-
-
Win Image Converter V 1.5.2 加法运算,也算走完个过程~!
-
发表于: 2010-3-26 07:48 3971
-
【文章标题】: Win Image Converter 加法运算,也算走完个过程
【文章作者】: ella
【软件名称】: Win Image Converter V1.5.2
【下载地址】: http://www.pearlmountainsoft.com/win-image-converter-download.html
【保护方式】: UPX
【作者声明】: 凑热闹~^_^
--------------------------------------------------------------------------------
【详细过程】
1,去掉UPX
2,开始,输入注册码:IMGCT-00213-01913-05B12-04412,来到关键的地方
主程序里:
004032D0 55 push ebp
004032D1 8BEC mov ebp, esp
004032D3 6A FF push -1
............................略
00403394 FF15 5C104100 call dword ptr [<&albumdesigncore.CRegisterUtility::CheckCode>] ; >> &)>
0040339A 84C0 test al, al
0040339C 74 5F je short 004033FD ; 跳向提示失败
进 00403394 来到:
10028C90 >/$ 8B5424 04 mov edx, dword ptr [esp+4]
10028C94 |. 8D41 08 lea eax, dword ptr [ecx+8]
10028C97 |. 8B49 04 mov ecx, dword ptr [ecx+4]
10028C9A |. 50 push eax
10028C9B |. 51 push ecx
10028C9C |. 52 push edx
10028C9D |. E8 0EFEFFFF call ; albumdes.CheckRandomSerialCode
10028CA2 |. 83C4 0C add esp, 0C
10028CA5 \. C2 0400 retn 4
验证是在DLL里的,进10028C9D call ; albumdes.CheckRandomSerialCode
10028AB0 >/$ 6A FF push -1
10028AB2 |. 68 AD9C0410 push ; SE 处理程序安装
10028AB7 |. 64:A1 0000000>mov eax, dword ptr fs:[0]
10028ABD |. 50 push eax
10028ABE |. 64:8925 00000>mov dword ptr fs:[0], esp
10028AC5 |. 83EC 24 sub esp, 24
10028AC8 |. 8B4C24 34 mov ecx, dword ptr [esp+34]
10028ACC |. 6A 20 push 20
10028ACE |. FF15 5CC20410 call dword ptr [<&MFC71U.#ATL::CStringT; MFC71U.#ATL::CStringT > >::Trim_6162
10028AD4 |. 8B00 mov eax, dword ptr [eax]
10028AD6 |. 50 push eax
10028AD7 |. 8D4C24 04 lea ecx, dword ptr [esp+4]
10028ADB |. FF15 D8C20410 call dword ptr [<&MFC71U.#ATL::CStringT; MFC71U.#ATL::CStringT > >::CStringT > >_287
10028AE1 |. 8D0C24 lea ecx, dword ptr [esp]
10028AE4 |. C74424 2C 000>mov dword ptr [esp+2C], 0
10028AEC |. FF15 C0C20410 call dword ptr [<&MFC71U.#ATL::CSimpleStringT::GetLe>; MFC71U.#ATL::CSimpleStringT::GetLength_2896
10028AF2 |. 83F8 1D cmp eax, 1D ; 注册码长度是否是1D位
10028AF5 |. 8D0C24 lea ecx, dword ptr [esp]
10028AF8 |. 0F85 6E010000 jnz
10028AFE |. 6A 05 push 5 ; 第5位是否为2D 也就是“-”
10028B00 |. FF15 D4C20410 call dword ptr [<&MFC71U.#ATL::CSimpleStringT::GetAt>; MFC71U.#ATL::CSimpleStringT::GetAt_2444
10028B06 |. 66:3D 2D00 cmp ax, 2D
10028B0A |. 0F85 59010000 jnz
10028B10 |. 6A 0B push 0B ; 第0B位是否为2D 也就是“-”
10028B12 |. 8D4C24 04 lea ecx, dword ptr [esp+4]
10028B16 |. FF15 D4C20410 call dword ptr [<&MFC71U.#ATL::CSimpleStringT::GetAt>; MFC71U.#ATL::CSimpleStringT::GetAt_2444
10028B1C |. 66:3D 2D00 cmp ax, 2D
10028B20 |. 0F85 43010000 jnz
10028B26 |. 6A 11 push 11 ; 第11位是否为2D 也就是“-”
10028B28 |. 8D4C24 04 lea ecx, dword ptr [esp+4]
10028B2C |. FF15 D4C20410 call dword ptr [<&MFC71U.#ATL::CSimpleStringT::GetAt>; MFC71U.#ATL::CSimpleStringT::GetAt_2444
10028B32 |. 66:3D 2D00 cmp ax, 2D
10028B36 |. 0F85 2D010000 jnz
10028B3C |. 6A 17 push 17 ; 第17位是否为2D 也就是“-”
10028B3E |. 8D4C24 04 lea ecx, dword ptr [esp+4]
10028B42 |. FF15 D4C20410 call dword ptr [<&MFC71U.#ATL::CSimpleStringT::GetAt>; MFC71U.#ATL::CSimpleStringT::GetAt_2444
10028B48 |. 66:3D 2D00 cmp ax, 2D
10028B4C |. 0F85 17010000 jnz
10028B52 |. 6A 05 push 5
10028B54 |. 6A 00 push 0
10028B56 |. 8D4424 14 lea eax, dword ptr [esp+14]
10028B5A |. 50 push eax
10028B5B |. 8D4C24 0C lea ecx, dword ptr [esp+C]
10028B5F |. FF15 D0C20410 call dword ptr [<&MFC71U.#ATL::CStringT; MFC71U.#ATL::CStringT > >::Mid_4101
10028B65 |. 8BC8 mov ecx, eax
10028B67 |. C64424 2C 01 mov byte ptr [esp+2C], 1
10028B6C |. FF15 8CC20410 call dword ptr [<&MFC71U.#ATL::CSimpleStringT::opera>; MFC71U.#ATL::CSimpleStringT::GetString_3391
10028B72 |. 50 push eax
10028B73 |. 8D4C24 08 lea ecx, dword ptr [esp+8]
10028B77 |. FF15 CCC20410 call dword ptr [<&MFC71U.#ATL::CStringT; MFC71U.#ATL::CStringT > >::CStringT > >_300
10028B7D |. 8D4C24 0C lea ecx, dword ptr [esp+C]
10028B81 |. C64424 2C 03 mov byte ptr [esp+2C], 3
10028B86 |. FF15 80C20410 call dword ptr [<&MFC71U.#ATL::CStringT; MFC71U.#ATL::CStringT > >::~CStringT > >_578
10028B8C |. 8B4C24 3C mov ecx, dword ptr [esp+3C]
10028B90 |. 51 push ecx
10028B91 |. 8D5424 08 lea edx, dword ptr [esp+8]
10028B95 |. 52 push edx
10028B96 |. E8 F5FEFFFF call ; 比较前5位是否为IMGCT
10028B9B |. 83C4 08 add esp, 8
10028B9E |. 84C0 test al, al
10028BA0 |. 0F85 B9000000 jnz
10028BA6 |. 56 push esi
10028BA7 |. 57 push edi
10028BA8 |. 8D7C24 1C lea edi, dword ptr [esp+1C]
10028BAC |. BE 06000000 mov esi, 6
10028BB1 >|> 6A 05 /push 5
10028BB3 |. 56 |push esi
10028BB4 |. 8D4424 20 |lea eax, dword ptr [esp+20]
10028BB8 |. 50 |push eax
10028BB9 |. 8D4C24 14 |lea ecx, dword ptr [esp+14]
10028BBD |. FF15 D0C20410 |call dword ptr [<&MFC71U.#ATL::CStringT; MFC71U.#ATL::CStringT > >::Mid_4101
10028BC3 |. 8BC8 |mov ecx, eax
10028BC5 |. C64424 34 04 |mov byte ptr [esp+34], 4
10028BCA |. FF15 8CC20410 |call dword ptr [<&MFC71U.#ATL::CSimpleStringT::oper>; MFC71U.#ATL::CSimpleStringT::GetString_3391
10028BD0 |. 50 |push eax
10028BD1 |. 8D4C24 14 |lea ecx, dword ptr [esp+14]
10028BD5 |. FF15 CCC20410 |call dword ptr [<&MFC71U.#ATL::CStringT; MFC71U.#ATL::CStringT > >::CStringT > >_300
10028BDB |. 8D4C24 18 |lea ecx, dword ptr [esp+18]
10028BDF |. C64424 34 06 |mov byte ptr [esp+34], 6
10028BE4 |. FF15 80C20410 |call dword ptr [<&MFC71U.#ATL::CStringT; MFC71U.#ATL::CStringT > >::~CStringT > >_578
10028BEA |. 8D4C24 10 |lea ecx, dword ptr [esp+10]
10028BEE |. FF15 58C20410 |call dword ptr [<&MFC71U.#ATL::CSimpleStringT::GetBuff>; MFC71U.#ATL::CSimpleStringT::GetBuffer_2463
10028BF4 |. 50 |push eax
10028BF5 |. E8 56FAFFFF |call ; 分别将00213,01913,05B12,04412转换成整数大小
10028BFA |. 83C4 04 |add esp, 4
10028BFD |. 8D4C24 10 |lea ecx, dword ptr [esp+10]
10028C01 |. 8907 |mov dword ptr [edi], eax
10028C03 |. C64424 34 03 |mov byte ptr [esp+34], 3
10028C08 |. FF15 3CC20410 |call dword ptr [<&MFC71U.#ATL::CStringT; MFC71U.#ATL::CStringT > >::~CStringT > >_578
10028C0E |. 83C6 06 |add esi, 6
10028C11 |. 83C7 04 |add edi, 4
10028C14 |. 83FE 1E |cmp esi, 1E
10028C17 |.^ 7C 98 \jl short
10028C19 |. 8B4C24 1C mov ecx, dword ptr [esp+1C] ; 00213
10028C1D |. 8B5424 24 mov edx, dword ptr [esp+24] ; 05B12
10028C21 |. 8B4424 40 mov eax, dword ptr [esp+40] ; 05D25
10028C25 |. 03D1 add edx, ecx ; 00213+05B12
10028C27 |. 3BD0 cmp edx, eax ; 00213+05B12==05D25 是否相等
10028C29 |. 5F pop edi
10028C2A |. 5E pop esi
10028C2B |. 75 32 jnz short
10028C2D |. 8B4C24 20 mov ecx, dword ptr [esp+20] ; 04412
10028C31 |. 8B5424 18 mov edx, dword ptr [esp+18] ; 01913
10028C35 |. 03CA add ecx, edx ; 01913+04412
10028C37 |. 3BC8 cmp ecx, eax ; 01913+04412==05D25 是否相等
10028C39 |. 75 24 jnz short
10028C3B |. 8D4C24 04 lea ecx, dword ptr [esp+4]
10028C3F |. FF15 3CC20410 call dword ptr [<&MFC71U.#ATL::CStringT; MFC71U.#ATL::CStringT > >::~CStringT > >_578
10028C45 |. 8D0C24 lea ecx, dword ptr [esp]
10028C48 |. FF15 80C20410 call dword ptr [<&MFC71U.#ATL::CStringT; MFC71U.#ATL::CStringT > >::~CStringT > >_578
10028C4E |. B0 01 mov al, 1
10028C50 |. 8B4C24 24 mov ecx, dword ptr [esp+24]
10028C54 |. 64:890D 00000>mov dword ptr fs:[0], ecx
10028C5B |. 83C4 30 add esp, 30
10028C5E |. C3 retn
10028C5F >|> 8D4C24 04 lea ecx, dword ptr [esp+4]
10028C63 |. FF15 3CC20410 call dword ptr [<&MFC71U.#ATL::CStringT; MFC71U.#ATL::CStringT > >::~CStringT > >_578
10028C69 >|> 8D0C24 lea ecx, dword ptr [esp]
10028C6C >|> FF15 80C20410 call dword ptr [<&MFC71U.#ATL::CStringT; MFC71U.#ATL::CStringT > >::~CStringT > >_578
10028C72 |. 8B4C24 24 mov ecx, dword ptr [esp+24]
10028C76 |. 32C0 xor al, al
10028C78 |. 64:890D 00000>mov dword ptr fs:[0], ecx
10028C7F |. 83C4 30 add esp, 30
10028C82 \. C3 retn
3,回顾加法运算
a,注册码是否为29位
b,0x5,0xB,0x11,0x17是否为“-”
c,前5位是否为IMGCT
d,0x6~0xA 加0x11~0x16对应的整数是否为05D25,0xc~0x10 加0x18~0x1D对应的整数是否为05D25
4,注册机
4.1 C版部分代码,骗人的,因为相加等于固定数,只是让它取相应的字符,组成注册码~!
void GenSerial(HWND hWnd)
{
int len;
int i,j,p,q;
char szName[MAX_NAME+1];
char szSerial[MAX_SERIAL]={"IMGCT-00213-01913-05B12-04412"};
char szRand1[14]={"0123456789ABCD"};
char szRand2[6]={"012345"};
char szRand3[3]={"012"};
srand((unsigned int)(time(0)));
i=rand()%5;
j=rand()%13;
p=rand()%2;
q=rand()%5;
szSerial[7]=szRand2[i];
szSerial[19]=szRand2[5-i];
szSerial[8]=szRand1[j];
szSerial[20]=szRand1[13-j];
szSerial[9]=szRand3
;
szSerial[21]=szRand3[2-p];
szSerial[10]=szRand2[q];
szSerial[22]=szRand2[5-q];
i=rand()%5;
j=rand()%13;
p=rand()%2;
q=rand()%5;
szSerial[13]=szRand2[i];
szSerial[25]=szRand2[5-i];
szSerial[14]=szRand1[j];
szSerial[26]=szRand1[13-j];
szSerial[15]=szRand3
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
|
|
|---|---|
|
|
