- UID
- 33252
注册时间2007-8-4
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 无聊
2024-12-30 17:29 |
|---|
签到天数: 633 天 [LV.9]以坛为家II
|
【文章标题】: 屏幕录像专家V7.5 Build20090710 追注册码
【文章作者】: fghtiger
【作者邮箱】: [email protected]
【作者QQ号】: 28011309
【软件名称】: 屏幕录像专家V7.5
【下载地址】: 自己搜索下载
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
先用C32ASM查找字符串,找到一些有用的信息:如下:
本软件已授权给 004241F1
还未注册 004241A6
注册成功 0045D1DD
注册失败 0045CD04
0045CE6A
0045DB84
0045DAFD
用DEDE找到注册窗口Tregisterform的确定按钮事件 0045CBD0
0045CBD0 /. 55 push ebp ; 确定的按钮事件
0045CBD1 |. 8BEC mov ebp, esp
0045CBD3 |. 81C4 A0FAFFFF add esp, -560
0045CBD9 |. 53 push ebx
0045CBDA |. 56 push esi
0045CBDB |. 57 push edi
0045CBDC |. 8985 30FFFFFF mov dword ptr [ebp-D0], eax
0045CBE2 |. B8 B0755700 mov eax, 005775B0
0045CBE7 |. E8 EC5F0D00 call 00532BD8
0045CC8F |. 8D45 F0 lea eax, dword ptr [ebp-10]
0045CC92 |. BA 02000000 mov edx, 2
0045CC97 |. E8 F4450E00 call 00541290 ; 取假码到EDX
0045CC9C |. 66:C785 44FFF>mov word ptr [ebp-BC], 44
0045CCA5 |. 8D45 F4 lea eax, dword ptr [ebp-C]
0045CCA8 |. E8 FF53FAFF call 004020AC
0045CCAD |. 50 push eax ; 假码入栈
0045CCAE |. 8D45 EC lea eax, dword ptr [ebp-14]
0045CCB1 |. 8B95 30FFFFFF mov edx, dword ptr [ebp-D0]
0045CCB7 |. 52 push edx
0045CCB8 |. E8 9B4CFAFF call 00401958
0045CCEA |. 8D45 F4 lea eax, dword ptr [ebp-C]
0045CCED |. E8 B295FFFF call 004562A4
0045CCF2 |. 83F8 32 cmp eax, 32 ; 注册码位数是否大于50
0045CCF5 |. 0F8D 81000000 jge 0045CD7C
0045CCFB |. 66:C785 44FFF>mov word ptr [ebp-BC], 50
0045CD04 |. BA 1C705700 mov edx, 0057701C ; 注册失败
0045CD09 |. 8D45 E8 lea eax, dword ptr [ebp-18]
0045CD0C |. E8 D3420E00 call 00540FE4
0045CE3C |. A1 D4D65900 mov eax, dword ptr [59D6D4]
0045CE41 |. 8B10 mov edx, dword ptr [eax]
0045CE43 |. 52 push edx
0045CE44 |. E8 6398FFFF call 004566AC ; 把假码的前45位转换成一个十进制数 要写注册机的话就要跟入
0045CE49 |. 0FB7C8 movzx ecx, ax ; AX就是这个十进制数
0045CE4C |. 8D45 F8 lea eax, dword ptr [ebp-8]
0045CE4F |. 8BF1 mov esi, ecx
0045CE51 |. 83C4 0C add esp, 0C
0045CE54 |. E8 47470E00 call 005415A0
0045CE59 |. 3BF0 cmp esi, eax ; 把先前获得的AX十进制数与假码后五位数十进制数比较
0045CE5B |. 0F84 81000000 je 0045CEE2
0045CE61 |. 66:C785 44FFF>mov word ptr [ebp-BC], 68
0045CE6A |. BA 3D705700 mov edx, 0057703D ; 注册失败
0045CE6F |. 8D45 E0 lea eax, dword ptr [ebp-20]
跟入 call 004566AC 这个是前45位转换成一个十进制数的算法, 可惜我看不懂。
004566AC /$ 55 push ebp
004566AD |. 8BEC mov ebp, esp
004566AF |. 56 push esi
004566B0 |. 57 push edi
004566B1 |. 8B75 0C mov esi, dword ptr [ebp+C]
004566B4 |. 33C0 xor eax, eax
004566B6 |. 33C9 xor ecx, ecx
004566B8 |> 81F9 6DB20000 /cmp ecx, 0B26D
004566BE |. 75 30 |jnz short 004566F0
004566C0 |. 33FF |xor edi, edi
004566C2 |. 3B7D 10 |cmp edi, dword ptr [ebp+10] ; 45位与0比较
004566C5 |. 7D 29 |jge short 004566F0
004566C7 |> 41 |/inc ecx
004566C8 |. B2 80 ||mov dl, 80
004566CA |> F6C4 80 ||/test ah, 80 ; 小于80 跳
004566CD |. 74 09 |||je short 004566D8
004566CF |. 03C0 |||add eax, eax
004566D1 |. 66:35 2110 |||xor ax, 1021
004566D5 |. 41 |||inc ecx
004566D6 |. EB 02 |||jmp short 004566DA
004566D8 |> 03C0 |||add eax, eax
004566DA |> 41 |||inc ecx
004566DB |. 8416 |||test byte ptr [esi], dl
004566DD |. 74 04 |||je short 004566E3
004566DF |. 66:35 2110 |||xor ax, 1021
004566E3 |> D0EA |||shr dl, 1
004566E5 |. 84D2 |||test dl, dl
004566E7 |.^ 75 E1 ||\jnz short 004566CA
004566E9 |. 46 ||inc esi
004566EA |. 47 ||inc edi
004566EB |. 3B7D 10 ||cmp edi, dword ptr [ebp+10]
004566EE |.^ 7C D7 |\jl short 004566C7
004566F0 |> 41 |inc ecx
004566F1 |. 81F9 A0860100 |cmp ecx, 186A0
004566F7 |.^ 7C BF \jl short 004566B8
004566F9 |. 5F pop edi
004566FA |. 5E pop esi
004566FB |. 5D pop ebp
004566FC \. C3 retn /////// 回到 0045CE49
0045CEE2 |> \66:C785 44FFF>mov word ptr [ebp-BC], 74
0045CEEB |. 8B15 D4D65900 mov edx, dword ptr [59D6D4] ; 屏录专家._MainForm
0045CEF1 |. 8D85 ACFAFFFF lea eax, dword ptr [ebp-554]
0045CEF7 |. 50 push eax
0045CEF8 |. 8D45 DC lea eax, dword ptr [ebp-24]
0045CEFB |. 8B0A mov ecx, dword ptr [edx]
0045CEFD |. 51 push ecx
0045CEFE |. E8 554AFAFF call 00401958
0045CF03 |. 50 push eax ; |Arg1
0045CF04 |. FF85 50FFFFFF inc dword ptr [ebp-B0] ; |
0045CF0A |. E8 1D78FBFF call 0041472C ; \关键算法,跟进去(取得一个字符串)
0045CF0F |. 83C4 0C add esp, 0C
跟入 call 0041472C
0041472C /$ 55 push ebp ////// 这里就是将假码的前40位转换成一个20位的字符串
0041472D |. 8BEC mov ebp, esp
0041472F |. 81C4 08FFFFFF add esp, -0F8
00414735 |. 53 push ebx
00414736 |. 56 push esi
00414737 |. B8 3CFA5600 mov eax, 0056FA3C
0041473C |. E8 97E41100 call 00532BD8
00414741 |. 66:C745 E0 08>mov word ptr [ebp-20], 8
00414747 |. 8D45 FC lea eax, dword ptr [ebp-4]
0041474A |. E8 09D2FEFF call 00401958
0041474F |. FF45 EC inc dword ptr [ebp-14]
00414752 |. 66:C745 E0 14>mov word ptr [ebp-20], 14
00414758 |. 6A 28 push 28
0041475A |. 8B55 10 mov edx, dword ptr [ebp+10]
0041475D |. 52 push edx
0041475E |. 8D8D 6CFFFFFF lea ecx, dword ptr [ebp-94]
00414764 |. 51 push ecx
00414765 |. E8 CADF1100 call 00532734
0041476A |. 8A85 6EFFFFFF mov al, byte ptr [ebp-92] ; 下面这段在将假码前40位互换
00414770 |. 8A55 92 mov dl, byte ptr [ebp-6E]
00414773 |. 8895 6EFFFFFF mov byte ptr [ebp-92], dl ; 第3位和第39位互换
00414779 |. 8845 92 mov byte ptr [ebp-6E], al
0041477C |. 8A85 70FFFFFF mov al, byte ptr [ebp-90]
00414782 |. 8A55 85 mov dl, byte ptr [ebp-7B]
00414785 |. 8895 70FFFFFF mov byte ptr [ebp-90], dl ; 第5位和第26位互换
0041478B |. 8845 85 mov byte ptr [ebp-7B], al
0041478E |. 8A85 75FFFFFF mov al, byte ptr [ebp-8B] ; AL=假码第10位
00414794 |. 8A55 8B mov dl, byte ptr [ebp-75] ; DL=假码第32位
00414797 |. 8895 75FFFFFF mov byte ptr [ebp-8B], dl ; 32位换10位
0041479D |. 83C4 0C add esp, 0C
004147A0 |. 33DB xor ebx, ebx
004147A2 |. 8845 8B mov byte ptr [ebp-75], al ; 10位换到32位
004147A5 |. 8DB5 6CFFFFFF lea esi, dword ptr [ebp-94]
004147AB |> 8A06 /mov al, byte ptr [esi]
004147AD |. 43 |inc ebx
004147AE |. 46 |inc esi
004147AF |. 8885 08FFFFFF |mov byte ptr [ebp-F8], al
004147B5 |. 8D45 F8 |lea eax, dword ptr [ebp-8]
004147B8 |. 8A16 |mov dl, byte ptr [esi]
004147BA |. 8895 09FFFFFF |mov byte ptr [ebp-F7], dl
004147C0 |. 8D95 08FFFFFF |lea edx, dword ptr [ebp-F8]
004147C6 |. C685 0AFFFFFF>|mov byte ptr [ebp-F6], 0
004147CD |. 66:C745 E0 20>|mov word ptr [ebp-20], 20
004147D3 |. E8 0CC81200 |call 00540FE4
004147D8 |. 8BD0 |mov edx, eax
004147DA |. FF45 EC |inc dword ptr [ebp-14]
004147DD |. 8D45 FC |lea eax, dword ptr [ebp-4]
004147E0 |. E8 DBCA1200 |call 005412C0
004147E5 |. FF4D EC |dec dword ptr [ebp-14]
004147E8 |. 8D45 F8 |lea eax, dword ptr [ebp-8]
004147EB |. BA 02000000 |mov edx, 2
004147F0 |. E8 9BCA1200 |call 00541290
004147F5 |. 8D45 FC |lea eax, dword ptr [ebp-4]
004147F8 |. E8 A3CD1200 |call 005415A0 ; EAX=置位后假码的前40位每两位一组转换成数字
004147FD |. 8BD3 |mov edx, ebx
004147FF |. D1FA |sar edx, 1 ; 位数\2
00414801 |. 79 03 |jns short 00414806
00414803 |. 83D2 00 |adc edx, 0
00414806 |> 03C2 |add eax, edx
00414808 |. 43 |inc ebx
00414809 |. 83C0 09 |add eax, 9
0041480C |. 46 |inc esi
0041480D |. 83FB 28 |cmp ebx, 28 ; 与45比较
00414810 |. 888415 6CFFFF>|mov byte ptr [ebp+edx-94], al ; 用每两位得到的数值填入置位后假码所在的位置
00414817 |.^ 7C 92 \jl short 004147AB
0045CF90 |. E8 3F010A00 call 004FD0D4
0045CF95 |. 8D45 D8 lea eax, dword ptr [ebp-28]
0045CF98 |. E8 0F51FAFF call 004020AC ; 取用户名
0045CF9D |. 57 push edi
0045CF9E |. 8BF8 mov edi, eax
0045CFA0 |. 33C0 xor eax, eax
0045CFD7 |. C685 D7FEFFFF>mov byte ptr [ebp-129], 0
0045CFDE |. 8B85 30FFFFFF mov eax, dword ptr [ebp-D0]
0045CFE4 |. 05 00030000 add eax, 300
0045CFE9 |. E8 BE50FAFF call 004020AC ; 注意EAX里面出来一组数据就是取机器码的前20位并置位(5与26,9与12)得到的
0045CFEE |. 57 push edi
0045CFEF |. 8BF8 mov edi, eax
0045CFF1 |. 33C0 xor eax, eax
0045D033 |. 33DB xor ebx, ebx
0045D035 |> 8B8D 24FFFFFF /mov ecx, dword ptr [ebp-DC] ; 注册名
0045D03B |. 8B95 20FFFFFF |mov edx, dword ptr [ebp-E0] ; 前面提到的变换后的机器码
0045D041 |. 8A01 |mov al, byte ptr [ecx]
0045D043 |. 3202 |xor al, byte ptr [edx]
0045D045 |. 83C4 F8 |add esp, -8
0045D048 |. 8806 |mov byte ptr [esi], al ; |
0045D04A |. 0FBE0E |movsx ecx, byte ptr [esi] ; |
0045D04D |. 898D A8FAFFFF |mov dword ptr [ebp-558], ecx ; |
0045D053 |. DB85 A8FAFFFF |fild dword ptr [ebp-558] ; | 装载ECX到ST0
0045D059 |. DD1C24 |fstp qword ptr [esp] ; |
0045D05C |. E8 8BC80D00 |call 005398EC ; \屏录专家.005398EC
0045D061 |. 83C4 08 |add esp, 8
0045D064 |. 899D A4FAFFFF |mov dword ptr [ebp-55C], ebx ; 压入计数器
0045D06A |. DB85 A4FAFFFF |fild dword ptr [ebp-55C]
0045D070 |. DEC9 |fmulp st(1), st(0) ; ST0=ST0*ST1=ECX*计数器
0045D072 |. 89BD A0FAFFFF |mov dword ptr [ebp-560], edi
0045D078 |. DB85 A0FAFFFF |fild dword ptr [ebp-560] ; 压入[EBP-560]
0045D07E |. DEC1 |faddp st(1), st(0) ; ST1=ST1+ST0
0045D080 |. E8 8FC80D00 |call 00539914 ; 保存ST0的16进制到EAX
0045D085 |. 8BF8 |mov edi, eax
0045D087 |. 43 |inc ebx
0045D088 |. 46 |inc esi
0045D089 |. FF85 20FFFFFF |inc dword ptr [ebp-E0]
0045D08F |. FF85 24FFFFFF |inc dword ptr [ebp-DC]
0045D095 |. 83FB 14 |cmp ebx, 14
0045D098 |.^ 7C 9B \jl short 0045D035
0045D09A |. 81C7 39300000 add edi, 3039 ; 用户名与变换后的机器码计算得数+3039H
0045D0A0 |. 8D95 08FFFFFF lea edx, dword ptr [ebp-F8] ; 经过与注册名处理后的字符串
0045D0A6 |. 57 push edi ; /Arg3
0045D0A7 |. 68 5E705700 push 0057705E ; |Arg2 = 0057705E ASCII "%d"
0045D0AC |. 52 push edx ; |Arg1
0045D0AD |. E8 4A8E0D00 call 00535EFC ; \屏录专家.00535EFC
0045D0B2 |. 83C4 0C add esp, 0C
0045D0B5 |. 8D45 FC lea eax, dword ptr [ebp-4]
0045D0B8 |. E8 EF4FFAFF call 004020AC ; 把用户名与变换后的机器码计算得数+3039H的数值转换成字符串
0045D0BD |. 57 push edi
0045D0BE |. 8BF8 mov edi, eax
0045D0F8 |> /8B95 20FFFFFF /mov edx, dword ptr [ebp-E0]
0045D0FE |. |0FBE06 |movsx eax, byte ptr [esi] ; 按位取上面得到的字符的Ascii码
0045D101 |. |0FBE0A |movsx ecx, byte ptr [edx] ; 由40位假码变换而得20位的字符
0045D104 |. |83C1 EC |add ecx, -14
0045D107 |. |3BC1 |cmp eax, ecx ; 比较
0045D109 |0F85 80000000 |jnz 0045D18F
0045D10F |83FB 03 |cmp ebx, 3
0045D112 |75 6A |jnz short 0045D17E
0045D114 |. |81C7 444D0000 |add edi, 4D44 ; 将用户名与变换后的机器码计算得数+3039H的数值再加上4D44
0045D11A |. |89BD A8FAFFFF |mov dword ptr [ebp-558], edi
0045D120 |. |DB85 A8FAFFFF |fild dword ptr [ebp-558]
0045D126 |. |DC0D 4CDC4500 |fmul qword ptr [45DC4C] ; 乘以3.14
0045D12C |. |DB2D 54DC4500 |fld tbyte ptr [45DC54]
0045D132 |. |DEC9 |fmulp st(1), st(0) ; ST(1)再乘以0.1594896331738437120
0045D134 |. |E8 DBC70D00 |call 00539914
0045D139 |. |8BF8 |mov edi, eax
0045D13B |. |8BC7 |mov eax, edi
0045D13D |. |B9 A0860100 |mov ecx, 186A0
0045D142 |. |99 |cdq ; 将EAX中的数符号扩展为EDX:EAX中的64位数
0045D143 |. |F7F9 |idiv ecx
0045D145 |. |8BFA |mov edi, edx
0045D147 |. |33C0 |xor eax, eax
0045D149 |. |8985 2CFFFFFF |mov dword ptr [ebp-D4], eax
0045D14F |. |33D2 |xor edx, edx
0045D151 |. |8D85 ACFEFFFF |lea eax, dword ptr [ebp-154] ; [ebp-154]的数据就是假码被处理后的那20位字符串
0045D157 |> |0FBE08 |/movsx ecx, byte ptr [eax] ; 将40位假码换成的20位字符串前19位相加
0045D15A |. |018D 2CFFFFFF ||add dword ptr [ebp-D4], ecx
0045D160 |. |42 ||inc edx
0045D161 |. |40 ||inc eax
0045D162 |. |83FA 13 ||cmp edx, 13
0045D165 |.^|7C F0 |\jl short 0045D157
0045D167 |. |8B85 2CFFFFFF |mov eax, dword ptr [ebp-D4] ; [EBP-D4]=上面数据前19位相加
0045D16D |. |B9 0A000000 |mov ecx, 0A
0045D172 |. |99 |cdq
0045D173 |. |F7F9 |idiv ecx ; EDX=前19位相加得数 mod A
0045D175 |. |83C2 30 |add edx, 30 ; EDX=EDX+30
0045D178 |. |8995 2CFFFFFF |mov dword ptr [ebp-D4], edx
0045D17E |> |43 |inc ebx
0045D17F |. |FF85 20FFFFFF |inc dword ptr [ebp-E0]
0045D185 |. |46 |inc esi
0045D186 |. |83FB 05 |cmp ebx, 5
0045D189 |.^\0F8C 69FFFFFF \jl 0045D0F8
0045D18F |> 83FB 05 cmp ebx, 5
0045D192 |. 0F8C E3090000 jl 0045DB7B
0045D198 |. 0FBE85 BFFEFF>movsx eax, byte ptr [ebp-141]
0045D19F |. 3B85 2CFFFFFF cmp eax, dword ptr [ebp-D4] ; EDX+30结果与由40位变换而成的20位字符串第20位比较
0045D1A5 |. 74 09 je short 0045D1B0
0045D1A7 |. 83F8 41 cmp eax, 41
0045D1AA 0F8C CB090000 jl 0045DB7B
0045D1B0 |> 8BC7 mov eax, edi
0045D1B2 |. B9 0A000000 mov ecx, 0A
0045D1B7 |. 99 cdq
0045D1B8 |. F7F9 idiv ecx ; 前面ST(1)得到的数 mod A 余数放入EDX
0045D1BA |. 0FBEB41D ACFE>movsx esi, byte ptr [ebp+ebx-154]
0045D1C2 |. 83C6 BF add esi, -41 将由假码前40位变换而成的20位的字符串第6位-41
0045D1C5 |. 2BF2 sub esi, edx
0045D1C7 |. 85F6 test esi, esi ; 关键比较
0045D1C9 74 09 je short 0045D1D4 ; 关键跳,跳走就成功
0045D1CB |. 83FE 09 cmp esi, 9
0045D1CE |. 0F85 20090000 jnz 0045DAF4
0045D1D4 |> 66:C785 44FFF>mov word ptr [ebp-BC], 8C
0045D1DD |. BA 61705700 mov edx, 00577061
--------------------------------------------------------------------------------
【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
2009年08月22日 8:39:39
[ 本帖最后由 fghtiger 于 2009-9-15 09:05 编辑 ] |
|
IP卡
发表于 2009-8-23 08:26:45
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2009-8-23 08:46:10
发表于 2009-8-23 10:16:28
发表于 2009-8-23 12:26:17
发表于 2009-8-23 14:02:09
发表于 2009-8-23 19:37:12