- UID
- 2
注册时间2004-12-1
阅读权限255
最后登录1970-1-1
总坛主
TA的每日心情 | 难过
7 天前 |
|---|
签到天数: 11 天 [LV.3]偶尔看看II
|
发表于 2011-1-11 14:18:11
|
显示全部楼层
老贴子又顶上来了....- 00401480 SUB ESP,2C
- 00401483 PUSH EBX
- 00401484 PUSH EBP
- 00401485 PUSH ESI
- 00401486 PUSH EDI
- 00401487 MOV EDI,ECX
- 00401489 PUSH 64
- 0040148B MOV DWORD PTR SS:[ESP+1C],EDI
- 0040148F CALL <JMP.&MFC42.#??2@YAPAXI@Z_823>
- 00401494 PUSH 64
- 00401496 MOV EBX,EAX
- 00401498 CALL <JMP.&MFC42.#??2@YAPAXI@Z_823>
- 0040149D ADD ESP,8
- 004014A0 MOV ESI,EAX
- 004014A2 MOV ECX,EDI
- 004014A4 MOV DWORD PTR SS:[ESP+1C],ESI
- 004014A8 PUSH 64
- 004014AA PUSH EBX
- 004014AB PUSH 3EA
- 004014B0 CALL <JMP.&MFC42.#?GetDlgItem@CWnd@@QBEPAV1@H@Z_3092>
- 004014B5 MOV ECX,EAX
- 004014B7 CALL <JMP.&MFC42.#?GetWindowTextA@CWnd@@QBEHPADH@Z_38>
- 004014BC PUSH 64
- 004014BE PUSH ESI
- 004014BF PUSH 3EB
- 004014C4 MOV ECX,EDI
- 004014C6 CALL <JMP.&MFC42.#?GetDlgItem@CWnd@@QBEPAV1@H@Z_3092>
- 004014CB MOV ECX,EAX
- 004014CD CALL <JMP.&MFC42.#?GetWindowTextA@CWnd@@QBEHPADH@Z_38>
- 004014D2 MOV EDI,EBX
- 004014D4 OR ECX,FFFFFFFF
- 004014D7 XOR EAX,EAX
- 004014D9 REPNE SCAS BYTE PTR ES:[EDI]
- 004014DB NOT ECX
- 004014DD PUSH ECX
- 004014DE CALL <JMP.&MFC42.#??2@YAPAXI@Z_823>
- 004014E3 MOV EBP,EAX
- 004014E5 MOV EDI,ESI
- 004014E7 OR ECX,FFFFFFFF
- 004014EA XOR EAX,EAX
- 004014EC REPNE SCAS BYTE PTR ES:[EDI]
- 004014EE NOT ECX
- 004014F0 PUSH ECX
- 004014F1 CALL <JMP.&MFC42.#??2@YAPAXI@Z_823>
- 004014F6 MOV ECX,DWORD PTR DS:[403024]
- 004014FC MOV EDX,EAX
- 004014FE MOV EAX,DWORD PTR DS:[403020] ; 常量:"yangbing1990"
- 00401503 MOV DWORD PTR SS:[ESP+38],ECX
- 00401507 MOV CL,BYTE PTR DS:[40302C]
- 0040150D MOV DWORD PTR SS:[ESP+34],EAX
- 00401511 MOV EAX,DWORD PTR DS:[403028]
- 00401516 MOV BYTE PTR SS:[ESP+40],CL
- 0040151A MOV DWORD PTR SS:[ESP+3C],EAX
- 0040151E MOV EDI,EBX ; name
- 00401520 OR ECX,FFFFFFFF
- 00401523 XOR EAX,EAX
- 00401525 MOV BYTE PTR SS:[ESP+18],57 ; "win"
- 0040152A MOV BYTE PTR SS:[ESP+19],69
- 0040152F MOV BYTE PTR SS:[ESP+1A],6E
- 00401534 MOV BYTE PTR SS:[ESP+1B],0
- 00401539 MOV BYTE PTR SS:[ESP+2C],4C ; "lost"
- 0040153E MOV BYTE PTR SS:[ESP+2D],6F
- 00401543 MOV BYTE PTR SS:[ESP+2E],73
- 00401548 MOV BYTE PTR SS:[ESP+2F],74
- 0040154D MOV BYTE PTR SS:[ESP+30],0
- 00401552 MOV DWORD PTR SS:[ESP+28],EDX
- 00401556 REPNE SCAS BYTE PTR ES:[EDI]
- 00401558 NOT ECX
- 0040155A SUB EDI,ECX
- 0040155C MOV DWORD PTR SS:[ESP+1C],0
- 00401564 MOV EAX,ECX
- 00401566 MOV ESI,EDI
- 00401568 MOV EDI,EBP
- 0040156A SHR ECX,2
- 0040156D REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
- 0040156F MOV ECX,EAX
- 00401571 XOR EAX,EAX
- 00401573 AND ECX,3
- 00401576 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
- 00401578 MOV EDI,DWORD PTR SS:[ESP+24]
- 0040157C OR ECX,FFFFFFFF
- 0040157F REPNE SCAS BYTE PTR ES:[EDI]
- 00401581 NOT ECX
- 00401583 SUB EDI,ECX
- 00401585 PUSH EBX ; /block
- 00401586 MOV EAX,ECX ; |
- 00401588 MOV ESI,EDI ; |
- 0040158A MOV EDI,EDX ; |
- 0040158C SHR ECX,2 ; |
- 0040158F REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; |
- 00401591 MOV ECX,EAX ; |
- 00401593 AND ECX,3 ; |
- 00401596 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] ; |
- 00401598 CALL <JMP.&MFC42.#??3@YAXPAX@Z_825> ; \free
- 0040159D MOV ECX,DWORD PTR SS:[ESP+28]
- 004015A1 PUSH ECX ; /block
- 004015A2 CALL <JMP.&MFC42.#??3@YAXPAX@Z_825> ; \free
- 004015A7 MOV EDI,EBP
- 004015A9 OR ECX,FFFFFFFF
- 004015AC XOR EAX,EAX
- 004015AE ADD ESP,10
- 004015B1 REPNE SCAS BYTE PTR ES:[EDI]
- 004015B3 NOT ECX
- 004015B5 DEC ECX
- 004015B6 CMP ECX,0C ; 用户名长度为 0xC
- 004015B9 JE SHORT CrackMe.004015E6
- 004015BB MOV ECX,DWORD PTR SS:[ESP+18]
- 004015BF PUSH EAX
- 004015C0 LEA EDX,DWORD PTR SS:[ESP+28]
- 004015C4 PUSH EAX
- 004015C5 PUSH EDX
- 004015C6 CALL <JMP.&MFC42.#?MessageBoxA@CWnd@@QAEHPBD0I@Z_4224>
- 004015CB PUSH EBP ; /block
- 004015CC CALL <JMP.&MFC42.#??3@YAXPAX@Z_825> ; \free
- 004015D1 MOV EAX,DWORD PTR SS:[ESP+24]
- 004015D5 PUSH EAX ; /block
- 004015D6 CALL <JMP.&MFC42.#??3@YAXPAX@Z_825> ; \free
- 004015DB ADD ESP,8
- 004015DE POP EDI
- 004015DF POP ESI
- 004015E0 POP EBP
- 004015E1 POP EBX
- 004015E2 ADD ESP,2C
- 004015E5 RETN
- 004015E6 LEA ECX,DWORD PTR SS:[ESP+2C] ; T = (ASCII "yangbing1990")
- 004015EA MOV EAX,EBP ; 用户名
- 004015EC SUB ECX,EBP
- 004015EE MOV ESI,0C ; 循环次数
- 004015F3 MOV DL,BYTE PTR DS:[ECX+EAX] ; T[i]
- 004015F6 MOV BL,BYTE PTR DS:[EAX] ; Name[i]
- 004015F8 ADD BL,DL ; T[i] + Name[i]
- 004015FA MOV BYTE PTR DS:[EAX],BL ; 写回去
- 004015FC INC EAX ; 用户名下一位
- 004015FD DEC ESI ; 循环次数递减
- 004015FE JNZ SHORT CrackMe.004015F3 ; 是否循环完毕?
- 00401600 MOV EDI,DWORD PTR SS:[ESP+20] ; 循环完后得到key
- 00401604 MOV EAX,EBP ; key
- 00401606 MOV ECX,EDI ; sn(输入的假码)
- 00401608 MOV ESI,0C ; 循环次数
- 0040160D SUB ECX,EBP
- 0040160F MOV DL,BYTE PTR DS:[EAX] ; key[i]
- 00401611 MOV BL,BYTE PTR DS:[ECX+EAX] ; sn[i]
- 00401614 CMP DL,BL ; 逐字节比较
- 00401616 JNZ SHORT CrackMe.0040161C ; game over!爆破点A!
- 00401618 INC DWORD PTR SS:[ESP+14] ; 成功则计数器+1
- 0040161C INC EAX ; 下一位
- 0040161D DEC ESI ; 循环次数递减
- 0040161E JNZ SHORT CrackMe.0040160F ; 是否循环完毕?
- 00401620 MOV EAX,DWORD PTR SS:[ESP+14] ; 取计数器的值
- 00401624 PUSH 0
- 00401626 CMP EAX,0C ; 如果计数器不等于0xC 则验证不成功~
- 00401629 PUSH 0
- 0040162B JNZ SHORT CrackMe.00401634 ; game over! 爆破点B!
- 0040162D LEA EAX,DWORD PTR SS:[ESP+18] ; "Win"
- 00401631 PUSH EAX
- 00401632 JMP SHORT CrackMe.00401639
- 00401634 LEA ECX,DWORD PTR SS:[ESP+2C] ; "Lost"
- 00401638 PUSH ECX
- 00401639 MOV ECX,DWORD PTR SS:[ESP+24]
- 0040163D CALL <JMP.&MFC42.#?MessageBoxA@CWnd@@QAEHPBD0I@Z_4224>; MessageBoxA
- 00401642 PUSH EBP ; /block
- 00401643 CALL <JMP.&MFC42.#??3@YAXPAX@Z_825> ; \free
- 00401648 PUSH EDI ; /block
- 00401649 CALL <JMP.&MFC42.#??3@YAXPAX@Z_825> ; \free
- 0040164E ADD ESP,8
- 00401651 POP EDI
- 00401652 POP ESI
- 00401653 POP EBP
- 00401654 POP EBX
- 00401655 ADD ESP,2C
- 00401658 RETN
- //////////////////////////////////////////////////////////////////////////
- /************************************************************************/
- /* KeyGen.cpp */
- /* Code By PiaoYun[P.Y.G] */
- /* WWW.CHINAPYG.COM */
- /* 2011-1-11 */
- /************************************************************************/
- #include <windows.h>
- #include <iostream.h>
- void main()
- {
- char szT[] = "yangbing1990";
- char szName[50] = {0};
- char szKey[50] = {0};
- cout<<"**************************\n";
- cout<<"* Code By PiaoYun[P.Y.G] *\n";
- cout<<"* web:www.chinapyg.com *\n";
- cout<<"* date:2011-1-11 *\n";
- cout<<"**************************\n";
- cout<<"请输入12位长度的用户名:\n";
- cin>>szName;
- int len = int(strlen(szName));
- if(len!=0 && len==0xC)
- {
- for(int i=0;i<len;i++)
- {
- szKey[i] = char(szName[i] + szT[i]);
- }
- cout<<"注册码为:"<<szKey<<endl;
- }else
- {
- cout<<"用户名长度不符合规则!"<<endl;
- }
- cout<<"***********************\n";
- }
|
|
楼主: yangbing1990
IP卡
发表于 2010-12-27 13:02:10
显身卡
