【破解工具】OD、PEiD
【破解平台】Win2003
【软件大小】1190KB
【保护方式】SN
【破解声明】俺是只小小鸟,纯为学习,愿与大家分享!
【破解过程】1、PEiD侦之“Nothing found”,什么都没找到,没关系,由安装时把Microsoft Visual C++ 2005 Redistributable安装了判断,应是Visual C++;
2、运行程序,来到注册界面,试着注册,有提示“注册失败”,属直接比较型;
3、OD载入,用其插件找相关字符串(上面已说了的),在这里005290C3下断,就来到了...
OD载入,找相关字串后(下断点),F9运行,断在这里
------------------------------------------------------------------------
00529020 . 6A FF push -1
00529022 . 68 FDAD5500 push 0055ADFD
00529027 . 64:A1 0000000>mov eax, dword ptr fs:[0]
0052902D . 50 push eax
0052902E . 83EC 10 sub esp, 10
00529031 . 53 push ebx
00529032 . 55 push ebp
00529033 . 56 push esi
00529034 . 57 push edi
00529035 . A1 9CF65B00 mov eax, dword ptr [5BF69C]
0052903A . 33C4 xor eax, esp
0052903C . 50 push eax
0052903D . 8D4424 24 lea eax, dword ptr [esp+24]
00529041 . 64:A3 0000000>mov dword ptr fs:[0], eax
00529047 . 8BF1 mov esi, ecx
00529049 . 8B1D 10C15500 mov ebx, dword ptr [<&Common.CMyEdit>; Common.CMyEdit::GetText
0052904F . 8D4424 14 lea eax, dword ptr [esp+14]
00529053 . 8DBE EC000000 lea edi, dword ptr [esi+EC]
00529059 . 50 push eax
0052905A . 8BCF mov ecx, edi
0052905C . FFD3 call ebx ; <&Common.CMyEdit::GetText>
0052905E . 8D4C24 14 lea ecx, dword ptr [esp+14]
00529062 . C74424 2C 000>mov dword ptr [esp+2C], 0
0052906A . FF15 00CB5500 call dword ptr [<&MFC80.#3934>] ; MFC80.781F3AEE
00529070 . 84C0 test al, al
00529072 . 74 1F je short 00529093
00529074 . 6A 40 push 40
00529076 . 68 4C015900 push 0059014C ; 软件注册
0052907B . 68 EC015900 push 005901EC ; 请输入注册码!\n或联络软件生产商及当地经销商!
00529080 . 8BCE mov ecx, esi
00529082 . E8 E1340000 call <jmp.&MFC80.#4104>
00529087 . 8BCF mov ecx, edi
00529089 . E8 D4340000 call <jmp.&MFC80.#5833>
0052908E . E9 0E010000 jmp 005291A1
00529093 > 8D4C24 1C lea ecx, dword ptr [esp+1C]
00529097 . 51 push ecx
00529098 . 8D8E 94000000 lea ecx, dword ptr [esi+94]
0052909E . FFD3 call ebx
005290A0 . 8BF8 mov edi, eax
005290A2 . 51 push ecx
005290A3 . 8D5424 18 lea edx, dword ptr [esp+18]
005290A7 . 8BCC mov ecx, esp
005290A9 . 896424 24 mov dword ptr [esp+24], esp
005290AD . 52 push edx
005290AE . C64424 34 01 mov byte ptr [esp+34], 1
005290B3 . FF15 44CA5500 call dword ptr [<&MFC80.#297>] ; MFC80.781F3E63
005290B9 . 8D4424 1C lea eax, dword ptr [esp+1C]
005290BD . 50 push eax
005290BE . E8 5D46F0FF call 0042D720
005290C3 . 83C4 08 add esp, 8 ;下断
005290C6 . 8BE8 mov ebp, eax
005290C8 . 8BCF mov ecx, edi
005290CA . C64424 2C 02 mov byte ptr [esp+2C], 2
005290CF . FF15 74CB5500 call dword ptr [<&MFC80.#876>] ; MFC80.781F3AEB
005290D5 . 50 push eax
005290D6 . 8BCD mov ecx, ebp
005290D8 . FF15 5CCB5500 call dword ptr [<&MFC80.#1482>] ; MFC80.781F4389
005290DE . 85C0 test eax, eax
005290E0 . 8D4C24 18 lea ecx, dword ptr [esp+18]
005290E4 . 0F94C3 sete bl
005290E7 . FF15 80CB5500 call dword ptr [<&MFC80.#578>] ; MFC80.781F4236
005290ED . 8D4C24 1C lea ecx, dword ptr [esp+1C]
005290F1 . C64424 2C 00 mov byte ptr [esp+2C], 0
005290F6 . FF15 80CB5500 call dword ptr [<&MFC80.#578>] ; MFC80.781F4236
005290FC . 84DB test bl, bl
005290FE . 74 6F je short 0052916F
00529100 . 6A 40 push 40
00529102 . 68 4C015900 push 0059014C ; 软件注册
00529107 . 68 E0015900 push 005901E0 ; 注册成功!
寄存器
EAX 0012F034
ECX BF281CC3
EDX 00000001
EBX 10010430 Common.CMyEdit::GetText
ESP 0012F014
EBP 0012F054
ESI 0012F858
EDI 0012F038
EIP 005290C3 softname.005290C3
C 0 ES 0023 32位 0(FFFFFFFF)
P 0 CS 001B 32位 0(FFFFFFFF)
A 1 SS 0023 32位 0(FFFFFFFF)
Z 0 DS 0023 32位 0(FFFFFFFF)
S 0 FS 003B 32位 7FFDF000(FFF)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_SUCCESS (00000000)
EFL 00000212 (NO,NB,NE,A,NS,PO,GE,G)
ST0 empty -UNORM DEDF 02E90000 4000027F
ST1 empty +UNORM 1F80 0012F7A0 0012F75C
ST2 empty 4.7222742473546257260e-465
ST3 empty 1.9903532356979345780e-2474
ST4 empty -7.2914446655413694420e-4794
ST5 empty -2.2909248821331832690e-3422
ST6 empty +UNORM 18D9 00000202 00050006
ST7 empty +UNORM 02FD 0000013F 00000002
3 2 1 0 E S P U O Z D I
FST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ)
FCW 027F Prec NEAR,53 掩码 1 1 1 1 1 1
内存
0012F014 0012F034
0012F018 008A9700 ASCII "88" ;假注册码
0012F01C BF3AECE3
0012F020 0012F858
0012F024 00000000
0012F028 0012F054
0012F02C 00000001
0012F030 008A9700 ASCII "88" ;;假注册码
0012F034 008A76C0 ASCII "23219"
0012F038 02C9C2B8 ASCII "19316267703833363569" ;机器码
0012F03C 0012F018
0012F040 0012F184 指向下一个 SEH 记录的指针
0012F044 0055ADFD SE处理程序
0012F048 00000001
0012F04C 7822AF0A 返回到 MFC80.7822AF0A
注册码中断地址在哪?
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!