ColorPicker V2.06算法分析
-
软件名称:ColorPicker V2.06
软件介绍:小巧的屏幕取色软件,它对程序设计和图形设计非常有用,它能在屏幕上抓取任何你要的颜色,并转成各编程软件的颜色数值。
下载地址:http://www.skycn.com/download.php?id=502&url=http://lnhttp.skycn.net/down/colorpicker206.zip
难度:易
破解工具:AspackDie,TRW2000,Winasm
看见老熊要催作业,马上又要开学了,可能没什么时间了。随便上网拽一个软件破了,嘿,就你了--ColorPicker,算你倒霉。
废话少说开工:
Fi一看是Aspack的壳,AspackDie脱之。Winasm查找字符串"The Registration information is invaild!Please recheck your information."
一查看他的跳转处来到:
:004A0338 8D45DC lea eax, dword ptr [ebp-24]
:004A033B 50 push eax
:004A033C 8B4DF8 mov ecx, dword ptr [ebp-08]
:004A033F BA2E391E00 mov edx, 001E392E
:004A0344 8B45FC mov eax, dword ptr [ebp-04]
:004A0347 E88C020000 call 004A05D8 ********关键处call
:004A034C 8B55DC mov edx, dword ptr [ebp-24]
:004A034F 8B45F4 mov eax, dword ptr [ebp-0C]
:004A0352 E86945F6FF call 004048C0
:004A0357 0F8541010000 jne 004A049E 〈==跳到出错处
跟进004A0347关键call处:
以下是算法关键处:
:004A0630 BF01000000 mov edi, 00000001 〈==edi这个计数器赋初值
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A0654(C)
|
:004A0635 8B45F8 mov eax, dword ptr [ebp-08] 〈==指向用户名
:004A0638 E83F41F6FF call 0040477C 〈==取用户名长度
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A05D2(C)
|
:004A063D F76DFC imul [ebp-04] 〈==用户名长度乘以0x1E392E
:004A0640 03F0 add esi, eax 〈==结果加上用户名长度
:004A0642 8B45F8 mov eax, dword ptr [ebp-08] 〈==指向用户名
:004A0645 0FB64438FF movzx eax, byte ptr [eax+edi-01] 〈==分别取用户名字符的ASCII
:004A064A 69C053200000 imul eax, 00002053 〈==用户名字符ASCII乘以0x2053
:004A0650 03F0 add esi, eax 〈==esi+eax
:004A0652 47 inc edi 〈==计数器加一
:004A0653 4B dec ebx
:004A0654 75DF jne 004A0635 〈==循环
************************记循环后的结果为S1*********************************
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A062E(C)
|
:004A0656 8BC6 mov eax, esi
:004A0658 99 cdq
:004A0659 33C2 xor eax, edx
:004A065B 2BC2 sub eax, edx
:004A065D 8D55F4 lea edx, dword ptr [ebp-0C]
:004A0660 E81783F6FF call 0040897C
:004A0665 8D45F4 lea eax, dword ptr [ebp-0C]
:004A0668 50 push eax
:004A0669 8B45F4 mov eax, dword ptr [ebp-0C]
:004A066C E80B41F6FF call 0040477C
:004A0671 8BD0 mov edx, eax
:004A0673 83EA0A sub edx, 0000000A
:004A0676 B90A000000 mov ecx, 0000000A
:004A067B 8B45F4 mov eax, dword ptr [ebp-0C]
:004A067E E85143F6FF call 004049D4
:004A0683 8B45F8 mov eax, dword ptr [ebp-08]
:004A0686 E8F140F6FF call 0040477C
:004A068B 8BD8 mov ebx, eax
:004A068D 85DB test ebx, ebx
:004A068F 7E24 jle 004A06B5
:004A0691 BF01000000 mov edi, 00000001 〈==计数器赋初值
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A06B3(C)
|
:004A0696 8B45F8 mov eax, dword ptr [ebp-08] 〈==指向用户名
:004A0699 E8DE40F6FF call 0040477C 〈==取用户名长度
:004A069E 8B55F8 mov edx, dword ptr [ebp-08] 〈==指向用户名
:004A06A1 0FB6543AFF movzx edx, byte ptr [edx+edi-01] 〈==分别取用户名字符ASCII
:004A06A6 0FAF55FC imul edx, dword ptr [ebp-04] 〈==用户名字符ASCII乘以0x1E392E
:004A06AA 6BD253 imul edx, 00000053 〈==结果再乘以0x53
:004A06AD 03F2 add esi, edx 〈==结果加上S1
:004A06AF 2BF0 sub esi, eax 〈==新结果减去用户名长度
:004A06B1 47 inc edi
:004A06B2 4B dec ebx
:004A06B3 75E1 jne 004A0696 〈==循环
************************记此次运算结果为S2**********************************
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A068F(C)
|
:004A06B5 FF75F4 push [ebp-0C]
:004A06B8 6880074A00 push 004A0780
:004A06BD 8BC6 mov eax, esi
:004A06BF 99 cdq
:004A06C0 33C2 xor eax, edx
:004A06C2 2BC2 sub eax, edx
:004A06C4 8D55F0 lea edx, dword ptr [ebp-10]
:004A06C7 E8B082F6FF call 0040897C
:004A06CC FF75F0 push [ebp-10]
:004A06CF 8D45F4 lea eax, dword ptr [ebp-0C]
:004A06D2 BA03000000 mov edx, 00000003
:004A06D7 E86041F6FF call 0040483C
:004A06DC 8B45F8 mov eax, dword ptr [ebp-08]
:004A06DF E89840F6FF call 0040477C
:004A06E4 8BD8 mov ebx, eax
:004A06E6 85DB test ebx, ebx
:004A06E8 7E2D jle 004A0717
:004A06EA BF01000000 mov edi, 00000001 〈==计数器赋初值
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A0715(C)
|
:004A06EF 8B45F8 mov eax, dword ptr [ebp-08] 〈==指向用户名
:004A06F2 E88540F6FF call 0040477C 〈==取用户名长度
:004A06F7 8B55F8 mov edx, dword ptr [ebp-08] 〈==指向用户名
:004A06FA 0FB6543AFF movzx edx, byte ptr [edx+edi-01] 〈==分别取用户名字符ASCII
:004A06FF F7EA imul edx 〈==用户名字符ASCII乘以用户名长度
:004A0701 69C03B010000 imul eax, 0000013B 〈==结果再乘以0x13B
:004A0707 03F0 add esi, eax 〈==结果再加上S2
:004A0709 8B45F8 mov eax, dword ptr [ebp-08]
:004A070C E86B40F6FF call 0040477C
:004A0711 03F0 add esi, eax
:004A0713 47 inc edi
:004A0714 4B dec ebx
:004A0715 75D8 jne 004A06EF 〈==循环
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A06E8(C)
|
:004A0717 0375FC add esi, dword ptr [ebp-04]
:004A071A FF75F4 push [ebp-0C]
:004A071D 6880074A00 push 004A0780
:004A0722 8BC6 mov eax, esi
:004A0724 99 cdq
:004A0725 33C2 xor eax, edx
:004A0727 2BC2 sub eax, edx
:004A0729 8D55EC lea edx, dword ptr [ebp-14]
:004A072C E84B82F6FF call 0040897C
:004A0731 FF75EC push [ebp-14]
:004A0734 8D45F4 lea eax, dword ptr [ebp-0C]
:004A0737 BA03000000 mov edx, 00000003
:004A073C E8FB40F6FF call 0040483C
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004A0612(C), :004A061C(C)
|
:004A0741 8B4508 mov eax, dword ptr [ebp+08]
:004A0744 8B55F4 mov edx, dword ptr [ebp-0C]
:004A0747 E8CC3DF6FF call 00404518
:004A074C 33C0 xor eax, eax
:004A074E 5A pop edx
:004A074F 59 pop ecx
:004A0750 59 pop ecx
:004A0751 648910 mov dword ptr fs:[eax], edx
:004A0754 686E074A00 push 004A076E
用户名:Stoby[DFCG]
注册码:247850853-369708050-364300326
算法小结:
将结果S1、S2、S3分别转化为十进制S1'、S2'、S3',然后用"-"将S1'、S2'、S3'连接起来成:
S1'-S2'-S3'即为注册码,算法很简单,算法注册机没空写了。后天就要上火车走了,开学后我也会常来逛逛的。
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>