能力值:
( LV9,RANK:970 )
|
-
-
2 楼
破文如下:
关键CALL函数如下
00457C18 BA db BA
00457C19 DA db DA
00457C1A CD db CD
00457C1B B7 db B7 ;"黑头"
00457C1C . 53 75 6E 20 4>ascii "Sun Bird",0
00457C25 00 db 00
00457C26 00 db 00
00457C27 00 db 00
00457C28 . FFFFFFFF dd FFFFFFFF
00457C2C . 0F000000 dd 0000000F
00457C30 . 64 73 65 6C 6>ascii "dseloffc-012-OK",0
00457C40 /. 55 push ebp
00457C41 |. 8BEC mov ebp, esp
00457C43 |. 51 push ecx
00457C44 |. B9 05000000 mov ecx, 5
00457C49 |> 6A 00 /push 0
00457C4B |. 6A 00 |push 0
00457C4D |. 49 |dec ecx
00457C4E |.^ 75 F9 \jnz short 00457C49
00457C50 |. 51 push ecx
00457C51 |. 874D FC xchg [ebp-4], ecx
00457C54 |. 53 push ebx
00457C55 |. 56 push esi
00457C56 |. 8BD8 mov ebx, eax
00457C58 |. 33C0 xor eax, eax
00457C5A |. 55 push ebp
00457C5B |. 68 3D7E4500 push 00457E3D
00457C60 |. 64:FF30 push dword ptr fs:[eax]
00457C63 |. 64:8920 mov fs:[eax], esp
00457C66 |. 8BB3 F8020000 mov esi, [ebx+2F8] ;获得用户名的长度
00457C6C |. 83C6 05 add esi, 5 ;长度加5保存到esi
00457C6F |. FFB3 10030000 push dword ptr [ebx+310]
00457C75 |. 8D55 F8 lea edx, [ebp-8]
00457C78 |. 8BC6 mov eax, esi
00457C7A |. E8 85FEFAFF call 00407B04 ;把(长度+5)转换成字符串
00457C7F |. FF75 F8 push dword ptr [ebp-8]
00457C82 |. FFB3 14030000 push dword ptr [ebx+314] ;"dseloffc-012-OK"
00457C88 |. 8D55 F4 lea edx, [ebp-C]
00457C8B |. 8B83 D4020000 mov eax, [ebx+2D4]
00457C91 |. E8 B2B6FCFF call 00423348 ;获得用户名
00457C96 |. FF75 F4 push dword ptr [ebp-C] ;用户名
00457C99 |. 8D83 18030000 lea eax, [ebx+318]
00457C9F |. BA 04000000 mov edx, 4
00457CA4 |. E8 93BFFAFF call 00403C3C ;把"黑头Sun Bird",用户名长度+5的字符串,"dseloffc-012-OK",用户名4个串连起来,作为注册码
00457CA9 |. 33D2 xor edx, edx
00457CAB |. 8B83 F4020000 mov eax, [ebx+2F4]
00457CB1 |. E8 AAB5FCFF call 00423260
00457CB6 |. 8B93 18030000 mov edx, [ebx+318]
00457CBC |. 8B83 F4020000 mov eax, [ebx+2F4]
00457CC2 |. E8 B1B6FCFF call 00423378
00457CC7 |. 33F6 xor esi, esi
00457CC9 |> 8D55 EC /lea edx, [ebp-14]
00457CCC |. 8B83 D4020000 |mov eax, [ebx+2D4]
00457CD2 |. E8 71B6FCFF |call 00423348
00457CD7 |. 8B45 EC |mov eax, [ebp-14]
00457CDA |. E8 9DBEFAFF |call 00403B7C
00457CDF |. 83C0 03 |add eax, 3
00457CE2 |. 8D55 F0 |lea edx, [ebp-10]
00457CE5 |. E8 1AFEFAFF |call 00407B04
00457CEA |. FF75 F0 |push dword ptr [ebp-10]
00457CED |. 8D55 E8 |lea edx, [ebp-18]
00457CF0 |. 8B83 D4020000 |mov eax, [ebx+2D4]
00457CF6 |. E8 4DB6FCFF |call 00423348
00457CFB |. FF75 E8 |push dword ptr [ebp-18]
00457CFE |. 8D55 E4 |lea edx, [ebp-1C]
00457D01 |. 8BC6 |mov eax, esi
00457D03 |. E8 FCFDFAFF |call 00407B04
00457D08 |. FF75 E4 |push dword ptr [ebp-1C]
00457D0B |. 8D45 FC |lea eax, [ebp-4]
00457D0E |. BA 03000000 |mov edx, 3
00457D13 |. E8 24BFFAFF |call 00403C3C
00457D18 |. 46 |inc esi
00457D19 |. 83FE 13 |cmp esi, 13
00457D1C |.^ 75 AB \jnz short 00457CC9
00457D1E |. 8D55 E0 lea edx, [ebp-20]
00457D21 |. 8B83 D8020000 mov eax, [ebx+2D8]
00457D27 |. E8 1CB6FCFF call 00423348
00457D2C |. 8B45 E0 mov eax, [ebp-20] ;输入的注册码
00457D2F |. 8B93 18030000 mov edx, [ebx+318] ;真的注册码
00457D35 |. E8 52BFFAFF call 00403C8C ;比较
00457D3A 75 0A jnz short 00457D46 ;关键跳
00457D3C |. C783 0C030000>mov dword ptr [ebx+30C], 3E
00457D46 |> 8B83 0C030000 mov eax, [ebx+30C]
00457D4C |. 83C0 10 add eax, 10
00457D4F |. 8983 FC020000 mov [ebx+2FC], eax
00457D55 |. 83C0 23 add eax, 23
00457D58 |. 8983 00030000 mov [ebx+300], eax
00457D5E |. 33F6 xor esi, esi
00457D60 |> 8D55 D8 /lea edx, [ebp-28]
00457D63 |. 8B83 D4020000 |mov eax, [ebx+2D4]
00457D69 |. E8 DAB5FCFF |call 00423348
00457D6E |. 8B45 D8 |mov eax, [ebp-28]
00457D71 |. E8 06BEFAFF |call 00403B7C
00457D76 |. 83C0 03 |add eax, 3
00457D79 |. 8D55 DC |lea edx, [ebp-24]
00457D7C |. E8 83FDFAFF |call 00407B04
00457D81 |. FF75 DC |push dword ptr [ebp-24]
00457D84 |. 8D55 D4 |lea edx, [ebp-2C]
00457D87 |. 8B83 D4020000 |mov eax, [ebx+2D4]
00457D8D |. E8 B6B5FCFF |call 00423348
00457D92 |. FF75 D4 |push dword ptr [ebp-2C]
00457D95 |. 8D55 D0 |lea edx, [ebp-30]
00457D98 |. 8BC6 |mov eax, esi
00457D9A |. E8 65FDFAFF |call 00407B04
00457D9F |. FF75 D0 |push dword ptr [ebp-30]
00457DA2 |. 8D45 FC |lea eax, [ebp-4]
00457DA5 |. BA 03000000 |mov edx, 3
00457DAA |. E8 8DBEFAFF |call 00403C3C
00457DAF |. 46 |inc esi
00457DB0 |. 83FE 13 |cmp esi, 13
00457DB3 |.^ 75 AB \jnz short 00457D60
00457DB5 |. 8B83 FC020000 mov eax, [ebx+2FC]
00457DBB |. 0383 00030000 add eax, [ebx+300]
00457DC1 |. 8983 04030000 mov [ebx+304], eax
00457DC7 |. 8B93 FC020000 mov edx, [ebx+2FC]
00457DCD |. 83C2 09 add edx, 9
00457DD0 |. 03D0 add edx, eax
00457DD2 |. 8993 08030000 mov [ebx+308], edx
00457DD8 |. 33C0 xor eax, eax
00457DDA |. 5A pop edx
00457DDB |. 59 pop ecx
00457DDC |. 59 pop ecx
00457DDD |. 64:8910 mov fs:[eax], edx
00457DE0 |. 68 447E4500 push 00457E44
00457DE5 |> 8D45 D0 lea eax, [ebp-30]
00457DE8 |. E8 0FBBFAFF call 004038FC
00457DED |. 8D45 D4 lea eax, [ebp-2C]
00457DF0 |. BA 02000000 mov edx, 2
00457DF5 |. E8 26BBFAFF call 00403920
00457DFA |. 8D45 DC lea eax, [ebp-24]
00457DFD |. E8 FABAFAFF call 004038FC
00457E02 |. 8D45 E0 lea eax, [ebp-20]
00457E05 |. E8 F2BAFAFF call 004038FC
00457E0A |. 8D45 E4 lea eax, [ebp-1C]
00457E0D |. E8 EABAFAFF call 004038FC
00457E12 |. 8D45 E8 lea eax, [ebp-18]
00457E15 |. BA 02000000 mov edx, 2
00457E1A |. E8 01BBFAFF call 00403920
00457E1F |. 8D45 F0 lea eax, [ebp-10]
00457E22 |. E8 D5BAFAFF call 004038FC
00457E27 |. 8D45 F4 lea eax, [ebp-C]
00457E2A |. E8 CDBAFAFF call 004038FC
00457E2F |. 8D45 F8 lea eax, [ebp-8]
00457E32 |. BA 02000000 mov edx, 2
00457E37 |. E8 E4BAFAFF call 00403920
00457E3C \. C3 retn
注册过程就是这样的。
"黑头Sun Bird"+(用户名长度+5)的字符串+"dseloffc-012-OK"+用户名
我的注册:
name:nightfox
serial:黑头Sun Bird13dseloffc-012-OKnightfox
|
