[摘要]【软件类别】:国外软件 / 共享版 / 文件管理 【开 发 商】http://www.lightlink.com/ym/chkfiles.htm 【破解过程】:用Fi2.45检查,VC 5.0编写,...
【软件类别】:国外软件 / 共享版 / 文件管理
【开 发 商】
http://www.lightlink.com/ym/chkfiles.htm
【破解过程】:用Fi2.45检查,VC 5.0编写,无壳。于是用W32Dasm反汇编后查找错误信息,找到关键点如下:
【破解过程】:
:00408483 E8017B0100 call 0041FF89
:00408488 8BC8 mov ecx, eax
:0040848A E8217C0100 call 004200B0
/* 取用户名位数 */
:0040848F 85C0 test eax, eax
:00408491 7518 jne 004084AB
:00408493 50 push eax
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
:00408494 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"You need to enter a user name."
:00408499 6828ED4200 push 0042ED28
:0040849E 8BCE mov ecx, esi
:004084A0 E87DA20100 call 00422722
:004084A5 5F pop edi
:004084A6 5E pop esi
:004084A7 83C420 add esp, 00000020
:004084AA C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:00408491(C)
:004084AB 83F814 cmp eax, 00000014
/* 用户名是否在20位以内? */
:004084AE 7E19 jle 004084C9
:004084B0 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
:004084B2 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"The user name must be 20 characters "
->"or less."
:004084B7 68F8EC4200 push 0042ECF8
:004084BC 8BCE mov ecx, esi
:004084BE E85FA20100 call 00422722
:004084C3 5F pop edi
:004084C4 5E pop esi
:004084C5 83C420 add esp, 00000020
:004084C8 C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:004084AE(C)
:004084C9 8D44240C lea eax, dword ptr [esp+0C]
:004084CD 6A17 push 00000017
:004084CF 50 push eax
* Possible Reference to Dialog: DialogID_0087, CONTROL_ID:040F, ""
:004084D0 680F040000 push 0000040F
:004084D5 8BCE mov ecx, esi
:004084D7 E8AD7A0100 call 0041FF89
:004084DC 8BC8 mov ecx, eax
:004084DE E8CD7B0100 call 004200B0
/* 取试炼码位数 */
:004084E3 85C0 test eax, eax
:004084E5 7518 jne 004084FF
:004084E7 50 push eax
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
:004084E8 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"You need to enter a registration "
->"number."
:004084ED 68CCEC4200 push 0042ECCC
:004084F2 8BCE mov ecx, esi
:004084F4 E829A20100 call 00422722
:004084F9 5F pop edi
:004084FA 5E pop esi
:004084FB 83C420 add esp, 00000020
:004084FE C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:004084E5(C)
:004084FF 8D4C2408 lea ecx, dword ptr [esp+08]
:00408503 8D54240C lea edx, dword ptr [esp+0C]
/* 取试炼码地址 */
:00408507 51 push ecx
* Possible StringData Ref from Data Obj ->"%lu"
:00408508 6854E24200 push 0042E254
:0040850D 52 push edx
:0040850E E8AD100000 call 004095C0
/* 判断试炼码是否全是数字,若是则转为16进制,不是则给出错误信息 */
:00408513 83C40C add esp, 0000000C
:00408516 83F801 cmp eax, 00000001
:00408519 7419 je 00408534
:0040851B 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
:0040851D 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"You need to enter a valid registration "
->"number."
:00408522 689CEC4200 push 0042EC9C
:00408527 8BCE mov ecx, esi
:00408529 E8F4A10100 call 00422722
:0040852E 5F pop edi
:0040852F 5E pop esi
:00408530 83C420 add esp, 00000020
:00408533 C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:00408519(C)
:00408534 8B442408 mov eax, dword ptr [esp+08]
/* 16进制值送eax */
:00408538 85C0 test eax, eax
:0040853A 7519 jne 00408555
:0040853C 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
:0040853E 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"You need to enter a valid registartion "
->"number."
:00408543 686CEC4200 push 0042EC6C
:00408548 8BCE mov ecx, esi
:0040854A E8D3A10100 call 00422722
:0040854F 5F pop edi
:00408550 5E pop esi
:00408551 83C420 add esp, 00000020
:00408554 C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:0040853A(C)
:00408555 68282D4300 push 00432D28
/* 用户名地址入栈 */
:0040855A E8A18AFFFF call 00401000
/* 算法call */
:0040855F 8B4C240C mov ecx, dword ptr [esp+0C]
:00408563 83C404 add esp, 00000004
:00408566 3BC8 cmp ecx, eax
/* 关键比较 */
:00408568 7419 je 00408583
/* 一定要跳 */
:0040856A 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
:0040856C 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"Sorry, this registration number "
->"is not valid."
:00408571 683CEC4200 push 0042EC3C
:00408576 8BCE mov ecx, esi
:00408578 E8A5A10100 call 00422722
:0040857D 5F pop edi
:0040857E 5E pop esi
:0040857F 83C420 add esp, 00000020
:00408582 C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:00408568(C)
* Possible StringData Ref from Data Obj ->"ww"
:00408583 68FCE34200 push 0042E3FC
* Possible StringData Ref from Data Obj ->"chkfiles.ser"
:00408588 685CE24200 push 0042E25C
:0040858D E86E120000 call 00409800
:00408592 8BF8 mov edi, eax
:00408594 83C408 add esp, 00000008
:00408597 85FF test edi, edi
:00408599 7439 je 004085D4
:0040859B 8B442408 mov eax, dword ptr [esp+08]
:0040859F 50 push eax
:004085A0 68282D4300 push 00432D28
* Possible StringData Ref from Data Obj ->"%s%lu"
:004085A5 6834EC4200 push 0042EC34
:004085AA 57 push edi
:004085AB E870120000 call 00409820
:004085B0 83C410 add esp, 00000010
:004085B3 83F8FF cmp eax, FFFFFFFF
:004085B6 741C je 004085D4
:004085B8 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
:004085BA 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"Thank you for registering."
:004085BF 6818EC4200 push 0042EC18
:004085C4 8BCE mov ecx, esi
:004085C6 E857A10100 call 00422722
:004085CB C605202D430001 mov byte ptr [00432D20], 01
:004085D2 EB13 jmp 004085E7
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
:00408599(C), :004085B6(C)
:004085D4 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
:004085D6 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"Error writing registration file."
:004085DB 68F4EB4200 push 0042EBF4
:004085E0 8BCE mov ecx, esi
:004085E2 E83BA10100 call 00422722
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:004085D2(U)
:004085E7 57 push edi
:004085E8 E873080000 call 00408E60
:004085ED 83C404 add esp, 00000004
:004085F0 8BCE mov ecx, esi
:004085F2 E8394B0100 call 0041D130
:004085F7 5F pop edi
:004085F8 5E pop esi
:004085F9 83C420 add esp, 00000020
:004085FC C3 ret
___________________________________________________________
算法call:
:00401000 53 push ebx
:00401001 55 push ebp
:00401002 8B6C240C mov ebp, dword ptr [esp+0C]
:00401006 56 push esi
:00401007 57 push edi
:00401008 8BFD mov edi, ebp
:0040100A 83C9FF or ecx, FFFFFFFF
:0040100D 33C0 xor eax, eax
:0040100F F2 repnz
:00401010 AE scasb
:00401011 F7D1 not ecx
:00401013 49 dec ecx
/* 这里取得用户名长度 */
:00401014 8BC1 mov eax, ecx
:00401016 8BD8 mov ebx, eax
:00401018 7452 je 0040106C
:0040101A 83F814 cmp eax, 00000014
:0040101D 7F4D jg 0040106C
:0040101F 7D1D jge 0040103E
:00401021 B914000000 mov ecx, 00000014
:00401026 8D3C28 lea edi, dword ptr [eax+ebp]
:00401029 2BC8 sub ecx, eax
:0040102B B820202020 mov eax, 20202020
:00401030 8BD1 mov edx, ecx
:00401032 C1E902 shr ecx, 02
:00401035 F3 repz
:00401036 AB stosd
/* 上面这段指令用0x20将未满20位的用户名补足20位 */
:00401037 8BCA mov ecx, edx
:00401039 83E103 and ecx, 00000003
:0040103C F3 repz
:0040103D AA stosb
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:0040101F(C)
:0040103E BE322DFB21 mov esi, 21FB2D32
:00401043 B929197C6B mov ecx, 6B7C1929
/* 以上是两个计算关键值 */
:00401048 33D2 xor edx, edx
/* edx清零 */
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:0040105F(C)
:0040104A 33C0 xor eax, eax
/* eax清零 */
:0040104C 8A042A mov al, byte ptr [edx+ebp]
/* 依次取用户名的每一位 */
:0040104F 0FAFC1 imul eax, ecx
/* eax=eax*ecx */
:00401052 03F0 add esi, eax
/* esi=eax+esi */
:00401054 42 inc edx
/* edx++ */
:00401055 83FA14 cmp edx, 00000014
/* 20位是否都算完? */
:00401058 8D8C092106471E lea ecx, dword ptr [ecx+ecx+1E470621]
/* ecx=ecx*2+1E470621 */
:0040105F 7CE9 jl 0040104A
/* 未满20位则返回继续运算 */
:00401061 C6042B00 mov byte ptr [ebx+ebp], 00
:00401065 8BC6 mov eax, esi
/* 运算结果作为返回值送出 */
:00401067 5F pop edi
:00401068 5E pop esi
:00401069 5D pop ebp
:0040106A 5B pop ebx
:0040106B C3 ret
【整 理】:
用户名:cyclotron
注册码:101258879
【注册信息存放】:
主目录下chkfiles.ser
【Turbo C 注册机】:
#include "stdio.h"
#include "string.h"
void main()
{char regname[21];
unsigned long regcode=0x21FB2D32,ecx=0x6B7C1929;
int i,length;
printf("\t*******************************************************************\n\n");
printf("\t\tKeyGen for CheckFiles V1.5\n\t\t\tProduced by cyclotron\n\n");
printf("\t*******************************************************************\n\n");
do
{printf("\n\tPlease input your Regname(less than or equal to 20):");
length=strlen(gets(regname));
}
while(!length
length>20);
for(i=length;i<20;i++)
regname[i]=0x20;
for(i=0;i<20;i++)
{regcode+=regname[i]*ecx;
ecx=ecx*2+0x1E470621;
}
printf("\n\tYour Regcode is:\t%lu\n",regcode);
printf("\n\tThank you for your use!\n");
getchar();
网络的神奇作用吸引着越来越多的用户加入其中,正因如此,网络的承受能力也面临着越来越严峻的考验―从硬件上、软件上、所用标准上......,各项技术都需要适时应势,对应发展,这正是网络迅速走向进步的催化剂。
……