想做个外挂,于是到网上找到了着个。于是想破解看看,但始终找不到注册码
00490E26 8BC0 mov eax,eax
00490E28 55 push ebp
00490E29 8BEC mov ebp,esp
00490E2B 6A 00 push 0
00490E2D 53 push ebx
00490E2E 8BD8 mov ebx,eax
00490E30 33C0 xor eax,eax
00490E32 55 push ebp
00490E33 68 9A0E4900 push 外挂教程.00490E9A
00490E38 64:FF30 push dword ptr fs:[eax]
00490E3B 64:8920 mov dword ptr fs:[eax],esp
00490E3E 8D55 FC lea edx,dword ptr ss:[ebp-4]
00490E41 8B83 08030000 mov eax,dword ptr ds:[ebx+308]
00490E47 E8 3CC8FAFF call 外挂教程.0043D688
00490E4C 8B45 FC mov eax,dword ptr ss:[ebp-4]
00490E4F BA B00E4900 mov edx,外挂教程.00490EB0 ; 5dai.com
00490E54 E8 EF34F7FF call 外挂教程.00404348
00490E59 75 10 jnz short 外挂教程.00490E6B ; (初始化 cpu 选择状态)
00490E5B C605 789D4A00 0>mov byte ptr ds:[4A9D78],1
00490E62 8BC3 mov eax,ebx
00490E64 E8 B38BFCFF call 外挂教程.00459A1C
00490E69 EB 19 jmp short 外挂教程.00490E84
00490E6B 6A 00 push 0
00490E6D 68 BC0E4900 push 外挂教程.00490EBC ; 提示
00490E72 68 C40E4900 push 外挂教程.00490EC4 ; 您输入的密码不正确,请重新输入密码!
00490E77 8BC3 mov eax,ebx
00490E79 E8 2A30FBFF call 外挂教程.00443EA8
00490E7E 50 push eax
00490E7F E8 5C5DF7FF call <jmp.&user32.MessageBoxA>
00490E84 33C0 xor eax,eax
00490E86 5A pop edx
00490E87 59 pop ecx
00490E88 59 pop ecx
00490E89 64:8910 mov dword ptr fs:[eax],edx
00490E8C 68 A10E4900 push 外挂教程.00490EA1
00490E91 8D45 FC lea eax,dword ptr ss:[ebp-4]
00490E94 E8 A330F7FF call 外挂教程.00403F3C
00490E99 C3 retn
----------------------------------------------------------------
下面是从00490E47按F7跳到的地址
----------------------------------------------------------------
0043D688 53 push ebx
0043D689 56 push esi
0043D68A 57 push edi
0043D68B 8BFA mov edi,edx
0043D68D 8BF0 mov esi,eax
0043D68F 8BC6 mov eax,esi
0043D691 E8 66FFFFFF call 外挂教程.0043D5FC
0043D696 8BD8 mov ebx,eax
0043D698 8BC7 mov eax,edi
0043D69A 8BCB mov ecx,ebx
0043D69C 33D2 xor edx,edx
0043D69E E8 8969FCFF call 外挂教程.0040402C
0043D6A3 85DB test ebx,ebx
0043D6A5 74 0C je short 外挂教程.0043D6B3
0043D6A7 8D4B 01 lea ecx,dword ptr ds:[ebx+1]
0043D6AA 8B17 mov edx,dword ptr ds:[edi]
0043D6AC 8BC6 mov eax,esi
0043D6AE E8 59FFFFFF call 外挂教程.0043D60C
0043D6B3 5F pop edi
0043D6B4 5E pop esi
0043D6B5 5B pop ebx
0043D6B6 C3 retn 着里跳回到00490E4C
----------------------------------------------------------------
下面是从00490E54按F7跳到的地址
----------------------------------------------------------------
00404346 8BC0 mov eax,eax
00404348 53 push ebx
00404349 56 push esi
0040434A 57 push edi
0040434B 89C6 mov esi,eax
0040434D 89D7 mov edi,edx
0040434F 39D0 cmp eax,edx
00404351 0F84 8F000000 je 外挂教程.004043E6
00404357 85F6 test esi,esi
00404359 74 68 je short 外挂教程.004043C3
0040435B 85FF test edi,edi
0040435D 74 6B je short 外挂教程.004043CA
0040435F 8B46 FC mov eax,dword ptr ds:[esi-4]
00404362 8B57 FC mov edx,dword ptr ds:[edi-4]
00404365 29D0 sub eax,edx
00404367 77 02 ja short 外挂教程.0040436B
00404369 01C2 add edx,eax
0040436B 52 push edx
0040436C C1EA 02 shr edx,2
0040436F 74 26 je short 外挂教程.00404397
00404371 8B0E mov ecx,dword ptr ds:[esi]
00404373 8B1F mov ebx,dword ptr ds:[edi]
00404375 39D9 cmp ecx,ebx
00404377 75 58 jnz short 外挂教程.004043D1
00404379 4A dec edx
0040437A 74 15 je short 外挂教程.00404391
0040437C 8B4E 04 mov ecx,dword ptr ds:[esi+4]
0040437F 8B5F 04 mov ebx,dword ptr ds:[edi+4]
00404382 39D9 cmp ecx,ebx
00404384 75 4B jnz short 外挂教程.004043D1
00404386 83C6 08 add esi,8
00404389 83C7 08 add edi,8
0040438C 4A dec edx
0040438D ^ 75 E2 jnz short 外挂教程.00404371
0040438F EB 06 jmp short 外挂教程.00404397
00404391 83C6 04 add esi,4
00404394 83C7 04 add edi,4
00404397 5A pop edx
00404398 83E2 03 and edx,3
0040439B 74 22 je short 外挂教程.004043BF
0040439D 8B0E mov ecx,dword ptr ds:[esi]
0040439F 8B1F mov ebx,dword ptr ds:[edi]
004043A1 38D9 cmp cl,bl
004043A3 75 41 jnz short 外挂教程.004043E6
004043A5 4A dec edx
004043A6 74 17 je short 外挂教程.004043BF
004043A8 38FD cmp ch,bh
004043AA 75 3A jnz short 外挂教程.004043E6
004043AC 4A dec edx
004043AD 74 10 je short 外挂教程.004043BF
004043AF 81E3 0000FF00 and ebx,0FF0000
004043B5 81E1 0000FF00 and ecx,0FF0000
004043BB 39D9 cmp ecx,ebx
004043BD 75 27 jnz short 外挂教程.004043E6
004043BF 01C0 add eax,eax
004043C1 EB 23 jmp short 外挂教程.004043E6
004043C3 8B57 FC mov edx,dword ptr ds:[edi-4]
004043C6 29D0 sub eax,edx
004043C8 EB 1C jmp short 外挂教程.004043E6
004043CA 8B46 FC mov eax,dword ptr ds:[esi-4]
004043CD 29D0 sub eax,edx
004043CF EB 15 jmp short 外挂教程.004043E6
004043D1 5A pop edx
004043D2 38D9 cmp cl,bl
004043D4 75 10 jnz short 外挂教程.004043E6
004043D6 38FD cmp ch,bh
004043D8 75 0C jnz short 外挂教程.004043E6
004043DA C1E9 10 shr ecx,10
004043DD C1EB 10 shr ebx,10
004043E0 38D9 cmp cl,bl
004043E2 75 02 jnz short 外挂教程.004043E6
004043E4 38FD cmp ch,bh
004043E6 5F pop edi
004043E7 5E pop esi
004043E8 5B pop ebx
004043E9 C3 retn 着里跳回到00490E59
有谁知道在那下断可以找到注册码
爆破是不行的,里面有限制。我是新手上面可能不太全,你可以下原文件。
http://sell.5dai.com/down/5dai/wg99.rar
破解好了把怎么破解发上来,谢谢了
[课程]FART 脱壳王!加量不加价!FART作者讲授!