破解者:HMILY[BCG]
破解于:2002-12-29
软件名称:成语速查
v3.0
* Possible StringData Ref from Code Obj ->"BiXwDIdi5168qcIEFMEWDSVdkvmemifPCiEsefGF21QCLM"
->"WE"
--->这个是注册码计算的基数
|
:005B3567
B9E4365B00 mov ecx, 005B36E4
:005B356C
E8FB140000 call 005B4A6C ->注册码的计算
->跟进去研究一下。
:005B3571 8B45F4
mov eax, dword ptr [ebp-0C]
:005B3574 8D55FC
lea edx, dword ptr [ebp-04]
:005B3577
E84C64E5FF call 004099C8
:005B357C
8D55E8 lea edx,
dword ptr [ebp-18]
:005B357F 8B8600030000
mov eax, dword ptr [esi+00000300]
:005B3585 E8B638E8FF
call 00436E40
:005B358A 8B45E8
mov eax, dword ptr [ebp-18]
:005B358D
8D55EC lea edx,
dword ptr [ebp-14]
:005B3590 E8C766E5FF
call 00409C5C
:005B3595 8B45EC
mov eax, dword ptr [ebp-14]
:005B3598 8D55F0
lea edx, dword ptr [ebp-10]
:005B359B
E82864E5FF call 004099C8
:005B35A0
8B55F0 mov edx,
dword ptr [ebp-10] -|真假注册码分别传入eax、edx
:005B35A3 8B45FC
mov eax, dword ptr [ebp-04] -|
:005B35A6
E8590DE5FF call 00404304 ->注册码的对比
:005B35AB
757C jne
005B3629 ->不相等、出错
:005B35AD 33C9
xor ecx, ecx
*
Possible StringData Ref from Code Obj ->"Microyzcsjcid"
|
:005B35AF BACC365B00
mov edx, 005B36CC
:005B35B4 8BC3
mov eax, ebx
:005B35B6 E80901EBFF
call 004636C4
:005B35BB 8B4DFC
mov ecx, dword ptr
[ebp-04]
* Possible
StringData Ref from Code Obj ->"hdh"
|
:005B35BE BA20375B00 mov
edx, 005B3720
:005B35C3 8BC3
mov eax, ebx
:005B35C5 E85600EBFF
call 00463620
:005B35CA 8BC3
mov eax, ebx
:005B35CC E877FAEAFF
call 00463048
:005B35D1 8BC3
mov eax,
ebx
:005B35D3 E874FBE4FF call
0040314C
* Possible
StringData Ref from Code Obj ->"注册成功!"
|
:005B35D8 BA2C375B00 mov
edx, 005B372C
:005B35DD 8B8608030000 mov
eax, dword ptr [esi+00000308]
:005B35E3 E88838E8FF
call 00436E70
:005B35E8 A1CCA65B00
mov eax, dword ptr [005BA6CC]
:005B35ED 8B00
mov eax, dword ptr
[eax]
:005B35EF 8B803C040000 mov eax,
dword ptr [eax+0000043C]
*
Possible StringData Ref from Code Obj ->"软件已注册,谢谢您的支持!"
|
:005B35F5 BA40375B00
mov edx, 005B3740
:005B35FA E87138E8FF
call 00436E70
:005B35FF A1CCA65B00
mov eax, dword ptr [005BA6CC]
:005B3604 8B00
mov eax,
dword ptr [eax]
:005B3606 8B8040040000 mov
eax, dword ptr [eax+00000440]
:005B360C 33D2
xor edx, edx
:005B360E E84537E8FF
call 00436D58
:005B3613 A1CCA65B00
mov eax, dword ptr [005BA6CC]
:005B3618
8B00 mov
eax, dword ptr [eax]
:005B361A 8B8040040000
mov eax, dword ptr [eax+00000440]
:005B3620 B201
mov dl, 01
:005B3622 8B08
mov ecx, dword ptr
[eax]
:005B3624 FF51FC
call [ecx-04]
:005B3627 EB2A
jmp 005B3653
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005B35AB(C)
|
:005B3629
6A10 push
00000010
* Possible
StringData Ref from Code Obj ->"提示"
|
:005B362B 685C375B00 push
005B375C
* Possible
StringData Ref from Code Obj ->"注册码错误!请速与作者联系"
|
:005B3630 6864375B00
push 005B3764
:005B3635 A138BF5B00
mov eax, dword ptr [005BBF38]
:005B363A E8AD99E8FF
call 0043CFEC
:005B363F 50
push eax
==============================================================================================
*
Referenced by a CALL at Addresses:
|:005B356C , :005B37D5 , :005B45D1
|
:005B4A6C 55
push ebp ->跟入上面那个call来到这里
:005B4A6D 8BEC
mov ebp,
esp
:005B4A6F 83C4F4
add esp, FFFFFFF4
:005B4A72 53
push ebx
:005B4A73 56
push esi
:005B4A74 57
push
edi
:005B4A75 894DF8
mov dword ptr [ebp-08], ecx
:005B4A78 8955FC
mov dword ptr [ebp-04], edx
:005B4A7B 8B45FC
mov eax, dword ptr
[ebp-04]
:005B4A7E E825F9E4FF call
004043A8
:005B4A83 8B45F8
mov eax, dword ptr [ebp-08]
:005B4A86 E81DF9E4FF
call 004043A8
:005B4A8B 33C0
xor eax, eax
:005B4A8D
55 push
ebp
:005B4A8E 68334B5B00 push
005B4B33
:005B4A93 64FF30
push dword ptr fs:[eax]
:005B4A96 648920
mov dword ptr fs:[eax], esp
:005B4A99
837DF800 cmp dword ptr
[ebp-08], 00000000
:005B4A9D 750D
jne 005B4AAC
:005B4A9F 8D45F8
lea eax, dword ptr [ebp-08]
*
Possible StringData Ref from Code Obj ->"diVEiXsMOie2bPqACIE"
|
:005B4AA2 BA4C4B5B00
mov edx, 005B4B4C
:005B4AA7 E860F5E4FF
call 0040400C
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005B4A9D(C)
|
:005B4AAC
BE01000000 mov esi, 00000001
:005B4AB1
8B45FC mov eax,
dword ptr [ebp-04]
:005B4AB4 E83BF7E4FF
call 004041F4
:005B4AB9 8BF8
mov edi, eax
:005B4ABB 85FF
test edi, edi
:005B4ABD
7E4E jle
005B4B0D
:005B4ABF BB01000000 mov
ebx, 00000001
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:005B4B0B(C)
|
:005B4AC4
8B45FC mov eax,
dword ptr [ebp-04] ->机器码传入eax
:005B4AC7 8A4418FF
mov al, byte ptr [eax+ebx-01] ->依次取机器码
:005B4ACB
240F and
al, 0F ->和0x0F做与运算
:005B4ACD
8B55F8 mov edx,
dword ptr [ebp-08] ->基数传入edx
:005B4AD0 8A5432FF
mov dl, byte ptr [edx+esi-01] ->依次取基数
:005B4AD4
80E20F and dl, 0F
->取得的基数和0x0F做与运算
:005B4AD7
32C2 xor
al, dl ->两个数的结果相互做异或运算
:005B4AD9
8845F7 mov byte
ptr [ebp-09], al ->把异或的结果保存到ebp-09
:005B4ADC 8D45FC
lea eax, dword ptr [ebp-04]
:005B4ADF
E8E0F8E4FF call 004043C4
:005B4AE4
8B55FC mov edx,
dword ptr [ebp-04] ->取机器码
:005B4AE7 8A541AFF
mov dl, byte ptr [edx+ebx-01] ->依次取机器码
:005B4AEB
80E2F0 and dl, F0
->取得的机器码和0xF0做与运算
:005B4AEE
8A4DF7 mov cl, byte
ptr [ebp-09] ->取出异或结果传给cl
:005B4AF1 02D1
add dl, cl
->把机器码与0xF0的运算结果和cl相加
:005B4AF3 885418FF
mov byte ptr [eax+ebx-01], dl
:005B4AF7
46 inc
esi
:005B4AF8 8B45F8
mov eax, dword ptr [ebp-08]
:005B4AFB E8F4F6E4FF
call 004041F4
:005B4B00 3BF0
cmp esi, eax
:005B4B02 7E05
jle 005B4B09
:005B4B04
BE01000000 mov esi, 00000001
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005B4B02(C)
|
:005B4B09
43 inc
ebx
:005B4B0A 4F
dec edi
:005B4B0B 75B7
jne 005B4AC4
==============================================================================================
它的算法已经明确,就做个注册机吧。
TC
2.0下调试通过
#include "stdio.h"
int key[48]={'B','i','X','w','D','I','d','i','5','1','6','8','q','c','I','E','F','M','E','W','D','S','V','d','k','v','m','e','m','i','f','P','C','i','E','s','e','f','G','F','2','1','Q','C','L','M','W','E'};
main()
{
char
S[10],*p=S;
int *p1=key;
unsigned long a,b,c,d,e;
printf("ChengYuSuCha
v3.0 keygen by HMILY[BCG]\n");
printf("My e-mail : gyyxll@21cn.com\n");
printf("***************HMILY[BCG]***************\n");
printf("please
enter your serial : ");
gets(S);
printf(" Your register
code is : ");
while(*p!='\0')
{
a=*p&0x0F;
b=*p1&0x0F;
c=a^b;
d=*p&0xF0;
e=c+d;
p++;p1++;
printf("%c",e);
}
}