- UID
- 1848
注册时间2005-6-1
阅读权限20
最后登录1970-1-1
以武会友
 
TA的每日心情 | 开心
2022-3-15 04:07 |
|---|
签到天数: 76 天 [LV.6]常住居民II
|
【文章名称】:Auto Power-on Version 1.52算法分析
【文章作者】:lnn1123
【软件名称】:Auto Power-on Version 1.52
【下载地址】:华军软件
【破解工具】:OLLYDBG
【保护方式】:注册码+NAG
【软件限制】:无
============================================================
【软件介绍】
Auto Power-on & Shut-down
Version: 1.52
Release date: 08/03/2005
Language: English
License Type: Shareware
Operation system: Windows 98/Me/NT/2000/XP/2003
Hardware requirements:
16MB RAM, Pentium-100 MHz, 5MB Hard Disk,Mainboard support resume by alarm
-==Introduction==-
Auto Power-on & Shut-down is an easy to use application that will allows you to control your computer resume from power-off state and wake your computer from sleep mode .
Resume from power-off state- Auto Power-on & Shut-down allows you to control your computer auto start up and work in appointed time. It can wake your computer at specified date/time, even if the system has been closed.
Wake up from sleep mode- Auto Power-on & Shut-down allows you to wake up your computer from sleep mode (s3 standby) at specified time.
Task Schedule - Auto Power-on & Shut-down allows you to open files, play sounds , run programs, close programs , open website, show message, standby/hibernate, shutdown/reboot, etc. at any designated time .
Auto Shutdown - There is a feature of Auto Power-on & Shut-down that you may find useful. It will allows your computer auto shut down at specified time.
-==Features==-
· Make your computer resume from power-off state
· Wake up your computer from sleep mode (standby)
· Run programs,close programs, open files and open URL at any time
· Play mp3, wma ,wav and flash at any time
· Logs on system and lock computer automatically
· Shutdown/reboot and enter standby/hibernate mode at any time
· Synchronize your PC's time to atomic clock servers
· And much more...
-==Registration==-
To purchase this product, please visit http://www.lifsoft.com
After purchasing you will receive a registration code via email.
Registered users can enjoy free updates for one year. For sales issues, please contact us at [email protected]
-==Support==-
Technical Support :
As a registered user of Auto Power-on & Shut-down, you will receive ongoing email support from our technical support team. If you have technical support needs, please email us at [email protected].
Feedback :
We strive to provide you with the products that fit your needs. Many of our product enhancements are based on feedback. If you have any questions or suggestions, please email us at [email protected]. We look forward to hearing from you.
-==Frequently Asked Questions==-
To view a list of frequently asked questions go to the following site: http://www.lifsoft.com/
-==Developer Information==-
Copyright (C) 2004-2005 lifsoft.com
All rights reserved
http://www.lifsoft.com
============================================================
【破解分析过程】
==========================分析过程==============================================
PEID,查看没有加壳,OD载入,点注册有错误提示,老罗插件找到错误提示,下断
===================================================================================
004B5DD4 /. 55 PUSH EBP
004B5DD5 |. 8BEC MOV EBP,ESP
004B5DD7 |. B9 06000000 MOV ECX,6
004B5DDC |> 6A 00 /PUSH 0
004B5DDE |. 6A 00 |PUSH 0
004B5DE0 |. 49 |DEC ECX
004B5DE1 |.^75 F9 \JNZ SHORT AutoPowe.004B5DDC
004B5DE3 |. 53 PUSH EBX
004B5DE4 |. 56 PUSH ESI
004B5DE5 |. 57 PUSH EDI
004B5DE6 |. 8BD8 MOV EBX,EAX
004B5DE8 |. 33C0 XOR EAX,EAX
004B5DEA |. 55 PUSH EBP
004B5DEB |. 68 4B604B00 PUSH AutoPowe.004B604B
004B5DF0 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004B5DF3 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004B5DF6 |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
004B5DF9 |. 8BB3 4C030000 MOV ESI,DWORD PTR DS:[EBX+34C]
004B5DFF |. 8BC6 MOV EAX,ESI
004B5E01 |. E8 BAD5F9FF CALL AutoPowe.004533C0 ; 取假码
004B5E06 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; EAX为假码长度
004B5E09 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004B5E0C |. E8 E32EF5FF CALL AutoPowe.00408CF4
004B5E11 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; 假码
004B5E14 |. 8BC6 MOV EAX,ESI
004B5E16 |. E8 D5D5F9FF CALL AutoPowe.004533F0
004B5E1B |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
004B5E1E |. 8B83 4C030000 MOV EAX,DWORD PTR DS:[EBX+34C]
004B5E24 |. E8 97D5F9FF CALL AutoPowe.004533C0 ; 又取了
004B5E29 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; 假码
004B5E2C |. BA 64604B00 MOV EDX,AutoPowe.004B6064 ; ASCII "Registered!"
004B5E31 |. E8 E6ECF4FF CALL AutoPowe.00404B1C ; 比较假码与Registered!
004B5E36 |. 0F84 C0010000 JE AutoPowe.004B5FFC
004B5E3C |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
004B5E3F |. A1 9C7C4E00 MOV EAX,DWORD PTR DS:[4E7C9C]
004B5E44 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004B5E46 |. E8 0DE5FBFF CALL AutoPowe.00474358 ; 取得程序运行路径
004B5E4B |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 程序路径
004B5E4E |. 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
004B5E51 |. E8 9237F5FF CALL AutoPowe.004095E8 ; 程序路径的上级目录
004B5E56 |. 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
004B5E59 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004B5E5C |. B9 78604B00 MOV ECX,AutoPowe.004B6078 ; ASCII "\wake.ini"
004B5E61 |. E8 B6EBF4FF CALL AutoPowe.00404A1C ; 连接得到.ini文件路径
004B5E66 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; .INI文件路径
004B5E69 |. B2 01 MOV DL,1 ; DL置1
004B5E6B |. A1 D8624300 MOV EAX,DWORD PTR DS:[4362D8]
004B5E70 |. E8 1305F8FF CALL AutoPowe.00436388
004B5E75 |. 8BF0 MOV ESI,EAX
004B5E77 |. 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
004B5E7A |. 8B83 20030000 MOV EAX,DWORD PTR DS:[EBX+320]
004B5E80 |. E8 3BD5F9FF CALL AutoPowe.004533C0 ; 取得注册名
004B5E85 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] ; EAX中是长度
004B5E88 |. 50 PUSH EAX ; 压键
004B5E89 |. B9 8C604B00 MOV ECX,AutoPowe.004B608C ; ASCII "name"
004B5E8E |. BA 9C604B00 MOV EDX,AutoPowe.004B609C ; ASCII "reg"
004B5E93 |. 8BC6 MOV EAX,ESI
004B5E95 |. 8B38 MOV EDI,DWORD PTR DS:[EAX]
004B5E97 |. FF57 04 CALL DWORD PTR DS:[EDI+4]
004B5E9A |. 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
004B5E9D |. 8B83 4C030000 MOV EAX,DWORD PTR DS:[EBX+34C]
004B5EA3 |. E8 18D5F9FF CALL AutoPowe.004533C0 ; 取假码,长度在EAX中
004B5EA8 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; 假码
004B5EAB |. 50 PUSH EAX
004B5EAC |. B9 A8604B00 MOV ECX,AutoPowe.004B60A8 ; ASCII "code"
004B5EB1 |. BA 9C604B00 MOV EDX,AutoPowe.004B609C ; ASCII "reg"
004B5EB6 |. 8BC6 MOV EAX,ESI
004B5EB8 |. 8B38 MOV EDI,DWORD PTR DS:[EAX]
004B5EBA |. FF57 04 CALL DWORD PTR DS:[EDI+4]
004B5EBD |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
004B5EC0 |. 8B83 4C030000 MOV EAX,DWORD PTR DS:[EBX+34C]
004B5EC6 |. E8 F5D4F9FF CALL AutoPowe.004533C0 ; 又是
004B5ECB |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C] ; EAX中是假码长度
004B5ECE |. 50 PUSH EAX
004B5ECF |. B9 06000000 MOV ECX,6
004B5ED4 |. BA 01000000 MOV EDX,1
004B5ED9 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 假码
004B5EDC |. E8 4FEDF4FF CALL AutoPowe.00404C30 ; 取前6位
004B5EE1 |. 8B55 D4 MOV EDX,DWORD PTR SS:[EBP-2C] ; 前6位字符
004B5EE4 |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C]
004B5EE7 |. A1 307C4E00 MOV EAX,DWORD PTR DS:[4E7C30]
004B5EEC |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004B5EEE |. 8B80 14050000 MOV EAX,DWORD PTR DS:[EAX+514]
004B5EF4 |. E8 9BC3FFFF CALL AutoPowe.004B2294 ; 关键CALL,跟进
004B5EF9 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C] ; 运算得到的用与比较的重要值
004B5EFC |. 8B83 20030000 MOV EAX,DWORD PTR DS:[EBX+320]
004B5F02 |. E8 E9D4F9FF CALL AutoPowe.004533F0
004B5F07 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 假码
004B5F0A |. E8 C1EAF4FF CALL AutoPowe.004049D0 ; 取假码长度
004B5F0F |. 83F8 28 CMP EAX,28 ; 与0X28比较
004B5F12 |. 0F8E A8000000 JLE AutoPowe.004B5FC0 ; 小于等于就死了
004B5F18 |. 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
004B5F1B |. 50 PUSH EAX
004B5F1C |. B9 0C000000 MOV ECX,0C
004B5F21 |. BA 08000000 MOV EDX,8
004B5F26 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 假码
004B5F29 |. E8 02EDF4FF CALL AutoPowe.00404C30 ; 取假码8--19位
004B5F2E |. 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30] ; 假码8--19位
004B5F31 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C] ; 上面那个关键CALL AutoPowe.004B2294 得到的值
004B5F34 |. E8 E3EBF4FF CALL AutoPowe.00404B1C ; 关键比较
004B5F39 |. 0F85 81000000 JNZ AutoPowe.004B5FC0 ; 跳就死,如果你就修改这里没有用,它有重启验证
004B5F3F |. A1 307C4E00 MOV EAX,DWORD PTR DS:[4E7C30] ; 下面是显示注册成功的提示
004B5F44 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004B5F46 |. 8BB8 E8030000 MOV EDI,DWORD PTR DS:[EAX+3E8]
004B5F4C |. C647 48 01 MOV BYTE PTR DS:[EDI+48],1
004B5F50 |. A1 307C4E00 MOV EAX,DWORD PTR DS:[4E7C30]
004B5F55 |. 8D47 68 LEA EAX,DWORD PTR DS:[EDI+68]
004B5F58 |. BA B8604B00 MOV EDX,AutoPowe.004B60B8 ; ASCII "Registered OK!"
004B5F5D |. E8 02E8F4FF CALL AutoPowe.00404764
004B5F62 |. A1 307C4E00 MOV EAX,DWORD PTR DS:[4E7C30]
004B5F67 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004B5F69 |. 8B80 E8030000 MOV EAX,DWORD PTR DS:[EAX+3E8]
004B5F6F |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004B5F71 |. FF52 30 CALL DWORD PTR DS:[EDX+30]
004B5F74 |. A1 307C4E00 MOV EAX,DWORD PTR DS:[4E7C30]
004B5F79 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004B5F7B |. B2 01 MOV DL,1
004B5F7D |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004B5F7F |. FF51 64 CALL DWORD PTR DS:[ECX+64]
004B5F82 |. BA 64604B00 MOV EDX,AutoPowe.004B6064 ; ASCII "Registered!"
004B5F87 |. 8B83 4C030000 MOV EAX,DWORD PTR DS:[EBX+34C]
004B5F8D |. E8 5ED4F9FF CALL AutoPowe.004533F0
004B5F92 |. A1 D0784E00 MOV EAX,DWORD PTR DS:[4E78D0]
004B5F97 |. C600 01 MOV BYTE PTR DS:[EAX],1
004B5F9A |. 68 D0604B00 PUSH AutoPowe.004B60D0
004B5F9F |. B9 DC604B00 MOV ECX,AutoPowe.004B60DC ; ASCII "dd"
004B5FA4 |. BA E8604B00 MOV EDX,AutoPowe.004B60E8 ; ASCII "date"
004B5FA9 |. 8BC6 MOV EAX,ESI
004B5FAB |. 8B38 MOV EDI,DWORD PTR DS:[EAX]
004B5FAD |. FF57 04 CALL DWORD PTR DS:[EDI+4]
004B5FB0 |. 8BC6 MOV EAX,ESI
004B5FB2 |. E8 65D9F4FF CALL AutoPowe.0040391C
004B5FB7 |. 8BC3 MOV EAX,EBX
004B5FB9 |. E8 A6A5FBFF CALL AutoPowe.00470564
004B5FBE |. EB 3C JMP SHORT AutoPowe.004B5FFC
004B5FC0 |> A1 307C4E00 MOV EAX,DWORD PTR DS:[4E7C30] ;注册失败提示
004B5FC5 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004B5FC7 |. 8B98 E8030000 MOV EBX,DWORD PTR DS:[EAX+3E8]
004B5FCD |. C643 48 01 MOV BYTE PTR DS:[EBX+48],1
004B5FD1 |. A1 307C4E00 MOV EAX,DWORD PTR DS:[4E7C30]
004B5FD6 |. 8D43 68 LEA EAX,DWORD PTR DS:[EBX+68]
004B5FD9 |. BA F8604B00 MOV EDX,AutoPowe.004B60F8 ; ASCII "Invalid key, please input again!"
004B5FDE |. E8 81E7F4FF CALL AutoPowe.00404764
004B5FE3 |. A1 307C4E00 MOV EAX,DWORD PTR DS:[4E7C30]
004B5FE8 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004B5FEA |. 8B80 E8030000 MOV EAX,DWORD PTR DS:[EAX+3E8]
004B5FF0 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004B5FF2 |. FF52 30 CALL DWORD PTR DS:[EDX+30]
004B5FF5 |. 8BC6 MOV EAX,ESI
004B5FF7 |. E8 20D9F4FF CALL AutoPowe.0040391C
004B5FFC |> 33C0 XOR EAX,EAX
004B5FFE |. 5A POP EDX
004B5FFF |. 59 POP ECX
004B6000 |. 59 POP ECX
004B6001 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004B6004 |. 68 52604B00 PUSH AutoPowe.004B6052
004B6009 |> 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
004B600C |. BA 02000000 MOV EDX,2
004B6011 |. E8 1EE7F4FF CALL AutoPowe.00404734
004B6016 |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
004B6019 |. BA 02000000 MOV EDX,2
004B601E |. E8 11E7F4FF CALL AutoPowe.00404734
004B6023 |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
004B6026 |. BA 02000000 MOV EDX,2
004B602B |. E8 04E7F4FF CALL AutoPowe.00404734
004B6030 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
004B6033 |. BA 02000000 MOV EDX,2
004B6038 |. E8 F7E6F4FF CALL AutoPowe.00404734
004B603D |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004B6040 |. BA 04000000 MOV EDX,4
004B6045 |. E8 EAE6F4FF CALL AutoPowe.00404734
004B604A \. C3 RETN
-------------------- 004B5EF4 |. E8 9BC3FFFF CALL AutoPowe.004B2294跟进 ------------------------------
{
004B2294 /$ 55 PUSH EBP
004B2295 |. 8BEC MOV EBP,ESP
004B2297 |. 83C4 DC ADD ESP,-24
004B229A |. 53 PUSH EBX
004B229B |. 56 PUSH ESI
004B229C |. 57 PUSH EDI
004B229D |. 33DB XOR EBX,EBX
004B229F |. 895D DC MOV DWORD PTR SS:[EBP-24],EBX
004B22A2 |. 895D F4 MOV DWORD PTR SS:[EBP-C],EBX
004B22A5 |. 8BF9 MOV EDI,ECX
004B22A7 |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX ; EDX为假码前6位
004B22AA |. 8BF0 MOV ESI,EAX
004B22AC |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 假码前6位
004B22AF |. E8 0C29F5FF CALL AutoPowe.00404BC0
004B22B4 |. 33C0 XOR EAX,EAX ; 清0
004B22B6 |. 55 PUSH EBP
004B22B7 |. 68 EE234B00 PUSH AutoPowe.004B23EE
004B22BC |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004B22BF |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004B22C2 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 假码前6位
004B22C5 |. E8 0627F5FF CALL AutoPowe.004049D0 ; 取假码前6位长度
004B22CA |. 3B46 58 CMP EAX,DWORD PTR DS:[ESI+58] ; 与0X32比较
004B22CD |. 7F 0D JG SHORT AutoPowe.004B22DC
004B22CF |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 假码前6位
004B22D2 |. E8 F926F5FF CALL AutoPowe.004049D0 ; 长度
004B22D7 |. 3B46 5C CMP EAX,DWORD PTR DS:[ESI+5C] ; 与5比较
004B22DA |. 7D 0C JGE SHORT AutoPowe.004B22E8 ; 这里会跳
004B22DC |> 8BC7 MOV EAX,EDI
004B22DE |. E8 2D24F5FF CALL AutoPowe.00404710
004B22E3 |. E9 E0000000 JMP AutoPowe.004B23C8
004B22E8 |> 8B46 70 MOV EAX,DWORD PTR DS:[ESI+70]
004B22EB |. 99 CDQ
004B22EC |. 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX ; 假码前6位
004B22EF |. 8955 E4 MOV DWORD PTR SS:[EBP-1C],EDX ; 假码
004B22F2 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004B22F5 |. E8 D626F5FF CALL AutoPowe.004049D0 ; 假码前6位长度
004B22FA |. 8BD8 MOV EBX,EAX
004B22FC |. EB 51 JMP SHORT AutoPowe.004B234F
004B22FE |> 8B45 FC /MOV EAX,DWORD PTR SS:[EBP-4] ; 假码
004B2301 |. 4B |DEC EBX
004B2302 |. 85C0 |TEST EAX,EAX ; 位测试
004B2304 |. 74 05 |JE SHORT AutoPowe.004B230B
004B2306 |. 3B58 FC |CMP EBX,DWORD PTR DS:[EAX-4]
004B2309 |. 72 05 |JB SHORT AutoPowe.004B2310
004B230B |> E8 4415F5FF |CALL AutoPowe.00403854
004B2310 |> 43 |INC EBX
004B2311 |. 8A4418 FF |MOV AL,BYTE PTR DS:[EAX+EBX-1] ; 倒取假码前6位
004B2315 |. 25 FF000000 |AND EAX,0FF ; 搞定高位
004B231A |. 33D2 |XOR EDX,EDX ; 清0
004B231C |. 52 |PUSH EDX
004B231D |. 50 |PUSH EAX ; 压键
004B231E |. 8B45 E0 |MOV EAX,DWORD PTR SS:[EBP-20]
004B2321 |. 8B55 E4 |MOV EDX,DWORD PTR SS:[EBP-1C]
004B2324 |. E8 0333F5FF |CALL AutoPowe.0040562C ; 重要运算,跟进
004B2329 |. 71 05 |JNO SHORT AutoPowe.004B2330 ; 不溢出就跳
004B232B |. E8 2C15F5FF |CALL AutoPowe.0040385C
004B2330 |> 52 |PUSH EDX ; /Arg2
004B2331 |. 50 |PUSH EAX ; |Arg1
004B2332 |. 8D45 DC |LEA EAX,DWORD PTR SS:[EBP-24] ; |
004B2335 |. E8 0E6DF5FF |CALL AutoPowe.00409048 ; \16进制转化为10进制
004B233A |. 8B55 DC |MOV EDX,DWORD PTR SS:[EBP-24] ; 得到的10进制值
004B233D |. 8D45 F4 |LEA EAX,DWORD PTR SS:[EBP-C]
004B2340 |. E8 9326F5FF |CALL AutoPowe.004049D8
004B2345 |. 83EB 01 |SUB EBX,1
004B2348 |. 71 05 |JNO SHORT AutoPowe.004B234F
004B234A |. E8 0D15F5FF |CALL AutoPowe.0040385C
004B234F |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 假码前6位
004B2352 |. E8 7926F5FF |CALL AutoPowe.004049D0 ; 长度
004B2357 |. 83E8 06 |SUB EAX,6 ; 减6
004B235A |. 71 05 |JNO SHORT AutoPowe.004B2361
004B235C |. E8 FB14F5FF |CALL AutoPowe.0040385C
004B2361 |> 3BD8 |CMP EBX,EAX ; EBX为6
004B2363 |. 7C 04 |JL SHORT AutoPowe.004B2369
004B2365 |. 85DB |TEST EBX,EBX
004B2367 |.^7F 95 \JG SHORT AutoPowe.004B22FE
004B2369 |> 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
004B236C |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 连接起来的上面得到的值
004B236F |. E8 F032F5FF CALL AutoPowe.00405664 ; 转化为16进制
004B2374 |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX ; EAX为转化后的16进制值
004B2377 |. 8955 EC MOV DWORD PTR SS:[EBP-14],EDX
004B237A |. 8B5E 6C MOV EBX,DWORD PTR DS:[ESI+6C]
004B237D |. 85DB TEST EBX,EBX
004B237F |. 7F 11 JG SHORT AutoPowe.004B2392
004B2381 |. FF75 EC PUSH DWORD PTR SS:[EBP-14] ; /Arg2
004B2384 |. FF75 E8 PUSH DWORD PTR SS:[EBP-18] ; |Arg1
004B2387 |. 8BD7 MOV EDX,EDI ; |
004B2389 |. 33C0 XOR EAX,EAX ; |
004B238B |. E8 086DF5FF CALL AutoPowe.00409098 ; \AutoPowe.00409098
004B2390 |. EB 36 JMP SHORT AutoPowe.004B23C8
004B2392 |> FF75 EC PUSH DWORD PTR SS:[EBP-14] ; /Arg2
004B2395 |. FF75 E8 PUSH DWORD PTR SS:[EBP-18] ; |Arg1
004B2398 |. 8BD7 MOV EDX,EDI ; |
004B239A |. 8BC3 MOV EAX,EBX ; |
004B239C |. E8 F76CF5FF CALL AutoPowe.00409098 ; \不足12位的前面补0
004B23A1 |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004B23A3 |. E8 2826F5FF CALL AutoPowe.004049D0
004B23A8 |. 8BC8 MOV ECX,EAX
004B23AA |. 2B4E 6C SUB ECX,DWORD PTR DS:[ESI+6C]
004B23AD |. 71 05 JNO SHORT AutoPowe.004B23B4
004B23AF |. E8 A814F5FF CALL AutoPowe.0040385C
004B23B4 |> 8B56 6C MOV EDX,DWORD PTR DS:[ESI+6C]
004B23B7 |. 83C2 01 ADD EDX,1
004B23BA |. 71 05 JNO SHORT AutoPowe.004B23C1
004B23BC |. E8 9B14F5FF CALL AutoPowe.0040385C
004B23C1 |> 8BC7 MOV EAX,EDI
004B23C3 |. E8 A828F5FF CALL AutoPowe.00404C70 ; 得到最后的结果
}
------------------------004B2324 |. E8 0333F5FF CALL AutoPowe.0040562C;跟进 -------------------------------------
{0040562C /$ 56 PUSH ESI
0040562D |. 8B7424 0C MOV ESI,DWORD PTR SS:[ESP+C]
00405631 |. 237424 08 AND ESI,DWORD PTR SS:[ESP+8]
00405635 |. 81FE FFFFFFFF CMP ESI,-1
0040563B |. 75 11 JNZ SHORT AutoPowe.0040564E
0040563D |. 89C6 MOV ESI,EAX
0040563F |. 09D6 OR ESI,EDX
00405641 |. 81FE 00000080 CMP ESI,80000000
00405647 |. 75 05 JNZ SHORT AutoPowe.0040564E
00405649 |. 89F0 MOV EAX,ESI
0040564B |. 5E POP ESI
0040564C |. 48 DEC EAX
0040564D |. C3 RETN
0040564E |> 5E POP ESI
0040564F |. FF7424 08 PUSH DWORD PTR SS:[ESP+8]
00405653 |. FF7424 08 PUSH DWORD PTR SS:[ESP+8] ;倒取的值
00405657 |. E8 54FFFFFF CALL AutoPowe.004055B0 ; 运算在里面
0040565C |. 21C0 AND EAX,EAX
0040565E \. C2 0800 RETN 8
00405661 . C3 RETN
}
-------------------------00405657 |. E8 54FFFFFF CALL AutoPowe.004055B0;跟进---------------------------------------
{004055B0 /$ 55 PUSH EBP
004055B1 |. 53 PUSH EBX
004055B2 |. 56 PUSH ESI
004055B3 |. 57 PUSH EDI
004055B4 |. 31FF XOR EDI,EDI
004055B6 |. 8B5C24 14 MOV EBX,DWORD PTR SS:[ESP+14] ; 被取的16进制值
004055BA |. 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18]
004055BE |. 09C9 OR ECX,ECX
004055C0 |. 75 08 JNZ SHORT AutoPowe.004055CA
004055C2 |. 09D2 OR EDX,EDX
004055C4 |. 74 5D JE SHORT AutoPowe.00405623 ;这里会跳
004055C6 |. 09DB OR EBX,EBX
004055C8 |. 74 59 JE SHORT AutoPowe.00405623
004055CA |> 09D2 OR EDX,EDX
004055CC |. 79 0A JNS SHORT AutoPowe.004055D8
004055CE |. F7DA NEG EDX
004055D0 |. F7D8 NEG EAX
004055D2 |. 83DA 00 SBB EDX,0
004055D5 |. 83CF 01 OR EDI,1
004055D8 |> 09C9 OR ECX,ECX
004055DA |. 79 07 JNS SHORT AutoPowe.004055E3
004055DC |. F7D9 NEG ECX
004055DE |. F7DB NEG EBX
004055E0 |. 83D9 00 SBB ECX,0
004055E3 |> 89CD MOV EBP,ECX
004055E5 |. B9 40000000 MOV ECX,40
004055EA |. 57 PUSH EDI
004055EB |. 31FF XOR EDI,EDI
004055ED |. 31F6 XOR ESI,ESI
004055EF |> D1E0 /SHL EAX,1
004055F1 |. D1D2 |RCL EDX,1
004055F3 |. D1D6 |RCL ESI,1
004055F5 |. D1D7 |RCL EDI,1
004055F7 |. 39EF |CMP EDI,EBP
004055F9 |. 72 0B |JB SHORT AutoPowe.00405606
004055FB |. 77 04 |JA SHORT AutoPowe.00405601
004055FD |. 39DE |CMP ESI,EBX
004055FF |. 72 05 |JB SHORT AutoPowe.00405606
00405601 |> 29DE |SUB ESI,EBX
00405603 |. 19EF |SBB EDI,EBP
00405605 |. 40 |INC EAX
00405606 |>^E2 E7 \LOOPD SHORT AutoPowe.004055EF
00405608 |. 89F0 MOV EAX,ESI
0040560A |. 89FA MOV EDX,EDI
0040560C |. 5B POP EBX
0040560D |. F7C3 01000000 TEST EBX,1
00405613 |. 74 07 JE SHORT AutoPowe.0040561C
00405615 |. F7DA NEG EDX
00405617 |. F7D8 NEG EAX
00405619 |. 83DA 00 SBB EDX,0
0040561C |> 5F POP EDI
0040561D |. 5E POP ESI
0040561E |. 5B POP EBX
0040561F |. 5D POP EBP
00405620 |. C2 0800 RETN 8
00405623 |> F7F3 DIV EBX ; EAX\EBX,余数在EDX中
00405625 |. 92 XCHG EAX,EDX ; EAX与EDX交换
00405626 |. 31D2 XOR EDX,EDX ; 清0
00405628 \.^EB F2 JMP SHORT AutoPowe.0040561C ;EDX就是关键值
0040562A . C3 RETN
============================================================
【破解分析过程总结】
算法比较简单,输入29位以上注册码,取注册码前6位,然后倒取注册码前6位16进制值记为N,用0027D4AA/N得到的余数的10进制,连接这些运算得到的值,再转化为16进制,如果转化后的位数如果不没有12位就在转化后的值前补0达到12位,取注册码的8--19位与运算得到的值比较,相等就注册成功,不等OVER!
============================================================ |
|
IP卡
发表于 2005-8-9 10:47:37
提升卡
置顶卡
变色卡
千斤顶
显身卡