Windows 历史记录清理助手 2.0注册算法分析
【破文标题】Windows 历史记录清理助手 2.0注册算法分析【破文作者】HBQJXHW
【破解工具】OD
【破解平台】WIN2000-SP4
【软件名称】Windows 历史记录清理助手 2.0
【软件大小】391k
【原版下载】http://www.pcsoft.com.cn/Soft/Soft_3618.htm
【保护方式】SN
【软件简介】你是否曾经有过上网的的记录被人查看的经历,是否有过电脑操记录被人偷窥的体验,是否曾经为电脑里一些没用的文件占用磁盘空间而苦恼过? 现在Windows 历史记录清理助手可以帮你解决这些问题. 本软件具有以下的特点: 1.先扫描后清理,让你自己可以选择要清理掉的文件,让你对你清理掉的文件看的明明白白. 2.你可以选择对系统记录文件的清理,还可以选择针对磁盘,选择自己定义要扫描的文件类型,清理掉你想清除的文件.
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享
【破解过程】
------------------------------------------------------------------------
Peid 0.93查壳,无壳(Microsoft Visual C++ 6.0)
运行,输入注册码,有错误提示.
OllyDbg载入,来到:
00413F7C >/$55 PUSH EBP ;(初始 cpu 选择)
00413F7D|.8BEC MOV EBP,ESP
00413F7F|.6A FF PUSH -1
00413F81|.68 40654300 PUSH Windows_.00436540
00413F86|.68 AC834100 PUSH Windows_.004183AC ;SE 处理程序安装
右键-->Ultra字符串参考-->查找ASCII-->Ctrl+F-->输入"注册号无效"-->双击来到:0040890C处!
00408890 .6A FF PUSH -1
00408892 .68 18004300 PUSH Windows_.00430018 ;SE 处理程序安装
00408897 .64:A1 0000000>MOV EAX,DWORD PTR FS:
0040889D .50 PUSH EAX
0040889E .64:8925 00000>MOV DWORD PTR FS:,ESP
004088A5 .83EC 08 SUB ESP,8
004088A8 .56 PUSH ESI
004088A9 .8BF1 MOV ESI,ECX
004088AB .6A 01 PUSH 1
004088AD .E8 2BD50100 CALL Windows_.00425DDD
004088B2 .A1 5CFD4300 MOV EAX,DWORD PTR DS:
004088B7 .894424 04 MOV DWORD PTR SS:,EAX
004088BB .8D8E 1C010000 LEA ECX,DWORD PTR DS:
004088C1 .C74424 14 000>MOV DWORD PTR SS:,0
004088C9 .51 PUSH ECX
004088CA .8D4C24 08 LEA ECX,DWORD PTR SS:
004088CE .E8 0DEA0100 CALL Windows_.004272E0
004088D3 .51 PUSH ECX
004088D4 .8D5424 08 LEA EDX,DWORD PTR SS:
004088D8 .8BCC MOV ECX,ESP
004088DA .896424 0C MOV DWORD PTR SS:,ESP
004088DE .52 PUSH EDX
004088DF .E8 38E60100 CALL Windows_.00426F1C
004088E4 .E8 77FEFFFF CALL Windows_.00408760 ;重要算法CALL进入
004088E9 .83C4 04 ADD ESP,4
004088EC .85C0 TEST EAX,EAX
004088EE .6A 00 PUSH 0
004088F0 .68 1CF54300 PUSH Windows_.0043F51C ;ngnsss
004088F5 .74 15 JE SHORT Windows_.0040890C
004088F7 .68 24F54300 PUSH Windows_.0043F524 ;注册成功
004088FC .8BCE MOV ECX,ESI
004088FE .E8 7ECD0100 CALL Windows_.00425681
00408903 .8BCE MOV ECX,ESI
00408905 .E8 8BB10100 CALL Windows_.00423A95
0040890A .EB 0C JMP SHORT Windows_.00408918
0040890C >68 10F54300 PUSH Windows_.0043F510 ;注册号无效
00408911 .8BCE MOV ECX,ESI
00408913 .E8 69CD0100 CALL Windows_.00425681
00408918 >8D4C24 04 LEA ECX,DWORD PTR SS:
0040891C .C74424 14 FFF>MOV DWORD PTR SS:,-1
00408924 .E8 7EE80100 CALL Windows_.004271A7
00408929 .8B4C24 0C MOV ECX,DWORD PTR SS:
0040892D .5E POP ESI
0040892E .64:890D 00000>MOV DWORD PTR FS:,ECX
00408935 .83C4 14 ADD ESP,14
00408938 .C3 RETN
------------------CALL Windows_.00408760------------------------ ;这里要重复调用二次
00408760/$6A FF PUSH -1
00408762|.68 F8FF4200 PUSH Windows_.0042FFF8 ;SE 处理程序安装
00408767|.64:A1 0000000>MOV EAX,DWORD PTR FS:
0040876D|.50 PUSH EAX
0040876E|.64:8925 00000>MOV DWORD PTR FS:,ESP
00408775|.83EC 18 SUB ESP,18
00408778|.53 PUSH EBX
00408779|.8B4C24 2C MOV ECX,DWORD PTR SS: ;注册码给ECX
0040877D|.33C0 XOR EAX,EAX
0040877F|.894424 05 MOV DWORD PTR SS:,EAX
00408783|.33DB XOR EBX,EBX
00408785|.66:894424 09MOV WORD PTR SS:,AX
0040878A|.895C24 24 MOV DWORD PTR SS:,EBX
0040878E|.884424 0B MOV BYTE PTR SS:,AL
00408792|.8B41 F8 MOV EAX,DWORD PTR DS: ;注册码位数给EAX
00408795|.83F8 10 CMP EAX,10 ;注册码位数是否为16位数
00408798|.885C24 04 MOV BYTE PTR SS:,BL
0040879C|.0F8C C0000000 JL Windows_.00408862
004087A2|.56 PUSH ESI
004087A3|.68 04010000 PUSH 104
004087A8|.8D4C24 34 LEA ECX,DWORD PTR SS:
004087AC|.E8 D8EC0100 CALL Windows_.00427489
004087B1|.8B10 MOV EDX,DWORD PTR DS:
004087B3|.33F6 XOR ESI,ESI
004087B5|.895424 10 MOV DWORD PTR SS:,EDX
004087B9|.8B48 04 MOV ECX,DWORD PTR DS:
004087BC|.894C24 14 MOV DWORD PTR SS:,ECX
004087C0|.8B50 08 MOV EDX,DWORD PTR DS:
004087C3|.895424 18 MOV DWORD PTR SS:,EDX
004087C7|.8B40 0C MOV EAX,DWORD PTR DS:
004087CA|.894424 1C MOV DWORD PTR SS:,EAX
004087CE|>8A4C34 10 /MOV CL,BYTE PTR SS:
004087D2|.51 |PUSH ECX
004087D3|.E8 68FFFFFF |CALL Windows_.00408740
004087D8|.83C4 04 |ADD ESP,4
004087DB|.884434 10 |MOV BYTE PTR SS:,AL
004087DF|.46 |INC ESI
004087E0|.83FE 10 |CMP ESI,10
004087E3|.^ 7C E9 \JL SHORT Windows_.004087CE
004087E5|.33C0 XOR EAX,EAX
004087E7|.8D4C24 10 LEA ECX,DWORD PTR SS:
004087EB|.5E POP ESI
004087EC|>8A51 01 /MOV DL,BYTE PTR DS:
004087EF|.8A19 |MOV BL,BYTE PTR DS:
004087F1|.C0E2 04 |SHL DL,4
004087F4|.02D3 |ADD DL,BL
004087F6|.83C1 02 |ADD ECX,2
004087F9|.885404 04 |MOV BYTE PTR SS:,DL
004087FD|.40 |INC EAX
004087FE|.83F8 08 |CMP EAX,8
00408801|.^ 7C E9 \JL SHORT Windows_.004087EC
(上面是把注册码每2位数交换例如:1234567890123456交换后的结果为2143658709214365)
00408803|.8A4424 07 MOV AL,BYTE PTR SS:
00408807|.8A5C24 04 MOV BL,BYTE PTR SS:
0040880B|.8A4C24 0B MOV CL,BYTE PTR SS:
0040880F|.8A5424 05 MOV DL,BYTE PTR SS:
00408813|.32C3 XOR AL,BL 异或运算
00408815|.8A5C24 06 MOV BL,BYTE PTR SS:
00408819|.32CA XOR CL,DL 异或运算
0040881B|.8A5424 09 MOV DL,BYTE PTR SS:
0040881F|.32D3 XOR DL,BL 异或运算
00408821|.8A5C24 08 MOV BL,BYTE PTR SS:
00408825|.325C24 0A XOR BL,BYTE PTR SS: 异或运算
00408829|.3C 39 CMP AL,39 ;比较AL是否等于0x39
0040882B 75 35 JNZ SHORT Windows_.00408862 ;爆破口
0040882D|.80F9 6F CMP CL,6F ;比较CL是否等于0x6F
00408830 75 30 JNZ SHORT Windows_.00408862 ;爆破口
00408832|.80FA 4F CMP DL,4F ;比较DL是否等于0x4F
00408835 75 2B JNZ SHORT Windows_.00408862 ;爆破口
00408837|.80FB 1B CMP BL,1B ;比较BL是否等于0x1B
0040883A 75 26 JNZ SHORT Windows_.00408862
0040883C|.8D4C24 2C LEA ECX,DWORD PTR SS:
00408840|.C74424 24 FFF>MOV DWORD PTR SS:,-1
00408848|.E8 5AE90100 CALL Windows_.004271A7
0040884D|.B8 01000000 MOV EAX,1
00408852|.5B POP EBX
00408853|.8B4C24 18 MOV ECX,DWORD PTR SS:
00408857|.64:890D 00000>MOV DWORD PTR FS:,ECX
0040885E|.83C4 24 ADD ESP,24
00408861|.C3 RETN
00408862|>8D4C24 2C LEA ECX,DWORD PTR SS:
00408866|.C74424 24 FFF>MOV DWORD PTR SS:,-1
0040886E|.E8 34E90100 CALL Windows_.004271A7
00408873|.8B4C24 1C MOV ECX,DWORD PTR SS:
00408877|.33C0 XOR EAX,EAX
00408879|.5B POP EBX
0040887A|.64:890D 00000>MOV DWORD PTR FS:,ECX
00408881|.83C4 24 ADD ESP,24
00408884\.C3 RETN
---------------------------------------------------------
C程序为:(太冗长,请不要见笑,如有更好的还请教了)
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include <ctype.h>
int main(void)
{int num;
static int str;
int i;
int a,b,c,d;
time_t t;
srand((unsigned) time(&t));
for(i=0; i<4; i++)
num=rand() % 0x100;
a=0x39^num;
b=0x6f^num;
c=0x4f^num;
d=0x1b^num;
str=num%0x10;
str=num/0x10;
str=num%0x10;
str=num/0x10;
str=num%0x10;
str=num/0x10;
str=a%0x10;
str=a/0x10;
str=num%0x10;
str=num/0x10;
str=c%0x10;
str=c/0x10;
str=d%0x10;
str=d/0x10;
str=b%0x10;
str=b/0x10;
printf("\n\n UPPER [ ");
for (i=0;i<16;i++)
printf("%x",str);
printf(" ]");
getch();
return 0;
}
注:输入注册码时字母请输入大写字母。
注册信息保存在注册表中:
"diskcleaner"="1234567890123456"
------------------------------------------------------------------------
【版权声明】本文纯属技术交流, 转载请注明作者信息并保持文章的完整, 谢谢! 嘿嘿!!~
偶的更烂的代码:
不要扔我臭鸡蛋!!!
用VB实现
Private Sub LGiveMe_Click()
'==================================================
'此事件即为注册算号用。
'其中Text_Yname为输入机器码或用户名用文本框
'Text_KeyCode为注册码输出框,其Locked属性为真,运行时只读!
'==================================================
Dim SouStr As String * 16, sn As String
Dim i As Integer, al1 As String, al2 As String, bl1 As String, bl2 As String
Dim cl1 As String, cl2 As String, dl1 As String, dl2 As String
Dim count(8) As Integer, tmpCnt As Integer
Dim tmpSn(16) As String, tmpSn1 As String * 2
Randomize Timer
SouStr = "1234567890ABCDEF"
For i = 1 To 16
tmpSn(i) = Mid(SouStr, Int(16 * Rnd() + 1), 1)
Next
Debug.Print tmpSn(16)
Debug.Print toVal(tmpSn(16), "F")
tmpSn1 = Format(Hex(toVal(tmpSn(8), tmpSn(7)) Xor 57), "00")
tmpSn(2) = Left(tmpSn1, 1)
tmpSn(1) = Right(tmpSn1, 1)
tmpSn1 = Format(Hex(toVal(tmpSn(16), tmpSn(15)) Xor 111), "00")
tmpSn(4) = Left(tmpSn1, 1)
tmpSn(3) = Right(tmpSn1, 1)
tmpSn1 = Format(Hex(toVal(tmpSn(6), tmpSn(5)) Xor 79), "00")
tmpSn(12) = Left(tmpSn1, 1)
tmpSn(11) = Right(tmpSn1, 1)
tmpSn1 = Format(Hex(toVal(tmpSn(14), tmpSn(13)) Xor 27), "00")
tmpSn(10) = Left(tmpSn1, 1)
tmpSn(9) = Right(tmpSn1, 1)
For i = 1 To 16
sn = sn & tmpSn(i)
Next
Text_KeyCode.Text = Trim(sn)
End Sub
Function toVal(mm1 As String, mm2 As String)
Dim s1, s2
If Asc(mm1) >= 48 And Asc(mm1) <= 57 Then
s1 = Val(mm1)
Else
Select Case mm1
Case "A"
s1 = 10
Case "B"
s1 = 11
Case "C"
s1 = 12
Case "D"
s1 = 13
Case "E"
s1 = 14
Case "F"
s1 = 15
End Select
End If
If Asc(mm2) >= 48 And Asc(mm2) <= 57 Then
s2 = Val(mm2)
Else
Select Case mm2
Case "A"
s2 = 10
Case "B"
s2 = 11
Case "C"
s2 = 12
Case "D"
s2 = 13
Case "E"
s2 = 14
Case "F"
s2 = 15
End Select
End If
toVal = s1 * 16 + s2
End Function
两位的KEYGEN代码真是太棒了!学习! 都是牛人啊```严重学习中!
页:
[1]