首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 看雪社区
  2. 软件逆向
    3. 发新帖
****管理系统标准版注册算法
2006-5-25 00:05 9420

****管理系统标准版注册算法

lq7972 活跃值
4
2006-5-25 00:05
9420
【目标软件】HRMIS人力资源管理系统标准版
【破解工具】IDA、SoftICE
【破解目标】得到注册算法
【参考资料】dREAMtHEATER 《Delphi 对象模型学习笔记》http://dreamtheater.reg365.com/papers/Object.htm
这个软件采用了Delphi类虚拟方法来保护注册机制,dREAMtHEATER老大的文章对Delphi类的虚拟方法表格和动态方法表格讲的很清楚
【说明】这个是人事部的老大要试用下,却没试用版;要我帮破下,就做了它;几个月了,一直没时间整理贴上来;今天花时间搞上来,没其他不良企图,只是想与大家交流

开始~
主程序文件用的壳是ASPack 2.12 -> Alexey Solodovnikov,很好脱;找个ASPack的脱壳机脱壳,是Borland Delphi程序

用IDA反汇编,在Strings中找到'请及时注册,谢谢!'的提示串:
CODE:005C3DA0     aIVS            db '请及时注册,谢谢!',0 ; DATA XREF: sub_5C3B8C+1A2o

。。。
 
CODE:005C3C6E 020                 lea     eax, [ebp+var_4]
CODE:005C3C71 020                 push    eax
CODE:005C3C72 024                 lea     edx, [ebp+var_11C]
CODE:005C3C78 024                 mov     eax, esi
CODE:005C3C7A 024                 mov     bx, -10h        ; call sub_5C3638,这个地方是取得卷信息★★
CODE:005C3C7E 024                 call    @System@@CallDynaInst$qqrv ; System::__linkproc__ CallDynaInst(void)
CODE:005C3C83 024                 mov     eax, [ebp+var_11C]
CODE:005C3C89 024                 push    eax
CODE:005C3C8A 028                 lea     eax, [ebp+var_120]
CODE:005C3C90 028                 lea     edx, [esi+0A6h]
CODE:005C3C96 028                 call    unknown_libname_10 ; LStrFromPCharLen(System::AnsiString &,char *,int)
CODE:005C3C96                                             ; 分配并从 PChar 复制指定长度的 AnsiString
CODE:005C3C96                                             ; EAX :目标字符串
CODE:005C3C96                                             ; EDX :源字符串
CODE:005C3C96                                             ; ECX :要复制的长度
CODE:005C3C96                                             ;
CODE:005C3C9B 028                 mov     edx, [ebp+var_120]
CODE:005C3CA1 028                 mov     eax, esi
CODE:005C3CA3 028                 pop     ecx
CODE:005C3CA4 024                 mov     bx, -12h        ; call sub_5C3848,这个地方就是注册算法▲▲▲
CODE:005C3CA8 024                 call    @System@@CallDynaInst$qqrv ; System::__linkproc__ CallDynaInst(void)
CODE:005C3CAD 024                 lea     eax, [ebp+var_124]
CODE:005C3CB3 024                 lea     edx, [esi+254h]
CODE:005C3CB9 024                 call    unknown_libname_10 ; LStrFromPCharLen(System::AnsiString &,char *,int)
CODE:005C3CB9                                             ; 分配并从 PChar 复制指定长度的 AnsiString
CODE:005C3CB9                                             ; EAX :目标字符串
CODE:005C3CB9                                             ; EDX :源字符串
CODE:005C3CB9                                             ; ECX :要复制的长度
CODE:005C3CB9                                             ;
CODE:005C3CBE 024                 mov     eax, [ebp+var_124]
CODE:005C3CC4 024                 mov     edx, [ebp+var_4]
CODE:005C3CC7 024                 call    @System@@LStrCmp$qqrv ; System::__linkproc__ LStrCmp(void)
CODE:005C3CCC 024                 jz      loc_5C3D5E
CODE:005C3CD2 024                 mov     ebx, 1
CODE:005C3CD7
CODE:005C3CD7     loc_5C3CD7:                             ; CODE XREF: sub_5C3B8C+17Aj
CODE:005C3CD7 024                 lea     eax, [ebp+var_128]
CODE:005C3CDD 024                 lea     edx, [esi+254h]
CODE:005C3CE3 024                 call    unknown_libname_10 ; CBuilder 4 and Delphi 4 VCL
CODE:005C3CE8 024                 mov     eax, [ebp+var_128] ; 用户输入的注册码
CODE:005C3CEE 024                 mov     edx, [ebp+var_4] ; 程序计算的注册码
CODE:005C3CF1 024                 call    @System@@LStrCmp$qqrv ; 注册码比较
CODE:005C3CF6 024                 jz      short loc_5C3D08 ; 注册成功,跳
CODE:005C3CF8 024                 lea     edx, [ebp+var_4]
CODE:005C3CFB 024                 mov     eax, esi
CODE:005C3CFD 024                 call    sub_5C3DE4      ; 注册对话框
CODE:005C3D02 024                 inc     ebx
CODE:005C3D03 024                 cmp     ebx, 4          ; 每次运行,可输入3次
CODE:005C3D06 024                 jnz     short loc_5C3CD7
CODE:005C3D08
CODE:005C3D08     loc_5C3D08:                             ; CODE XREF: sub_5C3B8C+16Aj
CODE:005C3D08 024                 cmp     ebx, 3
CODE:005C3D0B 024                 jl      short loc_5C3D3D
CODE:005C3D0D 024                 lea     eax, [ebp+var_12C]
CODE:005C3D13 024                 lea     edx, [esi+254h]
CODE:005C3D19 024                 call    unknown_libname_10 ; CBuilder 4 and Delphi 4 VCL
CODE:005C3D1E 024                 mov     eax, [ebp+var_12C]
CODE:005C3D24 024                 mov     edx, [ebp+var_4]
CODE:005C3D27 024                 call    @System@@LStrCmp$qqrv ; System::__linkproc__ LStrCmp(void)
CODE:005C3D2C 024                 jz      short loc_5C3D3D
CODE:005C3D2E 024                 mov     eax, offset aIVS ; "请及时注册,谢谢!"

; =====================
; CallDynaInst 调用
; call sub_5C3638,这个地方是取得卷信息★★
CODE:005C3638     sub_5C3638      proc near
CODE:005C3638
CODE:005C3638     var_110         = dword ptr -110h
CODE:005C3638     var_10C         = dword ptr -10Ch
CODE:005C3638     FileSystemNameBuffer= byte ptr -108h
CODE:005C3638     FileSystemFlags = dword ptr -8
CODE:005C3638     MaximumComponentLength= dword ptr -4
CODE:005C3638
CODE:005C3638 000                 push    ebp
CODE:005C3639 004                 mov     ebp, esp
CODE:005C363B 004                 add     esp, 0FFFFFEF0h
CODE:005C3641 114                 push    ebx
CODE:005C3642 118                 push    esi
CODE:005C3643 11C                 push    edi
CODE:005C3644 120                 xor     ecx, ecx
CODE:005C3646 120                 mov     [ebp+var_10C], ecx
CODE:005C364C 120                 mov     [ebp+var_110], ecx
CODE:005C3652 120                 mov     edi, edx
CODE:005C3654 120                 xor     eax, eax
CODE:005C3656 120                 push    ebp
CODE:005C3657 124                 push    offset loc_5C3712
CODE:005C365C 128                 push    dword ptr fs:[eax]
CODE:005C365F 12C                 mov     fs:[eax], esp
CODE:005C3662 12C                 mov     eax, 4
CODE:005C3667 12C                 call    @System@@GetMem$qqrv ; System::__linkproc__ GetMem(void)
CODE:005C366C 12C                 mov     ebx, eax
CODE:005C366E 12C                 push    100h            ; nFileSystemNameSize
CODE:005C3673 130                 lea     eax, [ebp+FileSystemNameBuffer]
CODE:005C3679 130                 push    eax             ; lpFileSystemNameBuffer
CODE:005C367A 134                 lea     eax, [ebp+FileSystemFlags]
CODE:005C367D 134                 push    eax             ; lpFileSystemFlags
CODE:005C367E 138                 lea     eax, [ebp+MaximumComponentLength]
CODE:005C3681 138                 push    eax             ; lpMaximumComponentLength
CODE:005C3682 13C                 push    ebx             ; lpVolumeSerialNumber
CODE:005C3683 140                 push    0               ; nVolumeNameSize
CODE:005C3685 144                 push    0               ; lpVolumeNameBuffer
CODE:005C3687 148                 push    offset off_5C3720 ; lpRootPathName
CODE:005C368C 14C                 call    GetVolumeInformationA

; call sub_5C3848,这个地方就是注册算法▲▲▲
CODE:005C3848     sub_5C3848      proc near
CODE:005C3848
CODE:005C3848     var_38          = dword ptr -38h
CODE:005C3848     var_34          = dword ptr -34h
CODE:005C3848     FrmVolInfoStr[j]= byte ptr -2Eh
CODE:005C3848     FrmVolInfoStr[i]= byte ptr -2Dh
CODE:005C3848     var_2C          = dword ptr -2Ch
CODE:005C3848     var_28          = dword ptr -28h
CODE:005C3848     var_24          = dword ptr -24h
CODE:005C3848     var_20          = dword ptr -20h
CODE:005C3848     var_1C          = dword ptr -1Ch
CODE:005C3848     FrmVolInfoStr[j]_tmp= dword ptr -18h
CODE:005C3848     FrmVolInfoStr[i]_Tmp= dword ptr -14h
CODE:005C3848     BuildinStr_01   = dword ptr -10h
CODE:005C3848     FrmVolInfoStr   = dword ptr -0Ch
CODE:005C3848     UserOrganizationName= dword ptr -8
CODE:005C3848     var_4           = dword ptr -4
CODE:005C3848     arg_0           = dword ptr  8
CODE:005C3848
CODE:005C3848 000                 push    ebp
CODE:005C3849 004                 mov     ebp, esp
CODE:005C384B 004                 push    ecx
CODE:005C384C 008                 mov     ecx, 6
CODE:005C3851
CODE:005C3851     loc_5C3851:                             ; CODE XREF: sub_5C3848+Ej
CODE:005C3851 008                 push    0
CODE:005C3853 00C                 push    0               ;  i,从0到末位
CODE:005C3853                                             ;  j,从末位到0
CODE:005C3853                                             ;
CODE:005C3855 010                 dec     ecx
CODE:005C3856 010                 jnz     short loc_5C3851
CODE:005C3858 010                 push    ecx
CODE:005C3859 014                 xchg    ecx, [ebp+var_4] ; 格式化卷信息串
CODE:005C385C 014                 push    ebx
CODE:005C385D 018                 push    esi
CODE:005C385E 01C                 push    edi
CODE:005C385F 020                 mov     [ebp+FrmVolInfoStr], ecx
CODE:005C3862 020                 mov     [ebp+UserOrganizationName], edx ; 用户填入的单位名称
CODE:005C3862                                             ; 注意:这个名称是经过了变换的
CODE:005C3862                                             ; 方法是:取第一个,取最末位,取第二个,取倒数第二个,。。。
CODE:005C3865 020                 mov     [ebp+var_4], eax
CODE:005C3868 020                 mov     eax, [ebp+UserOrganizationName]
CODE:005C386B 020                 call    @@LStrAddRef    ; __linkproc__ LStrAddRef
CODE:005C3870 020                 mov     eax, [ebp+FrmVolInfoStr]
CODE:005C3873 020                 call    @@LStrAddRef    ; __linkproc__ LStrAddRef
CODE:005C3878 020                 xor     eax, eax
CODE:005C387A 020                 push    ebp
CODE:005C387B 024                 push    offset loc_5C3A4A
CODE:005C3880 028                 push    dword ptr fs:[eax]
CODE:005C3883 02C                 mov     fs:[eax], esp
CODE:005C3886 02C                 lea     edx, [ebp+var_34]
CODE:005C3889 02C                 mov     eax, [ebp+var_4]
CODE:005C388C 02C                 mov     eax, [eax+28h]  ; "FD52F4F6-E33E-4866-A232-E5A1C8CE0E62_STAND_HRMIS_ShangXin_HeLuo"
CODE:005C388F 02C                 call    @Sysutils@Trim$qqrx17System@AnsiString ; Sysutils::Trim(System::AnsiString)
CODE:005C3894 02C                 cmp     [ebp+var_34], 0
CODE:005C3898 02C                 jz      short loc_5C38AA ; 上面的串为空,则取下面的串
CODE:005C389A 02C                 lea     eax, [ebp+BuildinStr_01]
CODE:005C389D 02C                 mov     edx, [ebp+var_4]
CODE:005C38A0 02C                 mov     edx, [edx+28h]
CODE:005C38A3 02C                 call    @@LStrLAsg      ; __linkproc__ LStrLAsg
CODE:005C38A8 02C                 jmp     short loc_5C38B7 ; 卷信息串
CODE:005C38AA     ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CODE:005C38AA
CODE:005C38AA     loc_5C38AA:                             ; CODE XREF: sub_5C3848+50j
CODE:005C38AA 02C                 lea     eax, [ebp+BuildinStr_01]
CODE:005C38AD 02C                 mov     edx, offset aZxasdqexcsrfcw ; "#zXaSDqExCsRFcW$VdevJMfrbgNtnhymju,kilo"...
CODE:005C38B2 02C                 call    @@LStrLAsg      ; __linkproc__ LStrLAsg
CODE:005C38B7
CODE:005C38B7     loc_5C38B7:                             ; CODE XREF: sub_5C3848+60j
CODE:005C38B7 02C                 mov     eax, [ebp+FrmVolInfoStr] ; 卷信息串
CODE:005C38BA 02C                 call    sub_404464
CODE:005C38BF 02C                 mov     esi, eax        ; 卷信息串长度
CODE:005C38C1 02C                 jmp     short loc_5C38CE
CODE:005C38C3     ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CODE:005C38C3
CODE:005C38C3     loc_5C38C3:                             ; CODE XREF: sub_5C3848+90j
CODE:005C38C3 02C                 lea     eax, [ebp+BuildinStr_01]
CODE:005C38C6 02C                 mov     edx, [ebp+BuildinStr_01]
CODE:005C38C9 02C                 call    @System@@LStrCat$qqrv ; System::__linkproc__ LStrCat(void)
CODE:005C38CE
CODE:005C38CE     loc_5C38CE:                             ; CODE XREF: sub_5C3848+79j
CODE:005C38CE 02C                 mov     eax, [ebp+BuildinStr_01]
CODE:005C38D1 02C                 call    sub_404464
CODE:005C38D6 02C                 cmp     esi, eax
CODE:005C38D8 02C                 jg      short loc_5C38C3 ;
CODE:005C38D8                                             ;
CODE:005C38D8                                             ;
CODE:005C38D8                                             ;
CODE:005C38DA 02C                 lea     ecx, [ebp+var_38]
CODE:005C38DD 02C                 mov     edx, [ebp+UserOrganizationName]
CODE:005C38E0 02C                 mov     eax, [ebp+var_4]
CODE:005C38E3 02C                 call    sub_5C3770      ; 对单位名称进行运算,如下
CODE:005C38E3                                             ; 注意:UserUnitName变成了
CODE:005C38E3                                             ;       UserUnitName_BuildinStr_01
CODE:005C38E8 02C                 mov     edx, [ebp+var_38]
CODE:005C38EB 02C                 lea     eax, [ebp+UserOrganizationName]
CODE:005C38EE 02C                 call    @@LStrLAsg      ; __linkproc__ LStrLAsg
CODE:005C38F3 02C                 lea     eax, [ebp+UserOrganizationName]
CODE:005C38F6 02C                 mov     edx, [ebp+BuildinStr_01]
CODE:005C38F9 02C                 call    @System@@LStrCat$qqrv ; System::__linkproc__ LStrCat(void)
CODE:005C38FE 02C                 mov     eax, [ebp+arg_0]
CODE:005C3901 02C                 call    @@LStrClr       ; __linkproc__ LStrClr
CODE:005C3906 02C                 mov     edi, esi
CODE:005C3908 02C                 test    edi, edi
CODE:005C390A 02C                 jle     loc_5C3A22
CODE:005C3910 02C                 mov     ebx, 1          ; counter
CODE:005C3915
CODE:005C3915     loc_5C3915:                             ; CODE XREF: sub_5C3848+1D4j
CODE:005C3915 02C                 mov     eax, [ebp+FrmVolInfoStr]
CODE:005C3918 02C                 mov     al, [eax+ebx-1] ; 从前往后取字符
CODE:005C391C 02C                 mov     [ebp+FrmVolInfoStr[i]], al
CODE:005C391F 02C                 mov     eax, esi        ; length of FrmVolInfoStr
CODE:005C3921 02C                 sub     eax, ebx
CODE:005C3923 02C                 mov     edx, [ebp+FrmVolInfoStr]
CODE:005C3926 02C                 mov     al, [edx+eax]   ; 从后往前取字符
CODE:005C3929 02C                 mov     [ebp+FrmVolInfoStr[j]], al
CODE:005C392C 02C                 lea     edx, [ebp+FrmVolInfoStr[i]_Tmp] ; FrmVolInfoStr[i]
CODE:005C392F 02C                 xor     eax, eax
CODE:005C3931 02C                 mov     al, [ebp+FrmVolInfoStr[i]]
CODE:005C3934 02C                 call    @Sysutils@IntToStr$qqri ; Sysutils::IntToStr(int)
CODE:005C3939 02C                 mov     eax, [ebp+var_4]
CODE:005C393C 02C                 cmp     byte ptr [eax+40h], 0
CODE:005C3940 02C                 jz      short loc_5C395E
CODE:005C3942 02C                 mov     eax, [ebp+BuildinStr_01]
CODE:005C3945 02C                 movzx   eax, byte ptr [eax+ebx-1]
CODE:005C394A 02C                 mov     edx, [ebp+UserOrganizationName]
CODE:005C394D 02C                 movzx   edx, byte ptr [edx+ebx-1]
CODE:005C3952 02C                 add     eax, edx        ; BuildinStr_01[i]+UserUnitName[i]
CODE:005C3954 02C                 lea     edx, [ebp+var_28]
CODE:005C3957 02C                 call    @Sysutils@IntToStr$qqri ; Sysutils::IntToStr(int)
CODE:005C395C 02C                 jmp     short loc_5C396E ; FrmVolInfoStr[j]
CODE:005C395E     ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CODE:005C395E
CODE:005C395E     loc_5C395E:                             ; CODE XREF: sub_5C3848+F8j
CODE:005C395E 02C                 lea     edx, [ebp+var_28]
CODE:005C3961 02C                 mov     eax, [ebp+BuildinStr_01]
CODE:005C3964 02C                 movzx   eax, byte ptr [eax+ebx-1]
CODE:005C3969 02C                 call    @Sysutils@IntToStr$qqri ; Sysutils::IntToStr(int)
CODE:005C396E
CODE:005C396E     loc_5C396E:                             ; CODE XREF: sub_5C3848+114j
CODE:005C396E 02C                 lea     edx, [ebp+FrmVolInfoStr[j]_tmp] ; FrmVolInfoStr[j]
CODE:005C3971 02C                 xor     eax, eax
CODE:005C3973 02C                 mov     al, [ebp+FrmVolInfoStr[j]]
CODE:005C3976 02C                 call    @Sysutils@IntToStr$qqri ; Sysutils::IntToStr(int)
CODE:005C397B 02C                 mov     eax, [ebp+FrmVolInfoStr[i]_Tmp]
CODE:005C397E 02C                 call    sub_404464
CODE:005C3983 02C                 mov     edx, [ebp+FrmVolInfoStr[i]_Tmp]
CODE:005C3986 02C                 mov     dl, [edx+eax-1]
CODE:005C398A 02C                 lea     eax, [ebp+var_1C]
CODE:005C398D 02C                 call    unknown_libname_6 ; CBuilder 4 and Delphi 4 VCL
CODE:005C3992 02C                 mov     eax, [ebp+FrmVolInfoStr[j]_tmp] ; 卷信息,从后往前取的字符
CODE:005C3995 02C                 call    sub_404464
CODE:005C399A 02C                 mov     edx, [ebp+FrmVolInfoStr[j]_tmp]
CODE:005C399D 02C                 mov     dl, [edx+eax-1]
CODE:005C39A1 02C                 lea     eax, [ebp+var_20] ; FrmVolInfoStr[j]_tmp,串末位
CODE:005C39A4 02C                 call    unknown_libname_6 ; CBuilder 4 and Delphi 4 VCL
CODE:005C39A9 02C                 mov     eax, [ebp+var_28] ; UserUnitName[i]+BuildinStr_01[i]
CODE:005C39AC 02C                 call    sub_404464
CODE:005C39B1 02C                 mov     edx, [ebp+var_28]
CODE:005C39B4 02C                 mov     dl, [edx+eax-1]
CODE:005C39B8 02C                 lea     eax, [ebp+var_2C] ; UserUnitName[i]+BuildinStr_01[i],串末位
CODE:005C39BB 02C                 call    unknown_libname_6 ; CBuilder 4 and Delphi 4 VCL
CODE:005C39C0 02C                 mov     eax, [ebp+var_1C] ; FrmVolInfoStr[i]_tmp,串末位
CODE:005C39C3 02C                 call    @StrToInt
CODE:005C39C8 02C                 push    eax
CODE:005C39C9 030                 mov     eax, [ebp+var_20]
CODE:005C39CC 030                 call    @StrToInt
CODE:005C39D1 030                 pop     edx
CODE:005C39D2 02C                 add     edx, eax
CODE:005C39D4 02C                 push    edx
CODE:005C39D5 030                 mov     eax, [ebp+var_2C]
CODE:005C39D8 030                 call    @StrToInt
CODE:005C39DD 030                 mov     edx, eax
CODE:005C39DF 030                 pop     eax
CODE:005C39E0 02C                 add     eax, edx
CODE:005C39E2 02C                 lea     edx, [ebp+var_24] ; FrmVolINfoStr[i]_tmp+FrmVolInfoStr[j]_tmp+(UserUnitName[i]+BuildinStr_01[i])
CODE:005C39E5 02C                 call    @Sysutils@IntToStr$qqri ; Sysutils::IntToStr(int)
CODE:005C39EA 02C                 mov     eax, [ebp+var_24]
CODE:005C39ED 02C                 call    sub_404464
CODE:005C39F2 02C                 dec     eax
CODE:005C39F3 02C                 jle     short loc_5C3A0C ; 只有一位,jump;否则取末位
CODE:005C39F5 02C                 mov     eax, [ebp+var_24]
CODE:005C39F8 02C                 call    sub_404464
CODE:005C39FD 02C                 mov     edx, [ebp+var_24]
CODE:005C3A00 02C                 mov     dl, [edx+eax-1]
CODE:005C3A04 02C                 lea     eax, [ebp+var_24]
CODE:005C3A07 02C                 call    unknown_libname_6 ; CBuilder 4 and Delphi 4 VCL
CODE:005C3A0C
CODE:005C3A0C     loc_5C3A0C:                             ; CODE XREF: sub_5C3848+1ABj
CODE:005C3A0C 02C                 mov     eax, [ebp+arg_0]
CODE:005C3A0F 02C                 mov     edx, [ebp+var_24]
CODE:005C3A12 02C                 call    @System@@LStrCat$qqrv ; System::__linkproc__ LStrCat(void)
CODE:005C3A17 02C                 mov     eax, [ebp+arg_0]
CODE:005C3A1A 02C                 inc     ebx
CODE:005C3A1B 02C                 dec     edi
CODE:005C3A1C 02C                 jnz     loc_5C3915
CODE:005C3A22
CODE:005C3A22     loc_5C3A22:                             ; CODE XREF: sub_5C3848+C2j
CODE:005C3A22 02C                 xor     eax, eax
CODE:005C3A24 02C                 pop     edx
CODE:005C3A25 028                 pop     ecx
CODE:005C3A26 024                 pop     ecx
CODE:005C3A27 020                 mov     fs:[eax], edx
CODE:005C3A2A 020                 push    offset loc_5C3A51
CODE:005C3A2F
CODE:005C3A2F     loc_5C3A2F:                             ; CODE XREF: sub_5C3848+207j
CODE:005C3A2F 024                 lea     eax, [ebp+var_38]
CODE:005C3A32 024                 mov     edx, 2
CODE:005C3A37
CODE:005C3A37     loc_5C3A37:                             ; DATA XREF: CODE:off_5E7484o
CODE:005C3A37 024                 call    @@LStrArrayClr  ; __linkproc__ LStrArrayClr
CODE:005C3A3C 024                 lea     eax, [ebp+var_2C]
CODE:005C3A3F
CODE:005C3A3F     loc_5C3A3F:                             ; DATA XREF: CODE:off_9C6C60o
CODE:005C3A3F                                             ; CODE:off_5C3720o ...
CODE:005C3A3F 024                 mov     edx, 0Ah
CODE:005C3A44 024                 call    @@LStrArrayClr  ; __linkproc__ LStrArrayClr
CODE:005C3A49 024                 retn
CODE:005C3A4A     ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CODE:005C3A4A
CODE:005C3A4A     loc_5C3A4A:                             ; DATA XREF: sub_5C3848+33o
CODE:005C3A4A 020                 jmp     @System@@HandleFinally$qqrv ; System::__linkproc__ HandleFinally(void)
CODE:005C3A4F     ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CODE:005C3A4F 020                 jmp     short loc_5C3A2F
CODE:005C3A51     ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CODE:005C3A51
CODE:005C3A51     loc_5C3A51:                             ; DATA XREF: sub_5C3848+1E2o
CODE:005C3A51 020                 pop     edi
CODE:005C3A52 01C                 pop     esi
CODE:005C3A53 018                 pop     ebx
CODE:005C3A54 014                 mov     esp, ebp
CODE:005C3A56 004                 pop     ebp
CODE:005C3A57 000                 retn    4
CODE:005C3A57     sub_5C3848      endp
CODE:005C3A57


=========================
算法还简单,下面是Delphi写的注册机,照抄上面的分析:
{-----------------------------------------------------}
// proc: GenerateRegCode
// author:  lq7972
//
{-----------------------------------------------------}
 
function GenerateRegCode: string;
const
  BUILDIN_STR_01 : string =
    'FD52F4F6-E33E-4866-A232-E5A1C8CE0E62_STAND_HRMIS_ShangXin_HeLuo';
  BUILDIN_STR_02 : string =
    '#zXaSDqExCsRFcW$VdevJMfrbgNtnhymju,kilo/;p!QAZ@%T.GB^YwH\&[U*-]=IK<(OL>)P:?_{+}|~';
var            
  pcFileSystemNameBuf: PChar;
  nMaxComponentLen, nFileSystemFlags: Cardinal;
  pdVolumeSerialNumber: PDWORD;
  sVolInfo: string;            
  c: Char;
  i, j, k, l, m, n, x, y: Integer;
  s: string;
  a, b, z: Integer;
  sName, s1, s2, str: string;
  sRegCode: string;
begin
  New(pdVolumeSerialNumber);
  GetMem(pcFileSystemNameBuf, 100);

  try
    if GetVolumeInformation('C:\', nil, 0,
         pdVolumeSerialNumber, nMaxComponentLen,
         nFileSystemFlags, pcFileSystemNameBuf, 100)
    then begin
      sRegCode := '';
      
      sName := '';
      s := '';
      sName := edtName.Text;
      l := Length(sName);
      if (l mod 2)=0 then k := trunc(l/2)
      else k := trunc(l/2+1);
      for i := 1 to k do
      begin
        s1 := sName[i];
        j := l-i+1;
        if i=j Then
        begin  
          s := s + s1;
          Break;
        end;
        s2 := sName[j];
        s := s + (s1+s2);
      end;
      str := s + BUILDIN_STR_01;
      
      sVolInfo := IntToStr(pdVolumeSerialNumber^) + pcFileSystemNameBuf;
      l := Length(sVolInfo);
      for i := 1 to l do
      begin
        j := l-i+1;

        c := sVolInfo[i];
        m := Ord(c);
        s := IntToStr(m);
        k := Length(s);
        x := StrToInt(s[k]);

        c := sVolInfo[j];
        m := Ord(c);
        s := IntToStr(m);
        k := Length(s);
        y := StrToInt(s[k]);

        s := IntToStr(x+y);
        k := Length(s);
        a := StrToInt(s[k]);

        //
        c := BUILDIN_STR_01[i];
        m := Ord(c);
        c := str[i];
        n := Ord(c);
        m := m + n;
        s := IntToStr(m);
        k := Length(s);
        b := StrToInt(s[k]);

        z := a + b;
        s := IntToStr(z);
        k := Length(s);

        sRegCode := sRegCode + s[k];
      end;

      Result := sRegCode;
    end;
  finally
    Dispose(pdVolumeSerialNumber);
    FreeMem(pcFileSystemNameBuf, 100);
  end;
end;

==========
thx
end

阿里云助力开发者!2核2G 3M带宽不限流量!6.18限时价,开 发者可享99元/年,续费同价!

收藏
点赞7
打赏
分享
最新回复 (13)
紫色缘
雪    币: 253
活跃值: (25)
能力值: ( LV9,RANK:290 )
在线值:
发帖
回帖
粉丝
私信
紫色缘 7 2006-5-25 08:03
2
0
学习~
baby2008
雪    币: 442
活跃值: (1216)
能力值: ( LV12,RANK:1130 )
在线值:
发帖
回帖
粉丝
私信
baby2008 28 2006-5-25 08:50
3
0
很想知道楼主贴的代码,其中注释效果是怎样出来的,前面IDA,后面Dede,不会是一行一行手工复制粘贴上去的吧?
lq7972
雪    币: 271
活跃值: (226)
能力值: ( LV9,RANK:170 )
在线值:
发帖
回帖
粉丝
私信
lq7972 4 2006-5-26 08:50
4
0
一行一行手工复制
看论坛帮助
http://bbs.pediy.com/misc.php?s=&action=bbcode
scmeec
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
scmeec 2006-5-26 10:30
5
0
好文章,学习收藏!
stonewp
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
stonewp 2006-6-8 16:56
6
0
老大
这个软件的下载地址在那里啊~??????
bfqyygy
雪    币: 338
活跃值: (10)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
bfqyygy 1 2006-6-8 19:53
7
0
好文..
lq7972
雪    币: 271
活跃值: (226)
能力值: ( LV9,RANK:170 )
在线值:
发帖
回帖
粉丝
私信
lq7972 4 2006-6-12 17:20
8
0
最初由 stonewp 发布
老大
这个软件的下载地址在那里啊~??????



呵呵,这个软件网上好像没得下
如需要,留言,我可以传给你,iso包有214M
bfqyygy
雪    币: 338
活跃值: (10)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
bfqyygy 1 2006-6-12 20:50
9
0
好文章..收下.慢慢研究!
djzxzzm
雪    币: 221
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
djzxzzm 2006-6-13 08:07
10
0
我正在弄10000多人的工资,我想试一下,QQ:280036597
stonewp
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
stonewp 2006-7-10 16:29
11
0
老大,可不可以给个这个软件的下载连接阿
我也想找葫芦画瓢试试
tufei19810815@263.net
QQ:30926926
lq7972
雪    币: 271
活跃值: (226)
能力值: ( LV9,RANK:170 )
在线值:
发帖
回帖
粉丝
私信
lq7972 4 2006-8-26 18:18
12
0
最近忙项目,没来看雪了
周一上下q加两位传吧
stonewp
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
stonewp 2006-11-3 23:41
13
0
最初由 lq7972 发布
最近忙项目,没来看雪了
周一上下q加两位传吧


楼主你QQ多少啊?俺可一直侯着你呢
stonewp
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
stonewp 2006-11-7 09:46
14
0
[QUOTE]最初由 lq7972 发布

呵呵,这个软件网上好像没得下
如需要,留言,我可以传给你,iso包有214M [/QUOT]

老大,俺又来了~你在不在哦?
tufei19810815@263.net
30926926
游客
登录 | 注册 方可回帖
 回帖  表情 雪币赚取及消费
高级回复
返回