• 标 题:File Shredder 2000 (4千字)
  • 作 者:lq7972
  • 时 间:2003-3-21 16:51:36
  • 链 接:http://bbs.pediy.com

Soft:File Shredder 2000
    是一个文件粉碎机。能够彻底删除硬盘上的文件
    Author: Gregory Braun
    EMail: Support@GregoryBraun.com
    http://www.GregoryBraun.com
Tools:W32Dasm V10 & SOFTICE V4.2.6
Cracker:lq7972
Date:2003-3-18
Note:感谢大家的帮助。

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040226B(C), :00402270(C)
|
:0040228B 8D442410 lea eax, dword ptr [esp+10]
:0040228F 50 push eax
:00402290 E84B8F0000 call 0040B1E0
;the call

:00402295 56 push esi
:00402296 8BD8 mov ebx, eax
:00402298 E8D3340000 call 00405770
;the call,en en--------------------------1

:0040229D 83C408 add esp, 00000008
:004022A0 3D92A71901 cmp eax, 0119A792
:004022A5 7518 jne 004022BF
;改为je,总是下面的注册信息,内置的
;HKEY_USERS\S-1-5-21-839522115-1677128483-1957994488-500\Software\Software by Design\File Shredder for Windows 95/NT\Registration\
; @:Registered User
; User Name:Gregory Braun
; Organization:Software Design
; Registration:2677574910

* Reference To: KERNEL32.lstrcpyA, Ord:0302h
|
:004022A7 8B1DBC404100 mov ebx, dword ptr [004140BC]

* Possible StringData Ref from Data Obj ->"Gregory Braun"
|
:004022AD 6884604100 push 00416084
:004022B2 56 push esi
:004022B3 FFD3 call ebx

* Possible StringData Ref from Data Obj ->"Software Design"
|
:004022B5 6874604100 push 00416074
:004022BA 57 push edi
:004022BB FFD3 call ebx
:004022BD EB07 jmp 004022C6

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004022A5(C)
|
:004022BF 3D3CCE5F0D cmp eax, 0D5FCE3C
:004022C4 750C jne 004022D2
;上面的不改
;这里改为je User Name:lq7972(输入的注册名,支持中文)
; Organization:liushaju
; Registration:2543694210(输入的是78787878)

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004022BD(U)
|
:004022C6 57 push edi
:004022C7 56 push esi
:004022C8 E823320000 call 004054F0
:004022CD 83C408 add esp, 00000008
:004022D0 8BD8 mov ebx, eax

......

* Possible Reference to String Resource ID=05001: "Software registration was successfully completed. Thank you"
|
:00402317 6889130000 push 00001389


1
;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
the call
* Referenced by a CALL at Addresses:
|:00402298 , :00405502 , :0040550E
|
:00405770 51 push ecx
:00405771 53 push ebx
;EBX=你输入的注册码

:00405772 8B5C240C mov ebx, dword ptr [esp+0C]
;你输入的注册名ASCII

:00405776 56 push esi
;ESI是注册名ASCII

:00405777 33F6 xor esi, esi
:00405779 53 push ebx
:0040577A 8974240C mov dword ptr [esp+0C], esi

* Reference To: KERNEL32.lstrlenA, Ord:0308h

:0040577E FF15EC404100 Call dword ptr [004140EC]
:00405784 85DB test ebx, ebx
:00405786 744F je 004057D7
:00405788 85C0 test eax, eax
;注册名长度Len(Nam)

:0040578A 744B je 004057D7
:0040578C 33D2 xor edx, edx
;零

:0040578E 85C0 test eax, eax
:00405790 7E45 jle 004057D7
:00405792 55 push ebp
:00405793 57 push edi
;edi=组织名ASCII

* Possible StringData Ref from Data Obj ->"|b!pz*ls;rn|lf$vi^Axpe)rx5aic&9/2m5lsi4@0dmZw9"
->"4cmqpfhw"
|
:00405794 BE14774100 mov esi, 00417714
;esi=上面那串字符(设为St)ASCII

:00405799 BF01000000 mov edi, 00000001
:0040579E 2BF3 sub esi, ebx
:004057A0 8BCB mov ecx, ebx
:004057A2 2BFB sub edi, ebx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004057CD(C)              ;开始循环
|
:004057A4 0FBE1C0E movsx ebx, byte ptr [esi+ecx]
;在St中从左到右依次取Len(Nam)次,一次取一个

:004057A8 0FBEAC10DC764100 movsx ebp, byte ptr [eax+edx+004176DC]
;

:004057B0 0FAFDD imul ebx, ebp
:004057B3 8D2C0F lea ebp, dword ptr [edi+ecx]
;从1到Len(Nam),第i次循环为i

:004057B6 0FAFDD imul ebx, ebp
:004057B9 0FBE29 movsx ebp, byte ptr [ecx]
;注册名的第i个字符

:004057BC 0FAFDD imul ebx, ebp
:004057BF 8B6C2410 mov ebp, dword ptr [esp+10]
;

:004057C3 03EB add ebp, ebx
:004057C5 42 inc edx
;加1

:004057C6 41 inc ecx
;第i次循环,ecx=注册名去掉前面取了的(i-1)个字符

:004057C7 3BD0 cmp edx, eax
;Len(Nam)

:004057C9 896C2410 mov dword ptr [esp+10], ebp
:004057CD 7CD5 jl 004057A4
;循环完否?


:004057CF 8BC5 mov eax, ebp
:004057D1 5F pop edi
......