破解国外软件 3D World Map 2.1
【破解作者】 KYC[DFCG][CZG]
【使用工具】 OD,PEID
【破解平台】 Win2003
【软件名称】 3D World Map 2.1
【软件简介】 With 3D World Map you can view our planet in 3D,and get reference on 269 countries and entities,locate
and compare more than 30000 cities around the world,compute distance between any two points on the globe,and more.
3D World Map(三维世界地图),它可以让你在逼真的地球仪上准确找到世界269个国家和地区,精确显示30000余座城市的位置,
计算地球上任意两点的距离,高山海沟统统一览无疑。该程序具备方便的自定义功能,从颜色到字体都可以由你指定。如果你愿意,
还可以提高海平面,看看地球变暖的后果。同时,它还是一款出色的屏幕保护程序。内建微型MP3播放器可以让你一边欣赏太空俯视地球的美景,
一边聆听动听的音乐。
【下载地址】 http://www.longgame.com/download.htm,或天空.
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】KANXUE老大建议破解国外软件 所以下了个这个东西,碰到这个国外软件觉得还不错,没想到我运气不错
很快就把她攻倒,算我幸运,,没遇到高难的可能是对我鼓励和照顾.嘿嘿...
peid查知道该软件无壳Microsoft Visual C++ 6.0编写,OD载入.SendDlgItemMessageA下关键处:
00405110 /$ 81EC 1C040000 sub esp,41C
00405116 |. 53 push ebx
00405117 |. 55 push ebp
00405118 |. 56 push esi
00405119 |. 57 push edi
0040511A |. 8B9C24 30040000 mov ebx,dword ptr ss:[esp+430]
00405121 |. B9 41000000 mov ecx,41
00405126 |. 33C0 xor eax,eax
00405128 |. 8D7C24 1C lea edi,dword ptr ss:[esp+1C]
0040512C |. 8B35 4C634900 mov esi,dword ptr ds:[<&USER32.SendDlgItemMessag>; USER32.SendDlgItemMessageA
00405132 |. F3:AB rep stos dword ptr es:[edi]
00405134 |. 8D4424 1C lea eax,dword ptr ss:[esp+1C]
00405138 |. 66:C74424 1C 0401 mov word ptr ss:[esp+1C],104
0040513F |. 50 push eax ; /lParam
00405140 |. 6A 00 push 0 ; |wParam = 0
00405142 |. 68 C4000000 push 0C4 ; |Message = EM_GETLINE
00405147 |. 68 21040000 push 421 ; |ControlID = 421 (1057.)
0040514C |. 53 push ebx ; |hWnd
0040514D |. FFD6 call esi ; \SendDlgItemMessageA
0040514F |. 33ED xor ebp,ebp ; 用户名长度
00405151 |. 55 push ebp ; /lParam => 0
00405152 |. 55 push ebp ; |wParam => 0
00405153 |. 68 BA000000 push 0BA ; |Message = EM_GETLINECOUNT
00405158 |. 68 FC030000 push 3FC ; |ControlID = 3FC (1020.)
0040515D |. 53 push ebx ; |hWnd
0040515E |. FFD6 call esi ; \SendDlgItemMessageA
00405160 |. 33F6 xor esi,esi
00405162 |. 894424 18 mov dword ptr ss:[esp+18],eax
00405166 |. 85C0 test eax,eax
00405168 |. 7E 51 jle short 3D_World.004051BB
0040516A |> B9 08020000 /mov ecx,208
0040516F |. 2BCD |sub ecx,ebp
00405171 |. 894C24 10 |mov dword ptr ss:[esp+10],ecx
00405175 |. 78 44 |js short 3D_World.004051BB
00405177 |. 8D942C 20010000 |lea edx,dword ptr ss:[esp+ebp+120]
0040517E |. 8BD9 |mov ebx,ecx
00405180 |. 33C0 |xor eax,eax
00405182 |. 8BFA |mov edi,edx
00405184 |. C1E9 02 |shr ecx,2
00405187 |. F3:AB |rep stos dword ptr es:[edi]
00405189 |. 8BCB |mov ecx,ebx
0040518B |. 52 |push edx ; /lParam
0040518C |. 83E1 03 |and ecx,3 ; |
0040518F |. 56 |push esi ; |wParam
00405190 |. F3:AA |rep stos byte ptr es:[edi] ; |
00405192 |. 66:8BCB |mov cx,bx ; |
00405195 |. 8B9C24 38040000 |mov ebx,dword ptr ss:[esp+438] ; |
0040519C |. 68 C4000000 |push 0C4 ; |Message = EM_GETLINE
004051A1 |. 68 FC030000 |push 3FC ; |ControlID = 3FC (1020.)
004051A6 |. 53 |push ebx ; |hWnd
004051A7 |. 66:890A |mov word ptr ds:[edx],cx ; |
004051AA |. FF15 4C634900 |call dword ptr ds:[<&USER32.SendDlgItemMessageA>; \SendDlgItemMessageA
004051B0 |. 03E8 |add ebp,eax ; 假码长度
004051B2 |. 8B4424 18 |mov eax,dword ptr ss:[esp+18]
004051B6 |. 46 |inc esi
004051B7 |. 3BF0 |cmp esi,eax
004051B9 |.^ 7C AF \jl short 3D_World.0040516A
004051BB 68 B80B0000 push 0BB8
004051C0 |. C6842C 24010000 0>mov byte ptr ss:[esp+ebp+124],0 ; |
004051C8 FF15 F0614900 call dword ptr ds:[<&KERNEL32.Sleep>] ; \Sleep
004051CE |. 8DBC24 20010000 lea edi,dword ptr ss:[esp+120] ; 假码
004051D5 |. 83C9 FF or ecx,FFFFFFFF
004051D8 |. 33C0 xor eax,eax
004051DA |. 33ED xor ebp,ebp
004051DC |. F2:AE repne scas byte ptr es:[edi]
004051DE |. F7D1 not ecx
004051E0 |. 49 dec ecx
004051E1 |. 81F9 80000000 cmp ecx,80 ; 假码长度不能小于80
004051E7 |. 0F8C 4A010000 jl 3D_World.00405337
004051ED |. 81F9 07010000 cmp ecx,107
004051F3 |. 0F8F 3E010000 jg 3D_World.00405337 ; 假码长度不能大于107
004051F9 |. 33F6 xor esi,esi
004051FB |. 85C9 test ecx,ecx
004051FD |. 7E 10 jle short 3D_World.0040520F
004051FF |> 8A9434 20010000 /mov dl,byte ptr ss:[esp+esi+120]
00405206 |. 46 |inc esi
00405207 |. 3BF1 |cmp esi,ecx
00405209 |. 885424 17 |mov byte ptr ss:[esp+17],dl
0040520D |.^ 7C F0 \jl short 3D_World.004051FF
0040520F |> 8D8424 20010000 lea eax,dword ptr ss:[esp+120]
00405216 |. 50 push eax
00405217 |. E8 B4A40100 call 3D_World.0041F6D0 ; 关键算法 跟进
////////////////////////////////////////////////////////////////////////////////////////
0041F6D0 /$ 81EC 04020000 sub esp,204
0041F6D6 |. 53 push ebx
0041F6D7 |. 8B9C24 0C020000 mov ebx,dword ptr ss:[esp+20C] ; 假码
0041F6DE |. 55 push ebp
0041F6DF |. 56 push esi
0041F6E0 |. 57 push edi
0041F6E1 |. 8BFB mov edi,ebx
0041F6E3 |. 83C9 FF or ecx,FFFFFFFF
0041F6E6 |. 33C0 xor eax,eax
0041F6E8 |. F2:AE repne scas byte ptr es:[edi]
0041F6EA |. F7D1 not ecx
0041F6EC |. 49 dec ecx ; 假码长度
0041F6ED |. BE 00000000 mov esi,0
0041F6F2 |. 8BE9 mov ebp,ecx
0041F6F4 |. 8D45 01 lea eax,dword ptr ss:[ebp+1]
0041F6F7 |. 894424 10 mov dword ptr ss:[esp+10],eax
0041F6FB |. 74 33 je short 3D_World.0041F730
0041F6FD |. 8BFB mov edi,ebx
0041F6FF |> 8A07 /mov al,byte ptr ds:[edi] ; 看假码是不是数字
0041F701 |. 3C 30 |cmp al,30
0041F703 |. 7C 04 |jl short 3D_World.0041F709
0041F705 |. 3C 39 |cmp al,39
0041F707 |. 7E 21 |jle short 3D_World.0041F72A
0041F709 |> 3C 61 |cmp al,61
0041F70B |. 7C 04 |jl short 3D_World.0041F711
0041F70D |. 3C 66 |cmp al,66
0041F70F |. 7E 19 |jle short 3D_World.0041F72A
0041F711 |> 8B4C24 10 |mov ecx,dword ptr ss:[esp+10]
0041F715 |. 8D541E 01 |lea edx,dword ptr ds:[esi+ebx+1]
0041F719 |. 2BCE |sub ecx,esi
0041F71B |. 49 |dec ecx
0041F71C |. 51 |push ecx
0041F71D |. 52 |push edx
0041F71E |. 57 |push edi
0041F71F |. E8 5C2E0400 |call 3D_World.00462580
0041F724 |. 83C4 0C |add esp,0C
0041F727 |. 4D |dec ebp
0041F728 |. 4E |dec esi
0041F729 |. 4F |dec edi
0041F72A |> 46 |inc esi
0041F72B |. 47 |inc edi
0041F72C |. 3BF5 |cmp esi,ebp
0041F72E |.^ 72 CF \jb short 3D_World.0041F6FF
0041F730 |> 8BFB mov edi,ebx
0041F732 |. 83C9 FF or ecx,FFFFFFFF
0041F735 |. 33C0 xor eax,eax
0041F737 |. F2:AE repne scas byte ptr es:[edi]
0041F739 |. F7D1 not ecx
0041F73B |. 49 dec ecx ; 假码长度
0041F73C |. 81F9 00020000 cmp ecx,200
0041F742 |. 72 05 jb short 3D_World.0041F749
0041F744 |. B9 FF010000 mov ecx,1FF
0041F749 |> C1E9 05 shr ecx,5 ; 假码长度右移5次就是除以20
0041F74C |. 8BC1 mov eax,ecx ; EAX=LEN(CODE)/0X20
0041F74E |. BD 00000000 mov ebp,0 ; EBP=0
0041F753 |. 894424 10 mov dword ptr ss:[esp+10],eax ; 结果存入[ESP+10]
0041F757 |. 74 3F je short 3D_World.0041F798
0041F759 |. 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
0041F75D |. 8BD3 mov edx,ebx
0041F75F |> 8BF2 /mov esi,edx
0041F761 |. 8BC1 |mov eax,ecx
0041F763 |. 2BF1 |sub esi,ecx
0041F765 |. BF 20000000 |mov edi,20 ; EDI=20
0041F76A |> 8A1C06 |/mov bl,byte ptr ds:[esi+eax]
0041F76D |. 8818 ||mov byte ptr ds:[eax],bl
0041F76F |. 40 ||inc eax
0041F770 |. 4F ||dec edi
0041F771 |.^ 75 F7 |\jnz short 3D_World.0041F76A
0041F773 |. 8B4424 10 |mov eax,dword ptr ss:[esp+10]
0041F777 |. C641 20 20 |mov byte ptr ds:[ecx+20],20
0041F77B |. 8D70 FF |lea esi,dword ptr ds:[eax-1]
0041F77E |. 3BEE |cmp ebp,esi
0041F780 |. 75 04 |jnz short 3D_World.0041F786
0041F782 |. C641 20 00 |mov byte ptr ds:[ecx+20],0
0041F786 |> 45 |inc ebp ; EBP++
0041F787 |. 83C2 20 |add edx,20
0041F78A |. 83C1 21 |add ecx,21
0041F78D |. 3BE8 |cmp ebp,eax
0041F78F |.^ 72 CE \jb short 3D_World.0041F75F
0041F791 |. 8B9C24 18020000 mov ebx,dword ptr ss:[esp+218]
0041F798 |> 8BC8 mov ecx,eax
0041F79A |. 8D7424 14 lea esi,dword ptr ss:[esp+14]
0041F79E |. C1E1 05 shl ecx,5
0041F7A1 |. 03C8 add ecx,eax
0041F7A3 |. 8BFB mov edi,ebx
0041F7A5 |. 8BC1 mov eax,ecx
0041F7A7 |. C1E9 02 shr ecx,2
0041F7AA |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[esi]
0041F7AC |. 8BC8 mov ecx,eax
0041F7AE |. 83E1 03 and ecx,3
0041F7B1 |. F3:A4 rep movs byte ptr es:[edi],byte ptr ds:[esi]
0041F7B3 |. 5F pop edi
0041F7B4 |. 5E pop esi
0041F7B5 |. 5D pop ebp
0041F7B6 |. 5B pop ebx
0041F7B7 |. 81C4 04020000 add esp,204
0041F7BD \. C3 retn
////////////////////////////////////////////////////////////////////////////////////////////
0040521C |. 8DBC24 24010000 lea edi,dword ptr ss:[esp+124]
00405223 |. 83C9 FF or ecx,FFFFFFFF
00405226 |. 33C0 xor eax,eax
00405228 |. 83C4 04 add esp,4
0040522B |. F2:AE repne scas byte ptr es:[edi]
0040522D |. F7D1 not ecx
0040522F |. 49 dec ecx
00405230 |. 81F9 83000000 cmp ecx,83 //注册码长度必须等于0X83
00405236 |. 74 1C je short 3D_World.00405254
00405238 |. 81F9 A4000000 cmp ecx,0A4 //注册码长度必须等于0XA4
0040523E |. 74 14 je short 3D_World.00405254
00405240 |. 81F9 C5000000 cmp ecx,0C5 //注册码长度必须等于0XC5
00405246 |. 74 0C je short 3D_World.00405254
00405248 |. 81F9 E6000000 cmp ecx,0E6 //注册码长度必须等于0XE6
0040524E |. 0F85 E3000000 jnz 3D_World.00405337
00405254 |> 68 04074A00 push 3D_World.004A0704 ; ASCII "3D World Map"
00405259 |. 68 4C074A00 push 3D_World.004A074C ; ASCII "Software\Longgame"
0040525E |. 8D8C24 30030000 lea ecx,dword ptr ss:[esp+330]
00405265 |. 68 D8074A00 push 3D_World.004A07D8 ; ASCII "%s\%s"
0040526A |. 51 push ecx
0040526B |. BD A0860100 mov ebp,186A0
00405270 |. C74424 20 0000000>mov dword ptr ss:[esp+20],0
00405278 |. E8 47C90500 call 3D_World.00461BC4
0040527D |. 83C4 10 add esp,10
00405280 |. 8D5424 10 lea edx,dword ptr ss:[esp+10] 如果正确保存到注册表中
00405284 |. 8D8424 28030000 lea eax,dword ptr ss:[esp+328]
0040528B |. 52 push edx ; /pHandle
0040528C |. 68 3F000F00 push 0F003F ; |Access = KEY_ALL_ACCESS
00405291 |. 6A 00 push 0 ; |Reserved = 0
00405293 |. 50 push eax ; |Subkey
00405294 |. 68 01000080 push 80000001 ; |hKey = HKEY_CURRENT_USER
00405299 |. FF15 14604900 call dword ptr ds:[<&ADVAPI32.RegOpenKeyExA>] ; \RegOpenKeyExA
0040529F |. 85C0 test eax,eax
004052A1 |. 0F85 9D000000 jnz 3D_World.00405344
004052A7 |. 8D7C24 1C lea edi,dword ptr ss:[esp+1C]
004052AB |. 83C9 FF or ecx,FFFFFFFF
004052AE |. F2:AE repne scas byte ptr es:[edi]
004052B0 |. F7D1 not ecx
004052B2 |. 8B5424 10 mov edx,dword ptr ss:[esp+10]
004052B6 |. 49 dec ecx
004052B7 |. 8B35 04604900 mov esi,dword ptr ds:[<&ADVAPI32.RegSetValueExA>>; ADVAPI32.RegSetValueExA
004052BD |. 51 push ecx ; /BufSize
004052BE |. 8D4C24 20 lea ecx,dword ptr ss:[esp+20] ; |
004052C2 |. 51 push ecx ; |Buffer
004052C3 |. 6A 03 push 3 ; |ValueType = REG_BINARY
004052C5 |. 50 push eax ; |Reserved
004052C6 |. 68 0C094A00 push 3D_World.004A090C ; |ValueName = "regname"
004052CB |. 52 push edx ; |hKey
004052CC |. FFD6 call esi ; \RegSetValueExA
004052CE |. 8DBC24 20010000 lea edi,dword ptr ss:[esp+120]
004052D5 |. 83C9 FF or ecx,FFFFFFFF
004052D8 |. 33C0 xor eax,eax
004052DA |. F2:AE repne scas byte ptr es:[edi]
004052DC |. F7D1 not ecx
004052DE |. 49 dec ecx
004052DF |. 8D8424 20010000 lea eax,dword ptr ss:[esp+120]
004052E6 |. 51 push ecx ; /BufSize
004052E7 |. 8B4C24 14 mov ecx,dword ptr ss:[esp+14] ; |
004052EB |. 50 push eax ; |Buffer
004052EC |. 6A 03 push 3 ; |ValueType = REG_BINARY
004052EE |. 6A 00 push 0 ; |Reserved = 0
004052F0 |. 68 00094A00 push 3D_World.004A0900 ; |ValueName = "regserial"
004052F5 |. 51 push ecx ; |hKey
004052F6 |. FFD6 call esi ; \RegSetValueExA
004052F8 |. 8B5424 10 mov edx,dword ptr ss:[esp+10]
004052FC |. 52 push edx ; /hKey
004052FD |. FF15 0C604900 call dword ptr ds:[<&ADVAPI32.RegCloseKey>] ; \RegCloseKey
00405303 |. 6A 00 push 0
00405305 |. 68 04074A00 push 3D_World.004A0704 ; ASCII "3D World Map"
0040530A |. 68 640B4A00 push 3D_World.004A0B64 ; ASCII "Congratulations! registered successfully"
0040530F |> 53 push ebx ; |hOwner
00405310 |. FF15 1C634900 call dword ptr ds:[<&USER32.MessageBoxA>] ; \MessageBoxA
00405316 |. 6A 01 push 1 ; /Result = 1
00405318 |. 53 push ebx ; |hWnd
00405319 |. FF15 48634900 call dword ptr ds:[<&USER32.EndDialog>] ; \EndDialog
0040531F |. 8D8424 20010000 lea eax,dword ptr ss:[esp+120]
////////////////////////////////////////////////////////////////////////////////////////////
注册保护非常简单,和用户名无关。只要是注册码长度等于0X83,0XA4,0XC5,0XE6 就可以。
注册机算法:
不会编程,当作学习了。
void CMyDlg::OnButton1()
{
// TODO: Add your control notification handler code here
UpdateData(true);
char zhucema[255]={0};
m_zcm.Empty();
int k=0,tmp;
srand((unsigned)time(NULL));
tmp= rand()%4;
switch(tmp)
{
case 0:
for(k=0;k<0x83;k++)
{
srand((unsigned)time(NULL));
zhucema[k]= rand()%10+0x30;
}
break;
case 1:
for(k=0;k<0xA4;k++)
{
srand((unsigned)time(NULL));
zhucema[k]= rand()%10+0x30;
}
break;
case 2:
for(k=0;k<0x0C5;k++)
{
srand((unsigned)time(NULL));
zhucema[k]= rand()%10+0x30;
}
break;
default :
for(k=0;k<0x0E6;k++)
{
srand((unsigned)time(NULL));
zhucema[k]= rand()%10+0x30;
}
break;
}
m_zcm=zhucema;
UpdateData(false);
}
…………………………………………………………………………………………………………………………………………………………
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)