您的位置:首页精文荟萃破解文章 → Easy CD Ripper 1.33 的粗略分析

Easy CD Ripper 1.33 的粗略分析

时间:2004/10/15 1:03:00来源:本站整理作者:蓝点我要评论(0)

 





 








【破解工具】:TRW2000 1.23、FI2.4  
【作者声明】:初学Crack,只是感兴趣,没有其它目的.  
【过    程】:  
由于Easy CD Ripper好像能检测出Trw,所以要先运行Easy CD Ripper,再运行Trw2000.  
下断点bpx hmemcpy,pmodule,F10,来到下面:  
016F:00484AF4  CALL    0042FEA0    //取用户名  
016F:00484AF9  MOV      EAX,[EBP-08] //放在eax中  
            .  
            .  //省略n行代码  
016F:00484B50  MOV      EAX,[EBP-0C] //我们输入的注册码  
016F:00484B53  CALL    00408818    //对注册码进行处理  
                |  
                |----016F:00408818  PUSH    EBX  
                |    016F:00408819  PUSH    ESI  
                |    016F:0040881A  ADD      ESP,BYTE -0C  
                |    016F:0040881D  MOV      EBX,EAX  
                |    016F:0040881F  MOV      EDX,ESP  
                |    016F:00408821  MOV      EAX,EBX  
                |    016F:00408823  CALL    00402B38    //这里是对我们输入的注册码进行处理  
                |                    |                    //代码如下:  
                |                    |--016F:00402B38  PUSH    EBX  
                                        016F:00402B39  PUSH    ESI  
                                        016F:00402B3A  PUSH    EDI  
                                        016F:00402B3B  MOV      ESI,EAX  
                                        016F:00402B3D  PUSH    EAX  
                                        016F:00402B3E  TEST    EAX,EAX  
                                        016F:00402B40  JZ      00402BB5  
                                        016F:00402B42  XOR      EAX,EAX  
                                        016F:00402B44  XOR      EBX,EBX  
                                        016F:00402B46  MOV      EDI,0CCCCCCC  
                                        016F:00402B4B  MOV      BL,[ESI] //这里指向我们的注册码  
                                        016F:00402B4D  INC      ESI  
                                        016F:00402B4E  CMP      BL,20  
                                        016F:00402B51  JZ      00402B4B  
                                        016F:00402B53  MOV      CH,00  
                                        016F:00402B55  CMP      BL,2D  
                                        016F:00402B58  JZ      00402BC3  
                                        016F:00402B5A  CMP      BL,2B  
                                        016F:00402B5D  JZ      00402BC5  
                                        016F:00402B5F  CMP      BL,24  
                                        016F:00402B62  JZ      00402BCA  
                                        016F:00402B64  CMP      BL,78  
                                        016F:00402B67  JZ      00402BCA  
                                        016F:00402B69  CMP      BL,58  
                                        016F:00402B6C  JZ      00402BCA  
                                        016F:00402B6E  CMP      BL,30  
                                        016F:00402B71  JNZ      00402B86  
                                        016F:00402B73  MOV      BL,[ESI]  
                                        016F:00402B75  INC      ESI  
                                        016F:00402B76  CMP      BL,78  
                                        016F:00402B79  JZ      00402BCA  
                                        016F:00402B7B  CMP      BL,58  
                                        016F:00402B7E  JZ      00402BCA  
                                        016F:00402B80  TEST    BL,BL  
                                        016F:00402B82  JZ      00402BA4  
                                        016F:00402B84  JMP      SHORT 00402B8A  
                                        016F:00402B86  TEST    BL,BL  
                                        016F:00402B88  JZ      00402BBE  
                                        016F:00402B8A  SUB      BL,30  
                                        016F:00402B8D  CMP      BL,09  
                                        016F:00402B90  JA      00402BBE  
                                        016F:00402B92  CMP      EAX,EDI  
                                        016F:00402B94  JA      00402BBE  
                                        016F:00402B96  LEA      EAX,[EAX+EAX*4] //eax=eax+eax*4  
                                        016F:00402B99  ADD      EAX,EAX        //eax=eax+eax  
                                        016F:00402B9B  ADD      EAX,EBX        //eax=eax+ebx  
                                        016F:00402B9D  MOV      BL,[ESI]  
                                        016F:00402B9F  INC      ESI  
                                        016F:00402BA0  TEST    BL,BL  
                                        016F:00402BA2  JNZ      00402B8A  
                                        016F:00402BA4  DEC      CH  
                                        016F:00402BA6  JZ      00402BB8  
                                        016F:00402BA8  TEST    EAX,EAX  
                                        016F:00402BAA  JL      00402BBE  
                                        016F:00402BAC  POP      ECX  
                                        016F:00402BAD  XOR      ESI,ESI  
                                        016F:00402BAF  MOV      [EDX],ESI  
                                        016F:00402BB1  POP      EDI  
                                        016F:00402BB2  POP      ESI  
                                        016F:00402BB3  POP      EBX  
                                        016F:00402BB4  RET    
                |          . \  
                |          . / 省略n行代码  
                |----016F:00408850  RET    
            .  
            .  
            .//省略n行代码  
016F:00484B70  PUSH    BYTE +00  
016F:00484B72  PUSH    BYTE +00  
016F:00484B74  PUSH    DWORD 8193  
016F:00484B79  MOV      EAX,[EBP-04]  
016F:00484B7C  CALL    00435F78  
016F:00484B81  PUSH    EAX  
016F:00484B82  CALL    `USER32!SendMessageA`  
016F:00484B87  MOV      EAX,[00492E00]  //取出通过用户名(wolverine[CCG])算出的数字.eax=1557FH  
016F:00484B8C  XOR      EDX,EDX  
016F:00484B8E  PUSH    EDX  
016F:00484B8F  PUSH    EAX  
016F:00484B90  MOV      EAX,EBX              //eax=通过我们输入的注册码算出的数字  
016F:00484B92  CDQ    
016F:00484B93  CMP      EDX,[ESP+04]  
016F:00484B97  JNZ      00484B9C  
016F:00484B99  CMP      EAX,[ESP]          //比较是否相等  
016F:00484B9C  POP      EDX  
016F:00484B9D  POP      EAX  
016F:00484B9E  JNZ      NEAR 00484CAE      //不等,就Game Over  
=================================>>>  
整理:  
    首先对Name(实际上只取前8位)进行处理,算出一个值(由于某些原因我没有找到对Name处理的算法,我只看到了结果.那位仁兄找到,请告诉我,我将万分感谢)  
    再对输入的注册码计算,得出一值.(注册码只收数字字符)  
    然后,将两个值进行比较,如果不相等就Over了.  
对输入的注册码处理的算法如下:  
    设结果放在S中,注册码放在X中,则:  
    S=0  
  1.取一位注册码的ASCII码放到X中  
  2.计算S=S+S*4  
  3.计算S=S*2  
  4.计算S=S+(X-30h)  
  5.重复1,2,3,4直到处理完所有位  
  S就是最后结果  
我无法通过反运算算出正确的注册码,所以,这个Code是我试出来的.(用缩小范围法能很快试出来)

    
    
     
    
    
     

相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么

文章评论
发表评论

热门文章 去除winrar注册框方法

最新文章 比特币病毒怎么破解 比去除winrar注册框方法 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据

人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程