屏幕录像专家V5.0
软件:屏幕录像专家V5.0语言:Bland C++
下载页面:http://www.softreg.com.cn/shareware_view.aspx?id=/2E3EB050-8E09-47EE-8F86-FC184429AB38/
壳:无
工具:OD,W32DASM,PEID
作者:kerfier
破解说明:仅仅是感兴趣
1、安装,用PEID查,无壳
2、假注册
弹出:注册失败,请检查你的输入是否有误
3、用W32DASM载入,查找该语句,发现上面还有“注册成功,谢谢您的支持”,大喜,跳转,经过仔细观察,确定在
004392F4 /.55 push ebp
处设断点
4、用OD载入,设断点,F9运行,输入注册名:kerfier;注册码:987654321,断下,单步执行下来,中间只有
00439339 |.E8 CE880500 call 屏录专家.00491C0C ;读取注册码
0043935F |.E8 A8880500 call 屏录专家.00491C0C ;读取注册名
继续执行,会出现异常,SHIFT+F9跳过,执行到
004393A9 |. /74 48 je short 屏录专家.004393F3
跳转至
004393F3 |> \6A 14 push 14 ; /Arg3 = 00000014
继续单步执行,直到以下循环,该循环将注册名跟机器码对应位相与,乘以系数后再相加,在此循环中将以浮点数方式相乘、相加
004394E6 |> /8B85 30FFFFFF /mov eax,dword ptr ss:
004394EC |. |8A9405 D4FEFFFF |mov dl,byte ptr ss:
004394F3 |. |8B8D 30FFFFFF |mov ecx,dword ptr ss:
004394F9 |. |32940D ECFEFFFF |xor dl,byte ptr ss:
00439500 |. |8B85 30FFFFFF |mov eax,dword ptr ss:
00439506 |. |889405 04FFFFFF |mov byte ptr ss:,dl
0043950D |. |8B95 30FFFFFF |mov edx,dword ptr ss:
00439513 |. |0FBE8C15 04FFFFFF |movsx ecx,byte ptr ss:
0043951B |. |898D B8FEFFFF |mov dword ptr ss:,ecx
00439521 |. |DB85 B8FEFFFF |fild dword ptr ss:
00439527 |. |83C4 F8 |add esp,-8 ; /
0043952A |. |DD1C24 |fstp qword ptr ss: ; |Arg1 (8-byte)
0043952D |. |E8 22870A00 |call 屏录专家.004E1C54 ; \屏录专家.004E1C54
00439532 |. |83C4 08 |add esp,8
00439535 |. |DB85 30FFFFFF |fild dword ptr ss:
0043953B |. |DEC9 |fmulp st(1),st
0043953D |. |DB85 34FFFFFF |fild dword ptr ss:
00439543 |. |DEC1 |faddp st(1),st
00439545 |. |E8 32870A00 |call 屏录专家.004E1C7C
0043954A |. |8985 34FFFFFF |mov dword ptr ss:,eax
00439550 |. |FF85 30FFFFFF |inc dword ptr ss:
00439556 |. |83BD 30FFFFFF 14 |cmp dword ptr ss:,14
0043955D |.^\7C 87 \jl short 屏录专家.004394E6
0043955F |.8185 34FFFFFF 39300>add dword ptr ss:,3039 ;将结果和 +0x3039
00439569 |.FFB5 34FFFFFF push dword ptr ss: ; /Arg3
0043956F |.68 A3DD5000 push 屏录专家.0050DDA3 ; |Arg2 = 0050DDA3 ASCII "%d"
00439574 |.8D95 04FFFFFF lea edx,dword ptr ss: ; |
0043957A |.52 push edx ; |Arg1
0043957B |.E8 EC6C0A00 call 屏录专家.004E026C ; \屏录专家.004E026C
00439580 |.83C4 0C add esp,0C ;将上面的结果转化成十进制22372
00439583 |.66:C785 50FFFFFF 38>mov word ptr ss:,38
0043958C |.8D45 E8 lea eax,dword ptr ss:
继续单步到这,进行注册码的处理
004395E0 |> /8B85 30FFFFFF /mov eax,dword ptr ss:
004395E6 |. |0FBE9405 04FFFFFF |movsx edx,byte ptr ss:
004395EE |. |8B8D 30FFFFFF |mov ecx,dword ptr ss:
004395F4 |. |0FBE840D BCFEFFFF |movsx eax,byte ptr ss:
004395FC |. |83C0 EC |add eax,-14 ;判断注册码前5位是否为以上结果各位加上0x14
004395FF |. |3BD0 |cmp edx,eax
00439601 |. |0F85 AF000000 |jnz 屏录专家.004396B6
00439607 |. |83BD 30FFFFFF 03 |cmp dword ptr ss:,3
0043960E |. |0F85 8F000000 |jnz 屏录专家.004396A3
00439614 |. |8B95 34FFFFFF |mov edx,dword ptr ss:
0043961A |. |81C2 444D0000 |add edx,4D44
00439620 |. |8995 B8FEFFFF |mov dword ptr ss:,edx
00439626 |. |DB85 B8FEFFFF |fild dword ptr ss: ;将注册码和展开成十进制
0043962C |. |DC0D 24A14300 |fmul qword ptr ds: ;*3.14
00439632 |. |DB2D 2CA14300 |fld tbyte ptr ds: ;*0.1594896331738
00439638 |. |DEC9 |fmulp st(1),st
0043963A |. |E8 3D860A00 |call 屏录专家.004E1C7C ;将浮点结果转化成整数
0043963F |. |8985 34FFFFFF |mov dword ptr ss:,eax
00439645 |. |8B85 34FFFFFF |mov eax,dword ptr ss:
0043964B |. |B9 A0860100 |mov ecx,186A0
00439650 |. |99 |cdq
00439651 |. |F7F9 |idiv ecx
00439653 |. |8995 34FFFFFF |mov dword ptr ss:,edx
00439659 |. |33C0 |xor eax,eax
0043965B |. |8985 28FFFFFF |mov dword ptr ss:,eax
00439661 |. |33D2 |xor edx,edx
00439663 |. |8995 24FFFFFF |mov dword ptr ss:,edx ;注册码前5位满足要求,则求注册码前19位和
00439669 |> |8B8D 24FFFFFF |/mov ecx,dword ptr ss: ;注册码求和
0043966F |. |0FBE840D BCFEFFFF ||movsx eax,byte ptr ss:
00439677 |. |0185 28FFFFFF ||add dword ptr ss:,eax
0043967D |. |FF85 24FFFFFF ||inc dword ptr ss:
00439683 |. |83BD 24FFFFFF 13 ||cmp dword ptr ss:,13
0043968A |.^|7C DD |\jl short 屏录专家.00439669
0043968C |. |8B85 28FFFFFF |mov eax,dword ptr ss: ;和放入eax
00439692 |. |B9 0A000000 |mov ecx,0A
00439697 |. |99 |cdq
00439698 |. |F7F9 |idiv ecx
0043969A |. |83C2 30 |add edx,30
0043969D |. |8995 28FFFFFF |mov dword ptr ss:,edx
004396A3 |> |FF85 30FFFFFF |inc dword ptr ss:
004396A9 |. |83BD 30FFFFFF 05 |cmp dword ptr ss:,5
004396B0 |.^\0F8C 2AFFFFFF \jl 屏录专家.004395E0
继续下面的执行
004396B6 |> \83BD 30FFFFFF 05 cmp dword ptr ss:,5
004396BD 0F8C 030A0000 jl 屏录专家.0043A0C6
004396C3 |.0FBE85 CFFEFFFF movsx eax,byte ptr ss: ;注册码最后一位
004396CA |.3B85 28FFFFFF cmp eax,dword ptr ss: ;注册码和的个位
004396D0 74 10 je short 屏录专家.004396E2 ;该跳
004396D2 0FBE95 CFFEFFFF movsx edx,byte ptr ss:
004396D9 |.83FA 41 cmp edx,41
004396DC |.0F8C E4090000 jl 屏录专家.0043A0C6 ;出错
004396E2 |>8B85 34FFFFFF mov eax,dword ptr ss:
004396E8 |.B9 0A000000 mov ecx,0A ;5275
004396ED |.99 cdq
004396EE |.F7F9 idiv ecx
004396F0 |.8B85 30FFFFFF mov eax,dword ptr ss:
004396F6 |.0FBE8C05 BCFEFFFF movsx ecx,byte ptr ss: ;注册码第6位
004396FE |.83C1 BF add ecx,-41
00439701 |.2BCA sub ecx,edx ;5275除以A取余
00439703 |.898D 2CFFFFFF mov dword ptr ss:,ecx
00439709 |.83BD 2CFFFFFF 00 cmp dword ptr ss:,0
00439710 74 0D je short 屏录专家.0043971F ;该跳
00439712 |.83BD 2CFFFFFF 05 cmp dword ptr ss:,5
00439719 |.0F85 5C090000 jnz 屏录专家.0043A07B
0043971F |>66:C785 50FFFFFF 44>mov word ptr ss:,44
00439728 |.BA A6DD5000 mov edx,屏录专家.0050DDA6
0043972D |.8D45 E4 lea eax,dword ptr ss:
5、算法总结
我的机器码为:78577554305104500000
注册名为:kerfier
设机器码为:Comp;
注册名为:Name;
1、 temp += (Comp xor Name) * i;
2、 得到结果 S = 22732
3、 取22732拆成ASCII对应的字符,再分别加上0x14,比如 (2)对应 0x32,再加上 0x14,即为 F,经过处理得到注册码的前5位为:FFGKF
4、 将 S = S + 0x3039 + 0x4d44,再 S = S* 3.14 * 0.1594896331738437120,然后取整,取结果的个位M
5、 M = M + 0x41; 得到注册码的第6位
7、 对注册码的前19位求和(我在其中置7~19位为0),将得到的结果的个位作为注册码的第20位
我的机器码为:78577554305104500000
注册名为:kerfier
注册码为:FFGKFJ00000000000004
附C程序:
int i, tmp, account, bccount;
char cCode;
UpdateData(TRUE);
for ( i=0; i<20; i++)
cCode = 0x30;
account = 0;
for (i=0; i<m_strName.GetLength(); i++)
{
tmp = m_strName ^ m_strComp;
account = account + tmp * i;
}
for ( i= m_strName.GetLength(); i<20; i++)
{
tmp = m_strComp ^ 0;
account = account + tmp * i;
}
account = account + 0x3039;
bccount = account + 0x4d44;
bccount = bccount * 3.14 * 0.1594896331738437120;
bccount = bccount % 10;
cCode = bccount + 0x41;
for (i=4; i>=0; i--)
{
cCode = account % 10 + 0x14 + 0x30;
account = account / 10;
}
account = 0;
for ( i=0; i<6; i++)
account += cCode;
for ( i=6; i<19; i++)
account += 0x30;
cCode = account % 10 + 0x30;
m_strCode = cCode;
m_strCode.Delete(20,7);
UpdateData(FALSE); 呵呵,支持一下,继续努力~~~~~~~~ 支持一下。 代码有些乱,! 楼主,能不能做成个电子教程啊!
页:
[1]