|
00500234 55 PUSH EBP ; 按钮事件
00500235 8BEC MOV EBP,ESP
00500237 B9 49000000 MOV ECX,49
0050023C 6A 00 PUSH 0
0050023E 6A 00 PUSH 0
00500240 49 DEC ECX
00500241 ^ 75 F9 JNZ SHORT 0050023C
00500243 51 PUSH ECX
00500244 53 PUSH EBX
00500245 56 PUSH ESI
00500246 57 PUSH EDI
00500247 8BF2 MOV ESI,EDX
00500249 8BD8 MOV EBX,EAX
0050024B 33C0 XOR EAX,EAX
0050024D 55 PUSH EBP
0050024E 68 97065000 PUSH 00500697
00500253 64:FF30 PUSH DWORD PTR FS:[EAX]
00500256 64:8920 MOV DWORD PTR FS:[EAX],ESP
00500259 8B46 08 MOV EAX,DWORD PTR DS:[ESI+8]
0050025C BA B0065000 MOV EDX,005006B0 ; ASCII "fdkfwefrweirjodfdsf_434"
00500261 E8 964DF0FF CALL 00404FFC
00500266 0F85 AA030000 JNZ 00500616
0050026C 8D95 20FEFFFF LEA EDX,DWORD PTR SS:[EBP-1E0]
00500272 8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
00500278 E8 ABE3F5FF CALL 0045E628 ; 获取假码
0050027D 83BD 20FEFFFF 0>CMP DWORD PTR SS:[EBP-1E0],0
00500284 0F84 8C030000 JE 00500616 ; 注册码为空?
0050028A 8D85 1CFEFFFF LEA EAX,DWORD PTR SS:[EBP-1E4]
00500290 50 PUSH EAX
00500291 8D95 18FEFFFF LEA EDX,DWORD PTR SS:[EBP-1E8]
00500297 8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
0050029D E8 86E3F5FF CALL 0045E628
005002A2 8B85 18FEFFFF MOV EAX,DWORD PTR SS:[EBP-1E8]
005002A8 B9 02000000 MOV ECX,2
005002AD BA 01000000 MOV EDX,1
005002B2 E8 594EF0FF CALL 00405110
005002B7 8B85 1CFEFFFF MOV EAX,DWORD PTR SS:[EBP-1E4]
005002BD BA D0065000 MOV EDX,005006D0 ; ASCII "36"
005002C2 E8 354DF0FF CALL 00404FFC ; 假码头两位与 36 比较,不等完蛋
005002C7 0F85 49030000 JNZ 00500616
005002CD 8D95 10FEFFFF LEA EDX,DWORD PTR SS:[EBP-1F0]
005002D3 8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
005002D9 E8 4AE3F5FF CALL 0045E628
005002DE 8B85 10FEFFFF MOV EAX,DWORD PTR SS:[EBP-1F0]
005002E4 8D8D 14FEFFFF LEA ECX,DWORD PTR SS:[EBP-1EC]
005002EA BA 02000000 MOV EDX,2
005002EF E8 18F4FFFF CALL 004FF70C
005002F4 8B85 14FEFFFF MOV EAX,DWORD PTR SS:[EBP-1EC]
005002FA BA DC065000 MOV EDX,005006DC ; ASCII "94"
005002FF E8 F84CF0FF CALL 00404FFC ; 假码最后两位与94比较,不等完蛋
00500304 0F85 0C030000 JNZ 00500616
0050030A 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0050030D 50 PUSH EAX
0050030E 8D95 0CFEFFFF LEA EDX,DWORD PTR SS:[EBP-1F4]
00500314 8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
0050031A E8 09E3F5FF CALL 0045E628
0050031F 8B85 0CFEFFFF MOV EAX,DWORD PTR SS:[EBP-1F4]
00500325 B9 20000000 MOV ECX,20
0050032A BA 03000000 MOV EDX,3
0050032F E8 DC4DF0FF CALL 00405110 ; 从第三位起取假码32位
00500334 8D95 08FEFFFF LEA EDX,DWORD PTR SS:[EBP-1F8]
0050033A 8BC3 MOV EAX,EBX
0050033C E8 33FEFFFF CALL 00500174 ; 关键call
00500341 8B95 08FEFFFF MOV EDX,DWORD PTR SS:[EBP-1F8] ; 真码中间部分出现
00500347 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 上面取的32位
0050034A E8 AD4CF0FF CALL 00404FFC ; 比较,不等则完蛋
0050034F 0F85 C1020000 JNZ 00500616
00500355 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
00500358 E8 E7FAFFFF CALL 004FFE44
0050035D 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 机器码
00500360 E8 4B4BF0FF CALL 00404EB0
注册总结:很简单,程序首先比较注册码前两位(必须为36),然后比较最后两位(必须为94),最终比较中间的32位;其中中间的32位是关键,机器码每位循环运算得到一字符串,然后MD5加密下,与中间的32位比较。
给个VB的注册机源码:
Private Sub Command1_Click()
Dim Length As Integer
Dim I As Integer
Dim str As String
Dim sun As String
Dim jieguo As String
Length = Len(Trim(Text1.Text))
For I = 1 To Length
str = Mid(Trim(Text1.Text), I, 1)
sun = Asc(str)
sun = Hex(sun + 537) '我把原来程序中的4步并作一步了
jieguo = jieguo & sun
Next I
Text2.Text = "36" & MD5(jieguo) & "94"
End Sub |
|