:004D5AA1 A11CC34300 mov eax, dword ptr [0043C31C]
:004D5AA6 E87169F6FF call 0043C41C
:004D5AAB 8BF0 mov esi, eax
:004D5AAD BA02000080 mov edx, 80000002
:004D5AB2 8BC6 mov eax, esi
:004D5AB4 E8036AF6FF call 0043C4BC
:004D5AB9 B101 mov cl, 01
* Possible StringData Ref from Data Obj ->"SOFTWARE\Super Computer Companion"
-----------------------------------------------------------------
上面004D5A8B的CALL来到这里(这一段我是用Ollydbg复制的),好长啊...
这里就是把用户名和机器码计算正确注册码的过程了!
可惜自己的基本功差劲,所以等你来帮偶分析!嘻嘻...
004D51DC 55 PUSH EBP
004D51DD 8BEC MOV EBP, ESP
004D51DF 51 PUSH ECX
004D51E0 B9 0B000000 MOV ECX, 0B
004D51E5 6A 00 PUSH 0
004D51E7 6A 00 PUSH 0
004D51E9 49 DEC ECX
004D51EA ^ 75 F9 JNZ SHORT SUPERCC.004D51E5
.................................
..........................
004D5361 8B55 B0 MOV EDX, DWORD PTR SS:[EBP-50]
004D5364 8BC3 MOV EAX, EBX
004D5366 E8 95F8F2FF CALL SUPERCC.00404C00
004D536B FF75 F4 PUSH DWORD PTR SS:[EBP-C]
004D536E FF75 F0 PUSH DWORD PTR SS:[EBP-10]
004D5371 8D45 AC LEA EAX, DWORD PTR SS:[EBP-54]
004D5374 E8 1341F3FF CALL SUPERCC.0040948C
004D5379 8B45 AC MOV EAX, DWORD PTR SS:[EBP-54]
004D537C E8 77F8F2FF CALL SUPERCC.00404BF8
004D5381 8BF0 MOV ESI, EAX
004D5383 8B45 CC MOV EAX, DWORD PTR SS:[EBP-34] ; SUPERCC.004D5C24
//当前取了4位后的机器码!
004D5386 E8 6DF8F2FF CALL SUPERCC.00404BF8
//当前取了4位后机器码的位数!
004D538B 3BF0 CMP ESI, EAX
//ESI=5;当前取了4位后的机器码的位数比较!
004D538D ^ 0F8E CCFEFFFF JLE SUPERCC.004D525F
//小于或等于就跳回去继续...
004D5393 8B45 CC MOV EAX, DWORD PTR SS:[EBP-34] ; SUPERCC.004D5C24
004D5396 E8 5DF8F2FF CALL SUPERCC.00404BF8
004D539B 85C0 TEST EAX, EAX
004D539D 74 49 JE SHORT SUPERCC.004D53E8
004D539F 8B45 CC MOV EAX, DWORD PTR SS:[EBP-34] ; SUPERCC.004D5C24
004D53A2 E8 3541F3FF CALL SUPERCC.004094DC
004D53A7 99 CDQ
004D53A8 8945 D8 MOV DWORD PTR SS:[EBP-28], EAX
004D53AB 8955 DC MOV DWORD PTR SS:[EBP-24], EDX
004D53AE FF75 F4 PUSH DWORD PTR SS:[EBP-C]
....................
.............
004D545C 8D45 F8 LEA EAX, DWORD PTR SS:[EBP-8]
004D545F BA 02000000 MOV EDX, 2
004D5464 E8 F3F4F2FF CALL SUPERCC.0040495C
004D5469 C3 RETN
004D546A ^ E9 49EEF2FF JMP SUPERCC.004042B8
004D546F ^ EB DE JMP SHORT SUPERCC.004D544F
004D5471 5E POP ESI ; SUPERCC.004D5A90
004D5472 5B POP EBX ; SUPERCC.004D5A90
004D5473 8BE5 MOV ESP, EBP
004D5475 5D POP EBP ; SUPERCC.004D5A90
004D5476 C3 RETN
//来到这里,整个计算过程划上了完美的句号!
--------------------------------------------------------------------
后来用注册后的"超级
电脑伴侣V1.20"上网,才发现了这个暗桩!
:00507198 55 push ebp
:00507199 8BEC mov ebp, esp
:0050719B 6A00 push 00000000
:0050719D 53 push ebx
:0050719E 8BD8 mov ebx, eax
:005071A0 33C0 xor eax, eax
:005071A2 55 push ebp
:005071A3 684B725000 push 0050724B
:005071A8 64FF30 push dword ptr fs:[eax]
:005071AB 648920 mov dword ptr fs:[eax], esp
:005071AE 33D2 xor edx, edx
:005071B0 8B838C030000 mov eax, dword ptr [ebx+0000038C]
:005071B6 E845F3F2FF call 00436500
:005071BB 833D48DA500000 cmp dword ptr [0050DA48], 00000000
//是否官方正式的注册码比较标志!
:005071C2 7571 jne 00507235
//把这里的7571改成EB71就可以跳过去了!
:005071C4 33C0 xor eax, eax
:005071C6 8983C8060000 mov dword ptr [ebx+000006C8], eax
:005071CC B201 mov dl, 01
:005071CE 8B8380030000 mov eax, dword ptr [ebx+00000380]
:005071D4 E83F56F7FF call 0047C818
:005071D9 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"否"
关键词:超级电脑伴侣1.20