以下是破解wplaypro2.0时的笔记,开始目的只是为了去掉启动的窗口,后来看了看算法,也不知道对不对,毕竟才接触汇编10天,请大家多多指教!
开始时间:12/23 3:54
用trw找到注册入口00415EF1和出错点004533AB
入口没法继续了,从后面看吧!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045337B(C)
|
:0045339B 6A00
push 00000000
:0045339D 668B0DF0334500 mov cx, word ptr
[004533F0]
:004533A4 B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"The Key is not correct. Please "
->"register WPlay
and receive your "
->"own personal
key."
|
:004533A6 B850344500 mov eax,
00453450
:004533AB E880F3FDFF call 00432730
--------------------
上追:
:0045337B 741E
je 0045339B 改吧!还是假成功!
跳过弹出窗口:
:004260CB 7405
je 004260D2 没用
:004245F2 E859150000 call 00425B50-----调用处,进入(不对)
* Referenced by a CALL at Addresses:
|:004245F2 , :00425D1F
|
:00425B50 53
push ebx
:00425B51 8BD8
mov ebx, eax
:00425B53 8BC3
mov eax, ebx
:00425B55 E836FFFFFF call 00425A90
:00425B5A 84C0
test al, al
:00425B5C 7507
jne 00425B65 改
:00425B5E 8BC3
mov eax, ebx
:00425B60 E86F040000 call 00425FD4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00425B5C(C)
|
:00425B65 5B
pop ebx
:00425B66 C3
ret
中止时间:12/23 4:30左右(失败)
继续时间12/23 19:49
找到成功段
:00453374 E813E3FFFF call 0045168C
成功判断,跟入,见下
:00453379 84C0
test al, al 成功标志位
:0045337B 741E
je 0045339B
:0045337D 6A00
push 00000000
:0045337F 668B0DF0334500 mov cx, word ptr
[004533F0]
:00453386 B202
mov dl, 02
* Possible StringData Ref from Code Obj ->"Thank you for your registration.
"
->"You are now
a registered WPlay "
->"Pro user."
-----------------------------------------------------
* Referenced by a CALL at Addresses:
|:00453374 , :00482E6A
:0045168C 55
push ebp EBP入栈
:0045168D 8BEC
mov ebp, esp 栈目前指针到ebp
:0045168F 33C9
xor ecx, ecx ecx=0
:00451691 51
push ecx
:00451692 51
push ecx
:00451693 51
push ecx
:00451694 51
push ecx 入四个32位0进栈
:00451695 53
push ebx ebx入栈
:00451696 56
push esi esi入栈
:00451697 57
push edi edi入栈
:00451698 BF40864800 mov edi,
00488640 edi=00488640
:0045169D 33C0
xor eax, eax eax清0
:0045169F 55
push ebp ebp入栈
:004516A0 6842194500 push 00451942
00451942入栈
:004516A5 64FF30
push dword ptr fs:[eax] fs首地址入栈
:004516A8 648920
mov dword ptr fs:[eax], esp 堆栈目前指针入fs
:004516AB C645FF00 mov
[ebp-01], 00 ebp-01=00
:004516AF 8D55F8
lea edx, dword ptr [ebp-08]
:004516B2 A18C7E4800 mov eax,
dword ptr [00487E8C] 不管他
:004516B7 8B8030030000 mov eax, dword
ptr [eax+00000330] eax目前为0
:004516BD E87627FCFF call 00413E38
一个大量调用处
:004516C2 8B45F8
mov eax, dword ptr [ebp-08]
:004516C5 E8AA20FBFF call 00403774
:004516CA 83F81E
cmp eax, 0000001E eax与30比较(eax为注册号长度)
:004516CD 0F854C020000 jne 0045191F
如果不是就玩完(验证对)
:004516D3 BB01000000 mov ebx,
00000001 ebx清1
:004516D8 8BF7
mov esi, edi
esi=edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004516FB(C)
|
:004516DA 8D55F8
lea edx, dword ptr [ebp-08]
:004516DD A18C7E4800 mov eax,
dword ptr [00487E8C]
:004516E2 8B8030030000 mov eax, dword
ptr [eax+00000330]
:004516E8 E84B27FCFF call 00413E38
:004516ED 8B45F8
mov eax, dword ptr [ebp-08] 注册号首地址到eax
:004516F0 8A4418FF mov
al, byte ptr [eax+ebx-01] 送一个字节到al
:004516F4 8806
mov byte ptr [esi], al 此字节到esi所指处
:004516F6 43
inc ebx
ebx++
:004516F7 46
inc esi
esi++
:004516F8 83FB1F
cmp ebx, 0000001F ebx与30比较
:004516FB 75DD
jne 004516DA 相等时继续(将注册号依次送esi)
:004516FD 8A07
mov al, byte ptr [edi] 第一位到al
:004516FF A260864800 mov byte
ptr [00488660], al 再到00488660
:00451704 8A4701
mov al, byte ptr [edi+01] 第二位到al
:00451707 A261864800 mov byte
ptr [00488661], al 再……
:0045170C 8A4702
mov al, byte ptr [edi+02]
:0045170F A262864800 mov byte
ptr [00488662], al
:00451714 8A4703
mov al, byte ptr [edi+03]
:00451717 A263864800 mov byte
ptr [00488663], al edi所指四个字节(前四个字节)送到00488663所指处
:0045171C 33DB
xor ebx, ebx
ebx清0
以下设注册码从高到低为(a1)(a2).........(a30)
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045174E(C)
:0045171E 8BF3
mov esi, ebx
ebx到esi(先是第一次循环)
:00451720 03F6
add esi, esi
esi=esi*2
:00451722 8BC6
mov eax, esi
eax=esi
:00451724 83C005
add eax, 00000005
eax+=5
:00451727 8A0407
mov al, byte ptr [edi+eax] 第五个(a5)到al(eax改变)
:0045172A E8B5FEFFFF call 004515E4
将al中ASCII码转为十六进制存到eax和edx
(注册码只允许ASCII的0-9,A-F,a-f)
:0045172F C1E004
shl eax, 04 eax逻辑左移4位(eax*16)
eax=000000(a5)0
:00451732 50
push eax
eax入栈
:00451733 83C606
add esi, 00000006 esi+=00000006
:00451736 8A0437
mov al, byte ptr [edi+esi] (a6)到al(eax改变)
:00451739 E8A6FEFFFF call 004515E4
转换
:0045173E 5A
pop edx
edx=000000(a5)0
:0045173F 0BD0
or edx, eax
edx与eax进行 或 运算
:00451741 8D4304
lea eax, dword ptr [ebx+04]
:00451744 889060864800 mov byte ptr
[eax+00488660], dl 将dl存到00488664当作第五个
:0045174A 43
inc ebx
ebx++
:0045174B 83FB04
cmp ebx, 00000004 如果不是4
:0045174E 75CE
jne 0045171E
就跳到回去(处理第5,7,9,11个注册码存到00488660的第5,6,7,8个)
:00451750 33DB
xor ebx, ebx
否则ebx清0继续
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451782(C)
|
:00451752 8BF3
mov esi, ebx
esi=ebx
:00451754 03F6
add esi, esi
esi*2
:00451756 8BC6
mov eax, esi
eax=esi
:00451758 83C00E
add eax, 0000000E eax=14
:0045175B 8A0407
mov al, byte ptr [edi+eax] 第15位到al(eax改变)
:0045175E E881FEFFFF call 004515E4
转换
:00451763 C1E004
shl eax, 04 eax逻辑左移4位
:00451766 50
push eax
eax入栈
:00451767 83C60F
add esi, 0000000F esi+=15
:0045176A 8A0437
mov al, byte ptr [edi+esi] 第16位到al(eax改变)
:0045176D E872FEFFFF call 004515E4
转换
:00451772 5A
pop edx
入栈的原eax值出栈到edx
:00451773 0BD0
or edx, eax 或运算(al已经变了)
:00451775 8D4308
lea eax, dword ptr [ebx+08]
:00451778 889060864800 mov byte ptr
[eax+00488660], dl 存dl到目标第九位
:0045177E 43
inc ebx
ebx++
:0045177F 83FB04
cmp ebx, 00000004 ebx等于4时
:00451782 75CE
jne 00451752 停止循环(4次)(取注册码第(15,16),(17,18)(19,20)(21,22)位到目标第9,10,11,12位)
:00451784 8A4712
mov al, byte ptr [edi+12] 注册码第13位到al
:00451787 E858FEFFFF call 004515E4
转换(eax改变)
:0045178C 8BD8
mov ebx, eax
ebx=eax
:0045178E C1E30C
shl ebx, 0C
ebx左移12位(16进制3位)
:00451791 8A4713
mov al, byte ptr [edi+13] 第14位到al
:00451794 E84BFEFFFF call 004515E4
转换(eax改变)
:00451799 C1E008
shl eax, 08 eax左移8位
:0045179C 0BD8
or ebx, eax ebx与eax或运算
:0045179E 8A4714
mov al, byte ptr [edi+14] 第15位到al
:004517A1 E83EFEFFFF call 004515E4
转换(eax改变)
:004517A6 C1E004
shl eax, 04 eax左移4位
:004517A9 0BD8
or ebx, eax ebx再与eax或
:004517AB 8A4715
mov al, byte ptr [edi+15] 第16位到al
:004517AE E831FEFFFF call 004515E4
转换(eax改变)
:004517B3 0BD8
or ebx, eax ebx再与eax或
:004517B5 8A4716
mov al, byte ptr [edi+16] 第17位到al
:004517B8 E827FEFFFF call 004515E4
转换(eax改变)
:004517BD 8BF0
mov esi, eax esi=eax
:004517BF C1E61C
shl esi, 1C esi左移28位
:004517C2 8A4717
mov al, byte ptr [edi+17] 第18位到al
:004517C5 E81AFEFFFF call 004515E4
转换(eax改变)
:004517CA C1E018
shl eax, 18 eax左移24位
:004517CD 0BF0
or esi, eax esi与eax或
:004517CF 8A4718
mov al, byte ptr [edi+18] 第19位到al
:004517D2 E80DFEFFFF call 004515E4
转换(eax改变)
:004517D7 C1E014
shl eax, 14 eax左移20位
:004517DA 0BF0
or esi, eax esi再与eax或
:004517DC 8A4719
mov al, byte ptr [edi+19] 第20位
:004517DF E800FEFFFF call 004515E4
:004517E4 C1E010
shl eax, 10
:004517E7 0BF0
or esi, eax
:004517E9 8A471A
mov al, byte ptr [edi+1A] 第21位
:004517EC E8F3FDFFFF call 004515E4
:004517F1 C1E00C
shl eax, 0C
:004517F4 0BF0
or esi, eax
:004517F6 8A471B
mov al, byte ptr [edi+1B] 第22位
:004517F9 E8E6FDFFFF call 004515E4
:004517FE C1E008
shl eax, 08
:00451801 0BF0
or esi, eax
:00451803 8A471C
mov al, byte ptr [edi+1C] 第23位
:00451806 E8D9FDFFFF call 004515E4
:0045180B C1E004
shl eax, 04
:0045180E 0BF0
or esi, eax
:00451810 8A471D
mov al, byte ptr [edi+1D] 第24位
:00451813 E8CCFDFFFF call 004515E4
调用(此位下面:0045181A的调用要用到)
:00451818 0BF0
or esi, eax
esi再于eax或,结果到esi
:0045181A E861FDFFFF call 00451580
调用见下
:0045181F 3BD8
cmp ebx, eax 比较ebx与eax
:00451821 0F85F8000000 jne 0045191F
不等于就玩完
:00451827 E888FDFFFF call 004515B4
调用类似上一个
:0045182C 3BF0
cmp esi, eax 比较esi与eax
:0045182E 0F85EB000000 jne 0045191F
不等于就玩完
:00451834 8A4707
mov al, byte ptr [edi+07] 注册码第8位到al
:00451837 E8A8FDFFFF call 004515E4
还记得这个转换吧
:0045183C 83F803
cmp eax, 00000003 eax与3比较
:0045183F 0F85DA000000 jne 0045191F
不等于就玩完
:00451845 8A4708
mov al, byte ptr [edi+08]
:00451848 E897FDFFFF call 004515E4
:0045184D 83F802
cmp eax, 00000002
:00451850 0F85C9000000 jne 0045191F
不等于就玩完
:00451856 807F042D cmp
byte ptr [edi+04], 2D
:0045185A 0F85BF000000 jne 0045191F
不等于就玩完
:00451860 807F0D2D cmp
byte ptr [edi+0D], 2D
:00451864 0F85B5000000 jne 0045191F
不等于就玩完
:0045186A 8D45F0
lea eax, dword ptr [ebp-10] 、
:0045186D 8A17
mov dl, byte ptr [edi]
|
:0045186F E89C1EFBFF call 00403710
|
:00451874 8B45F0
mov eax, dword ptr [ebp-10] |
:00451877 8D55F4
lea edx, dword ptr [ebp-0C] |
:0045187A E81546FBFF call 00405E94
》一个块
:0045187F 8B45F4
mov eax, dword ptr [ebp-0C] |
:00451882 BA5C194500 mov edx,
0045195C
|
:00451887 E8F81FFBFF call 00403884
|
:0045188C 0F858D000000 jne 0045191F
~ 还是玩完
:00451892 8D45F0
lea eax, dword ptr [ebp-10]
:00451895 8A5701
mov dl, byte ptr [edi+01]
:00451898 E8731EFBFF call 00403710
:0045189D 8B45F0
mov eax, dword ptr [ebp-10]
:004518A0 8D55F4
lea edx, dword ptr [ebp-0C]
:004518A3 E8EC45FBFF call 00405E94
:004518A8 8B45F4
mov eax, dword ptr [ebp-0C]
:004518AB BA68194500 mov edx,
00451968
:004518B0 E8CF1FFBFF call 00403884
:004518B5 7568
jne 0045191F
:004518B7 8D45F0
lea eax, dword ptr [ebp-10]
:004518BA 8A5702
mov dl, byte ptr [edi+02]
:004518BD E84E1EFBFF call 00403710
:004518C2 8B45F0
mov eax, dword ptr [ebp-10]
:004518C5 8D55F4
lea edx, dword ptr [ebp-0C]
:004518C8 E8C745FBFF call 00405E94
:004518CD 8B45F4
mov eax, dword ptr [ebp-0C]
:004518D0 BA74194500 mov edx,
00451974
:004518D5 E8AA1FFBFF call 00403884
:004518DA 7543
jne 0045191F
:004518DC 8D45F0
lea eax, dword ptr [ebp-10]
:004518DF 8A5703
mov dl, byte ptr [edi+03]
:004518E2 E8291EFBFF call 00403710
:004518E7 8B45F0
mov eax, dword ptr [ebp-10]
:004518EA 8D55F4
lea edx, dword ptr [ebp-0C]
:004518ED E8A245FBFF call 00405E94
:004518F2 8B45F4
mov eax, dword ptr [ebp-0C]
:004518F5 BA80194500 mov edx,
00451980
:004518FA E8851FFBFF call 00403884
:004518FF 751E
jne 0045191F
:00451901 8A4705
mov al, byte ptr [edi+05]
:00451904 E8DBFCFFFF call 004515E4
转换
:00451909 83F803
cmp eax, 00000003
:0045190C 7511
jne 0045191F
不等于就玩完
:0045190E 8A4706
mov al, byte ptr [edi+06]
:00451911 E8CEFCFFFF call 004515E4
:00451916 83F802
cmp eax, 00000002
:00451919 7504
jne 0045191F
不等于就玩完
:0045191B C645FF01 mov
[ebp-01], 01
-------------------------------------------------------------------
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004516CD(C), :00451821(C), :0045182E(C), :0045183F(C), :00451850(C)
|:0045185A(C), :00451864(C), :0045188C(C), :004518B5(C), :004518DA(C)
|:004518FF(C), :0045190C(C), :00451919(C)
|
准备返回喽!
:0045191F 33C0
xor eax, eax
:00451921 5A
pop edx
:00451922 59
pop ecx
:00451923 59
pop ecx
:00451924 648910
mov dword ptr fs:[eax], edx
:00451927 6849194500 push 00451949
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451947(U)
|
:0045192C 8D45F0
lea eax, dword ptr [ebp-10]
:0045192F BA02000000 mov edx,
00000002
:00451934 E8E71CFBFF call 00403620
:00451939 8D45F8
lea eax, dword ptr [ebp-08]
:0045193C E8BF1CFBFF call 00403600
:
:00451941 C3
ret
------------------------------------------------------
ASCII数字转16进制数字
* Referenced by a CALL at Addresses:
|:0045172A , :00451739 , :0045175E , :0045176D , :00451787
|:00451794 , :004517A1 , :004517AE , :004517B8 , :004517C5
|:004517D2 , :004517DF , :004517EC , :004517F9 , :00451806
|:00451813 , :00451837 , :00451848 , :00451904 , :00451911
|
:004515E4 3C30
cmp al, 30
:004515E6 7502
jne 004515EA
:004515E8 33D2
xor edx, edx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004515E6(C)
|
:004515EA 3C31
cmp al, 31
:004515EC 7505
jne 004515F3
:004515EE BA01000000 mov edx,
00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004515EC(C)
|
:004515F3 3C32
cmp al, 32
:004515F5 7505
jne 004515FC
:004515F7 BA02000000 mov edx,
00000002
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004515F5(C)
|
:004515FC 3C33
cmp al, 33
:004515FE 7505
jne 00451605
:00451600 BA03000000 mov edx,
00000003
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004515FE(C)
|
:00451605 3C34
cmp al, 34
:00451607 7505
jne 0045160E
:00451609 BA04000000 mov edx,
00000004
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451607(C)
|
:0045160E 3C35
cmp al, 35
:00451610 7505
jne 00451617
:00451612 BA05000000 mov edx,
00000005
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451610(C)
|
:00451617 3C36
cmp al, 36
:00451619 7505
jne 00451620
:0045161B BA06000000 mov edx,
00000006
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451619(C)
|
:00451620 3C37
cmp al, 37
:00451622 7505
jne 00451629
:00451624 BA07000000 mov edx,
00000007
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451622(C)
|
:00451629 3C38
cmp al, 38
:0045162B 7505
jne 00451632
:0045162D BA08000000 mov edx,
00000008
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045162B(C)
|
:00451632 3C39
cmp al, 39
:00451634 7505
jne 0045163B
:00451636 BA09000000 mov edx,
00000009
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451634(C)
|
:0045163B 3C61
cmp al, 61
:0045163D 7404
je 00451643
:0045163F 3C41
cmp al, 41
:00451641 7505
jne 00451648
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045163D(C)
|
:00451643 BA0A000000 mov edx,
0000000A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451641(C)
|
:00451648 3C62
cmp al, 62
:0045164A 7404
je 00451650
:0045164C 3C42
cmp al, 42
:0045164E 7505
jne 00451655
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045164A(C)
|
:00451650 BA0B000000 mov edx,
0000000B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045164E(C)
|
:00451655 3C63
cmp al, 63
:00451657 7404
je 0045165D
:00451659 3C43
cmp al, 43
:0045165B 7505
jne 00451662
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451657(C)
|
:0045165D BA0C000000 mov edx,
0000000C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045165B(C)
|
:00451662 3C64
cmp al, 64
:00451664 7404
je 0045166A
:00451666 3C44
cmp al, 44
:00451668 7505
jne 0045166F
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451664(C)
|
:0045166A BA0D000000 mov edx,
0000000D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451668(C)
|
:0045166F 3C65
cmp al, 65
:00451671 7404
je 00451677
:00451673 3C45
cmp al, 45
:00451675 7505
jne 0045167C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451671(C)
|
:00451677 BA0E000000 mov edx,
0000000E
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451675(C)
|
:0045167C 3C66
cmp al, 66
:0045167E 7404
je 00451684
:00451680 3C46
cmp al, 46
:00451682 7505
jne 00451689
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045167E(C)
|
:00451684 BA0F000000 mov edx,
0000000F
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00451682(C)
|
:00451689 8BC2
mov eax, edx
:0045168B C3
ret
------------------------------------------------------------
* Referenced by a CALL at Address:
|:0045181A
|
:00451580 53
push ebx
:00451581 33D2
xor edx, edx
edx清0
:00451583 B908000000 mov ecx,
00000008 ecx=00000008
:00451588 B860864800 mov eax,
00488660 eax=00488660
改变后存号码的地址
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004515A9(C)
|
:0045158D 33DB
xor ebx, ebx ebx清0
:0045158F 8A18
mov bl, byte ptr [eax] 第一个到bl(ebx改变)
:00451591 33DA
xor ebx, edx ebx与edx(dl为注册码第24位)异或
:00451593 81E3FF000000 and ebx, 000000FF
ebx&000000FF(保留bl)
:00451599 8B1C9D745E4800 mov ebx, dword ptr
[4*ebx+00485E74] ebx=[4*ebx+00485E74]地址的值(00485E74
转换表的地址)
:004515A0 C1EA08
shr edx, 08 edx右移8位(16进制2位)
:004515A3 33DA
xor ebx, edx
ebx与edx异或(ebx与edx合并)
:004515A5 8BD3
mov edx, ebx
edx=ebx
:004515A7 40
inc eax
eax++
:004515A8 49
dec ecx
ecx--
:004515A9 75E2
jne 0045158D 循环8次(注册转换码前8个(共12个))
:004515AB 8BC2
mov eax, edx
eax=edx
:004515AD 25FFFF0000 and eax,
0000FFFF eax&0000FFFF
只取高四位到eax
:004515B2 5B
pop ebx
还原ebx
:004515B3 C3
ret
------------------------------------------------------------
* Referenced by a CALL at Address:
|:00451827
|
:004515B4 53
push ebx
:004515B5 33D2
xor edx, edx
:004515B7 B908000000 mov ecx,
00000008
:004515BC B864864800 mov eax,
00488664 从第5位开始
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004515DD(C)
|
:004515C1 33DB
xor ebx, ebx
:004515C3 8A18
mov bl, byte ptr [eax]
:004515C5 33DA
xor ebx, edx
:004515C7 81E3FF000000 and ebx, 000000FF
:004515CD 8B1C9D745E4800 mov ebx, dword ptr
[4*ebx+00485E74]
:004515D4 C1EA08
shr edx, 08
:004515D7 33DA
xor ebx, edx
:004515D9 8BD3
mov edx, ebx
:004515DB 40
inc eax
:004515DC 49
dec ecx
:004515DD 75E2
jne 004515C1 八次循环处理的是注册变换后码的8-12位
:004515DF 8BC2
mov eax, edx
:004515E1 5B
pop ebx
:004515E2 C3
ret
---------------------------------------------------------
现在时间:12/23 23:53
继续时间:12/24 1:2
先试试暴力破解:找到那些跳转处一个个nop掉,呵呵成功!
现在时间:12/24 1:18 等会儿会分析算法,不过先去看看其他软件吧!
- 标 题:今天是平安夜,忍不住拿篇破解笔记请各位指教!希望大家平安夜快乐!:) (24千字)
- 作 者:freezelion
- 时 间:2001-12-24 21:09:22
- 链 接:http://bbs.pediy.com