|
 | 作者: yongmin [yongmin]
 论坛用户 |
登录 |
| 【破文标题】WinASO Registry Optimizer V3.0.9算法分析 【破文作者】小子贼野 【作者主页】http://mayday.unpack.cn 【破解工具】OD,PeId 【原版下载】http://www.skycn.com/soft/27630.html 【软件介绍】WinASO Registry Optimizer 是一个 Windows 优化工具和高级注册表清理工具,它允许您以简单的鼠标单击来安全的清理及修复注册表故障。通过修复陈旧信息及调整 Windows 注册表参数,它对系统速度的提升是值得令人注意的。WinASO Registry Optimizer 被很好的设计为修复普遍的问题,例如对 Internet Explorer 页面的非法修改。我们已对此工具进行了实际测试来确保您的系统安全。我们没有收到过任何对系统稳定性的抱怨。 【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:) ------------------------------------------------------------------------ Borland Delphi 6.0 - 7.0编写,没壳,爽,哈哈~ ------------------------------------------------------------------------ OD载入,运行程序到注册界面,下命令断点bp MessageBoxA,注册确认,程序被中断在: ------------------------------------------------------------------------ 77D5058A > 8BFF MOV EDI,EDI 77D5058C 55 PUSH EBP 77D5058D 8BEC MOV EBP,ESP 77D5058F 833D BC04D777 0>CMP DWORD PTR DS:[77D704BC],0 77D50596 74 24 JE SHORT USER32.77D505BC 77D50598 64:A1 18000000 MOV EAX,DWORD PTR FS:[18] ------------------------------------------------------------------------ 堆栈友好提示: 0012F7BC 0056A7C2 /CALL 到 MessageBoxA 来自 RegOpt.0056A7BD 0012F7C0 004007D4 |hOwner = 004007D4 ('Register Information',class='TfrmRegister',parent=00D5061A) 0012F7C4 01A2F0B8 |Text = "Sorry, that is an invalid license key. Please ensure you have entered the license key exactly as provided." 0012F7C8 01A8EDD0 |Title = "Information" 0012F7CC 00000040 \Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL 0012F7D0 0012FA0C 指向下一个 SEH 记录的指针 0012F7D4 0056A9F4 SE 处理器 ------------------------------------------------------------------------ 程序分析算法以下: ------------------------------------------------------------------------ 0056A3B3 |. 55 PUSH EBP 0056A3B4 |. 68 F4A95600 PUSH RegOpt.0056A9F4 0056A3B9 |. 64:FF30 PUSH DWORD PTR FS:[EAX] 0056A3BC |. 64:8920 MOV DWORD PTR FS:[EAX],ESP 0056A3BF |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4] 0056A3C2 |. 8B15 84055A00 MOV EDX,DWORD PTR DS:[5A0584] ; RegOpt.005A55E0 0056A3C8 |. 8B92 70080000 MOV EDX,DWORD PTR DS:[EDX+870] 0056A3CE |. E8 5DAEE9FF CALL RegOpt.00405230 0056A3D3 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C] 0056A3D6 |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4] 0056A3DC |. E8 3BC9EEFF CALL RegOpt.00456D1C 0056A3E1 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] 0056A3E4 |. E8 9B45F6FF CALL RegOpt.004CE984 0056A3E9 |. 84C0 TEST AL,AL 0056A3EB |. 75 2E JNZ SHORT RegOpt.0056A41B ; 第一组填了就跳 0056A3ED |. 6A 40 PUSH 40 0056A3EF |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A3F4 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A3FA |. E8 5DB2E9FF CALL RegOpt.0040565C 0056A3FF |. 50 PUSH EAX 0056A400 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0056A403 |. E8 54B2E9FF CALL RegOpt.0040565C 0056A408 |. 50 PUSH EAX 0056A409 |. 8BC3 MOV EAX,EBX 0056A40B |. E8 0C44EFFF CALL RegOpt.0045E81C 0056A410 |. 50 PUSH EAX ; |hOwner 0056A411 |. E8 26DFE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A416 |. E9 6D050000 JMP RegOpt.0056A988 0056A41B |> 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10] 0056A41E |. 8B83 A8030000 MOV EAX,DWORD PTR DS:[EBX+3A8] 0056A424 |. E8 F3C8EEFF CALL RegOpt.00456D1C 0056A429 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] 0056A42C |. E8 5345F6FF CALL RegOpt.004CE984 0056A431 |. 84C0 TEST AL,AL 0056A433 |. 75 2E JNZ SHORT RegOpt.0056A463 ; 第二组填了就跳 0056A435 |. 6A 40 PUSH 40 0056A437 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A43C |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A442 |. E8 15B2E9FF CALL RegOpt.0040565C 0056A447 |. 50 PUSH EAX 0056A448 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0056A44B |. E8 0CB2E9FF CALL RegOpt.0040565C 0056A450 |. 50 PUSH EAX 0056A451 |. 8BC3 MOV EAX,EBX 0056A453 |. E8 C443EFFF CALL RegOpt.0045E81C 0056A458 |. 50 PUSH EAX ; |hOwner 0056A459 |. E8 DEDEE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A45E |. E9 25050000 JMP RegOpt.0056A988 0056A463 |> 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14] 0056A466 |. 8B83 AC030000 MOV EAX,DWORD PTR DS:[EBX+3AC] 0056A46C |. E8 ABC8EEFF CALL RegOpt.00456D1C 0056A471 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] 0056A474 |. E8 0B45F6FF CALL RegOpt.004CE984 0056A479 |. 84C0 TEST AL,AL 0056A47B |. 75 2E JNZ SHORT RegOpt.0056A4AB ; 第三组填了就跳 0056A47D |. 6A 40 PUSH 40 0056A47F |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A484 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A48A |. E8 CDB1E9FF CALL RegOpt.0040565C 0056A48F |. 50 PUSH EAX 0056A490 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0056A493 |. E8 C4B1E9FF CALL RegOpt.0040565C 0056A498 |. 50 PUSH EAX 0056A499 |. 8BC3 MOV EAX,EBX 0056A49B |. E8 7C43EFFF CALL RegOpt.0045E81C 0056A4A0 |. 50 PUSH EAX ; |hOwner 0056A4A1 |. E8 96DEE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A4A6 |. E9 DD040000 JMP RegOpt.0056A988 0056A4AB |> 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18] 0056A4AE |. 8B83 B0030000 MOV EAX,DWORD PTR DS:[EBX+3B0] 0056A4B4 |. E8 63C8EEFF CALL RegOpt.00456D1C 0056A4B9 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] 0056A4BC |. E8 C344F6FF CALL RegOpt.004CE984 0056A4C1 |. 84C0 TEST AL,AL 0056A4C3 |. 75 2E JNZ SHORT RegOpt.0056A4F3 ; 第四组填了就跳 0056A4C5 |. 6A 40 PUSH 40 0056A4C7 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A4CC |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A4D2 |. E8 85B1E9FF CALL RegOpt.0040565C 0056A4D7 |. 50 PUSH EAX 0056A4D8 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0056A4DB |. E8 7CB1E9FF CALL RegOpt.0040565C 0056A4E0 |. 50 PUSH EAX 0056A4E1 |. 8BC3 MOV EAX,EBX 0056A4E3 |. E8 3443EFFF CALL RegOpt.0045E81C 0056A4E8 |. 50 PUSH EAX ; |hOwner 0056A4E9 |. E8 4EDEE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A4EE |. E9 95040000 JMP RegOpt.0056A988 0056A4F3 |> 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C] 0056A4F6 |. 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4] 0056A4FC |. E8 1BC8EEFF CALL RegOpt.00456D1C 0056A501 |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C] 0056A504 |. E8 7B44F6FF CALL RegOpt.004CE984 0056A509 |. 84C0 TEST AL,AL 0056A50B |. 75 2E JNZ SHORT RegOpt.0056A53B ; 第五组填了就跳 0056A50D |. 6A 40 PUSH 40 0056A50F |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A514 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A51A |. E8 3DB1E9FF CALL RegOpt.0040565C 0056A51F |. 50 PUSH EAX 0056A520 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0056A523 |. E8 34B1E9FF CALL RegOpt.0040565C 0056A528 |. 50 PUSH EAX 0056A529 |. 8BC3 MOV EAX,EBX 0056A52B |. E8 EC42EFFF CALL RegOpt.0045E81C 0056A530 |. 50 PUSH EAX ; |hOwner 0056A531 |. E8 06DEE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A536 |. E9 4D040000 JMP RegOpt.0056A988 0056A53B |> 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20] 0056A53E |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4] 0056A544 |. E8 D3C7EEFF CALL RegOpt.00456D1C 0056A549 |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] 0056A54C |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX 0056A54F |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] 0056A552 |. 85C0 TEST EAX,EAX 0056A554 |. 74 05 JE SHORT RegOpt.0056A55B 0056A556 |. 83E8 04 SUB EAX,4 0056A559 |. 8B00 MOV EAX,DWORD PTR DS:[EAX] 0056A55B |> 83F8 04 CMP EAX,4 ; 位数与4比较 0056A55E |. 74 2E JE SHORT RegOpt.0056A58E ; 相等就Go 0056A560 |. 6A 40 PUSH 40 0056A562 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A567 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A56D |. E8 EAB0E9FF CALL RegOpt.0040565C 0056A572 |. 50 PUSH EAX 0056A573 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0056A576 |. E8 E1B0E9FF CALL RegOpt.0040565C 0056A57B |. 50 PUSH EAX 0056A57C |. 8BC3 MOV EAX,EBX 0056A57E |. E8 9942EFFF CALL RegOpt.0045E81C 0056A583 |. 50 PUSH EAX ; |hOwner 0056A584 |. E8 B3DDE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A589 |. E9 FA030000 JMP RegOpt.0056A988 0056A58E |> 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28] 0056A591 |. 8B83 A8030000 MOV EAX,DWORD PTR DS:[EBX+3A8] 0056A597 |. E8 80C7EEFF CALL RegOpt.00456D1C 0056A59C |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] 0056A59F |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX 0056A5A2 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] 0056A5A5 |. 85C0 TEST EAX,EAX 0056A5A7 |. 74 05 JE SHORT RegOpt.0056A5AE 0056A5A9 |. 83E8 04 SUB EAX,4 0056A5AC |. 8B00 MOV EAX,DWORD PTR DS:[EAX] 0056A5AE |> 83F8 04 CMP EAX,4 0056A5B1 |. 74 2E JE SHORT RegOpt.0056A5E1 ; 必须4位 0056A5B3 |. 6A 40 PUSH 40 0056A5B5 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A5BA |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A5C0 |. E8 97B0E9FF CALL RegOpt.0040565C 0056A5C5 |. 50 PUSH EAX 0056A5C6 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0056A5C9 |. E8 8EB0E9FF CALL RegOpt.0040565C 0056A5CE |. 50 PUSH EAX 0056A5CF |. 8BC3 MOV EAX,EBX 0056A5D1 |. E8 4642EFFF CALL RegOpt.0045E81C 0056A5D6 |. 50 PUSH EAX ; |hOwner 0056A5D7 |. E8 60DDE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A5DC |. E9 A7030000 JMP RegOpt.0056A988 0056A5E1 |> 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C] 0056A5E4 |. 8B83 AC030000 MOV EAX,DWORD PTR DS:[EBX+3AC] 0056A5EA |. E8 2DC7EEFF CALL RegOpt.00456D1C 0056A5EF |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C] 0056A5F2 |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX 0056A5F5 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] 0056A5F8 |. 85C0 TEST EAX,EAX 0056A5FA |. 74 05 JE SHORT RegOpt.0056A601 0056A5FC |. 83E8 04 SUB EAX,4 0056A5FF |. 8B00 MOV EAX,DWORD PTR DS:[EAX] 0056A601 |> 83F8 04 CMP EAX,4 0056A604 |. 74 2E JE SHORT RegOpt.0056A634 ; 必须4位 0056A606 |. 6A 40 PUSH 40 0056A608 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A60D |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A613 |. E8 44B0E9FF CALL RegOpt.0040565C 0056A618 |. 50 PUSH EAX 0056A619 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0056A61C |. E8 3BB0E9FF CALL RegOpt.0040565C 0056A621 |. 50 PUSH EAX 0056A622 |. 8BC3 MOV EAX,EBX 0056A624 |. E8 F341EFFF CALL RegOpt.0045E81C 0056A629 |. 50 PUSH EAX ; |hOwner 0056A62A |. E8 0DDDE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A62F |. E9 54030000 JMP RegOpt.0056A988 0056A634 |> 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30] 0056A637 |. 8B83 B0030000 MOV EAX,DWORD PTR DS:[EBX+3B0] 0056A63D |. E8 DAC6EEFF CALL RegOpt.00456D1C 0056A642 |. 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30] 0056A645 |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX 0056A648 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] 0056A64B |. 85C0 TEST EAX,EAX 0056A64D |. 74 05 JE SHORT RegOpt.0056A654 0056A64F |. 83E8 04 SUB EAX,4 0056A652 |. 8B00 MOV EAX,DWORD PTR DS:[EAX] 0056A654 |> 83F8 04 CMP EAX,4 0056A657 |. 74 2E JE SHORT RegOpt.0056A687 ; 必须4位 0056A659 |. 6A 40 PUSH 40 0056A65B |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A660 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A666 |. E8 F1AFE9FF CALL RegOpt.0040565C 0056A66B |. 50 PUSH EAX 0056A66C |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0056A66F |. E8 E8AFE9FF CALL RegOpt.0040565C 0056A674 |. 50 PUSH EAX 0056A675 |. 8BC3 MOV EAX,EBX 0056A677 |. E8 A041EFFF CALL RegOpt.0045E81C 0056A67C |. 50 PUSH EAX ; |hOwner 0056A67D |. E8 BADCE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A682 |. E9 01030000 JMP RegOpt.0056A988 0056A687 |> 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34] 0056A68A |. 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4] 0056A690 |. E8 87C6EEFF CALL RegOpt.00456D1C 0056A695 |. 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34] 0056A698 |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX 0056A69B |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] 0056A69E |. 85C0 TEST EAX,EAX 0056A6A0 |. 74 05 JE SHORT RegOpt.0056A6A7 0056A6A2 |. 83E8 04 SUB EAX,4 0056A6A5 |. 8B00 MOV EAX,DWORD PTR DS:[EAX] 0056A6A7 |> 83F8 04 CMP EAX,4 0056A6AA |. 74 2E JE SHORT RegOpt.0056A6DA ; 必须4位 0056A6AC |. 6A 40 PUSH 40 0056A6AE |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A6B3 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A6B9 |. E8 9EAFE9FF CALL RegOpt.0040565C 0056A6BE |. 50 PUSH EAX 0056A6BF |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0056A6C2 |. E8 95AFE9FF CALL RegOpt.0040565C 0056A6C7 |. 50 PUSH EAX 0056A6C8 |. 8BC3 MOV EAX,EBX 0056A6CA |. E8 4D41EFFF CALL RegOpt.0045E81C 0056A6CF |. 50 PUSH EAX ; |hOwner 0056A6D0 |. E8 67DCE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A6D5 |. E9 AE020000 JMP RegOpt.0056A988 0056A6DA |> 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38] 0056A6DD |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4] 0056A6E3 |. E8 34C6EEFF CALL RegOpt.00456D1C 0056A6E8 |. 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38] ; EAX=第一组 0056A6EB |. E8 C4F7E9FF CALL RegOpt.00409EB4 ; 取它的16进制放EAX 0056A6F0 |. 8BF0 MOV ESI,EAX ; 给ESI,设为SN1 0056A6F2 |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C] 0056A6F5 |. 8B83 A8030000 MOV EAX,DWORD PTR DS:[EBX+3A8] 0056A6FB |. E8 1CC6EEFF CALL RegOpt.00456D1C 0056A700 |. 8B45 C4 MOV EAX,DWORD PTR SS:[EBP-3C] ; EAX=第二组 0056A703 |. E8 ACF7E9FF CALL RegOpt.00409EB4 ; 取它的16进制放EAX 0056A708 |. 8BF8 MOV EDI,EAX ; 给EDI,设为SN2 0056A70A |. 8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40] 0056A70D |. 8B83 AC030000 MOV EAX,DWORD PTR DS:[EBX+3AC] 0056A713 |. E8 04C6EEFF CALL RegOpt.00456D1C 0056A718 |. 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40] ; EAX=第三组,设为SN3 0056A71B |. E8 94F7E9FF CALL RegOpt.00409EB4 0056A720 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX ; EBP-8=第三组 0056A723 |. 0FAFF7 IMUL ESI,EDI ; ESI*EDI也就是说第一组乘第二组 0056A726 |. 81EE 2B060000 SUB ESI,62B ; 结果减62B 0056A72C |. 81FE 10270000 CMP ESI,2710 ; 结果和2710比较 0056A732 |. 7D 2E JGE SHORT RegOpt.0056A762 ; 小于的话就挂了 0056A734 |. 6A 40 PUSH 40 0056A736 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A73B |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A741 |. E8 16AFE9FF CALL RegOpt.0040565C 0056A746 |. 50 PUSH EAX 0056A747 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0056A74A |. E8 0DAFE9FF CALL RegOpt.0040565C 0056A74F |. 50 PUSH EAX 0056A750 |. 8BC3 MOV EAX,EBX 0056A752 |. E8 C540EFFF CALL RegOpt.0045E81C 0056A757 |. 50 PUSH EAX ; |hOwner 0056A758 |. E8 DFDBE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A75D |. E9 26020000 JMP RegOpt.0056A988 0056A762 |> 8D55 B8 LEA EDX,DWORD PTR SS:[EBP-48] ; 大的话就跳到这里了 0056A765 |. 8BC6 MOV EAX,ESI ; EAX=ESI 0056A767 |. E8 0CF6E9FF CALL RegOpt.00409D78 ; Call进转换成10进制,设为SN4 0056A76C |. 8B45 B8 MOV EAX,DWORD PTR SS:[EBP-48] 0056A76F |. 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44] 0056A772 |. BA 04000000 MOV EDX,4 ; EDX=4 0056A777 |. E8 14DDEDFF CALL RegOpt.00448490 ; 取后四位 0056A77C |. 8B45 BC MOV EAX,DWORD PTR SS:[EBP-44] 0056A77F |. 50 PUSH EAX 0056A780 |. 8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C] 0056A783 |. 8B83 B0030000 MOV EAX,DWORD PTR DS:[EBX+3B0] 0056A789 |. E8 8EC5EEFF CALL RegOpt.00456D1C 0056A78E |. 8B55 B4 MOV EDX,DWORD PTR SS:[EBP-4C] ; EDX=第四组 0056A791 |. 58 POP EAX ; 弹出第四组真码! 0056A792 |. E8 11AEE9FF CALL RegOpt.004055A8 ; Call进比较 0056A797 |. 74 2E JE SHORT RegOpt.0056A7C7 ; 不相等就可以回家睡觉了 0056A799 |. 6A 40 PUSH 40 0056A79B |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A7A0 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A7A6 |. E8 B1AEE9FF CALL RegOpt.0040565C 0056A7AB |. 50 PUSH EAX 0056A7AC |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0056A7AF |. E8 A8AEE9FF CALL RegOpt.0040565C 0056A7B4 |. 50 PUSH EAX 0056A7B5 |. 8BC3 MOV EAX,EBX 0056A7B7 |. E8 6040EFFF CALL RegOpt.0045E81C 0056A7BC |. 50 PUSH EAX ; |hOwner 0056A7BD |. E8 7ADBE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A7C2 |. E9 C1010000 JMP RegOpt.0056A988 0056A7C7 |> 8B75 F8 MOV ESI,DWORD PTR SS:[EBP-8] ; 第四组注册码相等来到这 0056A7CA |. 81C6 01020000 ADD ESI,201 ; 第三组试练码加上201,即SN3+201 0056A7D0 |. 0FAFF7 IMUL ESI,EDI ; 其和乘以第二组试练码 0056A7D3 |. 81EE F50D0000 SUB ESI,0DF5 ; 再减去DF5,我们将它设为SN5 0056A7D9 |. 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54] 0056A7DC |. 8BC6 MOV EAX,ESI 0056A7DE |. E8 95F5E9FF CALL RegOpt.00409D78 ; Call进转换成10进制 0056A7E3 |. 8B45 AC MOV EAX,DWORD PTR SS:[EBP-54] 0056A7E6 |. 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50] 0056A7E9 |. BA 04000000 MOV EDX,4 ; EDX=4 0056A7EE |. E8 9DDCEDFF CALL RegOpt.00448490 ; Call进取后四位,和上面一样了 0056A7F3 |. 8B45 B0 MOV EAX,DWORD PTR SS:[EBP-50] 0056A7F6 |. 50 PUSH EAX 0056A7F7 |. 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-58] 0056A7FA |. 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4] 0056A800 |. E8 17C5EEFF CALL RegOpt.00456D1C 0056A805 |. 8B55 A8 MOV EDX,DWORD PTR SS:[EBP-58] ; Call取第五组试练码 0056A808 |. 58 POP EAX ; 弹出第五组真码 0056A809 |. E8 9AADE9FF CALL RegOpt.004055A8 ; 比较 0056A80E |. 74 2E JE SHORT RegOpt.0056A83E ; 不等回家睡觉 0056A810 |. 6A 40 PUSH 40 0056A812 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A817 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A81D |. E8 3AAEE9FF CALL RegOpt.0040565C 0056A822 |. 50 PUSH EAX 0056A823 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0056A826 |. E8 31AEE9FF CALL RegOpt.0040565C 0056A82B |. 50 PUSH EAX 0056A82C |. 8BC3 MOV EAX,EBX 0056A82E |. E8 E93FEFFF CALL RegOpt.0045E81C 0056A833 |. 50 PUSH EAX ; |hOwner 0056A834 |. E8 03DBE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A839 |. E9 4A010000 JMP RegOpt.0056A988 0056A83E |> 8D55 A4 LEA EDX,DWORD PTR SS:[EBP-5C] ; 第五组试练码相等的话,跳来这 0056A841 |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4] ; 接下来的操作就是保存注册信息的啦 0056A847 |. E8 D0C4EEFF CALL RegOpt.00456D1C 0056A84C |. FF75 A4 PUSH DWORD PTR SS:[EBP-5C] 0056A84F |. 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60] 0056A852 |. 8B83 A8030000 MOV EAX,DWORD PTR DS:[EBX+3A8] 0056A858 |. E8 BFC4EEFF CALL RegOpt.00456D1C 0056A85D |. FF75 A0 PUSH DWORD PTR SS:[EBP-60] 0056A860 |. 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64] 0056A863 |. 8B83 AC030000 MOV EAX,DWORD PTR DS:[EBX+3AC] 0056A869 |. E8 AEC4EEFF CALL RegOpt.00456D1C 0056A86E |. FF75 9C PUSH DWORD PTR SS:[EBP-64] 0056A871 |. 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68] 0056A874 |. 8B83 B0030000 MOV EAX,DWORD PTR DS:[EBX+3B0] 0056A87A |. E8 9DC4EEFF CALL RegOpt.00456D1C 0056A87F |. FF75 98 PUSH DWORD PTR SS:[EBP-68] 0056A882 |. 8D55 94 LEA EDX,DWORD PTR SS:[EBP-6C] 0056A885 |. 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4] 0056A88B |. E8 8CC4EEFF CALL RegOpt.00456D1C 0056A890 |. FF75 94 PUSH DWORD PTR SS:[EBP-6C] 0056A893 |. A1 CC115A00 MOV EAX,DWORD PTR DS:[5A11CC] 0056A898 |. BA 05000000 MOV EDX,5 0056A89D |. E8 7AACE9FF CALL RegOpt.0040551C 0056A8A2 |. B2 01 MOV DL,1 0056A8A4 |. A1 8CCC4200 MOV EAX,DWORD PTR DS:[42CC8C] 0056A8A9 |. E8 DE24ECFF CALL RegOpt.0042CD8C 0056A8AE |. 8BF0 MOV ESI,EAX 0056A8B0 |. BA 02000080 MOV EDX,80000002 0056A8B5 |. 8BC6 MOV EAX,ESI 0056A8B7 |. E8 7025ECFF CALL RegOpt.0042CE2C 0056A8BC |. B1 01 MOV CL,1 0056A8BE |. BA 0CAA5600 MOV EDX,RegOpt.0056AA0C ; ASCII "\SOFTWARE\WinASO\Registry Optimizer" 0056A8C3 |. 8BC6 MOV EAX,ESI 0056A8C5 |. E8 A626ECFF CALL RegOpt.0042CF70 0056A8CA |. 84C0 TEST AL,AL 0056A8CC |. 74 14 JE SHORT RegOpt.0056A8E2 0056A8CE |. 8B0D CC115A00 MOV ECX,DWORD PTR DS:[5A11CC] ; RegOpt.005A62D8 0056A8D4 |. 8B09 MOV ECX,DWORD PTR DS:[ECX] 0056A8D6 |. BA 38AA5600 MOV EDX,RegOpt.0056AA38 ; ASCII "RegOptKey3.0" 0056A8DB |. 8BC6 MOV EAX,ESI 0056A8DD |. E8 9A2DECFF CALL RegOpt.0042D67C 0056A8E2 |> 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74] 0056A8E5 |. A1 A40D5A00 MOV EAX,DWORD PTR DS:[5A0DA4] 0056A8EA |. 8B00 MOV EAX,DWORD PTR DS:[EAX] 0056A8EC |. E8 73A9F0FF CALL RegOpt.00475264 0056A8F1 |. 8B45 8C MOV EAX,DWORD PTR SS:[EBP-74] 0056A8F4 |. 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70] 0056A8F7 |. E8 FCFCE9FF CALL RegOpt.0040A5F8 0056A8FC |. 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70] 0056A8FF |. BA 50AA5600 MOV EDX,RegOpt.0056AA50 ; ASCII "regkey.ini" 0056A904 |. E8 5BABE9FF CALL RegOpt.00405464 0056A909 |. 8B4D 90 MOV ECX,DWORD PTR SS:[EBP-70] 0056A90C |. B2 01 MOV DL,1 0056A90E |. A1 BCAE4200 MOV EAX,DWORD PTR DS:[42AEBC] 0056A913 |. E8 5C06ECFF CALL RegOpt.0042AF74 0056A918 |. 8BF0 MOV ESI,EAX 0056A91A |. A1 CC115A00 MOV EAX,DWORD PTR DS:[5A11CC] 0056A91F |. 8B00 MOV EAX,DWORD PTR DS:[EAX] 0056A921 |. 50 PUSH EAX 0056A922 |. B9 64AA5600 MOV ECX,RegOpt.0056AA64 ; ASCII "300" 0056A927 |. BA 70AA5600 MOV EDX,RegOpt.0056AA70 ; ASCII "regkey" 0056A92C |. 8BC6 MOV EAX,ESI 0056A92E |. 8B38 MOV EDI,DWORD PTR DS:[EAX] 0056A930 |. FF57 04 CALL DWORD PTR DS:[EDI+4] 0056A933 |. 8BC6 MOV EAX,ESI 0056A935 |. E8 1E99E9FF CALL RegOpt.00404258 0056A93A |. 6A 40 PUSH 40 0056A93C |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A941 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C] 0056A947 |. E8 10ADE9FF CALL RegOpt.0040565C 0056A94C |. 50 PUSH EAX 0056A94D |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584] 0056A952 |. 8B80 74080000 MOV EAX,DWORD PTR DS:[EAX+874] 0056A958 |. E8 FFACE9FF CALL RegOpt.0040565C 0056A95D |. 50 PUSH EAX 0056A95E |. 8BC3 MOV EAX,EBX 0056A960 |. E8 B73EEFFF CALL RegOpt.0045E81C 0056A965 |. 50 PUSH EAX ; |hOwner 0056A966 |. E8 D1D9E9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0056A96B |. 8BC3 MOV EAX,EBX 0056A96D |. E8 CE63F0FF CALL RegOpt.00470D40 0056A972 |. 6A 00 PUSH 0 ; /lParam = 0 0056A974 |. 6A 00 PUSH 0 ; |wParam = 0 0056A976 |. 68 78070000 PUSH 778 ; |Message = MSG(778) 0056A97B |. A1 E00D5A00 MOV EAX,DWORD PTR DS:[5A0DE0] ; | 0056A980 |. 8B00 MOV EAX,DWORD PTR DS:[EAX] ; | 0056A982 |. 50 PUSH EAX ; |hWnd 0056A983 |. E8 54DAE9FF CALL <JMP.&user32.SendMessageA> ; \SendMessageA 0056A988 |> 33C0 XOR EAX,EAX 0056A98A |. 5A POP EDX ; 0012FA0C 0056A98B |. 59 POP ECX 0056A98C |. 59 POP ECX 0056A98D |. 64:8910 MOV DWORD PTR FS:[EAX],EDX 0056A990 |. 68 FBA95600 PUSH RegOpt.0056A9FB 0056A995 |> 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74] 0056A998 |. BA 02000000 MOV EDX,2 0056A99D |. E8 1AA8E9FF CALL RegOpt.004051BC 0056A9A2 |. 8D45 94 LEA EAX,DWORD PTR SS:[EBP-6C] 0056A9A5 |. BA 06000000 MOV EDX,6 0056A9AA |. E8 0DA8E9FF CALL RegOpt.004051BC 0056A9AF |. 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54] 0056A9B2 |. BA 02000000 MOV EDX,2 0056A9B7 |. E8 00A8E9FF CALL RegOpt.004051BC 0056A9BC |. 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C] 0056A9BF |. E8 D4A7E9FF CALL RegOpt.00405198 0056A9C4 |. 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48] 0056A9C7 |. BA 02000000 MOV EDX,2 0056A9CC |. E8 EBA7E9FF CALL RegOpt.004051BC 0056A9D1 |. 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40] 0056A9D4 |. BA 07000000 MOV EDX,7 0056A9D9 |. E8 DEA7E9FF CALL RegOpt.004051BC 0056A9DE |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20] 0056A9E1 |. BA 06000000 MOV EDX,6 0056A9E6 |. E8 D1A7E9FF CALL RegOpt.004051BC 0056A9EB |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4] 0056A9EE |. E8 A5A7E9FF CALL RegOpt.00405198 0056A9F3 \. C3 RETN 0056A9F4 .^ E9 33A0E9FF JMP RegOpt.00404A2C 0056A9F9 .^ EB 9A JMP SHORT RegOpt.0056A995 0056A9FB . 5F POP EDI 0056A9FC . 5E POP ESI 0056A9FD . 5B POP EBX 0056A9FE . 8BE5 MOV ESP,EBP 0056AA00 . 5D POP EBP 0056AA01 . C3 RETN 【算法总结】 ------------------------------------------------------------------------ 一、五组整数值注册码,每组四位 二、第一,二,三组注册码任意,分别设sn1,sn2,sn3 三、第四组注册码sn4算法为:sn1*sn2-$62B,取结果后四位 四、第五组注册码sn5算法为:(sn3+$201)*sn2-$DF5,取结果后四位 五、注册码保存在“HKEY_LOCAL_MACHINE\SOFTWARE\WinASO\Registry Optimizer”中,删除可继续调试 |
| 地主 发表时间: 07-09-07 09:45 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 编程破解
标题: [转帖]WinASORegistryOptimizerV3.0.9算法分析