多功能硬盘工具V1.3算法分析+注册机已被和谐
本帖最后由 null119 于 2011-5-20 19:43 编辑〖破文标题〗: 多功能硬盘工具V1.3算法分析
〖破文作者〗: Null
〖联系邮箱〗: null_vbt@163.com
〖作者主页〗: http://hi.baidu.com/null_vbt
〖作者QQ号〗: 50711698
〖下载地址〗: http://shareware.skycn.com/soft/32471.htm
〖编写语言〗: Microsoft Visual C++
〖软件介绍〗:
1.3D图形显示硬盘空间和文件夹大小
2.自动检测硬盘,USB,CDROM等信息参数
3.优化和加速硬盘和CDROM
4.设置U盘读写保护,读写状态
5.快速硬盘垃圾扫描清理
〖作者声明〗: 爱好而已,勿喷。
-----------------------------------------------------------------------------------
〖详细过程〗:
找注册事件就不赘述了。
00A328B0/> \55 push ebp ;注册事件段首
00A328B1|.8BEC mov ebp,esp
00A328B3|.6A FF push -0x1
00A328B5|.68 A04EA300 push ZCDLOG.00A34EA0 ;SE 处理程序安装
00A328BA|.64:A1 0000000>mov eax,dword ptr fs:
00A328C0|.50 push eax
00A328C1|.64:8925 00000>mov dword ptr fs:,esp
00A328C8|.81EC 44020000 sub esp,0x244
00A328CE|.53 push ebx
00A328CF|.56 push esi
00A328D0|.57 push edi
00A328D1|.51 push ecx
00A328D2|.8DBD B0FDFFFF lea edi,
00A328D8|.B9 91000000 mov ecx,0x91
00A328DD|.B8 CCCCCCCC mov eax,0xCCCCCCCC
00A328E2|.F3:AB rep stos dword ptr es:
00A328E4|.59 pop ecx
00A328E5|.894D F0 mov ,ecx
00A328E8|.68 F0550000 push 0x55F0
00A328ED|.8B4D F0 mov ecx,
00A328F0|.E8 7B100000 call <jmp.&MFC42D.#2435>
00A328F5|.8945 EC mov ,eax
00A328F8|.B9 07000000 mov ecx,0x7
00A328FD|.BE 4463A400 mov esi,ZCDLOG.00A46344 ;ASCII "EFXSR3H8DE5U3FGY4AC1ND8F5KL"
00A32902|.8D7D 88 lea edi,
00A32905|.F3:A5 rep movs dword ptr es:,dword pt>
00A32907|.B9 12000000 mov ecx,0x12
00A3290C|.33C0 xor eax,eax
00A3290E|.8D7D A4 lea edi,
00A32911|.F3:AB rep stos dword ptr es:
00A32913|.6A 64 push 0x64
00A32915|.8D85 24FFFFFF lea eax,
00A3291B|.50 push eax
00A3291C|.8B4D EC mov ecx,
00A3291F|.E8 46100000 call <jmp.&MFC42D.#3173>
00A32924|.8D4D 88 lea ecx,
00A32927|.51 push ecx ; /s
00A32928|.E8 A9100000 call <jmp.&MSVCRTD.strlen> ; \strlen
00A3292D|.83C4 04 add esp,0x4
00A32930|.8985 1CFFFFFF mov ,eax
00A32936|.EB 0F jmp short ZCDLOG.00A32947
00A32938|>8B95 1CFFFFFF /mov edx,
00A3293E|.83EA 01 |sub edx,0x1
00A32941|.8995 1CFFFFFF |mov ,edx
00A32947|>83BD 1CFFFFFF> cmp ,0x0
00A3294E|.7C 16 |jl short ZCDLOG.00A32966
00A32950|.8B85 1CFFFFFF |mov eax,
00A32956|.8B8D 1CFFFFFF |mov ecx,
00A3295C|.8A540D 88 |mov dl,byte ptr ss:
00A32960|.885405 8E |mov byte ptr ss:,dl
00A32964|.^ EB D2 \jmp short ZCDLOG.00A32938
00A32966|>C785 1CFFFFFF>mov ,0x0
00A32970|.EB 0F jmp short ZCDLOG.00A32981
00A32972|>8B85 1CFFFFFF /mov eax, ;取机器码前6位(A)
00A32978|.83C0 01 |add eax,0x1
00A3297B|.8985 1CFFFFFF |mov ,eax
00A32981|>83BD 1CFFFFFF> cmp ,0x5
00A32988|.7F 19 |jg short ZCDLOG.00A329A3
00A3298A|.8B8D 1CFFFFFF |mov ecx,
00A32990|.8B95 1CFFFFFF |mov edx,
00A32996|.8A8415 24FFFF>|mov al,byte ptr ss:
00A3299D|.88440D 88 |mov byte ptr ss:,al
00A329A1|.^ EB CF \jmp short ZCDLOG.00A32972
00A329A3|>8D4D 88 lea ecx,
00A329A6|.51 push ecx ; /s
00A329A7|.E8 2A100000 call <jmp.&MSVCRTD.strlen> ; \strlen
00A329AC|.83C4 04 add esp,0x4
00A329AF|.8985 18FFFFFF mov ,eax
00A329B5|.C785 1CFFFFFF>mov ,0x0
00A329BF|.EB 0F jmp short ZCDLOG.00A329D0 ;从机器码第7位开始取7位(B)
00A329C1|>8B95 1CFFFFFF /mov edx,
00A329C7|.83C2 01 |add edx,0x1
00A329CA|.8995 1CFFFFFF |mov ,edx
00A329D0|>83BD 1CFFFFFF> cmp ,0x6
00A329D7|.7F 1F |jg short ZCDLOG.00A329F8
00A329D9|.8B85 18FFFFFF |mov eax,
00A329DF|.0385 1CFFFFFF |add eax,
00A329E5|.8B8D 1CFFFFFF |mov ecx, ;A+"EFXSR3H8DE5U3FGY4AC1ND8F5KL"+B
00A329EB|.8A940D 2AFFFF>|mov dl,byte ptr ss:
00A329F2|.885405 88 |mov byte ptr ss:,dl
00A329F6|.^ EB C9 \jmp short ZCDLOG.00A329C1
00A329F8|>C785 20FFFFFF>mov ,0x0
00A32A02|.C785 1CFFFFFF>mov ,0x0
00A32A0C|.EB 0F jmp short ZCDLOG.00A32A1D
00A32A0E|>8B85 1CFFFFFF /mov eax,
00A32A14|.83C0 01 |add eax,0x1
00A32A17|.8985 1CFFFFFF |mov ,eax
00A32A1D|>8D4D 88 lea ecx,
00A32A20|.51 |push ecx ; /s
00A32A21|.E8 B00F0000 |call <jmp.&MSVCRTD.strlen> ; \strlen
00A32A26|.83C4 04 |add esp,0x4
00A32A29|.83E8 01 |sub eax,0x1
00A32A2C|.3985 1CFFFFFF |cmp ,eax
00A32A32|.77 35 |ja short ZCDLOG.00A32A69
00A32A34|.8B95 20FFFFFF |mov edx,
00A32A3A|.81EA 41621C4A |sub edx,0x4A1C6241 ;EDX - 0x4A1C6241
00A32A40|.8995 20FFFFFF |mov ,edx
00A32A46|.8B85 1CFFFFFF |mov eax,
00A32A4C|.0FBE4C05 88 |movsx ecx,byte ptr ss:;取ASCII
00A32A51|.B8 5A040000 |mov eax,0x45A
00A32A56|.99 |cdq
00A32A57|.F7F9 |idiv ecx ;0x45A\ASCII
00A32A59|.8B85 20FFFFFF |mov eax,
00A32A5F|.2BC2 |sub eax,edx ;EAX - 0x45A Mod ASCII
00A32A61|.8985 20FFFFFF |mov ,eax
00A32A67|.^ EB A5 \jmp short ZCDLOG.00A32A0E
00A32A69|>8D8D 14FFFFFF lea ecx,
00A32A6F|.E8 5A0E0000 call <jmp.&MFC42D.#492>
00A32A74|.C745 FC 00000>mov ,0x0
00A32A7B|.8D8D 10FFFFFF lea ecx,
00A32A81|.E8 480E0000 call <jmp.&MFC42D.#492>
00A32A86|.C645 FC 01 mov byte ptr ss:,0x1
00A32A8A|.8B8D 20FFFFFF mov ecx,
00A32A90|.51 push ecx
00A32A91|.68 EC64A400 push ZCDLOG.00A464EC ;ASCII "%x"
00A32A96|.8D95 14FFFFFF lea edx,
00A32A9C|.52 push edx
00A32A9D|.E8 C20E0000 call <jmp.&MFC42D.#2168>
00A32AA2|.83C4 0C add esp,0xC
00A32AA5|.8D85 14FFFFFF lea eax,
00A32AAB|.50 push eax
00A32AAC|.68 A860A400 push ZCDLOG.00A460A8 ;ASCII "HDCDUSB"
00A32AB1|.8D8D 04FEFFFF lea ecx,
00A32AB7|.E8 A20E0000 call <jmp.&MFC42D.#487>
00A32ABC|.8985 FCFDFFFF mov ,eax
00A32AC2|.8B8D FCFDFFFF mov ecx,
00A32AC8|.898D F8FDFFFF mov ,ecx
00A32ACE|.C645 FC 02 mov byte ptr ss:,0x2
00A32AD2|.8B95 F8FDFFFF mov edx,
00A32AD8|.52 push edx
00A32AD9|.8D85 00FEFFFF lea eax,
00A32ADF|.50 push eax
00A32AE0|.E8 730E0000 call <jmp.&MFC42D.#899>
00A32AE5|.8985 F4FDFFFF mov ,eax
00A32AEB|.8B8D F4FDFFFF mov ecx,
00A32AF1|.898D F0FDFFFF mov ,ecx
00A32AF7|.C645 FC 03 mov byte ptr ss:,0x3
00A32AFB|.8B95 F0FDFFFF mov edx,
00A32B01|.52 push edx
00A32B02|.8D8D 14FFFFFF lea ecx,
00A32B08|.E8 450E0000 call <jmp.&MFC42D.#734>
00A32B0D|.C645 FC 02 mov byte ptr ss:,0x2
00A32B11|.8D8D 00FEFFFF lea ecx,
00A32B17|.E8 9A0D0000 call <jmp.&MFC42D.#684>
00A32B1C|.C645 FC 01 mov byte ptr ss:,0x1
00A32B20|.8D8D 04FEFFFF lea ecx,
00A32B26|.E8 8B0D0000 call <jmp.&MFC42D.#684>
00A32B2B|.8D8D 14FFFFFF lea ecx,
00A32B31|.E8 160E0000 call <jmp.&MFC42D.#3483>
00A32B36|.8D85 10FFFFFF lea eax,
00A32B3C|.50 push eax
00A32B3D|.68 F1550000 push 0x55F1
00A32B42|.8B4D F0 mov ecx,
00A32B45|.E8 260E0000 call <jmp.&MFC42D.#2435>
00A32B4A|.8BC8 mov ecx,eax
00A32B4C|.E8 F50D0000 call <jmp.&MFC42D.#3174>
00A32B51|.8D8D 14FFFFFF lea ecx,
00A32B57|.51 push ecx
00A32B58|.8D95 10FFFFFF lea edx,
00A32B5E|.52 push edx
00A32B5F|.E8 DC0D0000 call <jmp.&MFC42D.#812>
00A32B64|.25 FF000000 and eax,0xFF
00A32B69|.85C0 test eax,eax
00A32B6B|.0F84 DD040000 je ZCDLOG.00A3304E ;关键跳
00A32B71|.C685 10FEFFFF>mov byte ptr ss:,0x0
00A32B78|.B9 3F000000 mov ecx,0x3F
00A32B7D|.33C0 xor eax,eax
00A32B7F|.8DBD 11FEFFFF lea edi,dword ptr ss:
00A32B85|.F3:AB rep stos dword ptr es:
00A32B87|.66:AB stos word ptr es:
00A32B89|.8BF4 mov esi,esp
00A32B8B|.8D85 10FEFFFF lea eax,
00A32B91|.50 push eax ; /s
00A32B92|.FF15 8886A400 call dword ptr ds:[<&MSVCRTD.atoi>] ; \atoi
00A32B98|.83C4 04 add esp,0x4
00A32B9B|.3BF4 cmp esi,esp
00A32B9D|.E8 040E0000 call <jmp.&MSVCRTD._chkesp>
00A32BA2|.8985 08FEFFFF mov ,eax
00A32BA8|.83BD 08FEFFFF>cmp ,0x0
00A32BAF|.0F85 80040000 jnz ZCDLOG.00A33035
00A32BB5|.8BF4 mov esi,esp
00A32BB7|.8D8D 0CFEFFFF lea ecx,
......
...... ;写注册表部分
......
00A330A4\.C3 retn
算法总结:
1、取机器码前6位记为A
2、从机器码第7位开始取7位记为B
3、组合字符串C=A+"EFXSR3H8DE5U3FGY4AC1ND8F5KL"+B
4、计算部分:
D=0
开始循环
D=D-0x4A1C6241
E=0x45A mod 逐位ASCII
D=D-E
循环(直到所有字符计算完成)
[这一步程序取的D是16进制字符串D]
5、组合注册码="HDCDUSB"+D
-----------------------------------------------------------------------------------
〖破解总结〗:
没什么好总结的。
-----------------------------------------------------------------------------------
〖版权声明〗:转载请注明Null原创!
Null2011-5-15 0:19:28
沙发···· 路过,打酱油。。。 看看是什么 很详细的说明谢谢了~~~ 楼主说的很详细,谢谢教程 请问楼主,这个软件属不属于重启验证类型的。 学习学习 不错,学习的好例子啊………… 作者太犀利飘过