Software:ÒÚΨeÊé Ver 0.9
Êǽ« HTML Ò³ÃæÎļþ£¨°üÀ¨Ã½ÌåÎļþ£©À¦°ó³É
EXEµç×ÓÎĵµµÄÖÆ×÷Èí¼þ£¬ÊÇÖÆ×÷EXEµç×ÓͼÊé²»´íµÄÑ¡Ôñ¡£
Author:ÒÚΨ¹¤×÷ÊÒ
Email:whren@163.com
http://ewaysoft.myrice.com/
Tools:PEiD,UnAspack & DeDe V1.06 & W32Dasm
V10;
finally, inspiration & luck & patient,etc
Cracker:lq7972
Date:2003-3-1,ÐÇÆÚÎå
1¡¢ÓÃPEiD²é¿Ç£¬ÊÇASPack 2.1 ->
Alexey Solodovnikov
2¡¢×ÔÈ»ÓÃUnAspackÍÑ
3¡¢ÓÃPEiD²éÍѿǺóµÄCrackMe.exe£¬ÊÇDelphi×öµÄ
4¡¢ÓÃDeDe·´±àÒëCrackMe.exe
ÔÚ½çÃæ¸ñʽÎļþDFMÑ¡ÏîFrom ClassµÄTFrmRegÖÐ
object SpeedButton1: TSpeedButton
Left = 10
Top = 136
Width = 60
Height = 25
Caption = '×¢²á'
Flat = True
OnClick = SpeedButton1Click
end
ÖªµÀÁËSpeedButton1Click¾ÍÊÇÈí¼þÆô¶¯Ê±"×¢²á"´°ÌåÉϵÄ"×¢²á"°´Å¥
ÔÚDCUÓÐClass
Name=TFrmReg,EventsÓÐSpeedButton1Clickʼþ:
00489E08 A16C724900
mov eax, dword ptr [$49726C]
00489E0D
8B00 mov
eax, [eax]
00489E0F 8B10
mov edx, [eax]
00489E11 FF92D8000000
call dword ptr [edx+$00D8]
00489E17
48 dec
eax
00489E18 750C
jnz 00489E26
00489E1A A188714900
mov eax, dword ptr [$497188]
00489E1F 8B00
mov eax,
[eax]
00489E21 E8D6820000
call 004920FC
;Õâ¸öCall,en en look down at sth.
00489E26 C3
ret
5¡¢W32DasmÖÐ
:00489E07 00A16C724900
add byte ptr [ecx+0049726C], ah
:00489E0D 8B00
mov eax, dword ptr [eax]
:00489E0F
8B10 mov
edx, dword ptr [eax]
:00489E11 FF92D8000000
call dword ptr [edx+000000D8]
:00489E17 48
dec eax
:00489E18 750C
jne 00489E26
:00489E1A
A188714900 mov eax, dword ptr [00497188]
:00489E1F 8B00
mov eax, dword ptr [eax]
:00489E21 E8D6820000
call 004920FC
;Õâ¸öCall£¬en ¸Éʲô£²»ÊÇҪע²áÂ𣿸ú½ø(1)°É£¬
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00489E18(C)
|
:00489E26 C3
ret
;¸ú½ø(1)£¬À´µ½ÁË
* Referenced by a CALL at Addresses:
|:00489E21 , :004920F3
|
:004920FC 55
push ebp
:004920FD
8BEC mov
ebp, esp
:004920FF 6A00
push 00000000
:00492101 6A00
push 00000000
:00492103 53
push ebx
:00492104
56
push esi
:00492105 57
push edi
:00492106 8BF8
mov edi, eax
:00492108 33C0
xor eax, eax
:0049210A
55
push ebp
:0049210B 6855224900
push 00492255
:00492110 64FF30
push dword ptr fs:[eax]
:00492113 648920
mov dword ptr fs:[eax], esp
:00492116
8D55FC lea edx,
dword ptr [ebp-04]
:00492119 A16C724900
mov eax, dword ptr [0049726C]
:0049211E 8B00
mov eax, dword ptr [eax]
:00492120 8B8078030000
mov eax, dword ptr [eax+00000378]
:00492126 E8D1D6F9FF
call 0042F7FC
:0049212B 8D55F8
lea edx, dword ptr [ebp-08]
:0049212E A16C724900 mov eax, dword
ptr [0049726C]
:00492133 8B00
mov eax, dword ptr [eax]
:00492135 8B807C030000
mov eax, dword ptr [eax+0000037C]
:0049213B E8BCD6F9FF
call 0042F7FC
:00492140 33C9
xor ecx, ecx
:00492142 B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"۟@"
|
:00492144 A1AC924800 mov eax,
dword ptr [004892AC]
:00492149 E8B272FFFF
call 00489400
:0049214E 8BD8
mov ebx, eax
:00492150 8B55FC
mov edx, dword ptr [ebp-04]
:00492153 8BC3
mov eax, ebx
:00492155 E89A73FFFF
call 004894F4
:0049215A C6433800
mov [ebx+38], 00
* Possible StringData Ref from
Code Obj ->"fuck you"£»ÂîÈ˵Ļ°£¬²»Ïë±»ÈËÆƽ⣻²»¹ýÒ²²»ÄÜ;ÂîÈËÊDz»ºÃµÄ£¬Óдú¼ÛµÄ£¬ËùÒÔÎÒÃÇÔÚÏÂÃæÓÃÕâ¸ö"fuck you"
:0049215E BA6C224900 mov edx,
0049226C
:00492163 8BC3
mov eax, ebx
:00492165 E82E73FFFF
call 00489498
:0049216A 8BC3
mov eax, ebx
:0049216C E81F76FFFF
call 00489790
;×¢²áÂëÑéÖ¤
;ÎÒÃǸú½ø¿´Ò»Ï£¬ÈçºÎ£¿
;¿ÉÒÔÔÚÕâÀï϶ϵ㣬¸ú½ø(2)
:00492171 837B2800
cmp dword ptr [ebx+28], 00000000
;Óû§Ãû³¤¶ÈµÈÓÚÁãÂð£¿
:00492175 0F8498000000 je 00492213
;ÕâÀïÌøµ½ÄÄÀ
;µÈÓÚ£¬Ìøת(1)
:0049217B 8B4328
mov eax, dword ptr [ebx+28]
:0049217E
8B55F8 mov edx,
dword ptr [ebp-08]
:00492181 E8B61DF7FF
call 00403F3C
;ÑéÖ¤
:00492186 0F8587000000
jne 00492213
;Ìøת(1)
;¹Ø¼üÌøת
:0049218C
B201 mov
dl, 01
:0049218E A12C224700 mov eax, dword ptr
[0047222C]
:00492193 E89401FEFF
call 0047232C
:00492198 8BF0
mov esi, eax
:0049219A BA02000080
mov edx, 80000002
:0049219F 8BC6
mov eax, esi
:004921A1 E82602FEFF call 004723CC
:004921A6 B101
mov cl, 01
;Òª±©ÆÆ£¬ÓÃHexWorkshop²éÕÒ"0F8587000000"£¬°ÑËü¸ÄΪ"0F8487000000"
;ÔÚ×¢²á¶Ô»°¿òÖÐÊäÈëÓû§ÃûºÍ×¢²áÂ룬Thank you
;²»¹ý£¬Ã¿´ÎÆô¶¯Ê±¶¼ÒªÇó×¢²áºÍThank U
;¾ÍÊÇÄãÊäÈëÕýÈ·µÄ×¢²áÂëÒ²ÊÇÕâÑù
;ÔÒòÊÇ´ò¿ªÈí¼þʱÑéÖ¤£¬Ôõô°ì?
; ^-^ follow me
;²éÕÒ"fuck you"£¬ÃÀ¹ú¹úÂÔ×°½ø¿Ú
;³ÌÐòͬÉÏ
* Possible StringData Ref from Code Obj ->"fuck you"
|
:0048FE6A BA88FF4800
mov edx, 0048FF88
:0048FE6F 8BC7
mov eax, edi
:0048FE71 E82296FFFF
call 00489498
:0048FE76 8BC7
mov eax, edi
:0048FE78
E81399FFFF call 00489790
:0048FE7D 8B4728
mov eax, dword ptr [edi+28]
:0048FE80 8B55F8
mov edx, dword ptr [ebp-08]
:0048FE83 E8B440F7FF
call 00403F3C
:0048FE88 7514
jne 0048FE9E
;HexWorkshop:Find(Type:Hex Values Value:F8E8B440F7FF7514)
;¸ÄΪF8E8B440F7FF7414
;´ò¿ªÈí¼þ¿´¿´£¬Ã»ÓÐ×¢²á´°ÁË£¬ÕýʽÍêÈ«°æ
;Æäʵ£¬Ö»Ðè¸ÄÕâÀï¾Í¿ÉÒÔÁË
;Äã¸ã¶¨ÁËÂð£¿
:0048FE8A C605849A490001
mov byte ptr [00499A84], 01
:0048FE91 33D2
xor edx, edx
:0048FE93 8B8324050000
mov eax, dword ptr [ebx+00000524]
:0048FE99 E84A01FBFF
call 0043FFE8
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:0048FE88(C)
:0048FE9E 8BC7
mov eax, edi
:0048FEA0 E83F30F7FF
call 00402EE4
;¸ú½ø(2)
* Referenced by a CALL at Addresses:
|:0048FE78 , :0049216C
|
:00489790 55
push ebp
:00489791
8BEC mov
ebp, esp
:00489793 6A00
push 00000000
:00489795 53
push ebx
:00489796 56
push esi
:00489797
8BF0 mov
esi, eax
:00489799 33C0
xor eax, eax
:0048979B 55
push ebp
:0048979C 68FC974800
push 004897FC
:004897A1 64FF30
push dword ptr fs:[eax]
:004897A4 648920
mov dword ptr fs:[eax], esp
:004897A7 8B4624
mov eax, dword ptr [esi+24]
:004897AA E87DA6F7FF
call 00403E2C
:004897AF 85C0
test eax, eax
:004897B1 750A
jne 004897BD
:004897B3 8D4628
lea eax, dword ptr [esi+28]
:004897B6 E8F1A3F7FF
call 00403BAC
:004897BB EB29
jmp 004897E6
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004897B1(C)
|
:004897BD 807E3800
cmp byte ptr [esi+38], 00
:004897C1 7504
jne 004897C7
:004897C3 B301
mov bl, 01
:004897C5 EB02
jmp 004897C9
* Referenced by a (U)nconditional or (C)onditional Jump
at Address:
|:004897C1(C)
|
:004897C7 33DB
xor ebx, ebx
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:004897C5(U)
|
:004897C9 53
push ebx
:004897CA 8D45FC
lea eax, dword ptr [ebp-04]
:004897CD 50
push eax
:004897CE 8B4E34
mov ecx, dword ptr [esi+34]
;ecx=edx=fuck you
:004897D1 8B5624
mov edx, dword ptr [esi+24]
;edx=̞
:004897D4 8BC6
mov eax, esi
:004897D6 E875FDFFFF
call 00489550
;×¢²áÂëµÄ¼ÆËã
;Èç¹û£¬ÄãÏëÓÃÄÃÊÖµÄÓïÑÔ×ö¸ö×¢²á»úÇë¸ú½ø£¬¸ú½ø(3)
;²»¹ý£¬ºÜ·±µÄ£¬ÐèÒªpatient£¬»¹ÓÐÉϺÿ§·ÈÈô¸É±¡£¡£¡£ÎÒ²»¸ÉÁË£¬ÎÒҪ˯¾õ¾õ ZZZzz ZzzZZzz
:004897DB 8B55FC
mov edx, dword ptr [ebp-04]
:004897DE 8D4628
lea eax, dword ptr [esi+28]
;edx=×¢²áÂ룬ÎÒÃDz»¾ÍÊÇÒªÕâ¸öÂð£¿
:004897E1 E81AA4F7FF
call 00403C00
;¸ú½ø(2)Íê
;Ìøת(1)£¬À´µ½ÁËÏÂÃ棺
* Referenced by a (U)nconditional
or (C)onditional Jump at Addresses:
|:00492175(C), :00492186(C)
|
:00492213
6A40 push
00000040
:00492215 8B8754050000 mov eax, dword ptr [edi+00000554]
:0049221B E8D01DF7FF call
00403FF0
:00492220 8BD0
mov edx, eax
* Possible StringData Ref from Code Obj ->"ÒÚΨeÊé"
;ÕâÀïµÄ×Ö·ûÊÇÔÚ×¢²á´íÎóʱµÄÏûÏ¢¿ò±êÌâ
;Èç¹ûÔÚW32DasmÖвéÕÒÕâÀïµÄ×Ö·û´®£¬×ó¼üË«»÷
:00492222 B9B4224900
mov ecx, 004922B4 ;3´Îµ½
;Ìøת(1)Íê
Óû§Ãû£ºlq7972
×¢²áÂ룺64B65DF75AB19A
- ±ê Ì⣺ÒÚΨeÊé Ver 0.9 (9ǧ×Ö)
- ×÷ Õߣºlq7972
- ʱ ¼ä£º2003-3-21 17:44:43
- Á´ ½Ó£ºhttp://bbs.pediy.com