[转载]图像转换工具“魔法转换2.0”注册码分析 only for 菜鸟
<P>文章作者: qduwg</P><P><FONT face=宋体>功能:功能强大的图像转换工具(吹牛?)。包括图像浏览、批量转换、图像增强及作品预览四大部分。图像增强包括调整图像大小、调整层次、旋转、镜象,还有锐化、模糊、马塞克、浮雕、底片、旋涡、喷雾等效果。你可以将这些效果自定义成方案,然后再进行批量转换。而且它还支持拖入文件到批量转换列表。同时它还能方便的将图像生成.EXE可执行文件。<BR>工具:softice,PEID,Casper<BR><BR>引子:今天又实验了一下这个图片批量转换工具,实在不敢恭维,里面没有帮助,我转换图片不成功,只是对其注册码机制感兴趣,所以才有了这篇破文。拿PEID检查一下,还是用ASPack2.000->AlexeySolodovnikov加壳的。用CASPER可以脱壳,方便抓取代码写破文。启动程序,打开“帮助”菜单,点击“注册”,弹出注册窗口,输入姓名wanggang,注册码654321。调出Softice,下断点bpxhmemcpy,F5退出,然后点击“确定”,被拦截。按7次F12即可来到主程序空间内:<BR><BR>00561263|>8D55F8LEAEDX,DWORDPTRSS:[EBP-8]<BR>00561266|.8B83E8020000MOVEAX,DWORDPTRDS:[EBX+2E8]<BR>0056126C|.E8FB78EDFFCALLMAGCT1.00438B6C<BR>00561271|.8B45F8MOVEAX,DWORDPTRSS:[EBP-8]//注册码地址送EAX。<BR>00561274|.50PUSHEAX<BR>00561275|.8D55F0LEAEDX,DWORDPTRSS:[EBP-10]<BR>00561278|.8B83E4020000MOVEAX,DWORDPTRDS:[EBX+2E4]<BR>0056127E|.E8E978EDFFCALLMAGCT1.00438B6C<BR>00561283|.8B45F0MOVEAX,DWORDPTRSS:[EBP-10]<BR>00561286|.8D55F4LEAEDX,DWORDPTRSS:[EBP-C]<BR>00561289|.E84E4CFFFFCALLMAGCT1.00555EDC//此函数产生注册码。分析在后面。(1)<BR>0056128E|.8B55F4MOVEDX,DWORDPTRSS:[EBP-C]<BR>00561291|.58POPEAX<BR>00561292|.E8052FEAFFCALLMAGCT1.0040419C//这个函数比较真假码。分析在后面。(2)<BR>00561297|.0F85CE000000JNZMAGCT1.0056136B//如果注册码正确,则这里就不跳。<BR>0056129D|.8D45ECLEAEAX,DWORDPTRSS:[EBP-14]<BR>005612A0|.E8EF48FFFFCALLMAGCT1.00555B94<BR>005612A5|.8D45ECLEAEAX,DWORDPTRSS:[EBP-14]<BR>005612A8|.BAD8135600MOVEDX,MAGCT1.005613D8;ASCII"\win.ini"<BR>005612AD|.E8E22DEAFFCALLMAGCT1.00404094//把注册码和用户名写入win.ini内。<BR>005612B2|.8B4DECMOVECX,DWORDPTRSS:[EBP-14]<BR>005612B5|.B201MOVDL,1<BR>005612B7|.A19C344700MOVEAX,DWORDPTRDS:[47349C]<BR>005612BC|.E82B23F1FFCALLMAGCT1.004735EC<BR>005612C1|.A3E4675700MOVDWORDPTRDS:[5767E4],EAX<BR>005612C6|.8D55E8LEAEDX,DWORDPTRSS:[EBP-18]<BR>005612C9|.8B83E4020000MOVEAX,DWORDPTRDS:[EBX+2E4]<BR>005612CF|.E89878EDFFCALLMAGCT1.00438B6C<BR>005612D4|.8B45E8MOVEAX,DWORDPTRSS:[EBP-18]<BR>005612D7|.50PUSHEAX<BR>005612D8|.B9EC135600MOVECX,MAGCT1.005613EC;ASCII"name"<BR>005612DD|.BAFC135600MOVEDX,MAGCT1.005613FC;ASCII"magct"<BR>005612E2|.A1E4675700MOVEAX,DWORDPTRDS:[5767E4]<BR>005612E7|.8B30MOVESI,DWORDPTRDS:[EAX]<BR>005612E9|.FF5604CALLDWORDPTRDS:[ESI+4]<BR>005612EC|.8D55E4LEAEDX,DWORDPTRSS:[EBP-1C]<BR>005612EF|.8B83E8020000MOVEAX,DWORDPTRDS:[EBX+2E8]<BR>005612F5|.E87278EDFFCALLMAGCT1.00438B6C<BR>005612FA|.8B45E4MOVEAX,DWORDPTRSS:[EBP-1C]<BR>005612FD|.50PUSHEAX<BR>005612FE|.B90C145600MOVECX,MAGCT1.0056140C;ASCII"code"<BR>00561303|.BAFC135600MOVEDX,MAGCT1.005613FC;ASCII"magct"<BR>00561308|.A1E4675700MOVEAX,DWORDPTRDS:[5767E4]<BR>0056130D|.8B30MOVESI,DWORDPTRDS:[EAX]<BR>0056130F|.FF5604CALLDWORDPTRDS:[ESI+4]<BR>00561312|.A1E4675700MOVEAX,DWORDPTRDS:[5767E4]<BR>00561317|.E8781DEAFFCALLMAGCT1.00403094<BR>0056131C|.BA1C145600MOVEDX,MAGCT1.0056141C<BR>00561321|.8B83F4020000MOVEAX,DWORDPTRDS:[EBX+2F4]<BR>00561327|.E87078EDFFCALLMAGCT1.00438B9C<BR>0056132C|.33D2XOREDX,EDX<BR>0056132E|.8B83F0020000MOVEAX,DWORDPTRDS:[EBX+2F0]<BR>00561334|.8B08MOVECX,DWORDPTRDS:[EAX]<BR>00561336|.FF515CCALLDWORDPTRDS:[ECX+5C]<BR>00561339|.6A40PUSH40<BR>0056133B|.6824145600PUSHMAGCT1.00561424<BR>00561340|.8D55E0LEAEDX,DWORDPTRSS:[EBP-20]<BR>00561343|.8B83E4020000MOVEAX,DWORDPTRDS:[EBX+2E4]<BR>00561349|.E81E78EDFFCALLMAGCT1.00438B6C<BR>0056134E|.8D45E0LEAEAX,DWORDPTRSS:[EBP-20]<BR>00561351|.BA38145600MOVEDX,MAGCT1.00561438<BR>00561356|.E8392DEAFFCALLMAGCT1.00404094<BR>0056135B|.8B45E0MOVEAX,DWORDPTRSS:[EBP-20]<BR>0056135E|.E8ED2EEAFFCALLMAGCT1.00404250<BR>00561363|.50PUSHEAX;|Text="U嬱兡餝3缐E鸶V"<BR>00561364|.6A00PUSH0;|hOwner=NULL<BR>00561366|.E8F567EAFFCALL<JMP.&user32.MessageBoxA>;\MessageBox//显示注册成功。<BR>=====================================================================================================<BR>下面分析(1)处的函数:<BR>00555EDC/$55PUSHEBP<BR>00555EDD|.8BECMOVEBP,ESP<BR>00555EDF|.83C4F4ADDESP,-0C<BR>00555EE2|.53PUSHEBX<BR>00555EE3|.56PUSHESI<BR>00555EE4|.57PUSHEDI<BR>00555EE5|.33C9XORECX,ECX<BR>00555EE7|.894DF4MOVDWORDPTRSS:[EBP-C],ECX<BR>00555EEA|.8BFAMOVEDI,EDX<BR>00555EEC|.8BF0MOVESI,EAX<BR>00555EEE|.33C0XOREAX,EAX<BR>00555EF0|.55PUSHEBP<BR>00555EF1|.68A95F5500PUSHMAGCT1.00555FA9<BR>00555EF6|.64:FF30PUSHDWORDPTRFS:[EAX]<BR>00555EF9|.64:8920MOVDWORDPTRFS:[EAX],ESP<BR>00555EFC|.85F6TESTESI,ESI<BR>00555EFE|.0F848F000000JEMAGCT1.00555F93<BR>00555F04|.8BC6MOVEAX,ESI<BR>00555F06|.E881E1EAFFCALLMAGCT1.0040408C//取用户名长度。<BR>00555F0B|.85C0TESTEAX,EAX<BR>00555F0D|.7E4DJLESHORTMAGCT1.00555F5C//用户名长度为0则错。<BR>00555F0F|.8945F8MOVDWORDPTRSS:[EBP-8],EAX//用户名长度送[EBP-8],作为循环次数。<BR>00555F12|.BB01000000MOVEBX,1//EBX初始化为1。<BR>00555F17|>33C0/XOREAX,EAX<BR>00555F19|.8A441EFF|MOVAL,BYTEPTRDS:[ESI+EBX-1]//用户名字符依次送AL。<BR>00555F1D|.99|CDQ//扩展到EDX。<BR>00555F1E|.F7FB|IDIVEBX//除以EBX。EBX分别取1到用户名长度。<BR>00555F20|.8945FC|MOVDWORDPTRSS:[EBP-4],EAX//EAX为商,保存到[EBP-4]<BR>00555F23|.8BC6|MOVEAX,ESI<BR>00555F25|.E862E1EAFF|CALLMAGCT1.0040408C//取用户名长度。<BR>00555F2A|.50|PUSHEAX//长度压栈。<BR>00555F2B|.8B45FC|MOVEAX,DWORDPTRSS:[EBP-4]//把商送EAX。<BR>00555F2E|.5A|POPEDX//长度出栈,送EDX。<BR>00555F2F|.8BCA|MOVECX,EDX//EDX送ECX。<BR>00555F31|.99|CDQ<BR>00555F32|.F7F9|IDIVECX//EAX再次除以长度。<BR>00555F34|.33D2|XOREDX,EDX<BR>00555F36|.8A541EFF|MOVDL,BYTEPTRDS:[ESI+EBX-1]//用户名字符取到DL。<BR>00555F3A|.83C203|ADDEDX,3//字符加3。<BR>00555F3D|.F7EA|IMULEDX//EAX乘以EDX。<BR>00555F3F|.8D4DF4|LEAECX,DWORDPTRSS:[EBP-C]<BR>00555F42|.BA03000000|MOVEDX,3<BR>00555F47|.E8BC34EBFF|CALLMAGCT1.00409408//此函数把得到的3字节数字变换为对应的3个ASSIC码。(3)<BR>00555F4C|.8B55F4|MOVEDX,DWORDPTRSS:[EBP-C]//新串地址送EDX。<BR>00555F4F|.8BC7|MOVEAX,EDI<BR>00555F51|.E83EE1EAFF|CALLMAGCT1.00404094//把每次得到的3位字符串接起来。<BR>00555F56|.43|INCEBX<BR>00555F57|.FF4DF8|DECDWORDPTRSS:[EBP-8]//计数器减1。<BR>00555F5A|.^75BB\JNZSHORTMAGCT1.00555F17//未完则继续循环。<BR>00555F5C|>8B07MOVEAX,DWORDPTRDS:[EDI]<BR>00555F5E|.E829E1EAFFCALLMAGCT1.0040408C//取新串长度。<BR>00555F63|.83F808CMPEAX,8<BR>00555F66|.7D10JGESHORTMAGCT1.00555F78//大于8则OK。<BR>00555F68|.8B0FMOVECX,DWORDPTRDS:[EDI]<BR>00555F6A|.8BC7MOVEAX,EDI<BR>00555F6C|.BAC05F5500MOVEDX,MAGCT1.00555FC0<BR>00555F71|.E862E1EAFFCALLMAGCT1.004040D8<BR>00555F76|.EB1BJMPSHORTMAGCT1.00555F93<BR>00555F78|>8B07MOVEAX,DWORDPTRDS:[EDI]//新串地址送EAX。<BR>00555F7A|.E80DE1EAFFCALLMAGCT1.0040408C//取串长。<BR>00555F7F|.83F80CCMPEAX,0C//与C比较。<BR>00555F82|.7E0FJLESHORTMAGCT1.00555F93//小于等于C则跳。<BR>00555F84|.57PUSHEDI<BR>00555F85|.8B07MOVEAX,DWORDPTRDS:[EDI]<BR>00555F87|.B90C000000MOVECX,0C<BR>00555F8C|.33D2XOREDX,EDX<BR>00555F8E|.E801E3EAFFCALLMAGCT1.00404294//此函数取产生的新串的前12位做为注册码。<BR>00555F93|>33C0XOREAX,EAX<BR>00555F95|.5APOPEDX<BR>00555F96|.59POPECX<BR>00555F97|.59POPECX<BR>00555F98|.64:8910MOVDWORDPTRFS:[EAX],EDX<BR>00555F9B|.68B05F5500PUSHMAGCT1.00555FB0<BR>00555FA0|>8D45F4LEAEAX,DWORDPTRSS:[EBP-C]<BR>00555FA3|.E854DEEAFFCALLMAGCT1.00403DFC<BR>00555FA8\.C3RETN<BR>=====================================================================================================<BR>下面分析(2)处函数:<BR>0040419C/$53PUSHEBX<BR>0040419D|.56PUSHESI<BR>0040419E|.57PUSHEDI<BR>0040419F|.89C6MOVESI,EAX<BR>004041A1|.89D7MOVEDI,EDX<BR>004041A3|.39D0CMPEAX,EDX<BR>004041A5|.0F848F000000JEMAGCT1.0040423A<BR>004041AB|.85F6TESTESI,ESI<BR>004041AD|.7468JESHORTMAGCT1.00404217<BR>004041AF|.85FFTESTEDI,EDI<BR>004041B1|.746BJESHORTMAGCT1.0040421E<BR>004041B3|.8B46FCMOVEAX,DWORDPTRDS:[ESI-4]//假码长度送EAX。<BR>004041B6|.8B57FCMOVEDX,DWORDPTRDS:[EDI-4]//真码长度送EDX。<BR>004041B9|.29D0SUBEAX,EDX<BR>004041BB|.7702JASHORTMAGCT1.004041BF//假码比真码长则OVER。<BR>004041BD|.01C2ADDEDX,EAX<BR>004041BF|>52PUSHEDX<BR>004041C0|.C1EA02SHREDX,2<BR>004041C3|.7426JESHORTMAGCT1.004041EB<BR>004041C5|>8B0E/MOVECX,DWORDPTRDS:[ESI]//假码送ECX。<BR>004041C7|.8B1F|MOVEBX,DWORDPTRDS:[EDI]//真码送EBX。<BR>004041C9|.39D9|CMPECX,EBX//比较。<BR>004041CB|.7558|JNZSHORTMAGCT1.00404225//不等则OVER。<BR>004041CD|.4A|DECEDX<BR>004041CE|.7415|JESHORTMAGCT1.004041E5//比较结束则跳。<BR>004041D0|.8B4E04|MOVECX,DWORDPTRDS:[ESI+4]<BR>004041D3|.8B5F04|MOVEBX,DWORDPTRDS:[EDI+4]<BR>004041D6|.39D9|CMPECX,EBX<BR>004041D8|.754B|JNZSHORTMAGCT1.00404225<BR>004041DA|.83C608|ADDESI,8<BR>004041DD|.83C708|ADDEDI,8<BR>004041E0|.4A|DECEDX<BR>004041E1|.^75E2\JNZSHORTMAGCT1.004041C5//未完则继续循环。<BR>004041E3|.EB06JMPSHORTMAGCT1.004041EB<BR>004041E5|>83C604ADDESI,4<BR>004041E8|.83C704ADDEDI,4<BR>004041EB|>5APOPEDX<BR>004041EC|.83E203ANDEDX,3<BR>*省去多行*<BR>00404225|>5APOPEDX<BR>00404226|.38D9CMPCL,BL<BR>00404228|.7510JNZSHORTMAGCT1.0040423A<BR>0040422A|.38FDCMPCH,BH<BR>0040422C|.750CJNZSHORTMAGCT1.0040423A<BR>0040422E|.C1E910SHRECX,10<BR>00404231|.C1EB10SHREBX,10<BR>00404234|.38D9CMPCL,BL<BR>00404236|.7502JNZSHORTMAGCT1.0040423A<BR>00404238|.38FDCMPCH,BH<BR>0040423A|>5FPOPEDI<BR>0040423B|.5EPOPESI<BR>0040423C|.5BPOPEBX<BR>0040423D\.C3RETN<BR>=====================================================================================================<BR>下面分析(3)处函数:<BR>00409408/$83C4F0ADDESP,-10<BR>0040940B|.6A01PUSH1<BR>0040940D|.89542404MOVDWORDPTRSS:[ESP+4],EDX<BR>00409411|.C644240800MOVBYTEPTRSS:[ESP+8],0<BR>00409416|.8944240CMOVDWORDPTRSS:[ESP+C],EAX<BR>0040941A|.C644241000MOVBYTEPTRSS:[ESP+10],0<BR>0040941F|.8D442404LEAEAX,DWORDPTRSS:[ESP+4]<BR>00409423|.BA3C944000MOVEDX,MAGCT1.0040943C<BR>00409428|.91XCHGEAX,ECX<BR>00409429|.E87A0E0000CALLMAGCT1.0040A2A8//跟入这个函数,代码在后面:(4)<BR>0040942E|.83C410ADDESP,10<BR>00409431\.C3RETN<BR>*****<BR>函数(4)代码如下:<BR>0040A2A8/$55PUSHEBP<BR>0040A2A9|.8BECMOVEBP,ESP<BR>0040A2AB|.81C404F0FFFFADDESP,-0FFC<BR>*省略多行*<BR>0040A2F7|.8D85F6EFFFFFLEAEAX,DWORDPTRSS:[EBP-100A]<BR>0040A2FD|.E832FBFFFFCALLMAGCT1.00409E34//这个函数分解得到16进制数为字符。(5)<BR>0040A302|.EB0CJMPSHORTMAGCT1.0040A310<BR>0040A304|>8B45FCMOVEAX,DWORDPTRSS:[EBP-4]<BR>0040A307|.E8809DFFFFCALLMAGCT1.0040408C<BR>0040A30C|.8BD8MOVEBX,EAX<BR>0040A30E|.8BC3MOVEAX,EBX<BR>0040A310|>8BD3MOVEDX,EBX<BR>0040A312|.4ADECEDX<BR>0040A313|.3BC2CMPEAX,EDX<BR>0040A315|.7C43JLSHORTMAGCT1.0040A35A//此处跳走。<BR>*省去多行*<BR>0040A35A|>8D95F6EFFFFFLEAEDX,DWORDPTRSS:[EBP-100A]//分解出的3位字符的地址送EDX。<BR>0040A360|.8BCEMOVECX,ESI<BR>0040A362|.91XCHGEAX,ECX<BR>0040A363|.E87C9BFFFFCALLMAGCT1.00403EE4//复制得到3位字符到另外地址。<BR>0040A368|>5EPOPESI<BR>0040A369|.5BPOPEBX<BR>0040A36A|.8BE5MOVESP,EBP<BR>0040A36C|.5DPOPEBP<BR>0040A36D\.C20400RETN4<BR>函数(5)的代码如下:<BR>*省去多行*<BR>00409E84>8845EBMOVBYTEPTRSS:[EBP-15],AL<BR>00409E87.80F82DCMPAL,2D<BR>00409E8A.7505JNZSHORTMAGCT1.00409E91<BR>00409E8C.39CECMPESI,ECX<BR>00409E8E.^74DAJESHORTMAGCT1.00409E6A<BR>00409E90.ACLODSBYTEPTRDS:[ESI]<BR>00409E91>E880000000CALLMAGCT1.00409F16<BR>00409E96.80F83ACMPAL,3A<BR>00409E99.750AJNZSHORTMAGCT1.00409EA5<BR>00409E9B.895DF8MOVDWORDPTRSS:[EBP-8],EBX<BR>00409E9E.39CECMPESI,ECX<BR>00409EA0.^74C8JESHORTMAGCT1.00409E6A<BR>00409EA2.ACLODSBYTEPTRDS:[ESI]<BR>00409EA3.^EBDFJMPSHORTMAGCT1.00409E84<BR>00409EA5>895DE4MOVDWORDPTRSS:[EBP-1C],EBX<BR>00409EA8.BBFFFFFFFFMOVEBX,-1<BR>00409EAD.80F82ECMPAL,2E<BR>00409EB0.750AJNZSHORTMAGCT1.00409EBC<BR>00409EB2.39CECMPESI,ECX<BR>00409EB4.^74B4JESHORTMAGCT1.00409E6A<BR>00409EB6.ACLODSBYTEPTRDS:[ESI]<BR>00409EB7.E85A000000CALLMAGCT1.00409F16<BR>00409EBC>895DE0MOVDWORDPTRSS:[EBP-20],EBX<BR>00409EBF.8975DCMOVDWORDPTRSS:[EBP-24],ESI<BR>00409EC2.51PUSHECX<BR>00409EC3.52PUSHEDX<BR>00409EC4.E896000000CALLMAGCT1.00409F5F//在这个函数内进行变换。(6)<BR>00409EC9.5APOPEDX<BR>00409ECA.8B5DE4MOVEBX,DWORDPTRSS:[EBP-1C]<BR>00409ECD.29CBSUBEBX,ECX<BR>00409ECF.7302JNBSHORTMAGCT1.00409ED3<BR>*省略多行*<BR>00409EFB>F3:A4REPMOVSBYTEPTRES:[EDI],BYTEPTRDS:[ESI]//把分解的字符复制到另外地址。<BR>00409EFD.837DF400CMPDWORDPTRSS:[EBP-C],0<BR>00409F01.740AJESHORTMAGCT1.00409F0D<BR>00409F03.52PUSHEDX<BR>00409F04.8D45F4LEAEAX,DWORDPTRSS:[EBP-C]<BR>00409F07.E81CFFFFFFCALLMAGCT1.00409E28<BR>00409F0C.5APOPEDX<BR>00409F0D>59POPECX<BR>00409F0E.8B75DCMOVESI,DWORDPTRSS:[EBP-24]<BR>00409F11.^E942FFFFFFJMPMAGCT1.00409E58<BR>函数(6)的代码如下:<BR><BR>00409F5F/$24DFANDAL,0DF<BR>00409F61|.88C1MOVCL,AL<BR>00409F63|.B801000000MOVEAX,1<BR>00409F68|.8B5DF8MOVEBX,DWORDPTRSS:[EBP-8]<BR>00409F6B|.3B5D08CMPEBX,DWORDPTRSS:[EBP+8]<BR>00409F6E|.775CJASHORTMAGCT1.00409FCC<BR>00409F70|.FF45F8INCDWORDPTRSS:[EBP-8]<BR>00409F73|.8B750CMOVESI,DWORDPTRSS:[EBP+C]<BR>00409F76|.8D34DELEAESI,DWORDPTRDS:[ESI+EBX*8]<BR>00409F79|.8B06MOVEAX,DWORDPTRDS:[ESI]//取分解之前的数到EAX。<BR>00409F7B|.0FB65E04MOVZXEBX,BYTEPTRDS:[ESI+4]<BR>00409F7F|.FF249D869F400>JMPDWORDPTRDS:[EBX*4+409F86]<BR>*省去多行*<BR>0040A0AE|>31D2/XOREDX,EDX<BR>0040A0B0|.F7F1|DIVECX//EAX除以ECX,ECX内为10h。<BR>0040A0B2|.80C230|ADDDL,30//余数加30h。<BR>0040A0B5|.80FA3A|CMPDL,3A//与3A比较。<BR>0040A0B8|.7203|JBSHORTMAGCT1.0040A0BD//如果小于则为数字。<BR>0040A0BA|.80C207|ADDDL,7//否则加7,变为大写字符。<BR>0040A0BD|>4E|DECESI<BR>0040A0BE|.8816|MOVBYTEPTRDS:[ESI],DL<BR>0040A0C0|.09C0|OREAX,EAX<BR>0040A0C2|.^75EA\JNZSHORTMAGCT1.0040A0AE//未完继续。<BR>0040A0C4|.8D4D9FLEAECX,DWORDPTRSS:[EBP-61]<BR>0040A0C7|.29F1SUBECX,ESI<BR>0040A0C9|.8B55E0MOVEDX,DWORDPTRSS:[EBP-20]<BR>0040A0CC|.83FA10CMPEDX,10<BR>0040A0CF|.7601JBESHORTMAGCT1.0040A0D2<BR>0040A0D1|.C3RETN<BR>================================================================================<BR>后记:<BR>跟踪这个软件倒是没有费多大劲,写这篇破文也就用了1个小时。注册机制比较简单,就是根据用户名前4位计算得到12位注册码。下面附上一个比较简单的注册机,TC写的,非常糟糕,希望不要见笑!<BR>#include"string.h"<BR>main()<BR>{<BR>charname[20],s[3];<BR>inti,j,yushu,temp;<BR>inteax,ebx,ecx,edx;<BR>printf("inputyourname\n");<BR>scanf("%s",name);<BR>ebx=1;<BR>ecx=strlen(name);<BR>for(i=0;i<4;i++)<BR>{eax=name[i];<BR>edx=eax;<BR>eax=eax/ebx;<BR>ebx++;<BR>eax=eax/ecx;<BR>eax=eax*(edx+3);//计算姓名前4位。<BR>temp=eax;<BR>{for(j=0;j<3;j++)//此循环把每个字符变ASSIC码。<BR>{<BR>yushu=temp%0x10;<BR>yushu=(0xf&yushu)+0x30;<BR>temp=temp/0x10;<BR>if(yushu<0x3a)<BR>s[2-j]=yushu;<BR>else<BR>{yushu=yushu+7;<BR>s[2-j]=yushu;}<BR>}<BR>printf("%s",s);}<BR><BR>}<BR>}<BR>结论:<BR>随便写出几个注册码:<BR><BR>用户名注册码<BR>cracker5943A8190132<BR>wanggang6AC2581C413E<BR>注册成功后,在win.ini文件内写入注册码和用户名,明码形式。如果修改里面的注册码就可以重新注册了。<BR><BR>最后感谢您的支持和关注!!</FONT><BR></P>
页:
[1]