中国计算机软件水平考试测试系统2.0(高级程序员)是一个模拟高程的软件,没
有注册就不能够查看答案,所以我们要解除它的限制.当然如果你感兴趣的话,你可
以到http://www.21swe.com/进行下载,不知道现在升级了没?不过它上面好像提供
题库的升级.
我们随便输入什么东西吧.
用户名:dengkeng[dfcg]
注册号:123456
下面就是跟踪到的关键部分:
0040432A |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8] ; |
0040432D |. B9 01000000 MOV ECX,1 ; |
00404332 |. BA 01000000 MOV EDX,1 ; |
00404337 |. E8 64320900 CALL GJ_TEST.004975A0 ; GJ_TEST.004975A0
0040433C |. 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
00404340 |. 74 05 JE SHORT GJ_TEST.00404347
00404342 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00404345 |. EB 05 JMP SHORT GJ_TEST.0040434C
00404347 |> B8 28D94A00 MOV EAX,GJ_TEST.004AD928
0040434C |> 0FBE10 MOVSX EDX,BYTE PTR DS:[EAX]
0040434F |. 69FA 9A020000 IMUL EDI,EDX,29A |
00404355 |. 33C0 XOR EAX,EAX |
00404357 |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14] |part1
0040435A |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX |
0040435D |. 52 PUSH EDX |
0040435E |. FF46 1C INC DWORD PTR DS:[ESI+1C] |
00404361 |. 33C9 XOR ECX,ECX /
00404363 |. 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
00404366 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
00404369 |. FF46 1C INC DWORD PTR DS:[ESI+1C]
0040436C |. 8B83 E0020000 MOV EAX,DWORD PTR DS:[EBX+2E0]
00404372 |. E8 119C0500 CALL GJ_TEST.0045DF88
00404377 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10] ; |
0040437A |. B9 01000000 MOV ECX,1 ; |
0040437F |. BA 02000000 MOV EDX,2 ; |
00404384 |. E8 17320900 CALL GJ_TEST.004975A0 ; GJ_TEST.004975A0
00404389 |. 837D EC 00 CMP DWORD PTR SS:[EBP-14],0
0040438D |. 74 05 JE SHORT GJ_TEST.00404394
0040438F |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
00404392 |. EB 05 JMP SHORT GJ_TEST.00404399
00404394 |> B8 29D94A00 MOV EAX,GJ_TEST.004AD929
00404399 |> 0FBE10 MOVSX EDX,BYTE PTR DS:[EAX]
0040439C |. 8BCA MOV ECX,EDX |
0040439E |. 33C0 XOR EAX,EAX |
004043A0 |. C1E1 04 SHL ECX,4 |part2
004043A3 |. 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX |
004043A6 |. 03CA ADD ECX,EDX |
004043A8 |. 8D0C8A LEA ECX,DWORD PTR DS:[EDX+ECX*4] |
004043AB |. 8D0C8A LEA ECX,DWORD PTR DS:[EDX+ECX*4] |
004043AE |. 8D0C4A LEA ECX,DWORD PTR DS:[EDX+ECX*2] |
004043B1 |. 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C] |
004043B4 |. 52 PUSH EDX |
004043B5 |. 03F9 ADD EDI,ECX /
004043B7 |. FF46 1C INC DWORD PTR DS:[ESI+1C]
004043BA |. 33C9 XOR ECX,ECX
004043BC |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
004043BF |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
004043C2 |. FF46 1C INC DWORD PTR DS:[ESI+1C]
004043C5 |. 8B83 E0020000 MOV EAX,DWORD PTR DS:[EBX+2E0]
004043CB |. E8 B89B0500 CALL GJ_TEST.0045DF88
004043D0 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18] ; |
004043D3 |. B9 01000000 MOV ECX,1 ; |
004043D8 |. BA 03000000 MOV EDX,3 ; |
004043DD |. E8 BE310900 CALL GJ_TEST.004975A0 ; GJ_TEST.004975A0
004043E2 |. 837D E4 00 CMP DWORD PTR SS:[EBP-1C],0
004043E6 |. 74 05 JE SHORT GJ_TEST.004043ED
004043E8 |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
004043EB |. EB 05 JMP SHORT GJ_TEST.004043F2
004043ED |> B8 2AD94A00 MOV EAX,GJ_TEST.004AD92A
004043F2 |> 0FBE10 MOVSX EDX,BYTE PTR DS:[EAX]
004043F5 |. 8BCA MOV ECX,EDX |
004043F7 |. 33C0 XOR EAX,EAX |
004043F9 |. C1E1 03 SHL ECX,3 |part3
004043FC |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX |
004043FF |. 2BCA SUB ECX,EDX |
00404401 |. C1E1 04 SHL ECX,4 |
00404404 |. 2BCA SUB ECX,EDX |
00404406 |. 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24] |
00404409 |. 52 PUSH EDX |
0040440A |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20] |
0040440D |. C1E1 02 SHL ECX,2 |
00404410 |. FF46 1C INC DWORD PTR DS:[ESI+1C] |
00404413 |. 03F9 ADD EDI,ECX /
00404415 |. 33C9 XOR ECX,ECX
00404417 |. 894D E0 MOV DWORD PTR SS:[EBP-20],ECX
0040441A |. FF46 1C INC DWORD PTR DS:[ESI+1C]
0040441D |. 8B83 E0020000 MOV EAX,DWORD PTR DS:[EBX+2E0]
00404423 |. E8 609B0500 CALL GJ_TEST.0045DF88
00404428 |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20] ; |
0040442B |. B9 01000000 MOV ECX,1 ; |
00404430 |. BA 04000000 MOV EDX,4 ; |
00404435 |. E8 66310900 CALL GJ_TEST.004975A0 ; GJ_TEST.004975A0
0040443A |. 837D DC 00 CMP DWORD PTR SS:[EBP-24],0
0040443E |. 74 05 JE SHORT GJ_TEST.00404445
00404440 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
00404443 |. EB 05 JMP SHORT GJ_TEST.0040444A
00404445 |> B8 2BD94A00 MOV EAX,GJ_TEST.004AD92B
0040444A |> 0FBE10 MOVSX EDX,BYTE PTR DS:[EAX]
0040444D |. 8BCA MOV ECX,EDX |
0040444F |. 33C0 XOR EAX,EAX |part4
00404451 |. C1E1 03 SHL ECX,3 |
00404454 |. 8945 D4 MOV DWORD PTR SS:[EBP-2C],EAX |
00404457 |. 2BCA SUB ECX,EDX |
00404459 |. C1E1 04 SHL ECX,4 |
0040445C |. 2BCA SUB ECX,EDX |
0040445E |. 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C] |
00404461 |. 52 PUSH EDX |
00404462 |. 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28] |
00404465 |. C1E1 02 SHL ECX,2 |
00404468 |. FF46 1C INC DWORD PTR DS:[ESI+1C] |
0040446B |. 03F9 ADD EDI,ECX /
0040446D |. 33C9 XOR ECX,ECX
0040446F |. 894D D8 MOV DWORD PTR SS:[EBP-28],ECX
00404472 |. FF46 1C INC DWORD PTR DS:[ESI+1C]
00404475 |. 8B83 E0020000 MOV EAX,DWORD PTR DS:[EBX+2E0]
0040447B |. E8 089B0500 CALL GJ_TEST.0045DF88
00404480 |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28] ; |
00404483 |. B9 01000000 MOV ECX,1 ; |
00404488 |. BA 05000000 MOV EDX,5 ; |
0040448D |. E8 0E310900 CALL GJ_TEST.004975A0 ; GJ_TEST.004975A0
00404492 |. 837D D4 00 CMP DWORD PTR SS:[EBP-2C],0
00404496 |. 74 05 JE SHORT GJ_TEST.0040449D
00404498 |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
0040449B |. EB 05 JMP SHORT GJ_TEST.004044A2
0040449D |> B8 2CD94A00 MOV EAX,GJ_TEST.004AD92C
004044A2 |> 0FBE10 MOVSX EDX,BYTE PTR DS:[EAX]
004044A5 |. 8BCA MOV ECX,EDX |
004044A7 |. 33C0 XOR EAX,EAX |part5
004044A9 |. C1E1 04 SHL ECX,4 |
004044AC |. 8945 CC MOV DWORD PTR SS:[EBP-34],EAX |
004044AF |. 03CA ADD ECX,EDX |
004044B1 |. 8D0C8A LEA ECX,DWORD PTR DS:[EDX+ECX*4] |
004044B4 |. 8D0C8A LEA ECX,DWORD PTR DS:[EDX+ECX*4] |
004044B7 |. 8D0C4A LEA ECX,DWORD PTR DS:[EDX+ECX*2] |
004044BA |. 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34] |
004044BD |. 52 PUSH EDX |
004044BE |. 03F9 ADD EDI,ECX /
004044C0 |. FF46 1C INC DWORD PTR DS:[ESI+1C]
004044C3 |. 33C9 XOR ECX,ECX
004044C5 |. 894D D0 MOV DWORD PTR SS:[EBP-30],ECX
004044C8 |. 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
004044CB |. FF46 1C INC DWORD PTR DS:[ESI+1C]
004044CE |. 8B83 E0020000 MOV EAX,DWORD PTR DS:[EBX+2E0]
004044D4 |. E8 AF9A0500 CALL GJ_TEST.0045DF88
004044D9 |. 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30] ; |
004044DC |. B9 01000000 MOV ECX,1 ; |
004044E1 |. BA 06000000 MOV EDX,6 ; |
004044E6 |. E8 B5300900 CALL GJ_TEST.004975A0 ; GJ_TEST.004975A0
004044EB |. 837D CC 00 CMP DWORD PTR SS:[EBP-34],0
004044EF |. 74 05 JE SHORT GJ_TEST.004044F6
004044F1 |. 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34]
004044F4 |. EB 05 JMP SHORT GJ_TEST.004044FB
004044F6 |> B8 2DD94A00 MOV EAX,GJ_TEST.004AD92D
004044FB |> 0FBE10 MOVSX EDX,BYTE PTR DS:[EAX]
004044FE |. 69CA 9A020000 IMUL ECX,EDX,29A |part6
00404504 |. 03F9 ADD EDI,ECX /
00404506 |. 8BC7 MOV EAX,EDI
00404508 |. 33D2 XOR EDX,EDX
想必你应该看懂了它的关键部分了吧,它只是采用用户名的前6位进行运算,1,6
位的运算是一个样,2,5部分用的是同一个算法,3,4部分用的是同一个算法.注册机
嘛,还是用Win32Asm写起来比较方便了,直接搬过来就可以了,你可以用__asm写注册
机了!那就是各展所长了!不过注册以后也只是能够看看答案而已,可惜没有解释!
这里我给出一个注册信息:
用户名:dengkeng[dfcg]
注册号:343878
下面是关键的Win32Asm Source:
Generate proc hWnd
local KKeyName[120]:byte
local KKeyGen[120]:byte
pushad
invoke lstrlen, addr KeyName
cmp eax,5
jle @2
invoke SetDlgItemText,hWnd,REGKEY,addr KeyName
invoke lstrcpy,addr KKeyName,addr KeyName ;传递给局部变量,如果用全局变量会修改KeyName的值
xor edi,edi
mov ebx,1
lea eax,KKeyName ;计算名字第一个字符
movsx edx, byte ptr [eax+ebx-1]
imul edi,edx,29AH
inc ebx
;计算名字第二个字符
movsx edx, byte ptr [eax+ebx-1]
mov ecx,edx
shl ecx,4
add ecx,edx
lea ecx,dword ptr [edx+ecx*4]
lea ecx,dword ptr [edx+ecx*4]
lea ecx,dword ptr [edx+ecx*2]
add edi,ecx
inc ebx
;计算名字第三个字符
movsx edx, byte ptr [eax+ebx-1]
mov ecx,edx
shl ecx,3
sub ecx,edx
shl ecx,4
sub ecx,edx
shl ecx,2
add edi,ecx
inc ebx
;计算名字第四个字符
movsx edx, byte ptr [eax+ebx-1]
mov ecx,edx
shl ecx,3
sub ecx,edx
shl ecx,4
sub ecx,edx
shl ecx,2
add edi,ecx
inc ebx
;计算名字第五个字符
movsx edx, byte ptr [eax+ebx-1]
mov ecx,edx
shl ecx,4
add ecx,edx
lea ecx,dword ptr [edx+ecx*4]
lea ecx,dword ptr [edx+ecx*4]
lea ecx,dword ptr [edx+ecx*2]
add edi,ecx
inc ebx
;计算名字第六个字符
movsx edx, byte ptr [eax+ebx-1]
imul ecx,edx,29AH
add edi,ecx
invoke wsprintf,addr KRealKey,addr formats,edi
jmp @4
@2:
invoke MessageBox, NULL, addr ErrorMessage, addr Error, MB_OK
@4:
popad
ret
Generate endp
Made By dengkeng[DFCG]
E-mail:shellc0de@sohu.com
欢迎转载,请保持文章的完整性