【破解作者】 yijun
【作者邮箱】 yijun8354@sina.com
【使用工具】 OD,PEID
【破解平台】 WinXP
【软件名称】 Quick Screen Recorder
【下载地址】 天空
【软件简介】 Etrusoft Quick Screen Recorder is a tool used for recording screen activity into standard AVI video files. If you move the cursor, launch a new program, type some text, click a few buttons, or select some menus -- anything that you see on your screen -- Quick Screen Recorder will be able to record all these and allow you to play them back later on.
【软件大小】 540K
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
PEID查壳知该软件无壳Microsoft Visual C++ 6.0编写。OD载入很容易来到以下地方:
00404C69 55 push ebp //在此下断
00404C6A 56 push esi
00404C6B 57 push edi
00404C6C 8BE9 mov ebp,ecx
00404C6E 6A 01 push 1
00404C70 E8 7C910200 call qsr.0042DDF1 ; 取用户名
00404C75 8D7D 60 lea edi,dword ptr ss:[ebp+60]
00404C78 8BCF mov ecx,edi
00404C7A E8 FA3E0200 call qsr.00428B79 ; 取注册码
00404C7F 8BCF mov ecx,edi
00404C81 E8 A73E0200 call qsr.00428B2D
00404C86 8D75 64 lea esi,dword ptr ss:[ebp+64]
00404C89 8BCE mov ecx,esi
00404C8B E8 E93E0200 call qsr.00428B79 ; 用户名送EAX
00404C90 8BCE mov ecx,esi
00404C92 E8 963E0200 call qsr.00428B2D
00404C97 8B06 mov eax,dword ptr ds:[esi]
00404C99 8378 F8 02 cmp dword ptr ds:[eax-8],2
00404C9D 7D 26 jge short qsr.00404CC5
00404C9F 6A 40 push 40
00404CA1 68 3CE54500 push qsr.0045E53C ; ASCII "Quick Screen Recorder"
00404CA6 68 24E54500 push qsr.0045E524 ; ASCII "Please input your name."
00404CAB 8BCD mov ecx,ebp
00404CAD E8 C3840200 call qsr.0042D175
00404CB2 8B4C24 1C mov ecx,dword ptr ss:[esp+1C]
00404CB6 64:890D 0000000>mov dword ptr fs:[0],ecx
00404CBD 5F pop edi
00404CBE 5E pop esi
00404CBF 5D pop ebp
00404CC0 5B pop ebx
00404CC1 83C4 18 add esp,18
00404CC4 C3 retn
00404CC5 8A45 5C mov al,byte ptr ss:[ebp+5C]
00404CC8 84C0 test al,al
00404CCA 0F85 1C010000 jnz qsr.00404DEC
00404CD0 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00404CD4 E8 87E3FFFF call qsr.00403060
00404CD9 51 push ecx
00404CDA C74424 28 00000>mov dword ptr ss:[esp+28],0
00404CE2 8BCC mov ecx,esp
00404CE4 896424 14 mov dword ptr ss:[esp+14],esp
00404CE8 56 push esi
00404CE9 E8 12A50200 call qsr.0042F200 ; 测试用户名是否是0
00404CEE 51 push ecx
00404CEF C64424 2C 01 mov byte ptr ss:[esp+2C],1
00404CF4 8BCC mov ecx,esp
00404CF6 896424 20 mov dword ptr ss:[esp+20],esp
00404CFA 57 push edi
00404CFB E8 00A50200 call qsr.0042F200 ; 测试注册码是否是0
00404D00 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
00404D04 C64424 2C 00 mov byte ptr ss:[esp+2C],0
00404D09 E8 92E3FFFF call qsr.004030A0 ; 关键CALL,跟进~~~~~~~~~~~
00404D0E 84C0 test al,al ; 刚才那两处都等就注册成功,此时AL=1~~~
00404D10 75 37 jnz short qsr.00404D49 ; AL=1就注册成功~~~~
00404D12 6A 40 push 40
00404D14 68 3CE54500 push qsr.0045E53C ; ASCII "Quick Screen Recorder"
00404D19 68 DCE44500 push qsr.0045E4DC ; ASCII "Sorry, your registration key is wrong. Please check it and try again."
00404D1E 8BCD mov ecx,ebp
00404D20 E8 50840200 call qsr.0042D175
00404D25 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00404D29 C74424 24 FFFFF>mov dword ptr ss:[esp+24],-1
00404D31 E8 5AE3FFFF call qsr.00403090
00404D36 8B4C24 1C mov ecx,dword ptr ss:[esp+1C]
00404D3A 64:890D 0000000>mov dword ptr fs:[0],ecx
00404D41 5F pop edi
00404D42 5E pop esi
00404D43 5D pop ebp
00404D44 5B pop ebx
00404D45 83C4 18 add esp,18
00404D48 C3 retn
*********************************************************************************************************************************************************
跟进00404D09处CALL来到:
004030A0 6A FF push -1 //一路F8下去~~~~
004030A2 68 C88F4400 push qsr.00448FC8
004030A7 64:A1 00000000 mov eax,dword ptr fs:[0]
004030AD 50 push eax
004030AE 64:8925 0000000>mov dword ptr fs:[0],esp
004030B5 83EC 24 sub esp,24
004030B8 53 push ebx
004030B9 55 push ebp
004030BA 56 push esi
004030BB 57 push edi
004030BC 68 28E24500 push qsr.0045E228 ; ASCII "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"
004030C1 8D4C24 24 lea ecx,dword ptr ss:[esp+24]
004030C5 C74424 40 01000>mov dword ptr ss:[esp+40],1
004030CD E8 27C40200 call qsr.0042F4F9
004030D2 A1 38F44500 mov eax,dword ptr ds:[45F438]
004030D7 894424 2C mov dword ptr ss:[esp+2C],eax
004030DB 8D4C24 48 lea ecx,dword ptr ss:[esp+48]
004030DF C64424 3C 03 mov byte ptr ss:[esp+3C],3
004030E4 E8 905A0200 call qsr.00428B79
004030E9 8D4C24 48 lea ecx,dword ptr ss:[esp+48]
004030ED E8 3B5A0200 call qsr.00428B2D
004030F2 8D4C24 44 lea ecx,dword ptr ss:[esp+44]
004030F6 E8 7E5A0200 call qsr.00428B79
004030FB 8D4C24 44 lea ecx,dword ptr ss:[esp+44]
004030FF E8 295A0200 call qsr.00428B2D
00403104 8B4C24 48 mov ecx,dword ptr ss:[esp+48]
00403108 8B41 F8 mov eax,dword ptr ds:[ecx-8]
0040310B 83F8 02 cmp eax,2
0040310E 0F8C 4F030000 jl qsr.00403463 ; 用户名小于2就跳
00403114 8B5424 44 mov edx,dword ptr ss:[esp+44]
00403118 837A F8 18 cmp dword ptr ds:[edx-8],18
0040311C 0F85 41030000 jnz qsr.00403463 ; 注册码不等于18(16进制)就跳
00403122 8D4424 30 lea eax,dword ptr ss:[esp+30]
00403126 6A 01 push 1
00403128 50 push eax
00403129 8D4C24 50 lea ecx,dword ptr ss:[esp+50]
0040312D E8 C4550200 call qsr.004286F6
00403132 8B00 mov eax,dword ptr ds:[eax]
00403134 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00403138 50 push eax
00403139 C64424 40 04 mov byte ptr ss:[esp+40],4
0040313E E8 4D560200 call qsr.00428790
00403143 8D4C24 30 lea ecx,dword ptr ss:[esp+30]
00403147 8BF0 mov esi,eax
00403149 C64424 3C 03 mov byte ptr ss:[esp+3C],3
0040314E E8 38C30200 call qsr.0042F48B
00403153 8D46 0A lea eax,dword ptr ds:[esi+A]
00403156 B9 3E000000 mov ecx,3E
0040315B 99 cdq
0040315C F7F9 idiv ecx
0040315E 6A 01 push 1
00403160 8D4C24 4C lea ecx,dword ptr ss:[esp+4C]
00403164 8BF2 mov esi,edx
00403166 8D5424 34 lea edx,dword ptr ss:[esp+34]
0040316A 52 push edx
0040316B E8 0A550200 call qsr.0042867A
00403170 8B00 mov eax,dword ptr ds:[eax]
00403172 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00403176 50 push eax
00403177 C64424 40 05 mov byte ptr ss:[esp+40],5
0040317C E8 0F560200 call qsr.00428790
00403181 8D4C24 30 lea ecx,dword ptr ss:[esp+30]
00403185 8BF8 mov edi,eax
00403187 C64424 3C 03 mov byte ptr ss:[esp+3C],3
0040318C E8 FAC20200 call qsr.0042F48B
00403191 8D47 0A lea eax,dword ptr ds:[edi+A]
00403194 B9 3E000000 mov ecx,3E
00403199 99 cdq
0040319A F7F9 idiv ecx
0040319C A1 38F44500 mov eax,dword ptr ds:[45F438]
004031A1 894424 28 mov dword ptr ss:[esp+28],eax
004031A5 8BCA mov ecx,edx
004031A7 894424 24 mov dword ptr ss:[esp+24],eax
004031AB 894424 1C mov dword ptr ss:[esp+1C],eax
004031AF 894424 18 mov dword ptr ss:[esp+18],eax
004031B3 894424 14 mov dword ptr ss:[esp+14],eax
004031B7 894424 10 mov dword ptr ss:[esp+10],eax
004031BB 8BC1 mov eax,ecx
004031BD BF 0A000000 mov edi,0A
004031C2 99 cdq
004031C3 F7FF idiv edi
004031C5 8BC1 mov eax,ecx
004031C7 B3 0B mov bl,0B
004031C9 0FAFC1 imul eax,ecx
004031CC 8BCF mov ecx,edi
004031CE 885C24 3C mov byte ptr ss:[esp+3C],bl
004031D2 52 push edx
004031D3 99 cdq
004031D4 F7F9 idiv ecx
004031D6 8D04F5 00000000 lea eax,dword ptr ds:[esi*8]
004031DD 2BC6 sub eax,esi
004031DF 52 push edx
004031E0 99 cdq
004031E1 F7F9 idiv ecx
004031E3 8BC6 mov eax,esi
004031E5 52 push edx
004031E6 99 cdq
004031E7 F7F9 idiv ecx
004031E9 52 push edx
004031EA 8D5424 38 lea edx,dword ptr ss:[esp+38]
004031EE 68 1CE24500 push qsr.0045E21C ; ASCII "%d%d%d%d"
004031F3 52 push edx
004031F4 E8 D8580200 call qsr.00428AD1 //由我们的用户名得到一个4位数,我的是4893
004031F9 83C4 18 add esp,18
004031FC 6A 04 push 4
004031FE 8D4424 34 lea eax,dword ptr ss:[esp+34]
00403202 6A 00 push 0
00403204 50 push eax
00403205 8D4C24 50 lea ecx,dword ptr ss:[esp+50]
00403209 E8 D6530200 call qsr.004285E4
0040320E 50 push eax
0040320F 8D4C24 28 lea ecx,dword ptr ss:[esp+28]
00403213 C64424 40 0C mov byte ptr ss:[esp+40],0C
00403218 E8 A7C30200 call qsr.0042F5C4
0040321D 8D4C24 30 lea ecx,dword ptr ss:[esp+30]
00403221 885C24 3C mov byte ptr ss:[esp+3C],bl
00403225 E8 61C20200 call qsr.0042F48B
0040322A 6A 04 push 4
0040322C 8D4C24 34 lea ecx,dword ptr ss:[esp+34]
00403230 6A 05 push 5
00403232 51 push ecx
00403233 8D4C24 50 lea ecx,dword ptr ss:[esp+50]
00403237 E8 A8530200 call qsr.004285E4
0040323C 50 push eax
0040323D 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00403241 C64424 40 0D mov byte ptr ss:[esp+40],0D
00403246 E8 79C30200 call qsr.0042F5C4
0040324B 8D4C24 30 lea ecx,dword ptr ss:[esp+30]
0040324F 885C24 3C mov byte ptr ss:[esp+3C],bl
00403253 E8 33C20200 call qsr.0042F48B
00403258 6A 04 push 4
0040325A 8D5424 34 lea edx,dword ptr ss:[esp+34]
0040325E 57 push edi
0040325F 52 push edx
00403260 8D4C24 50 lea ecx,dword ptr ss:[esp+50]
00403264 E8 7B530200 call qsr.004285E4
00403269 50 push eax
0040326A 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
0040326E C64424 40 0E mov byte ptr ss:[esp+40],0E
00403273 E8 4CC30200 call qsr.0042F5C4
00403278 8D4C24 30 lea ecx,dword ptr ss:[esp+30]
0040327C 885C24 3C mov byte ptr ss:[esp+3C],bl
00403280 E8 06C20200 call qsr.0042F48B
00403285 6A 04 push 4
00403287 8D4424 34 lea eax,dword ptr ss:[esp+34]
0040328B 6A 0F push 0F
0040328D 50 push eax
0040328E 8D4C24 50 lea ecx,dword ptr ss:[esp+50]
00403292 E8 4D530200 call qsr.004285E4
00403297 50 push eax
00403298 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
0040329C C64424 40 0F mov byte ptr ss:[esp+40],0F
004032A1 E8 1EC30200 call qsr.0042F5C4
004032A6 8D4C24 30 lea ecx,dword ptr ss:[esp+30]
004032AA 885C24 3C mov byte ptr ss:[esp+3C],bl
004032AE E8 D8C10200 call qsr.0042F48B
004032B3 6A 04 push 4
004032B5 8D4C24 34 lea ecx,dword ptr ss:[esp+34]
004032B9 6A 14 push 14
004032BB 51 push ecx
004032BC 8D4C24 50 lea ecx,dword ptr ss:[esp+50]
004032C0 E8 1F530200 call qsr.004285E4
004032C5 50 push eax
004032C6 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
004032CA C64424 40 10 mov byte ptr ss:[esp+40],10
004032CF E8 F0C20200 call qsr.0042F5C4
004032D4 8D4C24 30 lea ecx,dword ptr ss:[esp+30]
004032D8 885C24 3C mov byte ptr ss:[esp+3C],bl
004032DC E8 AAC10200 call qsr.0042F48B
004032E1 8B7424 24 mov esi,dword ptr ss:[esp+24] ; 注册码1到4位送ESI
004032E5 8B4424 28 mov eax,dword ptr ss:[esp+28] ; 4893送EAX
004032E9 8A10 mov dl,byte ptr ds:[eax] ; [eax]送DL
004032EB 8A1E mov bl,byte ptr ds:[esi] ; [ESI]送BL
004032ED 8ACA mov cl,dl ; DL送CL
004032EF 3AD3 cmp dl,bl ; DL和BL比较
004032F1 75 1E jnz short qsr.00403311 ; 不等就跳(不能跳)
004032F3 84C9 test cl,cl
004032F5 74 16 je short qsr.0040330D
004032F7 8A50 01 mov dl,byte ptr ds:[eax+1] ; [eax+1]送DL
004032FA 8A5E 01 mov bl,byte ptr ds:[esi+1] ; [esi+1]送BL
004032FD 8ACA mov cl,dl
004032FF 3AD3 cmp dl,bl ; DL和BL比较
00403301 75 0E jnz short qsr.00403311 ; 不等就跳(不能跳)
00403303 83C0 02 add eax,2 ; EAX加2
00403306 83C6 02 add esi,2 ; ESI加2
00403309 84C9 test cl,cl
0040330B ^ 75 DC jnz short qsr.004032E9
0040330D 33C0 xor eax,eax
0040330F EB 05 jmp short qsr.00403316
00403311 1BC0 sbb eax,eax
00403313 83D8 FF sbb eax,-1
00403316 85C0 test eax,eax
00403318 74 0E je short qsr.00403328
0040331A C64424 3C 0A mov byte ptr ss:[esp+3C],0A
0040331F 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00403323 E9 F0000000 jmp qsr.00403418
00403328 8B4424 1C mov eax,dword ptr ss:[esp+1C] ; 注册码6到9位送EAX
0040332C 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
00403330 8B40 F8 mov eax,dword ptr ds:[eax-8]
00403333 50 push eax
00403334 E8 82C50200 call qsr.0042F8BB ; 注册码6到9位送EAX
00403339 50 push eax
0040333A E8 466D0100 call qsr.0041A085 ; 注册码6到9位转换成16进制送EAX
0040333F 8B4C24 1C mov ecx,dword ptr ss:[esp+1C] ; 注册码11到14位送ECX
00403343 83C4 04 add esp,4
00403346 8BF0 mov esi,eax ; 注册码6到9位的16进制送ESI
00403348 8B41 F8 mov eax,dword ptr ds:[ecx-8]
0040334B 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
0040334F 50 push eax
00403350 E8 66C50200 call qsr.0042F8BB ; 注册码11到14位送ECX
00403355 50 push eax
00403356 E8 2A6D0100 call qsr.0041A085 ; 注册码11到14位转换为16进制送EAX
0040335B 8B5424 18 mov edx,dword ptr ss:[esp+18] ; 注册码16到19位送EDX
0040335F 83C4 04 add esp,4
00403362 8BF8 mov edi,eax ; 注册码11到14位的16进制送EDI
00403364 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00403368 8B42 F8 mov eax,dword ptr ds:[edx-8]
0040336B 50 push eax
0040336C E8 4AC50200 call qsr.0042F8BB ; 注册码16到19位送EDX
00403371 50 push eax
00403372 E8 0E6D0100 call qsr.0041A085 ; 注册码16到19位转换成16进制送EAX
00403377 8BD8 mov ebx,eax ; EAX送EBX
00403379 8B4424 14 mov eax,dword ptr ss:[esp+14] ; 注册码21到24位送EAX
0040337D 83C4 04 add esp,4
00403380 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00403384 8B40 F8 mov eax,dword ptr ds:[eax-8]
00403387 50 push eax
00403388 E8 2EC50200 call qsr.0042F8BB ; 注册码21到24位送EAX
0040338D 50 push eax
0040338E E8 F26C0100 call qsr.0041A085 ; 注册码21到24位转换成16进制送EAX
00403393 83C4 04 add esp,4
00403396 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
0040339A 8BE8 mov ebp,eax ; EAX送EBP
0040339C 6A FF push -1
0040339E E8 67C50200 call qsr.0042F90A ; 注册码6到9位送ECX,长度送EAX
004033A3 6A FF push -1
004033A5 8D4C24 1C lea ecx,dword ptr ss:[esp+1C] ; [esp+1C]送ECX
004033A9 E8 5CC50200 call qsr.0042F90A ; 注册码11到14位送ECX,长度送EAX
004033AE 6A FF push -1
004033B0 8D4C24 18 lea ecx,dword ptr ss:[esp+18] ; [esp+18]送ECX
004033B4 E8 51C50200 call qsr.0042F90A ; 注册码16到19位送ECX,长度送EAX
004033B9 6A FF push -1
004033BB 8D4C24 14 lea ecx,dword ptr ss:[esp+14] ; [esp+14]送ECX
004033BF E8 46C50200 call qsr.0042F90A ; 注册码21到24位送ECX,长度送EAX
004033C4 8D8CB6 04AB0000 lea ecx,dword ptr ds:[esi+esi*4+AB04] ; [esi+esi*4+AB04]送ECX
004033CB 8D844E 34220000 lea eax,dword ptr ds:[esi+ecx*2+2234] ; [esi+ecx*2+2234]送EAX
004033D2 B9 10270000 mov ecx,2710 ; 2710(10进制的10000)送ECX
004033D7 D1E0 shl eax,1 ; EAX左移1位
004033D9 99 cdq ; EAX扩展
004033DA F7F9 idiv ecx ; EAX除以ECX,商在EAX中,余数在EDX中
004033DC 3BFA cmp edi,edx ; EDX和注册码11到14位的16进制比较
004033DE 74 0B je short qsr.004033EB ; 相等就跳(必须跳)
004033E0 C64424 3C 0A mov byte ptr ss:[esp+3C],0A
004033E5 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004033E9 EB 2D jmp short qsr.00403418
004033EB 8D83 CAEAFFFF lea eax,dword ptr ds:[ebx-1536] ; [ebx-1536]送EAX
004033F1 81C3 E2090000 add ebx,9E2 ; 16到19位注册码16进制加9E2
004033F7 99 cdq ; EBX扩展
004033F8 33C2 xor eax,edx ; EAX和EDX取异或
004033FA B9 10270000 mov ecx,2710 ; 2710(10进制的10000)送ECX
004033FF 2BC2 sub eax,edx ; EAX减去EDX
00403401 C64424 3C 0A mov byte ptr ss:[esp+3C],0A ; 0A送[esp+3C]
00403406 0FAFC3 imul eax,ebx ; EAX乘以EBX
00403409 99 cdq
0040340A F7F9 idiv ecx ; EAX除以ECX,商在EAX中,余数在EDX中
0040340C 8D4C24 10 lea ecx,dword ptr ss:[esp+10] ; [esp+10]送ECX
00403410 3BEA cmp ebp,edx ; 注册码最后4位和EDX比较
00403412 0F84 8D000000 je qsr.004034A5 ; 等就跳(必须跳)
00403418 E8 6EC00200 call qsr.0042F48B ;
0040341D 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00403421 C64424 3C 09 mov byte ptr ss:[esp+3C],9
00403426 E8 60C00200 call qsr.0042F48B
0040342B 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
0040342F C64424 3C 08 mov byte ptr ss:[esp+3C],8
00403434 E8 52C00200 call qsr.0042F48B
00403439 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
0040343D C64424 3C 07 mov byte ptr ss:[esp+3C],7
00403442 E8 44C00200 call qsr.0042F48B
00403447 8D4C24 24 lea ecx,dword ptr ss:[esp+24]
0040344B C64424 3C 06 mov byte ptr ss:[esp+3C],6
00403450 E8 36C00200 call qsr.0042F48B
00403455 8D4C24 28 lea ecx,dword ptr ss:[esp+28]
00403459 C64424 3C 03 mov byte ptr ss:[esp+3C],3
0040345E E8 28C00200 call qsr.0042F48B
00403463 8D4C24 2C lea ecx,dword ptr ss:[esp+2C]
00403467 C64424 3C 02 mov byte ptr ss:[esp+3C],2
0040346C E8 1AC00200 call qsr.0042F48B
00403471 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00403475 C64424 3C 01 mov byte ptr ss:[esp+3C],1
0040347A E8 0CC00200 call qsr.0042F48B
0040347F 8D4C24 44 lea ecx,dword ptr ss:[esp+44]
00403483 C64424 3C 00 mov byte ptr ss:[esp+3C],0
00403488 E8 FEBF0200 call qsr.0042F48B
0040348D 8D4C24 48 lea ecx,dword ptr ss:[esp+48]
00403491 C74424 3C FFFFF>mov dword ptr ss:[esp+3C],-1
00403499 E8 EDBF0200 call qsr.0042F48B
0040349E 32C0 xor al,al ; AL清0
004034A0 E9 88000000 jmp qsr.0040352D
004034A5 E8 E1BF0200 call qsr.0042F48B //以上两处均跳则来到这里,F8下去~~~~~~~~
004034AA 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
004034AE C64424 3C 09 mov byte ptr ss:[esp+3C],9
004034B3 E8 D3BF0200 call qsr.0042F48B
004034B8 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
004034BC C64424 3C 08 mov byte ptr ss:[esp+3C],8
004034C1 E8 C5BF0200 call qsr.0042F48B
004034C6 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
004034CA C64424 3C 07 mov byte ptr ss:[esp+3C],7
004034CF E8 B7BF0200 call qsr.0042F48B
004034D4 8D4C24 24 lea ecx,dword ptr ss:[esp+24]
004034D8 C64424 3C 06 mov byte ptr ss:[esp+3C],6
004034DD E8 A9BF0200 call qsr.0042F48B
004034E2 8D4C24 28 lea ecx,dword ptr ss:[esp+28]
004034E6 C64424 3C 03 mov byte ptr ss:[esp+3C],3
004034EB E8 9BBF0200 call qsr.0042F48B
004034F0 8D4C24 2C lea ecx,dword ptr ss:[esp+2C]
004034F4 C64424 3C 02 mov byte ptr ss:[esp+3C],2
004034F9 E8 8DBF0200 call qsr.0042F48B
004034FE 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00403502 C64424 3C 01 mov byte ptr ss:[esp+3C],1
00403507 E8 7FBF0200 call qsr.0042F48B
0040350C 8D4C24 44 lea ecx,dword ptr ss:[esp+44]
00403510 C64424 3C 00 mov byte ptr ss:[esp+3C],0
00403515 E8 71BF0200 call qsr.0042F48B
0040351A 8D4C24 48 lea ecx,dword ptr ss:[esp+48]
0040351E C74424 3C FFFFF>mov dword ptr ss:[esp+3C],-1
00403526 E8 60BF0200 call qsr.0042F48B
0040352B B0 01 mov al,1
0040352D 8B4C24 34 mov ecx,dword ptr ss:[esp+34]
00403531 5F pop edi
00403532 5E pop esi
00403533 5D pop ebp
00403534 5B pop ebx
00403535 64:890D 0000000>mov dword ptr fs:[0],ecx
0040353C 83C4 30 add esp,30
0040353F C2 0800 retn 8
--------------------------------------------------------------------------------
【破解总结】
用户名必须大于2,注册码必须为24位。注册码前4位由用户名决定,11到14位由6到9位决定,21到24由16到19位决定,5,10,15,20任意^-^
用户名:yijun
注册码:4893*7777*3726*7777*0529
--------------------------------------------------------------------------------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!