GzPower Chess 2.0的初次破解
 

GzPower Chess 2.0的初次破解

一、系統WindowsXP2

二、工具
ollydbg偵錯工具、w32dsm反組編譯工具

三、首先安裝中國象棋
其次再搜尋ollydbg v1.09d軟體安裝
安裝成功後用ollydbg載入中國象棋.exe程序
:00430B00 6AFF push FFFFFFFF
:00430B02 6820754300 push 00437520
:00430B07 64A100000000 mov eax, dword ptr fs:[00000000]
:00430B0D 50 push eax
:00430B0E 64892500000000 mov dword ptr fs:[00000000], esp
:00430B15 83EC18 sub esp, 00000018
:00430B18 56 push esi
:00430B19 8BF1 mov esi, ecx
:00430B1B 6A01 push 00000001

* Reference To: MFC42.Ordinal:18BE, Ord:18BEh
|
:00430B1D E8E4350000 Call 00434106
:00430B22 51 push ecx
:00430B23 8D4664 lea eax, dword ptr [esi+64]
:00430B26 8BCC mov ecx, esp
:00430B28 89642408 mov dword ptr [esp+08], esp
:00430B2C 50 push eax

* Reference To: MFC42.Ordinal:0217, Ord:0217h
|
:00430B2D E8A2340000 Call 00433FD4
:00430B32 51 push ecx
:00430B33 8D5660 lea edx, dword ptr [esi+60]
:00430B36 8BCC mov ecx, esp
:00430B38 89642410 mov dword ptr [esp+10], esp
:00430B3C 52 push edx
:00430B3D C744243000000000 mov [esp+30], 00000000

* Reference To: MFC42.Ordinal:0217, Ord:0217h
|
:00430B45 E88A340000 Call 00433FD4
:00430B4A 8D4C2414 lea ecx, dword ptr [esp+14]
:00430B4E C744242CFFFFFFFF mov [esp+2C], FFFFFFFF
:00430B56 E8F5E7FFFF call 0042F350
:00430B5B 8D4C240C lea ecx, dword ptr [esp+0C]
:00430B5F C744242401000000 mov [esp+24], 00000001
:00430B67 E824E9FFFF call 0042F490 此處為關鍵call
:00430B6C 84C0 test al, al
:00430B6E 6A40 push 00000040

* Possible StringData Ref from Data Obj ->"GzPower Chess"
|
:00430B70 6890044400 push 00440490
:00430B75 7521 jne 00430B98 此處為關鍵跳轉，00430B98指向"註冊已經成功"字段

* Possible StringData Ref from Data Obj ->"姓名和註冊碼不匹配，註冊不成功!"
|
:00430B77 689C1A4400 push 00441A9C
:00430B7C 8BCE mov ecx, esi
發現00430B75處可以跳過"姓名和註冊碼不匹配，註冊不成功!"字段
上面就是註冊碼的算法程序
在ollydbg中點擊執行鍵，跳出需要註冊畫面，
再向上找到:00430B00處進行設斷
例：輸入註冊名：戀愛季節 我自己的暱稱
註冊碼：79797979
再點擊確定。。。

^_^^_^^_^

ollydbg中斷了下來，一路按F8鍵來到00430B67處，按F7跟入，此時就要小心了，要不停的看右上角的EAX和EDX的變化，
一路按下來，就在右上角看見了自己的假註冊碼和真註冊碼，此時就可以輸入真碼進行註冊了！
用戀愛季節用戶名註冊時，螢幕右上角顯示的真碼是7219c00a1bfde3568d14dcdaeb4a64c7，到此真註冊碼就算搞定了。

哈哈哈