5D艺术网首页
商城
|
资讯
|
作品
|
博客
|
教程
|
论坛
登录
注册
加为好友
发短消息
来自:河北
性别:先生
最后登录:2013-04-14
http://hbwazxf.5d.cn/
曾经有一个漂亮女孩追我的机会摆在我的面前,我没有去珍惜,只到现在我已经结婚了,我才后悔不已。人世间最痛苦的事莫过于此,如果上天再给我一个重新来过的机会,我会对那个女孩说几个字:"放弃我吧!"如果非要在这个选择前加一个期限,我希望是"来世再说!" "咋了哥们?"唉!被人煮了……这就是我的BLOG,欢迎大家参观访问,大家交个朋友!QQ:77356614 mail:waxz33#sohu.com
首页
|
新闻
|
话题
|
博客
|
相册
|
艺术作品
|
社交关系
|
留言板
|
社交圈
2005/06/12 | 破解速写大师
类别(软件破解及黑客技术)
|
评论
(0)
|
阅读(369)
|
发表于 14:56
转自看雪学院
【原创】破解速写大师
【破解作者】 yijun
【作者邮箱】 yijun8354@sina.com
【使用工具】 OD(二哥版),PEID
【破解平台】 WinXP
【软件名称】 速写大师
【软件简介】 一个能把照片转化成素描速写的软件!!!!!!!!!!
【软件大小】 991K
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
PEID查知道该软件无壳,Borland C++ 1999编写!OD载入,通过查找关键字很容易来到以下关键处^ -^
00405294 /. 55 push ebp //在此下断
00405295 |. 8BEC mov ebp,esp
00405297 |. 81C4 60FDFFFF add esp,-2A0
0040529D |. 8995 74FFFFFF mov dword ptr ss:[ebp-8C],edx
004052A3 |. 8985 78FFFFFF mov dword ptr ss:[ebp-88],eax
004052A9 |. B8 4C8B4800 mov eax,sxds.00488B4C
004052AE |. E8 D5410600 call sxds.00469488
004052B3 |. 66:C745 8C 1400 mov word ptr ss:[ebp-74],14
004052B9 |. BA C4864800 mov edx,sxds.004886C4 ; ASCII "software\ahao's softwares\wenku\mhj"
004052BE |. 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004052C1 |. E8 E6E00600 call sxds.004733AC
004052C6 |. FF45 98 inc dword ptr ss:[ebp-68]
004052C9 |. 8B08 mov ecx,dword ptr ds:[eax]
004052CB |. B2 01 mov dl,1
004052CD |. A1 30484100 mov eax,dword ptr ds:[414830]
004052D2 |. E8 41FC0000 call sxds.00414F18
004052D7 |. 8985 70FFFFFF mov dword ptr ss:[ebp-90],eax
004052DD |. FF4D 98 dec dword ptr ss:[ebp-68]
004052E0 |. 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004052E3 |. BA 02000000 mov edx,2
004052E8 |. E8 77E10600 call sxds.00473464
004052ED |. 66:C745 8C 0800 mov word ptr ss:[ebp-74],8
004052F3 |. 8D8D 60FDFFFF lea ecx,dword ptr ss:[ebp-2A0]
004052F9 |. 51 push ecx ; /Arg1
004052FA |. E8 45E5FFFF call sxds.00403844 ; \sxds.00403844
004052FF |. 59 pop ecx
00405300 |. 66:C745 8C 2000 mov word ptr ss:[ebp-74],20
00405306 |. 8D45 F4 lea eax,dword ptr ss:[ebp-C]
00405309 |. E8 92C7FFFF call sxds.00401AA0
0040530E |. 8BD0 mov edx,eax
00405310 |. FF45 98 inc dword ptr ss:[ebp-68]
00405313 |. 8B8D 78FFFFFF mov ecx,dword ptr ss:[ebp-88]
00405319 |. 8B81 F4020000 mov eax,dword ptr ds:[ecx+2F4]
0040531F |. E8 2C460500 call sxds.00459950 //取得一字符串mhds
00405324 |. 8D45 F4 lea eax,dword ptr ss:[ebp-C]
00405327 |. E8 54E5FFFF call sxds.00403880
0040532C |. 50 push eax
0040532D |. 8D45 F0 lea eax,dword ptr ss:[ebp-10]
00405330 |. E8 6BC7FFFF call sxds.00401AA0
00405335 |. 8BD0 mov edx,eax
00405337 |. FF45 98 inc dword ptr ss:[ebp-68]
0040533A |. 8B8D 78FFFFFF mov ecx,dword ptr ss:[ebp-88]
00405340 |. 8B81 F0020000 mov eax,dword ptr ds:[ecx+2F0]
00405346 |. E8 05460500 call sxds.00459950 ; 计算用户名长度
0040534B |. 8D45 F0 lea eax,dword ptr ss:[ebp-10]
0040534E |. E8 2DE5FFFF call sxds.00403880 ; 取用户名
00405353 |. 50 push eax ; |Arg2
00405354 |. 8D95 60FDFFFF lea edx,dword ptr ss:[ebp-2A0] ; |
0040535A |. 52 push edx ; |Arg1
0040535B |. E8 40E5FFFF call sxds.004038A0 ; \处理用户名字和字符 串,跟进。
00405360 |. 83C4 0C add esp,0C
00405363 |. FF4D 98 dec dword ptr ss:[ebp-68]
00405366 |. 8D45 F0 lea eax,dword ptr ss:[ebp-10]
00405369 |. BA 02000000 mov edx,2
0040536E |. E8 F1E00600 call sxds.00473464
00405373 |. FF4D 98 dec dword ptr ss:[ebp-68]
00405376 |. 8D45 F4 lea eax,dword ptr ss:[ebp-C]
00405379 |. BA 02000000 mov edx,2
0040537E |. E8 E1E00600 call sxds.00473464
00405383 |. 8D8D 60FDFFFF lea ecx,dword ptr ss:[ebp-2A0]
00405389 |. 51 push ecx ; /Arg1
0040538A |. E8 F9E5FFFF call sxds.00403988 ; \跟进
0040538F |. 59 pop ecx
00405390 |. 8D85 60FDFFFF lea eax,dword ptr ss:[ebp-2A0]
00405396 |. 50 push eax ; /Arg1
00405397 |. E8 84E9FFFF call sxds.00403D20 ; \EAX等于刚才最后那段 计算的取值,记为N
0040539C |. 59 pop ecx
0040539D |. 8985 6CFFFFFF mov dword ptr ss:[ebp-94],eax
004053A3 |. 66:C745 8C 0800 mov word ptr ss:[ebp-74],8
004053A9 |. 66:C745 8C 2C00 mov word ptr ss:[ebp-74],2C
004053AF |. 8D45 FC lea eax,dword ptr ss:[ebp-4]
004053B2 |. 8B95 6CFFFFFF mov edx,dword ptr ss:[ebp-94] ; N送EDX
004053B8 |. E8 EFDF0600 call sxds.004733AC
004053BD |. FF45 98 inc dword ptr ss:[ebp-68]
004053C0 |. 66:C745 8C 0800 mov word ptr ss:[ebp-74],8
004053C6 |. 66:C745 8C 3800 mov word ptr ss:[ebp-74],38
004053CC |. 8D45 EC lea eax,dword ptr ss:[ebp-14]
004053CF |. E8 CCC6FFFF call sxds.00401AA0
004053D4 |. 8BD0 mov edx,eax
004053D6 |. FF45 98 inc dword ptr ss:[ebp-68]
004053D9 |. 8B8D 78FFFFFF mov ecx,dword ptr ss:[ebp-88]
004053DF |. 8B81 F8020000 mov eax,dword ptr ds:[ecx+2F8]
004053E5 |. E8 66450500 call sxds.00459950 ; 计算假码长度
004053EA |. 8D45 EC lea eax,dword ptr ss:[ebp-14]
004053ED |. 8D55 FC lea edx,dword ptr ss:[ebp-4]
004053F0 |. E8 3FE10600 call sxds.00473534 ; 跟进
004053F5 |. 50 push eax ; /Arg1
004053F6 |. FF4D 98 dec dword ptr ss:[ebp-68] ; |
004053F9 |. 8D45 EC lea eax,dword ptr ss:[ebp-14] ; |
004053FC |. BA 02000000 mov edx,2 ; |
00405401 |. E8 5EE00600 call sxds.00473464 ; \sxds.00473464
00405406 |. 59 pop ecx
00405407 |. 84C9 test cl,cl
00405409 |. 0F84 15030000 je sxds.00405724 ; 关键跳,跳就挂!! !!!!!
0040540F |. 6A 01 push 1
00405411 |. BA ED864800 mov edx,sxds.004886ED ; ASCII "registed"
00405416 |. 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
00405419 |. E8 8EDF0600 call sxds.004733AC
0040541E |. FF45 98 inc dword ptr ss:[ebp-68]
00405421 |. FF30 push dword ptr ds:[eax]
00405423 |. 66:C745 8C 4400 mov word ptr ss:[ebp-74],44
00405429 |. BA E8864800 mov edx,sxds.004886E8 ; ASCII "smtp"
******************************************************************************************** *************************************************************
跟进0040535B处CALL来到:
004038A0 /$ 55 push ebp
004038A1 |. 8BEC mov ebp,esp
004038A3 |. 51 push ecx
004038A4 |. 8B45 08 mov eax,dword ptr ss:[ebp+8]
004038A7 |. C640 04 01 mov byte ptr ds:[eax+4],1
004038AB |. 33D2 xor edx,edx
004038AD |. 8955 FC mov dword ptr ss:[ebp-4],edx
004038B0 |> 8B4D 0C /mov ecx,dword ptr ss:[ebp+C] ; 以下处理用户名
004038B3 |. 8B45 FC |mov eax,dword ptr ss:[ebp-4]
004038B6 |. 8A1401 |mov dl,byte ptr ds:[ecx+eax] ; 逐位取用户名
004038B9 |. 8B4D FC |mov ecx,dword ptr ss:[ebp-4]
004038BC |. 8B45 08 |mov eax,dword ptr ss:[ebp+8]
004038BF |. 885408 0C |mov byte ptr ds:[eax+ecx+C],dl ; 该位用户名送 [eax+ecx+C]
004038C3 |. EB 0B |jmp short sxds.004038D0
004038C5 |> 8B55 FC |/mov edx,dword ptr ss:[ebp-4]
004038C8 |. 8B4D 08 ||mov ecx,dword ptr ss:[ebp+8]
004038CB |. 804411 0C E0 ||add byte ptr ds:[ecx+edx+C],0E0
004038D0 |> 8B45 FC | mov eax,dword ptr ss:[ebp-4]
004038D3 |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
004038D6 |. 0FBE4C02 0C ||movsx ecx,byte ptr ds:[edx+eax+C] ; [edx+eax+C]送ECX
004038DB |. 83F9 7E ||cmp ecx,7E ; 和7E比较
004038DE |.^ 7F E5 |\jg short sxds.004038C5 ; 大于就跳
004038E0 |. EB 0B |jmp short sxds.004038ED
004038E2 |> 8B45 FC |/mov eax,dword ptr ss:[ebp-4]
004038E5 |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
004038E8 |. 804402 0C 20 ||add byte ptr ds:[edx+eax+C],20
004038ED |> 8B4D FC | mov ecx,dword ptr ss:[ebp-4]
004038F0 |. 8B45 08 ||mov eax,dword ptr ss:[ebp+8]
004038F3 |. 0FBE5408 0C ||movsx edx,byte ptr ds:[eax+ecx+C] ; [eax+ecx+C]送EDX
004038F8 |. 83FA 20 ||cmp edx,20 ; 和20比较
004038FB |.^ 7C E5 |\jl short sxds.004038E2 ; 小于就跳
004038FD |. FF45 FC |inc dword ptr ss:[ebp-4] ; [ebp-4]加一([ebp- 4]用来存放已处理用户名位数)
00403900 |. 8B4D 0C |mov ecx,dword ptr ss:[ebp+C] ; [ebp+C]送ECX ([ebp+C]中放用户名)
00403903 |. 8B45 FC |mov eax,dword ptr ss:[ebp-4]
00403906 |. 803C01 00 |cmp byte ptr ds:[ecx+eax],0 ; 取完没有
0040390A |.^ 75 A4 \jnz short sxds.004038B0 ; 没有就跳回去继续, 处理完后,EAX存放用户名长度
0040390C |. 8B55 FC mov edx,dword ptr ss:[ebp-4] ; 长度送EDX
0040390F |. 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
00403912 |. C64411 0C 00 mov byte ptr ds:[ecx+edx+C],0
00403917 |. 33C0 xor eax,eax ; EAX清0
00403919 |. 8945 FC mov dword ptr ss:[ebp-4],eax ; [ebp-4]=0
0040391C |> 8B55 10 /mov edx,dword ptr ss:[ebp+10] ; 用同样的方法处理字 符串“mhds”(不包括引号)
0040391F |. 8B4D FC |mov ecx,dword ptr ss:[ebp-4]
00403922 |. 8A040A |mov al,byte ptr ds:[edx+ecx]
00403925 |. 8B55 FC |mov edx,dword ptr ss:[ebp-4]
00403928 |. 8B4D 08 |mov ecx,dword ptr ss:[ebp+8]
0040392B |. 884411 3E |mov byte ptr ds:[ecx+edx+3E],al
0040392F |. EB 0B |jmp short sxds.0040393C
00403931 |> 8B45 FC |/mov eax,dword ptr ss:[ebp-4]
00403934 |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403937 |. 804402 3E E0 ||add byte ptr ds:[edx+eax+3E],0E0
0040393C |> 8B4D FC | mov ecx,dword ptr ss:[ebp-4]
0040393F |. 8B45 08 ||mov eax,dword ptr ss:[ebp+8]
00403942 |. 0FBE5408 3E ||movsx edx,byte ptr ds:[eax+ecx+3E]
00403947 |. 83FA 7E ||cmp edx,7E
0040394A |.^ 7F E5 |\jg short sxds.00403931
0040394C |. EB 0B |jmp short sxds.00403959
0040394E |> 8B4D FC |/mov ecx,dword ptr ss:[ebp-4]
00403951 |. 8B45 08 ||mov eax,dword ptr ss:[ebp+8]
00403954 |. 804408 3E 20 ||add byte ptr ds:[eax+ecx+3E],20
00403959 |> 8B55 FC | mov edx,dword ptr ss:[ebp-4]
0040395C |. 8B4D 08 ||mov ecx,dword ptr ss:[ebp+8]
0040395F |. 0FBE4411 3E ||movsx eax,byte ptr ds:[ecx+edx+3E]
00403964 |. 83F8 20 ||cmp eax,20
00403967 |.^ 7C E5 |\jl short sxds.0040394E
00403969 |. FF45 FC |inc dword ptr ss:[ebp-4]
0040396C |. 8B55 10 |mov edx,dword ptr ss:[ebp+10]
0040396F |. 8B4D FC |mov ecx,dword ptr ss:[ebp-4]
00403972 |. 803C0A 00 |cmp byte ptr ds:[edx+ecx],0
00403976 |.^ 75 A4 \jnz short sxds.0040391C ; 处理完后ECX放长度
00403978 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
0040397B |. 8B55 08 mov edx,dword ptr ss:[ebp+8]
0040397E |. C64402 3E 00 mov byte ptr ds:[edx+eax+3E],0
00403983 |. 59 pop ecx
00403984 |. 5D pop ebp
00403985 \. C3 retn //返回
******************************************************************************************** *************************************************************
跟进0040538A处CALL来到:
00403988 /$ 55 push ebp
00403989 |. 8BEC mov ebp,esp
0040398B |. 83C4 B8 add esp,-48
0040398E |. 8B45 08 mov eax,dword ptr ss:[ebp+8]
00403991 |. 8078 04 00 cmp byte ptr ds:[eax+4],0
00403995 |. 0F85 2F010000 jnz sxds.00403ACA
0040399B |. 33D2 xor edx,edx
0040399D |. 8955 FC mov dword ptr ss:[ebp-4],edx
004039A0 |. EB 17 jmp short sxds.004039B9
004039A2 |> 8B4D FC /mov ecx,dword ptr ss:[ebp-4]
004039A5 |. 8B45 08 |mov eax,dword ptr ss:[ebp+8]
004039A8 |. 8A5408 0C |mov dl,byte ptr ds:[eax+ecx+C]
004039AC |. 8B4D FC |mov ecx,dword ptr ss:[ebp-4]
004039AF |. 8B45 08 |mov eax,dword ptr ss:[ebp+8]
004039B2 |. 885408 7B |mov byte ptr ds:[eax+ecx+7B],dl
004039B6 |. FF45 FC |inc dword ptr ss:[ebp-4]
004039B9 |> 8B55 FC mov edx,dword ptr ss:[ebp-4]
004039BC |. 8B4D 08 |mov ecx,dword ptr ss:[ebp+8]
004039BF |. 807C11 0C 00 |cmp byte ptr ds:[ecx+edx+C],0
004039C4 |.^ 75 DC \jnz short sxds.004039A2
004039C6 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
004039C9 |. 83C0 FE add eax,-2
004039CC |. 8945 F8 mov dword ptr ss:[ebp-8],eax
004039CF |. 817D FC 90010000 cmp dword ptr ss:[ebp-4],190
004039D6 |. 7D 22 jge short sxds.004039FA
004039D8 |> 8B55 08 /mov edx,dword ptr ss:[ebp+8]
004039DB |. 8B4A 08 |mov ecx,dword ptr ds:[edx+8]
004039DE |. 8B45 FC |mov eax,dword ptr ss:[ebp-4]
004039E1 |. 8A1401 |mov dl,byte ptr ds:[ecx+eax]
004039E4 |. 8B4D FC |mov ecx,dword ptr ss:[ebp-4]
004039E7 |. 8B45 08 |mov eax,dword ptr ss:[ebp+8]
004039EA |. 885408 7B |mov byte ptr ds:[eax+ecx+7B],dl
004039EE |. FF45 FC |inc dword ptr ss:[ebp-4]
004039F1 |. 817D FC 90010000 |cmp dword ptr ss:[ebp-4],190
004039F8 |.^ 7C DE \jl short sxds.004039D8
004039FA |> 8B55 F8 mov edx,dword ptr ss:[ebp-8]
004039FD |. 8955 F4 mov dword ptr ss:[ebp-C],edx
00403A00 |. 837D F4 32 cmp dword ptr ss:[ebp-C],32
00403A04 |. 7D 1F jge short sxds.00403A25
00403A06 |> 8B4D 08 /mov ecx,dword ptr ss:[ebp+8]
00403A09 |. 8B41 08 |mov eax,dword ptr ds:[ecx+8]
00403A0C |. 8B55 F4 |mov edx,dword ptr ss:[ebp-C]
00403A0F |. 8A0C10 |mov cl,byte ptr ds:[eax+edx]
00403A12 |. 8B45 F4 |mov eax,dword ptr ss:[ebp-C]
00403A15 |. 8B55 08 |mov edx,dword ptr ss:[ebp+8]
00403A18 |. 884C02 0C |mov byte ptr ds:[edx+eax+C],cl
00403A1C |. FF45 F4 |inc dword ptr ss:[ebp-C]
00403A1F |. 837D F4 32 |cmp dword ptr ss:[ebp-C],32
00403A23 |.^ 7C E1 \jl short sxds.00403A06
00403A25 |> 33C9 xor ecx,ecx
00403A27 |. 894D F0 mov dword ptr ss:[ebp-10],ecx
00403A2A |> 33C0 /xor eax,eax
00403A2C |. 8945 FC |mov dword ptr ss:[ebp-4],eax
00403A2F |. EB 6A |jmp short sxds.00403A9B
00403A31 |> 8B55 F0 |/mov edx,dword ptr ss:[ebp-10]
00403A34 |. 8B4D 08 ||mov ecx,dword ptr ss:[ebp+8]
00403A37 |. 0FBE4411 0C ||movsx eax,byte ptr ds:[ecx+edx+C]
00403A3C |. B9 05000000 ||mov ecx,5
00403A41 |. 99 ||cdq
00403A42 |. F7F9 ||idiv ecx
00403A44 |. 8955 E8 ||mov dword ptr ss:[ebp-18],edx
00403A47 |. 8B45 FC ||mov eax,dword ptr ss:[ebp-4]
00403A4A |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403A4D |. 8A4C02 7B ||mov cl,byte ptr ds:[edx+eax+7B]
00403A51 |. 884D EF ||mov byte ptr ss:[ebp-11],cl
00403A54 |. 8B45 F0 ||mov eax,dword ptr ss:[ebp-10]
00403A57 |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403A5A |. 0FBE4C02 0C ||movsx ecx,byte ptr ds:[edx+eax+C]
00403A5F |. 8B45 FC ||mov eax,dword ptr ss:[ebp-4]
00403A62 |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403A65 |. 8D0402 ||lea eax,dword ptr ds:[edx+eax]
00403A68 |. 8A5408 5C ||mov dl,byte ptr ds:[eax+ecx+5C]
00403A6C |. 8B4D FC ||mov ecx,dword ptr ss:[ebp-4]
00403A6F |. 8B45 08 ||mov eax,dword ptr ss:[ebp+8]
00403A72 |. 885408 7B ||mov byte ptr ds:[eax+ecx+7B],dl
00403A76 |. 8B55 F0 ||mov edx,dword ptr ss:[ebp-10]
00403A79 |. 8B4D 08 ||mov ecx,dword ptr ss:[ebp+8]
00403A7C |. 0FBE4411 0C ||movsx eax,byte ptr ds:[ecx+edx+C]
00403A81 |. 8B55 FC ||mov edx,dword ptr ss:[ebp-4]
00403A84 |. 8B4D 08 ||mov ecx,dword ptr ss:[ebp+8]
00403A87 |. 8D1411 ||lea edx,dword ptr ds:[ecx+edx]
00403A8A |. 8A4D EF ||mov cl,byte ptr ss:[ebp-11]
00403A8D |. 884C02 5C ||mov byte ptr ds:[edx+eax+5C],cl
00403A91 |. 8B45 FC ||mov eax,dword ptr ss:[ebp-4]
00403A94 |. 0345 E8 ||add eax,dword ptr ss:[ebp-18]
00403A97 |. 40 ||inc eax
00403A98 |. 8945 FC ||mov dword ptr ss:[ebp-4],eax
00403A9B |> 8B45 F0 | mov eax,dword ptr ss:[ebp-10]
00403A9E |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403AA1 |. 0FBE4C02 0C ||movsx ecx,byte ptr ds:[edx+eax+C]
00403AA6 |. 034D FC ||add ecx,dword ptr ss:[ebp-4]
00403AA9 |. 83C1 E1 ||add ecx,-1F
00403AAC |. 81F9 90010000 ||cmp ecx,190
00403AB2 |.^ 0F8C 79FFFFFF |\jl sxds.00403A31
00403AB8 |. FF45 F0 |inc dword ptr ss:[ebp-10]
00403ABB |. 837D F0 32 |cmp dword ptr ss:[ebp-10],32
00403ABF |.^ 0F8C 65FFFFFF \jl sxds.00403A2A
00403AC5 |. E9 27020000 jmp sxds.00403CF1
00403ACA |> 33C0 xor eax,eax
00403ACC |. 8945 E4 mov dword ptr ss:[ebp-1C],eax
00403ACF |. EB 17 jmp short sxds.00403AE8
00403AD1 |> 8B55 E4 /mov edx,dword ptr ss:[ebp-1C] ; 这段计算用户名长度 ,结果存EDX
00403AD4 |. 8B4D 08 |mov ecx,dword ptr ss:[ebp+8]
00403AD7 |. 8A4411 0C |mov al,byte ptr ds:[ecx+edx+C]
00403ADB |. 8B55 E4 |mov edx,dword ptr ss:[ebp-1C]
00403ADE |. 8B4D 08 |mov ecx,dword ptr ss:[ebp+8]
00403AE1 |. 884411 7B |mov byte ptr ds:[ecx+edx+7B],al
00403AE5 |. FF45 E4 |inc dword ptr ss:[ebp-1C]
00403AE8 |> 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
00403AEB |. 8B55 08 |mov edx,dword ptr ss:[ebp+8]
00403AEE |. 807C02 0C 00 |cmp byte ptr ds:[edx+eax+C],0
00403AF3 |.^ 75 DC \jnz short sxds.00403AD1
00403AF5 |. 8B4D E4 mov ecx,dword ptr ss:[ebp-1C]
00403AF8 |. 894D E0 mov dword ptr ss:[ebp-20],ecx
00403AFB |. 8B45 E0 mov eax,dword ptr ss:[ebp-20]
00403AFE |. 8945 DC mov dword ptr ss:[ebp-24],eax
00403B01 |. 837D DC 32 cmp dword ptr ss:[ebp-24],32
00403B05 |. 7D 3B jge short sxds.00403B42
00403B07 |> 8B55 08 /mov edx,dword ptr ss:[ebp+8] ; [ebp+8]送EDX
00403B0A |. 8B4A 08 |mov ecx,dword ptr ds:[edx+8] ; [edx+8]为一固定字符 串记为S ("Thislicenseappliestoanysoftwarecontaininganoticeplacedbythecopyrightholdersayingthatitmay bedistributedunderthetermsoftheQtNon- CommercialLicenseversion1.0.SuchsoftwareishereinreferredtoastheSoftware.Thislicensecoversdis tribut)送ECX
00403B0D |. 8B45 DC |mov eax,dword ptr ss:[ebp-24] ; [ebp-24]送EAX
00403B10 |. 8A1401 |mov dl,byte ptr ds:[ecx+eax] ; [ecx+eax]送DL
00403B13 |. 8B4D DC |mov ecx,dword ptr ss:[ebp-24] ; [ebp-24]送ECX
00403B16 |. 8B45 08 |mov eax,dword ptr ss:[ebp+8]
00403B19 |. 885408 0C |mov byte ptr ds:[eax+ecx+C],dl ; DL送[eax+ecx+C]
00403B1D |. FF45 DC |inc dword ptr ss:[ebp-24] ; [ebp-24]加一
00403B20 |. 837D DC 32 |cmp dword ptr ss:[ebp-24],32 ; [ebp-24]和32比较
00403B24 |.^ 7C E1 \jl short sxds.00403B07 ; 小于就跳回去继续比 较
00403B26 |. EB 1A jmp short sxds.00403B42 //此时EDX为一字符串 ganoticeplmhds
00403B28 |> 8B55 E4 /mov edx,dword ptr ss:[ebp-1C] ; [ebp-1C]送EDX
00403B2B |. 2B55 E0 |sub edx,dword ptr ss:[ebp-20] ; EDX-[ebp-20]送EDX
00403B2E |. 8B4D 08 |mov ecx,dword ptr ss:[ebp+8]
00403B31 |. 8A4411 3E |mov al,byte ptr ds:[ecx+edx+3E] ; [ecx+edx+3E]送AL
00403B35 |. 8B55 E4 |mov edx,dword ptr ss:[ebp-1C]
00403B38 |. 8B4D 08 |mov ecx,dword ptr ss:[ebp+8]
00403B3B |. 884411 7B |mov byte ptr ds:[ecx+edx+7B],al
00403B3F |. FF45 E4 |inc dword ptr ss:[ebp-1C] ; [ebp-1C]加一
00403B42 |> 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
00403B45 |. 2B45 E0 |sub eax,dword ptr ss:[ebp-20]
00403B48 |. 8B55 08 |mov edx,dword ptr ss:[ebp+8]
00403B4B |. 807C02 3E 00 |cmp byte ptr ds:[edx+eax+3E],0
00403B50 |.^ 75 D6 \jnz short sxds.00403B28 ; 没完继续,这段是处 理mhds
00403B52 |. 8B4D E4 mov ecx,dword ptr ss:[ebp-1C]
00403B55 |. 2B4D E0 sub ecx,dword ptr ss:[ebp-20]
00403B58 |. 894D D8 mov dword ptr ss:[ebp-28],ecx
00403B5B |. 8B45 D8 mov eax,dword ptr ss:[ebp-28]
00403B5E |. 8945 D4 mov dword ptr ss:[ebp-2C],eax
00403B61 |. 837D D4 32 cmp dword ptr ss:[ebp-2C],32
00403B65 |. 7D 1F jge short sxds.00403B86
00403B67 |> 8B55 08 /mov edx,dword ptr ss:[ebp+8] ; ***处理同前***
00403B6A |. 8B4A 08 |mov ecx,dword ptr ds:[edx+8]
00403B6D |. 8B45 D4 |mov eax,dword ptr ss:[ebp-2C]
00403B70 |. 8A1401 |mov dl,byte ptr ds:[ecx+eax]
00403B73 |. 8B4D D4 |mov ecx,dword ptr ss:[ebp-2C]
00403B76 |. 8B45 08 |mov eax,dword ptr ss:[ebp+8]
00403B79 |. 885408 3E |mov byte ptr ds:[eax+ecx+3E],dl
00403B7D |. FF45 D4 |inc dword ptr ss:[ebp-2C]
00403B80 |. 837D D4 32 |cmp dword ptr ss:[ebp-2C],32
00403B84 |.^ 7C E1 \jl short sxds.00403B67
00403B86 |> 817D E4 90010000 cmp dword ptr ss:[ebp-1C],190
00403B8D |. 7D 22 jge short sxds.00403BB1
00403B8F |> 8B55 08 /mov edx,dword ptr ss:[ebp+8]
00403B92 |. 8B4A 08 |mov ecx,dword ptr ds:[edx+8]
00403B95 |. 8B45 E4 |mov eax,dword ptr ss:[ebp-1C]
00403B98 |. 8A1401 |mov dl,byte ptr ds:[ecx+eax]
00403B9B |. 8B4D E4 |mov ecx,dword ptr ss:[ebp-1C]
00403B9E |. 8B45 08 |mov eax,dword ptr ss:[ebp+8]
00403BA1 |. 885408 7B |mov byte ptr ds:[eax+ecx+7B],dl
00403BA5 |. FF45 E4 |inc dword ptr ss:[ebp-1C]
00403BA8 |. 817D E4 90010000 |cmp dword ptr ss:[ebp-1C],190
00403BAF |.^ 7C DE \jl short sxds.00403B8F ; **********
00403BB1 |> 33D2 xor edx,edx ; EDX清0
00403BB3 |. 8955 D0 mov dword ptr ss:[ebp-30],edx
00403BB6 |> 33C9 /xor ecx,ecx ; ECX清0
00403BB8 |. 894D E4 |mov dword ptr ss:[ebp-1C],ecx ; [ebp-1C]=0
00403BBB |. EB 6A |jmp short sxds.00403C27
00403BBD |> 8B45 D0 |/mov eax,dword ptr ss:[ebp-30] //从00403C3E跳回来,以下 是处理用户名
00403BC0 |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403BC3 |. 0FBE4402 0C ||movsx eax,byte ptr ds:[edx+eax+C] ; [edx+eax+C]送EAX
00403BC8 |. B9 05000000 ||mov ecx,5 ; 5送ECX
00403BCD |. 99 ||cdq ; 扩展
00403BCE |. F7F9 ||idiv ecx ; 除以ECX
00403BD0 |. 8955 C8 ||mov dword ptr ss:[ebp-38],edx
00403BD3 |. 8B45 E4 ||mov eax,dword ptr ss:[ebp-1C]
00403BD6 |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403BD9 |. 8A4C02 7B ||mov cl,byte ptr ds:[edx+eax+7B] ; [edx+eax+7B]送CL
00403BDD |. 884D CF ||mov byte ptr ss:[ebp-31],cl
00403BE0 |. 8B45 D0 ||mov eax,dword ptr ss:[ebp-30]
00403BE3 |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403BE6 |. 0FBE4C02 0C ||movsx ecx,byte ptr ds:[edx+eax+C] ; [edx+eax+C]送ECX
00403BEB |. 8B45 E4 ||mov eax,dword ptr ss:[ebp-1C]
00403BEE |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403BF1 |. 8D0402 ||lea eax,dword ptr ds:[edx+eax] ; [edx+eax]送EAX
00403BF4 |. 8A5408 5C ||mov dl,byte ptr ds:[eax+ecx+5C] ; [eax+ecx+5C]送DL
00403BF8 |. 8B4D E4 ||mov ecx,dword ptr ss:[ebp-1C]
00403BFB |. 8B45 08 ||mov eax,dword ptr ss:[ebp+8]
00403BFE |. 885408 7B ||mov byte ptr ds:[eax+ecx+7B],dl ; DL送[eax+ecx+7B]
00403C02 |. 8B55 D0 ||mov edx,dword ptr ss:[ebp-30]
00403C05 |. 8B4D 08 ||mov ecx,dword ptr ss:[ebp+8]
00403C08 |. 0FBE4411 0C ||movsx eax,byte ptr ds:[ecx+edx+C] ; [ecx+edx+C]送EAX
00403C0D |. 8B55 E4 ||mov edx,dword ptr ss:[ebp-1C]
00403C10 |. 8B4D 08 ||mov ecx,dword ptr ss:[ebp+8]
00403C13 |. 8D1411 ||lea edx,dword ptr ds:[ecx+edx]
00403C16 |. 8A4D CF ||mov cl,byte ptr ss:[ebp-31]
00403C19 |. 884C02 5C ||mov byte ptr ds:[edx+eax+5C],cl ; CL送[edx+eax+5C]
00403C1D |. 8B45 E4 ||mov eax,dword ptr ss:[ebp-1C]
00403C20 |. 0345 C8 ||add eax,dword ptr ss:[ebp-38]
00403C23 |. 40 ||inc eax ; EAX加1
00403C24 |. 8945 E4 ||mov dword ptr ss:[ebp-1C],eax
00403C27 |> 8B45 D0 | mov eax,dword ptr ss:[ebp-30] ; 从00403BBB跳来
00403C2A |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403C2D |. 0FBE4C02 0C ||movsx ecx,byte ptr ds:[edx+eax+C] ; 逐为将用户名送ECX
00403C32 034D E4 add ecx,dword ptr ss:[ebp-1C] ; [ebp-1C]加ECX送ECX
00403C35 |. 83C1 E1 ||add ecx,-1F ; ECX加-1F
00403C38 |. 81F9 90010000 ||cmp ecx,190 ; 和190比较
00403C3E |.^ 0F8C 79FFFFFF |\jl sxds.00403BBD ; 小就继续
00403C44 |. FF45 D0 |inc dword ptr ss:[ebp-30] ; [ebp-30]加1
00403C47 |. 837D D0 32 |cmp dword ptr ss:[ebp-30],32 ; [ebp-30]和32比较
00403C4B |.^ 0F8C 65FFFFFF \jl sxds.00403BB6 ; 小于就跳回去
00403C51 |. 33C0 xor eax,eax ; EAX清0
00403C53 |. 8945 C4 mov dword ptr ss:[ebp-3C],eax
00403C56 |> 33D2 /xor edx,edx ; 以下用差不多的方法 处理字符串mhds
00403C58 |. 8955 E4 |mov dword ptr ss:[ebp-1C],edx
00403C5B |. EB 6A |jmp short sxds.00403CC7
00403C5D |> 8B4D C4 |/mov ecx,dword ptr ss:[ebp-3C]
00403C60 |. 8B45 08 ||mov eax,dword ptr ss:[ebp+8]
00403C63 |. 0FBE4408 3E ||movsx eax,byte ptr ds:[eax+ecx+3E]
00403C68 |. B9 05000000 ||mov ecx,5
00403C6D |. 99 ||cdq
00403C6E |. F7F9 ||idiv ecx
00403C70 |. 8955 BC ||mov dword ptr ss:[ebp-44],edx
00403C73 |. 8B45 E4 ||mov eax,dword ptr ss:[ebp-1C]
00403C76 |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403C79 |. 8A4C02 7B ||mov cl,byte ptr ds:[edx+eax+7B]
00403C7D |. 884D C3 ||mov byte ptr ss:[ebp-3D],cl
00403C80 |. 8B45 C4 ||mov eax,dword ptr ss:[ebp-3C]
00403C83 |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403C86 |. 0FBE4C02 3E ||movsx ecx,byte ptr ds:[edx+eax+3E]
00403C8B |. 8B45 E4 ||mov eax,dword ptr ss:[ebp-1C]
00403C8E |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403C91 |. 8D0402 ||lea eax,dword ptr ds:[edx+eax]
00403C94 |. 8A5408 5C ||mov dl,byte ptr ds:[eax+ecx+5C]
00403C98 |. 8B4D E4 ||mov ecx,dword ptr ss:[ebp-1C]
00403C9B |. 8B45 08 ||mov eax,dword ptr ss:[ebp+8]
00403C9E |. 885408 7B ||mov byte ptr ds:[eax+ecx+7B],dl
00403CA2 |. 8B55 C4 ||mov edx,dword ptr ss:[ebp-3C]
00403CA5 |. 8B4D 08 ||mov ecx,dword ptr ss:[ebp+8]
00403CA8 |. 0FBE4411 3E ||movsx eax,byte ptr ds:[ecx+edx+3E]
00403CAD |. 8B55 E4 ||mov edx,dword ptr ss:[ebp-1C]
00403CB0 |. 8B4D 08 ||mov ecx,dword ptr ss:[ebp+8]
00403CB3 |. 8D1411 ||lea edx,dword ptr ds:[ecx+edx]
00403CB6 |. 8A4D C3 ||mov cl,byte ptr ss:[ebp-3D]
00403CB9 |. 884C02 5C ||mov byte ptr ds:[edx+eax+5C],cl
00403CBD |. 8B45 E4 ||mov eax,dword ptr ss:[ebp-1C]
00403CC0 |. 0345 BC ||add eax,dword ptr ss:[ebp-44]
00403CC3 |. 40 ||inc eax
00403CC4 |. 8945 E4 ||mov dword ptr ss:[ebp-1C],eax
00403CC7 |> 8B45 C4 | mov eax,dword ptr ss:[ebp-3C]
00403CCA |. 8B55 08 ||mov edx,dword ptr ss:[ebp+8]
00403CCD |. 0FBE4C02 3E ||movsx ecx,byte ptr ds:[edx+eax+3E]
00403CD2 |. 034D E4 ||add ecx,dword ptr ss:[ebp-1C]
00403CD5 |. 83C1 E1 ||add ecx,-1F
00403CD8 |. 81F9 90010000 ||cmp ecx,190
00403CDE |.^ 0F8C 79FFFFFF |\jl sxds.00403C5D
00403CE4 |. FF45 C4 |inc dword ptr ss:[ebp-3C]
00403CE7 |. 837D C4 32 |cmp dword ptr ss:[ebp-3C],32
00403CEB |.^ 0F8C 65FFFFFF \jl sxds.00403C56
00403CF1 |> 33C0 xor eax,eax ; EAX清0
00403CF3 |. 8945 B8 mov dword ptr ss:[ebp-48],eax
00403CF6 |> 8B55 B8 mov edx,dword ptr ss:[ebp-48] //这个循环出真码^-^
00403CF9 |. 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
00403CFC |. 8A4411 7B mov al,byte ptr ds:[ecx+edx+7B] ; [ecx+edx+7B]送AL
00403D00 |. 8B55 B8 mov edx,dword ptr ss:[ebp-48]
00403D03 |. 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
00403D06 |. 884411 70 mov byte ptr ds:[ecx+edx+70],al ; AL送[ecx+edx+70]
00403D0A |. FF45 B8 inc dword ptr ss:[ebp-48] ; [ebp-48]加1
00403D0D |. 837D B8 0A cmp dword ptr ss:[ebp-48],0A ; 和0A比较
00403D11 |.^ 7C E3 jl short sxds.00403CF6 ; 小就跳到00403CF6继 续
00403D13 |. 8B45 08 mov eax,dword ptr ss:[ebp+8]
00403D16 |. C640 7A 00 mov byte ptr ds:[eax+7A],0
00403D1A |. 8BE5 mov esp,ebp
00403D1C |. 5D pop ebp
00403D1D \. C3 retn
******************************************************************************************** *************************************************************
跟进004053F0 处CALL来到:
00473534 /$ 55 push ebp
00473535 |. 8BEC mov ebp,esp
00473537 |. 53 push ebx
00473538 |. 8B00 mov eax,dword ptr ds:[eax] ; 假码送EAX
0047353A |. 8B12 mov edx,dword ptr ds:[edx] ; 通过计算得到的真码N 送EDX
0047353C |. E8 474EFBFF call sxds.00428388 ; 比较CALL
00473541 |. 0F94C0 sete al ; 若输入码真确则AL为 真
00473544 |. 83E0 01 and eax,1 ; EAX和1与
00473547 |. 5B pop ebx
00473548 |. 5D pop ebp
00473549 \. C3 retn //返回
这个软件的注册过程是通过计算用名和字符串mhds完成的,二者计算都用到了一个字符串: Thislicenseappliestoanysoftwarecontaininganoticeplacedbythecopyrightholdersayingthatitmaybed istributedunderthetermsoftheQtNon- CommercialLicenseversion1.0.SuchsoftwareishereinreferredtoastheSoftware.Thislicensecoversdis tributionoftheSoftw
具体怎么搞就不说了,时间晚了要睡觉了,哎!!!天都要亮了!!
注册名:yijun
注册码:w'r6ttfron
0
评论
Comments
日志分类
首页
[651]
生活杂事
[65]
FLASH
[55]
电脑维修经验_软件技巧
[273]
网页制作
[5]
编程宝典
[15]
软件破解及黑客技术
[97]
摄影摄像相关
[73]
个人作品
[17]
LINUX专栏
[46]
健康保典
[2]
玩彩票
[3]
数据恢复
[0]
