【文章标题】: 《现在汉语词典》注册算法分析
【文章作者】: 水中花
【下载地址】: 自己搜索下载
【加壳方式】: ASPack 2.12
【保护方式】: 壳+序列号
【编写语言】: Delphi
【软件介绍】: 〖现代汉语词典〗软件是一个精巧、全面、新颖的文科工具。软件收集了新华词典、现代汉语词典的所有的词语。词语不断新
增添加,与时代同步。资料浩瀚,数据量大,全面收集,权威、科学。是一个优秀的学习工具助手。软件支持模糊查询、支持升序降序排列,
支持刷新、支持在线......
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
一、用PEID查壳,是ASPack 2.12 ,手动脱壳。
二,通过注册失败的相关提示,用字符串参考下断
0051A667 |. 51 push ecx
0051A668 |. 53 push ebx
0051A669 |. 56 push esi
0051A66A |. 57 push edi
0051A66B |. 8BD8 mov ebx, eax
0051A66D |. 33C0 xor eax, eax
0051A66F |. 55 push ebp
0051A670 |. 68 62A95100 push 00.0051A962
0051A675 |. 64:FF30 push dword ptr fs:[eax]
0051A678 |. 64:8920 mov dword ptr fs:[eax], esp
0051A67B |. B2 01 mov dl, 1
0051A67D |. A1 3CBD4900 mov eax, dword ptr [49BD3C]
0051A682 |. E8 B517F8FF call 00.0049BE3C
0051A687 |. 8BF0 mov esi, eax
0051A689 |. BA 02000080 mov edx, 80000002
0051A68E |. 8BC6 mov eax, esi
0051A690 |. E8 4718F8FF call 00.0049BEDC
0051A695 |. B1 01 mov cl, 1
0051A697 |. BA 78A95100 mov edx, 00.0051A978 ; ASCII "SOFTWARE\Microsoft\xdhy"
0051A69C |. 8BC6 mov eax, esi
0051A69E |. E8 9D18F8FF call 00.0049BF40
0051A6A3 |. 68 80000000 push 80 ; /BufSize = 80 (128.)
0051A6A8 |. 8D85 7BFFFFFF lea eax, dword ptr [ebp-85] ; |
0051A6AE |. 50 push eax ; |Buffer
0051A6AF |. E8 18CAEEFF call <jmp.&kernel32.GetSystemD>; \GetSystemDirectoryA
0051A6B4 |. 8D45 FC lea eax, dword ptr [ebp-4]
0051A6B7 |. 8D95 7BFFFFFF lea edx, dword ptr [ebp-85]
0051A6BD |. B9 81000000 mov ecx, 81
0051A6C2 |. E8 65A3EEFF call 00.00404A2C
0051A6C7 |. 8D95 74FFFFFF lea edx, dword ptr [ebp-8C]
0051A6CD |. 8B83 08030000 mov eax, dword ptr [ebx+308]
0051A6D3 |. E8 90AFF2FF call 00.00445668
0051A6D8 |. 83BD 74FFFFFF>cmp dword ptr [ebp-8C], 0 ; 是否有输入注册码
0051A6DF |. 74 1A je short 00.0051A6FB
0051A6E1 |. 8D95 70FFFFFF lea edx, dword ptr [ebp-90]
0051A6E7 |. 8B83 04030000 mov eax, dword ptr [ebx+304]
0051A6ED |. E8 76AFF2FF call 00.00445668
0051A6F2 |. 83BD 70FFFFFF>cmp dword ptr [ebp-90], 0 ; 是否有输入确认码
0051A6F9 |. 75 0F jnz short 00.0051A70A
0051A6FB |> B8 98A95100 mov eax, 00.0051A998
0051A700 |. E8 0B3EF2FF call 00.0043E510
0051A705 |. E9 D6010000 jmp 00.0051A8E0
0051A70A |> 8D95 6CFFFFFF lea edx, dword ptr [ebp-94]
0051A710 |. 8B83 08030000 mov eax, dword ptr [ebx+308]
0051A716 |. E8 4DAFF2FF call 00.00445668
0051A71B |. 8B85 6CFFFFFF mov eax, dword ptr [ebp-94] ; 输入的假注册码
0051A721 |. 50 push eax
0051A722 |. 8D95 64FFFFFF lea edx, dword ptr [ebp-9C]
0051A728 |. 8B83 04030000 mov eax, dword ptr [ebx+304]
0051A72E |. E8 35AFF2FF call 00.00445668
0051A733 |. 8B85 64FFFFFF mov eax, dword ptr [ebp-9C] ; 输入的确认码
0051A739 |. E8 BAEBEEFF call 00.004092F8
0051A73E |. B9 B1D00000 mov ecx, 0D0B1 ; 固定值“0D0B1”
0051A743 |. 99 cdq ; 扩展
0051A744 |. F7F9 idiv ecx ; 除法
0051A746 |. 8BC2 mov eax, edx ; 取余数
0051A748 |. 8D95 68FFFFFF lea edx, dword ptr [ebp-98]
0051A74E |. E8 41EBEEFF call 00.00409294 ; 将余数转换为十进制,设为X
0051A753 |. 8D85 68FFFFFF lea eax, dword ptr [ebp-98]
0051A759 |. 50 push eax
0051A75A |. 8D95 58FFFFFF lea edx, dword ptr [ebp-A8]
0051A760 |. 8B83 04030000 mov eax, dword ptr [ebx+304]
0051A766 |. E8 FDAEF2FF call 00.00445668
0051A76B |. 8B85 58FFFFFF mov eax, dword ptr [ebp-A8] ; 输入的确认码
0051A771 |. E8 82EBEEFF call 00.004092F8
0051A776 |. 8D95 5CFFFFFF lea edx, dword ptr [ebp-A4]
0051A77C |. E8 9FFBFFFF call 00.0051A320 ; 算法一,跟进
0051A781 |. 8B85 5CFFFFFF mov eax, dword ptr [ebp-A4] ; B值
0051A787 |. E8 6CEBEEFF call 00.004092F8
0051A78C |. 8D95 60FFFFFF lea edx, dword ptr [ebp-A0]
0051A792 |. E8 69FCFFFF call 00.0051A400 ; 算法二,跟进
0051A797 |. 8B95 60FFFFFF mov edx, dword ptr [ebp-A0]
0051A79D |. 58 pop eax
0051A79E |. E8 E1A2EEFF call 00.00404A84 ; 将X连在C的前面,即为注册码
0051A7A3 |. 8B95 68FFFFFF mov edx, dword ptr [ebp-98]
0051A7A9 |. 58 pop eax
0051A7AA |. E8 11A4EEFF call 00.00404BC0 ; 真假注册码比较
0051A7AF |. 0F85 07010000 jnz 00.0051A8BC ; 关键跳,跳向注册失败处
0051A7B5 |. A1 EC095200 mov eax, dword ptr [5209EC] 以下是将正确的注册信息生成在\WINDOWS\system32\dby.sys文件中
0051A7BA |. 8B00 mov eax, dword ptr [eax]
0051A7BC |. 8B80 7C030000 mov eax, dword ptr [eax+37C]
0051A7C2 |. 33D2 xor edx, edx
0051A7C4 |. E8 BFADF2FF call 00.00445588
0051A7C9 |. A1 EC095200 mov eax, dword ptr [5209EC]
0051A7CE |. 8B00 mov eax, dword ptr [eax]
0051A7D0 |. 8B80 60030000 mov eax, dword ptr [eax+360]
0051A7D6 |. B2 01 mov dl, 1
0051A7D8 |. E8 ABADF2FF call 00.00445588
0051A7DD |. 8D95 54FFFFFF lea edx, dword ptr [ebp-AC]
0051A7E3 |. 8B83 08030000 mov eax, dword ptr [ebx+308]
0051A7E9 |. E8 7AAEF2FF call 00.00445668
0051A7EE |. 8B8D 54FFFFFF mov ecx, dword ptr [ebp-AC]
0051A7F4 |. BA B8A95100 mov edx, 00.0051A9B8 ; ASCII "yhdsger"
0051A7F9 |. 8BC6 mov eax, esi
0051A7FB |. E8 DC18F8FF call 00.0049C0DC
0051A800 |. 8D85 50FFFFFF lea eax, dword ptr [ebp-B0]
0051A806 |. B9 C8A95100 mov ecx, 00.0051A9C8 ; ASCII "\dby.sys"
0051A80B |. 8B55 FC mov edx, dword ptr [ebp-4]
0051A80E |. E8 B5A2EEFF call 00.00404AC8
0051A813 |. 8B8D 50FFFFFF mov ecx, dword ptr [ebp-B0]
0051A819 |. B2 01 mov dl, 1
0051A81B |. A1 ECAD4900 mov eax, dword ptr [49ADEC]
0051A820 |. E8 7706F8FF call 00.0049AE9C
0051A825 |. 8BF0 mov esi, eax
0051A827 |. 8D95 4CFFFFFF lea edx, dword ptr [ebp-B4]
0051A82D |. 8B83 08030000 mov eax, dword ptr [ebx+308]
0051A833 |. E8 30AEF2FF call 00.00445668
0051A838 |. 8B85 4CFFFFFF mov eax, dword ptr [ebp-B4]
0051A83E |. 50 push eax
0051A83F |. B9 DCA95100 mov ecx, 00.0051A9DC ; ASCII "dd"
0051A844 |. BA E8A95100 mov edx, 00.0051A9E8 ; ASCII "syssetup"
0051A849 |. 8BC6 mov eax, esi
0051A84B |. 8B38 mov edi, dword ptr [eax]
0051A84D |. FF57 04 call dword ptr [edi+4]
0051A850 |. 8D95 48FFFFFF lea edx, dword ptr [ebp-B8]
0051A856 |. 8B83 04030000 mov eax, dword ptr [ebx+304]
0051A85C |. E8 07AEF2FF call 00.00445668
0051A861 |. 8B85 48FFFFFF mov eax, dword ptr [ebp-B8]
0051A867 |. 50 push eax
0051A868 |. B9 FCA95100 mov ecx, 00.0051A9FC ; ASCII "zc"
0051A86D |. BA E8A95100 mov edx, 00.0051A9E8 ; syssetup
0051A872 |. 8BC6 mov eax, esi
0051A874 |. 8B30 mov esi, dword ptr [eax]
0051A876 |. FF56 04 call dword ptr [esi+4]
0051A879 |. 8D85 44FFFFFF lea eax, dword ptr [ebp-BC]
0051A87F |. B9 C8A95100 mov ecx, 00.0051A9C8 ; \dby.sys
0051A884 |. 8B55 FC mov edx, dword ptr [ebp-4]
0051A887 |. E8 3CA2EEFF call 00.00404AC8
0051A88C |. 8B85 44FFFFFF mov eax, dword ptr [ebp-BC]
0051A892 |. BA 02000000 mov edx, 2
0051A897 |. E8 A4ECEEFF call 00.00409540
0051A89C |. A1 EC095200 mov eax, dword ptr [5209EC]
0051A8A1 |. 8B00 mov eax, dword ptr [eax]
0051A8A3 |. 8B80 54030000 mov eax, dword ptr [eax+354]
0051A8A9 |. BA 08AA5100 mov edx, 00.0051AA08 ; 刘夫之
0051A8AE |. E8 E5ADF2FF call 00.00445698
0051A8B3 |. 8BC3 mov eax, ebx
0051A8B5 |. E8 D286F4FF call 00.00462F8C
0051A8BA |. EB 24 jmp short 00.0051A8E0
0051A8BC |> B8 18AA5100 mov eax, 00.0051AA18 ; 注册失败,请重试,重试失败请直接与作者联系
算法一,跟进处:0051A77C |. E8 9FFBFFFF call 00.0051A320
0051A320 /$ 55 push ebp
0051A321 |. 8BEC mov ebp, esp
0051A323 |. 33C9 xor ecx, ecx
0051A325 |. 51 push ecx
0051A326 |. 51 push ecx
0051A327 |. 51 push ecx
0051A328 |. 51 push ecx
0051A329 |. 53 push ebx
0051A32A |. 56 push esi
0051A32B |. 8BF2 mov esi, edx
0051A32D |. 8BD8 mov ebx, eax
0051A32F |. 33C0 xor eax, eax
0051A331 |. 55 push ebp
0051A332 |. 68 F0A35100 push 00.0051A3F0
0051A337 |. 64:FF30 push dword ptr fs:[eax]
0051A33A |. 64:8920 mov dword ptr fs:[eax], esp
0051A33D |. 81F3 F1250B00 xor ebx, 0B25F1 ; 确认码与B25F1相异或
0051A343 |. 8BC3 mov eax, ebx
0051A345 |. 33D2 xor edx, edx ; 清零
0051A347 |. 52 push edx ; /Arg2 => 00000000
0051A348 |. 50 push eax ; |Arg1
0051A349 |. 8D45 FC lea eax, dword ptr [ebp-4] ; |
0051A34C |. E8 73EFEEFF call 00.004092C4 ; \异或结果转换为十进制,设为a
0051A351 |. 8B45 FC mov eax, dword ptr [ebp-4]
0051A354 |. 0FB600 movzx eax, byte ptr [eax] ; 取a的第一位
0051A357 |. 8B55 FC mov edx, dword ptr [ebp-4]
0051A35A |. 0FB652 01 movzx edx, byte ptr [edx+1] ; 取a的第二位
0051A35E |. 03C2 add eax, edx ; 相加
0051A360 |. B9 05000000 mov ecx, 5 ; 赋以5
0051A365 |. 99 cdq
0051A366 |. F7F9 idiv ecx ; 除以5
0051A368 |. 80C2 34 add dl, 34 ; 余数+34
0051A36B |. 8855 F8 mov byte ptr [ebp-8], dl ; 结果放入[ebp-8]中,设为a1
0051A36E |. 8B45 FC mov eax, dword ptr [ebp-4] ; a值
0051A371 |. 0FB640 02 movzx eax, byte ptr [eax+2] ; 取a的第三位
0051A375 |. 8B55 FC mov edx, dword ptr [ebp-4]
0051A378 |. 0FB652 03 movzx edx, byte ptr [edx+3] ; 取a的第四位
0051A37C |. 03C2 add eax, edx ; 相加
0051A37E |. B9 05000000 mov ecx, 5
0051A383 |. 99 cdq
0051A384 |. F7F9 idiv ecx ; 除以5
0051A386 |. 8BDA mov ebx, edx
0051A388 |. 80C3 33 add bl, 33 ; 余数+33
0051A38B |. 885D F9 mov byte ptr [ebp-7], bl ; 结果放入[ebp-7]中,设为a2
0051A38E |. 8D45 F4 lea eax, dword ptr [ebp-C]
0051A391 |. 8A55 F8 mov dl, byte ptr [ebp-8] ; [ebp-8]的数
0051A394 |. E8 0BA6EEFF call 00.004049A4
0051A399 |. 8B45 F4 mov eax, dword ptr [ebp-C]
0051A39C |. 8D55 FC lea edx, dword ptr [ebp-4] ; a的值
0051A39F |. B9 1B000000 mov ecx, 1B ;
0051A3A4 |. E8 B3A9EEFF call 00.00404D5C ; 将a1添加在a的末尾,成为新a
0051A3A9 |. 8D45 F0 lea eax, dword ptr [ebp-10]
0051A3AC |. 8BD3 mov edx, ebx
0051A3AE |. E8 F1A5EEFF call 00.004049A4
0051A3B3 |. 8B45 F0 mov eax, dword ptr [ebp-10]
0051A3B6 |. 8D55 FC lea edx, dword ptr [ebp-4]
0051A3B9 |. B9 19000000 mov ecx, 19
0051A3BE |. E8 99A9EEFF call 00.00404D5C ; 将a2添加在新a的末尾,组成的设为B
0051A3C3 |. 8BC6 mov eax, esi
0051A3C5 |. 8B55 FC mov edx, dword ptr [ebp-4]
0051A3C8 |. E8 4BA4EEFF call 00.00404818
0051A3CD |. 33C0 xor eax, eax
0051A3CF |. 5A pop edx
0051A3D0 |. 59 pop ecx
0051A3D1 |. 59 pop ecx
0051A3D2 |. 64:8910 mov dword ptr fs:[eax], edx
0051A3D5 |. 68 F7A35100 push 00.0051A3F7
0051A3DA |> 8D45 F0 lea eax, dword ptr [ebp-10]
0051A3DD |. BA 02000000 mov edx, 2
0051A3E2 |. E8 01A4EEFF call 00.004047E8
0051A3E7 |. 8D45 FC lea eax, dword ptr [ebp-4]
0051A3EA |. E8 D5A3EEFF call 00.004047C4
0051A3EF \. C3 retn
0051A3F0 .^ E9 939CEEFF jmp 00.00404088
0051A3F5 .^ EB E3 jmp short 00.0051A3DA
0051A3F7 . 5E pop esi
0051A3F8 . 5B pop ebx
0051A3F9 . 8BE5 mov esp, ebp
0051A3FB . 5D pop ebp
0051A3FC . C3 retn
算法二跟进处:
0051A400 /$ 55 push ebp
0051A401 |. 8BEC mov ebp, esp
0051A403 |. 33C9 xor ecx, ecx
0051A405 |. 51 push ecx
0051A406 |. 51 push ecx
0051A407 |. 51 push ecx
0051A408 |. 51 push ecx
0051A409 |. 51 push ecx
0051A40A |. 51 push ecx
0051A40B |. 53 push ebx
0051A40C |. 56 push esi
0051A40D |. 8BF2 mov esi, edx
0051A40F |. 8BD8 mov ebx, eax
0051A411 |. 33C0 xor eax, eax
0051A413 |. 55 push ebp
0051A414 |. 68 4CA55100 push 00.0051A54C
0051A419 |. 64:FF30 push dword ptr fs:[eax]
0051A41C |. 64:8920 mov dword ptr fs:[eax], esp
0051A41F |. 81F3 8776FBDD xor ebx, DDFB7687 ; 将B与DDFB7687相异或
0051A425 |. 8BC3 mov eax, ebx
0051A427 |. 33D2 xor edx, edx
0051A429 |. 52 push edx ; /Arg2 => 00000000
0051A42A |. 50 push eax ; |Arg1
0051A42B |. 8D45 FC lea eax, dword ptr [ebp-4] ; |
0051A42E |. E8 91EEEEFF call 00.004092C4 ; \将异或结果转换为十进制,设为C
0051A433 |. 8B45 FC mov eax, dword ptr [ebp-4]
0051A436 |. 0FB600 movzx eax, byte ptr [eax] ; 取C的第一位
0051A439 |. 8B55 FC mov edx, dword ptr [ebp-4]
0051A43C |. 0FB652 01 movzx edx, byte ptr [edx+1] ; 取C的第二位
0051A440 |. 03C2 add eax, edx ; 相加
0051A442 |. B9 05000000 mov ecx, 5
0051A447 |. 99 cdq
0051A448 |. F7F9 idiv ecx ; 除以5
0051A44A |. 80C2 66 add dl, 66 ; 余数+66
0051A44D |. 8855 F8 mov byte ptr [ebp-8], dl ; 结果存入[ebp-8]中,设为C1
0051A450 |. 8B45 FC mov eax, dword ptr [ebp-4]
0051A453 |. 0FB640 02 movzx eax, byte ptr [eax+2] ; 取C的第三位
0051A457 |. 8B55 FC mov edx, dword ptr [ebp-4]
0051A45A |. 0FB652 03 movzx edx, byte ptr [edx+3] ; 取C的第四位
0051A45E |. 03C2 add eax, edx ; 相加
0051A460 |. B9 05000000 mov ecx, 5
0051A465 |. 99 cdq
0051A466 |. F7F9 idiv ecx ; 除以5
0051A468 |. 80C2 75 add dl, 75 ; 余数+75
0051A46B |. 8855 F9 mov byte ptr [ebp-7], dl ; 结果存入[ebp-7]中,设为C2
0051A46E |. 8B45 FC mov eax, dword ptr [ebp-4]
0051A471 |. 0FB640 04 movzx eax, byte ptr [eax+4] ; 取C的第五位
0051A475 |. 8B55 FC mov edx, dword ptr [ebp-4]
0051A478 |. 0FB652 05 movzx edx, byte ptr [edx+5] ; 取C的第六位
0051A47C |. 03C2 add eax, edx ; 相加
0051A47E |. B9 05000000 mov ecx, 5
0051A483 |. 99 cdq
0051A484 |. F7F9 idiv ecx ; 除以5
0051A486 |. 80C2 7A add dl, 7A ; 余数+7A
0051A489 |. 8855 FA mov byte ptr [ebp-6], dl ; 结果存入[ebp-6]中,设为C3
0051A48C |. 8B45 FC mov eax, dword ptr [ebp-4]
0051A48F |. 0FB640 06 movzx eax, byte ptr [eax+6] ; 取C的第七位
0051A493 |. 8B55 FC mov edx, dword ptr [ebp-4]
0051A496 |. 0FB652 07 movzx edx, byte ptr [edx+7] ; 取C的第八位
0051A49A |. 03C2 add eax, edx ; 相加
0051A49C |. 8B55 FC mov edx, dword ptr [ebp-4]
0051A49F |. 0FB652 08 movzx edx, byte ptr [edx+8]
0051A4A3 |. 03C2 add eax, edx
0051A4A5 |. B9 05000000 mov ecx, 5
0051A4AA |. 99 cdq
0051A4AB |. F7F9 idiv ecx ; 除以5
0051A4AD |. 80C2 69 add dl, 69 ; 余数+69
0051A4B0 |. 8855 FB mov byte ptr [ebp-5], dl ; 结果存入[ebp-5]中,设为C4
0051A4B3 |. 8D45 F4 lea eax, dword ptr [ebp-C]
0051A4B6 |. 8A55 F8 mov dl, byte ptr [ebp-8]
0051A4B9 |. E8 E6A4EEFF call 00.004049A4
0051A4BE |. 8B45 F4 mov eax, dword ptr [ebp-C]
0051A4C1 |. 8D55 FC lea edx, dword ptr [ebp-4]
0051A4C4 |. B9 07000000 mov ecx, 7
0051A4C9 |. E8 8EA8EEFF call 00.00404D5C ; 将C1添加在C的第7位的位置,组成新C
0051A4CE |. 8D45 F0 lea eax, dword ptr [ebp-10]
0051A4D1 |. 8A55 FB mov dl, byte ptr [ebp-5]
0051A4D4 |. E8 CBA4EEFF call 00.004049A4
0051A4D9 |. 8B45 F0 mov eax, dword ptr [ebp-10]
0051A4DC |. 8D55 FC lea edx, dword ptr [ebp-4]
0051A4DF |. B9 03000000 mov ecx, 3
0051A4E4 |. E8 73A8EEFF call 00.00404D5C ; 将C4添加在新C的第3位的位置,组成新C
0051A4E9 |. 8D45 EC lea eax, dword ptr [ebp-14]
0051A4EC |. 8A55 F9 mov dl, byte ptr [ebp-7]
0051A4EF |. E8 B0A4EEFF call 00.004049A4
0051A4F4 |. 8B45 EC mov eax, dword ptr [ebp-14]
0051A4F7 |. 8D55 FC lea edx, dword ptr [ebp-4]
0051A4FA |. B9 05000000 mov ecx, 5
0051A4FF |. E8 58A8EEFF call 00.00404D5C ; 将C2添加在新C的第5位的位置,组成新C
0051A504 |. 8D45 E8 lea eax, dword ptr [ebp-18]
0051A507 |. 8A55 FA mov dl, byte ptr [ebp-6]
0051A50A |. E8 95A4EEFF call 00.004049A4
0051A50F |. 8B45 E8 mov eax, dword ptr [ebp-18]
0051A512 |. 8D55 FC lea edx, dword ptr [ebp-4]
0051A515 |. B9 09000000 mov ecx, 9
0051A51A |. E8 3DA8EEFF call 00.00404D5C ; 将C3添加在新C的第9位的位置,组成新C
0051A51F |. 8BC6 mov eax, esi
0051A521 |. 8B55 FC mov edx, dword ptr [ebp-4]
0051A524 |. E8 EFA2EEFF call 00.00404818
0051A529 |. 33C0 xor eax, eax
0051A52B |. 5A pop edx
0051A52C |. 59 pop ecx
0051A52D |. 59 pop ecx
0051A52E |. 64:8910 mov dword ptr fs:[eax], edx
0051A531 |. 68 53A55100 push 00.0051A553
0051A536 |> 8D45 E8 lea eax, dword ptr [ebp-18]
0051A539 |. BA 04000000 mov edx, 4
0051A53E |. E8 A5A2EEFF call 00.004047E8
0051A543 |. 8D45 FC lea eax, dword ptr [ebp-4]
0051A546 |. E8 79A2EEFF call 00.004047C4
0051A54B \. C3 retn
0051A54C .^ E9 379BEEFF jmp 00.00404088
0051A551 .^ EB E3 jmp short 00.0051A536
0051A553 . 5E pop esi
0051A554 . 5B pop ebx
0051A555 . 8BE5 mov esp, ebp
0051A557 . 5D pop ebp
0051A558 . C3 retn
--------------------------------------------------------------------------------
【经验总结】
该软件的注册算法大致如下:
1、将确认码与0D0B1相除取余数,然后转化为十进制设为A
2、将确认码与0B25F1相异或,结果设为B,将B的第一位和第二位相加再除以5,然后取余数+34,将所得字符放在B的后面
再将B的第三位和第四位相加,除以5,余数+33,再放在B的最后位。结果所得设为C
3、将C与DDFB7687相异或,再将结果的1、2位相加,3、4位相加,5、6位相加,7、8位相加再转换为字符,分别放在相异或
结果的相关位置。结果设为D。
4、将A与D相连即为注册码
以上是初手的分析,不对之处请大家多多指教!
--------------------------------------------------------------------------------
【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
2007年03月25日 18:59:57
[注意]APP应用上架合规检测服务,协助应用顺利上架!