某商业软件USB加密狗破解精华

为了保证商业软件的利益，只列出核心部分的加密狗破解方法，抛砖引玉。

0041EE20    64:A1 00000000  mov     eax, dword ptr fs:[0]
0041EE26    6A FF           push    -0x1
0041EE28    68 38014800     push    00480138
0041EE2D    50              push    eax
0041EE2E    64:8925 0000000>mov     dword ptr fs:[0], esp
0041EE35    83EC 10         sub     esp, 0x10
0041EE38    E8 A25FFEFF     call    00404DDF
0041EE3D    85C0            test    eax, eax
0041EE3F    0F85 A1000000   jnz     0041EEE6
0041EE45    8D4424 04       lea     eax, dword ptr [esp+0x4]
0041EE49    C605 3C834A00 0>mov     byte ptr [0x4A833C], 0x0
0041EE50    A3 38834A00     mov     dword ptr [0x4A8338], eax
0041EE55    66:C705 4E834A0>mov     word ptr [0x4A834E], 0x4
0041EE5E    66:C705 4C834A0>mov     word ptr [0x4A834C], 0x0
0041EE67    E8 8C5FFEFF     call    00404DF8     //读狗
0041EE6C    85C0            test    eax, eax              //判断加密狗是否存在
0041EE6E    74 76           je      short 0041EEE6  //存在就跳转，不存在就 往下执行
 0041EE70    56              push    esi
0041EE71    68 B84B4A00     push    004A4BB8                         ; sys.inipathsetting192.168.0.2%d.%d.%d.%d0.0.0.0arkcg-hdplay
0041EE76    6A 00           push    0x0
0041EE78    68 A84B4A00     push    004A4BA8                         ; capturetimes
0041EE7D    68 303F4A00     push    004A3F30                         ; capturetime
0041EE82    FF15 E0A14800   call    dword ptr [<&KERNEL32.GetPrivate>; kernel32.GetPrivateProfileIntA
0041EE88    8D4C24 04       lea     ecx, dword ptr [esp+0x4]
0041EE8C    8BF0            mov     esi, eax
0041EE8E    E8 EFC50500     call    <jmp.&MFC42.#CString::CString_54>
0041EE93    B9 01000000     mov     ecx, 0x1
0041EE98    8D5424 04       lea     edx, dword ptr [esp+0x4]
0041EE9C    2BCE            sub     ecx, esi
0041EE9E    C74424 1C 00000>mov     dword ptr [esp+0x1C], 0x0
0041EEA6    51              push    ecx
0041EEA7    68 2C394A00     push    004A392C                         ; %d
0041EEAC    52              push    edx
0041EEAD    E8 4EC60500     call    <jmp.&MFC42.#CString::Format_281>
0041EEB2    8B4424 10       mov     eax, dword ptr [esp+0x10]
0041EEB6    83C4 0C         add     esp, 0xC
0041EEB9    68 B84B4A00     push    004A4BB8                         ; sys.inipathsetting192.168.0.2%d.%d.%d.%d0.0.0.0arkcg-hdplay
0041EEBE    50              push    eax
0041EEBF    68 A84B4A00     push    004A4BA8                         ; capturetimes
0041EEC4    68 303F4A00     push    004A3F30                         ; capturetime
0041EEC9    FF15 C8A14800   call    dword ptr [<&KERNEL32.WritePriva>; kernel32.WritePrivateProfileStringA
0041EECF    6A 00           push    0x0
0041EED1    6A 00           push    0x0
0041EED3    68 9C4C4A00     push    004A4C9C                         ; //提示加密狗没有插好，请重新插入
0041EED8    E8 2BC70500     call    <jmp.&MFC42.#AfxMessageBox_1200>
0041EEDD    6A 00           push    0x0
0041EEDF    FF15 A4AB4800   call    dword ptr [<&MSVCRT.exit>]       ; msvcrt.exit //退出程序
0041EEE5    5E              pop     esi
0041EEE6    8B4C24 10       mov     ecx, dword ptr [esp+0x10]
0041EEEA    64:890D 0000000>mov     dword ptr fs:[0], ecx
0041EEF1    83C4 1C         add     esp, 0x1C
0041EEF4    C3              retn