- UID
- 2198
注册时间2005-6-29
阅读权限255
最后登录1970-1-1
副坛主
该用户从未签到
|
MouseStar 鼠标增强工具3.55汉化版 BY:笑看红尘 kiss-you (好兄弟哈 :24ab: )
软件下载:
龙族下载:http://www.chinadforce.com/viewt ... Borderby%3Ddateline
飘云阁下载:https://www.chinapyg.com/viewthr ... &extra=page%3D1
使你的2D鼠标具有3D鼠标的功能
看到这则介绍,故下载一窥. Borland Delphi 4.0 - 5.0所写, 兄弟以后发布作品要加壳哦~
好久没用过DeDe了, 今日拿来一练.
DeDe载入,找该注册按键地址,如图: 00491BF4 55 push ebp // 在此下断
00491BF4 /. 55 push ebp
00491BF5 |. 8BEC mov ebp, esp
00491BF7 |. 33C9 xor ecx, ecx
00491BF9 |. 51 push ecx
00491BFA |. 51 push ecx
00491BFB |. 51 push ecx
00491BFC |. 51 push ecx
00491BFD |. 51 push ecx
00491BFE |. 51 push ecx
00491BFF |. 53 push ebx
00491C00 |. 56 push esi
00491C01 |. 8BD8 mov ebx, eax
00491C03 |. 33C0 xor eax, eax
00491C05 |. 55 push ebp
00491C06 |. 68 301D4900 push 00491D30
00491C0B |. 64:FF30 push dword ptr fs:[eax]
00491C0E |. 64:8920 mov dword ptr fs:[eax], esp
00491C11 |. 8D55 F4 lea edx, dword ptr [ebp-C]
00491C14 |. 8B83 FC020000 mov eax, dword ptr [ebx+2FC]
00491C1A |. E8 05A0F9FF call 0042BC24 ; 取用户名的位数
00491C1F |. 8B45 F4 mov eax, dword ptr [ebp-C]
00491C22 |. 8D55 F8 lea edx, dword ptr [ebp-8]
00491C25 |. E8 2E64F7FF call 00408058
00491C2A |. 8D4D FC lea ecx, dword ptr [ebp-4]
00491C2D |. A1 98BB4900 mov eax, dword ptr [49BB98]
00491C32 |. 8B00 mov eax, dword ptr [eax]
00491C34 |. 8B55 F8 mov edx, dword ptr [ebp-8]
00491C37 |. E8 64560000 call 004972A0 ; 软件算法CALL 跟进可知
00491C3C |. 8D55 EC lea edx, dword ptr [ebp-14]
00491C3F |. 8B83 00030000 mov eax, dword ptr [ebx+300]
00491C45 |. E8 DA9FF9FF call 0042BC24 ; 取注册码的位数
00491C4A |. 8B45 EC mov eax, dword ptr [ebp-14]
00491C4D |. 8D55 F0 lea edx, dword ptr [ebp-10]
00491C50 |. E8 0364F7FF call 00408058
00491C55 |. 8B45 F0 mov eax, dword ptr [ebp-10]
00491C58 |. 8B55 FC mov edx, dword ptr [ebp-4]
00491C5B |. E8 4C22F7FF call 00403EAC ; 真假码比较 EDX=c047ae66
00491C60 |. 0F85 8F000000 jnz 00491CF5
00491C66 |. A1 98BB4900 mov eax, dword ptr [49BB98]
00491C6B |. 8B00 mov eax, dword ptr [eax]
00491C6D |. C680 E4040000>mov byte ptr [eax+4E4], 1
00491C74 |. A1 98BB4900 mov eax, dword ptr [49BB98]
00491C79 |. 8B00 mov eax, dword ptr [eax]
00491C7B |. 05 EC040000 add eax, 4EC
00491C80 |. 8B55 F8 mov edx, dword ptr [ebp-8]
00491C83 |. E8 E81EF7FF call 00403B70
00491C88 |. B2 01 mov dl, 1
00491C8A |. A1 68ED4400 mov eax, dword ptr [44ED68]
00491C8F |. E8 40D2FBFF call 0044EED4
00491C94 |. 8BF0 mov esi, eax
00491C96 |. BA 01000080 mov edx, 80000001
00491C9B |. 8BC6 mov eax, esi
00491C9D |. E8 0ED3FBFF call 0044EFB0
00491CA2 |. B1 01 mov cl, 1
00491CA4 |. BA 481D4900 mov edx, 00491D48 ; ASCII "\Software\MouseStar 3.0"
00491CA9 |. 8BC6 mov eax, esi
00491CAB |. E8 68D3FBFF call 0044F018
00491CB0 |. 84C0 test al, al
00491CB2 |. 74 29 je short 00491CDD
00491CB4 |. 8B4D FC mov ecx, dword ptr [ebp-4]
00491CB7 |. BA 681D4900 mov edx, 00491D68 ; ASCII "enversion"
00491CBC |. 8BC6 mov eax, esi
00491CBE |. E8 11D5FBFF call 0044F1D4
00491CC3 |. 8D55 E8 lea edx, dword ptr [ebp-18]
00491CC6 |. 8B45 F8 mov eax, dword ptr [ebp-8]
00491CC9 |. E8 8A63F7FF call 00408058
00491CCE |. 8B4D E8 mov ecx, dword ptr [ebp-18]
00491CD1 |. BA 7C1D4900 mov edx, 00491D7C ; ASCII "yonghu"
00491CD6 |. 8BC6 mov eax, esi
00491CD8 |. E8 F7D4FBFF call 0044F1D4
00491CDD |> 8BC6 mov eax, esi
00491CDF |. E8 2C11F7FF call 00402E10
00491CE4 |. B8 8C1D4900 mov eax, 00491D8C
00491CE9 |. E8 A6BFFBFF call 0044DC94
00491CEE |. 8BC3 mov eax, ebx
00491CF0 |. E8 3B50FBFF call 00446D30
00491CF5 |> 33C0 xor eax, eax
跟进软件算法CALL
004972A0 /$ 55 push ebp
004972A1 |. 8BEC mov ebp, esp
004972A3 |. 6A 00 push 0
004972A5 |. 6A 00 push 0
004972A7 |. 6A 00 push 0
004972A9 |. 6A 00 push 0
004972AB |. 6A 00 push 0
004972AD |. 6A 00 push 0
004972AF |. 6A 00 push 0
004972B1 |. 53 push ebx
004972B2 |. 8BD9 mov ebx, ecx
004972B4 |. 8955 FC mov dword ptr [ebp-4], edx
004972B7 |. 8B45 FC mov eax, dword ptr [ebp-4]
004972BA |. E8 91CCF6FF call 00403F50
004972BF |. 33C0 xor eax, eax
004972C1 |. 55 push ebp
004972C2 |. 68 48734900 push 00497348
004972C7 |. 64:FF30 push dword ptr fs:[eax]
004972CA |. 64:8920 mov dword ptr fs:[eax], esp
004972CD |. 8D55 E4 lea edx, dword ptr [ebp-1C]
004972D0 |. 8B45 FC mov eax, dword ptr [ebp-4]
004972D3 |. E8 800DF7FF call 00408058
004972D8 |. 8B45 E4 mov eax, dword ptr [ebp-1C]
004972DB |. 8D55 E8 lea edx, dword ptr [ebp-18]
004972DE |. E8 650BF7FF call 00407E48 ; 这里将用户名转化为大写
004972E3 |. 8B55 E8 mov edx, dword ptr [ebp-18]
004972E6 |. 8D45 F8 lea eax, dword ptr [ebp-8]
004972E9 |. B9 5C734900 mov ecx, 0049735C ; ASCII "DELPHI2005"
004972EE |. E8 F5CAF6FF call 00403DE8
004972F3 |. 8D45 F4 lea eax, dword ptr [ebp-C]
004972F6 |. BA 70734900 mov edx, 00497370 ; ASCII "MagicUtils2005"
004972FB |. E8 B4C8F6FF call 00403BB4
00497300 |. 8D45 F0 lea eax, dword ptr [ebp-10]
00497303 |. BA 88734900 mov edx, 00497388 ; ASCII "zhiyuan"
00497308 |. E8 A7C8F6FF call 00403BB4
0049730D |. 8D45 EC lea eax, dword ptr [ebp-14]
00497310 |. BA 98734900 mov edx, 00497398 ; ASCII "3.55"
00497315 |. E8 9AC8F6FF call 00403BB4
0049731A |. 8B45 EC mov eax, dword ptr [ebp-14]
0049731D |. 50 push eax
0049731E |. 53 push ebx
0049731F |. 8B4D F0 mov ecx, dword ptr [ebp-10]
00497322 |. 8B55 F4 mov edx, dword ptr [ebp-C]
00497325 |. 8B45 F8 mov eax, dword ptr [ebp-8]
00497328 |. E8 1F8EFFFF call 0049014C ; 软件核心算法CALL
0049732D |. 33C0 xor eax, eax
0049732F |. 5A pop edx
00497330 |. 59 pop ecx
00497331 |. 59 pop ecx
00497332 |. 64:8910 mov dword ptr fs:[eax], edx
00497335 |. 68 4F734900 push 0049734F
0049733A |> 8D45 E4 lea eax, dword ptr [ebp-1C]
0049733D |. BA 07000000 mov edx, 7
00497342 |. E8 F9C7F6FF call 00403B40
00497347 \. C3 retn
跟进软件核心算法CALL
0049014C /$ 55 push ebp
0049014D |. 8BEC mov ebp, esp
0049014F |. 83C4 EC add esp, -14
00490152 |. 53 push ebx
00490153 |. 33DB xor ebx, ebx
00490155 |. 895D EC mov dword ptr [ebp-14], ebx
00490158 |. 895D F0 mov dword ptr [ebp-10], ebx
0049015B |. 894D F4 mov dword ptr [ebp-C], ecx
0049015E |. 8955 F8 mov dword ptr [ebp-8], edx
00490161 |. 8945 FC mov dword ptr [ebp-4], eax
00490164 |. 8B45 FC mov eax, dword ptr [ebp-4]
00490167 |. E8 E43DF7FF call 00403F50
0049016C |. 8B45 F8 mov eax, dword ptr [ebp-8]
0049016F |. E8 DC3DF7FF call 00403F50
00490174 |. 8B45 F4 mov eax, dword ptr [ebp-C]
00490177 |. E8 D43DF7FF call 00403F50
0049017C |. 8B45 0C mov eax, dword ptr [ebp+C]
0049017F |. E8 CC3DF7FF call 00403F50
00490184 |. 33C0 xor eax, eax
00490186 |. 55 push ebp
00490187 |. 68 F2014900 push 004901F2
0049018C |. 64:FF30 push dword ptr fs:[eax]
0049018F |. 64:8920 mov dword ptr fs:[eax], esp
00490192 |. FF75 FC push dword ptr [ebp-4]
00490195 |. FF75 F8 push dword ptr [ebp-8]
00490198 |. FF75 F4 push dword ptr [ebp-C]
0049019B |. FF75 0C push dword ptr [ebp+C]
0049019E |. 8B45 0C mov eax, dword ptr [ebp+C]
004901A1 |. 50 push eax
004901A2 |. 8D45 EC lea eax, dword ptr [ebp-14]
004901A5 |. 50 push eax
004901A6 |. 8B4D F4 mov ecx, dword ptr [ebp-C]
004901A9 |. 8B55 F8 mov edx, dword ptr [ebp-8]
004901AC |. 8B45 FC mov eax, dword ptr [ebp-4]
004901AF |. E8 80FDFFFF call 0048FF34 ; 关键算法CALL1
004901B4 |. FF75 EC push dword ptr [ebp-14]
004901B7 |. 8D45 F0 lea eax, dword ptr [ebp-10]
004901BA |. BA 05000000 mov edx, 5
004901BF |. E8 983CF7FF call 00403E5C ; 关键算法CALL2
004901C4 |. 8B55 08 mov edx, dword ptr [ebp+8]
004901C7 |. 8B45 F0 mov eax, dword ptr [ebp-10]
004901CA |. E8 31000000 call 00490200 ; 关键算法CALL3 计算出KEY
004901CF |. 33C0 xor eax, eax
004901D1 |. 5A pop edx
004901D2 |. 59 pop ecx
004901D3 |. 59 pop ecx
004901D4 |. 64:8910 mov dword ptr fs:[eax], edx
004901D7 |. 68 F9014900 push 004901F9
004901DC |> 8D45 EC lea eax, dword ptr [ebp-14]
004901DF |. BA 05000000 mov edx, 5
004901E4 |. E8 5739F7FF call 00403B40
004901E9 |. 8D45 0C lea eax, dword ptr [ebp+C]
004901EC |. E8 2B39F7FF call 00403B1C
004901F1 \. C3 retn
Call1和Call2是将几个字符串拼接,Call3为运算部分:
00490200 /$ 55 push ebp
00490201 |. 8BEC mov ebp, esp
00490203 |. 83C4 F4 add esp, -0C
00490206 |. 53 push ebx
00490207 |. 56 push esi
00490208 |. 33C9 xor ecx, ecx
0049020A |. 894D F4 mov dword ptr [ebp-C], ecx
0049020D |. 8955 F8 mov dword ptr [ebp-8], edx
00490210 |. 8945 FC mov dword ptr [ebp-4], eax
00490213 |. 8B45 FC mov eax, dword ptr [ebp-4]
00490216 |. E8 353DF7FF call 00403F50
0049021B |. 33C0 xor eax, eax
0049021D |. 55 push ebp
0049021E |. 68 9F024900 push 0049029F
00490223 |. 64:FF30 push dword ptr fs:[eax]
00490226 |. 64:8920 mov dword ptr fs:[eax], esp
00490229 |. 33DB xor ebx, ebx
0049022B |. 8B45 FC mov eax, dword ptr [ebp-4]
0049022E |. E8 693BF7FF call 00403D9C
00490233 |. 85C0 test eax, eax
00490235 |. 7E 2C jle short 00490263
00490237 |. BE 01000000 mov esi, 1
0049023C |> 8B55 FC /mov edx, dword ptr [ebp-4]
0049023F |. 8A5432 FF |mov dl, byte ptr [edx+esi-1]
00490243 |. 32D3 |xor dl, bl
00490245 |. 81E2 FF000000 |and edx, 0FF
0049024B |. 8B1495 74B649>|mov edx, dword ptr [edx*4+49B674]
00490252 |. C1EB 08 |shr ebx, 8
00490255 |. 81E3 FFFFFF00 |and ebx, 0FFFFFF
0049025B |. 33D3 |xor edx, ebx
0049025D |. 8BDA |mov ebx, edx
0049025F |. 46 |inc esi
00490260 |. 48 |dec eax
00490261 |.^ 75 D9 \jnz short 0049023C
00490263 |> 8BC3 mov eax, ebx
00490265 |. 33D2 xor edx, edx
00490267 |. 52 push edx ; /Arg2 => 00000000
00490268 |. 50 push eax ; |Arg1
00490269 |. 8D55 F4 lea edx, dword ptr [ebp-C] ; |
0049026C |. B8 08000000 mov eax, 8 ; |
00490271 |. E8 C67EF7FF call 0040813C ; \MouseSta.0040813C
00490276 |. 8B45 F4 mov eax, dword ptr [ebp-C] ; 上方算法计算出KEY
00490279 |. 8B55 F8 mov edx, dword ptr [ebp-8]
0049027C |. E8 037CF7FF call 00407E84
00490281 |. 33C0 xor eax, eax
00490283 |. 5A pop edx
00490284 |. 59 pop ecx
00490285 |. 59 pop ecx
00490286 |. 64:8910 mov dword ptr fs:[eax], edx
00490289 |. 68 A6024900 push 004902A6
0049028E |> 8D45 F4 lea eax, dword ptr [ebp-C]
00490291 |. E8 8638F7FF call 00403B1C
00490296 |. 8D45 FC lea eax, dword ptr [ebp-4]
00490299 |. E8 7E38F7FF call 00403B1C
0049029E \. C3 retn
注册成功后,在注册表新建“yonghu”的这样一个子项目,并写入正确注册信息。(晕哈)
注册信息保存在这里:HKEY_USERS\S-1-5-21-746137067-484061587-682003330-500\Software\MouseStar 3.0
算法部分只是跟出,有时间再细细研究.软件适合新手练习,有兴趣的朋友试下算法.
 |
|
IP卡
发表于 2007-4-24 19:47:21
提升卡
置顶卡
变色卡
千斤顶
显身卡
楼主
发表于 2007-4-25 11:28:24
发表于 2007-4-25 16:20:58
发表于 2007-4-25 19:37:41
