GzPower Chess 2.0的初次破解
GzPower Chess 2.0的初次破解
一、系統WindowsXP2
二、工具
ollydbg偵錯工具、w32dsm反組編譯工具
三、首先安裝中國象棋
其次再搜尋ollydbg v1.09d軟體安裝
安裝成功後用ollydbg載入中國象棋.exe程序
:00430B00 6AFF push FFFFFFFF
:00430B02 6820754300 push 00437520
:00430B07 64A100000000 mov eax, dword ptr fs:[00000000]
:00430B0D 50 push eax
:00430B0E 64892500000000 mov dword ptr fs:[00000000], esp
:00430B15 83EC18 sub esp, 00000018
:00430B18 56 push esi
:00430B19 8BF1 mov esi, ecx
:00430B1B 6A01 push 00000001
* Reference To: MFC42.Ordinal:18BE, Ord:18BEh
|
:00430B1D E8E4350000 Call 00434106
:00430B22 51 push ecx
:00430B23 8D4664 lea eax, dword ptr [esi+64]
:00430B26 8BCC mov ecx, esp
:00430B28 89642408 mov dword ptr [esp+08], esp
:00430B2C 50 push eax
* Reference To: MFC42.Ordinal:0217, Ord:0217h
|
:00430B2D E8A2340000 Call 00433FD4
:00430B32 51 push ecx
:00430B33 8D5660 lea edx, dword ptr [esi+60]
:00430B36 8BCC mov ecx, esp
:00430B38 89642410 mov dword ptr [esp+10], esp
:00430B3C 52 push edx
:00430B3D C744243000000000 mov [esp+30], 00000000
* Reference To: MFC42.Ordinal:0217, Ord:0217h
|
:00430B45 E88A340000 Call 00433FD4
:00430B4A 8D4C2414 lea ecx, dword ptr [esp+14]
:00430B4E C744242CFFFFFFFF mov [esp+2C], FFFFFFFF
:00430B56 E8F5E7FFFF call 0042F350
:00430B5B 8D4C240C lea ecx, dword ptr [esp+0C]
:00430B5F C744242401000000 mov [esp+24], 00000001
:00430B67 E824E9FFFF call 0042F490 此處為關鍵call
:00430B6C 84C0 test al, al
:00430B6E 6A40 push 00000040
* Possible StringData Ref from Data Obj ->"GzPower Chess"
|
:00430B70 6890044400 push 00440490
:00430B75 7521 jne 00430B98 此處為關鍵跳轉,00430B98指向"註冊已經成功"字段
* Possible StringData Ref from Data Obj ->"姓名和註冊碼不匹配,註冊不成功!"
|
:00430B77 689C1A4400 push 00441A9C
:00430B7C 8BCE mov ecx, esi
發現00430B75處可以跳過"姓名和註冊碼不匹配,註冊不成功!"字段
上面就是註冊碼的算法程序
在ollydbg中點擊執行鍵,跳出需要註冊畫面,
再向上找到:00430B00處進行設斷
例:輸入註冊名:戀愛季節 我自己的暱稱
註冊碼:79797979
再點擊確定。。。
^_^^_^^_^
ollydbg中斷了下來,一路按F8鍵來到00430B67處,按F7跟入,此時就要小心了,要不停的看右上角的EAX和EDX的變化,
一路按下來,就在右上角看見了自己的假註冊碼和真註冊碼,此時就可以輸入真碼進行註冊了!
用戀愛季節用戶名註冊時,螢幕右上角顯示的真碼是7219c00a1bfde3568d14dcdaeb4a64c7,到此真註冊碼就算搞定了。
哈哈哈
|