|
 | 作者: yongmin [yongmin]
 论坛用户 |
登录 |
| 作者:鹭影依凌 转贴自:一蓑烟雨 软件简介: 可以帮助你在有事离开时,用密码保护你的计算机,可以选择在启动时自动运行对计算机加锁,能防止冷启动。它有两种运行方式,一是保护时显示屏保,二是显示桌面,这在你要向他人展示某些东西而不想让他们乱动电脑时很有用。在锁定状态时它还可以让他人留下讯息。带序列号生成器 下载地址:http://www.softstack.com/download/1cllock.zip 无壳,OD载入,超级字符串定位,代码分析如下 ;===================================================================== 00512E40 /$ 55 push ebp 00512E41 |. 8BEC mov ebp, esp 00512E43 |. 83C4 F8 add esp, -8 00512E46 |. 8945 FC mov dword ptr [ebp-4], eax 00512E49 |. 8B45 FC mov eax, dword ptr [ebp-4] 00512E4C |. E8 A322EFFF call 004050F4 00512E51 |. 33C0 xor eax, eax 00512E53 |. 55 push ebp 00512E54 |. 68 CB2E5100 push 00512ECB 00512E59 |. 64:FF30 push dword ptr fs:[eax] 00512E5C |. 64:8920 mov dword ptr fs:[eax], esp 00512E5F |. C645 FB 00 mov byte ptr [ebp-5], 0 00512E63 |. 8B45 FC mov eax, dword ptr [ebp-4] ; EAX = 序列号 00512E66 |. E8 515BFBFF call 004C89BC ; |*|关键CALL 00512E6B |. 84C0 test al, al 00512E6D |. 74 23 je short 00512E92 00512E6F |. 8B45 FC mov eax, dword ptr [ebp-4] 00512E72 |. E8 090EFAFF call 004B3C80 00512E77 |. 6A 00 push 0 ; /Arg1 = 00000000 00512E79 |. 66:8B0D DC2E5>mov cx, word ptr [512EDC] ; | 00512E80 |. B2 02 mov dl, 2 ; | 00512E82 |. B8 E82E5100 mov eax, 00512EE8 ; |registration key is ok 00512E87 |. E8 9083F2FF call 0043B21C ; \1cl.0043B21C 00512E8C |. C645 FB 01 mov byte ptr [ebp-5], 1 00512E90 |. EB 23 jmp short 00512EB5 00512E92 |> 6A 00 push 0 ; /Arg1 = 00000000 00512E94 |. 66:8B0D DC2E5>mov cx, word ptr [512EDC] ; | 00512E9B |. B2 01 mov dl, 1 ; | 00512E9D |. B8 082F5100 mov eax, 00512F08 ; |registration key is not valid 00512EA2 |. E8 7583F2FF call 0043B21C ; \1cl.0043B21C 00512EA7 |. A1 B0785100 mov eax, dword ptr [5178B0] 00512EAC |. 8B00 mov eax, dword ptr [eax] 00512EAE |. C680 C9030000>mov byte ptr [eax+3C9], 1 00512EB5 |> 33C0 xor eax, eax 00512EB7 |. 5A pop edx 00512EB8 |. 59 pop ecx 00512EB9 |. 59 pop ecx 00512EBA |. 64:8910 mov dword ptr fs:[eax], edx 00512EBD |. 68 D22E5100 push 00512ED2 00512EC2 |> 8D45 FC lea eax, dword ptr [ebp-4] 00512EC5 |. E8 7A1DEFFF call 00404C44 00512ECA \. C3 retn 00512ECB .^ E9 CC16EFFF jmp 0040459C 00512ED0 .^ EB F0 jmp short 00512EC2 00512ED2 . 8A45 FB mov al, byte ptr [ebp-5] 00512ED5 . 59 pop ecx 00512ED6 . 59 pop ecx 00512ED7 . 5D pop ebp 00512ED8 . C3 retn ;===================================================================== 004C89BC /$ 55 push ebp ; //调用 004C89BD |. 8BEC mov ebp, esp 004C89BF |. 83C4 DC add esp, -24 004C89C2 |. 33D2 xor edx, edx 004C89C4 |. 8955 E4 mov dword ptr [ebp-1C], edx 004C89C7 |. 8955 E0 mov dword ptr [ebp-20], edx 004C89CA |. 8945 FC mov dword ptr [ebp-4], eax 004C89CD |. 8B45 FC mov eax, dword ptr [ebp-4] ; EAX = 序列号 004C89D0 |. E8 1FC7F3FF call 004050F4 004C89D5 |. 33C0 xor eax, eax 004C89D7 |. 55 push ebp 004C89D8 |. 68 E48A4C00 push 004C8AE4 004C89DD |. 64:FF30 push dword ptr fs:[eax] 004C89E0 |. 64:8920 mov dword ptr fs:[eax], esp 004C89E3 |. C645 FB 00 mov byte ptr [ebp-5], 0 004C89E7 |. E8 3CAAFEFF call 004B3428 004C89EC |. 8B45 FC mov eax, dword ptr [ebp-4] ; EAX = 序列号 004C89EF |. E8 10C5F3FF call 00404F04 ; 取序列号长度 004C89F4 |. 83F8 10 cmp eax, 10 004C89F7 |. 0F85 C4000000 jnz 004C8AC1 ; //不等于16H就挂 004C89FD |. 8D45 E4 lea eax, dword ptr [ebp-1C] 004C8A00 |. 50 push eax 004C8A01 |. B9 08000000 mov ecx, 8 004C8A06 |. BA 01000000 mov edx, 1 004C8A0B |. 8B45 FC mov eax, dword ptr [ebp-4] ; EAX = 序列号 004C8A0E |. E8 51C7F3FF call 00405164 004C8A13 |. 8D45 E0 lea eax, dword ptr [ebp-20] 004C8A16 |. 50 push eax 004C8A17 |. B9 08000000 mov ecx, 8 004C8A1C |. BA 09000000 mov edx, 9 004C8A21 |. 8B45 FC mov eax, dword ptr [ebp-4] 004C8A24 |. E8 3BC7F3FF call 00405164 004C8A29 |. 8D55 EC lea edx, dword ptr [ebp-14] 004C8A2C |. 8B45 E4 mov eax, dword ptr [ebp-1C] ; (ASCII "98765432" 004C8A2F |. E8 98ADF3FF call 004037CC 004C8A34 |. 8945 E8 mov dword ptr [ebp-18], eax 004C8A37 |. 837D EC 00 cmp dword ptr [ebp-14], 0 004C8A3B |. 0F85 80000000 jnz 004C8AC1 ; //跳则挂 004C8A41 |. 8D55 EC lea edx, dword ptr [ebp-14] 004C8A44 |. 8B45 E0 mov eax, dword ptr [ebp-20] ; (ASCII "10abcdef" 004C8A47 |. E8 80ADF3FF call 004037CC 004C8A4C |. 8945 E8 mov dword ptr [ebp-18], eax 004C8A4F |. 837D EC 00 cmp dword ptr [ebp-14], 0 004C8A53 |. 75 6C jnz short 004C8AC1 ; //跳则挂 004C8A55 |. C745 F4 30000>mov dword ptr [ebp-C], 30 004C8A5C |> 33C0 /xor eax, eax ; EAX置零 004C8A5E |. 8945 EC |mov dword ptr [ebp-14], eax ; [ebp-14]初始化为0 004C8A61 |. 8B45 FC |mov eax, dword ptr [ebp-4] ; EAX = 序列号 004C8A64 |. E8 9BC4F3FF |call 00404F04 ; 取序列号长度 004C8A69 |. 85C0 |test eax, eax 004C8A6B |. 7E 24 |jle short 004C8A91 004C8A6D |. 8945 DC |mov dword ptr [ebp-24], eax ; [ebp-24] = 序列号长度 004C8A70 |. C745 F0 01000>|mov dword ptr [ebp-10], 1 004C8A77 |> 8A45 F4 |/mov al, byte ptr [ebp-C] 004C8A7A |. 8B55 FC ||mov edx, dword ptr [ebp-4] 004C8A7D |. 8B4D F0 ||mov ecx, dword ptr [ebp-10] 004C8A80 |. 3A440A FF ||cmp al, byte ptr [edx+ecx-1] 004C8A84 |. 75 03 ||jnz short 004C8A89 004C8A86 |. FF45 EC ||inc dword ptr [ebp-14] 004C8A89 |> FF45 F0 ||inc dword ptr [ebp-10] 004C8A8C |. FF4D DC ||dec dword ptr [ebp-24] 004C8A8F |.^ 75 E6 |\jnz short 004C8A77 004C8A91 |> 837D EC 05 |cmp dword ptr [ebp-14], 5 ; [ebp-14]保存序列号中0的个数 004C8A95 |. 7E 09 |jle short 004C8AA0 004C8A97 |. C745 EC FFFFF>|mov dword ptr [ebp-14], -1 004C8A9E |. EB 09 |jmp short 004C8AA9 004C8AA0 |> FF45 F4 |inc dword ptr [ebp-C] 004C8AA3 |. 837D F4 3A |cmp dword ptr [ebp-C], 3A 004C8AA7 |.^ 75 B3 \jnz short 004C8A5C 004C8AA9 |> 837D EC 00 cmp dword ptr [ebp-14], 0 004C8AAD |. 7C 12 jl short 004C8AC1 ; //跳则挂 004C8AAF |. 55 push ebp 004C8AB0 |. 8B45 FC mov eax, dword ptr [ebp-4] ; EAX = 序列号 004C8AB3 |. E8 70FDFFFF call 004C8828 ; |*|关键CALL 004C8AB8 |. 59 pop ecx ; 0013F51C 004C8AB9 |. 84C0 test al, al 004C8ABB |. 74 04 je short 004C8AC1 004C8ABD |. C645 FB 01 mov byte ptr [ebp-5], 1 004C8AC1 |> 33C0 xor eax, eax ; //跳则挂 004C8AC3 |. 5A pop edx 004C8AC4 |. 59 pop ecx 004C8AC5 |. 59 pop ecx 004C8AC6 |. 64:8910 mov dword ptr fs:[eax], edx 004C8AC9 |. 68 EB8A4C00 push 004C8AEB 004C8ACE |> 8D45 E0 lea eax, dword ptr [ebp-20] 004C8AD1 |. BA 02000000 mov edx, 2 004C8AD6 |. E8 8DC1F3FF call 00404C68 004C8ADB |. 8D45 FC lea eax, dword ptr [ebp-4] 004C8ADE |. E8 61C1F3FF call 00404C44 004C8AE3 \. C3 retn 004C8AE4 .^ E9 B3BAF3FF jmp 0040459C 004C8AE9 .^ EB E3 jmp short 004C8ACE 004C8AEB . 8A45 FB mov al, byte ptr [ebp-5] 004C8AEE . 8BE5 mov esp, ebp 004C8AF0 . 5D pop ebp 004C8AF1 . C3 retn ; //返回 ;===================================================================== 004C8828 /$ 55 push ebp ; //本地调用来自 004C8AB3 004C8829 |. 8BEC mov ebp, esp 004C882B |. B9 07000000 mov ecx, 7 004C8830 |> 6A 00 /push 0 004C8832 |. 6A 00 |push 0 004C8834 |. 49 |dec ecx 004C8835 |.^ 75 F9 \jnz short 004C8830 004C8837 |. 53 push ebx 004C8838 |. 8945 FC mov dword ptr [ebp-4], eax ; [ebp-4] = 序列号 004C883B |. 33C0 xor eax, eax 004C883D |. 55 push ebp 004C883E |. 68 AB894C00 push 004C89AB 004C8843 |. 64:FF30 push dword ptr fs:[eax] 004C8846 |. 64:8920 mov dword ptr fs:[eax], esp 004C8849 |. 8D45 F4 lea eax, dword ptr [ebp-C] 004C884C |. 8B55 FC mov edx, dword ptr [ebp-4] 004C884F |. 8A12 mov dl, byte ptr [edx] ; 序列号第1个字符 004C8851 |. E8 D6C5F3FF call 00404E2C 004C8856 |. 8B45 F4 mov eax, dword ptr [ebp-C] 004C8859 |. E8 9E13F4FF call 00409BFC 004C885E |. 8BD8 mov ebx, eax ; EBX = EAX(9) 004C8860 |. 8D45 F0 lea eax, dword ptr [ebp-10] 004C8863 |. 8B55 FC mov edx, dword ptr [ebp-4] 004C8866 |. 8A52 01 mov dl, byte ptr [edx+1] ; 序列号第2个字符 004C8869 |. E8 BEC5F3FF call 00404E2C 004C886E |. 8B45 F0 mov eax, dword ptr [ebp-10] 004C8871 |. E8 8613F4FF call 00409BFC 004C8876 |. 03D8 add ebx, eax ; EBX = EBX + EAX 004C8878 |. 8D45 EC lea eax, dword ptr [ebp-14] 004C887B |. 8B55 FC mov edx, dword ptr [ebp-4] 004C887E |. 8A52 02 mov dl, byte ptr [edx+2] ; 序列号第3个字符 004C8881 |. E8 A6C5F3FF call 00404E2C 004C8886 |. 8B45 EC mov eax, dword ptr [ebp-14] 004C8889 |. E8 6E13F4FF call 00409BFC 004C888E |. 03D8 add ebx, eax ; EBX = EBX + EAX 004C8890 |. 8D45 E8 lea eax, dword ptr [ebp-18] 004C8893 |. 8B55 FC mov edx, dword ptr [ebp-4] 004C8896 |. 8A52 03 mov dl, byte ptr [edx+3] ; 序列号第4个字符 004C8899 |. E8 8EC5F3FF call 00404E2C 004C889E |. 8B45 E8 mov eax, dword ptr [ebp-18] 004C88A1 |. E8 5613F4FF call 00409BFC 004C88A6 |. 03D8 add ebx, eax ; EBX = EBX + EAX 004C88A8 |. A1 C07C5100 mov eax, dword ptr [517CC0] 004C88AD |. 3B18 cmp ebx, dword ptr [eax] ; ds:[005197BC]=00000017 004C88AF 0F85 D2000000 jnz 004C8987 ; //跳则挂 004C88B5 |. 8D45 E4 lea eax, dword ptr [ebp-1C] 004C88B8 |. 8B55 FC mov edx, dword ptr [ebp-4] 004C88BB |. 8A52 04 mov dl, byte ptr [edx+4] ; 序列号第5个字符 004C88BE |. E8 69C5F3FF call 00404E2C 004C88C3 |. 8B45 E4 mov eax, dword ptr [ebp-1C] 004C88C6 |. E8 3113F4FF call 00409BFC 004C88CB |. 8BD8 mov ebx, eax ; EBX = EAX 004C88CD |. 8D45 E0 lea eax, dword ptr [ebp-20] 004C88D0 |. 8B55 FC mov edx, dword ptr [ebp-4] 004C88D3 |. 8A52 07 mov dl, byte ptr [edx+7] ; 序列号第8个字符 004C88D6 |. E8 51C5F3FF call 00404E2C 004C88DB |. 8B45 E0 mov eax, dword ptr [ebp-20] 004C88DE |. E8 1913F4FF call 00409BFC 004C88E3 |. 03D8 add ebx, eax ; EBX = EBX + EAX 004C88E5 |. 8D45 DC lea eax, dword ptr [ebp-24] 004C88E8 |. 8B55 FC mov edx, dword ptr [ebp-4] 004C88EB |. 8A52 0A mov dl, byte ptr [edx+A] ; 序列号第11个字符 004C88EE |. E8 39C5F3FF call 00404E2C 004C88F3 |. 8B45 DC mov eax, dword ptr [ebp-24] 004C88F6 |. E8 0113F4FF call 00409BFC 004C88FB |. 03D8 add ebx, eax ; EBX = EBX + EAX 004C88FD |. 8D45 D8 lea eax, dword ptr [ebp-28] 004C8900 |. 8B55 FC mov edx, dword ptr [ebp-4] 004C8903 |. 8A52 0D mov dl, byte ptr [edx+D] ; 序列号第14个字符 004C8906 |. E8 21C5F3FF call 00404E2C 004C890B |. 8B45 D8 mov eax, dword ptr [ebp-28] 004C890E |. E8 E912F4FF call 00409BFC 004C8913 |. 03D8 add ebx, eax ; EBX = EBX + EAX 004C8915 |. A1 007D5100 mov eax, dword ptr [517D00] 004C891A |. 3B18 cmp ebx, dword ptr [eax] ; ds:[005197C0]=0000001E 004C891C 75 69 jnz short 004C8987 004C891E |. 8D45 D4 lea eax, dword ptr [ebp-2C] 004C8921 |. 8B55 FC mov edx, dword ptr [ebp-4] 004C8924 |. 8A52 06 mov dl, byte ptr [edx+6] ; 序列号第7个字符 004C8927 |. E8 00C5F3FF call 00404E2C 004C892C |. 8B45 D4 mov eax, dword ptr [ebp-2C] 004C892F |. E8 C812F4FF call 00409BFC 004C8934 |. 8BD8 mov ebx, eax ; EBX = EAX 004C8936 |. 8D45 D0 lea eax, dword ptr [ebp-30] 004C8939 |. 8B55 FC mov edx, dword ptr [ebp-4] 004C893C |. 8A52 09 mov dl, byte ptr [edx+9] ; 序列号第10个字符 004C893F |. E8 E8C4F3FF call 00404E2C 004C8944 |. 8B45 D0 mov eax, dword ptr [ebp-30] 004C8947 |. E8 B012F4FF call 00409BFC 004C894C |. 03D8 add ebx, eax ; EBX = EBX + EAX 004C894E |. 8D45 CC lea eax, dword ptr [ebp-34] 004C8951 |. 8B55 FC mov edx, dword ptr [ebp-4] 004C8954 |. 8A52 0C mov dl, byte ptr [edx+C] ; 序列号第13个字符 004C8957 |. E8 D0C4F3FF call 00404E2C 004C895C |. 8B45 CC mov eax, dword ptr [ebp-34] 004C895F |. E8 9812F4FF call 00409BFC 004C8964 |. 03D8 add ebx, eax ; EBX = EBX + EAX 004C8966 |. 8D45 C8 lea eax, dword ptr [ebp-38] 004C8969 |. 8B55 FC mov edx, dword ptr [ebp-4] 004C896C |. 8A52 0F mov dl, byte ptr [edx+F] ; 序列号第16个字符 004C896F |. E8 B8C4F3FF call 00404E2C 004C8974 |. 8B45 C8 mov eax, dword ptr [ebp-38] 004C8977 |. E8 8012F4FF call 00409BFC 004C897C |. 03D8 add ebx, eax ; EBX = EBX + EAX 004C897E |. A1 BC785100 mov eax, dword ptr [5178BC] 004C8983 |. 3B18 cmp ebx, dword ptr [eax] ; ds:[005197C4]=00000009 004C8985 74 04 je short 004C898B ; //不跳则挂 004C8987 |> 33C0 xor eax, eax 004C8989 |. EB 02 jmp short 004C898D 004C898B |> B0 01 mov al, 1 ; al = 1 004C898D |> 8845 FB mov byte ptr [ebp-5], al ; [ebp-5] = al 004C8990 |. 33C0 xor eax, eax ; EAX置零 004C8992 |. 5A pop edx 004C8993 |. 59 pop ecx 004C8994 |. 59 pop ecx 004C8995 |. 64:8910 mov dword ptr fs:[eax], edx 004C8998 |. 68 B2894C00 push 004C89B2 004C899D |> 8D45 C8 lea eax, dword ptr [ebp-38] 004C89A0 |. BA 0C000000 mov edx, 0C 004C89A5 |. E8 BEC2F3FF call 00404C68 004C89AA \. C3 retn 004C89AB .^ E9 ECBBF3FF jmp 0040459C 004C89B0 .^ EB EB jmp short 004C899D 004C89B2 . 8A45 FB mov al, byte ptr [ebp-5] ; al = [ebp-5] 004C89B5 . 5B pop ebx 004C89B6 . 8BE5 mov esp, ebp 004C89B8 . 5D pop ebp 004C89B9 . C3 retn ; //返回 ;===================================================================== 算法总结序列号的要求) 1.长度必须是10H位 2.字符必须是数字 3.每个数字的个数不能超过4 4.各数字之间满足的关系: array[0] + array[1] + array[2] + array[3] = 17H = 23D(23/4=3)例:4568 array[4] + array[7] + array[A] + array[D] = 1EH = 30D(30/4=7)例:6789 array[6] + array[9] + array[C] + array[F] = 09H = 09D(09/4=2)例:0117 提供一组可用的序列号 4568600701811927 说明程序对第6、9、12、15位没有进行局部检测 但有总体要求,每个数字的个数不能超过4 |
| 地主 发表时间: 07-11-08 00:07 |
 | 回复: xia2007 [xia2007]  论坛用户 |
登录 |
|
看不懂 |
| B1层 发表时间: 07-11-09 20:04 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 编程破解
标题: [转帖]1ClickLockv3.2算法分析