这些日子放假在家,想着把技术在提高提高,随意的下了几个国产软件,没想到一个都搞不定!
技不如人啦。。。
大过年的,为了不让自己太难过,就找到了这个东西。
FINDITNOW!1.25 or 102 中文版
用trw装载程序。按f12 14次,来到这里
016F:00417ACC 837DFC00 CMP DWORD
[EBP-04],BYTE +00...光标在此处
016F:00417AD0 7405
JZ 00417AD7
016F:00417AD2 8B4DFC
MOV ECX,[EBP-04]
016F:00417AD5 EB05
JMP SHORT 00417ADC
016F:00417AD7 B95C604900 MOV ECX,0049605C
016F:00417ADC 8BF9 MOV
EDI,ECX
016F:00417ADE 33C0
XOR EAX,EAX
016F:00417AE0 56
PUSH ESI
016F:00417AE1 83C9FF
OR ECX,BYTE -01
016F:00417AE4 F2AE
REPNE SCASB
016F:00417AE6 F7D1
NOT ECX
016F:00417AE8 2BF9
SUB EDI,ECX
016F:00417AEA
8DB5ACFBFFFF LEA ESI,[EBP+FFFFFBAC]
016F:00417AF0
87F7 XCHG ESI,EDI
016F:00417AF2
8BD1 MOV EDX,ECX
016F:00417AF4 8BC7 MOV
EAX,EDI
016F:00417AF6 C1E902 SHR
ECX,02
016F:00417AF9 8D45FC
LEA EAX,[EBP-04]
016F:00417AFC F3A5
REP MOVSD
016F:00417AFE 8BCA
MOV ECX,EDX
016F:00417B00 BA02000000
MOV EDX,02
016F:00417B05 83E103
AND ECX,BYTE +03
016F:00417B08 F3A4
REP MOVSB
016F:00417B0A 5E
POP ESI
016F:00417B0B
FF4DE4 DEC DWORD [EBP-1C]
016F:00417B0E E889F30600 CALL 00486E9C
016F:00417B13 66C745D81400 MOV WORD [EBP-28],14
016F:00417B19 33C9 XOR
ECX,ECX
016F:00417B1B 894DF8 MOV
[EBP-08],ECX
016F:00417B1E 8D55F8
LEA EDX,[EBP-08]
016F:00417B21 FF45E4
INC DWORD [EBP-1C]
016F:00417B24
8B86F8010000 MOV EAX,[ESI+01F8]
016F:00417B2A
E85D830300 CALL 0044FE8C
016F:00417B2F 837DF800
CMP DWORD [EBP-08],BYTE +00
016F:00417B33
7405 JZ 00417B3A
016F:00417B35 8B4DF8 MOV
ECX,[EBP-08]
016F:00417B38 EB05
JMP SHORT 00417B3F
016F:00417B3A B95D604900
MOV ECX,0049605D
016F:00417B3F 51
PUSH ECX
016F:00417B40 8D85ACFBFFFF
LEA EAX,[EBP+FFFFFBAC]
016F:00417B46 50
PUSH EAX
016F:00417B47
E83C360600 CALL 0047B188
016F:00417B4C 83C408
ADD ESP,BYTE +08
016F:00417B4F
FF4DE4 DEC DWORD [EBP-1C]
016F:00417B52 8D45F8 LEA
EAX,[EBP-08]
016F:00417B55 BA02000000 MOV
EDX,02
016F:00417B5A E83DF30600 CALL
00486E9C
016F:00417B5F 33D2 XOR
EDX,EDX
016F:00417B61 8D8DACFBFFFF LEA
ECX,[EBP+FFFFFBAC]
016F:00417B67 8D85ACFBFFFF LEA
EAX,[EBP+FFFFFBAC]
016F:00417B6D EB19
JMP SHORT 00417B88
016F:00417B6F 0FBE18
MOVSX EBX,BYTE [EAX]
016F:00417B72
83FB20 CMP EBX,BYTE +20....来到此处后开始比较名字。名字中不能有空格
016F:00417B75 7410 JZ
00417B87
016F:00417B77 83FB2E CMP
EBX,BYTE +2E...名字中不能有"."
016F:00417B7A 740B
JZ 00417B87
016F:00417B7C 83FB2D
CMP EBX,BYTE +2D...名字中不能有“-”
016F:00417B7F 7406 JZ
00417B87
016F:00417B81 8A18 MOV
BL,[EAX].......................取名字的第一位
016F:00417B83 42
INC EDX
016F:00417B84
8819 MOV [ECX],BL
016F:00417B86 41 INC
ECX
016F:00417B87 40
INC EAX
016F:00417B88 803800
CMP BYTE [EAX],00
016F:00417B8B 75E2
JNZ 00417B6F
(JUMP)....依次取名字
016F:00417B8D C68415ACFBFFFF00
MOV BYTE [EBP+EDX+FFFFFBAC],00
016F:00417B95 8D85ACFBFFFF
LEA EAX,[EBP+FFFFFBAC]
016F:00417B9B 50
PUSH EAX
016F:00417B9C
E8237B0600 CALL 0047F6C4
016F:00417BA1 59
POP ECX
016F:00417BA2
33D2 XOR EDX,EDX
016F:00417BA4 8D85ACFBFFFF LEA EAX,[EBP+FFFFFBAC]
016F:00417BAA EB0A JMP
SHORT 00417BB6
016F:00417BAC C1E202
SHL EDX,02
016F:00417BAF 4A
DEC EDX
016F:00417BB0 0FBEC9
MOVSX ECX,CL
016F:00417BB3 03D1
ADD EDX,ECX
016F:00417BB5
40 INC EAX
016F:00417BB6 8A08 MOV
CL,[EAX].....取名字和注册码的位数
016F:00417BB8 84C9
TEST CL,CL
016F:00417BBA 75F0
JNZ 00417BAC....网上跳取名字再次计算的中间值
016F:00417BBC
8BFA MOV EDI,EDX
016F:00417BBE 81F212EFCDAB XOR EDX,ABCDEF12
016F:00417BC4 81E2FFFF0000 AND EDX,FFFF
016F:00417BCA 81F726594131 XOR EDI,31415926
016F:00417BD0 33DB XOR
EBX,EBX
016F:00417BD2 8955AC MOV
[EBP-54],EDX
016F:00417BD5 8BC3
MOV EAX,EBX...........
016F:00417BD7 03C0
ADD EAX,EAX
016F:00417BD9
8D55BC LEA EDX,[EBP-44]
016F:00417BDC 03C2 ADD
EAX,EDX
016F:00417BDE 50
PUSH EAX
016F:00417BDF 8BCB
MOV ECX,EBX
016F:00417BE1 C1E103
SHL ECX,03
016F:00417BE4
8BC7 MOV EAX,EDI
016F:00417BE6 D3F8 SAR
EAX,CL
016F:00417BE8 24FF
AND AL,FF
016F:00417BEA 50
PUSH EAX
016F:00417BEB E868FEFFFF
CALL 00417A58
016F:00417BF0 83C408
ADD ESP,BYTE +08
016F:00417BF3 43
INC EBX
016F:00417BF4
83FB04 CMP EBX,BYTE +04
016F:00417BF7 72DC JC
00417BD5...........网上跳再次计算名字,得后半部分的注册码
016F:00417BF9 C645C400
MOV BYTE [EBP-3C],00
016F:00417BFD
33DB XOR EBX,EBX
016F:00417BFF 8BC3 MOV
EAX,EBX.......
016F:00417C01 03C0
ADD EAX,EAX
016F:00417C03 8D55B0
LEA EDX,[EBP-50] ......把注册码放入edx
016F:00417C06 03C2 ADD
EAX,EDX..........把注册码放入eax
016F:00417C08 50
PUSH EAX.........d eax,就可以得到八位注册码。
016F:00417C09
8BCB MOV ECX,EBX
016F:00417C0B C1E103 SHL
ECX,03
016F:00417C0E 8B45AC MOV
EAX,[EBP-54]
016F:00417C11 D3F8
SAR EAX,CL
016F:00417C13 24FF
AND AL,FF
016F:00417C15 50
PUSH EAX
016F:00417C16
E83DFEFFFF CALL 00417A58
016F:00417C1B 83C408
ADD ESP,BYTE +08
016F:00417C1E
43 INC EBX
016F:00417C1F 83FB02 CMP
EBX,BYTE +02
016F:00417C22 72DB
JC 00417BFF...........跳,把注册码分两段比对
016F:00417C24 C645B400
MOV BYTE [EBP-4C],00
016F:00417C28
8D55B0 LEA EDX,[EBP-50].......在此处可得一个helperkey:49cd
016F:00417C2B 8D8D84FBFFFF LEA ECX,[EBP+FFFFFB84]
016F:00417C31 52 PUSH
EDX
016F:00417C32 685E604900 PUSH
DWORD 0049605E
016F:00417C37 51
PUSH ECX
016F:00417C38 E8D3610600
CALL 0047DE10
016F:00417C3D 66C745D82000 MOV
WORD [EBP-28],20
016F:00417C43 83C40C
ADD ESP,BYTE +0C
016F:00417C46 8D9584FBFFFF
LEA EDX,[EBP+FFFFFB84]
016F:00417C4C 8D45F4
LEA EAX,[EBP-0C]
016F:00417C4F
E864F10600 CALL 00486DB8
016F:00417C54 FF45E4
INC DWORD [EBP-1C]
016F:00417C57
8B10 MOV EDX,[EAX]
016F:00417C59 8B8610020000 MOV EAX,[ESI+0210]
016F:00417C5F E858820300 CALL 0044FEBC
016F:00417C64 FF4DE4 DEC
DWORD [EBP-1C]
016F:00417C67 8D45F4 LEA
EAX,[EBP-0C]
016F:00417C6A BA02000000 MOV
EDX,02
016F:00417C6F E828F20600 CALL
00486E9C
016F:00417C74 66C745D82C00 MOV
WORD [EBP-28],2C
016F:00417C7A 33C9
XOR ECX,ECX
016F:00417C7C 894DF0
MOV [EBP-10],ECX
016F:00417C7F 8D55F0
LEA EDX,[EBP-10]
016F:00417C82
FF45E4 INC DWORD [EBP-1C]
016F:00417C85 8B8604020000 MOV EAX,[ESI+0204]
016F:00417C8B E8FC810300 CALL 0044FE8C
016F:00417C90 837DF000 CMP DWORD
[EBP-10],BYTE +00
016F:00417C94 7405
JZ 00417C9B.....no jump!
016F:00417C96 8B4DF0
MOV ECX,[EBP-10].....此处取假的注册码
016F:00417C99
EB05 JMP SHORT 00417CA0
016F:00417C9B B96D604900 MOV ECX,0049606D
016F:00417CA0 8BF9 MOV
EDI,ECX
016F:00417CA2 33C0
XOR EAX,EAX
016F:00417CA4 56
PUSH ESI
016F:00417CA5 83C9FF
OR ECX,BYTE -01
016F:00417CA8 F2AE
REPNE SCASB ......press f10 to go on
016F:00417CAA
F7D1 NOT ECX
016F:00417CAC 2BF9 SUB
EDI,ECX
016F:00417CAE 8DB574FBFFFF LEA ESI,[EBP+FFFFFB74]
016F:00417CB4 87F7 XCHG
ESI,EDI
016F:00417CB6 8BD1 MOV
EDX,ECX
016F:00417CB8 8BC7
MOV EAX,EDI
016F:00417CBA C1E902
SHR ECX,02
016F:00417CBD 8D45F0
LEA EAX,[EBP-10]
016F:00417CC0
F3A5 REP MOVSD ....press f10 to go on
016F:00417CC2 8BCA MOV
ECX,EDX
016F:00417CC4 BA02000000 MOV
EDX,02
016F:00417CC9 83E103 AND
ECX,BYTE +03
016F:00417CCC F3A4
REP MOVSB ....take care,here you should press f8 to go on,otherwise
you will be shown with the crash window!
016F:00417CCE 5E
POP ESI
016F:00417CCF FF4DE4
DEC DWORD [EBP-1C]
016F:00417CD2
E8C5F10600 CALL 00486E9C
016F:00417CD7 8D9574FBFFFF
LEA EDX,[EBP+FFFFFB74]
016F:00417CDD 8D8574FBFFFF
LEA EAX,[EBP+FFFFFB74]
016F:00417CE3 EB18
JMP SHORT 00417CFD
016F:00417CE5 8A08 MOV
CL,[EAX]..........
016F:00417CE7 0FBED9
MOVSX EBX,CL
016F:00417CEA 83FB20
CMP EBX,BYTE +20...注册码中不能有空格
016F:00417CED 740D
JZ 00417CFC
016F:00417CEF
83FB2E CMP EBX,BYTE +2E...注册码中不能有“.”
016F:00417CF2 7408 JZ
00417CFC
016F:00417CF4 83FB2D CMP
EBX,BYTE +2D...注册码中不能有“-”
016F:00417CF7 7403
JZ 00417CFC
016F:00417CF9 880A
MOV [EDX],CL
016F:00417CFB
42 INC EDX
016F:00417CFC 40 INC
EAX
016F:00417CFD 803800
CMP BYTE [EAX],00...比较注册码是否存在
016F:00417D00 75E3
JNZ 00417CE5....跳回!分别取注册码比较
016F:00417D02 66C745D83800 MOV WORD [EBP-28],38
016F:00417D08 8D55BC LEA
EDX,[EBP-44]
016F:00417D0B 8D45EC LEA
EAX,[EBP-14]
016F:00417D0E E8A5F00600 CALL
00486DB8
016F:00417D13 FF45E4 INC
DWORD [EBP-1C]
016F:00417D16 8D55EC
LEA EDX,[EBP-14]
016F:00417D19 8D8614020000
LEA EAX,[ESI+0214]
016F:00417D1F E8A8F10600
CALL 00486ECC
016F:00417D24 FF4DE4
DEC DWORD [EBP-1C]
016F:00417D27
8D45EC LEA EAX,[EBP-14]
016F:00417D2A BA02000000 MOV EDX,02
016F:00417D2F E868F10600 CALL 00486E9C
016F:00417D34 8D4DBC LEA
ECX,[EBP-44]
016F:00417D37 51
PUSH ECX
016F:00417D38 8D8574FBFFFF LEA
EAX,[EBP+FFFFFB74]
016F:00417D3E 50
PUSH EAX
016F:00417D3F E874360600
CALL 0047B3B8.....可以追进去看看
016F:00417D44 83C408
ADD ESP,BYTE +08
016F:00417D47
85C0 TEST EAX,EAX
016F:00417D49
750C JNZ 00417D57........此处是关键跳转!
016F:00417D4B C786500100000100+MOV DWORD [ESI+0150],01
016F:00417D55 EB18 JMP
SHORT 00417D6F
016F:00417D57 A1BCC54900 MOV
EAX,[0049C5BC]...若跳转来到此处
016F:00417D5C 6A00
PUSH BYTE +00
016F:00417D5E B9CF604900
MOV ECX,004960CF....内存中显示invalidkey
016F:00417D63
BA6E604900 MOV EDX,0049606E
016F:00417D68
8B00 MOV EAX,[EAX]
016F:00417D6A E831F00600 CALL 00486DA0.....出错窗口!
016F:00417D6F 8B55C8 MOV
EDX,[EBP-38]
016F:00417D72 64891500000000 MOV [FS:00],EDX
016F:00417D79 5F POP
EDI
016F:00417D7A 5E
POP ESI
016F:00417D7B 5B
POP EBX
016F:00417D7C 8BE5
MOV ESP,EBP
016F:00417D7E
5D POP EBP
第二部分
016F:0047B3B8 55
PUSH EBP....来到这里!
016F:0047B3B9 8BEC
MOV EBP,ESP
016F:0047B3BB 51
PUSH ECX
016F:0047B3BC
53 PUSH EBX
016F:0047B3BD 56 PUSH
ESI
016F:0047B3BE 57 PUSH
EDI
016F:0047B3BF 8B7D0C MOV
EDI,[EBP+0C]
016F:0047B3C2 8B7508
MOV ESI,[EBP+08]...分别取真假注册码
016F:0047B3C5 EB02
JMP SHORT 0047B3C9
016F:0047B3C7 46 INC
ESI
016F:0047B3C8 47
INC EDI
016F:0047B3C9 0FBE06
MOVSX EAX,BYTE [ESI]
016F:0047B3CC 50
PUSH EAX
016F:0047B3CD E842430000
CALL 0047F714
016F:0047B3D2 59
POP ECX
016F:0047B3D3 8BD8
MOV EBX,EAX
016F:0047B3D5
50 PUSH EAX
016F:0047B3D6 0FBE17 MOVSX EDX,BYTE
[EDI]
016F:0047B3D9 52 PUSH
EDX
016F:0047B3DA E835430000 CALL
0047F714
016F:0047B3DF 59
POP ECX
016F:0047B3E0 8845FF
MOV [EBP-01],AL
016F:0047B3E3 5A
POP EDX
016F:0047B3E4
3AD0 CMP DL,AL
016F:0047B3E6 7504 JNZ
0047B3EC....当然要相等!
016F:0047B3E8 84DB
TEST BL,BL
016F:0047B3EA 75DB
JNZ 0047B3C7...跳回分别取值进行比较
016F:0047B3EC 33C0
XOR EAX,EAX....eax 清零!
016F:0047B3EE 33D2 XOR
EDX,EDX....edx 清零!
016F:0047B3F0 8A55FF
MOV DL,[EBP-01]
016F:0047B3F3 8AC3
MOV AL,BL
016F:0047B3F5 2BC2
SUB EAX,EDX
016F:0047B3F7
5F POP EDI
016F:0047B3F8 5E POP
ESI
016F:0047B3F9 5B
POP EBX
016F:0047B3FA 59
POP ECX
016F:0047B3FB 5D
POP EBP
- 标 题:FINDITNOW!1.25 or 102 中文版 破解心得 (14千字)
- 作 者:eryl
- 时 间:2002-2-9 13:43:10
- 链 接:http://bbs.pediy.com