进球彩压缩饼干 2.50的算法分析(很简单)初学者适合

Saver · 发表于 2005-2-15 21:45:12

【破文作者】 Saver[PYG]

【作者QQ 】 562194

【软件名称】进球彩压缩饼干 2.50

【下载地址】 http://www.softreg.com.cn/downlo ... -9727-BFEF1E07930D/

----------------------------------------------------------------------------------------------
【加密方式】无

【破解工具】 w32dasm，od

【软件限制】限制使用

【破解平台】 XP SP2

----------------------------------------------------------------------------------------------
【软件简介】

■ 商品简介
操作简单,功能强大的进球彩缩水软件.采用独家缩水算法,提供中12保11 中12保10,中12保9,中12保8,自由压缩,五种压缩模式.

■ 详细介绍
操作简单,功能强大的进球彩缩水软件.采用独家缩水算法,提供中12保11
中12保10,中12保9,中12保8,自由压缩五种压缩模式.能缩水8-265倍.两种下注模式(球队模式,比赛模式),可以随便切换.新版本提供数据导入功能.

【文章简介】

查出注册码

----------------------------------------------------------------------------------------------
【破解过程】
经过试用,发现这是款重起验证的软件.
用pe查看发现是delphi写的，用w32打开，查找字符串“"进球彩压缩饼干2.50(已注册)"来到这里
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047D35E(C)                                        ////这个就是关键跳
|
:0047D36C 3B7DF0                cmp edi, dword ptr [ebp-10]
:0047D36F 7564                   jne 0047D3D5
:0047D371 C705307C4800FFFFFFFF mov dword ptr [00487C30], FFFFFFFF

* Possible StringData Ref from Code Obj ->"进球彩压缩饼干2.50(已注册)" ////就是这里，先把这个地址记住
:0047D37B BAB4DB4700             mov edx, 0047DBB4
:0047D380 A12C7C4800             mov eax, dword ptr [00487C2C]
:0047D385 E85E78FCFF             call 00444BE8
:0047D38A EB49                   jmp 0047D3D5

/////////////////////////////////////////////////////////////////////
好，现在我们打开od，找到上面这个地址
0047CF84  /.  55             push ebp
0047CF85  |.  8BEC          mov ebp,esp
0047CF87  |.  81C4 44FFFFFF add esp,-0BC
0047CF8D  |.  53             push ebx
0047CF8E  |.  56             push esi
0047CF8F  |.  57             push edi
0047CF90  |.  33C9          xor ecx,ecx
0047CF92  |.  898D 44FFFFFF mov dword ptr ss:[ebp-BC],ecx
0047CF98  |.  898D 48FFFFFF mov dword ptr ss:[ebp-B8],ecx
0047CF9E  |.  898D 4CFFFFFF mov dword ptr ss:[ebp-B4],ecx
0047CFA4  |.  894D FC       mov dword ptr ss:[ebp-4],ecx
0047CFA7  |.  894D F8       mov dword ptr ss:[ebp-8],ecx
0047CFAA  |.  894D F4       mov dword ptr ss:[ebp-C],ecx
0047CFAD  |.  B9 14000000    mov ecx,14
0047CFB2  |.  8D45 A0       lea eax,dword ptr ss:[ebp-60]
0047CFB5  |.  8B15 AC104000 mov edx,dword ptr ds:[4010AC]
0047CFBB  |.  E8 9C7AF8FF    call 进球彩压.00404A5C
0047CFC0  |.  B9 14000000    mov ecx,14
0047CFC5  |.  8D85 50FFFFFF lea eax,dword ptr ss:[ebp-B0]
0047CFCB  |.  8B15 AC104000 mov edx,dword ptr ds:[4010AC]
0047CFD1  |.  E8 867AF8FF    call 进球彩压.00404A5C
0047CFD6  |.  33C0          xor eax,eax
0047CFD8  |.  55             push ebp
0047CFD9  |.  68 28D44700    push 进球彩压.0047D428
0047CFDE  |.  64:FF30       push dword ptr fs:[eax]
0047CFE1  |.  64:8920       mov dword ptr fs:[eax],esp
0047CFE4  |.  33C0          xor eax,eax
0047CFE6  |.  A3 307C4800    mov dword ptr ds:[487C30],eax
0047CFEB  |.  A1 2C7C4800    mov eax,dword ptr ds:[487C2C]
0047CFF0  |.  8B80 0C030000 mov eax,dword ptr ds:[eax+30C]
0047CFF6  |.  BA 01000000    mov edx,1
0047CFFB  |.  E8 E86FFBFF    call 进球彩压.00433FE8
0047D000  |.  B2 01          mov dl,1
0047D002  |.  A1 ECF94200    mov eax,dword ptr ds:[42F9EC]
0047D007  |.  E8 E02AFBFF    call 进球彩压.0042FAEC
0047D00C  |.  8BD8          mov ebx,eax
0047D00E  |.  BA 02000080    mov edx,80000002
0047D013  |.  8BC3          mov eax,ebx
0047D015  |.  E8 722BFBFF    call 进球彩压.0042FB8C
0047D01A  |.  B1 01          mov cl,1
0047D01C  |.  BA 40D44700    mov edx,进球彩压.0047D440             ; ASCII "Software\Directdxq\defaults"
0047D021  |.  8BC3          mov eax,ebx
0047D023  |.  E8 C82BFBFF    call 进球彩压.0042FBF0
0047D028  |.  8BC3          mov eax,ebx
0047D02A  |.  E8 2D2BFBFF    call 进球彩压.0042FB5C
0047D02F  |.  B1 01          mov cl,1
0047D031  |.  BA 64D44700    mov edx,进球彩压.0047D464             ;  ASCII "Software\dxq\defaults"
0047D036  |.  8BC3          mov eax,ebx
0047D038  |.  E8 B32BFBFF    call 进球彩压.0042FBF0
0047D03D  |.  8BC3          mov eax,ebx
0047D03F  |.  E8 182BFBFF    call 进球彩压.0042FB5C
0047D044  |.  B1 01          mov cl,1
0047D046  |.  BA 84D44700    mov edx,进球彩压.0047D484             ;  ASCII "Software\mainsoft\defaults"
0047D04B  |.  8BC3          mov eax,ebx
0047D04D  |.  E8 9E2BFBFF    call 进球彩压.0042FBF0
0047D052  |.  8BC3          mov eax,ebx
0047D054  |.  E8 032BFBFF    call 进球彩压.0042FB5C
0047D059  |.  B1 01          mov cl,1
0047D05B  |.  BA A8D44700    mov edx,进球彩压.0047D4A8             ;  ASCII "Software\124a6s2358\defaults"
0047D060  |.  8BC3          mov eax,ebx
0047D062  |.  E8 892BFBFF    call 进球彩压.0042FBF0
0047D067  |.  8BC3          mov eax,ebx
0047D069  |.  E8 EE2AFBFF    call 进球彩压.0042FB5C
0047D06E  |.  B1 01          mov cl,1
0047D070  |.  BA D0D44700    mov edx,进球彩压.0047D4D0             ;  ASCII "Software\Microsoft\Direct6c2b\defaults"
0047D075  |.  8BC3          mov eax,ebx
0047D077  |.  E8 742BFBFF    call 进球彩压.0042FBF0
0047D07C  |.  8D4D F4       lea ecx,dword ptr ss:[ebp-C]
0047D07F  |.  BA 00D54700    mov edx,进球彩压.0047D500             ;  ASCII "registry1"
0047D084  |.  8BC3          mov eax,ebx
0047D086  |.  E8 2D2DFBFF    call 进球彩压.0042FDB8
0047D08B  |.  8BC3          mov eax,ebx
0047D08D  |.  E8 CA2AFBFF    call 进球彩压.0042FB5C
0047D092  |.  B1 01          mov cl,1
0047D094  |.  BA 14D54700    mov edx,进球彩压.0047D514             ;  ASCII "Software\coinsoft\defaults"
0047D099  |.  8BC3          mov eax,ebx                ;  以上凡是ascii以“software”打头的就是在注册表里要写进的内容
0047D09B  |.  E8 502BFBFF    call 进球彩压.0042FBF0                ;  机器码
0047D0A0  |.  837D F4 00    cmp dword ptr ss:[ebp-C],0
0047D0A4  |.  0F84 E2020000 je 进球彩压.0047D38C
0047D0AA  |.  A1 2C7C4800    mov eax,dword ptr ds:[487C2C]
0047D0AF  |.  8B80 A8030000 mov eax,dword ptr ds:[eax+3A8]
0047D0B5  |.  8B55 F4       mov edx,dword ptr ss:[ebp-C]
0047D0B8  |.  E8 2B7BFCFF    call 进球彩压.00444BE8
0047D0BD  |.  8D8D 4CFFFFFF lea ecx,dword ptr ss:[ebp-B4]
0047D0C3  |.  BA 38D54700    mov edx,进球彩压.0047D538             ;  ASCII "registry2"
0047D0C8  |.  8BC3          mov eax,ebx
0047D0CA  |.  E8 E92CFBFF    call 进球彩压.0042FDB8
0047D0CF  |.  83BD 4CFFFFFF 00 cmp dword ptr ss:[ebp-B4],0       ;  比较是不是没输入注册码
0047D0D6  |.  0F84 F9020000 je 进球彩压.0047D3D5
0047D0DC  |.  8D45 A0       lea eax,dword ptr ss:[ebp-60]
0047D0DF  |.  BA 4CD54700    mov edx,进球彩压.0047D54C             ;  ASCII "6asa21gjk5zx1m5"
0047D0E4  |.  E8 4370F8FF    call 进球彩压.0040412C
0047D0E9  |.  8D45 A4       lea eax,dword ptr ss:[ebp-5C]
0047D0EC  |.  BA 64D54700    mov edx,进球彩压.0047D564             ;  ASCII "c512g45df4hjjss"
0047D0F1  |.  E8 3670F8FF    call 进球彩压.0040412C
0047D0F6  |.  8D45 A8       lea eax,dword ptr ss:[ebp-58]
0047D0F9  |.  BA 7CD54700    mov edx,进球彩压.0047D57C             ;  ASCII "d1f4f1t4t1er1df"
0047D0FE  |.  E8 2970F8FF    call 进球彩压.0040412C
0047D103  |.  8D45 AC       lea eax,dword ptr ss:[ebp-54]
0047D106  |.  BA 94D54700    mov edx,进球彩压.0047D594             ;  ASCII "dsjcnd214mds28d"
0047D10B  |.  E8 1C70F8FF    call 进球彩压.0040412C
0047D110  |.  8D45 B0       lea eax,dword ptr ss:[ebp-50]
0047D113  |.  BA ACD54700    mov edx,进球彩压.0047D5AC             ;  ASCII "h8asd2j1l82a1k5"
0047D118  |.  E8 0F70F8FF    call 进球彩压.0040412C
0047D11D  |.  8D45 B4       lea eax,dword ptr ss:[ebp-4C]
0047D120  |.  BA C4D54700    mov edx,进球彩压.0047D5C4             ;  ASCII "h9q3as3ghl5ey4j"
0047D125  |.  E8 0270F8FF    call 进球彩压.0040412C
0047D12A  |.  8D45 B8       lea eax,dword ptr ss:[ebp-48]
0047D12D  |.  BA DCD54700    mov edx,进球彩压.0047D5DC             ;  ASCII "i74d1v1jk8l4ss5"
0047D132  |.  E8 F56FF8FF    call 进球彩压.0040412C
0047D137  |.  8D45 BC       lea eax,dword ptr ss:[ebp-44]
0047D13A  |.  BA F4D54700    mov edx,进球彩压.0047D5F4             ;  ASCII "k2udy47sdg1ju21"
0047D13F  |.  E8 E86FF8FF    call 进球彩压.0040412C
0047D144  |.  8D45 C0       lea eax,dword ptr ss:[ebp-40]
0047D147  |.  BA 0CD64700    mov edx,进球彩压.0047D60C             ;  ASCII "k5d12g1m5d2d1yh"
0047D14C  |.  E8 DB6FF8FF    call 进球彩压.0040412C
0047D151  |.  8D45 C4       lea eax,dword ptr ss:[ebp-3C]
0047D154  |.  BA 24D64700    mov edx,进球彩压.0047D624             ;  ASCII "kls23512fg12842"
0047D159  |.  E8 CE6FF8FF    call 进球彩压.0040412C
0047D15E  |.  8D45 C8       lea eax,dword ptr ss:[ebp-38]
0047D161  |.  BA 3CD64700    mov edx,进球彩压.0047D63C             ;  ASCII "l4c19r5641h4kd4"
0047D166  |.  E8 C16FF8FF    call 进球彩压.0040412C
0047D16B  |.  8D45 CC       lea eax,dword ptr ss:[ebp-34]
0047D16E  |.  BA 54D64700    mov edx,进球彩压.0047D654             ;  ASCII "md5tjg2ds6ti6rf"
0047D173  |.  E8 B46FF8FF    call 进球彩压.0040412C
0047D178  |.  8D45 D0       lea eax,dword ptr ss:[ebp-30]
0047D17B  |.  BA 6CD64700    mov edx,进球彩压.0047D66C             ;  ASCII "nsf5g6hj6521gh1"
0047D180  |.  E8 A76FF8FF    call 进球彩压.0040412C
0047D185  |.  8D45 D4       lea eax,dword ptr ss:[ebp-2C]
0047D188  |.  BA 84D64700    mov edx,进球彩压.0047D684             ;  ASCII "p5d12b1w5s2g5gs"
0047D18D  |.  E8 9A6FF8FF    call 进球彩压.0040412C
0047D192  |.  8D45 D8       lea eax,dword ptr ss:[ebp-28]
0047D195  |.  BA 9CD64700    mov edx,进球彩压.0047D69C             ;  ASCII "p85df12sdf8e42f"
0047D19A  |.  E8 8D6FF8FF    call 进球彩压.0040412C
0047D19F  |.  8D45 DC       lea eax,dword ptr ss:[ebp-24]
0047D1A2  |.  BA B4D64700    mov edx,进球彩压.0047D6B4             ;  ASCII "rciwemt8fmkask7"
0047D1A7  |.  E8 806FF8FF    call 进球彩压.0040412C
0047D1AC  |.  8D45 E0       lea eax,dword ptr ss:[ebp-20]
0047D1AF  |.  BA CCD64700    mov edx,进球彩压.0047D6CC             ;  ASCII "ti45hj11d45f85u"
0047D1B4  |.  E8 736FF8FF    call 进球彩压.0040412C
0047D1B9  |.  8D45 E4       lea eax,dword ptr ss:[ebp-1C]
0047D1BC  |.  BA E4D64700    mov edx,进球彩压.0047D6E4             ;  ASCII "vodk3239dfknmas"
0047D1C1  |.  E8 666FF8FF    call 进球彩压.0040412C
0047D1C6  |.  8D45 E8       lea eax,dword ptr ss:[ebp-18]
0047D1C9  |.  BA FCD64700    mov edx,进球彩压.0047D6FC             ;  ASCII "wag56g451h5f82a"
0047D1CE  |.  E8 596FF8FF    call 进球彩压.0040412C
0047D1D3  |.  8D45 EC       lea eax,dword ptr ss:[ebp-14]
0047D1D6  |.  BA 14D74700    mov edx,进球彩压.0047D714             ;  ASCII "zif8dfs2g4374df"
0047D1DB  |.  E8 4C6FF8FF    call 进球彩压.0040412C
0047D1E0  |.  8D85 50FFFFFF lea eax,dword ptr ss:[ebp-B0]
0047D1E6  |.  BA 2CD74700    mov edx,进球彩压.0047D72C ;  ASCII "5s12f12h1s1g2h6s1fgh5hk45841y552as5j85i8sd5s5fj4"
0047D1EB  |.  E8 3C6FF8FF    call 进球彩压.0040412C
0047D1F0  |.  8D85 54FFFFFF lea eax,dword ptr ss:[ebp-AC]
0047D1F6  |.  BA 68D74700    mov edx,进球彩压.0047D768 ;  ASCII "x5s5sd51hjj78hf45a4f5f5s45s74ff1j4d56s69as1fs45g"
0047D1FB  |.  E8 2C6FF8FF    call 进球彩压.0040412C
0047D200  |.  8D85 58FFFFFF lea eax,dword ptr ss:[ebp-A8]
0047D206  |.  BA A4D74700    mov edx,进球彩压.0047D7A4 ;  ASCII "q1t4h1h2l2ol4r4cdx1s2yh5u6i2k3p41g5256b6g56"
0047D20B  |.  E8 1C6FF8FF    call 进球彩压.0040412C
0047D210  |.  8D85 5CFFFFFF lea eax,dword ptr ss:[ebp-A4]
0047D216  |.  BA D8D74700    mov edx,进球彩压.0047D7D8 ;  ASCII "12sdhd1d42c82d2c5d85cde2d458d52d36d58d5d23d"
0047D21B  |.  E8 0C6FF8FF    call 进球彩压.0040412C
0047D220  |.  8D85 60FFFFFF lea eax,dword ptr ss:[ebp-A0]
0047D226  |.  BA 0CD84700    mov edx,进球彩压.0047D80C ;  ASCII "nsdf4gfbfmkjsdjkuewnvbfhr7yendhja,3phcmedhrviem378"
0047D22B  |.  E8 FC6EF8FF    call 进球彩压.0040412C
0047D230  |.  8D85 64FFFFFF lea eax,dword ptr ss:[ebp-9C]
0047D236  |.  BA 48D84700    mov edx,进球彩压.0047D848 ;  ASCII "d9g4j5h812d2x12g8uj7j1cv2x23h9ik45h2,12l74uj56"
0047D23B  |.  E8 EC6EF8FF    call 进球彩压.0040412C
0047D240  |.  8D85 68FFFFFF lea eax,dword ptr ss:[ebp-98]
0047D246  |.  BA 80D84700    mov edx,进球彩压.0047D880 ;  ASCII "q9y2j223d2a2f56j8jk5k2kk21sd12f85u85g52f1d41h4"
0047D24B  |.  E8 DC6EF8FF    call 进球彩压.0040412C
0047D250  |.  8D85 6CFFFFFF lea eax,dword ptr ss:[ebp-94]
0047D256  |.  BA B8D84700    mov edx,进球彩压.0047D8B8 ;  ASCII "45d55dsv4994ddsss6s2dc5dc41c5d5dc1dcdss556c"
0047D25B  |.  E8 CC6EF8FF    call 进球彩压.0040412C
0047D260  |.  8D85 70FFFFFF lea eax,dword ptr ss:[ebp-90]
0047D266  |.  BA ECD84700    mov edx,进球彩压.0047D8EC ;  ASCII "z85wfg1j7l5f4s5h89rts55f69h9dshavbrx2g8923dfg892x"
0047D26B  |.  E8 BC6EF8FF    call 进球彩压.0040412C
0047D270  |.  8D85 74FFFFFF lea eax,dword ptr ss:[ebp-8C]
0047D276  |.  BA 28D94700    mov edx,进球彩压.0047D928 ;  ASCII "y52a23fg45j45sddf812g2hj564u8asf1m18l5as12as8ja"
0047D27B  |.  E8 AC6EF8FF    call 进球彩压.0040412C
0047D280  |.  8D85 78FFFFFF lea eax,dword ptr ss:[ebp-88]
0047D286  |.  BA 60D94700    mov edx,进球彩压.0047D960 ;  ASCII "b45e1f1g45gh5as1f45h85d1a5d5g85t41d41g45d445"
0047D28B  |.  E8 9C6EF8FF    call 进球彩压.0040412C
0047D290  |.  8D85 7CFFFFFF lea eax,dword ptr ss:[ebp-84]
0047D296  |.  BA 98D94700    mov edx,进球彩压.0047D998 ;  ASCII "s45q1f1gh45h12q6t574e5f1g8y41556h1j8g1d2dfv8f74tg1"
0047D29B  |.  E8 8C6EF8FF    call 进球彩压.0040412C
0047D2A0  |.  8D45 80       lea eax,dword ptr ss:[ebp-80]
0047D2A3  |.  BA D4D94700    mov edx,进球彩压.0047D9D4 ;  ASCII "e9j2hm12cx89h2yh4t12c63j69jk6l9k9s32h569k2.2df56f"
0047D2A8  |.  E8 7F6EF8FF    call 进球彩压.0040412C
0047D2AD  |.  8D45 84       lea eax,dword ptr ss:[ebp-7C]
0047D2B0  |.  BA 10DA4700    mov edx,进球彩压.0047DA10 ;  ASCII "52g15sq2w4t45s56a68w45fgjk5dssw5e5e12x5j5a5ety5hzs"
0047D2B5  |.  E8 726EF8FF    call 进球彩压.0040412C
0047D2BA  |.  8D45 88       lea eax,dword ptr ss:[ebp-78]
0047D2BD  |.  BA 4CDA4700    mov edx,进球彩压.0047DA4C ;  ASCII "q4h812dfas2j8512df1j78541d12m1a123h485er12d12dfg85"
0047D2C2  |.  E8 656EF8FF    call 进球彩压.0040412C
0047D2C7  |.  8D45 8C       lea eax,dword ptr ss:[ebp-74]
0047D2CA  |.  BA 88DA4700    mov edx,进球彩压.0047DA88 ;  ASCII "5ikc983jfg;ldfg83hjdsnmb98rjadjf8ejmflasjdf73jkklg"
0047D2CF  |.  E8 586EF8FF    call 进球彩压.0040412C
0047D2D4  |.  8D45 90       lea eax,dword ptr ss:[ebp-70]
0047D2D7  |.  BA C4DA4700    mov edx,进球彩压.0047DAC4 ;  ASCII "ui8g41f4h89k5k1fg1df45df8gh4j1441dfs41df4h78gh7gh"
0047D2DC  |.  E8 4B6EF8FF    call 进球彩压.0040412C
0047D2E1  |.  8D45 94       lea eax,dword ptr ss:[ebp-6C]
0047D2E4  |.  BA 00DB4700    mov edx,进球彩压.0047DB00 ;  ASCII "mdowkwnjghyu5dn3883ghidf9671jddst3bgruehbas56hdf98"
0047D2E9  |.  E8 3E6EF8FF    call 进球彩压.0040412C
0047D2EE  |.  8D45 98       lea eax,dword ptr ss:[ebp-68]
0047D2F1  |.  BA 3CDB4700    mov edx,进球彩压.0047DB3C ;  ASCII "u45a1fgs5jm81248da21fads5f893a52g1a5dfg43j41asda"
0047D2F6  |.  E8 316EF8FF    call 进球彩压.0040412C
0047D2FB  |.  8D45 9C       lea eax,dword ptr ss:[ebp-64]
0047D2FE  |.  BA 78DB4700    mov edx,进球彩压.0047DB78 ;  ASCII "p41v78t41sd1n7das1h78k56asd1gad8ga2f1h1das8fh21s5"
0047D303  |.  E8 246EF8FF    call 进球彩压.0040412C
0047D308  |.  8D55 FC       lea edx,dword ptr ss:[ebp-4]
0047D30B  |.  A1 2C7C4800    mov eax,dword ptr ds:[487C2C]
0047D310  |.  8B80 A8030000 mov eax,dword ptr ds:[eax+3A8]
0047D316  |.  E8 9D78FCFF    call 进球彩压.00444BB8
0047D31B  |.  8D4D F8       lea ecx,dword ptr ss:[ebp-8]
0047D31E  |.  BA 38D54700    mov edx,进球彩压.0047D538             ;  ASCII "registry2"
0047D323  |.  8BC3          mov eax,ebx
0047D325  |.  E8 8E2AFBFF    call 进球彩压.0042FDB8
0047D32A  |.  BF 01000000    mov edi,1
0047D32F  |.  8D75 A0       lea esi,dword ptr ss:[ebp-60]       ///////////////////////
0047D332  |>  8B45 FC       /mov eax,dword ptr ss:[ebp-4]       你的机器码
0047D335  |.  8B16          |mov edx,dword ptr ds:[esi]          表里的机器码（从上往下找）
0047D337  |.  E8 6471F8FF    |call 进球彩压.004044A0             比较是不是一样
0047D33C  |.  74 09          |je short 进球彩压.0047D347          一样就跳
0047D33E  |.  47             |inc edi                            edi+1，（edi为记数器）（这里保存着有用，下面会比较）
0047D33F  |.  83C6 04       |add esi,4                         指针+4即列表里往下一行
0047D342  |.  83FF 15       |cmp edi,15                         一共可以比较21次
0047D345  |.^ 75 EB          \jnz short 进球彩压.0047D332       往回走
0047D347  |>  C745 F0 01000000 mov dword ptr ss:[ebp-10],1       ////////////////////////
0047D34E  |.  8DB5 50FFFFFF lea esi,dword ptr ss:[ebp-B0]    /////////////////////////
0047D354  |>  8B45 F8       /mov eax,dword ptr ss:[ebp-8]       你的注册码
0047D357  |.  8B16          |mov edx,dword ptr ds:[esi]       表里的注册码
0047D359  |.  E8 4271F8FF    |call 进球彩压.004044A0             比较是否一样
0047D35E  |.  74 0C          |je short 进球彩压.0047D36C       是就跳到注册窗口
0047D360  |.  FF45 F0       |inc dword ptr ss:[ebp-10]          [ebp-10]里的值加1（保存，下面比较）
0047D363  |.  83C6 04       |add esi,4                         列表下移一行
0047D366  |.  837D F0 15    |cmp dword ptr ss:[ebp-10],15       同样比较次数最多为20次
0047D36A  |.^ 75 E8          \jnz short 进球彩压.0047D354       跳回比较
0047D36C    3B7D F0       cmp edi,dword ptr ss:[ebp-10]       就是这里比较，要在2个列表里都不同的话，还是错误，就算你输入的是正确的注册码
0047D36F    75 64          jnz short 进球彩压.0047D3D5             ;  未注册跳到启动
0047D371  |.  C705 307C4800 FF>mov dword ptr ds:[487C30],-1
0047D37B  |.  BA B4DB4700    mov edx,进球彩压.0047DBB4
0047D380  |.  A1 2C7C4800    mov eax,dword ptr ds:[487C2C]
0047D385  |.  E8 5E78FCFF    call 进球彩压.00444BE8
0047D38A  |.  EB 49          jmp short 进球彩压.0047D3D5             ;  注册跳到启动窗口（其实和上面的jmp到的地址一样）
0047D38C  |>  8D85 48FFFFFF lea eax,dword ptr ss:[ebp-B8]
0047D392  |.  E8 EDF5FFFF    call 进球彩压.0047C984
0047D397  |.  8B95 48FFFFFF mov edx,dword ptr ss:[ebp-B8]
0047D39D  |.  A1 2C7C4800    mov eax,dword ptr ds:[487C2C]
0047D3A2  |.  8B80 A8030000 mov eax,dword ptr ds:[eax+3A8]
0047D3A8  |.  E8 3B78FCFF    call 进球彩压.00444BE8
0047D3AD  |.  8D95 44FFFFFF lea edx,dword ptr ss:[ebp-BC]
0047D3B3  |.  A1 2C7C4800    mov eax,dword ptr ds:[487C2C]
0047D3B8  |.  8B80 A8030000 mov eax,dword ptr ds:[eax+3A8]
0047D3BE  |.  E8 F577FCFF    call 进球彩压.00444BB8
0047D3C3  |.  8B8D 44FFFFFF mov ecx,dword ptr ss:[ebp-BC]
0047D3C9  |.  BA 00D54700    mov edx,进球彩压.0047D500
0047D3CE  |.  8BC3          mov eax,ebx
0047D3D0  |.  E8 B729FBFF    call 进球彩压.0042FD8C
0047D3D5  |>  8BC3          mov eax,ebx                         ;  到这整个过程就结束了
0047D3D7  |.  E8 8027FBFF    call 进球彩压.0042FB5C
0047D3DC  |.  33C0          xor eax,eax
0047D3DE  |.  5A             pop edx
0047D3DF  |.  59             pop ecx
0047D3E0  |.  59             pop ecx
0047D3E1  |.  64:8910       mov dword ptr fs:[eax],edx
0047D3E4  |.  68 2FD44700    push 进球彩压.0047D42F
0047D3E9  |>  8D85 44FFFFFF lea eax,dword ptr ss:[ebp-BC]
0047D3EF  |.  E8 A06CF8FF    call 进球彩压.00404094
0047D3F4  |.  8D85 48FFFFFF lea eax,dword ptr ss:[ebp-B8]
0047D3FA  |.  BA 02000000    mov edx,2
0047D3FF  |.  E8 B46CF8FF    call 进球彩压.004040B8
0047D404  |.  8D85 50FFFFFF lea eax,dword ptr ss:[ebp-B0]
0047D40A  |.  B9 28000000    mov ecx,28
0047D40F  |.  8B15 AC104000 mov edx,dword ptr ds:[4010AC]
0047D415  |.  E8 2E77F8FF    call 进球彩压.00404B48
0047D41A  |.  8D45 F4       lea eax,dword ptr ss:[ebp-C]
0047D41D  |.  BA 03000000    mov edx,3
0047D422  |.  E8 916CF8FF    call 进球彩压.004040B8
0047D427  \.  C3             retn

如果你的od设置好的话，可以发现整个call很长，一直从47CF84到47D427。
可以发现在这个过程中，出现了很多一长串的字符
从“0047D0CF  |.  83BD 4CFFFFFF 00 cmp dword ptr ss:[ebp-B4],0       ;  比较是不是没输入注册码”
到“0047D2FE  |.  BA 78DB4700    mov edx,进球彩压.0047DB78             ;  ASCII "p41v78t41sd1n7das1h78k56asd1gad8ga2f1h1das8fh21s5"”
再回头看看你的机器码，你会发现你的机器码就是这下面20个短的里面的一个，如果你有感觉的话，那么下面那些长的里的一个就是你所需要的注册码了
我通过跟踪知道，机器码对应着唯一的注册码。简单点的话就是这样的，从短的机器码从上往下数，你的机器码和他里面第几个相同，那注册码就是从长的里
开始的第几个。就好比，你的机器码是"p5d12b1w5s2g5gs"这个，在第14个，那注册码也就在第14个，即“"52g15sq2w4t45s56a68w45fgjk5dssw5e5e12x5j5a5ety5hzs"”

这样是不是觉得简单很多啊？好了，今天就OK啦~先这样吧~

（接上）

这个就是上面的比较call“call 进球彩压.004044A0”看起来很长，对我们有用的其实不多

004044A0  /$  53             push ebx
004044A1  |.  56             push esi
004044A2  |.  57             push edi
004044A3  |.  89C6          mov esi,eax                esi=eax=你输入的注册码
004044A5  |.  89D7          mov edi,edx                edi=edx=表里的注册码
004044A7  |.  39D0          cmp eax,edx                比较2个是否相同
004044A9  |.  0F84 8F000000 je 进球彩压.0040453E       相同就跳，就出来了
004044AF  |.  85F6          test esi,esi
004044B1  |.  74 68          je short 进球彩压.0040451B
004044B3  |.  85FF          test edi,edi
004044B5  |.  74 6B          je short 进球彩压.00404522
（部分代码略）
0040453E  |>  5F             pop edi
0040453F  |.  5E             pop esi
00404540  |.  5B             pop ebx
00404541  \.  C3             retn

好，现在总结下算法
首先需要有2张表，第一张里是机器码表为：
"6asa21gjk5zx1m5"
"c512g45df4hjjss"
"d1f4f1t4t1er1df"
"dsjcnd214mds28d"
"h8asd2j1l82a1k5"
"h9q3as3ghl5ey4j"
"i74d1v1jk8l4ss5"
"k2udy47sdg1ju21"
"k5d12g1m5d2d1yh"
"kls23512fg12842"
"l4c19r5641h4kd4"
"md5tjg2ds6ti6rf"
"nsf5g6hj6521gh1"
"p5d12b1w5s2g5gs"
"p85df12sdf8e42f"
"rciwemt8fmkask7"
"ti45hj11d45f85u"
"vodk3239dfknmas"
"wag56g451h5f82a"
"zif8dfs2g4374df"

然后第2张表里为注册码表为：
"5s12f12h1s1g2h6s1fgh5hk45841y552as5j85i8sd5s5fj4"
"x5s5sd51hjj78hf45a4f5f5s45s74ff1j4d56s69as1fs45g"
"q1t4h1h2l2ol4r4cdx1s2yh5u6i2k3p41g5256b6g56"
"12sdhd1d42c82d2c5d85cde2d458d52d36d58d5d23d"
"nsdf4gfbfmkjsdjkuewnvbfhr7yendhja,3phcmedhrviem378"
"d9g4j5h812d2x12g8uj7j1cv2x23h9ik45h2,12l74uj56"
"q9y2j223d2a2f56j8jk5k2kk21sd12f85u85g52f1d41h4"
"45d55dsv4994ddsss6s2dc5dc41c5d5dc1dcdss556c"
"z85wfg1j7l5f4s5h89rts55f69h9dshavbrx2g8923dfg892x"
"y52a23fg45j45sddf812g2hj564u8asf1m18l5as12as8ja"
"b45e1f1g45gh5as1f45h85d1a5d5g85t41d41g45d445"
"s45q1f1gh45h12q6t574e5f1g8y41556h1j8g1d2dfv8f74tg1"
"e9j2hm12cx89h2yh4t12c63j69jk6l9k9s32h569k2.2df56f"
"52g15sq2w4t45s56a68w45fgjk5dssw5e5e12x5j5a5ety5hzs"
"q4h812dfas2j8512df1j78541d12m1a123h485er12d12dfg85"
"5ikc983jfg;ldfg83hjdsnmb98rjadjf8ejmflasjdf73jkklg"
"ui8g41f4h89k5k1fg1df45df8gh4j1441dfs41df4h78gh7gh"
"mdowkwnjghyu5dn3883ghidf9671jddst3bgruehbas56hdf98"
"u45a1fgs5jm81248da21fads5f893a52g1a5dfg43j41asda"
"p41v78t41sd1n7das1h78k56asd1gad8ga2f1h1das8fh21s5"

然后就是取得输入的机器码的位置后输出相应位置的注册码

----------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------
【破解声明】我是一只小菜鸟，偶得一点心得，愿与大家分享

【版权声明】本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
----------------------------------------------------------------------------------------------
                                                                              文章写于2005-2-15 21:24:44

jackily · 发表于 2005-2-16 08:44:13

追起来一定够累的了，支持。

显示全部楼层 · 发表于 2005-9-19 20:55:11

提示: 作者被禁止或删除内容自动屏蔽

jcly · 发表于 2005-9-29 09:10:46

好。支持一下啊。

clw · 发表于 2005-10-10 14:09:33

好。支持一下啊。

		自动登录	找回密码
密码			加入我们

xianju110 该用户已被删除	发表于 2005-9-19 20:55:11 \| 显示全部楼层提示: 作者被禁止或删除内容自动屏蔽
xianju110 该用户已被删除	PYG19周年生日快乐！
	回复支持反对使用道具举报显身卡

进球彩压缩饼干 2.50的算法分析(很简单)初学者适合

相关帖子