简单算法——ClockWise V3.25c
下载页面: http://www.skycn.com/soft/4172.html
软件大小:
792 KB
软件语言: 英文
软件类别: 国外软件 / 共享版 / 时钟日历
应用平台: Win9x/NT/2000/XP
加入时间:
2002-10-03 11:41:55
下载次数: 3999
推荐等级: ****
开 发 商: http://www.rjsoftware.com/
【软件简介】:一个结合了数字时钟、日历、提醒/备忘时钟、计时和程序调度的时间管理实用工具,它可以安排5个提醒和多达30个单独的程序事件,另外,它还可以通过Inter net或原子钟自动设置系统时间。你可以用它自动安排关机和重新启动的时间。
【软件限制】:30 days trial
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、FI2.5、W32Dasm8.93黄金版
—————————————————————————————————
【过 程】:
ClockWise.exe
无壳,Visual C++ 6.0编写。呵呵,我等菜鸟喜欢的类型呀。
反汇编,查找关键提示,很容易就找到核心了。
User
Name :fly
Serial Number :1234 (序列号有很多限制)
Registration
:13572468 (试炼码要大于 5 位)
—————————————————————————————————
:0042F54D
55 push
ebp
:0042F54E 8BEC
mov ebp, esp
:0042F550 51
push ecx
:0042F551 894DFC
mov dword ptr [ebp-04], ecx
:0042F554
8B4DFC mov ecx,
dword ptr [ebp-04]
:0042F557 E84E000000
call 0042F5AA
====>关键CALL!进入!
:0042F55C
85C0 test
eax, eax
:0042F55E 7428
je 0042F588
====>跳则OVER!
:0042F560
8B4DFC mov ecx,
dword ptr [ebp-04]
:0042F563 E81B030000
call 0042F883
:0042F568 6A40
push 00000040
*
Possible Reference to Dialog:
|
:0042F56A
68140C4800 push 00480C14
*
Possible StringData Ref from Data Obj ->"THANK YOU for registering ClockWise"
====>呵呵,胜利女神!
:0042F56F 68180C4800 push
00480C18
:0042F574 8B4DFC
mov ecx, dword ptr [ebp-04]
:0042F577 E8F32C0200
call 0045226F
:0042F57C 6A00
push 00000000
:0042F57E
8B4DFC mov ecx,
dword ptr [ebp-04]
:0042F581 E83D0E0200
call 004503C3
:0042F586 EB1E
jmp 0042F5A6
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F55E(C)
|
:0042F588
6A30 push
00000030
* Possible
Reference to Dialog:
|
:0042F58A
683C0C4800 push 00480C3C
*
Possible StringData Ref from Data Obj ->"Sorry, registration didn't work!"
====>BAD BOY!
:0042F58F 68440C4800
push 00480C44
—————————————————————————————————
进入关键CALL:42F557
call 0042F5AA
*
Referenced by a CALL at Addresses:
|:0042F4D1 , :0042F557
|
:0042F5AA
55 push
ebp
:0042F5AB 8BEC
mov ebp, esp
:0042F5AD 83EC24
sub esp, 00000024
:0042F5B0 53
push ebx
:0042F5B1 56
push
esi
:0042F5B2 57
push edi
:0042F5B3 894DDC
mov dword ptr [ebp-24], ecx
:0042F5B6 90
nop
:0042F5B7
90 nop
:0042F5B8
90 nop
:0042F5B9
90 nop
:0042F5BA
C745F800000000 mov [ebp-08], 00000000
:0042F5C1
90 nop
:0042F5C2
90 nop
:0042F5C3
90 nop
:0042F5C4
90 nop
:0042F5C5
90 nop
:0042F5C6
90 nop
:0042F5C7
90 nop
:0042F5C8
90 nop
:0042F5C9
C745FC00000000 mov [ebp-04], 00000000
:0042F5D0
C745E800000000 mov [ebp-18], 00000000
:0042F5D7
8B4DDC mov ecx,
dword ptr [ebp-24]
:0042F5DA 83C160
add ecx, 00000060
:0042F5DD E86E3BFDFF
call 00403150
:0042F5E2 8945F4
mov dword ptr [ebp-0C], eax
:0042F5E5
837DF400 cmp dword ptr
[ebp-0C], 00000000
====>Name没填?
:0042F5E9
0F8486020000 je 0042F875
====>跳则OVER!
:0042F5EF
8B4DDC mov ecx,
dword ptr [ebp-24]
:0042F5F2 83C168
add ecx, 00000068
:0042F5F5 E8563BFDFF
call 00403150
:0042F5FA 85C0
test eax, eax
====>序列号没填?
:0042F5FC
0F8E73020000 jle 0042F875
====>跳则OVER!
:0042F602
8B4DDC mov ecx,
dword ptr [ebp-24]
:0042F605 83C164
add ecx, 00000064
:0042F608 E8433BFDFF
call 00403150
:0042F60D 83F805
cmp eax, 00000005
====>注册码应>5位
:0042F610
0F8E5F020000 jle 0042F875
====>跳则OVER!
:0042F616
8B4DDC mov ecx,
dword ptr [ebp-24]
:0042F619 83C168
add ecx, 00000068
:0042F61C E87FFFFEFF
call 0041F5A0
:0042F621 50
push eax
====>EAX=1234
:0042F622
E8BCFE0000 call 0043F4E3
====>将1234转换为16进制值表示。下面进行诸多检测!
:0042F627
83C404 add esp,
00000004
:0042F62A 8945FC
mov dword ptr [ebp-04], eax
====>[ebp-04]=EAX=4D2(H)=1234(D)
:0042F62D
837DFC01 cmp dword ptr
[ebp-04], 00000001
====>不能小于1
:0042F631
7263 jb 0042F696
====>跳则OVER!
:0042F633
817DFC2C010000 cmp dword ptr [ebp-04], 0000012C
====>或者≤12C(H)
:0042F63A
7609 jbe
0042F645
:0042F63C 817DFCE8030000 cmp dword
ptr [ebp-04], 000003E8
====>或者≥3E8(H)
:0042F643
7251 jb 0042F696
====>跳则OVER!
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0042F63A(C)
|
:0042F645 817DFCC4090000
cmp dword ptr [ebp-04], 000009C4
====>或者<9C4(H)
:0042F64C
7609 jbe
0042F657
:0042F64E 817DFC88130000 cmp dword
ptr [ebp-04], 00001388
====>或者≥1388(H)
:0042F655
723F jb 0042F696
====>跳则OVER!
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0042F64C(C)
|
:0042F657 817DFC401F0000
cmp dword ptr [ebp-04], 00001F40
====>或者≤1F40(H)
:0042F65E
7609 jbe
0042F669
:0042F660 817DFC67270000 cmp dword
ptr [ebp-04], 00002767
====>或者≥2767(H)
:0042F667
722D jb 0042F696
====>跳则OVER!
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F65E(C)
|
:0042F669
817DFC162A0000 cmp dword ptr [ebp-04], 00002A16
====>或者≤2A16(H)
:0042F670
7609 jbe
0042F67B
:0042F672 817DFC532A0000 cmp dword
ptr [ebp-04], 00002A53
====>或者≥2A53(H)
:0042F679
721B jb 0042F696
====>跳则OVER!
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F670(C)
|
:0042F67B
817DFCE02E0000 cmp dword ptr [ebp-04], 00002EE0
====>或者≤2EE0(H)
:0042F682
7609 jbe
0042F68D
:0042F684 817DFC204E0000 cmp dword
ptr [ebp-04], 00004E20
====>或者≥4E20(H)
:0042F68B
7209 jb 0042F696
====>跳则OVER!
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F682(C)
|
:0042F68D
817DFCF0550000 cmp dword ptr [ebp-04], 000055F0
====>或者≤55F0(H)
:0042F694
760C jbe
0042F6A2
====>应跳!
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0042F631(C),
:0042F643(C), :0042F655(C), :0042F667(C), :0042F679(C)
|:0042F68B(C)
====>跳到这儿就OVER了!
:0042F696
C745F800000000 mov [ebp-08], 00000000
:0042F69D
E9D3010000 jmp 0042F875
====>跳向OVER!
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F694(C)
|
:0042F6A2
C745EC00000000 mov [ebp-14], 00000000
:0042F6A9
EB09 jmp
0042F6B4
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:0042F6E2(U)
|
:0042F6AB
8B45EC mov eax,
dword ptr [ebp-14]
:0042F6AE 83C001
add eax, 00000001
:0042F6B1 8945EC
mov dword ptr [ebp-14], eax
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F6A9(U)
|
:0042F6B4
8B4DEC mov ecx,
dword ptr [ebp-14]
:0042F6B7 3B4DF4
cmp ecx, dword ptr [ebp-0C]
====>循环NAME的位数次!
:0042F6BA
7D28 jge
0042F6E4
:0042F6BC 8B75EC
mov esi, dword ptr [ebp-14]
:0042F6BF 83C601
add esi, 00000001
:0042F6C2 8B55EC
mov edx, dword ptr
[ebp-14]
:0042F6C5 52
push edx
:0042F6C6 8B4DDC
mov ecx, dword ptr [ebp-24]
:0042F6C9 83C160
add ecx, 00000060
:0042F6CC
E8DF3AFDFF call 004031B0
====>依次取NAME字符的HEX值
:0042F6D1 0FBEC0
movsx eax, al
1、 ====>EAX=66
2、 ====>EAX=6C
3、 ====>EAX=79
:0042F6D4
0FAFF0 imul esi,
eax
1、 ====>ESI=1 * 66=66
2、
====>ESI=2 * 6C=D8
3、 ====>ESI=3 * 79=16B
:0042F6D7
0375F4 add esi,
dword ptr [ebp-0C]
1、 ====>ESI=66 + 3=69
2、 ====>ESI=D8 + 3=DB
3、
====>ESI=16B + 3=16E
:0042F6DA
8B4DE8 mov ecx,
dword ptr [ebp-18]
1、 ====>ECX=00
2、 ====>ECX=69
3、 ====>ECX=144
:0042F6DD
03CE add
ecx, esi
1、 ====>ECX=00 + 69=69
2、 ====>ECX=69 + DB=144
3、
====>ECX=144 + 16E=2B2
:0042F6DF
894DE8 mov dword
ptr [ebp-18], ecx
1、 ====>[ebp-18]=ECX=69
2、 ====>[ebp-18]=ECX=144
2、
====>[ebp-18]=ECX=2B2
:0042F6E2
EBC7 jmp
0042F6AB
====>跳上去继续循环
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:0042F6BA(C)
|
:0042F6E4
8B55F4 mov edx,
dword ptr [ebp-0C]
====>EDX=3 即:NAME位数
:0042F6E7
0FAF55FC imul edx, dword
ptr [ebp-04]
====>EDX=3 * 4D2=E76
:0042F6EB
8B45E8 mov eax,
dword ptr [ebp-18]
====>EAX=2B2
:0042F6EE
03C2 add
eax, edx
====>EAX=2B2 + E76=1128
:0042F6F0
8945E8 mov dword
ptr [ebp-18], eax
====>[ebp-18]=EAX=1128
壹
:0042F6F3 6A10
push 00000010
:0042F6F5
8D4DE0 lea ecx,
dword ptr [ebp-20]
:0042F6F8 51
push ecx
:0042F6F9 8B55E8
mov edx, dword ptr [ebp-18]
:0042F6FC 52
push
edx
:0042F6FD E839AD0100 call
0044A43B
:0042F702 83C40C
add esp, 0000000C
:0042F705 C745EC00000000
mov [ebp-14], 00000000
:0042F70C EB09
jmp 0042F717
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F73B(U)
|
:0042F70E
8B45EC mov eax,
dword ptr [ebp-14]
:0042F711 83C001
add eax, 00000001
:0042F714 8945EC
mov dword ptr [ebp-14], eax
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F70C(U)
|
:0042F717
8B4DEC mov ecx,
dword ptr [ebp-14]
:0042F71A 0FBE540DE0
movsx edx, byte ptr [ebp+ecx-20]
:0042F71F 85D2
test edx, edx
:0042F721
741A je 0042F73D
:0042F723
8B45EC mov eax,
dword ptr [ebp-14]
:0042F726 0FBE4C05E0
movsx ecx, byte ptr [ebp+eax-20]
:0042F72B 51
push ecx
:0042F72C E87F150100
call 00440CB0
:0042F731 83C404
add esp, 00000004
:0042F734
8B55EC mov edx,
dword ptr [ebp-14]
:0042F737 884415E0
mov byte ptr [ebp+edx-20], al
:0042F73B EBD1
jmp 0042F70E
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0042F721(C),
:0042F796(U)
|
:0042F73D 8D45E0
lea eax, dword ptr [ebp-20]
====>EAX=[ebp-20]=1128
:0042F740
50 push
eax
:0042F741 E8AA130100 call
00440AF0
====>求1128的位数
:0042F746
83C404 add esp,
00000004
:0042F749 83F804
cmp eax, 00000004
====>是否≥4位?
:0042F74C
734A jnb
0042F798
====>跳下去再运算注册码的前2位!
:0042F74E
8D4DE0 lea ecx,
dword ptr [ebp-20]
:0042F751 51
push ecx
:0042F752 E899130100
call 00440AF0
:0042F757 83C404
add esp, 00000004
:0042F75A C64405E100
mov [ebp+eax-1F], 00
:0042F75F
8D55E0 lea edx,
dword ptr [ebp-20]
:0042F762 52
push edx
:0042F763 E888130100
call 00440AF0
:0042F768 83C404
add esp, 00000004
:0042F76B 83C001
add eax, 00000001
:0042F76E
8945EC mov dword
ptr [ebp-14], eax
:0042F771 EB09
jmp 0042F77C
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F790(U)
|
:0042F773
8B45EC mov eax,
dword ptr [ebp-14]
:0042F776 83E801
sub eax, 00000001
:0042F779 8945EC
mov dword ptr [ebp-14], eax
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F771(U)
|
:0042F77C
837DEC00 cmp dword ptr
[ebp-14], 00000000
:0042F780 7410
je 0042F792
:0042F782 8B4DEC
mov ecx, dword ptr [ebp-14]
:0042F785
8B55EC mov edx,
dword ptr [ebp-14]
:0042F788 8A4415DF
mov al, byte ptr [ebp+edx-21]
:0042F78C 88440DE0
mov byte ptr [ebp+ecx-20], al
:0042F790
EBE1 jmp
0042F773
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:0042F780(C)
|
:0042F792
C645E030 mov [ebp-20],
30
:0042F796 EBA5
jmp 0042F73D
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F74C(C)
|
:0042F798
C645E600 mov [ebp-1A],
00
:0042F79C 8A4DE3
mov cl, byte ptr [ebp-1D]
====>CL=[ebp-1D]=38
:0042F79F
884DE5 mov byte
ptr [ebp-1B], cl
====>[ebp-1B]=CL=38
:0042F7A2
8A55E2 mov dl, byte
ptr [ebp-1E]
====>DL=[ebp-1E]=32
:0042F7A5
8855E4 mov byte
ptr [ebp-1C], dl
====>[ebp-1C]=DL=32
:0042F7A8
8A45E1 mov al, byte
ptr [ebp-1F]
====>AL=[ebp-1F]=31
:0042F7AB
8845E3 mov byte
ptr [ebp-1D], al
====>[ebp-1D]=AL=31
:0042F7AE
8A4DE0 mov cl, byte
ptr [ebp-20]
====>CL=[ebp-20]=31
:0042F7B1
884DE2 mov byte
ptr [ebp-1E], cl
====>[ebp-1E]=CL=31
:0042F7B4
0FBE55E0 movsx edx, byte
ptr [ebp-20]
====>EDX=[ebp-20]=31
:0042F7B8
8B45FC mov eax,
dword ptr [ebp-04]
====>EAX=[ebp-04]=4D2
:0042F7BB
0FAFC2 imul eax,
edx
====>EAX=4D2 * 31=EC32
:0042F7BE
8845F0 mov byte
ptr [ebp-10], al
====>[ebp-10]=AL=32
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0042F809(U),
:0042F80B(U)
|
:0042F7C1 8B4DF0
mov ecx, dword ptr [ebp-10]
:0042F7C4 81E1FF000000
and ecx, 000000FF
:0042F7CA 83F941
cmp ecx, 00000041
:0042F7CD
7C0E jl 0042F7DD
:0042F7CF
8B55F0 mov edx,
dword ptr [ebp-10]
====>EDX=[ebp-10]
:0042F7D2
81E2FF000000 and edx, 000000FF
:0042F7D8
83FA5A cmp edx,
0000005A
====>是否≤5A
:0042F7DB
7E30 jle
0042F80D
====>则跳过去
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F7CD(C)
|
:0042F7DD
8A45F0 mov al, byte
ptr [ebp-10]
:0042F7E0 044A
add al, 4A
①、 ====>AL=32 + 4A=7C
②、 ====>AL=7C + 4A=C6
③、 ====>AL=C6
+ 4A=10
④、 ====>AL=10 + 4A=5A
上面代码应该是循环相加,直至其低2位是大写字母(HEX值:41-5A)。
:0042F7E2
8845F0 mov byte
ptr [ebp-10], al
:0042F7E5 8B4DF0
mov ecx, dword ptr [ebp-10]
:0042F7E8 81E1FF000000
and ecx, 000000FF
:0042F7EE 83F94F
cmp ecx, 0000004F
:0042F7F1
740E je 0042F801
:0042F7F3
8B55F0 mov edx,
dword ptr [ebp-10]
:0042F7F6 81E2FF000000
and edx, 000000FF
:0042F7FC 83FA49
cmp edx, 00000049
:0042F7FF 750A
jne 0042F80B
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F7F1(C)
|
:0042F801
8A45F0 mov al, byte
ptr [ebp-10]
:0042F804 044A
add al, 4A
:0042F806 8845F0
mov byte ptr [ebp-10], al
:0042F809 EBB6
jmp 0042F7C1
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F7FF(C)
|
:0042F80B
EBB4 jmp
0042F7C1
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:0042F7DB(C)
|
:0042F80D
8A4DF0 mov cl, byte
ptr [ebp-10]
====>CL=[ebp-10]=5A
贰
:0042F810 884DE0
mov byte ptr [ebp-20],
cl
====>5A 即:Z 入 [ebp-20]
:0042F813
0FBE55E1 movsx edx, byte
ptr [ebp-1F]
====>EDX=[ebp-1F]=31
:0042F817
8B45F4 mov eax,
dword ptr [ebp-0C]
====>EAX=[ebp-0C]=3
:0042F81A
0FAFC2 imul eax,
edx
====>EAX=3 *31=93
:0042F81D 8845F0 mov byte ptr [ebp-10], al
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:0042F844(U)
|
:0042F820
8B4DF0 mov ecx,
dword ptr [ebp-10]
:0042F823 81E1FF000000
and ecx, 000000FF
:0042F829 83F930
cmp ecx, 00000030
:0042F82C 7C0E
jl 0042F83C
:0042F82E 8B55F0
mov edx, dword ptr
[ebp-10]
:0042F831 81E2FF000000 and
edx, 000000FF
:0042F837 83FA39
cmp edx, 00000039
====>实际是比较结果是否为数字?
:0042F83A
7E0A jle
0042F846
====>是则跳下去
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F82C(C)
|
:0042F83C
8A45F0 mov al, byte
ptr [ebp-10]
①、 ====>AL=[ebp-10]=93
②、 ====>AL=[ebp-10]=DD
③、 ====>AL=[ebp-10]=27
④、 ====>AL=[ebp-10]=71
⑤、
====>AL=[ebp-10]=BB
⑥、 ====>AL=[ebp-10]=05
⑦、 ====>AL=[ebp-10]=4F
⑧、
====>AL=[ebp-10]=99
⑨、 ====>AL=[ebp-10]=E3
⑩、 ====>AL=[ebp-10]=2D
(11)、 ====>AL=[ebp-10]=77
(12)、
====>AL=[ebp-10]=C1
(13)、 ====>AL=[ebp-10]=0B
(14)、
====>AL=[ebp-10]=55
(15)、 ====>AL=[ebp-10]=9F
(16)、
====>AL=[ebp-10]=E9
:0042F83F
044A add
al, 4A
①、 ====>AL=93 + 4A=DD
②、
====>AL=DD + 4A=27
③、 ====>AL=27 + 4A=71
④、 ====>AL=71 + 4A=BB
⑤、 ====>AL=BB
+ 4A=05
⑥、 ====>AL=05 + 4A=4F
⑦、
====>AL=4F + 4A=99
⑧、 ====>AL=99 + 4A=E3
⑨、 ====>AL=E3 + 4A=2D
⑩、 ====>AL=2D
+ 4A=77
(11)、 ====>AL=77 + 4A=C1
(12)、 ====>AL=C1
+ 4A=0B
(13)、 ====>AL=0B + 4A=55
(14)、 ====>AL=55
+ 4A=9F
(15)、 ====>AL=9F + 4A=E9
(16)、 ====>AL=E9
+ 4A=33
上面代码应该是循环相加,直至其低2位是数字(HEX值:30-39)。
为了给象我一样的菜鸟朋友看清楚,我全列了出来。
:0042F841
8845F0 mov byte
ptr [ebp-10], al
:0042F844 EBDA
jmp 0042F820
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F83A(C)
|
:0042F846
8A4DF0 mov cl, byte
ptr [ebp-10]
====>CL=[ebp-10]=33
叁
:0042F849 884DE1
mov byte ptr [ebp-1F],
cl
====>33 即:3 入 [ebp-1F]
:0042F84C
90 nop
:0042F84D
90 nop
:0042F84E
90 nop
:0042F84F
90 nop
:0042F850
8B4DDC mov ecx,
dword ptr [ebp-24]
:0042F853 83C164
add ecx, 00000064
:0042F856 E845FDFEFF
call 0041F5A0
:0042F85B 50
push eax
====>EAX=13572468 试炼码
:0042F85C
8D55E0 lea edx,
dword ptr [ebp-20]
====>[ebp-20]处的值是上面
贰、叁、壹 的值
:0042F85F 52
push
edx
====>EDX=Z31128 真码!
*
Reference To: KERNEL32.lstrcmpA, Ord:02FCh
|
:0042F860
FF1504F34500 Call dword ptr [0045F304]
====>比较注册码!呵呵,lstrcmpA这个断点好找呀。
:0042F866
85C0 test
eax, eax
:0042F868 750B
jne 0042F875
:0042F86A 90
nop
:0042F86B 90
nop
:0042F86C 90
nop
:0042F86D
90 nop
:0042F86E
C745F801000000 mov [ebp-08], 00000001
====>注册标志位 置1 OK!
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0042F5E9(C),
:0042F5FC(C), :0042F610(C), :0042F69D(U), :0042F868(C)
====>直接跳过来就OVER了!
:0042F875
90 nop
:0042F876
90 nop
:0042F877
90 nop
:0042F878
90 nop
:0042F879
8B45F8 mov eax,
dword ptr [ebp-08]
====>注册标志位值 入
EAX!
:0042F87C 5F
pop edi
:0042F87D
5E pop
esi
:0042F87E 5B
pop ebx
:0042F87F 8BE5
mov esp, ebp
:0042F881 5D
pop ebp
:0042F882 C3
ret
—————————————————————————————————
【KeyMake之{47th}内存注册机】:
中断地址:42F85F
中断次数:1
第一字节:52
指令长度:1
内存方式:EDX
—————————————————————————————————
【注册信息保存】:
REGEDIT4
[HKEY_CURRENT_USER\Software\RJ
Software\ClockWise\Registration]
"User Name"="fly"
"Serial
Number"="1234"
"Registration Code"="Z31128"
—————————————————————————————————
【整 理】:
User
Name :fly
Serial Number:1234
Registration :Z31128
—————————————————————————————————
Cracked By 巢水工作坊——fly【OCN】
2003-03-16 18:43:04