Picture To Icon V1.924算法分析
Picture To Icon V1.924算法分析【破文标题】Picture To Icon V1.924
【破文作者】寒湖鹤影
【作者邮箱】[email protected]
【作者主页】无
【破解工具】PEiD,OD
【破解平台】WindowsXP
【软件名称】Picture To Icon V1.924
【软件大小】700K
【原版下载】http://www.skycn.com/soft/27005.html
【保护方式】壳,注册码
【软件简介】软件大小: 700 KB
软件语言: 英文
软件类别: 国外软件 / 共享版 / 图标工具
应用平台: Win9x/NT/2000/XP/2003
界面预览: 无
更新时间: 2006-08-30 09:02:33
能将图片或屏幕的一部分转化为ICON图标,调整图标大小以及从资源库中提取icon。支持BMP, JPEG, GIF, CUR, WMF。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
------------------------------------------------------------------------
1、PEID查壳,ASPack 2.001 -> Alexey Solodovnikov壳,很容易脱,略过,
脱壳后的程序是用Borland C++ 1999编写的
2、OD载入,查找错误提示信息“Your registration code is invalid.”只找到一处错误提示。双击后在代码段头下断
------------------------------------------------------------------------
004228E8/.55 PUSH EBP
;这里下断,输入用户名amct,注册码74747474747474747474747474747474747474747474,运行,程序断下来,F8
004228E9|.8BEC MOV EBP,ESP
004228EB|.83C4 9C ADD ESP,-64
004228EE|.8955 A0 MOV DWORD PTR SS:,EDX
004228F1|.8945 A4 MOV DWORD PTR SS:,EAX
004228F4|.B8 00305100 MOV EAX,123.00513000
004228F9|.E8 825E0C00 CALL 123.004E8780
004228FE|.8B15 FCAE5100 MOV EDX,DWORD PTR DS: ;123._IconConverter
00422904|.8B0A MOV ECX,DWORD PTR DS:
00422906|.80B9 E4030000>CMP BYTE PTR DS:,0
0042290D|.0F85 3A030000 JNZ 123.00422C4D
00422913|.66:C745 B8 08>MOV WORD PTR SS:,8
00422919|.8D45 FC LEA EAX,DWORD PTR SS:
0042291C|.E8 5B12FEFF CALL 123.00403B7C
00422921|.8BD0 MOV EDX,EAX
00422923|.FF45 C4 INC DWORD PTR SS:
00422926|.8B4D A4 MOV ECX,DWORD PTR SS:
00422929|.8B81 00030000 MOV EAX,DWORD PTR DS:
0042292F|.E8 E4FE0900 CALL 123.004C2818 ;取用户名位数
00422934|.8D45 FC LEA EAX,DWORD PTR SS: ;指向用户名的地址ebp-4给EAX
00422937|.E8 6032FEFF CALL 123.00405B9C
0042293C|.83F8 03 CMP EAX,3 ;用户名位数与3比较,小于3失败
0042293F|.0F9CC2 SETL DL
00422942|.83E2 01 AND EDX,1
00422945|.52 PUSH EDX ; /Arg1
00422946|.FF4D C4 DEC DWORD PTR SS: ; |
00422949|.8D45 FC LEA EAX,DWORD PTR SS: ; |
0042294C|.BA 02000000 MOV EDX,2 ; |
00422951|.E8 1E0F0D00 CALL 123.004F3874 ; \123.004F3874
00422956|.59 POP ECX
00422957|.84C9 TEST CL,CL
00422959|.74 3C JE SHORT 123.00422997
0042295B|.66:C745 B8 14>MOV WORD PTR SS:,14
00422961|.BA 6D275100 MOV EDX,123.0051276D ;please input your full name!
00422966|.8D45 F8 LEA EAX,DWORD PTR SS:
00422969|.E8 4E0E0D00 CALL 123.004F37BC
0042296E|.FF45 C4 INC DWORD PTR SS:
00422971|.8B00 MOV EAX,DWORD PTR DS:
00422973|.E8 FCA30900 CALL 123.004BCD74
00422978|.FF4D C4 DEC DWORD PTR SS:
0042297B|.8D45 F8 LEA EAX,DWORD PTR SS:
0042297E|.BA 02000000 MOV EDX,2
00422983|.E8 EC0E0D00 CALL 123.004F3874
00422988|.8B4D A8 MOV ECX,DWORD PTR SS:
0042298B|.64:890D 00000>MOV DWORD PTR FS:,ECX
00422992|.E9 C8020000 JMP 123.00422C5F
00422997|>68 F4010000 PUSH 1F4 ; /Timeout = 500. ms
0042299C|.E8 B7A40E00 CALL <JMP.&kernel32.Sleep> ; \Sleep
004229A1|.66:C745 B8 20>MOV WORD PTR SS:,20 ;EBP-48=20
004229A7|.8D45 F4 LEA EAX,DWORD PTR SS:
004229AA|.E8 CD11FEFF CALL 123.00403B7C
004229AF|.8BD0 MOV EDX,EAX
004229B1|.FF45 C4 INC DWORD PTR SS:
004229B4|.8B4D A4 MOV ECX,DWORD PTR SS:
004229B7|.8B81 04030000 MOV EAX,DWORD PTR DS:
004229BD|.E8 56FE0900 CALL 123.004C2818 ;取注册码位数
004229C2|.8D55 F4 LEA EDX,DWORD PTR SS: ;指向注册码的地址给EDX
004229C5|.FF32 PUSH DWORD PTR DS: ; /注册码入栈
004229C7|.E8 24E7FFFF CALL 123.004210F0 ; \关键CALL跟进
004229CC|.59 POP ECX
004229CD|.8B0D FCAE5100 MOV ECX,DWORD PTR DS: ;123._IconConverter
004229D3|.8B11 MOV EDX,DWORD PTR DS:
004229D5|.8882 E4030000 MOV BYTE PTR DS:,AL
004229DB|.FF4D C4 DEC DWORD PTR SS:
004229DE|.8D45 F4 LEA EAX,DWORD PTR SS:
004229E1|.BA 02000000 MOV EDX,2
004229E6|.E8 890E0D00 CALL 123.004F3874
004229EB|.A1 FCAE5100 MOV EAX,DWORD PTR DS:
004229F0|.8B08 MOV ECX,DWORD PTR DS:
004229F2|.80B9 E4030000>CMP BYTE PTR DS:,0
004229F9|.0F84 1F020000 JE 123.00422C1E ;关键跳跳向失败
004229FF|.66:C745 B8 2C>MOV WORD PTR SS:,2C
00422A05|.8D45 F0 LEA EAX,DWORD PTR SS:
00422A08|.E8 6F11FEFF CALL 123.00403B7C
00422A0D|.8BD0 MOV EDX,EAX
00422A0F|.FF45 C4 INC DWORD PTR SS:
00422A12|.8B4D A4 MOV ECX,DWORD PTR SS:
00422A15|.8B81 04030000 MOV EAX,DWORD PTR DS:
00422A1B|.E8 F8FD0900 CALL 123.004C2818
00422A20|.8D55 F0 LEA EDX,DWORD PTR SS:
00422A23|.8B45 A4 MOV EAX,DWORD PTR SS:
00422A26|.05 20030000 ADD EAX,320
00422A2B|.E8 740E0D00 CALL 123.004F38A4
00422A30|.FF4D C4 DEC DWORD PTR SS:
00422A33|.8D45 F0 LEA EAX,DWORD PTR SS:
00422A36|.BA 02000000 MOV EDX,2
00422A3B|.E8 340E0D00 CALL 123.004F3874
00422A40|.8B45 A4 MOV EAX,DWORD PTR SS:
00422A43|.05 20030000 ADD EAX,320
00422A48|.E8 2BF7FDFF CALL 123.00402178
00422A4D|.0FBE50 17 MOVSX EDX,BYTE PTR DS:
00422A51|.83FA 30 CMP EDX,30 ;注册码第24位与十进制的0比较
00422A54|.7C 16 JL SHORT 123.00422A6C
00422A56|.8B45 A4 MOV EAX,DWORD PTR SS:
00422A59|.05 20030000 ADD EAX,320
00422A5E|.E8 15F7FDFF CALL 123.00402178
00422A63|.0FBE50 17 MOVSX EDX,BYTE PTR DS:
00422A67|.83FA 39 CMP EDX,39 ;注册码第24位与十进制的9比较
00422A6A|.7E 0F JLE SHORT 123.00422A7B
00422A6C|>8B0D FCAE5100 MOV ECX,DWORD PTR DS: ;123._IconConverter
00422A72|.8B01 MOV EAX,DWORD PTR DS:
00422A74|.C680 E4030000>MOV BYTE PTR DS:,0
00422A7B|>B2 01 MOV DL,1
00422A7D|.A1 7C684600 MOV EAX,DWORD PTR DS:
00422A82|.E8 F53E0400 CALL 123.0046697C
00422A87|.8945 9C MOV DWORD PTR SS:,EAX
00422A8A|.BA 01000080 MOV EDX,80000001
00422A8F|.8B45 9C MOV EAX,DWORD PTR SS:
00422A92|.E8 150D0D00 CALL 123.004F37AC
00422A97|.8B15 FCAE5100 MOV EDX,DWORD PTR DS: ;123._IconConverter
00422A9D|.8B0A MOV ECX,DWORD PTR DS:
00422A9F|.80B9 E4030000>CMP BYTE PTR DS:,0
00422AA6|.0F84 06010000 JE 123.00422BB2
00422AAC|.66:C745 B8 38>MOV WORD PTR SS:,38
00422AB2|.BA 8A275100 MOV EDX,123.0051278A ;software\xtzy\pic2ico
00422AB7|.8D45 EC LEA EAX,DWORD PTR SS:
00422ABA|.E8 FD0C0D00 CALL 123.004F37BC
00422ABF|.FF45 C4 INC DWORD PTR SS:
00422AC2|.8B10 MOV EDX,DWORD PTR DS:
00422AC4|.B1 01 MOV CL,1
00422AC6|.8B45 9C MOV EAX,DWORD PTR SS:
00422AC9|.E8 B23F0400 CALL 123.00466A80
00422ACE|.84C0 TEST AL,AL
00422AD0|.0F95C0 SETNE AL
00422AD3|.83E0 01 AND EAX,1
00422AD6|.50 PUSH EAX ; /Arg1
00422AD7|.FF4D C4 DEC DWORD PTR SS: ; |
00422ADA|.8D45 EC LEA EAX,DWORD PTR SS: ; |
00422ADD|.BA 02000000 MOV EDX,2 ; |
00422AE2|.E8 8D0D0D00 CALL 123.004F3874 ; \123.004F3874
00422AE7|.59 POP ECX
00422AE8|.85C9 TEST ECX,ECX
00422AEA|.0F84 C2000000 JE 123.00422BB2
00422AF0|.8D45 E4 LEA EAX,DWORD PTR SS:
00422AF3|.E8 8410FEFF CALL 123.00403B7C
00422AF8|.8BD0 MOV EDX,EAX
00422AFA|.FF45 C4 INC DWORD PTR SS:
00422AFD|.8B4D A4 MOV ECX,DWORD PTR SS:
00422B00|.8B81 04030000 MOV EAX,DWORD PTR DS:
00422B06|.E8 0DFD0900 CALL 123.004C2818
00422B0B|.8D55 E4 LEA EDX,DWORD PTR SS:
00422B0E|.FF32 PUSH DWORD PTR DS:
00422B10|.66:C745 B8 44>MOV WORD PTR SS:,44
00422B16|.BA A0275100 MOV EDX,123.005127A0 ;no
00422B1B|.8D45 E8 LEA EAX,DWORD PTR SS:
00422B1E|.E8 990C0D00 CALL 123.004F37BC
00422B23|.FF45 C4 INC DWORD PTR SS:
00422B26|.8B10 MOV EDX,DWORD PTR DS:
00422B28|.8B45 9C MOV EAX,DWORD PTR SS:
00422B2B|.59 POP ECX
00422B2C|.E8 EB400400 CALL 123.00466C1C
00422B31|.FF4D C4 DEC DWORD PTR SS:
00422B34|.8D45 E4 LEA EAX,DWORD PTR SS:
00422B37|.BA 02000000 MOV EDX,2
00422B3C|.E8 330D0D00 CALL 123.004F3874
00422B41|.FF4D C4 DEC DWORD PTR SS:
00422B44|.8D45 E8 LEA EAX,DWORD PTR SS:
00422B47|.BA 02000000 MOV EDX,2
00422B4C|.E8 230D0D00 CALL 123.004F3874
00422B51|.8D45 DC LEA EAX,DWORD PTR SS:
00422B54|.E8 2310FEFF CALL 123.00403B7C
00422B59|.8BD0 MOV EDX,EAX
00422B5B|.FF45 C4 INC DWORD PTR SS:
00422B5E|.8B4D A4 MOV ECX,DWORD PTR SS:
00422B61|.8B81 00030000 MOV EAX,DWORD PTR DS:
00422B67|.E8 ACFC0900 CALL 123.004C2818
00422B6C|.8D55 DC LEA EDX,DWORD PTR SS:
00422B6F|.FF32 PUSH DWORD PTR DS:
00422B71|.66:C745 B8 50>MOV WORD PTR SS:,50
00422B77|.BA A3275100 MOV EDX,123.005127A3 ;name
00422B7C|.8D45 E0 LEA EAX,DWORD PTR SS:
00422B7F|.E8 380C0D00 CALL 123.004F37BC
00422B84|.FF45 C4 INC DWORD PTR SS:
00422B87|.8B10 MOV EDX,DWORD PTR DS:
00422B89|.8B45 9C MOV EAX,DWORD PTR SS:
00422B8C|.59 POP ECX
00422B8D|.E8 8A400400 CALL 123.00466C1C
00422B92|.FF4D C4 DEC DWORD PTR SS:
00422B95|.8D45 DC LEA EAX,DWORD PTR SS:
00422B98|.BA 02000000 MOV EDX,2
00422B9D|.E8 D20C0D00 CALL 123.004F3874
00422BA2|.FF4D C4 DEC DWORD PTR SS:
00422BA5|.8D45 E0 LEA EAX,DWORD PTR SS:
00422BA8|.BA 02000000 MOV EDX,2
00422BAD|.E8 C20C0D00 CALL 123.004F3874
00422BB2|>8B45 9C MOV EAX,DWORD PTR SS:
00422BB5|.E8 323E0400 CALL 123.004669EC
00422BBA|.8B55 9C MOV EDX,DWORD PTR SS:
00422BBD|.8955 D4 MOV DWORD PTR SS:,EDX
00422BC0|.837D D4 00 CMP DWORD PTR SS:,0
00422BC4|.74 21 JE SHORT 123.00422BE7
00422BC6|.8B4D D4 MOV ECX,DWORD PTR SS:
00422BC9|.8B01 MOV EAX,DWORD PTR DS:
00422BCB|.8945 D8 MOV DWORD PTR SS:,EAX
00422BCE|.66:C745 B8 68>MOV WORD PTR SS:,68
00422BD4|.BA 03000000 MOV EDX,3
00422BD9|.8B45 D4 MOV EAX,DWORD PTR SS:
00422BDC|.8B08 MOV ECX,DWORD PTR DS:
00422BDE|.FF51 FC CALL DWORD PTR DS:
00422BE1|.66:C745 B8 5C>MOV WORD PTR SS:,5C
00422BE7|>66:C745 B8 74>MOV WORD PTR SS:,74
00422BED|.BA A8275100 MOV EDX,123.005127A8 ;register successfully!\nthank you.
00422BF2|.8D45 D0 LEA EAX,DWORD PTR SS:
00422BF5|.E8 C20B0D00 CALL 123.004F37BC
00422BFA|.FF45 C4 INC DWORD PTR SS:
00422BFD|.8B00 MOV EAX,DWORD PTR DS:
00422BFF|.E8 70A10900 CALL 123.004BCD74
00422C04|.FF4D C4 DEC DWORD PTR SS:
00422C07|.8D45 D0 LEA EAX,DWORD PTR SS:
00422C0A|.BA 02000000 MOV EDX,2
00422C0F|.E8 600C0D00 CALL 123.004F3874
00422C14|.8B45 A4 MOV EAX,DWORD PTR SS:
00422C17|.E8 F4050900 CALL 123.004B3210
00422C1C|.EB 37 JMP SHORT 123.00422C55
00422C1E|>66:C745 B8 80>MOV WORD PTR SS:,80
00422C24|.BA CA275100 MOV EDX,123.005127CA ;your registration code is invalid.\nif you
have purchased this software and get the wrong code, please send email to: [email protected] \n
00422C29|.8D45 CC LEA EAX,DWORD PTR SS:
00422C2C|.E8 8B0B0D00 CALL 123.004F37BC
00422C31|.FF45 C4 INC DWORD PTR SS:
00422C34|.8B00 MOV EAX,DWORD PTR DS:
00422C36|.E8 39A10900 CALL 123.004BCD74
00422C3B|.FF4D C4 DEC DWORD PTR SS:
00422C3E|.8D45 CC LEA EAX,DWORD PTR SS:
00422C41|.BA 02000000 MOV EDX,2
00422C46|.E8 290C0D00 CALL 123.004F3874
00422C4B|.EB 08 JMP SHORT 123.00422C55
00422C4D|>8B45 A4 MOV EAX,DWORD PTR SS:
00422C50|.E8 BB050900 CALL 123.004B3210
00422C55|>8B55 A8 MOV EDX,DWORD PTR SS:
00422C58|.64:8915 00000>MOV DWORD PTR FS:,EDX
00422C5F|>8BE5 MOV ESP,EBP
00422C61|.5D POP EBP
=============================================================================
跟进关键CALL
004210F0/$55 PUSH EBP
004210F1|.8BEC MOV EBP, ESP
004210F3|.81C4 74FFFFFF ADD ESP, -8C
004210F9|.56 PUSH ESI
004210FA|.57 PUSH EDI
004210FB|.B8 C0285100 MOV EAX, 123.005128C0
00421100|.E8 7B760C00 CALL 123.004E8780
00421105|.C745 F8 01000>MOV DWORD PTR SS:, 1
0042110C|.8D55 08 LEA EDX, DWORD PTR SS:
0042110F|.8D45 08 LEA EAX, DWORD PTR SS:
00421112|.E8 DD260D00 CALL 123.004F37F4
00421117|.FF45 F8 INC DWORD PTR SS:
0042111A|.66:C745 EC 08>MOV WORD PTR SS:, 8
00421120|.C645 DB 00 MOV BYTE PTR SS:, 0
00421124|.8D45 08 LEA EAX, DWORD PTR SS:
00421127|.E8 704AFEFF CALL 123.00405B9C ;注册码位数
0042112C|.83F8 2C CMP EAX, 2C ;注册码是否44位
0042112F|.0F85 3E020000 JNZ 123.00421373
00421135|.BE D6245100 MOV ESI, 123.005124D6 ;1z1h+2a0n-0g8y*9a1n|给ESI
0042113A|.8D7D 88 LEA EDI, DWORD PTR SS:
0042113D|.B9 05000000 MOV ECX, 5 ;ECX=5
00421142|.F3:A5 REP MOVS DWORD PTR ES:, DWORD>
00421144|.A4 MOVS BYTE PTR ES:, BYTE PTR D>
00421145|.8D45 08 LEA EAX, DWORD PTR SS: ;注册码地址EBP+8给EAX
00421148|.E8 2B10FEFF CALL 123.00402178 ;取注册码
0042114D|.0FBE50 28 MOVSX EDX, BYTE PTR DS: ;注册码倒数第四位也就是第41位给EDX
00421151|.83FA 50 CMP EDX, 50 ;第41位是否是大写字母P
00421154|.74 23 JE SHORT 123.00421179
00421156|.33C0 XOR EAX, EAX ;EAX=0
00421158|.50 PUSH EAX
00421159|.FF4D F8 DEC DWORD PTR SS:
0042115C|.8D45 08 LEA EAX, DWORD PTR SS: ;注册码地址给EAX
0042115F|.BA 02000000 MOV EDX, 2 ;EDX=2
00421164|.E8 0B270D00 CALL 123.004F3874 ;取注册码
00421169|.58 POP EAX
0042116A|.8B55 DC MOV EDX, DWORD PTR SS: ;注册码给EDX
0042116D|.64:8915 00000>MOV DWORD PTR FS:, EDX
00421174|.E9 19020000 JMP 123.00421392
00421179|>8D45 08 LEA EAX, DWORD PTR SS: ;注册码给EAX
0042117C|.E8 F70FFEFF CALL 123.00402178
00421181|.0FBE50 29 MOVSX EDX, BYTE PTR DS: ;第42位给EDX
00421185|.83FA 32 CMP EDX, 32 ;第42位是否为2
00421188|.74 23 JE SHORT 123.004211AD
0042118A|.33C0 XOR EAX, EAX
0042118C|.50 PUSH EAX
0042118D|.FF4D F8 DEC DWORD PTR SS:
00421190|.8D45 08 LEA EAX, DWORD PTR SS:
00421193|.BA 02000000 MOV EDX, 2
00421198|.E8 D7260D00 CALL 123.004F3874
0042119D|.58 POP EAX
0042119E|.8B55 DC MOV EDX, DWORD PTR SS:
004211A1|.64:8915 00000>MOV DWORD PTR FS:, EDX
004211A8|.E9 E5010000 JMP 123.00421392
004211AD|>8D45 08 LEA EAX, DWORD PTR SS:
004211B0|.E8 C30FFEFF CALL 123.00402178
004211B5|.0FBE50 2A MOVSX EDX, BYTE PTR DS:
004211B9|.83FA 49 CMP EDX, 49 ;第43位是否为大写字母I
004211BC|.74 23 JE SHORT 123.004211E1
004211BE|.33C0 XOR EAX, EAX
004211C0|.50 PUSH EAX
004211C1|.FF4D F8 DEC DWORD PTR SS:
004211C4|.8D45 08 LEA EAX, DWORD PTR SS:
004211C7|.BA 02000000 MOV EDX, 2
004211CC|.E8 A3260D00 CALL 123.004F3874
004211D1|.58 POP EAX
004211D2|.8B55 DC MOV EDX, DWORD PTR SS:
004211D5|.64:8915 00000>MOV DWORD PTR FS:, EDX
004211DC|.E9 B1010000 JMP 123.00421392
004211E1|>8D45 08 LEA EAX, DWORD PTR SS:
004211E4|.E8 8F0FFEFF CALL 123.00402178
004211E9|.0FBE50 2B MOVSX EDX, BYTE PTR DS:
004211ED|.83FA 31 CMP EDX, 31 ;第44位是否为1
004211F0|.74 23 JE SHORT 123.00421215
004211F2|.33C0 XOR EAX, EAX
004211F4|.50 PUSH EAX
004211F5|.FF4D F8 DEC DWORD PTR SS:
004211F8|.8D45 08 LEA EAX, DWORD PTR SS:
004211FB|.BA 02000000 MOV EDX, 2
00421200|.E8 6F260D00 CALL 123.004F3874
00421205|.58 POP EAX
00421206|.8B55 DC MOV EDX, DWORD PTR SS:
00421209|.64:8915 00000>MOV DWORD PTR FS:, EDX
00421210|.E9 7D010000 JMP 123.00421392
00421215|>8D45 08 LEA EAX, DWORD PTR SS:
00421218|.E8 5B0FFEFF CALL 123.00402178
0042121D|.50 PUSH EAX ; /Arg2
0042121E|.8D55 A0 LEA EDX, DWORD PTR SS: ; |
00421221|.52 PUSH EDX ; |Arg1
00421222|.E8 B5720C00 CALL 123.004E84DC ; \123.004E84DC
00421227|.83C4 08 ADD ESP, 8
0042122A|.0FBE4D A1 MOVSX ECX, BYTE PTR SS:
0042122E|.83F9 30 CMP ECX, 30 ;第二位是否为数字0
00421231|.0F85 3C010000 JNZ 123.00421373
00421237|.C645 A1 23 MOV BYTE PTR SS:, 23 ;23h即“#”替换第2位
0042123B|.C645 DB 01 MOV BYTE PTR SS:, 1
0042123F|.C745 D4 02000>MOV DWORD PTR SS:, 2
00421246|>8B45 D4 /MOV EAX, DWORD PTR SS:
00421249|.0FBE5405 88 |MOVSX EDX, BYTE PTR SS:[EBP+EAX-7>;取字符串“1z1h+2a0n-0g8y*9a1n|”第3位给EDX
0042124E|.8B4D D4 |MOV ECX, DWORD PTR SS:
00421251|.0FBE440D 9F |MOVSX EAX, BYTE PTR SS:[EBP+ECX-6>;取替换后的注册码的第二位给EAX
00421256|.03D0 |ADD EDX, EAX ;EDX=EDX+EAX
00421258|.8B4D D4 |MOV ECX, DWORD PTR SS:
0042125B|.0FBE440D A0 |MOVSX EAX, BYTE PTR SS:[EBP+ECX-6>;取替换后的注册码第三位给EAX
00421260|.33D0 |XOR EDX, EAX ;EDX=EDX XOR EAX
00421262|.8B4D D4 |MOV ECX, DWORD PTR SS:
00421265|.0FBE440D 88 |MOVSX EAX, BYTE PTR SS:[EBP+ECX-7>;取字符串“1z1h+2a0n-0g8y*9a1n|”第三位给EAX
0042126A|.33D0 |XOR EDX, EAX ;EDX=EDX XOR EAX
0042126C|.52 |PUSH EDX ; /Arg1
0042126D|.E8 26010000 |CALL 123.00421398 ; \EDX的结果给EAX
00421272|.59 |POP ECX
00421273|.B9 1A000000 |MOV ECX, 1A ;ECX=1A
00421278|.99 |CDQ
00421279|.F7F9 |IDIV ECX ;EAX=EAX\1A EDX=MOD(EAX,1A)
0042127B|.83C2 41 |ADD EDX, 41 ;EDX=EDX+41
0042127E|.8B45 D4 |MOV EAX, DWORD PTR SS:
00421281|.0FBE4C05 A9 |MOVSX ECX, BYTE PTR SS:[EBP+EAX-5>;替换后的注册码第12位给ECX
00421286|.3BD1 |CMP EDX, ECX ;第12-19位分别为12E,13N,14P,15H,16N,17V,18R,19V
00421288|.74 06 |JE SHORT 123.00421290
0042128A|.C645 DB 00 |MOV BYTE PTR SS:, 0
0042128E|.EB 09 |JMP SHORT 123.00421299
00421290|>FF45 D4 |INC DWORD PTR SS:
00421293|.837D D4 0A |CMP DWORD PTR SS:, 0A ;和十进制10比较
00421297|.^ 7C AD \JL SHORT 123.00421246 ;小于10则跳上去继续
00421299|>807D DB 00 CMP BYTE PTR SS:, 0
0042129D|.0F84 C3000000 JE 123.00421366
004212A3|.C745 D0 18000>MOV DWORD PTR SS:, 18 ;EBP-30=18
004212AA|.66:C745 EC 08>MOV WORD PTR SS:, 8
004212B0|.837D D0 28 CMP DWORD PTR SS:, 28
004212B4|.7D 4B JGE SHORT 123.00421301
004212B6|>8B55 D0 /MOV EDX, DWORD PTR SS:
004212B9|.0FBE4415 89 |MOVSX EAX, BYTE PTR SS:[EBP+EDX-7>;替换后的注册码第二位给EAX
004212BE|.B9 06000000 |MOV ECX, 6 ;ECX=6
004212C3|.99 |CDQ
004212C4|.F7F9 |IDIV ECX ;EAX= EAX\6EDX=MOD(EAX,6)
004212C6|.8BCA |MOV ECX, EDX ;ECX=EDX
004212C8|.8B45 D0 |MOV EAX, DWORD PTR SS:
004212CB|.0FBE5405 8A |MOVSX EDX, BYTE PTR SS:[EBP+EAX-7>;替换后注册码第三位给EDX
004212D0|.D3E2 |SHL EDX, CL ;EDX=EDX左移余数位
004212D2|.8B45 D0 |MOV EAX, DWORD PTR SS:
004212D5|.0FBE4C05 8B |MOVSX ECX, BYTE PTR SS:[EBP+EAX-7>;替换后的注册码第四位给ECX
004212DA|.0BD1 |OR EDX, ECX ;EDX=EDX OR ECX
004212DC|.52 |PUSH EDX ; /Arg1
004212DD|.E8 B6000000 |CALL 123.00421398 ; \给果给EAX
004212E2|.59 |POP ECX
004212E3|.B9 1A000000 |MOV ECX, 1A ;ECX=1A
004212E8|.99 |CDQ
004212E9|.F7F9 |IDIV ECX ;EAX=EAX\ECX EDX=MOD(EAX,ECX)
004212EB|.80C2 61 |ADD DL, 61 ;DL=DL+61
004212EE|.8B45 D0 |MOV EAX, DWORD PTR SS:
004212F1|.889405 5CFFFF>|MOV BYTE PTR SS:, DL;DL放到EBP+EAX-A4处
004212F8|.FF45 D0 |INC DWORD PTR SS:
004212FB|.837D D0 28 |CMP DWORD PTR SS:, 28
004212FF|.^ 7C B5 \JL SHORT 123.004212B6 ;循环16次,得到字符串“mxaxaxaxaxaxaxax”
00421301|>C645 84 5A MOV BYTE PTR SS:, 5A ;连接上5A即字母Z
00421305|.C645 85 59 MOV BYTE PTR SS:, 59 ;连接上59即字母Y,即“mxaxaxaxaxaxaxaxZY”
00421309|.C745 CC 18000>MOV DWORD PTR SS:, 18
00421310|.66:C745 EC 08>MOV WORD PTR SS:, 8
00421316|.837D CC 28 CMP DWORD PTR SS:, 28
0042131A|.7D 4A JGE SHORT 123.00421366
0042131C|>8B55 CC /MOV EDX, DWORD PTR SS: ;EDX=18
0042131F|.0FBE8415 5CFF>|MOVSX EAX, BYTE PTR SS:[EBP+EDX-A>;上次循环得到的字符串第一位给EAX
00421327|.C1E0 04 |SHL EAX, 4 ;EAX=EAX左移4位
0042132A|.8B55 CC |MOV EDX, DWORD PTR SS:
0042132D|.0FBE8C15 5DFF>|MOVSX ECX, BYTE PTR SS:[EBP+EDX-A>;上次循环的字符串的第二位给ECX
00421335|.D1F9 |SAR ECX, 1 ;ECX=ECX右移1位
00421337|.33C1 |XOR EAX, ECX ;EAX=EAX XOR ECX
00421339|.50 |PUSH EAX ; /Arg1
0042133A|.E8 59000000 |CALL 123.00421398 ; \123.00421398
0042133F|.59 |POP ECX
00421340|.B9 1A000000 |MOV ECX, 1A ;ECX=1A
00421345|.99 |CDQ
00421346|.F7F9 |IDIV ECX ;EAX=EAX\1A EDX=MOD(EAX,1A)
00421348|.83C2 41 |ADD EDX, 41 ;EDX=EDX+41
0042134B|.8B45 CC |MOV EAX, DWORD PTR SS:
0042134E|.0FBE4405 A0 |MOVSX EAX, BYTE PTR SS:[EBP+EAX-6>;替换后的字符串的第25位给EAX
00421353|.3BD0 |CMP EDX, EAX ;
这个循环分别比较注册码第25位到40位是不是25E,26S,27U,28S,29U,30S,31R,32U,33U,34C,35N,36B,37K,38I,39M,40V
00421355|.74 06 |JE SHORT 123.0042135D
00421357|.C645 DB 00 |MOV BYTE PTR SS:, 0
0042135B|.EB 09 |JMP SHORT 123.00421366
0042135D|>FF45 CC |INC DWORD PTR SS:
00421360|.837D CC 28 |CMP DWORD PTR SS:, 28
00421364|.^ 7C B6 \JL SHORT 123.0042131C
00421366|>0FBE55 AA MOVSX EDX, BYTE PTR SS: ;替换后字符串第11位给EAX
0042136A|.83FA 59 CMP EDX, 59 ;第11位是否为59即大写字母Y
0042136D|.74 04 JE SHORT 123.00421373
0042136F|.C645 DB 00 MOV BYTE PTR SS:, 0
00421373|>8A45 DB MOV AL, BYTE PTR SS:
00421376|.50 PUSH EAX
00421377|.FF4D F8 DEC DWORD PTR SS:
0042137A|.8D45 08 LEA EAX, DWORD PTR SS: ;注册码地址给EAX
0042137D|.BA 02000000 MOV EDX, 2 ;EDX=2
00421382|.E8 ED240D00 CALL 123.004F3874
00421387|.58 POP EAX
00421388|.8B55 DC MOV EDX, DWORD PTR SS:
0042138B|.64:8915 00000>MOV DWORD PTR FS:, EDX
00421392|>5F POP EDI
00421393|.5E POP ESI
00421394|.8BE5 MOV ESP, EBP
00421396|.5D POP EBP
00421397\.C3 RETN
=========================================================================================
算法小结:
1、用户名位数大于3位,未参与注册码计算
2、第2、11、40-44位分别为0、Y、P、2、I、1,24位是0-9的数字
3、先将注册码第2位替换为“#”,然后和字符串“1z1h+2a0n-0g8y*9a1n|”循环运算,算出第12-19位的注册码
4、替换后的注册码经过16次循环,得到字符串“mxaxaxaxaxaxaxax”,再连接上“ZY”,即“mxaxaxaxaxaxaxaxZY”
5、字符串“mxaxaxaxaxaxaxaxZY”经过16次循环得到25-40位的注册码
6、其他位的注册码参与运算但未进行比较,所以仍是你原来输入的相应数字
算法比较简单,就是循环次数太多,要有耐性
由于注册机在制作过程中出现一些技术问题,(第2组注册码能成功算出,但第一个有些问题)正在调试,成功后再发
送两组可用注册码:
7074747474YENPHNVRV47474ESUSUSRUUCNBKIMVP2I1
1011111111YGKSSMSKO11111SOOOOOSNNBUTBUGPP2I1
注册信息保存在注册表:HKEY_CURRENT_USER\Software\XTZY\Pic2Ico,删除即可重玩
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[ 本帖最后由 寒湖鹤影 于 2006-9-8 16:35 编辑 ] 有耐心呀。我看得都晕了!
很意外
说实话,我一点也看不懂,也很意外你有这方面的知识。但我想是你用心去弄的。支持你的努力。(莲瓣) 我也提供一个注册码,让大家用用Code:3041138742YDPSUXHVW02860YOTPZHBNIRYIPUJNP2I1 看得我昏头转向,不懂~~ Picture To Icon V1.924 和 1.914
算法没有变化。
https://www.chinapyg.com/viewthread.php?tid=4478&highlight=Picture%2BTo%2BIcon 寒湖鹤影 兄弟很有耐心的说,咱分析了一点放弃了。
但也顺便暴了它做了个补丁。呵呵。。。 :L :$ 不错~~ 支持下
页:
[1]