eLib2.01算法分析 -pc6资讯

您的位置：首页 → 精文荟萃 → 破解文章 → eLib2.01算法分析

eLib2.01算法分析 时间：2004/10/15 0:51:00来源：本站整理作者：蓝点我要评论(0): 　

eLib2.01算法分析
//////////////////////////////////////////////////////////////////////////
:00465A70 83FA1D cmp edx, 0000001D //比较注册码长度是否29位
:00465A73 7423 je 00465A98
:00465A75 33C0 xor eax, eax
:00465A77 BA02000000 mov edx, 00000002
:00465A7C 50 push eax
:00465A7D 8D450C lea eax, dword ptr [ebp+0C]
:00465A80 FF4DF4 dec [ebp-0C]
:00465A83 E8E8A40B00 call 0051FF70
:00465A88 58 pop eax
:00465A89 8B55D8 mov edx, dword ptr [ebp-28]
:00465A8C 64891500000000 mov dword ptr fs:[00000000], edx
:00465A93 E9EF000000 jmp 00465B87

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00465A73(C)
|
:00465A98 6A06 push 00000006
:00465A9A 8D4D0C lea ecx, dword ptr [ebp+0C]
:00465A9D 51 push ecx
:00465A9E E839A20B00 call 0051FCDC
:00465AA3 83C408 add esp, 00000008
:00465AA6 8D450C lea eax, dword ptr [ebp+0C]

:00465AA9 E816A70B00 call 005201C4 //取出假注册码
:00465AAE 8B550C mov edx, dword ptr [ebp+0C]
:00465AB1 83C205 add edx, 00000005
:00465AB4 0FBE0A movsx ecx, byte ptr [edx]
:00465AB7 83F92D cmp ecx, 0000002D //比较第六位是否'-'
:00465ABA 756C jne 00465B28
:00465ABC 6A0C push 0000000C
:00465ABE 8D450C lea eax, dword ptr [ebp+0C]
:00465AC1 50 push eax
:00465AC2 E815A20B00 call 0051FCDC
:00465AC7 83C408 add esp, 00000008
:00465ACA 8D450C lea eax, dword ptr [ebp+0C]
:00465ACD E8F2A60B00 call 005201C4
:00465AD2 8B550C mov edx, dword ptr [ebp+0C]
:00465AD5 83C20B add edx, 0000000B
:00465AD8 0FBE0A movsx ecx, byte ptr [edx]
:00465ADB 83F92D cmp ecx, 0000002D//比较第12位是否'-'
:00465ADE 7548 jne 00465B28
:00465AE0 6A12 push 00000012
:00465AE2 8D450C lea eax, dword ptr [ebp+0C]
:00465AE5 50 push eax
:00465AE6 E8F1A10B00 call 0051FCDC
:00465AEB 83C408 add esp, 00000008
:00465AEE 8D450C lea eax, dword ptr [ebp+0C]
:00465AF1 E8CEA60B00 call 005201C4
:00465AF6 8B550C mov edx, dword ptr [ebp+0C]
:00465AF9 83C211 add edx, 00000011
:00465AFC 0FBE0A movsx ecx, byte ptr [edx]
:00465AFF 83F92D cmp ecx, 0000002D //比较第18位是否'-'
:00465B02 7524 jne 00465B28
:00465B04 6A18 push 00000018
:00465B06 8D450C lea eax, dword ptr [ebp+0C]
:00465B09 50 push eax
:00465B0A E8CDA10B00 call 0051FCDC
:00465B0F 83C408 add esp, 00000008
:00465B12 8D450C lea eax, dword ptr [ebp+0C]
:00465B15 E8AAA60B00 call 005201C4
:00465B1A 8B550C mov edx, dword ptr [ebp+0C]
:00465B1D 83C217 add edx, 00000017
:00465B20 0FBE0A movsx ecx, byte ptr [edx]
:00465B23 83F92D cmp ecx, 0000002D //比较第24位是否'-'
:00465B26 7420 je 00465B48 //跳!!

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00465ABA(C), :00465ADE(C), :00465B02(C)
|
:00465B28 33C0 xor eax, eax
:00465B2A BA02000000 mov edx, 00000002
:00465B2F 50 push eax
:00465B30 8D450C lea eax, dword ptr [ebp+0C]
:00465B33 FF4DF4 dec [ebp-0C]
:00465B36 E835A40B00 call 0051FF70
:00465B3B 58 pop eax
:00465B3C 8B55D8 mov edx, dword ptr [ebp-28]
:00465B3F 64891500000000 mov dword ptr fs:[00000000], edx
:00465B46 EB3F jmp 00465B87

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00465B26(C)
|
:00465B48 8B4D0C mov ecx, dword ptr [ebp+0C]
:00465B4B 85C9 test ecx, ecx
:00465B4D 7405 je 00465B54
:00465B4F 8B450C mov eax, dword ptr [ebp+0C]
:00465B52 EB05 jmp 00465B59//再跳!!

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00465B4D(C)
|
:00465B54 B896345400 mov eax, 00543496

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00465B52(U)
|
:00465B59 50 push eax
:00465B5A 53 push ebx
:00465B5B E8C0F9FFFF call 00465520//进去!!!
:00465B60 83C408 add esp, 00000008
:00465B63 85C0 test eax, eax
:00465B65 0F94C0 sete al
: :

============================00465520 BEGIN============================
//////////////////////////////////////////////////////////////////////
:00465520 55 push ebp
:00465521 8BEC mov ebp, esp
:00465523 83C48C add esp, FFFFFF8C
:00465526 53 push ebx
:00465527 8B5D0C mov ebx, dword ptr [ebp+0C]
:0046552A 53 push ebx
:0046552B E8C8FD0A00 call 005152F8
:00465530 59 pop ecx
:00465531 83F81D cmp eax, 0000001D
:00465534 740A je 00465540
:00465536 B801000000 mov eax, 00000001
:0046553B E98C040000 jmp 004659CC

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00465534(C)
|
:00465540 0FBE5305 movsx edx, byte ptr [ebx+05]
:00465544 83FA2D cmp edx, 0000002D
:00465547 751B jne 00465564
:00465549 0FBE4B0B movsx ecx, byte ptr [ebx+0B]
:0046554D 83F92D cmp ecx, 0000002D
:00465550 7512 jne 00465564
:00465552 0FBE4311 movsx eax, byte ptr [ebx+11]
:00465556 83F82D cmp eax, 0000002D
:00465559 7509 jne 00465564
:0046555B 0FBE5317 movsx edx, byte ptr [ebx+17]
:0046555F 83FA2D cmp edx, 0000002D
:00465562 740A je 0046556E
===============比较6,12,18,24各位是否'-',注册码长度是否29位=========
/////////////////////////////////////////////////////////////////////
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00465547(C), :00465550(C), :00465559(C)
|
:00465564 B802000000 mov eax, 00000002
:00465569 E95E040000 jmp 004659CC

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00465562(C)
|
:0046556E 6A05 push 00000005
:00465570 53 push ebx
:00465571 8D55F8 lea edx, dword ptr [ebp-08]
:00465574 52 push edx
:00465575 E82EFC0A00 call 005151A8
:0046557A 83C40C add esp, 0000000C
:0046557D 6A05 push 00000005
:0046557F 8D4B06 lea ecx, dword ptr [ebx+06]
:00465582 51 push ecx
:00465583 8D45F0 lea eax, dword ptr [ebp-10]
:00465586 50 push eax
:00465587 E81CFC0A00 call 005151A8
:0046558C 83C40C add esp, 0000000C
:0046558F 6A05 push 00000005
:00465591 8D530C lea edx, dword ptr [ebx+0C]
:00465594 52 push edx
:00465595 8D4DE8 lea ecx, dword ptr [ebp-18]
:00465598 51 push ecx
:00465599 E80AFC0A00 call 005151A8
:0046559E 83C40C add esp, 0000000C
:004655A1 6A05 push 00000005
:004655A3 8D4312 lea eax, dword ptr [ebx+12]
:004655A6 50 push eax
:004655A7 8D55E0 lea edx, dword ptr [ebp-20]
:004655AA 52 push edx
:004655AB E8F8FB0A00 call 005151A8
:004655B0 83C40C add esp, 0000000C
:004655B3 6A05 push 00000005
:004655B5 83C318 add ebx, 00000018
:004655B8 53 push ebx
:004655B9 8D45D8 lea eax, dword ptr [ebp-28]
:004655BC 50 push eax
:004655BD E8E6FB0A00 call 005151A8
:004655C2 83C40C add esp, 0000000C
:004655C5 33D2 xor edx, edx
:004655C7 8D45F0 lea eax, dword ptr [ebp-10]
===========将6,12,18,24位的'-'去掉组成SN1,SN2,SN3,SN4四个数========
////////////////////////////////////////////////////////////////////
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004655E6(C)
|
:004655CA 0FBE08 movsx ecx, byte ptr [eax]
:004655CD 83F930 cmp ecx, 00000030
:004655D0 7C05 jl 004655D7
:004655D2 83F939 cmp ecx, 00000039
:004655D5 7E0A jle 004655E1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004655D0(C)
|
:004655D7 B803000000 mov eax, 00000003
:004655DC E9EB030000 jmp 004659CC

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004655D5(C)
|
:004655E1 42 inc edx
:004655E2 40 inc eax
:004655E3 83FA05 cmp edx, 00000005
:004655E6 7CE2 jl 004655CA
==================比较SN2各位是否全部是数字==========================
//////////////////////////////////////////////////////////////////////
:004655E8 0FBE55E9 movsx edx, byte ptr [ebp-17] //SN3.2
:004655EC 0FBE4DEA movsx ecx, byte ptr [ebp-16] //SN3.3
:004655F0 03D2 add edx, edx //SN3.2=2*SN3.2
:004655F2 0FBE45E8 movsx eax, byte ptr [ebp-18] //SN3.1
:004655F6 8D1492 lea edx, dword ptr [edx+4*edx]//SN3.2=SN3.2+4*SN3.2
:004655F9 83C0D0 add eax, FFFFFFD0 //SN3.1=SN3.1-$30
:004655FC 03D1 add edx, ecx //SN3.2=SN3.2+SN3.3
:004655FE 0FBE4DEB movsx ecx, byte ptr [ebp-15] //SN3.4
:00465602 8BD9 mov ebx, ecx
:00465604 81C2F0FDFFFF add edx, FFFFFDF0 //SN3.2=SN3.2-$210
:0046560A 0FBE4DEC movsx ecx, byte ptr [ebp-14]//SN3.5
:0046560E 03DB add ebx, ebx //SN3.4=SN3.4*2
:00465610 8D1C9B lea ebx, dword ptr [ebx+4*ebx]//SN3.4=SN3.4+4*SN3.4
:00465613 03D9 add ebx, ecx //SN3.4=SN3.4+SN3.5
:00465615 81C3F0FDFFFF add ebx, FFFFFDF0 //SN3.4=SN3.4-$210
:0046561B 85C0 test eax, eax
:0046561D 7C17 jl 00465636
:0046561F 83F809 cmp eax, 00000009
:00465622 7F12 jg 00465636
===================SN3.1-$30要在[1-9]范围==============
///////////////////////////////////////////////////////
:00465624 85D2 test edx, edx
:00465626 7C0E jl 00465636
:00465628 83FA0C cmp edx, 0000000C
:0046562B 7F09 jg 00465636
============(10*SN3.2+SN3.3)-$210要在[1-$C]范围========
///////////////////////////////////////////////////////
:0046562D 85DB test ebx, ebx
:0046562F 7C05 jl 00465636
:00465631 83FB1F cmp ebx, 0000001F
:00465634 7E0A jle 00465640
===========(10*SN3.4+SN3.5)-$210要在[1-$1F]范围=========
////////////////////////////////////////////////////////
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0046561D(C), :00465622(C), :00465626(C), :0046562B(C), :0046562F(C)
|
:00465636 B804000000 mov eax, 00000004
:0046563B E98C030000 jmp 004659CC

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00465634(C)
|
:00465640 0FBE55F8 movsx edx, byte ptr [ebp-08]//SN1.1
:00465644 0FBE45F0 movsx eax, byte ptr [ebp-10]//SN2.1
:00465648 03D0 add edx, eax //SN1.1=SN1.1+SN2.1
:0046564A 0FBE4DE8 movsx ecx, byte ptr [ebp-18]//SN3.1
:0046564E 03D1 add edx, ecx //SN1.1=SN1.1+SN3.1
:00465650 42 inc edx //SN1.1=SN1.1+1
:00465651 8955C4 mov dword ptr [ebp-3C], edx
:00465654 DB45C4 fild dword ptr [ebp-3C] //把SN1.1装入浮点寄存器
:00465657 83C4F8 add esp, FFFFFFF8
:0046565A DD1C24 fstp qword ptr [esp]//SN1.1进栈
:0046565D E8BA490B00 call 0051A01C //将ST(O)按弧度计算SN1.1=SIN(SN1.1)
:00465662 83C408 add esp, 00000008
:00465665 83C4F8 add esp, FFFFFFF8
:00465668 DD1C24 fstp qword ptr [esp]
:0046566B E8D4350B00 call 00518C44 //SN1.1=ABS(ST(SN1.1))
:00465670 83C408 add esp, 00000008
:00465673 D80DD4594600 fmul dword ptr [004659D4]//SN1.1=SN1.1*1101
:00465679 E8EE350B00 call 00518C6C //将SN1.1取整并转化成十六进制
:0046567E B91A000000 mov ecx, 0000001A
:00465683 99 cdq
:00465684 F7F9 idiv ecx //EDX=SN1.1 MOD $1A
:00465686 80C241 add dl, 41 //EDX=EDX+$41
======================================================================================
SN4.1=(HEX(INT(ABS(SIN(SN1.1+SN2.1+SN3.1+1))*1101)) MOD $1A)+$41
///////////////////////////////////////////////////////////////////////////////////////
:00465689 8855D0 mov byte ptr [ebp-30], dl
:0046568C 0FBE45F9 movsx eax, byte ptr [ebp-07]//SN1.2
:00465690 0FBE55F1 movsx edx, byte ptr [ebp-0F]//SN2.2
:00465694 03C2 add eax, edx
:00465696 0FBE4DE9 movsx ecx, byte ptr [ebp-17]//SN3.2
:0046569A 03C1 add eax, ecx
:0046569C 83C002 add eax, 00000002
:0046569F 8945C0 mov dword ptr [ebp-40], eax
:004656A2 DB45C0 fild dword ptr [ebp-40]
:004656A5 83C4F8 add esp, FFFFFFF8
:004656A8 DD1C24 fstp qword ptr [esp]
:004656AB E86C490B00 call 0051A01C
:004656B0 83C408 add esp, 00000008
:004656B3 83C4F8 add esp, FFFFFFF8
:004656B6 DD1C24 fstp qword ptr [esp]
:004656B9 E886350B00 call 00518C44
:004656BE 83C408 add esp, 00000008
:004656C1 D80DD8594600 fmul dword ptr [004659D8] //SN1.2=SN1.2*1019
:004656C7 E8A0350B00 call 00518C6C
:004656CC B91A000000 mov ecx, 0000001A
:004656D1 99 cdq
:004656D2 F7F9 idiv ecx
:004656D4 80C241 add dl, 41
======================================================================================
SN4.2=(HEX(INT(ABS(SIN(SN1.2+SN2.2+SN3.2+2))*1101) MOD $1A)+$41
//////////////////////////////////////////////////////////////////////////////////////
:004656D7 8855D1 mov byte ptr [ebp-2F], dl
:004656DA 0FBE45FA movsx eax, byte ptr [ebp-06]//SN1.3
:004656DE 0FBE55F2 movsx edx, byte ptr [ebp-0E]//SN2.3
:004656E2 03C2 add eax, edx
:004656E4 0FBE4DEA movsx ecx, byte ptr [ebp-16]//SN3.3
:004656E8 03C1 add eax, ecx
:004656EA 83C003 add eax, 00000003
:004656ED 8945BC mov dword ptr [ebp-44], eax
:004656F0 DB45BC fild dword ptr [ebp-44]
:004656F3 83C4F8 add esp, FFFFFFF8
:004656F6 DD1C24 fstp q

文章评论

查看所有0条评论>>

热门文章 去除winrar注册框方法