系統優化大師12.15 重啟驗證的演算法分析

看雪資料發表於2015-11-15
優化演算法

註冊碼部分的演算法我就不寫了,因為它和以前的版本一樣,如果想知道的朋友可以看我以前發的貼http://tongtian.net/pediybbs/viewtopic.php?t=1527&highlight=%D0%A1%B5%DA%B3%F5,,只是這一版加入了許多陷阱:
1.當你輸入定單號123456之後隨便輸入註冊碼就可以註冊成功,難道真的成功了嗎????
2.加入"謝謝您的註冊,請連網驗證"等騙人的字串.
3.也是最重要的重起驗證,重起時檢測key0oi1l.sys(註冊後生成的檔案)中的註冊資訊,當前兩位定單號等於19或20時,並且定單號=7位才可以註冊成功.

以下就是重起驗證的部分.
定單號1234567,註冊碼:leozem[YCG]

搜尋呼叫字元key0oi1l.sys,然後來到下面。
* Possible StringData Ref from Code Obj ->"syssetup"
                                  |
:004F8E92 BAC0994F00              mov edx, 004F99C0
:004F8E97 8BC3                    mov eaxebx
:004F8E99 8B30                    mov esidword ptr [eax]
:004F8E9B FF16                    call dword ptr [esi]
:004F8E9D 8B8510FEFFFF            mov eaxdword ptr [ebp+FFFFFE10]-----定單號進EAX
:004F8EA3 E8CC03F1FF              call 00409274---------追
:004F8EA8 3DBFC62D00              cmp eax, 002DC6BF-----EAX=12D687與002DC6BF比
:004F8EAD 7D50                    jge 004F8EFF----------大於或等於則跳到未註冊
:004F8EAF 6A00                    push 00000000
:004F8EB1 8D850CFEFFFF            lea eaxdword ptr [ebp+FFFFFE0C]
:004F8EB7 50                      push eax
:004F8EB8 B9B4994F00              mov ecx, 004F99B4

* Possible StringData Ref from Code Obj ->"syssetup"
                                  |
:004F8EBD BAC0994F00              mov edx, 004F99C0
:004F8EC2 8BC3                    mov eaxebx
:004F8EC4 8B18                    mov ebxdword ptr [eax]
:004F8EC6 FF13                    call dword ptr [ebx]
:004F8EC8 8B850CFEFFFF            mov eaxdword ptr [ebp+FFFFFE0C]-----定單號進EAX
:004F8ECE E8A103F1FF              call 00409274---------重複上面的迴圈
:004F8ED3 3D7F231B00              cmp eax, 001B237F-----EAX=12D687與001B237F比
:004F8ED8 7E25                    jle 004F8EFF----------小於或等於則跳到未註冊
:004F8EDA 8B45FC                  mov eaxdword ptr [ebp-04]
:004F8EDD 8B8034030000            mov eaxdword ptr [eax+00000334]
:004F8EE3 8B8008020000            mov eaxdword ptr [eax+00000208]
:004F8EE9 BA01000000              mov edx, 00000001
:004F8EEE E8C5E8F7FF              call 004777B8

* Possible StringData Ref from Code Obj ->"軟體已註冊"
                                  |
:004F8EF3 BAD4994F00              mov edx, 004F99D4
:004F8EF8 E817E8F7FF              call 00477714
:004F8EFD EB48                    jmp 004F8F47

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004F8EAD(C), :004F8ED8(C)
|
:004F8EFF 8B45FC                  mov eaxdword ptr [ebp-04]
:004F8F02 8B8034030000            mov eaxdword ptr [eax+00000334]
:004F8F08 8B8008020000            mov eaxdword ptr [eax+00000208]
:004F8F0E BA01000000              mov edx, 00000001
:004F8F13 E8A0E8F7FF              call 004777B8

* Possible StringData Ref from Code Obj ->"軟體未註冊"
                                  |
:004F8F18 BAE8994F00              mov edx, 004F99E8
:004F8F1D E8F2E7F7FF              call 00477714
:004F8F22 EB23                    jmp 004F8F47
------------------------------------------------------------------------------------------
|
:00409274 53                      push ebx
:00409275 56                      push esi
:00409276 83C4F4                  add esp, FFFFFFF4
:00409279 8BD8                    mov ebxeax
:0040927B 8BD4                    mov edxesp
:0040927D 8BC3                    mov eaxebx
:0040927F E824A0FFFF              call 004032A8-----再追
:00409284 8BF0                    mov esieax
:00409286 833C2400                cmp dword ptr [esp], 00000000
----------------------------------------------------------------------------------------
* Referenced by a CALL at Addresses:
|:0040927F   , :004092B6   
|
:004032A8 53                      push ebx
:004032A9 56                      push esi
:004032AA 57                      push edi
:004032AB 89C6                    mov esieax-------定單號
:004032AD 50                      push eax
:004032AE 85C0                    test eaxeax-------定單號是否存在
:004032B0 746C                    je 0040331E------不在則跳
:004032B2 31C0                    xor eaxeax----清零
:004032B4 31DB                    xor ebxebx----清零
:004032B6 BFCCCCCC0C              mov edi, 0CCCCCCC

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004032C1(C)
|
:004032BB 8A1E                    mov blbyte ptr [esi]-----定單號第一位1的ASCLL碼31進BL
:004032BD 46                      inc esi----------計數器加1
:004032BE 80FB20                  cmp bl, 20------第一位是否等於空格
:004032C1 74F8                    je 004032BB-----是則跳
:004032C3 B500                    mov ch, 00
:004032C5 80FB2D                  cmp bl, 2D-------是否等於-
:004032C8 7462                    je 0040332C------是則跳
:004032CA 80FB2B                  cmp bl, 2B-------是否等於+
:004032CD 745F                    je 0040332E------是則跳
:004032CF 80FB24                  cmp bl, 24-------是否等於$
:004032D2 745F                    je 00403333------是則跳
:004032D4 80FB78                  cmp bl, 78-------是否等於x
:004032D7 745A                    je 00403333------是則跳
:004032D9 80FB58                  cmp bl, 58-------是否等於X
:004032DC 7455                    je 00403333------是則跳
:004032DE 80FB30                  cmp bl, 30-------是否等於0
:004032E1 7513                    jne 004032F6-----不是則跳
:004032E3 8A1E                    mov blbyte ptr [esi]
:004032E5 46                      inc esi
:004032E6 80FB78                  cmp bl, 78
:004032E9 7448                    je 00403333
:004032EB 80FB58                  cmp bl, 58
:004032EE 7443                    je 00403333
:004032F0 84DB                    test blbl
:004032F2 7420                    je 00403314
:004032F4 EB04                    jmp 004032FA

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004032E1(C), :00403331(U)
|
:004032F6 84DB                    test blbl------定單號第一位是否存在
:004032F8 742D                    je 00403327------不在則跳

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004032F4(U), :00403312(C)
|
:004032FA 80EB30                  sub bl, 30-------BL-30=BL
:004032FD 80FB09                  cmp bl, 09-------與9比
:00403300 7725                    ja 00403327------大於則跳
:00403302 39F8                    cmp eaxedi-----EAX與EDI=0CCCCCCC比
:00403304 7721                    ja 00403327------大於則跳
:00403306 8D0480                  lea eaxdword ptr [eax+4*eax]----EAX=EAX*4+EAX=EAX*5
:00403309 01C0                    add eaxeax-----EAX=EAX*2
:0040330B 01D8                    add eaxebx-----EAX=EAX+EBX
:0040330D 8A1E                    mov blbyte ptr [esi]-----依次取第一位後的定單號ASCLL碼進BL
:0040330F 46                      inc esi-------計數器加1
:00403310 84DB                    test blbl-------ESI的定單號是否取完
:00403312 75E6                    jne 004032FA------沒有完繼續迴圈取,取完後得出EAX=12D687

* Referenced by a (U)nconditional or (C)onditional Jump at Address:


相關文章