-
-
注册码验证的问题??
-
发表于: 2005-11-27 19:01 3317
-
00512F42 64:FF30 push dword ptr fs:[eax]
00512F45 64:8920 mov dword ptr fs:[eax],esp
00512F48 803D B0DB5500 0>cmp byte ptr ds:[55DBB0],0
00512F4F 0F85 5E020000 jnz 4_.005131B3
00512F55 8D95 24FEFFFF lea edx,dword ptr ss:[ebp-1DC]
00512F5B 8B45 FC mov eax,dword ptr ss:[ebp-4]
00512F5E 8B80 F0020000 mov eax,dword ptr ds:[eax+2F0]
00512F64 E8 0BFAF3FF call 4_.00452974
00512F69 8B85 24FEFFFF mov eax,dword ptr ss:[ebp-1DC]
00512F6F E8 0C20EFFF call 4_.00404F80
00512F74 83F8 06 cmp eax,6
00512F77 7D 1C jge short 4_.00512F95
00512F79 8B45 FC mov eax,dword ptr ss:[ebp-4]
00512F7C E8 5F63F4FF call 4_.004592E0
00512F81 BA 24325100 mov edx,4_.00513224 ; 第一下注册码不对,
00512F86 B9 30000000 mov ecx,30
00512F8B E8 E052FEFF call 4_.004F8270
00512F90 E9 1E020000 jmp 4_.005131B3
00512F95 B2 01 mov dl,1
00512F97 A1 B4814F00 mov eax,dword ptr ds:[4F81B4]
00512F9C E8 BB56FEFF call 4_.004F865C
00512FA1 8945 F8 mov dword ptr ss:[ebp-8],eax
00512FA4 8D45 F4 lea eax,dword ptr ss:[ebp-C]
00512FA7 50 push eax
00512FA8 8B45 FC mov eax,dword ptr ss:[ebp-4]
00512FAB 8B80 10030000 mov eax,dword ptr ds:[eax+310]
00512FB1 8B10 mov edx,dword ptr ds:[eax]
00512FB3 FF92 C8000000 call dword ptr ds:[edx+C8]
00512FB9 50 push eax
00512FBA 8D95 20FEFFFF lea edx,dword ptr ss:[ebp-1E0]
00512FC0 8B45 FC mov eax,dword ptr ss:[ebp-4]
00512FC3 8B80 F0020000 mov eax,dword ptr ds:[eax+2F0]
00512FC9 E8 A6F9F3FF call 4_.00452974
00512FCE 8B95 20FEFFFF mov edx,dword ptr ss:[ebp-1E0]
00512FD4 8B45 F8 mov eax,dword ptr ss:[ebp-8]
00512FD7 59 pop ecx
00512FD8 E8 4F63FEFF call 4_.004F932C
00512FDD 66:BB 3828 mov bx,2838
00512FE1 8D95 18FEFFFF lea edx,dword ptr ss:[ebp-1E8]
00512FE7 8B45 FC mov eax,dword ptr ss:[ebp-4]
00512FEA 8B80 F4020000 mov eax,dword ptr ds:[eax+2F4]
00512FF0 E8 7FF9F3FF call 4_.00452974
00512FF5 8B85 18FEFFFF mov eax,dword ptr ss:[ebp-1E8]
00512FFB 8D95 1CFEFFFF lea edx,dword ptr ss:[ebp-1E4]
00513001 E8 F265EFFF call 4_.004095F8
00513006 8B95 1CFEFFFF mov edx,dword ptr ss:[ebp-1E4]
0051300C 8B45 F8 mov eax,dword ptr ss:[ebp-8]
0051300F E8 4057FEFF call 4_.004F8754
00513014 84C0 test al,al
00513016 0F84 76010000 je 4_.00513192
//改成jnz 让它跳
0051301C 8D95 10FEFFFF lea edx,dword ptr ss:[ebp-1F0]
00513022 8B45 FC mov eax,dword ptr ss:[ebp-4]
00513025 8B80 F4020000 mov eax,dword ptr ds:[eax+2F4]
0051302B E8 44F9F3FF call 4_.00452974
00513030 8B85 10FEFFFF mov eax,dword ptr ss:[ebp-1F0]
00513036 8D95 14FEFFFF lea edx,dword ptr ss:[ebp-1EC]
0051303C E8 B765EFFF call 4_.004095F8
00513041 8B85 14FEFFFF mov eax,dword ptr ss:[ebp-1EC]
00513047 8B55 F4 mov edx,dword ptr ss:[ebp-C]
0051304A E8 7520EFFF call 4_.004050C4
0051304F 0F85 3D010000 jnz 4_.00513192 //改成je 让它跳
00513055 0FB7C3 movzx eax,bx
00513058 8985 0CFEFFFF mov dword ptr ss:[ebp-1F4],eax
0051305E DB85 0CFEFFFF fild dword ptr ss:[ebp-1F4]
00513064 DB2D 34325100 fld tbyte ptr ds:[513234]
0051306A DED9 fcompp
0051306C DFE0 fstsw ax
0051306E 9E sahf
0051306F 0F85 1D010000 jnz 4_.00513192 //改成je 让它跳
00513075 33C0 xor eax,eax
00513077 55 push ebp
00513078 68 2F315100 push 4_.0051312F
0051307D 64:FF30 push dword ptr fs:[eax]
00513080 64:8920 mov dword ptr fs:[eax],esp
00513083 33C0 xor eax,eax
00513085 55 push ebp
00513086 68 07315100 push 4_.00513107
0051308B 64:FF30 push dword ptr fs:[eax]
0051308E 64:8920 mov dword ptr fs:[eax],esp
00513091 8D95 04FEFFFF lea edx,dword ptr ss:[ebp-1FC]
00513097 A1 30F35500 mov eax,dword ptr ds:[55F330]
0051309C 8B00 mov eax,dword ptr ds:[eax]
0051309E E8 A511F6FF call 4_.00474248
005130A3 8B85 04FEFFFF mov eax,dword ptr ss:[ebp-1FC]
005130A9 8D95 08FEFFFF lea edx,dword ptr ss:[ebp-1F8]
005130AF E8 686FEFFF call 4_.0040A01C
005130B4 8D85 08FEFFFF lea eax,dword ptr ss:[ebp-1F8]
005130BA BA 48325100 mov edx,4_.00513248 ; ASCII "\key.kc"
005130BF E8 C41EEFFF call 4_.00404F88
005130C4 8B95 08FEFFFF mov edx,dword ptr ss:[ebp-1F8]
005130CA 8D85 28FEFFFF lea eax,dword ptr ss:[ebp-1D8]
005130D0 E8 9FFEEEFF call 4_.00402F74
005130D5 8D85 28FEFFFF lea eax,dword ptr ss:[ebp-1D8]
005130DB E8 24FCEEFF call 4_.00402D04
005130E0 E8 9BF8EEFF call 4_.00402980
005130E5 8B55 F4 mov edx,dword ptr ss:[ebp-C]
005130E8 8D85 28FEFFFF lea eax,dword ptr ss:[ebp-1D8]
005130EE E8 A122EFFF call 4_.00405394
005130F3 E8 3C07EFFF call 4_.00403834
005130F8 E8 83F8EEFF call 4_.00402980
005130FD 33C0 xor eax,eax
005130FF 5A pop edx
00513100 59 pop ecx
00513101 59 pop ecx
00513102 64:8910 mov dword ptr fs:[eax],edx
00513105 EB 0A jmp short 4_.00513111
00513107 ^ E9 CC11EFFF jmp 4_.004042D8
0051310C E8 F315EFFF call 4_.00404704
00513111 33C0 xor eax,eax
00513113 5A pop edx
00513114 59 pop ecx
00513115 59 pop ecx
00513116 64:8910 mov dword ptr fs:[eax],edx
00513119 68 36315100 push 4_.00513136
0051311E 8D85 28FEFFFF lea eax,dword ptr ss:[ebp-1D8]
00513124 E8 C7FFEEFF call 4_.004030F0
00513129 E8 52F8EEFF call 4_.00402980
0051312E C3 retn
0051312F ^ E9 5814EFFF jmp 4_.0040458C
00513134 ^ EB E8 jmp short 4_.0051311E
00513136 8B45 FC mov eax,dword ptr ss:[ebp-4]
00513139 E8 A261F4FF call 4_.004592E0
0051313E BA 50325100 mov edx,4_.00513250
00513143 B9 40000000 mov ecx,40
00513148 E8 2351FEFF call 4_.004F8270
0051314D A1 30F35500 mov eax,dword ptr ds:[55F330]
00513152 8B00 mov eax,dword ptr ds:[eax]
00513154 E8 030CF6FF call 4_.00473D5C
00513159 6A 03 push 3
0051315B 6A 00 push 0
0051315D 6A 00 push 0
0051315F 8D95 00FEFFFF lea edx,dword ptr ss:[ebp-200]
00513165 A1 30F35500 mov eax,dword ptr ds:[55F330]
0051316A 8B00 mov eax,dword ptr ds:[eax]
0051316C E8 D710F6FF call 4_.00474248
00513171 8B85 00FEFFFF mov eax,dword ptr ss:[ebp-200]
00513177 E8 FC1FEFFF call 4_.00405178
0051317C 50 push eax
0051317D 68 78325100 push 4_.00513278 ; ASCII "open"
00513182 8B45 FC mov eax,dword ptr ss:[ebp-4]
00513185 E8 5661F4FF call 4_.004592E0
0051318A 50 push eax
0051318B E8 B4E9F2FF call <jmp.&shell32.ShellExecuteA>
00513190 EB 17 jmp short 4_.005131A9
00513192 8B45 FC mov eax,dword ptr ss:[ebp-4]
00513195 E8 4661F4FF call 4_.004592E0
0051319A BA 24325100 mov edx,4_.00513224 ; 第二个注册码不对
0051319F B9 30000000 mov ecx,30
005131A4 E8 C750FEFF call 4_.004F8270
005131A9 B2 01 mov dl,1
005131AB 8B45 F8 mov eax,dword ptr ss:[ebp-8]
005131AE E8 B966FEFF call 4_.004F986C
005131B3 33C0 xor eax,eax
005131B5 5A pop edx
005131B6 59 pop ecx
把上面三个改了后就提示"注册成功 谢谢 确定好重起程序" 点确定后重起会在文件夹里生成一个key.kc文件 用记事本打开后里面有一个代码
EN-E7D459359325AB184B2E5300E6FF
软件注册后会重起验正,当然验正不正确
然后我在用上面改好的文件用key.kc文件里的代码注册试,反而提示注册不成功,换别的代码都成功提示,这就说明这个就是真正的注册码
可是为什么就是注册不了呢?
还望各位高手帮忙指点一二
谢谢了
00512F45 64:8920 mov dword ptr fs:[eax],esp
00512F48 803D B0DB5500 0>cmp byte ptr ds:[55DBB0],0
00512F4F 0F85 5E020000 jnz 4_.005131B3
00512F55 8D95 24FEFFFF lea edx,dword ptr ss:[ebp-1DC]
00512F5B 8B45 FC mov eax,dword ptr ss:[ebp-4]
00512F5E 8B80 F0020000 mov eax,dword ptr ds:[eax+2F0]
00512F64 E8 0BFAF3FF call 4_.00452974
00512F69 8B85 24FEFFFF mov eax,dword ptr ss:[ebp-1DC]
00512F6F E8 0C20EFFF call 4_.00404F80
00512F74 83F8 06 cmp eax,6
00512F77 7D 1C jge short 4_.00512F95
00512F79 8B45 FC mov eax,dword ptr ss:[ebp-4]
00512F7C E8 5F63F4FF call 4_.004592E0
00512F81 BA 24325100 mov edx,4_.00513224 ; 第一下注册码不对,
00512F86 B9 30000000 mov ecx,30
00512F8B E8 E052FEFF call 4_.004F8270
00512F90 E9 1E020000 jmp 4_.005131B3
00512F95 B2 01 mov dl,1
00512F97 A1 B4814F00 mov eax,dword ptr ds:[4F81B4]
00512F9C E8 BB56FEFF call 4_.004F865C
00512FA1 8945 F8 mov dword ptr ss:[ebp-8],eax
00512FA4 8D45 F4 lea eax,dword ptr ss:[ebp-C]
00512FA7 50 push eax
00512FA8 8B45 FC mov eax,dword ptr ss:[ebp-4]
00512FAB 8B80 10030000 mov eax,dword ptr ds:[eax+310]
00512FB1 8B10 mov edx,dword ptr ds:[eax]
00512FB3 FF92 C8000000 call dword ptr ds:[edx+C8]
00512FB9 50 push eax
00512FBA 8D95 20FEFFFF lea edx,dword ptr ss:[ebp-1E0]
00512FC0 8B45 FC mov eax,dword ptr ss:[ebp-4]
00512FC3 8B80 F0020000 mov eax,dword ptr ds:[eax+2F0]
00512FC9 E8 A6F9F3FF call 4_.00452974
00512FCE 8B95 20FEFFFF mov edx,dword ptr ss:[ebp-1E0]
00512FD4 8B45 F8 mov eax,dword ptr ss:[ebp-8]
00512FD7 59 pop ecx
00512FD8 E8 4F63FEFF call 4_.004F932C
00512FDD 66:BB 3828 mov bx,2838
00512FE1 8D95 18FEFFFF lea edx,dword ptr ss:[ebp-1E8]
00512FE7 8B45 FC mov eax,dword ptr ss:[ebp-4]
00512FEA 8B80 F4020000 mov eax,dword ptr ds:[eax+2F4]
00512FF0 E8 7FF9F3FF call 4_.00452974
00512FF5 8B85 18FEFFFF mov eax,dword ptr ss:[ebp-1E8]
00512FFB 8D95 1CFEFFFF lea edx,dword ptr ss:[ebp-1E4]
00513001 E8 F265EFFF call 4_.004095F8
00513006 8B95 1CFEFFFF mov edx,dword ptr ss:[ebp-1E4]
0051300C 8B45 F8 mov eax,dword ptr ss:[ebp-8]
0051300F E8 4057FEFF call 4_.004F8754
00513014 84C0 test al,al
00513016 0F84 76010000 je 4_.00513192
//改成jnz 让它跳
0051301C 8D95 10FEFFFF lea edx,dword ptr ss:[ebp-1F0]
00513022 8B45 FC mov eax,dword ptr ss:[ebp-4]
00513025 8B80 F4020000 mov eax,dword ptr ds:[eax+2F4]
0051302B E8 44F9F3FF call 4_.00452974
00513030 8B85 10FEFFFF mov eax,dword ptr ss:[ebp-1F0]
00513036 8D95 14FEFFFF lea edx,dword ptr ss:[ebp-1EC]
0051303C E8 B765EFFF call 4_.004095F8
00513041 8B85 14FEFFFF mov eax,dword ptr ss:[ebp-1EC]
00513047 8B55 F4 mov edx,dword ptr ss:[ebp-C]
0051304A E8 7520EFFF call 4_.004050C4
0051304F 0F85 3D010000 jnz 4_.00513192 //改成je 让它跳
00513055 0FB7C3 movzx eax,bx
00513058 8985 0CFEFFFF mov dword ptr ss:[ebp-1F4],eax
0051305E DB85 0CFEFFFF fild dword ptr ss:[ebp-1F4]
00513064 DB2D 34325100 fld tbyte ptr ds:[513234]
0051306A DED9 fcompp
0051306C DFE0 fstsw ax
0051306E 9E sahf
0051306F 0F85 1D010000 jnz 4_.00513192 //改成je 让它跳
00513075 33C0 xor eax,eax
00513077 55 push ebp
00513078 68 2F315100 push 4_.0051312F
0051307D 64:FF30 push dword ptr fs:[eax]
00513080 64:8920 mov dword ptr fs:[eax],esp
00513083 33C0 xor eax,eax
00513085 55 push ebp
00513086 68 07315100 push 4_.00513107
0051308B 64:FF30 push dword ptr fs:[eax]
0051308E 64:8920 mov dword ptr fs:[eax],esp
00513091 8D95 04FEFFFF lea edx,dword ptr ss:[ebp-1FC]
00513097 A1 30F35500 mov eax,dword ptr ds:[55F330]
0051309C 8B00 mov eax,dword ptr ds:[eax]
0051309E E8 A511F6FF call 4_.00474248
005130A3 8B85 04FEFFFF mov eax,dword ptr ss:[ebp-1FC]
005130A9 8D95 08FEFFFF lea edx,dword ptr ss:[ebp-1F8]
005130AF E8 686FEFFF call 4_.0040A01C
005130B4 8D85 08FEFFFF lea eax,dword ptr ss:[ebp-1F8]
005130BA BA 48325100 mov edx,4_.00513248 ; ASCII "\key.kc"
005130BF E8 C41EEFFF call 4_.00404F88
005130C4 8B95 08FEFFFF mov edx,dword ptr ss:[ebp-1F8]
005130CA 8D85 28FEFFFF lea eax,dword ptr ss:[ebp-1D8]
005130D0 E8 9FFEEEFF call 4_.00402F74
005130D5 8D85 28FEFFFF lea eax,dword ptr ss:[ebp-1D8]
005130DB E8 24FCEEFF call 4_.00402D04
005130E0 E8 9BF8EEFF call 4_.00402980
005130E5 8B55 F4 mov edx,dword ptr ss:[ebp-C]
005130E8 8D85 28FEFFFF lea eax,dword ptr ss:[ebp-1D8]
005130EE E8 A122EFFF call 4_.00405394
005130F3 E8 3C07EFFF call 4_.00403834
005130F8 E8 83F8EEFF call 4_.00402980
005130FD 33C0 xor eax,eax
005130FF 5A pop edx
00513100 59 pop ecx
00513101 59 pop ecx
00513102 64:8910 mov dword ptr fs:[eax],edx
00513105 EB 0A jmp short 4_.00513111
00513107 ^ E9 CC11EFFF jmp 4_.004042D8
0051310C E8 F315EFFF call 4_.00404704
00513111 33C0 xor eax,eax
00513113 5A pop edx
00513114 59 pop ecx
00513115 59 pop ecx
00513116 64:8910 mov dword ptr fs:[eax],edx
00513119 68 36315100 push 4_.00513136
0051311E 8D85 28FEFFFF lea eax,dword ptr ss:[ebp-1D8]
00513124 E8 C7FFEEFF call 4_.004030F0
00513129 E8 52F8EEFF call 4_.00402980
0051312E C3 retn
0051312F ^ E9 5814EFFF jmp 4_.0040458C
00513134 ^ EB E8 jmp short 4_.0051311E
00513136 8B45 FC mov eax,dword ptr ss:[ebp-4]
00513139 E8 A261F4FF call 4_.004592E0
0051313E BA 50325100 mov edx,4_.00513250
00513143 B9 40000000 mov ecx,40
00513148 E8 2351FEFF call 4_.004F8270
0051314D A1 30F35500 mov eax,dword ptr ds:[55F330]
00513152 8B00 mov eax,dword ptr ds:[eax]
00513154 E8 030CF6FF call 4_.00473D5C
00513159 6A 03 push 3
0051315B 6A 00 push 0
0051315D 6A 00 push 0
0051315F 8D95 00FEFFFF lea edx,dword ptr ss:[ebp-200]
00513165 A1 30F35500 mov eax,dword ptr ds:[55F330]
0051316A 8B00 mov eax,dword ptr ds:[eax]
0051316C E8 D710F6FF call 4_.00474248
00513171 8B85 00FEFFFF mov eax,dword ptr ss:[ebp-200]
00513177 E8 FC1FEFFF call 4_.00405178
0051317C 50 push eax
0051317D 68 78325100 push 4_.00513278 ; ASCII "open"
00513182 8B45 FC mov eax,dword ptr ss:[ebp-4]
00513185 E8 5661F4FF call 4_.004592E0
0051318A 50 push eax
0051318B E8 B4E9F2FF call <jmp.&shell32.ShellExecuteA>
00513190 EB 17 jmp short 4_.005131A9
00513192 8B45 FC mov eax,dword ptr ss:[ebp-4]
00513195 E8 4661F4FF call 4_.004592E0
0051319A BA 24325100 mov edx,4_.00513224 ; 第二个注册码不对
0051319F B9 30000000 mov ecx,30
005131A4 E8 C750FEFF call 4_.004F8270
005131A9 B2 01 mov dl,1
005131AB 8B45 F8 mov eax,dword ptr ss:[ebp-8]
005131AE E8 B966FEFF call 4_.004F986C
005131B3 33C0 xor eax,eax
005131B5 5A pop edx
005131B6 59 pop ecx
把上面三个改了后就提示"注册成功 谢谢 确定好重起程序" 点确定后重起会在文件夹里生成一个key.kc文件 用记事本打开后里面有一个代码
EN-E7D459359325AB184B2E5300E6FF
软件注册后会重起验正,当然验正不正确
然后我在用上面改好的文件用key.kc文件里的代码注册试,反而提示注册不成功,换别的代码都成功提示,这就说明这个就是真正的注册码
可是为什么就是注册不了呢?
还望各位高手帮忙指点一二
谢谢了
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
赞赏
他的文章
- [讨论]问一下,这个反跟踪代码如何跳出来在VC 4665
- [求助]OD如何下键盘上的按键断点 9717
- 发个狗壳大家看看 4611
- 注册码验证的问题?? 4284
- 注册码验证的问题?? 3318
看原图
赞赏
雪币:
留言: