Windows系統切換工具 演算法分析+序號產生器
下載地址: http://www4.skycn.com/soft/8306.html
Windows系統切換工具 V1.09.1208
軟體大小: 1312 KB
軟體語言: 簡體中文
軟體類別: 國產軟體 / 共享版 / 系統其它
應用平臺: Win9x/NT/2000/XP
介面預覽:
加入時間: 2002-12-10 10:07:34
下載次數: 11796
推薦等級:
線上註冊: 點選這裡成為正版使用者==>
聯 系 人: easunlee@21cn.com
開 發 商: http://easunlee.diy.163.com/
軟體介紹:
Easun Studio Windows 系統切換工具是是安裝多Windows系統的使用者的福音。不知道您是否有這種體會,為了工作需要,安裝了多個Windows(比如中文Win98、英文Win98及Win2000),可是切換起來卻太是困難,Windows 2000 還提供了啟動選單,而多Win95/98/Me根本上就沒有這種選單供您選擇,就只有自己在DOS下用批處理進行切換。網上進行多系統切換的工具也可謂多也,但是幾乎都是用自己的模組替換BOOT區來完成的,而且都是在DOS(字元介面)下進行切換選擇,既麻煩有不安全,而且介面操作複雜,那能不能有一種介面友好,安全,方便在Windows介面下進行操作的系統切換工具呢?路楊就是本著這個原因開發這個軟體的,該軟體介面大方美觀,操作上手,不用自身模組覆蓋BOOT區,安全可靠,工作在Windows95/98/Me/2000/Xp 環境下,讓您徹底拋開DOS介面和字元介面!另外,本軟體還有設定系統和恢復IE設定的功能,當然,這就是附加功能了。
=========================================================================================
前兩天我的機子上boot.ini被我搞得一團糟,下了這個東東來整理一下,順便把它破了,挺簡單的,現在這樣的很難找了。
先檢查,AsPack的殼,脫了,是我最喜歡的VC :D ,很容易找到下面:
:0040715B 50 push eax
* Possible StringData Ref from Data Obj ->"%s"
|
:0040715C 68A4A24100 push 0041A2A4
:00407161 51 push ecx
* Reference To: MFC42.Ordinal:0B02, Ord:0B02h
|
:00407162 E8B5970000 Call 0041091C ;這個CALL是GetWindowText(MFC寫的東東用IDA很容易明白)
:00407167 8B542420 mov edx, dword ptr [esp+20]
:0040716B 83C40C add esp, 0000000C
:0040716E 8B42F8 mov eax, dword ptr [edx-08]
:00407171 85C0 test eax, eax ;使用者名稱長度不能為0
:00407173 750E jne 00407183
..........
:004071AA 50 push eax
* Possible StringData Ref from Data Obj ->"%s"
|
:004071AB 68A4A24100 push 0041A2A4
:004071B0 51 push ecx
* Reference To: MFC42.Ordinal:0B02, Ord:0B02h
|
:004071B1 E866970000 Call 0041091C ;GetWindowText,得到註冊名
:004071B6 8B4C241C mov ecx, dword ptr [esp+1C]
:004071BA BB03000000 mov ebx, 00000003 ;EBX=3
:004071BF 83C40C add esp, 0000000C
:004071C2 8B41F8 mov eax, dword ptr [ecx-08]
:004071C5 3BC3 cmp eax, ebx
:004071C7 7D0E jge 004071D7 ;註冊名長度必須大於等於3
:004071C9 6AFF push FFFFFFFF
:004071CB 6A00 push 00000000
:004071CD 6833F00000 push 0000F033
:004071D2 E997020000 jmp 0040746E ;不然就有你好看
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004071C7(C)
|
* Reference To: MSVCRT._mbsicmp, Ord:015Fh
|
:004071D7 8B3580444100 mov esi, dword ptr [00414480]
* Possible StringData Ref from Data Obj ->"白山破解網" ;黑名單
|
:004071DD 6898A64100 push 0041A698
:004071E2 51 push ecx
:004071E3 FFD6 call esi
:004071E5 83C408 add esp, 00000008
:004071E8 85C0 test eax, eax
:004071EA 0F8475020000 je 00407465
:004071F0 8B542410 mov edx, dword ptr [esp+10]
* Possible StringData Ref from Data Obj ->"Zhenlong[BCG]" ;BCG的一位老兄進黑名單了:D
|
:004071F4 6888A64100 push 0041A688
:004071F9 52 push edx
:004071FA FFD6 call esi
:004071FC 83C408 add esp, 00000008
:004071FF 85C0 test eax, eax
:00407201 0F845E020000 je 00407465
:00407207 6A01 push 00000001
:00407209 6A00 push 00000000
:0040720B 6874040000 push 00000474
:00407210 8BCD mov ecx, ebp
* Reference To: MFC42.Ordinal:0C17, Ord:0C17h
|
:00407212 E811970000 Call 00410928
:00407217 8BF0 mov esi, eax
:00407219 8D442410 lea eax, dword ptr [esp+10]
:0040721D 56 push esi
:0040721E 51 push ecx
:0040721F 8BCC mov ecx, esp
:00407221 89642420 mov dword ptr [esp+20], esp
:00407225 50 push eax
* Reference To: MFC42.Ordinal:0217, Ord:0217h
|
:00407226 E847980000 Call 00410A72
:0040722B 8BCD mov ecx, ebp
:0040722D E80E030000 call 00407540 ;這個CALL有鬼
:00407232 85C0 test eax, eax
:00407234 0F842B020000 je 00407465 ;關鍵跳轉,跳下去就OVER
跟進上面CALL:
* Referenced by a CALL at Address:
|:0040722D
|
:00407540 6AFF push FFFFFFFF
:00407542 68581D4100 push 00411D58
:00407547 64A100000000 mov eax, dword ptr fs:[00000000]
:0040754D 50 push eax
:0040754E 64892500000000 mov dword ptr fs:[00000000], esp
:00407555 83EC10 sub esp, 00000010
:00407558 53 push ebx
:00407559 55 push ebp
:0040755A 56 push esi
:0040755B 57 push edi
:0040755C 8BF9 mov edi, ecx
:0040755E 51 push ecx
:0040755F 8D442434 lea eax, dword ptr [esp+34]
:00407563 8BCC mov ecx, esp
:00407565 8964241C mov dword ptr [esp+1C], esp
:00407569 50 push eax
:0040756A C744243000000000 mov [esp+30], 00000000
* Reference To: MFC42.Ordinal:0217, Ord:0217h
|
:00407572 E8FB940000 Call 00410A72
:00407577 8BCF mov ecx, edi ;此處D *EAX可以看到輸入的註冊名,作CALL的引數
:00407579 E822010000 call 004076A0 ;這個CALL很重要,下面多次出現(分析見下)
:0040757E 8BF0 mov esi, eax ;EAX是返回的值,放進ESI
:00407580 85F6 test esi, esi
:00407582 0F84F0000000 je 00407678
:00407588 51 push ecx
:00407589 8BCC mov ecx, esp
:0040758B 8964241C mov dword ptr [esp+1C], esp
* Possible StringData Ref from Data Obj ->"EasunLee"
|
:0040758F 68F4A64100 push 0041A6F4
* Reference To: MFC42.Ordinal:0219, Ord:0219h
|
:00407594 E8BF930000 Call 00410958
:00407599 8BCF mov ecx, edi
:0040759B E800010000 call 004076A0 ;把字串"EasunLee"作同樣計算
:004075A0 51 push ecx
:004075A1 8BD8 mov ebx, eax ;結果1放在EBX
:004075A3 8BCC mov ecx, esp
:004075A5 8964241C mov dword ptr [esp+1C], esp
* Possible StringData Ref from Data Obj ->"EasunLee"
|
:004075A9 68F4A64100 push 0041A6F4
* Reference To: MFC42.Ordinal:0219, Ord:0219h
|
:004075AE E8A5930000 Call 00410958
:004075B3 8BCF mov ecx, edi
:004075B5 E8E6000000 call 004076A0
:004075BA 51 push ecx
:004075BB 8BE8 mov ebp, eax ;結果1放在EBP
:004075BD 8BCC mov ecx, esp
:004075BF 8964241C mov dword ptr [esp+1C], esp
* Possible StringData Ref from Data Obj ->"easunlee98meiosys"
|
:004075C3 68E0A64100 push 0041A6E0
* Reference To: MFC42.Ordinal:0219, Ord:0219h
|
:004075C8 E88B930000 Call 00410958
:004075CD 8BCF mov ecx, edi
:004075CF E8CC000000 call 004076A0 ;字串"easunlee98meiosys"同樣的計算
:004075D4 51 push ecx
:004075D5 89442418 mov dword ptr [esp+18], eax ;結果2在[ESP+18]
:004075D9 8BCC mov ecx, esp
:004075DB 8964241C mov dword ptr [esp+1C], esp
* Possible StringData Ref from Data Obj ->"Luyanghs&&Tsai&&bluebird"
|
:004075DF 68C4A64100 push 0041A6C4
* Reference To: MFC42.Ordinal:0219, Ord:0219h
|
:004075E4 E86F930000 Call 00410958
:004075E9 8BCF mov ecx, edi
:004075EB E8B0000000 call 004076A0 ;字串"Luyanghs&&Tsai&&bluebird"
:004075F0 51 push ecx
:004075F1 89442414 mov dword ptr [esp+14], eax ;結果3在[ESP+14]
:004075F5 8BCC mov ecx, esp
:004075F7 8964241C mov dword ptr [esp+1C], esp
* Possible StringData Ref from Data Obj ->"heshengwssu1091119"
|
:004075FB 68B0A64100 push 0041A6B0
* Reference To: MFC42.Ordinal:0219, Ord:0219h
|
:00407600 E853930000 Call 00410958
:00407605 8BCF mov ecx, edi
:00407607 E894000000 call 004076A0 ;字串"heshengwssu1091119"
:0040760C 51 push ecx
:0040760D 8944241C mov dword ptr [esp+1C], eax ;結果4在[ESP+1C]
:00407611 8BCC mov ecx, esp
:00407613 89642420 mov dword ptr [esp+20], esp
* Possible StringData Ref from Data Obj ->"200970878"
|
:00407617 68A4A64100 push 0041A6A4
* Reference To: MFC42.Ordinal:0219, Ord:0219h
|
:0040761C E837930000 Call 00410958
:00407621 8BCF mov ecx, edi
:00407623 E878000000 call 004076A0 ;字串"200970878"同樣的計算,結果5在EAX
:00407628 81F678EE0220 xor esi, 2002EE78 ;ESI是註冊名經運算的結果,與2002EE78異或
:0040762E 8B7C2414 mov edi, dword ptr [esp+14] ;把結果2放入EDI
:00407632 81EE21050E20 sub esi, 200E0521 ;再減200E0521
:00407638 8B542418 mov edx, dword ptr [esp+18] ;把結果4放在EDX
:0040763C 81F678563472 xor esi, 72345678 ;再與72345678異或
:00407642 81EE88F76877 sub esi, 7768F788 ;再減7768F788
:00407648 33F3 xor esi, ebx ;再與結果1異或
:0040764A 8B5C2410 mov ebx, dword ptr [esp+10] ;把結果3放入EBX
:0040764E 03F5 add esi, ebp ;再加結果1
:00407650 33F3 xor esi, ebx ;與結果3異或
:00407652 33F7 xor esi, edi ;與結果2異或
:00407654 2BF2 sub esi, edx ;減去結果4
:00407656 03F0 add esi, eax ;加上結果5
:00407658 8B442434 mov eax, dword ptr [esp+34] ;EAX是我們輸入的註冊碼數值
:0040765C 3BF0 cmp esi, eax ;上面一堆運算的結果必須與輸入的註冊碼相等
:0040765E 7518 jne 00407678 ;不等就跳
:00407660 8D4C2430 lea ecx, dword ptr [esp+30]
:00407664 C7442428FFFFFFFF mov [esp+28], FFFFFFFF
* Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:0040766C E899920000 Call 0041090A
:00407671 B801000000 mov eax, 00000001 ;如果相等來到這裡EAX=1,成功
:00407676 EB13 jmp 0040768B
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00407582(C), :0040765E(C)
|
:00407678 8D4C2430 lea ecx, dword ptr [esp+30]
:0040767C C7442428FFFFFFFF mov [esp+28], FFFFFFFF
* Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:00407684 E881920000 Call 0041090A
:00407689 33C0 xor eax, eax ;如果不等EAX在這裡被幹掉了
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00407676(U)
|
:0040768B 8B4C2420 mov ecx, dword ptr [esp+20]
:0040768F 5F pop edi
:00407690 5E pop esi
:00407691 5D pop ebp
:00407692 64890D00000000 mov dword ptr fs:[00000000], ecx
:00407699 5B pop ebx
:0040769A 83C41C add esp, 0000001C
:0040769D C20800 ret 0008
那個多次涉及的CALL:
* Referenced by a CALL at Addresses:
|:00407579 , :0040759B , :004075B5 , :004075CF , :004075EB
|:00407607 , :00407623
|
:004076A0 64A100000000 mov eax, dword ptr fs:[00000000]
:004076A6 6AFF push FFFFFFFF
:004076A8 68781D4100 push 00411D78
:004076AD 50 push eax
:004076AE 64892500000000 mov dword ptr fs:[00000000], esp
:004076B5 56 push esi
:004076B6 57 push edi
:004076B7 8B7C2418 mov edi, dword ptr [esp+18]
:004076BB 8B57F8 mov edx, dword ptr [edi-08]
:004076BE 83FA03 cmp edx, 00000003
:004076C1 7D26 jge 004076E9 ;字串長度必須大於等於3
:004076C3 8D4C2418 lea ecx, dword ptr [esp+18]
:004076C7 C7442410FFFFFFFF mov [esp+10], FFFFFFFF
............
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004076C1(C)
|
:004076E9 33F6 xor esi, esi
:004076EB 33C9 xor ecx, ecx
:004076ED 85D2 test edx, edx
:004076EF 7E0D jle 004076FE
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004076FC(C)
|
:004076F1 0FBE0439 movsx eax, byte ptr [ecx+edi] ;迴圈,依次取出每一個字元
:004076F5 D3E0 shl eax, cl ;ECX為迴圈變數i,取出的字元左移i位
:004076F7 03F0 add esi, eax ;累加起來
:004076F9 41 inc ecx
:004076FA 3BCA cmp ecx, edx ;ECX是否大於字串長度
:004076FC 7CF3 jl 004076F1 ;迴圈取數
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004076EF(C)
|
:004076FE 8D4C2418 lea ecx, dword ptr [esp+18]
:00407702 C7442410FFFFFFFF mov [esp+10], FFFFFFFF
* Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:0040770A E8FB910000 Call 0041090A
:0040770F 8B4C2408 mov ecx, dword ptr [esp+08]
:00407713 8BC6 mov eax, esi ;把累加結果給EAX,作為返回值
:00407715 5F pop edi
:00407716 64890D00000000 mov dword ptr fs:[00000000], ecx
:0040771D 5E pop esi
:0040771E 83C40C add esp, 0000000C
:00407721 C20400 ret 0004
[/code]
整理一下思路:設F()為上面計算的CALL
則 註冊碼=(((F(使用者名稱) XOR 2002EE78 - 200E0521)XOR 72345678 - 7768F788) XOR F("EasunLee") + F("EasunLee")) XOR F("Luyanghs&&Tsai&&bluebird") XOR F("easunlee98meiosys") - F("heshengwssu1091119") + F("200970878")
序號產生器:
[code]
#include <iostream.h>
#include <string.h>
int F(char st[])
{
int len=strlen(st);
int s=0;
for (int i=0;i<len;i++)
s=s+(st[i]<<i);
return s;
}
void main()
{
char name[20];
int code;
cout<<"Please input your name : ";
cin>>name;
code=F(name);
code=(code^0x2002EE78)-0x200E0521;
code=(code^0x72345678)-0x7768F788;
code=(code^F("EasunLee"))+F("EasunLee");
code=code^F("Luyanghs&&Tsai&&bluebird")^F("easunlee98meiosys");
code=code-F("heshengwssu1091119")+F("200970878");
cout<<"Your seiral number is "<<code<<endl;
}
相關文章
- 【原創】FileRecoveryAngel 演算法分析+序號產生器2015-11-15演算法
- Windows系統切換工具2015-11-15Windows
- 序號產生器合集2024-03-17
- 全國電話通1.18
演算法分析+序號產生器2004-04-26演算法
- QuickCD V1.0.4演算法分析+序號產生器原始碼2015-11-15UI演算法原始碼
- 序號產生器制分析: (1千字)2001-11-19
- 蒼鷹象棋1.0
註冊演算法分析和序號產生器2004-05-16演算法
- eBook Edit Pro 3.21 演算法分析及序號產生器原始碼2003-03-13演算法原始碼
- 美萍安全衛士V8.45序號產生器制作分析過程,及序號產生器! (11千字)2001-10-28
- Myeclipse 6.5 序號產生器2020-04-06Eclipse
- 搜尋引擎工廠專業版演算法分析+演算法序號產生器2015-11-15演算法
- 貼彩虹狗破解工具的序號產生器 (727字)2001-07-01
- 分享一個navicat序號產生器2024-04-02
- 進位專家註冊演算法分析及序號產生器C原始碼2004-08-19演算法原始碼
- win10如何執行序號產生器_win10怎麼執行序號產生器2020-08-28Win10
- 超級公式計算器 V4.5x 演算法分析+序號產生器原始碼2015-11-15公式演算法原始碼
- 守財奴1.9註冊分析+序號產生器原始碼2015-11-15原始碼
- IrfanView 序號產生器分析(初級版)
(13千字)2015-11-15View
- Advanced Dialer v2.5演算法分析(附序號產生器) (3千字)2002-04-17演算法
- Lc3&Lc4
註冊演算法分析及序號產生器的製作2004-06-18演算法
- mIRC v5.81版註冊碼演算法分析和序號產生器編寫2000-12-11演算法
- Advanced Emailer 2.1 簡單演算法分析+序號產生器原始碼(tc2)2015-11-15AI演算法原始碼
- SWF2Video Pro V1.0.1.2 完全破解 演算法分析+序號產生器2015-11-15IDE演算法
- 俠客系統修改器 V1.21 序號產生器 (2千字)2001-09-01
- winzip序號產生器 (1千字)2001-04-12
- AddRemove 4GOOD 註冊演算法+序號產生器2003-07-25REMGo演算法
- PEbundle V2.3脫殼 - 某演算法序號產生器2015-11-15演算法
- 餅乾Flash播放器 V1.92-演算法+序號產生器原始碼2015-11-15播放器演算法原始碼
- Gif2Swf Ver 2.1 TC20序號產生器 && MASM32序號產生器 (4千字)2001-12-10ASM
- 《淺談利用RSA演算法防止非法序號產生器的製作》2004-05-20演算法
- VB家庭課堂 v2.0的演算法和序號產生器2015-11-15演算法
- Quickness 3.1
註冊演算法分析 + 序號產生器原始碼(tc2) (15千字)2003-04-13UI演算法原始碼
- SysSync Version 1.02簡單演算法分析+VB序號產生器原始碼 (8千字)2015-11-15演算法原始碼
- windows怎麼切換回蘋果系統(電腦雙系統切換系統方法)2022-12-02Windows蘋果
- 切換Windows的系統語言2023-05-14Windows
- Jutoh 3.03.10中文版 電子書製作工具(序號產生器)2020-12-18
- 製作mIRC6.02序號產生器(給別人寫的初學者序號產生器教材) (14千字)2015-11-15
- SAP CRM One Order的事件序號產生器制2020-02-11事件