- UID
- 5656
注册时间2005-12-22
阅读权限10
最后登录1970-1-1
周游历练
TA的每日心情 | 擦汗
2020-6-14 15:22 |
|---|
签到天数: 1 天 [LV.1]初来乍到
|
下载地址:http://www.crsky.com/soft/2702.html
[南通]欧网网络下载 http://count.crsky.com/view_down ... D=2702&down=yes
新手学习下注册码生成过程,有兴趣的自己些注册机吧,很简单
输入订单号:1234567,然后跟踪分析
005152DB |. /75 0F jnz short 005152EC
005152DD |> |B8 00555100 mov eax, 00515500 ; 注册信息没有填写齐全
005152E2 |. |E8 B96AF2FF call 0043BDA0
005152E7 |. |E9 80010000 jmp 0051546C
005152EC |> \8D95 6CFFFFFF lea edx, dword ptr [ebp-94]
005152F2 |. 8B83 1C030000 mov eax, dword ptr [ebx+31C]
005152F8 |. E8 AFD8F2FF call 00442BAC
005152FD |. 8B85 6CFFFFFF mov eax, dword ptr [ebp-94]
00515303 |. 50 push eax
00515304 |. 8D95 60FFFFFF lea edx, dword ptr [ebp-A0]
0051530A |. 8B83 10030000 mov eax, dword ptr [ebx+310]
00515310 |. E8 97D8F2FF call 00442BAC
00515315 |. 8B85 60FFFFFF mov eax, dword ptr [ebp-A0]
0051531B |. E8 9042EFFF call 004095B0
00515320 |. B9 40080000 mov ecx, 840
00515325 |. 99 cdq
00515326 |. F7F9 idiv ecx ; 订单号1234567 对 0x840求余
00515328 |. 8BC2 mov eax, edx ; 余数0x487给EAX
0051532A |. 8D95 64FFFFFF lea edx, dword ptr [ebp-9C]
00515330 |. E8 1742EFFF call 0040954C
00515335 |. FFB5 64FFFFFF push dword ptr [ebp-9C] ; 余数0x487转换为10进制,得到字符串 1159 堆栈 ss:[0013FB8C]
=00BC1034, (ASCII "1159")
0051533B |. 8D95 54FFFFFF lea edx, dword ptr [ebp-AC]
00515341 |. 8B83 10030000 mov eax, dword ptr [ebx+310]
00515347 |. E8 60D8F2FF call 00442BAC
0051534C |. 8B85 54FFFFFF mov eax, dword ptr [ebp-AC] ; 堆栈 ss:[0013FB7C]=00B92308, (ASCII "1234567")
00515352 |. E8 5942EFFF call 004095B0
00515357 |. 8D95 58FFFFFF lea edx, dword ptr [ebp-A8]
0051535D |. E8 C6FCFFFF call 00515028 ; 跟入分析(ASCII "170072684")的得来,参考PART1
00515362 |. 8B85 58FFFFFF mov eax, dword ptr [ebp-A8] ; 堆栈 ss:[0013FB80]=00BC47F4, (ASCII "170072684")
00515368 |. E8 4342EFFF call 004095B0
0051536D |. 8D95 5CFFFFFF lea edx, dword ptr [ebp-A4]
00515373 |. E8 90FDFFFF call 00515108 ; 跟入分析(ASCII "36l2y128{f5099")的的来,参考PART2
00515378 |. FFB5 5CFFFFFF push dword ptr [ebp-A4] ; 堆栈 ss:[0013FB84]=00BC6714, (ASCII "36l2y128{f5099")
0051537E |. 68 20555100 push 00515520 ; 1 在结果后面跟上字符1
00515383 |. 8D85 68FFFFFF lea eax, dword ptr [ebp-98]
00515389 |. BA 03000000 mov edx, 3
0051538E |. E8 01FAEEFF call 00404D94
00515393 |. 8B95 68FFFFFF mov edx, dword ptr [ebp-98] ; 得到注册码 (ASCII "115936l2y128{f50991")
00515399 |. 58 pop eax
0051539A |. E8 79FAEEFF call 00404E18
0051539F |. 0F85 A3000000 jnz 00515448
005153A5 |. B8 2C555100 mov eax, 0051552C ; 注册码正确,感谢你的注册!
后面吧注册信息写入注册文件
005153D9 |. B9 6C555100 mov ecx, 0051556C ; ASCII "\hdwl21.dll"
注册文件
=======================================PART 1=====================================
跟入分析(ASCII "170072684")的得来,参考PART1
00515028 /$ 55 push ebp
00515029 |. 8BEC mov ebp, esp
0051502B |. 33C9 xor ecx, ecx
0051502D |. 51 push ecx
0051502E |. 51 push ecx
0051502F |. 51 push ecx
00515030 |. 51 push ecx
00515031 |. 53 push ebx
00515032 |. 56 push esi
00515033 |. 8BF2 mov esi, edx
00515035 |. 8BD8 mov ebx, eax
00515037 |. 33C0 xor eax, eax
00515039 |. 55 push ebp
0051503A |. 68 F8505100 push 005150F8
0051503F |. 64:FF30 push dword ptr fs:[eax]
00515042 |. 64:8920 mov dword ptr fs:[eax], esp
00515045 |. 81F3 F1250B00 xor ebx, 0B25F1 ; 1234567 XOR 0x0B25F1
0051504B |. 8BC3 mov eax, ebx ; ebx=0019F376 结果为无符号数 1700726
0051504D |. 33D2 xor edx, edx
0051504F |. 52 push edx
00515050 |. 50 push eax
00515051 |. 8D45 FC lea eax, dword ptr [ebp-4]
00515054 |. E8 2345EFFF call 0040957C
00515059 |. 8B45 FC mov eax, dword ptr [ebp-4]
0051505C |. 0FB600 movzx eax, byte ptr [eax]
0051505F |. 8B55 FC mov edx, dword ptr [ebp-4]
00515062 |. 0FB652 01 movzx edx, byte ptr [edx+1]
00515066 |. 03C2 add eax, edx ; 前两位相加
00515068 |. B9 05000000 mov ecx, 5
0051506D |. 99 cdq
0051506E |. F7F9 idiv ecx
00515070 |. 80C2 34 add dl, 34
00515073 |. 8855 F8 mov byte ptr [ebp-8], dl ; 字符8
00515076 |. 8B45 FC mov eax, dword ptr [ebp-4]
00515079 |. 0FB640 02 movzx eax, byte ptr [eax+2]
0051507D |. 8B55 FC mov edx, dword ptr [ebp-4]
00515080 |. 0FB652 03 movzx edx, byte ptr [edx+3]
00515084 |. 03C2 add eax, edx ; 3,4位相加
00515086 |. B9 05000000 mov ecx, 5
0051508B |. 99 cdq
0051508C |. F7F9 idiv ecx
0051508E |. 8BDA mov ebx, edx
00515090 |. 80C3 33 add bl, 33
00515093 |. 885D F9 mov byte ptr [ebp-7], bl ; 字符4
00515096 |. 8D45 F4 lea eax, dword ptr [ebp-C]
00515099 |. 8A55 F8 mov dl, byte ptr [ebp-8]
0051509C |. E8 5BFBEEFF call 00404BFC
005150A1 |. 8B45 F4 mov eax, dword ptr [ebp-C]
005150A4 |. 8D55 FC lea edx, dword ptr [ebp-4]
005150A7 |. B9 1B000000 mov ecx, 1B
005150AC |. E8 03FFEEFF call 00404FB4
005150B1 |. 8D45 F0 lea eax, dword ptr [ebp-10]
005150B4 |. 8BD3 mov edx, ebx
005150B6 |. E8 41FBEEFF call 00404BFC
005150BB |. 8B45 F0 mov eax, dword ptr [ebp-10]
005150BE |. 8D55 FC lea edx, dword ptr [ebp-4]
005150C1 |. B9 19000000 mov ecx, 19
005150C6 |. E8 E9FEEEFF call 00404FB4
005150CB |. 8BC6 mov eax, esi
005150CD |. 8B55 FC mov edx, dword ptr [ebp-4] ; 附加到数据后面得到新字符串 堆栈 ss:[0013FB48]=00BC4788, (ASCII
"170072684")
005150D0 |. E8 9BF9EEFF call 00404A70
005150D5 |. 33C0 xor eax, eax
005150D7 |. 5A pop edx
005150D8 |. 59 pop ecx
005150D9 |. 59 pop ecx
005150DA |. 64:8910 mov dword ptr fs:[eax], edx
005150DD |. 68 FF505100 push 005150FF
005150E2 |> 8D45 F0 lea eax, dword ptr [ebp-10]
005150E5 |. BA 02000000 mov edx, 2
005150EA |. E8 51F9EEFF call 00404A40
005150EF |. 8D45 FC lea eax, dword ptr [ebp-4]
005150F2 |. E8 25F9EEFF call 00404A1C
005150F7 \. C3 retn
005150F8 .^ E9 C3F1EEFF jmp 004042C0
005150FD .^ EB E3 jmp short 005150E2
005150FF . 5E pop esi
00515100 . 5B pop ebx
00515101 . 8BE5 mov esp, ebp
00515103 . 5D pop ebp
00515104 . C3 retn
=====================
================================PART2======================
分析(ASCII "36l2y128{f5099")的的来
00515108 /$ 55 push ebp
00515109 |. 8BEC mov ebp, esp
0051510B |. 33C9 xor ecx, ecx
0051510D |. 51 push ecx
0051510E |. 51 push ecx
0051510F |. 51 push ecx
00515110 |. 51 push ecx
00515111 |. 51 push ecx
00515112 |. 51 push ecx
00515113 |. 53 push ebx
00515114 |. 56 push esi
00515115 |. 8BF2 mov esi, edx
00515117 |. 8BD8 mov ebx, eax
00515119 |. 33C0 xor eax, eax
0051511B |. 55 push ebp
0051511C |. 68 54525100 push 00515254
00515121 |. 64:FF30 push dword ptr fs:[eax]
00515124 |. 64:8920 mov dword ptr fs:[eax], esp
00515127 |. 81F3 8776FBDD xor ebx, DDFB7687 ; 170072684 XOR 0xDDFB7687
0051512D |. 8BC3 mov eax, ebx ; ebx=D7D86CEB 无符号3621285099 有符号-673682197
0051512F |. 33D2 xor edx, edx
00515131 |. 52 push edx
00515132 |. 50 push eax
00515133 |. 8D45 FC lea eax, dword ptr [ebp-4]
00515136 |. E8 4144EFFF call 0040957C
0051513B |. 8B45 FC mov eax, dword ptr [ebp-4] ; 得到无符号数 堆栈 ss:[0013FB48]=00BC45B4, (ASCII "3621285099")
0051513E |. 0FB600 movzx eax, byte ptr [eax]
00515141 |. 8B55 FC mov edx, dword ptr [ebp-4]
00515144 |. 0FB652 01 movzx edx, byte ptr [edx+1]
00515148 |. 03C2 add eax, edx ; 前两位HEX相加
0051514A |. B9 05000000 mov ecx, 5
0051514F |. 99 cdq
00515150 |. F7F9 idiv ecx ; 结果对5求余
00515152 |. 80C2 66 add dl, 66 ; 结果+0x66
00515155 |. 8855 F8 mov byte ptr [ebp-8], dl ; 得到新的字符f
00515158 |. 8B45 FC mov eax, dword ptr [ebp-4]
0051515B |. 0FB640 02 movzx eax, byte ptr [eax+2]
0051515F |. 8B55 FC mov edx, dword ptr [ebp-4]
00515162 |. 0FB652 03 movzx edx, byte ptr [edx+3]
00515166 |. 03C2 add eax, edx ; 3,4位相加处理
00515168 |. B9 05000000 mov ecx, 5
0051516D |. 99 cdq
0051516E |. F7F9 idiv ecx
00515170 |. 80C2 75 add dl, 75
00515173 |. 8855 F9 mov byte ptr [ebp-7], dl ; 结果y
00515176 |. 8B45 FC mov eax, dword ptr [ebp-4]
00515179 |. 0FB640 04 movzx eax, byte ptr [eax+4]
0051517D |. 8B55 FC mov edx, dword ptr [ebp-4]
00515180 |. 0FB652 05 movzx edx, byte ptr [edx+5]
00515184 |. 03C2 add eax, edx ; 5,6位相加
00515186 |. B9 05000000 mov ecx, 5
0051518B |. 99 cdq
0051518C |. F7F9 idiv ecx
0051518E |. 80C2 7A add dl, 7A
00515191 |. 8855 FA mov byte ptr [ebp-6], dl ; 字符{
00515194 |. 8B45 FC mov eax, dword ptr [ebp-4]
00515197 |. 0FB640 06 movzx eax, byte ptr [eax+6]
0051519B |. 8B55 FC mov edx, dword ptr [ebp-4]
0051519E |. 0FB652 07 movzx edx, byte ptr [edx+7]
005151A2 |. 03C2 add eax, edx ; 7,8位相加
005151A4 |. 8B55 FC mov edx, dword ptr [ebp-4]
005151A7 |. 0FB652 08 movzx edx, byte ptr [edx+8]
005151AB |. 03C2 add eax, edx ; 7,8,9相加
005151AD |. B9 05000000 mov ecx, 5
005151B2 |. 99 cdq
005151B3 |. F7F9 idiv ecx
005151B5 |. 80C2 69 add dl, 69
005151B8 |. 8855 FB mov byte ptr [ebp-5], dl ; 结果l
005151BB |. 8D45 F4 lea eax, dword ptr [ebp-C]
005151BE |. 8A55 F8 mov dl, byte ptr [ebp-8]
005151C1 |. E8 36FAEEFF call 00404BFC
005151C6 |. 8B45 F4 mov eax, dword ptr [ebp-C]
005151C9 |. 8D55 FC lea edx, dword ptr [ebp-4]
005151CC |. B9 07000000 mov ecx, 7
005151D1 |. E8 DEFDEEFF call 00404FB4
005151D6 |. 8D45 F0 lea eax, dword ptr [ebp-10]
005151D9 |. 8A55 FB mov dl, byte ptr [ebp-5]
005151DC |. E8 1BFAEEFF call 00404BFC
005151E1 |. 8B45 F0 mov eax, dword ptr [ebp-10]
005151E4 |. 8D55 FC lea edx, dword ptr [ebp-4]
005151E7 |. B9 03000000 mov ecx, 3
005151EC |. E8 C3FDEEFF call 00404FB4
005151F1 |. 8D45 EC lea eax, dword ptr [ebp-14]
005151F4 |. 8A55 F9 mov dl, byte ptr [ebp-7]
005151F7 |. E8 00FAEEFF call 00404BFC
005151FC |. 8B45 EC mov eax, dword ptr [ebp-14]
005151FF |. 8D55 FC lea edx, dword ptr [ebp-4]
00515202 |. B9 05000000 mov ecx, 5
00515207 |. E8 A8FDEEFF call 00404FB4
0051520C |. 8D45 E8 lea eax, dword ptr [ebp-18]
0051520F |. 8A55 FA mov dl, byte ptr [ebp-6]
00515212 |. E8 E5F9EEFF call 00404BFC
00515217 |. 8B45 E8 mov eax, dword ptr [ebp-18]
0051521A |. 8D55 FC lea edx, dword ptr [ebp-4]
0051521D |. B9 09000000 mov ecx, 9
00515222 |. E8 8DFDEEFF call 00404FB4
00515227 |. 8BC6 mov eax, esi
00515229 |. 8B55 FC mov edx, dword ptr [ebp-4] ; 把字符分别插入原数字字符串得到新结果 (ASCII "36l2y128{f5099")
0051522C |. E8 3FF8EEFF call 00404A70
00515231 |. 33C0 xor eax, eax
00515233 |. 5A pop edx
00515234 |. 59 pop ecx
00515235 |. 59 pop ecx
00515236 |. 64:8910 mov dword ptr fs:[eax], edx
00515239 |. 68 5B525100 push 0051525B
0051523E |> 8D45 E8 lea eax, dword ptr [ebp-18]
00515241 |. BA 04000000 mov edx, 4
00515246 |. E8 F5F7EEFF call 00404A40
0051524B |. 8D45 FC lea eax, dword ptr [ebp-4]
0051524E |. E8 C9F7EEFF call 00404A1C
00515253 \. C3 retn
00515254 .^ E9 67F0EEFF jmp 004042C0
00515259 .^ EB E3 jmp short 0051523E
0051525B . 5E pop esi
0051525C . 5B pop ebx
0051525D . 8BE5 mov esp, ebp
0051525F . 5D pop ebp
00515260 . C3 retn
======================================================== |
评分
-
查看全部评分
|
IP卡
发表于 2010-6-1 10:43:14
提升卡
置顶卡
变色卡
千斤顶
显身卡
