- UID
- 76030
注册时间2014-6-5
阅读权限30
最后登录1970-1-1
龙战于野
TA的每日心情 | 慵懒
2015-8-14 00:08 |
|---|
签到天数: 25 天 [LV.4]偶尔看看III
|
本帖最后由 crackvip 于 2014-6-20 22:19 编辑
下载程序,试运行,点注册,随便输入crackvip,0123456789,
点注册,弹出注册框,呵呵
无壳
好吧OD载入
00CFD954 > $ 55 PUSH EBP ; 停在这
00CFD955 . 8BEC MOV EBP, ESP
00CFD957 . 83C4 E8 ADD ESP, -0x18
00CFD95A . 53 PUSH EBX
00CFD95B . 56 PUSH ESI
F9运行,注册,弹窗,暂停,返到用户代码,回朔。。。。。。
找到这里,呵呵
00619C04 $ 55 PUSH EBP ; 算法;;本地调用来自 00619F70, 00619F8F, 00619FAE
00619C05 . 8BEC MOV EBP, ESP
00619C07 . B9 0C000000 MOV ECX, 0xC
00619C0C > 6A 00 PUSH 0x0
00619C0E . 6A 00 PUSH 0x0
00619C10 . 49 DEC ECX
00619C11 .^ 75 F9 JNZ SHORT Magic_Ex.00619C0C
00619C13 . 53 PUSH EBX
00619C14 . 56 PUSH ESI
00619C15 . 57 PUSH EDI
00619C16 . 8945 FC MOV DWORD PTR SS:[EBP-0x4], EAX
00619C19 . 8B45 FC MOV EAX, DWORD PTR SS:[EBP-0x4]
00619C1C . E8 07E1DEFF CALL Magic_Ex.00407D28
00619C21 . 33C0 XOR EAX, EAX
00619C23 . 55 PUSH EBP
00619C24 . 68 749E6100 PUSH Magic_Ex.00619E74
00619C29 . 64:FF30 PUSH DWORD PTR FS:[EAX]
00619C2C . 64:8920 MOV DWORD PTR FS:[EAX], ESP
00619C2F . 33C0 XOR EAX, EAX
00619C31 . 55 PUSH EBP
00619C32 . 68 FB9D6100 PUSH Magic_Ex.00619DFB
00619C37 . 64:FF30 PUSH DWORD PTR FS:[EAX]
00619C3A . 64:8920 MOV DWORD PTR FS:[EAX], ESP
00619C3D . C645 FB 00 MOV BYTE PTR SS:[EBP-0x5], 0x0
00619C41 . 8D45 C4 LEA EAX, DWORD PTR SS:[EBP-0x3C]
00619C44 . 8B55 08 MOV EDX, DWORD PTR SS:[EBP+0x8]
00619C47 . 8B52 FC MOV EDX, DWORD PTR DS:[EDX-0x4] ; 用户名
00619C4A . E8 19F1DEFF CALL Magic_Ex.00408D68
00619C4F . 8B45 C4 MOV EAX, DWORD PTR SS:[EBP-0x3C]
00619C52 . 8D55 C8 LEA EDX, DWORD PTR SS:[EBP-0x38]
00619C55 . E8 927BE0FF CALL Magic_Ex.004217EC ; 变大写,并将长度放到EAX
00619C5A . 8B55 C8 MOV EDX, DWORD PTR SS:[EBP-0x38]
00619C5D . 8D45 CC LEA EAX, DWORD PTR SS:[EBP-0x34]
00619C60 . E8 EFF0DEFF CALL Magic_Ex.00408D54
00619C65 . 8B45 CC MOV EAX, DWORD PTR SS:[EBP-0x34]
00619C68 . 8D55 E8 LEA EDX, DWORD PTR SS:[EBP-0x18]
00619C6B . E8 DC7CE0FF CALL Magic_Ex.0042194C
00619C70 . 8D45 E4 LEA EAX, DWORD PTR SS:[EBP-0x1C]
00619C73 . E8 CCDFDEFF CALL Magic_Ex.00407C44
00619C78 . 8D55 BC LEA EDX, DWORD PTR SS:[EBP-0x44]
00619C7B . B8 8C9E6100 MOV EAX, Magic_Ex.00619E8C ; Magic Excel Recovery
00619C80 . E8 677BE0FF CALL Magic_Ex.004217EC ; 变大写,并将长度放到EAX
00619C85 . 8B55 BC MOV EDX, DWORD PTR SS:[EBP-0x44]
00619C88 . 8D45 C0 LEA EAX, DWORD PTR SS:[EBP-0x40]
00619C8B . E8 C4F0DEFF CALL Magic_Ex.00408D54
00619C90 . 8B45 C0 MOV EAX, DWORD PTR SS:[EBP-0x40]
00619C93 . 8D55 E0 LEA EDX, DWORD PTR SS:[EBP-0x20]
00619C96 . E8 B17CE0FF CALL Magic_Ex.0042194C
00619C9B . 8D45 AC LEA EAX, DWORD PTR SS:[EBP-0x54]
00619C9E . 8B55 FC MOV EDX, DWORD PTR SS:[EBP-0x4] ; 版本特征
00619CA1 . E8 C2F0DEFF CALL Magic_Ex.00408D68
00619CA6 . 8B45 AC MOV EAX, DWORD PTR SS:[EBP-0x54]
00619CA9 . 8D55 B0 LEA EDX, DWORD PTR SS:[EBP-0x50]
00619CAC . E8 3B7BE0FF CALL Magic_Ex.004217EC ; 变大写,并将长度放到EAX
00619CB1 . 8B55 B0 MOV EDX, DWORD PTR SS:[EBP-0x50]
00619CB4 . 8D45 B4 LEA EAX, DWORD PTR SS:[EBP-0x4C]
00619CB7 . E8 98F0DEFF CALL Magic_Ex.00408D54
00619CBC . 8B45 B4 MOV EAX, DWORD PTR SS:[EBP-0x4C]
00619CBF . 8D55 B8 LEA EDX, DWORD PTR SS:[EBP-0x48]
00619CC2 . E8 857CE0FF CALL Magic_Ex.0042194C
00619CC7 . 8B55 B8 MOV EDX, DWORD PTR SS:[EBP-0x48]
00619CCA . 8D45 FC LEA EAX, DWORD PTR SS:[EBP-0x4]
00619CCD . E8 9AE3DEFF CALL Magic_Ex.0040806C
00619CD2 . B2 01 MOV DL, 0x1
00619CD4 . A1 50326100 MOV EAX, DWORD PTR DS:[0x613250] ; /a
00619CD9 . E8 9E96FFFF CALL Magic_Ex.0061337C
00619CDE . 8945 D8 MOV DWORD PTR SS:[EBP-0x28], EAX
00619CE1 . 33C0 XOR EAX, EAX
00619CE3 . 55 PUSH EBP
00619CE4 . 68 EA9D6100 PUSH Magic_Ex.00619DEA
00619CE9 . 64:FF30 PUSH DWORD PTR FS:[EAX]
00619CEC . 64:8920 MOV DWORD PTR FS:[EAX], ESP
00619CEF > EB 06 JMP SHORT Magic_Ex.00619CF7
00619CF1 >^ EB FC JMP SHORT Magic_Ex.00619CEF
00619CF3 .^ EB FC JMP SHORT Magic_Ex.00619CF1
00619CF5 FF DB FF
00619CF6 . F8 CLC
00619CF7 > 8D45 A8 LEA EAX, DWORD PTR SS:[EBP-0x58]
00619CFA . 50 PUSH EAX
00619CFB . E8 A03BE1FF CALL Magic_Ex.0042D8A0
00619D00 . 50 PUSH EAX
00619D01 . FF75 E8 PUSH DWORD PTR SS:[EBP-0x18] ; 假码大写
00619D04 . FF75 E0 PUSH DWORD PTR SS:[EBP-0x20] ; "MAGIC EXCEL RECOVERY"
00619D07 . FF75 FC PUSH DWORD PTR SS:[EBP-0x4] ; 版本特征
00619D0A . 68 C49E6100 PUSH Magic_Ex.00619EC4 ; BDDEEE28-4FE9-4E2E-B24A-E92F2881512C
00619D0F . 8D45 A4 LEA EAX, DWORD PTR SS:[EBP-0x5C]
00619D12 . BA 04000000 MOV EDX, 0x4
00619D17 . E8 34F2DEFF CALL Magic_Ex.00408F50 ; 合并后,取50长度
00619D1C . 8B55 A4 MOV EDX, DWORD PTR SS:[EBP-0x5C] ; "CRACKVIPMAGIC EXCEL RECOVERYHOME EDITIONBDDEEE28-4")
00619D1F . 8B45 D8 MOV EAX, DWORD PTR SS:[EBP-0x28]
00619D22 . 59 POP ECX
00619D23 . E8 348CFFFF CALL Magic_Ex.0061295C ; 这个CALL已经算码了
00619D28 . 8B45 A8 MOV EAX, DWORD PTR SS:[EBP-0x58] ; (UNICODE "934724CCB3A30236DA71ACA0959EB90E")
00619D2B . 8D55 DC LEA EDX, DWORD PTR SS:[EBP-0x24]
00619D2E . E8 1976E0FF CALL Magic_Ex.0042134C
00619D33 . 33C0 XOR EAX, EAX
00619D35 . 8945 F4 MOV DWORD PTR SS:[EBP-0xC], EAX
00619D38 > 837D F4 00 CMP DWORD PTR SS:[EBP-0xC], 0x0
00619D3C . 74 0D JE SHORT Magic_Ex.00619D4B
00619D3E . 8D45 E4 LEA EAX, DWORD PTR SS:[EBP-0x1C]
00619D41 . BA 1C9F6100 MOV EDX, Magic_Ex.00619F1C ; -
00619D46 . E8 25F1DEFF CALL Magic_Ex.00408E70
00619D4B > 33C0 XOR EAX, EAX
00619D4D . 8945 F0 MOV DWORD PTR SS:[EBP-0x10], EAX
00619D50 > 8B45 F4 MOV EAX, DWORD PTR SS:[EBP-0xC]
00619D53 . C1E0 02 SHL EAX, 0x2
00619D56 . 0345 F0 ADD EAX, DWORD PTR SS:[EBP-0x10]
00619D59 . 8B55 DC MOV EDX, DWORD PTR SS:[EBP-0x24]
00619D5C . 0FB70442 MOVZX EAX, WORD PTR DS:[EDX+EAX*2]
00619D60 . 8D55 EC LEA EDX, DWORD PTR SS:[EBP-0x14]
00619D63 . E8 6482E0FF CALL Magic_Ex.00421FCC
00619D68 . 8B45 EC MOV EAX, DWORD PTR SS:[EBP-0x14]
00619D6B . 8945 D4 MOV DWORD PTR SS:[EBP-0x2C], EAX
00619D6E . 837D D4 00 CMP DWORD PTR SS:[EBP-0x2C], 0x0
00619D72 . 74 0B JE SHORT Magic_Ex.00619D7F
00619D74 . 8B45 D4 MOV EAX, DWORD PTR SS:[EBP-0x2C]
00619D77 . 83E8 04 SUB EAX, 0x4
00619D7A . 8B00 MOV EAX, DWORD PTR DS:[EAX]
00619D7C . 8945 D4 MOV DWORD PTR SS:[EBP-0x2C], EAX
00619D7F > 8D45 A0 LEA EAX, DWORD PTR SS:[EBP-0x60]
00619D82 . 8B55 EC MOV EDX, DWORD PTR SS:[EBP-0x14]
00619D85 . 8B4D D4 MOV ECX, DWORD PTR SS:[EBP-0x2C]
00619D88 . 66:8B544A FE MOV DX, WORD PTR DS:[EDX+ECX*2-0x2]
00619D8D . E8 F2EEDEFF CALL Magic_Ex.00408C84
00619D92 . 8B55 A0 MOV EDX, DWORD PTR SS:[EBP-0x60]
00619D95 . 8D45 E4 LEA EAX, DWORD PTR SS:[EBP-0x1C]
00619D98 . E8 D3F0DEFF CALL Magic_Ex.00408E70
00619D9D . FF45 F0 INC DWORD PTR SS:[EBP-0x10]
00619DA0 . 837D F0 04 CMP DWORD PTR SS:[EBP-0x10], 0x4
00619DA4 .^ 75 AA JNZ SHORT Magic_Ex.00619D50
00619DA6 . FF45 F4 INC DWORD PTR SS:[EBP-0xC]
00619DA9 . 837D F4 04 CMP DWORD PTR SS:[EBP-0xC], 0x4
00619DAD .^ 75 89 JNZ SHORT Magic_Ex.00619D38
00619DAF . 8B45 E4 MOV EAX, DWORD PTR SS:[EBP-0x1C]
00619DB2 . 8B55 08 MOV EDX, DWORD PTR SS:[EBP+0x8]
00619DB5 . 8B52 F8 MOV EDX, DWORD PTR DS:[EDX-0x8]
00619DB8 . E8 A3F2DEFF CALL Magic_Ex.00409060
分别找到这三个调用,到这里
00619F52 . 55 PUSH EBP ; 版本号判断,呵呵
00619F53 . 68 D99F6100 PUSH Magic_Ex.00619FD9
00619F58 . 64:FF30 PUSH DWORD PTR FS:[EAX]
00619F5B . 64:8920 MOV DWORD PTR FS:[EAX], ESP
00619F5E . C645 F3 00 MOV BYTE PTR SS:[EBP-0xD], 0x0
00619F62 . 8B45 F4 MOV EAX, DWORD PTR SS:[EBP-0xC]
00619F65 . E8 DADCDEFF CALL Magic_Ex.00407C44
00619F6A . 55 PUSH EBP
00619F6B . B8 1CA06100 MOV EAX, Magic_Ex.0061A01C ; Home Edition
00619F70 . E8 8FFCFFFF CALL Magic_Ex.00619C04
00619F75 . 59 POP ECX
00619F76 . 84C0 TEST AL, AL
00619F78 . 74 0F JE SHORT Magic_Ex.00619F89
00619F7A . 8B45 F4 MOV EAX, DWORD PTR SS:[EBP-0xC]
00619F7D . BA 1CA06100 MOV EDX, Magic_Ex.0061A01C ; Home Edition
00619F82 . E8 9DE0DEFF CALL Magic_Ex.00408024
00619F87 . EB 3C JMP SHORT Magic_Ex.00619FC5
00619F89 > 55 PUSH EBP
00619F8A . B8 44A06100 MOV EAX, Magic_Ex.0061A044 ; Office Edition
00619F8F . E8 70FCFFFF CALL Magic_Ex.00619C04
00619F94 . 59 POP ECX
00619F95 . 84C0 TEST AL, AL
00619F97 . 74 0F JE SHORT Magic_Ex.00619FA8
00619F99 . 8B45 F4 MOV EAX, DWORD PTR SS:[EBP-0xC]
00619F9C . BA 44A06100 MOV EDX, Magic_Ex.0061A044 ; Office Edition
00619FA1 . E8 7EE0DEFF CALL Magic_Ex.00408024
00619FA6 . EB 1D JMP SHORT Magic_Ex.00619FC5
00619FA8 > 55 PUSH EBP
00619FA9 . B8 70A06100 MOV EAX, Magic_Ex.0061A070 ; Commercial Edition
00619FAE . E8 51FCFFFF CALL Magic_Ex.00619C04
00619FB3 . 59 POP ECX
00619FB4 . 84C0 TEST AL, AL
00619FB6 . 74 0D JE SHORT Magic_Ex.00619FC5
00619FB8 . 8B45 F4 MOV EAX, DWORD PTR SS:[EBP-0xC]
00619FBB . BA 70A06100 MOV EDX, Magic_Ex.0061A070 ; Commercial Edition
00619FC0 . E8 5FE0DEFF CALL Magic_Ex.00408024
00619FC5 > 8B45 F4 MOV EAX, DWORD PTR SS:[EBP-0xC]
00619FC8 . 8338 00 CMP DWORD PTR DS:[EAX], 0x0
00619FCB . 0F9545 F3 SETNE BYTE PTR SS:[EBP-0xD]
我们回到上面那个算法函数
00619C05 . 8BEC MOV EBP, ESP
00619C07 . B9 0C000000 MOV ECX, 0xC
00619C0C > 6A 00 PUSH 0x0
00619C0E . 6A 00 PUSH 0x0
00619C10 . 49 DEC ECX
00619C11 .^ 75 F9 JNZ SHORT Magic_Ex.00619C0C
00619C13 . 53 PUSH EBX
00619C14 . 56 PUSH ESI
00619C15 . 57 PUSH EDI
00619C16 . 8945 FC MOV DWORD PTR SS:[EBP-0x4], EAX
00619C19 . 8B45 FC MOV EAX, DWORD PTR SS:[EBP-0x4]
00619C1C . E8 07E1DEFF CALL Magic_Ex.00407D28
00619C21 . 33C0 XOR EAX, EAX
00619C23 . 55 PUSH EBP
00619C24 . 68 749E6100 PUSH Magic_Ex.00619E74
00619C29 . 64:FF30 PUSH DWORD PTR FS:[EAX]
00619C2C . 64:8920 MOV DWORD PTR FS:[EAX], ESP
00619C2F . 33C0 XOR EAX, EAX
00619C31 . 55 PUSH EBP
00619C32 . 68 FB9D6100 PUSH Magic_Ex.00619DFB
00619C37 . 64:FF30 PUSH DWORD PTR FS:[EAX]
00619C3A . 64:8920 MOV DWORD PTR FS:[EAX], ESP
00619C3D . C645 FB 00 MOV BYTE PTR SS:[EBP-0x5], 0x0
00619C41 . 8D45 C4 LEA EAX, DWORD PTR SS:[EBP-0x3C]
00619C44 . 8B55 08 MOV EDX, DWORD PTR SS:[EBP+0x8]
00619C47 . 8B52 FC MOV EDX, DWORD PTR DS:[EDX-0x4] ; 用户名
00619C4A . E8 19F1DEFF CALL Magic_Ex.00408D68
00619C4F . 8B45 C4 MOV EAX, DWORD PTR SS:[EBP-0x3C]
00619C52 . 8D55 C8 LEA EDX, DWORD PTR SS:[EBP-0x38]
00619C55 . E8 927BE0FF CALL Magic_Ex.004217EC ; 变大写,并将长度放到EAX
00619C5A . 8B55 C8 MOV EDX, DWORD PTR SS:[EBP-0x38]
00619C5D . 8D45 CC LEA EAX, DWORD PTR SS:[EBP-0x34]
00619C60 . E8 EFF0DEFF CALL Magic_Ex.00408D54
00619C65 . 8B45 CC MOV EAX, DWORD PTR SS:[EBP-0x34]
00619C68 . 8D55 E8 LEA EDX, DWORD PTR SS:[EBP-0x18]
00619C6B . E8 DC7CE0FF CALL Magic_Ex.0042194C
00619C70 . 8D45 E4 LEA EAX, DWORD PTR SS:[EBP-0x1C]
00619C73 . E8 CCDFDEFF CALL Magic_Ex.00407C44
00619C78 . 8D55 BC LEA EDX, DWORD PTR SS:[EBP-0x44]
00619C7B . B8 8C9E6100 MOV EAX, Magic_Ex.00619E8C ; Magic Excel Recovery
00619C80 . E8 677BE0FF CALL Magic_Ex.004217EC ; 变大写,并将长度放到EAX
00619C85 . 8B55 BC MOV EDX, DWORD PTR SS:[EBP-0x44]
00619C88 . 8D45 C0 LEA EAX, DWORD PTR SS:[EBP-0x40]
00619C8B . E8 C4F0DEFF CALL Magic_Ex.00408D54
00619C90 . 8B45 C0 MOV EAX, DWORD PTR SS:[EBP-0x40]
00619C93 . 8D55 E0 LEA EDX, DWORD PTR SS:[EBP-0x20]
00619C96 . E8 B17CE0FF CALL Magic_Ex.0042194C
00619C9B . 8D45 AC LEA EAX, DWORD PTR SS:[EBP-0x54]
00619C9E . 8B55 FC MOV EDX, DWORD PTR SS:[EBP-0x4] ; 版本特征
00619CA1 . E8 C2F0DEFF CALL Magic_Ex.00408D68
00619CA6 . 8B45 AC MOV EAX, DWORD PTR SS:[EBP-0x54]
00619CA9 . 8D55 B0 LEA EDX, DWORD PTR SS:[EBP-0x50]
00619CAC . E8 3B7BE0FF CALL Magic_Ex.004217EC ; 变大写,并将长度放到EAX
00619CB1 . 8B55 B0 MOV EDX, DWORD PTR SS:[EBP-0x50]
00619CB4 . 8D45 B4 LEA EAX, DWORD PTR SS:[EBP-0x4C]
00619CB7 . E8 98F0DEFF CALL Magic_Ex.00408D54
00619CBC . 8B45 B4 MOV EAX, DWORD PTR SS:[EBP-0x4C]
00619CBF . 8D55 B8 LEA EDX, DWORD PTR SS:[EBP-0x48]
00619CC2 . E8 857CE0FF CALL Magic_Ex.0042194C
00619CC7 . 8B55 B8 MOV EDX, DWORD PTR SS:[EBP-0x48]
00619CCA . 8D45 FC LEA EAX, DWORD PTR SS:[EBP-0x4]
00619CCD . E8 9AE3DEFF CALL Magic_Ex.0040806C
00619CD2 . B2 01 MOV DL, 0x1
00619CD4 . A1 50326100 MOV EAX, DWORD PTR DS:[0x613250] ; /a
00619CD9 . E8 9E96FFFF CALL Magic_Ex.0061337C
00619CDE . 8945 D8 MOV DWORD PTR SS:[EBP-0x28], EAX
00619CE1 . 33C0 XOR EAX, EAX
00619CE3 . 55 PUSH EBP
00619CE4 . 68 EA9D6100 PUSH Magic_Ex.00619DEA
00619CE9 . 64:FF30 PUSH DWORD PTR FS:[EAX]
00619CEC . 64:8920 MOV DWORD PTR FS:[EAX], ESP
00619CEF > EB 06 JMP SHORT Magic_Ex.00619CF7
00619CF1 >^ EB FC JMP SHORT Magic_Ex.00619CEF
00619CF3 .^ EB FC JMP SHORT Magic_Ex.00619CF1
00619CF5 FF DB FF
00619CF6 . F8 CLC
00619CF7 > 8D45 A8 LEA EAX, DWORD PTR SS:[EBP-0x58]
00619CFA . 50 PUSH EAX
00619CFB . E8 A03BE1FF CALL Magic_Ex.0042D8A0
00619D00 . 50 PUSH EAX
00619D01 . FF75 E8 PUSH DWORD PTR SS:[EBP-0x18] ; 假码大写
00619D04 . FF75 E0 PUSH DWORD PTR SS:[EBP-0x20] ; "MAGIC EXCEL RECOVERY"
00619D07 . FF75 FC PUSH DWORD PTR SS:[EBP-0x4] ; 版本特征
00619D0A . 68 C49E6100 PUSH Magic_Ex.00619EC4 ; BDDEEE28-4FE9-4E2E-B24A-E92F2881512C
00619D0F . 8D45 A4 LEA EAX, DWORD PTR SS:[EBP-0x5C]
00619D12 . BA 04000000 MOV EDX, 0x4
00619D17 . E8 34F2DEFF CALL Magic_Ex.00408F50 ; 合并后,取50长度???
00619D1C . 8B55 A4 MOV EDX, DWORD PTR SS:[EBP-0x5C] ; "CRACKVIPMAGIC EXCEL RECOVERYHOME EDITIONBDDEEE28-4")
00619D1F . 8B45 D8 MOV EAX, DWORD PTR SS:[EBP-0x28]
00619D22 . 59 POP ECX
00619D23 . E8 348CFFFF CALL Magic_Ex.0061295C ; 这个CALL已经算码了
00619D28 . 8B45 A8 MOV EAX, DWORD PTR SS:[EBP-0x58] ; 目测这个是MD5(UNICODE "934724CCB3A30236DA71ACA0959EB90E")
00619D2B . 8D55 DC LEA EDX, DWORD PTR SS:[EBP-0x24] ; 经过测试,果然是MD5
00619D2E . E8 1976E0FF CALL Magic_Ex.0042134C
00619D33 . 33C0 XOR EAX, EAX
00619D35 . 8945 F4 MOV DWORD PTR SS:[EBP-0xC], EAX
00619D38 > 837D F4 00 CMP DWORD PTR SS:[EBP-0xC], 0x0
00619D3C . 74 0D JE SHORT Magic_Ex.00619D4B
00619D3E . 8D45 E4 LEA EAX, DWORD PTR SS:[EBP-0x1C]
00619D41 . BA 1C9F6100 MOV EDX, Magic_Ex.00619F1C ; -
00619D46 . E8 25F1DEFF CALL Magic_Ex.00408E70 ; 加入分割符
00619D4B > 33C0 XOR EAX, EAX
00619D4D . 8945 F0 MOV DWORD PTR SS:[EBP-0x10], EAX
00619D50 > 8B45 F4 MOV EAX, DWORD PTR SS:[EBP-0xC]
00619D53 . C1E0 02 SHL EAX, 0x2
00619D56 . 0345 F0 ADD EAX, DWORD PTR SS:[EBP-0x10]
00619D59 . 8B55 DC MOV EDX, DWORD PTR SS:[EBP-0x24]
00619D5C . 0FB70442 MOVZX EAX, WORD PTR DS:[EDX+EAX*2] ; 逐字取ASCII到EAX
00619D60 . 8D55 EC LEA EDX, DWORD PTR SS:[EBP-0x14]
00619D63 . E8 6482E0FF CALL Magic_Ex.00421FCC ; 转十进制
00619D68 . 8B45 EC MOV EAX, DWORD PTR SS:[EBP-0x14]
00619D6B . 8945 D4 MOV DWORD PTR SS:[EBP-0x2C], EAX
00619D6E . 837D D4 00 CMP DWORD PTR SS:[EBP-0x2C], 0x0
00619D72 . 74 0B JE SHORT Magic_Ex.00619D7F
00619D74 . 8B45 D4 MOV EAX, DWORD PTR SS:[EBP-0x2C]
00619D77 . 83E8 04 SUB EAX, 0x4
00619D7A . 8B00 MOV EAX, DWORD PTR DS:[EAX]
00619D7C . 8945 D4 MOV DWORD PTR SS:[EBP-0x2C], EAX
00619D7F > 8D45 A0 LEA EAX, DWORD PTR SS:[EBP-0x60]
00619D82 . 8B55 EC MOV EDX, DWORD PTR SS:[EBP-0x14]
00619D85 . 8B4D D4 MOV ECX, DWORD PTR SS:[EBP-0x2C]
00619D88 . 66:8B544A FE MOV DX, WORD PTR DS:[EDX+ECX*2-0x2]
00619D8D . E8 F2EEDEFF CALL Magic_Ex.00408C84 ; 取个位数,比如51,则取1
00619D92 . 8B55 A0 MOV EDX, DWORD PTR SS:[EBP-0x60]
00619D95 . 8D45 E4 LEA EAX, DWORD PTR SS:[EBP-0x1C]
00619D98 . E8 D3F0DEFF CALL Magic_Ex.00408E70
00619D9D . FF45 F0 INC DWORD PTR SS:[EBP-0x10]
00619DA0 . 837D F0 04 CMP DWORD PTR SS:[EBP-0x10], 0x4
00619DA4 .^ 75 AA JNZ SHORT Magic_Ex.00619D50
00619DA6 . FF45 F4 INC DWORD PTR SS:[EBP-0xC]
00619DA9 . 837D F4 04 CMP DWORD PTR SS:[EBP-0xC], 0x4 ; 取四组
00619DAD .^ 75 89 JNZ SHORT Magic_Ex.00619D38
00619DAF . 8B45 E4 MOV EAX, DWORD PTR SS:[EBP-0x1C]
00619DB2 . 8B55 08 MOV EDX, DWORD PTR SS:[EBP+0x8]
00619DB5 . 8B52 F8 MOV EDX, DWORD PTR DS:[EDX-0x8]
00619DB8 . E8 A3F2DEFF CALL Magic_Ex.00409060 ; 注册码出现在EAX
00619DBD . 0F9445 FB SETE BYTE PTR SS:[EBP-0x5]
00619DC1 > EB 06 JMP SHORT Magic_Ex.00619DC9
00619DC3 >^ EB FC JMP SHORT Magic_Ex.00619DC1
00619DC5 .^ EB FC JMP SHORT Magic_Ex.00619DC3
========================================
注册流程大致为
用户名,版本号,两个条件来算码
版本号有三个,分别是
Home Edition
Office Edition
Commercial Edition
软件特征码:BDDEEE28-4FE9-4E2E-B24A-E92F2881512C
1.转大写(MD5(转大写(用户名 & MAGIC EXCEL RECOVERY & 版本号 & 软件特征码)))
2.取MD5值的ASCII转十进制,然后取十进制的个位
3.取四个加入一个“-”,共取四组
三个版本的注册码都不一样
比如我的crackvip
则有三组注册码都可以用
分别是
Home Edition:7125-0277-6151-8014
Office Edition:9955-9650-9549-9857
Commercial Edition:1060-6466-7629-8054
注册信息保存在注册表
HKEY_CURRENT_USER\Software\East Imperial Soft\Magic Excel Recovery 1.0\Settings
删除了之后可以重新注册
注册机下载
Magic Excel Recovery算法注册机.rar
(163.61 KB, 下载次数: 63)
附上注册机源码
- unit Unit1;
- interface
- uses
- Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
- Dialogs, StdCtrls, MD5;
- type
- TForm1 = class(TForm)
- Edit1: TEdit;
- ComboBox1: TComboBox;
- Edit2: TEdit;
- Button1: TButton;
- Label1: TLabel;
- Label2: TLabel;
- lbl1: TLabel;
- Label3: TLabel;
- procedure FormCreate(Sender: TObject);
- procedure Button1Click(Sender: TObject);
- private
- { Private declarations }
- public
- { Public declarations }
- end;
- var
- Form1: TForm1;
- implementation
- {$R *.dfm}
- procedure TForm1.FormCreate(Sender: TObject);
- begin
- ComboBox1.ItemIndex := 0;
- end;
- procedure TForm1.Button1Click(Sender: TObject);
- var str1, str2, str3, str4, str5: string;
- i: integer;
- begin
- str1 := 'MAGIC EXCEL RECOVERY';
- str2 := 'BDDEEE28-4FE9-4E2E-B24A-E92F2881512C';
- str3 := UpperCase(MD5Print(MD5String(UpperCase(Edit1.Text + str1 + combobox1.Text + str2))));
- str4 := '';
- str5 := '';
- for i := 1 to 16 do
- begin
- str4 := IntToStr(ord(str3[i]));
- str5 := str5 + str4[Length(str4)];
- end;
- Insert('-', str5, 5);
- Insert('-', str5, 10);
- Insert('-', str5, 15);
- Edit2.Text := str5;
- end;
- end.
|
评分
-
查看全部评分
|
IP卡
发表于 2014-6-20 22:17:04
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2014-6-20 22:28:09
发表于 2014-6-20 22:32:05
楼主
发表于 2014-6-21 08:23:56
