数据库信息管理开发平台V2.5.标准版&V3.6
网址:http://hd-sc.com
ASPack1.07b 加壳
Delphi6的作品
脱壳反汇编,字符串参考"系统过期"、"注册码成功"后者有两处.分别见下面
验证注册的过程:首先根据输入的注册码生成一段数字,然后把他作为ASSCII值与输入的用户名相比较,相同则正确,不相同则错误.要写注册机的话就需要一个逆过程了。
我的注册码
/D0 24 74 00 1A------->注册名的ASCII值
\"982101314"---------->注册码
使用这个注册码来注册V3.6时,98下可以成功注册,可是2000下就不行了,不知道为什么。
本来想写注册机,可惜功力不够了……哪位大侠抽空给讲解一下吧,我先写一个自注册的,由于是根据注册码计算注册名,所以做出来的经常不能显示字符……还是功力不够5555555555
:005BAD4F 722D jb 005BAD7E
:005BAD51 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"系统过期"
|
:005BAD53 B994AD5B00 mov ecx, 005BAD94
* Possible StringData Ref from Data Obj ->"该程序版本已经过期,请与宏达电脑服务中心联系更"
->"新版本!"
|
:005BAD58 BAA0AD5B00 mov edx, 005BADA0
:005BAD5D A1543C5C00 mov eax, dword ptr [005C3C54]
:005BAD62 8B00 mov eax, dword ptr [eax]
:005BAD64 E85B3BEBFF call 0046E8C4
:005BAD69 33C0 xor eax, eax
:005BAD6B 898390020000 mov dword ptr [ebx+00000290], eax
:005BAD71 898394020000 mov dword ptr [ebx+00000294], eax
:005BAD77 8BC3 mov eax, ebx
:005BAD79 E87A02EBFF call 0046AFF8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005BAD4F(C)
|
:005BAD7E 59 pop ecx
:005BAD7F 5A pop edx
:005BAD80 5B pop ebx
:005BAD81 C3 ret
*********************************************************************
*********************************************************************
:005A4248 55 push ebp
:005A4249 8BEC mov ebp, esp
:005A424B B905000000 mov ecx, 00000005
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A4255(C)
|
:005A4250 6A00 push 00000000
:005A4252 6A00 push 00000000
:005A4254 49 dec ecx
:005A4255 75F9 jne 005A4250
:005A4257 53 push ebx
:005A4258 56 push esi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A41E3(C)
|
:005A4259 57 push edi
:005A425A 8BD8 mov ebx, eax
:005A425C 33C0 xor eax, eax
:005A425E 55 push ebp
:005A425F 6845445A00 push 005A4445
:005A4264 64FF30 push dword ptr fs:[eax]
:005A4267 648920 mov dword ptr fs:[eax], esp
:005A426A 33C0 xor eax, eax
:005A426C 55 push ebp
:005A426D 68D0435A00 push 005A43D0
:005A4272 64FF30 push dword ptr fs:[eax]
:005A4275 648920 mov dword ptr fs:[eax], esp
:005A4278 8D55F0 lea edx, dword ptr [ebp-10]
:005A427B 8B8300030000 mov eax, dword ptr [ebx+00000300]
:005A4281 E8929EEAFF call 0044E118
:005A4286 8B45F0 mov eax, dword ptr [ebp-10]-------------------->输入的注册码
:005A4289 8D55F4 lea edx, dword ptr [ebp-0C]
:005A428C E89752E6FF call 00409528
:005A4291 8B45F4 mov eax, dword ptr [ebp-0C]-------------------->输入的注册码
:005A4294 8D4DF8 lea ecx, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->"HDDBIP"
|
:005A4297 BA5C445A00 mov edx, 005A445C----------------------------->"HDDBIP"
:005A429C E86B6B0100 call 005BAE0C--------------------------------->这个CALL可以计算得到ASSCII
:005A42A1 8B45F8 mov eax, dword ptr [ebp-08]------------------->根据注册码计算出来的ASSCII
:005A42A4 50 push eax
:005A42A5 8D55E8 lea edx, dword ptr [ebp-18]
:005A42A8 8B83FC020000 mov eax, dword ptr [ebx+000002FC]
:005A42AE E8659EEAFF call 0044E118
:005A42B3 8B45E8 mov eax, dword ptr [ebp-18]------------------->输入的用户名
:005A42B6 8D55EC lea edx, dword ptr [ebp-14]
:005A42B9 E86A52E6FF call 00409528
:005A42BE 8B55EC mov edx, dword ptr [ebp-14]------->输入的用户名
:005A42C1 58 pop eax--------------------------->恢复根据注册码计算的ASSCII
:005A42C2 E89D0BE6FF call 00404E64--------------------->进行比较(关键!!!!!!!)
:005A42C7 0F85E1000000 jne 005A43AE---------------------->跳到错误!!!
:005A42CD B201 mov dl, 01
* Possible StringData Ref from Data Obj ->""
|
:005A42CF A1542F4700 mov eax, dword ptr [00472F54]
:005A42D4 E87BEDECFF call 00473054
:005A42D9 8945FC mov dword ptr [ebp-04], eax
:005A42DC 33C0 xor eax, eax
:005A42DE 55 push ebp
:005A42DF 68A7435A00 push 005A43A7
:005A42E4 64FF30 push dword ptr fs:[eax]
:005A42E7 648920 mov dword ptr fs:[eax], esp
:005A42EA BA02000080 mov edx, 80000002
:005A42EF 8B45FC mov eax, dword ptr [ebp-04]
:005A42F2 E8FDEDECFF call 004730F4
:005A42F7 B101 mov cl, 01
* Possible StringData Ref from Data Obj ->"SoftWareDbimpDbimp1.0"
|
:005A42F9 BA6C445A00 mov edx, 005A446C
:005A42FE 8B45FC mov eax, dword ptr [ebp-04]
:005A4301 E852EEECFF call 00473158
:005A4306 84C0 test al, al
:005A4308 7429 je 005A4333
:005A430A 8D55E0 lea edx, dword ptr [ebp-20]
:005A430D 8B83FC020000 mov eax, dword ptr [ebx+000002FC]
:005A4313 E8009EEAFF call 0044E118
:005A4318 8B45E0 mov eax, dword ptr [ebp-20]
:005A431B 8D55E4 lea edx, dword ptr [ebp-1C]
:005A431E E80552E6FF call 00409528
:005A4323 8B4DE4 mov ecx, dword ptr [ebp-1C]
* Possible StringData Ref from Data Obj ->"RegName"
|
:005A4326 BA8C445A00 mov edx, 005A448C
:005A432B 8B45FC mov eax, dword ptr [ebp-04]
:005A432E E8C1EFECFF call 004732F4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A4308(C)
|
:005A4333 8D55D8 lea edx, dword ptr [ebp-28]
:005A4336 8B8300030000 mov eax, dword ptr [ebx+00000300]
:005A433C E8D79DEAFF call 0044E118
:005A4341 8B45D8 mov eax, dword ptr [ebp-28]
:005A4344 8D55DC lea edx, dword ptr [ebp-24]
:005A4347 E8DC51E6FF call 00409528
:005A434C 8B4DDC mov ecx, dword ptr [ebp-24]
* Possible StringData Ref from Data Obj ->"RegID"
|
:005A434F BA9C445A00 mov edx, 005A449C
:005A4354 8B45FC mov eax, dword ptr [ebp-04]
:005A4357 E898EFECFF call 004732F4
:005A435C 8B45FC mov eax, dword ptr [ebp-04]
:005A435F E860EDECFF call 004730C4
:005A4364 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"用户注册"
|
:005A4366 B9A4445A00 mov ecx, 005A44A4
* Possible StringData Ref from Data Obj ->"注册码成功!"
|
:005A436B BAB0445A00 mov edx, 005A44B0
:005A4370 A1543C5C00 mov eax, dword ptr [005C3C54]
:005A4375 8B00 mov eax, dword ptr [eax]
:005A4377 E848A5ECFF call 0046E8C4
:005A437C 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:005A4382 33D2 xor edx, edx
:005A4384 8B08 mov ecx, dword ptr [eax]
:005A4386 FF5164 call [ecx+64]
:005A4389 A1B83E5C00 mov eax, dword ptr [005C3EB8]
:005A438E C60001 mov byte ptr [eax], 01
:005A4391 33C0 xor eax, eax
:005A4393 5A pop edx
:005A4394 59 pop ecx
:005A4395 59 pop ecx
:005A4396 648910 mov dword ptr fs:[eax], edx
:005A4399 68C6435A00 push 005A43C6
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A43AC(U)
|
:005A439E 8B45FC mov eax, dword ptr [ebp-04]
:005A43A1 E876F8E5FF call 00403C1C
:005A43A6 C3 ret
:005A43A7 E90400E6FF jmp 004043B0
:005A43AC EBF0 jmp 005A439E
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A42C7(C)------------------------------------------------------------------->错误的由来
|
:005A43AE 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"用户注册"
|
:005A43B0 B9A4445A00 mov ecx, 005A44A4
* Possible StringData Ref from Data Obj ->"注册码与注册名称不符!请验证注册码和注册名称"
|
:005A43B5 BAC0445A00 mov edx, 005A44C0------------------------>MOV EDX [EBP+FFFFFFF8]; 8B55F89090
:005A43BA A1543C5C00 mov eax, dword ptr [005C3C54]
:005A43BF 8B00 mov eax, dword ptr [eax]
:005A43C1 E8FEA4ECFF call 0046E8C4
:005A43C6 33C0 xor eax, eax
:005A43C8 5A pop edx
:005A43C9 59 pop ecx
:005A43CA 59 pop ecx
:005A43CB 648910 mov dword ptr fs:[eax], edx
:005A43CE EB22 jmp 005A43F2
:005A43D0 E927FDE5FF jmp 004040FC
:005A43D5 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"用户注册"
|
:005A43D7 B9A4445A00 mov ecx, 005A44A4
* Possible StringData Ref from Data Obj ->"注册码输入错误!请验证!"
|
:005A43DC BAF0445A00 mov edx, 005A44F0
:005A43E1 A1543C5C00 mov eax, dword ptr [005C3C54]
:005A43E6 8B00 mov eax, dword ptr [eax]
:005A43E8 E8D7A4ECFF call 0046E8C4
:005A43ED E83601E6FF call 00404528
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A43CE(U)
|
:005A43F2 33C0 xor eax, eax
:005A43F4 5A pop edx
:005A43F5 59 pop ecx
:005A43F6 59 pop ecx
:005A43F7 648910 mov dword ptr fs:[eax], edx
:005A43FA 684C445A00 push 005A444C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A444A(U)
|
:005A43FF 8D45D8 lea eax, dword ptr [ebp-28]
:005A4402 E86106E6FF call 00404A68
:005A4407 8D45DC lea eax, dword ptr [ebp-24]
:005A440A E85906E6FF call 00404A68
:005A440F 8D45E0 lea eax, dword ptr [ebp-20]
:005A4412 E85106E6FF call 00404A68
:005A4417 8D45E4 lea eax, dword ptr [ebp-1C]
:005A441A E84906E6FF call 00404A68
:005A441F 8D45E8 lea eax, dword ptr [ebp-18]
:005A4422 E84106E6FF call 00404A68
:005A4427 8D45EC lea eax, dword ptr [ebp-14]
:005A442A E83906E6FF call 00404A68
:005A442F 8D45F0 lea eax, dword ptr [ebp-10]
:005A4432 E83106E6FF call 00404A68
:005A4437 8D45F4 lea eax, dword ptr [ebp-0C]
:005A443A BA02000000 mov edx, 00000002
:005A443F E84806E6FF call 00404A8C
:005A4444 C3 ret
***************************************************************
***************************************************************
:005A496C 55 push ebp
:005A496D 8BEC mov ebp, esp
:005A496F B906000000 mov ecx, 00000006
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:005A491B(C), :005A4979(C)
|
:005A4974 6A00 push 00000000
:005A4976 6A00 push 00000000
:005A4978 49 dec ecx
:005A4979 75F9 jne 005A4974
:005A497B 53 push ebx
:005A497C 56 push esi
:005A497D 57 push edi
:005A497E 8BD8 mov ebx, eax
:005A4980 33C0 xor eax, eax
:005A4982 55 push ebp
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A4925(C)
|
:005A4983 68AA4B5A00 push 005A4BAA
:005A4988 64FF30 push dword ptr fs:[eax]
:005A498B 648920 mov dword ptr fs:[eax], esp
:005A498E 8D55F8 lea edx, dword ptr [ebp-08]
:005A4991 A110385C00 mov eax, dword ptr [005C3810]
:005A4996 8B00 mov eax, dword ptr [eax]
:005A4998 E88B54E6FF call 00409E28
:005A499D 8D45F8 lea eax, dword ptr [ebp-08]
:005A49A0 50 push eax
:005A49A1 8B55F8 mov edx, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->"."
|
:005A49A4 B8C04B5A00 mov eax, 005A4BC0
:005A49A9 E8AE06E6FF call 0040505C
:005A49AE 8BC8 mov ecx, eax
:005A49B0 49 dec ecx
:005A49B1 BA01000000 mov edx, 00000001
:005A49B6 8B45F8 mov eax, dword ptr [ebp-08]
:005A49B9 E8BA05E6FF call 00404F78
:005A49BE 33C0 xor eax, eax
:005A49C0 55 push ebp
:005A49C1 68304B5A00 push 005A4B30
:005A49C6 64FF30 push dword ptr fs:[eax]
:005A49C9 648920 mov dword ptr fs:[eax], esp
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A4965(C)
|
:005A49CC 8D55EC lea edx, dword ptr [ebp-14]
:005A49CF 8B8300030000 mov eax, dword ptr [ebx+00000300]
:005A49D5 E83E97EAFF call 0044E118
:005A49DA 8B45EC mov eax, dword ptr [ebp-14]
:005A49DD 8D55F0 lea edx, dword ptr [ebp-10]
:005A49E0 E8434BE6FF call 00409528
:005A49E5 8B45F0 mov eax, dword ptr [ebp-10]
:005A49E8 8D4DF4 lea ecx, dword ptr [ebp-0C]
:005A49EB 8B55F8 mov edx, dword ptr [ebp-08]
:005A49EE E819640100 call 005BAE0C
:005A49F3 8B45F4 mov eax, dword ptr [ebp-0C]
:005A49F6 50 push eax
:005A49F7 8D55E4 lea edx, dword ptr [ebp-1C]
:005A49FA 8B83FC020000 mov eax, dword ptr [ebx+000002FC]
:005A4A00 E81397EAFF call 0044E118
:005A4A05 8B45E4 mov eax, dword ptr [ebp-1C]
:005A4A08 8D55E8 lea edx, dword ptr [ebp-18]
:005A4A0B E8184BE6FF call 00409528
:005A4A10 8B55E8 mov edx, dword ptr [ebp-18]
:005A4A13 58 pop eax
:005A4A14 E84B04E6FF call 00404E64------------------------------->关键(与上面的相同!!)!!!
:005A4A19 0F85EF000000 jne 005A4B0E-------------------------------->跳到错误!!!
:005A4A1F B201 mov dl, 01
* Possible StringData Ref from Data Obj ->""
|
:005A4A21 A1542F4700 mov eax, dword ptr [00472F54]
:005A4A26 E829E6ECFF call 00473054
:005A4A2B 8945FC mov dword ptr [ebp-04], eax
:005A4A2E 33C0 xor eax, eax
:005A4A30 55 push ebp
:005A4A31 68074B5A00 push 005A4B07
:005A4A36 64FF30 push dword ptr fs:[eax]
:005A4A39 648920 mov dword ptr fs:[eax], esp
:005A4A3C BA02000080 mov edx, 80000002
:005A4A41 8B45FC mov eax, dword ptr [ebp-04]
:005A4A44 E8ABE6ECFF call 004730F4
:005A4A49 8D45E0 lea eax, dword ptr [ebp-20]
:005A4A4C 8B4DF8 mov ecx, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->"SoftWareDbimp\