- UID
- 66565
注册时间2010-5-2
阅读权限10
最后登录1970-1-1
周游历练
TA的每日心情 | 开心
2016-11-4 23:26 |
|---|
签到天数: 5 天 [LV.2]偶尔看看I
|
1.运行软件试注册一下发现有提示框~~~~
2.peid 查是没有壳的.
2.可以F12暂停法,Alt+k调用堆,调用堆栈。在堆栈中可以看到 调用来自=flv.004BCD1A.双击可以到注册提示。
3.找到段首下断运行软件.断下来了
\**********************************************************************
004BCBFC $ 55 PUSH EBP
004BCBFD . 8BEC MOV EBP,ESP
004BCBFF . 33C9 XOR ECX,ECX
004BCC01 . 51 PUSH ECX
004BCC02 . 51 PUSH ECX
004BCC03 . 51 PUSH ECX
004BCC04 . 51 PUSH ECX
004BCC05 . 51 PUSH ECX
004BCC06 . 53 PUSH EBX
004BCC07 . 56 PUSH ESI
004BCC08 . 57 PUSH EDI
004BCC09 . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004BCC0C . 33C0 XOR EAX,EAX
004BCC0E . 55 PUSH EBP
004BCC0F . 68 4DCD4B00 PUSH flv.004BCD4D
004BCC14 . 64:FF30 PUSH DWORD PTR FS:[EAX]
004BCC17 . 64:8920 MOV DWORD PTR FS:[EAX],ESP
004BCC1A . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BCC1D . E8 B2FEFFFF CALL flv.004BCAD4 ; 关键CALL跟进去分析
004BCC22 . 84C0 TEST AL,AL
004BCC24 . 0F84 DB000000 JE flv.004BCD05 ; 关键跳跳向注册提示
004BCC2A . 33C0 XOR EAX,EAX
004BCC2C . 55 PUSH EBP
004BCC2D . 68 E9CC4B00 PUSH flv.004BCCE9
004BCC32 . 64:FF30 PUSH DWORD PTR FS:[EAX]
004BCC35 . 64:8920 MOV DWORD PTR FS:[EAX],ESP
004BCC38 . B2 01 MOV DL,1
004BCC3A . A1 E8B34300 MOV EAX,DWORD PTR DS:[43B3E8]
004BCC3F . E8 A4E8F7FF CALL flv.0043B4E8
004BCC44 . 8BD8 MOV EBX,EAX
004BCC46 . BA 02000080 MOV EDX,80000002
004BCC4B . 8BC3 MOV EAX,EBX
004BCC4D . E8 36E9F7FF CALL flv.0043B588
004BCC52 . B1 01 MOV CL,1
004BCC54 . BA 64CD4B00 MOV EDX,flv.004BCD64 ; ASCII "Software\\mp4soft\\flvconverter"
004BCC59 . 8BC3 MOV EAX,EBX
004BCC5B . E8 8CE9F7FF CALL flv.0043B5EC
004BCC60 . 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
004BCC63 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BCC66 . 8B80 04030000 MOV EAX,DWORD PTR DS:[EAX+304]
004BCC6C . E8 77A4FAFF CALL flv.004670E8
004BCC71 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004BCC74 . 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
004BCC77 . E8 ECBCF4FF CALL flv.00408968
004BCC7C . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
004BCC7F . BA 8CCD4B00 MOV EDX,flv.004BCD8C ; ASCII "Name"
004BCC84 . 8BC3 MOV EAX,EBX
004BCC86 . E8 FDEAF7FF CALL flv.0043B788
004BCC8B . 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
004BCC8E . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BCC91 . 8B80 08030000 MOV EAX,DWORD PTR DS:[EAX+308]
004BCC97 . E8 4CA4FAFF CALL flv.004670E8
004BCC9C . 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
004BCC9F . 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004BCCA2 . E8 C1BCF4FF CALL flv.00408968
004BCCA7 . 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004BCCAA . BA 9CCD4B00 MOV EDX,flv.004BCD9C ; ASCII "Pass"
004BCCAF . 8BC3 MOV EAX,EBX
004BCCB1 . E8 D2EAF7FF CALL flv.0043B788
004BCCB6 . 8BC3 MOV EAX,EBX
004BCCB8 . E8 0368F4FF CALL flv.004034C0
004BCCBD . 6A 40 PUSH 40
004BCCBF . 68 A4CD4B00 PUSH flv.004BCDA4
004BCCC4 . 68 B0CD4B00 PUSH flv.004BCDB0
004BCCC9 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BCCCC . E8 FF0BFBFF CALL flv.0046D8D0
004BCCD1 . 50 PUSH EAX ; |hOwner
004BCCD2 . E8 79A5F4FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004BCCD7 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BCCDA . E8 8971FCFF CALL flv.00483E68
004BCCDF . 33C0 XOR EAX,EAX
004BCCE1 . 5A POP EDX
004BCCE2 . 59 POP ECX
004BCCE3 . 59 POP ECX
004BCCE4 . 64:8910 MOV DWORD PTR FS:[EAX],EDX
004BCCE7 . EB 36 JMP SHORT flv.004BCD1F
004BCCE9 .^ E9 B26CF4FF JMP flv.004039A0
004BCCEE . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BCCF1 . E8 7271FCFF CALL flv.00483E68
004BCCF6 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BCCF9 . E8 12FDFFFF CALL flv.004BCA10
004BCCFE . E8 0570F4FF CALL flv.00403D08
004BCD03 . EB 1A JMP SHORT flv.004BCD1F
004BCD05 > 6A 40 PUSH 40
004BCD07 . 68 30CE4B00 PUSH flv.004BCE30 ; ASCII "Register"
004BCD0C . 68 3CCE4B00 PUSH flv.004BCE3C
004BCD11 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BCD14 . E8 B70BFBFF CALL flv.0046D8D0
004BCD19 . 50 PUSH EAX ; |hOwner
004BCD1A . E8 31A5F4FF CALL <JMP.&user32.MessageBoxA> ; \输入假码注册提示
\****************************************************************************************************************\
004BCC1D . E8 B2FEFFFF CALL flv.004BCAD4 跟进去可以来到
004BCAD4 /$ 55 PUSH EBP
004BCAD5 |. 8BEC MOV EBP,ESP
004BCAD7 |. B9 04000000 MOV ECX,4
004BCADC |> 6A 00 /PUSH 0
004BCADE |. 6A 00 |PUSH 0
004BCAE0 |. 49 |DEC ECX
004BCAE1 |.^ 75 F9 \JNZ SHORT flv.004BCADC
004BCAE3 |. 51 PUSH ECX
004BCAE4 |. 53 PUSH EBX
004BCAE5 |. 56 PUSH ESI
004BCAE6 |. 8BF0 MOV ESI,EAX
004BCAE8 |. 33C0 XOR EAX,EAX
004BCAEA |. 55 PUSH EBP
004BCAEB |. 68 EBCB4B00 PUSH flv.004BCBEB
004BCAF0 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004BCAF3 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004BCAF6 |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
004BCAF9 |. 8B86 08030000 MOV EAX,DWORD PTR DS:[ESI+308]
004BCAFF |. E8 E4A5FAFF CALL flv.004670E8 ; 取假码
004BCB04 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004BCB07 |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
004BCB0A |. E8 59BEF4FF CALL flv.00408968
004BCB0F |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BCB12 |. 50 PUSH EAX
004BCB13 |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
004BCB16 |. 8B86 04030000 MOV EAX,DWORD PTR DS:[ESI+304]
004BCB1C |. E8 C7A5FAFF CALL flv.004670E8 ; 取用户名
004BCB21 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
004BCB24 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004BCB27 |. E8 3CBEF4FF CALL flv.00408968
004BCB2C |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
004BCB2F |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C]
004BCB32 |. 8BC6 MOV EAX,ESI
004BCB34 |. E8 E7FCFFFF CALL flv.004BC820 ; 算法CALL跟进
004BCB39 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
004BCB3C |. 58 POP EAX
004BCB3D |. E8 F67BF4FF CALL flv.00404738
004BCB42 |. 75 52 JNZ SHORT flv.004BCB96
004BCB44 |. B3 01 MOV BL,1
004BCB46 |. 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
004BCB49 |. 8B86 04030000 MOV EAX,DWORD PTR DS:[ESI+304]
004BCB4F |. E8 94A5FAFF CALL flv.004670E8
004BCB54 |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
004BCB57 |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
004BCB5A |. E8 09BEF4FF CALL flv.00408968
004BCB5F |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
004BCB62 |. 8D86 1C030000 LEA EAX,DWORD PTR DS:[ESI+31C]
004BCB68 |. E8 F777F4FF CALL flv.00404364
004BCB6D |. 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
004BCB70 |. 8B86 08030000 MOV EAX,DWORD PTR DS:[ESI+308]
004BCB76 |. E8 6DA5FAFF CALL flv.004670E8
004BCB7B |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
004BCB7E |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
004BCB81 |. E8 E2BDF4FF CALL flv.00408968
004BCB86 |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20]
004BCB89 |. 8D86 20030000 LEA EAX,DWORD PTR DS:[ESI+320]
004BCB8F |. E8 D077F4FF CALL flv.00404364
004BCB94 |. EB 02 JMP SHORT flv.004BCB98
004BCB96 |> 33DB XOR EBX,EBX
004BCB98 |> 33C0 XOR EAX,EAX
004BCB9A |. 5A POP EDX
004BCB9B |. 59 POP ECX
004BCB9C |. 59 POP ECX
004BCB9D |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004BCBA0 |. 68 F2CB4B00 PUSH flv.004BCBF2
004BCBA5 |> 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004BCBA8 |. E8 6377F4FF CALL flv.00404310
004BCBAD |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
004BCBB0 |. E8 5B77F4FF CALL flv.00404310
004BCBB5 |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
004BCBB8 |. E8 5377F4FF CALL flv.00404310
004BCBBD |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
004BCBC0 |. E8 4B77F4FF CALL flv.00404310
004BCBC5 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
004BCBC8 |. E8 4377F4FF CALL flv.00404310
004BCBCD |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004BCBD0 |. BA 02000000 MOV EDX,2
004BCBD5 |. E8 5A77F4FF CALL flv.00404334
004BCBDA |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
004BCBDD |. E8 2E77F4FF CALL flv.00404310
004BCBE2 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004BCBE5 |. E8 2677F4FF CALL flv.00404310
004BCBEA \. C3 RETN
004BCBEB .^ E9 6470F4FF JMP flv.00403C54
004BCBF0 .^ EB B3 JMP SHORT flv.004BCBA5
004BCBF2 . 8BC3 MOV EAX,EBX
004BCBF4 . 5E POP ESI
004BCBF5 . 5B POP EBX
004BCBF6 . 8BE5 MOV ESP,EBP
004BCBF8 . 5D POP EBP
\************************************************************************************************\
004BCB34 |. E8 E7FCFFFF CALL flv.004BC820 ; 算法CALL跟进 go
004BC820 /$ 55 PUSH EBP
004BC821 |. 8BEC MOV EBP,ESP
004BC823 |. 51 PUSH ECX
004BC824 |. B9 04000000 MOV ECX,4
004BC829 |> 6A 00 /PUSH 0
004BC82B |. 6A 00 |PUSH 0
004BC82D |. 49 |DEC ECX
004BC82E |.^ 75 F9 \JNZ SHORT flv.004BC829
004BC830 |. 51 PUSH ECX
004BC831 |. 874D FC XCHG DWORD PTR SS:[EBP-4],ECX
004BC834 |. 53 PUSH EBX
004BC835 |. 56 PUSH ESI
004BC836 |. 57 PUSH EDI
004BC837 |. 8BF9 MOV EDI,ECX
004BC839 |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
004BC83C |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BC83F |. E8 987FF4FF CALL flv.004047DC
004BC844 |. 33C0 XOR EAX,EAX
004BC846 |. 55 PUSH EBP
004BC847 |. 68 E1C94B00 PUSH flv.004BC9E1
004BC84C |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004BC84F |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004BC852 |. 8BC7 MOV EAX,EDI
004BC854 |. E8 B77AF4FF CALL flv.00404310
004BC859 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004BC85C |. E8 8B7DF4FF CALL flv.004045EC
004BC861 |. 8BF0 MOV ESI,EAX
004BC863 |. 85F6 TEST ESI,ESI
004BC865 |. 7E 26 JLE SHORT flv.004BC88D
004BC867 |. BB 01000000 MOV EBX,1
004BC86C |> 8D4D EC /LEA ECX,DWORD PTR SS:[EBP-14]
004BC86F |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
004BC872 |. 0FB64418 FF |MOVZX EAX,BYTE PTR DS:[EAX+EBX-1] ; 取出用户名第N位
004BC877 |. 33D2 |XOR EDX,EDX ; EDX清0
004BC879 |. E8 66C4F4FF |CALL flv.00408CE4 ; 把用户名转化为16进制数
004BC87E |. 8B55 EC |MOV EDX,DWORD PTR SS:[EBP-14]
004BC881 |. 8D45 F8 |LEA EAX,DWORD PTR SS:[EBP-8]
004BC884 |. E8 6B7DF4FF |CALL flv.004045F4
004BC889 |. 43 |INC EBX
004BC88A |. 4E |DEC ESI
004BC88B |.^ 75 DF \JNZ SHORT flv.004BC86C
004BC88D |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004BC890 |. E8 577DF4FF CALL flv.004045EC
004BC895 |. 8BF0 MOV ESI,EAX
004BC897 |. 85F6 TEST ESI,ESI
004BC899 |. 7E 2C JLE SHORT flv.004BC8C7
004BC89B |. BB 01000000 MOV EBX,1
004BC8A0 |> 8B45 F8 /MOV EAX,DWORD PTR SS:[EBP-8]
004BC8A3 |. E8 447DF4FF |CALL flv.004045EC ; 取上次16进制数的位数
004BC8A8 |. 2BC3 |SUB EAX,EBX ; EBX=1
004BC8AA |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8] ; 把16进制数给EDX
004BC8AD |. 8A1402 |MOV DL,BYTE PTR DS:[EDX+EAX] ; 取16进制数的最后一位
004BC8B0 |. 8D45 E8 |LEA EAX,DWORD PTR SS:[EBP-18] 从004BC8A0到004BC8C5的作用是把16进制数的位数
004BC8B3 |. E8 407CF4FF |CALL flv.004044F8 倒过来如1234变城4321一样
004BC8B8 |. 8B55 E8 |MOV EDX,DWORD PTR SS:[EBP-18]
004BC8BB |. 8D45 F4 |LEA EAX,DWORD PTR SS:[EBP-C]
004BC8BE |. E8 317DF4FF |CALL flv.004045F4
004BC8C3 |. 43 |INC EBX
004BC8C4 |. 4E |DEC ESI
004BC8C5 |.^ 75 D9 \JNZ SHORT flv.004BC8A0
004BC8C7 |> 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
004BC8CA |. 50 PUSH EAX
004BC8CB |. B9 04000000 MOV ECX,4 ; ECX=4
004BC8D0 |. BA 01000000 MOV EDX,1 ; EDX=1
004BC8D5 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 把上次算出的16进制数给EAX
004BC8D8 |. E8 6F7FF4FF CALL flv.0040484C ; 算法CALL取出前4位
004BC8DD |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004BC8E0 |. 50 PUSH EAX
004BC8E1 |. B9 04000000 MOV ECX,4
004BC8E6 |. BA 05000000 MOV EDX,5
004BC8EB |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004BC8EE |. E8 597FF4FF CALL flv.0040484C ; 算法CALL取倒过的16进制数的前4-8位
004BC8F3 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004BC8F6 |. E8 F17CF4FF CALL flv.004045EC
004BC8FB |. 83F8 04 CMP EAX,4
004BC8FE |. 7D 2F JGE SHORT flv.004BC92F
004BC900 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004BC903 |. E8 E47CF4FF CALL flv.004045EC
004BC908 |. 8BD8 MOV EBX,EAX
004BC90A |. 83FB 03 CMP EBX,3
004BC90D |. 7F 20 JG SHORT flv.004BC92F
004BC90F |> 8D4D E4 /LEA ECX,DWORD PTR SS:[EBP-1C]
004BC912 |. 8BC3 |MOV EAX,EBX
004BC914 |. C1E0 02 |SHL EAX,2
004BC917 |. 33D2 |XOR EDX,EDX
004BC919 |. E8 C6C3F4FF |CALL flv.00408CE4
004BC91E |. 8B55 E4 |MOV EDX,DWORD PTR SS:[EBP-1C]
004BC921 |. 8D45 F8 |LEA EAX,DWORD PTR SS:[EBP-8]
004BC924 |. E8 CB7CF4FF |CALL flv.004045F4
004BC929 |. 43 |INC EBX
004BC92A |. 83FB 04 |CMP EBX,4
004BC92D |.^ 75 E0 \JNZ SHORT flv.004BC90F
004BC92F |> 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004BC932 |. E8 B57CF4FF CALL flv.004045EC
004BC937 |. 83F8 04 CMP EAX,4
004BC93A |. 7D 2F JGE SHORT flv.004BC96B
004BC93C |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004BC93F |. E8 A87CF4FF CALL flv.004045EC
004BC944 |. 8BD8 MOV EBX,EAX
004BC946 |. 83FB 03 CMP EBX,3
004BC949 |. 7F 20 JG SHORT flv.004BC96B
004BC94B |> 8D4D E0 /LEA ECX,DWORD PTR SS:[EBP-20]
004BC94E |. 8BC3 |MOV EAX,EBX
004BC950 |. C1E0 02 |SHL EAX,2
004BC953 |. 33D2 |XOR EDX,EDX
004BC955 |. E8 8AC3F4FF |CALL flv.00408CE4
004BC95A |. 8B55 E0 |MOV EDX,DWORD PTR SS:[EBP-20]
004BC95D |. 8D45 F4 |LEA EAX,DWORD PTR SS:[EBP-C]
004BC960 |. E8 8F7CF4FF |CALL flv.004045F4
004BC965 |. 43 |INC EBX
004BC966 |. 83FB 04 |CMP EBX,4
004BC969 |.^ 75 E0 \JNZ SHORT flv.004BC94B
004BC96B |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004BC96E |. BA F8C94B00 MOV EDX,flv.004BC9F8 ; ASCII "flv67u986e"
004BC973 |. E8 307AF4FF CALL flv.004043A8
004BC978 |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004BC97B |. 50 PUSH EAX
004BC97C |. B9 04000000 MOV ECX,4 ; ECX=4
004BC981 |. BA 01000000 MOV EDX,1
004BC986 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; 装入字串flv67u986e的有地址
004BC989 |. E8 BE7EF4FF CALL flv.0040484C ; 算法CALL取字串flv67u986e前4位
004BC98E |. FF75 DC PUSH DWORD PTR SS:[EBP-24]
004BC991 |. 68 0CCA4B00 PUSH flv.004BCA0C
004BC996 |. FF75 F8 PUSH DWORD PTR SS:[EBP-8]
004BC999 |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
004BC99C |. 50 PUSH EAX
004BC99D |. B9 05000000 MOV ECX,5 ; ECX=5
004BC9A2 |. BA 05000000 MOV EDX,5 ; EDX=5
004BC9A7 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004BC9AA |. E8 9D7EF4FF CALL flv.0040484C ; 算法CALL取字串flv67u986e前5-9位
004BC9AF |. FF75 D8 PUSH DWORD PTR SS:[EBP-28] ;SS:[EBP-28]中放的是字串flv67u986e前5-9位
004BC9B2 |. 68 0CCA4B00 PUSH flv.004BCA0C
004BC9B7 |. FF75 F4 PUSH DWORD PTR SS:[EBP-C] ;SS:[EBP-C]放的是16进制数倒过来字串的5-8位
004BC9BA |. 8BC7 MOV EAX,EDI
004BC9BC |. BA 06000000 MOV EDX,6
004BC9C1 |. E8 E67CF4FF CALL flv.004046AC 这个是把字串串起来它是flv67u986e前4位-16进制数
004BC9C6 |. 33C0 XOR EAX,EAX 倒过来的前4位-6进制数倒过来字串的5-8位加
004BC9C8 |. 5A POP EDX 字串flv67u986e前5-9位-16进制数倒过来字串的5-8位
004BC9C9 |. 59 POP ECX 这样这组城了软件的注册码了
004BC9CA |. 59 POP ECX
004BC9CB |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004BC9CE |. 68 E8C94B00 PUSH flv.004BC9E8
004BC9D3 |> 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
004BC9D6 |. BA 0A000000 MOV EDX,0A
004BC9DB |. E8 5479F4FF CALL flv.00404334
004BC9E0 \. C3 RETN
004BC9E1 .^ E9 6E72F4FF JMP flv.00403C54
004BC9E6 .^ EB EB JMP SHORT flv.004BC9D3
004BC9E8 . 5F POP EDI
004BC9E9 . 5E POP ESI
004BC9EA . 5B POP EBX
004BC9EB . 8BE5 MOV ESP,EBP
004BC9ED . 5D POP EBP
004BC9EE . C3 RETN
\*****************************************************************************************\
我来做个总结算法分析
1.把我们输入的用户名转化为16进制数存起.
2.在把16进制数倒过来比如以前123456倒过来就是654321了
3.在分别取出固定字串flv67u986e中的前4位(flv6)和5-9位(7u986)
4.在把它们组成注册码flv6-16进制数倒过来的前4位7u986-16进制数倒过来字串的5-8位这就是注册码了.
5.我两个用户名测试了一下得到注册码.
(1).第一个用户名是wangwei 转化为16进制数是77616E67776569倒过就是 96567776E61677得到注册码就flv6-96567u986-7776
(2).第二个用户名是sdrf5678lk转化为16进制数是73647266353637386C6B倒过就是B6C68373635366274637得到注册码就flv6-B6C67u986-8373 |
|
IP卡
发表于 2011-2-13 22:03:49
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2011-2-13 22:23:44
发表于 2011-3-31 22:36:57
