===================Open Cracking Group========================
=
=
GSview V4.12 for Windows注册算法分析
=
=
DiKeN/OCG
=
http://www.newclw.com/lllufh/cgi-bin/leoboard.cgi
=
===================Open
Cracking Group========================
:00436A51 6A00
push 00000000
:00436A53
6A00 push
00000000
:00436A55 68EB080000
push 000008EB
:00436A5A 8B4508
mov eax, dword ptr [ebp+08]
:00436A5D 50
push eax
* Reference
To: USER32.GetDlgItemInt, Ord:00F4h
|
:00436A5E FF15040C4A00 Call dword
ptr [004A0C04]
:00436A64 8985FCFEFFFF
mov dword ptr [ebp+FFFFFEFC], eax<=========获取第一项SN1
:00436A6A 6A00
push 00000000
:00436A6C 6A00
push 00000000
:00436A6E 68EC080000
push 000008EC
:00436A73 8B4D08
mov ecx, dword ptr [ebp+08]
:00436A76 51
push ecx
* Reference To: USER32.GetDlgItemInt, Ord:00F4h
|
:00436A77 FF15040C4A00
Call dword ptr [004A0C04]
:00436A7D 8985F8FEFFFF
mov dword ptr [ebp+FFFFFEF8], eax<=========获取第二项SN2
:00436A83
6800010000 push 00000100
:00436A88 8D9500FFFFFF lea edx, dword
ptr [ebp+FFFFFF00]<=========用户名地址Name
:00436A8E 52
push edx
:00436A8F
68EA080000 push 000008EA
:00436A94 8B4508
mov eax, dword ptr [ebp+08]
:00436A97 50
push eax
* Reference To: USER32.GetDlgItemTextA,
Ord:00F5h
|
:00436A98 FF15A80C4A00
Call dword ptr [004A0CA8]<=================获取用户名
:00436A9E 83BDFCFEFFFF00 cmp dword ptr
[ebp+FFFFFEFC], 00000000
:00436AA5 7475
je 00436B1C<===========================SN1不能为0
:00436AA7 8B8DFCFEFFFF mov ecx,
dword ptr [ebp+FFFFFEFC]
:00436AAD 51
push ecx
:00436AAE E852A5FCFF
call 00401005
=========================================================================================
===>:00401005 E9F8520300
jmp 00436302
=======>
=======>function getSN2(SN1):integer;
=======>var
=======> x4,x8,x10,x14,index:integer;//xc=index
=======>
:00436302 55
push ebp
:00436303 8BEC
mov ebp, esp
:00436305 83EC14
sub esp, 00000014
:00436308 C745FC08840000
mov [ebp-04], 00008408
:0043630F
8B4508 mov eax,
dword ptr [ebp+08]======>SN1
:00436312 8945F8
mov dword ptr [ebp-08],
eax==>x8
:00436315 C745EC00000000
mov [ebp-14], 00000000==>x14
:0043631C
C745F400000000 mov [ebp-0C], 00000000==>index//xc
:00436323 EB09
jmp 0043632E
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00436367(U)
|
:00436325 8B4DF4
mov ecx, dword ptr [ebp-0C]
:00436328
83C101 add ecx,
00000001
:0043632B 894DF4
mov dword ptr [ebp-0C], ecx<=========循环变量+1
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00436323(U)
|
:0043632E 837DF420
cmp dword ptr [ebp-0C], 00000020<=========循环变量
:00436332 7335
jnb 00436369
=========================================================================================
x4:=$00008408;x8:=SN1;
x14:=0;
for index:=0 to $19 do
begin
x10:=x14 and
1;
x14:=(x14 shr 1) + ((x8 and 1) shl
$F);
if (x10=1) then
begin
x14:=x14 xor x4;
end;
x8:=x8 shr 1;
end
return x14;
=========================================================================================
:00436334 8B55EC
mov edx, dword ptr [ebp-14]
:00436337
83E201 and edx,
00000001
:0043633A 8955F0
mov dword ptr [ebp-10], edx
:0043633D 8B45EC
mov eax, dword ptr [ebp-14]
:00436340 D1E8
shr eax, 1
:00436342 8B4DF8
mov ecx, dword ptr [ebp-08]
:00436345
83E101 and ecx,
00000001
:00436348 C1E10F
shl ecx, 0F
:0043634B
03C1 add
eax, ecx
:0043634D 8945EC
mov dword ptr [ebp-14], eax
:00436350 837DF001
cmp dword ptr [ebp-10], 00000001
:00436354 7509
jne 0043635F
:00436356 8B55EC
mov edx, dword ptr [ebp-14]
:00436359
3355FC xor edx,
dword ptr [ebp-04]
:0043635C 8955EC
mov dword ptr [ebp-14], edx
* Referenced by a (U)nconditional or (C)onditional
Jump at Address:
|:00436354(C)
|
:0043635F 8B45F8
mov eax, dword ptr [ebp-08]
:00436362 D1E8
shr eax, 1
:00436364 8945F8
mov dword ptr [ebp-08], eax
:00436367 EBBC
jmp 00436325
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00436332(C)
|
:00436369
8B45EC mov eax,
dword ptr [ebp-14]
:0043636C 8BE5
mov esp, ebp
:0043636E 5D
pop ebp
:0043636F C3
ret
=========================================================================================
:00436AB3 83C404
add esp, 00000004
:00436AB6 3985F8FEFFFF
cmp dword ptr [ebp+FFFFFEF8], eax
:00436ABC 755E
jne 00436B1C<====================计算结果必须和SN2相等
:00436ABE 8D9500FFFFFF lea edx,
dword ptr [ebp+FFFFFF00]
:00436AC4 52
push edx
* Reference To: KERNEL32.lstrlenA,
Ord:02A1h
|
:00436AC5 FF15F40A4A00
Call dword ptr [004A0AF4]
:00436ACB 85C0
test eax, eax
:00436ACD 7E4D
jle 00436B1C=======>必须填写用户名
:00436ACF 68FF000000
push 000000FF
:00436AD4 8D8500FFFFFF
lea eax, dword ptr [ebp+FFFFFF00]
:00436ADA 50
push eax
:00436ADB 6840604800 push
00486040
:00436AE0 E89B140200
call 00457F80
:00436AE5 83C40C
add esp, 0000000C
:00436AE8 8B8DFCFEFFFF
mov ecx, dword ptr [ebp+FFFFFEFC]
:00436AEE 890DF05F4800
mov dword ptr [00485FF0], ecx
:00436AF4
6840604800 push 00486040
:00436AF9 8B95F8FEFFFF mov edx, dword
ptr [ebp+FFFFFEF8]
:00436AFF 52
push edx
:00436B00 A1F05F4800
mov eax, dword ptr [00485FF0]
:00436B05
50
push eax
:00436B06 E887A9FCFF
call 00401492
:00436B0B 83C40C
add esp, 0000000C
:00436B0E 6A01
push 00000001
:00436B10 8B4D08
mov ecx, dword ptr [ebp+08]
:00436B13 51
push ecx
* Reference To: USER32.EndDialog, Ord:00B4h
|
:00436B14 FF15900C4A00
Call dword ptr [004A0C90]
:00436B1A EB31
jmp 00436B4D
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00436AA5(C), :00436ABC(C), :00436ACD(C)
|
:00436B1C 68FF000000
push 000000FF
:00436B21 8D95F8FDFFFF
lea edx, dword ptr [ebp+FFFFFDF8]
:00436B27
52
push edx
* Possible Reference to String Resource ID=00864: "Invalid
Registration Name or Number"
|
:00436B28
6860030000 push 00000360
:00436B2D E873AFFCFF call 00401AA5
:00436B32 83C40C
add esp, 0000000C
:00436B35 6A30
push 00000030
* Possible StringData Ref
from Data Obj ->"GSview"
|
:00436B37
68304A4700 push 00474A30
:00436B3C 8D85F8FDFFFF lea eax, dword
ptr [ebp+FFFFFDF8]
:00436B42 50
push eax
:00436B43 8B4D08
mov ecx, dword ptr [ebp+08]
:00436B46 51
push ecx
==================================================================
公布一个Code:888888888-63330
keygen已经完成
keygen算法上面也写出,keygen公布在OCG的论坛
==================================================================
===================Open
Cracking Group========================
=
=
GSview V4.12 for Windows注册算法分析
=
=
DiKeN/OCG
= http://www.newclw.com/lllufh/cgi-bin/leoboard.cgi
=
===================Open Cracking Group========================
- 标 题:GSview V4.12 for Windows注册算法分析 - OCG (8千字)
- 作 者:DiKeN
- 时 间:2002-3-30
21:09:39
- 链 接:http://bbs.pediy.com