能力值:
( LV2,RANK:10 )
|
-
-
15 楼
最初由 kanxue 发布 如果问题能回答,我看到都会回的。
...............................................................................................................................
看雪老大一直都很忙,对于问题也不可能一一回答,这个我们都理解。呵呵
教程我看过了很多,只是在卡在这里了,在论坛相关方面的介绍我也没看明白
所以才一再发贴求助 。如果说碰到一个难题就跳过去,恐怕不利于自己的深入学习。
我这次把这个贴子的代码都贴出来了,以及遇到的问题也做了说明
如果有时间的话 请各位老师帮我瞧一眼,小弟不尽感激~~!
软件是一个类似于赌马类的软件 软件中的每一个回合都设置了自己不同的密码, 他的密码是保存 在对应回合的二进制bin文件中, 本人通过在OD分析二进制文件,追到了软件的注册码 是一个 十二位的密码(格式为 Jzs-vvi-1lk-Fid-×××)最后三个×××可以随便输入 即打开成功。 然而软件的真实密码我有 应为(3u8A-5DKU1-JDAf-3vvE15-KlsHW2)这样的格式 但是我所追到的十五位的密码 一样能正确打开这个软件, 得到的软件画面与真的密码得到的画面相同,但是里面的数据却不相同
为此,我都难过死了,为什么自己追到的密码 打开确是另外一种现象呢? 实在让我想不通。
软件下载地址: 点这里下载,软件大小 1.8M 说明:这个软件无壳 Microsoft Visual C++ 7.0 编写 这个软件把每个回合的打开密码,放在对应的 Round下面 的BAC.BIN文件 可以跟踪BAC.BIN文件 追到软件的注册码(密码)
以下内容为OD载入后 查看的ASSIC码(输入假码提示:密码输入错误)
超级字串参考+ 地址 反汇编 文本字串 00401698 PUSH bac.0048B8B4 bozen.ssk 0040169D PUSH bac.0048B8B0 ssk 004016C8 PUSH bac.0048B890 应用程序向导生成的本地应用程序 0040173E PUSH bac.0048B880 密码输入错误! 00401818 LEA ECX,DWORD PTR SS:[ESP+228] (初始 cpu 选择) 00401870 MOV EAX,bac.0048B8C0 4ti 0040285E PUSH bac.0048B928 第 %s 场 00402932 PUSH bac.0048B934 %d 00402A52 PUSH bac.0048B934 %d 00402B72 PUSH bac.0048B934 %d 00402D1A PUSH bac.0048B938 vector<t> too long 00402ECA PUSH bac.0048B94C invalid vector<t> subscript 0040318A PUSH bac.0048B9A8 1 局~64 局 004031BB PUSH bac.0048B998 65 局~128 局 004031F0 PUSH bac.0048B988 129 局~192 局 0040321E PUSH bac.0048B978 193 局~256 局 0040324C PUSH bac.0048B968 257 局~320 局 00403287 PUSH bac.0048B934 %d 0040376A PUSH bac.0048B9C0 错误 0040376F PUSH bac.0048B9B4 密码错误! 0040410A PUSH bac.0048B9DC \bac.dat 004044F1 PUSH bac.0048B9D8 %s 004046B1 PUSH bac.0048B9DC \bac.dat 004047A6 PUSH bac.0048B880 密码输入错误! 004048F6 PUSH bac.0048B9C8 请输入密码! 00404B32 PUSH bac.0048B9DC \bac.dat
以下内容为,跟踪第一处出现的“密码输入错误”处
004016BF . 53 PUSH EBX 004016C0 . E8 6CE90500 CALL bac.00460031 004016C5 . 83C4 04 ADD ESP,4 004016C8 . 68 90B84800 PUSH bac.0048B890 ; 应用程序向导生成的本地应用程序 004016CD . 8BCE MOV ECX,ESI 004016CF . E8 07090800 CALL bac.00481FDB 004016D4 . 53 PUSH EBX 004016D5 . 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10] 004016D9 . E8 C2470000 CALL bac.00405EA0 004016DE . 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C] 004016E2 . 899C24 A40500>MOV DWORD PTR SS:[ESP+5A4],EBX 004016E9 . E8 A5810700 CALL bac.00479893 004016EE . 83F8 01 CMP EAX,1 004016F1 . 0F85 34010000 JNZ bac.0040182B 004016F7 . 53 PUSH EBX 004016F8 . 8D8C24 2C0200>LEA ECX,DWORD PTR SS:[ESP+22C] 004016FF . E8 4C360000 CALL bac.00404D50 00401704 . 8B8424 140200>MOV EAX,DWORD PTR SS:[ESP+214] 0040170B . 3958 F4 CMP DWORD PTR DS:[EAX-C],EBX 0040170E . C68424 A40500>MOV BYTE PTR SS:[ESP+5A4],1 00401716 . 74 24 JE SHORT bac.0040173C 00401718 . 8B8C24 180200>MOV ECX,DWORD PTR SS:[ESP+218] 0040171F . 3959 F4 CMP DWORD PTR DS:[ECX-C],EBX 00401722 . 74 18 JE SHORT bac.0040173C 00401724 . 8B9424 1C0200>MOV EDX,DWORD PTR SS:[ESP+21C] 0040172B . 395A F4 CMP DWORD PTR DS:[EDX-C],EBX 0040172E . 74 0C JE SHORT bac.0040173C 00401730 . 8B8424 200200>MOV EAX,DWORD PTR SS:[ESP+220] 00401737 . 3958 F4 CMP DWORD PTR DS:[EAX-C],EBX 0040173A . 75 11 JNZ SHORT bac.0040174D 0040173C > 53 PUSH EBX 0040173D > 53 PUSH EBX 0040173E . 68 80B84800 PUSH bac.0048B880 ; 密码输入错误! 00401743 . E8 9EEC0700 CALL bac.004803E6 00401748 . E9 CB000000 JMP bac.00401818 0040174D > 8B8C24 240200>MOV ECX,DWORD PTR SS:[ESP+224] 00401754 . 3959 F4 CMP DWORD PTR DS:[ECX-C],EBX 00401757 . 53 PUSH EBX 00401758 .^ 74 E3 JE SHORT bac.0040173D
以下内容为 跟踪第二处出现“密码输入错误”....
0040467A . 50 PUSH EAX 0040467B . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14] 0040467F . C68424 A80300>MOV BYTE PTR SS:[ESP+3A8],18 00404687 . E8 64CDFFFF CALL bac.004013F0 0040468C . 8B4424 38 MOV EAX,DWORD PTR SS:[ESP+38] 00404690 . 83C0 F0 ADD EAX,-10 00404693 . 889C24 A40300>MOV BYTE PTR SS:[ESP+3A4],BL 0040469A . 8D50 0C LEA EDX,DWORD PTR DS:[EAX+C] 0040469D . 83C9 FF OR ECX,FFFFFFFF 004046A0 . F0:0FC10A LOCK XADD DWORD PTR DS:[EDX],ECX ; 锁定前缀 004046A4 . 49 DEC ECX 004046A5 . 85C9 TEST ECX,ECX ; 004046A7 . 7F 08 JG SHORT bac.004046B1 004046A9 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 004046AB . 8B11 MOV EDX,DWORD PTR DS:[ECX] 004046AD . 50 PUSH EAX 004046AE . FF52 04 CALL DWORD PTR DS:[EDX+4] 004046B1 > 68 DCB94800 PUSH bac.0048B9DC ; \bac.dat 004046B6 . 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+14] 004046BA . 50 PUSH EAX 004046BB . 8D4C24 34 LEA ECX,DWORD PTR SS:[ESP+34] 004046BF . 51 PUSH ECX 004046C0 . E8 9BE0FFFF CALL bac.00402760 004046C5 . 83C4 0C ADD ESP,0C 004046C8 . 6A 01 PUSH 1 004046CA . 8D4C24 30 LEA ECX,DWORD PTR SS:[ESP+30] 004046CE . C68424 A80300>MOV BYTE PTR SS:[ESP+3A8],19 004046D6 . E8 35D6FFFF CALL bac.00401D10 004046DB . 50 PUSH EAX ; |Arg2 004046DC . 8D97 88000000 LEA EDX,DWORD PTR DS:[EDI+88] ; | 004046E2 . 52 PUSH EDX ; |Arg1 004046E3 . E8 48380000 CALL bac.00407F30 ; \bac.00407F30 004046E8 . 8B4424 38 MOV EAX,DWORD PTR SS:[ESP+38] 004046EC . 83C0 F0 ADD EAX,-10 004046EF . 83C4 0C ADD ESP,0C 004046F2 . 889C24 A40300>MOV BYTE PTR SS:[ESP+3A4],BL 004046F9 . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 004046FC . 83CA FF OR EDX,FFFFFFFF 004046FF . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 00404703 . 4A DEC EDX 00404704 . 85D2 TEST EDX,EDX 00404706 . 7F 08 JG SHORT bac.00404710 00404708 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 0040470A . 8B11 MOV EDX,DWORD PTR DS:[ECX] 0040470C . 50 PUSH EAX 0040470D . FF52 04 CALL DWORD PTR DS:[EDX+4] 00404710 > 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10] 00404714 . 83C0 F0 ADD EAX,-10 00404717 . C68424 A40300>MOV BYTE PTR SS:[ESP+3A4],16 0040471F . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 00404722 . 83CA FF OR EDX,FFFFFFFF 00404725 . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 00404729 . 4A DEC EDX 0040472A . 85D2 TEST EDX,EDX 0040472C . 7F 08 JG SHORT bac.00404736 0040472E . 8B08 MOV ECX,DWORD PTR DS:[EAX] 00404730 . 8B11 MOV EDX,DWORD PTR DS:[ECX] 00404732 . 50 PUSH EAX 00404733 . FF52 04 CALL DWORD PTR DS:[EDX+4] 00404736 > 8D87 D8000000 LEA EAX,DWORD PTR DS:[EDI+D8] 0040473C . 50 PUSH EAX 0040473D . 8BCF MOV ECX,EDI 0040473F . E8 7CEDFFFF CALL bac.004034C0 00404744 . 85C0 TEST EAX,EAX 00404746 . 75 09 JNZ SHORT bac.00404751 00404748 . 6A 02 PUSH 2 0040474A . 8BCF MOV ECX,EDI 0040474C . E8 EF4A0700 CALL bac.00479240 00404751 > 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14] 00404755 . E8 56CBFFFF CALL bac.004012B0 0040475A . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28] 0040475E . E8 4DCBFFFF CALL bac.004012B0 00404763 . 8D4C24 34 LEA ECX,DWORD PTR SS:[ESP+34] 00404767 . E8 44CBFFFF CALL bac.004012B0 0040476C . 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18] 00404770 . E8 3BCBFFFF CALL bac.004012B0 00404775 . 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20] 00404779 . E8 32CBFFFF CALL bac.004012B0 0040477E . 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24] 00404782 . E8 29CBFFFF CALL bac.004012B0 00404787 . 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C] 0040478B . E8 20CBFFFF CALL bac.004012B0 00404790 . 8D4C24 30 LEA ECX,DWORD PTR SS:[ESP+30] 00404794 . E8 17CBFFFF CALL bac.004012B0 00404799 . E9 6D010000 JMP bac.0040490B 0040479E > 8B7C24 10 MOV EDI,DWORD PTR SS:[ESP+10] 004047A2 > 6A 00 PUSH 0 004047A4 . 6A 00 PUSH 0 004047A6 . 68 80B84800 PUSH bac.0048B880 ; 密码输入错误! 004047AB . 8BCF MOV ECX,EDI 004047AD . E8 FA670700 CALL bac.0047AFAC 004047B2 . 6A 02 PUSH 2 004047B4 . 8BCF MOV ECX,EDI 004047B6 . E8 854A0700 CALL bac.00479240 004047BB . 8D43 F0 LEA EAX,DWORD PTR DS:[EBX-10] 004047BE . C68424 A40300>MOV BYTE PTR SS:[ESP+3A4],14 004047C6 . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 004047C9 . 83CA FF OR EDX,FFFFFFFF 004047CC . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 004047D0 . 4A DEC EDX 004047D1 . 85D2 TEST EDX,EDX 004047D3 . 7F 08 JG SHORT bac.004047DD 004047D5 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 004047D7 . 8B11 MOV EDX,DWORD PTR DS:[ECX] 004047D9 . 50 PUSH EAX 004047DA . FF52 04 CALL DWORD PTR DS:[EDX+4] 004047DD > 8D46 F0 LEA EAX,DWORD PTR DS:[ESI-10] 004047E0 > C68424 A40300>MOV BYTE PTR SS:[ESP+3A4],9 004047E8 . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 004047EB . 83CA FF OR EDX,FFFFFFFF 004047EE . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 004047F2 . 4A DEC EDX 004047F3 . 85D2 TEST EDX,EDX 004047F5 . 7F 08 JG SHORT bac.004047FF 004047F7 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 004047F9 . 8B11 MOV EDX,DWORD PTR DS:[ECX] 004047FB . 50 PUSH EAX 004047FC . FF52 04 CALL DWORD PTR DS:[EDX+4] 004047FF > 8B4424 34 MOV EAX,DWORD PTR SS:[ESP+34] 00404803 . 83C0 F0 ADD EAX,-10 00404806 . C68424 A40300>MOV BYTE PTR SS:[ESP+3A4],4 0040480E . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 00404811 . 83CA FF OR EDX,FFFFFFFF 00404814 . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 00404818 . 4A DEC EDX 00404819 . 85D2 TEST EDX,EDX 0040481B . 7F 08 JG SHORT bac.00404825 0040481D . 8B08 MOV ECX,DWORD PTR DS:[EAX] 0040481F . 8B11 MOV EDX,DWORD PTR DS:[ECX] 00404821 . 50 PUSH EAX 00404822 . FF52 04 CALL DWORD PTR DS:[EDX+4] 00404825 > 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18] 00404829 . 83C0 F0 ADD EAX,-10 0040482C . C68424 A40300>MOV BYTE PTR SS:[ESP+3A4],3 00404834 . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 00404837 . 83CA FF OR EDX,FFFFFFFF 0040483A . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 0040483E . 4A DEC EDX 0040483F . 85D2 TEST EDX,EDX 00404841 . 7F 08 JG SHORT bac.0040484B 00404843 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 00404845 . 8B11 MOV EDX,DWORD PTR DS:[ECX] 00404847 . 50 PUSH EAX 00404848 . FF52 04 CALL DWORD PTR DS:[EDX+4] 0040484B > 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+20] 0040484F . 83C0 F0 ADD EAX,-10 00404852 . C68424 A40300>MOV BYTE PTR SS:[ESP+3A4],2 0040485A . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 0040485D . 83CA FF OR EDX,FFFFFFFF 00404860 . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 00404864 . 4A DEC EDX 00404865 . 85D2 TEST EDX,EDX 00404867 . 7F 08 JG SHORT bac.00404871 00404869 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 0040486B . 8B11 MOV EDX,DWORD PTR DS:[ECX] 0040486D . 50 PUSH EAX 0040486E . FF52 04 CALL DWORD PTR DS:[EDX+4] 00404871 > 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24] 00404875 . 83C0 F0 ADD EAX,-10 00404878 . C68424 A40300>MOV BYTE PTR SS:[ESP+3A4],1 00404880 . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 00404883 . 83CA FF OR EDX,FFFFFFFF 00404886 . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 0040488A . 4A DEC EDX 0040488B . 85D2 TEST EDX,EDX 0040488D . 7F 08 JG SHORT bac.00404897 0040488F . 8B08 MOV ECX,DWORD PTR DS:[EAX] 00404891 . 8B11 MOV EDX,DWORD PTR DS:[ECX] 00404893 . 50 PUSH EAX 00404894 . FF52 04 CALL DWORD PTR DS:[EDX+4] 00404897 > 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+1C] 0040489B . 83C0 F0 ADD EAX,-10 0040489E . C68424 A40300>MOV BYTE PTR SS:[ESP+3A4],0 004048A6 . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 004048A9 . 83CA FF OR EDX,FFFFFFFF 004048AC . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 004048B0 . 4A DEC EDX 004048B1 . 85D2 TEST EDX,EDX 004048B3 . 7F 08 JG SHORT bac.004048BD 004048B5 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 004048B7 . 8B11 MOV EDX,DWORD PTR DS:[ECX] 004048B9 . 50 PUSH EAX 004048BA . FF52 04 CALL DWORD PTR DS:[EDX+4] 004048BD > 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+30] 004048C1 . 83C0 F0 ADD EAX,-10 004048C4 . C78424 A40300>MOV DWORD PTR SS:[ESP+3A4],-1 004048CF . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 004048D2 . 83CA FF OR EDX,FFFFFFFF 004048D5 . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 004048D9 . 4A DEC EDX 004048DA . 85D2 TEST EDX,EDX 004048DC . 7F 2D JG SHORT bac.0040490B 004048DE . 8B08 MOV ECX,DWORD PTR DS:[EAX] 004048E0 . 8B11 MOV EDX,DWORD PTR DS:[ECX] 004048E2 . 50 PUSH EAX 004048E3 . FF52 04 CALL DWORD PTR DS:[EDX+4] 004048E6 . EB 23 JMP SHORT bac.0040490B 004048E8 > 68 57000780 PUSH 80070057 004048ED . E8 4EC7FFFF CALL bac.00401040 004048F2 > 6A 00 PUSH 0 004048F4 . 6A 00 PUSH 0 004048F6 . 68 C8B94800 PUSH bac.0048B9C8 ; 请输入密码! 004048FB . 8BCF MOV ECX,EDI 004048FD . E8 AA660700 CALL bac.0047AFAC 00404902 . 6A 02 PUSH 2 00404904 . 8BCF MOV ECX,EDI 00404906 . E8 35490700 CALL bac.00479240 0040490B > 8B8C24 9C0300>MOV ECX,DWORD PTR SS:[ESP+39C] 00404912 . 64:890D 00000>MOV DWORD PTR FS:[0],ECX 00404919 . 8B8C24 940300>MOV ECX,DWORD PTR SS:[ESP+394] 00404920 . E8 024D0600 CALL bac.00469627
在这段代码中,我下了断点 并且追出了注册码 00404F60 . 56 PUSH ESI 00404F61 . 8BF1 MOV ESI,ECX 00404F63 . E8 F8C4FFFF CALL bac.00401460 00404F68 . F64424 08 01 TEST BYTE PTR SS:[ESP+8],1 00404F6D . 74 09 JE SHORT bac.00404F78 00404F6F . 56 PUSH ESI 00404F70 . E8 A6410700 CALL bac.0047911B 00404F75 . 83C4 04 ADD ESP,4 00404F78 > 8BC6 MOV EAX,ESI 00404F7A . 5E POP ESI 00404F7B . C2 0400 RETN 4 00404F7E CC INT3 00404F7F CC INT3 00404F80 /$ 0FBE4424 04 MOVSX EAX,BYTE PTR SS:[ESP+4] 这里下断点,追到了注册码 00404F85 |. 83C0 D0 ADD EAX,-30 ; Switch (cases 31..7A) 00404F88 |. 83F8 4A CMP EAX,4A 00404F8B |. 0F87 38010000 JA bac.004050C9 00404F91 |. FF2485 D05040>JMP DWORD PTR DS:[EAX*4+4050D0] 00404F98 |> 66:B8 0100 MOV AX,1 ; Case 31 ('1') of switch 00404F85 00404F9C |. C3 RETN 00404F9D |> 66:B8 0200 MOV AX,2 ; Case 32 ('2') of switch 00404F85 00404FA1 |. C3 RETN 00404FA2 |> 66:B8 0300 MOV AX,3 ; Case 33 ('3') of switch 00404F85 00404FA6 |. C3 RETN 00404FA7 |> 66:B8 0400 MOV AX,4 ; Case 34 ('4') of switch 00404F85 00404FAB |. C3 RETN 00404FAC |> 66:B8 0500 MOV AX,5 ; Case 35 ('5') of switch 00404F85 00404FB0 |. C3 RETN 00404FB1 |> 66:B8 0600 MOV AX,6 ; Case 36 ('6') of switch 00404F85 00404FB5 |. C3 RETN 00404FB6 |> 66:B8 0700 MOV AX,7 ; Case 37 ('7') of switch 00404F85 00404FBA |. C3 RETN 00404FBB |> 66:B8 0800 MOV AX,8 ; Case 38 ('8') of switch 00404F85 00404FBF |. C3 RETN 00404FC0 |> 66:B8 0900 MOV AX,9 ; Case 39 ('9') of switch 00404F85 00404FC4 |. C3 RETN 00404FC5 |> 66:B8 0A00 MOV AX,0A ; Case 61 ('a') of switch 00404F85 00404FC9 |. C3 RETN 00404FCA |> 66:B8 0B00 MOV AX,0B ; Case 62 ('b') of switch 00404F85 00404FCE |. C3 RETN 00404FCF |> 66:B8 0C00 MOV AX,0C ; Case 63 ('c') of switch 00404F85 00404FD3 |. C3 RETN 00404FD4 |> 66:B8 0D00 MOV AX,0D ; Case 64 ('d') of switch 00404F85 00404FD8 |. C3 RETN 00404FD9 |> 66:B8 0E00 MOV AX,0E ; Case 65 ('e') of switch 00404F85 00404FDD |. C3 RETN 00404FDE |> 66:B8 0F00 MOV AX,0F ; Case 66 ('f') of switch 00404F85 00404FE2 |. C3 RETN 00404FE3 |> 66:B8 1000 MOV AX,10 ; Case 67 ('g') of switch 00404F85 00404FE7 |. C3 RETN 00404FE8 |> 66:B8 1100 MOV AX,11 ; Case 68 ('h') of switch 00404F85 00404FEC |. C3 RETN 00404FED |> 66:B8 1200 MOV AX,12 ; Case 69 ('i') of switch 00404F85 00404FF1 |. C3 RETN 00404FF2 |> 66:B8 1300 MOV AX,13 ; Case 6A ('j') of switch 00404F85 00404FF6 |. C3 RETN 00404FF7 |> 66:B8 1400 MOV AX,14 ; Case 6B ('k') of switch 00404F85 00404FFB |. C3 RETN 00404FFC |> 66:B8 1500 MOV AX,15 ; Case 6C ('l') of switch 00404F85 00405000 |. C3 RETN 00405001 |> 66:B8 1600 MOV AX,16 ; Case 6D ('m') of switch 00404F85 00405005 |. C3 RETN 00405006 |> 66:B8 1700 MOV AX,17 ; Case 6E ('n') of switch 00404F85 0040500A |. C3 RETN 0040500B |> 66:B8 1800 MOV AX,18 ; Case 6F ('o') of switch 00404F85 0040500F |. C3 RETN 00405010 |> 66:B8 1900 MOV AX,19 ; Case 70 ('p') of switch 00404F85 00405014 |. C3 RETN 00405015 |> 66:B8 1A00 MOV AX,1A ; Case 71 ('q') of switch 00404F85 00405019 |. C3 RETN 0040501A |> 66:B8 1B00 MOV AX,1B ; Case 72 ('r') of switch 00404F85 0040501E |. C3 RETN 0040501F |> 66:B8 1C00 MOV AX,1C ; Case 73 ('s') of switch 00404F85 00405023 |. C3 RETN 00405024 |> 66:B8 1D00 MOV AX,1D ; Case 74 ('t') of switch 00404F85 00405028 |. C3 RETN 00405029 |> 66:B8 1E00 MOV AX,1E ; Case 75 ('u') of switch 00404F85 0040502D |. C3 RETN 0040502E |> 66:B8 1F00 MOV AX,1F ; Case 76 ('v') of switch 00404F85 00405032 |. C3 RETN 00405033 |> 66:B8 2000 MOV AX,20 ; Case 77 ('w') of switch 00404F85 00405037 |. C3 RETN 00405038 |> 66:B8 2100 MOV AX,21 ; Case 78 ('x') of switch 00404F85 0040503C |. C3 RETN 0040503D |> 66:B8 2200 MOV AX,22 ; Case 79 ('y') of switch 00404F85 00405041 |. C3 RETN 00405042 |> 66:B8 2300 MOV AX,23 ; Case 7A ('z') of switch 00404F85 00405046 |. C3 RETN 00405047 |> 66:B8 2400 MOV AX,24 ; Case 41 ('A') of switch 00404F85 0040504B |. C3 RETN 0040504C |> 66:B8 2500 MOV AX,25 ; Case 42 ('B') of switch 00404F85 00405050 |. C3 RETN 00405051 |> 66:B8 2600 MOV AX,26 ; Case 43 ('C') of switch 00404F85 00405055 |. C3 RETN 00405056 |> 66:B8 2700 MOV AX,27 ; Case 44 ('D') of switch 00404F85 0040505A |. C3 RETN 0040505B |> 66:B8 2800 MOV AX,28 ; Case 45 ('E') of switch 00404F85 0040505F |. C3 RETN 00405060 |> 66:B8 2900 MOV AX,29 ; Case 46 ('F') of switch 00404F85 00405064 |. C3 RETN 00405065 |> 66:B8 2A00 MOV AX,2A ; Case 47 ('G') of switch 00404F85 00405069 |. C3 RETN 0040506A |> 66:B8 2B00 MOV AX,2B ; Case 48 ('H') of switch 00404F85 0040506E |. C3 RETN 0040506F |> 66:B8 2C00 MOV AX,2C ; Case 49 ('I') of switch 00404F85 00405073 |. C3 RETN 00405074 |> 66:B8 2D00 MOV AX,2D ; Case 4A ('J') of switch 00404F85 00405078 |. C3 RETN 00405079 |> 66:B8 2E00 MOV AX,2E ; Case 4B ('K') of switch 00404F85 0040507D |. C3 RETN 0040507E |> 66:B8 2F00 MOV AX,2F ; Case 4C ('L') of switch 00404F85 00405082 |. C3 RETN 00405083 |> 66:B8 3000 MOV AX,30 ; Case 4D ('M') of switch 00404F85 00405087 |. C3 RETN 00405088 |> 66:B8 3100 MOV AX,31 ; Case 4E ('N') of switch 00404F85 0040508C |. C3 RETN 0040508D |> 66:B8 3200 MOV AX,32 ; Case 4F ('O') of switch 00404F85 00405091 |. C3 RETN 00405092 |> 66:B8 3300 MOV AX,33 ; Case 50 ('P') of switch 00404F85 00405096 |. C3 RETN 00405097 |> 66:B8 3400 MOV AX,34 ; Case 51 ('Q') of switch 00404F85 0040509B |. C3 RETN 0040509C |> 66:B8 3500 MOV AX,35 ; Case 52 ('R') of switch 00404F85 004050A0 |. C3 RETN 004050A1 |> 66:B8 3600 MOV AX,36 ; Case 53 ('S') of switch 00404F85 004050A5 |. C3 RETN 004050A6 |> 66:B8 3700 MOV AX,37 ; Case 54 ('T') of switch 00404F85 004050AA |. C3 RETN 004050AB |> 66:B8 3800 MOV AX,38 ; Case 55 ('U') of switch 00404F85 004050AF |. C3 RETN 004050B0 |> 66:B8 3900 MOV AX,39 ; Case 56 ('V') of switch 00404F85 004050B4 |. C3 RETN 004050B5 |> 66:B8 3A00 MOV AX,3A ; Case 57 ('W') of switch 00404F85 004050B9 |. C3 RETN 004050BA |> 66:B8 3B00 MOV AX,3B ; Case 58 ('X') of switch 00404F85 004050BE |. C3 RETN 004050BF |> 66:B8 3C00 MOV AX,3C ; Case 59 ('Y') of switch 00404F85 004050C3 |. C3 RETN 004050C4 |> 66:B8 3D00 MOV AX,3D ; Case 5A ('Z') of switch 00404F85 004050C8 |. C3 RETN 004050C9 |> 66:33C0 XOR AX,AX ; Default case of switch 00404F85 004050CC \. C3 RETN
上段提到的代码中,我成功追出了软件的密码, 十二位的密码(格式为 Jzs-vvi-1lk-Fid-×××)最后三个×××可以随便输入 即打开成功。 然而软件的真实密码我有 应为(3u8A-5DKU1-JDAf-3vvE15-KlsHW2)这样的格式 但是我所追到的十五位的密码 一样能正确打开这个软件, 得到的软件画面与真的密码得到的画面相同,但是里面的数据却不相同
我主要是想请问各位大侠:
1. 要想追到这个软件的真正密码 断点应该下在哪? 2. 为什么软件会有两个密码?(此两个密码与某些软件的普通版/VIP版的两个注册码不同) 3. 我的断点为什么下的不对?
小弟很菜,敬请各位老师指教! 谢谢
|