我马子今天生日!
正在纳闷送什么生日礼物的时候,忽然想起以前看见别人在网页上面弄一些很精彩的动态网页来表达...(好主意!)!
可是我好菜,不会搞那些,而且在网络上也没空间!打算用自己的机子做把,可惜是WIN ME(翻了再翻的版本),偶不知道怎么用WIN ME做服务器!(因为听说要WIN2000以上的版本才能做服务器!)
所以找到了这个东西来试调网页的效果(未注册只能用两个小时)!
可是弄了一天还不知道怎么用(观众狂喷...后问偶:"你小子连这个东西都不会用,那你是怎么学破解的?!")
唉...没办法,谁叫我菜啊,还是叫朋友帮忙做个生日礼物吧!
既然朋友帮忙做了,那我也不能闲着,所以操起家伙就干上了(嘿嘿...),结果见下面!
【软件名称】:LiteServe 2.1 汉化版
【下载页面】:我最敬佩的地方------汉化新世纪"http://www.hanzify.org/"
【软件大小】:482k
【应用平台】:WIN9X/WINNT/WIN2K/WINXP
【软件简介】: LiteServe 是一个全功能的网站架设工具软件包,内置有Web、FTP、Telnet and E-Mail等服务器,你可以容易地进行设置,方便初学者使用。
【软件限制】:只能运行两个小时!
【作者声明】:本人发表这篇文章只是为了学习!!!请不用于商业用途或是将本文方法制作的注册机任意传播,读者看了文章后所做的事情与我无关,我也不会负责,请读者看了文章后三思而后行!最后希望大家在经济基础好的时候,支持共享软件!
【破解工具】:W32Dasm PEiD Ollydbg.109en(现在正在学习用这个东东,可以边享受MP3边调!)
—————————————————————————————————
【过
程】:(我不写得太明白了,因为现在看帖的同志都是有功底的!)
先用PEiD侦察主程序liteserve.exe没有加壳(OHOH,除了我马子外,我爱死你了!),是用VC++写的!
那么就用W32Dasm反汇编,根据参考字串找到关键!
用Ollydbg加载,运行程序选择注册,输入用户名Yock[DFCG],注册码48484848
根据W32Dasm反汇编后得到的关键下断点,按注册拦下来到下面!
:00467EBE 8D55FC
lea edx, dword ptr [ebp-04]
:00467EC1 8B83EC010000
mov eax, dword ptr [ebx+000001EC]
:00467EC7 E87093FBFF
call 0042123C
:00467ECC
837DFC00 cmp dword ptr
[ebp-04], 00000000 \\是否有输入??!!
:00467ED0 0F8421010000
je 00467FF7
\\没有输入就跳下去死掉!OH 大便!
:00467ED6 8D55F8
lea edx, dword ptr
[ebp-08]
:00467ED9 8B83F0010000 mov
eax, dword ptr [ebx+000001F0]
:00467EDF E85893FBFF
call 0042123C
:00467EE4 837DF800
cmp dword ptr [ebp-08], 00000000
\\是否有输入??!!
:00467EE8 0F8409010000
je 00467FF7
\\没有输入就跳下去死掉!OH 大便!
:00467EEE 8D55F0
lea edx, dword ptr [ebp-10]
:00467EF1
8B83EC010000 mov eax, dword ptr
[ebx+000001EC]
:00467EF7 E84093FBFF
call 0042123C
\\这里是取用户名的位数!
:00467EFC 8B55F0
mov edx, dword ptr [ebp-10]
\\EDX是用户名
:00467EFF 8D4DF4
lea ecx, dword ptr [ebp-0C]
:00467F02 A180524A00
mov eax, dword ptr
[004A5280]
:00467F07 8B00
mov eax, dword ptr [eax]
:00467F09 E892B50000
call 004734A0
\\这里是算法CALL F7跟进去!
\\平时都是用trw2k
\\所以F8才是跟进去!
\\搞得我在这个地方连续5次按错了F8
\\好晕哦...
* Referenced by a (U)nconditional or (C)onditional Jump at
Address:
|:00467E94(C)
|
:00467F0E 8B45F4
mov eax, dword ptr [ebp-0C]
\\这里EAX是真注册码!
:00467F11 50
push eax
:00467F12 8D55F0
lea edx, dword ptr
[ebp-10]
:00467F15 8B83F0010000 mov
eax, dword ptr [ebx+000001F0]
:00467F1B E81C93FBFF
call 0042123C
\\这个CALL是取真注册码的位数的!
:00467F20 8B55F0
mov edx, dword ptr
[ebp-10] \\这里EDX是假注册码!
:00467F23 58
pop eax
\\这里EAX是真的注册码!
:00467F24 E833BFF9FF
call 00403E5C
\\比较CALL我就不分析了!
:00467F29 0F85C8000000
jne 00467FF7
\\跳走就死掉!OH 大便!
:00467F2F A180524A00
mov eax, dword ptr
[004A5280]
:00467F34 8B00
mov eax, dword ptr [eax]
:00467F36 8B80B0020000
mov eax, dword ptr [eax+000002B0]
:00467F3C
33D2 xor
edx, edx
:00467F3E E81D37FDFF
call 0043B660
:00467F43 A180524A00
mov eax, dword ptr [004A5280]
:00467F48 8B00
mov eax, dword ptr
[eax]
:00467F4A C680C607000001 mov byte ptr
[eax+000007C6], 01
:00467F51 8D55FC
lea edx, dword ptr [ebp-04]
:00467F54 8B83EC010000
mov eax, dword ptr [ebx+000001EC]
:00467F5A
E8DD92FBFF call
0042123C
:00467F5F 8B55FC
mov edx, dword ptr [ebp-04]
:00467F62 A180524A00
mov eax, dword ptr [004A5280]
:00467F67
8B00 mov
eax, dword ptr [eax]
:00467F69 05C8070000
add eax, 000007C8
:00467F6E E8B1BBF9FF
call 00403B24
:00467F73 A180524A00
mov eax, dword ptr [004A5280]
:00467F78
8B00 mov
eax, dword ptr [eax]
:00467F7A E849BD0000
call 00473CC8
* Possible StringData Ref from Code Obj ->"LiteServe ("
|
:00467F7F 684C804600
push 0046804C
:00467F84 A180524A00
mov eax, dword ptr [004A5280]
:00467F89 8B00
mov eax,
dword ptr [eax]
:00467F8B FFB0C8070000
push dword ptr [eax+000007C8]
:00467F91 6860804600
push 00468060
:00467F96 8D45F4
lea eax, dword ptr
[ebp-0C]
:00467F99 BA03000000
mov edx, 00000003
:00467F9E E869BEF9FF
call 00403E0C
:00467FA3 8B55F4
mov edx, dword ptr
[ebp-0C]
:00467FA6 A180524A00
mov eax, dword ptr [004A5280]
:00467FAB 8B00
mov eax, dword ptr
[eax]
:00467FAD E8BA92FBFF
call 0042126C
:00467FB2 A180524A00
mov eax, dword ptr [004A5280]
:00467FB7 8B00
mov eax, dword ptr
[eax]
:00467FB9 8B80DC010000 mov
eax, dword ptr [eax+000001DC]
:00467FBF 8B4024
mov eax, dword ptr [eax+24]
:00467FC2
BA03000000 mov edx,
00000003
:00467FC7 E8300CFCFF
call 00428BFC
:00467FCC BA03000000
mov edx, 00000003
:00467FD1 E86E0EFCFF
call 00428E44
:00467FD6 6A00
push 00000000
:00467FD8
668B0D64804600 mov cx, word ptr
[00468064]
:00467FDF B202
mov dl, 02
* Possible StringData Ref from Code Obj ->"LiteServe 被成功注册! =D
谢谢!"
|
:00467FE1 B870804600
mov eax, 00468070
:00467FE6
E80553FDFF call
0043D2F0
:00467FEB C7835001000001000000 mov dword ptr
[ebx+00000150], 00000001
:00467FF5 EB15
jmp 0046800C
* Referenced by a (U)nconditional or (C)onditional Jump at
Addresses:
|:00467ED0(C), :00467EE8(C), :00467F29(C)
|
:00467FF7 6A00
push
00000000
:00467FF9 668B0D64804600 mov cx,
word ptr [00468064]
:00468000 B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"用户名和注册码不匹配!
请重试 "
->"
"\\这里就是大便!!!!好臭...
|
:00468002 B8B0804600
mov eax, 004680B0
:00468007 E8E452FDFF
call
0043D2F0
------------------------------------------------------------------
*
Referenced by a CALL at Addresses:\\上面的算法CALL F7后来到这里!关键哦!
|:00467F09
, :004743DD , :004752D0
|
:004734A0 55
push ebp
:004734A1
8BEC mov
ebp, esp
:004734A3 6A00
push 00000000
:004734A5 6A00
push 00000000
:004734A7 6A00
push
00000000
:004734A9 53
push ebx
:004734AA 56
push esi
:004734AB 8BF1
mov esi,
ecx
:004734AD 8955FC
mov dword ptr [ebp-04], edx
:004734B0 8B45FC
mov eax, dword ptr [ebp-04]
\\eax是用户名!
:004734B3 E8480AF9FF
call 00403F00
\\这个CALL搞不懂是什么意思!
:004734B8 33C0
xor eax, eax
:004734BA 55
push
ebp
:004734BB 685C354700 push
0047355C
:004734C0 64FF30
push dword ptr fs:[eax]
:004734C3 648920
mov dword ptr fs:[eax],
esp
:004734C6 837DFC00
cmp dword ptr [ebp-04], 00000000\\搞不懂是什么意思!好晕...
:004734CA 7509
jne 004734D5
\\一定要跳走,不跳就踩屎!OH 大便
:004734CC 8BC6
mov eax, esi
:004734CE E8FD05F9FF
call 00403AD0
:004734D3 EB6C
jmp 00473541
* Referenced by a (U)nconditional or (C)onditional Jump at
Address:
|:004734CA(C)
|
:004734D5 8D45F8
lea eax, dword ptr [ebp-08]
\\上面跳到这里!
* Possible StringData Ref from Code Obj ->"cmfrewlzd00d=)uNFuNF"
|
:004734D8 BA74354700
mov edx, 00473574
\\这个东西应该是密匙!
* Referenced by a (U)nconditional or (C)onditional Jump at
Address:
|:00473476(C)
|
:004734DD E88606F9FF
call 00403B68
\\跟进去后我发现什么是大便!
\\超级多地方跳到00403B68了!所以我也不懂这个是什么意思!
:004734E2 BB01000000
mov ebx, 00000001
\\赋值EBX=1
* Referenced by a (U)nconditional or (C)onditional Jump at
Address:
|:00473535(C)
\\这里开始是把用户名和密匙生成真注册码的!
|
:004734E7 8B45FC
mov eax, dword ptr
[ebp-04] \\这里是用户名!
:004734EA E85D08F9FF
call 00403D4C
\\跟进去就看见大便!
\\超级多地方跳到00403D4C了!但好像是取用户名位数的!
:004734EF 50
push eax
:004734F0
8BC3 mov
eax, ebx
\\EBX=EAX=1
:004734F2 48
dec eax
\\减一
:004734F3 5A
pop edx
\\用户名的位数!
:004734F4 8BCA
mov ecx, edx
\\EDX=ECX
:004734F6 99
cdq
:004734F7 F7F9
idiv
ecx
:004734F9 8B45FC
mov eax, dword ptr [ebp-04] \\这里EAX是用户名
:004734FC 8A0410
mov al, byte ptr
[eax+edx]
:004734FF 8B55F8
mov edx, dword ptr [ebp-08]
\\EDX="cmfrewlzd00d=)uNFuNF"
\\是上面说的密匙了!
:00473502 8A541AFF
mov dl, byte ptr
[edx+ebx-01]
:00473506 32C2
xor al, dl
\\异或
:00473508 25FF000000
and eax, 000000FF
\\嘿嘿,这样EAX就剩下异或后AL的值了!
\\1.EAX=3A(十六进制)
\\2.EAX=2
\\3.EAX=5
\\4.EAX=19
\\5.EAX=3E
\\6.EAX=33
\\7.EAX=2A
\\8.EAX=39
\\9.EAX=23
\\10.EAX=6D
\\11.EAX=69
\\12.EAX=B
\\13.EAX=5E
\\14.EAX=42
\\15.EAX=2E
\\16.EAX=A
\\17.EAX=0
\\18.EAX=36
\\19.EAX=9
\\20.EAX=1B
:0047350D 8D55F4
lea edx, dword ptr [ebp-0C]
\\第一次,这个地址是空的!在第二次来到这我才知道是什么意思!
\\1.EDX=00
\\2.EDX指向地址的值组成的字符指向内存的ASCII码为35 38
\\3.EDX指向地址的值组成的字符指向内存的ASCII码为32
\\4.EDX指向地址的值组成的字符指向内存的ASCII码为35
\\5.EDX指向地址的值组成的字符指向内存的ASCII码为32 35
\\6.EDX指向地址的值组成的字符指向内存的ASCII码为36 32
\\7.EDX指向地址的值组成的字符指向内存的ASCII码为35 31
\\8.EDX指向地址的值组成的字符指向内存的ASCII码为34 32
\\9.EDX指向地址的值组成的字符指向内存的ASCII码为35 37
\\10.EDX指向地址的值组成的字符指向内存的ASCII码为33 35
\\11.EDX指向地址的值组成的字符指向内存的ASCII码为31 30 39
\\12.EDX指向地址的值组成的字符指向内存的ASCII码为31 30 35
\\13.EDX指向地址的值组成的字符指向内存的ASCII码为31 31
\\14.EDX指向地址的值组成的字符指向内存的ASCII码为39 34
\\15.EDX指向地址的值组成的字符指向内存的ASCII码为36 36
\\16.EDX指向地址的值组成的字符指向内存的ASCII码为34 36
\\17.EDX指向地址的值组成的字符指向内存的ASCII码为31 30
\\18.EDX指向地址的值组成的字符指向内存的ASCII码为30
\\19.EDX指向地址的值组成的字符指向内存的ASCII码为35 34
\\20.EDX指向地址的值组成的字符指向内存的ASCII码为33 39
:00473510 E81345F9FF call
00407A28
\\我跟进去后再次看见臭臭,好晕..
:00473515 8B45F4
mov eax, dword ptr [ebp-0C]
\\1.EAX=35 38 (ASCII)
\\2.EAX=32
\\3.EAX=35
\\4.EAX=32
35
\\5.EAX=36 32
\\6.EAX=35 31
\\7.EAX=34 32
\\8.EAX=35
37
\\9.EAX=33 35
\\10.EAX=31 30 39
\\11.EAX=31 30 35
\\12.EAX=31 31
\\13.EAX=39 34
\\14.EAX=36 36
\\15.EAX=34 36
\\16.EAX=31 30
\\17.EAX=30
\\18.EAX=35 34
\\19.EAX=39
\\20.EAX=32 37
:00473518 E82F08F9FF call
00403D4C
\\这里是取得EAX位数的!
:0047351D 8B55F4
mov edx, dword ptr [ebp-0C]
\\1.EDX=35 38 (ASCII)
\\2.EDX=32
\\3.EDX=35
\\4.EDX=32
35
\\5.EDX=36 32
\\6.EDX=35 31
\\7.EDX=34 32
\\8.EDX=35
37
\\9.EDX=33 35
\\10.EDX=31 30 39
\\11.EDX=31 30 35
\\12.EDX=31 31
\\13.EDX=39 34
\\14.EDX=36 36
\\15.EDX=34 36
\\16.EDX=31 30
\\17.EDX=30
\\18.EDX=35 34
\\19.EDX=39
\\20.EDX=32 37
:00473520 FF7402FF
push [edx+eax-01]
\\1.这里是把38(ASCII)压栈
\\2.这里是把32(ASCII)压栈
\\3.这里是把35(ASCII)压栈
\\4.这里是把35(ASCII)压栈
\\5.这里是把32(ASCII)压栈
\\6.这里是把31(ASCII)压栈
\\7.这里是把32(ASCII)压栈
\\8.这里是把37(ASCII)压栈
\\9.这里是把35(ASCII)压栈
\\10.这里是把39(ASCII)压栈
\\11.这里是把35(ASCII)压栈
\\12.这里是把31(ASCII)压栈
\\13.这里是把34(ASCII)压栈
\\14.这里是把36(ASCII)压栈
\\15.这里是把36(ASCII)压栈
\\16.这里是把30(ASCII)压栈
\\17.这里是把30(ASCII)压栈
\\18.这里是把34(ASCII)压栈
\\19.这里是把39(ASCII)压栈
\\20.这里是把37(ASCII)压栈
:00473524 8D45F8
lea eax, dword ptr [ebp-08]
:00473527 E8F009F9FF
call 00403F1C
:0047352C 5A
pop edx
:0047352D
885418FF mov byte ptr
[eax+ebx-01], dl
\\注意,这里EAX第一次是"cmfrewlzd00d=)uNFuNF"
\\1.DL=38是第一位真码的ASCII
\\2.DL=32
\\3.DL=35
\\4.DL=35
\\5.DL=32
\\6.DL=31
\\7.DL=32
\\8.DL=37
\\9.DL=35
\\10.DL=39
\\11.DL=35
\\12.DL=31
\\13.DL=34
\\14.DL=36
\\15.DL=36
\\16.DL=30
\\17.DL=30
\\18.DL=34
\\19.DL=39
\\20.DL=37
:00473531 43
inc ebx
\\加一,计数器!
:00473532 83FB15
cmp ebx, 00000015
\\我"烤",还要循环19次,狂晕中...
\\这不摆明杀人嘛!
:00473535 75B0
jne
004734E7
\\跳回去继续计算!我日!
:00473537 8BC6
mov eax, esi
:00473539 8B55F8
mov edx, dword ptr
[ebp-08]
:0047353C E82706F9FF
call 00403B68
* Referenced by a (U)nconditional or (C)onditional Jump at
Address:
|:004734D3(U)
|
:00473541 33C0
xor eax, eax
:00473543 5A
pop
edx
:00473544 59
pop ecx
:00473545 59
pop ecx
:00473546 648910
mov dword ptr fs:[eax],
edx
:00473549 6863354700 push
00473563
* Referenced by a (U)nconditional or (C)onditional Jump at
Address:
|:00473561(U)
|
:0047354E 8D45F4
lea eax, dword ptr [ebp-0C]
:00473551
BA03000000 mov edx,
00000003
:00473556 E89905F9FF
call 00403AF4
:0047355B C3
ret
------------------------------------------------------------------
【总
结】:
一组可以用的注册码:
用户名:Yock[DFCG]
注册码:82552127595146600497
这个程序本身就是注册机!
方法,打开同目录下的options.ini文件(如果没有的话,就运行主程序再退出就可以找到options.ini了!),找到这一行:
......
......
[reg]
\\就是这里了!
key=
\\这里不用填!
name=
\\在这里填上你的名字!
......
......
然后保存!现在你运行程序看看是不是提示要你注册啊??!!!
不要理它,退出来再运行一次看看!(嘿嘿,太阳下山了...)
------------------------------------------------------------------
由于我语文差,这个程序的文字算法分析得很烂,上面得分析过程要是有人看得懂得话,而且能表达出来得话,希望您能大方得把它帖出来,万分感激!
由于忙着筹办,所以到现在才把这篇笔记写完!
最后在这里真心感谢你花了那么多时间看这篇文章!谢谢了...
2003.05.23凌晨于清远