億虎Email郵差 2003c Build 0225
億虎Email郵差註冊演算法分析
■、作者宣告:初學破解,純屬技術交流,無其它目的。
■、工具:ollyDBg1.09,W32Dasm10,脫殼工具。
■、基本知識:基礎彙編知識,基本工具使用。
■、註冊形式:機器碼+註冊碼
■、軟體介紹:
億虎Email郵差是基於Internet上標準郵件伺服器的專業Email群發程式,專為網路營銷及電子商務服務。
他不同於普通的郵件群發軟體,是真正簡單、容易使用的郵件傳送軟體。首先內建高效快速的SMTP伺服器,從而不需要其他SMTP 伺服器中轉,即可將郵件直接傳送到每個收件人信箱,對郵件傳送是否成功一目瞭然。其次億虎Email郵差採用智慧變數替代功能,即同一封信對不同的收件人可以產生不同的內容,這樣才可以真正做到一信多發,增加了對收件人友好性。另外全面支援繼續傳送功能,隨時可以想發就發。內建1~512可調節執行緒數,
讓您在短短的時間內快速、準確、直接傳送郵件,是資訊釋出的最佳助手。
機器碼:501229
註冊碼:12345-23456-34567-45678
一、在W32Dasm中找出氏資訊,很容易找到關鍵部分。
:0049B5C6
8B45E0 mov eax,
dword ptr [ebp-20]
:0049B5C9 E8AAD8F6FF
call 00408E78
:0049B5CE 8BD0
mov edx, eax
:0049B5D0 B98F000000
mov ecx, 0000008F
:0049B5D5 8B45FC
mov eax, dword ptr
[ebp-04]
:0049B5D8 E8B7F5FFFF call
0049AB94
:0049B5DD 8BD8
mov ebx, eax
:0049B5DF A1580B4A00
mov eax, dword ptr [004A0B58]
:0049B5E4 885854
mov byte ptr [eax+54], bl
:0049B5E7
A1580B4A00 mov eax, dword ptr
[004A0B58]
:0049B5EC 84DB
test bl, bl
:0049B5EE 752C
jne 0049B61C
:0049B5F0 8D45F8
lea eax, dword ptr [ebp-08]
*
Possible StringData Ref from Code Obj ->"無效的註冊碼! "
|
:0049B5F3 BA90B64900
mov edx, 0049B690
:0049B5F8 E83387F6FF
call 00403D30
:0049B5FD 6A30
push 00000030
:0049B5FF 8B45F8
mov eax, dword ptr
[ebp-08]
:0049B602 E8D58AF6FF call
004040DC
:0049B607 8BD0
mov edx, eax
二、用ollydbg載入程式,動態分析。
0049B551
|. 64:FF30 PUSH DWORD PTR FS:[EAX]
0049B554
|. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0049B557
|. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0049B55A
|. 8B86 E0020000 MOV EAX,DWORD PTR DS:[ESI+2E0]
0049B560 |.
E8 AB51F9FF CALL Esend.00430710
; 取12345e
0049B565 |.
FF75 F4 PUSH DWORD PTR SS:[EBP-C]
0049B568 |.
8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
0049B56B |.
8B86 E8020000 MOV EAX,DWORD PTR DS:[ESI+2E8]
0049B571 |. E8
9A51F9FF CALL Esend.00430710
; 取23456e
0049B576 |. FF75
F0 PUSH DWORD PTR SS:[EBP-10]
0049B579 |. 8D55
EC LEA EDX,DWORD PTR SS:[EBP-14]
0049B57C |. 8B86
EC020000 MOV EAX,DWORD PTR DS:[ESI+2EC]
0049B582 |. E8 8951F9FF
CALL Esend.00430710
; 取34567e
0049B587 |. FF75 EC
PUSH DWORD PTR SS:[EBP-14]
0049B58A |. 8D55 E8
LEA EDX,DWORD PTR SS:[EBP-18]
0049B58D |. 8B86 F0020000
MOV EAX,DWORD PTR DS:[ESI+2F0]
0049B593 |. E8 7851F9FF CALL
Esend.00430710
; 取45678e
0049B598 |. FF75 E8
PUSH DWORD PTR SS:[EBP-18]
0049B59B |. 8D45 FC
LEA EAX,DWORD PTR SS:[EBP-4]
0049B59E |. BA 04000000
MOV EDX,4
0049B5A3 |. E8 308AF6FF CALL Esend.00403FD8
; 把上面取得的4串註冊合併成
一串FD8
0049B5A8
|. 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
0049B5AB
|. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0049B5AE
|. E8 0DD3F6FF CALL Esend.004088C0
; 把串由小寫轉為大寫
.004088C0
0049B5B3
|. 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
0049B5B6
|. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0049B5B9
|. E8 7287F6FF CALL Esend.00403D30
0049B5BE |. 8D45
E0 LEA EAX,DWORD PTR SS:[EBP-20]
0049B5C1 |. E8
7EF3FFFF CALL Esend.0049A944
; 取機器碼,產生501229
0049B5C6 |.
8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
0049B5C9 |.
E8 AAD8F6FF CALL Esend.00408E78
; 501229轉換為十六進位制,
eax=0007A5ED
0049B5CE
|. 8BD0 MOV EDX,EAX
0049B5D0
|. B9 8F000000 MOV ECX,8F
; 8f入ecx,
0049B5D5
|. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
; 註冊碼合併串入eax
0049B5D8 |.
E8 B7F5FFFF CALL Esend.0049AB94
; 關鍵,進入
0049B5DD |.
8BD8 MOV EBX,EAX
0049B5DF |.
A1 580B4A00 MOV EAX,DWORD PTR DS:[4A0B58]
0049B5E4 |. 8858
54 MOV BYTE PTR DS:[EAX+54],BL
0049B5E7 |. A1
580B4A00 MOV EAX,DWORD PTR DS:[4A0B58]
0049B5EC |. 84DB
TEST BL,BL
0049B5EE 75
2C JNZ SHORT Esend.0049B61C
; 關鍵跳轉
0049B5F0 |. 8D45 F8
LEA EAX,DWORD PTR SS:[EBP-8]
0049B5F3 |. BA
90B64900 MOV EDX,Esend.0049B690
0049B5F8 |. E8 3387F6FF
CALL Esend.00403D30
0049B5FD |. 6A 30
PUSH 30
0049B5FF |. 8B45 F8 MOV EAX,DWORD
PTR SS:[EBP-8]
0049B602 |. E8 D58AF6FF CALL Esend.004040DC
0049B607
|. 8BD0 MOV EDX,EAX
0049B609
|. B9 A0B64900 MOV ECX,Esend.0049B6A0
0049B60E |.
A1 8C0A4A00 MOV EAX,DWORD PTR DS:[4A0A8C]
0049B613 |. 8B00
MOV EAX,DWORD PTR DS:[EAX]
0049B615 |.
E8 2E38FBFF CALL Esend.0044EE48
; 出錯框 Es
0049B61A |.
EB 28 JMP SHORT Esend.0049B644
0049B61C |>
A1 580B4A00 MOV EAX,DWORD PTR DS:[4A0B58]
-------------------------------------
關鍵CALL
Esend.0049AB94
0049ABAA
|. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
0049ABAD
|. 8955 F8 MOV DWORD PTR SS:[EBP-8],EDX
0049ABB0
|. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0049ABB3
|. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
; 註冊碼入eax
0049ABB6 |. E8
1195F6FF CALL Esend.004040CC
0049ABBB |. 33C0
XOR EAX,EAX
0049ABBD |. 55
PUSH EBP
0049ABBE |. 68 9AB14900 PUSH
Esend.0049B19A
0049ABC3 |. 64:FF30 PUSH DWORD
PTR FS:[EAX]
0049ABC6 |. 64:8920 MOV DWORD
PTR FS:[EAX],ESP
0049ABC9 |. C645 F3 00 MOV BYTE PTR
SS:[EBP-D],0
0049ABCD |. 8B45 FC MOV EAX,DWORD
PTR SS:[EBP-4] ; 註冊碼入eax
0049ABD0
|. E8 4393F6FF CALL Esend.00403F18
; 取註冊碼位數
0049ABD5
|. 83F8 14 CMP EAX,14
;
註冊碼是否為20位( 5*4=20)
0049ABD8 |. 0F85 89050000 JNZ Esend.0049B167
0049ABDE
|. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
0049ABE1
|. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
; 註冊碼入edx
0049ABE4 |. E8
4791F6FF CALL Esend.00403D30
0049ABE9 |. E8 4AF3F6FF
CALL Esend.00409F38
; 取時間
0049ABEE |. 83C4 F8
ADD ESP,-8
; /
0049ABF1 |. DD1C24
FSTP QWORD PTR SS:[ESP]
; |Arg1 (8-byte)
0049ABF4 |. 9B
WAIT
; |
0049ABF5 |. 8D55 C4 LEA EDX,DWORD
PTR SS:[EBP-3C] ; |
0049ABF8 |.
B8 B4B14900 MOV EAX,Esend.0049B1B4
; |ASCII "hhnnss"
0049ABFD |.
E8 76FFF6FF CALL Esend.0040AB78
; \Esend.0040AB78
0049AC02 |.
8B45 C4 MOV EAX,DWORD PTR SS:[EBP-3C]
; 取當前時間,為時分秒PTR
SS:
0049AC05
|. E8 6EE2F6FF CALL Esend.00408E78
; 時分秒轉為十六進位制,
eax=0002F775
0049AC0A
|. 8BF8 MOV EDI,EAX
0049AC0C
|. BB 01000000 MOV EBX,1
0049AC11 |> 83FF
0A /CMP EDI,0A
0049AC14 |. 7C 59
|JL SHORT Esend.0049AC6F
0049AC16 |. 8B45 EC
|MOV EAX,DWORD PTR SS:[EBP-14]
; 註冊碼入eax
0049AC19 |. E8 FA92F6FF |CALL Esend.00403F18
; 取註冊碼位數
0049AC1E
|. 85C0 |TEST EAX,EAX
0049AC20
|. 7E 2E |JLE SHORT Esend.0049AC50
0049AC22
|. E8 11F3F6FF |CALL Esend.00409F38
0049AC27 |. 83C4
F8 |ADD ESP,-8
; /
0049AC2A
|. DD1C24 |FSTP QWORD PTR SS:[ESP]
; |Arg1 (8-byte)
0049AC2D
|. 9B |WAIT
; |
0049AC2E |. 8D55 C0
|LEA EDX,DWORD PTR SS:[EBP-40] ;
|
0049AC31 |. B8 B4B14900 |MOV EAX,Esend.0049B1B4
; |ASCII "hhnnss"
0049AC36
|. E8 3DFFF6FF |CALL Esend.0040AB78
; \Esend.0040AB78
0049AC3B |.
8B45 C0 |MOV EAX,DWORD PTR SS:[EBP-40]
; 取當前時間AX,DW
0049AC3E |. E8 35E2F6FF
|CALL Esend.00408E78
; 時間轉換為十六進位制,
eax=0002F911
0049AC43
|. 2BC7 |SUB EAX,EDI
; eax與edi相減,即
eax=0002F911-0002F775=19c
I
0049AC45 |. 83F8 0A |CMP EAX,0A
; eax與0a是否相等
0049AC48 0F8F
19050000 JG Esend.0049B167
; 如果eax大於0a則跳走
0049AC4E |. EB
1F |JMP SHORT Esend.0049AC6F
0049AC50 |>
8B45 EC |MOV EAX,DWORD PTR SS:[EBP-14]
0049AC53
|. E8 C092F6FF |CALL Esend.00403F18
0049AC58 |. 3BD8
|CMP EBX,EAX
0049AC5A |. 7D 13
|JGE SHORT Esend.0049AC6F
0049AC5C |. 8D45
E8 |LEA EAX,DWORD PTR SS:[EBP-18]
0049AC5F |. 50
|PUSH EAX
0049AC60 |. B9
01000000 |MOV ECX,1
0049AC65 |. 8BD3
|MOV EDX,EBX
0049AC67 |. 8B45 EC
|MOV EAX,DWORD PTR SS:[EBP-14]
0049AC6A |. E8 B194F6FF |CALL
Esend.00404120
0049AC6F |> 43
|INC EBX
0049AC70 |. 81FB F5010000 |CMP EBX,1F5
0049AC76
|.^ 75 99 \JNZ SHORT Esend.0049AC11
; 以上為取得時間,如兩時間
相差0a,則跳走,所以應在下面斷
I?
0049AC78 |. BB 01000000
MOV EBX,1
0049AC7D |> 8D45 BC /LEA
EAX,DWORD PTR SS:[EBP-44]
0049AC80 |. 50
|PUSH EAX
0049AC81 |. B9 01000000 |MOV ECX,1
0049AC86
|. 8BD3 |MOV EDX,EBX
0049AC88
|. 8B45 EC |MOV EAX,DWORD PTR SS:[EBP-14]
; 註冊碼入eax
0049AC8B |. E8
9094F6FF |CALL Esend.00404120
; 依次取註冊碼第一位、第二
位...
0049AC90
|. 8B45 BC |MOV EAX,DWORD PTR SS:[EBP-44]
0049AC93
|. BA C4B14900 |MOV EDX,Esend.0049B1C4
; Z入edxD
0049AC98 |.
E8 8B93F6FF |CALL Esend.00404028
; 註冊碼各位與Z比較是否相等
404028
0049AC9D
|. 0F87 C4040000 |JA Esend.0049B167
0049ACA3 |. 8D45
B8 |LEA EAX,DWORD PTR SS:[EBP-48]
0049ACA6 |. 50
|PUSH EAX
0049ACA7 |. B9
01000000 |MOV ECX,1
0049ACAC |. 8BD3
|MOV EDX,EBX
0049ACAE |. 8B45 EC
|MOV EAX,DWORD PTR SS:[EBP-14] ; 註冊碼入eax
0049ACB1
|. E8 6A94F6FF |CALL Esend.00404120
; 依次取註冊碼第一位、第二
位...
0049ACB6
|. 8B45 B8 |MOV EAX,DWORD PTR SS:[EBP-48]
0049ACB9
|. BA D0B14900 |MOV EDX,Esend.0049B1D0
; A入edx
0049ACBE |.
E8 6593F6FF |CALL Esend.00404028
; 比較1與A是否相等d.00404
0049ACC3 |.
0F82 9E040000 |JB Esend.0049B167
0049ACC9 |. 43
|INC EBX
0049ACCA |. 83FB 15
|CMP EBX,15
; 以上迴圈21次,檢查註冊碼
是否是A-Z間的字母。
I?
0049ACCD |.^
75 AE \JNZ SHORT Esend.0049AC7D
0049ACCF |.
8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
0049ACD2 |.
8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
; 註冊碼edx
0049ACD5 |. E8 5690F6FF
CALL Esend.00403D30
0049ACDA |. 33F6
XOR ESI,ESI
0049ACDC |. BB 01000000 MOV EBX,1
0049ACE1
|> 8D45 E4 /LEA EAX,DWORD PTR SS:[EBP-1C]
0049ACE4
|. 50 |PUSH EAX
0049ACE5
|. B9 01000000 |MOV ECX,1
0049ACEA |. 8BD3
|MOV EDX,EBX
0049ACEC |. 8B45 E8
|MOV EAX,DWORD PTR SS:[EBP-18]
; 註冊碼入eax
0049ACEF |. E8 2C94F6FF |CALL Esend.00404120
; 依次取1位註冊碼
0049ACF4
|. BA DCB14900 |MOV EDX,Esend.0049B1DC
; 串
GFEDCBANMLKJIHTSRQPOZYXWVU入edx
0049ACF9
|. 8B45 E4 |MOV EAX,DWORD PTR SS:[EBP-1C]
; 串
GFEDCBANMLKJIHTSRQPOZYXWVU入eax
0049ACFC
|. E8 0395F6FF |CALL Esend.00404204
; 檢查註冊碼第N位在上面串的
位置,位置數入eax
I?
0049AD01 |.
8BF8 |MOV EDI,EAX
;
eax入edi,
0049AD03 |. 4F
|DEC EDI
; edi減1D
0049AD04
|. 0FAFFB |IMUL EDI,EBX
;
edi乘註冊碼第N位BX
0049AD07 |. 03F7
|ADD ESI,EDI
; 把結果相加SI,ED
0049AD09 |.
43 |INC EBX
0049AD0A |.
83FB 14 |CMP EBX,14
; 迴圈20次BX,
0049AD0D
|.^ 75 D2 \JNZ SHORT Esend.0049ACE1
; (第N位註冊碼在密碼串中的
位置-1)乘註冊碼第N位,各位相加,併入esi
I?
0049AD0F |. 8BC6
MOV EAX,ESI
; 把esi入eaxSI
0049AD11 |.
B9 1A000000 MOV ECX,1A
; 1A入ecx,
0049AD16
|. 99 CDQ
0049AD17 |.
F7F9 IDIV ECX
; ESI除1A,餘數入edx
0049AD19 |. 42
INC EDX
; 餘數edx增1
0049AD1A
|. 8BF2 MOV ESI,EDX
; edx入esiE
0049AD1C |. 8D45 E4
LEA EAX,DWORD PTR SS:[EBP-1C]
0049AD1F |. 50
PUSH EAX
0049AD20 |. B8 DCB14900 MOV
EAX,Esend.0049B1DC
; 串
GFEDCBANMLKJIHTSRQPOZYXWVU入eax
0049AD25
|. B9 01000000 MOV ECX,1
0049AD2A |. 8BD6
MOV EDX,ESI
; 上面計算的模數減1的值入
edx
0049AD2C
|. E8 EF93F6FF CALL Esend.00404120
; 取第edx位在密碼串中的值
04120
0049AD31
|. 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]
0049AD34
|. 50 PUSH EAX
0049AD35
|. B9 01000000 MOV ECX,1
0049AD3A |. BA 14000000
MOV EDX,14
0049AD3F |. 8B45 E8 MOV
EAX,DWORD PTR SS:[EBP-18] ; 註冊碼入eaxDWOR
0049AD42
|. E8 D993F6FF CALL Esend.00404120
; 取註冊碼最後一位d.004041
0049AD47
|. 8B55 B4 MOV EDX,DWORD PTR SS:[EBP-4C]
; 註冊碼最後一位入edxD PTR
SS
0049AD4A
|. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
; 上面在密碼錶中取得的值入
eaxR
SS:[EBP-1C
0049AD4D |. E8 D692F6FF CALL Esend.00404028
; 比較是否相等end.00
0049AD52
0F85 0F040000 JNZ Esend.0049B167
0049AD58 |. 33F6
XOR ESI,ESI
0049AD5A |. BB 01000000
MOV EBX,1
0049AD5F |> 8D45 E4 /LEA
EAX,DWORD PTR SS:[EBP-1C]
0049AD62 |. 50
|PUSH EAX
0049AD63 |. B9 01000000 |MOV ECX,1
0049AD68
|. 8BD3 |MOV EDX,EBX
0049AD6A
|. 8B45 E8 |MOV EAX,DWORD PTR SS:[EBP-18]
; 註冊碼入eax
0049AD6D |. E8
AE93F6FF |CALL Esend.00404120
0049AD72 |. BA DCB14900
|MOV EDX,Esend.0049B1DC
; ASCII
"GFEDCBANMLKJIHTSRQPOZYXWVU"
0049AD77
|. 8B45 E4 |MOV EAX,DWORD PTR SS:[EBP-1C]
0049AD7A
|. E8 8594F6FF |CALL Esend.00404204
0049AD7F |. 8BF8
|MOV EDI,EAX
0049AD81 |. 4F
|DEC EDI
0049AD82 |. 03F7
|ADD ESI,EDI
0049AD84 |. 43
|INC EBX
0049AD85 |. 83FB 13
|CMP EBX,13
0049AD88 |.^ 75 D5
\JNZ SHORT Esend.0049AD5F ;
註冊碼前面19位按上面生成
一值
0049AD8A
|. 8BC6 MOV EAX,ESI
0049AD8C
|. B9 1A000000 MOV ECX,1A
0049AD91 |. 99
CDQ
0049AD92 |. F7F9
IDIV ECX
0049AD94 |. 42
INC EDX
0049AD95 |. 8BF2
MOV ESI,EDX
0049AD97 |. 8D45 E4
LEA EAX,DWORD PTR SS:[EBP-1C]
0049AD9A |. 50
PUSH EAX
0049AD9B |. B8 DCB14900 MOV
EAX,Esend.0049B1DC
; ASCII
"GFEDCBANMLKJIHTSRQPOZYXWVU"
0049ADA0
|. B9 01000000 MOV ECX,1
0049ADA5 |. 8BD6
MOV EDX,ESI
0049ADA7 |. E8 7493F6FF
CALL Esend.00404120
0049ADAC |. 8D45 B0
LEA EAX,DWORD PTR SS:[EBP-50]
0049ADAF |. 50
PUSH EAX
0049ADB0 |. B9 01000000 MOV
ECX,1
0049ADB5 |. BA 13000000 MOV EDX,13
0049ADBA |.
8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
; 註冊碼入eax
0049ADBD |. E8 5E93F6FF
CALL Esend.00404120
; 取註冊碼第19位
0049ADC2 |. 8B55 B0
MOV EDX,DWORD PTR SS:[EBP-50]
0049ADC5 |. 8B45 E4
MOV EAX,DWORD PTR SS:[EBP-1C]
0049ADC8 |. E8
5B92F6FF CALL Esend.00404028
0049ADCD 0F85 94030000
JNZ Esend.0049B167
0049ADD3 |. 8D45 E8 LEA
EAX,DWORD PTR SS:[EBP-18]
0049ADD6 |. 50
PUSH EAX
0049ADD7 |. B9 12000000 MOV ECX,12
0049ADDC
|. BA 01000000 MOV EDX,1
0049ADE1 |. 8B45 FC
MOV EAX,DWORD PTR SS:[EBP-4]
; 註冊碼入eax
0049ADE4 |. E8 3793F6FF
CALL Esend.00404120
; 取註冊碼18位在密碼錶中的
位置
0049ADE9
|. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
0049ADEC
|. E8 A78EF6FF CALL Esend.00403C98
0049ADF1 |. BB
01000000 MOV EBX,1
0049ADF6 |> 8D45 AC
/LEA EAX,DWORD PTR SS:[EBP-54]
0049ADF9 |. 50
|PUSH EAX
0049ADFA |. BA 12000000
|MOV EDX,12
0049ADFF |. 2BD3 |SUB
EDX,EBX
0049AE01 |. 42 |INC
EDX
0049AE02 |. B9 01000000 |MOV ECX,1
0049AE07 |.
8B45 E8 |MOV EAX,DWORD PTR SS:[EBP-18]
0049AE0A
|. E8 1193F6FF |CALL Esend.00404120
0049AE0F |. 8B55
AC |MOV EDX,DWORD PTR SS:[EBP-54]
0049AE12 |. 8D45
EC |LEA EAX,DWORD PTR SS:[EBP-14]
0049AE15 |. E8
0691F6FF |CALL Esend.00403F20
0049AE1A |. 43
|INC EBX
0049AE1B |. 83FB 13
|CMP EBX,13
0049AE1E |.^ 75 D6
\JNZ SHORT Esend.0049ADF6
0049AE20 |. 8D45 E8
LEA EAX,DWORD PTR SS:[EBP-18]
0049AE23 |. 8B55 EC
MOV EDX,DWORD PTR SS:[EBP-14]
0049AE26 |. E8 058FF6FF
CALL Esend.00403D30
0049AE2B |. 8D45 EC LEA
EAX,DWORD PTR SS:[EBP-14]
0049AE2E |. E8 658EF6FF CALL Esend.00403C98
0049AE33
|. BB 01000000 MOV EBX,1
0049AE38 |> FF75
EC /PUSH DWORD PTR SS:[EBP-14]
0049AE3B |. 8D45
A8 |LEA EAX,DWORD PTR SS:[EBP-58]
0049AE3E |. 50
|PUSH EAX
0049AE3F |. B9
01000000 |MOV ECX,1
0049AE44 |. 8BD3
|MOV EDX,EBX
0049AE46 |. 8B45 E8
|MOV EAX,DWORD PTR SS:[EBP-18]
0049AE49 |. E8 D292F6FF |CALL
Esend.00404120
0049AE4E |. FF75 A8 |PUSH DWORD
PTR SS:[EBP-58]
0049AE51 |. 8D45 A4 |LEA EAX,DWORD
PTR SS:[EBP-5C]
0049AE54 |. 50
|PUSH EAX
0049AE55 |. 8D53 09 |LEA EDX,DWORD
PTR DS:[EBX+9]
0049AE58 |. B9 01000000 |MOV ECX,1
0049AE5D
|. 8B45 E8 |MOV EAX,DWORD PTR SS:[EBP-18]
0049AE60
|. E8 BB92F6FF |CALL Esend.00404120
0049AE65 |. FF75
A4 |PUSH DWORD PTR SS:[EBP-5C]
0049AE68 |. 8D45
EC |LEA EAX,DWORD PTR SS:[EBP-14]
0049AE6B |. BA
03000000 |MOV EDX,3
0049AE70 |. E8 6391F6FF |CALL
Esend.00403FD8
0049AE75 |. 43
|INC EBX
0049AE76 |. 83FB 13 |CMP EBX,13
0049AE79
|.^ 75 BD \JNZ SHORT Esend.0049AE38
0049AE7B
|. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
0049AE7E
|. 50 PUSH EAX
0049AE7F
|. B9 0F000000 MOV ECX,0F
三、總結
這是一個不錯不國產軟體,為了防止破解擴散,只公開前面兩部分的註冊演算法分析。
這個軟體有一處反跟蹤程式碼,是透過判斷兩次時間差,如發現有兩次時間差超過10秒,則會直接出錯。
密碼錶:GFEDCBANMLKJIHTSRQPOZYXWVU
m1m2m3''MI''''m25m26
註冊碼:s1s2s3'''sN''s18s19s20
1、註冊碼第N位在密碼串的位置數I,位置數I入eax,並計算:
X=0,
for(i=0;i<21;i++)
{
X=X+(I-1)*註冊碼第N位;
}
註冊碼依次查表,並把各位相加為X,最後取(X/26)的模數,然後模數加1,得數Y,在密碼錶中取第Y位字母,與註冊第20比較
2、註冊碼第N位在密碼串的位置數I,位置數I入eax,並計算:
X=0;
for(i=0;i<20;i++)
{
X=X+(I-1)
}
(註冊碼第N位在密碼串中的位置數-1)並各相加,註冊碼第20位不參與運算。最後取(X/26)的模數,然後模數加1,得數Y,密碼錶中取第Y位字母,與註冊碼第19比較.
相關文章
- 漢化 Email 認證郵件2018-09-16AI
- HTML input email郵箱域2018-10-28HTMLAI
- HTML input email 郵箱域2018-10-28HTMLAI
- Xamarin Essentials教程傳送郵件Email2018-07-06AI
- 使用Apache commons email傳送郵件2020-06-16ApacheAI
- 使用oracle job定時傳送email郵件2019-03-26OracleAI
- 郵箱/郵件地址的正規表示式及分析(JavaScript,email,regex)2018-03-12JavaScriptAI
- 記一次jenkins傳送郵件報錯 一直報錯 Could not send email as a part of the post-build publishers問題2022-04-17JenkinsAIUI
- win10 email配置qq郵箱如何操作_win10郵箱怎麼新增qq郵箱2020-07-21Win10AI
- 郵件地址提取軟體:eMail Address Extractor for Mac2024-01-02AIMac
- js實現的email郵箱格式驗證程式碼2017-02-11JSAI
- 如何在網頁上隱藏你的Email郵件地址2014-01-18網頁AI
- 使用 email-ext 替換 Jenkins 的預設郵件通知2019-08-10AIJenkins
- 用 apache commons-email 輕鬆傳送無亂碼郵件2015-10-29ApacheAI
- 竊取郵件內容 破解Email賬號的三種方法(轉)2007-08-12AI
- Docker自建Email伺服器-已購域名上私人郵件系統2024-03-12DockerAI伺服器
- 趣文:TCP/IP 之 大明王朝郵差2016-05-14TCP
- eMail Address Extractor for Mac(郵件地址提取器) v3.5.2啟用版2021-02-03AIMac
- eMail Address Extractor for Mac(郵件地址提取器) v3.5.6啟用版2021-02-20AIMac
- 關於使用者 email 郵件地址是否允許有加號的問題2022-09-17AI
- Sugarcrm Email Integration2013-11-12AI
- Delphi發email2009-08-31AI
- 郵件地址提取軟體:eMail Address Extractor for Mac v4.4免啟用版2023-11-17AIMac
- 郵件地址提取軟體:eMail Address Extractor for Mac v4.5免啟用版2023-11-24AIMac
- 64億封假郵件、120億美元損失 虛假電子郵件困擾全球2018-09-12
- Commons Email 【Z】2011-04-18AI
- jquery 驗證email2010-11-04jQueryAI
- 用oracle發email2004-06-17OracleAI
- Put email in its place2013-04-06AI
- 獨立精品《郵差騎士》7月10日安卓首發2019-07-10安卓
- 0225Snapshot Too Old Error ora-01555.txt2015-02-26Error
- 系統中沒有郵件客戶端設定autoLink=email會掛掉的問題2013-12-22客戶端AI
- 從“魚虎”相爭到“魚虎”幫,看遊戲直播的風雲變幻2020-06-17遊戲
- 必虎路由器mini怎麼樣?必虎路由器mini評測2017-01-20路由器
- HTML Email的編寫2019-12-12HTMLAI
- apache 傳送email demo2017-04-19ApacheAI
- HTML Email 編寫指南2013-06-16HTMLAI
- Oracle stored procedure to send email2004-10-10OracleAI