[Asm] 纯文本查看 复制代码
004015E4 /$ 55 push ebp
004015E5 |. 8BEC mov ebp, esp
004015E7 |. 6A 20 push 20 ; /Count = 20 (32.)
004015E9 |. 68 42324000 push 00403242 ; |Buffer = SplishDe.00403242
004015EE |. FF75 0C push dword ptr [ebp+C] ; |hWnd
004015F1 |. E8 34010000 call <jmp.&USER32.GetWindowTextA> ; \GetWindowTextA
004015F6 |. 85C0 test eax, eax ; 注册码是否为0
004015F8 |. 0F84 95000000 je 00401693
004015FE |. A3 67344000 mov dword ptr [403467], eax ; len = strlen(注册码)
00401603 |. 6A 0B push 0B ; /Count = B (11.)
00401605 |. 68 36324000 push 00403236 ; |Buffer = SplishDe.00403236
0040160A |. FF75 08 push dword ptr [ebp+8] ; |hWnd
0040160D |. E8 18010000 call <jmp.&USER32.GetWindowTextA> ; \GetWindowTextA
00401612 |. 85C0 test eax, eax ; 用户名是否为0
00401614 |. 74 68 je short 0040167E
00401616 |. A3 63344000 mov dword ptr [403463], eax ; len_name
0040161B |. 33C9 xor ecx, ecx
0040161D |. 33DB xor ebx, ebx ; i = 0
0040161F |. 33D2 xor edx, edx ; 存放 余数 remain
00401621 |. 8D35 36324000 lea esi, dword ptr [403236] ; esi 指向 用户名
00401627 |. 8D3D 58324000 lea edi, dword ptr [403258]
0040162D |. B9 0A000000 mov ecx, 0A
00401632 |> 0FBE041E /movsx eax, byte ptr [esi+ebx]
00401636 |. 99 |cdq
00401637 |. F7F9 |idiv ecx
00401639 |. 33D3 |xor edx, ebx ; remain ^ i
0040163B |. 83C2 02 |add edx, 2 ; remain = remain + 0x2
0040163E |. 80FA 0A |cmp dl, 0A
00401641 |. 7C 03 |jl short 00401646 ; 小于 跳转
00401643 |. 80EA 0A |sub dl, 0A
00401646 |> 88141F |mov byte ptr [edi+ebx], dl ; 值放入此处
00401649 |. 43 |inc ebx
0040164A |. 3B1D 63344000 |cmp ebx, dword ptr [403463]
00401650 |.^ 75 E0 \jnz short 00401632
00401652 |. 33C9 xor ecx, ecx
00401654 |. 33DB xor ebx, ebx
00401656 |. 33D2 xor edx, edx
00401658 |. 8D35 42324000 lea esi, dword ptr [403242] ; esi 指向注册码
0040165E |. 8D3D 4D324000 lea edi, dword ptr [40324D]
00401664 |. B9 0A000000 mov ecx, 0A
00401669 |> 0FBE041E /movsx eax, byte ptr [esi+ebx]
0040166D |. 99 |cdq
0040166E |. F7F9 |idiv ecx
00401670 |. 88141F |mov byte ptr [edi+ebx], dl ; 余数放入 此处
00401673 |. 43 |inc ebx ; i++
00401674 |. 3B1D 67344000 |cmp ebx, dword ptr [403467] ; 是否处理完毕
0040167A |.^ 75 ED \jnz short 00401669
0040167C |. EB 2A jmp short 004016A8
0040167E |> 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
00401680 |. 68 0A304000 push 0040300A ; |Splish, Splash
00401685 |. 68 A0304000 push 004030A0 ; |Please enter your name.
0040168A |. 6A 00 push 0 ; |hOwner = NULL
0040168C |. E8 B7000000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
00401691 |. EB 62 jmp short 004016F5
00401693 |> 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
00401695 |. 68 0A304000 push 0040300A ; |Splish, Splash
0040169A |. 68 B8304000 push 004030B8 ; |Please enter your serial number.
0040169F |. 6A 00 push 0 ; |hOwner = NULL
004016A1 |. E8 A2000000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
004016A6 |. EB 4D jmp short 004016F5
004016A8 |> 8D35 4D324000 lea esi, dword ptr [40324D]
004016AE |. 8D3D 58324000 lea edi, dword ptr [403258]
004016B4 |. 33DB xor ebx, ebx ; j = 0
004016B6 |> 3B1D 63344000 /cmp ebx, dword ptr [403463] ; 是否循环完毕
004016BC |. 74 0F |je short 004016CD ; 成功!!
004016BE |. 0FBE041F |movsx eax, byte ptr [edi+ebx]
004016C2 |. 0FBE0C1E |movsx ecx, byte ptr [esi+ebx]
004016C6 |. 3BC1 |cmp eax, ecx
004016C8 |. 75 18 |jnz short 004016E2 ; 失败!
004016CA |. 43 |inc ebx ; j++
004016CB |.^ EB E9 \jmp short 004016B6
004016CD |> 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
004016CF |. 68 0A304000 push 0040300A ; |Splish, Splash
004016D4 |. 68 42304000 push 00403042 ; |Good job, now keygen it.
004016D9 |. 6A 00 push 0 ; |hOwner = NULL
004016DB |. E8 68000000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
004016E0 |. EB 13 jmp short 004016F5
004016E2 |> 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
004016E4 |. 68 0A304000 push 0040300A ; |Splish, Splash
004016E9 |. 68 67304000 push 00403067 ; |Sorry, please try again.
004016EE |. 6A 00 push 0 ; |hOwner = NULL
004016F0 |. E8 53000000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
004016F5 |> C9 leave
004016F6 \. C2 0800 retn 8