| 【软件简介】:公路设计软件解密的二次加密文件。呵呵,zchlb朋友没说,我不清楚。
【软件限制】:必须注册
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、PEiD、W32Dasm 9.0白金版
—————————————————————————————————
【过 程】:
呵呵,注册画面一现出来就知道我又碰上Softsentry壳的东东了。^O^^O^
没想到作者“很怕麻烦”,算法一点都没加难,简直就是用Softsentry随便做了一下保护。
用TRW很容易就找到核心了,呵呵,再用Ollydbg跟踪吧,比较直观,还可以享受MP3呀。^O^^O^
系列号:95065
试炼码:13572468
—————————————————————————————————
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046E895(C)
|
:0046E8BA 8D442450 lea eax, dword ptr [esp+50]
:0046E8BE 6A32 push 00000032
:0046E8C0 8B4C2418 mov ecx, dword ptr [esp+18]
:0046E8C4 50 push eax
:0046E8C5 6801100000 push 00001001
:0046E8CA 51 push ecx
:0046E8CB FF1538954700 call dword ptr [00479538]
====>GetDlgItemTextA 呵呵,很好的断点呀。
:0046E8D1 6689442410 mov word ptr [esp+10], ax
:0046E8D6 8D7C2450 lea edi, dword ptr [esp+50]
====>EDI=13572468 试炼码
:0046E8DA B9FFFFFFFF mov ecx, FFFFFFFF
:0046E8DF 2BC0 sub eax, eax
:0046E8E1 F2 repnz
:0046E8E2 AE scasb
:0046E8E3 F7D1 not ecx
:0046E8E5 2BF9 sub edi, ecx
:0046E8E7 8BD1 mov edx, ecx
:0046E8E9 C1E902 shr ecx, 02
:0046E8EC 8BF7 mov esi, edi
:0046E8EE 8DBC2484000000 lea edi, dword ptr [esp+00000084]
:0046E8F5 F3 repz
:0046E8F6 A5 movsd
:0046E8F7 8BCA mov ecx, edx
:0046E8F9 83E103 and ecx, 00000003
:0046E8FC F3 repz
:0046E8FD A4 movsb
:0046E8FE 66C74424120000 mov [esp+12], 0000
:0046E905 66833D488C470000 cmp word ptr [00478C48], 0000
:0046E90D 0F8E0F040000 jle 0046ED22
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046ED1A(C)
|
:0046E913 668B5C2410 mov bx, word ptr [esp+10]
:0046E918 33ED xor ebp, ebp
:0046E91A 8D7C2450 lea edi, dword ptr [esp+50]
:0046E91E B9FFFFFFFF mov ecx, FFFFFFFF
:0046E923 2BC0 sub eax, eax
:0046E925 F2 repnz
:0046E926 AE scasb
:0046E927 F7D1 not ecx
:0046E929 2BF9 sub edi, ecx
:0046E92B 8BC1 mov eax, ecx
:0046E92D C1E902 shr ecx, 02
:0046E930 8BF7 mov esi, edi
:0046E932 8D7C241C lea edi, dword ptr [esp+1C]
:0046E936 F3 repz
:0046E937 A5 movsd
:0046E938 8BC8 mov ecx, eax
:0046E93A 83E103 and ecx, 00000003
:0046E93D F3 repz
:0046E93E A4 movsb
:0046E93F 0FBF4C2412 movsx ecx, word ptr [esp+12]
:0046E944 8B354C8C4700 mov esi, dword ptr [00478C4C]
:0046E94A 894C2418 mov dword ptr [esp+18], ecx
:0046E94E C1E102 shl ecx, 02
:0046E951 8D0449 lea eax, dword ptr [ecx+2*ecx]
:0046E954 8D1480 lea edx, dword ptr [eax+4*eax]
:0046E957 03F2 add esi, edx
:0046E959 668B06 mov ax, word ptr [esi]
:0046E95C 66A3388C4700 mov word ptr [00478C38], ax
:0046E962 8B4E08 mov ecx, dword ptr [esi+08]
:0046E965 890D348C4700 mov dword ptr [00478C34], ecx
:0046E96B 8B7E0C mov edi, dword ptr [esi+0C]
:0046E96E 893D448C4700 mov dword ptr [00478C44], edi
:0046E974 8B4610 mov eax, dword ptr [esi+10]
:0046E977 A3CC8B4700 mov dword ptr [00478BCC], eax
:0046E97C 66833D388C470001 cmp word ptr [00478C38], 0001
:0046E984 668B4E14 mov cx, word ptr [esi+14]
:0046E988 66890D3E8C4700 mov word ptr [00478C3E], cx
:0046E98F 740E je 0046E99F
:0046E991 66833D388C470002 cmp word ptr [00478C38], 0002
:0046E999 0F85A4000000 jne 0046EA43
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046E98F(C)
|
:0046E99F BFFC504700 mov edi, 004750FC
:0046E9A4 B909000000 mov ecx, 00000009
:0046E9A9 8B7620 mov esi, dword ptr [esi+20]
====>ESI=310 呵呵,这是string_1了!
:0046E9AC F3 repz
:0046E9AD A6 cmpsb
:0046E9AE 750C jne 0046E9BC
:0046E9B0 A1E0894700 mov eax, dword ptr [004789E0]
:0046E9B5 A3C08B4700 mov dword ptr [00478BC0], eax
:0046E9BA EB32 jmp 0046E9EE
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046E9AE(C)
|
:0046E9BC A14C8C4700 mov eax, dword ptr [00478C4C]
:0046E9C1 BFF0504700 mov edi, 004750F0
:0046E9C6 B909000000 mov ecx, 00000009
:0046E9CB 8B740220 mov esi, dword ptr [edx+eax+20]
:0046E9CF F3 repz
:0046E9D0 A6 cmpsb
:0046E9D1 750C jne 0046E9DF
:0046E9D3 A1E4894700 mov eax, dword ptr [004789E4]
:0046E9D8 A3C08B4700 mov dword ptr [00478BC0], eax
:0046E9DD EB0F &n [1] [2] [3] [4] [5] [6] 下一页 |
