DreamWaver3.0註冊流程分析 (17千字)
DreamWaver3.0註冊流程分析
作者: 夜月
E-mail:luoyi.ly@yeah.net
寫作日期:31th, August 2001
軟體背景資料
執行平臺: Win9X
檔名稱: DreamWaver.exe
程式型別: 網頁製作工具
下載地點: 未知
檔案大小: 不詳
使用的工具
Trw2000 V1.23--Win9X Debugger
Turboc V2.00--KeyGen Compiler1
Masm32 V5.00--KeyGen Compiler2
難易程度
Easy( )
Medium(X) Hard( ) Pro( )
------------------=====Declare=====------------------
未經作者同意,不得修改、引用原文,一切權利保留。
本教程只供教學用,其他一切用途皆被禁止。
------------------=====Begin=====------------------
給三個能用的DreamWaver3.0的註冊碼:
(1) DWW300-71511-95480-68658
(2) WBW300-79525-15490-68658
(3) WLW300-70814-65498-68658
由此可以看出DreamWaver的註冊碼應該滿足以下幾個基本條件:
(Str[]指向註冊碼字串)
(A) strlen(Str)=24
(B) Str[6],Str[12],Str[18]固定為“-”
(C) Str[3]――Str[7]
檢驗得知:如果為“300-7”則生成的是教學班的序列號
如果為“300-0”則生成的是完全版的序列號
(D) Str[0]――Str[2]有三個可選項。程式安裝成功後,每一個字串都可以註冊成功。但在安裝程式
需要輸入序列號時,開頭為“WBW”的序列號不能透過,會被認為是舊版的序列號。
基本條件就是如此。序列號的具體演算法比較複雜。把整段字串分成了5部分(不包括“DWW”,
“WBW”,“WLW”這一串)。具體實施過程如下:
(以第一個號碼:DWW300-71511-95480-68658為例)
NUM1 = atoi(Str[3]――Str[5]) = 300
NUM2 = atoi(Str[7]) = 7
NUM3
= atol(strcat(Str[15],Str[14],Str[21],Str[20],Str[23],Str[19],Str[22]))
= 4568865
NUM4 = atoi(strcat(Str[10],Str[17],Str[16]))
= 108
NUM5 = atoi(strcat(Str[8],Str[9],Str[11],Str[13])) = 1519
這五個號碼中,NUM3無任何限制,只要是7位數的整數就行。NUM4是由一個隨機數查表得來的一個
值,表不大,總共才15個數。也就是說,NUM4總共只有15種選擇。NUM1,NUM2固定。NUM5就是最後
用來校驗的――看根據NUM1,NUM2,NUM3,NUM4四個數算出來的值等不等於NUM5(這段計算真的很復
雜,我用A4的紙打了3張)。
具體演算法表示如下:
(num1=NUM3,num2=NUM4。寫序號產生器時圖方便去了,沒考慮到會給寫這篇文章帶來麻煩)
---------------------------------------Cut From Here------------------------------------------
edx1=num1/100000;edx2=num1/100;edx3=num1/1000000;edx4=num1/10000;
edx5=num2/100;edx6=3;edx7=30;ebx1=num2/10;edi1=num1/10;
ebp1=num1/1000;edx8=edx3+ebp1;
temp=7*(ebp1+num2)+3*(3*(edx1+ebx1+7)+edi1+edx2)+edx7+edx6+edx5+edx4+edx3+num1;
num[0]=(int) (temp-(temp/10)*10)+0x30;
temp=7*edi1+3*(edx8+3*num2+ebx1)+edx7+edx6+edx5+edx4+edx2+edx1+7+num1;
num[1]=(int) (temp-(temp/10)*10)+0x30;
temp=7*edx8+3*(3*ebx1+edx5+edx7+edx2)+edx6+edx4+edi1+edx1+num1+7+num2;
num[2]=(int) (temp-(temp/10)*10)+0x30;
temp=7*(edx6+edx2+ebx1)+3*(edx4+3*(edx7+num1)+edx3+edi1)+edx5+ebp1+edx1+7+num2;
num[3]=(int) (temp-(temp/10)*10)+0x30;
------------------------------------------Cut
End---------------------------------------------
有了這個核心演算法,相信用Tc2.0作序號產生器,應該是很簡單的事情了吧?
------------------=====KeyGen1(C)=====------------------
Tc2.0版序號產生器原碼(dw_keygen.exe):
---------------------------------------Cut
From Here------------------------------------------
main()
{
void
geneax(unsigned long num1,int num2,char *num);
unsigned long a;
int
b,c;
int table[15]={0x51,0x5c,0x6a,0x102,0x10b,0xb6,0xbb,0xc5,0xc0,
0xa2,0xa8,0x52,0x54,0x5d,0x6d};
char
sn[26]={"DWW300-7"};
char num1[7],num2[3],num3[4];
seed1: printf("Please
Input Seed1:\n");
scanf("%lu",&a);
if (a<1000000||a>=0x949d5b)
{
printf("Seed1 Must Be [1000000,9739612]");
goto seed1;
}
seed2: printf("Please
Input Seed2 (0--14 but 1,7,8):\n");
scanf("%d",&b);
if (b<0 ||
b==1 || b==7 || b==8 || b>14)
{
printf("Seed2
Muse Be 0--14 But 1,7,8!\n");
goto seed2;
}
if (b==5 || b==6 || b==7 || b==8) {sn[0]='W';sn[1]='B';}
if (b==9 || b==10) {sn[0]='W';sn[1]='L'; }
b=table[b];
b+=27;
geneax(a,b,num3);
ultoa(a,num1,10);itoa(b,num2,10);
sn[8]=num3[0];sn[9]=num3[1];sn[10]=num2[0];sn[11]=num3[2];
sn[12]='-';sn[13]=num3[3];sn[14]=num1[1];sn[15]=num1[0];
sn[16]=num2[2];sn[17]=num2[1];sn[18]='-';sn[19]=num1[5];
sn[20]=num1[3];sn[21]=num1[2];sn[22]=num1[6];sn[23]=num1[4];
printf("SN
CODE IS:\n");
printf("%s",sn);
}
void geneax(unsigned long
num1,int num2,char *num)
{
unsigned long temp,edx1,edx2,edx3,edx4,edx5,edx6,edx7,edx8,
ebx1,edi1,ebp1;
edx1=num1/100000;edx2=num1/100;edx3=num1/1000000;edx4=num1/10000;
edx5=num2/100;edx6=3;edx7=30;ebx1=num2/10;edi1=num1/10;
ebp1=num1/1000;edx8=edx3+ebp1;
temp=7*(ebp1+num2)+3*(3*(edx1+ebx1+7)+edi1+edx2)+edx7+edx6+edx5+edx4+edx3+num1;
num[0]=(int) (temp-(temp/10)*10)+0x30;
temp=7*edi1+3*(edx8+3*num2+ebx1)+edx7+edx6+edx5+edx4+edx2+edx1+7+num1;
num[1]=(int) (temp-(temp/10)*10)+0x30;
temp=7*edx8+3*(3*ebx1+edx5+edx7+edx2)+edx6+edx4+edi1+edx1+num1+7+num2;
num[2]=(int) (temp-(temp/10)*10)+0x30;
temp=7*(edx6+edx2+ebx1)+3*(edx4+3*(edx7+num1)+edx3+edi1)+edx5+ebp1+edx1+7+num2;
num[3]=(int) (temp-(temp/10)*10)+0x30;
}
------------------------------------------Cut
End---------------------------------------------
------------------=====KeyGen1(ASM)=====------------------
說實話,對這個程式而言,用Tc2.0寫序號產生器實在是很累人。那段核心演算法很長也很複雜。針對演算法
的特點,我建議大家用Masm32寫序號產生器,那樣比較方便――只要直接把在Trw2000中“U”下來的程式碼貼上到
原始檔中就行了,需要改動的地方不多。
下面就是Masm32V5版的序號產生器原始碼:
Masm32版序號產生器原始碼(dw_keygen.exe):
---------------------------------------Cut From Here------------------------------------------
.386
.model
flat,stdcall
option casemap:none
include
windows.inc
include user32.inc
include kernel32.inc
include
comctl32.inc
include comdlg32.inc
include masm32.inc
includelib
masm32.lib
includelib user32.lib
includelib
kernel32.lib
includelib comctl32.lib
includelib comdlg32.lib
DLG_MAIN
equ 100
IDGEN equ
10
Edit1 equ 11
Edit2 equ 12
_ProcDlgMain PROTO :DWORD,:DWORD,:DWORD,:DWORD
_Math PROTO :DWORD,:DWORD,:DWORD
.data?
EDX1
DD ?
EDX2
DD ?
EDX3 DD
?
EDX4 DD
?
EDX5 DD
?
EDX6 DD ?
EDX7 DD ?
EDX8 DD ?
EAX1
DD ?
EBP1
DD ?
EDI1
DD ?
EBX1
DD ?
.data
szMess db "Seed Must
Be [1000000,9000000]!",0
szCaption db
"Error!"
hInstance dd ?
Number
dd ?
Num1
db 7 dup(?),0
Num2
db 4 dup(?),0
snString1
db 4 dup(?),0
snString2
db 5 dup(?),0
snString3
db 5 dup(?),0
snString
db "DWW300-7%s-%s-%s",0
sn
db 24 dup(?),0
ddEbp
dd ?
.code
_Math
proc N1,N2,N3 ;這個過程就是貼上過來的,很長吧?
MOV
ECX,N1
MOV
EAX,14F8B589H
IMUL ECX
SAR EDX,0DH
MOV
EAX,EDX
PUSH EBX
SHR EAX,1FH
PUSH
EBP
ADD EDX,EAX
PUSH ESI
MOV
ESI,N3
MOV
EAX,66666667H
MOV
EDX1,EDX
IMUL ESI
SAR EDX,02H
MOV
EAX,EDX
PUSH EDI
SHR EAX,1FH
ADD
EDX,EAX
MOV EAX,51EB851FH
MOV EBX,EDX
IMUL ECX
SAR
EDX,05H
MOV EAX,EDX
MOV EBX1,EBX
SHR EAX,1FH
ADD
EDX,EAX
MOV EAX,66666667H
MOV EDX2,EDX
IMUL ECX
SAR
EDX,02H
MOV EAX,EDX
SHR EAX,1FH
ADD EDX,EAX
MOV
EAX,10624DD3H
MOV
EDI,EDX
IMUL ECX
SAR EDX,06H
MOV
EAX,EDX
MOV EDI1,EDI
SHR EAX,1FH
ADD EDX,EAX
MOV
EAX,431BDE83H
MOV
EBP,EDX
IMUL ECX
SAR EDX,12H
MOV
EAX,EDX
MOV EBP1,EBP
SHR EAX,1FH
ADD EDX,EAX
MOV
EAX,68DB8BADH
MOV
EDX3,EDX
IMUL ECX
SAR EDX,0CH
MOV
EAX,EDX
SHR EAX,1FH
ADD EDX,EAX
MOV EAX,51EB851FH
MOV
EDX4,EDX
IMUL ESI
SAR EDX,05H
MOV
EAX,EDX
SHR EAX,1FH
ADD EDX,EAX
MOV EAX,51EB851FH
MOV
EDX5,EDX
MOV
EDX,300
IMUL EDX
SAR EDX,05H
MOV
EAX,EDX
SHR EAX,1FH
ADD EDX,EAX
MOV EAX,66666667H
MOV
EDX6,EDX
MOV
EDX,300
IMUL EDX
SAR EDX,02H
MOV
EAX,EDX
SHR EAX,1FH
ADD EDX,EAX
MOV EDX7,EDX
MOV
EDX,EDX3
ADD
EDX,EBP
MOV EAX,EDX1
MOV EDX8,EDX
MOV EDX,7H
ADD EAX,EBX
ADD
EAX,EDX
ADD EBP,ESI
LEA EDX,[EDI+EAX*2]
ADD EAX,EDX
MOV
EDX,EDX2
ADD
EAX,EDX
MOV EDX,EDX7
MOV EAX1,EAX
ADD
EDX,EAX
LEA EAX,[EBP*8+00]
SUB EAX,EBP
MOV EBP,EAX1
LEA
EDX,[EDX+EBP*2]
MOV
EBP,EDX5
ADD EAX,EDX
MOV EDX,EDX6
ADD EAX,EDX
MOV
EDX,EDX4
ADD
EAX,EBP
MOV EBP,EDX3
ADD EAX,EDX
ADD
EAX,EBP
MOV
EBP,0AH
ADD
EAX,ECX
CDQ
IDIV EBP
MOV
EAX,EDX8
LEA
EAX,[EAX+ESI*2]
LEA EBP,[EDX+EDX*4]
MOV EDX,ESI
ADD EDX,EAX
MOV
EAX,EDX7
ADD
EDX,EBX
LEA EBX,[EDX+EAX]
LEA EAX,[EDI*8+00]
SUB EAX,EDI
MOV
EDI,EDX5
LEA
EDX,[EBX+EDX*2]
MOV EBX,EDX6
ADD EAX,EDX
MOV EDX,EDX4
ADD
EAX,EBX
MOV EBX,0AH
ADD EAX,EDI
MOV EDI,EDX2
ADD
EAX,EDX
MOV EDX,EDX1
ADD EAX,EDI
ADD EAX,EDX
MOV
EDX,7H
ADD EAX,ECX
ADD EAX,EDX
CDQ
IDIV
EBX
LEA EAX,[EDX+EBP*2]
MOV EDX,EBX1
LEA EBX,[EAX+EAX*4]
MOV
EAX,EDX7
LEA
EAX,[EAX+EDX*2]
ADD EDX,EAX
MOV EAX,EDX5
ADD EDX,EAX
MOV
EAX,EDX6
ADD
EDX,EDI
MOV EDI,EDX8
LEA EBP,[EDX+EAX]
LEA
EAX,[EDI*8+00]
SUB
EAX,EDI
MOV EDI,EDI1
LEA EDX,[EBP+EDX*2+00]
MOV EBP,EDX4
ADD
EAX,EDX
ADD EAX,EBP
ADD EAX,EDI
MOV EDI,EDX1
ADD
EAX,EDI
ADD EAX,ECX
MOV EDX,7
MOV EBP,0AH
ADD
EAX,EDX
ADD EAX,ESI
CDQ
IDIV
EBP
MOV EBP,EDX3
LEA EAX,[EDX+EBX*2]
MOV EDX,EDX4
LEA
EBX,[EAX+EAX*4]
MOV
EAX,EDX7
ADD ECX,EAX
LEA EAX,[EDX+ECX*2]
MOV EDX,EDI1
ADD
ECX,EAX
MOV EAX,EDX6
ADD ECX,EBP
ADD ECX,EDX
MOV
EDX,EDX5
LEA
EBP,[ECX+EDX]
MOV EDX,EDX2
ADD EDX,EAX
MOV EAX,EBX1
ADD
EDX,EAX
LEA ECX,[EBP+ECX*2+00]
LEA EAX,[EDX*8+00]
SUB EAX,EDX
MOV
EDX,7
ADD EAX,ECX
MOV ECX,EBP1
ADD EAX,ECX
MOV
ECX,0AH
ADD EAX,EDI
POP EDI
ADD EAX,EDX
ADD
EAX,ESI
POP ESI
CDQ
IDIV
ECX
POP EBP
LEA EAX,[EDX+EBX*2]
POP EBX
RET
_Math endp
_ProcDlgMain proc uses ebx edi
esi edx ecx,hWnd:DWORD,wMsg:DWORD,wParam:DWORD,lParam:DWORD
mov eax,wMsg
.if
eax==WM_CLOSE
invoke EndDialog,hWnd,NULL
.elseif eax==WM_COMMAND
mov eax,wParam
and eax,0ffffh
.if
eax==IDGEN
invoke GetDlgItemText, hWnd,Edit1,offset Num1,8
invoke atodw,offset Num1
.if eax<1000000 || eax>9000000
invoke MessageBox,hWnd,offset szMess,offset
szCaption,MB_ICONSTOP
ret
.endif
mov ecx,eax
mov eax,7
mov
edx,108
invoke _Math,ecx,eax,edx
mov
Number,eax
invoke dwtoa,Number,offset Num2
mov
al,[Num1]
mov [snString2+2],al
mov
al,[Num1+1]
mov [snString2+1],al
mov
al,[Num1+2]
mov [snString3+2],al
mov
al,[Num1+3]
mov [snString3+1],al
mov
al,[Num1+4]
mov [snString3+4],al
mov
al,[Num1+5]
mov [snString3],al
mov
al,[Num1+6]
mov [snString3+3],al
mov
al,[Num2]
mov [snString1],al
mov
al,[Num2+1]
mov [snString1+1],al
mov
al,[Num2+2]
mov [snString1+3],al
mov
al,[Num2+3]
mov [snString2],al
mov
[snString1+2],'1'
mov [snString2+3],'8'
mov
[snString2+4],'0'
invoke wsprintf,offset sn,offset snString,offset
snString1,offset snString2,offset snString3
invoke SetDlgItemText,hWnd,Edit2,offset
sn
mov eax,FALSE
ret
.elseif eax==IDCLOSE
invoke EndDialog,hWnd,NULL
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain endp
start:
invoke InitCommonControls
invoke
GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,DLG_MAIN,NULL,offset
_ProcDlgMain,0
invoke ExitProcess,NULL
end start
end
------------------------------------------Cut
End---------------------------------------------
資原始檔原始碼(rsrc.rc):
---------------------------------------Cut From Here------------------------------------------
#include <Resource.h>
#define
IDGEN 10
#define
DLG_MAIN 100
#define
EDIT1 11
#define
EDIT2 12
DLG_MAIN DIALOGEX
100,150,250,60
STYLE DS_MODALFRAME|WS_POPUP|WS_VISIBLE|WS_CAPTION|WS_SYSMENU|WS_THICKFRAME
CAPTION "DreamWaver3.0 sn-generater
By robotow"
FONT 9,"宋體"
BEGIN
CONTROL "SEED:",-1,"Static",SS_LEFT,10,13,40,17
CONTROL "SN:" ,-2,"Static",SS_CENTER,10,40,20,17
CONTROL "" ,11,"Edit",ES_LEFT,30,13,150,10
CONTROL "" ,12,"Edit",ES_LEFT,30,40,150,10
CONTROL "GENERATE",IDGEN,"BUTTON",BS_PUSHBUTTON,200,11,40,15
CONTROL "EXIT",IDCLOSE,"BUTTON",BS_PUSHBUTTON,200,36,41,14
END
-------------------------------------------Cut End---------------------------------------------
批處理編譯檔案(makefile.bat):
---------------------------------------Cut
From Here------------------------------------------
@echo off
set include=d:\masm32\include
set lib=d:\masm32\lib
set path=d:\masm32\bin
if not exist
rsrc.rc goto over1
d:\masm32\bin\rc /v rsrc.rc
d:\masm32\bin\cvtres
/machine:ix86 rsrc.res
:over1
if exist dw_keygen.obj del dw_keygen.obj
if exist dw_keygen.exe del dw_keygen.exe
d:\masm32\bin\ml /c /coff
dw_keygen.asm
if errorlevel 1 goto errasm
if not exist rsrc.obj
goto nores
d:\masm32\bin\Link /SUBSYSTEM:WINDOWS dw_keygen.obj rsrc.obj
if errorlevel 1 goto errlink
goto TheEnd
:nores
d:\masm32\bin\Link /SUBSYSTEM:WINDOWS dw_keygen.obj
if errorlevel 1
goto errlink
goto TheEnd
:errlink
echo _
echo Lin
相關文章
- nacos註冊中心原始碼流程分析2020-12-23原始碼
- containerd 原始碼分析:啟動註冊流程2024-05-21AI原始碼
- IJCNN註冊流程2020-05-11CNN
- Nacos(一)原始碼分析Nacos註冊示例流程2020-12-26原始碼
- Camera subdev註冊流程2024-03-29dev
- 柬埔寨公司註冊流程2021-11-24
- 小程式生命週期分析與註冊流程回撥2019-03-04
- spring-IOC容器原始碼分析(二)BeanDefinition註冊流程2018-11-19Spring原始碼Bean
- Chatgpt註冊全流程教程2022-12-07ChatGPT
- Nacos(二)原始碼分析Nacos服務端註冊示例流程2021-01-18原始碼服務端
- 微信小程式註冊流程2018-04-23微信小程式
- IMS註冊流程的解讀2024-12-08
- ShadowDefender 註冊碼 分析2024-08-17
- 【原始碼分析】XXL-JOB的執行器的註冊流程2023-04-22原始碼
- SpringCloud元件 & 原始碼剖析:Eureka服務註冊方式流程全面分析2019-03-04SpringGCCloud元件原始碼
- 5G核心網之UE初始註冊關鍵流程分析2024-11-02
- Midjourney 註冊 12 步流程教學2023-05-02
- 薩爾瓦多公司註冊流程?2022-01-10
- 域名註冊流程有哪些?域名註冊需要哪些材料?(中科三方)2023-03-10
- [譯] 學習 Spring Security(三):註冊流程2019-03-04Spring
- 註冊驗證流程有哪些方式呢2021-01-13
- EmEditor 24.4.1 離線註冊分析2024-11-09
- 需求分析案例 - “自動註冊”功能2020-11-02
- Dubbo 中 Zookeeper 註冊中心原理分析2023-02-02
- 公司寶商標註冊|你想擁有自己的商標嗎?商標註冊流程解析2021-10-14
- BeanDefinition註冊流程、spring 擴充套件點一(NamespaceHandler)2019-03-26BeanSpring套件namespace
- python logging模組註冊流程(以logging.config.dictConfig流程為例)2018-05-27Python
- @angular/router 原始碼分析之註冊路由2018-07-10Angular原始碼路由
- Netty原始碼分析--Channel註冊(中)(六)2019-07-02Netty原始碼
- Netty原始碼分析--Channel註冊(上)(五)2019-07-02Netty原始碼
- AllenExplorer v6.8 離線註冊分析2024-12-07
- Flutter在Android端註冊外掛流程原始碼解析2019-09-06FlutterAndroid原始碼
- Spring Cloud Eureka原始碼分析之服務註冊的流程與資料儲存設計!2021-12-14SpringCloud原始碼
- 千字分享|自然語言分析NLA2022-05-30
- 【Java】NIO中Channel的註冊原始碼分析2019-05-17Java原始碼
- Nacos 服務註冊與發現原理分析2022-12-08
- SpringCloud-eureka服務註冊發現以及消費流程2024-07-21SpringGCCloud
- 阿聯酋哈伊馬角公司註冊申請流程2021-12-03
- 跟著李華,學會註冊流程只要五分鐘!2022-03-16