管得多.Net II简单注册分析
【破解作者】 jsliyangsj
【作者邮箱】 sjcrack@yahoo.com.cn
【使用工具】 peid OllyDbg1.10
【破解平台】 Winxp
【软件名称】 管得多
【软件地址】 http://www.oksoft.cn
分析:
查找字符串后到这里:
0048CD84 . 57 push edi
0048CD85 . 8B>mov ebx,eax
0048CD87 . 33>xor eax,eax
0048CD89 . 55 push ebp
0048CD8A . 68>push SoftReg5.0048CED1
0048CD8F . 64>push dword ptr fs:[eax]
0048CD92 . 64>mov dword ptr fs:[eax],esp
0048CD95 . 8D>lea edx,dword ptr ss:[ebp-8]
0048CD98 . 8B>mov eax,dword ptr ds:[ebx+320]
0048CD9E . E8>call SoftReg5.0043E11C ; 得到用户名
0048CDA3 . 83>cmp dword ptr ss:[ebp-8],0 ; 是否输入
0048CDA7 . 75>jnz short SoftReg5.0048CDB8
0048CDA9 . B8>mov eax,SoftReg5.0048CEE8
0048CDAE . E8>call SoftReg5.00430184
0048CDB3 . E9>jmp SoftReg5.0048CEA1
0048CDB8 > 33>xor eax,eax
0048CDBA . 55 push ebp
0048CDBB . 68>push SoftReg5.0048CDE8
0048CDC0 . 64>push dword ptr fs:[eax]
0048CDC3 . 64>mov dword ptr fs:[eax],esp
0048CDC6 . 8D>lea edx,dword ptr ss:[ebp-C]
0048CDC9 . 8B>mov eax,dword ptr ds:[ebx+2FC]
0048CDCF . E8>call SoftReg5.0043E11C ; 得到输入码
0048CDD4 . 8B>mov eax,dword ptr ss:[ebp-C] ; 取出输入码
0048CDD7 . E8>call SoftReg5.00408ADC ; 将输入码转化为16进制数据
0048CDDC . 8B>mov esi,eax
0048CDDE . 33>xor eax,eax
0048CDE0 . 5A pop edx
0048CDE1 . 59 pop ecx
0048CDE2 . 59 pop ecx
0048CDE3 . 64>mov dword ptr fs:[eax],edx
0048CDE6 . EB>jmp short SoftReg5.0048CE06
0048CDE8 .^ E9>jmp SoftReg5.00403864
0048CDED . B8>mov eax,SoftReg5.0048CF04
0048CDF2 . E8>call SoftReg5.00430184
0048CDF7 . E8>call SoftReg5.00403BCC
0048CDFC . E9>jmp SoftReg5.0048CEA1
0048CE01 . E8>call SoftReg5.00403BCC
0048CE06 > 8D>lea eax,dword ptr ss:[ebp-4]
0048CE09 . 8B>mov edx,dword ptr ds:[ebx+340] ; 取出机器码
0048CE0F . E8>call SoftReg5.004041AC
0048CE14 . BA>mov edx,SoftReg5.00491CD8
0048CE19 . 8D>lea eax,dword ptr ss:[ebp-4]
0048CE1C . 8B>mov ecx,esi ; 拷贝一个输入码的16进制数据
0048CE1E . E8>call SoftReg5.0048C3BC ; 这里是关键的地方
0048CE23 . FE>inc byte ptr ds:[ebx+33C]
0048CE29 . 80>cmp byte ptr ds:[ebx+33C],3
0048CE30 . 7E>jle short SoftReg5.0048CE39
0048CE32 . 8B>mov eax,ebx
0048CE34 . E8>call SoftReg5.0045A158
…………………………………………………………………………………………………………………………………………………………
进入0048CE1E . E8>call SoftReg5.0048C3BC ; 这里是关键的地方
…………………………………………………………………………………………………………………………………………………………
0048C3C7 |. 6A>push 0
0048C3C9 |. 6A>push 0
0048C3CB |. 6A>push 0
0048C3CD |. 6A>push 0
0048C3CF |. 53 push ebx
0048C3D0 |. 56 push esi
0048C3D1 |. 57 push edi
0048C3D2 |. 89>mov dword ptr ss:[ebp-8],ecx
0048C3D5 |. 89>mov dword ptr ss:[ebp-4],edx
0048C3D8 |. 8B>mov edi,eax
0048C3DA |. 33>xor eax,eax
0048C3DC |. 55 push ebp
0048C3DD |. 68>push SoftReg5.0048C718
0048C3E2 |. 64>push dword ptr fs:[eax]
0048C3E5 |. 64>mov dword ptr fs:[eax],esp
0048C3E8 |. 8D>lea eax,dword ptr ss:[ebp-18]
0048C3EB |. 8B>mov edx,dword ptr ds:[edi] ; 取出机器码
0048C3ED |. E8>call SoftReg5.004041AC
0048C3F2 |. 8D>lea eax,dword ptr ss:[ebp-10]
0048C3F5 |. E8>call SoftReg5.00404114
0048C3FA |. 8B>mov eax,dword ptr ss:[ebp-18] ; 再次取出机器码
0048C3FD |. E8>call SoftReg5.004043D4 ; 得到输入码的位数
0048C402 |. 8B>mov ebx,eax
0048C404 |. 85>test ebx,ebx
0048C406 |. 0F>jle SoftReg5.0048C4DE
0048C40C |. BE>mov esi,1
0048C411 |> 8D>/lea eax,dword ptr ss:[ebp-C]
0048C414 |. 50 |push eax
0048C415 |. B9>|mov ecx,1
0048C41A |. 8B>|mov edx,esi
0048C41C |. 8B>|mov eax,dword ptr ss:[ebp-18] ; 取出机器码
0048C41F |. E8>|call SoftReg5.00404634 ; 得到每一位的输入码的ASCII放在EAX中
0048C424 |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C427 |. BA>|mov edx,SoftReg5.0048C730 ; 是否等于31
0048C42C |. E8>|call SoftReg5.00404520
0048C431 |. 0F>|je SoftReg5.0048C4BE
0048C437 |. 8B>|mov eax,dword ptr ss:[ebp-C] ; 得到本次的输入码的ASCII
0048C43A |. BA>|mov edx,SoftReg5.0048C73C ; 32
0048C43F |. E8>|call SoftReg5.00404520 ; 是否等于32
0048C444 |. 74>|je short SoftReg5.0048C4BE
0048C446 |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C449 |. BA>|mov edx,SoftReg5.0048C748
0048C44E |. E8>|call SoftReg5.00404520
0048C453 |. 74>|je short SoftReg5.0048C4BE
0048C455 |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C458 |. BA>|mov edx,SoftReg5.0048C754
0048C45D |. E8>|call SoftReg5.00404520
0048C462 |. 74>|je short SoftReg5.0048C4BE
0048C464 |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C467 |. BA>|mov edx,SoftReg5.0048C754
0048C46C |. E8>|call SoftReg5.00404520
0048C471 |. 74>|je short SoftReg5.0048C4BE
0048C473 |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C476 |. BA>|mov edx,SoftReg5.0048C760
0048C47B |. E8>|call SoftReg5.00404520
0048C480 |. 74>|je short SoftReg5.0048C4BE
0048C482 |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C485 |. BA>|mov edx,SoftReg5.0048C76C
0048C48A |. E8>|call SoftReg5.00404520
0048C48F |. 74>|je short SoftReg5.0048C4BE
0048C491 |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C494 |. BA>|mov edx,SoftReg5.0048C778
0048C499 |. E8>|call SoftReg5.00404520
0048C49E |. 74>|je short SoftReg5.0048C4BE
0048C4A0 |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C4A3 |. BA>|mov edx,SoftReg5.0048C784
0048C4A8 |. E8>|call SoftReg5.00404520
0048C4AD |. 74>|je short SoftReg5.0048C4BE
0048C4AF |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C4B2 |. BA>|mov edx,SoftReg5.0048C790
0048C4B7 |. E8>|call SoftReg5.00404520
0048C4BC |. 75>|jnz short SoftReg5.0048C4D6 ; 跳
0048C4BE |> 8D>|lea eax,dword ptr ss:[ebp-10]
0048C4C1 |. 8B>|mov edx,dword ptr ss:[ebp-C]
0048C4C4 |. E8>|call SoftReg5.004043DC ; 其实就是把机器码中所有1-9的数字都收集起来
0048C4C9 |. 8B>|mov eax,dword ptr ss:[ebp-10]
0048C4CC |. E8>|call SoftReg5.004043D4
0048C4D1 |. 83>|cmp eax,6
0048C4D4 |. 74>|je short SoftReg5.0048C4DE
0048C4D6 |> 46 |inc esi
0048C4D7 |. 4B |dec ebx
0048C4D8 |.^ 0F>\jnz SoftReg5.0048C411
0048C4DE |> 83>cmp dword ptr ss:[ebp-10],0 ; 检查机器码中是否存在1-9数字
0048C4E2 |. 74>je short SoftReg5.0048C4F1
0048C4E4 |. 8B>mov eax,dword ptr ss:[ebp-10] ; 取出收集的数字
0048C4E7 |. E8>call SoftReg5.00408ADC ; 将收集是数字转化为16进制数据000C8E1C
0048C4EC |. 89>mov dword ptr ss:[ebp-14],eax ; 结果储存起来
0048C4EF |. EB>jmp short SoftReg5.0048C4F8
0048C4F1 |> C7>mov dword ptr ss:[ebp-14],89CB1
0048C4F8 |> 8D>lea eax,dword ptr ss:[ebp-C]
0048C4FB |. E8>call SoftReg5.00404114
0048C500 |. 8B>mov eax,dword ptr ss:[ebp-10] ; 又取出上面收集的机器码中含有的1-9字符符号
0048C503 |. E8>call SoftReg5.004043D4 ; 得到位数
0048C508 |. 8B>mov ebx,eax
0048C50A |. 4B dec ebx
0048C50B |. 85>test ebx,ebx
0048C50D |. 7C>jl short SoftReg5.0048C53E
0048C50F |. 43 inc ebx
0048C510 |. 33>xor esi,esi
0048C512 |> 8D>/lea eax,dword ptr ss:[ebp-1C]
0048C515 |. 50 |push eax
0048C516 |. 8B>|mov eax,dword ptr ss:[ebp-10]
0048C519 |. E8>|call SoftReg5.004043D4
0048C51E |. 8B>|mov edx,eax
0048C520 |. 2B>|sub edx,esi
0048C522 |. B9>|mov ecx,1
0048C527 |. 8B>|mov eax,dword ptr ss:[ebp-10]
0048C52A |. E8>|call SoftReg5.00404634
0048C52F |. 8B>|mov edx,dword ptr ss:[ebp-1C]
0048C532 |. 8D>|lea eax,dword ptr ss:[ebp-C]
0048C535 |. E8>|call SoftReg5.004043DC ; 组合起来
0048C53A |. 46 |inc esi
0048C53B |. 4B |dec ebx
0048C53C |.^ 75>\jnz short SoftReg5.0048C512 ; 这一段就是将上面收集数据反过来
0048C53E |> 8B>mov eax,dword ptr ss:[ebp-C] ; 取出反过来的数据
0048C541 |. E8>call SoftReg5.00408ADC ; 再将反过来的数据转化为16进制数据00035474
0048C546 |. 8B>mov edx,dword ptr ss:[ebp-4]
0048C549 |. 8B>mov eax,edi
0048C54B |. 8B>mov ecx,dword ptr ss:[ebp-8] ; 得到输入码16进制形式
0048C54E |. E8>call SoftReg5.0048C004 ; 这里是关键 进入!
0048C553 |. 8D>lea eax,dword ptr ss:[ebp-10]
0048C556 |. E8>call SoftReg5.00404114
0048C55B |. 8B>mov eax,dword ptr ss:[ebp-18]
0048C55E |. E8>call SoftReg5.004043D4
…………………………………………………………………………………………………………………………………………………………
进入0048C54E |. E8>call SoftReg5.0048C004 ; 这里是关键 进入!
…………………………………………………………………………………………………………………………………………………………
0048C021 |. 8B>mov ebx,eax
0048C023 |. 33>xor eax,eax
0048C025 |. 55 push ebp
0048C026 |. 68>push SoftReg5.0048C33D
0048C02B |. 64>push dword ptr fs:[eax]
0048C02E |. 64>mov dword ptr fs:[eax],esp
0048C031 |. 8D>lea eax,dword ptr ss:[ebp-1C]
0048C034 |. 8B>mov edx,dword ptr ds:[ebx] ; 取出机器码
0048C036 |. E8>call SoftReg5.004041AC
0048C03B |. 8D>lea eax,dword ptr ss:[ebp-10]
0048C03E |. E8>call SoftReg5.00404114
0048C043 |. 8B>mov eax,dword ptr ss:[ebp-1C]
0048C046 |. E8>call SoftReg5.004043D4 ; 得到位数
0048C04B |. 8B>mov ebx,eax
0048C04D |. 85>test ebx,ebx
0048C04F |. 0F>jle SoftReg5.0048C127
0048C055 |. BE>mov esi,1
0048C05A |> 8D>/lea eax,dword ptr ss:[ebp-C]
0048C05D |. 50 |push eax
0048C05E |. B9>|mov ecx,1
0048C063 |. 8B>|mov edx,esi
0048C065 |. 8B>|mov eax,dword ptr ss:[ebp-1C]
0048C068 |. E8>|call SoftReg5.00404634
0048C06D |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C070 |. BA>|mov edx,SoftReg5.0048C358
0048C075 |. E8>|call SoftReg5.00404520
0048C07A |. 0F>|je SoftReg5.0048C107
0048C080 |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C083 |. BA>|mov edx,SoftReg5.0048C364
0048C088 |. E8>|call SoftReg5.00404520
0048C08D |. 74>|je short SoftReg5.0048C107
0048C08F |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C092 |. BA>|mov edx,SoftReg5.0048C370
0048C097 |. E8>|call SoftReg5.00404520
0048C09C |. 74>|je short SoftReg5.0048C107
0048C09E |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C0A1 |. BA>|mov edx,SoftReg5.0048C37C
0048C0A6 |. E8>|call SoftReg5.00404520
0048C0AB |. 74>|je short SoftReg5.0048C107
0048C0AD |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C0B0 |. BA>|mov edx,SoftReg5.0048C37C
0048C0B5 |. E8>|call SoftReg5.00404520
0048C0BA |. 74>|je short SoftReg5.0048C107
0048C0BC |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C0BF |. BA>|mov edx,SoftReg5.0048C388
0048C0C4 |. E8>|call SoftReg5.00404520
0048C0C9 |. 74>|je short SoftReg5.0048C107
0048C0CB |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C0CE |. BA>|mov edx,SoftReg5.0048C394
0048C0D3 |. E8>|call SoftReg5.00404520
0048C0D8 |. 74>|je short SoftReg5.0048C107
0048C0DA |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C0DD |. BA>|mov edx,SoftReg5.0048C3A0
0048C0E2 |. E8>|call SoftReg5.00404520
0048C0E7 |. 74>|je short SoftReg5.0048C107
0048C0E9 |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C0EC |. BA>|mov edx,SoftReg5.0048C3AC
0048C0F1 |. E8>|call SoftReg5.00404520
0048C0F6 |. 74>|je short SoftReg5.0048C107
0048C0F8 |. 8B>|mov eax,dword ptr ss:[ebp-C]
0048C0FB |. BA>|mov edx,SoftReg5.0048C3B8
0048C100 |. E8>|call SoftReg5.00404520
0048C105 |. 75>|jnz short SoftReg5.0048C11F
0048C107 |> 8D>|lea eax,dword ptr ss:[ebp-10]
0048C10A |. 8B>|mov edx,dword ptr ss:[ebp-C]
0048C10D |. E8>|call SoftReg5.004043DC
0048C112 |. 8B>|mov eax,dword ptr ss:[ebp-10]
0048C115 |. E8>|call SoftReg5.004043D4
0048C11A |. 83>|cmp eax,6
0048C11D |. 74>|je short SoftReg5.0048C127
0048C11F |> 46 |inc esi
0048C120 |. 4B |dec ebx
0048C121 |.^ 0F>\jnz SoftReg5.0048C05A ; 又是将机器码中的1-9数字组合起来
0048C127 |> 83>cmp dword ptr ss:[ebp-10],0
0048C12B |. 74>je short SoftReg5.0048C139
0048C12D |. 8B>mov eax,dword ptr ss:[ebp-10]
0048C130 |. E8>call SoftReg5.00408ADC ; 再转化为16进制数据000C8E1C
0048C135 |. 8B>mov edi,eax
0048C137 |. EB>jmp short SoftReg5.0048C13E
0048C139 |> BF>mov edi,89CB1
0048C13E |> 8D>lea eax,dword ptr ss:[ebp-C]
0048C141 |. E8>call SoftReg5.00404114
0048C146 |. 8B>mov eax,dword ptr ss:[ebp-10] ; 再次得到收集好的数据
0048C149 |. E8>call SoftReg5.004043D4 ; 得到它的位数
0048C14E |. 8B>mov ebx,eax
0048C150 |. 4B dec ebx
0048C151 |. 85>test ebx,ebx
0048C153 |. 7C>jl short SoftReg5.0048C184
0048C155 |. 43 inc ebx
0048C156 |. 33>xor esi,esi
0048C158 |> 8D>/lea eax,dword ptr ss:[ebp-20]
0048C15B |. 50 |push eax
0048C15C |. 8B>|mov eax,dword ptr ss:[ebp-10]
0048C15F |. E8>|call SoftReg5.004043D4
0048C164 |. 8B>|mov edx,eax
0048C166 |. 2B>|sub edx,esi
0048C168 |. B9>|mov ecx,1
0048C16D |. 8B>|mov eax,dword ptr ss:[ebp-10]
0048C170 |. E8>|call SoftReg5.00404634
0048C175 |. 8B>|mov edx,dword ptr ss:[ebp-20]
0048C178 |. 8D>|lea eax,dword ptr ss:[ebp-C]
0048C17B |. E8>|call SoftReg5.004043DC
0048C180 |. 46 |inc esi
0048C181 |. 4B |dec ebx
0048C182 |.^ 75>\jnz short SoftReg5.0048C158 ; 这一段也是将它反过来
0048C184 |> 8D>lea edx,dword ptr ss:[ebp-24]
0048C187 |. 8B>mov eax,dword ptr ss:[ebp-8] ; 再得到输入码的16进制数据
0048C18A |. E8>call SoftReg5.0048BD74 ; 关键 要进入了!
0048C18F |. 8B>mov eax,dword ptr ss:[ebp-C]
0048C192 |. E8>call SoftReg5.00408ADC
………………………………………………………………………………………………………………………………………………
进入0048C18A |. E8>call SoftReg5.0048BD74 ; 关键 要进入了!
………………………………………………………………………………………………………………………………………………
0048BD8D |. 55 push ebp
0048BD8E |. 68>push SoftReg5.0048BF87
0048BD93 |. 64>push dword ptr fs:[eax]
0048BD96 |. 64>mov dword ptr fs:[eax],esp
0048BD99 |. 8B>mov eax,ebx ; 输入码的16进制形式
0048BD9B |. E8>call SoftReg5.0048BBF4 ; 这里就出错了!!!要进入!
0048BDA0 |. 8B>mov edx,eax
0048BDA2 |. 8D>lea eax,dword ptr ss:[ebp-4]
0048BDA5 |. E8>call SoftReg5.0040430C
0048BDAA |. 8D>lea eax,dword ptr ss:[ebp-C]
0048BDAD |. 50 push eax
0048BDAE |. B9>mov ecx,1
0048BDB3 |. BA>mov edx,1
……………………………………………………………………………………………………………………………………
进入0048BD9B |. E8>call SoftReg5.0048BBF4
………………………………………………………………………………………………………………………………………………
0048BC06 . A1>mov eax,dword ptr ds:[490660]
0048BC0B . 83>cmp dword ptr ds:[eax],2
0048BC0E . 75>jnz short SoftReg5.0048BC31
0048BC10 . 6A>push 0 ; /hTemplateFile = NULL
0048BC12 . 6A>push 0 ; |Attributes = 0
0048BC14 . 6A>push 3 ; |Mode = OPEN_EXISTING
0048BC16 . 6A>push 0 ; |pSecurity = NULL
0048BC18 . 6A>push 3 ; |ShareMode = FILE_SHARE_READ|FILE_SHARE_WRITE
0048BC1A . 68>push C0000000 ; |Access = GENERIC_READ|GENERIC_WRITE
0048BC1F . 68>push SoftReg5.0048BD50 ; |FileName = "\\.\PhysicalDrive0"
0048BC24 . E8>call <jmp.&kernel32.CreateFileA> ; \CreateFileA
0048BC29 . 89>mov dword ptr ss:[ebp-214],eax
0048BC2F . EB>jmp short SoftReg5.0048BC4D
0048BC31 > 6A>push 0 ; /hTemplateFile = NULL
0048BC33 . 6A>push 0 ; |Attributes = 0
0048BC35 . 6A>push 1 ; |Mode = CREATE_NEW
0048BC37 . 6A>push 0 ; |pSecurity = NULL
0048BC39 . 6A>push 0 ; |ShareMode = 0
0048BC3B . 6A>push 0 ; |Access = 0
0048BC3D . 68>push SoftReg5.0048BD64 ; |FileName = "\\.\SMARTVSD"
0048BC42 . E8>call <jmp.&kernel32.CreateFileA> ; \CreateFileA
0048BC47 . 89>mov dword ptr ss:[ebp-214],eax
0048BC4D > 8B>mov edx,esi ; 得到输入码的16进制形式
0048BC4F . A1>mov eax,dword ptr ds:[491CD8]
0048BC54 . E8>call <jmp.&Micro.GetScrTop> ; 出错了!!进入
0048BC59 . 83>cmp dword ptr ss:[ebp-214],-1
0048BC60 . 0F>je SoftReg5.0048BD42
0048BC66 . 33>xor eax,eax
………………………………………………………………………………………………………………………………
进入0048BC54 . E8>call <jmp.&Micro.GetScrTop> ; 出错了!!进入
……………………………………………………………………………………………………………………………………
0053D58C > $ 55 push ebp
0053D58D . 8B>mov ebp,esp
0053D58F . 6A>push 0
0053D591 . 53 push ebx
0053D592 . 56 push esi
0053D593 . 57 push edi
0053D594 . 8B>mov ebx,edx ; 这里得到输入码的16进制数据
0053D596 . 33>xor eax,eax
0053D598 . 55 push ebp
0053D599 . 68>push Micro.0053D657
0053D59E . 64>push dword ptr fs:[eax]
0053D5A1 . 64>mov dword ptr fs:[eax],esp
0053D5A4 . E8>call Micro.GetScrLeft ; 产生机器码放于EAX中
0053D5A9 . 8B>mov edx,eax
0053D5AB . 8D>lea eax,dword ptr ss:[ebp-4]
0053D5AE . E8>call Micro.004B4248 ; 没什么
0053D5B3 . 8D>lea eax,dword ptr ss:[ebp-4]
0053D5B6 . E8>call Micro.0053C988 ; 这里就是计算第1个注册码的地方
0053D5BB . 8B>mov esi,eax ; 结果出来了
0053D5BD . 8D>lea eax,dword ptr ss:[ebp-4]
0053D5C0 . E8>call Micro.0053CD18 ; 这里就是计算第2个注册码的地方
0053D5C5 . 8B>mov edx,eax
0053D5C7 . 8B>mov eax,ebx
0053D5C9 . 3B>cmp eax,esi ; 输入码与注册码的第一次比较
0053D5CB . 74>je short Micro.0053D5D1
0053D5CD . 3B>cmp eax,edx ; 输入码与注册码的第二次比较
0053D5CF . 75>jnz short Micro.0053D635 ; 关键跳转
……………………………………………………………………………………………………………………………………………………
进入0053D5B6 . E8>call Micro.0053C988 ; 这里就是计算第1个注册码的地方
……………………………………………………………………………………………………………………………………………………
0053C9A4 |. 64>mov dword ptr fs:[eax],esp
0053C9A7 |. 8D>lea eax,dword ptr ss:[ebp-14]
0053C9AA |. 8B>mov edx,dword ptr ds:[ebx] ; 得到机器码
0053C9AC |. E8>call Micro.004B40E8
0053C9B1 |. 8D>lea eax,dword ptr ss:[ebp-8]
0053C9B4 |. E8>call Micro.004B4050
0053C9B9 |. 8B>mov eax,dword ptr ss:[ebp-14]
0053C9BC |. E8>call Micro.004B4310 ; 得到机器码的位数
0053C9C1 |. 8B>mov ebx,eax
0053C9C3 |. 85>test ebx,ebx
0053C9C5 |. 0F>jle Micro.0053CA9D
0053C9CB |. BE>mov esi,1
0053C9D0 |> 8D>/lea eax,dword ptr ss:[ebp-4]
0053C9D3 |. 50 |push eax
0053C9D4 |. B9>|mov ecx,1
0053C9D9 |. 8B>|mov edx,esi
0053C9DB |. 8B>|mov eax,dword ptr ss:[ebp-14] ; 得到机器码
0053C9DE |. E8>|call Micro.004B4570 ; 依次取得机器码的每一位ASCII
0053C9E3 |. 8B>|mov eax,dword ptr ss:[ebp-4] ; 依次取得机器码的每一位ASCII的地址
0053C9E6 |. BA>|mov edx,Micro.0053CCB4 ; 固定值31
0053C9EB |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是31
0053C9F0 |. 0F>|je Micro.0053CA7D
0053C9F6 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053C9F9 |. BA>|mov edx,Micro.0053CCC0 ; 固定值32
0053C9FE |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是32
0053CA03 |. 74>|je short Micro.0053CA7D
0053CA05 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CA08 |. BA>|mov edx,Micro.0053CCCC ; 固定值33
0053CA0D |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是33
0053CA12 |. 74>|je short Micro.0053CA7D
0053CA14 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CA17 |. BA>|mov edx,Micro.0053CCD8 ; 固定值34
0053CA1C |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是34
0053CA21 |. 74>|je short Micro.0053CA7D
0053CA23 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CA26 |. BA>|mov edx,Micro.0053CCD8 ; 固定值34
0053CA2B |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是34
0053CA30 |. 74>|je short Micro.0053CA7D
0053CA32 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CA35 |. BA>|mov edx,Micro.0053CCE4 ; 固定值35
0053CA3A |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是35
0053CA3F |. 74>|je short Micro.0053CA7D
0053CA41 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CA44 |. BA>|mov edx,Micro.0053CCF0 ; 固定值36
0053CA49 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是36
0053CA4E |. 74>|je short Micro.0053CA7D
0053CA50 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CA53 |. BA>|mov edx,Micro.0053CCFC ; 固定值37
0053CA58 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是37
0053CA5D |. 74>|je short Micro.0053CA7D
0053CA5F |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CA62 |. BA>|mov edx,Micro.0053CD08 ; 固定值38
0053CA67 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是38
0053CA6C |. 74>|je short Micro.0053CA7D
0053CA6E |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CA71 |. BA>|mov edx,Micro.0053CD14 ; 固定值39
0053CA76 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是39
0053CA7B |. 75>|jnz short Micro.0053CA95
0053CA7D |> 8D>|lea eax,dword ptr ss:[ebp-8]
0053CA80 |. 8B>|mov edx,dword ptr ss:[ebp-4]
0053CA83 |. E8>|call Micro.004B4318 ; 将机器码中符合1-9的数字组合起来
0053CA88 |. 8B>|mov eax,dword ptr ss:[ebp-8]
0053CA8B |. E8>|call Micro.004B4310 ; 取出组合后的位数
0053CA90 |. 83>|cmp eax,6 ; 只取6位
0053CA93 |. 74>|je short Micro.0053CA9D
0053CA95 |> 46 |inc esi
0053CA96 |. 4B |dec ebx
0053CA97 |.^ 0F>\jnz Micro.0053C9D0 ; 这个循环得到机器码中1-9的数字组合在一起
0053CA9D |> 83>cmp dword ptr ss:[ebp-8],0 ; 检查机器码中是否有1-9的数字
0053CAA1 |. 74>je short Micro.0053CAAF
0053CAA3 |. 8B>mov eax,dword ptr ss:[ebp-8] ; 取出组合的数字
0053CAA6 |. E8>call Micro.004B88B0 ; 将上面的组合的数字转化为16进制数据
0053CAAB |. 8B>mov edi,eax ; 储存在EDI中
0053CAAD |. EB>jmp short Micro.0053CAB4
0053CAAF |> BF>mov edi,89CB1
0053CAB4 |> 8D>lea eax,dword ptr ss:[ebp-4]
0053CAB7 |. E8>call Micro.004B4050
0053CABC |. 8B>mov eax,dword ptr ss:[ebp-8] ; 再次得到上面得到的机器码中的1-9的数字
0053CABF |. E8>call Micro.004B4310 ; 得到1-9数字的位数
0053CAC4 |. 8B>mov ebx,eax
0053CAC6 |. 4B dec ebx
0053CAC7 |. 85>test ebx,ebx
0053CAC9 |. 7C>jl short Micro.0053CAFA
0053CACB |. 43 inc ebx
0053CACC |. 33>xor esi,esi
0053CACE |> 8D>/lea eax,dword ptr ss:[ebp-18]
0053CAD1 |. 50 |push eax
0053CAD2 |. 8B>|mov eax,dword ptr ss:[ebp-8] ; 得到上面组合好的一组数据
0053CAD5 |. E8>|call Micro.004B4310 ; 得到位数
0053CADA |. 8B>|mov edx,eax
0053CADC |. 2B>|sub edx,esi
0053CADE |. B9>|mov ecx,1
0053CAE3 |. 8B>|mov eax,dword ptr ss:[ebp-8]
0053CAE6 |. E8>|call Micro.004B4570 ; 取值,从最后一位向前面取值
0053CAEB |. 8B>|mov edx,dword ptr ss:[ebp-18] ; 得到每一位ASCII的地址
0053CAEE |. 8D>|lea eax,dword ptr ss:[ebp-4]
0053CAF1 |. E8>|call Micro.004B4318 ; 收集组合起来
0053CAF6 |. 46 |inc esi
0053CAF7 |. 4B |dec ebx
0053CAF8 |.^ 75>\jnz short Micro.0053CACE ; 这一段是将上面机器码1-9的数字组合反过来
0053CAFA |> 8B>mov eax,dword ptr ss:[ebp-4] ; 取出反过来的数字
0053CAFD |. E8>call Micro.004B88B0 ; 将反过来的数字转化为16进制数据
0053CB02 |. 89>mov dword ptr ss:[ebp-10],eax ; 储存在这里
0053CB05 |. 8D>lea eax,dword ptr ss:[ebp-8]
0053CB08 |. E8>call Micro.004B4050
0053CB0D |. 8B>mov eax,dword ptr ss:[ebp-14] ; 又次得到机器码
0053CB10 |. E8>call Micro.004B4310
0053CB15 |. 8B>mov ebx,eax
0053CB17 |. 85>test ebx,ebx
0053CB19 |. 0F>jl Micro.0053CBF9
0053CB1F |. 43 inc ebx
0053CB20 |. 33>xor esi,esi
0053CB22 |> 8D>/lea eax,dword ptr ss:[ebp-4]
0053CB25 |. 50 |push eax
0053CB26 |. 8B>|mov eax,dword ptr ss:[ebp-14]
0053CB29 |. E8>|call Micro.004B4310
0053CB2E |. 8B>|mov edx,eax
0053CB30 |. 2B>|sub edx,esi
0053CB32 |. B9>|mov ecx,1
0053CB37 |. 8B>|mov eax,dword ptr ss:[ebp-14]
0053CB3A |. E8>|call Micro.004B4570
0053CB3F |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CB42 |. BA>|mov edx,Micro.0053CCB4
0053CB47 |. E8>|call Micro.004B445C
0053CB4C |. 0F>|je Micro.0053CBD9
0053CB52 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CB55 |. BA>|mov edx,Micro.0053CCC0
0053CB5A |. E8>|call Micro.004B445C
0053CB5F |. 74>|je short Micro.0053CBD9
0053CB61 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CB64 |. BA>|mov edx,Micro.0053CCCC
0053CB69 |. E8>|call Micro.004B445C
0053CB6E |. 74>|je short Micro.0053CBD9
0053CB70 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CB73 |. BA>|mov edx,Micro.0053CCD8
0053CB78 |. E8>|call Micro.004B445C
0053CB7D |. 74>|je short Micro.0053CBD9
0053CB7F |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CB82 |. BA>|mov edx,Micro.0053CCD8
0053CB87 |. E8>|call Micro.004B445C
0053CB8C |. 74>|je short Micro.0053CBD9
0053CB8E |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CB91 |. BA>|mov edx,Micro.0053CCE4
0053CB96 |. E8>|call Micro.004B445C
0053CB9B |. 74>|je short Micro.0053CBD9
0053CB9D |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CBA0 |. BA>|mov edx,Micro.0053CCF0
0053CBA5 |. E8>|call Micro.004B445C
0053CBAA |. 74>|je short Micro.0053CBD9
0053CBAC |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CBAF |. BA>|mov edx,Micro.0053CCFC
0053CBB4 |. E8>|call Micro.004B445C
0053CBB9 |. 74>|je short Micro.0053CBD9
0053CBBB |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CBBE |. BA>|mov edx,Micro.0053CD08
0053CBC3 |. E8>|call Micro.004B445C
0053CBC8 |. 74>|je short Micro.0053CBD9
0053CBCA |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CBCD |. BA>|mov edx,Micro.0053CD14
0053CBD2 |. E8>|call Micro.004B445C
0053CBD7 |. 75>|jnz short Micro.0053CBF1
0053CBD9 |> 8D>|lea eax,dword ptr ss:[ebp-8]
0053CBDC |. 8B>|mov edx,dword ptr ss:[ebp-4]
0053CBDF |. E8>|call Micro.004B4318
0053CBE4 |. 8B>|mov eax,dword ptr ss:[ebp-8]
0053CBE7 |. E8>|call Micro.004B4310
0053CBEC |. 83>|cmp eax,6
0053CBEF |. 74>|je short Micro.0053CBF9
0053CBF1 |> 46 |inc esi
0053CBF2 |. 4B |dec ebx
0053CBF3 |.^ 0F>\jnz Micro.0053CB22
0053CBF9 |> 83>cmp dword ptr ss:[ebp-8],0 ; 得到反过来的机器码中的1-9的数字
0053CBFD |. 74>je short Micro.0053CC0C
0053CBFF |. 8B>mov eax,dword ptr ss:[ebp-8]
0053CC02 |. E8>call Micro.004B88B0 ; 将反过来的数字转化为16进制数据00035474
0053CC07 |. 89>mov dword ptr ss:[ebp-C],eax ; 储存
0053CC0A |. EB>jmp short Micro.0053CC13
0053CC0C |> C7>mov dword ptr ss:[ebp-C],0A9BD8
0053CC13 |> 8D>lea eax,dword ptr ss:[ebp-4]
0053CC16 |. E8>call Micro.004B4050
0053CC1B |. 8B>mov eax,dword ptr ss:[ebp-8]
0053CC1E |. E8>call Micro.004B4310
0053CC23 |. 8B>mov ebx,eax
0053CC25 |. 4B dec ebx
0053CC26 |. 85>test ebx,ebx
0053CC28 |. 7C>jl short Micro.0053CC59
0053CC2A |. 43 inc ebx
0053CC2B |. 33>xor esi,esi
0053CC2D |> 8D>/lea eax,dword ptr ss:[ebp-1C]
0053CC30 |. 50 |push eax
0053CC31 |. 8B>|mov eax,dword ptr ss:[ebp-8]
0053CC34 |. E8>|call Micro.004B4310
0053CC39 |. 8B>|mov edx,eax
0053CC3B |. 2B>|sub edx,esi
0053CC3D |. B9>|mov ecx,1
0053CC42 |. 8B>|mov eax,dword ptr ss:[ebp-8]
0053CC45 |. E8>|call Micro.004B4570
0053CC4A |. 8B>|mov edx,dword ptr ss:[ebp-1C]
0053CC4D |. 8D>|lea eax,dword ptr ss:[ebp-4]
0053CC50 |. E8>|call Micro.004B4318
0053CC55 |. 46 |inc esi
0053CC56 |. 4B |dec ebx
0053CC57 |.^ 75>\jnz short Micro.0053CC2D ; 这个循环又是将反过来的机器码中的1-9数字再次反过来
0053CC59 |> 8B>mov eax,dword ptr ss:[ebp-4] ; 得到正过来的机器码中的1-9的数字
0053CC5C |. E8>call Micro.004B88B0 ; 将正过来的机器码中的1-9的数字转化为16进制000C8E1C
0053CC61 |. 6B>imul esi,edi,79 ; 将正过来的机器码中的1-9的数字转化为16进制乘以79
0053CC64 |. 6B>imul edx,dword ptr ss:[ebp-C],0B ; 将反过来机器码中1-9的数字转化为16进制的数据乘以0B
0053CC68 |. 03>add esi,edx ; 把两次相乘的结果相加
0053CC6A |. 03>add esi,dword ptr ss:[ebp-10] ; 结果再加上反过来机器码中1-9的数字转化为16进制的数据
0053CC6D |. 03>add esi,eax ; 结果再加上正过来的机器码中的1-9的数字转化为16进制 这个就是注册码之一
0053CC6F |. 8B>mov ebx,esi
0053CC71 |. 33>xor eax,eax
0053CC73 |. 5A pop edx
………………………………………………………………………………………………………………………………………………………………
进入0053D5C0 . E8>call Micro.0053CD18 ; 这里就是计算第2个注册码的地方
………………………………………………………………………………………………………………………………………………………………
0053CD32 |. 64>mov dword ptr fs:[eax],esp
0053CD35 |. 8D>lea eax,dword ptr ss:[ebp-C]
0053CD38 |. 8B>mov edx,dword ptr ds:[ebx] ; 取出机器码
0053CD3A |. E8>call Micro.004B40E8
0053CD3F |. 8D>lea eax,dword ptr ss:[ebp-8]
0053CD42 |. E8>call Micro.004B4050
0053CD47 |. 8B>mov eax,dword ptr ss:[ebp-C]
0053CD4A |. E8>call Micro.004B4310 ; 得到机器码的位数
0053CD4F |. 8B>mov ebx,eax
0053CD51 |. 85>test ebx,ebx
0053CD53 |. 0F>jle Micro.0053CE2B
0053CD59 |. BE>mov esi,1
0053CD5E |> 8D>/lea eax,dword ptr ss:[ebp-4]
0053CD61 |. 50 |push eax
0053CD62 |. B9>|mov ecx,1
0053CD67 |. 8B>|mov edx,esi
0053CD69 |. 8B>|mov eax,dword ptr ss:[ebp-C] ; 取出机器码
0053CD6C |. E8>|call Micro.004B4570 ; 依次得到每一位的机器码
0053CD71 |. 8B>|mov eax,dword ptr ss:[ebp-4] ; 取出此次机器码的ASCII的地址
0053CD74 |. BA>|mov edx,Micro.0053D03C ; 固定值31
0053CD79 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是31
0053CD7E |. 0F>|je Micro.0053CE0B
0053CD84 |. 8B>|mov eax,dword ptr ss:[ebp-4] ; 取出此次机器码的ASCII的地址
0053CD87 |. BA>|mov edx,Micro.0053D048 ; 固定值32
0053CD8C |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是32
0053CD91 |. 74>|je short Micro.0053CE0B
0053CD93 |. 8B>|mov eax,dword ptr ss:[ebp-4] ; 取出此次机器码的ASCII的地址
0053CD96 |. BA>|mov edx,Micro.0053D054 ; 固定值33
0053CD9B |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是33
0053CDA0 |. 74>|je short Micro.0053CE0B
0053CDA2 |. 8B>|mov eax,dword ptr ss:[ebp-4] ; 取出此次机器码的ASCII的地址
0053CDA5 |. BA>|mov edx,Micro.0053D060 ; 固定值34
0053CDAA |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是34
0053CDAF |. 74>|je short Micro.0053CE0B
0053CDB1 |. 8B>|mov eax,dword ptr ss:[ebp-4] ; 取出此次机器码的ASCII的地址
0053CDB4 |. BA>|mov edx,Micro.0053D060 ; 固定值34
0053CDB9 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是34
0053CDBE |. 74>|je short Micro.0053CE0B
0053CDC0 |. 8B>|mov eax,dword ptr ss:[ebp-4] ; 取出此次机器码的ASCII的地址
0053CDC3 |. BA>|mov edx,Micro.0053D06C ; 固定值35
0053CDC8 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是35
0053CDCD |. 74>|je short Micro.0053CE0B
0053CDCF |. 8B>|mov eax,dword ptr ss:[ebp-4] ; 取出此次机器码的ASCII的地址
0053CDD2 |. BA>|mov edx,Micro.0053D078 ; 固定值36
0053CDD7 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是36
0053CDDC |. 74>|je short Micro.0053CE0B
0053CDDE |. 8B>|mov eax,dword ptr ss:[ebp-4] ; 取出此次机器码的ASCII的地址
0053CDE1 |. BA>|mov edx,Micro.0053D084 ; 固定值37
0053CDE6 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是37
0053CDEB |. 74>|je short Micro.0053CE0B
0053CDED |. 8B>|mov eax,dword ptr ss:[ebp-4] ; 取出此次机器码的ASCII的地址
0053CDF0 |. BA>|mov edx,Micro.0053D090 ; 固定值38
0053CDF5 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是38
0053CDFA |. 74>|je short Micro.0053CE0B
0053CDFC |. 8B>|mov eax,dword ptr ss:[ebp-4] ; 取出此次机器码的ASCII的地址
0053CDFF |. BA>|mov edx,Micro.0053D09C ; 固定值39
0053CE04 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是39
0053CE09 |. 75>|jnz short Micro.0053CE23
0053CE0B |> 8D>|lea eax,dword ptr ss:[ebp-8]
0053CE0E |. 8B>|mov edx,dword ptr ss:[ebp-4]
0053CE11 |. E8>|call Micro.004B4318 ; 把机器码中符合1-9数字的机器码组合在一起
0053CE16 |. 8B>|mov eax,dword ptr ss:[ebp-8]
0053CE19 |. E8>|call Micro.004B4310 ; 计数器 机器码有中符合了1-9的数字EAX自动加1
0053CE1E |. 83>|cmp eax,6 ; 只取6位就够了!
0053CE21 |. 74>|je short Micro.0053CE2B
0053CE23 |> 46 |inc esi
0053CE24 |. 4B |dec ebx
0053CE25 |.^ 0F>\jnz Micro.0053CD5E
0053CE2B |> 83>cmp dword ptr ss:[ebp-8],0 ; 检查机器码中是否存在1-9的数字
0053CE2F |. 74>je short Micro.0053CE39
0053CE31 |. 8B>mov eax,dword ptr ss:[ebp-8] ; 取出刚收集的机器码中的1-9的数字
0053CE34 |. E8>call Micro.004B88B0 ; 将机器码中的1-9的数字转化为16进制数字
0053CE39 |> 8D>lea eax,dword ptr ss:[ebp-4]
0053CE3C |. E8>call Micro.004B4050
0053CE41 |. 8B>mov eax,dword ptr ss:[ebp-8] ; 取出刚收集的机器码中的1-9的数字
0053CE44 |. E8>call Micro.004B4310 ; 得到它的位数
0053CE49 |. 8B>mov ebx,eax
0053CE4B |. 4B dec ebx
0053CE4C |. 85>test ebx,ebx
0053CE4E |. 7C>jl short Micro.0053CE7F
0053CE50 |. 43 inc ebx
0053CE51 |. 33>xor esi,esi
0053CE53 |> 8D>/lea eax,dword ptr ss:[ebp-10]
0053CE56 |. 50 |push eax
0053CE57 |. 8B>|mov eax,dword ptr ss:[ebp-8] ; 取出刚收集的机器码中的1-9的数字
0053CE5A |. E8>|call Micro.004B4310 ; 得到位数
0053CE5F |. 8B>|mov edx,eax
0053CE61 |. 2B>|sub edx,esi
0053CE63 |. B9>|mov ecx,1
0053CE68 |. 8B>|mov eax,dword ptr ss:[ebp-8] ; 取出刚收集的机器码中的1-9的数字
0053CE6B |. E8>|call Micro.004B4570 ; 依次从刚收集机器码中的数字的最后一位取值
0053CE70 |. 8B>|mov edx,dword ptr ss:[ebp-10] ; 取出对应的ASCII的地址
0053CE73 |. 8D>|lea eax,dword ptr ss:[ebp-4]
0053CE76 |. E8>|call Micro.004B4318 ; 一个一个组合(也就是将刚才的数据反过来储存)
0053CE7B |. 46 |inc esi
0053CE7C |. 4B |dec ebx
0053CE7D |.^ 75>\jnz short Micro.0053CE53
0053CE7F |> 8B>mov eax,dword ptr ss:[ebp-4] ; 得到上面已经反过来的结果
0053CE82 |. E8>call Micro.004B88B0 ; 将反过来的结果转化为16进制数据
0053CE87 |. 8D>lea eax,dword ptr ss:[ebp-8]
0053CE8A |. E8>call Micro.004B4050
0053CE8F |. 8B>mov eax,dword ptr ss:[ebp-C] ; 又得到全部的机器码
0053CE92 |. E8>call Micro.004B4310 ; 得到位数
0053CE97 |. 8B>mov ebx,eax
0053CE99 |. 85>test ebx,ebx
0053CE9B |. 0F>jl Micro.0053CFA0
0053CEA1 |. 43 inc ebx
0053CEA2 |. 33>xor esi,esi
0053CEA4 |> 8D>/lea eax,dword ptr ss:[ebp-4]
0053CEA7 |. 50 |push eax
0053CEA8 |. 8B>|mov eax,dword ptr ss:[ebp-C] ; 又得到全部的机器码
0053CEAB |. E8>|call Micro.004B4310 ; 得到位数
0053CEB0 |. 8B>|mov edx,eax
0053CEB2 |. 2B>|sub edx,esi
0053CEB4 |. B9>|mov ecx,1 ; 上面一段又准备从最后取值
0053CEB9 |. 8B>|mov eax,dword ptr ss:[ebp-C] ; 又得到全部的机器码
0053CEBC |. E8>|call Micro.004B4570 ; 取值,但从机器码的最后一位开始取
0053CEC1 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CEC4 |. BA>|mov edx,Micro.0053D03C
0053CEC9 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是31
0053CECE |. 0F>|je Micro.0053CF5B
0053CED4 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CED7 |. BA>|mov edx,Micro.0053D048
0053CEDC |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是32
0053CEE1 |. 74>|je short Micro.0053CF5B
0053CEE3 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CEE6 |. BA>|mov edx,Micro.0053D054
0053CEEB |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是33
0053CEF0 |. 74>|je short Micro.0053CF5B
0053CEF2 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CEF5 |. BA>|mov edx,Micro.0053D060
0053CEFA |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是34
0053CEFF |. 74>|je short Micro.0053CF5B
0053CF01 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CF04 |. BA>|mov edx,Micro.0053D060
0053CF09 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是34
0053CF0E |. 74>|je short Micro.0053CF5B
0053CF10 |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CF13 |. BA>|mov edx,Micro.0053D06C
0053CF18 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是35
0053CF1D |. 74>|je short Micro.0053CF5B
0053CF1F |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CF22 |. BA>|mov edx,Micro.0053D078
0053CF27 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是36
0053CF2C |. 74>|je short Micro.0053CF5B
0053CF2E |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CF31 |. BA>|mov edx,Micro.0053D084
0053CF36 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是37
0053CF3B |. 74>|je short Micro.0053CF5B
0053CF3D |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CF40 |. BA>|mov edx,Micro.0053D090
0053CF45 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是38
0053CF4A |. 74>|je short Micro.0053CF5B
0053CF4C |. 8B>|mov eax,dword ptr ss:[ebp-4]
0053CF4F |. BA>|mov edx,Micro.0053D09C
0053CF54 |. E8>|call Micro.004B445C ; 检查这一位的机器码的ASCII是否是39
0053CF59 |. 75>|jnz short Micro.0053CF98
0053CF5B |> 8B>|mov eax,dword ptr ss:[ebp-4]
0053CF5E |. E8>|call Micro.004B88B0 ; 将每一位符合1-9数字的ASCII都转化为16进制数据
0053CF63 |. B9>|mov ecx,6
0053CF68 |. 99 |cdq
0053CF69 |. F7>|idiv ecx
0053CF6B |. 8B>|mov edi,edx ; 将每一位符合1-9数字的ASCII转化为16进制并除以6取其余数作最后结果组合
0053CF6D |. 85>|test edi,edi
0053CF6F |. 75>|jnz short Micro.0053CF76
0053CF71 |. BF>|mov edi,6
0053CF76 |> 8D>|lea edx,dword ptr ss:[ebp-4]
0053CF79 |. 8B>|mov eax,edi
0053CF7B |. E8>|call Micro.004B8774 ; 再将最后的余数转化为字符
0053CF80 |. 8D>|lea eax,dword ptr ss:[ebp-8]
0053CF83 |. 8B>|mov edx,dword ptr ss:[ebp-4]
0053CF86 |. E8>|call Micro.004B4318 ; 组合在一起
0053CF8B |. 8B>|mov eax,dword ptr ss:[ebp-8]
0053CF8E |. E8>|call Micro.004B4310 ; 得到组合后的位数,用于记数
0053CF93 |. 83>|cmp eax,6 ; 只取6位
0053CF96 |. 74>|je short Micro.0053CFA0
0053CF98 |> 46 |inc esi
0053CF99 |. 4B |dec ebx
0053CF9A |.^ 0F>\jnz Micro.0053CEA4 ; 这个循环是从最后依次取每一位机器码的ASCII并每次除以6后组合起来
0053CFA0 |> 83>cmp dword ptr ss:[ebp-8],0
0053CFA4 |. 74>je short Micro.0053CFB0
0053CFA6 |. 8B>mov eax,dword ptr ss:[ebp-8] ; 得到处理后的值
0053CFA9 |. E8>call Micro.004B88B0 ; 并把它转化位16进制数据
0053CFAE |. EB>jmp short Micro.0053CFB5
0053CFB0 |> B8>mov eax,Micro.004B2006
0053CFB5 |> 8D>lea edi,dword ptr ds:[eax+1B669] ; 上面得到的16进制数据再加上1B669就是第2个注册码了
0053CFBB |. 8D>lea eax,dword ptr ss:[ebp-4]
0053CFBE |. E8>call Micro.004B4050
0053CFC3 |. 8B>mov eax,dword ptr ss:[ebp-8]
………………………………………………………………………………………………………………………………………………………………
总结:
算法比较简单,注册码只与机器码有关
注册码有两个:
其一:先将机器码中的1-9的6位数字收集在一起若为123456,则用123456乘以121再加上将上面得到数字反过来654321乘以11
再加上123456最后在加上654321。得到的结果即为注册码。
其二:将机器码从最后一位向前检索将一个一个收集符合1-9的数据并将每一位数字除以6取余数组合在一起如:123456
最后用123456加上112233即为最后的注册码。