刚下了一个小游戏,叫做楚汉棋缘,试玩过后需要注册,随便输入1111点注册,提示:注册名或注册码输入不对,其中注意1(数字)、i(大写字母)l(L的小写)、0(数字)、o(小写字母)、O(大写字母)等的区别!
于是OD载入,“插件”--"ultra 字符串参考"--"查找ASCAL",找到上述字符串,来到地址00442B1A
00442B1A BA BA795000 mov edx,chess.005079BA ; 注册名或注册码输入不对,其中注意1(数字)、i(大写字母)l(L的小写)、0(数字)、o(小写字母)、O(大写字母)等的区别!
然后向上找跳转:
004429D8 /74 15 je short chess.004429EF ;这个跳转跳到注册成功,
004429DA |8B85 4CFFFFFF mov eax,dword ptr ss:[ebp-B4]
004429E0 |50 push eax
004429E1 |E8 76E6FFFF call chess.0044105C
004429E6 |59 pop ecx
004429E7 |84C0 test al,al
004429E9 |0F84 22010000 je chess.00442B11 ;这个跳转直接跳到字符串,验证错误
004429EF \8B15 58D45000 mov edx,dword ptr ds:[50D458] ; chess._ChessForm
004429F5 33C0 xor eax,eax
004429F7 8DBD 94FEFFFF lea edi,dword ptr ss:[ebp-16C]
004429FD 8B0A mov ecx,dword ptr ds:[edx]
004429FF 81C1 89210000 add ecx,2189
00442A05 8BF1 mov esi,ecx
00442A07 83C9 FF or ecx,FFFFFFFF
00442A0A F2:AE repne scas byte ptr es:[edi]
00442A0C F7D1 not ecx
00442A0E 2BF9 sub edi,ecx
00442A10 8BD1 mov edx,ecx
00442A12 87F7 xchg edi,esi
00442A14 C1E9 02 shr ecx,2
00442A17 8BC7 mov eax,edi
00442A19 F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
00442A1B 8BCA mov ecx,edx
00442A1D 83E1 03 and ecx,3
00442A20 F3:A4 rep movs byte ptr es:[edi],byte ptr ds:[>
00442A22 A1 58D45000 mov eax,dword ptr ds:[50D458]
00442A27 8DBD A8FEFFFF lea edi,dword ptr ss:[ebp-158]
00442A2D 8B10 mov edx,dword ptr ds:[eax]
00442A2F 33C0 xor eax,eax
00442A31 81C2 A2210000 add edx,21A2
00442A37 83C9 FF or ecx,FFFFFFFF
00442A3A F2:AE repne scas byte ptr es:[edi]
00442A3C F7D1 not ecx
00442A3E 2BF9 sub edi,ecx
00442A40 8BF2 mov esi,edx
00442A42 87F7 xchg edi,esi
00442A44 8BD1 mov edx,ecx
00442A46 8BC7 mov eax,edi
00442A48 C1E9 02 shr ecx,2
00442A4B F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
00442A4D 8BCA mov ecx,edx
00442A4F 83E1 03 and ecx,3
00442A52 F3:A4 rep movs byte ptr es:[edi],byte ptr ds:[>
00442A54 A1 58D45000 mov eax,dword ptr ds:[50D458]
00442A59 8B10 mov edx,dword ptr ds:[eax]
00442A5B C682 D9210000 0>mov byte ptr ds:[edx+21D9],1
00442A62 33DB xor ebx,ebx
00442A64 E8 C3C40800 call chess.004CEF2C
00442A69 99 cdq
00442A6A B9 32000000 mov ecx,32
00442A6F F7F9 idiv ecx
00442A71 8D049B lea eax,dword ptr ds:[ebx+ebx*4]
00442A74 80C2 65 add dl,65
00442A77 8B0D 58D45000 mov ecx,dword ptr ds:[50D458] ; chess._ChessForm
00442A7D 8D0443 lea eax,dword ptr ds:[ebx+eax*2]
00442A80 C1E0 03 shl eax,3
00442A83 2BC3 sub eax,ebx
00442A85 8B09 mov ecx,dword ptr ds:[ecx]
00442A87 8D0483 lea eax,dword ptr ds:[ebx+eax*4]
00442A8A 889481 C20A0000 mov byte ptr ds:[ecx+eax*4+AC2],dl
00442A91 43 inc ebx
00442A92 83FB 05 cmp ebx,5
00442A95 ^ 7C CD jl short chess.00442A64
00442A97 66:C785 60FFFFF>mov word ptr ss:[ebp-A0],188
00442AA0 BA AF795000 mov edx,chess.005079AF ; 注册成功!
00442AA5 8D45 80 lea eax,dword ptr ss:[ebp-80]
00442AA8 E8 0F370900 call chess.004D61BC
00442AAD FF85 6CFFFFFF inc dword ptr ss:[ebp-94]
00442AB3 8B00 mov eax,dword ptr ds:[eax]
00442AB5 33D2 xor edx,edx
00442AB7 8995 7CFFFFFF mov dword ptr ss:[ebp-84],edx
00442ABD 8D95 7CFFFFFF lea edx,dword ptr ss:[ebp-84]
00442AC3 FF85 6CFFFFFF inc dword ptr ss:[ebp-94]
00442AC9 E8 7A3DFEFF call chess.00426848
00442ACE 8D85 7CFFFFFF lea eax,dword ptr ss:[ebp-84]
00442AD4 8B00 mov eax,dword ptr ds:[eax]
00442AD6 E8 8D7C0400 call chess.0048A768
00442ADB FF8D 6CFFFFFF dec dword ptr ss:[ebp-94]
00442AE1 8D85 7CFFFFFF lea eax,dword ptr ss:[ebp-84]
00442AE7 BA 02000000 mov edx,2
00442AEC E8 23380900 call chess.004D6314
00442AF1 FF8D 6CFFFFFF dec dword ptr ss:[ebp-94]
00442AF7 8D45 80 lea eax,dword ptr ss:[ebp-80]
00442AFA BA 02000000 mov edx,2
00442AFF E8 10380900 call chess.004D6314
00442B04 8B85 4CFFFFFF mov eax,dword ptr ss:[ebp-B4]
00442B0A E8 65BD0300 call chess.0047E874
00442B0F EB 73 jmp short chess.00442B84
00442B11 66:C785 60FFFFF>mov word ptr ss:[ebp-A0],194
00442B1A BA BA795000 mov edx,chess.005079BA ; 注册名或注册码输入不对,其中注意1(数字)、i(大写字母)l(L的小写)、0(数字)、o(小写字母)、O(大写字母)等的区别!
反改叫转 004429D8 /74 15 je short chess.004429EF 就改成jne short chess.004429EF
保存修改,再打开程序,直接点注册,提示注册成功。
呵呵 小玩意儿,给新人提高信心。
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
