• 标 题:初学者(15) (3千字)
  • 作 者:liutongwu
  • 时 间:2000-7-4 21:01:44
  • 链 接:http://bbs.pediy.com

RCCD and RCCDPlus,
products designed for playing audio CD's under
Windows 95 or above and Windows NT 4.0 or above.

软件类型:注册码
难易度:固定注册码,易

输入注册码后,CTRL+D进入s-ice
设断点BPX HMEMCPY,CTRL+D返回并按ok
软件被中断后,按F12键15次(第17次出错)
按F10几次后,可找到判断AL的语句--软件以AL为标志
进入上面的CALL,来到下面的程序段.

* Referenced by a CALL at Addresses:
|:00411AD3 , :0041690B , :00417C11 , :0041D06D , :0041D105
|:0041E230 , :004299FE , :00430B92 , :00430C1D , :00431857
|:00431ACC , :0043C56B , :0043CB55 , :0043CCC5 , :0043CE39
|:0043FB91 , :0043FC55 , :00440030 , :004400EF , :0044054A
|:0044079E , :00440D09 , :00440EC7 , :0044E967 , :004613E3
|:0046181A , :00462DC4 , :00466E4F , :00467874 , :0046DEFF
|:004710FC , :004711B1 , :0047623F , :0047629F , :00476433
|:004766BF , :00479C92 , :00479D1B , :0047A0DF , :0047A1A0
|:0047A1B2 , :0047A279 , :0047A2A1 , :0047A349 , :0047A500
|:0047A51F , :0047A549 , :0047A924 , :0047AF56 , :0047AFC8
|:00481AFD , :00481B82 , :0048BC31 , :0048BC40 , :0048BCE7
|:0048BD58 , :0048BDC9 , :0048BE34 , :0048C454 , :0048D182
|:0048D785 , :0048D797 , :0048D80E , :0048D889 , :0048D8E7
|:0048E485 , :0048FB45 , :0048FB5B , :0048FBE9 , :0048FBFF
|:004900FA , :00490142 , :0049018C , :004901D6 , :00492027
|:00492048 , :004ADE08 , :004AE6E2 , :004AE7E2 , :004B0CD0
|:004B0D1A , :004B112E , :004B1284 , :004B1634 , :004B30CB
|:004BC4E2 , :004BD8B1 , :004BDC8A , :004BDD5A , :004BDD8A
|:004BE09F , :004BE0F6 , :004BE14D , :004BE1EC , :004BE21C
|:004BE36C , :004BE46D , :004BE6C4 , :004BE7BA , :004BE811
|:004BE868 , :004BE8BF , :004BF460 , :004BF475 , :004BF554
|:004BF611 , :004BF6BC , :004BF723 , :004BF9F4 , :004BFA2F
|:004BFA6A , :004BFADB , :004BFB42 , :004BFC93 , :004BFD76
|:004BFFC1 , :004C00C1 , :004C00FC , :004C0137 , :004C0172
|:004C01D1 , :004C155E , :004C215C , :004C2387 , :004C265E
|:004C267F
|
:00403F34 53 push ebx
:00403F35 56 push esi
:00403F36 57 push edi
:00403F37 89C6 mov esi, eax
:00403F39 89D7 mov edi, edx
:00403F3B 39D0 cmp eax, edx
:00403F3D 0F848F000000 je 00403FD2
:00403F43 85F6 test esi, esi
:00403F45 7468 je 00403FAF
:00403F47 85FF test edi, edi
:00403F49 746B je 00403FB6
:00403F4B 8B46FC mov eax, dword ptr [esi-04]<----D EAX可看到输入注册码
:00403F4E 8B57FC mov edx, dword ptr [edi-04]<----D EDX可看到软件注册码
:00403F51 29D0 sub eax, edx
:00403F53 7702 ja 00403F57
:00403F55 01C2 add edx, eax

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403F53(C)
|
:00403F57 52 push edx
:00403F58 C1EA02 shr edx, 02
:00403F5B 7426 je 00403F83

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403F79(C)
|
:00403F5D 8B0E mov ecx, dword ptr [esi]
:00403F5F 8B1F mov ebx, dword ptr [edi]
:00403F61 39D9 cmp ecx, ebx<-----比较
:00403F63 7558 jne 00403FBD
:00403F65 4A dec edx
:00403F66 7415 je 00403F7D
:00403F68 8B4E04 mov ecx, dword ptr [esi+04]
:00403F6B 8B5F04 mov ebx, dword ptr [edi+04]
:00403F6E 39D9 cmp ecx, ebx
:00403F70 754B jne 00403FBD
:00403F72 83C608 add esi, 00000008
:00403F75 83C708 add edi, 00000008
:00403F78 4A dec edx
:00403F79 75E2 jne 00403F5D
:00403F7B EB06 jmp 00403F83

注册码:247012546