Source Insight 3.5 演算法簡單分析
標 題:Source Insight 3.5 演算法簡單分析
發信人:wzh123
時 間:2003年10月17日 10:51
詳細資訊:
Source Insight 3.5 演算法簡單分析
cracker:wzh123
下載:http://www.sourceinsight.com/index.html
簡介:是一個C++開發環境,有著和Dev c++一樣漂亮的介面,提供程式碼的編輯和察看功能,具有豐富的語法加亮功能,可以像VC一樣自動彈出成員函式的提示,並具有快速方便的函式跳轉功能(但是跳轉速度似乎有點慢)。只是預設設定不適合時,需要仔細的調整和修改。無法查詢經typedef之後的名字。
作者申明:只是學習,無其他目的。初學破解,錯誤在所難免,寫的也很亂,請各位包涵,也請各位高手指教。好久沒玩破解了,手都生了,逮個簡單的練練手。這個軟體是vc編的,無殼,演算法不難,用W32dasm反編譯可以很快定位到關鍵點,然後可用ollydbg下斷。輸入假碼“SI3US-123456-78901”,為什麼這樣輸入,經過分析你就可以知道了,一下是我跟蹤後做的筆記,很粗,但基本上反映了整個註冊的流程。
:00445D7C 683CC85800 push 0058C83C
:00445D81 E8AC4EFFFF call 0043AC32
:00445D86 683CC85800 push 0058C83C
:00445D8B E81E1D0D00 call 00517AAE
:00445D90 59 pop ecx
:00445D91 683CC85800 push 0058C83C =======>假碼入棧
:00445D96 E848C6FFFF call 004423E3 =======>關鍵call(1),追入
:00445D9B 85C0 test eax, eax =======>比較eax是否為零
:00445D9D 7450 je 00445DEF =======>是0就跳,失敗
:00445D9F 683CC85800 push 0058C83C =======>不為0,成功,寫入登錄檔
* Possible StringData Ref from Data Obj ->"SerialNumber"
|
:00445DA4 683C5A5600 push 00565A3C
:00445DA9 FF355C025700 push dword ptr [0057025C]
:00445DAF E8FADDFEFF call 00433BAE =======>寫登錄檔
:00445DB4 85C0 test eax, eax
:00445DB6 751B jne 00445DD3 =======>登錄檔寫成功就跳
* Possible StringData Ref from Data Obj ->"You need permission to modify "
->"the HKEY_LOCAL_MACHINE registry "
->"hive.
Please run Source Insight "
->"again while logged in as an Administrator "
->"or equivalent user."
|
:00445DB8 6820BE5200 push 0052BE20
:00445DBD E81022FCFF call 00407FD2
:00445DC2 59 pop ecx
:00445DC3 68E8030000 push 000003E8
* Reference To: KERNEL32.Sleep, Ord:0329h
|
:00445DC8 FF15DC325200 Call dword ptr [005232DC]
:00445DCE E9C0FEFFFF jmp 00445C93
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00445DB6(C)
|
:00445DD3 832524C8580000 and dword ptr [0058C824], 00000000
:00445DDA E8B9BAFFFF call 00441898
* Possible StringData Ref from Data Obj ->"Thank you for registering Source "=====>哈哈,成功之門
->"Insight!"
|
:00445DDF 68C0BE5200 push 0052BEC0
:00445DE4 E82923FCFF call 00408112
:00445DE9 59 pop ecx
:00445DEA 6A01 push 00000001
:00445DEC 58 pop eax
:00445DED EB1D jmp 00445E0C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00445D9D(C)
|
* Possible StringData Ref from Data Obj ->"You typed an invalid serial number."====>失敗
|
:00445DEF 68ECBE5200 push 0052BEEC
:00445DF4 E8D921FCFF call 00407FD2
:00445DF9 59 pop ecx
:00445DFA 68E8030000 push 000003E8
* Reference To: KERNEL32.Sleep, Ord:0329h
|
:00445DFF FF15DC325200 Call dword ptr [005232DC]
:00445E05 E989FEFFFF jmp 00445C93
===================關鍵call(1)======================
:004423E3 55 push ebp
:004423E4 8BEC mov ebp, esp
:004423E6 83EC18 sub esp, 00000018
:004423E9 57 push edi
:004423EA 6A2D push 0000002D =======> "-"入棧
:004423EC FF7508 push [ebp+08] =======> 假碼"SI3US-123456-78901"入棧
:004423EF E89C460D00 call 00516A90 =======>這個call檢查輸入的註冊碼中是否含"-"
:004423F4 59 pop ecx
:004423F5 59 pop ecx
:004423F6 8945F8 mov dword ptr [ebp-08], eax
:004423F9 837DF800 cmp dword ptr [ebp-08], 00000000
:004423FD 7507 jne 00442406 =======>這裡要跳,否則失敗,所以註冊碼中含"-"
:004423FF 33C0 xor eax, eax
:00442401 E905010000 jmp 0044250B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004423FD(C)
|
:00442406 8B55F8 mov edx, dword ptr [ebp-08] =======>"-123456-78901"=>edx
:00442409 2B5508 sub edx, dword ptr [ebp+08]
* Possible StringData Ref from Data Obj ->"SI3US"
|
:0044240C BFD42F5600 mov edi, 00562FD4 =======>"SI3US"=>edi
:00442411 83C9FF or ecx, FFFFFFFF
:00442414 33C0 xor eax, eax
:00442416 F2 repnz
:00442417 AE scasb
:00442418 F7D1 not ecx
:0044241A 49 dec ecx
:0044241B 3BD1 cmp edx, ecx ======>上面這一段為了說明註冊碼的格式,即註冊碼的第一部分有五位
:0044241D 7407 je 00442426 =======>要跳
:0044241F 33C0 xor eax, eax
:00442421 E9E5000000 jmp 0044250B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044241D(C)
|
* Possible StringData Ref from Data Obj ->"SI3US"
|
:00442426 BFD42F5600 mov edi, 00562FD4
:0044242B 83C9FF or ecx, FFFFFFFF
:0044242E 33C0 xor eax, eax
:00442430 F2 repnz
:00442431 AE scasb
:00442432 F7D1 not ecx
:00442434 49 dec ecx
:00442435 51 push ecx
* Possible StringData Ref from Data Obj ->"SI3US"
|
:00442436 68D42F5600 push 00562FD4 =======>"SI3US"入棧
:0044243B FF7508 push [ebp+08] =======>假碼"SI3US-123456-78901"入棧
:0044243E E88420FDFF call 004144C7 =======>比較前五位,所以真碼的前五位為"SI3US"
:00442443 85C0 test eax, eax
:00442445 7507 jne 0044244E =======>要跳
:00442447 33C0 xor eax, eax
:00442449 E9BD000000 jmp 0044250B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00442445(C)
|
:0044244E 8B45F8 mov eax, dword ptr [ebp-08]
:00442451 40 inc eax
:00442452 8945F8 mov dword ptr [ebp-08], eax
:00442455 8B45F8 mov eax, dword ptr [ebp-08]
:00442458 8945F0 mov dword ptr [ebp-10], eax
:0044245B 6A2D push 0000002D =======>"-"入棧
:0044245D FF75F8 push [ebp-08] =======>假碼"123456-78901"入棧
:00442460 E82B460D00 call 00516A90 =======>檢查是否含有"-"
:00442465 59 pop ecx
:00442466 59 pop ecx
:00442467 8945EC mov dword ptr [ebp-14], eax
:0044246A 837DEC00 cmp dword ptr [ebp-14], 00000000
:0044246E 7507 jne 00442477 =======>要跳
:00442470 33C0 xor eax, eax
:00442472 E994000000 jmp 0044250B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044246E(C)
|
:00442477 8B45EC mov eax, dword ptr [ebp-14]
:0044247A 802000 and byte ptr [eax], 00
:0044247D 8B45EC mov eax, dword ptr [ebp-14]
:00442480 2B45F0 sub eax, dword ptr [ebp-10]
:00442483 83F806 cmp eax, 00000006 ======>中間的註冊碼有6位
:00442486 7404 je 0044248C ======>要跳
:00442488 33C0 xor eax, eax
:0044248A EB7F jmp 0044250B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00442486(C)
|
:0044248C 8B45F0 mov eax, dword ptr [ebp-10]
:0044248F 8945E8 mov dword ptr [ebp-18], eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004424B3(U)
|
:00442492 8B45E8 mov eax, dword ptr [ebp-18]
:00442495 0FB600 movzx eax, byte ptr [eax]
:00442498 8B4DF0 mov ecx, dword ptr [ebp-10]
:0044249B 0FB609 movzx ecx, byte ptr [ecx]
:0044249E 3BC1 cmp eax, ecx
:004424A0 7513 jne 004424B5
:004424A2 8B45E8 mov eax, dword ptr [ebp-18]
:004424A5 0FB600 movzx eax, byte ptr [eax]
:004424A8 85C0 test eax, eax
:004424AA 7409 je 004424B5
:004424AC 8B45E8 mov eax, dword ptr [ebp-18]
:004424AF 40 inc eax
:004424B0 8945E8 mov dword ptr [ebp-18], eax
:004424B3 EBDD jmp 00442492 ========判斷註冊碼第二部分各位不全等
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004424A0(C), :004424AA(C)
|
:004424B5 8B45E8 mov eax, dword ptr [ebp-18]
:004424B8 0FB600 movzx eax, byte ptr [eax]
:004424BB F7D8 neg eax
:004424BD 1BC0 sbb eax, eax
:004424BF 40 inc eax
:004424C0 85C0 test eax, eax
:004424C2 7404 je 004424C8
:004424C4 33C0 xor eax, eax
:004424C6 EB43 jmp 0044250B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004424C2(C)
|
:004424C8 8B45EC mov eax, dword ptr [ebp-14]
:004424CB 40 inc eax
:004424CC 8945F4 mov dword ptr [ebp-0C], eax
:004424CF 8B7DF4 mov edi, dword ptr [ebp-0C]
:004424D2 83C9FF or ecx, FFFFFFFF
:004424D5 33C0 xor eax, eax
:004424D7 F2 repnz
:004424D8 AE scasb
:004424D9 F7D1 not ecx
:004424DB 49 dec ecx
:004424DC 83F905 cmp ecx, 00000005 =======>表示最後一部分註冊碼有五位,所以註冊碼格式為SI3US-******-*****
:004424DF 7404 je 004424E5 =======>要跳
:004424E1 33C0 xor eax, eax
:004424E3 EB26 jmp 0044250B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004424DF(C)
|
:004424E5 FF75F0 push [ebp-10] =======>假碼第二部分"123456"入棧
:004424E8 E850E00A00 call 004F053D =======>關鍵call(2)
:004424ED 8945FC mov dword ptr [ebp-04], eax
======>"123456"變換碼"168DB"=>[ebp-04]
:004424F0 FF75F4 push [ebp-0C] =======>假碼第三部分"78901"入棧
:004424F3 E87A450D00 call 00516A72 =======>將"78901"轉為十六進位制"13435"
:004424F8 59 pop ecx
:004424F9 3945FC cmp dword ptr [ebp-04], eax====>這裡關鍵比較,相等則註冊成功
:004424FC 7404 je 00442502
:004424FE 33C0 xor eax, eax
:00442500 EB09 jmp 0044250B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004424FC(C)
|
:00442502 8B45EC mov eax, dword ptr [ebp-14]
:00442505 C6002D mov byte ptr [eax], 2D
:00442508 6A01 push 00000001
:0044250A 58 pop eax
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00442401(U), :00442421(U), :00442449(U), :00442472(U), :0044248A(U)
|:004424C6(U), :004424E3(U), :00442500(U)
|
:0044250B 5F pop edi
:0044250C C9 leave
:0044250D C20400 ret 0004
=====================================call(2)============================================
:004F053D 55 push ebp
:004F053E 8BEC mov ebp, esp
:004F0540 83EC10 sub esp, 00000010
:004F0543 FF7508 push [ebp+08]
:004F0546 E827650200 call 00516A72 =======>"123456"轉換為十六進位制"1E240"
:004F054B 59 pop ecx
:004F054C 8945F0 mov dword ptr [ebp-10], eax
:004F054F 8B45F0 mov eax, dword ptr [ebp-10]
:004F0552 8945FC mov dword ptr [ebp-04], eax
:004F0555 8365F400 and dword ptr [ebp-0C], 00000000
:004F0559 8B4508 mov eax, dword ptr [ebp+08]
:004F055C 8945F8 mov dword ptr [ebp-08], eax
:004F055F EB07 jmp 004F0568
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F059C(U)
|
:004F0561 8B45F8 mov eax, dword ptr [ebp-08]
:004F0564 40 inc eax
:004F0565 8945F8 mov dword ptr [ebp-08], eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F055F(U)
|
:004F0568 8B45F8 mov eax, dword ptr [ebp-08] =======>"123456"==>eax
:004F056B 0FB600 movzx eax, byte ptr [eax] =======>依次取"123456"=>eax
:004F056E 85C0 test eax, eax
:004F0570 742C je 004F059E
:004F0572 8B45F8 mov eax, dword ptr [ebp-08]
:004F0575 0FB600 movzx eax, byte ptr [eax]
:004F0578 8B4DF4 mov ecx, dword ptr [ebp-0C] =======>ecx=0
:004F057B 33048DDC2F5600 xor eax, dword ptr [4*ecx+00562FDC]
1、31^96=A7==>eax
2、32^95=A7==>eax
3、33^10=23==>eax
4、34^23=17==>eax
5、35^7=32==>eax
6、35^15=23==>eax
============================[00562FDC]處記憶體===============================
00562FDC 96 00 00 00 95 00 00 00 10 00 00 00 23 00 00 00 ?..?.....#... 0
00562FEC 07 00 00 00 15 00 00 00 08 00 00 00 03 00 00 00 ............
00562FFC 10 00 00 00 11 00 00 00 01 00 00 00 53 65 72 76 .........Serv
===========================================================================
:004F0582 8B4DFC mov ecx, dword ptr [ebp-04]
:004F0585 8D0488 lea eax, dword ptr [eax+4*ecx]
1、eax=A7+4*1E240=789A7
2、eax=A7+4*789A7=1E2743
3、eax=23+4*1E2743=789D2F
4、eax=17+4*789D2F=1E274D3
5、eax=32+4*1E274D3=789D37E
6、eax=23+4*789D37E=1E274E1B
:004F0588 8945FC mov dword ptr [ebp-04], eax
:004F058B 8B45F4 mov eax, dword ptr [ebp-0C]
:004F058E 40 inc eax
:004F058F 8945F4 mov dword ptr [ebp-0C], eax
:004F0592 837DF40A cmp dword ptr [ebp-0C], 0000000A
:004F0596 7504 jne 004F059C
:004F0598 8365F400 and dword ptr [ebp-0C], 00000000
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F0596(C)
|
:004F059C EBC3 jmp 004F0561 ========迴圈
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F0570(C)
|
:004F059E 8B45FC mov eax, dword ptr [ebp-04] =======>"1E274E1B"==>eax
:004F05A1 33D2 xor edx, edx =======>edx清零
:004F05A3 B9A0860100 mov ecx, 000186A0 "186A0"==>ecx
:004F05A8 F7F1 div ecx 1E274E1B/186A0
:004F05AA 8BC2 mov eax, edx 餘數為"168DB"==>eax
:004F05AC C9 leave
:004F05AD C20400 ret 0004
演算法總結:
1、註冊碼格式為SI3US-m1m2m3m4m5m6-m7m8m9m10m11
2、將m1m2m3m4m5m6變換得到sn1
3、將m7m8m9m10m11轉為十六進位制得到sn2
4、sn1=sn2,則註冊成功
5、註冊碼放在
HKEY_LOCAL_MACHINESOFTWARESource DynamicsSource Insight3.0InstallSerialNumber下,刪除後可以重新註冊。
一個可用的註冊碼SI3US-123456-92379
注:不知道這個軟體還有沒有暗樁,我沒用過所以不知道,誰有興趣可以看一看。
相關文章
- Source Insight 4.0 最簡單的破解安裝2018-01-18
- Source Insight:使用Source Insight檢視C/C++原始碼2013-09-03C++原始碼
- source insight使用教程2017-05-05
- 給Source Insight做個外掛之一--發現Source Insight2006-08-20
- source insight4配置2024-03-14
- Source Insight縮排設定2016-09-09
- Source insight擴充套件宏使用2018-11-15套件
- Source Insight4.0破解,完美支援中文2017-11-12
- Teleport
pro 演算法簡單分析2004-07-15演算法
- Source insight 的一些命令總結2018-02-06
- Source Insight崩潰的解決辦法2017-04-14
- 使用Source Insight閱讀C++程式碼2016-11-02C++
- 小試Source Insight的巨集程式設計2015-05-19程式設計
- 讓source insight支援C++原始檔*.cc2013-05-17C++
- 三步完成Source Insight 4.0 破解安裝2018-06-01
- Source Insight 4.0 一些常用設定記錄2020-12-29
- 配置Source Insight閱讀PHP專案的程式碼2015-07-16PHP
- 心理測試小精靈
3.5演算法分析2004-05-30演算法
- Ruei (Real User Experience Insight) 簡單學習總結2010-04-06
- source insight中使用astyle的程式碼的格式化2018-04-20AST
- Source Insight小技巧:修改Symbol Window的預設寬度2017-06-15Symbol
- source insight c++ namespace 無法跳轉解決方法2017-11-25C++namespace
- DeTitle V1.33簡單演算法分析2003-08-06演算法
- Disk
Chief 1.2 簡單註冊演算法分析2015-11-15演算法
- 簡單演算法---A Speeder
V2.5破解的簡要分析!2015-11-15演算法
- 簡單演算法2024-08-09演算法
- powerarchiver 8.00.58 之不完全破解+簡單演算法分析2015-11-15Hive演算法
- Instyler Ex-it!
漢化版 1.64 簡單演算法分析2015-11-15演算法
- ExplosionField簡單分析2017-03-05
- Instant Source 註冊演算法分析+註冊器原始碼2015-11-15演算法原始碼
- 簡單排序演算法2020-11-27排序演算法
- 簡單演算法:迷你網路電視演算法分析 (8千字)2015-11-15演算法
- mr原理簡單分析2020-08-23
- SSRF漏洞簡單分析2020-07-16
- 簡單陰影分析2020-12-27
- Dubbo原理簡單分析2017-04-13
- 非常小巧而又強悍的C/C++程式碼檢視器:Source Insight2011-01-03C++
- Insight API開源專案分析2020-11-26API