破解至嘉DB Tools V2.1
关键是DBTools.dll,以下是此文件的几个重要的反编译段落:
起动时判断注册是否成功:
:10001188 90
nop
:10001189 90
nop
:1000118A 90
nop
:1000118B 90
nop
:1000118C 90
nop
:1000118D 90
nop
:1000118E 90
nop
:1000118F 90
nop
Exported fn(): FirstStartRegistryCode - Ord:0004h
:10001190 83EC24
sub esp, 00000024
:10001193 8D4C2400 lea
ecx, dword ptr [esp]
:10001197 E8B4050000 call 10001750
:1000119C 8D4C2400 lea
ecx, dword ptr [esp]
:100011A0 E82B070000 call 100018D0
:100011A5 83F801
cmp eax, 00000001
:100011A8 7520
jne 100011CA -------->>>>>eb20
:100011AA 56
push esi
:100011AB 68F8C90110 push 1001C9F8
:100011B0 E8722D0000 call 10003F27
:100011B5 83C404
add esp, 00000004
:100011B8 8D4C2404 lea
ecx, dword ptr [esp+04]
:100011BC 8BF0
mov esi, eax
:100011BE E8BD050000 call 10001780
:100011C3 8BC6
mov eax, esi
:100011C5 5E
pop esi
:100011C6 83C424
add esp, 00000024
:100011C9 C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100011A8(C)
|
:100011CA 83F8FF
cmp eax, FFFFFFFF
:100011CD 7510
jne 100011DF
:100011CF 8D4C2400 lea
ecx, dword ptr [esp]
:100011D3 E8A8050000 call 10001780
:100011D8 83C8FF
or eax, FFFFFFFF
:100011DB 83C424
add esp, 00000024
:100011DE C3
ret
注册:
* Possible Reference to Dialog: DialogID_2710, CONTROL_ID:2711, ""
|
:1000149B 6811270000 push 00002711
:100014A0 8BCE
mov ecx, esi
:100014A2 E8FA010100 call 100116A1
:100014A7 8BC8
mov ecx, eax
:100014A9 E884020100 call 10011732
:100014AE 8DBC2488000000 lea edi, dword ptr
[esp+00000088]
:100014B5 83C9FF
or ecx, FFFFFFFF
:100014B8 33C0
xor eax, eax
:100014BA F2
repnz
:100014BB AE
scasb
:100014BC F7D1
not ecx
:100014BE 49
dec ecx
:100014BF 83F906
cmp ecx, 00000006 ----->>判断姓名是否为6个以上字符
:100014C2 7D23
jge 100014E7 ---大于或等于就跳转
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100014C2(C)
|
:100014E7 8D7C2438 lea
edi, dword ptr [esp+38]
:100014EB 83C9FF
or ecx, FFFFFFFF
:100014EE 33C0
xor eax, eax
:100014F0 F2
repnz
:100014F1 AE
scasb
:100014F2 F7D1
not ecx
:100014F4 49
dec ecx
:100014F5 83F910
cmp ecx, 00000010 ------->>>>判断注册码是否为16个字符
:100014F8 7423
je 1000151D ----->>>等于就跳转
:100014FA 50
push eax
:100014FB 50
push eax
:100014FC 68F8B00110 push 1001B0F8
:10001501 E8CD250100 call 10013AD3
:10001506 5F
pop edi
:10001507 5E
pop esi
:10001508 8B8C2480020000 mov ecx, dword ptr
[esp+00000280]
:1000150F 64890D00000000 mov dword ptr fs:[00000000],
ecx
:10001516 81C48C020000 add esp, 0000028C
:1000151C C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100014F8(C)
|
:1000151D 8D4C2414 lea
ecx, dword ptr [esp+14]
:10001521 E82A020000 call 10001750
:10001526 8D842488000000 lea eax, dword ptr
[esp+00000088]
:1000152D 8D4C2418 lea
ecx, dword ptr [esp+18]
:10001531 50
push eax
* Possible StringData Ref from Data Obj ->"%s"
|
:10001532 68A0B00110 push 1001B0A0
:10001537 51
push ecx
:10001538 C784249C02000000000000 mov dword ptr [esp+0000029C], 00000000
:10001543 E8CE280000 call 10003E16
:10001548 8D542444 lea
edx, dword ptr [esp+44]
:1000154C 8D442432 lea
eax, dword ptr [esp+32]
:10001550 52
push edx
* Possible StringData Ref from Data Obj ->"%s"
|
:10001551 68A0B00110 push 1001B0A0
:10001556 50
push eax
:10001557 E8BA280000 call 10003E16
:1000155C 83C418
add esp, 00000018
:1000155F 8D4C2414 lea
ecx, dword ptr [esp+14]
:10001563 E808050000 call 10001A70
----->>>效验注册是否正确
:10001568 83F8FF
cmp eax, FFFFFFFF
:1000156B 7539
jne 100015A6 ----->>>正确才跳
:1000156D 6A00
push 00000000
:1000156F 6A00
push 00000000
:10001571 68E8B00110 push 1001B0E8
:10001576 E858250100 call 10013AD3
:1000157B 8D4C2414 lea
ecx, dword ptr [esp+14]
:1000157F C7842490020000FFFFFFFF mov dword ptr [esp+00000290], FFFFFFFF
:1000158A E8F1010000 call 10001780
:1000158F 5F
pop edi
:10001590 5E
pop esi
:10001591 8B8C2480020000 mov ecx, dword ptr
[esp+00000280]
:10001598 64890D00000000 mov dword ptr fs:[00000000],
ecx
:1000159F 81C48C020000 add esp, 0000028C
:100015A5 C3
ret
- 标 题:破解至嘉DB Tools V2.1 (5千字)
- 作 者:Z-H
- 时 间:2000-9-11 22:24:11
- 链 接:http://bbs.pediy.com