-
-
2SCR(屏保制作软件)
-
发表于: 2004-8-23 21:29 5508
-
0040B6A0 55 push ebp 0040B6A1 8BEC mov ebp, esp 0040B6A3 81C4A8FDFFFF add esp, $FFFFFDA8 0040B6A9 53 push ebx 0040B6AA 56 push esi 0040B6AB 57 push edi 0040B6AC 8945B0 mov [ebp-$50], eax 0040B6AF B840464B00 mov eax, $004B4640 | 0040B6B4 E88F3D0800 call 0048F448 0040B6B9 8B55B0 mov edx, [ebp-$50] 0040B6BC 81C2F0020000 add edx, $000002F0 0040B6C2 52 push edx * Reference to: GetSystemInfo() ;调用GetSystemInfo | ;可以得到一个SYSTEM_INFO结构 0040B6C3 E8EA3A0A00 call 004AF1B2 ;结构在[ebp-$50]+$2F0 处 看看SYSTEM_INFO是啥样:(具体请查阅资料) ******************************************** typedef struct _SYSTEM_INFO { // sinf union { DWORD dwOemId; struct { WORD wProcessorArchitecture; WORD wReserved; }; }; DWORD dwPageSize; LPVOID lpMinimumApplicationAddress; LPVOID lpMaximumApplicationAddress; DWORD dwActiveProcessorMask; DWORD dwNumberOfProcessors; DWORD dwProcessorType; DWORD dwAllocationGranularity; WORD wProcessorLevel; WORD wProcessorRevision; } SYSTEM_INFO; ******************************************** 0040B6C8 8B45B0 mov eax, [ebp-$50] ;EAX=[EBP-50] 0040B6CB 8B4DB0 mov ecx, [ebp-$50] ;ECX=[EBP-50] 0040B6CE 0FB7B010030000 movzx esi, word ptr [eax+$0310];即结构的第$310-$2F0=$20字节0040B6D5 8B45B0 mov eax, [ebp-$50] 0040B6D8 8B9908030000 mov ebx, [ecx+$0308] ;即结构的第$18字节,CPU类型 * Reference to field TForm3.OFFS_0304 | 0040B6DE 8BB804030000 mov edi, [eax+$0304] ;结构的第$14字节,CPU数目 0040B6E4 8B45B0 mov eax, [ebp-$50] 0040B6E7 8D0C1E lea ecx, [esi+ebx] 0040B6EA 0FB79012030000 movzx edx, word ptr [eax+$0312] ;结构的第$22字节 0040B6F1 03CF add ecx, edi 0040B6F3 8955AC mov [ebp-$54], edx 0040B6F6 034DAC add ecx, [ebp-$54] 0040B6F9 894DA8 mov [ebp-$58], ecx 0040B6FC 8B45AC mov eax, [ebp-$54] 0040B6FF 03C6 add eax, esi 0040B701 33C3 xor eax, ebx 0040B703 33C7 xor eax, edi 0040B705 8945A4 mov [ebp-$5C], eax 0040B708 33C0 xor eax, eax 0040B70A 8D941E34120000 lea edx, [esi+ebx+$1234] 0040B711 8D8C3745230000 lea ecx, [edi+esi+$2345] 0040B718 81F245230000 xor edx, $00002345 0040B71E 81F156340000 xor ecx, $00003456 0040B724 8BDA mov ebx, edx 0040B726 8B55AC mov edx, [ebp-$54] 0040B729 0355A8 add edx, [ebp-$58] 0040B72C 037DAC add edi, [ebp-$54] 0040B72F 81C267450000 add edx, $00004567 0040B735 8BF1 mov esi, ecx 0040B737 81F278560000 xor edx, $00005678 0040B73D 81C756340000 add edi, $00003456 0040B743 8955AC mov [ebp-$54], edx 0040B746 81F767450000 xor edi, $00004567 0040B74C 8B4DA8 mov ecx, [ebp-$58] 0040B74F 034DA4 add ecx, [ebp-$5C] 0040B752 81C178560000 add ecx, $00005678 0040B758 81F189670000 xor ecx, $00006789 0040B75E 894DA8 mov [ebp-$58], ecx 0040B761 8B55A4 mov edx, [ebp-$5C] 0040B764 03D3 add edx, ebx 0040B766 81C289670000 add edx, $00006789 0040B76C 81F291780000 xor edx, $00007891 0040B772 8955A4 mov [ebp-$5C], edx 0040B775 40 inc eax 0040B776 83F825 cmp eax, +$25 0040B779 7C8F jl 0040B70A ;上面循环复杂计算 0040B77B 66C745C41400 mov word ptr [ebp-$3C], $0014 .....................(略).............................. 0040B871 8B45B0 mov eax, [ebp-$50] * Reference to control Edit1 : TEdit | 0040B874 8B80E0020000 mov eax, [eax+$02E0] * Reference to: controls.TControl.GetText(TControl):TCaption; | 0040B87A E815580400 call 00451094 ;得到假码 0040B87F 03F3 add esi, ebx 0040B881 8D55F0 lea edx, [ebp-$10] 0040B884 52 push edx 0040B885 03FE add edi, esi 0040B887 037DAC add edi, [ebp-$54] 0040B88A 037DA8 add edi, [ebp-$58] 0040B88D 037DA4 add edi, [ebp-$5C] ;把上面几处的结果累加 0040B890 337DA0 xor edi, [ebp-$60] ;再与用户名的长度XOR 0040B893 897D9C mov [ebp-$64], edi 0040B896 8B459C mov eax, [ebp-$64] 0040B899 99 cdq 0040B89A 33C2 xor eax, edx 0040B89C 2BC2 sub eax, edx 0040B89E 8BD0 mov edx, eax 0040B8A0 8D45EC lea eax, [ebp-$14] | 0040B8A3 E8B8F70800 call 0049B060 0040B8A8 8BD0 mov edx, eax 0040B8AA FF45D0 inc dword ptr [ebp-$30] 0040B8AD 58 pop eax | 0040B8AE E835F90800 call 0049B1E8 ;进行比较,不相等ZF=0 0040B8B3 85C0 test eax, eax 0040B8B5 8D45EC lea eax, [ebp-$14] 0040B8B8 0F94C1 setz cl ;根据标志位设置CL 0040B8BB 83E101 and ecx, +$01 ;CL如果是0这里就成0了 0040B8BE BA02000000 mov edx, $00000002 0040B8C3 51 push ecx 0040B8C4 FF4DD0 dec dword ptr [ebp-$30] | 0040B8C7 E81CF80800 call 0049B0E8 0040B8CC FF4DD0 dec dword ptr [ebp-$30] 0040B8CF 8D45F0 lea eax, [ebp-$10] 0040B8D2 BA02000000 mov edx, $00000002 | 0040B8D7 E80CF80800 call 0049B0E8 0040B8DC 59 pop ecx 0040B8DD 84C9 test cl, cl 0040B8DF 0F8458010000 jz 0040BA3D ;CL=0跳走就OVER 简易注册机:(VC++) #include <windows.h> #include <stdio.h> #include <iostream.h> void main() { int eax,ebx,ecx,edx,esi,edi; int ebp_54,ebp_58,ebp_5c,result; char name[200]={0}; cout<<"Please input your name:"; cin>>name; SYSTEM_INFO *pSI=new SYSTEM_INFO; GetSystemInfo(pSI); esi=pSI->wProcessorLevel; ebx=pSI->dwProcessorType; edi=pSI->dwNumberOfProcessors; ecx=esi+ebx; edx=pSI->wProcessorRevision; ecx+=edi; ebp_54=edx; ecx+=ebp_54; ebp_58=ecx; eax=ebp_54; eax+=esi; eax^=ebx; eax^=edi; ebp_5c=eax; eax=0; label1: edx=esi+ebx+0x1234; ecx=edi+esi+0x2345; edx^=0x2345; ecx^=0x3456; ebx=edx; edx=ebp_54; edx+=ebp_58; edi+=ebp_54; edx+=0x4567; esi=ecx; edx^=0x5678; edi+=0x3456; ebp_54=edx; edi^=0x4567; ecx=ebp_58; ecx+=ebp_5c; ecx+=0x5678; ecx^=0x6789; ebp_58=ecx; edx=ebp_5c; edx+=ebx; edx+=0x6789; edx^=0x7891; ebp_5c=edx; eax++; if (eax<0x25) goto label1; result=(edi+esi+ebx+ebp_54+ebp_58+ebp_5c)^strlen(name); cout<<"Your serial number is "<<result<<endl; cout<<"KeyGen by RoBa ThanQ!"<<endl; }
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏记录
参与人
雪币
留言
时间
Youlor
为你点赞~
2023-5-17 01:56
心游尘世外
为你点赞~
2023-3-30 02:49
飘零丶
为你点赞~
2023-3-30 01:57
一笑人间万事
为你点赞~
2023-3-24 05:01
QinBeast
为你点赞~
2023-3-19 02:55
shinratensei
为你点赞~
2023-3-19 02:52
伟叔叔
为你点赞~
2023-3-19 01:43
赞赏
他的文章
- [征文]一个伪Cracker的故事 13759
- 逻辑推理中猜数问题的研究 8235
- 看来大家都喜欢智力题啊,我出个稍微难一点的吧 7811
看原图
赞赏
雪币:
留言: