此软件算法极其简单,供我等初学者学习算法之用,最好能写出自己的注册机。好了,下面开始
*******************************************************************
* Possible StringData Ref from Code Obj ->"请输入注册码"
|
:004B4954 B8AC4A4B00 mov eax, 004B4AAC
:004B4959 E8E6A6F8FF call 0043F044
:004B495E E9DB000000 jmp 004B4A3E
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B4952(C)
|
:004B4963 8D55F4 lea edx, dword ptr [ebp-0C]
:004B4966 8B8370040000 mov eax, dword ptr [ebx+00000470]
:004B496C E8EB15F9FF call 00445F5C
:004B4971 8B45F4 mov eax, dword ptr [ebp-0C]
:004B4974 50 push eax
:004B4975 8D55EC lea edx, dword ptr [ebp-14]
:004B4978 8B836C040000 mov eax, dword ptr [ebx+0000046C]
:004B497E E8D915F9FF call 00445F5C
:004B4983 8B55EC mov edx, dword ptr [ebp-14]
:004B4986 8D4DF0 lea ecx, dword ptr [ebp-10]
:004B4989 8BC3 mov eax, ebx
:004B498B E8B4FEFFFF call 004B4844------>关键call,见下面
:004B4990 8B55F0 mov edx, dword ptr [ebp-10]
---------------------->此时d edx可见正确注册码
:004B4993 58 pop eax
:004B4994 E86F02F5FF call 00404C08
:004B4999 0F8588000000 jne 004B4A27
* Possible StringData Ref from Code Obj ->"感谢您对本软件的支持"
|
:004B499F B8C44A4B00 mov eax, 004B4AC4
:004B49A4 E89BA6F8FF call 0043F044
* Possible StringData Ref from Code Obj ->" 热键大师 v1.13(注册给:"
|
----->将软件标题改为“热键大师 v1.13(注册给:用户名)”
:004B49A9 68E44A4B00 push 004B4AE4
:004B49AE 8D55E4 lea edx, dword ptr [ebp-1C]
:004B49B1 8B836C040000 mov eax, dword ptr [ebx+0000046C]
:004B49B7 E8A015F9FF call 00445F5C
:004B49BC FF75E4 push [ebp-1C]
:004B49BF 680C4B4B00 push 004B4B0C
:004B49C4 8D45E8 lea eax, dword ptr [ebp-18]
:004B49C7 BA03000000 mov edx, 00000003
:004B49CC E8B301F5FF call 00404B84
…………
……
*******************************************************************
* Referenced by a CALL at Addresses:------>关键call
|:004AFCD5 , :004B498B
|
:004B4844 55 push ebp
:004B4845 8BEC mov ebp, esp
:004B4847 83C4EC add esp, FFFFFFEC
:004B484A 53 push ebx
:004B484B 56 push esi
:004B484C 33DB xor ebx, ebx
:004B484E 895DEC mov dword ptr [ebp-14], ebx
:004B4851 895DF4 mov dword ptr [ebp-0C], ebx
:004B4854 894DF8 mov dword ptr [ebp-08], ecx
:004B4857 8955FC mov dword ptr [ebp-04], edx
:004B485A 8B45FC mov eax, dword ptr [ebp-04]
:004B485D E84A04F5FF call 00404CAC
:004B4862 33C0 xor eax, eax
:004B4864 55 push ebp
:004B4865 68EF484B00 push 004B48EF
:004B486A 64FF30 push dword ptr fs:[eax]
:004B486D 648920 mov dword ptr fs:[eax], esp
:004B4870 C745F053469103 mov [ebp-10], 03914653
------------------->[ebp-10]中存入重要数据03914653
:004B4877 8D45F4 lea eax, dword ptr [ebp-0C]
:004B487A 8B55FC mov edx, dword ptr [ebp-04]
:004B487D E82200F5FF call 004048A4
:004B4882 8B45F4 mov eax, dword ptr [ebp-0C]
------------------->用户名放到eax
:004B4885 E83A02F5FF call 00404AC4
:004B488A 8BD8 mov ebx, eax
------------------->用户名长度放到ebx
:004B488C 85DB test ebx, ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B481D(C)
|
:004B488E 7E2E jle 004B48BE
------------------->长度为0跳走
:004B4890 BE01000000 mov esi, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B48BC(C)
#################################
#:004B4895 8D45EC lea eax, dword ptr [ebp-14] #
#:004B4898 50 push eax #
#:004B4899 B901000000 mov ecx, 00000001 #
#:004B489E 8BD6 mov edx, esi #
#:004B48A0 8B45F4 mov eax, dword ptr [ebp-0C] #
#:004B48A3 E87404F5FF call 00404D1C #
#:004B48A8 8B45EC mov eax, dword ptr [ebp-14] #
#:004B48AB E80C04F5FF call 00404CBC #
#:004B48B0 8A00 mov al, byte ptr [eax] #
#:004B48B2 25FF000000 and eax, 000000FF #
#:004B48B7 0145F0 add dword ptr [ebp-10], eax #
#:004B48BA 46 inc esi #
#:004B48BB 4B dec ebx #
#:004B48BC 75D7 jne 004B4895 #
#################################
---------------->[ebp-10]加上用户名的每一位的ascii值
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B488E(C)
|
:004B48BE 8B55F8 mov edx, dword ptr [ebp-08]
:004B48C1 8B45F0 mov eax, dword ptr [ebp-10]
---------------->将[ebp-10]的值作为地址放到eax
:004B48C4 E8FF47F5FF call 004090C8
---------------->将此值转换为10进制(正确的注册码)
:004B48C9 33C0 xor eax, eax
:004B48CB 5A pop edx
:004B48CC 59 pop ecx
:004B48CD 59 pop ecx
:004B48CE 648910 mov dword ptr fs:[eax], edx
:004B48D1 68F6484B00 push 004B48F6
…………
……
*******************************************************************
算法总结:
假设用户名为:lenghost
则注册码=03914653+6C+65+6E+67+68+6F+73+74=39149B7(16进制)
转换为10进制=59853239(正确注册码)
|
|