您的位置：首页 → 精文荟萃 → 破解文章 → 浪漫情书算法分析

浪漫情书算法分析

时间：2004/10/15 0:55:00来源：本站整理作者：蓝点我要评论(0)

　软件名：浪漫情书
下载地址：http://go3.163.com/pyeditor/index.html
破解人：powerboy
难度：简单
注册码保存在：软件目录SYSTEM中的“配置”文件中；
:00488FC6 8B45FC                  mov eax, dword ptr [ebp-04]
:00488FC9 8B80D0020000            mov eax, dword ptr [eax+000002D0]
:00488FCF E85C5CFAFF              call 0042EC30
:00488FD4 8B45F4                  mov eax, dword ptr [ebp-0C]
:00488FD7 E8B4ACF7FF              call 00403C90
:00488FDC 8BF0                    mov esi, eax
:00488FDE 85F6                    test esi, esi
:00488FE0 7C37                    jl 00489019
:00488FE2 46                      inc esi
:00488FE3 33DB                    xor ebx, ebx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00489017(C)
|
:00488FE5 8B45F4                  mov eax, dword ptr [ebp-0C]
:00488FE8 8A4418FF                mov al, byte ptr [eax+ebx-01]
:00488FEC 3C30                    cmp al, 30
:00488FEE 7225                    jb 00489015
:00488FF0 8B55F4                  mov edx, dword ptr [ebp-0C]
:00488FF3 3C39                    cmp al, 39
:00488FF5 771E                    ja 00489015
:00488FF7 8D45EC                  lea eax, dword ptr [ebp-14]
:00488FFA 50                      push eax
:00488FFB B901000000              mov ecx, 00000001
:00489000 8BD3                    mov edx, ebx
:00489002 8B45F4                  mov eax, dword ptr [ebp-0C]
:00489005 E88AAEF7FF              call 00403E94
:0048900A 8B55EC                  mov edx, dword ptr [ebp-14]
:0048900D 8D45F8                  lea eax, dword ptr [ebp-08]
:00489010 E883ACF7FF              call 00403C98

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00488FEE(C), :00488FF5(C)
|
:00489015 43                      inc ebx
:00489016 4E                      dec esi
:00489017 75CC                    jne 00488FE5

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00488FE0(C)
|
:00489019 8D55F0                  lea edx, dword ptr [ebp-10]
:0048901C 8B45FC                  mov eax, dword ptr [ebp-04]
:0048901F 8B80E0020000            mov eax, dword ptr [eax+000002E0]
:00489025 E8065CFAFF              call 0042EC30
:0048902A 8B45F0                  mov eax, dword ptr [ebp-10]
:0048902D 8D55EC                  lea edx, dword ptr [ebp-14]
:00489030 E83BFEFFFF              call 00488E70-------------------------->算法关键CALL
:00489035 8B45EC                  mov eax, dword ptr [ebp-14]------------>错误的注册码
:00489038 8B55F8                  mov edx, dword ptr [ebp-08]------------>正确的注册码
:0048903B E860ADF7FF              call 00403DA0-------------------------->比较
:00489040 0F8556010000            jne 0048919C--------------------------->不跳就成功

* Possible StringData Ref from Code Obj ->"注册成功！请重新启动浪漫情书……"
==================================================================================
F8进入算法关键CALL................

:00488E7E 8BF2                    mov esi, edx
:00488E80 8945FC                  mov dword ptr [ebp-04], eax
:00488E83 8B45FC                  mov eax, dword ptr [ebp-04]
:00488E86 E8B9AFF7FF              call 00403E44
:00488E8B 33C0                    xor eax, eax
:00488E8D 55                      push ebp
:00488E8E 68118F4800              push 00488F11
:00488E93 64FF30                  push dword ptr fs:[eax]
:00488E96 648920                  mov dword ptr fs:[eax], esp
:00488E99 33DB                    xor ebx, ebx
:00488E9B 8D55F8                  lea edx, dword ptr [ebp-08]
:00488E9E A1E4784A00              mov eax, dword ptr [004A78E4]
:00488EA3 8B00                    mov eax, dword ptr [eax]
:00488EA5 E8D2D70000              call 0049667C
:00488EAA 8B55F8                  mov edx, dword ptr [ebp-08]------------>EDX=‘502057’
:00488EAD 8D45FC                  lea eax, dword ptr [ebp-04]------------>
:00488EB0 8B4DFC                  mov ecx, dword ptr [ebp-04]------------>ECX='powerboy'
:00488EB3 E824AEF7FF              call 00403CDC-------------------------->将EDX和ECX叠加
:00488EB8 8B45FC                  mov eax, dword ptr[ebp-04]------------->EAX="EDX+ECX"
:00488EBB E8D0ADF7FF              call 00403C90             生成新字符串N为'502057powerboy'
:00488EC0 8BD0                    mov edx, eax
:00488EC2 85D2                    test edx, edx
:00488EC4 7C17                    jl 00488EDD
:00488EC6 42                      inc edx
:00488EC7 33C0                    xor eax, eax

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00488EDB(C)
|
:00488EC9 8B4DFC                  mov ecx, dword ptr [ebp-04]----------->ECX='N'
:00488ECC 0FB64C01FF              movzx ecx, byte ptr [ecx+eax-01]------>ECX取'N'的每一位
:00488ED1 8D7803                  lea edi, dword ptr [eax+03]----------->EDI=EAX+3
:00488ED4 0FAFCF                  imul ecx, edi------------------------->ECX=ECX*EDI
:00488ED7 03D9                    add ebx, ecx-------------------------->EBX=EBX+ECX
:00488ED9 40                      inc eax------------------------------->EAX=EAX+1
:00488EDA 4A                      dec edx------------------------------->EDX=EDX-1
:00488EDB 75EC                    jne 00488EC9-------------------------->不为0则循环

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00488EC4(C)
|
:00488EDD 8BC3                    mov eax, ebx-------------------------->EAX=EBX
:00488EDF 99                      cdq----------------------------------->EDX=0
:00488EE0 33C2                    xor eax, edx-------------------------->EAX=EAX XOR EDX
:00488EE2 2BC2                    sub eax, edx-------------------------->EAX=EAX - EDX
:00488EE4 69C0C9430000            imul eax, 000043C9-------------------->EAX=EAX*&H43C9
:00488EEA 05BBEF9505              add eax, 0595EFBB--------------------->EAX=EAX+&H595EFBB
:00488EEF 8BD6                    mov edx, esi
:00488EF1 E80AF0F7FF              call 00407F00
:00488EF6 33C0                    xor eax, eax
:00488EF8 5A                      pop edx
:00488EF9 59                      pop ecx
:00488EFA 59                      pop ecx
:00488EFB 648910                  mov dword ptr fs:[eax], edx
:00488EFE 68188F4800              push 00488F18

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00488F16(U)
|
:00488F03 8D45F8                  lea eax, dword ptr [ebp-08]
:00488F06 BA02000000              mov edx, 00000002
:00488F0B E828ABF7FF              call 00403A38
:00488F10 C3                      ret
＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝
算法整理：
1.软件自产生一个机器码A；
2.我们输入一个用户名B；
3.将A与B顺序相加生成C
4.ECX=取C的每位ASCII码；初始值：EAX=1,EBX=0,EDX=C的长度；
 EDI=EAX+3
 ECX=ECX*EDI
 EBX=EBX+ECX
 EAX=EAX+1
 EDX=EDX-1
 当EDX=0时就结束循环
这样就得到一个EBX值；
5.EAX=EBX
 EAX=EAX*&H43C9
 EAX=EAX+&H595EFBB
6.将EAX转换成十进制数；
＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝
以我的机器码与用户名为例：
机器码：502057 用户名：powerboy
ECX=  35    30    32    30    35    37    70    6F    77    65    72    62    6F    79
EDI=  4     5     6     7     8     9     A     B     C     D     E     F     10    11
ECX=  D4    F0    12C   150   1A8   1EF   460   4C5   594   521   63C   5BE   6F0   809
EBX=  D4    1C4   2F0   440   5E8   707   C37   10FC  1690  1BB1  21ED  27AB  2E9B  36A4
EAX=  2     3     4     5     6     7     8     9     A     B     C     D     E     F
EAX=EBX=&H36A4
EAX=EAX*&H43C9=&HE77D2C4
EAX=EAX+&H595EFBB=&H140DC27F
将&H140DC27F变成十进制为：336446079
＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝
结束收工！！！！！！！！！！
由于写的仓促，分析的不是很细请大家原谅！！
只作技术研究，不要向外部发布！！！谢谢！！

　　　　
　　　　
　　　　　
　　　　
　　　　
　　　　　

相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么

文章评论

查看所有0条评论>>

发表评论

我来说两句...

提交评论