查看單個文章
舊 2004-04-02, 09:46 PM   #1
psac
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設 SolidConverterPDF簡單註冊算法分析

軟體名稱:SolidConverterPDF

作者:龍岱客
Email:longdike@163.com
主 頁:http://www.chinadfcg.com http://bbs.crackgroup.com
下載地址:http://www.solidpdf.com/builds/solidconverterpdf.exe
破解工具:OllyDbg1.10B 漢化修改版
破解難度:一般
*********************************
文章簡介:
我的第一篇算法破文:)
*********************************
功能和保護方式簡介:
PDF轉Word的東東,好像效果不錯的說
*********************************
關於Solid Converter PDF 轉換中文文檔的使用經驗
(在options中選預設值,轉換時滑鼠指住PDF檔案點右鍵,在表單中選Open PDF in Word)
今天試轉換了我電腦上有的幾個PDF檔案,有《delphi6資料庫深入編程技術》、《資料庫設計指南》,《delphi5資料庫開發技術》,《delphi5編程技巧與實例》,每個檔案都很多,所以我沒有完全轉換(一共選了五、六個檔案,每個檔案少的有五頁,多的三十頁),發現沒有什麼問題,都成功了!漢字也可以編輯,沒有錯誤,只是圖片的位置有和字元重複的,完全可以使用。
*********************************
Unlock Code只與UserEmail有關,由Email算出Unlock Code
*********************************
破解分析:
用OD載入執行
搜尋交互使用
在CALL DWORD PTR DS:[<&ConverterCore.?ShowRegistryScreen@CConverterCoreAppWrapper@@QAEHXZ>]下斷
00401E3E . 8BCF MOV ECX,EDI
00401E40 . FF15 2C404000 CALL DWORD PTR DS:[<&ConverterCore.?Show>; Converte.?ShowSplashScreen@CConverterCoreAppWrapper@@QAEHXZ
00401E46 . 85C0 TEST EAX,EAX
00401E48 . 74 37 JE SHORT SolidCon.00401E81
00401E4A > 8BCF MOV ECX,EDI
00401E4C . FF15 30404000 CALL DWORD PTR DS:[<&ConverterCore.?Show>; Converte.?ShowRegistryScreen@CConverterCoreAppWrapper@@QAEHXZ;停在這,關鍵Call跟進
00401E52 . 85C0 TEST EAX,EAX
00401E54 . 74 2B JE SHORT SolidCon.00401E81
00401E56 . 8B86 D4000000 MOV EAX,DWORD PTR DS:[ESI+D4]
00401E5C . 85C0 TEST EAX,EAX
00401E5E . 74 0C JE SHORT SolidCon.00401E6C
00401E60 . 8BCF MOV ECX,EDI

{--------------CALL DWORD PTR DS:[<&ConverterCore.?Show>;--------------------
10004140 > 6A FF PUSH -1;我們停在這,然後搜索字元參考找到UNICODE "UserEmail",有兩處,都下斷
10004142 68 38080910 PUSH Converte.10090838
10004147 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
1000414D 50 PUSH EAX
1000414E 64:8925 0000000>MOV DWORD PTR FS:[0],ESP
10004155 83EC 08 SUB ESP,8
10004158 E8 C0B00800 CALL Converte.1008F21D
1000415D 50 PUSH EAX
1000415E 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4]
10004162 E8 25A60800 CALL <JMP.&MFC71LU.#314>
10004167 C74424 10 00000>MOV DWORD PTR SS:[ESP+10],0
1000416F E8 00A60800 CALL <JMP.&MFC71LU.#1079>
10004174 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
10004177 8B10 MOV EDX,DWORD PTR DS:[EAX]
10004179 8BC8 MOV ECX,EAX
1000417B FF92 34010000 CALL DWORD PTR DS:[EDX+134]
10004181 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4]
10004185 8B1424 MOV EDX,DWORD PTR SS:[ESP]
10004188 8951 04 MOV DWORD PTR DS:[ECX+4],EDX
1000418B 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8]
1000418F 64:890D 0000000>MOV DWORD PTR FS:[0],ECX
10004196 83C4 14 ADD ESP,14
10004199 C3 RETN
-------------------------------------------------------------------
1002E881 68 A0360A10 PUSH Converte.100A36A0 ; UNICODE "UserEmail",從新來過,可來到這裡
1002E886 C645 FC 01 MOV BYTE PTR SS:[EBP-4],1
1002E88A FF15 A8920910 CALL DWORD PTR DS:[<&MFC71LU.#283>] ; MFC71LU.#283
1002E890 8BCE MOV ECX,ESI
1002E892 C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
1002E896 E8 29F3FFFF CALL Converte.1002DBC4
1002E89B 8D4D 08 LEA ECX,DWORD PTR SS:[EBP+8]
1002E89E FF15 9C920910 CALL DWORD PTR DS:[<&MFC71LU.#577>] ; MFC71LU.#577
1002E8A4 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
1002E8A7 64:890D 0000000>MOV DWORD PTR FS:[0],ECX
1002E8AE 5E POP ESI
1002E8AF C9 LEAVE
1002E8B0 C2 0400 RETN 4 ;返回到1002C669
-------------------返回到下面---------------------------
1002C669 53 PUSH EBX
1002C66A 51 PUSH ECX
1002C66B 8BCC MOV ECX,ESP
1002C66D 8965 DC MOV DWORD PTR SS:[EBP-24],ESP
1002C670 68 74320A10 PUSH Converte.100A3274 ; UNICODE "organization"
1002C675 FF15 A8920910 CALL DWORD PTR DS:[<&MFC71LU.#283>] ; MFC71LU.#283
1002C67B 8BCE MOV ECX,ESI
1002C67D E8 43A1FFFF CALL Converte.100267C5
1002C682 50 PUSH EAX
1002C683 8BCE MOV ECX,ESI
1002C685 E8 1A240600 CALL <JMP.&MFC71LU.#2651>
1002C68A 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
1002C68D 51 PUSH ECX
1002C68E 8BC8 MOV ECX,EAX
1002C690 E8 57270600 CALL <JMP.&MFC71LU.#3756>
1002C695 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14] ;"DFCG"
1002C698 FF15 D8980910 CALL DWORD PTR DS:[<&MFC71LU.#6161>] ; MFC71LU.#6161
1002C69E 51 PUSH ECX
1002C69F 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
1002C6A2 8BCC MOV ECX,ESP
1002C6A4 8965 DC MOV DWORD PTR SS:[EBP-24],ESP
1002C6A7 50 PUSH EAX
1002C6A8 FF15 F0920910 CALL DWORD PTR DS:[<&MFC71LU.#280>] ; MFC71LU.#280
1002C6AE 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
1002C6B1 E8 47210000 CALL Converte.1002E7FD
1002C6B6 53 PUSH EBX
1002C6B7 51 PUSH ECX
1002C6B8 8BCC MOV ECX,ESP
1002C6BA 8965 DC MOV DWORD PTR SS:[EBP-24],ESP
1002C6BD 68 68320A10 PUSH Converte.100A3268 ; UNICODE "code"
1002C6C2 FF15 A8920910 CALL DWORD PTR DS:[<&MFC71LU.#283>] ; MFC71LU.#283
1002C6C8 8BCE MOV ECX,ESI
1002C6CA E8 F6A0FFFF CALL Converte.100267C5
1002C6CF 50 PUSH EAX
1002C6D0 8BCE MOV ECX,ESI
1002C6D2 E8 CD230600 CALL <JMP.&MFC71LU.#2651>
1002C6D7 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
1002C6DA 51 PUSH ECX
1002C6DB 8BC8 MOV ECX,EAX
1002C6DD E8 0A270600 CALL <JMP.&MFC71LU.#3756>
1002C6E2 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14] ;假碼"12345"
1002C6E5 FF15 D8980910 CALL DWORD PTR DS:[<&MFC71LU.#6161>] ; MFC71LU.#6161
1002C6EB 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
1002C6EE FF15 D4980910 CALL DWORD PTR DS:[<&MFC71LU.#4078>] ; MFC71LU.#4078
1002C6F4 53 PUSH EBX
1002C6F5 51 PUSH ECX
1002C6F6 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
1002C6F9 8BCC MOV ECX,ESP
1002C6FB 8965 DC MOV DWORD PTR SS:[EBP-24],ESP
1002C6FE 50 PUSH EAX
1002C6FF FF15 F0920910 CALL DWORD PTR DS:[<&MFC71LU.#280>] ; MFC71LU.#280
1002C705 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
1002C708 E8 88200000 CALL Converte.1002E795
1002C70D 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
1002C710 50 PUSH EAX
1002C711 8BCE MOV ECX,ESI
1002C713 E8 D4260600 CALL <JMP.&MFC71LU.#3756>
1002C718 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
1002C71B 50 PUSH EAX
1002C71C 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
1002C71F E8 27170000 CALL Converte.1002DE4B
1002C724 8BC8 MOV ECX,EAX
1002C726 FF15 DC920910 CALL DWORD PTR DS:[<&MFC71LU.#2895>] ; MFC71LU.#2896
1002C72C 83F8 02 CMP EAX,2
1002C72F 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
1002C732 0F9E45 F3 SETLE BYTE PTR SS:[EBP-D]
1002C736 FF15 9C920910 CALL DWORD PTR DS:[<&MFC71LU.#577>] ; MFC71LU.#577
1002C73C 385D F3 CMP BYTE PTR SS:[EBP-D],BL ;判斷用戶名的合法性
1002C73F 74 14 JE SHORT Converte.1002C755
1002C741 68 8C330A10 PUSH Converte.100A338C ; UNICODE "Invalid user name"
1002C746 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
1002C749 FF15 A8920910 CALL DWORD PTR DS:[<&MFC71LU.#283>] ; MFC71LU.#283
1002C74F C645 FC 02 MOV BYTE PTR SS:[EBP-4],2
1002C753 EB 3B JMP SHORT Converte.1002C790
1002C755 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
1002C758 50 PUSH EAX
1002C759 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
1002C75C E8 80190000 CALL Converte.1002E0E1
1002C761 8BC8 MOV ECX,EAX
1002C763 FF15 DC920910 CALL DWORD PTR DS:[<&MFC71LU.#2895>] ; MFC71LU.#2896
1002C769 83F8 04 CMP EAX,4
1002C76C 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
1002C76F 0F9E45 F3 SETLE BYTE PTR SS:[EBP-D]
1002C773 FF15 9C920910 CALL DWORD PTR DS:[<&MFC71LU.#577>] ; MFC71LU.#577
1002C779 385D F3 CMP BYTE PTR SS:[EBP-D],BL ;判斷Email的合法性
1002C77C 74 54 JE SHORT Converte.1002C7D2
1002C77E 68 60330A10 PUSH Converte.100A3360 ; UNICODE "Invalid email address"
1002C783 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
1002C786 FF15 A8920910 CALL DWORD PTR DS:[<&MFC71LU.#283>] ; MFC71LU.#283
1002C78C C645 FC 03 MOV BYTE PTR SS:[EBP-4],3
1002C790 6A 01 PUSH 1
1002C792 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
1002C795 50 PUSH EAX
1002C796 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
1002C799 50 PUSH EAX
1002C79A 8BCF MOV ECX,EDI
1002C79C E8 E4310000 CALL Converte.1002F985
1002C7A1 6A 10 PUSH 10
1002C7A3 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
1002C7A6 8BF8 MOV EDI,EAX
1002C7A8 FF15 AC920910 CALL DWORD PTR DS:[<&MFC71LU.#870>] ; MFC71LU.#2806
1002C7AE 50 PUSH EAX
1002C7AF 8BCF MOV ECX,EDI
1002C7B1 FF15 AC920910 CALL DWORD PTR DS:[<&MFC71LU.#870>] ; MFC71LU.#2806
1002C7B7 50 PUSH EAX
1002C7B8 FF76 20 PUSH DWORD PTR DS:[ESI+20]
1002C7BB FF15 B0FF0D10 CALL DWORD PTR DS:[100DFFB0] ; Converte.1008D7C8
1002C7C1 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
1002C7C4 FF15 9C920910 CALL DWORD PTR DS:[<&MFC71LU.#577>] ; MFC71LU.#577
1002C7CA 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
1002C7CD E9 A8010000 JMP Converte.1002C97A
1002C7D2 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
1002C7D5 E8 14220000 CALL Converte.1002E9EE;關鍵Call跟進
{----------------------CALL Converte.1002E9EE-------------------------
1002E9EE B8 094D0910 MOV EAX,Converte.10094D09
1002E9F3 E8 500E0600 CALL Converte.1008F848
1002E9F8 83EC 1C SUB ESP,1C
1002E9FB 53 PUSH EBX
1002E9FC 56 PUSH ESI
1002E9FD 57 PUSH EDI
1002E9FE 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
1002EA01 33DB XOR EBX,EBX
1002EA03 50 PUSH EAX
1002EA04 8BF9 MOV EDI,ECX
1002EA06 895D E4 MOV DWORD PTR SS:[EBP-1C],EBX
1002EA09 E8 A6F7FFFF CALL Converte.1002E1B4
1002EA0E 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
1002EA11 50 PUSH EAX
1002EA12 8BCF MOV ECX,EDI
1002EA14 895D FC MOV DWORD PTR SS:[EBP-4],EBX
1002EA17 E8 C5F6FFFF CALL Converte.1002E0E1
1002EA1C 53 PUSH EBX
1002EA1D 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
1002EA20 50 PUSH EAX
1002EA21 8BCF MOV ECX,EDI
1002EA23 C645 FC 01 MOV BYTE PTR SS:[EBP-4],1
1002EA27 E8 F2F4FFFF CALL Converte.1002DF1E
1002EA2C 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
1002EA2F C645 FC 02 MOV BYTE PTR SS:[EBP-4],2
1002EA33 FF15 C4920910 CALL DWORD PTR DS:[<&MFC71LU.#3927>] ; MFC71LU.#3928
1002EA39 84C0 TEST AL,AL
1002EA3B 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
1002EA3E 0F84 9B000000 JE Converte.1002EADF
1002EA44 FF15 DC920910 CALL DWORD PTR DS:[<&MFC71LU.#2895>] ; MFC71LU.#2896
1002EA4A 85C0 TEST EAX,EAX
1002EA4C 74 43 JE SHORT Converte.1002EA91
1002EA4E 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
1002EA51 FF15 DC920910 CALL DWORD PTR DS:[<&MFC71LU.#2895>] ; MFC71LU.#2896
1002EA57 85C0 TEST EAX,EAX
1002EA59 74 36 JE SHORT Converte.1002EA91
1002EA5B 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
1002EA5E 50 PUSH EAX
1002EA5F 53 PUSH EBX
1002EA60 51 PUSH ECX
1002EA61 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
1002EA64 8BCC MOV ECX,ESP
1002EA66 8965 E4 MOV DWORD PTR SS:[EBP-1C],ESP
1002EA69 50 PUSH EAX
1002EA6A FF15 F0920910 CALL DWORD PTR DS:[<&MFC71LU.#280>] ; MFC71LU.#280
1002EA70 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
1002EA73 E8 8CEAFFFF CALL Converte.1002D504 ;跟進
{----------------CALL Converte.1002D504----------------------------
1002D504 B8 8C4A0910 MOV EAX,Converte.10094A8C
1002D509 E8 3A230600 CALL Converte.1008F848
1002D50E 51 PUSH ECX
1002D50F 8365 F0 00 AND DWORD PTR SS:[EBP-10],0
1002D513 57 PUSH EDI
1002D514 8BF9 MOV EDI,ECX
1002D516 8365 FC 00 AND DWORD PTR SS:[EBP-4],0
1002D51A E8 55120600 CALL <JMP.&MFC71LU.#1079>
1002D51F 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
1002D522 8B10 MOV EDX,DWORD PTR DS:[EAX]
1002D524 6A 01 PUSH 1
1002D526 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
1002D529 51 PUSH ECX
1002D52A 8BC8 MOV ECX,EAX
1002D52C FF92 C4000000 CALL DWORD PTR DS:[EDX+C4]
1002D532 807D 0C 00 CMP BYTE PTR SS:[EBP+C],0
1002D536 C645 FC 01 MOV BYTE PTR SS:[EBP-4],1
1002D53A 74 0E JE SHORT Converte.1002D54A
1002D53C 68 CC350A10 PUSH Converte.100A35CC ; UNICODE "Eval"
1002D541 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
1002D544 FF15 98940910 CALL DWORD PTR DS:[<&MFC71LU.#899>] ; MFC71LU.#888
1002D54A 8D45 08 LEA EAX,DWORD PTR SS:[EBP+8]
1002D54D 50 PUSH EAX
1002D54E 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
1002D551 FF15 94940910 CALL DWORD PTR DS:[<&MFC71LU.#896>] ; MFC71LU.#896
1002D557 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
1002D55A FF15 AC920910 CALL DWORD PTR DS:[<&MFC71LU.#870>] ; MFC71LU.#2806
1002D560 50 PUSH EAX ; Email和軟體名連接成"SolidConverterPDFlongdike@163.com"
1002D561 E8 9EFEFFFF CALL Converte.1002D404;算法Call,跟進
{-----------------CALL Converte.1002D404---------------------
1002D404 B8 704A0910 MOV EAX,Converte.10094A70
1002D409 E8 3A240600 CALL Converte.1008F848
1002D40E 83EC 0C SUB ESP,0C
1002D411 8365 E8 00 AND DWORD PTR SS:[EBP-18],0
1002D415 56 PUSH ESI
1002D416 68 90350A10 PUSH Converte.100A3590 ; UNICODE "SolidConverterPDFfff@mail.com"
1002D41B FF75 08 PUSH DWORD PTR SS:[EBP+8]
1002D41E FF15 209B0910 CALL DWORD PTR DS:[<&MSLUR71._wcsicmp>] ; MSLUR71._wcsicmp
1002D424 85C0 TEST EAX,EAX
1002D426 59 POP ECX
1002D427 59 POP ECX
1002D428 75 12 JNZ SHORT Converte.1002D43C
1002D42A 68 84350A10 PUSH Converte.100A3584 ; UNICODE "xxxx"
1002D42F 8BCF MOV ECX,EDI
1002D431 FF15 A8920910 CALL DWORD PTR DS:[<&MFC71LU.#283>] ; MFC71LU.#283
1002D437 E9 B9000000 JMP Converte.1002D4F5
1002D43C 51 PUSH ECX
1002D43D 8BCC MOV ECX,ESP
1002D43F 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP
1002D442 FF75 08 PUSH DWORD PTR SS:[EBP+8]
1002D445 FF15 A8920910 CALL DWORD PTR DS:[<&MFC71LU.#283>] ; MFC71LU.#283
1002D44B E8 90B90000 CALL Converte.10038DE0 ;
{-------------CALL Converte.10038DE0-----------------
10038DE0 B8 165F0910 MOV EAX,Converte.10095F16
10038DE5 E8 5E6A0500 CALL Converte.1008F848
10038DEA 81EC 04040000 SUB ESP,404
10038DF0 A1 58FE0D10 MOV EAX,DWORD PTR DS:[100DFE58]
10038DF5 53 PUSH EBX
10038DF6 56 PUSH ESI
10038DF7 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
10038DFA 57 PUSH EDI
10038DFB 33DB XOR EBX,EBX
10038DFD 8D4D 08 LEA ECX,DWORD PTR SS:[EBP+8]
10038E00 895D FC MOV DWORD PTR SS:[EBP-4],EBX
10038E03 FF15 58990910 CALL DWORD PTR DS:[<&MFC71LU.#4074>] ; MFC71LU.#4074,變小寫"solidconverterpdflongdike@163.com"
10038E09 53 PUSH EBX
10038E0A 53 PUSH EBX
10038E0B 68 00040000 PUSH 400
10038E10 8D85 F0FBFFFF LEA EAX,DWORD PTR SS:[EBP-410]
10038E16 50 PUSH EAX
10038E17 8D4D 08 LEA ECX,DWORD PTR SS:[EBP+8]
10038E1A FF15 DC920910 CALL DWORD PTR DS:[<&MFC71LU.#2895>] ; MFC71LU.#2896
10038E20 50 PUSH EAX
10038E21 53 PUSH EBX
10038E22 8D4D 08 LEA ECX,DWORD PTR SS:[EBP+8]
10038E25 FF15 88950910 CALL DWORD PTR DS:[<&MFC71LU.#2460>] ; MFC71LU.#5149
10038E2B 50 PUSH EAX
10038E2C 53 PUSH EBX
10038E2D 53 PUSH EBX
10038E2E FF15 58FF0D10 CALL DWORD PTR DS:[100DFF58] ; kernel32.WideCharToMultiByte,求字元串長度
10038E34 8BF8 MOV EDI,EAX ; EDI=EAX=21H=33=循環次數
10038E36 6A FF PUSH -1
10038E38 8D4D 08 LEA ECX,DWORD PTR SS:[EBP+8]
10038E3B 889C3D F0FBFFFF MOV BYTE PTR SS:[EBP+EDI-410],BL
10038E42 FF15 84950910 CALL DWORD PTR DS:[<&MFC71LU.#5398>] ; MFC71LU.#5398
10038E48 33C0 XOR EAX,EAX
10038E4A 33F6 XOR ESI,ESI
10038E4C 3BFB CMP EDI,EBX
10038E4E 7E 13 JLE SHORT Converte.10038E63
10038E50 0FBE8C05 F0FBFF>MOVSX ECX,BYTE PTR SS:[EBP+EAX-410] ; ECX=ASC('s')=73
10038E58 8D740E 0D LEA ESI,DWORD PTR DS:[ESI+ECX+D] ; ESI=ESI+ECX+D
10038E5C 03DE ADD EBX,ESI ; EBX=EBX+ESI
10038E5E 40 INC EAX ; EAX=EAX+1
10038E5F 3BC7 CMP EAX,EDI ; EAX與EDI=循環次數比較
10038E61 ^ 7C ED JL SHORT Converte.10038E50 ; 低於循環次數繼續累加
10038E63 8D4D 08 LEA ECX,DWORD PTR SS:[EBP+8] ; EBX=00010252
10038E66 FF15 9C920910 CALL DWORD PTR DS:[<&MFC71LU.#577>] ; MFC71LU.#577
10038E6C 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
10038E6F 8BC3 MOV EAX,EBX
10038E71 C1E0 10 SHL EAX,10 ; EAX左移16位EAX=02520000
10038E74 5F POP EDI
10038E75 03C6 ADD EAX,ESI ; 最後結果EAX=EAX+ESI=02520000+00000E6E=02520E6E
10038E77 5E POP ESI
10038E78 64:890D 0000000>MOV DWORD PTR FS:[0],ECX
10038E7F 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
10038E82 5B POP EBX
10038E83 E8 6F660500 CALL Converte.1008F4F7
10038E88 C9 LEAVE
10038E89 C3 RETN
-------------CALL Converte.10038DE0-------------}
1002D450 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
1002D453 8BF0 MOV ESI,EAX
1002D455 C70424 5C350A10 MOV DWORD PTR SS:[ESP],Converte.100A355C ; UNICODE "bcdfghkmnpqrstvwxyz"密碼碼表,(0-18)19個
1002D45C FF15 A8920910 CALL DWORD PTR DS:[<&MFC71LU.#283>] ; MFC71LU.#283
1002D462 8365 FC 00 AND DWORD PTR SS:[EBP-4],0
1002D466 68 C89F0910 PUSH Converte.10099FC8
1002D46B 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
1002D46E FF15 A8920910 CALL DWORD PTR DS:[<&MFC71LU.#283>] ; MFC71LU.#283
1002D474 C645 FC 01 MOV BYTE PTR SS:[EBP-4],1
1002D478 EB 50 JMP SHORT Converte.1002D4CA
1002D47A 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
1002D47D FF15 DC920910 CALL DWORD PTR DS:[<&MFC71LU.#2895>] ; MFC71LU.#2896,EAX清零,做計數器
1002D483 83F8 04 CMP EAX,4 ; 循環4次了嗎?
1002D486 7D 46 JGE SHORT Converte.1002D4CE ; 沒有則繼續,循環完4次則跳
1002D488 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14] ; 表首地址
1002D48B FF15 DC920910 CALL DWORD PTR DS:[<&MFC71LU.#2895>] ; MFC71LU.#2896
1002D491 8BC8 MOV ECX,EAX ; ECX=EAX=13H=19
1002D493 8BC6 MOV EAX,ESI ; EAX=ESI=02520E6E
; 001F4420
; 0001A545
; 0000162C
1002D495 99 CDQ
1002D496 F7F9 IDIV ECX
1002D498 52 PUSH EDX ; 商EAX=001F4420餘數=0E=14
; 商EAX=0001A545餘數=01=1
; 商EAX=0000162C餘數=01=1
; 商EAX=0000012A餘數=0E=14
1002D499 E8 D0230600 CALL <JMP.&MSLUR71.labs> ; 查表第14個'v'
; 查表第1個'c'
; 查表第1個'c'
; 查表第14個'v'
1002D49E 59 POP ECX
1002D49F 50 PUSH EAX
1002D4A0 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
1002D4A3 FF15 9C950910 CALL DWORD PTR DS:[<&MFC71LU.#2444>] ; MFC71LU.#2444
1002D4A9 8845 E8 MOV BYTE PTR SS:[EBP-18],AL
1002D4AC FF75 E8 PUSH DWORD PTR SS:[EBP-18]
1002D4AF 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
1002D4B2 FF15 DC980910 CALL DWORD PTR DS:[<&MFC71LU.#897>] ; MFC71LU.#897,字元連接'v'
'vc'
'vcc'
'vccv'
1002D4B8 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
1002D4BB FF15 DC920910 CALL DWORD PTR DS:[<&MFC71LU.#2895>] ; MFC71LU.#2896
1002D4C1 8BC8 MOV ECX,EAX
1002D4C3 8BC6 MOV EAX,ESI
1002D4C5 99 CDQ
1002D4C6 F7F9 IDIV ECX ; 將02520E6E除以13H=001F4420商不為零作下一個被除數
; 將001F4420除以13H=0001A545商不為零作下一個被除數
; 將0001A545除以13H=0000162C商不為零作下一個被除數
; 將0000162C除以13H=0000012A商不為零作下一個被除數
1002D4C8 8BF0 MOV ESI,EAX
1002D4CA 85F6 TEST ESI,ESI
1002D4CC ^ 75 AC JNZ SHORT Converte.1002D47A ; 商不是0則循環
1002D4CE 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
1002D4D1 FF15 D4980910 CALL DWORD PTR DS:[<&MFC71LU.#4078>] ; MFC71LU.#4078,小寫變大寫
1002D4D7 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10] ; 真碼"VCCV"
1002D4DA 50 PUSH EAX
1002D4DB 8BCF MOV ECX,EDI
1002D4DD FF15 F0920910 CALL DWORD PTR DS:[<&MFC71LU.#280>] ; MFC71LU.#280
1002D4E3 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
1002D4E6 FF15 9C920910 CALL DWORD PTR DS:[<&MFC71LU.#577>] ; MFC71LU.#577
1002D4EC 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
1002D4EF FF15 9C920910 CALL DWORD PTR DS:[<&MFC71LU.#577>] ; MFC71LU.#577
1002D4F5 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
1002D4F8 8BC7 MOV EAX,EDI
1002D4FA 64:890D 0000000>MOV DWORD PTR FS:[0],ECX
1002D501 5E POP ESI
1002D502 C9 LEAVE
1002D503 C3 RETN
--------------CALL Converte.1002D404---------------}
1002D566 59 POP ECX
1002D567 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
1002D56A FF15 9C920910 CALL DWORD PTR DS:[<&MFC71LU.#577>] ; MFC71LU.#577
1002D570 8D4D 08 LEA ECX,DWORD PTR SS:[EBP+8]
1002D573 FF15 9C920910 CALL DWORD PTR DS:[<&MFC71LU.#577>] ; MFC71LU.#577
1002D579 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
1002D57C 8BC7 MOV EAX,EDI
1002D57E 5F POP EDI
1002D57F 64:890D 0000000>MOV DWORD PTR FS:[0],ECX
1002D586 C9 LEAVE
1002D587 C3 RETN
-----------CALL Converte.1002D504----------------}
1002EA78 59 POP ECX
1002EA79 59 POP ECX
1002EA7A 33F6 XOR ESI,ESI
1002EA7C 46 INC ESI
1002EA7D 50 PUSH EAX
1002EA7E 8975 E4 MOV DWORD PTR SS:[EBP-1C],ESI
1002EA81 E8 3AAAFDFF CALL Converte.100094C0 ;真假碼比較
1002EA86 84C0 TEST AL,AL
1002EA88 59 POP ECX
1002EA89 59 POP ECX
1002EA8A 75 08 JNZ SHORT Converte.1002EA94
1002EA8C 885D F3 MOV BYTE PTR SS:[EBP-D],BL
1002EA8F EB 07 JMP SHORT Converte.1002EA98
1002EA91 33F6 XOR ESI,ESI
1002EA93 46 INC ESI
1002EA94 C645 F3 01 MOV BYTE PTR SS:[EBP-D],1
1002EA98 F645 E4 01 TEST BYTE PTR SS:[EBP-1C],1
………………
接下去是將UserEmail寫入註冊表,然後跳到出現錯誤
-------------------CALL Converte.1002E9EE------------------------}
1002C7DA 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
1002C7DD E8 921F0600 CALL <JMP.&MFC71LU.#1079>
1002C7E2 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
1002C7E5 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
1002C7E8 8988 A8000000 MOV DWORD PTR DS:[EAX+A8],ECX
1002C7EE E8 811F0600 CALL <JMP.&MFC71LU.#1079>
1002C7F3 8B48 04 MOV ECX,DWORD PTR DS:[EAX+4]
1002C7F6 E8 C561FDFF CALL Converte.100029C0
1002C7FB 84C0 TEST AL,AL
1002C7FD 0F84 F4000000 JE Converte.1002C8F7
1002C803 E8 6C1F0600 CALL <JMP.&MFC71LU.#1079>
1002C808 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
1002C80B 83B8 A8000000 0>CMP DWORD PTR DS:[EAX+A8],4
1002C812 75 61 JNZ SHORT Converte.1002C875
1002C814 68 30330A10 PUSH Converte.100A3330 ; UNICODE "Successfully_Registered"
1002C819 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
1002C81C FF15 A8920910 CALL DWORD PTR DS:[<&MFC71LU.#283>] ; MFC71LU.#283
1002C822 6A 01 PUSH 1
1002C824 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
1002C827 50 PUSH EAX
1002C828 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
1002C82B 50 PUSH EAX
1002C82C 8BCF MOV ECX,EDI
1002C82E C645 FC 04 MOV BYTE PTR SS:[EBP-4],4
1002C832 E8 4E310000 CALL Converte.1002F985
1002C837 53 PUSH EBX
1002C838 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
1002C83B 8BF8 MOV EDI,EAX
1002C83D FF15 AC920910 CALL DWORD PTR DS:[<&MFC71LU.#870>] ; MFC71LU.#2806
1002C843 50 PUSH EAX
1002C844 8BCF MOV ECX,EDI
1002C846 FF15 AC920910 CALL DWORD PTR DS:[<&MFC71LU.#870>] ; MFC71LU.#2806
1002C84C 50 PUSH EAX
1002C84D FF76 20 PUSH DWORD PTR DS:[ESI+20]
1002C850 FF15 B0FF0D10 CALL DWORD PTR DS:[100DFFB0] ; Converte.1008D7C8
1002C856 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
1002C859 FF15 9C920910 CALL DWORD PTR DS:[<&MFC71LU.#577>] ; MFC71LU.#577
1002C85F 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
1002C862 C645 FC 01 MOV BYTE PTR SS:[EBP-4],1
1002C866 FF15 9C920910 CALL DWORD PTR DS:[<&MFC71LU.#577>] ; MFC71LU.#577
1002C86C E8 031F0600 CALL <JMP.&MFC71LU.#1079>
1002C871 6A 02 PUSH 2
1002C873 EB 70 JMP SHORT Converte.1002C8E5
1002C875 E8 FA1E0600 CALL <JMP.&MFC71LU.#1079>
1002C87A 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
1002C87D 83B8 A8000000 0>CMP DWORD PTR DS:[EAX+A8],2
1002C884 75 65 JNZ SHORT Converte.1002C8EB
1002C886 68 04330A10 PUSH Converte.100A3304 ; UNICODE "Successfully_Unlocked"
1002C88B 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
1002C88E FF15 A8920910 CALL DWORD PTR DS:[<&MFC71LU.#283>] ; MFC71LU.#283
1002C894 6A 01 PUSH 1
1002C896 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
1002C899 50 PUSH EAX
1002C89A 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
1002C89D 50 PUSH EAX
1002C89E 8BCF MOV ECX,EDI
1002C8A0 C645 FC 05 MOV BYTE PTR SS:[EBP-4],5
1002C8A4 E8 DC300000 CALL Converte.1002F985
1002C8A9 53 PUSH EBX
1002C8AA 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
1002C8AD 8BF8 MOV EDI,EAX
1002C8AF FF15 AC920910 CALL DWORD PTR DS:[<&MFC71LU.#870>] ; MFC71LU.#2806
1002C8B5 50 PUSH EAX
1002C8B6 8BCF MOV ECX,EDI
1002C8B8 FF15 AC920910 CALL DWORD PTR DS:[<&MFC71LU.#870>] ; MFC71LU.#2806
1002C8BE 50 PUSH EAX
1002C8BF FF76 20 PUSH DWORD PTR DS:[ESI+20]
1002C8C2 FF15 B0FF0D10 CALL DWORD PTR DS:[100DFFB0] ; Converte.1008D7C8
1002C8C8 8D4D DC LEA ECX,DWORD PTR SS:[EBP
****************************************
總結:
算法總結:
ESI=Length(solidconverterpdf+UserEmail)×D+(「solidconverterpdf+UserEmail」ASCII值累加和)
EAX=每次循環ESI的累加,EAX的最後結果左移16位+ESI的值作為被除數,除數為13H=19,商作為下一循環的被除數,按餘數的值查表"bcdfghkmnpqrstvwxyz"取字元作為Unlock Code,循環4次結束,所得4個字元即為Unlock Code
*****************************************
聲明:獻給可愛的DFCG,恭賀DFCG兩歲生日,祝DFCG蒸蒸日上:)轉載請保持文章的完整
*****************************************
2004.04.01 龍岱客
psac 目前離線  
送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次