软件名称:B-Jigsaw
整理日期:2001.1.21
最新版本:6.02
文件大小:1394KB
软件授权:共享软件
使用平台:Win95/98/NT
发布公司:Home Page
软件下载:http://www.newhua.com/BJigsaw.htm
软件简介:
一流的拼图游戏,支持用BMP、JPG格式的图片创建拼图,并能生成锯齿状拼图。
我为何要破解这个软件,说来话长,唉!都是怪自己不好,在前些日子将MM气哭了,总得要想点办法来哄哄她笑呀,希望她不要再生我的气了
由于这个软件没有注册的时候,拼好的图像有几个大字写着“你还没有注册”,看来看去总觉得不顺眼,有的瑕疵东西又怎么能给自己心爱的MM呢
于是就有想破解这个软件的念头了,但我的汇编语言基础这么差,只能怪自己读书时没有好好学好这门了,呜呼~~~~~~~~~~~
没有办法还是试试吧!日后要多来论坛里逛逛了,大虾们可要多多指导我这只小菜鸟呀!
我很菜,可能下面会有很多错漏的地方,希望各位指正
在没有注册这个软件的时候,它首先会跳出一个要求你注册的画面和告诉你这个软件还有多少天的试用时间等
我猜想这个软件,应该是在一开始运行的时候,就比较WINDOWS注册表里某个地方,查这个软件是否注册,如果没有注册的话,就会跳出那个
窗口,否则XXXXXXXXXX,但自己没有注册表分析软件呀,于是按了一下那个注册按钮,看到有USER NAME和REGISTRATION CODEG两个输入地方,看来
这个软件是围绕注册名来计算注册码的,在那两个输入的地方乱输入几个数字,按OK钮后跳出INVALID USER NAME ORREGISTRATION CODE,
马上想起用暴力破解的方法,记下INVALID USER NAME ORREGISTRATION CODE,用反汇编工具W32dsm89载入后按STRING DATA REFERENCES找INVALID USER NAME ORREGISTRATION CODE
,这是怎么搞的,没有这些字符呀,难道给X了,这下可难倒我了,我还打算把它反汇编出来后找那跳出的INVALID USER NAME ORREGISTRATION CODE来看看它附近哪个地方能改呢.
看来今次HIEW要“下岗”了。还是用SOFTICE4.5吧
1)在注册窗口中的USER NAME输入: LINUX
REGISTRATION CODE输入:12345678
2)按CTRL-D呼叫出SOFTICE,然后下中断指令HMEMCPY回车后,按F5返回注册程式,按下注册窗中的"OK"按钮.
3)下BD*指令
4)一直按F12,到了第13下跳出INVALID USER NAME ORREGISTRATION CODE注册失败窗口,计算注册码的地方应在上面
5)重复上面1-3步,按12下F12来到这里
* Possible StringData Ref from Data Obj ->"@驞"
|
:0040F300 A170024A00 mov eax,
dword ptr [004A0270]
:0040F305 E8CE2A0000 call
00411DD8
:0040F30A 8BF8
mov edi, eax
:0040F30C A1A0644A00 mov eax,
dword ptr [004A64A0]
:0040F311 8938
mov dword ptr [eax], edi
:0040F313 8BC7
mov eax, edi
:0040F315 8B10
mov edx, dword ptr [eax]
:0040F317 FF92CC000000 call dword
ptr [edx+000000CC]
:0040F31D 48
dec eax
:0040F31E 0F85A6020000 jne 0040F5CA
:0040F324 66C746101400 mov [esi+10],
0014
:0040F32A 33C9
xor ecx, ecx
:0040F32C 894DFC
mov dword ptr [ebp-04], ecx
:0040F32F 8D55FC
lea edx, dword ptr [ebp-04]
:0040F332 FF461C
inc [esi+1C]
:0040F335 A1A0644A00 mov eax,
dword ptr [004A64A0]
:0040F33A 8B08
mov ecx, dword ptr [eax]
:0040F33C 8B81D4020000 mov eax, dword
ptr [ecx+000002D4]
:0040F342 E8F9940300 call
00448840
:0040F347 66C746100800 mov [esi+10],
0008 ------------>按12下F12后就停在这里
:0040F34D 66C746102000 mov [esi+10],
0020
:0040F353 33D2
xor edx, edx
:0040F355 8955F8
mov dword ptr [ebp-08], edx
:0040F358 8D55F8
lea edx, dword ptr [ebp-08]
:0040F35B FF461C
inc [esi+1C]
:0040F35E A1A0644A00 mov eax,
dword ptr [004A64A0]
:0040F363 8B08
mov ecx, dword ptr [eax]
:0040F365 8B81D8020000 mov eax, dword
ptr [ecx+000002D8]
:0040F36B E8D0940300 call
00448840
:0040F370 66C746100800 mov [esi+10],
0008
:0040F376 8BC3
mov eax, ebx
:0040F378 E8C30B0000 call
0040FF40
:0040F37D 66C746102C00 mov [esi+10],
002C
:0040F383 33D2
xor edx, edx
:0040F385 8D4DF4
lea ecx, dword ptr [ebp-0C]
:0040F388 8955F4
mov dword ptr [ebp-0C], edx
:0040F38B 8BC3
mov eax, ebx
:0040F38D FF461C
inc [esi+1C]
:0040F390 8B55FC
mov edx, dword ptr [ebp-04]
:0040F393 E814060000 call
0040F9AC
:0040F398 8D55F4
lea edx, dword ptr [ebp-0C]
:0040F39B 8D45F8
lea eax, dword ptr [ebp-08]
:0040F39E E889750700 call
0048692C<--------------------------------进入这个CALL看看
:0040F3A3 50
push eax
:0040F3A4 FF4E1C
dec [esi+1C]
:0040F3A7 8D45F4
lea eax, dword ptr [ebp-0C]
:0040F3AA BA02000000 mov edx,
00000002
:0040F3AF E8A8740700 call
0048685C
:0040F3B4 59
pop ecx
:0040F3B5 84C9
test cl, cl
:0040F3B7 0F846D010000 je 0040F52A
:0040F3BD B201
mov dl, 01
:0040F3BF A13C3D4200 mov eax,
dword ptr [00423D3C]
:0040F3C4 E8B34A0100 call
00423E7C
:0040F3C9 66C746100800 mov [esi+10],
0008
:0040F3CF 8BF8
mov edi, eax
:0040F3D1 BA02000080 mov edx,
80000002
:0040F3D6 8BC7
mov eax, edi
:0040F3D8 E8EF720700 call
004866CC
:0040F3DD 66C746103800 mov [esi+10],
0038
:0040F3E3 8D45F0
lea eax, dword ptr [ebp-10]
* Possible StringData Ref from Data Obj ->"Software\ADCSoft\BJigsaw"
|
:0040F3E6 8B15ECE74900 mov edx, dword
ptr [0049E7EC]
:0040F3EC E867730700 call
00486758
:0040F3F1 FF461C
inc [esi+1C]
:0040F3F4 8B10
mov edx, dword ptr [eax]
:0040F3F6 B101
mov cl, 01
:0040F3F8 8BC7
mov eax, edi
:0040F3FA E8794B0100 call
00423F78
:0040F3FF 50
push eax
:0040F400 FF4E1C
dec [esi+1C]
:0040F403 8D45F0
lea eax, dword ptr [ebp-10]
:0040F406 BA02000000 mov edx,
00000002
:0040F40B E84C740700 call
0048685C
:0040F410 59
pop ecx
:0040F411 84C9
test cl, cl
:0040F413 0F84DE000000 je 0040F4F7
:0040F419 66C746105000 mov [esi+10],
0050
:0040F41F 8D45E8
lea eax, dword ptr [ebp-18]
* Possible StringData Ref from Data Obj ->"Vjcpm aqw hqt tgikuvgtkpi."
|
:0040F422 8B15E8E74900 mov edx, dword
ptr [0049E7E8]
:0040F428 E82B730700 call
00486758
:0040F42D FF461C
inc [esi+1C]
:0040F430 8D4DEC
lea ecx, dword ptr [ebp-14]
:0040F433 8B10
mov edx, dword ptr [eax]
:0040F435 33C0
xor eax, eax
:0040F437 8945EC
mov dword ptr [ebp-14], eax
:0040F43A 8BC3
mov eax, ebx
:0040F43C FF461C
inc [esi+1C]
:0040F43F E8540B0000 call
0040FF98
:0040F444 FF4E1C
dec [esi+1C]
:0040F447 8D45E8
lea eax, dword ptr [ebp-18]
:0040F44A BA02000000 mov edx,
00000002
:0040F44F E808740700 call
0048685C
:0040F454 66C746104400 mov [esi+10],
0044
:0040F45A 6A40
push 00000040
* Possible StringData Ref from Data Obj ->"B-Jigsaw"
|
:0040F45C B96AE94900 mov ecx,
0049E96A
:0040F461 837DEC00
cmp dword ptr [ebp-14], 00000000
:0040F465 7405
je 0040F46C
:0040F467 8B55EC
mov edx, dword ptr [ebp-14]
:0040F46A EB05
jmp 0040F471
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040F465(C)
|
:0040F46C BA73E94900 mov edx,
0049E973
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040F46A(U)
|
:0040F471 A1B8644A00 mov eax,
dword ptr [004A64B8]
:0040F476 8B00
mov eax, dword ptr [eax]
:0040F478 E837720700 call
004866B4
:0040F47D 66C746105C00 mov [esi+10],
005C
* Possible StringData Ref from Data Obj ->"UserName"
|
:0040F483 BA74E94900 mov edx,
0049E974
:0040F488 8D45E4
lea eax, dword ptr [ebp-1C]
:0040F48B E8C8720700 call
00486758
:0040F490 FF461C
inc [esi+1C]
:0040F493 8B10
mov edx, dword ptr [eax]
:0040F495 8B4DFC
mov ecx, dword ptr [ebp-04]
:0040F498 8BC7
mov eax, edi
:0040F49A E8754C0100 call
00424114
:0040F49F FF4E1C
dec [esi+1C]
:0040F4A2 8D45E4
lea eax, dword ptr [ebp-1C]
:0040F4A5 BA02000000 mov edx,
00000002
:0040F4AA E8AD730700 call
0048685C
:0040F4AF 66C746106800 mov [esi+10],
0068
* Possible StringData Ref from Data Obj ->"RegCode"
|
:0040F4B5 BA7DE94900 mov edx,
0049E97D
:0040F4BA 8D45E0
lea eax, dword ptr [ebp-20]
:0040F4BD E896720700 call
00486758
:0040F4C2 FF461C
inc [esi+1C]
:0040F4C5 8B10
mov edx, dword ptr [eax]
:0040F4C7 8B4DF8
mov ecx, dword ptr [ebp-08]
:0040F4CA 8BC7
mov eax, edi
:0040F4CC E8434C0100 call
00424114
:0040F4D1 FF4E1C
dec [esi+1C]
:0040F4D4 8D45E0
lea eax, dword ptr [ebp-20]
:0040F4D7 BA02000000 mov edx,
00000002
:0040F4DC E87B730700 call
0048685C
:0040F4E1 FF4E1C
dec [esi+1C]
:0040F4E4 8D45EC
lea eax, dword ptr [ebp-14]
:0040F4E7 BA02000000 mov edx,
00000002
:0040F4EC E86B730700 call
0048685C
:0040F4F1 66C746100800 mov [esi+10],
0008
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040F413(C)
|
:0040F4F7 897DD8
mov dword ptr [ebp-28], edi
:0040F4FA 837DD800
cmp dword ptr [ebp-28], 00000000
:0040F4FE 7421
je 0040F521
:0040F500 8B4DD8
mov ecx, dword ptr [ebp-28]
:0040F503 8B01
mov eax, dword ptr [ecx]
:0040F505 8945DC
mov dword ptr [ebp-24], eax
:0040F508 66C746108000 mov [esi+10],
0080
:0040F50E BA03000000 mov edx,
00000003
:0040F513 8B45D8
mov eax, dword ptr [ebp-28]
:0040F516 8B08
mov ecx, dword ptr [eax]
:0040F518 FF51FC
call [ecx-04]
:0040F51B 66C746107400 mov [esi+10],
0074
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040F4FE(C)
|
:0040F521 8BC3
mov eax, ebx
:0040F523 E8E4B80200 call
0043AE0C
:0040F528 EB7A
jmp 0040F5A4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040F3B7(C)
|
:0040F52A 66C746109800 mov [esi+10],
0098
:0040F530 8D45D0
lea eax, dword ptr [ebp-30]
* Possible StringData Ref from Data Obj ->"Kpxcnkf wugt pcog qt tgikuvtcvkqp
"
->"eqfg."
|
:0040F533 8B15E4E74900 mov edx, dword
ptr [0049E7E4]
:0040F539 E81A720700 call
00486758
:0040F53E FF461C
inc [esi+1C]
:0040F541 8D4DD4
lea ecx, dword ptr [ebp-2C]
:0040F544 8B10
mov edx, dword ptr [eax]
:0040F546 33C0
xor eax, eax
:0040F548 8945D4
mov dword ptr [ebp-2C], eax
:0040F54B 8BC3
mov eax, ebx
:0040F54D FF461C
inc [esi+1C]
:0040F550 E8430A0000 call
0040FF98
:0040F555 FF4E1C
dec [esi+1C]
:0040F558 8D45D0
lea eax, dword ptr [ebp-30]
:0040F55B BA02000000 mov edx,
00000002
:0040F560 E8F7720700 call
0048685C
:0040F565 66C746108C00 mov [esi+10],
008C
:0040F56B 6A10
push 00000010
* Possible StringData Ref from Data Obj ->"B-Jigsaw"
|
:0040F56D B985E94900 mov ecx,
0049E985
:0040F572 837DD400
cmp dword ptr [ebp-2C], 00000000
:0040F576 7405
je 0040F57D
:0040F578 8B55D4
mov edx, dword ptr [ebp-2C]
:0040F57B EB05
jmp 0040F582
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040F576(C)
|
:0040F57D BA8EE94900 mov edx,
0049E98E
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040F57B(U)
|
:0040F582 A1B8644A00 mov eax,
dword ptr [004A64B8]
:0040F587 8B00
mov eax, dword ptr [eax]
:0040F589 E826710700 call
004866B4<-------------------------------------------------------如果您走过这个CALL的话就玩完了
:0040F58E FF4E1C
dec [esi+1C]
:0040F591 8D45D4
lea eax, dword ptr [ebp-2C]
:0040F594 BA02000000 mov edx,
00000002
:0040F599 E8BE720700 call
0048685C
:0040F59E 66C746100800 mov [esi+10],
0008
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040F528(U)
|
:0040F5A4 FF4E1C
dec [esi+1C]
:0040F5A7 8D45F8
lea eax, dword ptr [ebp-08]
:0040F5AA BA02000000 mov edx,
00000002
:0040F5AF E8A8720700 call
0048685C
:0040F5B4 FF4E1C
dec [esi+1C]
:0040F5B7 8D45FC
lea eax, dword ptr [ebp-04]
:0040F5BA BA02000000 mov edx,
00000002
:0040F5BF E898720700 call
0048685C
:0040F5C4 66C746100000 mov [esi+10],
0000
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040F31E(C)
|
* Reference To: bjigsaw._FormRegistration
|
:0040F5CA 8B0DA0644A00 mov ecx, dword
ptr [004A64A0]
:0040F5D0 8B19
mov ebx, dword ptr [ecx]
:0040F5D2 895DC8
mov dword ptr [ebp-38], ebx
:0040F5D5 85DB
test ebx, ebx
:0040F5D7 741E
je 0040F5F7
:0040F5D9 8B03
mov eax, dword ptr [ebx]
:0040F5DB 8945CC
mov dword ptr [ebp-34], eax
:0040F5DE 66C74610B000 mov [esi+10],
00B0
:0040F5E4 BA03000000 mov edx,
00000003
:0040F5E9 8B45C8
mov eax, dword ptr [ebp-38]
:0040F5EC 8B08
mov ecx, dword ptr [eax]
:0040F5EE FF51FC
call [ecx-04]
:0040F5F1 66C74610A400 mov [esi+10],
00A4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040F5D7(C)
|
:0040F5F7 8B16
mov edx, dword ptr [esi]
:0040F5F9 64891500000000 mov dword ptr fs:[00000000],
edx
:0040F600 5F
pop edi
:0040F601 5E
pop esi
:0040F602 5B
pop ebx
:0040F603 8BE5
mov esp, ebp
:0040F605 5D
pop ebp
:0040F606 C3
ret
* Referenced by a CALL at Addresses:
|:00406EF7 , :004074D0 , :0040F39E , :0040F887
|
:0048692C 55
push ebp----------------------------------------->从上面的CALL来到这里
:0048692D 8BEC
mov ebp, esp
:0048692F 53
push ebx
:00486930 8B00
mov eax, dword ptr [eax]
:00486932 8B12
mov edx, dword ptr [edx]
:00486934 E83B23FFFF call
00478C74<------------------------------------------注册CODE就在这里面进入吧
:00486939 0F94C0
sete al
:0048693C 83E001
and eax, 00000001
:0048693F 5B
pop ebx
:00486940 5D
pop ebp
:00486941 C3
ret
* Referenced by a CALL at Addresses:
|:00419FFF , :0041A5E9 , :0041A759 , :0041A8CD , :004220C6
|:00424685 , :004246A3 , :00425241 , :0042645D , :00426521
|:004268FC , :004269BB , :00426E16 , :0042706A , :004275D5
|:00427793 , :0042E31D , :0042E3B5 , :0042F4C8 , :0043EAF7
|:00447932 , :004479BD , :00448623 , :00448898 , :00457CD3
|:0045810A , :0045A5C3 , :0045AFA0 , :00465D73 , :0046AA4B
|:0046B9F9 , :00486934
|
:00478C74 53 push ebx-------------------------------从这里出来
:00478C75 56 push esi
:00478C76 57 push edi
:00478C77 89C6 mov esi, eax----------哈哈~看到这里的指令真兴奋啊!
:00478C79 89D7 mov edi, edx----------寄存器传来传去的,
:00478C7B 39D0 cmp eax, edx**********************在比较什么呀!看看自己的真正CODE吧
:00478C7D 0F848F000000 je 00478D12
:00478C83 85F6 test esi, esi
:00478C85 7468 je 00478CEF
:00478C87 85FF test edi, edi
:00478C89 746B je 00478CF6
:00478C8B 8B46FC mov eax, dword ptr [esi-04]
:00478C8E 8B57FC mov edx, dword ptr [edi-04]
:00478C91 29D0 sub eax, edx
:00478C93 7702 ja 00478C97
:00478C95 01C2 add edx, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00478C93(C)
|
:00478C97 52 push edx
:00478C98 C1EA02 shr edx, 02
:00478C9B 7426 je 00478CC3
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00478CB9(C)
|
:00478C9D 8B0E mov ecx, dword ptr [esi]
:00478C9F 8B1F mov ebx, dword ptr [edi]
:00478CA1 39D9 cmp ecx, ebx
:00478CA3 7558 jne 00478CFD
:00478CA5 4A dec edx
:00478CA6 7415 je 00478CBD
:00478CA8 8B4E04 mov ecx, dword ptr [esi+04]
:00478CAB 8B5F04 mov ebx, dword ptr [edi+04]
:00478CAE 39D9 cmp ecx, ebx
:00478CB0 754B jne 00478CFD
:00478CB2 83C608 add esi, 00000008
:00478CB5 83C708 add edi, 00000008
:00478CB8 4A dec edx
:00478CB9 75E2 jne 00478C9D
:00478CBB EB06 jmp 00478CC3
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00478CA6(C)
|
:00478CBD 83C604 add esi, 00000004
:00478CC0 83C704 add edi, 00000004
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00478C9B(C), :00478CBB(U)
|
:00478CC3 5A pop edx
:00478CC4 83E203 and edx, 00000003
:00478CC7 7422 je 00478CEB
:00478CC9 8B0E mov ecx, dword ptr [esi]
:00478CCB 8B1F mov ebx, dword ptr [edi]
:00478CCD 38D9 cmp cl, bl
:00478CCF 7541 jne 00478D12
:00478CD1 4A dec edx
:00478CD2 7417 je 00478CEB
:00478CD4 38FD cmp ch, bh
:00478CD6 753A jne 00478D12
:00478CD8 4A dec edx
:00478CD9 7410 je 00478CEB
:00478CDB 81E30000FF00 and ebx, 00FF0000
:00478CE1 81E10000FF00 and ecx, 00FF0000
:00478CE7 39D9 cmp ecx, ebx
:00478CE9 7527 jne 00478D12
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00478CC7(C), :00478CD2(C), :00478CD9(C)
|
:00478CEB 01C0 add eax, eax
:00478CED EB23 jmp 00478D12
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00478C85(C)
|
:00478CEF 8B57FC mov edx, dword ptr [edi-04]
:00478CF2 29D0 sub eax, edx
:00478CF4 EB1C jmp 00478D12
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00478C89(C)
|
:00478CF6 8B46FC mov eax, dword ptr [esi-04]
:00478CF9 29D0 sub eax, edx
:00478CFB EB15 jmp 00478D12
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00478CA3(C), :00478CB0(C)
|
:00478CFD 5A pop edx
:00478CFE 38D9 cmp cl, bl
:00478D00 7510 jne 00478D12
:00478D02 38FD cmp ch, bh
:00478D04 750C jne 00478D12
:00478D06 C1E910 shr ecx, 10
:00478D09 C1EB10 shr ebx, 10
:00478D0C 38D9 cmp cl, bl
:00478D0E 7502 jne 00478D12
:00478D10 38FD cmp ch, bh
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00478C7D(C), :00478CCF(C), :00478CD6(C), :00478CE9(C), :00478CED(U)
|:00478CF4(U), :00478CFB(U), :00478D00(C), :00478D04(C), :00478D0E(C)
|
:00478D12 5F pop edi
:00478D13 5E pop esi
:00478D14 5B pop ebx
:00478D15 C3 ret
清除中断后,回到注册窗口打入刚才看到的REGISTRATION CODE 希望看到的THANK YOU FOR REGISTERING出来了,
刚学破解的朋友有兴趣的话下载一个练习练习吧!发现无论你用怎么样的注册名,它的CODE都是以BJ开始的,我没去研究了(悄悄的告诉您,其实是自己的功力不够啊!)西西.
但有一个真的很不明白,无论我怎么样去修改日期,这个软件都没有出现过期的窗口,来来去去都是5-8天左右,有兴趣的大虾下载研究研究呀,指点一下我们这个等级的菜鸟
也好呀!不罗唆了,我还要赶着拼好“功课”给MM老师呀!到期交不到作业给MM后果不堪设想啊。
最后祝:各位财源滚滚来,有情人终成眷属 :)
看雪兄的论坛人气急升1000000000000000000000000000点