能力值:
(RANK:410 )
5 楼
用keymake做注册机也不难,但必须找出以下数据:
经过分析:
1、在程序CALL PrintChe.005EC4C4时,eax保存的应该是一个Dword数据。
2、edx保存着序列号。
3、ecx保存着序列号的长度。
4、还有一个数据是一个指向一个Dword的表
005EC4DD |. 8D3D 34977200 LEA EDI,DWORD PTR DS:[729734] ;729734是指向一个Dword的数据表,你必须找出来并将这个数据表的内容全部拷贝出来。
有了以上的数据,便可以用keymake来做注册机了。
.const
.data
szHomePage db "http://www.365hz.net" ,0
szEmail db "mailto:ljyljx@163.com" ,0
szErrMess db "输入的序列号不正确!" ,0
lpszOutBuffer db 255 dup (0)
lpszFormat db "%d" ,0 ;不清楚你的注册码是用十进制还是用十六进制显示的,所以我这里只用了十进制,如果你要的十六进制的,只需将"%d"改成"%X"即可
;这个TABLE表的数据你必须全部找出并拷贝出来,我这里只是随便做的用来测试的。
lpTable dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
dd 00000000h,11111111h,22222222h,33333333h,44444444h
.code
jmp Next
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;Pointer 005EC4C4 Function
;下面的代码是直接抄你程序的代码,只是改了一个地址。
log_5EC4C4:
push ebp
mov ebp ,esp
sub esp ,10h
push ebx
mov [ebp -0ch],ecx
mov [ebp -4],edx
mov [ebp -8],eax
lea ebx ,[ebp -10h]
pushad
lea edi ,lpTable ;edi应该是指向一个Dword数据的table表,我这里是随便定义的,你在写注册机时必须在程序里找出这个表的数据。
mov esi ,[ebp -4]
mov ax ,word ptr [ebp -8]
mov dx ,word ptr [ebp -6]
mov ecx ,[ebp -0ch]
or ecx ,ecx
jz _Exit
@@:
xor ebx ,ebx
mov bl ,al
lodsb
xor bl ,al
mov al ,ah
mov ah ,dl
mov dl ,dh
xor dh ,dh
shl bx ,1
shl bx ,1
add ebx ,edi
xor ax ,word ptr [ebx ]
xor dx ,word ptr [ebx +2]
loop @b
_Exit:
mov word ptr [ebp -10h],ax
mov word ptr [ebp -0eh],dx
popad
mov eax ,[ebx ]
pop ebx
mov esp ,ebp
pop ebp
retn
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;Program strat
Next:
invoke lstrlen ,eax
mov ecx ,eax ;ecx保存序列号长度
lea edx ,hInput1 ;edx指向序列号
mov eax ,12345678h ;你没说出eax是什么值,只好用随便找个值来做测试
call log_5EC4C4
cdq
xor eax ,edx
sub eax ,edx
invoke wsprintf ,offset lpszOutBuffer,offset lpszFormat,eax
lea eax ,lpszOutBuffer
;Program end strat
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
能力值:
(RANK:410 )
11 楼
晕,原来是CRC32的Table表啊。。。不过该算法不是CRC
.const
.data
szHomePage db "http://www.365hz.net" ,0
szEmail db "mailto:ljyljx@163.com" ,0
szErrMess db "输入的序列号不正确!" ,0
lpszOutBuffer db 255 dup (0)
lpszFormat db "%d" ,0 ;不清楚你的注册码是用十进制还是用十六进制显示的,所以我这里只用了十进制,如果你要的十六进制的,只需将"%d"改成"%X"即可
;CRC32_Table
lpTable dd 000000000h, 077073096h, 0EE0E612Ch, 0990951BAh, 0076DC419h, 0706AF48Fh, 0E963A535h, 09E6495A3h, 00EDB8832h, 079DCB8A4h
dd 0E0D5E91Eh, 097D2D988h, 009B64C2Bh, 07EB17CBDh, 0E7B82D07h, 090BF1D91h, 01DB71064h, 06AB020F2h, 0F3B97148h, 084BE41DEh
dd 01ADAD47Dh, 06DDDE4EBh, 0F4D4B551h, 083D385C7h, 0136C9856h, 0646BA8C0h, 0FD62F97Ah, 08A65C9ECh, 014015C4Fh, 063066CD9h
dd 0FA0F3D63h, 08D080DF5h, 03B6E20C8h, 04C69105Eh, 0D56041E4h, 0A2677172h, 03C03E4D1h, 04B04D447h, 0D20D85FDh, 0A50AB56Bh
dd 035B5A8FAh, 042B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 032D86CE3h, 045DF5C75h, 0DCD60DCFh, 0ABD13D59h, 026D930ACh, 051DE003Ah
dd 0C8D75180h, 0BFD06116h, 021B4F4B5h, 056B3C423h, 0CFBA9599h, 0B8BDA50Fh, 02802B89Eh, 05F058808h, 0C60CD9B2h, 0B10BE924h
dd 02F6F7C87h, 058684C11h, 0C1611DABh, 0B6662D3Dh, 076DC4190h, 001DB7106h, 098D220BCh, 0EFD5102Ah, 071B18589h, 006B6B51Fh
dd 09FBFE4A5h, 0E8B8D433h, 07807C9A2h, 00F00F934h, 09609A88Eh, 0E10E9818h, 07F6A0DBBh, 0086D3D2Dh, 091646C97h, 0E6635C01h
dd 06B6B51F4h, 01C6C6162h, 0856530D8h, 0F262004Eh, 06C0695EDh, 01B01A57Bh, 08208F4C1h, 0F50FC457h, 065B0D9C6h, 012B7E950h
dd 08BBEB8EAh, 0FCB9887Ch, 062DD1DDFh, 015DA2D49h, 08CD37CF3h, 0FBD44C65h, 04DB26158h, 03AB551CEh, 0A3BC0074h, 0D4BB30E2h
dd 04ADFA541h, 03DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 04369E96Ah, 0346ED9FCh, 0AD678846h, 0DA60B8D0h, 044042D73h, 033031DE5h
dd 0AA0A4C5Fh, 0DD0D7CC9h, 05005713Ch, 0270241AAh, 0BE0B1010h, 0C90C2086h, 05768B525h, 0206F85B3h, 0B966D409h, 0CE61E49Fh
dd 05EDEF90Eh, 029D9C998h, 0B0D09822h, 0C7D7A8B4h, 059B33D17h, 02EB40D81h, 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 09ABFB3B6h
dd 003B6E20Ch, 074B1D29Ah, 0EAD54739h, 09DD277AFh, 004DB2615h, 073DC1683h, 0E3630B12h, 094643B84h, 00D6D6A3Eh, 07A6A5AA8h
dd 0E40ECF0Bh, 09309FF9Dh, 00A00AE27h, 07D079EB1h, 0F00F9344h, 08708A3D2h, 01E01F268h, 06906C2FEh, 0F762575Dh, 0806567CBh
dd 0196C3671h, 06E6B06E7h, 0FED41B76h, 089D32BE0h, 010DA7A5Ah, 067DD4ACCh, 0F9B9DF6Fh, 08EBEEFF9h, 017B7BE43h, 060B08ED5h
dd 0D6D6A3E8h, 0A1D1937Eh, 038D8C2C4h, 04FDFF252h, 0D1BB67F1h, 0A6BC5767h, 03FB506DDh, 048B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch
dd 036034AF6h, 041047A60h, 0DF60EFC3h, 0A867DF55h, 0316E8EEFh, 04669BE79h, 0CB61B38Ch, 0BC66831Ah, 0256FD2A0h, 05268E236h
dd 0CC0C7795h, 0BB0B4703h, 0220216B9h, 05505262Fh, 0C5BA3BBEh, 0B2BD0B28h, 02BB45A92h, 05CB36A04h, 0C2D7FFA7h, 0B5D0CF31h
dd 02CD99E8Bh, 05BDEAE1Dh, 09B64C2B0h, 0EC63F226h, 0756AA39Ch, 0026D930Ah, 09C0906A9h, 0EB0E363Fh, 072076785h, 005005713h
dd 095BF4A82h, 0E2B87A14h, 07BB12BAEh, 00CB61B38h, 092D28E9Bh, 0E5D5BE0Dh, 07CDCEFB7h, 00BDBDF21h, 086D3D2D4h, 0F1D4E242h
dd 068DDB3F8h, 01FDA836Eh, 081BE16CDh, 0F6B9265Bh, 06FB077E1h, 018B74777h, 088085AE6h, 0FF0F6A70h, 066063BCAh, 011010B5Ch
dd 08F659EFFh, 0F862AE69h, 0616BFFD3h, 0166CCF45h, 0A00AE278h, 0D70DD2EEh, 04E048354h, 03903B3C2h, 0A7672661h, 0D06016F7h
dd 04969474Dh, 03E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 040DF0B66h, 037D83BF0h, 0A9BCAE53h, 0DEBB9EC5h, 047B2CF7Fh, 030B5FFE9h
dd 0BDBDF21Ch, 0CABAC28Ah, 053B39330h, 024B4A3A6h, 0BAD03605h, 0CDD70693h, 054DE5729h, 023D967BFh, 0B3667A2Eh, 0C4614AB8h
dd 05D681B02h, 02A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 05A05DF1Bh, 02D02EF8Dh
.code
jmp Next
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;Pointer 005EC4C4 Function
log_5EC4C4:
push ebp
mov ebp ,esp
sub esp ,10h
push ebx
mov [ebp -0ch],ecx
mov [ebp -4],edx
mov [ebp -8],eax
lea ebx ,[ebp -10h]
pushad
lea edi ,lpTable ;edi应该是指向一个Dword数据的table表,我这里是随便定义的,你在写注册机时必须在程序里找出这个表的数据。
mov esi ,[ebp -4]
mov ax ,word ptr [ebp -8]
mov dx ,word ptr [ebp -6]
mov ecx ,[ebp -0ch]
or ecx ,ecx
jz _Exit
@@:
xor ebx ,ebx
mov bl ,al
lodsb
xor bl ,al
mov al ,ah
mov ah ,dl
mov dl ,dh
xor dh ,dh
shl bx ,1
shl bx ,1
add ebx ,edi
xor ax ,word ptr [ebx ]
xor dx ,word ptr [ebx +2]
loop @b
_Exit:
mov word ptr [ebp -10h],ax
mov word ptr [ebp -0eh],dx
popad
mov eax ,[ebx ]
pop ebx
mov esp ,ebp
pop ebp
retn
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;Program strat
Next:
invoke lstrlen ,eax
mov ecx ,eax ;ecx保存序列号长度
lea edx ,hInput1 ;edx指向序列号
call log_5EC4C4
cdq
xor eax ,edx
sub eax ,edx
invoke wsprintf ,offset lpszOutBuffer,offset lpszFormat,eax
lea eax ,lpszOutBuffer
;Program end strat
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>