About registering the application of Flag in Cracking

As we all know, many shared software currently use global variables, as a sign of software registration or not, which is embodied in a memory address in the Assembly and saved to 1 or 0, often, 1 indicates that it has been registered, and 0 indicates the sharing status. In computer terminology, this memory address is called a FLAG. When the program is running, the initialization value is 0. Read the windoz registry or *. if the registration information in the INI file has been registered, the flag value will change to 1. Otherwise, it will remain 0. Other parts of the program can access this flag to maintain the software sharing status. In general, we only pay close attention to some jumps. crack is sometimes hard to work! If you are familiar with Flag registration, cracking software can sometimes get twice the result! Next I will take an education and teaching software as an example to illustrate the application of this method. If you have any mistakes, please correct them!
Tool: Wdasm 8.93 enhanced version: note [it can directly find Chinese characters, to prevent all kinds of static decompilation software can also be decompiled, if not, you can: http://personal.dfminfo.com.cn /~ Download from kuangren] Hacker view can be used in many versions!
Object: Golden Dragon Optical Physics Laboratory v1.01 can be downloaded to: http://luckteacher.yeah.net physical software!
Software Protection: when the program is not registered, the registration information is displayed when the program starts. When sharing, there are functional limitations. There cannot be more than one storage device, and the program is not compressed! When the program is running, the s_data.obj file is generated in the current directory to store registration information. After successful registration, registration information is stored in this file. When started, read this information, displayed on the form "belongs to xxx ". if you delete this file, it is not registered after it is started! Shared status!
Start: Execute the Simulation Physics cmd.exe, jump out of NAGS, request registration, etc. Enter registration at will. The dialog box is "registration failed ". Close the program and check whether it is shelled! Great! (-_-) Use Wdasm enhanced version for decompilation and find "registration failed" immediately. Note [it may be garbled. You can start Richwin or similar software to see Chinese characters, but this does not affect after all] The Code is as follows: [There are two parts in total]
: 004370B1 8D45FC lea eax, dword ptr [ebp-04]
: 004370B4 E86342FDFF call 0040B31C
: 004370B9 50 push eax
: 004370BA 8D95A8F7FFFF lea edx, dword ptr [ebp + FFFFF7A8]
: 004370C0 52 push edx
: 004370C1 E8CEF10600 call 004A6294
: 004370C6 83C408 add esp, 00000008
: 004370C9 33C9 xor ecx, ecx
: 004370CB 894D8C mov dword ptr [ebp-74], ecx
: 004370CE 894D90 mov dword ptr [ebp-70], ecx
: 004370D1 33C0 xor eax, eax
: 004370D3 894588 mov dword ptr [ebp-78], eax

* Referenced by a (U) nconditional or (C) onditional Jump at Address:
|: 0043714E (C)
|
: 004370D6 8B5588 mov edx, dword ptr [ebp-78]
: 004370D9 80BC15A8F7FFFF00 cmp byte ptr [ebp + edx-00000858], 00
: 004370E1 90 nop
: 004370E2 90 nop
: 004370E3 8B4D88 mov ecx, dword ptr [ebp-78]
: 004370E6 0FBE840DA8F7FFFF movsx eax, byte ptr [ebp + ecx-00000858]
: 004370EE 8985A4F7FFFF mov dword ptr [ebp + FFFFF7A4], eax
: 004370F4 DB85A4F7FFFF fild dword ptr [ebp + FFFFF7A4]
: 004370FA 83C4F8 add esp, FFFFFFF8
: 004370FD DD1C24 fstp qword ptr [esp]
: 00437100 E88F3A0700 call 004AAB94
: 00437105 83C408 add esp, 00000008
: 00437108 DB2D64744300 using tbyte ptr [00437464]
: 0043710E DEC9 fmulp st (1), st (0)
: 00437110 83C4F8 add esp, FFFFFFF8
: 00437113 DD1C24 fstp qword ptr [esp]
: 00437116 E895510700 call 004AC2B0
: 0043711B 83C408 add esp, 00000008
: 0043711E D80D70744300 fmul dword ptr [1, 00437470
: 00437124 DC0574744300 fadd qword ptr [00437474]
: 0043712A 83C4F8 add esp, FFFFFFF8
: 0043712D DD1C24 fstp qword ptr [esp]
: 00437130 E82F380700 call 004AA964
: 00437135 83C408 add esp, 00000008
: 00437138 D80D7C744300 fmul dword ptr [0043747C]
: 0043713E DC458C fadd qword ptr [ebp-74]
: 00437141 DD5D8C fstp qword ptr [ebp-74]
: 00437144 FF4588 inc [ebp-78]
: 00437147 817D88D0070000 cmp dword ptr [ebp-78], 000007D0
: 0043714E 7C86 jl 004370D6