目标软件:mjqchess V1.5
下载地址 http://reddog.myrice.com/chess.exe
下午考完期末考试的第一科,第二科还好几天,感觉无聊,那就和电脑下下象棋玩玩吧:)可刚一双击图标,跳出来的却是个注册对话框(还好没晕倒:)),算了,“下次再说”,刚下了两步,蹦出个消息框:“请注册”! 经过n-1次的容忍,我受不了了!!!我要踩了你。。。。。。好,开工!
工具:pw32dasmgold,
od109b-cn,
CrackTools(破解辅助工具,让计数器靠边站)
破解过程:
* Possible Reference to Dialog: DialogID_00AA, CONTROL_ID:03E9, ""
|
:00407208 68E9030000 push 000003E9
:0040720D 53 push ebx
:0040720E FFD6 call esi
:00407210 8D7C2440 lea edi, dword ptr [esp+40] //读入用户名
:00407214 83C9FF or ecx, FFFFFFFF
:00407217 33C0 xor eax, eax
:00407219 F2 repnz
:0040721A AE scasb
:0040721B F7D1 not ecx
:0040721D 49 dec ecx //用户名位数
:0040721E 0F84E5010000 je 00407409 //位数为0,挂!
:00407224 8D7C2420 lea edi, dword ptr [esp+20] //读入注册(假)
:00407228 83C9FF or ecx, FFFFFFFF
:0040722B F2 repnz
:0040722C AE scasb
:0040722D F7D1 not ecx
:0040722F 49 dec ecx //注册码长度
:00407230 0F84D3010000 je 00407409 //长度为0,挂!
:00407236 8D7C2420 lea edi, dword ptr [esp+20]//注册码(假)
:0040723A 83C9FF or ecx, FFFFFFFF
:0040723D F2 repnz
:0040723E AE scasb
:0040723F F7D1 not ecx
:00407241 49 dec ecx
:00407242 83F909 cmp ecx, 00000009 //长度为9 ?
:00407245 0F85A9010000 jne 004073F4 //不为9,去死吧
:0040724B 8A442420 mov al, byte ptr [esp+20] //读入第一个字符
:0040724F 3C4D cmp al, 4D //和'M'比较
:00407251 740C je 0040725F //相等则比较下一个
:00407253 3C41 cmp al, 41 //和'A'比较
:00407255 7408 je 0040725F
:00407257 3C4F cmp al, 4F //和'O'比较
:00407259 0F8595010000 jne 004073F4 //不相等,死吧
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00407251(C), :00407255(C)
|
:0040725F 8A442421 mov al, byte ptr [esp+21] //第二个字符
:00407263 3C57 cmp al, 57 //‘W’
:00407265 7410 je 00407277
:00407267 3C45 cmp al, 45 //‘E’
:00407269 740C je 00407277
:0040726B 3C4E cmp al, 4E //‘N’
:0040726D 7408 je 00407277
:0040726F 3C47 cmp al, 47 //‘G’
:00407271 0F857D010000 jne 004073F4
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00407265(C), :00407269(C), :0040726D(C)
|
:00407277 0FBE442422 movsx eax, byte ptr [esp+22] //第3个字符
:0040727C 99 cdq
:0040727D B911000000 mov ecx, 00000011
:00407282 F7F9 idiv ecx
:00407284 85D2 test edx, edx
:00407286 0F8568010000 jne 004073F4 //能否被16进制数11整除,不能就挂了
:0040728C 8A442423 mov al, byte ptr [esp+23] //第4个字符
:00407290 3C4A cmp al, 4A //‘J’
:00407292 7410 je 004072A4
:00407294 3C49 cmp al, 49 //‘I’
:00407296 740C je 004072A4
:00407298 3C41 cmp al, 41 //‘A’
:0040729A 7408 je 004072A4
:0040729C 3C4E cmp al, 4E //‘N’
:0040729E 0F8550010000 jne 004073F4
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00407292(C), :00407296(C), :0040729A(C)
|
:004072A4 8A442424 mov al, byte ptr [esp+24]//第5个字符
:004072A8 3C58 cmp al, 58 //‘X’
:004072AA 740C je 004072B8
:004072AC 3C49 cmp al, 49 //‘I’
:004072AE 7408 je 004072B8
:004072B0 3C55 cmp al, 55 //‘U’
:004072B2 0F853C010000 jne 004073F4
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004072AA(C), :004072AE(C)
|
:004072B8 0FBE442425 movsx eax, byte ptr [esp+25] //第6个字符
:004072BD 99 cdq
:004072BE B903000000 mov ecx, 00000003
:004072C3 F7F9 idiv ecx
:004072C5 85D2 test edx, edx
:004072C7 0F8527010000 jne 004073F4 //ASCII值能否被3整除,不能就挂
:004072CD 8A442426 mov al, byte ptr [esp+26]//第7个字符
:004072D1 3C51 cmp al, 51 //‘Q’
:004072D3 7408 je 004072DD
:004072D5 3C49 cmp al, 49 //‘I’
:004072D7 0F8517010000 jne 004073F4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004072D3(C)
|
:004072DD 8A442427 mov al, byte ptr [esp+27]//第8个字符
:004072E1 3C59 cmp al, 59 //‘Y’
:004072E3 740C je 004072F1
:004072E5 3C55 cmp al, 55 //‘U’
:004072E7 7408 je 004072F1
:004072E9 3C4E cmp al, 4E //‘N’
:004072EB 0F8503010000 jne 004073F4
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004072E3(C), :004072E7(C)
|
:004072F1 0FBE442428 movsx eax, byte ptr [esp+28] //第9个字符
:004072F6 99 cdq
:004072F7 B90D000000 mov ecx, 0000000D
:004072FC F7F9 idiv ecx
:004072FE 85D2 test edx, edx
:00407300 0F85EE000000 jne 004073F4 //ASCII值能否被0D整除,不能则挂
:00407306 8D4C2410 lea ecx, dword ptr [esp+10]
:0040730A E8F6960000 call 00410A05
* Possible StringData Ref from Data Obj ->"chess.mjq" ///上面所有的步骤都通过了,表明注册码正确,加密后写入文件“chess.mjq”中,以便程序启动时检查
|
:0040730F BF78B14100 mov edi, 0041B178
:00407314 83C9FF or ecx, FFFFFFFF
:00407317 33C0 xor eax, eax
:00407319 8D542454 lea edx, dword ptr [esp+54]
......................
..................
:0040739F FF15AC734100 Call dword ptr [004173AC]
:004073A5 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"谢谢"
|
:004073A7 68CCB14100 push 0041B1CC
* Possible StringData Ref from Data Obj ->"非常感谢您的注册!"
|
:004073AC 68B8B14100 push 0041B1B8
:004073B1 53 push ebx
* Reference To: USER32.MessageBoxA, Ord:01BEh
..................
...........
:004073F4 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"错误"
|
:004073F6 68B0B14100 push 0041B1B0
* Possible StringData Ref from Data Obj ->"您输入的注册码不正确!"
|
:004073FB 6898B14100 push 0041B198
:00407400 53 push ebx
* Reference To: USER32.MessageBoxA, Ord:01BEh
总结:此软件只要你输入的注册码是9位,它的第3个字符要求ASCII值能被11H(也就是十进制17)整除,第3个字符要求ASCII值能被03H(也就是十进制3)整除,第9个字符要求ASCII值能被0DH(也就是十进制13)整除,并且其它每一位对应的字符为上面分析的一个就行(用户名并不参与运算)。
所以,得到一个可用的:(注册机我就不想做了,因为它只能组合成那么多个注册码,没必要做:))
name:knock
Serial:MW3JX3QY4
|
|
去除winrar注册框方法
比特币病毒怎么破解 比
查看所有0条评论>>