-
-
[求助]请教一内存注册机写法
-
发表于: 2009-9-12 20:06
-
软件如图
0057B91A . 8D55 B8 lea edx, dword ptr [ebp-48]
0057B91D . 8B45 FC mov eax, dword ptr [ebp-4]
0057B920 . 8B80 34030000 mov eax, dword ptr [eax+334]
0057B926 . E8 45A7EFFF call 00476070
0057B92B . FF75 B8 push dword ptr [ebp-48]
0057B92E . 8D45 C8 lea eax, dword ptr [ebp-38]
0057B931 . BA 04000000 mov edx, 4
0057B936 . E8 AD8DE8FF call 004046E8
0057B93B . 8B55 C8 mov edx, dword ptr [ebp-38]
0057B93E . 8B45 F8 mov eax, dword ptr [ebp-8]
0057B941 . E8 2E8EE8FF call 00404774
0057B946 . 0F85 D9010000 jnz 0057BB25
0057B94C . 8D55 B4 lea edx, dword ptr [ebp-4C]
0057B94F . 8B45 FC mov eax, dword ptr [ebp-4]
0057B952 . 8B80 30030000 mov eax, dword ptr [eax+330]
0057B958 . E8 13A7EFFF call 00476070
0057B95D . 8B45 B4 mov eax, dword ptr [ebp-4C]
0057B960 . E8 D7D8E8FF call 0040923C
0057B965 . 8BD8 mov ebx, eax
0057B967 . B8 9F860100 mov eax, 1869F
0057B96C . E8 EF74E8FF call 00402E60
0057B971 . 05 0B350000 add eax, 350B
0057B976 . 3BD8 cmp ebx, eax
0057B978 . 74 32 je short 0057B9AC
0057B97A . 8D55 B0 lea edx, dword ptr [ebp-50]
0057B97D . 8B45 FC mov eax, dword ptr [ebp-4]
0057B980 . 8B80 28030000 mov eax, dword ptr [eax+328]
0057B986 . E8 E5A6EFFF call 00476070
0057B98B . 8B45 B0 mov eax, dword ptr [ebp-50]
0057B98E . E8 A9D8E8FF call 0040923C
0057B993 . 8BD8 mov ebx, eax
0057B995 . B8 9F860100 mov eax, 1869F
0057B99A . E8 C174E8FF call 00402E60
0057B99F . 05 68600000 add eax, 6068
0057B9A4 . 3BD8 cmp ebx, eax
0057B9A6 . 0F84 83010000 je 0057BB2F
0057B9AC > 8B15 50835B00 mov edx, dword ptr [5B8350] ; DtScale.005BA8E8
0057B9B2 . 8B12 mov edx, dword ptr [edx]
0057B9B4 . 8D45 AC lea eax, dword ptr [ebp-54]
0057B9B7 . B9 98BB5700 mov ecx, 0057BB98 ; 设置.ini
0057B9BC . E8 B38CE8FF call 00404674
0057B9C1 . 8B4D AC mov ecx, dword ptr [ebp-54]
0057B9C4 . B2 01 mov dl, 1
0057B9C6 . A1 D0434400 mov eax, dword ptr [4443D0]
0057B9CB . E8 B08AECFF call 00444480
0057B9D0 . 8945 F0 mov dword ptr [ebp-10], eax
0057B9D3 . 33C0 xor eax, eax
0057B9D5 . 55 push ebp
0057B9D6 . 68 79BA5700 push 0057BA79
0057B9DB . 64:FF30 push dword ptr fs:[eax]
0057B9DE . 64:8920 mov dword ptr fs:[eax], esp
0057B9E1 . 8D55 A8 lea edx, dword ptr [ebp-58]
0057B9E4 . 8B45 FC mov eax, dword ptr [ebp-4]
0057B9E7 . 8B80 28030000 mov eax, dword ptr [eax+328]
0057B9ED . E8 7EA6EFFF call 00476070
0057B9F2 . FF75 A8 push dword ptr [ebp-58]
0057B9F5 . 68 ACBB5700 push 0057BBAC ; -
0057B9FA . 8D55 A4 lea edx, dword ptr [ebp-5C]
0057B9FD . 8B45 FC mov eax, dword ptr [ebp-4]
0057BA00 . 8B80 2C030000 mov eax, dword ptr [eax+32C]
0057BA06 . E8 65A6EFFF call 00476070
0057BA0B . FF75 A4 push dword ptr [ebp-5C]
0057BA0E . 68 ACBB5700 push 0057BBAC ; -
0057BA13 . 8D55 A0 lea edx, dword ptr [ebp-60]
0057BA16 . 8B45 FC mov eax, dword ptr [ebp-4]
0057BA19 . 8B80 30030000 mov eax, dword ptr [eax+330]
0057BA1F . E8 4CA6EFFF call 00476070
0057BA24 . FF75 A0 push dword ptr [ebp-60]
0057BA27 . 68 ACBB5700 push 0057BBAC ; -
0057BA2C . 8D55 9C lea edx, dword ptr [ebp-64]
0057BA2F . 8B45 FC mov eax, dword ptr [ebp-4]
0057BA32 . 8B80 34030000 mov eax, dword ptr [eax+334]
0057BA38 . E8 33A6EFFF call 00476070
0057BA3D . FF75 9C push dword ptr [ebp-64]
0057BA40 . 8D45 F4 lea eax, dword ptr [ebp-C]
0057BA43 . BA 07000000 mov edx, 7
0057BA48 . E8 9B8CE8FF call 004046E8
0057BA4D . 8B45 F4 mov eax, dword ptr [ebp-C]
0057BA50 . 50 push eax
0057BA51 . B9 B8BB5700 mov ecx, 0057BBB8 ; 注册码
0057BA56 . BA C8BB5700 mov edx, 0057BBC8 ; 注册
0057BA5B . 8B45 F0 mov eax, dword ptr [ebp-10]
0057BA5E . 8B18 mov ebx, dword ptr [eax]
0057BA60 . FF53 04 call dword ptr [ebx+4]
0057BA63 . 33C0 xor eax, eax
0057BA65 . 5A pop edx
0057BA66 . 59 pop ecx
0057BA67 . 59 pop ecx
0057BA68 . 64:8910 mov dword ptr fs:[eax], edx
0057BA6B . 68 80BA5700 push 0057BA80
0057BA70 > 8B45 F0 mov eax, dword ptr [ebp-10]
0057BA73 . E8 607AE8FF call 004034D8
0057BA78 . C3 retn
0057BA79 .^ E9 EE81E8FF jmp 00403C6C
0057BA7E .^ EB F0 jmp short 0057BA70
0057BA80 . A0 D0BB5700 mov al, byte ptr [57BBD0]
0057BA85 . 50 push eax
0057BA86 . 8D45 98 lea eax, dword ptr [ebp-68]
0057BA89 . 50 push eax
0057BA8A . 33C9 xor ecx, ecx
0057BA8C . BA ACBB5700 mov edx, 0057BBAC ; -
0057BA91 . 8B45 F4 mov eax, dword ptr [ebp-C]
0057BA94 . E8 3F2DE9FF call 0040E7D8
0057BA99 . 8B45 98 mov eax, dword ptr [ebp-68]
0057BA9C . 50 push eax
0057BA9D . 8D55 90 lea edx, dword ptr [ebp-70]
0057BAA0 . 8B45 FC mov eax, dword ptr [ebp-4]
0057BAA3 . 8B80 48030000 mov eax, dword ptr [eax+348]
0057BAA9 . E8 C2A5EFFF call 00476070
0057BAAE . FF75 90 push dword ptr [ebp-70]
0057BAB1 . 8D55 8C lea edx, dword ptr [ebp-74]
0057BAB4 . 8B45 FC mov eax, dword ptr [ebp-4]
0057BAB7 . 8B80 18030000 mov eax, dword ptr [eax+318]
0057BABD . E8 AEA5EFFF call 00476070
0057BAC2 . FF75 8C push dword ptr [ebp-74]
0057BAC5 . 8D55 88 lea edx, dword ptr [ebp-78]
0057BAC8 . 8B45 FC mov eax, dword ptr [ebp-4]
0057BACB . 8B80 1C030000 mov eax, dword ptr [eax+31C]
0057BAD1 . E8 9AA5EFFF call 00476070
0057BAD6 . FF75 88 push dword ptr [ebp-78]
0057BAD9 . 8D55 84 lea edx, dword ptr [ebp-7C]
0057BADC . 8B45 FC mov eax, dword ptr [ebp-4]
0057BADF . 8B80 20030000 mov eax, dword ptr [eax+320]
0057BAE5 . E8 86A5EFFF call 00476070
0057BAEA . FF75 84 push dword ptr [ebp-7C]
0057BAED . 8D45 94 lea eax, dword ptr [ebp-6C]
0057BAF0 . BA 04000000 mov edx, 4
0057BAF5 . E8 EE8BE8FF call 004046E8
0057BAFA . 8B45 94 mov eax, dword ptr [ebp-6C]
0057BAFD . 50 push eax
0057BAFE . 8D55 80 lea edx, dword ptr [ebp-80]
0057BB01 . 8B45 FC mov eax, dword ptr [ebp-4]
0057BB04 . 8B80 08030000 mov eax, dword ptr [eax+308]
0057BB0A . E8 61A5EFFF call 00476070
0057BB0F . 8B45 80 mov eax, dword ptr [ebp-80]
0057BB12 . 5A pop edx
0057BB13 . 59 pop ecx
0057BB14 . E8 0FB6FEFF call 00567128
0057BB19 . B8 DCBB5700 mov eax, 0057BBDC ; 注册成功!
0057BB1E . E8 C1F0EBFF call 0043ABE4
0057BB23 . EB 0A jmp short 0057BB2F
0057BB25 > B8 F0BB5700 mov eax, 0057BBF0 ; 注册失败!
0057BB2A . E8 B5F0EBFF call 0043ABE4
已经知道了0057B93E 8B45 F8 为真正注册吗地方,右边eax 00C5ED64 [3429629686191079]为真正注册码
在写内存注册机时一直不对
内存注册机写法
中断地址:57B93E
中断次数:1
第一字节:8B
指令长度:3
生成后得到不是真正的注册码,请问前辈们我哪里写错了?
如何写才能真正得到注册码?
第一次练手写注册机,请大家多指导。
0057B91A . 8D55 B8 lea edx, dword ptr [ebp-48]
0057B91D . 8B45 FC mov eax, dword ptr [ebp-4]
0057B920 . 8B80 34030000 mov eax, dword ptr [eax+334]
0057B926 . E8 45A7EFFF call 00476070
0057B92B . FF75 B8 push dword ptr [ebp-48]
0057B92E . 8D45 C8 lea eax, dword ptr [ebp-38]
0057B931 . BA 04000000 mov edx, 4
0057B936 . E8 AD8DE8FF call 004046E8
0057B93B . 8B55 C8 mov edx, dword ptr [ebp-38]
0057B93E . 8B45 F8 mov eax, dword ptr [ebp-8]
0057B941 . E8 2E8EE8FF call 00404774
0057B946 . 0F85 D9010000 jnz 0057BB25
0057B94C . 8D55 B4 lea edx, dword ptr [ebp-4C]
0057B94F . 8B45 FC mov eax, dword ptr [ebp-4]
0057B952 . 8B80 30030000 mov eax, dword ptr [eax+330]
0057B958 . E8 13A7EFFF call 00476070
0057B95D . 8B45 B4 mov eax, dword ptr [ebp-4C]
0057B960 . E8 D7D8E8FF call 0040923C
0057B965 . 8BD8 mov ebx, eax
0057B967 . B8 9F860100 mov eax, 1869F
0057B96C . E8 EF74E8FF call 00402E60
0057B971 . 05 0B350000 add eax, 350B
0057B976 . 3BD8 cmp ebx, eax
0057B978 . 74 32 je short 0057B9AC
0057B97A . 8D55 B0 lea edx, dword ptr [ebp-50]
0057B97D . 8B45 FC mov eax, dword ptr [ebp-4]
0057B980 . 8B80 28030000 mov eax, dword ptr [eax+328]
0057B986 . E8 E5A6EFFF call 00476070
0057B98B . 8B45 B0 mov eax, dword ptr [ebp-50]
0057B98E . E8 A9D8E8FF call 0040923C
0057B993 . 8BD8 mov ebx, eax
0057B995 . B8 9F860100 mov eax, 1869F
0057B99A . E8 C174E8FF call 00402E60
0057B99F . 05 68600000 add eax, 6068
0057B9A4 . 3BD8 cmp ebx, eax
0057B9A6 . 0F84 83010000 je 0057BB2F
0057B9AC > 8B15 50835B00 mov edx, dword ptr [5B8350] ; DtScale.005BA8E8
0057B9B2 . 8B12 mov edx, dword ptr [edx]
0057B9B4 . 8D45 AC lea eax, dword ptr [ebp-54]
0057B9B7 . B9 98BB5700 mov ecx, 0057BB98 ; 设置.ini
0057B9BC . E8 B38CE8FF call 00404674
0057B9C1 . 8B4D AC mov ecx, dword ptr [ebp-54]
0057B9C4 . B2 01 mov dl, 1
0057B9C6 . A1 D0434400 mov eax, dword ptr [4443D0]
0057B9CB . E8 B08AECFF call 00444480
0057B9D0 . 8945 F0 mov dword ptr [ebp-10], eax
0057B9D3 . 33C0 xor eax, eax
0057B9D5 . 55 push ebp
0057B9D6 . 68 79BA5700 push 0057BA79
0057B9DB . 64:FF30 push dword ptr fs:[eax]
0057B9DE . 64:8920 mov dword ptr fs:[eax], esp
0057B9E1 . 8D55 A8 lea edx, dword ptr [ebp-58]
0057B9E4 . 8B45 FC mov eax, dword ptr [ebp-4]
0057B9E7 . 8B80 28030000 mov eax, dword ptr [eax+328]
0057B9ED . E8 7EA6EFFF call 00476070
0057B9F2 . FF75 A8 push dword ptr [ebp-58]
0057B9F5 . 68 ACBB5700 push 0057BBAC ; -
0057B9FA . 8D55 A4 lea edx, dword ptr [ebp-5C]
0057B9FD . 8B45 FC mov eax, dword ptr [ebp-4]
0057BA00 . 8B80 2C030000 mov eax, dword ptr [eax+32C]
0057BA06 . E8 65A6EFFF call 00476070
0057BA0B . FF75 A4 push dword ptr [ebp-5C]
0057BA0E . 68 ACBB5700 push 0057BBAC ; -
0057BA13 . 8D55 A0 lea edx, dword ptr [ebp-60]
0057BA16 . 8B45 FC mov eax, dword ptr [ebp-4]
0057BA19 . 8B80 30030000 mov eax, dword ptr [eax+330]
0057BA1F . E8 4CA6EFFF call 00476070
0057BA24 . FF75 A0 push dword ptr [ebp-60]
0057BA27 . 68 ACBB5700 push 0057BBAC ; -
0057BA2C . 8D55 9C lea edx, dword ptr [ebp-64]
0057BA2F . 8B45 FC mov eax, dword ptr [ebp-4]
0057BA32 . 8B80 34030000 mov eax, dword ptr [eax+334]
0057BA38 . E8 33A6EFFF call 00476070
0057BA3D . FF75 9C push dword ptr [ebp-64]
0057BA40 . 8D45 F4 lea eax, dword ptr [ebp-C]
0057BA43 . BA 07000000 mov edx, 7
0057BA48 . E8 9B8CE8FF call 004046E8
0057BA4D . 8B45 F4 mov eax, dword ptr [ebp-C]
0057BA50 . 50 push eax
0057BA51 . B9 B8BB5700 mov ecx, 0057BBB8 ; 注册码
0057BA56 . BA C8BB5700 mov edx, 0057BBC8 ; 注册
0057BA5B . 8B45 F0 mov eax, dword ptr [ebp-10]
0057BA5E . 8B18 mov ebx, dword ptr [eax]
0057BA60 . FF53 04 call dword ptr [ebx+4]
0057BA63 . 33C0 xor eax, eax
0057BA65 . 5A pop edx
0057BA66 . 59 pop ecx
0057BA67 . 59 pop ecx
0057BA68 . 64:8910 mov dword ptr fs:[eax], edx
0057BA6B . 68 80BA5700 push 0057BA80
0057BA70 > 8B45 F0 mov eax, dword ptr [ebp-10]
0057BA73 . E8 607AE8FF call 004034D8
0057BA78 . C3 retn
0057BA79 .^ E9 EE81E8FF jmp 00403C6C
0057BA7E .^ EB F0 jmp short 0057BA70
0057BA80 . A0 D0BB5700 mov al, byte ptr [57BBD0]
0057BA85 . 50 push eax
0057BA86 . 8D45 98 lea eax, dword ptr [ebp-68]
0057BA89 . 50 push eax
0057BA8A . 33C9 xor ecx, ecx
0057BA8C . BA ACBB5700 mov edx, 0057BBAC ; -
0057BA91 . 8B45 F4 mov eax, dword ptr [ebp-C]
0057BA94 . E8 3F2DE9FF call 0040E7D8
0057BA99 . 8B45 98 mov eax, dword ptr [ebp-68]
0057BA9C . 50 push eax
0057BA9D . 8D55 90 lea edx, dword ptr [ebp-70]
0057BAA0 . 8B45 FC mov eax, dword ptr [ebp-4]
0057BAA3 . 8B80 48030000 mov eax, dword ptr [eax+348]
0057BAA9 . E8 C2A5EFFF call 00476070
0057BAAE . FF75 90 push dword ptr [ebp-70]
0057BAB1 . 8D55 8C lea edx, dword ptr [ebp-74]
0057BAB4 . 8B45 FC mov eax, dword ptr [ebp-4]
0057BAB7 . 8B80 18030000 mov eax, dword ptr [eax+318]
0057BABD . E8 AEA5EFFF call 00476070
0057BAC2 . FF75 8C push dword ptr [ebp-74]
0057BAC5 . 8D55 88 lea edx, dword ptr [ebp-78]
0057BAC8 . 8B45 FC mov eax, dword ptr [ebp-4]
0057BACB . 8B80 1C030000 mov eax, dword ptr [eax+31C]
0057BAD1 . E8 9AA5EFFF call 00476070
0057BAD6 . FF75 88 push dword ptr [ebp-78]
0057BAD9 . 8D55 84 lea edx, dword ptr [ebp-7C]
0057BADC . 8B45 FC mov eax, dword ptr [ebp-4]
0057BADF . 8B80 20030000 mov eax, dword ptr [eax+320]
0057BAE5 . E8 86A5EFFF call 00476070
0057BAEA . FF75 84 push dword ptr [ebp-7C]
0057BAED . 8D45 94 lea eax, dword ptr [ebp-6C]
0057BAF0 . BA 04000000 mov edx, 4
0057BAF5 . E8 EE8BE8FF call 004046E8
0057BAFA . 8B45 94 mov eax, dword ptr [ebp-6C]
0057BAFD . 50 push eax
0057BAFE . 8D55 80 lea edx, dword ptr [ebp-80]
0057BB01 . 8B45 FC mov eax, dword ptr [ebp-4]
0057BB04 . 8B80 08030000 mov eax, dword ptr [eax+308]
0057BB0A . E8 61A5EFFF call 00476070
0057BB0F . 8B45 80 mov eax, dword ptr [ebp-80]
0057BB12 . 5A pop edx
0057BB13 . 59 pop ecx
0057BB14 . E8 0FB6FEFF call 00567128
0057BB19 . B8 DCBB5700 mov eax, 0057BBDC ; 注册成功!
0057BB1E . E8 C1F0EBFF call 0043ABE4
0057BB23 . EB 0A jmp short 0057BB2F
0057BB25 > B8 F0BB5700 mov eax, 0057BBF0 ; 注册失败!
0057BB2A . E8 B5F0EBFF call 0043ABE4
已经知道了0057B93E 8B45 F8 为真正注册吗地方,右边eax 00C5ED64 [3429629686191079]为真正注册码
在写内存注册机时一直不对
内存注册机写法
中断地址:57B93E
中断次数:1
第一字节:8B
指令长度:3
生成后得到不是真正的注册码,请问前辈们我哪里写错了?
如何写才能真正得到注册码?
第一次练手写注册机,请大家多指导。
|
|
|---|---|
|
|
|
|
|
我搞定了,终端地址应该是57B941,因为这个时候eax里面才有数据,中断在57B93E的时候eax里面还没有注册码。
0057B941 . E8 2E8EE8FF call 00404774 终于搞定了,谢谢大家,终于弄出了第一个内存注册机。。。。 
|
|
|
|
|
|
 ,是的就是在这里。
|
|
|
|
|
|
|
|
|
|
|
|
|
