首先说明:
要让共享程序自己显示注册码,一般这是针对明码比较的软件,
让共享程序自己显示注册码
。这个程序先取得机器码,再据机器码生成一密码串,利用密码串与机器码运算,依次生成真码的各位。然后把真码与输入的注册码作比较,如果相等就显示注册成功,如不相等会显示注册失败。基本的思想是用起真码代替“错误的序列号码”等的字符串,让其本来显示错误的信息现在显示正确注册码。请看下面过程。一、查找出错信息。
:005083DB E8F012F0FF call 004096D0
:005083E0 8B55A4 mov edx dword ptr [ebp-5C]
:005083E3 8B45E8 mov eax dword ptr [ebp-18]
:005083E6 E821C9EFFF call 00404D0C
:005083EB 740C je 005083F9
* Possible StringData Ref from Code Obj ->"错误的序列号码如果您已经注册请尽快通过webmast"
->"er@51google.net和作者联系"
|
:005083ED B8D4845000 mov eax 005084D4
:005083F2 E8F9CEF3FF call 004452F0
二、用ollydbg载入程序,动态跟
005082BD .^\EB F0 JMP SHORT aa.005082AF
005082BF . 8D55 D0 LEA EDXDWORD PTR SS:[EBP-30]
005082C2 . 8B45 F0 MOV EAXDWORD PTR SS:[EBP-10] ; 机器码入eaxDWOR
005082C5 . E8 0EF2FFFF CALL aa.005074D8
005082CA . 8D45 D0 LEA EAXDWORD PTR SS:[EBP-30]
005082CD . 8D55 E0 LEA EDXDWORD PTR SS:[EBP-20]
005082D0 . E8 77F2FFFF CALL aa.0050754C ; 取得中间码a.005
005082D5 . 8B55 E0 MOV EDXDWORD PTR SS:[EBP-20] ; 中间码入edxDWOR
005082D8 . 8D45 F0 LEA EAXDWORD PTR SS:[EBP-10] ; 机器码地址入eaxORD PT
005082DB . E8 C8C6EFFF CALL aa.004049A8
005082E0 . 8D45 E8 LEA EAXDWORD PTR SS:[EBP-18]
005082E3 . E8 28C6EFFF CALL aa.00404910
005082E8 . 8D45 CC LEA EAXDWORD PTR SS:[EBP-34]
005082EB . 8B55 F0 MOV EDXDWORD PTR SS:[EBP-10]
005082EE . 8A12 MOV DLBYTE PTR DS:[EDX]
005082F0 . 8850 01 MOV BYTE PTR DS:[EAX+1]DL
005082F3 . C600 01 MOV BYTE PTR DS:[EAX]1
005082F6 . 8D55 CC LEA EDXDWORD PTR SS:[EBP-34]
005082F9 . 8D45 C8 LEA EAXDWORD PTR SS:[EBP-38]
005082FC . E8 63AEEFFF CALL aa.00403164
00508301 . 8D45 C4 LEA EAXDWORD PTR SS:[EBP-3C]
00508304 . 8B55 F0 MOV EDXDWORD PTR SS:[EBP-10]
00508307 . 8A52 02 MOV DLBYTE PTR DS:[EDX+2]
0050830A . 8850 01 MOV BYTE PTR DS:[EAX+1]DL
0050830D . C600 01 MOV BYTE PTR DS:[EAX]1
00508310 . 8D55 C4 LEA EDXDWORD PTR SS:[EBP-3C]
00508313 . 8D45 C8 LEA EAXDWORD PTR SS:[EBP-38]
00508316 . B1 02 MOV CL2
00508318 . E8 17AEEFFF CALL aa.00403134
0050831D . 8D55 C8 LEA EDXDWORD PTR SS:[EBP-38]
00508320 . 8D45 C0 LEA EAXDWORD PTR SS:[EBP-40]
00508323 . E8 3CAEEFFF CALL aa.00403164
00508328 . 8D45 C4 LEA EAXDWORD PTR SS:[EBP-3C]
0050832B . 8B55 F0 MOV EDXDWORD PTR SS:[EBP-10]
0050832E . 8A52 08 MOV DLBYTE PTR DS:[EDX+8]
00508331 . 8850 01 MOV BYTE PTR DS:[EAX+1]DL
00508334 . C600 01 MOV BYTE PTR DS:[EAX]1
00508337 . 8D55 C4 LEA EDXDWORD PTR SS:[EBP-3C]
0050833A . 8D45 C0 LEA EAXDWORD PTR SS:[EBP-40]
0050833D . B1 03 MOV CL3
0050833F . E8 F0ADEFFF CALL aa.00403134
00508344 . 8D55 C0 LEA EDXDWORD PTR SS:[EBP-40]
00508347 . 8D45 B8 LEA EAXDWORD PTR SS:[EBP-48]
0050834A . E8 15AEEFFF CALL aa.00403164
0050834F . 8D45 C4 LEA EAXDWORD PTR SS:[EBP-3C]
00508352 . 8B55 F0 MOV EDXDWORD PTR SS:[EBP-10]
00508355 . 8A52 1A MOV DLBYTE PTR DS:[EDX+1A]
00508358 . 8850 01 MOV BYTE PTR DS:[EAX+1]DL
0050835B . C600 01 MOV BYTE PTR DS:[EAX]1
0050835E . 8D55 C4 LEA EDXDWORD PTR SS:[EBP-3C]
00508361 . 8D45 B8 LEA EAXDWORD PTR SS:[EBP-48]
00508364 . B1 04 MOV CL4
00508366 . E8 C9ADEFFF CALL aa.00403134
0050836B . 8D55 B8 LEA EDXDWORD PTR SS:[EBP-48]
0050836E . 8D45 B0 LEA EAXDWORD PTR SS:[EBP-50]
00508371 . E8 EEADEFFF CALL aa.00403164
00508376 . 8D45 C4 LEA EAXDWORD PTR SS:[EBP-3C]
00508379 . 8B55 F0 MOV EDXDWORD PTR SS:[EBP-10]
0050837C . 8A52 1E MOV DLBYTE PTR DS:[EDX+1E]
0050837F . 8850 01 MOV BYTE PTR DS:[EAX+1]DL
00508382 . C600 01 MOV BYTE PTR DS:[EAX]1
00508385 . 8D55 C4 LEA EDXDWORD PTR SS:[EBP-3C]
00508388 . 8D45 B0 LEA EAXDWORD PTR SS:[EBP-50]
0050838B . B1 05 MOV CL5
0050838D . E8 A2ADEFFF CALL aa.00403134
00508392 . 8D55 B0 LEA EDXDWORD PTR SS:[EBP-50]
00508395 . 8D45 A8 LEA EAXDWORD PTR SS:[EBP-58]
00508398 . E8 C7ADEFFF CALL aa.00403164
0050839D . 8D45 C4 LEA EAXDWORD PTR SS:[EBP-3C]
005083A0 . 8B55 F0 MOV EDXDWORD PTR SS:[EBP-10]
005083A3 . 8A52 18 MOV DLBYTE PTR DS:[EDX+18]
005083A6 . 8850 01 MOV BYTE PTR DS:[EAX+1]DL
005083A9 . C600 01 MOV BYTE PTR DS:[EAX]1
005083AC . 8D55 C4 LEA EDXDWORD PTR SS:[EBP-3C]
005083AF . 8D45 A8 LEA EAXDWORD PTR SS:[EBP-58]
005083B2 . B1 06 MOV CL6
005083B4 . E8 7BADEFFF CALL aa.00403134
005083B9 . 8D55 A8 LEA EDXDWORD PTR SS:[EBP-58]
005083BC . 8D45 E8 LEA EAXDWORD PTR SS:[EBP-18]
005083BF . E8 A8C7EFFF CALL aa.00404B6C
005083C4 . 8D55 A0 LEA EDXDWORD PTR SS:[EBP-60]
005083C7 . 8B45 FC MOV EAXDWORD PTR SS:[EBP-4] ;以上依次生成真码的各位
005083CA . 8B80 F0020000 MOV EAXDWORD PTR DS:[EAX+2F0]
005083D0 . E8 873CF4FF CALL aa.0044C05C ; 取得输入注册码a.004
005083D5 . 8B45 A0 MOV EAXDWORD PTR SS:[EBP-60]
005083D8 . 8D55 A4 LEA EDXDWORD PTR SS:[EBP-5C]
005083DB . E8 F012F0FF CALL aa.004096D0 ; 取真码
005083E0 . 8B55 A4 MOV EDXDWORD PTR SS:[EBP-5C]
005083E3 . 8B45 E8 MOV EAXDWORD PTR SS:[EBP-18]
005083E6 . E8 21C9EFFF CALL aa.00404D0C ; 关键比较
005083EB . 74 0C JE SHORT aa.005083F9
005083ED B8 D4845000 MOV EAXaa.005084D4=====>错误信息串入eax改这里,请看下面,
电脑资料
《让共享程序自己显示注册码》(https://www.unjs.com)。005083F2 . E8 F9CEF3FF CALL aa.004452F0==========>出错信息框
005083F7 . EB 6C JMP SHORT aa.00508465
005083F9 > 8D55 9C LEA EDXDWORD PTR SS:[EBP-64]
005083FC . A1 28F25000 MOV EAXDWORD PTR DS:[50F228]
00508401 . 8B00 MOV EAXDWORD PTR DS:[EAX]
00508403 . E8 2052F6FF CALL aa.0046D628
00508408 . 8B45 9C MOV EAXDWORD PTR SS:[EBP-64]
0050840B . 8D55 F8 LEA EDXDWORD PTR SS:[EBP-8]
0050840E . E8 A11AF0FF CALL aa.00409EB4
00508413 . 8D45 F4 LEA EAXDWORD PTR SS:[EBP-C]
00508416 . B9 24855000 MOV ECXaa.00508524 ; ASCII "Key.dat"
三、利用共享程序自己显示注册码。
1、动态跟进到这句后
005083E6 . E8 21C9EFFF CALL aa.00404D0C ; 关键比较aa.0
在stack中,ebp-18处为真码保存的地方,所以把
005083ED B8 D4845000 MOV EAXaa.005084D4
改为:MOV EAX[ebp-18]
2、修改后如下:
005083E6 . E8 21C9EFFF CALL aa.00404D0C ; 关键比较aa.0
005083EB . 74 0C JE SHORT aa.005083F9
005083ED 8B45 E8 MOV EAXDWORD PTR SS:[EBP-18]
005083F0 90 NOP
005083F1 90 NOP
005083F2 . E8 F9CEF3FF CALL aa.004452F0
3、用十六进制工具打开,查找串
E821C9EFFF740CB8D4845000E8F9CEF3FF
并把上面改为E821C9EFFF740C8B45E89090E8F9CEF3FF
--------------------------------------------------------------------------------
Copyright©2000-2026 看雪学院(www.pediy.com) All Rights Reserved.