- UID
- 91679
注册时间2015-6-9
阅读权限30
最后登录1970-1-1
龙战于野
TA的每日心情 | 奋斗
2023-11-21 08:38 |
|---|
签到天数: 276 天 [LV.8]以坛为家I
|
本帖最后由 九层楼 于 2017-7-8 14:37 编辑
优点
下载网站资料
下载链接 (注册机制与版本有关, 下面的分析和KeyGen只对应1.72)
http://www.tenmax.com/teleport/pro/home.htm
分析
无壳, 查找字符串下断, 单步观察
[Asm] 纯文本查看 复制代码 0042F87C . C641 5C 01 MOV BYTE PTR DS:[ECX+5C], 1
0042F880 .^ E9 6EFFFFFF JMP pro.0042F7F3
0042F885 . 51 PUSH ECX
0042F886 . 53 PUSH EBX
0042F887 . 55 PUSH EBP
0042F888 . 56 PUSH ESI ; ntdll.77AEFB60
0042F889 . 57 PUSH EDI
0042F88A . 8BF9 MOV EDI, ECX
0042F88C . 6A 01 PUSH 1
0042F88E . E8 80CE0100 CALL pro.0044C713
0042F893 . 8B87 D9000000 MOV EAX, DWORD PTR DS:[EDI+D9] ; EAX = code
0042F899 . 33DB XOR EBX, EBX ; EBX 清零
0042F89B . 6A 0A PUSH 0A ; 10 (0xA)
0042F89D . 53 PUSH EBX
0042F89E . 50 PUSH EAX
0042F89F . E8 51670000 CALL pro.00435FF5
0042F8A4 . 8BF0 MOV ESI, EAX ; ESI = EAX 返回值
0042F8A6 . A1 74724900 MOV EAX, DWORD PTR DS:[497274] ; EAX = [497274] = 497B78
0042F8AB . 83C4 0C ADD ESP, 0C
0042F8AE . 897424 10 MOV DWORD PTR SS:[ESP+10], ESI ; ntdll.77AEFB60
0042F8B2 . 3898 CD040000 CMP BYTE PTR DS:[EAX+4CD], BL ; 查表 [497B78+0x4CD] 并比较
0042F8B8 . 0F84 33010000 JE pro.0042F9F1
0042F8BE . 3BF3 CMP ESI, EBX
0042F8C0 . BD B0C54800 MOV EBP, pro.0048C5B0 ; User
0042F8C5 . 74 59 JE SHORT pro.0042F920
0042F8C7 . FFB7 D5000000 PUSH DWORD PTR DS:[EDI+D5] ; name
0042F8CD . E8 AE090000 CALL pro.00430280
0042F8D2 . 3BF0 CMP ESI, EAX ; func(code) = func(name) 则注册成功
0042F8D4 . 59 POP ECX ; 0019FC3C
0042F8D5 . 75 0F JNZ SHORT pro.0042F8E6
0042F8D7 . 53 PUSH EBX
0042F8D8 . 53 PUSH EBX
0042F8D9 . FF35 5CD34800 PUSH DWORD PTR DS:[48D35C] ; Thank you! Your copy of Teleport Pro is now registered. All limits have been removed.
0042F8DF . E8 B5550200 CALL pro.00454E99
0042F8E4 . EB 75 JMP SHORT pro.0042F95B
0042F8E6 > 8BBF D5000000 MOV EDI, DWORD PTR DS:[EDI+D5]
0042F8EC . 395F F8 CMP DWORD PTR DS:[EDI-8], EBX
0042F8EF . 75 0A JNZ SHORT pro.0042F8FB
0042F8F1 . 53 PUSH EBX
0042F8F2 . 53 PUSH EBX
0042F8F3 . FF35 D4D34800 PUSH DWORD PTR DS:[48D3D4] ; You must enter your username in the Name field, exactly as you spelled it when you registered, in order for the registration code to work.
0042F8F9 . EB 1B JMP SHORT pro.0042F916
0042F8FB > 57 PUSH EDI
0042F8FC . E8 7F090000 CALL pro.00430280
0042F901 . 59 POP ECX ; 0019FC3C
0042F902 . 85C0 TEST EAX, EAX
0042F904 . 53 PUSH EBX
0042F905 . 53 PUSH EBX
0042F906 . 75 08 JNZ SHORT pro.0042F910
0042F908 . FF35 D8D34800 PUSH DWORD PTR DS:[48D3D8] ; You haven't entered a valid username. Your username must be at least six letters long.
0042F90E . EB 06 JMP SHORT pro.0042F916
0042F910 > FF35 DCD34800 PUSH DWORD PTR DS:[48D3DC] ; We're sorry! The registration number you entered appears to be invalid. Please check both your name and the registration code and try entering them again. (Your name must be spelled exactly as you spelled it when you entered it on the Order Form -- and
[Asm] 纯文本查看 复制代码 00435DF0 /$ 55 PUSH EBP
00435DF1 |. 8BEC MOV EBP, ESP
00435DF3 |. 83EC 0C SUB ESP, 0C
00435DF6 |. 53 PUSH EBX
00435DF7 |. 8365 F8 00 AND DWORD PTR SS:[EBP-8], 0 ; var_0x8 = 0
00435DFB |. 56 PUSH ESI ; pro.00497BA8
00435DFC |. 57 PUSH EDI ; pro.00497BA8
00435DFD |. 8B7D 08 MOV EDI, DWORD PTR SS:[EBP+8] ; EDI 指向 code
00435E00 |. 8A1F MOV BL, BYTE PTR DS:[EDI] ; BL = 首字符
00435E02 |. 8D77 01 LEA ESI, DWORD PTR DS:[EDI+1] ; ESI 指向下一个字符
00435E05 |. 8975 FC MOV DWORD PTR SS:[EBP-4], ESI ; var_0x4 = ESI 指向下一个字符
00435E08 |> 833D 3C454900>/CMP DWORD PTR DS:[49453C], 1 ; 全局变量, 会不会是版本: Pro, Ultra, VLC 等等
00435E0F |. 7E 0F |JLE SHORT pro.00435E20
00435E11 |. 0FB6C3 |MOVZX EAX, BL
00435E14 |. 6A 08 |PUSH 8
00435E16 |. 50 |PUSH EAX
00435E17 |. E8 C74D0000 |CALL pro.0043ABE3
00435E1C |. 59 |POP ECX ; USER32.75B124D3
00435E1D |. 59 |POP ECX ; USER32.75B124D3
00435E1E |. EB 0F |JMP SHORT pro.00435E2F
00435E20 |> 8B0D 30434900 |MOV ECX, DWORD PTR DS:[494330] ; 表 [494330] = 49433A
00435E26 |. 0FB6C3 |MOVZX EAX, BL
00435E29 |. 8A0441 |MOV AL, BYTE PTR DS:[ECX+EAX*2] ; 查表 [494330] = 49433A
00435E2C |. 83E0 08 |AND EAX, 8 ; 所得值 AND 8 (二进制 1000)
00435E2F |> 85C0 |TEST EAX, EAX ; EAX > 0, iff 查表所得值 [0x?8,0x?F], 貌似只有 [表首+0x20*2] = 0x48 符合要求
00435E31 |. 74 05 |JE SHORT pro.00435E38 ; 其余情况 EAX = 0, 并跳转
00435E33 |. 8A1E |MOV BL, BYTE PTR DS:[ESI]
00435E35 |. 46 |INC ESI ; pro.00497BA8
00435E36 |.^ EB D0 \JMP SHORT pro.00435E08
00435E38 |> 80FB 2D CMP BL, 2D ; 原字符 与 减号 (0x2D) 比较
00435E3B |. 8975 FC MOV DWORD PTR SS:[EBP-4], ESI ; pro.00497BA8
00435E3E |. 75 06 JNZ SHORT pro.00435E46
00435E40 |. 834D 14 02 OR DWORD PTR SS:[EBP+14], 2 ; 如果遇到减号, Arg.4 = Arg.4 OR 2
00435E44 |. EB 05 JMP SHORT pro.00435E4B
00435E46 |> 80FB 2B CMP BL, 2B ; 原字符 与 加号 (0x2B) 比较
00435E49 |. 75 06 JNZ SHORT pro.00435E51
00435E4B |> 8A1E MOV BL, BYTE PTR DS:[ESI] ; 如果遇到 减号 或 加号, 接着处理下一个字符
00435E4D |. 46 INC ESI ; pro.00497BA8
00435E4E |. 8975 FC MOV DWORD PTR SS:[EBP-4], ESI ; pro.00497BA8
00435E51 |> 8B45 10 MOV EAX, DWORD PTR SS:[EBP+10] ; EAX = Arg.3 = 0xA, 这个值实际也是写死的, 全局变量, 会不会是版本: Pro, Ultra, VLC 等等
00435E54 |. 85C0 TEST EAX, EAX ; Switch (cases 0..24)
00435E56 |. 0F8C 89010000 JL pro.00435FE5
00435E5C |. 83F8 01 CMP EAX, 1
00435E5F |. 0F84 80010000 JE pro.00435FE5
00435E65 |. 83F8 24 CMP EAX, 24
00435E68 |. 0F8F 77010000 JG pro.00435FE5
00435E6E |. 6A 10 PUSH 10
00435E70 |. 85C0 TEST EAX, EAX
00435E72 |. 59 POP ECX ; ECX = 0x10
00435E73 |. 75 24 JNZ SHORT pro.00435E99
00435E75 |. 80FB 30 CMP BL, 30 ; Case 0 of switch 00435E54
00435E78 |. 74 09 JE SHORT pro.00435E83
00435E7A |. C745 10 0A000>MOV DWORD PTR SS:[EBP+10], 0A
00435E81 |. EB 32 JMP SHORT pro.00435EB5
00435E83 |> 8A06 MOV AL, BYTE PTR DS:[ESI]
00435E85 |. 3C 78 CMP AL, 78
00435E87 |. 74 0D JE SHORT pro.00435E96
00435E89 |. 3C 58 CMP AL, 58
00435E8B |. 74 09 JE SHORT pro.00435E96
00435E8D |. C745 10 08000>MOV DWORD PTR SS:[EBP+10], 8
00435E94 |. EB 1F JMP SHORT pro.00435EB5
00435E96 |> 894D 10 MOV DWORD PTR SS:[EBP+10], ECX
00435E99 |> 394D 10 CMP DWORD PTR SS:[EBP+10], ECX ; Cases 2,3,4,5,6,7,8,9,A,B,C,D,E,F,10,11,12,13,14,15,16,17,18,19,1A,1B,1C,1D,1E,1F,20,21,22,23,24 of switch 00435E54
00435E9C |. 75 17 JNZ SHORT pro.00435EB5
00435E9E |. 80FB 30 CMP BL, 30
00435EA1 |. 75 12 JNZ SHORT pro.00435EB5
00435EA3 |. 8A06 MOV AL, BYTE PTR DS:[ESI]
00435EA5 |. 3C 78 CMP AL, 78
00435EA7 |. 74 04 JE SHORT pro.00435EAD
00435EA9 |. 3C 58 CMP AL, 58
00435EAB |. 75 08 JNZ SHORT pro.00435EB5
00435EAD |> 8A5E 01 MOV BL, BYTE PTR DS:[ESI+1]
00435EB0 |. 46 INC ESI ; pro.00497BA8
00435EB1 |. 46 INC ESI ; pro.00497BA8
00435EB2 |. 8975 FC MOV DWORD PTR SS:[EBP-4], ESI ; pro.00497BA8
00435EB5 |> 83C8 FF OR EAX, FFFFFFFF ; EAX = 0xFFFFFFFF
00435EB8 |. 33D2 XOR EDX, EDX
00435EBA |. F775 10 DIV DWORD PTR SS:[EBP+10] ; 0xFFFFFFFF / 0xA: EAX = 0x19999999, EDX = 0x5
00435EBD |. BF 03010000 MOV EDI, 103 ; EDI = 0x103
00435EC2 |. 8945 F4 MOV DWORD PTR SS:[EBP-C], EAX ; var_0xC = 0x19999999
00435EC5 |> 833D 3C454900>/CMP DWORD PTR DS:[49453C], 1
00435ECC |. 0FB6F3 |MOVZX ESI, BL
00435ECF |. 7E 0C |JLE SHORT pro.00435EDD
00435ED1 |. 6A 04 |PUSH 4
00435ED3 |. 56 |PUSH ESI ; pro.00497BA8
00435ED4 |. E8 0A4D0000 |CALL pro.0043ABE3
00435ED9 |. 59 |POP ECX ; USER32.75B124D3
00435EDA |. 59 |POP ECX ; USER32.75B124D3
00435EDB |. EB 0B |JMP SHORT pro.00435EE8
00435EDD |> A1 30434900 |MOV EAX, DWORD PTR DS:[494330] ; 查表 [494330] = 49433A
00435EE2 |. 8A0470 |MOV AL, BYTE PTR DS:[EAX+ESI*2]
00435EE5 |. 83E0 04 |AND EAX, 4 ; 所得值 AND 4 (二进制 0100)
00435EE8 |> 85C0 |TEST EAX, EAX ; EAX > 0, iff 查表所得值 [0x?4,0x?7] 或 [0x?C,0x?F], 即 [表首+[0x30,0x39]*2] 符合要求, 恰好对应了 0..9, 最终 EAX = 4
00435EEA |. 74 08 |JE SHORT pro.00435EF4 ; 其余情况 EAX = 0, 并跳转
00435EEC |. 0FBECB |MOVSX ECX, BL
00435EEF |. 83E9 30 |SUB ECX, 30 ; 如果是数字的话, 通过 -0x30 atoi
00435EF2 |. EB 32 |JMP SHORT pro.00435F26
00435EF4 |> 833D 3C454900>|CMP DWORD PTR DS:[49453C], 1
00435EFB |. 7E 0B |JLE SHORT pro.00435F08
00435EFD |. 57 |PUSH EDI ; pro.00497BA8
00435EFE |. 56 |PUSH ESI ; pro.00497BA8
00435EFF |. E8 DF4C0000 |CALL pro.0043ABE3
00435F04 |. 59 |POP ECX ; USER32.75B124D3
00435F05 |. 59 |POP ECX ; USER32.75B124D3
00435F06 |. EB 0B |JMP SHORT pro.00435F13
00435F08 |> A1 30434900 |MOV EAX, DWORD PTR DS:[494330] ; 查表 [494330] = 49433A
00435F0D |. 66:8B0470 |MOV AX, WORD PTR DS:[EAX+ESI*2]
00435F11 |. 23C7 |AND EAX, EDI ; 所得值 AND 0x103 (二进制 0001 0000 0011)
00435F13 |> 85C0 |TEST EAX, EAX ; EAX > 0, iff 查表所得值 [0x?1,0x?3] 或 [0x?9,0x?B], 即 [表首+[0x41,0x5A]或[0x61,0x7A]*2] 符合要求, 对应了 A..Za..z
00435F15 |. 74 4A |JE SHORT pro.00435F61 ; 其余情况 EAX = 0, 并跳转
00435F17 |. 0FBEC3 |MOVSX EAX, BL
00435F1A |. 50 |PUSH EAX
00435F1B |. E8 EE0F0000 |CALL <pro.ToUpperCase> ; 小写转大写
00435F20 |. 59 |POP ECX ; USER32.75B124D3
00435F21 |. 8BC8 |MOV ECX, EAX
00435F23 |. 83E9 37 |SUB ECX, 37 ; 如果是字母的话, 通过 -0x37 atoh
00435F26 |> 3B4D 10 |CMP ECX, DWORD PTR SS:[EBP+10] ; 如果是数字的话, 肯定小于 0xA 了
00435F29 |. 73 36 |JNB SHORT pro.00435F61
00435F2B |. 8B75 F8 |MOV ESI, DWORD PTR SS:[EBP-8] ; ESI = var_0x8
00435F2E |. 834D 14 08 |OR DWORD PTR SS:[EBP+14], 8 ; Arg.4 = Arg.4 OR 8 = 9
00435F32 |. 3B75 F4 |CMP ESI, DWORD PTR SS:[EBP-C] ; 0 < 0x19999999
00435F35 |. 72 14 |JB SHORT pro.00435F4B
00435F37 |. 75 0C |JNZ SHORT pro.00435F45
00435F39 |. 83C8 FF |OR EAX, FFFFFFFF
00435F3C |. 33D2 |XOR EDX, EDX
00435F3E |. F775 10 |DIV DWORD PTR SS:[EBP+10]
00435F41 |. 3BCA |CMP ECX, EDX
00435F43 |. 76 06 |JBE SHORT pro.00435F4B
00435F45 |> 834D 14 04 |OR DWORD PTR SS:[EBP+14], 4
00435F49 |. EB 09 |JMP SHORT pro.00435F54
00435F4B |> 0FAF75 10 |IMUL ESI, DWORD PTR SS:[EBP+10] ; ESI = ESI * Arg.3 = var_0x8 * Arg.3
00435F4F |. 03F1 |ADD ESI, ECX ; ESI = ESI + ECX = var_0x8 * Arg.3 + 注册码数字
00435F51 |. 8975 F8 |MOV DWORD PTR SS:[EBP-8], ESI ; 结果存储于 var_0x8 供下次使用
00435F54 |> 8B45 FC |MOV EAX, DWORD PTR SS:[EBP-4] ; EAX 指向下一个注册码字符
00435F57 |. FF45 FC |INC DWORD PTR SS:[EBP-4]
00435F5A |. 8A18 |MOV BL, BYTE PTR DS:[EAX] ; BL = 下一个注册码字符
00435F5C |.^ E9 64FFFFFF \JMP pro.00435EC5
00435F61 |> 8B45 14 MOV EAX, DWORD PTR SS:[EBP+14] ; EAX = Arg.4 (1 或 9)
00435F64 |. FF4D FC DEC DWORD PTR SS:[EBP-4] ; var_0x4 重新指向前一个字符
00435F67 |. 8B5D 0C MOV EBX, DWORD PTR SS:[EBP+C] ; EBX = Arg.2 = 0
00435F6A |. A8 08 TEST AL, 8 ; EAX AND 8 (二进制 1000)
00435F6C |. 75 10 JNZ SHORT pro.00435F7E ; 如果注册码前面有数字, 这里 AL = 9, TEST结果 > 0
00435F6E |. 85DB TEST EBX, EBX
00435F70 |. 74 06 JE SHORT pro.00435F78
00435F72 |. 8B45 08 MOV EAX, DWORD PTR SS:[EBP+8] ; pro.00497BA8
00435F75 |. 8945 FC MOV DWORD PTR SS:[EBP-4], EAX
00435F78 |> 8365 F8 00 AND DWORD PTR SS:[EBP-8], 0 ; 清零
00435F7C |. EB 4B JMP SHORT pro.00435FC9
00435F7E |> A8 04 TEST AL, 4 ; 如果注册码前面有数字, 这里 AL = 9, TEST结果 = 0
00435F80 |. BE FFFFFF7F MOV ESI, 7FFFFFFF
00435F85 |. 75 1B JNZ SHORT pro.00435FA2
00435F87 |. A8 01 TEST AL, 1 ; 如果注册码前面有数字, 这里 AL = 9, TEST结果 > 0
00435F89 |. 75 3E JNZ SHORT pro.00435FC9
00435F8B |. 83E0 02 AND EAX, 2
00435F8E |. 74 09 JE SHORT pro.00435F99
00435F90 |. 817D F8 00000>CMP DWORD PTR SS:[EBP-8], 80000000
00435F97 |. 77 09 JA SHORT pro.00435FA2
00435F99 |> 85C0 TEST EAX, EAX
00435F9B |. 75 2C JNZ SHORT pro.00435FC9
00435F9D |. 3975 F8 CMP DWORD PTR SS:[EBP-8], ESI ; pro.00497BA8
00435FA0 |. 76 27 JBE SHORT pro.00435FC9
00435FA2 |> E8 2C340000 CALL pro.004393D3
00435FA7 |. F645 14 01 TEST BYTE PTR SS:[EBP+14], 1
00435FAB |. C700 22000000 MOV DWORD PTR DS:[EAX], 22
00435FB1 |. 74 06 JE SHORT pro.00435FB9
00435FB3 |. 834D F8 FF OR DWORD PTR SS:[EBP-8], FFFFFFFF
00435FB7 |. EB 10 JMP SHORT pro.00435FC9
00435FB9 |> 8B45 14 MOV EAX, DWORD PTR SS:[EBP+14]
00435FBC |. 24 02 AND AL, 2
00435FBE |. F6D8 NEG AL
00435FC0 |. 1BC0 SBB EAX, EAX
00435FC2 |. F7D8 NEG EAX
00435FC4 |. 03C6 ADD EAX, ESI ; pro.00497BA8
00435FC6 |. 8945 F8 MOV DWORD PTR SS:[EBP-8], EAX
00435FC9 |> 85DB TEST EBX, EBX ; TEST EBX
00435FCB |. 74 05 JE SHORT pro.00435FD2
00435FCD |. 8B45 FC MOV EAX, DWORD PTR SS:[EBP-4]
00435FD0 |. 8903 MOV DWORD PTR DS:[EBX], EAX
00435FD2 |> F645 14 02 TEST BYTE PTR SS:[EBP+14], 2 ; (Arg.4 = 1 或 9) AND 2 = 0
00435FD6 |. 74 08 JE SHORT pro.00435FE0
00435FD8 |. 8B45 F8 MOV EAX, DWORD PTR SS:[EBP-8]
00435FDB |. F7D8 NEG EAX
00435FDD |. 8945 F8 MOV DWORD PTR SS:[EBP-8], EAX
00435FE0 |> 8B45 F8 MOV EAX, DWORD PTR SS:[EBP-8] ; EAX = var_0x8
00435FE3 |. EB 0B JMP SHORT pro.00435FF0
00435FE5 |> 8B45 0C MOV EAX, DWORD PTR SS:[EBP+C] ; Default case of switch 00435E54
00435FE8 |. 85C0 TEST EAX, EAX
00435FEA |. 74 02 JE SHORT pro.00435FEE
00435FEC |. 8938 MOV DWORD PTR DS:[EAX], EDI ; pro.00497BA8
00435FEE |> 33C0 XOR EAX, EAX
00435FF0 |> 5F POP EDI ; USER32.75B124D3
00435FF1 |. 5E POP ESI ; USER32.75B124D3
00435FF2 |. 5B POP EBX ; USER32.75B124D3
00435FF3 |. C9 LEAVE
00435FF4 \. C3 RETN
[Asm] 纯文本查看 复制代码 00430280 /$ 57 PUSH EDI ; pro.00497BA8
00430281 |. 8B7C24 08 MOV EDI, DWORD PTR SS:[ESP+8] ; EDI = name
00430285 |. 85FF TEST EDI, EDI ; pro.00497BA8
00430287 |. 74 09 JE SHORT pro.00430292
00430289 |. 57 PUSH EDI ; pro.00497BA8
0043028A |. E8 D1580000 CALL <pro.strlen>
0043028F |. 59 POP ECX ; USER32.75B124D3
00430290 |. EB 02 JMP SHORT pro.00430294
00430292 |> 33C0 XOR EAX, EAX
00430294 |> 83F8 05 CMP EAX, 5 ; strlen(name)
00430297 |. 73 04 JNB SHORT pro.0043029D ; strlen(name) 应该大于 5, 否则 清零 EAX
00430299 |. 33C0 XOR EAX, EAX
0043029B |. 5F POP EDI ; USER32.75B124D3
0043029C |. C3 RETN
0043029D |> 53 PUSH EBX
0043029E |. 56 PUSH ESI ; pro.00497BA8
0043029F |. BE A4E4FE5D MOV ESI, 5DFEE4A4 ; ESI = 0x5DFEE4A4
004302A4 |. 33DB XOR EBX, EBX ; i
004302A6 |> 85FF /TEST EDI, EDI ; name
004302A8 |. 74 09 |JE SHORT pro.004302B3
004302AA |. 57 |PUSH EDI ; pro.00497BA8
004302AB |. E8 B0580000 |CALL <pro.strlen>
004302B0 |. 59 |POP ECX ; USER32.75B124D3
004302B1 |. EB 02 |JMP SHORT pro.004302B5
004302B3 |> 33C0 |XOR EAX, EAX
004302B5 |> 83C0 FC |ADD EAX, -4 ; EAX 总是 strlen(name)-4
004302B8 |. 3BD8 |CMP EBX, EAX ; if (i < strlen(name) - 4)
004302BA |. 73 0C |JNB SHORT pro.004302C8
004302BC |. 33343B |XOR ESI, DWORD PTR DS:[EBX+EDI] ; ESI = ESI XOR DWORD(name[i]), 看来需要当做 byte array 处理
004302BF |. F6C3 40 |TEST BL, 40
004302C2 |. 74 01 |JE SHORT pro.004302C5
004302C4 |. 43 |INC EBX
004302C5 |> 43 |INC EBX ; i++
004302C6 |.^ EB DE \JMP SHORT pro.004302A6
004302C8 |> 8BC6 MOV EAX, ESI ; pro.00497BA8
004302CA |. 5E POP ESI ; USER32.75B124D3
004302CB |. 5B POP EBX ; USER32.75B124D3
004302CC |. 5F POP EDI ; USER32.75B124D3
004302CD \. C3 RETN
Keygen
[C] 纯文本查看 复制代码 #include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "stdint.h"
int main(void)
{
#define MAXLINE 256
char line[MAXLINE];
unsigned char *name = (unsigned char *)line;
int namelen, i, j;
uint32_t name_checksum = 0x5DFEE4A4;
do {
printf("Please input username with >= 5 characters: \n");
if (fgets(line, MAXLINE, stdin) != NULL)
{
line[strcspn(line, "\r\n")] = 0;
printf("Name: [%s].\n", line);
namelen = strlen(name);
if (namelen < 5)
{
continue;
}
for (i = 0; i < namelen - 4; i++)
{
name_checksum = name_checksum ^ *(uint32_t *)(name + i);
}
printf("Code: [%ld]\n", name_checksum);
}
} while (1);
exit(EXIT_SUCCESS);
}
|
评分
-
查看全部评分
|
IP卡
发表于 2017-7-8 14:35:04
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2017-7-8 14:44:26
楼主
发表于 2017-7-8 20:46:47
发表于 2017-7-9 11:35:40
