R-Wipe&Clean 简单分析
软件介绍 :R-Wipe & Clean 7.1软件大小:2218KB
软件语言:英文
软件类别:国外软件/共享版/卸载工具
运行环境:Win9x/Me/NT/2000/XP/2003
更新时间:2007-2-21 12:11:39
华军下载:http://www.onlinedown.net/soft/55561.htm
算法在软件的 RWipe.dll文件中
堆栈窗口:
0012EC20 101B1F89/CALL 到 MessageBoxA 来自 RWipe.101B1F83
0012EC24 00050B90|hOwner = 00050B90 ('Register R-Wipe&Clean',class='#32770')
0012EC28 003B4F44|Text = LF," Registration successful ",LF,""
0012EC2C 003B4B3C|Title = "Registration"
0012EC30 00000040\Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
OD在此下断:
101B1B1C 68 03020000 push 203
101B1B21 8B85 14FFFFFF mov eax,
101B1B27 FF70 04 push dword ptr
101B1B2A FF15 34952D10 call [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
101B1B30 8945 DC mov , eax
101B1B33 837D DC 00 cmp dword ptr , 0 ; 这里是比较用户名
101B1B37 74 3D je short 101B1B76
101B1B39 FF75 DC push dword ptr
101B1B3C FF15 58952D10 call [<&USER32.GetWindowTextLe>; USER32.GetWindowTextLengthA
101B1B42 8945 D8 mov , eax
101B1B45 8B45 D8 mov eax,
101B1B48 40 inc eax
101B1B49 50 push eax
101B1B4A 8D4D E4 lea ecx,
101B1B4D E8 5115E5FF call 100030A3
101B1B52 8945 D4 mov , eax
101B1B55 8B45 D8 mov eax,
101B1B58 40 inc eax
101B1B59 50 push eax
101B1B5A FF75 D4 push dword ptr
101B1B5D FF75 DC push dword ptr
101B1B60 FF15 54952D10 call [<&USER32.GetWindowTextA>>; USER32.GetWindowTextA
101B1B66 8945 D8 mov , eax
101B1B69 FF75 D8 push dword ptr
101B1B6C 8D4D E4 lea ecx,
101B1B6F E8 DF15E5FF call 10003153
101B1B74 EB 08 jmp short 101B1B7E
101B1B76 8D4D E4 lea ecx,
101B1B79 E8 8F10E5FF call 10002C0D
101B1B7E 68 7A030000 push 37A
101B1B83 8B85 14FFFFFF mov eax,
101B1B89 FF70 04 push dword ptr
101B1B8C FF15 34952D10 call [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
101B1B92 8945 D0 mov , eax
101B1B95 837D D0 00 cmp dword ptr , 0 ; 这里是比较公司
101B1B99 74 3D je short 101B1BD8
101B1B9B FF75 D0 push dword ptr
101B1B9E FF15 58952D10 call [<&USER32.GetWindowTextLe>; USER32.GetWindowTextLengthA
101B1BA4 8945 CC mov , eax
101B1BA7 8B45 CC mov eax,
101B1BAA 40 inc eax
101B1BAB 50 push eax
101B1BAC 8D4D EC lea ecx,
101B1BAF E8 EF14E5FF call 100030A3
101B1BB4 8945 C8 mov , eax
101B1BB7 8B45 CC mov eax,
101B1BBA 40 inc eax
101B1BBB 50 push eax
101B1BBC FF75 C8 push dword ptr
101B1BBF FF75 D0 push dword ptr
101B1BC2 FF15 54952D10 call [<&USER32.GetWindowTextA>>; USER32.GetWindowTextA
101B1BC8 8945 CC mov , eax
101B1BCB FF75 CC push dword ptr
101B1BCE 8D4D EC lea ecx,
101B1BD1 E8 7D15E5FF call 10003153
101B1BD6 EB 08 jmp short 101B1BE0
101B1BD8 8D4D EC lea ecx,
101B1BDB E8 2D10E5FF call 10002C0D
101B1BE0 68 85030000 push 385
101B1BE5 8B85 14FFFFFF mov eax,
101B1BEB FF70 04 push dword ptr
101B1BEE FF15 34952D10 call [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
101B1BF4 8945 C4 mov , eax
101B1BF7 837D C4 00 cmp dword ptr , 0 ; 比较注册码
101B1BFB 74 3D je short 101B1C3A
101B1BFD FF75 C4 push dword ptr
101B1C00 FF15 58952D10 call [<&USER32.GetWindowTextLe>; USER32.GetWindowTextLengthA
101B1C06 8945 C0 mov , eax
101B1C09 8B45 C0 mov eax,
101B1C0C 40 inc eax
101B1C0D 50 push eax
101B1C0E 8D4D E0 lea ecx,
101B1C11 E8 8D14E5FF call 100030A3
101B1C16 8945 BC mov , eax
101B1C19 8B45 C0 mov eax,
101B1C1C 40 inc eax
101B1C1D 50 push eax
101B1C1E FF75 BC push dword ptr
101B1C21 FF75 C4 push dword ptr
101B1C24 FF15 54952D10 call [<&USER32.GetWindowTextA>>; USER32.GetWindowTextA
101B1C2A 8945 C0 mov , eax
101B1C2D FF75 C0 push dword ptr
101B1C30 8D4D E0 lea ecx,
101B1C33 E8 1B15E5FF call 10003153
101B1C38 EB 08 jmp short 101B1C42
101B1C3A 8D4D E0 lea ecx,
101B1C3D E8 CB0FE5FF call 10002C0D
101B1C42 68 28703210 push 10327028 ; ASCII LF,CR,TAB," "
101B1C47 8D4D E0 lea ecx,
101B1C4A E8 4B050000 call 101B219A
101B1C4F 68 28703210 push 10327028 ; ASCII LF,CR,TAB," "
101B1C54 8D4D E0 lea ecx,
101B1C57 E8 C1050000 call 101B221D
101B1C5C A1 70E03010 mov eax,
101B1C61 8945 F0 mov , eax
101B1C64 C645 FC 06 mov byte ptr , 6
101B1C68 C645 FC 07 mov byte ptr , 7
101B1C6C 68 EE010000 push 1EE
101B1C71 8D4D F0 lea ecx,
101B1C74 E8 8E1EE5FF call 10003B07
101B1C79 8B45 E4 mov eax,
101B1C7C 33C9 xor ecx, ecx
101B1C7E 8378 F8 00 cmp dword ptr , 0
101B1C82 0F94C1 sete cl
101B1C85 85C9 test ecx, ecx
101B1C87 75 24 jnz short 101B1CAD
101B1C89 8B45 EC mov eax,
101B1C8C 33C9 xor ecx, ecx
101B1C8E 8378 F8 00 cmp dword ptr , 0
101B1C92 0F94C1 sete cl
101B1C95 85C9 test ecx, ecx
101B1C97 75 14 jnz short 101B1CAD
101B1C99 8B45 E0 mov eax,
101B1C9C 33C9 xor ecx, ecx
101B1C9E 8378 F8 00 cmp dword ptr , 0
101B1CA2 0F94C1 sete cl
101B1CA5 85C9 test ecx, ecx
101B1CA7 0F84 B1000000 je 101B1D5E
101B1CAD A1 70E03010 mov eax,
101B1CB2 8945 B8 mov , eax
101B1CB5 C645 FC 08 mov byte ptr , 8
101B1CB9 C645 FC 09 mov byte ptr , 9
101B1CBD 68 E1010000 push 1E1
101B1CC2 8D4D B8 lea ecx,
101B1CC5 E8 3D1EE5FF call 10003B07
101B1CCA 8B45 F0 mov eax,
101B1CCD 8985 40FFFFFF mov , eax
101B1CD3 8B45 B8 mov eax,
101B1CD6 8985 44FFFFFF mov , eax
101B1CDC 6A 10 push 10
101B1CDE FFB5 40FFFFFF push dword ptr
101B1CE4 FFB5 44FFFFFF push dword ptr
101B1CEA 8B85 14FFFFFF mov eax,
101B1CF0 FF70 04 push dword ptr
101B1CF3 FF15 20972D10 call [<&USER32.MessageBoxA>] ; USER32.MessageBoxA
101B1CF9 83A5 50FFFFFF 0>and dword ptr , 0
101B1D00 C645 FC 0A mov byte ptr , 0A
101B1D04 C645 FC 07 mov byte ptr , 7
101B1D08 8D4D B8 lea ecx,
101B1D0B E8 5110E5FF call 10002D61
101B1D10 C645 FC 0B mov byte ptr , 0B
101B1D14 C645 FC 05 mov byte ptr , 5
101B1D18 8D4D F0 lea ecx,
101B1D1B E8 4110E5FF call 10002D61
101B1D20 C645 FC 0C mov byte ptr , 0C
101B1D24 C645 FC 03 mov byte ptr , 3
101B1D28 8D4D E0 lea ecx,
101B1D2B E8 3110E5FF call 10002D61
101B1D30 C645 FC 0D mov byte ptr , 0D
101B1D34 C645 FC 01 mov byte ptr , 1
101B1D38 8D4D EC lea ecx,
101B1D3B E8 2110E5FF call 10002D61
101B1D40 C745 FC 0E00000>mov dword ptr , 0E
101B1D47 834D FC FF or dword ptr , FFFFFF>
101B1D4B 8D4D E4 lea ecx,
101B1D4E E8 0E10E5FF call 10002D61
101B1D53 8B85 50FFFFFF mov eax,
101B1D59 E9 D4030000 jmp 101B2132
101B1D5E FF75 E0 push dword ptr
101B1D61 E8 2AEE0E00 call CheckTime
101B1D66 59 pop ecx
101B1D67 8945 E8 mov , eax
101B1D6A 837D E8 01 cmp dword ptr , 1
101B1D6E 74 0A je short 101B1D7A
101B1D70 837D E8 02 cmp dword ptr , 2
101B1D74 0F85 EF000000 jnz 101B1E69
101B1D7A 8D8D 64FFFFFF lea ecx,
101B1D80 E8 BE0D0000 call 101B2B43
101B1D85 C645 FC 0F mov byte ptr , 0F
101B1D89 8D4D 80 lea ecx,
101B1D8C E8 B5D4EAFF call 1005F246
101B1D91 C645 FC 10 mov byte ptr , 10
101B1D95 8B45 E8 mov eax,
101B1D98 8945 B4 mov , eax
101B1D9B C785 64FFFFFF A>mov dword ptr , 102DA>
101B1DA5 C645 FC 11 mov byte ptr , 11
101B1DA9 8B85 14FFFFFF mov eax,
101B1DAF 8B40 04 mov eax,
101B1DB2 8985 38FFFFFF mov , eax
101B1DB8 8D85 64FFFFFF lea eax,
101B1DBE 50 push eax
101B1DBF 8D85 6CFFFFFF lea eax,
101B1DC5 50 push eax
101B1DC6 68 B0163310 push 103316B0
101B1DCB E8 FC0AE5FF call 100028CC
101B1DD0 A1 B8163310 mov eax,
101B1DD5 8985 3CFFFFFF mov , eax
101B1DDB 6A 00 push 0
101B1DDD 68 BE290010 push 100029BE
101B1DE2 FFB5 38FFFFFF push dword ptr
101B1DE8 68 14040000 push 414
101B1DED FFB5 3CFFFFFF push dword ptr
101B1DF3 E8 3222E5FF call 1000402A
101B1DF8 83A5 4CFFFFFF 0>and dword ptr , 0
101B1DFF C645 FC 13 mov byte ptr , 13
101B1E03 C645 FC 12 mov byte ptr , 12
101B1E07 8D4D 80 lea ecx,
101B1E0A E8 C5D4EAFF call 1005F2D4
101B1E0F C645 FC 14 mov byte ptr , 14
101B1E13 C645 FC 15 mov byte ptr , 15
101B1E17 C645 FC 07 mov byte ptr , 7
101B1E1B C645 FC 16 mov byte ptr , 16
101B1E1F C645 FC 05 mov byte ptr , 5
101B1E23 8D4D F0 lea ecx,
101B1E26 E8 360FE5FF call 10002D61
101B1E2B C645 FC 17 mov byte ptr , 17
101B1E2F C645 FC 03 mov byte ptr , 3
101B1E33 8D4D E0 lea ecx,
101B1E36 E8 260FE5FF call 10002D61
101B1E3B C645 FC 18 mov byte ptr , 18
101B1E3F C645 FC 01 mov byte ptr , 1
101B1E43 8D4D EC lea ecx,
101B1E46 E8 160FE5FF call 10002D61
101B1E4B C745 FC 1900000>mov dword ptr , 19
101B1E52 834D FC FF or dword ptr , FFFFFF>
101B1E56 8D4D E4 lea ecx,
101B1E59 E8 030FE5FF call 10002D61
101B1E5E 8B85 4CFFFFFF mov eax,
101B1E64 E9 C9020000 jmp 101B2132
101B1E69 6A 00 push 0
101B1E6B 6A 00 push 0
101B1E6D 6A 00 push 0
101B1E6F 6A 00 push 0
101B1E71 FF75 E0 push dword ptr
101B1E74 E8 67EE0E00 call 102A0CE0
101B1E79 83C4 14 add esp, 14
101B1E7C 85C0 test eax, eax
101B1E7E 0F84 44010000 je 101B1FC8 ; 这里不跳 下面弹出注册成功对话框 但这不是暴破点 算法自己找一下
101B1E84 FF75 E0 push dword ptr
101B1E87 FF75 EC push dword ptr
101B1E8A FF75 E4 push dword ptr
101B1E8D E8 A3FBFFFF call 101B1A35
101B1E92 83C4 0C add esp, 0C
101B1E95 A1 70E03010 mov eax,
101B1E9A 8985 60FFFFFF mov , eax
101B1EA0 C645 FC 1A mov byte ptr , 1A
101B1EA4 C645 FC 1B mov byte ptr , 1B
101B1EA8 A1 70E03010 mov eax,
101B1EAD 8985 5CFFFFFF mov , eax
101B1EB3 C645 FC 1C mov byte ptr , 1C
101B1EB7 C645 FC 1D mov byte ptr , 1D
101B1EBB B8 20703210 mov eax, 10327020 ; ASCII LF," "
101B1EC0 85C0 test eax, eax
101B1EC2 75 09 jnz short 101B1ECD
101B1EC4 83A5 10FFFFFF 0>and dword ptr , 0
101B1ECB EB 11 jmp short 101B1EDE
101B1ECD 68 20703210 push 10327020 ; ASCII LF," "
101B1ED2 FF15 44932D10 call [<&KERNEL32.lstrlenA>] ; kernel32.lstrlenA
101B1ED8 8985 10FFFFFF mov , eax
101B1EDE 68 20703210 push 10327020 ; ASCII LF," "
101B1EE3 FFB5 10FFFFFF push dword ptr
101B1EE9 8D8D 60FFFFFF lea ecx,
101B1EEF E8 AE0EE5FF call 10002DA2
101B1EF4 68 ED010000 push 1ED
101B1EF9 8D8D 5CFFFFFF lea ecx,
101B1EFF E8 031CE5FF call 10003B07
101B1F04 FFB5 5CFFFFFF push dword ptr
101B1F0A 8B85 5CFFFFFF mov eax,
101B1F10 FF70 F8 push dword ptr
101B1F13 8D8D 60FFFFFF lea ecx,
101B1F19 E8 6310E5FF call 10002F81
101B1F1E B8 18703210 mov eax, 10327018 ; ASCII " ",LF
101B1F23 85C0 test eax, eax
101B1F25 75 09 jnz short 101B1F30
101B1F27 83A5 0CFFFFFF 0>and dword ptr , 0
101B1F2E EB 11 jmp short 101B1F41
101B1F30 68 18703210 push 10327018 ; ASCII " ",LF
101B1F35 FF15 44932D10 call [<&KERNEL32.lstrlenA>] ; kernel32.lstrlenA
101B1F3B 8985 0CFFFFFF mov , eax
101B1F41 68 18703210 push 10327018 ; ASCII " ",LF
101B1F46 FFB5 0CFFFFFF push dword ptr
101B1F4C 8D8D 60FFFFFF lea ecx,
101B1F52 E8 2A10E5FF call 10002F81
101B1F57 8B45 F0 mov eax,
101B1F5A 8985 30FFFFFF mov , eax
101B1F60 8B85 60FFFFFF mov eax,
101B1F66 8985 34FFFFFF mov , eax
101B1F6C 6A 40 push 40
101B1F6E FFB5 30FFFFFF push dword ptr
101B1F74 FFB5 34FFFFFF push dword ptr
101B1F7A 8B85 14FFFFFF mov eax,
101B1F80 FF70 04 push dword ptr
101B1F83 FF15 20972D10 call [<&USER32.MessageBoxA>] ; USER32.MessageBoxA
101B1F89 0FB745 0C movzx eax, word ptr
101B1F8D 50 push eax
101B1F8E 8B85 14FFFFFF mov eax,
101B1F94 FF70 04 push dword ptr
101B1F97 FF15 24972D10 call [<&USER32.EndDialog>] ; USER32.EndDialog
101B1F9D C645 FC 1E mov byte ptr , 1E
101B1FA1 C645 FC 1B mov byte ptr , 1B
101B1FA5 8D8D 5CFFFFFF lea ecx,
101B1FAB E8 B10DE5FF call 10002D61
101B1FB0 C645 FC 1F mov byte ptr , 1F
101B1FB4 C645 FC 07 mov byte ptr , 7
101B1FB8 8D8D 60FFFFFF lea ecx,
101B1FBE E8 9E0DE5FF call 10002D61
101B1FC3 E9 1A010000 jmp 101B20E2 软件只是简单的看了下 由于时间关系 有时间再看 ~~
软件启动时验证注册码算法部分
102A0CE0 55 push ebp102A0CE1 8BEC mov ebp, esp
102A0CE3 81EC A8060000 sub esp, 6A8
102A0CE9 56 push esi
102A0CEA 57 push edi
102A0CEB C785 7CFDFFFF 0>mov dword ptr , 0
102A0CF5 C785 80FDFFFF 0>mov dword ptr , 0
102A0CFF C785 78FDFFFF F>mov dword ptr , -1
102A0D09 837D 08 00 cmp dword ptr , 0
102A0D0D 74 13 je short 102A0D22
102A0D0F 8B7D 08 mov edi,
102A0D12 83C9 FF or ecx, FFFFFFFF
102A0D15 33C0 xor eax, eax
102A0D17 F2:AE repne scas byte ptr es:
102A0D19 F7D1 not ecx
102A0D1B 83C1 FF add ecx, -1
102A0D1E 85C9 test ecx, ecx
102A0D20 75 07 jnz short 102A0D29
102A0D22 33C0 xor eax, eax
102A0D24 E9 0D040000 jmp 102A1136
102A0D29 C785 84FDFFFF E>mov dword ptr , 102DBDE>
102A0D33 C785 84FDFFFF D>mov dword ptr , 102DBDD>
102A0D3D 8D85 84FDFFFF lea eax,
102A0D43 50 push eax
102A0D44 8B4D 08 mov ecx,
102A0D47 51 push ecx
102A0D48 8D8D 88FDFFFF lea ecx,
102A0D4E E8 ED030000 call 102A1140
102A0D53 8B95 88FDFFFF mov edx,
102A0D59 81E2 FFFF0000 and edx, 0FFFF
102A0D5F 83E2 01 and edx, 1
102A0D62 85D2 test edx, edx
102A0D64 75 07 jnz short 102A0D6D ; 第一处暴破掉 JNZ 修改为 JMP
102A0D66 33C0 xor eax, eax
102A0D68 E9 C9030000 jmp 102A1136
102A0D6D 68 2083B8ED push EDB88320
102A0D72 8D8D 6CF9FFFF lea ecx,
102A0D78 E8 A3050000 call 102A1320
102A0D7D C785 74FDFFFF 0>mov dword ptr , 0
102A0D87 EB 0F jmp short 102A0D98
102A0D89 8B85 74FDFFFF mov eax, ; 注册码32位 循环开始点
102A0D8F 83C0 01 add eax, 1
102A0D92 8985 74FDFFFF mov , eax
102A0D98 8B7D 08 mov edi,
102A0D9B 83C9 FF or ecx, FFFFFFFF
102A0D9E 33C0 xor eax, eax
102A0DA0 F2:AE repne scas byte ptr es:
102A0DA2 F7D1 not ecx
102A0DA4 83C1 FF add ecx, -1
102A0DA7 398D 74FDFFFF cmp , ecx
102A0DAD 73 74 jnb short 102A0E23
102A0DAF 8B4D 08 mov ecx,
102A0DB2 038D 74FDFFFF add ecx,
102A0DB8 0FBE11 movsx edx, byte ptr
102A0DBB 83FA 20 cmp edx, 20
102A0DBE 7E 5E jle short 102A0E1E
102A0DC0 8B45 08 mov eax,
102A0DC3 0385 74FDFFFF add eax,
102A0DC9 8A08 mov cl,
102A0DCB 888D 58F9FFFF mov , cl
102A0DD1 8B95 6CFDFFFF mov edx,
102A0DD7 81E2 FF000000 and edx, 0FF
102A0DDD 8B85 58F9FFFF mov eax,
102A0DE3 25 FF000000 and eax, 0FF
102A0DE8 33D0 xor edx, eax
102A0DEA 8895 5CF9FFFF mov , dl
102A0DF0 8B8D 6CFDFFFF mov ecx,
102A0DF6 C1E9 08 shr ecx, 8
102A0DF9 898D 6CFDFFFF mov , ecx
102A0DFF 8B95 5CF9FFFF mov edx,
102A0E05 81E2 FF000000 and edx, 0FF
102A0E0B 8B85 6CFDFFFF mov eax,
102A0E11 338495 6CF9FFFF xor eax,
102A0E18 8985 6CFDFFFF mov , eax
102A0E1E^ E9 66FFFFFF jmp 102A0D89
102A0E23 C785 64F9FFFF 0>mov dword ptr , 0
102A0E2D EB 0F jmp short 102A0E3E
102A0E2F 8B8D 64F9FFFF mov ecx,
102A0E35 83C1 01 add ecx, 1
102A0E38 898D 64F9FFFF mov , ecx
102A0E3E 81BD 64F9FFFF A>cmp dword ptr , 0AF
102A0E48 73 20 jnb short 102A0E6A
102A0E4A 8B95 6CFDFFFF mov edx,
102A0E50 F7D2 not edx
102A0E52 8B85 64F9FFFF mov eax,
102A0E58 391485 D8F83210 cmp , edx
102A0E5F 75 07 jnz short 102A0E68
102A0E61 33C0 xor eax, eax
102A0E63 E9 CE020000 jmp 102A1136
102A0E68^ EB C5 jmp short 102A0E2F
102A0E6A 8B8D 8CFDFFFF mov ecx,
102A0E70 81E1 FFFF0000 and ecx, 0FFFF
102A0E76 85C9 test ecx, ecx
102A0E78 75 11 jnz short 102A0E8B
102A0E7A 8B95 9EFEFFFF mov edx,
102A0E80 81E2 FFFF0000 and edx, 0FFFF
102A0E86 83FA 10 cmp edx, 10
102A0E89 7E 07 jle short 102A0E92
102A0E8B 33C0 xor eax, eax
102A0E8D E9 A4020000 jmp 102A1136
102A0E92 8B85 88FDFFFF mov eax,
102A0E98 25 FFFF0000 and eax, 0FFFF
102A0E9D 83E0 02 and eax, 2
102A0EA0 85C0 test eax, eax
102A0EA2 74 07 je short 102A0EAB
102A0EA4 33C0 xor eax, eax
102A0EA6 E9 8B020000 jmp 102A1136
102A0EAB 8B4D 08 mov ecx,
102A0EAE 51 push ecx
102A0EAF E8 DCFCFFFF call CheckTime
102A0EB4 83C4 04 add esp, 4
102A0EB7 85C0 test eax, eax
102A0EB9 74 07 je short 102A0EC2
102A0EBB 33C0 xor eax, eax
102A0EBD E9 74020000 jmp 102A1136
102A0EC2 C685 60F9FFFF 0>mov byte ptr , 0
102A0EC9 C785 68F9FFFF 0>mov dword ptr , 0
102A0ED3 EB 0F jmp short 102A0EE4
102A0ED5 8B95 68F9FFFF mov edx,
102A0EDB 83C2 01 add edx, 1
102A0EDE 8995 68F9FFFF mov , edx
102A0EE4 8B85 9EFEFFFF mov eax,
102A0EEA 25 FFFF0000 and eax, 0FFFF
102A0EEF 3985 68F9FFFF cmp , eax
102A0EF5 0F8D C0010000 jge 102A10BB ; 我修改了这里的地址 我修改为102A1007
102A0EFB 8B8D 68F9FFFF mov ecx,
102A0F01 6BC9 16 imul ecx, ecx, 16
102A0F04 33D2 xor edx, edx
102A0F06 66:8B940D A0FEF>mov dx,
102A0F0E 81FA 01020000 cmp edx, 201
102A0F14 74 02 je short 102A0F18
102A0F16^ EB BD jmp short 102A0ED5
102A0F18 8B85 68F9FFFF mov eax,
102A0F1E 6BC0 16 imul eax, eax, 16
102A0F21 33C9 xor ecx, ecx
102A0F23 66:8B8C05 A2FEF>mov cx,
102A0F2B 898D 7CFDFFFF mov , ecx
102A0F31 8B95 68F9FFFF mov edx,
102A0F37 6BD2 16 imul edx, edx, 16
102A0F3A 33C0 xor eax, eax
102A0F3C 8A8415 A4FEFFFF mov al,
102A0F43 8985 80FDFFFF mov , eax
102A0F49 837D 0C 00 cmp dword ptr , 0
102A0F4D 74 26 je short 102A0F75
102A0F4F 8DBD 9CFDFFFF lea edi,
102A0F55 8B55 0C mov edx,
102A0F58 83C9 FF or ecx, FFFFFFFF
102A0F5B 33C0 xor eax, eax
102A0F5D F2:AE repne scas byte ptr es:
102A0F5F F7D1 not ecx
102A0F61 2BF9 sub edi, ecx
102A0F63 8BF7 mov esi, edi
102A0F65 8BC1 mov eax, ecx
102A0F67 8BFA mov edi, edx
102A0F69 C1E9 02 shr ecx, 2
102A0F6C F3:A5 rep movs dword ptr es:, dwo>
102A0F6E 8BC8 mov ecx, eax
102A0F70 83E1 03 and ecx, 3
102A0F73 F3:A4 rep movs byte ptr es:, byte>
102A0F75 83BD 80FDFFFF 0>cmp dword ptr , 0
102A0F7C 0F85 AC000000 jnz 102A102E
102A0F82 83BD 7CFDFFFF 0>cmp dword ptr , 0
102A0F89 75 37 jnz short 102A0FC2
102A0F8B C785 7CFDFFFF 0>mov dword ptr , 1
102A0F95 837D 10 00 cmp dword ptr , 0
102A0F99 74 25 je short 102A0FC0
102A0F9B BF B8FB3210 mov edi, 1032FBB8 ; ASCII "Corporate"
102A0FA0 8B55 10 mov edx,
102A0FA3 83C9 FF or ecx, FFFFFFFF
102A0FA6 33C0 xor eax, eax
102A0FA8 F2:AE repne scas byte ptr es:
102A0FAA F7D1 not ecx
102A0FAC 2BF9 sub edi, ecx
102A0FAE 8BF7 mov esi, edi
102A0FB0 8BC1 mov eax, ecx
102A0FB2 8BFA mov edi, edx
102A0FB4 C1E9 02 shr ecx, 2
102A0FB7 F3:A5 rep movs dword ptr es:, dwo>
102A0FB9 8BC8 mov ecx, eax
102A0FBB 83E1 03 and ecx, 3
102A0FBE F3:A4 rep movs byte ptr es:, byte>
102A0FC0 EB 6A jmp short 102A102C
102A0FC2 83BD 7CFDFFFF 0>cmp dword ptr , 1
102A0FC9 74 09 je short 102A0FD4
102A0FCB 83BD 7CFDFFFF 0>cmp dword ptr , 0
102A0FD2 75 2D jnz short 102A1001
102A0FD4 837D 10 00 cmp dword ptr , 0
102A0FD8 74 25 je short 102A0FFF
102A0FDA BF B8FB3210 mov edi, 1032FBB8 ; ASCII "Corporate"
102A0FDF 8B55 10 mov edx,
102A0FE2 83C9 FF or ecx, FFFFFFFF
102A0FE5 33C0 xor eax, eax
102A0FE7 F2:AE repne scas byte ptr es:
102A0FE9 F7D1 not ecx
102A0FEB 2BF9 sub edi, ecx
102A0FED 8BF7 mov esi, edi
102A0FEF 8BC1 mov eax, ecx
102A0FF1 8BFA mov edi, edx
102A0FF3 C1E9 02 shr ecx, 2
102A0FF6 F3:A5 rep movs dword ptr es:, dwo>
102A0FF8 8BC8 mov ecx, eax
102A0FFA 83E1 03 and ecx, 3
102A0FFD F3:A4 rep movs byte ptr es:, byte>
102A0FFF EB 2B jmp short 102A102C
102A1001 837D 10 00 cmp dword ptr , 0
102A1005 74 25 je short 102A102C
102A1007 BF A0FB3210 mov edi, 1032FBA0 ; ASCII "Corporate Multiple PC"
102A100C 8B55 10 mov edx,
102A100F 83C9 FF or ecx, FFFFFFFF
102A1012 33C0 xor eax, eax
102A1014 F2:AE repne scas byte ptr es:
102A1016 F7D1 not ecx
102A1018 2BF9 sub edi, ecx
102A101A 8BF7 mov esi, edi
102A101C 8BC1 mov eax, ecx
102A101E 8BFA mov edi, edx
102A1020 C1E9 02 shr ecx, 2
102A1023 F3:A5 rep movs dword ptr es:, dwo>
102A1025 8BC8 mov ecx, eax
102A1027 83E1 03 and ecx, 3
102A102A F3:A4 rep movs byte ptr es:, byte>
102A102C EB 7A jmp short 102A10A8
102A102E 83BD 80FDFFFF 0>cmp dword ptr , 1
102A1035 75 6C jnz short 102A10A3
102A1037 83BD 7CFDFFFF 0>cmp dword ptr , 1
102A103E 74 09 je short 102A1049
102A1040 83BD 7CFDFFFF 0>cmp dword ptr , 0
102A1047 75 2D jnz short 102A1076
102A1049 837D 10 00 cmp dword ptr , 0
102A104D 74 25 je short 102A1074
102A104F BF B8FB3210 mov edi, 1032FBB8 ; ASCII "Corporate"
102A1054 8B55 10 mov edx,
102A1057 83C9 FF or ecx, FFFFFFFF
102A105A 33C0 xor eax, eax
102A105C F2:AE repne scas byte ptr es:
102A105E F7D1 not ecx
102A1060 2BF9 sub edi, ecx
102A1062 8BF7 mov esi, edi
102A1064 8BC1 mov eax, ecx
102A1066 8BFA mov edi, edx
102A1068 C1E9 02 shr ecx, 2
102A106B F3:A5 rep movs dword ptr es:, dwo>
102A106D 8BC8 mov ecx, eax
102A106F 83E1 03 and ecx, 3
102A1072 F3:A4 rep movs byte ptr es:, byte>
102A1074 EB 2B jmp short 102A10A1
102A1076 837D 10 00 cmp dword ptr , 0
102A107A 74 25 je short 102A10A1
102A107C BF A0FB3210 mov edi, 1032FBA0 ; ASCII "Corporate Multiple PC"
102A1081 8B55 10 mov edx,
102A1084 83C9 FF or ecx, FFFFFFFF
102A1087 33C0 xor eax, eax
102A1089 F2:AE repne scas byte ptr es:
102A108B F7D1 not ecx
102A108D 2BF9 sub edi, ecx
102A108F 8BF7 mov esi, edi
102A1091 8BC1 mov eax, ecx
102A1093 8BFA mov edi, edx
102A1095 C1E9 02 shr ecx, 2
102A1098 F3:A5 rep movs dword ptr es:, dwo>
102A109A 8BC8 mov ecx, eax
102A109C 83E1 03 and ecx, 3
102A109F F3:A4 rep movs byte ptr es:, byte>
102A10A1 EB 05 jmp short 102A10A8
102A10A3^ E9 2DFEFFFF jmp 102A0ED5
102A10A8 C685 60F9FFFF 0>mov byte ptr , 1
102A10AF 8B8D 68F9FFFF mov ecx,
102A10B5 898D 78FDFFFF mov , ecx
102A10BB 8B95 60F9FFFF mov edx,
102A10C1 81E2 FF000000 and edx, 0FF
102A10C7 85D2 test edx, edx
102A10C9 75 04 jnz short 102A10CF ; 第二处暴破掉 JNZ 修改为 JMP
102A10CB 33C0 xor eax, eax
102A10CD EB 67 jmp short 102A1136
102A10CF 837D 18 00 cmp dword ptr , 0
102A10D3 74 0B je short 102A10E0
102A10D5 8B45 18 mov eax,
102A10D8 8B8D 80FDFFFF mov ecx,
102A10DE 8908 mov , ecx
102A10E0 837D 14 00 cmp dword ptr , 0
102A10E4 74 4B je short 102A1131
102A10E6 81BD 7CFDFFFF F>cmp dword ptr , 0FFFF
102A10F0 75 27 jnz short 102A1119 ; JNE 修改为 JE
102A10F2 BF 94FB3210 mov edi, 1032FB94 ; ASCII "Unlimited"
102A10F7 8B55 14 mov edx,
102A10FA 83C9 FF or ecx, FFFFFFFF
102A10FD 33C0 xor eax, eax
102A10FF F2:AE repne scas byte ptr es:
102A1101 F7D1 not ecx
102A1103 2BF9 sub edi, ecx
102A1105 8BF7 mov esi, edi
102A1107 8BC1 mov eax, ecx
102A1109 8BFA mov edi, edx
102A110B C1E9 02 shr ecx, 2
102A110E F3:A5 rep movs dword ptr es:, dwo>
102A1110 8BC8 mov ecx, eax
102A1112 83E1 03 and ecx, 3
102A1115 F3:A4 rep movs byte ptr es:, byte>
102A1117 EB 18 jmp short 102A1131
102A1119 8B8D 7CFDFFFF mov ecx,
102A111F 51 push ecx
102A1120 68 48F33010 push 1030F348 ; ASCII "%d"
102A1125 8B55 14 mov edx,
102A1128 52 push edx
102A1129 E8 F8480000 call <jmp.&MSVCRT.sprintf>
102A112E 83C4 0C add esp, 0C
102A1131 B8 01000000 mov eax, 1
102A1136 5F pop edi
102A1137 5E pop esi
102A1138 8BE5 mov esp, ebp
102A113A 5D pop ebp
102A113B C3 retn 哪位兄弟发现注册信息保存到哪了 告诉我一声 :lol:
算法部分略过~~ 注册文件1M 等有时间了 我传一下好了 呵呵 严重支持。。。。。看看还能吸收到什么更多更全的新知识! 注册信息保存在这里
HKEY_LOCAL_MACHINE\SOFTWARE\R-TT\R-Wipe&Clean\00000513
如果暴破的话 需要修改的地方还有几个 大家在调试的时候注意下哦 ;P 辛苦了..分析的不错...偶也学习下... 太强了,不顶不行啊 学习!这可能是CRC32。 向前辈学习。
页:
[1]