關於UltraEdit32 v8.1的註冊校驗(PJ手記).高手免看! (14千字)
軟體: UltraEdit32 v8.10
下載: 隨處可下.
工具: SoftIce 4.05,W32Dasm.
此軟體的用途可不用我多說了吧! 網上也有很多它的序號產生器,新手可用它來練練手,呵呵! 今次主要來
看看它的註冊校驗.它的註冊碼經過加密後放在安裝路徑下的Uedit32.reg檔案裡,注意這不是登錄檔檔案.
程式在每次起動,執行時和關閉時檢測註冊碼的正確性.下:bpx createfilea do "d *(esp+4)"就可以攔截
到它讀這個檔案,回到程式的領空後再經readfile後就可見到你的經過加密後的註冊碼,經過解密運算後,
再按N次F10就來到如下的程式段:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414927(C)
|
:0041483A 8B45F8
mov eax, dword ptr [ebp-08]
:0041483D 8D740DB0 lea
esi, dword ptr [ebp+ecx-50]
:00414841 03C6
add eax, esi
:00414843 83F83C
cmp eax, 0000003C
:00414846 7D42
jge 0041488A
:00414848 8BC1
mov eax, ecx
* Possible Reference to String Resource ID=00004: "*.MAC"
|
:0041484A 6A04
push 00000004
:0041484C 99
cdq
:0041484D 5F
pop edi
:0041484E F7FF
idiv edi
:00414850 8BC1
mov eax, ecx
* Possible Reference to String Resource ID=00032: "
Any changes will be lost and the file deleted!"
|
:00414852 6A20
push 00000020
:00414854 5B
pop ebx
* Possible Reference to String Resource ID=00059: "Select File to Compare"
|
:00414855 6A3B
push 0000003B
:00414857 8BFA
mov edi, edx
:00414859 99
cdq
:0041485A F7FB
idiv ebx
:0041485C 8BC2
mov eax, edx
:0041485E 99
cdq
:0041485F 2BC2
sub eax, edx
:00414861 8B14BD9C225000 mov edx, dword ptr
[4*edi+0050229C]
:00414868 D1F8
sar eax, 1
:0041486A 5F
pop edi
:0041486B 0FB60402 movzx
eax, byte ptr [edx+eax]
:0041486F 8AD1
mov dl, cl
:00414871 0255FC
add dl, byte ptr [ebp-04]
:00414874 0FB6D2
movzx edx, dl
:00414877 33C2
xor eax, edx
:00414879 99
cdq
:0041487A F7FF
idiv edi
:0041487C 8B7D10
mov edi, dword ptr [ebp+10]
:0041487F 8A4415B0 mov
al, byte ptr [ebp+edx-50]
:00414883 02C1
add al, cl
:00414885 324601
xor al, byte ptr [esi+01]
:00414888 8806
mov byte ptr [esi], al
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414846(C)
|
:0041488A 83FF3C
cmp edi, 0000003C
:0041488D 7D71
jge 00414900
:0041488F 8BC1
mov eax, ecx
* Possible Reference to String Resource ID=00005: "ULTRAEDT.MAC"
|
:00414891 6A05
push 00000005
:00414893 99
cdq
:00414894 5B
pop ebx
:00414895 F7FB
idiv ebx
:00414897 8BDA
mov ebx, edx
:00414899 85DB
test ebx, ebx
:0041489B 895DF0
mov dword ptr [ebp-10], ebx
:0041489E 740A
je 004148AA
:004148A0 83FB02
cmp ebx, 00000002
:004148A3 7405
je 004148AA
:004148A5 83FB04
cmp ebx, 00000004
:004148A8 751A
jne 004148C4
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0041489E(C), :004148A3(C)
|
:004148AA 0FB606
movzx eax, byte ptr [esi]
* Possible Reference to String Resource ID=00026: "Run Windows Program"
|
:004148AD 6A1A
push 0000001A
:004148AF 99
cdq
:004148B0 5B
pop ebx
:004148B1 F7FB
idiv ebx
:004148B3 8B5DF0
mov ebx, dword ptr [ebp-10]
:004148B6 80C241
add dl, 41
:004148B9 88943D30FFFFFF mov byte ptr [ebp+edi-000000D0],
dl
:004148C0 47
inc edi
:004148C1 897D10
mov dword ptr [ebp+10], edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004148A8(C)
|
:004148C4 83FF3C
cmp edi, 0000003C
:004148C7 7D37
jge 00414900
:004148C9 83FB01
cmp ebx, 00000001
:004148CC 7405
je 004148D3
:004148CE 83FB03
cmp ebx, 00000003
:004148D1 7517
jne 004148EA
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004148CC(C)
|
:004148D3 0FB606
movzx eax, byte ptr [esi]
* Possible Reference to String Resource ID=00010: "
Thank you for supporting Shareware."
|
:004148D6 6A0A
push 0000000A
:004148D8 99
cdq
:004148D9 5E
pop esi
:004148DA F7FE
idiv esi
:004148DC 80C230
add dl, 30
:004148DF 88943D30FFFFFF mov byte ptr [ebp+edi-000000D0],
dl-->計算所得的註冊碼.
:004148E6 47
inc edi
:004148E7 897D10
mov dword ptr [ebp+10], edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004148D1(C)
|
:004148EA 83FF3C
cmp edi, 0000003C
:004148ED 7D11
jge 00414900
:004148EF 83FB04
cmp ebx, 00000004-->檢查是否每組註冊碼的第5位.
:004148F2 750C
jne 00414900
:004148F4 C6843D30FFFFFF2D mov byte ptr [ebp+edi-000000D0],
2D-->蓬5後面插"-".
:004148FC 47
inc edi
:004148FD 897D10
mov dword ptr [ebp+10], edi
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0041488D(C), :004148C7(C), :004148ED(C), :004148F2(C)
|
:00414900 85C9
test ecx, ecx
:00414902 7E1F
jle 00414923
:00414904 3B4DF4
cmp ecx, dword ptr [ebp-0C]
:00414907 7D1A
jge 00414923
:00414909 3B7DF4
cmp edi, dword ptr [ebp-0C]
:0041490C 7D15
jge 00414923
:0041490E 8B4508
mov eax, dword ptr [ebp+08]
:00414911 0FBE5401FF movsx edx,
byte ptr [ecx+eax-01]
:00414916 0FBE0407 movsx
eax, byte ptr [edi+eax]
:0041491A 0FAFD0
imul edx, eax
:0041491D 011554C85000 add dword ptr
[0050C854], edx
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00414902(C), :00414907(C), :0041490C(C)
|
:00414923 41
inc ecx
:00414924 83F93C
cmp ecx, 0000003C----->檢查是否夠60位?
:00414927 0F8C0DFFFFFF jl 0041483A
:0041492D 33D2
xor edx, edx
上面的這段演算法就是註冊碼的演算法,程式的演算法也不算是很複雜,有興趣可以研究上面的演算法,它主要是用
用註冊名的ASC碼和與0-----3C(前面幾位是用註冊名代替)之間的ASC碼值再加上查表作數學運算,每算一位
得一位註冊碼,名字>=6個,註冊碼>15個(後面可見到),註冊碼形式:AAAAA-BBBBB-XXXXX-YYYYY.
* Possible Reference to String Resource ID=00006: "Load Macro"
|
:0041498A 6A06
push 00000006
:0041498C 8065BF00 and
byte ptr [ebp-41], 00
:00414990 80A547FFFFFF00 and byte ptr [ebp+FFFFFF47],
00--->此處選定所需的註冊碼位數.
:00414997 59
pop ecx
:00414998 8D8570FFFFFF lea eax, dword
ptr [ebp+FFFFFF70]
:0041499E 50
push eax
:0041499F 8DBD70FFFFFF lea edi, dword
ptr [ebp+FFFFFF70]--->此處要放的就是假註冊碼.
:004149A5 FF750C
push [ebp+0C]
:004149A8 C68537FFFFFF30 mov byte ptr [ebp+FFFFFF37],
30--->真碼第8位置為0;
:004149AF F3
repz
:004149B0 A5
movsd
:004149B1 80658700 and
byte ptr [ebp-79], 00
:004149B5 C68577FFFFFF30 mov byte ptr [ebp+FFFFFF77],
30--->假碼第8位置為0.
:004149BC C6857CFFFFFF30 mov byte ptr [ebp+FFFFFF7C],
30--->假碼第13位置為0.
:004149C3 C6458630 mov
[ebp-7A], 30------------------>假碼最後一位置為0.
:004149C7 C6853CFFFFFF30 mov byte ptr [ebp+FFFFFF3C],
30--->真碼第13位置為0.
:004149CE C68546FFFFFF30 mov byte ptr [ebp+FFFFFF46],
30--->真碼最後一位置為0.
:004149D5 E8E65A0800 call 0049A4C0
:004149DA 59
pop ecx
:004149DB 59
pop ecx
:004149DC 5E
pop esi
:004149DD 85C0
test eax, eax
:004149DF 7523
jne 00414A04
:004149E1 8D8570FFFFFF lea eax, dword
ptr [ebp+FFFFFF70]
:004149E7 50
push eax
:004149E8 FF750C
push [ebp+0C]
:004149EB E8D05A0800 call 0049A4C0
:004149F0 59
pop ecx
:004149F1 85C0
test eax, eax
:004149F3 59
pop ecx
:004149F4 7554
jne 00414A4A
:004149F6 FF750C
push [ebp+0C]
:004149F9 E8B2430800 call 00498DB0
:004149FE 83F80C
cmp eax, 0000000C
:00414A01 59
pop ecx
:00414A02 7446
je 00414A4A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004149DF(C)
|
:00414A04 8D45B0
lea eax, dword ptr [ebp-50]
:00414A07 50
push eax
:00414A08 8D8570FFFFFF lea eax, dword
ptr [ebp+FFFFFF70]
:00414A0E 50
push eax
:00414A0F E8AC5A0800 call 0049A4C0
:00414A14 59
pop ecx
:00414A15 85C0
test eax, eax
:00414A17 59
pop ecx
:00414A18 7429
je 00414A43
:00414A1A 8D8530FFFFFF lea eax, dword
ptr [ebp+FFFFFF30]
:00414A20 50
push eax
:00414A21 8D8570FFFFFF lea eax, dword
ptr [ebp+FFFFFF70]
:00414A27 50
push eax
:00414A28 E8935A0800 call 0049A4C0----->此CALL為真假碼相比較.
:00414A2D 59
pop ecx
:00414A2E 85C0
test eax, eax----->註冊碼相等則EAX==0.
:00414A30 59
pop ecx
:00414A31 7410
je 00414A43
:00414A33 C70558C8500001000000 mov dword ptr [0050C858], 00000001---->未註冊標誌.
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0041479C(C), :004147A5(C), :004147BD(C)
|
:00414A3D 33C0
xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414A4D(U)
|
:00414A3F 5F
pop edi
:00414A40 5B
pop ebx
:00414A41 C9
leave
:00414A42 C3
ret
注意上面這段程式碼,它選擇要比較的註冊碼,此處只比較20位,就是第8,13和最後一位不作比較,形式如下:
A A A
A A - B B B B B - X X X X X - Y Y Y Y Y
|_________|___________________|
這三位不作比較.
如果你到此處就收工大吉了的話,那麼恭喜你了! ^O^ 下次起動後它不會叫你註冊了,但是它在關閉的時候會
會把的你的Uedit32.reg給刪掉,再下次的話,你又得.......! 呵呵!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046D830(C)
|
:0046D839 66813D28535100D007 cmp word ptr [00515328], 07D0
:0046D842 0F8656010000 jbe 0046D99E
:0046D848 66833D2A53510001 cmp word ptr [0051532A],
0001
:0046D850 0F8648010000 jbe 0046D99E
:0046D856 6854C75000 push 0050C754
:0046D85B 8D4DE4
lea ecx, dword ptr [ebp-1C]
:0046D85E E8E83E0400 call 004B174B
:0046D863 FF75E4
push [ebp-1C]
:0046D866 895DFC
mov dword ptr [ebp-04], ebx
:0046D869 E842B50200 call 00498DB0
:0046D86E A154C85000 mov eax,
dword ptr [0050C854]
:0046D873 FF3548C75000 push dword ptr
[0050C748]
:0046D879 8945F0
mov dword ptr [ebp-10], eax
:0046D87C E82FB50200 call 00498DB0
:0046D881 59
pop ecx
:0046D882 83F80F
cmp eax, 0000000F----------->檢查註冊碼的位數(>=15).
:0046D885 59
pop ecx
:0046D886 0F8206010000 jb 0046D992
:0046D88C 391DB4525100 cmp dword ptr
[005152B4], ebx--->此處為註冊標誌.
:0046D892 0F85FA000000 jne 0046D992
:0046D898 391DB8525100 cmp dword ptr
[005152B8], ebx
:0046D89E 0F84EE000000 je 0046D992
:0046D8A4 0FB645F0 movzx
eax, byte ptr [ebp-10]---->計算引數(4D).
* Possible Reference to String Resource ID=00025: "Dos Command"
|
:0046D8A8 6A19
push 00000019
:0046D8AA 8B3D48C75000 mov edi, dword
ptr [0050C748]
:0046D8B0 99
cdq
:0046D8B1 59
pop ecx
:0046D8B2 F7F9
idiv ecx
:0046D8B4 0FBE4716 movsx
eax, byte ptr [edi+16]-->註冊碼最後一位.
:0046D8B8 83C241
add edx, 00000041
:0046D8BB 3BC2
cmp eax, edx
:0046D8BD 7530
jne 0046D8EF
:0046D8BF 0FB645F0 movzx
eax, byte ptr [ebp-10]
* Possible Reference to String Resource ID=00009: "
This copy of UltraEdit-32 is licensed to :"
|
:0046D8C3 6A09
push 00000009
:0046D8C5 99
cdq
:0046D8C6 59
pop ecx
:0046D8C7 F7F9
idiv ecx
:0046D8C9 0FBE4707 movsx
eax, byte ptr [edi+07]-->註冊碼第8位.
:0046D8CD 83C230
add edx, 00000030
:0046D8D0 3BC2
cmp eax, edx
:0046D8D2 751B
jne 0046D8EF
:0046D8D4 0FB645F0 movzx
eax, byte ptr [ebp-10]
:0046D8D8 8A4F0C
mov cl, byte ptr [edi+0C]------>註冊碼第13位.
* Possible Reference to String Resource ID=00013: "Mod: "
|
:0046D8DB 6A0D
push 0000000D
:0046D8DD 99
cdq
:0046D8DE 5F
pop edi
:0046D8DF F7FF
idiv edi
:0046D8E1 0FBEC1
movsx eax, cl
:0046D8E4 83C241
add edx, 00000041
:0046D8E7 3BC2
cmp eax, edx
:0046D8E9 0F84A3000000 je 0046D992--------------->這是最後一次機會了!!!
上面的程式碼則為程式在關閉時最後一次檢測註冊碼,如不等,則幹掉你的Uedit32.reg檔案,使你又變成未
註冊版本,實際上也是它比較起動時沒檢查的三位註冊碼,利用計算引數D(44)分別除以Ox19,Ox9,OxD的餘數
再加上30或41所得的值來作為註冊碼.如何才能在程式關閉時中斷得到上面的程式碼? 呵呵,見到上面的註冊
標誌了麼? 用它設斷就行了.Good Luck!!!
相關文章
- 關於谷歌賬號註冊手機號無法驗證的解決方法2020-11-21谷歌
- 《ICONSCAN 2.4》註冊碼破解 高手莫入! (3千字)2001-05-06
- 《MAGICWIN RELEASE 1.2》註冊碼破解 高手莫入! (2千字)2001-05-07
- 《 ACDSEE 2.3 》的另類註冊碼破解 高手請看最後的問題(謝了)!!! (5千字)2001-05-26
- UltraEdit32 v10找註冊碼+去暗樁2015-11-15
- S-DEMO2 註冊分析 (14千字)2002-06-25
- 《EASY MP3 2.2》的註冊碼破解 高手莫入! (2千字)2001-05-05
- FolderView 1.7
註冊演算法分析 (14千字)2015-11-15View演算法
- 某電子書註冊破解實錄,高手莫入。 (6千字)2002-10-05
- **********.exe註冊碼演算法分析--高手莫笑 (31千字)2015-11-15演算法
- Nktools(手機工具箱)註冊碼計算處,請高手指點~~~~ (15千字)2001-03-06
- Active Ebook Compiler的註冊演算法 (14千字)2001-05-09Compile演算法
- 《OFFLINE EXPLORER 1.0》的註冊碼破解 高手莫入!! (2千字)2001-05-18
- 請教關於DremEdit2.28如何算註冊碼? (3千字)2000-07-13REM
- 用mvp模式實現登入註冊的統一校驗2016-11-21MVP模式
- 破解音樂賀卡廠4.04,註冊碼也可用於4.10,高手勿進 (1千字)2001-08-14
- 關於Listener動態註冊2013-07-25
- 初學者請進,看far.exe的註冊碼! (7千字)2001-04-24
- 原始碼分析 — Activity的清單註冊校驗及動態注入2018-03-20原始碼
- 異想天開的打狗記錄(高手免進) (12千字)2002-07-17
- 入門習作2:HOSTMONITOR 1.31 執行自校驗及註冊破解過程 (11千字)2001-06-27
- 關於模組裡面的註冊中心2020-11-08
- HEdit 2.0 的註冊破解過程 <<-------可能過時了高手末入
(8千字)2001-02-23
- 3D GIF Designer v2.21 pj手記 (3千字)2015-11-153D
- 猜數記---BCWIPE註冊半破解 (25千字)2001-04-02
- 手記系列之四 ----- 關於使用MySql的經驗2023-04-30MySql
- SMailserver2.5註冊碼的破解手記 (1千字)2001-03-01AIServer
- 財智證券結算軟體2.5 破解註冊碼分析!使用ollydbg 破解註冊動畫!高手莫入! (1千字)2001-11-20動畫
- estiprojm 註冊 (12千字)2001-11-08
- 踩坑筆記【1】關於spring requestbody校驗使用@Valid無法校驗list等collections2021-09-27筆記Spring
- 調酒師 CollegeBar V8.1 註冊演算法分析 - VB62003-07-17演算法
- 關於協議首部校驗和的問題2016-06-17協議
- banq,關於你那註冊程式的問題2002-11-02
- Nok2phone的註冊演算法與網路校驗解除---VB程式關鍵處的快速定位2015-11-15演算法
- PC Security 5.1自動註冊(莫名其妙)~~~~~~~~~~~~~ (14千字)2002-01-20
- CoolClock V1.02註冊演算法分析 ---OCG (14千字)2015-11-15演算法
- django專案基於鉤子驗證的註冊功能2019-08-16Django
- Sqlserver關於校驗和_備份還原的CHECKSUM2021-03-18SQLServer