dayo.asm

破解很多程序的序列号算法程序

.386P
Locals
jumps

.Model Flat ,StdCall

;Define external functions and constants.
Extrn           ExitProcess:PROC
Extrn           MessageBoxA:PROC                
Extrn		GetModuleHandleA:PROC
Extrn		GetWindowThreadProcessId:PROC
Extrn		FindWindowExA:PROC
Extrn		OpenProcess:PROC
Extrn		WriteProcessMemory:PROC

.Data                                        
Title1          db 'DAYO Software, Version 7.03 - Memory Patcher by CrackZ',0
Message1        db 0dh,0ah,' Push OK when you are ready to apply the memory patch. ',0dh,0ah,0
Error		db 'Error!',0
ErrorMessage	db 'Registration Screen Not Found',0

;Target Information.
Nameofwin	db 'Registration Code Entry',0	; name of window to find the process by
ProcID		dd 0				; Process Identifier
Flags		dd 0c0h				; Open with these flags! (RWE)
NumberOfBytes	dd 0 				; this many bytes written
From_Here	db 90h, 90h,0			; write from this buffer
HowManyToPatch  dd 2				; How many bytes to patch
PatchThisOff	dd 004CC7EDh			; patch at this offset (Virtual Address)

.Code

Main:
	push 0
	push offset Title1
	push offset Message1
	push 0
	call MessageBoxA

	int 3				; See how it works with debugger trap int 3
	xor 	eax,eax
	push	offset Nameofwin	; find window 
	push	eax			; Desktop is parent
	push	eax
	push 	eax
	call 	FindWindowExA
	test    eax,eax			; windows ID is eax
	jz	abort			; for now we don't abort if not found

	push offset ProcID		; get ProcessID here
	push eax			; for this 
	call GetWindowThreadProcessId	; fetch the owner process ID
	xor esi,esi
	test eax,eax
	jz   abort

	push [ProcID]			; owner process ID
	push esi	
	push offset Flags		; flags = Read/write
	call OpenProcess
	test eax,eax
	jz abort
	
	push offset NumberOfBytes	; Bytes written
	push [HowManyToPatch]
	push offset From_Here
	push [PatchThisOff]		; write to here
	push eax			; using this handle
	call WriteProcessMemory
	
Exit_Proc:
	Push LARGE-1
	Call ExitProcess
abort:
	push 0
	push offset Error
	push offset ErrorMessage
	push 0
	call MessageBoxA

	jmp Exit_Proc

End Main