【破文标题】WinASO Registry Optimizer V3.0.9算法分析
【破文作者】小子贼野
【作者主页】http://mayday.unpack.cn
【破解工具】OD,PeId
【原版下载】http://www.skycn.com/soft/27630.html
【软件介绍】WinASO Registry Optimizer 是一个 Windows 优化工具和高级注册表清理工具,它允许您以简单的鼠标单击来安全的清理及修复
注册表故障。通过修复陈旧信息及调整 Windows 注册表参数,它对系统速度的提升是值得令人注意的。WinASO Registry Optimizer 被很好的
设计为修复普遍的问题,例如对 Internet Explorer 页面的非法修改。我们已对此工具进行了实际测试来确保您的系统安全。我们没有收到过
任何对系统稳定性的抱怨。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
------------------------------------------------------------------------
Borland Delphi 6.0 - 7.0编写,没壳,爽,哈哈~
------------------------------------------------------------------------
OD载入,运行程序到注册界面,下命令断点bp MessageBoxA,注册确认,程序被中断在:
------------------------------------------------------------------------
77D5058A > 8BFF MOV EDI,EDI
77D5058C 55 PUSH EBP
77D5058D 8BEC MOV EBP,ESP
77D5058F 833D BC04D777 0>CMP DWORD PTR DS:[77D704BC],0
77D50596 74 24 JE SHORT USER32.77D505BC
77D50598 64:A1 18000000 MOV EAX,DWORD PTR FS:[18]
------------------------------------------------------------------------
堆栈友好提示:
0012F7BC 0056A7C2 /CALL 到 MessageBoxA 来自 RegOpt.0056A7BD
0012F7C0 004007D4 |hOwner = 004007D4 ('Register Information',class='TfrmRegister',parent=00D5061A)
0012F7C4 01A2F0B8 |Text = "Sorry, that is an invalid license key. Please ensure you have entered the license key exactly
as provided."
0012F7C8 01A8EDD0 |Title = "Information"
0012F7CC 00000040 \Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
0012F7D0 0012FA0C 指向下一个 SEH 记录的指针
0012F7D4 0056A9F4 SE 处理器
------------------------------------------------------------------------
程序分析算法以下:
------------------------------------------------------------------------
0056A3B3 |. 55 PUSH EBP
0056A3B4 |. 68 F4A95600 PUSH RegOpt.0056A9F4
0056A3B9 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0056A3BC |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0056A3BF |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0056A3C2 |. 8B15 84055A00 MOV EDX,DWORD PTR DS:[5A0584] ; RegOpt.005A55E0
0056A3C8 |. 8B92 70080000 MOV EDX,DWORD PTR DS:[EDX+870]
0056A3CE |. E8 5DAEE9FF CALL RegOpt.00405230
0056A3D3 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0056A3D6 |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
0056A3DC |. E8 3BC9EEFF CALL RegOpt.00456D1C
0056A3E1 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0056A3E4 |. E8 9B45F6FF CALL RegOpt.004CE984
0056A3E9 |. 84C0 TEST AL,AL
0056A3EB |. 75 2E JNZ SHORT RegOpt.0056A41B ; 第一组填了就跳
0056A3ED |. 6A 40 PUSH 40
0056A3EF |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A3F4 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A3FA |. E8 5DB2E9FF CALL RegOpt.0040565C
0056A3FF |. 50 PUSH EAX
0056A400 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056A403 |. E8 54B2E9FF CALL RegOpt.0040565C
0056A408 |. 50 PUSH EAX
0056A409 |. 8BC3 MOV EAX,EBX
0056A40B |. E8 0C44EFFF CALL RegOpt.0045E81C
0056A410 |. 50 PUSH EAX ; |hOwner
0056A411 |. E8 26DFE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A416 |. E9 6D050000 JMP RegOpt.0056A988
0056A41B |> 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
0056A41E |. 8B83 A8030000 MOV EAX,DWORD PTR DS:[EBX+3A8]
0056A424 |. E8 F3C8EEFF CALL RegOpt.00456D1C
0056A429 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0056A42C |. E8 5345F6FF CALL RegOpt.004CE984
0056A431 |. 84C0 TEST AL,AL
0056A433 |. 75 2E JNZ SHORT RegOpt.0056A463 ; 第二组填了就跳
0056A435 |. 6A 40 PUSH 40
0056A437 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A43C |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A442 |. E8 15B2E9FF CALL RegOpt.0040565C
0056A447 |. 50 PUSH EAX
0056A448 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056A44B |. E8 0CB2E9FF CALL RegOpt.0040565C
0056A450 |. 50 PUSH EAX
0056A451 |. 8BC3 MOV EAX,EBX
0056A453 |. E8 C443EFFF CALL RegOpt.0045E81C
0056A458 |. 50 PUSH EAX ; |hOwner
0056A459 |. E8 DEDEE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A45E |. E9 25050000 JMP RegOpt.0056A988
0056A463 |> 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
0056A466 |. 8B83 AC030000 MOV EAX,DWORD PTR DS:[EBX+3AC]
0056A46C |. E8 ABC8EEFF CALL RegOpt.00456D1C
0056A471 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0056A474 |. E8 0B45F6FF CALL RegOpt.004CE984
0056A479 |. 84C0 TEST AL,AL
0056A47B |. 75 2E JNZ SHORT RegOpt.0056A4AB ; 第三组填了就跳
0056A47D |. 6A 40 PUSH 40
0056A47F |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A484 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A48A |. E8 CDB1E9FF CALL RegOpt.0040565C
0056A48F |. 50 PUSH EAX
0056A490 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056A493 |. E8 C4B1E9FF CALL RegOpt.0040565C
0056A498 |. 50 PUSH EAX
0056A499 |. 8BC3 MOV EAX,EBX
0056A49B |. E8 7C43EFFF CALL RegOpt.0045E81C
0056A4A0 |. 50 PUSH EAX ; |hOwner
0056A4A1 |. E8 96DEE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A4A6 |. E9 DD040000 JMP RegOpt.0056A988
0056A4AB |> 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
0056A4AE |. 8B83 B0030000 MOV EAX,DWORD PTR DS:[EBX+3B0]
0056A4B4 |. E8 63C8EEFF CALL RegOpt.00456D1C
0056A4B9 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
0056A4BC |. E8 C344F6FF CALL RegOpt.004CE984
0056A4C1 |. 84C0 TEST AL,AL
0056A4C3 |. 75 2E JNZ SHORT RegOpt.0056A4F3 ; 第四组填了就跳
0056A4C5 |. 6A 40 PUSH 40
0056A4C7 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A4CC |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A4D2 |. E8 85B1E9FF CALL RegOpt.0040565C
0056A4D7 |. 50 PUSH EAX
0056A4D8 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056A4DB |. E8 7CB1E9FF CALL RegOpt.0040565C
0056A4E0 |. 50 PUSH EAX
0056A4E1 |. 8BC3 MOV EAX,EBX
0056A4E3 |. E8 3443EFFF CALL RegOpt.0045E81C
0056A4E8 |. 50 PUSH EAX ; |hOwner
0056A4E9 |. E8 4EDEE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A4EE |. E9 95040000 JMP RegOpt.0056A988
0056A4F3 |> 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
0056A4F6 |. 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4]
0056A4FC |. E8 1BC8EEFF CALL RegOpt.00456D1C
0056A501 |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
0056A504 |. E8 7B44F6FF CALL RegOpt.004CE984
0056A509 |. 84C0 TEST AL,AL
0056A50B |. 75 2E JNZ SHORT RegOpt.0056A53B ; 第五组填了就跳
0056A50D |. 6A 40 PUSH 40
0056A50F |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A514 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A51A |. E8 3DB1E9FF CALL RegOpt.0040565C
0056A51F |. 50 PUSH EAX
0056A520 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056A523 |. E8 34B1E9FF CALL RegOpt.0040565C
0056A528 |. 50 PUSH EAX
0056A529 |. 8BC3 MOV EAX,EBX
0056A52B |. E8 EC42EFFF CALL RegOpt.0045E81C
0056A530 |. 50 PUSH EAX ; |hOwner
0056A531 |. E8 06DEE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A536 |. E9 4D040000 JMP RegOpt.0056A988
0056A53B |> 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
0056A53E |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
0056A544 |. E8 D3C7EEFF CALL RegOpt.00456D1C
0056A549 |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
0056A54C |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
0056A54F |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
0056A552 |. 85C0 TEST EAX,EAX
0056A554 |. 74 05 JE SHORT RegOpt.0056A55B
0056A556 |. 83E8 04 SUB EAX,4
0056A559 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0056A55B |> 83F8 04 CMP EAX,4 ; 位数与4比较
0056A55E |. 74 2E JE SHORT RegOpt.0056A58E ; 相等就Go
0056A560 |. 6A 40 PUSH 40
0056A562 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A567 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A56D |. E8 EAB0E9FF CALL RegOpt.0040565C
0056A572 |. 50 PUSH EAX
0056A573 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056A576 |. E8 E1B0E9FF CALL RegOpt.0040565C
0056A57B |. 50 PUSH EAX
0056A57C |. 8BC3 MOV EAX,EBX
0056A57E |. E8 9942EFFF CALL RegOpt.0045E81C
0056A583 |. 50 PUSH EAX ; |hOwner
0056A584 |. E8 B3DDE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A589 |. E9 FA030000 JMP RegOpt.0056A988
0056A58E |> 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
0056A591 |. 8B83 A8030000 MOV EAX,DWORD PTR DS:[EBX+3A8]
0056A597 |. E8 80C7EEFF CALL RegOpt.00456D1C
0056A59C |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
0056A59F |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
0056A5A2 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
0056A5A5 |. 85C0 TEST EAX,EAX
0056A5A7 |. 74 05 JE SHORT RegOpt.0056A5AE
0056A5A9 |. 83E8 04 SUB EAX,4
0056A5AC |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0056A5AE |> 83F8 04 CMP EAX,4
0056A5B1 |. 74 2E JE SHORT RegOpt.0056A5E1 ; 必须4位
0056A5B3 |. 6A 40 PUSH 40
0056A5B5 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A5BA |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A5C0 |. E8 97B0E9FF CALL RegOpt.0040565C
0056A5C5 |. 50 PUSH EAX
0056A5C6 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056A5C9 |. E8 8EB0E9FF CALL RegOpt.0040565C
0056A5CE |. 50 PUSH EAX
0056A5CF |. 8BC3 MOV EAX,EBX
0056A5D1 |. E8 4642EFFF CALL RegOpt.0045E81C
0056A5D6 |. 50 PUSH EAX ; |hOwner
0056A5D7 |. E8 60DDE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A5DC |. E9 A7030000 JMP RegOpt.0056A988
0056A5E1 |> 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
0056A5E4 |. 8B83 AC030000 MOV EAX,DWORD PTR DS:[EBX+3AC]
0056A5EA |. E8 2DC7EEFF CALL RegOpt.00456D1C
0056A5EF |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
0056A5F2 |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
0056A5F5 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
0056A5F8 |. 85C0 TEST EAX,EAX
0056A5FA |. 74 05 JE SHORT RegOpt.0056A601
0056A5FC |. 83E8 04 SUB EAX,4
0056A5FF |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0056A601 |> 83F8 04 CMP EAX,4
0056A604 |. 74 2E JE SHORT RegOpt.0056A634 ; 必须4位
0056A606 |. 6A 40 PUSH 40
0056A608 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A60D |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A613 |. E8 44B0E9FF CALL RegOpt.0040565C
0056A618 |. 50 PUSH EAX
0056A619 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056A61C |. E8 3BB0E9FF CALL RegOpt.0040565C
0056A621 |. 50 PUSH EAX
0056A622 |. 8BC3 MOV EAX,EBX
0056A624 |. E8 F341EFFF CALL RegOpt.0045E81C
0056A629 |. 50 PUSH EAX ; |hOwner
0056A62A |. E8 0DDDE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A62F |. E9 54030000 JMP RegOpt.0056A988
0056A634 |> 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0056A637 |. 8B83 B0030000 MOV EAX,DWORD PTR DS:[EBX+3B0]
0056A63D |. E8 DAC6EEFF CALL RegOpt.00456D1C
0056A642 |. 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30]
0056A645 |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
0056A648 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
0056A64B |. 85C0 TEST EAX,EAX
0056A64D |. 74 05 JE SHORT RegOpt.0056A654
0056A64F |. 83E8 04 SUB EAX,4
0056A652 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0056A654 |> 83F8 04 CMP EAX,4
0056A657 |. 74 2E JE SHORT RegOpt.0056A687 ; 必须4位
0056A659 |. 6A 40 PUSH 40
0056A65B |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A660 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A666 |. E8 F1AFE9FF CALL RegOpt.0040565C
0056A66B |. 50 PUSH EAX
0056A66C |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056A66F |. E8 E8AFE9FF CALL RegOpt.0040565C
0056A674 |. 50 PUSH EAX
0056A675 |. 8BC3 MOV EAX,EBX
0056A677 |. E8 A041EFFF CALL RegOpt.0045E81C
0056A67C |. 50 PUSH EAX ; |hOwner
0056A67D |. E8 BADCE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A682 |. E9 01030000 JMP RegOpt.0056A988
0056A687 |> 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
0056A68A |. 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4]
0056A690 |. E8 87C6EEFF CALL RegOpt.00456D1C
0056A695 |. 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34]
0056A698 |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
0056A69B |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
0056A69E |. 85C0 TEST EAX,EAX
0056A6A0 |. 74 05 JE SHORT RegOpt.0056A6A7
0056A6A2 |. 83E8 04 SUB EAX,4
0056A6A5 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0056A6A7 |> 83F8 04 CMP EAX,4
0056A6AA |. 74 2E JE SHORT RegOpt.0056A6DA ; 必须4位
0056A6AC |. 6A 40 PUSH 40
0056A6AE |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A6B3 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A6B9 |. E8 9EAFE9FF CALL RegOpt.0040565C
0056A6BE |. 50 PUSH EAX
0056A6BF |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056A6C2 |. E8 95AFE9FF CALL RegOpt.0040565C
0056A6C7 |. 50 PUSH EAX
0056A6C8 |. 8BC3 MOV EAX,EBX
0056A6CA |. E8 4D41EFFF CALL RegOpt.0045E81C
0056A6CF |. 50 PUSH EAX ; |hOwner
0056A6D0 |. E8 67DCE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A6D5 |. E9 AE020000 JMP RegOpt.0056A988
0056A6DA |> 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
0056A6DD |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
0056A6E3 |. E8 34C6EEFF CALL RegOpt.00456D1C
0056A6E8 |. 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38] ; EAX=第一组
0056A6EB |. E8 C4F7E9FF CALL RegOpt.00409EB4 ; 取它的16进制放EAX
0056A6F0 |. 8BF0 MOV ESI,EAX ; 给ESI,设为SN1
0056A6F2 |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
0056A6F5 |. 8B83 A8030000 MOV EAX,DWORD PTR DS:[EBX+3A8]
0056A6FB |. E8 1CC6EEFF CALL RegOpt.00456D1C
0056A700 |. 8B45 C4 MOV EAX,DWORD PTR SS:[EBP-3C] ; EAX=第二组
0056A703 |. E8 ACF7E9FF CALL RegOpt.00409EB4 ; 取它的16进制放EAX
0056A708 |. 8BF8 MOV EDI,EAX ; 给EDI,设为SN2
0056A70A |. 8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40]
0056A70D |. 8B83 AC030000 MOV EAX,DWORD PTR DS:[EBX+3AC]
0056A713 |. E8 04C6EEFF CALL RegOpt.00456D1C
0056A718 |. 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40] ; EAX=第三组,设为SN3
0056A71B |. E8 94F7E9FF CALL RegOpt.00409EB4
0056A720 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX ; EBP-8=第三组
0056A723 |. 0FAFF7 IMUL ESI,EDI ; ESI*EDI也就是说第一组乘第二组
0056A726 |. 81EE 2B060000 SUB ESI,62B ; 结果减62B
0056A72C |. 81FE 10270000 CMP ESI,2710 ; 结果和2710比较
0056A732 |. 7D 2E JGE SHORT RegOpt.0056A762 ; 小于的话就挂了
0056A734 |. 6A 40 PUSH 40
0056A736 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A73B |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A741 |. E8 16AFE9FF CALL RegOpt.0040565C
0056A746 |. 50 PUSH EAX
0056A747 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056A74A |. E8 0DAFE9FF CALL RegOpt.0040565C
0056A74F |. 50 PUSH EAX
0056A750 |. 8BC3 MOV EAX,EBX
0056A752 |. E8 C540EFFF CALL RegOpt.0045E81C
0056A757 |. 50 PUSH EAX ; |hOwner
0056A758 |. E8 DFDBE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A75D |. E9 26020000 JMP RegOpt.0056A988
0056A762 |> 8D55 B8 LEA EDX,DWORD PTR SS:[EBP-48] ; 大的话就跳到这里了
0056A765 |. 8BC6 MOV EAX,ESI ; EAX=ESI
0056A767 |. E8 0CF6E9FF CALL RegOpt.00409D78 ; Call进转换成10进制,设为SN4
0056A76C |. 8B45 B8 MOV EAX,DWORD PTR SS:[EBP-48]
0056A76F |. 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
0056A772 |. BA 04000000 MOV EDX,4 ; EDX=4
0056A777 |. E8 14DDEDFF CALL RegOpt.00448490 ; 取后四位
0056A77C |. 8B45 BC MOV EAX,DWORD PTR SS:[EBP-44]
0056A77F |. 50 PUSH EAX
0056A780 |. 8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C]
0056A783 |. 8B83 B0030000 MOV EAX,DWORD PTR DS:[EBX+3B0]
0056A789 |. E8 8EC5EEFF CALL RegOpt.00456D1C
0056A78E |. 8B55 B4 MOV EDX,DWORD PTR SS:[EBP-4C] ; EDX=第四组
0056A791 |. 58 POP EAX ; 弹出第四组真码!
0056A792 |. E8 11AEE9FF CALL RegOpt.004055A8 ; Call进比较
0056A797 |. 74 2E JE SHORT RegOpt.0056A7C7 ; 不相等就可以回家睡觉了
0056A799 |. 6A 40 PUSH 40
0056A79B |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A7A0 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A7A6 |. E8 B1AEE9FF CALL RegOpt.0040565C
0056A7AB |. 50 PUSH EAX
0056A7AC |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056A7AF |. E8 A8AEE9FF CALL RegOpt.0040565C
0056A7B4 |. 50 PUSH EAX
0056A7B5 |. 8BC3 MOV EAX,EBX
0056A7B7 |. E8 6040EFFF CALL RegOpt.0045E81C
0056A7BC |. 50 PUSH EAX ; |hOwner
0056A7BD |. E8 7ADBE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A7C2 |. E9 C1010000 JMP RegOpt.0056A988
0056A7C7 |> 8B75 F8 MOV ESI,DWORD PTR SS:[EBP-8] ; 第四组注册码相等来到这
0056A7CA |. 81C6 01020000 ADD ESI,201 ; 第三组试练码加上201,即SN3+201
0056A7D0 |. 0FAFF7 IMUL ESI,EDI ; 其和乘以第二组试练码
0056A7D3 |. 81EE F50D0000 SUB ESI,0DF5 ; 再减去DF5,我们将它设为SN5
0056A7D9 |. 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0056A7DC |. 8BC6 MOV EAX,ESI
0056A7DE |. E8 95F5E9FF CALL RegOpt.00409D78 ; Call进转换成10进制
0056A7E3 |. 8B45 AC MOV EAX,DWORD PTR SS:[EBP-54]
0056A7E6 |. 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0056A7E9 |. BA 04000000 MOV EDX,4 ; EDX=4
0056A7EE |. E8 9DDCEDFF CALL RegOpt.00448490 ; Call进取后四位,和上面一样了
0056A7F3 |. 8B45 B0 MOV EAX,DWORD PTR SS:[EBP-50]
0056A7F6 |. 50 PUSH EAX
0056A7F7 |. 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-58]
0056A7FA |. 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4]
0056A800 |. E8 17C5EEFF CALL RegOpt.00456D1C
0056A805 |. 8B55 A8 MOV EDX,DWORD PTR SS:[EBP-58] ; Call取第五组试练码
0056A808 |. 58 POP EAX ; 弹出第五组真码
0056A809 |. E8 9AADE9FF CALL RegOpt.004055A8 ; 比较
0056A80E |. 74 2E JE SHORT RegOpt.0056A83E ; 不等回家睡觉
0056A810 |. 6A 40 PUSH 40
0056A812 |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A817 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A81D |. E8 3AAEE9FF CALL RegOpt.0040565C
0056A822 |. 50 PUSH EAX
0056A823 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0056A826 |. E8 31AEE9FF CALL RegOpt.0040565C
0056A82B |. 50 PUSH EAX
0056A82C |. 8BC3 MOV EAX,EBX
0056A82E |. E8 E93FEFFF CALL RegOpt.0045E81C
0056A833 |. 50 PUSH EAX ; |hOwner
0056A834 |. E8 03DBE9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A839 |. E9 4A010000 JMP RegOpt.0056A988
0056A83E |> 8D55 A4 LEA EDX,DWORD PTR SS:[EBP-5C] ; 第五组试练码相等的话,跳来这
0056A841 |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4] ; 接下来的操作就是保存注册信息的啦
0056A847 |. E8 D0C4EEFF CALL RegOpt.00456D1C
0056A84C |. FF75 A4 PUSH DWORD PTR SS:[EBP-5C]
0056A84F |. 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
0056A852 |. 8B83 A8030000 MOV EAX,DWORD PTR DS:[EBX+3A8]
0056A858 |. E8 BFC4EEFF CALL RegOpt.00456D1C
0056A85D |. FF75 A0 PUSH DWORD PTR SS:[EBP-60]
0056A860 |. 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64]
0056A863 |. 8B83 AC030000 MOV EAX,DWORD PTR DS:[EBX+3AC]
0056A869 |. E8 AEC4EEFF CALL RegOpt.00456D1C
0056A86E |. FF75 9C PUSH DWORD PTR SS:[EBP-64]
0056A871 |. 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
0056A874 |. 8B83 B0030000 MOV EAX,DWORD PTR DS:[EBX+3B0]
0056A87A |. E8 9DC4EEFF CALL RegOpt.00456D1C
0056A87F |. FF75 98 PUSH DWORD PTR SS:[EBP-68]
0056A882 |. 8D55 94 LEA EDX,DWORD PTR SS:[EBP-6C]
0056A885 |. 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4]
0056A88B |. E8 8CC4EEFF CALL RegOpt.00456D1C
0056A890 |. FF75 94 PUSH DWORD PTR SS:[EBP-6C]
0056A893 |. A1 CC115A00 MOV EAX,DWORD PTR DS:[5A11CC]
0056A898 |. BA 05000000 MOV EDX,5
0056A89D |. E8 7AACE9FF CALL RegOpt.0040551C
0056A8A2 |. B2 01 MOV DL,1
0056A8A4 |. A1 8CCC4200 MOV EAX,DWORD PTR DS:[42CC8C]
0056A8A9 |. E8 DE24ECFF CALL RegOpt.0042CD8C
0056A8AE |. 8BF0 MOV ESI,EAX
0056A8B0 |. BA 02000080 MOV EDX,80000002
0056A8B5 |. 8BC6 MOV EAX,ESI
0056A8B7 |. E8 7025ECFF CALL RegOpt.0042CE2C
0056A8BC |. B1 01 MOV CL,1
0056A8BE |. BA 0CAA5600 MOV EDX,RegOpt.0056AA0C ; ASCII "\SOFTWARE\WinASO\Registry Optimizer"
0056A8C3 |. 8BC6 MOV EAX,ESI
0056A8C5 |. E8 A626ECFF CALL RegOpt.0042CF70
0056A8CA |. 84C0 TEST AL,AL
0056A8CC |. 74 14 JE SHORT RegOpt.0056A8E2
0056A8CE |. 8B0D CC115A00 MOV ECX,DWORD PTR DS:[5A11CC] ; RegOpt.005A62D8
0056A8D4 |. 8B09 MOV ECX,DWORD PTR DS:[ECX]
0056A8D6 |. BA 38AA5600 MOV EDX,RegOpt.0056AA38 ; ASCII "RegOptKey3.0"
0056A8DB |. 8BC6 MOV EAX,ESI
0056A8DD |. E8 9A2DECFF CALL RegOpt.0042D67C
0056A8E2 |> 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
0056A8E5 |. A1 A40D5A00 MOV EAX,DWORD PTR DS:[5A0DA4]
0056A8EA |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0056A8EC |. E8 73A9F0FF CALL RegOpt.00475264
0056A8F1 |. 8B45 8C MOV EAX,DWORD PTR SS:[EBP-74]
0056A8F4 |. 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
0056A8F7 |. E8 FCFCE9FF CALL RegOpt.0040A5F8
0056A8FC |. 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
0056A8FF |. BA 50AA5600 MOV EDX,RegOpt.0056AA50 ; ASCII "regkey.ini"
0056A904 |. E8 5BABE9FF CALL RegOpt.00405464
0056A909 |. 8B4D 90 MOV ECX,DWORD PTR SS:[EBP-70]
0056A90C |. B2 01 MOV DL,1
0056A90E |. A1 BCAE4200 MOV EAX,DWORD PTR DS:[42AEBC]
0056A913 |. E8 5C06ECFF CALL RegOpt.0042AF74
0056A918 |. 8BF0 MOV ESI,EAX
0056A91A |. A1 CC115A00 MOV EAX,DWORD PTR DS:[5A11CC]
0056A91F |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0056A921 |. 50 PUSH EAX
0056A922 |. B9 64AA5600 MOV ECX,RegOpt.0056AA64 ; ASCII "300"
0056A927 |. BA 70AA5600 MOV EDX,RegOpt.0056AA70 ; ASCII "regkey"
0056A92C |. 8BC6 MOV EAX,ESI
0056A92E |. 8B38 MOV EDI,DWORD PTR DS:[EAX]
0056A930 |. FF57 04 CALL DWORD PTR DS:[EDI+4]
0056A933 |. 8BC6 MOV EAX,ESI
0056A935 |. E8 1E99E9FF CALL RegOpt.00404258
0056A93A |. 6A 40 PUSH 40
0056A93C |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A941 |. 8B80 6C080000 MOV EAX,DWORD PTR DS:[EAX+86C]
0056A947 |. E8 10ADE9FF CALL RegOpt.0040565C
0056A94C |. 50 PUSH EAX
0056A94D |. A1 84055A00 MOV EAX,DWORD PTR DS:[5A0584]
0056A952 |. 8B80 74080000 MOV EAX,DWORD PTR DS:[EAX+874]
0056A958 |. E8 FFACE9FF CALL RegOpt.0040565C
0056A95D |. 50 PUSH EAX
0056A95E |. 8BC3 MOV EAX,EBX
0056A960 |. E8 B73EEFFF CALL RegOpt.0045E81C
0056A965 |. 50 PUSH EAX ; |hOwner
0056A966 |. E8 D1D9E9FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0056A96B |. 8BC3 MOV EAX,EBX
0056A96D |. E8 CE63F0FF CALL RegOpt.00470D40
0056A972 |. 6A 00 PUSH 0 ; /lParam = 0
0056A974 |. 6A 00 PUSH 0 ; |wParam = 0
0056A976 |. 68 78070000 PUSH 778 ; |Message = MSG(778)
0056A97B |. A1 E00D5A00 MOV EAX,DWORD PTR DS:[5A0DE0] ; |
0056A980 |. 8B00 MOV EAX,DWORD PTR DS:[EAX] ; |
0056A982 |. 50 PUSH EAX ; |hWnd
0056A983 |. E8 54DAE9FF CALL <JMP.&user32.SendMessageA> ; \SendMessageA
0056A988 |> 33C0 XOR EAX,EAX
0056A98A |. 5A POP EDX ; 0012FA0C
0056A98B |. 59 POP ECX
0056A98C |. 59 POP ECX
0056A98D |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0056A990 |. 68 FBA95600 PUSH RegOpt.0056A9FB
0056A995 |> 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74]
0056A998 |. BA 02000000 MOV EDX,2
0056A99D |. E8 1AA8E9FF CALL RegOpt.004051BC
0056A9A2 |. 8D45 94 LEA EAX,DWORD PTR SS:[EBP-6C]
0056A9A5 |. BA 06000000 MOV EDX,6
0056A9AA |. E8 0DA8E9FF CALL RegOpt.004051BC
0056A9AF |. 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
0056A9B2 |. BA 02000000 MOV EDX,2
0056A9B7 |. E8 00A8E9FF CALL RegOpt.004051BC
0056A9BC |. 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]
0056A9BF |. E8 D4A7E9FF CALL RegOpt.00405198
0056A9C4 |. 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48]
0056A9C7 |. BA 02000000 MOV EDX,2
0056A9CC |. E8 EBA7E9FF CALL RegOpt.004051BC
0056A9D1 |. 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
0056A9D4 |. BA 07000000 MOV EDX,7
0056A9D9 |. E8 DEA7E9FF CALL RegOpt.004051BC
0056A9DE |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
0056A9E1 |. BA 06000000 MOV EDX,6
0056A9E6 |. E8 D1A7E9FF CALL RegOpt.004051BC
0056A9EB |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0056A9EE |. E8 A5A7E9FF CALL RegOpt.00405198
0056A9F3 \. C3 RETN
0056A9F4 .^ E9 33A0E9FF JMP RegOpt.00404A2C
0056A9F9 .^ EB 9A JMP SHORT RegOpt.0056A995
0056A9FB . 5F POP EDI
0056A9FC . 5E POP ESI
0056A9FD . 5B POP EBX
0056A9FE . 8BE5 MOV ESP,EBP
0056AA00 . 5D POP EBP
0056AA01 . C3 RETN
【算法总结】
------------------------------------------------------------------------
一、五组整数值注册码,每组四位
二、第一,二,三组注册码任意,分别设sn1,sn2,sn3
三、第四组注册码sn4算法为:sn1*sn2-$62B,取结果后四位
四、第五组注册码sn5算法为:(sn3+$201)*sn2-$DF5,取结果后四位
五、注册码保存在“HKEY_LOCAL_MACHINE\SOFTWARE\WinASO\Registry Optimizer”中,删除可继续调试
------------------------------------------------------------------------
【Delphi算法注册机源码】
procedure TForm1.Button1Click(Sender: TObject);
var
sn1,sn2,sn3,sn4,sn5:integer;
begin
sn1:=strtoint(inttostr(randomrange(1,9))+inttostr(randomrange(1,9))+inttostr(randomrange(1,9))+inttostr(randomrange(1,9)));
sn2:=strtoint(inttostr(randomrange(1,9))+inttostr(randomrange(1,9))+inttostr(randomrange(1,9))+inttostr(randomrange(1,9)));
sn3:=strtoint(inttostr(randomrange(1,9))+inttostr(randomrange(1,9))+inttostr(randomrange(1,9))+inttostr(randomrange(1,9)));
sn4:=strtoint(rightstr(inttostr((sn1*sn2)-$62B),4));
sn5:=strtoint(rightstr(inttostr((sn3+$201)*sn2-$DF5),4));
edit1.Text:=inttostr(sn1);
edit2.Text:=inttostr(sn2);
edit3.Text:=inttostr(sn3);
edit4.Text:=inttostr(sn4);
edit5.Text:=inttostr(sn5);
end;
end.
这样的算法真累人
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课