超級網迷
超級網迷+ 電腦迷+ 音樂迷
程序裏有這麽一段代碼:
......
00405F4A 8B7424 24 MOV ESI,DWORD PTR SS:[ESP+24]
00405F4E 57 PUSH EDI
00405F4F 8BFE MOV EDI,ESI
00405F51 F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00405F53 F7D1 NOT ECX
00405F55 49 DEC ECX
00405F56 83F9 14 CMP ECX,14 //注冊碼必須是20位
00405F59 74 07 JE SHORT pdf2word.00405F62 //跳轉到下一步
......
00405F62 8A06 MOV AL,BYTE PTR DS:[ESI]
00405F64 8A4E 01 MOV CL,BYTE PTR DS:[ESI+1]
00405F67 8D5424 0C LEA EDX,DWORD PTR SS:[ESP+C]
00405F6B 32DB XOR BL,BL
00405F6D 52 PUSH EDX
00405F6E 884424 1C MOV BYTE PTR SS:[ESP+1C],AL
00405F72 885C24 1D MOV BYTE PTR SS:[ESP+1D],BL
00405F76 884C24 10 MOV BYTE PTR SS:[ESP+10],CL
00405F7A 885C24 11 MOV BYTE PTR SS:[ESP+11],BL
00405F7E E8 C4A61800 CALL pdf2word.00590647
00405F83 8BF8 MOV EDI,EAX
00405F85 8D4424 1C LEA EAX,DWORD PTR SS:[ESP+1C]
00405F89 50 PUSH EAX
00405F8A E8 B8A61800 CALL pdf2word.00590647
00405F8F 03F8 ADD EDI,EAX
00405F91 83C4 08 ADD ESP,8
00405F94 83FF 0B CMP EDI,0B //第一位和第二位之和是11
00405F97 74 09 JE SHORT pdf2word.00405FA2 //跳轉到下一步
......
00405FA2 8A4E 12 MOV CL,BYTE PTR DS:[ESI+12]
00405FA5 8A56 13 MOV DL,BYTE PTR DS:[ESI+13]
00405FA8 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+C]
00405FAC 884C24 18 MOV BYTE PTR SS:[ESP+18],CL
00405FB0 50 PUSH EAX
00405FB1 885C24 1D MOV BYTE PTR SS:[ESP+1D],BL
00405FB5 885424 10 MOV BYTE PTR SS:[ESP+10],DL
00405FB9 885C24 11 MOV BYTE PTR SS:[ESP+11],BL
00405FBD E8 85A61800 CALL pdf2word.00590647
00405FC2 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
00405FC6 8BF8 MOV EDI,EAX
00405FC8 51 PUSH ECX
00405FC9 E8 79A61800 CALL pdf2word.00590647
00405FCE 03F8 ADD EDI,EAX
00405FD0 83C4 08 ADD ESP,8
00405FD3 83FF 0D CMP EDI,0D //第19位和第20位之和是13
00405FD6 74 09 JE SHORT pdf2word.00405FE1 //跳轉到下一步
......
00405FE1 8A56 05 MOV DL,BYTE PTR DS:[ESI+5]
00405FE4 8A46 0D MOV AL,BYTE PTR DS:[ESI+D]
00405FE7 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
00405FEB 885424 18 MOV BYTE PTR SS:[ESP+18],DL
00405FEF 51 PUSH ECX
00405FF0 885C24 1D MOV BYTE PTR SS:[ESP+1D],BL
00405FF4 884424 10 MOV BYTE PTR SS:[ESP+10],AL
00405FF8 885C24 11 MOV BYTE PTR SS:[ESP+11],BL
00405FFC E8 46A61800 CALL pdf2word.00590647
00406001 8D5424 1C LEA EDX,DWORD PTR SS:[ESP+1C]
00406005 8BF8 MOV EDI,EAX
00406007 52 PUSH EDX
00406008 E8 3AA61800 CALL pdf2word.00590647
0040600D 03F8 ADD EDI,EAX
0040600F 83C4 08 ADD ESP,8
00406012 83FF 09 CMP EDI,9 //第6位和第14位之和是9
00406015 74 09 JE SHORT pdf2word.00406020 //跳轉到下一步
......
00406020 807E 0C 56 CMP BYTE PTR DS:[ESI+C],56 //第13位是‘V’
00406024 74 09 JE SHORT pdf2word.0040602F //跳轉到下一步
......
0040602F 807E 0E 33 CMP BYTE PTR DS:[ESI+E],33 //第15位是3
00406033 74 09 JE SHORT pdf2word.0040603E //跳轉到下一步
00406035 5F POP EDI
00406036 5E POP ESI
00406037 33C0 XOR EAX,EAX
00406039 5B POP EBX
0040603A 83C4 18 ADD ESP,18
0040603D C3 RETN
0040603E 8A4E 0F MOV CL,BYTE PTR DS:[ESI+F]
00406041 33C0 XOR EAX,EAX
00406043 80F9 31 CMP CL,31 //第16位是 ‘1’
00406046 5F POP EDI
00406047 5E POP ESI
00406048 5B POP EBX
00406049 0F94C0 SETE AL //標誌位置1
0040604C 83C4 18 ADD ESP,18
0040604F C3 RETN //檢查完成後返回!AL=1就注冊成功;否則無效。
綜上所述,正確的注冊碼需滿足以下條件:
長度需20 位
1st + 2nd = 11
19th + 20th = 13
6th + 14th = 9
13rd = ‘V’
15th = ‘3’
16th = ‘1’
其他位呢?隨你便!
2011.07.10
