006F9338 /$ 55 push ebp
006F9339 |. 8BEC mov ebp, esp
006F933B |. 51 push ecx
006F933C |. B9 04000000 mov ecx, 4
006F9341 |> 6A 00 /push 0
006F9343 |. 6A 00 |push 0
006F9345 |. 49 |dec ecx
006F9346 |.^ 75 F9 \jnz short 006F9341
006F9348 |. 51 push ecx
006F9349 |. 874D FC xchg dword ptr [ebp-4], ecx
006F934C |. 53 push ebx
006F934D |. 56 push esi
006F934E |. 57 push edi
006F934F 8BF9 mov edi, ecx
006F9351 8955 FC mov dword ptr [ebp-4], edx
006F9354 8B45 FC mov eax, dword ptr [ebp-4]
006F9357 E8 18C0D0FF call 00405374
006F935C 33C0 xor eax, eax
006F935E 55 push ebp
006F935F 68 F9946F00 push 006F94F9
006F9364 64:FF30 push dword ptr fs:[eax]
006F9367 64:8920 mov dword ptr fs:[eax], esp
006F936A 8BC7 mov eax, edi
006F936C |. E8 43BBD0FF call 00404EB4
006F9371 |. 8B45 FC mov eax, dword ptr [ebp-4]
006F9374 |. E8 0BBED0FF call 00405184
006F9379 |. 8BF0 mov esi, eax
006F937B |. 85F6 test esi, esi
006F937D |. 7E 26 jle short 006F93A5
006F937F |. BB 01000000 mov ebx, 1
006F9384 |> 8D4D EC /lea ecx, dword ptr [ebp-14]
006F9387 |. 8B45 FC |mov eax, dword ptr [ebp-4] ; 读机器码
006F938A |. 0FB64418 FF |movzx eax, byte ptr [eax+ebx-1]
006F938F |. 33D2 |xor edx, edx
006F9391 |. E8 3E19D1FF |call 0040ACD4
006F9396 |. 8B55 EC |mov edx, dword ptr [ebp-14] ; 依次取机器码[6PT27HL8]ASCII值,将其值转换为16进制
006F9399 |. 8D45 F8 |lea eax, dword ptr [ebp-8]
006F939C |. E8 EBBDD0FF |call 0040518C
006F93A1 |. 43 |inc ebx
006F93A2 |. 4E |dec esi
006F93A3 |.^ 75 DF \jnz short 006F9384 ; 取值完成后继续向下走,否则跳回继续
取值
006F93A5 |> 8B45 F8 mov eax, dword ptr [ebp-8]
006F93A8 |. E8 D7BDD0FF call 00405184
006F93AD |. 8BF0 mov esi, eax
006F93AF |. 85F6 test esi, esi
006F93B1 |. 7E 2C jle short 006F93DF
006F93B3 |. BB 01000000 mov ebx, 1
006F93B8 |> 8B45 F8 /mov eax, dword ptr [ebp-8] ; 将16进制值逆转
006F93BB |. E8 C4BDD0FF |call 00405184
006F93C0 |. 2BC3 |sub eax, ebx
006F93C2 |. 8B55 F8 |mov edx, dword ptr [ebp-8]
006F93C5 |. 8A1402 |mov dl, byte ptr [edx+eax]
006F93C8 |. 8D45 E8 |lea eax, dword ptr [ebp-18]
006F93CB |. E8 CCBCD0FF |call 0040509C
006F93D0 |. 8B55 E8 |mov edx, dword ptr [ebp-18]
006F93D3 |. 8D45 F4 |lea eax, dword ptr [ebp-C]
006F93D6 |. E8 B1BDD0FF |call 0040518C
006F93DB |. 43 |inc ebx
006F93DC |. 4E |dec esi
006F93DD |.^ 75 D9 \jnz short 006F93B8
006F93DF |> 8D45 F8 lea eax, dword ptr [ebp-8]
006F93E2 |. 50 push eax
006F93E3 |. B9 04000000 mov ecx, 4
006F93E8 |. BA 01000000 mov edx, 1
006F93ED |. 8B45 F4 mov eax, dword ptr [ebp-C] ; 16进制值逆转完成
006F93F0 |. E8 EFBFD0FF call 004053E4
006F93F5 |. 8D45 F4 lea eax, dword ptr [ebp-C]
006F93F8 |. 50 push eax
006F93F9 |. B9 04000000 mov ecx, 4
006F93FE |. BA 05000000 mov edx, 5
006F9403 |. 8B45 F4 mov eax, dword ptr [ebp-C]
006F9406 |. E8 D9BFD0FF call 004053E4
006F940B |. 8B45 F8 mov eax, dword ptr [ebp-8]
006F940E |. E8 71BDD0FF call 00405184
006F9413 |. 83F8 04 cmp eax, 4
006F9416 |. 7D 2F jge short 006F9447
006F9418 |. 8B45 F8 mov eax, dword ptr [ebp-8]
006F941B |. E8 64BDD0FF call 00405184
006F9420 |. 8BD8 mov ebx, eax
006F9422 |. 83FB 03 cmp ebx, 3
006F9425 |. 7F 20 jg short 006F9447
006F9427 |> 8D4D E4 /lea ecx, dword ptr [ebp-1C]
006F942A |. 8BC3 |mov eax, ebx
006F942C |. C1E0 02 |shl eax, 2
006F942F |. 33D2 |xor edx, edx
006F9431 |. E8 9E18D1FF |call 0040ACD4
006F9436 |. 8B55 E4 |mov edx, dword ptr [ebp-1C]
006F9439 |. 8D45 F8 |lea eax, dword ptr [ebp-8]
006F943C |. E8 4BBDD0FF |call 0040518C
006F9441 |. 43 |inc ebx
006F9442 |. 83FB 04 |cmp ebx, 4
006F9445 |.^ 75 E0 \jnz short 006F9427
006F9447 |> 8B45 F4 mov eax, dword ptr [ebp-C] ; 取值第5-8位
006F944A |. E8 35BDD0FF call 00405184
006F944F |. 83F8 04 cmp eax, 4
006F9452 |. 7D 2F jge short 006F9483
006F9454 |. 8B45 F4 mov eax, dword ptr [ebp-C]
006F9457 |. E8 28BDD0FF call 00405184
006F945C |. 8BD8 mov ebx, eax
006F945E |. 83FB 03 cmp ebx, 3
006F9461 |. 7F 20 jg short 006F9483
006F9463 |> 8D4D E0 /lea ecx, dword ptr [ebp-20]
006F9466 |. 8BC3 |mov eax, ebx
006F9468 |. C1E0 02 |shl eax, 2
006F946B |. 33D2 |xor edx, edx
006F946D |. E8 6218D1FF |call 0040ACD4
006F9472 |. 8B55 E0 |mov edx, dword ptr [ebp-20]
006F9475 |. 8D45 F4 |lea eax, dword ptr [ebp-C]
006F9478 |. E8 0FBDD0FF |call 0040518C
006F947D |. 43 |inc ebx
006F947E |. 83FB 04 |cmp ebx, 4
006F9481 |.^ 75 E0 \jnz short 006F9463
006F9483 |> 8D45 F0 lea eax, dword ptr [ebp-10]
006F9486 |. BA 10956F00 mov edx, 006F9510 ; ASCII "JXCw268d58k"
006F948B |. E8 BCBAD0FF call 00404F4C
006F9490 |. 8D45 DC lea eax, dword ptr [ebp-24]
006F9493 |. 50 push eax
006F9494 |. B9 04000000 mov ecx, 4
006F9499 |. BA 01000000 mov edx, 1
006F949E |. 8B45 F0 mov eax, dword ptr [ebp-10]
006F94A1 |. E8 3EBFD0FF call 004053E4
006F94A6 |. FF75 DC push dword ptr [ebp-24] ; 取JXCw做为注册码第1-4位
006F94A9 |. 68 24956F00 push 006F9524 ; -做分割线
006F94AE |. FF75 F8 push dword ptr [ebp-8] ; 取83C4为注册码第5-8位
006F94B1 |. 8D45 D8 lea eax, dword ptr [ebp-28]
006F94B4 |. 50 push eax
006F94B5 |. B9 05000000 mov ecx, 5
006F94BA |. BA 05000000 mov edx, 5
006F94BF |. 8B45 F0 mov eax, dword ptr [ebp-10]
006F94C2 |. E8 1DBFD0FF call 004053E4
006F94C7 |. FF75 D8 push dword ptr [ebp-28] ; 取268d5做为注册码第9-13位
006F94CA |. 68 24956F00 push 006F9524 ; -做分割线
006F94CF |. FF75 F4 push dword ptr [ebp-C] ; 取8473位注册码14-17位
006F94D2 |. 8BC7 mov eax, edi
006F94D4 |. BA 06000000 mov edx, 6
006F94D9 |. E8 66BDD0FF call 00405244
006F94DE |. 33C0 xor eax, eax
006F94E0 |. 5A pop edx
006F94E1 |. 59 pop ecx
006F94E2 |. 59 pop ecx
006F94E3 |. 64:8910 mov dword ptr fs:[eax], edx
006F94E6 |. 68 00956F00 push 006F9500
006F94EB |> 8D45 D8 lea eax, dword ptr [ebp-28]
006F94EE |. BA 0A000000 mov edx, 0A
006F94F3 |. E8 E0B9D0FF call 00404ED8
006F94F8 \. C3 retn
算法公式:(1)依次取机器码的ASCII值,再转换为16进制如6PT27HL8的ASCII值为3650543237484C38
(2)再将16进制值逆转,如83C4847323450563
(3)取JXCw做为注册码第1-4位(固定的),后面用-填充
(4)取逆转后的ASCII值中的第1-4位为注册码第5-8位
(5)取268d5做为注册码第9-13位(固定的)后面用-填充
(6)取逆转后的ASCII值中的第5-8位为注册码的14-17位
(7)生成的注册码样式如JXCw-83C4268d5-8473
请各位多多指教,希望高手写个注册机来配合我:)
[课程]FART 脱壳王!加量不加价!FART作者讲授!
