我的注释和代码写得太烂了,有点不好意思贴出来呢。。
0040886E > \68 FF000000 push 0FF ; /Count = FF (255.); Case 3EA of switch 00408854
00408873 . 68 AC924000 push 004092AC ; |Buffer = Adler32C.004092AC
00408878 . 68 F2030000 push 3F2 ; |ControlID = 3F2 (1010.)
0040887D . 8B45 08 mov eax, dword ptr [ebp+8] ; |
00408880 . 50 push eax ; |hWnd
00408881 . E8 B6BEFFFF call <jmp.&user32.GetDlgItemTextA> ; \GetDlgItemTextA
00408886 . 8D45 B4 lea eax, dword ptr [ebp-4C]
00408889 . BA AC924000 mov edx, 004092AC ; ASCII "PKGOD2"
0040888E . B9 FF000000 mov ecx, 0FF
00408893 . E8 C0AFFFFF call 00403858
00408898 . 837D B4 00 cmp dword ptr [ebp-4C], 0
0040889C . 75 1C jnz short 004088BA
0040889E . 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
004088A0 . 68 DC8A4000 push 00408ADC ; |注册提示
004088A5 . 68 E88A4000 push 00408AE8 ; |用户名不能为空请输入!
004088AA . 8B45 08 mov eax, dword ptr [ebp+8] ; |
004088AD . 50 push eax ; |hOwner
004088AE . E8 C1BEFFFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004088B3 . 33DB xor ebx, ebx
004088B5 . E9 A2010000 jmp 00408A5C
004088BA > 68 FF000000 push 0FF ; /Count = FF (255.)
004088BF . 68 AC934000 push 004093AC ; |Buffer = Adler32C.004093AC
004088C4 . 68 F3030000 push 3F3 ; |ControlID = 3F3 (1011.)
004088C9 . 8B45 08 mov eax, dword ptr [ebp+8] ; |
004088CC . 50 push eax ; |hWnd
004088CD . E8 6ABEFFFF call <jmp.&user32.GetDlgItemTextA> ; \GetDlgItemTextA
004088D2 . 8D45 B0 lea eax, dword ptr [ebp-50]
004088D5 . BA AC934000 mov edx, 004093AC ; ASCII "1234567890"
004088DA . B9 FF000000 mov ecx, 0FF
004088DF . E8 74AFFFFF call 00403858
004088E4 . 837D B0 00 cmp dword ptr [ebp-50], 0
004088E8 . 75 1C jnz short 00408906
004088EA . 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
004088EC . 68 DC8A4000 push 00408ADC ; |注册提示
004088F1 . 68 008B4000 push 00408B00 ; |注册码不能为空请输入!
004088F6 . 8B45 08 mov eax, dword ptr [ebp+8] ; |
004088F9 . 50 push eax ; |hOwner
004088FA . E8 75BEFFFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004088FF . 33DB xor ebx, ebx
00408901 . E9 56010000 jmp 00408A5C
00408906 > 33C0 xor eax, eax
00408908 . 55 push ebp
00408909 . 68 88894000 push 00408988
0040890E . 64:FF30 push dword ptr fs:[eax]
00408911 . 64:8920 mov dword ptr fs:[eax], esp
00408914 . 8D45 A8 lea eax, dword ptr [ebp-58]
00408917 . BA AC924000 mov edx, 004092AC ; ASCII "PKGOD2"
0040891C . B9 FF000000 mov ecx, 0FF
00408921 . E8 32AFFFFF call 00403858
00408926 . 8B45 A8 mov eax, dword ptr [ebp-58]
00408929 . 8D55 AC lea edx, dword ptr [ebp-54]
0040892C . E8 EBFCFFFF call 0040861C ;计算注册码CALL
{
注册码CALL
00408014 /$ 53 push ebx
00408015 |. 56 push esi
00408016 |. 50 push eax
00408017 |. 31DB xor ebx, ebx
00408019 |. 66:8B58 02 mov bx, word ptr [eax+2]
0040801D |. 8120 FFFF0000 and dword ptr [eax], 0FFFF
00408023 |. 8B00 mov eax, dword ptr [eax]
00408025 |. 89D6 mov esi, edx
00408027 |. 09C9 or ecx, ecx
00408029 |. 74 25 je short 00408050
0040802B |> 0FB616 /movzx edx, byte ptr [esi] ;指向用户名地址的ASCII码传入edx
0040802E |. 01D0 |add eax, edx ;结果与eax相加(eax第一次为1)
00408030 |. 3D F1FF0000 |cmp eax, 0FFF1 ;判断结果是否超出65521
00408035 |. 7C 05 |jl short 0040803C
00408037 |. 2D F1FF0000 |sub eax, 0FFF1
0040803C |> 01C3 |add ebx, eax ;结果累加
0040803E |. 81FB F1FF0000 |cmp ebx, 0FFF1 ;判断结果是否超出65521
00408044 |. 7C 06 |jl short 0040804C
00408046 |. 81EB F1FF0000 |sub ebx, 0FFF1
0040804C |> 46 |inc esi ;指向下一个字符
0040804D |. 49 |dec ecx ;ecx--
0040804E |.^ 75 DB \jnz short 0040802B
00408050 |> C1E3 10 shl ebx, 10 ;累加结果逻辑左移0x10
00408053 |. 01C3 add ebx, eax ;ASCII码相加结果与位移后的结果相加,就得到了注册码
00408055 |. 58 pop eax
00408056 |. 8918 mov dword ptr [eax], ebx
00408058 |. 5E pop esi
00408059 |. 5B pop ebx
0040805A \. C3 retn
}
00408931 . 8B45 AC mov eax, dword ptr [ebp-54]
00408934 . 50 push eax
00408935 . 8D45 A4 lea eax, dword ptr [ebp-5C]
00408938 . BA AC934000 mov edx, 004093AC ; ASCII "1234567890"
0040893D . B9 FF000000 mov ecx, 0FF
00408942 . E8 11AFFFFF call 00403858
00408947 . 8B55 A4 mov edx, dword ptr [ebp-5C]
0040894A . 58 pop eax
0040894B . E8 80B0FFFF call 004039D0
00408950 . 75 17 jnz short 00408969
00408952 . 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
00408954 . 68 DC8A4000 push 00408ADC ; |注册提示
00408959 . 68 188B4000 push 00408B18 ; |恭喜您,注册码正确!
0040895E . 8B45 08 mov eax, dword ptr [ebp+8] ; |
00408961 . 50 push eax ; |hOwner
00408962 . E8 0DBEFFFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00408967 . EB 15 jmp short 0040897E
00408969 > 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
0040896B . 68 DC8A4000 push 00408ADC ; |注册提示
00408970 . 68 308B4000 push 00408B30 ; |注册码错误,继续加油!
00408975 . 8B45 08 mov eax, dword ptr [ebp+8] ; |
00408978 . 50 push eax ; |hOwner
00408979 . E8 F6BDFFFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
void CAdler32KeyGenDlg::OnOK()
{
// TODO: Add extra validation here
UpdateData();
char name[20];
CString vaule="";
int nLong=0;
DWORD result=0;
DWORD lresult=1;
DWORD hresult=0;
GetDlgItemText(IDC_EDIT1,name,20);
nLong=lstrlen(name);
if (nLong!=0)
{
for (int i=0;i<nLong;i++)
{
result=(DWORD)name[i];
if (lresult<65521)
{
lresult+=result;
}
if (hresult<65521)
{
hresult+=lresult;
}
}
hresult=(hresult<<0x10)+lresult;
vaule.Format("%08x",hresult);
vaule.MakeUpper();
SetDlgItemText(IDC_EDIT2,vaule);
}
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课