下载地址:
http://www.softreg.com.cn/shareware_view.asp?id=/F7A73990-2DF1-450D-B024-AD747C26D297/
软件大小: 301K
软件评价: ***
适用平台: Win9x, WinME, WinNT,
Win2000, WinXP
作者主页: http://www.wbj2000.com
【软件简介】:操作特性非常好的俄罗斯方块。界面简洁。
【软件限制】:30天试用。
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、PEiD、W32Dasm 9.0白金版
—————————————————————————————————
【过 程】:
PSDE_DEMO_RUSSIA.exe
无壳。 Visual C++ 6.0 编写。
用户名:fly
试炼码:13572468
—————————————————————————————————
:004024E1 FFD3
call ebx
:004024E3 A19C974000
mov eax, dword ptr [0040979C]
====>EAX=fly
:004024E8
803800 cmp byte
ptr [eax], 00
====>没有 用户名?
:004024EB
0F8400010000 je 004025F1
:004024F1
8B0D90974000 mov ecx, dword ptr [00409790]
====>ECX=13572468
:004024F7
803900 cmp byte
ptr [ecx], 00
====>没有 注册码?
:004024FA
0F84F1000000 je 004025F1
:00402500
50 push
eax
:00402501 E80AFEFFFF call
00402310
====>算法CALL!进入!
:00402506
8B3D90974000 mov edi, dword ptr [00409790]
====>EDI=13572468
试炼码
:0040250C
A19C974000 mov eax, dword ptr
[0040979C]
====>EAX=M7770770
注册码
:00402511
83C404 add esp,
00000004
:00402514 8BF7
mov esi, edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402534(C)
====>下面是逐位比较了,有一处不同就OVER了。
:00402516 8A10
mov dl, byte
ptr [eax]
:00402518 8ACA
mov cl, dl
:0040251A 3A16
cmp dl, byte ptr [esi]
:0040251C 751C
jne 0040253A
:0040251E
84C9 test
cl, cl
:00402520 7414
je 00402536
:00402522 8A5001
mov dl, byte ptr [eax+01]
:00402525 8ACA
mov cl, dl
:00402527
3A5601 cmp dl, byte
ptr [esi+01]
:0040252A 750E
jne 0040253A
:0040252C 83C002
add eax, 00000002
:0040252F 83C602
add esi, 00000002
:00402532
84C9 test
cl, cl
:00402534 75E0
jne 00402516
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402520(C)
|
:00402536
33C0 xor
eax, eax
:00402538 EB05
jmp 0040253F
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040251C(C),
:0040252A(C)
|
:0040253A 1BC0
sbb eax, eax
====>跳到这就OVER了!
:0040253C 83D8FF sbb eax, FFFFFFFF
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00402538(U)
|
:0040253F
85C0 test
eax, eax
:00402541 7476
je 004025B9
*
Possible Reference to Dialog:
|
:00402543
BEEC904000 mov esi, 004090EC
:00402548
8BC7 mov
eax, edi
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00402568(C)
|
:0040254A
8A10 mov
dl, byte ptr [eax]
:0040254C 8ACA
mov cl, dl
:0040254E 3A16
cmp dl, byte ptr [esi]
:00402550 751C
jne 0040256E
:00402552
84C9 test
cl, cl
:00402554 7414
je 0040256A
:00402556 8A5001
mov dl, byte ptr [eax+01]
:00402559 8ACA
mov cl, dl
:0040255B
3A5601 cmp dl, byte
ptr [esi+01]
:0040255E 750E
jne 0040256E
:00402560 83C002
add eax, 00000002
:00402563 83C602
add esi, 00000002
:00402566
84C9 test
cl, cl
:00402568 75E0
jne 0040254A
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402554(C)
|
:0040256A
33C0 xor
eax, eax
:0040256C EB05
jmp 00402573
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00402550(C),
:0040255E(C)
|
:0040256E 1BC0
sbb eax, eax
:00402570 83D8FF
sbb eax, FFFFFFFF
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040256C(U)
|
:00402573
85C0 test
eax, eax
:00402575 7442
je 004025B9
:00402577 A194974000
mov eax, dword ptr [00409794]
:0040257C 6A00
push 00000000
:0040257E 83F803
cmp eax, 00000003
*
Possible StringData Ref from Data Obj ->"用户注册"
|
:00402581 68E0904000
push 004090E0
:00402586 7D23
jge 004025AB
*
Possible StringData Ref from Data Obj ->"注册码错误!请重新输入!"
====>BAD BOY!
:00402588
68C4904000 push 004090C4
:0040258D
55 push
ebp
* Reference To:
USER32.MessageBoxA, Ord:01BEh
|
:0040258E
FF1534714000 Call dword ptr [00407134]
:00402594
A194974000 mov eax, dword ptr
[00409794]
:00402599 5F
pop edi
:0040259A 40
inc eax
:0040259B 5E
pop esi
:0040259C
A394974000 mov dword ptr [00409794],
eax
:004025A1 5D
pop ebp
:004025A2 B801000000
mov eax, 00000001
:004025A7 5B
pop ebx
:004025A8 C21000
ret 0010
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402586(C)
|
*
Possible StringData Ref from Data Obj ->"注册码错误!"
|
:004025AB 68B4904000
push 004090B4
:004025B0 55
push ebp
*
Reference To: USER32.MessageBoxA, Ord:01BEh
|
:004025B1
FF1534714000 Call dword ptr [00407134]
:004025B7
EB2B jmp
004025E4
* Referenced
by a (U)nconditional or (C)onditional Jump at Addresses:
|:00402541(C), :00402575(C)
|
:004025B9
8B3D9C974000 mov edi, dword ptr [0040979C]
:004025BF
B940000000 mov ecx, 00000040
:004025C4
33C0 xor
eax, eax
:004025C6 C7058097400001000000 mov dword ptr [00409780],
00000001
:004025D0 F3
repz
:004025D1 AB
stosd
:004025D2 A19C974000
mov eax, dword ptr [0040979C]
:004025D7 50
push
eax
:004025D8 6A10
push 00000010
:004025DA 6A0D
push 0000000D
:004025DC 68F7030000
push 000003F7
:004025E1 55
push ebp
:004025E2
FFD3 call
ebx
* Referenced by
a (U)nconditional or (C)onditional Jump at Address:
|:004025B7(U)
|
:004025E4
6A00 push
00000000
:004025E6 6A00
push 00000000
:004025E8 6A10
push 00000010
:004025EA 55
push ebp
*
Reference To: USER32.PostMessageA, Ord:01DEh
|
:004025EB
FF1520714000 Call dword ptr [00407120]
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004023AB(C),
:00402457(C), :004024EB(C), :004024FA(C)
|
:004025F1 5F
pop edi
:004025F2 5E
pop
esi
:004025F3 5D
pop ebp
:004025F4 B801000000
mov eax, 00000001
:004025F9 5B
pop ebx
:004025FA C21000
ret 0010
—————————————————————————————————
进入算法CALL:402501 call 00402310
*
Referenced by a CALL at Addresses:
|:00402501 , :0040270D
|
:00402310
53 push
ebx
:00402311 56
push esi
:00402312 57
push edi
:00402313 8B7C2410
mov edi, dword ptr [esp+10]
====>EDI=fly
:00402317
32DB xor
bl, bl
:00402319 8BCF
mov ecx, edi
:0040231B 8A07
mov al, byte ptr [edi]
====>逐位取fly字符的HEX值
:0040231D
84C0 test
al, al
:0040231F 740A
je 0040232B
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402329(C)
|
:00402321
02D8 add
bl, al
1、 ====>BL=00 + 66=66
2、
====>BL=66 + 6C=D2
3、 ====>BL=D2 + 79=4B
进位1舍去
:00402323
8A4101 mov al, byte
ptr [ecx+01]
:00402326 41
inc ecx
:00402327 84C0
test al, al
:00402329 75F6
jne 00402321
====>逐位相加用户名字符的HEX值
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040231F(C)
|
:0040232B
A18C974000 mov eax, dword ptr
[0040978C]
====>EAX=[0040978C]=00989682
:00402330
33F6 xor
esi, esi
:00402332 A398974000 mov
dword ptr [00409798], eax
====>[00409798]=EAX=00989682
程序自给
:00402337
A188974000 mov eax, dword ptr
[00409788]
====>EAX=[00409788]=8
程序自给
:0040233C
85C0 test
eax, eax
:0040233E 7E2D
jle 0040236D
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040236B(C)
|
:00402340
8A0C3E mov cl, byte
ptr [esi+edi]
====>逐位取fly字符的HEX值,不够8位补00
:00402343
32CB xor
cl, bl
1、 ====>CL=66 XOR 4B=2D
2、
====>CL=6C XOR 4B=27
3、 ====>CL=79 XOR 4B=32
4、 ====>CL=00 XOR 4B=4B
5、
====>CL=00 XOR 4B=4B
6、 ====>CL=00 XOR 4B=4B
7、 ====>CL=00 XOR 4B=4B
8、
====>CL=00 XOR 4B=4B
:00402345
51 push
ecx
:00402346 E895FFFFFF call
004022E0
====>子运算CALL!得出下面的AL值!
:0040234B
83C404 add esp,
00000004
:0040234E 88043E
mov byte ptr [esi+edi], al
:00402351 3C0A
cmp al, 0A
====>AL 与 A 比较
:00402353
0FBEC0 movsx eax,
al
:00402356 7D05
jge 0040235D
====>AL值 小于 A
则加30,否则跳下去加41,
:00402358
83C030 add eax,
00000030
2、 ====>EAX=00000007 + 00000030=37
即:字符 7
3、 ====>EAX=00000007 + 00000030=37
即:字符 7
4、 ====>EAX=00000007 + 00000030=37
即:字符 7
5、 ====>EAX=00000000 + 00000030=30
即:字符 0
6、 ====>EAX=00000000 + 00000030=30
即:字符 0
7、 ====>EAX=00000007 + 00000030=37
即:字符 7
8、 ====>EAX=00000000 + 00000030=30
即:字符 0
:0040235B EB03 jmp 00402360
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402356(C)
|
:0040235D
83C041 add eax,
00000041
1、 ====>EAX=0000000C + 00000041=4D
即:字符 M
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:0040235B(U)
|
:00402360
88043E mov byte
ptr [esi+edi], al
====>AL 存入[esi+edi]处
====>最后得出:M7770070 这就是我的注册码了!
:00402363
A188974000 mov eax, dword ptr
[00409788]
====>EAX=[00409788]=8
:00402368
46 inc
esi
:00402369 3BF0
cmp esi, eax
:0040236B 7CD3
jl 00402340
====>共循环8次!
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040233E(C)
|
:0040236D
C6043800 mov byte ptr [eax+edi],
00
:00402371 5F
pop edi
:00402372 5E
pop esi
:00402373 5B
pop ebx
:00402374 C3
ret
—————————————————————————————————
进入子运算CALL:00402346 call 004022E0
*
Referenced by a CALL at Address:
|:00402346
|
:004022E0 0FBE442404
movsx eax, byte ptr [esp+04]
1、 ====>EAX=2D
2、 ====>EAX=27
3、 ====>EAX=32
4、 ====>EAX=4B
5、 ====>EAX=4B
6、 ====>EAX=4B
7、 ====>EAX=4B
8、 ====>EAX=4B
:004022E5
030598974000 add eax, dword ptr [00409798]
1、 ====>EAX=2D + 00989682=009896AF
2、
====>EAX=27 + 491C14F8=491C151F
3、 ====>EAX=32
+ 0BE7A0E8=0BE7A11A
4、 ====>EAX=4B + 2F5799DB=2F579A26
5、 ====>EAX=4B + C3079BC7=C3079C12
6、
====>EAX=4B + 6D90A193=6D90A1DE
7、 ====>EAX=4B
+ D0409E3F=D0409E8A
8、 ====>EAX=4B + 4DB73CCB=4DB73D16
:004022EB
69C0697DAE42 imul eax, 42AE7D69
1、 ====>EAX=009896AF * 42AE7D69=491B40C7
2、
====>EAX=491C151F * 42AE7D69=0BE6CCB7
3、
====>EAX=0BE7A11A * 42AE7D69=2F56C5AA
4、 ====>EAX=2F579A26
* 42AE7D69=C306C796
5、 ====>EAX=C3079C12 * 42AE7D69=6D8FCD62
6、 ====>EAX=6D90A1DE * 42AE7D69=D03FCA0E
7、
====>EAX=D0409E8A * 42AE7D69=4DB6689A
8、
====>EAX=4DB73D16 * 42AE7D69=89EFCC06
:004022F1
0531D40000 add eax, 0000D431
1、 ====>EAX=491B40C7 + 0000D431=491C14F8
2、
====>EAX=0BE6CCB7 + 0000D431=0BE7A0E8
3、
====>EAX=2F56C5AA + 0000D431=2F5799DB
4、 ====>EAX=C306C796
+ 0000D431=C3079BC7
5、 ====>EAX=6D8FCD62 + 0000D431=6D90A193
6、 ====>EAX=D03FCA0E + 0000D431=D0409E3F
7、
====>EAX=4DB6689A + 0000D431=4DB73CCB
8、
====>EAX=89EFCC06 + 0000D431=89F0A037
:004022F6
A398974000 mov dword ptr [00409798],
eax
====>[00409798]=EAX
:004022FB
C1F810 sar eax,
10
1、 ====>EAX=491C14F8 SAR 10=0000491C
2、 ====>EAX=0BE7A0E8 SAR 10=00000BE7
3、
====>EAX=2F5799DB SAR 10=00002F57
4、 ====>EAX=C3079BC7
SAR 10=FFFFC307
5、 ====>EAX=6D90A193 SAR 10=00006D90
6、 ====>EAX=D0409E3F SAR 10=FFFFD040
7、
====>EAX=4DB73CCB SAR 10=00004DB7
8、 ====>EAX=89F0A037
SAR 10=FFFF89F0
:004022FE
83E00F and eax,
0000000F
1、 ====>EAX=0000491C AND 0000000F=0000000C
2、 ====>EAX=00000BE7 AND 0000000F=00000007
3、
====>EAX=00002F57 AND 0000000F=00000007
4、
====>EAX=FFFFC307 AND 0000000F=00000007
5、 ====>EAX=00006D90
AND 0000000F=00000000
6、 ====>EAX=FFFFD040 AND 0000000F=00000000
7、 ====>EAX=00004DB7 AND 0000000F=00000007
8、
====>EAX=FFFF89F0 AND 0000000F=00000000
:00402301 C3 ret
—————————————————————————————————
【KeyMake之{62th}内存注册机】:
中断地址:402516
中断次数:1
第一字节:8A
指令长度:2
内存方式:EAX
—————————————————————————————————
【注册信息保存】:
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\PSDE_DEMO_RUSSIA]
@="PSDE_DEMO_RUSSIA"
"Version"="1.00"
"First"="2003/04/16"
"UserName"="fly"
"UserPassword"="M7770070"
—————————————————————————————————
【整 理】:
用户名:fly
注册码:M7770070
—————————————————————————————————
Cracked By
巢水工作坊——fly [OCN][FCG]
2003-4-17 2:23