速存(QuickSave) 1.0 简单算法分析(浮点)
【破文标题】速存(QuickSave) 1.0 简单算法分析(浮点)【破文作者】WildCatIII
【破文时间】2006-08-18
【作者主页】龙族:Www.ChinaDforce.CoM 飘云阁:HttP://Www.ChinAPYG.CoM
【破解工具】PEiD,W32DASM,UC32,OD
【破解平台】Windows XP SP2
【软件名称】速存(QuickSave) 1.0
【软件大小】2021KB
【原版下载】http://www.onlinedown.net/soft/24526.htm
【保护方式】注册码
【软件简介】速存QuickSave是一个快速保存网上资料的小工具软件。它操作简单,设置灵活,实用性强,是网友搜集网上资料的得力助手。运行QuickSave后,上网搜集资料时,你就不用再反复地“吭哧塞”(Ctrl-c复制)、“吭哧喂”(Ctrl-v粘贴)了,只要将选定的内容,随手拖到QuickSave的资料框(类似网络蚂蚁的小窗口)中,就自动保存到事先设置的目录中了。QuickSave能自动生成文件名,自动记录资料来源URL,并且最多可同时设置9个资料框,分别保存不同方面的资料,这是与其它类似软件的不同之处。我现在使用的QuickSave,就设了6个资料框:硬件、软件、VB、手机、杂文和其它,使用起来非常方便。QuickSave的资料框位于其它窗体的上面,并且可随意拖动,并不影响浏览。网上资料一拉得,搜集资料更轻松。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
------------------------------------------------------------------------
一、查得Microsoft Visual Basic 5.0 / 6.0程序。
二、OD载入,运行注册窗口,注册错误的提示,但字符搜索找不到.
下API断点bp rtcMsgBox,程序注册确认中断在:
73472F29 >55 PUSH EBP
73472F2A 8BEC MOV EBP,ESP
73472F2C 83EC 4C SUB ESP,4C
73472F2F 8B4D 14 MOV ECX,DWORD PTR SS:[EBP+14]
取消断点,观察堆栈窗口的友好提示:
0012EFF0 00410343返回到 QuickSav.00410343 来自 MSVBVM60.rtcMsgBox
、、右键反汇编窗口中跟随。
0012EFF4 0012F0F0
0012EFF8 00000030
++++++
0041033D .FF15 80104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>] ;MSVBVM60.rtcMsgBox
00410343 .8D4D 8C LEA ECX,DWORD PTR SS:[EBP-74] 、、来到这,上面是注册错误的提示。
-=-=重新来进行分析以下。。。
0041006D .FF15 2C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>;MSVBVM60.__vbaFreeVarList
00410073 .83C4 20 ADD ESP,20 ;试练码取位数
00410076 .C745 FC 07000>MOV DWORD PTR SS:[EBP-4],7
0041007D .8B4D DC MOV ECX,DWORD PTR SS:[EBP-24] ;试练码
00410080 .51 PUSH ECX
00410081 .68 CC754000 PUSH QuickSav.004075CC
00410086 .FF15 C0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;MSVBVM60.__vbaStrCmp
0041008C .85C0 TEST EAX,EAX ;试练码值了吗?
0041008E .0F85 0F010000 JNZ QuickSav.004101A3 ;没填就挂!
~~~中间代码略~~~
004101A3 > \C745 FC 0A000>MOV DWORD PTR SS:[EBP-4],0A
004101AA .8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
004101AD .52 PUSH EDX
004101AE .8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004101B1 .8B08 MOV ECX,DWORD PTR DS:[EAX]
004101B3 .8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
004101B6 .52 PUSH EDX
004101B7 .FF91 4C070000 CALL DWORD PTR DS:[ECX+74C] ;算法Call,F7跟进!
004101BD .8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] ;试练码
004101C0 .50 PUSH EAX
004101C1 .8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28] ;=真码
004101C4 .51 PUSH ECX
004101C5 .FF15 C0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;MSVBVM60.__vbaStrCmp
004101CB .F7D8 NEG EAX ;以上Call进比较,返回标志位。
004101CD .1BC0 SBB EAX,EAX
004101CF .40 INC EAX
004101D0 .F7D8 NEG EAX
004101D2 .66:8985 F8FEF>MOV WORD PTR SS:[EBP-108],AX
004101D9 .8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
004101DC .FF15 F8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;MSVBVM60.__vbaFreeStr
004101E2 .0FBF95 F8FEFF>MOVSX EDX,WORD PTR SS:[EBP-108]
004101E9 .85D2 TEST EDX,EDX
004101EB .0F84 D1000000 JE QuickSav.004102C2 ;关键跳转~跳就注册失败。
+++++
跟进算法Call来到~
00405204 . /E9 27E50000 JMP QuickSav.00413730 、、跟!
+++
00413730 > \55 PUSH EBP
00413731 .8BEC MOV EBP,ESP
00413733 .83EC 18 SUB ESP,18
00413736 .68 06254000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler> ;SE 处理程序安装
0041373B .64:A1 00000000 MOV EAX,DWORD PTR FS:
00413741 .50 PUSH EAX
00413742 .64:8925 00000000MOV DWORD PTR FS:,ESP
00413749 .B8 90000000 MOV EAX,90
0041374E .E8 ADEDFEFF CALL <JMP.&MSVBVM60.__vbaChkstk>
00413753 .53 PUSH EBX
00413754 .56 PUSH ESI
00413755 .57 PUSH EDI
00413756 .8965 E8 MOV DWORD PTR SS:[EBP-18],ESP
00413759 .C745 EC A01C4000MOV DWORD PTR SS:[EBP-14],QuickSav.00401CA0 ;>
00413760 .C745 F0 00000000MOV DWORD PTR SS:[EBP-10],0
00413767 .C745 F4 00000000MOV DWORD PTR SS:[EBP-C],0
0041376E .C745 FC 01000000MOV DWORD PTR SS:[EBP-4],1
00413775 .8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
00413778 .C700 00000000 MOV DWORD PTR DS:[EAX],0
0041377E .C745 FC 02000000MOV DWORD PTR SS:[EBP-4],2
00413785 .6A 01 PUSH 1
00413787 .FF15 7C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaOnError>] ;MSVBVM60.__vbaOnError
0041378D .C745 FC 03000000MOV DWORD PTR SS:[EBP-4],3
00413794 .8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
00413797 .51 PUSH ECX
00413798 .8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0041379B .8B02 MOV EAX,DWORD PTR DS:[EDX]
0041379D .8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004137A0 .51 PUSH ECX
004137A1 .FF90 FC060000 CALL DWORD PTR DS:[EAX+6FC]
004137A7 .8985 78FFFFFF MOV DWORD PTR SS:[EBP-88],EAX
004137AD .83BD 78FFFFFF 00CMP DWORD PTR SS:[EBP-88],0
004137B4 .7D 23 JGE SHORT QuickSav.004137D9
004137B6 .68 FC060000 PUSH 6FC
004137BB .68 D8634000 PUSH QuickSav.004063D8
004137C0 .8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
004137C3 .52 PUSH EDX
004137C4 .8B85 78FFFFFF MOV EAX,DWORD PTR SS:[EBP-88]
004137CA .50 PUSH EAX
004137CB .FF15 68104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresultCheckOb>;MSVBVM60.__vbaHresultCheckObj
004137D1 .8985 5CFFFFFF MOV DWORD PTR SS:[EBP-A4],EAX
004137D7 .EB 0A JMP SHORT QuickSav.004137E3
004137D9 >C785 5CFFFFFF 000>MOV DWORD PTR SS:[EBP-A4],0
004137E3 >8B4D CC MOV ECX,DWORD PTR SS:[EBP-34] ;机器码
004137E6 .898D 60FFFFFF MOV DWORD PTR SS:[EBP-A0],ECX
004137EC .C745 CC 00000000MOV DWORD PTR SS:[EBP-34],0
004137F3 .8B95 60FFFFFF MOV EDX,DWORD PTR SS:[EBP-A0]
004137F9 .8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
004137FC .FF15 CC114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
00413802 .C745 FC 04000000MOV DWORD PTR SS:[EBP-4],4
00413809 .8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
0041380C .52 PUSH EDX
0041380D .FF15 78114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI4Str>] ;MSVBVM60.__vbaI4Str
00413813 .8985 58FFFFFF MOV DWORD PTR SS:[EBP-A8],EAX;转换成HEX值
00413819 .DB85 58FFFFFF FILD DWORD PTR SS:[EBP-A8]
0041381F .DD9D 50FFFFFF FSTP QWORD PTR SS:[EBP-B0]
00413825 .DD85 50FFFFFF FLD QWORD PTR SS:[EBP-B0]
0041382B .833D 00C04100 00CMP DWORD PTR DS:,0
00413832 .75 08 JNZ SHORT QuickSav.0041383C
00413834 .DC35 101D4000 FDIV QWORD PTR DS: ;除以常数7
0041383A .EB 11 JMP SHORT QuickSav.0041384D
0041383C >FF35 141D4000 PUSH DWORD PTR DS:
00413842 .FF35 101D4000 PUSH DWORD PTR DS:
00413848 .E8 D7ECFEFF CALL <JMP.&MSVBVM60._adj_fdiv_m64>
0041384D >DC0D 081D4000 FMUL QWORD PTR DS: ;结果乘以常数3
00413853 .DC05 001D4000 FADD QWORD PTR DS: ;然后加上常数12345
00413859 .DFE0 FSTSW AX
0041385B .A8 0D TEST AL,0D
0041385D .0F85 3C010000 JNZ QuickSav.0041399F
00413863 .FF15 B4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFpI4>] ;MSVBVM60.__vbaFpI4
00413869 .8945 D0 MOV DWORD PTR SS:[EBP-30],EAX ;转换成16进制值放EAX
0041386C .C745 FC 05000000MOV DWORD PTR SS:[EBP-4],5
00413873 .8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30]
00413876 .50 PUSH EAX
00413877 .FF15 18104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrI4>] ;MSVBVM60.__vbaStrI4
0041387D .8BD0 MOV EDX,EAX ;其值送到EDX
0041387F .8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
00413882 .FF15 CC114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
00413888 .C745 FC 06000000MOV DWORD PTR SS:[EBP-4],6
0041388F .8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
00413892 .894D 94 MOV DWORD PTR SS:[EBP-6C],ECX
00413895 .C745 8C 08400000MOV DWORD PTR SS:[EBP-74],4008
0041389C .6A 05 PUSH 5
0041389E .8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
004138A1 .52 PUSH EDX
004138A2 .8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
004138A5 .50 PUSH EAX
004138A6 .FF15 D8114000 CALL DWORD PTR DS:[<&MSVBVM60.#619>] ;MSVBVM60.rtcRightCharVar
004138AC .8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
004138AF .894D 84 MOV DWORD PTR SS:[EBP-7C],ECX
004138B2 .C785 7CFFFFFF 084>MOV DWORD PTR SS:[EBP-84],4008
004138BC .8B55 D4 MOV EDX,DWORD PTR SS:[EBP-2C]
004138BF .52 PUSH EDX
004138C0 .FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBstr>];MSVBVM60.__vbaLenBstr
004138C6 .83E8 05 SUB EAX,5 ;取位数减去5
004138C9 .0F80 D5000000 JO QuickSav.004139A4
004138CF .50 PUSH EAX
004138D0 .8D85 7CFFFFFF LEA EAX,DWORD PTR SS:[EBP-84]
004138D6 .50 PUSH EAX
004138D7 .8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
004138DA .51 PUSH ECX
004138DB .FF15 C0114000 CALL DWORD PTR DS:[<&MSVBVM60.#617>] ;MSVBVM60.rtcLeftCharVar
004138E1 .8D55 BC LEA EDX,DWORD PTR SS:[EBP-44] ;取右边的4位
004138E4 .52 PUSH EDX
004138E5 .8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
004138E8 .50 PUSH EAX
004138E9 .8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64]
004138EC .51 PUSH ECX
004138ED .FF15 2C114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCat>] ;MSVBVM60.__vbaVarCat
004138F3 .50 PUSH EAX
004138F4 .FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVarMove>] ;MSVBVM60.__vbaStrVarMove
004138FA .8BD0 MOV EDX,EAX ;右边4位 & 左边5位,注册码也!
' -----------------------------------------------------------------
' 设CodeA为双精度小数型,CodeB为长整数型.
' 一、取机器码 / 7 * 3 + 12345,设为CodeA.
' 二、将CodeA四舍五入取整,结果设为CodeB.
' 三、取CodeB的左边5位移到右边四位的后面就是真码。
' 提供一组注册码供大家参考。
' -1542372548
' 04461-6610
' -----------------------------------------------------------------
VB算法KeyGen源碼:
Private Sub Command1_Click()
'这下面可以填变量。
Dim CodeA As Double
Dim CodeB As Long
Dim LenCodeB As Integer
Dim CodeC As String
Dim A, B As String
If Text1.Text = "" Then
Text2.Text = "输入有误,请重新输入!"
Else'以上为注册相关信息检测过程及提示。
CodeA = Val(Text1.Text)
CodeA = CodeA / 7
CodeA = CodeA * 3
CodeA = CodeA + 12345
CodeB = Round(CodeA, 0)
CodeC = Str(CodeB)
LenCodeB = 0
LenCodeB = Len(CodeC)
A = Left(CodeC, 5)
LenCodeB = LenCodeB - 5
B = Right(CodeC, LenCodeB)
Text2.Text = B + A
'以上空白处输入算法源码就OK啦。
End If
End Sub
【版权声明】本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[ 本帖最后由 野猫III 于 2006-8-18 22:40 编辑 ] 谢谢,学习了! 算法很简单,学习一下. 学习猫的文章! 不知猫兄可不可以做一个易语言的注册机教程!!谢谢! 原帖由 hangyubin 于 2006-8-18 19:47 发表
不知猫兄可不可以做一个易语言的注册机教程!!谢谢!
这没问题,事先咱着用VB来编,没想到老是出错,不知道为什么~
算法是对的,可算出来的结果老是不对~
.版本 2
.程序集 窗口程序集1
.子程序 _按钮1_被单击
.局部变量 机器码, 双精度小数型
.局部变量 CodeA, 双精度小数型
.局部变量 CodeB, 长整数型
.局部变量 Len, 整数型
.局部变量 CodeB的左边, 文本型
.局部变量 CodeB的右边, 文本型
' -------------------------------------------
' 设CodeA为双精度小数型,CodeB为长整数型.
' 一、取机器码 / 7 * 3 + 12345,设为CodeA.
' 二、将CodeA四舍五入取整,结果设为CodeB.
' 三、取CodeB的左边5位移到右边四位的后面就是真码。
' -------------------------------------------
机器码 = 到数值 (编辑框1.内容)
机器码 = 机器码 ÷ 7
机器码 = 机器码 × 3
CodeA = 机器码 + 12345
CodeB = 四舍五入 (CodeA, 0)
Len = 取文本长度 (到文本 (CodeB))
CodeB的左边 = 取文本左边 (到文本 (CodeB), 5)
CodeB的右边 = 取文本右边 (到文本 (CodeB), Len - 5)
编辑框2.内容 = CodeB的右边 + CodeB的左边
' 提供一组注册码供大家参考。
' -1542372548
' 04461-6610
[ 本帖最后由 野猫III 于 2006-8-18 21:57 编辑 ]
页:
[1]