吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 6752|回复: 13
收起左侧

[原创] 160crackme 92 算法分析汇编注册机源码

[复制链接]
whyida 发表于 2018-1-28 15:40
本帖最后由 whyIDA 于 2018-1-28 15:50 编辑

这个crackme比较有意思,有一定难度但又可逆。练习算法分析恰到好处。
od 载入程序
[Asm] 纯文本查看 复制代码
00401550  /$  8B4424 08     MOV EAX,DWORD PTR SS:[ARG.2]             ; HEX crackme1.00401550(猜 hWnd,Msg,wParam,lParam)
00401554  |.  83EC 40       SUB ESP,40
00401557  |.  83E8 10       SUB EAX,10                               ; 替换 (消息 10..1114 退出)
0040155A  |.  56            PUSH ESI
0040155B  |.  0F84 7C010000 JZ 004016DD
00401561  |.  2D 00010000   SUB EAX,100
00401566  |.  0F84 FA000000 JZ 00401666
0040156C  |.  48            DEC EAX
0040156D  |.  0F85 77010000 JNZ 004016EA
00401573  |.  8B4424 50     MOV EAX,DWORD PTR SS:[ARG.3]             ; 案例 111 (WM_COMMAND) of switch crackme1.401557
00401577  |.  25 FFFF0000   AND EAX,0000FFFF
0040157C  |.  2D EA030000   SUB EAX,3EA                              ; 替换 (事例 3EE..3F83 退出)
00401581  |.  0F84 63010000 JZ 004016EA
00401587  |.  83E8 04       SUB EAX,4
0040158A  |.  0F84 B3000000 JZ 00401643
00401590  |.  83E8 0A       SUB EAX,0A
00401593  |.  0F85 51010000 JNZ 004016EA
00401599  |.  8B7424 48     MOV ESI,DWORD PTR SS:[ARG.1]             ; 案例 3F8 of switch crackme1.40157C
0040159D  |.  8D4424 04     LEA EAX,[LOCAL.15]
004015A1  |.  6A 40         PUSH 40                                  ; /MaxCount = 64.
004015A3  |.  50            PUSH EAX                                 ; |String
004015A4  |.  68 EB030000   PUSH 3EB                                 ; |ItemID = 1003.
004015A9  |.  56            PUSH ESI                                 ; |hDialog
004015AA  |.  FF15 1C614000 CALL DWORD PTR DS:[<&USER32.GetDlgItemTe ; \USER32.GetDlgItemTextA
004015B0  |.  85C0          TEST EAX,EAX
004015B2  |.  0F84 32010000 JZ 004016EA
004015B8  |.  8D4C24 4C     LEA ECX,[ARG.2]
004015BC  |.  8D5424 48     LEA EDX,[ARG.1]
004015C0  |.  51            PUSH ECX
004015C1  |.  52            PUSH EDX
004015C2  |.  8D4424 0C     LEA EAX,[LOCAL.15]
004015C6  |.  68 6C804000   PUSH OFFSET 0040806C                     ; ASCII "%08lX%08lX"
004015CB  |.  50            PUSH EAX
004015CC  |.  E8 1F020000   CALL 004017F0
004015D1  |.  8D4C24 5C     LEA ECX,[ARG.2]
004015D5  |.  8D5424 58     LEA EDX,[ARG.1]
004015D9  |.  51            PUSH ECX                                 ; /Arg3
004015DA  |.  52            PUSH EDX                                 ; |Arg2
004015DB  |.  68 80894000   PUSH OFFSET 00408980                     ; |Arg1 = crackme1.408980
004015E0  |.  E8 EBFAFFFF   CALL 004010D0                            ; \crackme1.004010D0
004015E5  |.  8B4424 64     MOV EAX,DWORD PTR SS:[ARG.1]
004015E9  |.  8B0D F0994000 MOV ECX,DWORD PTR DS:[4099F0]
004015EF  |.  83C4 1C       ADD ESP,1C
004015F2  |.  3BC1          CMP EAX,ECX
004015F4  |.  75 29         JNE SHORT 0040161F
004015F6  |.  8B4C24 4C     MOV ECX,DWORD PTR SS:[ARG.2]
004015FA  |.  A1 EC994000   MOV EAX,DWORD PTR DS:[4099EC]
004015FF  |.  3BC8          CMP ECX,EAX
00401601  |.  75 1C         JNE SHORT 0040161F
00401603  |.  6A 30         PUSH 30                                  ; /Type = MB_OK|MB_ICONEXCLAMATION|MB_DEFBUTTON1|MB_APPLMODAL
00401605  |.  68 F0804000   PUSH OFFSET 004080F0                     ; |Caption = "Success"
0040160A  |.  68 D4804000   PUSH OFFSET 004080D4                     ; |Text = "You have done a good job."
0040160F  |.  56            PUSH ESI                                 ; |hOwner
00401610  |.  FF15 20614000 CALL DWORD PTR DS:[<&USER32.MessageBoxA> ; \USER32.MessageBoxA
00401616  |.  33C0          XOR EAX,EAX
00401618  |.  5E            POP ESI
00401619  |.  83C4 40       ADD ESP,40
0040161C  |.  C2 1000       RETN 10
0040161F  |>  6A 30         PUSH 30                                  ; /Type = MB_ICONEXCLAMATION
00401621  |.  FF15 24614000 CALL DWORD PTR DS:[<&USER32.MessageBeep> ; \USER32.MessageBeep
00401627  |.  6A 10         PUSH 10                                  ; /Type = MB_OK|MB_ICONHAND|MB_DEFBUTTON1|MB_APPLMODAL
00401629  |.  68 CC804000   PUSH OFFSET 004080CC                     ; |Caption = "Failed"
0040162E  |.  68 B0804000   PUSH OFFSET 004080B0                     ; |Text = "Don't give up. Try agagin!"
00401633  |.  56            PUSH ESI                                 ; |hOwner
00401634  |.  FF15 20614000 CALL DWORD PTR DS:[<&USER32.MessageBoxA> ; \USER32.MessageBoxA

关键call  :004015E0  |.  E8 EBFAFFFF   CALL 004010D0  一目了然。内存地址 4099F0,4099EC是能否注册成功的关键。对 4099F0下内存写入断点
中断在这里:
[Asm] 纯文本查看 复制代码
.text:00401230 ; int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
.text:00401230 _WinMain@16     proc near               ; CODE XREF: start+C9↓p
.text:00401230
.text:00401230 phkResult       = dword ptr -18Ch
.text:00401230 cbData          = dword ptr -188h
.text:00401230 ValueName       = byte ptr -184h
.text:00401230 var_180         = dword ptr -180h
.text:00401230 var_17C         = word ptr -17Ch
.text:00401230 var_178         = WNDCLASSEXA ptr -178h
.text:00401230 Msg             = tagMSG ptr -148h
.text:00401230 SubKey          = byte ptr -12Ch
.text:00401230 Data            = byte ptr -100h
.text:00401230 hInstance       = dword ptr  4
.text:00401230 hPrevInstance   = dword ptr  8
.text:00401230 lpCmdLine       = dword ptr  0Ch
.text:00401230 nShowCmd        = dword ptr  10h
.text:00401230
.text:00401230                 sub     esp, 18Ch
.text:00401236                 push    ebx
.text:00401237                 push    esi
.text:00401238                 mov     eax, dword_4080A4
.text:0040123D                 push    edi
.text:0040123E                 mov     ecx, 0Ah
.text:00401243                 mov     esi, offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVe"...
.text:00401248                 lea     edi, [esp+198h+SubKey]
.text:0040124C                 mov     dx, word_4080AC
.text:00401253                 rep movsd
.text:00401255                 mov     ecx, dword_4080A8
.text:0040125B                 mov     dword ptr [esp+198h+ValueName], eax
.text:0040125F                 lea     eax, [esp+198h+phkResult]
.text:00401263                 mov     [esp+198h+var_180], ecx
.text:00401267                 push    eax             ; phkResult
.text:00401268                 xor     ebx, ebx
.text:0040126A                 push    0F003Fh         ; samDesired
.text:0040126F                 lea     ecx, [esp+1A0h+SubKey]
.text:00401273                 push    ebx             ; ulOptions
.text:00401274                 push    ecx             ; lpSubKey
.text:00401275                 push    80000002h       ; hKey
.text:0040127A                 mov     [esp+1ACh+var_17C], dx
.text:0040127F                 movsw
.text:00401281                 call    ds:RegOpenKeyExA
.text:00401287                 mov     esi, ds:lstrlenA
.text:0040128D                 test    eax, eax
.text:0040128F                 jnz     short loc_4012F9
.text:00401291                 lea     edx, [esp+198h+cbData]
.text:00401295                 lea     eax, [esp+198h+Data]
.text:0040129C                 push    edx             ; lpcbData
.text:0040129D                 mov     edx, [esp+19Ch+phkResult]
.text:004012A1                 push    eax             ; lpData
.text:004012A2                 push    ebx             ; lpType
.text:004012A3                 lea     ecx, [esp+1A4h+ValueName]
.text:004012A7                 push    ebx             ; lpReserved
.text:004012A8                 push    ecx             ; lpValueName
.text:004012A9                 push    edx             ; hKey
.text:004012AA                 mov     [esp+1B0h+cbData], 100h
.text:004012B2                 call    ds:RegQueryValueExA
.text:004012B8                 test    eax, eax
.text:004012BA                 jz      short loc_4012CB
.text:004012BC                 lea     eax, [esp+198h+Data]
.text:004012C3                 push    offset String2  ; "94940361391"
.text:004012C8                 push    eax
.text:004012C9                 jmp     short loc_4012E6
.text:004012CB ; ---------------------------------------------------------------------------
.text:004012CB
.text:004012CB loc_4012CB:                             ; CODE XREF: WinMain(x,x,x,x)+8A↑j
.text:004012CB                 lea     ecx, [esp+198h+Data]
.text:004012D2                 push    ecx             ; lpString
.text:004012D3                 call    esi ; lstrlenA
.text:004012D5                 test    eax, eax
.text:004012D7                 jnz     short loc_4012EC
.text:004012D9                 lea     edx, [esp+198h+Data]
.text:004012E0                 push    offset String2  ; "94940361391"
.text:004012E5                 push    edx             ; lpString1
.text:004012E6
.text:004012E6 loc_4012E6:                             ; CODE XREF: WinMain(x,x,x,x)+99↑j
.text:004012E6                 call    ds:lstrcpyA
.text:004012EC
.text:004012EC loc_4012EC:                             ; CODE XREF: WinMain(x,x,x,x)+A7↑j
.text:004012EC                 mov     eax, [esp+198h+phkResult]
.text:004012F0                 push    eax             ; hKey
.text:004012F1                 call    ds:RegCloseKey
.text:004012F7                 jmp     short loc_40130C
.text:004012F9 ; ---------------------------------------------------------------------------
.text:004012F9
.text:004012F9 loc_4012F9:                             ; CODE XREF: WinMain(x,x,x,x)+5F↑j
.text:004012F9                 lea     ecx, [esp+198h+Data]
.text:00401300                 push    offset String2  ; "94940361391"
.text:00401305                 push    ecx             ; lpString1
.text:00401306                 call    ds:lstrcpyA
.text:0040130C
.text:0040130C loc_40130C:                             ; CODE XREF: WinMain(x,x,x,x)+C7↑j
.text:0040130C                 lea     edx, [esp+198h+Data]
.text:00401313                 push    edx             ; lpString
.text:00401314                 call    esi ; lstrlenA
.text:00401316                 push    eax
.text:00401317                 lea     eax, [esp+19Ch+Data]
.text:0040131E                 push    eax
.text:0040131F                 push    offset unk_408980
.text:00401324                 call    sub_401130      ; BlowFish初始化函数
.text:00401329                 push    offset dword_4099EC
.text:0040132E                 push    offset dword_4099F0
.text:00401333                 push    offset unk_408980
.text:00401338                 mov     dword_4099F0, 776F6C62h ; k1
.text:00401342                 mov     dword_4099EC, 68736966h ; k2
.text:0040134C                 call    sub_401070      ; BlowFish加密算法函数
.text:00401351                 mov     ecx, dword_4099EC
.text:00401357                 mov     edx, dword_4099F0
.text:0040135D                 push    ecx
.text:0040135E                 push    edx
.text:0040135F                 push    offset a08lx08lx ; "%08lX%08lX"
.text:00401364                 push    offset byte_4099C8 ; LPSTR
.text:00401369                 call    ds:wsprintfA
.text:0040136F                 mov     edi, [esp+1C0h+hInstance]
.text:00401376                 add     esp, 28h
.text:00401379                 mov     [esp+198h+var_178.cbSize], 30h
.text:00401381                 mov     [esp+198h+var_178.style], 3
.text:00401389                 push    7F00h           ; lpIconName
.text:0040138E                 push    ebx             ; hInstance
.text:0040138F                 mov     [esp+1A0h+var_178.lpfnWndProc], offset sub_4014B0
.text:00401397                 mov     [esp+1A0h+var_178.cbClsExtra], ebx
.text:0040139B                 mov     [esp+1A0h+var_178.cbWndExtra], ebx
.text:0040139F                 mov     [esp+1A0h+var_178.hInstance], edi
.text:004013A3                 call    ds:LoadIconA
.text:004013A9                 push    7F00h           ; lpCursorName
.text:004013AE                 push    ebx             ; hInstance
.text:004013AF                 mov     [esp+1A0h+var_178.hIcon], eax
.text:004013B3                 call    ds:LoadCursorA
.text:004013B9                 push    ebx             ; i
.text:004013BA                 mov     [esp+19Ch+var_178.hCursor], eax
.text:004013BE                 call    ds:GetStockObject
.text:004013C4                 mov     [esp+198h+var_178.lpszMenuName], ebx
.text:004013C8                 mov     [esp+198h+var_178.lpszClassName], offset ClassName ; "Win32APP"
.text:004013D0                 mov     [esp+198h+var_178.hbrBackground], eax
.text:004013D4                 lea     eax, [esp+198h+var_178]
.text:004013D8                 push    eax             ; WNDCLASSEXA *
.text:004013D9                 mov     [esp+19Ch+var_178.hIconSm], ebx
.text:004013DD                 call    ds:RegisterClassExA
.text:004013E3                 push    ebx             ; lpParam
.text:004013E4                 push    edi             ; hInstance
.text:004013E5                 push    ebx             ; hMenu
.text:004013E6                 push    ebx             ; hWndParent
.text:004013E7                 push    80000000h       ; nHeight
.text:004013EC                 push    80000000h       ; nWidth
.text:004013F1                 push    80000000h       ; Y
.text:004013F6                 push    80000000h       ; X
.text:004013FB                 push    0CF0000h        ; dwStyle
.text:00401400                 push    offset WindowName ; "Win32APP"
.text:00401405                 push    offset ClassName ; "Win32APP"
.text:0040140A                 push    ebx             ; dwExStyle
.text:0040140B                 call    ds:CreateWindowExA
.text:00401411                 push    6               ; nCmdShow
.text:00401413                 push    eax             ; hWnd
.text:00401414                 mov     hWnd, eax
.text:00401419                 call    ds:ShowWindow
.text:0040141F                 mov     ecx, hWnd
.text:00401425                 push    ecx             ; hWnd
.text:00401426                 call    ds:UpdateWindow
.text:0040142C                 push    offset String   ; "ChinaCrackingGroup"
.text:00401431                 call    esi ; lstrlenA
.text:00401433                 push    eax
.text:00401434                 push    offset String   ; "ChinaCrackingGroup"
.text:00401439                 push    offset unk_408980
.text:0040143E                 call    sub_401130
.text:00401443                 mov     esi, ds:GetMessageA
.text:00401449                 add     esp, 0Ch
.text:0040144C                 lea     edx, [esp+198h+Msg]
.text:00401450                 push    ebx             ; wMsgFilterMax
.text:00401451                 push    ebx             ; wMsgFilterMin
.text:00401452                 push    ebx             ; hWnd
.text:00401453                 push    edx             ; lpMsg
.text:00401454                 call    esi ; GetMessageA
.text:00401456                 test    eax, eax
.text:00401458                 jz      short loc_401494
.text:0040145A                 mov     edi, ds:TranslateMessage
.text:00401460                 push    ebp
.text:00401461                 mov     ebp, ds:DispatchMessageA
.text:00401467
.text:00401467 loc_401467:                             ; CODE XREF: WinMain(x,x,x,x)+251↓j
.text:00401467                 lea     eax, [esp+19Ch+Msg]
.text:0040146B                 push    eax             ; lpMsg
.text:0040146C                 call    edi ; TranslateMessage
.text:0040146E                 lea     ecx, [esp+19Ch+Msg]
.text:00401472                 push    ecx             ; lpMsg
.text:00401473                 call    ebp ; DispatchMessageA
.text:00401475                 push    ebx             ; wMsgFilterMax
.text:00401476                 push    ebx             ; wMsgFilterMin
.text:00401477                 lea     edx, [esp+1A4h+Msg]
.text:0040147B                 push    ebx             ; hWnd
.text:0040147C                 push    edx             ; lpMsg
.text:0040147D                 call    esi ; GetMessageA
.text:0040147F                 test    eax, eax
.text:00401481                 jnz     short loc_401467
.text:00401483                 mov     eax, [esp+19Ch+Msg.wParam]
.text:00401487                 pop     ebp
.text:00401488                 pop     edi
.text:00401489                 pop     esi
.text:0040148A                 pop     ebx
.text:0040148B                 add     esp, 18Ch
.text:00401491                 retn    10h

调试几次就明白这段代码的意思。取系统版本ID,如果得不到则用 "94940361391"代替。
401130(算法初始化)->401070(加密)->401000(s盒变换)->401070(加密)->401000(s盒变换)形成密文S1.
得到注册码->4010D0->401000  形成密文S2.
[Asm] 纯文本查看 复制代码
.text:004010D0 sub_4010D0      proc near               ; CODE XREF: DialogFunc+90↓p
.text:004010D0
.text:004010D0 arg_0           = dword ptr  4
.text:004010D0 arg_4           = dword ptr  8
.text:004010D0 arg_8           = dword ptr  0Ch
.text:004010D0
.text:004010D0                 mov     eax, [esp+arg_4]
.text:004010D4                 mov     ecx, [esp+arg_8]
.text:004010D8                 push    ebx
.text:004010D9                 push    ebp
.text:004010DA                 mov     eax, [eax]
.text:004010DC                 push    esi
.text:004010DD                 mov     esi, [ecx]
.text:004010DF                 push    edi
.text:004010E0                 mov     edi, [esp+10h+arg_0]
.text:004010E4                 mov     [esp+10h+arg_0], 10h
.text:004010EC                 lea     ebx, [edi+44h]
.text:004010EF
.text:004010EF loc_4010EF:                             ; CODE XREF: sub_4010D0+3D↓j
.text:004010EF                 xor     eax, [ebx]
.text:004010F1                 push    eax
.text:004010F2                 push    edi
.text:004010F3                 mov     ebp, eax
.text:004010F5                 call    sub_401000
.text:004010FA                 mov     ecx, [esp+18h+arg_0]
.text:004010FE                 add     esp, 8
.text:00401101                 xor     eax, esi
.text:00401103                 sub     ebx, 4
.text:00401106                 dec     ecx
.text:00401107                 mov     esi, ebp
.text:00401109                 mov     [esp+10h+arg_0], ecx
.text:0040110D                 jnz     short loc_4010EF
.text:0040110F                 mov     ecx, [edi+4]
.text:00401112                 mov     edx, [edi]
.text:00401114                 xor     ecx, eax
.text:00401116                 mov     eax, [esp+10h+arg_4]
.text:0040111A                 xor     edx, esi
.text:0040111C                 pop     edi
.text:0040111D                 mov     [eax], edx
.text:0040111F                 mov     edx, [esp+0Ch+arg_8]
.text:00401123                 pop     esi
.text:00401124                 pop     ebp
.text:00401125                 mov     [edx], ecx
.text:00401127                 pop     ebx
.text:00401128                 retn
.text:00401128 sub_4010D0      endp


上面的代码形成密文S2,s1=s2  则注册成功。
算法流程就是这样。解密基本就是对加密过程的逆序。其中的s盒,p盒可以在网上找,也可以从内存中扣数据。
下面是fasm 汇编注册机代码。
[Asm] 纯文本查看 复制代码
; DialogBox example
;fasm 1.73  测试通过
format PE GUI 4.0
entry start

include 'win32a.inc'

ID_CAPTION         = 101
ID_MESSAGE         = 102
ID_ICONERROR       = 201
ID_ICONINFORMATION = 202
ID_ICONQUESTION    = 203
ID_ICONWARNING     = 204
ID_TOPMOST         = 301

section '.text' code readable executable

  start:

        invoke  GetModuleHandle,0
        invoke  DialogBoxParam,eax,37,HWND_DESKTOP,DialogProc,0
        or      eax,eax
        jz      exit
        ;invoke  MessageBox,HWND_DESKTOP,message,caption,[flags]
        ;invoke  SetDlgItemText,HWND_DESKTOP,ID_MESSAGE,message,[flags]
  exit:
        invoke  ExitProcess,0
;##############################################################s盒变换函数
;s盒变换函数
proc BlowFish_Fun  BfNum

push ebx edi esi edx ecx
MOV ECX,[BfNum]
MOV AL,CL 
AND EAX,0FFh 
SHR ECX,08 
MOV EDX,EAX 
MOV AL,CL 
MOV EDI,key
AND EAX,0FFh 
SHR ECX,08 
MOV ESI,EAX 
MOV EAX,ECX 
SHR EAX,08 
AND EAX,0FFh 
AND ECX,0FFh 
AND ESI,0FFFFh 
AND EDX,0FFFFh 
MOV EAX,[EDI+EAX*4+48h] 
MOV EBX,[EDI+ECX*4+0448h] 
MOV ECX,[EDI+ESI*4+0848h] 
ADD EAX,EBX 
XOR EAX,ECX 
MOV ECX,[EDI+EDX*4+0C48h] 
ADD EAX,ECX


;popad
pop  ecx edx esi edi ebx
leave
RET
endp
;############################################################
;BlowFish加密算法函数 
proc BlowFish_En highbf,lowbf
local num :DWORD
push ebx edi esi edx ecx
;pushad
MOV EAX,[highbf]
MOV ECX,[lowbf]
MOV EAX,[EAX] 
MOV ESI,[ECX] 
MOV EDI, key
MOV [num],10h
MOV EBX,EDI 
loc_40108E: 
XOR EAX,[EBX] 
MOV EDX,EAX
push EAX
call BlowFish_Fun
;invoke  [BlowFish_Fun],eax
;stdcall   BlowFish_Fun,eax
add esp,4
MOV ECX,[num]
XOR EAX,ESI 
ADD EBX,4 
DEC ECX 
MOV ESI,EDX 
MOV [num],ECX
JNZ loc_40108E

MOV ECX,[EDI+40h] 
MOV EDX,[EDI+44h] 
XOR ECX,EAX 
XOR EDX,ESI

MOV [BFHIGH],EDX 
MOV [BFLOW],ECX
;popad
pop ecx edx esi edi ebx
leave
RET
endp
;################################################################################
;BlowFish初始化函数 
proc BlowFish_Init  PWD,len_PWD
local pbox_num18 :DWORD
local pbox_num4  :DWORD
local snum       :DWORD
;初始化s盒
        push ebx edi esi edx ecx
        ;pushad
        MOV ESI,key
        MOV EAX, sbox1
        LEA ECX,[ESI+48h]
        loc_401141:
        MOV EDX,0100h
        loc_401146:
        MOV EDI,[EAX]
        ADD EAX,4
        MOV [ECX],EDI
        ADD ECX,4
        DEC EDX
        JNZ loc_401146
        CMP EAX,sbox1+1000h
        JL loc_401141

        ;初始化p盒
        ;第一步:原p盒与PWD逐项异或

        MOV EDX,[PWD]
        MOV EDI, pbox
        XOR EAX,EAX
        SUB EDI,ESI
        MOV [pbox_num18],12h
        loc_401173:
        XOR ECX,ECX
        MOV [pbox_num4],04
        loc_40117D:
        XOR EBX,EBX
        MOV BL,[EAX+EDX]
        SHL ECX,08
        OR ECX,EBX
        INC EAX
        CMP EAX,[len_PWD]
        JL loc_40118E
        XOR EAX,EAX
        loc_40118E:
        MOV EBX,[pbox_num4]
        DEC EBX
        MOV [pbox_num4],EBX
        JNZ loc_40117D
        MOV EBX,[EDI+ESI]
        ADD ESI,4
        XOR EBX,ECX
        MOV ECX,[pbox_num18]
        MOV [ESI-04],EBX
        DEC ECX
        MOV [pbox_num18],ECX
        JNZ loc_401173

        ;用连续的blowfish算法填充p盒
        MOV EBX, key
        XOR EAX,EAX
        MOV [BFLOW],EAX
        MOV [BFHIGH],EAX
        MOV ESI,EBX
        MOV EDI,09
        loc_4011C4:
        LEA EAX,[BFLOW]
        LEA ECX,[BFHIGH]
        push eax
        push ecx
        call BlowFish_En
        MOV EAX,[BFHIGH]
        MOV ECX,[BFLOW]
        MOV [ESI],EAX
        MOV [ESI+04],ECX
        ADD ESI,8
        DEC EDI
        JNZ loc_4011C4

        ;用连续的blowfish算法填充s盒
        LEA ESI,[EBX+4Ch]
        MOV [snum],04 ;4个s盒。
        loc_4011F2:
        MOV EDI,80H ;每个盒填充80h=128次(每次填充两个数)。
        loc_4011F7:
        LEA ECX,[BFLOW]
        LEA EDX,[BFHIGH]
        push ecx
        push edx
        call BlowFish_En
        MOV ECX,[BFHIGH]
        MOV EDX,[BFLOW]
        MOV [ESI-04],ECX
        MOV [ESI],EDX
        ADD ESI,8
        DEC EDI
        JNZ loc_4011F7
        DEC [snum]
        JNZ loc_4011F2
        ;popad
        pop ecx edx esi edi ebx
        leave
        RET
endp
;###########################################################################
proc getreg hwnddlg
      ; pushad
      ; 算法开始
      ;
        push ebx edi esi edx ecx
        invoke  GetDlgItemText,[hwnddlg],ID_CAPTION,szID,11h
        xor ebx,ebx
        xor eax,eax
        mov esi, szID
        mov ecx,8
        @@33:
        or ebx,eax
        xor eax,eax
        lodsb
        cmp eax,39h
        jle @@3
        sub eax,7
        @@3:
        sub eax,30h

        shl ebx,4
        loop @@33
        or ebx,eax
        mov [MYBFHIGH],ebx



        mov esi,szID+8
        mov ecx,8
        xor eax,eax
        xor ebx,ebx
        @@44:
        or ebx,eax
        lodsb
        cmp eax,39h
        jle @@4
        sub eax,7
        @@4:
        sub eax,30h
        shl ebx,4
        loop @@44
        or ebx,eax
        mov [MYBFLOW],ebx
;………………………………………………………………………………………………………… 
;如果你直接用ComputerID产生序列号,这里后面的所有语句你都应将其激活 
; invoke BlowFish_Init,offset PW_1,23 
; invoke BlowFish_En,offset data1_p,offset data1_p+4 
; MOV EAX,BFHIGH 
; ;MOV MYBFHIGH,EAX 
; MOV EAX,BFLOW 
; MOV MYBFLOW,EAX
     ; push 12h
     ; push PW_2
     ; call BlowFish_Init
      stdcall  BlowFish_Init,PW_2,12h
;invoke  BlowFish_Init,PW_2,18h
     ; push   MYBFLOW
     ; push    MYBFHIGH
     ; call BlowFish_En
      stdcall BlowFish_En, MYBFHIGH , MYBFLOW
      MOV EAX,[BFHIGH]
      MOV [MYBFHIGH],EAX
      MOV EAX,[BFLOW]
      MOV [MYBFLOW],EAX
      ;push  0Eh
      ;push   PW_3
      ;call BlowFish_Init
      stdcall  BlowFish_Init,PW_3,0Eh
      ;push   MYBFLOW
      ;push   MYBFHIGH
      ;call BlowFish_En
      stdcall BlowFish_En,MYBFHIGH,MYBFLOW
      mov ebx,[BFHIGH]
      mov eax,ebx
      mov edi,szText
      mov ecx,8
 @@12:
      mov eax,ebx
      shl ebx,4
      shr eax,1Ch
      cmp eax,9
      jle @@11
      add eax,7
@@11: add eax,30h
      and eax,0ffh
      stosb
loop @@12

        mov ebx,[BFLOW]
        mov eax,ebx
        mov edi,szText+8
        mov ecx,8
@@22: 
        mov eax,ebx
        shl ebx,4
        shr eax,1Ch
        cmp eax,9
        jle @@21
        add eax,7
@@21:
        add eax,30h
        and eax,0ffh
        stosb
        loop @@22

        xor eax,eax
        mov [edi],eax
        invoke SetDlgItemText,[hwnddlg],ID_MESSAGE, szText
        mov eax,FALSE
        ;popad
        pop ecx edx esi edi ebx
        ;leave
        ret
endp
;…
proc DialogProc hwnddlg,msg,wparam,lparam
        push    ebx esi edi
        cmp     [msg],WM_INITDIALOG
        je      .wminitdialog
        cmp     [msg],WM_COMMAND
        je      .wmcommand
        cmp     [msg],WM_CLOSE
        je      .wmclose
        xor     eax,eax
        jmp     .finish
  .wminitdialog:
        invoke  CheckRadioButton,[hwnddlg],ID_ICONERROR,ID_ICONWARNING,ID_ICONINFORMATION
        jmp     .processed
  .wmcommand:
        cmp     [wparam],BN_CLICKED shl 16 + IDCANCEL
        je      .wmclose
        cmp     [wparam],BN_CLICKED shl 16 + IDOK
        jne     .processed
        ;###########################################################################################ueserID
        ;invoke  GetDlgItemText,[hwnddlg],ID_CAPTION,szID,40h
        push     [hwnddlg]
        call    getreg
        jmp     .processed
;invoke SetDlgItemText,hWnd,Edit2,offset szText
;#############################################################################
        invoke  GetDlgItemText,[hwnddlg],ID_MESSAGE,message,100h
        mov     [flags],MB_OK
        invoke  IsDlgButtonChecked,[hwnddlg],ID_ICONERROR
        cmp     eax,BST_CHECKED
        jne     .iconerror_ok
        or      [flags],MB_ICONERROR
      .iconerror_ok:
        invoke  IsDlgButtonChecked,[hwnddlg],ID_ICONINFORMATION
        cmp     eax,BST_CHECKED
        jne     .iconinformation_ok
        or      [flags],MB_ICONINFORMATION
      .iconinformation_ok:
        invoke  IsDlgButtonChecked,[hwnddlg],ID_ICONQUESTION
        cmp     eax,BST_CHECKED
        jne     .iconquestion_ok
        or      [flags],MB_ICONQUESTION
      .iconquestion_ok:
        invoke  IsDlgButtonChecked,[hwnddlg],ID_ICONWARNING
        cmp     eax,BST_CHECKED
        jne     .iconwarning_ok
        or      [flags],MB_ICONWARNING
      .iconwarning_ok:
        invoke  IsDlgButtonChecked,[hwnddlg],ID_TOPMOST
        cmp     eax,BST_CHECKED
        jne     .topmost_ok
        or      [flags],MB_TOPMOST
      .topmost_ok:
        invoke  EndDialog,[hwnddlg],1
        jmp     .processed
  .wmclose:
        invoke  EndDialog,[hwnddlg],0
  .processed:
        mov     eax,1
  .finish:
        pop     edi esi ebx
        ret
endp

section '.bss' readable writeable

  flags dd ?
  caption rb 40h
  message rb 100h
  PW_2 db "ChinaCrackingGroup"
  PW_3 db "CrackingForFun"
  szID db 20 dup(0)
  szText db 9 dup(0)

  data1_p dd 0776f6c62h, 068736966h
  key dd 1058 dup (0)
  BFLOW dd 0

  BFHIGH dd 0
  MYBFLOW DD 0
  MYBFHIGH DD 0

pbox dd 0243f6a88h, 085a308d3h, 013198a2eh, 003707344h, 0a4093822h, 0299f31d0h 
dd 0082efa98h, 0ec4e6c89h, 0452821e6h, 038d01377h, 0be5466cfh, 034e90c6ch 
dd 0c0ac29b7h, 0c97c50ddh, 03f84d5b5h, 0b5470917h, 09216d5d9h, 08979fb1bh


sbox1 dd 0d1310ba6h, 098dfb5ach, 02ffd72dbh, 0d01adfb7h, 0b8e1afedh, 06a267e96h 
dd 0ba7c9045h, 0f12c7f99h, 024a19947h, 0b3916cf7h, 00801f2e2h, 0858efc16h 
dd 0636920d8h, 071574e69h, 0a458fea3h, 0f4933d7eh, 00d95748fh, 0728eb658h 
dd 0718bcd58h, 082154aeeh, 07b54a41dh, 0c25a59b5h, 09c30d539h, 02af26013h 
dd 0c5d1b023h, 0286085f0h, 0ca417918h, 0b8db38efh, 08e79dcb0h, 0603a180eh 
dd 06c9e0e8bh, 0b01e8a3eh, 0d71577c1h, 0bd314b27h, 078af2fdah, 055605c60h 
dd 0e65525f3h, 0aa55ab94h, 057489862h, 063e81440h, 055ca396ah, 02aab10b6h 
dd 0b4cc5c34h, 01141e8ceh, 0a15486afh, 07c72e993h, 0b3ee1411h, 0636fbc2ah 
dd 02ba9c55dh, 0741831f6h, 0ce5c3e16h, 09b87931eh, 0afd6ba33h, 06c24cf5ch 
dd 07a325381h, 028958677h, 03b8f4898h, 06b4bb9afh, 0c4bfe81bh, 066282193h 
dd 061d809cch, 0fb21a991h, 0487cac60h, 05dec8032h, 0ef845d5dh, 0e98575b1h 
dd 0dc262302h, 0eb651b88h, 023893e81h, 0d396acc5h, 00f6d6ff3h, 083f44239h 
dd 02e0b4482h, 0a4842004h, 069c8f04ah, 09e1f9b5eh, 021c66842h, 0f6e96c9ah 
dd 0670c9c61h, 0abd388f0h, 06a51a0d2h, 0d8542f68h, 0960fa728h, 0ab5133a3h 
dd 06eef0b6ch, 0137a3be4h, 0ba3bf050h, 07efb2a98h, 0a1f1651dh, 039af0176h 
dd 066ca593eh, 082430e88h, 08cee8619h, 0456f9fb4h, 07d84a5c3h, 03b8b5ebeh 
dd 0e06f75d8h, 085c12073h, 0401a449fh, 056c16aa6h, 04ed3aa62h, 0363f7706h 
dd 01bfedf72h, 0429b023dh, 037d0d724h, 0d00a1248h, 0db0fead3h, 049f1c09bh 
dd 0075372c9h, 080991b7bh, 025d479d8h, 0f6e8def7h, 0e3fe501ah, 0b6794c3bh 
dd 0976ce0bdh, 004c006bah, 0c1a94fb6h, 0409f60c4h, 05e5c9ec2h, 0196a2463h 
dd 068fb6fafh, 03e6c53b5h, 01339b2ebh, 03b52ec6fh, 06dfc511fh, 09b30952ch 
dd 0cc814544h, 0af5ebd09h, 0bee3d004h, 0de334afdh, 0660f2807h, 0192e4bb3h 
dd 0c0cba857h, 045c8740fh, 0d20b5f39h, 0b9d3fbdbh, 05579c0bdh, 01a60320ah 
dd 0d6a100c6h, 0402c7279h, 0679f25feh, 0fb1fa3cch, 08ea5e9f8h, 0db3222f8h 
dd 03c7516dfh, 0fd616b15h, 02f501ec8h, 0ad0552abh, 0323db5fah, 0fd238760h 
dd 053317b48h, 03e00df82h, 09e5c57bbh, 0ca6f8ca0h, 01a87562eh, 0df1769dbh 
dd 0d542a8f6h, 0287effc3h, 0ac6732c6h, 08c4f5573h, 0695b27b0h, 0bbca58c8h 
dd 0e1ffa35dh, 0b8f011a0h, 010fa3d98h, 0fd2183b8h, 04afcb56ch, 02dd1d35bh 
dd 09a53e479h, 0b6f84565h, 0d28e49bch, 04bfb9790h, 0e1ddf2dah, 0a4cb7e33h 
dd 062fb1341h, 0cee4c6e8h, 0ef20cadah, 036774c01h, 0d07e9efeh, 02bf11fb4h 
dd 095dbda4dh, 0ae909198h, 0eaad8e71h, 06b93d5a0h, 0d08ed1d0h, 0afc725e0h 
dd 08e3c5b2fh, 08e7594b7h, 08ff6e2fbh, 0f2122b64h, 08888b812h, 0900df01ch 
dd 04fad5ea0h, 0688fc31ch, 0d1cff191h, 0b3a8c1adh, 02f2f2218h, 0be0e1777h 
dd 0ea752dfeh, 08b021fa1h, 0e5a0cc0fh, 0b56f74e8h, 018acf3d6h, 0ce89e299h 
dd 0b4a84fe0h, 0fd13e0b7h, 07cc43b81h, 0d2ada8d9h, 0165fa266h, 080957705h 
dd 093cc7314h, 0211a1477h, 0e6ad2065h, 077b5fa86h, 0c75442f5h, 0fb9d35cfh 
dd 0ebcdaf0ch, 07b3e89a0h, 0d6411bd3h, 0ae1e7e49h, 000250e2dh, 02071b35eh 
dd 0226800bbh, 057b8e0afh, 02464369bh, 0f009b91eh, 05563911dh, 059dfa6aah 
dd 078c14389h, 0d95a537fh, 0207d5ba2h, 002e5b9c5h, 083260376h, 06295cfa9h 
dd 011c81968h, 04e734a41h, 0b3472dcah, 07b14a94ah, 01b510052h, 09a532915h 
dd 0d60f573fh, 0bc9bc6e4h, 02b60a476h, 081e67400h, 008ba6fb5h, 0571be91fh 
dd 0f296ec6bh, 02a0dd915h, 0b6636521h, 0e7b9f9b6h, 0ff34052eh, 0c5855664h 
dd 053b02d5dh, 0a99f8fa1h, 008ba4799h, 06e85076ah

sbox2 dd 04b7a70e9h, 0b5b32944h 
dd 0db75092eh, 0c4192623h, 0ad6ea6b0h, 049a7df7dh, 09cee60b8h, 08fedb266h 
dd 0ecaa8c71h, 0699a17ffh, 05664526ch, 0c2b19ee1h, 0193602a5h, 075094c29h 
dd 0a0591340h, 0e4183a3eh, 03f54989ah, 05b429d65h, 06b8fe4d6h, 099f73fd6h 
dd 0a1d29c07h, 0efe830f5h, 04d2d38e6h, 0f0255dc1h, 04cdd2086h, 08470eb26h 
dd 06382e9c6h, 0021ecc5eh, 009686b3fh, 03ebaefc9h, 03c971814h, 06b6a70a1h 
dd 0687f3584h, 052a0e286h, 0b79c5305h, 0aa500737h, 03e07841ch, 07fdeae5ch 
dd 08e7d44ech, 05716f2b8h, 0b03ada37h, 0f0500c0dh, 0f01c1f04h, 00200b3ffh 
dd 0ae0cf51ah, 03cb574b2h, 025837a58h, 0dc0921bdh, 0d19113f9h, 07ca92ff6h 
dd 094324773h, 022f54701h, 03ae5e581h, 037c2dadch, 0c8b57634h, 09af3dda7h 
dd 0a9446146h, 00fd0030eh, 0ecc8c73eh, 0a4751e41h, 0e238cd99h, 03bea0e2fh 
dd 03280bba1h, 0183eb331h, 04e548b38h, 04f6db908h, 06f420d03h, 0f60a04bfh 
dd 02cb81290h, 024977c79h, 05679b072h, 0bcaf89afh, 0de9a771fh, 0d9930810h 
dd 0b38bae12h, 0dccf3f2eh, 05512721fh, 02e6b7124h, 0501adde6h, 09f84cd87h 
dd 07a584718h, 07408da17h, 0bc9f9abch, 0e94b7d8ch, 0ec7aec3ah, 0db851dfah 
dd 063094366h, 0c464c3d2h, 0ef1c1847h, 03215d908h, 0dd433b37h, 024c2ba16h 
dd 012a14d43h, 02a65c451h, 050940002h, 0133ae4ddh, 071dff89eh, 010314e55h 
dd 081ac77d6h, 05f11199bh, 0043556f1h, 0d7a3c76bh, 03c11183bh, 05924a509h 
dd 0f28fe6edh, 097f1fbfah, 09ebabf2ch, 01e153c6eh, 086e34570h, 0eae96fb1h 
dd 0860e5e0ah, 05a3e2ab3h, 0771fe71ch, 04e3d06fah, 02965dcb9h, 099e71d0fh 
dd 0803e89d6h, 05266c825h, 02e4cc978h, 09c10b36ah, 0c6150ebah, 094e2ea78h 
dd 0a5fc3c53h, 01e0a2df4h, 0f2f74ea7h, 0361d2b3dh, 01939260fh, 019c27960h 
dd 05223a708h, 0f71312b6h, 0ebadfe6eh, 0eac31f66h, 0e3bc4595h, 0a67bc883h 
dd 0b17f37d1h, 0018cff28h, 0c332ddefh, 0be6c5aa5h, 065582185h, 068ab9802h 
dd 0eecea50fh, 0db2f953bh, 02aef7dadh, 05b6e2f84h, 01521b628h, 029076170h 
dd 0ecdd4775h, 0619f1510h, 013cca830h, 0eb61bd96h, 00334fe1eh, 0aa0363cfh 
dd 0b5735c90h, 04c70a239h, 0d59e9e0bh, 0cbaade14h, 0eecc86bch, 060622ca7h 
dd 09cab5cabh, 0b2f3846eh, 0648b1eafh, 019bdf0cah, 0a02369b9h, 0655abb50h 
dd 040685a32h, 03c2ab4b3h, 0319ee9d5h, 0c021b8f7h, 09b540b19h, 0875fa099h 
dd 095f7997eh, 0623d7da8h, 0f837889ah, 097e32d77h, 011ed935fh, 016681281h 
dd 00e358829h, 0c7e61fd6h, 096dedfa1h, 07858ba99h, 057f584a5h, 01b227263h 
dd 09b83c3ffh, 01ac24696h, 0cdb30aebh, 0532e3054h, 08fd948e4h, 06dbc3128h 
dd 058ebf2efh, 034c6ffeah, 0fe28ed61h, 0ee7c3c73h, 05d4a14d9h, 0e864b7e3h 
dd 042105d14h, 0203e13e0h, 045eee2b6h, 0a3aaabeah, 0db6c4f15h, 0facb4fd0h 
dd 0c742f442h, 0ef6abbb5h, 0654f3b1dh, 041cd2105h, 0d81e799eh, 086854dc7h 
dd 0e44b476ah, 03d816250h, 0cf62a1f2h, 05b8d2646h, 0fc8883a0h, 0c1c7b6a3h 
dd 07f1524c3h, 069cb7492h, 047848a0bh, 05692b285h, 0095bbf00h, 0ad19489dh 
dd 01462b174h, 023820e00h, 058428d2ah, 00c55f5eah, 01dadf43eh, 0233f7061h 
dd 03372f092h, 08d937e41h, 0d65fecf1h, 06c223bdbh, 07cde3759h, 0cbee7460h 
dd 04085f2a7h, 0ce77326eh, 0a6078084h, 019f8509eh, 0e8efd855h, 061d99735h 
dd 0a969a7aah, 0c50c06c2h, 05a04abfch, 0800bcadch, 09e447a2eh, 0c3453484h 
dd 0fdd56705h, 00e1e9ec9h, 0db73dbd3h, 0105588cdh, 0675fda79h, 0e3674340h 
dd 0c5c43465h, 0713e38d8h, 03d28f89eh, 0f16dff20h, 0153e21e7h, 08fb03d4ah 
dd 0e6e39f2bh, 0db83adf7h

sbox3 dd 0e93d5a68h, 0948140f7h, 0f64c261ch, 094692934h 
dd 0411520f7h, 07602d4f7h, 0bcf46b2eh, 0d4a20068h, 0d4082471h, 03320f46ah 
dd 043b7d4b7h, 0500061afh, 01e39f62eh, 097244546h, 014214f74h, 0bf8b8840h 
dd 04d95fc1dh, 096b591afh, 070f4ddd3h, 066a02f45h, 0bfbc09ech, 003bd9785h 
dd 07fac6dd0h, 031cb8504h, 096eb27b3h, 055fd3941h, 0da2547e6h, 0abca0a9ah 
dd 028507825h, 0530429f4h, 00a2c86dah, 0e9b66dfbh, 068dc1462h, 0d7486900h 
dd 0680ec0a4h, 027a18deeh, 04f3ffea2h, 0e887ad8ch, 0b58ce006h, 07af4d6b6h 
dd 0aace1e7ch, 0d3375fech, 0ce78a399h, 0406b2a42h, 020fe9e35h, 0d9f385b9h 
dd 0ee39d7abh, 03b124e8bh, 01dc9faf7h, 04b6d1856h, 026a36631h, 0eae397b2h 
dd 03a6efa74h, 0dd5b4332h, 06841e7f7h, 0ca7820fbh, 0fb0af54eh, 0d8feb397h 
dd 0454056ach, 0ba489527h, 055533a3ah, 020838d87h, 0fe6ba9b7h, 0d096954bh 
dd 055a867bch, 0a1159a58h, 0cca92963h, 099e1db33h, 0a62a4a56h, 03f3125f9h 
dd 05ef47e1ch, 09029317ch, 0fdf8e802h, 004272f70h, 080bb155ch, 005282ce3h 
dd 095c11548h, 0e4c66d22h, 048c1133fh, 0c70f86dch, 007f9c9eeh, 041041f0fh 
dd 0404779a4h, 05d886e17h, 0325f51ebh, 0d59bc0d1h, 0f2bcc18fh, 041113564h 
dd 0257b7834h, 0602a9c60h, 0dff8e8a3h, 01f636c1bh, 00e12b4c2h, 002e1329eh 
dd 0af664fd1h, 0cad18115h, 06b2395e0h, 0333e92e1h, 03b240b62h, 0eebeb922h 
dd 085b2a20eh, 0e6ba0d99h, 0de720c8ch, 02da2f728h, 0d0127845h, 095b794fdh 
dd 0647d0862h, 0e7ccf5f0h, 05449a36fh, 0877d48fah, 0c39dfd27h, 0f33e8d1eh 
dd 00a476341h, 0992eff74h, 03a6f6eabh, 0f4f8fd37h, 0a812dc60h, 0a1ebddf8h 
dd 0991be14ch, 0db6e6b0dh, 0c67b5510h, 06d672c37h, 02765d43bh, 0dcd0e804h 
dd 0f1290dc7h, 0cc00ffa3h, 0b5390f92h, 0690fed0bh, 0667b9ffbh, 0cedb7d9ch 
dd 0a091cf0bh, 0d9155ea3h, 0bb132f88h, 0515bad24h, 07b9479bfh, 0763bd6ebh 
dd 037392eb3h, 0cc115979h, 08026e297h, 0f42e312dh, 06842ada7h, 0c66a2b3bh 
dd 012754ccch, 0782ef11ch, 06a124237h, 0b79251e7h, 006a1bbe6h, 04bfb6350h 
dd 01a6b1018h, 011caedfah, 03d25bdd8h, 0e2e1c3c9h, 044421659h, 00a121386h 
dd 0d90cec6eh, 0d5abea2ah, 064af674eh, 0da86a85fh, 0bebfe988h, 064e4c3feh 
dd 09dbc8057h, 0f0f7c086h, 060787bf8h, 06003604dh, 0d1fd8346h, 0f6381fb0h 
dd 07745ae04h, 0d736fccch, 083426b33h, 0f01eab71h, 0b0804187h, 03c005e5fh 
dd 077a057beh, 0bde8ae24h, 055464299h, 0bf582e61h, 04e58f48fh, 0f2ddfda2h 
dd 0f474ef38h, 08789bdc2h, 05366f9c3h, 0c8b38e74h, 0b475f255h, 046fcd9b9h 
dd 07aeb2661h, 08b1ddf84h, 0846a0e79h, 0915f95e2h, 0466e598eh, 020b45770h 
dd 08cd55591h, 0c902de4ch, 0b90bace1h, 0bb8205d0h, 011a86248h, 07574a99eh 
dd 0b77f19b6h, 0e0a9dc09h, 0662d09a1h, 0c4324633h, 0e85a1f02h, 009f0be8ch 
dd 04a99a025h, 01d6efe10h, 01ab93d1dh, 00ba5a4dfh, 0a186f20fh, 02868f169h 
dd 0dcb7da83h, 0573906feh, 0a1e2ce9bh, 04fcd7f52h, 050115e01h, 0a70683fah 
dd 0a002b5c4h, 00de6d027h, 09af88c27h, 0773f8641h, 0c3604c06h, 061a806b5h 
dd 0f0177a28h, 0c0f586e0h, 0006058aah, 030dc7d62h, 011e69ed7h, 02338ea63h 
dd 053c2dd94h, 0c2c21634h, 0bbcbee56h, 090bcb6deh, 0ebfc7da1h, 0ce591d76h 
dd 06f05e409h, 04b7c0188h, 039720a3dh, 07c927c24h, 086e3725fh, 0724d9db9h 
dd 01ac15bb4h, 0d39eb8fch, 0ed545578h, 008fca5b5h, 0d83d7cd3h, 04dad0fc4h 
dd 01e50ef5eh, 0b161e6f8h, 0a28514d9h, 06c51133ch, 06fd5c7e7h, 056e14ec4h 
dd 0362abfceh, 0ddc6c837h, 0d79a3234h, 092638212h, 0670efa8eh, 0406000e0h

sbox4 dd 03a39ce37h, 0d3faf5cfh, 0abc27737h, 05ac52d1bh, 05cb0679eh, 04fa33742h 
dd 0d3822740h, 099bc9bbeh, 0d5118e9dh, 0bf0f7315h, 0d62d1c7eh, 0c700c47bh 
dd 0b78c1b6bh, 021a19045h, 0b26eb1beh, 06a366eb4h, 05748ab2fh, 0bc946e79h 
dd 0c6a376d2h, 06549c2c8h, 0530ff8eeh, 0468dde7dh, 0d5730a1dh, 04cd04dc6h 
dd 02939bbdbh, 0a9ba4650h, 0ac9526e8h, 0be5ee304h, 0a1fad5f0h, 06a2d519ah 
dd 063ef8ce2h, 09a86ee22h, 0c089c2b8h, 043242ef6h, 0a51e03aah, 09cf2d0a4h 
dd 083c061bah, 09be96a4dh, 08fe51550h, 0ba645bd6h, 02826a2f9h, 0a73a3ae1h 
dd 04ba99586h, 0ef5562e9h, 0c72fefd3h, 0f752f7dah, 03f046f69h, 077fa0a59h 
dd 080e4a915h, 087b08601h, 09b09e6adh, 03b3ee593h, 0e990fd5ah, 09e34d797h 
dd 02cf0b7d9h, 0022b8b51h, 096d5ac3ah, 0017da67dh, 0d1cf3ed6h, 07c7d2d28h 
dd 01f9f25cfh, 0adf2b89bh, 05ad6b472h, 05a88f54ch, 0e029ac71h, 0e019a5e6h 
dd 047b0acfdh, 0ed93fa9bh, 0e8d3c48dh, 0283b57cch, 0f8d56629h, 079132e28h 
dd 0785f0191h, 0ed756055h, 0f7960e44h, 0e3d35e8ch, 015056dd4h, 088f46dbah 
dd 003a16125h, 00564f0bdh, 0c3eb9e15h, 03c9057a2h, 097271aech, 0a93a072ah 
dd 01b3f6d9bh, 01e6321f5h, 0f59c66fbh, 026dcf319h, 07533d928h, 0b155fdf5h 
dd 003563482h, 08aba3cbbh, 028517711h, 0c20ad9f8h, 0abcc5167h, 0ccad925fh 
dd 04de81751h, 03830dc8eh, 0379d5862h, 09320f991h, 0ea7a90c2h, 0fb3e7bceh 
dd 05121ce64h, 0774fbe32h, 0a8b6e37eh, 0c3293d46h, 048de5369h, 06413e680h 
dd 0a2ae0810h, 0dd6db224h, 069852dfdh, 009072166h, 0b39a460ah, 06445c0ddh 
dd 0586cdecfh, 01c20c8aeh, 05bbef7ddh, 01b588d40h, 0ccd2017fh, 06bb4e3bbh 
dd 0dda26a7eh, 03a59ff45h, 03e350a44h, 0bcb4cdd5h, 072eacea8h, 0fa6484bbh 
dd 08d6612aeh, 0bf3c6f47h, 0d29be463h, 0542f5d9eh, 0aec2771bh, 0f64e6370h 
dd 0740e0d8dh, 0e75b1357h, 0f8721671h, 0af537d5dh, 04040cb08h, 04eb4e2cch 
dd 034d2466ah, 00115af84h, 0e1b00428h, 095983a1dh, 006b89fb4h, 0ce6ea048h 
dd 06f3f3b82h, 03520ab82h, 0011a1d4bh, 0277227f8h, 0611560b1h, 0e7933fdch 
dd 0bb3a792bh, 0344525bdh, 0a08839e1h, 051ce794bh, 02f32c9b7h, 0a01fbac9h 
dd 0e01cc87eh, 0bcc7d1f6h, 0cf0111c3h, 0a1e8aac7h, 01a908749h, 0d44fbd9ah 
dd 0d0dadecbh, 0d50ada38h, 00339c32ah, 0c6913667h, 08df9317ch, 0e0b12b4fh 
dd 0f79e59b7h, 043f5bb3ah, 0f2d519ffh, 027d9459ch, 0bf97222ch, 015e6fc2ah 
dd 00f91fc71h, 09b941525h, 0fae59361h, 0ceb69cebh, 0c2a86459h, 012baa8d1h 
dd 0b6c1075eh, 0e3056a0ch, 010d25065h, 0cb03a442h, 0e0ec6e0eh, 01698db3bh 
dd 04c98a0beh, 03278e964h, 09f1f9532h, 0e0d392dfh, 0d3a0342bh, 08971f21eh 
dd 01b0a7441h, 04ba3348ch, 0c5be7120h, 0c37632d8h, 0df359f8dh, 09b992f2eh 
dd 0e60b6f47h, 00fe3f11dh, 0e54cda54h, 01edad891h, 0ce6279cfh, 0cd3e7e6fh 
dd 01618b166h, 0fd2c1d05h, 0848fd2c5h, 0f6fb2299h, 0f523f357h, 0a6327623h 
dd 093a83531h, 056cccd02h, 0acf08162h, 05a75ebb5h, 06e163697h, 088d273cch 
dd 0de966292h, 081b949d0h, 04c50901bh, 071c65614h, 0e6c6c7bdh, 0327a140ah 
dd 045e1d006h, 0c3f27b9ah, 0c9aa53fdh, 062a80f00h, 0bb25bfe2h, 035bdd2f6h 
dd 071126905h, 0b2040222h, 0b6cbcf7ch, 0cd769c2bh, 053113ec0h, 01640e3d3h 
dd 038abbd60h, 02547adf0h, 0ba38209ch, 0f746ce76h, 077afa1c5h, 020756060h 
dd 085cbfe4eh, 08ae88dd8h, 07aaaf9b0h, 04cf9aa7eh, 01948c25ch, 002fb8a8ch 
dd 001c36ae4h, 0d6ebe1f9h, 090d4f869h, 0a65cdea0h, 03f09252dh, 0c208e69fh 
dd 0b74e6132h, 0ce77e25bh, 0578fdfe3h, 03ac372e6h
section '.idata' import data readable writeable

  library kernel,'KERNEL32.DLL',\
          user,'USER32.DLL'

  import kernel,\
         GetModuleHandle,'GetModuleHandleA',\
         ExitProcess,'ExitProcess'

  import user,\
         DialogBoxParam,'DialogBoxParamA',\
         CheckRadioButton,'CheckRadioButton',\
         GetDlgItemText,'GetDlgItemTextA',\
         SetDlgItemText,'SetDlgItemTextA',\
         IsDlgButtonChecked,'IsDlgButtonChecked',\
         MessageBox,'MessageBoxA',\
         EndDialog,'EndDialog'

section '.rsrc' resource data readable

  directory RT_DIALOG,dialogs

  resource dialogs,\
           37,LANG_ENGLISH+SUBLANG_DEFAULT,demonstration

  dialog demonstration,'Create message box',100,150,250,90,WS_CAPTION+WS_POPUP+WS_SYSMENU+DS_MODALFRAME
    dialogitem 'STATIC','&ID:',-1,10,13,40,17,WS_VISIBLE
    dialogitem 'EDIT','',ID_CAPTION,30,13,150,13,WS_VISIBLE+WS_BORDER+WS_TABSTOP
    dialogitem 'STATIC','SN:',-1,10,40,20,18,WS_VISIBLE
    dialogitem 'EDIT','',ID_MESSAGE,30,40,150,13,WS_VISIBLE+WS_BORDER+WS_TABSTOP+ES_AUTOHSCROLL
   ; dialogitem 'BUTTON','&Icon',-1,10,70,80,70,WS_VISIBLE+BS_GROUPBOX
   ; dialogitem 'BUTTON','&Error',ID_ICONERROR,20,82,60,13,WS_VISIBLE+BS_AUTORADIOBUTTON+WS_TABSTOP+WS_GROUP
   ; dialogitem 'BUTTON','I&nformation',ID_ICONINFORMATION,20,95,60,13,WS_VISIBLE+BS_AUTORADIOBUTTON
   ; dialogitem 'BUTTON','&Question',ID_ICONQUESTION,20,108,60,13,WS_VISIBLE+BS_AUTORADIOBUTTON
   ; dialogitem 'BUTTON','&Warning',ID_ICONWARNING,20,121,60,13,WS_VISIBLE+BS_AUTORADIOBUTTON
   ; dialogitem 'BUTTON','&Style',-1,100,70,80,70,WS_VISIBLE+BS_GROUPBOX
    ;dialogitem 'BUTTON','&Top most',ID_TOPMOST,110,82,60,13,WS_VISIBLE+WS_TABSTOP+BS_AUTOCHECKBOX
    dialogitem 'BUTTON','OK',IDOK,200,11,40,15,WS_VISIBLE+WS_TABSTOP+BS_DEFPUSHBUTTON
    dialogitem 'BUTTON','C&ancel',IDCANCEL,200,36,41,14,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON
  enddialog   




免费评分

参与人数 3威望 +2 吾爱币 +16 热心值 +3 收起 理由
Hmily + 2 + 10 + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!
平淡最真 + 3 + 1 膜拜算法帝。
朱朱你堕落了 + 3 + 1 膜拜算法帝。

查看全部评分

本帖被以下淘专辑推荐:

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

 楼主| whyida 发表于 2018-1-29 10:55
redapple2015 发表于 2018-1-29 08:51
啊哦,你来晚了,分享的文件已经被删除了,下次要早点哟
能不能共享一下,谢谢了。

楼上已给出地址了。
链接: https://pan.baidu.com/s/1o9k8KLs 密码: w36d
5911521 发表于 2018-1-29 09:59
redapple2015 发表于 2018-1-29 08:51
啊哦,你来晚了,分享的文件已经被删除了,下次要早点哟
能不能共享一下,谢谢了。

链接: https://pan.baidu.com/s/1o9k8KLs 密码: w36d
 楼主| whyida 发表于 2018-1-28 15:49
redapple2015 发表于 2018-1-28 16:05
想问下160个CrackMe在哪里下载,谢谢了!
朱朱你堕落了 发表于 2018-1-28 16:09
whyida 发表于 2018-1-28 15:49
@朱朱你堕落了 你的水品也很高。

我是菜B。
 楼主| whyida 发表于 2018-1-28 16:11
redapple2015 发表于 2018-1-28 16:05
想问下160个CrackMe在哪里下载,谢谢了!

搜索 “适合破解新手的160个crackme练手.rar“
 楼主| whyida 发表于 2018-1-28 16:12

太谦虚了。
y294945022 发表于 2018-1-28 16:52
楼主这弄得,一提到算法,我就感觉很是厉害
茎正日 发表于 2018-1-28 19:33 来自手机
大佬,很强的样子
abcABC 发表于 2018-1-28 19:57
互相学习
sigsual 发表于 2018-1-28 20:18
向大神学习
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-22 16:38

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表