ChangeFolderColor　1.2

标题：ChangeFolderColor　1.2(6千字)
作者：[pow]
时间：2002-10-1 13:44:31
链接：http://bbs.pediy.com

软件名称：ChangeFolderColor　1.2
编程语言：Delphi
运行环境：Win9x/NT/2000/XP
保护措施：启动注册效验
软件特色：更改任意文件夹的颜色，未注册版每个文件夹颜色只能改变一次。
注册费用：$9.95
下载地址：http://yafeisoft.diy.163.com/download/clfolder_11.zip

这个小程序挺有意思的，彩色的文件夹会让你更快的找到它（但千万别太花，否则……）

采用启动时效验注册码的方式，因为我菜，所以这样的东西我需要很多时间才能找到关键。下面把整个过程写下来，送给所有需要的人。

* Possible StringData Ref from Code Obj ->"Software\Yafei\ColorFolder\"           <--注册码存放位置
|
:00452184 B914234500 mov ecx, 00452314
:00452189 B201 mov dl, 01
:0045218B A134104500 mov eax, dword ptr [00451034]
:00452190 E887F5FFFF call 0045171C
:00452195 8945E4 mov dword ptr [ebp-1C], eax
:00452198 33C0 xor eax, eax
:0045219A 55 push ebp
:0045219B 68EC214500 push 004521EC
:004521A0 64FF30 push dword ptr fs:[eax]
:004521A3 648920 mov dword ptr fs:[eax], esp

* Possible StringData Ref from Code Obj ->"Guest"
|
:004521A6 6838234500 push 00452338
:004521AB 8D45F8 lea eax, dword ptr [ebp-08]
:004521AE 50 push eax

* Possible StringData Ref from Code Obj ->"Name"
|
:004521AF B948234500 mov ecx, 00452348
:004521B4 33D2 xor edx, edx
:004521B6 8B45E4 mov eax, dword ptr [ebp-1C]
:004521B9 E8F2F5FFFF call 004517B0

* Possible StringData Ref from Code Obj ->"101010101010"
|
:004521BE 6858234500 push 00452358
:004521C3 8D45F4 lea eax, dword ptr [ebp-0C]
:004521C6 50 push eax

* Possible StringData Ref from Code Obj ->"RegisterCode"
|
:004521C7 B970234500 mov ecx, 00452370
:004521CC 33D2 xor edx, edx
:004521CE 8B45E4 mov eax, dword ptr [ebp-1C]
:004521D1 E8DAF5FFFF call 004517B0
:004521D6 33C0 xor eax, eax
:004521D8 5A pop edx
:004521D9 59 pop ecx
:004521DA 59 pop ecx
:004521DB 648910 mov dword ptr fs:[eax], edx
:004521DE 68F3214500 push 004521F3

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004521F1(U)
|
:004521E3 8B45E4 mov eax, dword ptr [ebp-1C]
:004521E6 E8ED0BFBFF call 00402DD8
:004521EB C3 ret

:004521EC E90713FBFF jmp 004034F8
:004521F1 EBF0 jmp 004521E3
:004521F3 8B45F4 mov eax, dword ptr [ebp-0C]
:004521F6 E8E51AFBFF call 00403CE0
:004521FB 83F80C cmp eax, 0000000C           <--注册码必须大于12位
:004521FE 0F85D7000000 jne 004522DB
:00452204 8D45F0 lea eax, dword ptr [ebp-10]
:00452207 50 push eax
:00452208 B904000000 mov ecx, 00000004
:0045220D BA01000000 mov edx, 00000001
:00452212 8B45F4 mov eax, dword ptr [ebp-0C]       <--看到假码
:00452215 E8CE1CFBFF call 00403EE8
:0045221A 8B45F0 mov eax, dword ptr [ebp-10]       <--取前4位
:0045221D E8125DFBFF call 00407F34               <--16进制的前4位
:00452222 8BD8 mov ebx, eax               <--存入ebx
:00452224 8D45EC lea eax, dword ptr [ebp-14]
:00452227 50 push eax
:00452228 B904000000 mov ecx, 00000004
:0045222D BA05000000 mov edx, 00000005
:00452232 8B45F4 mov eax, dword ptr [ebp-0C]
:00452235 E8AE1CFBFF call 00403EE8
:0045223A 8B45EC mov eax, dword ptr [ebp-14]       <--中间4位
:0045223D E8F25CFBFF call 00407F34               <--16进制的前4位
:00452242 8BF0 mov esi, eax               <--存入esi
:00452244 8D45E8 lea eax, dword ptr [ebp-18]
:00452247 50 push eax
:00452248 B904000000 mov ecx, 00000004
:0045224D BA09000000 mov edx, 00000009
:00452252 8B45F4 mov eax, dword ptr [ebp-0C]
:00452255 E88E1CFBFF call 00403EE8
:0045225A 8B45E8 mov eax, dword ptr [ebp-18]       <--最后4位
:0045225D E8D25CFBFF call 00407F34               <--16进制的前4位
:00452262 33D2 xor edx, edx               <--清空edx后面用
:00452264 55 push ebp
:00452265 68AC224500 push 004522AC
:0045226A 64FF32 push dword ptr fs:[edx]
:0045226D 648922 mov dword ptr fs:[edx], esp
:00452270 81C3CF0E0000 add ebx, 00000ECF           <--ebx=前4位+ECF…………(1)
:00452276 8D149B lea edx, dword ptr [ebx+4*ebx]   <--edx=(1)×5
:00452279 81EA4A120000 sub edx, 0000124A           <--edx-124A
:0045227F 81C64A120000 add esi, 0000124A           <--esi=中间4位+124A…………(2)
:00452285 8D0CB6 lea ecx, dword ptr [esi+4*esi]   <--ecx=(2)×5
:00452288 03D1 add edx, ecx               <--edx=ecx+edx
:0045228A 81EACF0E0000 sub edx, 00000ECF           <--edx-ECF
:00452290 05CF0E0000 add eax, 00000ECF           <--最后4位+ECF…………(3)
:00452295 8D0480 lea eax, dword ptr [eax+4*eax]   <--eax=(3)×5
:00452298 03D0 add edx, eax               <--edx=edx+eax
:0045229A 81EA4A120000 sub edx, 0000124A           <--edx-124A
:004522A0 8BDA mov ebx, edx               <--ebx=edx
:004522A2 33C0 xor eax, eax
:004522A4 5A pop edx
:004522A5 59 pop ecx
:004522A6 59 pop ecx
:004522A7 648910 mov dword ptr fs:[eax], edx
:004522AA EB11 jmp 004522BD
:004522AC E9930FFBFF jmp 00403244
:004522B1 E8EA12FBFF call 004035A0
:004522B6 EB2B jmp 004522E3
:004522B8 E8E312FBFF call 004035A0

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004522AA(U)
|
:004522BD 3B1DDC584500 cmp ebx, dword ptr [004558DC]       <--关键比较（004558DC固定值为2107A，和姓名无关）
:004522C3 7516 jne 004522DB
:004522C5 C605E058450001 mov byte ptr [004558E0], 01       <--注册标志位
:004522CC 8B45FC mov eax, dword ptr [ebp-04]

看起来加加减减挺多，整理后得到：(1)+(2)+(3)=0x4411 就OK了～
(1)、(2)、(3)必须为4位数。