10001011 F2:AE REPNE SCAS
BYTE PTR ES:[EDI]
//这儿是看你的注册码长是否为8
//repne scas 是对串进行扫描,直到为0,每一次ecx将-1
10001013 F7D1 NOT ECX
10001015 49 DEC ECX =====>ecx=注册码长
10001016 83F9 08 CMP ECX,8
10001019 74 07 JE SHORT apgr.10001022
===>跳到正确的地方,我的推理
如果注册码正确,eax肯定不等于0
1000101B 32C0 XOR AL,AL
1000101D 5F POP EDI
1000101E 5E POP ESI
1000101F 5D POP EBP
10001020 5B POP EBX
10001021 C3 RETN
********好了,这是注册码部分了******
10001022 8A06 MOV AL,BYTE PTR
DS:[ESI]
10001024 3C 56 CMP AL,56
10001026 74 0B JE SHORT apgr.10001033
10001028 3C 76 CMP AL,76
1000102A 74 07 JE SHORT apgr.10001033
注册码第一位必须为“v”或者“V”,否则,嘿嘿!
1000102C 32C0 XOR AL,AL
1000102E 5F POP EDI
1000102F 5E POP ESI
10001030 5D POP EBP
10001031 5B POP EBX
10001032 C3 RETN
10001033 8A46 01 MOV AL,BYTE PTR DS:[ESI+1]
10001036 3C 52 CMP AL,52
10001038 74 0B JE SHORT apgr.10001045
1000103A 3C 72 CMP AL,72
1000103C 74 07 JE SHORT apgr.10001045
注册码第二位必须为“r”或者“R”,否则,嘿嘿!
1000103E 32C0 XOR AL,AL
10001040 5F POP EDI
10001041 5E POP ESI
10001042 5D POP EBP
10001043 5B POP EBX
10001044 C3 RETN
:10001045 B902000000 mov ecx,
00000002
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1000106C(C)
|
:1000104A 0FBE0431 movsx
eax, byte ptr [ecx+esi]
:1000104E 83C0CF
add eax, FFFFFFCF(-0x31)
[coloe=red]要求注册码必须在0x31..0x39之间
:10001051 8D14D2
lea edx, dword ptr [edx+8*edx]
:10001054 83F808
cmp eax, 00000008
:10001057 7759
ja 100010B2========>出错了
:10001059 FF2485BC100010 jmp dword ptr [4*eax+100010BC]
:10001060 42
inc edx
:10001061 42
inc edx
:10001062 42
inc edx
:10001063 42
inc edx
:10001064 42
inc edx
:10001065 42
inc edx
:10001066 42
inc edx
:10001067 42
inc edx
:10001068 41
inc ecx
:10001069 83F908
cmp ecx, 00000008
:1000106C 7CDC
jl 1000104A
medx为错误的注册码算出的结果
:1000106E A1A0050110 mov eax,
dword ptr [100105A0]
:10001073 83C9FF
or ecx, FFFFFFFF
:10001076 33ED
xor ebp, ebp
:10001078 33F6
xor esi, esi
:1000107A 8D989A000000 lea ebx, dword
ptr [eax+0000009A]
:10001080 33C0
xor eax, eax
:10001082 8BFB
mov edi, ebx
:10001084 F2
repnz
:10001085 AE
scasb
:10001086 F7D1
not ecx
:10001088 49
dec ecx
:10001089 741C
je 100010A7
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100010A5(C)
由RegisterID计算的正确的注册码的值
|
:1000108B 660FBE0433 movsx ax,
byte ptr [ebx+esi]
:10001090 8BCE
mov ecx, esi
:10001092 8BFB
mov edi, ebx
:10001094 D3E0
shl eax, cl
:10001096 83C9FF
or ecx, FFFFFFFF
:10001099 03E8
add ebp, eax
:1000109B 33C0
xor eax, eax
:1000109D 46
inc esi
:1000109E F2
repnz
:1000109F AE
scasb
:100010A0 F7D1
not ecx
:100010A2 49
dec ecx
:100010A3 3BF1
cmp esi, ecx
:100010A5 72E4
jb 1000108B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10001089(C)
|
比较,必须相等哟!
:100010A7 663BD5
cmp dx, bp
:100010AA 0F94C0
sete al
:100010AD 5F
pop edi
:100010AE 5E
pop esi
:100010AF 5D
pop ebp
:100010B0 5B
pop ebx
:100010B1 C3
ret
- 标 题:[ yjunzhao ]的Super Vidoe CD Verifier破解过程,注册器我也写出,到赢征论坛去看 (4千字)
- 作 者:DiKeN
- 时 间:2002-2-7 14:38:45
- 链 接:http://bbs.pediy.com