|
|
提醒:若下载的软件是收费的"请不要付款",可能是骗子,请立即联系本站举报,执意要付款被骗后本站概不负责。(任何交易请走第三方中介,请勿直接付款交易以免被骗!切记).
考无忧2017实战破解+注册机
考无忧2017是用DELPHI XE2写的,所以还是习惯性的用IDR做剖析。其间涉及到注册码算法的有些,我用OD做了盯梢,并且写了注释,便利我们的了解。
首要,依照原贴中,断网,注册转入离线注册。这儿需要输入的内容如下图:
考生名字,手机号,邮箱等都是随意输的,软件也没有做合法性的判断。
注册码一定要输入25位,不符合条件软件会给出相应的提示。
注册科目是软件主动填好的,因为我下载的是winxp的卷子,所以这儿的科目即是winxp。
机器码也是软件主动填好的。
剩余的工作即是咱们自己输入离线注册码了。
在IDR中,查看离线注册按钮的点击事情。
- register.TregisterForm.BitmapButton5Click
- 00893A00 push ebp
- 00893A01 mov ebp,esp
- 00893A03 mov ecx,11
- 00893A08 push 0
- 00893A0A push 0
- 00893A0C dec ecx
- 00893A0D> jne 00893A08
- 00893A0F push ecx
- 00893A10 push ebx
- 00893A11 mov ebx,eax
- 00893A13 xor eax,eax
- 00893A15 push ebp
- 00893A16 push 893EFB
- 00893A1B push dword ptr fs:[eax]
- 00893A1E mov dword ptr fs:[eax],esp
- 00893A21 movzx eax,byte ptr ds:[893F0C];0x1 gvar_00893F0C
- 00893A28 push eax
- 00893A29 lea eax,[ebp-4]
- 00893A2C push eax
- 00893A2D lea edx,[ebp-8]
- 00893A30 mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit //Edit6就是我们输入的离线注册码
- 00893A36 call TControl.GetText
- 00893A3B mov eax,dword ptr [ebp-8]
- 00893A3E xor ecx,ecx
- 00893A40 mov edx,893F1C;' '
- 00893A45 call StringReplace //去掉空格
- 00893A4A movzx eax,byte ptr ds:[893F0C];0x1 gvar_00893F0C
- 00893A51 push eax
- 00893A52 lea eax,[ebp-4]
- 00893A55 push eax
- 00893A56 lea edx,[ebp-0C]
- 00893A59 mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893A5F call TControl.GetText
- 00893A64 mov eax,dword ptr [ebp-0C]
- 00893A67 xor ecx,ecx
- 00893A69 mov edx,893F2C;' '
- 00893A6E call StringReplace //去掉全角空格
- 00893A73 movzx eax,byte ptr ds:[893F0C];0x1 gvar_00893F0C
- 00893A7A push eax
- 00893A7B lea eax,[ebp-4]
- 00893A7E push eax
- 00893A7F lea edx,[ebp-10]
- 00893A82 mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893A88 call TControl.GetText
- 00893A8D mov eax,dword ptr [ebp-10]
- 00893A90 mov ecx,893F3C;'0'
- 00893A95 mov edx,893F4C;'o'
- 00893A9A call StringReplace //把小写字母o换成0
- 00893A9F movzx eax,byte ptr ds:[893F0C];0x1 gvar_00893F0C
- 00893AA6 push eax
- 00893AA7 lea eax,[ebp-4]
- 00893AAA push eax
- 00893AAB lea edx,[ebp-14]
- 00893AAE mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893AB4 call TControl.GetText
- 00893AB9 mov eax,dword ptr [ebp-14]
- 00893ABC mov ecx,893F3C;'0'
- 00893AC1 mov edx,893F5C;'o'
- 00893AC6 call StringReplace //把全角小写字母o换成0
- 00893ACB movzx eax,byte ptr ds:[893F0C];0x1 gvar_00893F0C
- 00893AD2 push eax
- 00893AD3 lea eax,[ebp-4]
- 00893AD6 push eax
- 00893AD7 lea edx,[ebp-18]
- 00893ADA mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893AE0 call TControl.GetText
- 00893AE5 mov eax,dword ptr [ebp-18]
- 00893AE8 mov ecx,893F3C;'0'
- 00893AED mov edx,893F6C;'O'
- 00893AF2 call StringReplace //把大写字母O换成0
- 00893AF7 movzx eax,byte ptr ds:[893F0C];0x1 gvar_00893F0C
- 00893AFE push eax
- 00893AFF lea eax,[ebp-4]
- 00893B02 push eax
- 00893B03 lea edx,[ebp-1C]
- 00893B06 mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893B0C call TControl.GetText
- 00893B11 mov eax,dword ptr [ebp-1C]
- 00893B14 mov ecx,893F3C;'0'
- 00893B19 mov edx,893F7C;'O'
- 00893B1E call StringReplace //把全角大写字母O换成0
- 00893B23 movzx eax,byte ptr ds:[893F0C];0x1 gvar_00893F0C
- 00893B2A push eax
- 00893B2B lea eax,[ebp-4]
- 00893B2E push eax
- 00893B2F lea edx,[ebp-20]
- 00893B32 mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893B38 call TControl.GetText
- 00893B3D mov eax,dword ptr [ebp-20]
- 00893B40 mov ecx,893F8C;'-'
- 00893B45 mov edx,893F9C;'_'
- 00893B4A call StringReplace //把下划线换成减号-
- 00893B4F movzx eax,byte ptr ds:[893F0C];0x1 gvar_00893F0C
- 00893B56 push eax
- 00893B57 lea eax,[ebp-4]
- 00893B5A push eax
- 00893B5B lea edx,[ebp-24]
- 00893B5E mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893B64 call TControl.GetText
- 00893B69 mov eax,dword ptr [ebp-24]
- 00893B6C mov ecx,893F8C;'-'
- 00893B71 mov edx,893FAC;'——' //把破折号换成减号-
- 00893B76 call StringReplace
- 00893B7B movzx eax,byte ptr ds:[893F0C];0x1 gvar_00893F0C
- 00893B82 push eax
- 00893B83 lea eax,[ebp-4]
- 00893B86 push eax
- 00893B87 lea edx,[ebp-28]
- 00893B8A mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893B90 call TControl.GetText
- 00893B95 mov eax,dword ptr [ebp-28]
- 00893B98 mov ecx,893F8C;'-'
- 00893B9D mov edx,893FC0;'—' //把全角横线线换成减号-
- 00893BA2 call StringReplace
- 00893BA7 movzx eax,byte ptr ds:[893F0C];0x1 gvar_00893F0C
- 00893BAE push eax
- 00893BAF lea eax,[ebp-4]
- 00893BB2 push eax
- 00893BB3 lea edx,[ebp-2C]
- 00893BB6 mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893BBC call TControl.GetText
- 00893BC1 mov eax,dword ptr [ebp-2C]
- 00893BC4 mov ecx,893F8C;'-'
- 00893BC9 mov edx,893FD0;'-' //把全角减号换成减号-
- 00893BCE call StringReplace
- 00893BD3 movzx eax,byte ptr ds:[893F0C];0x1 gvar_00893F0C
- 00893BDA push eax
- 00893BDB lea eax,[ebp-4]
- 00893BDE push eax
- 00893BDF lea edx,[ebp-30]
- 00893BE2 mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893BE8 call TControl.GetText
- 00893BED mov eax,dword ptr [ebp-30]
- 00893BF0 mov ecx,893F8C;'-'
- 00893BF5 mov edx,893FE0;'_'
- 00893BFA call StringReplace //把下划线换成减号-
- 00893BFF lea ecx,[ebp-34]
- 00893C02 mov edx,dword ptr [ebp-4]
- 00893C05 mov eax,[007944CC];TZhou
- 00893C0A call TZhou.sbctoDbc
- 00893C0F mov edx,dword ptr [ebp-34]
- 00893C12 lea eax,[ebp-4]
- 00893C15 call @UStrLAsg
- 00893C1A lea edx,[ebp-38]
- 00893C1D mov eax,dword ptr [ebp-4]
- 00893C20 call AnsiUpperCase
- 00893C25 mov edx,dword ptr [ebp-38]
- 00893C28 lea eax,[ebp-4]
- 00893C2B call @UStrLAsg
- 00893C30 mov edx,dword ptr [ebp-4]
- 00893C33 mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893C39 call TControl.SetText
- 00893C3E lea edx,[ebp-3C]
- 00893C41 mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893C47 call TControl.GetText
- 00893C4C cmp dword ptr [ebp-3C],0
- 00893C50> jne 00893C7D
- 00893C52 push 0
- 00893C54 mov ecx,893FE4
- 00893C59 mov edx,893FF0
- 00893C5E mov eax,[009295CC];^Application:TApplication
- 00893C63 mov eax,dword ptr [eax]
- 00893C65 call TApplication.MessageBox
- 00893C6A mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893C70 mov edx,dword ptr [eax]
- 00893C72 call dword ptr [edx+0F4];TWinControl.SetFocus
- 00893C78> jmp 00893E54
- 00893C7D call 00892D40 //这里是判断函数
- //理由,第一,这个CALL后面就是判断加跳转;
- //第二,这个跳转的地址也在这个段,所以应该是判断注册码的地方。
- 00893C82 cmp dword ptr ds:[0A343D4],1;gvar_00A343D4
- 00893C89> jne 00893E2E
- 00893C8F lea edx,[ebp-4C]
- 00893C92 mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893C98 call TControl.GetText
- 00893C9D mov eax,dword ptr [ebp-4C]
- 00893CA0 lea edx,[ebp-48]
- 00893CA3 call EncodeString
- 00893CA8 mov eax,dword ptr [ebp-48]
- 00893CAB lea edx,[ebp-44]
- 00893CAE call 0043121C
- 00893CB3 mov ecx,dword ptr [ebp-44]
- 00893CB6 lea eax,[ebp-40]
- 00893CB9 mov edx,894010;'update user set Rcode='
- 00893CBE call @UStrCat3
- 00893CC3 mov edx,dword ptr [ebp-40]
- 00893CC6 mov eax,[0092946C];^gvar_00A345C8:TCtl
- 00893CCB mov eax,dword ptr [eax]
- 00893CCD call TCtl.exeSQLStatement
- 00893CD2 lea edx,[ebp-5C]
- 00893CD5 mov eax,dword ptr [ebx+3C4];TregisterForm.Edit1:TEdit
- 00893CDB call TControl.GetText
- 00893CE0 mov eax,dword ptr [ebp-5C]
- 00893CE3 lea edx,[ebp-58]
- 00893CE6 call EncodeString
- 00893CEB mov eax,dword ptr [ebp-58]
- 00893CEE lea edx,[ebp-54]
- 00893XF1 call 0043121C
- 00893XF6 mov ecx,dword ptr [ebp-54]
- 00893XF9 lea eax,[ebp-50]
- 00893XFC mov edx,89404C;'update user set Acode='
- 00893D01 call @UStrCat3
- 00893D06 mov edx,dword ptr [ebp-50]
- 00893D09 mov eax,[0092946C];^gvar_00A345C8:TCtl
- 00893D0E mov eax,dword ptr [eax]
- 00893D10 call TCtl.exeSQLStatement
- 00893D15 lea edx,[ebp-6C]
- 00893D18 mov eax,dword ptr [ebx+3B8];TregisterForm.Edit2:TEdit
- 00893D1E call TControl.GetText
- 00893D23 mov eax,dword ptr [ebp-6C]
- 00893D26 lea edx,[ebp-68]
- 00893D29 call Trim
- 00893D2E mov eax,dword ptr [ebp-68]
- 00893D31 lea edx,[ebp-64]
- 00893D34 call 0043121C
- 00893D39 mov ecx,dword ptr [ebp-64]
- 00893D3C lea eax,[ebp-60]
- 00893D3F mov edx,894088;'update user set Name='
- 00893D44 call @UStrCat3
- 00893D49 mov edx,dword ptr [ebp-60]
- 00893D4C mov eax,[0092946C];^gvar_00A345C8:TCtl
- 00893D51 mov eax,dword ptr [eax]
- 00893D53 call TCtl.exeSQLStatement
- 00893D58 lea edx,[ebp-7C]
- 00893D5B mov eax,dword ptr [ebx+3BC];TregisterForm.Edit4:TEdit
- 00893D61 call TControl.GetText
- 00893D66 mov eax,dword ptr [ebp-7C]
- 00893D69 lea edx,[ebp-78]
- 00893D6C call Trim
- 00893D71 mov eax,dword ptr [ebp-78]
- 00893D74 lea edx,[ebp-74]
- 00893D77 call 0043121C
- 00893D7C mov ecx,dword ptr [ebp-74]
- 00893D7F lea eax,[ebp-70]
- 00893D82 mov edx,8940C0;'update user set Phone='
- 00893D87 call @UStrCat3
- 00893D8C mov edx,dword ptr [ebp-70]
- 00893D8F mov eax,[0092946C];^gvar_00A345C8:TCtl
- 00893D94 mov eax,dword ptr [eax]
- 00893D96 call TCtl.exeSQLStatement
- 00893D9B lea edx,[ebp-8C]
- 00893DA1 mov eax,dword ptr [ebx+3C0];TregisterForm.Edit5:TEdit
- 00893DA7 call TControl.GetText
- 00893DAC mov eax,dword ptr [ebp-8C]
- 00893DB2 lea edx,[ebp-88]
- 00893DB8 call Trim
- 00893DBD mov eax,dword ptr [ebp-88]
- 00893DC3 lea edx,[ebp-84]
- 00893DC9 call 0043121C
- 00893DCE mov ecx,dword ptr [ebp-84]
- 00893DD4 lea eax,[ebp-80]
- 00893DD7 mov edx,8940FC;'update user set Email='
- 00893DDC call @UStrCat3
- 00893DE1 mov edx,dword ptr [ebp-80]
- 00893DE4 mov eax,[0092946C];^gvar_00A345C8:TCtl
- 00893DE9 mov eax,dword ptr [eax]
- 00893DEB call TCtl.exeSQLStatement
- 00893DF0 push 0
- 00893DF2 mov ecx,893FE4
- 00893DF7 mov edx,89412C
- 00893DFC mov eax,[009295CC];^Application:TApplication
- 00893E01 mov eax,dword ptr [eax]
- 00893E03 call TApplication.MessageBox
- 00893E08 mov eax,[0092946C];^gvar_00A345C8:TCtl
- 00893E0D mov eax,dword ptr [eax]
- 00893E0F call TCtl.clearTryHistroy
- 00893E14 push 1
- 00893E16 push 894154;'start.exe'
- 00893E1B call kernel32.WinExec
- 00893E20 mov eax,[009295CC];^Application:TApplication
- 00893E25 mov eax,dword ptr [eax]
- 00893E27 call TApplication.Terminate
- 00893E2C> jmp 00893E54
- 00893E2E push 0
- 00893E30 mov ecx,893FE4
- 00893E35 mov edx,894160
- 00893E3A mov eax,[009295CC];^Application:TApplication
- 00893E3F mov eax,dword ptr [eax]
- 00893E41 call TApplication.MessageBox
- 00893E46 mov eax,dword ptr [ebx+3D0];TregisterForm.Edit6:TEdit
- 00893E4C mov edx,dword ptr [eax]
- 00893E4E call dword ptr [edx+0F4];TWinControl.SetFocus
- 00893E54 xor eax,eax
- 00893E56 pop edx
- 00893E57 pop ecx
- 00893E58 pop ecx
- 00893E59 mov dword ptr fs:[eax],edx
- 00893E5C push 893F05
- 00893E61 lea eax,[ebp-8C]
- 00893E67 call @UStrClr
- 00893E6C lea eax,[ebp-88]
- 00893E72 mov edx,3
- 00893E77 call @UStrArrayClr
- 00893E7C lea eax,[ebp-7C]
- 00893E7F call @UStrClr
- 00893E84 lea eax,[ebp-78]
- 00893E87 mov edx,3
- 00893E8C call @UStrArrayClr
- 00893E91 lea eax,[ebp-6C]
- 00893E94 call @UStrClr
- 00893E99 lea eax,[ebp-68]
- 00893E9C mov edx,3
- 00893EA1 call @UStrArrayClr
- 00893EA6 lea eax,[ebp-5C]
- 00893EA9 call @UStrClr
- 00893EAE lea eax,[ebp-58]
- 00893EB1 mov edx,3
- 00893EB6 call @UStrArrayClr
- 00893EBB lea eax,[ebp-4C]
- 00893EBE call @UStrClr
- 00893EC3 lea eax,[ebp-48]
- 00893EC6 mov edx,3
- 00893ECB call @UStrArrayClr
- 00893ED0 lea eax,[ebp-3C]
- 00893ED3 call @UStrClr
- 00893ED8 lea eax,[ebp-38]
- 00893EDB mov edx,2
- 00893EE0 call @UStrArrayClr
- 00893EE5 lea eax,[ebp-30]
- 00893EE8 mov edx,0B
- 00893EED call @UStrArrayClr
- 00893EF2 lea eax,[ebp-4]
- 00893EF5 call @UStrClr
- 00893EFA ret
- 00893EFB> jmp @HandleFinally
- 00893F00> jmp 00893E61
- 00893F05 pop ebx
- 00893F06 mov esp,ebp
- 00893F08 pop ebp
- 00893F09 ret
代码的前面一大段是对输入的离线注册码进行一些小的处理,首要即是把字符变为半角罢了,到后边有个函数的判别,我也标示出来了。并且为何要关注这个函数,作为破解的经历,也同时共享给咱们。
那么咱们就持续看那个函数,假如只剖析代码,也许咱们不太好了解,我把OD盯梢的示例也同时加进去,方便咱们了解。
- register.sub_00892D40
- 00892D40 push ebp
- 00892D41 mov ebp,esp
- 00892D43 mov ecx,8
- 00892D48 push 0
- 00892D4A push 0
- 00892D4C dec ecx
- 00892D4D> jne 00892D48
- 00892D4F push ecx
- 00892D50 push ebx
- 00892D51 push esi
- 00892D52 push edi
- 00892D53 xor eax,eax
- 00892D55 push ebp
- 00892D56 push 892F39
- 00892D5B push dword ptr fs:[eax]
- 00892D5E mov dword ptr fs:[eax],esp
- 00892D61 xor eax,eax
- 00892D63 push ebp
- 00892D64 push 892EFF
- 00892D69 push dword ptr fs:[eax]
- 00892D6C mov dword ptr fs:[eax],esp
- 00892D6F mov dl,1
- 00892D71 mov eax,[00765BD8];TIdHashMessageDigest5
- 00892D76 call TIdHashMessageDigest4.Create;TIdHashMessageDigest5.Create
- 00892D7B mov ebx,eax
- 00892D7D lea edx,[ebp-4]
- 00892D80 mov eax,[00A343A8];gvar_00A343A8:TregisterForm
- 00892D85 mov eax,dword ptr [eax+3C4]
- 00892D8B call TControl.GetText
- 00892D90 movzx eax,byte ptr ds:[892F4C];0x1 gvar_00892F4C
- 00892D97 push eax
- 00892D98 lea eax,[ebp-1C]
- 00892D9B push eax
- 00892D9C movzx eax,byte ptr ds:[892F4C];0x1 gvar_00892F4C
- 00892DA3 push eax
- 00892DA4 lea eax,[ebp-20]
- 00892DA7 push eax
- 00892DA8 push dword ptr ds:[0A343B4];gvar_00A343B4:UnicodeString //4700D-936AF-CEB02-9A5B8,也就是机器码
- 00892DAE push 892F5C;'&' //&字符
- 00892DB3 push dword ptr [ebp-4] //1234567890123456789012345,我们输入的注册码
- 00892DB6 push 892F5C;'&' //&字符
- 00892DBB lea eax,[ebp-2C]
- 00892DBE mov edx,4 //一共4个部分
- 00892DC3 call @UStrCatN //4个部分合并,机器码 & 注册码 &
- 00892DC8 mov edx,dword ptr [ebp-2C] //合并后的字符串是4700D-936AF-CEB02-9A5B8&1234567890123456789012345&
- 00892DCB lea ecx,[ebp-28]
- 00892DCE mov eax,[007944CC];TZhou
- 00892DD3 call TZhou.sbctoDbc //这里是干嘛的暂时不知,应该是对字符串做处理的函数,但是好像对我们这个字符串没有影响,先跳过
- //百度了一下,sbctoDbc应该是全角转半角的函数,所以这里直接忽略了
- 00892DD8 mov eax,dword ptr [ebp-28]
- 00892DDB lea edx,[ebp-24]
- 00892DDE call AnsiUpperCase
- 00892DE3 mov eax,dword ptr [ebp-24]
- 00892DE6 xor ecx,ecx
- 00892DE8 mov edx,892F6C;'-'
- 00892DED call StringReplace //去掉减号-
- 00892DF2 mov eax,dword ptr [ebp-20]
- 00892DF5 xor ecx,ecx
- 00892DF7 mov edx,892F7C;' '
- 00892DFC call StringReplace //去掉空格
- 00892E01 mov edx,dword ptr [ebp-1C] //于是我们得到了字符串4700D936AFCEB029A5B8&1234567890123456789012345&
- 00892E04 lea eax,[ebp-8]
- 00892E07 mov ecx,dword ptr ds:[0A343C0];gvar_00A343C0:UnicodeString //这里是注册科目winxp
- 00892E0D call @UStrCat3 //再合并
- 00892E12 lea eax,[ebp-0C]
- 00892E15 push eax
- 00892E16 xor ecx,ecx
- 00892E18 mov edx,dword ptr [ebp-8] //于是就得到了新的字符串4700D936AFCEB029A5B8&1234567890123456789012345&winxp
- 00892E1B mov eax,ebx
- 00892E1D call TIdHash.HashStringAsHex //这个字符串做MD5转换,得到FF154F7AFB41E7B90B99D975625C6A57
- 00892E22 lea eax,[ebp-10]
- 00892E25 push eax
- 00892E26 lea eax,[ebp-30]
- 00892E29 push eax
- 00892E2A mov ecx,14 //0x14=20
- 00892E2F xor edx,edx
- 00892E31 mov eax,dword ptr [ebp-0C]
- 00892E34 call @UStrCopy //取前20位,得到字符串FF154F7AFB41E7B90B99
- 00892E39 mov edx,dword ptr [ebp-30]
- 00892E3C xor ecx,ecx
- 00892E3E mov eax,ebx
- 00892E40 call TIdHash.HashStringAsHex //再做MD5转换,得到A3122F54C1523C53FE1XF250E62D7BC9
- 00892E45 lea eax,[ebp-34]
- 00892E48 push eax
- 00892E49 mov ecx,5
- 00892E4E xor edx,edx
- 00892E50 mov eax,dword ptr [ebp-10]
- 00892E53 call @UStrCopy //取前5位A3122
- 00892E58 push dword ptr [ebp-34]
- 00892E5B push 892F6C;'-' //合并上-
- 00892E60 lea eax,[ebp-38]
- 00892E63 push eax
- 00892E64 mov ecx,5 //取5位
- 00892E69 mov edx,6 //从第6位开始取
- 00892E6E mov eax,dword ptr [ebp-10]
- 00892E71 call @UStrCopy //得到F54C1
- 00892E76 push dword ptr [ebp-38]
- 00892E79 push 892F6C;'-' //再合并上-
- 00892E7E lea eax,[ebp-3C]
- 00892E81 push eax
- 00892E82 mov ecx,5 //取5位
- 00892E87 mov edx,0B //从第11位开始取
- 00892E8C mov eax,dword ptr [ebp-10]
- 00892E8F call @UStrCopy //得到523C5
- 00892E94 push dword ptr [ebp-3C]
- 00892E97 push 892F6C;'-' //再合并上-
- 00892E9C lea eax,[ebp-40]
- 00892E9F push eax
- 00892EA0 mov ecx,5 //取5位
- 00892EA5 mov edx,10 //从第16位开始取
- 00892EAA mov eax,dword ptr [ebp-10]
- 00892EAD call @UStrCopy //得到3FE1C
- 00892EB2 push dword ptr [ebp-40]
- 00892EB5 lea eax,[ebp-14]
- 00892EB8 mov edx,7 //一共7个部分
- 00892EBD call @UStrCatN //合并,得到A3122-F54C1-523C5-3FE1C
- 00892EC2 lea edx,[ebp-44]
- 00892EC5 mov eax,[00A343A8];gvar_00A343A8:TregisterForm
- 00892ECA mov eax,dword ptr [eax+3D0]
- 00892ED0 call TControl.GetText
- 00892ED5 mov edx,dword ptr [ebp-44] //输入的离线注册码ABCDE
- 00892ED8 mov eax,dword ptr [ebp-14] //刚才算出来的离线注册码A3122-F54C1-523C5-3FE1C
- 00892EDB call @UStrEqual //判断是不是相等
- 00892EE0> jne 00892EEE
- 00892EE2 mov dword ptr ds:[0A343D4],1;gvar_00A343D4
- 00892EEC> jmp 00892EF5
- 00892EEE xor eax,eax
- 00892EF0 mov [00A343D4],eax;gvar_00A343D4
- 00892EF5 xor eax,eax
- 00892EF7 pop edx
- 00892EF8 pop ecx
- 00892EF9 pop ecx
- 00892EFA mov dword ptr fs:[eax],edx
- 00892EFD> jmp 00892F09
- 00892EFF> jmp @HandleAnyException
- 00892F04 call @DoneExcept
- 00892F09 xor eax,eax
- 00892F0B pop edx
- 00892F0C pop ecx
- 00892F0D pop ecx
- 00892F0E mov dword ptr fs:[eax],edx
- 00892F11 push 892F40
- 00892F16 lea eax,[ebp-44]
- 00892F19 call @UStrClr
- 00892F1E lea eax,[ebp-40]
- 00892F21 mov edx,0A
- 00892F26 call @UStrArrayClr
- 00892F2B lea eax,[ebp-14]
- 00892F2E mov edx,5
- 00892F33 call @UStrArrayClr
- 00892F38 ret
- 00892F39> jmp @HandleFinally
- 00892F3E> jmp 00892F16
- 00892F40 mov eax,dword ptr [ebp-18]
- 00892F43 pop edi
- 00892F44 pop esi
- 00892F45 pop ebx
- 00892F46 mov esp,ebp
- 00892F48 pop ebp
- 00892F49 ret
注册机也趁便写出来了,用注册机的成果如下:
通用注册机
K51_KeyGen.rar
(55.39 KB, 下载次数: 132)
联系我时,请说是在 挂海论坛 上看到的,谢谢! |
上一篇: au3反编译方法不错的AU3反编译教程下一篇: MindView 6.0版破解分析记录
免责声明:
1、本主题所有言论和图片纯属会员个人意见,与本论坛立场无关。一切关于该内容及资源商业行为与www.52ghai.com无关。
2、本站提供的一切资源内容信息仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。
3、本站信息来自第三方用户,非本站自制,版权归原作者享有,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑或手机中彻底删除上述内容。
4、如果您喜欢该程序,请支持正版,购买注册,得到更好的正版服务。如有侵犯你版权的,请邮件与我们联系删除(邮箱:[email protected]),本站将立即改正。
|
/1 
好评
贡献
海币
交易币
发表于 2017-6-2 12:08:37
收藏
转播
淘帖
支持
反对
提升卡
置顶卡
变色卡
千斤顶
照妖镜
