EXEscope 6.0
同5版本的注册没有大的改变
设断点bpx hmemcpy,中断后按F12键12次,再按F10键若干次,可找到:
:004807D1 E85A790000 call 00488130
:004807D6 84C0
test al, al
:004807D8 0F848D000000 je 0048086B
追入test上面的CALL
* Referenced by a CALL at Addresses:
|:004807D1 , :00487FE3
|
:00488130 55
push ebp
:00488131 8BEC
mov ebp, esp
:00488133 51
push ecx
:00488134 53
push ebx
:00488135 8955FC
mov dword ptr [ebp-04], edx
:00488138 8B45FC
mov eax, dword ptr [ebp-04]
:0048813B E8F0BBF7FF call 00403D30
:00488140 33C0
xor eax, eax
:00488142 55
push ebp
:00488143 68B2814800 push 004881B2
:00488148 64FF30
push dword ptr fs:[eax]
:0048814B 648920
mov dword ptr fs:[eax], esp
:0048814E 33DB
xor ebx, ebx
:00488150 8B45FC
mov eax, dword ptr [ebp-04]
:00488153 E824BAF7FF call 00403B7C
:00488158 83F80A
cmp eax, 0000000A<----输入码是否为10位
:0048815B 753F
jne 0048819C
:0048815D 8B55FC
mov edx, dword ptr [ebp-04]
* Possible StringData Ref from Code Obj ->"A1910"
|
:00488160 B8C8814800 mov eax,
004881C8
:00488165 E89EBCF7FF call 00403E08<----搜索输入码中有无(A1910应为开头5位)
:0048816A 48
dec eax
:0048816B 7410
je 0048817D<----转到下面继续比较,否则试第二组注册码
:0048816D 8B55FC
mov edx, dword ptr [ebp-04]
* Possible StringData Ref from Code Obj ->"A1423"
|
:00488170 B8D8814800 mov eax,
004881D8
:00488175 E88EBCF7FF call 00403E08<----搜索输入码中有无A1423(A1423应为开头5位)
:0048817A 48
dec eax
:0048817B 751F
jne 0048819C<----出错信息
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048816B(C)
|
:0048817D 8B45FC
mov eax, dword ptr [ebp-04]
:00488180 0FB64008 movzx
eax, byte ptr [eax+08]<----取输入码第9位
:00488184 8B55FC
mov edx, dword ptr [ebp-04]
:00488187 0FB65209 movzx
edx, byte ptr [edx+09]<----取输入码第10位
:0048818B 03C2
add eax, edx
:0048818D B90A000000 mov ecx,
0000000A
:00488192 99
cdq
:00488193 F7F9
idiv ecx
:00488195 83FA04
cmp edx, 00000004<----判断余数是否为4
:00488198 7502
jne 0048819C
:0048819A B301
mov bl, 01<----正确标志
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0048815B(C), :0048817B(C), :00488198(C)
|
:0048819C 33C0
xor eax, eax
:0048819E 5A
pop edx
:0048819F 59
pop ecx
:004881A0 59
pop ecx
:004881A1 648910
mov dword ptr fs:[eax], edx
:004881A4 68B9814800 push 004881B9
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004881B7(U)
|
:004881A9 8D45FC
lea eax, dword ptr [ebp-04]
:004881AC E84FB7F7FF call 00403900
:004881B1 C3
ret
:004881B2 E9D1B1F7FF jmp 00403388
:004881B7 EBF0
jmp 004881A9
:004881B9 8BC3
mov eax, ebx<----标志转移
:004881BB 5B
pop ebx
:004881BC 59
pop ecx
:004881BD 5D
pop ebp
:004881BE C3
ret
其中一个:A191012344
- 标 题:exescope6.0 (3千字)
- 作 者:liutong
- 时 间:2000-7-13 22:41:35
- 链 接:http://bbs.pediy.com