自动精灵 2.00 破解教程
【破解作者】 kyc[dfcg][czg]
【作者邮箱】 muyang008@163.com
【使用工具】 old1.10c
【破解平台】 win2003
【软件名称】 自动精灵 2.00
【下载地址】 http://free.angeltowns.com/ascn/index.htm
【软件简介】自动精灵是一款功能强大、精致美观、操作简便的计算机定时自动执行软件。她绝对是众多自动执行软件中最好的,
出色的设计使您的操作更加简便,每一项功能都为您精心打造。她必将成为您的贴心助手。
【软件大小】 705 KB
【加壳方式】 无壳
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
根据序列号错误
004ED4B9 |. 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
004ED4BB |. 68 98D64E00 push AutoStar.004ED698 ; |Title = "自动精灵"
004ED4C0 |. 68 A4D64E00 push AutoStar.004ED6A4 ; |Text = "注册码不能为空!请重新输入!"
004ED4C5 |. E8 9A9AF1FF call <jmp.&user32.GetActiveWindow> ; |[GetActiveWindow
004ED4CA |. 50 push eax ; |hOwner
004ED4CB |. E8 0C9DF1FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004ED4D0 |. 8B83 04030000 mov eax,dword ptr ds:[ebx+304]
004ED4D6 |. 8B10 mov edx,dword ptr ds:[eax]
004ED4D8 |. FF92 C4000000 call dword ptr ds:[edx+C4]
004ED4DE |. E9 71010000 jmp AutoStar.004ED654
004ED4E3 |> 8D55 F8 lea edx,dword ptr ss:[ebp-8]
004ED4E6 |. 8B83 04030000 mov eax,dword ptr ds:[ebx+304]
004ED4EC |. E8 D7A0F7FF call AutoStar.004675C8
004ED4F1 |. 8B55 F8 mov edx,dword ptr ss:[ebp-8]
004ED4F4 |. A1 5C1D4F00 mov eax,dword ptr ds:[4F1D5C]
004ED4F9 |. 8B00 mov eax,dword ptr ds:[eax]
004ED4FB |. E8 B4E1FFFF call AutoStar.004EB6B4 ; f7 关键算法
004ED500 |. 84C0 test al,al
004ED502 |. 0F84 1A010000 je AutoStar.004ED622
004ED508 |. 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
004ED50A |. 68 98D64E00 push AutoStar.004ED698 ; |Title = "自动精灵"
004ED50F |. 68 C4D64E00 push AutoStar.004ED6C4 ; |Text = "注册成功!
谢谢您的支持!"
004ED514 |. E8 4B9AF1FF call <jmp.&user32.GetActiveWindow> ; |[GetActiveWindow
004ED519 |. 50 push eax ; |hOwner
=============================================================================call AutoStar.004EB6B4
004EB6BB |. 53 push ebx
004EB6BC |. 56 push esi
004EB6BD |. 8BF2 mov esi,edx
004EB6BF |. 8BD8 mov ebx,eax
004EB6C1 |. 33C0 xor eax,eax
004EB6C3 |. 55 push ebp
004EB6C4 |. 68 21B74E00 push AutoStar.004EB721
004EB6C9 |. 64:FF30 push dword ptr fs:[eax]
004EB6CC |. 64:8920 mov dword ptr fs:[eax],esp
004EB6CF |. 8D55 FC lea edx,dword ptr ss:[ebp-4]
004EB6D2 |. 8BC3 mov eax,ebx
004EB6D4 |. E8 A3010000 call AutoStar.004EB87C
004EB6D9 |. 8D4D F8 lea ecx,dword ptr ss:[ebp-8]
004EB6DC |. 8B55 FC mov edx,dword ptr ss:[ebp-4] ; edx=code
004EB6DF |. 8BC3 mov eax,ebx
004EB6E1 |. E8 3E030000 call AutoStar.004EBA24 ; F7 关键算法
004EB6E6 |. 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004EB6E9 |. E8 8E8FF1FF call AutoStar.0040467C
004EB6EE |. 50 push eax
004EB6EF |. 8BC6 mov eax,esi
004EB6F1 |. E8 868FF1FF call AutoStar.0040467C
004EB6F6 |. 5A pop edx
004EB6F7 |. E8 B4DCF1FF call AutoStar.004093B0
004EB6FC |. 85C0 test eax,eax
004EB6FE |. 75 04 jnz short AutoStar.004EB704
004EB700 |. B3 01 mov bl,1
004EB702 |. EB 02 jmp short AutoStar.004EB706
===========================================================================call AutoStar.004EBA24
004EBA4B |. 8BD8 mov ebx,eax
004EBA4D |. 8BC3 mov eax,ebx ; EAX=JQM
004EBA4F |. B9 85000000 mov ecx,85 ; ecx=85h
004EBA54 |. 99 cdq ; 双字转换为四字指令
004EBA55 |. F7F9 idiv ecx ; jqm/85h
004EBA57 |. 69C0 AB000000 imul eax,eax,0AB ; eax*abh
004EBA5D |. 35 FDC85C02 xor eax,25CC8FD ; eax^25cc8fdh
004EBA62 |. 99 cdq ; 双字转换为四字指令
004EBA63 |. 33C2 xor eax,edx ; eax^JQM%85H
004EBA65 |. 2BC2 sub eax,edx ; eax-edx
004EBA67 |. 05 68C4AC07 add eax,7ACC468 ; eax+7acc468h
004EBA6C |. 8BD8 mov ebx,eax ; ebx=eax ;这个值非常重要
004EBA6E |. 8D55 F8 lea edx,dword ptr ss:[ebp-8]
004EBA71 |. 8BC3 mov eax,ebx
004EBA73 |. E8 60D1F1FF call AutoStar.00408BD8 ; F7关键算法
004EBA78 |. 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004EBA7B |. BA 10BB4E00 mov edx,AutoStar.004EBB10 ; ASCII "734618529841"
004EBA80 |. E8 CF87F1FF call AutoStar.00404254
004EBA85 |. 8D45 FC lea eax,dword ptr ss:[ebp-4]
004EBA88 |. E8 2F87F1FF call AutoStar.004041BC
004EBA8D |. 8B45 F4 mov eax,dword ptr ss:[ebp-C] ; EAX=734618529841这个值是个常量
;;;;;;;;;;;;;;;;;;;;;;;搜索全部常数
004EBA90 |. E8 E789F1FF call AutoStar.0040447C
004EBA95 |. 8BD8 mov ebx,eax
004EBA97 |. 85DB test ebx,ebx
004EBA99 |. 7E 3A jle short AutoStar.004EBAD5
004EBA9B |. BE 01000000 mov esi,1 ; ESI=1
004EBAA0 |> /8D45 EC /lea eax,dword ptr ss:[ebp-14]
004EBAA3 |. |8B55 F4 |mov edx,dword ptr ss:[ebp-C] ; EDX=734618529841
004EBAA6 |. |8A5432 FF |mov dl,byte ptr ds:[edx+esi-1]
004EBAAA |. |E8 F588F1FF |call AutoStar.004043A4
004EBAAF |. |8B45 EC |mov eax,dword ptr ss:[ebp-14]
004EBAB2 |. |E8 5DD2F1FF |call AutoStar.00408D14
004EBAB7 |. |8B55 F8 |mov edx,dword ptr ss:[ebp-8] ; EDX=657532891
004EBABA |. |8A5402 FF |mov dl,byte ptr ds:[edx+eax-1] ; DL=RES[I]
004EBABE |. |8D45 F0 |lea eax,dword ptr ss:[ebp-10]
004EBAC1 |. |E8 DE88F1FF |call AutoStar.004043A4
004EBAC6 |. |8B55 F0 |mov edx,dword ptr ss:[ebp-10]
004EBAC9 |. |8D45 FC |lea eax,dword ptr ss:[ebp-4]
004EBACC |. |E8 B389F1FF |call AutoStar.00404484 ; F7 求注册码过程
004EBAD1 |. |46 |inc esi ; ESI++
004EBAD2 |. |4B |dec ebx ; EDX--
004EBAD3 |.^\75 CB \jnz short AutoStar.004EBAA0
004EBAD5 |> 8BC7 mov eax,edi
004EBAD7 |. 8B55 FC mov edx,dword ptr ss:[ebp-4]
004EBADA |. E8 3187F1FF call AutoStar.00404210
004EBADF |. 33C0 xor eax,eax
004EBAE1 |. 5A pop edx
004EBAE2 |. 59 pop ecx
004EBAE3 |. 59 pop ecx
004EBAE4 |. 64:8910 mov dword ptr fs:[eax],edx
004EBAE7 |. 68 01BB4E00 push AutoStar.004EBB01
004EBAEC |> 8D45 EC lea eax,dword ptr ss:[ebp-14]
004EBAEF |. BA 05000000 mov edx,5
004EBAF4 |. E8 E786F1FF call AutoStar.004041E0
004EBAF9 \. C3 retn
=======================================================================call AutoStar.00404484
00404484 $ 85D2 test edx,edx
00404486 . 74 3F je short AutoStar.004044C7
00404488 . 8B08 mov ecx,dword ptr ds:[eax]
0040448A . 85C9 test ecx,ecx
0040448C .^ 0F84 7EFDFFFF je AutoStar.00404210
00404492 . 53 push ebx
00404493 . 56 push esi
00404494 . 57 push edi
00404495 . 89C3 mov ebx,eax
00404497 . 89D6 mov esi,edx ; ESI=EDX
00404499 . 8B79 FC mov edi,dword ptr ds:[ecx-4]
0040449C . 8B56 FC mov edx,dword ptr ds:[esi-4]
0040449F . 01FA add edx,edi ; EDX+EDI
004044A1 . 39CE cmp esi,ecx
004044A3 . 74 17 je short AutoStar.004044BC
004044A5 . E8 5E030000 call AutoStar.00404808
004044AA . 89F0 mov eax,esi
004044AC . 8B4E FC mov ecx,dword ptr ds:[esi-4]
004044AF > 8B13 mov edx,dword ptr ds:[ebx]
004044B1 . 01FA add edx,edi
004044B3 . E8 90E4FFFF call AutoStar.00402948 ; F7求注册码过程
004044B8 . 5F pop edi
004044B9 . 5E pop esi
004044BA . 5B pop ebx
004044BB . C3 retn
=======================================================================call AutoStar.00402948
00402948 /$ 56 push esi
00402949 |. 57 push edi
0040294A |. 89C6 mov esi,eax
0040294C |. 89D7 mov edi,edx
0040294E |. 89C8 mov eax,ecx
00402950 |. 39F7 cmp edi,esi
00402952 |. 77 13 ja short AutoStar.00402967
00402954 |. 74 2F je short AutoStar.00402985
00402956 |. C1F9 02 sar ecx,2
00402959 |. 78 2A js short AutoStar.00402985
0040295B |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[esi]
0040295D |. 89C1 mov ecx,eax
0040295F |. 83E1 03 and ecx,3
00402962 |. F3:A4 rep movs byte ptr es:[edi],byte ptr ds:[esi]
00402964 |. 5F pop edi
00402965 |. 5E pop esi
00402966 |. C3 retn
00402967 |> 8D7431 FC lea esi,dword ptr ds:[ecx+esi-4]
0040296B |. 8D7C39 FC lea edi,dword ptr ds:[ecx+edi-4]
0040296F |. C1F9 02 sar ecx,2
00402972 |. 78 11 js short AutoStar.00402985
00402974 |. FD std
00402975 |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[esi]
00402977 |. 89C1 mov ecx,eax
00402979 |. 83E1 03 and ecx,3 ; ECX&3
0040297C |. 83C6 03 add esi,3 ; ESI+3
0040297F |. 83C7 03 add edi,3
00402982 |. F3:A4 rep movs byte ptr es:[edi],byte ptr ds:[esi]
00402984 |. FC cld
00402985 |> 5F pop edi
00402986 |. 5E pop esi
00402987 \. C3 retn
==================================================================================================
总结:先求出一串值然后利用常量数组的变量作为它的下标取得注册码
根据上述算法很容易得到注册机下面是注册机VC代码。
#include<iostream.h>
#include<string.h>
#include <Windows.h>
#include <stdlib.h>
int tmp[]={7,3,4,6,1,8,5,2,9,8,4,1};
char output[12],sn[12];
void main()
{
int jqm,m;
cout<<"请输入机器码:"<<endl;
cin>>jqm;
/* t=jqm=389463739;
jqm/=0x85;
m=jqm%0x85;
jqm*=0xab;jqm^=0x25CC8FD;
jqm^=m;
jqm-=m;
jqm+=0x7acc468;
t=jqm;
cout<<jqm<<endl;
//利用C代码数值有误差。
//因为数值太大直接利用了汇编代码。
*/
__asm
{
mov eax,jqm
mov ecx,85h
cdq
idiv ecx
imul eax,eax,0ABh
xor eax,25CC8FDh
cdq
xor eax,edx
sub eax,edx
add eax,7ACC468h
mov m,eax
}
cout<<m<<endl;
_itoa(m,output,10);//这里的参数 第一个为要转换的整数,第二个为输出的字符串,第三个为进制,
for(int i=0;i<12;i++)
{
sn[i]=output[tmp[i]-1];
}
cout<<"您的注册码是:";
for( i=0;i<12;i++)
cout<<sn[i];
cout<<endl;
}
我的机器码:389463739
注册码:875269351956
注册后藏在shg1008.sys文件的
[Register]
Key=875269351956