下载页面:
http://www.skycn.com/soft/4671.html
软件大小:
261 KB
软件语言: 简体中文
软件类别: 国产软件 / 免费版 / 文件分割
应用平台: Win9x/NT/2000/XP
加入时间:
2002-06-29 14:49:01
下载次数: 40311
推荐等级: ****
开 发 商:
http://zlsoft.myetang.com/
【软件简介】:分割合并文件!
庖丁解牛却比其它同类软件智能得多,能最大限度的减少你操作的步骤。分割后会生成Link.bat文件,在没有安装“文件分割机”的电脑上也能轻松合并文件。为纯绿色软件。
【软件限制】:功能限制
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、PEiD、W32Dasm 9.0白金版
—————————————————————————————————
【过 程】:
庖丁解牛.exe
无壳。Borland Delphi 编写。
程序在启动时就已经悄悄的算好了注册码,如果等到注册时再拦截的话就只能看到注册码的比较,而无法分析算法了。所以在反汇编代码里查找蛛丝马迹,忽然看见 GetVolumeInformationA 函数,呵呵,我知道有门了。^O^^O^
呵呵,庖丁系列软件的《庖丁光盘管家》和《我的程序代码库》的算法应该和这个是一样的。
机器码:707E6D8D
试炼码:13572468
—————————————————————————————————
* Possible StringData Ref from Code Obj ->"c:\"
|
:00469AE5 68CCA64600
push 0046A6CC
*
Reference To: kernel32.GetVolumeInformationA, Ord:0000h
|
:00469AEA E8BDCEF9FF
Call 004069AC
====>呵呵,取我的硬盘序列号
:00469AEF
A1D8284700 mov eax, dword ptr
[004728D8]
====>EAX=211C1E09
:00469AF4
3584736251 xor eax, 51627384
====>EAX=211C1E09 XOR 51627384=707E6D8D
:00469AF9
33D2 xor
edx, edx
:00469AFB 8945D0
mov dword ptr [ebp-30], eax
====>[ebp-30]=EAX=707E6D8D
这就是显示的机器码
:00469AFE
8955D4 mov dword
ptr [ebp-2C], edx
:00469B01 FF75D4
push [ebp-2C]
:00469B04 FF75D0
push [ebp-30]
:00469B07 8D9564FEFFFF
lea edx, dword ptr [ebp+FFFFFE64]
:00469B0D
B808000000 mov eax, 00000008
:00469B12
E8F1EAF9FF call 00408608
:00469B17
8B9564FEFFFF mov edx, dword ptr [ebp+FFFFFE64]
====>EDX=707E6D8D
:00469B1D
B8D0284700 mov eax, 004728D0
:00469B22
E8FD9FF9FF call 00403B24
:00469B27
FF75D4 push [ebp-2C]
:00469B2A
FF75D0 push [ebp-30]
:00469B2D
8B45D0 mov eax,
dword ptr [ebp-30]
:00469B30 8B55D4
mov edx, dword ptr [ebp-2C]
:00469B33 E8C0C7F9FF
call 004062F8
====>此CALL求707E6D8D * 707E6D8D!进入!
:00469B38
52 push
edx
====>EDX=316EDE4B
:00469B39
50 push
eax
====>EAX=65AD5FA9
:00469B3A
8D45DC lea eax,
dword ptr [ebp-24]
:00469B3D E892EAF9FF
call 004085D4
====>将316EDE4B65AD5FA9转化为10进制值
:00469B42
8D8560FEFFFF lea eax, dword ptr [ebp+FFFFFE60]
====>EAX=3562028770706415529
:00469B48
50 push
eax
:00469B49 8B45DC
mov eax, dword ptr [ebp-24]
:00469B4C E8FFA1F9FF
call 00403D50
====>求3562028770706415529的位数
19位
:00469B51
8BD0 mov
edx, eax
====>EDX=EAX=13
:00469B53
83EA08 sub edx,
00000008
====>EDX=13 - 8=B
:00469B56
B908000000 mov ecx, 00000008
:00469B5B
8B45DC mov eax,
dword ptr [ebp-24]
====>EAX=3562028770706415529
:00469B5E
E8F5A3F9FF call 00403F58
====>此CALL取3562028770706415529的11-18位!
:00469B63
8B8560FEFFFF mov eax, dword ptr [ebp+FFFFFE60]
====>EAX=70641552
取得的11-18位
:00469B69
E816EBF9FF call 00408684
====>求70641552的16进制值=0435E790
:00469B6E
8945D0 mov dword
ptr [ebp-30], eax
====>EAX=0435E790
:00469B71
8955D4 mov dword
ptr [ebp-2C], edx
:00469B74 A1D8284700
mov eax, dword ptr [004728D8]
====>EAX=211C1E09
硬盘序列号
:00469B79
33D2 xor
edx, edx
:00469B7B 3345D0
xor eax, dword ptr [ebp-30]
====>EAX=211C1E09
XOR 0435E790=2529F999
:00469B7E
3355D4 xor edx,
dword ptr [ebp-2C]
:00469B81 8945D0
mov dword ptr [ebp-30], eax
:00469B84 8955D4
mov dword ptr [ebp-2C], edx
:00469B87
8D45DC lea eax,
dword ptr [ebp-24]
:00469B8A 50
push eax
:00469B8B FF75D4
push [ebp-2C]
:00469B8E FF75D0
push [ebp-30]
:00469B91 8D855CFEFFFF
lea eax, dword ptr [ebp+FFFFFE5C]
====>EAX=2529F999
:00469B97
E838EAF9FF call 004085D4
====>将2529F999转化为10进制值623507865
:00469B9C
8B855CFEFFFF mov eax, dword ptr [ebp+FFFFFE5C]
====>EAX=623507865
:00469BA2
E8A9A1F9FF call 00403D50
====>取623507865长度
:00469BA7
83E808 sub eax,
00000008
====>EAX=9 - 8=1
:00469BAA
50 push
eax
:00469BAB FF75D4
push [ebp-2C]
:00469BAE FF75D0
push [ebp-30]
:00469BB1 8D8558FEFFFF
lea eax, dword ptr [ebp+FFFFFE58]
:00469BB7 E818EAF9FF
call 004085D4
:00469BBC 8B8558FEFFFF
mov eax, dword ptr [ebp+FFFFFE58]
====>EAX=623507865
:00469BC2
B908000000 mov ecx, 00000008
:00469BC7
5A pop
edx
:00469BC8 E88BA3F9FF call
00403F58
====>取623507865的前8位数字!
:00469BCD
B8D4284700 mov eax, 004728D4
:00469BD2
8B55DC mov edx,
dword ptr [ebp-24]
====>EDX=62350786
呵呵,这就是注册码了!
—————————————————————————————————
进入乘法CALL:00469B33 call 004062F8
*
Referenced by a CALL at Addresses:
|:00405214 , :00408B07 , :00408B21
, :00469B33
|
:004062F8 52
push edx
:004062F9 50
push eax
:004062FA
8B442410 mov eax, dword
ptr [esp+10]
:004062FE F72424
mul dword ptr [esp]
:00406301 8BC8
mov ecx, eax
:00406303 8B442404
mov eax, dword ptr [esp+04]
====>EAX=707E6D8D
:00406307
F764240C mul [esp+0C]
====>EAX=707E6D8D * 707E6D8D=65AD5FA9
====>EDX=316EDE4B
进位入EDX
:0040630B
03C8 add
ecx, eax
:0040630D 8B0424
mov eax, dword ptr [esp]
:00406310 F764240C
mul [esp+0C]
:00406314 03D1
add edx, ecx
:00406316
59 pop
ecx
:00406317 59
pop ecx
:00406318 C20800
ret 0008
—————————————————————————————————
注册时的比较:
:0046ED00
55 push
ebp
:0046ED01 8BEC
mov ebp, esp
:0046ED03 6A00
push 00000000
:0046ED05 6A00
push 00000000
:0046ED07
6A00 push
00000000
:0046ED09 53
push ebx
:0046ED0A 56
push esi
:0046ED0B 8BD8
mov ebx, eax
:0046ED0D
33C0 xor
eax, eax
:0046ED0F 55
push ebp
:0046ED10 683CEE4600
push 0046EE3C
:0046ED15 64FF30
push dword ptr fs:[eax]
:0046ED18 648920
mov dword ptr fs:[eax],
esp
:0046ED1B 8D55FC
lea edx, dword ptr [ebp-04]
:0046ED1E 8B8348040000
mov eax, dword ptr [ebx+00000448]
:0046ED24 E8C3DDFBFF
call 0042CAEC
====>取得试炼码
:0046ED29
8B45FC mov eax,
dword ptr [ebp-04]
====>EAX=13572468
:0046ED2C
8B15D4284700 mov edx, dword ptr [004728D4]
====>EDX=62350786
:0046ED32
E82951F9FF call 00403E60
====>比较CALL!
:0046ED37
7413 je 0046ED4C
====>不跳则OVER!
:0046ED39
8B8348040000 mov eax, dword ptr [ebx+00000448]
:0046ED3F
8B10 mov
edx, dword ptr [eax]
:0046ED41 FF92B0000000
call dword ptr [edx+000000B0]
:0046ED47 E9CD000000
jmp 0046EE19
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046ED37(C)
|
:0046ED4C
B201 mov
dl, 01
:0046ED4E A160674600 mov
eax, dword ptr [00466760]
:0046ED53 E8087BFFFF
call 00466860
:0046ED58 8BF0
mov esi, eax
:0046ED5A BA02000080
mov edx, 80000002
:0046ED5F
8BC6 mov
eax, esi
:0046ED61 E89A7BFFFF call
00466900
:0046ED66 33C9
xor ecx, ecx
====>下面写注册信息
* Possible StringData Ref from Code
Obj ->"\software\庖丁解牛"
|
:0046ED68
BA54EE4600 mov edx, 0046EE54
:0046ED6D
8BC6 mov
eax, esi
:0046ED6F E8D07CFFFF call
00466A44
:0046ED74 84C0
test al, al
:0046ED76 751A
jne 0046ED92
*
Possible StringData Ref from Code Obj ->"\software\庖丁解牛"
|
:0046ED78 BA54EE4600
mov edx, 0046EE54
:0046ED7D 8BC6
mov eax, esi
:0046ED7F E8E47BFFFF
call 00466968
:0046ED84 33C9
xor ecx,
ecx
* Possible StringData
Ref from Code Obj ->"\software\庖丁解牛"
|
:0046ED86 BA54EE4600 mov
edx, 0046EE54
:0046ED8B 8BC6
mov eax, esi
:0046ED8D E8B27CFFFF
call 00466A44
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046ED76(C)
|
:0046ED92
8D55F8 lea edx,
dword ptr [ebp-08]
:0046ED95 8B8348040000
mov eax, dword ptr [ebx+00000448]
:0046ED9B E84CDDFBFF
call 0042CAEC
:0046EDA0 8B4DF8
mov ecx, dword ptr [ebp-08]
*
Possible StringData Ref from Code Obj ->"注册码"
|
:0046EDA3 BA70EE4600
mov edx, 0046EE70
:0046EDA8 8BC6
mov eax, esi
:0046EDAA E8D980FFFF
call 00466E88
:0046EDAF 8BC6
mov eax, esi
:0046EDB1
E81A7BFFFF call 004668D0
:0046EDB6
8BC6 mov
eax, esi
:0046EDB8 E84B40F9FF call
00402E08
:0046EDBD B201
mov dl, 01
:0046EDBF 8B8360040000
mov eax, dword ptr [ebx+00000460]
:0046EDC5 E83ADCFBFF
call 0042CA04
:0046EDCA 8B15D0284700
mov edx, dword ptr [004728D0]
:0046EDD0
8B8378040000 mov eax, dword ptr [ebx+00000478]
:0046EDD6
E841DDFBFF call 0042CB1C
:0046EDDB
8B15D4284700 mov edx, dword ptr [004728D4]
:0046EDE1
8B837C040000 mov eax, dword ptr [ebx+0000047C]
:0046EDE7
E830DDFBFF call 0042CB1C
:0046EDEC
8D55F4 lea edx,
dword ptr [ebp-0C]
:0046EDEF A114104700
mov eax, dword ptr [00471014]
:0046EDF4 8B00
mov eax, dword ptr [eax]
:0046EDF6
E815B9FDFF call 0044A710
:0046EDFB
8D45F4 lea eax,
dword ptr [ebp-0C]
*
Possible StringData Ref from Code Obj ->" 已注册版"
====>呵呵,胜利女神!
|
:0046EDFE
BA80EE4600 mov edx, 0046EE80
:0046EE03
E8504FF9FF call 00403D58
:0046EE08
8B55F4 mov edx,
dword ptr [ebp-0C]
:0046EE0B 8BC3
mov eax, ebx
:0046EE0D E80ADDFBFF
call 0042CB1C
:0046EE12 C605DC28470001
mov byte ptr [004728DC], 01
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046ED47(U)
|
:0046EE19
33C0 xor
eax, eax
:0046EE1B 5A
pop edx
:0046EE1C 59
pop ecx
:0046EE1D 59
pop ecx
:0046EE1E
648910 mov dword
ptr fs:[eax], edx
:0046EE21 6843EE4600
push 0046EE43
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046EE41(U)
|
:0046EE26
8D45F4 lea eax,
dword ptr [ebp-0C]
:0046EE29 E8A24CF9FF
call 00403AD0
:0046EE2E 8D45F8
lea eax, dword ptr [ebp-08]
:0046EE31 BA02000000
mov edx, 00000002
:0046EE36
E8B94CF9FF call 00403AF4
:0046EE3B
C3 ret
—————————————————————————————————
【KeyMake之内存注册机】:
中断地址:0046ED32
中断次数:1
第一字节:E8
指令长度:5
内存方式:EDX
—————————————————————————————————
【注册信息保存】:
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\庖丁解牛]
"注册码"="62350786"
呵呵,本注册码可以一并注册我机子上的《庖丁光盘管家》和《我的程序代码库》。
—————————————————————————————————
【整 理】:
机器码:707E6D8D
注册码:62350786
—————————————————————————————————
, _/
/| _.-~/
\_ , 青春都一饷
( /~ / \~-._
|\
`\\ _/
\ ~\ ) 忍把浮名
_-~~~-.) )__/;;,. \_ //'
/'_,\ --~ \ ~~~- ,;;\___( (.-~~~-.
换了破解轻狂
`~ _( ,_..--\ ( ,;'' /
~-- /._`\
/~~//' /' `~\
) /--.._, )_ `~
" `~" "
`" /~'`\ `\\~~\
"
" "~' ""
Cracked By 巢水工作坊——fly [OCN][FCG]
2003-04-21 4:00