[转载]注册图像浏览器“豪杰大眼睛Hero Photo ShowV2.1”
<P>文章作者: qduwg</P><P><FONT face=宋体>题目:注册图像浏览器“豪杰大眼睛HeroPhotoShowV2.1”<BR>工具:Softice,PEID<BR>功能简介:独创超级图网,轻松点击看遍互联网;图像处理简单快捷,电子相册,屏保制作;支持图片格式60余种,动画图象随意抽取;序列播放,进度随意更改,任意角度看图。<BR><BR>引子:这是继分析“豪杰超级解霸”和“金山影霸”以来的又一个豪杰产品的注册码分析。尽管Acdsee是图像浏览器的大腕,尽管大眼睛还有些缺陷,但是我们应该支持我们的民族软件产业。PEID检查没有加壳,VC开发。启动程序,输入用户名wanggang,输入注册码1111-2222-3333-4444,打开softice,下断点bpxgetwindowtexta,F5退出,点击“确定”,被拦住。按一次F12来到下面代码处。<BR><BR>00402480/$83EC40SUBESP,40<BR>00402483|.8B0D38CC4000MOVECX,DWORDPTRDS:[40CC38]<BR>00402489|.56PUSHESI<BR>0040248A|.8B3598914000MOVESI,DWORDPTRDS:[<&USER32.GetWindow><BR>00402490|.8D442404LEAEAX,DWORDPTRSS:[ESP+4]<BR>00402494|.6A08PUSH8<BR>00402496|.50PUSHEAX<BR>00402497|.51PUSHECX<BR>00402498|.FFD6CALLESI//取注册码第一段。<BR>0040249A|.A134CC4000MOVEAX,DWORDPTRDS:[40CC34]<BR>0040249F|.8D542409LEAEDX,DWORDPTRSS:[ESP+9]<BR>004024A3|.6A08PUSH8<BR>004024A5|.52PUSHEDX<BR>004024A6|.50PUSHEAX<BR>004024A7|.FFD6CALLESI//取注册码第二段。<BR>004024A9|.8B1540CC4000MOVEDX,DWORDPTRDS:[40CC40]<BR>004024AF|.8D4C240ELEAECX,DWORDPTRSS:[ESP+E]<BR>004024B3|.6A08PUSH8<BR>004024B5|.51PUSHECX<BR>004024B6|.52PUSHEDX<BR>004024B7|.FFD6CALLESI//取注册码第三段。<BR>004024B9|.8B0D3CCC4000MOVECX,DWORDPTRDS:[40CC3C]<BR>004024BF|.8D442413LEAEAX,DWORDPTRSS:[ESP+13]<BR>004024C3|.6A08PUSH8<BR>004024C5|.50PUSHEAX<BR>004024C6|.51PUSHECX<BR>004024C7|.FFD6CALLESI//取注册码第四段。<BR>004024C9|.8B1530CC4000MOVEDX,DWORDPTRDS:[40CC30]<BR>004024CF|.6800010000PUSH100<BR>004024D4|.B02DMOVAL,2D//2D就是减号'-'。<BR>004024D6|.6880CD4000PUSHAUTHREG.0040CD80<BR>004024DB|.52PUSHEDX<BR>004024DC|.8844241EMOVBYTEPTRSS:[ESP+1E],AL//减号分别放到输入的注册码内。隔4位一个。<BR>004024E0|.88442419MOVBYTEPTRSS:[ESP+19],AL<BR>004024E4|.88442414MOVBYTEPTRSS:[ESP+14],AL<BR>004024E8|.C644242300MOVBYTEPTRSS:[ESP+23],0<BR>004024ED|.FFD6CALLESI//取用户名。<BR>004024EF|.A158C74000MOVEAX,DWORDPTRDS:[40C758]<BR>004024F4|.5EPOPESI<BR>004024F5|.85C0TESTEAX,EAX<BR>004024F7|.740EJESHORTAUTHREG.00402507<BR>004024F9|.8D4C2400LEAECX,DWORDPTRSS:[ESP]<BR>004024FD|.51PUSHECX<BR>004024FE|.6880CD4000PUSHAUTHREG.0040CD80<BR>00402503|.FFD0CALLEAX//这个函数就是计算注册码的地方。(*)<BR>00402505|.EB0FJMPSHORTAUTHREG.00402516//这里跳走。<BR>00402507|>8D542400LEAEDX,DWORDPTRSS:[ESP]<BR>0040250B|.52PUSHEDX<BR>0040250C|.6880CD4000PUSHAUTHREG.0040CD80<BR>00402511|.E8DA140000CALLAUTHREG.004039F0<BR>00402516|>33C9XORECX,ECX<BR>00402518|.8D542400LEAEDX,DWORDPTRSS:[ESP]<BR>0040251C|.85C0TESTEAX,EAX//如果注册码正确则EAX返回1。这里测试EAX是否非0。<BR>0040251E|.0F95C1SETNECL//如果EAX非0,让CL=1。<BR>00402521|.52PUSHEDX<BR>00402522|.6880CD4000PUSHAUTHREG.0040CD80<BR>00402527|.890D40F84000MOVDWORDPTRDS:[40F840],ECX<BR>0040252D|.E82E000000CALLAUTHREG.00402560//加密注册码。<BR>00402532|.8B4C244CMOVECX,DWORDPTRSS:[ESP+4C]<BR>00402536|.8B1564CD4000MOVEDX,DWORDPTRDS:[40CD64]<BR>0040253C|.83C408ADDESP,8<BR>0040253F|.8D442400LEAEAX,DWORDPTRSS:[ESP]<BR>00402543|.50PUSHEAX<BR>00402544|.68E0234000PUSHAUTHREG.004023E0<BR>00402549|.51PUSHECX<BR>0040254A|.6A69PUSH69<BR>0040254C|.52PUSHEDX<BR>0040254D|.FF15C4914000CALLDWORDPTRDS:[<&USER32.DialogBoxPar>//显示成功注册信息。<BR>00402553|.A140F84000MOVEAX,DWORDPTRDS:[40F840]<BR>00402558|.83C440ADDESP,40<BR>0040255B\.C3RETN<BR>======================================================================<BR>下面进入(*)处的函数分析:<BR>:100010A083EC20subesp,00000020<BR>:100010A356pushesi<BR>:100010A457pushedi<BR>:100010A5B908000000movecx,00000008<BR>:100010AA33C0xoreax,eax<BR>:100010AC8D7C2408leaedi,dwordptr[esp+08]<BR>:100010B0F3repz<BR>:100010B1ABstosd<BR>:100010B28B44242Cmoveax,dwordptr[esp+2C]<BR>:100010B650pusheax<BR>:100010B7E884010000call10001240//这个函数处理用户名(**)<BR>:100010BC83C404addesp,00000004<BR>:100010BF89442408movdwordptr[esp+08],eax<BR>:100010C333F6xoresi,esi<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:100010E8(C)<BR>|<BR>:100010C50FBE443408movsxeax,byteptr[esp+esi+08]//依次取前面最后一次得到的4位用户名字符送EAX。<BR>:100010CA83F841cmpeax,00000041//与41比较。<BR>:100010CD7C08jl100010D7//如果小于41,则进行处理。<BR>:100010CF83F85Acmpeax,0000005A//与5A比较<BR>:100010D27F03jg100010D7//如果大于5A,则进行处理。<BR>:100010D483C020addeax,00000020//否则加20,把大写字符变为小写字符。<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddresses:<BR>|:100010CD(C),:100010D2(C)<BR>|<BR>:100010D750pusheax<BR>:100010D8E813020000call100012F0//这个函数把处理过的用户名转换为可见字符。(***)<BR>:100010DD83C404addesp,00000004<BR>:100010E088443408movbyteptr[esp+esi+08],al<BR>:100010E446incesi<BR>:100010E583FE04cmpesi,00000004<BR>:100010E87CDBjl100010C5<BR>:100010EA8B7C2430movedi,dwordptr[esp+30]//注册码地址送EDI。<BR>:100010EE8D4C2408leaecx,dwordptr[esp+08]//变换后的注册码地址送ECX。<BR>:100010F28BF7movesi,edi<BR>:100010F433D2xoredx,edx<BR>:100010F62BF1subesi,ecx<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:1000111C(C)<BR>|<BR>:100010F88D4C1408leaecx,dwordptr[esp+edx+08]<BR>:100010FC0FBE040Emovsxeax,byteptr[esi+ecx]//注册码逐位送EAX。<BR>:1000110083F841cmpeax,00000041<BR>:100011037C08jl1000110D<BR>:1000110583F85Acmpeax,0000005A<BR>:100011087F03jg1000110D<BR>:1000110A83C020addeax,00000020<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddresses:<BR>|:10001103(C),:10001108(C)<BR>|<BR>:1000110D0FBE09movsxecx,byteptr[ecx]//第一组真码依次送ECX。<BR>:100011103BC1cmpeax,ecx//真假比较。这里就应该用E命令修改你的假码为真码了。以下类推。<BR>:100011120F8514010000jne1000122C//不等则OVER。<BR>:1000111842incedx<BR>:1000111983FA04cmpedx,00000004<BR>:1000111C7CDAjl100010F8//没有比较完,则继续。<BR>:1000111E8B442408moveax,dwordptr[esp+08]//变换后的用户名4位送EAX。<BR>:100011228D5008leaedx,dwordptr[eax+08]<BR>:100011250FAFD0imuledx,eax//EDX=EDX*EAX。<BR>:100011288954240Cmovdwordptr[esp+0C],edx//结果送到[ESP+C]处。<BR>:1000112C33F6xoresi,esi<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:1000114F(C)<BR>|<BR>:1000112E8A44340Cmoval,byteptr[esp+esi+0C]<BR>:1000113250pusheax<BR>:1000113356pushesi<BR>:10001134E847030000call10001480//这个函数把变换得到的新4位注册码进一步变换。(****)<BR>:1000113925FF000000andeax,000000FF<BR>:1000113E50pusheax<BR>:1000113FE8AC010000call100012F0//变为可见字符。<BR>:1000114483C40Caddesp,0000000C<BR>:100011478844340Cmovbyteptr[esp+esi+0C],al<BR>:1000114B46incesi<BR>:1000114C83FE04cmpesi,00000004<BR>:1000114F7CDDjl1000112E<BR>:1000115133C9xorecx,ecx<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:10001176(C)<BR>|<BR>:100011530FBE440F05movsxeax,byteptr[edi+ecx+05]//下面是比较真假注册码的循环。<BR>:1000115883F841cmpeax,00000041<BR>:1000115B7C08jl10001165<BR>:1000115D83F85Acmpeax,0000005A<BR>:100011607F03jg10001165<BR>:1000116283C020addeax,00000020<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddresses:<BR>|:1000115B(C),:10001160(C)<BR>|<BR>:100011650FBE540C0Cmovsxedx,byteptr[esp+ecx+0C]<BR>:1000116A3BC2cmpeax,edx<BR>:1000116C0F85BA000000jne1000122C<BR>:1000117241incecx<BR>:1000117383F904cmpecx,00000004<BR>:100011767CDBjl10001153<BR>:100011788B44240Cmoveax,dwordptr[esp+0C]//第一段注册码送EAX。<BR>:1000117C8B4C2408movecx,dwordptr[esp+08]//第二段注册码送ECX。<BR>:100011808BD0movedx,eax<BR>:1000118233D1xoredx,ecx//异或运算<BR>:1000118442incedx//加1。<BR>:100011850FAFD1imuledx,ecx//EDX=EDX*ECX<BR>:1000118803D0addedx,eax//EDX=EDX+EAX。<BR>:1000118A33F6xoresi,esi<BR>:1000118C89542410movdwordptr[esp+10],edx//保存结果。<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:100011A6(C)<BR>|<BR>:100011900FBE443410movsxeax,byteptr[esp+esi+10]<BR>:1000119550pusheax<BR>:10001196E855010000call100012F0//处理刚刚得到的4位结果。<BR>:1000119B83C404addesp,00000004<BR>:1000119E88443410movbyteptr[esp+esi+10],al//保存<BR>:100011A246incesi<BR>:100011A383FE04cmpesi,00000004<BR>:100011A67CE8jl10001190<BR>:100011A833C9xorecx,ecx<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:100011C9(C)<BR>|<BR>:100011AA0FBE440F0Amovsxeax,byteptr[edi+ecx+0A]//下面是比较第三段注册码的循环。<BR>:100011AF83F841cmpeax,00000041<BR>:100011B27C08jl100011BC<BR>:100011B483F85Acmpeax,0000005A<BR>:100011B77F03jg100011BC<BR>:100011B983C020addeax,00000020<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddresses:<BR>|:100011B2(C),:100011B7(C)<BR>|<BR>:100011BC0FBE540C10movsxedx,byteptr[esp+ecx+10]<BR>:100011C13BC2cmpeax,edx<BR>:100011C37567jne1000122C<BR>:100011C541incecx<BR>:100011C683F904cmpecx,00000004<BR>:100011C97CDFjl100011AA<BR>:100011CB8B4C240Cmovecx,dwordptr[esp+0C]//第二段注册码送ECX。<BR>:100011CF8B442408moveax,dwordptr[esp+08]//第一段注册码送EAX。<BR>:100011D30FAFC8imulecx,eax//相乘<BR>:100011D641incecx//ECX增一。<BR>:100011D70FAF4C2410imulecx,dwordptr[esp+10]//ECX与第三段相乘。<BR>:100011DC03C8addecx,eax//ECX加EAX。<BR>:100011DE33F6xoresi,esi<BR>:100011E0894C2414movdwordptr[esp+14],ecx//保存。<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:100011FA(C)<BR>|<BR>:100011E40FBE543414movsxedx,byteptr[esp+esi+14]//处理刚刚得到的第四段注册码。<BR>:100011E952pushedx<BR>:100011EAE801010000call100012F0<BR>:100011EF83C404addesp,00000004<BR>:100011F288443414movbyteptr[esp+esi+14],al<BR>:100011F646incesi<BR>:100011F783FE04cmpesi,00000004<BR>:100011FA7CE8jl100011E4<BR>:100011FC33C9xorecx,ecx<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:1000121D(C)<BR>|<BR>:100011FE0FBE440F0Fmovsxeax,byteptr[edi+ecx+0F]//下面是第四段注册码的比较循环。<BR>:1000120383F841cmpeax,00000041<BR>:100012067C08jl10001210<BR>:1000120883F85Acmpeax,0000005A<BR>:1000120B7F03jg10001210<BR>:1000120D83C020addeax,00000020<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddresses:<BR>|:10001206(C),:1000120B(C)<BR>|<BR>:100012100FBE540C14movsxedx,byteptr[esp+ecx+14]<BR>:100012153BC2cmpeax,edx<BR>:100012177513jne1000122C<BR>:1000121941incecx<BR>:1000121A83F904cmpecx,00000004<BR>:1000121D7CDFjl100011FE<BR>:1000121F5Fpopedi<BR>:10001220B801000000moveax,00000001//注册码正确则让EAX=1。<BR>:100012255Epopesi<BR>:1000122683C420addesp,00000020<BR>:10001229C20800ret0008<BR>======================================================================<BR>下面分析:100010B7处的函数call10001240:<BR>|:100010B7<BR>|<BR>:1000124081EC00020000subesp,00000200<BR>:10001246B980000000movecx,00000080<BR>:1000124B33C0xoreax,eax<BR>:1000124D53pushebx<BR>:1000124E55pushebp<BR>:1000124F56pushesi<BR>:100012508BB42410020000movesi,dwordptr[esp+00000210]<BR>:1000125757pushedi<BR>:100012588D7C2410leaedi,dwordptr[esp+10]<BR>:1000125CF3repz<BR>:1000125DABstosd<BR>:1000125E56pushesi<BR>:1000125F33EDxorebp,ebp<BR><BR>*ReferenceTo:KERNEL32.lstrlenA,Ord:0308h<BR>|<BR>:10001261FF1504600010Calldwordptr[10006004]//求串长。<BR>:100012678BD8movebx,eax<BR>:1000126981FB00020000cmpebx,00000200<BR>:1000126F7612jbe10001283<BR>:10001271B980000000movecx,00000080<BR>:100012768D7C2410leaedi,dwordptr[esp+10]<BR>:1000127ABB00020000movebx,00000200<BR>:1000127FF3repz<BR>:10001280A5movsd<BR>:10001281EB0Cjmp1000128F<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:1000126F(C)<BR>|<BR>:100012838D442410leaeax,dwordptr[esp+10]<BR>:1000128756pushesi<BR>:1000128850pusheax<BR><BR>*ReferenceTo:KERNEL32.lstrcpyA,Ord:0302h<BR>|<BR>:10001289FF1584600010Calldwordptr[10006084]//串拷贝。<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:10001281(U)<BR>|<BR>:1000128F8BC3moveax,ebx//用户名串长送EAX。<BR>:1000129199cdq<BR>:1000129283E203andedx,00000003<BR>:1000129503C2addeax,edx<BR>:100012978BF8movedi,eax//串长送EDI。<BR>:10001299C1FF02saredi,02//右循环2次,相当于除以4。<BR>:1000129CF6C303testbl,03<BR>:1000129F7401je100012A2//此处跳走。<BR>:100012A147incedi<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:1000129F(C)<BR>|<BR>:100012A233C9xorecx,ecx<BR>:100012A485DBtestebx,ebx<BR>:100012A67E17jle100012BF<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:100012BD(C)<BR>|<BR>:100012A88A540C10movdl,byteptr[esp+ecx+10]//依次取用户名送DL。<BR>:100012AC52pushedx<BR>:100012AD51pushecx<BR>:100012AEE8CD010000call10001480//这个函数变换每位字符。<BR>:100012B383C408addesp,00000008<BR>:100012B688440C10movbyteptr[esp+ecx+10],al//转换后的字符送原来位置。<BR>:100012BA41incecx<BR>:100012BB3BCBcmpecx,ebx<BR>:100012BD7CE9jl100012A8//循环直至处理完用户名。<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:100012A6(C)<BR>|<BR>:100012BF33F6xoresi,esi<BR>:100012C185FFtestedi,edi<BR>:100012C37E1Cjle100012E1<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:100012DF(C)<BR>|<BR>:100012C58B5CB410movebx,dwordptr[esp+4*esi+10]//转换完的前4位送EBX。<BR>:100012C98BC6moveax,esi//ESI值送EAX。ESI初始值是0。<BR>:100012CB83E01Fandeax,0000001F<BR>:100012CE03EBaddebp,ebx<BR>:100012D050pusheax//循环移位次数参数进栈。<BR>:100012D155pushebp//四位用户名字符参数进栈。<BR>:100012D2E879020000call10001550//把用户名循环移位EAX次。<BR>:100012D783C408addesp,00000008<BR>:100012DA46incesi<BR>:100012DB3BF7cmpesi,edi//EDI为循环次数。<BR>:100012DD8BE8movebp,eax//循环移位后的结果送EBP。<BR>:100012DF7CE4jl100012C5//没有结束,则继续循环。<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:100012C3(C)<BR>|<BR>:100012E15Fpopedi<BR>:100012E28BC5moveax,ebp//把最后一次得到的4位用户名送EAX返回主调函数。<BR>:100012E45Epopesi<BR>:100012E55Dpopebp<BR>:100012E65Bpopebx<BR>:100012E781C400020000addesp,00000200<BR>:100012EDC3ret<BR>======================================================================<BR>下面是:100010D8处的函数call100012F0的代码(***):<BR>:100012F08B442404moveax,dwordptr[esp+04]<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddresses:<BR>|:10001312(U),:10001323(U),:1000133E(U)<BR>|<BR>:100012F483E07Fandeax,0000007F<BR>:100012F783F841cmpeax,00000041//判断是否是在字符'A'与'Z'之间。<BR>:100012FA7C07jl10001303<BR>:100012FC83F85Acmpeax,0000005A<BR>:100012FF7F02jg10001303//如果不在A-Z之间,则跳。<BR>:100013010C20oral,20//如果在A-Z之间,则变为小写字符。<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddresses:<BR>|:100012FA(C),:100012FF(C)<BR>|<BR>:1000130383F86Fcmpeax,0000006F//判断是否是字符'o'。<BR>:10001306750Cjne10001314<BR>:10001308B890000000moveax,00000090<BR>:1000130D83F00Exoreax,0000000E<BR>:100013100C31oral,31<BR>:10001312EBE0jmp100012F4<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:10001306(C)<BR>|<BR>:1000131483F830cmpeax,00000030//判断是否是0。<BR>:10001317750Cjne10001325//如果不是则跳。<BR>:10001319B8CF000000moveax,000000CF<BR>:1000131E83F00Exoreax,0000000E<BR>:100013210C31oral,31<BR>:10001323EBCFjmp100012F4<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:10001317(C)<BR>|<BR>:1000132583F861cmpeax,00000061//判断是否在a-z之间。<BR>:100013287C05jl1000132F//如果小于a则跳。<BR>:1000132A83F87Acmpeax,0000007A<BR>:1000132D7E11jle10001340//如果在a-z之间则OK。<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:10001328(C)<BR>|<BR>:1000132F83F831cmpeax,00000031//判断是否在1-9之间。<BR>:100013327C05jl10001339<BR>:1000133483F839cmpeax,00000039<BR>:100013377E07jle10001340//如果在1-9之间也OK。<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:10001332(C)<BR>|<BR>:1000133983F00Exoreax,0000000E//如果小于1则与E异或。<BR>:1000133C0C31oral,31//加31。<BR>:1000133EEBB4jmp100012F4<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddresses:<BR>|:1000132D(C),:10001337(C)<BR>|<BR>:10001340C3ret<BR>======================================================================<BR>下面是(****)处的函数调用分析::10001134call10001480<BR>:1000148055pushebp<BR>:100014818BECmovebp,esp<BR>:1000148353pushebx<BR>:100014848A4508moval,byteptr[ebp+08]<BR>:100014878A5D0Cmovbl,byteptr[ebp+0C]//取每位注册码送BL。<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:10001494(C)<BR>|<BR>:1000148AF6C3C3testbl,C3//与C3(11000011)进行"与"运算。<BR>:1000148D7A01jpe10001490//如果为偶数个1则跳。<BR>:1000148FF9stc//否则置进位标志为1。<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:1000148D(C)<BR>|<BR>:10001490D0DBrcrbl,1//BL带进位C右循环一次。<BR>:10001492FEC8decal//计数器减一。<BR>:1000149475F4jne1000148A//继续循环。<BR>:10001496885D0Cmovbyteptr[ebp+0C],bl//循环完毕,BL保存。<BR>:100014998A450Cmoval,byteptr[ebp+0C]//送AL返回主调函数。<BR>:1000149C5Bpopebx<BR>:1000149D5Dpopebp<BR>:1000149EC3ret<BR>======================================================================<BR>后记:<BR>我不知道豪杰是否一直采用这样的注册码生成算法,不过这些老软件倒是基本一样的思路,他们的新版本我没有得到,暂时无法尝试。本文只针对菜鸟,大侠切莫见笑!!恭祝各位坛友新春愉快!万事如意!<BR><BR><BR>结论:<BR>用户名:wanggang<BR>注册码:7zq3-d53t-pht3-gxva</FONT><BR></P>
页:
[1]