键盘鼠标发声器算法分析
-
:00406AF8 0F84F5010000 je 00406CF3
:00406AFE 8D45FC lea eax, dword ptr [ebp-04]
:00406B01 E866C1FFFF call 00402C6C
:00406B06 83F818 cmp eax, 00000018 (比较注册码长度是否等于18h)
:00406B09 0F8596000000 jne 00406BA5
* Possible StringData Ref from Data Obj ->"kzeh+saon-ugny*da0n|"
|
:00406B0F BE6D954900 mov esi, 0049956D (载入固定字符串kzeh+saon-ugny*da0n|)
:00406B14 8DBD74FFFFFF lea edi, dword ptr [ebp+FFFFFF74]
* Possible Reference to String Resource ID=00005: "Cannot Remove System Shell Notification Icon"
|
:00406B1A B905000000 mov ecx, 00000005
:00406B1F F3 repz
:00406B20 A5 movsd
:00406B21 A4 movsb
:00406B22 66C745C41400 mov [ebp-3C], 0014
:00406B28 8D45FC lea eax, dword ptr [ebp-04]
:00406B2B E8F0AFFFFF call 00401B20
:00406B30 50 push eax
:00406B31 8D558C lea edx, dword ptr [ebp-74]
:00406B34 52 push edx
:00406B35 E842600800 call 0048CB7C
:00406B3A 83C408 add esp, 00000008
:00406B3D C6053E95490001 mov byte ptr [0049953E], 01
:00406B44 33C9 xor ecx, ecx
:00406B46 894DAC mov dword ptr [ebp-54], ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406BA3(C)
|
:00406B49 8B45AC mov eax, dword ptr [ebp-54]
:00406B4C 40 inc eax
* Possible Reference to String Resource ID=00005: "Cannot Remove System Shell Notification Icon"
|
:00406B4D B905000000 mov ecx, 00000005 (此处是表示不比较第5,10,15,20位注册码)
:00406B52 99 cdq
:00406B53 F7F9 idiv ecx
:00406B55 85D2 test edx, edx
:00406B57 7443 je 00406B9C
:00406B59 8B45AC mov eax, dword ptr [ebp-54]
:00406B5C 8A90447C4A00 mov dl, byte ptr [eax+004A7C44] (在EAX+004A7C44处可看见机器码前20位)
:00406B62 8B4DAC mov ecx, dword ptr [ebp-54]
:00406B65 32940D74FFFFFF xor dl, byte ptr [ebp+ecx-0000008C] (在此处ebp-ecx-8c处可看见固定字符串)
:00406B6C 0FBEC2 movsx eax, dl (将对应位置机器码和固定字符串XOR值移入EAX)
:00406B6F 50 push eax
:00406B70 E833EBFFFF call 004056A8
:00406B75 59 pop ecx
:00406B76 69C0411F0000 imul eax, 00001F41 (EAX乘以1F41h)
:00406B7C B91A000000 mov ecx, 0000001A
:00406B81 99 cdq
:00406B82 F7F9 idiv ecx (除以1A)
:00406B84 83C241 add edx, 00000041 (EDX值+41为对应位注册码)
:00406B87 8B45AC mov eax, dword ptr [ebp-54]
:00406B8A 0FBE4C058C movsx ecx, byte ptr [ebp+eax-74]
:00406B8F 3BD1 cmp edx, ecx (ECX为对应位假码)
:00406B91 7409 je 00406B9C (不等到下面跳注册不成功)
:00406B93 C6053E95490000 mov byte ptr [0049953E], 00
:00406B9A EB09 jmp 00406BA5
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00406B57(C), :00406B91(C)
|
:00406B9C FF45AC inc [ebp-54] (等跳这里)
:00406B9F 837DAC14 cmp dword ptr [ebp-54], 00000014 (比较前20位)
:00406BA3 7CA4 jl 00406B49
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00406B09(C), :00406B9A(U)
|
:00406BA5 803D3E95490000 cmp byte ptr [0049953E], 00
:00406BAC 0F84ED000000 je 00406C9F
:00406BB2 66C745C43800 mov [ebp-3C], 0038
* Possible StringData Ref from Data Obj ->"注册成功!谢谢!
出现问题请查询:xtzy@163.com "
|
:00406BB8 BA9B9E4900 mov edx, 00499E9B
:00406BBD 8D45EC lea eax, dword ptr [ebp-14]
:00406BC0 E80F020900 call 00496DD4
:00406BC5 FF45D0 inc [ebp-30]
:00406BC8 8B00 mov eax, dword ptr [eax]
:00406BCA E8915B0500 call 0045C760
:00406BCF FF4DD0 dec [ebp-30]
算法就是:
将机器码与对应位置的固定字符串XOR=a
(a*1F41) MOD 1A)+41转为字符就是对应注册码.
最后四位可随意填入.
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>