金锋屏幕保护程序2.0是一款制作屏幕保护的软件,能够实现的效果有200多个
,如果你感兴趣的话,可以到http://www.jinfengsoft.com下载.
好了还是看看文件,用Upx加壳,脱之!看看,原来是Delphi文件!
找到关键的地方!
我们输入注册码:1234567890
我们到了下面的地方.......
016F:004BDF67 8B45FC MOV EAX,[EBP-04]
016F:004BDF6A E83165F4FF CALL 004044A0
016F:004BDF6F 83F80A CMP EAX,BYTE +0A ;比较注册码个数<10?
016F:004BDF72 0F8CEA010000 JL NEAR 004BE162 ;小于就出错了!
016F:004BDF78 8D45F4 LEA EAX,[EBP-0C]
016F:004BDF7B 50 PUSH EAX
016F:004BDF7C 8D55F0 LEA EDX,[EBP-10]
016F:004BDF7F 8B86FC020000 MOV EAX,[ESI+02FC]
016F:004BDF85 E87EE0F9FF CALL 0045C008
016F:004BDF8A 8B45F0 MOV EAX,[EBP-10]
016F:004BDF8D B902000000 MOV ECX,02
016F:004BDF92 BA01000000 MOV EDX,01
016F:004BDF97 E86467F4FF CALL 00404700 ;取注册码的前2位
016F:004BDF9C 8B4DF4 MOV ECX,[EBP-0C]
016F:004BDF9F 8D45F8 LEA EAX,[EBP-08]
016F:004BDFA2 BA50E24B00 MOV EDX,004BE250
016F:004BDFA7 E84065F4FF CALL 004044EC
016F:004BDFAC 8B45F8 MOV EAX,[EBP-08]
016F:004BDFAF E88CA7F4FF CALL 00408740
016F:004BDFB4 8BD8 MOV EBX,EAX ;1,2位存入EBX
016F:004BDFB6 8D45E8 LEA EAX,[EBP-18]
016F:004BDFB9 50 PUSH EAX
016F:004BDFBA 8D55E4 LEA EDX,[EBP-1C]
016F:004BDFBD 8B86FC020000 MOV EAX,[ESI+02FC]
016F:004BDFC3 E840E0F9FF CALL 0045C008
016F:004BDFC8 8B45E4 MOV EAX,[EBP-1C]
016F:004BDFCB B902000000 MOV ECX,02
016F:004BDFD0 BA03000000 MOV EDX,03 ;取注册码的3,4位
016F:004BDFD5 E82667F4FF CALL 00404700
016F:004BDFDA 8B4DE8 MOV ECX,[EBP-18]
016F:004BDFDD 8D45EC LEA EAX,[EBP-14]
016F:004BDFE0 BA50E24B00 MOV EDX,004BE250
016F:004BDFE5 E80265F4FF CALL 004044EC
016F:004BDFEA 8B45EC MOV EAX,[EBP-14] ;此时EAX存入3,4位
016F:004BDFED E84EA7F4FF CALL 00408740
016F:004BDFF2 8BD3 MOV EDX,EBX ;保存的1,2为结果送入EDX
016F:004BDFF4 80F20B XOR DL,0B
016F:004BDFF7 81E2FF000000 AND EDX,FF
016F:004BDFFD 3BC2 CMP EAX,EDX ;计算的结果进行比较
016F:004BDFFF 0F855D010000 JNZ NEAR 004BE162 ;不等就出错
016F:004BE005 80F30B XOR BL,0B ;上次的1,2位的值运算
016F:004BE008 8D45DC LEA EAX,[EBP-24]
016F:004BE00B 50 PUSH EAX
016F:004BE00C 8D55D8 LEA EDX,[EBP-28]
016F:004BE00F 8B86FC020000 MOV EAX,[ESI+02FC]
016F:004BE015 E8EEDFF9FF CALL 0045C008
016F:004BE01A 8B45D8 MOV EAX,[EBP-28]
016F:004BE01D B902000000 MOV ECX,02
016F:004BE022 BA05000000 MOV EDX,05
016F:004BE027 E8D466F4FF CALL 00404700 ;取注册码的5,6位
016F:004BE02C 8B4DDC MOV ECX,[EBP-24]
016F:004BE02F 8D45E0 LEA EAX,[EBP-20]
016F:004BE032 BA50E24B00 MOV EDX,004BE250
016F:004BE037 E8B064F4FF CALL 004044EC
016F:004BE03C 8B45E0 MOV EAX,[EBP-20]
016F:004BE03F E8FCA6F4FF CALL 00408740
016F:004BE044 8BD3 MOV EDX,EBX ;4BE005处运算的值
016F:004BE046 80F216 XOR DL,16
016F:004BE049 81E2FF000000 AND EDX,FF
016F:004BE04F 3BC2 CMP EAX,EDX ;与5,6位比较
016F:004BE051 0F850B010000 JNZ NEAR 004BE162
016F:004BE057 80F316 XOR BL,16 ;上次的EBX值xor 16H
016F:004BE05A 8D45D0 LEA EAX,[EBP-30]
016F:004BE05D 50 PUSH EAX
016F:004BE05E 8D55CC LEA EDX,[EBP-34]
016F:004BE061 8B86FC020000 MOV EAX,[ESI+02FC]
016F:004BE067 E89CDFF9FF CALL 0045C008
016F:004BE06C 8B45CC MOV EAX,[EBP-34]
016F:004BE06F B902000000 MOV ECX,02
016F:004BE074 BA07000000 MOV EDX,07
016F:004BE079 E88266F4FF CALL 00404700 ;取注册码的7,8位
016F:004BE07E 8B4DD0 MOV ECX,[EBP-30]
016F:004BE081 8D45D4 LEA EAX,[EBP-2C]
016F:004BE084 BA50E24B00 MOV EDX,004BE250
016F:004BE089 E85E64F4FF CALL 004044EC
016F:004BE08E 8B45D4 MOV EAX,[EBP-2C]
016F:004BE091 E8AAA6F4FF CALL 00408740
016F:004BE096 8BD3 MOV EDX,EBX ;004BE057处计算的值送给EDX
016F:004BE098 80F221 XOR DL,21 ;开始计算
016F:004BE09B 81E2FF000000 AND EDX,FF
016F:004BE0A1 3BC2 CMP EAX,EDX ;与7,8位比较
016F:004BE0A3 0F85B9000000 JNZ NEAR 004BE162
016F:004BE0A9 80F321 XOR BL,21 ;上次的EBX的值xor 21H
016F:004BE0AC 8D45C4 LEA EAX,[EBP-3C]
016F:004BE0AF 50 PUSH EAX
016F:004BE0B0 8D55C0 LEA EDX,[EBP-40]
016F:004BE0B3 8B86FC020000 MOV EAX,[ESI+02FC]
016F:004BE0B9 E84ADFF9FF CALL 0045C008
016F:004BE0BE 8B45C0 MOV EAX,[EBP-40]
016F:004BE0C1 B902000000 MOV ECX,02
016F:004BE0C6 BA09000000 MOV EDX,09 ;取9,10位
016F:004BE0CB E83066F4FF CALL 00404700
016F:004BE0D0 8B4DC4 MOV ECX,[EBP-3C]
016F:004BE0D3 8D45C8 LEA EAX,[EBP-38]
016F:004BE0D6 BA50E24B00 MOV EDX,004BE250
016F:004BE0DB E80C64F4FF CALL 004044EC
016F:004BE0E0 8B45C8 MOV EAX,[EBP-38]
016F:004BE0E3 E858A6F4FF CALL 00408740
016F:004BE0E8 80F32C XOR BL,2C ;进行XOR
016F:004BE0EB 33D2 XOR EDX,EDX ;清0
016F:004BE0ED 8AD3 MOV DL,BL ;存入DL
016F:004BE0EF 3BC2 CMP EAX,EDX ;与9,10位比较
016F:004BE0F1 756F JNZ 004BE162
016F:004BE0F3 8D55BC LEA EDX,[EBP-44]
016F:004BE0F6 8B86FC020000 MOV EAX,[ESI+02FC]
016F:004BE0FC E807DFF9FF CALL 0045C008
016F:004BE101 8B4DBC MOV ECX,[EBP-44]
016F:004BE104 BA5CE24B00 MOV EDX,004BE25C
016F:004BE109 B86CE24B00 MOV EAX,004BE26C
016F:004BE10E E889F0FFFF CALL 004BD19C
016F:004BE113 8D45B8 LEA EAX,[EBP-48]
016F:004BE116 E83DF9FFFF CALL 004BDA58
016F:004BE11B 8B4DB8 MOV ECX,[EBP-48]
016F:004BE11E BA80E24B00 MOV EDX,004BE280
016F:004BE123 B86CE24B00 MOV EAX,004BE26C
016F:004BE128 E86FF0FFFF CALL 004BD19C
016F:004BE12D 6A40 PUSH BYTE +40
016F:004BE12F 8D55B4 LEA EDX,[EBP-4C]
016F:004BE132 A1D8AF4C00 MOV EAX,[004CAFD8]
016F:004BE137 8B00 MOV EAX,[EAX]
总结一下,通过输入注册码1234567890,分成5组,通过第一组12进行计算
12 xor 0B And FFH,最后的结果和3,4位进行比较!然后在通过上次BL的值
计算保存到EDX中,然后计算5,6位的值,和输入的5,6位的值进行比较,依此类
推.可以说是通过计算1,2位值的计算得出3,4位的值,然后通过3,4位的值得到
5,6位的值,然后通过5,6位的值得到7,8位的值,然后通过计算7,8位的值得到
9,10位的值.但是当我们输入正确的注册码时提示"注册已完成",但是重新启动
后还是会出现没有注册时的窗口,提示你还能用多少天.
我的机器码是:91F19201BD75E771F7761111D76
注册码为:12190F2E02
不好意思,一篇烂文又诞生了!
Made By dengkeng
E-mail:shellc0de@sohu.com
欢迎转载,请保持文章的完整性