-
-
再贴篇菜文 打字测试(TT) V2.0 注册算法分析
-
发表于: 2004-6-19 18:51 5316
-
打字测试(TT) V2.0 注册算法分析
下载地址:http://www.skycn.com/soft/17100.html
软件介绍:
本软件是LCX软件工作室制作的,供练习、测试中英文打字的朋友使用。经过多次试用,效果很好。特别适合很多学生在局域网中进行中英文的打字测试,是计算机教师的好帮手。
主要特点:
1、 管理员可以自由设置1~3篇英文和1~3中文,以供测试者输入。
2、 对照输入,系统自动核对,若输入错误则给出提示符号(?)。
3、 管理员可以设置测试的最长时间,单位以秒计算。
4、 测试结束时,系统自动上报成绩。管理员并可设置回收成绩的本地磁盘或网络路径。
5、本软件不修改注册表,安全可靠。
-------------------------------------------------------------------------------------------------
在登录窗口击右键,在弹出菜单出选“注册”,是一个窗口,有4个EDIT,每个EDIT可输入5个字符。但他说,请输入SN1,难道还有SN2?不管它先继续。
检查一下,是DELPHI,打开以后找那个注册的FORM,找了半天发现那个FORM里有一堆EDIT,远不止四个。一头雾水地继续看下面BUTTON1CLICK的过程。
这个软件注册码计算部分相当长,但并不复杂,都是重复性的动作.不过注册机可不好写,但可用的注册码是很好得到的.
我在SN1里输入ABCDE-FGHIJ-KLMNO-PKRST,(注意第17位必须为'K'),经跟踪发现把前16个字符计算所得的结果为8,也就是说只要修改后3位使(18)*(19)+(20)结果为8即可.
SN2同样,先输入ABCDE-FGHIJ-KLMNO-PQRST-UVWXM-ZABCD-EFGHI-JKLMN-OPQRS-TUVWX, (注意第25位必须为'M'),
经计算前45位结果为2,也就是说只要使(46)*(47)*(48)+(49)+(50)结果为2即可.
一组可用的注册码:
SN1: ABCDE-FGHIJ-KLMNO-PKAAW
SN2: ABCDE-FGHIJ-KLMNO-PQRST-UVWXM-ZABCD-EFGHI-JKLMN-OPQRS-AAAAC
btw:在注册成功后发现登录窗口的标题变成了乱码,我猜是那判断完成后莫名其妙的计算导致的,但不影响使用我也懒得想了,哪位大大有兴趣可以看一下。
下载地址:http://www.skycn.com/soft/17100.html
软件介绍:
本软件是LCX软件工作室制作的,供练习、测试中英文打字的朋友使用。经过多次试用,效果很好。特别适合很多学生在局域网中进行中英文的打字测试,是计算机教师的好帮手。
主要特点:
1、 管理员可以自由设置1~3篇英文和1~3中文,以供测试者输入。
2、 对照输入,系统自动核对,若输入错误则给出提示符号(?)。
3、 管理员可以设置测试的最长时间,单位以秒计算。
4、 测试结束时,系统自动上报成绩。管理员并可设置回收成绩的本地磁盘或网络路径。
5、本软件不修改注册表,安全可靠。
-------------------------------------------------------------------------------------------------
在登录窗口击右键,在弹出菜单出选“注册”,是一个窗口,有4个EDIT,每个EDIT可输入5个字符。但他说,请输入SN1,难道还有SN2?不管它先继续。
检查一下,是DELPHI,打开以后找那个注册的FORM,找了半天发现那个FORM里有一堆EDIT,远不止四个。一头雾水地继续看下面BUTTON1CLICK的过程。
004587D8 55 push ebp 004587D9 8BEC mov ebp, esp 004587DB 81C440FDFFFF add esp, $FFFFFD40 004587E1 53 push ebx 004587E2 56 push esi 004587E3 57 push edi 004587E4 33C9 xor ecx, ecx 004587E6 898D88FDFFFF mov [ebp+$FFFFFD88], ecx 004587EC 898D84FDFFFF mov [ebp+$FFFFFD84], ecx 004587F2 898D80FDFFFF mov [ebp+$FFFFFD80], ecx 004587F8 898D7CFDFFFF mov [ebp+$FFFFFD7C], ecx 004587FE 894DF8 mov [ebp-$08], ecx 00458801 8945FC mov [ebp-$04], eax 00458804 B914000000 mov ecx, $00000014 00458809 8D45A8 lea eax, [ebp-$58] * Reference to object String | 0045880C 8B1594104000 mov edx, [$00401094] * Reference to: System.@InitializeArray(Pointer;Pointer;Cardinal); | 00458812 E811C7FAFF call 00404F28 00458817 33C0 xor eax, eax 00458819 55 push ebp * Possible String Reference to: '?苞?瓦^[?]? | 0045881A 68D08E4500 push $00458ED0 ***** TRY | 0045881F 64FF30 push dword ptr fs:[eax] 00458822 648920 mov fs:[eax], esp 00458825 8D9588FDFFFF lea edx, [ebp+$FFFFFD88] * Reference to Form3 | 0045882B 8B45FC mov eax, [ebp-$04] * Reference to control TForm3.Edit1 : TEdit | 0045882E 8B80FC020000 mov eax, [eax+$02FC] * Reference to: Controls.TControl.GetText(TControl):TCaption; | 00458834 E887EAFDFF call 004372C0 ;取EDIT1 00458839 FFB588FDFFFF push dword ptr [ebp+$FFFFFD88] 0045883F 8D9584FDFFFF lea edx, [ebp+$FFFFFD84] * Reference to Form3 | 00458845 8B45FC mov eax, [ebp-$04] * Reference to control TForm3.Edit2 : TEdit | 00458848 8B8000030000 mov eax, [eax+$0300] * Reference to: Controls.TControl.GetText(TControl):TCaption; | 0045884E E86DEAFDFF call 004372C0 ;取EDIT2 00458853 FFB584FDFFFF push dword ptr [ebp+$FFFFFD84] 00458859 8D9580FDFFFF lea edx, [ebp+$FFFFFD80] * Reference to Form3 | 0045885F 8B45FC mov eax, [ebp-$04] * Reference to control TForm3.Edit3 : TEdit | 00458862 8B8004030000 mov eax, [eax+$0304] * Reference to: Controls.TControl.GetText(TControl):TCaption; | 00458868 E853EAFDFF call 004372C0 ;取EDIT3 0045886D FFB580FDFFFF push dword ptr [ebp+$FFFFFD80] 00458873 8D957CFDFFFF lea edx, [ebp+$FFFFFD7C] * Reference to Form3 | 00458879 8B45FC mov eax, [ebp-$04] * Reference to control TForm3.Edit4 : TEdit | 0045887C 8B8008030000 mov eax, [eax+$0308] * Reference to: Controls.TControl.GetText(TControl):TCaption; | 00458882 E839EAFDFF call 004372C0 ;取EDIT4 00458887 FFB57CFDFFFF push dword ptr [ebp+$FFFFFD7C] 0045888D 8D45F8 lea eax, [ebp-$08] 00458890 BA04000000 mov edx, $00000004 * Reference to: System.Proc_004048A8 | 00458895 E80EC0FAFF call 004048A8 ;把四个EDIT里的内容连起来 0045889A BF01000000 mov edi, $00000001 0045889F 8D5DA8 lea ebx, [ebp-$58] 004588A2 8DB558FFFFFF lea esi, [ebp+$FFFFFF58] 004588A8 53 push ebx ;循环开始 004588A9 B901000000 mov ecx, $00000001 ;参数,取一个字符 004588AE 8BD7 mov edx, edi ;参数,字符的位置,循环递增,依次取每一个 004588B0 8B45F8 mov eax, [ebp-$08] ;参数,输入的字符串SN1 * Reference to: System.@LStrCopy; | 004588B3 E888C1FAFF call 00404A40 ;取得字符 004588B8 33C0 xor eax, eax 004588BA 8906 mov [esi], eax 004588BC 8B03 mov eax, [ebx] ;字符放在EAX 004588BE BAE88E4500 mov edx, $00458EE8 ;458EE8处为'A' * Reference to: System.@LStrCmp; | 004588C3 E864C0FAFF call 0040492C ;作比较 004588C8 7504 jnz 004588CE 004588CA 33C0 xor eax, eax ;如果相等的话EAX=0 004588CC 8906 mov [esi], eax ;把0放在内存中 004588CE 8B03 mov eax, [ebx] 004588D0 BAF48E4500 mov edx, $00458EF4 ;此处为'B' * Reference to: System.@LStrCmp; | 004588D5 E852C0FAFF call 0040492C 004588DA 7506 jnz 004588E2 004588DC C70601000000 mov dword ptr [esi], $00000001 ;字符为'B'放入1 004588E2 8B03 mov eax, [ebx] 004588E4 BA008F4500 mov edx, $00458F00 * Reference to: System.@LStrCmp; | 004588E9 E83EC0FAFF call 0040492C 004588EE 7506 jnz 004588F6 004588F0 C70602000000 mov dword ptr [esi], $00000002 ;字符为'C'放入2 004588F6 8B03 mov eax, [ebx] 004588F8 BA0C8F4500 mov edx, $00458F0C * Reference to: System.@LStrCmp; | 004588FD E82AC0FAFF call 0040492C 00458902 7506 jnz 0045890A 00458904 C70603000000 mov dword ptr [esi], $00000003 ;字符为'D'放入3 0045890A 8B03 mov eax, [ebx] 0045890C BA188F4500 mov edx, $00458F18 * Reference to: System.@LStrCmp; | 00458911 E816C0FAFF call 0040492C 00458916 7506 jnz 0045891E 00458918 C70604000000 mov dword ptr [esi], $00000004 ;字符为'E'放入4 0045891E 8B03 mov eax, [ebx] 00458920 BA248F4500 mov edx, $00458F24 * Reference to: System.@LStrCmp; | 00458925 E802C0FAFF call 0040492C 0045892A 7506 jnz 00458932 0045892C C70605000000 mov dword ptr [esi], $00000005 ;字符为'F'放入5 ......(省略一部分) 总之对应关系为下表 'A'->0 'B'->1 'C'->2 'D'->3 'E'->4 'F'->5 'G'->6 'H'->7 'I'->A 'J'->B 'K'->C 'L'->D 'M'->E 'N'->F 'O'->0 'P'->1 'Q'->2 'R'->3 'S'->4 'T'->5 'U'->6 'V'->7 'W'->8 'X'->9 'Y'->8 'Z'->9 00458AAC 8B03 mov eax, [ebx] 00458AAE BA14904500 mov edx, $00459014 * Reference to: System.@LStrCmp; | 00458AB3 E874BEFAFF call 0040492C 00458AB8 7506 jnz 00458AC0 00458ABA C70609000000 mov dword ptr [esi], $00000009 00458AC0 47 inc edi 00458AC1 83C604 add esi, +$04 ;[ESI]内存指针后移4位 00458AC4 83C304 add ebx, +$04 00458AC7 83FF15 cmp edi, +$15 ;是否取完20个字符 00458ACA 0F85D8FDFFFF jnz 004588A8 ;循环结柬 00458AD0 837D980C cmp dword ptr [ebp-$68], +$0C ;[EBP-68]即第17个字符转换结果 00458AD4 0F859B030000 jnz 00458E75 ;结果必须为0C,查上表知第17个字符必须为K 00458ADA 8B8558FFFFFF mov eax, [ebp+$FFFFFF58] ;第1个字符转换结果 00458AE0 03855CFFFFFF add eax, [ebp+$FFFFFF5C] ;加上第2个字符转换结果 00458AE6 2B8560FFFFFF sub eax, dword ptr [ebp+$FFFFFF60] ;减第3个字符转换结果 00458AEC 038564FFFFFF add eax, [ebp+$FFFFFF64] ;加第4 00458AF2 2B8568FFFFFF sub eax, dword ptr [ebp+$FFFFFF68] ;减第5 00458AF8 03856CFFFFFF add eax, [ebp+$FFFFFF6C] ;加第6 00458AFE 2B8570FFFFFF sub eax, dword ptr [ebp+$FFFFFF70] ;减第7 00458B04 038574FFFFFF add eax, [ebp+$FFFFFF74] ;加第8 00458B0A 2B8578FFFFFF sub eax, dword ptr [ebp+$FFFFFF78] ;减第9 00458B10 03857CFFFFFF add eax, [ebp+$FFFFFF7C] ;加第10 00458B16 2B4580 sub eax, dword ptr [ebp-$80] ;减第11 00458B19 034584 add eax, [ebp-$7C] ;加第12 00458B1C 2B4588 sub eax, dword ptr [ebp-$78] ;减第13 00458B1F 03458C add eax, [ebp-$74] ;加第14 00458B22 2B4590 sub eax, dword ptr [ebp-$70] ;减第15 00458B25 034594 add eax, [ebp-$6C] ;加第16 00458B28 99 cdq 00458B29 33C2 xor eax, edx 00458B2B 2BC2 sub eax, edx ;这个应该是取上面结果的绝对值 00458B2D 8BC8 mov ecx, eax ;放在ECX,记为结果一 00458B2F 8B459C mov eax, [ebp-$64] ;取第18个字符转换结果 00458B32 F76DA0 imul dword ptr [ebp-$60] ;乘第19个字符转换结果 00458B35 0345A4 add eax, [ebp-$5C] ;加第20个字符转换结果 00458B38 99 cdq 00458B39 33C2 xor eax, edx 00458B3B 2BC2 sub eax, edx ;取绝对值,记为结果二 00458B3D 3BC8 cmp ecx, eax ;把结果一与结果二比较 00458B3F 0F850C030000 jnz 00458E51 ;不同就死翘翘,相同就过第一关了 :) 00458B45 8D8578FDFFFF lea eax, [ebp+$FFFFFD78] 00458B4B 8B9558FFFFFF mov edx, [ebp+$FFFFFF58] 00458B51 C1E204 shl edx, $04 00458B54 03955CFFFFFF add edx, [ebp+$FFFFFF5C] 00458B5A 885001 mov [eax+$01], dl 00458B5D C60001 mov byte ptr [eax], $01 00458B60 8D9578FDFFFF lea edx, [ebp+$FFFFFD78] 00458B66 8D8574FDFFFF lea eax, [ebp+$FFFFFD74] * Reference to: System.@PStrCpy(PShortString;PShortString); | 00458B6C E83FA2FAFF call 00402DB0 00458B71 8D8570FDFFFF lea eax, [ebp+$FFFFFD70] 00458B77 8B9560FFFFFF mov edx, [ebp+$FFFFFF60] 00458B7D C1E204 shl edx, $04 00458B80 039564FFFFFF add edx, [ebp+$FFFFFF64] 00458B86 885001 mov [eax+$01], dl 00458B89 C60001 mov byte ptr [eax], $01 00458B8C 8D9570FDFFFF lea edx, [ebp+$FFFFFD70] 00458B92 8D8574FDFFFF lea eax, [ebp+$FFFFFD74] 00458B98 B102 mov cl, $02 * Reference to: System.@PStrNCat; | 00458B9A E8E1A1FAFF call 00402D80 00458B9F 8D9574FDFFFF lea edx, [ebp+$FFFFFD74] 00458BA5 8D856CFDFFFF lea eax, [ebp+$FFFFFD6C] * Reference to: System.@PStrCpy(PShortString;PShortString); | 00458BAB E800A2FAFF call 00402DB0 00458BB0 8D8570FDFFFF lea eax, [ebp+$FFFFFD70] 00458BB6 8B9568FFFFFF mov edx, [ebp+$FFFFFF68] 00458BBC C1E204 shl edx, $04 00458BBF 03956CFFFFFF add edx, [ebp+$FFFFFF6C] 00458BC5 885001 mov [eax+$01], dl 00458BC8 C60001 mov byte ptr [eax], $01 00458BCB 8D9570FDFFFF lea edx, [ebp+$FFFFFD70] 00458BD1 8D856CFDFFFF lea eax, [ebp+$FFFFFD6C] 00458BD7 B103 mov cl, $03 * Reference to: System.@PStrNCat; | 00458BD9 E8A2A1FAFF call 00402D80 00458BDE 8D956CFDFFFF lea edx, [ebp+$FFFFFD6C] 00458BE4 8D8564FDFFFF lea eax, [ebp+$FFFFFD64] * Reference to: System.@PStrCpy(PShortString;PShortString); | 00458BEA E8C1A1FAFF call 00402DB0 00458BEF 8D8570FDFFFF lea eax, [ebp+$FFFFFD70] 00458BF5 8B9570FFFFFF mov edx, [ebp+$FFFFFF70] 00458BFB C1E204 shl edx, $04 00458BFE 039574FFFFFF add edx, [ebp+$FFFFFF74] 00458C04 885001 mov [eax+$01], dl 00458C07 C60001 mov byte ptr [eax], $01 00458C0A 8D9570FDFFFF lea edx, [ebp+$FFFFFD70] 00458C10 8D8564FDFFFF lea eax, [ebp+$FFFFFD64] 00458C16 B104 mov cl, $04 * Reference to: System.@PStrNCat; | 00458C18 E863A1FAFF call 00402D80 00458C1D 8D9564FDFFFF lea edx, [ebp+$FFFFFD64] 00458C23 8D855CFDFFFF lea eax, [ebp+$FFFFFD5C] * Reference to: System.@PStrCpy(PShortString;PShortString); | 00458C29 E882A1FAFF call 00402DB0 00458C2E 8D8570FDFFFF lea eax, [ebp+$FFFFFD70] 00458C34 8B9578FFFFFF mov edx, [ebp+$FFFFFF78] 00458C3A C1E204 shl edx, $04 00458C3D 03957CFFFFFF add edx, [ebp+$FFFFFF7C] 00458C43 885001 mov [eax+$01], dl 00458C46 C60001 mov byte ptr [eax], $01 00458C49 8D9570FDFFFF lea edx, [ebp+$FFFFFD70] 00458C4F 8D855CFDFFFF lea eax, [ebp+$FFFFFD5C] 00458C55 B105 mov cl, $05 * Reference to: System.@PStrNCat; | 00458C57 E824A1FAFF call 00402D80 00458C5C 8D955CFDFFFF lea edx, [ebp+$FFFFFD5C] 00458C62 8D8554FDFFFF lea eax, [ebp+$FFFFFD54] * Reference to: System.@PStrCpy(PShortString;PShortString); | 00458C68 E843A1FAFF call 00402DB0 00458C6D 8D8570FDFFFF lea eax, [ebp+$FFFFFD70] 00458C73 8B5580 mov edx, [ebp-$80] 00458C76 C1E204 shl edx, $04 00458C79 035584 add edx, [ebp-$7C] 00458C7C 885001 mov [eax+$01], dl 00458C7F C60001 mov byte ptr [eax], $01 00458C82 8D9570FDFFFF lea edx, [ebp+$FFFFFD70] 00458C88 8D8554FDFFFF lea eax, [ebp+$FFFFFD54] 00458C8E B106 mov cl, $06 * Reference to: System.@PStrNCat; | 00458C90 E8EBA0FAFF call 00402D80 00458C95 8D9554FDFFFF lea edx, [ebp+$FFFFFD54] 00458C9B 8D854CFDFFFF lea eax, [ebp+$FFFFFD4C] * Reference to: System.@PStrCpy(PShortString;PShortString); | 00458CA1 E80AA1FAFF call 00402DB0 00458CA6 8D8570FDFFFF lea eax, [ebp+$FFFFFD70] 00458CAC 8B5588 mov edx, [ebp-$78] 00458CAF C1E204 shl edx, $04 00458CB2 03558C add edx, [ebp-$74] 00458CB5 885001 mov [eax+$01], dl 00458CB8 C60001 mov byte ptr [eax], $01 00458CBB 8D9570FDFFFF lea edx, [ebp+$FFFFFD70] 00458CC1 8D854CFDFFFF lea eax, [ebp+$FFFFFD4C] 00458CC7 B107 mov cl, $07 * Reference to: System.@PStrNCat; | 00458CC9 E8B2A0FAFF call 00402D80 00458CCE 8D954CFDFFFF lea edx, [ebp+$FFFFFD4C] 00458CD4 8D8540FDFFFF lea eax, [ebp+$FFFFFD40] * Reference to: System.@PStrCpy(PShortString;PShortString); | 00458CDA E8D1A0FAFF call 00402DB0 00458CDF 8D8570FDFFFF lea eax, [ebp+$FFFFFD70] 00458CE5 8B5590 mov edx, [ebp-$70] 00458CE8 C1E204 shl edx, $04 00458CEB 035594 add edx, [ebp-$6C] 00458CEE 885001 mov [eax+$01], dl 00458CF1 C60001 mov byte ptr [eax], $01 00458CF4 8D9570FDFFFF lea edx, [ebp+$FFFFFD70] 00458CFA 8D8540FDFFFF lea eax, [ebp+$FFFFFD40] 00458D00 B108 mov cl, $08 * Reference to: System.@PStrNCat; | 00458D02 E879A0FAFF call 00402D80 00458D07 8D9540FDFFFF lea edx, [ebp+$FFFFFD40] 00458D0D 8D45F8 lea eax, [ebp-$08] * Reference to: System.@LStrFromString(String;String;ShortString;ShortString); | 00458D10 E877BAFAFF call 0040478C * Possible String Reference to: '..\ttcon.sys' | 00458D15 BA20904500 mov edx, $00459020 00458D1A 8D858CFDFFFF lea eax, [ebp+$FFFFFD8C] * Reference to: System.@Assign(TTextRec;TTextRec;String):Integer; | 00458D20 E83B9FFAFF call 00402C60 00458D25 8D858CFDFFFF lea eax, [ebp+$FFFFFD8C] * Reference to: System.@RewritText(TTextRec;TTextRec):Integer; | 00458D2B E8CC9CFAFF call 004029FC * Reference to: System.Proc_0040288C | 00458D30 E8579BFAFF call 0040288C 00458D35 8B55F8 mov edx, [ebp-$08] 00458D38 8D858CFDFFFF lea eax, [ebp+$FFFFFD8C] * Reference to: System.@Write0Bool(TTextRec;TTextRec;Boolean):Pointer; | 00458D3E E871BEFAFF call 00404BB4 * Reference to: System.@WriteLn(TTextRec;TTextRec):Pointer; | 00458D43 E848A5FAFF call 00403290 * Reference to: System.Proc_0040288C | 00458D48 E83F9BFAFF call 0040288C 00458D4D 8D858CFDFFFF lea eax, [ebp+$FFFFFD8C] * Reference to: System.@Close(TTextRec;TTextRec):Integer; | 00458D53 E8D09FFAFF call 00402D28 * Reference to: System.Proc_0040288C | 00458D58 E82F9BFAFF call 0040288C 上面一堆对字符串的操作,莫名其妙,我没有省略,还请高人指点. * Reference to Form3 | 00458D5D 8B45FC mov eax, [ebp-$04] * Reference to control TForm3.Button1 : TButton | 00458D60 8B8018030000 mov eax, [eax+$0318] 00458D66 33D2 xor edx, edx 00458D68 8B08 mov ecx, [eax] * Reference to method TButton.SetEnabled(Boolean) | 00458D6A FF5164 call dword ptr [ecx+$64] * Reference to Form3 | 00458D6D 8B45FC mov eax, [ebp-$04] * Reference to control TForm3.CheckBox1 : TCheckBox | 00458D70 8B801C030000 mov eax, [eax+$031C] 00458D76 33D2 xor edx, edx 00458D78 8B08 mov ecx, [eax] * Reference to method TCheckBox.SetChecked(Boolean) | 00458D7A FF91C8000000 call dword ptr [ecx+$00C8] * Reference to Form3 | 00458D80 8B45FC mov eax, [ebp-$04] * Reference to control TForm3.Panel2 : TPanel | 00458D83 8B80F4020000 mov eax, [eax+$02F4] 00458D89 B201 mov dl, $01 * Reference to: Controls.TControl.SetVisible(TControl;Boolean); | 00458D8B E850E4FDFF call 004371E0 00458D90 BA23010000 mov edx, $00000123 * Reference to Form3 | 00458D95 A1A8AC4600 mov eax, dword ptr [$0046ACA8] * Reference to: Controls.TControl.SetHeight(TControl;Integer); | 00458D9A E801DDFDFF call 00436AA0 * Reference to Form3 | 00458D9F 8B45FC mov eax, [ebp-$04] * Reference to control TForm3.Edit5 : TEdit | 00458DA2 8B8024030000 mov eax, [eax+$0324] 00458DA8 33D2 xor edx, edx 00458DAA 8B08 mov ecx, [eax] * Reference to method TEdit.SetEnabled(Boolean) | 00458DAC FF5164 call dword ptr [ecx+$64] * Reference to Form3 | 00458DAF 8B45FC mov eax, [ebp-$04] * Reference to control TForm3.Edit6 : TEdit | 00458DB2 8B8048030000 mov eax, [eax+$0348] 00458DB8 33D2 xor edx, edx 00458DBA 8B08 mov ecx, [eax] * Reference to method TEdit.SetEnabled(Boolean) | 00458DBC FF5164 call dword ptr [ecx+$64] * Reference to Form3 | 00458DBF 8B45FC mov eax, [ebp-$04] * Reference to control TForm3.Edit7 : TEdit | 00458DC2 8B804C030000 mov eax, [eax+$034C] 00458DC8 33D2 xor edx, edx 00458DCA 8B08 mov ecx, [eax] * Reference to method TEdit.SetEnabled(Boolean) | 00458DCC FF5164 call dword ptr [ecx+$64] .......(省略一部分) * Reference to Form3 | 00458E3F 8B45FC mov eax, [ebp-$04] * Reference to control TForm3.Button2 : TButton | 00458E42 8B8070030000 mov eax, [eax+$0370] 00458E48 33D2 xor edx, edx 00458E4A 8B08 mov ecx, [eax] * Reference to method TButton.SetEnabled(Boolean) | 00458E4C FF5164 call dword ptr [ecx+$64] 00458E4F EB46 jmp 00458E97 上面都是SetEnabled之类的东东,把隐藏在下面的SN2的输入框显示了出来,有10个EDIT!现在终于知道为什么这个FORM里有那么多文本框了. 00458E51 6A00 push $00 ;跳到这里就完蛋了 * Possible String Reference to: '错误报告' | 00458E53 B930904500 mov ecx, $00459030 * Possible String Reference to: '您输入的SN1码不正确,请仔细检查,重 | 新输入。' | 00458E58 BA3C904500 mov edx, $0045903C * Reference to TApplication instance | 00458E5D A18C8F4600 mov eax, dword ptr [$00468F8C] 00458E62 8B00 mov eax, [eax] * Reference to: Forms.TApplication.MessageBox(TApplication;PChar;PChar;Longint):Integer; | 00458E64 E847DDFFFF call 00456BB0 * Reference to Form3 | 00458E69 A1A8AC4600 mov eax, dword ptr [$0046ACA8] * Reference to: Controls.TControl.Refresh(TControl); | 00458E6E E889E9FDFF call 004377FC 00458E73 EB22 jmp 00458E97 00458E75 6A00 push $00 * Possible String Reference to: '错误报告' | 00458E77 B930904500 mov ecx, $00459030 * Possible String Reference to: '您输入的SN1码不正确,请仔细检查,重 | 新输入。' | 00458E7C BA3C904500 mov edx, $0045903C * Reference to TApplication instance | 00458E81 A18C8F4600 mov eax, dword ptr [$00468F8C] 00458E86 8B00 mov eax, [eax] * Reference to: Forms.TApplication.MessageBox(TApplication;PChar;PChar;Longint):Integer; | 00458E88 E823DDFFFF call 00456BB0 还有SN2的过程,只是字符多了,与上面大同小异.用相同的法则转换以后,前45位的结果交替加减,得到一个结果. 再用下面运算: 0045A6BA 8B8510FFFFFF mov eax, [ebp+$FFFFFF10] ;取第46个字符转换结果 0045A6C0 F7AD14FFFFFF imul dword ptr [ebp+$FFFFFF14] ;乘第47个字符转换结果 0045A6C6 F7AD18FFFFFF imul dword ptr [ebp+$FFFFFF18] ;乘第48个字符转换结果 0045A6CC 03851CFFFFFF add eax, [ebp+$FFFFFF1C] ;加第49个字符转换结果 0045A6D2 038520FFFFFF add eax, [ebp+$FFFFFF20] ;加第50个字符转换结果 0045A6D8 99 cdq 0045A6D9 33C2 xor eax, edx 0045A6DB 2BC2 sub eax, edx 0045A6DD 3BC8 cmp ecx, eax ;比较,两结果相同就大功告成 0045A6DF 0F85CB070000 jnz 0045AEB0
这个软件注册码计算部分相当长,但并不复杂,都是重复性的动作.不过注册机可不好写,但可用的注册码是很好得到的.
我在SN1里输入ABCDE-FGHIJ-KLMNO-PKRST,(注意第17位必须为'K'),经跟踪发现把前16个字符计算所得的结果为8,也就是说只要修改后3位使(18)*(19)+(20)结果为8即可.
SN2同样,先输入ABCDE-FGHIJ-KLMNO-PQRST-UVWXM-ZABCD-EFGHI-JKLMN-OPQRS-TUVWX, (注意第25位必须为'M'),
经计算前45位结果为2,也就是说只要使(46)*(47)*(48)+(49)+(50)结果为2即可.
一组可用的注册码:
SN1: ABCDE-FGHIJ-KLMNO-PKAAW
SN2: ABCDE-FGHIJ-KLMNO-PQRST-UVWXM-ZABCD-EFGHI-JKLMN-OPQRS-AAAAC
btw:在注册成功后发现登录窗口的标题变成了乱码,我猜是那判断完成后莫名其妙的计算导致的,但不影响使用我也懒得想了,哪位大大有兴趣可以看一下。
[峰会]看雪.第八届安全开发者峰会10月23日上海龙之梦大酒店举办!
赞赏记录
参与人
雪币
留言
时间
一路南寻
为你点赞~
2024-5-31 01:00
嫉妒的死远点
为你点赞~
2024-3-19 03:46
一笑人间万事
为你点赞~
2024-2-20 00:38
shinratensei
为你点赞~
2023-4-11 02:41
赞赏
他的文章
- [征文]一个伪Cracker的故事 13673
- 逻辑推理中猜数问题的研究 8147
- 看来大家都喜欢智力题啊,我出个稍微难一点的吧 7747
看原图
赞赏
雪币:
留言: