飞马魔法壁纸V3.0破解
原版下载地址:http://www.shareware.net.cn/download.asp?id={1382670D-7C41-4D4C-B470-468F46FF75AD}
注册机下载:CNCG主页
破解工具:trw2000
先下断点:bpx hmemcpy,然后返回到主程序,如下:
:004A8564 E82FB9F9FF call 00443E98
:004A8569 837DF400 cmp
dword ptr [ebp-0C], 00000000 <====返回到这里
:004A856D 0F84C1010000 je 004A8734
:004A8573 8D55F0
lea edx, dword ptr [ebp-10]
:004A8576 8B833C070000 mov eax, dword
ptr [ebx+0000073C]
:004A857C E817B9F9FF call 00443E98
:004A8581 837DF000 cmp
dword ptr [ebp-10], 00000000
:004A8585 0F84A9010000 je 004A8734
:004A858B 8D55EC
lea edx, dword ptr [ebp-14]
:004A858E 8B8340070000 mov eax, dword
ptr [ebx+00000740]
:004A8594 E8FFB8F9FF call 00443E98
:004A8599 837DEC00 cmp
dword ptr [ebp-14], 00000000
:004A859D 0F8491010000 je 004A8734
:004A85A3 8D55E8
lea edx, dword ptr [ebp-18]
:004A85A6 8B833C070000 mov eax, dword
ptr [ebx+0000073C]
:004A85AC E8E7B8F9FF call 00443E98
:004A85B1 8B45E8
mov eax, dword ptr [ebp-18]
:004A85B4 E89BC5F5FF call 00404B54
:004A85B9 E8DA0DF6FF call 00409398
:004A85BE 8BF8
mov edi, eax
:004A85C0 D1EF
shr edi, 1
:004A85C2 85FF
test edi, edi
:004A85C4 7905
jns 004A85CB
:004A85C6 E8A5B2F5FF call 00403870
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A85C4(C)
|
:004A85CB 8BC7
mov eax, edi
:004A85CD 83C002
add eax, 00000002
:004A85D0 7105
jno 004A85D7
:004A85D2 E8A1B2F5FF call 00403878
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A85D0(C)
|
:004A85D7 E858A1F5FF call 00402734
:004A85DC 8BF0
mov esi, eax
:004A85DE C60600
mov byte ptr [esi], 00
:004A85E1 8D55E4
lea edx, dword ptr [ebp-1C]
:004A85E4 8B833C070000 mov eax, dword
ptr [ebx+0000073C]
:004A85EA E8A9B8F9FF call 00443E98
:004A85EF 8B45E4
mov eax, dword ptr [ebp-1C]
:004A85F2 E85DC5F5FF call 00404B54
:004A85F7 8BD0
mov edx, eax
:004A85F9 03D7
add edx, edi
:004A85FB 8BC6
mov eax, esi
:004A85FD E89E0EF6FF call 004094A0
:004A8602 8D55E0
lea edx, dword ptr [ebp-20]
:004A8605 8B833C070000 mov eax, dword
ptr [ebx+0000073C]
:004A860B E888B8F9FF call 00443E98
:004A8610 8B45E0
mov eax, dword ptr [ebp-20] <====取申请码
:004A8613 E8FC06F6FF call 00408D14
<====将申请码转换为相应的十六进制(假设结果为R1)
:004A8618 8BF8
mov edi, eax
:004A861A 8D45DC
lea eax, dword ptr [ebp-24]
:004A861D 8BD6
mov edx, esi
:004A861F E870C2F5FF call 00404894
:004A8624 8B45DC
mov eax, dword ptr [ebp-24]
:004A8627 E8E806F6FF call 00408D14
<====将申请码的后5位转换为相应的十六进制(假设结果为R2)
:004A862C 03F8
add edi, eax <====R3=R1+R2
:004A862E 7105
jno 004A8635 <====无溢出则跳
:004A8630 E843B2F5FF call 00403878
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A862E(C)
|
:004A8635 81C7753D1E00 add edi, 001E3D75
<====R4=R3+1E3D75H
:004A863B 7105
jno 004A8642
:004A863D E836B2F5FF call 00403878
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A863B(C)
|
:004A8642 8D55D8
lea edx, dword ptr [ebp-28]
:004A8645 8B8344070000 mov eax, dword
ptr [ebx+00000744]
:004A864B E848B8F9FF call 00443E98
:004A8650 8B45D8
mov eax, dword ptr [ebp-28]
:004A8653 E804C3F5FF call 0040495C
<====获取用户名长度(L)
:004A8658 03F8
add edi, eax <====R5=R4+L
:004A865A 7105
jno 004A8661
:004A865C E817B2F5FF call 00403878
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A865A(C)
|
:004A8661 897DFC
mov dword ptr [ebp-04], edi
:004A8664 8D55F8
lea edx, dword ptr [ebp-08]
:004A8667 8B45FC
mov eax, dword ptr [ebp-04]
:004A866A E80506F6FF call 00408C74
:004A866F 8B45F8
mov eax, dword ptr [ebp-08]
:004A8672 E8DDC4F5FF call 00404B54
:004A8677 E81C0DF6FF call 00409398
:004A867C 8BF8
mov edi, eax
:004A867E D1EF
shr edi, 1
:004A8680 85FF
test edi, edi
:004A8682 7905
jns 004A8689
:004A8684 E8E7B1F5FF call 00403870
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A8682(C)
|
:004A8689 8BC7
mov eax, edi
:004A868B 83C002
add eax, 00000002
:004A868E 7105
jno 004A8695
:004A8690 E8E3B1F5FF call 00403878
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A868E(C)
|
:004A8695 E89AA0F5FF call 00402734
:004A869A 8BF0
mov esi, eax
:004A869C C60600
mov byte ptr [esi], 00
:004A869F 8B45F8
mov eax, dword ptr [ebp-08]
:004A86A2 E8ADC4F5FF call 00404B54
:004A86A7 8BD0
mov edx, eax
:004A86A9 03D7
add edx, edi
:004A86AB 8BC6
mov eax, esi
:004A86AD E8EE0DF6FF call 004094A0
:004A86B2 8D45D4
lea eax, dword ptr [ebp-2C]
:004A86B5 8BD6
mov edx, esi
:004A86B7 E8D8C1F5FF call 00404894
:004A86BC 8B45D4
mov eax, dword ptr [ebp-2C]
:004A86BF E85006F6FF call 00408D14
<====将R5相应的十进制后5位转换成十六进制(R6)
:004A86C4 8BF8
mov edi, eax
:004A86C6 037DFC
add edi, dword ptr [ebp-04] <====R7=R6+R5结果就是注册码(十六进制形式)
:004A86C9 7105
jno 004A86D0
:004A86CB E8A8B1F5FF call 00403878
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A86C9(C)
|
:004A86D0 8D55D0
lea edx, dword ptr [ebp-30]
:004A86D3 8B8340070000 mov eax, dword
ptr [ebx+00000740]
:004A86D9 E8BAB7F9FF call 00443E98
:004A86DE 8B45D0
mov eax, dword ptr [ebp-30]
:004A86E1 50
push eax
:004A86E2 8D4DCC
lea ecx, dword ptr [ebp-34]
:004A86E5 BA01000000 mov edx,
00000001
:004A86EA 8BC7
mov eax, edi
:004A86EC E8E705F6FF call 00408CD8
:004A86F1 8B55CC
mov edx, dword ptr [ebp-34]
:004A86F4 58
pop eax
:004A86F5 E8A6C3F5FF call 00404AA0
<====比较注册码
:004A86FA 7531
jne 004A872D <====不相同就注册失败啦
:004A86FC 6840100000 push 00001040
* Possible StringData Ref from Code Obj ->"提示"
|
:004A8701 6890874A00 push 004A8790
* Possible StringData Ref from Code Obj ->"感谢您的注册!为保存注册信息,请重新运行魔法壁"
->"纸。"
|
:004A8706 6898874A00 push 004A8798
:004A870B 8BC3
mov eax, ebx
:004A870D E8C61EFAFF call 0044A5D8
:004A8712 50
push eax
- 标 题:飞马魔法壁纸V3.0注册算法(适合初学者) (7千字)
- 作 者:crackjack[CCG]
- 时 间:2001-11-25 15:59:29
- 链 接:http://bbs.pediy.com