[推荐]一个很容易破解的软件-软件逆向-看雪-安全社区|安全招聘|kanxue.com

最新回复 (13)
那边的人雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 20 粉丝 0 关注私信	那边的人 2 楼我还不能发图。就先用文字提示一下。由于该软件是输入注册码后，会把它保存起来，等到下一次启动的时候再进行验证的，所以，正确的注册码，应该在程序开头进行追踪。所以如果不使用字符串的话，也是可以的，只要你在开头一直跟进就可以了。下面提示一下几个关键点： 4F40E2---该关键跳为打开程序时，弹出的那个未注册提示框的跳。程序运行到此便弹出框。 4F3090---注册码最先在这里以明文的方式出现，并作出对比。 4F312A---还可以试用的天数将在这里产生。 2006-4-21 13:36 0
petnt 雪币： 485 活跃值： (12) 能力值： ( LV9，RANK：490 ) 在线值：发帖 32 回帖 1215 粉丝 1 关注私信	petnt 12 3 楼谢谢！以后多想你请教 2006-4-21 18:17 0
paulbeyond 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 12 粉丝 0 关注私信	paulbeyond 4 楼收下了回去慢慢捣鼓 3Q了 2006-4-21 18:53 0
pizigao 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 36 粉丝 0 关注私信	pizigao 5 楼重启后校验注册码的啊～呵呵！试试 2006-4-21 20:06 0
xiaoboy 雪币： 224 活跃值： (75) 能力值： ( LV6，RANK：90 ) 在线值：发帖 22 回帖 300 粉丝 0 关注私信	xiaoboy 2 6 楼学习了。。。 2006-4-21 21:04 0
pizigao 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 36 粉丝 0 关注私信	pizigao 7 楼等你发图吧～搞不定！ 2006-4-21 21:11 0
那边的人雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 20 粉丝 0 关注私信	那边的人 8 楼那我什么时候可以发图阿？ 2006-4-21 22:37 0
inraining 雪币： 234 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 15 回帖 411 粉丝 0 关注私信	inraining 2 9 楼 004F2E7C push ebp 验证模块开始 004F2EA2 mov edx, 004F31DC '图片吸血鬼 V1.30' 004F2EA7 call 00404B24 @LStrLAsg(void;void;void;void); 004F2EB1 call 00402C20 ParamStr(Integer):String; 004F2EBC call 00409B9C ExtractFilePath(AnsiString):AnsiString; 004F2ECC call 00404D98 @LStrCat3; 004F2ED6 mov eax, [43AA54] class TIniFile 004F2EDB call 0043AB04 IniFiles.TCustomIniFile.Create(TCustomIniFile;boolean;AnsiString); 004F2EFB call [ebx+8] TIniFile.ReadInteger(string,string,Longint) 004F2F03 mov eax, [eax+338] TFrm_Main.DriveComboBox1 : TDriveComboBox 004F2F0B call [ecx+D0] TDriveComboBox.ItemIndex() 004F2F34 mov eax, [eax+334] TFrm_Main.DirectoryListBox1 : TDirectoryListBox 004F2F3C call [ecx+100] TDirectoryListBox.Directory() 004F2F45 mov eax, [eax+384] TFrm_Main.HttpScan1 : THttpScan 004F2F4D call 004EBAD0 DB.TObjectField.SetUnNamed(TObjectField;Boolean); 004F2F55 mov eax, [eax+384] TFrm_Main.HttpScan1 : THttpScan 004F2F5D call 004EBAC8 DB.TObjectField.SetUnNamed(TObjectField;Boolean); 004F2F6C call 0040B158 Date:TDateTime; 004F2F85 mov eax, [43B9A0] class TRegistry 004F2F8A call 0043BAA0 Registry.TRegistry.Create(TRegistry;boolean);overload; 004F2F9A call 0043BB40 Registry.TRegistry.SetRootKey(TRegistry;HKEY); 004F2FA7 call 00404B24 @LStrLAsg(void;void;void;void); 004F2FB4 call 0043BBA4 Registry.TRegistry.OpenKey(TRegistry;AnsiString;Boolean):Boolean; 004F2FCC call 0043BD6C Registry.TRegistry.ReadString(TRegistry;AnsiString):AnsiString; 004F2FDC call 00404AE0 @LStrAsg(void;void;void;void); 004F2FEC call 0043BD6C Registry.TRegistry.ReadString(TRegistry;AnsiString):AnsiString; 004F2FFC call 00404AE0 @LStrAsg(void;void;void;void); 004F3017 call 0043BE54 Registry.TRegistry.ReadDate(TRegistry;AnsiString):TDateTime; 004F302A jmp 00404158 @HandleAnyException; 004F304E call 004044C0 @DoneExcept; 004F3056 call 0043BB10 Registry.TRegistry.CloseKey(TRegistry); 004F306B call 00403C78 TObject.Free(TObject); 004F3084 mov eax, [4F86DC] GlobalVar_004FA418 004F308B call 004F0EE0 算法分析 004F309C call 00404E98 @LStrCmp;(真假注册码比对; 004F30B3 call 004694DC TControl.SetText(TControl;TCaption); 004F30BB mov eax, [eax+368] TFrm_Main.N_reg : TMenuItem 004F30C3 call 0047B7C4 Menus.TMenuItem.SetEnabled(TMenuItem;Boolean); 004F30EB call 00402CC4 @ROUND; 004F310D push 004F3290 ' (未注册版还剩 ' 004F313A call 00404E0C @LStrCatN; 004F3145 call 004694DC TControl.SetText(TControl;TCaption); 004F3169 mov eax, [eax+3AC] TFrm_Main.TB_Find : TToolButton 004F3173 call [ecx+64] TToolButton.SetEnabled(Boolean) 004F3181 call 0047B7C4 TMenuItem.SetEnabled(TMenuItem;Boolean); 004F3189 mov eax, [eax+398] TFrm_Main.SP_Find : TSpeedButton 004F3193 call [ecx+64] TSpeedButton.SetEnabled(Boolean) 004F31AB call 00404AB0 @LStrArrayClr(void;void;Integer); 004F31B3 call 00404A8C @LStrClr(void;void); 004F31C0 call 00404AB0 @LStrArrayClr(void;void;Integer); 004F0EE0 /$ 55 push ebp ; 算法分析开始处 004F0EE1 \|. 8BEC mov ebp, esp 004F0EE3 \|. 51 push ecx 004F0EE4 \|. B9 04000000 mov ecx, 4 004F0EE9 \|> 6A 00 /push 0 004F0EEB \|. 6A 00 \|push 0 004F0EED \|. 49 \|dec ecx 004F0EEE \|.^ 75 F9 \jnz short 004F0EE9 004F0EF0 \|. 51 push ecx 004F0EF1 \|. 874D FC xchg [ebp-4], ecx 004F0EF4 \|. 53 push ebx 004F0EF5 \|. 56 push esi 004F0EF6 \|. 57 push edi 004F0EF7 \|. 8BF9 mov edi, ecx 004F0EF9 \|. 8955 FC mov [ebp-4], edx 004F0EFC \|. 8B45 FC mov eax, [ebp-4] 004F0EFF \|. E8 3840F1FF call 00404F3C ; @LStrAddRef(void;void):Pointer; 004F0F04 \|. 33C0 xor eax, eax 004F0F06 \|. 55 push ebp 004F0F07 \|. 68 A1104F00 push 004F10A1 ; string 004F0F0C \|. 64:FF30 push dword ptr fs:[eax] 004F0F0F \|. 64:8920 mov fs:[eax], esp 004F0F12 \|. 8BC7 mov eax, edi 004F0F14 \|. E8 733BF1FF call 00404A8C ; @LStrClr(void;void); 004F0F19 \|. 8B45 FC mov eax, [ebp-4] 004F0F1C \|. E8 2B3EF1FF call 00404D4C ; @LStrLen(String):Integer; 004F0F21 \|. 8BF0 mov esi, eax ; 用户名长度入esi 004F0F23 \|. 85F6 test esi, esi ; 判断用户名是否为空 004F0F25 \|. 7E 26 jle short 004F0F4D 004F0F27 \|. BB 01000000 mov ebx, 1 004F0F2C \|> 8D4D EC /lea ecx, [ebp-14] 004F0F2F \|. 8B45 FC \|mov eax, [ebp-4] ; 用户名入eax 004F0F32 \|. 0FB64418 FF \|movzx eax, byte ptr [eax+ebx-1] ; 首字符入eax 004F0F37 \|. 33D2 \|xor edx, edx 004F0F39 \|. E8 C285F1FF \|call 00409500 ; IntToHex(Integer;Integer):AnsiString;overload; 004F0F3E \|. 8B55 EC \|mov edx, [ebp-14] ; 字符转换为HEX值后入edx 004F0F41 \|. 8D45 F8 \|lea eax, [ebp-8] 004F0F44 \|. E8 0B3EF1FF \|call 00404D54 ; @LStrCat; 004F0F49 \|. 43 \|inc ebx 004F0F4A \|. 4E \|dec esi 004F0F4B \|.^ 75 DF \jnz short 004F0F2C 004F0F4D \|> 8B45 F8 mov eax, [ebp-8] ; 用户名inttohex值入eax 004F0F50 \|. E8 F73DF1FF call 00404D4C ; @LStrLen(String):Integer; 004F0F55 \|. 8BF0 mov esi, eax ; 长度入esi 004F0F57 \|. 85F6 test esi, esi 004F0F59 \|. 7E 2C jle short 004F0F87 004F0F5B \|. BB 01000000 mov ebx, 1 004F0F60 \|> 8B45 F8 /mov eax, [ebp-8] ; hex值入eax 004F0F63 \|. E8 E43DF1FF \|call 00404D4C ; @LStrLen(String):Integer; 004F0F68 \|. 2BC3 \|sub eax, ebx 004F0F6A \|. 8B55 F8 \|mov edx, [ebp-8] 004F0F6D \|. 8A1402 \|mov dl, [edx+eax] 004F0F70 \|. 8D45 E8 \|lea eax, [ebp-18] 004F0F73 \|. E8 FC3CF1FF \|call 00404C74 ; @LStrFromChar(String;String;Char); 004F0F78 \|. 8B55 E8 \|mov edx, [ebp-18] 004F0F7B \|. 8D45 F4 \|lea eax, [ebp-C] 004F0F7E \|. E8 D13DF1FF \|call 00404D54 ; @LStrCat; 004F0F83 \|. 43 \|inc ebx 004F0F84 \|. 4E \|dec esi 004F0F85 \|.^ 75 D9 \jnz short 004F0F60 004F0F87 \|> 8D45 F8 lea eax, [ebp-8] ; 将HEX值逆序 004F0F8A \|. 50 push eax 004F0F8B \|. B9 04000000 mov ecx, 4 004F0F90 \|. BA 01000000 mov edx, 1 004F0F95 \|. 8B45 F4 mov eax, [ebp-C] 004F0F98 \|. E8 0F40F1FF call 00404FAC ; @LStrCopy;(1,4)=76E6 004F0F9D \|. 8D45 F4 lea eax, [ebp-C] 004F0FA0 \|. 50 push eax 004F0FA1 \|. B9 04000000 mov ecx, 4 004F0FA6 \|. BA 05000000 mov edx, 5 004F0FAB \|. 8B45 F4 mov eax, [ebp-C] 004F0FAE \|. E8 F93FF1FF call 00404FAC ; @LStrCopy;(5,4)=96E6 004F0FB3 \|. 8B45 F8 mov eax, [ebp-8] ; HEX逆序后的值LSTR(1,4)入eax 004F0FB6 \|. E8 913DF1FF call 00404D4C ; @LStrLen(String):Integer; 004F0FBB \|. 83F8 04 cmp eax, 4 004F0FBE \|. 7D 2F jge short 004F0FEF 004F0FC0 \|. 8B45 F8 mov eax, [ebp-8] 004F0FC3 \|. E8 843DF1FF call 00404D4C ; @LStrLen(String):Integer; 004F0FC8 \|. 8BD8 mov ebx, eax 004F0FCA \|. 83FB 03 cmp ebx, 3 004F0FCD \|. 7F 20 jg short 004F0FEF 004F0FCF \|> 8D4D E4 /lea ecx, [ebp-1C] 004F0FD2 \|. 8BC3 \|mov eax, ebx 004F0FD4 \|. C1E0 02 \|shl eax, 2 004F0FD7 \|. 33D2 \|xor edx, edx 004F0FD9 \|. E8 2285F1FF \|call 00409500 ; IntToHex(Integer;Integer):AnsiString;overload; 004F0FDE \|. 8B55 E4 \|mov edx, [ebp-1C] 004F0FE1 \|. 8D45 F8 \|lea eax, [ebp-8] 004F0FE4 \|. E8 6B3DF1FF \|call 00404D54 ; @LStrCat; 004F0FE9 \|. 43 \|inc ebx 004F0FEA \|. 83FB 04 \|cmp ebx, 4 004F0FED \|.^ 75 E0 \jnz short 004F0FCF 004F0FEF \|> 8B45 F4 mov eax, [ebp-C] 004F0FF2 \|. E8 553DF1FF call 00404D4C ; @LStrLen(String):Integer; 004F0FF7 \|. 83F8 04 cmp eax, 4 004F0FFA \|. 7D 2F jge short 004F102B 004F0FFC \|. 8B45 F4 mov eax, [ebp-C] 004F0FFF \|. E8 483DF1FF call 00404D4C ; @LStrLen(String):Integer; 004F1004 \|. 8BD8 mov ebx, eax 004F1006 \|. 83FB 03 cmp ebx, 3 004F1009 \|. 7F 20 jg short 004F102B 004F100B \|> 8D4D E0 /lea ecx, [ebp-20] 004F100E \|. 8BC3 \|mov eax, ebx 004F1010 \|. C1E0 02 \|shl eax, 2 004F1013 \|. 33D2 \|xor edx, edx 004F1015 \|. E8 E684F1FF \|call 00409500 ; IntToHex(Integer;Integer):AnsiString;overload; 004F101A \|. 8B55 E0 \|mov edx, [ebp-20] 004F101D \|. 8D45 F4 \|lea eax, [ebp-C] 004F1020 \|. E8 2F3DF1FF \|call 00404D54 ; @LStrCat; 004F1025 \|. 43 \|inc ebx 004F1026 \|. 83FB 04 \|cmp ebx, 4 004F1029 \|.^ 75 E0 \jnz short 004F100B 004F102B \|> 8D45 F0 lea eax, [ebp-10] 004F102E \|. BA B8104F00 mov edx, 004F10B8 ; 字符串Pic4ei8espr入edx 004F1033 \|. E8 EC3AF1FF call 00404B24 ; @LStrLAsg(void;void;void;void); 004F1038 \|. 8D45 DC lea eax, [ebp-24] 004F103B \|. 50 push eax 004F103C \|. B9 04000000 mov ecx, 4 004F1041 \|. BA 01000000 mov edx, 1 004F1046 \|. 8B45 F0 mov eax, [ebp-10] 004F1049 \|. E8 5E3FF1FF call 00404FAC ; @LStrCopy;(1,4)=Pic4 004F104E \|. FF75 DC push dword ptr [ebp-24] 004F1051 \|. 68 CC104F00 push 004F10CC 004F1056 \|. FF75 F8 push dword ptr [ebp-8] ; LSTR(1,4)=76E6入栈 004F1059 \|. 8D45 D8 lea eax, [ebp-28] 004F105C \|. 50 push eax 004F105D \|. B9 05000000 mov ecx, 5 004F1062 \|. BA 05000000 mov edx, 5 004F1067 \|. 8B45 F0 mov eax, [ebp-10] 004F106A \|. E8 3D3FF1FF call 00404FAC ; @LStrCopy;(5,5)=ei8es 004F106F \|. FF75 D8 push dword ptr [ebp-28] 004F1072 \|. 68 CC104F00 push 004F10CC 004F1077 \|. FF75 F4 push dword ptr [ebp-C] ; LSTR(5,4)=96E6入栈 004F107A \|. 8BC7 mov eax, edi 004F107C \|. BA 06000000 mov edx, 6 004F1081 \|. E8 863DF1FF call 00404E0C ; @LStrCatN;得到字符串Pic4-76E6ei8es-96E6即注册码 004F1086 \|. 33C0 xor eax, eax 004F1088 \|. 5A pop edx 004F1089 \|. 59 pop ecx 004F108A \|. 59 pop ecx 004F108B \|. 64:8910 mov fs:[eax], edx 004F108E \|. 68 A8104F00 push 004F10A8 ; string 004F1093 \|> 8D45 D8 lea eax, [ebp-28] 004F1096 \|. BA 0A000000 mov edx, 0A 004F109B \|. E8 103AF1FF call 00404AB0 ; @LStrArrayClr(void;void;Integer); 004F10A0 \. C3 retn 004F10A1 .^ E9 6633F1FF jmp 0040440C 004F10A6 .^ EB EB jmp short 004F1093 004F10A8 . 5F pop edi 004F10A9 . 5E pop esi 004F10AA . 5B pop ebx 004F10AB . 8BE5 mov esp, ebp 004F10AD . 5D pop ebp 004F10AE . C3 retn 004F10AF 00 db 00 004F10B0 . FFFFFFFF dd FFFFFFFF 004F10B4 . 0B000000 dd 0000000B 004F10B8 . 50 69 63 34 6>ascii "Pic4ei8espr",0 004F10C4 . FFFFFFFF dd FFFFFFFF 004F10C8 . 01000000 dd 00000001 004F10CC . 2D 00 ascii "-",0 004F10CE 00 db 00 004F10CF 00 db 00 004F10D0 $ 55 push ebp 004F10D1 . 8BEC mov ebp, esp 004F10D3 . 6A 00 push 0 004F10D5 . 6A 00 push 0 004F10D7 . 6A 00 push 0 004F10D9 . 53 push ebx 004F10DA . 56 push esi 004F10DB . 57 push edi 004F10DC . 8945 FC mov [ebp-4], eax 004F10DF . 33C0 xor eax, eax 004F10E1 . 55 push ebp 004F10E2 . 68 CB114F00 push 004F11CB ; string 004F10E7 . 64:FF30 push dword ptr fs:[eax] 004F10EA . 64:8920 mov fs:[eax], esp 004F10ED . 33C0 xor eax, eax 004F10EF . 55 push ebp 004F10F0 . 68 96114F00 push 004F1196 ; string 004F10F5 . 64:FF30 push dword ptr fs:[eax] 004F10F8 . 64:8920 mov fs:[eax], esp 004F10FB . B2 01 mov dl, 1 004F10FD . A1 A0B94300 mov eax, [43B9A0] ; class TRegistry 004F1102 . E8 99A9F4FF call 0043BAA0 ; Registry.TRegistry.Create(TRegistry;boolean);overload; 004F1107 . 8BD8 mov ebx, eax 004F1109 . BA 02000080 mov edx, 80000002 004F110E . 8BC3 mov eax, ebx 004F1110 . E8 2BAAF4FF call 0043BB40 ; Registry.TRegistry.SetRootKey(TRegistry;HKEY); 004F1115 . B1 01 mov cl, 1 004F1117 . BA E4114F00 mov edx, 004F11E4 ; ASCII "Software\zy\Pic" 004F111C . 8BC3 mov eax, ebx 004F111E . E8 81AAF4FF call 0043BBA4 ; Registry.TRegistry.OpenKey(TRegistry;AnsiString;Boolean):Boolean; 004F1123 . 8D55 F8 lea edx, [ebp-8] 004F1126 . 8B45 FC mov eax, [ebp-4] 004F1129 . 8B80 00030000 mov eax, [eax+300] ; TFrm_Register.Edit_Name : TEdit 004F112F . E8 7883F7FF call 004694AC ; TControl.GetText(TControl):TCaption; 004F1134 . 8B4D F8 mov ecx, [ebp-8] 004F1137 . BA FC114F00 mov edx, 004F11FC ; ASCII "Name" 004F113C . 8BC3 mov eax, ebx 004F113E . E8 FDABF4FF call 0043BD40 ; Registry.TRegistry.WriteString(TRegistry;AnsiString;AnsiString); 004F1143 . 8D55 F4 lea edx, [ebp-C] 004F1146 . 8B45 FC mov eax, [ebp-4] 004F1149 . 8B80 04030000 mov eax, [eax+304] ; TFrm_Register.Edit_Code : TEdit 004F114F . E8 5883F7FF call 004694AC ; TControl.GetText(TControl):TCaption; 004F1154 . 8B4D F4 mov ecx, [ebp-C] 004F1157 . BA 0C124F00 mov edx, 004F120C ; ASCII "Pass" 004F115C . 8BC3 mov eax, ebx 004F115E . E8 DDABF4FF call 0043BD40 ; Registry.TRegistry.WriteString(TRegistry;AnsiString;AnsiString); 004F1163 . 8BC3 mov eax, ebx 004F1165 . E8 0E2BF1FF call 00403C78 ; TObject.Free(TObject); 004F116A . 6A 40 push 40 004F116C . 68 14124F00 push 004F1214 ; '软件注册' 004F1171 . 68 20124F00 push 004F1220 ; '已保存了注册信息！下次启动本程序时...' 004F1176 . 8B45 FC mov eax, [ebp-4] 004F1179 . E8 0AEDF7FF call 0046FE88 ; QForms.TCustomForm.GetClientHandle(TCustomForm):QWorkspaceH; 004F117E . 50 push eax ; \|hOwner 004F117F . E8 0C67F1FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA 004F1184 . 8B45 FC mov eax, [ebp-4] 004F1187 . E8 A057F9FF call 0048692C ; Forms.TCustomForm.Close(TCustomForm); 004F118C . 33C0 xor eax, eax 004F118E . 5A pop edx 004F118F . 59 pop ecx 004F1190 . 59 pop ecx 004F1191 . 64:8910 mov fs:[eax], edx 004F1194 . EB 1A jmp short 004F11B0 004F1196 .^ E9 BD2FF1FF jmp 00404158 004F119B . 8B45 FC mov eax, [ebp-4] 004F119E . E8 8957F9FF call 0048692C 004F11A3 . 8B45 FC mov eax, [ebp-4] 004F11A6 . E8 F5000000 call 004F12A0 004F11AB . E8 1033F1FF call 004044C0 004F11B0 > 33C0 xor eax, eax 004F11B2 . 5A pop edx 004F11B3 . 59 pop ecx 004F11B4 . 59 pop ecx 004F11B5 . 64:8910 mov fs:[eax], edx 004F11B8 . 68 D2114F00 push 004F11D2 004F11BD > 8D45 F4 lea eax, [ebp-C] 004F11C0 . BA 02000000 mov edx, 2 004F11C5 . E8 E638F1FF call 00404AB0 004F11CA . C3 retn 004F11CB .^ E9 3C32F1FF jmp 0040440C 004F11D0 .^ EB EB jmp short 004F11BD 004F11D2 . 5F pop edi 004F11D3 . 5E pop esi 004F11D4 . 5B pop ebx 004F11D5 . 8BE5 mov esp, ebp 004F11D7 . 5D pop ebp 004F11D8 . C3 retn 总结一下: 1.用户名先转换为HEX, 2.HEX逆序,记做A; 3.固定字符串Pic4ei8espr,记做B; 4.注册码=Lstr(B,1,4)-Lstr(A,1,4)&Lstr(B,5,5)-Lstr(A,5,4) 比如我用户名:inraining HEX:696E7261696E696E67 逆序后:76E696E6961627E696 注册码:Pic4-76E6ei8es-96E6 2006-4-21 23:46 0
电脑玩家雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 14 粉丝 0 关注私信	电脑玩家 10 楼了解一下！！！ 2006-4-22 01:32 0
菜儿雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 193 粉丝 0 关注私信	菜儿 11 楼图片吸血鬼注册机动画上传的附件：图片吸血鬼注册机动画.rar （397.17kb，12次下载） 2006-4-22 03:45 0
ydhm 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 10 粉丝 0 关注私信	ydhm 12 楼对于我们这样的新手还是不容易啊真是晕哦 2006-4-22 12:15 0
hxsoft 雪币： 9793 活跃值： (2191) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 469 粉丝 0 关注私信	hxsoft 13 楼兄弟们,加油噢,先爆破,再写注册机.搞掂。 2006-4-22 17:09 0
那边的人雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 20 粉丝 0 关注私信	那边的人 14 楼 9楼的你更酷，我是跟出来的，你是算出来的，虚心请教了。感谢。 2006-4-22 18:52 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

那边的人

雪币： 200

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

4

回帖

20

粉丝

0

关注

私信

那边的人: 2 楼

我还不能发图。就先用文字提示一下。

由于该软件是输入注册码后，会把它保存起来，等到下一次启动的时候再进行验证的，所以，正确的注册码，应该在程序开头进行追踪。

所以如果不使用字符串的话，也是可以的，只要你在开头一直跟进就可以了。

下面提示一下几个关键点：
4F40E2---该关键跳为打开程序时，弹出的那个未注册提示框的跳。程序运行到此便弹出框。
4F3090---注册码最先在这里以明文的方式出现，并作出对比。
4F312A---还可以试用的天数将在这里产生。

2006-4-21 13:36

0

petnt

雪币： 485

活跃值： (12)

能力值：

( LV9，RANK：490 )

在线值：

发帖

32

回帖

1215

粉丝

1

关注

私信

petnt 12: 3 楼

谢谢！以后多想你请教

2006-4-21 18:17

0

paulbeyond

雪币： 200

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

1

回帖

12

粉丝

0

关注

私信

paulbeyond: 4 楼

收下了回去慢慢捣鼓
3Q了

2006-4-21 18:53

0

pizigao

雪币： 200

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

6

回帖

36

粉丝

0

关注

私信

pizigao: 5 楼

重启后校验注册码的啊～呵呵！试试

2006-4-21 20:06

0

xiaoboy

雪币： 224

活跃值： (75)

能力值：

( LV6，RANK：90 )

在线值：

发帖

22

回帖

300

粉丝

0

关注

私信

xiaoboy 2: 6 楼

学习了。。。

2006-4-21 21:04

0

pizigao

雪币： 200

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

6

回帖

36

粉丝

0

关注

私信

pizigao: 7 楼

等你发图吧～搞不定！

2006-4-21 21:11

0

那边的人

雪币： 200

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

4

回帖

20

粉丝

0

关注

私信

那边的人: 8 楼

那我什么时候可以发图阿？

2006-4-21 22:37

0

inraining

雪币： 234

活跃值： (10)

能力值：

( LV6，RANK：90 )

在线值：

发帖

15

回帖

411

粉丝

0

关注

私信

inraining 2: 9 楼

004F2E7C push ebp                            验证模块开始
004F2EA2 mov    edx, 004F31DC                   '图片吸血鬼 V1.30'
004F2EA7 call 00404B24                         @LStrLAsg(void;void;void;void);
004F2EB1 call 00402C20                         ParamStr(Integer):String;
004F2EBC call 00409B9C                         ExtractFilePath(AnsiString):AnsiString;
004F2ECC call 00404D98                         @LStrCat3;
004F2ED6 mov    eax, [43AA54]                   class TIniFile
004F2EDB call 0043AB04                         IniFiles.TCustomIniFile.Create(TCustomIniFile;boolean;AnsiString);
004F2EFB call [ebx+8]                         TIniFile.ReadInteger(string,string,Longint)
004F2F03 mov    eax, [eax+338]                   TFrm_Main.DriveComboBox1 : TDriveComboBox
004F2F0B call [ecx+D0]                         TDriveComboBox.ItemIndex()
004F2F34 mov    eax, [eax+334]                   TFrm_Main.DirectoryListBox1 : TDirectoryListBox
004F2F3C call [ecx+100]                      TDirectoryListBox.Directory()
004F2F45 mov    eax, [eax+384]                   TFrm_Main.HttpScan1 : THttpScan
004F2F4D call 004EBAD0                         DB.TObjectField.SetUnNamed(TObjectField;Boolean);
004F2F55 mov    eax, [eax+384]                   TFrm_Main.HttpScan1 : THttpScan
004F2F5D call 004EBAC8                         DB.TObjectField.SetUnNamed(TObjectField;Boolean);
004F2F6C call 0040B158                         Date:TDateTime;
004F2F85 mov    eax, [43B9A0]                   class TRegistry
004F2F8A call 0043BAA0                         Registry.TRegistry.Create(TRegistry;boolean);overload;
004F2F9A call 0043BB40                         Registry.TRegistry.SetRootKey(TRegistry;HKEY);
004F2FA7 call 00404B24                         @LStrLAsg(void;void;void;void);
004F2FB4 call 0043BBA4                         Registry.TRegistry.OpenKey(TRegistry;AnsiString;Boolean):Boolean;
004F2FCC call 0043BD6C                         Registry.TRegistry.ReadString(TRegistry;AnsiString):AnsiString;
004F2FDC call 00404AE0                         @LStrAsg(void;void;void;void);
004F2FEC call 0043BD6C                         Registry.TRegistry.ReadString(TRegistry;AnsiString):AnsiString;
004F2FFC call 00404AE0                         @LStrAsg(void;void;void;void);
004F3017 call 0043BE54                         Registry.TRegistry.ReadDate(TRegistry;AnsiString):TDateTime;
004F302A jmp    00404158                         @HandleAnyException;
004F304E call 004044C0                         @DoneExcept;
004F3056 call 0043BB10                         Registry.TRegistry.CloseKey(TRegistry);
004F306B call 00403C78                         TObject.Free(TObject);
004F3084 mov    eax, [4F86DC]                   GlobalVar_004FA418
004F308B call 004F0EE0                         算法分析
004F309C call 00404E98                         @LStrCmp;(真假注册码比对;
004F30B3 call 004694DC                         TControl.SetText(TControl;TCaption);
004F30BB mov    eax, [eax+368]                   TFrm_Main.N_reg : TMenuItem
004F30C3 call 0047B7C4                         Menus.TMenuItem.SetEnabled(TMenuItem;Boolean);
004F30EB call 00402CC4                         @ROUND;
004F310D push 004F3290                         ' (未注册版还剩 '
004F313A call 00404E0C                         @LStrCatN;
004F3145 call 004694DC                         TControl.SetText(TControl;TCaption);
004F3169 mov    eax, [eax+3AC]                   TFrm_Main.TB_Find : TToolButton
004F3173 call [ecx+64]                         TToolButton.SetEnabled(Boolean)
004F3181 call 0047B7C4                         TMenuItem.SetEnabled(TMenuItem;Boolean);
004F3189 mov    eax, [eax+398]                   TFrm_Main.SP_Find : TSpeedButton
004F3193 call [ecx+64]                         TSpeedButton.SetEnabled(Boolean)
004F31AB call 00404AB0                         @LStrArrayClr(void;void;Integer);
004F31B3 call 00404A8C                         @LStrClr(void;void);
004F31C0 call 00404AB0                         @LStrArrayClr(void;void;Integer);

004F0EE0  /$  55          push ebp                            ;  算法分析开始处
004F0EE1  |.  8BEC       mov    ebp, esp
004F0EE3  |.  51          push ecx
004F0EE4  |.  B9 04000000 mov    ecx, 4
004F0EE9  |>  6A 00       /push 0
004F0EEB  |.  6A 00       |push 0
004F0EED  |.  49          |dec    ecx
004F0EEE  |.^ 75 F9       \jnz    short 004F0EE9
004F0EF0  |.  51          push ecx
004F0EF1  |.  874D FC    xchg [ebp-4], ecx
004F0EF4  |.  53          push ebx
004F0EF5  |.  56          push esi
004F0EF6  |.  57          push edi
004F0EF7  |.  8BF9       mov    edi, ecx
004F0EF9  |.  8955 FC    mov    [ebp-4], edx
004F0EFC  |.  8B45 FC    mov    eax, [ebp-4]
004F0EFF  |.  E8 3840F1FF call 00404F3C                      ;  @LStrAddRef(void;void):Pointer;
004F0F04  |.  33C0       xor    eax, eax
004F0F06  |.  55          push ebp
004F0F07  |.  68 A1104F00 push 004F10A1                      ;  string
004F0F0C  |.  64:FF30    push dword ptr fs:[eax]
004F0F0F  |.  64:8920    mov    fs:[eax], esp
004F0F12  |.  8BC7       mov    eax, edi
004F0F14  |.  E8 733BF1FF call 00404A8C                      ;  @LStrClr(void;void);
004F0F19  |.  8B45 FC    mov    eax, [ebp-4]
004F0F1C  |.  E8 2B3EF1FF call 00404D4C                      ;  @LStrLen(String):Integer;
004F0F21  |.  8BF0       mov    esi, eax                      ;  用户名长度入esi
004F0F23  |.  85F6       test esi, esi                      ;  判断用户名是否为空
004F0F25  |.  7E 26       jle    short 004F0F4D
004F0F27  |.  BB 01000000 mov    ebx, 1
004F0F2C  |>  8D4D EC    /lea    ecx, [ebp-14]
004F0F2F  |.  8B45 FC    |mov    eax, [ebp-4]                   ;  用户名入eax
004F0F32  |.  0FB64418 FF |movzx eax, byte ptr [eax+ebx-1]    ;  首字符入eax
004F0F37  |.  33D2       |xor    edx, edx
004F0F39  |.  E8 C285F1FF |call 00409500                      ;  IntToHex(Integer;Integer):AnsiString;overload;
004F0F3E  |.  8B55 EC    |mov    edx, [ebp-14]                ;  字符转换为HEX值后入edx
004F0F41  |.  8D45 F8    |lea    eax, [ebp-8]
004F0F44  |.  E8 0B3EF1FF |call 00404D54                      ;  @LStrCat;
004F0F49  |.  43          |inc    ebx
004F0F4A  |.  4E          |dec    esi
004F0F4B  |.^ 75 DF       \jnz    short 004F0F2C
004F0F4D  |>  8B45 F8    mov    eax, [ebp-8]                   ;  用户名inttohex值入eax
004F0F50  |.  E8 F73DF1FF call 00404D4C                      ;  @LStrLen(String):Integer;
004F0F55  |.  8BF0       mov    esi, eax                      ;  长度入esi
004F0F57  |.  85F6       test esi, esi
004F0F59  |.  7E 2C       jle    short 004F0F87
004F0F5B  |.  BB 01000000 mov    ebx, 1
004F0F60  |>  8B45 F8    /mov    eax, [ebp-8]                   ;  hex值入eax
004F0F63  |.  E8 E43DF1FF |call 00404D4C                      ;  @LStrLen(String):Integer;
004F0F68  |.  2BC3       |sub    eax, ebx
004F0F6A  |.  8B55 F8    |mov    edx, [ebp-8]
004F0F6D  |.  8A1402       |mov    dl, [edx+eax]
004F0F70  |.  8D45 E8    |lea    eax, [ebp-18]
004F0F73  |.  E8 FC3CF1FF |call 00404C74                      ;  @LStrFromChar(String;String;Char);
004F0F78  |.  8B55 E8    |mov    edx, [ebp-18]
004F0F7B  |.  8D45 F4    |lea    eax, [ebp-C]
004F0F7E  |.  E8 D13DF1FF |call 00404D54                      ;  @LStrCat;
004F0F83  |.  43          |inc    ebx
004F0F84  |.  4E          |dec    esi
004F0F85  |.^ 75 D9       \jnz    short 004F0F60
004F0F87  |>  8D45 F8    lea    eax, [ebp-8]                   ;  将HEX值逆序
004F0F8A  |.  50          push eax
004F0F8B  |.  B9 04000000 mov    ecx, 4
004F0F90  |.  BA 01000000 mov    edx, 1
004F0F95  |.  8B45 F4    mov    eax, [ebp-C]
004F0F98  |.  E8 0F40F1FF call 00404FAC                      ;  @LStrCopy;(1,4)=76E6
004F0F9D  |.  8D45 F4    lea    eax, [ebp-C]
004F0FA0  |.  50          push eax
004F0FA1  |.  B9 04000000 mov    ecx, 4
004F0FA6  |.  BA 05000000 mov    edx, 5
004F0FAB  |.  8B45 F4    mov    eax, [ebp-C]
004F0FAE  |.  E8 F93FF1FF call 00404FAC                      ;  @LStrCopy;(5,4)=96E6
004F0FB3  |.  8B45 F8    mov    eax, [ebp-8]                   ;  HEX逆序后的值LSTR(1,4)入eax
004F0FB6  |.  E8 913DF1FF call 00404D4C                      ;  @LStrLen(String):Integer;
004F0FBB  |.  83F8 04    cmp    eax, 4
004F0FBE  |.  7D 2F       jge    short 004F0FEF
004F0FC0  |.  8B45 F8    mov    eax, [ebp-8]
004F0FC3  |.  E8 843DF1FF call 00404D4C                      ;  @LStrLen(String):Integer;
004F0FC8  |.  8BD8       mov    ebx, eax
004F0FCA  |.  83FB 03    cmp    ebx, 3
004F0FCD  |.  7F 20       jg    short 004F0FEF
004F0FCF  |>  8D4D E4    /lea    ecx, [ebp-1C]
004F0FD2  |.  8BC3       |mov    eax, ebx
004F0FD4  |.  C1E0 02    |shl    eax, 2
004F0FD7  |.  33D2       |xor    edx, edx
004F0FD9  |.  E8 2285F1FF |call 00409500                      ;  IntToHex(Integer;Integer):AnsiString;overload;
004F0FDE  |.  8B55 E4    |mov    edx, [ebp-1C]
004F0FE1  |.  8D45 F8    |lea    eax, [ebp-8]
004F0FE4  |.  E8 6B3DF1FF |call 00404D54                      ;  @LStrCat;
004F0FE9  |.  43          |inc    ebx
004F0FEA  |.  83FB 04    |cmp    ebx, 4
004F0FED  |.^ 75 E0       \jnz    short 004F0FCF
004F0FEF  |>  8B45 F4    mov    eax, [ebp-C]
004F0FF2  |.  E8 553DF1FF call 00404D4C                      ;  @LStrLen(String):Integer;
004F0FF7  |.  83F8 04    cmp    eax, 4
004F0FFA  |.  7D 2F       jge    short 004F102B
004F0FFC  |.  8B45 F4    mov    eax, [ebp-C]
004F0FFF  |.  E8 483DF1FF call 00404D4C                      ;  @LStrLen(String):Integer;
004F1004  |.  8BD8       mov    ebx, eax
004F1006  |.  83FB 03    cmp    ebx, 3
004F1009  |.  7F 20       jg    short 004F102B
004F100B  |>  8D4D E0    /lea    ecx, [ebp-20]
004F100E  |.  8BC3       |mov    eax, ebx
004F1010  |.  C1E0 02    |shl    eax, 2
004F1013  |.  33D2       |xor    edx, edx
004F1015  |.  E8 E684F1FF |call 00409500                      ;  IntToHex(Integer;Integer):AnsiString;overload;
004F101A  |.  8B55 E0    |mov    edx, [ebp-20]
004F101D  |.  8D45 F4    |lea    eax, [ebp-C]
004F1020  |.  E8 2F3DF1FF |call 00404D54                      ;  @LStrCat;
004F1025  |.  43          |inc    ebx
004F1026  |.  83FB 04    |cmp    ebx, 4
004F1029  |.^ 75 E0       \jnz    short 004F100B
004F102B  |>  8D45 F0    lea    eax, [ebp-10]
004F102E  |.  BA B8104F00 mov    edx, 004F10B8                   ;  字符串Pic4ei8espr入edx
004F1033  |.  E8 EC3AF1FF call 00404B24                      ;  @LStrLAsg(void;void;void;void);
004F1038  |.  8D45 DC    lea    eax, [ebp-24]
004F103B  |.  50          push eax
004F103C  |.  B9 04000000 mov    ecx, 4
004F1041  |.  BA 01000000 mov    edx, 1
004F1046  |.  8B45 F0    mov    eax, [ebp-10]
004F1049  |.  E8 5E3FF1FF call 00404FAC                      ;  @LStrCopy;(1,4)=Pic4
004F104E  |.  FF75 DC    push dword ptr [ebp-24]
004F1051  |.  68 CC104F00 push 004F10CC
004F1056  |.  FF75 F8    push dword ptr [ebp-8]             ;  LSTR(1,4)=76E6入栈
004F1059  |.  8D45 D8    lea    eax, [ebp-28]
004F105C  |.  50          push eax
004F105D  |.  B9 05000000 mov    ecx, 5
004F1062  |.  BA 05000000 mov    edx, 5
004F1067  |.  8B45 F0    mov    eax, [ebp-10]
004F106A  |.  E8 3D3FF1FF call 00404FAC                      ;  @LStrCopy;(5,5)=ei8es
004F106F  |.  FF75 D8    push dword ptr [ebp-28]
004F1072  |.  68 CC104F00 push 004F10CC
004F1077  |.  FF75 F4    push dword ptr [ebp-C]             ;  LSTR(5,4)=96E6入栈
004F107A  |.  8BC7       mov    eax, edi
004F107C  |.  BA 06000000 mov    edx, 6
004F1081  |.  E8 863DF1FF call 00404E0C                      ;  @LStrCatN;得到字符串Pic4-76E6ei8es-96E6即注册码
004F1086  |.  33C0       xor    eax, eax
004F1088  |.  5A          pop    edx
004F1089  |.  59          pop    ecx
004F108A  |.  59          pop    ecx
004F108B  |.  64:8910    mov    fs:[eax], edx
004F108E  |.  68 A8104F00 push 004F10A8                      ;  string
004F1093  |>  8D45 D8    lea    eax, [ebp-28]
004F1096  |.  BA 0A000000 mov    edx, 0A
004F109B  |.  E8 103AF1FF call 00404AB0                      ;  @LStrArrayClr(void;void;Integer);
004F10A0  \.  C3          retn
004F10A1 .^ E9 6633F1FF jmp    0040440C
004F10A6 .^ EB EB       jmp    short 004F1093
004F10A8 .  5F          pop    edi
004F10A9 .  5E          pop    esi
004F10AA .  5B          pop    ebx
004F10AB .  8BE5       mov    esp, ebp
004F10AD .  5D          pop    ebp
004F10AE .  C3          retn
004F10AF    00          db    00
004F10B0 .  FFFFFFFF    dd    FFFFFFFF
004F10B4 .  0B000000    dd    0000000B
004F10B8 .  50 69 63 34 6>ascii "Pic4ei8espr",0
004F10C4 .  FFFFFFFF    dd    FFFFFFFF
004F10C8 .  01000000    dd    00000001
004F10CC .  2D 00       ascii "-",0
004F10CE    00          db    00
004F10CF    00          db    00
004F10D0 $  55          push ebp
004F10D1 .  8BEC       mov    ebp, esp
004F10D3 .  6A 00       push 0
004F10D5 .  6A 00       push 0
004F10D7 .  6A 00       push 0
004F10D9 .  53          push ebx
004F10DA .  56          push esi
004F10DB .  57          push edi
004F10DC .  8945 FC    mov    [ebp-4], eax
004F10DF .  33C0       xor    eax, eax
004F10E1 .  55          push ebp
004F10E2 .  68 CB114F00 push 004F11CB                      ;  string
004F10E7 .  64:FF30    push dword ptr fs:[eax]
004F10EA .  64:8920    mov    fs:[eax], esp
004F10ED .  33C0       xor    eax, eax
004F10EF .  55          push ebp
004F10F0 .  68 96114F00 push 004F1196                      ;  string
004F10F5 .  64:FF30    push dword ptr fs:[eax]
004F10F8 .  64:8920    mov    fs:[eax], esp
004F10FB .  B2 01       mov    dl, 1
004F10FD .  A1 A0B94300 mov    eax, [43B9A0]                   ;  class TRegistry
004F1102 .  E8 99A9F4FF call 0043BAA0                      ;  Registry.TRegistry.Create(TRegistry;boolean);overload;
004F1107 .  8BD8       mov    ebx, eax
004F1109 .  BA 02000080 mov    edx, 80000002
004F110E .  8BC3       mov    eax, ebx
004F1110 .  E8 2BAAF4FF call 0043BB40                      ;  Registry.TRegistry.SetRootKey(TRegistry;HKEY);
004F1115 .  B1 01       mov    cl, 1
004F1117 .  BA E4114F00 mov    edx, 004F11E4                   ;  ASCII "Software\zy\Pic"
004F111C .  8BC3       mov    eax, ebx
004F111E .  E8 81AAF4FF call 0043BBA4                      ;  Registry.TRegistry.OpenKey(TRegistry;AnsiString;Boolean):Boolean;
004F1123 .  8D55 F8    lea    edx, [ebp-8]
004F1126 .  8B45 FC    mov    eax, [ebp-4]
004F1129 .  8B80 00030000 mov    eax, [eax+300]                ;  TFrm_Register.Edit_Name : TEdit
004F112F .  E8 7883F7FF call 004694AC                      ;  TControl.GetText(TControl):TCaption;
004F1134 .  8B4D F8    mov    ecx, [ebp-8]
004F1137 .  BA FC114F00 mov    edx, 004F11FC                   ;  ASCII "Name"
004F113C .  8BC3       mov    eax, ebx
004F113E .  E8 FDABF4FF call 0043BD40                      ;  Registry.TRegistry.WriteString(TRegistry;AnsiString;AnsiString);
004F1143 .  8D55 F4    lea    edx, [ebp-C]
004F1146 .  8B45 FC    mov    eax, [ebp-4]
004F1149 .  8B80 04030000 mov    eax, [eax+304]                ;  TFrm_Register.Edit_Code : TEdit
004F114F .  E8 5883F7FF call 004694AC                      ;  TControl.GetText(TControl):TCaption;
004F1154 .  8B4D F4    mov    ecx, [ebp-C]
004F1157 .  BA 0C124F00 mov    edx, 004F120C                   ;  ASCII "Pass"
004F115C .  8BC3       mov    eax, ebx
004F115E .  E8 DDABF4FF call 0043BD40                      ;  Registry.TRegistry.WriteString(TRegistry;AnsiString;AnsiString);
004F1163 .  8BC3       mov    eax, ebx
004F1165 .  E8 0E2BF1FF call 00403C78                      ;  TObject.Free(TObject);
004F116A .  6A 40       push 40
004F116C .  68 14124F00 push 004F1214                      ; '软件注册'
004F1171 .  68 20124F00 push 004F1220                      ; '已保存了注册信息！下次启动本程序时...'
004F1176 .  8B45 FC    mov    eax, [ebp-4]
004F1179 .  E8 0AEDF7FF call 0046FE88                      ;  QForms.TCustomForm.GetClientHandle(TCustomForm):QWorkspaceH;
004F117E .  50          push eax                            ; |hOwner
004F117F .  E8 0C67F1FF call <jmp.&user32.MessageBoxA>       ; \MessageBoxA
004F1184 .  8B45 FC    mov    eax, [ebp-4]
004F1187 .  E8 A057F9FF call 0048692C                      ;  Forms.TCustomForm.Close(TCustomForm);
004F118C .  33C0       xor    eax, eax
004F118E .  5A          pop    edx
004F118F .  59          pop    ecx
004F1190 .  59          pop    ecx
004F1191 .  64:8910    mov    fs:[eax], edx
004F1194 .  EB 1A       jmp    short 004F11B0
004F1196 .^ E9 BD2FF1FF jmp    00404158
004F119B .  8B45 FC    mov    eax, [ebp-4]
004F119E .  E8 8957F9FF call 0048692C
004F11A3 .  8B45 FC    mov    eax, [ebp-4]
004F11A6 .  E8 F5000000 call 004F12A0
004F11AB .  E8 1033F1FF call 004044C0
004F11B0 >  33C0       xor    eax, eax
004F11B2 .  5A          pop    edx
004F11B3 .  59          pop    ecx
004F11B4 .  59          pop    ecx
004F11B5 .  64:8910    mov    fs:[eax], edx
004F11B8 .  68 D2114F00 push 004F11D2
004F11BD >  8D45 F4    lea    eax, [ebp-C]
004F11C0 .  BA 02000000 mov    edx, 2
004F11C5 .  E8 E638F1FF call 00404AB0
004F11CA .  C3          retn
004F11CB .^ E9 3C32F1FF jmp    0040440C
004F11D0 .^ EB EB       jmp    short 004F11BD
004F11D2 .  5F          pop    edi
004F11D3 .  5E          pop    esi
004F11D4 .  5B          pop    ebx
004F11D5 .  8BE5       mov    esp, ebp
004F11D7 .  5D          pop    ebp
004F11D8 .  C3          retn

总结一下:
1.用户名先转换为HEX,
2.HEX逆序,记做A;
3.固定字符串Pic4ei8espr,记做B;
4.注册码=Lstr(B,1,4)-Lstr(A,1,4)&Lstr(B,5,5)-Lstr(A,5,4)
比如我用户名:inraining
HEX:696E7261696E696E67
逆序后:76E696E6961627E696
注册码:Pic4-76E6ei8es-96E6

2006-4-21 23:46

0