Your Ad Here
首页 | 编程语言 | 网站建设 | 游戏天堂 | 冲浪宝典 | 网络安全 | 操作系统 | 软件时空 | 硬件指南 | 病毒相关 | IT 认证
软讯网络 > 网络安全 > 黑客技术 > ClockWise 3.22e注册码算法分析(2)
【标  题】:ClockWise 3.22e注册码算法分析(2)
【关键字】:c,C,算法分析,is,22,Wi,ClockWise,22e
【来  源】:网络

ClockWise 3.22e注册码算法分析(2)

Your Ad Here * Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004228D7(C)
|
:004228E5 81FBC4090000 cmp ebx, 000009C4
:004228EB 760C jbe 004228F9  <<-----小于或等于2500则跳至 4228F9 处
:004228ED 81FB88130000 cmp ebx, 00001388
:004228F3 0F826C010000 jb 00422A65  <<-------小于5000则跳走(即跳出,不再进行下面的运算)

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004228EB(C)
|
:004228F9 81FB401F0000 cmp ebx, 00001F40
:004228FF 760C jbe 0042290D <<------小于或等于8000则跳至 42290D 处
:00422901 81FB67270000 cmp ebx, 00002767
:00422907 0F8258010000 jb 00422A65  <<-------小于10087则跳至 422A65 处(即跳出,不再进行下面的运算)

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004228FF(C)
|
:0042290D 81FB162A0000 cmp ebx, 00002A16
:00422913 760C jbe 00422921  <<-----小于或等于10774则跳至 422921 处
:00422915 81FB532A0000 cmp ebx, 00002A53
:0042291B 0F8244010000 jb 00422A65 <<-----小于10835则跳至 422A65 处(即跳出,不再进行下面的运算)

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422913(C)
|
:00422921 81FBE02E0000 cmp ebx, 00002EE0
:00422927 760C jbe 00422935  <<------小于或等于12000则跳至 422935 处
:00422929 81FB204E0000 cmp ebx, 00004E20
:0042292F 0F8230010000 jb 00422A65  <<-------小于或等于17120则跳至 422A65 处(即跳出,不再进行下面的运算)

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422927(C)
|
:00422935 81FBF0550000 cmp ebx, 000055F0
:0042293B 0F8724010000 ja 00422A65  <<---------大于22000则跳走(即跳出,不再进行下面的运算)
:00422941 8B4DFC mov ecx, dword ptr [ebp-04]  <<------用户名长度->ECX
:00422944 33C0 xor eax, eax  <<-----EAX清零,准备计数
:00422946 3BCE cmp ecx, esi
:00422948 7E1C jle 00422966
:0042294A 8B5760 mov edx, dword ptr [edi+60]  <<------用户名首地址->EDX
==========================================================
由上面不难看出,序列号的范围为:(1,300],(1000,2500],(5000,8000],(10087,10774],(10835,12000],(17120,22000)
因此,将注册窗口中的Serial Number改为12000,再进行第二次跟踪,来到:

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422964(C)
|
:0042294D 8D4801 lea ecx, dword ptr [eax+01] <<-----计数器加一送入ECX
:00422950 8B7DFC mov edi, dword ptr [ebp-04]   <<-----用户名长度->EDI
:00422953 0FBE0402 movsx eax, byte ptr [edx+eax] <<----按顺序取用户名的每一个字符
:00422957 0FAFC1 imul eax, ecx
:0042295A 03C7 add eax, edi
:0042295C 03F0 add esi, eax
:0042295E 8BC1 mov eax, ecx
:00422960 8BCF mov ecx, edi
:00422962 3BC1 cmp eax, ecx
:00422964 7CE7 jl 0042294D
=================================
上面这段代码为注册码算法中的一部分,很重要
=================================

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422948(C)
|
:00422966 8B55FC mov edx, dword ptr [ebp-04]  <<-----用户名长度->EDX
:00422969 8D4DEC lea ecx, dword ptr [ebp-14]
:0042296C 0FAFD3 imul edx, ebx  <<--------EBX中为用户输入的序列号的十六进制形式
:0042296F 6A10 push 00000010
:00422971 03D6 add edx, esi
:00422973 51 push ecx
:00422974 52 push edx
:00422975 E8517A0100 call 0043A3CB <<---------将EDX中的值转化为字符串形式
:0042297A 8A55EC mov dl, byte ptr [ebp-14]
:0042297D 83C40C add esp, 0000000C
:00422980 84D2 test dl, dl
:00422982 741C je 004229A0
:00422984 8D75EC lea esi, dword ptr [ebp-14]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042299B(C)
|
:00422987 0FBEC2 movsx eax, dl
:0042298A 50 push eax
:0042298B E8A0D80000 call 00430230
:00422990 83C404 add esp, 00000004
:00422993 8806 mov byte ptr [esi], al
:00422995 8A5601 mov dl, byte ptr [esi+01]
:00422998 46 inc esi
:00422999 84D2 test dl, dl
:0042299B 75EA jne 00422987
:0042299D 8A55EC mov dl, byte ptr [ebp-14]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00422982(C)
|
:004229A0 8D7DEC lea edi, dword ptr [ebp-14]
:004229A3 83C9FF or ecx, FFFFFFFF \
:004229A6 33C0 xor eax, eax \
:004229A8 F2 repnz \
:004229A9 AE scasb 测试字符串长度->ECX
:004229AA F7D1 not ecx /
:004229AC 49 dec ecx /
:004229AD 83F904 cmp ecx, 00000004   <<------比较字符串长度是否大于4
:004229B0 7341 jnb 004229F3  <<----大于则跳

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004229F1(C)
|
:004229B2 8D7DEC lea edi, dword ptr [ebp-14]
:004229B5 83C9FF or ecx, FFFFFFFF
:004229B8 33C0 xor eax, eax
:004229BA F2 repnz
:004229BB AE scasb
:004229BC F7D1 not ecx
:004229BE 49 dec ecx
:004229BF 8D7DEC lea edi, dword ptr [ebp-14]
:004229C2 88440DED mov byte ptr [ebp+ecx-13], al
:004229C6 83C9FF or ecx, FFFFFFFF
:004229C9 F2 repnz
:004229CA AE scasb
:004229CB F7D1 not ecx
:004229CD 49 dec ecx
:004229CE 41 inc ecx
:004229CF 740B je 004229DC

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004229DA(C)
|
:004229D1 8A540DEB mov dl, byte ptr [ebp+ecx-15]
:004229D5 88540DEC mov byte ptr [ebp+ecx-14], dl
:004229D9 49 dec ecx
:004229DA 75F5 jne 004229D1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004229CF(C)
|
:004229DC B230 mov dl, 30
:004229DE 8D7DEC lea edi, dword ptr [ebp-14]
:004229E1 83C9FF or ecx, FFFFFFFF
:004229E4 33C0 xor eax, eax
:004229E6 8855EC mov byte ptr [ebp-14], dl
:004229E9 F2 repnz
:004229EA AE scasb
:004229EB F7D1 not ecx
:004229ED 49 dec ecx
:004229EE 83F904 cmp ecx, 00000004
:004229F1 72BF jb 004229B2

=================================
ClockWise 3.22e注册码算法分析(3):【上一篇】
ClockWise 3.22e注册码算法分析(1):【下一篇】
【相关文章】
  • ClockWise 3.22e注册码算法分析(3)
  • ClockWise V3.25c(1)
  • ClockWise V3.25c(2)
  • ClockWise V3.25c(3)
  • ClockWise V3.25c(4)
  • CoolClock V1.02注册算法分析(1)
  • CheckFiles V1.8破解
  • eLib2.01算法分析(1)
  • eLib2.01算法分析(2)
  • eLib2.01算法分析(3)
    • 【随机文章】
  • Get the highest digit of an integer
  • Oracle 9i 手工建库脚本(unix平台)
  • ESFramework使用技巧(1)-- ESFramework 日志记录器的自动装配
  • 关闭释放游标
  • Wow服务器解析(一)
  • IP选路的原理
  • Windows 2000 DNS服务器配置
  • 网页木马初探
  • 一个定制计数器组件的编写
  • 华为HCNE分类试题
    • 【相关评论】
    没有相关评论
    【发表评论】
    姓名:
    邮件:
    随机码*
    评论*
          
    |  首 页  |  版权声明  |  联系我们   |  网站地图  |
    CopyRight © 2004-2007 bbb软讯网络 All Rigths Reserved.