WinASO Disk Cleaner2.0算法分析

tianxj · 发表于 2008-2-13 20:59:37

【破文作者】tianxj
【作者邮箱】[email protected]
【作者主页】www.chinapyg.com
【破解工具】PEiD,OD
【破解平台】Windows XP
【软件名称】WinASO Disk Cleaner2.0
【原版下载】自己搜索一下
【保护方式】注册码
【软件简介】WinASO Disk Cleaner will find and delete junk files and clear up some space on your hard drive, freeing up valuable space and streamlining your system.
【破解声明】我是一只小菜鸟，偶得一点心得，愿与大家分享：）
初学Crack，只是感兴趣，没有其它目的。失误之处敬请诸位大侠赐教！
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、运行程序，进行注册，输入错误的注册信息进行检测，提示信息
"Sorry,that is an invalid license key.Please ensure you have entered the license key exactly as provided."
**************************************************************
二、用PEiD对这个软件查壳，为 Borland Delphi 6.0 - 7.0
**************************************************************
三、运行OD，打开DiskCleaner，F12暂停，alt+K
调用堆栈：主线程, 条目 14
地址=0012F83C
堆栈=004BD78C
函数过程 / 参数=? <JMP.&user32.MessageBoxA>
调用来自=DiskClea.004BD787
结构=0012F838
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

004BD538 /. 55 PUSH EBP
004BD539 |. 8BEC MOV EBP,ESP
004BD53B |. B9 07000000 MOV ECX,7
004BD540 |> 6A 00 /PUSH 0
004BD542 |. 6A 00 |PUSH 0
004BD544 |. 49 |DEC ECX
004BD545 |.^ 75 F9 \JNZ SHORT DiskClea.004BD540
004BD547 |. 51 PUSH ECX
004BD548 |. 53 PUSH EBX
004BD549 |. 56 PUSH ESI
004BD54A |. 57 PUSH EDI
004BD54B |. 8BF0 MOV ESI,EAX
004BD54D |. 33C0 XOR EAX,EAX
004BD54F |. 55 PUSH EBP
004BD550 |. 68 5AD94B00 PUSH DiskClea.004BD95A
004BD555 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004BD558 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004BD55B |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
004BD55E |. 8B86 8C030000 MOV EAX,DWORD PTR DS:[ESI+38C]
004BD564 |. E8 7B04F9FF CALL DiskClea.0044D9E4 ; //将注册码长度送入EAX
004BD569 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004BD56C |. 50 PUSH EAX ; /Arg1
004BD56D |. 33C9 XOR ECX,ECX ; |
004BD56F |. BA 70D94B00 MOV EDX,DiskClea.004BD970 ; |
004BD574 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |//将注册码送入EAX
004BD577 |. E8 F021F8FF CALL DiskClea.0043F76C ; \DiskClea.0043F76C
004BD57C |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C] ; //将注册码送入EDX
004BD57F |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004BD582 |. E8 8974F4FF CALL DiskClea.00404A10
004BD587 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将注册码送入EAX
004BD58A |. 85C0 TEST EAX,EAX ; //比较EAX
004BD58C |. 74 05 JE SHORT DiskClea.004BD593 ; //若相等则跳
004BD58E |. 83E8 04 SUB EAX,4
004BD591 |. 8B00 MOV EAX,DWORD PTR DS:[EAX] ; //将注册码长度送入EAX
004BD593 |> 83F8 10 CMP EAX,10 ; //将注册码长度与10h比较
004BD596 |. 74 1E JE SHORT DiskClea.004BD5B6 ; //若相等则跳
004BD598 |. 6A 40 PUSH 40
004BD59A |. 68 74D94B00 PUSH DiskClea.004BD974 ; ASCII "WinASO Disk Cleaner"
004BD59F |. 68 88D94B00 PUSH DiskClea.004BD988 ; ASCII "Sorry,that is an invalid license key.Please ensure you have entered the license key exactly as provided."
004BD5A4 |. 8BC6 MOV EAX,ESI
004BD5A6 |. E8 397FF9FF CALL DiskClea.004554E4
004BD5AB |. 50 PUSH EAX ; |hOwner
004BD5AC |. E8 AFA1F4FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004BD5B1 |. E9 89030000 JMP DiskClea.004BD93F
004BD5B6 |> BB 01000000 MOV EBX,1 ; //将1送入EBX
004BD5BB |> 8D45 F8 /LEA EAX,DWORD PTR SS:[EBP-8]
004BD5BE |. 50 |PUSH EAX ; /Arg1
004BD5BF |. B9 01000000 |MOV ECX,1 ; |//将1送入ECX
004BD5C4 |. 8BD3 |MOV EDX,EBX ; |//将EBX送入EDX
004BD5C6 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4] ; |//将注册码送入EAX
004BD5C9 |. E8 7A23F8FF |CALL DiskClea.0043F948 ; \//将注册码ASC码16进制送入ECX
004BD5CE |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004BD5D1 |. BA FCD94B00 |MOV EDX,DiskClea.004BD9FC
004BD5D6 |. E8 AD77F4FF |CALL DiskClea.00404D88 ; //将注册码与'0'比较
004BD5DB |. 0F84 AD000000 |JE DiskClea.004BD68E ; //若相等则跳
004BD5E1 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004BD5E4 |. BA 08DA4B00 |MOV EDX,DiskClea.004BDA08
004BD5E9 |. E8 9A77F4FF |CALL DiskClea.00404D88 ; //将注册码与'1'比较
004BD5EE |. 0F84 9A000000 |JE DiskClea.004BD68E ; //若相等则跳
004BD5F4 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004BD5F7 |. BA 14DA4B00 |MOV EDX,DiskClea.004BDA14
004BD5FC |. E8 8777F4FF |CALL DiskClea.00404D88 ; //将注册码与'2'比较
004BD601 |. 0F84 87000000 |JE DiskClea.004BD68E ; //若相等则跳
004BD607 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004BD60A |. BA 20DA4B00 |MOV EDX,DiskClea.004BDA20
004BD60F |. E8 7477F4FF |CALL DiskClea.00404D88 ; //将注册码与'3'比较
004BD614 |. 74 78 |JE SHORT DiskClea.004BD68E ; //若相等则跳
004BD616 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004BD619 |. BA 2CDA4B00 |MOV EDX,DiskClea.004BDA2C
004BD61E |. E8 6577F4FF |CALL DiskClea.00404D88 ; //将注册码与'4'比较
004BD623 |. 74 69 |JE SHORT DiskClea.004BD68E ; //若相等则跳
004BD625 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004BD628 |. BA 38DA4B00 |MOV EDX,DiskClea.004BDA38
004BD62D |. E8 5677F4FF |CALL DiskClea.00404D88 ; //将注册码与'5'比较
004BD632 |. 74 5A |JE SHORT DiskClea.004BD68E ; //若相等则跳
004BD634 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004BD637 |. BA 44DA4B00 |MOV EDX,DiskClea.004BDA44
004BD63C |. E8 4777F4FF |CALL DiskClea.00404D88 ; //将注册码与'6'比较
004BD641 |. 74 4B |JE SHORT DiskClea.004BD68E ; //若相等则跳
004BD643 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004BD646 |. BA 50DA4B00 |MOV EDX,DiskClea.004BDA50
004BD64B |. E8 3877F4FF |CALL DiskClea.00404D88 ; //将注册码与'7'比较
004BD650 |. 74 3C |JE SHORT DiskClea.004BD68E ; //若相等则跳
004BD652 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004BD655 |. BA 5CDA4B00 |MOV EDX,DiskClea.004BDA5C
004BD65A |. E8 2977F4FF |CALL DiskClea.00404D88 ; //将注册码与'8'比较
004BD65F |. 74 2D |JE SHORT DiskClea.004BD68E ; //若相等则跳
004BD661 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004BD664 |. BA 68DA4B00 |MOV EDX,DiskClea.004BDA68
004BD669 |. E8 1A77F4FF |CALL DiskClea.00404D88 ; //将注册码与'9'比较
004BD66E |. 74 1E |JE SHORT DiskClea.004BD68E ; //若相等则跳
004BD670 |. 6A 40 |PUSH 40
004BD672 |. 68 74D94B00 |PUSH DiskClea.004BD974 ; ASCII "WinASO Disk Cleaner"
004BD677 |. 68 88D94B00 |PUSH DiskClea.004BD988 ; ASCII "Sorry,that is an invalid license key.Please ensure you have entered the license key exactly as provided."
004BD67C |. 8BC6 |MOV EAX,ESI
004BD67E |. E8 617EF9FF |CALL DiskClea.004554E4
004BD683 |. 50 |PUSH EAX ; |hOwner
004BD684 |. E8 D7A0F4FF |CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004BD689 |. E9 B1020000 |JMP DiskClea.004BD93F
004BD68E |> 43 |INC EBX ; //EBX=EBX+1
004BD68F |. 83FB 11 |CMP EBX,11 ; //将EBX与11h比较
004BD692 |.^ 0F85 23FFFFFF \JNZ DiskClea.004BD5BB ; //若不相等则跳,以上为验证注册码是否存在非数字
004BD698 |. 33FF XOR EDI,EDI ; //将EDI清零
004BD69A |. BB 01000000 MOV EBX,1 ; //将1送入EBX
004BD69F |> 8D45 F8 /LEA EAX,DWORD PTR SS:[EBP-8]
004BD6A2 |. 50 |PUSH EAX ; /Arg1
004BD6A3 |. 8BD3 |MOV EDX,EBX ; |//将EBX送入EDX
004BD6A5 |. 03D2 |ADD EDX,EDX ; |//EDX=EDX+EDX
004BD6A7 |. 03D2 |ADD EDX,EDX ; |//EDX=EDX+EDX
004BD6A9 |. 42 |INC EDX ; |//EDX=EDX+1
004BD6AA |. B9 04000000 |MOV ECX,4 ; |//将4送入ECX
004BD6AF |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4] ; |//将注册码送入EAX
004BD6B2 |. E8 9122F8FF |CALL DiskClea.0043F948 ; \//从注册码第5位开始,每4位算1组
004BD6B7 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8] ; //1组4位注册码
004BD6BA |. E8 EDBBF4FF |CALL DiskClea.004092AC ; //4位注册码转为16进制送入EAX
004BD6BF |. 03F8 |ADD EDI,EAX ; //EDI=EDI+EAX
004BD6C1 |. 43 |INC EBX ; //EBX=EBX+1
004BD6C2 |. 83FB 04 |CMP EBX,4 ; //将EBX与4比较
004BD6C5 |.^ 75 D8 \JNZ SHORT DiskClea.004BD69F ; //若不相等则跳
004BD6C7 |. 83FF 32 CMP EDI,32 ; //将EDI即后3组的和与32h比较
004BD6CA |. 7D 1E JGE SHORT DiskClea.004BD6EA ; //若大于等于则跳
004BD6CC |. 6A 40 PUSH 40
004BD6CE |. 68 74D94B00 PUSH DiskClea.004BD974 ; ASCII "WinASO Disk Cleaner"
004BD6D3 |. 68 88D94B00 PUSH DiskClea.004BD988 ; ASCII "Sorry,that is an invalid license key.Please ensure you have entered the license key exactly as provided."
004BD6D8 |. 8BC6 MOV EAX,ESI
004BD6DA |. E8 057EF9FF CALL DiskClea.004554E4
004BD6DF |. 50 PUSH EAX ; |hOwner
004BD6E0 |. E8 7BA0F4FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004BD6E5 |. E9 55020000 JMP DiskClea.004BD93F
004BD6EA |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004BD6ED |. 50 PUSH EAX
004BD6EE |. B9 01000000 MOV ECX,1 ; //将1送入ECX
004BD6F3 |. BA 06000000 MOV EDX,6 ; //将6送入EDX
004BD6F8 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将注册码送入EAX
004BD6FB |. E8 B421F8FF CALL DiskClea.0043F8B4
004BD700 |. FF75 F0 PUSH DWORD PTR SS:[EBP-10]
004BD703 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
004BD706 |. 50 PUSH EAX
004BD707 |. B9 01000000 MOV ECX,1 ; //将1送入ECX
004BD70C |. BA 07000000 MOV EDX,7 ; //将7送入EDX
004BD711 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将注册码送入EAX
004BD714 |. E8 9B21F8FF CALL DiskClea.0043F8B4
004BD719 |. FF75 EC PUSH DWORD PTR SS:[EBP-14]
004BD71C |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
004BD71F |. 50 PUSH EAX
004BD720 |. B9 01000000 MOV ECX,1 ; //将1送入ECX
004BD725 |. BA 05000000 MOV EDX,5 ; //将5送入EDX
004BD72A |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将注册码送入EAX
004BD72D |. E8 8221F8FF CALL DiskClea.0043F8B4
004BD732 |. FF75 E8 PUSH DWORD PTR SS:[EBP-18]
004BD735 |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
004BD738 |. 50 PUSH EAX
004BD739 |. B9 01000000 MOV ECX,1 ; //将1送入ECX
004BD73E |. BA 08000000 MOV EDX,8 ; //将8送入EDX
004BD743 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将注册码送入EAX
004BD746 |. E8 6921F8FF CALL DiskClea.0043F8B4
004BD74B |. FF75 E4 PUSH DWORD PTR SS:[EBP-1C]
004BD74E |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
004BD751 |. BA 04000000 MOV EDX,4 ; //将4送入EDX
004BD756 |. E8 A175F4FF CALL DiskClea.00404CFC ; //将注册码第5-8位重新排序,为第6位第7位第5位第8位
004BD75B |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; //将重新排序的第5-8位送入EAX
004BD75E |. E8 49BBF4FF CALL DiskClea.004092AC ; //将重新排序的第5-8位转为16进制送入EAX
004BD763 |. 8BD8 MOV EBX,EAX ; //将EAX送入EBX
004BD765 |. 8BC3 MOV EAX,EBX ; //将EBX送入EAX
004BD767 |. B9 17000000 MOV ECX,17 ; //将17h送入ECX
004BD76C |. 99 CDQ ; //将EDX清零
004BD76D |. F7F9 IDIV ECX ; //EDX/ECX,商送EAX,余送EDX
004BD76F |. 85D2 TEST EDX,EDX ; //比较EDX
004BD771 |. 74 1E JE SHORT DiskClea.004BD791 ; //若相等则跳,即余数为0
004BD773 |. 6A 40 PUSH 40
004BD775 |. 68 74D94B00 PUSH DiskClea.004BD974 ; ASCII "WinASO Disk Cleaner"
004BD77A |. 68 88D94B00 PUSH DiskClea.004BD988 ; ASCII "Sorry,that is an invalid license key.Please ensure you have entered the license key exactly as provided."
004BD77F |. 8BC6 MOV EAX,ESI
004BD781 |. E8 5E7DF9FF CALL DiskClea.004554E4
004BD786 |. 50 PUSH EAX ; |hOwner
004BD787 |. E8 D49FF4FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004BD78C |. E9 AE010000 JMP DiskClea.004BD93F
004BD791 |> 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
004BD794 |. 50 PUSH EAX
004BD795 |. B9 01000000 MOV ECX,1 ; //将1送入ECX
004BD79A |. BA 0B000000 MOV EDX,0B ; //将0B送入EDX
004BD79F |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将注册码送入EAX
004BD7A2 |. E8 0D21F8FF CALL DiskClea.0043F8B4
004BD7A7 |. FF75 E0 PUSH DWORD PTR SS:[EBP-20]
004BD7AA |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004BD7AD |. 50 PUSH EAX
004BD7AE |. B9 01000000 MOV ECX,1 ; //将1送入ECX
004BD7B3 |. BA 0C000000 MOV EDX,0C
004BD7B8 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BD7BB |. E8 F420F8FF CALL DiskClea.0043F8B4
004BD7C0 |. FF75 DC PUSH DWORD PTR SS:[EBP-24]
004BD7C3 |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
004BD7C6 |. 50 PUSH EAX
004BD7C7 |. B9 01000000 MOV ECX,1 ; //将1送入ECX
004BD7CC |. BA 09000000 MOV EDX,9 ; //将9送入EDX
004BD7D1 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将注册码送入EAX
004BD7D4 |. E8 DB20F8FF CALL DiskClea.0043F8B4
004BD7D9 |. FF75 D8 PUSH DWORD PTR SS:[EBP-28]
004BD7DC |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
004BD7DF |. 50 PUSH EAX
004BD7E0 |. B9 01000000 MOV ECX,1 ; //将1送入ECX
004BD7E5 |. BA 0A000000 MOV EDX,0A ; //将0A送入EDX
004BD7EA |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将注册码送入EAX
004BD7ED |. E8 C220F8FF CALL DiskClea.0043F8B4
004BD7F2 |. FF75 D4 PUSH DWORD PTR SS:[EBP-2C]
004BD7F5 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
004BD7F8 |. BA 04000000 MOV EDX,4 ; //将4送入EDX
004BD7FD |. E8 FA74F4FF CALL DiskClea.00404CFC ; //将注册码第9-12位重新排序,为第11位第12位第9位第10位
004BD802 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; //将重新排序的第9-12位送入EAX
004BD805 |. E8 A2BAF4FF CALL DiskClea.004092AC ; //将重新排序的第9-12位转为16进制送入EAX
004BD80A |. 8BD8 MOV EBX,EAX ; //将EAX送入EBX
004BD80C |. 8BC3 MOV EAX,EBX ; //将EBX送入EAX
004BD80E |. B9 13000000 MOV ECX,13 ; //将13h送入ECX
004BD813 |. 99 CDQ ; //将EDX清零
004BD814 |. F7F9 IDIV ECX ; //EDX/ECX,商送EAX,余送EDX
004BD816 |. 85D2 TEST EDX,EDX ; //比较EDX
004BD818 |. 74 1E JE SHORT DiskClea.004BD838 ; //若相等则跳,即余数为0
004BD81A |. 6A 40 PUSH 40
004BD81C |. 68 74D94B00 PUSH DiskClea.004BD974 ; ASCII "WinASO Disk Cleaner"
004BD821 |. 68 88D94B00 PUSH DiskClea.004BD988 ; ASCII "Sorry,that is an invalid license key.Please ensure you have entered the license key exactly as provided."
004BD826 |. 8BC6 MOV EAX,ESI
004BD828 |. E8 B77CF9FF CALL DiskClea.004554E4
004BD82D |. 50 PUSH EAX ; |hOwner
004BD82E |. E8 2D9FF4FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004BD833 |. E9 07010000 JMP DiskClea.004BD93F
004BD838 |> 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
004BD83B |. 50 PUSH EAX
004BD83C |. B9 01000000 MOV ECX,1 ; //将1送入ECX
004BD841 |. BA 10000000 MOV EDX,10 ; //将10h送入EDX
004BD846 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将注册码送入EAX
004BD849 |. E8 6620F8FF CALL DiskClea.0043F8B4
004BD84E |. FF75 D0 PUSH DWORD PTR SS:[EBP-30]
004BD851 |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
004BD854 |. 50 PUSH EAX
004BD855 |. B9 01000000 MOV ECX,1 ; //将1送入ECX
004BD85A |. BA 0F000000 MOV EDX,0F ; //将0F送入EDX
004BD85F |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将注册码送入EAX
004BD862 |. E8 4D20F8FF CALL DiskClea.0043F8B4
004BD867 |. FF75 CC PUSH DWORD PTR SS:[EBP-34]
004BD86A |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
004BD86D |. 50 PUSH EAX
004BD86E |. B9 01000000 MOV ECX,1 ; //将1送入ECX
004BD873 |. BA 0E000000 MOV EDX,0E ; //将0E送入EDX
004BD878 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将注册码送入EAX
004BD87B |. E8 3420F8FF CALL DiskClea.0043F8B4
004BD880 |. FF75 C8 PUSH DWORD PTR SS:[EBP-38]
004BD883 |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004BD886 |. 50 PUSH EAX
004BD887 |. B9 01000000 MOV ECX,1 ; //将1送入ECX
004BD88C |. BA 0D000000 MOV EDX,0D ; //将0D送入EDX
004BD891 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //将注册码送入EAX
004BD894 |. E8 1B20F8FF CALL DiskClea.0043F8B4
004BD899 |. FF75 C4 PUSH DWORD PTR SS:[EBP-3C]
004BD89C |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
004BD89F |. BA 04000000 MOV EDX,4 ; //将4送入EDX
004BD8A4 |. E8 5374F4FF CALL DiskClea.00404CFC ; //将注册码第13-16位重新排序,为第16位第15位第14位第13位
004BD8A9 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; //将重新排序的第13-16位送入EAX
004BD8AC |. E8 FBB9F4FF CALL DiskClea.004092AC ; //将重新排序的第13-16位转为16进制送入EAX
004BD8B1 |. 8BD8 MOV EBX,EAX ; //将EAX送入EBX
004BD8B3 |. 8BC3 MOV EAX,EBX ; //将EBX送入EAX
004BD8B5 |. B9 1F000000 MOV ECX,1F ; //将1Fh送入ECX
004BD8BA |. 99 CDQ ; //将EDX清零
004BD8BB |. F7F9 IDIV ECX ; //EDX/ECX,商送EAX,余送EDX
004BD8BD |. 85D2 TEST EDX,EDX ; //比较EDX
004BD8BF |. 74 1B JE SHORT DiskClea.004BD8DC ; //若相等则跳,即余数为0
004BD8C1 |. 6A 40 PUSH 40
004BD8C3 |. 68 74D94B00 PUSH DiskClea.004BD974 ; ASCII "WinASO Disk Cleaner"
004BD8C8 |. 68 88D94B00 PUSH DiskClea.004BD988 ; ASCII "Sorry,that is an invalid license key.Please ensure you have entered the license key exactly as provided."
004BD8CD |. 8BC6 MOV EAX,ESI
004BD8CF |. E8 107CF9FF CALL DiskClea.004554E4
004BD8D4 |. 50 PUSH EAX ; |hOwner
004BD8D5 |. E8 869EF4FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004BD8DA |. EB 63 JMP SHORT DiskClea.004BD93F
004BD8DC |> B2 01 MOV DL,1
004BD8DE |. A1 789F4200 MOV EAX,DWORD PTR DS:[429F78]
004BD8E3 |. E8 90C7F6FF CALL DiskClea.0042A078
004BD8E8 |. 8BD8 MOV EBX,EAX
004BD8EA |. BA 02000080 MOV EDX,80000002
004BD8EF |. 8BC3 MOV EAX,EBX
004BD8F1 |. E8 22C8F6FF CALL DiskClea.0042A118
004BD8F6 |. B1 01 MOV CL,1
004BD8F8 |. BA 74DA4B00 MOV EDX,DiskClea.004BDA74 ; ASCII "\SOFTWARE\WinASO\Disk Cleaner"
004BD8FD |. 8BC3 MOV EAX,EBX ; //注册信息保存在"\SOFTWARE\WinASO\Disk Cleaner"
004BD8FF |. E8 78C8F6FF CALL DiskClea.0042A17C
004BD904 |. 84C0 TEST AL,AL
004BD906 |. 74 0F JE SHORT DiskClea.004BD917
004BD908 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004BD90B |. BA 9CDA4B00 MOV EDX,DiskClea.004BDA9C ; ASCII "DiskCln20"
004BD910 |. 8BC3 MOV EAX,EBX
004BD912 |. E8 B9CBF6FF CALL DiskClea.0042A4D0
004BD917 |> A1 54E34C00 MOV EAX,DWORD PTR DS:[4CE354]
004BD91C |. C600 01 MOV BYTE PTR DS:[EAX],1
004BD91F |. 6A 40 PUSH 40
004BD921 |. 68 74D94B00 PUSH DiskClea.004BD974 ; ASCII "WinASO Disk Cleaner"
004BD926 |. 68 A8DA4B00 PUSH DiskClea.004BDAA8 ; ASCII "WinASO Disk Cleaner is activated now. Thank you!. If you experience any problems, please contact us at [email protected]. Enjoy your product!"
004BD92B |. 8BC6 MOV EAX,ESI
004BD92D |. E8 B27BF9FF CALL DiskClea.004554E4
004BD932 |. 50 PUSH EAX ; |hOwner
004BD933 |. E8 289EF4FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004BD938 |. 8BC6 MOV EAX,ESI
004BD93A |. E8 1593FAFF CALL DiskClea.00466C54
004BD93F |> 33C0 XOR EAX,EAX
004BD941 |. 5A POP EDX
004BD942 |. 59 POP ECX
004BD943 |. 59 POP ECX
004BD944 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004BD947 |. 68 61D94B00 PUSH DiskClea.004BD961
004BD94C |> 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004BD94F |. BA 0F000000 MOV EDX,0F
004BD954 |. E8 4370F4FF CALL DiskClea.0040499C
004BD959 \. C3 RETN
004BD95A .^ E9 6169F4FF JMP DiskClea.004042C0
004BD95F .^ EB EB JMP SHORT DiskClea.004BD94C
004BD961 . 5F POP EDI
004BD962 . 5E POP ESI
004BD963 . 5B POP EBX
004BD964 . 8BE5 MOV ESP,EBP
004BD966 . 5D POP EBP
004BD967 . C3 RETN
==============================================================
启动验证
右键—超级字串参考—查找ASCII.查找"\SOFTWARE\WinASO\Disk Cleaner"
共有3处
004B9264 |. BA C0924B00 MOV EDX,DiskClea.004B92C0 ; \software\winaso\disk cleaner
004BD8F8 |. BA 74DA4B00 MOV EDX,DiskClea.004BDA74 ; \software\winaso\disk cleaner
004BDE2E |. BA D0DE4B00 MOV EDX,DiskClea.004BDED0 ; \software\winaso\disk cleaner
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
004B9234 /$ 55 PUSH EBP
004B9235 |. 8BEC MOV EBP,ESP
004B9237 |. 6A 00 PUSH 0
004B9239 |. 53 PUSH EBX
004B923A |. 33C0 XOR EAX,EAX
004B923C |. 55 PUSH EBP
004B923D |. 68 AB924B00 PUSH DiskClea.004B92AB
004B9242 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004B9245 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004B9248 |. B2 01 MOV DL,1
004B924A |. A1 789F4200 MOV EAX,DWORD PTR DS:[429F78]
004B924F |. E8 240EF7FF CALL DiskClea.0042A078
004B9254 |. 8BD8 MOV EBX,EAX
004B9256 |. BA 02000080 MOV EDX,80000002
004B925B |. 8BC3 MOV EAX,EBX
004B925D |. E8 B60EF7FF CALL DiskClea.0042A118
004B9262 |. B1 01 MOV CL,1
004B9264 |. BA C0924B00 MOV EDX,DiskClea.004B92C0 ; \software\winaso\disk cleaner
004B9269 |. 8BC3 MOV EAX,EBX
004B926B |. E8 0C0FF7FF CALL DiskClea.0042A17C
004B9270 |. 84C0 TEST AL,AL
004B9272 |. 74 1F JE SHORT DiskClea.004B9293 ; //关键跳转,改为JNZ
004B9274 |. 8D4D FC LEA ECX,DWORD PTR SS:[EBP-4]
004B9277 |. BA E8924B00 MOV EDX,DiskClea.004B92E8 ; diskcln20
004B927C |. 8BC3 MOV EAX,EBX
004B927E |. E8 7D12F7FF CALL DiskClea.0042A500
004B9283 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004B9286 |. E8 69000000 CALL DiskClea.004B92F4
004B928B |. 84C0 TEST AL,AL
004B928D |. 75 04 JNZ SHORT DiskClea.004B9293
004B928F |. 33DB XOR EBX,EBX
004B9291 |. EB 02 JMP SHORT DiskClea.004B9295
004B9293 |> B3 01 MOV BL,1
004B9295 |> 33C0 XOR EAX,EAX
004B9297 |. 5A POP EDX
004B9298 |. 59 POP ECX
004B9299 |. 59 POP ECX
004B929A |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004B929D |. 68 B2924B00 PUSH DiskClea.004B92B2
004B92A2 |> 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004B92A5 |. E8 CEB6F4FF CALL DiskClea.00404978
004B92AA \. C3 RETN
004B92AB .^ E9 10B0F4FF JMP DiskClea.004042C0
004B92B0 .^ EB F0 JMP SHORT DiskClea.004B92A2
004B92B2 . 8BC3 MOV EAX,EBX
004B92B4 . 5B POP EBX
004B92B5 . 59 POP ECX
004B92B6 . 5D POP EBP
004B92B7 . C3 RETN
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
004BDDF8 /. 55 PUSH EBP
004BDDF9 |. 8BEC MOV EBP,ESP
004BDDFB |. 6A 00 PUSH 0
004BDDFD |. 53 PUSH EBX
004BDDFE |. 56 PUSH ESI
004BDDFF |. 57 PUSH EDI
004BDE00 |. 8BF8 MOV EDI,EAX
004BDE02 |. 33C0 XOR EAX,EAX
004BDE04 |. 55 PUSH EBP
004BDE05 |. 68 B8DE4B00 PUSH DiskClea.004BDEB8
004BDE0A |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004BDE0D |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004BDE10 |. B2 01 MOV DL,1
004BDE12 |. A1 789F4200 MOV EAX,DWORD PTR DS:[429F78]
004BDE17 |. E8 5CC2F6FF CALL DiskClea.0042A078
004BDE1C |. 8BF0 MOV ESI,EAX
004BDE1E |. BA 02000080 MOV EDX,80000002
004BDE23 |. 8BC6 MOV EAX,ESI
004BDE25 |. E8 EEC2F6FF CALL DiskClea.0042A118
004BDE2A |. B3 01 MOV BL,1
004BDE2C |. B1 01 MOV CL,1
004BDE2E |. BA D0DE4B00 MOV EDX,DiskClea.004BDED0 ; \software\winaso\disk cleaner
004BDE33 |. 8BC6 MOV EAX,ESI
004BDE35 |. E8 42C3F6FF CALL DiskClea.0042A17C
004BDE3A |. 84C0 TEST AL,AL
004BDE3C |. 74 1B JE SHORT DiskClea.004BDE59 ; //关键跳转,改为JNZ
004BDE3E |. 8D4D FC LEA ECX,DWORD PTR SS:[EBP-4]
004BDE41 |. BA F8DE4B00 MOV EDX,DiskClea.004BDEF8 ; diskcln20
004BDE46 |. 8BC6 MOV EAX,ESI
004BDE48 |. E8 B3C6F6FF CALL DiskClea.0042A500
004BDE4D |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BDE50 |. E8 9FB4FFFF CALL DiskClea.004B92F4
004BDE55 |. 84C0 TEST AL,AL
004BDE57 |. 74 49 JE SHORT DiskClea.004BDEA2
004BDE59 |> 80FB 01 CMP BL,1
004BDE5C |. 75 2A JNZ SHORT DiskClea.004BDE88
004BDE5E |. 33D2 XOR EDX,EDX
004BDE60 |. 8B87 74030000 MOV EAX,DWORD PTR DS:[EDI+374]
004BDE66 |. E8 99FAF8FF CALL DiskClea.0044D904
004BDE6B |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004BDE6E |. 8B87 8C030000 MOV EAX,DWORD PTR DS:[EDI+38C]
004BDE74 |. E8 9BFBF8FF CALL DiskClea.0044DA14
004BDE79 |. B2 01 MOV DL,1
004BDE7B |. 8B87 80030000 MOV EAX,DWORD PTR DS:[EDI+380]
004BDE81 |. E8 7EFAF8FF CALL DiskClea.0044D904
004BDE86 |. EB 1A JMP SHORT DiskClea.004BDEA2
004BDE88 |> B2 01 MOV DL,1
004BDE8A |. 8B87 74030000 MOV EAX,DWORD PTR DS:[EDI+374]
004BDE90 |. E8 6FFAF8FF CALL DiskClea.0044D904
004BDE95 |. 33D2 XOR EDX,EDX
004BDE97 |. 8B87 80030000 MOV EAX,DWORD PTR DS:[EDI+380]
004BDE9D |. E8 62FAF8FF CALL DiskClea.0044D904
004BDEA2 |> 33C0 XOR EAX,EAX
004BDEA4 |. 5A POP EDX
004BDEA5 |. 59 POP ECX
004BDEA6 |. 59 POP ECX
004BDEA7 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004BDEAA |. 68 BFDE4B00 PUSH DiskClea.004BDEBF
004BDEAF |> 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004BDEB2 |. E8 C16AF4FF CALL DiskClea.00404978
004BDEB7 \. C3 RETN
004BDEB8 .^ E9 0364F4FF JMP DiskClea.004042C0
004BDEBD .^ EB F0 JMP SHORT DiskClea.004BDEAF
004BDEBF . 5F POP EDI
004BDEC0 . 5E POP ESI
004BDEC1 . 5B POP EBX
004BDEC2 . 59 POP ECX
004BDEC3 . 5D POP EBP
004BDEC4 . C3 RETN

复制代码

**************************************************************
【破解总结】
--------------------------------------------------------------
【算法总结】
注册码长度为16，只能为0-9的数字，除此之外还得满足以下条件
将注册码每4个数字为一组，分为四组
(1)后3组的16进制的和大于等于32h
(2)第2组:注册码第5-8位重新排序,为第6位第7位第5位第8位，重新排序数字的16进制必须是17h的倍数
(3)第3组:注册码第9-12位重新排序,为第11位第12位第9位第10位，重新排序数字的16进制必须是13h的倍数
(4)第4组:将注册码第13-16位重新排序,为第16位第15位第14位第13位，重新排序数字的16进制必须是1Fh的倍数
--------------------------------------------------------------
【算法注册机】
(略)
--------------------------------------------------------------
【爆破地址】
004B9272  |.  74 1F       JE SHORT DiskClea.004B9293             ;  //关键跳转,改为JNZ
004BDE3C  |.  74 1B       JE SHORT DiskClea.004BDE59             ;  //关键跳转,改为JNZ
--------------------------------------------------------------
【注册信息】
注册码：1234011412098841
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及所有帮助过我的论坛兄弟姐妹们！谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记，兴趣是成功的源泉；本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!

[ 本帖最后由 tianxj 于 2008-2-13 22:42 编辑 ]

ZHOU2X · 发表于 2008-2-13 21:54:25

/:good 感谢楼主分享！学习！支持！！！
好事，贴个易语言注册机源码/:017

.版本 2
.局部变量 sntmp1, 整数型
.局部变量 sntmp2, 整数型
.局部变量 sntmp3, 整数型
.局部变量 sntmp4, 整数型
.局部变量 sn2, 整数型
.局部变量 sn3, 整数型
.局部变量 sn4, 整数型
置随机数种子 ()
sntmp1 ＝取随机数 (0, 9)
sntmp2 ＝取随机数 (0, 9)
sntmp3 ＝取随机数 (0, 9)
sntmp4 ＝取随机数 (0, 9)
sn2 ＝到数值 (到文本 (sntmp1) ＋到文本 (sntmp2) ＋到文本 (sntmp3) ＋到文本 (sntmp4))
.判断循环首 (sn2 ％ 23 ≠ 0)
sntmp1 ＝取随机数 (0, 9)
sntmp2 ＝取随机数 (0, 9)
sntmp3 ＝取随机数 (0, 9)
sntmp4 ＝取随机数 (0, 9)
sn2 ＝到数值 (到文本 (sntmp1) ＋到文本 (sntmp2) ＋到文本 (sntmp3) ＋到文本 (sntmp4))
.判断循环尾 ()
sn2 ＝到数值 (到文本 (sntmp3) ＋到文本 (sntmp1) ＋到文本 (sntmp2) ＋到文本 (sntmp4))
sn3 ＝到数值 (到文本 (sntmp1) ＋到文本 (sntmp2) ＋到文本 (sntmp3) ＋到文本 (sntmp4))
.判断循环首 (sn3 ％ 19 ≠ 0)
sntmp1 ＝取随机数 (0, 9)
sntmp2 ＝取随机数 (0, 9)
sntmp3 ＝取随机数 (0, 9)
sntmp4 ＝取随机数 (0, 9)
sn3 ＝到数值 (到文本 (sntmp1) ＋到文本 (sntmp2) ＋到文本 (sntmp3) ＋到文本 (sntmp4))
.判断循环尾 ()
sn3 ＝到数值 (到文本 (sntmp3) ＋到文本 (sntmp4) ＋到文本 (sntmp1) ＋到文本 (sntmp2))
sn4 ＝到数值 (到文本 (sntmp1) ＋到文本 (sntmp2) ＋到文本 (sntmp3) ＋到文本 (sntmp4))
.判断循环首 (sn4 ％ 31 ≠ 0)
sntmp1 ＝取随机数 (0, 9)
sntmp2 ＝取随机数 (0, 9)
' 为防止出现极端取随机数，都是“000000000000”
' 可以改为sntmp2 ＝取随机数 (5, 9)
' 不过这样的情况几乎是不可能的
sntmp3 ＝取随机数 (0, 9)
sntmp4 ＝取随机数 (0, 9)
sn4 ＝到数值 (到文本 (sntmp1) ＋到文本 (sntmp2) ＋到文本 (sntmp3) ＋到文本 (sntmp4))
.判断循环尾 ()
sn4 ＝到数值 (到文本 (sntmp4) ＋到文本 (sntmp3) ＋到文本 (sntmp2) ＋到文本 (sntmp1))
编辑框1.内容＝到文本 (取随机数 (1000, 9999)) ＋到文本 (sn2) ＋到文本 (sn3) ＋到文本 (sn4)
' 注册码长度为16，只能为0-9的数字，除此之外还得满足以下条件
' 将注册码每4个数字为一组，分为四组
' (1)后3组的16进制的和大于等于32h
' (2)第2组:注册码第5-8位重新排序,为第6位第7位第5位第8位，重新排序数字的16进制必须是17h的倍数
' (3)第3组:注册码第9-11位重新排序,为第11位第12位第9位第10位，重新排序数字的16进制必须是13h的倍数
' (4)第4组:将注册码第12-16位重新排序,为第16位第15位第14位第13位，重新排序数字的16进制必须是1Fh的倍数

复制代码

[ 本帖最后由 ZHOU2X 于 2008-2-13 22:53 编辑 ]

backboy · 发表于 2008-2-16 12:20:37

好教材,谢谢楼上两位!

etiger666 · 发表于 2008-2-17 08:56:51

谢谢楼主，真的很好，下了个收藏！！！！！！！！

wxq · 发表于 2008-3-4 17:08:42

http://www.winaso.com/
下载地址/:017

		自动登录	找回密码
密码			加入我们

[原创] WinASO Disk Cleaner2.0算法分析

相关帖子