【破文标题】Easy Mail 3.1.58.2 简单分析
【破文作者】tianxj
【作者邮箱】[email]tianxj_2007@126.com[/email]
【作者主页】
WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD
【破解平台】雨林木风 Windows XP sp3
【软件名称】Easy Mail 3.1.58.2
【软件大小】1292KB
【软件类别】国外软件/打印工具
【软件授权】共享版
【软件语言】英文
【运行环境】Win9x/Me/NT/2000/XP/2003
【更新时间】2009-1-12
【原版下载】华军软件园
【保护方式】注册码
【软件简介】常好用的信封制作打印、标签制作等的工具。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、运行程序,进行注册,输入错误的注册信息进行检测,有提示信息
**************************************************************
二、用PEiD对easymail.exe查壳,为 PECompact 2.x -> Jeremy Collake [Overlay]
==============================================================
00401000 > B8 48715500 MOV EAX,easymail.00557148 ; //程序停在这里
00401005 50 PUSH EAX
00401006 64:FF35 0000000>PUSH DWORD PTR FS:[0]
0040100D 64:8925 0000000>MOV DWORD PTR FS:[0],ESP ; //单步到这里,命令行hr esp
==============================================================
00557177 83C4 04 ADD ESP,4 ; //在这里断下,取消硬件断点,向下找
0055717A 55 PUSH EBP
0055717B 53 PUSH EBX
0055717C 51 PUSH ECX
0055717D 57 PUSH EDI
0055717E 56 PUSH ESI
0055717F 52 PUSH EDX
==============================================================
00557204 5A POP EDX
00557205 5E POP ESI
00557206 5F POP EDI
00557207 59 POP ECX
00557208 5B POP EBX
00557209 5D POP EBP
0055720A FFE0 JMP EAX ; //在这里F4,然后F8
==============================================================
004AC2F8 55 PUSH EBP ; //OEP
==============================================================
用LordPE转存,用ImportREC修复,没有无效指针,可以运行
再查壳为Borland Delphi 3.0
**************************************************************
三、运行OD,打开dumped_.exe,右键—超级字串参考—查找ASCII.
==============================================================
0049C328 /. 55 PUSH EBP
0049C329 |. 8BEC MOV EBP,ESP
0049C32B |. 81C4 F0FEFFFF ADD ESP,-110
0049C331 |. 53 PUSH EBX
0049C332 |. 56 PUSH ESI
0049C333 |. 33C9 XOR ECX,ECX
0049C335 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
0049C338 |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
0049C33B |. 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
0049C33E |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0049C341 |. 8BF0 MOV ESI,EAX
0049C343 |. 33C0 XOR EAX,EAX
0049C345 |. 55 PUSH EBP
0049C346 |. 68 2AC54900 PUSH dumped_.0049C52A
0049C34B |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0049C34E |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0049C351 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0049C354 |. 8B86 FC010000 MOV EAX,DWORD PTR DS:[ESI+1FC]
0049C35A |. E8 4D2AF9FF CALL dumped_.0042EDAC
0049C35F |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0049C362 |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
0049C365 |. E8 46B1F6FF CALL dumped_.004074B0
0049C36A |. 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
0049C36E |. 75 0F JNZ SHORT dumped_.0049C37F ; //用户名不为空则跳
0049C370 |. B8 40C54900 MOV EAX,dumped_.0049C540 ; enter your registered name
0049C375 |. E8 CAFDF8FF CALL dumped_.0042C144
0049C37A |. E9 80010000 JMP dumped_.0049C4FF
0049C37F |> 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0049C382 |. 8B86 FC010000 MOV EAX,DWORD PTR DS:[ESI+1FC]
0049C388 |. E8 1F2AF9FF CALL dumped_.0042EDAC
0049C38D |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0049C390 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
0049C393 |. E8 18B1F6FF CALL dumped_.004074B0
0049C398 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; //用户名
0049C39B |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
0049C39E |. E8 01AFF6FF CALL dumped_.004072A4 ; //用户名转大写
0049C3A3 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0049C3A6 |. BA 64C54900 MOV EDX,dumped_.0049C564 ; renew trial period
0049C3AB |. E8 087AF6FF CALL dumped_.00403DB8
0049C3B0 |. 75 19 JNZ SHORT dumped_.0049C3CB ; //与重新试用比较,不等则跳
0049C3B2 |. E8 05B9FFFF CALL dumped_.00497CBC
0049C3B7 |. 84C0 TEST AL,AL
0049C3B9 |. 0F84 40010000 JE dumped_.0049C4FF
0049C3BF |. A1 E4E04A00 MOV EAX,DWORD PTR DS:[4AE0E4]
0049C3C4 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0049C3C6 |. E8 CD2DFAFF CALL dumped_.0043F198
0049C3CB |> 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0049C3CE |. 8B86 FC010000 MOV EAX,DWORD PTR DS:[ESI+1FC]
0049C3D4 |. E8 D329F9FF CALL dumped_.0042EDAC
0049C3D9 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; //用户名
0049C3DC |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
0049C3DF |. E8 C0AEF6FF CALL dumped_.004072A4 ; //用户名转大写
0049C3E4 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; //大写用户名
0049C3E7 |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
0049C3EA |. E8 91FDFFFF CALL dumped_.0049C180 ; //算法CALL1
0049C3EF |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
0049C3F2 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //运算结果1
0049C3F5 |. E8 1AFEFFFF CALL dumped_.0049C214 ; //算法CALL2
0049C3FA |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; //相连字符串C,即真码
0049C3FD |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0049C400 |. E8 BF76F6FF CALL dumped_.00403AC4
0049C405 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0049C408 |. 8B86 00020000 MOV EAX,DWORD PTR DS:[ESI+200]
0049C40E |. E8 9929F9FF CALL dumped_.0042EDAC
0049C413 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C] ; //假码
0049C416 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //真码
0049C419 |. E8 9A79F6FF CALL dumped_.00403DB8 ; //比较CALL
0049C41E |. 0F94C3 SETE BL
0049C421 |. A1 FCDD4A00 MOV EAX,DWORD PTR DS:[4ADDFC]
0049C426 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0049C428 |. 8898 25020000 MOV BYTE PTR DS:[EAX+225],BL
0049C42E |. A1 FCDD4A00 MOV EAX,DWORD PTR DS:[4ADDFC]
0049C433 |. 84DB TEST BL,BL
0049C435 |. 75 1F JNZ SHORT dumped_.0049C456
0049C437 |. 80BE 04020000>CMP BYTE PTR DS:[ESI+204],0
0049C43E |. 75 0C JNZ SHORT dumped_.0049C44C
0049C440 |. B8 80C54900 MOV EAX,dumped_.0049C580 ; sorry, incorrect unlock code for easy mail\r\n\r\nor the registered name has been entered incorrectly.
0049C445 |. E8 FAFCF8FF CALL dumped_.0042C144
0049C44A |. EB 0A JMP SHORT dumped_.0049C456
0049C44C |> B8 ECC54900 MOV EAX,dumped_.0049C5EC ; Sorry, incorrect Amazon Password for Easy Mail\r\n\r\nor the Amazon Key has been entered incorrectly.
0049C451 |. E8 EEFCF8FF CALL dumped_.0042C144
0049C456 |> A1 FCDD4A00 MOV EAX,DWORD PTR DS:[4ADDFC]
0049C45B |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0049C45D |. 80B8 25020000>CMP BYTE PTR DS:[EAX+225],0
0049C464 |. 0F84 95000000 JE dumped_.0049C4FF
0049C46A |. 68 58C64900 PUSH dumped_.0049C658 ; Thank you for registering Easy Mail.\nThis copy of Easy Mail is registered to \n
0049C46F |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0049C472 |. 8B86 FC010000 MOV EAX,DWORD PTR DS:[ESI+1FC]
0049C478 |. E8 2F29F9FF CALL dumped_.0042EDAC
0049C47D |. FF75 F4 PUSH DWORD PTR SS:[EBP-C]
0049C480 |. 68 B0C64900 PUSH dumped_.0049C6B0 ; .
0049C485 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0049C488 |. BA 03000000 MOV EDX,3
0049C48D |. E8 D678F6FF CALL dumped_.00403D68
0049C492 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0049C495 |. E8 AAFCF8FF CALL dumped_.0042C144
0049C49A |. E8 39C7F6FF CALL dumped_.00408BD8
0049C49F |. 83C4 F8 ADD ESP,-8
0049C4A2 |. DD1C24 FSTP QWORD PTR SS:[ESP]
0049C4A5 |. 9B WAIT
0049C4A6 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0049C4A9 |. 8B86 FC010000 MOV EAX,DWORD PTR DS:[ESI+1FC]
0049C4AF |. E8 F828F9FF CALL dumped_.0042EDAC
0049C4B4 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
0049C4B7 |. B0 01 MOV AL,1
0049C4B9 |. E8 2AADFFFF CALL dumped_.004971E8
0049C4BE |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0049C4C1 |. 8B86 FC010000 MOV EAX,DWORD PTR DS:[ESI+1FC]
0049C4C7 |. E8 E028F9FF CALL dumped_.0042EDAC
0049C4CC |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
0049C4CF |. 8D85 F0FEFFFF LEA EAX,DWORD PTR SS:[EBP-110]
0049C4D5 |. B9 FF000000 MOV ECX,0FF
0049C4DA |. E8 A577F6FF CALL dumped_.00403C84
0049C4DF |. 8D95 F0FEFFFF LEA EDX,DWORD PTR SS:[EBP-110]
0049C4E5 |. A1 FCDD4A00 MOV EAX,DWORD PTR DS:[4ADDFC]
0049C4EA |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0049C4EC |. 05 26020000 ADD EAX,226
0049C4F1 |. B1 28 MOV CL,28
0049C4F3 |. E8 6066F6FF CALL dumped_.00402B58
0049C4F8 |. 8BC6 MOV EAX,ESI
0049C4FA |. E8 990AFAFF CALL dumped_.0043CF98
0049C4FF |> 33C0 XOR EAX,EAX
0049C501 |. 5A POP EDX
0049C502 |. 59 POP ECX
0049C503 |. 59 POP ECX
0049C504 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0049C507 |. 68 31C54900 PUSH dumped_.0049C531
0049C50C |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0049C50F |. E8 1875F6FF CALL dumped_.00403A2C
0049C514 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
0049C517 |. E8 1075F6FF CALL dumped_.00403A2C
0049C51C |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0049C51F |. BA 02000000 MOV EDX,2
0049C524 |. E8 2775F6FF CALL dumped_.00403A50
0049C529 \. C3 RETN
0049C52A .^ E9 A16FF6FF JMP dumped_.004034D0
0049C52F .^ EB DB JMP SHORT dumped_.0049C50C
0049C531 . 5E POP ESI
0049C532 . 5B POP EBX
0049C533 . 8BE5 MOV ESP,EBP
0049C535 . 5D POP EBP
0049C536 . C3 RETN
==============================================================
0049C180 /$ 55 PUSH EBP
0049C181 |. 8BEC MOV EBP,ESP
0049C183 |. 81C4 FCFDFFFF ADD ESP,-204
0049C189 |. 53 PUSH EBX
0049C18A |. 56 PUSH ESI
0049C18B |. 33C9 XOR ECX,ECX
0049C18D |. 898D FCFDFFFF MOV DWORD PTR SS:[EBP-204],ECX
0049C193 |. 8BF2 MOV ESI,EDX
0049C195 |. 8BD8 MOV EBX,EAX
0049C197 |. 33C0 XOR EAX,EAX
0049C199 |. 55 PUSH EBP
0049C19A |. 68 04C24900 PUSH dumped_.0049C204
0049C19F |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0049C1A2 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0049C1A5 |. 8D95 FCFDFFFF LEA EDX,DWORD PTR SS:[EBP-204]
0049C1AB |. 8BC3 MOV EAX,EBX
0049C1AD |. E8 F2B0F6FF CALL dumped_.004072A4
0049C1B2 |. 8B95 FCFDFFFF MOV EDX,DWORD PTR SS:[EBP-204] ; //大写用户名
0049C1B8 |. 8D85 00FEFFFF LEA EAX,DWORD PTR SS:[EBP-200]
0049C1BE |. B9 FF000000 MOV ECX,0FF
0049C1C3 |. E8 BC7AF6FF CALL dumped_.00403C84
0049C1C8 |. 8D85 00FEFFFF LEA EAX,DWORD PTR SS:[EBP-200] ; //用户名长度与大写用户名
0049C1CE |. 8D8D 00FFFFFF LEA ECX,DWORD PTR SS:[EBP-100]
0049C1D4 |. BA 88120000 MOV EDX,1288
0049C1D9 |. E8 16AEFFFF CALL dumped_.00496FF4 ; //运算CALL
0049C1DE |. 8D95 00FFFFFF LEA EDX,DWORD PTR SS:[EBP-100] ; //运算结果1
0049C1E4 |. 8BC6 MOV EAX,ESI
0049C1E6 |. E8 617AF6FF CALL dumped_.00403C4C
0049C1EB |. 33C0 XOR EAX,EAX
0049C1ED |. 5A POP EDX
0049C1EE |. 59 POP ECX
0049C1EF |. 59 POP ECX
0049C1F0 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0049C1F3 |. 68 0BC24900 PUSH dumped_.0049C20B
0049C1F8 |> 8D85 FCFDFFFF LEA EAX,DWORD PTR SS:[EBP-204]
0049C1FE |. E8 2978F6FF CALL dumped_.00403A2C
0049C203 \. C3 RETN
0049C204 .^ E9 C772F6FF JMP dumped_.004034D0
0049C209 .^ EB ED JMP SHORT dumped_.0049C1F8
0049C20B . 5E POP ESI
0049C20C . 5B POP EBX
0049C20D . 8BE5 MOV ESP,EBP
0049C20F . 5D POP EBP
0049C210 . C3 RETN
==============================================================
00496FF4 /$ 53 PUSH EBX
00496FF5 |. 56 PUSH ESI
00496FF6 |. 51 PUSH ECX
00496FF7 |. 8BF0 MOV ESI,EAX
00496FF9 |. 8A06 MOV AL,BYTE PTR DS:[ESI]
00496FFB |. 8801 MOV BYTE PTR DS:[ECX],AL
00496FFD |. 8A06 MOV AL,BYTE PTR DS:[ESI]
00496FFF |. 84C0 TEST AL,AL
00497001 |. 76 1D JBE SHORT dumped_.00497020
00497003 |. 880424 MOV BYTE PTR SS:[ESP],AL
00497006 |. 8D46 01 LEA EAX,DWORD PTR DS:[ESI+1]
00497009 |. 8BF0 MOV ESI,EAX
0049700B |. 8D41 01 LEA EAX,DWORD PTR DS:[ECX+1]
0049700E |> 8A0E /MOV CL,BYTE PTR DS:[ESI] ; //逐位取用户名ASCII码
00497010 |. 8BDA |MOV EBX,EDX ; //EBX=EDX=1288
00497012 |. C1EB 08 |SHR EBX,8 ; //EBX右移8位
00497015 |. 32CB |XOR CL,BL ; //CL=CL xor BL
00497017 |. 8808 |MOV BYTE PTR DS:[EAX],CL ; //保存运算值
00497019 |. 40 |INC EAX
0049701A |. 46 |INC ESI
0049701B |. FE0C24 |DEC BYTE PTR SS:[ESP]
0049701E |.^ 75 EE \JNZ SHORT dumped_.0049700E ; //循环
00497020 |> 5A POP EDX
00497021 |. 5E POP ESI
00497022 |. 5B POP EBX
00497023 \. C3 RETN
==============================================================
0049C214 /$ 55 PUSH EBP
0049C215 |. 8BEC MOV EBP,ESP
0049C217 |. 83C4 E8 ADD ESP,-18
0049C21A |. 53 PUSH EBX
0049C21B |. 56 PUSH ESI
0049C21C |. 57 PUSH EDI
0049C21D |. 33C9 XOR ECX,ECX
0049C21F |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX
0049C222 |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
0049C225 |. 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
0049C228 |. 8955 F8 MOV DWORD PTR SS:[EBP-8],EDX
0049C22B |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0049C22E |. 33C0 XOR EAX,EAX
0049C230 |. 55 PUSH EBP
0049C231 |. 68 0BC34900 PUSH dumped_.0049C30B
0049C236 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0049C239 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0049C23C |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0049C23F |. E8 E877F6FF CALL dumped_.00403A2C
0049C244 |. 33FF XOR EDI,EDI
0049C246 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //运算结果1
0049C249 |. E8 5A7AF6FF CALL dumped_.00403CA8
0049C24E |. 8BD8 MOV EBX,EAX
0049C250 |. 84DB TEST BL,BL
0049C252 |. 76 2F JBE SHORT dumped_.0049C283
0049C254 |. C645 F7 01 MOV BYTE PTR SS:[EBP-9],1
0049C258 |> 33C0 /XOR EAX,EAX
0049C25A |. 8A45 F7 |MOV AL,BYTE PTR SS:[EBP-9]
0049C25D |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4] ; //运算结果1
0049C260 |. 0FB67402 FF |MOVZX ESI,BYTE PTR DS:[EDX+EAX-1] ; //依次取运算结果1的ASCII码
0049C265 |. 8D55 EC |LEA EDX,DWORD PTR SS:[EBP-14]
0049C268 |. 8BC6 |MOV EAX,ESI
0049C26A |. E8 C1B3F6FF |CALL dumped_.00407630 ; //EAX转10进制
0049C26F |. 8B55 EC |MOV EDX,DWORD PTR SS:[EBP-14] ; //10进制字符
0049C272 |. 8D45 F0 |LEA EAX,DWORD PTR SS:[EBP-10]
0049C275 |. E8 367AF6FF |CALL dumped_.00403CB0 ; //字符相连
0049C27A |. 03FE |ADD EDI,ESI ; //累加运算结果1的ASCII码
0049C27C |. FE45 F7 |INC BYTE PTR SS:[EBP-9]
0049C27F |. FECB |DEC BL
0049C281 |.^ 75 D5 \JNZ SHORT dumped_.0049C258 ; //循环
0049C283 |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0049C286 |. 50 PUSH EAX
0049C287 |. B9 05000000 MOV ECX,5
0049C28C |. BA 01000000 MOV EDX,1
0049C291 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; //相连字符串A
0049C294 |. E8 137CF6FF CALL dumped_.00403EAC ; //取相连字符串A的1-5位
0049C299 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
0049C29C |. 50 PUSH EAX
0049C29D |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
0049C2A0 |. 8BC7 MOV EAX,EDI ; //运算结果1的ASCII码累加值
0049C2A2 |. 03C0 ADD EAX,EAX ; //运算结果1的ASCII码累加值乘2
0049C2A4 |. E8 87B3F6FF CALL dumped_.00407630 ; //EAX转10进制
0049C2A9 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; //10进制字符串
0049C2AC |. B9 03000000 MOV ECX,3
0049C2B1 |. BA 01000000 MOV EDX,1
0049C2B6 |. E8 F17BF6FF CALL dumped_.00403EAC ; //取10进制字符串的1-3位
0049C2BB |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; //10进制字符串的1-3位
0049C2BE |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0049C2C1 |. E8 EA79F6FF CALL dumped_.00403CB0 ; //将相连字符串1-5位和10进制字符串的1-3位相连
0049C2C6 |. EB 10 JMP SHORT dumped_.0049C2D8
0049C2C8 |> 8D45 F0 /LEA EAX,DWORD PTR SS:[EBP-10]
0049C2CB |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
0049C2CE |. BA 24C34900 |MOV EDX,dumped_.0049C324 ; 3
0049C2D3 |. E8 1C7AF6FF |CALL dumped_.00403CF4
0049C2D8 |> 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0049C2DB |. E8 C879F6FF |CALL dumped_.00403CA8
0049C2E0 |. 83F8 08 |CMP EAX,8
0049C2E3 |.^ 7C E3 \JL SHORT dumped_.0049C2C8 ; //若相连字符串B的长度小于8则在前面用"3"补足8位
0049C2E5 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0049C2E8 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; //相连字符串C
0049C2EB |. E8 D477F6FF CALL dumped_.00403AC4
0049C2F0 |. 33C0 XOR EAX,EAX
0049C2F2 |. 5A POP EDX
0049C2F3 |. 59 POP ECX
0049C2F4 |. 59 POP ECX
0049C2F5 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0049C2F8 |. 68 12C34900 PUSH dumped_.0049C312
0049C2FD |> 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
0049C300 |. BA 03000000 MOV EDX,3
0049C305 |. E8 4677F6FF CALL dumped_.00403A50
0049C30A \. C3 RETN
0049C30B .^ E9 C071F6FF JMP dumped_.004034D0
0049C310 .^ EB EB JMP SHORT dumped_.0049C2FD
0049C312 . 5F POP EDI
0049C313 . 5E POP ESI
0049C314 . 5B POP EBX
0049C315 . 8BE5 MOV ESP,EBP
0049C317 . 5D POP EBP
0049C318 . C3 RETN
**************************************************************
【破解总结】
脱壳和算法都还算简单
--------------------------------------------------------------
【算法总结】
举例说明
用户名: tianxj
转大写: TIANXJ
大写用户名ASCII码:54 49 41 4E 58 4A
分别与12异或后为 46 5B 53 5C 4A 58 即字符串 F[S\JX
分别转为10进制位为 70 91 83 92 74 88
相连为"709183927488"
取1-5位即"70918"
累加70+91+83+92+74+88=498
相加498+498=996
取1-3位即"996"
2组字符串相连得"70918996"
因为位数已经是8了,所以就不用在前面补"3"
注册码就是"70918996"
--------------------------------------------------------------
【算法注册机】
〖易语言代码〗
.版本 2
.子程序 _按钮1_被单击
.局部变量 X, 文本型
.局部变量 Y, 整数型
.局部变量 Z, 文本型
.局部变量 i, 整数型
.如果 (取文本长度 (编辑框1.内容) = 0)
编辑框1.内容 = “请输入用户名!”
.否则
.计次循环首 (取文本长度 (编辑框1.内容), i)
X = X + 到文本 (位异或 (取代码 (到大写 (编辑框1.内容), i), 18))
Y = Y + 位异或 (取代码 (到大写 (编辑框1.内容), i), 18)
.计次循环尾 ()
Z = 取文本中间 (X, 1, 5) + 取文本中间 (到文本 (Y + Y), 1, 3)
.计次循环首 (8 - 取文本长度 (Z), i)
Z = “3” + Z
.计次循环尾 ()
编辑框2.内容 = Z
--------------------------------------------------------------
【注册信息】
用户名:tianxj
注册码:70918996
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及徐超等所有帮助过我的论坛兄弟姐妹们!谢谢
新年新气象,新春节日到!节日快乐!愿朋友你在2009年,天天开怀,时时快乐,分分精彩,秒秒幸福。
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
