注册码
:0050729D 8D55EC lea edx, dword ptr [ebp-14]
:005072A0 E847050000 call 005077EC 真注册码各位取反
:005072A5 8D8520FFFFFF lea eax, dword ptr [ebp+FFFFFF20]
:005072AB 50 push eax
:005072AC B905000000 mov ecx, 00000005
:005072B1 BA13000000 mov edx, 00000013
:005072B6 8B45F4 mov eax, dword ptr [ebp-0C]
:005072B9 E82E44F3FF call 0043B6EC 取第四部分的假码
:005072BE 8B8520FFFFFF mov eax, dword ptr [ebp+FFFFFF20]
:005072C4 8D9524FFFFFF lea edx, dword ptr [ebp+FFFFFF24]
:005072CA E81D050000 call 005077EC 第四部分的假码各位取反
:005072CF 8B9524FFFFFF mov edx, dword ptr [ebp+FFFFFF24]
:005072D5 8B45EC mov eax, dword ptr [ebp-14]
:005072D8 E897DDEFFF call 00405074 第四部分的经过变换的真假注
册码相比
:005072DD 7409 je 005072E8 相等就跳到注册码第五部分的
计算,否则去死(爆破点)
:005072DF C645F300 mov [ebp-0D], 00
:005072E3 E9D7020000 jmp 005075BF
------------注册码第五部分计算---------------
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005072DD(C)
|
:005072E8 33F6 xor esi, esi esi清零
:005072EA BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00507327(C)
|
:005072EF 8D851CFFFFFF lea eax, dword ptr [ebp+FFFFFF1C]
:005072F5 50 push eax
:005072F6 8D9518FFFFFF lea edx, dword ptr [ebp+FFFFFF18]
:005072FC 8B45EC mov eax, dword ptr [ebp-14]
:005072FF E8E8040000 call 005077EC
:00507304 8B8518FFFFFF mov eax, dword ptr [ebp+FFFFFF18] 81168-->eax
:0050730A B901000000 mov ecx, 00000001
:0050730F 8BD3 mov edx, ebx
:00507311 E8D643F3FF call 0043B6EC
:00507316 8B851CFFFFFF mov eax, dword ptr [ebp+FFFFFF1C]
:0050731C E83B26F0FF call 0040995C
:00507321 03F0 add esi, eax
:00507323 43 inc ebx
:00507324 83FB06 cmp ebx, 00000006
:00507327 75C6 jne 005072EF--------------------------以上构成循环,将81168各位
相加,即8+1+1+6+8=0x18---->esi
:00507329 8BC6 mov eax, esi
:0050732B B90A000000 mov ecx, 0000000A
:00507330 99 cdq
:00507331 F7F9 idiv ecx 0x18/0xA
:00507333 8BF2 mov esi, edx 余数为"4"-->esi
:00507335 8D55E0 lea edx, dword ptr [ebp-20]
:00507338 8BC6 mov eax, esi
:0050733A E8B124F0FF call 004097F0
:0050733F 33F6 xor esi, esi
:00507341 BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0050737E(C)
|
:00507346 8D8514FFFFFF lea eax, dword ptr [ebp+FFFFFF14]
:0050734C 50 push eax
:0050734D 8D9510FFFFFF lea edx, dword ptr [ebp+FFFFFF10]
:00507353 8B45DC mov eax, dword ptr [ebp-24]
:00507356 E891040000 call 005077EC
:0050735B 8B8510FFFFFF mov eax, dword ptr [ebp+FFFFFF10] 721287(见上)-->eax
:00507361 B901000000 mov ecx, 00000001
:00507366 8BD3 mov edx, ebx
:00507368 E87F43F3FF call 0043B6EC
:0050736D 8B8514FFFFFF mov eax, dword ptr [ebp+FFFFFF14]
:00507373 E8E425F0FF call 0040995C
:00507378 03F0 add esi, eax
:0050737A 43 inc ebx
:0050737B 83FB07 cmp ebx, 00000007
:0050737E 75C6 jne 00507346--------------------------又一个循环,将721287各位
相加,即7+2+1+2+8+7=0x1B----->esi
:00507380 8BC6 mov eax, esi
:00507382 B90A000000 mov ecx, 0000000A
:00507387 99 cdq
:00507388 F7F9 idiv ecx 0x1B/0xA
:0050738A 8BF2 mov esi, edx 余数为"7"-->esi
:0050738C 8D950CFFFFFF lea edx, dword ptr [ebp+FFFFFF0C]
:00507392 8BC6 mov eax, esi
:00507394 E85724F0FF call 004097F0
:00507399 8B850CFFFFFF mov eax, dword ptr [ebp+FFFFFF0C]
:0050739F 8D55EC lea edx, dword ptr [ebp-14]
:005073A2 E845040000 call 005077EC
:005073A7 33F6 xor esi, esi
:005073A9 BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005073E6(C)
|
:005073AE 8D8508FFFFFF lea eax, dword ptr [ebp+FFFFFF08]
:005073B4 50 push eax
:005073B5 8D9504FFFFFF lea edx, dword ptr [ebp+FFFFFF04]
:005073BB 8B45D8 mov eax, dword ptr [ebp-28]
:005073BE E829040000 call 005077EC 得到"29685"(见上)
:005073C3 8B8504FFFFFF mov eax, dword ptr [ebp+FFFFFF04] 29685-->eax
:005073C9 B901000000 mov ecx, 00000001
:005073CE 8BD3 mov edx, ebx
:005073D0 E81743F3FF call 0043B6EC
:005073D5 8B8508FFFFFF mov eax, dword ptr [ebp+FFFFFF08]
:005073DB E87C25F0FF call 0040995C
:005073E0 03F0 add esi, eax
:005073E2 43 inc ebx
:005073E3 83FB06 cmp ebx, 00000006
:005073E6 75C6 jne 005073AE--------------------------又一个循环,将29685各位相
加,即2+9+6+8+5=0x1E----->esi
:005073E8 8BC6 mov eax, esi
:005073EA B90A000000 mov ecx, 0000000A
:005073EF 99 cdq
:005073F0 F7F9 idiv ecx 0x1E/0xA
:005073F2 8BF2 mov esi, edx 余数为"0"-->esi
:005073F4 8D95FCFEFFFF lea edx, dword ptr [ebp+FFFFFEFC]
:005073FA 8B45EC mov eax, dword ptr [ebp-14]
:005073FD E8EA030000 call 005077EC
:00507402 8D85FCFEFFFF lea eax, dword ptr [ebp+FFFFFEFC]
:00507408 50 push eax
:00507409 8D95F8FEFFFF lea edx, dword ptr [ebp+FFFFFEF8]
:0050740F 8BC6 mov eax, esi
:00507411 E8DA23F0FF call 004097F0
:00507416 8B95F8FEFFFF mov edx, dword ptr [ebp+FFFFFEF8]
:0050741C 58 pop eax
:0050741D E80EDBEFFF call 00404F30 将余数"7"与余数"0"连接起
来----->"70"
:00507422 8B85FCFEFFFF mov eax, dword ptr [ebp+FFFFFEFC]
:00507428 8D9500FFFFFF lea edx, dword ptr [ebp+FFFFFF00]
:0050742E E8B9030000 call 005077EC
:00507433 8B9500FFFFFF mov edx, dword ptr [ebp+FFFFFF00]
:00507439 8D45EC lea eax, dword ptr [ebp-14]
:0050743C E8BFD8EFFF call 00404D00
:00507441 33F6 xor esi, esi esi清零
:00507443 BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00507480(C)
|
:00507448 8D85F4FEFFFF lea eax, dword ptr [ebp+FFFFFEF4]
:0050744E 50 push eax
:0050744F 8D95F0FEFFFF lea edx, dword ptr [ebp+FFFFFEF0]
:00507455 8B45D4 mov eax, dword ptr [ebp-2C]
:00507458 E88F030000 call 005077EC
:0050745D 8B85F0FEFFFF mov eax, dword ptr [ebp+FFFFFEF0] "60708"(见上)-->eax
:00507463 B901000000 mov ecx, 00000001
:00507468 8BD3 mov edx, ebx
:0050746A E87D42F3FF call 0043B6EC
:0050746F 8B85F4FEFFFF mov eax, dword ptr [ebp+FFFFFEF4]
:00507475 E8E224F0FF call 0040995C
:0050747A 03F0 add esi, eax
:0050747C 43 inc ebx
:0050747D 83FB06 cmp ebx, 00000006
:00507480 75C6 jne 00507448--------------------------又一个循环,将60708各位相
加,即6+0+7+0+8=0x15----->esi
:00507482 8BC6 mov eax, esi
:00507484 B90A000000 mov ecx, 0000000A
:00507489 99 cdq
:0050748A F7F9 idiv ecx 0x15/0xA
:0050748C 8BF2 mov esi, edx 余数为"1"-->esi
:0050748E 8D95E4FEFFFF lea edx, dword ptr [ebp+FFFFFEE4]
:00507494 8B45EC mov eax, dword ptr [ebp-14]
:00507497 E850030000 call 005077EC
:0050749C FFB5E4FEFFFF push dword ptr [ebp+FFFFFEE4]
:005074A2 8D95E0FEFFFF lea edx, dword ptr [ebp+FFFFFEE0]
:005074A8 8BC6 mov eax, esi
:005074AA E84123F0FF call 004097F0
:005074AF FFB5E0FEFFFF push dword ptr [ebp+FFFFFEE0]
:005074B5 FF75E0 push [ebp-20]
:005074B8 8D85E8FEFFFF lea eax, dword ptr [ebp+FFFFFEE8]
:005074BE BA03000000 mov edx, 00000003
:005074C3 E820DBEFFF call 00404FE8 将以上得到的余数连接起来
得到数"7014"
:005074C8 8B85E8FEFFFF mov eax, dword ptr [ebp+FFFFFEE8] "7014"-->eax
:005074CE 8D95ECFEFFFF lea edx, dword ptr [ebp+FFFFFEEC]
:005074D4 E813030000 call 005077EC
:005074D9 8B95ECFEFFFF mov edx, dword ptr [ebp+FFFFFEEC]
:005074DF 8D45EC lea eax, dword ptr [ebp-14]
:005074E2 E819D8EFFF call 00404D00
:005074E7 33F6 xor esi, esi esi清零
:005074E9 BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00507526(C)
|
:005074EE 8D85DCFEFFFF lea eax, dword ptr [ebp+FFFFFEDC]
:005074F4 50 push eax
:005074F5 8D95D8FEFFFF lea edx, dword ptr [ebp+FFFFFED8]
:005074FB 8B45EC mov eax, dword ptr [ebp-14]
:005074FE E8E9020000 call 005077EC
:00507503 8B85D8FEFFFF mov eax, dword ptr [ebp+FFFFFED8] "7014"-->eax
:00507509 B901000000 mov ecx, 00000001
:0050750E 8BD3 mov edx, ebx
:00507510 E8D741F3FF call 0043B6EC
:00507515 8B85DCFEFFFF mov eax, dword ptr [ebp+FFFFFEDC]
:0050751B E83C24F0FF call 0040995C
:00507520 03F0 add esi, eax
:00507522 43 inc ebx
:00507523 83FB05 cmp ebx, 00000005
:00507526 75C6 jne 005074EE--------------------------又一个循环,将7014各位相加
,即7+0+1+4=0xC----->esi
:00507528 8BC6 mov eax, esi
:0050752A B90A000000 mov ecx, 0000000A
:0050752F 99 cdq
:00507530 F7F9 idiv ecx 0xC/0xA
:00507532 8BF2 mov esi, edx 余数为"2"-->esi
:00507534 8D95D0FEFFFF lea edx, dword ptr [ebp+FFFFFED0]
:0050753A 8B45EC mov eax, dword ptr [ebp-14]
:0050753D E8AA020000 call 005077EC
:00507542 8D85D0FEFFFF lea eax, dword ptr [ebp+FFFFFED0]
:00507548 50 push eax
:00507549 8D95CCFEFFFF lea edx, dword ptr [ebp+FFFFFECC]
:0050754F 8BC6 mov eax, esi
:00507551 E89A22F0FF call 004097F0
:00507556 8B95CCFEFFFF mov edx, dword ptr [ebp+FFFFFECC]
:0050755C 58 pop eax
:0050755D E8CED9EFFF call 00404F30 将"2"与"7014"连接起来,得
到第五部分真注册码,即"70142"
:00507562 8B85D0FEFFFF mov eax, dword ptr [ebp+FFFFFED0]
:00507568 8D95D4FEFFFF lea edx, dword ptr [ebp+FFFFFED4]
:0050756E E879020000 call 005077EC 真码各位取反
:00507573 8B95D4FEFFFF mov edx, dword ptr [ebp+FFFFFED4]
:00507579 8D45EC lea eax, dword ptr [ebp-14]
:0050757C E87FD7EFFF call 00404D00
:00507581 8D85C4FEFFFF lea eax, dword ptr [ebp+FFFFFEC4]
:00507587 50 push eax
:00507588 B905000000 mov ecx, 00000005
:0050758D BA19000000 mov edx, 00000019
:00507592 8B45F4 mov eax, dword ptr [ebp-0C] 取第五部分的假码
:00507595 E85241F3FF call 0043B6EC
:0050759A 8B85C4FEFFFF mov eax, dword ptr [ebp+FFFFFEC4]
:005075A0 8D95C8FEFFFF lea edx, dword ptr [ebp+FFFFFEC8]
:005075A6 E841020000 call 005077EC 第五部分的假码取反
:005075AB 8B95C8FEFFFF mov edx, dword ptr [ebp+FFFFFEC8]
:005075B1 8B45EC mov eax, dword ptr [ebp-14]
:005075B4 E8BBDAEFFF call 00405074 第五部分的经过变换的真假注册码相比
:005075B9 7404 je 005075BF 相等就跳,注册成功,否则去死(爆破点)
:005075BB C645F300 mov [ebp-0D], 00
所以注册信息为:
序列号:3781489924572
注册名:wzh123
注册码:H1287-29685-60708-81168-70142
由于注册算法用到了序列号,所以,一个注册码只对应一台机器,你只好自己算算了^-^
【相关文章】
【随机文章】
【相关评论】
没有相关评论
【发表评论】
|