看见老熊要催作业,马上又要开学了,可能没什么时间了。随便上网拽一个软件破了,嘿,就你了--ColorPicker,算你倒霉。废话少说开工:Fi一看是Aspack的壳,AspackDie脱之。Winasm查找字符串"The Registration information is invaild!Please recheck your information."一查看他的跳转处来到:
:004A0338 8D45DC lea eax, dword ptr [ebp-24]:004A033B 50 push eax:004A033C 8B4DF8 mov ecx, dword ptr [ebp-08]:004A033F BA2E391E00 mov edx, 001E392E:004A0344 8B45FC mov eax, dword ptr [ebp-04]:004A0347 E88C020000 call 004A05D8 ********关键处call:004A034C 8B55DC mov edx, dword ptr [ebp-24]:004A034F 8B45F4 mov eax, dword ptr [ebp-0C]:004A0352 E86945F6FF call 004048C0:004A0357 0F8541010000 jne 004A049E 〈==跳到出错处
跟进004A0347关键call处:以下是算法关键处:
:004A0630 BF01000000 mov edi, 00000001 〈==edi这个计数器赋初值
* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:004A0654(C)|:004A0635 8B45F8 mov eax, dword ptr [ebp-08] 〈==指向用户名:004A0638 E83F41F6FF call 0040477C 〈==取用户名长度
* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:004A05D2(C)|:004A063D F76DFC imul [ebp-04] 〈==用户名长度乘以0x1E392E:004A0640 03F0 add esi, eax 〈==结果加上用户名长度:004A0642 8B45F8 mov eax, dword ptr [ebp-08] 〈==指向用户名:004A0645 0FB64438FF movzx eax, byte ptr [eax+edi-01] 〈==分别取用户名字符的ASCII:004A064A 69C053200000 imul eax, 00002053 〈==用户名字符ASCII乘以0x2053:004A0650 03F0 add esi, eax 〈==esi+eax:004A0652 47 inc edi 〈==计数器加一:004A0653 4B dec ebx:004A0654 75DF jne 004A0635 〈==循环
************************记循环后的结果为S1*********************************
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A062E(C)|:004A0656 8BC6 mov eax, esi:004A0658 99 cdq:004A0659 33C2 xor eax, edx :004A065B 2BC2 sub eax, edx :004A065D 8D55F4 lea edx, dword ptr [ebp-0C]:004A0660 E81783F6FF call 0040897C:004A0665 8D45F4 lea eax, dword ptr [ebp-0C]:004A0668 50 push eax:004A0669 8B45F4 mov eax, dword ptr [ebp-0C]:004A066C E80B41F6FF call 0040477C:004A0671 8BD0 mov edx, eax:004A0673 83EA0A sub edx, 0000000A:004A0676 B90A000000 mov ecx, 0000000A:004A067B 8B45F4 mov eax, dword ptr [ebp-0C]:004A067E E85143F6FF call 004049D4:004A0683 8B45F8 mov eax, dword ptr [ebp-08]:004A0686 E8F140F6FF call 0040477C:004A068B 8BD8 mov ebx, eax:004A068D 85DB test ebx, ebx:004A068F 7E24 jle 004A06B5:004A0691 BF01000000 mov edi, 00000001 〈==计数器赋初值
* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:004A06B3(C)|:004A0696 8B45F8 mov eax, dword ptr [ebp-08] 〈==指向用户名:004A0699 E8DE40F6FF call 0040477C 〈==取用户名长度:004A069E 8B55F8 mov edx, dword ptr [ebp-08] 〈==指向用户名:004A06A1 0FB6543AFF movzx edx, byte ptr [edx+edi-01] 〈==分别取用户名字符ASCII:004A06A6 0FAF55FC imul edx, dword ptr [ebp-04] 〈==用户名字符ASCII乘以0x1E392E:004A06AA 6BD253 imul edx, 00000053 〈==结果再乘以0x53:004A06AD 03F2 add esi, edx 〈==结果加上S1:004A06AF 2BF0 sub esi, eax 〈==新结果减去用户名长度:004A06B1 47 inc edi:004A06B2 4B dec ebx:004A06B3 75E1 jne 004A0696 〈==循环
************************记此次运算结果为S2**********************************
* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:004A068F(C)|:004A06B5 FF75F4 push [ebp-0C]:004A06B8 6880074A00 push 004A0780:004A06BD 8BC6 mov eax, esi:004A06BF 99 cdq:004A06C0 33C2 xor eax, edx:004A06C2 2BC2 sub eax, edx:004A06C4 8D55F0 lea edx, dword ptr [ebp-10]:004A06C7 E8B082F6FF call 0040897C:004A06CC FF75F0 push [ebp-10]:004A06CF 8D45F4 lea eax, dword ptr [ebp-0C]:004A06D2 BA03000000 mov edx, 00000003:004A06D7 E86041F6FF call 0040483C:004A06DC 8B45F8 mov eax, dword ptr [ebp-08]:004A06DF E89840F6FF call 0040477C:004A06E4 8BD8 mov ebx, eax:004A06E6 85DB test ebx, ebx:004A06E8 7E2D jle 004A0717:004A06EA BF01000000 mov edi, 00000001 〈==计数器赋初值
* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:004A0715(C)|:004A06EF 8B45F8 mov eax, dword ptr [ebp-08] 〈==指向用户名:004A06F2 E88540F6FF call 0040477C 〈==取用户名长度:004A06F7 8B55F8 mov edx, dword ptr [ebp-08] 〈==指向用户名:004A06FA 0FB6543AFF movzx edx, byte ptr [edx+edi-01] 〈==分别取用户名字符ASCII:004A06FF F7EA imul edx 〈==用户名字符ASCII乘以用户名长度:004A0701 69C03B010000 imul eax, 0000013B 〈==结果再乘以0x13B:004A0707 03F0 add esi, eax 〈==结果再加上S2:004A0709 8B45F8 mov eax, dword ptr [ebp-08]:004A070C E86B40F6FF call 0040477C:004A0711 03F0 add esi, eax:004A0713 47 inc edi:004A0714 4B dec ebx:004A0715 75D8 jne 004A06EF 〈==循环
* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:004A06E8(C)|:004A0717 0375FC add esi, dword ptr [ebp-04]:004A071A FF75F4 push [ebp-0C]:004A071D 6880074A00 push 004A0780:004A0722 8BC6 mov eax, esi:004A0724 99 cdq:004A0725 33C2 xor eax, edx:004A0727 2BC2 sub eax, edx:004A0729 8D55EC lea edx, dword ptr [ebp-14]:004A072C E84B82F6FF call 0040897C:004A0731 FF75EC push [ebp-14]:004A0734 8D45F4 lea eax, dword ptr [ebp-0C]:004A0737 BA03000000 mov edx, 00000003:004A073C E8FB40F6FF call 0040483C
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:|:004A0612(C), :004A061C(C)|:004A0741 8B4508 mov eax, dword ptr [ebp+08]:004A0744 8B55F4 mov edx, dword ptr [ebp-0C]:004A0747 E8CC3DF6FF call 00404518:004A074C 33C0 xor eax, eax:004A074E 5A pop edx:004A074F 59 pop ecx:004A0750 59 pop ecx:004A0751 648910 mov dword ptr fs:[eax], edx:004A0754 686E074A00 push 004A076E
用户名:Stoby[DFCG]注册码:247850853-369708050-364300326
算法小结:
将结果S1、S2、S3分别转化为十进制S1'、S2'、S3',然后用"-"将S1'、S2'、S3'连接起来成:S1'-S2'-S3'即为注册码,算法很简单,算法注册机没空写了。后天就要上火车走了,开学后我也会常来逛逛的。