谁能找出BrainsBreaker3.0(巨好的拼图游戏)注册码?《论坛精华2》没搞定!
破这种既好玩又有极大难度的软件才过瘾!
http://www.brainsbreaker.com/download.htm或
http://ourworld.compuserve.com/homepages/jtrujillo/bbsetup.exe
==========================================================================
1、Pack:我不填
Name:zest
Your ID:aaaa
Key:CCCCCCCCCCCCCCCC
--------------------------------------------------------------------------
2、此程序老在0167:00452509~0167:0045278F处循环,循环结束后出注册错误框,
注意0167:00452543 PUSH DWORD [EBP-0C]处PUSH之值,你可下断点
bpx 452546 do"d*esp"看看,我用TRW2K122。
值依次变为full,entry,brainsbreaker,summer96,spring96,winter96,contry。
--------------------------------------------------------------------------
3、我做如下3个断点跟踪:①bpx 452546 do"d*esp" ②bpx 452653 ③bpx 45274e
如KEY个数小于16个,正常中断顺序为①②①②①②......
如KEY个数大于等于16个,正常中断顺序为①②③①②③......
为了便于跟踪,我的KEY填16个c,你或许会曰:NOP掉45274e此行(key数<16还要
NOP掉452653)不就行了?的确,你注册成功了!上WC轻松一刻!
--------------------------------------------------------------------------
4、一泡尿工夫你会发觉你的程序DIE得很惨!
--------------------------------------------------------------------------
5、程序注册后(强迫注册)会在BBRK.INI加入:
[PACKBrainsBreaker]
0=zest
1=aaaa
2=1076e9867711e9867711e9867711e9867711
3=2100
4=4e37d9b1
5=5533cba4
注:上[PACK***]中***有可能就是full,entry,brainsbreaker,summer96,spring96,
winter96,contry其中之一,细观察断点①。我发觉[PACKfull]会出错,见上第3点,
[PACKentry]和[PACKBrainsBreaker]可注册成功!其余[PACK***]说是成功了,
但功能有限制。我爱[PACKBrainsBreaker],使用后没任何功能限制!
--------------------------------------------------------------------------
6、每次想玩时得跟踪注册一次才能消除其功能限制,麻烦!谁叫我没$19.95呢。
你可试做一个PATCH看看,或用SMC方法。
--------------------------------------------------------------------------
7、谁能找到注册码?
==========================================================================
0167:00452509 FF36 PUSH
DWORD [ESI]-------->循环开始处!
0167:0045250B 8D4DF0 LEA
ECX,[EBP-10]
0167:0045250E E891990100 CALL 0046BEA4
0167:00452513 8D45F0 LEA
EAX,[EBP-10]
0167:00452516 B9B05C4B00 MOV ECX,004B5CB0
0167:0045251B 50 PUSH
EAX
0167:0045251C E84D54FDFF CALL 0042796E
0167:00452521 837DF802 CMP
DWORD [EBP-08],BYTE +02
0167:00452525 8945D0 MOV
[EBP-30],EAX
0167:00452528 6A2C PUSH
BYTE +2C
0167:0045252A 752A JNZ
00452556
0167:0045252C E8EA380400 CALL 00495E1B
0167:00452531 8BF0 MOV
ESI,EAX
0167:00452533 59 POP
ECX
0167:00452534 85F6 TEST
ESI,ESI
0167:00452536 7440 JZ
00452578
0167:00452538 FF75E4 PUSH
DWORD [EBP-1C]-------->$$CCCCCCCCCCCCCCCC
0167:0045253B 8BCE MOV
ECX,ESI
0167:0045253D FF75DC PUSH
DWORD [EBP-24]-------->aaaa
0167:00452540 FF75C8 PUSH
DWORD [EBP-38]-------->zest
0167:00452543 FF75F4 PUSH
DWORD [EBP-0C]-------->注意变化!
0167:00452546 E8EC55FDFF CALL 00427B37
0167:0045254B C706847C4A00 MOV DWORD [ESI],004A7C84
0167:00452551 8975FC MOV
[EBP-04],ESI
0167:00452554 EB26 JMP
SHORT 0045257C
0167:00452556 E8C0380400 CALL 00495E1B
0167:0045255B 85C0 TEST
EAX,EAX
0167:0045255D 59 POP
ECX
0167:0045255E 7418 JZ
00452578
0167:00452560 FF75E4 PUSH
DWORD [EBP-1C]
0167:00452563 8BC8 MOV
ECX,EAX
0167:00452565 FF75DC PUSH
DWORD [EBP-24]
0167:00452568 FF75C8 PUSH
DWORD [EBP-38]
0167:0045256B FF75F4 PUSH
DWORD [EBP-0C]
0167:0045256E E8C455FDFF CALL 00427B37
0167:00452573 8945FC MOV
[EBP-04],EAX
0167:00452576 EB04 JMP
SHORT 0045257C
0167:00452578 8365FC00 AND
DWORD [EBP-04],BYTE +00
0167:0045257C 8B4DFC MOV
ECX,[EBP-04]
0167:0045257F 8D951CFFFFFF LEA EDX,[EBP+FFFFFF1C]
0167:00452585 52 PUSH
EDX
0167:00452586 8B01 MOV
EAX,[ECX]
0167:00452588 FF5008 CALL
NEAR [EAX+08]-------->此CALL估计重要!
0167:0045258B 8BF0 MOV
ESI,EAX-------->注意EAX值变化!
0167:0045258D 6A08 PUSH
BYTE +08
0167:0045258F 59 POP
ECX
0167:00452590 0FB63E MOVZX
EDI,BYTE [ESI]
0167:00452593 8BC7 MOV
EAX,EDI
0167:00452595 6A01 PUSH
BYTE +01
0167:00452597 99 CDQ
0167:00452598 F7F9 IDIV
ECX
0167:0045259A 8BC7 MOV
EAX,EDI
0167:0045259C 5B POP
EBX
0167:0045259D C1E803 SHR
EAX,03
0167:004525A0 0FB6443001 MOVZX EAX,BYTE
[EAX+ESI+01]
0167:004525A5 8BCA MOV
ECX,EDX
0167:004525A7 D3E3 SHL
EBX,CL
0167:004525A9 23D8 AND
EBX,EAX
0167:004525AB 895D08 MOV
[EBP+08],EBX
0167:004525AE 7406 JZ
004525B6
0167:004525B0 6A01 PUSH
BYTE +01
0167:004525B2 5B POP
EBX
0167:004525B3 895D08 MOV
[EBP+08],EBX
0167:004525B6 8A4604 MOV
AL,[ESI+04]
0167:004525B9 6A08 PUSH
BYTE +08
0167:004525BB 0C04 OR
AL,04
0167:004525BD 59 POP
ECX
0167:004525BE C0E002 SHL
AL,02
0167:004525C1 884604 MOV
[ESI+04],AL
0167:004525C4 8BC7 MOV
EAX,EDI
0167:004525C6 99 CDQ
0167:004525C7 F7F9 IDIV
ECX
0167:004525C9 6A08 PUSH
BYTE +08
0167:004525CB 8BC8 MOV
ECX,EAX
0167:004525CD 8BC7 MOV
EAX,EDI
0167:004525CF 99 CDQ
0167:004525D0 5F POP
EDI
0167:004525D1 F7FF IDIV
EDI
0167:004525D3 85DB TEST
EBX,EBX
0167:004525D5 751B JNZ
004525F2
0167:004525D7 8D7C3101 LEA
EDI,[ECX+ESI+01]
0167:004525DB 8D4A01 LEA
ECX,[EDX+01]
0167:004525DE B001 MOV
AL,01
0167:004525E0 B301 MOV
BL,01
0167:004525E2 D2E0 SHL
AL,CL
0167:004525E4 8BCA MOV
ECX,EDX
0167:004525E6 D2E3 SHL
BL,CL
0167:004525E8 F6D0 NOT
AL
0167:004525EA 0A1F OR
BL,[EDI]
0167:004525EC 22C3 AND
AL,BL
0167:004525EE 8807 MOV
[EDI],AL
0167:004525F0 EB0E JMP
SHORT 00452600
0167:004525F2 8D443101 LEA
EAX,[ECX+ESI+01]
0167:004525F6 B301 MOV
BL,01
0167:004525F8 8BCA MOV
ECX,EDX
0167:004525FA D2E3 SHL
BL,CL
0167:004525FC F6D3 NOT
BL
0167:004525FE 2018 AND
[EAX],BL
0167:00452600 0FB63E MOVZX
EDI,BYTE [ESI]
0167:00452603 8BC7 MOV
EAX,EDI
0167:00452605 6A08 PUSH
BYTE +08
0167:00452607 99 CDQ
0167:00452608 59 POP
ECX
0167:00452609 F7F9 IDIV
ECX
0167:0045260B 8BC8 MOV
ECX,EAX
0167:0045260D 8D4101 LEA
EAX,[ECX+01]
0167:00452610 3D80000000 CMP EAX,80
0167:00452615 7E02 JNG
00452619
0167:00452617 33C0 XOR
EAX,EAX
0167:00452619 8A543001 MOV
DL,[EAX+ESI+01]
0167:0045261D 8D443001 LEA
EAX,[EAX+ESI+01]
0167:00452621 80CA04 OR
DL,04
0167:00452624 BBDE100000 MOV EBX,10DE
0167:00452629 C0EA02 SHR
DL,02
0167:0045262C 8810 MOV
[EAX],DL
0167:0045262E A1E86C4B00 MOV EAX,[004B6CE8]
0167:00452633 99 CDQ
0167:00452634 F7FB IDIV
EBX
0167:00452636 85D2 TEST
EDX,EDX
0167:00452638 750E JNZ
00452648
0167:0045263A 8BC7 MOV
EAX,EDI
0167:0045263C 6A08 PUSH
BYTE +08
0167:0045263E 99 CDQ
0167:0045263F 5F POP
EDI
0167:00452640 8D4C3102 LEA
ECX,[ECX+ESI+02]
0167:00452644 F7FF IDIV
EDI
0167:00452646 0811 OR
[ECX],DL
0167:00452648 FF05E86C4B00 INC DWORD [004B6CE8]
0167:0045264E 8A4601 MOV
AL,[ESI+01]
0167:00452651 A804 TEST
AL,04
0167:00452653 740B JZ
00452660-------->NOP掉它!!!!!!
0167:00452655 33C9 XOR
ECX,ECX
0167:00452657 394D08 CMP
[EBP+08],ECX
0167:0045265A 0F94C1 SETZ
CL
0167:0045265D 894D08 MOV
[EBP+08],ECX
0167:00452660 F6D0 NOT
AL
0167:00452662 884601 MOV
[ESI+01],AL
0167:00452665 33C0 XOR
EAX,EAX
0167:00452667 394508 CMP
[EBP+08],EAX
0167:0045266A 0F84F2000000 JZ NEAR 00452762
0167:00452670 8B4DFC MOV
ECX,[EBP-04]
0167:00452673 50 PUSH
EAX
0167:00452674 50 PUSH
EAX
0167:00452675 8D45B0 LEA
EAX,[EBP-50]
0167:00452678 8B11 MOV
EDX,[ECX]
0167:0045267A 50 PUSH
EAX
0167:0045267B FF5210 CALL
NEAR [EDX+10]
0167:0045267E 8BF0 MOV
ESI,EAX
0167:00452680 6A08 PUSH
BYTE +08
0167:00452682 59 POP
ECX
0167:00452683 0FB63E MOVZX
EDI,BYTE [ESI]
0167:00452686 8BC7 MOV
EAX,EDI
0167:00452688 6A01 PUSH
BYTE +01
0167:0045268A 99 CDQ
0167:0045268B F7F9 IDIV
ECX
0167:0045268D 8BC7 MOV
EAX,EDI
0167:0045268F 5B POP
EBX
0167:00452690 C1E803 SHR
EAX,03
0167:00452693 0FB6443001 MOVZX EAX,BYTE
[EAX+ESI+01]
0167:00452698 8BCA MOV
ECX,EDX
0167:0045269A D3E3 SHL
EBX,CL
0167:0045269C 23D8 AND
EBX,EAX
0167:0045269E 7403 JZ
004526A3
0167:004526A0 6A01 PUSH
BYTE +01
0167:004526A2 5B POP
EBX
0167:004526A3 8A4604 MOV
AL,[ESI+04]
0167:004526A6 6A08 PUSH
BYTE +08
0167:004526A8 0C04 OR
AL,04
0167:004526AA 59 POP
ECX
0167:004526AB C0E002 SHL
AL,02
0167:004526AE 884604 MOV
[ESI+04],AL
0167:004526B1 8BC7 MOV
EAX,EDI
0167:004526B3 99 CDQ
0167:004526B4 F7F9 IDIV
ECX
0167:004526B6 6A08 PUSH
BYTE +08
0167:004526B8 8BC8 MOV
ECX,EAX
0167:004526BA 8BC7 MOV
EAX,EDI
0167:004526BC 99 CDQ
0167:004526BD 5F POP
EDI
0167:004526BE F7FF IDIV
EDI
0167:004526C0 85DB TEST
EBX,EBX
0167:004526C2 7521 JNZ
004526E5
0167:004526C4 8D7C3101 LEA
EDI,[ECX+ESI+01]
0167:004526C8 8D4A01 LEA
ECX,[EDX+01]
0167:004526CB B001 MOV
AL,01
0167:004526CD D2E0 SHL
AL,CL
0167:004526CF 8BCA MOV
ECX,EDX
0167:004526D1 F6D0 NOT
AL
0167:004526D3 88450B MOV
[EBP+0B],AL
0167:004526D6 B001 MOV
AL,01
0167:004526D8 D2E0 SHL
AL,CL
0167:004526DA 8A4D0B MOV
CL,[EBP+0B]
0167:004526DD 0A07 OR
AL,[EDI]
0167:004526DF 22C8 AND
CL,AL
0167:004526E1 880F MOV
[EDI],CL
0167:004526E3 EB14 JMP
SHORT 004526F9
0167:004526E5 8D443101 LEA
EAX,[ECX+ESI+01]
0167:004526E9 B101 MOV
CL,01
0167:004526EB 884D0B MOV
[EBP+0B],CL
0167:004526EE 8BCA MOV
ECX,EDX
0167:004526F0 8A550B MOV
DL,[EBP+0B]
0167:004526F3 D2E2 SHL
DL,CL
0167:004526F5 F6D2 NOT
DL
0167:004526F7 2010 AND
[EAX],DL
0167:004526F9 0FB606 MOVZX
EAX,BYTE [ESI]
0167:004526FC 894508 MOV
[EBP+08],EAX
0167:004526FF 6A08 PUSH
BYTE +08
0167:00452701 99 CDQ
0167:00452702 59 POP
ECX
0167:00452703 F7F9 IDIV
ECX
0167:00452705 8BF8 MOV
EDI,EAX
0167:00452707 8D4701 LEA
EAX,[EDI+01]
0167:0045270A 3D80000000 CMP EAX,80
0167:0045270F 7E02 JNG
00452713
0167:00452711 33C0 XOR
EAX,EAX
0167:00452713 8A4C3001 MOV
CL,[EAX+ESI+01]
0167:00452717 8D443001 LEA
EAX,[EAX+ESI+01]
0167:0045271B 80C904 OR
CL,04
0167:0045271E C0E902 SHR
CL,02
0167:00452721 8808 MOV
[EAX],CL
0167:00452723 A1E86C4B00 MOV EAX,[004B6CE8]
0167:00452728 99 CDQ
0167:00452729 B9DE100000 MOV ECX,10DE
0167:0045272E F7F9 IDIV
ECX
0167:00452730 85D2 TEST
EDX,EDX
0167:00452732 750F JNZ
00452743
0167:00452734 8B4508 MOV
EAX,[EBP+08]
0167:00452737 6A08 PUSH
BYTE +08
0167:00452739 8D4C3E02 LEA
ECX,[ESI+EDI+02]
0167:0045273D 5F POP
EDI
0167:0045273E 99 CDQ
0167:0045273F F7FF IDIV
EDI
0167:00452741 0811 OR
[ECX],DL
0167:00452743 FF05E86C4B00 INC DWORD [004B6CE8]
0167:00452749 8A4601 MOV
AL,[ESI+01]
0167:0045274C A804 TEST
AL,04
0167:0045274E 7409 JZ
00452759-------->NOP掉它!!!!!!!!
0167:00452750 33C9 XOR
ECX,ECX
0167:00452752 85DB TEST
EBX,EBX
0167:00452754 0F94C1 SETZ
CL-------->CL应为1
0167:00452757 8BD9 MOV
EBX,ECX-------->赋值
0167:00452759 F6D0 NOT
AL
0167:0045275B 85DB TEST
EBX,EBX-------->ebx不应为0
0167:0045275D 884601 MOV
[ESI+01],AL
0167:00452760 7539 JNZ
0045279B-------->应该让它跳!
0167:00452762 837DFC00 CMP
DWORD [EBP-04],BYTE +00
0167:00452766 7411 JZ
00452779
0167:00452768 8B4DFC MOV
ECX,[EBP-04]
0167:0045276B E819F3FAFF CALL 00401A89
0167:00452770 FF75FC PUSH
DWORD [EBP-04]
0167:00452773 E8002F0400 CALL 00495678
0167:00452778 59 POP
ECX
0167:00452779 8B75D4 MOV
ESI,[EBP-2C]
0167:0045277C 83C604 ADD
ESI,BYTE +04
0167:0045277F 8975D4 MOV
[EBP-2C],ESI
0167:00452782 833E00 CMP
DWORD [ESI],BYTE +00
0167:00452785 740D JZ
00452794
0167:00452787 8D4DF0 LEA
ECX,[EBP-10]
0167:0045278A E8B5970100 CALL 0046BF44
0167:0045278F E975FDFFFF JMP 00452509-------->大循环,跳到上面第一行!
0167:00452794 33F6 XOR
ESI,ESI
0167:00452796 E9ED010000 JMP 00452988-------->此JMP跳过了注册成功的CALL!
0167:0045279B 33FF XOR
EDI,EDI
0167:0045279D 397DD0 CMP
[EBP-30],EDI
0167:004527A0 7C11 JL
004527B3
0167:004527A2 FF75D0 PUSH
DWORD [EBP-30]
0167:004527A5 BBB05C4B00 MOV EBX,004B5CB0
0167:004527AA 8BCB MOV
ECX,EBX
0167:004527AC E865730000 CALL 00459B16
0167:004527B1 EB05 JMP
SHORT 004527B8
0167:004527B3 BBB05C4B00 MOV EBX,004B5CB0
0167:004527B8 393D845A4B00 CMP [004B5A84],EDI
0167:004527BE 7518 JNZ
004527D8
0167:004527C0 6A05 PUSH
BYTE +05
0167:004527C2 C705BC584B000100+MOV DWORD [004B58BC],01
0167:004527CC E821560000 CALL 00457DF2
0167:004527D1 59 POP
ECX
0167:004527D1 59 POP
ECX
0167:004527D2 893DBC584B00 MOV [004B58BC],EDI
0167:004527D8 6848010000 PUSH DWORD 0148
0167:004527DD E8D0E20200 CALL 00480AB2
0167:004527E2 3BC7 CMP
EAX,EDI
0167:004527E4 59 POP
ECX
0167:004527E5 7410 JZ
004527F7
0167:004527E7 FF75DC PUSH
DWORD [EBP-24]
0167:004527EA 8BC8 MOV
ECX,EAX
0167:004527EC FF75C8 PUSH
DWORD [EBP-38]
0167:004527EF FF75F4 PUSH
DWORD [EBP-0C]
0167:004527F2 E83660FEFF CALL 0043882D-------->此CALL注册成功!
0167:004527F7 8B45EC MOV
EAX,[EBP-14]
0167:004527FA FF7004 PUSH
DWORD [EAX+04]
0167:004527FD FF1564754A00 CALL `USER32!UpdateWindow`
0167:00452803 8B75FC MOV
ESI,[EBP-04]
0167:00452806 8D4508 LEA
EAX,[EBP+08]
0167:00452809 6A01 PUSH
BYTE +01
/\zest/\2000.2