BatConV 批量转换专家 v2.0 算法分析
日期:2005年4月1日 (节日快乐^_^) 破解人:Baby2008
――――――――――――――――――――――――――――――――――――――――――― 【软件名称】:BatConV 批量转换专家 v2.0
【软件大小】:1.73M
【下载地址】:http://mtqy.web165.net/html/bcvjieshao.html
【软件简介】:
A.可批量完成常用办公文档间格式转换
1.可完成Word文档到纯文本文档、RTF文档、网页文档的转换
2.可完成网页文档到纯文本文档、RTF文档的转换
3.可完成WPS文档到纯文本文档的转换
注:第一项功能需要预装Word软件支持。
B.可批量完成常用桌面数据库文档间的转换
1.可完成Excel文档到有格式纯文本文件、Foxpro数据库文件、Access数据库文件、网页文件的转换。
2.可完成Access数据库文件到有格式纯文本文件、Foxpro数据库文件、Excel文档、网页文件的转换。
3.可完成有格式纯文本文件到Excel文档、Foxpro数据库文件、Access数据库文件、网页文件的转换。
注:有关Excel文档的操作需要预装Excel软件支持。
C.可批量完成Flash文件和Flash可执行文件格式间的转换
D.可批量完成文件的自定义改名
【软件限制】:转换文件数量限制
【保护方式】:注册码保护
【破解声明】:初学Crack,只是感兴趣,失误之处敬请诸位大侠赐教!
【破解工具】:DeDe3.50.04 Fix超强版、OllyDbg.V1.10聆风听雨汉化第二版、ASPackDie v1.41.HH、PeID 0.93 ―――――――――――――――――――――――――――――――――――――――――――
【破解过程】:
先用PEID 0.93汉化增强版查壳,ASPack 2.12 -> Alexey Solodovnikov,用ASPackDie v1.41轻松搞定默认另存为unpacked.ExE,脱壳后再用
PEID 0.93汉化增强版查壳,Borland Delphi 6.0 - 7.0,程序没有自校验,脱壳后能直接运行,按照习惯,请出Delphi的“朋友”DeDe3.50,查得
注册验证按钮TRegForm@FlatButton2Click地址004CAAFC, OD载入unpacked.ExE并在004CAAFC下断,F9运行,输入注册信息,点击验证,OD中断在:
004CAAFC > 55 push ebp ; <-TRegForm@FlatButton2Click
004CAAFD 8BEC mov ebp,esp
004CAAFF B9 2C000000 mov ecx,2C
004CAB04 6A 00 push 0
004CAB06 6A 00 push 0
004CAB08 49 dec ecx
004CAB09 ^ 75 F9 jnz short Unpacked.004CAB04
004CAB0B 8945 FC mov dword ptr ss:[ebp-4],eax
004CAB0E 33C0 xor eax,eax
004CAB10 55 push ebp
004CAB11 68 EBAE4C00 push <Unpacked.->System.@HandleFinall>
004CAB16 64:FF30 push dword ptr fs:[eax]
004CAB19 64:8920 mov dword ptr fs:[eax],esp
004CAB1C 8D95 E8FEFFFF lea edx,dword ptr ss:[ebp-118]
004CAB22 8B45 FC mov eax,dword ptr ss:[ebp-4]
004CAB25 > 8B80 08030000 mov eax,dword ptr ds:[eax+308] ; *TRegForm.FlatEdit1:TFlatEdit
004CAB2B > E8 6C86F8FF call Unpacked.0045319C ; ->Controls.TControl.GetText(TControl):TCaption;
004CAB30 8B85 E8FEFFFF mov eax,dword ptr ss:[ebp-118] ; 用户码
004CAB36 8D95 ECFEFFFF lea edx,dword ptr ss:[ebp-114]
004CAB3C > E8 FFE6F3FF call Unpacked.00409240 ; ->SysUtils.Trim(AnsiString):AnsiString;overload;
004CAB41 83BD ECFEFFFF 0>cmp dword ptr ss:[ebp-114],0 ; 注册码前后去空格后不能为空
004CAB48 75 0F jnz short Unpacked.004CAB59
004CAB4A B8 04AF4C00 mov eax,Unpacked.004CAF04 ; 为空提示先获取用户码
004CAB4F > E8 34BCF6FF call Unpacked.00436788 ; ->Dialogs.ShowMessage(AnsiString);
004CAB54 E9 05030000 jmp Unpacked.004CAE5E
004CAB59 68 00010000 push 100
004CAB5E 8D85 F0FEFFFF lea eax,dword ptr ss:[ebp-110]
004CAB64 50 push eax
004CAB65 > E8 B6C7F3FF call <jmp.&kernel32.GetSystemDirector>; ->kernel32.GetSystemDirectoryA()
004CAB6A 8D95 E4FEFFFF lea edx,dword ptr ss:[ebp-11C]
004CAB70 8B45 FC mov eax,dword ptr ss:[ebp-4]
004CAB73 > 8B80 14030000 mov eax,dword ptr ds:[eax+314] ; *TRegForm.FlatEdit2:TFlatEdit
004CAB79 > E8 1E86F8FF call Unpacked.0045319C ; ->Controls.TControl.GetText(TControl):TCaption;
004CAB7E FFB5 E4FEFFFF push dword ptr ss:[ebp-11C] ; 第1格注册码,记为SN1
004CAB84 8D95 E0FEFFFF lea edx,dword ptr ss:[ebp-120]
004CAB8A 8B45 FC mov eax,dword ptr ss:[ebp-4]
004CAB8D > 8B80 20030000 mov eax,dword ptr ds:[eax+320] ; *TRegForm.FlatEdit5:TFlatEdit
004CAB93 > E8 0486F8FF call Unpacked.0045319C ; ->Controls.TControl.GetText(TControl):TCaption;
004CAB98 FFB5 E0FEFFFF push dword ptr ss:[ebp-120] ; 第4格注册码,记为SN4
004CAB9E 8D95 DCFEFFFF lea edx,dword ptr ss:[ebp-124]
004CABA4 8B45 FC mov eax,dword ptr ss:[ebp-4]
004CABA7 > 8B80 18030000 mov eax,dword ptr ds:[eax+318] ; *TRegForm.FlatEdit3:TFlatEdit
004CABAD > E8 EA85F8FF call Unpacked.0045319C ; ->Controls.TControl.GetText(TControl):TCaption;
004CABB2 FFB5 DCFEFFFF push dword ptr ss:[ebp-124] ; 第2格注册码,记为SN2
004CABB8 8D95 D8FEFFFF lea edx,dword ptr ss:[ebp-128]
004CABBE 8B45 FC mov eax,dword ptr ss:[ebp-4]
004CABC1 > 8B80 1C030000 mov eax,dword ptr ds:[eax+31C] ; *TRegForm.FlatEdit4:TFlatEdit
004CABC7 > E8 D085F8FF call Unpacked.0045319C ; ->Controls.TControl.GetText(TControl):TCaption;
004CABCC FFB5 D8FEFFFF push dword ptr ss:[ebp-128] ; 第3格注册码,记为SN3
004CABD2 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004CABD5 BA 04000000 mov edx,4
004CABDA > E8 29A2F3FF call Unpacked.00404E08 ; ->System.@LStrCatN;
004CABDF 8D8D D4FEFFFF lea ecx,dword ptr ss:[ebp-12C]
004CABE5 A1 7CCA4D00 mov eax,dword ptr ds:[4DCA7C]
004CABEA 8B00 mov eax,dword ptr ds:[eax]
004CABEC 8B55 F8 mov edx,dword ptr ss:[ebp-8] ; SN1+SN4+SN2+SN3
004CABEF > E8 A0580000 call <Unpacked.<-TMainForm@unNum> ; ->:TMainForm.unNum()
004CABF4 8B95 D4FEFFFF mov edx,dword ptr ss:[ebp-12C] ; Serail1=unNum(SN1+SN4+SN2+SN3)
004CABFA 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004CABFD > E8 1E9FF3FF call Unpacked.00404B20 ; ->System.@LStrLAsg(void;void;void;void);
004CAC02 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004CAC05 50 push eax
004CAC06 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004CAC09 > E8 3AA1F3FF call Unpacked.00404D48 ; ->System.@LStrLen(String):Integer;<+>
004CAC0E 8BC8 mov ecx,eax ; Serail1的长度
004CAC10 83E9 06 sub ecx,6 ; Lenght(Serail1)-6
004CAC13 BA 01000000 mov edx,1
004CAC18 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; Serail1
004CAC1B > E8 88A3F3FF call Unpacked.00404FA8 ; ->System.@LStrCopy;
004CAC20 8D8D D0FEFFFF lea ecx,dword ptr ss:[ebp-130]
004CAC26 A1 7CCA4D00 mov eax,dword ptr ds:[4DCA7C]
004CAC2B 8B00 mov eax,dword ptr ds:[eax]
004CAC2D 8B55 F8 mov edx,dword ptr ss:[ebp-8] ; Serail2=Substr(Serail1,1,Length-6)
004CAC30 > E8 5F580000 call <Unpacked.<-TMainForm@unNum> ; ->:TMainForm.unNum()
004CAC35 8B95 D0FEFFFF mov edx,dword ptr ss:[ebp-130] ; Serail3=unNum(Serail2)
004CAC3B 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004CAC3E > E8 DD9EF3FF call Unpacked.00404B20 ; ->System.@LStrLAsg(void;void;void;void);
004CAC43 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004CAC46 50 push eax
004CAC47 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; Serail3
004CAC4A > E8 F9A0F3FF call Unpacked.00404D48 ; ->System.@LStrLen(String):Integer;<+>
004CAC4F 8BC8 mov ecx,eax ; Length(Serail3)
004CAC51 83E9 06 sub ecx,6 ; Lenght(Serail3)-6
004CAC54 BA 07000000 mov edx,7
004CAC59 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004CAC5C > E8 47A3F3FF call Unpacked.00404FA8 ; ->System.@LStrCopy;
004CAC61 8D95 CCFEFFFF lea edx,dword ptr ss:[ebp-134]
004CAC67 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; Serail4=Substr(Serail3,7,Length(Serail3)-6)
004CAC6A > E8 D1E5F3FF call Unpacked.00409240 ; ->SysUtils.Trim(AnsiString):AnsiString;overload;
004CAC6F 83BD CCFEFFFF 0>cmp dword ptr ss:[ebp-134],0
004CAC76 0F84 E2010000 je Unpacked.004CAE5E ; Serail4不能为空
004CAC7C 8D95 C4FEFFFF lea edx,dword ptr ss:[ebp-13C]
004CAC82 8B45 FC mov eax,dword ptr ss:[ebp-4]
004CAC85 > 8B80 08030000 mov eax,dword ptr ds:[eax+308] ; *TRegForm.FlatEdit1:TFlatEdit
004CAC8B > E8 0C85F8FF call Unpacked.0045319C ; ->Controls.TControl.GetText(TControl):TCaption;
004CAC90 8B85 C4FEFFFF mov eax,dword ptr ss:[ebp-13C] ; 用户码
004CAC96 8D95 C8FEFFFF lea edx,dword ptr ss:[ebp-138]
004CAC9C > E8 9FE5F3FF call Unpacked.00409240 ; ->SysUtils.Trim(AnsiString):AnsiString;overload;
004CACA1 8B95 C8FEFFFF mov edx,dword ptr ss:[ebp-138] ; 用户码
004CACA7 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; Serail4
004CACAA > E8 E5A1F3FF call Unpacked.00404E94 ; ->System.@LStrCmp;
004CACAF 0F85 A9010000 jnz Unpacked.004CAE5E ; Serail4<>用户码,则Over!
004CACB5 B2 01 mov dl,1
004CACB7 A1 40A34300 mov eax,dword ptr ds:[43A340]
004CACBC > E8 7FF7F6FF call Unpacked.0043A440 ; ->Registry.TRegistry.Create(TRegistry;boolean);overload;
004CACC1 8945 F0 mov dword ptr ss:[ebp-10],eax
004CACC4 33C0 xor eax,eax
004CACC6 55 push ebp
004CACC7 68 FAAD4C00 push <Unpacked.->System.@HandleFinall>
004CACCC 64:FF30 push dword ptr fs:[eax]
004CACCF 64:8920 mov dword ptr fs:[eax],esp
004CACD2 BA 02000080 mov edx,80000002
004CACD7 8B45 F0 mov eax,dword ptr ss:[ebp-10] ; 以下代码功能:在注册表中保存注册信息
004CACDA > E8 01F8F6FF call Unpacked.0043A4E0 ; ->Registry.TRegistry.SetRootKey(TRegistry;HKEY);
004CACDF B1 01 mov cl,1
004CACE1 BA 30AF4C00 mov edx,Unpacked.004CAF30 ; ASCII "Software\Microsoft\Windows\CurrentVersion\Once"
004CACE6 8B45 F0 mov eax,dword ptr ss:[ebp-10]
004CACE9 > E8 56F8F6FF call Unpacked.0043A544 ;
->Registry.TRegistry.OpenKey(TRegistry;AnsiString;Boolean):Boolean;
004CACEE 84C0 test al,al
004CACF0 0F84 EE000000 je Unpacked.004CADE4
004CACF6 B9 09000000 mov ecx,9
004CACFB BA 68AF4C00 mov edx,Unpacked.004CAF68 ; ASCII "App"
004CAD00 8B45 F0 mov eax,dword ptr ss:[ebp-10]
004CAD03 > E8 7CFAF6FF call Unpacked.0043A784 ;
->Registry.TRegistry.WriteInteger(TRegistry;AnsiString;Integer);
004CAD08 8D95 BCFEFFFF lea edx,dword ptr ss:[ebp-144]
004CAD0E 8B45 FC mov eax,dword ptr ss:[ebp-4]
004CAD11 > 8B80 08030000 mov eax,dword ptr ds:[eax+308] ; *TRegForm.FlatEdit1:TFlatEdit
004CAD17 > E8 8084F8FF call Unpacked.0045319C ; ->Controls.TControl.GetText(TControl):TCaption;
004CAD1C 8B85 BCFEFFFF mov eax,dword ptr ss:[ebp-144] ; 用户码
004CAD22 8D95 C0FEFFFF lea edx,dword ptr ss:[ebp-140]
004CAD28 > E8 13E5F3FF call Unpacked.00409240 ; ->SysUtils.Trim(AnsiString):AnsiString;overload;
004CAD2D 8B8D C0FEFFFF mov ecx,dword ptr ss:[ebp-140]
004CAD33 BA 74AF4C00 mov edx,Unpacked.004CAF74 ; ASCII "Guest"
004CAD38 8B45 F0 mov eax,dword ptr ss:[ebp-10]
004CAD3B > E8 A0F9F6FF call Unpacked.0043A6E0 ;
->Registry.TRegistry.WriteString(TRegistry;AnsiString;AnsiString);
004CAD40 8D95 B0FEFFFF lea edx,dword ptr ss:[ebp-150]
004CAD46 8B45 FC mov eax,dword ptr ss:[ebp-4]
004CAD49 > 8B80 14030000 mov eax,dword ptr ds:[eax+314] ; *TRegForm.FlatEdit2:TFlatEdit
004CAD4F > E8 4884F8FF call Unpacked.0045319C ; ->Controls.TControl.GetText(TControl):TCaption;
004CAD54 FFB5 B0FEFFFF push dword ptr ss:[ebp-150]
004CAD5A 8D95 ACFEFFFF lea edx,dword ptr ss:[ebp-154]
004CAD60 8B45 FC mov eax,dword ptr ss:[ebp-4]
004CAD63 > 8B80 20030000 mov eax,dword ptr ds:[eax+320] ; *TRegForm.FlatEdit5:TFlatEdit
004CAD69 > E8 2E84F8FF call Unpacked.0045319C ; ->Controls.TControl.GetText(TControl):TCaption;
004CAD6E FFB5 ACFEFFFF push dword ptr ss:[ebp-154]
004CAD74 8D95 A8FEFFFF lea edx,dword ptr ss:[ebp-158]
004CAD7A 8B45 FC mov eax,dword ptr ss:[ebp-4]
004CAD7D > 8B80 18030000 mov eax,dword ptr ds:[eax+318] ; *TRegForm.FlatEdit3:TFlatEdit
004CAD83 > E8 1484F8FF call Unpacked.0045319C ; ->Controls.TControl.GetText(TControl):TCaption;
004CAD88 FFB5 A8FEFFFF push dword ptr ss:[ebp-158]
004CAD8E 8D95 A4FEFFFF lea edx,dword ptr ss:[ebp-15C]
004CAD94 8B45 FC mov eax,dword ptr ss:[ebp-4]
004CAD97 > 8B80 1C030000 mov eax,dword ptr ds:[eax+31C] ; *TRegForm.FlatEdit4:TFlatEdit
004CAD9D > E8 FA83F8FF call Unpacked.0045319C ; ->Controls.TControl.GetText(TControl):TCaption;
004CADA2 FFB5 A4FEFFFF push dword ptr ss:[ebp-15C]
004CADA8 8D85 B4FEFFFF lea eax,dword ptr ss:[ebp-14C]
004CADAE BA 04000000 mov edx,4
004CADB3 > E8 50A0F3FF call Unpacked.00404E08 ; ->System.@LStrCatN;
004CADB8 8B85 B4FEFFFF mov eax,dword ptr ss:[ebp-14C]
004CADBE 8D95 B8FEFFFF lea edx,dword ptr ss:[ebp-148]
004CADC4 > E8 77E4F3FF call Unpacked.00409240 ; ->SysUtils.Trim(AnsiString):AnsiString;overload;
004CADC9 8B8D B8FEFFFF mov ecx,dword ptr ss:[ebp-148]
004CADCF BA 84AF4C00 mov edx,Unpacked.004CAF84 ; ASCII "ZBC"
004CADD4 8B45 F0 mov eax,dword ptr ss:[ebp-10]
004CADD7 > E8 04F9F6FF call Unpacked.0043A6E0 ;
->Registry.TRegistry.WriteString(TRegistry;AnsiString;AnsiString);
004CADDC 8B45 F0 mov eax,dword ptr ss:[ebp-10]
004CADDF > E8 CCF6F6FF call Unpacked.0043A4B0 ; ->Registry.TRegistry.CloseKey(TRegistry);
004CADE4 33C0 xor eax,eax
004CADE6 5A pop edx
004CADE7 59 pop ecx
004CADE8 59 pop ecx
004CADE9 64:8910 mov dword ptr fs:[eax],edx
004CADEC 68 01AE4C00 push Unpacked.004CAE01
004CADF1 8B45 F0 mov eax,dword ptr ss:[ebp-10]
004CADF4 > E8 1F8EF3FF call Unpacked.00403C18 ; ->System.TObject.Free(TObject);
004CADF9 C3 retn
004CADFA >^ E9 AD95F3FF jmp Unpacked.004043AC ; ->System.@HandleFinally;
004CADFF ^ EB F0 jmp short Unpacked.004CADF1
004CAE01 8D85 A0FEFFFF lea eax,dword ptr ss:[ebp-160]
004CAE07 8D95 F0FEFFFF lea edx,dword ptr ss:[ebp-110]
004CAE0D B9 00010000 mov ecx,100
004CAE12 > E8 E19EF3FF call Unpacked.00404CF8 ;
->System.@LStrFromArray(String;String;PAnsiChar;Integer);<+>
004CAE17 8B95 A0FEFFFF mov edx,dword ptr ss:[ebp-160]
004CAE1D 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004CAE20 B9 90AF4C00 mov ecx,Unpacked.004CAF90 ; ASCII "\Winpt.inf"
004CAE25 > E8 6A9FF3FF call Unpacked.00404D94 ; ->System.@LStrCat3;
004CAE2A 8B45 F4 mov eax,dword ptr ss:[ebp-C]
004CAE2D > E8 16EBF3FF call Unpacked.00409948 ; ->SysUtils.FileExists(AnsiString):Boolean;
004CAE32 84C0 test al,al
004CAE34 74 08 je short Unpacked.004CAE3E
004CAE36 8B45 F4 mov eax,dword ptr ss:[ebp-C]
004CAE39 > E8 3EEBF3FF call Unpacked.0040997C ; ->Grids.TInplaceEdit.Visible(TInplaceEdit):Boolean;<+>
004CAE3E 8B45 FC mov eax,dword ptr ss:[ebp-4]
004CAE41 > 8B80 34030000 mov eax,dword ptr ds:[eax+334] ; *TRegForm.FlatPanel2:TFlatPanel
004CAE47 B2 01 mov dl,1
004CAE49 > E8 6E82F8FF call Unpacked.004530BC ; ->Controls.TControl.SetVisible(TControl;Boolean);
004CAE4E 8B45 FC mov eax,dword ptr ss:[ebp-4]
004CAE51 > 8B80 34030000 mov eax,dword ptr ds:[eax+334] ; *TRegForm.FlatPanel2:TFlatPanel
004CAE57 B2 05 mov dl,5
004CAE59 > E8 5278F8FF call Unpacked.004526B0 ; ->Controls.TControl.SetAlign(TControl;TAlign);
004CAE5E 33C0 xor eax,eax
004CAE60 5A pop edx
004CAE61 59 pop ecx
004CAE62 59 pop ecx
004CAE63 64:8910 mov dword ptr fs:[eax],edx
004CAE66 68 F5AE4C00 push Unpacked.004CAEF5
004CAE6B 8D85 A0FEFFFF lea eax,dword ptr ss:[ebp-160]
004CAE71 > E8 129CF3FF call Unpacked.00404A88 ; ->System.@LStrClr(void;void);
004CAE76 8D85 A4FEFFFF lea eax,dword ptr ss:[ebp-15C]
004CAE7C BA 05000000 mov edx,5
004CAE81 > E8 269CF3FF call Unpacked.00404AAC ; ->System.@LStrArrayClr(void;void;Integer);
004CAE86 8D85 B8FEFFFF lea eax,dword ptr ss:[ebp-148]
004CAE8C > E8 F79BF3FF call Unpacked.00404A88 ; ->System.@LStrClr(void;void);
004CAE91 8D85 BCFEFFFF lea eax,dword ptr ss:[ebp-144]
004CAE97 > E8 EC9BF3FF call Unpacked.00404A88 ; ->System.@LStrClr(void;void);
004CAE9C 8D85 C0FEFFFF lea eax,dword ptr ss:[ebp-140]
004CAEA2 > E8 E19BF3FF call Unpacked.00404A88 ; ->System.@LStrClr(void;void);
004CAEA7 8D85 C4FEFFFF lea eax,dword ptr ss:[ebp-13C]
004CAEAD > E8 D69BF3FF call Unpacked.00404A88 ; ->System.@LStrClr(void;void);
004CAEB2 8D85 C8FEFFFF lea eax,dword ptr ss:[ebp-138]
004CAEB8 BA 04000000 mov edx,4
004CAEBD > E8 EA9BF3FF call Unpacked.00404AAC ; ->System.@LStrArrayClr(void;void;Integer);
004CAEC2 8D85 D8FEFFFF lea eax,dword ptr ss:[ebp-128]
004CAEC8 BA 05000000 mov edx,5
004CAECD > E8 DA9BF3FF call Unpacked.00404AAC ; ->System.@LStrArrayClr(void;void;Integer);
004CAED2 8D85 ECFEFFFF lea eax,dword ptr ss:[ebp-114]
004CAED8 > E8 AB9BF3FF call Unpacked.00404A88 ; ->System.@LStrClr(void;void);
004CAEDD 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004CAEE0 BA 02000000 mov edx,2
004CAEE5 > E8 C29BF3FF call Unpacked.00404AAC ; ->System.@LStrArrayClr(void;void;Integer);
004CAEEA C3 retn
004CAEEB >^ E9 BC94F3FF jmp Unpacked.004043AC ; ->System.@HandleFinally;
004CAEF0 ^ E9 76FFFFFF jmp Unpacked.004CAE6B
004CAEF5 8BE5 mov esp,ebp
004CAEF7 5D pop ebp
004CAEF8 C3 retn 由上面代码可知注册验证流程:
Serail1=unNum(SN1+SN4+SN2+SN3)
Serail2=Substr(Serail1,1,Length-6)
Serail3=unNum(Serail2)
Serail4=Substr(Serail3,7,Length(Serail3)-6)
Serail4=用户码 注册成功!!保存注册信息到注册表Software\Microsoft\Windows\CurrentVersion\Once下。 反推注册算法逆向模型:
1、由用户码Serail4推算Serail3 = "******用户码" ,用户码12位,可得Serail3的长度位18位
2、Serail2=unNum'(Serail3)
3、Serail1=Serail2****** ,Serail3长度为18位,由Serail2=Substr(Serail1,1,Length-6)可得Serail1为24位
4、SN1+SN4+SN2+SN3=unNum'(Serail1),得到24位注册码,调整顺序输出即可。
说明:a、unNum'()为unNum()的反函数;b、******指的是长度为6位的任意字符串。 用户码由硬盘的物理序列号:CSH305DAJB16RB516->求得用户码:B5SHD1J0C3A6,这个是我的本本硬盘序列号,你的不可能和我的相同哦,具体
获取硬盘序列号及用户码不重要,在此省略。
注册算法的关键是:分析函数unNum()功能及推算出他的反函数unNum'(),继续……
unNum() 函数 004CABEF > E8 A0580000 call <Unpacked.<-TMainForm@unNum>
-------------------------------------------------------------------------------------------------------------
0004D0494 > 55 push ebp ; <-TMainForm@unNum
004D0495 8BEC mov ebp,esp
004D0497 6A 00 push 0
004D0499 6A 00 push 0
004D049B 6A 00 push 0
004D049D 6A 00 push 0
004D049F 6A 00 push 0
004D04A1 6A 00 push 0
004D04A3 6A 00 push 0
004D04A5 6A 00 push 0
004D04A7 53 push ebx
004D04A8 56 push esi
004D04A9 57 push edi
004D04AA 8BF9 mov edi,ecx
004D04AC 8955 FC mov dword ptr ss:[ebp-4],edx ; 待转换字符串,记为String
004D04AF 8B45 FC mov eax,dword ptr ss:[ebp-4]
004D04B2 > E8 814AF3FF call Unpacked.00404F38 ; ->System.@LStrAddRef(void;void):Pointer;
004D04B7 33C0 xor eax,eax
004D04B9 55 push ebp
004D04BA 68 B8054D00 push <Unpacked.->System.@HandleFinall>
004D04BF 64:FF30 push dword ptr fs:[eax]
004D04C2 64:8920 mov dword ptr fs:[eax],esp
004D04C5 8BC7 mov eax,edi
004D04C7 > E8 BC45F3FF call Unpacked.00404A88 ; ->System.@LStrClr(void;void);
004D04CC 8B45 FC mov eax,dword ptr ss:[ebp-4] ; String
004D04CF > E8 7448F3FF call Unpacked.00404D48 ; ->System.@LStrLen(String):Integer;<+>
004D04D4 8BD8 mov ebx,eax ; String长度,记为Length
004D04D6 D1FB sar ebx,1 ; length/2
004D04D8 79 03 jns short Unpacked.004D04DD ; 符号位为0时转移
004D04DA 83D3 00 adc ebx,0
004D04DD 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004D04E0 50 push eax
004D04E1 8BCB mov ecx,ebx ; ecx=length/2
004D04E3 BA 01000000 mov edx,1
004D04E8 8B45 FC mov eax,dword ptr ss:[ebp-4] ; String
004D04EB > E8 B84AF3FF call Unpacked.00404FA8 ; ->System.@LStrCopy;(保存String[前1/2])
004D04F0 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004D04F3 50 push eax
004D04F4 8D53 01 lea edx,dword ptr ds:[ebx+1] ; Length/2+1
004D04F7 8BCB mov ecx,ebx ; Length/2
004D04F9 8B45 FC mov eax,dword ptr ss:[ebp-4] ; String
004D04FC > E8 A74AF3FF call Unpacked.00404FA8 ; ->System.@LStrCopy;
004D0501 8D55 EC lea edx,dword ptr ss:[ebp-14]
004D0504 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; String[前1/2]
004D0507 > E8 508BF6FF call Unpacked.0043905C ; ->StrUtils.ReverseString(AnsiString):AnsiString;
004D050C 8B55 EC mov edx,dword ptr ss:[ebp-14] ; String [前1/2]倒序
004D050F 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004D0512 > E8 0946F3FF call Unpacked.00404B20 ; ->System.@LStrLAsg(void;void;void;void);
004D0517 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; String [前1/2]倒序
004D051A > E8 2948F3FF call Unpacked.00404D48 ; ->System.@LStrLen(String):Integer;<+>
004D051F 8BF0 mov esi,eax
004D0521 85F6 test esi,esi
004D0523 7E 45 jle short Unpacked.004D056A ; 倒序后的长度<=0 ,Over!
004D0525 BB 01000000 mov ebx,1 ; i=1
004D052A FF75 F0 push dword ptr ss:[ebp-10]
004D052D 8D45 E8 lea eax,dword ptr ss:[ebp-18]
004D0530 50 push eax
004D0531 B9 01000000 mov ecx,1 ; 1
004D0536 8BD3 mov edx,ebx
004D0538 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; 逐个取 String[前1/2]倒序 中的字符
004D053B > E8 684AF3FF call Unpacked.00404FA8 ; ->System.@LStrCopy;
004D0540 FF75 E8 push dword ptr ss:[ebp-18]
004D0543 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
004D0546 50 push eax
004D0547 B9 01000000 mov ecx,1
004D054C 8BD3 mov edx,ebx
004D054E 8B45 F4 mov eax,dword ptr ss:[ebp-C] ; 逐个取 String[后1/2] 中的字符
004D0551 > E8 524AF3FF call Unpacked.00404FA8 ; ->System.@LStrCopy;
004D0556 FF75 E4 push dword ptr ss:[ebp-1C]
004D0559 8D45 F0 lea eax,dword ptr ss:[ebp-10]
004D055C BA 03000000 mov edx,3
004D0561 > E8 A248F3FF call Unpacked.00404E08 ; ->System.@LStrCatN;
004D0566 43 inc ebx
004D0567 4E dec esi
004D0568 ^ 75 C0 jnz short Unpacked.004D052A
004D056A 8B45 F0 mov eax,dword ptr ss:[ebp-10] ; 连接后的字符串 记为:Result
004D056D > E8 D647F3FF call Unpacked.00404D48 ; ->System.@LStrLen(String):Integer;<+>
004D0572 8BF0 mov esi,eax ; Result 长度
004D0574 85F6 test esi,esi
004D0576 7E 25 jle short Unpacked.004D059D ; Result长度<=0,Over!
004D0578 BB 01000000 mov ebx,1 ; 1
004D057D 8D45 E0 lea eax,dword ptr ss:[ebp-20]
004D0580 8B55 F0 mov edx,dword ptr ss:[ebp-10] ; Result
004D0583 8A541A FF mov dl,byte ptr ds:[edx+ebx-1] ; 取Result[i]
004D0587 80EA 02 sub dl,2 ; Result[i]-2
004D058A > E8 E146F3FF call Unpacked.00404C70 ; ->System.@LStrFromChar(String;String;Char);<+>
004D058F 8B55 E0 mov edx,dword ptr ss:[ebp-20] ; Char(Result[i]-2)
004D0592 8BC7 mov eax,edi
004D0594 > E8 B747F3FF call Unpacked.00404D50 ; ->System.@LStrCat;
004D0599 43 inc ebx
004D059A 4E dec esi
004D059B ^ 75 E0 jnz short Unpacked.004D057D ; 循环到Length[Result]结束
004D059D 33C0 xor eax,eax
004D059F 5A pop edx
004D05A0 59 pop ecx
004D05A1 59 pop ecx
004D05A2 64:8910 mov dword ptr fs:[eax],edx
004D05A5 68 BF054D00 push Unpacked.004D05BF
004D05AA 8D45 E0 lea eax,dword ptr ss:[ebp-20]
004D05AD BA 08000000 mov edx,8
004D05B2 > E8 F544F3FF call Unpacked.00404AAC ; ->System.@LStrArrayClr(void;void;Integer);
004D05B7 C3 retn
004D05B8 >^ E9 EF3DF3FF jmp Unpacked.004043AC ; ->System.@HandleFinally;
004D05BD ^ EB EB jmp short Unpacked.004D05AA
004D05BF 5F pop edi
004D05C0 5E pop esi
004D05C1 5B pop ebx
004D05C2 8BE5 mov esp,ebp
004D05C4 5D pop ebp
004D05C5 C3 retn
-------------------------------------------------------------------------------------------------------------
用Delphi实现如下:
Function unNum(Str: String): String;
Var
i: Integer;
Str1, Str2: String;
Begin
i := Length(Str) Shr 1;
Str1 := Copy(Str, 1, i);
Str2 := Copy(Str, i + 1, Length(Str));
Str1 := ReverseString(Str1);
For i := 1 To Length(Str) Shr 1 Do Result := Result + Str1[i] + Str2[i];
For i := 1 To Length(Result) Do Result[i] := Char(Ord(Result[i]) - 2);
End;
unNum()的反函数Num()代码:
Function Num(Str: String): String;
Var
i: Integer;
S, Str1, Str2: String;
Begin
SetLength(S, Length(Str));
SetLength(Str1, Length(Str) Shr 1);
SetLength(Str2, Length(Str) Shr 1);
For i := 1 To Length(Str) Do S[i] := Char(Ord(Str[i]) + 2);
For i := 1 To Length(S) Shr 1 Do
Begin
Str1[i] := S[i * 2 - 1];
Str2[i] := S[i * 2];
End;
Result := ReverseString(Str1) + Str2;
End; 至此,可以对照算法逆向模型,写出注册机:
Procedure TForm1.btn1Click(Sender: TObject);
Var
SN1, SN2, SN3: String;
Begin
SN3 := 'ABCDEF' + edt1.Text; //edt1.Text位12位用户码,'ABCDEF'可以为任意长度为6位的字符串
SN2 := Num(SN3);
SN1 := SN2 + 'ABCDEF';
edtSN1.Text := Copy(Num(SN1), 1, 6); //调整输出顺序
edtSN2.Text := Copy(Num(SN1), 13, 6);
edtSN3.Text := Copy(Num(SN1), 19, 6);
edtSN4.Text := Copy(Num(SN1), 7, 6);
End;
【算法总结】:软件界面有点仿Windows优化大师的嫌疑,做的比较美观,注册算法应该是作者自己设计的吧,主要是字符串的变换操作,求反
函数比较简单,因变换过程中会舍弃部分字符,导致一个用户码可以对应多个注册码,部分注册码可能不可显示,建议注册时采取复制、粘贴
操作。
我机器上的注册信息:
用户码:B5SHD1J0C3A6
注册码:GEC759-GHFGFJ-L4:DFH-HEIWNE
注册信息保存在注册表Software\Microsoft\Windows\CurrentVersion\Once下,删除即可重新注册。
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!