好友
阅读权限10
听众
最后登录1970-1-1
|
本帖最后由 姐又寡闻了 于 2019-6-6 22:45 编辑
【文章标题】:XX快递单打印软件 简易版V3.5 注册算法分析
【软件名称】: XX快递单打印软件 简易版V3.5
【下载地址】: http://www.52pojie.cn/thread-519339-1-1.html
【使用工具】: OD等
【加密方式】: MD5变形
【软件介绍】: 一看就明白干什么的。
【 声 明】: 仅为算法研究,勿作它途。
看到论坛里讨论这个软件热火朝天,呵呵,我也凑凑热闹,分析它的算法,ZF0806吾是土豪做了内存机,感谢他的分享。。。
序列号:C155AF752FEBAAC4E2F36B6D24225A3F
注册码:38541151EFAC4B5C3A60C193D277ADB5
PEID检测信息:
Borland Delphi 6.0 - 7.0
加密算法
ADLER32 :: 001B677B :: 005B737B
The reference is above.
BASE64 table :: 0028782C :: 0068842C
Referenced at 0076F6C4
BASE64 table :: 00366B50 :: 00767B50
Referenced at 004F3A7A
Referenced at 004F3A95
Referenced at 004F3ABD
Referenced at 004F3AD9
CRC32 :: 00369E58 :: 0076AE58
Referenced at 005B5529
CRC32 :: 0036A288 :: 0076B288
Referenced at 005B73AD
Referenced at 005B73B8
Referenced at 005B74D8
Referenced at 005B77AE
MD5 :: 000FD4E5 :: 004FE0E5
The reference is above.
ZLIB deflate [word] :: 0036CD2C :: 0076DD2C
Referenced at 005B9A2B
第一步:为什么要研究下机器码是怎么生成的呢,因为下面关于注册码的生成和机器码是一样的。
[Asm] 纯文本查看 复制代码 00704CA0 /. 55 push ebp
00704CA1 |. 8BEC mov ebp,esp
00704CA3 |. B9 04000000 mov ecx,0x4
00704CA8 |> 6A 00 /push 0x0
00704CAA |. 6A 00 |push 0x0
00704CAC |. 49 |dec ecx
00704CAD |.^ 75 F9 \jnz short KDSimple.00704CA8///////////////F2断点,F9运行后,点“注册”按钮断下来了。
。。。。。。。。。(省略无关代码)
00704D5E |. E8 79FAD7FF call KDSimple.004847DC
00704D63 |. FF75 E4 push [local.7] ; (ASCII "用户注册")
00704D66 |. 68 244E7000 push KDSimple.00704E24 ; UNICODE " "
00704D6B |. 8D55 E0 lea edx,[local.8]
00704D6E |. A1 8CDF5300 mov eax,dword ptr ds:[0x53DF8C]
00704D73 |. E8 6495E3FF call KDSimple.0053E2DC
00704D78 |. FF75 E0 push [local.8] ; (ASCII "T100V3.5")
00704D7B |. 68 444E7000 push KDSimple.00704E44
00704D80 |. 8D45 E8 lea eax,[local.6]
00704D83 |. BA 04000000 mov edx,0x4
00704D88 |. E8 2BFCCFFF call KDSimple.004049B8
00704D8D |. 8B55 E8 mov edx,[local.6] ; (ASCII "用户注册 T100V3.5[未注册]")
00704D90 |. 8BC3 mov eax,ebx
00704D92 |. E8 75FAD7FF call KDSimple.0048480C
00704D97 |. 8D45 DC lea eax,[local.9]
00704D9A |. E8 2998E3FF call KDSimple.0053E5C8 ; ///////////生成机器码
00704D9F |. 8B55 DC mov edx,[local.9] ; (ASCII "C155AF752FEBAAC4E2F36B6D24225A3F")
00704DA2 |. 8B83 00030000 mov eax,dword ptr ds:[ebx+0x300]
00704DA8 |. E8 5FFAD7FF call KDSimple.0048480C
00704DAD |. B2 01 mov dl,0x1
00704DAF |. 8B83 08030000 mov eax,dword ptr ds:[ebx+0x308]
生成机器码
0053E5C8 /$ 55 push ebp
0053E5C9 |. 8BEC mov ebp,esp
0053E5CB |. 6A 00 push 0x0
0053E5CD |. 53 push ebx
0053E5CE |. 8BD8 mov ebx,eax
0053E5D0 |. 33C0 xor eax,eax
0053E5D2 |. 55 push ebp
0053E5D3 |. 68 06E65300 push KDSimple.0053E606
0053E5D8 |. 64:FF30 push dword ptr fs:[eax]
0053E5DB |. 64:8920 mov dword ptr fs:[eax],esp
0053E5DE |. 8D45 FC lea eax,[local.1]
0053E5E1 |. E8 72F5FBFF call KDSimple.004FDB58////////////////////////取CPUID
-------------------------------------------------------
............
004FDB61 |. E8 DE97F0FF call <jmp.&kernel32.GetCurrentProcess> ; [GetCurrentProcess
004FDB66 |. BA 01000000 mov edx,0x1
004FDB6B |. E8 78000000 call KDSimple.004FDBE8
004FDB70 |. 53 push ebx
004FDB71 |. 51 push ecx
004FDB72 |. 52 push edx
004FDB73 |. B8 01000000 mov eax,0x1
004FDB78 |. 0FA2 cpuid
004FDB7A |. 8945 FC mov [local.1],eax ; eax=00040651
004FDB7D |. 895D F8 mov [local.2],ebx ; ebx=00100800
004FDB80 |. 894D F4 mov [local.3],ecx ; ecx=7FDAFBBF
004FDB83 |. 8955 F0 mov [local.4],edx ; edx=BFEBFBFF
004FDB86 |. 5A pop edx ; KDSimple.0053E5E6
004FDB87 |. 59 pop ecx ; KDSimple.0053E5E6
004FDB88 |. 5B pop ebx ; KDSimple.0053E5E6
004FDB89 |. 53 push ebx
004FDB8A |. 8B45 FC mov eax,[local.1]
004FDB8D |. 8945 D0 mov [local.12],eax
004FDB90 |. C645 D4 00 mov byte ptr ss:[ebp-0x2C],0x0
004FDB94 |. 8B45 F8 mov eax,[local.2]
004FDB97 |. 8945 D8 mov [local.10],eax
004FDB9A |. C645 DC 00 mov byte ptr ss:[ebp-0x24],0x0
004FDB9E |. 8B45 F4 mov eax,[local.3]
004FDBA1 |. 8945 E0 mov [local.8],eax
004FDBA4 |. C645 E4 00 mov byte ptr ss:[ebp-0x1C],0x0
004FDBA8 |. 8B45 F0 mov eax,[local.4] ; KDSimple.0053E606
004FDBAB |. 8945 E8 mov [local.6],eax
004FDBAE |. C645 EC 00 mov byte ptr ss:[ebp-0x14],0x0
004FDBB2 |. 8D55 D0 lea edx,[local.12]
004FDBB5 |. B9 03000000 mov ecx,0x3
004FDBBA |. B8 D4DB4F00 mov eax,KDSimple.004FDBD4 ; %.8x-%.8x-%.8x-%.8x
--------------------------------------------------------
0053E5E6 |. 8B45 FC mov eax,[local.1] ; (ASCII "00040651-00100800-7FDAFBBF-BFEBFBFF")
0053E5E9 |. 8BD3 mov edx,ebx
0053E5EB |. E8 24000000 call KDSimple.0053E614 ; ///////F7进入
0053E5F0 |. 33C0 xor eax,eax
0053E5F2 |. 5A pop edx ; 0012F8E0
0053E5F3 |. 59 pop ecx ; 0012F8E0
0053E5F4 |. 59 pop ecx ; 0012F8E0
0053E628 |. 55 push ebp
0053E629 |. 68 59E65300 push KDSimple.0053E659
0053E62E |. 64:FF30 push dword ptr fs:[eax]
0053E631 |. 64:8920 mov dword ptr fs:[eax],esp
0053E634 |. 8BCB mov ecx,ebx
0053E636 |. BA 64000000 mov edx,0x64@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@edx=64这个值很重要
0053E63B |. 8B45 FC mov eax,[local.1] ; (ASCII "00040651-00100800-7FDAFBBF-BFEBFBFF")
0053E63E |. E8 D105FCFF call KDSimple.004FEC14 ; ////////////F7进入
0053E643 |. 33C0 xor eax,eax
0053E645 |. 5A pop edx ; 0012F8C4
0053E646 |. 59 pop ecx ; 0012F8C4
0053E647 |. 59 pop ecx ; 0012F8C4
004FEC43 |. 8B45 FC mov eax,[local.1] ; (ASCII "00040651-00100800-7FDAFBBF-BFEBFBFF")
004FEC46 |. E8 A5FEFFFF call KDSimple.004FEAF0 ; /////////////
004FEC4B |. 8D45 E8 lea eax,[local.6]
004FEC4E |. 8D55 F8 lea edx,[local.2]
004FEC51 |. E8 12FFFFFF call KDSimple.004FEB68 ;MD5(00040651-00100800-7FDAFBBF-BFEBFBFF)=
004FEC56 |. 8B45 F8 mov eax,[local.2] ; (ASCII "c155af752febaac4e2f36b6d24225a3f")
进入004FEB68可以看到已经计算的MD5的结果
004FEC51 |. E8 12FFFFFF call KDSimple.004FEB68
004FEB68 /$ 55 push ebp
004FEB69 |. 8BEC mov ebp,esp
004FEB6B |. 83C4 E8 add esp,-0x18
004FEB6E |. 53 push ebx
004FEB6F |. 56 push esi
。。。。。。。。。。。(省略无关代码)
004FEB7E |. A5 movs dword ptr es:[edi],dword ptr ds:[esi] ; ds:[esi]=stack [0012FD54]=75AF55C1
004FEB7F |. A5 movs dword ptr es:[edi],dword ptr ds:[esi] ; ds:[esi]=stack [0012FD58]=C4AAEB2F
004FEB80 |. A5 movs dword ptr es:[edi],dword ptr ds:[esi] ; ds:[esi]=stack [0012FD5C]=6D6BF3E2
004FEB81 |. A5 movs dword ptr es:[edi],dword ptr ds:[esi] ; ds:[esi]=stack [0012FD60]=3F5A2224
。。。。。。。。。。。
进入上一个call KDSimple.004FEAF0 (决定四个常量值)
[Asm] 纯文本查看 复制代码 。。。。。。。。。。。(省略无关代码)
004FEB1A |. E8 7DFCFFFF call KDSimple.004FE79C
004FE79C /$ 53 push ebx
004FE79D |. 8BD8 mov ebx,eax
004FE79F |. 81FA 58020000 cmp edx,0x258 ; Switch (cases 0..384)
004FE7A5 |. 7F 4A jg short KDSimple.004FE7F1
004FE7A7 |. 0F84 46010000 je KDSimple.004FE8F3
004FE7AD |. 81FA 2C010000 cmp edx,0x12C
004FE7B3 |. 7F 22 jg short KDSimple.004FE7D7
004FE7B5 |. 0F84 D8000000 je KDSimple.004FE893
004FE7BB |. 83EA 01 sub edx,0x1
004FE7BE |. 72 73 jb short KDSimple.004FE833
004FE7C0 |. 83EA 63 sub edx,0x63
004FE7C3 |. 0F84 8A000000 je KDSimple.004FE853
004FE7C9 |. 83EA 64 sub edx,0x64
004FE7CC |. 0F84 A1000000 je KDSimple.004FE873
004FE7D2 |. E9 D3010000 jmp KDSimple.004FE9AA
004FE7D7 |> 81EA 90010000 sub edx,0x190
004FE7DD |. 0F84 D0000000 je KDSimple.004FE8B3
004FE7E3 |. 83EA 64 sub edx,0x64
004FE7E6 |. 0F84 E7000000 je KDSimple.004FE8D3
004FE7EC |. E9 B9010000 jmp KDSimple.004FE9AA
004FE7F1 |> 81FA 7A030000 cmp edx,0x37A
004FE7F7 |. 7F 20 jg short KDSimple.004FE819
004FE7F9 |. 0F84 54010000 je KDSimple.004FE953
004FE7FF |. 81EA BC020000 sub edx,0x2BC
004FE805 |. 0F84 08010000 je KDSimple.004FE913
004FE80B |. 83EA 64 sub edx,0x64
004FE80E |. 0F84 1F010000 je KDSimple.004FE933
004FE814 |. E9 91010000 jmp KDSimple.004FE9AA
004FE819 |> 81EA 7B030000 sub edx,0x37B
004FE81F |. 0F84 4B010000 je KDSimple.004FE970
004FE825 |. 83EA 09 sub edx,0x9
004FE828 |. 0F84 5F010000 je KDSimple.004FE98D
004FE82E |. E9 77010000 jmp KDSimple.004FE9AA
004FE833 |> \C703 2F92ADA3 mov dword ptr ds:[ebx],0xA3AD922F
004FE839 |. C743 04 CDF4A>mov dword ptr ds:[ebx+0x4],0x98AEF4CD
004FE840 |. C743 08 AD4CE>mov dword ptr ds:[ebx+0x8],0xDBE34CAD
004FE847 |. C743 0C 323D1>mov dword ptr ds:[ebx+0xC],0xCE1D3D32
004FE84E |. E9 8F010000 jmp KDSimple.004FE9E2
004FE853 |> C703 1F912DA3 mov dword ptr ds:[ebx],0xA32D911F ; Case 64 of switch 004FE79F////
004FE859 |. C743 04 2DF2A>mov dword ptr ds:[ebx+0x4],0x93AEF22D
004FE860 |. C743 08 3D44E>mov dword ptr ds:[ebx+0x8],0xDFE2443D
004FE867 |. C743 0C 423DF>mov dword ptr ds:[ebx+0xC],0xCEFD3D42
004FE86E |. E9 6F010000 jmp KDSimple.004FE9E2
004FE873 |> C703 5F118DA3 mov dword ptr ds:[ebx],0xA38D115F ; Case C8 of switch 004FE79F
004FE879 |. C743 04 6DF2D>mov dword ptr ds:[ebx+0x4],0x94DEF26D
004FE880 |. C743 08 7D8CE>mov dword ptr ds:[ebx+0x8],0xDFE38C7D
004FE887 |. C743 0C 823DC>mov dword ptr ds:[ebx+0xC],0xCECD3D82
004FE88E |. E9 4F010000 jmp KDSimple.004FE9E2
004FE893 |> C703 9F91DDA3 mov dword ptr ds:[ebx],0xA3DD919F ; Case 12C of switch 004FE79F
004FE899 |. C743 04 0DF1A>mov dword ptr ds:[ebx+0x4],0x98A5F10D
004FE8A0 |. C743 08 CD41E>mov dword ptr ds:[ebx+0x8],0xDFE341CD
004FE8A7 |. C743 0C 2232F>mov dword ptr ds:[ebx+0xC],0xCEFD3222
004FE8AE |. E9 2F010000 jmp KDSimple.004FE9E2
004FE8B3 |> C703 2F118DA3 mov dword ptr ds:[ebx],0xA38D112F ; Case 190 of switch 004FE79F
004FE8B9 |. C743 04 4DF16>mov dword ptr ds:[ebx+0x4],0x9862F14D
004FE8C0 |. C743 08 5D41E>mov dword ptr ds:[ebx+0x8],0xD8E3415D
004FE8C7 |. C743 0C 62310>mov dword ptr ds:[ebx+0xC],0xCE0D3162
004FE8CE |. E9 0F010000 jmp KDSimple.004FE9E2
004FE8D3 |> C703 7F9A8DA3 mov dword ptr ds:[ebx],0xA38D9A7F ; Case 1F4 of switch 004FE79F
004FE8D9 |. C743 04 8DF17>mov dword ptr ds:[ebx+0x4],0x9A7EF18D
004FE8E0 |. C743 08 9D41E>mov dword ptr ds:[ebx+0x8],0xD0E7419D
004FE8E7 |. C743 0C 02326>mov dword ptr ds:[ebx+0xC],0xCE6D3202
004FE8EE |. E9 EF000000 jmp KDSimple.004FE9E2
004FE8F3 |> C703 1F928BA3 mov dword ptr ds:[ebx],0xA38B921F ; Case 258 of switch 004FE79F
004FE8F9 |. C743 04 2DF2A>mov dword ptr ds:[ebx+0x4],0x98AEF22D
004FE900 |. C743 08 3D429>mov dword ptr ds:[ebx+0x8],0xDF93423D
004FE907 |. C743 0C 4232F>mov dword ptr ds:[ebx+0xC],0xCEF03242
004FE90E |. E9 CF000000 jmp KDSimple.004FE9E2
004FE913 |> C703 1F948BA3 mov dword ptr ds:[ebx],0xA38B941F ; Case 2BC of switch 004FE79F
004FE919 |. C743 04 2DF2A>mov dword ptr ds:[ebx+0x4],0x98AEF22D
004FE920 |. C743 08 3D429>mov dword ptr ds:[ebx+0x8],0xDF9F423D
004FE927 |. C743 0C D232F>mov dword ptr ds:[ebx+0xC],0xCEF132D2
004FE92E |. E9 AF000000 jmp KDSimple.004FE9E2
004FE933 |> C703 1F22FFA3 mov dword ptr ds:[ebx],0xA3FF221F ; Case 320 of switch 004FE79F
004FE939 |. C743 04 1DF2A>mov dword ptr ds:[ebx+0x4],0x98AEF21D
004FE940 |. C743 08 3DDA9>mov dword ptr ds:[ebx+0x8],0xDA93DA3D
004FE947 |. C743 0C 4262F>mov dword ptr ds:[ebx+0xC],0xC0F06242
004FE94E |. E9 8F000000 jmp KDSimple.004FE9E2
004FE953 |> C703 2F92DDA3 mov dword ptr ds:[ebx],0xA3DD922F ; Case 37A of switch 004FE79F
004FE959 |. C743 04 CDF4C>mov dword ptr ds:[ebx+0x4],0x98CEF4CD
004FE960 |. C743 08 AD4FE>mov dword ptr ds:[ebx+0x8],0xDBE34FAD
004FE967 |. C743 0C 323D1>mov dword ptr ds:[ebx+0xC],0xCE143D32
004FE96E |. EB 72 jmp short KDSimple.004FE9E2
004FE970 |> C703 2F921DA3 mov dword ptr ds:[ebx],0xA31D922F ; Case 37B of switch 004FE79F
004FE976 |. C743 04 CDF4C>mov dword ptr ds:[ebx+0x4],0x98C4F4CD
004FE97D |. C743 08 0D4FE>mov dword ptr ds:[ebx+0x8],0xDBEE4F0D
004FE984 |. C743 0C 323D1>mov dword ptr ds:[ebx+0xC],0xFD143D32
004FE98B |. EB 55 jmp short KDSimple.004FE9E2
004FE98D |> C703 1F9F82A3 mov dword ptr ds:[ebx],0xA3829F1F ; Case 384 of switch 004FE79F
004FE993 |. C743 04 2DD2A>mov dword ptr ds:[ebx+0x4],0x98A3D22D
004FE99A |. C743 08 AD449>mov dword ptr ds:[ebx+0x8],0xDF9344AD
004FE9A1 |. C743 0C 4238F>mov dword ptr ds:[ebx+0xC],0xCEF03842
004FE9A8 |. EB 38 jmp short KDSimple.004FE9E2
根据EBX的值来决定MD5的四个常量,由我的CPUID计算EBX=64,对应的为
0xA32D911F
0x93AEF22D
0xDFE2443D
0xCEFD3D42
测试下,放入DELPHI中,修改下pas文件,计算下的确算出MD5结果为C155AF752FEBAAC4E2F36B6D24225A3F
004FEB1F |. 8B45 FC mov eax,[local.1]
004FEB22 |. E8 D15DF0FF call KDSimple.004048F8
004FEB27 |. 50 push eax
004FEB28 |. 8B45 FC mov eax,[local.1] ; (ASCII "00040651-00100800-7FDAFBBF-BFEBFBFF")
004FEB2B |. E8 C85FF0FF call KDSimple.00404AF8
004FEB30 |. 8BD0 mov edx,eax
004FEB32 |. 8D45 A4 lea eax,[local.23]
004FEB35 |. 59 pop ecx
004FEB36 |. E8 C1FEFFFF call KDSimple.004FE9FC ; /////////////MD5计算
第二步,寻找算法,将程序载入DEDE,很容易来到
00704E50 55 push ebp
00704E51 8BEC mov ebp, esp
00704E53 33C9 xor ecx, ecx
00704E55 51 push ecx
00704E56 51 push ecx
00704E57 51 push ecx
00704E58 51 push ecx
00704E59 51 push ecx
00704E5A 53 push ebx
00704E5B 8BD8 mov ebx, eax
00704E5D 33C0 xor eax, eax
00704E5F 55 push ebp
00704E60 68244F7000 push $00704F24
***** TRY
|
00704E65 64FF30 push dword ptr fs:[eax]
00704E68 648920 mov fs:[eax], esp
00704E6B 8D55FC lea edx, [ebp-$04]
* Reference to control Edit2 : TEdit
|
00704E6E 8B8304030000 mov eax, [ebx+$0304]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00704E74 E863F9D7FF call 004847DC
00704E79 8B45FC mov eax, [ebp-$04]// 假码(ASCII "12345678901234567890123456789012")
00704E7C 50 push eax
00704E7D 8D55F4 lea edx, [ebp-$0C]
* Reference to control Edit1 : TEdit
|
00704E80 8B8300030000 mov eax, [ebx+$0300]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00704E86 E851F9D7FF call 004847DC
00704E8B 8B45F4 mov eax, [ebp-$0C]// 机器码(ASCII "C155AF752FEBAAC4E2F36B6D24225A3F")
00704E8E 8D55F8 lea edx, [ebp-$08]
* Reference to: Graphics.TFont.SetData(TFont;TFontData;TFontData);
| or: Graphics.TPen.SetData(TPen;TPenData;TPenData);
| or: Graphics.TBrush.SetData(TBrush;TBrushData;TBrushData);
|
00704E91 E8CE97E3FF call 0053E664//////////////////////F7
00704E96 8B55F8 mov edx, [ebp-$08]// (ASCII "38541151EFAC4B5C3A60C193D277ADB5")
00704E99 58 pop eax // (ASCII "12345678901234567890123456789012")
* Reference to: System.@LStrCmp;
|
00704E9A E8A5FBCFFF call 00404A44///经典明码比较
00704E9F 754E jnz 00704EEF
00704EA1 8D55F0 lea edx, [ebp-$10]
* Reference to control Edit1 : TEdit
|
00704EA4 8B8300030000 mov eax, [ebx+$0300]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00704EAA E82DF9D7FF call 004847DC
00704EAF 8B55F0 mov edx, [ebp-$10]
* Possible String Reference to: 'HD'
|
00704EB2 B8384F7000 mov eax, $00704F38
|
00704EB7 E8D89AE3FF call 0053E994
00704EBC 8D55EC lea edx, [ebp-$14]
* Reference to control Edit2 : TEdit
|
00704EBF 8B8304030000 mov eax, [ebx+$0304]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00704EC5 E812F9D7FF call 004847DC
00704ECA 8B55EC mov edx, [ebp-$14]
* Possible String Reference to: 'SN'
|
00704ECD B8444F7000 mov eax, $00704F44
|
00704ED2 E8BD9AE3FF call 0053E994
|
00704ED7 E8D897E3FF call 0053E6B4
* Possible String Reference to: '注册成功'
|
00704EDC B8504F7000 mov eax, $00704F50
|
00704EE1 E87A99E3FF call 0053E860
00704EE6 8BC3 mov eax, ebx
* Reference to: Forms.TCustomForm.Close(TCustomForm);
|
00704EE8 E847D8D9FF call 004A2734
00704EED EB0A jmp 00704EF9
* Possible String Reference to: '失败! 无效的注册码'
|
[Asm] 纯文本查看 复制代码 0053E68E |. E8 31FBFFFF call KDSimple.0053E1C4/////////////////////F7
0053E693 |. 33C0 xor eax,eax ; KDSimple.0053DFD8
0053E695 |. 5A pop edx ; 0012F814
0053E696 |. 59 pop ecx ; 0012F814
0053E697 |. 59 pop ecx ; 0012F814
0053E1C4 /$ 55 push ebp
0053E1C5 |. 8BEC mov ebp,esp
0053E1C7 |. 51 push ecx
0053E1C8 |. 53 push ebx
0053E1C9 |. 8BD9 mov ebx,ecx
0053E1CB |. 8955 FC mov [local.1],edx
0053E1CE |. 8B45 FC mov eax,[local.1]
0053E1D1 |. E8 1269ECFF call KDSimple.00404AE8
0053E1D6 |. 33C0 xor eax,eax ; KDSimple.0053DFD8
0053E1D8 |. 55 push ebp
0053E1D9 |. 68 09E25300 push KDSimple.0053E209
0053E1DE |. 64:FF30 push dword ptr fs:[eax]
0053E1E1 |. 64:8920 mov dword ptr fs:[eax],esp
0053E1E4 |. 8BCB mov ecx,ebx
0053E1E6 |. BA 84030000 mov edx,0x384@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@edx=384
根据上面的表,那么对应四个常量为
0xA3829F1F
0x98A3D22D
0xDF9344AD
0xCEF03842
0053E1EB |. 8B45 FC mov eax,[local.1]
0053E1EE |. E8 210AFCFF call KDSimple.004FEC14//////////////////F7
0053E1F3 |. 33C0 xor eax,eax ; KDSimple.0053DFD8
0053E1F5 |. 5A pop edx ; KDSimple.0053E693
0053E1F6 |. 59 pop ecx ; KDSimple.0053E693
0053E1F7 |. 59 pop ecx ; KDSimple.0053E693
0053E1F8 |. 64:8910 mov dword ptr fs:[eax],edx
0053E1FB |. 68 10E25300 push KDSimple.0053E210
0053E200 |> 8D45 FC lea eax,[local.1]
0053E203 |. E8 2064ECFF call KDSimple.00404628
0053E208 \. C3 retn
004FEC14 /$ 55 push ebp
004FEC15 |. 8BEC mov ebp,esp
004FEC17 |. 83C4 E8 add esp,-0x18
004FEC1A |. 53 push ebx
004FEC1B |. 56 push esi ; KDSimple.0047B2A0
004FEC1C |. 33DB xor ebx,ebx
004FEC1E |. 895D F8 mov [local.2],ebx
004FEC21 |. 8BF1 mov esi,ecx
004FEC23 |. 8BDA mov ebx,edx
004FEC25 |. 8945 FC mov [local.1],eax ;和上面机器码生成的位置一样
004FEC28 |. 8B45 FC mov eax,[local.1] ; (ASCII "C155AF752FEBAAC4E2F36B6D24225A3F")
004FEC2B |. E8 B85EF0FF call KDSimple.00404AE8
004FEC30 |. 33C0 xor eax,eax
004FEC32 |. 55 push ebp
004FEC33 |. 68 7BEC4F00 push KDSimple.004FEC7B
004FEC38 |. 64:FF30 push dword ptr fs:[eax]
004FEC3B |. 64:8920 mov dword ptr fs:[eax],esp
004FEC3E |. 8D4D E8 lea ecx,[local.6]
004FEC41 |. 8BD3 mov edx,ebx
004FEC43 |. 8B45 FC mov eax,[local.1]
004FEC46 |. E8 A5FEFFFF call KDSimple.004FEAF0 ; /////////////这里过程和上面一样。
004FEC4B |. 8D45 E8 lea eax,[local.6]
004FEC4E |. 8D55 F8 lea edx,[local.2]
004FEC51 |. E8 12FFFFFF call KDSimple.004FEB68
004FEC56 |. 8B45 F8 mov eax,[local.2] ; (ASCII "38541151efac4b5c3a60c193d277adb5")
004FEC59 |. 8BD6 mov edx,esi ; KDSimple.0047B2A0
004FEC5B |. E8 F8A8F0FF call KDSimple.00409558
004FEC60 |. 33C0 xor eax,eax
004FEC62 |. 5A pop edx ; KDSimple.0053E1F3
004FEC63 |. 59 pop ecx ; KDSimple.0053E1F3
004FEC64 |. 59 pop ecx ; KDSimple.0053E1F3
004FEC65 |. 64:8910 mov dword ptr fs:[eax],edx
004FEC68 |. 68 82EC4F00 push KDSimple.004FEC82
004FEC6D |> 8D45 F8 lea eax,[local.2]
004FEC70 |. BA 02000000 mov edx,0x2
004FEC75 |. E8 D259F0FF call KDSimple.0040464C
004FEC7A \. C3 retn
注册码保存在文件sn.jp中:
[Option]
HD=C155AF752FEBAAC4E2F36B6D24225A3F
SN=38541151EFAC4B5C3A60C193D277ADB5
删除这个文件又是未注册版了。
|
-
-
免费评分
-
查看全部评分
|
发表于 2016-7-26 21:50
