《棋隱》的註冊演算法 (19千字)
《棋隱》的註冊演算法
作者:ratarice
工具:TRW2000、W32DSM89
廢話少說,過程如下:
* Possible Reference to Dialog: DialogID_00FB, CONTROL_ID:03F7, ""
|
:00401EFF 68F7030000 push 000003F7
:00401F04 8BCF
mov ecx, edi
:00401F06 E86F990300 call 0043B87A
:00401F0B 8D4C2418 lea
ecx, dword ptr [esp+18]
:00401F0F 51
push ecx
* Possible StringData Ref from Data Obj ->"p"
|
:00401F10 6838364700 push 00473638
:00401F15 E866150100 call 00413480
------------------->關鍵,要進入!
:00401F1A 6A00
push 00000000
:00401F1C 8BD8
mov ebx, eax -------------------->將eax的值給ebx
:00401F1E E81A430200 call 0042623D
:00401F23 6A00
push 00000000
:00401F25 8D7005
lea esi, dword ptr [eax+05]
:00401F28 E810430200 call 0042623D
:00401F2D 83C410
add esp, 00000010
:00401F30 3BF0
cmp esi, eax
:00401F32 7E0E
jle 00401F42
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401F40(C)
|
:00401F34 6A00
push 00000000
:00401F36 E802430200 call 0042623D
:00401F3B 83C404
add esp, 00000004
:00401F3E 3BF0
cmp esi, eax
:00401F40 7FF2
jg 00401F34
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401F32(C)
|
:00401F42 8B542414 mov
edx, dword ptr [esp+14]
:00401F46 52
push edx
:00401F47 FFD5
call ebp
:00401F49 A198454900 mov eax,
dword ptr [00494598]
:00401F4E 89442410 mov
dword ptr [esp+10], eax
:00401F52 85DB
test ebx, ebx ------------------------->關鍵比較,其實是比較
:00401F54 C744246000000000 mov [esp+60], 00000000
eax
:00401F5C 7407
je 00401F65 --------------------------->關鍵跳轉,不跳成功!
* Possible Reference to String Resource ID=00131: "Register was successful.
Enjoy the game."
|
:00401F5E 6883000000 push 00000083
:00401F63 EB05
jmp 00401F6A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401F5C(C)
|
* Possible Reference to String Resource ID=00132: "Invalid serial number. Please
input correct serial number."
|
:00401F65 6884000000 push 00000084
***************************************************************************
* Referenced by a CALL at Addresses:
|:00401F15 , :00413A35
|
:00413480 8B542408 mov
edx, dword ptr [esp+08] ---->將假註冊碼地址給edx
:00413484 83EC2C
sub esp, 0000002C
:00413487 83C9FF
or ecx, FFFFFFFF
:0041348A 33C0
xor eax, eax
:0041348C 56
push esi
:0041348D 57
push edi
:0041348E 8BFA
mov edi, edx
:00413490 33F6
xor esi, esi
:00413492 F2
repnz
:00413493 AE
scasb
:00413494 F7D1
not ecx
:00413496 49
dec ecx ----------------------->計算註冊碼的長度
:00413497 83F913
cmp ecx, 00000013 ------------->註冊碼要19位
:0041349A 7555
jne 004134F1
:0041349C 8B02
mov eax, dword ptr [edx] ------
:0041349E 8B4A05
mov ecx, dword ptr [edx+05] |
:004134A1 89442408 mov
dword ptr [esp+08], eax | 將註冊碼的第5、10、15位去掉
:004134A5 8B420A
mov eax, dword ptr [edx+0A] | 構成新註冊碼,並將它的地址給
:004134A8 894C240C mov
dword ptr [esp+0C], ecx | edx
:004134AC 8B4A0F
mov ecx, dword ptr [edx+0F] |
:004134AF 89442410 mov
dword ptr [esp+10], eax |
:004134B3 8D542408 lea
edx, dword ptr [esp+08] |
:004134B7 8D44241C lea
eax, dword ptr [esp+1C] |
:004134BB 52
push edx
|
:004134BC 50
push eax
|
:004134BD 894C241C mov
dword ptr [esp+1C], ecx |
:004134C1 C644242000 mov [esp+20],
00 --------------
:004134C6 E8C5FEFFFF call 00413390
----------------->又是關鍵!
:004134CB 83C408
add esp, 00000008
:004134CE 85C0
test eax, eax
:004134D0 741F
je 004134F1
:004134D2 8D4C2422 lea
ecx, dword ptr [esp+22]
:004134D6 51
push ecx
:004134D7 E8C82E0100 call 004263A4
:004134DC 8B54243C mov
edx, dword ptr [esp+3C]
:004134E0 83C404
add esp, 00000004
:004134E3 3DA0860100 cmp eax,
000186A0
:004134E8 8902
mov dword ptr [edx], eax
:004134EA B801000000 mov eax,
00000001
:004134EF 7D02
jge 004134F3
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0041349A(C), :004134D0(C)
|
:004134F1 8BC6
mov eax, esi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004134EF(C)
|
:004134F3 5F
pop edi
:004134F4 5E
pop esi
:004134F5 83C42C
add esp, 0000002C
:004134F8 C3
ret
*****************************************************************************
* Referenced by a CALL at Address:
|:004134C6
|
:00413390 8B4C2408 mov
ecx, dword ptr [esp+08]
:00413394 83EC28
sub esp, 00000028
:00413397 33C0
xor eax, eax
:00413399 81E96C394700 sub ecx, 0047396C
:0041339F 53
push ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004133B6(C)
|
:004133A0 0FBE906C394700 movsx edx, byte ptr
[eax+0047396C] -----
:004133A7 8A9C016C394700 mov bl, byte ptr
[ecx+eax+0047396C] | 按照作者定的順序
:004133AE 40
inc eax
| 排序:
:004133AF 83F810
cmp eax, 00000010
| 2837A9F061BD4C5E
:004133B2 885C1404 mov
byte ptr [esp+edx+04], bl |
:004133B6 7CE8
jl 004133A0 ----------------------------
:004133B8 55
push ebp
:004133B9 56
push esi
:004133BA 8D44240C lea
eax, dword ptr [esp+0C]
:004133BE 57
push edi
:004133BF 8D4C2424 lea
ecx, dword ptr [esp+24]
:004133C3 50
push eax
:004133C4 51
push ecx
:004133C5 C644242800 mov [esp+28],
00
:004133CA E821FFFFFF call 004132F0
-------------------------->又是關鍵,還要追入!
:004133CF 8B7C2444 mov
edi, dword ptr [esp+44]
:004133D3 8D6C242C lea
ebp, dword ptr [esp+2C]
:004133D7 83C408
add esp, 00000008
:004133DA 2BEF
sub ebp, edi
:004133DC 8D7701
lea esi, dword ptr [edi+01]
:004133DF BB0B000000 mov ebx,
0000000B ---------------------->ebx=B
:004133E4 89742440 mov
dword ptr [esp+40], esi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041341B(C)
|
:004133E8 0FBE042E movsx
eax, byte ptr [esi+ebp] ---------->先符號擴充套件,再將註冊碼
的第二位傳送給eax
:004133EC 83F85A
cmp eax, 0000005A ---------------------->比較eax和5A
:004133EF 7F17
jg 00413408 ---------------------------->大於就跳
:004133F1 B95A000000 mov ecx,
0000005A ---------------------->小於就ecx=5A
:004133F6 2BC8
sub ecx, eax --------------------------->ecx=ecx-eax
:004133F8 B856555555 mov eax,
55555556 ---------------------->eax=55555556
:004133FD F7E9
imul ecx ------------------------------->eax=eax*ecx
:004133FF 8BC2
mov eax, edx --------------------------->eax=edx
:00413401 C1EA1F
shr edx, 1F ---------------------------->edx邏輯右移1F
:00413404 03C2
add eax, edx --------------------------->eax=eax+edx
:00413406 EB0D
jmp 00413415 --------------------------->跳走
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004133EF(C)
|
:00413408 83F865
cmp eax, 00000065 ---------------------->比較eax和65
:0041340B 7C08
jl 00413415 ---------------------------->小於就跳走
:0041340D 83C09B
add eax, FFFFFF9B ---------------------->否則eax=eax+FFFFFF9B
:00413410 99
cdq ------------------------------------>雙字擴充套件(把EAX中的字的
符號擴充套件到EDX中去)
:00413411 2BC2
sub eax, edx --------------------------->eax=eax-edx
:00413413 D1F8
sar eax, 1 ----------------------------->eax算術右移1
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00413406(U), :0041340B(C)
|
:00413415 0430
add al, 30 ----------------------------->al=al+30
:00413417 8806
mov byte ptr [esi], al ----------------->al給[esi]
:00413419 46
inc esi -------------------------------->esi加一
:0041341A 4B
dec ebx -------------------------------->ebx減一
:0041341B 75CB
jne 004133E8 --------------------------->迴圈;即得新註冊碼
:0041341D 8A5C2424 mov
bl, byte ptr [esp+24]
:00413421 C6470C00 mov
[edi+0C], 00
:00413425 881F
mov byte ptr [edi], bl ----------------->將註冊碼的第一位補到新
註冊碼的前面
:00413427 33C0
xor eax, eax ---------------------------
:00413429 B901000000 mov ecx,
00000001 |
| 將新註冊碼累乘
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
| 值給eax
|:0041343B(C)
|
|
|
:0041342E 0FBE1439 movsx
edx, byte ptr [ecx+edi] |
:00413432 0FAFC1
imul eax, ecx
|
:00413435 03C2
add eax, edx
|
:00413437 41
inc ecx
|
:00413438 83F90C
cmp ecx, 0000000C
|
:0041343B 7CF1
jl 0041342E ----------------------------
:0041343D 5F
pop edi
:0041343E 5E
pop esi
:0041343F 85C0
test eax, eax -------------------------->檢查eax
:00413441 5D
pop ebp
:00413442 7D02
jge 00413446 --------------------------->eax大於等於43446就跳
:00413444 F7D8
neg eax -------------------------------->???
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00413442(C)
|
:00413446 99
cdq ------------------------------------>雙字擴充套件
:00413447 B91A000000 mov ecx,
0000001A ---------------------->ecx=1A
:0041344C F7F9
idiv ecx ------------------------------->eax=eax/ecx
:0041344E 0FBEC3
movsx eax, bl -------------------------->先符號擴充套件,再把bl給al
:00413451 5B
pop ebx
:00413452 83C241
add edx, 00000041 ---------------------->edx=edx+41
:00413455 3BC2
cmp eax, edx --------------------------->比較eax和edx
:00413457 7512
jne 0041346B --------------------------->不相等就完蛋
:00413459 8B4C2430 mov
ecx, dword ptr [esp+30] ------------>將新註冊碼的第一位地址
給ecx
:0041345D 803932
cmp byte ptr [ecx], 32 ----------------->比較ecx和32
:00413460 7509
jne 0041346B --------------------------->不相等就完蛋
:00413462 B801000000 mov eax,
00000001
:00413467 83C428
add esp, 00000028
:0041346A C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00413457(C), :00413460(C)
|
:0041346B 33C0
xor eax, eax
:0041346D 83C428
add esp, 00000028
:00413470 C3
ret
***********************************************************************************
* Referenced by a CALL at Addresses:
|:0040808A , :004133CA
|
:004132F0 56
push esi
:004132F1 8B74240C mov
esi, dword ptr [esp+0C]
:004132F5 57
push edi
:004132F6 8BFE
mov edi, esi
:004132F8 83C9FF
or ecx, FFFFFFFF
:004132FB 33C0
xor eax, eax
:004132FD F2
repnz
:004132FE AE
scasb
:004132FF F7D1
not ecx
:00413301 49
dec ecx
:00413302 F6C103
test cl, 03
:00413305 7403
je 0041330A
:00413307 5F
pop edi
:00413308 5E
pop esi
:00413309 C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00413305(C)
|
:0041330A 8A06
mov al, byte ptr [esi] ------------->依次取註冊碼到al
:0041330C 84C0
test al, al ------------------------>檢查是否是零
:0041330E 7467
je 00413377 ------------------------>是就完蛋!
:00413310 8B7C240C mov
edi, dword ptr [esp+0C]
:00413314 53
push ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041336A(C)
|
:00413315 50
push eax
:00413316 46
inc esi
:00413317 E894FFFFFF call 004132B0
----------------------->也需要追入!(是換算)
:0041331C 8AD8
mov bl, al -------------------------->al給bl
:0041331E 8A06
mov al, byte ptr [esi] -------------->下一個註冊碼給al
:00413320 50
push eax
:00413321 46
inc esi ----------------------------->esi加一
:00413322 E889FFFFFF call 004132B0
----------------------->換算
:00413327 8AC8
mov cl, al -------------------------->al給cl
:00413329 240F
and al, 0F -------------------------->al and 0f
:0041332B C0F904
sar cl, 04 -------------------------->cl算術右移4
:0041332E C0E302
shl bl, 02 -------------------------->bl邏輯左移2
:00413331 02CB
add cl, bl -------------------------->cl=cl+bl
:00413333 8AD8
mov bl, al -------------------------->al給bl
:00413335 880F
mov byte ptr [edi], cl -------------->cl給[edi]
:00413337 8A06
mov al, byte ptr [esi] -------------->取下一個註冊碼給al
:00413339 47
inc edi ----------------------------->edi加一
:0041333A 50
push eax
:0041333B 46
inc esi ----------------------------->esi加一
:0041333C E86FFFFFFF call 004132B0
----------------------->換算
:00413341 8AD0
mov dl, al -------------------------->al給dl
:00413343 2403
and al, 03 -------------------------->al and 3
:00413345 C0FA02
sar dl, 02 -------------------------->dl算術右移2
:00413348 C0E304
shl bl, 04 -------------------------->bl邏輯左移4
:0041334B 02D3
add dl, bl -------------------------->dl=dl+bl
:0041334D 8AD8
mov bl, al -------------------------->bl給al
:0041334F 8817
mov byte ptr [edi], dl -------------->dl給[edi]
:00413351 8A06
mov al, byte ptr [esi] -------------->取下一個註冊碼給al
:00413353 47
inc edi ----------------------------->edi加一
:00413354 50
push eax
:00413355 46
inc esi ----------------------------->esi加一
:00413356 E855FFFFFF call 004132B0
----------------------->換算
:0041335B C0E306
shl bl, 06 -------------------------->bl邏輯左移6
:0041335E 02C3
add al, bl -------------------------->al=al+bl
:00413360 83C410
add esp, 00000010
:00413363 8807
mov byte ptr [edi], al -------------->al給edi
:00413365 8A06
mov al, byte ptr [esi] -------------->取下一個註冊碼給al
:00413367 47
inc edi ----------------------------->edi加一
:00413368 84C0
test al, al ------------------------->檢查是否取完
:0041336A 75A9
jne 00413315 ------------------------>沒有取完,迴圈!
:0041336C 5B
pop ebx
:0041336D 8807
mov byte ptr [edi], al -------------->將最後一個給[edi]
:0041336F 5F
pop edi
:00413370 B801000000 mov eax,
00000001
:00413375 5E
pop esi
:00413376 C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041330E(C)
|
:00413377 8B7C240C mov
edi, dword ptr [esp+0C]
:0041337B B801000000 mov eax,
00000001
:00413380 C60700
mov byte ptr [edi], 00
:00413383 5F
pop edi
:00413384 5E
pop esi
:00413385 C3
ret
************************************************************************
這個CALL作用是:如果註冊碼在41和5A之間,則註冊碼減41;
如果註冊碼在61和71之間,則註冊碼減47;
如果註冊碼在30和39之間,則註冊碼加4。
* Referenced by a CALL at Addresses:
|:00413317 , :00413322 , :0041333C , :00413356
|
:004132B0 8A442404 mov
al, byte ptr [esp+04]
:004132B4 3C41
cmp al, 41
:004132B6 7C08
jl 004132C0
:004132B8 3C5A
cmp al, 5A
:004132BA 7F04
jg 004132C0
:004132BC 83E841
sub eax, 00000041
:004132BF C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004132B6(C), :004132BA(C)
|
:004132C0 3C61
cmp al, 61
:004132C2 7C08
jl 004132CC
:004132C4 3C7A
cmp al, 7A
:004132C6 7F04
jg 004132CC
:004132C8 83E847
sub eax, 00000047
:004132CB C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004132C2(C), :004132C6(C)
|
:004132CC 3C30
cmp al, 30
:004132CE 7C08
jl 004132D8
:004132D0 3C39
cmp al, 39
:004132D2 7F04
jg 004132D8
:004132D4 83C004
add eax, 00000004
:004132D7 C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004132CE(C), :004132D2(C)
|
:004132D8 3C2B
cmp al, 2B
:004132DA 0F95C0
setne al
:004132DD 83C03E
add eax, 0000003E
:004132E0 C3
ret
由於本人的能力有限,做不出它的序號產生器,還請高人指點!!!!!
相關文章
- "竹影棋友"圍棋程式註冊雞 (2千字)2001-05-19
- UltraEdit-32
10註冊碼演算法分析 (19千字)2003-05-17演算法
- 註冊碼演算法 (2千字)2001-01-14演算法
- CDSpace Power+註冊演算法 (7千字)2001-07-27演算法
- FolderView 1.7
註冊演算法分析 (14千字)2015-11-15View演算法
- Active Ebook Compiler的註冊演算法 (14千字)2001-05-09Compile演算法
- 重新貼過註冊演算法分析 (16千字)2001-10-23演算法
- Konvertor 3.03的註冊碼演算法模組的分析
(7千字)2015-11-15演算法
- estiprojm 註冊 (12千字)2001-11-08
- EffeTech HTTP Sniffer 3.2註冊演算法分析 (5千字)2002-06-24HTTP演算法
- 有聲有色4.0註冊演算法 一 (11千字)2001-05-01演算法
- Green Tea 2.60註冊碼演算法分析 (3千字)2000-07-17演算法
- SuperCleaner 2.31註冊碼演算法分析 - OCG (13千字)2002-04-02演算法
- Registry Crawler 4.0註冊碼演算法分析 - OCG
(20千字)2002-04-07演算法
- 完美解除安裝6.0註冊演算法分析 (2千字)2002-02-27演算法
- Directory Scanner v1.5 註冊演算法分析 (6千字)2015-11-15演算法
- MouseStar V3.01註冊演算法分析 (18千字)2015-11-15演算法
- **********.exe註冊碼演算法分析--高手莫笑 (31千字)2015-11-15演算法
- 一個區域網工具的註冊演算法分析
(5千字)2015-11-15演算法
- Diskbase 5.11的破解和註冊演算法(俺是新手) (18千字)2001-05-21演算法
- Screen Demo Maker
V3.0註冊演算法分析 (8千字)2002-09-10演算法
- 盲打之友V2.5破解(包括註冊演算法) (11千字)2001-10-29演算法
- 加密金剛鎖V3.00註冊演算法----(上集) (7千字)2001-11-09加密演算法
- Magic convertor 2.8註冊碼演算法分析
- OCG (9千字)2015-11-15演算法
- CoolClock V1.02註冊演算法分析 ---OCG (14千字)2015-11-15演算法
- 飄雪動畫秀3.02註冊演算法分析!
(11千字)2015-11-15動畫演算法
- APISpy32 2.5的註冊 (7千字)2001-04-01API
- Flash ActionScript Tool 的註冊碼! (22千字)2001-05-04
- FolderView註冊部分的計算 (13千字)2001-05-27View
- 《TxEdit 4.6》的註冊碼破解 (11千字)2001-07-28
- Cleaner 3.2註冊分析 (18千字)2001-12-09
- LanSee 註冊演算法2015-11-15演算法
- ClockWise 3.22e註冊碼演算法分析 - OCG (17千字)2002-04-10演算法
- 〖網際營銷〗V2.4 註冊演算法分析 (11千字)2001-11-03演算法
- GSview V4.12 for Windows註冊演算法分析 -
OCG (8千字)2015-11-15ViewWindows演算法
- EZ MP3 Recorder 1.15 註冊演算法分析 (14千字)2015-11-15演算法
- 註冊你的Windows Commander 4.51 (6千字)2000-09-11Windows
- 註冊你的Windows Commander 4.52(6千字)2001-03-22Windows