萌新的初次破解-第二篇——一个简单的MFC机器码/注册码验证机制
本帖最后由 bb8820 于 2019-10-28 20:41 编辑上次的帖子里,通过修改关键跳转处的命令,达到了破解注册码验证的效果,帖子在这里
作为一个菜鸟,得到了很多朋友的指点,周末又继续对这个程序进行了研究,这次的目的是找到计算注册码的算法,制作一个简单的注册机。
在上文的末尾,提到了改程序把注册码保存到了注册表中,注册表的键值名称为v_edit0,可以猜想:每次程序启动时,一定为会将机器码计算为注册码,并和注册表中的注册码进行比对,如果一直则验证通过。那么在IDA直接搜索字符串"edit0"
找到调用的函数,发现名为lpData的全局变量就是注册码,再顺藤摸瓜,找到这样一个很长很长的函数
```
signed int sub_F8ACC0()
{
int (__stdcall ***v0)(int, int); // edx
int (__stdcall ***v1)(int, int); // edx
int (__stdcall ***v2)(int, int); // edx
int (__stdcall ***v3)(int, int); // edx
int (__stdcall ***v4)(int, int); // edx
int v15; // eax
int v16; // edx
int v17; // eax
int v18; // edx
unsigned __int16 *v19; // esi
int v20; // ebx
int v21; // edi
unsigned __int16 *v22; // eax
int v23; // ebx
int v24; // eax
unsigned __int16 *v25; // ecx
LPWSTR v26; // eax
int v27; // edi
unsigned __int16 *v28; // ecx
int v29; // ecx
LPWSTR v30; // eax
int v31; // edi
LPWSTR v32; // eax
int v33; // ebx
int v34; // edi
LPWSTR v35; // ecx
int v36; // ebx
int v37; // edi
int v38; // eax
volatile signed __int32 *v39; // edi
volatile signed __int32 *v40; // ebx
int (__fastcall ***v41)(_DWORD, volatile signed __int32 *, _DWORD, signed int); // eax
volatile signed __int32 *v42; // edx
volatile signed __int32 *v43; // esi
int v44; // eax
int v45; // edi
WCHAR *v46; // ecx
WCHAR *v47; // eax
int v48; // edi
volatile signed __int32 *v49; // edx
int v50; // ebx
int v51; // ecx
unsigned __int16 *v52; // edx
int v53; // edi
unsigned __int16 *v54; // ecx
int v55; // ecx
LPWSTR v56; // eax
int v57; // edi
unsigned __int16 *v58; // edx
int v59; // ebx
int v60; // edi
LPWSTR v61; // ecx
int v62; // ebx
int v63; // edi
int v64; // eax
volatile signed __int32 *v65; // edi
volatile signed __int32 *v66; // ebx
int (__fastcall ***v67)(_DWORD, volatile signed __int32 *, _DWORD, signed int); // eax
volatile signed __int32 *v68; // edx
volatile signed __int32 *v69; // esi
int v70; // eax
int v71; // edi
WCHAR *v72; // ecx
WCHAR *v73; // eax
int v74; // edi
volatile signed __int32 *v75; // edx
int v76; // ebx
int v77; // ecx
unsigned __int16 *v78; // edx
int v79; // edi
unsigned __int16 *v80; // ecx
int v81; // ecx
LPWSTR v82; // eax
int v83; // edi
unsigned __int16 *v84; // edx
int v85; // ebx
WCHAR v86; // cx
int v87; // edi
unsigned __int16 *v88; // esi
unsigned __int16 *v89; // ecx
signed int v90; // ebx
int v91; // edi
int v92; // eax
unsigned __int16 v93; // dx
signed int v94; // edi
int v95; // edi
int v96; // ebx
int v97; // eax
int v98; // ebx
int v99; // eax
unsigned __int16 *v100; // ecx
BYTE *v101; // eax
int v102; // edi
unsigned __int16 *v103; // ecx
int v104; // ecx
BYTE *v105; // eax
int v106; // edi
BYTE *v107; // eax
int v108; // ebx
int v109; // edi
int *v110; // eax
char *v111; // eax
volatile signed __int32 *v112; // ebx
volatile signed __int32 *v113; // edi
int (__fastcall ***v114)(_DWORD, volatile signed __int32 *, _DWORD, signed int); // eax
volatile signed __int32 *v115; // edx
volatile signed __int32 *v116; // esi
int v117; // eax
int v118; // edx
int v119; // edi
int v120; // ebx
int v121; // eax
int v122; // ebx
int v123; // eax
unsigned __int16 *v124; // ecx
BYTE *v125; // eax
int v126; // edi
unsigned __int16 *v127; // ecx
int v128; // ecx
BYTE *v129; // eax
int v130; // edi
BYTE *v131; // eax
int v132; // ebx
int v133; // edi
int v134; // eax
int v135; // edx
unsigned int v136; // eax
int v137; // eax
int v138; // eax
int v139; // edi
volatile signed __int32 *v140; // edi
volatile signed __int32 *v141; // esi
int v142; // edx
int v143; // edx
int v144; // edx
int v145; // esi
int v147; //
int v148; //
int v149; //
int v150; //
int v151; //
char ArgList; //
int v153; //
unsigned __int16 *v154; //
int v155; //
int v156; //
unsigned __int16 *v157; //
int v158; //
DWORD MaximumComponentLength; //
DWORD FileSystemFlags; //
DWORD VolumeSerialNumber; //
char v162; //
CHAR FileSystemNameBuffer; //
char v164; //
CHAR VolumeNameBuffer; //
char v166; //
int v167; //
sub_F9B4EF();
*(_DWORD *)ArgList = 0;
v151 = 0;
v0 = sub_F9A042();
if ( !v0 )
sub_F52A40(-2147467259);
v150 = ((int (__thiscall *)(int (__stdcall ***)(int, int)))(*v0))(v0) + 16;
v167 = 0;
v1 = sub_F9A042();
if ( !v1 )
sub_F52A40(-2147467259);
v148 = ((int (__thiscall *)(int (__stdcall ***)(int, int)))(*v1))(v1) + 16;
LOBYTE(v167) = 1;
v2 = sub_F9A042();
if ( !v2 )
sub_F52A40(-2147467259);
v149 = ((int (__thiscall *)(int (__stdcall ***)(int, int)))(*v2))(v2) + 16;
LOBYTE(v167) = 2;
v3 = sub_F9A042();
if ( !v3 )
sub_F52A40(-2147467259);
v147 = ((int (__thiscall *)(int (__stdcall ***)(int, int)))(*v3))(v3) + 16;
LOBYTE(v167) = 3;
v4 = sub_F9A042();
if ( !v4 )
sub_F52A40(-2147467259);
v156 = ((int (__thiscall *)(int (__stdcall ***)(int, int)))(*v4))(v4) + 16;
LOBYTE(v167) = 4;
_EAX = 1;
__asm { cpuid }
*(_DWORD *)ArgList = _EDX;
v151 = _EAX;
sub_F52880((int)&v148, L"%08X%08X", _EDX, _EAX);
_EAX = 3;
__asm { cpuid }
*(_DWORD *)ArgList = _EDX;
v151 = _ECX;
sub_F52880((int)&v149, L"%08X%08X", _EDX, _ECX);
v15 = sub_F66D70(&v153, &v148, &v149);
LOBYTE(v167) = 5;
sub_F71170(v15);
LOBYTE(v167) = 4;
v16 = v153 - 16;
if ( _InterlockedDecrement((volatile signed __int32 *)(v153 - 16 + 12)) <= 0 )
(*(void (__stdcall **)(int))(**(_DWORD **)v16 + 4))(v16);
VolumeNameBuffer = 0;
memset(&v166, 0, 0x103u);
FileSystemNameBuffer = 0;
memset(&v164, 0, 0x103u);
GetVolumeInformationA(
RootPathName,
&VolumeNameBuffer,
0x104u,
&VolumeSerialNumber,
&MaximumComponentLength,
&FileSystemFlags,
&FileSystemNameBuffer,
0x104u);
sub_F52880((int)&v147, L"%u", VolumeSerialNumber);
v17 = sub_F66D70(&v153, &v150, &v147);
LOBYTE(v167) = 6;
sub_F71170(v17);
LOBYTE(v167) = 4;
v18 = v153 - 16;
if ( _InterlockedDecrement((volatile signed __int32 *)(v153 - 16 + 12)) <= 0 )
(*(void (__stdcall **)(int))(**(_DWORD **)v18 + 4))(v18);
`eh vector constructor iterator'(&v162, 4u, 10, sub_F52AB0, sub_F52A20);
LOBYTE(v167) = 7;
v19 = (unsigned __int16 *)v156;
v20 = 0;
v21 = *(_DWORD *)(v156 - 12);
v153 = 75;
if ( v21 > 0 )
{
while ( v20 >= 0 )
{
if ( v20 > v21 )
break;
v22 = (unsigned __int16 *)(abs(v20 * v20 - 48 + v19) % 75 + 48);
v157 = v22;
if ( v20 >= v21 )
break;
if ( *((_DWORD *)v19 - 1) > 1 )
{
sub_F52650(&v156, *((_DWORD *)v19 - 3));
v19 = (unsigned __int16 *)v156;
LOWORD(v22) = (_WORD)v157;
}
v19 = (unsigned __int16)v22;
if ( v21 < 0 || v21 > *((_DWORD *)v19 - 2) )
break;
*((_DWORD *)v19 - 3) = v21;
v19 = 0;
v21 = *((_DWORD *)v19 - 3);
if ( ++v20 >= v21 )
goto LABEL_24;
}
LABEL_41:
sub_F52A40(-2147024809);
}
LABEL_24:
v23 = *((_DWORD *)v19 - 3) - 2;
if ( v23 >= 0 )
{
v24 = v23 + 1;
v25 = &v19;
v154 = (unsigned __int16 *)(v23 + 1);
v157 = &v19;
while ( v24 >= 0 )
{
if ( v24 > *((_DWORD *)v19 - 3) )
break;
v158 = *v25;
v26 = lpWideCharStr;
v155 = *((_DWORD *)lpWideCharStr - 3);
v27 = v155 + 1;
if ( v155 + 1 < 0 )
break;
if ( ((1 - *((_DWORD *)lpWideCharStr - 1)) | (*((_DWORD *)lpWideCharStr - 2) - v27)) < 0 )
{
sub_F52720((int *)&lpWideCharStr, v27);
v26 = lpWideCharStr;
}
v26 = v158;
if ( v27 > *((_DWORD *)lpWideCharStr - 2) )
break;
*((_DWORD *)lpWideCharStr - 3) = v27;
lpWideCharStr = 0;
v28 = (unsigned __int16 *)*((_DWORD *)v19 - 3);
if ( (signed int)v154 > (signed int)v28 )
break;
if ( v23 < 0 )
break;
if ( v23 > (signed int)v28 )
break;
v29 = abs(*v157 - *(v157 - 1));
v30 = lpWideCharStr;
LOBYTE(v29) = (char)v29 % 26 + 97;
v158 = v29;
v155 = *((_DWORD *)lpWideCharStr - 3);
v31 = v155 + 1;
if ( v155 + 1 < 0 )
break;
if ( ((1 - *((_DWORD *)lpWideCharStr - 1)) | (*((_DWORD *)lpWideCharStr - 2) - v31)) < 0 )
{
sub_F52720((int *)&lpWideCharStr, v31);
v30 = lpWideCharStr;
}
v30 = (char)v158;
if ( v31 > *((_DWORD *)lpWideCharStr - 2) )
break;
*((_DWORD *)lpWideCharStr - 3) = v31;
lpWideCharStr = 0;
v24 = (int)v154 - 1;
v25 = v157 - 1;
--v23;
v154 = (unsigned __int16 *)((char *)v154 - 1);
--v157;
if ( v23 < 0 )
goto LABEL_40;
}
goto LABEL_41;
}
LABEL_40:
if ( *((_DWORD *)v19 - 3) < 0 )
goto LABEL_41;
v158 = *v19;
v32 = lpWideCharStr;
v33 = *((_DWORD *)lpWideCharStr - 3);
v34 = v33 + 1;
if ( v33 + 1 < 0 )
sub_F52A40(-2147024809);
if ( ((1 - *((_DWORD *)lpWideCharStr - 1)) | (*((_DWORD *)lpWideCharStr - 2) - v34)) < 0 )
{
sub_F52720((int *)&lpWideCharStr, v33 + 1);
v32 = lpWideCharStr;
}
v32 = v158;
if ( v34 > *((_DWORD *)lpWideCharStr - 2) )
goto LABEL_41;
*((_DWORD *)lpWideCharStr - 3) = v34;
lpWideCharStr = 0;
v35 = lpWideCharStr;
v36 = 0;
v37 = *((_DWORD *)lpWideCharStr - 3);
if ( v37 > 0 )
{
while ( v36 >= 0 )
{
if ( v36 > v37 )
break;
v38 = abs(v36 * v36 - 48 + v35) % v153 + 48;
v158 = v38;
if ( v36 >= v37 )
break;
if ( *((_DWORD *)v35 - 1) > 1 )
{
sub_F52650((int *)&lpWideCharStr, *((_DWORD *)v35 - 3));
v35 = lpWideCharStr;
LOWORD(v38) = v158;
}
v35 = v38;
if ( v37 < 0 || v37 > *((_DWORD *)lpWideCharStr - 2) )
break;
*((_DWORD *)lpWideCharStr - 3) = v37;
lpWideCharStr = 0;
v35 = lpWideCharStr;
++v36;
v37 = *((_DWORD *)lpWideCharStr - 3);
if ( v36 >= v37 )
goto LABEL_56;
}
goto LABEL_41;
}
LABEL_56:
v39 = (volatile signed __int32 *)(v35 - 8);
v40 = (volatile signed __int32 *)(v19 - 8);
if ( v35 - 8 != v19 - 8 )
{
if ( *((_DWORD *)v40 + 3) < 0 || *v39 != *v40 )
{
sub_F57790((void **)&v156, v35, *((_DWORD *)v35 - 3));
v19 = (unsigned __int16 *)v156;
}
else
{
v41 = (int (__fastcall ***)(_DWORD, volatile signed __int32 *, _DWORD, signed int))(*(int (__thiscall **)(volatile signed __int32))(**(_DWORD **)v39 + 16))(*v39);
v42 = v39 + 3;
if ( *((_DWORD *)v39 + 3) < 0
|| v41 != *(int (__fastcall ****)(_DWORD, volatile signed __int32 *, _DWORD, signed int))v39 )
{
v44 = (**v41)(v41, v42, *((_DWORD *)v39 + 1), 2);
v43 = (volatile signed __int32 *)v44;
if ( !v44 )
sub_F526D0();
*(_DWORD *)(v44 + 4) = *((_DWORD *)v39 + 1);
memcpy_s(
(void *)(v44 + 16),
2 * *((_DWORD *)v39 + 1) + 2,
(const void *)(v39 + 4),
2 * *((_DWORD *)v39 + 1) + 2);
}
else
{
v43 = v39;
_InterlockedExchangeAdd(v42, 1u);
}
if ( _InterlockedDecrement(v40 + 3) <= 0 )
(*(void (__stdcall **)(volatile signed __int32 *))(**(_DWORD **)v40 + 4))(v40);
v19 = (unsigned __int16 *)(v43 + 4);
v156 = (int)v19;
}
}
v45 = MultiByteToWideChar(3u, 0, byte_112BA5C, -1, 0, 0) - 1;
if ( v45 <= 0 )
{
v47 = lpWideCharStr;
v48 = *((_DWORD *)lpWideCharStr - 4);
v49 = (volatile signed __int32 *)(lpWideCharStr - 8);
if ( *((_DWORD *)lpWideCharStr - 3) )
{
if ( *((_DWORD *)v49 + 3) >= 0 )
{
if ( _InterlockedDecrement(v49 + 3) <= 0 )
(*(void (__stdcall **)(volatile signed __int32 *))(**(_DWORD **)v49 + 4))(v49);
v47 = (WCHAR *)((*(int (__thiscall **)(int))(*(_DWORD *)v48 + 12))(v48) + 16);
lpWideCharStr = v47;
}
else
{
if ( *((_DWORD *)lpWideCharStr - 2) < 0 )
sub_F52A40(-2147024809);
*((_DWORD *)lpWideCharStr - 3) = 0;
*lpWideCharStr = 0;
v47 = lpWideCharStr;
}
}
}
else
{
v46 = lpWideCharStr;
if ( ((1 - *((_DWORD *)lpWideCharStr - 1)) | (*((_DWORD *)lpWideCharStr - 2) - v45)) < 0 )
{
sub_F52720((int *)&lpWideCharStr, v45);
v46 = lpWideCharStr;
}
MultiByteToWideChar(3u, 0, byte_112BA5C, -1, v46, v45);
if ( v45 > *((_DWORD *)lpWideCharStr - 2) )
goto LABEL_41;
*((_DWORD *)lpWideCharStr - 3) = v45;
lpWideCharStr = 0;
v47 = lpWideCharStr;
}
v50 = *((_DWORD *)v19 - 3) - 2;
if ( v50 >= 0 )
{
v51 = v50 + 1;
v52 = &v19;
v157 = (unsigned __int16 *)(v50 + 1);
v154 = &v19;
while ( v51 >= 0 )
{
if ( v51 > *((_DWORD *)v19 - 3) )
break;
v155 = *v52;
v158 = *((_DWORD *)v47 - 3);
v53 = v158 + 1;
if ( v158 + 1 < 0 )
break;
if ( ((1 - *((_DWORD *)v47 - 1)) | (*((_DWORD *)v47 - 2) - v53)) < 0 )
{
sub_F52720((int *)&lpWideCharStr, v53);
v47 = lpWideCharStr;
}
v47 = v155;
if ( v53 > *((_DWORD *)lpWideCharStr - 2) )
break;
*((_DWORD *)lpWideCharStr - 3) = v53;
lpWideCharStr = 0;
v54 = (unsigned __int16 *)*((_DWORD *)v19 - 3);
if ( (signed int)v157 > (signed int)v54 )
break;
if ( v50 < 0 )
break;
if ( v50 > (signed int)v54 )
break;
v55 = abs(*v154 - *(v154 - 1));
v56 = lpWideCharStr;
LOBYTE(v55) = (char)v55 % 26 + 97;
v158 = v55;
v155 = *((_DWORD *)lpWideCharStr - 3);
v57 = v155 + 1;
if ( v155 + 1 < 0 )
break;
if ( ((1 - *((_DWORD *)lpWideCharStr - 1)) | (*((_DWORD *)lpWideCharStr - 2) - v57)) < 0 )
{
sub_F52720((int *)&lpWideCharStr, v57);
v56 = lpWideCharStr;
}
v56 = (char)v158;
if ( v57 > *((_DWORD *)lpWideCharStr - 2) )
break;
v58 = v154;
*((_DWORD *)lpWideCharStr - 3) = v57;
lpWideCharStr = 0;
v47 = lpWideCharStr;
v51 = (int)v157 - 1;
v52 = v58 - 1;
--v50;
v157 = (unsigned __int16 *)((char *)v157 - 1);
v154 = v52;
if ( v50 < 0 )
goto LABEL_98;
}
goto LABEL_41;
}
LABEL_98:
if ( *((_DWORD *)v19 - 3) < 0 )
sub_F52A40(-2147024809);
v59 = *((_DWORD *)v47 - 3);
v60 = v59 + 1;
v158 = *v19;
if ( v59 + 1 < 0 )
sub_F52A40(-2147024809);
if ( ((1 - *((_DWORD *)v47 - 1)) | (*((_DWORD *)v47 - 2) - v60)) < 0 )
{
sub_F52720((int *)&lpWideCharStr, v59 + 1);
v47 = lpWideCharStr;
}
v47 = v158;
if ( v60 > *((_DWORD *)lpWideCharStr - 2) )
goto LABEL_41;
*((_DWORD *)lpWideCharStr - 3) = v60;
lpWideCharStr = 0;
v61 = lpWideCharStr;
v62 = 0;
v63 = *((_DWORD *)lpWideCharStr - 3);
if ( v63 > 0 )
{
while ( v62 >= 0 )
{
if ( v62 > v63 )
break;
v64 = abs(v62 * v62 - 48 + v61) % v153 + 48;
v158 = v64;
if ( v62 >= v63 )
break;
if ( *((_DWORD *)v61 - 1) > 1 )
{
sub_F52650((int *)&lpWideCharStr, *((_DWORD *)v61 - 3));
v61 = lpWideCharStr;
LOWORD(v64) = v158;
}
v61 = v64;
if ( v63 < 0 || v63 > *((_DWORD *)lpWideCharStr - 2) )
break;
*((_DWORD *)lpWideCharStr - 3) = v63;
lpWideCharStr = 0;
v61 = lpWideCharStr;
++v62;
v63 = *((_DWORD *)lpWideCharStr - 3);
if ( v62 >= v63 )
goto LABEL_114;
}
goto LABEL_41;
}
LABEL_114:
v65 = (volatile signed __int32 *)(v61 - 8);
v66 = (volatile signed __int32 *)(v19 - 8);
if ( v61 - 8 != v19 - 8 )
{
if ( *((_DWORD *)v66 + 3) < 0 || *v65 != *v66 )
{
sub_F57790((void **)&v156, v61, *((_DWORD *)v61 - 3));
v19 = (unsigned __int16 *)v156;
}
else
{
v67 = (int (__fastcall ***)(_DWORD, volatile signed __int32 *, _DWORD, signed int))(*(int (__thiscall **)(volatile signed __int32))(**(_DWORD **)v65 + 16))(*v65);
v68 = v65 + 3;
if ( *((_DWORD *)v65 + 3) < 0
|| v67 != *(int (__fastcall ****)(_DWORD, volatile signed __int32 *, _DWORD, signed int))v65 )
{
v70 = (**v67)(v67, v68, *((_DWORD *)v65 + 1), 2);
v69 = (volatile signed __int32 *)v70;
if ( !v70 )
sub_F526D0();
*(_DWORD *)(v70 + 4) = *((_DWORD *)v65 + 1);
memcpy_s(
(void *)(v70 + 16),
2 * *((_DWORD *)v65 + 1) + 2,
(const void *)(v65 + 4),
2 * *((_DWORD *)v65 + 1) + 2);
}
else
{
v69 = v65;
_InterlockedExchangeAdd(v68, 1u);
}
if ( _InterlockedDecrement(v66 + 3) <= 0 )
(*(void (__stdcall **)(volatile signed __int32 *))(**(_DWORD **)v66 + 4))(v66);
v19 = (unsigned __int16 *)(v69 + 4);
v156 = (int)v19;
}
}
v71 = MultiByteToWideChar(3u, 0, byte_112BA5C, -1, 0, 0) - 1;
if ( v71 <= 0 )
{
v73 = lpWideCharStr;
v74 = *((_DWORD *)lpWideCharStr - 4);
v75 = (volatile signed __int32 *)(lpWideCharStr - 8);
if ( *((_DWORD *)lpWideCharStr - 3) )
{
if ( *((_DWORD *)v75 + 3) >= 0 )
{
if ( _InterlockedDecrement(v75 + 3) <= 0 )
(*(void (__stdcall **)(volatile signed __int32 *))(**(_DWORD **)v75 + 4))(v75);
v73 = (WCHAR *)((*(int (__thiscall **)(int))(*(_DWORD *)v74 + 12))(v74) + 16);
lpWideCharStr = v73;
}
else
{
if ( *((_DWORD *)lpWideCharStr - 2) < 0 )
sub_F52A40(-2147024809);
*((_DWORD *)lpWideCharStr - 3) = 0;
*lpWideCharStr = 0;
v73 = lpWideCharStr;
}
}
}
else
{
v72 = lpWideCharStr;
if ( ((1 - *((_DWORD *)lpWideCharStr - 1)) | (*((_DWORD *)lpWideCharStr - 2) - v71)) < 0 )
{
sub_F52720((int *)&lpWideCharStr, v71);
v72 = lpWideCharStr;
}
MultiByteToWideChar(3u, 0, byte_112BA5C, -1, v72, v71);
if ( v71 > *((_DWORD *)lpWideCharStr - 2) )
goto LABEL_41;
*((_DWORD *)lpWideCharStr - 3) = v71;
lpWideCharStr = 0;
v73 = lpWideCharStr;
}
v76 = *((_DWORD *)v19 - 3) - 2;
if ( v76 >= 0 )
{
v77 = v76 + 1;
v78 = &v19;
v157 = (unsigned __int16 *)(v76 + 1);
v154 = &v19;
while ( v77 >= 0 )
{
if ( v77 > *((_DWORD *)v19 - 3) )
break;
v155 = *v78;
v158 = *((_DWORD *)v73 - 3);
v79 = v158 + 1;
if ( v158 + 1 < 0 )
break;
if ( ((1 - *((_DWORD *)v73 - 1)) | (*((_DWORD *)v73 - 2) - v79)) < 0 )
{
sub_F52720((int *)&lpWideCharStr, v79);
v73 = lpWideCharStr;
}
v73 = v155;
if ( v79 > *((_DWORD *)lpWideCharStr - 2) )
break;
*((_DWORD *)lpWideCharStr - 3) = v79;
lpWideCharStr = 0;
v80 = (unsigned __int16 *)*((_DWORD *)v19 - 3);
if ( (signed int)v157 > (signed int)v80 )
break;
if ( v76 < 0 )
break;
if ( v76 > (signed int)v80 )
break;
v81 = abs(*v154 - *(v154 - 1));
v82 = lpWideCharStr;
LOBYTE(v81) = (char)v81 % 26 + 97;
v158 = v81;
v155 = *((_DWORD *)lpWideCharStr - 3);
v83 = v155 + 1;
if ( v155 + 1 < 0 )
break;
if ( ((1 - *((_DWORD *)lpWideCharStr - 1)) | (*((_DWORD *)lpWideCharStr - 2) - v83)) < 0 )
{
sub_F52720((int *)&lpWideCharStr, v83);
v82 = lpWideCharStr;
}
v82 = (char)v158;
if ( v83 > *((_DWORD *)lpWideCharStr - 2) )
break;
v84 = v154;
*((_DWORD *)lpWideCharStr - 3) = v83;
lpWideCharStr = 0;
v73 = lpWideCharStr;
v77 = (int)v157 - 1;
v78 = v84 - 1;
--v76;
v157 = (unsigned __int16 *)((char *)v157 - 1);
v154 = v78;
if ( v76 < 0 )
goto LABEL_156;
}
goto LABEL_41;
}
LABEL_156:
if ( *((_DWORD *)v19 - 3) < 0 )
sub_F52A40(-2147024809);
v85 = *((_DWORD *)v73 - 3);
v86 = *v19;
v87 = v85 + 1;
v158 = *v19;
if ( v85 + 1 < 0 )
sub_F52A40(-2147024809);
if ( ((1 - *((_DWORD *)v73 - 1)) | (*((_DWORD *)v73 - 2) - v87)) < 0 )
{
sub_F52720((int *)&lpWideCharStr, v85 + 1);
v73 = lpWideCharStr;
v86 = v158;
}
v73 = v86;
if ( v87 > *((_DWORD *)lpWideCharStr - 2) )
goto LABEL_41;
*((_DWORD *)lpWideCharStr - 3) = v87;
lpWideCharStr = 0;
sub_F52880((int)&v156, L"%d", &unk_16C4D680);
sub_F71240(lpWideCharStr, *((_DWORD *)lpWideCharStr - 3));// 机器码计算完毕
v88 = (unsigned __int16 *)v156; // 指向"附加码+机器码" code[]
v89 = 0; // i
v90 = 9; // j
v157 = 0;
do
{
v91 = *((_DWORD *)v88 - 3); // 字符串长度-1
if ( v90 >= v91 ) // 退出位置
break;
v92 = v90 - 9; // =0
if ( v90 - 9 < 0 )
goto LABEL_41;
if ( v92 > v91 )
goto LABEL_41;
v155 = *(unsigned __int16 *)((char *)v88 + (_DWORD)v89);// 取第i个字节
if ( v90 < 0 )
goto LABEL_41;
if ( v90 > v91 )
goto LABEL_41;
v93 = *(unsigned __int16 *)((char *)v88 + (_DWORD)v89 + 18);// 取i+9处字节
v158 = *(unsigned __int16 *)((char *)v88 + (_DWORD)v89 + 18);
if ( v92 >= v91 )
goto LABEL_41;
if ( *((_DWORD *)v88 - 1) > 1 )
{
sub_F52650(&v156, v91);
v88 = (unsigned __int16 *)v156;
v89 = v157;
v93 = v158;
}
*(unsigned __int16 *)((char *)v88 + (_DWORD)v89) = v93;// 将i处内容替换为i+9处内容
if ( v91 < 0 )
goto LABEL_41;
if ( v91 > *((_DWORD *)v88 - 2) )
goto LABEL_41;
*((_DWORD *)v88 - 3) = v91;
v88 = 0;
v94 = *((_DWORD *)v88 - 3);
if ( v90 >= v94 )
goto LABEL_41;
if ( *((_DWORD *)v88 - 1) > 1 )
{
sub_F52650(&v156, *((_DWORD *)v88 - 3));
v88 = (unsigned __int16 *)v156;
v89 = v157;
}
*(unsigned __int16 *)((char *)v88 + (_DWORD)v89 + 18) = (char)v155;// 将第i+9处替换为i处字节
if ( v94 < 0 || v94 > *((_DWORD *)v88 - 2) )
goto LABEL_41;
v90 += 2; // j=j+2
*((_DWORD *)v88 - 3) = v94;
v88 = 0;
v89 += 2; // i=i+2
v157 = v89;
}
while ( v90 - 9 < 9 );
v95 = *((_DWORD *)v88 - 3); // 新注册码长度
v96 = 0; // i
if ( v95 > 0 )
{
while ( v96 >= 0 )
{
if ( v96 > v95 ) // 退出位置
break;
v97 = abs(v96 * v96 - 48 + v88) % 75 + 48;// abs(i*i-48+code)%75+48
v158 = v97;
if ( v96 >= v95 )
break;
if ( *((_DWORD *)v88 - 1) > 1 )
{
sub_F52650(&v156, *((_DWORD *)v88 - 3));
v88 = (unsigned __int16 *)v156;
LOWORD(v97) = v158;
}
v88 = v97; // code = abs(i*i-48+code)%75+48
if ( v95 < 0 || v95 > *((_DWORD *)v88 - 2) )
break;
*((_DWORD *)v88 - 3) = v95;
v88 = 0;
v95 = *((_DWORD *)v88 - 3);
if ( ++v96 >= v95 )
goto LABEL_189;
}
goto LABEL_41;
}
LABEL_189:
sub_F57790((void **)&lpData, &word_1130CE8, 0);
v98 = *((_DWORD *)v88 - 3) - 2; // code长度-2
if ( v98 >= 0 )
{
v99 = v98 + 1; // i (倒序)
v100 = &v88; // code最后一个字节的地址
v157 = (unsigned __int16 *)(v98 + 1);
v154 = &v88;
while ( v99 >= 0 )
{
if ( v99 > *((_DWORD *)v88 - 3) ) // 退出位置
break;
v155 = *v100; // code
v101 = lpData;
v158 = *((_DWORD *)lpData - 3); // lpData长度
v102 = v158 + 1;
if ( v158 + 1 < 0 ) // a=*(lpData-1)=0x76 b=*(lpData-2)=0x0
break;
if ( ((1 - *((_DWORD *)lpData - 1)) | (*((_DWORD *)lpData - 2) - v102)) < 0 )// if((1-a) | (b-(lpData长度+1)) < 0)
{
sub_F52720((int *)&lpData, v102); // *(lpData - 1)--
v101 = lpData;
}
*(_WORD *)&v101 = v155; // lpData = code
if ( v102 > *((_DWORD *)lpData - 2) )
break;
*((_DWORD *)lpData - 3) = v102; // lpData长度+1
*(_WORD *)&lpData = 0;
v103 = (unsigned __int16 *)*((_DWORD *)v88 - 3);
if ( (signed int)v157 > (signed int)v103 )
break;
if ( v98 < 0 )
break;
if ( v98 > (signed int)v103 )
break;
v104 = abs(*v154 - *(v154 - 1)); // v104 = abs(code-code);
v105 = lpData;
LOBYTE(v104) = (char)v104 % 26 + 97; // v104 =(char)abs(code-code) % 26 +97
v158 = v104;
v155 = *((_DWORD *)lpData - 3);
v106 = v155 + 1;
if ( v155 + 1 < 0 )
break;
if ( ((1 - *((_DWORD *)lpData - 1)) | (*((_DWORD *)lpData - 2) - v106)) < 0 )
{
sub_F52720((int *)&lpData, v106);
v105 = lpData;
}
*(_WORD *)&v105 = (char)v158;
if ( v106 > *((_DWORD *)lpData - 2) )
break;
*((_DWORD *)lpData - 3) = v106;
*(_WORD *)&lpData = 0;
v99 = (int)v157 - 1;
v100 = v154 - 1;
--v98;
v157 = (unsigned __int16 *)((char *)v157 - 1);
--v154;
if ( v98 < 0 )
goto LABEL_205;
}
goto LABEL_41;
}
LABEL_205:
if ( *((_DWORD *)v88 - 3) < 0 )
sub_F52A40(-2147024809);
v158 = *v88;
v107 = lpData;
v108 = *((_DWORD *)lpData - 3);
v109 = v108 + 1;
if ( v108 + 1 < 0 )
sub_F52A40(-2147024809);
if ( ((1 - *((_DWORD *)lpData - 1)) | (*((_DWORD *)lpData - 2) - v109)) < 0 )
{
sub_F52720((int *)&lpData, v108 + 1);
v107 = lpData;
}
*(_WORD *)&v107 = v158; // lpData末端附上code
if ( v109 > *((_DWORD *)lpData - 2) )
goto LABEL_41;
*((_DWORD *)lpData - 3) = v109;
*(_WORD *)&lpData = 0;
v110 = sub_F81410(&lpData, &v158, 400); // lpData长度调整到400(截取后400)
LOBYTE(v167) = 8;
v111 = (char *)*v110;
v112 = (volatile signed __int32 *)(v88 - 8);
v113 = (volatile signed __int32 *)(v111 - 16);
if ( v111 - 16 != (char *)(v88 - 8) )
{
if ( *((_DWORD *)v112 + 3) < 0 || *v113 != *v112 )
{
sub_F57790((void **)&v156, v111, *((_DWORD *)v111 - 3));
v88 = (unsigned __int16 *)v156;
}
else
{
v114 = (int (__fastcall ***)(_DWORD, volatile signed __int32 *, _DWORD, signed int))(*(int (**)(void))(**(_DWORD **)v113 + 16))();
v115 = v113 + 3;
if ( *((_DWORD *)v113 + 3) < 0
|| v114 != *(int (__fastcall ****)(_DWORD, volatile signed __int32 *, _DWORD, signed int))v113 )
{
v117 = (**v114)(v114, v115, *((_DWORD *)v113 + 1), 2);
v116 = (volatile signed __int32 *)v117;
if ( !v117 )
sub_F526D0();
*(_DWORD *)(v117 + 4) = *((_DWORD *)v113 + 1);
memcpy_s(
(void *)(v117 + 16),
2 * *((_DWORD *)v113 + 1) + 2,
(const void *)(v113 + 4),
2 * *((_DWORD *)v113 + 1) + 2);
}
else
{
v116 = v113;
_InterlockedExchangeAdd(v115, 1u);
}
if ( _InterlockedDecrement(v112 + 3) <= 0 )
(*(void (__stdcall **)(volatile signed __int32 *))(**(_DWORD **)v112 + 4))(v112);
v88 = (unsigned __int16 *)(v116 + 4);
v156 = (int)v88;
}
}
LOBYTE(v167) = 7;
v118 = v158 - 16;
if ( _InterlockedDecrement((volatile signed __int32 *)(v158 - 16 + 12)) <= 0 )
(*(void (__stdcall **)(int))(**(_DWORD **)v118 + 4))(v118);
v119 = *((_DWORD *)v88 - 3);
v120 = 0; // i
if ( v119 > 0 )
{
while ( v120 >= 0 )
{
if ( v120 > v119 ) // 退出位置
break;
v121 = abs(v120 * v120 - 48 + v88) % 75 + 48;// abs(i*i-48+lpData)%75+48
v158 = v121;
if ( v120 >= v119 )
break;
if ( *((_DWORD *)v88 - 1) > 1 )
{
sub_F52650(&v156, *((_DWORD *)v88 - 3));
v88 = (unsigned __int16 *)v156;
LOWORD(v121) = v158;
}
v88 = v121;
if ( v119 < 0 || v119 > *((_DWORD *)v88 - 2) )
break;
*((_DWORD *)v88 - 3) = v119;
v88 = 0;
v119 = *((_DWORD *)v88 - 3);
if ( ++v120 >= v119 )
goto LABEL_236;
}
goto LABEL_41;
}
LABEL_236:
sub_F57790((void **)&lpData, &word_1130CE8, 0);
v122 = *((_DWORD *)v88 - 3) - 2;
if ( v122 >= 0 )
{ // i
v123 = v122 + 1;
v124 = &v88;
v157 = (unsigned __int16 *)(v122 + 1);
v154 = &v88;
while ( v123 >= 0 )
{
if ( v123 > *((_DWORD *)v88 - 3) ) // 退出位置
break;
v155 = *v124;
v125 = lpData;
v158 = *((_DWORD *)lpData - 3);
v126 = v158 + 1;
if ( v158 + 1 < 0 )
break;
if ( ((1 - *((_DWORD *)lpData - 1)) | (*((_DWORD *)lpData - 2) - v126)) < 0 )
{
sub_F52720((int *)&lpData, v126);
v125 = lpData;
}
*(_WORD *)&v125 = v155;
if ( v126 > *((_DWORD *)lpData - 2) )
break;
*((_DWORD *)lpData - 3) = v126; // 这里计算注册码
*(_WORD *)&lpData = 0;
v127 = (unsigned __int16 *)*((_DWORD *)v88 - 3);
if ( (signed int)v157 > (signed int)v127 )
break;
if ( v122 < 0 )
break;
if ( v122 > (signed int)v127 )
break;
v128 = abs(*v154 - *(v154 - 1));
v129 = lpData;
LOBYTE(v128) = (char)v128 % 26 + 97;
v158 = v128;
v155 = *((_DWORD *)lpData - 3);
v130 = v155 + 1;
if ( v155 + 1 < 0 )
break;
if ( ((1 - *((_DWORD *)lpData - 1)) | (*((_DWORD *)lpData - 2) - v130)) < 0 )
{
sub_F52720((int *)&lpData, v130);
v129 = lpData;
}
*(_WORD *)&v129 = (char)v158;
if ( v130 > *((_DWORD *)lpData - 2) )
break;
*((_DWORD *)lpData - 3) = v130;
*(_WORD *)&lpData = 0;
v123 = (int)v157 - 1;
v124 = v154 - 1;
--v122;
v157 = (unsigned __int16 *)((char *)v157 - 1);
--v154;
if ( v122 < 0 )
goto LABEL_252;
}
goto LABEL_41;
}
LABEL_252:
if ( *((_DWORD *)v88 - 3) < 0 )
sub_F52A40(-2147024809);
v158 = *v88;
v131 = lpData;
v132 = *((_DWORD *)lpData - 3);
v133 = v132 + 1;
if ( v132 + 1 < 0 )
sub_F52A40(-2147024809);
if ( ((1 - *((_DWORD *)lpData - 1)) | (*((_DWORD *)lpData - 2) - v133)) < 0 )
{
sub_F52720((int *)&lpData, v132 + 1);
v131 = lpData;
}
*(_WORD *)&v131 = v158;
if ( v133 > *((_DWORD *)lpData - 2) )
goto LABEL_41;
*((_DWORD *)lpData - 3) = v133;
*(_WORD *)&lpData = 0;
v134 = sub_F66D00(&v158, 400);
LOBYTE(v167) = 9;
sub_F71170(v134);
LOBYTE(v167) = 7;
v135 = v158 - 16;
if ( _InterlockedDecrement((volatile signed __int32 *)(v158 - 16 + 12)) <= 0 )
(*(void (__stdcall **)(int))(**(_DWORD **)v135 + 4))(v135);
sub_F71170(&lpWideCharStr);
sub_F97083(0);
v136 = _time64(0);
srand(v136);
v137 = rand() % 2;
v138 = sub_F52450(dword_1384E9C - 16);
v139 = v138 + 16;
v158 = v138 + 16;
LOBYTE(v167) = 10;
sub_F71170(&v158);
v140 = (volatile signed __int32 *)(v139 - 16);
LOBYTE(v167) = 7;
if ( _InterlockedDecrement(v140 + 3) <= 0 )
(*(void (__stdcall **)(volatile signed __int32 *))(**(_DWORD **)v140 + 4))(v140);
LOBYTE(v167) = 4;
`eh vector destructor iterator'(&v162, 4u, 10, sub_F52A20);
v141 = (volatile signed __int32 *)(v88 - 8);
LOBYTE(v167) = 3;
if ( _InterlockedDecrement(v141 + 3) <= 0 )
(*(void (__stdcall **)(volatile signed __int32 *))(**(_DWORD **)v141 + 4))(v141);
LOBYTE(v167) = 2;
v142 = v147 - 16;
if ( _InterlockedDecrement((volatile signed __int32 *)(v147 - 16 + 12)) <= 0 )
(*(void (__stdcall **)(int))(**(_DWORD **)v142 + 4))(v142);
LOBYTE(v167) = 1;
v143 = v149 - 16;
if ( _InterlockedDecrement((volatile signed __int32 *)(v149 - 16 + 12)) <= 0 )
(*(void (__stdcall **)(int))(**(_DWORD **)v143 + 4))(v143);
LOBYTE(v167) = 0;
v144 = v148 - 16;
if ( _InterlockedDecrement((volatile signed __int32 *)(v148 - 16 + 12)) <= 0 )
(*(void (__stdcall **)(int))(**(_DWORD **)v144 + 4))(v144);
v167 = -1;
v145 = v150 - 16;
if ( _InterlockedDecrement((volatile signed __int32 *)(v150 - 16 + 12)) <= 0 )
(*(void (__stdcall **)(int))(**(_DWORD **)v145 + 4))(v145);
return 1;
}
```
那就只能慢慢看代码了,关键部分的代码我已经加上了注释,大致上注册码经过以下几步完成
1、将程序内固定的附加码与机器码混合,将偶数位的附加码与偶数位的机器码对调位置,并合并
例如附加码为123456789,机器码为abcdefghijk.......
则混合后为:a2c4e6g8i1b3d5f7h9jk....
2、将混合码newCode进行一个简单运算:
newCode = (char)(abs(i*i-48+newCode)%75 +48);
3、再进行一步换算,文字不好说明,画一个图比较简单
4、把newCode的首位附在temp的末端,并截取最后400位
5、重复对temp进行第2步
6、重复对temp进行第3步
7、截取前400位,就是最终的注册码了。
为了便于理解,关键代码在下面:
```
#include <stdio.h>
#include <math.h>
#include <string.h>
#include <stdlib.h>
int main(){
//机器码
char code[] = "6e:k^lSbnghdej\\o4l?cAxrbqgkhJhkmEywbxt1o?mKo=tjgdrSbnf5tbfglBc^uJybstlixRmxzEo7f<cXg8d5dRk\\b";
//附加码
char QQ[] = "381******"; //这里应该是作者的QQ号,为了保护隐私隐去了
char *newCode;
char temp = {0};
char lpData = {0};
int length;
//附加码+机器码
newCode = (char *)malloc(sizeof(code) - 1 + sizeof(QQ));
memset(newCode, '\0', sizeof(code) - 1 + sizeof(QQ));
strcpy(newCode, QQ);
strcat(newCode, code);
//第一步:附加码与机器码混合
int i = 0;
int j = strlen(QQ);
while(i < strlen(QQ)){
char temp = newCode;
newCode = newCode;
newCode = temp;
i = i + 2;
j = j + 2;
}
length = strlen(newCode);
//第二步:
for(i = 0; i < length; i++){
newCode = (char)(abs(i*i-48+newCode)%75 +48);
}
//第三步:
for(i = length - 1; i > 0; i--){
temp[(length - 1 - i) * 2] = newCode;
temp[(length - 1 - i) * 2 + 1] = (char)(abs(newCode - newCode) % 26 + 97);
}
//第四部:附加并截取
temp = newCode;
if(strlen(temp) > 400){
memcpy(lpData, temp + strlen(temp) - 400, 400);
}
//第五步:
for(i = 0; i < 400; i++){
lpData = (char)(abs(i*i-48+lpData)%75 +48);
}
//第六步:
length = strlen(lpData);
for(i = length - 1; i >= 0; i--){
temp[(length - 1 - i) * 2] = lpData;
temp[(length - 1 - i) * 2 + 1] = (char)(abs(lpData - lpData) % 26 + 97);
}
//第七步,截取前400
memcpy(lpData, temp, 400);
printf("%s\r\n",lpData);
free(newCode);
return 0;
}
```
(完)欢迎大佬们指正 一个语言+简单算法而已。
看不懂的人,基础都没有学,有什么资格在这里哀嚎。
学上一款语言,代码自然就懂。
基本语法和官方函数并不难。
依据注释也可了解逻辑内容。 tuhaowei 发表于 2019-10-28 20:50
羡慕,编程太难学了,我都放弃了
哈哈。主要是数学而已。语法这个,所有编程基本都一样的。 羡慕,编程太难学了,我都放弃了 己放弃,加油 大佬都流行伪装了吗? 好强啊,看了一遍都晕乎乎的,何况做了 如果你是萌新,让我们这样的菜鸟情何以堪? 真会吹流弊 我们看都看不懂:'(weeqw 纯小白要学习多久才能这个水平。。。。,,估计我是不行学这个 期待能放出源码研究 。 看不到懂啊啊