【文章标题】: Installer2Go 4.1.3注册分析
【文章作者】: FishSeeWater
【作者邮箱】: shuijiany99@163.com
【软件名称】: Installer2Go 4.1.3
【下载地址】: 自己搜索下载
【保护方式】: 序列号
【编写语言】: Microsoft Visual C++ 6.0
【使用工具】: Windows2003+MasmPlus1.1+OllyICE1.10
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
【软件介绍】: Setup2Go 是一个很不错的安装程序制作工具,易于使用且交互性强,它不需要使用者具备多少编程知识和编程经验就可在极短的时间内轻松完成制作,该软件还支持当前所有的 32 位 Windows 操作系统的程序,包括 Windows 95、98、ME、NT4、2000、XP 等。软件还自带工程向导帮助你快速生成安装项目,像建立快捷方式、写入注册表、文件类型关联、定制对话框及屏幕样式、使用外部工具、修改 INI 文件、添加安装密码、测试运行等等这些功能它都具备,并且你还可以利用 Setup2Go 制作出支持多国语言的安装程序,便于你向外国人出售自己的软件产品。
--------------------------------------------------------------------------------
【详细过程】:
最近公司写了一个通信软件,用到了ODBC数据库,为了用户使用方便,决定找一个打包工具,经过比较选择,最后瞄定:Installer2Go 4.1.3,小巧而功能齐全,Down后发现为FREE软件,不过需注册,否则打包后的程序有NAG,心下不爽,开刀!!!!!
PEID:Microsoft Visual C++ 6.0
直接用OllyICE折了她!F9运行出现提示注册的对话框,下断点:GetDlgItemText 输入用户名:qqqqqqqq,注册码:78787878,点注册没反应?
路不对,想想程序启动时一定有判断处理,下注册表断点试试,Ctrl+F2->打开API断点设置工具插件->注册表处理函数,确定。F9运行,OK断下来了,一边F9一边看堆栈窗口,终于发现了可疑这处了 ValueName = "username",
好,停住!F8进行,
代码:
00404A84 |. 51 PUSH ECX ; /pBufSize
00404A85 |. 52 PUSH EDX ; |Buffer
00404A86 |. 50 PUSH EAX ; |pValueType
00404A87 |. 50 PUSH EAX ; |Reserved
00404A88 |. 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+28] ; |
00404A8C |. BF 04010000 MOV EDI,104 ; |
00404A91 |. 68 84134F00 PUSH builder.004F1384 ; |username
00404A96 |. 50 PUSH EAX ; |hKey
00404A97 |. 897C24 2C MOV DWORD PTR SS:[ESP+2C],EDI ; |
00404A9B |. FFD6 CALL ESI ; \RegQueryValueExA
00404A9D |. 85C0 TEST EAX,EAX ;看看有没有用户名,打开注册表,手动输入一个:)
00404A9F |. 75 0A JNZ SHORT builder.00404AAB
00404AA1 |. 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
00404AA5 |. 85C0 TEST EAX,EAX
00404AA7 |. 76 02 JBE SHORT builder.00404AAB
00404AA9 |. B3 01 MOV BL,1
00404AAB |> 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18]
00404AAF |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
00404AB3 |. 8D9424 240100>LEA EDX,DWORD PTR SS:[ESP+124]
00404ABA |. 51 PUSH ECX
00404ABB |. 52 PUSH EDX
00404ABC |. 6A 00 PUSH 0
00404ABE |. 6A 00 PUSH 0
00404AC0 |. 68 90134F00 PUSH builder.004F1390 ; regcode
00404AC5 |. 50 PUSH EAX
00404AC6 |. 897C24 2C MOV DWORD PTR SS:[ESP+2C],EDI
00404ACA |. FFD6 CALL ESI ;读注册码,照搬,手动输入一个:)
00404ACC |. 85C0 TEST EAX,EAX
00404ACE |. 75 0D JNZ SHORT builder.00404ADD
00404AD0 |. 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
00404AD4 |. 85C0 TEST EAX,EAX
00404AD6 |. 76 05 JBE SHORT builder.00404ADD
00404AD8 |. C64424 13 01 MOV BYTE PTR SS:[ESP+13],1
00404ADD |> 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18]
00404AE1 |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
00404AE5 |. 8D9424 280200>LEA EDX,DWORD PTR SS:[ESP+228]
00404AEC |. 51 PUSH ECX
00404AED |. 52 PUSH EDX
00404AEE |. 6A 00 PUSH 0
00404AF0 |. 6A 00 PUSH 0
00404AF2 |. 68 98134F00 PUSH builder.004F1398 ; admin
00404AF7 |. 50 PUSH EAX
00404AF8 |. 897C24 2C MOV DWORD PTR SS:[ESP+2C],EDI
00404AFC |. FFD6 CALL ESI
00404AFE |. 85C0 TEST EAX,EAX
00404B00 |. 75 0D JNZ SHORT builder.00404B0F
00404B02 |. 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
00404B06 |. 85C0 TEST EAX,EAX
00404B08 |. 76 05 JBE SHORT builder.00404B0F
00404B0A |. C64424 12 01 MOV BYTE PTR SS:[ESP+12],1
00404B0F |> 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18]
00404B13 |. 51 PUSH ECX ; /hKey
00404B14 |. FF15 0C904D00 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe>; \RegCloseKey
00404B1A |. 84DB TEST BL,BL
00404B1C |. 0F84 16020000 JE builder.00404D38
00404B22 |. 8A4424 13 MOV AL,BYTE PTR SS:[ESP+13]
00404B26 |. 84C0 TEST AL,AL
00404B28 |. 0F84 0A020000 JE builder.00404D38
00404B2E |. 8D9424 240100>LEA EDX,DWORD PTR SS:[ESP+124]
00404B35 |. 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+20]
00404B39 |. 52 PUSH EDX ;假码压栈
00404B3A |. 50 PUSH EAX ;用户名压栈
00404B3B |. 8BCD MOV ECX,EBP
00404B3D |. E8 6EFCFFFF CALL builder.004047B0 ;F7跟进
00404B42 |. 84C0 TEST AL,AL
00404B44 |. 0F84 EE010000 JE builder.00404D38
00404B4A |. 8D7C24 20 LEA EDI,DWORD PTR SS:[ESP+20]
//++++++++++++++++++++++++++++
004047B0 /$ 56 PUSH ESI ; ADVAPI32.RegQueryValueExA
004047B1 |. 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+8]
004047B5 |. 85F6 TEST ESI,ESI
004047B7 |. 57 PUSH EDI
004047B8 |. 74 42 JE SHORT builder.004047FC
004047BA |. 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
004047BE |. 85D2 TEST EDX,EDX
004047C0 |. 74 3A JE SHORT builder.004047FC
004047C2 |. 8BFE MOV EDI,ESI
004047C4 |. 83C9 FF OR ECX,FFFFFFFF
004047C7 |. 33C0 XOR EAX,EAX
004047C9 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
004047CB |. F7D1 NOT ECX
004047CD |. 49 DEC ECX
004047CE |. 74 2C JE SHORT builder.004047FC
004047D0 |. 8BFA MOV EDI,EDX
004047D2 |. 83C9 FF OR ECX,FFFFFFFF
004047D5 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
004047D7 |. F7D1 NOT ECX
004047D9 |. 49 DEC ECX
004047DA |. 83F9 0A CMP ECX,0A ;注册码长度必须为0A->10否则飞走
004047DD |. 75 1D JNZ SHORT builder.004047FC
004047DF |. 894424 0C MOV DWORD PTR SS:[ESP+C],EAX
004047E3 |. 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+C]
004047E7 |. 52 PUSH EDX
004047E8 |. 50 PUSH EAX
004047E9 |. 68 A0134F00 PUSH builder.004F13A0 ; andrey&pasha
004047EE |. 56 PUSH ESI
004047EF |. E8 CCCE0900 CALL builder.004A16C0 ;F7跟进
004047F4 |. 83C4 10 ADD ESP,10
004047F7 |. 5F POP EDI
004047F8 |. 5E POP ESI
004047F9 |. C2 0800 RETN 8
004047FC |> 5F POP EDI
004047FD |. 32C0 XOR AL,AL
004047FF |. 5E POP ESI
00404800 \. C2 0800 RETN 8
//++++++++++++++++++++++++++++++++++++
004A16C0 /$ 53 PUSH EBX
004A16C1 |. 8B5C24 14 MOV EBX,DWORD PTR SS:[ESP+14]
004A16C5 |. 56 PUSH ESI
004A16C6 |. 57 PUSH EDI
004A16C7 |. 8BFB MOV EDI,EBX
004A16C9 |. 83C9 FF OR ECX,FFFFFFFF
004A16CC |. 33C0 XOR EAX,EAX
004A16CE |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
004A16D0 |. F7D1 NOT ECX
004A16D2 |. 49 DEC ECX
004A16D3 |. 8BF9 MOV EDI,ECX
004A16D5 |. 8D47 01 LEA EAX,DWORD PTR DS:[EDI+1]
004A16D8 |. 50 PUSH EAX
004A16D9 |. E8 0FBF0100 CALL builder.004BD5ED
004A16DE |. 8BF0 MOV ESI,EAX
004A16E0 |. 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+1C]
004A16E4 |. 83C4 04 ADD ESP,4
004A16E7 |. 85C0 TEST EAX,EAX
004A16E9 |. 74 2C JE SHORT builder.004A1717
004A16EB |. 8A4B 01 MOV CL,BYTE PTR DS:[EBX+1]
004A16EE |. 55 PUSH EBP
004A16EF |. 51 PUSH ECX
004A16F0 |. E8 9BFFFFFF CALL builder.004A1690
004A16F5 |. 8A13 MOV DL,BYTE PTR DS:[EBX]
004A16F7 |. 8BE8 MOV EBP,EAX
004A16F9 |. 52 PUSH EDX
004A16FA |. E8 91FFFFFF CALL builder.004A1690
004A16FF |. C1E0 04 SHL EAX,4
004A1702 |. 03E8 ADD EBP,EAX
004A1704 |. 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24]
004A1708 |. 81F5 FF000000 XOR EBP,0FF
004A170E |. 83C4 08 ADD ESP,8
004A1711 |. 83ED 55 SUB EBP,55
004A1714 |. 8928 MOV DWORD PTR DS:[EAX],EBP
004A1716 |. 5D POP EBP
004A1717 |> 8B00 MOV EAX,DWORD PTR DS:[EAX]
004A1719 |. 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
004A171D |. 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
004A1721 |. 57 PUSH EDI
004A1722 |. 56 PUSH ESI
004A1723 |. 50 PUSH EAX
004A1724 |. 51 PUSH ECX
004A1725 |. 52 PUSH EDX
004A1726 |. E8 35FEFFFF CALL builder.004A1560 ;这里F7进(为什么是这个?因为上面几个CALL已经进过了:),现在就发现这里有用)
004A172B |. 57 PUSH EDI
004A172C |. 53 PUSH EBX
004A172D |. 56 PUSH ESI
//++++++++++++++++++++++++++++++++++++++++++++
进入核心地带了:)
004A1560 /$ 83EC 08 SUB ESP,8
004A1563 |. 53 PUSH EBX
004A1564 |. 8B5C24 20 MOV EBX,DWORD PTR SS:[ESP+20]
004A1568 |. 55 PUSH EBP
004A1569 |. 56 PUSH ESI
004A156A |. 8D73 01 LEA ESI,DWORD PTR DS:[EBX+1]
004A156D |. 57 PUSH EDI
004A156E |. 56 PUSH ESI
004A156F |. E8 79C00100 CALL builder.004BD5ED
004A1574 |. 8BE8 MOV EBP,EAX
004A1576 |. 56 PUSH ESI
004A1577 |. 896C24 18 MOV DWORD PTR SS:[ESP+18],EBP
004A157B |. E8 6DC00100 CALL builder.004BD5ED
004A1580 |. 8BF0 MOV ESI,EAX
004A1582 |. 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24]
004A1586 |. 53 PUSH EBX
004A1587 |. 50 PUSH EAX
004A1588 |. 55 PUSH EBP
004A1589 |. 897424 28 MOV DWORD PTR SS:[ESP+28],ESI
004A158D |. 33FF XOR EDI,EDI
004A158F |. E8 0CFFFFFF CALL builder.004A14A0
004A1594 |. 8B6C24 34 MOV EBP,DWORD PTR SS:[ESP+34]
004A1598 |. 53 PUSH EBX
004A1599 |. 55 PUSH EBP
004A159A |. 56 PUSH ESI
004A159B |. E8 00FFFFFF CALL builder.004A14A0
004A15A0 |. 8B7424 44 MOV ESI,DWORD PTR SS:[ESP+44]
004A15A4 |. 81E6 FF000000 AND ESI,0FF
004A15AA |. 83C6 55 ADD ESI,55
004A15AD |. 81F6 FF000000 XOR ESI,0FF
004A15B3 |. 8BCE MOV ECX,ESI
004A15B5 |. C1E9 04 SHR ECX,4
004A15B8 |. 51 PUSH ECX
004A15B9 |. E8 52FFFFFF CALL builder.004A1510
004A15BE |. 8B5424 4C MOV EDX,DWORD PTR SS:[ESP+4C]
004A15C2 |. 83E6 0F AND ESI,0F
004A15C5 |. 56 PUSH ESI
004A15C6 |. 8802 MOV BYTE PTR DS:[EDX],AL
004A15C8 |. E8 43FFFFFF CALL builder.004A1510
004A15CD |. 8B7424 50 MOV ESI,DWORD PTR SS:[ESP+50]
004A15D1 |. 83C4 28 ADD ESP,28
004A15D4 |. 8846 01 MOV BYTE PTR DS:[ESI+1],AL
004A15D7 |. 33C0 XOR EAX,EAX
004A15D9 |. 85DB TEST EBX,EBX
004A15DB |. 7E 24 JLE SHORT builder.004A1601
004A15DD |> 8A0C28 /MOV CL,BYTE PTR DS:[EAX+EBP] ;取andrey&pasha
004A15E0 |. 8BD7 |MOV EDX,EDI
004A15E2 |. 81E1 FF000000 |AND ECX,0FF
004A15E8 |. 81E2 FF000000 |AND EDX,0FF
004A15EE |. 33CA |XOR ECX,EDX
004A15F0 |. C1EF 08 |SHR EDI,8
004A15F3 |. 8B0C8D 387D4F>|MOV ECX,DWORD PTR DS:[ECX*4+4F7D38] ;内存原始数据从何而来?(不明白:()
004A15FA |. 33F9 |XOR EDI,ECX
004A15FC |. 40 |INC EAX
004A15FD |. 3BC3 |CMP EAX,EBX ;取10个
004A15FF |.^ 7C DC \JL SHORT builder.004A15DD
004A1601 |> 83FB 02 CMP EBX,2
004A1604 |. 7E 58 JLE SHORT builder.004A165E
004A1606 |. 8B6C24 10 MOV EBP,DWORD PTR SS:[ESP+10]
004A160A |. 8D53 FE LEA EDX,DWORD PTR DS:[EBX-2]
004A160D |. 8D4E 02 LEA ECX,DWORD PTR DS:[ESI+2]
004A1610 |. 2BEE SUB EBP,ESI
004A1612 |. 895424 2C MOV DWORD PTR SS:[ESP+2C],EDX
004A1616 |> 8A0429 /MOV AL,BYTE PTR DS:[ECX+EBP] ;从用户名的第三个字符开始"shSeeWater"
004A1619 |. 8BD7 |MOV EDX,EDI
004A161B |. 25 FF000000 |AND EAX,0FF
004A1620 |. 81E2 FF000000 |AND EDX,0FF
004A1626 |. 33C2 |XOR EAX,EDX
004A1628 |. 33D2 |XOR EDX,EDX
004A162A |. C1EF 08 |SHR EDI,8
004A162D |. 8B0485 387D4F>|MOV EAX,DWORD PTR DS:[EAX*4+4F7D38] ;内存原始数据从何而来?(不明白:()
004A1634 |. BE 24000000 |MOV ESI,24
004A1639 |. 33F8 |XOR EDI,EAX
004A163B |. 8BC7 |MOV EAX,EDI
004A163D |. F7F6 |DIV ESI
004A163F |. 83FA 0A |CMP EDX,0A
004A1642 |. 73 05 |JNB SHORT builder.004A1649
004A1644 |. 80C2 30 |ADD DL,30
004A1647 |. EB 03 |JMP SHORT builder.004A164C
004A1649 |> 80C2 37 |ADD DL,37
004A164C |> 8B4424 2C |MOV EAX,DWORD PTR SS:[ESP+2C]
004A1650 |. 8811 |MOV BYTE PTR DS:[ECX],DL ;计算结果存这里了。
004A1652 |. 41 |INC ECX
004A1653 |. 48 |DEC EAX
004A1654 |. 894424 2C |MOV DWORD PTR SS:[ESP+2C],EAX
004A1658 |.^ 75 BC \JNZ SHORT builder.004A1616
004A165A |. 8B7424 28 MOV ESI,DWORD PTR SS:[ESP+28] ;在这里ESI会出现 注册码。
004A165E |> 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10]
004A1662 |. C6041E 00 MOV BYTE PTR DS:[ESI+EBX],0
004A1666 |. 51 PUSH ECX
004A1667 |. E8 34080100 CALL builder.004B1EA0
004A166C |. 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+18]
004A1670 |. 52 PUSH EDX
004A1671 |. E8 2A080100 CALL builder.004B1EA0
004A1676 |. 83C4 08 ADD ESP,8
004A1679 |. 5F POP EDI
004A167A |. 5E POP ESI
004A167B |. 5D POP EBP
004A167C |. 5B POP EBX
004A167D |. 83C4 08 ADD ESP,8
004A1680 \. C3 RETN
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
算法总结:
程序很将“andrey&pasha”与 4F7D38处的数据进行处理结果放在4F7D38,然后再将用户名从第三个字符开始与4F7D38处理得到注册码的后8位(前两位任意)。
写注册机:
工具:MasmPlus (谢谢AOGO的付出,为大家写了这么好用的一个IDE,)
由于不知道 4f7d38中的始数据是从哪来的(懒的分析了)所以定义一个byte变量从4f7d38到4f7d38+FF*4的数据全拷出来(为什么是FF*4?因为在跟踪过程中[EAX*4+4F7D38]这里的EAX从来没大于过FF):)
代码:
///////////////////////////////////////////////////////////////////////////////////
//用资源工具直接从程序中将注册对话框导出来用:)
//i2GKeyGen.rc
#include "..\..\INCLUDE\resource.h"
1000 ICON DISCARDABLE "ico100.ico"
100 DIALOG 120, 100, 320, 108
STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "Registration"
FONT 8, "MS Sans Serif"
{
CONTROL "", 1001, EDIT, ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 130, 44, 170, 14
CONTROL "", 1002, EDIT, ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 130, 65, 170, 14
CONTROL "Ordering Info", 3, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 10, 91, 80, 14
CONTROL "Register", 1, BUTTON, BS_DEFPUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 169, 91, 80, 14
CONTROL "Close", 2, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 253, 91, 56, 14
CONTROL "If you have paid the registration fee simply enter your registration information below and click Register.", 1009, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 10, 8, 298, 16
CONTROL "Registration Information", 1010, BUTTON, BS_GROUPBOX | WS_CHILD | WS_VISIBLE, 10, 29, 300, 58
CONTROL "User/Company Name", 1011, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 16, 47, 110, 10
CONTROL "Registration Number", 1012, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 16, 69, 110, 10
}
///////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////
//i2GKeyGen.asm
.386
.Model Flat, StdCall
Option Casemap :None
Include windows.inc
Include user32.inc
Include kernel32.inc
Include gdi32.inc
includelib gdi32.lib
IncludeLib user32.lib
IncludeLib kernel32.lib
include macro.asm
DlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD
.const
DLG_MAIN equ 100
.data
a1 db "andrey&pasha",0
a4 dd 8
a5 db 200 dup('FS',0)
a6 db 000h,000h,000h,000h,096h,030h,007h,077h,02Ch,061h,00Eh,0EEh,0BAh,051h,009h,099h,019h,0C4h,06Dh,007h,08Fh,0F4h,06Ah,070h,035h,0A5h,063h,0E9h,0A3h,095h,064h,09Eh
db 032h,088h,0DBh,00Eh,0A4h,0B8h,0DCh,079h,01Eh,0E9h,0D5h,0E0h,088h,0D9h,0D2h,097h,02Bh,04Ch,0B6h,009h,0BDh,07Ch,0B1h,07Eh,007h,02Dh,0B8h,0E7h,091h,01Dh,0BFh,090h
db 064h,010h,0B7h,01Dh,0F2h,020h,0B0h,06Ah,048h,071h,0B9h,0F3h,0DEh,041h,0BEh,084h,07Dh,0D4h,0DAh,01Ah,0EBh,0E4h,0DDh,06Dh,051h,0B5h,0D4h,0F4h,0C7h,085h,0D3h,083h
db 056h,098h,06Ch,013h,0C0h,0A8h,06Bh,064h,07Ah,0F9h,062h,0FDh,0ECh,0C9h,065h,08Ah,04Fh,05Ch,001h,014h,0D9h,06Ch,006h,063h,063h,03Dh,00Fh,0FAh,0F5h,00Dh,008h,08Dh
db 0C8h,020h,06Eh,03Bh,05Eh,010h,069h,04Ch,0E4h,041h,060h,0D5h,072h,071h,067h,0A2h,0D1h,0E4h,003h,03Ch,047h,0D4h,004h,04Bh,0FDh,085h,00Dh,0D2h,06Bh,0B5h,00Ah,0A5h
db 0FAh,0A8h,0B5h,035h,06Ch,098h,0B2h,042h,0D6h,0C9h,0BBh,0DBh,040h,0F9h,0BCh,0ACh,0E3h,06Ch,0D8h,032h,075h,05Ch,0DFh,045h,0CFh,00Dh,0D6h,0DCh,059h,03Dh,0D1h,0ABh
db 0ACh,030h,0D9h,026h,03Ah,000h,0DEh,051h,080h,051h,0D7h,0C8h,016h,061h,0D0h,0BFh,0B5h,0F4h,0B4h,021h,023h,0C4h,0B3h,056h,099h,095h,0BAh,0CFh,00Fh,0A5h,0BDh,0B8h
db 09Eh,0B8h,002h,028h,008h,088h,005h,05Fh,0B2h,0D9h,00Ch,0C6h,024h,0E9h,00Bh,0B1h,087h,07Ch,06Fh,02Fh,011h,04Ch,068h,058h,0ABh,01Dh,061h,0C1h,03Dh,02Dh,066h,0B6h
db 090h,041h,0DCh,076h,006h,071h,0DBh,001h,0BCh,020h,0D2h,098h,02Ah,010h,0D5h,0EFh,089h,085h,0B1h,071h,01Fh,0B5h,0B6h,006h,0A5h,0E4h,0BFh,09Fh,033h,0D4h,0B8h,0E8h
db 0A2h,0C9h,007h,078h,034h,0F9h,000h,00Fh,08Eh,0A8h,009h,096h,018h,098h,00Eh,0E1h,0BBh,00Dh,06Ah,07Fh,02Dh,03Dh,06Dh,008h,097h,06Ch,064h,091h,001h,05Ch,063h,0E6h
db 0F4h,051h,06Bh,06Bh,062h,061h,06Ch,01Ch,0D8h,030h,065h,085h,04Eh,000h,062h,0F2h,0EDh,095h,006h,06Ch,07Bh,0A5h,001h,01Bh,0C1h,0F4h,008h,082h,057h,0C4h,00Fh,0F5h
db 0C6h,0D9h,0B0h,065h,050h,0E9h,0B7h,012h,0EAh,0B8h,0BEh,08Bh,07Ch,088h,0B9h,0FCh,0DFh,01Dh,0DDh,062h,049h,02Dh,0DAh,015h,0F3h,07Ch,0D3h,08Ch,065h,04Ch,0D4h,0FBh
db 058h,061h,0B2h,04Dh,0CEh,051h,0B5h,03Ah,074h,000h,0BCh,0A3h,0E2h,030h,0BBh,0D4h,041h,0A5h,0DFh,04Ah,0D7h,095h,0D8h,03Dh,06Dh,0C4h,0D1h,0A4h,0FBh,0F4h,0D6h,0D3h
db 06Ah,0E9h,069h,043h,0FCh,0D9h,06Eh,034h,046h,088h,067h,0ADh,0D0h,0B8h,060h,0DAh,073h,02Dh,004h,044h,0E5h,01Dh,003h,033h,05Fh,04Ch,00Ah,0AAh,0C9h,07Ch,00Dh,0DDh
db 03Ch,071h,005h,050h,0AAh,041h,002h,027h,010h,010h,00Bh,0BEh,086h,020h,00Ch,0C9h,025h,0B5h,068h,057h,0B3h,085h,06Fh,020h,009h,0D4h,066h,0B9h,09Fh,0E4h,061h,0CEh
db 00Eh,0F9h,0DEh,05Eh,098h,0C9h,0D9h,029h,022h,098h,0D0h,0B0h,0B4h,0A8h,0D7h,0C7h,017h,03Dh,0B3h,059h,081h,00Dh,0B4h,02Eh,03Bh,05Ch,0BDh,0B7h,0ADh,06Ch,0BAh,0C0h
db 020h,083h,0B8h,0EDh,0B6h,0B3h,0BFh,09Ah,00Ch,0E2h,0B6h,003h,09Ah,0D2h,0B1h,074h,039h,047h,0D5h,0EAh,0AFh,077h,0D2h,09Dh,015h,026h,0DBh,004h,083h,016h,0DCh,073h
db 012h,00Bh,063h,0E3h,084h,03Bh,064h,094h,03Eh,06Ah,06Dh,00Dh,0A8h,05Ah,06Ah,07Ah,00Bh,0CFh,00Eh,0E4h,09Dh,0FFh,009h,093h,027h,0AEh,000h,00Ah,0B1h,09Eh,007h,07Dh
db 044h,093h,00Fh,0F0h,0D2h,0A3h,008h,087h,068h,0F2h,001h,01Eh,0FEh,0C2h,006h,069h,05Dh,057h,062h,0F7h,0CBh,067h,065h,080h,071h,036h,06Ch,019h,0E7h,006h,06Bh,06Eh
db 076h,01Bh,0D4h,0FEh,0E0h,02Bh,0D3h,089h,05Ah,07Ah,0DAh,010h,0CCh,04Ah,0DDh,067h,06Fh,0DFh,0B9h,0F9h,0F9h,0EFh,0BEh,08Eh,043h,0BEh,0B7h,017h,0D5h,08Eh,0B0h,060h
db 0E8h,0A3h,0D6h,0D6h,07Eh,093h,0D1h,0A1h,0C4h,0C2h,0D8h,038h,052h,0F2h,0DFh,04Fh,0F1h,067h,0BBh,0D1h,067h,057h,0BCh,0A6h,0DDh,006h,0B5h,03Fh,04Bh,036h,0B2h,048h
db 0DAh,02Bh,00Dh,0D8h,04Ch,01Bh,00Ah,0AFh,0F6h,04Ah,003h,036h,060h,07Ah,004h,041h,0C3h,0EFh,060h,0DFh,055h,0DFh,067h,0A8h,0EFh,08Eh,06Eh,031h,079h,0BEh,069h,046h
db 08Ch,0B3h,061h,0CBh,01Ah,083h,066h,0BCh,0A0h,0D2h,06Fh,025h,036h,0E2h,068h,052h,095h,077h,00Ch,0CCh,003h,047h,00Bh,0BBh,0B9h,016h,002h,022h,02Fh,026h,005h,055h
db 0BEh,03Bh,0BAh,0C5h,028h,00Bh,0BDh,0B2h,092h,05Ah,0B4h,02Bh,004h,06Ah,0B3h,05Ch,0A7h,0FFh,0D7h,0C2h,031h,0CFh,0D0h,0B5h,08Bh,09Eh,0D9h,02Ch,01Dh,0AEh,0DEh,05Bh
db 0B0h,0C2h,064h,09Bh,026h,0F2h,063h,0ECh,09Ch,0A3h,06Ah,075h,00Ah,093h,06Dh,002h,0A9h,006h,009h,09Ch,03Fh,036h,00Eh,0EBh,085h,067h,007h,072h,013h,057h,000h,005h
db 082h,04Ah,0BFh,095h,014h,07Ah,0B8h,0E2h,0AEh,02Bh,0B1h,07Bh,038h,01Bh,0B6h,00Ch,09Bh,08Eh,0D2h,092h,00Dh,0BEh,0D5h,0E5h,0B7h,0EFh,0DCh,07Ch,021h,0DFh,0DBh,00Bh
db 0D4h,0D2h,0D3h,086h,042h,0E2h,0D4h,0F1h,0F8h,0B3h,0DDh,068h,06Eh,083h,0DAh,01Fh,0CDh,016h,0BEh,081h,05Bh,026h,0B9h,0F6h,0E1h,077h,0B0h,06Fh,077h,047h,0B7h,018h
db 0E6h,05Ah,008h,088h,070h,06Ah,00Fh,0FFh,0CAh,03Bh,006h,066h,05Ch,00Bh,001h,011h,0FFh,09Eh,065h,08Fh,069h,0AEh,062h,0F8h,0D3h,0FFh,06Bh,061h,045h,0CFh,06Ch,016h
db 078h,0E2h,00Ah,0A0h,0EEh,0D2h,00Dh,0D7h,054h,083h,004h,04Eh,0C2h,0B3h,003h,039h,061h,026h,067h,0A7h,0F7h,016h,060h,0D0h,04Dh,047h,069h,049h,0DBh,077h,06Eh,03Eh
db 04Ah,06Ah,0D1h,0AEh,0DCh,05Ah,0D6h,0D9h,066h,00Bh,0DFh,040h,0F0h,03Bh,0D8h,037h,053h,0AEh,0BCh,0A9h,0C5h,09Eh,0BBh,0DEh,07Fh,0CFh,0B2h,047h,0E9h,0FFh,0B5h,030h
db 01Ch,0F2h,0BDh,0BDh,08Ah,0C2h,0BAh,0CAh,030h,093h,0B3h,053h,0A6h,0A3h,0B4h,024h
hInput1 db 200 dup(?)
.data?
hInstance dd ?
.CODE
START:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,DLG_MAIN,0,offset DlgProc,0
invoke ExitProcess,0
DlgProc proc hWnd,uMsg,wParam,lParam
.if uMsg==WM_INITDIALOG
invoke LoadIcon,hInstance,100
invoke SendMessage,hWnd,WM_SETICON,ICON_SMALL,eax
.elseif uMsg==WM_COMMAND
mov eax,wParam
and eax,0ffffh
.if eax==IDOK
xor eax,eax
mov ebx,0Ah
xor edi,edi
;int 3
n1:
MOV CL,[a1+eax]
MOV EDX,EDI
AND ECX,0FFh
AND EDX,0FFh
XOR ECX,EDX
SHR EDI,8
MOV ECX,DWORD ptr [a6+ecx*4]
XOR EDI,ECX
INC EAX
CMP EAX,EBX
JL n1
invoke GetDlgItemTextA,hWnd,1001,addr hInput1,sizeof hInput1
xor eax,eax
mov ecx,2
mov [a4],WORD ptr 8
n2:
MOV AL,BYTE PTR DS:[hInput1+ecx]
MOV EDX,EDI
AND EAX,0FFh
AND EDX,0FFh
XOR EAX,EDX
XOR EDX,EDX
SHR EDI,8
MOV EAX,DWORD PTR [a6+eax*4]
MOV ESI,024h
XOR EDI,EAX
MOV EAX,EDI
DIV ESI
CMP EDX,0Ah
JNB n3
ADD DL,030h
JMP n4
n3:
ADD DL,037h
n4:
MOV EAX,DWORD PTR a4
MOV BYTE PTR [a5+2+ecx-2],DL
INC ECX
DEC EAX
MOV DWORD PTR a4,EAX
JNZ n2
invoke SetDlgItemText,hWnd,1002,addr a5
.elseif eax==IDCANCEL
invoke SendMessage,hWnd,WM_CLOSE,0,0
.endif
.elseif uMsg==WM_CLOSE
invoke EndDialog,hWnd,wParam
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
DlgProc endp
END START
--------------------------------------------------------------------------------
【经验总结】
用汇编语言写注册机真是有得天独厚的优势,算法看不懂可以直接从OllyICE中复制:)
汇编刚学,程序算法也比较简单,好多地方大家别见笑:)
--------------------------------------------------------------------------------
【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
2006年07月04日 15:22:16