160个CrackMe之[68,69 figugegl.3] 算法分析+注册机源码
学习算法分析+Delphi内联汇编流程跳转编写注册机
- 0040137B |. E8 98020000 call <jmp.&USER32.GetDlgItemTextA> ; \GetDlgItemTextA
- 00401380 |. 89C3 mov ebx, eax ; 输入的假码长度
- 00401382 |. 09DB or ebx, ebx
- 00401384 |. 75 07 jnz short 0040138D
- 00401386 |. 31C0 xor eax, eax
- 00401388 |. E9 C3000000 jmp 00401450
- 0040138D |> 6A 28 push 0x28 ; /Count = 28 (40.)
- 0040138F |. 8D45 AE lea eax, dword ptr [ebp-0x52] ; |
- 00401392 |. 50 push eax ; |Buffer
- 00401393 |. 6A 65 push 0x65 ; |ControlID = 65 (101.)
- 00401395 |. FF75 08 push dword ptr [ebp+0x8] ; |hWnd
- 00401398 |. E8 7B020000 call <jmp.&USER32.GetDlgItemTextA> ; \GetDlgItemTextA
- 0040139D |. 89C6 mov esi, eax
- 0040139F |. 83FE 08 cmp esi, 0x8 ; 用户名长度要大于等于8小于等于20
- 004013A2 |. 7D 1D jge short 004013C1
- 004013A4 |. 6A 00 push 0x0 ; /Style = MB_OK|MB_APPLMODAL
- 004013A6 |. FF35 48204000 push dword ptr [0x402048] ; |Title = "Error"
- 004013AC |. FF35 4C204000 push dword ptr [0x40204C] ; |Text = "Name is too short!"
- 004013B2 |. FF75 08 push dword ptr [ebp+0x8] ; |hOwner
- 004013B5 |. E8 8E020000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
- 004013BA |. 31C0 xor eax, eax
- 004013BC |. E9 8F000000 jmp 00401450
- 004013C1 |> 31FF xor edi, edi
- 004013C3 |. EB 6E jmp short 00401433
- 004013C5 |> 89F0 /mov eax, esi ; 用户名长度
- 004013C7 |. 29F8 |sub eax, edi ; EDI为循环变量0,1,2,3,4,5,6,7
- 004013C9 |. 0FB6543D AE |movzx edx, byte ptr [ebp+edi-0x52] ; 取用户名字符
- 004013CE |. 31FA |xor edx, edi
- 004013D0 |. 89D9 |mov ecx, ebx ; 注册码长度08
- 004013D2 |. 31F9 |xor ecx, edi
- 004013D4 |. 01CA |add edx, ecx ; 结果相加
- 004013D6 |. 885405 D6 |mov byte ptr [ebp+eax-0x2A], dl
- 004013DA |. 89F0 |mov eax, esi
- 004013DC |. 29F8 |sub eax, edi
- 004013DE |. 8A4405 D6 |mov al, byte ptr [ebp+eax-0x2A] ; 结果给AL
- 004013E2 |. 3C 20 |cmp al, 0x20 ; 比较是=0x20
- 004013E4 |. 73 0B |jnb short 004013F1
- 004013E6 |. 89F0 |mov eax, esi
- 004013E8 |. 29F8 |sub eax, edi
- 004013EA |. 8D4405 D6 |lea eax, dword ptr [ebp+eax-0x2A]
- 004013EE |. 8000 20 |add byte ptr [eax], 0x20 ; 如果小于0x20则+0x20
- 004013F1 |> 89F0 |mov eax, esi
- 004013F3 |. 29F8 |sub eax, edi
- 004013F5 |. 0FB64405 D6 |movzx eax, byte ptr [ebp+eax-0x2A] ; 继续跟0x80比较
- 004013FA |. 3D 80000000 |cmp eax, 0x80
- 004013FF |. 7C 09 |jl short 0040140A
- 00401401 |. 89F0 |mov eax, esi ; 如果大于0x80则让其结果等于0x20
- 00401403 |. 29F8 |sub eax, edi
- 00401405 |. C64405 D6 20 |mov byte ptr [ebp+eax-0x2A], 0x20
- 0040140A |> 89F0 |mov eax, esi
- 0040140C |. 29F8 |sub eax, edi
- 0040140E |. 8A5405 84 |mov dl, byte ptr [ebp+eax-0x7C] ; 输入的注册码最后一位字符
- 00401412 |. 3A5405 D6 |cmp dl, byte ptr [ebp+eax-0x2A] ; 跟结果比较
- 00401416 |. 74 1A |je short 00401432
- 00401418 |. 6A 00 |push 0x0 ; /Style = MB_OK|MB_APPLMODAL
- 0040141A |. FF35 40204000 |push dword ptr [0x402040] ; |Title = "NOP!"
- 00401420 |. FF35 44204000 |push dword ptr [0x402044] ; |Text = "Wrong Serial!"
- 00401426 |. FF75 08 |push dword ptr [ebp+0x8] ; |hOwner
- 00401429 |. E8 1A020000 |call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
- 0040142E |. 31C0 |xor eax, eax
- 00401430 |. EB 1E |jmp short 00401450
- 00401432 |> 47 |inc edi
- 00401433 |> 39F7 cmp edi, esi
- 00401435 |.^ 7C 8E \jl short 004013C5
- 00401437 |. 6A 00 push 0x0 ; /Style = MB_OK|MB_APPLMODAL
- 00401439 |. FF35 38204000 push dword ptr [0x402038] ; |Title = "Success"
- 0040143F |. FF35 3C204000 push dword ptr [0x40203C] ; |Text = "Congratulations - you did it!"
- 00401445 |. FF75 08 push dword ptr [ebp+0x8] ; |hOwner
- 00401448 |. E8 FB010000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
- 0040144D |. 31C0 xor eax, eax
复制代码
注册机源码
- {$R *.dfm}
- function strrev(lpData:string):string; //字符串反转函数
- var
- size,i,t:Integer;
- begin
- t:=0;
- size:=Length(lpData);
- SetLength(Result,size);
- for i:=1 to size do
- begin
- Result[size-t]:=lpData[i];
- Inc(t);
- end;
- end;
- procedure TForm1.Button1Click(Sender: TObject);
- var
- Name,Serial:String;
- i,l,s:Integer;
- begin
- Name:=Edit1.text;
- l:=length(Name);
- if (l<8) or (l>20) then ShowMessage('The name length must >=8 and <=20');
- for i:=0 to l-1 do
- begin
- asm
- pushad
- mov edx,i
- mov ebx,l
- mov eax,Name
- movzx edx, byte ptr [eax+edx]
- xor edx,i
- xor ebx,i
- add edx,ebx
- cmp edx,$20
- jnb @@cal1
- add edx,$20
- jmp @@cal2
- @@cal1:
- cmp edx,$80
- jl @@cal2
- mov edx,$20
- @@cal2:
- mov s,edx
- popad
- end;
- Serial:=Serial+char(s);
- end;
- Edit2.Text:=strrev(Serial);
- end;
复制代码
|