160个CrackMe之[68,69 figugegl.3] 算法分析+注册机源码
160个CrackMe之 算法分析+注册机源码学习算法分析+Delphi内联汇编流程跳转编写注册机
0040137B|.E8 98020000 call <jmp.&USER32.GetDlgItemTextA> ; \GetDlgItemTextA
00401380|.89C3 mov ebx, eax ;输入的假码长度
00401382|.09DB or ebx, ebx
00401384|.75 07 jnz short 0040138D
00401386|.31C0 xor eax, eax
00401388|.E9 C3000000 jmp 00401450
0040138D|>6A 28 push 0x28 ; /Count = 28 (40.)
0040138F|.8D45 AE lea eax, dword ptr ; |
00401392|.50 push eax ; |Buffer
00401393|.6A 65 push 0x65 ; |ControlID = 65 (101.)
00401395|.FF75 08 push dword ptr ; |hWnd
00401398|.E8 7B020000 call <jmp.&USER32.GetDlgItemTextA> ; \GetDlgItemTextA
0040139D|.89C6 mov esi, eax
0040139F|.83FE 08 cmp esi, 0x8 ;用户名长度要大于等于8小于等于20
004013A2|.7D 1D jge short 004013C1
004013A4|.6A 00 push 0x0 ; /Style = MB_OK|MB_APPLMODAL
004013A6|.FF35 48204000 push dword ptr ; |Title = "Error"
004013AC|.FF35 4C204000 push dword ptr ; |Text = "Name is too short!"
004013B2|.FF75 08 push dword ptr ; |hOwner
004013B5|.E8 8E020000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
004013BA|.31C0 xor eax, eax
004013BC|.E9 8F000000 jmp 00401450
004013C1|>31FF xor edi, edi
004013C3|.EB 6E jmp short 00401433
004013C5|>89F0 /mov eax, esi ;用户名长度
004013C7|.29F8 |sub eax, edi ;EDI为循环变量0,1,2,3,4,5,6,7
004013C9|.0FB6543D AE |movzx edx, byte ptr ;取用户名字符
004013CE|.31FA |xor edx, edi
004013D0|.89D9 |mov ecx, ebx ;注册码长度08
004013D2|.31F9 |xor ecx, edi
004013D4|.01CA |add edx, ecx ;结果相加
004013D6|.885405 D6 |mov byte ptr , dl
004013DA|.89F0 |mov eax, esi
004013DC|.29F8 |sub eax, edi
004013DE|.8A4405 D6 |mov al, byte ptr ;结果给AL
004013E2|.3C 20 |cmp al, 0x20 ;比较是=0x20
004013E4|.73 0B |jnb short 004013F1
004013E6|.89F0 |mov eax, esi
004013E8|.29F8 |sub eax, edi
004013EA|.8D4405 D6 |lea eax, dword ptr
004013EE|.8000 20 |add byte ptr , 0x20 ;如果小于0x20则+0x20
004013F1|>89F0 |mov eax, esi
004013F3|.29F8 |sub eax, edi
004013F5|.0FB64405 D6 |movzx eax, byte ptr ;继续跟0x80比较
004013FA|.3D 80000000 |cmp eax, 0x80
004013FF|.7C 09 |jl short 0040140A
00401401|.89F0 |mov eax, esi ;如果大于0x80则让其结果等于0x20
00401403|.29F8 |sub eax, edi
00401405|.C64405 D6 20|mov byte ptr , 0x20
0040140A|>89F0 |mov eax, esi
0040140C|.29F8 |sub eax, edi
0040140E|.8A5405 84 |mov dl, byte ptr ;输入的注册码最后一位字符
00401412|.3A5405 D6 |cmp dl, byte ptr ;跟结果比较
00401416|.74 1A |je short 00401432
00401418|.6A 00 |push 0x0 ; /Style = MB_OK|MB_APPLMODAL
0040141A|.FF35 40204000 |push dword ptr ; |Title = "NOP!"
00401420|.FF35 44204000 |push dword ptr ; |Text = "Wrong Serial!"
00401426|.FF75 08 |push dword ptr ; |hOwner
00401429|.E8 1A020000 |call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
0040142E|.31C0 |xor eax, eax
00401430|.EB 1E |jmp short 00401450
00401432|>47 |inc edi
00401433|>39F7 cmp edi, esi
00401435|.^ 7C 8E \jl short 004013C5
00401437|.6A 00 push 0x0 ; /Style = MB_OK|MB_APPLMODAL
00401439|.FF35 38204000 push dword ptr ; |Title = "Success"
0040143F|.FF35 3C204000 push dword ptr ; |Text = "Congratulations - you did it!"
00401445|.FF75 08 push dword ptr ; |hOwner
00401448|.E8 FB010000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
0040144D|.31C0 xor eax, eax
注册机源码
{$R *.dfm}
function strrev(lpData:string):string;//字符串反转函数
var
size,i,t:Integer;
begin
t:=0;
size:=Length(lpData);
SetLength(Result,size);
for i:=1 to size do
begin
Result:=lpData;
Inc(t);
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
Name,Serial:String;
i,l,s:Integer;
begin
Name:=Edit1.text;
l:=length(Name);
if (l<8) or (l>20) then ShowMessage('The name length must >=8 and <=20');
for i:=0 to l-1 do
begin
asm
pushad
mov edx,i
mov ebx,l
mov eax,Name
movzx edx, byte ptr
xor edx,i
xor ebx,i
add edx,ebx
cmp edx,$20
jnb @@cal1
add edx,$20
jmp @@cal2
@@cal1:
cmp edx,$80
jl @@cal2
mov edx,$20
@@cal2:
mov s,edx
popad
end;
Serial:=Serial+char(s);
end;
Edit2.Text:=strrev(Serial);
end;
真心不会写注册机
看到各种循环就醉了,最烦循环了、、
好教程,谢谢楼主
感谢楼主分享新技能!努力学习ing! [吾爱汇编论坛52HB.COM]-吃水不忘打井人,给个评分懂感恩! 谢谢分享 不错,感谢楼主分享!
页:
[1]
2