Dynamic Auto-Painter PRO 4 算法分析 + 神奇 pyg.dll 应用
本帖最后由 sdnyzjzx 于 2014-11-11 09:49 编辑一、算法分析部分0053DAC3|.8D70 10 LEA ESI,DWORD PTR ;随机生成注册码前10位
0053DAC6|.83C4 04 ADD ESP,0x4
0053DAC9|.897424 30 MOV DWORD PTR ,ESI ;ASCII "741230567"
0053DACD|.68 A55C6C00 PUSH DaPainte.006C5CA5
0053DAD2|.8D4C24 1C LEA ECX,DWORD PTR
0053DAD6|.C64424 50 06MOV BYTE PTR ,0x6
0053DADB|.E8 6047ECFF CALL DaPainte.00402240
0053DAE0|.B8 5F5F5F5F MOV EAX,0x5F5F5F5F
0053DAE5|.894424 34 MOV DWORD PTR ,EAX
0053DAE9|.894424 38 MOV DWORD PTR ,EAX
0053DAED|.884424 3C MOV BYTE PTR ,AL
0053DAF1|.8B46 F4 MOV EAX,DWORD PTR
0053DAF4|.83F8 02 CMP EAX,0x2
0053DAF7|.C64424 4C 07MOV BYTE PTR ,0x7
0053DAFC|.7D 0A JGE SHORT DaPainte.0053DB08
0053DAFE|.68 57000780 PUSH 0x80070057
0053DB03|.E8 F834ECFF CALL DaPainte.00401000
0053DB08|>83F8 02 CMP EAX,0x2
0053DB0B|.8A56 02 MOV DL,BYTE PTR ;regcode
0053DB0E|.7D 0A JGE SHORT DaPainte.0053DB1A
0053DB10|.68 57000780 PUSH 0x80070057
0053DB15|.E8 E634ECFF CALL DaPainte.00401000
0053DB1A|>83F8 01 CMP EAX,0x1
0053DB1D|.7D 0A JGE SHORT DaPainte.0053DB29
0053DB1F|.68 57000780 PUSH 0x80070057
0053DB24|.E8 D734ECFF CALL DaPainte.00401000
0053DB29|>83F8 01 CMP EAX,0x1
0053DB2C|.8A4E 01 MOV CL,BYTE PTR ;regcode
0053DB2F|.7D 0A JGE SHORT DaPainte.0053DB3B
0053DB31|.68 57000780 PUSH 0x80070057
0053DB36|.E8 C534ECFF CALL DaPainte.00401000
0053DB3B|>0FBEC1 MOVSX EAX,CL ;regcode
0053DB3E|.0FBEDA MOVSX EBX,DL ;regcode
0053DB41|.0FBED2 MOVSX EDX,DL ;regcode
0053DB44|.0FBEC9 MOVSX ECX,CL ;regcode
0053DB47|.8D0443 LEA EAX,DWORD PTR ;regcode + regcode*2
0053DB4A|.03C2 ADD EAX,EDX ;regcode + regcode*2 + regcode
0053DB4C|.8D1481 LEA EDX,DWORD PTR ;regcode + (regcode + regcode*2 + regcode)*4
0053DB4F|.52 PUSH EDX ;35C
0053DB50|.8BCD MOV ECX,EBP
0053DB52|.E8 99FFEEFF CALL DaPainte.0042DAF0
0053DB57|.884424 34 MOV BYTE PTR ,AL ;30<-- 0
0053DB5B|.8B46 F4 MOV EAX,DWORD PTR
0053DB5E|.3BC7 CMP EAX,EDI
0053DB60|.7D 0A JGE SHORT DaPainte.0053DB6C
0053DB62|.68 57000780 PUSH 0x80070057
0053DB67|.E8 9434ECFF CALL DaPainte.00401000
0053DB6C|>83F8 01 CMP EAX,0x1
0053DB6F|.7D 0A JGE SHORT DaPainte.0053DB7B
0053DB71|.68 57000780 PUSH 0x80070057
0053DB76|.E8 8534ECFF CALL DaPainte.00401000
0053DB7B|>83F8 06 CMP EAX,0x6
0053DB7E|.8A5E 01 MOV BL,BYTE PTR ;regcode
0053DB81|.7D 0A JGE SHORT DaPainte.0053DB8D
0053DB83|.68 57000780 PUSH 0x80070057
0053DB88|.E8 7334ECFF CALL DaPainte.00401000
0053DB8D|>83F8 05 CMP EAX,0x5
0053DB90|.8A56 06 MOV DL,BYTE PTR ;regcode
0053DB93|.7D 0A JGE SHORT DaPainte.0053DB9F
0053DB95|.68 57000780 PUSH 0x80070057
0053DB9A|.E8 6134ECFF CALL DaPainte.00401000
0053DB9F|>8A4E 05 MOV CL,BYTE PTR ;regcode
0053DBA2|.0FBEC2 MOVSX EAX,DL ;regcode
0053DBA5|.0FBE16 MOVSX EDX,BYTE PTR ;regcode
0053DBA8|.8D0440 LEA EAX,DWORD PTR ;regcode*3
0053DBAB|.8D0490 LEA EAX,DWORD PTR ;regcode*3 + regcode*4
0053DBAE|.0FBED3 MOVSX EDX,BL ;regcode
0053DBB1|.0FBEC9 MOVSX ECX,CL ;regcode
0053DBB4|.03C2 ADD EAX,EDX ;regcode*3 + regcode*4 + regcode
0053DBB6|.8D1441 LEA EDX,DWORD PTR ;regcode + (regcode*3 + regcode*4 + regcode)*2
0053DBB9|.52 PUSH EDX ;38E
0053DBBA|.8BCD MOV ECX,EBP
0053DBBC|.E8 2FFFEEFF CALL DaPainte.0042DAF0
0053DBC1|.884424 35 MOV BYTE PTR ,AL ;30
0053DBC5|.8B46 F4 MOV EAX,DWORD PTR
0053DBC8|.83F8 07 CMP EAX,0x7
0053DBCB|.7D 0A JGE SHORT DaPainte.0053DBD7
0053DBCD|.68 57000780 PUSH 0x80070057
0053DBD2|.E8 2934ECFF CALL DaPainte.00401000
0053DBD7|>83F8 08 CMP EAX,0x8
0053DBDA|.7D 0A JGE SHORT DaPainte.0053DBE6
0053DBDC|.68 57000780 PUSH 0x80070057
0053DBE1|.E8 1A34ECFF CALL DaPainte.00401000
0053DBE6|>83F8 05 CMP EAX,0x5
0053DBE9|.8A5E 08 MOV BL,BYTE PTR
0053DBEC|.7D 0A JGE SHORT DaPainte.0053DBF8
0053DBEE|.68 57000780 PUSH 0x80070057
0053DBF3|.E8 0834ECFF CALL DaPainte.00401000
0053DBF8|>83F8 01 CMP EAX,0x1
0053DBFB|.8A56 05 MOV DL,BYTE PTR
0053DBFE|.7D 0A JGE SHORT DaPainte.0053DC0A
0053DC00|.68 57000780 PUSH 0x80070057
0053DC05|.E8 F633ECFF CALL DaPainte.00401000
0053DC0A|>0FBE46 07 MOVSX EAX,BYTE PTR
0053DC0E|.8A4E 01 MOV CL,BYTE PTR
0053DC11|.0FBED2 MOVSX EDX,DL
0053DC14|.8D0440 LEA EAX,DWORD PTR
0053DC17|.03C2 ADD EAX,EDX
0053DC19|.8BD0 MOV EDX,EAX
0053DC1B|.0FBEC3 MOVSX EAX,BL
0053DC1E|.8D0480 LEA EAX,DWORD PTR
0053DC21|.8D1450 LEA EDX,DWORD PTR
0053DC24|.0FBEC1 MOVSX EAX,CL
0053DC27|.03D0 ADD EDX,EAX
0053DC29|.52 PUSH EDX
0053DC2A|.8BCD MOV ECX,EBP
0053DC2C|.E8 BFFEEEFF CALL DaPainte.0042DAF0
0053DC31|.884424 36 MOV BYTE PTR ,AL ;37
0053DC35|.8B46 F4 MOV EAX,DWORD PTR
0053DC38|.83F8 02 CMP EAX,0x2
0053DC3B|.7D 0A JGE SHORT DaPainte.0053DC47
0053DC3D|.68 57000780 PUSH 0x80070057
0053DC42|.E8 B933ECFF CALL DaPainte.00401000
0053DC47|>83F8 01 CMP EAX,0x1
0053DC4A|.8A4E 02 MOV CL,BYTE PTR ;regcode
0053DC4D|.7D 0A JGE SHORT DaPainte.0053DC59
0053DC4F|.68 57000780 PUSH 0x80070057
0053DC54|.E8 A733ECFF CALL DaPainte.00401000
0053DC59|>3BC7 CMP EAX,EDI
0053DC5B|.8A5E 01 MOV BL,BYTE PTR ;regcode
0053DC5E|.7D 0A JGE SHORT DaPainte.0053DC6A
0053DC60|.68 57000780 PUSH 0x80070057
0053DC65|.E8 9633ECFF CALL DaPainte.00401000
0053DC6A|>83F8 02 CMP EAX,0x2
0053DC6D|.8A16 MOV DL,BYTE PTR ;regcode
0053DC6F|.7D 0A JGE SHORT DaPainte.0053DC7B
0053DC71|.68 57000780 PUSH 0x80070057
0053DC76|.E8 8533ECFF CALL DaPainte.00401000
0053DC7B|>0FBEC1 MOVSX EAX,CL ;regcode
0053DC7E|.8D3C40 LEA EDI,DWORD PTR ;regcode*3
0053DC81|.0FBEC3 MOVSX EAX,BL ;regcode
0053DC84|.8D1CC5 000000>LEA EBX,DWORD PTR ;regcode*8
0053DC8B|.2BD8 SUB EBX,EAX ;regcode*8 - regcode
0053DC8D|.0FBEC9 MOVSX ECX,CL ;regcode
0053DC90|.03FB ADD EDI,EBX ;regcode*3 + (regcode*8 - regcode)
0053DC92|.8D04CF LEA EAX,DWORD PTR ;regcode*3 + (regcode*8 - regcode) + regcode*8
0053DC95|.0FBECA MOVSX ECX,DL ;regcode
0053DC98|.03C1 ADD EAX,ECX ;regcode*3 + (regcode*8 - regcode) + regcode*8 + regcode
0053DC9A|.50 PUSH EAX ;3BE
0053DC9B|.8BCD MOV ECX,EBP
0053DC9D|.E8 4EFEEEFF CALL DaPainte.0042DAF0
0053DCA2|.884424 37 MOV BYTE PTR ,AL ;38 <-- 3
0053DCA6|.C64424 38 2DMOV BYTE PTR ,0x2D
0053DCAB|.8B46 F4 MOV EAX,DWORD PTR
0053DCAE|.83F8 07 CMP EAX,0x7
0053DCB1|.7D 0A JGE SHORT DaPainte.0053DCBD
0053DCB3|.68 57000780 PUSH 0x80070057
0053DCB8|.E8 4333ECFF CALL DaPainte.00401000
0053DCBD|>83F8 05 CMP EAX,0x5
0053DCC0|.8A56 07 MOV DL,BYTE PTR
0053DCC3|.7D 0A JGE SHORT DaPainte.0053DCCF
0053DCC5|.68 57000780 PUSH 0x80070057
0053DCCA|.E8 3133ECFF CALL DaPainte.00401000
0053DCCF|>83F8 05 CMP EAX,0x5
0053DCD2|.8A4E 05 MOV CL,BYTE PTR
0053DCD5|.7D 0A JGE SHORT DaPainte.0053DCE1
0053DCD7|.68 57000780 PUSH 0x80070057
0053DCDC|.E8 1F33ECFF CALL DaPainte.00401000
0053DCE1|>83F8 02 CMP EAX,0x2
0053DCE4|.7D 0A JGE SHORT DaPainte.0053DCF0
0053DCE6|.68 57000780 PUSH 0x80070057
0053DCEB|.E8 1033ECFF CALL DaPainte.00401000
0053DCF0|>0FBE46 02 MOVSX EAX,BYTE PTR
0053DCF4|.0FBEF9 MOVSX EDI,CL
0053DCF7|.0FBEC9 MOVSX ECX,CL
0053DCFA|.0FBED2 MOVSX EDX,DL
0053DCFD|.03C7 ADD EAX,EDI
0053DCFF|.03CA ADD ECX,EDX
0053DD01|.8D0440 LEA EAX,DWORD PTR
0053DD04|.8D04C8 LEA EAX,DWORD PTR
0053DD07|.50 PUSH EAX
0053DD08|.8BCD MOV ECX,EBP
0053DD0A|.E8 E1FDEEFF CALL DaPainte.0042DAF0
0053DD0F|.884424 39 MOV BYTE PTR ,AL ;-37
0053DD13|.8B46 F4 MOV EAX,DWORD PTR
0053DD16|.83F8 05 CMP EAX,0x5
0053DD19|.7D 0A JGE SHORT DaPainte.0053DD25
0053DD1B|.68 57000780 PUSH 0x80070057
0053DD20|.E8 DB32ECFF CALL DaPainte.00401000
0053DD25|>83F8 06 CMP EAX,0x6
0053DD28|.8A5E 05 MOV BL,BYTE PTR ;regcode
0053DD2B|.7D 0A JGE SHORT DaPainte.0053DD37
0053DD2D|.68 57000780 PUSH 0x80070057
0053DD32|.E8 C932ECFF CALL DaPainte.00401000
0053DD37|>83F8 01 CMP EAX,0x1
0053DD3A|.8A56 06 MOV DL,BYTE PTR ;regcode
0053DD3D|.7D 0A JGE SHORT DaPainte.0053DD49
0053DD3F|.68 57000780 PUSH 0x80070057
0053DD44|.E8 B732ECFF CALL DaPainte.00401000
0053DD49|>83F8 01 CMP EAX,0x1
0053DD4C|.8A4E 01 MOV CL,BYTE PTR ;regcode
0053DD4F|.7D 0A JGE SHORT DaPainte.0053DD5B
0053DD51|.68 57000780 PUSH 0x80070057
0053DD56|.E8 A532ECFF CALL DaPainte.00401000
0053DD5B|>0FBEF9 MOVSX EDI,CL ;regcode
0053DD5E|.0FBEC3 MOVSX EAX,BL ;regcode
0053DD61|.8D3C87 LEA EDI,DWORD PTR ;regcode + regcode*4
0053DD64|.0FBEC1 MOVSX EAX,CL ;regcode
0053DD67|.0FBED2 MOVSX EDX,DL ;regcode
0053DD6A|.03FA ADD EDI,EDX ;regcode + regcode*4 + regcode
0053DD6C|.8D0440 LEA EAX,DWORD PTR ;regcode*3
0053DD6F|.8D0C78 LEA ECX,DWORD PTR ;regcode*3 + (regcode + regcode*4 + regcode)*2
0053DD72|.51 PUSH ECX
0053DD73|.8BCD MOV ECX,EBP
0053DD75|.E8 76FDEEFF CALL DaPainte.0042DAF0
0053DD7A|.884424 3A MOV BYTE PTR ,AL ;30 <-- 6
0053DD7E|.8B46 F4 MOV EAX,DWORD PTR
0053DD81|.83F8 06 CMP EAX,0x6
0053DD84|.7D 0A JGE SHORT DaPainte.0053DD90
0053DD86|.68 57000780 PUSH 0x80070057
0053DD8B|.E8 7032ECFF CALL DaPainte.00401000
0053DD90|>83F8 03 CMP EAX,0x3
0053DD93|.7D 0A JGE SHORT DaPainte.0053DD9F
0053DD95|.68 57000780 PUSH 0x80070057
0053DD9A|.E8 6132ECFF CALL DaPainte.00401000
0053DD9F|>83F8 08 CMP EAX,0x8
0053DDA2|.8A5E 03 MOV BL,BYTE PTR
0053DDA5|.7D 0A JGE SHORT DaPainte.0053DDB1
0053DDA7|.68 57000780 PUSH 0x80070057
0053DDAC|.E8 4F32ECFF CALL DaPainte.00401000
0053DDB1|>83F8 07 CMP EAX,0x7
0053DDB4|.8A56 08 MOV DL,BYTE PTR
0053DDB7|.7D 0A JGE SHORT DaPainte.0053DDC3
0053DDB9|.68 57000780 PUSH 0x80070057
0053DDBE|.E8 3D32ECFF CALL DaPainte.00401000
0053DDC3|>0FBE7E 06 MOVSX EDI,BYTE PTR
0053DDC7|.8A4E 07 MOV CL,BYTE PTR
0053DDCA|.0FBEC3 MOVSX EAX,BL
0053DDCD|.8D3C87 LEA EDI,DWORD PTR
0053DDD0|.0FBEC2 MOVSX EAX,DL
0053DDD3|.8D1440 LEA EDX,DWORD PTR
0053DDD6|.0FBEC9 MOVSX ECX,CL
0053DDD9|.8D047A LEA EAX,DWORD PTR
0053DDDC|.03C1 ADD EAX,ECX
0053DDDE|.50 PUSH EAX
0053DDDF|.8BCD MOV ECX,EBP
0053DDE1|.E8 0AFDEEFF CALL DaPainte.0042DAF0
0053DDE6|.884424 3B MOV BYTE PTR ,AL ;35
0053DDEA|.8B46 F4 MOV EAX,DWORD PTR
0053DDED|.83F8 05 CMP EAX,0x5
0053DDF0|.7D 0A JGE SHORT DaPainte.0053DDFC
0053DDF2|.68 57000780 PUSH 0x80070057
0053DDF7|.E8 0432ECFF CALL DaPainte.00401000
0053DDFC|>83F8 03 CMP EAX,0x3
0053DDFF|.8A5E 05 MOV BL,BYTE PTR ;regcode
0053DE02|.7D 0A JGE SHORT DaPainte.0053DE0E
0053DE04|.68 57000780 PUSH 0x80070057
0053DE09|.E8 F231ECFF CALL DaPainte.00401000
0053DE0E|>83F8 07 CMP EAX,0x7
0053DE11|.8A56 03 MOV DL,BYTE PTR ;regcode
0053DE14|.7D 0A JGE SHORT DaPainte.0053DE20
0053DE16|.68 57000780 PUSH 0x80070057
0053DE1B|.E8 E031ECFF CALL DaPainte.00401000
0053DE20|>83F8 07 CMP EAX,0x7
0053DE23|.8A4E 07 MOV CL,BYTE PTR ;regcode
0053DE26|.7D 0A JGE SHORT DaPainte.0053DE32
0053DE28|.68 57000780 PUSH 0x80070057
0053DE2D|.E8 CE31ECFF CALL DaPainte.00401000
0053DE32|>0FBEC1 MOVSX EAX,CL ;regcode
0053DE35|.0FBEC9 MOVSX ECX,CL ;regcode
0053DE38|.8D0440 LEA EAX,DWORD PTR ;regcode*3
0053DE3B|.03C1 ADD EAX,ECX ;regcode*3 + regcode
0053DE3D|.0FBED2 MOVSX EDX,DL ;regcode
0053DE40|.0FBECB MOVSX ECX,BL ;regcode
0053DE43|.03C2 ADD EAX,EDX ;regcode*3 + regcode + regcode
0053DE45|.8D1441 LEA EDX,DWORD PTR ;regcode + (regcode*3 + regcode + regcode)*2
0053DE48|.52 PUSH EDX ;244
0053DE49|.8BCD MOV ECX,EBP
0053DE4B|.E8 A0FCEEFF CALL DaPainte.0042DAF0
0053DE50|.68 1E050000 PUSH 0x51E
0053DE55|.8BCD MOV ECX,EBP
0053DE57|.884424 40 MOV BYTE PTR ,AL ;30 <-- 8
0053DE5B|.E8 90FCEEFF CALL DaPainte.0042DAF0 ;--------0078-7050-----------
0053DE60|.884424 3D MOV BYTE PTR ,AL ;30
0053DE64|.8B46 F4 MOV EAX,DWORD PTR
0053DE67|.83F8 06 CMP EAX,0x6
0053DE6A|.^ 0F8C 3BFBFFFF JL DaPainte.0053D9AB
0053DE70|.83F8 01 CMP EAX,0x1
0053DE73|.8A4E 06 MOV CL,BYTE PTR ;regcode
0053DE76|.^ 0F8C 2FFBFFFF JL DaPainte.0053D9AB
0053DE7C|.83F8 06 CMP EAX,0x6
0053DE7F|.8A56 01 MOV DL,BYTE PTR ;regcode
0053DE82|.^ 0F8C 23FBFFFF JL DaPainte.0053D9AB
0053DE88|.85C0 TEST EAX,EAX
0053DE8A|.^ 0F8C 1BFBFFFF JL DaPainte.0053D9AB
0053DE90|.0FBE06 MOVSX EAX,BYTE PTR ;regcode
0053DE93|.0FBEF9 MOVSX EDI,CL ;regcode
0053DE96|.03C7 ADD EAX,EDI ;regcode + regcode
0053DE98|.8D3C80 LEA EDI,DWORD PTR ;(regcode + regcode)*5
0053DE9B|.0FBEC1 MOVSX EAX,CL ;regcode
0053DE9E|.0FBECA MOVSX ECX,DL ;regcode
0053DEA1|.8D0440 LEA EAX,DWORD PTR ;regcode*3
0053DEA4|.03F8 ADD EDI,EAX ;(regcode + regcode)*5 + regcode*3
0053DEA6|.03F9 ADD EDI,ECX ;(regcode + regcode)*5 + regcode*3 + regcode
0053DEA8|.57 PUSH EDI ;2EF
0053DEA9|.8BCD MOV ECX,EBP
0053DEAB|.E8 40FCEEFF CALL DaPainte.0042DAF0
0053DEB0|.884424 35 MOV BYTE PTR ,AL ;31 <-- 1开始替换1
0053DEB4|.8B46 F4 MOV EAX,DWORD PTR
0053DEB7|.83F8 02 CMP EAX,0x2
0053DEBA|.^ 0F8C EBFAFFFF JL DaPainte.0053D9AB
0053DEC0|.8A4E 02 MOV CL,BYTE PTR ;regcode
0053DEC3|.85C0 TEST EAX,EAX
0053DEC5|.^ 0F8C E0FAFFFF JL DaPainte.0053D9AB
0053DECB|.83F8 06 CMP EAX,0x6
0053DECE|.8A16 MOV DL,BYTE PTR ;regcode
0053DED0|.^ 0F8C D5FAFFFF JL DaPainte.0053D9AB
0053DED6|.0FBE46 06 MOVSX EAX,BYTE PTR ;regcode
0053DEDA|.0FBEF9 MOVSX EDI,CL ;regcode
0053DEDD|.03C7 ADD EAX,EDI ;regcode + regcode
0053DEDF|.8D3C40 LEA EDI,DWORD PTR ;(regcode + regcode)*3
0053DEE2|.0FBEC2 MOVSX EAX,DL ;regcode
0053DEE5|.8D1480 LEA EDX,DWORD PTR ;regcode*5
0053DEE8|.0FBEC1 MOVSX EAX,CL ;regcode
0053DEEB|.03FA ADD EDI,EDX ;(regcode + regcode)*3 + regcode*5
0053DEED|.8D0C47 LEA ECX,DWORD PTR ;(regcode + regcode)*3 + regcode*5 + regcode*2
0053DEF0|.51 PUSH ECX ;2A7
0053DEF1|.8BCD MOV ECX,EBP
0053DEF3|.E8 F8FBEEFF CALL DaPainte.0042DAF0
0053DEF8|.884424 36 MOV BYTE PTR ,AL ;39<-- 2 替换2
0053DEFC|.C64424 38 2DMOV BYTE PTR ,0x2D
0053DF01|.8B46 F4 MOV EAX,DWORD PTR
0053DF04|.83F8 02 CMP EAX,0x2
0053DF07|.^ 0F8C 9EFAFFFF JL DaPainte.0053D9AB
0053DF0D|.83F8 07 CMP EAX,0x7
0053DF10|.8A4E 02 MOV CL,BYTE PTR ;regcode
0053DF13|.^ 0F8C 92FAFFFF JL DaPainte.0053D9AB
0053DF19|.83F8 08 CMP EAX,0x8
0053DF1C|.8A56 07 MOV DL,BYTE PTR ;regcode
0053DF1F|.^ 0F8C 86FAFFFF JL DaPainte.0053D9AB
0053DF25|.0FBE46 08 MOVSX EAX,BYTE PTR ;regcode
0053DF29|.0FBEF9 MOVSX EDI,CL ;regcode
0053DF2C|.8D0440 LEA EAX,DWORD PTR ;regcode*3
0053DF2F|.8D3C78 LEA EDI,DWORD PTR ;regcode*3 + regcode*2
0053DF32|.0FBEC2 MOVSX EAX,DL ;regcode
0053DF35|.0FBEC9 MOVSX ECX,CL ;regcode
0053DF38|.8D14C5 000000>LEA EDX,DWORD PTR ;regcode*8
0053DF3F|.03F9 ADD EDI,ECX ;regcode*3 + regcode*2 + regcode
0053DF41|.2BD0 SUB EDX,EAX ;regcode*8 - regcode
0053DF43|.8D047A LEA EAX,DWORD PTR ;regcode*8 + (regcode*3 + regcode*2 + regcode)*2
0053DF46|.50 PUSH EAX ;3EA
0053DF47|.8BCD MOV ECX,EBP
0053DF49|.E8 A2FBEEFF CALL DaPainte.0042DAF0
0053DF4E|.884424 39 MOV BYTE PTR ,AL ;32 <-- 5替换3
0053DF52|.8B46 F4 MOV EAX,DWORD PTR
0053DF55|.83F8 08 CMP EAX,0x8
0053DF58|.^ 0F8C 4DFAFFFF JL DaPainte.0053D9AB
0053DF5E|.83F8 02 CMP EAX,0x2
0053DF61|.8A4E 08 MOV CL,BYTE PTR ;regcode
0053DF64|.^ 0F8C 41FAFFFF JL DaPainte.0053D9AB
0053DF6A|.83F8 03 CMP EAX,0x3
0053DF6D|.8A5E 02 MOV BL,BYTE PTR ;regcode
0053DF70|.^ 0F8C 35FAFFFF JL DaPainte.0053D9AB
0053DF76|.83F8 08 CMP EAX,0x8
0053DF79|.8A56 03 MOV DL,BYTE PTR ;regcode
0053DF7C|.^ 0F8C 29FAFFFF JL DaPainte.0053D9AB
0053DF82|.0FBEC1 MOVSX EAX,CL ;regcode
0053DF85|.0FBED2 MOVSX EDX,DL ;regcode
0053DF88|.03C2 ADD EAX,EDX ;regcode + regcode
0053DF8A|.8D1440 LEA EDX,DWORD PTR ;(regcode + regcode)*3
0053DF8D|.0FBEC1 MOVSX EAX,CL ;regcode
0053DF90|.8D0480 LEA EAX,DWORD PTR ;regcode*5
0053DF93|.8D0C50 LEA ECX,DWORD PTR ;regcode*5 + (regcode + regcode)*3*2
0053DF96|.0FBED3 MOVSX EDX,BL ;regcode
0053DF99|.03CA ADD ECX,EDX ;regcode*5 + (regcode + regcode)*3*2 + regcode
0053DF9B|.51 PUSH ECX ;3BA
0053DF9C|.8BCD MOV ECX,EBP
0053DF9E|.E8 4DFBEEFF CALL DaPainte.0042DAF0
0053DFA3|.884424 3B MOV BYTE PTR ,AL ;34 <-- 7 替换4
0053DFA7|.8D4424 34 LEA EAX,DWORD PTR
0053DFAB|.8D48 01 LEA ECX,DWORD PTR
0053DFAE|.8BFF MOV EDI,EDI
0053DFB0|>8A10 /MOV DL,BYTE PTR
0053DFB2|.40 |INC EAX
0053DFB3|.84D2 |TEST DL,DL
0053DFB5|.^ 75 F9 \JNZ SHORT DaPainte.0053DFB0
0053DFB7|.2BC1 SUB EAX,ECX
0053DFB9|.50 PUSH EAX
0053DFBA|.8D4424 38 LEA EAX,DWORD PTR
0053DFBE|.50 PUSH EAX
0053DFBF|.8D4C24 20 LEA ECX,DWORD PTR
0053DFC3|.E8 883EECFF CALL DaPainte.00401E50
0053DFC8|.6A 09 PUSH 0x9
0053DFCA|.8D4C24 24 LEA ECX,DWORD PTR
0053DFCE|.51 PUSH ECX
0053DFCF|.8D4C24 20 LEA ECX,DWORD PTR
0053DFD3|.E8 7866ECFF CALL DaPainte.00404650
0053DFD8|.8B08 MOV ECX,DWORD PTR ;ASCII "0198-2040"
纯体力活,没有什么技巧,算法总结如下:
1.随机生成注册码前10位
2.然后根据如上代码进行计算,得到第11-19位,其中第15位为 -
属于注册码自身校验型,第11-19位为校验位。
注册机源码如下:
头文件部分:
#include <sstream>
#include <windows.h>
#define NAKED __declspec(naked)
中间用到一个计算函数,通过内联实现:
DWORDmECX = 0;
BYTEmEAX = 0;
voidNAKED jisuan()
{
__asm
{
PUSHAD
PUSHFD
MOV ECX,mECX
MOV EAX,0x66666667
IMUL ECX
SAR EDX,0x2
MOV EAX,EDX
SHR EAX,0x1F
ADD EAX,EDX
MOV DL,0xA
IMUL DL
MOV DL,AL
MOV AL,CL
SUB AL,DL
ADD AL,0x30
MOV mEAX,AL
POPFD
POPAD
RETN
}
}
主要代码部分:
void Cdappro4Dlg::OnBnClickedButton1()
{
// TODO: 在此添加控件通知处理程序代码
srand((unsigned)time(NULL)*10);
unsigned inti = 0;
unsignedcharregcode = {0};
for (i=0;i<10;i++)
{
regcode = rand() % (0x3A-0x30)+ 0x30;
}
mECX =regcode + (regcode + regcode*2 + regcode)*4;
jisuan();
regcode = mEAX;
mECX = (regcode + regcode)*5 + regcode*3 + regcode;
jisuan();
regcode = mEAX;
mECX = (regcode + regcode)*3 + regcode*5 + regcode*2;
jisuan();
regcode = mEAX;
mECX = regcode*3 + (regcode*8 - regcode) + regcode*8 + regcode;
jisuan();
regcode = mEAX;
regcode = '-';
mECX = regcode*7 + (regcode*3 + regcode*2 + regcode)*2;
jisuan();
regcode = mEAX;
mECX = regcode*3 + (regcode + regcode*4 + regcode)*2;
jisuan();
regcode = mEAX;
mECX = regcode*5 + (regcode + regcode)*3*2 + regcode;
jisuan();
regcode = mEAX;
mECX = regcode + (regcode*3 + regcode + regcode)*2;
jisuan();
regcode = mEAX;
CStringstrReg;
for (i=0 ; i<sizeof(regcode)/sizeof(char) ; i++)
{
strReg += regcode ;
}
SetDlgItemText(IDC_REGCODE,strReg);
}测试用注册码:
77299805375490-7934 (用注册机生成)
二、神奇 pyg.dll 应用
BOOL NsHookDaPai::NsHookData()
{
PWCHAR szHookData[] = {
L"8B 08 8B 11 50 8B 42 04 FF D0 33 C0 8B 4C 24 44",
L"8B 08 8B 11 50 8B 42 04 FF D0 B0 01 8B 4C 24 44"
};
NsHookWithSignFromModule( szHookData, ARRAYSIZE(szHookData) );
return TRUE;
}仅为作记录用
在 xp 下测试通过。
支持兄弟!十分地给力!!! 虽然看不懂,还是支持一下 破文写得很好,分析也很清楚透彻。 赞一个了,感谢分享了 good,太棒了。 神奇 pyg.dll 应用?完全没看懂。 破文写得很好,分析也很清楚透彻。 #在这里快速回复#破文写得很好 破文写得很好
页:
[1]
2