DEDE的作用
----网际飞鹰之极速FTP1.0 keygen
主程序为NetEagle.exe。据说用language知道这个程序是delphi编译的,但fileinfo不能识别。用dede2.5可以反编译。
dede反编译成功后,在Forms栏,有如下:
Classes Info Offset
-----------------------------
TAboutForm 000d81dc
TChangeDirForm 000da4b0
.....
......
.....
......
TInputSerialForm 000ea244
......
......
很明显,TInputSerialForm窗口与处理注册码有关,鼠标点击,显示这个窗口的细节。由运行NetEagle.exe知道,注册窗有edit1(用户名),edit2(序列号),button1(注册),button2(取消)等组件,所以在TInputSerialForm窗口中找“button1(注册)”,发现
object FlatButton1: TFlatButton
Left = 72
Top = 80
Width = 73
Height = 25
Caption = '注 册(&R)'
TabOrder = 2
OnClick = FlatButton1Click <--“注册”按钮按下后的事件。
end
然后,回到dede的Procedures栏,这包括了Forms栏所有窗口的事件代码。
Unit Name Class
Name
--------------------------------------
AboutFrm
TAboutForm
......
......
......
......
InputSerialFrm TInputSerialForm
......
......
鼠标左键点击InputSerialFrm,展示此窗口内包含的所有事件。其中有
Event
RVA Hint
------------------------------------------
FlatButton1Click 004a1b7c
0017
FlatButton2Click 004a1b84
0017
......
......
......
......
鼠标双击FlatButton1Click,显示事件的反编译代码:
......
004A1BBD E83A000000 call 004A1BFC <--关键
004A1BC2 84C0 test al, al
004A1BC4 740E jz 004A1BD4
......
鼠标双击004A1BBD E83A000000 call 004A1BFC进入:
* Possible String Reference to: 'NE-' <-------
|
|
004A1C7F BA341E4A00 mov edx, $004A1E34 |
|
* Reference to: system.@LStrCmp;
|
|
|
004A1C84 E85723F6FF call 00403FE0 <--注册码起始部分为“NE-”
004A1C89 750F jnz 004A1C9A
004A1C8B 8B45EC mov eax, [ebp-$14]
* Possible String Reference to: '-EWD' <--------
|
|
004A1C8E BA401E4A00 mov edx, $004A1E40 |
|
* Reference to: system.@LStrCmp;
|
|
|
004A1C93 E84823F6FF call 00403FE0 <--注册码结束部分为“-EWD”
004A1C98 740D jz 004A1CA7
004A1C9A 8B45FC mov eax, [ebp-$04]
004A1C9D E8A6010000 call 004A1E48
004A1CA2 E92B010000 jmp 004A1DD2
......
......
......
004A1CFF 81FB00E1F505 cmp ebx, $05F5E100 <--注册码数字部分必须在
004A1D05 7C08 jl 004A1D0F
| 100000000至
004A1D07 81FBFFC99A3B cmp ebx, $3B9AC9FF | 999999999之间
004A1D0D 7E0D jle 004A1D1C
<--
004A1D0F 8B45FC mov eax, [ebp-$04]
004A1D12 E831010000 call 004A1E48
004A1D17 E9B6000000 jmp 004A1DD2
004A1D1C 8BC3 mov eax, ebx
004A1D1E B94D000000 mov ecx, $0000004D
004A1D23 99 cdq
004A1D24 F7F9 idiv ecx
<--注册码除以77
004A1D26 05C0169430 add eax, +$309416C0<--商+815011520
004A1D2B B94D000000 mov ecx, $0000004D
004A1D30 99 cdq
004A1D31 F7F9 idiv ecx
<--和除以77
004A1D33 85D2 test edx, edx
004A1D35 0F858B000000 jnz 004A1DC6 <--余数为0,注册码数字正确。
随后就是写注册机了,用穷举办法,我用delphi5.0及控件KOL&MCK0.82编译。注册机界面中有editbox1(输入用户名),editbox2(注册码),button1(生成注册码),button2(退出)等组件。
keygen.pas中:
var code:integer;
procedure TForm1.Button1Click(Sender: PObj);
begin
if length(editbox1.text)=0 then editbox2.text:='请输入用户名!'
else begin
Randomize;
code:=random(800000000)+100000000;
while (((code div 77)+$309416c0) mod 77)<>0 do
begin
code:=code+1;
end;
editbox2.text:='NE-'+int2str(code)+'-EWD';
end;
end;
procedure TForm1.Button2Click(Sender: PObj);
begin
form.close;
end;
end.
谁说dede没用?dede有大用!
- 标 题:dede有大用----如何用dede解“网际飞鹰之极速FTP1.0” (4千字)
- 作 者:小楼
- 时 间:2001-7-7 12:15:42
- 链 接:http://bbs.pediy.com