|
楼主 |
发表于 2008-5-23 22:00:17
|
显示全部楼层
00433840 /$ 53 PUSH EBX
00433841 |. 55 PUSH EBP
00433842 |. 8B6C24 10 MOV EBP,DWORD PTR SS:[ESP+10]
00433846 |. 807D 00 6D CMP BYTE PTR SS:[EBP],6D ; //注册码第1个字母与6D即"m"比较
0043384A |. 56 PUSH ESI
0043384B |. 57 PUSH EDI
0043384C |. 0F85 AD000000 JNZ movgear.004338FF ; //不等则跳
00433852 |. 807D 01 67 CMP BYTE PTR SS:[EBP+1],67 ; //注册码第2个字母与67即"g"比较
00433856 |. 0F85 A3000000 JNZ movgear.004338FF ; //不等则跳
0043385C |. 807D 02 33 CMP BYTE PTR SS:[EBP+2],33 ; //注册码第3个字母与33即"3"比较
00433860 |. 0F85 99000000 JNZ movgear.004338FF ; //不等则跳
00433866 |. 807D 03 37 CMP BYTE PTR SS:[EBP+3],37 ; //注册码第4个字母与37即"7"比较
0043386A |. 0F85 8F000000 JNZ movgear.004338FF ; //不等则跳
00433870 |. 33DB XOR EBX,EBX ; //EBX=0
00433872 |> 8BBB F8F34800 /MOV EDI,DWORD PTR DS:[EBX+48F3F8] ; //"mvg21951736"
00433878 |. 8BC7 |MOV EAX,EDI
0043387A |. 8D50 01 |LEA EDX,DWORD PTR DS:[EAX+1]
0043387D |. 8D49 00 |LEA ECX,DWORD PTR DS:[ECX]
00433880 |> 8A08 |/MOV CL,BYTE PTR DS:[EAX]
00433882 |. 40 ||INC EAX
00433883 |. 84C9 ||TEST CL,CL
00433885 |.^ 75 F9 |\JNZ SHORT movgear.00433880
00433887 |. 2BC2 |SUB EAX,EDX ; //EAX=EAX-EDX
00433889 |. 8BC8 |MOV ECX,EAX
0043388B |. 8BF5 |MOV ESI,EBP
0043388D |. 33C0 |XOR EAX,EAX ; //EAX=0
0043388F |. F3:A6 |REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS>
00433891 |. 74 65 |JE SHORT movgear.004338F8
00433893 |. 83C3 04 |ADD EBX,4
00433896 |. 81FB 80000000 |CMP EBX,80
0043389C |.^ 72 D4 \JB SHORT movgear.00433872 ; //注册码是否在黑名单
0043389E |. 807D 04 73 CMP BYTE PTR SS:[EBP+4],73 ; //注册码第5个字母与73即"s"比较
004338A2 |. 75 01 JNZ SHORT movgear.004338A5 ; //不等则跳
004338A4 |. 45 INC EBP
004338A5 |> 8D4D 07 LEA ECX,DWORD PTR SS:[EBP+7]
004338A8 |. 51 PUSH ECX
004338A9 |. E8 26BD0300 CALL movgear.0046F5D4 ; //将注册码第8位以后的数字转16进制送入EAX(如果第5个字母为"s",则将注册码第9位以后的数字转16进制送入EAX),否则EAX=0
004338AE |. 8B5C24 18 MOV EBX,DWORD PTR SS:[ESP+18] ; //用户名
004338B2 |. 8A13 MOV DL,BYTE PTR DS:[EBX] ; //用户名第1个字母ASC值
004338B4 |. 83C4 04 ADD ESP,4
004338B7 |. 33C9 XOR ECX,ECX ; //ECX=0
004338B9 |. 84D2 TEST DL,DL
004338BB |. 8BFB MOV EDI,EBX ; (初始 cpu 选择)
004338BD |. BE DF0B0000 MOV ESI,0BDF ; //ESI=0BDF
004338C2 |. 74 26 JE SHORT movgear.004338EA
004338C4 |> 0FBED2 /MOVSX EDX,DL
004338C7 |. 41 |INC ECX ; //ECX=ECX+1
004338C8 |. 0FAFD1 |IMUL EDX,ECX ; //EDX=EDX*ECX
004338CB |. 03F2 |ADD ESI,EDX ; //ESI=ESI+EDX
004338CD |. 81FE BE170000 |CMP ESI,17BE ; //ESI与17BE比较
004338D3 |. 7E 06 |JLE SHORT movgear.004338DB ; //小于等于则跳
004338D5 |. 81EE BE170000 |SUB ESI,17BE ; //ESI=ESI-17BE
004338DB |> 83F9 0A |CMP ECX,0A ; //ECX与0A比较
004338DE |. 7E 02 |JLE SHORT movgear.004338E2 ; //小于等于则跳
004338E0 |. 33C9 |XOR ECX,ECX ; //ECX=0
004338E2 |> 8A57 01 |MOV DL,BYTE PTR DS:[EDI+1] ; //依次取用户名ASC值
004338E5 |. 47 |INC EDI ; //EDI=EDI+1
004338E6 |. 84D2 |TEST DL,DL
004338E8 |.^ 75 DA \JNZ SHORT movgear.004338C4 ; //循环
004338EA |> 3BF0 CMP ESI,EAX ; //比较ESI与EAX
004338EC |. 75 15 JNZ SHORT movgear.00433903 ; //不等则跳,爆破点
004338EE |. 5F POP EDI
004338EF |. 5E POP ESI
004338F0 |. 5D POP EBP
004338F1 |. B8 01000000 MOV EAX,1 ; //标志位赋值
004338F6 |. 5B POP EBX
004338F7 |. C3 RETN
004338F8 |> 5F POP EDI
004338F9 |. 5E POP ESI
004338FA |. 5D POP EBP
004338FB |. 33C0 XOR EAX,EAX
004338FD |. 5B POP EBX
004338FE |. C3 RETN
004338FF |> 8B5C24 14 MOV EBX,DWORD PTR SS:[ESP+14]
00433903 |> 55 PUSH EBP
00433904 |. 53 PUSH EBX
00433905 |. E8 16FCFFFF CALL movgear.00433520
0043390A |. 83C4 08 ADD ESP,8
0043390D |. 5F POP EDI
0043390E |. 5E POP ESI
0043390F |. 5D POP EBP
00433910 |. 5B POP EBX
00433911 \. C3 RETN==============================================================
【黑名单】
0047FE18 6D 67 33 37 34 33 34 34 37 37 37 00 6D 67 33 37 mg374344777.mg37
0047FE28 39 33 34 32 36 38 39 00 6D 67 33 37 37 37 35 33 9342689.mg377753
0047FE38 39 33 31 00 6D 67 33 37 37 36 34 33 38 36 33 00 931.mg377643863.
0047FE48 6D 67 33 37 30 37 30 34 37 38 38 00 6D 67 33 37 mg370704788.mg37
0047FE58 36 38 37 31 34 33 34 00 6D 67 33 37 36 34 38 34 6871434.mg376484
0047FE68 30 33 39 00 6D 67 33 37 30 33 34 32 36 39 32 00 039.mg370342692.
0047FE78 6D 67 33 37 36 34 34 39 35 37 00 00 6D 67 33 37 mg37644957..mg37
0047FE88 37 35 38 33 34 35 34 00 6D 67 33 37 33 32 32 33 7583454.mg373223
0047FE98 35 35 34 00 6D 67 33 37 31 38 39 35 32 36 36 00 554.mg371895266.
0047FEA8 6D 67 33 37 39 37 37 33 36 35 31 00 6D 67 33 37 mg379773651.mg37
0047FEB8 31 30 37 33 34 37 38 00 6D 67 33 37 34 33 39 34 1073478.mg374394
0047FEC8 39 38 37 00 6D 67 33 37 38 38 32 32 34 36 39 00 987.mg378822469.
0047FED8 6D 67 33 37 30 36 34 33 34 38 00 00 6D 67 33 37 mg37064348..mg37
0047FEE8 30 34 37 33 37 31 30 00 6D 67 33 37 38 35 34 32 0473710.mg378542
0047FEF8 35 34 34 00 6D 67 33 37 33 34 37 33 37 35 39 00 544.mg373473759.
0047FF08 6D 67 33 37 39 32 32 33 39 35 33 00 6D 67 33 37 mg379223953.mg37
0047FF18 35 39 35 33 32 34 38 00 6D 67 33 37 32 30 32 31 5953248.mg372021
0047FF28 34 32 34 00 6D 67 33 37 30 33 35 33 30 30 38 00 424.mg370353008.
0047FF38 6D 67 33 37 30 31 35 31 33 34 37 00 6D 67 33 37 mg370151347.mg37
0047FF48 39 38 34 33 31 34 39 00 6D 67 33 37 32 35 30 33 9843149.mg372503
0047FF58 39 35 38 00 6D 67 33 37 4E 54 69 00 6D 67 33 37 958.mg37NTi.mg37
0047FF68 33 34 36 35 32 34 31 00 6D 67 33 37 30 35 33 34 3465241.mg370534
0047FF78 30 33 35 00 6D 67 33 37 34 36 30 34 33 34 32 00 035.mg374604342.
0047FF88 6D 76 67 32 31 39 35 31 37 33 36 mvg21951736
**************************************************************
【破解总结】
--------------------------------------------------------------
【算法总结】
分两种算法,1种是8位以上,1种是9位以上,前面分别为"mg37"和"mg37s"
--------------------------------------------------------------
【算法注册机】
注册机1
keygen1.rek
.const
.data
szHomePage db "http://www.chinapyg.com",0
szEmail db "mailto:tianxj_2007@126.com",0
szErrMess db "请输入用户名!",0
szBuffer db 50 dup (0)
szFMT db "mg37***%d",0
.code
MOV EBX,eax
MOV DL,BYTE PTR DS:[EBX]
XOR ECX,ECX
MOV EDI,EBX
MOV ESI,0BDFh
tianxj:
MOVSX EDX,DL
INC ECX
IMUL EDX,ECX
ADD ESI,EDX
CMP ESI,17BEh
JLE n1
SUB ESI,17BEh
n1:
CMP ECX,0Ah
JLE n2
XOR ECX,ECX
n2:
MOV DL,BYTE PTR DS:[EDI+1]
INC EDI
TEST DL,DL
JNZ tianxj
invoke wsprintf,addr szBuffer,addr szFMT,esi
lea eax,szBuffer
注册机2
keygen2.rek
.const
.data
szHomePage db "http://www.chinapyg.com",0
szEmail db "mailto:tianxj_2007@126.com",0
szErrMess db "请输入用户名!",0
szBuffer db 50 dup (0)
szFMT db "mg37s***%d",0
.code
MOV EBX,eax
MOV DL,BYTE PTR DS:[EBX]
XOR ECX,ECX
MOV EDI,EBX
MOV ESI,0BDFh
tianxj:
MOVSX EDX,DL
INC ECX
IMUL EDX,ECX
ADD ESI,EDX
CMP ESI,17BEh
JLE n1
SUB ESI,17BEh
n1:
CMP ECX,0Ah
JLE n2
XOR ECX,ECX
n2:
MOV DL,BYTE PTR DS:[EDI+1]
INC EDI
TEST DL,DL
JNZ tianxj
invoke wsprintf,addr szBuffer,addr szFMT,esi
lea eax,szBuffer
--------------------------------------------------------------
【注册信息】
用户名:tianxj
注册码:mg37***5332 或mg37s***5332 (*为任意字符)
保存在
[HKEY_LOCAL_MACHINE\SOFTWARE\gamani\GIFMovieGear\2.0] |
|