http://sq.k12.com.cn/~ccbridge/content/CCBridge.exe
- 标 题:我想破解象棋桥这个软件,请各位大侠给点提示好吗?谢谢(内有下载地址) (51字)
- 作 者:copyyour
- 时 间:2000-8-11 10:57:20
- 链 接:http://bbs.pediy.com
http://sq.k12.com.cn/~ccbridge/content/CCBridge.exe
象棋桥V1.2破解实录
今天闲着没事,所以就把这个破解整理出来了,希望大家不要笑我,毕竟写破文要比我破这个软件的时间多。惹有不对请指正。
使用工具:TRW1.22
级别:简单(适合初学者)
保护型式:序列号
下载地址:URL http://sq.k12.com.cn/~ccbridge/content/CCBridge.exe
启动象棋桥V1.2找到输入注册码的对话框,输入以下内容
用户姓名:badni
用户公司:badni
注册密码:78787878
启动TRW1.22 按Ctrl+N 下命令:bpx hmemcpy
按F5返回,按注册确定,TRW1.22蹦出
bc * (清除断点)
pmodule (回到程序的领空)哇!这个命令很好用耶。不象ICE那么麻烦
紧接着按F12 N次(当然是失败的前一次,记不清了,好象是66次,小心F12要坏哦!!!)
再按F10来到如下地址:
0167:004561C9 A1B4A24500 MOV EAX,[0045A2B4]
0167:004561CE 8B80D4020000 MOV EAX,[EAX+02D4]
0167:004561D4 83780C01 CMP DWORD
[EAX+0C],BYTE +01
0167:004561D8 0F85E3010000 JNZ NEAR 004563C1
0167:004561DE 8D55F4 LEA
EDX,[EBP-0C]
0167:004561E1 A1B4A24500 MOV EAX,[0045A2B4]
0167:004561E6 8B80DC020000 MOV EAX,[EAX+02DC]
0167:004561EC E8F329FDFF CALL 00428BE4
0167:004561F1 8B45F4 MOV
EAX,[EBP-0C]
0167:004561F4 8D55F8 LEA
EDX,[EBP-08]
0167:004561F7 E8F017FBFF CALL 004079EC
0167:004561FC C645FF00 MOV BYTE
[EBP-01],00
0167:00456200 B301 MOV
BL,01
0167:00456202 BEDCC84500 MOV ESI,0045C8DC
0167:00456207 8D45F0 LEA
EAX,[EBP-10]
0167:0045620A 8BD6 MOV
EDX,ESI-------d edx可以看到九组正确的注册码
0167:0045620C E8B3D9FAFF CALL 00403BC4
0167:00456211 8B55F0 MOV
EDX,[EBP-10]
0167:00456214 8B45F8 MOV
EAX,[EBP-08]
0167:00456217 E814DBFAFF CALL 00403D30------注册码比较的CALL可以追进去看一下
0167:0045621C 7503 JNZ
00456221
0167:0045621E 885DFF MOV
[EBP-01],BL
0167:00456221 43 INC
EBX
0167:00456222 83C609 ADD
ESI,BYTE +09
0167:00456225 80FB0A CMP
BL,0A
0167:00456228 75DD JNZ
00456207
0167:0045622A 8B45F8 MOV
EAX,[EBP-08]
0167:0045622D E8EED9FAFF CALL 00403C20
0167:00456232 83F80C CMP
EAX,BYTE +0C
0167:00456235 7530 JNZ
00456267
0167:00456237 8B45F8 MOV
EAX,[EBP-08]
0167:0045623A 803843 CMP
BYTE [EAX],43
0167:0045623D 7528 JNZ
00456267
0167:0045623F 8B45F8 MOV
EAX,[EBP-08]
0167:00456242 80780143 CMP BYTE
[EAX+01],43
0167:00456246 751F JNZ
00456267
0167:00456248 8B45F8 MOV
EAX,[EBP-08]
0167:0045624B 80780242 CMP BYTE
[EAX+02],42
0167:0045624F 7516 JNZ
00456267
0167:00456251 8B45F8 MOV
EAX,[EBP-08]
0167:00456254 80780331 CMP BYTE
[EAX+03],31
0167:00456258 750D JNZ
00456267
0167:0045625A 8B45F8 MOV
EAX,[EBP-08]
0167:0045625D 80780432 CMP BYTE
[EAX+04],32
0167:00456261 7504 JNZ
00456267
0167:00456263 C645FF0A MOV BYTE
[EBP-01],0A
0167:00456267 807DFF00 CMP BYTE
[EBP-01],00
0167:0045626B 0F8438010000 JZ NEAR 004563A9----跳到注册失败的地方,故这里不能跳哦!!!
0167:00456271 B201 MOV
DL,01
0167:00456273 A178354500 MOV EAX,[00453578]
0167:00456278 E83BD4FFFF CALL 004536B8
0167:0045627D 8BD8 MOV
EBX,EAX
0167:0045627F BA01000080 MOV EDX,80000001
0167:00456284 8BC3 MOV
EAX,EBX
0167:00456286 E8C5D4FFFF CALL 00453750
0167:0045628B B101 MOV
CL,01
0167:0045628D BA00644500 MOV EDX,00456400
0167:00456292 8BC3 MOV
EAX,EBX
0167:00456294 E81BD5FFFF CALL 004537B4
0167:00456299 8B4DF8 MOV
ECX,[EBP-08]
0167:0045629C BA2C644500 MOV EDX,0045642C
0167:004562A1 8BC3 MOV
EAX,EBX
0167:004562A3 E8A8D6FFFF CALL 00453950
0167:004562A8 8D55F4 LEA
EDX,[EBP-0C]
0167:004562AB A1B4A24500 MOV EAX,[0045A2B4]
0167:004562B0 8B80CC020000 MOV EAX,[EAX+02CC]
0167:004562B6 E82929FDFF CALL 00428BE4
0167:004562BB 8B4DF4 MOV
ECX,[EBP-0C]
0167:004562BE BA44644500 MOV EDX,00456444
0167:004562C3 8BC3 MOV
EAX,EBX
0167:004562C5 E886D6FFFF CALL 00453950
0167:004562CA 8D55F4 LEA
EDX,[EBP-0C]
0167:004562CD A1B4A24500 MOV EAX,[0045A2B4]
0167:004562D2 8B80D0020000 MOV EAX,[EAX+02D0]
0167:004562D8 E80729FDFF CALL 00428BE4
0167:004562DD 8B4DF4 MOV
ECX,[EBP-0C]
0167:004562E0 BA54644500 MOV EDX,00456454
0167:004562E5 8BC3 MOV
EAX,EBX
0167:004562E7 E864D6FFFF CALL 00453950
0167:004562EC 8BC3 MOV
EAX,EBX
0167:004562EE E82DD4FFFF CALL 00453720
0167:004562F3 8BC3 MOV
EAX,EBX
0167:004562F5 E80ACBFAFF CALL 00402E04
0167:004562FA C605C5C8450001 MOV BYTE [0045C8C5],01
0167:00456301 C605C6C8450000 MOV BYTE [0045C8C6],00
0167:00456308 8D55F4 LEA
EDX,[EBP-0C]
0167:0045630B A1B4A24500 MOV EAX,[0045A2B4]
0167:00456310 8B80CC020000 MOV EAX,[EAX+02CC]
0167:00456316 E8C928FDFF CALL 00428BE4
0167:0045631B 8B55F4 MOV
EDX,[EBP-0C]
0167:0045631E B8C8C84500 MOV EAX,0045C8C8
0167:00456323 E8D0D6FAFF CALL 004039F8
0167:00456328 8D55F4 LEA
EDX,[EBP-0C]
0167:0045632B A1B4A24500 MOV EAX,[0045A2B4]
0167:00456330 8B80D0020000 MOV EAX,[EAX+02D0]
0167:00456336 E8A928FDFF CALL 00428BE4
0167:0045633B 8B55F4 MOV
EDX,[EBP-0C]
0167:0045633E B8CCC84500 MOV EAX,0045C8CC
0167:00456343 E8B0D6FAFF CALL 004039F8
0167:00456348 8B87EC030000 MOV EAX,[EDI+03EC]
0167:0045634E 33D2 XOR
EDX,EDX
0167:00456350 E81F1CFEFF CALL 00437F74
0167:00456355 8B87F0030000 MOV EAX,[EDI+03F0]
0167:0045635B 33D2 XOR
EDX,EDX
0167:0045635D E8121CFEFF CALL 00437F74
0167:00456362 8B87F4030000 MOV EAX,[EDI+03F4]
0167:00456368 33D2 XOR
EDX,EDX
0167:0045636A E88D27FDFF CALL 00428AFC
0167:0045636F A1107F4500 MOV EAX,[00457F10]
0167:00456374 8B00 MOV
EAX,[EAX]
0167:00456376 BA64644500 MOV EDX,00456464
0167:0045637B E810E7FEFF CALL 00444A90
0167:00456380 BA64644500 MOV EDX,00456464
0167:00456385 A1A4A24500 MOV EAX,[0045A2A4]
0167:0045638A E88528FDFF CALL 00428C14
0167:0045638F 6A30 PUSH
BYTE +30
0167:00456391 B970644500 MOV ECX,00456470
0167:00456396 BA7C644500 MOV EDX,0045647C
0167:0045639B A1107F4500 MOV EAX,[00457F10]
0167:004563A0 8B00 MOV
EAX,[EAX]
0167:004563A2 E885ECFEFF CALL 0044502C----这里是什么?当然是注册成功的CALL了。
0167:004563A7 EB18 JMP
SHORT 004563C1
0167:004563A9 6A30 PUSH
BYTE +30
0167:004563AB B9A8644500 MOV ECX,004564A8
0167:004563B0 BAB4644500 MOV EDX,004564B4
0167:004563B5 A1107F4500 MOV EAX,[00457F10]
0167:004563BA 8B00 MOV
EAX,[EAX]
0167:004563BC E86BECFEFF CALL 0044502C-------注册失败的CALL
0167:004563C1 33C0 XOR
EAX,EAX
0167:004563C3 5A POP
EDX
0167:004563C4 59 POP
ECX
0167:004563C5 59 POP
ECX
0167:004563C6 648910 MOV
[FS:EAX],EDX
0167:004563C9 68EE634500 PUSH DWORD 004563EE
0167:004563CE 8D45F0 LEA
EAX,[EBP-10]
0167:004563D1 E8CED5FAFF CALL 004039A4
0167:004563D6 8D45F4 LEA
EAX,[EBP-0C]
0167:004563D9 E8C6D5FAFF CALL 004039A4
0167:004563DE 8D45F8 LEA
EAX,[EBP-08]
0167:004563E1 E8BED5FAFF CALL 004039A4
0167:004563E6 C3 RET
整理一下我们可以得到九组正确的注册码:
13258732
22125963
37844622
45742971
58596433
65579812
74699281
85134762
97415633
所以你只要填入任何一组注册码即可注册成功!注册成功已否与用户姓名和用户公司没有关系,简单吧!
用户姓名:badni
用户公司:badni
注册密码:13258732
注册成功!嘻嘻,真有意思!该软件有两种注册方法,另外一种留给你去思考。
bandi整理于2000/08/13