📄
字号:
软件名称:博奥彩票黄金版 retate.exe 951KB
下载地点:http://www.boao.con.cn
发 信 人: 井 风
时 间: 2001-02-03
破解工具:Trw20001.22
解题难度:[专 业] [学 士] [硕 士] [博 士]
********
前 言:
这个软件做了一些防破解的手脚,但不是很高明。功底较浅者可能会被套住!
过 程:
1、注册窗口填入: 注册码 ABCD12345678;
2、用“井风跟踪”法找到出错的CALL,详细过程参见“井风”之WINZIP8.0破解教学篇;
3、分析代码:
015F:005542A5 LEA EAX,[EBP-24]
015F:005542A8 MOV EDX,02
015F:005542AD CALL 00672184
015F:005542B2 DEC DWORD [EBP-68]
015F:005542B5 LEA EAX,[EBP-20]
015F:005542B8 MOV EDX,02
015F:005542BD CALL 00672184
015F:005542C2 MOV WORD [EBP-74],08
015F:005542C8 MOV WORD [EBP-74],44
015F:005542CE XOR EAX,EAX
015F:005542D0 LEA EDX,[EBP-14]
015F:005542D3 MOV [EBP-14],EAX
015F:005542D6 MOV EAX,89
015F:005542DB INC DWORD [EBP-68]
015F:005542DE CALL 00505A9C
015F:005542E3 MOV WORD [EBP-74],08
015F:005542E9 MOV WORD [EBP-74],50
015F:005542EF XOR ECX,ECX
015F:005542F1 MOV [EBP-28],ECX
015F:005542F4 LEA EDX,[EBP-28]
015F:005542F7 INC DWORD [EBP-68]
015F:005542FA MOV EAX,[EBP-08]]]
015F:005542FD CALL 005035BC
015F:00554302 LEA EAX,[EBP-28]
015F:00554305 MOV EAX,[EAX]
015F:00554307 XOR EDX,EDX
015F:00554309 MOV [EBP-18],EDX
015F:0055430C LEA EDX,[EBP-18]
015F:0055430F INC DWORD [EBP-68]
015F:00554312 CALL 005035BC
015F:00554317 DEC DWORD [EBP-68]
015F:0055431A LEA EAX,[EBP-28]
015F:0055431D MOV EDX,02
015F:00554322 CALL 00672184
015F:00554327 MOV WORD [EBP-74],08
015F:0055432D MOV WORD [EBP-74],5C
015F:00554333 XOR EAX,EAX
015F:00554335 LEA EDX,[EBP-1C]
015F:00554338 MOV [EBP-1C],EAX
015F:0055433B MOV EAX,93
015F:00554340 INC DWORD [EBP-68]
015F:00554343 CALL 00505A9C
015F:00554348 MOV WORD [EBP-74],08
015F:0055434E LEA EDX,[EBP-18] <=====D *EDX 可见序列号 [PASSWORD-1]
015F:00554351 LEA EAX,[EBP-10] <=====D *EAX 可见序列号 [PASSWORD-2]
015F:00554354 CALL 00672268 <=====此CALL为验证?
015F:00554359 TEST AL,AL
015F:0055435B JZ NEAR 0055461B <=====如跳则到**行,继而执执*行,出错!向上分析
015F:00554361 MOV WORD [EBP-74],74
015F:00554367 MOV EDX,006BA084
015F:0055436C LEA EAX,[EBP-30]
015F:0055436F CALL 00671FF8
015F:00554374 INC DWORD [EBP-68]
015F:00554377 XOR EAX,EAX
015F:00554379 MOV [EBP-34],EAX
015F:0055437C MOV EAX,[006BFD74]
·
·
·
015F:005545F8 MOV EAX,[EBP+FFFFFF78]
015F:005545FE CALL 00611F6C
015F:00554603 DEC DWORD [EBP-68]
015F:00554606 LEA EAX,[EBP-2C]
015F:00554609 MOV EDX,02
015F:0055460E CALL 00672184
015F:00554613 MOV WORD [EBP-74],08
015F:00554619 JMP SHORT 00554638
015F:0055461B PUSH BYTE +30 <=====记为[**]
015F:0055461D PUSH DWORD 006BA0DA
015F:00554622 PUSH DWORD 006BA0D0
015F:00554627 MOV EAX,[EBP+FFFFFF78]
015F:0055462D CALL 0062C3C8
015F:00554632 PUSH EAX
015F:00554633 CALL 00673826
015F:00554638 DEC DWORD [EBP-68]
015F:0055463B LEA EAX,[EBP-1C]
015F:0055463E MOV EDX,02
015F:00554643 CALL 00672184
015F:00554648 DEC DWORD [EBP-68]
015F:0055464B LEA EAX,[EBP-18]
015F:0055464E MOV EDX,02
015F:00554653 CALL 00672184
015F:00554658 DEC DWORD [EBP-68]
015F:0055465B LEA EAX,[EBP-14]
015F:0055465E MOV EDX,02
015F:00554663 CALL 00672184 <=====执行此行则出现错误框,记为[*],向上分析
015F:00554668 DEC DWORD [EBP-68]
015F:0055466B LEA EAX,[EBP-10]
015F:0055466E MOV EDX,02
015F:00554673 CALL 00672184
·
·
·
验 证:
输入找出的序列号,还是提示注册失败!!
小 结:
注意此软件能够检测出TRW2000,一旦检测到则不起动程序。解决办法是在起到此程序之
后运行TRW2000。
按上述方法找出的序列号并不正确,它是由ABCD12345678经过一番变换得出的。当你输入
PASSWORD-2处的注册码时,经变换后又变成另外一组号码了,和PASSWORD-1还是不一致。
正确序列号到底在那呢?在代码中已经做了记号,请你仔细找一找。只要执行那行后用D EAX
即见正确注册码。现在你能体会到此软件是如何做手脚的吧。
后 记:
有疑问请与我联系:hz.cy@163.net⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -