[原创]EditPlus的算法分析-软件逆向-看雪-安全社区|安全招聘|kanxue.com

[原创]EditPlus的算法分析

发表于: 2007-8-9 20:56 7238

[原创]EditPlus的算法分析

斜阳残雪

2007-8-9 20:56

7238

【文章标题】: EditPlus的算法分析
【文章作者】: 南宫涤尘
【作者邮箱】: zlm324@126.com
【下载地址】: 自己搜索一下吧
【编写语言】: VC++ 6.0
【使用工具】: OD+VB6
【作者声明】: 只是感兴趣，没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】

  注册流程从这里开始：
  00489CE0 .  81EC 34020000 sub    esp, 234
  00489CE6 .  53          push ebx
  00489CE7 .  55          push ebp
  00489CE8 .  8BE9       mov    ebp, ecx
  00489CEA .  8D4424 10    lea    eax, dword ptr [esp+10]
  00489CEE .  56          push esi
  00489CEF .  50          push eax
  00489CF0 .  8D4C24 50    lea    ecx, dword ptr [esp+50]
  00489CF4 .  68 F4010000 push 1F4
  00489CF9 .  8D95 98000000 lea    edx, dword ptr [ebp+98]
  00489CFF .  51          push ecx
  00489D00 .  52          push edx
  00489D01 .  E8 6AFFFFFF call 00489C70                      ;  取姓名到EAX
  00489D06 .  8BF0       mov    esi, eax
  00489D08 .  8B4424 24    mov    eax, dword ptr [esp+24]
  00489D0C .  83C4 10    add    esp, 10
  00489D0F .  897424 10    mov    dword ptr [esp+10], esi
  00489D13 .  85C0       test eax, eax
  00489D15 .  0F84 E5000000 je    00489E00                      ;  姓名不为空
  00489D1B .  8D4424 0C    lea    eax, dword ptr [esp+C]
  00489D1F .  8D4C24 18    lea    ecx, dword ptr [esp+18]
  00489D23 .  50          push eax
  00489D24 .  6A 32       push 32
  00489D26 .  8D55 5C    lea    edx, dword ptr [ebp+5C]
  00489D29 .  51          push ecx
  00489D2A .  52          push edx
  00489D2B .  E8 40FFFFFF call 00489C70                      ;  取注册码地址到EAX
  00489D30 .  8BD8       mov    ebx, eax
  00489D32 .  8B4424 1C    mov    eax, dword ptr [esp+1C]
  00489D36 .  83C4 10    add    esp, 10
  00489D39 .  85C0       test eax, eax
  00489D3B .  0F84 BF000000 je    00489E00
  00489D41 .  57          push edi
  00489D42 .  33FF       xor    edi, edi
  00489D44 .  85C0       test eax, eax
  00489D46 .  7E 41       jle    short 00489D89
  00489D48 >  66:0FB6341F movzx si, byte ptr [edi+ebx]
  00489D4D .  66:81FE 0001  cmp    si, 100
  00489D52 .  73 10       jnb    short 00489D64
  00489D54 .  81E6 FF000000 and    esi, 0FF
  00489D5A .  66:8B0475 F8D>mov    ax, word ptr [esi*2+55DFF8]
  00489D62 .  EB 15       jmp    short 00489D79
  00489D64 >  8BC6       mov    eax, esi
  00489D66 .  25 FFFF0000 and    eax, 0FFFF
  00489D6B .  50          push eax                            ; /StringOrChar
  00489D6C .  FF15 60C64F00 call dword ptr [<&USER32.CharUpperW>] ; \CharUpperW
  00489D72 .  66:85C0    test ax, ax
  00489D75 .  75 02       jnz    short 00489D79
  00489D77 .  8BC6       mov    eax, esi
  00489D79 >  88041F       mov    byte ptr [edi+ebx], al
  00489D7C .  8B4424 10    mov    eax, dword ptr [esp+10]
  00489D80 .  47          inc    edi
  00489D81 .  3BF8       cmp    edi, eax
  00489D83 .^ 7C C3       jl    short 00489D48
  00489D85 .  8B7424 14    mov    esi, dword ptr [esp+14]
  00489D89 >  53          push ebx
  00489D8A .  56          push esi
  00489D8B .  E8 20010000 call 00489EB0                      ;  关键Call
  00489D90 .  83C4 08    add    esp, 8
  00489D93 .  85C0       test eax, eax
  00489D95 .  5F          pop    edi
  00489D96 .  75 18       jnz    short 00489DB0    ;  关键跳转

  跟进关键Call：
  00489EB0  /$  83EC 0C    sub    esp, 0C
  00489EB3  |.  83C9 FF    or    ecx, FFFFFFFF
  00489EB6  |.  33C0       xor    eax, eax
  00489EB8  |.  56          push esi
  00489EB9  |.  8B7424 14    mov    esi, dword ptr [esp+14]
  00489EBD  |.  57          push edi
  00489EBE  |.  8BFE       mov    edi, esi
  00489EC0  |.  F2:AE       repne scas byte ptr es:[edi]
  00489EC2  |.  F7D1       not    ecx
  00489EC4  |.  49          dec    ecx
  00489EC5  |.  8BF9       mov    edi, ecx
  00489EC7  |.  75 06       jnz    short 00489ECF
  00489EC9  |.  5F          pop    edi
  00489ECA  |.  5E          pop    esi
  00489ECB  |.  83C4 0C    add    esp, 0C
  00489ECE  |.  C3          retn
  00489ECF  |>  E8 3CFFFFFF call 00489E10
  00489ED4  |.  57          push edi
  00489ED5  |.  56          push esi
  00489ED6  |.  6A 00       push 0
  00489ED8  |.  E8 83FFFFFF call 00489E60                      ;  姓名的处理
  00489EDD  |.  83C4 0C    add    esp, 0C
  00489EE0  |.  25 FFFF0000 and    eax, 0FFFF
  00489EE5  |.  50          push eax
  00489EE6  |.  8D4424 0C    lea    eax, dword ptr [esp+C]
  00489EEA  |.  68 E0905200 push 005290E0                      ;  ASCII "%02X"
  00489EEF  |.  50          push eax
  00489EF0  |.  E8 EB3B0300 call 004BDAE0
  00489EF5  |.  8B7424 28    mov    esi, dword ptr [esp+28]
  00489EF9  |.  8A4424 14    mov    al, byte ptr [esp+14]
  00489EFD  |.  83C4 0C    add    esp, 0C
  00489F00  |.  8A4E 02    mov    cl, byte ptr [esi+2]
  00489F03  |.  8D56 02    lea    edx, dword ptr [esi+2]
  00489F06  |.  3AC8       cmp    cl, al
  00489F08  |.  74 08       je    short 00489F12
  00489F0A  |.  5F          pop    edi
  00489F0B  |.  33C0       xor    eax, eax
  00489F0D  |.  5E          pop    esi
  00489F0E  |.  83C4 0C    add    esp, 0C
  00489F11  |.  C3          retn
  00489F12  |>  8A46 03    mov    al, byte ptr [esi+3]
  00489F15  |.  8A4C24 09    mov    cl, byte ptr [esp+9]
  00489F19  |.  3AC1       cmp    al, cl
  00489F1B  |.  74 08       je    short 00489F25
  00489F1D  |.  5F          pop    edi
  00489F1E  |.  33C0       xor    eax, eax
  00489F20  |.  5E          pop    esi
  00489F21  |.  83C4 0C    add    esp, 0C
  00489F24  |.  C3          retn
  00489F25  |>  8BFE       mov    edi, esi
  00489F27  |.  83C9 FF    or    ecx, FFFFFFFF
  00489F2A  |.  33C0       xor    eax, eax
  00489F2C  |.  F2:AE       repne scas byte ptr es:[edi]
  00489F2E  |.  F7D1       not    ecx
  00489F30  |.  83C1 FD    add    ecx, -3
  00489F33  |.  51          push ecx
  00489F34  |.  52          push edx
  00489F35  |.  50          push eax
  00489F36  |.  E8 25FFFFFF call 00489E60                      ;  剩余注册码的处理
  00489F3B  |.  83C4 0C    add    esp, 0C
  00489F3E  |.  25 FFFF0000 and    eax, 0FFFF
  00489F43  |.  8D4C24 08    lea    ecx, dword ptr [esp+8]
  00489F47  |.  50          push eax
  00489F48  |.  68 E0905200 push 005290E0                      ;  ASCII "%02X"
  00489F4D  |.  51          push ecx
  00489F4E  |.  E8 8D3B0300 call 004BDAE0
  00489F53  |.  8A16       mov    dl, byte ptr [esi]
  00489F55  |.  8A4424 14    mov    al, byte ptr [esp+14]
  00489F59  |.  83C4 0C    add    esp, 0C
  00489F5C  |.  3AD0       cmp    dl, al
  00489F5E  |.  74 08       je    short 00489F68
  00489F60  |.  5F          pop    edi
  00489F61  |.  33C0       xor    eax, eax
  00489F63  |.  5E          pop    esi
  00489F64  |.  83C4 0C    add    esp, 0C
  00489F67  |.  C3          retn
  00489F68  |>  8A4E 01    mov    cl, byte ptr [esi+1]
  00489F6B  |.  8A5424 09    mov    dl, byte ptr [esp+9]
  00489F6F  |.  33C0       xor    eax, eax
  00489F71  |.  3ACA       cmp    cl, dl
  00489F73  |.  5F          pop    edi
  00489F74  |.  5E          pop    esi
  00489F75  |.  0F94C0       sete al
  00489F78  |.  83C4 0C    add    esp, 0C
  00489F7B  \.  C3          retn

  由上可以看出，姓名的处理和剩余注册码的处理用了同一个函数，我们跟进去：
  00489E60  /$  8B4C24 08    mov    ecx, dword ptr [esp+8]
  00489E64  |.  8B4424 0C    mov    eax, dword ptr [esp+C]
  00489E68  |.  56          push esi
  00489E69  |.  8D3401       lea    esi, dword ptr [ecx+eax]
  00489E6C  |.  3BCE       cmp    ecx, esi
  00489E6E  |.  73 2A       jnb    short 00489E9A
  00489E70  |.  8B4424 08    mov    eax, dword ptr [esp+8]
  00489E74  |.  53          push ebx
  00489E75  |>  8BD0       /mov    edx, eax ;eax->edx
  00489E77  |.  33DB       |xor    ebx, ebx ;清空ebx
  00489E79  |.  8A19       |mov    bl, byte ptr [ecx] ;待处理字符串的当前位
  00489E7B  |.  81E2 FF000000 |and    edx, 0FF ;只保留dl，其他位清空
  00489E81  |.  33D3       |xor    edx, ebx ;edx=edx xor ebx
  00489E83  |.  33DB       |xor    ebx, ebx ;清空ebx
  00489E85  |.  8ADC       |mov    bl, ah ;ah->bl
  00489E87  |.  66:8B0455 ECE>|mov    ax, word ptr [edx*2+55E8EC] ;查表
  00489E8F  |.  66:33C3    |xor    ax, bx ;ax=ax xor bx
  00489E92  |.  41          |inc    ecx
  00489E93  |.  3BCE       |cmp    ecx, esi ;esi是待处理字符串的最后一位
  00489E95  |.^ 72 DE       \jb    short 00489E75 ;没完的话循环
  00489E97  |.  5B          pop    ebx
  00489E98  |.  5E          pop    esi
  00489E99  |.  C3          retn
  00489E9A  |>  66:8B4424 08  mov    ax, word ptr [esp+8]
  00489E9F  |.  5E          pop    esi
  00489EA0  \.  C3          retn
  此段代码的翻译参见后面注册机的Proc函数吧。
  姓名计算过后会在ax里面形成一个数值，取ah做为注册码的第三、四位，和后面剩余的注册码一起进行下一步运算。
  剩余的注册码运算结束后，同样在ax中生成一个数值，取ah做为注册码的第一、二位，至此注册码生成完毕。

  好了，分析完毕，废话不说，写注册机：

  说明一下，从上面分析可以看出，注册码只有前4位是计算得到的，其余位可随机产生，这里Gen5()即为随机产生5字符段的函数
  程序所需：两个TextBox，名称分别为TxtName和TxtSN；一个按钮，名称为CmdGen。
  Private Sub CmdGen_Click()

  If TxtName.Text = "" Then MsgBox "姓名不能为空！", vbOKOnly + vbInformation, "数据输入错误": Exit Sub

  Dim Name As String
  Dim str1 As String
  Dim str2 As String
  Dim MidSN As String

  str1 = Proc(TxtName.Text): If Len(str1) = 1 Then str1 = "0" & str1 '姓名处理后得到的值

  MidSN = str1 & Right(Gen5 & "-" & Gen5 & "-" & Gen5 & "-" & Gen5 & "-" & Gen5, 25) '与剩余的注册码合并

  str2 = Proc(MidSN): If Len(str2) = 1 Then str2 = "0" & str2 '进行注册码的运算

  TxtSN.Text = str2 & MidSN

  End Sub

  Function Proc(Stri As String) As String

  Dim Data(512) As Integer
  '这里就是55E8EC处的表，整整512个数据……
  Data(1) = 0: Data(2) = 0: Data(3) = 193: Data(4) = 192: Data(5) = 129: Data(6) = 193: Data(7) = 64: Data(8) = 1
  Data(9) = 1: Data(10) = 195: Data(11) = 192: Data(12) = 3: Data(13) = 128: Data(14) = 2: Data(15) = 65: Data(16) = 194
  Data(17) = 1: Data(18) = 198: Data(19) = 192: Data(20) = 6: Data(21) = 128: Data(22) = 7: Data(23) = 65: Data(24) = 199
  Data(25) = 0: Data(26) = 5: Data(27) = 193: Data(28) = 197: Data(29) = 129: Data(30) = 196: Data(31) = 64: Data(32) = 4
  Data(33) = 1: Data(34) = 204: Data(35) = 192: Data(36) = 12: Data(37) = 128: Data(38) = 13: Data(39) = 65: Data(40) = 205
  Data(41) = 0: Data(42) = 15: Data(43) = 193: Data(44) = 207: Data(45) = 129: Data(46) = 206: Data(47) = 64: Data(48) = 14
  Data(49) = 0: Data(50) = 10: Data(51) = 193: Data(52) = 202: Data(53) = 129: Data(54) = 203: Data(55) = 64: Data(56) = 11
  Data(57) = 1: Data(58) = 201: Data(59) = 192: Data(60) = 9: Data(61) = 128: Data(62) = 8: Data(63) = 65: Data(64) = 200
  Data(65) = 1: Data(66) = 216: Data(67) = 192: Data(68) = 24: Data(69) = 128: Data(70) = 25: Data(71) = 65: Data(72) = 217
  Data(73) = 0: Data(74) = 27: Data(75) = 193: Data(76) = 219: Data(77) = 129: Data(78) = 218: Data(79) = 64: Data(80) = 26
  Data(81) = 0: Data(82) = 30: Data(83) = 193: Data(84) = 222: Data(85) = 129: Data(86) = 223: Data(87) = 64: Data(88) = 31
  Data(89) = 1: Data(90) = 221: Data(91) = 192: Data(92) = 29: Data(93) = 128: Data(94) = 28: Data(95) = 65: Data(96) = 220
  Data(97) = 0: Data(98) = 20: Data(99) = 193: Data(100) = 212: Data(101) = 129: Data(102) = 213: Data(103) = 64: Data(104) = 21
  Data(105) = 1: Data(106) = 215: Data(107) = 192: Data(108) = 23: Data(109) = 128: Data(110) = 22: Data(111) = 65: Data(112) = 214
  Data(113) = 1: Data(114) = 210: Data(115) = 192: Data(116) = 18: Data(117) = 128: Data(118) = 19: Data(119) = 65: Data(120) = 211
  Data(121) = 0: Data(122) = 17: Data(123) = 193: Data(124) = 209: Data(125) = 129: Data(126) = 208: Data(127) = 64: Data(128) = 16
  Data(129) = 1: Data(130) = 240: Data(131) = 192: Data(132) = 48: Data(133) = 128: Data(134) = 49: Data(135) = 65: Data(136) = 241
  Data(137) = 0: Data(138) = 51: Data(139) = 193: Data(140) = 243: Data(141) = 129: Data(142) = 242: Data(143) = 64: Data(144) = 50
  Data(145) = 0: Data(146) = 54: Data(147) = 193: Data(148) = 246: Data(149) = 129: Data(150) = 247: Data(151) = 64: Data(152) = 55
  Data(153) = 1: Data(154) = 245: Data(155) = 192: Data(156) = 53: Data(157) = 128: Data(158) = 52: Data(159) = 65: Data(160) = 244
  Data(161) = 0: Data(162) = 60: Data(163) = 193: Data(164) = 252: Data(165) = 129: Data(166) = 253: Data(167) = 64: Data(168) = 61
  Data(169) = 1: Data(170) = 255: Data(171) = 192: Data(172) = 63: Data(173) = 128: Data(174) = 62: Data(175) = 65: Data(176) = 254
  Data(177) = 1: Data(178) = 250: Data(179) = 192: Data(180) = 58: Data(181) = 128: Data(182) = 59: Data(183) = 65: Data(184) = 251
  Data(185) = 0: Data(186) = 57: Data(187) = 193: Data(188) = 249: Data(189) = 129: Data(190) = 248: Data(191) = 64: Data(192) = 56
  Data(193) = 0: Data(194) = 40: Data(195) = 193: Data(196) = 232: Data(197) = 129: Data(198) = 233: Data(199) = 64: Data(200) = 41
  Data(201) = 1: Data(202) = 235: Data(203) = 192: Data(204) = 43: Data(205) = 128: Data(206) = 42: Data(207) = 65: Data(208) = 234
  Data(209) = 1: Data(210) = 238: Data(211) = 192: Data(212) = 46: Data(213) = 128: Data(214) = 47: Data(215) = 65: Data(216) = 239
  Data(217) = 0: Data(218) = 45: Data(219) = 193: Data(220) = 237: Data(221) = 129: Data(222) = 236: Data(223) = 64: Data(224) = 44
  Data(225) = 1: Data(226) = 228: Data(227) = 192: Data(228) = 36: Data(229) = 128: Data(230) = 37: Data(231) = 65: Data(232) = 229
  Data(233) = 0: Data(234) = 39: Data(235) = 193: Data(236) = 231: Data(237) = 129: Data(238) = 230: Data(239) = 64: Data(240) = 38
  Data(241) = 0: Data(242) = 34: Data(243) = 193: Data(244) = 226: Data(245) = 129: Data(246) = 227: Data(247) = 64: Data(248) = 35
  Data(249) = 1: Data(250) = 225: Data(251) = 192: Data(252) = 33: Data(253) = 128: Data(254) = 32: Data(255) = 65: Data(256) = 224
  Data(257) = 1: Data(258) = 160: Data(259) = 192: Data(260) = 96: Data(261) = 128: Data(262) = 97: Data(263) = 65: Data(264) = 161
  Data(265) = 0: Data(266) = 99: Data(267) = 193: Data(268) = 163: Data(269) = 129: Data(270) = 162: Data(271) = 64: Data(272) = 98
  Data(273) = 0: Data(274) = 102: Data(275) = 193: Data(276) = 166: Data(277) = 129: Data(278) = 167: Data(279) = 64: Data(280) = 103
  Data(281) = 1: Data(282) = 165: Data(283) = 192: Data(284) = 101: Data(285) = 128: Data(286) = 100: Data(287) = 65: Data(288) = 164
  Data(289) = 0: Data(290) = 108: Data(291) = 193: Data(292) = 172: Data(293) = 129: Data(294) = 173: Data(295) = 64: Data(296) = 109
  Data(297) = 1: Data(298) = 175: Data(299) = 192: Data(300) = 111: Data(301) = 128: Data(302) = 110: Data(303) = 65: Data(304) = 174
  Data(305) = 1: Data(306) = 170: Data(307) = 192: Data(308) = 106: Data(309) = 128: Data(310) = 107: Data(311) = 65: Data(312) = 171
  Data(313) = 0: Data(314) = 105: Data(315) = 193: Data(316) = 169: Data(317) = 129: Data(318) = 168: Data(319) = 64: Data(320) = 104
  Data(321) = 0: Data(322) = 120: Data(323) = 193: Data(324) = 184: Data(325) = 129: Data(326) = 185: Data(327) = 64: Data(328) = 121
  Data(329) = 1: Data(330) = 187: Data(331) = 192: Data(332) = 123: Data(333) = 128: Data(334) = 122: Data(335) = 65: Data(336) = 186
  Data(337) = 1: Data(338) = 190: Data(339) = 192: Data(340) = 126: Data(341) = 128: Data(342) = 127: Data(343) = 65: Data(344) = 191
  Data(345) = 0: Data(346) = 125: Data(347) = 193: Data(348) = 189: Data(349) = 129: Data(350) = 188: Data(351) = 64: Data(352) = 124
  Data(353) = 1: Data(354) = 180: Data(355) = 192: Data(356) = 116: Data(357) = 128: Data(358) = 117: Data(359) = 65: Data(360) = 181
  Data(361) = 0: Data(362) = 119: Data(363) = 193: Data(364) = 183: Data(365) = 129: Data(366) = 182: Data(367) = 64: Data(368) = 118
  Data(369) = 0: Data(370) = 114: Data(371) = 193: Data(372) = 178: Data(373) = 129: Data(374) = 179: Data(375) = 64: Data(376) = 115
  Data(377) = 1: Data(378) = 177: Data(379) = 192: Data(380) = 113: Data(381) = 128: Data(382) = 112: Data(383) = 65: Data(384) = 176
  Data(385) = 0: Data(386) = 80: Data(387) = 193: Data(388) = 144: Data(389) = 129: Data(390) = 145: Data(391) = 64: Data(392) = 81
  Data(393) = 1: Data(394) = 147: Data(395) = 192: Data(396) = 83: Data(397) = 128: Data(398) = 82: Data(399) = 65: Data(400) = 146
  Data(401) = 1: Data(402) = 150: Data(403) = 192: Data(404) = 86: Data(405) = 128: Data(406) = 87: Data(407) = 65: Data(408) = 151
  Data(409) = 0: Data(410) = 85: Data(411) = 193: Data(412) = 149: Data(413) = 129: Data(414) = 148: Data(415) = 64: Data(416) = 84
  Data(417) = 1: Data(418) = 156: Data(419) = 192: Data(420) = 92: Data(421) = 128: Data(422) = 93: Data(423) = 65: Data(424) = 157
  Data(425) = 0: Data(426) = 95: Data(427) = 193: Data(428) = 159: Data(429) = 129: Data(430) = 158: Data(431) = 64: Data(432) = 94
  Data(433) = 0: Data(434) = 90: Data(435) = 193: Data(436) = 154: Data(437) = 129: Data(438) = 155: Data(439) = 64: Data(440) = 91
  Data(441) = 1: Data(442) = 153: Data(443) = 192: Data(444) = 89: Data(445) = 128: Data(446) = 88: Data(447) = 65: Data(448) = 152
  Data(449) = 1: Data(450) = 136: Data(451) = 192: Data(452) = 72: Data(453) = 128: Data(454) = 73: Data(455) = 65: Data(456) = 137
  Data(457) = 0: Data(458) = 75: Data(459) = 193: Data(460) = 139: Data(461) = 129: Data(462) = 138: Data(463) = 64: Data(464) = 74
  Data(465) = 0: Data(466) = 78: Data(467) = 193: Data(468) = 142: Data(469) = 129: Data(470) = 143: Data(471) = 64: Data(472) = 79
  Data(473) = 1: Data(474) = 141: Data(475) = 192: Data(476) = 77: Data(477) = 128: Data(478) = 76: Data(479) = 65: Data(480) = 140
  Data(481) = 0: Data(482) = 68: Data(483) = 193: Data(484) = 132: Data(485) = 129: Data(486) = 133: Data(487) = 64: Data(488) = 69
  Data(489) = 1: Data(490) = 135: Data(491) = 192: Data(492) = 71: Data(493) = 128: Data(494) = 70: Data(495) = 65: Data(496) = 134
  Data(497) = 1: Data(498) = 130: Data(499) = 192: Data(500) = 66: Data(501) = 128: Data(502) = 67: Data(503) = 65: Data(504) = 131
  Data(505) = 0: Data(506) = 65: Data(507) = 193: Data(508) = 129: Data(509) = 129: Data(510) = 128: Data(511) = 64: Data(512) = 64

  Dim ah As Integer
  Dim al As Integer
  Dim bh As Integer
  Dim bl As Integer
  Dim dh As Integer
  Dim dl As Integer
  '因为涉及到高低位之间的操作，所以偷懒把变量完全设开:)
  al = 0: ah = 0

  For i = 1 To Len(Stri)
   dl = al: dh = ah
   bl = 0: bh = 0
   bl = Asc(Mid(Stri, i, 1))
   dh = 0
   dl = dl Xor bl: dh = dh Xor bh
   bl = 0: bh = 0
   bl = ah
   al = Data(dl * 2 + 1): ah = Data(dl * 2 + 2)
   al = al Xor bl: ah = ah Xor bh
  Next i

  Proc = Hex(ah) '因为只用的到高位，所以这里直接返回ah了。

  End Function

  Function Gen5() As String '生成5字符段

  Dim Data(36) As String

  Data(1) = "0": Data(2) = "1": Data(3) = "2": Data(4) = "3": Data(5) = "4": Data(6) = "5"
  Data(7) = "6": Data(8) = "7": Data(9) = "8": Data(10) = "9": Data(11) = "A": Data(12) = "B"
  Data(13) = "C": Data(14) = "D": Data(15) = "E": Data(16) = "F": Data(17) = "G": Data(18) = "H"
  Data(19) = "I": Data(20) = "J": Data(21) = "K": Data(22) = "L": Data(23) = "M": Data(24) = "N"
  Data(25) = "O": Data(26) = "P": Data(27) = "Q": Data(28) = "R": Data(29) = "S": Data(30) = "T"
  Data(31) = "U": Data(32) = "V": Data(33) = "W": Data(34) = "X": Data(35) = "Y": Data(36) = "Z"

  Dim z As String

  Randomize Timer

  For i = 1 To 5
   z = z & Data(1 + Int(36 * Rnd)) '随机生成1～36的数值，取data对应的字符
  Next i

  Gen5 = z

  End Function

--------------------------------------------------------------------------------

                                                   2007年08月08日 19:39:54

[课程]FART 脱壳王！加量不加价！FART作者讲授！

收藏・3

免费・7

支持

最新回复 (9)
yingyue 雪币： 1844 活跃值： (35) 能力值： ( LV3，RANK：30 ) 在线值：发帖 16 回帖 2595 粉丝 3 关注私信	yingyue 2 楼好，以前跟过，支持一下 2007-8-9 21:00 0
小子贼野雪币： 347 活跃值： (25) 能力值： ( LV9，RANK：420 ) 在线值：发帖 25 回帖 891 粉丝 0 关注私信	小子贼野 10 3 楼完全不懂，只能膜拜 2007-8-9 21:09 0
jdpack 雪币： 207 活跃值： (10) 能力值： ( LV4，RANK：50 ) 在线值：发帖 8 回帖 131 粉丝 0 关注私信	jdpack 1 4 楼 Lz這個表不會是手工敲進去的吧？。。。 2007-8-9 21:43 0
不懂算法雪币： 202 活跃值： (77) 能力值： ( LV6，RANK：90 ) 在线值：发帖 16 回帖 329 粉丝 5 关注私信	不懂算法 2 5 楼 LZ错了，上EditPlus的当了，建议看看精华区 2007-8-10 16:56 0
斜阳残雪雪币： 228 活跃值： (11) 能力值： ( LV8，RANK：130 ) 在线值：发帖 6 回帖 92 粉丝 0 关注私信	斜阳残雪 3 6 楼小弟愚钝，还请为兄指点。 2007-8-11 11:27 0
斜阳残雪雪币： 228 活跃值： (11) 能力值： ( LV8，RANK：130 ) 在线值：发帖 6 回帖 92 粉丝 0 关注私信	斜阳残雪 3 7 楼这个当然不是，不然累死了 2007-8-11 11:30 0
xblzy0423 雪币： 218 活跃值： (299) 能力值： ( LV2，RANK：10 ) 在线值：发帖 11 回帖 72 粉丝 1 关注私信	xblzy0423 8 楼在这遇上楼主支持一下 2007-8-11 16:26 0
不懂算法雪币： 202 活跃值： (77) 能力值： ( LV6，RANK：90 ) 在线值：发帖 16 回帖 329 粉丝 5 关注私信	不懂算法 2 9 楼 http://bbs.pediy.com/showthread.php?threadid=18021 EditPlus验证的地方不止一处 2007-8-13 16:14 0
斜阳残雪雪币： 228 活跃值： (11) 能力值： ( LV8，RANK：130 ) 在线值：发帖 6 回帖 92 粉丝 0 关注私信	斜阳残雪 3 10 楼原来是这样，多谢大哥！ 2007-8-13 20:21 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

斜阳残雪

发帖

回帖

130

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (9)
yingyue 雪币： 1844 活跃值： (35) 能力值： ( LV3，RANK：30 ) 在线值：发帖 16 回帖 2595 粉丝 3 关注私信	yingyue 2 楼好，以前跟过，支持一下 2007-8-9 21:00 0
小子贼野雪币： 347 活跃值： (25) 能力值： ( LV9，RANK：420 ) 在线值：发帖 25 回帖 891 粉丝 0 关注私信	小子贼野 10 3 楼完全不懂，只能膜拜 2007-8-9 21:09 0
jdpack 雪币： 207 活跃值： (10) 能力值： ( LV4，RANK：50 ) 在线值：发帖 8 回帖 131 粉丝 0 关注私信	jdpack 1 4 楼 Lz這個表不會是手工敲進去的吧？。。。 2007-8-9 21:43 0
不懂算法雪币： 202 活跃值： (77) 能力值： ( LV6，RANK：90 ) 在线值：发帖 16 回帖 329 粉丝 5 关注私信	不懂算法 2 5 楼 LZ错了，上EditPlus的当了，建议看看精华区 2007-8-10 16:56 0
斜阳残雪雪币： 228 活跃值： (11) 能力值： ( LV8，RANK：130 ) 在线值：发帖 6 回帖 92 粉丝 0 关注私信	斜阳残雪 3 6 楼小弟愚钝，还请为兄指点。 2007-8-11 11:27 0
斜阳残雪雪币： 228 活跃值： (11) 能力值： ( LV8，RANK：130 ) 在线值：发帖 6 回帖 92 粉丝 0 关注私信	斜阳残雪 3 7 楼这个当然不是，不然累死了 2007-8-11 11:30 0
xblzy0423 雪币： 218 活跃值： (299) 能力值： ( LV2，RANK：10 ) 在线值：发帖 11 回帖 72 粉丝 1 关注私信	xblzy0423 8 楼在这遇上楼主支持一下 2007-8-11 16:26 0
不懂算法雪币： 202 活跃值： (77) 能力值： ( LV6，RANK：90 ) 在线值：发帖 16 回帖 329 粉丝 5 关注私信	不懂算法 2 9 楼 http://bbs.pediy.com/showthread.php?threadid=18021 EditPlus验证的地方不止一处 2007-8-13 16:14 0
斜阳残雪雪币： 228 活跃值： (11) 能力值： ( LV8，RANK：130 ) 在线值：发帖 6 回帖 92 粉丝 0 关注私信	斜阳残雪 3 10 楼原来是这样，多谢大哥！ 2007-8-13 20:21 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复