[求助有代码，如何用PYG算法注册机写注册机？-软件逆向-看雪-安全社区|安全招聘|kanxue.com

[求助有代码，如何用PYG算法注册机写注册机？

发表于: 2018-11-13 23:30 3163

[求助有代码，如何用PYG算法注册机写注册机？

pengrubin

2018-11-13 23:30

3163

[求助有代码，如何用PYG算法注册机写注册机？

int v1; // eax@37

char v2; // al@37

double v3; // st7@38

double v4; // st7@38

double v5; // [sp+F8h] [bp-27Ch]@34

int v6; // [sp+100h] [bp-274h]@34

double v7; // [sp+10Ch] [bp-268h]@1

int v8; // [sp+170h] [bp-204h]@38

int v9; // [sp+174h] [bp-200h]@38

int v10; // [sp+178h] [bp-1FCh]@21//接受输入的数值

int v11; // [sp+224h] [bp-150h]@35

int v12; // [sp+228h] [bp-14Ch]@35

int v13; // [sp+22Ch] [bp-148h]@38

int v14; // [sp+230h] [bp-144h]@37

char v15; // [sp+234h] [bp-140h]@38

int v16; // [sp+236h] [bp-13Eh]@38

int v17; // [sp+23Ah] [bp-13Ah]@38

int v18; // [sp+23Fh] [bp-135h]@38

int v19; // [sp+244h] [bp-130h]@38

int v20; // [sp+248h] [bp-12Ch]@38

_BYTE *v21; // [sp+124h] [bp-250h]@1

int v22; // [sp+370h] [bp-4h]@4

char v23; // [sp+180h] [bp-1F4h]@21

int v24; //

///////////////////////////////////////////////////////////////////////////////

LOWORD(v11) = 120; //17位机器码进行按位累加计算时V11的初始值.

for ( i = 0; i < 17; ++i )//17位机器码进行按位累加计算。

{

v1 = 4_2255(&v12, i);//获得输入的机器码对应位的字符------------------------------------------------------------机器码由对话框输入

v2 = sub_4012C5(v1);//获得输入的机器码对应位的字符转换到16进制数,CLL的伪代码在后面

v24 = v2;//字符转换到16进制数的值

v24 = (i + 2) * (v24 + 3);//(位数+2)*(字符HEX+3)

LOWORD(v11) = v24 + (_WORD)v11;//字符对应位的值

}

LOBYTE(v9) = v11 & 0x58;//字符累加值AND 0X58

LOBYTE(v8) = BYTE3(v14) + v18 + BYTE1(v14) + BYTE1(v16) + v16 + BYTE3(v14) + (v11 & 0x58) + v18 + 24;

LOBYTE(v20) = v15 + v14 + BYTE1(v18) + BYTE2(v17) + BYTE3(v16) + v15 + (v11 & 0x58) + v14 + 40;

LOBYTE(v19) = BYTE1(v14) + v18 + BYTE3(v17) + v17 + v15 + BYTE1(v14) + (v11 & 0x58) + v18 + 88;

LOBYTE(v13) = v16 + v15 + v18 + BYTE2(v17) + BYTE3(v16) + v16 + (v11 & 0x58) + v15 - 120;

HIDWORD(v5) = (unsigned __int8)v19;

LODWORD(v5) = (unsigned __int8)v20;

4_2168(&v12, a_2x_2x_2x_2x, (unsigned __int8)v8, v5, (unsigned __int8)v13);//格式化:%.2X%.2X%.2X%.2X

v6 = v12;

v7 = sin((double)v10);//v10 接受输入的数值-------------------------------------------------------------------------V10的数由对话框输入，限制为0-10的数子

v3 = cos((double)v10);//v10 接受输入的数值

v4 = v3 + v7;

v5 = v4;

4_2168(v21 + 108, aMd_6fS, LODWORD(v4), (_DWORD)(*(unsigned __int64 *)&v4 >> 32), v6);//格式化:MD%.6f-%s

//格式化:MD%.6f-%s 后的值就是注册码--------------------------------------------------------------------------------------------计算得倒的注册码

///////////////////////////////////////////////////////////////////////////////

//获得输入的机器码对应位的字符转换到16进制数,CLL的伪代码

char __cdecl sub_4012C5(char a1)

{

char v2; // [sp+4h] [bp-4h]@2

switch ( a1 )

{

case 0x30:

v2 = 0;

break;

case 0x31:

v2 = 1;

break;

case 0x32:

v2 = 2;

break;

case 0x33:

v2 = 3;

break;

case 0x34:

v2 = 4;

break;

case 0x35:

v2 = 5;

break;

case 0x36:

v2 = 6;

break;

case 0x37:

v2 = 7;

break;

case 0x38:

v2 = 8;

break;

case 0x39:

v2 = 9;

break;

case 0x41:

v2 = 10;

break;

case 0x42:

v2 = 11;

break;

case 0x43:

v2 = 12;

break;

case 0x44:

v2 = 13;

break;

case 0x45:

v2 = 14;

break;

case 0x46:

v2 = 15;

break;

default:

if ( a1 == 32 )

v2 = -1;

else

v2 = 0;

break;

}

return v2;

}

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

-----------------------------------------------------------------------------------------------------------------------

00401934 |. 66:C785 B0FEF>MOV WORD PTR SS:[EBP-0x150],0x78 ; [EBP-0x150]是上一位机器码计算值，初始值为78

0040193D |. C785 08FEFFFF>MOV DWORD PTR SS:[EBP-0x1F8],0x0 ; [EBP-0x1F8]是机器的党当前位数

00401947 |. EB 0F JMP SHORT TEST.00401958

00401949 |> 8B85 08FEFFFF /MOV EAX,DWORD PTR SS:[EBP-0x1F8] ; 这段程序就是按位累加

0040194F |. 83C0 01 |ADD EAX,0x1

00401952 |. 8985 08FEFFFF |MOV DWORD PTR SS:[EBP-0x1F8],EAX ; kernel32.BaseThreadInitThunk

00401958 |> 83BD 08FEFFFF> CMP DWORD PTR SS:[EBP-0x1F8],0x11 ; [EBP-0x1F8]是机器码的当前位数，比较是否17位

0040195F |. 7D 78 |JGE SHORT TEST.004019D9 ; 大于17说明累加完了，跳走

00401961 |. 8B8D 08FEFFFF |MOV ECX,DWORD PTR SS:[EBP-0x1F8] ; [EBP-0x1F8]是机器码的当前位数

00401967 |. 51 |PUSH ECX

00401968 |. 8D8D B4FEFFFF |LEA ECX,DWORD PTR SS:[EBP-0x14C]

0040196E |. E8 91FD0000 |CALL <JMP.&MFC42D.#2255> ; 取得机器码

00401973 |. 50 |PUSH EAX ; 取得机器码在ECX有显示

00401974 |. E8 4CF9FFFF |CALL TEST.004012C5 ; 机器码字符转对应16进制值，如果大于F都为0

00401979 |. 83C4 04 |ADD ESP,0x4

0040197C |. 8B95 08FEFFFF |MOV EDX,DWORD PTR SS:[EBP-0x1F8] ; [EBP-0x1F8]是机器码的当前位数

00401982 |. 888415 BCFEFF>|MOV BYTE PTR SS:[EBP+EDX-0x144],AL ; [EBP-0x144]机器码字符转对应16进制值

00401989 |. 8B85 08FEFFFF |MOV EAX,DWORD PTR SS:[EBP-0x1F8] ; [EBP-0x1F8]是机器码的当前位数

0040198F |. 33C9 |XOR ECX,ECX ; 清空ECX

00401991 |. 8A8C05 BCFEFF>|MOV CL,BYTE PTR SS:[EBP+EAX-0x144] ; [EBP-0x144]机器码字符转对应16进制值

00401998 |. 83C1 03 |ADD ECX,0x3 ; 机器码+3

0040199B |. 8B95 08FEFFFF |MOV EDX,DWORD PTR SS:[EBP-0x1F8] ; [EBP-0x1F8]是机器码的当前位数

004019A1 |. 83C2 02 |ADD EDX,0x2 ; 当前位数+2

004019A4 |. 0FAFCA |IMUL ECX,EDX ; (机器码+3）+ (当前位数+2）

004019A7 |. 8B85 08FEFFFF |MOV EAX,DWORD PTR SS:[EBP-0x1F8] ; [EBP-0x1F8]是机器码的当前位数

004019AD |. 888C05 BCFEFF>|MOV BYTE PTR SS:[EBP+EAX-0x144],CL ; [EBP-0x144](机器码+3）+ (当前位数+2）

004019B4 |. 8B8D 08FEFFFF |MOV ECX,DWORD PTR SS:[EBP-0x1F8] ; [EBP-0x1F8]是机器码的当前位数

004019BA |. 66:0FB6940D B>|MOVZX DX,BYTE PTR SS:[EBP+ECX-0x144] ; [EBP-0x144](机器码+3）+ (当前位数+2）

004019C3 |. 66:8B85 B0FEF>|MOV AX,WORD PTR SS:[EBP-0x150] ; [EBP-0x150]是上一位机器码计算值，初始值为78

004019CA |. 66:03C2 |ADD AX,DX ; ((机器码+3）+ (当前位数+2）） ++

004019CD |. 66:8985 B0FEF>|MOV WORD PTR SS:[EBP-0x150],AX ; 机器码计算值

004019D4 |.^ E9 70FFFFFF \JMP TEST.00401949

004019D9 |> 8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x150] ; 机器码计算值累加值

004019DF |. 81E1 FFFF0000 AND ECX,0xFFFF ; 机器码累加值后4位值

004019E5 |. 83E1 58 AND ECX,0x58 ; 机器码累加值后4位值+58

004019E8 |. 888D 00FEFFFF MOV BYTE PTR SS:[EBP-0x200],CL ; 机器码累加值后4位值+58结果放EBP-200

004019EE |. 8B95 00FEFFFF MOV EDX,DWORD PTR SS:[EBP-0x200]

004019F4 |. 81E2 FF000000 AND EDX,0xFF ; 机器码累加值后4位值+58结果，后两位值

004019FA |. 8B85 BFFEFFFF MOV EAX,DWORD PTR SS:[EBP-0x141] ; 位数7的计算值=(机器码+3）+ (当前位数+2）

00401A00 |. 25 FF000000 AND EAX,0xFF ; 取后两位

00401A05 |. 03D0 ADD EDX,EAX ; kernel32.BaseThreadInitThunk

00401A07 |. 8B8D C2FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x13E] ; 位数10的计算值=同上

00401A0D |. 81E1 FF000000 AND ECX,0xFF

00401A13 |. 03D1 ADD EDX,ECX

00401A15 |. 8B85 C3FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x13D] ; 位数9的计算值=同上

00401A1B |. 25 FF000000 AND EAX,0xFF

00401A20 |. 03D0 ADD EDX,EAX ; kernel32.BaseThreadInitThunk

00401A22 |. 8B8D BDFEFFFF MOV ECX,DWORD PTR SS:[EBP-0x143] ; 位数12的计算值=同上

00401A28 |. 81E1 FF000000 AND ECX,0xFF

00401A2E |. 03D1 ADD EDX,ECX

00401A30 |. 8B85 CBFEFFFF MOV EAX,DWORD PTR SS:[EBP-0x135] ; 位数15的计算值=同上

00401A36 |. 25 FF000000 AND EAX,0xFF

00401A3B |. 03D0 ADD EDX,EAX ; kernel32.BaseThreadInitThunk

00401A3D |. 8B8D BFFEFFFF MOV ECX,DWORD PTR SS:[EBP-0x141] ; 位数7的计算值=同上

00401A43 |. 81E1 FF000000 AND ECX,0xFF

00401A49 |. 03D1 ADD EDX,ECX

00401A4B |. 8B85 CBFEFFFF MOV EAX,DWORD PTR SS:[EBP-0x135] ; 位数15的计算值=同上

00401A51 |. 25 FF000000 AND EAX,0xFF

00401A56 |. 8D4C02 18 LEA ECX,DWORD PTR DS:[EDX+EAX+0x18]

00401A5A |. 888D FCFDFFFF MOV BYTE PTR SS:[EBP-0x204],CL

00401A60 |. 8B95 00FEFFFF MOV EDX,DWORD PTR SS:[EBP-0x200]

00401A66 |. 81E2 FF000000 AND EDX,0xFF

00401A6C |. 8B85 C0FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x140]

00401A72 |. 25 FF000000 AND EAX,0xFF

00401A77 |. 03D0 ADD EDX,EAX ; kernel32.BaseThreadInitThunk

00401A79 |. 8B8D C5FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x13B]

00401A7F |. 81E1 FF000000 AND ECX,0xFF

00401A85 |. 03D1 ADD EDX,ECX

00401A87 |. 8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x138]

00401A8D |. 25 FF000000 AND EAX,0xFF

00401A92 |. 03D0 ADD EDX,EAX ; kernel32.BaseThreadInitThunk

00401A94 |. 8B8D CCFEFFFF MOV ECX,DWORD PTR SS:[EBP-0x134]

00401A9A |. 81E1 FF000000 AND ECX,0xFF

00401AA0 |. 03D1 ADD EDX,ECX

00401AA2 |. 8B85 BCFEFFFF MOV EAX,DWORD PTR SS:[EBP-0x144]

00401AA8 |. 25 FF000000 AND EAX,0xFF

00401AAD |. 03D0 ADD EDX,EAX ; kernel32.BaseThreadInitThunk

00401AAF |. 8B8D C0FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x140]

00401AB5 |. 81E1 FF000000 AND ECX,0xFF

00401ABB |. 03D1 ADD EDX,ECX

00401ABD |. 8B85 BCFEFFFF MOV EAX,DWORD PTR SS:[EBP-0x144]

00401AC3 |. 25 FF000000 AND EAX,0xFF

00401AC8 |. 8D4C02 28 LEA ECX,DWORD PTR DS:[EDX+EAX+0x28]

00401ACC |. 888D D4FEFFFF MOV BYTE PTR SS:[EBP-0x12C],CL

00401AD2 |. 8B95 00FEFFFF MOV EDX,DWORD PTR SS:[EBP-0x200]

00401AD8 |. 81E2 FF000000 AND EDX,0xFF

00401ADE |. 8B85 BDFEFFFF MOV EAX,DWORD PTR SS:[EBP-0x143]

00401AE4 |. 25 FF000000 AND EAX,0xFF

00401AE9 |. 03D0 ADD EDX,EAX ; kernel32.BaseThreadInitThunk

00401AEB |. 8B8D C0FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x140]

00401AF1 |. 81E1 FF000000 AND ECX,0xFF

00401AF7 |. 03D1 ADD EDX,ECX

00401AF9 |. 8B85 C6FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x13A]

00401AFF |. 25 FF000000 AND EAX,0xFF

00401B04 |. 03D0 ADD EDX,EAX ; kernel32.BaseThreadInitThunk

00401B06 |. 8B8D C9FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x137]

00401B0C |. 81E1 FF000000 AND ECX,0xFF

00401B12 |. 03D1 ADD EDX,ECX

00401B14 |. 8B85 CBFEFFFF MOV EAX,DWORD PTR SS:[EBP-0x135]

00401B1A |. 25 FF000000 AND EAX,0xFF

00401B1F |. 03D0 ADD EDX,EAX ; kernel32.BaseThreadInitThunk

00401B21 |. 8B8D BDFEFFFF MOV ECX,DWORD PTR SS:[EBP-0x143]

00401B27 |. 81E1 FF000000 AND ECX,0xFF

00401B2D |. 03D1 ADD EDX,ECX

00401B2F |. 8B85 CBFEFFFF MOV EAX,DWORD PTR SS:[EBP-0x135]

00401B35 |. 25 FF000000 AND EAX,0xFF

00401B3A |. 8D4C02 58 LEA ECX,DWORD PTR DS:[EDX+EAX+0x58]

00401B3E |. 888D D0FEFFFF MOV BYTE PTR SS:[EBP-0x130],CL

00401B44 |. 8B95 00FEFFFF MOV EDX,DWORD PTR SS:[EBP-0x200]

00401B4A |. 81E2 FF000000 AND EDX,0xFF

00401B50 |. 8B85 C2FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x13E]

00401B56 |. 25 FF000000 AND EAX,0xFF

00401B5B |. 03D0 ADD EDX,EAX ; kernel32.BaseThreadInitThunk

00401B5D |. 8B8D C5FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x13B]

00401B63 |. 81E1 FF000000 AND ECX,0xFF

00401B69 |. 03D1 ADD EDX,ECX

00401B6B |. 8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x138]

00401B71 |. 25 FF000000 AND EAX,0xFF

00401B76 |. 03D0 ADD EDX,EAX ; kernel32.BaseThreadInitThunk

00401B78 |. 8B8D CBFEFFFF MOV ECX,DWORD PTR SS:[EBP-0x135]

00401B7E |. 81E1 FF000000 AND ECX,0xFF

00401B84 |. 03D1 ADD EDX,ECX

00401B86 |. 8B85 C0FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x140]

00401B8C |. 25 FF000000 AND EAX,0xFF

00401B91 |. 03D0 ADD EDX,EAX ; kernel32.BaseThreadInitThunk

00401B93 |. 8B8D C2FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x13E]

00401B99 |. 81E1 FF000000 AND ECX,0xFF

00401B9F |. 03D1 ADD EDX,ECX

00401BA1 |. 8B85 C0FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x140]

00401BA7 |. 25 FF000000 AND EAX,0xFF

00401BAC |. 8D8C02 880000>LEA ECX,DWORD PTR DS:[EDX+EAX+0x88]

00401BB3 |. 888D B8FEFFFF MOV BYTE PTR SS:[EBP-0x148],CL

00401BB9 |. 8B95 B8FEFFFF MOV EDX,DWORD PTR SS:[EBP-0x148]

00401BBF |. 81E2 FF000000 AND EDX,0xFF

00401BC5 |. 52 PUSH EDX ; TEST.<ModuleEntryPoint>

00401BC6 |. 8B85 D0FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x130]

00401BCC |. 25 FF000000 AND EAX,0xFF

00401BD1 |. 50 PUSH EAX ; kernel32.BaseThreadInitThunk

00401BD2 |. 8B8D D4FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x12C]

00401BD8 |. 81E1 FF000000 AND ECX,0xFF

00401BDE |. 51 PUSH ECX

00401BDF |. 8B95 FCFDFFFF MOV EDX,DWORD PTR SS:[EBP-0x204]

00401BE5 |. 81E2 FF000000 AND EDX,0xFF

00401BEB |. 52 PUSH EDX ; TEST.<ModuleEntryPoint>

00401BEC |. 68 2C514100 PUSH TEST.0041512C ; %.2X%.2X%.2X%.2X

00401BF1 |. 8D85 B4FEFFFF LEA EAX,DWORD PTR SS:[EBP-0x14C]

00401BF7 |. 50 PUSH EAX ; kernel32.BaseThreadInitThunk

00401BF8 |. E8 01FB0000 CALL <JMP.&MFC42D.#2168>

00401BFD |. 83C4 18 ADD ESP,0x18

00401C00 |. 8B8D B4FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x14C]

00401C06 |. 51 PUSH ECX

00401C07 |. DB85 04FEFFFF FILD DWORD PTR SS:[EBP-0x1FC]

00401C0D |. 83EC 08 SUB ESP,0x8

00401C10 |. DD1C24 FSTP QWORD PTR SS:[ESP]

00401C13 |. E8 A4FD0000 CALL <JMP.&MSVCRTD.sin>

00401C18 |. DD9D 98FDFFFF FSTP QWORD PTR SS:[EBP-0x268]

00401C1E |. 83C4 08 ADD ESP,0x8

00401C21 |. DB85 04FEFFFF FILD DWORD PTR SS:[EBP-0x1FC]

00401C27 |. 83EC 08 SUB ESP,0x8

00401C2A |. DD1C24 FSTP QWORD PTR SS:[ESP]

00401C2D |. E8 84FD0000 CALL <JMP.&MSVCRTD.cos>

00401C32 |. 83C4 08 ADD ESP,0x8

00401C35 |. DC85 98FDFFFF FADD QWORD PTR SS:[EBP-0x268]

00401C3B |. 83EC 08 SUB ESP,0x8

00401C3E |. DD1C24 FSTP QWORD PTR SS:[ESP]

00401C41 |. 68 40514100 PUSH TEST.00415140 ; MD%.6f-%s

00401C46 |. 8B95 B0FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x250]

00401C4C |. 83C2 6C ADD EDX,0x6C

00401C4F |. 52 PUSH EDX ; TEST.<ModuleEntryPoint>

00401C50 |. E8 A9FA0000 CALL <JMP.&MFC42D.#2168>

00401C55 |. 83C4 14 ADD ESP,0x14

00401C58 |. 6A 00 PUSH 0x0

00401C5A |. 8B8D B0FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x250]

00401C60 |. E8 C9FA0000 CALL <JMP.&MFC42D.#5056>

00401C65 |. C645 FC 02 MOV BYTE PTR SS:[EBP-0x4],0x2

00401C69 |. 8D8D B4FEFFFF LEA ECX,DWORD PTR SS:[EBP-0x14C]

00401C6F |. E8 28F90000 CALL <JMP.&MFC42D.#684>

00401C74 |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-0x4],-0x1

00401C7B |. 8D8D 0CFEFFFF LEA ECX,DWORD PTR SS:[EBP-0x1F4]

00401C81 |. E8 CA070000 CALL TEST.00402450

00401C86 |> B8 01000000 MOV EAX,0x1

00401C8B |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC]

00401C8E |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX

00401C95 |. 5F POP EDI ; kernel32.7698343D

00401C96 |. 5E POP ESI ; kernel32.7698343D

00401C97 |. 81C4 68020000 ADD ESP,0x268

00401C9D |. 3BEC CMP EBP,ESP

00401C9F |. E8 0CFD0000 CALL <JMP.&MSVCRTD._chkesp>

00401CA4 |. 8BE5 MOV ESP,EBP

00401CA6 |. 5D POP EBP ; kernel32.7698343D

00401CA7 \. C3 RET

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

最后于 2018-11-13 23:35 被pengrubin编辑，原因：

#调试逆向

收藏・0

免费・0

支持

最新回复 (1)
jgs 雪币： 8880 活跃值： (5101) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 447 粉丝 7 关注私信	jgs 2 楼 pyg算法注册机的算法用delphi语言，看看他的说明 2018-11-17 22:22 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

pengrubin

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号