破解软件:CHMaker
V2.88版
文件大小:806KB
使用平台:Win9x/Me/NT/2000
破解难度:易
破解工具:FI2.5,Ollydbg1.09,Procdump,TRW1.22,Guw32
软件说明:真正的傻瓜式E书工具,做一部电子书最少只要点击六次,而且有两次是在资源管理器中!以前曾有很多用户说不懂CHM的基础知识,不懂什么主题、索引,因而仅管有CHM帮助编辑器,还是做不出满意的E书。现在可好解决了,只要您知道怎么用属标,你就能做出一部E书!
软件下载:gt.onlinedown.net
作者声明:初学破解,仅作技术交流。欢迎指正!
都说OD好用,我也来试一试,正好下得这个软件,就拿它开刀了。FI2.5侦测,为UPX1.2的壳,Guw脱壳,运行,出错!哎,我对脱壳一窍不通,怎么办,用Prodump试试,OK!先用TRW跟踪一下,拷!居然还有一层UPX1.0的壳(用FI侦测不出来,不知何故?),再脱,Guw、Prodump都不行,唉!我又不会手工脱,怎么办,难道又要用TRW?!不抱希望的浏览了一下OD反编译出来的代码,等等!有门!有点意思!
请看如下代码:
00490019
. E8 E23EF7FF CALL 1.00403F00
<---取机器码,返回值在SS:[EBP-144]中
我的为"43341-9751825280-59520"
0049001E . 8B95 BCFEFFFF MOV
EDX, DWORD PTR SS:[EBP-144]
00490024 . A1 EC2F4900
MOV EAX, DWORD PTR DS:[492FEC]
00490029 . 8B00
MOV EAX, DWORD PTR
DS:[EAX]
0049002B . 8B80 98060000 MOV EAX, DWORD
PTR DS:[EAX+698]
00490031 . E8 0E1EFAFF CALL
1.00431E44
<---将机器码的3部分连接成一个字串
00490036 . 8B45 F0 MOV
EAX, DWORD PTR SS:[EBP-10]
<---EAX="43341975182528059520"
00490039 . E8 023EF7FF
CALL 1.00403E40
<---取连接后的字串位数
0049003E . 83F8 04
CMP EAX, 4
<---比较位数是否小于4,怎么会呢?
00490041 . /0F8C 4C010000 JL
1.00490193
00490047 . |8945 D8 MOV
DWORD PTR SS:[EBP-28], EAX
0049004A > |8D85 ACFEFFFF
LEA EAX, DWORD PTR SS:[EBP-154]
00490050 . |50
PUSH EAX
00490051 . |B9
01000000 MOV ECX, 1 <ECX=1
00490056 .
|8B55 D8 MOV EDX, DWORD PTR
SS:[EBP-28]
<---SS:[EBP-28]中为连接后字串位数
00490059 . |8B45 F0
MOV EAX, DWORD PTR SS:[EBP-10]
<---看到上面的[EBP-10]了吧
0049005C . |E8
E73FF7FF CALL 1.00404048
<---取连接后字串的第1位,这个Call
后面还会用到,其实从字串中第EDX位
取ECX个数, 注意一下下面Call之前的EDX值
00490061 . |FFB5 ACFEFFFF PUSH
DWORD PTR SS:[EBP-154]
00490067 . |8D85 A8FEFFFF LEA
EAX, DWORD PTR SS:[EBP-158]
0049006D . |50
PUSH EAX
0049006E . |8B55 D8
MOV EDX, DWORD PTR SS:[EBP-28]
<---[EBP-28]同上
00490071 .
|4A DEC EDX
<---EDX=EDX-1
00490072 . |B9 01000000 MOV ECX,
1 <---ECX=1
00490077 . |8B45 F0 MOV
EAX, DWORD PTR SS:[EBP-10]
<---[EBP-10]同上
0049007A . |E8 C93FF7FF CALL 1.00404048
<---取字串的倒数第2位
0049007F .
|FFB5 A8FEFFFF PUSH DWORD PTR SS:[EBP-158]
00490085 .
|8D85 A4FEFFFF LEA EAX, DWORD PTR SS:[EBP-15C]
0049008B
. |50 PUSH EAX
0049008C
. |8B55 D8 MOV EDX, DWORD PTR
SS:[EBP-28]
<---[EBP-28]中为字串位数
0049008F . |83EA 02
SUB EDX, 2 <---EDX=EDX-2
00490092 . |B9
01000000 MOV ECX, 1
00490097 . |8B45 F0
MOV EAX, DWORD PTR SS:[EBP-10]
<---[EBP-10]中为连接后的字串
0049009A
. |E8 A93FF7FF CALL 1.00404048
<---取字串的倒数第3位
0049009F . |FFB5
A4FEFFFF PUSH DWORD PTR SS:[EBP-15C]
004900A5 . |8D85
A0FEFFFF LEA EAX, DWORD PTR SS:[EBP-160]
004900AB . |50
PUSH EAX
004900AC
. |8B55 D8 MOV EDX, DWORD PTR
SS:[EBP-28]
004900AF . |83EA 03 SUB
EDX, 3 <---EDX=EDX-3
004900B2 . |B9 01000000 MOV
ECX, 1
004900B7 . |8B45 F0 MOV
EAX, DWORD PTR SS:[EBP-10]
004900BA . |E8 893FF7FF
CALL 1.00404048
<---取字串的倒数第4位
004900BF . |FFB5 A0FEFFFF PUSH
DWORD PTR SS:[EBP-160]
004900C5 . |8D45 EC
LEA EAX, DWORD PTR SS:[EBP-14]
004900C8 . |BA 04000000
MOV EDX, 4
004900CD . |E8 2E3EF7FF CALL
1.00403F00
<---将取出后的字串倒序后存在
[EBP-14]中,我的为"0259"
此处循环16次,以后取得的字串依次为2595
5950 9508 5082 0821 8212 2128 1281 2815 8157 1579 5791 7914 9143 1433 4334
004900D2 . |33C0 XOR
EAX, EAX
004900D4 . |55
PUSH EBP
004900D5 . |68 F5004900 PUSH
1.004900F5
004900DA . |64:FF30 PUSH
DWORD PTR FS:[EAX]
004900DD . |64:8920 MOV
DWORD PTR FS:[EAX], ESP
004900E0 . |8B45 EC
MOV EAX, DWORD PTR SS:[EBP-14]
004900E3 .
|E8 C48AF7FF CALL 1.00408BAC
<---Dec转Hex
004900E8 . |8945 D4
MOV DWORD PTR SS:[EBP-2C], EAX
<---EAX=0103,为0259转换成Hex后的值
此处循环16次,以后得的值依次为2595--->0A23
5950--->173E 9508--->2524
5082--->13DA 0821--->0335
8212--->2014 2128--->0850 1281--->0501
2815--->0AFF
8157--->1FDD 1579--->062B 5791--->169F
7914--->1EEA
9143--->23B7 1433--->0599 4334--->10EE
004900EB . |33C0 XOR
EAX, EAX
004900ED . |5A
POP EDX
004900EE . |59
POP ECX
004900EF . |59
POP ECX
004900F0 .
|64:8910 MOV DWORD PTR FS:[EAX],
EDX
004900F3 . |EB 14 JMP
SHORT 1.00490109
004900F5 .-|E9 AA32F7FF JMP
1.004033A4
004900FA . |E8 0136F7FF CALL
1.00403700
004900FF . |E9 82000000 JMP
1.00490186
00490104 . |E8 F735F7FF CALL
1.00403700
00490109 > |8B45 D4 MOV
EAX, DWORD PTR SS:[EBP-2C]
<---EAX中为Dec转换为Hex的值
0049010C . |B9 4F000000
MOV ECX, 4F <---ECX=4F
00490111 . |99
CDQ
00490112 . |F7F9
IDIV ECX
00490114 . |8955 D4
MOV DWORD PTR SS:[EBP-2C], EDX
EDX=EAX mod ECX
=16
此处循环16次,以后依次得到的值为43 19 1C 1A 1F 4B 4A 11 32 14 4E 18 0E 3A 0B
44
00490117 . |837D D4 00 CMP DWORD PTR
SS:[EBP-2C], 0
<---比较余数是否为0
0049011B . |75 06
JNZ SHORT 1.00490123
0049011D . |8B45 D8
MOV EAX, DWORD PTR SS:[EBP-28]
00490120 . |8945
D4 MOV DWORD PTR SS:[EBP-2C], EAX
00490123
> |8D45 E8 LEA EAX, DWORD PTR
SS:[EBP-18]
00490126 . |50
PUSH EAX
00490127 . |B9 01000000 MOV
ECX, 1
0049012C . |8B55 D4 MOV
EDX, DWORD PTR SS:[EBP-2C]
<---[EBP-2C]中为上面除得的余数值
0049012F . |8B45 DC
MOV EAX, DWORD PTR SS:[EBP-24]
<---[EBP-24]中为一字符串"Q2lA5rM6zI7sK8eO9aL2wP3q3pZ4mW5V5vT6gG7y9iC2bR3hF4uB8cY9fH2tN3kS6oX7nE8jDxU4dJ"
00490132
. |E8 113FF7FF CALL 1.00404048
<---取上面字串的第EDX位,和前面取得的字符连接
在一起,最后得到"PX34-p52h-d2Jq-8H77",真码
00490137
. |8B45 E4 MOV EAX, DWORD PTR
SS:[EBP-1C]
0049013A . |E8 013DF7FF CALL
1.00403E40
<---取连接后字串的位数
0049013F . |8BC8
MOV ECX, EAX
00490141 . |85C9
TEST ECX, ECX
00490143 . |75 0D
JNZ SHORT 1.00490152
00490145 .
|8D45 E4 LEA EAX, DWORD PTR
SS:[EBP-1C]
00490148 . |8B55 E8 MOV
EDX, DWORD PTR SS:[EBP-18]
0049014B . |E8 083BF7FF CALL
1.00403C58
00490150 . |EB 34 JMP
SHORT 1.00490186
00490152 > |8D41 01
LEA EAX, DWORD PTR DS:[ECX+1] <EAX=ECX+1
00490155
. |B9 05000000 MOV ECX, 5
<---ECX=5
0049015A . |99
CDQ
0049015B . |F7F9 IDIV
ECX
0049015D . |85D2
TEST EDX, EDX
<---判断是否已取到4个字符
0049015F . |75 1A
JNZ SHORT 1.0049017B
00490161 . |FF75 E4
PUSH DWORD PTR SS:[EBP-1C]
<---[EBP-1C]中为连接后的字符串
00490164 .
|68 F0074900 PUSH 1.004907F0
00490169 . |FF75 E8
PUSH DWORD PTR SS:[EBP-18]
0049016C
. |8D45 E4 LEA EAX, DWORD PTR
SS:[EBP-1C]
0049016F . |BA 03000000 MOV EDX, 3
<---EDX=3
00490174 . |E8 873DF7FF CALL
1.00403F00
00490179 . |EB 0B JMP
SHORT 1.00490186
0049017B > |8D45 E4
LEA EAX, DWORD PTR SS:[EBP-1C]
0049017E . |8B55
E8 MOV EDX, DWORD PTR SS:[EBP-18]
00490181
. |E8 C23CF7FF CALL 1.00403E48
00490186
> |FF4D D8 DEC DWORD PTR SS:[EBP-28]
<---1轮大循环结束后[EBP-28]中的值(连接字串位数)减1
00490189 . |837D D8 03
CMP DWORD PTR SS:[EBP-28], 3
<---比较是否取完16个字串
0049018D .^|0F85
B7FEFFFF JNZ 1.0049004A
00490193 > \8D45 E0
LEA EAX, DWORD PTR SS:[EBP-20]
00490196 .
8B55 E4 MOV EDX, DWORD PTR
SS:[EBP-1C]
<---[EBP-1C]中是什么呢,见上
00490199 . E8 BA3AF7FF CALL
1.00403C58
0049019E . 8D45 D0
LEA EAX, DWORD PTR SS:[EBP-30]
004901A1 . 50
PUSH EAX
; /pHandle = 006FFA18
004901A2 . 68 F4074900
PUSH 1.004907F4
; |Subkey =
"Software\\Microsoft\\Windows\\CurrentVersion"
004901A7 . 68
02000080 PUSH 80000002
; |hKey =
HKEY_LOCAL_MACHINE
004901AC . E8 3F6AF7FF CALL
<JMP.&ADVAPI32.RegCreateKeyA> ;
\RegCreateKeyA
004901B1 . 837D F8 00 CMP
DWORD PTR SS:[EBP-8], 0
004901B5 /0F84 55010000 JE
1.00490310
004901BB . |8B45 F8
MOV EAX, DWORD PTR SS:[EBP-8]
<---[EBP-8]中为我们输入的假码
004901BE . |BA
28084900 MOV EDX, 1.00490828
<---00490328中为固定串"9I94-AXw2-29MU-w2R6"
004901C3 . |E8
883DF7FF CALL 1.00403F50
<---比较输入的是否与固定串相等
004901C8 |75 0B
JNZ SHORT 1.004901D5
<---关键判断1
004901CA . |8D45 F8 LEA
EAX, DWORD PTR SS:[EBP-8]
<---EAX中为输入的固定串"9I94-AXw2-29MU-w2R6"
004901CD . |8B55 E4
MOV EDX, DWORD PTR SS:[EBP-1C]
<---EDX中为真码
004901D0 . |E8
833AF7FF CALL 1.00403C58
<---交换EAX和EDX中的值,很关键哦!这样从这往下
走后[EBP-8]中就为真码了,即固定串为通用注册码
004901D5 >
|8B45 F8 MOV EAX, DWORD PTR
SS:[EBP-8]
<---[EBP-8]中为我们输入的假码
004901D8 . |E8 633CF7FF CALL
1.00403E40
<---取假码位数
004901DD . |8BD8
MOV EBX, EAX
004901DF . |8B45 E4
MOV EAX, DWORD PTR SS:[EBP-1C]
<---[EBP-1C]中为根据机器码算得的真码
004901E2 . |E8
593CF7FF CALL 1.00403E40
<---取真码位数
004901E7 . |3BD8
CMP EBX, EAX
<---真假码位数比较
004901E9 . |0F85 46050000 JNZ
1.00490735 <---关键判断2
004901EF . |8B45 E4
MOV EAX, DWORD PTR SS:[EBP-1C]
004901F2 . |E8
493CF7FF CALL 1.00403E40
004901F7 . |8BD8
MOV EBX, EAX
004901F9 . |85DB
TEST EBX, EBX
004901FB
. |7E 54 JLE SHORT
1.00490251
004901FD . |C745 D8 01000>MOV DWORD PTR
SS:[EBP-28], 1
00490204 > |8D85 9CFEFFFF LEA EAX,
DWORD PTR SS:[EBP-164]
0049020A . |50
PUSH EAX
0049020B . |B9 01000000 MOV
ECX, 1
00490210 . |8B55 D8 MOV
EDX, DWORD PTR SS:[EBP-28]
00490213 . |8B45 F8
MOV EAX, DWORD PTR SS:[EBP-8]
00490216 .
|E8 2D3EF7FF CALL 1.00404048
<---这个Call在前面解释过了,按位取假码
0049021B . |8B85
9CFEFFFF MOV EAX, DWORD PTR SS:[EBP-164]
00490221 . |50
PUSH EAX
00490222
. |8D85 98FEFFFF LEA EAX, DWORD PTR
SS:[EBP-168]
00490228 . |50
PUSH EAX
00490229 . |B9 01000000 MOV
ECX, 1
0049022E . |8B55 D8 MOV
EDX, DWORD PTR SS:[EBP-28]
00490231 . |8B45 E4
MOV EAX, DWORD PTR SS:[EBP-1C]
00490234 . |E8
0F3EF7FF CALL 1.00404048
<---同上,按位取真码
00490239 . |8B95 98FEFFFF MOV
EDX, DWORD PTR SS:[EBP-168]
0049023F . |58
POP EAX
00490240 . |E8
0B3DF7FF CALL 1.00403F50 <---真假码比较
00490245 .
|0F85 EA040000 JNZ 1.00490735 <---关键判断3
0049024B .
|FF45 D8 INC DWORD PTR
SS:[EBP-28]
0049024E . |4B
DEC EBX
0049024F .^|75 B3
JNZ SHORT 1.00490204
00490251 > |8D45 EC
LEA EAX, DWORD PTR SS:[EBP-14]
00490254
. |E8 6739F7FF CALL 1.00403BC0
00490259 .
|8B45 F8 MOV EAX, DWORD PTR
SS:[EBP-8]
0049025C . |E8 DF3BF7FF CALL
1.00403E40
00490261 . |83F8 01 CMP
EAX, 1
00490264 . |7C 31 JL
SHORT 1.00490297
00490266 . |8945 D8
MOV DWORD PTR SS:[EBP-28], EAX
00490269 > |8D85
94FEFFFF LEA EAX, DWORD PTR SS:[EBP-16C]
0049026F . |50
PUSH EAX
00490270
. |B9 01000000 MOV ECX, 1
00490275 . |8B55
D8 MOV EDX, DWORD PTR SS:[EBP-28]
00490278
. |8B45 F8 MOV EAX, DWORD PTR
SS:[EBP-8]
0049027B . |E8 C83DF7FF CALL
1.00404048
00490280 . |8B95 94FEFFFF MOV EDX,
DWORD PTR SS:[EBP-16C]
00490286 . |8D45 EC LEA
EAX, DWORD PTR SS:[EBP-14]
00490289 . |E8 BA3BF7FF
CALL 1.00403E48
0049028E . |FF4D D8
DEC DWORD PTR SS:[EBP-28]
00490291 . |837D D8 00
CMP DWORD PTR SS:[EBP-28], 0
00490295 .^|75
D2 JNZ SHORT 1.00490269
00490297
> |8B45 EC MOV EAX, DWORD PTR
SS:[EBP-14]
0049029A . |E8 A13BF7FF CALL
1.00403E40
0049029F . |50
PUSH EAX
004902A0 . |8B45 EC
MOV EAX, DWORD PTR SS:[EBP-14]
004902A3 . |E8 5C3DF7FF
CALL 1.00404004
004902A8 . |50
PUSH EAX
;
|Buffer = 00C630B0
004902A9 . |6A 01 PUSH
1
; |valueType =
REG_SZ
004902AB . |6A 00 PUSH
0
; |Reserved = 0
004902AD .
|68 3C084900 PUSH 1.0049083C
; |valueName =
"ProducuID"
004902B2 . |8B45 D0 MOV
EAX, DWORD PTR SS:[EBP-30] ; |
004902B5 . |50
PUSH EAX
; |hKey = C630B0
004902B6 . |E8 5D69F7FF CALL
<JMP.&ADVAPI32.RegSetvalueExA> ;
\RegSetvalueExA
004902BB . |A1 EC2F4900 MOV EAX,
DWORD PTR DS:[492FEC]
004902C0 . |8B00
MOV EAX, DWORD PTR DS:[EAX]
004902C2 . |8B80
64030000 MOV EAX, DWORD PTR DS:[EAX+364]
004902C8 . |B2
01 MOV DL, 1
004902CA .
|8B08 MOV ECX, DWORD PTR
DS:[EAX]
004902CC . |FF51 5C CALL
DWORD PTR DS:[ECX+5C]
004902CF . |A1 EC2F4900 MOV
EAX, DWORD PTR DS:[492FEC]
004902D4 . |8B00
MOV EAX, DWORD PTR DS:[EAX]
004902D6
. |8B80 D4020000 MOV EAX, DWORD PTR DS:[EAX+2D4]
004902DC
. |B2 01 MOV DL, 1
004902DE
. |8B08 MOV ECX, DWORD
PTR DS:[EAX]
004902E0 . |FF51 5C CALL
DWORD PTR DS:[ECX+5C]
004902E3 . |A1 EC2F4900 MOV
EAX, DWORD PTR DS:[492FEC]
004902E8 . |8B00
MOV EAX, DWORD PTR DS:[EAX]
004902EA
. |8B80 38030000 MOV EAX, DWORD PTR DS:[EAX+338]
004902F0
. |B2 01 MOV DL, 1
004902F2
. |8B08 MOV ECX, DWORD
PTR DS:[EAX]
004902F4 . |FF51 5C CALL
DWORD PTR DS:[ECX+5C]
004902F7 . |A1 EC2F4900 MOV
EAX, DWORD PTR DS:[492FEC]
004902FC . |8B00
MOV EAX, DWORD PTR DS:[EAX]
004902FE
. |8B80 D0020000 MOV EAX, DWORD PTR DS:[EAX+2D0]
00490304
. |33D2 XOR EDX,
EDX
00490306 . |E8 391BFAFF CALL
1.00431E44
0049030B . |E9 25040000 JMP
1.00490735
00490310 > \C745 D8 00010>MOV DWORD PTR
SS:[EBP-28], 100
00490310 > C745 D8 00010>MOV
DWORD PTR SS:[EBP-28], 100
00490317 . C745 D4
01000>MOV DWORD PTR SS:[EBP-2C], 1
0049031E .
8D45 D8 LEA EAX, DWORD PTR
SS:[EBP-28]
00490321 . 50
PUSH EAX
; /pBufSize =
C2A0C040
00490322 . 8D85 CFFEFFFF LEA EAX, DWORD
PTR SS:[EBP-131] ; |
00490328 . 50
PUSH EAX
; |Buffer = C2A0C040
00490329 . 8D45 D4
LEA EAX, DWORD PTR SS:[EBP-2C] ;
|
0049032C . 50 PUSH
EAX
; |pvalueType = C2A0C040
0049032D
. 6A 00 PUSH 0
; |Reserved = NULL
0049032F . 68
3C084900 PUSH 1.0049083C
; |valueName = "ProducuID"
00490334
. 8B45 D0 MOV EAX, DWORD PTR
SS:[EBP-30] ; |
00490337 . 50
PUSH EAX
;
|hKey = C2A0C040
00490338 . E8 CB68F7FF CALL
<JMP.&ADVAPI32.RegQueryvalueExA> ; \RegQueryvalueExA
0049033D
. 8D45 E8 LEA EAX, DWORD PTR
SS:[EBP-18]
00490340 . 8D95 CFFEFFFF LEA EDX,
DWORD PTR SS:[EBP-131]
00490346 . B9 01010000 MOV
ECX, 101
0049034B . E8 A03AF7FF CALL
1.00403DF0
00490350 . C745 D8 00010>MOV
DWORD PTR SS:[EBP-28], 100
00490357 . C745 D4 01000>MOV
DWORD PTR SS:[EBP-2C], 1
0049035E . 8D45 D8
LEA EAX, DWORD PTR SS:[EBP-28]
00490361 .
50 PUSH EAX
; /pBufSize = C2A0C040
00490362 . 8D85
CFFEFFFF LEA EAX, DWORD PTR SS:[EBP-131] ;
|
00490368 . 50 PUSH
EAX
; |Buffer = C2A0C040
00490369
. 8D45 D4 LEA EAX, DWORD PTR
SS:[EBP-2C] ; |
0049036C . 50
PUSH EAX
;
|pvalueType = C2A0C040
0049036D . 6A 00
PUSH 0
; |Reserved =
NULL
0049036F . 68 48084900 PUSH 1.00490848
;
|valueName = "ProducuKey"
00490374 . 8B45 D0
MOV EAX, DWORD PTR SS:[EBP-30] ;
|
00490377 . 50 PUSH
EAX
; |hKey = C2A0C040
00490378 .
E8 8B68F7FF CALL
<JMP.&ADVAPI32.RegQueryvalueExA> ; \RegQueryvalueExA
0049037D
. 8D45 E4 LEA EAX, DWORD PTR
SS:[EBP-1C]
00490380 . 8D95 CFFEFFFF LEA EDX,
DWORD PTR SS:[EBP-131]
00490386 . B9 01010000 MOV
ECX, 101
0049038B . E8 603AF7FF CALL
1.00403DF0
00490390 . E8 A799F7FF CALL
1.00409D3C
00490395 . 83C4 F8 ADD
ESP, -8
00490398 . DD1C24
FSTP QWORD PTR SS:[ESP]
0049039B . 9B
WAIT
0049039C . E8 4B8DF7FF
CALL 1.004090EC
004903A1 . 8BD8
MOV EBX, EAX
004903A3 .
80BD CFFEFFFF>CMP BYTE PTR SS:[EBP-131], 0
004903AA
. 75 6C JNZ SHORT
1.00490418
004903AC . 8BC3 MOV
EAX, EBX
004903AE . 33D2
XOR EDX, EDX
004903B0 . 52
PUSH EDX
004903B1 .
50 PUSH
EAX
004903B2 . 8D45 E8 LEA
EAX, DWORD PTR SS:[EBP-18]
004903B5 . E8 7E87F7FF
CALL 1.00408B38
004903BA . 8B45 E8
MOV EAX, DWORD PTR SS:[EBP-18]
004903BD .
E8 7E3AF7FF CALL 1.00403E40
004903C2 .
50 PUSH
EAX
004903C3 . 8B45 E8 MOV
EAX, DWORD PTR SS:[EBP-18]
004903C6 . E8 393CF7FF
CALL 1.00404004
004903CB . 8BD8
MOV EBX, EAX
; |
004903CD .
53 PUSH EBX
; |Buffer = 00000013
004903CE . 6A 01
PUSH 1
;
|valueType = REG_SZ
004903D0 . 6A 00
PUSH 0
; |Reserved =
0
004903D2 . 68 3C084900 PUSH 1.0049083C
;
|valueName = "ProducuID"
004903D7 . 8B45 D0
MOV EAX, DWORD PTR SS:[EBP-30] ;
|
004903DA . 50 PUSH
EAX
; |hKey = C2A0C040
004903DB .
E8 3868F7FF CALL
<JMP.&ADVAPI32.RegSetvalueExA> ;
\RegSetvalueExA
004903E0 . 8B45 E8 MOV
EAX, DWORD PTR SS:[EBP-18]
004903E3 . E8 583AF7FF
CALL 1.00403E40
004903E8 . 50
PUSH EAX
;
/BufSize = C2A0C040 (-1029652416.)
004903E9 . 53
PUSH EBX
;
|Buffer = 00000013
004903EA . 6A 01
PUSH 1
; |valueType =
REG_SZ
004903EC . 6A 00 PUSH
0
; |Reserved = 0
004903EE .
68 48084900 PUSH 1.00490848
; |valueName =
"ProducuKey"
004903F3 . 8B45 D0 MOV
EAX, DWORD PTR SS:[EBP-30] ; |
004903F6 .
50 PUSH EAX
; |hKey = C2A0C040
004903F7 . E8 1C68F7FF
CALL <JMP.&ADVAPI32.RegSetvalueExA> ;
\RegSetvalueExA
004903FC . A1 EC2F4900 MOV
EAX, DWORD PTR DS:[492FEC]
00490401 . 8B00
MOV EAX, DWORD PTR DS:[EAX]
00490403 .
8B80 D0020000 MOV EAX, DWORD PTR DS:[EAX+2D0]
00490409
. BA 5C084900 MOV EDX, 1.0049085C
; ASCII "Days(1/31)
UnRegistered "
0049040E . E8 311AFAFF CALL
1.00431E44
我也是看了楼哥发的每月话题的贴子后才想起用OD调试程序,第1次用感觉确实不错。以上疏忽之处在所难免,欢迎大家指正。
这个程序的算法不复杂,而且还有一个通用注册码"9I94-AXw2-29MU-w2R6",程序注册成功后将注册信息倒序后保存在
“HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion”中的ProducuID和ProducuKey中,有兴趣的话各位可自己跟一下看看。
-------------------------------------ShenGe-------------------------------------
照例贴个笑话轻松一下!
半杯牛奶
作者:zom
键盘边,不知什么人留下了半杯牛奶。。。
乐观主义者说:那杯子有一半是满的。
悲观主义者说:那杯子有一半是空的。
Pascal程序员说:它是整型还是浮点的?
C程序员说:我要直接对着牛奶罐喝。
汇编程序员说:我要直接对着奶牛喝。
Basicc程序员说:我还在哺乳期。
Prolog程序员说:我喝了,别问我怎么喝。
共享游戏软件作家说:这杯免费,下杯要付钱。
安全顾问说:剩下的那半杯在那儿?
版权保护的疯子说:有人免费喝了半杯!
自由软件基金会说:那是奶牛对全人类的贡献!
IBM说:从我们这里租杯子吧,我们会为你斟上我们认为最好的饮料。
微软说:剩下的市场份额已经不值得Microsoft牛奶占有了!