【软件名称】XnView V1.90.3 多语言(中文)绿色版
【资源来自】霏凡软件http://www.crsky.com/default.html。
【应用平台】Win2000
【作者邮箱】chubing6143@sina.com
【破解过程】该软件注册过程非常清晰,如果想爆破太简单了,但是对于我等菜鸟跟踪算法写注册机到不失为一个不错的例子。
友情提示:跟踪算法时如果担心自己记不住,最好自己用高级语言实现一遍,记笔记了。
利用PEID察看该软件是ASPack 2.12b -> Alexey Solodovnikov加壳,利用OD自己手动脱壳,脱壳过程在此就不再赘述了。脱壳后发现是VC下的程序,通过下BP MessageBox可以定位到下面关键地方:
00534470 . 81EC 68010000 sub esp,168
00534476 . 8D4424 68 lea eax,dword ptr ss:[esp+68]
0053447A . 56 push esi
0053447B . 8BB424 70010000 mov esi,dword ptr ss:[esp+170]
00534482 . 57 push edi
00534483 . 8B3D 78A66600 mov edi,dword ptr ds:[<&USER32.GetDlgI>; USER32.GetDlgItemTextA
00534489 . 68 00010000 push 100 ; /Count = 100 (256.)
0053448E . 50 push eax ; |Buffer
0053448F . 68 D0070000 push 7D0 ; |ControlID = 7D0 (2000.)
00534494 . 56 push esi ; |hWnd
00534495 . FFD7 call edi ; \用户名
00534497 . 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
0053449B . 6A 20 push 20 ; /Count = 20 (32.)
0053449D . 51 push ecx ; |Buffer
0053449E . 68 D1070000 push 7D1 ; |ControlID = 7D1 (2001.)
005344A3 . 56 push esi ; |hWnd
005344A4 . FFD7 call edi ; \注册码
005344A6 . 8A4424 70 mov al,byte ptr ss:[esp+70]
005344AA . 84C0 test al,al
005344AC . 0F84 3A010000 je dumped.005345EC ; 判断用户名是否为空
005344B2 . 8A4424 10 mov al,byte ptr ss:[esp+10]
005344B6 . 84C0 test al,al
005344B8 . 0F84 2E010000 je dumped.005345EC ; 判断注册码是否为空
005344BE . 8D5424 08 lea edx,dword ptr ss:[esp+8]
005344C2 . 8D4424 70 lea eax,dword ptr ss:[esp+70]
005344C6 . 52 push edx
005344C7 . 50 push eax
005344C8 . E8 F3AEF9FF call dumped.004CF3C0 ; 用户名运算
005344CD . 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
005344D1 . 51 push ecx
005344D2 . E8 7C660200 call dumped.0055AB53 ; 注册码运算
005344D7 . 8B4C24 14 mov ecx,dword ptr ss:[esp+14]
005344DB . 83C4 0C add esp,0C
005344DE . 3BC8 cmp ecx,eax ; 用户名运算结果与注册码运算结果进行比较
005344E0 74 5D je short dumped.0053453F ; 关键跳转
005344E2 . A1 A0B16E00 mov eax,dword ptr ds:[6EB1A0]
005344E7 . 8D5424 30 lea edx,dword ptr ss:[esp+30]
005344EB . 6A 40 push 40 ; /Count = 40 (64.)
005344ED . 52 push edx ; |Buffer
005344EE . 68 93130000 push 1393 ; |RsrcID = STRING "Invalid registration"
005344F3 . 50 push eax ; |hInst => 10000000
005344F4 . FF15 10A76600 call dword ptr ds:[<&USER32.LoadString>; \LoadStringA
005344FA . 6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
005344FC . 8D4C24 34 lea ecx,dword ptr ss:[esp+34] ; |
00534500 . 68 EC316E00 push dumped.006E31EC ; |Title = ""
00534505 . 51 push ecx ; |Text
00534506 . 56 push esi ; |hOwner
00534507 . FF15 98A66600 call dword ptr ds:[<&USER32.MessageBox>; \MessageBoxA
0053450D . 68 D0070000 push 7D0 ; /ControlID = 7D0 (2000.)
00534512 . 56 push esi ; |hWnd
00534513 . FF15 90A66600 call dword ptr ds:[<&USER32.GetDlgItem>; \GetDlgItem
00534519 . 50 push eax ; /hWnd
0053451A . FF15 D0A66600 call dword ptr ds:[<&USER32.SetFocus>] ; \SetFocus
00534520 . 68 EC316E00 push dumped.006E31EC ; /Text = ""
00534525 . 68 D1070000 push 7D1 ; |ControlID = 7D1 (2001.)
0053452A . 56 push esi ; |hWnd
0053452B . FF15 8CA66600 call dword ptr ds:[<&USER32.SetDlgItem>; \SetDlgItemTextA
00534531 . 5F pop edi
00534532 . B8 01000000 mov eax,1
00534537 . 5E pop esi
00534538 . 81C4 68010000 add esp,168
0053453E . C3 retn
0053453F > 8D5424 70 lea edx,dword ptr ss:[esp+70]
00534543 . 68 00010000 push 100
00534548 . 52 push edx
00534549 . 68 D0070000 push 7D0
0053454E . 56 push esi
0053454F . FFD7 call edi
00534551 . 8D4424 10 lea eax,dword ptr ss:[esp+10]
00534555 . 6A 20 push 20
00534557 . 50 push eax
00534558 . 68 D1070000 push 7D1
0053455D . 56 push esi
0053455E . FFD7 call edi
00534560 . 8D4C24 70 lea ecx,dword ptr ss:[esp+70]
00534564 . 51 push ecx
00534565 . 68 3CF06B00 push dumped.006BF03C ; ASCII "LicenseName"
0053456A . 6A 00 push 0
0053456C . E8 CF49F7FF call dumped.004A8F40
00534571 . 8D5424 1C lea edx,dword ptr ss:[esp+1C]
00534575 . 52 push edx
00534576 . 68 2CF06B00 push dumped.006BF02C ; ASCII "LicenseNumber"
0053457B . 6A 00 push 0
0053457D . E8 BE49F7FF call dumped.004A8F40
00534582 . A1 A8B16E00 mov eax,dword ptr ds:[6EB1A8]
00534587 . 83C4 18 add esp,18
0053458A . C705 C8B16E00 010>mov dword ptr ds:[6EB1C8],1
00534594 . 6A 01 push 1 ; /Flags = MF_BYCOMMAND|MF_GRAYED|MF_STRING
00534596 . 68 F2000000 push 0F2 ; |ItemID = F2 (242.)
0053459B . 50 push eax ; |/hWnd => 001C0320 ('XnView v1.90.3 - [浏览器 - D...',class='XmainClass')
0053459C . FF15 30A76600 call dword ptr ds:[<&USER32.GetMenu>] ; |\GetMenu
005345A2 . 50 push eax ; |hMenu
005345A3 . FF15 E4A66600 call dword ptr ds:[<&USER32.EnableMenu>; \EnableMenuItem
005345A9 . 8B15 A0B16E00 mov edx,dword ptr ds:[6EB1A0] ; xnviewzh.10000000
005345AF . 8D4C24 30 lea ecx,dword ptr ss:[esp+30]
005345B3 . 6A 40 push 40 ; /Count = 40 (64.)
005345B5 . 51 push ecx ; |Buffer
005345B6 . 68 94130000 push 1394 ; |RsrcID = STRING "Registration successful.
Thank you for purchasing XnView."
005345BB . 52 push edx ; |hInst => 10000000
005345BC . FF15 10A76600 call dword ptr ds:[<&USER32.LoadString>; \LoadStringA
005345C2 . 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
005345C4 . 8D4424 34 lea eax,dword ptr ss:[esp+34] ; |
005345C8 . 68 EC316E00 push dumped.006E31EC ; |Title = ""
005345CD . 50 push eax ; |Text
005345CE . 56 push esi ; |hOwner
005345CF . FF15 98A66600 call dword ptr ds:[<&USER32.MessageBox>; \MessageBoxA
005345D5 . 6A 00 push 0 ; /Result = 0
005345D7 . 56 push esi ; |hWnd
005345D8 . FF15 7CA66600 call dword ptr ds:[<&USER32.EndDialog>>; \EndDialog
005345DE . 5F pop edi
005345DF . B8 01000000 mov eax,1
005345E4 . 5E pop esi
005345E5 . 81C4 68010000 add esp,168
005345EB . C3 retn
005345EC > 8B15 A0B16E00 mov edx,dword ptr ds:[6EB1A0] ; xnviewzh.10000000
005345F2 . 8D4C24 30 lea ecx,dword ptr ss:[esp+30]
005345F6 . 6A 40 push 40 ; /Count = 40 (64.)
005345F8 . 51 push ecx ; |Buffer
005345F9 . 68 93130000 push 1393 ; |RsrcID = STRING "Invalid registration"
005345FE . 52 push edx ; |hInst => 10000000
005345FF . FF15 10A76600 call dword ptr ds:[<&USER32.LoadString>; \LoadStringA
00534605 . 6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
00534607 . 8D4424 34 lea eax,dword ptr ss:[esp+34] ; |
0053460B . 68 EC316E00 push dumped.006E31EC ; |Title = ""
00534610 . 50 push eax ; |Text
00534611 . 56 push esi ; |hOwner
00534612 . FF15 98A66600 call dword ptr ds:[<&USER32.MessageBox>; \MessageBoxA
00534618 . 5F pop edi
00534619 . B8 01000000 mov eax,1
0053461E . 5E pop esi
0053461F . 81C4 68010000 add esp,168
00534625 . C3 retn
程序注册过程为将用户名进行运算得到结果TEMP1,然后将注册码进行运算得到结果TEMP2,如果TEMP1==TEMP2,则认为注册成功,下面重点分析,用户名及注册码运算过程分析,首先分析用户名运算的算法:
004CF3C0 /$ 8B5424 04 mov edx,dword ptr ss:[esp+4]
004CF3C4 |. 53 push ebx
004CF3C5 |. 55 push ebp
004CF3C6 |. 56 push esi
004CF3C7 |. 57 push edi
004CF3C8 |. 8BFA mov edi,edx
004CF3CA |. 83C9 FF or ecx,FFFFFFFF
004CF3CD |. 33C0 xor eax,eax
004CF3CF |. F2:AE repne scas byte ptr es:[edi]
004CF3D1 |. F7D1 not ecx
004CF3D3 |. 49 dec ecx
004CF3D4 |. BE 78E46B00 mov esi,dumped.006BE478
004CF3D9 |. 8BE9 mov ebp,ecx
004CF3DB |. B9 05000000 mov ecx,5
004CF3E0 |. BF 784E6E00 mov edi,dumped.006E4E78
004CF3E5 |. F3:A5 rep movs dword ptr es:[edi],dword ptr >
004CF3E7 |. 8BF0 mov esi,eax
004CF3E9 |. 74 21 je short dumped.004CF40C
004CF3EB |> 8A0C16 /mov cl,byte ptr ds:[esi+edx] ; 逐位取用户名
004CF3EE |. 8AD9 |mov bl,cl
004CF3F0 |. 3298 784E6E00 |xor bl,byte ptr ds:[eax+6E4E78] ; 与已知的Key进行异或
004CF3F6 |. 40 |inc eax
004CF3F7 |. 83F8 05 |cmp eax,5
004CF3FA |. 881C16 |mov byte ptr ds:[esi+edx],bl
004CF3FD |. 8888 774E6E00 |mov byte ptr ds:[eax+6E4E77],cl
004CF403 |. 75 02 |jnz short dumped.004CF407
004CF405 |. 33C0 |xor eax,eax
004CF407 |> 46 |inc esi
004CF408 |. 3BF5 |cmp esi,ebp
004CF40A |.^ 72 DF \jb short dumped.004CF3EB
004CF40C |> 33FF xor edi,edi
004CF40E |. 33C9 xor ecx,ecx
004CF410 |. 85ED test ebp,ebp
004CF412 |. 76 26 jbe short dumped.004CF43A
004CF414 |> 8A9F 7D4E6E00 /mov bl,byte ptr ds:[edi+6E4E7D]
004CF41A |. 8BF5 |mov esi,ebp
004CF41C |. 2BF1 |sub esi,ecx
004CF41E |. 4E |dec esi
004CF41F |. 8A0416 |mov al,byte ptr ds:[esi+edx]
004CF422 |. 32D8 |xor bl,al
004CF424 |. 47 |inc edi
004CF425 |. 881C16 |mov byte ptr ds:[esi+edx],bl
004CF428 |. 8887 7C4E6E00 |mov byte ptr ds:[edi+6E4E7C],al
004CF42E |. 83FF 05 |cmp edi,5
004CF431 |. 75 02 |jnz short dumped.004CF435
004CF433 |. 33FF |xor edi,edi
004CF435 |> 41 |inc ecx
004CF436 |. 3BCD |cmp ecx,ebp
004CF438 |.^ 72 DA \jb short dumped.004CF414
004CF43A |> 33F6 xor esi,esi
004CF43C |. 33FF xor edi,edi
004CF43E |. 85ED test ebp,ebp
004CF440 |. 76 21 jbe short dumped.004CF463
004CF442 |> 8A0417 /mov al,byte ptr ds:[edi+edx]
004CF445 |. 8A8E 824E6E00 |mov cl,byte ptr ds:[esi+6E4E82]
004CF44B |. 32C8 |xor cl,al
004CF44D |. 46 |inc esi
004CF44E |. 880C17 |mov byte ptr ds:[edi+edx],cl
004CF451 |. 8886 814E6E00 |mov byte ptr ds:[esi+6E4E81],al
004CF457 |. 83FE 05 |cmp esi,5
004CF45A |. 75 02 |jnz short dumped.004CF45E
004CF45C |. 33F6 |xor esi,esi
004CF45E |> 47 |inc edi
004CF45F |. 3BFD |cmp edi,ebp
004CF461 |.^ 72 DF \jb short dumped.004CF442
004CF463 |> 33FF xor edi,edi
004CF465 |. 33C9 xor ecx,ecx
004CF467 |. 85ED test ebp,ebp
004CF469 |. 76 26 jbe short dumped.004CF491
004CF46B |> 8A9F 874E6E00 /mov bl,byte ptr ds:[edi+6E4E87]
004CF471 |. 8BF5 |mov esi,ebp
004CF473 |. 2BF1 |sub esi,ecx
004CF475 |. 4E |dec esi
004CF476 |. 8A0416 |mov al,byte ptr ds:[esi+edx]
004CF479 |. 32D8 |xor bl,al
004CF47B |. 47 |inc edi
004CF47C |. 881C16 |mov byte ptr ds:[esi+edx],bl
004CF47F |. 8887 864E6E00 |mov byte ptr ds:[edi+6E4E86],al
004CF485 |. 83FF 05 |cmp edi,5
004CF488 |. 75 02 |jnz short dumped.004CF48C
004CF48A |. 33FF |xor edi,edi
004CF48C |> 41 |inc ecx
004CF48D |. 3BCD |cmp ecx,ebp
004CF48F |.^ 72 DA \jb short dumped.004CF46B
004CF491 |> 8B7C24 18 mov edi,dword ptr ss:[esp+18]
004CF495 |. 33C0 xor eax,eax
004CF497 |. 85ED test ebp,ebp
004CF499 |. C707 00000000 mov dword ptr ds:[edi],0
004CF49F |. 76 17 jbe short dumped.004CF4B8
004CF4A1 |> 8BC8 /mov ecx,eax
004CF4A3 |. 83E1 03 |and ecx,3
004CF4A6 |. 8A1C39 |mov bl,byte ptr ds:[ecx+edi]
004CF4A9 |. 8D3439 |lea esi,dword ptr ds:[ecx+edi]
004CF4AC |. 8A0C10 |mov cl,byte ptr ds:[eax+edx]
004CF4AF |. 02D9 |add bl,cl
004CF4B1 |. 40 |inc eax
004CF4B2 |. 3BC5 |cmp eax,ebp
004CF4B4 |. 881E |mov byte ptr ds:[esi],bl
004CF4B6 |.^ 72 E9 \jb short dumped.004CF4A1
004CF4B8 |> 5F pop edi
004CF4B9 |. 5E pop esi
004CF4BA |. 5D pop ebp
004CF4BB |. 5B pop ebx
004CF4BC \. C3 retn
程序中将用户名和已知的KEY进行了好几次异或运算,我觉得如果写注释还不如我将其用高级语言写出来了. 用C语言实现如下,为了方便我取变量名称基本与汇编程序中一样:
int length=m_name.GetLength();
unsigned char *name=new unsigned char[length];
unsigned char nameResult[4]={0,0,0,0};
unsigned long nameRR;
strcpy((char*)name,m_name.GetBuffer(0));
int ebxTemp=0;
int temp1;
int ecxTemp;
int eaxTemp=0;
int esiTemp=0;
unsigned char key[20]={0xAA,0x89,0xC4,0xFE,0x46,0x78,0xF0,0xD0,
0x03,0xE7,0xF7,0xFD,0xF4,0xE7,0xB9,0xB5,
0x1B,0xC9,0x50,0x73};
do
{
temp1=name[esiTemp];
name[esiTemp]=name[esiTemp]^key[eaxTemp];
key[eaxTemp]=temp1;
eaxTemp++;
esiTemp++;
if(eaxTemp==5)
eaxTemp=0;
}while(esiTemp<length);
ecxTemp=0;
int ediTemp=0;
do
{
esiTemp=length-ecxTemp;
esiTemp--;
temp1=name[esiTemp];
name[esiTemp]=name[esiTemp]^key[ediTemp+5];
key[ediTemp+5]=temp1;
ediTemp++;
ecxTemp++;
if(ediTemp==5)
ediTemp=0;
}while(ecxTemp<length);
ediTemp=0;
esiTemp=0;
do
{
temp1=name[ediTemp];
name[ediTemp]=name[ediTemp]^key[esiTemp+0xA];
key[esiTemp+0xA]=temp1;
ediTemp++;
esiTemp++;
if(esiTemp==5)
esiTemp=0;
}while(ediTemp<length);
ecxTemp=0;
ediTemp=0;
do
{
esiTemp=length-ecxTemp;
esiTemp--;
temp1=name[esiTemp];
name[esiTemp]=name[esiTemp]^key[ediTemp+0xF];
key[ediTemp+0xF]=temp1;
ediTemp++;
ecxTemp++;
if(ediTemp==5)
ediTemp=0;
}while(ecxTemp<length);
eaxTemp=0;
do
{
ecxTemp=eaxTemp;
ecxTemp&=3;
nameResult[ecxTemp]+=name[eaxTemp];
eaxTemp++;
}while(eaxTemp<length);
而注册码运算过程,如果我们死搬程序用C语言实现可以简单写成下面:
unsigned char key2[34*8-10]={
0x20,0x00,0x20,0x00,0x20,0x00,
0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,
0x20,0x00,0x20,0x00,0x28,0x00,0x28,0x00,
0x28,0x00,0x28,0x00,0x28,0x00,0x20,0x00,
0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,
0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,
0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,
0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,
0x20,0x00,0x48,0x00,0x10,0x00,0x10,0x00,
0x10,0x00,0x10,0x00,0x10,0x00,0x10,0x00,
0x10,0x00,0x10,0x00,0x10,0x00,0x10,0x00,
0x10,0x00,0x10,0x00,0x10,0x00,0x10,0x00,
0x10,0x00,0x84,0x00,0x84,0x00,0x84,0x00,
0x84,0x00,0x84,0x00,0x84,0x00,0x84,0x00,
0x84,0x00,0x84,0x00,0x84,0x00,0x10,0x00,
0x10,0x00,0x10,0x00,0x10,0x00,0x10,0x00,
0x10,0x00,0x10,0x00,0x81,0x00,0x81,0x00,
0x81,0x00,0x81,0x00,0x81,0x00,0x81,0x00,
0x01,0x00,0x01,0x00,0x01,0x00,0x01,0x00,
0x01,0x00,0x01,0x00,0x01,0x00,0x01,0x00,
0x01,0x00,0x01,0x00,0x01,0x00,0x01,0x00,
0x01,0x00,0x01,0x00,0x01,0x00,0x01,0x00,
0x01,0x00,0x01,0x00,0x01,0x00,0x01,0x00,
0x10,0x00,0x10,0x00,0x10,0x00,0x10,0x00,
0x10,0x00,0x10,0x00,0x82,0x00,0x82,0x00,
0x82,0x00,0x82,0x00,0x82,0x00,0x82,0x00,
0x02,0x00,0x02,0x00,0x02,0x00,0x02,0x00,
0x02,0x00,0x02,0x00,0x02,0x00,0x02,0x00,
0x02,0x00,0x02,0x00,0x02,0x00,0x02,0x00,
0x02,0x00,0x02,0x00,0x02,0x00,0x02,0x00,
0x02,0x00,0x02,0x00,0x02,0x00,0x02,0x00,
0x10,0x00,0x10,0x00,0x10,0x00,0x10,0x00,
0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
unsigned char code[10]={'1','0','3','9','1','8','4','0','1','2'};
ediTemp=0;
do
{
eaxTemp=code[ediTemp];
eaxTemp=key2[eaxTemp*2];
eaxTemp&=8;
if(eaxTemp!=0)
ediTemp++;
}while(eaxTemp!=0);
length=10;
ebxTemp=0;
for(ediTemp=0;ediTemp<length;ediTemp++)
{
eaxTemp=key2[code[ediTemp]*2];
eaxTemp&=4;
if(eaxTemp==0)
break;
eaxTemp=ebxTemp+ebxTemp*4;
ebxTemp=code[ediTemp]+eaxTemp*2-0x30;
}
eaxTemp=ebxTemp;
是不是被吓着了阿,我刚开始都被吓着了,但是我见在纸上写了一下eaxTemp的计算步骤如下:
code[0]
code[0]*5*2+code[1]
(code[0]*5*2+code[1])*5*2+code[2]
......
发现没有,哈哈,主要是我算法不熟悉,害得我干了半天,其实运算过程就是注册码的十进制大小了。
这样注册机就很好写了,只要将TEMP1计算出来,然后转化为10进制大小就是注册码了。
注册机程序如下:
void CcrackDlg::OnGenerate()
{
UpdateData(TRUE);
int length=m_name.GetLength();
unsigned char *name=new unsigned char[length];
unsigned char nameResult[4]={0,0,0,0};
unsigned long nameRR;
strcpy((char*)name,m_name.GetBuffer(0));
int ebxTemp=0;
int temp1;
int ecxTemp;
int eaxTemp=0;
int esiTemp=0;
unsigned char key[20]={0xAA,0x89,0xC4,0xFE,0x46,0x78,0xF0,0xD0,
0x03,0xE7,0xF7,0xFD,0xF4,0xE7,0xB9,0xB5,
0x1B,0xC9,0x50,0x73};
do
{
temp1=name[esiTemp];
name[esiTemp]=name[esiTemp]^key[eaxTemp];
key[eaxTemp]=temp1;
eaxTemp++;
esiTemp++;
if(eaxTemp==5)
eaxTemp=0;
}while(esiTemp<length);
ecxTemp=0;
int ediTemp=0;
do
{
esiTemp=length-ecxTemp;
esiTemp--;
temp1=name[esiTemp];
name[esiTemp]=name[esiTemp]^key[ediTemp+5];
key[ediTemp+5]=temp1;
ediTemp++;
ecxTemp++;
if(ediTemp==5)
ediTemp=0;
}while(ecxTemp<length);
ediTemp=0;
esiTemp=0;
do
{
temp1=name[ediTemp];
name[ediTemp]=name[ediTemp]^key[esiTemp+0xA];
key[esiTemp+0xA]=temp1;
ediTemp++;
esiTemp++;
if(esiTemp==5)
esiTemp=0;
}while(ediTemp<length);
ecxTemp=0;
ediTemp=0;
do
{
esiTemp=length-ecxTemp;
esiTemp--;
temp1=name[esiTemp];
name[esiTemp]=name[esiTemp]^key[ediTemp+0xF];
key[ediTemp+0xF]=temp1;
ediTemp++;
ecxTemp++;
if(ediTemp==5)
ediTemp=0;
}while(ecxTemp<length);
eaxTemp=0;
do
{
ecxTemp=eaxTemp;
ecxTemp&=3;
nameResult[ecxTemp]+=name[eaxTemp];
eaxTemp++;
}while(eaxTemp<length);
nameRR=nameResult[0]+(nameResult[1]<<8)+(nameResult[2]<<16)+(nameResult[3]<<24);
char SN[100];
sprintf(SN,"%d",nameRR);
m_code=SN;
UpdateData(FALSE);
}
得到一组有用的注册码:
laowang
1039184012