标 题:在这里感谢henrwy,Edea[BCG]两位大哥的帮忙!使我在休息日又破了一叫ssbuilder的软件! (9千字)
发信人:linestyle
时 间:2002-4-14 19:32:22
详细信息:
不知道是不是外国的,是国内的我也没有办法,那我是被华军骗了!
下载地址在: ftp://http://www.newhua.com/ssbuilder.exe
引用页在: http://tj.onlinedown.net/ScreenSaver.htm
这个软件有UPX1.1壳吧!我没有脱壳软件,也不会手动脱壳(正在努力学呢!)就用TRW2000直接来了!
今天闲着没有意思找到一个比较简单的软件破解!我的功力有限,正在努力写注册机!
如果有那位大哥愿意用C(windows或dos的)语言写一个注册机供大家学习,我和一些初学者讲万分感谢!
姓名是:zhaodaye
我的注册码是:010427EB27123456781C051B2C
:0041BA5D
8D4C2440 lea ecx, dword
ptr [esp+40]
:0041BA61 E8FA35FFFF
call 0040F060
;此处为关键CALL
:0041BA66 663BC3
cmp ax, bx
;由此可以
:0041BA69 0F8C8C010000
jl 0041BBFB
;看出
:0041BA6F 663D0200
cmp ax, 0002
;注册码的
:0041BA73 0F8F82010000
jg 0041BBFB
;头两位可以为01
:0041BA79 51
push ecx
:0041BA7A
8D542414 lea edx, dword
ptr [esp+14]
:0041BA7E 8BCC
mov ecx, esp
:0041BA80 8964241C
mov dword ptr [esp+1C], esp
:0041BA84
52
push edx
〉〉〉〉〉〉〉〉〉〉〉由此进入关键CALL〈〈〈〈〈〈〈〈〈〈〈〈〈〈〈
:0040F060 8B44240C
mov eax, dword ptr [esp+0C]
:0040F064 8B542408
mov edx, dword ptr [esp+08]
:0040F068
50
push eax
:0040F069 8B442408
mov eax, dword ptr [esp+08]
:0040F06D 52
push edx
:0040F06E 50
push eax
:0040F06F E80C000000 call
0040F080 ;必然要进入这里了!
:0040F074 C20C00
ret 000C
〉〉〉〉〉〉〉〉〉〉〉此处为CALL 0040F080〈〈〈〈〈〈〈〈〈〈〈〈〈
:0040F080
83EC24 sub esp,
00000024
:0040F083 33C0
xor eax, eax
:0040F085 53
push ebx
:0040F086 8B5C2430
mov ebx, dword ptr [esp+30]
:0040F08A 55
push ebp
:0040F08B 56
push esi
:0040F08C 8BE9
mov ebp, ecx
:0040F08E 57
push edi
:0040F08F 8BFB
mov edi, ebx
:0040F091 83C9FF
or ecx, FFFFFFFF
:0040F094 F2
repnz
:0040F095 AE
scasb
:0040F096 F7D1
not ecx
:0040F098 49
dec ecx
:0040F099 83F91A
cmp ecx, 0000001A
;此处判断注册码个数!
:0040F09C 740E
je 0040F0AC
;个数必为1A个!
:0040F09E 5F
pop edi
〉〉〉〉〉〉〉〉〉〉〉跳到 0040F0AC后开始进入注册码计算处〈〈〈〈〈〈〈〈〈
:0040F0AC 6A02
push 00000002
:0040F0AE 53
push ebx
:0040F0AF 8BCD
mov ecx, ebp
:0040F0B1 E8FA020000
call 0040F3B0
:0040F0B6 663D5A00
cmp ax, 005A
:0040F0BA 89442410
mov dword ptr [esp+10], eax
:0040F0BE 7E17
jle 0040F0D7
;此处跳转到0040F0D7
:0040F0C0 8B442440
mov eax, dword ptr [esp+40]
:0040F0C4 8BCD
mov ecx, ebp
:0040F0C6 50
push eax
:0040F0C7 53
push ebx
:0040F0C8 E843010000
call 0040F210
:0040F0CD 5F
pop edi
:0040F0CE 5E
pop esi
:0040F0CF 5D
pop ebp
:0040F0D0 5B
pop ebx
:0040F0D1 83C424
add esp, 00000024
:0040F0D4 C20C00
ret 000C
〉〉〉〉〉〉〉〉〉〉〉〉〉跳到0040F0D7后〈〈〈〈〈〈〈〈〈〈〈〈〈
:0040F0D7 8B7504
mov esi, dword ptr [ebp+04]
:0040F0DA 8D5302
lea edx, dword ptr [ebx+02]
:0040F0DD
0FBFC8 movsx ecx,
ax
:0040F0E0 0FAFF1
imul esi, ecx
:0040F0E3 6A08
push 00000008
:0040F0E5 52
push edx
:0040F0E6
8BCD mov
ecx, ebp
:0040F0E8 89742444
mov dword ptr [esp+44], esi
:0040F0EC E8BF020000
call 0040F3B0
:0040F0F1 8BF8
mov edi, eax
:0040F0F3 8B442438
mov eax, dword ptr [esp+38]
:0040F0F7 56
push esi
:0040F0F8 50
push eax
:0040F0F9 8BCD
mov ecx, ebp
:0040F0FB E870020000
call 0040F370
:0040F100 3BF8
cmp edi, eax
;此处比较第三位后的8个数字
:0040F102
740E je 0040F112
;相同后跳转到下面。
:0040F104 5F
pop edi
:0040F105 5E
pop esi
:0040F106 5D
pop ebp
:0040F107 66B8FEFF
mov ax, FFFE
:0040F10B 5B
pop ebx
:0040F10C 83C424
add esp, 00000024
:0040F10F C20C00
ret 000C
〉〉〉〉〉〉〉〉〉〉此处判断倒数的第八位-----倒数的第四位〈〈〈〈〈〈〈〈
:0040F112 8B742440
mov esi, dword ptr [esp+40]
:0040F116 85F6
test esi, esi
:0040F118 7410
je 0040F12A
:0040F11A
8D4B0A lea ecx,
dword ptr [ebx+0A]
:0040F11D 6A04
push 00000004
:0040F11F 51
push ecx
:0040F120
8BCD mov
ecx, ebp
:0040F122 E889020000
call 0040F3B0
:0040F127 668906
mov word ptr [esi], ax
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0040F118(C)
|
:0040F12A 8D5312
lea edx, dword ptr [ebx+12]
:0040F12D 6A04
push 00000004
:0040F12F 52
push edx
:0040F130 8BCD
mov ecx, ebp
:0040F132 E879020000
call 0040F3B0
:0040F137 89442440
mov dword ptr [esp+40], eax
:0040F13B 8BFB
mov edi, ebx
:0040F13D 83C9FF
or ecx, FFFFFFFF
:0040F140 33C0
xor eax, eax
:0040F142 F2
repnz
:0040F143 AE
scasb
:0040F144 F7D1
not ecx
:0040F146 2BF9
sub edi, ecx
:0040F148 8D542414
lea edx, dword ptr [esp+14]
:0040F14C 8BC1
mov eax, ecx
:0040F14E 8BF7
mov esi, edi
:0040F150 8BFA
mov edi, edx
:0040F152 33D2
xor edx, edx
:0040F154 C1E902
shr ecx, 02
:0040F157 F3
repz
:0040F158 A5
movsd
:0040F159 8BC8
mov ecx, eax
:0040F15B 8B44243C mov
eax, dword ptr [esp+3C]
:0040F15F F7750C
div [ebp+0C]
:0040F162 83E103
and ecx, 00000003
:0040F165 F3
repz
:0040F166 A4
movsb
:0040F167 8D4C2414
lea ecx, dword ptr [esp+14]
:0040F16B C644242600
mov [esp+26], 00
:0040F170 52
push edx
:0040F171
51
push ecx
:0040F172 8BCD
mov ecx, ebp
:0040F174 E8F7010000
call 0040F370
:0040F179 8B4C2440
mov ecx, dword ptr [esp+40]
:0040F17D
25FFFF0000 and eax, 0000FFFF
:0040F182 3BC1
cmp eax, ecx ;这里为判断处!
:0040F184 740E
je 0040F194
;如果这四位相同跳。
:0040F186 5F
pop edi
:0040F187 5E
pop esi
〉〉〉〉〉〉〉〉〉〉〉〉〉〉最后的四位的判断〈〈〈〈〈〈〈〈〈〈〈
:0040F194 8D5316
lea edx, dword ptr [ebx+16]
:0040F197 6A04
push 00000004
:0040F199 52
push edx
:0040F19A 8BCD
mov ecx, ebp
:0040F19C E80F020000
call 0040F3B0
:0040F1A1 89442440
mov dword ptr [esp+40], eax
:0040F1A5 8BFB
mov edi, ebx
:0040F1A7 83C9FF
or ecx, FFFFFFFF
:0040F1AA 33C0
xor eax, eax
:0040F1AC F2
repnz
:0040F1AD AE
scasb
:0040F1AE F7D1
not ecx
:0040F1B0 2BF9
sub edi, ecx
:0040F1B2 8D542414
lea edx, dword ptr [esp+14]
:0040F1B6 8BC1
mov eax, ecx
:0040F1B8 8BF7
mov esi, edi
:0040F1BA 8BFA
mov edi, edx
:0040F1BC 33D2
xor edx, edx
:0040F1BE C1E902
shr ecx, 02
:0040F1C1 F3
repz
:0040F1C2 A5
movsd
:0040F1C3 8BC8
mov ecx, eax
:0040F1C5 8B44243C mov
eax, dword ptr [esp+3C]
:0040F1C9 F77510
div [ebp+10]
:0040F1CC 83E103
and ecx, 00000003
:0040F1CF F3
repz
:0040F1D0 A4
movsb
:0040F1D1 8D4C2414
lea ecx, dword ptr [esp+14]
:0040F1D5 C644242A00
mov [esp+2A], 00
:0040F1DA 52
push edx
:0040F1DB
51
push ecx
:0040F1DC 8BCD
mov ecx, ebp
:0040F1DE E88D010000
call 0040F370
:0040F1E3 8B4C2440
mov ecx, dword ptr [esp+40]
:0040F1E7
25FFFF0000 and eax, 0000FFFF
:0040F1EC 3BC1
cmp eax, ecx ;最后的四位的判断!
:0040F1EE 66B8FBFF
mov ax, FFFB
:0040F1F2 7505
jne 0040F1F9
:0040F1F4 668B442410
mov ax, word ptr [esp+10]
* Referenced by
a (U)nconditional or (C)onditional Jump at Address:
|:0040F1F2(C)
|
:0040F1F9 5F
pop edi
:0040F1FA 5E
pop esi
:0040F1FB 5D
pop ebp
:0040F1FC
5B
pop ebx
:0040F1FD 83C424
add esp, 00000024
:0040F200 C20C00
ret 000C