下载地址: http://www.skycn.com/soft/9092.html
软件大小: 1248 KB
软件语言: 简体中文
软件类别: 国产软件 / 共享版 / 棋牌游戏
应用平台:
Win9x/NT/2000/XP
加入时间: 2003-02-12 10:53:38
下载次数: 14895
推荐等级:
***
开 发 商: http://bmzhao.wx-e.com/
【软件简介】:穷和麻将广泛流传于我国北方地区。和牌规则是开门、不缺门、有么九、有横、有顺。
【软件限制】:试用期
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、FI2.5、W32Dasm8.93黄金版
—————————————————————————————
【过
程】:
呵呵,血草兄前几日给我的“作业”。谁知DOWN下来后却无法运行,郁闷。今天看看其说明,明白了这个家伙嫌我的机子档次太低,故而罢工。呵呵,去找一朋友,在他的P4上搞定了它。虽然朋友心疼爱机,我却装作没看见。^-^
哎,已经凌晨了,太困了。
mj.exe无壳。VC++
6.0编写。反汇编,很容易就找到核心。
机器码:604838662
试炼码:13572468
—————————————————————————————
*
Reference To: KERNEL32.GetVolumeInformationA, Ord:0177h
====>呵呵,取我的硬盘序列号!
:0040873C
FF15F4514200 Call dword ptr [004251F4]
:00408742
8B4C2410 mov ecx, dword
ptr [esp+10]
====>240D1B06 即604838662入ECX
:00408746
85C9 test
ecx, ecx
:00408748 742F
je 00408779
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408777(C)
|
:0040874A
8BC1 mov
eax, ecx
====>1、240D1B06
====>2、0162F731
====>3、000DA70B
====>4、0000866C
====>5、0000052B
====>6、00000032
====>7、00000001
:0040874C
33D2 xor
edx, edx
:0040874E BD1A000000 mov
ebp, 0000001A
====>1A 入 EBP
:00408753
F7F5 div
ebp
====>EAX分别除以1A,直至不够除。商入EAX,余数入EDX
====>1、240D1B06/1A=0162F731 余C
====>2、0162F731/1A=000DA70B 余13
====>3、000DA70B/1A=0000866C 余13
====>4、0000866C/1A=0000052B 余E
====>5、0000052B/1A=00000032 余17
====>6、00000032/1A=00000001
余18
====>7、00000001/1A=00000000
余01
:00408755 0FBE07
movsx eax, byte
ptr [edi]
====>依次取试炼码的HEX值 EDI=13572468
====>1、31 入 EAX
…… ……省略…… ……
:00408758
8B149568C14200 mov edx, dword ptr [4*edx+0042C168]
====>依次从[4*edx+0042C168]处取值!
====>1、[4*C+0042C168]=0042C198 值为18
====>2、[4*13+0042C168]=0042C1B4 值为06
====>3、[4*13+0042C168]=0042C1B4 值为06
====>4、[4*E+0042C168]=0042C1A0 值为08
====>5、[4*17+0042C168]=0042C1C4 值为0C
====>6、[4*18+0042C168]=0042C1C8 值为16
====>7、[4*01+0042C168]=0042C16C 值为05
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
附:0042C168-0042C1C8
内存处的值!
0042C168 10 00 00 00 05 00 00 00 02 00 00 00 17 00 00 00
0042C178 00 00 00 00 04 00 00 00 0E 00 00 00 19 00 00 00
0042C188 09 00 00 00 03 00 00 00 0F 00 00 00 0B 00 00 00
0042C198 18 00 00 00 0A 00 00 00 08 00 00 00 01 00 00 00
0042C1A8 0D 00 00 00 14 00 00 00 11 00 00 00 06 00 00 00
0042C1B8
15 00 00 00 13 00 00 00 07 00 00 00 0C 00 00 00
0042C1C8 16
00 00 00 12 00 00 00 BA EC D6 D0 00 00 00 00
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
:0040875F
83C241 add edx,
00000041
====>1、18+41=59
====>2、06+41=47
====>3、06+41=47
====>4、08+41=49
====>5、0C+41=4D
====>6、16+41=57
====>7、05+41=46
:00408762
47 inc
edi
:00408763 3BD0
cmp edx, eax
====>依次与试炼码的HEX值比较!
呵呵,把上面得到的59、47、47、49、4D、57、46分别转化为其所对应的字符就是我的注册码了!
59、47、47、49、4D、57、46====>YGGIMWF
:00408765
7560 jne
004087C7
====>跳则OVER! R FL Z 改变跳转让其继续比较!
:00408767
B84FECC44E mov eax, 4EC4EC4F
:0040876C
F7E1 mul
ecx
:0040876E C1EA03
shr edx, 03
:00408771 8BCA
mov ecx, edx
:00408773 894C2410
mov dword ptr [esp+10], ecx
:00408777 75D1
jne 0040874A
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408748(C)
|
:00408779
E83FA70100 call 00422EBD
:0040877E
8B0B mov
ecx, dword ptr [ebx]
:00408780 8B15C4FB4200
mov edx, dword ptr [0042FBC4]
:00408786 8B4004
mov eax, dword ptr [eax+04]
:00408789 51
push
ecx
:0040878A 8B0DC8FB4200 mov ecx,
dword ptr [0042FBC8]
:00408790 52
push edx
:00408791 51
push ecx
:00408792 8BC8
mov ecx,
eax
:00408794 E8B3950100 call
00421D4C
:00408799 6A00
push 00000000
*
Possible Reference to Dialog:
|
:0040879B
6830C64200 push 0042C630
*
Possible StringData Ref from Data Obj ->"恭喜你,注册成功!"
====>胜利女神!
:004087A0
681CC64200 push 0042C61C
…… …… 省 略 …… ……
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408765(C)
|
:004087C7
6A00 push
00000000
* Possible
Reference to Dialog:
|
:004087C9
6810C64200 push 0042C610
*
Possible StringData Ref from Data Obj ->"注册码不对!"
====>失败小鬼!
:004087CE
6804C64200 push 0042C604
--------------------------------------------------------
【注册信息保存】:
REGEDIT4
[HKEY_CURRENT_USER\Software\Lzly\MJ\MJ]
"CODE"="YGGIMWF"
—————————————————————————————
【整
理】:
机器码:604838662
注册码:YGGIMWF
呵呵,把你的硬盘序列号改为240D1B06,你就能用这个注册码了。^-^
—————————————————————————————
Cracked By 巢水工作坊——fly【OCN】
2:23 03-2-26