電子書庫 (19千字)
SoftWare:電子書庫 V3.68
不錯的文字資料管理工具,不註冊每啟動若干次的時候會彈出一個提示框,生成的CHM的檔案標題上有一個Unregisted
http://www.mycnknow.com/
Tools:TRW2000、微軟Win98
Cracker:lq7972[bruceyu13@sina.com]
Notes:這段時間整理敲入的TXT文字,用上這個工具,覺得不錯,順手PJ了;不知有人寫這個否?不管了,貼出來,主要還是交流、學習~
TRW2000載入主程式,開啟註冊視窗,輸入註冊資訊
Ctrl+N
bpx hmemcpy
F5返回,點確定,攔住
bc *
pmodule
來到程式領空,按F12六次,按F10到:
019F:004D8A77 E84C83F7FF CALL 00450DC8
019F:004D8A7C 8B45FC MOV EAX,[EBP-04] 我們輸入的註冊碼
019F:004D8A7F 50 PUSH EAX
019F:004D8A80 8D55F8 LEA EDX,[EBP-08]
019F:004D8A83 8B83F8020000 MOV EAX,[EBX+02F8]
019F:004D8A89 E83A83F7FF CALL 00450DC8
019F:004D8A8E 8B45F8 MOV EAX,[EBP-08] 我們輸入的使用者名稱
019F:004D8A91 5A POP EDX 我們輸入的註冊碼
019F:004D8A92 E8F5F50100 CALL 004F808C 按F8【跟進1】
019F:004D8A97 84C0 TEST AL,AL
019F:004D8A99 7461 JZ 004D8AFC (JUMP)
019F:004D8A9B 8D55F4 LEA EDX,[EBP-0C]
;。。。。。。
019F:004D8AFA EB2F JMP SHORT 004D8B2B
019F:004D8AFC 6A30 PUSH BYTE +30
;。。。。。。
019F:004D8B26 E8C98DF9FF CALL 004718F4 註冊失敗
019F:004D8B2B 33C0 XOR EAX,EAX
;。。。。。。
;【跟進1】
019F:004F808C 55 PUSH EBP
019F:004F808D 8BEC MOV EBP,ESP
019F:004F808F 83C4F4 ADD ESP,BYTE -0C
019F:004F8092 53 PUSH EBX
019F:004F8093 33C9 XOR ECX,ECX
019F:004F8095 894DF4 MOV [EBP-0C],ECX
019F:004F8098 8955F8 MOV [EBP-08],EDX 輸入的註冊碼
019F:004F809B 8945FC MOV [EBP-04],EAX 輸入的使用者名稱
019F:004F809E 8B45FC MOV EAX,[EBP-04]
019F:004F80A1 E846CAF0FF CALL 00404AEC
019F:004F80A6 8B45F8 MOV EAX,[EBP-08]
019F:004F80A9 E83ECAF0FF CALL 00404AEC
019F:004F80AE 33C0 XOR EAX,EAX
019F:004F80B0 55 PUSH EBP
019F:004F80B1 680E814F00 PUSH DWORD 004F810E
019F:004F80B6 64FF30 PUSH DWORD [FS:EAX]
019F:004F80B9 648920 MOV [FS:EAX],ESP
019F:004F80BC 837DFC00 CMP DWORD [EBP-04],BYTE +00 輸入使用者名稱了嗎?
019F:004F80C0 7406 JZ 004F80C8
019F:004F80C2 837DF800 CMP DWORD [EBP-08],BYTE +00 輸入註冊碼了嗎?
019F:004F80C6 7504 JNZ 004F80CC
019F:004F80C8 33DB XOR EBX,EBX
019F:004F80CA EB27 JMP SHORT 004F80F3
019F:004F80CC E8EFEEF0FF CALL `KERNEL32!GetTickCount`
呼叫GetTickCount函式,獲得的值~T1後面用
019F:004F80D1 8BD8 MOV EBX,EAX
019F:004F80D3 8D4DF4 LEA ECX,[EBP-0C]
019F:004F80D6 8BD3 MOV EDX,EBX
019F:004F80D8 8B45FC MOV EAX,[EBP-04] 使用者名稱
019F:004F80DB E8D09FFFFF CALL 004F20B0 【跟進2】
019F:004F80E0 8B45F4 MOV EAX,[EBP-0C] 正確的註冊碼
019F:004F80E3 8B55F8 MOV EDX,[EBP-08] 我們輸入的
019F:004F80E6 E85DC9F0FF CALL 00404A48
019F:004F80EB 7504 JNZ 004F80F1
019F:004F80ED B301 MOV BL,01
019F:004F80EF EB02 JMP SHORT 004F80F3
019F:004F80F1 33DB XOR EBX,EBX
019F:004F80F3 33C0 XOR EAX,EAX
;。。。。。。
;【跟進2】
019F:004F20B0 55 PUSH EBP
019F:004F20B1 8BEC MOV EBP,ESP
019F:004F20B3 6A00 PUSH BYTE +00
019F:004F20B5 6A00 PUSH BYTE +00
019F:004F20B7 6A00 PUSH BYTE +00
019F:004F20B9 53 PUSH EBX
019F:004F20BA 56 PUSH ESI
019F:004F20BB 8BF1 MOV ESI,ECX
019F:004F20BD 8BDA MOV EBX,EDX
019F:004F20BF 8945FC MOV [EBP-04],EAX
019F:004F20C2 8B45FC MOV EAX,[EBP-04]
019F:004F20C5 E8222AF1FF CALL 00404AEC
019F:004F20CA 33C0 XOR EAX,EAX
019F:004F20CC 55 PUSH EBP
019F:004F20CD 684E214F00 PUSH DWORD 004F214E
019F:004F20D2 64FF30 PUSH DWORD [FS:EAX]
019F:004F20D5 648920 MOV [FS:EAX],ESP
019F:004F20D8 FF75FC PUSH DWORD [EBP-04]
019F:004F20DB 6864214F00 PUSH DWORD 004F2164
019F:004F20E0 8D4DF4 LEA ECX,[EBP-0C]
019F:004F20E3 BA64214F00 MOV EDX,004F2164 軟體給出的字串S
019F:004F20E8 8B45FC MOV EAX,[EBP-04] 使用者名稱
019F:004F20EB E8A4FDFFFF CALL 004F1E94
關鍵1,【跟進3】這裡是對使用者名稱~N1進行轉換運算~N2,詳見後
019F:004F20F0 FF75F4 PUSH DWORD [EBP-0C] 根據使用者名稱算出來的東西
019F:004F20F3 8D45F8 LEA EAX,[EBP-08]
019F:004F20F6 BA03000000 MOV EDX,03
019F:004F20FB E8C428F1FF CALL 004049C4
019F:004F2100 E8BB4EF1FF CALL `KERNEL32!GetTickCount`
第二次呼叫GetTickCount函式~T2
019F:004F2105 2BC3 SUB EAX,EBX T2-T1
019F:004F2107 3DC8000000 CMP EAX,C8 不超過C8h(200毫秒)嗎?
019F:004F210C 7614 JNA 004F2122
019F:004F210E 8BCE MOV ECX,ESI
019F:004F2110 8BD3 MOV EDX,EBX
019F:004F2112 81EAC8000000 SUB EDX,C8 T1-C8h
019F:004F2118 8B45FC MOV EAX,[EBP-04] 使用者名稱
019F:004F211B E858000000 CALL 004F2178
關鍵2,【跟進4】這裡就是計算註冊碼了-----♂
019F:004F2120 EB11 JMP SHORT 004F2133 ♂
019F:004F2122 E8994EF1FF CALL `KERNEL32!GetTickCount` ~T2 ♂
019F:004F2127 8BD0 MOV EDX,EAX ♂
019F:004F2129 8BCE MOV ECX,ESI ♂
019F:004F212B 8B45F8 MOV EAX,[EBP-08] ♂
019F:004F212E E845000000 CALL 004F2178---------------♂
019F:004F2133 33C0 XOR EAX,EAX
019F:004F2135 5A POP EDX
019F:004F2136 59 POP ECX
019F:004F2137 59 POP ECX
019F:004F2138 648910 MOV [FS:EAX],EDX
019F:004F213B 6855214F00 PUSH DWORD 004F2155
019F:004F2140 8D45F4 LEA EAX,[EBP-0C]
019F:004F2143 BA03000000 MOV EDX,03
019F:004F2148 E80725F1FF CALL 00404654
019F:004F214D C3 RET
;【跟進3】~計算使用者名稱
;為節省篇幅,略去N行;下同
;。。。。。。
019F:004F1ED3 E850000000 CALL 004F1F28
019F:004F1ED8 8B45F8 MOV EAX,[EBP-08]
軟體給出的一組字串S~“e-Stack Room 3.68”
019F:004F1EDB E81C2CF1FF CALL 00404AFC
019F:004F1EE0 8D4DF0 LEA ECX,[EBP-10]
019F:004F1EE3 33D2 XOR EDX,EDX
019F:004F1EE5 E83E000000 CALL 004F1F28
019F:004F1EEA 8B45FC MOV EAX,[EBP-04] 使用者名稱N1
019F:004F1EED E80A2CF1FF CALL 00404AFC
019F:004F1EF2 8BCB MOV ECX,EBX
019F:004F1EF4 33D2 XOR EDX,EDX
019F:004F1EF6 E82D000000 CALL 004F1F28 【跟進】
019F:004F1EFB 33C0 XOR EAX,EAX
;。。。。。。
;【跟進】
;。。。。。。
019F:004F1F5A 8B45F0 MOV EAX,[EBP-10] 使用者名稱N1
019F:004F1F5D E8A229F1FF CALL 00404904 使用者名稱長度
019F:004F1F62 8BD8 MOV EBX,EAX
019F:004F1F64 85DB TEST EBX,EBX
019F:004F1F66 7513 JNZ 004F1F7B (JUMP)
019F:004F1F68 893510CB5000 MOV [0050CB10],ESI
019F:004F1F6E 6BC664 IMUL EAX,ESI,BYTE +64
019F:004F1F71 A314CB5000 MOV [0050CB14],EAX
019F:004F1F76 E9CC000000 JMP 004F2047
019F:004F1F7B 8B45F8 MOV EAX,[EBP-08]
019F:004F1F7E E8AD26F1FF CALL 00404630
019F:004F1F83 8BFB MOV EDI,EBX 使用者名稱長度
019F:004F1F85 4F DEC EDI
019F:004F1F86 85FF TEST EDI,EDI
019F:004F1F88 0F8CB9000000 JL NEAR 004F2047
019F:004F1F8E 47 INC EDI EDI是使用者名稱長度
019F:004F1F8F 33F6 XOR ESI,ESI ESI從0始
019F:004F1F91 8B45FC MOV EAX,[EBP-04] 使用者名稱N1
019F:004F1F94 8A0430 MOV AL,[EAX+ESI] N1[i]
019F:004F1F97 3C20 CMP AL,20 把使用者名稱限制在空格(20h)
019F:004F1F99 0F82A0000000 JC NEAR 004F203F
019F:004F1F9F 3C7E CMP AL,7E 和~(7Eh)之間
019F:004F1FA1 0F8798000000 JA NEAR 004F203F
019F:004F1FA7 8B1510CB5000 MOV EDX,[0050CB10] ~A1,初始值為A66788h
019F:004F1FAD 81E2FFFFFF1F AND EDX,1FFFFFFF A1 And 1FFFFFFFh
019F:004F1FB3 8B0D10CB5000 MOV ECX,[0050CB10] ~A2
019F:004F1FB9 C1E91D SHR ECX,1D A2 Shr 1Dh
019F:004F1FBC 83E131 AND ECX,BYTE +31 A2 And 31
019F:004F1FBF 33D1 XOR EDX,ECX A1 Xor A2
019F:004F1FC1 891510CB5000 MOV [0050CB10],EDX ~A3
019F:004F1FC7 8845F7 MOV [EBP-09],AL N1[i],下面用
019F:004F1FCA A110CB5000 MOV EAX,[0050CB10] A3
019F:004F1FCF B95F000000 MOV ECX,5F
019F:004F1FD4 99 CDQ
019F:004F1FD5 F7F9 IDIV ECX A3 IDiv 5Fh,商放EAX
019F:004F1FD7 33D2 XOR EDX,EDX
019F:004F1FD9 8A55F7 MOV DL,[EBP-09] N1[i]
019F:004F1FDC 83EA20 SUB EDX,BYTE +20 N1[i]-20h
019F:004F1FDF 2BC2 SUB EAX,EDX EAX-EDX
019F:004F1FE1 E88A000000 CALL 004F2070
;EAX的值依次跟251Ch(9500D)、3B6h(950D)、5Fh(95D)比較,如果比後三者大就分別減去它們;
;但最後若小於零,則要加上5Fh
019F:004F1FE6 8BD8 MOV EBX,EAX 遞給EBX
019F:004F1FE8 80C320 ADD BL,20 BL+20h,這就是我們所要的
019F:004F1FEB FF0514CB5000 INC DWORD [0050CB14] ~A4,[0050CB14]放著S長度
019F:004F1FF1 813D14CB50007951+CMP DWORD [0050CB14],5179
019F:004F1FFB 7C07 JL 004F2004 (Jump)
019F:004F1FFD 33C0 XOR EAX,EAX
019F:004F1FFF A314CB5000 MOV [0050CB14],EAX
019F:004F2004 8A45F7 MOV AL,[EBP-09] N1[i]
019F:004F2007 32C3 XOR AL,BL N1[i] Xor BL
019F:004F2009 25FF000000 AND EAX,FF EAX And FFh
019F:004F200E 8B1510CB5000 MOV EDX,[0050CB10] EDX=A3
019F:004F2014 031510CB5000 ADD EDX,[0050CB10] EDX=EDX+A3
019F:004F201A 03C2 ADD EAX,EDX EAX=EAX+EDX
019F:004F201C 030514CB5000 ADD EAX,[0050CB14] EAX+A4
019F:004F2022 A310CB5000 MOV [0050CB10],EAX 放[0050CB10]備用
019F:004F2027 8D45EC LEA EAX,[EBP-14] 下面把結果轉為對應的字元
019F:004F202A 8BD3 MOV EDX,EBX
019F:004F202C E8DF27F1FF CALL 00404810
019F:004F2031 8B55EC MOV EDX,[EBP-14]
019F:004F2034 8B45F8 MOV EAX,[EBP-08]
019F:004F2037 E8D028F1FF CALL 0040490C
019F:004F203C 8B45F8 MOV EAX,[EBP-08]
019F:004F203F 46 INC ESI
019F:004F2040 4F DEC EDI
019F:004F2041 0F854AFFFFFF JNZ NEAR 004F1F91
;。。。。。。
;【跟進4】~計算註冊碼
;。。。。。。
019F:004F21A8 33DB XOR EBX,EBX EBX=0
019F:004F21AA 33C0 XOR EAX,EAX
019F:004F21AC 8945F0 MOV [EBP-10],EAX
019F:004F21AF 8B45FC MOV EAX,[EBP-04] 換算後的使用者名稱~N1SN2
019F:004F21B2 E84D27F1FF CALL 00404904 它的長度
019F:004F21B7 8BF0 MOV ESI,EAX
019F:004F21B9 85F6 TEST ESI,ESI
019F:004F21BB 7E51 JNG 004F220E
019F:004F21BD BF01000000 MOV EDI,01 EDI=1
019F:004F21C2 E8F94DF1FF CALL `KERNEL32!GetTickCount` ~T3
019F:004F21C7 2B45F8 SUB EAX,[EBP-08] T3-T2
019F:004F21CA 3DC8000000 CMP EAX,C8
019F:004F21CF 7614 JNA 004F21E5 不跳,軟體出錯
019F:004F21D1 8B4DF4 MOV ECX,[EBP-0C]
019F:004F21D4 8B55F8 MOV EDX,[EBP-08]
019F:004F21D7 81EAC8000000 SUB EDX,C8
019F:004F21DD 8B45FC MOV EAX,[EBP-04]
019F:004F21E0 E8CBFEFFFF CALL 004F20B0
019F:004F21E5 895DF0 MOV [EBP-10],EBX 初始為0
019F:004F21E8 8B45FC MOV EAX,[EBP-04] N2
019F:004F21EB 8A4438FF MOV AL,[EAX+EDI-01] N2(i)
019F:004F21EF 32C3 XOR AL,BL AL Xor BL
019F:004F21F1 25FF000000 AND EAX,FF EAX=EAX And FFh
019F:004F21F6 8B0485F4895000 MOV EAX,[EAX*4+005089F4] EAX=[EAX*4+005089F4]【表】
019F:004F21FD C1EB08 SHR EBX,08
019F:004F2200 81E3FFFFFF00 AND EBX,00FFFFFF
019F:004F2206 33C3 XOR EAX,EBX EAX Xor EBX
019F:004F2208 8BD8 MOV EBX,EAX 下次使用,我們所要的
019F:004F220A 47 INC EDI
019F:004F220B 4E DEC ESI
019F:004F220C 75B4 JNZ 004F21C2
;如果迴圈完了,最後所得的即是註冊碼的前8位,而倒數第二次的就是註冊碼的後8位
019F:004F220E 8B45F0 MOV EAX,[EBP-10]
019F:004F2211 33D2 XOR EDX,EDX
;後面從略。。。。。。
【表】介於5089F4~508DF0
0030:005089F4 00 00 00 00 96 30 07 77-2C 61 0E EE BA 51 09 99 ....?.w,a.詈Q.?
0030:00508A04 19 C4 6D 07 8F F4 6A 70-35 A5 63 E9 A3 95 64 9E .m.jp5c椋d?
0030:00508A14 32 88 DB 0E A4 B8 DC 79-1E E9 D5 E0 88 D9 D2 97 2.じy.檎僖?
0030:00508A24 2B 4C B6 09 BD 7C B1 7E-07 2D B8 E7 91 1D BF 90 +L?|~.-哥?
0030:00508A34 64 10 B7 1D F2 20 B0 6A-48 71 B9 F3 DE 41 BE 84 d.??jHq貴A
0030:00508A44 7D D4 DA 1A EB E4 DD 6D-51 B5 D4 F4 C7 85 D3 83 }在.脘mQ翟羥?
0030:00508A54 56 98 6C 13 C0 A8 6B 64-7A F9 62 FD EC C9 65 8A Vl.括kdzbe?
0030:00508A64 4F 5C 01 14 D9 6C 06 63-63 3D 0F FA F5 0D 08 8D O\..l.cc=...?
0030:00508A74 C8 20 6E 3B 5E 10 69 4C-E4 41 60 D5 72 71 67 A2 ?n;^.iLA`rqg?
0030:00508A84 D1 E4 03 3C 47 D4 04 4B-FD 85 0D D2 6B B5 0A A5 唁.br> 0030:00508A94 FA A8 B5 35 6C 98 B2 42-D6 C9 BB DB 40 F9 BC AC ?lB稚慧@?
0030:00508AA4 E3 6C D8 32 75 5C DF 45-CF 0D D6 DC 59 3D D1 AB l?u\E?周Y=勳
0030:00508AB4 AC 30 D9 26 3A 00 DE 51-80 51 D7 C8 16 61 D0 BF ??:.QQ茲.a鋅
0030:00508AC4 B5 F4 B4 21 23 C4 B3 56-99 95 BA CF 0F A5 BD B8 掉?#某V合.ソ?
0030:00508AD4 9E B8 02 28 08 88 05 5F-B2 D9 0C C6 24 E9 0B B1 .(.?_操.???
0030:00508AE4 87 7C 6F 2F 11 4C 68 58-AB 1D 61 C1 3D 2D 66 B6 |o/.LhX?a?-f?
0030:00508AF4 90 41 DC 76 06 71 DB 01-BC 20 D2 98 2A 10 D5 EF Av.q??*.診
0030:00508B04 89 85 B1 71 1F B5 B6 06-A5 E4 BF 9F 33 D4 B8 E8 q.刀.ヤ3願?
0030:00508B14 A2 C9 07 78 34 F9 00 0F-8E A8 09 96 18 98 0E E1 ⑸.x4?..???
0030:00508B24 BB 0D 6A 7F 2D 3D 6D 08-97 6C 64 91 01 5C 63 E6 ?j-=m.ld?\c?
0030:00508B34 F4 51 6B 6B 62 61 6C 1C-D8 30 65 85 4E 00 62 F2 Qkkbal.?eN.b?
0030:00508B44 ED 95 06 6C 7B A5 01 1B-C1 F4 08 82 57 C4 0F F5 .l{?.留.W??
0030:00508B54 C6 D9 B0 65 50 E9 B7 12-EA B8 BE 8B 7C 88 B9 FC 瀑eP櫸.旮|?
0030:00508B64 DF 1D DD 62 49 2D DA 15-F3 7C D3 8C 65 4C D4 FB ?bI-?|eL喳
0030:00508B74 58 61 B2 4D CE 51 B5 3A-74 00 BC A3 E2 30 BB D4 XaMQ?t.跡?輝
0030:00508B84 41 A5 DF 4A D7 95 D8 3D-6D C4 D1 A4 FB F4 D6 D3 AミJ?m難糝?
0030:00508B94 6A E9 69 43 FC D9 6E 34-46 88 67 AD D0 B8 60 DA jiCn4Fg`?
0030:00508BA4 73 2D 04 44 E5 1D 03 33-5F 4C 0A AA C9 7C 0D DD s-.D?.3_L.|.?
0030:00508BB4 3C 71 05 50 AA 41 02 27-10 10 0B BE 86 20 0C C9 br> 0030:00508BC4 25 B5 68 57 B3 85 6F 20-09 D4 66 B9 9F E4 61 CE %hWo .fa?
0030:00508BD4 0E F9 DE 5E 98 C9 D9 29-22 98 D0 B0 B4 A8 D7 C7 .^?"邪川?
0030:00508BE4 17 3D B3 59 81 0D B4 2E-3B 5C BD B7 AD 6C BA C0 .=Y??;\椒l豪
0030:00508BF4 20 83 B8 ED B6 B3 BF 9A-0C E2 B6 03 9A D2 B1 74 疙凍?舛.冶t
0030:00508C04 39 47 D5 EA AF 77 D2 9D-15 26 DB 04 83 16 DC 73 9G貞w.&??s
0030:00508C14 12 0B 63 E3 84 3B 64 94-3E 6A 6D 0D A8 5A 6A 7A ..c;d?jm.Zjz
0030:00508C24 0B CF 0E E4 9D FF 09 93-27 AE 00 0A B1 9E 07 7D .?.??..}
0030:00508C34 44 93 0F F0 D2 A3 08 87-68 F2 01 1E FE C2 06 69 D?鷚?h?..i
0030:00508C44 5D 57 62 F7 CB 67 65 80-71 36 6C 19 E7 06 6B 6E ]Wb魎geq6l.?kn
0030:00508C54 76 1B D4 FE E0 2B D3 89-5A 7A DA 10 CC 4A DD 67 v.軋?Zz?Jg
0030:00508C64 6F DF B9 F9 F9 EF BE 8E-43 BE B7 17 D5 8E B0 60 o吖錁C痙.`
0030:00508C74 E8 A3 D6 D6 7E 93 D1 A1-C4 C2 D8 38 52 F2 DF 4F 瑁種~選穆8R蜻O
0030:00508C84 F1 67 BB D1 67 57 BC A6-DD 06 B5 3F 4B 36 B2 48 g謊gW雞??K6H
0030:00508C94 DA 2B 0D D8 4C 1B 0A AF-F6 4A 03 36 60 7A 04 41 ?.L..J.6`z.A
0030:00508CA4 C3 EF 60 DF 55 DF 67 A8-EF 8E 6E 31 79 BE 69 46 蔑`Ugn1yiF
0030:00508CB4 8C B3 61 CB 1A 83 66 BC-A0 D2 6F 25 36 E2 68 52 a?f_o%6hR
0030:00508CC4 95 77 0C CC 03 47 0B BB-B9 16 02 22 2F 26 05 55 w.?G.還.."/&.U
0030:00508CD4 BE 3B BA C5 28 0B BD B2-92 5A B4 2B 04 6A B3 5C ?號(.講Z?.j\
0030:00508CE4 A7 FF D7 C2 31 CF D0 B5-8B 9E D9 2C 1D AE DE 5B ?茁1閒,.[
0030:00508CF4 B0 C2 64 9B 26 F2 63 EC-9C A3 6A 75 0A 93 6D 02 奧d?cju.m.
0030:00508D04 A9 06 09 9C 3F 36 0E EB-85 67 07 72 13 57 00 05 ?.?6.g.r.W..
0030:00508D14 82 4A BF 95 14 7A B8 E2-AE 2B B1 7B 38 1B B6 0C J.z糕??#123;8.?
0030:00508D24 9B 8E D2 92 0D BE D5 E5-B7 EF DC 7C 21 DF DB 0B .菊宸鏝|!咣.
0030:00508D34 D4 D2 D3 86 42 E2 D4 F1-F8 B3 DD 68 6E 83 DA 1F 砸B庠聒齒hn.
0030:00508D44 CD 16 BE 81 5B 26 B9 F6-E1 77 B0 6F 77 47 B7 18 ?[&滾wowG?
0030:00508D54 E6 5A 08 88 70 6A 0F FF-CA 3B 06 66 5C 0B 01 11 Z.pj.?.f\...
0030:00508D64 FF 9E 65 8F 69 AE 62 F8-D3 FF 6B 61 45 CF 6C 16 eibkaEl.
0030:00508D74 78 E2 0A A0 EE D2 0D D7-54 83 04 4E C2 B3 03 39 x?_?T?N魯.9
0030:00508D84 61 26 67 A7 F7 16 60 D0-4D 47 69 49 DB 77 6E 3E a&g.`MGiIwn>
0030:00508D94 4A 6A D1 AE DC 5A D6 D9-66 0B DF 40 F0 3B D8 37 Jj旬Z仲f.@??
0030:00508DA4 53 AE BC A9 C5 9E BB DE-7F CF B2 47 E9 FF B5 30 S┡?喜G??
0030:00508DB4 1C F2 BD BD 8A C2 BA CA-30 93 B3 53 A6 A3 B4 24 .蚪潞?SΓ?
0030:00508DC4 05 36 D0 BA 93 06 D7 CD-29 57 DE 54 BF 67 D9 23 .6瀉?淄)WTg?
0030:00508DD4 2E 7A 66 B3 B8 4A 61 C4-02 1B 68 5D 94 2B 6F 2A .zf掣Ja?.h]?o*
0030:00508DE4 37 BE 0B B4 A1 8E 0C C3-1B DF 05 5A 8D EF 02 2D 7?礎???Z.-
0030:00508DF4 04 62 4F 00 20 62 4F 00-38 62 4F 00 54 62 4F 00 .bO. bO.8bO.TbO.
【總結】
程式先把使用者名稱N1做轉換N2,然後按形如N1SN2(S就是軟體給出的字串)結合成一個新的字串;以此來計算註冊碼。透過一定的運算,確定表中位置,從中取出字串,迴圈運算得到最後的註冊碼。
軟體使用GetTickCount函式似乎是防破解;GetTickCount函式:返回Windows啟動以來經歷的時間長度(毫秒),它沒有引數。
【序號產生器】
補遺:前面寫的有些模糊,即註冊碼不是直接從表中取出的,而是對取出值進行運算;本次得到的做前8位,上次運算所得是後8位。
下面是MASM32的序號產生器
;/////////////////////////////////////////////////////////////////////////////////////////
;KeyGen.asm
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; The KeyGen by lq7972,with MASM32 V8
; E-mail:bruceyu13@sina.com
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat,stdcall
option casemap:none
;Include檔案定義
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
include gdi32.inc
includelib gdi32.lib
include comdlg32.inc
includelib comdlg32.lib
include masm32.inc
includelib masm32.lib
;Equ等值定義
DLG_MAIN equ 1
EditName equ 10
EditSN equ 11
;*************************************************************************************
.data?
szSN db 16 dup (?)
szSN1 db 8 dup (?)
szName db 10 dup (?)
Temp dd 10 dup (?)
TempNam dd ?
.data
MyTab dd 000000000H,077073096H,0EE0E612CH,0990951BAH,0076DC419H,0706AF48FH,0E963A535H,09E6495A3H,00EDB8832H,079DCB8A4H,0E0D5E91EH,097D2D988H
dd 009B64C2BH,07EB17CBDH,0E7B82D07H,090BF1D91H,01DB71064H,06AB020F2H,0F3B97148H,084BE41DEH,01ADAD47DH,06DDDE4EBH,0F4D4B551H,083D385C7H
dd 0136C9856H,0646BA8C0H,0FD62F97AH,08A65C9ECH,014015C4FH,063066CD9H,0FA0F3D63H,08D080DF5H,03B6E20C8H,04C69105EH,0D56041E4H,0A2677172H
dd 03C03E4D1H,04B04D447H,0D20D85FDH,0A50AB56BH,035B5A8FAH,042B2986CH,0DBBBC9D6H,0ACBCF940H,032D86CE3H,045DF5C75H,0DCD60DCFH,0ABD13D59H
dd 026D930ACH,051DE003AH,0C8D75180H,0BFD06116H,021B4F4B5H,056B3C423H,0CFBA9599H,0B8BDA50FH,02802B89EH,05F058808H,0C60CD9B2H,0B10BE924H
dd 02F6F7C87H,058684C11H,0C1611DABH,0B6662D3DH,076DC4190H,001DB7106H,098D220BCH,0EFD5102AH,071B18589H,006B6B51FH,09FBFE4A5H,0E8B8D433H
dd 07807C9A2H,00F00F934H,09609A88EH,0E10E9818H,07F6A0DBBH,0086D3D2DH,091646C97H,0E6635C01H,06B6B51F4H,01C6C6162H,0856530D8H,0F262004EH
dd 06C0695EDH,01B01A57BH,08208F4C1H,0F50FC457H,065B0D9C6H,012B7E950H,08BBEB8EAH,0FCB9887CH,062DD1DDFH,015DA2D49H,08CD37CF3H,0FBD44C65H
dd 04DB26158H,03AB551CEH,0A3BC0074H,0D4BB30E2H,04ADFA541H,03DD895D7H,0A4D1C46DH,0D3D6F4FBH,04369E96AH,0346ED9FCH,0AD678846H,0DA60B8D0H
dd 044042D73H,033031DE5H,0AA0A4C5FH,0DD0D7CC9H,05005713CH,0270241AAH,0BE0B1010H,0C90C2086H,05768B525H,0206F85B3H,0B966D409H,0CE61E49FH
dd 05EDEF90EH,029D9C998H,0B0D09822H,0C7D7A8B4H,059B33D17H,02EB40D81H,0B7BD5C3BH,0C0BA6CADH,0EDB88320H,09ABFB3B6H,003B6E20CH,074B1D29AH
dd 0EAD54739H,09DD277AFH,004DB2615H,073DC1683H,0E3630B12H,094643B84H,00D6D6A3EH,07A6A5AA8H,0E40ECF0BH,09309FF9DH,00A00AE27H,07D079EB1H
dd 0F00F9344H,08708A3D2H,01E01F268H,06906C2FEH,0F762575DH,0806567CBH,0196C3671H,06E6B06E7H,0FED41B76H,089D32BE0H,010DA7A5AH,067DD4ACCH
dd 0F9B9DF6FH,08EBEEFF9H,017B7BE43H,060B08ED5H,0D6D6A3E8H,0A1D1937EH,038D8C2C4H,04FDFF252H,0D1BB67F1H,0A6BC5767H,03FB506DDH,048B2364BH
dd 0D80D2BDAH,0AF0A1B4CH,036034AF6H,041047A60H,0DF60EFC3H,0A867DF55H,0316E8EEFH,04669BE79H,0CB61B38CH,0BC66831AH,0256FD2A0H,05268E236H
dd 0CC0C7795H,0BB0B4703H,0220216B9H,05505262FH,0C5BA3BBEH,0B2BD0B28H,02BB45A92H,05CB36A04H,0C2D7FFA7H,0B5D0CF31H,02CD99E8BH,05BDEAE1DH
dd 09B64C2B0H,0EC63F226H,0756AA39CH,0026D930AH,09C0906A9H,0EB0E363FH,072076785H,005005713H,095BF4A82H,0E2B87A14H,07BB12BAEH,00CB61B38H
dd 092D28E9BH,0E5D5BE0DH,07CDCEFB7H,00BDBDF21H,086D3D2D4H,0F1D4E242H,068DDB3F8H,01FDA836EH,081BE16CDH,0F6B9265BH,06FB077E1H,018B74777H
dd 088085AE6H,0FF0F6A70H,066063BCAH,011010B5CH,08F659EFFH,0F862AE69H,0616BFFD3H,0166CCF45H,0A00AE278H,0D70DD2EEH,04E048354H,03903B3C2H
dd 0A7672661H,0D06016F7H,04969474DH,03E6E77DBH,0AED16A4AH,0D9D65ADCH,040DF0B66H,037D83BF0H,0A9BCAE53H,0DEBB9EC5H,047B2CF7FH,030B5FFE9H
dd 0BDBDF21CH,0CABAC28AH,053B39330H,024B4A3A6H,0BAD03605H,0CDD70693H,054DE5729H,023D967BFH,0B3667A2EH,0C4614AB8H,05D681B02H,02A6F2B94H
dd 0B40BBE37H,0C30C8EA1H,05A05DF1BH,02D02EF8DH
hInstance dd 0
szStr db 'e-Stack Room 3.68',0
szErr db '請輸入使用者名稱!',0
szErr1 db '對不起,使用者名稱長了',0dh,0ah,\
'請更換使用者名稱!',0
szCaption db '錯誤!',0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
;***************************************************************************************
_CmpNam proc
cmp eax,251CH
jl b10
@@:
sub eax,251CH
cmp eax,251CH
jge @B
b10:
cmp eax,3B6H
jl b20
@@:
sub eax,3B6H
cmp eax,3B6H
jge @B
b20:
cmp eax,5FH
jl b30
@@:
sub eax,5FH
cmp eax,5FH
jge @B
b30:
test eax,eax
jge b40
@@:
add eax,5FH
test eax,eax
jl @B
b40:
ret
_CmpNam endp
;**************************************************************************************
_CalcNam proc
local @Temp1,@Temp2,@Temp3
local @Temp4:BYTE
pushad
mov @Temp1,0A66788H
invoke lstrlen,offset szStr
mov @Temp2,eax
xor eax,eax
xor esi,esi
a10:
lea eax,szName
mov al,[eax+esi]
cmp al,20H
jc a20
cmp al,7EH
ja a20
mov edx,@Temp1
and edx,1FFFFFFFH
mov ecx,@Temp1
shr ecx,1DH
and ecx, 31H
xor edx,ecx
mov @Temp1,edx
mov @Temp4,al
mov eax,@Temp1
mov ecx,5FH
cdq
idiv ecx
xor edx,edx
mov dl,@Temp4
sub edx, 20H
sub eax,edx
invoke _CmpNam
mov ebx,eax
add bl,20H
inc @Temp2
cmp @Temp2,5179H
jl @F
xor eax,eax
mov @Temp2,eax
@@:
mov al,@Temp4
xor al,bl
and eax,0FFH
mov edx,@Temp1
add edx,@Temp1
add eax,edx
add eax,@Temp2
mov @Temp1,eax
mov byte ptr [Temp+esi],bl
a20:
inc esi
dec edi
jnz a10
invoke lstrcat,offset TempNam,offset szName
invoke lstrcat,offset TempNam,offset szStr
invoke lstrcat,offset TempNam,offset Temp
popad
ret
_CalcNam endp
;**************************************************************************************
_CalcReg proc
local @Temp1:DWORD
pushad
xor ebx,ebx
invoke lstrlen,offset TempNam
mov esi,eax
test esi,esi
jng c20
mov edi,01H
c10:
mov @Temp1,ebx
lea eax,TempNam
mov al,[eax+edi-01H]
xor al,bl
and eax,0FFH
mov eax,DWORD ptr [eax*4+MyTab]
shr ebx,08H
and ebx,00FFFFFFH
xor eax,ebx
mov ebx,eax
inc edi
dec esi
jnz c10
invoke dw2hex,ebx,addr szSN
invoke dw2hex,@Temp1,addr szSN1
invoke lstrcat,addr szSN,addr szSN1
c20:
popad
ret
_CalcReg endp
;**************************************************************************************
_ProcDlgMain proc uses ebx edi esi ecx edx,hWnd,wMsg,wParam,lParam
mov eax,wMsg
.if eax==WM_CLOSE
invoke EndDialog,hWnd,NULL
.elseif eax==WM_COMMAND
mov eax,wParam
.if eax == IDOK
invoke RtlZeroMemory,addr szName,10
invoke RtlZeroMemory,addr szSN,16
invoke RtlZeroMemory,addr Temp,10
invoke RtlZeroMemory,addr TempNam,50
invoke GetDlgItemText,hWnd,EditName,offset szName,20
.if eax != NULL
invoke lstrlen,offset szName
mov edi,eax
.if eax > 0aH
invoke MessageBox,NULL,offset szErr1,offset szCaption,MB_OK
mov eax,FALSE
ret
.endif
invoke _CalcNam
invoke _CalcReg
invoke SetDlgItemText,hWnd,EditSN,offset szSN
mov eax,FALSE
ret
.else
invoke MessageBox,NULL,offset szErr,offset szCaption,MB_OK
mov eax,FALSE
ret
.endif
.elseif eax == IDCANCEL
invoke EndDialog,hWnd,NULL
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
;invoke InitCommonControls
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcDlgMain,0
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start
;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
;KeyGen.rc
#include
#define DLG_MAIN 1
#define EDITName 10
#define EDITSN 11
DLG_MAIN DIALOG 100,150,250,60
STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU | WS_THICKFRAME
CAPTION "電子書庫 V3.68 序號產生器"
FONT 9,"宋體"
{
CONTROL "Name:" ,-1,"Static",SS_LEFT,10,13,40,17
CONTROL "SN:" ,-2,"Static",SS_CENTER,10,40,20,17
CONTROL "" ,10,"Edit",ES_LEFT,30,13,150,10
CONTROL "" ,11,"Edit",ES_LEFT,30,40,150,10
DEFPUSHBUTTON "GENERATE",IDOK,200,11,40,15
PUSHBUTTON "EXIT",IDCANCEL,200,36,41,14
}
;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
;MakeFile
NAME = KeyGen
OBJS = $(NAME).obj #需要的目標檔案
RES = $(NAME).res #需要的資原始檔
LINK_FLAG = /subsystem:windows #連線選項
ML_FLAG = /c /coff #編譯選項
$(NAME).exe: $(OBJS) $(RES)
Link $(LINK_FLAG) $(OBJS) $(RES)
.asm.obj:
ml $(ML_FLAG) $<
.rc.res:
rc $<
clean:
del *.obj
del *.res
;/////////////////////////////////////////////////////////////////////////////////////////
相關文章
- 無憂資源庫(電子書籍)2006-07-21
- 分享電子書2019-11-03
- 某電子書註冊破解實錄,高手莫入。 (6千字)2002-10-05
- 電子圖書館(仿百度文庫)2014-05-26
- python電子書2018-12-13Python
- 電子書DRM破解2018-04-28
- 電子書閱讀 App2018-10-07APP
- python電子書: django2014-01-15PythonDjango
- 超越C++標準庫:Boost庫導論電子書PDF下載2019-03-14C++
- 電子書生成工具Vellum for Mac2022-08-03Mac
- (轉)[it-ebooks]電子書列表2015-01-15
- 使用Gitbook製作電子書2014-10-21Git
- 電子書:初等演算法2014-07-28演算法
- 電子書製作軟體2015-11-15
- 2019中國電子競技行業發展白皮書(上)2020-02-03行業
- 2019中國電子競技行業發展白皮書(下)2020-02-03行業
- 《Flutter實戰》開源電子書2018-12-18Flutter
- Clearview for Mac電子書閱讀工具2021-01-05ViewMac
- Jutoh for Mac(電子書製作工具)2020-12-01Mac
- Jutoh for Mac電子書製作工具2020-12-04Mac
- 電子書定製建立工具Vellum2022-07-04
- eBookBinder for mac(電子書編譯器)2021-11-09Mac編譯
- 開源電子書回饋社群2023-11-22
- 使用 Gitbook 打造你的電子書2017-09-21Git
- Gitbook離線電子書打包方案2016-04-20Git
- android 電子書翻頁效果2013-05-27Android
- 如何獲得電子ocp證書2012-06-01
- 又有免費Java電子書下了2008-01-03Java
- 如何把電子書轉成EPUB?2024-07-01
- ffmpeg基礎庫程式設計開發電子書pdf下載2019-02-26程式設計
- 好運電子書!《CSS設計指南(第3版)》購電子書抽獎送紙版2012-12-22CSS
- 電子書,UML播種機--物件導向軟體工程文件庫 (轉)2007-12-04物件軟體工程
- Mac電子書閱讀工具——Clearview for Mac2020-06-03MacView
- 細說PHP電子書pdf下載2019-03-01PHP
- 前端免費高清電子書(史上最全)2018-11-30前端
- TutorialsPoint電子書歸檔20172018-09-10
- Mac電子書製作工具:Jutoh for Mac2021-12-13Mac
- 思考複雜性免費電子書2017-03-29