Theme Builder(V 4.01),是一款类似于资源管理器的软件,功能是十分强大的!它是一个共享软件,它会提供你30天的试用和10次的保存功能!如果你感兴趣的话,你可以到www.themetech.net去下载!
察看,是ASPack v2.001加的壳,脱之!Borland Delphi写的DeDe查看!
查看注册窗口的OkButtonClick事件!
004981C4 53 push ebx
004981C5 8BD8 mov ebx, eax
004981C7 8BC3 mov eax, ebx
* Reference to : TRegForm.ProcessReg() ;注册的过程,关键进入
|
004981C9 E826000000 call 004981F4
004981CE 3D8D030000 cmp eax, $0000038D
004981D3 7509 jnz 004981DE
004981D5 8BC3 mov eax, ebx
* Reference to : TRegForm.InComplete()
|
004981D7 E898030000 call 00498574
004981DC EB0A jmp 004981E8
004981DE 48 dec eax
004981DF 7507 jnz 004981E8
004981E1 8BC3 mov eax, ebx
* Reference to : TRegForm.Complete()
|
004981E3 E8E0010000 call 004983C8
* Reference to RegForm
|
004981E8 A1588B4F00 mov eax, dword ptr [$004F8B58]
* Reference to : TApplication._PROC_0044CB90()
|
004981ED E89E49FBFF call 0044CB90
004981F2 5B pop ebx
004981F3 C3 ret
我们进入004981C9处的Call
004981F4 55 push ebp
004981F5 8BEC mov ebp, esp
004981F7 6A00 push $00
004981F9 6A00 push $00
004981FB 6A00 push $00
004981FD 53 push ebx
004981FE 56 push esi
004981FF 8BD8 mov ebx, eax
00498201 33C0 xor eax, eax
00498203 55 push ebp
* Possible String Reference to: '閇傣脬嬈^[嬪]脨U嬱伳(?S3覊???
| U鼔U鴯??3繳hI匢'
|
00498204 68B8834900 push $004983B8
***** TRY
|
00498209 64FF30 push dword ptr fs:[eax]
0049820C 648920 mov fs:[eax], esp
0049820F 685C8B4F00 push $004F8B5C
00498214 8D55FC lea edx, [ebp-$04]
* Reference to control TRegForm.mynae : TEdit
|
00498217 8B83CC020000 mov eax, [ebx+$02CC]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
0049821D E802B7F9FF call 00433924
00498222 8B45FC mov eax, [ebp-$04]
00498225 B901000000 mov ecx, $00000001
0049822A BA01000000 mov edx, $00000001
* Reference to: System.Proc_004041D8
|
0049822F E8A4BFF6FF call 004041D8
00498234 68608B4F00 push $004F8B60
00498239 8D55FC lea edx, [ebp-$04]
* Reference to control TRegForm.mynae : TEdit
|
0049823C 8B83CC020000 mov eax, [ebx+$02CC]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
00498242 E8DDB6F9FF call 00433924
00498247 8B45FC mov eax, [ebp-$04]
0049824A B901000000 mov ecx, $00000001
0049824F BA04000000 mov edx, $00000004
* Reference to: System.Proc_004041D8
|
00498254 E87FBFF6FF call 004041D8
00498259 68648B4F00 push $004F8B64
0049825E 8D55FC lea edx, [ebp-$04]
* Reference to control TRegForm.mynae : TEdit
|
00498261 8B83CC020000 mov eax, [ebx+$02CC]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
00498267 E8B8B6F9FF call 00433924
0049826C 8B45FC mov eax, [ebp-$04]
0049826F B901000000 mov ecx, $00000001
00498274 BA07000000 mov edx, $00000007
* Reference to: System.Proc_004041D8
|
00498279 E85ABFF6FF call 004041D8
0049827E A15C8B4F00 mov eax, dword ptr [$004F8B5C]
* Reference to: Unit_00408224.Proc_004091B4
|
00498283 E82C0FF7FF call 004091B4;取得第一部分的第1个数字
* Reference to GlobalVar_004F8B68
|
00498288 A3688B4F00 mov dword ptr [$004F8B68], eax;保存
0049828D A1608B4F00 mov eax, dword ptr [$004F8B60]
* Reference to: Unit_00408224.Proc_004091B4
|
00498292 E81D0FF7FF call 004091B4;取得第一部分的第4个数字
* Reference to GlobalVar_004F8B6C
|
00498297 A36C8B4F00 mov dword ptr [$004F8B6C], eax;保存
0049829C A1648B4F00 mov eax, dword ptr [$004F8B64]
* Reference to: Unit_00408224.Proc_004091B4
|
004982A1 E80E0FF7FF call 004091B4;取得第一部分的第7个数字
* Reference to GlobalVar_004F8B70
|
004982A6 A3708B4F00 mov dword ptr [$004F8B70], eax;保存
004982AB 8D55FC lea edx, [ebp-$04]
* Reference to control TRegForm.mynae : TEdit
|
004982AE 8B83CC020000 mov eax, [ebx+$02CC]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
004982B4 E86BB6F9FF call 00433924 ;取得第一部分的数字
004982B9 8D45FC lea eax, [ebp-$04]
004982BC 50 push eax ;保存
004982BD 8D55F8 lea edx, [ebp-$08]
* Reference to control TRegForm.doty : TEdit
|
004982C0 8B83D0020000 mov eax, [ebx+$02D0]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
004982C6 E859B6F9FF call 00433924
004982CB 8B55F8 mov edx, [ebp-$08] ;第二部分数字
004982CE 58 pop eax ;取出保存的
* Reference to: System.Proc_00403FDC
|
004982CF E808BDF6FF call 00403FDC;第一部分和第二部分连接
004982D4 8B45FC mov eax, [ebp-$04]
* Reference to: System.Proc_00403FD4
|
004982D7 E8F8BCF6FF call 00403FD4;取得连接字符串的个数
004982DC 83F80A cmp eax, +$0A ;是否为10个
004982DF 0F85AE000000 jnz 00498393
004982E5 8D55FC lea edx, [ebp-$04]
* Reference to control TRegForm.doty : TEdit
|
004982E8 8B83D0020000 mov eax, [ebx+$02D0]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
004982EE E831B6F9FF call 00433924
004982F3 8B45FC mov eax, [ebp-$04]
004982F6 8A10 mov dl, byte ptr [eax] ;取出1个给bl
004982F8 8D45F4 lea eax, [ebp-$0C]
* Reference to: System.Proc_00403EFC
|
004982FB E8FCBBF6FF call 00403EFC
00498300 8B45F4 mov eax, [ebp-$0C]
* Reference to: Unit_00408224.Proc_004091B4
|
00498303 E8AC0EF7FF call 004091B4;把输入的1个字符'4'=34H转换为10进制的1个数字4
00498308 50 push eax ;结果保存
00498309 A1688B4F00 mov eax, dword ptr [$004F8B68] ;取出第一部分的第1位
0049830E 5A pop edx ;弹出给edx
0049830F 8BCA mov ecx, edx ;送给ecx
00498311 99 cdq ;扩展,即edx清0
00498312 F7F9 idiv ecx ;相除
00498314 83FA03 cmp edx, +$03 ;关键1,余数是否为3
00498317 7571 jnz 0049838A
00498319 8D55FC lea edx, [ebp-$04]
* Reference to control TRegForm.doty : TEdit
|
0049831C 8B83D0020000 mov eax, [ebx+$02D0]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
00498322 E8FDB5F9FF call 00433924
00498327 8B45FC mov eax, [ebp-$04]
* Reference to field TEdit.OFFS_0001
|
0049832A 8A5001 mov dl, byte ptr [eax+$01] ;取第二部分的第二个字符
0049832D 8D45F4 lea eax, [ebp-$0C]
* Reference to: System.Proc_00403EFC
|
00498330 E8C7BBF6FF call 00403EFC
00498335 8B45F4 mov eax, [ebp-$0C]
* Reference to: Unit_00408224.Proc_004091B4
|
00498338 E8770EF7FF call 004091B4 ;转换
0049833D 50 push eax ;结果存入eax,压栈保存
0049833E A16C8B4F00 mov eax, dword ptr [$004F8B6C] ;取出第一部分第4位值
00498343 5A pop edx ;弹出结果
00498344 8BCA mov ecx, edx
00498346 99 cdq
00498347 F7F9 idiv ecx
00498349 83FA03 cmp edx, +$03 ;关键2,余数是否为3
0049834C 753C jnz 0049838A
0049834E 8D55FC lea edx, [ebp-$04]
* Reference to control TRegForm.doty : TEdit
|
00498351 8B83D0020000 mov eax, [ebx+$02D0]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
00498357 E8C8B5F9FF call 00433924
0049835C 8B45FC mov eax, [ebp-$04]
* Reference to field TEdit.OFFS_0002
|
0049835F 8A5002 mov dl, byte ptr [eax+$02] ;取出第2部分的第3个字符
00498362 8D45F4 lea eax, [ebp-$0C]
* Reference to: System.Proc_00403EFC
|
00498365 E892BBF6FF call 00403EFC
0049836A 8B45F4 mov eax, [ebp-$0C]
* Reference to: Unit_00408224.Proc_004091B4
|
0049836D E8420EF7FF call 004091B4 ;转换保存
00498372 50 push eax
00498373 A1708B4F00 mov eax, dword ptr [$004F8B70];取出第一部分第7位值
00498378 5A pop edx
00498379 8BCA mov ecx, edx
0049837B 99 cdq
0049837C F7F9 idiv ecx
0049837E 83FA02 cmp edx, +$02 ;关键3,余数是否为2
00498381 7507 jnz 0049838A
00498383 BE01000000 mov esi, $00000001 ;置成功标志
00498388 EB0B jmp 00498395
0049838A 8BC3 mov eax, ebx
* Reference to : TRegForm.checkOther()
|
0049838C E8D3030000 call 00498764
00498391 EB02 jmp 00498395
00498393 33F6 xor esi, esi
00498395 33C0 xor eax, eax
00498397 5A pop edx
00498398 59 pop ecx
00498399 59 pop ecx
0049839A 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '嬈^[嬪]脨U嬱伳(?S3覊??塙鼔U鴯?
| ,?3繳hI匢'
|
0049839D 68BF834900 push $004983BF
004983A2 8D45F4 lea eax, [ebp-$0C]
* Reference to: System.Proc_00403D58
|
004983A5 E8AEB9F6FF call 00403D58
004983AA 8D45F8 lea eax, [ebp-$08]
004983AD BA02000000 mov edx, $00000002
* Reference to: System.Proc_00403D7C
|
004983B2 E8C5B9F6FF call 00403D7C
004983B7 C3 ret
* Reference to: System.Proc_00403818
|
004983B8 E95BB4F6FF jmp 00403818
004983BD EBE3 jmp 004983A2
****** END
|
004983BF 8BC6 mov eax, esi
004983C1 5E pop esi
004983C2 5B pop ebx
004983C3 8BE5 mov esp, ebp
004983C5 5D pop ebp
004983C6 C3 ret
经过以上分析,我想对程序的注册算法应该差不多都清楚了,下面在总结
一下:先是把第一部分和第二部分连接起来,判断总的个数是否为10个,考虑
到后面要依靠到第二部分的3个数字,第一部分就应该是7位,而第二部分应该
是3位,好了,完了以后,程序将会取出第一部分的1,4,7位的数值,保存到全局
变量中去!接着取出第二部分的每个字符,转换成10近制的值,即'3'=34H,转
换为4,然后保存,接着是用第一部分的第1个数字除以第二部分的的第1个数字如果余数为3则成功,接着比较第二关键部分,同理第一部分的第4个字符除以第二部分的第2个字符,看余数是否为3,接着比较第三关键部分,这回是把第一部分的第7为的值除以第糠值牡?个字符的值,余数为2则成功!而第一部分的其他2,3,5,6位则任意,注册码第三部分则任意!
注册码为如下形式:
3xx3xx2-yyz-mmmn ;x为任意,y为大于3的整数,z为大于2的整数,第三部分任意
7xx7xx5-443-mmmn
9xx9xx5-663-mmmn
9xx9xx9-667-mmmn
当第一部分的第1,4位为7,9时,第二部分的前两位4,6,而第一部分的第7位
和第二部分的第3位,则可以是2,z(z>2)或者5,3或者7,5或者9,7的组合,
这样都可以注册成功,这样注册码太多了!
我又试了一下第一部分第7位,除以第二部分第3位余数为3的情况,也注册
成功了,例如:
7xx7xx7-444-mmmn
这是程序上没有反映出来的,不知道为什么?也懒得跟了,这么多注册码
够我们用的了!
Made By dengkeng
E-mail:shellc0de@sohu.com
欢迎转载,请保持文章的完整性