-
-
[旧帖] [求助]考验高手的时间到了,是高手的进来看看 0.00雪花
-
发表于: 2008-6-19 21:15
-
我是刚看到破解程序的,本人对程序不懂,就只有一腔热情,跟这教材走了几天,刚想牛刀小试就翻了船(
郁闷啊),这个软件知道是检测 硬盘和主板来产生注册码的,已经找到了注册错误时的提示“Invalid license key !!!”可就怎么也找不到高手经常说的关键跳和关键CALL!!!
贴的前后都省略了,红色部分是出错提示
005EA909 CC int3
005EA90A CC int3
005EA90B CC int3
005EA90C CC int3
005EA90D CC int3
005EA90E CC int3
005EA90F CC int3
005EA910 >/. 55 push ebp
005EA911 |. 8BEC mov ebp, esp
005EA913 |. 6A FF push -1
005EA915 |. 68 5CB36C00 push 006CB35C ; SE handler installation
005EA91A |. 64:A1 0000000>mov eax, dword ptr fs:[0]
005EA920 |. 50 push eax
005EA921 |. 64:8925 00000>mov dword ptr fs:[0], esp
005EA928 |. 81EC B0010000 sub esp, 1B0
005EA92E |. 53 push ebx
005EA92F |. 56 push esi
005EA930 |. 57 push edi
005EA931 |. 894D F0 mov dword ptr [ebp-10], ecx
005EA934 |. 833D 247D7800>cmp dword ptr [AnnotFlagMRMIPImage::>
005EA93B |. 75 05 jnz short 005EA942
005EA93D |. E9 F3070000 jmp 005EB135
005EA942 |> 6A 00 push 0
005EA944 |. 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
005EA94A |. E8 415EF2FF call CLicenseSetupDlg::CLicenseSetupD>
005EA94F |. C745 FC 00000>mov dword ptr [ebp-4], 0
005EA956 |. 8D85 68FFFFFF lea eax, dword ptr [ebp-98]
005EA95C |. 50 push eax
005EA95D |. 8B0D 247D7800 mov ecx, dword ptr [AnnotFlagMRMIPIm>
005EA963 |. FF15 98206D00 call dword ptr [<&AILicenseLibD.CAILi>; AILicens.CAILicense::GetSetupDate
005EA969 |. 8D8D 58FFFFFF lea ecx, dword ptr [ebp-A8]
005EA96F |. 51 push ecx
005EA970 |. 8B0D 247D7800 mov ecx, dword ptr [AnnotFlagMRMIPIm>
005EA976 |. FF15 7C206D00 call dword ptr [<&AILicenseLibD.CAILi>; AILicens.CAILicense::GetLastRunDate
005EA97C |. 8D95 48FFFFFF lea edx, dword ptr [ebp-B8]
005EA982 |. 52 push edx
005EA983 |. 8B0D 247D7800 mov ecx, dword ptr [AnnotFlagMRMIPIm>
005EA989 |. FF15 74206D00 call dword ptr [<&AILicenseLibD.CAILi>; AILicens.CAILicense::GetExpireDate
005EA98F |. 8B85 74FFFFFF mov eax, dword ptr [ebp-8C]
005EA995 |. 25 FFFF0000 and eax, 0FFFF
005EA99A |. 50 push eax
005EA99B |. 8B8D 72FFFFFF mov ecx, dword ptr [ebp-8E]
005EA9A1 |. 81E1 FFFF0000 and ecx, 0FFFF
005EA9A7 |. 51 push ecx
005EA9A8 |. 8B95 70FFFFFF mov edx, dword ptr [ebp-90]
005EA9AE |. 81E2 FFFF0000 and edx, 0FFFF
005EA9B4 |. 52 push edx
005EA9B5 |. 8B85 6EFFFFFF mov eax, dword ptr [ebp-92]
005EA9BB |. 25 FFFF0000 and eax, 0FFFF
005EA9C0 |. 50 push eax
005EA9C1 |. 8B8D 6AFFFFFF mov ecx, dword ptr [ebp-96]
005EA9C7 |. 81E1 FFFF0000 and ecx, 0FFFF
005EA9CD |. 51 push ecx
005EA9CE |. 8B95 68FFFFFF mov edx, dword ptr [ebp-98]
005EA9D4 |. 81E2 FFFF0000 and edx, 0FFFF
005EA9DA |. 52 push edx
005EA9DB |. 68 04696F00 push 006F6904 ; ASCII "%d-%d-%d %d:%d:%d"
005EA9E0 |. 8D45 DC lea eax, dword ptr [ebp-24]
005EA9E3 |. 50 push eax
005EA9E4 |. E8 A1060C00 call this ; jmp to MFC42D.#2168
005EA9E9 |. 83C4 20 add esp, 20
005EA9EC |. 8B8D 48FFFFFF mov ecx, dword ptr [ebp-B8]
005EA9F2 |. 81E1 FFFF0000 and ecx, 0FFFF
005EA9F8 |. 81F9 FFFF0000 cmp ecx, 0FFFF
005EA9FE |. 75 0F jnz short 005EAA0F
005EAA00 |. 68 F8686F00 push 006F68F8 ; ASCII "PERMANENT"
005EAA05 |. 8D4D E0 lea ecx, dword ptr [ebp-20]
005EAA08 |. E8 05060C00 call Name ; jmp to MFC42D.#736
005EAA0D |. EB 5D jmp short 005EAA6C
005EAA0F |> 8B95 54FFFFFF mov edx, dword ptr [ebp-AC]
005EAA15 |. 81E2 FFFF0000 and edx, 0FFFF
005EAA1B |. 52 push edx
005EAA1C |. 8B85 52FFFFFF mov eax, dword ptr [ebp-AE]
005EAA22 |. 25 FFFF0000 and eax, 0FFFF
005EAA27 |. 50 push eax
005EAA28 |. 8B8D 50FFFFFF mov ecx, dword ptr [ebp-B0]
005EAA2E |. 81E1 FFFF0000 and ecx, 0FFFF
005EAA34 |. 51 push ecx
005EAA35 |. 8B95 4EFFFFFF mov edx, dword ptr [ebp-B2]
005EAA3B |. 81E2 FFFF0000 and edx, 0FFFF
005EAA41 |. 52 push edx
005EAA42 |. 8B85 4AFFFFFF mov eax, dword ptr [ebp-B6]
005EAA48 |. 25 FFFF0000 and eax, 0FFFF
005EAA4D |. 50 push eax
005EAA4E |. 8B8D 48FFFFFF mov ecx, dword ptr [ebp-B8]
005EAA54 |. 81E1 FFFF0000 and ecx, 0FFFF
005EAA5A |. 51 push ecx
005EAA5B |. 68 04696F00 push 006F6904 ; ASCII "%d-%d-%d %d:%d:%d"
005EAA60 |. 8D55 E0 lea edx, dword ptr [ebp-20]
005EAA63 |. 52 push edx
005EAA64 |. E8 21060C00 call this ; jmp to MFC42D.#2168
005EAA69 |. 83C4 20 add esp, 20
005EAA6C |> 8B85 64FFFFFF mov eax, dword ptr [ebp-9C]
005EAA72 |. 25 FFFF0000 and eax, 0FFFF
005EAA77 |. 50 push eax
005EAA78 |. 8B8D 62FFFFFF mov ecx, dword ptr [ebp-9E]
005EAA7E |. 81E1 FFFF0000 and ecx, 0FFFF
005EAA84 |. 51 push ecx
005EAA85 |. 8B95 60FFFFFF mov edx, dword ptr [ebp-A0]
005EAA8B |. 81E2 FFFF0000 and edx, 0FFFF
005EAA91 |. 52 push edx
005EAA92 |. 8B85 5EFFFFFF mov eax, dword ptr [ebp-A2]
005EAA98 |. 25 FFFF0000 and eax, 0FFFF
005EAA9D |. 50 push eax
005EAA9E |. 8B8D 5AFFFFFF mov ecx, dword ptr [ebp-A6]
005EAAA4 |. 81E1 FFFF0000 and ecx, 0FFFF
005EAAAA |. 51 push ecx
005EAAAB |. 8B95 58FFFFFF mov edx, dword ptr [ebp-A8]
005EAAB1 |. 81E2 FFFF0000 and edx, 0FFFF
005EAAB7 |. 52 push edx
005EAAB8 |. 68 04696F00 push 006F6904 ; ASCII "%d-%d-%d %d:%d:%d"
005EAABD |. 8D45 E4 lea eax, dword ptr [ebp-1C]
005EAAC0 |. 50 push eax
005EAAC1 |. E8 C4050C00 call this ; jmp to MFC42D.#2168
005EAAC6 |. 83C4 20 add esp, 20
005EAAC9 |. 8D8D 28FFFFFF lea ecx, dword ptr [ebp-D8]
005EAACF |. 51 push ecx
005EAAD0 |. FF15 78206D00 call dword ptr [<&AILicenseLibD.GetFi>; AILicens.GetFirstMACaddress
005EAAD6 |. 83C4 04 add esp, 4
005EAAD9 |. 8985 CCFEFFFF mov dword ptr [ebp-134], eax
005EAADF |. 8B95 CCFEFFFF mov edx, dword ptr [ebp-134]
005EAAE5 |. 8995 C8FEFFFF mov dword ptr [ebp-138], edx
005EAAEB |. C645 FC 01 mov byte ptr [ebp-4], 1
005EAAEF |. 8B85 C8FEFFFF mov eax, dword ptr [ebp-138]
005EAAF5 |. 50 push eax
005EAAF6 |. 8D4D E8 lea ecx, dword ptr [ebp-18]
005EAAF9 |. E8 0E050C00 call el ; jmp to MFC42D.#734
005EAAFE |. C645 FC 00 mov byte ptr [ebp-4], 0
005EAB02 |. 8D8D 28FFFFFF lea ecx, dword ptr [ebp-D8]
005EAB08 |. E8 F9040C00 call Sub ; jmp to MFC42D.#684
005EAB0D |. 6A 00 push 0
005EAB0F |. 8D8D 24FFFFFF lea ecx, dword ptr [ebp-DC]
005EAB15 |. 51 push ecx
005EAB16 |. FF15 80206D00 call dword ptr [<&AILicenseLibD.GetPh>; AILicens.GetPhysicalDriveSerialNumber
005EAB1C |. 83C4 08 add esp, 8
005EAB1F |. 8985 C4FEFFFF mov dword ptr [ebp-13C], eax
005EAB25 |. 8B95 C4FEFFFF mov edx, dword ptr [ebp-13C]
005EAB2B |. 8995 C0FEFFFF mov dword ptr [ebp-140], edx
005EAB31 |. C645 FC 02 mov byte ptr [ebp-4], 2
005EAB35 |. 8B85 C0FEFFFF mov eax, dword ptr [ebp-140]
005EAB3B |. 50 push eax
005EAB3C |. 8D4D EC lea ecx, dword ptr [ebp-14]
005EAB3F |. E8 C8040C00 call el ; jmp to MFC42D.#734
005EAB44 |. C645 FC 00 mov byte ptr [ebp-4], 0
005EAB48 |. 8D8D 24FFFFFF lea ecx, dword ptr [ebp-DC]
005EAB4E |. E8 B3040C00 call Sub ; jmp to MFC42D.#684
005EAB53 |. 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
005EAB59 |. E8 8C050C00 call eCommit ; jmp to MFC42D.#1862
005EAB5E |. 83F8 02 cmp eax, 2
005EAB61 |. 75 17 jnz short 005EAB7A
005EAB63 |. C745 FC FFFFF>mov dword ptr [ebp-4], -1
005EAB6A |. 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
005EAB70 |. E8 7B5DF2FF call CLicenseSetupDlg::~CLicenseSetup>
005EAB75 |. E9 BB050000 jmp 005EB135
005EAB7A |> 8D4D D8 lea ecx, dword ptr [ebp-28]
005EAB7D |. 51 push ecx
005EAB7E |. 8D8D 44FFFFFF lea ecx, dword ptr [ebp-BC]
005EAB84 |. E8 0D050C00 call m ; jmp to MFC42D.#485
005EAB89 |. C645 FC 03 mov byte ptr [ebp-4], 3
005EAB8D |. 6A 04 push 4
005EAB8F |. 8D95 40FFFFFF lea edx, dword ptr [ebp-C0]
005EAB95 |. 52 push edx
005EAB96 |. 8D4D E8 lea ecx, dword ptr [ebp-18]
005EAB99 |. E8 E0040C00 call his ; jmp to MFC42D.#4405
005EAB9E |. C645 FC 04 mov byte ptr [ebp-4], 4
005EABA2 |. 68 E4686F00 push 006F68E4 ; ASCII "p((!)!#pai#*#&!@*"
005EABA7 |. 8D85 40FFFFFF lea eax, dword ptr [ebp-C0]
005EABAD |. 50 push eax
005EABAE |. 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
005EABB4 |. 51 push ecx
005EABB5 |. E8 D4060C00 call is ; jmp to MFC42D.#901
005EABBA |. 8985 BCFEFFFF mov dword ptr [ebp-144], eax
005EABC0 |. 8B95 BCFEFFFF mov edx, dword ptr [ebp-144]
005EABC6 |. 8995 B8FEFFFF mov dword ptr [ebp-148], edx
005EABCC |. C645 FC 05 mov byte ptr [ebp-4], 5
005EABD0 |. 8B85 B8FEFFFF mov eax, dword ptr [ebp-148]
005EABD6 |. 50 push eax
005EABD7 |. 8D8D 44FFFFFF lea ecx, dword ptr [ebp-BC]
005EABDD |. 51 push ecx
005EABDE |. E8 B90A0C00 call 006AB69C ; jmp to MFC42D.#812
005EABE3 |. 8885 20FFFFFF mov byte ptr [ebp-E0], al
005EABE9 |. C645 FC 04 mov byte ptr [ebp-4], 4
005EABED |. 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
005EABF3 |. E8 0E040C00 call Sub ; jmp to MFC42D.#684
005EABF8 |. 8B95 20FFFFFF mov edx, dword ptr [ebp-E0]
005EABFE |. 81E2 FF000000 and edx, 0FF
005EAC04 |. 85D2 test edx, edx
005EAC06 |. 0F84 6A010000 je 005EAD76
005EAC0C |. 8D85 3CFFFFFF lea eax, dword ptr [ebp-C4]
005EAC12 |. 50 push eax
005EAC13 |. E8 5E120C00 call taPerPixelWidth ; jmp to MFC42D.#3110
005EAC18 |. 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8]
005EAC1E |. E8 F5030C00 call lt ; jmp to MFC42D.#492
005EAC23 |. C645 FC 06 mov byte ptr [ebp-4], 6
005EAC27 |. 8D8D 3CFFFFFF lea ecx, dword ptr [ebp-C4]
005EAC2D |. E8 72140C00 call D ; jmp to MFC42D.#2406
005EAC32 |. 50 push eax
005EAC33 |. 8D8D 3CFFFFFF lea ecx, dword ptr [ebp-C4]
005EAC39 |. E8 60140C00 call mode ; jmp to MFC42D.#2725
005EAC3E |. 50 push eax
005EAC3F |. 8D8D 3CFFFFFF lea ecx, dword ptr [ebp-C4]
005EAC45 |. E8 60140C00 call this ; jmp to MFC42D.#3177
005EAC4A |. 50 push eax
005EAC4B |. 68 0C826D00 push 006D820C ; ASCII "%04d%02d%02d"
005EAC50 |. 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8]
005EAC56 |. 51 push ecx
005EAC57 |. E8 2E040C00 call this ; jmp to MFC42D.#2168
005EAC5C |. 83C4 14 add esp, 14
005EAC5F |. 51 push ecx
005EAC60 |. 8BCC mov ecx, esp
005EAC62 |. 89A5 18FFFFFF mov dword ptr [ebp-E8], esp
005EAC68 |. 8D55 EC lea edx, dword ptr [ebp-14]
005EAC6B |. 52 push edx
005EAC6C |. E8 25040C00 call m ; jmp to MFC42D.#485
005EAC71 |. 8985 B4FEFFFF mov dword ptr [ebp-14C], eax
005EAC77 |. 8B85 B4FEFFFF mov eax, dword ptr [ebp-14C]
005EAC7D |. 8985 B0FEFFFF mov dword ptr [ebp-150], eax
005EAC83 |. C645 FC 07 mov byte ptr [ebp-4], 7
005EAC87 |. 51 push ecx
005EAC88 |. 8BCC mov ecx, esp
005EAC8A |. 89A5 14FFFFFF mov dword ptr [ebp-EC], esp
005EAC90 |. 8D95 38FFFFFF lea edx, dword ptr [ebp-C8]
005EAC96 |. 52 push edx
005EAC97 |. E8 FA030C00 call m ; jmp to MFC42D.#485
005EAC9C |. 8985 ACFEFFFF mov dword ptr [ebp-154], eax
005EACA2 |. 8B85 ACFEFFFF mov eax, dword ptr [ebp-154]
005EACA8 |. 8985 A8FEFFFF mov dword ptr [ebp-158], eax
005EACAE |. C645 FC 08 mov byte ptr [ebp-4], 8
005EACB2 |. 51 push ecx
005EACB3 |. 8BCC mov ecx, esp
005EACB5 |. 89A5 10FFFFFF mov dword ptr [ebp-F0], esp
005EACBB |. 68 E0686F00 push 006F68E0 ; ASCII "999"
005EACC0 |. E8 3B030C00 call il ; jmp to MFC42D.#487
005EACC5 |. 8985 A4FEFFFF mov dword ptr [ebp-15C], eax
005EACCB |. 8B8D A4FEFFFF mov ecx, dword ptr [ebp-15C]
005EACD1 |. 898D A0FEFFFF mov dword ptr [ebp-160], ecx
005EACD7 |. C645 FC 09 mov byte ptr [ebp-4], 9
005EACDB |. 51 push ecx
005EACDC |. 8BCC mov ecx, esp
005EACDE |. 89A5 0CFFFFFF mov dword ptr [ebp-F4], esp
005EACE4 |. 68 04BC6D00 push 006DBC04
005EACE9 |. E8 12030C00 call il ; jmp to MFC42D.#487
005EACEE |. 8985 9CFEFFFF mov dword ptr [ebp-164], eax
005EACF4 |. 8B95 9CFEFFFF mov edx, dword ptr [ebp-164]
005EACFA |. 8995 98FEFFFF mov dword ptr [ebp-168], edx
005EAD00 |. C645 FC 0A mov byte ptr [ebp-4], 0A
005EAD04 |. 51 push ecx
005EAD05 |. 8BCC mov ecx, esp
005EAD07 |. 89A5 08FFFFFF mov dword ptr [ebp-F8], esp
005EAD0D |. 8D45 E8 lea eax, dword ptr [ebp-18]
005EAD10 |. 50 push eax
005EAD11 |. E8 80030C00 call m ; jmp to MFC42D.#485
005EAD16 |. 8985 94FEFFFF mov dword ptr [ebp-16C], eax
005EAD1C |. 8D8D 04FFFFFF lea ecx, dword ptr [ebp-FC]
005EAD22 |. 51 push ecx
005EAD23 |. C645 FC 06 mov byte ptr [ebp-4], 6
005EAD27 |. FF15 94206D00 call dword ptr [<&AILicenseLibD.CAILi>; AILicens.CAILicense::CreateUserKey
005EAD2D |. 83C4 18 add esp, 18
005EAD30 |. 8985 90FEFFFF mov dword ptr [ebp-170], eax
005EAD36 |. 8B95 90FEFFFF mov edx, dword ptr [ebp-170]
005EAD3C |. 8995 8CFEFFFF mov dword ptr [ebp-174], edx
005EAD42 |. C645 FC 0B mov byte ptr [ebp-4], 0B
005EAD46 |. 8B85 8CFEFFFF mov eax, dword ptr [ebp-174]
005EAD4C |. 50 push eax
005EAD4D |. 8D8D 44FFFFFF lea ecx, dword ptr [ebp-BC]
005EAD53 |. E8 B4020C00 call el ; jmp to MFC42D.#734
005EAD58 |. C645 FC 06 mov byte ptr [ebp-4], 6
005EAD5C |. 8D8D 04FFFFFF lea ecx, dword ptr [ebp-FC]
005EAD62 |. E8 9F020C00 call Sub ; jmp to MFC42D.#684
005EAD67 |. C645 FC 04 mov byte ptr [ebp-4], 4
005EAD6B |. 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8]
005EAD71 |. E8 90020C00 call Sub ; jmp to MFC42D.#684
005EAD76 |> 51 push ecx
005EAD77 |. 8BCC mov ecx, esp
005EAD79 |. 89A5 00FFFFFF mov dword ptr [ebp-100], esp
005EAD7F |. 8D95 44FFFFFF lea edx, dword ptr [ebp-BC]
005EAD85 |. 52 push edx
005EAD86 |. E8 0B030C00 call m ; jmp to MFC42D.#485
005EAD8B |. 8985 88FEFFFF mov dword ptr [ebp-178], eax
005EAD91 |. 8B0D 247D7800 mov ecx, dword ptr [AnnotFlagMRMIPIm>
005EAD97 |. FF15 84206D00 call dword ptr [<&AILicenseLibD.CAILi>; AILicens.CAILicense::RegisterUserKey
005EAD9D |. 8985 84FEFFFF mov dword ptr [ebp-17C], eax
005EADA3 |. 8B85 84FEFFFF mov eax, dword ptr [ebp-17C]
005EADA9 |. 8985 34FFFFFF mov dword ptr [ebp-CC], eax
005EADAF |. 83BD 34FFFFFF>cmp dword ptr [ebp-CC], 0
005EADB6 |. 74 43 je short 005EADFB
005EADB8 |. 6A 00 push 0
005EADBA |. 6A 00 push 0
005EADBC |. 68 C8686F00 push 006F68C8 ; invalid license key !!!005EADC1 |. E8 D6020C00 call s ; jmp to MFC42D.#1136
005EADC6 |. C645 FC 03 mov byte ptr [ebp-4], 3
005EADCA |. 8D8D 40FFFFFF lea ecx, dword ptr [ebp-C0]
005EADD0 |. E8 31020C00 call Sub ; jmp to MFC42D.#684
005EADD5 |. C645 FC 00 mov byte ptr [ebp-4], 0
005EADD9 |. 8D8D 44FFFFFF lea ecx, dword ptr [ebp-BC]
005EADDF |. E8 22020C00 call Sub ; jmp to MFC42D.#684
005EADE4 |. C745 FC FFFFF>mov dword ptr [ebp-4], -1
005EADEB |. 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
005EADF1 |. E8 FA5AF2FF call CLicenseSetupDlg::~CLicenseSetup>
005EADF6 |. E9 3A030000 jmp 005EB135
郁闷啊),这个软件知道是检测 硬盘和主板来产生注册码的,已经找到了注册错误时的提示“Invalid license key !!!”可就怎么也找不到高手经常说的关键跳和关键CALL!!!贴的前后都省略了,红色部分是出错提示
005EA909 CC int3
005EA90A CC int3
005EA90B CC int3
005EA90C CC int3
005EA90D CC int3
005EA90E CC int3
005EA90F CC int3
005EA910 >/. 55 push ebp
005EA911 |. 8BEC mov ebp, esp
005EA913 |. 6A FF push -1
005EA915 |. 68 5CB36C00 push 006CB35C ; SE handler installation
005EA91A |. 64:A1 0000000>mov eax, dword ptr fs:[0]
005EA920 |. 50 push eax
005EA921 |. 64:8925 00000>mov dword ptr fs:[0], esp
005EA928 |. 81EC B0010000 sub esp, 1B0
005EA92E |. 53 push ebx
005EA92F |. 56 push esi
005EA930 |. 57 push edi
005EA931 |. 894D F0 mov dword ptr [ebp-10], ecx
005EA934 |. 833D 247D7800>cmp dword ptr [AnnotFlagMRMIPImage::>
005EA93B |. 75 05 jnz short 005EA942
005EA93D |. E9 F3070000 jmp 005EB135
005EA942 |> 6A 00 push 0
005EA944 |. 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
005EA94A |. E8 415EF2FF call CLicenseSetupDlg::CLicenseSetupD>
005EA94F |. C745 FC 00000>mov dword ptr [ebp-4], 0
005EA956 |. 8D85 68FFFFFF lea eax, dword ptr [ebp-98]
005EA95C |. 50 push eax
005EA95D |. 8B0D 247D7800 mov ecx, dword ptr [AnnotFlagMRMIPIm>
005EA963 |. FF15 98206D00 call dword ptr [<&AILicenseLibD.CAILi>; AILicens.CAILicense::GetSetupDate
005EA969 |. 8D8D 58FFFFFF lea ecx, dword ptr [ebp-A8]
005EA96F |. 51 push ecx
005EA970 |. 8B0D 247D7800 mov ecx, dword ptr [AnnotFlagMRMIPIm>
005EA976 |. FF15 7C206D00 call dword ptr [<&AILicenseLibD.CAILi>; AILicens.CAILicense::GetLastRunDate
005EA97C |. 8D95 48FFFFFF lea edx, dword ptr [ebp-B8]
005EA982 |. 52 push edx
005EA983 |. 8B0D 247D7800 mov ecx, dword ptr [AnnotFlagMRMIPIm>
005EA989 |. FF15 74206D00 call dword ptr [<&AILicenseLibD.CAILi>; AILicens.CAILicense::GetExpireDate
005EA98F |. 8B85 74FFFFFF mov eax, dword ptr [ebp-8C]
005EA995 |. 25 FFFF0000 and eax, 0FFFF
005EA99A |. 50 push eax
005EA99B |. 8B8D 72FFFFFF mov ecx, dword ptr [ebp-8E]
005EA9A1 |. 81E1 FFFF0000 and ecx, 0FFFF
005EA9A7 |. 51 push ecx
005EA9A8 |. 8B95 70FFFFFF mov edx, dword ptr [ebp-90]
005EA9AE |. 81E2 FFFF0000 and edx, 0FFFF
005EA9B4 |. 52 push edx
005EA9B5 |. 8B85 6EFFFFFF mov eax, dword ptr [ebp-92]
005EA9BB |. 25 FFFF0000 and eax, 0FFFF
005EA9C0 |. 50 push eax
005EA9C1 |. 8B8D 6AFFFFFF mov ecx, dword ptr [ebp-96]
005EA9C7 |. 81E1 FFFF0000 and ecx, 0FFFF
005EA9CD |. 51 push ecx
005EA9CE |. 8B95 68FFFFFF mov edx, dword ptr [ebp-98]
005EA9D4 |. 81E2 FFFF0000 and edx, 0FFFF
005EA9DA |. 52 push edx
005EA9DB |. 68 04696F00 push 006F6904 ; ASCII "%d-%d-%d %d:%d:%d"
005EA9E0 |. 8D45 DC lea eax, dword ptr [ebp-24]
005EA9E3 |. 50 push eax
005EA9E4 |. E8 A1060C00 call this ; jmp to MFC42D.#2168
005EA9E9 |. 83C4 20 add esp, 20
005EA9EC |. 8B8D 48FFFFFF mov ecx, dword ptr [ebp-B8]
005EA9F2 |. 81E1 FFFF0000 and ecx, 0FFFF
005EA9F8 |. 81F9 FFFF0000 cmp ecx, 0FFFF
005EA9FE |. 75 0F jnz short 005EAA0F
005EAA00 |. 68 F8686F00 push 006F68F8 ; ASCII "PERMANENT"
005EAA05 |. 8D4D E0 lea ecx, dword ptr [ebp-20]
005EAA08 |. E8 05060C00 call Name ; jmp to MFC42D.#736
005EAA0D |. EB 5D jmp short 005EAA6C
005EAA0F |> 8B95 54FFFFFF mov edx, dword ptr [ebp-AC]
005EAA15 |. 81E2 FFFF0000 and edx, 0FFFF
005EAA1B |. 52 push edx
005EAA1C |. 8B85 52FFFFFF mov eax, dword ptr [ebp-AE]
005EAA22 |. 25 FFFF0000 and eax, 0FFFF
005EAA27 |. 50 push eax
005EAA28 |. 8B8D 50FFFFFF mov ecx, dword ptr [ebp-B0]
005EAA2E |. 81E1 FFFF0000 and ecx, 0FFFF
005EAA34 |. 51 push ecx
005EAA35 |. 8B95 4EFFFFFF mov edx, dword ptr [ebp-B2]
005EAA3B |. 81E2 FFFF0000 and edx, 0FFFF
005EAA41 |. 52 push edx
005EAA42 |. 8B85 4AFFFFFF mov eax, dword ptr [ebp-B6]
005EAA48 |. 25 FFFF0000 and eax, 0FFFF
005EAA4D |. 50 push eax
005EAA4E |. 8B8D 48FFFFFF mov ecx, dword ptr [ebp-B8]
005EAA54 |. 81E1 FFFF0000 and ecx, 0FFFF
005EAA5A |. 51 push ecx
005EAA5B |. 68 04696F00 push 006F6904 ; ASCII "%d-%d-%d %d:%d:%d"
005EAA60 |. 8D55 E0 lea edx, dword ptr [ebp-20]
005EAA63 |. 52 push edx
005EAA64 |. E8 21060C00 call this ; jmp to MFC42D.#2168
005EAA69 |. 83C4 20 add esp, 20
005EAA6C |> 8B85 64FFFFFF mov eax, dword ptr [ebp-9C]
005EAA72 |. 25 FFFF0000 and eax, 0FFFF
005EAA77 |. 50 push eax
005EAA78 |. 8B8D 62FFFFFF mov ecx, dword ptr [ebp-9E]
005EAA7E |. 81E1 FFFF0000 and ecx, 0FFFF
005EAA84 |. 51 push ecx
005EAA85 |. 8B95 60FFFFFF mov edx, dword ptr [ebp-A0]
005EAA8B |. 81E2 FFFF0000 and edx, 0FFFF
005EAA91 |. 52 push edx
005EAA92 |. 8B85 5EFFFFFF mov eax, dword ptr [ebp-A2]
005EAA98 |. 25 FFFF0000 and eax, 0FFFF
005EAA9D |. 50 push eax
005EAA9E |. 8B8D 5AFFFFFF mov ecx, dword ptr [ebp-A6]
005EAAA4 |. 81E1 FFFF0000 and ecx, 0FFFF
005EAAAA |. 51 push ecx
005EAAAB |. 8B95 58FFFFFF mov edx, dword ptr [ebp-A8]
005EAAB1 |. 81E2 FFFF0000 and edx, 0FFFF
005EAAB7 |. 52 push edx
005EAAB8 |. 68 04696F00 push 006F6904 ; ASCII "%d-%d-%d %d:%d:%d"
005EAABD |. 8D45 E4 lea eax, dword ptr [ebp-1C]
005EAAC0 |. 50 push eax
005EAAC1 |. E8 C4050C00 call this ; jmp to MFC42D.#2168
005EAAC6 |. 83C4 20 add esp, 20
005EAAC9 |. 8D8D 28FFFFFF lea ecx, dword ptr [ebp-D8]
005EAACF |. 51 push ecx
005EAAD0 |. FF15 78206D00 call dword ptr [<&AILicenseLibD.GetFi>; AILicens.GetFirstMACaddress
005EAAD6 |. 83C4 04 add esp, 4
005EAAD9 |. 8985 CCFEFFFF mov dword ptr [ebp-134], eax
005EAADF |. 8B95 CCFEFFFF mov edx, dword ptr [ebp-134]
005EAAE5 |. 8995 C8FEFFFF mov dword ptr [ebp-138], edx
005EAAEB |. C645 FC 01 mov byte ptr [ebp-4], 1
005EAAEF |. 8B85 C8FEFFFF mov eax, dword ptr [ebp-138]
005EAAF5 |. 50 push eax
005EAAF6 |. 8D4D E8 lea ecx, dword ptr [ebp-18]
005EAAF9 |. E8 0E050C00 call el ; jmp to MFC42D.#734
005EAAFE |. C645 FC 00 mov byte ptr [ebp-4], 0
005EAB02 |. 8D8D 28FFFFFF lea ecx, dword ptr [ebp-D8]
005EAB08 |. E8 F9040C00 call Sub ; jmp to MFC42D.#684
005EAB0D |. 6A 00 push 0
005EAB0F |. 8D8D 24FFFFFF lea ecx, dword ptr [ebp-DC]
005EAB15 |. 51 push ecx
005EAB16 |. FF15 80206D00 call dword ptr [<&AILicenseLibD.GetPh>; AILicens.GetPhysicalDriveSerialNumber
005EAB1C |. 83C4 08 add esp, 8
005EAB1F |. 8985 C4FEFFFF mov dword ptr [ebp-13C], eax
005EAB25 |. 8B95 C4FEFFFF mov edx, dword ptr [ebp-13C]
005EAB2B |. 8995 C0FEFFFF mov dword ptr [ebp-140], edx
005EAB31 |. C645 FC 02 mov byte ptr [ebp-4], 2
005EAB35 |. 8B85 C0FEFFFF mov eax, dword ptr [ebp-140]
005EAB3B |. 50 push eax
005EAB3C |. 8D4D EC lea ecx, dword ptr [ebp-14]
005EAB3F |. E8 C8040C00 call el ; jmp to MFC42D.#734
005EAB44 |. C645 FC 00 mov byte ptr [ebp-4], 0
005EAB48 |. 8D8D 24FFFFFF lea ecx, dword ptr [ebp-DC]
005EAB4E |. E8 B3040C00 call Sub ; jmp to MFC42D.#684
005EAB53 |. 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
005EAB59 |. E8 8C050C00 call eCommit ; jmp to MFC42D.#1862
005EAB5E |. 83F8 02 cmp eax, 2
005EAB61 |. 75 17 jnz short 005EAB7A
005EAB63 |. C745 FC FFFFF>mov dword ptr [ebp-4], -1
005EAB6A |. 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
005EAB70 |. E8 7B5DF2FF call CLicenseSetupDlg::~CLicenseSetup>
005EAB75 |. E9 BB050000 jmp 005EB135
005EAB7A |> 8D4D D8 lea ecx, dword ptr [ebp-28]
005EAB7D |. 51 push ecx
005EAB7E |. 8D8D 44FFFFFF lea ecx, dword ptr [ebp-BC]
005EAB84 |. E8 0D050C00 call m ; jmp to MFC42D.#485
005EAB89 |. C645 FC 03 mov byte ptr [ebp-4], 3
005EAB8D |. 6A 04 push 4
005EAB8F |. 8D95 40FFFFFF lea edx, dword ptr [ebp-C0]
005EAB95 |. 52 push edx
005EAB96 |. 8D4D E8 lea ecx, dword ptr [ebp-18]
005EAB99 |. E8 E0040C00 call his ; jmp to MFC42D.#4405
005EAB9E |. C645 FC 04 mov byte ptr [ebp-4], 4
005EABA2 |. 68 E4686F00 push 006F68E4 ; ASCII "p((!)!#pai#*#&!@*"
005EABA7 |. 8D85 40FFFFFF lea eax, dword ptr [ebp-C0]
005EABAD |. 50 push eax
005EABAE |. 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
005EABB4 |. 51 push ecx
005EABB5 |. E8 D4060C00 call is ; jmp to MFC42D.#901
005EABBA |. 8985 BCFEFFFF mov dword ptr [ebp-144], eax
005EABC0 |. 8B95 BCFEFFFF mov edx, dword ptr [ebp-144]
005EABC6 |. 8995 B8FEFFFF mov dword ptr [ebp-148], edx
005EABCC |. C645 FC 05 mov byte ptr [ebp-4], 5
005EABD0 |. 8B85 B8FEFFFF mov eax, dword ptr [ebp-148]
005EABD6 |. 50 push eax
005EABD7 |. 8D8D 44FFFFFF lea ecx, dword ptr [ebp-BC]
005EABDD |. 51 push ecx
005EABDE |. E8 B90A0C00 call 006AB69C ; jmp to MFC42D.#812
005EABE3 |. 8885 20FFFFFF mov byte ptr [ebp-E0], al
005EABE9 |. C645 FC 04 mov byte ptr [ebp-4], 4
005EABED |. 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
005EABF3 |. E8 0E040C00 call Sub ; jmp to MFC42D.#684
005EABF8 |. 8B95 20FFFFFF mov edx, dword ptr [ebp-E0]
005EABFE |. 81E2 FF000000 and edx, 0FF
005EAC04 |. 85D2 test edx, edx
005EAC06 |. 0F84 6A010000 je 005EAD76
005EAC0C |. 8D85 3CFFFFFF lea eax, dword ptr [ebp-C4]
005EAC12 |. 50 push eax
005EAC13 |. E8 5E120C00 call taPerPixelWidth ; jmp to MFC42D.#3110
005EAC18 |. 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8]
005EAC1E |. E8 F5030C00 call lt ; jmp to MFC42D.#492
005EAC23 |. C645 FC 06 mov byte ptr [ebp-4], 6
005EAC27 |. 8D8D 3CFFFFFF lea ecx, dword ptr [ebp-C4]
005EAC2D |. E8 72140C00 call D ; jmp to MFC42D.#2406
005EAC32 |. 50 push eax
005EAC33 |. 8D8D 3CFFFFFF lea ecx, dword ptr [ebp-C4]
005EAC39 |. E8 60140C00 call mode ; jmp to MFC42D.#2725
005EAC3E |. 50 push eax
005EAC3F |. 8D8D 3CFFFFFF lea ecx, dword ptr [ebp-C4]
005EAC45 |. E8 60140C00 call this ; jmp to MFC42D.#3177
005EAC4A |. 50 push eax
005EAC4B |. 68 0C826D00 push 006D820C ; ASCII "%04d%02d%02d"
005EAC50 |. 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8]
005EAC56 |. 51 push ecx
005EAC57 |. E8 2E040C00 call this ; jmp to MFC42D.#2168
005EAC5C |. 83C4 14 add esp, 14
005EAC5F |. 51 push ecx
005EAC60 |. 8BCC mov ecx, esp
005EAC62 |. 89A5 18FFFFFF mov dword ptr [ebp-E8], esp
005EAC68 |. 8D55 EC lea edx, dword ptr [ebp-14]
005EAC6B |. 52 push edx
005EAC6C |. E8 25040C00 call m ; jmp to MFC42D.#485
005EAC71 |. 8985 B4FEFFFF mov dword ptr [ebp-14C], eax
005EAC77 |. 8B85 B4FEFFFF mov eax, dword ptr [ebp-14C]
005EAC7D |. 8985 B0FEFFFF mov dword ptr [ebp-150], eax
005EAC83 |. C645 FC 07 mov byte ptr [ebp-4], 7
005EAC87 |. 51 push ecx
005EAC88 |. 8BCC mov ecx, esp
005EAC8A |. 89A5 14FFFFFF mov dword ptr [ebp-EC], esp
005EAC90 |. 8D95 38FFFFFF lea edx, dword ptr [ebp-C8]
005EAC96 |. 52 push edx
005EAC97 |. E8 FA030C00 call m ; jmp to MFC42D.#485
005EAC9C |. 8985 ACFEFFFF mov dword ptr [ebp-154], eax
005EACA2 |. 8B85 ACFEFFFF mov eax, dword ptr [ebp-154]
005EACA8 |. 8985 A8FEFFFF mov dword ptr [ebp-158], eax
005EACAE |. C645 FC 08 mov byte ptr [ebp-4], 8
005EACB2 |. 51 push ecx
005EACB3 |. 8BCC mov ecx, esp
005EACB5 |. 89A5 10FFFFFF mov dword ptr [ebp-F0], esp
005EACBB |. 68 E0686F00 push 006F68E0 ; ASCII "999"
005EACC0 |. E8 3B030C00 call il ; jmp to MFC42D.#487
005EACC5 |. 8985 A4FEFFFF mov dword ptr [ebp-15C], eax
005EACCB |. 8B8D A4FEFFFF mov ecx, dword ptr [ebp-15C]
005EACD1 |. 898D A0FEFFFF mov dword ptr [ebp-160], ecx
005EACD7 |. C645 FC 09 mov byte ptr [ebp-4], 9
005EACDB |. 51 push ecx
005EACDC |. 8BCC mov ecx, esp
005EACDE |. 89A5 0CFFFFFF mov dword ptr [ebp-F4], esp
005EACE4 |. 68 04BC6D00 push 006DBC04
005EACE9 |. E8 12030C00 call il ; jmp to MFC42D.#487
005EACEE |. 8985 9CFEFFFF mov dword ptr [ebp-164], eax
005EACF4 |. 8B95 9CFEFFFF mov edx, dword ptr [ebp-164]
005EACFA |. 8995 98FEFFFF mov dword ptr [ebp-168], edx
005EAD00 |. C645 FC 0A mov byte ptr [ebp-4], 0A
005EAD04 |. 51 push ecx
005EAD05 |. 8BCC mov ecx, esp
005EAD07 |. 89A5 08FFFFFF mov dword ptr [ebp-F8], esp
005EAD0D |. 8D45 E8 lea eax, dword ptr [ebp-18]
005EAD10 |. 50 push eax
005EAD11 |. E8 80030C00 call m ; jmp to MFC42D.#485
005EAD16 |. 8985 94FEFFFF mov dword ptr [ebp-16C], eax
005EAD1C |. 8D8D 04FFFFFF lea ecx, dword ptr [ebp-FC]
005EAD22 |. 51 push ecx
005EAD23 |. C645 FC 06 mov byte ptr [ebp-4], 6
005EAD27 |. FF15 94206D00 call dword ptr [<&AILicenseLibD.CAILi>; AILicens.CAILicense::CreateUserKey
005EAD2D |. 83C4 18 add esp, 18
005EAD30 |. 8985 90FEFFFF mov dword ptr [ebp-170], eax
005EAD36 |. 8B95 90FEFFFF mov edx, dword ptr [ebp-170]
005EAD3C |. 8995 8CFEFFFF mov dword ptr [ebp-174], edx
005EAD42 |. C645 FC 0B mov byte ptr [ebp-4], 0B
005EAD46 |. 8B85 8CFEFFFF mov eax, dword ptr [ebp-174]
005EAD4C |. 50 push eax
005EAD4D |. 8D8D 44FFFFFF lea ecx, dword ptr [ebp-BC]
005EAD53 |. E8 B4020C00 call el ; jmp to MFC42D.#734
005EAD58 |. C645 FC 06 mov byte ptr [ebp-4], 6
005EAD5C |. 8D8D 04FFFFFF lea ecx, dword ptr [ebp-FC]
005EAD62 |. E8 9F020C00 call Sub ; jmp to MFC42D.#684
005EAD67 |. C645 FC 04 mov byte ptr [ebp-4], 4
005EAD6B |. 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8]
005EAD71 |. E8 90020C00 call Sub ; jmp to MFC42D.#684
005EAD76 |> 51 push ecx
005EAD77 |. 8BCC mov ecx, esp
005EAD79 |. 89A5 00FFFFFF mov dword ptr [ebp-100], esp
005EAD7F |. 8D95 44FFFFFF lea edx, dword ptr [ebp-BC]
005EAD85 |. 52 push edx
005EAD86 |. E8 0B030C00 call m ; jmp to MFC42D.#485
005EAD8B |. 8985 88FEFFFF mov dword ptr [ebp-178], eax
005EAD91 |. 8B0D 247D7800 mov ecx, dword ptr [AnnotFlagMRMIPIm>
005EAD97 |. FF15 84206D00 call dword ptr [<&AILicenseLibD.CAILi>; AILicens.CAILicense::RegisterUserKey
005EAD9D |. 8985 84FEFFFF mov dword ptr [ebp-17C], eax
005EADA3 |. 8B85 84FEFFFF mov eax, dword ptr [ebp-17C]
005EADA9 |. 8985 34FFFFFF mov dword ptr [ebp-CC], eax
005EADAF |. 83BD 34FFFFFF>cmp dword ptr [ebp-CC], 0
005EADB6 |. 74 43 je short 005EADFB
005EADB8 |. 6A 00 push 0
005EADBA |. 6A 00 push 0
005EADBC |. 68 C8686F00 push 006F68C8 ; invalid license key !!!005EADC1 |. E8 D6020C00 call s ; jmp to MFC42D.#1136
005EADC6 |. C645 FC 03 mov byte ptr [ebp-4], 3
005EADCA |. 8D8D 40FFFFFF lea ecx, dword ptr [ebp-C0]
005EADD0 |. E8 31020C00 call Sub ; jmp to MFC42D.#684
005EADD5 |. C645 FC 00 mov byte ptr [ebp-4], 0
005EADD9 |. 8D8D 44FFFFFF lea ecx, dword ptr [ebp-BC]
005EADDF |. E8 22020C00 call Sub ; jmp to MFC42D.#684
005EADE4 |. C745 FC FFFFF>mov dword ptr [ebp-4], -1
005EADEB |. 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
005EADF1 |. E8 FA5AF2FF call CLicenseSetupDlg::~CLicenseSetup>
005EADF6 |. E9 3A030000 jmp 005EB135
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
|
|
我本来想弄个图片,可是不会贴,想把压缩的附件穿上了也没有权限,高手现看看,我去找的地方灌水去,有权限了就传个附件上来。
|
|
|
|
|
|
005EAD97 |. FF15 84206D00 call dword ptr [<&AILicenseLibD.CAILi>; ;有可能是关键call,调用注册函数,返回值放入EAX寄存器 005EAD9D |. 8985 84FEFFFF mov dword ptr [ebp-17C], eax 005EADA3 |. 8B85 84FEFFFF mov eax, dword ptr [ebp-17C] 005EADA9 |. 8985 34FFFFFF mov dword ptr [ebp-CC], eax 005EADAF |. 83BD 34FFFFFF>cmp dword ptr [ebp-CC], 0 ;这里有可能是标志位哦,请留意 005EADB6 |. 74 43 je short 005EADFB ;关键跳,如果上面的关键call返回值是0,那么就跳过“注册失败”处 005EADB8 |. 6A 00 push 0 005EADBA |. 6A 00 push 0 005EADBC |. 68 C8686F00 push 006F68C8 ; invalid license key !!!005EADC1 |. E8 D6020C00 call s ; jmp to MFC42D.#1136 005EADC6 |. C645 FC 03 mov byte ptr [ebp-4], 3 因为你没有把程序发上来,所以只能从你贴出来的代码来“断章取义”,上面写的注释未必正确(要具体分析),你可以参考一下 
|
|
|
|
|
|
高手出招,谢谢 PLAYBOYSEN ,你要想试验的话我可以给传个过去, 请留你的联系方式
再有 XOOJO 兄弟,别灌水了 好不(你灌了164个,声望也没长哦)
|
