【破文标题】Picture To Icon V1.924
【破文作者】amct
【作者邮箱】amct@163.com
【作者主页】无
【破解工具】PEiD,OD
【破解平台】WindowsXP
【软件名称】Picture To Icon V1.924
【软件大小】700K
【原版下载】http://www.skycn.com/soft/27005.html
【保护方式】壳,注册码
【软件简介】软件大小: 700 KB
软件语言: 英文
软件类别: 国外软件 / 共享版 / 图标工具
应用平台: Win9x/NT/2000/XP/2003
界面预览: 无
更新时间: 2006-08-30 09:02:33
能将图片或屏幕的一部分转化为ICON图标,调整图标大小以及从资源库中提取icon。支持BMP, JPEG, GIF, CUR, WMF。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
------------------------------------------------------------------------
1、PEID查壳,ASPack 2.001 -> Alexey Solodovnikov壳,很容易脱,略过,
脱壳后的程序是用Borland C++ 1999编写的
2、OD载入,查找错误提示信息“Your registration code is invalid.”只找到一处错误提示。双击后在代码段头下断
------------------------------------------------------------------------
004228E8 /. 55 PUSH EBP
; 这里下断,输入用户名amct,注册码74747474747474747474747474747474747474747474,运行,程序断下来,F8
004228E9 |. 8BEC MOV EBP,ESP
004228EB |. 83C4 9C ADD ESP,-64
004228EE |. 8955 A0 MOV DWORD PTR SS:[EBP-60],EDX
004228F1 |. 8945 A4 MOV DWORD PTR SS:[EBP-5C],EAX
004228F4 |. B8 00305100 MOV EAX,123.00513000
004228F9 |. E8 825E0C00 CALL 123.004E8780
004228FE |. 8B15 FCAE5100 MOV EDX,DWORD PTR DS:[51AEFC] ; 123._IconConverter
00422904 |. 8B0A MOV ECX,DWORD PTR DS:[EDX]
00422906 |. 80B9 E4030000>CMP BYTE PTR DS:[ECX+3E4],0
0042290D |. 0F85 3A030000 JNZ 123.00422C4D
00422913 |. 66:C745 B8 08>MOV WORD PTR SS:[EBP-48],8
00422919 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0042291C |. E8 5B12FEFF CALL 123.00403B7C
00422921 |. 8BD0 MOV EDX,EAX
00422923 |. FF45 C4 INC DWORD PTR SS:[EBP-3C]
00422926 |. 8B4D A4 MOV ECX,DWORD PTR SS:[EBP-5C]
00422929 |. 8B81 00030000 MOV EAX,DWORD PTR DS:[ECX+300]
0042292F |. E8 E4FE0900 CALL 123.004C2818 ; 取用户名位数
00422934 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4] ; 指向用户名的地址ebp-4给EAX
00422937 |. E8 6032FEFF CALL 123.00405B9C
0042293C |. 83F8 03 CMP EAX,3 ; 用户名位数与3比较,小于3失败
0042293F |. 0F9CC2 SETL DL
00422942 |. 83E2 01 AND EDX,1
00422945 |. 52 PUSH EDX ; /Arg1
00422946 |. FF4D C4 DEC DWORD PTR SS:[EBP-3C] ; |
00422949 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4] ; |
0042294C |. BA 02000000 MOV EDX,2 ; |
00422951 |. E8 1E0F0D00 CALL 123.004F3874 ; \123.004F3874
00422956 |. 59 POP ECX
00422957 |. 84C9 TEST CL,CL
00422959 |. 74 3C JE SHORT 123.00422997
0042295B |. 66:C745 B8 14>MOV WORD PTR SS:[EBP-48],14
00422961 |. BA 6D275100 MOV EDX,123.0051276D ; please input your full name!
00422966 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
00422969 |. E8 4E0E0D00 CALL 123.004F37BC
0042296E |. FF45 C4 INC DWORD PTR SS:[EBP-3C]
00422971 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00422973 |. E8 FCA30900 CALL 123.004BCD74
00422978 |. FF4D C4 DEC DWORD PTR SS:[EBP-3C]
0042297B |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0042297E |. BA 02000000 MOV EDX,2
00422983 |. E8 EC0E0D00 CALL 123.004F3874
00422988 |. 8B4D A8 MOV ECX,DWORD PTR SS:[EBP-58]
0042298B |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
00422992 |. E9 C8020000 JMP 123.00422C5F
00422997 |> 68 F4010000 PUSH 1F4 ; /Timeout = 500. ms
0042299C |. E8 B7A40E00 CALL <JMP.&kernel32.Sleep> ; \Sleep
004229A1 |. 66:C745 B8 20>MOV WORD PTR SS:[EBP-48],20 ; EBP-48=20
004229A7 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004229AA |. E8 CD11FEFF CALL 123.00403B7C
004229AF |. 8BD0 MOV EDX,EAX
004229B1 |. FF45 C4 INC DWORD PTR SS:[EBP-3C]
004229B4 |. 8B4D A4 MOV ECX,DWORD PTR SS:[EBP-5C]
004229B7 |. 8B81 04030000 MOV EAX,DWORD PTR DS:[ECX+304]
004229BD |. E8 56FE0900 CALL 123.004C2818 ; 取注册码位数
004229C2 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C] ; 指向注册码的地址给EDX
004229C5 |. FF32 PUSH DWORD PTR DS:[EDX] ; /注册码入栈
004229C7 |. E8 24E7FFFF CALL 123.004210F0 ; \关键CALL跟进
004229CC |. 59 POP ECX
004229CD |. 8B0D FCAE5100 MOV ECX,DWORD PTR DS:[51AEFC] ; 123._IconConverter
004229D3 |. 8B11 MOV EDX,DWORD PTR DS:[ECX]
004229D5 |. 8882 E4030000 MOV BYTE PTR DS:[EDX+3E4],AL
004229DB |. FF4D C4 DEC DWORD PTR SS:[EBP-3C]
004229DE |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004229E1 |. BA 02000000 MOV EDX,2
004229E6 |. E8 890E0D00 CALL 123.004F3874
004229EB |. A1 FCAE5100 MOV EAX,DWORD PTR DS:[51AEFC]
004229F0 |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004229F2 |. 80B9 E4030000>CMP BYTE PTR DS:[ECX+3E4],0
004229F9 |. 0F84 1F020000 JE 123.00422C1E ; 关键跳跳向失败
004229FF |. 66:C745 B8 2C>MOV WORD PTR SS:[EBP-48],2C
00422A05 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
00422A08 |. E8 6F11FEFF CALL 123.00403B7C
00422A0D |. 8BD0 MOV EDX,EAX
00422A0F |. FF45 C4 INC DWORD PTR SS:[EBP-3C]
00422A12 |. 8B4D A4 MOV ECX,DWORD PTR SS:[EBP-5C]
00422A15 |. 8B81 04030000 MOV EAX,DWORD PTR DS:[ECX+304]
00422A1B |. E8 F8FD0900 CALL 123.004C2818
00422A20 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
00422A23 |. 8B45 A4 MOV EAX,DWORD PTR SS:[EBP-5C]
00422A26 |. 05 20030000 ADD EAX,320
00422A2B |. E8 740E0D00 CALL 123.004F38A4
00422A30 |. FF4D C4 DEC DWORD PTR SS:[EBP-3C]
00422A33 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
00422A36 |. BA 02000000 MOV EDX,2
00422A3B |. E8 340E0D00 CALL 123.004F3874
00422A40 |. 8B45 A4 MOV EAX,DWORD PTR SS:[EBP-5C]
00422A43 |. 05 20030000 ADD EAX,320
00422A48 |. E8 2BF7FDFF CALL 123.00402178
00422A4D |. 0FBE50 17 MOVSX EDX,BYTE PTR DS:[EAX+17]
00422A51 |. 83FA 30 CMP EDX,30 ;注册码第24位与十进制的0比较
00422A54 |. 7C 16 JL SHORT 123.00422A6C
00422A56 |. 8B45 A4 MOV EAX,DWORD PTR SS:[EBP-5C]
00422A59 |. 05 20030000 ADD EAX,320
00422A5E |. E8 15F7FDFF CALL 123.00402178
00422A63 |. 0FBE50 17 MOVSX EDX,BYTE PTR DS:[EAX+17]
00422A67 |. 83FA 39 CMP EDX,39 ;注册码第24位与十进制的9比较
00422A6A |. 7E 0F JLE SHORT 123.00422A7B
00422A6C |> 8B0D FCAE5100 MOV ECX,DWORD PTR DS:[51AEFC] ; 123._IconConverter
00422A72 |. 8B01 MOV EAX,DWORD PTR DS:[ECX]
00422A74 |. C680 E4030000>MOV BYTE PTR DS:[EAX+3E4],0
00422A7B |> B2 01 MOV DL,1
00422A7D |. A1 7C684600 MOV EAX,DWORD PTR DS:[46687C]
00422A82 |. E8 F53E0400 CALL 123.0046697C
00422A87 |. 8945 9C MOV DWORD PTR SS:[EBP-64],EAX
00422A8A |. BA 01000080 MOV EDX,80000001
00422A8F |. 8B45 9C MOV EAX,DWORD PTR SS:[EBP-64]
00422A92 |. E8 150D0D00 CALL 123.004F37AC
00422A97 |. 8B15 FCAE5100 MOV EDX,DWORD PTR DS:[51AEFC] ; 123._IconConverter
00422A9D |. 8B0A MOV ECX,DWORD PTR DS:[EDX]
00422A9F |. 80B9 E4030000>CMP BYTE PTR DS:[ECX+3E4],0
00422AA6 |. 0F84 06010000 JE 123.00422BB2
00422AAC |. 66:C745 B8 38>MOV WORD PTR SS:[EBP-48],38
00422AB2 |. BA 8A275100 MOV EDX,123.0051278A ; software\xtzy\pic2ico
00422AB7 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
00422ABA |. E8 FD0C0D00 CALL 123.004F37BC
00422ABF |. FF45 C4 INC DWORD PTR SS:[EBP-3C]
00422AC2 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
00422AC4 |. B1 01 MOV CL,1
00422AC6 |. 8B45 9C MOV EAX,DWORD PTR SS:[EBP-64]
00422AC9 |. E8 B23F0400 CALL 123.00466A80
00422ACE |. 84C0 TEST AL,AL
00422AD0 |. 0F95C0 SETNE AL
00422AD3 |. 83E0 01 AND EAX,1
00422AD6 |. 50 PUSH EAX ; /Arg1
00422AD7 |. FF4D C4 DEC DWORD PTR SS:[EBP-3C] ; |
00422ADA |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14] ; |
00422ADD |. BA 02000000 MOV EDX,2 ; |
00422AE2 |. E8 8D0D0D00 CALL 123.004F3874 ; \123.004F3874
00422AE7 |. 59 POP ECX
00422AE8 |. 85C9 TEST ECX,ECX
00422AEA |. 0F84 C2000000 JE 123.00422BB2
00422AF0 |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
00422AF3 |. E8 8410FEFF CALL 123.00403B7C
00422AF8 |. 8BD0 MOV EDX,EAX
00422AFA |. FF45 C4 INC DWORD PTR SS:[EBP-3C]
00422AFD |. 8B4D A4 MOV ECX,DWORD PTR SS:[EBP-5C]
00422B00 |. 8B81 04030000 MOV EAX,DWORD PTR DS:[ECX+304]
00422B06 |. E8 0DFD0900 CALL 123.004C2818
00422B0B |. 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
00422B0E |. FF32 PUSH DWORD PTR DS:[EDX]
00422B10 |. 66:C745 B8 44>MOV WORD PTR SS:[EBP-48],44
00422B16 |. BA A0275100 MOV EDX,123.005127A0 ; no
00422B1B |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
00422B1E |. E8 990C0D00 CALL 123.004F37BC
00422B23 |. FF45 C4 INC DWORD PTR SS:[EBP-3C]
00422B26 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
00422B28 |. 8B45 9C MOV EAX,DWORD PTR SS:[EBP-64]
00422B2B |. 59 POP ECX
00422B2C |. E8 EB400400 CALL 123.00466C1C
00422B31 |. FF4D C4 DEC DWORD PTR SS:[EBP-3C]
00422B34 |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
00422B37 |. BA 02000000 MOV EDX,2
00422B3C |. E8 330D0D00 CALL 123.004F3874
00422B41 |. FF4D C4 DEC DWORD PTR SS:[EBP-3C]
00422B44 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
00422B47 |. BA 02000000 MOV EDX,2
00422B4C |. E8 230D0D00 CALL 123.004F3874
00422B51 |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
00422B54 |. E8 2310FEFF CALL 123.00403B7C
00422B59 |. 8BD0 MOV EDX,EAX
00422B5B |. FF45 C4 INC DWORD PTR SS:[EBP-3C]
00422B5E |. 8B4D A4 MOV ECX,DWORD PTR SS:[EBP-5C]
00422B61 |. 8B81 00030000 MOV EAX,DWORD PTR DS:[ECX+300]
00422B67 |. E8 ACFC0900 CALL 123.004C2818
00422B6C |. 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
00422B6F |. FF32 PUSH DWORD PTR DS:[EDX]
00422B71 |. 66:C745 B8 50>MOV WORD PTR SS:[EBP-48],50
00422B77 |. BA A3275100 MOV EDX,123.005127A3 ; name
00422B7C |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
00422B7F |. E8 380C0D00 CALL 123.004F37BC
00422B84 |. FF45 C4 INC DWORD PTR SS:[EBP-3C]
00422B87 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
00422B89 |. 8B45 9C MOV EAX,DWORD PTR SS:[EBP-64]
00422B8C |. 59 POP ECX
00422B8D |. E8 8A400400 CALL 123.00466C1C
00422B92 |. FF4D C4 DEC DWORD PTR SS:[EBP-3C]
00422B95 |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
00422B98 |. BA 02000000 MOV EDX,2
00422B9D |. E8 D20C0D00 CALL 123.004F3874
00422BA2 |. FF4D C4 DEC DWORD PTR SS:[EBP-3C]
00422BA5 |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
00422BA8 |. BA 02000000 MOV EDX,2
00422BAD |. E8 C20C0D00 CALL 123.004F3874
00422BB2 |> 8B45 9C MOV EAX,DWORD PTR SS:[EBP-64]
00422BB5 |. E8 323E0400 CALL 123.004669EC
00422BBA |. 8B55 9C MOV EDX,DWORD PTR SS:[EBP-64]
00422BBD |. 8955 D4 MOV DWORD PTR SS:[EBP-2C],EDX
00422BC0 |. 837D D4 00 CMP DWORD PTR SS:[EBP-2C],0
00422BC4 |. 74 21 JE SHORT 123.00422BE7
00422BC6 |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
00422BC9 |. 8B01 MOV EAX,DWORD PTR DS:[ECX]
00422BCB |. 8945 D8 MOV DWORD PTR SS:[EBP-28],EAX
00422BCE |. 66:C745 B8 68>MOV WORD PTR SS:[EBP-48],68
00422BD4 |. BA 03000000 MOV EDX,3
00422BD9 |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
00422BDC |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
00422BDE |. FF51 FC CALL DWORD PTR DS:[ECX-4]
00422BE1 |. 66:C745 B8 5C>MOV WORD PTR SS:[EBP-48],5C
00422BE7 |> 66:C745 B8 74>MOV WORD PTR SS:[EBP-48],74
00422BED |. BA A8275100 MOV EDX,123.005127A8 ; register successfully!\nthank you.
00422BF2 |. 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
00422BF5 |. E8 C20B0D00 CALL 123.004F37BC
00422BFA |. FF45 C4 INC DWORD PTR SS:[EBP-3C]
00422BFD |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00422BFF |. E8 70A10900 CALL 123.004BCD74
00422C04 |. FF4D C4 DEC DWORD PTR SS:[EBP-3C]
00422C07 |. 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
00422C0A |. BA 02000000 MOV EDX,2
00422C0F |. E8 600C0D00 CALL 123.004F3874
00422C14 |. 8B45 A4 MOV EAX,DWORD PTR SS:[EBP-5C]
00422C17 |. E8 F4050900 CALL 123.004B3210
00422C1C |. EB 37 JMP SHORT 123.00422C55
00422C1E |> 66:C745 B8 80>MOV WORD PTR SS:[EBP-48],80
00422C24 |. BA CA275100 MOV EDX,123.005127CA ; your registration code is invalid.\nif you
have purchased this software and get the wrong code, please send email to: support@exeicon.com \n
00422C29 |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
00422C2C |. E8 8B0B0D00 CALL 123.004F37BC
00422C31 |. FF45 C4 INC DWORD PTR SS:[EBP-3C]
00422C34 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00422C36 |. E8 39A10900 CALL 123.004BCD74
00422C3B |. FF4D C4 DEC DWORD PTR SS:[EBP-3C]
00422C3E |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
00422C41 |. BA 02000000 MOV EDX,2
00422C46 |. E8 290C0D00 CALL 123.004F3874
00422C4B |. EB 08 JMP SHORT 123.00422C55
00422C4D |> 8B45 A4 MOV EAX,DWORD PTR SS:[EBP-5C]
00422C50 |. E8 BB050900 CALL 123.004B3210
00422C55 |> 8B55 A8 MOV EDX,DWORD PTR SS:[EBP-58]
00422C58 |. 64:8915 00000>MOV DWORD PTR FS:[0],EDX
00422C5F |> 8BE5 MOV ESP,EBP
00422C61 |. 5D POP EBP
=============================================================================
跟进关键CALL
004210F0 /$ 55 PUSH EBP
004210F1 |. 8BEC MOV EBP, ESP
004210F3 |. 81C4 74FFFFFF ADD ESP, -8C
004210F9 |. 56 PUSH ESI
004210FA |. 57 PUSH EDI
004210FB |. B8 C0285100 MOV EAX, 123.005128C0
00421100 |. E8 7B760C00 CALL 123.004E8780
00421105 |. C745 F8 01000>MOV DWORD PTR SS:[EBP-8], 1
0042110C |. 8D55 08 LEA EDX, DWORD PTR SS:[EBP+8]
0042110F |. 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8]
00421112 |. E8 DD260D00 CALL 123.004F37F4
00421117 |. FF45 F8 INC DWORD PTR SS:[EBP-8]
0042111A |. 66:C745 EC 08>MOV WORD PTR SS:[EBP-14], 8
00421120 |. C645 DB 00 MOV BYTE PTR SS:[EBP-25], 0
00421124 |. 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8]
00421127 |. E8 704AFEFF CALL 123.00405B9C ; 注册码位数
0042112C |. 83F8 2C CMP EAX, 2C ; 注册码是否44位
0042112F |. 0F85 3E020000 JNZ 123.00421373
00421135 |. BE D6245100 MOV ESI, 123.005124D6 ; 1z1h+2a0n-0g8y*9a1n|给ESI
0042113A |. 8D7D 88 LEA EDI, DWORD PTR SS:[EBP-78]
0042113D |. B9 05000000 MOV ECX, 5 ; ECX=5
00421142 |. F3:A5 REP MOVS DWORD PTR ES:[EDI], DWORD>
00421144 |. A4 MOVS BYTE PTR ES:[EDI], BYTE PTR D>
00421145 |. 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8] ; 注册码地址EBP+8给EAX
00421148 |. E8 2B10FEFF CALL 123.00402178 ; 取注册码
0042114D |. 0FBE50 28 MOVSX EDX, BYTE PTR DS:[EAX+28] ; 注册码倒数第四位也就是第41位给EDX
00421151 |. 83FA 50 CMP EDX, 50 ; 第41位是否是大写字母P
00421154 |. 74 23 JE SHORT 123.00421179
00421156 |. 33C0 XOR EAX, EAX ; EAX=0
00421158 |. 50 PUSH EAX
00421159 |. FF4D F8 DEC DWORD PTR SS:[EBP-8]
0042115C |. 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8] ; 注册码地址给EAX
0042115F |. BA 02000000 MOV EDX, 2 ; EDX=2
00421164 |. E8 0B270D00 CALL 123.004F3874 ; 取注册码
00421169 |. 58 POP EAX
0042116A |. 8B55 DC MOV EDX, DWORD PTR SS:[EBP-24] ; 注册码给EDX
0042116D |. 64:8915 00000>MOV DWORD PTR FS:[0], EDX
00421174 |. E9 19020000 JMP 123.00421392
00421179 |> 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8] ; 注册码给EAX
0042117C |. E8 F70FFEFF CALL 123.00402178
00421181 |. 0FBE50 29 MOVSX EDX, BYTE PTR DS:[EAX+29] ; 第42位给EDX
00421185 |. 83FA 32 CMP EDX, 32 ; 第42位是否为2
00421188 |. 74 23 JE SHORT 123.004211AD
0042118A |. 33C0 XOR EAX, EAX
0042118C |. 50 PUSH EAX
0042118D |. FF4D F8 DEC DWORD PTR SS:[EBP-8]
00421190 |. 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8]
00421193 |. BA 02000000 MOV EDX, 2
00421198 |. E8 D7260D00 CALL 123.004F3874
0042119D |. 58 POP EAX
0042119E |. 8B55 DC MOV EDX, DWORD PTR SS:[EBP-24]
004211A1 |. 64:8915 00000>MOV DWORD PTR FS:[0], EDX
004211A8 |. E9 E5010000 JMP 123.00421392
004211AD |> 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8]
004211B0 |. E8 C30FFEFF CALL 123.00402178
004211B5 |. 0FBE50 2A MOVSX EDX, BYTE PTR DS:[EAX+2A]
004211B9 |. 83FA 49 CMP EDX, 49 ; 第43位是否为大写字母I
004211BC |. 74 23 JE SHORT 123.004211E1
004211BE |. 33C0 XOR EAX, EAX
004211C0 |. 50 PUSH EAX
004211C1 |. FF4D F8 DEC DWORD PTR SS:[EBP-8]
004211C4 |. 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8]
004211C7 |. BA 02000000 MOV EDX, 2
004211CC |. E8 A3260D00 CALL 123.004F3874
004211D1 |. 58 POP EAX
004211D2 |. 8B55 DC MOV EDX, DWORD PTR SS:[EBP-24]
004211D5 |. 64:8915 00000>MOV DWORD PTR FS:[0], EDX
004211DC |. E9 B1010000 JMP 123.00421392
004211E1 |> 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8]
004211E4 |. E8 8F0FFEFF CALL 123.00402178
004211E9 |. 0FBE50 2B MOVSX EDX, BYTE PTR DS:[EAX+2B]
004211ED |. 83FA 31 CMP EDX, 31 ; 第44位是否为1
004211F0 |. 74 23 JE SHORT 123.00421215
004211F2 |. 33C0 XOR EAX, EAX
004211F4 |. 50 PUSH EAX
004211F5 |. FF4D F8 DEC DWORD PTR SS:[EBP-8]
004211F8 |. 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8]
004211FB |. BA 02000000 MOV EDX, 2
00421200 |. E8 6F260D00 CALL 123.004F3874
00421205 |. 58 POP EAX
00421206 |. 8B55 DC MOV EDX, DWORD PTR SS:[EBP-24]
00421209 |. 64:8915 00000>MOV DWORD PTR FS:[0], EDX
00421210 |. E9 7D010000 JMP 123.00421392
00421215 |> 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8]
00421218 |. E8 5B0FFEFF CALL 123.00402178
0042121D |. 50 PUSH EAX ; /Arg2
0042121E |. 8D55 A0 LEA EDX, DWORD PTR SS:[EBP-60] ; |
00421221 |. 52 PUSH EDX ; |Arg1
00421222 |. E8 B5720C00 CALL 123.004E84DC ; \123.004E84DC
00421227 |. 83C4 08 ADD ESP, 8
0042122A |. 0FBE4D A1 MOVSX ECX, BYTE PTR SS:[EBP-5F]
0042122E |. 83F9 30 CMP ECX, 30 ; 第二位是否为数字0
00421231 |. 0F85 3C010000 JNZ 123.00421373
00421237 |. C645 A1 23 MOV BYTE PTR SS:[EBP-5F], 23 ; 23h即“#”替换第2位
0042123B |. C645 DB 01 MOV BYTE PTR SS:[EBP-25], 1
0042123F |. C745 D4 02000>MOV DWORD PTR SS:[EBP-2C], 2
00421246 |> 8B45 D4 /MOV EAX, DWORD PTR SS:[EBP-2C]
00421249 |. 0FBE5405 88 |MOVSX EDX, BYTE PTR SS:[EBP+EAX-7>; 取字符串“1z1h+2a0n-0g8y*9a1n|”第3位给EDX
0042124E |. 8B4D D4 |MOV ECX, DWORD PTR SS:[EBP-2C]
00421251 |. 0FBE440D 9F |MOVSX EAX, BYTE PTR SS:[EBP+ECX-6>; 取替换后的注册码的第二位给EAX
00421256 |. 03D0 |ADD EDX, EAX ; EDX=EDX+EAX
00421258 |. 8B4D D4 |MOV ECX, DWORD PTR SS:[EBP-2C]
0042125B |. 0FBE440D A0 |MOVSX EAX, BYTE PTR SS:[EBP+ECX-6>; 取替换后的注册码第三位给EAX
00421260 |. 33D0 |XOR EDX, EAX ; EDX=EDX XOR EAX
00421262 |. 8B4D D4 |MOV ECX, DWORD PTR SS:[EBP-2C]
00421265 |. 0FBE440D 88 |MOVSX EAX, BYTE PTR SS:[EBP+ECX-7>; 取字符串“1z1h+2a0n-0g8y*9a1n|”第三位给EAX
0042126A |. 33D0 |XOR EDX, EAX ; EDX=EDX XOR EAX
0042126C |. 52 |PUSH EDX ; /Arg1
0042126D |. E8 26010000 |CALL 123.00421398 ; \EDX的结果给EAX
00421272 |. 59 |POP ECX
00421273 |. B9 1A000000 |MOV ECX, 1A ; ECX=1A
00421278 |. 99 |CDQ
00421279 |. F7F9 |IDIV ECX ; EAX=EAX\1A EDX=MOD(EAX,1A)
0042127B |. 83C2 41 |ADD EDX, 41 ; EDX=EDX+41
0042127E |. 8B45 D4 |MOV EAX, DWORD PTR SS:[EBP-2C]
00421281 |. 0FBE4C05 A9 |MOVSX ECX, BYTE PTR SS:[EBP+EAX-5>; 替换后的注册码第12位给ECX
00421286 |. 3BD1 |CMP EDX, ECX ; 第12-19位分别为12E,13N,14P,15H,16N,17V,18R,19V
00421288 |. 74 06 |JE SHORT 123.00421290
0042128A |. C645 DB 00 |MOV BYTE PTR SS:[EBP-25], 0
0042128E |. EB 09 |JMP SHORT 123.00421299
00421290 |> FF45 D4 |INC DWORD PTR SS:[EBP-2C]
00421293 |. 837D D4 0A |CMP DWORD PTR SS:[EBP-2C], 0A ; 和十进制10比较
00421297 |.^ 7C AD \JL SHORT 123.00421246 ; 小于10则跳上去继续
00421299 |> 807D DB 00 CMP BYTE PTR SS:[EBP-25], 0
0042129D |. 0F84 C3000000 JE 123.00421366
004212A3 |. C745 D0 18000>MOV DWORD PTR SS:[EBP-30], 18 ; EBP-30=18
004212AA |. 66:C745 EC 08>MOV WORD PTR SS:[EBP-14], 8
004212B0 |. 837D D0 28 CMP DWORD PTR SS:[EBP-30], 28
004212B4 |. 7D 4B JGE SHORT 123.00421301
004212B6 |> 8B55 D0 /MOV EDX, DWORD PTR SS:[EBP-30]
004212B9 |. 0FBE4415 89 |MOVSX EAX, BYTE PTR SS:[EBP+EDX-7>; 替换后的注册码第二位给EAX
004212BE |. B9 06000000 |MOV ECX, 6 ; ECX=6
004212C3 |. 99 |CDQ
004212C4 |. F7F9 |IDIV ECX ; EAX= EAX\6 EDX=MOD(EAX,6)
004212C6 |. 8BCA |MOV ECX, EDX ; ECX=EDX
004212C8 |. 8B45 D0 |MOV EAX, DWORD PTR SS:[EBP-30]
004212CB |. 0FBE5405 8A |MOVSX EDX, BYTE PTR SS:[EBP+EAX-7>; 替换后注册码第三位给EDX
004212D0 |. D3E2 |SHL EDX, CL ; EDX=EDX左移余数位
004212D2 |. 8B45 D0 |MOV EAX, DWORD PTR SS:[EBP-30]
004212D5 |. 0FBE4C05 8B |MOVSX ECX, BYTE PTR SS:[EBP+EAX-7>; 替换后的注册码第四位给ECX
004212DA |. 0BD1 |OR EDX, ECX ; EDX=EDX OR ECX
004212DC |. 52 |PUSH EDX ; /Arg1
004212DD |. E8 B6000000 |CALL 123.00421398 ; \给果给EAX
004212E2 |. 59 |POP ECX
004212E3 |. B9 1A000000 |MOV ECX, 1A ; ECX=1A
004212E8 |. 99 |CDQ
004212E9 |. F7F9 |IDIV ECX ; EAX=EAX\ECX EDX=MOD(EAX,ECX)
004212EB |. 80C2 61 |ADD DL, 61 ; DL=DL+61
004212EE |. 8B45 D0 |MOV EAX, DWORD PTR SS:[EBP-30]
004212F1 |. 889405 5CFFFF>|MOV BYTE PTR SS:[EBP+EAX-A4], DL ; DL放到EBP+EAX-A4处
004212F8 |. FF45 D0 |INC DWORD PTR SS:[EBP-30]
004212FB |. 837D D0 28 |CMP DWORD PTR SS:[EBP-30], 28
004212FF |.^ 7C B5 \JL SHORT 123.004212B6 ; 循环16次,得到字符串“mxaxaxaxaxaxaxax”
00421301 |> C645 84 5A MOV BYTE PTR SS:[EBP-7C], 5A ; 连接上5A即字母Z
00421305 |. C645 85 59 MOV BYTE PTR SS:[EBP-7B], 59 ; 连接上59即字母Y,即“mxaxaxaxaxaxaxaxZY”
00421309 |. C745 CC 18000>MOV DWORD PTR SS:[EBP-34], 18
00421310 |. 66:C745 EC 08>MOV WORD PTR SS:[EBP-14], 8
00421316 |. 837D CC 28 CMP DWORD PTR SS:[EBP-34], 28
0042131A |. 7D 4A JGE SHORT 123.00421366
0042131C |> 8B55 CC /MOV EDX, DWORD PTR SS:[EBP-34] ; EDX=18
0042131F |. 0FBE8415 5CFF>|MOVSX EAX, BYTE PTR SS:[EBP+EDX-A>; 上次循环得到的字符串第一位给EAX
00421327 |. C1E0 04 |SHL EAX, 4 ; EAX=EAX左移4位
0042132A |. 8B55 CC |MOV EDX, DWORD PTR SS:[EBP-34]
0042132D |. 0FBE8C15 5DFF>|MOVSX ECX, BYTE PTR SS:[EBP+EDX-A>; 上次循环的字符串的第二位给ECX
00421335 |. D1F9 |SAR ECX, 1 ; ECX=ECX右移1位
00421337 |. 33C1 |XOR EAX, ECX ; EAX=EAX XOR ECX
00421339 |. 50 |PUSH EAX ; /Arg1
0042133A |. E8 59000000 |CALL 123.00421398 ; \123.00421398
0042133F |. 59 |POP ECX
00421340 |. B9 1A000000 |MOV ECX, 1A ; ECX=1A
00421345 |. 99 |CDQ
00421346 |. F7F9 |IDIV ECX ; EAX=EAX\1A EDX=MOD(EAX,1A)
00421348 |. 83C2 41 |ADD EDX, 41 ; EDX=EDX+41
0042134B |. 8B45 CC |MOV EAX, DWORD PTR SS:[EBP-34]
0042134E |. 0FBE4405 A0 |MOVSX EAX, BYTE PTR SS:[EBP+EAX-6>; 替换后的字符串的第25位给EAX
00421353 |. 3BD0 |CMP EDX, EAX ;
这个循环分别比较注册码第25位到40位是不是25E,26S,27U,28S,29U,30S,31R,32U,33U,34C,35N,36B,37K,38I,39M,40V
00421355 |. 74 06 |JE SHORT 123.0042135D
00421357 |. C645 DB 00 |MOV BYTE PTR SS:[EBP-25], 0
0042135B |. EB 09 |JMP SHORT 123.00421366
0042135D |> FF45 CC |INC DWORD PTR SS:[EBP-34]
00421360 |. 837D CC 28 |CMP DWORD PTR SS:[EBP-34], 28
00421364 |.^ 7C B6 \JL SHORT 123.0042131C
00421366 |> 0FBE55 AA MOVSX EDX, BYTE PTR SS:[EBP-56] ; 替换后字符串第11位给EAX
0042136A |. 83FA 59 CMP EDX, 59 ; 第11位是否为59即大写字母Y
0042136D |. 74 04 JE SHORT 123.00421373
0042136F |. C645 DB 00 MOV BYTE PTR SS:[EBP-25], 0
00421373 |> 8A45 DB MOV AL, BYTE PTR SS:[EBP-25]
00421376 |. 50 PUSH EAX
00421377 |. FF4D F8 DEC DWORD PTR SS:[EBP-8]
0042137A |. 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8] ; 注册码地址给EAX
0042137D |. BA 02000000 MOV EDX, 2 ; EDX=2
00421382 |. E8 ED240D00 CALL 123.004F3874
00421387 |. 58 POP EAX
00421388 |. 8B55 DC MOV EDX, DWORD PTR SS:[EBP-24]
0042138B |. 64:8915 00000>MOV DWORD PTR FS:[0], EDX
00421392 |> 5F POP EDI
00421393 |. 5E POP ESI
00421394 |. 8BE5 MOV ESP, EBP
00421396 |. 5D POP EBP
00421397 \. C3 RETN
=========================================================================================
算法小结:
1、用户名位数大于3位,未参与注册码计算
2、第2、11、40-44位分别为0、Y、P、2、I、1,24位是0-9的数字
3、先将注册码第2位替换为“#”,然后和字符串“1z1h+2a0n-0g8y*9a1n|”循环运算,算出第12-19位的注册码
4、替换后的注册码经过16次循环,得到字符串“mxaxaxaxaxaxaxax”,再连接上“ZY”,即“mxaxaxaxaxaxaxaxZY”
5、字符串“mxaxaxaxaxaxaxaxZY”经过16次循环得到25-40位的注册码
6、其他位的注册码参与运算但未进行比较,所以仍是你原来输入的相应数字
算法比较简单,就是循环次数太多,要有耐性
由于注册机在制作过程中出现一些技术问题,(第2组注册码能成功算出,但第一个有些问题)正在调试,成功后再发
送两组可用注册码:
7074747474YENPHNVRV47474ESUSUSRUUCNBKIMVP2I1
1011111111YGKSSMSKO11111SOOOOOSNNBUTBUGPP2I1
注册信息保存在注册表:HKEY_CURRENT_USER\Software\XTZY\Pic2Ico,删除即可重玩
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
