前言:
我还是费话少说了。。最近比较忙时间也很少,吃饭抽空看了下。。希望初哥们能看懂吧不懂回贴吧。。这个软件加有壳但是是弱壳就不多言语了。。入正题吧。。
0054B4E4 /. 55 PUSH EBP
0054B4E5 |. 8BEC MOV EBP,ESP
0054B4E7 |. 33C9 XOR ECX,ECX
0054B4E9 |. 51 PUSH ECX
0054B4EA |. 51 PUSH ECX
0054B4EB |. 51 PUSH ECX
0054B4EC |. 51 PUSH ECX
0054B4ED |. 53 PUSH EBX
0054B4EE |. 56 PUSH ESI
0054B4EF |. 8BD8 MOV EBX,EAX
0054B4F1 |. 33C0 XOR EAX,EAX
0054B4F3 |. 55 PUSH EBP
0054B4F4 |. 68 FBB55400 PUSH TWEAKI~1.0054B5FB
0054B4F9 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0054B4FC |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0054B4FF |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
0054B502 |. 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308]
0054B508 |. E8 9766F7FF CALL TWEAKI~1.004C1BA4 ; 取假码
0054B50D |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0054B510 |. 50 PUSH EAX
0054B511 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0054B514 |. 8B83 24030000 MOV EAX,DWORD PTR DS:[EBX+324]
0054B51A |. E8 8566F7FF CALL TWEAKI~1.004C1BA4
0054B51F |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0054B522 |. 50 PUSH EAX
0054B523 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
0054B526 |. 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304]
0054B52C |. E8 7366F7FF CALL TWEAKI~1.004C1BA4 ; 取用户名
0054B531 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0054B534 |. 8B83 1C030000 MOV EAX,DWORD PTR DS:[EBX+31C]
0054B53A |. 59 POP ECX
0054B53B |. E8 A8C0FEFF CALL TWEAKI~1.005375E8 ; ★★关键CALL!!。跟进★★
0054B540 |. 84C0 TEST AL,AL
0054B542 |. 75 2C JNZ SHORT TWEAKI~1.0054B570
0054B544 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0054B547 |. BA 10B65400 MOV EDX,TWEAKI~1.0054B610
0054B54C |. E8 0392EBFF CALL TWEAKI~1.00404754
0054B551 |. 6A 40 PUSH 40
0054B553 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0054B556 |. E8 2D96EBFF CALL TWEAKI~1.00404B88
0054B55B |. 8BD0 MOV EDX,EAX
0054B55D |. B9 44B65400 MOV ECX,TWEAKI~1.0054B644 ; 提示信息
0054B562 |. A1 8C935500 MOV EAX,DWORD PTR DS:[55938C]
0054B567 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0054B569 |. E8 92C2F1FF CALL TWEAKI~1.00467800
0054B56E |. EB 68 JMP SHORT TWEAKI~1.0054B5D8
0054B570 |> 68 58B65400 PUSH TWEAKI~1.0054B658 ; 注册成功!\n注册信息为:\n用户姓名:
0054B575 |. 8BB3 1C030000 MOV ESI,DWORD PTR DS:[EBX+31C]
0054B57B |. FF76 48 PUSH DWORD PTR DS:[ESI+48]
0054B57E |. 68 84B65400 PUSH TWEAKI~1.0054B684 ; \n
0054B583 |. 68 90B65400 PUSH TWEAKI~1.0054B690
0054B588 |. FF76 54 PUSH DWORD PTR DS:[ESI+54]
0054B58B |. 68 84B65400 PUSH TWEAKI~1.0054B684 ; \n
0054B590 |. 68 A4B65400 PUSH TWEAKI~1.0054B6A4 ; 授权密码:
0054B595 |. FF76 5C PUSH DWORD PTR DS:[ESI+5C]
0054B598 |. 68 84B65400 PUSH TWEAKI~1.0054B684 ; \n
0054B59D |. 68 B8B65400 PUSH TWEAKI~1.0054B6B8 ; 感谢您对我们的支持!请重新启动软件以验证注册码。
0054B5A2 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0054B5A5 |. BA 0A000000 MOV EDX,0A
0054B5AA |. E8 A194EBFF CALL TWEAKI~1.00404A50
0054B5AF |. 6A 40 PUSH 40
0054B5B1 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0054B5B4 |. E8 CF95EBFF CALL TWEAKI~1.00404B88
0054B5B9 |. 8BD0 MOV EDX,EAX
0054B5BB |. B9 44B65400 MOV ECX,TWEAKI~1.0054B644 ; 提示信息
0054B5C0 |. A1 8C935500 MOV EAX,DWORD PTR DS:[55938C]
0054B5C5 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0054B5C7 |. E8 34C2F1FF CALL TWEAKI~1.00467800
0054B5CC |. A1 8C935500 MOV EAX,DWORD PTR DS:[55938C]
0054B5D1 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0054B5D3 |. E8 84C1F1FF CALL TWEAKI~1.0046775C
0054B5D8 |> 33C0 XOR EAX,EAX
0054B5DA |. 5A POP EDX
0054B5DB |. 59 POP ECX
0054B5DC |. 59 POP ECX
0054B5DD |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0054B5E0 |. 68 02B65400 PUSH TWEAKI~1.0054B602
0054B5E5 |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0054B5E8 |. BA 03000000 MOV EDX,3
0054B5ED |. E8 EE90EBFF CALL TWEAKI~1.004046E0
0054B5F2 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0054B5F5 |. E8 C290EBFF CALL TWEAKI~1.004046BC
0054B5FA \. C3 RETN
0054B5FB .^ E9 C48AEBFF JMP TWEAKI~1.004040C4
0054B600 .^ EB E3 JMP SHORT TWEAKI~1.0054B5E5
0054B602 . 5E POP ESI
0054B603 . 5B POP EBX
0054B604 . 8BE5 MOV ESP,EBP
0054B606 . 5D POP EBP
0054B607 . C3 RETN
=======================================跟进005375E8=============================================
005375E8 /$ 55 PUSH EBP
005375E9 |. 8BEC MOV EBP,ESP
005375EB |. 83C4 F0 ADD ESP,-10
005375EE |. 53 PUSH EBX
005375EF |. 33DB XOR EBX,EBX
005375F1 |. 895D F0 MOV DWORD PTR SS:[EBP-10],EBX
005375F4 |. 895D F4 MOV DWORD PTR SS:[EBP-C],EBX
005375F7 |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
005375FA |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
005375FD |. 8BD8 MOV EBX,EAX
005375FF |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00537602 |. E8 71D5ECFF CALL TWEAKI~1.00404B78
00537607 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0053760A |. E8 69D5ECFF CALL TWEAKI~1.00404B78
0053760F |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00537612 |. E8 61D5ECFF CALL TWEAKI~1.00404B78
00537617 |. 33C0 XOR EAX,EAX
00537619 |. 55 PUSH EBP
0053761A |. 68 D2765300 PUSH TWEAKI~1.005376D2
0053761F |. 64:FF30 PUSH DWORD PTR FS:[EAX]
00537622 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00537625 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 用户名送入EAX
00537628 |. E8 63D3ECFF CALL TWEAKI~1.00404990 ; 取用名长度
0053762D |. 3B43 4C CMP EAX,DWORD PTR DS:[EBX+4C] ; 比较用户名是否大于64HEX(10进制的100)
00537630 |. 7F 19 JG SHORT TWEAKI~1.0053764B ; 大于则跳走失败!
00537632 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 用户名送入EAX
00537635 |. E8 56D3ECFF CALL TWEAKI~1.00404990 ; 再次取取用名长度
0053763A |. 3B43 50 CMP EAX,DWORD PTR DS:[EBX+50] ; 再次比较用户名是否小于3HEX(10进制的3)
0053763D |. 7C 0C JL SHORT TWEAKI~1.0053764B ; 小于则跳走失败!
0053763F |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; 假码送入EAX
00537642 |. E8 49D3ECFF CALL TWEAKI~1.00404990 ; 取假码长度
00537647 |. 85C0 TEST EAX,EAX ; 测试假码长度
00537649 |. 75 04 JNZ SHORT TWEAKI~1.0053764F
0053764B |> 33DB XOR EBX,EBX
0053764D |. EB 60 JMP SHORT TWEAKI~1.005376AF
0053764F |> 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
00537652 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; 假码送入EAX
00537655 |. E8 E215EDFF CALL TWEAKI~1.00408C3C ; 假码转存到01064DC0
0053765A |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
0053765D |. 8D45 08 LEA EAX,DWORD PTR SS:[EBP+8]
00537660 |. E8 EFD0ECFF CALL TWEAKI~1.00404754
00537665 |. 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
00537668 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0053766B |. 8BC3 MOV EAX,EBX
0053766D |. E8 BAFBFFFF CALL TWEAKI~1.0053722C ; ★★★★★关键CALL跟进。。★★★★★
00537672 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
00537675 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00537678 |. E8 3716EDFF CALL TWEAKI~1.00408CB4
0053767D |. 85C0 TEST EAX,EAX
0053767F |. 74 04 JE SHORT TWEAKI~1.00537685
00537681 |. 33DB XOR EBX,EBX
00537683 |. EB 2A JMP SHORT TWEAKI~1.005376AF
00537685 |> 8D43 48 LEA EAX,DWORD PTR DS:[EBX+48]
00537688 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0053768B |. E8 80D0ECFF CALL TWEAKI~1.00404710
00537690 |. 8D43 54 LEA EAX,DWORD PTR DS:[EBX+54]
00537693 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
00537696 |. E8 75D0ECFF CALL TWEAKI~1.00404710
0053769B |. 8D43 5C LEA EAX,DWORD PTR DS:[EBX+5C]
0053769E |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
005376A1 |. E8 6AD0ECFF CALL TWEAKI~1.00404710
005376A6 |. 8BC3 MOV EAX,EBX
005376A8 |. E8 DF010000 CALL TWEAKI~1.0053788C
005376AD |. B3 01 MOV BL,1
005376AF |> 33C0 XOR EAX,EAX
005376B1 |. 5A POP EDX
005376B2 |. 59 POP ECX
005376B3 |. 59 POP ECX
005376B4 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
005376B7 |. 68 D9765300 PUSH TWEAKI~1.005376D9
005376BC |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
005376BF |. BA 04000000 MOV EDX,4
005376C4 |. E8 17D0ECFF CALL TWEAKI~1.004046E0
005376C9 |. 8D45 08 LEA EAX,DWORD PTR SS:[EBP+8]
005376CC |. E8 EBCFECFF CALL TWEAKI~1.004046BC
005376D1 \. C3 RETN
=======================================跟进0053722C=============================================
0053722C /$ 55 PUSH EBP
0053722D |. 8BEC MOV EBP,ESP
0053722F |. 83C4 E0 ADD ESP,-20
00537232 |. 53 PUSH EBX
00537233 |. 56 PUSH ESI
00537234 |. 57 PUSH EDI
00537235 |. 33DB XOR EBX,EBX
00537237 |. 895D EC MOV DWORD PTR SS:[EBP-14],EBX
0053723A |. 895D E8 MOV DWORD PTR SS:[EBP-18],EBX
0053723D |. 895D E4 MOV DWORD PTR SS:[EBP-1C],EBX
00537240 |. 895D E0 MOV DWORD PTR SS:[EBP-20],EBX
00537243 |. 8BF9 MOV EDI,ECX
00537245 |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
00537248 |. 8BF0 MOV ESI,EAX
0053724A |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0053724D |. E8 26D9ECFF CALL TWEAKI~1.00404B78 ; 取用户名
00537252 |. 33C0 XOR EAX,EAX ; EAX清0
00537254 |. 55 PUSH EBP
00537255 |. 68 C5735300 PUSH TWEAKI~1.005373C5
0053725A |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0053725D |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00537260 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
00537263 |. BA DC735300 MOV EDX,TWEAKI~1.005373DC ; 将固字符串gf258369gf送入EDX
00537268 |. E8 E7D4ECFF CALL TWEAKI~1.00404754
0053726D |. 837D EC 00 CMP DWORD PTR SS:[EBP-14],0 ; gf258369gf和0做比较!
00537271 |. 75 0D JNZ SHORT TWEAKI~1.00537280 ; 相等则OVER!不相等则继续执行
00537273 |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
00537276 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00537279 |. E8 D6D4ECFF CALL TWEAKI~1.00404754
0053727E |. EB 5D JMP SHORT TWEAKI~1.005372DD
00537280 |> 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
00537283 |. E8 08D7ECFF CALL TWEAKI~1.00404990 ; 取固字符串gf258369gf长度!
00537288 |. 8BD8 MOV EBX,EAX ; 长度保存到EBX=A
0053728A |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18] ; \
0053728D |. 50 PUSH EAX ; |
0053728E |. 8BCB MOV ECX,EBX ; |
00537290 |. D1F9 SAR ECX,1 ; |
00537292 |. 79 03 JNS SHORT TWEAKI~1.00537297 ; |
00537294 |. 83D1 00 ADC ECX,0 ; |
00537297 |> BA 01000000 MOV EDX,1 ; |
0053729C |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
0053729F |. E8 44D9ECFF CALL TWEAKI~1.00404BE8 ; |
005372A4 |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C] ; |
005372A7 |. 50 PUSH EAX ; |
005372A8 |. 8BC3 MOV EAX,EBX ; |
005372AA |. D1F8 SAR EAX,1 ; |
005372AC |. 79 03 JNS SHORT TWEAKI~1.005372B1 ; |
005372AE |. 83D0 00 ADC EAX,0 ; |这一段代码计算是将固定字符串gf258369gf
005372B1 |> 8BCB MOV ECX,EBX ; |和用户合并
005372B3 |. 2BC8 SUB ECX,EAX ; |
005372B5 |. 8BD3 MOV EDX,EBX ; |
005372B7 |. D1FA SAR EDX,1 ; |
005372B9 |. 79 03 JNS SHORT TWEAKI~1.005372BE ; |
005372BB |. 83D2 00 ADC EDX,0 ; |
005372BE |> 42 INC EDX ; |
005372BF |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
005372C2 |. E8 21D9ECFF CALL TWEAKI~1.00404BE8 ; |
005372C7 |. FF75 E8 PUSH DWORD PTR SS:[EBP-18] ; |
005372CA |. FF75 FC PUSH DWORD PTR SS:[EBP-4] ; |
005372CD |. FF75 E4 PUSH DWORD PTR SS:[EBP-1C] ; |
005372D0 |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20] ; |
005372D3 |. BA 03000000 MOV EDX,3 ; |
005372D8 |. E8 73D7ECFF CALL TWEAKI~1.00404A50 ; |固字符串gf258369gf和用户名全并
005372DD |> C745 F0 0000000>MOV DWORD PTR SS:[EBP-10],0 ; /
005372E4 |. C745 F4 0000000>MOV DWORD PTR SS:[EBP-C],0
005372EB |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
005372EE |. E8 9DD6ECFF CALL TWEAKI~1.00404990 ; 取用户长度
005372F3 |. 3B46 4C CMP EAX,DWORD PTR DS:[ESI+4C] ; 比较用户名长是否大于64
005372F6 |. 7F 0D JG SHORT TWEAKI~1.00537305
005372F8 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
005372FB |. E8 90D6ECFF CALL TWEAKI~1.00404990 ; 取用户长度
00537300 |. 3B46 50 CMP EAX,DWORD PTR DS:[ESI+50] ; 比较用户名长是否大于或等于3
00537303 |. 7D 0C JGE SHORT TWEAKI~1.00537311
00537305 |> 8BC7 MOV EAX,EDI
00537307 |. E8 B0D3ECFF CALL TWEAKI~1.004046BC
0053730C |. E9 91000000 JMP TWEAKI~1.005373A2
00537311 |> 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 合并后的字符串为EAX=gf258fcrjzmd369gf
00537314 |. E8 77D6ECFF CALL TWEAKI~1.00404990 ; 取合并后长度!
00537319 |. 8BD8 MOV EBX,EAX ; 长度保存到EBX(我的为11HEX)
0053731B |. EB 37 JMP SHORT TWEAKI~1.00537354
0053731D |> 8B46 68 /MOV EAX,DWORD PTR DS:[ESI+68] ; 将1B273B93送入EAX,计算常数!
00537320 |. 8B56 6C |MOV EDX,DWORD PTR DS:[ESI+6C]
00537323 |. 0345 F0 |ADD EAX,DWORD PTR SS:[EBP-10] ; EAX(1B273B93)加0012F528(累加的值)
00537326 |. 1355 F4 |ADC EDX,DWORD PTR SS:[EBP-C] ; (带进位加法)
00537329 |. 52 |PUSH EDX
0053732A |. 50 |PUSH EAX
0053732B |. 8B45 E0 |MOV EAX,DWORD PTR SS:[EBP-20] ; 合并用户名送入EAX
0053732E |. 0FB64418 FF |MOVZX EAX,BYTE PTR DS:[EAX+EBX-1] ; 依次从最后一位取出全并的用户名送入EAX
00537333 |. 50 |PUSH EAX ; EAX入?
00537334 |. B8 59040000 |MOV EAX,459 ; 将459送入EAX
00537339 |. 5A |POP EDX ; EAX的值出?到EDX
0053733A |. 8BCA |MOV ECX,EDX ; ECX=EDX
0053733C |. 33D2 |XOR EDX,EDX ; EDX清0
0053733E |. F7F1 |DIV ECX ; EAX除ECX,商保存在EAX,余数保存EDX
00537340 |. 8BC2 |MOV EAX,EDX ; 余数EDX,送入EAX保存
00537342 |. 33D2 |XOR EDX,EDX ; EDX清0
00537344 |. 290424 |SUB DWORD PTR SS:[ESP],EAX ; 0012F4FC8=1B273B93减去EAX
00537347 |. 195424 04 |SBB DWORD PTR SS:[ESP+4],EDX ; (带借位减法)
0053734B |. 58 |POP EAX ; 弹出EAX(1B273B93减去EAX的值)
0053734C |. 5A |POP EDX ; 弹出带位减法的值到EDX
0053734D |. 8945 F0 |MOV DWORD PTR SS:[EBP-10],EAX ; 将EAX保存到0012F528
00537350 |. 8955 F4 |MOV DWORD PTR SS:[EBP-C],EDX ; 将EDX保存到0012F52C
00537353 |. 4B |DEC EBX ; EBX-1为计数器
00537354 |> 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 将合并的用户名送入EAX=gf258fcrjzmd369gf
00537357 |. E8 34D6ECFF |CALL TWEAKI~1.00404990 ; 取合并用户名长度
0053735C |. 3BD8 |CMP EBX,EAX ; 比较EBX是否大于EAX
0053735E |. 7F 04 |JG SHORT TWEAKI~1.00537364 ; EBX大于EAX则跳出计算循环
00537360 |. 85DB |TEST EBX,EBX
00537362 |.^ 7F B9 \JG SHORT TWEAKI~1.0053731D
00537364 |> 8B5E 60 MOV EBX,DWORD PTR DS:[ESI+60]
00537367 |. 85DB TEST EBX,EBX
00537369 |. 7F 11 JG SHORT TWEAKI~1.0053737C
0053736B |. FF75 F4 PUSH DWORD PTR SS:[EBP-C] ; /Arg2
0053736E |. FF75 F0 PUSH DWORD PTR SS:[EBP-10] ; |Arg1
00537371 |. 8BD7 MOV EDX,EDI ; |
00537373 |. 33C0 XOR EAX,EAX ; |
00537375 |. E8 CE1DEDFF CALL TWEAKI~1.00409148 ; \TWEAKI~1.00409148
0053737A |. EB 26 JMP SHORT TWEAKI~1.005373A2
0053737C |> FF75 F4 PUSH DWORD PTR SS:[EBP-C] ; /Arg2
0053737F |. FF75 F0 PUSH DWORD PTR SS:[EBP-10] ; |Arg1
00537382 |. 8BD7 MOV EDX,EDI ; |
00537384 |. 8BC3 MOV EAX,EBX ; |
00537386 |. E8 BD1DEDFF CALL TWEAKI~1.00409148 ; \TWEAKI~1.00409148
0053738B |. 8B07 MOV EAX,DWORD PTR DS:[EDI] ; 真码出现送入EAX=01CD9AF188
0053738D |. E8 FED5ECFF CALL TWEAKI~1.00404990
00537392 |. 8BC8 MOV ECX,EAX
00537394 |. 2B4E 60 SUB ECX,DWORD PTR DS:[ESI+60]
00537397 |. 8B56 60 MOV EDX,DWORD PTR DS:[ESI+60]
0053739A |. 42 INC EDX
0053739B |. 8BC7 MOV EAX,EDI
0053739D |. E8 86D8ECFF CALL TWEAKI~1.00404C28
005373A2 |> 33C0 XOR EAX,EAX
005373A4 |. 5A POP EDX
005373A5 |. 59 POP ECX
005373A6 |. 59 POP ECX
005373A7 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
005373AA |. 68 CC735300 PUSH TWEAKI~1.005373CC
005373AF |> 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
005373B2 |. BA 04000000 MOV EDX,4
005373B7 |. E8 24D3ECFF CALL TWEAKI~1.004046E0
005373BC |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
005373BF |. E8 F8D2ECFF CALL TWEAKI~1.004046BC
005373C4 \. C3 RETN
总结分析:
1、首先这个软件注册机制是检测用户名是大于64(HEX)或者小于3,其次假码不其与运算!
2、注册算法比较简单。将用户和gf258369gf合并(我合并后的gf258fcrjzmd369gf),从倒数最后一位取出全并用户名ASIIC码除以常数459取余数!然后给出的固定值1B273B93减去
余数,得出值再和1B273B93相加!得到的值保留下一个计算累加!一直循环计算完全并的用户名得出就是真的注册码了!
20:39 2006-6-8
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
分析的就是好.学习了
