以下权供学习交流之用,隐去软件名是为了保护其版权
004B5605 > \55 push ebp
004B5606 > 68 A7564B00 push 004B56A7
004B560B . 64:FF30 push dword ptr fs:[eax]
004B560E . 64:8920 mov dword ptr fs:[eax], esp
004B5611 . 8D45 F8 lea eax, dword ptr [ebp-8]
004B5614 . 50 push eax
004B5615 . 8D55 F4 lea edx, dword ptr [ebp-C] ; edx=用户数
004B5618 . 8B83 FC040000 mov eax, dword ptr [ebx+4FC]
004B561E . E8 5134F5FF call 00408A74 ; 取机器码
004B5623 . 8B45 F4 mov eax, dword ptr [ebp-C]
004B5626 . B9 04000000 mov ecx, 4
004B562B . BA 01000000 mov edx, 1 ; 取前四
004B5630 . E8 8BF1F4FF call 004047C0 ; substr(机器码,edx,ecx)
004B5635 . 8B45 F8 mov eax, dword ptr [ebp-8]
004B5638 . E8 7335F5FF call 00408BB0
004B563D . 8BF8 mov edi, eax ;把取得的机器码的前四位放到EDI中
004B563F . 8D45 F0 lea eax, dword ptr [ebp-10]
004B5642 . 50 push eax
004B5643 . 8D55 EC lea edx, dword ptr [ebp-14]
004B5646 . 8B83 FC040000 mov eax, dword ptr [ebx+4FC]
004B564C > E8 2334F5FF call 00408A74
004B5651 > 8B45 EC mov eax, dword ptr [ebp-14]
004B5654 . B9 03000000 mov ecx, 3
004B5659 . BA 02000000 mov edx, 2 ; 第二个开始的三个字符
004B565E . E8 5DF1F4FF call 004047C0 ; substr(机器码,edx,ecx)
004B5663 . 8B45 F0 mov eax, dword ptr [ebp-10]
004B5666 . E8 4535F5FF call 00408BB0 ; StrToint(eax)
004B566B . 03F8 add edi, eax ; eax=StrToint(机器码从第二位开始的三位)
004B566D . 81C7 39030000 add edi, 339 ; edi=edi+339H
004B5673 . 0FAFFE imul edi, esi ; edi=edi*esi(其中esi为注册用户数)
004B5676 . 81C7 D6020000 add edi, 2D6 ; edi=edi+2d6H
004B567C . 8BDF mov ebx, edi
004B567E . 8BC3 mov eax, ebx
004B5680 . 33D2 xor edx, edx
004B5682 . 52 push edx ; /Arg2 => 00000000
004B5683 . 50 push eax ; |Arg1
004B5684 . 8B45 FC mov eax, dword ptr [ebp-4] ; |
004B5687 . E8 D434F5FF call 00408B60 ; \server.00408B60
004B568C . 33C0 xor eax, eax
004B568E . 5A pop edx
004B568F . 59 pop ecx
004B5690 . 59 pop ecx
004B5691 . 64:8910 mov dword ptr fs:[eax], edx
004B5694 . 68 AE564B00 push 004B56AE
004B5699 > 8D45 EC lea eax, dword ptr [ebp-14]
004B569C . BA 04000000 mov edx, 4
004B56A1 . E8 1EECF4FF call 004042C4
004B56A6 . C3 retn
总结:
取机器码的前四位和从第二位开始的前三位,如果分别计成a1,和a2的话
注册码=inttostr(((strtoint(a1)+strtoint(a2))+$339)*用户名+$2d6)
挺简单的
下附D7的注册机
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, Buttons;
type
TForm1 = class(TForm)
EdtSN: TEdit;
EdtCount: TEdit;
EdtRegCode: TEdit;
BtnMade: TBitBtn;
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
procedure BtnMadeClick(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.BtnMadeClick(Sender: TObject);
var
Int_count:integer;
Int_SN:longint;
s1:string;
if (edtsn.text<>'') and (edtcount.Text <>'') then
begin
int_count := StrToInt(trim(EdtCount.Text));
Int_SN:=StrToInt(copy(trim(edtSN.text),2,3))+StrToInt(copy(trim(edtSN.text),1,4));
EdtRegCode.Text :=IntTostr((Int_SN +$339)*Int_count+$2d6);
end;
end.
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法