- UID
- 8671
注册时间2006-2-27
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 开心
2018-5-6 16:27 |
|---|
签到天数: 7 天 [LV.3]偶尔看看II
|
【破文标题】野猫III申请加入[PYG]成员破文之二
【破文作者】野猫III[D.4s]
【作者主页】龙族:Www.ChinaDforce.CoM 飘云阁:HttP://Www.ChinAPYG.CoM
【破解工具】PEiD,W32DASM,UC32,OD
【破解平台】Windows XP SP2
【软件名称】WinASO Registry Optimizer V2.7
【软件大小】2428 KB
【原版下载】http://www6.skycn.com/soft/27630.html
【保护方式】注册码
【软件简介】软件语言: 英文
软件类别: 国外软件 / 共享版 / 卸载清除
更新时间: 2006-06-30 14:35:41
下载次数: 0
开 发 商: http://www.winaso.com/
WinASO Registry Optimizer 是一个 Windows 优化工具和高级注册表清理工具,它允许您以简单的鼠标单击来安全的清理及修复注册表故障。通过修复陈旧信息及调整 Windows 注册表参数,它对系统速度的提升是值得令人注意的。WinASO Registry Optimizer 被很好的设计为修复普遍的问题,例如对 Internet Explorer 页面的非法修改。我们已对此工具进行了实际测试来确保您的系统安全。我们没有收到过任何对系统稳定性的抱怨。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
------------------------------------------------------------------------
一、PEiD查得Borland Delphi 6.0 - 7.0软件。
二、OD载入,运行程序到注册界面,下命令断点bp MessageBoxA,注册确认,程序被中断在:
77D5050B > 8BFF MOV EDI,EDI
77D5050D 55 PUSH EBP
77D5050E 8BEC MOV EBP,ESP
堆栈友好提示:
0012F7BC 00564AE6 /CALL 到 MessageBoxA 来自 RegOpt.00564AE1 //返回程序领空,调试分析之~~~
0012F7C0 006805BA |hOwner = 006805BA ('Register Information',class='TfrmRegister',parent=004B0354)
0012F7C4 00CDA1C8 |Text = "Sorry, that is an invalid license key. Please ensure you have entered the license key exactly as provided."
0012F7C8 012CBB80 |Title = "Information"
0012F7CC 00000040 \Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
0012F7D0 0012FA0C 指向下一个 SEH 记录的指针
0012F7D4 00564D15 SE处理程序
三、程序分析算法以下:
005646D7 |. 55 PUSH EBP
005646D8 |. 68 154D5600 PUSH RegOpt.00564D15
005646DD |. 64:FF30 PUSH DWORD PTR FS:[EAX]
005646E0 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
005646E3 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
005646E6 |. 8B15 34AE5800 MOV EDX,DWORD PTR DS:[58AE34] ; RegOpt.0058FD84
005646EC |. 8B92 70080000 MOV EDX,DWORD PTR DS:[EDX+870]
005646F2 |. E8 390BEAFF CALL RegOpt.00405230
005646F7 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
005646FA |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
00564700 |. E8 4323EFFF CALL RegOpt.00456A48
00564705 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 第一组试练码
00564708 |. E8 77C2F4FF CALL RegOpt.004B0984
0056470D |. 84C0 TEST AL,AL
0056470F |. 75 2E JNZ SHORT RegOpt.0056473F ; 有填就跳~~~
00564711 |. 6A 40 PUSH 40
00564713 |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
00564718 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056471E |. E8 390FEAFF CALL RegOpt.0040565C
00564723 |. 50 PUSH EAX
00564724 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00564727 |. E8 300FEAFF CALL RegOpt.0040565C
0056472C |. 50 PUSH EAX
0056472D |. 8BC3 MOV EAX,EBX
0056472F |. E8 149EEFFF CALL RegOpt.0045E548
00564734 |. 50 PUSH EAX ; |hOwner
00564735 |. E8 FA3BEAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056473A |. E9 6A050000 JMP RegOpt.00564CA9
0056473F |> 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
00564742 |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
00564748 |. E8 FB22EFFF CALL RegOpt.00456A48
0056474D |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; 第二组试练码
00564750 |. E8 2FC2F4FF CALL RegOpt.004B0984
00564755 |. 84C0 TEST AL,AL
00564757 |. 75 2E JNZ SHORT RegOpt.00564787 ; 有填就跳~~~
00564759 |. 6A 40 PUSH 40
0056475B |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
00564760 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
00564766 |. E8 F10EEAFF CALL RegOpt.0040565C
0056476B |. 50 PUSH EAX
0056476C |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056476F |. E8 E80EEAFF CALL RegOpt.0040565C
00564774 |. 50 PUSH EAX
00564775 |. 8BC3 MOV EAX,EBX
00564777 |. E8 CC9DEFFF CALL RegOpt.0045E548
0056477C |. 50 PUSH EAX ; |hOwner
0056477D |. E8 B23BEAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
00564782 |. E9 22050000 JMP RegOpt.00564CA9
00564787 |> 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
0056478A |. 8B83 AC030000 MOV EAX,DWORD PTR DS:[EBX+3AC]
00564790 |. E8 B322EFFF CALL RegOpt.00456A48
00564795 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; 第三组试练码
00564798 |. E8 E7C1F4FF CALL RegOpt.004B0984
0056479D |. 84C0 TEST AL,AL
0056479F |. 75 2E JNZ SHORT RegOpt.005647CF ; 有填就跳~~~
005647A1 |. 6A 40 PUSH 40
005647A3 |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
005647A8 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
005647AE |. E8 A90EEAFF CALL RegOpt.0040565C
005647B3 |. 50 PUSH EAX
005647B4 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
005647B7 |. E8 A00EEAFF CALL RegOpt.0040565C
005647BC |. 50 PUSH EAX
005647BD |. 8BC3 MOV EAX,EBX
005647BF |. E8 849DEFFF CALL RegOpt.0045E548
005647C4 |. 50 PUSH EAX ; |hOwner
005647C5 |. E8 6A3BEAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
005647CA |. E9 DA040000 JMP RegOpt.00564CA9
005647CF |> 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
005647D2 |. 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4]
005647D8 |. E8 6B22EFFF CALL RegOpt.00456A48
005647DD |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; 第四组试练码
005647E0 |. E8 9FC1F4FF CALL RegOpt.004B0984
005647E5 |. 84C0 TEST AL,AL
005647E7 |. 75 2E JNZ SHORT RegOpt.00564817 ; 有填就跳~~~
005647E9 |. 6A 40 PUSH 40
005647EB |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
005647F0 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
005647F6 |. E8 610EEAFF CALL RegOpt.0040565C
005647FB |. 50 PUSH EAX
005647FC |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
005647FF |. E8 580EEAFF CALL RegOpt.0040565C
00564804 |. 50 PUSH EAX
00564805 |. 8BC3 MOV EAX,EBX
00564807 |. E8 3C9DEFFF CALL RegOpt.0045E548
0056480C |. 50 PUSH EAX ; |hOwner
0056480D |. E8 223BEAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
00564812 |. E9 92040000 JMP RegOpt.00564CA9
00564817 |> 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
0056481A |. 8B83 C0030000 MOV EAX,DWORD PTR DS:[EBX+3C0]
00564820 |. E8 2322EFFF CALL RegOpt.00456A48
00564825 |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C] ; 第五组试练码
00564828 |. E8 57C1F4FF CALL RegOpt.004B0984
0056482D |. 84C0 TEST AL,AL
0056482F |. 75 2E JNZ SHORT RegOpt.0056485F ; 有填就跳~~~
00564831 |. 6A 40 PUSH 40
00564833 |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
00564838 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056483E |. E8 190EEAFF CALL RegOpt.0040565C
00564843 |. 50 PUSH EAX
00564844 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00564847 |. E8 100EEAFF CALL RegOpt.0040565C
0056484C |. 50 PUSH EAX
0056484D |. 8BC3 MOV EAX,EBX
0056484F |. E8 F49CEFFF CALL RegOpt.0045E548
00564854 |. 50 PUSH EAX ; |hOwner
00564855 |. E8 DA3AEAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056485A |. E9 4A040000 JMP RegOpt.00564CA9
0056485F |> 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
00564862 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
00564868 |. E8 DB21EFFF CALL RegOpt.00456A48
0056486D |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 取第一组试练码位数
00564870 |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
00564873 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
00564876 |. 85C0 TEST EAX,EAX
00564878 |. 74 05 JE SHORT RegOpt.0056487F
0056487A |. 83E8 04 SUB EAX,4
0056487D |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0056487F |> 83F8 04 CMP EAX,4 ; 位数与4比较
00564882 |. 74 2E JE SHORT RegOpt.005648B2 ; 相等跳,否则OVER!
00564884 |. 6A 40 PUSH 40
00564886 |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
0056488B |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
00564891 |. E8 C60DEAFF CALL RegOpt.0040565C
00564896 |. 50 PUSH EAX
00564897 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056489A |. E8 BD0DEAFF CALL RegOpt.0040565C
0056489F |. 50 PUSH EAX
005648A0 |. 8BC3 MOV EAX,EBX
005648A2 |. E8 A19CEFFF CALL RegOpt.0045E548
005648A7 |. 50 PUSH EAX ; |hOwner
005648A8 |. E8 873AEAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
005648AD |. E9 F7030000 JMP RegOpt.00564CA9
005648B2 |> 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
005648B5 |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
005648BB |. E8 8821EFFF CALL RegOpt.00456A48
005648C0 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; 取第二组试练码位数
005648C3 |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
005648C6 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
005648C9 |. 85C0 TEST EAX,EAX
005648CB |. 74 05 JE SHORT RegOpt.005648D2
005648CD |. 83E8 04 SUB EAX,4
005648D0 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005648D2 |> 83F8 04 CMP EAX,4 ; 位数与4比较
005648D5 |. 74 2E JE SHORT RegOpt.00564905 ; 相等跳,否则OVER!
005648D7 |. 6A 40 PUSH 40
005648D9 |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
005648DE |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
005648E4 |. E8 730DEAFF CALL RegOpt.0040565C
005648E9 |. 50 PUSH EAX
005648EA |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
005648ED |. E8 6A0DEAFF CALL RegOpt.0040565C
005648F2 |. 50 PUSH EAX
005648F3 |. 8BC3 MOV EAX,EBX
005648F5 |. E8 4E9CEFFF CALL RegOpt.0045E548
005648FA |. 50 PUSH EAX ; |hOwner
005648FB |. E8 343AEAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
00564900 |. E9 A4030000 JMP RegOpt.00564CA9
00564905 |> 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
00564908 |. 8B83 AC030000 MOV EAX,DWORD PTR DS:[EBX+3AC]
0056490E |. E8 3521EFFF CALL RegOpt.00456A48
00564913 |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C] ; 取第三组试练码位数
00564916 |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
00564919 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
0056491C |. 85C0 TEST EAX,EAX
0056491E |. 74 05 JE SHORT RegOpt.00564925
00564920 |. 83E8 04 SUB EAX,4
00564923 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00564925 |> 83F8 04 CMP EAX,4 ; 位数与4比较
00564928 |. 74 2E JE SHORT RegOpt.00564958 ; 相等跳,否则OVER!
0056492A |. 6A 40 PUSH 40
0056492C |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
00564931 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
00564937 |. E8 200DEAFF CALL RegOpt.0040565C
0056493C |. 50 PUSH EAX
0056493D |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00564940 |. E8 170DEAFF CALL RegOpt.0040565C
00564945 |. 50 PUSH EAX
00564946 |. 8BC3 MOV EAX,EBX
00564948 |. E8 FB9BEFFF CALL RegOpt.0045E548
0056494D |. 50 PUSH EAX ; |hOwner
0056494E |. E8 E139EAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
00564953 |. E9 51030000 JMP RegOpt.00564CA9
00564958 |> 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0056495B |. 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4]
00564961 |. E8 E220EFFF CALL RegOpt.00456A48
00564966 |. 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30] ; 取第四组试练码位数
00564969 |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
0056496C |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
0056496F |. 85C0 TEST EAX,EAX
00564971 |. 74 05 JE SHORT RegOpt.00564978
00564973 |. 83E8 04 SUB EAX,4
00564976 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00564978 |> 83F8 04 CMP EAX,4 ; 位数与4比较
0056497B |. 74 2E JE SHORT RegOpt.005649AB ; 相等跳,否则OVER!
0056497D |. 6A 40 PUSH 40
0056497F |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
00564984 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056498A |. E8 CD0CEAFF CALL RegOpt.0040565C
0056498F |. 50 PUSH EAX
00564990 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00564993 |. E8 C40CEAFF CALL RegOpt.0040565C
00564998 |. 50 PUSH EAX
00564999 |. 8BC3 MOV EAX,EBX
0056499B |. E8 A89BEFFF CALL RegOpt.0045E548
005649A0 |. 50 PUSH EAX ; |hOwner
005649A1 |. E8 8E39EAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
005649A6 |. E9 FE020000 JMP RegOpt.00564CA9
005649AB |> 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
005649AE |. 8B83 C0030000 MOV EAX,DWORD PTR DS:[EBX+3C0]
005649B4 |. E8 8F20EFFF CALL RegOpt.00456A48
005649B9 |. 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34] ; 取第三组试练码位数
005649BC |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
005649BF |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
005649C2 |. 85C0 TEST EAX,EAX
005649C4 |. 74 05 JE SHORT RegOpt.005649CB
005649C6 |. 83E8 04 SUB EAX,4
005649C9 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005649CB |> 83F8 04 CMP EAX,4 ; 位数与4比较
005649CE |. 74 2E JE SHORT RegOpt.005649FE ; 相等跳,否则OVER!
005649D0 |. 6A 40 PUSH 40
005649D2 |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
005649D7 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
005649DD |. E8 7A0CEAFF CALL RegOpt.0040565C
005649E2 |. 50 PUSH EAX
005649E3 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
005649E6 |. E8 710CEAFF CALL RegOpt.0040565C
005649EB |. 50 PUSH EAX
005649EC |. 8BC3 MOV EAX,EBX
005649EE |. E8 559BEFFF CALL RegOpt.0045E548
005649F3 |. 50 PUSH EAX ; |hOwner
005649F4 |. E8 3B39EAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
005649F9 |. E9 AB020000 JMP RegOpt.00564CA9
005649FE |> 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38] ; 上面代码分别对用户名是否填及是否4位进行检测后,来到这里~~
00564A01 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
00564A07 |. E8 3C20EFFF CALL RegOpt.00456A48
00564A0C |. 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38] ; 第一组试练码进EAX
00564A0F |. E8 F453EAFF CALL RegOpt.00409E08 ; 取它的16进制放EAX
00564A14 |. 8BF0 MOV ESI,EAX ; 放到ESI中~~~我们设为Code1
00564A16 |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
00564A19 |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
00564A1F |. E8 2420EFFF CALL RegOpt.00456A48
00564A24 |. 8B45 C4 MOV EAX,DWORD PTR SS:[EBP-3C] ; 第二组试练码进EAX
00564A27 |. E8 DC53EAFF CALL RegOpt.00409E08 ; 取它的16进制放EAX
00564A2C |. 8BF8 MOV EDI,EAX ; 放到EDI中~~~我们设为Code2
00564A2E |. 8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40]
00564A31 |. 8B83 AC030000 MOV EAX,DWORD PTR DS:[EBX+3AC]
00564A37 |. E8 0C20EFFF CALL RegOpt.00456A48
00564A3C |. 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40] ; 第三组试练码进EAX,我们设为Code3
00564A3F |. E8 C453EAFF CALL RegOpt.00409E08
00564A44 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX ; 第三组试练码放到[EBP-8]
00564A47 |. 0FAFF7 IMUL ESI,EDI ; ESI=Code1*Code2
00564A4A |. 81EE 29090000 SUB ESI,929 ; ESI=ESI-0x929
00564A50 |. 81FE 10270000 CMP ESI,2710 ; 其差与0x2710比较
00564A56 |. 7D 2E JGE SHORT RegOpt.00564A86 ; 少于OVER!
00564A58 |. 6A 40 PUSH 40
00564A5A |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
00564A5F |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
00564A65 |. E8 F20BEAFF CALL RegOpt.0040565C
00564A6A |. 50 PUSH EAX
00564A6B |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00564A6E |. E8 E90BEAFF CALL RegOpt.0040565C
00564A73 |. 50 PUSH EAX
00564A74 |. 8BC3 MOV EAX,EBX
00564A76 |. E8 CD9AEFFF CALL RegOpt.0045E548
00564A7B |. 50 PUSH EAX ; |hOwner
00564A7C |. E8 B338EAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
00564A81 |. E9 23020000 JMP RegOpt.00564CA9
00564A86 |> 8D55 B8 LEA EDX,DWORD PTR SS:[EBP-48] ; 大或等于跳来这~~
00564A89 |. 8BC6 MOV EAX,ESI
00564A8B |. E8 3C52EAFF CALL RegOpt.00409CCC ; Call进转换成10进制,设为Code4
00564A90 |. 8B45 B8 MOV EAX,DWORD PTR SS:[EBP-48] ; 结果放EAX
00564A93 |. 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
00564A96 |. BA 04000000 MOV EDX,4 ; EDX=4
00564A9B |. E8 1C37EEFF CALL RegOpt.004481BC ; Call进取后面的4位
00564AA0 |. 8B45 BC MOV EAX,DWORD PTR SS:[EBP-44]
00564AA3 |. 50 PUSH EAX
00564AA4 |. 8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C]
00564AA7 |. 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4]
00564AAD |. E8 961FEFFF CALL RegOpt.00456A48
00564AB2 |. 8B55 B4 MOV EDX,DWORD PTR SS:[EBP-4C] ; 第四组试练码进EDX
00564AB5 |. 58 POP EAX ; 弹出第四组真码!
00564AB6 |. E8 ED0AEAFF CALL RegOpt.004055A8 ; Call进比较~~~
00564ABB |. 74 2E JE SHORT RegOpt.00564AEB ; 关键跳!不等就挂~
00564ABD |. 6A 40 PUSH 40
00564ABF |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
00564AC4 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
00564ACA |. E8 8D0BEAFF CALL RegOpt.0040565C
00564ACF |. 50 PUSH EAX
00564AD0 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00564AD3 |. E8 840BEAFF CALL RegOpt.0040565C
00564AD8 |. 50 PUSH EAX
00564AD9 |. 8BC3 MOV EAX,EBX
00564ADB |. E8 689AEFFF CALL RegOpt.0045E548
00564AE0 |. 50 PUSH EAX ; |hOwner
00564AE1 |. E8 4E38EAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
00564AE6 |. E9 BE010000 JMP RegOpt.00564CA9 ; OVER!重来~~~
00564AEB |> 8B75 F8 MOV ESI,DWORD PTR SS:[EBP-8] ; 第四组注册码相等来到这~~~
00564AEE |. 83C6 7B ADD ESI,7B ; 第三组试练码加上0x7B,即Code3+0x7B
00564AF1 |. 0FAFF7 IMUL ESI,EDI ; 其和乘以第二组试练码
00564AF4 |. 81EE E1100000 SUB ESI,10E1 ; 再减去0x10E1,我们将它设为Code5
00564AFA |. 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
00564AFD |. 8BC6 MOV EAX,ESI
00564AFF |. E8 C851EAFF CALL RegOpt.00409CCC ; Call进转换成10进制
00564B04 |. 8B45 AC MOV EAX,DWORD PTR SS:[EBP-54]
00564B07 |. 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
00564B0A |. BA 04000000 MOV EDX,4 ; EDX=4
00564B0F |. E8 A836EEFF CALL RegOpt.004481BC ; Call进取后面4位
00564B14 |. 8B45 B0 MOV EAX,DWORD PTR SS:[EBP-50]
00564B17 |. 50 PUSH EAX
00564B18 |. 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-58]
00564B1B |. 8B83 C0030000 MOV EAX,DWORD PTR DS:[EBX+3C0]
00564B21 |. E8 221FEFFF CALL RegOpt.00456A48
00564B26 |. 8B55 A8 MOV EDX,DWORD PTR SS:[EBP-58] ; Call取第五组试练码
00564B29 |. 58 POP EAX ; 弹出第五组真码Code5
00564B2A |. E8 790AEAFF CALL RegOpt.004055A8 ; Call进比较~~~
00564B2F |. 74 2E JE SHORT RegOpt.00564B5F ; 不等OVER!
00564B31 |. 6A 40 PUSH 40
00564B33 |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
00564B38 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
00564B3E |. E8 190BEAFF CALL RegOpt.0040565C
00564B43 |. 50 PUSH EAX
00564B44 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00564B47 |. E8 100BEAFF CALL RegOpt.0040565C
00564B4C |. 50 PUSH EAX
00564B4D |. 8BC3 MOV EAX,EBX
00564B4F |. E8 F499EFFF CALL RegOpt.0045E548
00564B54 |. 50 PUSH EAX ; |hOwner
00564B55 |. E8 DA37EAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
00564B5A |. E9 4A010000 JMP RegOpt.00564CA9
00564B5F |> 8D55 A4 LEA EDX,DWORD PTR SS:[EBP-5C] ; 第五组试练码相等的话,跳来这~~~
00564B62 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0] ; 接下来的操作就是保存注册信息的啦~~~
00564B68 |. E8 DB1EEFFF CALL RegOpt.00456A48
00564B6D |. FF75 A4 PUSH DWORD PTR SS:[EBP-5C] ; 第一组试练码
00564B70 |. 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
00564B73 |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
00564B79 |. E8 CA1EEFFF CALL RegOpt.00456A48
00564B7E |. FF75 A0 PUSH DWORD PTR SS:[EBP-60] ; 第二组试练码
00564B81 |. 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64]
00564B84 |. 8B83 AC030000 MOV EAX,DWORD PTR DS:[EBX+3AC]
00564B8A |. E8 B91EEFFF CALL RegOpt.00456A48
00564B8F |. FF75 9C PUSH DWORD PTR SS:[EBP-64] ; 第三组试练码
00564B92 |. 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
00564B95 |. 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4]
00564B9B |. E8 A81EEFFF CALL RegOpt.00456A48
00564BA0 |. FF75 98 PUSH DWORD PTR SS:[EBP-68] ; 第四组试练码
00564BA3 |. 8D55 94 LEA EDX,DWORD PTR SS:[EBP-6C]
00564BA6 |. 8B83 C0030000 MOV EAX,DWORD PTR DS:[EBX+3C0]
00564BAC |. E8 971EEFFF CALL RegOpt.00456A48
00564BB1 |. FF75 94 PUSH DWORD PTR SS:[EBP-6C] ; 第五组试练码
00564BB4 |. A1 58BA5800 MOV EAX,DWORD PTR DS:[58BA58]
00564BB9 |. BA 05000000 MOV EDX,5
00564BBE |. E8 5909EAFF CALL RegOpt.0040551C
00564BC3 |. B2 01 MOV DL,1
00564BC5 |. A1 6CCB4200 MOV EAX,DWORD PTR DS:[42CB6C]
00564BCA |. E8 9D80ECFF CALL RegOpt.0042CC6C
00564BCF |. 8BF0 MOV ESI,EAX
00564BD1 |. BA 02000080 MOV EDX,80000002
00564BD6 |. 8BC6 MOV EAX,ESI
00564BD8 |. E8 2F81ECFF CALL RegOpt.0042CD0C
00564BDD |. B1 01 MOV CL,1
00564BDF |. BA 2C4D5600 MOV EDX,RegOpt.00564D2C ; ASCII "\SOFTWARE\WinASO\Registry Optimizer"
00564BE4 |. 8BC6 MOV EAX,ESI
00564BE6 |. E8 6582ECFF CALL RegOpt.0042CE50
00564BEB |. 84C0 TEST AL,AL
00564BED |. 74 14 JE SHORT RegOpt.00564C03
00564BEF |. 8B0D 58BA5800 MOV ECX,DWORD PTR DS:[58BA58] ; RegOpt.0058F6E0
00564BF5 |. 8B09 MOV ECX,DWORD PTR DS:[ECX] ; 全部真码进ECX
00564BF7 |. BA 584D5600 MOV EDX,RegOpt.00564D58 ; ASCII "RegOptKey2.7"
00564BFC |. 8BC6 MOV EAX,ESI ; 键项~~~
00564BFE |. E8 5989ECFF CALL RegOpt.0042D55C
00564C03 |> 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
00564C06 |. A1 48B65800 MOV EAX,DWORD PTR DS:[58B648]
00564C0B |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00564C0D |. E8 EAF5F0FF CALL RegOpt.004741FC
00564C12 |. 8B45 8C MOV EAX,DWORD PTR SS:[EBP-74]
00564C15 |. 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
00564C18 |. E8 2F59EAFF CALL RegOpt.0040A54C
00564C1D |. 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
00564C20 |. BA 704D5600 MOV EDX,RegOpt.00564D70 ; ASCII "regkey.ini"
00564C25 |. E8 3A08EAFF CALL RegOpt.00405464
00564C2A |. 8B4D 90 MOV ECX,DWORD PTR SS:[EBP-70]
00564C2D |. B2 01 MOV DL,1
00564C2F |. A1 9CAD4200 MOV EAX,DWORD PTR DS:[42AD9C]
00564C34 |. E8 1B62ECFF CALL RegOpt.0042AE54
00564C39 |. 8BF0 MOV ESI,EAX
00564C3B |. A1 58BA5800 MOV EAX,DWORD PTR DS:[58BA58]
00564C40 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00564C42 |. 50 PUSH EAX
00564C43 |. B9 844D5600 MOV ECX,RegOpt.00564D84 ; ASCII "252"
00564C48 |. BA 904D5600 MOV EDX,RegOpt.00564D90 ; ASCII "regkey"
00564C4D |. 8BC6 MOV EAX,ESI ; 注册码还保存到目录下的regkey.ini文件中~
00564C4F |. 8B38 MOV EDI,DWORD PTR DS:[EAX]
00564C51 |. FF57 04 CALL DWORD PTR DS:[EDI+4]
00564C54 |. 8BC6 MOV EAX,ESI
00564C56 |. E8 FDF5E9FF CALL RegOpt.00404258
00564C5B |. 6A 40 PUSH 40
00564C5D |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
00564C62 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
00564C68 |. E8 EF09EAFF CALL RegOpt.0040565C
00564C6D |. 50 PUSH EAX
00564C6E |. A1 34AE5800 MOV EAX,DWORD PTR DS:[58AE34]
00564C73 |. 8B80 74080000 MOV EAX,DWORD PTR DS:[EAX+874]
00564C79 |. E8 DE09EAFF CALL RegOpt.0040565C
00564C7E |. 50 PUSH EAX
00564C7F |. 8BC3 MOV EAX,EBX
00564C81 |. E8 C298EFFF CALL RegOpt.0045E548
00564C86 |. 50 PUSH EAX ; |hOwner
00564C87 |. E8 A836EAFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
00564C8C |. 8BC3 MOV EAX,EBX ; 注册成功!
00564C8E |. E8 45B0F0FF CALL RegOpt.0046FCD8
00564C93 |. 6A 00 PUSH 0 ; /lParam = 0
00564C95 |. 6A 00 PUSH 0 ; |wParam = 0
00564C97 |. 68 78070000 PUSH 778 ; |Message = MSG(778)
00564C9C |. A1 84B65800 MOV EAX,DWORD PTR DS:[58B684] ; |
00564CA1 |. 8B00 MOV EAX,DWORD PTR DS:[EAX] ; |
00564CA3 |. 50 PUSH EAX ; |hWnd
00564CA4 |. E8 2B37EAFF CALL <JMP.&user32.SendMessageA> ; \SendMessageA
00564CA9 |> 33C0 XOR EAX,EAX
00564CAB |. 5A POP EDX
00564CAC |. 59 POP ECX
00564CAD |. 59 POP ECX
00564CAE |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
00564CB1 |. 68 1C4D5600 PUSH RegOpt.00564D1C
00564CB6 |> 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74]
00564CB9 |. BA 02000000 MOV EDX,2
00564CBE |. E8 F904EAFF CALL RegOpt.004051BC
00564CC3 |. 8D45 94 LEA EAX,DWORD PTR SS:[EBP-6C]
00564CC6 |. BA 06000000 MOV EDX,6
00564CCB |. E8 EC04EAFF CALL RegOpt.004051BC
00564CD0 |. 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
00564CD3 |. BA 02000000 MOV EDX,2
00564CD8 |. E8 DF04EAFF CALL RegOpt.004051BC
00564CDD |. 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]
00564CE0 |. E8 B304EAFF CALL RegOpt.00405198
00564CE5 |. 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48]
00564CE8 |. BA 02000000 MOV EDX,2
00564CED |. E8 CA04EAFF CALL RegOpt.004051BC
00564CF2 |. 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
00564CF5 |. BA 07000000 MOV EDX,7
00564CFA |. E8 BD04EAFF CALL RegOpt.004051BC
00564CFF |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
00564D02 |. BA 06000000 MOV EDX,6
00564D07 |. E8 B004EAFF CALL RegOpt.004051BC
00564D0C |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
00564D0F |. E8 8404EAFF CALL RegOpt.00405198
00564D14 \. C3 RETN
【算法总结】
------------------------------------------------------------------------
运气好,遇到个特简单的算法。
感觉有可能软件的作者开个玩笑吧,加减的数值转成10进制是很有趣的~~~
二、第一,二,三组注册码任意,分别设Code1,Code2,Code3.
三、第四组注册码Code4算法为:Code1*Code2-0x929,取结果后四位。
四、第五组注册码Code5算法为:(Code3+0x7B)*Code2-0x10E1,取结果后四位。
五、注册码保存在:
\SOFTWARE\WinASO\RegistryOptimizer和目录下的regkey.ini中,删除可重新研究。
------------------------------------------------------------------------
【版权声明】本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[ 本帖最后由 野猫III 于 2006-7-2 17:49 编辑 ] |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?加入我们
x
|
IP卡
发表于 2006-7-1 03:51:27
提升卡
置顶卡
变色卡
千斤顶
显身卡
楼主
发表于 2006-7-1 09:06:45
发表于 2006-7-1 15:21:57
