:关于FlashGet1.1
下载地址:http://soft.zz.ha.cn/query/down.asp?softnumber=7418&dtype=1&path=/fg11.exe
使用的软件:WIN32DASM、TRW2000
网际快车是较好的下载软件,它的历次版本都比较好pj,而且它的pj方式大同小异。(多么善良的作者^_^)它的注册实际上就是去掉广告条。
用WIN32DASM反汇编此文件。查找文本“REGNAME”(有的版本需要查找两次。前不久我pj的相同版本就是。由于重装机,原文件丢失,此次是我昨天刚下载的。)
代码如下:到底什么意思,自己分析吧,我没有时间写。
* Possible StringData Ref from Data Obj ->"RegName"
|
:0041807F 6878B34D00 push 004DB378
:00418084 8D442414 lea
eax, dword ptr [esp+14]
* Possible StringData Ref from Data Obj ->"General"
|
:00418088 6848A44D00 push 004DA448
:0041808D 8BF1
mov esi, ecx
:0041808F 50
push eax
:00418090 E868C70800 call 004A47FD
* Possible Reference to Dialog:
|
:00418095 68D4134E00 push 004E13D4
* Possible StringData Ref from Data Obj ->"RegPass"
|
:0041809A 6870B34D00 push 004DB370
:0041809F 8D4C2410 lea
ecx, dword ptr [esp+10]
* Possible StringData Ref from Data Obj ->"General"
|
:004180A3 6848A44D00 push 004DA448
:004180A8 51
push ecx
:004180A9 8BCE
mov ecx, esi
:004180AB C744243400000000 mov [esp+34], 00000000
:004180B3 E845C70800 call 004A47FD
:004180B8 8B54240C mov
edx, dword ptr [esp+0C]
:004180BC BB01000000 mov ebx,
00000001
:004180C1 885C2424 mov
byte ptr [esp+24], bl
:004180C5 8B42F8 mov
eax, dword ptr [edx-08]
:004180C8 85C0
test eax, eax
:004180CA 0F84CF000000 je 0041819F
:004180D0 8B442408 mov
eax, dword ptr [esp+08]
:004180D4 8B48F8 mov
ecx, dword ptr [eax-08]
:004180D7 85C9
test ecx, ecx
:004180D9 0F84C0000000 je 0041819F
:004180DF 57
push edi
:004180E0 53
push ebx
:004180E1 6A43
push 00000043
:004180E3 8D4C2420 lea
ecx, dword ptr [esp+20]
:004180E7 E84D280700 call 0048A939
:004180EC 8D4C241C lea
ecx, dword ptr [esp+1C]
:004180F0 53
push ebx
:004180F1 51
push ecx
:004180F2 8D4C2414 lea
ecx, dword ptr [esp+14]
:004180F6 C644243002 mov [esp+30],
02
:004180FB E8F82C0700 call 0048ADF8
:00418100 8B542418 mov
edx, dword ptr [esp+18]
:00418104 8B00
mov eax, dword ptr [eax]
:00418106 52
push edx
:00418107 50
push eax
:00418108 E806380600 call 0047B913
:0041810D 83C408 add
esp, 00000008
:00418110 8D4C241C lea
ecx, dword ptr [esp+1C]
:00418114 85C0
test eax, eax
:00418116 0F94C0 sete
al
:00418119 25FF000000 and eax,
000000FF
:0041811E 8BF8
mov edi, eax
:00418120 E89E730700 call 0048F4C3
:00418125 8D4C2418 lea
ecx, dword ptr [esp+18]
:00418129 885C2428 mov
byte ptr [esp+28], bl
:0041812D E891730700 call 0048F4C3
:00418132 8B4C2410 mov
ecx, dword ptr [esp+10]
:00418136 57
push edi
:00418137 8D542418 lea
edx, dword ptr [esp+18]
:0041813B 51
push ecx
:0041813C 52
push edx
:0041813D 8BCE
mov ecx, esi
:0041813F E89C000000 call 004181E0
:00418144 8B44240C mov
eax, dword ptr [esp+0C]
:00418148 8B4C2414 mov
ecx, dword ptr [esp+14]
:0041814C 50
push eax ********假码
:0041814D 51
push ecx ********真正的注册码。
:0041814E E8C0370600 call 0047B913
:00418153 83C408 add
esp, 00000008
:00418156 885C2428 mov
byte ptr [esp+28], bl
要想取得注册码请先打开FLASHGET1.1输入姓名、注册码后关闭。此文件在启动时检查。
1、打开秩TRW2000,装入FLASHGET1.1。
2、设置中断,BPX 41814e do "d ecx" 在数据区就可看到真正的注册码。
3、CTRL+N
4、拦截成功。