同学网络上下来的,网址不知道了
内存明码比较
keymake做注册机
ASP2.11加壳
pe-scan脱壳
Delphi5
反汇编,查找字符串参考" 错误的注册码! "得:
/用户名:dnpf
注册码:212221271317
:0047EA88 55 push ebp
:0047EA89 8BEC mov ebp, esp
:0047EA8B B908000000 mov ecx, 00000008
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047EA95(C)
|
:0047EA90 6A00 push 00000000
:0047EA92 6A00 push 00000000
:0047EA94 49 dec ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047EA20(C)
|
:0047EA95 75F9 jne 0047EA90
:0047EA97 51 push ecx
:0047EA98 53 push ebx
:0047EA99 56 push esi
:0047EA9A 57 push edi
:0047EA9B 8945FC mov dword ptr [ebp-04], eax
:0047EA9E 33C0 xor eax, eax
:0047EAA0 55 push ebp
:0047EAA1 6876ED4700 push 0047ED76
:0047EAA6 64FF30 push dword ptr fs:[eax]
:0047EAA9 648920 mov dword ptr fs:[eax], esp
:0047EAAC 8D55F0 lea edx, dword ptr [ebp-10]------------->保存用户名的地址
:0047EAAF 8B45FC mov eax, dword ptr [ebp-04]
:0047EAB2 8B80E0020000 mov eax, dword ptr [eax+000002E0]
:0047EAB8 E8F3CEFAFF call 0042B9B0--------------------------->取用户名
:0047EABD 8B45F0 mov eax, dword ptr [ebp-10]------------->取得的用户名
:0047EAC0 8D55F4 lea edx, dword ptr [ebp-0C]------------->保存用户名
:0047EAC3 E8E4A3F8FF call 00408EAC--------------------------->再取用户名
:0047EAC8 837DF400 cmp dword ptr [ebp-0C], 00000000-------->测试是非输入用户名
:0047EACC 7519 jne 0047EAE7
:0047EACE BA84ED4700 mov edx, 0047ED84
* Possible StringData Ref from Data Obj ->" 姓名不能为空! "------------>用户名不能为空
|
:0047EAD3 B88CED4700 mov eax, 0047ED8C
:0047EAD8 B930000000 mov ecx, 00000030
:0047EADD E8E256FFFF call 004741C4
:0047EAE2 E922020000 jmp 0047ED09
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047EACC(C)
|
:0047EAE7 8D45EC lea eax, dword ptr [ebp-14]
:0047EAEA 50 push eax
:0047EAEB 8D55E4 lea edx, dword ptr [ebp-1C]
:0047EAEE 8B45FC mov eax, dword ptr [ebp-04]
:0047EAF1 8B80EC020000 mov eax, dword ptr [eax+000002EC]
:0047EAF7 E8B4CEFAFF call 0042B9B0-------------------------->取输入的注册码
:0047EAFC 8B45E4 mov eax, dword ptr [ebp-1C]------------>输入的注册码
:0047EAFF 8D55E8 lea edx, dword ptr [ebp-18]------------>
:0047EB02 E8A5A3F8FF call 00408EAC
:0047EB07 8B45E8 mov eax, dword ptr [ebp-18]------------>输入的注册码
:0047EB0A B90C000000 mov ecx, 0000000C
:0047EB0F BA01000000 mov edx, 00000001
:0047EB14 E8AF55F8FF call 004040C8
:0047EB19 8B45EC mov eax, dword ptr [ebp-14]----------->输入的注册码
:0047EB1C 50 push eax
:0047EB1D 8D45E0 lea eax, dword ptr [ebp-20]
:0047EB20 50 push eax
:0047EB21 8D55D4 lea edx, dword ptr [ebp-2C]
:0047EB24 8B45FC mov eax, dword ptr [ebp-04]
:0047EB27 8B80E0020000 mov eax, dword ptr [eax+000002E0]
:0047EB2D E87ECEFAFF call 0042B9B0
:0047EB32 8B45D4 mov eax, dword ptr [ebp-2C]---------->输入的用户名
:0047EB35 8D55D8 lea edx, dword ptr [ebp-28]
:0047EB38 E86FA3F8FF call 00408EAC
:0047EB3D 8B45D8 mov eax, dword ptr [ebp-28]---------->输入的用户名
:0047EB40 8D4DDC lea ecx, dword ptr [ebp-24]
* Possible StringData Ref from Data Obj ->"十万个为什么"
|
:0047EB43 BAA8ED4700 mov edx, 0047EDA8
:0047EB48 E83F57FFFF call 0047428C------------------------>生成注册码!!
:0047EB4D 8B45DC mov eax, dword ptr [ebp-24]---------->注册码
:0047EB50 B90C000000 mov ecx, 0000000C
:0047EB55 BA01000000 mov edx, 00000001
:0047EB5A E86955F8FF call 004040C8
:0047EB5F 8B55E0 mov edx, dword ptr [ebp-20]---------->生成的注册码(去掉了后3位)
:0047EB62 58 pop eax------------------------------>输入的注册码
:0047EB63 E86854F8FF call 00403FD0------------------------>验证
:0047EB68 742F je 0047EB99-------------------------->正确则跳
:0047EB6A 8D55CC lea edx, dword ptr [ebp-34]
:0047EB6D 8B45FC mov eax, dword ptr [ebp-04]
:0047EB70 8B80EC020000 mov eax, dword ptr [eax+000002EC]
:0047EB76 E835CEFAFF call 0042B9B0
:0047EB7B 8B45CC mov eax, dword ptr [ebp-34]
:0047EB7E 8D55D0 lea edx, dword ptr [ebp-30]
:0047EB81 E826A3F8FF call 00408EAC
:0047EB86 8B45D0 mov eax, dword ptr [ebp-30]
* Possible StringData Ref from Data Obj ->"000000000000000"
|
:0047EB89 BAC0ED4700 mov edx, 0047EDC0
:0047EB8E E83D54F8FF call 00403FD0
:0047EB93 0F855C010000 jne 0047ECF5
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047EB68(C)
|
:0047EB99 B201 mov dl, 01
* Possible StringData Ref from Data Obj ->""
|
:0047EB9B A118374500 mov eax, dword ptr [00453718]
:0047EBA0 E8734CFDFF call 00453818
:0047EBA5 8945F8 mov dword ptr [ebp-08], eax
:0047EBA8 33C0 xor eax, eax
:0047EBAA 55 push ebp
:0047EBAB 6889EC4700 push 0047EC89
:0047EBB0 64FF30 push dword ptr fs:[eax]
:0047EBB3 648920 mov dword ptr fs:[eax], esp
:0047EBB6 BA02000080 mov edx, 80000002
:0047EBBB 8B45F8 mov eax, dword ptr [ebp-08]
:0047EBBE E8F54CFDFF call 004538B8
:0047EBC3 33C0 xor eax, eax
:0047EBC5 55 push ebp
:0047EBC6 683EEC4700 push 0047EC3E
:0047EBCB 64FF30 push dword ptr fs:[eax]
:0047EBCE 648920 mov dword ptr fs:[eax], esp
:0047EBD1 B101 mov cl, 01
* Possible StringData Ref from Data Obj ->"SoftwareNet_e_StudioWhy100000Version1.5"
|
:0047EBD3 BAD8ED4700 mov edx, 0047EDD8
:0047EBD8 8B45F8 mov eax, dword ptr [ebp-08]
:0047EBDB E8404DFDFF call 00453920
* Possible StringData Ref from Data Obj ->"Yes"
|
:0047EBE0 B90CEE4700 mov ecx, 0047EE0C
* Possible StringData Ref from Data Obj ->"IsRegistry"
|
:0047EBE5 BA18EE4700 mov edx, 0047EE18
:0047EBEA 8B45F8 mov eax, dword ptr [ebp-08]
:0047EBED E8AA50FDFF call 00453C9C
:0047EBF2 8D55C8 lea edx, dword ptr [ebp-38]
:0047EBF5 8B45FC mov eax, dword ptr [ebp-04]
:0047EBF8 8B80E0020000 mov eax, dword ptr [eax+000002E0]
:0047EBFE E8ADCDFAFF call 0042B9B0
:0047EC03 8B4DC8 mov ecx, dword ptr [ebp-38]
* Possible StringData Ref from Data Obj ->"RegistryUser"
|
:0047EC06 BA2CEE4700 mov edx, 0047EE2C
:0047EC0B 8B45F8 mov eax, dword ptr [ebp-08]
:0047EC0E E88950FDFF call 00453C9C
:0047EC13 8D55C4 lea edx, dword ptr [ebp-3C]
:0047EC16 8B45FC mov eax, dword ptr [ebp-04]
:0047EC19 8B80EC020000 mov eax, dword ptr [eax+000002EC]
:0047EC1F E88CCDFAFF call 0042B9B0
:0047EC24 8B4DC4 mov ecx, dword ptr [ebp-3C]
* Possible StringData Ref from Data Obj ->"RegistryCode"
|
:0047EC27 BA44EE4700 mov edx, 0047EE44
:0047EC2C 8B45F8 mov eax, dword ptr [ebp-08]
:0047EC2F E86850FDFF call 00453C9C
:0047EC34 33C0 xor eax, eax
:0047EC36 5A pop edx
:0047EC37 59 pop ecx
:0047EC38 59 pop ecx
:0047EC39 648910 mov dword ptr fs:[eax], edx
:0047EC3C EB2D jmp 0047EC6B
:0047EC3E E9E147F8FF jmp 00403424
:0047EC43 BA84ED4700 mov edx, 0047ED84
* Possible StringData Ref from Data Obj ->" Registry Error! "
|
:0047EC48 B854EE4700 mov eax, 0047EE54
:0047EC4D B910000000 mov ecx, 00000010
:0047EC52 E86D55FFFF call 004741C4
:0047EC57 E8244BF8FF call 00403780
:0047EC5C E84F4BF8FF call 004037B0
:0047EC61 E9A3000000 jmp 0047ED09
:0047EC66 E8154BF8FF call 00403780
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047EC3C(U)
|
:0047EC6B 33C0 xor eax, eax
:0047EC6D 5A pop edx
:0047EC6E 59 pop ecx
:0047EC6F 59 pop ecx
:0047EC70 648910 mov dword ptr fs:[eax], edx
:0047EC73 6890EC4700 push 0047EC90
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047EC8E(U)
|
:0047EC78 8B45F8 mov eax, dword ptr [ebp-08]
:0047EC7B E8084CFDFF call 00453888
:0047EC80 8B45F8 mov eax, dword ptr [ebp-08]
:0047EC83 E83043F8FF call 00402FB8
:0047EC88 C3 ret
:0047EC89 E94A4AF8FF jmp 004036D8
:0047EC8E EBE8 jmp 0047EC78
:0047EC90 A1A4EA4900 mov eax, dword ptr [0049EAA4]
:0047EC95 8B00 mov eax, dword ptr [eax]
:0047EC97 8B80D0030000 mov eax, dword ptr [eax+000003D0]
:0047EC9D 33D2 xor edx, edx
:0047EC9F E824CCFAFF call 0042B8C8
:0047ECA4 8D55BC lea edx, dword ptr [ebp-44]
:0047ECA7 8B45FC mov eax, dword ptr [ebp-04]
:0047ECAA 8B80E0020000 mov eax, dword ptr [eax+000002E0]
:0047ECB0 E8FBCCFAFF call 0042B9B0
:0047ECB5 8B4DBC mov ecx, dword ptr [ebp-44]
:0047ECB8 8D45C0 lea eax, dword ptr [ebp-40]
* Possible StringData Ref from Data Obj ->"注册用户!"
|
:0047ECBB BA74EE4700 mov edx, 0047EE74
:0047ECC0 E84752F8FF call 00403F0C
:0047ECC5 8B55C0 mov edx, dword ptr [ebp-40]
:0047ECC8 A1A4EA4900 mov eax, dword ptr [0049EAA4]
:0047ECCD 8B00 mov eax, dword ptr [eax]
:0047ECCF 8B80CC030000 mov eax, dword ptr [eax+000003CC]
:0047ECD5 E806CDFAFF call 0042B9E0
:0047ECDA BA84ED4700 mov edx, 0047ED84
* Possible StringData Ref from Data Obj ->" 注册成功! "
|
:0047ECDF B880EE4700 mov eax, 0047EE80
:0047ECE4 33C9 xor ecx, ecx
:0047ECE6 E8D954FFFF call 004741C4
:0047ECEB 8B45FC mov eax, dword ptr [ebp-04]
:0047ECEE E8B57CFCFF call 004469A8
:0047ECF3 EB14 jmp 0047ED09
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047EB93(C)
|
* Possible StringData Ref from Data Obj ->"警告"
|
:0047ECF5 BA94EE4700 mov edx, 0047EE94
* Possible StringData Ref from Data Obj ->" 错误的注册码! "
|
:0047ECFA B89CEE4700 mov eax, 0047EE9C
:0047ECFF B930000000 mov ecx, 00000030
:0047ED04 E8BB54FFFF call 004741C4
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0047EAE2(U), :0047EC61(U), :0047ECF3(U)
|
:0047ED09 33C0 xor eax, eax
:0047ED0B 5A pop edx
:0047ED0C 59 pop ecx
:0047ED0D 59 pop ecx
:0047ED0E 648910 mov dword ptr fs:[eax], edx
:0047ED11 687DED4700 push 0047ED7D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047ED7B(U)
|
:0047ED16 8D45BC lea eax, dword ptr [ebp-44]
:0047ED19 E8224FF8FF call 00403C40
:0047ED1E 8D45C0 lea eax, dword ptr [ebp-40]
:0047ED21 E81A4FF8FF call 00403C40
:0047ED26 8D45C4 lea eax, dword ptr [ebp-3C]
:0047ED29 BA03000000 mov edx, 00000003
:0047ED2E E8314FF8FF call 00403C64
:0047ED33 8D45D0 lea eax, dword ptr [ebp-30]
:0047ED36 E8054FF8FF call 00403C40
:0047ED3B 8D45D4 lea eax, dword ptr [ebp-2C]
:0047ED3E E8FD4EF8FF call 00403C40
:0047ED43 8D45D8 lea eax, dword ptr [ebp-28]
:0047ED46 BA03000000 mov edx, 00000003
:0047ED4B E8144FF8FF call 00403C64
:0047ED50 8D45E4 lea eax, dword ptr [ebp-1C]
:0047ED53 E8E84EF8FF call 00403C40
:0047ED58 8D45E8 lea eax, dword ptr [ebp-18]
:0047ED5B BA02000000 mov edx, 00000002
:0047ED60 E8FF4EF8FF call 00403C64
:0047ED65 8D45F0 lea eax, dword ptr [ebp-10]
:0047ED68 E8D34EF8FF call 00403C40
:0047ED6D 8D45F4 lea eax, dword ptr [ebp-0C]
:0047ED70 E8CB4EF8FF call 00403C40
:0047ED75 C3 ret
*******************************************************************
下面这段根据用户名生成注册码
0047428C /$ 55 PUSH EBP
0047428D |. 8BEC MOV EBP,ESP
0047428F |. 6A 00 PUSH 0
00474291 |. 6A 00 PUSH 0
00474293 |. 6A 00 PUSH 0
00474295 |. 6A 00 PUSH 0
00474297 |. 6A 00 PUSH 0
00474299 |. 6A 00 PUSH 0
0047429B |. 6A 00 PUSH 0
0047429D |. 6A 00 PUSH 0
0047429F |. 53 PUSH EBX
004742A0 |. 56 PUSH ESI
004742A1 |. 57 PUSH EDI
004742A2 |. 8BF9 MOV EDI,ECX
004742A4 |. 8BF2 MOV ESI,EDX
004742A6 |. 8BD8 MOV EBX,EAX
004742A8 |. 33C0 XOR EAX,EAX
004742AA |. 55 PUSH EBP
004742AB |. 68 10444700 PUSH UN.00474410
004742B0 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004742B3 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004742B6 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004742B9 |. 8BC3 MOV EAX,EBX
004742BB |. E8 EC4BF9FF CALL UN.00408EAC
004742C0 |. 837D F0 00 CMP DWORD PTR SS:[EBP-10],0-------------->测试是否输入用户名
004742C4 |. 75 0F JNZ SHORT UN.004742D5
004742C6 |. B8 28444700 MOV EAX,UN.00474428 ; ASCII "Input String Can't be Empty!"
004742CB |. E8 38B1FDFF CALL UN.0044F408
004742D0 |. E9 20010000 JMP UN.004743F5
004742D5 |> 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
004742D8 |. 50 PUSH EAX
004742D9 |. B9 06000000 MOV ECX,6
004742DE |. BA 01000000 MOV EDX,1
004742E3 |. 8BC3 MOV EAX,EBX
004742E5 |. E8 DEFDF8FF CALL UN.004040C8
004742EA |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004742ED |. E8 CEFBF8FF CALL UN.00403EC0------------------------>取输入的用户名的长度
004742F2 |. 50 PUSH EAX-------------------------------->用户名的长度
004742F3 |. B8 06000000 MOV EAX,6------------------------------->生成注册码的用户长度
004742F8 |. 5A POP EDX--------------------------------->用户名的长度
004742F9 |. 2BC2 SUB EAX,EDX----------------------------->求需要补足的位数
004742FB |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
004742FE |. E8 49FFFFFF CALL UN.0047424C------------------------>取需要位数的空格
00474303 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]----------->空格-------------
00474306 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]------------>输入的用户名-----/
00474309 |. E8 BAFBF8FF CALL UN.00403EC8
0047430E |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
00474311 |. 50 PUSH EAX
00474312 |. B9 06000000 MOV ECX,6
00474317 |. BA 01000000 MOV EDX,1
0047431C |. 8BC6 MOV EAX,ESI
0047431E |. E8 A5FDF8FF CALL UN.004040C8
00474323 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]----------->
00474326 |. E8 95FBF8FF CALL UN.00403EC0----------------------->测试EAX的内容是否为空,不为空则EAX取[EAX-4]
0047432B |. 50 PUSH EAX
0047432C |. B8 06000000 MOV EAX,6
00474331 |. 5A POP EDX
00474332 |. 2BC2 SUB EAX,EDX
00474334 |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
00474337 |. E8 10FFFFFF CALL UN.0047424C
0047433C |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
0047433F |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
00474342 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
00474345 |. E8 C2FBF8FF CALL UN.00403F0C
0047434A |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
0047434D |. B8 0C000000 MOV EAX,0C
00474352 |. E8 F5FEFFFF CALL UN.0047424C
00474357 |. BB 01000000 MOV EBX,1
0047435C |> 8D45 FC /LEA EAX,DWORD PTR SS:[EBP-4]
0047435F |. E8 2CFDF8FF |CALL UN.00404090
00474364 |. 8BF3 |MOV ESI,EBX
00474366 |. 03F6 |ADD ESI,ESI
00474368 |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
0047436B |. 8A541A FF |MOV DL,BYTE PTR DS:[EDX+EBX-1]
0047436F |. 885430 FE |MOV BYTE PTR DS:[EAX+ESI-2],DL
00474373 |. 8D45 FC |LEA EAX,DWORD PTR SS:[EBP-4]
00474376 |. E8 15FDF8FF |CALL UN.00404090
0047437B |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
0047437E |. 8A541A FF |MOV DL,BYTE PTR DS:[EDX+EBX-1]
00474382 |. 885430 FF |MOV BYTE PTR DS:[EAX+ESI-1],DL
00474386 |. 43 |INC EBX
00474387 |. 83FB 07 |CMP EBX,7
0047438A |.^ 75 D0 JNZ SHORT UN.0047435C
0047438C |. 8BC7 MOV EAX,EDI
0047438E |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00474391 |. E8 FEF8F8FF CALL UN.00403C94
00474396 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00474399 |. E8 22FBF8FF CALL UN.00403EC0
0047439E |. 8BF0 MOV ESI,EAX
004743A0 |. 85F6 TEST ESI,ESI
004743A2 |. 7E 30 JLE SHORT UN.004743D4
004743A4 |. BB 01000000 MOV EBX,1
004743A9 |> 8B45 FC /MOV EAX,DWORD PTR SS:[EBP-4]------------>这一小段生成注册码
004743AC |. 8A4418 FF |MOV AL,BYTE PTR DS:[EAX+EBX-1]
004743B0 |. 34 BB |XOR AL,0BB
004743B2 |. 25 FF000000 |AND EAX,0FF
004743B7 |. 8D55 E4 |LEA EDX,DWORD PTR SS:[EBP-1C]
004743BA |. E8 6D4CF9FF |CALL UN.0040902C
004743BF |. 8B45 E4 |MOV EAX,DWORD PTR SS:[EBP-1C]
004743C2 |. FF30 |PUSH DWORD PTR DS:[EAX]
004743C4 |. 8BC7 |MOV EAX,EDI
004743C6 |. E8 C5FCF8FF |CALL UN.00404090
004743CB |. 5A |POP EDX
004743CC |. 885418 FF |MOV BYTE PTR DS:[EAX+EBX-1],DL
004743D0 |. 43 |INC EBX
004743D1 |. 4E |DEC ESI
004743D2 |.^ 75 D5 JNZ SHORT UN.004743A9
004743D4 |> E8 6FE6F8FF CALL UN.00402A48
004743D9 |. B8 E7030000 MOV EAX,3E7
004743DE |. E8 85E8F8FF CALL UN.00402C68
004743E3 |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
004743E6 |. E8 414CF9FF CALL UN.0040902C
004743EB |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20]
004743EE |. 8BC7 MOV EAX,EDI
004743F0 |. E8 D3FAF8FF CALL UN.00403EC8
004743F5 |> 33C0 XOR EAX,EAX
004743F7 |. 5A POP EDX
004743F8 |. 59 POP ECX
004743F9 |. 59 POP ECX
004743FA |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004743FD |. 68 17444700 PUSH UN.00474417
00474402 |> 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
00474405 |. BA 08000000 MOV EDX,8
0047440A |. E8 55F8F8FF CALL UN.00403C64
0047440F . C3 RETN