想写一个算法注册机,但是分析不出来算法!!请高人给下思路!
OD调试时关键代码如下:006CDB8C/$55 PUSH EBP ;机器码
006CDB8D|.8BEC MOV EBP,ESP==>ESP中值送入EBP
006CDB8F|.51 PUSH ECX
006CDB90|.B9 04000000 MOV ECX,4 ==>4中值送入Ecx
006CDB95|>6A 00 /PUSH 0
006CDB97|.6A 00 |PUSH 0
006CDB99|.49 |DEC ECX ==>ECX减1
006CDB9A|.^ 75 F9 \JNZ SHORT JXCRM.006CDB95
//运算完ecx中值0
006CDB9C|.51 PUSH ECX ==>ECX值为0
006CDB9D|.874D FC XCHG DWORD PTR SS:,ECX ==>数据交换指令 XCHG
006CDBA0|.53 PUSH EBX
006CDBA1|.56 PUSH ESI
006CDBA2|.57 PUSH EDI
006CDBA3|.8BF9 MOV EDI,ECX
006CDBA5|.8955 FC MOV DWORD PTR SS:,EDX
006CDBA8|.8B45 FC MOV EAX,DWORD PTR SS:
006CDBAB|.E8 CC74D3FF CALL JXCRM.0040507C
006CDBB0|.33C0 XOR EAX,EAX ==>逻辑异或运算指令 XOR 相异为真,相同为假
006CDBB2|.55 PUSH EBP
006CDBB3|.68 4DDD6C00 PUSH JXCRM.006CDD4D
006CDBB8|.64:FF30 PUSH DWORD PTR FS:
006CDBBB|.64:8920 MOV DWORD PTR FS:,ESP
006CDBBE|.8BC7 MOV EAX,EDI
006CDBC0|.E8 F76FD3FF CALL JXCRM.00404BBC
006CDBC5|.8B45 FC MOV EAX,DWORD PTR SS: ;机器码
006CDBC8|.E8 BF72D3FF CALL JXCRM.00404E8C
006CDBCD|.8BF0 MOV ESI,EAX
006CDBCF|.85F6 TEST ESI,ESI==>对两个操作数进行按位的'与'运算唯一不同之处是不将'与'的结----果送目的操作数,即本指令对两个操作数 的内容均不进行修改,仅是在逻辑与操作后,对标志位重新置位.
006CDBD1|.7E 26 JLE SHORT JXCRM.006CDBF9==>条件转移指令JLE/JNG小于等于/不大于时转移
006CDBD3|.BB 01000000 MOV EBX,1
006CDBD8|>8D4D EC /LEA ECX,DWORD PTR SS: ;循环==>有效地址传送指令 LEA
006CDBDB|.8B45 FC |MOV EAX,DWORD PTR SS:
006CDBDE|.0FB64418 FF |MOVZX EAX,BYTE PTR DS:
006CDBE3|.33D2 |XOR EDX,EDX
006CDBE5|.E8 9AC8D3FF |CALL JXCRM.0040A484
006CDBEA|.8B55 EC |MOV EDX,DWORD PTR SS:
006CDBED|.8D45 F8 |LEA EAX,DWORD PTR SS:
006CDBF0|.E8 9F72D3FF |CALL JXCRM.00404E94
006CDBF5|.43 |INC EBX==> 加1指令 INC
006CDBF6|.4E |DEC ESI==>减一指令 DEC
006CDBF7|.^ 75 DF \JNZ SHORT JXCRM.006CDBD8
006CDBF9|>8B45 F8 MOV EAX,DWORD PTR SS: ;出现一串数字354A565753564750
006CDBFC|.E8 8B72D3FF CALL JXCRM.00404E8C
006CDC01|.8BF0 MOV ESI,EAX
006CDC03|.85F6 TEST ESI,ESI
006CDC05|.7E 2C JLE SHORT JXCRM.006CDC33
006CDC07|.BB 01000000 MOV EBX,1
006CDC0C|>8B45 F8 /MOV EAX,DWORD PTR SS: ;出现一串数字354A565753564750
006CDC0F|.E8 7872D3FF |CALL JXCRM.00404E8C
006CDC14|.2BC3 |SUB EAX,EBX
006CDC16|.8B55 F8 |MOV EDX,DWORD PTR SS:
006CDC19|.8A1402 |MOV DL,BYTE PTR DS:
006CDC1C|.8D45 E8 |LEA EAX,DWORD PTR SS:
006CDC1F|.E8 8071D3FF |CALL JXCRM.00404DA4
006CDC24|.8B55 E8 |MOV EDX,DWORD PTR SS:
006CDC27|.8D45 F4 |LEA EAX,DWORD PTR SS:
006CDC2A|.E8 6572D3FF |CALL JXCRM.00404E94
006CDC2F|.43 |INC EBX
006CDC30|.4E |DEC ESI
006CDC31|.^ 75 D9 \JNZ SHORT JXCRM.006CDC0C
006CDC33|>8D45 F8 LEA EAX,DWORD PTR SS:
006CDC36|.50 PUSH EAX
006CDC37|.B9 04000000 MOV ECX,4
006CDC3C|.BA 01000000 MOV EDX,1
006CDC41|.8B45 F4 MOV EAX,DWORD PTR SS: ;出现一串数字057465357565A453
006CDC44|.E8 A374D3FF CALL JXCRM.004050EC
006CDC49|.8D45 F4 LEA EAX,DWORD PTR SS:
006CDC4C|.50 PUSH EAX
006CDC4D|.B9 04000000 MOV ECX,4
006CDC52|.BA 05000000 MOV EDX,5
006CDC57|.8B45 F4 MOV EAX,DWORD PTR SS: ;出现一串数字057465357565A453
006CDC5A|.E8 8D74D3FF CALL JXCRM.004050EC
006CDC5F|.8B45 F8 MOV EAX,DWORD PTR SS: ;出现0574
006CDC62|.E8 2572D3FF CALL JXCRM.00404E8C
006CDC67|.83F8 04 CMP EAX,4
006CDC6A|.7D 2F JGE SHORT JXCRM.006CDC9B
006CDC6C|.8B45 F8 MOV EAX,DWORD PTR SS:
006CDC6F|.E8 1872D3FF CALL JXCRM.00404E8C
006CDC74|.8BD8 MOV EBX,EAX
006CDC76|.83FB 03 CMP EBX,3
006CDC79|.7F 20 JG SHORT JXCRM.006CDC9B
006CDC7B|>8D4D E4 /LEA ECX,DWORD PTR SS:
006CDC7E|.8BC3 |MOV EAX,EBX
006CDC80|.C1E0 02 |SHL EAX,2
006CDC83|.33D2 |XOR EDX,EDX
006CDC85|.E8 FAC7D3FF |CALL JXCRM.0040A484
006CDC8A|.8B55 E4 |MOV EDX,DWORD PTR SS:
006CDC8D|.8D45 F8 |LEA EAX,DWORD PTR SS:
006CDC90|.E8 FF71D3FF |CALL JXCRM.00404E94
006CDC95|.43 |INC EBX
006CDC96|.83FB 04 |CMP EBX,4
006CDC99|.^ 75 E0 \JNZ SHORT JXCRM.006CDC7B
006CDC9B|>8B45 F4 MOV EAX,DWORD PTR SS:
006CDC9E|.E8 E971D3FF CALL JXCRM.00404E8C ;EAX中出现6535
006CDCA3|.83F8 04 CMP EAX,4
006CDCA6|.7D 2F JGE SHORT JXCRM.006CDCD7
006CDCA8|.8B45 F4 MOV EAX,DWORD PTR SS:
006CDCAB|.E8 DC71D3FF CALL JXCRM.00404E8C
006CDCB0|.8BD8 MOV EBX,EAX
006CDCB2|.83FB 03 CMP EBX,3
006CDCB5|.7F 20 JG SHORT JXCRM.006CDCD7
006CDCB7|>8D4D E0 /LEA ECX,DWORD PTR SS:
006CDCBA|.8BC3 |MOV EAX,EBX
006CDCBC|.C1E0 02 |SHL EAX,2
006CDCBF|.33D2 |XOR EDX,EDX
006CDCC1|.E8 BEC7D3FF |CALL JXCRM.0040A484
006CDCC6|.8B55 E0 |MOV EDX,DWORD PTR SS:
006CDCC9|.8D45 F4 |LEA EAX,DWORD PTR SS:
006CDCCC|.E8 C371D3FF |CALL JXCRM.00404E94
006CDCD1|.43 |INC EBX
006CDCD2|.83FB 04 |CMP EBX,4
006CDCD5|.^ 75 E0 \JNZ SHORT JXCRM.006CDCB7
006CDCD7|>8D45 F0 LEA EAX,DWORD PTR SS:
006CDCDA|.BA 64DD6C00 MOV EDX,JXCRM.006CDD64 ;jxcrm123xm566
006CDCDF|.E8 706FD3FF CALL JXCRM.00404C54 ;EDX中出现jxcrm123xm566
006CDCE4|.8D45 DC LEA EAX,DWORD PTR SS:
006CDCE7|.50 PUSH EAX
006CDCE8|.B9 04000000 MOV ECX,4
006CDCED|.BA 01000000 MOV EDX,1
006CDCF2|.8B45 F0 MOV EAX,DWORD PTR SS:
006CDCF5|.E8 F273D3FF CALL JXCRM.004050EC
006CDCFA|.FF75 DC PUSH DWORD PTR SS: ;出现jxcr
006CDCFD|.68 7CDD6C00 PUSH JXCRM.006CDD7C ;-
006CDD02|.FF75 F8 PUSH DWORD PTR SS: ;出现 堆栈 SS:=030C08F0, (ASCII "0574")
006CDD05|.8D45 D8 LEA EAX,DWORD PTR SS:
006CDD08|.50 PUSH EAX
006CDD09|.B9 05000000 MOV ECX,5
006CDD0E|.BA 05000000 MOV EDX,5
006CDD13|.8B45 F0 MOV EAX,DWORD PTR SS: ; JXCRM.006CDD64堆栈 SS:=006CDD64 (JXCRM.006CDD64), ASCII "jxcrm123xm566"
006CDD16|.E8 D173D3FF CALL JXCRM.004050EC
006CDD1B|.FF75 D8 PUSH DWORD PTR SS: ;出现m123x
006CDD1E|.68 7CDD6C00 PUSH JXCRM.006CDD7C ;-
006CDD23|.FF75 F4 PUSH DWORD PTR SS: ;出现6535堆栈 SS:=030C0904, (ASCII "6535")
006CDD26|.8BC7 MOV EAX,EDI
006CDD28|.BA 06000000 MOV EDX,6
006CDD2D|.E8 1A72D3FF CALL JXCRM.00404F4C
F7进入看看
//////////////////////////////////////////////////
00404F4C $53 PUSH EBX
00404F4D .56 PUSH ESI
00404F4E .57 PUSH EDI
00404F4F .52 PUSH EDX
00404F50 .50 PUSH EAX
00404F51 .89D3 MOV EBX,EDX
00404F53 .31FF XOR EDI,EDI
00404F55 .8B4C94 14 MOV ECX,DWORD PTR SS: ;出现jxcr
00404F59 .85C9 TEST ECX,ECX
00404F5B .74 0C JE SHORT JXCRM.00404F69
00404F5D .3908 CMP DWORD PTR DS:,ECX
00404F5F .75 08 JNZ SHORT JXCRM.00404F69
00404F61 .89CF MOV EDI,ECX
00404F63 .8B41 FC MOV EAX,DWORD PTR DS:
00404F66 .4A DEC EDX
00404F67 .EB 02 JMP SHORT JXCRM.00404F6B
00404F69 >31C0 XOR EAX,EAX
00404F6B >8B4C94 14 MOV ECX,DWORD PTR SS: ;出现0574
00404F6F .85C9 TEST ECX,ECX
00404F71 .74 09 JE SHORT JXCRM.00404F7C
00404F73 .0341 FC ADD EAX,DWORD PTR DS:
00404F76 .39CF CMP EDI,ECX
00404F78 .75 02 JNZ SHORT JXCRM.00404F7C
00404F7A .31FF XOR EDI,EDI
00404F7C >4A DEC EDX
00404F7D .^ 75 EC JNZ SHORT JXCRM.00404F6B
00404F7F .85FF TEST EDI,EDI
00404F81 .74 17 JE SHORT JXCRM.00404F9A
00404F83 .89C2 MOV EDX,EAX
00404F85 .8B0424 MOV EAX,DWORD PTR SS:
00404F88 .8B77 FC MOV ESI,DWORD PTR DS:
00404F8B .E8 88020000 CALL JXCRM.00405218
00404F90 .8B3C24 MOV EDI,DWORD PTR SS:
00404F93 .FF37 PUSH DWORD PTR DS:
00404F95 .0337 ADD ESI,DWORD PTR DS:
00404F97 .4B DEC EBX
00404F98 .EB 08 JMP SHORT JXCRM.00404FA2
00404F9A >E8 E1FCFFFF CALL JXCRM.00404C80
00404F9F .50 PUSH EAX
00404FA0 .89C6 MOV ESI,EAX
00404FA2 >8B449C 18 MOV EAX,DWORD PTR SS: ;jxcr 05746535
00404FA6 .89F2 MOV EDX,ESI
00404FA8 .85C0 TEST EAX,EAX
00404FAA .74 0A JE SHORT JXCRM.00404FB6
00404FAC .8B48 FC MOV ECX,DWORD PTR DS:
00404FAF .01CE ADD ESI,ECX
00404FB1 .E8 A6DBFFFF CALL JXCRM.00402B5C
00404FB6 >4B DEC EBX
00404FB7 .^ 75 E9 JNZ SHORT JXCRM.00404FA2
00404FB9 .5A POP EDX ;堆栈 =030C0940 (030C0940), ASCII "jxcr-0574m123x-6535"
00404FBA .58 POP EAX
00404FBB .85FF TEST EDI,EDI
00404FBD .75 0C JNZ SHORT JXCRM.00404FCB
00404FBF .85D2 TEST EDX,EDX ;出现EDX=030C0940, (ASCII "jxcr-0574m123x-6535")
00404FC1 .74 03 JE SHORT JXCRM.00404FC6
00404FC3 .FF4A F8 DEC DWORD PTR DS:
00404FC6 >E8 45FCFFFF CALL JXCRM.00404C10
00404FCB >5A POP EDX
00404FCC .5F POP EDI
00404FCD .5E POP ESI
00404FCE .5B POP EBX
00404FCF .58 POP EAX
00404FD0 .8D2494 LEA ESP,DWORD PTR SS:
00404FD3 .FFE0 JMP EAX
00404FD3 . /FFE0 JMP EAX ;返回到JXCRM.006CDD32
/////////////////////////////////////////////////////////
006CDD32|.33C0 XOR EAX,EAX
006CDD34|.5A POP EDX
006CDD35|.59 POP ECX
006CDD36|.59 POP ECX
006CDD37|.64:8910 MOV DWORD PTR FS:,EDX
006CDD3A|.68 54DD6C00 PUSH JXCRM.006CDD54
006CDD3F|>8D45 D8 LEA EAX,DWORD PTR SS:
006CDD42|.BA 0A000000 MOV EDX,0A
006CDD47|.E8 946ED3FF CALL JXCRM.00404BE0
006CDD4C\.C3 RETN
006CDD4D .^ E9 6E67D3FF JMP JXCRM.004044C0
006CDD52 .^ EB EB JMP SHORT JXCRM.006CDD3F
006CDD54 .5F POP EDI
006CDD55 .5E POP ESI
006CDD56 .5B POP EBX
006CDD57 .8BE5 MOV ESP,EBP
006CDD59 .5D POP EBP
006CDD5A .C3 RETN ;返回到 006E71C6 (JXCRM.006E71C6)
006E71C6 .8B55 A8 MOV EDX,DWORD PTR SS: ;EDX中出现机器码5JVWSVGP
006E71C9 .A1 909F7000 MOV EAX,DWORD PTR DS: ;EDX中出现"jxcr-0574m123x-6535"
006E71CE .8B00 MOV EAX,DWORD PTR DS:
006E71D0 .8B80 D8040000 MOV EAX,DWORD PTR DS:
006E71D6 .E8 FDDDD1FF CALL JXCRM.00404FD8
在这个006E71D6 .E8 FDDDD1FF CALL JXCRM.00404FD8时寄存器中
EAX 030C06F8 ASCII "www.chinapyg.com"
ECX 00000002
EDX 030C0940 ASCII "jxcr-0574m123x-6535"
EBX 00000001
ESP 0012FD80
EBP 0012FE18
ESI 017017CC
EDI 006E61E0 JXCRM.006E61E0
EIP 006E71D6 JXCRM.006E71D6 虽然看不明白,还是支持一下!! 这个有点难,不过支持一下 这个有点难,不过支持一下 支持楼主,继续努力 本帖最后由 sdrf5678lk 于 2011-5-29 15:46 编辑
你有用户名中是不是有
PGVS 这几个字符吧 貌似某个进销存软件的算法,兄弟可以参考:
里诺进销存管理软件 V3.29 单机版 算法注册机+VC源码 BY crackiss
https://www.chinapyg.com/viewthread.php?tid=43251&highlight=%BD%F8%CF%FA%B4%E6%2B%CB%E3%B7%A8
里诺进销存管理软件算法分析 BY 黑夜彩虹
https://www.chinapyg.com/viewthread.php?tid=5826&highlight=%BD%F8%CF%FA%B4%E6%2B%CB%E3%B7%A8
希望有帮助噢~
页:
[1]