简单算法——极限信息发布器 V1.0
下载页面:http://www.seekeasysoft.com/maxinfo/maxinfo.htm
英文名称:MaxInfo
当前版本:V 1.0
功能用途:广告信息自动发布到BBS供求站点
应用平台:Win9x/Me/NT/2000/XP
授权方式:共享软件
软件大小:377KB
更新日期:2002-12-20
【软件简介】:将广告信息张贴到供求信息站点,利用各网站访问流量以及搜索引擎对信息页面的收录,能在广告发布后很长时间内依然发挥广告效果,从而极大提升网站访问量。本软件采用全自动登陆方法,几秒钟便将你的供求信息张贴到各网站首页以及相应信息类目。你只需填写信息标题、网址、联系人名、联系电邮和广告内容等,瞬间完成登陆并可列出详细的登陆报告,信息发出后马上就可在网站上实时查看到,是各大网络服务公司、网络广告提供商以及企事业单位市场营销、开拓网上商务、宣传推广网站不可缺少的工具。
【软件限制】:功能限制、试用次数
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、FI2.5、Ollydbg1.09、W32Dasm8.93黄金版
—————————————————————————————————
【过 程】:
maxinfo.exe无壳。DELPHI编写。反汇编,查找关键提示。
序列号:206540629
试炼码:13572468
—————————————————————————————————
* Possible StringData
Ref from Code Obj ->"00000000"
|
:0048BE3E
BA5CBF4800 mov edx, 0048BF5C
:0048BE43
E8DC88F7FF call 00404724
:0048BE48
8D4DF4 lea ecx,
dword ptr [ebp-0C]
*
Possible StringData Ref from Code Obj ->"请输入您的软件注册码"
|
:0048BE4B BA70BF4800
mov edx, 0048BF70
*
Possible StringData Ref from Code Obj ->"登记注册"
|
:0048BE50 B890BF4800
mov eax, 0048BF90
:0048BE55 E8A2B5FAFF
call 004373FC
:0048BE5A 3C01
cmp al, 01
:0048BE5C 0F85C8000000
jne 0048BF2A
:0048BE62 8D55E0
lea edx, dword ptr [ebp-20]
:0048BE65
8B45F4 mov eax,
dword ptr [ebp-0C]
:0048BE68 E8FBCAF7FF
call 00408968
:0048BE6D 8B45E0
mov eax, dword ptr [ebp-20]
====>EAX=13572468
:0048BE70
E8C7CDF7FF call 00408C3C
====>将试炼码转化成16进制表示
:0048BE75
8945F8 mov dword
ptr [ebp-08], eax
====>EAX=CF1974
CF1974 是我们输入的数字
13572468 的16进制值!
:0048BE78
8955FC mov dword
ptr [ebp-04], edx
:0048BE7B 6A00
push 00000000
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048BE0C(C)
|
:0048BE7D
6A4C push
0000004C
====>4C
:0048BE7F
8B45F8 mov eax,
dword ptr [ebp-08]
====>EAX=CF1974
:0048BE82
8B55FC mov edx,
dword ptr [ebp-04]
:0048BE85 E8EA97F7FF
call 00405674
====>关键CALL!进入!
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
进入
48BE85 call 00405674
*
Referenced by a CALL at Addresses:
|:0040F780 , :0048BE85
|
:00405674
55 push
ebp
:00405675 53
push ebx
:00405676 56
push esi
:00405677 57
push edi
:00405678 31FF
xor edi,
edi
:0040567A 8B5C2414 mov
ebx, dword ptr [esp+14]
====>4C 入 EBX
:0040567E
8B4C2418 mov ecx, dword
ptr [esp+18]
:00405682 09C9
or ecx, ecx
:00405684 7508
jne 0040568E
:00405686 09D2
or edx, edx
:00405688
745C je 004056E6
:0040568A
09DB or ebx,
ebx
:0040568C 7458
je 004056E6
…… …… 省 略 …… ……
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00405688(C),
:0040568C(C)
|
:004056E6 F7F3
div ebx
====>EAX=
CF1974/4C = 2B999
:004056E8
31D2 xor
edx, edx
:004056EA EBF3
jmp 004056DF
:004056EC C3
ret
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
:0048BE8A
8945F8 mov dword
ptr [ebp-08], eax
:0048BE8D 8955FC
mov dword ptr [ebp-04], edx
:0048BE90 8B45F8
mov eax, dword ptr [ebp-08]
====>EAX =2B999
:0048BE93
8B55FC mov edx,
dword ptr [ebp-04]
:0048BE96 2D40BB0000
sub eax, 0000BB40
====>EAX
=2B999-BB40=1FE59
:0048BE9B
83DA00 sbb edx,
00000000
:0048BE9E 8945F8
mov dword ptr [ebp-08], eax
====>1FE59
入 [ebp-08] 下面比较用
:0048BEA1
8955FC mov dword
ptr [ebp-04], edx
:0048BEA4 8D45E4
lea eax, dword ptr [ebp-1C]
:0048BEA7 E8B833FFFF
call 0047F264
====>关键CALL!进入!
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
进入
48BEA7 call 0047F264
*
Referenced by a CALL at Addresses:
|:0048B141 , :0048BEA7
|
:0047F264
53 push
ebx
:0047F265 57
push edi
:0047F266 89C7
mov edi, eax
:0047F268 B801000000
mov eax, 00000001
:0047F26D 0FA2
cpuid
====>?EAX=F13
呵呵,请教 CPUID 是什么意思呀?为何一过此EAX就=F13?
:0047F26F
AB stosd
:0047F270
89D8 mov
eax, ebx
:0047F272 AB
stosd
:0047F273 89C8
mov eax, ecx
:0047F275 AB
stosd
:0047F276 89D0
mov eax,
edx
:0047F278 AB
stosd
:0047F279 5F
pop edi
:0047F27A 5B
pop ebx
:0047F27B C3
ret
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
:0048BEAC
8B4DE4 mov ecx,
dword ptr [ebp-1C]
====>F13 入 ECX
:0048BEAF
8BC1 mov
eax, ecx
====>EAX=ECX=F13
:0048BEB1
99 cdq
:0048BEB2
3B55FC cmp edx,
dword ptr [ebp-04]
:0048BEB5 755E
jne 0048BF15
:0048BEB7 3B45F8
cmp eax, dword ptr [ebp-08]
====>比较了!
====>EAX=F13
====>[ebp-08]=1FE59
:0048BEBA
7559 jne
0048BF15
====>跳则OVER!
:0048BEBC
33D2 xor
edx, edx
:0048BEBE 8B83E8030000 mov
eax, dword ptr [ebx+000003E8]
:0048BEC4 8B08
mov ecx, dword ptr [eax]
:0048BEC6 FF5164
call [ecx+64]
:0048BEC9
B201 mov
dl, 01
:0048BECB 8B83F4020000 mov
eax, dword ptr [ebx+000002F4]
:0048BED1 8B08
mov ecx, dword ptr [eax]
:0048BED3 FF5164
call [ecx+64]
*
Possible StringData Ref from Code Obj ->"已注册登记版本"
|
:0048BED6 BAA4BF4800
mov edx, 0048BFA4
:0048BEDB 8B83E4030000
mov eax, dword ptr [ebx+000003E4]
:0048BEE1 E84E20FBFF
call 0043DF34
:0048BEE6 33D2
xor edx,
edx
:0048BEE8 8B83F0030000 mov eax,
dword ptr [ebx+000003F0]
:0048BEEE E84120FBFF
call 0043DF34
:0048BEF3 8B83F4030000
mov eax, dword ptr [ebx+000003F4]
:0048BEF9 E84627FFFF
call 0047E644
:0048BEFE 6A00
push 00000000
:0048BF00
668B0DB4BF4800 mov cx, word ptr [0048BFB4]
:0048BF07
B202 mov
dl, 02
* Possible StringData
Ref from Code Obj ->"软件登记注册成功"
====>呵呵,胜利女神!
:0048BF09 B8C0BF4800
mov eax, 0048BFC0
:0048BF0E E8CDB3FAFF
call 004372E0
:0048BF13 EB15
jmp 0048BF2A
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0048BEB5(C),
:0048BEBA(C)
|
:0048BF15 6A00
push 00000000
:0048BF17 668B0DB4BF4800
mov cx, word ptr [0048BFB4]
:0048BF1E B201
mov dl, 01
*
Possible StringData Ref from Code Obj ->"软件注册号错误"
====>BAD BOY!
—————————————————————————————————
【算
法 总 结】:
真码=(F13+BB40)*4C=3C10A4(H)=3936420(D)
请教一下:4B79CD
cpuid ?EAX=544是如何得出的?
—————————————————————————————————
【注册信息保存】:
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{1AE69D60-73D0-11D4-BD52-38A480C50000}]
"812181690"="812181690"
—————————————————————————————————
【整 理】:
序列号:206540629
注册码:3936420
—————————————————————————————————
Cracked By
巢水工作坊——fly【OCN】
13:56 03-3-8