不知道是不是外国的,是国内的我也没有办法,那我是被华军骗了! 下载地址在:ftp://www.newhua.com/ssbuilder.exe 引用页在: http://tj.onlinedown.net/ScreenSaver.htm 这个软件有UPX1.1壳吧!我没有脱壳软件,也不会手动脱壳(正在努力学呢!)就用TRW2000直接来了! 今天闲着没有意思找到一个比较简单的软件破解!我的功力有限,正在努力写注册机! 如果有那位大哥愿意用C(windows或dos的)语言写一个注册机供大家学习,我和一些初学者讲万分感谢! 姓名是:zhaodaye 我的注册码是:010427EB27123456781C051B2C :0041BA5D 8D4C2440 lea ecx, dword ptr [esp+40] :0041BA61 E8FA35FFFF call 0040F060 ;此处为关键CALL :0041BA66 663BC3 cmp ax, bx ;由此可以 :0041BA69 0F8C8C010000 jl 0041BBFB ;看出 :0041BA6F 663D0200 cmp ax, 0002 ;注册码的 :0041BA73 0F8F82010000 jg 0041BBFB ;头两位可以为01 :0041BA79 51 push ecx :0041BA7A 8D542414 lea edx, dword ptr [esp+14] :0041BA7E 8BCC mov ecx, esp :0041BA80 8964241C mov dword ptr [esp+1C], esp :0041BA84 52 push edx 〉〉〉〉〉〉〉〉〉〉〉由此进入关键CALL〈〈〈〈〈〈〈〈〈〈〈〈〈〈〈 :0040F060 8B44240C mov eax, dword ptr [esp+0C] :0040F064 8B542408 mov edx, dword ptr [esp+08] :0040F068 50 push eax :0040F069 8B442408 mov eax, dword ptr [esp+08] :0040F06D 52 push edx :0040F06E 50 push eax :0040F06F E80C000000 call 0040F080 ;必然要进入这里了! :0040F074 C20C00 ret 000C 〉〉〉〉〉〉〉〉〉〉〉此处为CALL 0040F080〈〈〈〈〈〈〈〈〈〈〈〈〈 :0040F080 83EC24 sub esp, 00000024 :0040F083 33C0 xor eax, eax :0040F085 53 push ebx :0040F086 8B5C2430 mov ebx, dword ptr [esp+30] :0040F08A 55 push ebp :0040F08B 56 push esi :0040F08C 8BE9 mov ebp, ecx :0040F08E 57 push edi :0040F08F 8BFB mov edi, ebx :0040F091 83C9FF or ecx, FFFFFFFF :0040F094 F2 repnz :0040F095 AE scasb :0040F096 F7D1 not ecx :0040F098 49 dec ecx :0040F099 83F91A cmp ecx, 0000001A ;此处判断注册码个数! :0040F09C 740E je 0040F0AC ;个数必为1A个! :0040F09E 5F pop edi 〉〉〉〉〉〉〉〉〉〉〉跳到 0040F0AC后开始进入注册码计算处〈〈〈〈〈〈〈〈〈 :0040F0AC 6A02 push 00000002 :0040F0AE 53 push ebx :0040F0AF 8BCD mov ecx, ebp :0040F0B1 E8FA020000 call 0040F3B0 :0040F0B6 663D5A00 cmp ax, 005A :0040F0BA 89442410 mov dword ptr [esp+10], eax :0040F0BE 7E17 jle 0040F0D7 ;此处跳转到0040F0D7 :0040F0C0 8B442440 mov eax, dword ptr [esp+40] :0040F0C4 8BCD mov ecx, ebp :0040F0C6 50 push eax :0040F0C7 53 push ebx :0040F0C8 E843010000 call 0040F210 :0040F0CD 5F pop edi :0040F0CE 5E pop esi :0040F0CF 5D pop ebp :0040F0D0 5B pop ebx :0040F0D1 83C424 add esp, 00000024 :0040F0D4 C20C00 ret 000C 〉〉〉〉〉〉〉〉〉〉〉〉〉跳到0040F0D7后〈〈〈〈〈〈〈〈〈〈〈〈〈 :0040F0D7 8B7504 mov esi, dword ptr [ebp+04] :0040F0DA 8D5302 lea edx, dword ptr [ebx+02] :0040F0DD 0FBFC8 movsx ecx, ax :0040F0E0 0FAFF1 imul esi, ecx :0040F0E3 6A08 push 00000008 :0040F0E5 52 push edx :0040F0E6 8BCD mov ecx, ebp :0040F0E8 89742444 mov dword ptr [esp+44], esi :0040F0EC E8BF020000 call 0040F3B0 :0040F0F1 8BF8 mov edi, eax :0040F0F3 8B442438 mov eax, dword ptr [esp+38] :0040F0F7 56 push esi :0040F0F8 50 push eax :0040F0F9 8BCD mov ecx, ebp :0040F0FB E870020000 call 0040F370 :0040F100 3BF8 cmp edi, eax ;此处比较第三位后的8个数字 :0040F102 740E je 0040F112 ;相同后跳转到下面。 :0040F104 5F pop edi :0040F105 5E pop esi :0040F106 5D pop ebp :0040F107 66B8FEFF mov ax, FFFE :0040F10B 5B pop ebx :0040F10C 83C424 add esp, 00000024 :0040F10F C20C00 ret 000C 〉〉〉〉〉〉〉〉〉〉此处判断倒数的第八位-----倒数的第四位〈〈〈〈〈〈〈〈 :0040F112 8B742440 mov esi, dword ptr [esp+40] :0040F116 85F6 test esi, esi :0040F118 7410 je 0040F12A :0040F11A 8D4B0A lea ecx, dword ptr [ebx+0A] :0040F11D 6A04 push 00000004 :0040F11F 51 push ecx :0040F120 8BCD mov ecx, ebp :0040F122 E889020000 call 0040F3B0 :0040F127 668906 mov word ptr [esi], ax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040F118(C) | :0040F12A 8D5312 lea edx, dword ptr [ebx+12] :0040F12D 6A04 push 00000004 :0040F12F 52 push edx :0040F130 8BCD mov ecx, ebp :0040F132 E879020000 call 0040F3B0 :0040F137 89442440 mov dword ptr [esp+40], eax :0040F13B 8BFB mov edi, ebx :0040F13D 83C9FF or ecx, FFFFFFFF :0040F140 33C0 xor eax, eax :0040F142 F2 repnz :0040F143 AE scasb :0040F144 F7D1 not ecx :0040F146 2BF9 sub edi, ecx :0040F148 8D542414 lea edx, dword ptr [esp+14] :0040F14C 8BC1 mov eax, ecx :0040F14E 8BF7 mov esi, edi :0040F150 8BFA mov edi, edx :0040F152 33D2 xor edx, edx :0040F154 C1E902 shr ecx, 02 :0040F157 F3 repz :0040F158 A5 movsd :0040F159 8BC8 mov ecx, eax :0040F15B 8B44243C mov eax, dword ptr [esp+3C] :0040F15F F7750C div [ebp+0C] :0040F162 83E103 and ecx, 00000003 :0040F165 F3 repz :0040F166 A4 movsb :0040F167 8D4C2414 lea ecx, dword ptr [esp+14] :0040F16B C644242600 mov [esp+26], 00 :0040F170 52 push edx :0040F171 51 push ecx :0040F172 8BCD mov ecx, ebp :0040F174 E8F7010000 call 0040F370 :0040F179 8B4C2440 mov ecx, dword ptr [esp+40] :0040F17D 25FFFF0000 and eax, 0000FFFF :0040F182 3BC1 cmp eax, ecx ;这里为判断处! :0040F184 740E je 0040F194 ;如果这四位相同跳。 :0040F186 5F pop edi :0040F187 5E pop esi 〉〉〉〉〉〉〉〉〉〉〉〉〉〉最后的四位的判断〈〈〈〈〈〈〈〈〈〈〈 :0040F194 8D5316 lea edx, dword ptr [ebx+16] :0040F197 6A04 push 00000004 :0040F199 52 push edx :0040F19A 8BCD mov ecx, ebp :0040F19C E80F020000 call 0040F3B0 :0040F1A1 89442440 mov dword ptr [esp+40], eax :0040F1A5 8BFB mov edi, ebx :0040F1A7 83C9FF or ecx, FFFFFFFF :0040F1AA 33C0 xor eax, eax :0040F1AC F2 repnz :0040F1AD AE scasb :0040F1AE F7D1 not ecx :0040F1B0 2BF9 sub edi, ecx :0040F1B2 8D542414 lea edx, dword ptr [esp+14] :0040F1B6 8BC1 mov eax, ecx :0040F1B8 8BF7 mov esi, edi :0040F1BA 8BFA mov edi, edx :0040F1BC 33D2 xor edx, edx :0040F1BE C1E902 shr ecx, 02 :0040F1C1 F3 repz :0040F1C2 A5 movsd :0040F1C3 8BC8 mov ecx, eax :0040F1C5 8B44243C mov eax, dword ptr [esp+3C] :0040F1C9 F77510 div [ebp+10] :0040F1CC 83E103 and ecx, 00000003 :0040F1CF F3 repz :0040F1D0 A4 movsb :0040F1D1 8D4C2414 lea ecx, dword ptr [esp+14] :0040F1D5 C644242A00 mov [esp+2A], 00 :0040F1DA 52 push edx :0040F1DB 51 push ecx :0040F1DC 8BCD mov ecx, ebp :0040F1DE E88D010000 call 0040F370 :0040F1E3 8B4C2440 mov ecx, dword ptr [esp+40] :0040F1E7 25FFFF0000 and eax, 0000FFFF :0040F1EC 3BC1 cmp eax, ecx ;最后的四位的判断! :0040F1EE 66B8FBFF mov ax, FFFB :0040F1F2 7505 jne 0040F1F9 :0040F1F4 668B442410 mov ax, word ptr [esp+10] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040F1F2(C) | :0040F1F9 5F pop edi :0040F1FA 5E pop esi :0040F1FB 5D pop ebp :0040F1FC 5B pop ebx :0040F1FD 83C424 add esp, 00000024 :0040F200 C20C00 ret 000C