AnimateIt Screen Saver Toolkit(Ver 2.02)
AnimateIt Screen Saver Toolkit(Ver 2.02)是一款製作屏保的工具,它也能
夠提供聲音影像的功能.更有一點就是,它能夠讓你自由的釋出屏保或者以收費
的方式傳送!前提是你要註冊!你可以在http://www.allersoft.com得到該軟體的
更多資訊!
需要注意的是這個軟體有兩個版本就是Standard Edition和Power Edition,可
能跟輸入的註冊碼有關!
好了,開啟軟體,在Ordering Info下輸入:
Registered:dengkeng
Registration:123456
下斷點
bpx hmemcpy
點選Register,攔截下來
bc *
pmodule
看看領空名字不是Launcher,而是Animateit,這一點需要注意.搜尋Animateit
是屏保的字尾名.scr,想必就是它了開啟它!我們看到了我們需要的字元"Thank
you for registering for the Standard Edition of %s %s"
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414739(C)
|
:0041476C 56 push esi
:0041476D 8D4C2410 lea ecx, dword ptr [esp+10]
:00414771 E8DCF90500 call 00474152
:00414776 8B8F90000000 mov ecx, dword ptr [edi+00000090]
:0041477C C744241800000000 mov [esp+18], 00000000
:00414784 51 push ecx
:00414785 51 push ecx
:00414786 8BCC mov ecx, esp
:00414788 89642410 mov dword ptr [esp+10], esp
:0041478C 56 push esi
:0041478D E8C0F90500 call 00474152
:00414792 E85997FFFF call 0040DEF0 ;關鍵Call,跟進
:00414797 83C408 add esp, 00000008
:0041479A 83F801 cmp eax, 00000001
:0041479D 7542 jne 004147E1
:0041479F 8D4C2408 lea ecx, dword ptr [esp+08]
:004147A3 E89AF90500 call 00474142
:004147A8 68B4714B00 push 004B71B4
:004147AD 68B46F4B00 push 004B6FB4
:004147B2 8D542410 lea edx, dword ptr [esp+10]
* Possible StringData Ref from Data Obj ->"Thank you for registering for "
->"the Standard Edition of %s %s."
|
:004147B6 68F4D54900 push 0049D5F4
:004147BB 52 push edx
:004147BC C644242801 mov [esp+28], 01
:004147C1 E81D9C0500 call 0046E3E3;出錯提示
F8跟進關鍵Call
* Referenced by a CALL at Addresses:
|:0040DE9C , :00414792
|
:0040DEF0 6AFF push FFFFFFFF
:0040DEF2 6890334800 push 00483390
:0040DEF7 64A100000000 mov eax, dword ptr fs:[00000000]
:0040DEFD 50 push eax
:0040DEFE 64892500000000 mov dword ptr fs:[00000000], esp
:0040DF05 83EC08 sub esp, 00000008
:0040DF08 53 push ebx
:0040DF09 56 push esi
:0040DF0A 68B46F4B00 push 004B6FB4
:0040DF0F 8D4C240C lea ecx, dword ptr [esp+0C]
:0040DF13 C744241C00000000 mov [esp+1C], 00000000
:0040DF1B E8DB630600 call 004742FB
:0040DF20 8B742424 mov esi, dword ptr [esp+24]
:0040DF24 C644241801 mov [esp+18], 01
:0040DF29 85F6 test esi, esi
:0040DF2B 0F8408010000 je 0040E039
* Possible Reference to String Resource ID=00001: "AnimateIt"
|
:0040DF31 6A01 push 00000001
:0040DF33 8D44240C lea eax, dword ptr [esp+0C]
* Possible StringData Ref from Data Obj ->"STANDARD"
|
:0040DF37 68F0D14900 push 0049D1F0
:0040DF3C 8D4C242C lea ecx, dword ptr [esp+2C]
:0040DF40 50 push eax
:0040DF41 51 push ecx
:0040DF42 E89D650600 call 004744E4
:0040DF47 51 push ecx
:0040DF48 8D4C2428 lea ecx, dword ptr [esp+28]
:0040DF4C 8BD4 mov edx, esp
:0040DF4E 89642414 mov dword ptr [esp+14], esp
:0040DF52 51 push ecx
:0040DF53 50 push eax
:0040DF54 52 push edx
:0040DF55 C644242C02 mov [esp+2C], 02
:0040DF5A E81F650600 call 0047447E
:0040DF5F E81CD8FFFF call 0040B780 ;關鍵Call,GoOn.......
:0040DF64 83C408 add esp, 00000008
:0040DF67 33DB xor ebx, ebx
:0040DF69 3BC6 cmp eax, esi;? esi假註冊碼,? eax真的
:0040DF6B 8D4C2424 lea ecx, dword ptr [esp+24]
:0040DF6F 0F94C3 sete bl
:0040DF72 C644241801 mov [esp+18], 01
:0040DF77 E811630600 call 0047428D
:0040DF7C 84DB test bl, bl
:0040DF7E 7435 je 0040DFB5
:0040DF80 8D4C2408 lea ecx, dword ptr [esp+08]
:0040DF84 C644241800 mov [esp+18], 00
:0040DF89 E8FF620600 call 0047428D
:0040DF8E 8D4C2420 lea ecx, dword ptr [esp+20]
:0040DF92 C7442418FFFFFFFF mov [esp+18], FFFFFFFF
:0040DF9A E8EE620600 call 0047428D
* Possible Reference to String Resource ID=00001: "AnimateIt"
|
:0040DF9F B801000000 mov eax, 00000001
:0040DFA4 8B4C2410 mov ecx, dword ptr [esp+10]
:0040DFA8 64890D00000000 mov dword ptr fs:[00000000], ecx
:0040DFAF 5E pop esi
:0040DFB0 5B pop ebx
:0040DFB1 83C414 add esp, 00000014
:0040DFB4 C3 ret
要寫序號產生器跟進0040DF5F處的Call.....
* Referenced by a CALL at Addresses:
|:0040DB1F , :0040DF5F , :0040DFE3
|
:0040B780 64A100000000 mov eax, dword ptr fs:[00000000]
:0040B786 6AFF push FFFFFFFF
:0040B788 6858304800 push 00483058
:0040B78D 50 push eax
:0040B78E 64892500000000 mov dword ptr fs:[00000000], esp
:0040B795 56 push esi
:0040B796 33F6 xor esi, esi
:0040B798 8D4C2414 lea ecx, dword ptr [esp+14]
:0040B79C 8974240C mov dword ptr [esp+0C], esi
:0040B7A0 E89A2C0600 call 0046E43F;三個字串連起來"AnimateItSTANDARDdengkeng"
:0040B7A5 8D4C2414 lea ecx, dword ptr [esp+14]
:0040B7A9 E8482C0600 call 0046E3F6
:0040B7AE 8B442414 mov eax, dword ptr [esp+14]
:0040B7B2 3970F8 cmp dword ptr [eax-08], esi
:0040B7B5 7523 jne 0040B7DA;關鍵計算註冊碼,繼續....
:0040B7B7 8D4C2414 lea ecx, dword ptr [esp+14]
:0040B7BB C744240CFFFFFFFF mov [esp+0C], FFFFFFFF
:0040B7C3 E8C58A0600 call 0047428D
:0040B7C8 33C0 xor eax, eax
:0040B7CA 8B4C2404 mov ecx, dword ptr [esp+04]
:0040B7CE 64890D00000000 mov dword ptr fs:[00000000], ecx
:0040B7D5 5E pop esi
:0040B7D6 83C40C add esp, 0000000C
:0040B7D9 C3 ret
要得到註冊碼就要到0040B7B5完成jne指令,GoOn.....
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040B7B5(C)
|
:0040B7DA 57 push edi
:0040B7DB 8D4C2418 lea ecx, dword ptr [esp+18]
:0040B7DF E8538F0600 call 00474737;把連線起來的字元,全轉換成大寫
:0040B7E4 8B7C2418 mov edi, dword ptr [esp+18]
:0040B7E8 33C9 xor ecx, ecx
:0040B7EA 8B57F8 mov edx, dword ptr [edi-08]
:0040B7ED 3BD6 cmp edx, esi ;比較個數是否小於0
:0040B7EF 7E17 jle 0040B808
:0040B7F1 53 push ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040B805(C)
|
:0040B7F2 0FBE0439 / movsx eax, byte ptr [ecx+edi];字元依次送給eax
:0040B7F6 8D5801 | lea ebx, dword ptr [eax+01] ;加1給ebx
:0040B7F9 0FAFD8 | imul ebx, eax ;相乘送給ebx
:0040B7FC 43 | inc ebx ;加1
:0040B7FD 0FAFD8 | imul ebx, eax ;在送給ebx
:0040B800 03F3 | add esi, ebx ;放入esi儲存
:0040B802 41 | inc ecx
:0040B803 3BCA | cmp ecx, edx ;是否是最後一個
:0040B805 7CEB jl 0040B7F2
:0040B807 5B pop ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040B7EF(C)
|
:0040B808 8D4C2418 lea ecx, dword ptr [esp+18]
:0040B80C C7442410FFFFFFFF mov [esp+10], FFFFFFFF
:0040B814 E8748A0600 call 0047428D
:0040B819 8B4C2408 mov ecx, dword ptr [esp+08]
:0040B81D 8BC6 mov eax, esi
:0040B81F 33D2 xor edx, edx
:0040B821 5F pop edi
:0040B822 F7742418 div [esp+18]
:0040B826 64890D00000000 mov dword ptr fs:[00000000], ecx
:0040B82D 5E pop esi ;? esi 為假註冊碼
:0040B82E 83C40C add esp, 0000000C
:0040B831 C3 ret
以上就是我跟蹤的流程....
好了在把整個過程在分析一遍,我們輸入姓名和註冊碼,先把我們輸入的名字和
"AnimateIt","STANDARD",連線起來形成"AnimateItSTANDARDdengkeng",然後在把
小寫轉換成大寫"ANIMATEITSTANDARDDENGKENG",最後把整個字串做運算!上面有
分析,具體的演算法看上面!最後的運算結果存放在? esi中,最後附值給eax.使eax和
存放假註冊碼的esi相比較如果成功就註冊為Standard Edition,如果不是就繼續
比較看是否是Power Edition,因為Standard和Power的演算法都一樣只是字元變成了
"ANIMATEITPOWERDENGKENG".好了下面給出序號產生器.VC下編譯成功!
#include "stdio.h"
#include "iostream.h"
#include "windows.h"
#include "conio.h"
#include "string.h"
int main()
{
char Name[256]="";
char StandardCopy[256]="ANIMATEITSTANDARD";
char PowerCopy[256]="ANIMATEITPOWER";
long NameLen=0;
long NameLenPower=0;
long Serial=0;
cout<<"##############################################"<<endl;
cout<<"AnimateIt Screen Saver KeyGen Made By dengkeng"<<endl;
cout<<"QQ:28895751 E-Mail:shellc0de@sohu.com"<<endl;
cout<<"##############################################"<<endl;
cout<<endl;
cout<<"Registered Name:";
cin.getline(Name,256);
strcat(StandardCopy,Name);
strcat(PowerCopy,Name);
NameLen=strlen(StandardCopy);
NameLenPower=strlen(PowerCopy);
strupr(StandardCopy);
strupr(PowerCopy);
if (NameLen<1)
{
cout<<"Your name is too short!"<<endl;
}
else
{
__asm
{
PUSH EBP
XOR ESI,ESI
XOR EBX,EBX
LEA EDI,StandardCopy
MOV EDX,[NameLen]
MOV ECX,00000000h
Loc_0040B7F2:
MOVSX EAX,BYTE PTR [EDI+ECX]
LEA EBX,[EAX+1]
IMUL EBX,EAX
INC EBX
IMUL EBX,EAX
ADD ESI,EBX
INC ECX
CMP ECX,EDX
JNZ Loc_0040B7F2
MOV [Serial], ESI
POP EBP
}
cout<<"Registration Key For Standard Edition:"<<Serial<<endl;
__asm
{
PUSH EBP
XOR ESI,ESI
XOR EBX,EBX
LEA EDI,PowerCopy
MOV EDX,[NameLenPower]
MOV ECX,00000000h
Loc_0040B7F3:
MOVSX EAX,BYTE PTR [EDI+ECX]
LEA EBX,[EAX+1]
IMUL EBX,EAX
INC EBX
IMUL EBX,EAX
ADD ESI,EBX
INC ECX
CMP ECX,EDX
JNZ Loc_0040B7F3
MOV [Serial], ESI
POP EBP
}
cout<<"Registration Key For Power Edition:"<<Serial<<endl;
}
getch();
return 0;
}
結果如下:
Registered Name:dengkeng
Registration Key For Standard Edition:10337368
Registration Key For Power Edition:9499310
Made By dengkeng
E-mail:shellc0de@sohu.com
歡迎轉載,請保持文章的完整性
相關文章
- 暴破-AQUA 3D Screen Saver v1.5-水族館屏保程式
(15千字)2002-05-053D
- 2.02 hyperledger fabric入門2018-12-10
- screen命令2016-05-19
- 試譯稿ver 0.12014-01-23
- 生成樹Toolkit2022-03-25
- Toolkit安裝2016-03-01
- Clock saver for Mac(博朗手錶時鐘屏保)2020-10-24Mac
- screen.deviceYDPI2018-06-02dev
- screen.deviceXDPI2018-06-02dev
- JavaScript screen 物件2018-02-03JavaScript物件
- screen使用教程2024-11-11
- Linux screen命令2020-04-06Linux
- screen.availWidth2018-06-02AI
- screen.availHeight2018-06-02AI
- 【工具】screen 的使用2012-02-14
- 記錄screen命令2012-01-13
- screen 命令及其示例2024-06-02
- VisualStudio各版本_MSC_VER和_MSC_FULL_VER宏定義值列表2024-07-10
- Anti-Screen Capture(Prevent Screen Captures)截圖與反截圖2012-05-07APT
- FHE-Toolkit 安裝2021-05-19
- Silverlight Toolkit2017-11-16
- screen.width和screen.height屬性作用介紹2017-03-29
- ASTON Ver1.5 (3千字)2002-05-26AST
- Becky! Internet Mail Ver.2.05.22003-03-07AI
- C# 語法糖 ver22024-04-09C#
- 助力 .NET MAUI Community Toolkit2021-12-03UIUnity
- cocos2d-2.0-x-2.02版本體驗2012-11-07
- 大名鼎鼎II v2.02 Build8082015-11-15UI
- where can i download JiVE(with source, english Ver)?2003-07-24
- Mac theme for RF5 Apatite Ver(轉)2007-08-12Mac
- Mac動態桌布:Screen Wonders2022-05-14Mac
- Linux screen 命令詳解2020-09-10Linux
- Screen Wonders for mac動態桌布2020-10-10Mac
- SCREEN安裝使用說明2017-03-29
- Linux命令nohup+screen2013-09-20Linux
- iSQL/PLUS DBA Login Screen2007-06-19SQL
- set initial screen for the R/3 system2007-11-21
- DC-5-screen提權2024-05-04