下载地址: http://www.softreg.com.cn/shareware_view.asp?id=/F7A73990-2DF1-450D-B024-AD747C26D297/
软件大小: 301K
软件评价: ***
适用平台: Win9x, WinME, WinNT, Win2000, WinXP
作者主页: http://www.wbj2000.com
【软件简介】:操作特性非常好的俄罗斯方块。界面简洁。
【软件限制】:30天试用。
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、PEiD、W32Dasm 9.0白金版
—————————————————————————————————
【过 程】:
PSDE_DEMO_RUSSIA.exe 无壳。 Visual C++ 6.0 编写。
用户名:fly
试炼码:13572468
—————————————————————————————————
:004024E1 FFD3 call ebx
:004024E3 A19C974000 mov eax, dword ptr [0040979C]
====>EAX=fly
:004024E8 803800 cmp byte ptr [eax], 00
====>没有 用户名?
:004024EB 0F8400010000 je 004025F1
:004024F1 8B0D90974000 mov ecx, dword ptr [00409790]
====>ECX=13572468
:004024F7 803900 cmp byte ptr [ecx], 00
====>没有 注册码?
:004024FA 0F84F1000000 je 004025F1
:00402500 50 push eax
:00402501 E80AFEFFFF call 00402310
====>算法CALL!进入!
:00402506 8B3D90974000 mov edi, dword ptr [00409790]
====>EDI=13572468 试炼码
:0040250C A19C974000 mov eax, dword ptr [0040979C]
====>EAX=M7770770 注册码
:00402511 83C404 add esp, 00000004
:00402514 8BF7 mov esi, edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402534(C)
====>下面是逐位比较了,有一处不同就OVER了。
:00402516 8A10 mov dl, byte ptr [eax]
:00402518 8ACA mov cl, dl
:0040251A 3A16 cmp dl, byte ptr [esi]
:0040251C 751C jne 0040253A
:0040251E 84C9 test cl, cl
:00402520 7414 je 00402536
:00402522 8A5001 mov dl, byte ptr [eax+01]
:00402525 8ACA mov cl, dl
:00402527 3A5601 cmp dl, byte ptr [esi+01]
:0040252A 750E jne 0040253A
:0040252C 83C002 add eax, 00000002
:0040252F 83C602 add esi, 00000002
:00402532 84C9 test cl, cl
:00402534 75E0 jne 00402516
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402520(C)
|
:00402536 33C0 xor eax, eax
:00402538 EB05 jmp 0040253F
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040251C(C), :0040252A(C)
|
:0040253A 1BC0 sbb eax, eax
====>跳到这就OVER了!
:0040253C 83D8FF sbb eax, FFFFFFFF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402538(U)
|
:0040253F 85C0 test eax, eax
:00402541 7476 je 004025B9
* Possible Reference to Dialog:
|
:00402543 BEEC904000 mov esi, 004090EC
:00402548 8BC7 mov eax, edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402568(C)
|
:0040254A 8A10 mov dl, byte ptr [eax]
:0040254C 8ACA mov cl, dl
:0040254E 3A16 cmp dl, byte ptr [esi]
:00402550 751C jne 0040256E
:00402552 84C9 test cl, cl
:00402554 7414 je 0040256A
:00402556 8A5001 mov dl, byte ptr [eax+01]
:00402559 8ACA mov cl, dl
:0040255B 3A5601 cmp dl, byte ptr [esi+01]
:0040255E 750E jne 0040256E
:00402560 83C002 add eax, 00000002
:00402563 83C602 add esi, 00000002
:00402566 84C9 test cl, cl
:00402568 75E0 jne 0040254A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402554(C)
|
:0040256A 33C0 xor eax, eax
:0040256C EB05 jmp 00402573
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00402550(C), :0040255E(C)
|
:0040256E 1BC0 sbb eax, eax
:00402570 83D8FF sbb eax, FFFFFFFF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040256C(U)
|
:00402573 85C0 test eax, eax
:00402575 7442 je 004025B9
:00402577 A194974000 mov eax, dword ptr [00409794]
:0040257C 6A00 push 00000000
:0040257E 83F803 cmp eax, 00000003
* Possible StringData Ref from Data Obj ->"用户注册"
|
:00402581 68E0904000 push 004090E0
:00402586 7D23 jge 004025AB
* Possible StringData Ref from Data Obj ->"注册码错误!请重新输入!"
====>BAD BOY!
:00402588 68C4904000 push 004090C4
:0040258D 55 push ebp
* Reference To: USER32.MessageBoxA, Ord:01BEh
|
:0040258E FF1534714000 Call dword ptr [00407134]
:00402594 A194974000 mov eax, dword ptr [00409794]
:00402599 5F pop edi
:0040259A 40 inc eax
:0040259B 5E pop esi
:0040259C A394974000 mov dword ptr [00409794], eax
:004025A1 5D pop ebp
:004025A2 B801000000 mov eax, 00000001
:004025A7 5B pop ebx
:004025A8 C21000 ret 0010
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402586(C)
|
* Possible StringData Ref from Data Obj ->"注册码错误!"
|
:004025AB 68B4904000 push 004090B4
:004025B0 55 push ebp
* Reference To: USER32.MessageBoxA, Ord:01BEh
|
:004025B1 FF1534714000 Call dword ptr [00407134]
:004025B7 EB2B jmp 004025E4
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00402541(C), :00402575(C)
|
:004025B9 8B3D9C974000 mov edi, dword ptr [0040979C]
:004025BF B940000000 mov ecx, 00000040
:004025C4 33C0 xor eax, eax
:004025C6 C7058097400001000000 mov dword ptr [00409780], 00000001
:004025D0 F3 repz
:004025D1 AB stosd
:004025D2 A19C974000 mov eax, dword ptr [0040979C]
:004025D7 50 push eax
:004025D8 6A10 push 00000010
:004025DA 6A0D push 0000000D
:004025DC 68F7030000 push 000003F7
:004025E1 55 push ebp
:004025E2 FFD3 call ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004025B7(U)
|
:004025E4 6A00 push 00000000
:004025E6 6A00 push 00000000
:004025E8 6A10 push 00000010
:004025EA 55 push ebp
* Reference To: USER32.PostMessageA, Ord:01DEh
|
:004025EB FF1520714000 Call dword ptr [00407120]
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004023AB(C), :00402457(C), :004024EB(C), :004024FA(C)
|
:004025F1 5F pop edi
:004025F2 5E pop esi
:004025F3 5D pop ebp
:004025F4 B801000000 mov eax, 00000001
:004025F9 5B pop ebx
:004025FA C21000 ret 0010
—————————————————————————————————
进入算法CALL:402501 call 00402310
* Referenced by a CALL at Addresses:
|:00402501 , :0040270D
|
:00402310 53 push ebx
:00402311 56 push esi
:00402312 57 push edi
:00402313 8B7C2410 mov edi, dword ptr [esp+10]
====>EDI=fly
:00402317 32DB xor bl, bl
:00402319 8BCF mov ecx, edi
:0040231B 8A07 mov al, byte ptr [edi]
====>逐位取fly字符的HEX值
:0040231D 84C0 test al, al
:0040231F 740A je 0040232B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402329(C)
|
:00402321 02D8 add bl, al
1、 ====>BL=00 + 66=66
2、 ====>BL=66 + 6C=D2
3、 ====>BL=D2 + 79=4B 进位1舍去
:00402323 8A4101 mov al, byte ptr [ecx+01]
:00402326 41 inc ecx
:00402327 84C0 test al, al
:00402329 75F6 jne 00402321
====>逐位相加用户名字符的HEX值
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040231F(C)
|
:0040232B A18C974000 mov eax, dword ptr [0040978C]
====>EAX=[0040978C]=00989682
:00402330 33F6 xor esi, esi
:00402332 A398974000 mov dword ptr [00409798], eax
====>[00409798]=EAX=00989682 程序自给
:00402337 A188974000 mov eax, dword ptr [00409788]
====>EAX=[00409788]=8 程序自给
:0040233C 85C0 test eax, eax
:0040233E 7E2D jle 0040236D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040236B(C)
|
:00402340 8A0C3E mov cl, byte ptr [esi+edi]
====>逐位取fly字符的HEX值,不够8位补00
:00402343 32CB xor cl, bl
1、 ====>CL=66 XOR 4B=2D
2、 ====>CL=6C XOR 4B=27
3、 ====>CL=79 XOR 4B=32
4、 ====>CL=00 XOR 4B=4B
5、 ====>CL=00 XOR 4B=4B
6、 ====>CL=00 XOR 4B=4B
7、 ====>CL=00 XOR 4B=4B
8、 ====>CL=00 XOR 4B=4B
:00402345 51 push ecx
:00402346 E895FFFFFF call 004022E0
====>子运算CALL!得出下面的AL值!
:0040234B 83C404 add esp, 00000004
:0040234E 88043E mov byte ptr [esi+edi], al
:00402351 3C0A cmp al, 0A
====>AL 与 A 比较
:00402353 0FBEC0 movsx eax, al
:00402356 7D05 jge 0040235D
====>AL值 小于 A 则加30,否则跳下去加41,
:00402358 83C030 add eax, 00000030
2、 ====>EAX=00000007 + 00000030=37 即:字符 7
3、 ====>EAX=00000007 + 00000030=37 即:字符 7
4、 ====>EAX=00000007 + 00000030=37 即:字符 7
5、 ====>EAX=00000000 + 00000030=30 即:字符 0
6、 ====>EAX=00000000 + 00000030=30 即:字符 0
7、 ====>EAX=00000007 + 00000030=37 即:字符 7
8、 ====>EAX=00000000 + 00000030=30 即:字符 0
:0040235B EB03 jmp 00402360
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402356(C)
|
:0040235D 83C041 add eax, 00000041
1、 ====>EAX=0000000C + 00000041=4D 即:字符 M
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040235B(U)
|
:00402360 88043E mov byte ptr [esi+edi], al
====>AL 存入[esi+edi]处
====>最后得出:M7770070 这就是我的注册码了!
:00402363 A188974000 mov eax, dword ptr [00409788]
====>EAX=[00409788]=8
:00402368 46 inc esi
:00402369 3BF0 cmp esi, eax
:0040236B 7CD3 jl 00402340
====>共循环8次!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040233E(C)
|
:0040236D C6043800 mov byte ptr [eax+edi], 00
:00402371 5F pop edi
:00402372 5E pop esi
:00402373 5B pop ebx
:00402374 C3 ret
—————————————————————————————————
进入子运算CALL:00402346 call 004022E0
* Referenced by a CALL at Address:
|:00402346
|
:004022E0 0FBE442404 movsx eax, byte ptr [esp+04]
1、 ====>EAX=2D
2、 ====>EAX=27
3、 ====>EAX=32
4、 ====>EAX=4B
5、 ====>EAX=4B
6、 ====>EAX=4B
7、 ====>EAX=4B
8、 ====>EAX=4B
:004022E5 030598974000 add eax, dword ptr [00409798]
1、 ====>EAX=2D + 00989682=009896AF
2、 ====>EAX=27 + 491C14F8=491C151F
3、 ====>EAX=32 + 0BE7A0E8=0BE7A11A
4、 ====>EAX=4B + 2F5799DB=2F579A26
5、 ====>EAX=4B + C3079BC7=C3079C12
6、 ====>EAX=4B + 6D90A193=6D90A1DE
7、 ====>EAX=4B + D0409E3F=D0409E8A
8、 ====>EAX=4B + 4DB73CCB=4DB73D16
:004022EB 69C0697DAE42 imul eax, 42AE7D69
1、 ====>EAX=009896AF * 42AE7D69=491B40C7
2、 ====>EAX=491C151F * 42AE7D69=0BE6CCB7
3、 ====>EAX=0BE7A11A * 42AE7D69=2F56C5AA
4、 ====>EAX=2F579A26 * 42AE7D69=C306C796
5、 ====>EAX=C3079C12 * 42AE7D69=6D8FCD62
6、 ====>EAX=6D90A1DE * 42AE7D69=D03FCA0E
7、 ====>EAX=D0409E8A * 42AE7D69=4DB6689A
8、 ====>EAX=4DB73D16 * 42AE7D69=89EFCC06
:004022F1 0531D40000 add eax, 0000D431
1、 ====>EAX=491B40C7 + 0000D431=491C14F8
2、 ====>EAX=0BE6CCB7 + 0000D431=0BE7A0E8
3、 ====>EAX=2F56C5AA + 0000D431=2F5799DB
4、 ====>EAX=C306C796 + 0000D431=C3079BC7
5、 ====>EAX=6D8FCD62 + 0000D431=6D90A193
6、 ====>EAX=D03FCA0E + 0000D431=D0409E3F
7、 ====>EAX=4DB6689A + 0000D431=4DB73CCB
8、 ====>EAX=89EFCC06 + 0000D431=89F0A037
:004022F6 A398974000 mov dword ptr [00409798], eax
====>[00409798]=EAX
:004022FB C1F810 sar eax, 10
1、 ====>EAX=491C14F8 SAR 10=0000491C
2、 ====>EAX=0BE7A0E8 SAR 10=00000BE7
3、 ====>EAX=2F5799DB SAR 10=00002F57
4、 ====>EAX=C3079BC7 SAR 10=FFFFC307
5、 ====>EAX=6D90A193 SAR 10=00006D90
6、 ====>EAX=D0409E3F SAR 10=FFFFD040
7、 ====>EAX=4DB73CCB SAR 10=00004DB7
8、 ====>EAX=89F0A037 SAR 10=FFFF89F0
:004022FE 83E00F and eax, 0000000F
1、 ====>EAX=0000491C AND 0000000F=0000000C
2、 ====>EAX=00000BE7 AND 0000000F=00000007
3、 ====>EAX=00002F57 AND 0000000F=00000007
4、 ====>EAX=FFFFC307 AND 0000000F=00000007
5、 ====>EAX=00006D90 AND 0000000F=00000000
6、 ====>EAX=FFFFD040 AND 0000000F=00000000
7、 ====>EAX=00004DB7 AND 0000000F=00000007
8、 ====>EAX=FFFF89F0 AND 0000000F=00000000
:00402301 C3 ret
—————————————————————————————————
【KeyMake之{62th}内存注册机】:
中断地址:402516
中断次数:1
第一字节:8A
指令长度:2
内存方式:EAX
—————————————————————————————————
【注册信息保存】:
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\PSDE_DEMO_RUSSIA]
@="PSDE_DEMO_RUSSIA"
"Version"="1.00"
"First"="2003/04/16"
"UserName"="fly"
"UserPassword"="M7770070"
—————————————————————————————————
【整 理】:
用户名:fly
注册码:M7770070
—————————————————————————————————
Cracked By 巢水工作坊——fly [OCN][FCG]
2003-4-17 2:23
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
热门文章 去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据
人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>