- UID
- 5592
注册时间2005-12-21
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 慵懒
2019-1-18 17:27 |
|---|
签到天数: 30 天 [LV.5]常住居民I
|
【文章标题】: 家家乐电子相册制作系统 2006.3简单算法分析
【文章作者】: lzq1973[PYG][CZG]
【作者邮箱】: [email protected]
【作者QQ号】: 150787972
【软件名称】: 家家乐电子相册制作系统 2006.3
【软件大小】: 6132KB
【下载地址】: http://www.onlinedown.net/soft/48127.htm
【加壳方式】: 无
【保护方式】: SN
【编写语言】: Borland Delphi 6.0 - 7.0
【使用工具】: OD、PEID
【操作平台】: WIN2000
【软件介绍】: 本系统帮助您管理您的图片、相片,有150种图片切换显示方式,并生成完整的电子相册或VCD、SVCD、DVD格式的视频文件,方便刻录到光盘。在光盘中即可直接播放。
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
OD载入,查找相关字串断在这里
004DAD8C /. 55 PUSH EBP
004DAD8D |. 8BEC MOV EBP,ESP
004DAD8F |. B9 04000000 MOV ECX,4
004DAD94 |> 6A 00 /PUSH 0
004DAD96 |. 6A 00 |PUSH 0
004DAD98 |. 49 |DEC ECX
004DAD99 |.^ 75 F9 \JNZ SHORT PicAlbum.004DAD94
004DAD9B |. 51 PUSH ECX
004DAD9C |. 53 PUSH EBX
004DAD9D |. 56 PUSH ESI
004DAD9E |. 8BD8 MOV EBX,EAX
004DADA0 |. 33C0 XOR EAX,EAX
004DADA2 |. 55 PUSH EBP
004DADA3 |. 68 A0AF4D00 PUSH PicAlbum.004DAFA0
004DADA8 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004DADAB |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004DADAE |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004DADB1 |. 50 PUSH EAX
004DADB2 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
004DADB5 |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
004DADBB |. E8 BCF5F6FF CALL PicAlbum.0044A37C
004DADC0 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 假码
004DADC3 |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
004DADC6 |. E8 15E2F2FF CALL PicAlbum.00408FE0
004DADCB |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 假码
004DADCE |. 50 PUSH EAX
004DADCF |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
004DADD2 |. 8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
004DADD8 |. E8 9FF5F6FF CALL PicAlbum.0044A37C
004DADDD |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; 用户名
004DADE0 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004DADE3 |. E8 F8E1F2FF CALL PicAlbum.00408FE0
004DADE8 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; 用户名
004DADEB |. A1 8CC34E00 MOV EAX,DWORD PTR DS:[4EC38C]
004DADF0 |. 8B00 MOV EAX,DWORD PTR DS:[EAX] ; (ASCII "PicAlbum")
004DADF2 |. 59 POP ECX
004DADF3 |. E8 880CFEFF CALL PicAlbum.004BBA80 ; 注册算法关键
004DADF8 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; (ASCII "NONE")
004DADFB |. A1 E4C44E00 MOV EAX,DWORD PTR DS:[4EC4E4]
004DAE00 |. E8 CF9BF2FF CALL PicAlbum.004049D4
004DAE05 |. A1 E4C44E00 MOV EAX,DWORD PTR DS:[4EC4E4]
004DAE0A |. 8B00 MOV EAX,DWORD PTR DS:[EAX] ; (ASCII "NONE")
004DAE0C |. BA B8AF4D00 MOV EDX,PicAlbum.004DAFB8 ; ok
004DAE11 |. E8 669FF2FF CALL PicAlbum.00404D7C
004DAE16 0F85 19010000 JNZ PicAlbum.004DAF35
004DAE1C |. 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
004DAE1F |. 8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
004DAE25 |. E8 52F5F6FF CALL PicAlbum.0044A37C
004DAE2A |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C] ; 用户名
004DAE2D |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
004DAE30 |. E8 ABE1F2FF CALL PicAlbum.00408FE0
004DAE35 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
004DAE38 |. A1 A8C44E00 MOV EAX,DWORD PTR DS:[4EC4A8]
004DAE3D |. E8 929BF2FF CALL PicAlbum.004049D4
004DAE42 |. 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
004DAE45 |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
004DAE4B |. E8 2CF5F6FF CALL PicAlbum.0044A37C
004DAE50 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] ; 假码
004DAE53 |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
004DAE56 |. E8 85E1F2FF CALL PicAlbum.00408FE0
004DAE5B |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20]
004DAE5E |. A1 D8C54E00 MOV EAX,DWORD PTR DS:[4EC5D8]
004DAE63 |. E8 6C9BF2FF CALL PicAlbum.004049D4
004DAE68 |. B2 01 MOV DL,1
004DAE6A |. A1 50054700 MOV EAX,DWORD PTR DS:[470550]
004DAE6F |. E8 DC57F9FF CALL PicAlbum.00470650
004DAE74 |. 8BF0 MOV ESI,EAX
004DAE76 |. BA 02000080 MOV EDX,80000002
004DAE7B |. 8BC6 MOV EAX,ESI
004DAE7D |. E8 6E58F9FF CALL PicAlbum.004706F0
004DAE82 |. BA C4AF4D00 MOV EDX,PicAlbum.004DAFC4 ; software\hwafullsoft\picalbum
004DAE87 |. 8BC6 MOV EAX,ESI
004DAE89 |. E8 565DF9FF CALL PicAlbum.00470BE4
004DAE8E |. 84C0 TEST AL,AL
004DAE90 |. 75 0C JNZ SHORT PicAlbum.004DAE9E
004DAE92 |. BA C4AF4D00 MOV EDX,PicAlbum.004DAFC4 ; software\hwafullsoft\picalbum
004DAE97 |. 8BC6 MOV EAX,ESI
004DAE99 |. E8 B658F9FF CALL PicAlbum.00470754
004DAE9E |> B1 01 MOV CL,1
004DAEA0 |. BA C4AF4D00 MOV EDX,PicAlbum.004DAFC4 ; software\hwafullsoft\picalbum
004DAEA5 |. 8BC6 MOV EAX,ESI
004DAEA7 |. E8 8459F9FF CALL PicAlbum.00470830
004DAEAC |. 84C0 TEST AL,AL
004DAEAE |. 74 31 JE SHORT PicAlbum.004DAEE1
004DAEB0 |. 8B0D A8C44E00 MOV ECX,DWORD PTR DS:[4EC4A8] ; PicAlbum.0053D004
004DAEB6 |. 8B09 MOV ECX,DWORD PTR DS:[ECX]
004DAEB8 |. BA ECAF4D00 MOV EDX,PicAlbum.004DAFEC ; reg_name
004DAEBD |. 8BC6 MOV EAX,ESI
004DAEBF |. E8 085BF9FF CALL PicAlbum.004709CC
004DAEC4 |. 8B0D D8C54E00 MOV ECX,DWORD PTR DS:[4EC5D8] ; PicAlbum.0053D008
004DAECA |. 8B09 MOV ECX,DWORD PTR DS:[ECX]
004DAECC |. BA 00B04D00 MOV EDX,PicAlbum.004DB000 ; reg_no
004DAED1 |. 8BC6 MOV EAX,ESI
004DAED3 |. E8 F45AF9FF CALL PicAlbum.004709CC
004DAED8 |. 8BC6 MOV EAX,ESI
004DAEDA |. E8 E157F9FF CALL PicAlbum.004706C0
004DAEDF |. EB 2A JMP SHORT PicAlbum.004DAF0B
004DAEE1 |> B2 01 MOV DL,1
004DAEE3 |. 8BC6 MOV EAX,ESI
004DAEE5 |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004DAEE7 |. FF51 FC CALL DWORD PTR DS:[ECX-4]
004DAEEA |. 6A 40 PUSH 40
004DAEEC |. B9 08B04D00 MOV ECX,PicAlbum.004DB008 ; 提示信息
004DAEF1 |. BA 14B04D00 MOV EDX,PicAlbum.004DB014 ; 写注册表出错,请检查此用户是否可以写注册表!
004DAEF6 |. A1 C0C44E00 MOV EAX,DWORD PTR DS:[4EC4C0]
004DAEFB |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004DAEFD |. E8 02F7F8FF CALL PicAlbum.0046A604
004DAF02 |. 8BC3 MOV EAX,EBX
004DAF04 |. E8 BFBEF8FF CALL PicAlbum.00466DC8
004DAF09 |. EB 42 JMP SHORT PicAlbum.004DAF4D
004DAF0B |> B2 01 MOV DL,1
004DAF0D |. 8BC6 MOV EAX,ESI
004DAF0F |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004DAF11 |. FF51 FC CALL DWORD PTR DS:[ECX-4]
004DAF14 |. 6A 40 PUSH 40
004DAF16 |. B9 08B04D00 MOV ECX,PicAlbum.004DB008 ; 提示信息
004DAF1B |. BA 44B04D00 MOV EDX,PicAlbum.004DB044 ; 您注册成功,欢迎使用!
004DAF20 |. A1 C0C44E00 MOV EAX,DWORD PTR DS:[4EC4C0]
004DAF25 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004DAF27 |. E8 D8F6F8FF CALL PicAlbum.0046A604
004DAF2C |. 8BC3 MOV EAX,EBX
004DAF2E |. E8 95BEF8FF CALL PicAlbum.00466DC8
004DAF33 |. EB 18 JMP SHORT PicAlbum.004DAF4D
004DAF35 |> 6A 40 PUSH 40
004DAF37 |. B9 08B04D00 MOV ECX,PicAlbum.004DB008 ; 提示信息
004DAF3C |. BA 5CB04D00 MOV EDX,PicAlbum.004DB05C ; 您输入的数据有错,请重新注册!
004DAF41 |. A1 C0C44E00 MOV EAX,DWORD PTR DS:[4EC4C0]
004DAF46 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004DAF48 |. E8 B7F6F8FF CALL PicAlbum.0046A604
004DAF4D |> 33C0 XOR EAX,EAX
004DAF4F |. 5A POP EDX
004DAF50 |. 59 POP ECX
004DAF51 |. 59 POP ECX
004DAF52 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004DAF55 |. 68 A7AF4D00 PUSH PicAlbum.004DAFA7
004DAF5A |> 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004DAF5D |. E8 1E9AF2FF CALL PicAlbum.00404980
004DAF62 |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
004DAF65 |. E8 169AF2FF CALL PicAlbum.00404980
004DAF6A |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
004DAF6D |. E8 0E9AF2FF CALL PicAlbum.00404980
004DAF72 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
004DAF75 |. E8 069AF2FF CALL PicAlbum.00404980
004DAF7A |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
004DAF7D |. E8 FE99F2FF CALL PicAlbum.00404980
004DAF82 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004DAF85 |. E8 F699F2FF CALL PicAlbum.00404980
004DAF8A |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004DAF8D |. E8 EE99F2FF CALL PicAlbum.00404980
004DAF92 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
004DAF95 |. BA 02000000 MOV EDX,2
004DAF9A |. E8 059AF2FF CALL PicAlbum.004049A4
004DAF9F \. C3 RETN
004DAFA0 .^ E9 7F93F2FF JMP PicAlbum.00404324
004DAFA5 .^ EB B3 JMP SHORT PicAlbum.004DAF5A
004DAFA7 . 5E POP ESI
004DAFA8 . 5B POP EBX
004DAFA9 . 8BE5 MOV ESP,EBP
004DAFAB . 5D POP EBP
004DAFAC . C3 RETN
-----004DADF3 |. E8 880CFEFF CALL PicAlbum.004BBA80 这里跟进-----
004BBA80 /$ 55 PUSH EBP
004BBA81 |. 8BEC MOV EBP,ESP
004BBA83 |. 81C4 7CFFFFFF ADD ESP,-84
004BBA89 |. 53 PUSH EBX
004BBA8A |. 56 PUSH ESI
004BBA8B |. 57 PUSH EDI
004BBA8C |. 33DB XOR EBX,EBX
004BBA8E |. 899D 7CFFFFFF MOV DWORD PTR SS:[EBP-84],EBX
004BBA94 |. 895D 80 MOV DWORD PTR SS:[EBP-80],EBX
004BBA97 |. 895D 84 MOV DWORD PTR SS:[EBP-7C],EBX
004BBA9A |. 895D 88 MOV DWORD PTR SS:[EBP-78],EBX
004BBA9D |. 895D 8C MOV DWORD PTR SS:[EBP-74],EBX
004BBAA0 |. 895D 90 MOV DWORD PTR SS:[EBP-70],EBX
004BBAA3 |. 895D F0 MOV DWORD PTR SS:[EBP-10],EBX
004BBAA6 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
004BBAA9 |. 8955 F8 MOV DWORD PTR SS:[EBP-8],EDX
004BBAAC |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004BBAAF |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BBAB2 |. E8 6993F4FF CALL PicAlbum.00404E20
004BBAB7 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004BBABA |. E8 6193F4FF CALL PicAlbum.00404E20
004BBABF |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 假码
004BBAC2 |. E8 5993F4FF CALL PicAlbum.00404E20
004BBAC7 |. 33C0 XOR EAX,EAX
004BBAC9 |. 55 PUSH EBP
004BBACA |. 68 9EBD4B00 PUSH PicAlbum.004BBD9E
004BBACF |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004BBAD2 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004BBAD5 |. 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
004BBAD8 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 假码
004BBADB |. E8 00D5F4FF CALL PicAlbum.00408FE0
004BBAE0 |. 8B55 90 MOV EDX,DWORD PTR SS:[EBP-70] ; 假码
004BBAE3 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004BBAE6 |. E8 2D8FF4FF CALL PicAlbum.00404A18
004BBAEB |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 假码
004BBAEE |. E8 4591F4FF CALL PicAlbum.00404C38
004BBAF3 |. 83F8 13 CMP EAX,13 ; 注册码长度为19
004BBAF6 |. 74 12 JE SHORT PicAlbum.004BBB0A ; 是19就跳,否则完玩
004BBAF8 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004BBAFB |. BA B8BD4B00 MOV EDX,PicAlbum.004BBDB8 ; none
004BBB00 |. E8 CF8EF4FF CALL PicAlbum.004049D4
004BBB05 |. E9 69020000 JMP PicAlbum.004BBD73
004BBB0A |> 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004BBB0D |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 用户名
004BBB10 |. E8 CBD4F4FF CALL PicAlbum.00408FE0
004BBB15 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004BBB18 |. E8 1B91F4FF CALL PicAlbum.00404C38
004BBB1D |. 8BF8 MOV EDI,EAX
004BBB1F |. 83FF 01 CMP EDI,1
004BBB22 |. 7D 12 JGE SHORT PicAlbum.004BBB36
004BBB24 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004BBB27 |. BA B8BD4B00 MOV EDX,PicAlbum.004BBDB8 ; none
004BBB2C |. E8 A38EF4FF CALL PicAlbum.004049D4
004BBB31 |. E9 3D020000 JMP PicAlbum.004BBD73
004BBB36 |> 83FF 10 CMP EDI,10 ; 比较用户名长度(就为16)
004BBB39 |. 7D 25 JGE SHORT PicAlbum.004BBB60 ; 小于16就不跳
004BBB3B |> 8D55 8C /LEA EDX,DWORD PTR SS:[EBP-74]
004BBB3E |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8] ; 用户名
004BBB41 |. E8 9AD4F4FF |CALL PicAlbum.00408FE0
004BBB46 |. 8B55 8C |MOV EDX,DWORD PTR SS:[EBP-74] ; 复制用户名
004BBB49 |. 8D45 F0 |LEA EAX,DWORD PTR SS:[EBP-10]
004BBB4C |. E8 EF90F4FF |CALL PicAlbum.00404C40
004BBB51 |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10] ; 进行连接
004BBB54 |. E8 DF90F4FF |CALL PicAlbum.00404C38
004BBB59 |. 8BF8 |MOV EDI,EAX
004BBB5B |. 83FF 10 |CMP EDI,10 ; 长度不是16就继续
004BBB5E |.^ 7C DB \JL SHORT PicAlbum.004BBB3B
004BBB60 |> C645 97 50 MOV BYTE PTR SS:[EBP-69],50 ; 堆栈 SS:[0012F00F]=00
004BBB64 |. C645 98 39 MOV BYTE PTR SS:[EBP-68],39 ; 堆栈 SS:[0012F010]=84
004BBB68 |. C645 99 43 MOV BYTE PTR SS:[EBP-67],43 ; 堆栈 SS:[0012F011]=F0
004BBB6C |. C645 9A 38 MOV BYTE PTR SS:[EBP-66],38 ; 堆栈 SS:[0012F012]=12
004BBB70 |. C645 9B 55 MOV BYTE PTR SS:[EBP-65],55 ; 堆栈 SS:[0012F013]=00
004BBB74 |. C645 9C 37 MOV BYTE PTR SS:[EBP-64],37 ; 堆栈 SS:[0012F014]=74 ('t')
004BBB78 |. C645 9D 45 MOV BYTE PTR SS:[EBP-63],45 ; 堆栈 SS:[0012F015]=23 ('#')
004BBB7C |. C645 9E 36 MOV BYTE PTR SS:[EBP-62],36 ; 堆栈 SS:[0012F016]=40 ('@')
004BBB80 |. C645 9F 48 MOV BYTE PTR SS:[EBP-61],48 ; 堆栈 SS:[0012F017]=00
004BBB84 |. C645 A0 35 MOV BYTE PTR SS:[EBP-60],35 ; 堆栈 SS:[0012F018]=30 ('0')
004BBB88 |. C645 A1 55 MOV BYTE PTR SS:[EBP-5F],55 ; 堆栈 SS:[0012F019]=F0
004BBB8C |. C645 A2 34 MOV BYTE PTR SS:[EBP-5E],34 ; 堆栈 SS:[0012F01A]=12
004BBB90 |. C645 A3 49 MOV BYTE PTR SS:[EBP-5D],49 ; 堆栈 SS:[0012F01B]=00
004BBB94 |. C645 A4 33 MOV BYTE PTR SS:[EBP-5C],33 ; 堆栈 SS:[0012F01C]=07
004BBB98 |. C645 A5 47 MOV BYTE PTR SS:[EBP-5B],47 ; 堆栈 SS:[0012F01D]=00
004BBB9C |. C645 A6 32 MOV BYTE PTR SS:[EBP-5A],32 ; 堆栈 SS:[0012F01E]=00
004BBBA0 |. 33DB XOR EBX,EBX
004BBBA2 |. 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
004BBBA5 |> 69D3 89000000 /IMUL EDX,EBX,89 ; 整数乘法EDX=10*89[这里为16进制]
004BBBAB |. 8910 |MOV DWORD PTR DS:[EAX],EDX
004BBBAD |. 43 |INC EBX
004BBBAE |. 83C0 04 |ADD EAX,4
004BBBB1 |. 83FB 10 |CMP EBX,10
004BBBB4 |.^ 75 EF \JNZ SHORT PicAlbum.004BBBA5
004BBBB6 |. 33F6 XOR ESI,ESI
004BBBB8 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; (ASCII "PicAlbum")
004BBBBB |. E8 7890F4FF CALL PicAlbum.00404C38
004BBBC0 |. 85C0 TEST EAX,EAX ; 长度是否为8
004BBBC2 |. 7E 13 JLE SHORT PicAlbum.004BBBD7 ; 不为8不跳
004BBBC4 |. BB 01000000 MOV EBX,1
004BBBC9 |> 8B55 FC /MOV EDX,DWORD PTR SS:[EBP-4] ; (ASCII "PicAlbum")
004BBBCC |. 0FB6541A FF |MOVZX EDX,BYTE PTR DS:[EDX+EBX-1] ; 逐位取
004BBBD1 |. 03F2 |ADD ESI,EDX ; 各字符16进制逐位相加[最后 ESI=30D,这应是常数]
004BBBD3 |. 43 |INC EBX
004BBBD4 |. 48 |DEC EAX
004BBBD5 |.^ 75 F2 \JNZ SHORT PicAlbum.004BBBC9
004BBBD7 |> 8BC7 MOV EAX,EDI
004BBBD9 |. 85C0 TEST EAX,EAX
004BBBDB |. 7E 13 JLE SHORT PicAlbum.004BBBF0
004BBBDD |. BB 01000000 MOV EBX,1
004BBBE2 |> 8B55 F0 /MOV EDX,DWORD PTR SS:[EBP-10] ; 拼接后的用户名
004BBBE5 |. 0FB6541A FF |MOVZX EDX,BYTE PTR DS:[EDX+EBX-1]
004BBBEA |. 03F2 |ADD ESI,EDX ; ESI=ESI+EDX [ESI初始值为30D,EDX为用户名各字符的16进制],我这里最后计算得98E
004BBBEC |. 43 |INC EBX ; 取哪一位
004BBBED |. 48 |DEC EAX ; 拼接后的用户名长度递减
004BBBEE |.^ 75 F2 \JNZ SHORT PicAlbum.004BBBE2
004BBBF0 |> 8BC7 MOV EAX,EDI
004BBBF2 |. 48 DEC EAX ; 用户长度-1
004BBBF3 |. 85C0 TEST EAX,EAX
004BBBF5 |. 7C 40 JL SHORT PicAlbum.004BBC37
004BBBF7 |. 40 INC EAX ; +1
004BBBF8 |. 33DB XOR EBX,EBX
004BBBFA |> 8B55 F0 /MOV EDX,DWORD PTR SS:[EBP-10] ; 拼接后的用户名(ASCII "lzq1973lzq1973lzq1973")
004BBBFD |. 8A141A |MOV DL,BYTE PTR DS:[EDX+EBX] ; 逐位取
004BBC00 |. 81E2 FF000000 |AND EDX,0FF ; 与运算
004BBC06 |. 8BCB |MOV ECX,EBX
004BBC08 |. 81E1 0F000080 |AND ECX,8000000F ; 与运算
004BBC0E |. 79 05 |JNS SHORT PicAlbum.004BBC15
004BBC10 |. 49 |DEC ECX
004BBC11 |. 83C9 F0 |OR ECX,FFFFFFF0
004BBC14 |. 41 |INC ECX
004BBC15 |> 0FB64C0D 97 |MOVZX ECX,BYTE PTR SS:[EBP+ECX-69]
004BBC1A |. 0FAFD1 |IMUL EDX,ECX ; 整数乘法(拼接后的各字符16进制与其对应的50、39、43、38、55、37、45、36、48、35、55、34、49、33、47、32)
004BBC1D |. 0FAFD6 |IMUL EDX,ESI ; EDX=EDX*98E
004BBC20 |. 8BCB |MOV ECX,EBX
004BBC22 |. 81E1 0F000080 |AND ECX,8000000F
004BBC28 |. 79 05 |JNS SHORT PicAlbum.004BBC2F
004BBC2A |. 49 |DEC ECX
004BBC2B |. 83C9 F0 |OR ECX,FFFFFFF0
004BBC2E |. 41 |INC ECX
004BBC2F |> 01548D AC |ADD DWORD PTR SS:[EBP+ECX*4-54],EDX
004BBC33 |. 43 |INC EBX
004BBC34 |. 48 |DEC EAX
004BBC35 |.^ 75 C3 \JNZ SHORT PicAlbum.004BBBFA
004BBC37 |> BB 10000000 MOV EBX,10
004BBC3C |. 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
004BBC3F |. 8D75 97 LEA ESI,DWORD PTR SS:[EBP-69] ; 这应是常量(ASCII "P9C8U7E6H5U4I3G2")
004BBC42 |> 8B01 /MOV EAX,DWORD PTR DS:[ECX]
004BBC44 |. BF FF010000 |MOV EDI,1FF
004BBC49 |. 99 |CDQ ; 双字扩展
004BBC4A |. F7FF |IDIV EDI ; 整数除法
004BBC4C |. 6BC2 35 |IMUL EAX,EDX,35 ; EAX=174*35
004BBC4F |. 6BC0 59 |IMUL EAX,EAX,59 ; EAX=EAX*59
004BBC52 |. BF 25000000 |MOV EDI,25 ; EDI=25
004BBC57 |. 99 |CDQ
004BBC58 |. F7FF |IDIV EDI ; EDI/25
004BBC5A |. 8BFA |MOV EDI,EDX
004BBC5C |. 8939 |MOV DWORD PTR DS:[ECX],EDI
004BBC5E |. 83FF 24 |CMP EDI,24
004BBC61 |. 75 06 |JNZ SHORT PicAlbum.004BBC69
004BBC63 |. C701 12000000 |MOV DWORD PTR DS:[ECX],12 ; 第一次赋12
004BBC69 |> 8B01 |MOV EAX,DWORD PTR DS:[ECX]
004BBC6B |. 83F8 0A |CMP EAX,0A
004BBC6E |. 7D 07 |JGE SHORT PicAlbum.004BBC77 ; 大于10就跳
004BBC70 |. 83C0 30 |ADD EAX,30
004BBC73 |. 8806 |MOV BYTE PTR DS:[ESI],AL
004BBC75 |. EB 08 |JMP SHORT PicAlbum.004BBC7F
004BBC77 |> 83C0 41 |ADD EAX,41 ; EAX=EAX+41
004BBC7A |. 83E8 0A |SUB EAX,0A ; EAX=EAX-0A
004BBC7D |. 8806 |MOV BYTE PTR DS:[ESI],AL ; 对应的注册码字符
004BBC7F |> 46 |INC ESI
004BBC80 |. 83C1 04 |ADD ECX,4
004BBC83 |. 4B |DEC EBX
004BBC84 |.^ 75 BC \JNZ SHORT PicAlbum.004BBC42
004BBC86 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004BBC89 |. E8 F28CF4FF CALL PicAlbum.00404980
004BBC8E |. BB 04000000 MOV EBX,4 ; 取4位
004BBC93 |. 8D75 97 LEA ESI,DWORD PTR SS:[EBP-69] ; (ASCII "IEC1QFR0WPRN2D8O")
004BBC96 |> 8D45 88 /LEA EAX,DWORD PTR SS:[EBP-78]
004BBC99 |. 8A16 |MOV DL,BYTE PTR DS:[ESI]
004BBC9B |. E8 C08EF4FF |CALL PicAlbum.00404B60
004BBCA0 |. 8B55 88 |MOV EDX,DWORD PTR SS:[EBP-78]
004BBCA3 |. 8D45 F0 |LEA EAX,DWORD PTR SS:[EBP-10]
004BBCA6 |. E8 958FF4FF |CALL PicAlbum.00404C40
004BBCAB |. 46 |INC ESI
004BBCAC |. 4B |DEC EBX
004BBCAD |.^ 75 E7 \JNZ SHORT PicAlbum.004BBC96
004BBCAF |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004BBCB2 |. BA C8BD4B00 MOV EDX,PicAlbum.004BBDC8 ; -
004BBCB7 |. E8 848FF4FF CALL PicAlbum.00404C40
004BBCBC |. BB 04000000 MOV EBX,4 ; 取4位
004BBCC1 |. 8D75 9B LEA ESI,DWORD PTR SS:[EBP-65] ; (ASCII "QFR0WPRN2D8O")
004BBCC4 |> 8D45 84 /LEA EAX,DWORD PTR SS:[EBP-7C]
004BBCC7 |. 8A16 |MOV DL,BYTE PTR DS:[ESI]
004BBCC9 |. E8 928EF4FF |CALL PicAlbum.00404B60
004BBCCE |. 8B55 84 |MOV EDX,DWORD PTR SS:[EBP-7C]
004BBCD1 |. 8D45 F0 |LEA EAX,DWORD PTR SS:[EBP-10]
004BBCD4 |. E8 678FF4FF |CALL PicAlbum.00404C40
004BBCD9 |. 46 |INC ESI
004BBCDA |. 4B |DEC EBX
004BBCDB |.^ 75 E7 \JNZ SHORT PicAlbum.004BBCC4
004BBCDD |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004BBCE0 |. BA C8BD4B00 MOV EDX,PicAlbum.004BBDC8 ; -
004BBCE5 |. E8 568FF4FF CALL PicAlbum.00404C40
004BBCEA |. BB 04000000 MOV EBX,4 ; 取4位
004BBCEF |. 8D75 9F LEA ESI,DWORD PTR SS:[EBP-61] ; (ASCII "WPRN2D8O")
004BBCF2 |> 8D45 80 /LEA EAX,DWORD PTR SS:[EBP-80]
004BBCF5 |. 8A16 |MOV DL,BYTE PTR DS:[ESI]
004BBCF7 |. E8 648EF4FF |CALL PicAlbum.00404B60
004BBCFC |. 8B55 80 |MOV EDX,DWORD PTR SS:[EBP-80]
004BBCFF |. 8D45 F0 |LEA EAX,DWORD PTR SS:[EBP-10]
004BBD02 |. E8 398FF4FF |CALL PicAlbum.00404C40
004BBD07 |. 46 |INC ESI
004BBD08 |. 4B |DEC EBX
004BBD09 |.^ 75 E7 \JNZ SHORT PicAlbum.004BBCF2
004BBD0B |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004BBD0E |. BA C8BD4B00 MOV EDX,PicAlbum.004BBDC8 ; -
004BBD13 |. E8 288FF4FF CALL PicAlbum.00404C40
004BBD18 |. BB 04000000 MOV EBX,4 ; 取4位
004BBD1D |. 8D75 A3 LEA ESI,DWORD PTR SS:[EBP-5D] ; (ASCII "2D8O")
004BBD20 |> 8D85 7CFFFFFF /LEA EAX,DWORD PTR SS:[EBP-84]
004BBD26 |. 8A16 |MOV DL,BYTE PTR DS:[ESI]
004BBD28 |. E8 338EF4FF |CALL PicAlbum.00404B60
004BBD2D |. 8B95 7CFFFFFF |MOV EDX,DWORD PTR SS:[EBP-84]
004BBD33 |. 8D45 F0 |LEA EAX,DWORD PTR SS:[EBP-10]
004BBD36 |. E8 058FF4FF |CALL PicAlbum.00404C40
004BBD3B |. 46 |INC ESI
004BBD3C |. 4B |DEC EBX
004BBD3D |.^ 75 E1 \JNZ SHORT PicAlbum.004BBD20
004BBD3F |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; 进行拼接(ASCII "IEC1-QFR0-WPRN-2D8O")
004BBD42 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C] ; (ASCII "1234567890123456789")
004BBD45 |. E8 3290F4FF CALL PicAlbum.00404D7C
004BBD4A |. 75 1A JNZ SHORT PicAlbum.004BBD66
004BBD4C |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004BBD4F |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004BBD52 |. E8 89D2F4FF CALL PicAlbum.00408FE0
004BBD57 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004BBD5A |. BA D4BD4B00 MOV EDX,PicAlbum.004BBDD4 ; ok
004BBD5F |. E8 708CF4FF CALL PicAlbum.004049D4
004BBD64 |. EB 0D JMP SHORT PicAlbum.004BBD73
004BBD66 |> 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004BBD69 |. BA B8BD4B00 MOV EDX,PicAlbum.004BBDB8 ; none
004BBD6E |. E8 618CF4FF CALL PicAlbum.004049D4
004BBD73 |> 33C0 XOR EAX,EAX
004BBD75 |. 5A POP EDX
004BBD76 |. 59 POP ECX
004BBD77 |. 59 POP ECX
004BBD78 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004BBD7B |. 68 A5BD4B00 PUSH PicAlbum.004BBDA5
004BBD80 |> 8D85 7CFFFFFF LEA EAX,DWORD PTR SS:[EBP-84]
004BBD86 |. BA 06000000 MOV EDX,6
004BBD8B |. E8 148CF4FF CALL PicAlbum.004049A4
004BBD90 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004BBD93 |. BA 04000000 MOV EDX,4
004BBD98 |. E8 078CF4FF CALL PicAlbum.004049A4
004BBD9D \. C3 RETN
004BBD9E .^ E9 8185F4FF JMP PicAlbum.00404324
004BBDA3 .^ EB DB JMP SHORT PicAlbum.004BBD80
004BBDA5 . 5F POP EDI
004BBDA6 . 5E POP ESI
004BBDA7 . 5B POP EBX
004BBDA8 . 8BE5 MOV ESP,EBP
004BBDAA . 5D POP EBP
004BBDAB . C2 0400 RETN 4
至此注册码已出,明码比较。
--------------------------------------------------------------------------------
【经验总结】
这篇破文用了我半天的时间,头疼的很,心里明白,可是用文字表示不出来,还请敬谅~~,下面是些胡言乱语??
常量(PicAlbum)各字符的16进制累加值为30D
令用户名各字符16进制+30D为A,A=A+30D
用户名前16位(不足16位则循环取)各自×与其对应的(50、39、43、38、55、37、45、36、48、35、55、34、49、33、47
、32)的积为C,则D=D*A
常量(ASCII "P9C8U7E6H5U4I3G2")
E=CDQ(CDQ(D)/1FF*35*59)/25 > 0A则,
对应的注册码字符F=E+41-0A
反这E < 0A则,F=E+30
最后拼接为IEC1QFR0WPRN2D8O,每4位一组中间用“-”间隔,即IEC1-QFR0-WPRN-2D8O就是注册码。
注册码长度必须是19,用户名不能为空,支持中文。
附上几组注册码
用户名:lzq1973[PYG][CZG]
注册码:JC6I-8JZ4-DBDC-07E8
用户名:网眼天下
注册码:0G8Z-XY9I-95IW-217B
--------------------------------------------------------------------------------
【版权声明】: 本文属于大家, 转载请注明作者并保持文章的完整, 谢谢!
2006年03月28日 11:34:08 |
|
IP卡
发表于 2006-3-28 13:39:42
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-3-28 14:30:19
发表于 2006-3-28 16:38:28
发表于 2006-3-28 21:34:23
发表于 2006-3-29 20:38:43
