对《悠仕书架1.2》程序的算法分析

 

 好久没玩过破解，看M这样牛B，我也重操旧业，来玩玩破解

软件下载：

http://www.pcdog.com/soft/19432.htm

 

之所以选这款软件呢，是因为。。。。。算法简单，其实可以直接把JZ换位JNE，但这样就和高中时的我没什么区别

看了这么久的《软件调试分析》，总要有一定的长进嘛,来。。一起算法分析。。

 

用DEDE载入，重要地方我已给出注释，不懂得地方留言讨论。

 

004078CF   E8B8AA0600             call    0047238C 
004078D4   837DFC00               cmp     dword ptr [ebp-$04], +$00      (比较输入种子码是否为空) 
004078D8   7408                   jz      004078E2 
004078DA   8B4DFC                 mov     ecx, [ebp-$04] 
004078DD   8B41FC                 mov     eax, [ecx-$04] 
004078E0   EB02                   jmp     004078E4 
004078E2   33C0                   xor     eax, eax 
004078E4   48                     dec     eax 
004078E5   7C47                   jl      0040792E 
004078E7   33D2                   xor     edx, edx 
004078E9   8955F8                 mov     [ebp-$08], edx 
004078EC   8D55F8                 lea     edx, [ebp-$08] 
004078EF   FF471C                 inc     dword ptr [edi+$1C] 

* Reference to control code_code : TEdit 
| 
004078F2   8B83D8020000           mov     eax, [ebx+$02D8] 

* Reference to: controls.TControl.GetText(TControl):System.String; 
| 
004078F8   E88FAA0600             call    0047238C 
004078FD   837DF800               cmp     dword ptr [ebp-$08], +$00        (比较输出入注册码是否为空) 
00407901   7408                   jz      0040790B 
00407903   8B4DF8                 mov     ecx, [ebp-$08] 
00407906   8B41FC                 mov     eax, [ecx-$04] 
00407909   EB02                   jmp     0040790D 
0040790B   33C0                   xor     eax, eax 
0040790D   48                     dec     eax 
0040790E   0F9CC2                 setl    dl 
00407911   83E201                 and     edx, +$01 
00407914   8D45F8                 lea     eax, [ebp-$08] 
00407917   52                     push    edx 
00407918   BA02000000             mov     edx, $00000002 
0040791D   FF4F1C                 dec     dword ptr [edi+$1C] 

| 
00407920   E8A3EF0B00             call    004C68C8 
00407925   59                     pop     ecx 
00407926   85C9                   test    ecx, ecx 
00407928   7504                   jnz     0040792E 
0040792A   33C0                   xor     eax, eax 
0040792C   EB05                   jmp     00407933 
0040792E   B801000000             mov     eax, $00000001 
00407933   50                     push    eax 
00407934   FF4F1C                 dec     dword ptr [edi+$1C] 
00407937   8D45FC                 lea     eax, [ebp-$04] 
0040793A   BA02000000             mov     edx, $00000002 

| 
0040793F   E884EF0B00             call    004C68C8 
00407944   59                     pop     ecx 
00407945   84C9                   test    cl, cl 
00407947   741D                   jz      00407966            (为空时,出现错误消息框) 
00407949   A14CA04E00             mov     eax, dword ptr [$4EA04C] 
0040794E   6A00                   push    $00 

* Possible String Reference to: '错误' 
| 
00407950   B916F24D00             mov     ecx, $004DF216 

* Possible String Reference to: '请正确输入注册种子与注册码' 
| 
00407955   BAFBF14D00             mov     edx, $004DF1FB 
0040795A   8B00                   mov     eax, [eax] 

| 
0040795C   E897EE0B00             call    004C67F8 
00407961   E9F2010000             jmp     00407B58 
00407966   66C747102000           mov     word ptr [edi+$10], $0020 
0040796C   33D2                   xor     edx, edx 
0040796E   8955F4                 mov     [ebp-$0C], edx 
00407971   8D55F4                 lea     edx, [ebp-$0C] 
00407974   FF471C                 inc     dword ptr [edi+$1C] 

* Reference to control seed_code : TEdit 
| 
00407977   8B83D4020000           mov     eax, [ebx+$02D4] 

* Reference to: controls.TControl.GetText(TControl):System.String; 
| 
0040797D   E80AAA0600             call    0047238C 
00407982   8D45F4                 lea     eax, [ebp-$0C] 
00407985   8B00                   mov     eax, [eax] 

* Reference to: sysutils.StrToInt(System.AnsiString):System.Integer; 
| 
00407987   E8DC8A0A00             call    004B0468        (将种子码变为十六进制) 
0040798C   8945AC                 mov     [ebp-$54], eax 
0040798F   FF4F1C                 dec     dword ptr [edi+$1C] 
00407992   8D45F4                 lea     eax, [ebp-$0C] 
00407995   BA02000000             mov     edx, $00000002 

| 
0040799A   E829EF0B00             call    004C68C8          
0040799F   66C747101400           mov     word ptr [edi+$10], $0014 
004079A5   66C747102C00           mov     word ptr [edi+$10], $002C 
004079AB   33C9                   xor     ecx, ecx 
004079AD   894DF0                 mov     [ebp-$10], ecx 
004079B0   8D55F0                 lea     edx, [ebp-$10] 
004079B3   FF471C                 inc     dword ptr [edi+$1C] 

* Reference to control code_code : TEdit 
| 
004079B6   8B83D8020000           mov     eax, [ebx+$02D8] 

* Reference to: controls.TControl.GetText(TControl):System.String; 
| 
004079BC   E8CBA90600             call    0047238C 
004079C1   8D45F0                 lea     eax, [ebp-$10] 
004079C4   8B00                   mov     eax, [eax] 

* Reference to: sysutils.StrToInt(System.AnsiString):System.Integer; 
| 
004079C6   E89D8A0A00             call    004B0468         (将注册码变为16进制) 
004079CB   8945A8                 mov     [ebp-$58], eax 
004079CE   FF4F1C                 dec     dword ptr [edi+$1C] 
004079D1   8D45F0                 lea     eax, [ebp-$10] 
004079D4   BA02000000             mov     edx, $00000002 

| 
004079D9   E8EAEE0B00             call    004C68C8 
004079DE   66C747101400           mov     word ptr [edi+$10], $0014 
004079E4   B99F860100             mov     ecx, $0001869F           (算法开始,先赋值给EAX=1869Fh) 
004079E9   2B4DAC                 sub     ecx, dword ptr [ebp-$54]     (减去种子码) 
004079EC   8BC1                   mov     eax, ecx                    (将值移到EAX) 
004079EE   03C0                   add     eax, eax                     (EAX+EAX) 
004079F0   8D0480                 lea     eax, [eax+eax*4]            (EAX=EAX*4+EAX) 
004079F3   83C017                 add     eax, +$17                  (EAX=EAX+17h) 
004079F6   3B45A8                 cmp     eax, [ebp-$58]             (与输入假码比较,) 
004079F9   0F853B010000           jnz     00407B3A           (相等则成功,进入注册表操作,不等则出现错误框) 
004079FF   B201                   mov     dl, $01 
00407A01   A118724400             mov     eax, dword ptr [$447218] 

| 
00407A06   E80DF90300             call    00447318 
00407A0B   8BF0                   mov     esi, eax 
00407A0D   BA02000080             mov     edx, $80000002 
00407A12   8BC6                   mov     eax, esi 

| 
00407A14   E8EFED0B00             call    004C6808 
00407A19   66C747103800           mov     word ptr [edi+$10], $0038 

* Possible String Reference to: '\Software\Userlife\bsp' 
| 
00407A1F   BA1BF24D00             mov     edx, $004DF21B 
00407A24   8D45EC                 lea     eax, [ebp-$14] 

| 
00407A27   E8E4ED0B00             call    004C6810 
00407A2C   FF471C                 inc     dword ptr [edi+$1C] 
00407A2F   8B10                   mov     edx, [eax] 
00407A31   B101                   mov     cl, $01 
00407A33   8BC6                   mov     eax, esi 

* Reference to: registry.TRegistry.OpenKey(TRegistry;System.AnsiString;System.Boolean):System.Boolean; 
| 
00407A35   E8E2F90300             call    0044741C 
00407A3A   FF4F1C                 dec     dword ptr [edi+$1C] 
00407A3D   8D45EC                 lea     eax, [ebp-$14] 
00407A40   BA02000000             mov     edx, $00000002 

| 
00407A45   E87EEE0B00             call    004C68C8 
00407A4A   33C9                   xor     ecx, ecx 
00407A4C   894DE4                 mov     [ebp-$1C], ecx 
00407A4F   8D55E4                 lea     edx, [ebp-$1C] 
00407A52   FF471C                 inc     dword ptr [edi+$1C] 

* Reference to control name_code : TEdit 
| 
00407A55   8B83D0020000           mov     eax, [ebx+$02D0] 

* Reference to: controls.TControl.GetText(TControl):System.String; 
| 
00407A5B   E82CA90600             call    0047238C 
00407A60   8D4DE4                 lea     ecx, [ebp-$1C] 

* Possible String Reference to: 'username' 
| 
00407A63   BA32F24D00             mov     edx, $004DF232 
00407A68   8B01                   mov     eax, [ecx] 
00407A6A   50                     push    eax 
00407A6B   8D45E8                 lea     eax, [ebp-$18] 
00407A6E   66C747104400           mov     word ptr [edi+$10], $0044 

| 
00407A74   E897ED0B00             call    004C6810 
00407A79   FF471C                 inc     dword ptr [edi+$1C] 
00407A7C   8B10                   mov     edx, [eax] 
00407A7E   8BC6                   mov     eax, esi 
00407A80   59                     pop     ecx 

* Reference to: registry.TRegistry.WriteString(TRegistry;System.AnsiString;System.AnsiString); 
| 
00407A81   E832FB0300             call    004475B8 
00407A86   FF4F1C                 dec     dword ptr [edi+$1C] 
00407A89   8D45E4                 lea     eax, [ebp-$1C] 
00407A8C   BA02000000             mov     edx, $00000002 

| 
00407A91   E832EE0B00             call    004C68C8 
00407A96   FF4F1C                 dec     dword ptr [edi+$1C] 
00407A99   8D45E8                 lea     eax, [ebp-$18] 
00407A9C   BA02000000             mov     edx, $00000002 

| 
00407AA1   E822EE0B00             call    004C68C8 
00407AA6   66C747105000           mov     word ptr [edi+$10], $0050 

* Possible String Reference to: 'reg1' 
| 
00407AAC   BA3BF24D00             mov     edx, $004DF23B 
00407AB1   8D45E0                 lea     eax, [ebp-$20] 

| 
00407AB4   E857ED0B00             call    004C6810 
00407AB9   FF471C                 inc     dword ptr [edi+$1C] 
00407ABC   8B10                   mov     edx, [eax] 
00407ABE   8B4DAC                 mov     ecx, [ebp-$54] 
00407AC1   8BC6                   mov     eax, esi 

* Reference to: registry.TRegistry.WriteInteger(TRegistry;System.AnsiString;System.Integer); 
| 
00407AC3   E894FB0300             call    0044765C 
00407AC8   FF4F1C                 dec     dword ptr [edi+$1C] 
00407ACB   8D45E0                 lea     eax, [ebp-$20] 
00407ACE   BA02000000             mov     edx, $00000002 

| 
00407AD3   E8F0ED0B00             call    004C68C8 
00407AD8   66C747105C00           mov     word ptr [edi+$10], $005C 

* Possible String Reference to: 'reg2' 
| 
00407ADE   BA40F24D00             mov     edx, $004DF240 
00407AE3   8D45DC                 lea     eax, [ebp-$24] 

| 
00407AE6   E825ED0B00             call    004C6810 
00407AEB   FF471C                 inc     dword ptr [edi+$1C] 
00407AEE   8B10                   mov     edx, [eax] 
00407AF0   8B4DA8                 mov     ecx, [ebp-$58] 
00407AF3   8BC6                   mov     eax, esi 

* Reference to: registry.TRegistry.WriteInteger(TRegistry;System.AnsiString;System.Integer); 
| 
00407AF5   E862FB0300             call    0044765C 
00407AFA   FF4F1C                 dec     dword ptr [edi+$1C] 
00407AFD   8D45DC                 lea     eax, [ebp-$24] 
00407B00   BA02000000             mov     edx, $00000002 

| 
00407B05   E8BEED0B00             call    004C68C8 
00407B0A   8BC6                   mov     eax, esi 

* Reference to: registry.TRegistry.CloseKey(TRegistry); 
| 
00407B0C   E877F80300             call    00447388 
00407B11   8BDE                   mov     ebx, esi 
00407B13   895DD4                 mov     [ebp-$2C], ebx 
00407B16   85DB                   test    ebx, ebx 
00407B18