• 标 题:先贴上金山毒霸2001的序列号机吧~! (1千字)
  • 作 者:funyliang
  • 时 间:2001-9-14 9:31:03
  • 链 接:http://bbs.pediy.com

Tc2.0调试通过。
#include<stdio.h>
#include<dos.h>
#include<stdlib.h>
main()
{
int hesum=0;
int a1,a2,a3,a4,a5,a6,a7,a8,a9,a10;
int rm;
int s0e,s0f,s10,s11,s12,s13,s15,s16,s17,s18,s19,s1a;
for (;;)
{randomize();
s0e=random(9);
s10=random(9);
s13=random(9);
s16=random(9);
s18=random(9);
s19=random(9);
s1a=random(9);
a1=9-s13;
s15=a1*3%10;
s0f=a1*7%10;
s12=a1*2%10;
a2=9-s1a;
if (s18<a2*6%10) a3=10+s18-a2*6%10;
else a3=s18-a2*6%10;
if (s10<a3*4%10) a4=10+s10-a3*4%10;
else a4=s10-a3*4%10;
if (s16<a4*7%10) a5=10+s16-a4*7%10;
else a5=s16-a4*7%10;
if (s19<a4*3%10) a6=10+s19-a4*3%10;
else a6=s19-a4*3%10;
a7=(s0e+a1)%10;
if (s12<a1*2%10) a8=10+s12-a1*2%10;
else a8=s12-a1*2%10;
if (s0f<a1*7%10) a9=10+s0f-a1*7%10;
else a9=s0f-a1*7%10;
if (s15<a1*3%10) a10=10+s15-a1*3%10;
else a10=s15-a1*3%10;
hesum=a1+a2+a3+a4+a5+a6+a7+a8+a9+a10;
s11=hesum/10;
s17=hesum%10;
if (a10==0)
{if (a9<=2)
{printf("Copyright by CYL~!\n");
printf("http://funyliang.go.163.com/\n");
printf("Serial number is 101000-110000-%d%d%d%d%d%d-%d%d%d%d%d%d\n",s0e,s0f,s10,s11,s12,s13,s15,s16,s17,s18,s19,s1a);
printf("Thank you use this Keygen~!\n");
printf("Press any key to exit~!\n");
getch();
break;
}
}
}
}
生成的序列号可以使用和升级。
其实前面12位可以乱填,但不能网上升级,用上面给出的就可以升级了。
等以后在完成前面的12位。

                                              funyliang
                                          E:cylljj@elong.com

  • 标 题:前12位和版本有关系,后12位是通用的。 (139字)
  • 作 者:funyliang
  • 时 间:2001-9-14 10:25:28
  • 链 接:http://bbs.pediy.com

增强版:030300-110000
毒霸II: 100300-110001
2001:  100600-110000
        101000-110000
        101001-110000
钻石版: 100700-110000

  • 标 题:关于金山毒霸2001序列号机的一点补充 (8千字)
  • 作 者:funyliang
  • 时 间:2001-9-18 10:27:16
  • 链 接:http://bbs.pediy.com

今天突然想起金山毒霸2001序列号机还没有完成,就对update.exe进行跟踪,终于找到如下:
* Referenced by a CALL at Address:
|:00418ABF 
|
:0040875E 83257C15430000          and dword ptr [0043157C], 00000000
:00408765 53                      push ebx
:00408766 56                      push esi

* Reference To: MSVCRT._strnicmp, Ord:0000h
                                  |
:00408767 8B3530E64100            mov esi, dword ptr [0041E630]
:0040876D 57                      push edi
:0040876E 8B7C2410                mov edi, dword ptr [esp+10]
:00408772 6A06                    push 00000006

* Possible StringData Ref from Data Obj ->"KAV00-"<—就是这个啦!   
:00408774 68F4F64200              push 0042F6F4
:00408779 57                      push edi
:0040877A FFD6                    call esi
:0040877C 83C40C                  add esp, 0000000C
:0040877F 85C0                    test eax, eax
:00408781 7411                    je 00408794
:00408783 6A06                    push 00000006

* Possible StringData Ref from Data Obj ->"KAV02-"-"<—就是这个啦!   
                                  |
:00408785 68ECF64200              push 0042F6EC
:0040878A 57                      push edi
:0040878B FFD6                    call esi
:0040878D 83C40C                  add esp, 0000000C
:00408790 85C0                    test eax, eax
:00408792 7511                    jne 004087A5

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408781(C)
|
:00408794 C7057C15430001000000    mov dword ptr [0043157C], 00000001

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004087D4(U), :004087F0(U), :0040880C(U), :00408828(U), :0040886E(U)
|:00408886(U), :0040889E(U), :004088B2(U), :004088CA(U), :004088E9(C)
|
:0040879E 6A01                    push 00000001
:004087A0 58                      pop eax

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004088F1(U)
|
:004087A1 5F                      pop edi
:004087A2 5E                      pop esi
:004087A3 5B                      pop ebx
:004087A4 C3                      ret



* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408792(C)
|
:004087A5 6A06                    push 00000006

* Possible StringData Ref from Data Obj ->"KAV01-"-"<—就是这个啦!   
                                  |
:004087A7 68E4F64200              push 0042F6E4
:004087AC 57                      push edi
:004087AD FFD6                    call esi
:004087AF 83C40C                  add esp, 0000000C
:004087B2 6A04                    push 00000004
:004087B4 5B                      pop ebx
:004087B5 85C0                    test eax, eax
:004087B7 0F8497000000            je 00408854
:004087BD 6A06                    push 00000006

* Possible StringData Ref from Data Obj ->"KAVFF-"-"<—就是这个啦!   
                                  |
:004087BF 68DCF64200              push 0042F6DC
:004087C4 57                      push edi
:004087C5 FFD6                    call esi
:004087C7 83C40C                  add esp, 0000000C
:004087CA 85C0                    test eax, eax
:004087CC 7508                    jne 004087D6
:004087CE 891D7C154300            mov dword ptr [0043157C], ebx
:004087D4 EBC8                    jmp 0040879E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004087CC(C)
|
:004087D6 53                      push ebx

* Possible StringData Ref from Data Obj ->"1006"-"<—就是这个啦!   
                                  |
:004087D7 68D4F64200              push 0042F6D4
:004087DC 57                      push edi
:004087DD FFD6                    call esi
:004087DF 83C40C                  add esp, 0000000C
:004087E2 85C0                    test eax, eax
:004087E4 750C                    jne 004087F2
:004087E6 C7057C15430008000000    mov dword ptr [0043157C], 00000008
:004087F0 EBAC                    jmp 0040879E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004087E4(C)
|
:004087F2 53                      push ebx

* Possible StringData Ref from Data Obj ->"1007"-"<—就是这个啦!   
                                  |
:004087F3 68CCF64200              push 0042F6CC
:004087F8 57                      push edi
:004087F9 FFD6                    call esi
:004087FB 83C40C                  add esp, 0000000C
:004087FE 85C0                    test eax, eax
:00408800 750C                    jne 0040880E
:00408802 C7057C15430000020000    mov dword ptr [0043157C], 00000200
:0040880C EB90                    jmp 0040879E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408800(C)
|
:0040880E 53                      push ebx

* Possible StringData Ref from Data Obj ->"1010"-"<—就是这个啦!   
                                  |
:0040880F 68C4F64200              push 0042F6C4
:00408814 57                      push edi
:00408815 FFD6                    call esi
:00408817 83C40C                  add esp, 0000000C
:0040881A 85C0                    test eax, eax
:0040881C 750F                    jne 0040882D
:0040881E C7057C15430000010000    mov dword ptr [0043157C], 00000100
:00408828 E971FFFFFF              jmp 0040879E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040881C(C)
|
:0040882D 53                      push ebx

* Possible StringData Ref from Data Obj ->"1011"-"<—就是这个啦!   
                                  |
:0040882E 68BCF64200              push 0042F6BC
:00408833 57                      push edi
:00408834 FFD6                    call esi
:00408836 83C40C                  add esp, 0000000C
:00408839 85C0                    test eax, eax
:0040883B 750A                    jne 00408847
:0040883D C7057C15430008000000    mov dword ptr [0043157C], 00000008

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040883B(C)
|
:00408847 833D7C15430002          cmp dword ptr [0043157C], 00000002
:0040884E 0F858E000000            jne 004088E2

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004087B7(C)
|
:00408854 83257C15430000          and dword ptr [0043157C], 00000000
:0040885B E802620000              call 0040EA62
:00408860 85C0                    test eax, eax
:00408862 740F                    je 00408873
:00408864 C7057C15430002000000    mov dword ptr [0043157C], 00000002
:0040886E E92BFFFFFF              jmp 0040879E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408862(C)
|
:00408873 E80F610000              call 0040E987
:00408878 85C0                    test eax, eax
:0040887A 740F                    je 0040888B
:0040887C C7057C15430010000000    mov dword ptr [0043157C], 00000010
:00408886 E913FFFFFF              jmp 0040879E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040887A(C)
|
:0040888B E889610000              call 0040EA19
:00408890 85C0                    test eax, eax
:00408892 740F                    je 004088A3
:00408894 C7057C15430020000000    mov dword ptr [0043157C], 00000020
:0040889E E9FBFEFFFF              jmp 0040879E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408892(C)
|
:004088A3 E828610000              call 0040E9D0
:004088A8 85C0                    test eax, eax
:004088AA 740B                    je 004088B7
:004088AC 891D7C154300            mov dword ptr [0043157C], ebx
:004088B2 E9E7FEFFFF              jmp 0040879E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004088AA(C)
|
:004088B7 E8EF610000              call 0040EAAB
:004088BC 85C0                    test eax, eax
:004088BE 740F                    je 004088CF
:004088C0 C7057C15430040000000    mov dword ptr [0043157C], 00000040
:004088CA E9CFFEFFFF              jmp 0040879E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004088BE(C)
|
:004088CF E820620000              call 0040EAF4
:004088D4 85C0                    test eax, eax
:004088D6 740A                    je 004088E2

只要序列号前6或者4位和上面标出的相同就可以了,其他的可以随你填,但不包括后面12位,序列号器我就不编了。
详见:http://www.chat001.com/forum/crackforum/20274.html