破解博彩神助(专注彩票) V2.8.01

-----------------------------------------------------------------------  

破解作者：我要[dfcg]  
破解工具：Wdsm32 v.10增强版  
           keymake v1.73  

一、用Wdsm32 v.10增强版打开Bpuzzle.exe，查找字符串"您已经注册！"，双击来到这里：  

* Possible StringData Ref from Code Obj ->"您已经注册！"  
                                   |  
:0054D6B0 BAF0D65400 mov edx, 0054D6F0  

二、由这行向上找到它的关键处，见到的汇编内容如下：  

:0054D644 E88F77F8FF call 004D4DD8 → 重点！按F8进入！  
:0054D649 84C0 test al, al  
:0054D64B 7574 jne 0054D6C1  
:0054D64D 8D45FC lea eax, dword ptr [ebp-04]  
:0054D650 E86B78F8FF call 004D4EC0  
:0054D655 8B0D205B5500 mov ecx, dword ptr [00555B20]  
:0054D65B 8B09 mov ecx, dword ptr [ecx]  
:0054D65D B201 mov dl, 01  

* Possible StringData Ref from Code Obj ->"D藽"  
                                   |  
:0054D65F A16C5D4D00 mov eax, dword ptr [004D5D6C]  
:0054D664 E87B01F0FF call 0044D7E4  
:0054D669 8B1500575500 mov edx, dword ptr [00555700]  
:0054D66F 8902 mov dword ptr [edx], eax  
:0054D671 A100575500 mov eax, dword ptr [00555700]  
:0054D676 8B00 mov eax, dword ptr [eax]  
:0054D678 8B80F4020000 mov eax, dword ptr [eax+000002F4]  
:0054D67E 8B55FC mov edx, dword ptr [ebp-04]  
:0054D681 E88687EEFF call 00435E0C  
:0054D686 A100575500 mov eax, dword ptr [00555700]  
:0054D68B 8B00 mov eax, dword ptr [eax]  
:0054D68D 8B10 mov edx, dword ptr [eax]  
:0054D68F FF92D8000000 call dword ptr [edx+000000D8]  
:0054D695 A100575500 mov eax, dword ptr [00555700]  
:0054D69A 8B00 mov eax, dword ptr [eax]  
:0054D69C 8B8040030000 mov eax, dword ptr [eax+00000340]  
:0054D6A2 A3DC405A00 mov dword ptr [005A40DC], eax  
:0054D6A7 EB18 jmp 0054D6C1  

* Referenced by a (U)nconditional or (C)onditional Jump at Address:  
|:0054D642(C)  
|  
:0054D6A9 6A00 push 00000000  

* Possible StringData Ref from Code Obj ->"言成提示"  
                                   |  
:0054D6AB B9E4D65400 mov ecx, 0054D6E4  

* Possible StringData Ref from Code Obj ->"您已经注册！"  

三、在0054D644按F8进入后，来到这里：  

* Referenced by a CALL at Addresses:  
|:0054D644 , :0054DC66  
|  
:004D4DD8 55 push ebp  
:004D4DD9 8BEC mov ebp, esp  
:004D4DDB 33C9 xor ecx, ecx  
:004D4DDD 51 push ecx  
:004D4DDE 51 push ecx  
:004D4DDF 51 push ecx  
:004D4DE0 51 push ecx  
:004D4DE1 53 push ebx  
:004D4DE2 33C0 xor eax, eax  
:004D4DE4 55 push ebp  
:004D4DE5 68634E4D00 push 004D4E63  
:004D4DEA 64FF30 push dword ptr fs:[eax]  
:004D4DED 648920 mov dword ptr fs:[eax], esp  
:004D4DF0 8D55F4 lea edx, dword ptr [ebp-0C]  

* Possible StringData Ref from Code Obj ->"c:\"  
                                   |  
:004D4DF3 B87C4E4D00 mov eax, 004D4E7C  
:004D4DF8 E84BFCFFFF call 004D4A48  
:004D4DFD 8D45F0 lea eax, dword ptr [ebp-10]  
:004D4E00 8B55F4 mov edx, dword ptr [ebp-0C]  
:004D4E03 E8C4F2F2FF call 004040CC  
:004D4E08 8B45F0 mov eax, dword ptr [ebp-10]  
:004D4E0B 8D55FC lea edx, dword ptr [ebp-04]  
:004D4E0E E8FDFDFFFF call 004D4C10  
:004D4E13 8D4DF8 lea ecx, dword ptr [ebp-08]  

* Possible StringData Ref from Code Obj ->"VCertify"  
                                   |  
:004D4E16 BA884E4D00 mov edx, 004D4E88  

* Possible StringData Ref from Code Obj ->"\Software\Mteam\Windows\Certify\LT\"  
                                   |  
:004D4E1B B89C4E4D00 mov eax, 004D4E9C  
:004D4E20 E8ABFEFFFF call 004D4CD0  
:004D4E25 8B45FC mov eax, dword ptr [ebp-04]  
:004D4E28 8B55F8 mov edx, dword ptr [ebp-08]  
:004D4E2B E8E4F3F2FF call 00404214 → D EAX见真注册码！  
:004D4E30 7504 jne 004D4E36  
:004D4E32 B301 mov bl, 01  
:004D4E34 EB02 jmp 004D4E38  

* Referenced by a (U)nconditional or (C)onditional Jump at Address:  

四、现在我来教你用Wdsm32 v.10这个工具去反编它。在工具栏找到调试 → 加载进程 → 点击“加载”  

五、在最上面的窗口找到跳转 → 点选到代码位置 → 在打开小窗口的代码偏移框内输入：0054D644，再点快捷工具栏的“Call”键，这就等于是在TRW的按F8，进入此CALL后，向下找到004D4E2B，看下一步。  

六、光标点一下绿色的那行，然后按一下F2下断点，再按F9启动软件，现在你看着中间的小窗口，点一下“eax”看看，呵呵！太阳出来了！！！  

七、整理一下：  

　产品序列号：MBX124-TAB3321396411-YC2002  
　输入激活码：42047396448360  

八、用Keymake1.73版本做它的注册机：  

一、选择F8 → 另类注册机！  
  1、程序名称：LotMgr.exe  
  2、添加数据：  

  　　中断地址：4D4E2B  
      中断次数：1  
      第一字节：E8  
      指令长度：5　　  
  二、选择内存方式：寄存器 → EAX → 点生成就有你乐的了！  

九、收工了！大家试试吧！！！  


                                  我要[dfcg]