下载页面:http://www.en2000.com/download.htm
软件大小:5M
【软件简介】:新概念英语句霸2是用一种用新思维、新概念来学习英语句型的学习软件。它采用著名的“艾滨豪斯遗忘曲线”原理,采用听,说,读,写,记等方法,并结合动画人物指导,复读,录音对比等软件功能,根据人体记忆曲线反复刺激记忆,以达到牢记所学句型的目的。软件中包含"英语900句","走遍美国”等众多学习英语的优秀教材做为学习对象,正式版的用户还可以赠送"新概念英语(1-4册)的全部课文的句库和新概念英语的真人语音予以学习。
【软件限制】:NAG、功能限制。
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、PEiD、UnAspacka、W32Dasm 9.0白金版
—————————————————————————————————
【过 程】:
呵呵,朋友用U盘拿来这个东东要我看看,我看了一下说明,告诉他即使破解了也无法从其主页下载词库的,朋友说起码没有NAG了吧,我只好勉强试试了。哎,这个程序的算法已经超出了我的能力范围,我根本无法搞定,仅仅是简单分析
。见笑了。
新概念英语句霸.exe 是ASPack 2.12壳,用UnAspacka脱之。534K->1.38M。Delphi编写。
注册名:fly
申请码:58122273
试炼码:13572468-90ABCDEF
程序要求重启验证,注册码保存在注册表中,于是在反汇编代码里查找"RegNumOne",很容易就找到核心。
—————————————————————————————————
* Possible StringData Ref from Code Obj ->"JuBaPath"
|
:0050680A BAF06A5000
mov edx, 00506AF0
:0050680F E868B0F3FF
call 0044187C
:00506814 8D85C4FDFFFF
lea eax, dword ptr [ebp+FFFFFDC4]
:0050681A 50
push eax
:0050681B
8D95C0FDFFFF lea edx, dword ptr [ebp+FFFFFDC0]
:00506821
A120CD5100 mov eax, dword ptr
[0051CD20]
:00506826 8B00
mov eax, dword ptr [eax]
====>EAX=58122273
呵呵,申请码
:00506828
E8AF96FFFF call 004FFEDC
====>核心CALL!进入!
:0050682D
8B85C0FDFFFF mov eax, dword ptr [ebp+FFFFFDC0]
====>EAX=5D7B911B1AC3AD53
:00506833
B908000000 mov ecx, 00000008
:00506838
BA01000000 mov edx, 00000001
:0050683D
E8DAE7EFFF call 0040501C
:00506842
8B85C4FDFFFF mov eax, dword ptr [ebp+FFFFFDC4]
:00506848
50 push
eax
:00506849 8D8DBCFDFFFF lea ecx,
dword ptr [ebp+FFFFFDBC]
:0050684F A12CD05100
mov eax, dword ptr [0051D02C]
:00506854 8B00
mov eax, dword ptr [eax]
*
Possible StringData Ref from Code Obj ->"RegNumOne"
|
:00506856 BA046B5000
mov edx, 00506B04
:0050685B E848B0F3FF
call 004418A8
:00506860 8B95BCFDFFFF
mov edx, dword ptr [ebp+FFFFFDBC]
====>EDX=13572468
:00506866
58 pop
eax
====>EAX=5D7B911B
:00506867
E89CE6EFFF call 00404F08
====>比较前8位注册码
:0050686C
7564 jne
005068D2
====>跳则OVER!
:0050686E
8D85B8FDFFFF lea eax, dword ptr [ebp+FFFFFDB8]
:00506874
50 push
eax
:00506875 8D95B4FDFFFF lea edx,
dword ptr [ebp+FFFFFDB4]
:0050687B A120CD5100
mov eax, dword ptr [0051CD20]
:00506880 8B00
mov eax, dword ptr [eax]
:00506882
E85596FFFF call 004FFEDC
:00506887
8B85B4FDFFFF mov eax, dword ptr [ebp+FFFFFDB4]
:0050688D
B908000000 mov ecx, 00000008
:00506892
BA09000000 mov edx, 00000009
:00506897
E880E7EFFF call 0040501C
:0050689C
8B85B8FDFFFF mov eax, dword ptr [ebp+FFFFFDB8]
:005068A2
50 push
eax
:005068A3 8D8DB0FDFFFF lea ecx,
dword ptr [ebp+FFFFFDB0]
:005068A9 A12CD05100
mov eax, dword ptr [0051D02C]
:005068AE 8B00
mov eax, dword ptr [eax]
*
Possible StringData Ref from Code Obj ->"RegNumTwo"
|
:005068B0 BA186B5000
mov edx, 00506B18
:005068B5 E8EEAFF3FF
call 004418A8
:005068BA 8B95B0FDFFFF
mov edx, dword ptr [ebp+FFFFFDB0]
====>EDX=90ABCDEF
:005068C0
58 pop
eax
====>EAX=1AC3AD53
:005068C1
E842E6EFFF call 00404F08
====>比较后8位注册码
:005068C6
750A jne
005068D2
====>跳则OVER!
:005068C8
A168CF5100 mov eax, dword ptr
[0051CF68]
:005068CD C60001
mov byte ptr [eax], 01
====>置1则OK!
:005068D0 EB08 jmp 005068DA
* Referenced
by a (U)nconditional or (C)onditional Jump at Addresses:
|:0050686C(C), :005068C6(C)
|
:005068D2
A168CF5100 mov eax, dword ptr
[0051CF68]
:005068D7 C60000
mov byte ptr [eax], 00
====>置0则OVER!
爆破点!
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0050668E(C),
:005068D0(U)
|
:005068DA A168CF5100
mov eax, dword ptr [0051CF68]
:005068DF 803800
cmp byte ptr [eax], 00
====>比较
:005068E2
750F jne
005068F3
====>不跳则OVER!
:005068E4
A168CA5100 mov eax, dword ptr
[0051CA68]
:005068E9 8B00
mov eax, dword ptr [eax]
:005068EB 8B10
mov edx, dword ptr [eax]
:005068ED
FF92EC000000 call dword ptr [edx+000000EC]
—————————————————————————————————
进入核心CALL:00506828 call 004FFEDC
*
Referenced by a CALL at Addresses:
|:00506828 , :00506882
|
:004FFEDC
55 push
ebp
:004FFEDD 8BEC
mov ebp, esp
:004FFEDF 83C4C4
add esp, FFFFFFC4
:004FFEE2 53
push ebx
:004FFEE3 56
push
esi
:004FFEE4 57
push edi
:004FFEE5 33C9
xor ecx, ecx
:004FFEE7 894DC8
mov dword ptr [ebp-38], ecx
:004FFEEA
894DC4 mov dword
ptr [ebp-3C], ecx
:004FFEED 894DF4
mov dword ptr [ebp-0C], ecx
:004FFEF0 894DDC
mov dword ptr [ebp-24], ecx
:004FFEF3
8955F8 mov dword
ptr [ebp-08], edx
:004FFEF6 8945FC
mov dword ptr [ebp-04], eax
:004FFEF9 8B45FC
mov eax, dword ptr [ebp-04]
====>EAX=58122273
呵呵,申请码
:004FFEFC
E8AB50F0FF call 00404FAC
====>取申请码长度
:004FFF01
33C0 xor
eax, eax
:004FFF03 55
push ebp
:004FFF04 68B0005000
push 005000B0
:004FFF09 64FF30
push dword ptr fs:[eax]
:004FFF0C 648920
mov dword ptr fs:[eax],
esp
:004FFF0F 8D45F4
lea eax, dword ptr [ebp-0C]
:004FFF12 8B55FC
mov edx, dword ptr [ebp-04]
:004FFF15 E87A4CF0FF
call 00404B94
:004FFF1A 8D45F4
lea eax, dword ptr
[ebp-0C]
* Possible
StringData Ref from Code Obj ->"1234567"
|
:004FFF1D BAC8005000
mov edx, 005000C8
====>EDX=1234567
:004FFF22
E89D4EF0FF call 00404DC4
:004FFF27
8D45F4 lea eax,
dword ptr [ebp-0C]
:004FFF2A BA08000000
mov edx, 00000008
:004FFF2F E81452F0FF
call 00405148
:004FFF34 C745CC516F8550
mov [ebp-34], 50856F51
====>[ebp-34]=50856F51
呵呵,程序给的固定值
:004FFF3B
C745D061722F84 mov [ebp-30], 842F7261
====>[ebp-30]=842F7261 呵呵,程序给的固定值
:004FFF42
C745D46265E742 mov [ebp-2C], 42E76562
====>[ebp-2C]=42E76562 呵呵,程序给的固定值
:004FFF49
C745D8706E676E mov [ebp-28], 6E676E70
====>[ebp-28]=6E676E70 呵呵,程序给的固定值
:004FFF50
33C9 xor
ecx, ecx
:004FFF52 B004
mov al, 04
====>AL=04
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004FFF68(C)
|
:004FFF54
33D2 xor
edx, edx
:004FFF56 8AD0
mov dl, al
====>DL=AL
:004FFF58
8B5DF4 mov ebx,
dword ptr [ebp-0C]
====>EBX=58122273
:004FFF5B
0FB65413FF movzx edx, byte ptr
[ebx+edx-01]
1、 ====>EDX=32
2、
====>EDX=31
3、 ====>EDX=38
4、
====>EDX=35
:004FFF60
03CA add
ecx, edx
1、 ====>ECX=00000000 + 00000032=00000032
2、 ====>ECX=00003200 + 00000031=00003231
3、
====>ECX=00323100 + 00000038=00323138
:004FFF62
C1E108 shl ecx,
08
1、 ====>ECX=00000032 SHL 08=00003200
2、 ====>ECX=00003231 SHL 08=00323100
3、
====>ECX=00323138 SHL 08=32313800
:004FFF65
48 dec
eax
====>EAX减1
:004FFF66
3C01 cmp
al, 01
:004FFF68 75EA
jne 004FFF54
====>循环倒序取前3位运算
:004FFF6A
8B45F4 mov eax,
dword ptr [ebp-0C]
====>EAX=58122273
:004FFF6D
0FB600 movzx eax,
byte ptr [eax]
4、 ====>EDX=35
:004FFF70
03C8 add
ecx, eax
4、 ====>ECX=32313800 + 00000035=32313835
:004FFF72
33F6 xor
esi, esi
:004FFF74 B008
mov al, 08
====>AL=08
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004FFF8A(C)
|
:004FFF76
33D2 xor
edx, edx
:004FFF78 8AD0
mov dl, al
====>DL=AL
:004FFF7A
8B5DF4 mov ebx,
dword ptr [ebp-0C]
====>EBX=58122273
:004FFF7D
0FB65413FF movzx edx, byte ptr
[ebx+edx-01]
5、 ====>EDX=33
6、
====>EDX=37
7、 ====>EDX=32
:004FFF82
03F2 add
esi, edx
5、 ====>ESI=00000000 + 00000033=00000033
6、 ====>ESI=00003300 + 00000037=00003337
7、
====>ESI=00333700 + 00000032=00333732
:004FFF84
C1E608 shl esi,
08
5、 ====>ESI=00000033 SHL 08=00003300
6、 ====>ESI=00003337 SHL 08=00333700
7、
====>ESI=00333732 SHL 08=33373200
:004FFF87
48 dec
eax
:004FFF88 3C05
cmp al, 05
:004FFF8A 75EA
jne 004FFF76
====>循环倒序取最后3位运算
:004FFF8C
8B45F4 mov eax,
dword ptr [ebp-0C]
====>EAX=58122273
:004FFF8F
0FB64004 movzx eax, byte
ptr [eax+04]
8、 ====>EDX=32
:004FFF93
03F0 add
esi, eax
8、 ====>ESI=33373200 + 00000032=33373232
:004FFF95
33FF xor
edi, edi
:004FFF97 B020
mov al, 20
====>AL=20
====>下面进行“疯狂”循环了。^-^
^-^
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004FFFD5(C)
|
:004FFF99
81C7F93103D9 add edi, D90331F9
====>EDI=00000000 + D90331F9=D90331F9
:004FFF9F
8BD6 mov
edx, esi
====>EDX=ESI
:004FFFA1
C1E204 shl edx,
04
====>EDX=33373232 SHL 04=33732320
:004FFFA4
03CA add
ecx, edx
====>ECX=32313835 + 33732320=65A45B55
:004FFFA6
8B55CC mov edx,
dword ptr [ebp-34]
====>EDX=50856F51
呵呵,程序给的固定值
:004FFFA9
33D6 xor
edx, esi
====>EDX=50856F51 XOR 33373232=63B25D63
:004FFFAB
03CA add
ecx, edx
====>ECX=65A45B55 + 63B25D63=C956B8B8
:004FFFAD
8BD6 mov
edx, esi
====>EDX=ESI
:004FFFAF
C1EA05 shr edx,
05
====>EDX=33373232 SHR 05=0199B991
:004FFFB2
33D7 xor
edx, edi
====>EDX=0199B991 XOR D90331F9=D89A8868
:004FFFB4
03CA add
ecx, edx
====>ECX=C956B8B8 + D89A8868=A1F14120
:004FFFB6
034DD0 add ecx,
dword ptr [ebp-30]
====>ECX=A1F14120
+ 842F7261=2620B381
:004FFFB9
8BD1 mov
edx, ecx
====>EDX=ECX=2620B381
:004FFFBB
C1E204 shl edx,
04
====>EDX=2620B381 SHL 04=620B3810
:004FFFBE
03F2 add
esi, edx
====>ESI=33373232 + 620B3810=95426A42
:004FFFC0
8B55D4 mov edx,
dword ptr [ebp-2C]
====>EDX=42E76562
:004FFFC3
33D1 xor
edx, ecx
====>EDX=42E76562 XOR 2620B381=64C7D6E3
:004FFFC5
03F2 add
esi, edx
====>ESI=95426A42 + 64C7D6E3=FA0A4125
:004FFFC7
8BD1 mov
edx, ecx
====>EDX=ECX=2620B381
:004FFFC9
C1EA05 shr edx,
05
====>EDX=2620B381 SHL 05=0131059C
:004FFFCC
33D7 xor
edx, edi
====>EDX=0131059C XOR D90331F9=D8323465
:004FFFCE
03F2 add
esi, edx
====>ESI=FA0A4125 + D8323465=D23C758A
:004FFFD0
0375D8 add esi,
dword ptr [ebp-28]
====>ESI=D23C758A
+ 6E676E70=40A3E3FA
:004FFFD3
FEC8 dec
al
====>AL减1
:004FFFD5
75C2 jne
004FFF99
====>呵呵,循环32次呀!
不记这些了,否则这种笨方法会使我吐血的。呵呵。循环结束后的主要结果如下:
====>EDI=20663F20
====>ESI=DAD08191
====>ECX=CA1CE260
====>EDX=2636D833
:004FFFD7
8BC1 mov
eax, ecx
====>EAX=ECX=CA1CE260
:004FFFD9
25FFFFFF3F and eax, 3FFFFFFF
====>EAX=CA1CE260 AND 3FFFFFFF=0A1CE260
:004FFFDE
83C002 add eax,
00000002
====>EAX=0A1CE260 + 00000002=0A1CE262
:004FFFE1
33D2 xor
edx, edx
:004FFFE3 8945E8
mov dword ptr [ebp-18], eax
====>[ebp-18]=EAX=0A1CE262
:004FFFE6
8955EC mov dword
ptr [ebp-14], edx
====>[ebp-14]=EDX=0
:004FFFE9
8BC1 mov
eax, ecx
====>EAX=ECX=CA1CE260
:004FFFEB
C1E81E shr eax,
1E
====>EAX=CA1CE260 SHR 1E=00000003
:004FFFEE
055000F824 add eax, 24F80050
====>EAX=00000003 + 24F80050=24F80053
:004FFFF3
83C002 add eax,
00000002
====>EAX=24F80053 + 00000002=24F80055
:004FFFF6
33D2 xor
edx, edx
:004FFFF8 8945E0
mov dword ptr [ebp-20], eax
====>[ebp-20]=EAX=24F80055
:004FFFFB
8955E4 mov dword
ptr [ebp-1C], edx
====>[ebp-1C]=EDX=0
:004FFFFE
FF75EC push [ebp-14]
:00500001
FF75E8 push [ebp-18]
:00500004
6A00 push
00000000
:00500006 68F9862C00 push
002C86F9
:0050000B 6A00
push 00000000
:0050000D 68E3A0AA69
push 69AAA0E3
:00500012 E8B9000000
call 005000D0
====>算法CALL
!进入!以0A1CE262为参数运算前8位注册码
:00500017
8945E8 mov dword
ptr [ebp-18], eax
====>[ebp-18]=EAX=5D7B911B
:0050001A
8955EC mov dword
ptr [ebp-14], edx
:0050001D FF75E4
push [ebp-1C]
:00500020 FF75E0
push [ebp-20]
:00500023 6A00
push 00000000
:00500025
68F9862C00 push 002C86F9
:0050002A
6A00 push
00000000
:0050002C 68E3A0AA69 push
69AAA0E3
:00500031 E89A000000 call
005000D0
====>算法CALL !
以24F80055为参数运算后8位注册码
:00500036
8945E0 mov dword
ptr [ebp-20], eax
====>[ebp-20]=EAX=1AC3AD53
:00500039
8955E4 mov dword
ptr [ebp-1C], edx
:0050003C FF75E4
push [ebp-1C]
:0050003F FF75E0
push [ebp-20]
:00500042 8D55C8
lea edx, dword ptr [ebp-38]
:00500045
B808000000 mov eax, 00000008
:0050004A
E85598F0FF call 004098A4
:0050004F
8B45C8 mov eax,
dword ptr [ebp-38]
:00500052 50
push eax
:00500053 FF75EC
push [ebp-14]
:00500056 FF75E8
push [ebp-18]
:00500059 8D55C4
lea edx, dword ptr
[ebp-3C]
:0050005C B808000000 mov
eax, 00000008
:00500061 E83E98F0FF
call 004098A4
:00500066 8B55C4
mov edx, dword ptr [ebp-3C]
:00500069 8D45DC
lea eax, dword ptr [ebp-24]
:0050006C
59 pop
ecx
:0050006D E8964DF0FF call
00404E08
:00500072 8B45F8
mov eax, dword ptr [ebp-08]
:00500075 8B55DC
mov edx, dword ptr [ebp-24]
:00500078
E8D34AF0FF call 00404B50
:0050007D
33C0 xor
eax, eax
:0050007F 5A
pop edx
:00500080 59
pop ecx
:00500081 59
pop ecx
:00500082
648910 mov dword
ptr fs:[eax], edx
:00500085 68B7005000
push 005000B7
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005000B5(U)
|
:0050008A
8D45C4 lea eax,
dword ptr [ebp-3C]
:0050008D BA02000000
mov edx, 00000002
:00500092 E8894AF0FF
call 00404B20
:00500097 8D45DC
lea eax, dword ptr [ebp-24]
:0050009A E85D4AF0FF
call 00404AFC
:0050009F 8D45F4
lea eax, dword ptr
[ebp-0C]
:005000A2 E8554AF0FF call
00404AFC
:005000A7 8D45FC
lea eax, dword ptr [ebp-04]
:005000AA E84D4AF0FF
call 00404AFC
:005000AF C3
ret
—————————————————————————————————
进入算法CALL:00500012 call 005000D0
*
Referenced by a CALL at Addresses:
|:00500012 , :00500031
|
:005000D0
55 push
ebp
:005000D1 8BEC
mov ebp, esp
:005000D3 83C4E0
add esp, FFFFFFE0
:005000D6 8B4518
mov eax, dword ptr [ebp+18]
:005000D9
8945F0 mov dword
ptr [ebp-10], eax
====>[ebp-10]=EAX=0A1CE262
:005000DC
8B451C mov eax,
dword ptr [ebp+1C]
:005000DF 8945F4
mov dword ptr [ebp-0C], eax
:005000E2 8B4510
mov eax, dword ptr [ebp+10]
:005000E5
8945E8 mov dword
ptr [ebp-18], eax
====>[ebp-18]=EAX=002C86F9
:005000E8
8B4514 mov eax,
dword ptr [ebp+14]
:005000EB 8945EC
mov dword ptr [ebp-14], eax
:005000EE C745E001000000
mov [ebp-20], 00000001
:005000F5 C745E400000000
mov [ebp-1C], 00000000
:005000FC E986000000
jmp 00500187
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0050018B(C),
:00500195(C)
|
:00500101 6A00
push 00000000
:00500103 6A02
push 00000002
:00500105 8B45E8
mov eax, dword ptr
[ebp-18]
:00500108 8B55EC
mov edx, dword ptr [ebp-14]
:0050010B E8505AF0FF
call 00405B60
:00500110 83FA00
cmp edx, 00000000
:00500113
753E jne
00500153
:00500115 83F800
cmp eax, 00000000
:00500118 7539
jne 00500153
:0050011A 6A00
push 00000000
:0050011C
6A02 push
00000002
:0050011E 8B45E8
mov eax, dword ptr [ebp-18]
:00500121 8B55EC
mov edx, dword ptr [ebp-14]
:00500124
E8BB59F0FF call 00405AE4
====>子运算CALL 1
:00500129
8945E8 mov dword
ptr [ebp-18], eax
:0050012C 8955EC
mov dword ptr [ebp-14], edx
:0050012F FF750C
push [ebp+0C]
:00500132 FF7508
push [ebp+08]
:00500135
FF75F4 push [ebp-0C]
:00500138
FF75F0 push [ebp-10]
:0050013B
8B45F0 mov eax,
dword ptr [ebp-10]
:0050013E 8B55F4
mov edx, dword ptr [ebp-0C]
:00500141 E87A59F0FF
call 00405AC0
====>子运算CALL 2
:00500146
E8155AF0FF call 00405B60
====>子运算CALL 3
:0050014B
8945F0 mov dword
ptr [ebp-10], eax
:0050014E 8955F4
mov dword ptr [ebp-0C], edx
:00500151 EB34
jmp 00500187
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00500113(C),
:00500118(C)
|
:00500153 8B45E8
mov eax, dword ptr [ebp-18]
====>EAX=[ebp-18]=002C86F9
:00500156
8B55EC mov edx,
dword ptr [ebp-14]
:00500159 83E801
sub eax, 00000001
====>EAX=002C86F9
- 1=002C86F8
:0050015C
83DA00 sbb edx,
00000000
:0050015F 8945E8
mov dword ptr [ebp-18], eax
====>[ebp-18]=EAX
:00500162
8955EC mov dword
ptr [ebp-14], edx
:00500165 FF750C
push [ebp+0C]
:00500168 FF7508
push [ebp+08]
:0050016B FF75E4
push [ebp-1C]
:0050016E FF75E0
push [ebp-20]
:00500171
8B45F0 mov eax,
dword ptr [ebp-10]
====>EAX=[ebp-10]=0A1CE262
:00500174
8B55F4 mov edx,
dword ptr [ebp-0C]
:00500177 E84459F0FF
call 00405AC0
====>子运算CALL
2
:0050017C E8DF59F0FF
call 00405B60
====>子运算CALL 3
:00500181
8945E0 mov dword
ptr [ebp-20], eax
====>[ebp-20]=EAX=0A1CE262
====>循环结束后EAX=5D7B911B 呵呵,这就是注册码的前8位了!
:00500184
8955E4 mov dword
ptr [ebp-1C], edx
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:005000FC(U),
:00500151(U)
|
:00500187 837DEC00
cmp dword ptr [ebp-14], 00000000
:0050018B 0F8570FFFFFF
jne 00500101
:00500191 837DE800
cmp dword ptr [ebp-18], 00000000
====>[ebp-18]=002C86F9
:00500195
0F8566FFFFFF jne 00500101
====>呵呵,疯狂循环直至002C86F9为0!
:0050019B
8B45E0 mov eax,
dword ptr [ebp-20]
:0050019E 8945F8
mov dword ptr [ebp-08], eax
:005001A1 8B45E4
mov eax, dword ptr [ebp-1C]
:005001A4
8945FC mov dword
ptr [ebp-04], eax
:005001A7 8B45F8
mov eax, dword ptr [ebp-08]
:005001AA 8B55FC
mov edx, dword ptr [ebp-04]
:005001AD
8BE5 mov
esp, ebp
:005001AF 5D
pop ebp
:005001B0 C21800
ret 0018
---------------------------------------------------
进入子运算CALL
1:00500124 call 00405AE4
*
Referenced by a CALL at Addresses:
|:00405C6F , :0041636F , :00500124
|
:00405AE4 55
push ebp
:00405AE5 53
push ebx
:00405AE6 56
push esi
:00405AE7
57 push
edi
:00405AE8 31FF
xor edi, edi
:00405AEA 8B5C2414
mov ebx, dword ptr [esp+14]
:00405AEE 8B4C2418
mov ecx, dword ptr [esp+18]
:00405AF2
09C9 or ecx,
ecx
:00405AF4 7508
jne 00405AFE
:00405AF6 09D2
or edx, edx
:00405AF8 745C
je 00405B56
:00405AFA
09DB or ebx,
ebx
:00405AFC 7458
je 00405B56
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405AF4(C)
|
:00405AFE
09D2 or edx,
edx
:00405B00 790A
jns 00405B0C
:00405B02 F7DA
neg edx
:00405B04 F7D8
neg eax
:00405B06 83DA00
sbb edx, 00000000
:00405B09
83CF01 or edi, 00000001
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405B00(C)
|
:00405B0C
09C9 or ecx,
ecx
:00405B0E 790A
jns 00405B1A
:00405B10 F7D9
neg ecx
:00405B12 F7DB
neg ebx
:00405B14 83D900
sbb ecx, 00000000
:00405B17
83F701 xor edi,
00000001
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00405B0E(C)
|
:00405B1A
89CD mov
ebp, ecx
:00405B1C B940000000 mov
ecx, 00000040
:00405B21 57
push edi
:00405B22 31FF
xor edi, edi
:00405B24 31F6
xor esi, esi
:00405B26
D1E0 shl
eax, 1
:00405B28 D1D2
rcl edx, 1
:00405B2A D1D6
rcl esi, 1
:00405B2C D1D7
rcl edi, 1
:00405B2E 39EF
cmp edi, ebp
:00405B30
720B jb 00405B3D
:00405B32
7704 ja 00405B38
:00405B34
39DE cmp
esi, ebx
:00405B36 7205
jb 00405B3D
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405B32(C)
|
:00405B38
29DE sub
esi, ebx
:00405B3A 19EF
sbb edi, ebp
:00405B3C 40
inc eax
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00405B30(C),
:00405B36(C)
|
:00405B3D E2E7
loop 00405B26
:00405B3F 5B
pop ebx
:00405B40 F7C301000000
test ebx, 00000001
:00405B46 7407
je 00405B4F
:00405B48
F7DA neg
edx
:00405B4A F7D8
neg eax
:00405B4C 83DA00
sbb edx, 00000000
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00405B46(C),
:00405B5A(U)
|
:00405B4F 5F
pop edi
:00405B50 5E
pop esi
:00405B51 5B
pop ebx
:00405B52
5D pop
ebp
:00405B53 C20800
ret 0008
* Referenced
by a (U)nconditional or (C)onditional Jump at Addresses:
|:00405AF8(C), :00405AFC(C)
|
:00405B56
F7F3 div
ebx
:00405B58 31D2
xor edx, edx
:00405B5A EBF3
jmp 00405B4F
:00405B5C C3
ret
---------------------------------------------------
进入子运算CALL
2: call 00405AC0
*
Referenced by a CALL at Addresses:
|:00405E95 , :00409F6F , :00409F89
, :00416318 , :00440B51
|:00500141 , :00500177
|
:00405AC0 52
push edx
:00405AC1 50
push eax
:00405AC2 8B442410
mov eax, dword ptr [esp+10]
:00405AC6
F72424 mul dword
ptr [esp]
:00405AC9 89C1
mov ecx, eax
:00405ACB 8B442404
mov eax, dword ptr [esp+04]
:00405ACF F764240C
mul [esp+0C]
:00405AD3 01C1
add ecx, eax
:00405AD5
8B0424 mov eax,
dword ptr [esp]
:00405AD8 F764240C
mul [esp+0C]
:00405ADC 01CA
add edx, ecx
:00405ADE 59
pop ecx
:00405ADF 59
pop
ecx
:00405AE0 C20800
ret 0008
---------------------------------------------------
进入子运算CALL
3: call 00405B60
*
Referenced by a CALL at Addresses:
|:00405C4A , :0041638B , :0050010B
, :00500146 , :0050017C
|
:00405B60 55
push ebp
:00405B61
53 push
ebx
:00405B62 56
push esi
:00405B63 57
push edi
:00405B64 31FF
xor edi, edi
:00405B66 8B5C2414
mov ebx, dword ptr [esp+14]
:00405B6A
8B4C2418 mov ecx, dword
ptr [esp+18]
:00405B6E 09C9
or ecx, ecx
:00405B70 7508
jne 00405B7A
:00405B72 09D2
or edx, edx
:00405B74
745D je 00405BD3
:00405B76
09DB or ebx,
ebx
:00405B78 7459
je 00405BD3
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405B70(C)
|
:00405B7A
09D2 or edx,
edx
:00405B7C 790A
jns 00405B88
:00405B7E F7DA
neg edx
:00405B80 F7D8
neg eax
:00405B82 83DA00
sbb edx, 00000000
:00405B85
83CF01 or edi, 00000001
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405B7C(C)
|
:00405B88
09C9 or ecx,
ecx
:00405B8A 7907
jns 00405B93
:00405B8C F7D9
neg ecx
:00405B8E F7DB
neg ebx
:00405B90 83D900
sbb ecx, 00000000
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405B8A(C)
|
:00405B93
89CD mov
ebp, ecx
:00405B95 B940000000 mov
ecx, 00000040
:00405B9A 57
push edi
:00405B9B 31FF
xor edi, edi
:00405B9D 31F6
xor esi, esi
:00405B9F
D1E0 shl
eax, 1
:00405BA1 D1D2
rcl edx, 1
:00405BA3 D1D6
rcl esi, 1
:00405BA5 D1D7
rcl edi, 1
:00405BA7 39EF
cmp edi, ebp
:00405BA9
720B jb 00405BB6
:00405BAB
7704 ja 00405BB1
:00405BAD
39DE cmp
esi, ebx
:00405BAF 7205
jb 00405BB6
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405BAB(C)
|
:00405BB1
29DE sub
esi, ebx
:00405BB3 19EF
sbb edi, ebp
:00405BB5 40
inc eax
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00405BA9(C),
:00405BAF(C)
|
:00405BB6 E2E7
loop 00405B9F
:00405BB8 89F0
mov eax, esi
:00405BBA 89FA
mov edx,
edi
:00405BBC 5B
pop ebx
:00405BBD F7C301000000
test ebx, 00000001
:00405BC3 7407
je 00405BCC
:00405BC5 F7DA
neg edx
:00405BC7 F7D8
neg eax
:00405BC9
83DA00 sbb edx,
00000000
* Referenced
by a (U)nconditional or (C)onditional Jump at Addresses:
|:00405BC3(C), :00405BD8(U)
|
:00405BCC
5F pop
edi
:00405BCD 5E
pop esi
:00405BCE 5B
pop ebx
:00405BCF 5D
pop ebp
:00405BD0 C20800
ret 0008
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00405B74(C),
:00405B78(C)
|
:00405BD3 F7F3
div ebx
:00405BD5 92
xchg eax,edx
:00405BD6 31D2
xor edx,
edx
:00405BD8 EBF2
jmp 00405BCC
:00405BDA C3
ret
—————————————————————————————————
【完 美 爆 破】:
005068D7
C60000 mov byte
ptr [eax], 00
改为: C60001
mov byte ptr [eax], 01 呵呵,与005068CD处相映成趣!
—————————————————————————————————
【注册信息保存】:
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\JuBa]
"RegNumOne"="5D7B911B"
"RegNumTwo"="1AC3AD53"
"JuBaPath"="E:\\试炼场\\新概念英语句霸\\"
—————————————————————————————————
【整 理】:
注册名:fly
申请码:58122273
注册码:5D7B911B-1AC3AD53
—————————————————————————————————
Cracked By 巢水工作坊——fly [OCN][FCG]
2003-04-19 12:44:24