009
稍微难点.根据字符串得到关键位置(ida要修改字符串类型)
第一轮
先把所有字符的ascii码加起来
.text:0040213A lea edx, [ebp+var_6C]
.text:0040213D lea eax, [ebp+pCounter]
.text:00402140 push edx ; pLenth
.text:00402141 push eax ; pValue
.text:00402142 mov [ebp+var_6C.Data], 1
.text:00402149 mov dword ptr [ebp+var_6C.varType], ebx
.text:0040214C call ds:__vbaI4Var
.text:00402152 lea ecx, [ebp+pUserName]
.text:00402155 push eax ; nStart
.text:00402156 lea edx, [ebp+pTitle]
.text:00402159 push ecx ; pSrc
.text:0040215A push edx ; pDst
.text:0040215B call ds:rtcMidCharVar ;取出第n位字母
.text:00402161 lea eax, [ebp+pTitle]
.text:00402164 lea ecx, [ebp+Tmp]
.text:00402167 push eax ; pSrc
.text:00402168 push ecx ; pDst
.text:00402169 call ds:__vbaStrVarVal
.text:0040216F push eax ; Str
.text:00402170 call ds:rtcAnsiValueBstr ;变ascii
.text:00402176 mov word ptr [ebp+var_BC.Data], ax
.text:0040217D lea edx, [ebp+pValue2]
.text:00402180 lea eax, [ebp+var_BC]
.text:00402186 push edx ; pValue2
.text:00402187 lea ecx, [ebp+pret]
.text:0040218D push eax ; pValue1
.text:0040218E push ecx ; pret
.text:0040218F mov dword ptr [ebp+var_BC.varType], ebx
.text:00402195 call ds:__vbaVarAdd ;累加
.text:0040219B mov edx, eax ; pSrc
.text:0040219D lea ecx, [ebp+pValue2] ; pDst ;保存在局部变量中
.text:004021A0 call esi ; __vbaVarMove
.text:004021A2 lea ecx, [ebp+Tmp] ; Str
.text:004021A5 call ds:__vbaFreeStr
.text:004021AB lea edx, [ebp+pTitle]
.text:004021AE lea eax, [ebp+var_6C]
.text:004021B1 push edx
第二轮
然后吧第一步的结果乘1234567890,变成字串,替换 4,9位置为-
我今天才知道VB的Mid函数可以赋值
.text:004021D6 lea ecx, [ebp+pValue2]
.text:004021D9 lea edx, [ebp+pStep]
.text:004021DF push ecx ; pValue2
.text:004021E0 lea eax, [ebp+var_6C]
.text:004021E3 push edx ; pValue1
.text:004021E4 push eax ; pret
.text:004021E5 mov [ebp+pStep.Data], 1234567890 ;一轮的结果乘1234567890
.text:004021EF mov dword ptr [ebp+pStep.varType], 3
.text:004021F9 call ds:__vbaVarMul
.text:004021FF mov edx, eax ; pSrc
.text:00402201 lea ecx, [ebp+pValue2] ; pDst
.text:00402204 call esi ; __vbaVarMove
.text:00402206 mov ebx, ds:__vbaMidStmtVar
.text:0040220C lea ecx, [ebp+pValue2]
.text:0040220F push ecx ; pSrc
.text:00402210 push 4 ; nStart ;置换第4个字母为 -
.text:00402212 lea edx, [ebp+pStep]
.text:00402218 push 1 ; Lenth
.text:0040221A push edx ; pRet
.text:0040221B mov [ebp+pStep.Data], offset dword_401C34
.text:00402225 mov dword ptr [ebp+pStep.varType], 8
.text:0040222F call ebx ; __vbaMidStmtVar
.text:00402231 lea eax, [ebp+pValue2]
.text:00402234 lea ecx, [ebp+pStep]
.text:0040223A push eax ; pSrc
.text:0040223B push 9 ; nStart ;置换第九个字母为 -
.text:0040223D push 1 ; Lenth
.text:0040223F push ecx ; pRet
.text:00402240 mov [ebp+pStep.Data], offset dword_401C34
.text:0040224A mov dword ptr [ebp+pStep.varType], 8
.text:00402254 call ebx ; __vbaMidStmtVar
.text:00402256 mov eax, [ebp+arg_0]
.text:00402259 push eax
.text:0040225A mov edx, [eax]
.text:0040225C call dword ptr [edx+304h]
注册机
这个注册机在编程上边卡了好长时间,数字太大,变成浮点后,C#老是自己变成科学计数法,后来实在没法,拉出大整数类才解决
static string RegCode(string name)
{
int nRet = 0;
for (int i = 0; i < name.Length; i++)
{
nRet = name[i] + nRet;
}
BigInteger Num = new BigInteger(1234567890);
Num = Num * nRet;
string t = Num.ToString();
return $"{t.Substring(0, 3)}-{t.Substring(4, 4)}-{t.Substring(9)}";
}
发表于 2021-1-18 20:16
