• 数据库信息管理开发平台V2.5.标准版&V3.6
  • 标 题:根据注册码判断注册名
  • 作 者:东南破佛
  • 时 间:2003年9月23日 03:14
  • 链 接:http://bbs.pediy.com

数据库信息管理开发平台V2.5.标准版&V3.6

网址:http://hd-sc.com

ASPack1.07b 加壳

Delphi6的作品


脱壳反汇编,字符串参考"系统过期"、"注册码成功"后者有两处.分别见下面

验证注册的过程:首先根据输入的注册码生成一段数字,然后把他作为ASSCII值与输入的用户名相比较,相同则正确,不相同则错误.要写注册机的话就需要一个逆过程了。

我的注册码

/D0 24 74 00 1A------->注册名的ASCII值
\"982101314"---------->注册码

使用这个注册码来注册V3.6时,98下可以成功注册,可是2000下就不行了,不知道为什么。

本来想写注册机,可惜功力不够了……哪位大侠抽空给讲解一下吧,我先写一个自注册的,由于是根据注册码计算注册名,所以做出来的经常不能显示字符……还是功力不够5555555555


:005BAD4F 722D                    jb 005BAD7E
:005BAD51 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"系统过期"
                                  |
:005BAD53 B994AD5B00              mov ecx, 005BAD94

* Possible StringData Ref from Data Obj ->"该程序版本已经过期,请与宏达电脑服务中心联系更"
                                        ->"新版本!"
                                  |
:005BAD58 BAA0AD5B00              mov edx, 005BADA0
:005BAD5D A1543C5C00              mov eaxdword ptr [005C3C54]
:005BAD62 8B00                    mov eaxdword ptr [eax]
:005BAD64 E85B3BEBFF              call 0046E8C4
:005BAD69 33C0                    xor eaxeax
:005BAD6B 898390020000            mov dword ptr [ebx+00000290], eax
:005BAD71 898394020000            mov dword ptr [ebx+00000294], eax
:005BAD77 8BC3                    mov eaxebx
:005BAD79 E87A02EBFF              call 0046AFF8

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005BAD4F(C)
|
:005BAD7E 59                      pop ecx
:005BAD7F 5A                      pop edx
:005BAD80 5B                      pop ebx
:005BAD81 C3                      ret


    *********************************************************************
    *********************************************************************



:005A4248 55                      push ebp
:005A4249 8BEC                    mov ebpesp
:005A424B B905000000              mov ecx, 00000005

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A4255(C)
|
:005A4250 6A00                    push 00000000
:005A4252 6A00                    push 00000000
:005A4254 49                      dec ecx
:005A4255 75F9                    jne 005A4250
:005A4257 53                      push ebx
:005A4258 56                      push esi

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A41E3(C)
|
:005A4259 57                      push edi
:005A425A 8BD8                    mov ebxeax
:005A425C 33C0                    xor eaxeax
:005A425E 55                      push ebp
:005A425F 6845445A00              push 005A4445
:005A4264 64FF30                  push dword ptr fs:[eax]
:005A4267 648920                  mov dword ptr fs:[eax], esp
:005A426A 33C0                    xor eaxeax
:005A426C 55                      push ebp
:005A426D 68D0435A00              push 005A43D0
:005A4272 64FF30                  push dword ptr fs:[eax]
:005A4275 648920                  mov dword ptr fs:[eax], esp
:005A4278 8D55F0                  lea edxdword ptr [ebp-10]
:005A427B 8B8300030000            mov eaxdword ptr [ebx+00000300]
:005A4281 E8929EEAFF              call 0044E118
:005A4286 8B45F0                  mov eaxdword ptr [ebp-10]-------------------->输入的注册码
:005A4289 8D55F4                  lea edxdword ptr [ebp-0C]
:005A428C E89752E6FF              call 00409528
:005A4291 8B45F4                  mov eaxdword ptr [ebp-0C]-------------------->输入的注册码
:005A4294 8D4DF8                  lea ecxdword ptr [ebp-08]

* Possible StringData Ref from Data Obj ->"HDDBIP"
                                  |
:005A4297 BA5C445A00              mov edx, 005A445C----------------------------->"HDDBIP"
:005A429C E86B6B0100              call 005BAE0C--------------------------------->这个CALL可以计算得到ASSCII
:005A42A1 8B45F8                  mov eaxdword ptr [ebp-08]------------------->根据注册码计算出来的ASSCII
:005A42A4 50                      push eax
:005A42A5 8D55E8                  lea edxdword ptr [ebp-18]
:005A42A8 8B83FC020000            mov eaxdword ptr [ebx+000002FC]
:005A42AE E8659EEAFF              call 0044E118
:005A42B3 8B45E8                  mov eaxdword ptr [ebp-18]------------------->输入的用户名
:005A42B6 8D55EC                  lea edxdword ptr [ebp-14]
:005A42B9 E86A52E6FF              call 00409528
:005A42BE 8B55EC                  mov edxdword ptr [ebp-14]------->输入的用户名
:005A42C1 58                      pop eax--------------------------->恢复根据注册码计算的ASSCII
:005A42C2 E89D0BE6FF              call 00404E64--------------------->进行比较(关键!!!!!!!)
:005A42C7 0F85E1000000            jne 005A43AE---------------------->跳到错误!!!
:005A42CD B201                    mov dl, 01

* Possible StringData Ref from Data Obj ->""
                                  |
:005A42CF A1542F4700              mov eaxdword ptr [00472F54]
:005A42D4 E87BEDECFF              call 00473054
:005A42D9 8945FC                  mov dword ptr [ebp-04], eax
:005A42DC 33C0                    xor eaxeax
:005A42DE 55                      push ebp
:005A42DF 68A7435A00              push 005A43A7
:005A42E4 64FF30                  push dword ptr fs:[eax]
:005A42E7 648920                  mov dword ptr fs:[eax], esp
:005A42EA BA02000080              mov edx, 80000002
:005A42EF 8B45FC                  mov eaxdword ptr [ebp-04]
:005A42F2 E8FDEDECFF              call 004730F4
:005A42F7 B101                    mov cl, 01

* Possible StringData Ref from Data Obj ->"SoftWareDbimpDbimp1.0"
                                  |
:005A42F9 BA6C445A00              mov edx, 005A446C
:005A42FE 8B45FC                  mov eaxdword ptr [ebp-04]
:005A4301 E852EEECFF              call 00473158
:005A4306 84C0                    test alal
:005A4308 7429                    je 005A4333
:005A430A 8D55E0                  lea edxdword ptr [ebp-20]
:005A430D 8B83FC020000            mov eaxdword ptr [ebx+000002FC]
:005A4313 E8009EEAFF              call 0044E118
:005A4318 8B45E0                  mov eaxdword ptr [ebp-20]
:005A431B 8D55E4                  lea edxdword ptr [ebp-1C]
:005A431E E80552E6FF              call 00409528
:005A4323 8B4DE4                  mov ecxdword ptr [ebp-1C]

* Possible StringData Ref from Data Obj ->"RegName"
                                  |
:005A4326 BA8C445A00              mov edx, 005A448C
:005A432B 8B45FC                  mov eaxdword ptr [ebp-04]
:005A432E E8C1EFECFF              call 004732F4

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A4308(C)
|
:005A4333 8D55D8                  lea edxdword ptr [ebp-28]
:005A4336 8B8300030000            mov eaxdword ptr [ebx+00000300]
:005A433C E8D79DEAFF              call 0044E118
:005A4341 8B45D8                  mov eaxdword ptr [ebp-28]
:005A4344 8D55DC                  lea edxdword ptr [ebp-24]
:005A4347 E8DC51E6FF              call 00409528
:005A434C 8B4DDC                  mov ecxdword ptr [ebp-24]

* Possible StringData Ref from Data Obj ->"RegID"
                                  |
:005A434F BA9C445A00              mov edx, 005A449C
:005A4354 8B45FC                  mov eaxdword ptr [ebp-04]
:005A4357 E898EFECFF              call 004732F4
:005A435C 8B45FC                  mov eaxdword ptr [ebp-04]
:005A435F E860EDECFF              call 004730C4
:005A4364 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"用户注册"
                                  |
:005A4366 B9A4445A00              mov ecx, 005A44A4

* Possible StringData Ref from Data Obj ->"注册码成功!"
                                  |
:005A436B BAB0445A00              mov edx, 005A44B0
:005A4370 A1543C5C00              mov eaxdword ptr [005C3C54]
:005A4375 8B00                    mov eaxdword ptr [eax]
:005A4377 E848A5ECFF              call 0046E8C4
:005A437C 8B83F0020000            mov eaxdword ptr [ebx+000002F0]
:005A4382 33D2                    xor edxedx
:005A4384 8B08                    mov ecxdword ptr [eax]
:005A4386 FF5164                  call [ecx+64]
:005A4389 A1B83E5C00              mov eaxdword ptr [005C3EB8]
:005A438E C60001                  mov byte ptr [eax], 01
:005A4391 33C0                    xor eaxeax
:005A4393 5A                      pop edx
:005A4394 59                      pop ecx
:005A4395 59                      pop ecx
:005A4396 648910                  mov dword ptr fs:[eax], edx
:005A4399 68C6435A00              push 005A43C6

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A43AC(U)
|
:005A439E 8B45FC                  mov eaxdword ptr [ebp-04]
:005A43A1 E876F8E5FF              call 00403C1C
:005A43A6 C3                      ret


:005A43A7 E90400E6FF              jmp 004043B0
:005A43AC EBF0                    jmp 005A439E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A42C7(C)------------------------------------------------------------------->错误的由来
|
:005A43AE 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"用户注册"
                                  |
:005A43B0 B9A4445A00              mov ecx, 005A44A4

* Possible StringData Ref from Data Obj ->"注册码与注册名称不符!请验证注册码和注册名称"
                                  |
:005A43B5 BAC0445A00              mov edx, 005A44C0------------------------>MOV EDX [EBP+FFFFFFF8];   8B55F89090
:005A43BA A1543C5C00              mov eaxdword ptr [005C3C54]
:005A43BF 8B00                    mov eaxdword ptr [eax]
:005A43C1 E8FEA4ECFF              call 0046E8C4
:005A43C6 33C0                    xor eaxeax
:005A43C8 5A                      pop edx
:005A43C9 59                      pop ecx
:005A43CA 59                      pop ecx
:005A43CB 648910                  mov dword ptr fs:[eax], edx
:005A43CE EB22                    jmp 005A43F2
:005A43D0 E927FDE5FF              jmp 004040FC
:005A43D5 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"用户注册"
                                  |
:005A43D7 B9A4445A00              mov ecx, 005A44A4

* Possible StringData Ref from Data Obj ->"注册码输入错误!请验证!"
                                  |
:005A43DC BAF0445A00              mov edx, 005A44F0
:005A43E1 A1543C5C00              mov eaxdword ptr [005C3C54]
:005A43E6 8B00                    mov eaxdword ptr [eax]
:005A43E8 E8D7A4ECFF              call 0046E8C4
:005A43ED E83601E6FF              call 00404528

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A43CE(U)
|
:005A43F2 33C0                    xor eaxeax
:005A43F4 5A                      pop edx
:005A43F5 59                      pop ecx
:005A43F6 59                      pop ecx
:005A43F7 648910                  mov dword ptr fs:[eax], edx
:005A43FA 684C445A00              push 005A444C

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A444A(U)
|
:005A43FF 8D45D8                  lea eaxdword ptr [ebp-28]
:005A4402 E86106E6FF              call 00404A68
:005A4407 8D45DC                  lea eaxdword ptr [ebp-24]
:005A440A E85906E6FF              call 00404A68
:005A440F 8D45E0                  lea eaxdword ptr [ebp-20]
:005A4412 E85106E6FF              call 00404A68
:005A4417 8D45E4                  lea eaxdword ptr [ebp-1C]
:005A441A E84906E6FF              call 00404A68
:005A441F 8D45E8                  lea eaxdword ptr [ebp-18]
:005A4422 E84106E6FF              call 00404A68
:005A4427 8D45EC                  lea eaxdword ptr [ebp-14]
:005A442A E83906E6FF              call 00404A68
:005A442F 8D45F0                  lea eaxdword ptr [ebp-10]
:005A4432 E83106E6FF              call 00404A68
:005A4437 8D45F4                  lea eaxdword ptr [ebp-0C]
:005A443A BA02000000              mov edx, 00000002
:005A443F E84806E6FF              call 00404A8C
:005A4444 C3                      ret


           ***************************************************************
           ***************************************************************

:005A496C 55                      push ebp
:005A496D 8BEC                    mov ebpesp
:005A496F B906000000              mov ecx, 00000006

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:005A491B(C), :005A4979(C)
|
:005A4974 6A00                    push 00000000
:005A4976 6A00                    push 00000000
:005A4978 49                      dec ecx
:005A4979 75F9                    jne 005A4974
:005A497B 53                      push ebx
:005A497C 56                      push esi
:005A497D 57                      push edi
:005A497E 8BD8                    mov ebxeax
:005A4980 33C0                    xor eaxeax
:005A4982 55                      push ebp

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A4925(C)
|
:005A4983 68AA4B5A00              push 005A4BAA
:005A4988 64FF30                  push dword ptr fs:[eax]
:005A498B 648920                  mov dword ptr fs:[eax], esp
:005A498E 8D55F8                  lea edxdword ptr [ebp-08]
:005A4991 A110385C00              mov eaxdword ptr [005C3810]
:005A4996 8B00                    mov eaxdword ptr [eax]
:005A4998 E88B54E6FF              call 00409E28
:005A499D 8D45F8                  lea eaxdword ptr [ebp-08]
:005A49A0 50                      push eax
:005A49A1 8B55F8                  mov edxdword ptr [ebp-08]

* Possible StringData Ref from Data Obj ->"."
                                  |
:005A49A4 B8C04B5A00              mov eax, 005A4BC0
:005A49A9 E8AE06E6FF              call 0040505C
:005A49AE 8BC8                    mov ecxeax
:005A49B0 49                      dec ecx
:005A49B1 BA01000000              mov edx, 00000001
:005A49B6 8B45F8                  mov eaxdword ptr [ebp-08]
:005A49B9 E8BA05E6FF              call 00404F78
:005A49BE 33C0                    xor eaxeax
:005A49C0 55                      push ebp
:005A49C1 68304B5A00              push 005A4B30
:005A49C6 64FF30                  push dword ptr fs:[eax]
:005A49C9 648920                  mov dword ptr fs:[eax], esp

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005A4965(C)
|
:005A49CC 8D55EC                  lea edxdword ptr [ebp-14]
:005A49CF 8B8300030000            mov eaxdword ptr [ebx+00000300]
:005A49D5 E83E97EAFF              call 0044E118
:005A49DA 8B45EC                  mov eaxdword ptr [ebp-14]
:005A49DD 8D55F0                  lea edxdword ptr [ebp-10]
:005A49E0 E8434BE6FF              call 00409528
:005A49E5 8B45F0                  mov eaxdword ptr [ebp-10]
:005A49E8 8D4DF4                  lea ecxdword ptr [ebp-0C]
:005A49EB 8B55F8                  mov edxdword ptr [ebp-08]
:005A49EE E819640100              call 005BAE0C
:005A49F3 8B45F4                  mov eaxdword ptr [ebp-0C]
:005A49F6 50                      push eax
:005A49F7 8D55E4                  lea edxdword ptr [ebp-1C]
:005A49FA 8B83FC020000            mov eaxdword ptr [ebx+000002FC]
:005A4A00 E81397EAFF              call 0044E118
:005A4A05 8B45E4                  mov eaxdword ptr [ebp-1C]
:005A4A08 8D55E8                  lea edxdword ptr [ebp-18]
:005A4A0B E8184BE6FF              call 00409528
:005A4A10 8B55E8                  mov edxdword ptr [ebp-18]
:005A4A13 58                      pop eax
:005A4A14 E84B04E6FF              call 00404E64------------------------------->关键(与上面的相同!!)!!!
:005A4A19 0F85EF000000            jne 005A4B0E-------------------------------->跳到错误!!!
:005A4A1F B201                    mov dl, 01

* Possible StringData Ref from Data Obj ->""
                                  |
:005A4A21 A1542F4700              mov eaxdword ptr [00472F54]
:005A4A26 E829E6ECFF              call 00473054
:005A4A2B 8945FC                  mov dword ptr [ebp-04], eax
:005A4A2E 33C0                    xor eaxeax
:005A4A30 55                      push ebp
:005A4A31 68074B5A00              push 005A4B07
:005A4A36 64FF30                  push dword ptr fs:[eax]
:005A4A39 648920                  mov dword ptr fs:[eax], esp
:005A4A3C BA02000080              mov edx, 80000002
:005A4A41 8B45FC                  mov eaxdword ptr [ebp-04]
:005A4A44 E8ABE6ECFF              call 004730F4
:005A4A49 8D45E0                  lea eaxdword ptr [ebp-20]
:005A4A4C 8B4DF8                  mov ecxdword ptr [ebp-08]

* Possible StringData Ref from Data Obj ->"SoftWareDbimp\