算法浅探!——RegEditer v2.06
下载页面:
http://www.skycn.com/soft/6873.html
软件大小:
1041 KB
软件语言: 简体中文
软件类别: 国产软件 / 共享版 / 系统设置
应用平台: Win9x/NT/2000/XP
加入时间:
2003-02-15 10:30:33
下载次数: 4560
推荐等级: ****
【软件简介】:功能最强大的注册表工具,真正的高手需要的工具,也是普通用户希望管理了解操作注册表最好的工具,永远告别Microsoft
Regedit,拥有这将是你所见过最强大的搜索功能,模糊查找,任何数据类型的搜索,替换功能,可视化操作注册表,魔法设置,KRML支持,直接查看和编辑主键内容。
特色功能:强大的查找功能,能搜索主键,数值,字符串数据,甚至整数,二进制数据...一切数据都能搜索,还支持模糊查找,通配符查找。强大的替换功能,能替换主键名称,数值名称,数据。快速定位,支持直接跳转,地址栏数据。收藏夹功能。强大的主键内容查看功能。方便的字符串数据编辑。方便强大的二进制数据编辑,甚至可以以图片的方式查看。支持10种数据格式,而且对于未知格式,用户也可以方便进行编辑和管理和查看。多语言支持,本版Regediter携带了10种语言,而且用户可以方便的自定义语言。自动语言探测,能根据当前计算机使用的语言动态选择语言。通过KRML描述文件轻松设置系统。KRML是一种我们自定义的类HTML语言的注册表描述语言,会写网页的用户可以方便的自定义,自己编辑KRML文件,而使Regediter功能更加强大,系统设置更加方便,方便程度丝毫不亚于类魔术设置工具。超强的可扩展性,用户可以通过自定义KRML文件来让Regediter的功能到无限制的扩充,而且充满个性。而且,本软件可以免费使用,除非你觉得该感谢支持一下作者的工作,功能上没有任何限制,非常适合中国的国情。
【软件限制】:可以免费使用。感谢作者的劳动!
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、FI2.5、W32Dasm8.93黄金版
—————————————————————————————————
【过 程】:
首先说明一下:天空下载站里的是新版V2.1.0
的,而我手里进行分析的是v2.06 版的,可能有些地方是不同的!另外:我的水平很浅,许多地方我表达不清楚或者无法表达清楚,敬请各位老师指教!
Name:
fly
试炼码:ABC-123456-7890-ROCFLY
—————————————————————————————————
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004CD41B(C)
|
:004CD48A
8B45FC mov eax,
dword ptr [ebp-04]
====>EAX=ABC-123456-7890-ROCFLY
:004CD48D
E87ADFFCFF call 0049B40C
====>关键CALL!进入!
:004CD492
84C0 test
al, al
:004CD494 0F8480000000 je 004CD51A
====>跳则OVER!
:004CD49A
8D55F8 lea edx,
dword ptr [ebp-08]
:004CD49D 8B83F4020000
mov eax, dword ptr [ebx+000002F4]
:004CD4A3 E8A8ACF7FF
call 00448150
:004CD4A8 8B45F8
mov eax, dword ptr [ebp-08]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004CD43C(C)
|
:004CD4AB
50 push
eax
:004CD4AC 8D55F4
lea edx, dword ptr [ebp-0C]
:004CD4AF 8B8304030000
mov eax, dword ptr [ebx+00000304]
:004CD4B5 E896ACF7FF
call 00448150
:004CD4BA 8B55F4
mov edx, dword ptr
[ebp-0C]
:004CD4BD A13C024E00 mov
eax, dword ptr [004E023C]
:004CD4C2 8B00
mov eax, dword ptr [eax]
:004CD4C4 59
pop ecx
:004CD4C5
E81A720000 call 004D46E4
====>关键CALL!进入!
:004CD4CA
84C0 test
al, al
:004CD4CC 7427
je 004CD4F5
====>跳则OVER!
:004CD4CE
C7834C02000001000000 mov dword ptr [ebx+0000024C], 00000001
:004CD4D8
66B8F100 mov ax, 00F1
:004CD4DC
E86FF5FCFF call 0049CA50
:004CD4E1
8BD0 mov
edx, eax
:004CD4E3 8D45F0
lea eax, dword ptr [ebp-10]
:004CD4E6 E81D70F3FF
call 00404508
:004CD4EB 8B45F0
mov eax, dword ptr [ebp-10]
:004CD4EE
E8258AFCFF call 00495F18
:004CD4F3
EB40 jmp
004CD535
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:004CD4CC(C)
|
:004CD4F5
66B8F300 mov ax, 00F3
:004CD4F9
E852F5FCFF call 0049CA50
:004CD4FE
8BD0 mov
edx, eax
:004CD500 8D45EC
lea eax, dword ptr [ebp-14]
:004CD503 E80070F3FF
call 00404508
:004CD508 8B45EC
mov eax, dword ptr [ebp-14]
:004CD50B
E8B089FCFF call 00495EC0
:004CD510
33C0 xor
eax, eax
:004CD512 89834C020000 mov
dword ptr [ebx+0000024C], eax
:004CD518 EB1B
jmp 004CD535
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004CD494(C)
|
:004CD51A
66B8F200 mov ax, 00F2
:004CD51E
E82DF5FCFF call 0049CA50
:004CD523
8BD0 mov
edx, eax
:004CD525 8D45E8
lea eax, dword ptr [ebp-18]
:004CD528 E8DB6FF3FF
call 00404508
:004CD52D 8B45E8
mov eax, dword ptr [ebp-18]
:004CD530
E8E389FCFF call 00495F18
====>BAD BOY!
—————————————————————————————————
进入
4CD48D call 0049B40C
*
Referenced by a CALL at Addresses:
|:004CD48D , :004CF7DC
|
:0049B40C
55 push
ebp
:0049B40D 8BEC
mov ebp, esp
:0049B40F 33C9
xor ecx, ecx
:0049B411 51
push ecx
:0049B412 51
push
ecx
:0049B413 51
push ecx
:0049B414 51
push ecx
:0049B415 51
push ecx
:0049B416 53
push
ebx
:0049B417 56
push esi
:0049B418 57
push edi
:0049B419 8945FC
mov dword ptr [ebp-04], eax
:0049B41C
8B45FC mov eax,
dword ptr [ebp-04]
:0049B41F E89493F6FF
call 004047B8
:0049B424 33C0
xor eax, eax
:0049B426 55
push ebp
:0049B427 68C1B54900
push 0049B5C1
:0049B42C 64FF30
push dword ptr fs:[eax]
:0049B42F
648920 mov dword
ptr fs:[eax], esp
:0049B432 33DB
xor ebx, ebx
:0049B434 33C0
xor eax, eax
:0049B436 55
push ebp
:0049B437
689AB54900 push 0049B59A
:0049B43C
64FF30 push dword
ptr fs:[eax]
:0049B43F 648920
mov dword ptr fs:[eax], esp
:0049B442 8B45FC
mov eax, dword ptr [ebp-04]
====>EAX=ABC-123456-7890-ROCFLY
:0049B445
E88691F6FF call 004045D0
====>取试炼码位数
:0049B44A
83F816 cmp eax,
00000016
====>是否22位?
:0049B44D
740D je 0049B45C
====>不跳则OVER!
:0049B44F
33C0 xor
eax, eax
:0049B451 5A
pop edx
:0049B452 59
pop ecx
:0049B453 59
pop ecx
:0049B454
648910 mov dword
ptr fs:[eax], edx
:0049B457 E94A010000
jmp 0049B5A6
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049B44D(C)
|
:0049B45C
8D45F0 lea eax,
dword ptr [ebp-10]
:0049B45F E8B48EF6FF
call 00404318
:0049B464 8D45F0
lea eax, dword ptr [ebp-10]
:0049B467 BADCB54900
mov edx, 0049B5DC
:0049B46C
E86791F6FF call 004045D8
:0049B471
8D45F0 lea eax,
dword ptr [ebp-10]
:0049B474 BAE8B54900
mov edx, 0049B5E8
:0049B479 E85A91F6FF
call 004045D8
:0049B47E 8D45F0
lea eax, dword ptr [ebp-10]
:0049B481 BAF4B54900
mov edx, 0049B5F4
:0049B486
E84D91F6FF call 004045D8
:0049B48B
8D45F0 lea eax,
dword ptr [ebp-10]
:0049B48E BA00B64900
mov edx, 0049B600
:0049B493 E84091F6FF
call 004045D8
:0049B498 8B45F0
mov eax, dword ptr [ebp-10]
====>KGL- 入 EAX
:0049B49B
E82893F6FF call 004047C8
:0049B4A0
50 push
eax
:0049B4A1 8B45FC
mov eax, dword ptr [ebp-04]
====>EAX=ABC-123456-7890-ROCFLY
:0049B4A4
E81F93F6FF call 004047C8
:0049B4A9
8BF0 mov
esi, eax
:0049B4AB 8BC6
mov eax, esi
:0049B4AD 5A
pop edx
:0049B4AE E881DFF6FF
call 00409434
====>比较试炼码前4位是否是 KGL-
可以把试炼码的前4位改为KGL- 也可以在下面 R FL Z 改变跳转!
:0049B4B3
8BF8 mov
edi, eax
:0049B4B5 3BFE
cmp edi, esi
:0049B4B7 740D
je 0049B4C6
====>不跳则OVER!
:0049B4B9
33C0 xor
eax, eax
:0049B4BB 5A
pop edx
:0049B4BC 59
pop ecx
:0049B4BD 59
pop ecx
:0049B4BE
648910 mov dword
ptr fs:[eax], edx
:0049B4C1 E9E0000000
jmp 0049B5A6
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049B4B7(C)
|
:0049B4C6
B804000000 mov eax, 00000004
====>EAX=4
:0049B4CB
8B55FC mov edx,
dword ptr [ebp-04]
====>EDX=ABC-123456-7890-ROCFLY
:0049B4CE
48 dec
eax
:0049B4CF 85D2
test edx, edx
:0049B4D1 7405
je 0049B4D8
:0049B4D3 3B42FC
cmp eax, dword ptr [edx-04]
:0049B4D6
7205 jb 0049B4DD
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049B4D1(C)
|
:0049B4D8
E80780F6FF call 004034E4
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049B4D6(C)
|
:0049B4DD
40 inc
eax
:0049B4DE 807C02FF2D cmp
byte ptr [edx+eax-01], 2D
====>比较第4位是否是
-
:0049B4E3 753E
jne 0049B523
====>跳则OVER!
:0049B4E5
B80B000000 mov eax, 0000000B
====>EAX=B
:0049B4EA
8B55FC mov edx,
dword ptr [ebp-04]
====>EDX=ABC-123456-7890-ROCFLY
:0049B4ED
48 dec
eax
:0049B4EE 85D2
test edx, edx
:0049B4F0 7405
je 0049B4F7
:0049B4F2 3B42FC
cmp eax, dword ptr [edx-04]
:0049B4F5
7205 jb 0049B4FC
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049B4F0(C)
|
:0049B4F7
E8E87FF6FF call 004034E4
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049B4F5(C)
|
:0049B4FC
40 inc
eax
:0049B4FD 807C02FF2D cmp
byte ptr [edx+eax-01], 2D
====>比较第11位是否是
-
:0049B502 751F
jne 0049B523
====>跳则OVER!
:0049B504
B810000000 mov eax, 00000010
====>EAX=10
:0049B509
8B55FC mov edx,
dword ptr [ebp-04]
====>EDX=ABC-123456-7890-ROCFLY
:0049B50C
48 dec
eax
:0049B50D 85D2
test edx, edx
:0049B50F 7405
je 0049B516
:0049B511 3B42FC
cmp eax, dword ptr [edx-04]
:0049B514
7205 jb 0049B51B
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049B50F(C)
|
:0049B516
E8C97FF6FF call 004034E4
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049B514(C)
|
:0049B51B
40 inc
eax
:0049B51C 807C02FF2D cmp
byte ptr [edx+eax-01], 2D
====>比较第16位是否是
-
:0049B521 740A
je 0049B52D
====>不跳则OVER!
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0049B4E3(C),
:0049B502(C)
|
:0049B523 33C0
xor eax, eax
:0049B525 5A
pop edx
:0049B526 59
pop ecx
:0049B527
59 pop
ecx
:0049B528 648910
mov dword ptr fs:[eax], edx
:0049B52B EB79
jmp 0049B5A6
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049B521(C)
|
:0049B52D
8D45F8 lea eax,
dword ptr [ebp-08]
:0049B530 50
push eax
:0049B531 B906000000
mov ecx, 00000006
:0049B536 BA05000000
mov edx, 00000005
:0049B53B 8B45FC
mov eax, dword ptr [ebp-04]
====>EAX=ABC-123456-7890-ROCFLY
:0049B53E
E8E592F6FF call 00404828
:0049B543
8D45F4 lea eax,
dword ptr [ebp-0C]
:0049B546 50
push eax
:0049B547 B904000000
mov ecx, 00000004
:0049B54C BA0C000000
mov edx, 0000000C
:0049B551 8B45FC
mov eax, dword ptr [ebp-04]
:0049B554
E8CF92F6FF call 00404828
:0049B559
8D45EC lea eax,
dword ptr [ebp-14]
:0049B55C 50
push eax
:0049B55D B906000000
mov ecx, 00000006
:0049B562 BA11000000
mov edx, 00000011
:0049B567 8B45FC
mov eax, dword ptr [ebp-04]
:0049B56A
E8B992F6FF call 00404828
:0049B56F
8D4DF0 lea ecx,
dword ptr [ebp-10]
====>ECX=KGL-
:0049B572
8B55F4 mov edx,
dword ptr [ebp-0C]
====>EDX=7890
:0049B575
8B45F8 mov eax,
dword ptr [ebp-08]
====>EAX=123456
:0049B578
E86FFAFFFF call 0049AFEC
====>关键CALL!运算后6位注册码!进入!
:0049B57D
8B45EC mov eax,
dword ptr [ebp-14]
====>EAX=ROCFLY
:0049B580
8B55F0 mov edx,
dword ptr [ebp-10]
====>EDX=UXBDYV
:0049B583
E88C91F6FF call 00404714
====>比较后6位注册码!
:0049B588
7504 jne
0049B58E
====>跳则OVER!
:0049B58A
B301 mov
bl, 01
:0049B58C EB02
jmp 0049B590
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049B588(C)
|
:0049B58E
33DB xor
ebx, ebx
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:0049B58C(U)
|
:0049B590
33C0 xor
eax, eax
:0049B592 5A
pop edx
:0049B593 59
pop ecx
:0049B594 59
pop ecx
:0049B595
648910 mov dword
ptr fs:[eax], edx
:0049B598 EB0C
jmp 0049B5A6
:0049B59A E9ED84F6FF
jmp 00403A8C
:0049B59F 33DB
xor ebx, ebx
:0049B5A1
E84E88F6FF call 00403DF4
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0049B457(U),
:0049B4C1(U), :0049B52B(U), :0049B598(U)
|
:0049B5A6 33C0
xor eax, eax
:0049B5A8
5A pop
edx
:0049B5A9 59
pop ecx
:0049B5AA 59
pop ecx
:0049B5AB 648910
mov dword ptr fs:[eax], edx
:0049B5AE
68C8B54900 push 0049B5C8
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049B5C6(U)
|
:0049B5B3
8D45EC lea eax,
dword ptr [ebp-14]
:0049B5B6 BA05000000
mov edx, 00000005
:0049B5BB E87C8DF6FF
call 0040433C
:0049B5C0 C3
ret
—————————————————————————————————
【算
法 总 结】:
注册码与姓名无关。
注册码共4组字符。形式为:KGL-123456-7890-UXBDYV
第一组KGL-固定。第11位、16位的
- 固定。第4组字符是第2组和第3组字符经过多次运算得出!
因为这个软件的循环运算既多又烦人,所以我戏称其为“魔幻运算”。^-^
—————————————————————————————————
【注册信息保存】:
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Kugle\RegEditer]
"AuthorizationCode"="KGL-123456-7890-UXBDYV"
"UserName"="fly"
—————————————————————————————————
【整 理】:
Name:
fly
注册码:KGL-123456-7890-UXBDYV
—————————————————————————————————
Cracked By 巢水工作坊——fly
22:00 03-3-8