- UID
- 49527
注册时间2008-5-1
阅读权限10
最后登录1970-1-1
周游历练
TA的每日心情 | 开心
2018-3-28 22:57 |
|---|
签到天数: 31 天 [LV.5]常住居民I
|
以下是一个软件验算注册码的代码段,请高手们看看是怎么验算的.
0041BC42 . 68 80A64600 push 0046A680
0041BC47 . 64:A1 0000000>mov eax, dword ptr fs:[0]
0041BC4D . 50 push eax
0041BC4E . 83EC 4C sub esp, 4C
0041BC51 . A1 E8B74800 mov eax, dword ptr [48B7E8]
0041BC56 . 33C4 xor eax, esp
0041BC58 . 894424 48 mov dword ptr [esp+48], eax
0041BC5C . 56 push esi
0041BC5D . 57 push edi
0041BC5E . A1 E8B74800 mov eax, dword ptr [48B7E8]
0041BC63 . 33C4 xor eax, esp
0041BC65 . 50 push eax
0041BC66 . 8D4424 58 lea eax, dword ptr [esp+58]
0041BC6A . 64:A3 0000000>mov dword ptr fs:[0], eax
0041BC70 . 8B3D 7CC54600 mov edi, dword ptr [<&USER32.GetDlgI>; USER32.GetDlgItemTextA
0041BC76 . 6A 04 push 4 ; /Count = 4
0041BC78 . 8D4424 20 lea eax, dword ptr [esp+20] ; |
0041BC7C . 50 push eax ; |Buffer
0041BC7D . 8BF1 mov esi, ecx ; |
0041BC7F . 8B4E 20 mov ecx, dword ptr [esi+20] ; |
0041BC82 . 68 EA030000 push 3EA ; |ControlID = 3EA (1002.)
0041BC87 . 51 push ecx ; |hWnd
0041BC88 . FFD7 call edi ; \GetDlgItemTextA
0041BC8A . 8B46 20 mov eax, dword ptr [esi+20]
0041BC8D . 6A 09 push 9 ; /Count = 9
0041BC8F . 8D5424 4C lea edx, dword ptr [esp+4C] ; |
0041BC93 . 52 push edx ; |Buffer
0041BC94 . 68 EB030000 push 3EB ; |ControlID = 3EB (1003.)
0041BC99 . 50 push eax ; |hWnd
0041BC9A . FFD7 call edi ; \GetDlgItemTextA
0041BC9C . 8D4C24 20 lea ecx, dword ptr [esp+20]
0041BCA0 . 51 push ecx
0041BCA1 . 8D4C24 20 lea ecx, dword ptr [esp+20]
0041BCA5 . E8 F6F2FFFF call 0041AFA0
0041BCAA . 8D5424 48 lea edx, dword ptr [esp+48]
0041BCAE . 52 push edx
0041BCAF . 8D4C24 14 lea ecx, dword ptr [esp+14]
0041BCB3 . 51 push ecx
0041BCB4 . 8BC8 mov ecx, eax
0041BCB6 . C74424 68 000>mov dword ptr [esp+68], 0
0041BCBE . E8 FD040000 call 0041C1C0
0041BCC3 . 83C4 08 add esp, 8
0041BCC6 . C64424 60 02 mov byte ptr [esp+60], 2
0041BCCB . 8B4424 20 mov eax, dword ptr [esp+20]
0041BCCF . 83C0 F0 add eax, -10
0041BCD2 . 8D50 0C lea edx, dword ptr [eax+C]
0041BCD5 . 83C9 FF or ecx, FFFFFFFF
0041BCD8 . F0:0FC10A lock xadd dword ptr [edx], ecx
0041BCDC . 49 dec ecx
0041BCDD . 85C9 test ecx, ecx
0041BCDF . 7F 0A jg short 0041BCEB
0041BCE1 . 8B08 mov ecx, dword ptr [eax]
0041BCE3 . 8B11 mov edx, dword ptr [ecx]
0041BCE5 . 50 push eax
0041BCE6 . 8B42 04 mov eax, dword ptr [edx+4]
0041BCE9 . FFD0 call eax
0041BCEB > 8B56 20 mov edx, dword ptr [esi+20]
0041BCEE . 6A 06 push 6
0041BCF0 . 8D4C24 2C lea ecx, dword ptr [esp+2C]
0041BCF4 . 51 push ecx
0041BCF5 . 68 F6030000 push 3F6
0041BCFA . 52 push edx
0041BCFB . FFD7 call edi
0041BCFD . 8B4E 20 mov ecx, dword ptr [esi+20]
0041BD00 . 6A 06 push 6
0041BD02 . 8D4424 44 lea eax, dword ptr [esp+44]
0041BD06 . 50 push eax
0041BD07 . 68 FA030000 push 3FA
0041BD0C . 51 push ecx
0041BD0D . FFD7 call edi
0041BD0F . 8B46 20 mov eax, dword ptr [esi+20]
0041BD12 . 6A 06 push 6
0041BD14 . 8D5424 34 lea edx, dword ptr [esp+34]
0041BD18 . 52 push edx
0041BD19 . 68 FB030000 push 3FB
0041BD1E . 50 push eax
0041BD1F . FFD7 call edi
0041BD21 . 8B56 20 mov edx, dword ptr [esi+20]
0041BD24 . 6A 06 push 6
0041BD26 . 8D4C24 3C lea ecx, dword ptr [esp+3C]
0041BD2A . 51 push ecx
0041BD2B . 68 FC030000 push 3FC
0041BD30 . 52 push edx
0041BD31 . FFD7 call edi
0041BD33 . 8D4424 24 lea eax, dword ptr [esp+24]
0041BD37 . 50 push eax
0041BD38 . 8D4C24 2C lea ecx, dword ptr [esp+2C]
0041BD3C . E8 5FF2FFFF call 0041AFA0
0041BD41 . 8D4C24 40 lea ecx, dword ptr [esp+40]
0041BD45 . 51 push ecx
0041BD46 . 8D5424 18 lea edx, dword ptr [esp+18]
0041BD4A . 52 push edx
0041BD4B . 8BC8 mov ecx, eax
0041BD4D . C64424 68 03 mov byte ptr [esp+68], 3
0041BD52 . E8 69040000 call 0041C1C0
0041BD57 . 8D4C24 38 lea ecx, dword ptr [esp+38]
0041BD5B . 51 push ecx
0041BD5C . 8D5424 24 lea edx, dword ptr [esp+24]
0041BD60 . 52 push edx
0041BD61 . 8BC8 mov ecx, eax
0041BD63 . C64424 70 04 mov byte ptr [esp+70], 4
0041BD68 . E8 53040000 call 0041C1C0
0041BD6D . 8D4C24 48 lea ecx, dword ptr [esp+48]
0041BD71 . 51 push ecx
0041BD72 . 8D5424 20 lea edx, dword ptr [esp+20]
0041BD76 . 52 push edx
0041BD77 . 8BC8 mov ecx, eax
0041BD79 . C64424 78 05 mov byte ptr [esp+78], 5
0041BD7E . E8 3D040000 call 0041C1C0
0041BD83 . 83C4 18 add esp, 18
0041BD86 . C64424 60 07 mov byte ptr [esp+60], 7
0041BD8B . 8B4424 18 mov eax, dword ptr [esp+18]
0041BD8F . 83C0 F0 add eax, -10
0041BD92 . 8D48 0C lea ecx, dword ptr [eax+C]
0041BD95 . 83CA FF or edx, FFFFFFFF
0041BD98 . F0:0FC111 lock xadd dword ptr [ecx], edx
0041BD9C . 4A dec edx
0041BD9D . 85D2 test edx, edx
0041BD9F . 7F 0A jg short 0041BDAB
0041BDA1 . 8B08 mov ecx, dword ptr [eax]
0041BDA3 . 8B11 mov edx, dword ptr [ecx]
0041BDA5 . 50 push eax
0041BDA6 . 8B42 04 mov eax, dword ptr [edx+4]
0041BDA9 . FFD0 call eax
0041BDAB > C64424 60 08 mov byte ptr [esp+60], 8
0041BDB0 . 8B4424 14 mov eax, dword ptr [esp+14]
0041BDB4 . 83C0 F0 add eax, -10
0041BDB7 . 8D48 0C lea ecx, dword ptr [eax+C]
0041BDBA . 83CA FF or edx, FFFFFFFF
0041BDBD . F0:0FC111 lock xadd dword ptr [ecx], edx
0041BDC1 . 4A dec edx
0041BDC2 . 85D2 test edx, edx
0041BDC4 . 7F 0A jg short 0041BDD0
0041BDC6 . 8B08 mov ecx, dword ptr [eax]
0041BDC8 . 8B11 mov edx, dword ptr [ecx]
0041BDCA . 50 push eax
0041BDCB . 8B42 04 mov eax, dword ptr [edx+4]
0041BDCE . FFD0 call eax
0041BDD0 > C64424 60 09 mov byte ptr [esp+60], 9
0041BDD5 . 8B4424 24 mov eax, dword ptr [esp+24]
0041BDD9 . 83C0 F0 add eax, -10
0041BDDC . 8D48 0C lea ecx, dword ptr [eax+C]
0041BDDF . 83CA FF or edx, FFFFFFFF
0041BDE2 . F0:0FC111 lock xadd dword ptr [ecx], edx
0041BDE6 . 4A dec edx
0041BDE7 . 85D2 test edx, edx
0041BDE9 7F 0A jg short 0041BDF5
0041BDEB . 8B08 mov ecx, dword ptr [eax]
0041BDED . 8B11 mov edx, dword ptr [ecx]
0041BDEF . 50 push eax
0041BDF0 . 8B42 04 mov eax, dword ptr [edx+4]
0041BDF3 . FFD0 call eax
0041BDF5 68 60D24700 push 0047D260 ; ASCII "ArmAccess.DLL"
0041BDFA FF15 40C34600 call dword ptr [<&KERNEL32.LoadLibrar>; kernel32.LoadLibraryA
0041BE00 85C0 test eax, eax
0041BE02 74 6A je short 0041BE6E ; 跳向失败1
0041BE04 68 98D24700 push 0047D298 ; ASCII "InstallKey"
0041BE09 50 push eax
0041BE0A FF15 A0C34600 call dword ptr [<&KERNEL32.GetProcAdd>; kernel32.GetProcAddress
0041BE10 8BF8 mov edi, eax
0041BE12 85FF test edi, edi
0041BE14 74 58 je short 0041BE6E ; 跳向失败2
0041BE16 . 8B4C24 10 mov ecx, dword ptr [esp+10]
0041BE1A . E8 61EAFFFF call 0041A880
0041BE1F . 85C0 test eax, eax
0041BE21 74 4B je short 0041BE6E ; 跳向失败3
0041BE23 . 8B4C24 0C mov ecx, dword ptr [esp+C]
0041BE27 . E8 74EBFFFF call 0041A9A0
0041BE2C . 85C0 test eax, eax
0041BE2E 74 3E je short 0041BE6E ; 跳向失败4
0041BE30 . 8D4424 10 lea eax, dword ptr [esp+10]
0041BE34 . E8 E7E9FFFF call 0041A820
0041BE39 . 8D4424 0C lea eax, dword ptr [esp+C]
0041BE3D . E8 FEEAFFFF call 0041A940
0041BE42 . 8B4C24 0C mov ecx, dword ptr [esp+C]
0041BE46 . 8B5424 10 mov edx, dword ptr [esp+10]
0041BE4A . 51 push ecx
0041BE4B . 52 push edx
0041BE4C . FFD7 call edi
0041BE4E . 0FB6C0 movzx eax, al
0041BE51 . 85C0 test eax, eax
0041BE53 74 19 je short 0041BE6E ; 跳向失败5
0041BE55 . 6A 00 push 0
0041BE57 . 6A 40 push 40
0041BE59 . 68 78D54700 push 0047D578 ; 注册成功
0041BE5E . E8 399A0100 call 0043589C
0041BE63 . 6A 01 push 1
0041BE65 . 8BCE mov ecx, esi
0041BE67 . E8 FA640100 call 00432366
0041BE6C . EB 0E jmp short 0041BE7C
0041BE6E > 6A 00 push 0 ; 注册激活失败
0041BE70 . 6A 30 push 30
0041BE72 . 68 A8D54700 push 0047D5A8
0041BE77 . E8 209A0100 call 0043589C
0041BE7C > C64424 60 02 mov byte ptr [esp+60], 2
0041BE81 . 8B4424 0C mov eax, dword ptr [esp+C]
0041BE85 . 83C0 F0 add eax, -10
0041BE88 . 8D48 0C lea ecx, dword ptr [eax+C]
0041BE8B . 83CA FF or edx, FFFFFFFF
0041BE8E . F0:0FC111 lock xadd dword ptr [ecx], edx
0041BE92 . 4A dec edx
0041BE93 . 85D2 test edx, edx
0041BE95 . 7F 0A jg short 0041BEA1
0041BE97 . 8B08 mov ecx, dword ptr [eax]
0041BE99 . 8B11 mov edx, dword ptr [ecx]
0041BE9B . 50 push eax
0041BE9C . 8B42 04 mov eax, dword ptr [edx+4]
0041BE9F . FFD0 call eax
0041BEA1 > C74424 60 FFF>mov dword ptr [esp+60], -1
0041BEA9 . 8B4424 10 mov eax, dword ptr [esp+10]
0041BEAD . 83C0 F0 add eax, -10
0041BEB0 . 8D48 0C lea ecx, dword ptr [eax+C]
0041BEB3 . 83CA FF or edx, FFFFFFFF
0041BEB6 . F0:0FC111 lock xadd dword ptr [ecx], edx
0041BEBA . 4A dec edx
0041BEBB . 85D2 test edx, edx
0041BEBD . 7F 0A jg short 0041BEC9
0041BEBF . 8B08 mov ecx, dword ptr [eax]
0041BEC1 . 8B11 mov edx, dword ptr [ecx]
0041BEC3 . 50 push eax
0041BEC4 . 8B42 04 mov eax, dword ptr [edx+4]
0041BEC7 . FFD0 call eax
0041BEC9 > 8B4C24 58 mov ecx, dword ptr [esp+58]
0041BECD . 64:890D 00000>mov dword ptr fs:[0], ecx
0041BED4 . 59 pop ecx
0041BED5 . 5F pop edi
0041BED6 . 5E pop esi
0041BED7 . 8B4C24 48 mov ecx, dword ptr [esp+48]
0041BEDB . 33CC xor ecx, esp
0041BEDD . E8 C5340300 call 0044F3A7
0041BEE2 . 83C4 58 add esp, 58
0041BEE5 . C3 retn
用以上的代码能否写出算法注册机?谢谢! |
|
[复制链接]
IP卡
发表于 2008-5-16 15:27:41
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2008-5-20 23:44:51