【文章标题】: 虚拟光驱10专业版的算法分析
【文章作者】: hdhgzf
【软件名称】: 虚拟光驱10专业版
【下载地址】: 自己搜索下载
【加壳方式】: 无
【保护方式】: 序列号
【编写语言】: vc
【使用工具】: OllyICE,Uedit32,peid
【操作平台】: winxpsp2
【软件介绍】: 虚拟光碟专业版是一套完整集成虚拟光碟,CD/DVD刻录和虚拟快碟
的软件.
主要功能包括:
- 光碟机模拟,并且可以支援各种保护类游戏
- 定制刻录各种格式的光碟片
- 复制光碟
- 镜像刻录
- 将物理内存虚拟为硬碟,提升应用程式执行效率
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
用peid查WebReg(注册程序)的入口点为4f87,用 Uedit32将WebReg 4f87处的55改为cc,保存。
启动虚拟光驱,点击“请点击此处输入序列号。”进入调试程序如下:
00404F87 > CC int3 汇编为 push ebp,F9运行
00404F88 8BEC mov ebp, esp
00404F8A 6A FF push -1
00404F8C 68 682D4200 push 00422D68
00404F91 68 34944000 push 00409434
00404F96 64:A1 00000000 mov eax, fs:[0]
00404F9C 50 push eax
00404F9D 64:8925 0000000>mov fs:[0], esp
00404FA4 83EC 58 sub esp, 58
00404FA7 53 push ebx
00404FA8 56 push esi
00404FA9 57 push edi
00404FAA 8965 E8 mov [ebp-18], esp
00404FAD FF15 B8124200 call [<&KERNEL32.GetVersion>] ; kernel32.GetVersion
00404FB3 33D2 xor edx, edx
00404FB5 8AD4 mov dl, ah
出现输入序列号对话框,填入序列号,格式为:BSP10*0**0********** 为字符串s
0040EE6E |. 85C0 test eax, eax
0040EE70 |. 75 33 jnz short 0040EEA5
0040EE72 |> 8BB424 1C0100>mov esi, [esp+11C]
0040EE79 |. 57 push edi
0040EE7A |. 8D4424 14 lea eax, [esp+14]
0040EE7E |. 56 push esi
0040EE7F |. 50 push eax
0040EE80 |. E8 FBFBFFFF call 0040EA80 在此处设断,进入。程序运行到这里时
0040EE85 |. 83C4 0C add esp, 0C 已对序列号进行了位置重排,为字符串ss
0040EE88 |. 85C0 test eax, eax
0040EE8A |. 75 19 jnz short 0040EEA5
0040EE8C |. 83FF 03 cmp edi, 3
0040EE8F |. 75 12 jnz short 0040EEA3
0040EE91 |. 8D4C24 10 lea ecx, [esp+10]
0040EE95 |. 56 push esi
0040EE96 |. 51 push ecx
0040EE97 |. E8 D4FEFFFF call 0040ED70 在此处设断,进入
0040EE9C |. 83C4 08 add esp, 8
0040EE9F |. 85C0 test eax, eax
0040EEA1 |. 75 02 jnz short 0040EEA5
0040EEA3 |> 33C0 xor eax, eax
0040EEA5 |> 5F pop edi
0040EEA6 |. 5E pop esi
0040EEA7 |. 5D pop ebp
0040EEA8 |. 5B pop ebx
进入call 0040EA80
0040EA80 /$ 8B4424 0C mov eax, [esp+C]
0040EA84 |. 8B4C24 08 mov ecx, [esp+8]
0040EA88 |. 56 push esi
0040EA89 |. 8B7424 08 mov esi, [esp+8]
0040EA8D |. 50 push eax
0040EA8E |. 51 push ecx
0040EA8F |. 56 push esi
0040EA90 |. E8 7BFEFFFF call 0040E910
0040EA95 |. 83C4 0C add esp, 0C
0040EA98 |. 85C0 test eax, eax
0040EA9A |. 7D 07 jge short 0040EAA3
0040EA9C |. B8 08000000 mov eax, 8
0040EAA1 |. 5E pop esi
进入call 0040E910
0040E90F 90 nop
0040E910 /$ 81EC 00010000 sub esp, 100
0040E916 |. A0 30014300 mov al, [430130]
0040E91B |. 53 push ebx
0040E91C |. 55 push ebp
0040E91D |. 56 push esi
0040E91E |. 57 push edi
0040E91F |. 884424 10 mov [esp+10], al
0040E923 |. B9 3F000000 mov ecx, 3F
0040E928 |. 33C0 xor eax, eax
0040E92A |. 8D7C24 11 lea edi, [esp+11]
0040E92E |. 8B9C24 140100>mov ebx, [esp+114]
0040E935 |. F3:AB rep stos dword ptr es:[edi]
0040E937 |. 66:AB stos word ptr es:[edi]
0040E939 |. AA stos byte ptr es:[edi]
0040E93A |. 8BFB mov edi, ebx
0040E93C |. 83C9 FF or ecx, FFFFFFFF
0040E93F |. 33C0 xor eax, eax
0040E941 |. BD 02000000 mov ebp, 2
0040E946 |. F2:AE repne scas byte ptr es:[edi]
0040E948 |. F7D1 not ecx
0040E94A |. 49 dec ecx
0040E94B |. 83F9 0F cmp ecx, 0F 判断序列号是否大于15位,是则跳转到0040E95E。
0040E94E |. 7D 0E jge short 0040E95E
0040E950 |. 5F pop edi
0040E951 |. 5E pop esi
0040E952 |. 5D pop ebp
0040E953 |. 83C8 FF or eax, FFFFFFFF
0040E956 |. 5B pop ebx
0040E957 |. 81C4 00010000 add esp, 100
0040E95D |. C3 retn
0040E95E |> 8BFB mov edi, ebx
0040E960 |. 83C9 FF or ecx, FFFFFFFF
0040E963 |. 33C0 xor eax, eax
0040E965 |. 8D5424 10 lea edx, [esp+10]
0040E969 |. F2:AE repne scas byte ptr es:[edi]
0040E96B |. F7D1 not ecx
0040E96D |. 2BF9 sub edi, ecx
0040E96F |. 8BC1 mov eax, ecx
0040E971 |. 8BF7 mov esi, edi
0040E973 |. 8BFA mov edi, edx
0040E975 |. BA 0F000000 mov edx, 0F
0040E97A |. C1E9 02 shr ecx, 2
0040E97D |. F3:A5 rep movs dword ptr es:[edi], dword p>
0040E97F |. 8BC8 mov ecx, eax
0040E981 |. 8B8424 1C0100>mov eax, [esp+11C]
0040E988 |. 83E1 03 and ecx, 3
0040E98B |. 83F8 03 cmp eax, 3
0040E98E |. F3:A4 rep movs byte ptr es:[edi], byte ptr>
0040E990 |. 75 0A jnz short 0040E99C
0040E992 |. BA 14000000 mov edx, 14
0040E997 |. BD 07000000 mov ebp, 7
0040E99C |> 8D7C14 10 lea edi, [esp+edx+10]
0040E9A0 |. 33C9 xor ecx, ecx
0040E9A2 |. 85D2 test edx, edx
0040E9A4 |. C607 00 mov byte ptr [edi], 0
0040E9A7 |. 7E 17 jle short 0040E9C0
0040E9A9 |> 8A440C 10 /mov al, [esp+ecx+10]
0040E9AD |. 3C 61 |cmp al, 61
0040E9AF |. 7C 0A |jl short 0040E9BB
0040E9B1 |. 3C 7A |cmp al, 7A
0040E9B3 |. 7F 06 |jg short 0040E9BB
0040E9B5 |. 2C 20 |sub al, 20
0040E9B7 |. 88440C 10 |mov [esp+ecx+10], al
0040E9BB |> 41 |inc ecx
0040E9BC |. 3BCA |cmp ecx, edx
0040E9BE |.^ 7C E9 \jl short 0040E9A9
0040E9C0 |> B8 07000000 mov eax, 7
0040E9C5 |. 3BD0 cmp edx, eax
0040E9C7 |. 7E 25 jle short 0040E9EE
0040E9C9 |> 8A0C18 /mov cl, [eax+ebx]
0040E9CC |. 80F9 39 |cmp cl, 39
0040E9CF |. 0F8F 8D000000 |jg 0040EA62
0040E9D5 |. 80F9 30 |cmp cl, 30
0040E9D8 |. 0F8C 84000000 |jl 0040EA62
0040E9DE |. 8A4C04 10 |mov cl, [esp+eax+10]
0040E9E2 |. 80C1 D0 |add cl, 0D0
0040E9E5 |. 884C04 10 |mov [esp+eax+10], cl
0040E9E9 |. 40 |inc eax
0040E9EA |. 3BC2 |cmp eax, edx
0040E9EC |.^ 7C DB \jl short 0040E9C9
0040E9EE |> 33F6 xor esi, esi
0040E9F0 |. 33C0 xor eax, eax
0040E9F2 |. 85D2 test edx, edx
0040E9F4 |. 7E 18 jle short 0040EA0E
0040E9F6 |> 83F8 07 /cmp eax, 7
0040E9F9 |. 7C 07 |jl short 0040EA02
0040E9FB |. 8D4D 06 |lea ecx, [ebp+6]
0040E9FE |. 3BC1 |cmp eax, ecx
0040EA00 |. 7E 07 |jle short 0040EA09
0040EA02 |> 0FBE4C04 10 |movsx ecx, byte ptr [esp+eax+10]
0040EA07 |. 03F1 |add esi, ecx 将字符串ss的前7位asc码值的和与后6位数字的和的总和赋予ESI=f
0040EA09 |> 40 |inc eax
0040EA0A |. 3BC2 |cmp eax, edx
0040EA0C |.^ 7C E8 \jl short 0040E9F6
0040EA0E |> 8B8C24 180100>mov ecx, [esp+118]
0040EA15 |. 0FBE57 FD movsx edx, byte ptr [edi-3]
0040EA19 |. C1E1 04 shl ecx, 4
0040EA1C |. 8B81 24F94200 mov eax, [ecx+42F924]=47
0040EA22 |. 8B99 20F94200 mov ebx, [ecx+42F920]=13
0040EA28 |. 0FAFC2 imul eax, edx a = a * c(8)
0040EA2B |. 0FBE57 FE movsx edx, byte ptr [edi-2]
0040EA2F |. 0FAFDA imul ebx, edx h = h * c(9)
0040EA32 |. 0FBE57 FF movsx edx, byte ptr [edi-1]
0040EA36 |. 8BB9 1CF94200 mov edi, [ecx+42F91C]=25
0040EA3C |. 03C3 add eax, ebx a = a + h
0040EA3E |. 0FAFFA imul edi, edx e = e * c(10)
0040EA41 |. 8B91 28F94200 mov edx, [ecx+42F928]=35
0040EA47 |. 03C7 add eax, edi a = a + e
0040EA49 |. 03C2 add eax, edx a = a + 53
0040EA4B |. B9 63000000 mov ecx, 63
0040EA50 |. 03C6 add eax, esi a = a + f
0040EA52 |. 5F pop edi
0040EA53 |. 99 cdq
0040EA54 |. F7F9 idiv ecx a = a Mod 99
0040EA56 |. 5E pop esi
0040EA57 |. 5D pop ebp
0040EA58 |. 5B pop ebx
0040EA59 |. 8BC2 mov eax, edx a = a Mod 99
f = P + c(5) + c(6) + c(7) + c(8) + c(9) + c(10)
0040EA5B |. 81C4 00010000 add esp, 100
运算结束后返回
0040EA90 |. E8 7BFEFFFF call 0040E910
0040EA95 |. 83C4 0C add esp, 0C
0040EA98 |. 85C0 test eax, eax 大于0则继续跳转到0040EAA3进行下一步的运算
0040EA9A |. 7D 07 jge short 0040EAA3
0040EA9C |. B8 08000000 mov eax, 8
0040EAA1 |. 5E pop esi
跳转到0040EAA3
0040EAA3 |> \0FBE4E 07 movsx ecx, byte ptr [esi+7] i(1) = Int(Rnd * 10)
0040EAA7 |. 8D1489 lea edx, [ecx+ecx*4] g = 5 * (i(1) + 48)
0040EAAA |. 0FBE4E 08 movsx ecx, byte ptr [esi+8] i(2) = Int(Rnd * 10)
0040EAAE |. 5E pop esi
0040EAAF |. 8D9451 F0FDFF>lea edx, [ecx+edx*2-210] g = i(2) + 48 + 2 * g - 528
0040EAB6 |. 2BC2 sub eax, edx
0040EAB8 |. F7D8 neg eax a=g则进行第二部分的运算,否则出错。
0040EABA |. 1BC0 sbb eax, eax
0040EABC |. 83E0 08 and eax, 8
0040EABF \. C3 retn
返回到 0040EE85 第一部分的运算完成。
0040EE7A |. 8D4424 14 lea eax, [esp+14]
0040EE7E |. 56 push esi
0040EE7F |. 50 push eax
0040EE80 |. E8 FBFBFFFF call 0040EA80
0040EE85 |. 83C4 0C add esp, 0C
0040EE88 |. 85C0 test eax, eax a=g 可使eax=0,否则跳转,出错。
0040EE8A |. 75 19 jnz short 0040EEA5
0040EE8C |. 83FF 03 cmp edi, 3
0040EE8F |. 75 12 jnz short 0040EEA3
0040EE91 |. 8D4C24 10 lea ecx, [esp+10]
0040EE95 |. 56 push esi
0040EE96 |. 51 push ecx
0040EE97 |. E8 D4FEFFFF call 0040ED70 在此处进入。进行第二部分的运算。
0040EE9C |. 83C4 08 add esp, 8
0040EE9F |. 85C0 test eax, eax
0040EEA1 |. 75 02 jnz short 0040EEA5
0040EEA3 |> 33C0 xor eax, eax
0040EEA5 |> 5F pop edi
进入 0040ED70
0040ED70 /$ 8B4424 08 mov eax, [esp+8]
0040ED74 |. 56 push esi
0040ED75 |. 8B7424 08 mov esi, [esp+8]
0040ED79 |. 6A 03 push 3
0040ED7B |. 50 push eax
0040ED7C |. 56 push esi
0040ED7D |. E8 3EFEFFFF call 0040EBC0 在此处进入。
0040ED82 |. 8BC8 mov ecx, eax
0040ED84 |. 83C4 0C add esp, 0C
0040ED87 |. 85C9 test ecx, ecx
0040ED89 |. 7D 07 jge short 0040ED92
0040ED8B |. B8 0C000000 mov eax, 0C
0040ED90 |. 5E pop esi
进入 0040EBC0
0040EBC0 /$ 81EC 30010000 sub esp, 130
0040EBC6 |. A0 30014300 mov al, [430130]
0040EBCB |. 53 push ebx
0040EBCC |. 55 push ebp
0040EBCD |. 56 push esi
0040EBCE |. 57 push edi
0040EBCF |. 884424 40 mov [esp+40], al
0040EBD3 |. B9 3F000000 mov ecx, 3F
0040EBD8 |. 33C0 xor eax, eax
0040EBDA |. 8D7C24 41 lea edi, [esp+41]
0040EBDE |. 8BAC24 440100>mov ebp, [esp+144]
0040EBE5 |. F3:AB rep stos dword ptr es:[edi]
0040EBE7 |. 66:AB stos word ptr es:[edi]
0040EBE9 |. AA stos byte ptr es:[edi]
0040EBEA |. 8BFD mov edi, ebp
0040EBEC |. 83C9 FF or ecx, FFFFFFFF
0040EBEF |. 33C0 xor eax, eax
0040EBF1 |. C74424 10 030>mov dword ptr [esp+10], 3
0040EBF9 |. F2:AE repne scas byte ptr es:[edi]
0040EBFB |. F7D1 not ecx
0040EBFD |. 49 dec ecx
0040EBFE |. 8BD9 mov ebx, ecx
0040EC00 |. 83FB 14 cmp ebx, 14 判断序列号是否大于等于20位,是则跳转,否则出错。
0040EC03 |. 7D 0E jge short 0040EC13
0040EC05 |. 5F pop edi
0040EC06 |. 5E pop esi
0040EC07 |. 5D pop ebp
0040EC08 |. 83C8 FF or eax, FFFFFFFF
0040EC0B |. 5B pop ebx
0040EC0C |. 81C4 30010000 add esp, 130
0040EC12 |. C3 retn
0040EC13 |> 8BFD mov edi, ebp 跳到这里。
0040EC15 |. 83C9 FF or ecx, FFFFFFFF
0040EC18 |. 33C0 xor eax, eax
0040EC1A |. 8D5424 40 lea edx, [esp+40]
0040EC1E |. F2:AE repne scas byte ptr es:[edi]
0040EC20 |. F7D1 not ecx
0040EC22 |. 2BF9 sub edi, ecx
0040EC24 |. 55 push ebp
0040EC25 |. 8BC1 mov eax, ecx
0040EC27 |. 8BF7 mov esi, edi
0040EC29 |. 8BFA mov edi, edx
0040EC2B |. C1E9 02 shr ecx, 2
0040EC2E |. F3:A5 rep movs dword ptr es:[edi], dword p>
0040EC30 |. 8BC8 mov ecx, eax
0040EC32 |. 83E1 03 and ecx, 3
0040EC35 |. F3:A4 rep movs byte ptr es:[edi], byte ptr>
0040EC37 |. E8 84FEFFFF call 0040EAC0 进入
进入 0040EAC0
0040EAC0 /$ 81EC 04010000 sub esp, 104
0040EAC6 |. A0 30014300 mov al, [430130]
0040EACB |. 56 push esi
0040EACC |. 57 push edi
0040EACD |. 884424 08 mov [esp+8], al
0040EAD1 |. B9 40000000 mov ecx, 40
0040EAD6 |. 33C0 xor eax, eax
0040EAD8 |. 8D7C24 09 lea edi, [esp+9]
0040EADC |. 8D5424 08 lea edx, [esp+8]
0040EAE0 |. F3:AB rep stos dword ptr es:[edi]
0040EAE2 |. 66:AB stos word ptr es:[edi]
0040EAE4 |. AA stos byte ptr es:[edi]
0040EAE5 |. 8BBC24 100100>mov edi, [esp+110]
0040EAEC |. 83C9 FF or ecx, FFFFFFFF
0040EAEF |. 33C0 xor eax, eax
0040EAF1 |. F2:AE repne scas byte ptr es:[edi]
0040EAF3 |. F7D1 not ecx
0040EAF5 |. 2BF9 sub edi, ecx
0040EAF7 |. 8BC1 mov eax, ecx
0040EAF9 |. 8BF7 mov esi, edi
0040EAFB |. 8BFA mov edi, edx
0040EAFD |. 33D2 xor edx, edx
0040EAFF |. C1E9 02 shr ecx, 2
0040EB02 |. F3:A5 rep movs dword ptr es:[edi], dword p>
0040EB04 |. 8BC8 mov ecx, eax
0040EB06 |. 33C0 xor eax, eax
0040EB08 |. 83E1 03 and ecx, 3
0040EB0B |. F3:A4 rep movs byte ptr es:[edi], byte ptr>
0040EB0D |. 8D7C24 08 lea edi, [esp+8]
0040EB11 |. 83C9 FF or ecx, FFFFFFFF
0040EB14 |. F2:AE repne scas byte ptr es:[edi]
0040EB16 |. F7D1 not ecx
0040EB18 |. 49 dec ecx
0040EB19 |. 85C9 test ecx, ecx
0040EB1B |. 7E 25 jle short 0040EB42
0040EB1D |> 8A4414 08 /mov al, [esp+edx+8]
0040EB21 |. 3C 61 |cmp al, 61
0040EB23 |. 7C 0A |jl short 0040EB2F
0040EB25 |. 3C 7A |cmp al, 7A
0040EB27 |. 7F 06 |jg short 0040EB2F
0040EB29 |. 2C 20 |sub al, 20
0040EB2B |. 884414 08 |mov [esp+edx+8], al
0040EB2F |> 8D7C24 08 |lea edi, [esp+8]
0040EB33 |. 83C9 FF |or ecx, FFFFFFFF
0040EB36 |. 33C0 |xor eax, eax
0040EB38 |. 42 |inc edx
0040EB39 |. F2:AE |repne scas byte ptr es:[edi]
0040EB3B |. F7D1 |not ecx
0040EB3D |. 49 |dec ecx
0040EB3E |. 3BD1 |cmp edx, ecx
0040EB40 |.^ 7C DB \jl short 0040EB1D
0040EB42 |> 8D7C24 08 lea edi, [esp+8]
0040EB46 |. 83C9 FF or ecx, FFFFFFFF
0040EB49 |. 33C0 xor eax, eax
0040EB4B |. 33F6 xor esi, esi
0040EB4D |. F2:AE repne scas byte ptr es:[edi]
0040EB4F |. F7D1 not ecx
0040EB51 |. 49 dec ecx
0040EB52 |. BA 01000000 mov edx, 1 初始化edx=1
0040EB57 |. 85C9 test ecx, ecx
0040EB59 |. 7E 50 jle short 0040EBAB
0040EB5B |. 53 push ebx
0040EB5C |. 8D5C24 0C lea ebx, [esp+C]
0040EB60 |. 81EB D2040000 sub ebx, 4D2
0040EB66 |> 83FE 0A /cmp esi, 0A
0040EB69 |. 7C 05 |jl short 0040EB70
0040EB6B |. 83FE 0D |cmp esi, 0D M = 0
0040EB6E |. 7E 27 |jle short 0040EB97 For M = 0 To 9
0040EB70 |> 8BC6 |mov eax, esi a = b((M Mod 4)) + Asc(Mid(s, M + 1, 1))
0040EB72 |. 8D8E D2040000 |lea ecx, [esi+4D2] a = a * d
0040EB78 |. 25 03000080 |and eax, 80000003 d = a Mod (1234 + M)
0040EB7D |. 79 05 |jns short 0040EB84 a = 0
0040EB7F |. 48 |dec eax Next
0040EB80 |. 83C8 FC |or eax, FFFFFFFC For M = 14 To 19
0040EB83 |. 40 |inc eax a = b((M Mod 4)) + Asc(Mid(s, M + 1, 1))
0040EB84 |> 0FBE3C0B |movsx edi, byte ptr [ebx+ecx] a = a * d
0040EB88 |. 8B0485 58FA42>|mov eax, [eax*4+42FA58] b(c,19,25,30) d = a Mod (1234 + M)
0040EB8F |. 03C7 |add eax, edi a = 0
0040EB91 |. 0FAFC2 |imul eax, edx Next
0040EB94 |. 99 |cdq
0040EB95 |. F7F9 |idiv ecx
0040EB97 |> 8D7C24 0C |lea edi, [esp+C]
0040EB9B |. 83C9 FF |or ecx, FFFFFFFF
0040EB9E |. 33C0 |xor eax, eax
0040EBA0 |. 46 |inc esi
0040EBA1 |. F2:AE |repne scas byte ptr es:[edi]
0040EBA3 |. F7D1 |not ecx
0040EBA5 |. 49 |dec ecx
0040EBA6 |. 3BF1 |cmp esi, ecx
0040EBA8 |.^ 7C BC \jl short 0040EB66
0040EBAA |. 5B pop ebx
0040EBAB |> 8BC2 mov eax, edx
0040EBAD |. B9 4F000000 mov ecx, 4F d = d Mod 79
0040EBB2 |. 99 cdq
0040EBB3 |. F7F9 idiv ecx
0040EBB5 |. 5F pop edi
0040EBB6 |. 5E pop esi
0040EBB7 |. 8BC2 mov eax, edx 运算结束
0040EBB9 |. 81C4 04010000 add esp, 104
运算结束后返回到0040EC3C
0040EC3C |. 894424 18 mov [esp+18], eax 将d的值 赋予[ESP+18]
0040EC40 |. 8B8424 500100>mov eax, [esp+150]
0040EC47 |. 83C4 04 add esp, 4
0040EC4A |. 83F8 03 cmp eax, 3
0040EC4D |. BA 04000000 mov edx, 4
0040EC52 |. 74 04 je short 0040EC58
0040EC54 |. 8B5424 10 mov edx, [esp+10]
0040EC58 |> 33C9 xor ecx, ecx
0040EC5A |. C6441C 40 00 mov byte ptr [esp+ebx+40], 0
0040EC5F |. 85DB test ebx, ebx
0040EC61 |. 7E 17 jle short 0040EC7A
0040EC63 |> 8A440C 40 /mov al, [esp+ecx+40]
0040EC67 |. 3C 61 |cmp al, 61
0040EC69 |. 7C 0A |jl short 0040EC75
0040EC6B |. 3C 7A |cmp al, 7A
0040EC6D |. 7F 06 |jg short 0040EC75
0040EC6F |. 2C 20 |sub al, 20
0040EC71 |. 88440C 40 |mov [esp+ecx+40], al
0040EC75 |> 41 |inc ecx
0040EC76 |. 3BCB |cmp ecx, ebx
0040EC78 |.^ 7C E9 \jl short 0040EC63
0040EC7A |> B8 07000000 mov eax, 7
0040EC7F |. 3BD8 cmp ebx, eax
0040EC81 |. 7E 25 jle short 0040ECA8
0040EC83 |> 8A0C28 /mov cl, [eax+ebp]
0040EC86 |. 80F9 39 |cmp cl, 39
0040EC89 |. 0F8F CE000000 |jg 0040ED5D
0040EC8F |. 80F9 30 |cmp cl, 30
0040EC92 |. 0F8C C5000000 |jl 0040ED5D
0040EC98 |. 8A4C04 40 |mov cl, [esp+eax+40]
0040EC9C |. 80C1 D0 |add cl, 0D0
0040EC9F |. 884C04 40 |mov [esp+eax+40], cl
0040ECA3 |. 40 |inc eax
0040ECA4 |. 3BC3 |cmp eax, ebx
0040ECA6 |.^ 7C DB \jl short 0040EC83
0040ECA8 |> 33ED xor ebp, ebp
0040ECAA |. 33C0 xor eax, eax
0040ECAC |. 85DB test ebx, ebx
0040ECAE |. 896C24 10 mov [esp+10], ebp
0040ECB2 |. 7E 1C jle short 0040ECD0
0040ECB4 |. 8D4A 07 lea ecx, [edx+7]
0040ECB7 |> 3BC1 /cmp eax, ecx
0040ECB9 |. 7C 05 |jl short 0040ECC0
0040ECBB |. 83F8 0D |cmp eax, 0D
0040ECBE |. 7E 07 |jle short 0040ECC7
0040ECC0 |> 0FBE7404 40 |movsx esi, byte ptr [esp+eax+40]
0040ECC5 |. 03EE |add ebp, esi 将字符串ss的前7位asc码值的和+8—11位数字的和+后6位数字的和的总和赋予EBP=f
0040ECC7 |> 40 |inc eax
0040ECC8 |. 3BC3 |cmp eax, ebx
0040ECCA |.^ 7C EB \jl short 0040ECB7
0040ECCC |. 896C24 10 mov [esp+10], ebp
0040ECD0 |> B9 0A000000 mov ecx, 0A
0040ECD5 |. B8 0B000000 mov eax, 0B
0040ECDA |. 8D7C24 18 lea edi, [esp+18]
0040ECDE |. BE 44FA4200 mov esi, 0042FA44
0040ECE3 |. F3:AB rep stos dword ptr es:[edi]
0040ECE5 |. B9 05000000 mov ecx, 5
0040ECEA |. 8D7C24 18 lea edi, [esp+18]
0040ECEE |. F3:A5 rep movs dword ptr es:[edi], dword p>
0040ECF0 |. 8B4C24 14 mov ecx, [esp+14]=11
0040ECF4 |. 8B7424 18 mov esi, [esp+18]
0040ECF8 |. 03F1 add esi, ecx 11+d
0040ECFA |. 33C9 xor ecx, ecx
0040ECFC |. 897424 18 mov [esp+18], esi 11+d赋予 [ESP+18]
0040ED00 |. 33F6 xor esi, esi
0040ED02 |. 85DB test ebx, ebx
0040ED04 |. 7E 2D jle short 0040ED33
0040ED06 |. 8D7A 07 lea edi, [edx+7]
0040ED09 |> 3BCF /cmp ecx, edi
0040ED0B |. 7C 05 |jl short 0040ED12
0040ED0D |. 83F9 0D |cmp ecx, 0D
0040ED10 |. 7E 1C |jle short 0040ED2E
0040ED12 |> 8BC1 |mov eax, ecx
0040ED14 |. BD 05000000 |mov ebp, 5
0040ED19 |. 99 |cdq
0040ED1A |. F7FD |idiv ebp
0040ED1C |. 0FBE440C 40 |movsx eax, byte ptr [esp+ecx+40]
0040ED21 |. 8B6C24 10 |mov ebp, [esp+10]
0040ED25 |. 8B5494 18 |mov edx, [esp+edx*4+18] 值为(11+d,1f,35,4f,5c)
0040ED29 |. 0FAFD0 |imul edx, eax
0040ED2C |. 03F2 |add esi, edx
0040ED2E |> 41 |inc ecx
0040ED2F |. 3BCB |cmp ecx, ebx
0040ED31 |.^ 7C D6 \jl short 0040ED09
For M = 0 To 6
d = j((M Mod 5)) * Asc(Mid(s, M + 1, 1)) + d
Next
For M = 7 To 8
d = j((M Mod 5)) * i(M - 6) + d
Next
For M = 10 To 10
d = d + j((M Mod 5)) * c(1)
Next
For M = 14 To 19
d = d + j((M Mod 5)) * c(M - 9)
Next
0040ED33 |> 8B8424 4C0100>mov eax, [esp+14C]
0040ED3A |. 03F5 add esi, ebp d = d +f
0040ED3C |. 83F8 03 cmp eax, 3
0040ED3F |. 8BC6 mov eax, esi
0040ED41 |. 99 cdq
0040ED42 |. B9 61000000 mov ecx, 61
0040ED47 |. 74 05 je short 0040ED4E
0040ED49 |. B9 5F000000 mov ecx, 5F
0040ED4E |> F7F9 idiv ecx d = d Mod 97
0040ED50 |. 5F pop edi
0040ED51 |. 5E pop esi
0040ED52 |. 5D pop ebp
0040ED53 |. 5B pop ebx
0040ED54 |. 8BC2 mov eax, edx d = d Mod 97
0040ED56 |. 81C4 30010000 add esp, 130
0040ED5C |. C3 retn 返回到0040ed82
0040ED5D |> 5F pop edi
0040ED5E |. 5E pop esi
0040ED5F |. 5D pop ebp
0040ED60 |. B8 FEFFFFFF mov eax, -2
0040ED65 |. 5B pop ebx
0040ED66 |. 81C4 30010000 add esp, 130
0040ED6C \. C3 retn
0040ED6D 90 nop
0040ED6E 90 nop
0040ED6F 90 nop
0040ED70 /$ 8B4424 08 mov eax, [esp+8]
0040ED74 |. 56 push esi
0040ED75 |. 8B7424 08 mov esi, [esp+8]
0040ED79 |. 6A 03 push 3
0040ED7B |. 50 push eax
0040ED7C |. 56 push esi
0040ED7D |. E8 3EFEFFFF call 0040EBC0
0040ED82 |. 8BC8 mov ecx, eax 将d赋予ecx
0040ED84 |. 83C4 0C add esp, 0C
0040ED87 |. 85C9 test ecx, ecx
0040ED89 |. 7D 07 jge short 0040ED92 跳转
0040ED8B |. B8 0C000000 mov eax, 0C
0040ED90 |. 5E pop esi
0040ED91 |. C3 retn
0040ED92 |> 0FBE46 0C movsx eax, byte ptr [esi+C] 字符串ss的第13位
0040ED96 |. 8D1480 lea edx, [eax+eax*4] g = 5 * (c(3) + 48)
0040ED99 |. 0FBE46 0D movsx eax, byte ptr [esi+D] 字符串ss的第13位
0040ED9D |. 5E pop esi
0040ED9E |. 8D8450 F0FDFF>lea eax, [eax+edx*2-210] g = c(4) + 48 + 2 * g - 528
0040EDA5 |. 2BC1 sub eax, ecx g=d则序列号正确,否则出错。
0040EDA7 |. F7D8 neg eax
0040EDA9 |. 1BC0 sbb eax, eax
0040EDAB |. 83E0 0C and eax, 0C
0040EDAE \. C3 retn
注册机的源代码如下:
Dim c(1 To 10) As Integer, i(1 To 2) As Integer, j(0 To 4) As Integer, b(0 To 3) As Integer
Dim f As Long, s As String, g As Long
b(0) = 12
b(1) = 25
b(2) = 37
b(3) = 48
Randomize
q = Int(Rnd() * 10)
If Option1.Value = True Then
SS = "BSP10" + Trim(Str(q)) + "0" '专业版
P = 422 + q
End If
If Option2.Value = True Then ' 个人版
SS = "VDP10" + Trim(Str(q)) + "0"
P = 437 + q
End If
Do
a = 71
h = 19
e = 37
n = 1
For n = 1 To 10
Randomize
c(n) = Int(Rnd * 10)
Next
f = P + c(5) + c(6) + c(7) + c(8) + c(9) + c(10)
a = a * c(8)
h = h * c(9)
a = a + h
e = e * c(10)
a = a + e
a = a + 53
a = a + f
a = a Mod 99
i(1) = Int(Rnd * 10)
i(2) = Int(Rnd * 10)
g = 5 * (i(1) + 48)
g = i(2) + 48 + 2 * g - 528
Loop Until a = g
d = 1
s = SS + Trim(Str(i(1))) + Trim(Str(i(2))) + Trim(Str(0)) + Trim(Str(c(1))) + Trim(Str(c(2))) + Trim(Str(c(3))) + Trim(Str(c(4))) + Trim(Str(c(5))) + Trim(Str(c(6))) + Trim(Str(c(7))) + Trim(Str(c(8))) + Trim(Str(c(9))) + Trim(Str(c(10)))
M = 0
For M = 0 To 9
a = b((M Mod 4)) + Asc(Mid(s, M + 1, 1))
a = a * d
d = a Mod (1234 + M)
a = 0
Next
For M = 14 To 19
a = b((M Mod 4)) + Asc(Mid(s, M + 1, 1))
a = a * d
d = a Mod (1234 + M)
a = 0
Next
d = d Mod 79
ff = P + c(5) + c(6) + c(7) + c(8) + c(9) + c(10) + i(1) + i(2) + c(1)
j(0) = 17 + d
j(1) = 31
j(2) = 53
j(3) = 79
j(4) = 92
M = 0
d = 0
For M = 0 To 6
d = j((M Mod 5)) * Asc(Mid(s, M + 1, 1)) + d
Next
For M = 7 To 8
d = j((M Mod 5)) * i(M - 6) + d
Next
For M = 10 To 10
d = d + j((M Mod 5)) * c(1)
Next
For M = 14 To 19
d = d + j((M Mod 5)) * c(M - 9)
Next
d = d + ff
d = d Mod 97
Do
c(3) = Int(Rnd * 10)
c(4) = Int(Rnd * 10)
g = 5 * (c(3) + 48)
g = c(4) + 48 + 2 * g - 528
Loop Until g = d
Text1.Text = SS + Trim(Str(c(5))) + Trim(Str(i(1))) + Trim(Str(0)) + Trim(Str(c(6))) + Trim(Str(i(2))) + Trim(Str(c(7))) + Trim(Str(c(1))) + Trim(Str(c(8))) + Trim(Str(c(2))) + Trim(Str(c(9))) + Trim(Str(c(3))) + Trim(Str(c(10))) + Trim(Str(c(4)))
--------------------------------------------------------------------------------
【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
2006年11月18日 14:13:27