- UID
- 28352
注册时间2007-2-21
阅读权限40
最后登录1970-1-1
独步武林
TA的每日心情 | 开心 2024-5-1 14:44 |
---|
签到天数: 2 天 [LV.1]初来乍到
|
【软件名称】半仙算命 V2008 Build 01.01
【软件大小】6721 KB
【原版下载】天空软件站http://www.skycn.com/soft/7818.html
【保护方式】注册码
【软件简介】〖半仙算命〗软件是目前网上功能最为强大,内容最为丰富的算命工具。软件集成了多种测算选项,测算内容、测算项目极其丰富,包括姓名吉凶测算、命运推算、科学起名向导、生男生女查询以及万年历、农历、中国黄历、皇历等等实用查询等。软件功能强大,使用简单、绿色、环保,只要你正确选择好出生的日期,即可自动转换为农历、属相、星座等然后软件将依此进行命运推算、姓名推算等等,软件运算参考数十种古代命理、算命、运程、吉凶书籍,有根有据。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
--------------------------------------------------------------------------------
**************************************************************
一、运行程序,进行注册,输入错误的注册信息进行检测,无提示信息
**************************************************************
二、用PEiD对这个软件查壳,为 ASPack 2.12 -> Alexey Solodovnikov
**************************************************************
三、用PEiD插件脱壳
**************************************************************
四、用PEiD对ssbx.exe.unpacked_查壳, 无壳。Borland Delphi 6.0 - 7.0编写。
**************************************************************
五、运行OD,打开Borland Delphi 6.0 - 7.0,右键—超级字串参考—查找ASCII.
发现"注册信息没有填写齐全""注册成功!""software\microsoft\yhds"- 0055BCB0 /. 55 PUSH EBP
- 0055BCB1 |. 8BEC MOV EBP,ESP
- 0055BCB3 |. B9 18000000 MOV ECX,18
- 0055BCB8 |> 6A 00 /PUSH 0
- 0055BCBA |. 6A 00 |PUSH 0
- 0055BCBC |. 49 |DEC ECX
- 0055BCBD |.^ 75 F9 \JNZ SHORT ssbx_exe.0055BCB8
- 0055BCBF |. 51 PUSH ECX
- 0055BCC0 |. 53 PUSH EBX
- 0055BCC1 |. 56 PUSH ESI
- 0055BCC2 |. 57 PUSH EDI
- 0055BCC3 |. 8BD8 MOV EBX,EAX
- 0055BCC5 |. 33C0 XOR EAX,EAX
- 0055BCC7 |. 55 PUSH EBP
- 0055BCC8 |. 68 C3BF5500 PUSH ssbx_exe.0055BFC3
- 0055BCCD |. 64:FF30 PUSH DWORD PTR FS:[EAX]
- 0055BCD0 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
- 0055BCD3 |. B2 01 MOV DL,1
- 0055BCD5 |. A1 00324700 MOV EAX,DWORD PTR DS:[473200]
- 0055BCDA |. E8 2176F1FF CALL ssbx_exe.00473300
- 0055BCDF |. 8BF0 MOV ESI,EAX
- 0055BCE1 |. BA 02000080 MOV EDX,80000002
- 0055BCE6 |. 8BC6 MOV EAX,ESI
- 0055BCE8 |. E8 B376F1FF CALL ssbx_exe.004733A0
- 0055BCED |. B1 01 MOV CL,1
- 0055BCEF |. BA DCBF5500 MOV EDX,ssbx_exe.0055BFDC ; software\microsoft\yhds //注册信息保存在SOFTWARE\Microsoft\Yhd
- 0055BCF4 |. 8BC6 MOV EAX,ESI
- 0055BCF6 |. E8 0977F1FF CALL ssbx_exe.00473404
- 0055BCFB |. 68 80000000 PUSH 80 ; /BufSize = 80 (128.)
- 0055BD00 |. 8D85 7BFFFFFF LEA EAX,DWORD PTR SS:[EBP-85] ; |
- 0055BD06 |. 50 PUSH EAX ; |Buffer
- 0055BD07 |. E8 E0B5EAFF CALL <JMP.&KERNEL32.GetSystemDirectoryA> ; \GetSystemDirectoryA
- 0055BD0C |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
- 0055BD0F |. 8D95 7BFFFFFF LEA EDX,DWORD PTR SS:[EBP-85]
- 0055BD15 |. B9 81000000 MOV ECX,81
- 0055BD1A |. E8 CD8EEAFF CALL ssbx_exe.00404BEC
- 0055BD1F |. 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
- 0055BD25 |. 8BBB F8020000 MOV EDI,DWORD PTR DS:[EBX+2F8]
- 0055BD2B |. 8BC7 MOV EAX,EDI
- 0055BD2D |. E8 AEC1EEFF CALL ssbx_exe.00447EE0 ; //将注册码的长度送入EAX
- 0055BD32 |. 8B85 70FFFFFF MOV EAX,DWORD PTR SS:[EBP-90] ; //将注册码送入EAX
- 0055BD38 |. 8D95 74FFFFFF LEA EDX,DWORD PTR SS:[EBP-8C]
- 0055BD3E |. E8 89D5EAFF CALL ssbx_exe.004092CC
- 0055BD43 |. 8B95 74FFFFFF MOV EDX,DWORD PTR SS:[EBP-8C] ; //将注册码送入EDX
- 0055BD49 |. 8BC7 MOV EAX,EDI
- 0055BD4B |. E8 C0C1EEFF CALL ssbx_exe.00447F10
- 0055BD50 |. 8D95 68FFFFFF LEA EDX,DWORD PTR SS:[EBP-98]
- 0055BD56 |. 8BBB 00030000 MOV EDI,DWORD PTR DS:[EBX+300]
- 0055BD5C |. 8BC7 MOV EAX,EDI
- 0055BD5E |. E8 7DC1EEFF CALL ssbx_exe.00447EE0 ; //将试炼码的长度送入EAX
- 0055BD63 |. 8B85 68FFFFFF MOV EAX,DWORD PTR SS:[EBP-98] ; //将试炼码送入EAX
- 0055BD69 |. 8D95 6CFFFFFF LEA EDX,DWORD PTR SS:[EBP-94]
- 0055BD6F |. E8 58D5EAFF CALL ssbx_exe.004092CC
- 0055BD74 |. 8B95 6CFFFFFF MOV EDX,DWORD PTR SS:[EBP-94] ; //将试炼码送入EDX
- 0055BD7A |. 8BC7 MOV EAX,EDI
- 0055BD7C |. E8 8FC1EEFF CALL ssbx_exe.00447F10
- 0055BD81 |. 8D95 64FFFFFF LEA EDX,DWORD PTR SS:[EBP-9C]
- 0055BD87 |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
- 0055BD8D |. E8 4EC1EEFF CALL ssbx_exe.00447EE0 ; //将试炼码的长度送入EAX
- 0055BD92 |. 83BD 64FFFFFF>CMP DWORD PTR SS:[EBP-9C],0 ; //将试炼码与0比较
- 0055BD99 |. 74 1A JE SHORT ssbx_exe.0055BDB5 ; //若相等则跳
- 0055BD9B |. 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
- 0055BDA1 |. 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8]
- 0055BDA7 |. E8 34C1EEFF CALL ssbx_exe.00447EE0 ; //将注册码的长度送入EAX
- 0055BDAC |. 83BD 60FFFFFF>CMP DWORD PTR SS:[EBP-A0],0 ; //将注册码与0比较
- 0055BDB3 |. 75 0F JNZ SHORT ssbx_exe.0055BDC4 ; //若不相等则跳
- 0055BDB5 |> B8 FCBF5500 MOV EAX,ssbx_exe.0055BFFC ; 注册信息没有填写齐全
- 0055BDBA |. E8 AD4EEEFF CALL ssbx_exe.00440C6C
- 0055BDBF |. E9 77010000 JMP ssbx_exe.0055BF3B
- 0055BDC4 |> 8D95 5CFFFFFF LEA EDX,DWORD PTR SS:[EBP-A4]
- 0055BDCA |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
- 0055BDD0 |. E8 0BC1EEFF CALL ssbx_exe.00447EE0 ; //将试炼码的长度送入EAX
- 0055BDD5 |. 8B85 5CFFFFFF MOV EAX,DWORD PTR SS:[EBP-A4] ; //将试炼码送入EAX
- 0055BDDB |. 50 PUSH EAX ; //将EAX入栈
- 0055BDDC |. 8D95 54FFFFFF LEA EDX,DWORD PTR SS:[EBP-AC]
- 0055BDE2 |. 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8]
- 0055BDE8 |. E8 F3C0EEFF CALL ssbx_exe.00447EE0 ; //将注册码的长度送入EAX
- 0055BDED |. 8B85 54FFFFFF MOV EAX,DWORD PTR SS:[EBP-AC] ; //将注册码送入EAX
- 0055BDF3 |. E8 88D8EAFF CALL ssbx_exe.00409680 ; //将注册码转换为十六进制送入EAX
- 0055BDF8 |. 8BF8 MOV EDI,EAX ; //将EAX送入EDI
- 0055BDFA |. 8D95 50FFFFFF LEA EDX,DWORD PTR SS:[EBP-B0]
- 0055BE00 |. 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8]
- 0055BE06 |. E8 D5C0EEFF CALL ssbx_exe.00447EE0 ; //将注册码的长度送入EAX
- 0055BE0B |. 8B85 50FFFFFF MOV EAX,DWORD PTR SS:[EBP-B0] ; //将注册码送入EAX
- 0055BE11 |. E8 6AD8EAFF CALL ssbx_exe.00409680 ; //将注册码转换为十六进制送入EAX
- 0055BE16 |. 0FAFF8 IMUL EDI,EAX ; //EDI=EDI*EAX
- 0055BE19 |. 8BC7 MOV EAX,EDI ; //将EDI送入EAX
- 0055BE1B |. 8D95 58FFFFFF LEA EDX,DWORD PTR SS:[EBP-A8]
- 0055BE21 |. E8 96FDFFFF CALL ssbx_exe.0055BBBC ; //算法CALL
- 0055BE26 |. 8B95 58FFFFFF MOV EDX,DWORD PTR SS:[EBP-A8]
- 0055BE2C |. 58 POP EAX
- 0055BE2D |. E8 4E8FEAFF CALL ssbx_exe.00404D80 ; //比较CALL,真码在EDX
- 0055BE32 |. 0F85 E9000000 JNZ ssbx_exe.0055BF21 ; //关键跳转
- 0055BE38 |. A1 807D5700 MOV EAX,DWORD PTR DS:[577D80]
- 0055BE3D |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
- 0055BE3F |. 8B80 2C040000 MOV EAX,DWORD PTR DS:[EAX+42C]
- 0055BE45 |. BA 1CC05500 MOV EDX,ssbx_exe.0055C01C ; 本软件已注册
- 0055BE4A |. E8 C1C0EEFF CALL ssbx_exe.00447F10
- 0055BE4F |. 8D95 4CFFFFFF LEA EDX,DWORD PTR SS:[EBP-B4]
- 0055BE55 |. 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8]
- 0055BE5B |. E8 80C0EEFF CALL ssbx_exe.00447EE0
- 0055BE60 |. 8B8D 4CFFFFFF MOV ECX,DWORD PTR SS:[EBP-B4]
- 0055BE66 |. BA 34C05500 MOV EDX,ssbx_exe.0055C034 ; ssbxr
- 0055BE6B |. 8BC6 MOV EAX,ESI
- 0055BE6D |. E8 2E77F1FF CALL ssbx_exe.004735A0
- 0055BE72 |. 8D85 48FFFFFF LEA EAX,DWORD PTR SS:[EBP-B8]
- 0055BE78 |. B9 44C05500 MOV ECX,ssbx_exe.0055C044 ; \c1l.dll
- 0055BE7D |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
- 0055BE80 |. E8 038EEAFF CALL ssbx_exe.00404C88
- 0055BE85 |. 8B8D 48FFFFFF MOV ECX,DWORD PTR SS:[EBP-B8]
- 0055BE8B |. B2 01 MOV DL,1
- 0055BE8D |. A1 B0224700 MOV EAX,DWORD PTR DS:[4722B0]
- 0055BE92 |. E8 C964F1FF CALL ssbx_exe.00472360
- 0055BE97 |. 8BF0 MOV ESI,EAX
- 0055BE99 |. 8D95 44FFFFFF LEA EDX,DWORD PTR SS:[EBP-BC]
- 0055BE9F |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
- 0055BEA5 |. E8 36C0EEFF CALL ssbx_exe.00447EE0
- 0055BEAA |. 8B85 44FFFFFF MOV EAX,DWORD PTR SS:[EBP-BC]
- 0055BEB0 |. 50 PUSH EAX
- 0055BEB1 |. B9 58C05500 MOV ECX,ssbx_exe.0055C058 ; dd
- 0055BEB6 |. BA 64C05500 MOV EDX,ssbx_exe.0055C064 ; sysetup
- 0055BEBB |. 8BC6 MOV EAX,ESI
- 0055BEBD |. 8B38 MOV EDI,DWORD PTR DS:[EAX]
- 0055BEBF |. FF57 04 CALL DWORD PTR DS:[EDI+4]
- 0055BEC2 |. 8D95 40FFFFFF LEA EDX,DWORD PTR SS:[EBP-C0]
- 0055BEC8 |. 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8]
- 0055BECE |. E8 0DC0EEFF CALL ssbx_exe.00447EE0
- 0055BED3 |. 8B85 40FFFFFF MOV EAX,DWORD PTR SS:[EBP-C0]
- 0055BED9 |. 50 PUSH EAX
- 0055BEDA |. B9 74C05500 MOV ECX,ssbx_exe.0055C074 ; zc
- 0055BEDF |. BA 64C05500 MOV EDX,ssbx_exe.0055C064 ; sysetup
- 0055BEE4 |. 8BC6 MOV EAX,ESI
- 0055BEE6 |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
- 0055BEE8 |. FF56 04 CALL DWORD PTR DS:[ESI+4]
- 0055BEEB |. 8D85 3CFFFFFF LEA EAX,DWORD PTR SS:[EBP-C4]
- 0055BEF1 |. B9 44C05500 MOV ECX,ssbx_exe.0055C044 ; \c1l.dll
- 0055BEF6 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
- 0055BEF9 |. E8 8A8DEAFF CALL ssbx_exe.00404C88
- 0055BEFE |. 8B85 3CFFFFFF MOV EAX,DWORD PTR SS:[EBP-C4]
- 0055BF04 |. BA 02000000 MOV EDX,2
- 0055BF09 |. E8 9EDAEAFF CALL ssbx_exe.004099AC
- 0055BF0E |. B8 80C05500 MOV EAX,ssbx_exe.0055C080 ; 注册成功!
- 0055BF13 |. E8 544DEEFF CALL ssbx_exe.00440C6C
- 0055BF18 |. 8BC3 MOV EAX,EBX
- 0055BF1A |. E8 299AF0FF CALL ssbx_exe.00465948
- 0055BF1F |. EB 1A JMP SHORT ssbx_exe.0055BF3B
- 0055BF21 |> 33D2 XOR EDX,EDX
- 0055BF23 |. 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8]
- 0055BF29 |. E8 E2BFEEFF CALL ssbx_exe.00447F10
- 0055BF2E |. 33D2 XOR EDX,EDX
- 0055BF30 |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
- 0055BF36 |. E8 D5BFEEFF CALL ssbx_exe.00447F10
- 0055BF3B |> 33C0 XOR EAX,EAX
- 0055BF3D |. 5A POP EDX
- 0055BF3E |. 59 POP ECX
- 0055BF3F |. 59 POP ECX
- 0055BF40 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
- 0055BF43 |. 68 CDBF5500 PUSH ssbx_exe.0055BFCD
- 0055BF48 |> 8D85 3CFFFFFF LEA EAX,DWORD PTR SS:[EBP-C4]
- 0055BF4E |. E8 318AEAFF CALL ssbx_exe.00404984
- 0055BF53 |. 8D85 40FFFFFF LEA EAX,DWORD PTR SS:[EBP-C0]
- 0055BF59 |. BA 02000000 MOV EDX,2
- 0055BF5E |. E8 458AEAFF CALL ssbx_exe.004049A8
- 0055BF63 |. 8D85 48FFFFFF LEA EAX,DWORD PTR SS:[EBP-B8]
- 0055BF69 |. E8 168AEAFF CALL ssbx_exe.00404984
- 0055BF6E |. 8D85 4CFFFFFF LEA EAX,DWORD PTR SS:[EBP-B4]
- 0055BF74 |. BA 03000000 MOV EDX,3
- 0055BF79 |. E8 2A8AEAFF CALL ssbx_exe.004049A8
- 0055BF7E |. 8D85 58FFFFFF LEA EAX,DWORD PTR SS:[EBP-A8]
- 0055BF84 |. E8 FB89EAFF CALL ssbx_exe.00404984
- 0055BF89 |. 8D85 5CFFFFFF LEA EAX,DWORD PTR SS:[EBP-A4]
- 0055BF8F |. BA 04000000 MOV EDX,4
- 0055BF94 |. E8 0F8AEAFF CALL ssbx_exe.004049A8
- 0055BF99 |. 8D85 6CFFFFFF LEA EAX,DWORD PTR SS:[EBP-94]
- 0055BF9F |. E8 E089EAFF CALL ssbx_exe.00404984
- 0055BFA4 |. 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90]
- 0055BFAA |. E8 D589EAFF CALL ssbx_exe.00404984
- 0055BFAF |. 8D85 74FFFFFF LEA EAX,DWORD PTR SS:[EBP-8C]
- 0055BFB5 |. E8 CA89EAFF CALL ssbx_exe.00404984
- 0055BFBA |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
- 0055BFBD |. E8 C289EAFF CALL ssbx_exe.00404984
- 0055BFC2 \. C3 RETN
- 0055BFC3 .^ E9 6082EAFF JMP ssbx_exe.00404228
- 0055BFC8 .^ E9 7BFFFFFF JMP ssbx_exe.0055BF48
- 0055BFCD . 5F POP EDI
- 0055BFCE . 5E POP ESI
- 0055BFCF . 5B POP EBX
- 0055BFD0 . 8BE5 MOV ESP,EBP
- 0055BFD2 . 5D POP EBP
- 0055BFD3 . C3 RETN
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 0055BBBC /$ 55 PUSH EBP
- 0055BBBD |. 8BEC MOV EBP,ESP
- 0055BBBF |. 33C9 XOR ECX,ECX
- 0055BBC1 |. 51 PUSH ECX
- 0055BBC2 |. 51 PUSH ECX
- 0055BBC3 |. 51 PUSH ECX
- 0055BBC4 |. 51 PUSH ECX
- 0055BBC5 |. 53 PUSH EBX
- 0055BBC6 |. 56 PUSH ESI
- 0055BBC7 |. 8BF2 MOV ESI,EDX
- 0055BBC9 |. 8BD8 MOV EBX,EAX ; //将EAX送入EBX
- 0055BBCB |. 33C0 XOR EAX,EAX ; //将EAX清零
- 0055BBCD |. 55 PUSH EBP
- 0055BBCE |. 68 8CBC5500 PUSH ssbx_exe.0055BC8C
- 0055BBD3 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
- 0055BBD6 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
- 0055BBD9 |. 81F3 F1250B00 XOR EBX,0B25F1 ; //将EBX与0B25F1作异或运算
- 0055BBDF |. 8BC3 MOV EAX,EBX ; //将EBX送入EAX
- 0055BBE1 |. 33D2 XOR EDX,EDX ; //将EDX清零
- 0055BBE3 |. 52 PUSH EDX ; /Arg2 => 00000000
- 0055BBE4 |. 50 PUSH EAX ; |Arg1
- 0055BBE5 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4] ; |
- 0055BBE8 |. E8 5FDAEAFF CALL ssbx_exe.0040964C ; \//将EBX转为无符号10进制送入[EBP-4]
- 0055BBED |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将[EBP-4]送入EAX
- 0055BBF0 |. 0FB600 MOVZX EAX,BYTE PTR DS:[EAX] ; //将转换后的字符串的第1位ASC码16进制送入EAX
- 0055BBF3 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; //将[EBP-4]送入EDX
- 0055BBF6 |. 0FB652 01 MOVZX EDX,BYTE PTR DS:[EDX+1] ; //将转换后的字符串的第2位ASC码16进制送入EDX
- 0055BBFA |. 03C2 ADD EAX,EDX ; //EAX=EAX+EDX
- 0055BBFC |. B9 05000000 MOV ECX,5 ; //将5送入ECX
- 0055BC01 |. 99 CDQ ; //双字节扩展,把EAX中的字的符号扩展到EDX中去,EDX清零
- 0055BC02 |. F7F9 IDIV ECX ; //有符号除法,EAX/ECX,商送入EAX,余送入EDX
- 0055BC04 |. 80C2 34 ADD DL,34 ; //DL=DL+34
- 0055BC07 |. 8855 F8 MOV BYTE PTR SS:[EBP-8],DL ; //将DL送入[EBP-8]
- 0055BC0A |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将[EBP-4]送入EAX
- 0055BC0D |. 0FB640 02 MOVZX EAX,BYTE PTR DS:[EAX+2] ; //将转换后的字符串的第3位ASC码16进制送入EAX
- 0055BC11 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; //将[EBP-4]送入EAX
- 0055BC14 |. 0FB652 03 MOVZX EDX,BYTE PTR DS:[EDX+3] ; //将转换后的字符串的第4位ASC码16进制送入EDX
- 0055BC18 |. 03C2 ADD EAX,EDX ; //EAX=EAX+EDX
- 0055BC1A |. B9 05000000 MOV ECX,5 ; //将5送入ECX
- 0055BC1F |. 99 CDQ ; //双字节扩展,把EAX中的字的符号扩展到EDX中去,EDX清零
- 0055BC20 |. F7F9 IDIV ECX ; //有符号除法,EAX/ECX,商送入EAX,余送入EDX
- 0055BC22 |. 8BDA MOV EBX,EDX ; //将EDX送入EBX
- 0055BC24 |. 80C3 33 ADD BL,33 ; //BL=BL+33
- 0055BC27 |. 885D F9 MOV BYTE PTR SS:[EBP-7],BL ; //将BL送入[EBP-7]
- 0055BC2A |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
- 0055BC2D |. 8A55 F8 MOV DL,BYTE PTR SS:[EBP-8] ; //将[EBP-8]送入DL
- 0055BC30 |. E8 2F8FEAFF CALL ssbx_exe.00404B64
- 0055BC35 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
- 0055BC38 |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
- 0055BC3B |. B9 1B000000 MOV ECX,1B
- 0055BC40 |. E8 D792EAFF CALL ssbx_exe.00404F1C
- 0055BC45 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
- 0055BC48 |. 8BD3 MOV EDX,EBX
- 0055BC4A |. E8 158FEAFF CALL ssbx_exe.00404B64
- 0055BC4F |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
- 0055BC52 |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
- 0055BC55 |. B9 19000000 MOV ECX,19
- 0055BC5A |. E8 BD92EAFF CALL ssbx_exe.00404F1C ; //在字符串后依次连上运算得到的两个字符
- 0055BC5F |. 8BC6 MOV EAX,ESI
- 0055BC61 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; //将真码送入EDX
- 0055BC64 |. E8 6F8DEAFF CALL ssbx_exe.004049D8
- 0055BC69 |. 33C0 XOR EAX,EAX
- 0055BC6B |. 5A POP EDX
- 0055BC6C |. 59 POP ECX
- 0055BC6D |. 59 POP ECX
- 0055BC6E |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
- 0055BC71 |. 68 93BC5500 PUSH ssbx_exe.0055BC93
- 0055BC76 |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
- 0055BC79 |. BA 02000000 MOV EDX,2
- 0055BC7E |. E8 258DEAFF CALL ssbx_exe.004049A8
- 0055BC83 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
- 0055BC86 |. E8 F98CEAFF CALL ssbx_exe.00404984
- 0055BC8B \. C3 RETN
- 0055BC8C .^ E9 9785EAFF JMP ssbx_exe.00404228
- 0055BC91 .^ EB E3 JMP SHORT ssbx_exe.0055BC76
- 0055BC93 . 5E POP ESI
- 0055BC94 . 5B POP EBX
- 0055BC95 . 8BE5 MOV ESP,EBP
- 0055BC97 . 5D POP EBP
- 0055BC98 . C3 RETN
复制代码 ********************************************************************************
【破解总结】
--------------------------------------------------------------------------------
【算法总结】
将确认码转为16进制,平方,与0B25F1作异或运算,转为无符号10进制字符串,将字符串的第1位ASC码16进制与第2位ASC码16进制相加,除5,取余,加34,转字符,将字符串的第3位ASC码16进制与第4位ASC码16进制相加,除5,取余,加32,转字符,将这两个字符连到字符串的后面即为注册码。
--------------------------------------------------------------------------------
【算法注册机】
--------------------------------------------------------------------------------
KeyGen.rek
.const
.data
szHomePage db "https://www.chinapyg.com",0
szEmail db "mailto:[email protected]",0
szErrMess db "没有输入确认码!",0
szFMT db "%u",0
szFMT1 db "%u%u%u",0
szBuffer db 100 dup (0)
a1 dd 0
a2 dd 0
a3 dd 0
a4 dd 0
.code
invoke atodw,eax
mov edi,eax
imul edi,eax
mov eax,edi
mov ebx,eax
xor eax,eax
xor ebx,0B25F1h
mov a4,ebx
invoke wsprintf,addr a1,addr szFMT,ebx
mov eax,a1
movzx eax,byte ptr ds:[a1]
mov edx,a1
movzx edx,byte ptr ds:[a1+1]
add eax,edx
mov ecx,5h
cdq
idiv ecx
add dl,34h
sub dl,30h
mov a2,edx
mov eax,a1
movzx eax,byte ptr ds:[a1+2]
mov edx,a1
movzx edx,byte ptr ds:[a1+3]
add eax,edx
mov ecx,5h
cdq
idiv ecx
add dl,33h
sub dl,30h
mov a3,edx
invoke wsprintf,addr szBuffer,addr szFMT1,a4,a2,a3
lea eax,szBuffer
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[ 本帖最后由 tianxj 于 2008-2-5 08:59 编辑 ] |
|