软件名称:漂叶网吧管理系统
版 本:4.0
下载地址:http://go4.163.com/~piaoyes/
破解工具:softice for win95
破解过程:(第一次写心得,乱遭遭的,各位别笑)
运行该软件,注册,随便输入网吧名称:abcd及注册码:123456,按^D激活softice,下中断bpx hmemcpy,按F5返回,点注册,立即被中断,再bc
*,按12次F12和几次F10后,来到这里:
016F:00517733 MOV EAX,[EBP+FFFFFDF8]
016F:00517739 LEA EDX,[EBP+FFFFFDFC]
016F:0051773F CALL 004096D4
016F:00517744 MOV EAX,[EBP+FFFFFDFC]
016F:0051774A MOV ECX,09
016F:0051774F MOV EDX,0A
016F:00517754 CALL 00404134
016F:00517759 LEA EAX,[EBP-28]
016F:0051775C PUSH EAX
016F:0051775D LEA EDX,[EBP+FFFFFDF0]
016F:00517763 MOV EAX,[EBP-04]
016F:00517766 MOV EAX,[EAX+0314]
016F:0051776C CALL 00433E30
016F:00517771 MOV EAX,[EBP+FFFFFDF0]
016F:00517777 LEA EDX,[EBP+FFFFFDF4]
016F:0051777D CALL 004096D4
016F:00517782 MOV EAX,[EBP+FFFFFDF4]
016F:00517788 MOV ECX,08
016F:0051778D MOV EDX,01
016F:00517792 CALL 00404134
016F:00517797 LEA EDX,[EBP-08]
016F:0051779A MOV EAX,[EBP-34]
016F:0051779D CALL 00402C88
016F:005177A2 CMP DWORD [EBP-08],BYTE +00 ;检查注册码的格式是否合格
016F:005177A6 JZ 005177C2 ;是则跳过去
016F:005177A8 PUSH BYTE +00
016F:005177AA MOV CX,[00517E68]
016F:005177B1 XOR EDX,EDX
016F:005177B3 MOV EAX,00517E74
016F:005177B8 CALL 00457674 ;显示错误信息
016F:005177BD JMP 00517D86
结果由于输入的注册码格式不合而跳不过去,经分析它要求的格式是这样的:XXXXXXXX-XXXXXXXXX(其中的X为数字),于是重新输入注册码:12345678-987654321便可跳过这步,来到
016F:005177C2 MOV EAX,[EBP-34]
016F:005177C5 CALL 00409984
016F:005177CA MOV EBX,EAX
016F:005177CC MOV EAX,EBX
016F:005177CE MOV ECX,B5
016F:005177D3 CDQ
016F:005177D4 IDIV ECX
016F:005177D6 IMUL EAX,EAX,C4
016F:005177DC XOR EAX,025DAFF2
016F:005177E1 CDQ
016F:005177E2 XOR EAX,EDX
016F:005177E4 SUB EAX,EDX
016F:005177E6 ADD EAX,08392AF4
016F:005177EB MOV EBX,EAX
016F:005177ED LEA EAX,[EBP-0C]
016F:005177F0 PUSH EAX
016F:005177F1 LEA EDX,[EBP+FFFFFDEC]
016F:005177F7 MOV EAX,EBX
016F:005177F9 CALL 00409954
016F:005177FE MOV EAX,[EBP+FFFFFDEC]
016F:00517804 MOV ECX,08
016F:00517809 MOV EDX,01
016F:0051780E CALL 00404134
016F:00517813 LEA EAX,[EBP-10]
016F:00517816 MOV EDX,00517E94
016F:0051781B CALL 00403D44
016F:00517820 LEA EAX,[EBP-14]
016F:00517823 CALL 00403CAC
016F:00517828 MOV EBX,01
016F:0051782D LEA EAX,[EBP+FFFFFDE8]
016F:00517833 MOV EDX,[EBP-10]
016F:00517836 MOVZX EDX,BYTE [EDX+EBX-01]
016F:0051783B SUB EDX,BYTE +31
016F:0051783E MOV ECX,[EBP-0C]
016F:00517841 MOV DL,[ECX+EDX]
016F:00517844 CALL 00403E54
016F:00517849 MOV EDX,[EBP+FFFFFDE8]
016F:0051784F LEA EAX,[EBP-14]
016F:00517852 CALL 00403F34
016F:00517857 INC EBX
016F:00517858 CMP EBX,BYTE +09
016F:0051785B JNZ 0051782D
016F:0051785D MOV EAX,[EBP-14]
016F:00517860 MOV EDX,[EBP-28]
016F:00517863 CALL 0040403C ;在此处下中断,这个CALL是检查注册码的前8位与后9位之间的某种联系。
中断后,下命令d eax可见到“97641521”的字样,d edx则见到的是假注册码的前8位(即“12345678”),显然,如果注册码的前8位不是“97641521”的话,下一句就跳不过去而出错。
016F:00517868 JZ 00517884
016F:0051786A PUSH BYTE +00
016F:0051786C MOV CX,[00517E68]
016F:00517873 XOR EDX,EDX
016F:00517875 MOV EAX,00517EA8
016F:0051787A CALL 00457674 ;显示错误信息
016F:0051787F JMP 00517D86
重新输入注册码:97641521-987654321,则可来到
016F:00517884 LEA EDX,[EBP+FFFFFDE4]
016F:0051788A MOV EAX,[EBP-04]
016F:0051788D MOV EAX,[EAX+0304]
016F:00517893 CALL 00433E30
016F:00517898 MOV EAX,[EBP+FFFFFDE4]
016F:0051789E LEA EDX,[EBP-18]
016F:005178A1 CALL 004096D4
016F:005178A6 LEA EAX,[EBP-1C]
016F:005178A9 MOV EDX,00517EC8
016F:005178AE CALL 00403D44
016F:005178B3 MOV EAX,[00522408]
016F:005178B8 PUSH EAX
016F:005178B9 LEA EDX,[EBP+FFFFFDDC]
016F:005178BF MOV EAX,[EBP-04]
016F:005178C2 MOV EAX,[EAX+0314]
016F:005178C8 CALL 00433E30
016F:005178CD MOV EAX,[EBP+FFFFFDDC]
016F:005178D3 LEA EDX,[EBP+FFFFFDE0]
016F:005178D9 CALL 004096D4
016F:005178DE MOV EAX,[EBP+FFFFFDE0]
016F:005178E4 MOV ECX,03
016F:005178E9 MOV EDX,0A
016F:005178EE CALL 00404134
016F:005178F3 MOV ESI,01
016F:005178F8 MOV EDI,005556B5
016F:005178FD MOV EAX,[EBP-18]
016F:00517900 CALL 00403F2C
016F:00517905 MOV ECX,EAX
016F:00517907 TEST ECX,ECX
016F:00517909 JNG 00517932
016F:0051790B MOV EBX,01
016F:00517910 MOV EAX,[EBP-18]
016F:00517913 MOVZX EAX,BYTE [EAX+EBX-01]
016F:00517918 IMUL ESI
016F:0051791A ADD EAX,0F48
016F:0051791F CDQ
016F:00517920 XOR EAX,EDX
016F:00517922 SUB EAX,EDX
016F:00517924 MOV ESI,000F4240
016F:00517929 CDQ
016F:0051792A IDIV ESI
016F:0051792C MOV ESI,EDX
016F:0051792E INC EBX
016F:0051792F DEC ECX
016F:00517930 JNZ 00517910
016F:00517932 MOV EAX,[EBP-1C]
016F:00517935 CALL 00403F2C
016F:0051793A MOV ECX,EAX
016F:0051793C SUB ECX,BYTE +02
016F:0051793F JL 00517969
016F:00517941 INC ECX
016F:00517942 MOV EBX,02
016F:00517947 MOV EAX,[EBP-1C]
016F:0051794A MOVZX EAX,BYTE [EAX+EBX-01]
016F:0051794F IMUL ESI
016F:00517951 ADD EAX,0F83
016F:00517956 CDQ
016F:00517957 XOR EAX,EDX
016F:00517959 SUB EAX,EDX
016F:0051795B MOV ESI,000F4240
016F:00517960 CDQ
016F:00517961 IDIV ESI
016F:00517963 MOV ESI,EDX
016F:00517965 INC EBX
016F:00517966 DEC ECX
016F:00517967 JNZ 00517947
016F:00517969 MOV EAX,[EBP-18]
016F:0051796C CALL 00403F2C
016F:00517971 MOV EBX,EAX
016F:00517973 MOV EAX,[EBP-1C]
016F:00517976 CALL 00403F2C
016F:0051797B ADD EBX,EAX
016F:0051797D MOV EAX,EBX
016F:0051797F ADD EDI,ESI
016F:00517981 IMUL EDI
016F:00517983 CDQ
016F:00517984 XOR EAX,EDX
016F:00517986 SUB EAX,EDX
016F:00517988 ADD EAX,00A35B08
016F:0051798D MOV ESI,EAX
016F:0051798F LEA EAX,[EBP+FFFFFDD8]
016F:00517995 PUSH EAX
016F:00517996 LEA EDX,[EBP+FFFFFDD4]
016F:0051799C MOV EAX,ESI
016F:0051799E CALL 00409954
016F:005179A3 MOV EAX,[EBP+FFFFFDD4]
016F:005179A9 MOV ECX,06
016F:005179AE MOV EDX,01
016F:005179B3 CALL 00404134
016F:005179B8 MOV ECX,[EBP+FFFFFDD8]
016F:005179BE MOV EDX,[00522408]
016F:005179C4 MOV EDX,[EDX]
016F:005179C6 LEA EAX,[EBP-2C]
016F:005179C9 CALL 00403F78
016F:005179CE LEA EAX,[EBP+FFFFFDCC]
016F:005179D4 PUSH EAX
016F:005179D5 LEA EDX,[EBP+FFFFFDC8]
016F:005179DB MOV EAX,ESI
016F:005179DD CALL 00409954
016F:005179E2 MOV EAX,[EBP+FFFFFDC8]
016F:005179E8 MOV ECX,06
016F:005179ED MOV EDX,01
016F:005179F2 CALL 00404134
016F:005179F7 MOV ECX,[EBP+FFFFFDCC]
016F:005179FD MOV EDX,[00522408]
016F:00517A03 MOV EDX,[EDX]
016F:00517A05 LEA EAX,[EBP+FFFFFDD0]
016F:00517A0B CALL 00403F78
016F:00517A10 MOV EAX,[EBP+FFFFFDD0]
016F:00517A16 CALL 00409984
016F:00517A1B MOV ESI,EAX
016F:00517A1D MOV EAX,ESI
016F:00517A1F MOV ECX,B5
016F:00517A24 CDQ
016F:00517A25 IDIV ECX
016F:00517A27 IMUL EAX,EAX,C4
016F:00517A2D XOR EAX,025DAFF2
016F:00517A32 CDQ
016F:00517A33 XOR EAX,EDX
016F:00517A35 SUB EAX,EDX
016F:00517A37 ADD EAX,08392AF4
016F:00517A3C MOV ESI,EAX
016F:00517A3E LEA EAX,[EBP-18]
016F:00517A41 PUSH EAX
016F:00517A42 LEA EDX,[EBP+FFFFFDC4]
016F:00517A48 MOV EAX,ESI
016F:00517A4A CALL 00409954
016F:00517A4F MOV EAX,[EBP+FFFFFDC4]
016F:00517A55 MOV ECX,08
016F:00517A5A MOV EDX,01
016F:00517A5F CALL 00404134
016F:00517A64 LEA EAX,[EBP-1C]
016F:00517A67 MOV EDX,00517E94
016F:00517A6C CALL 00403D44
016F:00517A71 LEA EAX,[EBP-24]
016F:00517A74 CALL 00403CAC
016F:00517A79 MOV EBX,01
016F:00517A7E LEA EAX,[EBP+FFFFFDC0]
016F:00517A84 MOV EDX,[EBP-1C]
016F:00517A87 MOVZX EDX,BYTE [EDX+EBX-01]
016F:00517A8C SUB EDX,BYTE +31
016F:00517A8F MOV ECX,[EBP-18]
016F:00517A92 MOV DL,[ECX+EDX]
016F:00517A95 CALL 00403E54
016F:00517A9A MOV EDX,[EBP+FFFFFDC0]
016F:00517AA0 LEA EAX,[EBP-24]
016F:00517AA3 CALL 00403F34
016F:00517AA8 INC EBX
016F:00517AA9 CMP EBX,BYTE +09
016F:00517AAC JNZ 00517A7E
016F:00517AAE PUSH DWORD [EBP-24]
016F:00517AB1 PUSH DWORD 00517EDC
016F:00517AB6 PUSH DWORD [EBP-2C]
016F:00517AB9 LEA EAX,[EBP-20]
016F:00517ABC MOV EDX,03
016F:00517AC1 CALL 00403FEC
016F:00517AC6 LEA EAX,[EBP+FFFFFDBC]
016F:00517ACC PUSH EAX
016F:00517ACD LEA EDX,[EBP+FFFFFDB4]
016F:00517AD3 MOV EAX,[EBP-04]
016F:00517AD6 MOV EAX,[EAX+0314]
016F:00517ADC CALL 00433E30
016F:00517AE1 MOV EAX,[EBP+FFFFFDB4]
016F:00517AE7 LEA EDX,[EBP+FFFFFDB8]
016F:00517AED CALL 004096D4
016F:00517AF2 MOV EAX,[EBP+FFFFFDB8]
016F:00517AF8 MOV ECX,12
016F:00517AFD MOV EDX,01
016F:00517B02 CALL 00404134
016F:00517B07 MOV EDX,[EBP+FFFFFDBC]
016F:00517B0D MOV EAX,[EBP-20]
016F:00517B10 CALL 0040403C ;在此处下中断,再d eax即可见到真的注册码,至此破解完毕。
- 标 题:《漂叶网吧管理系统4.0》破解心得: (9千字)
- 作 者:小 明
- 时 间:2001-1-14 23:35:28
- 链 接:http://bbs.pediy.com