ƽͷѧ֮ȫ̳̣--ǰ  ھ






-Ѱע 


Ѱע룡 


ѰעСʱĶèèһȤȻ᲻  


õģǿʼ 


Ҳ֪ûǰԭнЩûףҾ˵һ  


ͨû߻ʲôһȷעעбȽϣͬҲ˵עȷĻͻעᡣĲȷٺ٣ȻͲעɹ 


õģѾ֪һȽעḶ́ǹؼڡһȽϵһǳ  


ȼȷעȻǸбȽϣҲ˵ȷעᱻԼ!ٺ٣ȻԼ²ȥ  


ҽ˵ȻڵѾǰҪ࣬ȽϵģǴڵġνȽϣ˵ȷע룬Ȼŵڴҵɳ棬֮ٵõǸע룬žͱȽˡǺǣɣֻҪҵǸȽϵĵطһעŵڴˣٵӦڴ洦һƣOKˣ 


ǵĶ˵ЩģҲ˵ģȽҼ򵥵һٽһ£ 


mov  eax [      ]   ǵַҲĴ ָҲmov  eax [       ] 


mov  edx [      ]   ͬ   ַͨʹҪϢ  ָҲ pop edx 


call 00??????   ؼcall 


jz(jnz)  jne(je)  ؼת 


һmov eax [   ]ָǽһڴַһĴüĴװڴַװeaxСڶָͬǽһڴַһĴеڴַװedxСָǸʲôأٺٺٺ١ 


ָעĵַģҲ˵eaxedxĴдʱһװȷעڴַһǸעڴַڱȽעǰעڴֱַװ뵽ĴУȻǹؼCallؼCallжעбȽʱӦļĴȡעȽϣųһؼתͨCallеıȽϽӦת 


ӦѾ뵽ʲô˰ɣûֻҪҵĹؼCallȻڹؼCall鿴ӦڴַͿҵȷע  һУͨɡĳ˵Լһ˰ҵ΢¯޺ã;Իõ  ڵУֻҪһһִеؼCallȻd eaxd edxͿԲ鿴ַзŵע룬㷢еһԼղģôһȷ  


νڴעأͲٶ˵ˣԭԶעʱжϵӦĵطʾӦڴ洦ֵȻҪõ... CRACKCODE2000עдkeymake÷Բο^_^ 


ʣµҸؼCallˣ˵ǰ߸㽲ʱַͿˣܼ򵥵  


ǾҺŵĲԶɾһǼҺŵĲҲûɾ  :NG˵鶼һЩĹؼCallȽһ㣬ʵķͬҲܺҵ... 


Ǿ: 


ȣǻCHINAZIP^_^ 


ѾǵˣԾͲٽ˰  


õģװٺ٣żϲ˵ϻżżҲҪ˵^_^ǵ-עᣬName:Suunb[CCG],Code:19870219 


ȻǵϻTRW2000,bpx hmemcpy F5ȷ:     


KERNEL?HMEMCPY   


0147:9e62  push     bp 


0147:9e63  mov      bp,sp 


0147:9e65  push     ds 


0147:9e66  push     edi 


0147:9e68  push     esi 


0147:9e6a  cld     



0147:9e6b  mov      ecx,[bp+06] 



0147:9e6f  jcxz     9ee9 



    ...ʡN... 


bc *,ɾϵ㡣pmodule ,ֱ: 


0167:00436d13  mov      [ebx+0c],eax 


0167:00436d16  mov      eax,[ebx] 


0167:00436d18  cmp      eax,byte +0c 


0167:00436d1b  jnz      00436d38 


0167:00436d1d  mov      edx,[ebx+08] 


0167:00436d20  push     edx 


0167:00436d21  mov      ecx,[ebx+04] 


0167:00436d24  mov      edx,eax 


0167:00436d26  mov      eax,esi 


0167:00436d28  call     00432b24 


...ʡN... 


8F12ͻʾǵڶξͰ7  F1016¾ͻᱨõģ:һǰF10ʱ򣬾Ͱǰ˵ķϴΰĴεʱõģǰʮµʱϸ򣬺ǺǣһӾͿ004f4decǸתԼĹؼCALL  ǰF10ִе004f4de7(ؼCALL)ָd edxͿɿע룬d eaxԿҸղ19870219  : 


0167:004f4dc4  mov      eax,[ebp-08]      <---7F121F10(ʱebp-08ŵǸղע19870219) 


0167:004f4dc7  push     eax               <---EAXѹջ; 


0167:004f4dc8  lea      edx,[ebp-10] 


0167:004f4dcb  mov      eax,[ebx+02e0] 


0167:004f4dd1  call     00432f24          <---CALLõûûʵĳAPIٺ٣Ļ׷ȥ  


0167:004f4dd6  mov      edx,[ebp-10]      <---õûEDX; 


0167:004f4dd9  lea      ecx,[ebp-0c] 


0167:004f4ddc  mov      eax,ebx 


0167:004f4dde  call     004f4fac          <---CALLע; 


0167:004f4de3  mov      edx,[ebp-0c]      <---.עEDX,ָʱD EDX鿴; 


0167:004f4de6  pop      eax               <---ǰѹעջ; 


0167:004f4de7  call     0040411c          <---CALLȽע룬װ!; 


0167:004f4dec  jnz      004f4e64          <---,ƽ75Ϊ74EB,Ȼ90Ҳ;         


0167:004f4dee  mov      dl,01 


0167:004f4df0  mov      eax,[00452558] 


0167:004f4df5  call     00452658 


0167:004f4dfa  mov      [ebp-04],eax 


0167:004f4dfd  xor      eax,eax 


0167:004f4dff  push     ebp 


0167:004f4e00  push     dword 004f4e5d 



0167:004f4e05  push     dword [fs:eax] 



0167:004f4e08  mov      [fs:eax],esp 



0167:004f4e0b  mov      cl,01 



0167:004f4e0d  mov      edx,004f4ea8 



0167:004f4e12  mov      eax,[ebp-04] 



0167:004f4e15  call     0045283c 


0167:004f4e1a  mov      ecx,004f4ecc 


0167:004f4e1f  mov      edx,004f4ef4 


0167:004f4e24  mov      eax,[ebp-04] 


0167:004f4e27  call     00452c80 


0167:004f4e2c  mov      eax,004f4f00 


0167:004f4e31  call     00458b8c 


0167:004f4e36  mov      eax,[0050306c] 


0167:004f4e3b  mov      eax,[eax] 


0167:004f4e3d  mov      edx,004f4f24 


0167:004f4e42  call     00432f54 


0167:004f4e47  xor      eax,eax 


0167:004f4e49  pop      edx 



0167:004f4e4a  pop      ecx 



0167:004f4e4b  pop      ecx 



0167:004f4e4c  mov      [fs:eax],edx 



0167:004f4e4f  push     dword 004f4e6e 



0167:004f4e54  mov      eax,[ebp-04] 



0167:004f4e57  call     004030c4 



0167:004f4e5c  ret     



0167:004f4e5d  jmp      00403824 



0167:004f4e62  jmp      short 004f4e54 



0167:004f4e64  mov      eax,004f4f48      <---0167:004f4dec!; 



0167:004f4e69  call     00458b8c 



0167:004f4e6e  xor      eax,eax 



: 



Name:Suunb[CCG] 



Code:SCCG5296 



TRW2000¶ϵbpx 004f4de6жϺD EDX鿴.ע롣 



:CRACKCODE2000CRACKCODE.INI 



[Options] 


CommandLine=CHINAZIP.exe 


Mode=2                             


First_Break_Address=4f4de7         


First_Break_Address_Code=E8       


First_Break_Address_Code_Lenth=5   


Second_Break_Address=404123       


Second_Break_Address_Code_Lenth=2 


Save_Code_Address=EDX 


ǺǣǲǺܼ򵥣˵ʵѵ  


Ҳ֪ûз֣ʵĹؼCALLǺܺҵģW32DasmҳΪʲôأЩȽϼ򵥵αطأ 


W32DasmҹؼCALL: 


ơeٱ 


汾4.0 


ļС1316KB 


ƽ̨Win9x/Me/NT/2000 


顿ṩ25ֱ任ķʽȻһ¡򵥣ѧϰֶ֧InternetͼƬʽֽļ洢תֽչԭͼƬļ 


ٺ٣ҲȥҵСèˣǾͻõԱ2001϶׹ϵ  (2002żû) 


װ(ٺ٣ϰˣΪʲôˣ ^_^)һ¸ȣԶӦĻ룬ͣעϣע19870219,ȷ,! 


fi飬ΪDelphi룬ûӿǡ 


W32DASM򿪸ִļο-ʽο±ߣ˸ղŵ"ע벻ȷϵ" 


˫ֻһã00488E97,ڴʽοԻ"ע벻ȷϵ"ңҵ"лֹ֧ף"(˵Ҷ˼)    


˫Ծֻһã00488DF7: 


* Referenced by a (U)nconditional or (C)onditional Jump at Address: 


|:00488DCD(U) 


| 


:00488DD9 8B45FC                  mov eax, dword ptr [ebp-04] 


:00488DDC 8B8020040000            mov eax, dword ptr [eax+00000420] 


:00488DE2 35280BB61E              xor eax, 1EB60B28 


:00488DE7 3B45F8                  cmp eax, dword ptr [ebp-08]  <---ؼȽϣ? EAX鿴ȷע; 


:00488DEA 0F85A0000000            jne 00488E90                 <---ؼתȾع! 


:00488DF0 6A40                    push 00000040 




* Possible StringData Ref from Code Obj ->"עɹ" 


                         | 


:00488DF2 68D48E4800              push 00488ED4 




* Possible StringData Ref from Code Obj ->"лֹ֧ףˣ" 


                         | 


:00488DF7 68E08E4800              push 00488EE0                <---˫ʽοУҵһתǹؼתؼתǹؼȽ; 


:00488DFC 8B45FC                  mov eax, dword ptr [ebp-04] 


:00488DFF E81CD2FBFF              call 00446020 


:00488E04 50                      push eax 


...ʡԴ... 


Ͽ00488DEAһת,ȱ00488E90ع!ǵ00488E97ĳԻ! װ! 


һУ00488DE7:cmp eax, dword ptr [ebp-08],ΪؼȽϡ? EAX鿴ȷע롣 


: 


򿪸ע봦19870219,TRW2000,¶ϵbpx 00488DE7עᱻ? EAXõȷע롣 


:533226313 


ע:25061473 


עдkeymakeдע: 


-ע(F8),ePaper.exe,עѡĴʽ EAX ʮơ 


Ӷϵ㣬жϵַ:00488DE7,жϴ:1,һֽ:3B,ָ:3 


ע깤OK! 


ٺ٣ǲǾעԽԽСʱĶèèˣ  ϧżСʱû÷͵Ļ... 


õģνеWinZIP8.1ŴҶùɣżϲRARҲù... 


û˵ǿܺ  


ơWinZIP 


汾8.1 Beta 2 


ļС1757KB 


ƽ̨Win9x/Me/NT/2000 


顿һǿõѹʵó֧ZIPCABTARGZIPMIMEԼʽѹļصǽܵWindowsԴϷżɣ뿪Դѹѹ 


˵˰ɣԾǵԱ2001϶׹  


֮ΪĹؼCALLûǰ(ʵҲ^_^)ߴԣͨһOllydbgҵݱĵ  


֮ᵽOllydbgǾһǳǳĵ...ǿҽ漸...(MP3 ^_^) 


,ȵȻҪװ()ȻOllydbg룬ʱᱻֳĸ,ϷĴ룬ϷǼĴĵط·ڴ·ʾǶջϢ 


¶ϵ㣬Alt+F4֮ѡUSER32,ȻҼ-->-->ǰģеƣȻһѺҵGetDlgItemTextAF2¶ϵ㣬ʾ󣬲˵޷жϵ㣬ǲǺܹ񫣿(...磬ҴˣҲ...) 


ǺǣҲ֪ʲôԭǲöϣʵҶOllydbgҲ̫Ǹ(ؼ¶Ϸʽ)ǵܶϵɣעSuunb[CCG]ע19870219ȻTRW2000¶bpx hmemcpyϵ֮pmoduleպһF12ͻеĶ... 


TRW2000ٶһ£֮ŵһָĵַ0040bd5f...ָǵGetDlgItemTextAΪʲôOllydbgвأ 


ûϵǼַԾOllydbgس֮ڷരҵ0040bd5fȻF2¶(Ϊɫ)¶֮㰴F9г򣬽עSuunb[CCG]ע19870219ȷᱻOllydbgϵ: 


0040BD5F  |. 57             PUSH EDI 


0040BD60  |. E8 F34A0500    CALL WINZIP32.00460858 


0040BD65  |. 57             PUSH EDI                                 ; /Arg1 


0040BD66  |. E8 164B0500    CALL WINZIP32.00460881                   ; \WINZIP32.00460881 



0040BD6B  |. 59             POP ECX 


0040BD6C  |. BE 1CCA4C00    MOV ESI,WINZIP32.004CCA1C 


0040BD71  |. 59             POP ECX 


0040BD72  |. 6A 0B          PUSH 0B                                  ; /Count = B (11.) 


0040BD74  |. 56             PUSH ESI                                 ; |Buffer => WINZIP32.004CCA1C 


0040BD75  |. 68 810C0000    PUSH 0C81                                ; |ControlID = C81 (3201.) 


0040BD7A  |. 53             PUSH EBX                                 ; |hWnd 


0040BD7B  |. FF15 F4C54A00  CALL DWORD PTR DS:[<&USER32.GetDlgItemTe>; \GetDlgItemTextA 


0040BD81  |. 56             PUSH ESI 


0040BD82  |. E8 D14A0500    CALL WINZIP32.00460858 


0040BD87  |. 56             PUSH ESI 


0040BD88  |. E8 F44A0500    CALL WINZIP32.00460881 


0040BD8D  |. 803D F0C94C00 >CMP BYTE PTR DS:[4CC9F0],0 


0040BD94  |. 59             POP ECX 


0040BD95  |. 59             POP ECX 


0040BD96  |. 74 5F          JE SHORT WINZIP32.0040BDF7 



0040BD98  |. 803D 1CCA4C00 >CMP BYTE PTR DS:[4CCA1C],0 


0040BD9F  |. 74 56          JE SHORT WINZIP32.0040BDF7 



0040BDA1  |. E8 31F9FFFF    CALL WINZIP32.0040B6D7                   <--ؼCALLȻȥ 



0040BDA6  |. 84C0           TEST AL,AL                               <--ݹؼCALLбȽϵĽӦĲ 



0040BDA8  |. 74 4D          JE SHORT WINZIP32.0040BDF7               <--߾ûϷ! 



0040BDAA  |. 57             PUSH EDI 



0040BDAB  |. 68 08DE4B00    PUSH WINZIP32.004BDE08                   ;  ASCII "Name" 



0040BDB0  |. FF35 1CC74A00  PUSH DWORD PTR DS:[4AC71C]               ;  WINZIP32.004BDDEC 


0040BDB6  |. E8 8AFA0400    CALL WINZIP32.0045B845 


0040BDBB  |. 56             PUSH ESI 


0040BDBC  |. 68 C8EB4B00    PUSH WINZIP32.004BEBC8                   ;  ASCII "SN" 


0040BDC1  |. FF35 1CC74A00  PUSH DWORD PTR DS:[4AC71C]               ;  WINZIP32.004BDDEC 


0040BDC7  |. E8 79FA0400    CALL WINZIP32.0045B845 


0040BDCC  |. FF35 18C74A00  PUSH DWORD PTR DS:[4AC718]               ; |Arg4 = 004BDDF4 ASCII "winzip32.ini" 


0040BDD2  |. 6A 00          PUSH 0                                   ; |Arg3 = 00000000 


0040BDD4  |. 6A 00          PUSH 0                                   ; |Arg2 = 00000000 


0040BDD6  |. 68 14DE4B00    PUSH WINZIP32.004BDE14                   ; |Arg1 = 004BDE14 ASCII "rrs" 


0040BDDB  |. E8 4CFA0400    CALL WINZIP32.0045B82C                   ; \WINZIP32.0045B82C 



0040BDE0  |. A1 A8914C00    MOV EAX,DWORD PTR DS:[4C91A8] 


0040BDE5  |. 83C4 28        ADD ESP,28 


0040BDE8  |. 85C0           TEST EAX,EAX 


0040BDEA  |. 74 07          JE SHORT WINZIP32.0040BDF3 


0040BDEC  |. 50             PUSH EAX                                 ; /hObject => 000013F4 (font) 


0040BDED  |. FF15 80C04A00  CALL DWORD PTR DS:[<&GDI32.DeleteObject>>; \DeleteObject 


0040BDF3  |> 6A 01          PUSH 1 


0040BDF5  |. EB 30          JMP SHORT WINZIP32.0040BE27 


0040BDF7  |> E8 C3020000    CALL WINZIP32.0040C0BF 



0040BDFC  |. 68 8E020000    PUSH 28E 



0040BE01  |. E8 61470500    CALL WINZIP32.00460567 


0040BE06  |. 50             PUSH EAX                                 ; |Arg3 


0040BE07  |. 53             PUSH EBX                                 ; |Arg2 


0040BE08  |. 6A 3D          PUSH 3D                                  ; |Arg1 = 0000003D 


0040BE0A  |. E8 C8050400    CALL WINZIP32.0044C3D7                   ; \WINZIP32.0044C3D7 




Ollydbgϵ֮󣬿TRW2000һͨF8(һҲϲF4^_^)ִгǰ32F8ͻڵڶʱF820ʱϸûпɵĵطһ۾ͿԿ0040BDA1ؼCALLֻҪ׷ʱ׷ȥпܿȷע  


ǻʲôأǾͽȥ... 


F7ῴۻۻңPUSHPOPĸأ֪ΪʲôOllydbg˰(żҲҪTRW2000ģʱı ^_^)OllydbgһôǿӿĴеֵرͨF8ִеʱڷ±ߣһС壬ʾָʹõļĴֵˬɣ 


ǰ76F8֮0040B803ͿԵһοȷעˣǺǣ߶71C20EDCȻ㻹½Σˬ 


һһȤ飬WinZIP8.1Уһעע룬Ǻǣ֪ǲǻΪرû׼رעͨ  ͨȽϣע벻ȷȻٴһעٱȽһΣٺ٣ҵĵڶע25170288 


׷ؼCALLĴ: 


0040B6D7  /$ 55             PUSH EBP 


0040B6D8  |. 8BEC           MOV EBP,ESP 


0040B6DA  |. 81EC 0C020000  SUB ESP,20C 



0040B6E0  |. 8065 FF 00     AND BYTE PTR SS:[EBP-1],0 


0040B6E4  |. 803D F0C94C00 >CMP BYTE PTR DS:[4CC9F0],0 


0040B6EB  |. 53             PUSH EBX 


0040B6EC  |. 56             PUSH ESI 


0040B6ED  |. 57             PUSH EDI 


0040B6EE  |. 0F84 FB000000  JE WINZIP32.0040B7EF 


0040B6F4  |. 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18] 



0040B6F7  |. 50             PUSH EAX 


0040B6F8  |. 68 C0E84B00    PUSH WINZIP32.004BE8C0 


0040B6FD  |. E8 DE61FFFF    CALL WINZIP32.004018E0 



0040B702  |. 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18] 



0040B705  |. 50             PUSH EAX 


0040B706  |. E8 F57C0800    CALL WINZIP32.00493400 


0040B70B  |. 83C4 0C        ADD ESP,0C 


0040B70E  |. 83F8 14        CMP EAX,14 



0040B711  |. 72 11          JB SHORT WINZIP32.0040B724 


0040B713  |. BF 20C74A00    MOV EDI,WINZIP32.004AC720                ;  ASCII "auth.c" 


0040B718  |. 6A 21          PUSH 21 


0040B71A  |. 57             PUSH EDI 


0040B71B  |. E8 86F60000    CALL WINZIP32.0041ADA6 


0040B720  |. 59             POP ECX 


0040B721  |. 59             POP ECX 


0040B722  |. EB 05          JMP SHORT WINZIP32.0040B729 


0040B724  |> BF 20C74A00    MOV EDI,WINZIP32.004AC720                ;  ASCII "auth.c" 


0040B729  |> 8D85 F4FDFFFF  LEA EAX,DWORD PTR SS:[EBP-20C] 


0040B72F  |. BB F0C94C00    MOV EBX,WINZIP32.004CC9F0                ;  ASCII "Suunb[CCG]" 


0040B734  |. 50             PUSH EAX 


0040B735  |. 53             PUSH EBX 


0040B736  |. E8 50030000    CALL WINZIP32.0040BA8B 


0040B73B  |. 8D85 F4FDFFFF  LEA EAX,DWORD PTR SS:[EBP-20C] 


0040B741  |. 50             PUSH EAX 


0040B742  |. E8 B97C0800    CALL WINZIP32.00493400 


0040B747  |. BE C8000000    MOV ESI,0C8 


0040B74C  |. 83C4 0C        ADD ESP,0C 


0040B74F  |. 3BC6           CMP EAX,ESI 


0040B751  |. 72 0A          JB SHORT WINZIP32.0040B75D 


0040B753  |. 6A 23          PUSH 23 


0040B755  |. 57             PUSH EDI 


0040B756  |. E8 4BF60000    CALL WINZIP32.0041ADA6 


0040B75B  |. 59             POP ECX 


0040B75C  |. 59             POP ECX 


0040B75D  |> 8D85 F4FDFFFF  LEA EAX,DWORD PTR SS:[EBP-20C] 


0040B763  |. 50             PUSH EAX 


0040B764  |. 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18] 


0040B767  |. 50             PUSH EAX 


0040B768  |. E8 03300900    CALL WINZIP32.0049E770 



0040B76D  |. 59             POP ECX 


0040B76E  |. 85C0           TEST EAX,EAX 


0040B770  |. 59             POP ECX 


0040B771  |. 75 04          JNZ SHORT WINZIP32.0040B777 


0040B773  |. C645 FF 01     MOV BYTE PTR SS:[EBP-1],1 


0040B777  |> 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18] 



0040B77A  |. 50             PUSH EAX 


0040B77B  |. 68 D0E84B00    PUSH WINZIP32.004BE8D0 


0040B780  |. E8 5B61FFFF    CALL WINZIP32.004018E0 



0040B785  |. 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18] 



0040B788  |. 50             PUSH EAX 


0040B789  |. E8 727C0800    CALL WINZIP32.00493400 


0040B78E  |. 83C4 0C        ADD ESP,0C 



0040B791  |. 83F8 14        CMP EAX,14 


0040B794  |. 72 0A          JB SHORT WINZIP32.0040B7A0 


0040B796  |. 6A 27          PUSH 27 


0040B798  |. 57             PUSH EDI 


0040B799  |. E8 08F60000    CALL WINZIP32.0041ADA6 



0040B79E  |. 59             POP ECX 


0040B79F  |. 59             POP ECX 


0040B7A0  |> 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18] 


0040B7A3  |. 50             PUSH EAX 


0040B7A4  |. 53             PUSH EBX 


0040B7A5  |. E8 C62F0900    CALL WINZIP32.0049E770 



0040B7AA  |. 59             POP ECX 



0040B7AB  |. 85C0           TEST EAX,EAX 


0040B7AD  |. 59             POP ECX 


0040B7AE  |. 75 0E          JNZ SHORT WINZIP32.0040B7BE 


0040B7B0  |. FF15 F0C14A00  CALL DWORD PTR DS:[<&KERNEL32.GetTickCou>; [GetTickCount 


0040B7B6  |. A8 01          TEST AL,1 


0040B7B8  |. 74 04          JE SHORT WINZIP32.0040B7BE 


0040B7BA  |. C645 FF 01     MOV BYTE PTR SS:[EBP-1],1 


0040B7BE  |> 6A 14          PUSH 14 


0040B7C0  |. 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18] 


0040B7C3  |. 6A 00          PUSH 0 


0040B7C5  |. 50             PUSH EAX 


0040B7C6  |. E8 75820800    CALL WINZIP32.00493A40 


0040B7CB  |. 56             PUSH ESI 


0040B7CC  |. 8D85 F4FDFFFF  LEA EAX,DWORD PTR SS:[EBP-20C] 


0040B7D2  |. 6A 00          PUSH 0 


0040B7D4  |. 50             PUSH EAX 


0040B7D5  |. E8 66820800    CALL WINZIP32.00493A40 



0040B7DA  |. 83C4 18        ADD ESP,18 



0040B7DD  |. 807D FF 00     CMP BYTE PTR SS:[EBP-1],0 



0040B7E1  |. 74 13          JE SHORT WINZIP32.0040B7F6 



0040B7E3  |. E8 D7080000    CALL WINZIP32.0040C0BF 



0040B7E8  |. 8025 EDBF4C00 >AND BYTE PTR DS:[4CBFED],0 


0040B7EF  |> 32C0           XOR AL,AL 



0040B7F1  |. E9 F5000000    JMP WINZIP32.0040B8EB 



0040B7F6  |> 8D85 BCFEFFFF  LEA EAX,DWORD PTR SS:[EBP-144] 



0040B7FC  |. 50             PUSH EAX 


0040B7FD  |. 53             PUSH EBX 


0040B7FE  |. E8 ED000000    CALL WINZIP32.0040B8F0                    <--ȷע 


0040B803  |. 8D85 BCFEFFFF  LEA EAX,DWORD PTR SS:[EBP-144]            <--һηȷע 


0040B809  |. 50             PUSH EAX                                 


0040B80A  |. E8 F17B0800    CALL WINZIP32.00493400 


0040B80F  |. BE 2C010000    MOV ESI,12C 


0040B814  |. 83C4 0C        ADD ESP,0C 


0040B817  |. 3BC6           CMP EAX,ESI 


0040B819  |. 72 0A          JB SHORT WINZIP32.0040B825 


0040B81B  |. 6A 39          PUSH 39 


0040B81D  |. 57             PUSH EDI 


0040B81E  |. E8 83F50000    CALL WINZIP32.0041ADA6 


0040B823  |. 59             POP ECX 


0040B824  |. 59             POP ECX 


0040B825  |> BF 1CCA4C00    MOV EDI,WINZIP32.004CCA1C                ;  ASCII "19870219"             <--ղĴעEDI 


0040B82A  |. 8D85 BCFEFFFF  LEA EAX,DWORD PTR SS:[EBP-144]           <--EAXװȷעڵĵַ 


0040B830  |. 57             PUSH EDI                                 <--ûעջ 


0040B831  |. 50             PUSH EAX                                 <--ȷעջ 


0040B832  |. E8 392F0900    CALL WINZIP32.0049E770                   <--ؼCALLڱȽûע 


0040B837  |. F7D8           NEG EAX 


0040B839  |. 1AC0           SBB AL,AL 


0040B83B  |. 59             POP ECX 


0040B83C  |. FEC0           INC AL 


0040B83E  |. 59             POP ECX 


0040B83F  |. A2 EDBF4C00    MOV BYTE PTR DS:[4CBFED],AL 


0040B844  |. 0F85 8A000000  JNZ WINZIP32.0040B8D4 


0040B84A  |. 8D85 BCFEFFFF  LEA EAX,DWORD PTR SS:[EBP-144] 


0040B850  |. 50             PUSH EAX 


0040B851  |. 53             PUSH EBX 


0040B852  |. E8 33010000    CALL WINZIP32.0040B98A                   <--ĵڶע 


0040B857  |. 8D85 BCFEFFFF  LEA EAX,DWORD PTR SS:[EBP-144]           <--ʱһע 


0040B85D  |. 50             PUSH EAX                                 



0040B85E  |. E8 9D7B0800    CALL WINZIP32.00493400 



0040B863  |. 83C4 0C        ADD ESP,0C 


0040B866  |. 3BC6           CMP EAX,ESI 


0040B868  |. 72 0E          JB SHORT WINZIP32.0040B878 


0040B86A  |. 6A 3E          PUSH 3E 


0040B86C  |. 68 20C74A00    PUSH WINZIP32.004AC720                   ;  ASCII "auth.c" 


0040B871  |. E8 30F50000    CALL WINZIP32.0041ADA6 


0040B876  |. 59             POP ECX 


0040B877  |. 59             POP ECX 


0040B878  |> 8D85 BCFEFFFF  LEA EAX,DWORD PTR SS:[EBP-144]           <--ĵڶעװEAX 


0040B87E  |. 57             PUSH EDI                                 <--ûעջ 


0040B87F  |. 50             PUSH EAX                                 <--ĵڶעջ 


0040B880  |. E8 EB2E0900    CALL WINZIP32.0049E770                   <--һؼCALLڱȽϵڶɵע 


0040B885  |. F7D8           NEG EAX 


0040B887  |. 1AC0           SBB AL,AL 


0040B889  |. 59             POP ECX 


0040B88A  |. FEC0           INC AL 


0040B88C  |. 59             POP ECX 


0040B88D  |. A2 EDBF4C00    MOV BYTE PTR DS:[4CBFED],AL 


0040B892  |. 75 40          JNZ SHORT WINZIP32.0040B8D4 


0040B894  |. 8D85 C0FEFFFF  LEA EAX,DWORD PTR SS:[EBP-140] 


0040B89A  |. 6A 04          PUSH 4 


0040B89C  |. 50             PUSH EAX 


0040B89D  |. 57             PUSH EDI 


0040B89E  |. E8 DD690900    CALL WINZIP32.004A2280 


0040B8A3  |. 83C4 0C        ADD ESP,0C 


0040B8A6  |. 85C0           TEST EAX,EAX 


0040B8A8  |. 75 23          JNZ SHORT WINZIP32.0040B8CD 


0040B8AA  |. 8D85 BCFEFFFF  LEA EAX,DWORD PTR SS:[EBP-144] 


0040B8B0  |. 6A 04          PUSH 4 


0040B8B2  |. 50             PUSH EAX 


0040B8B3  |. 68 20CA4C00    PUSH WINZIP32.004CCA20                   ;  ASCII "0219" 


0040B8B8  |. E8 C3690900    CALL WINZIP32.004A2280 


0040B8BD  |. 83C4 0C        ADD ESP,0C 


0040B8C0  |. 85C0           TEST EAX,EAX 


0040B8C2  |. 75 09          JNZ SHORT WINZIP32.0040B8CD 


0040B8C4  |. C605 EDBF4C00 >MOV BYTE PTR DS:[4CBFED],1 


0040B8CB  |. EB 07          JMP SHORT WINZIP32.0040B8D4 


0040B8CD  |> 8025 EDBF4C00 >AND BYTE PTR DS:[4CBFED],0 


0040B8D4  |> 56             PUSH ESI 


0040B8D5  |. 8D85 BCFEFFFF  LEA EAX,DWORD PTR SS:[EBP-144] 


0040B8DB  |. 6A 00          PUSH 0 


0040B8DD  |. 50             PUSH EAX 


0040B8DE  |. E8 5D810800    CALL WINZIP32.00493A40 


0040B8E3  |. A0 EDBF4C00    MOV AL,BYTE PTR DS:[4CBFED] 


0040B8E8  |. 83C4 0C        ADD ESP,0C 



0040B8EB  |> 5F             POP EDI 


0040B8EC  |. 5E             POP ESI 


0040B8ED  |. 5B             POP EBX 


0040B8EE  |. C9             LEAVE 


0040B8EF  \. C3             RETN 




һ: 


ע:Suunb[CCG] 


ע:71C20EDC or 25170288 


ʵϻһĹϸһ£ͻ֪ʵһҲѣֻһ鷳  


һҲ͵ɣھޱ... 


˵һµǣNõıȽϷԣҪһֻͦ׵  


һ±㽲һЩȽϵģȻ֣ͨȽϵҵעĻӦҲͰ㷨Ĳˣԣһ£ע㷨ʱٽ... 


<> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 
ڰ--עɵ 


Ӧ׵ǣе߶ϣǱ  ûԸԼڵһdָҵȷע...ҪĻʲô 


ǰ߶ǽĲעķԵģ뱣֤ǸʹõȽϣĻֻҶԵطһdָͳˡǼȻȽʣͲѲ³ӦķȽ...ȽҲȽ⣬ȽעķͬԣǼȷעûĽбȽϣܻÿһλעеӦλȽһΣһûĲͬʾȵȵȵ... 


ʵҲҵӦע룬еңҪһλһλļ...˼ҲӣһĳλȷߵĻô죿ԣ¸Ǹ...NGǾֻж㷨зעΨһķдעĻ... 


ҪףҵЩȽϵע룬ԭҲΪõȽϣûʲôֵĸ˵ĵطҪģҵһע...ȻţǶ߻ǺаġCrackһĿģǶӦķ㶮ע㷨дעǳɹCrackһɹԱģ˶һ˳һ ^_^ǺȻףһ£һϸķһ°㷨ˣָо...ŲɵΪһҲĵż  


ǰЩ˴ϺĹע㷨£ͬʱҲйͼٷĳľٶȻĽ˲̫  


ʵһע㷨аһЩԷĶԼҪľ飬һʹöûյͼȥһһ...ٺ٣żǼ  ʹõѣǲζȥһˣCALL׷ľٶɲżһйľҾ˵ʵķ 


ŴҶвڸĸͬ¶ʹõԼ󲿷ָֻ˰ɣǾ͹ˣǿʼ...  


ʽʼ⣬ӣӶ㹻ıǼ¥ǸıҪǿ...  


õģȣǻǵλѰ  ٺ٣ڴˣżCHINAZIPлѹv7.0߱ʾϵǸ!ϰ汾лѹϵ鷳... 


ͨǰ߶µĽ⣬ѾϸˣҲ׷Ӧע롣ǽĿǶע㷨здעע㷨ʵҲȽϼ򣨲ҴBugӣ˵... 


õģǿʼǰ߶׷עʱǾѾ֪ڼȷעĹؼCALLλΪ004f4ddeTRW2000з!Ŀǰ󲿷ֽ̳TRW2000ΪǴ񶼻õĵż彲⣩ 


CHINAZIP--עᣨҲ˵ǳʺд̳עȻٴעᣩעSuunb[CCG]ע19870219֮Ctrl+NTRW2000¶ϵbpx 004f4ddeF5ء 


žͰȷɣǺǣTRW2000ˡͨǰµķԾ֪004f4ddeCALLڼȷע룬ֱӰF8ɣע㷨ͰCALLУ͸ˣҲŪעɵˡҪôأһȽ⣬һѶѵָҲ֪ôģҵһʱǾҲűôЩҪЩҪأ˵ˣְôCALLһҪһһ׷ȥ 


Ǻǣ˵ļˡʵҲûʲôµģֻҪ಻⣬ˡȿȰעCALLͷβִһ飬дŵתԼĳЩCALLãhehe~~ִйһCALLͿһ¸Ĵı仯Ĵеֵıˣɫͻ䣩ĳĴֵCALL֮ıˣǾͿԿһֵǺͣڴַdָһ£ֵͿһǲǵõעעλȵȣĻͿ̭һ󲿷ֵCALLΪCALLֻǰעעװ뵽ڴеĳַߵõעע룩λעĳһλASCII룬ЩǲƼOllydbgִйһָܶϢԿ  õģҽ˵F8׷CALL֮ȴһ...Ҹ׷ķ룬עͣӦķ... 


0167:004f4fac  push     ebp                                   <--F8ĵһָ 


0167:004f4fad  mov      ebp,esp 


0167:004f4faf  push     byte +00 


0167:004f4fb1  push     byte +00 


0167:004f4fb3  push     byte +00 


0167:004f4fb5  push     byte +00 


0167:004f4fb7  push     byte +00 


0167:004f4fb9  push     byte +00 


0167:004f4fbb  push     byte +00 


0167:004f4fbd  push     ebx 


0167:004f4fbe  push     esi 


0167:004f4fbf  push     edi 


0167:004f4fc0  mov      [ebp-08],ecx 


0167:004f4fc3  mov      [ebp-04],edx 


0167:004f4fc6  mov      eax,[ebp-04] 


0167:004f4fc9  call     004041c0 


0167:004f4fce  xor      eax,eax 


0167:004f4fd0  push     ebp 


0167:004f4fd1  push     dword 004f5097 


0167:004f4fd6  push     dword [fs:eax] 


0167:004f4fd9  mov      [fs:eax],esp 


0167:004f4fdc  xor      esi,esi 


0167:004f4fde  lea      eax,[ebp-0c] 


0167:004f4fe1  mov      edx,[ebp-04] 


0167:004f4fe4  call     00403e24                        <--CALLڵõûע 


0167:004f4fe9  mov      eax,[ebp-0c]                    <--õעĵַװeaxĴ 


0167:004f4fec  call     0040400c                        <--CALLڵõûעλeax 


0167:004f4ff1  mov      edi,eax                         <--עλװedi 


0167:004f4ff3  test     edi,edi                         <--ediв 


0167:004f4ff5  jng      004f5051                        <--ediеֵΪ0ͻ 


0167:004f4ff7  mov      ebx,01                          <--ebx1ں 


0167:004f4ffc  mov      eax,[ebp-0c]                    <--ebp-0cװעڴַʱ丶eax 


0167:004f4fff  mov      al,[eax+ebx-01]                 <--eaxдʱװעڴַebxеֵټȥ01ڵõעеӦλַ˵ǵһִеʱebxװ01ټȥ01õֵʵeaxܵõעеĵһַˣִеʱebx1Ծܵõһַ... 


0167:004f5003  call     004f4f60                        <--CALLҪ˵֪Ҫ 


0167:004f5008  test     al,al                           <--ǻᷢһ㣬alalǰCALL֮ǰװעеĳһַǿԶ϶ǸCALLԵõַһЩֽţٸ... 


0167:004f500a  jz       004f5031                        <--alװ0004f5031alеֵᱻ004f5003ǸCALLı 


0167:004f500c  lea      eax,[ebp-18]                     


0167:004f500f  mov      edx,[ebp-0c]                    <--ebp-0cװעڴַʱװedx 


0167:004f5012  mov      dl,[edx+ebx-01]                 <--ǰ߶004f4fffָͬõעеĵǰμַ 


0167:004f5016  call     00403f34                        <--Ҫ!! 


0167:004f501b  mov      eax,[ebp-18]                   


0167:004f501e  lea      edx,[ebp-14] 


0167:004f5021  call     004088ac                        <--Ҫ!! 


0167:004f5026  mov      edx,[ebp-14] 


0167:004f5029  lea      eax,[ebp-10] 


0167:004f502c  call     00404014                        <--CALLͬȽҪģǰμַǰ004f5003CALL֮Ҫ󣨷Ҫalᱻ÷0ֵô004f500aתʧȥãִеCALLὫǰҪַ浽00D3B3C4ڴ棩!!߶ϸ˵ 


0167:004f5031  cmp      ebx,byte +01                    <--ôʱebxװֵȥ1 


0167:004f5034  jz       004f5040                        <--Ϊ㣬Ҳ˵ʱעеĵһַĻ004f5040 


0167:004f5036  mov      eax,[ebp-0c]                    <--ebp-0cװעڴַָעڴַװeax 


0167:004f5039  movzx    eax,byte [eax+ebx-02]           <--ڵõһμַ 


0167:004f503e  jmp      short 004f5046                  <--ת004f5046 


0167:004f5040  mov      eax,[ebp-0c]                    <--ebp-0cװעڴַ   


0167:004f5043  movzx    eax,byte [eax]                  <--õעĵһַ 


0167:004f5046  lea      esi,[esi+eax*4+a8]              <--!!!һָǹؼڣ˵!!!ָȵõֲμַASCII룬Ȼ6֮ټa8ʮ168Ǻǣ⣩ͬʱٽַõֵǰѾֵַĺ! 


0167:004f504d  inc      ebx                             <--ebx1ڵõעһַ 


0167:004f504e  dec      edi                             <--edi1ediװעλ 


0167:004f504f  jnz      004f4ffc                        <--Ϊ004f4ffcʼһַ...Ҳ˵ÿһַͽediȥ1ֱΪ0ҲеַȫμӹΪֹ 


0167:004f5051  lea      edx,[ebp-1c]                    <--װע벿ֵĵַװedxCALL 


0167:004f5054  mov      eax,esi                         <--ǰעĺ벿ֵֵװeax 


0167:004f5056  call     00408c70                        <--ǰõע벿ֵֵתΪʮƣװebp-1c 


0167:004f505b  mov      ecx,[ebp-1c]                    <--epb-1cװעĺ벿 


0167:004f505e  lea      eax,[ebp-0c] 


0167:004f5061  mov      edx,[ebp-10]                    <--ebp-10װעǰ벿 


0167:004f5064  call     00404058                        <--CALLڽǰעϲһ𣬺ϲעebp-0c 


0167:004f5069  mov      eax,[ebp-08] 


0167:004f506c  mov      edx,[ebp-0c] 


0167:004f506f  call     00403de0 


0167:004f5074  xor      eax,eax 


0167:004f5076  pop      edx 


0167:004f5077  pop      ecx 


0167:004f5078  pop      ecx 


0167:004f5079  mov      [fs:eax],edx 


0167:004f507c  push     dword 004f509e 


0167:004f5081  lea      eax,[ebp-1c] 


0167:004f5084  mov      edx,05 


0167:004f5089  call     00403db0 


0167:004f508e  lea      eax,[ebp-04] 


0167:004f5091  call     00403d8c 




ǺǣҼעͺĴǲǺˣҲʣô֪ЩCALLʲôģǰ߶˵ȴŵعһ飬һ¸תȻٴŵĿһ¸CALL...ΪЩעҹһ֮дģ飬оͻ˸... 


Щʲô:վ˵ʹ...~~ 


ǺǣҾ˵ϸһЩ: 


ʵܺģ׷˽֮ŵĿһЩCALLһЩоһ֪õע򳤶ʲô...֮ٴͷһ...004f4ff3ᷢעλһȽϣûǷע...Ҳ˵ediװעλ0ûߣһһں˵һ¹Bug004f4ffcǻᷢõעڴַһָһ֪õעеĸַģٺ٣ָϾ¿ɣһ±߶ָص004f4ffc...Ǻǣǻ004f504fĿ꣬ˣǾ֪˴004f4ffc004f504f֮Щָעеÿһַм... 


ǺǣҲ˵004f4ffcʼǵõעеĵNλַȻһϵе㣬ִ֮е004f504eʱǰȵעλȥ1ȻǷΪ0Ϊ0004f4ffcȻעN+1λм㡣˾ٵĿľΪ˿עĸλǷ񶼱ˣΪ0˵ûм꣬Ǻǣܼ򵥵ĵediװעλڼһλͽ1ˣעĸλҲͶμ... 


õģ㷨: 


004f4ff5תעͲ...żSuunb[CCG]õģʱִе004f4ff7ָebxгʼ...1Ȼ004f4ffcʱὫebp-0cװעڴַװeaxУŵ004f4fffڵõעĵһַװalһ£eaxװעڴַӸõַʼ10ڴ浥ԪעS u u n b [ C C G ] Ǻǣeaxװڴַעڴе׵ַһִеʱebxװ1eax+ebx-01õĻע׵ַҲSȵ004f504fתָת֮ǰ004f504dһincָebx1Ļִеʱͻõעеĵ2ַuˣٺ٣֮ǰٸebx1֪԰ebxеֵΪǰμַעеλebx1ǵõעĵһλSebx2ǵõעĵ2λu. 


004f5003һCALLǣǺǣCALLȽϹؼעһҪҪԲѣΪ004f5003һתת֮ǰalвԣٺ٣alCALL֮ǰװǵǰַ...õһCALLͻᷢal޸ģǺǣCALLalһЩĽֱӰ˺沿ֵ̣ԣһҪ...ɳڱ·зأרŵĺλ䶢...  


ǴٸڻҪȸϵ㷨õģҽ˵004f5008al˲֮һתalдʱװֵΪ0004f5031ȥ...ΪCALLַһЩ㣬Ҫalͻᱻ01ʲôģĲжϵǰַǷҪϾ򲻷Ͼ... 


עĵһַSSպͨ004f5003ǸCALLļ  ԾûߣҼF10еִ...004f500c004f500f004f5012ָǰ߶ĵõעNλַָһģ㿴עͺ...004f5016004f5029⼸ָҲûʲôýģмCALLĻԽȥſһ¡òʲôʵԵĶ...004f502cCALLͺҪˣǺǣʲôأǵҸղ˵004f5003ǸCALLɣִйʹal仯תָalֵӦתalΪ0004f5031պþ004f502cCALL...ĵһַSպ÷004f5003ǸCALLҪûߣǾִе׷ȥһ£沢ӣֻǽǰμַװڴ00D3B3C4ǰμַ004f5003ûͨͲִеǺǣ׹˰ɣCALLռעз004f5003ǸCALLҪַ 


HOHOHO~~ģʽЦ...Ѿһ...õģǼ... 


Ǵ004f500a004f5031ģһִеģ֪עвμӵǰһַ004f5003ǸCALLҪִ֪е...ָʲôأǵebxװǲμַעеӦλcmp  ebx,byte +01  ebxȥ1ָ;ҲǿһµǰμַǲעеĵһַǾ 004f5040... ȿ004f5040ִе˴ʱebp-0cװʵעڴַǰ߾Ѿ˵ˣｫװeaxУ004f5043ָ;ǵõעĵһַ...ˣٹջ004f5036ǰμַעеĵһַͲߣִеʱͬebp-0cװעڴַeaxУ004f5039eax,byte [eax+ebx-02]Ǻǣܺ⣬eax+ebx-01õǵǰμַڴַeax+ebx-02õľǵǰμַǰǸַ˽⣿ 


ǽſ004f5046ָɣͬǳҪǼעĺ벿! 


׾˼ˣִеʱeaxװĻעеĵһַǵǰμַǰһַע:ַڴĴASCIIʾģSeaxлʾΪ00000053SASCII53ʮΪ83...ǵһִеʱesiеֵΪ000000000eax*4+a8˼õǰμַASCII4ûa8Ҳʮ168һ·esiӣѾ˵ˣһִеʱesiеֵΪ0...ڶִеʱesiװıעĵһַASCII4ټһ·ĺ... 


Ϊʲô֪Ǽעĺ벿ֵģµ!!ǺǣȻǣǿԿ004f5054ὫǰĽװeaxУ߶žһCALLٺ٣컯֮£Ҳ̫˰ɣ׷ȥſһ¾֪ǽʮƵתΪʮƵ...תĽװedxװڴַCALL֮ǰǻῴedxеֵ004f5051װ룬ebp-1cǺǣCALL֮d ebp-1cһ£ͻῴעĺ벿... 


004f505bע벿װecxУ004f505eʱὫһڴַebp-0cװeaxþһݲãڴCALLлeaxװֵŽ֮004f5061Ὣebp-10װedxУebp-10װʲôأd ebp-10ָһ¾ͻ֪ĵַΪ00D3B3C4ٺ٣𣿲еĻҾ˵һ飬ǵ004f502cǸCALLþռ004f5003ǸCALLҪַ... 


ٺ٣׹ 


ע㷨:ȵõעλǷ00004f5051...õģSuunb[CCG]עʱעλ10Բߣ֮ǻ004f4fffһִеʱὫעĵһַSװalУڶʱὫעеĵڶַuװalУþǽǰμַװalУ֮žһCALLCALLԵǰμַм...ųһתalװǲ0Ǿ004f5031Ƿ0ֵ˵ǰַҪôͻִе004f502cCALLὫڴ00D3B3C4...004f5031һȽϣǿǰμַǲעеĵһַǵĻ004f5040ڴ˽עĵһַװeaxμ004f5046ļ㡣ǰμĲעĵһַôͻִе004f5039ʱõǰμַǰǸַװeax004f5046μ㡣˽⣿Ҳ˵עĵһַμμ㣬һַμӼ㣨뿴ǰμַעеĵһַμӼ㣬ǵڶȡǰߵһһֻμһμ㣬˵ʱȡڶ˵ĸʱȡ...һַʱȡǰߵǸַμ㣬֮ѭͽˣԣһᱻڣȵעеַμӹ㣬ͻ004f5056ｫǰ004f5046ļתΪʮ...ں004f5064ǸCALLǰװ00D3B3C4з004f5003CALLҪַϲһٺ٣עˣ 


Ҳ˵ע²ɵ: 
עез004f5003ǸCALLҪַ+(עеĵһַASCII*4+168)*2+(һλһλַ)*4+168ĺ͵ĺͣ 


Ҳ֪ע˵  ôҪдעһҪ004f5003ǸCALLףĻǲܶעеַɸѡ... 


õģ: 


Ctrl+NTRW2000bpx 004f5003F5˳ȷ㰴F8Ǻǣûʲô˵ˣҸעͰ: 


0167:004f4f60  push     ebp 


0167:004f4f61  mov      ebp,esp 


0167:004f4f63  push     ecx 


0167:004f4f64  push     ebx 


0167:004f4f65  push     esi 


0167:004f4f66  mov      [ebp-01],al                       <--ַװڴebp-01 


0167:004f4f69  mov      byte [ebp-03],02                  <--ebp-03װ02 


0167:004f4f6d  mov      byte [ebp-02],01                  <--ebp-02װ01   


0167:004f4f71  mov      cl,[ebp-01]                       <--μַװcl 


0167:004f4f74  dec      ecx                               <--cl1 


0167:004f4f75  sub      cl,02                             <--clټȥ2   


0167:004f4f78  jc       004f4fa4                          <--нλת㲻õģһ㶼ߵ  


0167:004f4f7a  inc      ecx                               <--ecx1Ҳcl1                                 


0167:004f4f7b  mov      bl,02                             <--blװ02 


0167:004f4f7d  xor      eax,eax                           <--eax㣬eax0 


0167:004f4f7f  mov      al,[ebp-01]                       <--alװμַ 


0167:004f4f82  xor      edx,edx                           <--edx0 


0167:004f4f84  mov      dl,bl                             <--blеֵdl     


0167:004f4f86  mov      esi,edx                           <--ٸesi 


0167:004f4f88  xor      edx,edx                           <--edx0                   


0167:004f4f8a  div      esi                               <--eaxװĲμַASCIIԵǰesiֵ 


0167:004f4f8c  test     edx,edx                           <--edxedxװϸղų 


0167:004f4f8e  jnz      004f4f93                          <--Ϊ0004f4f93 


0167:004f4f90  inc      byte [ebp-03]                     <--ebp-03ֵ1 


0167:004f4f93  cmp      byte [ebp-03],02                  <--ebp-03ֵȥ02 


0167:004f4f97  jna      004f4f9f                          <--ھ004f4f9f 


0167:004f4f99  mov      byte [ebp-02],00                  <--ebp-02װ00 


0167:004f4f9d  jmp      short 004f4fa4                    <--ת004f4fa4   


0167:004f4f9f  inc      ebx                               <--ebx1 


0167:004f4fa0  dec      cl                                <--cl1 


0167:004f4fa2  jnz      004f4f7d                          <--Ϊ0004f4f7dһ 


0167:004f4fa4  mov      al,[ebp-02]                       <--ebp-02ֵװal󷵻         


0167:004f4fa7  pop      esi 


0167:004f4fa8  pop      ebx 


0167:004f4fa9  pop      ecx 


0167:004f4faa  pop      ebp 




֪㿴ףҴŸ˵һ£Ͼ: 


ȵõַASCII룬Ȼȥ2blֵ02...Ȼeaxװļ2ASCIIesiװblеֵ֮ͿedxװǷΪ0Ϊ0ͽebp-03ֵ1Ӧ֪ebp-03ڳʼʱ򱻸ֵΪ2䱻1Ǿʹ2Ļ004f4f97Ͳߣߣ004f4f99ebp-02ͻᱻװ00֮ͻת004f4fa4ͻebp-02ֵҲ00װal׹˰...edxװΪ0ô004f4f8eͻߣ004f4f93ʱebp-03װ02ͻӶ004f4f9fȥִг...004f4f9febxҲblᱻ1clںᱻȥ1clΪ0Ļ004f4f7dһ飬ֱclΪΪֹ... 


Delphiпʾ: 


SװǵǰμַCodeռҪַûд 


N:=Ord(S); 


for i:=2 to N-1 do 


begin 


   modz:=(N-i) mod i; 


   if modz=0 then Break; 


end; 


if modz<>0 then 


Code:=Code+S; 


Ǻǣǰͬ  


ҸдһúõעезҪַ: 


function GetKeyChar(Name: String): String; 


var 


i,ASC,sh,modz:integer; 


Code:String; 


begin 


for i:=1 to Length(Name) do 


   begin 


     ASC:=Ord(Name); 


     for sh:=2 to ASC-1 do 


       begin 


         modz:=(ASC-sh) mod sh; 


         if modz=0 then Break; 


       end; 


     if modz<>0 then 


       Code:=Code+Name; 


   end; 


Result:=Code; 


end; 


: 


var 


S1,S2:String; 


begin 


S1:=Edit1.text;       //Edit1ע; 


S2:=GetKeyChar(S1);    //ʱS2еõıעзҪַ; 


end; 


ٺ٣ǲǺ֪ЩַܷҪ󣿺ٺ٣ʵCHINAZIPԼͿԸǣֻҪעʱеĿַȫϣȻdָһעǰ벿ֲ֣Ϳ֪ˣȻҲԼдһԣDelphiĻֱĺ...ˣеASCIIַУֻ¼Ҫ: 


CGIOSYaegkmq5=%)+;/ 


ŵĻԣȷעеַֻ⼸...ٺ٣ǱȽCCG  


ˣַϻô࣬עɣⲢѣֻҪϺ벿עļOK: 


Delphiºֱʹ: 


function  GetKey(Name: String): String; 


var 


N:String; 


i,sh,ci:integer; 


Si:integer; 


ASC,modz:integer; 


begin 


i:=Length(Name); 


if i=0 then Result:='ע...' 


else 


   begin 


   for sh:=1 to i do 


     begin 


       ASC:=Ord(Name[sh]); 


       for ci:=2 to ASC-1 do 


         begin 


           modz:=(ASC-ci) mod ci; 


           if modz=0 then Break; 


         end; 


       if modz<>0 then N:=N+Name[sh] 


     end; 


   Si:=Ord(Name[1])*4+168; 


   for sh:=1 to i-1 do 


     begin 


       Si:=Si+Ord(Name[sh])*4+168; 


     end; 


   N:=UpperCase(N+inttostr(Si)); 


   Result:=N; 


end; 


end; 


˳˵һ£΢һ£ͻ֣ᷢڸտʼ004f4ff3עλвԣλΪ0ͻһָʱ004f5051΢һ飬ͻᷢͨעλΪ0ͻֱʧܴȴûУ004f5051ʲôأ~~ȻҪõעĺ벿֣ǺǣԵ00D3B3C4ῴһ0ʲôأȻûעôͲעǰ벿֣߱CALLϲǰֵע  һעעΪ0עһ¿...HOHO~~ԾģʽЦĵ߰ԭܼ򵥣ûжעǷΪղʼʱڼע벿ֵinteger˳ʼֵ0Ļ00D3B3C4ڴӦΪֵ..Ѳɵʱ0ע᣿ 


˵Crackһ£ȫԸߵʱһѶ˵׼õѵע....֪ûаñCrackerٺ٣CCCպҲעǰ벿Ŷ~~ϣףע㷨ҴBugͨҲ˵߻ûʲô ^_^ǲӦΪṩעеˣܰ߸㷨ȥBugֺγһأϾӵл֣ģ 




Ҳ֪㽲лѹעǷ񿴶ˣҸΪҽĻǱȽϸˣÿָעں˵ȻĻǱд²ãҪǶ~~!  


ˣһ...ͨ㽲һһֱȽϳע㷽ĽһеַתҲǳ˵^_^ 


ʿ쳵FlashGetģڿѩѾµ1.40&עǰЩʱɶҲں˵Ҫһ2.0downſһ£ǺǣҪģעĹвҲ...hehe~~HMILYϸ翴ɶҲǵһӣҲдעģԲοһ£ٺ٣HMILYżԼˣż...  


ǿʼ... 


һԶɻ룬߶xn2urkeUMwpNv5xZ 


һ£һõOllydbg⣬ĺܺ...ǿʼ: 


ż֪ǷϲOllydbg¶Ϸʽ֪żǲϲôAPIȣֺС˵ˣżϲHmemcpyϣǶϲ2K/XP£żŲҪȥAPIأҪĴβŶϵ۰  ǻʱԱTRW2000һ³ɣMP3ͣһ  bpx hmemcpyȷᱻpmodule󷵻ص0040432fǾʹ￪ʼ  :"Stop!ϴ" ٺ٣MP3ͬʱOllydbg  


Ollydbg룬ڷ봦ϷǸӴУCtrl+G0040432fسǴſоĻ׾ͻῴ˵رˣȽϺãһ¾ҵעĵط ^_^ 


ðɣǰF2¶ϣŰF9гעᴦCHINA Cracking Group SuunbȷᱻOllydbgܿ  : 


0040432F  |. 8D4C24 10      LEA ECX,DWORD PTR SS:[ESP+10] 


00404333  |. 6A 05          PUSH 5 


00404335  |. 51             PUSH ECX 


00404336  |. 68 E8030000    PUSH 3E8 


0040433B  |. 8BCE           MOV ECX,ESI 


0040433D  |. E8 10050000    CALL <JMP.&MFC42.#3092> 


00404342  |. 8BC8           MOV ECX,EAX 


00404344  |. E8 7D060000    CALL <JMP.&MFC42.#3873> 


00404349  |. 8D5424 18      LEA EDX,DWORD PTR SS:[ESP+18] 


0040434D  |. 6A 05          PUSH 5 


0040434F  |. 52             PUSH EDX 


00404350  |. 68 E9030000    PUSH 3E9 


00404355  |. 8BCE           MOV ECX,ESI 


00404357  |. E8 F6040000    CALL <JMP.&MFC42.#3092> 


0040435C  |. 8BC8           MOV ECX,EAX 


0040435E  |. E8 63060000    CALL <JMP.&MFC42.#3873> 



00404363  |. 8D4424 20      LEA EAX,DWORD PTR SS:[ESP+20] 


00404367  |. 6A 05          PUSH 5 


00404369  |. 50             PUSH EAX 


0040436A  |. 68 EA030000    PUSH 3EA 


0040436F  |. 8BCE           MOV ECX,ESI 


00404371  |. E8 DC040000    CALL <JMP.&MFC42.#3092> 


00404376  |. 8BC8           MOV ECX,EAX 


00404378  |. E8 49060000    CALL <JMP.&MFC42.#3873> 


0040437D  |. 8D4C24 28      LEA ECX,DWORD PTR SS:[ESP+28] 


00404381  |. 6A 05          PUSH 5 


00404383  |. 51             PUSH ECX 


00404384  |. 68 EB030000    PUSH 3EB 


00404389  |. 8BCE           MOV ECX,ESI 


0040438B  |. E8 C2040000    CALL <JMP.&MFC42.#3092> 


00404390  |. 8BC8           MOV ECX,EAX 


00404392  |. E8 2F060000    CALL <JMP.&MFC42.#3873> 


00404397  |. 8B7C24 68      MOV EDI,DWORD PTR SS:[ESP+68] 


0040439B  |. 33DB           XOR EBX,EBX 


0040439D  |. 33C9           XOR ECX,ECX 


0040439F  |. 8D04BF         LEA EAX,DWORD PTR DS:[EDI+EDI*4] 


004043A2  |. 8D0480         LEA EAX,DWORD PTR DS:[EAX+EAX*4] 


004043A5  |. 8D3480         LEA ESI,DWORD PTR DS:[EAX+EAX*4]             <--Щ㶼ҪܣΪǰﲻʲôæ  


004043A8  |. C1E6 02        SHL ESI,2                                    <--ִкESIֵΪ5DCʮ1500 


004043AB  |> 0FBE440C 50    /MOVSX EAX,BYTE PTR SS:[ESP+ECX+50]          <--ESP+ECX+50ǻڴеĵַ(״ִеECXΪ0õľǻĵһλڶεʱECX1õǵڶλ...) 


004043B0  |. 03C6           |ADD EAX,ESI                                 <--ESIӣҲǼ1500 


004043B2  |. BD 3E000000    |MOV EBP,3E                                  <--EBP3Eʮ62 


004043B7  |. 99             |CDQ                                         <--չ... 


004043B8  |. F7FD           |IDIV EBP                                    <--EAXװĻĵ1 or 2 or 3 or 4λ1500ĺ62 


004043BA  |. 0FBE440C 54    |MOVSX EAX,BYTE PTR SS:[ESP+ECX+54]          <--ESP+ECX+54õĵ5λ(ǵESP+ECX+50װǵһλ״ִеECXΪ0õľǻĵ5λڶεʱECX1õǵ6λ...) 


004043BF  |. 03C6           |ADD EAX,ESI                                 <--ͬ1500 


004043C1  |. 8A92 E4704000  |MOV DL,BYTE PTR DS:[EDX+4070E4]             <--Ҫĵط!ʱEDXװǰĵ1 or 2 or 3 or 4λ1500ٳ624070E4ʲôأTRW2000Уd 004070E4ͿԿOllydbgУǿ½ǴCtrl+GӦڴַĻͿԿˡǻִᷢ4070E4ʼװһַ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZǺʲô˼4070E4ָ04070E4edxװڴַװıǵǰӦע롣Ϊ5ô4070E40ʼ5ַˣִָйͻӦעװdl 


004043C7  |. 88540C 30      |MOV BYTE PTR SS:[ESP+ECX+30],DL             <--ĵ1 or 2 or 3 or 4ӦעװESP+ECX+30 


004043CB  |. 99             |CDQ                                         <--ǰ߶õĵ5 or 6 or 7 or 8λչ 


004043CC  |. F7FD           |IDIV EBP                                    <--ͬ62 


004043CE  |. 8A82 E4704000  |MOV AL,BYTE PTR DS:[EDX+4070E4]             <--004043C1ͬҶ˵˰ɣǵõǰĶӦע 


004043D4  |. 88440C 38      |MOV BYTE PTR SS:[ESP+ECX+38],AL             <--װESP+ECX+38 


004043D8  |. 0FBE440C 58    |MOVSX EAX,BYTE PTR SS:[ESP+ECX+58]          <--õĵ9 or 10 or 11 or 12λ 


004043DD  |. 03C6           |ADD EAX,ESI                                 <--1500 


004043DF  |. 99             |CDQ                                         <--չ.... 


004043E0  |. F7FD           |IDIV EBP                                    <--62 


004043E2  |. 0FBE440C 5C    |MOVSX EAX,BYTE PTR SS:[ESP+ECX+5C]          <--õĵ13 or 14 or 15 or 16λ 


004043E7  |. 03C6           |ADD EAX,ESI                                 <--1500 


004043E9  |. 8A92 E4704000  |MOV DL,BYTE PTR DS:[EDX+4070E4]             <--ǰߵĵ9 or 10 or 11 or 12λӦע 


004043EF  |. 88540C 40      |MOV BYTE PTR SS:[ESP+ECX+40],DL             <--װESP+ECX+40 


004043F3  |. 99             |CDQ                                         <--չ 


004043F4  |. F7FD           |IDIV EBP                                    <--62 


004043F6  |. 41             |INC ECX                                     <--ECX1 


004043F7  |. 83F9 04        |CMP ECX,4                                   <--ECXǷΪ4ǰ߶һμλһμ15913λڶ261014... 


004043FA  |. 8A82 E4704000  |MOV AL,BYTE PTR DS:[EDX+4070E4]             <--õǰߵĵ13 or 14 or 15 or 16λӦע 


00404400  |. 88440C 47      |MOV BYTE PTR SS:[ESP+ECX+47],AL             <--װESP+ECX+47 


00404404  |.^7C A5          \JL SHORT LIAOCACH.004043AB                  <--ECXС4ʹͷһ飨ֱ16λ붼Ϊֹ 


00404406  |. 8B35 AC524000  MOV ESI,DWORD PTR DS:[<&MSVCRT.atoi>]    ;  MSVCRT.atoi 


0040440C  |. 8D4C24 10      LEA ECX,DWORD PTR SS:[ESP+10] 


00404410  |. 51             PUSH ECX                                 ; /s 


00404411  |. 885C24 38      MOV BYTE PTR SS:[ESP+38],BL              ; | 


00404415  |. 885C24 40      MOV BYTE PTR SS:[ESP+40],BL              ; | 


00404419  |. 885C24 48      MOV BYTE PTR SS:[ESP+48],BL              ; | 


0040441D  |. 885C24 50      MOV BYTE PTR SS:[ESP+50],BL              ; | 


00404421  |. FFD6           CALL ESI                                 ; \atoi 


00404423  |. 83C4 04        ADD ESP,4 


00404426  |. 83F8 01        CMP EAX,1 


00404429  |. 75 3C          JNZ SHORT LIAOCACH.00404467 


0040442B  |. 8D5424 18      LEA EDX,DWORD PTR SS:[ESP+18] 


0040442F  |. 52             PUSH EDX 


00404430  |. FFD6           CALL ESI 


00404432  |. 83C4 04        ADD ESP,4 


00404435  |. 83F8 01        CMP EAX,1 


00404438  |. 75 2D          JNZ SHORT LIAOCACH.00404467 


0040443A  |. 8D4424 20      LEA EAX,DWORD PTR SS:[ESP+20] 


0040443E  |. 50             PUSH EAX 


0040443F  |. FFD6           CALL ESI 


00404441  |. 83C4 04        ADD ESP,4 


00404444  |. 83F8 01        CMP EAX,1 


00404447  |. 75 1E          JNZ SHORT LIAOCACH.00404467 


00404449  |. 8D4C24 28      LEA ECX,DWORD PTR SS:[ESP+28] 


0040444D  |. 51             PUSH ECX 


0040444E  |. FFD6           CALL ESI 


00404450  |. 83C4 04        ADD ESP,4 


00404453  |. 83F8 01        CMP EAX,1 


00404456  |. 75 0F          JNZ SHORT LIAOCACH.00404467 


00404458  |. 5F             POP EDI 


00404459  |. 5E             POP ESI 


0040445A  |. 5D             POP EBP 


0040445B  |. B8 FEFFFFFF    MOV EAX,-2 


00404460  |. 5B             POP EBX 


00404461  |. 83C4 54        ADD ESP,54 


00404464  |. C2 0400        RETN 4 


00404467  |> 8D7424 30      LEA ESI,DWORD PTR SS:[ESP+30]           <--ȷעǰ4λĵַװESIУٺ٣ִеʱǾͿԿȷעǰ4λˣTRW2000 or SoftICEпd ESP+30鿴OllydbgʲôͿϷڴмǸСп  TRW2000¹DָAlt+¼£ͿԿеע(ǲûз̫0063F5E0-0063F5E3ǰ4λ0063F5E8-0063F5EB5-8λ0063F5F0-0063F5F39-12λ0063F5F8-0063F5FB4λעڴַ:0063F5C0-0063F5C3ǰ4λ0063F5C8-0063F5CB5-8λ0063F5D0-0063F5D39-12λ0063F5D8-0063F5DB4λŵĵַ0063F6000-0063F60F) 


0040446B  |. 8D4424 10      LEA EAX,DWORD PTR SS:[ESP+10]           <--עǰ4λĵַװEAX 


0040446F  |> 8A10           /MOV DL,BYTE PTR DS:[EAX]               <--õעĵ1λ3λ(EAXеֵ˺߶2ִеʱõľǵ3λ) 


00404471  |. 8ACA           |MOV CL,DL                              <--cl 


00404473  |. 3A16           |CMP DL,BYTE PTR DS:[ESI]               <--ȷעĵ1λ3λȽ(ESIеֵEAXеֵһı) 


00404475  |. 75 1C          |JNZ SHORT LIAOCACH.00404493            <--Ⱦ 


00404477  |. 3ACB           |CMP CL,BL                              <--CLBLȽϣBLеֵΪ00000000(Ҳǿ)ָʲô?ʵܼˣÿ4λעĺ涼ٸһֵҲڴпԿ1234.Ǹ.ǿֵ׹˰ɣȵǰ4λԹˣclоͻװ.Ҳ00000000ʱͿں  


00404479  |. 74 14          |JE SHORT LIAOCACH.0040448F             <--CLеֵΪ(4λѾȫȽϹ) 


0040447B  |. 8A50 01        |MOV DL,BYTE PTR DS:[EAX+1]             <--EAX+1õĻעĵ2λߵ4λ(EAXֵ) 


0040447E  |. 8ACA           |MOV CL,DL                              <--CL 


00404480  |. 3A56 01        |CMP DL,BYTE PTR DS:[ESI+1]             <--ȷעĵ2λ4λȽ(ESIֵEAXһı) 


00404483  |. 75 0E          |JNZ SHORT LIAOCACH.00404493            <--Ⱦ 


00404485  |. 83C0 02        |ADD EAX,2                              <--EAX2Ļ0040446Fʱٵõľעĵ3λ 


00404488  |. 83C6 02        |ADD ESI,2                              <--ͬϣESI20040446Fһʱͻõȷעĵ3λ 


0040448B  |. 3ACB           |CMP CL,BL                              <--ٴαȽCLǷΪ 


0040448D  |.^75 E0          \JNZ SHORT LIAOCACH.0040446F            <--Ϊվ0040446FȽǰ4λе13λ 


0040448F  |> 33C0           XOR EAX,EAX                             <--1-4λȫȽ 


00404491  |. EB 05          JMP SHORT LIAOCACH.00404498 


00404493  |> 1BC0           SBB EAX,EAX 


00404495  |. 83D8 FF        SBB EAX,-1 


00404498  |> 3BC3           CMP EAX,EBX 


0040449A  |. 0F85 AB000000  JNZ LIAOCACH.0040454B 


004044A0  |. 8D7424 38      LEA ESI,DWORD PTR SS:[ESP+38]           <--Ĵͬȷע5-8λڴַװESI 


004044A4  |. 8D4424 18      LEA EAX,DWORD PTR SS:[ESP+18]           <--ע5-8λڴַװEAX 


004044A8  |> 8A10           /MOV DL,BYTE PTR DS:[EAX]               <--õעĵ5 or 7λ(һѾ) 


004044AA  |. 8ACA           |MOV CL,DL                              <--װCL 


004044AC  |. 3A16           |CMP DL,BYTE PTR DS:[ESI]               <--ȷעĵ5 or 7λȽ 


004044AE  |. 75 1C          |JNZ SHORT LIAOCACH.004044CC            <--Ⱦ 


004044B0  |. 3ACB           |CMP CL,BL                              <--BLе00000000Ƚϣ5-8λǷѾȫȽ 


004044B2  |. 74 14          |JE SHORT LIAOCACH.004044C8             <--ǵĻ 


004044B4  |. 8A50 01        |MOV DL,BYTE PTR DS:[EAX+1]             <--õעĵ6 or 8λ   


004044B7  |. 8ACA           |MOV CL,DL                              <--װCL 


004044B9  |. 3A56 01        |CMP DL,BYTE PTR DS:[ESI+1]             <--ȷעĵ6 or 8λȽ 


004044BC  |. 75 0E          |JNZ SHORT LIAOCACH.004044CC            <--ȷ 


004044BE  |. 83C0 02        |ADD EAX,2                              <--EAX2ĿѾ֪˰  


004044C1  |. 83C6 02        |ADD ESI,2                              <--ESIҲ2 


004044C4  |. 3ACB           |CMP CL,BL                              <--ȽCLǷΪ 


004044C6  |.^75 E0          \JNZ SHORT LIAOCACH.004044A8            <--Ǿȥһ 


004044C8  |> 33C0           XOR EAX,EAX                             <--5-8λȫȽȫ 


004044CA  |. EB 05          JMP SHORT LIAOCACH.004044D1 


004044CC  |> 1BC0           SBB EAX,EAX 


004044CE  |. 83D8 FF        SBB EAX,-1 


004044D1  |> 3BC3           CMP EAX,EBX 


004044D3  |. 75 76          JNZ SHORT LIAOCACH.0040454B 


004044D5  |. 8D7424 40      LEA ESI,DWORD PTR SS:[ESP+40]           <--ȷע9-12λڴַװESI 


004044D9  |. 8D4424 20      LEA EAX,DWORD PTR SS:[ESP+20]           <-- 


004044DD  |> 8A10           /MOV DL,BYTE PTR DS:[EAX]               <--õעĵ9 or 11λ 


004044DF  |. 8ACA           |MOV CL,DL                              <--װCL 


004044E1  |. 3A16           |CMP DL,BYTE PTR DS:[ESI]               <--ȷעĵ9 or 11λȽ 


004044E3  |. 75 1C          |JNZ SHORT LIAOCACH.00404501            <--Ա 


004044E5  |. 3ACB           |CMP CL,BL                              <--CLǷΪգ9-12λǷȫȽ 


004044E7  |. 74 14          |JE SHORT LIAOCACH.004044FD             <--ǵĻ 


004044E9  |. 8A50 01        |MOV DL,BYTE PTR DS:[EAX+1]             <--õעĵ10 or 12λ 


004044EC  |. 8ACA           |MOV CL,DL                              <--װCL 


004044EE  |. 3A56 01        |CMP DL,BYTE PTR DS:[ESI+1]             <--ȷעĵ10 or 12λȽ 


004044F1  |. 75 0E          |JNZ SHORT LIAOCACH.00404501            <--Ⱦ 


004044F3  |. 83C0 02        |ADD EAX,2                              <--EAX2 


004044F6  |. 83C6 02        |ADD ESI,2                              <--ESI2 


004044F9  |. 3ACB           |CMP CL,BL                              <--ǷȫȽ 


004044FB  |.^75 E0          \JNZ SHORT LIAOCACH.004044DD            <--ûоȥһ 


004044FD  |> 33C0           XOR EAX,EAX                             <--9-12λȫȽϺ 


004044FF  |. EB 05          JMP SHORT LIAOCACH.00404506 


00404501  |> 1BC0           SBB EAX,EAX 


00404503  |. 83D8 FF        SBB EAX,-1 


00404506  |> 3BC3           CMP EAX,EBX 


00404508  |. 75 41          JNZ SHORT LIAOCACH.0040454B 


0040450A  |. 8D7424 48      LEA ESI,DWORD PTR SS:[ESP+48]           <--ٺ٣ˣһ˰ɣҰһԼɣﵽ00404530Ҳµĳ  (:㣡) 


0040450E  |. 8D4424 28      LEA EAX,DWORD PTR SS:[ESP+28] 


00404512  |> 8A10           /MOV DL,BYTE PTR DS:[EAX] 


00404514  |. 8ACA           |MOV CL,DL 


00404516  |. 3A16           |CMP DL,BYTE PTR DS:[ESI] 


00404518  |. 75 1C          |JNZ SHORT LIAOCACH.00404536 


0040451A  |. 3ACB           |CMP CL,BL 


0040451C  |. 74 14          |JE SHORT LIAOCACH.00404532 


0040451E  |. 8A50 01        |MOV DL,BYTE PTR DS:[EAX+1] 


00404521  |. 8ACA           |MOV CL,DL 


00404523  |. 3A56 01        |CMP DL,BYTE PTR DS:[ESI+1] 


00404526  |. 75 0E          |JNZ SHORT LIAOCACH.00404536 


00404528  |. 83C0 02        |ADD EAX,2 


0040452B  |. 83C6 02        |ADD ESI,2 


0040452E  |. 3ACB           |CMP CL,BL 


00404530  |.^75 E0          \JNZ SHORT LIAOCACH.00404512 


00404532  |> 33C0           XOR EAX,EAX                            <--ȫͨ 


00404534  |. EB 05          JMP SHORT LIAOCACH.0040453B 


00404536  |> 1BC0           SBB EAX,EAX 


00404538  |. 83D8 FF        SBB EAX,-1 


0040453B  |> 3BC3           CMP EAX,EBX 


0040453D  |. 75 0C          JNZ SHORT LIAOCACH.0040454B 


0040453F  |. 8BC7           MOV EAX,EDI 


00404541  |. 5F             POP EDI 


00404542  |. 5E             POP ESI 


00404543  |. 5D             POP EBP 


00404544  |. 5B             POP EBX 


00404545  |. 83C4 54        ADD ESP,54 


00404548  |. C2 0400        RETN 4 




ҵעдĻ ^_^ٴŸ㽲һ: 


עģеĸַASCII150062жӦַӦע롣 


˵ĻΪxn2urkeUMwpNv5xZxASCIIΪ78(ʮ120) 78+5DCֵΪ654(1620) 16203E(62)268õģǴӡ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZĿʼ8£ͻᵽ8ַٺ٣xӦע롣 


õģҸDelphiע(ԽдΪʽ): 


function KeyGen(Name: String): String; 


var 


S:String[16]; 


P:String; 


Key:String; 


i,N,Z:integer; 


begin 


P:='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; 


if Length(Name)<16 then 


   Result:='Ϊ16λ...' 


else 


   begin 


     S:=Name; 


     for i:=1 to 16 do 


       begin 


         N:=Ord(S); 


         N:=N+1500; 


         Z:= N mod 62; 


         Z:=Z+1; 


         Key:=Key+P[Z]; 


       end; 


     Result:=Key; 


   end; 


end; 




Ǻǣһ¾һˣҲд.... Kiss~~  


<> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

д 


ƪ̵̳ĿǰȫдˣǺǣҲ֪Ƿа...͸Ӱ꣬żڴ˻Ҫлһµ  ٺ٣лzmwormϸ磬ûǿƪлN  


дƪ̵̳Ŀģ˸ЩѧCrackֽһ´ŵķ⣬һĿľ:CrackһҲ.....ֻҪģõĽһгΪһ..... 


Ҳ֪Ƿ񿴶ƪ̳̣ûôҲҪʧȥģԭ򣬳Ϊˮƽ⣬һССССΪĻ֪ʶûдãȻһЩʱЩ֪ʶٹѧCrack...ղſѩϸظһλѵ: 


ѧģ˻ࡢһűԣȻõWin32̣ 


һЩʲôûУѧϰӽܣտʼܻãһ̶߲˵ġʱòعͷѧϰࡢ̣˷ʱ; 


ܼչܿģǰһתܱơȽϵʱҪȥˡѧ͵ʵĻ 


˽⣿ 


֮ܶԶ֮һ仰֪ʶ--------һҪ......Ļûܰ㣡 


ǰں˿ʨҳдһλ: 


һ,QQϹ,ͻȻյһϢ 


(2002-12-03 23:16:04) ޵С 


Ҵ׹ҳ. 


и,ǿҲ. 


ܽ? 


ǺǣԣЩHackѧ...... 


ѧ˼ҳHackingɨãȥHacking׹ҳͺñþiPBCrackMeһ.... 


ڸɳ̨! 


<ȫ>

