• 墙纸自动换1.4算法分析


    1、脱壳
    -----------------------------------------------
         壳:    ASPack 1.06b / 1.061b -> Alexey Solodovnikov
    脱壳软件:超级巡警之虚拟机自动脱壳器
    编程软件:DELPHI

    2、使用DARKDEDE找出“注册”按键的事件。下断点,分析之。。。

    00488D8C /. 55 push ebp
    00488D8D |. 8BEC mov ebp, esp
    00488D8F |. 33C9 xor ecx, ecx
    00488D91 |. 51 push ecx
    00488D92 |. 51 push ecx
    00488D93 |. 51 push ecx
    00488D94 |. 51 push ecx
    00488D95 |. 51 push ecx
    00488D96 |. 51 push ecx
    00488D97 |. 51 push ecx
    00488D98 |. 53 push ebx
    00488D99 |. 56 push esi
    00488D9A |. 57 push edi
    00488D9B |. 8945 FC mov dword ptr [ebp-4], eax
    00488D9E |. 33C0 xor eax, eax
    00488DA0 |. 55 push ebp
    00488DA1 |. 68 2E8F4800 push 00488F2E
    00488DA6 |. 64:FF30 push dword ptr fs:[eax]
    00488DA9 |. 64:8920 mov dword ptr fs:[eax], esp
    00488DAC |. 8D45 F4 lea eax, dword ptr [ebp-C]
    00488DAF |. E8 A4ADF7FF call 00403B58
    00488DB4 |. 8D55 F0 lea edx, dword ptr [ebp-10]
    00488DB7 |. 8B45 FC mov eax, dword ptr [ebp-4]
    00488DBA |. 8B80 18030000 mov eax, dword ptr [eax+318] ; "4JB"
    00488DC0 |. E8 6B86FAFF call 00431430
    00488DC5 |. 837D F0 00 cmp dword ptr [ebp-10], 0 ; 判断输入的用户名是否为空
    00488DC9 |. 0F84 2C010000 je 00488EFB
    00488DCF |. 8D55 F8 lea edx, dword ptr [ebp-8]
    00488DD2 |. 8B45 FC mov eax, dword ptr [ebp-4]
    00488DD5 |. 8B80 18030000 mov eax, dword ptr [eax+318]
    00488DDB |. E8 5086FAFF call 00431430
    00488DE0 |. 8B45 F8 mov eax, dword ptr [ebp-8]
    00488DE3 |. E8 F0AFF7FF call 00403DD8 ; 计算用户名长度
    00488DE8 |. 8BF0 mov esi, eax
    00488DEA |. 85F6 test esi, esi
    00488DEC |. 7E 3C jle short 00488E2A
    00488DEE |. BF 01000000 mov edi, 1
    00488DF3 |> 8B45 F8 /mov eax, dword ptr [ebp-8]
    00488DF6 |. 33DB |xor ebx, ebx
    00488DF8 |. 8A5C38 FF |mov bl, byte ptr [eax+edi-1] ; 分别取用户名的每一位
    00488DFC |. 8BC3 |mov eax, ebx
    00488DFE |. F7EB |imul ebx ; 将Ascii进行立方操作
    00488E00 |. F7EB |imul ebx
    00488E02 |. 8945 EC |mov dword ptr [ebp-14], eax
    00488E05 |. DB45 EC |fild dword ptr [ebp-14] ; 将计算的结果放入ST(0)浮点数寄存器
    00488E08 |. D9FA |fsqrt ; 将st(0)浮点数寄存器中的数取平方根,再放入st(0)
    00488E0A |. E8 CD9BF7FF |call 004029DC
    00488E0F |. 8BD8 |mov ebx, eax ; 将计算结果放入ebx
    00488E11 |. 8D55 E8 |lea edx, dword ptr [ebp-18]
    00488E14 |. 8BC3 |mov eax, ebx
    00488E16 |. E8 BDF7F7FF |call 004085D8
    00488E1B |. 8B55 E8 |mov edx, dword ptr [ebp-18]
    00488E1E |. 8D45 F4 |lea eax, dword ptr [ebp-C]
    00488E21 |. E8 BAAFF7FF |call 00403DE0 ; 将计算出的值依次合并
    00488E26 |. 47 |inc edi
    00488E27 |. 4E |dec esi
    00488E28 |.^ 75 C9 \jnz short 00488DF3
    00488E2A |> 8B45 F4 mov eax, dword ptr [ebp-C]
    00488E2D |. E8 A6AFF7FF call 00403DD8 ; 通过之上的算法,获得一个字符串,计算字符串的长度
    00488E32 |. 83F8 0A cmp eax, 0A ; 将字符串长度和10比较
    00488E35 |. 7E 16 jle short 00488E4D
    00488E37 |. 8D45 F4 lea eax, dword ptr [ebp-C]
    00488E3A |. 50 push eax
    00488E3B |. B9 0A000000 mov ecx, 0A
    00488E40 |. BA 01000000 mov edx, 1 ; mov之前,edx的值为去掉前10位之后的值
    00488E45 |. 8B45 F4 mov eax, dword ptr [ebp-C]
    00488E48 |. E8 93B1F7FF call 00403FE0
    00488E4D |> 8D55 E4 lea edx, dword ptr [ebp-1C]
    00488E50 |. 8B45 FC mov eax, dword ptr [ebp-4]
    00488E53 |. 8B80 1C030000 mov eax, dword ptr [eax+31C]
    00488E59 |. E8 D285FAFF call 00431430
    00488E5E |. 8B55 E4 mov edx, dword ptr [ebp-1C]
    00488E61 |. 8B45 F4 mov eax, dword ptr [ebp-C]
    00488E64 |. E8 7FB0F7FF call 00403EE8
    00488E69 |. 0F85 8C000000 jnz 00488EFB
    00488E6F |. 8B45 FC mov eax, dword ptr [ebp-4]
    00488E72 |. 8B80 90030000 mov eax, dword ptr [eax+390]
    00488E78 |. BA 448F4800 mov edx, 00488F44 ; 您已经注册,感谢使用无超软件工作室的产品!
    00488E7D |. E8 DE85FAFF call 00431460
    00488E82 |. 8B45 FC mov eax, dword ptr [ebp-4]
    00488E85 |. 8B80 94030000 mov eax, dword ptr [eax+394]
    00488E8B |. 33D2 xor edx, edx
    00488E8D |. E8 B684FAFF call 00431348
    00488E92 |. B2 01 mov dl, 1
    00488E94 |. A1 80DE4700 mov eax, dword ptr [47DE80]
    00488E99 |. E8 E250FFFF call 0047DF80
    00488E9E |. 8BD8 mov ebx, eax
    00488EA0 |. BA 02000080 mov edx, 80000002
    00488EA5 |. 8BC3 mov eax, ebx
    00488EA7 |. E8 7451FFFF call 0047E020
    00488EAC |. BA 788F4800 mov edx, 00488F78 ; software\microsoft\windows\currentversion\qiangzhi
    00488EB1 |. 8BC3 mov eax, ebx
    00488EB3 |. E8 1C57FFFF call 0047E5D4
    00488EB8 |. 84C0 test al, al
    00488EBA |. 75 0C jnz short 00488EC8
    00488EBC |. BA 788F4800 mov edx, 00488F78 ; software\microsoft\windows\currentversion\qiangzhi
    00488EC1 |. 8BC3 mov eax, ebx
    00488EC3 |. E8 BC51FFFF call 0047E084
    00488EC8 |> 33C9 xor ecx, ecx
    00488ECA |. BA 788F4800 mov edx, 00488F78 ; software\microsoft\windows\currentversion\qiangzhi
    00488ECF |. 8BC3 mov eax, ebx
    00488ED1 |. E8 8A52FFFF call 0047E160
    00488ED6 |. BA B48F4800 mov edx, 00488FB4 ; zhuche
    00488EDB |. 8BC3 mov eax, ebx
    00488EDD |. E8 4A56FFFF call 0047E52C
    00488EE2 |. 84C0 test al, al
    00488EE4 |. 75 0E jnz short 00488EF4
    00488EE6 |. B1 01 mov cl, 1
    00488EE8 |. BA B48F4800 mov edx, 00488FB4 ; zhuche
    00488EED |. 8BC3 mov eax, ebx
    00488EEF |. E8 E054FFFF call 0047E3D4
    00488EF4 |> 8BC3 mov eax, ebx
    00488EF6 |. E8 959FF7FF call 00402E90
    00488EFB |> 33C0 xor eax, eax
    00488EFD |. 5A pop edx
    00488EFE |. 59 pop ecx
    00488EFF |. 59 pop ecx
    00488F00 |. 64:8910 mov dword ptr fs:[eax], edx
    00488F03 |. 68 358F4800 push 00488F35
    00488F08 |> 8D45 E4 lea eax, dword ptr [ebp-1C]
    00488F0B |. E8 48ACF7FF call 00403B58
    00488F10 |. 8D45 E8 lea eax, dword ptr [ebp-18]
    00488F13 |. E8 40ACF7FF call 00403B58
    00488F18 |. 8D45 F0 lea eax, dword ptr [ebp-10]
    00488F1B |. E8 38ACF7FF call 00403B58
    00488F20 |. 8D45 F4 lea eax, dword ptr [ebp-C]
    00488F23 |. BA 02000000 mov edx, 2
    00488F28 |. E8 4FACF7FF call 00403B7C
    00488F2D \. C3 retn

    3、算法分析:

    3.1、取用户名的每个字符,先立方再开方。得出的数值依次组成字符串。

    3.2、如果字符串的长度超过10,只取10位。

    4、注册机:

    #include <iostream>
    #include
    <string>
    #include
    <math.h>
    #include
    <sstream>

    using namespace std;

    string calcKey(const char * username)
    {
    int length = strlen(username);
    string key = "";

    cout
    << length;

    for (int i=0;i<length;i++)
    {

    int valueA;
    valueA
    = (int)((unsigned char)(username[i]));
    int valueB = (int)(sqrt(pow(valueA,3.0)) + 0.5); //先立方,在取平方根
    stringstream ss; //将整形转换为字符串
    ss << valueB;
    key.append(ss.str());

    }

    if (key.length() > 10)
    key.resize(
    10); //截短字符串。

    return key;
    }

    int main(void)
    {
    string username;

    cout
    << "请输入用户名:";
    cin
    >> username;

    cout
    << endl << "注册码是" << calcKey(username.c_str());

    cin.
    get();
    cin.
    get();

    return 0;

    }
    没事,别怕,这是签名→→┃ 青山幽谷笛声扬,白鹤振羽任翱翔。往事前尘随风逝,携手云峰隐仙乡。 ┃
  • 相关阅读:
    方维,将采集到的淘宝天猫商品详情里面的链接转换成淘宝客链接
    方维系统,根据关键词、品牌 采集淘宝天猫的商品
    方维系统,评论按钮在没输入内容是虚的不能点击,输入内容选择分类后就可以点击了
    方维模板修改,评论框默认高度是70px,鼠标点击框内后高度增大变为100px
    方维模板修改,发布分享、主题有商品时,标签需自动写到input里,不要再手动去点击添加,手动点击可取消
    只采集淘宝上面包邮的商品,用方维
    Android Application 创建全局变量
    非常优秀的iphone学习文章总结!
    android NDK jni下的c文件 Unresolved inclusion
    Android Service学习笔记
  • 原文地址:https://www.cnblogs.com/dabiao/p/1953920.html
Copyright © 2020-2023  润新知