简单分析——绝世好简历 V1.6!
下载页面:
http://www.skycn.com/soft/10880.html
软件大小:
707 KB
软件语言: 简体中文
软件类别: 国产软件 / 共享版 / 杂类工具
应用平台: Win9x/NT/2000/XP
加入时间:
2003-02-24 08:41:05
下载次数: 2382
推荐等级: ***
开 发 商: http://zhuocaicai.3322.net/
【软件简介】:本软件只须您填入姓名、年龄、工作经历等基本信息,就可以自动帮您生成一篇完美的简历。还有三种风格可供选择,大大减轻了工作量,绝对可以为您奉上一篇绝世好简历!
【软件限制】:12次试用
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg、FI2.5、W32Dasm8.93黄金版
—————————————————————————————
【过
程】:
绝世好简历1.6.exe用FI2.5检测,不认识。VC++编写。
试炼码:1357246890123456
<需要16位!>
:00406CFA
E81EF60300 call 0044631D
:00406CFF
8B4C2410 mov ecx, dword
ptr [esp+10]
:00406D03 8B41F4
mov eax, dword ptr [ecx-0C]
:00406D06 83F810
cmp eax, 00000010
====>试炼码是否16位?
:00406D09
747F je 00406D8A
====>不跳则OVER!
:00406D0B
6A10 push
00000010
:00406D0D 68049B4600 push
00469B04
:00406D12 68F49A4600 push
00469AF4
:00406D17 6A00
push 00000000
*
Reference To: USER32.MessageBoxA, Ord:01DCh
|
:00406D19
FF1520964600 Call dword ptr [00469620]
====>BAD BOY!
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406D09(C)
下面分别取试炼码的第2、4、6、8、10位!我不太明白其取数的方法,希望大家指教!
:00406D8A
6A01 push
00000001
:00406D8C 6A01
push 00000001
:00406D8E 8D44241C
lea eax, dword ptr [esp+1C]
:00406D92 50
push eax
:00406D93
8D4C241C lea ecx, dword
ptr [esp+1C]
:00406D97
E8E4FAFFFF call 00406880
:00406D9C
50 push
eax
:00406D9D 8D4C2420 lea
ecx, dword ptr [esp+20]
:00406DA1 C68424881F000006 mov
byte ptr [esp+00001F88], 06
:00406DA9 E8F2FCFFFF
call 00406AA0
:00406DAE 8B442414
mov eax, dword ptr [esp+14]
====>D EAX=3 取试炼码的第2位
:00406DB2
83C0F0 add eax,
FFFFFFF0
:00406DB5 C68424841F000005 mov byte ptr
[esp+00001F84], 05
:00406DBD 8D480C
lea ecx, dword ptr [eax+0C]
:00406DC0 83CAFF
or edx, FFFFFFFF
:00406DC3
F0 lock
:00406DC4
0FC111 xadd dword
ptr [ecx], edx
:00406DC7 4A
dec edx
:00406DC8 85D2
test edx, edx
:00406DCA 7F08
jg 00406DD4
:00406DCC
8B08 mov
ecx, dword ptr [eax]
:00406DCE 8B11
mov edx, dword ptr [ecx]
:00406DD0 50
push eax
:00406DD1
FF5204 call [edx+04]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406DCA(C)
|
:00406DD4
6A01 push
00000001
:00406DD6 6A03
push 00000003
:00406DD8 8D44241C
lea eax, dword ptr [esp+1C]
:00406DDC 50
push eax
:00406DDD
8D4C241C lea ecx, dword
ptr [esp+1C]
:00406DE1 E89AFAFFFF
call 00406880
:00406DE6 50
push eax
:00406DE7 8D4C241C
lea ecx, dword ptr [esp+1C]
:00406DEB
C68424881F000007 mov byte ptr [esp+00001F88], 07
:00406DF3
E8A8FCFFFF call 00406AA0
:00406DF8
8B442414 mov eax, dword
ptr [esp+14]
====>D EAX=7
取试炼码的第4位
:00406DFC 83C0F0
add eax, FFFFFFF0
:00406DFF
C68424841F000005 mov byte ptr [esp+00001F84], 05
:00406E07
8D480C lea ecx,
dword ptr [eax+0C]
:00406E0A 83CAFF
or edx, FFFFFFFF
:00406E0D F0
lock
:00406E0E 0FC111
xadd dword ptr [ecx], edx
:00406E11
4A dec
edx
:00406E12 85D2
test edx, edx
:00406E14 7F08
jg 00406E1E
:00406E16 8B08
mov ecx, dword ptr [eax]
:00406E18
8B11 mov
edx, dword ptr [ecx]
:00406E1A 50
push eax
:00406E1B FF5204
call [edx+04]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406E14(C)
|
:00406E1E
6A01 push
00000001
:00406E20 6A05
push 00000005
:00406E22 8D44241C
lea eax, dword ptr [esp+1C]
:00406E26 50
push eax
:00406E27
8D4C241C lea ecx, dword
ptr [esp+1C]
:00406E2B E850FAFFFF
call 00406880
:00406E30 50
push eax
:00406E31 8D4C2424
lea ecx, dword ptr [esp+24]
:00406E35
C68424881F000008 mov byte ptr [esp+00001F88], 08
:00406E3D
E85EFCFFFF call 00406AA0
:00406E42
8B442414 mov eax, dword
ptr [esp+14]
====>D EAX=4
取试炼码的第6位
:00406E46 83C0F0
add eax, FFFFFFF0
:00406E49
C68424841F000005 mov byte ptr [esp+00001F84], 05
:00406E51
8D480C lea ecx,
dword ptr [eax+0C]
:00406E54 83CAFF
or edx, FFFFFFFF
:00406E57 F0
lock
:00406E58 0FC111
xadd dword ptr [ecx], edx
:00406E5B
4A dec
edx
:00406E5C 85D2
test edx, edx
:00406E5E 7F08
jg 00406E68
:00406E60 8B08
mov ecx, dword ptr [eax]
:00406E62
8B11 mov
edx, dword ptr [ecx]
:00406E64 50
push eax
:00406E65 FF5204
call [edx+04]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406E5E(C)
|
:00406E68
6A01 push
00000001
:00406E6A 6A07
push 00000007
:00406E6C 8D44241C
lea eax, dword ptr [esp+1C]
:00406E70 50
push eax
:00406E71
8D4C241C lea ecx, dword
ptr [esp+1C]
:00406E75 E806FAFFFF
call 00406880
:00406E7A 50
push eax
:00406E7B 8D4C2428
lea ecx, dword ptr [esp+28]
:00406E7F
C68424881F000009 mov byte ptr [esp+00001F88], 09
:00406E87
E814FCFFFF call 00406AA0
:00406E8C
8B442414 mov eax, dword
ptr [esp+14]
====>D EAX=8
取试炼码的第8位
:00406E90 83C0F0
add eax, FFFFFFF0
:00406E93
C68424841F000005 mov byte ptr [esp+00001F84], 05
:00406E9B
8D480C lea ecx,
dword ptr [eax+0C]
:00406E9E 83CAFF
or edx, FFFFFFFF
:00406EA1 F0
lock
:00406EA2 0FC111
xadd dword ptr [ecx], edx
:00406EA5
4A dec
edx
:00406EA6 85D2
test edx, edx
:00406EA8 7F08
jg 00406EB2
:00406EAA 8B08
mov ecx, dword ptr [eax]
:00406EAC
8B11 mov
edx, dword ptr [ecx]
:00406EAE 50
push eax
:00406EAF FF5204
call [edx+04]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406EA8(C)
|
:00406EB2
6A01 push
00000001
:00406EB4 6A09
push 00000009
:00406EB6 8D44241C
lea eax, dword ptr [esp+1C]
:00406EBA 50
push eax
:00406EBB
8D4C241C lea ecx, dword
ptr [esp+1C]
:00406EBF E8BCF9FFFF
call 00406880
:00406EC4 50
push eax
:00406EC5 8D4C242C
lea ecx, dword ptr [esp+2C]
:00406EC9
C68424881F00000A mov byte ptr [esp+00001F88], 0A
:00406ED1
E8CAFBFFFF call 00406AA0
:00406ED6
8B442414 mov eax, dword
ptr [esp+14]
====>D EAX=0
取试炼码的第10位
:00406EDA
83C0F0 add eax,
FFFFFFF0
:00406EDD C68424841F000005 mov byte ptr
[esp+00001F84], 05
:00406EE5 8D480C
lea ecx, dword ptr [eax+0C]
:00406EE8 83CAFF
or edx, FFFFFFFF
:00406EEB
F0 lock
:00406EEC
0FC111 xadd dword
ptr [ecx], edx
:00406EEF 4A
dec edx
:00406EF0 85D2
test edx, edx
:00406EF2 7F08
jg 00406EFC
:00406EF4
8B08 mov
ecx, dword ptr [eax]
:00406EF6 8B11
mov edx, dword ptr [ecx]
:00406EF8 50
push eax
:00406EF9
FF5204 call [edx+04]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406EF2(C)
|
:00406EFC
8D442418 lea eax, dword
ptr [esp+18]
:00406F00 50
push eax
:00406F01 8D4C2420
lea ecx, dword ptr [esp+20]
:00406F05 51
push
ecx
:00406F06 8D54243C lea
edx, dword ptr [esp+3C]
:00406F0A 52
push edx
:00406F0B E860FCFFFF
call 00406B70
:00406F10 8D4C242C
lea ecx, dword ptr [esp+2C]
:00406F14
51 push
ecx
:00406F15 50
push eax
:00406F16 8D54244C
lea edx, dword ptr [esp+4C]
:00406F1A 52
push edx
:00406F1B
C684249C1F00000B mov byte ptr [esp+00001F9C], 0B
:00406F23
E848FCFFFF call 00406B70
:00406F28
8D4C243C lea ecx, dword
ptr [esp+3C]
:00406F2C 51
push ecx
:00406F2D 50
push eax
:00406F2E 8D542450
lea edx, dword ptr [esp+50]
:00406F32
B30C mov
bl, 0C
:00406F34 52
push edx
:00406F35 889C24A81F0000
mov byte ptr [esp+00001FA8], bl
:00406F3C E82FFCFFFF
call 00406B70
:00406F41 8D4C244C
lea ecx, dword ptr [esp+4C]
:00406F45
51 push
ecx
:00406F46 50
push eax
:00406F47 8D542440
lea edx, dword ptr [esp+40]
:00406F4B 52
push edx
:00406F4C
C68424B41F00000D mov byte ptr [esp+00001FB4], 0D
:00406F54
E817FCFFFF call 00406B70
====>把上面所取的数连接起来
:00406F59
8B00 mov
eax, dword ptr [eax]
====>EAX=37480
:00406F5B
50 push
eax
:00406F5C E8E4F20200 call
00436245
:00406F61 8BE8
mov ebp, eax
:00406F63 8B442448
mov eax, dword ptr [esp+48]
:00406F67 83C0F0
add eax, FFFFFFF0
:00406F6A
83C434 add esp,
00000034
:00406F6D 8D480C
lea ecx, dword ptr [eax+0C]
:00406F70 83CAFF
or edx, FFFFFFFF
:00406F73 F0
lock
:00406F74
0FC111 xadd dword
ptr [ecx], edx
:00406F77 4A
dec edx
:00406F78 85D2
test edx, edx
:00406F7A 7F08
jg 00406F84
:00406F7C
8B08 mov
ecx, dword ptr [eax]
:00406F7E 8B11
mov edx, dword ptr [ecx]
:00406F80 50
push eax
:00406F81
FF5204 call [edx+04]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406F7A(C)
|
:00406F84
8B442430 mov eax, dword
ptr [esp+30]
:00406F88 83C0F0
add eax, FFFFFFF0
:00406F8B 889C24841F0000
mov byte ptr [esp+00001F84], bl
:00406F92 8D480C
lea ecx, dword ptr [eax+0C]
:00406F95
83CAFF or edx, FFFFFFFF
:00406F98
F0 lock
:00406F99
0FC111 xadd dword
ptr [ecx], edx
:00406F9C 4A
dec edx
:00406F9D 85D2
test edx, edx
:00406F9F 7F08
jg 00406FA9
:00406FA1
8B08 mov
ecx, dword ptr [eax]
:00406FA3 8B11
mov edx, dword ptr [ecx]
:00406FA5 50
push eax
:00406FA6
FF5204 call [edx+04]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406F9F(C)
|
:00406FA9
8B442438 mov eax, dword
ptr [esp+38]
:00406FAD 83C0F0
add eax, FFFFFFF0
:00406FB0 C68424841F00000B
mov byte ptr [esp+00001F84], 0B
:00406FB8 8D480C
lea ecx, dword ptr [eax+0C]
:00406FBB
83CAFF or edx, FFFFFFFF
:00406FBE
F0 lock
:00406FBF
0FC111 xadd dword
ptr [ecx], edx
:00406FC2 4A
dec edx
:00406FC3 85D2
test edx, edx
:00406FC5 7F08
jg 00406FCF
:00406FC7
8B08 mov
ecx, dword ptr [eax]
:00406FC9 8B11
mov edx, dword ptr [ecx]
:00406FCB 50
push eax
:00406FCC
FF5204 call [edx+04]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406FC5(C)
|
:00406FCF
8B442434 mov eax, dword
ptr [esp+34]
:00406FD3 83C0F0
add eax, FFFFFFF0
:00406FD6 C68424841F000005
mov byte ptr [esp+00001F84], 05
:00406FDE 8D480C
lea ecx, dword ptr [eax+0C]
:00406FE1
83CAFF or edx, FFFFFFFF
:00406FE4
F0 lock
:00406FE5
0FC111 xadd dword
ptr [ecx], edx
:00406FE8 4A
dec edx
:00406FE9 85D2
test edx, edx
:00406FEB 7F08
jg 00406FF5
:00406FED
8B08 mov
ecx, dword ptr [eax]
:00406FEF 8B11
mov edx, dword ptr [ecx]
:00406FF1 50
push eax
:00406FF2
FF5204 call [edx+04]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406FEB(C)
|
:00406FF5
33FF xor
edi, edi
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00407024(C)
|
:00406FF7
8B5C242C mov ebx, dword
ptr [esp+2C]
====>6915 即26901入 EBX
:00406FFB
03DF add
ebx, edi
:00406FFD 53
push ebx
:00406FFE 8D442414
lea eax, dword ptr [esp+14]
:00407002 68F09A4600
push 00469AF0
:00407007 50
push
eax
:00407008 895C2438 mov
dword ptr [esp+38], ebx
:0040700C 895CBC48
mov dword ptr [esp+4*edi+48], ebx
:00407010 E83BFBFFFF
call 00406B50
:00407015 83C40C
add esp, 0000000C
:00407018
3BDD cmp
ebx, ebp
====>?EBX=6915(H),即:26901
====>?EBP=9268(H),即:37480
如果相同,则OK!呵呵,不同当然就OVER了!
:0040701A
0F841A010000 je 0040713A
====>不跳则OVER!
:00407020
47 inc
edi
:00407021 83FF01
cmp edi, 00000001
:00407024 72D1
jb 00406FF7
:00407026 6A10
push 00000010
:00407028 68049B4600
push 00469B04
:0040702D 68F49A4600
push 00469AF4
:00407032 6A00
push 00000000
*
Reference To: USER32.MessageBoxA, Ord:01DCh
|
:00407034
FF1520964600 Call dword ptr [00469620]
====>BAD BOY!
…… …… 省 略 …… ……
:0040716B
FF1520964600 Call dword ptr [00469620]
====>"感谢您选择了绝世好简历!"
————————————————————————————
【注册信息保存】:
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\CRF]
"MaxLog"="26901"
===>注册标志!删之则未注册!
"MinLog"="1026" ===>使用次数!如果是1036则到期!
—————————————————————————————
【总
结】:
注册码需要16位。程序取试炼码的第2、4、6、8、10位与26901相比,有一处不同就OVER了。所以,注册码格式为:X2X6X9X0X1XXXXXX
X可以是任意数字或字母!
一个可用注册码:1236495061567890
—————————————————————————————
Cracked By 巢水工作坊——fly【OCN】
21:23 03-2-26