Battery Bar 1.07 -pc6资讯

您的位置：首页 → 精文荟萃 → 破解文章 → Battery Bar 1.07

Battery Bar 1.07 时间：2004/10/15 1:00:00来源：本站整理作者：蓝点我要评论(2): 　
软件大小： 907.00
软件授权：共享软件
使用平台： Win95/98/NT
发布公司： http://www.nistech.com/
软件简介：能显示出你的笔记本电脑的电池还能用多长时间，电量剩余的百分比。
软件下载： bat_bar.zip

设断点:bpx hmemcpy
按F12 12次(第13次出错误画面)
然后按F10若干次可找到下面程序段
:00406542 E88D300300 call 004395D4
:00406547 8D4DF8 lea ecx, dword ptr [ebp-08]
:0040654A 8B01 mov eax, dword ptr [ecx]
:0040654C 50 push eax
:0040654D 53 push ebx
:0040654E E889010000 call 004066DC <----此CALL是计算注册码,我改下面的跳转不成功
才找到这儿
:00406553 83C40C add esp, 0000000C
:00406556 3C01 cmp al, 01
:00406558 0F94C2 sete dl
:0040655B 83E201 and edx, 00000001
:0040655E 8D45F8 lea eax, dword ptr [ebp-08]
:00406561 52 push edx
:00406562 BA02000000 mov edx, 00000002
:00406567 FF4E1C dec [esi+1C]
:0040656A E8D5660600 call 0046CC44
:0040656F FF4E1C dec [esi+1C]
:00406572 8D45FC lea eax, dword ptr [ebp-04]
:00406575 BA02000000 mov edx, 00000002
:0040657A E8C5660600 call 0046CC44
:0040657F 59 pop ecx
:00406580 84C9 test cl, cl
:00406582 0F84F1000000 je 00406679 <-----若在此改变程序方向
可显示注册成功,但若重新
启动程序,看About项,:-{

进入004066DC,按F10若干次后,找到计算注册码的部分,就是下面这段:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040689D(C)
|
:004067B7 8BF3 mov esi, ebx
:004067B9 56 push esi
:004067BA 8D45F8 lea eax, dword ptr [ebp-08]
:004067BD 50 push eax
:004067BE E801630600 call 0046CAC4
:004067C3 83C408 add esp, 00000008
:004067C6 8D45F8 lea eax, dword ptr [ebp-08]
:004067C9 E8E2650600 call 0046CDB0
:004067CE 0375F8 add esi, dword ptr [ebp-08]
:004067D1 4E dec esi
:004067D2 803E00 cmp byte ptr [esi], 00
:004067D5 7534 jne 0040680B
:004067D7 8BF3 mov esi, ebx
:004067D9 56 push esi
:004067DA 8D55F8 lea edx, dword ptr [ebp-08]
:004067DD 52 push edx
:004067DE E8E1620600 call 0046CAC4
:004067E3 83C408 add esp, 00000008
:004067E6 8D45F8 lea eax, dword ptr [ebp-08]
:004067E9 E8C2650600 call 0046CDB0
:004067EE 8BC7 mov eax, edi
:004067F0 B91A000000 mov ecx, 0000001A
:004067F5 99 cdq
:004067F6 F7F9 idiv ecx
:004067F8 0375F8 add esi, dword ptr [ebp-08]
:004067FB 8955C8 mov dword ptr [ebp-38], edx
:004067FE 8B45C8 mov eax, dword ptr [ebp-38]
:00406801 4E dec esi
:00406802 99 cdq
:00406803 33C2 xor eax, edx
:00406805 2BC2 sub eax, edx
:00406807 0441 add al, 41
:00406809 8806 mov byte ptr [esi], al

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004067D5(C)
|
:0040680B 8BF3 mov esi, ebx
:0040680D 56 push esi
:0040680E 8D4DF8 lea ecx, dword ptr [ebp-08]
:00406811 51 push ecx
:00406812 E8AD620600 call 0046CAC4
:00406817 83C408 add esp, 00000008
:0040681A 8D45F8 lea eax, dword ptr [ebp-08]
:0040681D E88E650600 call 0046CDB0
:00406822 0375F8 add esi, dword ptr [ebp-08]
:00406825 4E dec esi
:00406826 0FBE3E movsx edi, byte ptr [esi]
:00406829 8BF3 mov esi, ebx
:0040682B 56 push esi
:0040682C 8D45FC lea eax, dword ptr [ebp-04]
:0040682F 50 push eax
:00406830 E88F620600 call 0046CAC4
:00406835 83C408 add esp, 00000008
:00406838 8D45FC lea eax, dword ptr [ebp-04]
:0040683B E870650600 call 0046CDB0
:00406840 8D045B lea eax, dword ptr [ebx+2*ebx]<----给EAX赋值
:00406843 B91A000000 mov ecx, 0000001A <----后面作为除数
:00406848 C1E003 shl eax, 03 <----EAX乘以8
:0040684B 0375FC add esi, dword ptr [ebp-04]
:0040684E 2BC3 sub eax, ebx <----EAX=EAX-EBX
:00406850 4E dec esi
:00406851 03C0 add eax, eax <----EAX=EAX*2
:00406853 03C7 add eax, edi
:00406855 99 cdq
:00406856 F7F9 idiv ecx <-----做除法
:00406858 8955C4 mov dword ptr [ebp-3C], edx
:0040685B B905000000 mov ecx, 00000005 <-----注册码4位一组,中间用'-'隔开
:00406860 8B45C4 mov eax, dword ptr [ebp-3C]
:00406863 99 cdq
:00406864 33C2 xor eax, edx
:00406866 2BC2 sub eax, edx
:00406868 0441 add al, 41 <-----EAX=EAX+41
:0040686A 8806 mov byte ptr [esi], al <----加后的数值即是注册码的一位
:0040686C 8BC3 mov eax, ebx
:0040686E 99 cdq
:0040686F F7F9 idiv ecx
:00406871 85D2 test edx, edx
:00406873 751E jne 00406893
:00406875 8BF3 mov esi, ebx
:00406877 56 push esi
:00406878 8D45FC lea eax, dword ptr [ebp-04]
:0040687B 50 push eax
:0040687C E843620600 call 0046CAC4
:00406881 83C408 add esp, 00000008
:00406884 8D45FC lea eax, dword ptr [ebp-04]
:00406887 E824650600 call 0046CDB0
:0040688C 0375FC add esi, dword ptr [ebp-04]
:0040688F 4E dec esi
:00406890 C6062D mov byte ptr [esi], 2D

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406873(C)
|
:00406893 8D3C5B lea edi, dword ptr [ebx+2*ebx]
:00406896 83C709 add edi, 00000009
:00406899 43 inc ebx
:0040689A 83FB13 cmp ebx, 00000013
:0040689D 0F8E14FFFFFF jle 004067B7 <----比较19位注册码未计算完,返回

举例:
用户名:LiuTong
对于ASCII为:4C 69 75 54 6F 6E 67
计算过程:
EAX=3*EBX EAX=EAX*8 EAX=EAX-EBX EAX=EAX*2 EAX=EAX+输入用户名 EAX=余数(EAX/26)+41
以下数据为十六进制
EBX=1 EAX=3 EAX=18 EAX=17 EAX=2E EAX=2E+4C=7A EAX=12+41=53
EBX=2 EAX=6 EAX=30 EAX=2E EAX=5C EAX=5C+69=C5 EAX=F+41=50
EBX=3 EAX=9 EAX=48 EAX=45 EAX=8A EAX=8A+75=FF EAX=15+41=56
EBX=4 EAX=C EAX=60 EAX=5C EAX=B8 EAX=B8+54=102 EAX=8+41=49
EBX=5 EAX=F EAX=78 EAX=73 EAX=E6 EAX=E6+6F=155 EAX=3+41=44
EBX=6 EAX=12 EAX=90 EAX=8A EAX=114 EAX=114+6E=182 EAX=16+41=57
EBX=7 EAX=15 EAX=A8 EAX=A1 EAX=142 EAX=142+67=1A9 EAX=9+41=4A
EBX=8 EAX=18 EAX=C0 EAX=B8 EAX=170 EAX=170+20=190 EAX=A+41=4B
EBX=9 EAX=1B EAX=D8 EAX=CF EAX=19E EAX=19E+20=1BE EAX=4+41=45
EBX=A EAX=1E EAX=F0 EAX=E6 EAX=1CC EAX=1CC+20=1EC EAX=18+41=59
EBX=B EAX=21 EAX=108 EAX=FD EAX=1FA EAX=1FA+20=21A EAX=12+41=53
EBX=C EAX=24 EAX=120 EAX=114 EAX=228 EAX=228+20=248 EAX=C+41=4D
EBX=D EAX=27 EAX=138 EAX=12B EAX=256 EAX=256+20=276 EAX=6+41=47
EBX=E EAX=2A EAX=150 EAX=142 EAX=284 EAX=284+20=2A4 EAX=0+41=41
EBX=F EAX=2D EAX=168 EAX=159 EAX=2B2 EAX=2B2+20=2D2 EAX=14+41=55
EBX=10 EAX=30 EAX=180 EAX=170 EAX=2E0 EAX=2E0+20=300 EAX=E+41=4F
EBX=11 EAX=33 EAX=198 EAX=187 EAX=30E EAX=30E+20=32E EAX=8+41=49
EBX=12 EAX=36 EAX=1B0 EAX=19E EAX=33C EAX=33C+20=35C EAX=2+41=43
EBX=13 EAX=39 EAX=1C8 EAX=1B5 EAX=36A EAX=36A+20=38A EAX=16+41=57

整理后注册码应为:SPVI-WJKE-SMGA-OICW

文章评论

查看所有2条评论>>

热门文章 去除winrar注册框方法