00481646 . /0F87 D8030000 JA 11.00481A24
断下来了 ,这个破解是我那单文件完美版本
0044B51D > \8B4C24 74 MOV ECX,DWORD PTR SS:[ESP+0x74]这地方下面弹出假注册退出
00457560 /E9 6F020000 JMP 11.004577D4 ; 改这个地方
00457565 |90 NOP
00457566 . |0F84 37020000 JE 11.004577A3
0045756C . |8D87 63EBFFFF LEA EAX,DWORD PTR DS:[EDI-0x149D]
00457572 . |83F8 07 CMP EAX,0x7
00457575 . |0F87 61020000 JA 11.004577DC
0045757B . |FF2485 607A45>JMP DWORD PTR DS:[EAX*4+0x457A60]
00457582 > |8B15 BC226D00 MOV EDX,DWORD PTR DS:[0x6D22BC] ; Case 14A0 of switch 00451C88
00457588 . |8D45 D0 LEA EAX,DWORD PTR SS:[EBP-0x30]
0045758B . |8D8D 5CFFFFFF LEA ECX,DWORD PTR SS:[EBP-0xA4]
00457591 . |50 PUSH EAX ; /pBufSize
00457592 . |51 PUSH ECX ; |Buffer
00457593 . |56 PUSH ESI ; |pValueType
00457594 . |56 PUSH ESI ; |Reserved
00457595 . |68 106F6A00 PUSH 11.006A6F10 ; |ValueName = "bVP9Ch"
0045759A . |52 PUSH EDX ; |hKey => 0xF8
0045759B . |C745 D0 04000>MOV DWORD PTR SS:[EBP-0x30],0x4 ; |
004575A2 . |FF15 04306100 CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa>; \RegQueryValueExA
004575A8 . |85C0 TEST EAX,EAX
004575AA .^|0F84 F4B4FFFF JE 11.00452AA4
004575B0 . |8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC]
004575B3 . |50 PUSH EAX
004575B4 . |56 PUSH ESI
004575B5 . |E8 761C0200 CALL 11.00479230
004575BA . |83C4 08 ADD ESP,0x8
004575BD .^|E9 E2B4FFFF JMP 11.00452AA4
004575C2 > |8D4D 0C LEA ECX,DWORD PTR SS:[EBP+0xC] ; Case 14A1 of switch 00451C88
004575C5 . |51 PUSH ECX
004575C6 . |E8 8F621800 CALL 11.005DD85A
004575CB . |56 PUSH ESI
004575CC . |8D4D 0C LEA ECX,DWORD PTR SS:[EBP+0xC]
004575CF . |E8 99621800 CALL 11.005DD86D
004575D4 . |8B78 14 MOV EDI,DWORD PTR DS:[EAX+0x14]
004575D7 . |56 PUSH ESI
004575D8 . |8D4D 0C LEA ECX,DWORD PTR SS:[EBP+0xC]
004575DB . |81C7 6C070000 ADD EDI,0x76C
004575E1 . |E8 87621800 CALL 11.005DD86D
004575E6 . |8B40 10 MOV EAX,DWORD PTR DS:[EAX+0x10]
004575E9 . |8D147F LEA EDX,DWORD PTR DS:[EDI+EDI*2]
004575EC . |40 INC EAX
004575ED . |8D8490 EFA6FF>LEA EAX,DWORD PTR DS:[EAX+EDX*4-0x5911]
004575F4 . |3D 67050000 CMP EAX,0x567
004575F9 .^|0F8E A5B4FFFF JLE 11.00452AA4
004575FF . |56 PUSH ESI
00457600 . |8D4D 0C LEA ECX,DWORD PTR SS:[EBP+0xC]
00457603 . |E8 65621800 CALL 11.005DD86D
00457608 . |8B40 0C MOV EAX,DWORD PTR DS:[EAX+0xC]
0045760B . |8B8B 9C140000 MOV ECX,DWORD PTR DS:[EBX+0x149C]
00457611 . |3BC1 CMP EAX,ECX
00457613 .^|0F84 8BB4FFFF JE 11.00452AA4
00457619 . |56 PUSH ESI
0045761A . |8D4D 0C LEA ECX,DWORD PTR SS:[EBP+0xC]
0045761D . |E8 4B621800 CALL 11.005DD86D
00457622 . |8B40 0C MOV EAX,DWORD PTR DS:[EAX+0xC]
00457625 . |8983 9C140000 MOV DWORD PTR DS:[EBX+0x149C],EAX
0045762B > |8BCB MOV ECX,EBX ; Case 14A4 of switch 00451C88
0045762D . |E8 0EE30100 CALL 11.00475940
00457632 .^|E9 6DB4FFFF JMP 11.00452AA4
00457637 > |8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] ; Case 14A2 of switch 00451C88
0045763A . |56 PUSH ESI
0045763B . |56 PUSH ESI
0045763C . |56 PUSH ESI
0045763D . |56 PUSH ESI
0045763E . |51 PUSH ECX
0045763F . |68 60A64400 PUSH 11.0044A660 ; 这里 赋值 就死(前往假注册码==》)
================================================
0045198A 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] ; 改这里 就是注册版MOV EAX,DWORD PTR FS:[0] ;
改这里 就是注册版
00451990 . 50 PUSH EAX
00451991 . 64:8925 00000>MOV DWORD PTR FS:[0],ESP
00451998 . 51 PUSH ECX
00451999 . B8 48430000 MOV EAX,0x4348
0045199E . E8 9D681700 CALL 11.005C8240
004519A3 . 53 PUSH EBX
004519A4 . 56 PUSH ESI
004519A5 . 57 PUSH EDI
004519A6 . 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8]
004519A9 . 8BD9 MOV EBX,ECX
004519AB . 33F6 XOR ESI,ESI
004519AD . 83FF 03 CMP EDI,0x3
004519B0 . 8965 F0 MOV DWORD PTR SS:[EBP-0x10],ESP
004519B3 . 899D 64FFFFFF MOV DWORD PTR SS:[EBP-0x9C],EBX
004519B9 . 8975 D8 MOV DWORD PTR SS:[EBP-0x28],ESI
004519BC . 8975 FC MOV DWORD PTR SS:[EBP-0x4],ESI
004519BF . 0F82 DF100000 JB 11.00452AA4 ; 一路前往 死亡之跳
004519C5 . 81FF 49800000 CMP EDI,0x8049
004519CB 0F82 64010000 JB 11.00451B35 ; 一路前往 死亡之跳