【破解作者】 yijun
【作者邮箱】 yijun8354@sina.com
【使用工具】 DeDe,OD,peid
【破解平台】 Win9x/NT/2000/XP
【软件名称】 e族百变桌面7.33
【下载地址】 天空
【软件简介】 桌面美化工具!!!!!!!!!
【软件大小】 2.34M
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
peid查知道该软件无壳,Borland Delphi 6.0 - 7.0语言编写,因为该软件的注册方式不是直接弹出错误对话框,
OD插件也没找到什么有价值信息,所以决定用DeDe试试^-^
因为该软件认证方式是点“下一步”来确认,而在DeDe中又找到“bnNextClick”和“bnPrevClick”字样,所以
判断关键在“bnNextClick”里,具体分析如下^-^
005AD508 /. 55 push ebp //在此下断
005AD509 |. 8BEC mov ebp,esp
005AD50B |. 33C9 xor ecx,ecx
005AD50D |. 51 push ecx
005AD50E |. 51 push ecx
005AD50F |. 51 push ecx
005AD510 |. 51 push ecx
005AD511 |. 51 push ecx
005AD512 |. 51 push ecx
005AD513 |. 53 push ebx
005AD514 |. 8BD8 mov ebx,eax ; EAX=134FB58送EBX
005AD516 |. 33C0 xor eax,eax ; EAX清0
005AD518 |. 55 push ebp
005AD519 |. 68 CDD65A00 push ePaper.005AD6CD
005AD51E |. 64:FF30 push dword ptr fs:[eax]
005AD521 |. 64:8920 mov dword ptr fs:[eax],esp
005AD524 |. B2 01 mov dl,1
005AD526 |. 8B83 04030000 mov eax,dword ptr ds:[ebx+304]
005AD52C |. 8B08 mov ecx,dword ptr ds:[eax]
005AD52E |. FF51 64 call dword ptr ds:[ecx+64]
005AD531 |. B2 01 mov dl,1
005AD533 |. 8B83 0C030000 mov eax,dword ptr ds:[ebx+30C]
005AD539 |. 8B08 mov ecx,dword ptr ds:[eax]
005AD53B |. FF51 64 call dword ptr ds:[ecx+64]
005AD53E |. 8B83 C4030000 mov eax,dword ptr ds:[ebx+3C4]
005AD544 |. 48 dec eax ; Switch (cases 1..6)
005AD545 |. 74 11 je short ePaper.005AD558
005AD547 |. 48 dec eax
005AD548 |. 74 64 je short ePaper.005AD5AE
005AD54A |. 83E8 04 sub eax,4
005AD54D |. 0F84 D0000000 je ePaper.005AD623
005AD553 |. E9 3A010000 jmp ePaper.005AD692
005AD558 |> 8B83 38030000 mov eax,dword ptr ds:[ebx+338] ; Case 1 of switch 005AD544
005AD55E |. 8B10 mov edx,dword ptr ds:[eax]
005AD560 |. FF92 C8000000 call dword ptr ds:[edx+C8]
005AD566 |. 84C0 test al,al
005AD568 |. 74 2E je short ePaper.005AD598
005AD56A |. FFB3 BC030000 push dword ptr ds:[ebx+3BC] ; /Arg2
005AD570 |. FFB3 B8030000 push dword ptr ds:[ebx+3B8] ; |Arg1
005AD576 |. 8D45 FC lea eax,dword ptr ss:[ebp-4] ; |
005AD579 |. E8 EEC9E5FF call ePaper.00409F6C ; \ePaper.00409F6C
005AD57E |. 8B55 FC mov edx,dword ptr ss:[ebp-4]
005AD581 |. 8B83 1C030000 mov eax,dword ptr ds:[ebx+31C]
005AD587 |. E8 A408EDFF call ePaper.0047DE30
005AD58C |. C783 C4030000>mov dword ptr ds:[ebx+3C4],2
005AD596 |. EB 0A jmp short ePaper.005AD5A2
005AD598 |> C783 C4030000>mov dword ptr ds:[ebx+3C4],6
005AD5A2 |> 8BC3 mov eax,ebx
005AD5A4 |. E8 33FCFFFF call ePaper.005AD1DC
005AD5A9 |. E9 E4000000 jmp ePaper.005AD692
005AD5AE |> 8D55 F8 lea edx,dword ptr ss:[ebp-8] ; Case 2 of switch 005AD544
005AD5B1 |. 8B83 20030000 mov eax,dword ptr ds:[ebx+320]
005AD5B7 |. E8 4408EDFF call ePaper.0047DE00 ; 取假码,长度送EAX
005AD5BC |. 837D F8 00 cmp dword ptr ss:[ebp-8],0 ; 和0比较
005AD5C0 |. 75 0C jnz short ePaper.005AD5CE ; 不为空就跳
005AD5C2 |. C783 C4030000>mov dword ptr ds:[ebx+3C4],5
005AD5CC |. EB 07 jmp short ePaper.005AD5D5
005AD5CE |> 8BC3 mov eax,ebx ; EBX=134FB58送EAX
005AD5D0 |. E8 EBFDFFFF call ePaper.005AD3C0 ; 跟进
005AD5D5 |> 83BB C4030000>cmp dword ptr ds:[ebx+3C4],5
005AD5DC |. 75 22 jnz short ePaper.005AD600
005AD5DE |. 8D4D F4 lea ecx,dword ptr ss:[ebp-C]
005AD5E1 |. A1 7C125E00 mov eax,dword ptr ds:[5E127C]
005AD5E6 |. 8B00 mov eax,dword ptr ds:[eax]
005AD5E8 |. BA E4D65A00 mov edx,ePaper.005AD6E4 ; ASCII "RegCodeErr"
005AD5ED |. E8 9E3CE7FF call ePaper.00421290
005AD5F2 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
005AD5F5 |. 8B83 70030000 mov eax,dword ptr ds:[ebx+370]
005AD5FB |. E8 3008EDFF call ePaper.0047DE30
005AD600 |> 33D2 xor edx,edx
005AD602 |. 8B83 04030000 mov eax,dword ptr ds:[ebx+304]
005AD608 |. 8B08 mov ecx,dword ptr ds:[eax]
005AD60A |. FF51 64 call dword ptr ds:[ecx+64]
005AD60D |. 33D2 xor edx,edx
005AD60F |. 8B83 0C030000 mov eax,dword ptr ds:[ebx+30C]
005AD615 |. 8B08 mov ecx,dword ptr ds:[eax]
=========================================================================================================
跟进005AD5D0处CALL来到:
005AD3C0 $ 55 push ebp
005AD3C1 . 8BEC mov ebp,esp
005AD3C3 . 83C4 E4 add esp,-1C
005AD3C6 . 53 push ebx
005AD3C7 . 56 push esi
005AD3C8 . 57 push edi
005AD3C9 . 33D2 xor edx,edx
005AD3CB . 8955 E4 mov dword ptr ss:[ebp-1C],edx ; [ebp-1c]=0
005AD3CE . 8955 E8 mov dword ptr ss:[ebp-18],edx ; [ebp-18]=0
005AD3D1 . 8955 EC mov dword ptr ss:[ebp-14],edx ; [ebp-14]=0
005AD3D4 . 8945 FC mov dword ptr ss:[ebp-4],eax ; EAX=134FB58送[ebp-4]
005AD3D7 . 33C0 xor eax,eax ; EAX清0
005AD3D9 . 55 push ebp
005AD3DA . 68 E4D45A00 push ePaper.005AD4E4
005AD3DF . 64:FF30 push dword ptr fs:[eax]
005AD3E2 . 64:8920 mov dword ptr fs:[eax],esp
005AD3E5 . 33C0 xor eax,eax
005AD3E7 . 55 push ebp
005AD3E8 . 68 AAD45A00 push ePaper.005AD4AA
005AD3ED . 64:FF30 push dword ptr fs:[eax]
005AD3F0 . 64:8920 mov dword ptr fs:[eax],esp
005AD3F3 . 8D55 EC lea edx,dword ptr ss:[ebp-14] ; [ebp-14]地址送EDX
005AD3F6 . 8B45 FC mov eax,dword ptr ss:[ebp-4] ; [ebp-4]=134FB58送EAX
005AD3F9 . 8B80 20030000 mov eax,dword ptr ds:[eax+320] ; [eax+320]=135B4E8送EAX
005AD3FF . E8 FC09EDFF call ePaper.0047DE00 ; 计算假码长度
005AD404 . 8B45 EC mov eax,dword ptr ss:[ebp-14] ; 假码送EAX
005AD407 . E8 24CCE5FF call ePaper.0040A030 ; 假码变为16进制
005AD40C . 8945 F0 mov dword ptr ss:[ebp-10],eax ; 假码16进制值送[ebp-10]
005AD40F . 8955 F4 mov dword ptr ss:[ebp-C],edx ; [ebp-C]=0
005AD412 . 8B45 FC mov eax,dword ptr ss:[ebp-4] ; [ebp-4]送EAX
005AD415 . FFB0 BC030000 push dword ptr ds:[eax+3BC]
005AD41B . FFB0 B8030000 push dword ptr ds:[eax+3B8] ; 机器码16进制入栈
005AD421 . FF75 F4 push dword ptr ss:[ebp-C]
005AD424 . FF75 F0 push dword ptr ss:[ebp-10] ; 假码16进制入栈
005AD427 . B0 01 mov al,1 ; AL=1
005AD429 . E8 B6D7F3FF call ePaper.004EABE4 ; 跟进
005AD42E . 8B15 840E5E00 mov edx,dword ptr ds:[5E0E84] ; ePaper.005E2F64
005AD434 . 8802 mov byte ptr ds:[edx],al
005AD436 . A1 840E5E00 mov eax,dword ptr ds:[5E0E84]
005AD43B . 8038 00 cmp byte ptr ds:[eax],0
005AD43E . 74 53 je short ePaper.005AD493
005AD440 . 8B45 FC mov eax,dword ptr ss:[ebp-4]
005AD443 . C780 C4030000>mov dword ptr ds:[eax+3C4],4
005AD44D . FF75 F4 push dword ptr ss:[ebp-C] ; /Arg2
005AD450 . FF75 F0 push dword ptr ss:[ebp-10] ; |Arg1
005AD453 . 8D45 E8 lea eax,dword ptr ss:[ebp-18] ; |
005AD456 . E8 11CBE5FF call ePaper.00409F6C ; \ePaper.00409F6C
005AD45B . 8B55 E8 mov edx,dword ptr ss:[ebp-18]
005AD45E . 8B45 FC mov eax,dword ptr ss:[ebp-4]
005AD461 . 8B80 44030000 mov eax,dword ptr ds:[eax+344]
005AD467 . E8 C409EDFF call ePaper.0047DE30
005AD46C . 8D4D E4 lea ecx,dword ptr ss:[ebp-1C]
005AD46F . A1 7C125E00 mov eax,dword ptr ds:[5E127C]
005AD474 . 8B00 mov eax,dword ptr ds:[eax]
005AD476 . BA FCD45A00 mov edx,ePaper.005AD4FC ; ASCII "BuyClose"
005AD47B . E8 103EE7FF call ePaper.00421290
005AD480 . 8B55 E4 mov edx,dword ptr ss:[ebp-1C]
005AD483 . 8B45 FC mov eax,dword ptr ss:[ebp-4]
005AD486 . 8B80 08030000 mov eax,dword ptr ds:[eax+308]
005AD48C . E8 9F09EDFF call ePaper.0047DE30
005AD491 . EB 0D jmp short ePaper.005AD4A0
005AD493 > 8B45 FC mov eax,dword ptr ss:[ebp-4]
005AD496 . C780 C4030000>mov dword ptr ds:[eax+3C4],5
005AD4A0 > 33C0 xor eax,eax
005AD4A2 . 5A pop edx
005AD4A3 . 59 pop ecx
005AD4A4 . 59 pop ecx
005AD4A5 . 64:8910 mov dword ptr fs:[eax],edx
005AD4A8 . EB 17 jmp short ePaper.005AD4C1
005AD4AA .^ E9 996DE5FF jmp ePaper.00404248
005AD4AF . 8B45 FC mov eax,dword ptr ss:[ebp-4]
005AD4B2 . C780 C4030000>mov dword ptr ds:[eax+3C4],5
005AD4BC . E8 B371E5FF call ePaper.00404674
005AD4C1 > 33C0 xor eax,eax
005AD4C3 . 5A pop edx
005AD4C4 . 59 pop ecx
005AD4C5 . 59 pop ecx
005AD4C6 . 64:8910 mov dword ptr fs:[eax],edx
005AD4C9 . 68 EBD45A00 push ePaper.005AD4EB
005AD4CE > 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
005AD4D1 . BA 02000000 mov edx,2
005AD4D6 . E8 A577E5FF call ePaper.00404C80
005AD4DB . 8D45 EC lea eax,dword ptr ss:[ebp-14]
005AD4DE . E8 7977E5FF call ePaper.00404C5C
005AD4E3 . C3 retn
005AD4E4 .^ E9 1370E5FF jmp ePaper.004044FC
005AD4E9 .^ EB E3 jmp short ePaper.005AD4CE
005AD4EB . 5F pop edi
005AD4EC . 5E pop esi
005AD4ED . 5B pop ebx
005AD4EE . 8BE5 mov esp,ebp
005AD4F0 . 5D pop ebp
005AD4F1 . C3 retn
*********************************************************************************************************
跟进005AD429处CALL来到:
004EABE4 /$ 55 push ebp
004EABE5 |. 8BEC mov ebp,esp
004EABE7 |. 83C4 F8 add esp,-8
004EABEA |. 53 push ebx
004EABEB |. 56 push esi
004EABEC |. 33D2 xor edx,edx
004EABEE |. 8955 F8 mov dword ptr ss:[ebp-8],edx
004EABF1 |. 8845 FF mov byte ptr ss:[ebp-1],al
004EABF4 |. 33C0 xor eax,eax ; EAX清0
004EABF6 |. 55 push ebp
004EABF7 |. 68 7BAC4E00 push ePaper.004EAC7B
004EABFC |. 64:FF30 push dword ptr fs:[eax]
004EABFF |. 64:8920 mov dword ptr fs:[eax],esp
004EAC02 |. 33DB xor ebx,ebx
004EAC04 |. FF75 14 push dword ptr ss:[ebp+14]
004EAC07 |. FF75 10 push dword ptr ss:[ebp+10]
004EAC0A |. E8 B1000000 call ePaper.004EACC0 ; 跟进
004EAC0F |. 3B55 0C cmp edx,dword ptr ss:[ebp+C]
004EAC12 |. 75 07 jnz short ePaper.004EAC1B
004EAC14 |. 3B45 08 cmp eax,dword ptr ss:[ebp+8] ; 关键比较
004EAC17 |. 75 02 jnz short ePaper.004EAC1B ; 关键跳
004EAC19 |. B3 01 mov bl,1 ;正确的话BL=1
004EAC1B |> 807D FF 00 cmp byte ptr ss:[ebp-1],0 ;错误的话[ebp-1]=0
004EAC1F |. 74 44 je short ePaper.004EAC65
004EAC21 |. B2 01 mov dl,1
004EAC23 |. A1 3C644500 mov eax,dword ptr ds:[45643C]
004EAC28 |. E8 0FB9F6FF call ePaper.0045653C
004EAC2D |. 8BF0 mov esi,eax
004EAC2F |. B1 01 mov cl,1
004EAC31 |. BA 94AC4E00 mov edx,ePaper.004EAC94 ; ASCII "\Software\eNation\ePaper"
004EAC36 |. 8BC6 mov eax,esi
004EAC38 |. E8 03BAF6FF call ePaper.00456640
004EAC3D |. 84C0 test al,al
004EAC3F |. 74 1D je short ePaper.004EAC5E
004EAC41 |. FF75 0C push dword ptr ss:[ebp+C] ; /Arg2
004EAC44 |. FF75 08 push dword ptr ss:[ebp+8] ; |Arg1
004EAC47 |. 8D45 F8 lea eax,dword ptr ss:[ebp-8] ; |
004EAC4A |. E8 1DF3F1FF call ePaper.00409F6C ; \ePaper.00409F6C
004EAC4F |. 8B4D F8 mov ecx,dword ptr ss:[ebp-8]
004EAC52 |. BA B8AC4E00 mov edx,ePaper.004EACB8 ; ASCII "RegCode"
004EAC57 |. 8BC6 mov eax,esi
004EAC59 |. E8 7EBBF6FF call ePaper.004567DC
004EAC5E |> 8BC6 mov eax,esi
004EAC60 |. E8 FB90F1FF call ePaper.00403D60
004EAC65 |> 33C0 xor eax,eax
004EAC67 |. 5A pop edx
004EAC68 |. 59 pop ecx
004EAC69 |. 59 pop ecx
004EAC6A |. 64:8910 mov dword ptr fs:[eax],edx
004EAC6D |. 68 82AC4E00 push ePaper.004EAC82
004EAC72 |> 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004EAC75 |. E8 E29FF1FF call ePaper.00404C5C
004EAC7A \. C3 retn
004EAC7B .^ E9 7C98F1FF jmp ePaper.004044FC
004EAC80 .^ EB F0 jmp short ePaper.004EAC72
004EAC82 . 8BC3 mov eax,ebx
004EAC84 . 5E pop esi
004EAC85 . 5B pop ebx
004EAC86 . 59 pop ecx
004EAC87 . 59 pop ecx
004EAC88 . 5D pop ebp
004EAC89 . C2 1000 retn 10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
跟进004EAC0A处CALL来到:
004EACC0 /$ 55 push ebp
004EACC1 |. 8BEC mov ebp,esp
004EACC3 |. 83C4 E0 add esp,-20
004EACC6 |. 53 push ebx
004EACC7 |. 56 push esi
004EACC8 |. 33C0 xor eax,eax
004EACCA |. 8945 E0 mov dword ptr ss:[ebp-20],eax
004EACCD |. 8945 EC mov dword ptr ss:[ebp-14],eax
004EACD0 |. 8945 E8 mov dword ptr ss:[ebp-18],eax
004EACD3 |. 8945 E4 mov dword ptr ss:[ebp-1C],eax
004EACD6 |. 33C0 xor eax,eax ; EAX清0
004EACD8 |. 55 push ebp
004EACD9 |. 68 CFAD4E00 push ePaper.004EADCF
004EACDE |. 64:FF30 push dword ptr fs:[eax]
004EACE1 |. 64:8920 mov dword ptr fs:[eax],esp
004EACE4 |. FF75 0C push dword ptr ss:[ebp+C] ; /Arg2
004EACE7 |. FF75 08 push dword ptr ss:[ebp+8] ; |机器码16进制入栈
004EACEA |. 8D45 EC lea eax,dword ptr ss:[ebp-14] ; |
004EACED |. E8 7AF2F1FF call ePaper.00409F6C ; \ePaper.00409F6C
004EACF2 |. 8B45 08 mov eax,dword ptr ss:[ebp+8]
004EACF5 |. 8945 F0 mov dword ptr ss:[ebp-10],eax
004EACF8 |. 8B45 0C mov eax,dword ptr ss:[ebp+C]
004EACFB |. 8945 F4 mov dword ptr ss:[ebp-C],eax
004EACFE |. 8B45 EC mov eax,dword ptr ss:[ebp-14] ; 机器码送EAX
004EAD01 |. E8 16A2F1FF call ePaper.00404F1C ; 计算机器码长度,送EAX
004EAD06 |. 8BD8 mov ebx,eax ; EAX送EBX
004EAD08 |. 85DB test ebx,ebx
004EAD0A |. 7E 56 jle short ePaper.004EAD62 ; 为空就跳
004EAD0C |. BE 01000000 mov esi,1 ; ESI=1
004EAD11 |> 8D45 E0 /lea eax,dword ptr ss:[ebp-20]
004EAD14 |. 8B55 EC |mov edx,dword ptr ss:[ebp-14] ; 机器码送EDX
004EAD17 |. 8A5432 FF |mov dl,byte ptr ds:[edx+esi-1] ; 将机器码逐为送DL
004EAD1B |. E8 24A1F1FF |call ePaper.00404E44
004EAD20 |. 8B45 E0 |mov eax,dword ptr ss:[ebp-20]
004EAD23 |. E8 240DF2FF |call ePaper.0040BA4C
004EAD28 |. DB2D E4AD4E00 |fld tbyte ptr ds:[4EADE4] ; 3.1415926535897932800
004EAD2E |. DEC9 |fmulp st(1),st ; 机器码逐位乘以3.1415926535897932800
004EAD30 |. E8 6F82F1FF |call ePaper.00402FA4 ; 将浮点数进位取整送EAX
004EAD35 |. 3345 F0 |xor eax,dword ptr ss:[ebp-10] ; EAX和以前循环的结果进行异或(第一次循环时和机器码异或)
004EAD38 |. 3355 F4 |xor edx,dword ptr ss:[ebp-C] ; EDX和[ebp-C]异或
004EAD3B |. 81F0 70B8EF1B |xor eax,1BEFB870 ; EAX和1BEFB870异或
004EAD41 |. 81F2 00000000 |xor edx,0 ; EDX和0异或
004EAD47 |. 85D2 |test edx,edx
004EAD49 |. 7D 07 |jge short ePaper.004EAD52 ; EDX不小于0就跳
004EAD4B |. F7D8 |neg eax
004EAD4D |. 83D2 00 |adc edx,0
004EAD50 |. F7DA |neg edx
004EAD52 |> 0345 F0 |add eax,dword ptr ss:[ebp-10] ; 异或结果累加到EAX
004EAD55 |. 1355 F4 |adc edx,dword ptr ss:[ebp-C] ; EDX带进位加[ebp-C]
004EAD58 |. 8945 F0 |mov dword ptr ss:[ebp-10],eax ; EAX送[ebp-10],即[ebp-10]为计算结果
004EAD5B |. 8955 F4 |mov dword ptr ss:[ebp-C],edx ; EDX保存在[ebp-c]
004EAD5E |. 46 |inc esi ; ESI加一
004EAD5F |. 4B |dec ebx ; EBX减一
004EAD60 |.^ 75 AF \jnz short ePaper.004EAD11 ; 没完继续
004EAD62 |> FF75 F4 push dword ptr ss:[ebp-C] ; /Arg2
004EAD65 |. FF75 F0 push dword ptr ss:[ebp-10] ; |计算结果入栈
004EAD68 |. 8D45 E8 lea eax,dword ptr ss:[ebp-18] ; |
004EAD6B |. E8 FCF1F1FF call ePaper.00409F6C ; \
004EAD70 |. 8B45 E8 mov eax,dword ptr ss:[ebp-18] ; [ebp-18]送EAX
004EAD73 |. E8 A4A1F1FF call ePaper.00404F1C ; 计算刚才循环结果的长度送EAX
004EAD78 |. 8BD8 mov ebx,eax ; EAX送EBX
004EAD7A |. 8B45 EC mov eax,dword ptr ss:[ebp-14] ; 机器码送EAX
004EAD7D |. E8 9AA1F1FF call ePaper.00404F1C ; 计算机器码长度送EAX
004EAD82 |. 2BD8 sub ebx,eax ; EBX减EAX
004EAD84 |. 43 inc ebx ; EBX加一
004EAD85 |> 8D45 E4 /lea eax,dword ptr ss:[ebp-1C] ; [ebp-1C]地址送EAX
004EAD88 |. 50 |push eax
004EAD89 |. 8B45 EC |mov eax,dword ptr ss:[ebp-14] ; 机器码送EAX
004EAD8C |. E8 8BA1F1FF |call ePaper.00404F1C ; 计算长度送EAX
004EAD91 |. 8BC8 |mov ecx,eax ; EAX送ECX
004EAD93 |. 8BD3 |mov edx,ebx ; EBX送EDX
004EAD95 |. 8B45 E8 |mov eax,dword ptr ss:[ebp-18] ; [ebp-18]送EAX
004EAD98 |. E8 DFA3F1FF |call ePaper.0040517C ; 跟进
004EAD9D |. 4B |dec ebx ; EBX减一
004EAD9E |. 8B45 E4 |mov eax,dword ptr ss:[ebp-1C] ; [ebp-1C]送EAX,也就是刚才取的字符串
004EADA1 |. 8038 30 |cmp byte ptr ds:[eax],30 ; 若该字符串第一位为30(也就是'0')
004EADA4 |.^ 74 DF \je short ePaper.004EAD85 ; 是就跳回去重新取
004EADA6 |. 8B45 E4 mov eax,dword ptr ss:[ebp-1C] ; [ebp-1C]送EAX,也就是最终取得的结果
004EADA9 |. E8 82F2F1FF call ePaper.0040A030 ; 将[ebp-1C]的值转换为16进制送EAX
004EADAE |. 8945 F8 mov dword ptr ss:[ebp-8],eax
004EADB1 |. 8955 FC mov dword ptr ss:[ebp-4],edx
004EADB4 |. 33C0 xor eax,eax
004EADB6 |. 5A pop edx
004EADB7 |. 59 pop ecx
004EADB8 |. 59 pop ecx
004EADB9 |. 64:8910 mov dword ptr fs:[eax],edx
004EADBC |. 68 D6AD4E00 push ePaper.004EADD6
004EADC1 |> 8D45 E0 lea eax,dword ptr ss:[ebp-20]
004EADC4 |. BA 04000000 mov edx,4
004EADC9 |. E8 B29EF1FF call ePaper.00404C80
004EADCE \. C3 retn
004EADCF .^ E9 2897F1FF jmp ePaper.004044FC
004EADD4 .^ EB EB jmp short ePaper.004EADC1
004EADD6 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004EADD9 . 8B55 FC mov edx,dword ptr ss:[ebp-4]
004EADDC . 5E pop esi
004EADDD . 5B pop ebx
004EADDE . 8BE5 mov esp,ebp
004EADE0 . 5D pop ebp
004EADE1 . C2 0800 retn 8
###################################################################################################
跟进004EAD98处CALL处来到:
0040517C /$ 53 push ebx
0040517D |. 85C0 test eax,eax
0040517F |. 74 2D je short ePaper.004051AE ; EAX为0就跳
00405181 |. 8B58 FC mov ebx,dword ptr ds:[eax-4] ; [eax-4]长度送EBX
00405184 |. 85DB test ebx,ebx
00405186 |. 74 26 je short ePaper.004051AE ; 为0就跳
00405188 |. 4A dec edx ; EDX减一
00405189 |. 7C 1B jl short ePaper.004051A6
0040518B |. 39DA cmp edx,ebx
0040518D |. 7D 1F jge short ePaper.004051AE ; EDX大于等于EBX就跳
0040518F |> 29D3 sub ebx,edx ; EBX减EDX
00405191 |. 85C9 test ecx,ecx
00405193 |. 7C 19 jl short ePaper.004051AE
00405195 |. 39D9 cmp ecx,ebx
00405197 |. 7F 11 jg short ePaper.004051AA ; ECX大于EBX就跳
00405199 |> 01C2 add edx,eax ; EDX加EAX,即从第EDX位开始取到最后
0040519B |. 8B4424 08 mov eax,dword ptr ss:[esp+8]
0040519F |. E8 A8FBFFFF call ePaper.00404D4C
004051A4 |. EB 11 jmp short ePaper.004051B7
004051A6 |> 31D2 xor edx,edx
004051A8 |.^ EB E5 jmp short ePaper.0040518F
004051AA |> 89D9 mov ecx,ebx
004051AC |.^ EB EB jmp short ePaper.00405199
004051AE |> 8B4424 08 mov eax,dword ptr ss:[esp+8]
004051B2 |. E8 A5FAFFFF call ePaper.00404C5C
004051B7 |> 5B pop ebx
004051B8 \. C2 0400 retn 4 //返回
004051BB . C3 retn
--------------------------------------------------------------------------------
【破解总结】
机器码:52348574
注册码:10329561
--------------------------------------------------------------------------------
【内存注册机】
中断地址:5AD5D0
中断次数:1
第一字节:E8
指令长度:5
保存方式:内存
中断地址:5AD429
中断次数:1
第一字节:E8
指令长度:5
保存方式:内存
中断地址:4EAC0A
中断次数:1
第一字节:E8
指令长度:5
保存方式:内存
中断地址:4EADA9
中断次数:1
第一字节:E8
指令长度:5
保存方式:内存->寄存器->EAX
--------------------------------------------------------------------------------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!