- UID
- 42027
注册时间2007-12-19
阅读权限20
最后登录1970-1-1
以武会友
 
TA的每日心情 | 开心
2022-8-10 19:15 |
|---|
签到天数: 33 天 [LV.5]常住居民I
|
首先用PEID查壳,无壳Borland Delphi 6.0 - 7.0
用OD载人程序,查找“注册失败”
双击后来到这里
0051539A |. E8 79FAEEFF CALL jzyq_.00404E18 ;关键CALL,在这里下断点
0051539F |. 0F85 A3000000 JNZ jzyq_.00515448 ;从这里调向注册失败处
005153A5 |. B8 2C555100 MOV EAX,jzyq_.0051552C ; 注册码正确,感谢你的 注册!
005153AA |. E8 F169F2FF CALL jzyq_.0043BDA0
005153AF |. A1 109C5300 MOV EAX,DWORD PTR DS:[539C10]
005153B4 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005153B6 |. 8B80 C8040000 MOV EAX,DWORD PTR DS:[EAX+4C8]
005153BC |. 8B80 08020000 MOV EAX,DWORD PTR DS:[EAX+208]
005153C2 |. 33D2 XOR EDX,EDX
005153C4 |. E8 A79BF5FF CALL jzyq_.0046EF70
005153C9 |. BA 50555100 MOV EDX,jzyq_.00515550 ; 精装友情-软件已注册
005153CE |. E8 F99AF5FF CALL jzyq_.0046EECC
005153D3 |. 8D85 50FFFFFF LEA EAX,DWORD PTR SS:[EBP-B0]
005153D9 |. B9 6C555100 MOV ECX,jzyq_.0051556C ; \hdwl21.dll
005153DE |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
005153E1 |. E8 3AF9EEFF CALL jzyq_.00404D20
005153E6 |. 8B8D 50FFFFFF MOV ECX,DWORD PTR SS:[EBP-B0]
005153EC |. B2 01 MOV DL,1
005153EE |. A1 8C424600 MOV EAX,DWORD PTR DS:[46428C]
005153F3 |. E8 44EFF4FF CALL jzyq_.0046433C
005153F8 |. 8BF0 MOV ESI,EAX
005153FA |. 8D95 4CFFFFFF LEA EDX,DWORD PTR SS:[EBP-B4]
00515400 |. 8B83 10030000 MOV EAX,DWORD PTR DS:[EBX+310]
00515406 |. E8 A1D7F2FF CALL jzyq_.00442BAC
0051540B |. 8B85 4CFFFFFF MOV EAX,DWORD PTR SS:[EBP-B4]
00515411 |. 50 PUSH EAX
00515412 |. B9 80555100 MOV ECX,jzyq_.00515580 ; setet567
00515417 |. BA 94555100 MOV EDX,jzyq_.00515594 ; sym
0051541C |. 8BC6 MOV EAX,ESI
0051541E |. 8B18 MOV EBX,DWORD PTR DS:[EAX]
00515420 |. FF53 04 CALL DWORD PTR DS:[EBX+4]
00515423 |. 8D85 48FFFFFF LEA EAX,DWORD PTR SS:[EBP-B8]
00515429 |. B9 A0555100 MOV ECX,jzyq_.005155A0 ; \hdw121.dll
0051542E |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00515431 |. E8 EAF8EEFF CALL jzyq_.00404D20
00515436 |. 8B85 48FFFFFF MOV EAX,DWORD PTR SS:[EBP-B8]
0051543C |. BA 02000000 MOV EDX,2
00515441 |. E8 9644EFFF CALL jzyq_.004098DC
00515446 |. EB 24 JMP SHORT jzyq_.0051546C
00515448 |> B8 B4555100 MOV EAX,jzyq_.005155B4 ; 注册失败,请重新注册!
0051544D |. E8 4E69F2FF CALL jzyq_.0043BDA0
F9运行后,我输入的订单号“123789”
我输入的假码是“778877888”,确定后被断了下来
在右下角堆栈窗口显示
0012FB78 00000000
0012FB7C 00F9CB8C ASCII "123789" ;我输入的订单号
0012FB80 00F9C5FC ASCII "70617276" ;
0012FB84 00FB88EC ASCII "36i5u422zf1371" ;部分注册码
0012FB88 00F93B10 ASCII "123789" ;真的注册码前部分
0012FB8C 00FB3158 ASCII "1293"
0012FB90 00F9C7E0 ASCII "129336i5u422zf13711" ;真的完整的注册码
0012FB94 00FB84E8 ASCII "778877888" ;我输入的假码
0012FB98 00F826EC ASCII "123789"
0012FB9C 00FB87C4 ASCII "778877888"
重新运行程序后输入订单号“123789”.注册码“129336i5u422zf13711”
显示“注册码正确,感谢你的注册” |
|
IP卡
发表于 2008-1-15 17:12:24
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2008-1-15 17:17:22
发表于 2008-1-15 19:26:56