📄 db22.htm
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0050)file://\\Server\pub\Hacker\Documents\JM\jm1-01.txt -->
<HTML><HEAD>
<META content="text/html; charset=gb2312" http-equiv=Content-Type>
<META content="MSHTML 5.00.2614.3500" name=GENERATOR></HEAD>
<BODY><XMP>内容:
银版快信 5.4H1(架站用)破解注册过程 (此次是算注册码 因为方便以後用嘛!
若以後注册码算法不变的话 应可沿用下
一版 省得下次出新版还要再破解一次。)
为了方便截取画面 所以这次改用 DEBUG 操作!!
若您用 S-ICE 也可以用 LDR XPADM.EXE 载入即可 在此不再累述。
D:\PROBOARD\XPRESS>DEBUG XPADM.EXE
-U
293F:001F 9A0000AE37 CALL 37AE:0000
293F:0024 9A970A6A35 CALL 356A:0A97
293F:0029 9A2507E433 CALL 33E4:0725
293F:002E 9A10162B32 CALL 322B:1610
293F:0033 9A86099231 CALL 3192:0986
293F:0038 9A0701C72F CALL 2FC7:0107
293F:003D 9ABD00B92F CALL 2FB9:00BD
293F:0042 9AE6008A2E CALL 2E8A:00E6
293F:0047 9A4D02012E CALL 2E01:024D
293F:004C 9AC004BF2C CALL 2CBF:04C0
293F:0051 9A97004D2A CALL 2A4D:0097
293F:0056 9A3A075329 CALL 2953:073A
293F:005B C8 DB C8
293F:005C 0402 ADD AL,02
293F:005E 008DBE00 ADD [DI+00BE],CL
293F:0062 FF16576A CALL [6A57]
293F:0066 009A140D ADD [BP+SI+0D14],BL
293F:006A AE SCASB
293F:006B 37 AAA
293F:006C 9A12003937 CALL 3739:0012
293F:0071 833E1C3000 CMP WORD PTR [301C],+00
293F:0076 746D JZ 00E5
293F:0078 8DBEFCFD LEA DI,[BP+FDFC]
293F:007C 16 PUSH SS
293F:007D 57 PUSH DI
293F:007E 8DBE00FF LEA DI,[BP+FF00]
293F:0082 16 PUSH SS
293F:0083 57 PUSH DI
293F:0084 6A DB 6A
293F:0085 009A140D ADD [BP+SI+0D14],BL
293F:0089 AE SCASB
293F:008A 37 AAA
293F:008B 8DBEFCFE LEA DI,[BP+FEFC]
293F:008F 16 PUSH SS
293F:0090 57 PUSH DI
293F:0091 BF0000 MOV DI,0000
293F:0094 0E PUSH CS
293F:0095 57 PUSH DI
293F:0096 9AC30FAE37 CALL 37AE:0FC3
293F:009B 9A7F071536 CALL 3615:077F
293F:00A0 9A12003937 CALL 3739:0012
293F:00A5 833E1C3000 CMP WORD PTR [301C],+00
293F:00AA 7439 JZ 00E5
293F:00AC BF9880 MOV DI,8098
293F:00AF 1E PUSH DS
293F:00B0 57 PUSH DI
293F:00B1 8D7EE5 LEA DI,[BP-1B]
293F:00B4 16 PUSH SS
293F:00B5 57 PUSH DI
293F:00B6 BF0400 MOV DI,0004
293F:00B9 0E PUSH CS
293F:00BA 57 PUSH DI
293F:00BB 9AC30FAE37 CALL 37AE:0FC3
293F:00C0 6A DB 6A
293F:00C1 009ADB09 ADD [BP+SI+09DB],BL
293F:00C5 AE SCASB
293F:00C6 37 AAA
293F:00C7 A11C30 MOV AX,[301C]
293F:00CA 99 CWD
293F:00CB 52 PUSH DX
293F:00CC 50 PUSH AX
293F:00CD 6A DB 6A
293F:00CE 009A630A ADD [BP+SI+0A63],BL
293F:00D2 AE SCASB
293F:00D3 37 AAA
293F:00D4 9A4008AE37 CALL 37AE:0840
293F:00D9 9AF404AE37 CALL 37AE:04F4
293F:00DE 31C0 XOR AX,AX
293F:00E0 9A1601AE37 CALL 37AE:0116
293F:00E5 9A67053937 CALL 3739:0567
293F:00EA 9AF2013937 CALL 3739:01F2
293F:00EF B90200 MOV CX,0002
293F:00F2 31DB XOR BX,BX
293F:00F4 9A9A0EAE37 CALL 37AE:0E9A
293F:00F9 52 PUSH DX
293F:00FA 50 PUSH AX
293F:00FB 9AA3013937 CALL 3739:01A3
293F:0100 9AF2013937 CALL 3739:01F2
293F:0105 B90300 MOV CX,0003
293F:0108 31DB XOR BX,BX
293F:010A 9AD70EAE37 CALL 37AE:0ED7
293F:010F 52 PUSH DX
293F:0110 50 PUSH AX
293F:0111 9AFD013937 CALL 3739:01FD
293F:0116 B82005 MOV AX,0520
293F:0119 BA5329 MOV DX,2953
293F:011C A3847F MOV [7F84],AX
293F:011F 8916867F MOV [7F86],DX
293F:0123 C606020001 MOV BYTE PTR [0002],01
293F:0128 6A DB 6A
293F:0129 009AB70E ADD [BP+SI+0EB7],BL
293F:012D 53 PUSH BX
293F:012E 299A2000 SUB [BP+SI+0020],BX ┐其实这是一段 CALL 喔!
293F:0132 5B POP BX ┃不要被骗啦! 好好看清楚吧!
293F:0133 2AC9 SUB CL,CL ┘
293F:0135 31C0 XOR AX,AX
293F:0137 9A1601AE37 CALL 37AE:0116
293F:013C 0000 ADD [BX+SI],AL
293F:013E 0000 ADD [BX+SI],AL
293F:0140 C8 DB C8
293F:0141 1400 ADC AL,00
293F:0143 00C6 ADD DH,AL
293F:0145 46 INC SI
293F:0146 ED IN AX,DX
293F:0147 3E DS:
293F:0148 8B4604 MOV AX,[BP+04]
-G012F <---- 执行到这行
AX=0500 BX=53E4 CX=0004 DX=2953 SP=53E8 BP=55EE SI=0560 DI=000B
DS=3989 ES=0000 SS=41A8 CS=293F IP=012F NV UP EI PL NZ NA PE NC
293F:012F 9A20005B2A CALL 2A5B:0020
-U
293F:012F 9A20005B2A CALL 2A5B:0020
293F:0134 C9 DB C9
293F:0135 31C0 XOR AX,AX
293F:0137 9A1601AE37 CALL 37AE:0116
293F:013C 0000 ADD [BX+SI],AL
293F:013E 0000 ADD [BX+SI],AL
293F:0140 C8 DB C8
293F:0141 1400 ADC AL,00
293F:0143 00C6 ADD DH,AL
293F:0145 46 INC SI
293F:0146 ED IN AX,DX
293F:0147 3E DS:
293F:0148 8B4604 MOV AX,[BP+04]
293F:014B 8946EE MOV [BP-12],AX
293F:014E 8D7EEC LEA DI,[BP-14]
-T
<---- 追进去看看罗!
AX=0500 BX=53E4 CX=0004 DX=2953 SP=53E4 BP=55EE SI=0560 DI=000B
DS=3989 ES=0000 SS=41A8 CS=2A5B IP=0020 NV UP EI PL NZ NA PE NC
2A5B:0020 CD3F INT 3F
-U
2A5B:0020 CD3F INT 3F
2A5B:0022 48 DEC AX
2A5B:0023 2C00 SUB AL,00
2A5B:0025 CD3F INT 3F
2A5B:0027 5E POP SI
2A5B:0028 27 DAA
2A5B:0029 0000 ADD [BX+SI],AL
2A5B:002B 0000 ADD [BX+SI],AL
2A5B:002D 0000 ADD [BX+SI],AL
2A5B:002F 00CD ADD CH,CL
2A5B:0031 3F AAS
2A5B:0032 0000 ADD [BX+SI],AL
2A5B:0034 60 DB 60
2A5B:0035 4B DEC BX
2A5B:0036 0000 ADD [BX+SI],AL
2A5B:0038 A94CC8 TEST AX,C84C
2A5B:003B 050D00 ADD AX,000D
2A5B:003E 1C01 SBB AL,01
-T <---- 再追进去看看
AX=0500 BX=53E4 CX=0004 DX=2953 SP=53DE BP=55EE SI=0560 DI=000B
DS=3989 ES=0000 SS=41A8 CS=3739 IP=02E6 NV UP DI PL NZ NA PE NC
3739:02E6 55 PUSH BP
-U
3739:02E6 55 PUSH BP
3739:02E7 8BEC MOV BP,SP
3739:02E9 50 PUSH AX
3739:02EA 53 PUSH BX
3739:02EB 51 PUSH CX
3739:02EC 52 PUSH DX
3739:02ED 56 PUSH SI
3739:02EE 57 PUSH DI
3739:02EF 1E PUSH DS
3739:02F0 06 PUSH ES
3739:02F1 B88939 MOV AX,3989
3739:02F4 8ED8 MOV DS,AX
3739:02F6 FB STI
3739:02F7 C45E02 LES BX,[BP+02]
3739:02FA 26 ES:
3739:02FB FF37 PUSH [BX]
3739:02FD 836E0202 SUB WORD PTR [BP+02],+02
3739:0301 7505 JNZ 0308
3739:0303 E83200 CALL 0338
-U 0330
3739:0330 5F POP DI
3739:0331 5E POP SI
3739:0332 5A POP DX
3739:0333 59 POP CX
3739:0334 5B POP BX
3739:0335 58 POP AX
3739:0336 5D POP BP
3739:0337 CF IRET
3739:0338 FF062030 INC WORD PTR [3020]
3739:033C 26 ES:
3739:033D 833E100000 CMP WORD PTR [0010],+00
3739:0342 7409 JZ 034D
3739:0344 26 ES:
3739:0345 C70612000100 MOV WORD PTR [0012],0001
3739:034B EB69 JMP 03B6
3739:034D FF062230 INC WORD PTR [3022]
-G 337 <---- 返回 插断服务程式
AX=0500 BX=53E4 CX=0004 DX=2953 SP=53DE BP=55EE SI=0560 DI=000B
DS=3989 ES=0000 SS=41A8 CS=3739 IP=0337 NV UP EI NG NZ AC PE CY
3739:0337 CF IRET
-T
AX=0500 BX=53E4 CX=0004 DX=2953 SP=53E4 BP=55EE SI=0560 DI=000B
DS=3989 ES=0000 SS=41A8 CS=2A5B IP=0020 NV UP EI PL NZ NA PE NC
2A5B:0020 EA482C0747 JMP 4707:2C48
-T <---- 再追进去 JMP 4707:2C48
AX=0500 BX=53E4 CX=0004 DX=2953 SP=53E4 BP=55EE SI=0560 DI=000B
DS=3989 ES=0000 SS=41A8 CS=4707 IP=2C48 NV UP EI PL NZ NA PE NC
4707:2C48 55 PUSH BP
4707:2C49 89E5 MOV BP,SP
4707:2C4B B89004 MOV AX,0490
4707:2C4E 9A3005AE37 CALL 37AE:0530
4707:2C53 81EC9004 SUB SP,0490
4707:2C57 C606783042 MOV BYTE PTR [3078],42
4707:2C5C 9A39007C31 CALL 317C:0039
4707:2C61 9AB1008431 CALL 3184:00B1
4707:2C66 9A34005130 CALL 3051:0034
..... ......... .... .......... 无 关 紧 要 所 以 略 过 罗!
-U 3B90
4707:3B90 F9 STC
4707:3B91 30BF1C61 XOR [BX+611C],BH
4707:3B95 1E PUSH DS
4707:3B96 57 PUSH DI
4707:3B97 9AB410AE37 CALL 37AE:10B4
4707:3B9C 7502 JNZ 3BA0
4707:3B9E EB38 JMP 3BD8
4707:3BA0 8DBE80FB LEA DI,[BP+FB80]
4707:3BA4 16 PUSH SS
4707:3BA5 57 PUSH DI
4707:3BA6 BF0B2B MOV DI,2B0B
4707:3BA9 0E PUSH CS
4707:3BAA 57 PUSH DI
4707:3BAB 9AC30FAE37 CALL 37AE:0FC3
-G 3B97 <---- 追到 4707:3B97 这个 CALL
姹
AX=0008 BX=4E32 CX=0000 DX=3989 SP=4F4A BP=53E2 SI=4E4D DI=611C
*
DS=3989 ES=41A8 SS=41A8 CS=4707 IP=3B97 NV UP EI PL ZR NA PE NC
*
4707:3B97 9AB410AE37 CALL 37AE:10B4
*
-T <---- 一起进去看一下吧!
AX=0008 BX=4E32 CX=0000 DX=3989 SP=4F46 BP=53E2 SI=4E4D DI=611C
DS=3989 ES=41A8 SS=41A8 CS=37AE IP=10B4 NV UP EI PL ZR NA PE NC
37AE:10B4 FC CLD
-U 10B0
37AE:10B0 5D POP BP
37AE:10B1 CA0800 RETF 0008
37AE:10B4 FC CLD
37AE:10B5 8BDC MOV BX,SP
37AE:10B7 8CDA MOV DX,DS
37AE:10B9 36 SS:
37AE:10BA C57708 LDS SI,[BX+08]
37AE:10BD 36 SS:
37AE:10BE C47F04 LES DI,[BX+04]
37AE:10C1 AC LODSB
37AE:10C2 26 ES:
37AE:10C3 8A25 MOV AH,[DI]
37AE:10C5 47 INC DI
37AE:10C6 8AC8 MOV CL,AL
37AE:10C8 3ACC CMP CL,AH
37AE:10CA 7602 JBE 10CE
37AE:10CC 8ACC MOV CL,AH
37AE:10CE 0AC9 OR CL,CL
-G 10C2 <---- 执行到这行看看 就*
ES:611C 这个记忆体
AX=0008 BX=4F46 CX=0000 DX=3989 SP=4F46 BP=53E2 SI=5163 DI=611C
DS=41A8 ES=3989 SS=41A8 CS=37AE IP=10C2 NV UP EI PL ZR NA PE NC
37AE:10C2 26 ES:
37AE:10C3 8A25 MOV AH,[DI] ES:
-D ES:611C <---- 让我秀出来看看...o
太棒啦! 让我找到注
存放的记忆体位址啦
抄起来重跑一次吧!.
3989:6110 08 34 39 37
3989:6120 46 31 43 36 44 00 00 00-00 00 00 00 00 00 00 00 F1C6D....
3989:6130 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
3989:6140 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
3989:6150 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
3989:6160 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
3989:6170 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
3989:6180 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
3989:6190 00 00 00 00 00 00 00 00-00 00 00 00 ............
这样就算出 银版快信的注册码了 高兴吧!...OOOOOH!SONG!!
PS:若您的 ES:611C 不是跟我相同的话 请不要担心 这是正常的啦!
因为每个人的电脑环境都不是相同的 所以就会这样子啦。
</XMP></BODY></HTML>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -