【文章标题】: [易语言]文件保护专家V9.61算法分析
【文章作者】: KuNgBiM
【作者邮箱】: kungbim@163.com
【作者主页】: http://www.crkcn.com
【软件名称】: 文件保护专家V9.61
【软件大小】: 2448 KB
【下载地址】: 自己搜索下载
【加壳方式】: UPX
【保护方式】: 启动NAG+序列号+次数限制
【编写语言】: 易语言·飞扬
【使用工具】: OD
【操作平台】: 盗版XPsp2
【软件介绍】: 文件保护专家是一款专业的超群的加密软件.在技术上居于国内领先地位,达到了当前同类产品的国际先进水平。
使用了国际公认的RC4,RSA,MD5等多种强大加密算法(超),而且功能多样化(群),可以满足你的不同需要,是同类软件之中最
好的一个(超群),她支持Windows98/me/2000/xp/2003等操作系统,软件具有界面漂亮友好、简单易用、功能强大、兼容性好等特
点,是你加密文件夹资料不可多得的实用加密类软件。
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
解压安装程序后发现目录下有krnln.fne、iext.fnr、dp1.fne、shell.fne、Tooltiplib.fne文件,
我在第一时间内判断该程序为“易语言”程序,但没想到该程序是新版“易语言·飞扬”所编译的。
一、分离壳
外壳为UPX,我们Ctrl+S搜索代码:
------------------------------
popad
jmp 00401000
------------------------------
找到:
004E67EE 61 popad
004E67EF - E9 0CA8F1FF jmp 00401000 ; 这里F2下断,F9运行,中断后F7跟进OEP
004E67F4 0000 add byte ptr [eax], al
004E67F6 0000 add byte ptr [eax], al
跟进 004E67EF 后来到:
00401000 E8 06000000 call 0040100B ; OEP(易语言·飞扬)
00401005 50 push eax
00401006 E8 A1010000 call 004011AC ; jmp 到 kernel32.ExitProcess
0040100B 55 push ebp
0040100C 8BEC mov ebp, esp
0040100E 81C4 F0FEFFFF add esp, -110
00401014 EB 6D jmp short 00401083
00401016 6B72 6E 6C imul esi, dword ptr [edx+6E], 6C
0040101A 6E outs dx, byte ptr es:[edi]
0040101B 2E:66:6E outs dx, byte ptr es:[edi]
0040101E 72 00 jb short 00401020
00401020 6B72 6E 6C imul esi, dword ptr [edx+6E], 6C
00401024 6E outs dx, byte ptr es:[edi]
00401025 2E:66:6E outs dx, byte ptr es:[edi]
00401028 65:0047 65 add byte ptr gs:[edi+65], al
0040102C 74 4E je short 0040107C
二、寻找易语言程序核心
这里我们继续Ctrl+S搜索代码:
------------------------------
call eax
push 0
------------------------------
找到:
00401171 810424 8F1E0000 add dword ptr [esp], 1E8F
00401178 FFD0 call eax ; 到这里F2下断,F9运行,中断后F7跟进
0040117A 6A 00 push 0
0040117C E8 2B000000 call 004011AC ; jmp 到 kernel32.ExitProcess
00401181 FFB5 F8FEFFFF push dword ptr [ebp-108]
跟进 0040117C 后来到:
100290EC 55 push ebp ; 跟进后来到这里
100290ED 8BEC mov ebp, esp
100290EF 8B45 08 mov eax, dword ptr [ebp+8]
100290F2 50 push eax
100290F3 B9 88480E10 mov ecx, 100E4888
100290F8 E8 B2F5FFFF call 100286AF ; F7单步跟进这里
100290FD 5D pop ebp
100290FE C2 0400 retn 4
10029101 CC int3
10029102 CC int3
10029103 CC int3
跟进 100290F8 后来到:
100286AF 55 push ebp ; 这里是否很熟悉?
100286B0 8BEC mov ebp, esp
100286B2 83EC 08 sub esp, 8
100286B5 53 push ebx
100286B6 56 push esi
100286B7 57 push edi
100286B8 894D F8 mov dword ptr [ebp-8], ecx
100286BB FF15 BCC30B10 call dword ptr [100BC3BC] ; kernel32.GetProcessHeap
100286C1 8B4D F8 mov ecx, dword ptr [ebp-8]
100286C4 8981 EC030000 mov dword ptr [ecx+3EC], eax
100286CA 8B55 08 mov edx, dword ptr [ebp+8]
100286CD 8B42 30 mov eax, dword ptr [edx+30]
100286D0 83E0 01 and eax, 1
100286D3 85C0 test eax, eax
100286D5 75 10 jnz short 100286E7
100286D7 8B4D 08 mov ecx, dword ptr [ebp+8]
100286DA 51 push ecx
100286DB 8B4D F8 mov ecx, dword ptr [ebp-8]
100286DE E8 0DE30200 call 100569F0
100286E3 FFE0 jmp eax ; 飞向光明之颠!F7跟进到程序核心!
100286E5 EB 0E jmp short 100286F5
100286E7 8B55 08 mov edx, dword ptr [ebp+8]
100286EA 52 push edx
100286EB 8B4D F8 mov ecx, dword ptr [ebp-8]
跟进 100286E3 后来到:
004E214B FC cld ; 这里就是易语言的程序核心代码开始处
004E214C DBE3 finit
004E214E 68 08000000 push 8
004E2153 E8 B9000000 call 004E2211
004E2158 83C4 04 add esp, 4
004E215B A3 A80CA800 mov dword ptr [A80CA8], eax
004E2160 8BF8 mov edi, eax
004E2162 BE FD564000 mov esi, 004056FD
004E2167 AD lods dword ptr [esi]
004E2168 AB stos dword ptr es:[edi]
004E2169 AD lods dword ptr [esi]
004E216A AB stos dword ptr es:[edi]
004E216B 68 28000000 push 28
004E2170 E8 9C000000 call 004E2211
004E2175 83C4 04 add esp, 4
004E2178 A3 D40CA800 mov dword ptr [A80CD4], eax
004E217D 8BD8 mov ebx, eax
004E217F 8BF8 mov edi, eax
004E2181 33C0 xor eax, eax
三、搜索关键字符,分析注册算法
利用OD字符插件搜索关键字符后,找到这里下断:
------------------------------
联系人:KuNgBiM
注册码:1234567890
------------------------------
004DAB72 |. 83C4 04 add esp, 4 ; 来到这里设断,F9运行
004DAB75 |> 8B45 F0 mov eax, dword ptr [ebp-10]
004DAB78 |. 33C9 xor ecx, ecx
004DAB7A |. 50 push eax
004DAB7B |. 8D45 FC lea eax, dword ptr [ebp-4]
004DAB7E |. 8BD8 mov ebx, eax
004DAB80 |. 58 pop eax
004DAB81 |> 41 /inc ecx ; ECX自加一,指向下一位
004DAB82 |. 51 |push ecx
004DAB83 |. 53 |push ebx
004DAB84 |. 890B |mov dword ptr [ebx], ecx
004DAB86 |. 50 |push eax ; 计算用户长度
004DAB87 |. 3BC8 |cmp ecx, eax
004DAB89 |. 0F8F BF000000 |jg 004DAC4E
004DAB8F |. 6A FF |push -1
004DAB91 |. 6A 08 |push 8
004DAB93 |. 68 BE070116 |push 160107BE
004DAB98 |. 68 B7070152 |push 520107B7
004DAB9D |. E8 99760000 |call 004E223B ; 准备取用户名
004DABA2 |. 83C4 10 |add esp, 10
004DABA5 |. 8945 F4 |mov dword ptr [ebp-C], eax ; ASCII "KuNgBiM"
004DABA8 |. 68 01030080 |push 80000301
004DABAD |. 6A 00 |push 0
004DABAF |. FF75 FC |push dword ptr [ebp-4]
004DABB2 |. 68 04000080 |push 80000004
004DABB7 |. 6A 00 |push 0
004DABB9 |. 8B45 F4 |mov eax, dword ptr [ebp-C]
004DABBC |. 85C0 |test eax, eax
004DABBE |. 75 05 |jnz short 004DABC5
004DABC0 |. B8 98334000 |mov eax, 00403398
004DABC5 |> 50 |push eax
004DABC6 |. 68 02000000 |push 2
004DABCB |. BB 44010000 |mov ebx, 144
004DABD0 |. E8 4E760000 |call 004E2223
004DABD5 |. 83C4 1C |add esp, 1C
004DABD8 |. 8945 F0 |mov dword ptr [ebp-10], eax
004DABDB |. 8B5D F4 |mov ebx, dword ptr [ebp-C]
004DABDE |. 85DB |test ebx, ebx
004DABE0 |. 74 09 |je short 004DABEB
004DABE2 |. 53 |push ebx
004DABE3 |. E8 2F760000 |call 004E2217 ; 依次取取用户名
004DABE8 |. 83C4 04 |add esp, 4
004DABEB |> 68 01030080 |push 80000301
004DABF0 |. 6A 00 |push 0
004DABF2 |. FF75 F0 |push dword ptr [ebp-10] ; 分别转换为ASCII码
004DABF5 |. 68 01000000 |push 1
004DABFA |. BB 68010000 |mov ebx, 168
004DABFF |. E8 1F760000 |call 004E2223
004DAC04 |. 83C4 10 |add esp, 10
004DAC07 |. 8945 EC |mov dword ptr [ebp-14], eax ; 分别转换为十进制数值
004DAC0A |. FF75 EC |push dword ptr [ebp-14] ; /Arg2
004DAC0D |. FF75 F8 |push dword ptr [ebp-8] ; |Arg1
004DAC10 |. B9 02000000 |mov ecx, 2 ; |
004DAC15 |. E8 A8E7FDFF |call 004B93C2 ; \11.004B93C2
004DAC1A |. 83C4 08 |add esp, 8
004DAC1D |. 8945 E8 |mov dword ptr [ebp-18], eax
004DAC20 |. 8B5D EC |mov ebx, dword ptr [ebp-14]
004DAC23 |. 85DB |test ebx, ebx
004DAC25 |. 74 09 |je short 004DAC30
004DAC27 |. 53 |push ebx
004DAC28 |. E8 EA750000 |call 004E2217
004DAC2D |. 83C4 04 |add esp, 4
004DAC30 |> 8B5D F8 |mov ebx, dword ptr [ebp-8]
004DAC33 |. 85DB |test ebx, ebx
004DAC35 |. 74 09 |je short 004DAC40
004DAC37 |. 53 |push ebx
004DAC38 |. E8 DA750000 |call 004E2217
004DAC3D |. 83C4 04 |add esp, 4
004DAC40 |> 8B45 E8 |mov eax, dword ptr [ebp-18] ; 连接每位字符的十进制代码
004DAC43 |. 8945 F8 |mov dword ptr [ebp-8], eax ; 留守备用
004DAC46 |. 58 |pop eax
004DAC47 |. 5B |pop ebx
004DAC48 |. 59 |pop ecx
004DAC49 |.^ E9 33FFFFFF \jmp 004DAB81 ; 向上循环取位
004DAC4E |> 83C4 0C add esp, 0C
004DAC51 |. 6A FF push -1
004DAC53 |. 6A 08 push 8
004DAC55 |. 68 BF070116 push 160107BF
004DAC5A |. 68 B7070152 push 520107B7
004DAC5F |. E8 D7750000 call 004E223B
004DAC64 |. 83C4 10 add esp, 10
004DAC67 |. 8945 F4 mov dword ptr [ebp-C], eax ; 假码入栈,ASCII "0123456789"
004DAC6A |. 8B45 F8 mov eax, dword ptr [ebp-8] ; 真码入栈,ASCII "75117781036610577"
004DAC6D |. 50 push eax ; 真码送EAX
004DAC6E |. FF75 F4 push dword ptr [ebp-C] ; 假码留内存
004DAC71 |. E8 9EECFDFF call 004B9914
004DAC76 |. 83C4 08 add esp, 8 ; 注册码逐位比较
004DAC79 |. 83F8 00 cmp eax, 0
004DAC7C |. B8 00000000 mov eax, 0
004DAC81 |. 0F94C0 sete al
004DAC84 |. 8945 F0 mov dword ptr [ebp-10], eax
004DAC87 |. 8B5D F4 mov ebx, dword ptr [ebp-C]
004DAC8A |. 85DB test ebx, ebx
004DAC8C |. 74 09 je short 004DAC97
004DAC8E |. 53 push ebx ; 假码送EBX
004DAC8F |. E8 83750000 call 004E2217
004DAC94 |. 83C4 04 add esp, 4
004DAC97 |> 837D F0 00 cmp dword ptr [ebp-10], 0 ; 比较余数是否为0
004DAC9B |. 0F84 F4020000 je 004DAF95 ; 跳则GAME OVER
004DACA1 |. 68 04000080 push 80000004
004DACA6 |. 6A 00 push 0
004DACA8 |. 68 F8A74100 push 0041A7F8 ; 恭喜
004DACAD |. 68 01030080 push 80000301
004DACB2 |. 6A 00 push 0
004DACB4 |. 68 40000000 push 40
004DACB9 |. 68 04000080 push 80000004
004DACBE |. 6A 00 push 0
004DACC0 |. 68 FDA74100 push 0041A7FD ; 注册成功,非常感谢你的支持!
004DACC5 |. 68 03000000 push 3
004DACCA |. BB 00030000 mov ebx, 300
004DACCF |. E8 4F750000 call 004E2223 ; 打开注册表
004DACD4 |. 83C4 28 add esp, 28
004DACD7 |. 6A FF push -1
004DACD9 |. 6A 08 push 8
004DACDB |. 68 BE070116 push 160107BE
004DACE0 |. 68 B7070152 push 520107B7
004DACE5 |. E8 51750000 call 004E223B ; 写入用户名
004DACEA |. 83C4 10 add esp, 10
004DACED |. 8945 F4 mov dword ptr [ebp-C], eax
004DACF0 |. 68 04000080 push 80000004
004DACF5 |. 6A 00 push 0
004DACF7 |. 8B45 F4 mov eax, dword ptr [ebp-C]
004DACFA |. 85C0 test eax, eax
004DACFC |. 75 05 jnz short 004DAD03
004DACFE |. B8 98334000 mov eax, 00403398
004DAD03 |> 50 push eax
004DAD04 |. 68 04000080 push 80000004
004DAD09 |. 6A 00 push 0 ; 保存位置
004DAD0B |. 68 30554100 push 00415530 ; Software\afengsoft\lockfile\user
004DAD10 |. 68 01030080 push 80000301
004DAD15 |. 6A 00 push 0
004DAD17 |. 68 03000000 push 3
004DAD1C |. 68 03000000 push 3
004DAD21 |. BB A4060000 mov ebx, 6A4
004DAD26 |. E8 F8740000 call 004E2223 ; 关闭注册表
004DAD2B |. 83C4 28 add esp, 28
004DAD2E |. 8B5D F4 mov ebx, dword ptr [ebp-C]
004DAD31 |. 85DB test ebx, ebx
004DAD33 |. 74 09 je short 004DAD3E
004DAD35 |. 53 push ebx
004DAD36 |. E8 DC740000 call 004E2217 ; 打开注册表
004DAD3B |. 83C4 04 add esp, 4
004DAD3E |> 6A FF push -1
004DAD40 |. 6A 08 push 8
004DAD42 |. 68 BF070116 push 160107BF
004DAD47 |. 68 B7070152 push 520107B7
004DAD4C |. E8 EA740000 call 004E223B ; 写入注册码
004DAD51 |. 83C4 10 add esp, 10
004DAD54 |. 8945 F4 mov dword ptr [ebp-C], eax
004DAD57 |. 68 04000080 push 80000004
004DAD5C |. 6A 00 push 0
004DAD5E |. 8B45 F4 mov eax, dword ptr [ebp-C]
004DAD61 |. 85C0 test eax, eax
004DAD63 |. 75 05 jnz short 004DAD6A
004DAD65 |. B8 98334000 mov eax, 00403398
004DAD6A |> 50 push eax
004DAD6B |. 68 04000080 push 80000004
004DAD70 |. 6A 00 push 0 ; 保存位置
004DAD72 |. 68 2B574000 push 0040572B ; Software\afengsoft\lockfile\lock
004DAD77 |. 68 01030080 push 80000301
004DAD7C |. 6A 00 push 0
004DAD7E |. 68 03000000 push 3
004DAD83 |. 68 03000000 push 3
004DAD88 |. BB A4060000 mov ebx, 6A4
004DAD8D |. E8 91740000 call 004E2223
004DAD92 |. 83C4 28 add esp, 28
004DAD95 |. 8B5D F4 mov ebx, dword ptr [ebp-C]
004DAD98 |. 85DB test ebx, ebx
004DAD9A |. 74 09 je short 004DADA5
004DAD9C |. 53 push ebx
004DAD9D |. E8 75740000 call 004E2217 ; 关闭注册表
004DADA2 |. 83C4 04 add esp, 4
004DADA5 |> 68 01030080 push 80000301
004DADAA |. 6A 00 push 0
004DADAC |. 68 09000000 push 9
004DADB1 |. 68 01000000 push 1
004DADB6 |. BB 1C000000 mov ebx, 1C
004DADBB |. B8 02000000 mov eax, 2
004DADC0 |. E8 58740000 call 004E221D ; 打开系统盘
004DADC5 |. 83C4 10 add esp, 10
004DADC8 |. 8945 F4 mov dword ptr [ebp-C], eax
004DADCB |. 68 EB564000 push 004056EB ; /systemlockfile008
004DADD0 |. FF75 F4 push dword ptr [ebp-C] ; |Arg1
004DADD3 |. B9 02000000 mov ecx, 2 ; |
004DADD8 |. E8 E5E5FDFF call 004B93C2 ; \11.004B93C2
004DADDD |. 83C4 08 add esp, 8
004DADE0 |. 8945 F0 mov dword ptr [ebp-10], eax
004DADE3 |. 8B5D F4 mov ebx, dword ptr [ebp-C]
004DADE6 |. 85DB test ebx, ebx
004DADE8 |. 74 09 je short 004DADF3
004DADEA |. 53 push ebx
004DADEB |. E8 27740000 call 004E2217 ; 写入注册文件
004DADF0 |. 83C4 04 add esp, 4
004DADF3 |> 6A 00 push 0
004DADF5 |. 6A 00 push 0
004DADF7 |. 6A 00 push 0
004DADF9 |. 68 04000080 push 80000004
004DADFE |. 6A 00 push 0
004DAE00 |. 68 51554100 push 00415551 ; regdate
004DAE05 |. 68 04000080 push 80000004
004DAE0A |. 6A 00 push 0
004DAE0C |. 68 B1334000 push 004033B1 ; data
004DAE11 |. 68 04000080 push 80000004
004DAE16 |. 6A 00 push 0
004DAE18 |. 8B45 F0 mov eax, dword ptr [ebp-10]
004DAE1B |. 85C0 test eax, eax ; ASCII "C:\WINDOWS\systemlockfile008"
004DAE1D |. 75 05 jnz short 004DAE24
004DAE1F |. B8 98334000 mov eax, 00403398
004DAE24 |> 50 push eax
004DAE25 |. 68 04000000 push 4
004DAE2A |. BB C8080000 mov ebx, 8C8
004DAE2F |. E8 EF730000 call 004E2223
004DAE34 |. 83C4 34 add esp, 34
004DAE37 |. 8945 EC mov dword ptr [ebp-14], eax
004DAE3A |. 8B5D F0 mov ebx, dword ptr [ebp-10]
004DAE3D |. 85DB test ebx, ebx
004DAE3F |. 74 09 je short 004DAE4A
004DAE41 |. 53 push ebx
004DAE42 |. E8 D0730000 call 004E2217
004DAE47 |. 83C4 04 add esp, 4
004DAE4A |> 68 98334000 push 00403398
004DAE4F |. FF75 EC push dword ptr [ebp-14]
004DAE52 |. E8 BDEAFDFF call 004B9914
004DAE57 |. 83C4 08 add esp, 8
004DAE5A |. 83F8 00 cmp eax, 0
004DAE5D |. B8 00000000 mov eax, 0
004DAE62 |. 0F94C0 sete al
004DAE65 |. 8945 E8 mov dword ptr [ebp-18], eax
004DAE68 |. 8B5D EC mov ebx, dword ptr [ebp-14]
004DAE6B |. 85DB test ebx, ebx
004DAE6D |. 74 09 je short 004DAE78
004DAE6F |. 53 push ebx
004DAE70 |. E8 A2730000 call 004E2217
004DAE75 |. 83C4 04 add esp, 4
004DAE78 |> 837D E8 00 cmp dword ptr [ebp-18], 0
004DAE7C |. 0F84 04010000 je 004DAF86
004DAE82 |. 68 01030080 push 80000301
004DAE87 |. 6A 00 push 0
004DAE89 |. 68 09000000 push 9
004DAE8E |. 68 01000000 push 1
004DAE93 |. BB 1C000000 mov ebx, 1C
004DAE98 |. B8 02000000 mov eax, 2
004DAE9D |. E8 7B730000 call 004E221D
004DAEA2 |. 83C4 10 add esp, 10
004DAEA5 |. 8945 F4 mov dword ptr [ebp-C], eax
004DAEA8 |. 68 EB564000 push 004056EB ; /systemlockfile008
004DAEAD |. FF75 F4 push dword ptr [ebp-C] ; |Arg1
004DAEB0 |. B9 02000000 mov ecx, 2 ; |
004DAEB5 |. E8 08E5FDFF call 004B93C2 ; \11.004B93C2
004DAEBA |. 83C4 08 add esp, 8
004DAEBD |. 8945 F0 mov dword ptr [ebp-10], eax
004DAEC0 |. 8B5D F4 mov ebx, dword ptr [ebp-C]
004DAEC3 |. 85DB test ebx, ebx
004DAEC5 |. 74 09 je short 004DAED0
004DAEC7 |. 53 push ebx
004DAEC8 |. E8 4A730000 call 004E2217
004DAECD |. 83C4 04 add esp, 4
004DAED0 |> 68 00000000 push 0
004DAED5 |. BB 10020000 mov ebx, 210
004DAEDA |. E8 44730000 call 004E2223
004DAEDF |. 83C4 04 add esp, 4
004DAEE2 |. 8945 E8 mov dword ptr [ebp-18], eax
004DAEE5 |. 8955 EC mov dword ptr [ebp-14], edx
004DAEE8 |. 68 01030080 push 80000301
004DAEED |. 6A 00 push 0
004DAEEF |. 68 01000000 push 1
004DAEF4 |. 68 03000080 push 80000003
004DAEF9 |. FF75 EC push dword ptr [ebp-14]
004DAEFC |. FF75 E8 push dword ptr [ebp-18]
004DAEFF |. 68 02000000 push 2
004DAF04 |. BB E8010000 mov ebx, 1E8
004DAF09 |. E8 15730000 call 004E2223
004DAF0E |. 83C4 1C add esp, 1C
004DAF11 |. 8945 E4 mov dword ptr [ebp-1C], eax
004DAF14 |. 68 04000080 push 80000004
004DAF19 |. 6A 00 push 0
004DAF1B |. 8B45 E4 mov eax, dword ptr [ebp-1C]
004DAF1E |. 85C0 test eax, eax
004DAF20 |. 75 05 jnz short 004DAF27
004DAF22 |. B8 98334000 mov eax, 00403398
004DAF27 |> 50 push eax
004DAF28 |. 68 04000080 push 80000004
004DAF2D |. 6A 00 push 0
004DAF2F |. 68 51554100 push 00415551 ; regdate
004DAF34 |. 68 04000080 push 80000004
004DAF39 |. 6A 00 push 0
004DAF3B |. 68 B1334000 push 004033B1 ; data
004DAF40 |. 68 04000080 push 80000004
004DAF45 |. 6A 00 push 0
004DAF47 |. 8B45 F0 mov eax, dword ptr [ebp-10]
004DAF4A |. 85C0 test eax, eax
004DAF4C |. 75 05 jnz short 004DAF53
004DAF4E |. B8 98334000 mov eax, 00403398
004DAF53 |> 50 push eax
004DAF54 |. 68 04000000 push 4
004DAF59 |. BB CC080000 mov ebx, 8CC
004DAF5E |. E8 C0720000 call 004E2223
004DAF63 |. 83C4 34 add esp, 34
004DAF66 |. 8B5D F0 mov ebx, dword ptr [ebp-10]
004DAF69 |. 85DB test ebx, ebx
004DAF6B |. 74 09 je short 004DAF76
004DAF6D |. 53 push ebx
004DAF6E |. E8 A4720000 call 004E2217
004DAF73 |. 83C4 04 add esp, 4
004DAF76 |> 8B5D E4 mov ebx, dword ptr [ebp-1C]
004DAF79 |. 85DB test ebx, ebx
004DAF7B |. 74 09 je short 004DAF86
004DAF7D |. 53 push ebx
004DAF7E |. E8 94720000 call 004E2217
004DAF83 |. 83C4 04 add esp, 4
004DAF86 |> 6A 00 push 0
004DAF88 |. E8 6C720000 call 004E21F9
004DAF8D |. 83C4 04 add esp, 4
004DAF90 |. E9 40000000 jmp 004DAFD5
004DAF95 |> 837D 08 00 cmp dword ptr [ebp+8], 0
004DAF99 |. 0F84 36000000 je 004DAFD5
004DAF9F |. 68 04000080 push 80000004
004DAFA4 |. 6A 00 push 0
004DAFA6 |. 68 5CA74100 push 0041A75C ; 提示
004DAFAB |. 68 01030080 push 80000301
004DAFB0 |. 6A 00 push 0
004DAFB2 |. 68 40000000 push 40
004DAFB7 |. 68 04000080 push 80000004
004DAFBC |. 6A 00 push 0
004DAFBE |. 68 ACA74100 push 0041A7AC ; 注册失败,请输入正确注册码!
004DAFC3 |. 68 03000000 push 3
004DAFC8 |. BB 00030000 mov ebx, 300
004DAFCD |. E8 51720000 call 004E2223
004DAFD2 |. 83C4 28 add esp, 28
004DAFD5 |> E9 40000000 jmp 004DB01A
004DAFDA |> 837D 08 00 cmp dword ptr [ebp+8], 0
004DAFDE |. 0F84 36000000 je 004DB01A
004DAFE4 |. 68 04000080 push 80000004
004DAFE9 |. 6A 00 push 0
004DAFEB |. 68 5CA74100 push 0041A75C ; 提示
004DAFF0 |. 68 01030080 push 80000301
004DAFF5 |. 6A 00 push 0
004DAFF7 |. 68 40000000 push 40
004DAFFC |. 68 04000080 push 80000004
004DB001 |. 6A 00 push 0
004DB003 |. 68 C8A74100 push 0041A7C8 ; 注册失败,请输入完整的注册信息!
004DB008 |. 68 03000000 push 3
004DB00D |. BB 00030000 mov ebx, 300
004DB012 |. E8 0C720000 call 004E2223
004DB017 |. 83C4 28 add esp, 28
004DB01A |> 8B5D F8 mov ebx, dword ptr [ebp-8]
004DB01D |. 85DB test ebx, ebx
004DB01F |. 74 09 je short 004DB02A
004DB021 |. 53 push ebx
004DB022 |. E8 F0710000 call 004E2217
004DB027 |. 83C4 04 add esp, 4
004DB02A |> 8BE5 mov esp, ebp
004DB02C |. 5D pop ebp
004DB02D \. C2 0800 retn 8
注册算法为:
依次把用户名每个字母转换为ASCII码后再转换为十进制数值串起来即可。
============ 以下程序在盗版XPsp2、VB6.0下编译测试通过 ============
Private Sub Text1_Change()
'Keygen by KuNgBiM
Dim name As String
Dim n, m, i As Byte
Dim sn, tmp As String
name = Text1.Text
n = Len(name)
For i = 1 To n
tmp = Mid(name, i, 1)
m = Asc(tmp)
sn = sn & m
Next
Text2.Text = sn
End Sub
============ 以下程序在盗版XPsp2、Delphi 6.0下编译测试通过 ============
procedure Tkeygen.Text1Change(Sender: TObject);
var
name, tmp: AnsiString;
n, m, sn: Variant;
i: Char;
begin
//{$DEFINE def_Text1_Change}
{$IF Defined(def_Text1_Change)}
// Keygen by KuNgBiM
name := Text1.Text;
n := Length(name);
for i:=1 to n do begin
tmp := Copy(name, i, 1);
m := Asc(tmp);
sn := sn+m;
end;
Text2.Text := sn;
{$IFEND} // def_Text1_Change
end;
end.
============ 以下程序在盗版XPsp2、VC++ 6.0下编译测试通过 ============
void Ckeygen::OnChangeText1()
{
// TODO: Add your control notification handler code here
// Keygen by KuNgBiM
CString name;
CComVariant n, m; BYTE i;
CComVariant sn; CString tmp;
name = Text(m_Text1);
n = name.GetLength();
for(i=1; i<=n; i++) {
tmp = name.Mid(i-1, 1);
m = Asc(tmp);
sn = sn+m;
}
m_Text2.SetWindowText(sn);
}
--------------------------------------------------------------------------------
【经验总结】
新年快乐!没什么好总结的,凑合看吧!
--------------------------------------------------------------------------------
【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
2007年02月17日 PM 02:37:57