|
 | 作者: yongmin [yongmin]
 论坛用户 |
登录 |
| 【破文标题】菜鸟maomaoma的算法练习破文四 【破文作者】maomaoma 【作者邮箱】 【作者主页】无 【破解工具】OD、PEiD、DeDe 【破解平台】winxp 【软件名称】国产某局域网软件 【软件大小】788K 【原版下载】 【保护方式】无 【软件简介】局域网即时通讯协同办公 【破解声明】我是菜鸟,学写破文,还请大侠多多指教:) ------------------------------------------------------------------------ ------------------------------------------------------------------------ 【破解过程】 1、PEiD扫描该软件,为Borland Delphi 6.0 - 7.0编译 2、DeDe反编译,得注册过程起始地址00429420 3、OD载入,Ctrl+G,跟随至00429420,F2下断点,F9运行,OD断下 00429420 /. 55 push ebp ; OD断在此处 00429421 |. 8BEC mov ebp, esp 00429423 |. B9 0A000000 mov ecx, 0A 00429428 |> 6A 00 /push 0 0042942A |. 6A 00 |push 0 0042942C |. 49 |dec ecx 0042942D |.^ 75 F9 \jnz short 00429428 0042942F |. 53 push ebx 00429430 |. 56 push esi 00429431 |. 8BD8 mov ebx, eax 00429433 |. 8B35 40D44400 mov esi, [44D440] ; 00429439 |. 33C0 xor eax, eax 0042943B |. 55 push ebp 0042943C |. 68 22974200 push 00429722 00429441 |. 64:FF30 push dword ptr fs:[eax] 00429444 |. 64:8920 mov fs:[eax], esp 00429447 |. 8D55 E8 lea edx, [ebp-18] 0042944A |. 8B83 08030000 mov eax, [ebx+308] 00429450 |. E8 9391FDFF call <jmp.&vcl70.Controls::TControl::GetTe>; 取用户名 00429455 |. 8B45 E8 mov eax, [ebp-18] 00429458 |. 8D55 EC lea edx, [ebp-14] 0042945B |. E8 4483FDFF call <jmp.&rtl70.Sysutils::Trim> 00429460 |. 837D EC 00 cmp dword ptr [ebp-14], 0 00429464 |. 75 28 jnz short 0042948E 00429466 |. 8D55 E4 lea edx, [ebp-1C] 00429469 |. A1 E4D44400 mov eax, [44D4E4] 0042946E |. E8 0D7FFDFF call <jmp.&rtl70.System::LoadResString> 00429473 |. 8B45 E4 mov eax, [ebp-1C] 00429476 |. E8 E1AAFDFF call 00403F5C 0042947B |. 8B83 08030000 mov eax, [ebx+308] 00429481 |. 8B10 mov edx, [eax] 00429483 |. FF92 C4000000 call [edx+C4] 00429489 |. E9 FF010000 jmp 0042968D 0042948E |> 8D55 E0 lea edx, [ebp-20] 00429491 |. 8B83 0C030000 mov eax, [ebx+30C] 00429497 |. E8 4C91FDFF call <jmp.&vcl70.Controls::TControl::GetTe>; 取注册码第一部分,记着A1 0042949C |. 8B45 E0 mov eax, [ebp-20] 0042949F |. 8D55 F8 lea edx, [ebp-8] 004294A2 |. E8 FD82FDFF call <jmp.&rtl70.Sysutils::Trim> 004294A7 |. 837D F8 00 cmp dword ptr [ebp-8], 0 004294AB |. 74 0D je short 004294BA 004294AD |. 8B45 F8 mov eax, [ebp-8] 004294B0 |. E8 537DFDFF call <jmp.&rtl70.System::LStrLen> 004294B5 |. 83F8 06 cmp eax, 6 ; 是否为6位 004294B8 |. 74 28 je short 004294E2 004294BA |> 8D55 DC lea edx, [ebp-24] 004294BD |. A1 60D44400 mov eax, [44D460] 004294C2 |. E8 B97EFDFF call <jmp.&rtl70.System::LoadResString> 004294C7 |. 8B45 DC mov eax, [ebp-24] 004294CA |. E8 8DAAFDFF call 00403F5C 004294CF |. 8B83 0C030000 mov eax, [ebx+30C] 004294D5 |. 8B10 mov edx, [eax] 004294D7 |. FF92 C4000000 call [edx+C4] 004294DD |. E9 AB010000 jmp 0042968D 004294E2 |> 8D45 F4 lea eax, [ebp-C] 004294E5 |. 8B55 F8 mov edx, [ebp-8] 004294E8 |. E8 DB7CFDFF call <jmp.&rtl70.System::LStrLAsg> 004294ED |. 8D55 D8 lea edx, [ebp-28] 004294F0 |. 8B83 14030000 mov eax, [ebx+314] 004294F6 |. E8 ED90FDFF call <jmp.&vcl70.Controls::TControl::GetTe>; 取注册码第二部分,记着B1 004294FB |. 8B45 D8 mov eax, [ebp-28] 004294FE |. 8D55 F8 lea edx, [ebp-8] 00429501 |. E8 9E82FDFF call <jmp.&rtl70.Sysutils::Trim> 00429506 |. 837D F8 00 cmp dword ptr [ebp-8], 0 0042950A |. 74 0D je short 00429519 0042950C |. 8B45 F8 mov eax, [ebp-8] 0042950F |. E8 F47CFDFF call <jmp.&rtl70.System::LStrLen> 00429514 |. 83F8 06 cmp eax, 6 ; 是否为6位 00429517 |. 74 28 je short 00429541 00429519 |> 8D55 D4 lea edx, [ebp-2C] 0042951C |. A1 60D44400 mov eax, [44D460] 00429521 |. E8 5A7EFDFF call <jmp.&rtl70.System::LoadResString> 00429526 |. 8B45 D4 mov eax, [ebp-2C] 00429529 |. E8 2EAAFDFF call 00403F5C 0042952E |. 8B83 14030000 mov eax, [ebx+314] 00429534 |. 8B10 mov edx, [eax] 00429536 |. FF92 C4000000 call [edx+C4] 0042953C |. E9 4C010000 jmp 0042968D 00429541 |> 8D45 F4 lea eax, [ebp-C] 00429544 |. 8B55 F8 mov edx, [ebp-8] 00429547 |. E8 C47CFDFF call <jmp.&rtl70.System::LStrCat> ; A1,B1相连 0042954C |. 8D55 D0 lea edx, [ebp-30] 0042954F |. 8B83 1C030000 mov eax, [ebx+31C] 00429555 |. E8 8E90FDFF call <jmp.&vcl70.Controls::TControl::GetTe>; 取注册码第三部分,C 0042955A |. 8B45 D0 mov eax, [ebp-30] 0042955D |. 8D55 F8 lea edx, [ebp-8] 00429560 |. E8 3F82FDFF call <jmp.&rtl70.Sysutils::Trim> 00429565 |. 837D F8 00 cmp dword ptr [ebp-8], 0 00429569 |. 75 28 jnz short 00429593 0042956B |. 8D55 CC lea edx, [ebp-34] 0042956E |. A1 60D44400 mov eax, [44D460] 00429573 |. E8 087EFDFF call <jmp.&rtl70.System::LoadResString> 00429578 |. 8B45 CC mov eax, [ebp-34] 0042957B |. E8 DCA9FDFF call 00403F5C 00429580 |. 8B83 1C030000 mov eax, [ebx+31C] 00429586 |. 8B10 mov edx, [eax] 00429588 |. FF92 C4000000 call [edx+C4] 0042958E |. E9 FA000000 jmp 0042968D 00429593 |> 8D45 F4 lea eax, [ebp-C] 00429596 |. 8B55 F8 mov edx, [ebp-8] 00429599 |. E8 727CFDFF call <jmp.&rtl70.System::LStrCat> ; A1,B1,C相连 0042959E |. 8D45 F3 lea eax, [ebp-D] 004295A1 |. 50 push eax 004295A2 |. 8D55 C4 lea edx, [ebp-3C] 004295A5 |. 8B83 08030000 mov eax, [ebx+308] 004295AB |. E8 3890FDFF call <jmp.&vcl70.Controls::TControl::GetTe>; 取用户名 004295B0 |. 8B45 C4 mov eax, [ebp-3C] 004295B3 |. 8D55 C8 lea edx, [ebp-38] 004295B6 |. E8 E981FDFF call <jmp.&rtl70.Sysutils::Trim> 004295BB |. 8B45 C8 mov eax, [ebp-38] 004295BE |. 8D4D FC lea ecx, [ebp-4] 004295C1 |. 8B55 F4 mov edx, [ebp-C] 004295C4 |. E8 5B27FEFF call 0040BD24 ; 关键call(1),跟进 004295C9 |. 84C0 test al, al 004295CB |. 75 28 jnz short 004295F5 ; 不等则跳 004295CD |. 8D55 C0 lea edx, [ebp-40] 004295D0 |. A1 F4D34400 mov eax, [44D3F4] 004295D5 |. E8 A67DFDFF call <jmp.&rtl70.System::LoadResString> 004295DA |. 8B45 C0 mov eax, [ebp-40] 004295DD |. E8 2AA9FDFF call 00403F0C 004295E2 |. 8B83 0C030000 mov eax, [ebx+30C] 004295E8 |. 8B10 mov edx, [eax] 004295EA |. FF92 C4000000 call [edx+C4] 004295F0 |. E9 98000000 jmp 0042968D 004295F5 |> 8D55 B8 lea edx, [ebp-48] 004295F8 |. 8B83 08030000 mov eax, [ebx+308] 004295FE |. E8 E58FFDFF call <jmp.&vcl70.Controls::TControl::GetTe> 00429603 |. 8B45 B8 mov eax, [ebp-48] 00429606 |. 8D55 BC lea edx, [ebp-44] 00429609 |. E8 9681FDFF call <jmp.&rtl70.Sysutils::Trim> 0042960E |. 8B55 BC mov edx, [ebp-44] 00429611 |. 8B06 mov eax, [esi] 00429613 |. 8B4D F4 mov ecx, [ebp-C] 00429616 |. E8 A55D0100 call 0043F3C0 0042961B |. 8B06 mov eax, [esi] 0042961D |. C640 60 01 mov byte ptr [eax+60], 1 00429621 |. 8D55 B0 lea edx, [ebp-50] 00429624 |. 8B83 08030000 mov eax, [ebx+308] 0042962A |. E8 B98FFDFF call <jmp.&vcl70.Controls::TControl::GetTe> 0042962F |. 8B45 B0 mov eax, [ebp-50] 00429632 |. 8D55 B4 lea edx, [ebp-4C] 00429635 |. E8 6A81FDFF call <jmp.&rtl70.Sysutils::Trim> 0042963A |. 8B55 B4 mov edx, [ebp-4C] 0042963D |. 8B06 mov eax, [esi] 0042963F |. 83C0 68 add eax, 68 00429642 |. E8 797BFDFF call <jmp.&rtl70.System::LStrAsg> 00429647 |. 8B06 mov eax, [esi] 00429649 |. 83C0 6C add eax, 6C 0042964C |. 8B55 F4 mov edx, [ebp-C] 0042964F |. E8 6C7BFDFF call <jmp.&rtl70.System::LStrAsg> 00429654 |. 8B06 mov eax, [esi] 00429656 |. 8B55 FC mov edx, [ebp-4] 00429659 |. 8950 70 mov [eax+70], edx 0042965C |. 8B06 mov eax, [esi] 0042965E |. 8A55 F3 mov dl, [ebp-D] 00429661 |. 8850 61 mov [eax+61], dl 00429664 |. 8B06 mov eax, [esi] 00429666 |. E8 CD5D0100 call 0043F438 0042966B |. A1 BCD44400 mov eax, [44D4BC] 00429670 |. 8B00 mov eax, [eax] 00429672 |. E8 A15F0100 call 0043F618 00429677 |. A1 D8D54400 mov eax, [44D5D8] 0042967C |. 8B00 mov eax, [eax] 0042967E |. E8 793DFEFF call 0040D3FC 00429683 |. C783 4C020000>mov dword ptr [ebx+24C], 1 0042968D |> 33C0 xor eax, eax 0042968F |. 5A pop edx 00429690 |. 59 pop ecx 00429691 |. 59 pop ecx 00429692 |. 64:8910 mov fs:[eax], edx 00429695 |. 68 2C974200 push 0042972C 0042969A |> 8D45 B0 lea eax, [ebp-50] 0042969D |. E8 0E7BFDFF call <jmp.&rtl70.System::LStrClr> 004296A2 |. 8D45 B4 lea eax, [ebp-4C] 004296A5 |. E8 067BFDFF call <jmp.&rtl70.System::LStrClr> 004296AA |. 8D45 B8 lea eax, [ebp-48] 004296AD |. E8 FE7AFDFF call <jmp.&rtl70.System::LStrClr> 004296B2 |. 8D45 BC lea eax, [ebp-44] 004296B5 |. BA 02000000 mov edx, 2 004296BA |. E8 F97AFDFF call <jmp.&rtl70.System::LStrArrayClr> 004296BF |. 8D45 C4 lea eax, [ebp-3C] 004296C2 |. E8 E97AFDFF call <jmp.&rtl70.System::LStrClr> 004296C7 |. 8D45 C8 lea eax, [ebp-38] 004296CA |. BA 02000000 mov edx, 2 004296CF |. E8 E47AFDFF call <jmp.&rtl70.System::LStrArrayClr> 004296D4 |. 8D45 D0 lea eax, [ebp-30] 004296D7 |. E8 D47AFDFF call <jmp.&rtl70.System::LStrClr> 004296DC |. 8D45 D4 lea eax, [ebp-2C] 004296DF |. E8 CC7AFDFF call <jmp.&rtl70.System::LStrClr> 004296E4 |. 8D45 D8 lea eax, [ebp-28] 004296E7 |. E8 C47AFDFF call <jmp.&rtl70.System::LStrClr> 004296EC |. 8D45 DC lea eax, [ebp-24] 004296EF |. E8 BC7AFDFF call <jmp.&rtl70.System::LStrClr> 004296F4 |. 8D45 E0 lea eax, [ebp-20] 004296F7 |. E8 B47AFDFF call <jmp.&rtl70.System::LStrClr> 004296FC |. 8D45 E4 lea eax, [ebp-1C] 004296FF |. E8 AC7AFDFF call <jmp.&rtl70.System::LStrClr> 00429704 |. 8D45 E8 lea eax, [ebp-18] 00429707 |. E8 A47AFDFF call <jmp.&rtl70.System::LStrClr> 0042970C |. 8D45 EC lea eax, [ebp-14] 0042970F |. E8 9C7AFDFF call <jmp.&rtl70.System::LStrClr> 00429714 |. 8D45 F4 lea eax, [ebp-C] 00429717 |. BA 02000000 mov edx, 2 0042971C |. E8 977AFDFF call <jmp.&rtl70.System::LStrArrayClr> 00429721 \. C3 retn 00429722 .^ E9 517AFDFF jmp <jmp.&rtl70.System::HandleFinally> 00429727 .^ E9 6EFFFFFF jmp 0042969A 0042972C . 5E pop esi 0042972D . 5B pop ebx 0042972E . 8BE5 mov esp, ebp 00429730 . 5D pop ebp 00429731 . C3 retn (1) 0040BD24 /$ 55 push ebp 0040BD25 |. 8BEC mov ebp, esp 0040BD27 |. 83C4 D0 add esp, -30 0040BD2A |. 53 push ebx 0040BD2B |. 56 push esi 0040BD2C |. 57 push edi 0040BD2D |. 33DB xor ebx, ebx 0040BD2F |. 895D D0 mov [ebp-30], ebx 0040BD32 |. 895D D8 mov [ebp-28], ebx 0040BD35 |. 895D D4 mov [ebp-2C], ebx 0040BD38 |. 895D E0 mov [ebp-20], ebx 0040BD3B |. 895D DC mov [ebp-24], ebx 0040BD3E |. 8BF9 mov edi, ecx 0040BD40 |. 8BDA mov ebx, edx 0040BD42 |. 8BF0 mov esi, eax 0040BD44 |. 8D45 F0 lea eax, [ebp-10] 0040BD47 |. 8B15 FCBC4000 mov edx, [40BCFC] ; 0040BD4D |. E8 7E55FFFF call <jmp.&rtl70.System::InitializeRecord> 0040BD52 |. 8D45 E4 lea eax, [ebp-1C] 0040BD55 |. 8B15 FCBC4000 mov edx, [40BCFC] ; 0040BD5B |. E8 7055FFFF call <jmp.&rtl70.System::InitializeRecord> 0040BD60 |. 33C0 xor eax, eax 0040BD62 |. 55 push ebp 0040BD63 |. 68 AFBE4000 push 0040BEAF 0040BD68 |. 64:FF30 push dword ptr fs:[eax] 0040BD6B |. 64:8920 mov fs:[eax], esp 0040BD6E |. 33C0 xor eax, eax 0040BD70 |. 8907 mov [edi], eax 0040BD72 |. C645 FF 00 mov byte ptr [ebp-1], 0 0040BD76 |. 85F6 test esi, esi 0040BD78 |. 0F84 03010000 je 0040BE81 0040BD7E |. 85DB test ebx, ebx 0040BD80 |. 0F84 FB000000 je 0040BE81 0040BD86 |. 8D4D DC lea ecx, [ebp-24] 0040BD89 |. BA 06000000 mov edx, 6 0040BD8E |. 8BC3 mov eax, ebx 0040BD90 |. E8 F363FFFF call <jmp.&rtl70.Strutils::LeftStr> ; 取A1 0040BD95 |. 8B45 DC mov eax, [ebp-24] 0040BD98 |. 8D55 E0 lea edx, [ebp-20] 0040BD9B |. E8 EC59FFFF call <jmp.&rtl70.Sysutils::UpperCase> ; 0040BDA0 |. 8B55 E0 mov edx, [ebp-20] 0040BDA3 |. 8D45 F0 lea eax, [ebp-10] 0040BDA6 |. E8 1D54FFFF call <jmp.&rtl70.System::LStrLAsg> 0040BDAB |. 8D45 D4 lea eax, [ebp-2C] 0040BDAE |. 50 push eax 0040BDAF |. B9 06000000 mov ecx, 6 0040BDB4 |. BA 07000000 mov edx, 7 0040BDB9 |. 8BC3 mov eax, ebx 0040BDBB |. E8 D863FFFF call <jmp.&rtl70.Strutils::MidStr> ; 取B1 0040BDC0 |. 8B45 D4 mov eax, [ebp-2C] 0040BDC3 |. 8D55 D8 lea edx, [ebp-28] 0040BDC6 |. E8 C159FFFF call <jmp.&rtl70.Sysutils::UpperCase> ; 0040BDCB |. 8B55 D8 mov edx, [ebp-28] 0040BDCE |. 8D45 F4 lea eax, [ebp-C] 0040BDD1 |. E8 F253FFFF call <jmp.&rtl70.System::LStrLAsg> 0040BDD6 |. 8D45 D0 lea eax, [ebp-30] 0040BDD9 |. 50 push eax 0040BDDA |. 8BC3 mov eax, ebx 0040BDDC |. E8 2754FFFF call <jmp.&rtl70.System::LStrLen> 0040BDE1 |. 8BC8 mov ecx, eax 0040BDE3 |. 83E9 0C sub ecx, 0C 0040BDE6 |. BA 0D000000 mov edx, 0D 0040BDEB |. 8BC3 mov eax, ebx 0040BDED |. E8 A663FFFF call <jmp.&rtl70.Strutils::MidStr> ; 取C 0040BDF2 |. 8B45 D0 mov eax, [ebp-30] 0040BDF5 |. E8 D259FFFF call <jmp.&rtl70.Sysutils::StrToInt> 0040BDFA |. 8945 F8 mov [ebp-8], eax 0040BDFD |. 8D45 E4 lea eax, [ebp-1C] 0040BE00 |. 50 push eax 0040BE01 |. 33C9 xor ecx, ecx 0040BE03 |. 8B55 F8 mov edx, [ebp-8] 0040BE06 |. 8BC6 mov eax, esi 0040BE08 |. E8 B7000000 call 0040BEC4 ; 算法call(2),跟进 0040BE0D |. 8B45 F0 mov eax, [ebp-10] 0040BE10 |. 8B55 E4 mov edx, [ebp-1C] 0040BE13 |. E8 1054FFFF call <jmp.&rtl70.System::LStrCmp> ; A1,A2比较不等则跳 0040BE18 |. 75 26 jnz short 0040BE40 0040BE1A |. 8B45 F4 mov eax, [ebp-C] 0040BE1D |. 8B55 E8 mov edx, [ebp-18] 0040BE20 |. E8 0354FFFF call <jmp.&rtl70.System::LStrCmp> ; B1,B2比较不等则跳 0040BE25 |. 75 19 jnz short 0040BE40 0040BE27 |. 8B45 F8 mov eax, [ebp-8] 0040BE2A |. 3B45 EC cmp eax, [ebp-14] 0040BE2D |. 75 11 jnz short 0040BE40 0040BE2F |. 8B45 F8 mov eax, [ebp-8] 0040BE32 |. 8907 mov [edi], eax 0040BE34 |. 8B45 08 mov eax, [ebp+8] 0040BE37 |. C600 00 mov byte ptr [eax], 0 0040BE3A |. C645 FF 01 mov byte ptr [ebp-1], 1 0040BE3E |. EB 41 jmp short 0040BE81 0040BE40 |> 8D45 E4 lea eax, [ebp-1C] 0040BE43 |. 50 push eax 0040BE44 |. B1 01 mov cl, 1 0040BE46 |. 8B55 F8 mov edx, [ebp-8] 0040BE49 |. 8BC6 mov eax, esi 0040BE4B |. E8 74000000 call 0040BEC4 0040BE50 |. 8B45 F0 mov eax, [ebp-10] 0040BE53 |. 8B55 E4 mov edx, [ebp-1C] 0040BE56 |. E8 CD53FFFF call <jmp.&rtl70.System::LStrCmp> 0040BE5B |. 75 24 jnz short 0040BE81 0040BE5D |. 8B45 F4 mov eax, [ebp-C] 0040BE60 |. 8B55 E8 mov edx, [ebp-18] 0040BE63 |. E8 C053FFFF call <jmp.&rtl70.System::LStrCmp> 0040BE68 |. 75 17 jnz short 0040BE81 0040BE6A |. 8B45 F8 mov eax, [ebp-8] 0040BE6D |. 3B45 EC cmp eax, [ebp-14] 0040BE70 |. 75 0F jnz short 0040BE81 0040BE72 |. 8B45 F8 mov eax, [ebp-8] 0040BE75 |. 8907 mov [edi], eax 0040BE77 |. 8B45 08 mov eax, [ebp+8] 0040BE7A |. C600 01 mov byte ptr [eax], 1 0040BE7D |. C645 FF 01 mov byte ptr [ebp-1], 1 0040BE81 |> 33C0 xor eax, eax 0040BE83 |. 5A pop edx 0040BE84 |. 59 pop ecx 0040BE85 |. 59 pop ecx 0040BE86 |. 64:8910 mov fs:[eax], edx 0040BE89 |. 68 B6BE4000 push 0040BEB6 0040BE8E |> 8D45 D0 lea eax, [ebp-30] 0040BE91 |. BA 05000000 mov edx, 5 0040BE96 |. E8 1D53FFFF call <jmp.&rtl70.System::LStrArrayClr> 0040BE9B |. 8D45 E4 lea eax, [ebp-1C] 0040BE9E |. 8B15 FCBC4000 mov edx, [40BCFC] ; 0040BEA4 |. B9 02000000 mov ecx, 2 0040BEA9 |. E8 3254FFFF call <jmp.&rtl70.System::FinalizeArray> 0040BEAE \. C3 retn 0040BEAF .^ E9 C452FFFF jmp <jmp.&rtl70.System::HandleFinally> 0040BEB4 .^ EB D8 jmp short 0040BE8E 0040BEB6 . 8A45 FF mov al, [ebp-1] 0040BEB9 . 5F pop edi 0040BEBA . 5E pop esi 0040BEBB . 5B pop ebx 0040BEBC . 8BE5 mov esp, ebp 0040BEBE . 5D pop ebp 0040BEBF . C2 0400 retn 4 (2) 0040BEC4 /$ 55 push ebp 0040BEC5 |. 8BEC mov ebp, esp 0040BEC7 |. 51 push ecx 0040BEC8 |. B9 06000000 mov ecx, 6 0040BECD |> 6A 00 /push 0 0040BECF |. 6A 00 |push 0 0040BED1 |. 49 |dec ecx 0040BED2 |.^ 75 F9 \jnz short 0040BECD 0040BED4 |. 874D FC xchg [ebp-4], ecx 0040BED7 |. 53 push ebx 0040BED8 |. 56 push esi 0040BED9 |. 57 push edi 0040BEDA |. 884D FF mov [ebp-1], cl 0040BEDD |. 8BF2 mov esi, edx 0040BEDF |. 8BF8 mov edi, eax 0040BEE1 |. 8B5D 08 mov ebx, [ebp+8] 0040BEE4 |. 33C0 xor eax, eax 0040BEE6 |. 55 push ebp 0040BEE7 |. 68 CFBF4000 push 0040BFCF 0040BEEC |. 64:FF30 push dword ptr fs:[eax] 0040BEEF |. 64:8920 mov fs:[eax], esp 0040BEF2 |. 8D55 F4 lea edx, [ebp-C] 0040BEF5 |. 8BC6 mov eax, esi 0040BEF7 |. E8 B858FFFF call <jmp.&rtl70.Sysutils::IntToStr> 0040BEFC |. 8B45 F4 mov eax, [ebp-C] 0040BEFF |. 50 push eax 0040BF00 |. 8D55 F0 lea edx, [ebp-10] 0040BF03 |. 8BC7 mov eax, edi 0040BF05 |. E8 8258FFFF call <jmp.&rtl70.Sysutils::UpperCase> 0040BF0A |. 8B55 F0 mov edx, [ebp-10] 0040BF0D |. 8D45 F8 lea eax, [ebp-8] 0040BF10 |. 59 pop ecx 0040BF11 |. E8 0253FFFF call <jmp.&rtl70.System::LStrCat3> 0040BF16 |. 807D FF 00 cmp byte ptr [ebp-1], 0 0040BF1A |. 74 0F je short 0040BF2B 0040BF1C |. 8D45 F8 lea eax, [ebp-8] 0040BF1F |. BA E8BF4000 mov edx, 0040BFE8 ; mypersonallicense 0040BF24 |. E8 E752FFFF call <jmp.&rtl70.System::LStrCat> 0040BF29 |. EB 0D jmp short 0040BF38 0040BF2B |> 8D45 F8 lea eax, [ebp-8] 0040BF2E |. BA 04C04000 mov edx, 0040C004 ; myfirstlicense 0040BF33 |. E8 D852FFFF call <jmp.&rtl70.System::LStrCat> ; 用户名,注册码C,固定字串"myfirstlicense",三者相连 0040BF38 |> 8D55 DC lea edx, [ebp-24] 0040BF3B |. 8B45 F8 mov eax, [ebp-8] 0040BF3E |. E8 CD7CFFFF call 00403C10 0040BF43 |. 8D45 DC lea eax, [ebp-24] 0040BF46 |. 8D55 EC lea edx, [ebp-14] 0040BF49 |. E8 367DFFFF call 00403C84 ; MD5计算(3),结果记着D 0040BF4E |. 8B55 EC mov edx, [ebp-14] 0040BF51 |. 8D45 F8 lea eax, [ebp-8] 0040BF54 |. E8 6F52FFFF call <jmp.&rtl70.System::LStrLAsg> 0040BF59 |. 8D4D D4 lea ecx, [ebp-2C] 0040BF5C |. BA 06000000 mov edx, 6 0040BF61 |. 8B45 F8 mov eax, [ebp-8] 0040BF64 |. E8 1F62FFFF call <jmp.&rtl70.Strutils::LeftStr> ; 取D的前六位 0040BF69 |. 8B45 D4 mov eax, [ebp-2C] 0040BF6C |. 8D55 D8 lea edx, [ebp-28] 0040BF6F |. E8 1858FFFF call <jmp.&rtl70.Sysutils::UpperCase> ; D的前六位转为大写,记着A2 0040BF74 |. 8B55 D8 mov edx, [ebp-28] 0040BF77 |. 8BC3 mov eax, ebx 0040BF79 |. E8 4252FFFF call <jmp.&rtl70.System::LStrAsg> 0040BF7E |. 8D4D CC lea ecx, [ebp-34] 0040BF81 |. BA 06000000 mov edx, 6 0040BF86 |. 8B45 F8 mov eax, [ebp-8] 0040BF89 |. E8 0262FFFF call <jmp.&rtl70.Strutils::RightStr> ; 取D的后六位 0040BF8E |. 8B45 CC mov eax, [ebp-34] 0040BF91 |. 8D55 D0 lea edx, [ebp-30] 0040BF94 |. E8 F357FFFF call <jmp.&rtl70.Sysutils::UpperCase> ; D的后六位转为大写,记着B2 0040BF99 |. 8B55 D0 mov edx, [ebp-30] 0040BF9C |. 8D43 04 lea eax, [ebx+4] 0040BF9F |. E8 1C52FFFF call <jmp.&rtl70.System::LStrAsg> 0040BFA4 |. 8973 08 mov [ebx+8], esi 0040BFA7 |. 33C0 xor eax, eax 0040BFA9 |. 5A pop edx 0040BFAA |. 59 pop ecx 0040BFAB |. 59 pop ecx 0040BFAC |. 64:8910 mov fs:[eax], edx 0040BFAF |. 68 D6BF4000 push 0040BFD6 0040BFB4 |> 8D45 CC lea eax, [ebp-34] 0040BFB7 |. BA 04000000 mov edx, 4 0040BFBC |. E8 F751FFFF call <jmp.&rtl70.System::LStrArrayClr> 0040BFC1 |. 8D45 EC lea eax, [ebp-14] 0040BFC4 |. BA 04000000 mov edx, 4 0040BFC9 |. E8 EA51FFFF call <jmp.&rtl70.System::LStrArrayClr> 0040BFCE \. C3 retn 0040BFCF .^ E9 A451FFFF jmp <jmp.&rtl70.System::HandleFinally> 0040BFD4 .^ EB DE jmp short 0040BFB4 0040BFD6 . 5F pop edi 0040BFD7 . 5E pop esi 0040BFD8 . 5B pop ebx 0040BFD9 . 8BE5 mov esp, ebp 0040BFDB . 5D pop ebp 0040BFDC . C2 0400 retn 4 (3)MD5计算 00403C84 /$ 55 push ebp 00403C85 |. 8BEC mov ebp, esp 00403C87 |. 83C4 E8 add esp, -18 00403C8A |. 53 push ebx 00403C8B |. 56 push esi 00403C8C |. 57 push edi 00403C8D |. 33C9 xor ecx, ecx 00403C8F |. 894D EC mov [ebp-14], ecx 00403C92 |. 894D E8 mov [ebp-18], ecx 00403C95 |. 8BF0 mov esi, eax 00403C97 |. 8D7D F0 lea edi, [ebp-10] 00403C9A |. A5 movs dword ptr es:[edi], dword ptr [esi] 00403C9B |. A5 movs dword ptr es:[edi], dword ptr [esi] 00403C9C |. A5 movs dword ptr es:[edi], dword ptr [esi] 00403C9D |. A5 movs dword ptr es:[edi], dword ptr [esi] 00403C9E |. 8BFA mov edi, edx 00403CA0 |. 33C0 xor eax, eax 00403CA2 |. 55 push ebp 00403CA3 |. 68 1F3D4000 push 00403D1F 00403CA8 |. 64:FF30 push dword ptr fs:[eax] 00403CAB |. 64:8920 mov fs:[eax], esp 00403CAE |. 8BC7 mov eax, edi 00403CB0 |. E8 FBD4FFFF call <jmp.&rtl70.System::LStrClr> 00403CB5 |. B3 10 mov bl, 10 00403CB7 |. 8D75 F0 lea esi, [ebp-10] 00403CBA |> FF37 /push dword ptr [edi] 00403CBC |. 8D45 EC |lea eax, [ebp-14] 00403CBF |. 33D2 |xor edx, edx 00403CC1 |. 8A16 |mov dl, [esi] 00403CC3 |. C1EA 04 |shr edx, 4 00403CC6 |. 83E2 0F |and edx, 0F 00403CC9 |. 8A92 6CD04400 |mov dl, [edx+44D06C] 00403CCF |. E8 04D5FFFF |call <jmp.&rtl70.System::LStrFromChar> 00403CD4 |. FF75 EC |push dword ptr [ebp-14] 00403CD7 |. 8D45 E8 |lea eax, [ebp-18] 00403CDA |. 8A16 |mov dl, [esi] 00403CDC |. 80E2 0F |and dl, 0F 00403CDF |. 81E2 FF000000 |and edx, 0FF 00403CE5 |. 8A92 6CD04400 |mov dl, [edx+44D06C] 00403CEB |. E8 E8D4FFFF |call <jmp.&rtl70.System::LStrFromChar> 00403CF0 |. FF75 E8 |push dword ptr [ebp-18] 00403CF3 |. 8BC7 |mov eax, edi 00403CF5 |. BA 03000000 |mov edx, 3 00403CFA |. E8 21D5FFFF |call <jmp.&rtl70.System::LStrCatN> 00403CFF |. 46 |inc esi 00403D00 |. FECB |dec bl 00403D02 |.^ 75 B6 \jnz short 00403CBA 00403D04 |. 33C0 xor eax, eax 00403D06 |. 5A pop edx 00403D07 |. 59 pop ecx 00403D08 |. 59 pop ecx 00403D09 |. 64:8910 mov fs:[eax], edx 00403D0C |. 68 263D4000 push 00403D26 00403D11 |> 8D45 E8 lea eax, [ebp-18] 00403D14 |. BA 02000000 mov edx, 2 00403D19 |. E8 9AD4FFFF call <jmp.&rtl70.System::LStrArrayClr> 00403D1E \. C3 retn 00403D1F .^ E9 54D4FFFF jmp <jmp.&rtl70.System::HandleFinally> 00403D24 .^ EB EB jmp short 00403D11 00403D26 . 5F pop edi 00403D27 . 5E pop esi 00403D28 . 5B pop ebx 00403D29 . 8BE5 mov esp, ebp 00403D2B . 5D pop ebp 00403D2C . C3 retn ------------------------------------------------------------------------ ------------------------------------------------------------------------ 【破解总结】 1、注册码分三部分; 2、用户名,注册码第三部分,固定字串“myfirstlicense”三部分组合,再作MD5运算; 3、取MD5运算结果的前六位、后六位转为大写后分别作注册码的第一、第二部分; 4、注册信息保存于注册表。 提供一组可用注册信息: 用户名:maomaoma 注册码:E45D1F-64B4FF-787 ------------------------------------------------------------------------ 【版权声明】本文系作者原创, 转载请注明作者并保持文章的完整, 谢谢! |
| 地主 发表时间: 06-12-24 23:04 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 编程破解
标题: [转帖]菜鸟算法练习破文四