GzPower Chess 2.0的初次破解

psac · 2006-01-15, 07:40 PM

GzPower Chess 2.0的初次破解

一、系統WindowsXP2

二、工具
ollydbg偵錯工具、w32dsm反組編譯工具

三、首先安裝中國象棋
其次再搜尋ollydbg v1.09d軟體安裝
安裝成功後用ollydbg載入中國象棋.exe程序
:00430B00 6AFF push FFFFFFFF
:00430B02 6820754300 push 00437520
:00430B07 64A100000000 mov eax, dword ptr fs:[00000000]
:00430B0D 50 push eax
:00430B0E 64892500000000 mov dword ptr fs:[00000000], esp
:00430B15 83EC18 sub esp, 00000018
:00430B18 56 push esi
:00430B19 8BF1 mov esi, ecx
:00430B1B 6A01 push 00000001

* Reference To: MFC42.Ordinal:18BE, Ord:18BEh
|
:00430B1D E8E4350000 Call 00434106
:00430B22 51 push ecx
:00430B23 8D4664 lea eax, dword ptr [esi+64]
:00430B26 8BCC mov ecx, esp
:00430B28 89642408 mov dword ptr [esp+08], esp
:00430B2C 50 push eax

* Reference To: MFC42.Ordinal:0217, Ord:0217h
|
:00430B2D E8A2340000 Call 00433FD4
:00430B32 51 push ecx
:00430B33 8D5660 lea edx, dword ptr [esi+60]
:00430B36 8BCC mov ecx, esp
:00430B38 89642410 mov dword ptr [esp+10], esp
:00430B3C 52 push edx
:00430B3D C744243000000000 mov [esp+30], 00000000

* Reference To: MFC42.Ordinal:0217, Ord:0217h
|
:00430B45 E88A340000 Call 00433FD4
:00430B4A 8D4C2414 lea ecx, dword ptr [esp+14]
:00430B4E C744242CFFFFFFFF mov [esp+2C], FFFFFFFF
:00430B56 E8F5E7FFFF call 0042F350
:00430B5B 8D4C240C lea ecx, dword ptr [esp+0C]
:00430B5F C744242401000000 mov [esp+24], 00000001
:00430B67 E824E9FFFF call 0042F490 此處為關鍵call
:00430B6C 84C0 test al, al
:00430B6E 6A40 push 00000040

* Possible StringData Ref from Data Obj ->"GzPower Chess"
|
:00430B70 6890044400 push 00440490
:00430B75 7521 jne 00430B98 此處為關鍵跳轉，00430B98指向"註冊已經成功"字段

* Possible StringData Ref from Data Obj ->"姓名和註冊碼不匹配，註冊不成功!"
|
:00430B77 689C1A4400 push 00441A9C
:00430B7C 8BCE mov ecx, esi
發現00430B75處可以跳過"姓名和註冊碼不匹配，註冊不成功!"字段
上面就是註冊碼的算法程序
在ollydbg中點擊執行鍵，跳出需要註冊畫面，
再向上找到:00430B00處進行設斷
例：輸入註冊名：戀愛季節我自己的暱稱
註冊碼：79797979
再點擊確定。。。

^_^^_^^_^

ollydbg中斷了下來，一路按F8鍵來到00430B67處，按F7跟入，此時就要小心了，要不停的看右上角的EAX和EDX的變化，
一路按下來，就在右上角看見了自己的假註冊碼和真註冊碼，此時就可以輸入真碼進行註冊了！
用戀愛季節用戶名註冊時，螢幕右上角顯示的真碼是7219c00a1bfde3568d14dcdaeb4a64c7，到此真註冊碼就算搞定了。

哈哈哈

2006-01-15, 07:40 PM	#1
psac 榮譽會員榮譽勳章勳章總數19 UID - 3662 在線等級: 註冊日期: 2002-12-07 住址: 木柵市立動物園文章: 17381 精華: 2 現金: 5253 金幣資產: 33853 金幣	GzPower Chess 2.0的初次破解 GzPower Chess 2.0的初次破解一、系統WindowsXP2 二、工具 ollydbg偵錯工具、w32dsm反組編譯工具三、首先安裝中國象棋其次再搜尋ollydbg v1.09d軟體安裝安裝成功後用ollydbg載入中國象棋.exe程序 :00430B00 6AFF push FFFFFFFF :00430B02 6820754300 push 00437520 :00430B07 64A100000000 mov eax, dword ptr fs:[00000000] :00430B0D 50 push eax :00430B0E 64892500000000 mov dword ptr fs:[00000000], esp :00430B15 83EC18 sub esp, 00000018 :00430B18 56 push esi :00430B19 8BF1 mov esi, ecx :00430B1B 6A01 push 00000001 * Reference To: MFC42.Ordinal:18BE, Ord:18BEh \| :00430B1D E8E4350000 Call 00434106 :00430B22 51 push ecx :00430B23 8D4664 lea eax, dword ptr [esi+64] :00430B26 8BCC mov ecx, esp :00430B28 89642408 mov dword ptr [esp+08], esp :00430B2C 50 push eax * Reference To: MFC42.Ordinal:0217, Ord:0217h \| :00430B2D E8A2340000 Call 00433FD4 :00430B32 51 push ecx :00430B33 8D5660 lea edx, dword ptr [esi+60] :00430B36 8BCC mov ecx, esp :00430B38 89642410 mov dword ptr [esp+10], esp :00430B3C 52 push edx :00430B3D C744243000000000 mov [esp+30], 00000000 * Reference To: MFC42.Ordinal:0217, Ord:0217h \| :00430B45 E88A340000 Call 00433FD4 :00430B4A 8D4C2414 lea ecx, dword ptr [esp+14] :00430B4E C744242CFFFFFFFF mov [esp+2C], FFFFFFFF :00430B56 E8F5E7FFFF call 0042F350 :00430B5B 8D4C240C lea ecx, dword ptr [esp+0C] :00430B5F C744242401000000 mov [esp+24], 00000001 :00430B67 E824E9FFFF call 0042F490 此處為關鍵call :00430B6C 84C0 test al, al :00430B6E 6A40 push 00000040 * Possible StringData Ref from Data Obj ->"GzPower Chess" \| :00430B70 6890044400 push 00440490 :00430B75 7521 jne 00430B98 此處為關鍵跳轉，00430B98指向"註冊已經成功"字段 * Possible StringData Ref from Data Obj ->"姓名和註冊碼不匹配，註冊不成功!" \| :00430B77 689C1A4400 push 00441A9C :00430B7C 8BCE mov ecx, esi 發現00430B75處可以跳過"姓名和註冊碼不匹配，註冊不成功!"字段上面就是註冊碼的算法程序在ollydbg中點擊執行鍵，跳出需要註冊畫面，再向上找到:00430B00處進行設斷例：輸入註冊名：戀愛季節我自己的暱稱註冊碼：79797979 再點擊確定。。。 ^_^^_^^_^ ollydbg中斷了下來，一路按F8鍵來到00430B67處，按F7跟入，此時就要小心了，要不停的看右上角的EAX和EDX的變化，一路按下來，就在右上角看見了自己的假註冊碼和真註冊碼，此時就可以輸入真碼進行註冊了！用戀愛季節用戶名註冊時，螢幕右上角顯示的真碼是7219c00a1bfde3568d14dcdaeb4a64c7，到此真註冊碼就算搞定了。哈哈哈
	__________________
	送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次

主題工具
顯示可列印版本郵寄本頁給好友
顯示模式
平板模式切換到混合模式切換到樹形模式

Google 提供的廣告