登陆奇兵3.0破解心得
下载地址:
http://software.tiandown.com/downsoft.asp?id=4013&locate=http://download2.tiandown.com/pub/software/internet/int-prom/addurl301.exe
这个软件的注册方法还是比较有趣的,也很简单,欢迎初学者试试!
他是有时间限制的,only 30 days。检查一下,加了壳,还好用caspr1012可以很容易的脱掉!来到注册处输入名字、注册码。
zzglf[CCG]
1234567890
下断bpx hmemcpy
pmodule
到这儿:
:00436688 E8FB11FDFF Call 00407888
:0043668D 89430C
mov dword ptr [ebx+0C], eax **停到这儿
按F10向下走
:004A39F3 B9183C4A00 mov ecx,
004A3C18 **这里看到注册码
:004A39F8 5A
pop edx
:004A39F9 E84EFDFFFF call 004A374C
**F8进入
:004A39FE 84C0
test al, al
:004A3A00 0F8487010000 je 004A3B8D
* Referenced by a CALL at Address:
|:004A39F9
|
:004A374C 55
push ebp
:004A374D 8BEC
mov ebp, esp
:004A374F 83C4EC
add esp, FFFFFFEC
:004A3752 53
push ebx
:004A3753 56
push esi
:004A3754 33DB
xor ebx, ebx
:004A3756 895DEC
mov dword ptr [ebp-14], ebx
:004A3759 894DF4
mov dword ptr [ebp-0C], ecx
:004A375C 8955F8
mov dword ptr [ebp-08], edx
:004A375F 8945FC
mov dword ptr [ebp-04], eax
:004A3762 8B45FC
mov eax, dword ptr [ebp-04]
:004A3765 E8E209F6FF call 0040414C
:004A376A 8B45F8
mov eax, dword ptr [ebp-08]
:004A376D E8DA09F6FF call 0040414C
:004A3772 8B45F4
mov eax, dword ptr [ebp-0C]
:004A3775 E8D209F6FF call 0040414C
:004A377A 33C0
xor eax, eax
:004A377C 55
push ebp
:004A377D 6830384A00 push 004A3830
:004A3782 64FF30
push dword ptr fs:[eax]
:004A3785 648920
mov dword ptr fs:[eax], esp
:004A3788 C645F300 mov
[ebp-0D], 00
:004A378C 8D4DEC
lea ecx, dword ptr [ebp-14]
:004A378F 8B55F4
mov edx, dword ptr [ebp-0C]
:004A3792 8B45F8
mov eax, dword ptr [ebp-08]
:004A3795 E81EFEFFFF call 004A35B8
* Possible StringData Ref from Code Obj ->"5138"
|
:004A379A A14C6A5200 mov eax,
dword ptr [00526A4C] **这里可以看到奇怪数字:9452
:004A379F 0FB600
movzx eax, byte ptr [eax]
:004A37A2 8B5DEC
mov ebx, dword ptr [ebp-14]
:004A37A5 8A5C03CF mov
bl, byte ptr [ebx+eax-31]
:004A37A9 8B75FC
mov esi, dword ptr [ebp-04] **这里是真正的注册码:P3GR4IHZKF79
:004A37AC 3A5C06CF cmp
bl, byte ptr [esi+eax-31] **比较
:004A37B0 755B
jne 004A380D **不等就跳到出错处
* Possible StringData Ref from Code Obj ->"5138"
|
:004A37B2 A14C6A5200 mov eax,
dword ptr [00526A4C]
:004A37B7 33D2
xor edx, edx
:004A37B9 8A5001
mov dl, byte ptr [eax+01]
:004A37BC 8B45EC
mov eax, dword ptr [ebp-14]
:004A37BF 8A4410CF mov
al, byte ptr [eax+edx-31]
:004A37C3 8B5DFC
mov ebx, dword ptr [ebp-04]
:004A37C6 3A4413CF cmp
al, byte ptr [ebx+edx-31]
:004A37CA 7541
jne 004A380D **不等就跳到出错处
* Possible StringData Ref from Code Obj ->"5138"
|
:004A37CC A14C6A5200 mov eax,
dword ptr [00526A4C]
:004A37D1 33C9
xor ecx, ecx
:004A37D3 8A4802
mov cl, byte ptr [eax+02]
:004A37D6 8B45EC
mov eax, dword ptr [ebp-14]
:004A37D9 8A4408CF mov
al, byte ptr [eax+ecx-31]
:004A37DD 8B55FC
mov edx, dword ptr [ebp-04]
:004A37E0 3A440ACF cmp
al, byte ptr [edx+ecx-31]
:004A37E4 7527
jne 004A380D **不等就跳到出错处
* Possible StringData Ref from Code Obj ->"5138"
|
:004A37E6 A14C6A5200 mov eax,
dword ptr [00526A4C]
:004A37EB 0FB64003 movzx
eax, byte ptr [eax+03]
:004A37EF 8B55EC
mov edx, dword ptr [ebp-14]
:004A37F2 8A4402CF mov
al, byte ptr [edx+eax-31]
* Possible StringData Ref from Code Obj ->"5138"
|
:004A37F6 8B154C6A5200 mov edx, dword
ptr [00526A4C]
:004A37FC 0FB65203 movzx
edx, byte ptr [edx+03]
:004A3800 8B4DFC
mov ecx, dword ptr [ebp-04]
:004A3803 3A4411CF cmp
al, byte ptr [ecx+edx-31]
:004A3807 7504
jne 004A380D >**不等就跳到出错处
:004A3809 C645F301 mov
[ebp-0D], 01 **注册标志置成1
那么那个奇怪的数字9452是什么意思呢?原来它不是将整个的真假注册码相比较,而是采用位置来比较,也就是9452的意思。即
zzglf[CCG]
*3*R4***K***
|
那个2
*3*R4***K***
|
那个4
*3*R4***K***
|
那个5
*3*R4***K***
|
那个9
呵呵...你试试。至于这个9452当然是由我填的用户名生成的,如果你输入zzglf那么生成的就是4756。你试试输入1试试....呵呵!
哦,对了,在你正确注册以后,他会在你的windows目录下生成一个winzips32.ini文件,来记录你的注册信息!我的如下:
[Registry]
Addurl=2711
RegisterDate=243
Username=zzglf[CCG]
id=hEfftoDEl
nextstep=3644
Control=01-4-28
- 标 题:登陆奇兵3.0破解心得 (5千字)
- 作 者:小球[CCG]
- 时 间:2001-5-2 12:06:56
- 链 接:http://bbs.pediy.com