超级公式计算器 V4.5x 算法分析+注册机源码
作者:PaulYoung[CCG]
日期:2003-5-12
工具:SoftICE,TC
2.0
下载:http://yxsoft.wx-e.com/gs_jsq.exe (only 120KB)
***************************************************************
这个算法我是对着
V4.50 搞的,上面的下载是 V4.53 ,但算法应该没有变,注册机还可用。
由于算法又长又臭,我简单说一下算法流程:先用 C 盘序列号计算出机器码,再用机器码计算出一个中间值
temp ,然后用 temp 计算出不同的数值,以这些数值为查表的下标,表为"98765G3210WXCDEF",组成一个16位的注册码,再每四个间插一个"-",生成注册码。
************************************************
0167:00401831
CALL [KERNEL32!GetVolumeInformationA]
0167:00401837
MOV EAX,[ESP+10]
0167:0040183B MOV
ESI,[00404040]
0167:00401841 IMUL EAX,EAX
0167:00401844
ADD EAX,14938EA8
0167:00401849 MOV
EDI,[00404044]
0167:0040184F XOR EAX,EB9CFAD3
0167:00401854
MOV EBP,[00404048]
0167:0040185A CDQ
0167:0040185B
XOR EAX,EDX
0167:0040185D MOV
[ESP+30],ESI
0167:00401861 SUB EAX,EDX
以上是生成机器码……
0167:00401863
MOV DL,[0040404C]
0167:00401869 MOV
ECX,EAX
0167:0040186B MOV [ESP+10],EAX
0167:0040186F
AND ECX,000000FF
0167:00401875 MOV
[ESP+3C],DL
0167:00401879 SHR EAX,10
0167:0040187C
XOR ECX,EAX
0167:0040187E MOV
[ESP+28],DL
0167:00401882 MOV EDX,ECX
0167:00401884
MOV EAX,[0040403C]
0167:00401889 SHL
EDX,04
0167:0040188C SUB EDX,ECX
0167:0040188E
MOV [ESP+2C],EAX
0167:00401892 NEG
EDX
0167:00401894 SHL EDX,04
0167:00401897
SUB EDX,ECX
0167:00401899 MOV
[ESP+34],EDI
0167:0040189D SHL EDX,1
0167:0040189F
XOR EDX,FFFFFE3F
0167:004018A5 MOV
[ESP+38],EBP
0167:004018A9 SHR EDX,06
0167:004018AC
AND EDX,0F
0167:004018AF MOV
[ESP+18],EAX
0167:004018B3 MOV [ESP+1C],ESI
0167:004018B7
MOV [ESP+20],EDI
0167:004018BB MOV
AL,[EDX+ESP+2C]
0167:004018BF MOV
EDX,ECX
0167:004018C1 XOR EDX,-19
0167:004018C4
MOV [ESP+1F],AL
0167:004018C8 SHR
EDX,03
0167:004018CB AND EDX,0F
0167:004018CE
MOV EDI,00000001
0167:004018D3 MOV
[ESP+24],EBP
0167:004018D7 MOV AL,[EDX+ESP+2C]
0167:004018DB
MOV EDX,EDI
0167:004018DD SUB
EDX,ECX
0167:004018DF MOV [ESP+1C],AL
0167:004018E3
XOR EDX,-05
0167:004018E6 AND
EDX,0F
0167:004018E9 MOV AL,[EDX+ESP+2C]
0167:004018ED
LEA EDX,[ECX*2+ECX]
0167:004018F0 MOV
[ESP+1D],AL
0167:004018F4 LEA EAX,[EDX*4+ECX]
0167:004018F7
LEA EAX,[EAX*8+EAX]
0167:004018FA SHL
EAX,1
0167:004018FC XOR EAX,00000A00
0167:00401901
SHR EAX,09
0167:00401904 AND
EAX,0F
0167:00401907 MOV DL,[EAX+ESP+2C]
0167:0040190B
LEA EAX,[ECX*2+ECX]
0167:0040190E MOV
[ESP+23],DL
0167:00401912 LEA EAX,[EAX*4+EAX]
0167:00401915
LEA EAX,[EAX*4+EAX]
0167:00401918 LEA
EAX,[EAX*8+EAX]
0167:0040191B XOR
EAX,00001000
0167:00401920 SHR EAX,0C
0167:00401923
AND EAX,0F
0167:00401926 MOV
ESI,0000000C
0167:0040192B MOV DL,[EAX+ESP+2C]
0167:0040192F
MOV EAX,ECX
0167:00401931 XOR
EAX,00000700
0167:00401936 MOV [ESP+24],DL
0167:0040193A
SHR EAX,08
0167:0040193D AND
EAX,0F
0167:00401940 MOV DL,[EAX+ESP+2C]
0167:00401944
MOV EAX,ECX
0167:00401946 XOR
EAX,70
0167:00401949 MOV [ESP+1E],DL
0167:0040194D
SHR EAX,04
0167:00401950 AND
EAX,0F
0167:00401953 MOV DL,[EAX+ESP+2C]
0167:00401957
MOV EAX,ECX
0167:00401959 XOR
EAX,07
0167:0040195C MOV [ESP+21],DL
0167:00401960
AND EAX,0F
0167:00401963 MOV
DL,[EAX+ESP+2C]
0167:00401967 MOV EAX,ECX
0167:00401969
MOV [ESP+20],DL
0167:0040196D MOV
EDX,00000003
0167:00401972 SUB EDX,ECX
0167:00401974
AND EAX,0F
0167:00401977 XOR
EDX,00600000
0167:0040197D SHR EDX,14
0167:00401980
AND EDX,0F
0167:00401983 XOR
EDX,EAX
0167:00401985 MOV DL,[EDX+ESP+2C]
0167:00401989
MOV [ESP+25],DL
0167:0040198D MOV
EDX,00000002
0167:00401992 SUB EDX,ECX
0167:00401994
XOR EDX,FFDFFFFF
0167:0040199A SHR
EDX,14
0167:0040199D AND EDX,0F
0167:004019A0
XOR EDX,EAX
0167:004019A2 MOV
AL,[EDX+ESP+2C]
0167:004019A6 MOV [ESP+26],AL
0167:004019AA
MOV EAX,BA2E8BA3
0167:004019AF MUL
ECX
0167:004019B1 MOV EAX,EDX
0167:004019B3
XOR EDX,EDX
0167:004019B5 SHR
EAX,03
0167:004019B8 DIV ESI
0167:004019BA
MOV EAX,ECX
0167:004019BC MOV
ESI,00000009
0167:004019C1 MOV DL,[EDX+ESP+2C]
0167:004019C5
MOV [ESP+27],DL
0167:004019C9 XOR
EDX,EDX
0167:004019CB DIV ESI
0167:004019CD
MOV ESI,0000000D
0167:004019D2 MOV
AL,[EDX+ESP+2C]
0167:004019D6 MOV
EDX,00000007
0167:004019DB SUB EDX,ECX
0167:004019DD
MOV [ESP+18],AL
0167:004019E1 XOR
EDX,00700000
0167:004019E7 SHR EDX,14
0167:004019EA
AND EDX,0F
0167:004019ED MOV
AL,[EDX+ESP+2C]
0167:004019F1 MOV [ESP+19],AL
0167:004019F5
MOV EAX,24924925
0167:004019FA MUL
ECX
0167:004019FC MOV EAX,ECX
0167:004019FE
SUB EAX,EDX
0167:00401A00 SHR
EAX,1
0167:00401A02 ADD EAX,EDX
0167:00401A04
XOR EDX,EDX
0167:00401A06 SHR
EAX,02
0167:00401A09 DIV ESI
0167:00401A0B
SHR ECX,05
0167:00401A0E MOV
EAX,00000006
0167:00401A13 SUB EAX,ECX
0167:00401A15
XOR EAX,07
0167:00401A18 AND
EAX,0F
0167:00401A1B MOV CL,[EAX+ESP+2C]
0167:00401A1F
MOV [ESP+1B],CL
0167:00401A23 MOV
DL,[EDX+ESP+2C]
0167:00401A27 MOV [ESP+1A],DL
0167:00401A2B
LEA EDX,[ESP+18]
0167:00401A2F PUSH
EDX
0167:00401A30 LEA ECX,[ESP+10]
0167:00401A34
CALL 00401AC6
0167:00401A39 PUSH
2D
0167:00401A3B PUSH 0C
0167:00401A3D LEA
ECX,[ESP+14]
0167:00401A41 MOV
[ESP+50],EDI
0167:00401A45 CALL 00401D12
0167:00401A4A
PUSH 2D
0167:00401A4C PUSH 08
0167:00401A4E
LEA ECX,[ESP+14]
0167:00401A52 CALL
00401D12
0167:00401A57 PUSH 2D
0167:00401A59
PUSH 04
0167:00401A5B LEA
ECX,[ESP+14]
0167:00401A5F CALL 00401D12
0167:00401A64
MOV ESI,[ESP+50]
0167:00401A68 LEA
EAX,[ESP+0C]
0167:00401A6C PUSH EAX
0167:00401A6D
MOV ECX,ESI
0167:00401A6F CALL
00401D06
0167:00401A74 MOV [ESP+14],EDI
0167:00401A78
LEA ECX,[ESP+0C]
0167:00401A7C MOV
BYTE PTR [ESP+48],00
0167:00401A81 CALL 00401ACC
0167:00401A86
MOV ECX,[ESP+40]
0167:00401A8A MOV
EAX,ESI
0167:00401A8C POP EDI
0167:00401A8D
POP ESI
0167:00401A8E POP
EBP
0167:00401A8F MOV FS:[00000000],ECX
0167:00401A96
ADD ESP,40
0167:00401A99 RET
0004
以上是注册码计算过程,具体参看注册机源码。初学 C 语言,写得好烂,如果你有更好的写法,望不吝赐教……
************************ TURBO C 2.0 编译通过 ************************
main()
{
int
i;
unsigned long mc,temp,temp1,temp2;
char a;
char sn[30];
char
table[]={'9','8','7','6','5','G','3','2','1','0','W','X','C','D','E','F'};
clrscr();
printf("公式计算器
V4.5 注册机 *Make by PaulYoung[CCG]*\n\n软件序列号:");
scanf("%ld",&mc);
temp=(mc&0xFF)^(mc>>0x10);
temp1=(0xBA2E*temp>>16)+(0x8BA3*temp>>32);
temp2=(0x2492*temp>>16)+(0x4925*temp>>32);
sn[7]=table[((-((temp<<4)-temp)<<4)-temp<<1^0xFFFFFE3F)>>6&0x0F];
sn[4]=table[(temp^(-0x19))>>3&0x0F];
sn[5]=table[(1-temp^(-5))&0x0F];
sn[11]=table[((temp*3*4+temp)*9<<1^0xA00)>>9&0x0F];
sn[12]=table[(temp*675^0x1000)>>0xC&0x0F];
sn[6]=table[(temp^0x700)>>8&0x0F];
sn[9]=table[(temp^0x70)>>4&0x0F];
sn[8]=table[(temp^7)&0x0F];
sn[13]=table[(temp&0x0F)^((3-temp^0x600000)>>0x14&0x0F)];
sn[14]=table[((2-temp^0xFFDFFFFF)>>0x14&0x0F)^(temp&0x0F)];
sn[15]=table[(temp1>>3)%0xC];
sn[0]=table[temp%9];
sn[1]=table[(7-temp^0x700000)>>0x14&0x0F];
sn[2]=table[((temp-temp2>>1)+temp2>>2)%0xD];
sn[3]=table[(6-(temp>>5)^7)&0x0F];
sn[10]=table[10];
printf("你的注册码:%c%c%c%c-%c%c%c%c-%c%c%c%c-%c%c%c%c",sn[0],sn[1],sn[2],sn[3],sn[4],sn[5],sn[6],sn[7],sn[8],sn[9],sn[10],sn[11],sn[12],sn[13],sn[14],sn[15]);
getch();
printf("\n\n");
}
************************
TURBO C 2.0 编译通过 ************************