http://newhua.xingtai.net/down/winimp111-32.exe
winimp1.11注册码破解
WINIMP是一个压缩软件,同等条件下其压缩率远高于WINZIP,是我的新爱。
因为在最新的番外地3。6注册码查询系统中winimp只有0。99版的,不能用,所以就自己破了。
在HELP中可以输入注册码。
首先随便输入一个号码,得到告示“the keys do not match the names...”,再用W32DASM反汇编,从STRING
DATA REFERENCE中找到
:004260B5 81FA00000001 cmp edx, 01000000
:004260BB 7216 jb 004260D3
:004260BD 3D00000001 cmp eax, 01000000
:004260C2 720F jb 004260D3
:004260C4 89D0 mov eax, edx
:004260C6 8B55F8 mov edx, dword ptr [ebp-08]
:004260C9 E8D9010000 call 004262A7
:004260CE 3B45FC cmp eax, dword ptr [ebp-04]
:004260D1 7418 je 004260EB
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004260BB(C), :004260C2(C)
|
:004260D3 6A30 push 00000030
* Possible StringData Ref from Data Obj ->"WinImp"
|
:004260D5 6830D24400 push 0044D230
* Possible StringData Ref from Data Obj ->"The keys do not match the name.
"
->"Please check
your registration "
->"details
and try again."
|
:004260DA 6828CC4400 push 0044CC28
:004260DF 56 push esi
* Reference To: USER32.MessageBoxA, Ord:0048h
|
:004260E0 2EFF150CD84300 Call dword ptr cs:[0043D80C]
:004260E7 31C0 xor eax, eax
:004260E9 EB68 jmp 00426153
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004260D1(C)
|
:004260EB BB603C4500 mov ebx, 00453C60
向上看,
1、:004260B5 cmp edx, 01000000 <--edx为key1,必须大于等于01000000
:004260BB jb 004260D3
2、:004260BD cmp eax, 01000000 <--eax为key2,也必须大于等于01000000
:004260C2 jb 004260D3
3、:004260CE cmp eax, dword ptr [ebp-04] <--相等就注册成功
:004260D1 je 004260EB
所以要追入:004260C9 call 004262A7
遗憾的是,其中的计算很烦,不能搞懂,但是我发现在
:004260CE cmp eax, dword ptr [ebp-04],只要用户名,key1固定,key2值的变化只是影响到eax的变化,且各个数位之间是对应的,所以可以用断点bpx
004260CE,通过改变key2值来猜。
4、结果
name: xixiaolou [CCG]
key1: 10000000
key2: 3e64a67e