-08]
:004C7DCC 8B45FC mov eax, dword ptr [ebp-04]
:004C7DCF E8C069FFFF call 004BE794
:004C7DD4 8B45F8 mov eax, dword ptr [ebp-08]
:004C7DD7 E878C1F3FF call 00403F54
:004C7DDC 8945EC mov dword ptr [ebp-14], eax
:004C7DDF 8B45F4 mov eax, dword ptr [ebp-0C]
:004C7DE2 E86DC1F3FF call 00403F54
:004C7DE7 8945E8 mov dword ptr [ebp-18], eax
:004C7DEA C745F014000000 mov [ebp-10], 00000014
:004C7DF1 8D45D8 lea eax, dword ptr [ebp-28]
:004C7DF4 B9FF000000 mov ecx, 000000FF
:004C7DF9 BA01000000 mov edx, 00000001
:004C7DFE E899C3F3FF call 0040419C
:004C7E03 8B75EC mov esi, dword ptr [ebp-14]
:004C7E06 85F6 test esi, esi
:004C7E08 7E2B jle 004C7E35
:004C7E0A BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7E33(C)
|
:004C7E0F 8D45D4 lea eax, dword ptr [ebp-2C]
:004C7E12 50 push eax
:004C7E13 8B55EC mov edx, dword ptr [ebp-14]
:004C7E16 2BD3 sub edx, ebx
:004C7E18 42 inc edx
:004C7E19 B901000000 mov ecx, 00000001
:004C7E1E 8B45F8 mov eax, dword ptr [ebp-08]
:004C7E21 E836C3F3FF call 0040415C
:004C7E26 8D45D8 lea eax, dword ptr [ebp-28]
:004C7E29 8B55D4 mov edx, dword ptr [ebp-2C]
:004C7E2C E82BC1F3FF call 00403F5C
:004C7E31 43 inc ebx
:004C7E32 4E dec esi
:004C7E33 75DA jne 004C7E0F ; 这一段是把C_2取反,取完为止
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7E08(C)
|
:004C7E35 8D45F8 lea eax, dword ptr [ebp-08]
:004C7E38 8B55D8 mov edx, dword ptr [ebp-28]
:004C7E3B E82CBFF3FF call 00403D6C
:004C7E40 8D45E0 lea eax, dword ptr [ebp-20]
:004C7E43 B9FF000000 mov ecx, 000000FF
:004C7E48 BA01000000 mov edx, 00000001
:004C7E4D E84AC3F3FF call 0040419C
:004C7E52 8D45D8 lea eax, dword ptr [ebp-28]
:004C7E55 B9FF000000 mov ecx, 000000FF
:004C7E5A BA01000000 mov edx, 00000001
:004C7E5F E838C3F3FF call 0040419C
:004C7E64 C745E401000000 mov [ebp-1C], 00000001
:004C7E6B C645DE01 mov [ebp-22], 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7F0C(C)
|
:004C7E6F 8D45E0 lea eax, dword ptr [ebp-20]
:004C7E72 50 push eax
:004C7E73 8B4DE8 mov ecx, dword ptr [ebp-18]
:004C7E76 8B55E4 mov edx, dword ptr [ebp-1C]
:004C7E79 8B45F8 mov eax, dword ptr [ebp-08]
:004C7E7C E8DBC2F3FF call 0040415C
:004C7E81 8B45E4 mov eax, dword ptr [ebp-1C]
:004C7E84 0345E8 add eax, dword ptr [ebp-18]
:004C7E87 48 dec eax
:004C7E88 3B45EC cmp eax, dword ptr [ebp-14]
:004C7E8B 7E16 jle 004C7EA3
:004C7E8D 8B45EC mov eax, dword ptr [ebp-14]
:004C7E90 40 inc eax
:004C7E91 2B45E4 sub eax, dword ptr [ebp-1C]
:004C7E94 8945E8 mov dword ptr [ebp-18], eax
:004C7E97 807DDE00 cmp byte ptr [ebp-22], 00
:004C7E9B 7406 je 004C7EA3
:004C7E9D 8B45EC mov eax, dword ptr [ebp-14]
:004C7EA0 8945E8 mov dword ptr [ebp-18], eax
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004C7E8B(C), :004C7E9B(C)
|
:004C7EA3 C645DE00 mov [ebp-22], 00
:004C7EA7 8B75E8 mov esi, dword ptr [ebp-18]
:004C7EAA 85F6 test esi, esi
:004C7EAC 7E47 jle 004C7EF5
:004C7EAE BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7EF3(C)
|
:004C7EB3 8B45E0 mov eax, dword ptr [ebp-20]; 把C_2取反的字符串,每次取六位,取完为止传入eax,设为C_22
:004C7EB6 0FB67C18FF movzx edi, byte ptr [eax+ebx-01]; 依次取C_22
:004C7EBB 8B45F4 mov eax, dword ptr [ebp-0C] ; 把字符串yangyi传入eax,设为C_3
:004C7EBE 0FB64418FF movzx eax, byte ptr [eax+ebx-01]; 依次取C_3
:004C7EC3 33F8 xor edi, eax
:004C7EC5 8D45E0 lea eax, dword ptr [ebp-20]
:004C7EC8 B901000000 mov ecx, 00000001
:004C7ECD 8BD3 mov edx, ebx
:004C7ECF E8C8C2F3FF call 0040419C
:004C7ED4 8BC7 mov eax, edi
:004C7ED6 8845DF mov byte ptr [ebp-21], al
:004C7ED9 8D45AC lea eax, dword ptr [ebp-54]
:004C7EDC 8A55DF mov dl, byte ptr [ebp-21]
:004C7EDF E898BFF3FF call 00403E7C
:004C7EE4 8B45AC mov eax, dword ptr [ebp-54]
:004C7EE7 8D55E0 lea edx, dword ptr [ebp-20]
:004C7EEA 8BCB mov ecx, ebx
:004C7EEC E8F3C2F3FF call 004041E4
:004C7EF1 43 inc ebx
:004C7EF2 4E dec esi
:004C7EF3 75BE jne 004C7EB3 ; 这一段共计算三次,把三次的计算结果设为code1,code2,code3
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7EAC(C)
|
:004C7EF5 8D45D8 lea eax, dword ptr [ebp-28]
:004C7EF8 8B55E0 mov edx, dword ptr [ebp-20] ; 将计算得到的字符串传入edx
:004C7EFB E85CC0F3FF call 00403F5C
:004C7F00 8B45E8 mov eax, dword ptr [ebp-18]
:004C7F03 0145E4 add dword ptr [ebp-1C], eax
:004C7F06 8B45E4 mov eax, dword ptr [ebp-1C]
:004C7F09 3B45EC cmp eax, dword ptr [ebp-14]
:004C7F0C 0F8E5DFFFFFF jle 004C7E6F
:004C7F12 8D45F8 lea eax, dword ptr [ebp-08]
:004C7F15 8B55D8 mov edx, dword ptr [ebp-28]
:004C7F18 E84FBEF3FF call 00403D6C
:004C7F1D 8B45F8 mov eax, dword ptr [ebp-08]
:004C7F20 E82FC0F3FF call 00403F54
:004C7F25 83F804 cmp eax, 00000004
:004C7F28 7D10 jge 004C7F3A
:004C7F2A 8D45F8 lea eax, dword ptr [ebp-08]
:004C7F2D 8B4DF8 mov ecx, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"love"
|
:004C7F30 BA28854C00 mov edx, 004C8528
:004C7F35 E866C0F3FF call 00403FA0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7F28(C)
|
:004C7F3A 8B45F8 mov eax, dword ptr [ebp-08]
:004C7F3D E812C0F3FF call 00403F54
:004C7F42 8BC8 mov ecx, eax
:004C7F44 83E904 sub ecx, 00000004
:004C7F47 8D45F8 lea eax, dword ptr [ebp-08]
:004C7F4A BA01000000 mov edx, 00000001
:004C7F4F E848C2F3FF call 0040419C
:004C7F54 8B45F8 mov eax, dword ptr [ebp-08]
:004C7F57 E8F8BFF3FF call 00403F54
:004C7F5C 8945EC mov dword ptr [ebp-14], eax
:004C7F5F 8D45D8 lea eax, dword ptr [ebp-28]
:004C7F62 B9FF000000 mov ecx, 000000FF
:004C7F67 BA01000000 mov edx, 00000001
:004C7F6C E82BC2F3FF call 0040419C
:004C7F71 8D55D8 lea edx, dword ptr [ebp-28]
:004C7F74 A140034D00 mov eax, dword ptr [004D0340]
:004C7F79 8B00 mov eax, dword ptr [eax]
:004C7F7B 8B80E8020000 mov eax, dword ptr [eax+000002E8]
:004C7F81 E806B2F6FF call 0043318C
:004C7F86 8B75EC mov esi, dword ptr [ebp-14]
:004C7F89 85F6 test esi, esi
:004C7F8B 0F8EB1000000 jle 004C8042
:004C7F91 BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C803C(C)
|
:004C7F96 8B45F8 mov eax, dword ptr [ebp-08]; 把字符串code3+code2+code3的结果传入eax,设为sum_1
:004C7F99 0FB67C18FF movzx edi, byte ptr [eax+ebx-01]; 依次取sum_1
:004C7F9E 037DF0 add edi, dword ptr [ebp-10]; edi=edi+[ebp-10] ebp-10的值为0x14
:004C7FA1 81FFFF000000 cmp edi, 000000FF ; 这里的比较和第一部分的注册码的比较是一样的。
:004C7FA7 7E06 jle 004C7FAF
:004C7FA9 81EFFF000000 sub edi, 000000FF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7FA7(C)
|
:004C7FAF 85FF test edi, edi
:004C7FB1 7D06 jge 004C7FB9
:004C7FB3 81C7FF000000 add edi, 000000FF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7FB1(C)
|
:004C7FB9 8D45C4 lea eax, dword ptr [ebp-3C]
:004C7FBC 8BD3 mov edx, ebx
:004C7FBE 4A dec edx
:004C7FBF 03D2 add edx, edx
:004C7FC1 8B4DD8 mov ecx, dword ptr [ebp-28]
:004C7FC4 8A1411 mov dl, byte ptr [ecx+edx]; 取第二部分的假码的奇数位
:004C7FC7 885001 mov byte ptr [eax+01], dl
:004C7FCA C60001 mov byte ptr [eax], 01
:004C7FCD 8D55C4 lea edx, dword ptr [ebp-3C]
:004C7FD0 8D45C0 lea eax, dword ptr [ebp-40]
:004C7FD3 E8F0AAF3FF call 00402AC8
:004C7FD8 8D45BC lea eax, dword ptr [ebp-44]
:004C7FDB 8BD3 mov edx, ebx
:004C7FDD 4A dec edx
:004C7FDE 03D2 add edx, edx
:004C7FE0 8B4DD8 mov ecx, dword ptr [ebp-28]
:004C7FE3 8A541101 mov dl, byte ptr [ecx+edx+01]; 取第二部分的假码的偶数位
:004C7FE7 885001 mov byte ptr [eax+01], dl
:004C7FEA C60001 mov byte ptr [eax], 01
:004C7FED 8D55BC lea edx, dword ptr [ebp-44]
:004C7FF0 8D45C0 lea eax, dword ptr [ebp-40]
:004C7FF3 B102 mov cl, 02
:004C7FF5 E89EAAF3FF call 00402A98
:004C7FFA 8D55C0 lea edx, dword ptr [ebp-40]
:004C7FFD 8D45A8 lea eax, dword ptr [ebp-58]
:004C8000 E8F3BEF3FF call 00403EF8
:004C8005 8B45A8 mov eax, dword ptr [ebp-58]
:004C8008 50 push eax
:004C8009 8D45A4 lea eax, dword ptr [ebp-5C]
:004C800C 50 push eax
:004C800D 897DB0 mov dword ptr [ebp-50], edi
:004C8010 C645B400 mov [ebp-4C], 00
:004C8014 8D55B0 lea edx, dword ptr [ebp-50]
:004C8017 33C9 xor ecx, ecx
* Possible StringData Ref from Code Obj ->"%1.2x"
|
:004C8019 B838854C00 mov eax, 004C8538
:004C801E E88517F4FF call 004097A8
:004C8023 8B55A4 mov edx, dword ptr [ebp-5C]; 把上面与edi相加的结果传入edx
:004C8026 58 pop eax ; 假码的每两位出栈
:004C8027 E838C0F3FF call 00404064
:004C802C 0F9445D3 sete byte ptr [ebp-2D]
:004C8030 807DD300 cmp byte ptr [ebp-2D], 00
:004C8034 0F845D040000 je 004C8497 ; 如果注册码相等就不跳
:004C803A 43 inc ebx
:004C803B 4E dec esi
:004C803C 0F8554FFFFFF jne 004C7F96 ; 未取到四位,继续
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C7F8B(C)
|
:004C8042 8D55F8 lea edx, dword ptr [ebp-08]
:004C8045 A140034D00 mov eax, dword ptr [004D0340]
:004C804A 8B00 mov eax, dword ptr [eax]
:004C804C 8B80D0020000 mov eax, dword ptr [eax+000002D0]
:004C8052 E835B1F6FF call 0043318C
:004C8057 8D45F4 lea eax, dword ptr [ebp-0C]
* Possible StringData Ref from Code Obj ->"ILoveYang"
|
:004C805A BA58854C00 mov edx, 004C8558
:004C805F E808BDF3FF call 00403D6C
:004C8064 8D55F8 lea edx, dword ptr [ebp-08]
:004C8067 8B45FC mov eax, dword ptr [ebp-04]
:004C806A E82567FFFF call 004BE794
:004C806F 8B45F8 mov eax, dword ptr [ebp-08]
:004C8072 E8DDBEF3FF call 00403F54
:004C8077 8945EC mov dword ptr [ebp-14], eax
:004C807A 8B45F4 mov eax, dword ptr [ebp-0C]
:004C807D E8D2BEF3FF call 00403F54
:004C8082 8945E8 mov dword ptr [ebp-18], eax
:004C8085 C745F08C000000 mov [ebp-10], 0000008C
:004C808C 8D45D8 lea eax, dword ptr [ebp-28]
:004C808F 8B4DD8 mov ecx, dword ptr [ebp-28]
* Possible StringData Ref from Code Obj ->"Book"
|
:004C8092 BA6C854C00 mov edx, 004C856C
:004C8097 E804BFF3FF call 00403FA0
:004C809C 8D45D8 lea eax, dword ptr [ebp-28]
:004C809F B9FF000000 mov ecx, 000000FF
:004C80A4 BA01000000 mov edx, 00000001
:004C80A9 E8EEC0F3FF call 0040419C
:004C80AE BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C80D9(C)
|
:004C80B3 8D45D4 lea eax, dword ptr [ebp-2C]
:004C80B6 50 push eax
:004C80B7 8B55EC mov edx, dword ptr [ebp-14]
:004C80BA 2BD3 sub edx, ebx
:004C80BC 42 inc edx
:004C80BD B901000000 mov ecx, 00000001
:004C80C2 8B45F8 mov eax, dword ptr [ebp-08]
:004C80C5 E892C0F3FF call 0040415C
:004C80CA 8D45D8 lea eax, dword ptr [ebp-28]
:004C80CD 8B55D4 mov edx, dword ptr [ebp-2C]
:004C80D0 E887BEF3FF call 00403F5C
:004C80D5 43 inc ebx
:004C80D6 83FB05 cmp ebx, 00000005
:004C80D9 75D8 jne 004C80B3 ; 这一小结是取C_2取反后的前四位
:004C80DB 8D45F8 lea eax, dword ptr [ebp-08]
:004C80DE 8B55D8 mov edx, dword ptr [ebp-28]
:004C80E1 E886BCF3FF call 00403D6C
:004C80E6 8B45F8 mov eax, dword ptr [ebp-08]
:004C80E9 E866BEF3FF call 00403F54
:004C80EE 8945EC mov dword ptr [ebp-14], eax
:004C80F1 8D45D8 lea eax, dword ptr [ebp-28]
:004C80F4 B9FF000000 mov ecx, 000000FF
:004C80F9 BA01000000 mov edx, 00000001
:004C80FE E899C0F3FF call 0040419C
:004C8103 8B75EC mov esi, dword ptr [ebp-14]
:004C8106 85F6 test esi, esi
:004C8108 7E2B jle 004C8135
:004C810A BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C8133(C)
|
:004C810F 8D45D4 lea eax, dword ptr [ebp-2C]
:004C8112 50 push eax
:004C8113 8B55EC mov edx, dword ptr [ebp-14]
:004C8116 2BD3 sub edx, ebx
:004C8118 42 inc edx
:004C8119 B901000000 mov ecx, 00000001
:004C811E 8B45F8 mov eax, dword ptr [ebp-08]
:004C8121 E836C0F3FF call 0040415C
:004C8126 8D45D8 lea eax, dword ptr [ebp-28]
:004C8129 8B55D4 mov edx, dword ptr [ebp-2C]
:004C812C E82BBEF3FF call 00403F5C
:004C8131 43 inc ebx
:004C8132 4E dec esi
:004C8133 75DA jne 004C810F ; 把取到的四位字符串又倒序,设为2_C_1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C8108(C)
|
:004C8135 8D45F8 lea eax, dword ptr [ebp-08]
:004C8138 8B55D8 mov edx, dword ptr [ebp-28]
:004C813B E82CBCF3FF call 00403D6C
:004C8140 8D45E0 lea eax, dword ptr [ebp-20]
:004C8143 B9FF000000 mov ecx, 000000FF
:004C8148 BA01000000 mov edx, 00000001
:004C814D E84AC0F3FF call 0040419C
:004C8152 8D45D8 lea eax, dword ptr [ebp-28]
:004C8155 B9FF000000 mov ecx, 000000FF
:004C815A BA01000000 mov edx, 00000001
:004C815F E838C0F3FF call 0040419C
:004C8164 C745E401000000 mov [ebp-1C], 00000001
:004C816B C645DE01 mov [ebp-22], 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C820C(C)
|
:004C816F 8D45E0 lea eax, dword ptr [ebp-20]
:004C8172 50 push eax
:004C8173 8B4DE8 mov ecx, dword ptr [ebp-18]
:004C8176 8B55E4 mov edx, dword ptr [ebp-1C]
:004C8179 8B45F8 mov eax, dword ptr [ebp-08]
:004C817C E8DBBFF3FF call 0040415C
:004C8181 8B45E4 mov eax, dword ptr [ebp-1C]
:004C8184 0345E8 add eax, dword ptr [ebp-18]
:004C8187 48 dec eax
:004C8188 3B45EC cmp eax, dword ptr [ebp-14]
:004C818B 7E16 jle 004C81A3
:004C818D 8B45EC mov eax, dword ptr [ebp-14]
:004C8190 40 inc eax
:004C8191 2B45E4 sub eax, dword ptr [ebp-1C]
:004C8194 8945E8 mov dword ptr [ebp-18], eax
:004C8197 807DDE00 cmp byte ptr [ebp-22], 00
:004C819B 7406 je 004C81A3
:004C819D 8B45EC mov eax, dword ptr [ebp-14]
:004C81A0 8945E8 mov dword ptr [ebp-18], eax
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004C818B(C), :004C819B(C)
|
:004C81A3 C645DE00 mov [ebp-22], 00
:004C81A7 8B75E8 mov esi, dword ptr [ebp-18]
:004C81AA 85F6 test esi, esi
:004C81AC 7E47 jle 004C81F5
:004C81AE BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C81F3(C)
|
:004C81B3 8B45E0 mov eax, dword ptr [ebp-20]
:004C81B6 0FB67C18FF movzx edi, byte ptr [eax+ebx-01]; 依次取2_C_1
:004C81BB 8B45F4 mov eax, dword ptr [ebp-0C] ; 把字符串"ILoveYang"传入eax
:004C81BE 0FB64418FF movzx eax, byte ptr [eax+ebx-01]; 依次取ILoveYang 设为I_1
:004C81C3 33F8 xor edi, eax
:004C81C5 8D45E0 lea eax, dword ptr [ebp-20]
:004C81C8 B901000000 mov ecx, 00000001
:004C81CD 8BD3 mov edx, ebx
:004C81CF E8C8BFF3FF call 0040419C
:004C81D4 8BC7 mov eax, edi
:004C81D6 8845DF mov byte ptr [ebp-21], al
:004C81D9 8D45A0 lea eax, dword ptr [ebp-60]
:004C81DC 8A55DF mov dl, byte ptr [ebp-21]
:004C81DF E898BCF3FF call 00403E7C
:004C81E4 8B45A0 mov eax, dword ptr [ebp-60]
:004C81E7 8D55E0 lea edx, dword ptr [ebp-20]
:004C81EA 8BCB mov ecx, ebx
:004C81EC E8F3BFF3FF call 004041E4
:004C81F1 43 inc ebx
:004C81F2 4E dec esi
:004C81F3 75BE jne 004C81B3 ; 只循环字符串2_C_1的位数,即循环四次
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C81AC(C)
|
:004C81F5 8D45D8 lea eax, dword ptr [ebp-28]
:004C81F8 8B55E0 mov edx, dword ptr [ebp-20]; 把上一小结计算得到的字符串传入edx 设为end_1
:004C81FB E85CBDF3FF call 00403F5C
:004C8200 8B45E8 mov eax, dword ptr [ebp-18]
:004C8203 0145E4 add dword ptr [ebp-1C], eax
:004C8206 8B45E4 mov eax, dword ptr [ebp-1C]
:004C8209 3B45EC cmp eax, dword ptr [ebp-14]
:004C820C 0F8E5DFFFFFF jle 004C816F
:004C8212 8D45F8 lea eax, dword ptr [ebp-08]
:004C8215 8B55D8 mov edx, dword ptr [ebp-28]
:004C8218 E84FBBF3FF call 00403D6C
:004C821D 8D45D8 lea eax, dword ptr [ebp-28]
:004C8220 B9FF000000 mov ecx, 000000FF
:004C8225 BA01000000 mov edx, 00000001
:004C822A E86DBFF3FF call 0040419C
:004C822F 8D55D8 lea edx, dword ptr [ebp-28]
:004C8232 A140034D00 mov eax, dword ptr [004D0340]
:004C8237 8B00 mov eax, dword ptr [eax]
:004C8239 8B80EC020000 mov eax, dword ptr [eax+000002EC]
:004C823F E848AFF6FF call 0043318C
:004C8244 8B75EC mov esi, dword ptr [ebp-14]
:004C8247 85F6 test esi, esi
:004C8249 0F8EB1000000 jle 004C8300
:004C824F BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C82FA(C)
|
:004C8254 8B45F8 mov eax, dword ptr [ebp-08]
:004C8257 0FB67C18FF movzx edi, byte ptr [eax+ebx-01]; 依次取end_1
:004C825C 037DF0 add edi, dword ptr [ebp-10] ; 依次取得的字符+[ebp-10],ebp-10里的数值为0x8c
:004C825F 81FFFF000000 cmp edi, 000000FF ; 注册码的比较都相同,就不再熬述了。
:004C8265 7E06 jle 004C826D
:004C8267 81EFFF000000 sub edi, 000000FF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C8265(C)
|
:004C826D 85FF test edi, edi
:004C826F 7D06 jge 004C8277
:004C8271 81C7FF000000 add edi, 000000FF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C826F(C)
|
:004C8277 8D45C4 lea eax, dword ptr [ebp-3C]
:004C827A 8BD3 mov edx, ebx
:004C827C 4A dec edx
:004C827D 03D2 add edx, edx
:004C827F 8B4DD8 mov ecx, dword ptr [ebp-28]
:004C8282 8A1411 mov dl, byte ptr [ecx+edx]
:004C8285 885001 mov byte ptr [eax+01], dl
:004C8288 C60001 mov byte ptr [eax], 01
:004C828B 8D55C4 lea edx, dword ptr [ebp-3C]
:004C828E 8D45C0 lea eax, dword ptr [ebp-40]
:004C8291 E832A8F3FF call 00402AC8
:004C8296 8D45BC lea eax, dword ptr [ebp-44]
:004C8299 8BD3 mov edx, ebx
:004C829B 4A dec edx
:004C829C 03D2 add edx, edx
:004C829E 8B4DD8 mov ecx, dword ptr [ebp-28]
:004C82A1 8A541101 mov dl, byte ptr [ecx+edx+01]
:004C82A5 885001 mov byte ptr [eax+01], dl
:004C82A8 C60001 mov byte ptr [eax], 01
:004C82AB 8D55BC lea edx, dword ptr [ebp-44]
:004C82AE 8D45C0 lea eax, dword ptr [ebp-40]
:004C82B1 B102 mov cl, 02
:004C82B3 E8E0A7F3FF call 00402A98
:004C82B8 8D55C0 lea edx, dword ptr [ebp-40]
:004C82BB 8D459C lea eax, dword ptr [ebp-64]
:004C82BE E835BCF3FF call 00403EF8
:004C82C3 8B459C mov eax, dword ptr [ebp-64]
:004C82C6 50 push eax
:004C82C7 8D4598 lea eax, dword ptr [ebp-68]
:004C82CA 50 push eax
:004C82CB 897DB0 mov dword ptr [ebp-50], edi
:004C82CE C645B400 mov [ebp-4C], 00
:004C82D2 8D55B0 lea edx, dword ptr [ebp-50]
:004C82D5 33C9 xor ecx, ecx
* Possible StringData Ref from Code Obj ->"%1.2x"
|
:004C82D7 B838854C00 mov eax,
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据
人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>