MouseStar 鼠标增强简单分析
MouseStar 鼠标增强工具3.55汉化版BY:笑看红尘 kiss-you(好兄弟哈 :24ab: )软件下载:
龙族下载:http://www.chinadforce.com/viewthread.php?tid=709442&extra=page%3D1%26amp%3Bfilter%3D0%26amp%3Borderby%3Ddateline
飘云阁下载:https://www.chinapyg.com/viewthread.php?tid=14814&extra=page%3D1
使你的2D鼠标具有3D鼠标的功能
看到这则介绍,故下载一窥. Borland Delphi 4.0 - 5.0所写, 兄弟以后发布作品要加壳哦~
好久没用过DeDe了, 今日拿来一练.
DeDe载入,找该注册按键地址,如图: 00491BF4 55push ebp // 在此下断
http://www.chinadforce.com/attachments/day_070424/02_tQWPAbOrzcqn.gif
00491BF4/.55 push ebp
00491BF5|.8BEC mov ebp, esp
00491BF7|.33C9 xor ecx, ecx
00491BF9|.51 push ecx
00491BFA|.51 push ecx
00491BFB|.51 push ecx
00491BFC|.51 push ecx
00491BFD|.51 push ecx
00491BFE|.51 push ecx
00491BFF|.53 push ebx
00491C00|.56 push esi
00491C01|.8BD8 mov ebx, eax
00491C03|.33C0 xor eax, eax
00491C05|.55 push ebp
00491C06|.68 301D4900 push 00491D30
00491C0B|.64:FF30 push dword ptr fs:
00491C0E|.64:8920 mov dword ptr fs:, esp
00491C11|.8D55 F4 lea edx, dword ptr
00491C14|.8B83 FC020000 mov eax, dword ptr
00491C1A|.E8 05A0F9FF call 0042BC24 ;取用户名的位数
00491C1F|.8B45 F4 mov eax, dword ptr
00491C22|.8D55 F8 lea edx, dword ptr
00491C25|.E8 2E64F7FF call 00408058
00491C2A|.8D4D FC lea ecx, dword ptr
00491C2D|.A1 98BB4900 mov eax, dword ptr
00491C32|.8B00 mov eax, dword ptr
00491C34|.8B55 F8 mov edx, dword ptr
00491C37|.E8 64560000 call 004972A0 ;软件算法CALL 跟进可知
00491C3C|.8D55 EC lea edx, dword ptr
00491C3F|.8B83 00030000 mov eax, dword ptr
00491C45|.E8 DA9FF9FF call 0042BC24 ;取注册码的位数
00491C4A|.8B45 EC mov eax, dword ptr
00491C4D|.8D55 F0 lea edx, dword ptr
00491C50|.E8 0364F7FF call 00408058
00491C55|.8B45 F0 mov eax, dword ptr
00491C58|.8B55 FC mov edx, dword ptr
00491C5B|.E8 4C22F7FF call 00403EAC ;真假码比较 EDX=c047ae66
00491C60|.0F85 8F000000 jnz 00491CF5
00491C66|.A1 98BB4900 mov eax, dword ptr
00491C6B|.8B00 mov eax, dword ptr
00491C6D|.C680 E4040000>mov byte ptr , 1
00491C74|.A1 98BB4900 mov eax, dword ptr
00491C79|.8B00 mov eax, dword ptr
00491C7B|.05 EC040000 add eax, 4EC
00491C80|.8B55 F8 mov edx, dword ptr
00491C83|.E8 E81EF7FF call 00403B70
00491C88|.B2 01 mov dl, 1
00491C8A|.A1 68ED4400 mov eax, dword ptr
00491C8F|.E8 40D2FBFF call 0044EED4
00491C94|.8BF0 mov esi, eax
00491C96|.BA 01000080 mov edx, 80000001
00491C9B|.8BC6 mov eax, esi
00491C9D|.E8 0ED3FBFF call 0044EFB0
00491CA2|.B1 01 mov cl, 1
00491CA4|.BA 481D4900 mov edx, 00491D48 ;ASCII "\Software\MouseStar 3.0"
00491CA9|.8BC6 mov eax, esi
00491CAB|.E8 68D3FBFF call 0044F018
00491CB0|.84C0 test al, al
00491CB2|.74 29 je short 00491CDD
00491CB4|.8B4D FC mov ecx, dword ptr
00491CB7|.BA 681D4900 mov edx, 00491D68 ;ASCII "enversion"
00491CBC|.8BC6 mov eax, esi
00491CBE|.E8 11D5FBFF call 0044F1D4
00491CC3|.8D55 E8 lea edx, dword ptr
00491CC6|.8B45 F8 mov eax, dword ptr
00491CC9|.E8 8A63F7FF call 00408058
00491CCE|.8B4D E8 mov ecx, dword ptr
00491CD1|.BA 7C1D4900 mov edx, 00491D7C ;ASCII "yonghu"
00491CD6|.8BC6 mov eax, esi
00491CD8|.E8 F7D4FBFF call 0044F1D4
00491CDD|>8BC6 mov eax, esi
00491CDF|.E8 2C11F7FF call 00402E10
00491CE4|.B8 8C1D4900 mov eax, 00491D8C
00491CE9|.E8 A6BFFBFF call 0044DC94
00491CEE|.8BC3 mov eax, ebx
00491CF0|.E8 3B50FBFF call 00446D30
00491CF5|>33C0 xor eax, eax
跟进软件算法CALL
004972A0/$55 push ebp
004972A1|.8BEC mov ebp, esp
004972A3|.6A 00 push 0
004972A5|.6A 00 push 0
004972A7|.6A 00 push 0
004972A9|.6A 00 push 0
004972AB|.6A 00 push 0
004972AD|.6A 00 push 0
004972AF|.6A 00 push 0
004972B1|.53 push ebx
004972B2|.8BD9 mov ebx, ecx
004972B4|.8955 FC mov dword ptr , edx
004972B7|.8B45 FC mov eax, dword ptr
004972BA|.E8 91CCF6FF call 00403F50
004972BF|.33C0 xor eax, eax
004972C1|.55 push ebp
004972C2|.68 48734900 push 00497348
004972C7|.64:FF30 push dword ptr fs:
004972CA|.64:8920 mov dword ptr fs:, esp
004972CD|.8D55 E4 lea edx, dword ptr
004972D0|.8B45 FC mov eax, dword ptr
004972D3|.E8 800DF7FF call 00408058
004972D8|.8B45 E4 mov eax, dword ptr
004972DB|.8D55 E8 lea edx, dword ptr
004972DE|.E8 650BF7FF call 00407E48 ;这里将用户名转化为大写
004972E3|.8B55 E8 mov edx, dword ptr
004972E6|.8D45 F8 lea eax, dword ptr
004972E9|.B9 5C734900 mov ecx, 0049735C ;ASCII "DELPHI2005"
004972EE|.E8 F5CAF6FF call 00403DE8
004972F3|.8D45 F4 lea eax, dword ptr
004972F6|.BA 70734900 mov edx, 00497370 ;ASCII "MagicUtils2005"
004972FB|.E8 B4C8F6FF call 00403BB4
00497300|.8D45 F0 lea eax, dword ptr
00497303|.BA 88734900 mov edx, 00497388 ;ASCII "zhiyuan"
00497308|.E8 A7C8F6FF call 00403BB4
0049730D|.8D45 EC lea eax, dword ptr
00497310|.BA 98734900 mov edx, 00497398 ;ASCII "3.55"
00497315|.E8 9AC8F6FF call 00403BB4
0049731A|.8B45 EC mov eax, dword ptr
0049731D|.50 push eax
0049731E|.53 push ebx
0049731F|.8B4D F0 mov ecx, dword ptr
00497322|.8B55 F4 mov edx, dword ptr
00497325|.8B45 F8 mov eax, dword ptr
00497328|.E8 1F8EFFFF call 0049014C ;软件核心算法CALL
0049732D|.33C0 xor eax, eax
0049732F|.5A pop edx
00497330|.59 pop ecx
00497331|.59 pop ecx
00497332|.64:8910 mov dword ptr fs:, edx
00497335|.68 4F734900 push 0049734F
0049733A|>8D45 E4 lea eax, dword ptr
0049733D|.BA 07000000 mov edx, 7
00497342|.E8 F9C7F6FF call 00403B40
00497347\.C3 retn
跟进软件核心算法CALL
0049014C/$55 push ebp
0049014D|.8BEC mov ebp, esp
0049014F|.83C4 EC add esp, -14
00490152|.53 push ebx
00490153|.33DB xor ebx, ebx
00490155|.895D EC mov dword ptr , ebx
00490158|.895D F0 mov dword ptr , ebx
0049015B|.894D F4 mov dword ptr , ecx
0049015E|.8955 F8 mov dword ptr , edx
00490161|.8945 FC mov dword ptr , eax
00490164|.8B45 FC mov eax, dword ptr
00490167|.E8 E43DF7FF call 00403F50
0049016C|.8B45 F8 mov eax, dword ptr
0049016F|.E8 DC3DF7FF call 00403F50
00490174|.8B45 F4 mov eax, dword ptr
00490177|.E8 D43DF7FF call 00403F50
0049017C|.8B45 0C mov eax, dword ptr
0049017F|.E8 CC3DF7FF call 00403F50
00490184|.33C0 xor eax, eax
00490186|.55 push ebp
00490187|.68 F2014900 push 004901F2
0049018C|.64:FF30 push dword ptr fs:
0049018F|.64:8920 mov dword ptr fs:, esp
00490192|.FF75 FC push dword ptr
00490195|.FF75 F8 push dword ptr
00490198|.FF75 F4 push dword ptr
0049019B|.FF75 0C push dword ptr
0049019E|.8B45 0C mov eax, dword ptr
004901A1|.50 push eax
004901A2|.8D45 EC lea eax, dword ptr
004901A5|.50 push eax
004901A6|.8B4D F4 mov ecx, dword ptr
004901A9|.8B55 F8 mov edx, dword ptr
004901AC|.8B45 FC mov eax, dword ptr
004901AF|.E8 80FDFFFF call 0048FF34 ;关键算法CALL1
004901B4|.FF75 EC push dword ptr
004901B7|.8D45 F0 lea eax, dword ptr
004901BA|.BA 05000000 mov edx, 5
004901BF|.E8 983CF7FF call 00403E5C ;关键算法CALL2
004901C4|.8B55 08 mov edx, dword ptr
004901C7|.8B45 F0 mov eax, dword ptr
004901CA|.E8 31000000 call 00490200 ;关键算法CALL3 计算出KEY
004901CF|.33C0 xor eax, eax
004901D1|.5A pop edx
004901D2|.59 pop ecx
004901D3|.59 pop ecx
004901D4|.64:8910 mov dword ptr fs:, edx
004901D7|.68 F9014900 push 004901F9
004901DC|>8D45 EC lea eax, dword ptr
004901DF|.BA 05000000 mov edx, 5
004901E4|.E8 5739F7FF call 00403B40
004901E9|.8D45 0C lea eax, dword ptr
004901EC|.E8 2B39F7FF call 00403B1C
004901F1\.C3 retn
Call1和Call2是将几个字符串拼接,Call3为运算部分:
00490200/$55 push ebp
00490201|.8BEC mov ebp, esp
00490203|.83C4 F4 add esp, -0C
00490206|.53 push ebx
00490207|.56 push esi
00490208|.33C9 xor ecx, ecx
0049020A|.894D F4 mov dword ptr , ecx
0049020D|.8955 F8 mov dword ptr , edx
00490210|.8945 FC mov dword ptr , eax
00490213|.8B45 FC mov eax, dword ptr
00490216|.E8 353DF7FF call 00403F50
0049021B|.33C0 xor eax, eax
0049021D|.55 push ebp
0049021E|.68 9F024900 push 0049029F
00490223|.64:FF30 push dword ptr fs:
00490226|.64:8920 mov dword ptr fs:, esp
00490229|.33DB xor ebx, ebx
0049022B|.8B45 FC mov eax, dword ptr
0049022E|.E8 693BF7FF call 00403D9C
00490233|.85C0 test eax, eax
00490235|.7E 2C jle short 00490263
00490237|.BE 01000000 mov esi, 1
0049023C|>8B55 FC /mov edx, dword ptr
0049023F|.8A5432 FF |mov dl, byte ptr
00490243|.32D3 |xor dl, bl
00490245|.81E2 FF000000 |and edx, 0FF
0049024B|.8B1495 74B649>|mov edx, dword ptr
00490252|.C1EB 08 |shr ebx, 8
00490255|.81E3 FFFFFF00 |and ebx, 0FFFFFF
0049025B|.33D3 |xor edx, ebx
0049025D|.8BDA |mov ebx, edx
0049025F|.46 |inc esi
00490260|.48 |dec eax
00490261|.^ 75 D9 \jnz short 0049023C
00490263|>8BC3 mov eax, ebx
00490265|.33D2 xor edx, edx
00490267|.52 push edx ; /Arg2 => 00000000
00490268|.50 push eax ; |Arg1
00490269|.8D55 F4 lea edx, dword ptr ; |
0049026C|.B8 08000000 mov eax, 8 ; |
00490271|.E8 C67EF7FF call 0040813C ; \MouseSta.0040813C
00490276|.8B45 F4 mov eax, dword ptr ;上方算法计算出KEY
00490279|.8B55 F8 mov edx, dword ptr
0049027C|.E8 037CF7FF call 00407E84
00490281|.33C0 xor eax, eax
00490283|.5A pop edx
00490284|.59 pop ecx
00490285|.59 pop ecx
00490286|.64:8910 mov dword ptr fs:, edx
00490289|.68 A6024900 push 004902A6
0049028E|>8D45 F4 lea eax, dword ptr
00490291|.E8 8638F7FF call 00403B1C
00490296|.8D45 FC lea eax, dword ptr
00490299|.E8 7E38F7FF call 00403B1C
0049029E\.C3 retn
注册成功后,在注册表新建“yonghu”的这样一个子项目,并写入正确注册信息。(晕哈)
注册信息保存在这里:HKEY_USERS\S-1-5-21-746137067-484061587-682003330-500\Software\MouseStar 3.0
算法部分只是跟出,有时间再细细研究.软件适合新手练习,有兴趣的朋友试下算法.
http://www.chinadforce.com/attachments/day_070424/01_yOojbwyDZdah.gif 等有时间了 详细看一下算法后再移动到算法那吧 这几天估计是没时间了`~~ 太菜了 目前 是 一点也看不明白了 那个crc表有点变化,写注册机的时候最好把它从程序里直接导出来:lol: 很不错的破文!支持! 谢谢Nisy 版主发教程,学习中~! 学习这个教程了,虽然不太理解,但会继续学习
页:
[1]