|
榮譽會員
|
00470418 /$ 55 push ebp
00470419 |. 8BEC mov ebp,esp
0047041B |. 83C4 D0 add esp,-30
0047041E |. 53 push ebx
0047041F |. 56 push esi
00470420 |. 57 push edi
00470421 |. 33DB xor ebx,ebx
00470423 |. 895D D0 mov dword ptr ss:[ebp-30],ebx
00470426 |. 895D D8 mov dword ptr ss:[ebp-28],ebx
00470429 |. 895D D4 mov dword ptr ss:[ebp-2C],ebx
0047042C |. 895D E0 mov dword ptr ss:[ebp-20],ebx
0047042F |. 895D DC mov dword ptr ss:[ebp-24],ebx
00470432 |. 895D E8 mov dword ptr ss:[ebp-18],ebx
00470435 |. 894D F4 mov dword ptr ss:[ebp-C],ecx
00470438 |. 8955 F8 mov dword ptr ss:[ebp-8],edx
0047043B |. 8945 FC mov dword ptr ss:[ebp-4],eax
0047043E |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
00470441 |. E8 AA0DF9FF call <jmp.&rtl70.System::LStrAddRef>
00470446 |. 8B45 F8 mov eax,dword ptr ss:[ebp-8]
00470449 |. E8 A20DF9FF call <jmp.&rtl70.System::LStrAddRef>
0047044E |. 33C0 xor eax,eax
00470450 |. 55 push ebp
00470451 |. 68 75054700 push 影像科管.00470575
00470456 |. 64:FF30 push dword ptr fs:[eax]
00470459 |. 64:8920 mov dword ptr fs:[eax],esp
0047045C |. 8B45 F8 mov eax,dword ptr ss:[ebp-8]
0047045F |. E8 640DF9FF call <jmp.&rtl70.System::LStrLen>
00470464 |. 8945 F0 mov dword ptr ss:[ebp-10],eax
00470467 |. 837D F0 00 cmp dword ptr ss:[ebp-10],0
0047046B |. 75 0D jnz short 影像科管.0047047A
0047046D |. 8D45 F8 lea eax,dword ptr ss:[ebp-8]
00470470 |. BA 8C054700 mov edx,影像科管.0047058C ; ASCII "sweetykiss"
00470475 |. E8 160DF9FF call <jmp.&rtl70.System::LStrLAsg>
0047047A |> 33FF xor edi,edi
0047047C |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
0047047F |. 50 push eax
00470480 |. B9 02000000 mov ecx,2
00470485 |. BA 01000000 mov edx,1
0047048A |. 8B45 FC mov eax,dword ptr ss:[ebp-4] ; 假註冊碼
0047048D |. E8 760DF9FF call <jmp.&rtl70.System::LStrCopy>
00470492 |. 8B4D DC mov ecx,dword ptr ss:[ebp-24]
00470495 |. 8D45 E0 lea eax,dword ptr ss:[ebp-20]
00470498 |. BA A0054700 mov edx,影像科管.004705A0
0047049D |. E8 360DF9FF call <jmp.&rtl70.System::LStrCat3>
004704A2 |. 8B45 E0 mov eax,dword ptr ss:[ebp-20]
004704A5 |. E8 5614F9FF call <jmp.&rtl70.Sysutils::StrToInt>
004704AA |. 8945 EC mov dword ptr ss:[ebp-14],eax
004704AD |. BE 03000000 mov esi,3
004704B2 |> 8D45 D4 /lea eax,dword ptr ss:[ebp-2C] ;開始算法
004704B5 |. 50 |push eax
004704B6 |. B9 02000000 |mov ecx,2
004704BB |. 8BD6 |mov edx,esi
004704BD |. 8B45 FC |mov eax,dword ptr ss:[ebp-4]
004704C0 |. E8 430DF9FF |call <jmp.&rtl70.System::LStrCopy>
004704C5 |. 8B4D D4 |mov ecx,dword ptr ss:[ebp-2C]
004704C8 |. 8D45 D8 |lea eax,dword ptr ss:[ebp-28]
004704CB |. BA A0054700 |mov edx,影像科管.004705A0
004704D0 |. E8 030DF9FF |call <jmp.&rtl70.System::LStrCat3>
004704D5 |. 8B45 D8 |mov eax,dword ptr ss:[ebp-28]
004704D8 |. E8 2314F9FF |call <jmp.&rtl70.Sysutils::StrToInt>
004704DD |. 8945 E4 |mov dword ptr ss:[ebp-1C],eax
004704E0 |. 3B7D F0 |cmp edi,dword ptr ss:[ebp-10]
004704E3 |. 7D 03 |jge short 影像科管.004704E8
004704E5 |. 47 |inc edi
004704E6 |. EB 05 |jmp short 影像科管.004704ED
004704E8 |> BF 01000000 |mov edi,1
004704ED |> 8B45 F8 |mov eax,dword ptr ss:[ebp-8]
004704F0 |. 33DB |xor ebx,ebx
004704F2 |. 8A5C38 FF |mov bl,byte ptr ds:[eax+edi-1] ;將假註冊碼除前兩位外,依次兩位送入運算
004704F6 |. 335D E4 |xor ebx,dword ptr ss:[ebp-1C] ;用戶名的asc碼依次送入運算
004704F9 |. 3B5D EC |cmp ebx,dword ptr ss:[ebp-14] ;結果和假註冊碼前兩位比較
004704FC |. 7F 0B |jg short 影像科管.00470509
004704FE |. 81C3 FF000000 |add ebx,0FF ;小於則+FF
00470504 |. 2B5D EC |sub ebx,dword ptr ss:[ebp-14] ;再-前兩位假註冊碼的asc碼
00470507 |. EB 03 |jmp short 影像科管.0047050C
00470509 |> 2B5D EC |sub ebx,dword ptr ss:[ebp-14] ;大於則直接-前兩位假註冊碼的asc碼
0047050C |> 8D45 D0 |lea eax,dword ptr ss:[ebp-30]
0047050F |. 8BD3 |mov edx,ebx
00470511 |. E8 8A0CF9FF |call <jmp.&rtl70.System::LStrFromChar>
00470516 |. 8B55 D0 |mov edx,dword ptr ss:[ebp-30]
00470519 |. 8D45 E8 |lea eax,dword ptr ss:[ebp-18]
0047051C |. E8 AF0CF9FF |call <jmp.&rtl70.System::LStrCat>
00470521 |. 8B45 E4 |mov eax,dword ptr ss:[ebp-1C]
00470524 |. 8945 EC |mov dword ptr ss:[ebp-14],eax
00470527 |. 83C6 02 |add esi,2
0047052A |. 8B45 FC |mov eax,dword ptr ss:[ebp-4]
0047052D |. E8 960CF9FF |call <jmp.&rtl70.System::LStrLen>
00470532 |. 3BF0 |cmp esi,eax
00470534 |.^ 0F8C 78FFFFFF \jl 影像科管.004704B2
0047053A |. 8B45 F4 mov eax,dword ptr ss:[ebp-C]
0047053D |. 8B55 E8 mov edx,dword ptr ss:[ebp-18]
00470540 |. E8 430CF9FF call <jmp.&rtl70.System::LStrAsg>
00470545 |. 33C0 xor eax,eax
00470547 |. 5A pop edx
00470548 |. 59 pop ecx
00470549 |. 59 pop ecx
0047054A |. 64:8910 mov dword ptr fs:[eax],edx
0047054D |. 68 7C054700 push 影像科管.0047057C
00470552 |> 8D45 D0 lea eax,dword ptr ss:[ebp-30]
00470555 |. BA 05000000 mov edx,5
0047055A |. E8 210CF9FF call <jmp.&rtl70.System::LStrArrayClr>
0047055F |. 8D45 E8 lea eax,dword ptr ss:[ebp-18]
00470562 |. E8 110CF9FF call <jmp.&rtl70.System::LStrClr>
00470567 |. 8D45 F8 lea eax,dword ptr ss:[ebp-8]
0047056A |. BA 02000000 mov edx,2
0047056F |. E8 0C0CF9FF call <jmp.&rtl70.System::LStrArrayClr>
00470574 \. C3 retn
算法分析:註冊碼長度應為,機器碼長度*2+2,字元範圍應是0123456789abcdefABCDEF,假設註冊碼為a1a2a3a4a5a6a7a8a9a10a11a12a13a14a15a16a17a18,我的機器碼為BFEBFBFF,其對應的asc碼為:42 46 45 42 46 42 46 46我的用戶名為ELSA,對應的asc碼為:45 4C 53 41則:
a3a4 xor 45--->小於a1a2,a3a4 xor 45 +FF-(a1a2)
--->大於a1a2,a3a4 xor 45-(a1a2) 所輸出的值為B的asc值42 (即機器碼前四位倒序後的第一位)
a5a6 xor 4C--->小於a3a4,a5a6 xor 4C +FF-(a3a4)
--->大於a3a4,a5a6 xor 4C-(a3a4) 所輸出的值為F的asc值46 (即機器碼前四位倒序後的第二位)
a7a8 xor 53--->小於a5a6,a7a8 xor 53 +FF-(a5a6)
--->大於a5a6,a7a8 xor 53-(a5a6) 所輸出的值為E的asc值45(即機器碼前四位倒序後的第三位)
a9a10 xor 41--->小於a7a8,a9a10 xor 41 +FF-(a7a8)
--->大於a7a8,a9a10 xor 41-(a7a8) 所輸出的值為B的asc值42 (即機器碼前四位倒序後的第四位)
a11a12 xor 45--->小於a9a10,a11a12 xor 45 +FF-(a9a10)
--->大於a9a10,a11a12 xor 45-(a9a10) 所輸出的值為F的asc值46 (即機器碼後四位倒序後的第一位)
a13a14 xor4C--->小於a11a12,a13a14 xor4C +FF-(a11a12)
--->大於a11a12,a13a14 xor4C-(a11a12) 所輸出的值為B的asc值42(即機器碼後四位倒序後的第二位)
a15a16 xor 53--->小於a13a14,a15a16 xor 53 +FF-(a13a14)
--->大於a13a14,a15a16 xor 53-(a13a14) 所輸出的值為F的asc值46(即機器碼後四位倒序後的第三位)
a17a18 xor 41--->小於a15a16,a17a18 xor 41 +FF-(a15a16)
--->大於a15a16,a17a18 xor 41-(a15a16) 所輸出的值為F的asc值46 (即機器碼後四位倒序後的第四位)
我的用戶名:ELSA
我的機器碼:BFEBFBFF
為大家提供一組註冊碼:383FC95CDF63E963E8或者是383fc95cdf63e963e8
|