Second Copy 6.2.0.41 注册算法分析
日期:2005年4月27日 破解人:Baby2008
-------------------------------------------------------------------------------------------------------------
『软件名称』:Second Copy 6.2.0.41
『软件大小』:1.1MB
『下载地址』:http://www.hanzify.org/?Go=Show::List&ID=7979
『软件介绍』:
这是一个文件备份软件,它会常驻在系统托盘,你可设定每隔几分钟(或是几小时、几天)自动执行一次备份工作,它会依你指定的时间
间隔在后台作业,自动帮你将重要的文件或是整个文件夹备份到指定的目录。除了进行简单的复制,程序还可以将要备份的文件压缩到 Zip 文
件,以及使源文件夹和目标文件夹保持同步。借助向导的帮助,你可以很快很容易地完成方案文件的设置和更改。
『保护方式』:注册码保护
『破解声明』:初学Crack,只是感兴趣,失误之处敬请诸位大侠赐教!
『破解工具』:OllyDbg.V1.10 聆风听雨汉化第二版、PeID 0.93、ASPackDie v1.41.HH
『破解过程』:
PeID查壳,ASPack 2.12 -> Alexey Solodovnikov,用ASPackDie v1.41.HH轻松搞定,默认另存为UnPacked.exe,再查Borland Delphi 4.0 - 5.0
,Dede查的注册按钮事件地址004A9904,OD载入,F9运行,在Nag窗口输入注册信息,用户名:Baby2008,注册码:1234567890,点击确定OD中断在:
004A9904 <>/. 55 push ebp ; <-TfrmRegEntry@btnRegisterClick
004A9905 |. 8BEC mov ebp,esp
004A9907 |. 33C9 xor ecx,ecx
004A9909 |. 51 push ecx
004A990A |. 51 push ecx
004A990B |. 51 push ecx
004A990C |. 51 push ecx
004A990D |. 51 push ecx
004A990E |. 53 push ebx
004A990F |. 8BD8 mov ebx,eax
004A9911 |. 33C0 xor eax,eax
004A9913 |. 55 push ebp
004A9914 |. 68 D9994A00 push <Unpacked.->system.@HandleFinally;>
004A9919 |. 64:FF30 push dword ptr fs:[eax]
004A991C |. 64:8920 mov dword ptr fs:[eax],esp
004A991F |. 8D55 FC lea edx,dword ptr ss:[ebp-4]
004A9922 <>|. 8B83 D8020000 mov eax,dword ptr ds:[ebx+2D8] ; *edtRegName:N.A.
004A9928 <>|. E8 8F05FAFF call Unpacked.00449EBC ; ->controls.TControl.GetText(TControl):TCaption;
004A992D |. 837D FC 00 cmp dword ptr ss:[ebp-4],0 ; 用户名
004A9931 |. 75 25 jnz short Unpacked.004A9958
004A9933 |. 8D55 F8 lea edx,dword ptr ss:[ebp-8]
004A9936 |. A1 C4024D00 mov eax,dword ptr ds:[4D02C4]
004A993B <>|. E8 94C2F5FF call Unpacked.00405BD4 ; ->system.LoadResString(PResStringRec):String;
004A9940 |. 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004A9943 |. E8 3096FBFF call Unpacked.00462F78
004A9948 <>|. 8B83 D8020000 mov eax,dword ptr ds:[ebx+2D8] ; *edtRegName:N.A.
004A994E |. 8B10 mov edx,dword ptr ds:[eax]
004A9950 |. FF92 B0000000 call dword ptr ds:[edx+B0]
004A9956 |. EB 4E jmp short Unpacked.004A99A6
004A9958 |> 8D55 F4 lea edx,dword ptr ss:[ebp-C]
004A995B <>|. 8B83 E4020000 mov eax,dword ptr ds:[ebx+2E4] ; *edtRegKey:N.A.
004A9961 <>|. E8 5605FAFF call Unpacked.00449EBC ; ->controls.TControl.GetText(TControl):TCaption;
004A9966 |. 8B45 F4 mov eax,dword ptr ss:[ebp-C] ; 注册码
004A9969 |. 50 push eax
004A996A |. 8D55 F0 lea edx,dword ptr ss:[ebp-10]
004A996D <>|. 8B83 D8020000 mov eax,dword ptr ds:[ebx+2D8] ; *edtRegName:N.A.
004A9973 <>|. E8 4405FAFF call Unpacked.00449EBC ; ->controls.TControl.GetText(TControl):TCaption;
004A9978 |. 8B45 F0 mov eax,dword ptr ss:[ebp-10] ; 用户名
004A997B |. 5A pop edx
004A997C |. E8 B7FBFFFF call Unpacked.004A9538 ; 关键,跟进
004A9981 |. 84C0 test al,al
004A9983 |. 74 0C je short Unpacked.004A9991
004A9985 |. C783 34020000>mov dword ptr ds:[ebx+234],1
004A998F |. EB 15 jmp short Unpacked.004A99A6
004A9991 |> 8D55 EC lea edx,dword ptr ss:[ebp-14]
004A9994 |. A1 78FD4C00 mov eax,dword ptr ds:[4CFD78]
004A9999 <>|. E8 36C2F5FF call Unpacked.00405BD4 ; ->system.LoadResString(PResStringRec):String;
004A999E |. 8B45 EC mov eax,dword ptr ss:[ebp-14]
004A99A1 |. E8 D295FBFF call Unpacked.00462F78
004A99A6 |> 33C0 xor eax,eax
004A99A8 |. 5A pop edx
004A99A9 |. 59 pop ecx
004A99AA |. 59 pop ecx
004A99AB |. 64:8910 mov dword ptr fs:[eax],edx
004A99AE |. 68 E0994A00 push Unpacked.004A99E0
004A99B3 |> 8D45 EC lea eax,dword ptr ss:[ebp-14]
004A99B6 <>|. E8 DDA2F5FF call Unpacked.00403C98 ; ->system.@LStrClr(String;String);
004A99BB |. 8D45 F0 lea eax,dword ptr ss:[ebp-10]
004A99BE |. BA 02000000 mov edx,2
004A99C3 <>|. E8 F4A2F5FF call Unpacked.00403CBC ; ->system.@LStrArrayClr;
004A99C8 |. 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004A99CB <>|. E8 C8A2F5FF call Unpacked.00403C98 ; ->system.@LStrClr(String;String);
004A99D0 |. 8D45 FC lea eax,dword ptr ss:[ebp-4]
004A99D3 <>|. E8 C0A2F5FF call Unpacked.00403C98 ; ->system.@LStrClr(String;String);
004A99D8 \. C3 retn
很明显,004A997C |. E8 B7FBFFFF call Unpacked.004A9538关键,跟进:
-------------------------------------------------------------------------------------------------------------------
004A9538 /$ 55 push ebp
004A9539 |. 8BEC mov ebp,esp
004A953B |. 83C4 E8 add esp,-18
004A953E |. 53 push ebx
004A953F |. 56 push esi
004A9540 |. 33C9 xor ecx,ecx
004A9542 |. 894D F0 mov dword ptr ss:[ebp-10],ecx
004A9545 |. 894D F4 mov dword ptr ss:[ebp-C],ecx
004A9548 |. 8955 F8 mov dword ptr ss:[ebp-8],edx
004A954B |. 8945 FC mov dword ptr ss:[ebp-4],eax
004A954E |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
004A9551 |. E8 76ABF5FF call Unpacked.004040CC
004A9556 |. 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004A9559 |. E8 6EABF5FF call Unpacked.004040CC
004A955E |. 33C0 xor eax,eax
004A9560 |. 55 push ebp
004A9561 |. 68 3D964A00 push Unpacked.004A963D
004A9566 |. 64:FF30 push dword ptr fs:[eax]
004A9569 |. 64:8920 mov dword ptr fs:[eax],esp
004A956C |. 33DB xor ebx,ebx
004A956E |. 8B55 F8 mov edx,dword ptr ss:[ebp-8] ; 注册码
004A9571 |. 8B45 FC mov eax,dword ptr ss:[ebp-4] ; 用户名
004A9574 |. E8 7BDFFFFF call Unpacked.004A74F4 ; 关键
004A9579 |. 8BF0 mov esi,eax
004A957B |. 85F6 test esi,esi
004A957D |. 0F8E 9F000000 jle Unpacked.004A9622 ; 开始保存注册信息
004A9583 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
004A9586 |. 50 push eax
004A9587 |. A1 F4044D00 mov eax,dword ptr ds:[4D04F4]
004A958C |. 8B00 mov eax,dword ptr ds:[eax]
004A958E |. B9 54964A00 mov ecx,Unpacked.004A9654 ; ASCII "RegName"
004A9593 |. BA 64964A00 mov edx,Unpacked.004A9664 ; ASCII "General"
004A9598 |. 8B18 mov ebx,dword ptr ds:[eax]
004A959A |. FF53 04 call dword ptr ds:[ebx+4]
004A959D |. 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004A95A0 |. 50 push eax
004A95A1 |. A1 F4044D00 mov eax,dword ptr ds:[4D04F4]
004A95A6 |. 8B00 mov eax,dword ptr ds:[eax]
004A95A8 |. BA 64964A00 mov edx,Unpacked.004A9664 ; ASCII "General"
004A95AD |. B9 74964A00 mov ecx,Unpacked.004A9674 ; ASCII "RegKey"
004A95B2 |. 8B18 mov ebx,dword ptr ds:[eax]
004A95B4 |. FF53 04 call dword ptr ds:[ebx+4]
004A95B7 |. 68 84964A00 push Unpacked.004A9684 ; ASCII "version.dll"
004A95BC |. A1 F4044D00 mov eax,dword ptr ds:[4D04F4]
004A95C1 |. 8B00 mov eax,dword ptr ds:[eax]
004A95C3 |. BA 64964A00 mov edx,Unpacked.004A9664 ; ASCII "General"
004A95C8 |. B9 98964A00 mov ecx,Unpacked.004A9698
004A95CD |. 8B18 mov ebx,dword ptr ds:[eax]
004A95CF |. FF53 04 call dword ptr ds:[ebx+4]
004A95D2 |. 81FE 00FA0000 cmp esi,0FA00
004A95D8 |. 75 17 jnz short Unpacked.004A95F1
004A95DA |. 8D55 F4 lea edx,dword ptr ss:[ebp-C]
004A95DD |. A1 84004D00 mov eax,dword ptr ds:[4D0084]
004A95E2 |. E8 EDC5F5FF call Unpacked.00405BD4
004A95E7 |. 8B45 F4 mov eax,dword ptr ss:[ebp-C]
004A95EA |. E8 C59AFBFF call Unpacked.004630B4
004A95EF |. EB 21 jmp short Unpacked.004A9612
004A95F1 |> 8D55 F0 lea edx,dword ptr ss:[ebp-10]
004A95F4 |. A1 B4FE4C00 mov eax,dword ptr ds:[4CFEB4]
004A95F9 |. E8 D6C5F5FF call Unpacked.00405BD4
004A95FE |. 8B45 F0 mov eax,dword ptr ss:[ebp-10]
004A9601 |. 8975 E8 mov dword ptr ss:[ebp-18],esi
004A9604 |. C645 EC 00 mov byte ptr ss:[ebp-14],0
004A9608 |. 8D55 E8 lea edx,dword ptr ss:[ebp-18]
004A960B |. 33C9 xor ecx,ecx
004A960D |. E8 FA9AFBFF call Unpacked.0046310C
004A9612 |> A1 ECFC4C00 mov eax,dword ptr ds:[4CFCEC]
004A9617 |. 8B00 mov eax,dword ptr ds:[eax]
004A9619 |. 33D2 xor edx,edx
004A961B |. E8 30E5FFFF call Unpacked.004A7B50
004A9620 |. B3 01 mov bl,1
004A9622 |> 33C0 xor eax,eax
004A9624 |. 5A pop edx
004A9625 |. 59 pop ecx
004A9626 |. 59 pop ecx
004A9627 |. 64:8910 mov dword ptr fs:[eax],edx
004A962A |. 68 44964A00 push Unpacked.004A9644
004A962F |> 8D45 F0 lea eax,dword ptr ss:[ebp-10]
004A9632 |. BA 04000000 mov edx,4
004A9637 |. E8 80A6F5FF call Unpacked.00403CBC
004A963C \. C3 retn
-------------------------------------------------------------------------------------------------------------------
:
跟进关键004A9574 |. E8 7BDFFFFF call Unpacked.004A74F4:
-------------------------------------------------------------------------------------------------------------------
004A74F4 $ 55 push ebp
004A74F5 . 8BEC mov ebp,esp
004A74F7 . 33C9 xor ecx,ecx
004A74F9 . 51 push ecx
004A74FA . 51 push ecx
004A74FB . 51 push ecx
004A74FC . 51 push ecx
004A74FD . 51 push ecx
004A74FE . 51 push ecx
004A74FF . 51 push ecx
004A7500 . 53 push ebx
004A7501 . 56 push esi
004A7502 . 57 push edi
004A7503 . 8955 F8 mov dword ptr ss:[ebp-8],edx
004A7506 . 8945 FC mov dword ptr ss:[ebp-4],eax
004A7509 . 8B45 FC mov eax,dword ptr ss:[ebp-4]
004A750C . E8 BBCBF5FF call Unpacked.004040CC
004A7511 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004A7514 . E8 B3CBF5FF call Unpacked.004040CC
004A7519 . 33C0 xor eax,eax
004A751B . 55 push ebp
004A751C . 68 29764A00 push Unpacked.004A7629
004A7521 . 64:FF30 push dword ptr fs:[eax]
004A7524 . 64:8920 mov dword ptr fs:[eax],esp
004A7527 . 837D FC 00 cmp dword ptr ss:[ebp-4],0 ; 用户名
004A752B . 0F84 DB000000 je Unpacked.004A760C
004A7531 . 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; 注册码
004A7534 . E8 DFC9F5FF call Unpacked.00403F18 ; Length
004A7539 . 83F8 0E cmp eax,0E ; 注册码长度必须为14位
需要F2重新载入,修正注册码为:12345678901234
004A753C . 0F85 CA000000 jnz Unpacked.004A760C
004A7542 . 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; 注册码
004A7545 . E8 CEC9F5FF call Unpacked.00403F18 ; Length
004A754A . 8BF0 mov esi,eax
004A754C . 85F6 test esi,esi
004A754E . 7E 20 jle short Unpacked.004A7570
004A7550 . BB 01000000 mov ebx,1
004A7555 > 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; 注册码
004A7558 . 807C18 FF 58 cmp byte ptr ds:[eax+ebx-1],58 ; 注册码[i],'X'
004A755D . 75 0D jnz short Unpacked.004A756C
004A755F . 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004A7562 . E8 81CBF5FF call Unpacked.004040E8 ; UniqueString(String;String);
004A7567 . C64418 FF 30 mov byte ptr ds:[eax+ebx-1],30
004A756C > 43 inc ebx
004A756D . 4E dec esi
004A756E .^ 75 E5 jnz short Unpacked.004A7555
004A7570 > 8D45 F0 lea eax,dword ptr ss:[ebp-10]
004A7573 . 50 push eax
004A7574 . B9 04000000 mov ecx,4
004A7579 . BA 01000000 mov edx,1
004A757E . 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; 注册码
004A7581 . E8 9ACBF5FF call Unpacked.00404120 ; system.@LStrCopy;
004A7586 . 8D45 EC lea eax,dword ptr ss:[ebp-14]
004A7589 . 50 push eax
004A758A . B9 09000000 mov ecx,9
004A758F . BA 06000000 mov edx,6
004A7594 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004A7597 . E8 84CBF5FF call Unpacked.00404120
004A759C . 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004A759F . 8B4D FC mov ecx,dword ptr ss:[ebp-4] ; 用户名
004A75A2 . 8B55 F0 mov edx,dword ptr ss:[ebp-10] ; 注册码[1-4]
004A75A5 . E8 BAC9F5FF call Unpacked.00403F64 ; system.@LStrCat3;
004A75AA . 8D55 E8 lea edx,dword ptr ss:[ebp-18]
004A75AD . 8B45 F4 mov eax,dword ptr ss:[ebp-C] ; 注册码[1-4]+用户名
004A75B0 . E8 93000000 call Unpacked.004A7648 ; 关键,跟进
004A75B5 . 8B55 E8 mov edx,dword ptr ss:[ebp-18] ; 注册码[1-4]+用户名计算结果
004A75B8 . 8B45 EC mov eax,dword ptr ss:[ebp-14] ; 注册码后9位
004A75BB . E8 68CAF5FF call Unpacked.00404028 ; system.@LStrCmp;
004A75C0 74 46 je short Unpacked.004A7608
004A75C2 . 33D2 xor edx,edx
004A75C4 . 55 push ebp
004A75C5 . 68 FA754A00 push Unpacked.004A75FA
004A75CA . 64:FF32 push dword ptr fs:[edx]
004A75CD . 64:8922 mov dword ptr fs:[edx],esp
004A75D0 . 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
004A75D3 . 8B4D F0 mov ecx,dword ptr ss:[ebp-10] ; 注册码[1-4]
004A75D6 . BA 44764A00 mov edx,Unpacked.004A7644
004A75DB . E8 84C9F5FF call Unpacked.00403F64 ; '$'
004A75E0 . 8B45 E4 mov eax,dword ptr ss:[ebp-1C] ; $注册码[1-4]
004A75E3 . E8 8019F6FF call Unpacked.00408F68 ; StrToInt($注册码[1-4])
004A75E8 . 8BD8 mov ebx,eax
004A75EA . 2B1D 20F94C00 sub ebx,dword ptr ds:[4CF920] ; StrToInt($注册码[1-4])-00000237
004A75F0 . 33C0 xor eax,eax ; 上面是计算授权许可数量
004A75F2 . 5A pop edx
004A75F3 . 59 pop ecx
004A75F4 . 59 pop ecx
004A75F5 . 64:8910 mov dword ptr fs:[eax],edx
004A75F8 . EB 14 jmp short Unpacked.004A760E
004A75FA .^ E9 DDBDF5FF jmp Unpacked.004033DC
004A75FF . 33DB xor ebx,ebx
004A7601 . E8 32C1F5FF call Unpacked.00403738
004A7606 . EB 06 jmp short Unpacked.004A760E
004A7608 > 33DB xor ebx,ebx
004A760A . EB 02 jmp short Unpacked.004A760E
004A760C > 33DB xor ebx,ebx
004A760E > 33C0 xor eax,eax
004A7610 . 5A pop edx
004A7611 . 59 pop ecx
004A7612 . 59 pop ecx
004A7613 . 64:8910 mov dword ptr fs:[eax],edx
004A7616 . 68 30764A00 push Unpacked.004A7630
004A761B > 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
004A761E . BA 07000000 mov edx,7
004A7623 . E8 94C6F5FF call Unpacked.00403CBC
004A7628 . C3 retn
-------------------------------------------------------------------------------------------------------------------
这个函数中,在004A75B0处调用call Unpacked.004A7648验证注册码,验证通过,再根据注册码前4位计算注册授权数。
先看看注册验证过程:
-------------------------------------------------------------------------------------------------------------------
004A7648 $ 55 push ebp
004A7649 . 8BEC mov ebp,esp
004A764B . B9 04000000 mov ecx,4
004A7650 > 6A 00 push 0
004A7652 . 6A 00 push 0
004A7654 . 49 dec ecx
004A7655 .^ 75 F9 jnz short Unpacked.004A7650
004A7657 . 51 push ecx
004A7658 . 53 push ebx
004A7659 . 56 push esi
004A765A . 57 push edi
004A765B . 8955 F8 mov dword ptr ss:[ebp-8],edx
004A765E . 8945 FC mov dword ptr ss:[ebp-4],eax
004A7661 . 8B45 FC mov eax,dword ptr ss:[ebp-4]
004A7664 . E8 63CAF5FF call Unpacked.004040CC
004A7669 . 33C0 xor eax,eax
004A766B . 55 push ebp
004A766C . 68 99774A00 push Unpacked.004A7799
004A7671 . 64:FF30 push dword ptr fs:[eax]
004A7674 . 64:8920 mov dword ptr fs:[eax],esp
004A7677 . 8B1D 24F94C00 mov ebx,dword ptr ds:[4CF924] ; EBX=0014DAF
004A767D . 8D55 E4 lea edx,dword ptr ss:[ebp-1C]
004A7680 . 8B45 FC mov eax,dword ptr ss:[ebp-4] ; 注册码[1-4]+注册名,记为S
004A7683 . E8 1413F6FF call Unpacked.0040899C ; sysutils.UpperCase(AnsiString):AnsiString;
004A7688 . 8B55 E4 mov edx,dword ptr ss:[ebp-1C] ; 转为大写,记为S
004A768B . 8D45 FC lea eax,dword ptr ss:[ebp-4]
004A768E . E8 9DC6F5FF call Unpacked.00403D30
004A7693 . 8B45 FC mov eax,dword ptr ss:[ebp-4] ; S
004A7696 . E8 7DC8F5FF call Unpacked.00403F18 ; Length
004A769B . 85C0 test eax,eax
004A769D . 7E 68 jle short Unpacked.004A7707
004A769F . 8945 E8 mov dword ptr ss:[ebp-18],eax ; 长度
004A76A2 . C745 F4 01000>mov dword ptr ss:[ebp-C],1 ; i=1
004A76A9 > 33D2 xor edx,edx
004A76AB . 55 push ebp
004A76AC . 68 F0764A00 push Unpacked.004A76F0
004A76B1 . 64:FF32 push dword ptr fs:[edx]
004A76B4 . 64:8922 mov dword ptr fs:[edx],esp
004A76B7 . 8B45 FC mov eax,dword ptr ss:[ebp-4] ; S
004A76BA . 8B55 F4 mov edx,dword ptr ss:[ebp-C] ; i
004A76BD . 8A4410 FF mov al,byte ptr ds:[eax+edx-1] ; S[i]
004A76C1 . 3C 20 cmp al,20 ; '空格'
004A76C3 . 75 0C jnz short Unpacked.004A76D1 ; S[i]不是空格跳转
004A76C5 . 64:8F05 00000>pop dword ptr fs:[0]
004A76CC . 83C4 08 add esp,8
004A76CF . EB 2E jmp short Unpacked.004A76FF ; 是空格继续下个循环
004A76D1 > 8B55 FC mov edx,dword ptr ss:[ebp-4] ; S
004A76D4 . 8B4D F4 mov ecx,dword ptr ss:[ebp-C] ; i
004A76D7 . 25 FF000000 and eax,0FF ; S[i]
004A76DC . F7EB imul ebx ; S[i]*累加数
004A76DE . 0305 24F94C00 add eax,dword ptr ds:[4CF924] ; S[i]*累加数+00014DAF
004A76E4 . 8BD8 mov ebx,eax
004A76E6 . 33C0 xor eax,eax
004A76E8 . 5A pop edx
004A76E9 . 59 pop ecx
004A76EA . 59 pop ecx
004A76EB . 64:8910 mov dword ptr fs:[eax],edx
004A76EE . EB 0F jmp short Unpacked.004A76FF
004A76F0 .^ E9 E7BCF5FF jmp Unpacked.004033DC
004A76F5 . BB E7030000 mov ebx,3E7
004A76FA . E8 39C0F5FF call Unpacked.00403738
004A76FF > FF45 F4 inc dword ptr ss:[ebp-C]
004A7702 . FF4D E8 dec dword ptr ss:[ebp-18]
004A7705 .^ 75 A2 jnz short Unpacked.004A76A9
004A7707 > 8D45 F0 lea eax,dword ptr ss:[ebp-10]
004A770A . 50 push eax
004A770B . 8D4D E0 lea ecx,dword ptr ss:[ebp-20]
004A770E . BA 08000000 mov edx,8
004A7713 . 8BC3 mov eax,ebx
004A7715 . E8 1218F6FF call Unpacked.00408F2C ; IntToHex(Integer;Integer)
004A771A . 8B45 E0 mov eax,dword ptr ss:[ebp-20]
004A771D . B9 04000000 mov ecx,4
004A7722 . BA 01000000 mov edx,1
004A7727 . E8 F4C9F5FF call Unpacked.00404120 ; system.@LStrCopy;
004A772C . 8D45 EC lea eax,dword ptr ss:[ebp-14]
004A772F . 50 push eax
004A7730 . 8D4D DC lea ecx,dword ptr ss:[ebp-24]
004A7733 . BA 08000000 mov edx,8
004A7738 . 8BC3 mov eax,ebx
004A773A . E8 ED17F6FF call Unpacked.00408F2C ; IntToHex(Integer;Integer)
004A773F . 8B45 DC mov eax,dword ptr ss:[ebp-24]
004A7742 . B9 04000000 mov ecx,4
004A7747 . BA 05000000 mov edx,5
004A774C . E8 CFC9F5FF call Unpacked.00404120 ; system.@LStrCopy;
004A7751 . FF75 F0 push dword ptr ss:[ebp-10]
004A7754 . 68 B0774A00 push Unpacked.004A77B0 ; '-'
004A7759 . FF75 EC push dword ptr ss:[ebp-14]
004A775C . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004A775F . BA 03000000 mov edx,3
004A7764 . E8 6FC8F5FF call Unpacked.00403FD8 ; system.@LStrCatN;
004A7769 . 33C0 xor eax,eax
004A776B . 5A pop edx
004A776C . 59 pop ecx
004A776D . 59 pop ecx
004A776E . 64:8910 mov dword ptr fs:[eax],edx
004A7771 . 68 A0774A00 push Unpacked.004A77A0
004A7776 > 8D45 DC lea eax,dword ptr ss:[ebp-24]
004A7779 . BA 03000000 mov edx,3
004A777E . E8 39C5F5FF call Unpacked.00403CBC
004A7783 . 8D45 EC lea eax,dword ptr ss:[ebp-14]
004A7786 . BA 02000000 mov edx,2
004A778B . E8 2CC5F5FF call Unpacked.00403CBC
004A7790 . 8D45 FC lea eax,dword ptr ss:[ebp-4]
004A7793 . E8 00C5F5FF call Unpacked.00403C98
004A7798 . C3 retn
-------------------------------------------------------------------------------------------------------------------
这个函数不是很复杂,根据注册码前4位+用户名计算注册码的后9位。
『算法总结』:
1、注册码长度必须为14位,第5位未参加计算,可以位任意字符,我将它定为'-';
2、$+注册码前4位-$00000237=许可数,可以根据自己需要的许可数确定注册码的前4位;
3、注册码的后9位由注册码的前4位(包含用户许可数)+用户名计算获得,计算过程如下:
常量Num = $0014DAF;
注册码的前4位(包含用户许可数)+用户名计算循环计算过程累加数,记为Sum,初始值=Num;
Sum=(注册码的前4位+用户名)[i]*Sum+Num; i=1 To Length(注册码的前4位+用户名),当包含空格直接开始下一个循环;
4、将Sum以8位16进制输出,中间插入'-',即为注册码后9位。
完整注册码:步骤2+步骤1+步骤4,共14位,格式如:AAAA-BBBB-CCCC
Delphi 7.0 算法注册机源代码如下:
Procedure TForm1.btn1Click(Sender: TObject);
Const
Num = $0014DAF;
Var
i, License: Integer;
Sum: DWORD;
Name, Serial1, Serial2: String;
Begin
License := StrToIntDef(edt2.Text, 0); //许可数
If (License = 0) Or ((License + $00000237) > $FFFF) Then //许可数量范围限制
Begin
Edt3.Clear;
MessageBox(0, '注册许可数量超出范围!', '错误', MB_OK + MB_ICONWARNING);
Exit;
End;
Serial1 := IntToHex(License + $00000237, 4);
Name := UpperCase(edt1.Text); //用户名
Serial2 := Serial1 + Name;
Sum := Num; //初始化累加数
For i := 1 To Length(Serial2) Do
If Ord(Serial2[i]) <> $20 Then Sum := Ord(Serial2[i]) * Sum + Num;
Serial2 := IntToHex(Sum, 8);
Edt3.Text := Serial1 + '-' + Copy(Serial2, 1, 4) + '-' + Copy(Serial2, 5, 4);
End;
我的注册信息:
注册名:Baby2008
授权数:10000
注册码:2947-DB03-6177
— 完 —