我看了一下呼吸动画秀2.7 
peid报告使用了blowfish算法，心里还挺高兴，才看过，正好练练算法，可是最终程序没有使用，不知为何，莫非是留待以后使用还是用了什么需要注册的控件。

里面的预注册号码没有用，是随机生成的，保存在目录下
regokgif.pin文件里。

注册按钮按下响应：
CODE:004EEAD8                 push    ebp
CODE:004EEAD9                 mov     ebp, esp
CODE:004EEADB                 mov     ecx, 7
CODE:004EEAE0 
CODE:004EEAE0 loc_4EEAE0:                             ; CODE XREF: CODE:004EEAE5j
CODE:004EEAE0                 push    0
CODE:004EEAE2                 push    0
CODE:004EEAE4                 dec     ecx
CODE:004EEAE5                 jnz     short loc_4EEAE0
CODE:004EEAE7                 push    ebx
CODE:004EEAE8                 mov     ebx, eax
CODE:004EEAEA                 xor     eax, eax
CODE:004EEAEC                 push    ebp
CODE:004EEAED                 push    offset loc_4EEDF8
CODE:004EEAF2                 push    dword ptr fs:[eax]
CODE:004EEAF5                 mov     fs:[eax], esp
CODE:004EEAF8                 lea     edx, [ebp-0Ch]
CODE:004EEAFB                 mov     eax, [ebx+300h] ; 读取输入的注册码
CODE:004EEB01                 call    @TControl@GetText$qqrv ; TControl::GetText(void)
CODE:004EEB06                 mov     eax, [ebp-0Ch]
CODE:004EEB09                 call    @System@_16823  ; System::_16823
CODE:004EEB0E                 cmp     eax, 14h
CODE:004EEB11                 jnz     loc_4EED91
CODE:004EEB17                 lea     edx, [ebp-10h]
CODE:004EEB1A                 mov     eax, [ebx+2F8h] ; 读取用户名
CODE:004EEB20                 call    @TControl@GetText$qqrv ; TControl::GetText(void)
CODE:004EEB25                 mov     eax, [ebp-10h]
CODE:004EEB28                 call    @System@_16823  ; System::_16823
CODE:004EEB2D                 test    eax, eax
CODE:004EEB2F                 jle     loc_4EED91
CODE:004EEB35                 lea     eax, [ebp-4]
CODE:004EEB38                 push    eax
CODE:004EEB39                 lea     edx, [ebp-18h]
CODE:004EEB3C                 mov     eax, [ebx+2F8h]
CODE:004EEB42                 call    @TControl@GetText$qqrv ; TControl::GetText(void)
CODE:004EEB47                 mov     eax, [ebp-18h]
CODE:004EEB4A                 lea     edx, [ebp-14h]
CODE:004EEB4D                 call    @Trim
CODE:004EEB52                 lea     eax, [ebp-14h]
CODE:004EEB55                 mov     edx, offset dword_4EEE0C
CODE:004EEB5A                 call    @System@@LStrCat$qqrv ; System::__linkproc__ LStrCat(void)
CODE:004EEB5F                 mov     eax, [ebp-14h]
CODE:004EEB62                 mov     ecx, 8
CODE:004EEB67                 mov     edx, 1
CODE:004EEB6C                 call    @System@@LStrCopy$qqrv ; System::__linkproc__ LStrCopy(void)
CODE:004EEB71                 lea     eax, [ebp-8]
CODE:004EEB74                 push    eax
CODE:004EEB75                 lea     edx, [ebp-1Ch]
CODE:004EEB78                 mov     eax, [ebx+300h]
CODE:004EEB7E                 call    @TControl@GetText$qqrv ; TControl::GetText(void)
CODE:004EEB83                 mov     eax, [ebp-1Ch]
CODE:004EEB86                 push    eax
CODE:004EEB87                 mov     eax, ds:dword_509F8C
CODE:004EEB8C                 mov     eax, [eax]
CODE:004EEB8E                 mov     ecx, [eax+708h]
CODE:004EEB94                 lea     eax, [ebp-20h]
CODE:004EEB97                 mov     edx, [ebp-4]
CODE:004EEB9A                 call    @System@@LStrCat3$qqrv ; System::__linkproc__ LStrCat3(void)
CODE:004EEB9F                 mov     edx, [ebp-20h]  ; 用户名+空格 +"8806" 补足12位
CODE:004EEBA2                 xor     ecx, ecx
CODE:004EEBA4                 pop     eax             ;  用户输入的注册码
CODE:004EEBA5                 call    sub_4B1DC0      ;  关键CALL，对输入用户名及注册码进行变换
CODE:004EEBAA                 mov     eax, ds:dword_509F8C
CODE:004EEBAF                 mov     eax, [eax]
CODE:004EEBB1                 add     eax, 72Ch
CODE:004EEBB6                 mov     edx, [ebp-8]
CODE:004EEBB9                 call    @System@@LStrAsg$qqrv ; System::__linkproc__ LStrAsg(void)
CODE:004EEBBE                 lea     eax, [ebp-24h]
CODE:004EEBC1                 push    eax
CODE:004EEBC2                 mov     ecx, 6
CODE:004EEBC7                 mov     edx, 1
CODE:004EEBCC                 mov     eax, [ebp-8]
CODE:004EEBCF                 call    @System@@LStrCopy$qqrv ; System::__linkproc__ LStrCopy(void)
CODE:004EEBD4                 mov     eax, [ebp-24h]
CODE:004EEBD7                 mov     edx, ds:dword_509F8C
CODE:004EEBDD                 mov     edx, [edx]
CODE:004EEBDF                 mov     edx, [edx+70Ch]
CODE:004EEBE5                 call    @System@@LStrCmp$qqrv ; System::__linkproc__ LStrCmp(void)      // 前6字节为machinecode_1 为程序根据asm 指令cpuid经过运算得来
CODE:004EEBEA                 jnz     loc_4EED91
CODE:004EEBF0                 lea     eax, [ebp-28h]
CODE:004EEBF3                 push    eax
CODE:004EEBF4                 mov     ecx, 3
CODE:004EEBF9                 mov     edx, 7
CODE:004EEBFE                 mov     eax, [ebp-8]
CODE:004EEC01                 call    @System@@LStrCopy$qqrv ; System::__linkproc__ LStrCopy(void)
CODE:004EEC06                 mov     eax, [ebp-28h]
CODE:004EEC09                 mov     edx, offset dword_4EEE20
CODE:004EEC0E                 call    @System@@LStrCmp$qqrv ; System::__linkproc__ LStrCmp(void)     // 后3字节为"gif",程序固定值
CODE:004EEC13                 jnz     loc_4EED91
...

// 关键CALL sub_004B1DC0 
CODE:004B1DC0                 push    ebp
CODE:004B1DC1                 mov     ebp, esp
CODE:004B1DC3                 add     esp, 0FFFFFFC4h
CODE:004B1DC6                 push    ebx
CODE:004B1DC7                 push    esi
CODE:004B1DC8                 push    edi
CODE:004B1DC9                 xor     ebx, ebx
CODE:004B1DCB                 mov     [ebp+var_3C], ebx
CODE:004B1DCE                 mov     [ebp+var_34], ebx
CODE:004B1DD1                 mov     [ebp+var_38], ebx
CODE:004B1DD4                 mov     [ebp+var_2C], ebx
CODE:004B1DD7                 mov     [ebp+var_30], ebx
CODE:004B1DDA                 mov     [ebp+var_28], ebx
CODE:004B1DDD                 mov     [ebp+var_10], ebx
CODE:004B1DE0                 mov     ebx, ecx
CODE:004B1DE2                 mov     [ebp+var_8], edx       
CODE:004B1DE5                 mov     [ebp+var_4], eax
CODE:004B1DE8                 mov     eax, [ebp+var_4]
CODE:004B1DEB                 call    @System@@LStrAddRef$qqrv ; System::__linkproc__ LStrAddRef(void)
CODE:004B1DF0                 mov     eax, [ebp+var_8]
CODE:004B1DF3                 call    @System@@LStrAddRef$qqrv ; System::__linkproc__ LStrAddRef(void)
CODE:004B1DF8                 xor     eax, eax
CODE:004B1DFA                 push    ebp
CODE:004B1DFB                 push    offset loc_4B1FFF
CODE:004B1E00                 push    dword ptr fs:[eax]
CODE:004B1E03                 mov     fs:[eax], esp
CODE:004B1E06                 xor     eax, eax
CODE:004B1E08                 push    ebp
CODE:004B1E09                 push    offset loc_4B1FBD
CODE:004B1E0E                 push    dword ptr fs:[eax]
CODE:004B1E11                 mov     fs:[eax], esp
CODE:004B1E14                 mov     eax, [ebp+var_8]
CODE:004B1E17                 call    @System@_16823  ; System::_16823
CODE:004B1E1C                 mov     [ebp+var_C], eax
CODE:004B1E1F                 cmp     [ebp+var_C], 0
CODE:004B1E23                 jnz     short loc_4B1E32
CODE:004B1E25                 lea     eax, [ebp+var_8]
CODE:004B1E28                 mov     edx, offset dword_4B2018
CODE:004B1E2D                 call    @System@@LStrLAsg$qqrv ; System::__linkproc__ LStrLAsg(void)
CODE:004B1E32 
CODE:004B1E32 loc_4B1E32:                             ; CODE XREF: sub_4B1DC0+63j
CODE:004B1E32                 xor     esi, esi
CODE:004B1E34                 mov     edi, 100h
CODE:004B1E39                 test    bl, bl
CODE:004B1E3B                 jz      loc_4B1EE5       //若为1是生成序列号
                                                          //  为0是变换用户名及用户输入的注册码
CODE:004B1E41                 call    @System@Randomize$qqrv ; System::Randomize(void)
CODE:004B1E46                 mov     eax, edi          // 序列号第一字节随机生成
CODE:004B1E48                 call    @System@@RandInt$qqrv ; System::__linkproc__ RandInt(void)
CODE:004B1E4D                 mov     edi, eax
CODE:004B1E4F                 lea     eax, [ebp+var_10]
CODE:004B1E52                 push    eax
CODE:004B1E53                 mov     [ebp+var_24], edi
CODE:004B1E56                 mov     [ebp+var_20], 0
CODE:004B1E5A                 lea     edx, [ebp+var_24]
CODE:004B1E5D                 xor     ecx, ecx
CODE:004B1E5F                 mov     eax, offset dword_4B2030
CODE:004B1E64                 call    @Sysutils@Format$qqrx17System@AnsiStringpx14System@TVarRecxi ; Sysutils::Format(System::AnsiString,System::TVarRec *,int)
CODE:004B1E69                 mov     eax, [ebp+var_4]
CODE:004B1E6C                 call    @System@_16823  ; System::_16823
CODE:004B1E71                 test    eax, eax
CODE:004B1E73                 jle     loc_4B1FA8
CODE:004B1E79                 mov     [ebp+var_1C], eax
CODE:004B1E7C                 mov     [ebp+var_14], 1
CODE:004B1E83 
CODE:004B1E83 loc_4B1E83:                             ; CODE XREF: sub_4B1DC0+11Ej
CODE:004B1E83                 mov     eax, [ebp+var_4]
CODE:004B1E86                 mov     edx, [ebp+var_14]
CODE:004B1E89                 movzx   eax, byte ptr [eax+edx-1]
CODE:004B1E8E                 add     eax, edi
CODE:004B1E90                 mov     ecx, 0FFh
CODE:004B1E95                 cdq
CODE:004B1E96                 idiv    ecx
CODE:004B1E98                 mov     ebx, edx      // 序列号生成简单算法
                                                      //  (序列号[n] + MachinCode_1[n])%0xFF = 序列号[n+1]
CODE:004B1E9A                 cmp     esi, [ebp+var_C]
CODE:004B1E9D                 jge     short loc_4B1EA2
CODE:004B1E9F                 inc     esi
CODE:004B1EA0                 jmp     short loc_4B1EA7
CODE:004B1EA2 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
CODE:004B1EA2 
CODE:004B1EA2 loc_4B1EA2:                             ; CODE XREF: sub_4B1DC0+DDj
CODE:004B1EA2                 mov     esi, 1
CODE:004B1EA7 
CODE:004B1EA7 loc_4B1EA7:                             ; CODE XREF: sub_4B1DC0+E0j
CODE:004B1EA7                 mov     eax, [ebp+var_8]
CODE:004B1EAA                 movzx   eax, byte ptr [eax+esi-1]
CODE:004B1EAF                 xor     ebx, eax        //  序列号[n＋1] = 序列号[n＋1] ^ 种子字符串"http://www.okayle.com"[n]
CODE:004B1EB1                 lea     eax, [ebp+var_28]
CODE:004B1EB4                 push    eax
CODE:004B1EB5                 mov     [ebp+var_24], ebx
CODE:004B1EB8                 mov     [ebp+var_20], 0
CODE:004B1EBC                 lea     edx, [ebp+var_24]
CODE:004B1EBF                 xor     ecx, ecx
CODE:004B1EC1                 mov     eax, offset dword_4B2030
CODE:004B1EC6                 call    @Sysutils@Format$qqrx17System@AnsiStringpx14System@TVarRecxi ; Sysutils::Format(System::AnsiString,System::TVarRec *,int)
CODE:004B1ECB                 mov     edx, [ebp+var_28]
CODE:004B1ECE                 lea     eax, [ebp+var_10]
CODE:004B1ED1                 call    @System@@LStrCat$qqrv ; System::__linkproc__ LStrCat(void)
CODE:004B1ED6                 mov     edi, ebx
CODE:004B1ED8                 inc     [ebp+var_14]
CODE:004B1EDB                 dec     [ebp+var_1C]
CODE:004B1EDE                 jnz     short loc_4B1E83
CODE:004B1EE0                 jmp     loc_4B1FA8
CODE:004B1EE5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
CODE:004B1EE5 
CODE:004B1EE5 loc_4B1EE5:                             ; CODE XREF: sub_4B1DC0+7Bj
CODE:004B1EE5                 lea     eax, [ebp+var_30]
CODE:004B1EE8                 push    eax
CODE:004B1EE9                 mov     ecx, 2
CODE:004B1EEE                 mov     edx, 1
CODE:004B1EF3                 mov     eax, [ebp+var_4]
CODE:004B1EF6                 call    @System@@LStrCopy$qqrv ; System::__linkproc__ LStrCopy(void)
CODE:004B1EFB                 mov     ecx, [ebp+var_30]
CODE:004B1EFE                 lea     eax, [ebp+var_2C]
CODE:004B1F01                 mov     edx, offset dword_4B2040 ; "$"
CODE:004B1F06                 call    @System@@LStrCat3$qqrv ; System::__linkproc__ LStrCat3(void)
CODE:004B1F0B                 mov     eax, [ebp+var_2C] ; 取前2字节的字符串化为16进制，如"6F"-->6Fh
CODE:004B1F0B                                         ; 
CODE:004B1F0E                 call    @Sysutils@StrToInt$qqrx17System@AnsiString ; Sysutils::StrToInt(System::AnsiString)
CODE:004B1F13                 mov     edi, eax
CODE:004B1F15                 mov     [ebp+var_14], 3
CODE:004B1F1C 
CODE:004B1F1C loc_4B1F1C:                             ; CODE XREF: sub_4B1DC0+1E2j
CODE:004B1F1C                 lea     eax, [ebp+var_38]
CODE:004B1F1F                 push    eax
CODE:004B1F20                 mov     ecx, 2
CODE:004B1F25                 mov     edx, [ebp+var_14]
CODE:004B1F28                 mov     eax, [ebp+var_4]
CODE:004B1F2B                 call    @System@@LStrCopy$qqrv ; System::__linkproc__ LStrCopy(void)
CODE:004B1F30                 mov     ecx, [ebp+var_38] ; 存放后两字节
CODE:004B1F33                 lea     eax, [ebp+var_34]
CODE:004B1F36                 mov     edx, offset dword_4B2040 ; "$"
CODE:004B1F3B                 call    @System@@LStrCat3$qqrv ; System::__linkproc__ LStrCat3(void)
CODE:004B1F40                 mov     eax, [ebp+var_34] ; 后两字节-->HEX
CODE:004B1F43                 call    @Sysutils@StrToInt$qqrx17System@AnsiString ; Sysutils::StrToInt(System::AnsiString)
CODE:004B1F48                 mov     ebx, eax
CODE:004B1F4A                 cmp     esi, [ebp+var_C]
CODE:004B1F4D                 jge     short loc_4B1F52
CODE:004B1F4F                 inc     esi
CODE:004B1F50                 jmp     short loc_4B1F57
CODE:004B1F52 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
CODE:004B1F52 
CODE:004B1F52 loc_4B1F52:                             ; CODE XREF: sub_4B1DC0+18Dj
CODE:004B1F52                 mov     esi, 1
CODE:004B1F57 
CODE:004B1F57 loc_4B1F57:                             ; CODE XREF: sub_4B1DC0+190j
CODE:004B1F57                 mov     eax, [ebp+var_8]
CODE:004B1F5A                 movzx   eax, byte ptr [eax+esi-1] ; 取用户名字符串中1字节
CODE:004B1F5F                 xor     eax, ebx        ; 简单运算
CODE:004B1F61                 mov     [ebp+var_18], eax
CODE:004B1F64                 cmp     edi, [ebp+var_18] ; 运算过程类似于：
CODE:004B1F64                                         ; ABS(RegCode[n]^UserName[n-1] - RegCode[n-1]) = Out[n]
CODE:004B1F67                 jl      short loc_4B1F78
CODE:004B1F69                 mov     eax, [ebp+var_18]
CODE:004B1F6C                 add     eax, 0FFh
CODE:004B1F71                 sub     eax, edi
CODE:004B1F73                 mov     [ebp+var_18], eax
CODE:004B1F76                 jmp     short loc_4B1F7B
CODE:004B1F78 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
CODE:004B1F78 
CODE:004B1F78 loc_4B1F78:                             ; CODE XREF: sub_4B1DC0+1A7j
CODE:004B1F78                 sub     [ebp+var_18], edi
CODE:004B1F7B 
CODE:004B1F7B loc_4B1F7B:                             ; CODE XREF: sub_4B1DC0+1B6j
CODE:004B1F7B                 lea     eax, [ebp+var_3C]
CODE:004B1F7E                 mov     edx, [ebp+var_18]
CODE:004B1F81                 call    unknown_libname_25
CODE:004B1F86                 mov     edx, [ebp+var_3C]
CODE:004B1F89                 lea     eax, [ebp+var_10]
CODE:004B1F8C                 call    @System@@LStrCat$qqrv ; System::__linkproc__ LStrCat(void)
CODE:004B1F91                 mov     edi, ebx
CODE:004B1F93                 add     [ebp+var_14], 2
CODE:004B1F97                 mov     eax, [ebp+var_4]
CODE:004B1F9A                 call    @System@_16823  ; System::_16823
CODE:004B1F9F                 cmp     eax, [ebp+var_14]
CODE:004B1FA2                 jg      loc_4B1F1C
CODE:004B1FA8 
CODE:004B1FA8 loc_4B1FA8:                             ; CODE XREF: sub_4B1DC0+B3j
CODE:004B1FA8                                         ; sub_4B1DC0+120j
CODE:004B1FA8                 mov     eax, [ebp+arg_0]
CODE:004B1FAB                 mov     edx, [ebp+var_10]
CODE:004B1FAE                 call    @System@@LStrAsg$qqrv ; System::__linkproc__ LStrAsg(void)
CODE:004B1FB3                 xor     eax, eax
CODE:004B1FB5                 pop     edx
CODE:004B1FB6                 pop     ecx
CODE:004B1FB7                 pop     ecx
CODE:004B1FB8                 mov     fs:[eax], edx
CODE:004B1FBB                 jmp     short loc_4B1FCF
CODE:004B1FBD ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
CODE:004B1FBD 
CODE:004B1FBD loc_4B1FBD:                             ; DATA XREF: sub_4B1DC0+49o
CODE:004B1FBD                 jmp     @System@@HandleAnyException$qqrv ; System::__linkproc__ HandleAnyException(void)
CODE:004B1FC2 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
CODE:004B1FC2                 mov     eax, [ebp+8]
CODE:004B1FC5                 call    @System@@LStrClr$qqrr17System@AnsiString ; System::__linkproc__ LStrClr(System::AnsiString &)
CODE:004B1FCA                 call    @@DoneExcept$qqrv ; __linkproc__ DoneExcept(void)
CODE:004B1FCF 
CODE:004B1FCF loc_4B1FCF:                             ; CODE XREF: sub_4B1DC0+1FBj
CODE:004B1FCF                 xor     eax, eax
CODE:004B1FD1                 pop     edx
CODE:004B1FD2                 pop     ecx
CODE:004B1FD3                 pop     ecx
CODE:004B1FD4                 mov     fs:[eax], edx
CODE:004B1FD7                 push    offset loc_4B2006
CODE:004B1FDC 
CODE:004B1FDC loc_4B1FDC:                             ; CODE XREF: CODE:004B2004j
CODE:004B1FDC                 lea     eax, [ebp+var_3C]
CODE:004B1FDF                 mov     edx, 6
CODE:004B1FE4                 call    @System@@LStrArrayClr$qqrv ; System::__linkproc__ LStrArrayClr(void)
CODE:004B1FE9                 lea     eax, [ebp+var_10]
CODE:004B1FEC                 call    @System@@LStrClr$qqrr17System@AnsiString ; System::__linkproc__ LStrClr(System::AnsiString &)
CODE:004B1FF1                 lea     eax, [ebp+var_8]
CODE:004B1FF4                 mov     edx, 2
CODE:004B1FF9                 call    @System@@LStrArrayClr$qqrv ; System::__linkproc__ LStrArrayClr(void)
CODE:004B1FFE                 retn

运算过程类似于：
先补足
用户名 = 用户名 + n个空格 +  machinecode_2 ,中间加空格补足到12字节,machinecode_2 为程序根据asm 指令cpuid经过运算得来。

(RegCode[n]^UserName[n-1] - RegCode[n-1]) = Out[n]
中间减法为若不够减，就给加上0xFF再减


最后Out[]须等于machinecode_1  +"gif",同样machinecode_1 也是程序根据asm 指令cpuid经过运算得来

另sub_5060D4 生成预注册码序列号


随手写了个注册机。vc6下编译通过。

void CAaDlg::OnButton1() 
{

  char PreRegCode[30] = "EA4B0-8480A-0614C-E6FD3-370D6";
  char* UserName = "test1";      //用户名,长度小于8


  char TempPreRegCode[24]={0};  // 保存去掉"-"及最后一组中的第一位固定值3的值
  char* pp =TempPreRegCode;
  unsigned char PreRegCode_1[7];
  unsigned char PreRegCode_2[5];
  int i = 0, temp2 = 0;

  // 去掉"-"及最后一组中的第一位固定值3
  while(PreRegCode[i] !=0)
  {
    
    if (i == 24 || PreRegCode[i]=='-')    // PreRegCode[24] = 3
    {
      i++;
      continue;    
    }

    *(pp++) = PreRegCode[i];  
    i++;
    
  }
  pp=NULL;


  // 前14字节，为PreRegCode_1，来反推MachinCode_1
  for(i=0;i<7;i++)
  {
    sscanf(&TempPreRegCode[i*2], "%02x", &temp2);
    PreRegCode_1[i] = temp2;
  }

  // 后5字节，为PreRegCode_2，，来反推MachinCode_2
  for(i=0;i<5;i++)
  {
    sscanf(&TempPreRegCode[14 + i*2], "%02x", &temp2);
    PreRegCode_2[i] = temp2;
  }


  char* szEDX = "http://www.okayle.com";  //程序种子数，固定值  
  unsigned char MachinCode_1[6], MachinCode_2[4];

  //由预注册码得来最后比较值得前6字节
  for(i =0 ; i<6 ; i++)
  {
    
    int temp1 = PreRegCode_1[i+1]^szEDX[i];
    if(temp1  > PreRegCode_1[i])
      MachinCode_1[i] = temp1 - PreRegCode_1[i];
    else
      MachinCode_1[i] = temp1 + 0xFF - PreRegCode_1[i];  
  }  

  //由预注册码得来填充到用户名后4字节  
  for(i =0 ; i<4 ; i++)
  {
    
    int temp1 = PreRegCode_2[i+1]^szEDX[i];
    if(temp1  > PreRegCode_2[i])
      MachinCode_2[i] = temp1 - PreRegCode_2[i];
    else
      MachinCode_2[i] = temp1 + 0xFF - PreRegCode_2[i];  
  }
  
  
  
  char Out[9];      // 最后计算出的结果要等于这个字符串
  for(i=0;i<6;i++) 
    Out[i]=MachinCode_1[i];
  Out[6] = 'g';  Out[7] = 'i';  Out[8] = 'f';
  
  char UserName_2[16] = {0} ;  // 保存处理后的用户名

  strcpy(UserName_2, UserName);      //用户名,长度小于8
  strcat(UserName_2, "        ");  //后面填充8个空格  
  UserName_2[8] = MachinCode_2[0];
  UserName_2[9] = MachinCode_2[1];
  UserName_2[10] = MachinCode_2[2];
  UserName_2[11] = MachinCode_2[3]; //只用前12位
        

  unsigned char RegCode[10];     
  RegCode[0] = 0x30; //任意给
  for(i=0; i<10 ; i++)
  {
    RegCode[i+1] = (Out[i]+RegCode[i])^UserName_2[i];
    if((RegCode[i+1]^UserName_2[i])<RegCode[i])
      RegCode[i+1] = (Out[i]+RegCode[i]-0xFF)^UserName_2[i];  

  }
  
  char szRegCode[30];
  memset(szRegCode, 0x0, sizeof(szRegCode));
  for(i=0; i<10 ; i++)
  {
    wsprintf(&szRegCode[i*2], "%02X",RegCode[i]);
  }

  MessageBox(szRegCode, "Kengen",MB_OK);

}