|
上面的语句用来判断注册码是否都是数字
-------------------------------------------------------------------------------
* Reference to control Trrr.username : TFlatEdIT
|
0048901F 8B80E0020000 mov eax, [eax+$02E0]
|
00489025 E8065CFAFF call 0042EC30
0048902A 8B45F0 mov eax, [ebp-$10]
0048902D 8D55EC lea edx, [ebp-$14]
|
00489030 E83BFEFFFF call 00488E70 // 进去看看
---------------------------- CALL 00488E70 ----------------------------------------------
00488E70 55 push ebp
00488E71 8BEC mov ebp, esp
00488E73 83C4F8 add esp, -$08
00488E76 53 push ebx
00488E77 56 push esi
00488E78 57 push edi
00488E79 33C9 xor ecx, ecx
00488E7B 894DF8 mov [ebp-$08], ecx
00488E7E 8BF2 mov esi, edx
00488E80 8945FC mov [ebp-$04], eax
00488E83 8B45FC mov eax, [ebp-$04]
|
00488E86 E8B9AFF7FF call 00403E44
00488E8B 33C0 xor eax, eax
00488E8D 55 push ebp
* Possible String Reference to: ’榫腚_^[YY]脨U嬱3蒕QQQQQQQSVW塃?
| 繳h迲H’
|
00488E8E 68118F4800 push $00488F11
***** TRY
|
00488E93 64FF30 push dword ptr fs:[eax]
00488E96 648920 mov fs:[eax], esp
00488E99 33DB xor ebx, ebx
00488E9B 8D55F8 lea edx, [ebp-$08]
* Reference to Tmainform instance
|
00488E9E A1E4784A00 mov eax, dword ptr [$4A78E4]
00488EA3 8B00 mov eax, [eax]
* Reference to : Tmainform.GetDrvID()
|
00488EA5 E882D90000 call 0049682C
00488EAA 8B55F8 mov edx, [ebp-$08] // 取用户名
00488EAD 8D45FC lea eax, [ebp-$04]
00488EB0 8B4DFC mov ecx, [ebp-$04] // 取机器码
|
00488EB3 E824AEF7FF call 00403CDC
00488EB8 8B45FC mov eax, [ebp-$04] // 合并“机器码”,“用户名”
// 设s=“机器码”+“用户名”
|
00488EBB E8D0ADF7FF call 00403C90 // 取s的长度
00488EC0 8BD0 mov edx, eax
00488EC2 85D2 test edx, edx
00488EC4 7C17 jl 00488EDD
00488EC6 42 inc edx
00488EC7 33C0 xor eax, eax
00488EC9 8B4DFC mov ecx, [ebp-$04]
00488ECC 0FB64C01FF movzx ecx, byte ptr [ecx+eax-$01] // 依次取s中的每个字符的
// ASCII码
* Reference to field TFlatEdIT.OFFS_0003
|
00488ED1 8D7803 lea edi, [eax+$03] // edi=eax+3
00488ED4 0FAFCF imul ecx, edi // ecx=ecx*edi
00488ED7 03D9 add ebx, ecx // add ebx,ecx
00488ED9 40 inc eax // eax=eax+1
00488EDA 4A dec edx
00488EDB 75EC jnz 00488EC9 // 有没有取完?
00488EDD 8BC3 mov eax, ebx // eax=ebx
00488EDF 99 cdq
00488EE0 33C2 xor eax, edx //
00488EE2 2BC2 sub eax, edx // 这两句是废话
// 因为edx=0,eax xor 0 = eax
00488EE4 69C0C9430000 imul eax, eax, $000043C9 // eax=eax*43C9H
00488EEA 05BBEF9505 add eax, +$0595EFBB // eax=eax+595EFBBH
00488EEF 8BD6 mov edx, esi // 这时的eax就是注册码了
---------------------------- END CALL 00488E70 ----------------------------------------
00489035 8B45EC mov eax, [ebp-$14]
00489038 8B55F8 mov edx, [ebp-$08]
|
0048903B E860ADF7FF call 00403DA0
00489040 0F8556010000 jnz 0048919C // 这里很眼熟吧,
* Possible String Reference to: ’注册成功!请重新启动浪漫情书……’
|
00489046 B834924800 mov eax, $00489234
.
.
.
.
|
004891E5 5F pop edi
004891E6 5E pop esi
004891E7 5B pop ebx
004891E8 8BE5 mov esp, ebp
004891EA 5D pop ebp
004891EB C3 ret
三. 注册算法总结
s1 = 机器码(不为空)
s2 = 用户名(大于等于6个字符)
s3 = s1跟s2合并,s1在前,s2在后
len = s3的长度
sn = 0
for i=1 to len
sn = (i+3) * (s3中的第i个字符的ASCII码) + sn
next i
sn = sn + 43C9h
sn = sn * 595EFBBh
唉,现在用win2000,上班时SoftIce又不能用,只好用Ollydge拣软柿子了,望大家见谅。 上一页 [1] [2] |
