【破文标题】高效e人 Ver2.98(Build 243) 算法分析
【破文作者】Blackk
【作者邮箱】191477631@qq.com
【作者主页】Http://Blackk.co.cc
【破解工具】OD
【破解平台】XP SP3
【软件名称】高效e人 Ver2.98(Build 243)
【软件大小】3.96 MB
【原版下载】http://www.gaoxiaoeren.com/download.htm
【破解声明】本解密分析文章仅限用于学习和研究目的,不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。如果您喜欢该程序,请支持正版软件,购买注册,得到更好的正版服务。
------------------------------------------------------------------------
【破解过程】bp MessageBoxExA
//算法入口
代码:
00B4378C /$ 55 push ebp 00B4378D |. 8BEC mov ebp, esp 00B4378F |. 33C9 xor ecx, ecx 00B43791 |. 51 push ecx 00B43792 |. 51 push ecx 00B43793 |. 51 push ecx 00B43794 |. 51 push ecx 00B43795 |. 51 push ecx 00B43796 |. 53 push ebx 00B43797 |. 8BD8 mov ebx, eax 00B43799 |. 33C0 xor eax, eax 00B4379B |. 55 push ebp 00B4379C |. 68 A038B400 push 00B438A0 00B437A1 |. 64:FF30 push dword ptr fs:[eax] 00B437A4 |. 64:8920 mov dword ptr fs:[eax], esp 00B437A7 |. 8D55 F8 lea edx, dword ptr [ebp-8] 00B437AA |. 8BC3 mov eax, ebx 00B437AC |. E8 53010000 call 00B43904 ; 取用户名 00B437B1 |. 8B45 F8 mov eax, dword ptr [ebp-8] 00B437B4 |. E8 CB198CFF call 00405184 ; 取用户名长度 00B437B9 |. 85C0 test eax, eax 00B437BB |. 75 3E jnz short 00B437FB ; 验证是否输入用户名 00B437BD |. A0 AC38B400 mov al, byte ptr [B438AC] 00B437C2 |. 50 push eax 00B437C3 |. B2 01 mov dl, 1 00B437C5 |. A1 08179400 mov eax, dword ptr [941708] 00B437CA |. E8 256DE0FF call 0094A4F4 00B437CF |. 8D55 F4 lea edx, dword ptr [ebp-C] 00B437D2 |. E8 6962E0FF call 00949A40 00B437D7 |. 8B55 F4 mov edx, dword ptr [ebp-C] 00B437DA |. 33C9 xor ecx, ecx 00B437DC |. A1 E87D8800 mov eax, dword ptr [887DE8] 00B437E1 |. E8 3A59D4FF call 00889120 00B437E6 |. 8B93 28030000 mov edx, dword ptr [ebx+328] 00B437EC |. A1 347D8800 mov eax, dword ptr [887D34] 00B437F1 |. E8 8A51D4FF call 00888980 00B437F6 |. E8 F1EE8CFF call 004126EC 00B437FB |> E8 D0EAFCFF call 00B122D0 00B43800 |. 8945 FC mov dword ptr [ebp-4], eax 00B43803 |. 33C0 xor eax, eax 00B43805 |. 55 push ebp 00B43806 |. 68 7E38B400 push 00B4387E 00B4380B |. 64:FF30 push dword ptr fs:[eax] 00B4380E |. 64:8920 mov dword ptr fs:[eax], esp 00B43811 |. 8D55 F0 lea edx, dword ptr [ebp-10] 00B43814 |. 8BC3 mov eax, ebx 00B43816 |. E8 95000000 call 00B438B0 ; 取注册码 00B4381B |. 8B55 F0 mov edx, dword ptr [ebp-10] 00B4381E |. 8B45 FC mov eax, dword ptr [ebp-4] 00B43821 |. E8 86C9E0FF call 009501AC ; 算法CALL
//算法CALL
代码:
009501AC /$ 55 push ebp 009501AD |. 8BEC mov ebp,esp 009501AF |. B9 06000000 mov ecx,0x6 009501B4 |> 6A 00 /push 0x0 009501B6 |. 6A 00 |push 0x0 009501B8 |. 49 |dec ecx 009501B9 |.^ 75 F9 \jnz short Efficien.009501B4 009501BB |. 53 push ebx 009501BC |. 56 push esi 009501BD |. 57 push edi 009501BE |. 8BF2 mov esi,edx 009501C0 |. 8BF8 mov edi,eax 009501C2 |. 33C0 xor eax,eax 009501C4 |. 55 push ebp 009501C5 |. 68 85039500 push Efficien.00950385 009501CA |. 64:FF30 push dword ptr fs:[eax] 009501CD |. 64:8920 mov dword ptr fs:[eax],esp 009501D0 |. 33DB xor ebx,ebx 009501D2 |. 8B47 08 mov eax,dword ptr ds:[edi+0x8] 009501D5 |. E8 AA4FABFF call Efficien.00405184 009501DA |. 50 push eax 009501DB |. 8B47 0C mov eax,dword ptr ds:[edi+0xC] 009501DE |. E8 A14FABFF call Efficien.00405184 009501E3 |. C1E0 02 shl eax,0x2 009501E6 |. 5A pop edx 009501E7 |. 03D0 add edx,eax 009501E9 |. 83C2 1B add edx,0x1B 009501EC |. 42 inc edx 009501ED |. 52 push edx 009501EE |. 8BC6 mov eax,esi 009501F0 |. E8 8F4FABFF call Efficien.00405184 009501F5 |. 5A pop edx 009501F6 |. 3BD0 cmp edx,eax 009501F8 |. 0F85 6C010000 jnz Efficien.0095036A ; 验证注册码是否37位 009501FE |. 8D4D F0 lea ecx,[local.4] 00950201 |. 8BD6 mov edx,esi 00950203 |. 8BC7 mov eax,edi 00950205 |. E8 8E010000 call Efficien.00950398 0095020A |. 8D45 FC lea eax,[local.1] 0095020D |. 50 push eax 0095020E |. 8B47 08 mov eax,dword ptr ds:[edi+0x8] 00950211 |. E8 6E4FABFF call Efficien.00405184 00950216 |. 8BF0 mov esi,eax 00950218 |. 8B47 0C mov eax,dword ptr ds:[edi+0xC] 0095021B |. E8 644FABFF call Efficien.00405184 00950220 |. 03F0 add esi,eax 00950222 |. 8BCE mov ecx,esi 00950224 |. BA 01000000 mov edx,0x1 00950229 |. 8B45 F0 mov eax,[local.4] 0095022C |. E8 B351ABFF call Efficien.004053E4 00950231 |. 8D45 EC lea eax,[local.5] 00950234 |. 8B4F 0C mov ecx,dword ptr ds:[edi+0xC] 00950237 |. 8B57 08 mov edx,dword ptr ds:[edi+0x8] 0095023A |. E8 914FABFF call Efficien.004051D0 0095023F |. 8B55 EC mov edx,[local.5] 00950242 |. 8B45 FC mov eax,[local.1] 00950245 |. E8 16CAABFF call Efficien.0040CC60 ; 比较前6位是否为EP200- 0095024A |. 84C0 test al,al 0095024C |. 0F84 18010000 je Efficien.0095036A 00950252 |. 8D45 E8 lea eax,[local.6] 00950255 |. 50 push eax 00950256 |. 8B47 08 mov eax,dword ptr ds:[edi+0x8] 00950259 |. E8 264FABFF call Efficien.00405184 0095025E |. 8BD8 mov ebx,eax 00950260 |. 8B47 0C mov eax,dword ptr ds:[edi+0xC] 00950263 |. E8 1C4FABFF call Efficien.00405184 00950268 |. 03C0 add eax,eax 0095026A |. 03D8 add ebx,eax 0095026C |. 8BD3 mov edx,ebx 0095026E |. 83C2 07 add edx,0x7 00950271 |. B9 03000000 mov ecx,0x3 00950276 |. 8B45 F0 mov eax,[local.4] 00950279 |. E8 6651ABFF call Efficien.004053E4 ; 取注册码第17、18、20位=A组 0095027E |. 8B45 E8 mov eax,[local.6] 00950281 |. 50 push eax 00950282 |. 8D45 E4 lea eax,[local.7] 00950285 |. 50 push eax 00950286 |. 8B47 08 mov eax,dword ptr ds:[edi+0x8] 00950289 |. E8 F64EABFF call Efficien.00405184 0095028E |. 8BD8 mov ebx,eax 00950290 |. 8B47 0C mov eax,dword ptr ds:[edi+0xC] 00950293 |. E8 EC4EABFF call Efficien.00405184 00950298 |. 03D8 add ebx,eax 0095029A |. 8BD3 mov edx,ebx 0095029C |. 42 inc edx 0095029D |. B9 06000000 mov ecx,0x6 009502A2 |. 8B45 F0 mov eax,[local.4] 009502A5 |. E8 3A51ABFF call Efficien.004053E4 ; 取注册码第7、9、10、12、13、15位=B组 009502AA |. 8B55 E4 mov edx,[local.7] 009502AD |. 8D45 F8 lea eax,[local.2] 009502B0 |. 59 pop ecx 009502B1 |. E8 1A4FABFF call Efficien.004051D0 ; A、B组组合 009502B6 |. 8D45 E0 lea eax,[local.8] 009502B9 |. 50 push eax 009502BA |. 8B47 08 mov eax,dword ptr ds:[edi+0x8] 009502BD |. E8 C24EABFF call Efficien.00405184 009502C2 |. 8BD8 mov ebx,eax 009502C4 |. 8B47 0C mov eax,dword ptr ds:[edi+0xC] 009502C7 |. E8 B84EABFF call Efficien.00405184 009502CC |. 8D0440 lea eax,dword ptr ds:[eax+eax*2] 009502CF |. 03D8 add ebx,eax 009502D1 |. 8BD3 mov edx,ebx 009502D3 |. 83C2 0D add edx,0xD 009502D6 |. B9 06000000 mov ecx,0x6 009502DB |. 8B45 F0 mov eax,[local.4] 009502DE |. E8 0151ABFF call Efficien.004053E4 ; 取注册码第28、29、30、32、33、34位=C组 009502E3 |. 8B45 E0 mov eax,[local.8] 009502E6 |. 50 push eax 009502E7 |. 8D45 DC lea eax,[local.9] 009502EA |. 50 push eax 009502EB |. 8B47 08 mov eax,dword ptr ds:[edi+0x8] 009502EE |. E8 914EABFF call Efficien.00405184 009502F3 |. 8BD8 mov ebx,eax 009502F5 |. 8B47 0C mov eax,dword ptr ds:[edi+0xC] 009502F8 |. E8 874EABFF call Efficien.00405184 009502FD |. 03C0 add eax,eax 009502FF |. 03D8 add ebx,eax 00950301 |. 8BD3 mov edx,ebx 00950303 |. 83C2 0A add edx,0xA 00950306 |. B9 03000000 mov ecx,0x3 0095030B |. 8B45 F0 mov eax,[local.4] 0095030E |. E8 D150ABFF call Efficien.004053E4 ; 取注册码第22、24、25位=D组 00950313 |. 8B55 DC mov edx,[local.9] 00950316 |. 8D45 F4 lea eax,[local.3] 00950319 |. 59 pop ecx 0095031A |. E8 B14EABFF call Efficien.004051D0 ; C、D组组合 0095031F |. 8D4D F4 lea ecx,[local.3]
1. 取注册码第17、18、20位=A组
2. 取注册码第7、9、10、12、13、15位=B组
3. A、B组合(B在前A在后)
4. 取注册码第28、29、30、32、33、34位=C组
5. 取注册码第22、24、25位=D组
6. C和D组合(D在前C在后)
//接下来
代码:
00950322 |. 8D55 F8 lea edx,[local.2] 00950325 |. 8BC7 mov eax,edi 00950327 |. E8 64010000 call Efficien.00950490 ; 两组数据移位运算 0095032C |. 8D45 D0 lea eax,[local.12] 0095032F |. 50 push eax 00950330 |. 8B4F 04 mov ecx,dword ptr ds:[edi+0x4] 00950333 |. 8B55 F8 mov edx,[local.2] 00950336 |. A1 78F79400 mov eax,dword ptr ds:[0x94F778] 0095033B |. E8 28FCFFFF call Efficien.0094FF68 ; 加密运算1 00950340 |. 8B55 D0 mov edx,[local.12] 00950343 |. 8D4D D4 lea ecx,[local.11] 00950346 |. A1 847C8800 mov eax,dword ptr ds:[0x887C84] 0095034B |. E8 6CA2F3FF call Efficien.0088A5BC ; 加密运算2 00950350 |. 8B55 D4 mov edx,[local.11] 00950353 |. 8D4D D8 lea ecx,[local.10] 00950356 |. 8BC7 mov eax,edi 00950358 |. E8 DBFDFFFF call Efficien.00950138 ; 取加密2的奇数位 0095035D |. 8B45 D8 mov eax,[local.10] 00950360 |. 8B55 F4 mov edx,[local.3] 00950363 |. E8 F8C8ABFF call Efficien.0040CC60 ; 比较...相等就注册成功
//移位运算入口
代码:
00950490 /$ 55 push ebp 00950491 |. 8BEC mov ebp,esp 00950493 |. 51 push ecx 00950494 |. B9 09000000 mov ecx,0x9 00950499 |> 6A 00 /push 0x0 0095049B |. 6A 00 |push 0x0 0095049D |. 49 |dec ecx 0095049E |.^ 75 F9 \jnz short Efficien.00950499 009504A0 |. 51 push ecx 009504A1 |. 874D FC xchg [local.1],ecx 009504A4 |. 53 push ebx 009504A5 |. 56 push esi
代码:
009504D0 |. B9 01000000 mov ecx,0x1 009504D5 |. BA 01000000 mov edx,0x1 009504E9 |. B9 01000000 mov ecx,0x1 009504EE |. BA 08000000 mov edx,0x8 00950502 |. B9 01000000 mov ecx,0x1 00950507 |. BA 04000000 mov edx,0x4 0095051B |. B9 01000000 mov ecx,0x1 00950520 |. BA 07000000 mov edx,0x7 00950534 |. B9 01000000 mov ecx,0x1 00950539 |. BA 05000000 mov edx,0x5 0095054D |. B9 01000000 mov ecx,0x1 00950552 |. BA 09000000 mov edx,0x9 00950566 |. B9 01000000 mov ecx,0x1 0095056B |. BA 02000000 mov edx,0x2 0095057F |. B9 01000000 mov ecx,0x1 00950584 |. BA 03000000 mov edx,0x3 00950598 |. B9 01000000 mov ecx,0x1 0095059D |. BA 06000000 mov edx,0x6
代码:
009505BD |. B9 01000000 mov ecx,0x1 009505C2 |. BA 07000000 mov edx,0x7 009505D6 |. B9 01000000 mov ecx,0x1 009505DB |. BA 08000000 mov edx,0x8 009505EF |. B9 01000000 mov ecx,0x1 009505F4 |. BA 06000000 mov edx,0x6 00950608 |. B9 01000000 mov ecx,0x1 0095060D |. BA 02000000 mov edx,0x2 00950621 |. B9 01000000 mov ecx,0x1 00950626 |. BA 04000000 mov edx,0x4 0095063A |. B9 01000000 mov ecx,0x1 0095063F |. BA 03000000 mov edx,0x3 00950653 |. B9 01000000 mov ecx,0x1 00950658 |. BA 01000000 mov edx,0x1 0095066C |. B9 01000000 mov ecx,0x1 00950671 |. BA 05000000 mov edx,0x5 00950685 |. B9 01000000 mov ecx,0x1 0095068A |. BA 09000000 mov edx,0x9
移位小结:
假设A组=578123567,B组=023568124
先B组:
A[1]-->B[1],B[8]-->B[2],B[4]-->B[3],A[7]-->B[4],A[5]-->B[5],A[9]-->B[6],B[2]-->B[7],A[3]-->B[8],B[6]-->B[9]
再A组:
B[7]-->A[1],A[8]-->A[2],A[6]-->A[3],A[2]-->A[4],A[4]-->A[5],B[3]-->A[6],B[1]-->A[7],B[5]-->A[8],B[9]-->A[9]
移位结果:
A组=163713064,B组=525527288
//加密运算1入口
代码:
0094FBC8 /$ 55 push ebp 0094FBC9 |. 8BEC mov ebp,esp 0094FBCB |. 83C4 F0 add esp,-0x10 0094FBCE |. 53 push ebx 0094FBCF |. 56 push esi
代码:
0094FC64 |> /8BC3 /mov eax,ebx 0094FC66 |. |25 01000080 |and eax,0x80000001 0094FC6B |. |79 05 |jns short Efficien.0094FC72 0094FC6D |. |48 |dec eax 0094FC6E |. |83C8 FE |or eax,-0x2 0094FC71 |. |40 |inc eax 0094FC72 |> |85C0 |test eax,eax 0094FC74 |. |75 2D |jnz short Efficien.0094FCA3 0094FC76 |. |8BC6 |mov eax,esi 0094FC78 |. |E8 5F57ABFF |call Efficien.004053DC 0094FC7D |. |8D4418 FF |lea eax,dword ptr ds:[eax+ebx-0x1] 0094FC81 |. |50 |push eax 0094FC82 |. |8B06 |mov eax,dword ptr ds:[esi] 0094FC84 |. |0FB64418 FF |movzx eax,byte ptr ds:[eax+ebx-0x1] ; 偶数位依次放入Eax,参与运算 0094FC89 |. |33D2 |xor edx,edx 0094FC8B |. |8A55 F7 |mov dl,byte ptr ss:[ebp-0x9] ; DL=2 0094FC8E |. |03C2 |add eax,edx 0094FC90 |. |83E8 20 |sub eax,0x20 0094FC93 |. |B9 5F000000 |mov ecx,0x5F 0094FC98 |. |99 |cdq 0094FC99 |. |F7F9 |idiv ecx 0094FC9B |. |83C2 20 |add edx,0x20 ; ((Eax-18) Mod 5F)+20 0094FC9E |. |58 |pop eax 0094FC9F |. |8810 |mov byte ptr ds:[eax],dl 0094FCA1 |. |EB 2B |jmp short Efficien.0094FCCE 0094FCA3 |> |8BC6 |mov eax,esi 0094FCA5 |. |E8 3257ABFF |call Efficien.004053DC 0094FCAA |. |8D4418 FF |lea eax,dword ptr ds:[eax+ebx-0x1] 0094FCAE |. |50 |push eax 0094FCAF |. |8B06 |mov eax,dword ptr ds:[esi] 0094FCB1 |. |0FB64418 FF |movzx eax,byte ptr ds:[eax+ebx-0x1] ; 奇数位依次放入Eax,参与运算 0094FCB6 |. |33D2 |xor edx,edx 0094FCB8 |. |8A55 F6 |mov dl,byte ptr ss:[ebp-0xA] ; DL=4 0094FCBB |. |03C2 |add eax,edx 0094FCBD |. |83E8 20 |sub eax,0x20 0094FCC0 |. |B9 5F000000 |mov ecx,0x5F 0094FCC5 |. |99 |cdq 0094FCC6 |. |F7F9 |idiv ecx 0094FCC8 |. |83C2 20 |add edx,0x20 0094FCCB |. |58 |pop eax 0094FCCC |. |8810 |mov byte ptr ds:[eax],dl ; ((Eax-16) Mod 5F)+20 0094FCCE |> |43 |inc ebx 0094FCCF |. |4F |dec edi 0094FCD0 |.^\75 92 \jnz short Efficien.0094FC64
525527288 --> 9497696:<
//把得到的数据反转
代码:
0094FCDE |> /8B06 /mov eax,dword ptr ds:[esi] 0094FCE0 |. |8A4418 FF |mov al,byte ptr ds:[eax+ebx-0x1] 0094FCE4 |. |8845 F5 |mov byte ptr ss:[ebp-0xB],al 0094FCE7 |. |8BC6 |mov eax,esi 0094FCE9 |. |E8 EE56ABFF |call Efficien.004053DC 0094FCEE |. |8B55 FC |mov edx,[local.1] 0094FCF1 |. |42 |inc edx 0094FCF2 |. |2BD3 |sub edx,ebx 0094FCF4 |. |8B0E |mov ecx,dword ptr ds:[esi] 0094FCF6 |. |8A5411 FF |mov dl,byte ptr ds:[ecx+edx-0x1] 0094FCFA |. |885418 FF |mov byte ptr ds:[eax+ebx-0x1],dl 0094FCFE |. |8BC6 |mov eax,esi 0094FD00 |. |E8 D756ABFF |call Efficien.004053DC 0094FD05 |. |8B55 FC |mov edx,[local.1] 0094FD08 |. |42 |inc edx 0094FD09 |. |2BD3 |sub edx,ebx 0094FD0B |. |8A4D F5 |mov cl,byte ptr ss:[ebp-0xB] 0094FD0E |. |884C10 FF |mov byte ptr ds:[eax+edx-0x1],cl 0094FD12 |. |43 |inc ebx 0094FD13 |. |4F |dec edi 0094FD14 |.^\75 C8 \jnz short Efficien.0094FCDE
9497696:< --> <:6967949
//以三个单位为一个小组,进行前移一位运算
代码:
0094FD1D |> /8B06 /mov eax,dword ptr ds:[esi] 0094FD1F |. |8A4418 FF |mov al,byte ptr ds:[eax+ebx-0x1] 0094FD23 |. |8845 F5 |mov byte ptr ss:[ebp-0xB],al 0094FD26 |. |8BC6 |mov eax,esi 0094FD28 |. |E8 AF56ABFF |call Efficien.004053DC 0094FD2D |. |8B16 |mov edx,dword ptr ds:[esi] 0094FD2F |. |8A141A |mov dl,byte ptr ds:[edx+ebx] 0094FD32 |. |885418 FF |mov byte ptr ds:[eax+ebx-0x1],dl 0094FD36 |. |8BC6 |mov eax,esi 0094FD38 |. |E8 9F56ABFF |call Efficien.004053DC 0094FD3D |. |8B16 |mov edx,dword ptr ds:[esi] 0094FD3F |. |8A541A 01 |mov dl,byte ptr ds:[edx+ebx+0x1] 0094FD43 |. |881418 |mov byte ptr ds:[eax+ebx],dl 0094FD46 |. |8BC6 |mov eax,esi 0094FD48 |. |E8 8F56ABFF |call Efficien.004053DC 0094FD4D |. |8A55 F5 |mov dl,byte ptr ss:[ebp-0xB] 0094FD50 |. |885418 01 |mov byte ptr ds:[eax+ebx+0x1],dl 0094FD54 |. |83C3 03 |add ebx,0x3 0094FD57 |> |8B45 FC mov eax,[local.1] 0094FD5A |. |83E8 02 |sub eax,0x2 0094FD5D |. |3BD8 |cmp ebx,eax 0094FD5F |.^\7E BC \jle short Efficien.0094FD1D
<:6967949 --> :6<679499
//加密算法2入口
代码:
0088A5BC /$ 53 push ebx 0088A5BD |. 56 push esi 0088A5BE |. 57 push edi 0088A5BF |. 55 push ebp 0088A5C0 |. 83C4 F8 add esp,-0x8 0088A5C3 |. 8BE9 mov ebp,ecx
//加密算法2
代码:
0088A5F0 |> /8B0424 /mov eax,dword ptr ss:[esp] 0088A5F3 |. |8B5424 04 |mov edx,dword ptr ss:[esp+0x4] 0088A5F7 |. |0FB67410 FF |movzx esi,byte ptr ds:[eax+edx-0x1] ; 字符串ASC码依次放入Eax 0088A5FC |. |8BC6 |mov eax,esi 0088A5FE |. |83E0 0F |and eax,0xF ; Eax=Eax and F 0088A601 |. |E8 A6FFFFFF |call Efficien.0088A5AC ; 若Eax的值大于≥A,则Eax+37.否则Eax+30 0088A606 |. |50 |push eax 0088A607 |. |8BC5 |mov eax,ebp 0088A609 |. |E8 CEADB7FF |call Efficien.004053DC 0088A60E |. |5A |pop edx 0088A60F |. |885418 FF |mov byte ptr ds:[eax+ebx-0x1],dl 0088A613 |. |43 |inc ebx 0088A614 |. |8BC6 |mov eax,esi 0088A616 |. |C1E8 04 |shr eax,0x4 ; 将Eax的值右移4位 0088A621 |. E8 B6ADB7FF |call Efficien.004053DC ; 若Eax的值大于≥A,则Eax+37.否则Eax+30 0088A61E |. |50 |push eax 0088A61F |. |8BC5 |mov eax,ebp 0088A621 |. |E8 B6ADB7FF |call Efficien.004053DC 0088A626 |. |5A |pop edx 0088A627 |. |885418 FF |mov byte ptr ds:[eax+ebx-0x1],dl 0088A62B |. |43 |inc ebx 0088A62C |. |FF4424 04 |inc dword ptr ss:[esp+0x4] 0088A630 |. |4F |dec edi 0088A631 |.^\75 BD \jnz short Efficien.0088A5F0
A363C3637393439393
//取加密运算2结果的奇数位为最后结果
代码:
00950358 |. E8 DBFDFFFF call Efficien.00950138
A6C679499
将得到的结果和A组数据进行比较,若相同则注册成功
代码:
0095035D |. 8B45 D8 mov eax, dword ptr [ebp-28] 00950360 |. 8B55 F4 mov edx, dword ptr [ebp-C]
修改位数顺序 17、33、30、24、28、10、7、13、20 修改注册码
结果:
A6C679499
A组数据:
163713064
可用注册码:
EP200-A12B4457695828416939095A4769890
------------------------------------------------------------------------
【破解总结】
注册机懒得写了,(不会写随机数
) 呵呵,本文如有错误地方还请大牛指出依稀还记得别人都说看雪就是养牛场啊
------------------------------------------------------------------------
转载请说明出处