分类分类
关注+2004-10-15作者:蓝点
简单分析——绝世好简历 V1.6!
下载页面: http://www.skycn.com/soft/10880.html
软件大小: 707 KB
软件语言: 简体中文
软件类别: 国产软件 / 共享版 / 杂类工具
应用平台: Win9x/NT/2000/XP
加入时间: 2003-02-24 08:41:05
下载次数: 2382
推荐等级: ***
开 发 商: http://zhuocaicai.3322.net/
【软件简介】:本软件只须您填入姓名、年龄、工作经历等基本信息,就可以自动帮您生成一篇完美的简历。还有三种风格可供选择,大大减轻了工作量,绝对可以为您奉上一篇绝世好简历!
【软件限制】:12次试用
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg、FI2.5、W32Dasm8.93黄金版
—————————————————————————————
【过 程】:
绝世好简历1.6.exe用FI2.5检测,不认识。VC++编写。
试炼码:1357246890123456 <需要16位!>
:00406CFA E81EF60300 call 0044631D
:00406CFF 8B4C2410 mov ecx, dword ptr [esp+10]
:00406D03 8B41F4 mov eax, dword ptr [ecx-0C]
:00406D06 83F810 cmp eax, 00000010
====>试炼码是否16位?
:00406D09 747F je 00406D8A
====>不跳则OVER!
:00406D0B 6A10 push 00000010
:00406D0D 68049B4600 push 00469B04
:00406D12 68F49A4600 push 00469AF4
:00406D17 6A00 push 00000000
* Reference To: USER32.MessageBoxA, Ord:01DCh
|
:00406D19 FF1520964600 Call dword ptr [00469620]
====>BAD BOY!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406D09(C)
下面分别取试炼码的第2、4、6、8、10位!我不太明白其取数的方法,希望大家指教!
:00406D8A 6A01 push 00000001
:00406D8C 6A01 push 00000001
:00406D8E 8D44241C lea eax, dword ptr [esp+1C]
:00406D92 50 push eax
:00406D93 8D4C241C lea ecx, dword ptr [esp+1C]
:00406D97 E8E4FAFFFF call 00406880
:00406D9C 50 push eax
:00406D9D 8D4C2420 lea ecx, dword ptr [esp+20]
:00406DA1 C68424881F000006 mov byte ptr [esp+00001F88], 06
:00406DA9 E8F2FCFFFF call 00406AA0
:00406DAE 8B442414 mov eax, dword ptr [esp+14]
====>D EAX=3 取试炼码的第2位
:00406DB2 83C0F0 add eax, FFFFFFF0
:00406DB5 C68424841F000005 mov byte ptr [esp+00001F84], 05
:00406DBD 8D480C lea ecx, dword ptr [eax+0C]
:00406DC0 83CAFF or edx, FFFFFFFF
:00406DC3 F0 lock
:00406DC4 0FC111 xadd dword ptr [ecx], edx
:00406DC7 4A dec edx
:00406DC8 85D2 test edx, edx
:00406DCA 7F08 jg 00406DD4
:00406DCC 8B08 mov ecx, dword ptr [eax]
:00406DCE 8B11 mov edx, dword ptr [ecx]
:00406DD0 50 push eax
:00406DD1 FF5204 call [edx+04]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406DCA(C)
|
:00406DD4 6A01 push 00000001
:00406DD6 6A03 push 00000003
:00406DD8 8D44241C lea eax, dword ptr [esp+1C]
:00406DDC 50 push eax
:00406DDD 8D4C241C lea ecx, dword ptr [esp+1C]
:00406DE1 E89AFAFFFF call 00406880
:00406DE6 50 push eax
:00406DE7 8D4C241C lea ecx, dword ptr [esp+1C]
:00406DEB C68424881F000007 mov byte ptr [esp+00001F88], 07
:00406DF3 E8A8FCFFFF call 00406AA0
:00406DF8 8B442414 mov eax, dword ptr [esp+14]
====>D EAX=7 取试炼码的第4位
:00406DFC 83C0F0 add eax, FFFFFFF0
:00406DFF C68424841F000005 mov byte ptr [esp+00001F84], 05
:00406E07 8D480C lea ecx, dword ptr [eax+0C]
:00406E0A 83CAFF or edx, FFFFFFFF
:00406E0D F0 lock
:00406E0E 0FC111 xadd dword ptr [ecx], edx
:00406E11 4A dec edx
:00406E12 85D2 test edx, edx
:00406E14 7F08 jg 00406E1E
:00406E16 8B08 mov ecx, dword ptr [eax]
:00406E18 8B11 mov edx, dword ptr [ecx]
:00406E1A 50 push eax
:00406E1B FF5204 call [edx+04]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406E14(C)
|
:00406E1E 6A01 push 00000001
:00406E20 6A05 push 00000005
:00406E22 8D44241C lea eax, dword ptr [esp+1C]
:00406E26 50 push eax
:00406E27 8D4C241C lea ecx, dword ptr [esp+1C]
:00406E2B E850FAFFFF call 00406880
:00406E30 50 push eax
:00406E31 8D4C2424 lea ecx, dword ptr [esp+24]
:00406E35 C68424881F000008 mov byte ptr [esp+00001F88], 08
:00406E3D E85EFCFFFF call 00406AA0
:00406E42 8B442414 mov eax, dword ptr [esp+14]
====>D EAX=4 取试炼码的第6位
:00406E46 83C0F0 add eax, FFFFFFF0
:00406E49 C68424841F000005 mov byte ptr [esp+00001F84], 05
:00406E51 8D480C lea ecx, dword ptr [eax+0C]
:00406E54 83CAFF or edx, FFFFFFFF
:00406E57 F0 lock
:00406E58 0FC111 xadd dword ptr [ecx], edx
:00406E5B 4A dec edx
:00406E5C 85D2 test edx, edx
:00406E5E 7F08 jg 00406E68
:00406E60 8B08 mov ecx, dword ptr [eax]
:00406E62 8B11 mov edx, dword ptr [ecx]
:00406E64 50 push eax
:00406E65 FF5204 call [edx+04]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406E5E(C)
|
:00406E68 6A01 push 00000001
:00406E6A 6A07 push 00000007
:00406E6C 8D44241C lea eax, dword ptr [esp+1C]
:00406E70 50 push eax
:00406E71 8D4C241C lea ecx, dword ptr [esp+1C]
:00406E75 E806FAFFFF call 00406880
:00406E7A 50 push eax
:00406E7B 8D4C2428 lea ecx, dword ptr [esp+28]
:00406E7F C68424881F000009 mov byte ptr [esp+00001F88], 09
:00406E87 E814FCFFFF call 00406AA0
:00406E8C 8B442414 mov eax, dword ptr [esp+14]
====>D EAX=8 取试炼码的第8位
:00406E90 83C0F0 add eax, FFFFFFF0
:00406E93 C68424841F000005 mov byte ptr [esp+00001F84], 05
:00406E9B 8D480C lea ecx, dword ptr [eax+0C]
:00406E9E 83CAFF or edx, FFFFFFFF
:00406EA1 F0 lock
:00406EA2 0FC111 xadd dword ptr [ecx], edx
:00406EA5 4A dec edx
:00406EA6 85D2 test edx, edx
:00406EA8 7F08 jg 00406EB2
:00406EAA 8B08 mov ecx, dword ptr [eax]
:00406EAC 8B11 mov edx, dword ptr [ecx]
:00406EAE 50 push eax
:00406EAF FF5204 call [edx+04]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406EA8(C)
|
:00406EB2 6A01 push 00000001
:00406EB4 6A09 push 00000009
:00406EB6 8D44241C lea eax, dword ptr [esp+1C]
:00406EBA 50 push eax
:00406EBB 8D4C241C lea ecx, dword ptr [esp+1C]
:00406EBF E8BCF9FFFF call 00406880
:00406EC4 50 push eax
:00406EC5 8D4C242C lea ecx, dword ptr [esp+2C]
:00406EC9 C68424881F00000A mov byte ptr [esp+00001F88], 0A
:00406ED1 E8CAFBFFFF call 00406AA0
:00406ED6 8B442414 mov eax, dword ptr [esp+14]
====>D EAX=0 取试炼码的第10位
:00406EDA 83C0F0 add eax, FFFFFFF0
:00406EDD C68424841F000005 mov byte ptr [esp+00001F84], 05
:00406EE5 8D480C lea ecx, dword ptr [eax+0C]
:00406EE8 83CAFF or edx, FFFFFFFF
:00406EEB F0 lock
:00406EEC 0FC111 xadd dword ptr [ecx], edx
:00406EEF 4A dec edx
:00406EF0 85D2 test edx, edx
:00406EF2 7F08 jg 00406EFC
:00406EF4 8B08 mov ecx, dword ptr [eax]
:00406EF6 8B11 mov edx, dword ptr [ecx]
:00406EF8 50 push eax
:00406EF9 FF5204 call [edx+04]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406EF2(C)
|
:00406EFC 8D442418 lea eax, dword ptr [esp+18]
:00406F00 50 push eax
:00406F01 8D4C2420 lea ecx, dword ptr [esp+20]
:00406F05 51 push ecx
:00406F06 8D54243C lea edx, dword ptr [esp+3C]
:00406F0A 52 push edx
:00406F0B E860FCFFFF call 00406B70
:00406F10 8D4C242C lea ecx, dword ptr [esp+2C]
:00406F14 51 push ecx
:00406F15 50 push eax
:00406F16 8D54244C lea edx, dword ptr [esp+4C]
:00406F1A 52 push edx
:00406F1B C684249C1F00000B mov byte ptr [esp+00001F9C], 0B
:00406F23 E848FCFFFF call 00406B70
:00406F28 8D4C243C lea ecx, dword ptr [esp+3C]
:00406F2C 51 push ecx
:00406F2D 50 push eax
:00406F2E 8D542450 lea edx, dword ptr [esp+50]
:00406F32 B30C mov bl, 0C
:00406F34 52 push edx
:00406F35 889C24A81F0000 mov byte ptr [esp+00001FA8], bl
:00406F3C E82FFCFFFF call 00406B70
:00406F41 8D4C244C lea ecx, dword ptr [esp+4C]
:00406F45 51 push ecx
:00406F46 50 push eax
:00406F47 8D542440 lea edx, dword ptr [esp+40]
:00406F4B 52 push edx
:00406F4C C68424B41F00000D mov byte ptr [esp+00001FB4], 0D
:00406F54 E817FCFFFF call 00406B70
====>把上面所取的数连接起来
:00406F59 8B00 mov eax, dword ptr [eax]
====>EAX=37480
:00406F5B 50 push eax
:00406F5C E8E4F20200 call 00436245
:00406F61 8BE8 mov ebp, eax
:00406F63 8B442448 mov eax, dword ptr [esp+48]
:00406F67 83C0F0 add eax, FFFFFFF0
:00406F6A 83C434 add esp, 00000034
:00406F6D 8D480C lea ecx, dword ptr [eax+0C]
:00406F70 83CAFF or edx, FFFFFFFF
:00406F73 F0 lock
:00406F74 0FC111 xadd dword ptr [ecx], edx
:00406F77 4A dec edx
:00406F78 85D2 test edx, edx
:00406F7A 7F08 jg 00406F84
:00406F7C 8B08 mov ecx, dword ptr [eax]
:00406F7E 8B11 mov edx, dword ptr [ecx]
:00406F80 50 push eax
:00406F81 FF5204 call [edx+04]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406F7A(C)
|
:00406F84 8B442430 mov eax, dword ptr [esp+30]
:00406F88 83C0F0 add eax, FFFFFFF0
:00406F8B 889C24841F0000 mov byte ptr [esp+00001F84], bl
:00406F92 8D480C lea ecx, dword ptr [eax+0C]
:00406F95 83CAFF or edx, FFFFFFFF
:00406F98 F0 lock
:00406F99 0FC111 xadd dword ptr [ecx], edx
:00406F9C 4A dec edx
:00406F9D 85D2 test edx, edx
:00406F9F 7F08 jg 00406FA9
:00406FA1 8B08 mov ecx, dword ptr [eax]
:00406FA3 8B11 mov edx, dword ptr [ecx]
:00406FA5 50 push eax
:00406FA6 FF5204 call [edx+04]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406F9F(C)
|
:00406FA9 8B442438 mov eax, dword ptr [esp+38]
:00406FAD 83C0F0 add eax, FFFFFFF0
:00406FB0 C68424841F00000B mov byte ptr [esp+00001F84], 0B
:00406FB8 8D480C lea ecx, dword ptr [eax+0C]
:00406FBB 83CAFF or edx, FFFFFFFF
:00406FBE F0 lock
:00406FBF 0FC111 xadd dword ptr [ecx], edx
:00406FC2 4A dec edx
:00406FC3 85D2 test edx, edx
:00406FC5 7F08 jg 00406FCF
:00406FC7 8B08 mov ecx, dword ptr [eax]
:00406FC9 8B11 mov edx, dword ptr [ecx]
:00406FCB 50 push eax
:00406FCC FF5204 call [edx+04]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406FC5(C)
|
:00406FCF 8B442434 mov eax, dword ptr [esp+34]
:00406FD3 83C0F0 add eax, FFFFFFF0
:00406FD6 C68424841F000005 mov byte ptr [esp+00001F84], 05
:00406FDE 8D480C lea ecx, dword ptr [eax+0C]
:00406FE1 83CAFF or edx, FFFFFFFF
:00406FE4 F0 lock
:00406FE5 0FC111 xadd dword ptr [ecx], edx
:00406FE8 4A dec edx
:00406FE9 85D2 test edx, edx
:00406FEB 7F08 jg 00406FF5
:00406FED 8B08 mov ecx, dword ptr [eax]
:00406FEF 8B11 mov edx, dword ptr [ecx]
:00406FF1 50 push eax
:00406FF2 FF5204 call [edx+04]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406FEB(C)
|
:00406FF5 33FF xor edi, edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00407024(C)
|
:00406FF7 8B5C242C mov ebx, dword ptr [esp+2C]
====>6915 即26901入 EBX
:00406FFB 03DF add ebx, edi
:00406FFD 53 push ebx
:00406FFE 8D442414 lea eax, dword ptr [esp+14]
:00407002 68F09A4600 push 00469AF0
:00407007 50 push eax
:00407008 895C2438 mov dword ptr [esp+38], ebx
:0040700C 895CBC48 mov dword ptr [esp+4*edi+48], ebx
:00407010 E83BFBFFFF call 00406B50
:00407015 83C40C add esp, 0000000C
:00407018 3BDD cmp ebx, ebp
====>?EBX=6915(H),即:26901
====>?EBP=9268(H),即:37480
如果相同,则OK!呵呵,不同当然就OVER了!
:0040701A 0F841A010000 je 0040713A
====>不跳则OVER!
:00407020 47 inc edi
:00407021 83FF01 cmp edi, 00000001
:00407024 72D1 jb 00406FF7
:00407026 6A10 push 00000010
:00407028 68049B4600 push 00469B04
:0040702D 68F49A4600 push 00469AF4
:00407032 6A00 push 00000000
* Reference To: USER32.MessageBoxA, Ord:01DCh
|
:00407034 FF1520964600 Call dword ptr [00469620]
====>BAD BOY!
…… …… 省 略 …… ……
:0040716B FF1520964600 Call dword ptr [00469620]
====>"感谢您选择了绝世好简历!"
————————————————————————————
【注册信息保存】:
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\CRF]
"MaxLog"="26901" ===>注册标志!删之则未注册!
"MinLog"="1026" ===>使用次数!如果是1036则到期!
—————————————————————————————
【总 结】:
注册码需要16位。程序取试炼码的第2、4、6、8、10位与26901相比,有一处不同就OVER了。所以,注册码格式为:X2X6X9X0X1XXXXXX X可以是任意数字或字母!
一个可用注册码:1236495061567890
—————————————————————————————
Cracked By 巢水工作坊——fly【OCN】
21:23 03-2-26
相关文章
更多+相同厂商
热门推荐
点击查看更多
点击查看更多
点击查看更多
说两句网友评论