|
论坛贵宾
|
XX复制专家算法分析
【文章标题】: XX复制专家算法分析
【文章作者】: 小子贼野
【作者主页】: http://mayday.unpack.cn
【作者QQ号】: 你猜
【下载地址】: 自己搜索下载
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
004AE87C . 55 push ebp
004AE87D . 68 B4EE4A00 push 004AEEB4
004AE882 . 64:FF30 push dword ptr fs:[eax]
004AE885 . 64:8920 mov dword ptr fs:[eax], esp
004AE888 . 8D55 C4 lea edx, dword ptr [ebp-3C]
004AE88B . 8B45 F8 mov eax, dword ptr [ebp-8]
004AE88E . 8B80 DC030000 mov eax, dword ptr [eax+3DC]
004AE894 . E8 D7C9F9FF call 0044B270
004AE899 . 837D C4 00 cmp dword ptr [ebp-3C], 0
004AE89D . 0F84 D6050000 je 004AEE79 ; 1
004AE8A3 . 8D55 C0 lea edx, dword ptr [ebp-40]
004AE8A6 . 8B45 F8 mov eax, dword ptr [ebp-8]
004AE8A9 . 8B80 E0030000 mov eax, dword ptr [eax+3E0]
004AE8AF . E8 BCC9F9FF call 0044B270
004AE8B4 . 837D C0 00 cmp dword ptr [ebp-40], 0
004AE8B8 . 0F84 BB050000 je 004AEE79 ; 2
004AE8BE . 8D55 BC lea edx, dword ptr [ebp-44]
004AE8C1 . 8B45 F8 mov eax, dword ptr [ebp-8]
004AE8C4 . 8B80 E4030000 mov eax, dword ptr [eax+3E4]
004AE8CA . E8 A1C9F9FF call 0044B270
004AE8CF . 837D BC 00 cmp dword ptr [ebp-44], 0
004AE8D3 . 0F84 A0050000 je 004AEE79 ; 3
004AE8D9 . 8D55 B8 lea edx, dword ptr [ebp-48]
004AE8DC . 8B45 F8 mov eax, dword ptr [ebp-8]
004AE8DF . 8B80 E8030000 mov eax, dword ptr [eax+3E8]
004AE8E5 . E8 86C9F9FF call 0044B270
004AE8EA . 837D B8 00 cmp dword ptr [ebp-48], 0
004AE8EE . 0F84 85050000 je 004AEE79 ; 4
004AE8F4 . 8D55 B4 lea edx, dword ptr [ebp-4C]
004AE8F7 . 8B45 F8 mov eax, dword ptr [ebp-8]
004AE8FA . 8B80 EC030000 mov eax, dword ptr [eax+3EC]
004AE900 . E8 6BC9F9FF call 0044B270
004AE905 . 837D B4 00 cmp dword ptr [ebp-4C], 0
004AE909 . 0F84 6A050000 je 004AEE79 ; 5
004AE90F . 8D55 B0 lea edx, dword ptr [ebp-50] ; 以上的1~5就是说注册的那5个框不能是空的,要填喔
004AE912 . 8B45 F8 mov eax, dword ptr [ebp-8]
004AE915 . 8B80 DC030000 mov eax, dword ptr [eax+3DC]
004AE91B . E8 50C9F9FF call 0044B270
004AE920 . 8B45 B0 mov eax, dword ptr [ebp-50]
004AE923 . E8 ECAFF5FF call 00409914
004AE928 . 8945 F4 mov dword ptr [ebp-C], eax
004AE92B . 8D55 AC lea edx, dword ptr [ebp-54]
004AE92E . 8B45 F8 mov eax, dword ptr [ebp-8]
004AE931 . 8B80 E0030000 mov eax, dword ptr [eax+3E0]
004AE937 . E8 34C9F9FF call 0044B270
004AE93C . 8B45 AC mov eax, dword ptr [ebp-54]
004AE93F . E8 D0AFF5FF call 00409914
004AE944 . 8945 F0 mov dword ptr [ebp-10], eax
004AE947 . 8D55 A8 lea edx, dword ptr [ebp-58]
004AE94A . 8B45 F8 mov eax, dword ptr [ebp-8]
004AE94D . 8B80 E8030000 mov eax, dword ptr [eax+3E8]
004AE953 . E8 18C9F9FF call 0044B270
004AE958 . 8B45 A8 mov eax, dword ptr [ebp-58]
004AE95B . E8 B4AFF5FF call 00409914
004AE960 . 8945 EC mov dword ptr [ebp-14], eax
004AE963 . 8D55 A4 lea edx, dword ptr [ebp-5C]
004AE966 . 8B45 F8 mov eax, dword ptr [ebp-8]
004AE969 . 8B80 EC030000 mov eax, dword ptr [eax+3EC]
004AE96F . E8 FCC8F9FF call 0044B270
004AE974 . 8B45 A4 mov eax, dword ptr [ebp-5C]
004AE977 . E8 98AFF5FF call 00409914
004AE97C . 8945 E8 mov dword ptr [ebp-18], eax
004AE97F . 33DB xor ebx, ebx
004AE981 . 33F6 xor esi, esi
004AE983 . 8D55 A0 lea edx, dword ptr [ebp-60]
004AE986 . 8B45 F8 mov eax, dword ptr [ebp-8]
004AE989 . 8B80 E4030000 mov eax, dword ptr [eax+3E4]
004AE98F . E8 DCC8F9FF call 0044B270
004AE994 . 8B45 A0 mov eax, dword ptr [ebp-60]
004AE997 . E8 78AFF5FF call 00409914
004AE99C . 8BF8 mov edi, eax
004AE99E . 81FF 60BD0000 cmp edi, 0BD60
004AE9A4 . 75 18 jnz short 004AE9BE
004AE9A6 . A1 88054D00 mov eax, dword ptr [4D0588]
004AE9AB . BA CCEE4A00 mov edx, 004AEECC ; ASCII "en"
004AE9B0 . E8 3364F5FF call 00404DE8
004AE9B5 . 75 07 jnz short 004AE9BE
004AE9B7 . B3 01 mov bl, 1
004AE9B9 . BE 60BD0000 mov esi, 0BD60
004AE9BE > 81FF 52C10000 cmp edi, 0C152
004AE9C4 . 75 19 jnz short 004AE9DF
004AE9C6 . B8 D8EE4A00 mov eax, 004AEED8 ; ASCII "cn"
004AE9CB . 8B15 88054D00 mov edx, dword ptr [4D0588]
004AE9D1 . E8 1264F5FF call 00404DE8
004AE9D6 . 75 07 jnz short 004AE9DF
004AE9D8 . B3 01 mov bl, 1
004AE9DA . BE 52C10000 mov esi, 0C152
004AE9DF > 8D55 9C lea edx, dword ptr [ebp-64]
004AE9E2 . 8B45 F8 mov eax, dword ptr [ebp-8]
004AE9E5 . 8B80 E4030000 mov eax, dword ptr [eax+3E4]
004AE9EB . E8 80C8F9FF call 0044B270
004AE9F0 . 8B45 9C mov eax, dword ptr [ebp-64]
004AE9F3 . E8 1CAFF5FF call 00409914
004AE9F8 . 8BF8 mov edi, eax
004AE9FA . 81FF CA770100 cmp edi, 177CA
004AEA00 . 75 18 jnz short 004AEA1A
004AEA02 . A1 88054D00 mov eax, dword ptr [4D0588]
004AEA07 . BA CCEE4A00 mov edx, 004AEECC ; ASCII "en"
004AEA0C . E8 D763F5FF call 00404DE8
004AEA11 . 75 07 jnz short 004AEA1A
004AEA13 . B3 01 mov bl, 1
004AEA15 . BE CA770100 mov esi, 177CA
004AEA1A > 81FF BC7B0100 cmp edi, 17BBC
004AEA20 . 75 19 jnz short 004AEA3B
004AEA22 . B8 D8EE4A00 mov eax, 004AEED8 ; ASCII "cn"
004AEA27 . 8B15 88054D00 mov edx, dword ptr [4D0588]
004AEA2D . E8 B663F5FF call 00404DE8
004AEA32 . 75 07 jnz short 004AEA3B
004AEA34 . B3 01 mov bl, 1
004AEA36 . BE BC7B0100 mov esi, 17BBC
004AEA3B > 8D55 98 lea edx, dword ptr [ebp-68]
004AEA3E . 8B45 F8 mov eax, dword ptr [ebp-8]
004AEA41 . 8B80 E4030000 mov eax, dword ptr [eax+3E4]
004AEA47 . E8 24C8F9FF call 0044B270
004AEA4C . 8B45 98 mov eax, dword ptr [ebp-68]
004AEA4F . E8 C0AEF5FF call 00409914
004AEA54 . 8BF8 mov edi, eax
004AEA56 . 81FF 01B50000 cmp edi, 0B501
004AEA5C . 75 18 jnz short 004AEA76
004AEA5E . A1 88054D00 mov eax, dword ptr [4D0588]
004AEA63 . BA CCEE4A00 mov edx, 004AEECC ; ASCII "en"
004AEA68 . E8 7B63F5FF call 00404DE8
004AEA6D . 75 07 jnz short 004AEA76
004AEA6F . B3 01 mov bl, 1
004AEA71 . BE 01B50000 mov esi, 0B501
004AEA76 > 81FF F3B80000 cmp edi, 0B8F3
004AEA7C . 75 19 jnz short 004AEA97
004AEA7E . B8 D8EE4A00 mov eax, 004AEED8 ; ASCII "cn"
004AEA83 . 8B15 88054D00 mov edx, dword ptr [4D0588]
004AEA89 . E8 5A63F5FF call 00404DE8
004AEA8E . 75 07 jnz short 004AEA97
004AEA90 . B3 01 mov bl, 1
004AEA92 . BE F3B80000 mov esi, 0B8F3
004AEA97 > 8D55 94 lea edx, dword ptr [ebp-6C]
004AEA9A . 8B45 F8 mov eax, dword ptr [ebp-8]
004AEA9D . 8B80 E4030000 mov eax, dword ptr [eax+3E4]
004AEAA3 . E8 C8C7F9FF call 0044B270
004AEAA8 . 8B45 94 mov eax, dword ptr [ebp-6C]
004AEAAB . E8 64AEF5FF call 00409914
004AEAB0 . 8BF8 mov edi, eax
004AEAB2 . 81FF 7B590000 cmp edi, 597B
004AEAB8 . 75 18 jnz short 004AEAD2
004AEABA . A1 88054D00 mov eax, dword ptr [4D0588]
004AEABF . BA CCEE4A00 mov edx, 004AEECC ; ASCII "en"
004AEAC4 . E8 1F63F5FF call 00404DE8
004AEAC9 . 75 07 jnz short 004AEAD2
004AEACB . B3 01 mov bl, 1
004AEACD . BE 7B590000 mov esi, 597B
004AEAD2 > 81FF 6D5D0000 cmp edi, 5D6D
004AEAD8 . 75 19 jnz short 004AEAF3
004AEADA . B8 D8EE4A00 mov eax, 004AEED8 ; ASCII "cn"
004AEADF . 8B15 88054D00 mov edx, dword ptr [4D0588]
004AEAE5 . E8 FE62F5FF call 00404DE8
004AEAEA . 75 07 jnz short 004AEAF3
004AEAEC . B3 01 mov bl, 1
004AEAEE . BE 6D5D0000 mov esi, 5D6D
004AEAF3 > 8D55 90 lea edx, dword ptr [ebp-70]
004AEAF6 . 8B45 F8 mov eax, dword ptr [ebp-8]
004AEAF9 . 8B80 E4030000 mov eax, dword ptr [eax+3E4]
004AEAFF . E8 6CC7F9FF call 0044B270
004AEB04 . 8B45 90 mov eax, dword ptr [ebp-70]
004AEB07 . E8 08AEF5FF call 00409914
004AEB0C . 8BF8 mov edi, eax
004AEB0E . 81FF 8F570000 cmp edi, 578F
004AEB14 . 75 18 jnz short 004AEB2E
004AEB16 . A1 88054D00 mov eax, dword ptr [4D0588]
004AEB1B . BA CCEE4A00 mov edx, 004AEECC ; ASCII "en"
004AEB20 . E8 C362F5FF call 00404DE8
004AEB25 . 75 07 jnz short 004AEB2E
004AEB27 . B3 01 mov bl, 1
004AEB29 . BE 8F570000 mov esi, 578F
004AEB2E > 81FF 815B0000 cmp edi, 5B81
004AEB34 . 75 19 jnz short 004AEB4F
004AEB36 . B8 D8EE4A00 mov eax, 004AEED8 ; ASCII "cn"
004AEB3B . 8B15 88054D00 mov edx, dword ptr [4D0588]
004AEB41 . E8 A262F5FF call 00404DE8
004AEB46 . 75 07 jnz short 004AEB4F
004AEB48 . B3 01 mov bl, 1
004AEB4A . BE 815B0000 mov esi, 5B81
004AEB4F > 8D55 8C lea edx, dword ptr [ebp-74]
004AEB52 . 8B45 F8 mov eax, dword ptr [ebp-8]
004AEB55 . 8B80 E4030000 mov eax, dword ptr [eax+3E4]
004AEB5B . E8 10C7F9FF call 0044B270
004AEB60 . 8B45 8C mov eax, dword ptr [ebp-74]
004AEB63 . E8 ACADF5FF call 00409914
004AEB68 . 8BF8 mov edi, eax
004AEB6A . 81FF 24D20000 cmp edi, 0D224
004AEB70 . 75 18 jnz short 004AEB8A
004AEB72 . A1 88054D00 mov eax, dword ptr [4D0588]
004AEB77 . BA CCEE4A00 mov edx, 004AEECC ; ASCII "en"
004AEB7C . E8 6762F5FF call 00404DE8
004AEB81 . 75 07 jnz short 004AEB8A
004AEB83 . B3 01 mov bl, 1
004AEB85 . BE 24D20000 mov esi, 0D224
004AEB8A > 81FF 16D60000 cmp edi, 0D616
004AEB90 . 75 19 jnz short 004AEBAB
004AEB92 . B8 D8EE4A00 mov eax, 004AEED8 ; ASCII "cn"
004AEB97 . 8B15 88054D00 mov edx, dword ptr [4D0588]
004AEB9D . E8 4662F5FF call 00404DE8
004AEBA2 . 75 07 jnz short 004AEBAB
004AEBA4 . B3 01 mov bl, 1
004AEBA6 . BE 16D60000 mov esi, 0D616
004AEBAB > 6A 02 push 2 ; /Arg1 = 00000002
004AEBAD . B9 01000000 mov ecx, 1 ; |
004AEBB2 . 8B55 F0 mov edx, dword ptr [ebp-10] ; |
004AEBB5 . 8B45 F4 mov eax, dword ptr [ebp-C] ; |
004AEBB8 . E8 93E8FFFF call 004AD450 ; \算法Call<1>
004AEBBD . 99 cdq
004AEBBE . 52 push edx
004AEBBF . 50 push eax
004AEBC0 . 8B45 EC mov eax, dword ptr [ebp-14]
004AEBC3 . 33D2 xor edx, edx
004AEBC5 . 3B5424 04 cmp edx, dword ptr [esp+4]
004AEBC9 . 75 03 jnz short 004AEBCE
004AEBCB . 3B0424 cmp eax, dword ptr [esp]
004AEBCE > 5A pop edx
004AEBCF . 58 pop eax
004AEBD0 . 0F85 A3020000 jnz 004AEE79 ; 关键跳
004AEBD6 . 6A 02 push 2 ; /Arg1 = 00000002
004AEBD8 . B9 03000000 mov ecx, 3 ; |
004AEBDD . 8B55 F0 mov edx, dword ptr [ebp-10] ; |
004AEBE0 . 8B45 F4 mov eax, dword ptr [ebp-C] ; |
004AEBE3 . E8 88E8FFFF call 004AD470 ; \算法Call<2>
004AEBE8 . 99 cdq
004AEBE9 . 52 push edx
004AEBEA . 50 push eax
004AEBEB . 8B45 E8 mov eax, dword ptr [ebp-18]
004AEBEE . 33D2 xor edx, edx
004AEBF0 . 3B5424 04 cmp edx, dword ptr [esp+4]
以上代码是根据功能选择一个固定值,也就是注册码中的Sn3,也蛮重要的,比较好玩,但是有一个是通用的,哪个呢?
看总结:)
************************************************************************************************************
004AD450 /$ 55 push ebp
004AD451 |. 8BEC mov ebp, esp
004AD453 |. 8BC8 mov ecx, eax
004AD455 |. 8BC1 mov eax, ecx
004AD457 |. B9 0A000000 mov ecx, 0A ; ECX=$A
004AD45C |. 99 cdq
004AD45D |. F7F9 idiv ecx ; S=$A
004AD45F |. 8D04C0 lea eax, dword ptr [eax+eax*8] ; EAX=EAX+EAX*8=EAX*9
004AD462 |. 50 push eax
004AD463 |. B8 9F860100 mov eax, 1869F ; $1869F
004AD468 |. 5A pop edx
004AD469 |. 2BC2 sub eax, edx ; $1869F-S
004AD46B |. 5D pop ebp
004AD46C \. C2 0400 retn 4
004AD46F 90 nop
004AD470 /$ 55 push ebp
004AD471 |. 8BEC mov ebp, esp
004AD473 |. 8BCA mov ecx, edx
004AD475 |. 8BC1 mov eax, ecx
004AD477 |. B9 09000000 mov ecx, 9 ; ECX=9
004AD47C |. 99 cdq
004AD47D |. F7F9 idiv ecx ; 第二组与9取余
004AD47F |. 03C0 add eax, eax ; EAX=EAX+EAX
004AD481 |. 03C0 add eax, eax ; EAX=EAX+EAX
004AD483 |. 03C0 add eax, eax ; EAX=EAX+EAX
004AD485 |. 50 push eax ; 上面那段相加的代码可以写为Z=EAX*8
004AD486 |. B8 9E860100 mov eax, 1869E ; $1869E
004AD48B |. 5A pop edx
004AD48C |. 2BC2 sub eax, edx ; $1869E-Z
004AD48E |. 5D pop ebp
004AD48F \. C2 0400 retn 4
**************************************************************************************************
算法注册机源码:复制内容到剪贴板 代码: var
sn1,sn2,sn4,sn5:integer;
begin
sn1:=RandomRange(10000,99999);
sn2:=RandomRange(10000,99999);
sn4:=99999-(sn1 div 10)*9;
sn5:=99998-(sn2 div 9)*8;
Edit1.Text:=IntToStr(sn1)+'-'+inttostr(sn2)+'-'+'97212'+'-'+inttostr(sn4)+'-'+inttostr(sn5);
end;
--------------------------------------------------------------------------------
【经验总结】
此软件的注册方式比较好玩,功能也蛮多的,XX转换,XX复制什么的
Sn3是根据它的软件的几种功能来选择的
我发现他的主要还是XX复制,而且安装在桌面的快捷方式也是复制,所以就从复制下手,一看,97212通用,肯定是软件作者想设计个陷进欺负Cracker,但是却弄巧成拙了,哈哈
最后,再感谢鹭影依凌兄弟,就是他,让我走了很多弯路,也让我更加细心,更有耐性,耐心……
Cyg07老大,我喊你了,是你不在
--------------------------------------------------------------------------------
【版权声明】: 本文纯属, 转载请注明作者并保持文章的完整, 谢谢!
2008年03月05日 23:39:01
|
