 这就是我 |
|
|
|
最新公告 |
|
|
管理我的BLOG |
|
| 站点日历 |
<< < 2006 - 9 > >>| 日 |
一 |
二 |
三 |
四 |
五 |
六 |
|---|
| |
|
|
|
1 |
2 |
3 |
| 4 |
5 |
6 |
7 |
8 |
9 |
10 |
| 11 |
12 |
13 |
14 |
15 |
16 |
17 |
| 18 |
19 |
20 |
21 |
22 |
23 |
24 |
| 25 |
26 |
27 |
28 |
29 |
30 |
|
|
| 最新日志 |
|
| 最新回复 |
|
| 最新留言 |
|
 日志搜索 |
|
|
 友情链接 |
处理 SSI 文件时出错
|
 其他信息 |
|
|
|
|
|
|
|
|
|
· 【转贴】一个桌面软件的破解及注册算法分析 -|松下老者 发表于 2005-9-4 20:52:00 |
【软件介绍】:桌面软件
【软件下载】:http://gamerstower.com/updates/
【软件限制】:注册码
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:PEiD, DeDe, OllyDbg, W32DSM, FileMon
【破解过程】:
软件无壳, PEiD 检测为 Borland Delphi 6.0-7.0
用OLLYDBG载入
004C4F20 >/$ 55 PUSH EBP ; 停在这儿, F8先单步跟几下
004C4F21 |. 8BEC MOV EBP,ESP
004C4F23 |. 83C4 E4 ADD ESP,-1C
004C4F26 |. 53 PUSH EBX
004C4F27 |. 33C0 XOR EAX,EAX
...
004C50B4 |. A1 40B74C00 MOV EAX,DWORD PTR DS:[4CB740] ; [4CB740]=4CA7C0
004C50B9 |. 8038 00 CMP BYTE PTR DS:[EAX],0 ; [4CA7C0]=1, 会出现注册提示
004C50BC |. 75 14 JNZ SHORT MUD2004.004C50D2
004C50BE |. A1 60B44C00 MOV EAX,DWORD PTR DS:[4CB460]
004C50C3 |. 8038 00 CMP BYTE PTR DS:[EAX],0
004C50C6 |. 74 2B JE SHORT MUD2004.004C50F3
004C50C8 |. A1 54B64C00 MOV EAX,DWORD PTR DS:[4CB654]
004C50CD |. 8038 00 CMP BYTE PTR DS:[EAX],0
004C50D0 |. 75 21 JNZ SHORT MUD2004.004C50F3
004C50D2 |> 6A 00 PUSH 0 ; /Arg1 = 00000000
004C50D4 |. 66:8B0D 50534>MOV CX,WORD PTR DS:[4C5350] ; |
004C50DB |. B2 03 MOV DL,3 ; |
004C50DD |. B8 5C534C00 MOV EAX,MUD2004.004C535C ; |ASCII "Do you want to register your copy Multi User Desktop 2004?"
004C50E2 |. E8 B1A2F7FF CALL MUD2004.0043F398 ; \MUD2004.0043F398
004C50E7 |. 83F8 06 CMP EAX,6
004C50EA |. 75 07 JNZ SHORT MUD2004.004C50F3
004C50EC |. C605 E4B14C00>MOV BYTE PTR DS:[4CB1E4],1
004C50F3 |> A1 54B64C00 MOV EAX,DWORD PTR DS:[4CB654] ; [4CB654]=4CA7D8
004C50F8 |. 8038 00 CMP BYTE PTR DS:[EAX],0 ; 如果[4CA7D8]=1, 会出现激活提示
004C50FB |. 74 21 JE SHORT MUD2004.004C511E
004C50FD |. 6A 00 PUSH 0 ; /Arg1 = 00000000
004C50FF |. 66:8B0D 50534>MOV CX,WORD PTR DS:[4C5350] ; |
004C5106 |. B2 03 MOV DL,3 ; |
004C5108 |. B8 A0534C00 MOV EAX,MUD2004.004C53A0 ; |ASCII "Do you want to activate your copy Multi User Desktop 2004?"
004C510D |. E8 86A2F7FF CALL MUD2004.0043F398 ; \MUD2004.0043F398
004C5112 |. 83F8 06 CMP EAX,6
004C5115 |. 75 07 JNZ SHORT MUD2004.004C511E
004C5117 |. C605 E8B14C00>MOV BYTE PTR DS:[4CB1E8],1
004C511E |> A1 B0B54C00 MOV EAX,DWORD PTR DS:[4CB5B0]
...
收获:
[4CB740]=4CA7C0
[4CA7C0]=1, 会出现注册提示
[4CB654]=4CA7D8
[4CA7D8]=1, 会出现激活提示
用 DeDe3.50 分析, 再配合OLLYDBG动态跟踪:
procedure TMD2004SettingsWnd.FormCreate(Sender : TObject);
004B9E34 /. 55 PUSH EBP
004B9E35 |. 8BEC MOV EBP,ESP
004B9E37 |. 33C9 XOR ECX,ECX
...
* Reference to: Unit_00491B98.Proc_004922CC
|
004B9EB4 |. E8 1384FDFF CALL MUD2004.004922CC ; 重要的CALL, 需要仔细跟踪与分析
004B9EB9 |. A1 40B74C00 MOV EAX,DWORD PTR DS:[4CB740] ; [4CB740]=4CA7C0
004B9EBE |. 8038 00 CMP BYTE PTR DS:[EAX],0 ; [4CA7C0]=01, need_register
004B9EC1 |. 75 18 JNZ SHORT MUD2004.004B9EDB
004B9EC3 |. A1 60B44C00 MOV EAX,DWORD PTR DS:[4CB460]
004B9EC8 |. 8038 00 CMP BYTE PTR DS:[EAX],0
004B9ECB |. 74 0A JE SHORT MUD2004.004B9ED7
004B9ECD |. A1 54B64C00 MOV EAX,DWORD PTR DS:[4CB654] ; [4CB654]=4CA7D8
004B9ED2 |. 8038 00 CMP BYTE PTR DS:[EAX],0 ; [4CA7D8]=01, need_activate
004B9ED5 |. 74 04 JE SHORT MUD2004.004B9EDB
004B9ED7 |> 33D2 XOR EDX,EDX
004B9ED9 |. EB 02 JMP SHORT MUD2004.004B9EDD
004B9EDB |> B2 01 MOV DL,1
* Reference to control TMD2004SettingsWnd.tsRegistration : TTabSheet
|
004B9EDD |> 8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
* Reference to: ComCtrls.TTabSheet.SetTabVisible(TTabSheet;Boolean);
|
004B9EE3 |. E8 842DFEFF CALL MUD2004.0049CC6C
004B9EE8 |. 8B15 54B64C00 MOV EDX,DWORD PTR DS:[4CB654] ; MUD2004.004CA7D8
004B9EEE |. 8A12 MOV DL,BYTE PTR DS:[EDX]
* Reference to control TMD2004SettingsWnd.tsAct : TTabSheet
|
004B9EF0 |. 8B83 E8030000 MOV EAX,DWORD PTR DS:[EBX+3E8]
* Reference to: ComCtrls.TTabSheet.SetTabVisible(TTabSheet;Boolean);
|
004B9EF6 |. E8 712DFEFF CALL MUD2004.0049CC6C
004B9EFB |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
* Reference to: Unit_00484894.Proc_00484BA8
|
004B9EFE |. E8 A5ACFCFF CALL MUD2004.00484BA8
004B9F03 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
* Reference to control TMD2004SettingsWnd.eUser : TLabeledEdit
|
004B9F06 |. 8B83 C4030000 MOV EAX,DWORD PTR DS:[EBX+3C4]
* Reference to: Controls.TControl.SetText(TControl;TCaption);
|
004B9F0C |. E8 63BEF8FF CALL MUD2004.00445D74
004B9F11 |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
004B9F14 |. A1 F4B54C00 MOV EAX,DWORD PTR DS:[4CB5F4] ; [4CB5F4]=4CA7C8
004B9F19 |. 8B00 MOV EAX,DWORD PTR DS:[EAX] ; [4CA7C8]=trial_period days
* Reference to: Unit_00407F88.Proc_00408F9C
|
004B9F1B |. E8 7CF0F4FF CALL MUD2004.00408F9C
004B9F20 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
* Possible String Reference to: ' days'
|
004B9F23 |. BA 94A14B00 MOV EDX,MUD2004.004BA194 ; ASCII " days"
* Reference to: System.@LStrCat;
|
004B9F28 |. E8 17ABF4FF CALL MUD2004.00404A44
004B9F2D |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
* Reference to control TMD2004SettingsWnd.lPeriod : TLabel
|
004B9F30 |. 8B83 B8030000 MOV EAX,DWORD PTR DS:[EBX+3B8]
* Reference to: Controls.TControl.SetText(TControl;TCaption);
|
004B9F36 |. E8 39BEF8FF CALL MUD2004.00445D74
* Reference to pointer to GlobalVar_004CD2D4
|
004B9F3B |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
004B9F3E |. A1 7CB74C00 MOV EAX,DWORD PTR DS:[4CB77C] ; [4CB77C] = 4CD2D4
004B9F43 |. 8B00 MOV EAX,DWORD PTR DS:[EAX] ; [4CD2D4] = active_period days
...
004922CC /$ 55 PUSH EBP
004922CD |. 8BEC MOV EBP,ESP
004922CF |. E8 BCBEFDFF CALL MUD2004.0046E190 ; 检测调试器
004922D4 |. 84C0 TEST AL,AL
004922D6 |. 75 42 JNZ SHORT MUD2004.0049231A ; 调试器被检测到, 跳
004922D8 |. E8 83FBFFFF CALL MUD2004.00491E60 ; *******关键都在这里了, 需要仔细跟踪与分析
004922DD |. 833D CCA74C00>CMP DWORD PTR DS:[4CA7CC],0 ; 0=trial version?
004922E4 |. 75 0E JNZ SHORT MUD2004.004922F4 ; No
004922E6 |. E8 EDF9FFFF CALL MUD2004.00491CD8
004922EB |. C605 D8A74C00>MOV BYTE PTR DS:[4CA7D8],0 ; 0 = 不要显示激活
004922F2 |. EB 4C JMP SHORT MUD2004.00492340
004922F4 |> C605 C0A74C00>MOV BYTE PTR DS:[4CA7C0],0 ; 0 = 不要显示注册
004922FB |. 803D D8A74C00>CMP BYTE PTR DS:[4CA7D8],0 ; need_activate?
00492302 |. 74 09 JE SHORT MUD2004.0049230D ;
00492304 |. 833D D4D24C00>CMP DWORD PTR DS:[4CD2D4],0 ; activate_period==0?
0049230B |. 74 04 JE SHORT MUD2004.00492311
0049230D |> 33C0 XOR EAX,EAX ; expired=0
0049230F |. EB 02 JMP SHORT MUD2004.00492313
00492311 |> B0 01 MOV AL,1 ; expired=1, 已过期
00492313 |> A2 C4A74C00 MOV BYTE PTR DS:[4CA7C4],AL ; expired
00492318 |. EB 26 JMP SHORT MUD2004.00492340
//Debug_present, here
0049231A |> C605 C4A74C00>MOV BYTE PTR DS:[4CA7C4],0 ; No expired
00492321 |. C605 D8A74C00>MOV BYTE PTR DS:[4CA7D8],0 ; No activate
00492328 |. 33C0 XOR EAX,EAX
0049232A |. A3 CCA74C00 MOV DWORD PTR DS:[4CA7CC],EAX ; trial version
0049232F |. C605 C0A74C00>MOV BYTE PTR DS:[4CA7C0],1 ; need register
00492336 |. C705 C8A74C00>MOV DWORD PTR DS:[4CA7C8],0E ; trial_period = 14 days
00492340 |> 803D C4A74C00>CMP BYTE PTR DS:[4CA7C4],0 ; expired?
00492347 |. 74 25 JE SHORT MUD2004.0049236E
00492349 |. 803D D8A74C00>CMP BYTE PTR DS:[4CA7D8],0 ; need_activate?
00492350 |. 75 1C JNZ SHORT MUD2004.0049236E
00492352 |. 33C0 XOR EAX,EAX
00492354 |. A3 CCA74C00 MOV DWORD PTR DS:[4CA7CC],EAX ; trial version
00492359 |. C605 D8A74C00>MOV BYTE PTR DS:[4CA7D8],0 ; no activate
00492360 |. C605 C0A74C00>MOV BYTE PTR DS:[4CA7C0],1 ; need_register
00492367 |. 33C0 XOR EAX,EAX
00492369 |. A3 C8A74C00 MOV DWORD PTR DS:[4CA7C8],EAX ; trial_period = 0 days
0049236E |> 5D POP EBP
0049236F \. C3 RETN
通过在OLLYDBG中动态修改下面的值, 很容易分析出各处的意义.
dword [004CD2D4] activate_period
byte [004CA7C0] 1=need_register
byte [004CA7C4] expired
dword [004CA7C8] trial_period
dword [004CA7CC] 0=trial, 1= st, 2=pr,3=?
byte [004CA7D8] 1=need_activate
若要在这里爆破, 可将
004922E4 75 0E JNZ SHORT MUD2004.004922F4
改成
004922E4 EB 0E JMP SHORT MUD2004.004922F4
不过程序有自校验,还得破自校验,
还是跟踪注册码,分析算法
用FileMon可看到, 输入username与registercode后, 软件对
C:\Documents and Settings\All Users\Application Data\Gamers Tower\Multi User Desktop 2004.lic
有读写, 用记事本打开, username 在第1行, registercode 在第2行
// 开始跟踪
00491E60 $ 55 PUSH EBP
00491E61 . 8BEC MOV EBP,ESP
00491E63 . B9 42000000 MOV ECX,42
00491E68 > 6A 00 PUSH 0
00491E6A . 6A 00 PUSH 0
00491E6C . 49 DEC ECX
00491E6D .^ 75 F9 JNZ SHORT MUD2004.00491E68
00491E6F . 51 PUSH ECX
00491E70 . 33C0 XOR EAX,EAX
00491E72 . 55 PUSH EBP
00491E73 . 68 42224900 PUSH MUD2004.00492242
00491E78 . 64:FF30 PUSH DWORD PTR FS:[EAX]
00491E7B . 64:8920 MOV DWORD PTR FS:[EAX],ESP
00491E7E . 8D85 24FEFFFF LEA EAX,DWORD PTR SS:[EBP-1DC]
00491E84 . E8 9F8EFEFF CALL MUD2004.0047AD28
00491E89 . FFB5 24FEFFFF PUSH DWORD PTR SS:[EBP-1DC]
00491E8F . 68 58224900 PUSH MUD2004.00492258
00491E94 . 68 64224900 PUSH MUD2004.00492264 ; ASCII "Gamers Tower"
00491E99 . 68 58224900 PUSH MUD2004.00492258
00491E9E . 68 7C224900 PUSH MUD2004.0049227C ; ASCII "Multi User Desktop 2004"
00491EA3 . 68 9C224900 PUSH MUD2004.0049229C ; ASCII ".lic"
00491EA8 . 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
00491EAB . BA 06000000 MOV EDX,6
00491EB0 . E8 472CF7FF CALL MUD2004.00404AFC
00491EB5 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; EAX=010A5A9C
010A5A9C 43 3A 5C 44 6F 63 75 6D 65 6E 74 73 20 61 6E 64 C:\Documents and
010A5AAC 20 53 65 74 74 69 6E 67 73 5C 41 6C 6C 20 55 73 Settings\All Us
010A5ABC 65 72 73 5C 41 70 70 6C 69 63 61 74 69 6F 6E 20 ers\Application
010A5ACC 44 61 74 61 5C 47 61 6D 65 72 73 20 54 6F 77 65 Data\Gamers Towe
010A5ADC 72 5C 4D 75 6C 74 69 20 55 73 65 72 20 44 65 73 r\Multi User Des
010A5AEC 6B 74 6F 70 20 32 30 30 34 2E 6C 69 63 00 ktop 2004.lic.
00491EB8 . E8 9B74F7FF CALL MUD2004.00409358
00491EBD . 84C0 TEST AL,AL
00491EBF . 74 6E JE SHORT MUD2004.00491F2F
00491EC1 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00491EC4 . 8D85 28FEFFFF LEA EAX,DWORD PTR SS:[EBP-1D8]
00491ECA . E8 6D0FF7FF CALL MUD2004.00402E3C
00491ECF . 8D85 28FEFFFF LEA EAX,DWORD PTR SS:[EBP-1D8]
00491ED5 . E8 F20CF7FF CALL MUD2004.00402BCC
00491EDA . E8 250AF7FF CALL MUD2004.00402904
00491EDF . BA D4A74C00 MOV EDX,MUD2004.004CA7D4
00491EE4 . 8D85 28FEFFFF LEA EAX,DWORD PTR SS:[EBP-1D8]
00491EEA . E8 ED12F7FF CALL MUD2004.004031DC
00491EEF . 8D85 28FEFFFF LEA EAX,DWORD PTR SS:[EBP-1D8]
00491EF5 . E8 4E13F7FF CALL MUD2004.00403248
00491EFA . E8 050AF7FF CALL MUD2004.00402904
00491EFF . BA D0A74C00 MOV EDX,MUD2004.004CA7D0
00491F04 . 8D85 28FEFFFF LEA EAX,DWORD PTR SS:[EBP-1D8]
00491F0A . E8 CD12F7FF CALL MUD2004.004031DC
00491F0F . 8D85 28FEFFFF LEA EAX,DWORD PTR SS:[EBP-1D8]
00491F15 . E8 2E13F7FF CALL MUD2004.00403248
00491F1A . E8 E509F7FF CALL MUD2004.00402904
00491F1F . 8D85 28FEFFFF LEA EAX,DWORD PTR SS:[EBP-1D8]
00491F25 . E8 DA0FF7FF CALL MUD2004.00402F04
00491F2A . E8 D509F7FF CALL MUD2004.00402904
00491F2F > 33C0 XOR EAX,EAX
00491F31 . A3 CCA74C00 MOV DWORD PTR DS:[4CA7CC],EAX
00491F36 . 8B15 D0A74C00 MOV EDX,DWORD PTR DS:[4CA7D0] ; 输入的RegisterCode
00491F3C . A1 D4A74C00 MOV EAX,DWORD PTR DS:[4CA7D4] ; 输入的UserName
00491F41 . E8 76FBFFFF CALL MUD2004.00491ABC ; *** 返回 EAX==-1 就 GAMEOVER
00491F46 . 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
00491F49 . 837D F4 FF CMP DWORD PTR SS:[EBP-C],-1
00491F4D . 0F8E E4000000 JLE MUD2004.00492037
00491F53 . 8D85 1CFEFFFF LEA EAX,DWORD PTR SS:[EBP-1E4]
00491F59 . 50 PUSH EAX
00491F5A . B9 02000000 MOV ECX,2
00491F5F . BA 06000000 MOV EDX,6
00491F64 . A1 D0A74C00 MOV EAX,DWORD PTR DS:[4CA7D0]
00491F69 . E8 262DF7FF CALL MUD2004.00404C94
00491F6E . 8B85 1CFEFFFF MOV EAX,DWORD PTR SS:[EBP-1E4]
00491F74 . 8D95 20FEFFFF LEA EDX,DWORD PTR SS:[EBP-1E0]
00491F7A . E8 E56CF7FF CALL MUD2004.00408C64
00491F7F . 8B85 20FEFFFF MOV EAX,DWORD PTR SS:[EBP-1E0]
00491F85 . BA AC224900 MOV EDX,MUD2004.004922AC ; ASCII "ST"
00491F8A . E8 F12BF7FF CALL MUD2004.00404B80
00491F8F . 75 0A JNZ SHORT MUD2004.00491F9B
00491F91 . C705 CCA74C00>MOV DWORD PTR DS:[4CA7CC],1 ; 1 = Standard Version
00491F9B > 8D85 14FEFFFF LEA EAX,DWORD PTR SS:[EBP-1EC]
00491FA1 . 50 PUSH EAX
00491FA2 . B9 02000000 MOV ECX,2
00491FA7 . BA 06000000 MOV EDX,6
00491FAC . A1 D0A74C00 MOV EAX,DWORD PTR DS:[4CA7D0]
00491FB1 . E8 DE2CF7FF CALL MUD2004.00404C94
00491FB6 . 8B85 14FEFFFF MOV EAX,DWORD PTR SS:[EBP-1EC]
00491FBC . 8D95 18FEFFFF LEA EDX,DWORD PTR SS:[EBP-1E8]
00491FC2 . E8 9D6CF7FF CALL MUD2004.00408C64
00491FC7 . 8B85 18FEFFFF MOV EAX,DWORD PTR SS:[EBP-1E8]
00491FCD . BA B8224900 MOV EDX,MUD2004.004922B8 ; ASCII "PR"
00491FD2 . E8 A92BF7FF CALL MUD2004.00404B80
00491FD7 . /75 0A JNZ SHORT MUD2004.00491FE3
00491FD9 . |C705 CCA74C00>MOV DWORD PTR DS:[4CA7CC],2 ; 2 = Professional Version
00491FE3 > \8D85 0CFEFFFF LEA EAX,DWORD PTR SS:[EBP-1F4]
00491FE9 . 50 PUSH EAX
00491FEA . B9 02000000 MOV ECX,2
00491FEF . BA 06000000 MOV EDX,6
00491FF4 . A1 D0A74C00 MOV EAX,DWORD PTR DS:[4CA7D0]
00491FF9 . E8 962CF7FF CALL MUD2004.00404C94
00491FFE . 8B85 0CFEFFFF MOV EAX,DWORD PTR SS:[EBP-1F4]
00492004 . 8D95 10FEFFFF LEA EDX,DWORD PTR SS:[EBP-1F0]
0049200A . E8 556CF7FF CALL MUD2004.00408C64
0049200F . 8B85 10FEFFFF MOV EAX,DWORD PTR SS:[EBP-1F0]
00492015 . BA C4224900 MOV EDX,MUD2004.004922C4 ; ASCII "LT"
0049201A . E8 612BF7FF CALL MUD2004.00404B80
0049201F . 75 0A JNZ SHORT MUD2004.0049202B
00492021 . C705 CCA74C00>MOV DWORD PTR DS:[4CA7CC],3 ; 3 = LT version
0049202B > C605 D8A74C00>MOV BYTE PTR DS:[4CA7D8],0
00492032 . E9 C5010000 JMP MUD2004.004921FC
00492037 > 33C0 XOR EAX,EAX ;
00492039 . 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX ; 0 = Trial Version
0049203C . 8B0D C8B54C00 MOV ECX,DWORD PTR DS:[4CB5C8] ; MUD2004.004CCC3C
00492042 . 8B09 MOV ECX,DWORD PTR DS:[ECX]
00492044 . B2 01 MOV DL,1
00492046 . A1 48A34800 MOV EAX,DWORD PTR DS:[48A348]
0049204B . E8 8C84FFFF CALL MUD2004.0048A4DC
00492050 . 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
00492053 . A1 D0A74C00 MOV EAX,DWORD PTR DS:[4CA7D0]
00492058 . E8 DF29F7FF CALL MUD2004.00404A3C
0049205D . 83F8 07 CMP EAX,7
00492060 . 0F8E 96010000 JLE MUD2004.004921FC
00492066 . 33C0 XOR EAX,EAX
00492068 . 55 PUSH EBP
00492069 . 68 F2214900 PUSH MUD2004.004921F2
0049206E . 64:FF30 PUSH DWORD PTR FS:[EAX]
00492071 . 64:8920 MOV DWORD PTR FS:[EAX],ESP
00492074 . 6A 00 PUSH 0
00492076 . 6A 00 PUSH 0
00492078 . 8D85 08FEFFFF LEA EAX,DWORD PTR SS:[EBP-1F8]
0049207E . 8B15 D4A74C00 MOV EDX,DWORD PTR DS:[4CA7D4]
00492084 . E8 772FF7FF CALL MUD2004.00405000
00492089 . 8B85 08FEFFFF MOV EAX,DWORD PTR SS:[EBP-1F8]
0049208F . 50 PUSH EAX
00492090 . 8D85 04FEFFFF LEA EAX,DWORD PTR SS:[EBP-1FC]
00492096 . 8B15 D0A74C00 MOV EDX,DWORD PTR DS:[4CA7D0]
0049209C . E8 5F2FF7FF CALL MUD2004.00405000
004920A1 . 8B95 04FEFFFF MOV EDX,DWORD PTR SS:[EBP-1FC]
004920A7 . 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004920AA . 59 POP ECX
004920AB . E8 2885FFFF CALL MUD2004.0048A5D8
004920B0 . 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
004920B3 . 33C0 XOR EAX,EAX
004920B5 . 5A POP EDX
004920B6 . 59 POP ECX
004920B7 . 59 POP ECX
004920B8 . 64:8910 MOV DWORD PTR FS:[EAX],EDX
004920BB . 68 FC214900 PUSH MUD2004.004921FC
004920C0 > 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004920C3 . E8 CC18F7FF CALL MUD2004.00403994
004920C8 . 837D F4 FF CMP DWORD PTR SS:[EBP-C],-1
004920CC . 0F8E 1F010000 JLE MUD2004.004921F1
004920D2 . E8 898AF7FF CALL MUD2004.0040AB60
004920D7 . DB45 F4 FILD DWORD PTR SS:[EBP-C]
004920DA . DEE9 FSUBP ST(1),ST
004920DC . D825 C8224900 FSUB DWORD PTR DS:[4922C8]
004920E2 . E8 4D0AF7FF CALL MUD2004.00402B34
004920E7 . BA 1E000000 MOV EDX,1E
004920EC . 2BD0 SUB EDX,EAX
004920EE . 8915 D4D24C00 MOV DWORD PTR DS:[4CD2D4],EDX
004920F4 . 833D D4D24C00>CMP DWORD PTR DS:[4CD2D4],0
004920FB . 7C 09 JL SHORT MUD2004.00492106
004920FD . 833D D4D24C00>CMP DWORD PTR DS:[4CD2D4],1E
00492104 . 7E 07 JLE SHORT MUD2004.0049210D
00492106 > 33C0 XOR EAX,EAX
00492108 . A3 D4D24C00 MOV DWORD PTR DS:[4CD2D4],EAX
0049210D > E8 5AFCFFFF CALL MUD2004.00491D6C
00492112 . 34 01 XOR AL,1
00492114 . A2 D8A74C00 MOV BYTE PTR DS:[4CA7D8],AL
00492119 . 8D85 FCFDFFFF LEA EAX,DWORD PTR SS:[EBP-204]
0049211F . 50 PUSH EAX
00492120 . B9 02000000 MOV ECX,2
00492125 . BA 06000000 MOV EDX,6
0049212A . A1 D0A74C00 MOV EAX,DWORD PTR DS:[4CA7D0]
0049212F . E8 602BF7FF CALL MUD2004.00404C94
00492134 . 8B85 FCFDFFFF MOV EAX,DWORD PTR SS:[EBP-204]
0049213A . 8D95 00FEFFFF LEA EDX,DWORD PTR SS:[EBP-200]
00492140 . E8 1F6BF7FF CALL MUD2004.00408C64
00492145 . 8B85 00FEFFFF MOV EAX,DWORD PTR SS:[EBP-200]
0049214B . BA AC224900 MOV EDX,MUD2004.004922AC ; ASCII "ST"
00492150 . E8 2B2AF7FF CALL MUD2004.00404B80
00492155 . 75 0A JNZ SHORT MUD2004.00492161
00492157 . C705 CCA74C00>MOV DWORD PTR DS:[4CA7CC],1
00492161 > 8D85 F4FDFFFF LEA EAX,DWORD PTR SS:[EBP-20C]
00492167 . 50 PUSH EAX
00492168 . B9 02000000 MOV ECX,2
0049216D . BA 06000000 MOV EDX,6
00492172 . A1 D0A74C00 MOV EAX,DWORD PTR DS:[4CA7D0]
00492177 . E8 182BF7FF CALL MUD2004.00404C94
0049217C . 8B85 F4FDFFFF MOV EAX,DWORD PTR SS:[EBP-20C]
00492182 . 8D95 F8FDFFFF LEA EDX,DWORD PTR SS:[EBP-208]
00492188 . E8 D76AF7FF CALL MUD2004.00408C64
0049218D . 8B85 F8FDFFFF MOV EAX,DWORD PTR SS:[EBP-208]
00492193 . BA B8224900 MOV EDX,MUD2004.004922B8 ; ASCII "PR"
00492198 . E8 E329F7FF CALL MUD2004.00404B80
0049219D . 75 0A JNZ SHORT MUD2004.004921A9
0049219F . C705 CCA74C00>MOV DWORD PTR DS:[4CA7CC],2
004921A9 > 8D85 ECFDFFFF LEA EAX,DWORD PTR SS:[EBP-214]
004921AF . 50 PUSH EAX
004921B0 . B9 02000000 MOV ECX,2
004921B5 . BA 06000000 MOV EDX,6
004921BA . A1 D0A74C00 MOV EAX,DWORD PTR DS:[4CA7D0]
004921BF . E8 D02AF7FF CALL MUD2004.00404C94
004921C4 . 8B85 ECFDFFFF MOV EAX,DWORD PTR SS:[EBP-214]
004921CA . 8D95 F0FDFFFF LEA EDX,DWORD PTR SS:[EBP-210]
004921D0 . E8 8F6AF7FF CALL MUD2004.00408C64
004921D5 . 8B85 F0FDFFFF MOV EAX,DWORD PTR SS:[EBP-210]
004921DB . BA C4224900 MOV EDX,MUD2004.004922C4 ; ASCII "LT"
004921E0 . E8 9B29F7FF CALL MUD2004.00404B80
004921E5 . 75 0A JNZ SHORT MUD2004.004921F1
004921E7 . C705 CCA74C00>MOV DWORD PTR DS:[4CA7CC],3
004921F1 > C3 RETN
004921F2 .^ E9 311FF7FF JMP MUD2004.00404128
004921F7 .^ E9 C4FEFFFF JMP MUD2004.004920C0
004921FC > 33C0 XOR EAX,EAX
004921FE . 5A POP EDX
004921FF . 59 POP ECX
00492200 . 59 POP ECX
00492201 . 64:8910 MOV DWORD PTR FS:[EAX],EDX
00492204 . 68 49224900 PUSH MUD2004.00492249
00492209 > 8D85 ECFDFFFF LEA EAX,DWORD PTR SS:[EBP-214]
0049220F . BA 06000000 MOV EDX,6
00492214 . E8 8F25F7FF CALL MUD2004.004047A8
00492219 . 8D85 04FEFFFF LEA EAX,DWORD PTR SS:[EBP-1FC]
0049221F . B |
| [阅读全文 | 回复(1) | 引用通告 | 编辑] |
|
| ·回复:【转贴】一个桌面软件的破解及注册算法分析 -|ha122发表评论于2005-9-6 17:16:00 |
|
酷 | | |
| 