【破文标题】简单找到风云谷鼠标键盘精灵的注册码
【破解工具】Peid 0.93、OllyDbg
【破解平台】Windows XP SP2
【软件名称】风云谷鼠标键盘精灵
【保护方式】SN
【软件简介】《风云谷鼠标键盘精灵》可以录制鼠标键盘的动作,并保存为脚本。您可以通过执行脚本,让它代替您的双手,并且您可以选择执行次数和执行速度,自动执行一系列鼠标键盘动作。它简单易用,只要您在电脑前用双手可以完成的动作,它都可以替您完成。它用途极其广泛,比如:您可以用它制作网络游戏练功机器人,制作聊天室的刷屏机,用它制作QQ炸弹,用它制作论坛的灌水机,用它来刷网站流量。。。。。。更多的用途还需要您发挥自己的聪明才智去挖掘。
------------------------------------------------------------------------
【破解过程】1.Peid 0.93查壳为ASPack 2.12 -> Alexey Solodovnikov,用脱壳工具给它脱壳.
2.运行软件,输入用户名及注册码.提示重启验证.
3.OllyDbg载入脱壳后的程序,来到:
00465F7C > $ 55 PUSH EBP
00465F7D . 8BEC MOV EBP,ESP
00465F7F . 83C4 F0 ADD ESP,-10
00465F82 . B8 DC5D4600 MOV EAX,FygRec12.00465DDC
00465F87 . E8 8C08FAFF CALL FygRec12.00406818
右键-->Ultra字符串参考-->查找ASCII-->Ctrl+F-->输入"注册"-->可以找到很多有"注册"两个字的字符,可以在各处下断.
00465318 /. 55 PUSH EBP
00465319 |. 8BEC MOV EBP,ESP
0046531B |. B9 04000000 MOV ECX,4
00465320 |> 6A 00 /PUSH 0
00465322 |. 6A 00 |PUSH 0
00465324 |. 49 |DEC ECX
00465325 |.^ 75 F9 \JNZ SHORT FygRec12.00465320
00465327 |. 51 PUSH ECX
00465328 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0046532B |. 33C0 XOR EAX,EAX
0046532D |. 55 PUSH EBP
0046532E |. 68 DF554600 PUSH FygRec12.004655DF
00465333 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
00465336 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00465339 |. C705 989C4600>MOV DWORD PTR DS:[469C98],1
00465343 |. B2 01 MOV DL,1
00465345 |. A1 30334600 MOV EAX,DWORD PTR DS:[463330]
0046534A |. E8 E1E0FFFF CALL FygRec12.00463430
0046534F |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
00465352 |. BA 02000080 MOV EDX,80000002
00465357 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
0046535A |. E8 71E1FFFF CALL FygRec12.004634D0
0046535F |. 33C0 XOR EAX,EAX
00465361 |. 55 PUSH EBP
00465362 |. 68 44544600 PUSH FygRec12.00465444
00465367 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0046536A |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0046536D |. 33C9 XOR ECX,ECX
0046536F |. BA F4554600 MOV EDX,FygRec12.004655F4 ; \software\
00465374 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
00465377 |. E8 94E2FFFF CALL FygRec12.00463610
0046537C |. 84C0 TEST AL,AL
0046537E |. BA 08564600 MOV EDX,FygRec12.00465608 ; fygrec
00465383 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
00465386 |. E8 39E6FFFF CALL FygRec12.004639C4
0046538B |. 84C0 TEST AL,AL
0046538D |. BA 08564600 MOV EDX,FygRec12.00465608 ; fygrec
00465392 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
00465395 |. E8 9AE1FFFF CALL FygRec12.00463534
0046539A |. 33C9 XOR ECX,ECX
0046539C |. BA 18564600 MOV EDX,FygRec12.00465618 ; \software\fygrec
004653A1 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004653A4 |. E8 67E2FFFF CALL FygRec12.00463610
004653A9 |. 84C0 TEST AL,AL
004653AB |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C]
004653AE |. BA 34564600 MOV EDX,FygRec12.00465634 ; name
004653B3 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004653B6 |. E8 1DE4FFFF CALL FygRec12.004637D8 ; 取用户名
004653BB |. 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-8]
004653BE |. BA 44564600 MOV EDX,FygRec12.00465644 ; regcode
004653C3 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004653C6 |. E8 0DE4FFFF CALL FygRec12.004637D8 ; 取注册码
004653CB |. 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
004653CE |. BA 54564600 MOV EDX,FygRec12.00465654 ; soft
004653D3 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004653D6 |. E8 FDE3FFFF CALL FygRec12.004637D8
004653DB |. 837D F0 00 CMP DWORD PTR SS:[EBP-10],0
004653DF |. 75 12 JNZ SHORT FygRec12.004653F3
004653E1 |. B9 64564600 MOV ECX,FygRec12.00465664 ; 0
004653E6 |. BA 54564600 MOV EDX,FygRec12.00465654 ; soft
004653EB |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004653EE |. E8 B9E3FFFF CALL FygRec12.004637AC
004653F3 |> 837D F0 00 CMP DWORD PTR SS:[EBP-10],0
004653F7 |. 74 2D JE SHORT FygRec12.00465426
004653F9 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004653FC |. E8 C3F2F9FF CALL FygRec12.004046C4
00465401 |. 83F8 15 CMP EAX,15
00465404 |. 7D 20 JGE SHORT FygRec12.00465426
00465406 |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
00465409 |. B9 64564600 MOV ECX,FygRec12.00465664 ; 0
0046540E |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
00465411 |. E8 FAF2F9FF CALL FygRec12.00404710
00465416 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
00465419 |. BA 54564600 MOV EDX,FygRec12.00465654 ; soft
0046541E |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
00465421 |. E8 86E3FFFF CALL FygRec12.004637AC
00465426 |> 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
00465429 |. E8 72E0FFFF CALL FygRec12.004634A0
0046542E |. 33C0 XOR EAX,EAX
00465430 |. 5A POP EDX
00465431 |. 59 POP ECX
00465432 |. 59 POP ECX
00465433 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
00465436 |. 68 4B544600 PUSH FygRec12.0046544B
0046543B |> 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
0046543E |. E8 5DE2F9FF CALL FygRec12.004036A0
00465443 \. C3 RETN
00465444 .^ E9 EBE9F9FF JMP FygRec12.00403E34
00465449 .^ EB F0 JMP SHORT FygRec12.0046543B
0046544B . B8 70564600 MOV EAX,FygRec12.00465670 ; 166
00465450 . E8 AB33FAFF CALL FygRec12.00408800
00465455 . 50 PUSH EAX
00465456 . 6A 01 PUSH 1
00465458 . 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
0046545B . 50 PUSH EAX
0046545C . B9 7C564600 MOV ECX,FygRec12.0046567C ; fengyungu
00465461 . 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
00465464 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00465467 . E8 4CF1FFFF CALL FygRec12.004645B8 ; 重要算法CALL
0046546C . 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; 把真注册码给EAX
0046546F . 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; 把假注册码给EDX
00465472 . E8 91F3F9FF CALL FygRec12.00404808 ; 注册码比较
00465477 . 75 1A JNZ SHORT FygRec12.00465493 ; 不相等就OVER
00465479 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0046547C . 8B80 5C030000 MOV EAX,DWORD PTR DS:[EAX+35C]
00465482 . 33D2 XOR EDX,EDX
00465484 . E8 5F74FDFF CALL FygRec12.0043C8E8
00465489 . E8 8EF4FFFF CALL FygRec12.0046491C
0046548E . E9 CA000000 JMP FygRec12.0046555D
00465493 > 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
00465496 . E8 29F2F9FF CALL FygRec12.004046C4
0046549B . 83F8 13 CMP EAX,13
0046549E . 0F8E B9000000 JLE FygRec12.0046555D
004654A4 . 6A 40 PUSH 40
004654A6 . B9 88564600 MOV ECX,FygRec12.00465688 ; 对不起
004654AB . BA 90564600 MOV EDX,FygRec12.00465690 ; 试用期已到,请注册
004654B0 . A1 4C814600 MOV EAX,DWORD PTR DS:[46814C]
004654B5 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
004654B7 . E8 4075FFFF CALL FygRec12.0045C9FC
004654BC . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004654BF . 8B80 F4020000 MOV EAX,DWORD PTR DS:[EAX+2F4]
004654C5 . 33D2 XOR EDX,EDX
004654C7 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
004654C9 . FF51 64 CALL DWORD PTR DS:[ECX+64]
004654CC . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004654CF . 8B80 00030000 MOV EAX,DWORD PTR DS:[EAX+300]
004654D5 . 33D2 XOR EDX,EDX
004654D7 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
004654D9 . FF51 64 CALL DWORD PTR DS:[ECX+64]
004654DC . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004654DF . 8B80 04030000 MOV EAX,DWORD PTR DS:[EAX+304]
004654E5 . 33D2 XOR EDX,EDX
004654E7 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
004654E9 . FF51 64 CALL DWORD PTR DS:[ECX+64]
004654EC . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004654EF . 8B80 F0020000 MOV EAX,DWORD PTR DS:[EAX+2F0]
004654F5 . 33D2 XOR EDX,EDX
004654F7 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
004654F9 . FF51 64 CALL DWORD PTR DS:[ECX+64]
004654FC . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004654FF . 8B80 08030000 MOV EAX,DWORD PTR DS:[EAX+308]
00465505 . 33D2 XOR EDX,EDX
00465507 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
00465509 . FF51 64 CALL DWORD PTR DS:[ECX+64]
0046550C . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0046550F . 8B80 4C030000 MOV EAX,DWORD PTR DS:[EAX+34C]
00465515 . 33D2 XOR EDX,EDX
00465517 . E8 E4ECFCFF CALL FygRec12.00434200
0046551C . 33C0 XOR EAX,EAX
0046551E . A3 989C4600 MOV DWORD PTR DS:[469C98],EAX
00465523 . 6A 00 PUSH 0
00465525 . 6A 00 PUSH 0
00465527 . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
0046552A . 33C0 XOR EAX,EAX
0046552C . E8 13D5F9FF CALL FygRec12.00402A44
00465531 . 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
00465534 . 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
00465537 . E8 3435FAFF CALL FygRec12.00408A70
0046553C . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
0046553F . BA AC564600 MOV EDX,FygRec12.004656AC ; reg.chm::/1.htm
00465544 . E8 83F1F9FF CALL FygRec12.004046CC
00465549 . 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
0046554C . 50 PUSH EAX
0046554D . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00465550 . E8 F7DAFDFF CALL FygRec12.0044304C
00465555 . 50 PUSH EAX
00465556 . E8 55F0FFFF CALL <JMP.&hhctrl.HtmlHelpA>
0046555B . EB 5A JMP SHORT FygRec12.004655B7
0046555D > E8 A6F5FFFF CALL FygRec12.00464B08
00465562 . E8 B9F4FFFF CALL FygRec12.00464A20
00465567 . A1 4C814600 MOV EAX,DWORD PTR DS:[46814C]
0046556C . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0046556E . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00465571 . 8990 D4000000 MOV DWORD PTR DS:[EAX+D4],EDX
00465577 . C780 D0000000>MOV DWORD PTR DS:[EAX+D0],FygRec12.00465>
00465581 . A1 5C814600 MOV EAX,DWORD PTR DS:[46815C]
00465586 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
00465588 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0046558B . 8950 34 MOV DWORD PTR DS:[EAX+34],EDX
0046558E . C740 30 D0564>MOV DWORD PTR DS:[EAX+30],FygRec12.00465>; 入口地址
00465595 . A1 5C814600 MOV EAX,DWORD PTR DS:[46815C]
0046559A . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0046559C . 8B50 28 MOV EDX,DWORD PTR DS:[EAX+28]
0046559F . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004655A2 . 8B80 FC020000 MOV EAX,DWORD PTR DS:[EAX+2FC]
004655A8 . E8 C7C4FFFF CALL FygRec12.00461A74
004655AD . 33D2 XOR EDX,EDX
004655AF . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004655B2 . E8 19010000 CALL FygRec12.004656D0
004655B7 > 33C0 XOR EAX,EAX
004655B9 . 5A POP EDX
004655BA . 59 POP ECX
004655BB . 59 POP ECX
004655BC . 64:8910 MOV DWORD PTR FS:[EAX],EDX
004655BF . 68 E6554600 PUSH FygRec12.004655E6
004655C4 > 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004655C7 . BA 03000000 MOV EDX,3
004655CC . E8 5FEEF9FF CALL FygRec12.00404430
004655D1 . 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
004655D4 . BA 04000000 MOV EDX,4
004655D9 . E8 52EEF9FF CALL FygRec12.00404430
004655DE . C3 RETN
004655DF .^ E9 50E8F9FF JMP FygRec12.00403E34
004655E4 .^ EB DE JMP SHORT FygRec12.004655C4
004655E6 . 8BE5 MOV ESP,EBP
004655E8 . 5D POP EBP
004655E9 . C3 RETN
-----------------CALL FygRec12.004645B8-------------------
004645B8 /$ 55 PUSH EBP
004645B9 |. 8BEC MOV EBP,ESP
004645BB |. 83C4 C4 ADD ESP,-3C
004645BE |. 53 PUSH EBX
004645BF |. 56 PUSH ESI
004645C0 |. 57 PUSH EDI
004645C1 |. 33DB XOR EBX,EBX
004645C3 |. 895D C4 MOV DWORD PTR SS:[EBP-3C],EBX
004645C6 |. 895D CC MOV DWORD PTR SS:[EBP-34],EBX
004645C9 |. 895D C8 MOV DWORD PTR SS:[EBP-38],EBX
004645CC |. 895D D4 MOV DWORD PTR SS:[EBP-2C],EBX
004645CF |. 895D D0 MOV DWORD PTR SS:[EBP-30],EBX
004645D2 |. 895D D8 MOV DWORD PTR SS:[EBP-28],EBX
004645D5 |. 895D F0 MOV DWORD PTR SS:[EBP-10],EBX
004645D8 |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX ; 把一固定字符串"fengyungu"给SS:[EBP-8]
004645DB |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX ; 用户名给堆栈SS:[EBP-4]
004645DE |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004645E1 |. E8 C602FAFF CALL FygRec12.004048AC
004645E6 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004645E9 |. E8 BE02FAFF CALL FygRec12.004048AC
004645EE |. 33C0 XOR EAX,EAX
004645F0 |. 55 PUSH EBP
004645F1 |. 68 BD474600 PUSH FygRec12.004647BD
004645F6 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004645F9 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004645FC |. 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
00464600 |. 75 0D JNZ SHORT FygRec12.0046460F
00464602 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
00464605 |. BA D8474600 MOV EDX,FygRec12.004647D8 ; fengxiao
0046460A |. E8 95FEF9FF CALL FygRec12.004044A4
0046460F |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00464612 |. E8 AD00FAFF CALL FygRec12.004046C4
00464617 |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
0046461A |. 33F6 XOR ESI,ESI
0046461C |. 807D 0C 00 CMP BYTE PTR SS:[EBP+C],0
00464620 |. 0F84 99000000 JE FygRec12.004646BF
00464626 |. 8B7D 10 MOV EDI,DWORD PTR SS:[EBP+10]
00464629 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0046462C |. 50 PUSH EAX ; /Arg1
0046462D |. 897D DC MOV DWORD PTR SS:[EBP-24],EDI ; |
00464630 |. C645 E0 00 MOV BYTE PTR SS:[EBP-20],0 ; |
00464634 |. 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24] ; |
00464637 |. 33C9 XOR ECX,ECX ; |
00464639 |. B8 EC474600 MOV EAX,FygRec12.004647EC ; |%1.2x
0046463E |. E8 C94CFAFF CALL FygRec12.0040930C ; \FygRec12.0040930C
00464643 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00464646 |. E8 7900FAFF CALL FygRec12.004046C4
0046464B |. 85C0 TEST EAX,EAX ; 判断用户名是否为空
0046464D |. 0F8E 2F010000 JLE FygRec12.00464782
00464653 |. 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX ; 用户名位数给堆栈SS:[EBP-1C]
00464656 |. C745 EC 01000>MOV DWORD PTR SS:[EBP-14],1 ; 赋初值1
0046465D |> 8B45 FC /MOV EAX,DWORD PTR SS:[EBP-4] ; 把用户名给EAX
00464660 |. 8B55 EC |MOV EDX,DWORD PTR SS:[EBP-14]
00464663 |. 0FB64410 FF |MOVZX EAX,BYTE PTR DS:[EAX+EDX-1] ; 顺序取用户名HEX码
00464668 |. 03C7 |ADD EAX,EDI ; 用户名HEX码加EDI值(EDI初值是0XA6)
0046466A |. B9 FF000000 |MOV ECX,0FF ; 把商0XFF给ECX
0046466F |. 99 |CDQ
00464670 |. F7F9 |IDIV ECX ; EAX/ECX,商给EAX,余数给EDX
00464672 |. 8BDA |MOV EBX,EDX ; 把余数给EBX
00464674 |. 3B75 F4 |CMP ESI,DWORD PTR SS:[EBP-C]
00464677 |. 7D 03 |JGE SHORT FygRec12.0046467C
00464679 |. 46 |INC ESI
0046467A |. EB 05 |JMP SHORT FygRec12.00464681
0046467C |> BE 01000000 |MOV ESI,1
00464681 |> 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8] ; 把一固定字符串"fengyungu"给EAX
00464684 |. 0FB64430 FF |MOVZX EAX,BYTE PTR DS:[EAX+ESI-1] ; 顺序取固定字符串HEX码
00464689 |. 33D8 |XOR EBX,EAX ; 固定字符串HEX码与上面的求的余数作异或运算
0046468B |. 8D45 D8 |LEA EAX,DWORD PTR SS:[EBP-28]
0046468E |. 50 |PUSH EAX ; /Arg1
0046468F |. 895D DC |MOV DWORD PTR SS:[EBP-24],EBX ; |
00464692 |. C645 E0 00 |MOV BYTE PTR SS:[EBP-20],0 ; |
00464696 |. 8D55 DC |LEA EDX,DWORD PTR SS:[EBP-24] ; |
00464699 |. 33C9 |XOR ECX,ECX ; |
0046469B |. B8 EC474600 |MOV EAX,FygRec12.004647EC ; |%1.2x
004646A0 |. E8 674CFAFF |CALL FygRec12.0040930C ; \FygRec12.0040930C
004646A5 |. 8B55 D8 |MOV EDX,DWORD PTR SS:[EBP-28]
004646A8 |. 8D45 F0 |LEA EAX,DWORD PTR SS:[EBP-10]
004646AB |. E8 1C00FAFF |CALL FygRec12.004046CC
004646B0 |. 8BFB |MOV EDI,EBX
004646B2 |. FF45 EC |INC DWORD PTR SS:[EBP-14]
004646B5 |. FF4D E4 |DEC DWORD PTR SS:[EBP-1C]
004646B8 |.^ 75 A3 \JNZ SHORT FygRec12.0046465D
004646BA |. E9 C3000000 JMP FygRec12.00464782
004646BF |> 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
004646C2 |. 50 PUSH EAX
004646C3 |. B9 02000000 MOV ECX,2
004646C8 |. BA 01000000 MOV EDX,1
004646CD |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004646D0 |. E8 4702FAFF CALL FygRec12.0040491C
004646D5 |. 8B4D D0 MOV ECX,DWORD PTR SS:[EBP-30]
004646D8 |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
004646DB |. BA FC474600 MOV EDX,FygRec12.004647FC ; $
004646E0 |. E8 2B00FAFF CALL FygRec12.00404710
004646E5 |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
004646E8 |. E8 1341FAFF CALL FygRec12.00408800
004646ED |. 8BF8 MOV EDI,EAX
004646EF |. C745 EC 03000>MOV DWORD PTR SS:[EBP-14],3
004646F6 |> 8D45 C8 /LEA EAX,DWORD PTR SS:[EBP-38]
004646F9 |. 50 |PUSH EAX
004646FA |. B9 02000000 |MOV ECX,2
004646FF |. 8B55 EC |MOV EDX,DWORD PTR SS:[EBP-14]
00464702 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00464705 |. E8 1202FAFF |CALL FygRec12.0040491C
0046470A |. 8B4D C8 |MOV ECX,DWORD PTR SS:[EBP-38]
0046470D |. 8D45 CC |LEA EAX,DWORD PTR SS:[EBP-34]
00464710 |. BA FC474600 |MOV EDX,FygRec12.004647FC ; $
00464715 |. E8 F6FFF9FF |CALL FygRec12.00404710
0046471A |. 8B45 CC |MOV EAX,DWORD PTR SS:[EBP-34]
0046471D |. E8 DE40FAFF |CALL FygRec12.00408800
00464722 |. 8BD8 |MOV EBX,EAX
00464724 |. 3B75 F4 |CMP ESI,DWORD PTR SS:[EBP-C]
00464727 |. 7D 03 |JGE SHORT FygRec12.0046472C
00464729 |. 46 |INC ESI
0046472A |. EB 05 |JMP SHORT FygRec12.00464731
0046472C |> BE 01000000 |MOV ESI,1
00464731 |> 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
00464734 |. 0FB64430 FF |MOVZX EAX,BYTE PTR DS:[EAX+ESI-1]
00464739 |. 33C3 |XOR EAX,EBX
0046473B |. 8945 E8 |MOV DWORD PTR SS:[EBP-18],EAX
0046473E |. 3B7D E8 |CMP EDI,DWORD PTR SS:[EBP-18]
00464741 |. 7C 0F |JL SHORT FygRec12.00464752
00464743 |. 8B45 E8 |MOV EAX,DWORD PTR SS:[EBP-18]
00464746 |. 05 FF000000 |ADD EAX,0FF
0046474B |. 2BC7 |SUB EAX,EDI
0046474D |. 8945 E8 |MOV DWORD PTR SS:[EBP-18],EAX
00464750 |. EB 03 |JMP SHORT FygRec12.00464755
00464752 |> 297D E8 |SUB DWORD PTR SS:[EBP-18],EDI
00464755 |> 8D45 C4 |LEA EAX,DWORD PTR SS:[EBP-3C]
00464758 |. 8B55 E8 |MOV EDX,DWORD PTR SS:[EBP-18]
0046475B |. E8 8CFEF9FF |CALL FygRec12.004045EC
00464760 |. 8B55 C4 |MOV EDX,DWORD PTR SS:[EBP-3C]
00464763 |. 8D45 F0 |LEA EAX,DWORD PTR SS:[EBP-10]
00464766 |. E8 61FFF9FF |CALL FygRec12.004046CC
0046476B |. 8BFB |MOV EDI,EBX
0046476D |. 8345 EC 02 |ADD DWORD PTR SS:[EBP-14],2
00464771 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00464774 |. E8 4BFFF9FF |CALL FygRec12.004046C4
00464779 |. 3B45 EC |CMP EAX,DWORD PTR SS:[EBP-14]
0046477C |.^ 0F8F 74FFFFFF \JG FygRec12.004646F6
00464782 |> 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00464785 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; 根据用户名计算出的注册码给EDX
00464788 |. E8 D3FCF9FF CALL FygRec12.00404460
0046478D |. 33C0 XOR EAX,EAX
0046478F |. 5A POP EDX
00464790 |. 59 POP ECX
00464791 |. 59 POP ECX
00464792 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
00464795 |. 68 C4474600 PUSH FygRec12.004647C4
0046479A |> 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
0046479D |. BA 06000000 MOV EDX,6
004647A2 |. E8 89FCF9FF CALL FygRec12.00404430
004647A7 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004647AA |. E8 5DFCF9FF CALL FygRec12.0040440C
004647AF |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
004647B2 |. BA 02000000 MOV EDX,2
004647B7 |. E8 74FCF9FF CALL FygRec12.00404430
------------------------------------------------------------------------
【破解总结】毫无技术性,娱乐!
附C源程序:
#include <stdio.h>
#include <string.h>
int main(void)
{int a=0xa6,temp,i;
static char str1[20],str2[]="fengyungufengyungufengyungufengyungufengyungu";
printf("Enter your name:");
scanf("%s",str1);
printf("SN=A6");
for(i=0;i<strlen(str1);i++)
{temp=((a+str1[i])%0xff)^str2[i];
a=temp;
printf("%x",temp);
}
printf("\n(输入时一定要是大写字母.)");
getch();
return 0;
}
注册信息保存在注册表中:
[HKEY_LOCAL_MACHINE\SOFTWARE\fygrec]
"soft"="0"
"name"="jjkk"
"regcode"="112233"
------------------------------------------------------------------------
【版权声明】本文纯属技术交流, 转载请注明作者信息并保持文章的完整, 谢谢!
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
