【破解作者】 Phoenix[ne]
【作者邮箱】 phoenixne@gmail.com
【使用工具】 OD
【破解平台】 Win9x/NT/2000/XP
【软件名称】 Bad Copy 99v2.0
【软件简介】 BadCopy 软件可以在不需要人工干预的情况下帮您读出 CD-ROM 或磁盘上的坏文
件。效果显著,还具有智能修复的功能,最大程度挽回您的损失新增功能:
V2.0 新增或加强了以下特别功能:
1、优化的算法,保证修复拯救数据更快更全。
2、支持文件夹直接复制,您甚至可以直接把整个逻辑盘完整复制到另一个文件
夹下。
3、可以自由定制 BadCopy 的各项纠错参数,保证能高效,最大限度的挽救您的
宝贵数据。
4、可以直接对隐含或系统文件进行操作。
5、文件操作安全性增强,危险操作先行提示,避免不必要的损失。
6、可以直接在 BadCopy 里面运行或打开程序
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
0047226C |. E8 D764F9FF CALL BCopy99.00408748 ; 读入注册名,放入EAX
00472271 |. 837D CC 00 CMP DWORD PTR SS:[EBP-34],0 ; 比较是否为空
00472275 |. 75 20 JNZ SHORT BCopy99.00472297 ; 写了就OK,兄弟你不至于什么都不写吧!
00472277 |. B8 04254700 MOV EAX,BCopy99.00472504
0047227C |. E8 B3F4FDFF CALL BCopy99.00451734 ; 注册名不能为空
00472281 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00472284 |. 8B80 D8020000 MOV EAX,DWORD PTR DS:[EAX+2D8]
0047228A |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
0047228C |. FF92 B0000000 CALL DWORD PTR DS:[EDX+B0]
00472292 |. E9 08020000 JMP BCopy99.0047249F
00472297 |> 8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40]
0047229A |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0047229D |. 8B80 DC020000 MOV EAX,DWORD PTR DS:[EAX+2DC]
004722A3 |. E8 70CFFBFF CALL BCopy99.0042F218
004722A8 |. 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40]
004722AB |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004722AE |. E8 9564F9FF CALL BCopy99.00408748 ; 读入注册码
004722B3 |. 837D C4 00 CMP DWORD PTR SS:[EBP-3C],0 ; 比较是否为空
004722B7 |. 75 20 JNZ SHORT BCopy99.004722D9 ; 不是就行
004722B9 |. B8 2C254700 MOV EAX,BCopy99.0047252C
004722BE |. E8 71F4FDFF CALL BCopy99.00451734 ; 出错对话框:注册码不能为空
004722C3 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004722C6 |. 8B80 DC020000 MOV EAX,DWORD PTR DS:[EAX+2DC]
004722CC |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004722CE |. FF92 B0000000 CALL DWORD PTR DS:[EDX+B0]
004722D4 |. E9 C6010000 JMP BCopy99.0047249F
004722D9 |> 33F6 XOR ESI,ESI
004722DB |. 8D95 BCFEFFFF LEA EDX,DWORD PTR SS:[EBP-144]
004722E1 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004722E4 |. 8B80 D8020000 MOV EAX,DWORD PTR DS:[EAX+2D8]
004722EA |. E8 29CFFBFF CALL BCopy99.0042F218
004722EF |. 8B95 BCFEFFFF MOV EDX,DWORD PTR SS:[EBP-144]
004722F5 |. 8D85 C0FEFFFF LEA EAX,DWORD PTR SS:[EBP-140]
004722FB |. B9 FF000000 MOV ECX,0FF
00472300 |. E8 7F1BF9FF CALL BCopy99.00403E84
00472305 |. 8D95 C0FEFFFF LEA EDX,DWORD PTR SS:[EBP-140]
0047230B |. 8D45 D2 LEA EAX,DWORD PTR SS:[EBP-2E]
0047230E |. B1 14 MOV CL,14
00472310 |. E8 2708F9FF CALL BCopy99.00402B3C
00472315 |. 8A55 D2 MOV DL,BYTE PTR SS:[EBP-2E]
00472318 |. 84D2 TEST DL,DL
0047231A |. 76 1C JBE SHORT BCopy99.00472338
0047231C |. B1 01 MOV CL,1
0047231E |. 8D45 D3 LEA EAX,DWORD PTR SS:[EBP-2D]
00472321 |> 33DB /XOR EBX,EBX ; ***********************************************
00472323 |. 8A18 |MOV BL,BYTE PTR DS:[EAX] ; 这里一段是依次读入注册名的ASCII值,我这里设第N个注册名为X
00472325 |. 8BF9 |MOV EDI,ECX ; 把N送入EDI
00472327 |. 81E7 FF000000 |AND EDI,0FF
0047232D |. 0FAFDF |IMUL EBX,EDI ; X=X*N
00472330 |. 03F3 |ADD ESI,EBX ; 最终ESI=ESI+X*N
00472332 |. 41 |INC ECX ; ECX 为计数器每读入一个字符就加1,直到读完
00472333 |. 40 |INC EAX ; 这一段的作用:ESI=N(1)X(1)+N(2)X(2)+N(3)X(3).........
00472334 |. FECA |DEC DL ; 而我的名字phoenix运算累加后ESI=C05
00472336 |.^ 75 E9 \JNZ SHORT BCopy99.00472321 ; **********************************************
00472338 |> B8 5B690600 MOV EAX,6695B ; EAX赋值=695B
0047233D |. 2BC6 SUB EAX,ESI ; EAX=EAX-ESI=6695B-通过注册名运算出的累加值(C05)
0047233F |. 8BF0 MOV ESI,EAX ; 把运算结果送入ESI,我运算后为65D56
00472341 |. 8D45 E7 LEA EAX,DWORD PTR SS:[EBP-19] ; (我这是联向12F047)
00472344 |. 8D55 D2 LEA EDX,DWORD PTR SS:[EBP-2E] ; EDX内放入储存注册名的地址(我的是12F032)
00472347 |. B1 14 MOV CL,14
00472349 |. E8 EE07F9FF CALL BCopy99.00402B3C ; 经过这EAX ECX都清0了
0047234E |. 8A55 E7 MOV DL,BYTE PTR SS:[EBP-19]
00472351 |. 84D2 TEST DL,DL ; DL中存放了注册名的字符数
00472353 |. 76 20 JBE SHORT BCopy99.00472375
00472355 |. B1 01 MOV CL,1
00472357 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18] ; 把存放注册名的地址送入EAX
0047235A |> F6C1 01 /TEST CL,1 ; ####################################################
0047235D |. 74 09 |JE SHORT BCopy99.00472368 ; 这个JE判断此字符在注册名中是偶数位的还是奇数位的。偶数位的就跳
0047235F |. 8A18 |MOV BL,BYTE PTR DS:[EAX] ; BL=X
00472361 |. 80F3 52 |XOR BL,52 ; BL=X XOR 52 (也就说奇数位的与52 XOR)
00472364 |. 8818 |MOV BYTE PTR DS:[EAX],BL ; 把运算后的结果返回到注册名字符的原地址
00472366 |. EB 07 |JMP SHORT BCopy99.0047236F
00472368 |> 8A18 |MOV BL,BYTE PTR DS:[EAX]
0047236A |. 80F3 4C |XOR BL,4C ; BL=X XOR 4C (偶数位的与4C XOR)
0047236D |. 8818 |MOV BYTE PTR DS:[EAX],BL ; 同样把运算结果送回
0047236F |> 41 |INC ECX ; ECX计数器加1
00472370 |. 40 |INC EAX ; EAX中的地址指向注册名的下一个字符
00472371 |. FECA |DEC DL ; 注册名的字符数减1。经过此次运算我的phoenix变为22 24 3D 29 3C 25 2A
00472373 |.^ 75 E5 \JNZ SHORT BCopy99.0047235A ; #################################################
00472375 |> 8D95 B8FEFFFF LEA EDX,DWORD PTR SS:[EBP-148]
0047237B |. 8BC6 MOV EAX,ESI
0047237D |. E8 4665F9FF CALL BCopy99.004088C8 ; 计算注册码的CALL
00472382 |. 8B85 B8FEFFFF MOV EAX,DWORD PTR SS:[EBP-148]
00472388 |. 50 PUSH EAX ; 把正确的注册码压入EAX
00472389 |. 8D95 B4FEFFFF LEA EDX,DWORD PTR SS:[EBP-14C]
0047238F |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00472392 |. 8B80 DC020000 MOV EAX,DWORD PTR DS:[EAX+2DC]
00472398 |. E8 7BCEFBFF CALL BCopy99.0042F218
0047239D |. 8B95 B4FEFFFF MOV EDX,DWORD PTR SS:[EBP-14C] ; 把我输入的假注册码送入EDX
004723A3 |. 58 POP EAX ; 释放EAX,结果是正确的注册码入栈
004723A4 |. E8 0F1CF9FF CALL BCopy99.00403FB8 ; 这是比较CALL
004723A9 |. 0F85 D8000000 JNZ BCopy99.00472487 ; 关键跳转,爆破的话改这
004723AF |. 8B15 0C614700 MOV EDX,DWORD PTR DS:[47610C] ; BCopy99.0047794C
004723B5 |. 8B12 MOV EDX,DWORD PTR DS:[EDX]
004723B7 |. A1 D8614700 MOV EAX,DWORD PTR DS:[4761D8]
004723BC |. E8 9538F9FF CALL BCopy99.00405C56
004723C1 |. A1 D8614700 MOV EAX,DWORD PTR DS:[4761D8]
004723C6 |. BA CC000000 MOV EDX,0CC
004723CB |. E8 203CF9FF CALL BCopy99.00405FF0
004723D0 |. E8 1F04F9FF CALL BCopy99.004027F4
004723D5 |. A1 BC614700 MOV EAX,DWORD PTR DS:[4761BC]
004723DA |. 83C0 06 ADD EAX,6
004723DD |. 8D55 E7 LEA EDX,DWORD PTR SS:[EBP-19]
004723E0 |. B1 14 MOV CL,14
004723E2 |. E8 5507F9FF CALL BCopy99.00402B3C
004723E7 |. A1 BC614700 MOV EAX,DWORD PTR DS:[4761BC]
004723EC |. C700 E0EA0B00 MOV DWORD PTR DS:[EAX],0BEAE0
004723F2 |. A1 BC614700 MOV EAX,DWORD PTR DS:[4761BC]
004723F7 |. 8970 6C MOV DWORD PTR DS:[EAX+6C],ESI
004723FA |. E8 6106F9FF CALL BCopy99.00402A60
004723FF |. 66:BB 4E00 MOV BX,4E
00472403 |. 8B35 BC614700 MOV ESI,DWORD PTR DS:[4761BC] ; BCopy99.00477A9C
00472409 |. 83C6 1B ADD ESI,1B
0047240C |> B8 FF000000 /MOV EAX,0FF
00472411 |. E8 6A08F9FF |CALL BCopy99.00402C80
00472416 |. 8806 |MOV BYTE PTR DS:[ESI],AL
00472418 |. 46 |INC ESI
00472419 |. 66:FFCB |DEC BX
0047241C |.^ 75 EE \JNZ SHORT BCopy99.0047240C
0047241E |. 66:BB 5700 MOV BX,57
00472422 |. 8B35 BC614700 MOV ESI,DWORD PTR DS:[4761BC] ; BCopy99.00477A9C
00472428 |. 83C6 70 ADD ESI,70
0047242B |> B8 FF000000 /MOV EAX,0FF
00472430 |. E8 4B08F9FF |CALL BCopy99.00402C80
00472435 |. 8806 |MOV BYTE PTR DS:[ESI],AL
00472437 |. 46 |INC ESI
00472438 |. 66:FFCB |DEC BX
0047243B |.^ 75 EE \JNZ SHORT BCopy99.0047242B
0047243D |. 8B15 BC614700 MOV EDX,DWORD PTR DS:[4761BC] ; BCopy99.00477A9C
00472443 |. A1 D8614700 MOV EAX,DWORD PTR DS:[4761D8]
00472448 |. E8 F73BF9FF CALL BCopy99.00406044
0047244D |. E8 A203F9FF CALL BCopy99.004027F4
00472452 |. A1 D8614700 MOV EAX,DWORD PTR DS:[4761D8]
00472457 |. E8 6439F9FF CALL BCopy99.00405DC0
0047245C |. E8 9303F9FF CALL BCopy99.004027F4
00472461 |. 6A 00 PUSH 0
00472463 |. B9 4C254700 MOV ECX,BCopy99.0047254C ; ASCII "BadCopy"
00472468 |. BA 54254700 MOV EDX,BCopy99.00472554
0047246D |. A1 84614700 MOV EAX,DWORD PTR DS:[476184]
00472472 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00472474 |. E8 33B1FDFF CALL BCopy99.0044D5AC
00472479 |. A1 D45F4700 MOV EAX,DWORD PTR DS:[475FD4]
0047247E |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00472480 |. E8 E37CFDFF CALL BCopy99.0044A168
00472485 |. EB 18 JMP SHORT BCopy99.0047249F
00472487 |> 6A 00 PUSH 0
00472489 |. B9 4C254700 MOV ECX,BCopy99.0047254C ; ASCII "BadCopy"
0047248E |. BA 88254700 MOV EDX,BCopy99.00472588
00472493 |. A1 84614700 MOV EAX,DWORD PTR DS:[476184]
00472498 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0047249A |. E8 0DB1FDFF CALL BCopy99.0044D5AC ; 注册码错误
***********************0047237D CALL BCopy99.004088C8*********************************
004088C8 /$ 83C4 F8 ADD ESP,-8
004088CB |. 6A 00 PUSH 0 ; /Arg1 = 00000000
004088CD |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
004088D1 |. C64424 08 00 MOV BYTE PTR SS:[ESP+8],0 ; |
004088D6 |. 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4] ; |
004088DA |. 8BC2 MOV EAX,EDX ; |
004088DC |. BA F4884000 MOV EDX,BCopy99.004088F4 ; |ASCII "%d"
004088E1 |. E8 560D0000 CALL BCopy99.0040963C ; \计算正确注册码。关键CALL2
004088E6 |. 59 POP ECX
004088E7 |. 5A POP EDX
004088E8 \. C3 RETN
*************************************************************************************************
*************************004088E1 CALL BCopy99.0040963C************************************
0040963C /$ 55 PUSH EBP
0040963D |. 8BEC MOV EBP,ESP
0040963F |. 81C4 04F0FFFF ADD ESP,-0FFC
00409645 |. 50 PUSH EAX
00409646 |. 83C4 F4 ADD ESP,-0C
00409649 |. 53 PUSH EBX
0040964A |. 56 PUSH ESI
0040964B |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
0040964E |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
00409651 |. 8BF0 MOV ESI,EAX
00409653 |. BB 02100000 MOV EBX,1002 ; EBX=1002
00409658 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0040965B |. E8 48A8FFFF CALL BCopy99.00403EA8
00409660 |. 8BD3 MOV EDX,EBX ; EDX=EBX=1002
00409662 |. 85D2 TEST EDX,EDX
00409664 |. 79 03 JNS SHORT BCopy99.00409669
00409666 |. 83C2 03 ADD EDX,3
00409669 |> C1FA 02 SAR EDX,2 ; EDX算术右移2位=400
0040966C |. 8BCB MOV ECX,EBX ; ECX=1002
0040966E |. 2BCA SUB ECX,EDX ; ECX=1002-400=C02
00409670 |. 3BC1 CMP EAX,ECX
00409672 |. 7D 24 JGE SHORT BCopy99.00409698
00409674 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00409677 |. E8 2CA8FFFF CALL BCopy99.00403EA8
0040967C |. 50 PUSH EAX ; 经过上面的CALL,EAX=0002
0040967D |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 把指向通过注册名运算累加后的结果(65D56)的地址送入EAX
00409680 |. 50 PUSH EAX ; 把运算的结果(65D56)直接送入EAX
00409681 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; EAX=0
00409684 |. 50 PUSH EAX
00409685 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00409688 |. 8BD3 MOV EDX,EBX ; EDX=EBX=1002
0040968A |. 4A DEC EDX ; EDX减一
0040968B |. 8D85 F6EFFFFF LEA EAX,DWORD PTR SS:[EBP-100A]
00409691 |. E8 32FBFFFF CALL BCopy99.004091C8 ; 关键CALL3。进入
00409696 |. EB 0C JMP SHORT BCopy99.004096A4
00409698 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0040969B |. E8 08A8FFFF CALL BCopy99.00403EA8
**************************************************************************************************
*************************409691 CALL BCopy99.004091C8 *****************************************
004091C8 $ 55 PUSH EBP
004091C9 . 8BEC MOV EBP,ESP ; EBP=ESP=12DEBC
004091CB . 83C4 8C ADD ESP,-74 ; ESP=ESP-74=12DE48
004091CE . 53 PUSH EBX
004091CF . 33DB XOR EBX,EBX
004091D1 . 895D F0 MOV DWORD PTR SS:[EBP-10],EBX
004091D4 . 53 PUSH EBX
004091D5 . 56 PUSH ESI
004091D6 . 57 PUSH EDI
004091D7 . 89C7 MOV EDI,EAX
004091D9 . 89CE MOV ESI,ECX
004091DB . 034D 10 ADD ECX,DWORD PTR SS:[EBP+10]
004091DE . 897D FC MOV DWORD PTR SS:[EBP-4],EDI
004091E1 . 31C0 XOR EAX,EAX
004091E3 . 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
004091E6 . 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
004091E9 . 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
004091EC > 09D2 OR EDX,EDX
004091EE . 74 0E JE SHORT BCopy99.004091FE
004091F0 > 39CE CMP ESI,ECX
004091F2 . 74 0A JE SHORT BCopy99.004091FE
004091F4 . AC LODS BYTE PTR DS:[ESI]
004091F5 . 80F8 25 CMP AL,25 ; 判断是否是%
004091F8 . 74 0E JE SHORT BCopy99.00409208
004091FA > AA STOS BYTE PTR ES:[EDI]
004091FB . 4A DEC EDX
004091FC .^ 75 F2 JNZ SHORT BCopy99.004091F0
004091FE > 89F8 MOV EAX,EDI
00409200 . 2B45 FC SUB EAX,DWORD PTR SS:[EBP-4]
00409203 . E9 A8030000 JMP BCopy99.004095B0
00409208 > 39CE CMP ESI,ECX
0040920A .^ 74 F2 JE SHORT BCopy99.004091FE
0040920C . AC LODS BYTE PTR DS:[ESI]
0040920D . 80F8 25 CMP AL,25 ; 判断是否是%
00409210 .^ 74 E8 JE SHORT BCopy99.004091FA
00409212 . 8D5E FE LEA EBX,DWORD PTR DS:[ESI-2]
00409215 . 895D EC MOV DWORD PTR SS:[EBP-14],EBX
00409218 > 8845 EB MOV BYTE PTR SS:[EBP-15],AL
0040921B . 80F8 2D CMP AL,2D ; 判断是否是-
0040921E . 75 05 JNZ SHORT BCopy99.00409225
00409220 . 39CE CMP ESI,ECX
00409222 .^ 74 DA JE SHORT BCopy99.004091FE
00409224 . AC LODS BYTE PTR DS:[ESI]
00409225 > E8 80000000 CALL BCopy99.004092AA
0040922A . 80F8 3A CMP AL,3A ; 判断是否是:
0040922D . 75 0A JNZ SHORT BCopy99.00409239
0040922F . 895D F8 MOV DWORD PTR SS:[EBP-8],EBX
00409232 . 39CE CMP ESI,ECX
00409234 .^ 74 C8 JE SHORT BCopy99.004091FE
00409236 . AC LODS BYTE PTR DS:[ESI]
00409237 .^ EB DF JMP SHORT BCopy99.00409218
00409239 > 895D E4 MOV DWORD PTR SS:[EBP-1C],EBX
0040923C . BB FFFFFFFF MOV EBX,-1
00409241 . 80F8 2E CMP AL,2E ; 判断是否是。
00409244 . 75 0A JNZ SHORT BCopy99.00409250
00409246 . 39CE CMP ESI,ECX
00409248 .^ 74 B4 JE SHORT BCopy99.004091FE
0040924A . AC LODS BYTE PTR DS:[ESI]
0040924B . E8 5A000000 CALL BCopy99.004092AA
00409250 > 895D E0 MOV DWORD PTR SS:[EBP-20],EBX
00409253 . 8975 DC MOV DWORD PTR SS:[EBP-24],ESI
00409256 . 51 PUSH ECX
00409257 . 52 PUSH EDX
00409258 . E8 96000000 CALL BCopy99.004092F3 ; 关键CALL4,进入
0040925D . 5A POP EDX
0040925E . 8B5D E4 MOV EBX,DWORD PTR SS:[EBP-1C]
00409261 . 29CB SUB EBX,ECX
00409263 . 73 02 JNB SHORT BCopy99.00409267
00409265 . 31DB XOR EBX,EBX
00409267 > 807D EB 2D CMP BYTE PTR SS:[EBP-15],2D ; 判断是否为分隔符-
************************************************************************************************
************************************CALL4*******************************************************
004092F3 /$ 24 DF AND AL,0DF ; 把AL中字符变成大写
004092F5 |. 88C1 MOV CL,AL
004092F7 |. B8 01000000 MOV EAX,1
004092FC |. 8B5D F8 MOV EBX,DWORD PTR SS:[EBP-8]
004092FF |. 3B5D 08 CMP EBX,DWORD PTR SS:[EBP+8]
00409302 |. 77 5C JA SHORT BCopy99.00409360
00409304 |. FF45 F8 INC DWORD PTR SS:[EBP-8] ; 地址指向下一个
00409307 |. 8B75 0C MOV ESI,DWORD PTR SS:[EBP+C]
0040930A |. 8D34DE LEA ESI,DWORD PTR DS:[ESI+EBX*8]
0040930D |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
0040930F |. 0FB65E 04 MOVZX EBX,BYTE PTR DS:[ESI+4]
00409313 |. FF249D 1A9340>JMP DWORD PTR DS:[EBX*4+40931A]
0040931A |. 0E944000 DD BCopy99.0040940E ; Switch table used at 00409313
0040931E |. 5E934000 DD BCopy99.0040935E
00409322 |. 75944000 DD BCopy99.00409475
00409326 |. 33954000 DD BCopy99.00409533
0040932A |. A5944000 DD BCopy99.004094A5
0040932E |. 15954000 DD BCopy99.00409515
00409332 |. F5944000 DD BCopy99.004094F5
00409336 |. 5E934000 DD BCopy99.0040935E
0040933A |. 5E934000 DD BCopy99.0040935E
0040933E |. 5E934000 DD BCopy99.0040935E
00409342 |. B6944000 DD BCopy99.004094B6
00409346 |. D9944000 DD BCopy99.004094D9
0040934A |. 2F954000 DD BCopy99.0040952F
0040934E |. 84944000 DD BCopy99.00409484
00409352 |. 5E934000 DD BCopy99.0040935E
00409356 |. BD944000 DD BCopy99.004094BD
0040935A |. 72934000 DD BCopy99.00409372
.
.
.
0040940D |> C3 RETN
0040940E |> 80F9 44 CMP CL,44 ; 判断是否是D
00409411 |. 74 15 JE SHORT BCopy99.00409428
00409413 |. 80F9 55 CMP CL,55 ; 判断是否是U
00409416 |. 74 22 JE SHORT BCopy99.0040943A
00409418 |. 80F9 58 CMP CL,58 ; 是否是X
0040941B |.^ 0F85 3DFFFFFF JNZ BCopy99.0040935E
00409421 |. B9 10000000 MOV ECX,10
00409426 |. EB 17 JMP SHORT BCopy99.0040943F
00409428 |> 09C0 OR EAX,EAX
0040942A |. 79 0E JNS SHORT BCopy99.0040943A
0040942C |. F7D8 NEG EAX
0040942E |. E8 07000000 CALL BCopy99.0040943A
00409433 |. B0 2D MOV AL,2D
00409435 |. 41 INC ECX
00409436 |. 4E DEC ESI
00409437 |. 8806 MOV BYTE PTR DS:[ESI],AL
00409439 |. C3 RETN
0040943A |$ B9 0A000000 MOV ECX,0A
0040943F |> 8D75 9F LEA ESI,DWORD PTR SS:[EBP-61]
00409442 |> 31D2 /XOR EDX,EDX ; ************************************************
00409444 |. F7F1 |DIV ECX
00409446 |. 80C2 30 |ADD DL,30 ; DL中存放的是计算出的注册码字符
00409449 |. 80FA 3A |CMP DL,3A
0040944C |. 72 03 |JB SHORT BCopy99.00409451 ; 判断是否是数字
0040944E |. 80C2 07 |ADD DL,7
00409451 |> 4E |DEC ESI ; ESI减1
00409452 |. 8816 |MOV BYTE PTR DS:[ESI],DL ; 是的话就送入ESI,成为注册码。也就是说注册码必须是纯数字
00409454 |. 09C0 |OR EAX,EAX
00409456 |.^ 75 EA \JNZ SHORT BCopy99.00409442 ; *******************************************
00409458 |. 8D4D 9F LEA ECX,DWORD PTR SS:[EBP-61]
0040945B |. 29F1 SUB ECX,ESI
0040945D |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20]
00409460 |. 83FA 10 CMP EDX,10
00409463 |. 76 01 JBE SHORT BCopy99.00409466
--------------------------------------------------------------------------------
【破解总结】
我想请问一下,它的注册码最后到底是怎么送到DL中的?还有最后那一串DD 什么的是干什么的?
好了给一个可以用的:注册名 phoenix 注册码417110 .
还有一点要注意:注册后程序会生成一个.CFG后缀的文件,每次启动时都会检查,所以小心不要把它删了,删了就有是未注册的了。
--------------------------------------------------------------------------------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
