|
|
【破解作者】 鹭影依凌
【作者邮箱】 [email][email protected][/email]
【使用工具】 OD v1.0 + Peid V0.94
【破解平台】 Win9x/NT/2000/XP
【软件名称】 Internet Download Manager 5.11 build 8
【软件简介】 提升你的下载速度最多达5倍,安排下载时程,或续传一半的软件。续传功能可以恢复因为断线、网络问题、计算机当机甚至无预警的停电导致下传到一半的软件。此程序具有动态档案分割、多重下载点技术,而且它会重复使用现有的联机,而不需再重新联机登入一遍。聪明的in-speed技术会动态地将所有设定应用到某种联机类型,以充分利用下载速度。支持下载队列、防火墙、代理服务器和映摄服务器、重新导向、cookies、需要验证的目录,以及各种不同的服务器平台。此程序紧密地与IE和 Netscape Communicator结合,自动地处理你的下载需求。此程序还具有下载逻辑最佳化功能、检查病毒,以及多种偏好设定。
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
相信下载过**站的破解视频的兄弟都用过这个吧(IDM)
昨天一上网,无意间打开IDM,程序提示非法注册码,然后变成了未注册?!!晕菜
xiao习xiao习....
OD载入,超级字符串搜索下,发现以下有用字符:
;=====================================================================
004A348A push 00597D08 fname
004A34E9 push 00597CFC lname
004A3521 push 00597F08 internet download manager
004A354A push 0059B048 email
004A35A4 push 00599CA0 serial
004A3640 mov eax, 00599D34 current_user
004A3647 mov eax, 00599D2C machinecurrent_user
;=====================================================================
试练码
fname:luying10
lname:crack
email:[email protected]
SerNm:"98765-3210A-CDEFG-IJKLM"
说明:
为什么序列号要用上面的格式
跟踪一个回合下来就知道了
;---------------------------------------------------------------------
004A2FB0 /. 55 push ebp ; //开始
004A2FB1 |. 8BEC mov ebp, esp
004A2FB3 |. 6A FF push -1
004A2FB5 |. 68 51665500 push 00556651 ; SE 处理程序安装
004A2FBA |. 64:A1 0000000>mov eax, dword ptr fs:[0]
004A2FC0 |. 50 push eax
004A2FC1 |. 64:8925 00000>mov dword ptr fs:[0], esp
004A2FC8 |. 81EC DC010000 sub esp, 1DC
004A2FCE |. 53 push ebx
004A2FCF |. 56 push esi
004A2FD0 |. 57 push edi
004A2FD1 |. 8D85 CCFEFFFF lea eax, dword ptr [ebp-134]
004A2FD7 |. 8965 F0 mov dword ptr [ebp-10], esp ; |*|一下开始初始化密码表
004A2FDA |. 6A 32 push 32 ; /Arg3 = 00000032
004A2FDC |. 8BD9 mov ebx, ecx ; |
004A2FDE |. 50 push eax ; |Arg2
004A2FDF |. 68 B0040000 push 4B0 ; |Arg1 = 000004B0
004A2FE4 |. 895D E0 mov dword ptr [ebp-20], ebx ; |
004A2FE7 |. C605 08AC5B00>mov byte ptr [5BAC08], 32 ; |
004A2FEE |. C605 09AC5B00>mov byte ptr [5BAC09], 59 ; |
004A2FF5 |. C605 0AAC5B00>mov byte ptr [5BAC0A], 4F ; |
004A2FFC |. C605 0BAC5B00>mov byte ptr [5BAC0B], 50 ; |
004A3003 |. C605 0CAC5B00>mov byte ptr [5BAC0C], 42 ; |
004A300A |. C605 0DAC5B00>mov byte ptr [5BAC0D], 33 ; |
004A3011 |. C605 0EAC5B00>mov byte ptr [5BAC0E], 41 ; |
004A3018 |. C605 0FAC5B00>mov byte ptr [5BAC0F], 51 ; |
004A301F |. C605 10AC5B00>mov byte ptr [5BAC10], 43 ; |
004A3026 |. C605 11AC5B00>mov byte ptr [5BAC11], 56 ; |
004A302D |. C605 12AC5B00>mov byte ptr [5BAC12], 55 ; |
004A3034 |. C605 13AC5B00>mov byte ptr [5BAC13], 58 ; |
004A303B |. C605 14AC5B00>mov byte ptr [5BAC14], 4D ; |
004A3042 |. C605 15AC5B00>mov byte ptr [5BAC15], 4E ; |
004A3049 |. C605 16AC5B00>mov byte ptr [5BAC16], 52 ; |
004A3050 |. C605 17AC5B00>mov byte ptr [5BAC17], 53 ; |
004A3057 |. C605 18AC5B00>mov byte ptr [5BAC18], 39 ; |
004A305E |. C605 19AC5B00>mov byte ptr [5BAC19], 37 ; |
004A3065 |. C605 1AAC5B00>mov byte ptr [5BAC1A], 57 ; |
004A306C |. C605 1BAC5B00>mov byte ptr [5BAC1B], 45 ; |
004A3073 |. C605 1CAC5B00>mov byte ptr [5BAC1C], 30 ; |
004A307A |. C605 1DAC5B00>mov byte ptr [5BAC1D], 49 ; |
004A3081 |. C605 1EAC5B00>mov byte ptr [5BAC1E], 5A ; |
004A3088 |. C605 1FAC5B00>mov byte ptr [5BAC1F], 44 ; |
004A308F |. C605 20AC5B00>mov byte ptr [5BAC20], 34 ; |
004A3096 |. C605 21AC5B00>mov byte ptr [5BAC21], 4B ; |
004A309D |. C605 22AC5B00>mov byte ptr [5BAC22], 4C ; |
004A30A4 |. C605 23AC5B00>mov byte ptr [5BAC23], 46 ; |
004A30AB |. C605 24AC5B00>mov byte ptr [5BAC24], 47 ; |
004A30B2 |. C605 25AC5B00>mov byte ptr [5BAC25], 48 ; |
004A30B9 |. C605 26AC5B00>mov byte ptr [5BAC26], 4A ; |
004A30C0 |. C605 27AC5B00>mov byte ptr [5BAC27], 38 ; |
004A30C7 |. C605 28AC5B00>mov byte ptr [5BAC28], 31 ; |
004A30CE |. C605 29AC5B00>mov byte ptr [5BAC29], 36 ; |
004A30D5 |. C605 2AAC5B00>mov byte ptr [5BAC2A], 35 ; |
004A30DC |. C605 2BAC5B00>mov byte ptr [5BAC2B], 54 ; |
004A30E3 |. C745 FC 00000>mov dword ptr [ebp-4], 0 ; |
004A30EA |. E8 9C3E0900 call 00536F8B ; \IDMan.00536F8B
004A30EF |. 85C0 test eax, eax
004A30F1 |. 75 0F jnz short 004A3102 ; //不跳就挂(跳转实现)
004A30F3 |. 8B0D 9CB25B00 mov ecx, dword ptr [5BB29C]
004A30F9 |. 50 push eax
004A30FA |. 68 087F5900 push 00597F08 ; internet download manager
004A30FF |. 51 push ecx
004A3100 |. EB 4D jmp short 004A314F ; //跳则挂
004A3102 |> 8D95 34FFFFFF lea edx, dword ptr [ebp-CC]
004A3108 |. 6A 32 push 32 ; /Arg3 = 00000032
004A310A |. 52 push edx ; |Arg2
004A310B |. 68 13040000 push 413 ; |Arg1 = 00000413
004A3110 |. 8BCB mov ecx, ebx ; |
004A3112 |. E8 743E0900 call 00536F8B ; \IDMan.00536F8B
004A3117 |. 85C0 test eax, eax
004A3119 |. 75 0E jnz short 004A3129 ; //不跳就挂(跳转实现)
004A311B |. 50 push eax
004A311C |. A1 98B25B00 mov eax, dword ptr [5BB298]
004A3121 |. 68 087F5900 push 00597F08 ; internet download manager
004A3126 |. 50 push eax
004A3127 |. EB 26 jmp short 004A314F ; //跳则挂
004A3129 |> 8D8D 00FFFFFF lea ecx, dword ptr [ebp-100]
004A312F |. 6A 32 push 32 ; /Arg3 = 00000032
004A3131 |. 51 push ecx ; |Arg2
004A3132 |. 68 A5040000 push 4A5 ; |Arg1 = 000004A5
004A3137 |. 8BCB mov ecx, ebx ; |
004A3139 |. E8 4D3E0900 call 00536F8B ; \IDMan.00536F8B
004A313E |. 85C0 test eax, eax
004A3140 |. 75 25 jnz short 004A3167 ; //
004A3142 |. 8B15 94B25B00 mov edx, dword ptr [5BB294]
004A3148 |. 50 push eax
004A3149 |. 68 087F5900 push 00597F08 ; internet download manager
004A314E |> 52 push edx
004A314F |> 8BCB mov ecx, ebx
004A3151 |> E8 A2290900 call 00535AF8 ; //提示序列号错误
004A3156 |. 8B4D F4 mov ecx, dword ptr [ebp-C]
004A3159 |. 64:890D 00000>mov dword ptr fs:[0], ecx
004A3160 |. 5F pop edi
004A3161 |. 5E pop esi
004A3162 |. 5B pop ebx
004A3163 |. 8BE5 mov esp, ebp
004A3165 |. 5D pop ebp
004A3166 |. C3 retn
004A3167 |> 8D45 88 lea eax, dword ptr [ebp-78]
004A316A |. 6A 32 push 32 ; /Arg3 = 00000032
004A316C |. 50 push eax ; |Arg2
004A316D |. 68 AA040000 push 4AA ; |Arg1 = 000004AA
004A3172 |. 8BCB mov ecx, ebx ; |
004A3174 |. E8 123E0900 call 00536F8B ; \IDMan.00536F8B
004A3179 |. 85C0 test eax, eax
004A317B |. 75 0F jnz short 004A318C ; //不跳就挂(跳转实现)
004A317D |. 8B0D 90B25B00 mov ecx, dword ptr [5BB290]
004A3183 |. 50 push eax
004A3184 |. 68 087F5900 push 00597F08 ; internet download manager
004A3189 |. 51 push ecx
004A318A |.^ EB C3 jmp short 004A314F ; //跳则挂
;--------------------------------------------------------------------|
004A318C |> B2 20 mov dl, 20 ; 20 = ' '
004A318E |> 3855 88 /cmp byte ptr [ebp-78], dl ; >>>排除序列号前面的空格
004A3191 75 56 jnz short 004A31E9 ; //跳走
004A3193 |. 8D7D 89 |lea edi, dword ptr [ebp-77]
004A3196 |. 83C9 FF |or ecx, FFFFFFFF
004A3199 |. 33C0 |xor eax, eax
004A319B |. 8DB5 18FEFFFF |lea esi, dword ptr [ebp-1E8]
004A31A1 |. F2:AE |repne scas byte ptr es:[edi]
004A31A3 |. F7D1 |not ecx
004A31A5 |. 2BF9 |sub edi, ecx
004A31A7 |. 8975 E8 |mov dword ptr [ebp-18], esi
004A31AA |. 8BC1 |mov eax, ecx
004A31AC |. 8BF7 |mov esi, edi
004A31AE |. 8B7D E8 |mov edi, dword ptr [ebp-18]
004A31B1 |. C1E9 02 |shr ecx, 2
004A31B4 |. F3:A5 |rep movs dword ptr es:[edi], dword >
004A31B6 |. 8BC8 |mov ecx, eax
004A31B8 |. 33C0 |xor eax, eax
004A31BA |. 83E1 03 |and ecx, 3
004A31BD |. F3:A4 |rep movs byte ptr es:[edi], byte pt>
004A31BF |. 8DBD 18FEFFFF |lea edi, dword ptr [ebp-1E8]
004A31C5 |. 83C9 FF |or ecx, FFFFFFFF
004A31C8 |. F2:AE |repne scas byte ptr es:[edi]
004A31CA |. F7D1 |not ecx
004A31CC |. 8D75 88 |lea esi, dword ptr [ebp-78]
004A31CF |. 2BF9 |sub edi, ecx
004A31D1 |. 8BC1 |mov eax, ecx
004A31D3 |. 8975 E8 |mov dword ptr [ebp-18], esi
004A31D6 |. 8BF7 |mov esi, edi
004A31D8 |. 8B7D E8 |mov edi, dword ptr [ebp-18]
004A31DB |. C1E9 02 |shr ecx, 2
004A31DE |. F3:A5 |rep movs dword ptr es:[edi], dword >
004A31E0 |. 8BC8 |mov ecx, eax
004A31E2 |. 83E1 03 |and ecx, 3
004A31E5 |. F3:A4 |rep movs byte ptr es:[edi], byte pt>
004A31E7 |.^ EB A5 \jmp short 004A318E
;--------------------------------------------------------------------|
004A31E9 |> 8D7D 88 lea edi, dword ptr [ebp-78]
004A31EC |. 83C9 FF or ecx, FFFFFFFF
004A31EF |. 33C0 xor eax, eax
004A31F1 |. F2:AE repne scas byte ptr es:[edi]
004A31F3 |. F7D1 not ecx
004A31F5 |. 49 dec ecx ; >>>检测序列号是否为空
004A31F6 |. 75 12 jnz short 004A320A ; //不跳就挂(跳转实现)
004A31F8 |. 8B0D 8CB25B00 mov ecx, dword ptr [5BB28C]
004A31FE |. 50 push eax
004A31FF |. 68 087F5900 push 00597F08 ; internet download manager
004A3204 |. 51 push ecx
004A3205 |.^ E9 45FFFFFF jmp 004A314F ; //跳则挂
;--------------------------------------------------------------------|
004A320A |> 8D7D 88 /lea edi, dword ptr [ebp-78]
004A320D |. 83C9 FF |or ecx, FFFFFFFF
004A3210 |. 33C0 |xor eax, eax
004A3212 |. F2:AE |repne scas byte ptr es:[edi]
004A3214 |. F7D1 |not ecx
004A3216 |. 49 |dec ecx
004A3217 |. 38540D 87 |cmp byte ptr [ebp+ecx-79], dl ; >>>排除序列号后面的空格
004A321B |. 75 13 |jnz short 004A3230 ; //跳走
004A321D |. 8D7D 88 |lea edi, dword ptr [ebp-78]
004A3220 |. 83C9 FF |or ecx, FFFFFFFF
004A3223 |. 33C0 |xor eax, eax
004A3225 |. F2:AE |repne scas byte ptr es:[edi]
004A3227 |. F7D1 |not ecx
004A3229 |. 49 |dec ecx
004A322A |. 88440D 87 |mov byte ptr [ebp+ecx-79], al
004A322E |.^ EB DA \jmp short 004A320A
;--------------------------------------------------------------------|
004A3230 |> 8D55 88 lea edx, dword ptr [ebp-78]
004A3233 |. 52 push edx
004A3234 |. E8 E0BF0700 call 0051F219 ; |*|将序列号转化为大写
004A3239 |. 8D7D 88 lea edi, dword ptr [ebp-78]
004A323C |. 83C9 FF or ecx, FFFFFFFF
004A323F |. 33C0 xor eax, eax
004A3241 |. 83C4 04 add esp, 4
004A3244 |. F2:AE repne scas byte ptr es:[edi]
004A3246 |. F7D1 not ecx
004A3248 |. 49 dec ecx
004A3249 |. 83F9 17 cmp ecx, 17 ; >>>检测序列号长度是否为23位
004A324C |. 0F85 FD050000 jnz 004A384F ; //跳则挂
;--------------------------------------------------------------------|
004A3252 |. 8A4D 8D mov cl, byte ptr [ebp-73] ; 序列号第6位
004A3255 |. 8845 EF mov byte ptr [ebp-11], al
004A3258 |. B0 2D mov al, 2D ; 2D = '-'
004A325A |. 3AC8 cmp cl, al
004A325C |. 75 0A jnz short 004A3268
004A325E |. 3845 93 cmp byte ptr [ebp-6D], al ; 序列号第12位
004A3261 |. 75 05 jnz short 004A3268
004A3263 |. 3845 99 cmp byte ptr [ebp-67], al ; 序列号第18位
004A3266 |. 74 04 je short 004A326C
004A3268 |> C645 EF 01 mov byte ptr [ebp-11], 1
004A326C |> 8D45 88 lea eax, dword ptr [ebp-78] ; (ASCII "98765-3210A-CDEFG-IJKLM")
004A326F |. 6A 05 push 5
004A3271 |. 8D4D BC lea ecx, dword ptr [ebp-44]
004A3274 |. 50 push eax
004A3275 |. 51 push ecx
004A3276 |. E8 F5970700 call 0051CA70
004A327B |. 8D55 8E lea edx, dword ptr [ebp-72] ; (ASCII "3210A-CDEFG-IJKLM")
004A327E |. 6A 05 push 5
004A3280 |. 8D45 C4 lea eax, dword ptr [ebp-3C]
004A3283 |. 52 push edx
004A3284 |. 50 push eax
004A3285 |. E8 E6970700 call 0051CA70
004A328A |. 8D4D 94 lea ecx, dword ptr [ebp-6C] ; (ASCII "CDEFG-IJKLM")
004A328D |. 6A 05 push 5
004A328F |. 8D55 CC lea edx, dword ptr [ebp-34]
004A3292 |. 51 push ecx
004A3293 |. 52 push edx
004A3294 |. E8 D7970700 call 0051CA70
004A3299 |. 8D45 9A lea eax, dword ptr [ebp-66] ; (ASCII "IJKLM")
004A329C |. 6A 05 push 5
004A329E |. 8D4D D4 lea ecx, dword ptr [ebp-2C]
004A32A1 |. 50 push eax
004A32A2 |. 51 push ecx
004A32A3 |. E8 C8970700 call 0051CA70
;--------------------------------------------------------------------| //第一段
004A32A8 |. 33FF xor edi, edi ; EDI置零
004A32AA |. 83C4 30 add esp, 30
004A32AD |. C645 C1 00 mov byte ptr [ebp-3F], 0
004A32B1 |. C645 C9 00 mov byte ptr [ebp-37], 0
004A32B5 |. C645 D1 00 mov byte ptr [ebp-2F], 0
004A32B9 |. C645 D9 00 mov byte ptr [ebp-27], 0
004A32BD |. 897D E8 mov dword ptr [ebp-18], edi
004A32C0 |. 33F6 xor esi, esi ; ESI置零
004A32C2 |> 83FE 05 cmp esi, 5 ; 循环5次
004A32C5 |. 7D 32 jge short 004A32F9 ; 跳出循环体
004A32C7 |. 8A5435 BC mov dl, byte ptr [ebp+esi-44] ; 序列号第i位
004A32CB |. 83C9 FF or ecx, FFFFFFFF ; ECX = -1
004A32CE |. 33C0 xor eax, eax ; EAX置零
004A32D0 |> 83F8 24 /cmp eax, 24
004A32D3 |. 7D 0A |jge short 004A32DF
004A32D5 |. 3890 08AC5B00 |cmp byte ptr [eax+5BAC08], dl ; 与密码表对比
004A32DB |. 75 15 |jnz short 004A32F2 ; 不相等则查找密码表下一个字符
004A32DD |. 8BC8 |mov ecx, eax ; ECX = EAX
004A32DF |> 83F9 FF |cmp ecx, -1 ; (未找到字符)
004A32E2 |. 74 11 |je short 004A32F5 ; 跳出循环体
004A32E4 |. 8D14FF |lea edx, dword ptr [edi+edi*8] ; EDX = EDI + EDO*8
004A32E7 |. 03CF |add ecx, edi ; ECX = ECX + EDI
004A32E9 |. 46 |inc esi ; ESI++
004A32EA |. 8D3C91 |lea edi, dword ptr [ecx+edx*4] ; EDI = ECX + EDX*4
004A32ED |. 897D E8 |mov dword ptr [ebp-18], edi ; [ebp-18] = edi
004A32F0 |.^ EB D0 |jmp short 004A32C2 ; 循环(扫描下一个字符)
004A32F2 |> 40 |inc eax ; EAX++
004A32F3 |.^ EB DB \jmp short 004A32D0 ; 循环
004A32F5 |> C645 EF 01 mov byte ptr [ebp-11], 1 ; [ebp-11] = 1
;--------------------------------------------------------------------| //第二段
004A32F9 |> 33FF xor edi, edi
004A32FB |. 33F6 xor esi, esi
004A32FD |. 897D E4 mov dword ptr [ebp-1C], edi
004A3300 |> 83FE 05 cmp esi, 5
004A3303 |. 7D 32 jge short 004A3337
004A3305 |. 8A5435 C4 mov dl, byte ptr [ebp+esi-3C] ; 序列号第7位
004A3309 |. 83C9 FF or ecx, FFFFFFFF
004A330C |. 33C0 xor eax, eax
004A330E |> 83F8 24 /cmp eax, 24
004A3311 |. 7D 0A |jge short 004A331D
004A3313 |. 3890 08AC5B00 |cmp byte ptr [eax+5BAC08], dl
004A3319 |. 75 15 |jnz short 004A3330
004A331B |. 8BC8 |mov ecx, eax
004A331D |> 83F9 FF |cmp ecx, -1
004A3320 |. 74 11 |je short 004A3333
004A3322 |. 8D04FF |lea eax, dword ptr [edi+edi*8]
004A3325 |. 03CF |add ecx, edi
004A3327 |. 46 |inc esi
004A3328 |. 8D3C81 |lea edi, dword ptr [ecx+eax*4]
004A332B |. 897D E4 |mov dword ptr [ebp-1C], edi ; //[ebp-1C] = edi
004A332E |.^ EB D0 |jmp short 004A3300
004A3330 |> 40 |inc eax
004A3331 |.^ EB DB \jmp short 004A330E
004A3333 |> C645 EF 01 mov byte ptr [ebp-11], 1
;--------------------------------------------------------------------| //第三段
004A3337 |> 33DB xor ebx, ebx
004A3339 |. 33F6 xor esi, esi
004A333B |> 83FE 05 cmp esi, 5
004A333E |. 7D 2F jge short 004A336F
004A3340 |. 8A5435 CC mov dl, byte ptr [ebp+esi-34] ; 序列号第13位
004A3344 |. 83C9 FF or ecx, FFFFFFFF
004A3347 |. 33C0 xor eax, eax
004A3349 |> 83F8 24 /cmp eax, 24
004A334C |. 7D 0A |jge short 004A3358
004A334E |. 3890 08AC5B00 |cmp byte ptr [eax+5BAC08], dl
004A3354 |. 75 12 |jnz short 004A3368
004A3356 |. 8BC8 |mov ecx, eax
004A3358 |> 83F9 FF |cmp ecx, -1
004A335B |. 74 0E |je short 004A336B
004A335D |. 8D14DB |lea edx, dword ptr [ebx+ebx*8]
004A3360 |. 03CB |add ecx, ebx
004A3362 |. 46 |inc esi
004A3363 |. 8D1C91 |lea ebx, dword ptr [ecx+edx*4]
004A3366 |.^ EB D3 |jmp short 004A333B
004A3368 |> 40 |inc eax
004A3369 |.^ EB DE \jmp short 004A3349
004A336B |> C645 EF 01 mov byte ptr [ebp-11], 1
;--------------------------------------------------------------------| //第四段
004A336F |> 33FF xor edi, edi
004A3371 |. 33F6 xor esi, esi
004A3373 |> 83FE 05 cmp esi, 5
004A3376 |. 7D 2B jge short 004A33A3
004A3378 |. 8A5435 D4 mov dl, byte ptr [ebp+esi-2C] ; 序列号第19位
004A337C |. 83C9 FF or ecx, FFFFFFFF
004A337F |. 33C0 xor eax, eax
004A3381 |> 83F8 24 /cmp eax, 24
004A3384 |. 7D 0A |jge short 004A3390
004A3386 |. 3890 08AC5B00 |cmp byte ptr [eax+5BAC08], dl
004A338C |. 75 12 |jnz short 004A33A0
004A338E |. 8BC8 |mov ecx, eax
004A3390 |> 83F9 FF |cmp ecx, -1
004A3393 |. 74 15 |je short 004A33AA
004A3395 |. 8D04FF |lea eax, dword ptr [edi+edi*8]
004A3398 |. 03CF |add ecx, edi
004A339A |. 46 |inc esi
004A339B |. 8D3C81 |lea edi, dword ptr [ecx+eax*4]
004A339E |.^ EB D3 |jmp short 004A3373
004A33A0 |> 40 |inc eax
004A33A1 |.^ EB DE \jmp short 004A3381
004A33A3 |> 8A45 EF mov al, byte ptr [ebp-11]
004A33A6 |. 84C0 test al, al
004A33A8 |. 74 16 je short 004A33C0 ; //跳走(实现)
;--------------------------------------------------------------------|
004A33AA |> 8B0D 8CB25B00 mov ecx, dword ptr [5BB28C]
004A33B0 |. 6A 00 push 0
004A33B2 |. 68 087F5900 push 00597F08 ; internet download manager
004A33B7 |. 51 push ecx
004A33B8 |. 8B4D E0 mov ecx, dword ptr [ebp-20]
004A33BB |.^ E9 91FDFFFF jmp 004A3151 ; //不跳则挂
004A33C0 |> 8B4D E8 mov ecx, dword ptr [ebp-18] ; ECX = [EBP-18]
004A33C3 |. BE 2B000000 mov esi, 2B ; ESI = 2B
004A33C8 |. 8BC1 mov eax, ecx ; EAX =ECX
004A33CA |. 99 cdq ; EDX = 0
004A33CB |. F7FE idiv esi ; EDX = EAX % ESI
004A33CD |. 85D2 test edx, edx ;
004A33CF |. 75 04 jnz short 004A33D5 ; //跳就挂
004A33D1 |. 85C9 test ecx, ecx ;
004A33D3 |. 75 04 jnz short 004A33D9 ; //不跳就挂
004A33D5 |> C645 EF 01 mov byte ptr [ebp-11], 1 ; [ebp-11] = 1
004A33D9 |> 8B4D E4 mov ecx, dword ptr [ebp-1C] ; ECX = [EBP-1C]
004A33DC |. BE 17000000 mov esi, 17 ; ESI = 17
004A33E1 |. 8BC1 mov eax, ecx ; EAX = ECX
004A33E3 |. 99 cdq ; EDX = 0
004A33E4 |. F7FE idiv esi ; EDX = EAX % ESI
004A33E6 |. 85D2 test edx, edx ;
004A33E8 |. 75 04 jnz short 004A33EE ; //跳则挂
004A33EA |. 85C9 test ecx, ecx ;
004A33EC |. 75 04 jnz short 004A33F2 ; //不跳就挂
004A33EE |> C645 EF 01 mov byte ptr [ebp-11], 1 ; [ebp-11] = 1
004A33F2 |> 8BC3 mov eax, ebx ; EAX = EBX
004A33F4 |. B9 11000000 mov ecx, 11 ; ECX = 11
004A33F9 |. 99 cdq ; EDX = 0
004A33FA |. F7F9 idiv ecx ; EDX = EAX % ECX
004A33FC |. 85D2 test edx, edx ;
004A33FE |. 75 04 jnz short 004A3404 ; //跳则挂
004A3400 |. 85DB test ebx, ebx ;
004A3402 |. 75 04 jnz short 004A3408 ; //不跳就挂
004A3404 |> C645 EF 01 mov byte ptr [ebp-11], 1 ; [ebp-11] = 1
004A3408 |> 8BC7 mov eax, edi ; EAX = EDI
004A340A |. B9 35000000 mov ecx, 35 ; ECX = 35
004A340F |. 99 cdq ; EDX = 0
004A3410 |. F7F9 idiv ecx ; EDX = EAX % ECX
004A3412 |. 85D2 test edx, edx ; (EAX与ECX要整除)
004A3414 |. 75 0B jnz short 004A3421 ; //跳则挂
004A3416 |. 85FF test edi, edi ; (EDI要不等于0)
004A3418 |. 74 07 je short 004A3421 ; //跳则挂
004A341A |. 8A45 EF mov al, byte ptr [ebp-11] ; al = [ebp-11]
004A341D |. 84C0 test al, al ; (al需等于0)
004A341F |. 74 16 je short 004A3437 ; //不跳则挂
004A3421 |> 8B15 8CB25B00 mov edx, dword ptr [5BB28C]
004A3427 |. 8B4D E0 mov ecx, dword ptr [ebp-20]
004A342A |. 6A 00 push 0
004A342C |. 68 087F5900 push 00597F08 ; internet download manager
004A3431 |. 52 push edx
004A3432 |.^ E9 1AFDFFFF jmp 004A3151 ; //跳则挂
004A3437 |> 8D45 DC lea eax, dword ptr [ebp-24]
004A343A |. 6A 00 push 0 ; /pDisposition = NULL
004A343C |. 50 push eax ; |pHandle
004A343D |. 6A 00 push 0 ; |pSecurity = NULL
004A343F |. 68 3F000F00 push 0F003F ; |Access = KEY_ALL_ACCESS
004A3444 |. 6A 00 push 0 ; |Options = REG_OPTION_NON_VOLATILE
004A3446 |. 6A 00 push 0 ; |Class = NULL
004A3448 |. 6A 00 push 0 ; |Reserved = 0
004A344A |. 68 107D5900 push 00597D10 ; |software\internet download manager
004A344F |. 68 02000080 push 80000002 ; |hKey = HKEY_LOCAL_MACHINE
004A3454 |. FF15 0CD05500 call dword ptr [<&ADVAPI32.RegCreateK>; \RegCreateKeyExA
004A345A |. 85C0 test eax, eax
004A345C |. 74 09 je short 004A3467
004A345E |. 8B0D BCA85B00 mov ecx, dword ptr [5BA8BC]
004A3464 |. 894D DC mov dword ptr [ebp-24], ecx
004A3467 |> 8DBD CCFEFFFF lea edi, dword ptr [ebp-134] ; //EDI = 用户名
004A346D |. 83C9 FF or ecx, FFFFFFFF
004A3470 |. 33C0 xor eax, eax
004A3472 |. 8B35 08D05500 mov esi, dword ptr [<&ADVAPI32.RegSe>; ADVAPI32.RegSetValueExA
004A3478 |. F2:AE repne scas byte ptr es:[edi]
004A347A |. F7D1 not ecx
004A347C |. 8D95 CCFEFFFF lea edx, dword ptr [ebp-134]
004A3482 |. 51 push ecx ; /BufSize
004A3483 |. 52 push edx ; |Buffer
004A3484 |. 6A 01 push 1 ; |ValueType = REG_SZ
004A3486 |. 50 push eax ; |Reserved => 0
004A3487 |. 8B45 DC mov eax, dword ptr [ebp-24] ; |
004A348A |. 68 087D5900 push 00597D08 ; |fname
004A348F |. 50 push eax ; |hKey
004A3490 |. FFD6 call esi ; \RegSetValueExA
004A3492 |. 85C0 test eax, eax
004A3494 |. 74 36 je short 004A34CC ; //不跳则挂
004A3496 |. 50 push eax
004A3497 |. 8D8D 4CFEFFFF lea ecx, dword ptr [ebp-1B4]
004A349D |. 68 CCC05A00 push 005AC0CC ; reg err1 in crgdlg::onok, err = %
ldcregistrationdlg::oncancel()
004A34A2 |. 51 push ecx
004A34A3 |. E8 409C0700 call 0051D0E8
004A34A8 |. 8D95 4CFEFFFF lea edx, dword ptr [ebp-1B4]
004A34AE |> 52 push edx
004A34AF |. E8 3CDBFAFF call 00450FF0
004A34B4 |. A1 44B55B00 mov eax, dword ptr [5BB544]
004A34B9 |. 8B4D E0 mov ecx, dword ptr [ebp-20]
004A34BC |. 83C4 10 add esp, 10
004A34BF |. 6A 00 push 0
004A34C1 |. 68 087F5900 push 00597F08 ; internet download manager
004A34C6 |. 50 push eax
004A34C7 |.^ E9 85FCFFFF jmp 004A3151 ; //跳则挂
004A34CC |> 8DBD 34FFFFFF lea edi, dword ptr [ebp-CC] ; //EDI = 公司
004A34D2 |. 83C9 FF or ecx, FFFFFFFF
004A34D5 |. 33C0 xor eax, eax
004A34D7 |. 8B55 DC mov edx, dword ptr [ebp-24]
004A34DA |. F2:AE repne scas byte ptr es:[edi]
004A34DC |. F7D1 not ecx
004A34DE |. 51 push ecx
004A34DF |. 8D8D 34FFFFFF lea ecx, dword ptr [ebp-CC]
004A34E5 |. 51 push ecx
004A34E6 |. 6A 01 push 1
004A34E8 |. 50 push eax
004A34E9 |. 68 FC7C5900 push 00597CFC ; lname
004A34EE |. 52 push edx
004A34EF |. FFD6 call esi
004A34F1 |. 85C0 test eax, eax
004A34F3 |. 74 37 je short 004A352C ; //不跳则挂
004A34F5 |. 50 push eax
004A34F6 |. 8D85 4CFEFFFF lea eax, dword ptr [ebp-1B4]
004A34FC |. 68 A8C05A00 push 005AC0A8 ; reg err2 in crgdlg::onok, err = %ldreg err1 in
crgdlg::onok, err = %ldcregistrationdlg::oncancel()
004A3501 |. 50 push eax
004A3502 |. E8 E19B0700 call 0051D0E8
004A3507 |. 8D8D 4CFEFFFF lea ecx, dword ptr [ebp-1B4]
004A350D |. 51 push ecx
004A350E |. E8 DDDAFAFF call 00450FF0
004A3513 |. 8B15 44B55B00 mov edx, dword ptr [5BB544]
004A3519 |. 8B4D E0 mov ecx, dword ptr [ebp-20]
004A351C |. 83C4 10 add esp, 10
004A351F |. 6A 00 push 0
004A3521 |. 68 087F5900 push 00597F08 ; internet download manager
004A3526 |. 52 push edx
004A3527 |.^ E9 25FCFFFF jmp 004A3151 ; //跳则挂
004A352C |> 8DBD 00FFFFFF lea edi, dword ptr [ebp-100] ; //EDI = 邮箱
004A3532 |. 83C9 FF or ecx, FFFFFFFF
004A3535 |. 33C0 xor eax, eax
004A3537 |. F2:AE repne scas byte ptr es:[edi]
004A3539 |. F7D1 not ecx
004A353B |. 8D85 00FFFFFF lea eax, dword ptr [ebp-100]
004A3541 |. 51 push ecx
004A3542 |. 8B4D DC mov ecx, dword ptr [ebp-24]
004A3545 |. 50 push eax
004A3546 |. 6A 01 push 1
004A3548 |. 6A 00 push 0
004A354A |. 68 48B05900 push 0059B048 ; email
004A354F |. 51 push ecx
004A3550 |. FFD6 call esi
004A3552 |. 85C0 test eax, eax
004A3554 |. 74 37 je short 004A358D ; //跳则挂
004A3556 |. 50 push eax
004A3557 |. 8D95 4CFEFFFF lea edx, dword ptr [ebp-1B4]
004A355D |. 68 84C05A00 push 005AC084 ; reg err3 in crgdlg::onok, err = %ldreg err2 in
crgdlg::onok, err = %ldreg err1 in crgdlg::onok, err = %ldcregistrationdlg::oncancel()
004A3562 |. 52 push edx
004A3563 |. E8 809B0700 call 0051D0E8
004A3568 |. 8D85 4CFEFFFF lea eax, dword ptr [ebp-1B4]
004A356E |. 50 push eax
004A356F |. E8 7CDAFAFF call 00450FF0
004A3574 |. 8B0D 44B55B00 mov ecx, dword ptr [5BB544]
004A357A |. 83C4 10 add esp, 10
004A357D |. 6A 00 push 0
004A357F |. 68 087F5900 push 00597F08 ; internet download manager
004A3584 |. 51 push ecx
004A3585 |. 8B4D E0 mov ecx, dword ptr [ebp-20]
004A3588 |.^ E9 C4FBFFFF jmp 004A3151 ; //跳则挂
004A358D |> 8D7D 88 lea edi, dword ptr [ebp-78] ; //EDI = 序列号
004A3590 |. 83C9 FF or ecx, FFFFFFFF
004A3593 |. 33C0 xor eax, eax
004A3595 |. 8D55 88 lea edx, dword ptr [ebp-78]
004A3598 |. F2:AE repne scas byte ptr es:[edi]
004A359A |. F7D1 not ecx
004A359C |. 51 push ecx
004A359D |. 52 push edx
004A359E |. 6A 01 push 1
004A35A0 |. 50 push eax
004A35A1 |. 8B45 DC mov eax, dword ptr [ebp-24]
004A35A4 |. 68 A09C5900 push 00599CA0 ; serial
004A35A9 |. 50 push eax
004A35AA |. FFD6 call esi
004A35AC |. 85C0 test eax, eax
004A35AE |. 74 1D je short 004A35CD ; //跳则挂
004A35B0 |. 50 push eax
004A35B1 |. 8D8D 4CFEFFFF lea ecx, dword ptr [ebp-1B4]
004A35B7 |. 68 60C05A00 push 005AC060 ; reg err4 in crgdlg::onok, err = %ldreg err3 in
crgdlg::onok, err = %ldreg err2 in crgdlg::onok, err = %ldreg err1 in crgdlg::onok, err = %ldcregistrationdlg::oncancel()
004A35BC |. 51 push ecx
004A35BD |. E8 269B0700 call 0051D0E8
004A35C2 |. 8D95 4CFEFFFF lea edx, dword ptr [ebp-1B4]
004A35C8 |.^ E9 E1FEFFFF jmp 004A34AE
004A35CD |> A1 00AA5900 mov eax, dword ptr [59AA00]
004A35D2 |. 85C0 test eax, eax
004A35D4 |. 0F85 B9010000 jnz 004A3793
004A35DA |. 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
004A35E0 |. E8 CBDAFFFF call 004A10B0
004A35E5 |. 8D8D 68FFFFFF lea ecx, dword ptr [ebp-98]
004A35EB |. C645 FC 01 mov byte ptr [ebp-4], 1
004A35EF |. E8 BCDAFFFF call 004A10B0
004A35F4 |. A1 ACA85B00 mov eax, dword ptr [5BA8AC]
004A35F9 |. 8B15 DCAE5B00 mov edx, dword ptr [5BAEDC]
004A35FF |. 8B3D 04D05500 mov edi, dword ptr [<&ADVAPI32.RegOp>; ADVAPI32.RegOpenKeyExA
004A3605 |. 8D4D E4 lea ecx, dword ptr [ebp-1C]
004A3608 |. F7D8 neg eax
004A360A |. 51 push ecx ; /pHandle
004A360B |. 68 3F000F00 push 0F003F ; |Access = KEY_ALL_ACCESS
004A3610 |. 1BC0 sbb eax, eax ; |
004A3612 |. 6A 00 push 0 ; |Reserved = 0
004A3614 |. 05 02000080 add eax, 80000002 ; |
004A3619 |. 52 push edx ; |Subkey => "Software\Classes\CLSID\{6DDF00DB-1234-
46EC-8356-27E7B2051192}"
004A361A |. 50 push eax ; |hKey
004A361B |. FFD7 call edi ; \RegOpenKeyExA
004A361D |. 8BF0 mov esi, eax
004A361F |. 85F6 test esi, esi
004A3621 |. 0F84 87000000 je 004A36AE
004A3627 |. 83FE 02 cmp esi, 2
004A362A |. 74 7E je short 004A36AA
004A362C |. 8B0D CC5E5B00 mov ecx, dword ptr [5B5ECC] ; IDMan.005B5EE0
004A3632 |. 894D E8 mov dword ptr [ebp-18], ecx
004A3635 |. A1 ACA85B00 mov eax, dword ptr [5BA8AC]
004A363A |. C645 FC 03 mov byte ptr [ebp-4], 3
004A363E |. 85C0 test eax, eax
004A3640 |. B8 349D5900 mov eax, 00599D34 ; current_user
004A3645 |. 75 05 jnz short 004A364C
004A3647 |. B8 2C9D5900 mov eax, 00599D2C ; machinecurrent_user
004A364C |> 8B15 DCAE5B00 mov edx, dword ptr [5BAEDC]
004A3652 |. 52 push edx
004A3653 |. 50 push eax
004A3654 |. 8D45 E8 lea eax, dword ptr [ebp-18]
004A3657 |. 68 D4875900 push 005987D4 ; %s\%s
004A365C |. 50 push eax
004A365D |. E8 B8D20800 call 0053091A
004A3662 |. 8B4D E8 mov ecx, dword ptr [ebp-18]
004A3665 |. 83C4 10 add esp, 10
004A3668 |. 51 push ecx
004A3669 |. 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
004A366F |. E8 ECDAFFFF call 004A1160
004A3674 |. 85C0 test eax, eax
004A3676 |. 74 26 je short 004A369E
004A3678 |. 8B0D ACA85B00 mov ecx, dword ptr [5BA8AC]
004A367E |. A1 DCAE5B00 mov eax, dword ptr [5BAEDC]
004A3683 |. 8D55 E4 lea edx, dword ptr [ebp-1C]
004A3686 |. F7D9 neg ecx
004A3688 |. 52 push edx
004A3689 |. 68 3F000F00 push 0F003F
004A368E |. 1BC9 sbb ecx, ecx
004A3690 |. 6A 00 push 0
004A3692 |. 81C1 02000080 add ecx, 80000002
004A3698 |. 50 push eax
004A3699 |. 51 push ecx
004A369A |. FFD7 call edi
004A369C |. 8BF0 mov esi, eax
004A369E |> 8D4D E8 lea ecx, dword ptr [ebp-18]
004A36A1 |. C645 FC 02 mov byte ptr [ebp-4], 2
004A36A5 |. E8 5A440900 call 00537B04
004A36AA |> 85F6 test esi, esi
004A36AC |. 75 1D jnz short 004A36CB
004A36AE |> 8B55 E4 mov edx, dword ptr [ebp-1C] ; //
004A36B1 |. 8B1D 18D05500 mov ebx, dword ptr [<&ADVAPI32.RegDe>; ADVAPI32.RegDeleteValueA
004A36B7 |. 68 249D5900 push 00599D24 ; /mdata
004A36BC |. 52 push edx ; |hKey
004A36BD |. FFD3 call ebx ; \RegDeleteValueA
004A36BF |. 8B45 E4 mov eax, dword ptr [ebp-1C]
004A36C2 |. 50 push eax ; /hKey
004A36C3 |. FF15 54D05500 call dword ptr [<&ADVAPI32.RegCloseKe>; \RegCloseKey
004A36C9 |. EB 06 jmp short 004A36D1
004A36CB |> 8B1D 18D05500 mov ebx, dword ptr [<&ADVAPI32.RegDe>; ADVAPI32.RegDeleteValueA
004A36D1 |> 8D4D E4 lea ecx, dword ptr [ebp-1C]
004A36D4 |. 51 push ecx
004A36D5 |. 68 3F000F00 push 0F003F
004A36DA |. 6A 00 push 0
004A36DC |. 68 E49C5900 push 00599CE4 ; software\classes\clsid\{d5b91409-a8ca-4973-9a0b-
59f713d25671}
004A36E1 |. 68 01000080 push 80000001
004A36E6 |. FFD7 call edi
004A36E8 |. 8BF0 mov esi, eax
004A36EA |. 85F6 test esi, esi
004A36EC |. 74 64 je short 004A3752
004A36EE |. 83FE 02 cmp esi, 2
004A36F1 |. 74 5B je short 004A374E
004A36F3 |. 8B15 CC5E5B00 mov edx, dword ptr [5B5ECC] ; IDMan.005B5EE0
004A36F9 |. 8955 E8 mov dword ptr [ebp-18], edx
004A36FC |. 68 E49C5900 push 00599CE4 ; software\classes\clsid\{d5b91409-a8ca-4973-9a0b-
59f713d25671}
004A3701 |. 8D45 E8 lea eax, dword ptr [ebp-18]
004A3704 |. 68 D49C5900 push 00599CD4 ; current_user\%ssoftware\classes\clsid\{d5b91409-a8ca
-4973-9a0b-59f713d25671}
004A3709 |. 50 push eax
004A370A |. C645 FC 04 mov byte ptr [ebp-4], 4
004A370E |. E8 07D20800 call 0053091A
004A3713 |. 8B4D E8 mov ecx, dword ptr [ebp-18]
004A3716 |. 83C4 0C add esp, 0C
004A3719 |. 51 push ecx
004A371A |. 8D8D 68FFFFFF lea ecx, dword ptr [ebp-98]
004A3720 |. E8 3BDAFFFF call 004A1160
004A3725 |. 85C0 test eax, eax
004A3727 |. 74 19 je short 004A3742
004A3729 |. 8D55 E4 lea edx, dword ptr [ebp-1C]
004A372C |. 52 push edx
004A372D |. 68 3F000F00 push 0F003F
004A3732 |. 6A 00 push 0
004A3734 |. 68 E49C5900 push 00599CE4 ; software\classes\clsid\{d5b91409-a8ca-4973-9a0b-
59f713d25671}
004A3739 |. 68 01000080 push 80000001
004A373E |. FFD7 call edi
004A3740 |. 8BF0 mov esi, eax
004A3742 |> 8D4D E8 lea ecx, dword ptr [ebp-18]
004A3745 |. C645 FC 02 mov byte ptr [ebp-4], 2
004A3749 |. E8 B6430900 call 00537B04
004A374E |> 85F6 test esi, esi
004A3750 |. 75 15 jnz short 004A3767
004A3752 |> 8B45 E4 mov eax, dword ptr [ebp-1C]
004A3755 |. 68 249D5900 push 00599D24 ; mdata
004A375A |. 50 push eax
004A375B |. FFD3 call ebx
004A375D |. 8B4D E4 mov ecx, dword ptr [ebp-1C]
004A3760 |. 51 push ecx ; /hKey
004A3761 |. FF15 54D05500 call dword ptr [<&ADVAPI32.RegCloseKe>; \RegCloseKey
004A3767 |> 8B15 BCA85B00 mov edx, dword ptr [5BA8BC]
004A376D |. 68 E8CC5900 push 0059CCE8 ; ptrk_scdt
004A3772 |. 52 push edx
004A3773 |. FFD3 call ebx
004A3775 |. 8D8D 68FFFFFF lea ecx, dword ptr [ebp-98]
004A377B |. C645 FC 01 mov byte ptr [ebp-4], 1
004A377F |. E8 6CD9FFFF call 004A10F0
004A3784 |. 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
004A378A |. C645 FC 00 mov byte ptr [ebp-4], 0
004A378E |. E8 5DD9FFFF call 004A10F0
004A3793 |> 8B75 E0 mov esi, dword ptr [ebp-20]
004A3796 |. C705 00AA5900>mov dword ptr [59AA00], 0
004A37A0 |. 8B46 64 mov eax, dword ptr [esi+64]
004A37A3 |. 85C0 test eax, eax
004A37A5 |. 74 13 je short 004A37BA
004A37A7 |. 6A 00 push 0 ; /lParam = 0
004A37A9 |. 68 9F130000 push 139F ; |wParam = 139F
004A37AE |. 68 11010000 push 111 ; |Message = WM_COMMAND
004A37B3 |. 50 push eax ; |hWnd
004A37B4 |. FF15 00D75500 call dword ptr [<&USER32.SendMessageA>; \SendMessageA
004A37BA |> 68 DC020000 push 2DC
004A37BF |. E8 DD480900 call 005380A1
004A37C4 |. 8BC8 mov ecx, eax
004A37C6 |. 83C4 04 add esp, 4
004A37C9 |. 894D E0 mov dword ptr [ebp-20], ecx
004A37CC |. 85C9 test ecx, ecx
004A37CE |. C645 FC 05 mov byte ptr [ebp-4], 5
004A37D2 |. 74 09 je short 004A37DD
004A37D4 |. E8 47DCFFFF call 004A1420
004A37D9 |. 8BC8 mov ecx, eax
004A37DB |. EB 02 jmp short 004A37DF
004A37DD |> 33C9 xor ecx, ecx
004A37DF |> 8D85 CCFEFFFF lea eax, dword ptr [ebp-134] ; EAX = 用户名
004A37E5 |. C645 FC 00 mov byte ptr [ebp-4], 0
004A37E9 |. 50 push eax
004A37EA |. 894E 6C mov dword ptr [esi+6C], ecx
004A37ED |. E8 1EF0FFFF call 004A2810
004A37F2 |. 8D8D 34FFFFFF lea ecx, dword ptr [ebp-CC] ; ECX = 公司
004A37F8 |. 51 push ecx
004A37F9 |. 8B4E 6C mov ecx, dword ptr [esi+6C]
004A37FC |. E8 3FF0FFFF call 004A2840
004A3801 |. 8B4E 6C mov ecx, dword ptr [esi+6C]
004A3804 |. 8D95 00FFFFFF lea edx, dword ptr [ebp-100] ; EDX = 邮箱
004A380A |. 52 push edx
004A380B |. E8 60F0FFFF call 004A2870
004A3810 |. 8B4E 6C mov ecx, dword ptr [esi+6C]
004A3813 |. 8D45 88 lea eax, dword ptr [ebp-78] ; EAX = 序列号
004A3816 |. 50 push eax
004A3817 |. E8 84F0FFFF call 004A28A0
004A381C |. 8B4E 6C mov ecx, dword ptr [esi+6C]
004A381F |. 8B56 60 mov edx, dword ptr [esi+60]
004A3822 |. 8951 08 mov dword ptr [ecx+8], edx
004A3825 |. 8B46 6C mov eax, dword ptr [esi+6C]
004A3828 |. 8B4E 5C mov ecx, dword ptr [esi+5C]
004A382B |. 8948 04 mov dword ptr [eax+4], ecx
004A382E |. 8B4E 6C mov ecx, dword ptr [esi+6C]
004A3831 |. E8 AAE2FFFF call 004A1AE0 ; //提示注册成功
004A3836 |. 50 push eax
004A3837 |. 8BCE mov ecx, esi
004A3839 |. E8 07040900 call 00533C45
004A383E |. 8B4D F4 mov ecx, dword ptr [ebp-C]
004A3841 |. 5F pop edi
004A3842 |. 5E pop esi
004A3843 |. 64:890D 00000>mov dword ptr fs:[0], ecx
004A384A |. 5B pop ebx
004A384B |. 8BE5 mov esp, ebp
004A384D |. 5D pop ebp
004A384E |. C3 retn
004A384F |> 8B15 8CB25B00 mov edx, dword ptr [5BB28C]
004A3855 |. 6A 00 push 0
004A3857 |. 68 087F5900 push 00597F08 ; internet download manager
004A385C \.^ E9 EDF8FFFF jmp 004A314E ; //跳则挂
004A3861 . 68 44C05A00 push 005AC044 ; cregistrationdlg::onokreg()reg err4 in crgdlg::onok,
err = %ldreg err3 in crgdlg::onok, err = %ldreg err2 in crgdlg::onok, err = %ldreg err1 in crgdlg::onok, err = %
ldcregistrationdlg::oncancel()
004A3866 . E8 85D7FAFF call 00450FF0
004A386B . 83C4 04 add esp, 4
004A386E . B8 56314A00 mov eax, 004A3156
004A3873 . C3 retn ; //结束
--------------------------------------------------------------------------------
【破解总结】
在地址004A32D5处,跟随下数据窗口,得到如下密码表
005BAC08 32 59 4F 50 42 33 41 51 43 56 55 58 4D 4E 52 53 2YOPB3AQCVUXMNRS
005BAC18 39 37 57 45 30 49 5A 44 34 4B 4C 46 47 48 4A 38 97WE0IZD4KLFGHJ8
005BAC28 31 36 35 54 165T
0 -> 14 1 -> 20 2 -> 0 3 -> 5 4 -> 18
5 -> 22 6 -> 21 7 -> 11 8 -> 1F 9 -> 10
A -> 6 B -> 4 C -> 8 D -> 17 E -> 13 F -> 1B G -> 1C
H -> 1D I -> 15 J -> 1E K -> 19 L -> 1A M -> C N -> D
O -> 2 P -> 3 Q -> 7 R -> E S -> F T -> 23
U -> A V -> 9 W -> 12 X -> B Y -> 1 Z -> 16
;----------------------------------------------------------------------
算法总结:
1.序列号格式XXXXX-XXXXX-XXXXX-XXXXX
2.序列号中的字符必须是数字或则大小写字母
3.序列号不区分大小写字母(最终都转化为大写)
4.序列号分为四段,程序对四段分别进行校验
校验代码如下:
声明一个location()函数
该函数主要用于返回字符在密码表中的位置
int location()
{
case '0':
return 14;
case '1':
return 20;
........
case 'Z':
return 16;
}
//CHECK-1:
for(int i = 0, EDI = 0; i <5; i++)
{
EAX = location(array_A[i]);
EDI = EAX + EDI*25H;
}
int [EBP-18] = EDI;
if([EBP-18] / 2BH != 0)
return false;
//CHECK-2:
for(int i = 0, EDI = 0; i <5; i++)
{
EAX = location(array_B[i]);
EDI = EAX + EDI*17H;
}
int [EBP-1C] = EDI;
if([EBP-1C] / 17H != 0)
return false;
//CHECK-3:
for(int i = 0; i <5; i++)
{
EAX = location(array_C[i]);
EDI = EAX + EDI*25H;
}
int [EBP-1C] = EDI;
if([EBP-1C] / 11H != 0)
return false;
//CHECK-4:
for(int i = 0; i <5; i++)
{
EAX = location(array_D[i]);
EDI = EAX + EDI*25H;
}
int [EBP-1C] = EDI;
if([EBP-1C] / 35H != 0)
return false;
;---------------------------------------------------------------------
计算示例:
for(int i = 0, EDI = 0; i <5; i++)
{
EAX = location(array_A[i]);
EDI = EAX + EDI*25H;
}
int [EBP-18] = EDI;
if([EBP-18] / 2BH != 0)
return false;
EDI = x1 + 0;
EDI = x2 + EDI*25H;
EDI = x3 + EDI*25H;
EDI = x4 + EDI*25H;
EDI = x5 + EDI*25H;
EDI = x5 + 25H*(x4 + 25H*(x3 + 25H*(x2 + 25H*x1)))
EDI = x5 + x4*25H + x3*(25H^2) + x2*(25H^3) + x1*(25H^4)
令x3 = x2 = x1 = 0;
check1:
x5+x4*25H = 2BH
则x4 = 1 , x5 = 6
对应的序列号是222YA
check2
x5+x4*25H = 17H
则x4 = 0 , x5 = 17
对应的序列号是2222D
check3
x5+x4*25H = 11H
则x4 = 0, x5 = 11
对应的序列号是22227
check4
x5+x4*25H = 35H
则x4 = 1 , x5 = 10
对应的序列号是222Y9
一组可用序列号:
222YA-2222D-22227-222Y9
;---------------------------------------------------------------------
注册信息保存位置
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Internet Download Manager]
"Email"="[email protected]"
"FName"="luying10"
"LName"="crack"
"Serial"="222YA-2222D-22227-222Y9"
--------------------------------------------------------------------------------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[[i] 本帖最后由 鹭影依凌 于 2008-5-21 19:08 编辑 [/i]] |
|
IP卡
发表于 2007-11-13 04:17:07
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2007-11-13 13:09:39
发表于 2007-11-13 21:13:05