anti-homeMade(4):鹦鹉螺网络助手2.22
by 6767
工具:SOFTICE,WD32ASM(用于写过程)
下载地址:http://jx163.onlinedown.net/down/netranger222c.zip
开发者自己是怎么说的:
鹦鹉螺网络助手是什么?
鹦鹉螺网络助手是一个功能强大,方便易用的专业网络工具箱,既适合网络新手,也适合有经验的用户使用。鹦鹉螺网络助手提供给你上网冲浪、检查网络故障,获取帐号、主机和域名等等互联网或企业内部网上的网络信息所需要的各种常用工具。
不管那么多,在注册窗口,名字:6767,注册码:123654。在SI中下Bpx windowtexta,拦到。跟跟跟,到这里(当然失败上N次才找到):
.....
:00422B75 C644243002 mov [esp+30],
02
:00422B7A E879EF0100 call 00441AF8
:00422B7F 8BCE
mov ecx, esi
:00422B81 C644242C01 mov [esp+2C],
01
:00422B86 E875FEFFFF call 00422A00
<- 怀疑核心在这里,果然是,看下面分析
:00422B8B 8B4C2430 mov
ecx, dword ptr [esp+30] <- 在这里D一下会有收获
:00422B8F 6A0A
push 0000000A
:00422B91 8D542410 lea
edx, dword ptr [esp+10] <- 在这里D一下会有收获
:00422B95 51
push ecx
:00422B96 52
push edx
:00422B97 E8E4C40000 call 0042F080
<- 大哥
:00422B9C 83C40C
add esp, 0000000C
:00422B9F C644242000 mov [esp+20],
00
:00422BA4 85C0
test eax, eax <-
看起来
:00422BA6 8D4C2428 lea
ecx, dword ptr [esp+28]
:00422BAA 752D
jne 00422BD9 <-
好面熟
......
跟入核心CALL不久会到这里:
......
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422A8E(C)
|
:00422AA3 33C9
xor ecx, ecx <-
ECX=0,循环变量
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422AEB(C)
|
:00422AA5 33F6
xor esi, esi
:00422AA7 85FF
test edi, edi <-
DI放姓名长度
:00422AA9 7E3D
jle 00422AE8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422AE6(C)
|
:00422AAB 83F90A
cmp ecx, 0000000A
<- 大于等于10则循环完成
:00422AAE 7D3D
jge 00422AED
:00422AB0 85C9
test ecx, ecx <-
:00422AB2 7E07
jle 00422ABB <-
仅在第一次循环时跳走
:00422AB4 0FBE4429FF movsx eax,
byte ptr [ecx+ebp-01] <- 取生成的注册码的上一字母
:00422AB9 EB14
jmp 00422ACF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422AB2(C)
|
:00422ABB 0FBE543418 movsx edx,
byte ptr [esp+esi+18] <- 取名字的第一个字符
:00422AC0 0FBEC3
movsx eax, bl <-
与版本有关的一个值,0X6A
:00422AC3 8BD9
mov ebx, ecx <-
EBX=0
:00422AC5 03DA
add ebx, edx
:00422AC7 8B542414 mov
edx, dword ptr [esp+14] <-
在EDX中放入累加和
:00422ACB 03C3
add eax, ebx
:00422ACD 03C2
add eax, edx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422AB9(U)
|
:00422ACF 33D2
xor edx, edx <-
EDX=0
:00422AD1 BB1A000000 mov ebx,
0000001A <- 0X1A=26
:00422AD6 F7F3
div ebx
:00422AD8 8A5C2413 mov
bl, byte ptr [esp+13] <- [ESP+13]='j'=0X6A,固定值
:00422ADC 83C261
add edx, 00000061 <- EDX变为小写字符
:00422ADF 46
inc esi
:00422AE0 881429
mov byte ptr [ecx+ebp], dl <- 保存生成的注册码
:00422AE3 41
inc ecx
:00422AE4 3BF7
cmp esi, edi <- 循环次数是否到名字长度
:00422AE6 7CC3
jl 00422AAB
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422AA9(C)
|
:00422AE8 83F90A
cmp ecx, 0000000A
:00422AEB 7CB8
jl 00422AA5 <-
若循环未到10次,继续循环
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422AAE(C)
|
:00422AED 8D4C2434 lea
ecx, dword ptr [esp+34]
:00422AF1 C6450A00 mov
[ebp+0A], 00 <- 注册码长度变为10
:00422AF5 E889F20100 call 00441D83
<- 下面不重要了
:00422AFA 8D4C2438 lea
ecx, dword ptr [esp+38]
:00422AFE C744242CFFFFFFFF mov [esp+2C], FFFFFFFF
:00422B06 E878F20100 call 00441D83
:00422B0B 8B4C2424 mov
ecx, dword ptr [esp+24]
:00422B0F 5F
pop edi
:00422B10 5E
pop esi
:00422B11 5D
pop ebp
过程到这里,觉得好用就想办法注册吧。
- 标 题:anti-homeMade(4):鹦鹉螺网络助手2.22 (4千字)
- 作 者:6767
- 时 间:2001-5-25 23:00:57
- 链 接:http://bbs.pediy.com