如果需要原安装程序请自行搜索,这里提供上传到skydriver破解免安装版程序。猛击此处下载~ :)【请不要使用迅雷等下载工具下载~】
直接用dede找到关键起始位置:4ccbb4.
软件注册关键代码:
004CCBC3 |. 68 98CC4C00 push 004CCC98
004CCBC8 |. 64:FF30 push dword ptr fs:[eax]
004CCBCB |. 64:8920 mov dword ptr fs:[eax], esp
004CCBCE |. 8D55 F8 lea edx, dword ptr [ebp-8]
004CCBD1 |. 8B83 A4030000 mov eax, dword ptr [ebx+3A4]
004CCBD7 |. E8 E031F7FF call 0043FDBC ; 取错误注册码
004CCBDC |. 8B45 F8 mov eax, dword ptr [ebp-8]
004CCBDF |. 50 push eax
004CCBE0 |. 8D55 F4 lea edx, dword ptr [ebp-C]
004CCBE3 |. 8B83 BC030000 mov eax, dword ptr [ebx+3BC]
004CCBE9 |. E8 CE31F7FF call 0043FDBC
004CCBEE |. 8B45 F4 mov eax, dword ptr [ebp-C]
004CCBF1 |. 50 push eax
004CCBF2 |. 8D55 F0 lea edx, dword ptr [ebp-10]
004CCBF5 |. 8B83 9C030000 mov eax, dword ptr [ebx+39C]
004CCBFB |. E8 BC31F7FF call 0043FDBC ; 取用户名
004CCC00 |. 8B55 F0 mov edx, dword ptr [ebp-10]
004CCC03 |. 8B83 B8030000 mov eax, dword ptr [ebx+3B8]
004CCC09 |. 59 pop ecx
004CCC0A |. E8 E9C5FEFF call 004B91F8 ; 关键call
004CCC0F |. 84C0 test al, al
004CCC11 |. 75 2C jnz short 004CCC3F ; 关键跳,要想爆破直接修改关键call返回值即可,或者修改为jz
004CCC13 |. 8D45 FC lea eax, dword ptr [ebp-4]
004CCC16 |. BA ACCC4C00 mov edx, 004CCCAC
跟入关键call后部分代码:
004B925F |> \8D55 F4 lea edx, dword ptr [ebp-C]
004B9262 |. 8B45 08 mov eax, dword ptr [ebp+8]
004B9265 |. E8 66F9F4FF call 00408BD0
004B926A |. 8B55 F4 mov edx, dword ptr [ebp-C]
004B926D |. 8D45 08 lea eax, dword ptr [ebp+8]
004B9270 |. E8 CBB5F4FF call 00404840
004B9275 |. 8D4D F0 lea ecx, dword ptr [ebp-10]
004B9278 |. 8B55 FC mov edx, dword ptr [ebp-4]
004B927B |. 8BC3 mov eax, ebx
004B927D |. E8 BAFBFFFF call 004B8E3C ; 计算正确注册码
004B9282 |. 8B45 F0 mov eax, dword ptr [ebp-10] ; 将注册码保存到Eax
004B9285 |. 8B55 08 mov edx, dword ptr [ebp+8]
004B9288 |. E8 BBF9F4FF call 00408C48
004B928D |. 85C0 test eax, eax
004B928F |. 74 04 je short 004B9295
此时Eax值:
0012F850 00DC1C70 ASCII “02B77CA6F3”
几组注册码:
用户名:obaby
注册码:02B77CA6F3
用户名:www.h4ck.org.cn
注册码:048725167C