【文章标题】: GIF Movie Gear算法分析及注册机编写
【文章作者】: 红绡枫叶
【作者邮箱】: a474528738@163.com
【作者主页】: ---
【作者QQ号】: 474528738
【软件名称】: GIF Movie Gear 4.2.3
【软件大小】: 964 KB
【下载地址】: 已打包
【加壳方式】: 无
【保护方式】: 无
【编写语言】: Microsoft Visual C++ 7.0
【使用工具】: OD,PEID 0.94
【操作平台】: WIN 7
【软件介绍】: GIF动画制作软件,小巧玲珑
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
用PEID查壳,是Microsoft Visual C++ 7.0写的,软件非常小。写这个分析是为了照顾新手(本人也是),大侠可以不用看。
废话不多说。OD载入,随便输入,出现错误提示:The information you have provided is invalid. Please be sure that you typed it exactly as it was given to you.
查找出错字符串,来到:
00411EE0 /$ 8B4424 04 mov eax,dword ptr ss:[esp+4] /注意地址
00411EE4 |. 8B0D C4C24A00 mov ecx,dword ptr ds:[4AC2C4] ; (Initial CPU selection)
00411EEA |. 68 00020000 push 200 ; /Count = 200 (512.)
00411EEF |. 68 80BF4A00 push movgear.004ABF80 ; |The information you have provided is invalid. Please be sure that you typed it exactly as it was given to you.
00411EF4 |. 50 push eax ; |RsrcID
00411EF5 |. 51 push ecx ; |hInst => 00400000
00411EF6 |. FF15 C0F44700 call dword ptr ds:[<&USER32.LoadStringA>>; \LoadStringA
00411EFC |. 85C0 test eax,eax
00411EFE |. 74 0D je short movgear.00411F0D
00411F00 |. 3D 00020000 cmp eax,200
00411F05 |. 7D 06 jge short movgear.00411F0D
00411F07 |. B8 80BF4A00 mov eax,movgear.004ABF80 ; The information you have provided is invalid. Please be sure that you typed it exactly as it was given to you.
00411F0C |. C3 retn
00411F0D |> 33C0 xor eax,eax
00411F0F \. C3 retn
分析发现,真正的算法是下面的:
004341AB |. 8BFB mov edi,ebx
004341AD |. BE DF0B0000 mov esi,0BDF 注意这里,初始化 ESI=BDF
004341B2 |. 74 26 je short movgear.004341DA
004341B4 |> 0FBED2 /movsx edx,dl 把注册名依次放入dl
004341B7 |. 41 |inc ecx 控制次数,ECX=ECX+1
004341B8 |. 0FAFD1 |imul edx,ecx edx=EDX乘ECX
004341BB |. 03F2 |add esi,edx esi=esi+edx
004341BD |. 81FE BE170000 |cmp esi,17BE 如果esi>17be,则esi=esi-17BE
004341C3 |. 7E 06 |jle short movgear.004341CB
004341C5 |. 81EE BE170000 |sub esi,17BE
004341CB |> 83F9 0A |cmp ecx,0A 如果用户名长度>10,则esi=esi-17BE
004341CE |. 7E 02 |jle short movgear.004341D2
004341D0 |. 33C9 |xor ecx,ecx
004341D2 |> 8A57 01 |mov dl,byte ptr ds:[edi+1]
004341D5 |. 47 |inc edi
004341D6 |. 84D2 |test dl,dl
004341D8 |.^ 75 DA \jnz short movgear.004341B4
004341DA |> 3BF0 cmp esi,eax esi=eax 就注册成功
004341DC |. 75 15 jnz short movgear.004341F3
004341DE |. 5F pop edi
算法:把注册码从第八位到最后一位整个转换成数字放入eax,初始化 ESI=BDF, 把注册名依次放入dl,edx=EDX乘循环次数,esi=edx+esi。
如果esi>17be,则esi=esi-17BE,如果用户名长度>10,则esi=esi-17BE, esi=eax 就注册成功。
以下是注册机源代码(VB):
dim sname,name,tname,lname,code
sname=3039
name=Text1.text
lname=Len(name)
For i=1 To lname
tname=Asc(Mid(name,i,1))*i
sname=sname+tname
If sname>6078 Then
sname=sname-6078
End If
If lname>10 Then
sname=sname-6078
End if
Next
code="mg37fng"&CStr(sname)
text1.captain=code
注:VB源码并不完善,不能输入中文用户名,如那位写出完整版的源码(哪种语言都可以),小弟就在此感激不尽。