anti-homeMade(4)：鸚鵡螺網路助手2.22 (4千字)

anti-homeMade(4)：鸚鵡螺網路助手2.22
by 6767

工具：SOFTICE，WD32ASM(用於寫過程)
下載地址：http://jx163.onlinedown.net/down/netranger222c.zip
開發者自己是怎麼說的：
鸚鵡螺網路助手是什麼?
鸚鵡螺網路助手是一個功能強大，方便易用的專業網路工具箱，既適合網路新手，也適合有經驗的使用者使用。鸚鵡螺網路助手提供給你上網衝浪、檢查網路故障，獲取帳號、主機和域名等等網際網路或企業內部網上的網路資訊所需要的各種常用工具。

不管那麼多，在註冊視窗，名字：6767，註冊碼：123654。在SI中下Bpx windowtexta，攔到。跟跟跟，到這裡(當然失敗上N次才找到)：

.....
:00422B75 C644243002 mov [esp+30], 02
:00422B7A E879EF0100 call 00441AF8
:00422B7F 8BCE mov ecx, esi
:00422B81 C644242C01 mov [esp+2C], 01
:00422B86 E875FEFFFF call 00422A00           <- 懷疑核心在這裡，果然是，看下面分析
:00422B8B 8B4C2430 mov ecx, dword ptr [esp+30]   <- 在這裡D一下會有收穫
:00422B8F 6A0A push 0000000A
:00422B91 8D542410 lea edx, dword ptr [esp+10]   <- 在這裡D一下會有收穫
:00422B95 51 push ecx
:00422B96 52 push edx
:00422B97 E8E4C40000 call 0042F080           <- 大哥
:00422B9C 83C40C add esp, 0000000C
:00422B9F C644242000 mov [esp+20], 00
:00422BA4 85C0 test eax, eax           <- 看起來
:00422BA6 8D4C2428 lea ecx, dword ptr [esp+28]
:00422BAA 752D jne 00422BD9           <- 好面熟
......

跟入核心CALL不久會到這裡：

......
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422A8E(C)
|
:00422AA3 33C9 xor ecx, ecx           <- ECX=0，迴圈變數

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422AEB(C)
|
:00422AA5 33F6 xor esi, esi
:00422AA7 85FF test edi, edi           <- DI放姓名長度
:00422AA9 7E3D jle 00422AE8

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422AE6(C)
|
:00422AAB 83F90A cmp ecx, 0000000A         <- 大於等於10則迴圈完成
:00422AAE 7D3D jge 00422AED
:00422AB0 85C9 test ecx, ecx           <-
:00422AB2 7E07 jle 00422ABB           <- 僅在第一次迴圈時跳走
:00422AB4 0FBE4429FF movsx eax, byte ptr [ecx+ebp-01]   <- 取生成的註冊碼的上一字母
:00422AB9 EB14 jmp 00422ACF

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422AB2(C)
|
:00422ABB 0FBE543418 movsx edx, byte ptr [esp+esi+18]   <- 取名字的第一個字元
:00422AC0 0FBEC3 movsx eax, bl           <- 與版本有關的一個值，0X6A
:00422AC3 8BD9 mov ebx, ecx           <- EBX=0
:00422AC5 03DA add ebx, edx
:00422AC7 8B542414 mov edx, dword ptr [esp+14]     <- 在EDX中放入累加和
:00422ACB 03C3 add eax, ebx
:00422ACD 03C2 add eax, edx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422AB9(U)
|
:00422ACF 33D2 xor edx, edx           <- EDX=0
:00422AD1 BB1A000000 mov ebx, 0000001A       <- 0X1A=26
:00422AD6 F7F3 div ebx
:00422AD8 8A5C2413 mov bl, byte ptr [esp+13]   <- [ESP+13]='j'=0X6A，固定值
:00422ADC 83C261 add edx, 00000061       <- EDX變為小寫字元
:00422ADF 46 inc esi
:00422AE0 881429 mov byte ptr [ecx+ebp], dl   <- 儲存生成的註冊碼
:00422AE3 41 inc ecx
:00422AE4 3BF7 cmp esi, edi       <- 迴圈次數是否到名字長度
:00422AE6 7CC3 jl 00422AAB

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422AA9(C)
|
:00422AE8 83F90A cmp ecx, 0000000A
:00422AEB 7CB8 jl 00422AA5           <- 若迴圈未到10次，繼續迴圈

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422AAE(C)
|
:00422AED 8D4C2434 lea ecx, dword ptr [esp+34]
:00422AF1 C6450A00 mov [ebp+0A], 00       <- 註冊碼長度變為10
:00422AF5 E889F20100 call 00441D83       <- 下面不重要了
:00422AFA 8D4C2438 lea ecx, dword ptr [esp+38]
:00422AFE C744242CFFFFFFFF mov [esp+2C], FFFFFFFF
:00422B06 E878F20100 call 00441D83
:00422B0B 8B4C2424 mov ecx, dword ptr [esp+24]
:00422B0F 5F pop edi
:00422B10 5E pop esi
:00422B11 5D pop ebp

過程到這裡，覺得好用就想辦法註冊吧。

anti-homeMade(4)：鸚鵡螺網路助手2.22 (4千字)

相關文章