peid查是delphi,无壳.dede分析一下.
OD或者IDA来分析一下..
0045004C /. 55 push ebp ; 按钮事件
0045004D |. 8BEC mov ebp,esp
0045004F |. 83C4 C8 add esp,-38
00450052 |. 33C9 xor ecx,ecx
00450054 |. 894D C8 mov [local.14],ecx
00450057 |. 894D CC mov [local.13],ecx
0045005A |. 894D F8 mov [local.2],ecx
0045005D |. 894D F4 mov [local.3],ecx
00450060 |. 894D F0 mov [local.4],ecx
00450063 |. 894D EC mov [local.5],ecx
00450066 |. 8955 D0 mov [local.12],edx
00450069 |. 8945 FC mov [local.1],eax
0045006C |. 33C0 xor eax,eax
0045006E |. 55 push ebp
0045006F |. 68 E3014500 push KeyGenMe.004501E3
00450074 |. 64:FF30 push dword ptr fs:[eax]
00450077 |. 64:8920 mov dword ptr fs:[eax],esp
0045007A |. 8D45 F0 lea eax,[local.4]
0045007D |. BA F8014500 mov edx,KeyGenMe.004501F8 ; ASCII "~!@#$%^&*()_+|\=-/?.,><;:`"
00450082 |. E8 213EFBFF call KeyGenMe.00403EA8
00450087 |. 8D45 EC lea eax,[local.5]
0045008A |. E8 813DFBFF call KeyGenMe.00403E10
0045008F |. 8D55 F8 lea edx,[local.2]
00450092 |. 8B45 FC mov eax,[local.1]
00450095 |. 8B80 00030000 mov eax,dword ptr ds:[eax+300]
0045009B |. E8 B8F2FDFF call KeyGenMe.0042F358
004500A0 |. 8B45 F8 mov eax,[local.2]
004500A3 |. E8 2840FBFF call KeyGenMe.004040D0
004500A8 |. 8945 E8 mov [local.6],eax
004500AB |. 837D E8 04 cmp [local.6],4
004500AF |. 0F8C 06010000 jl KeyGenMe.004501BB
004500B5 |. 8D55 F4 lea edx,[local.3]
004500B8 |. 8B45 FC mov eax,[local.1]
004500BB |. 8B80 08030000 mov eax,dword ptr ds:[eax+308]
004500C1 |. E8 92F2FDFF call KeyGenMe.0042F358
004500C6 |. 8B45 F4 mov eax,[local.3]
004500C9 |. E8 0240FBFF call KeyGenMe.004040D0
004500CE |. 8945 E4 mov [local.7],eax
004500D1 |. 837D E4 00 cmp [local.7],0
004500D5 |. 0F84 E0000000 je KeyGenMe.004501BB
004500DB |. 8B45 E8 mov eax,[local.6]
004500DE |. 25 01000080 and eax,80000001
004500E3 |. 79 05 jns short KeyGenMe.004500EA
004500E5 |. 48 dec eax
004500E6 |. 83C8 FE or eax,FFFFFFFE
004500E9 |. 40 inc eax
004500EA |> 85C0 test eax,eax
004500EC |. 74 0D je short KeyGenMe.004500FB
004500EE |. 8D45 F8 lea eax,[local.2]
004500F1 |. BA 1C024500 mov edx,KeyGenMe.0045021C
004500F6 |. E8 DD3FFBFF call KeyGenMe.004040D8
004500FB |> 8B45 F8 mov eax,[local.2]
004500FE |. E8 CD3FFBFF call KeyGenMe.004040D0
00450103 |. 8945 E8 mov [local.6],eax
00450106 |. 8B45 E8 mov eax,[local.6]
00450109 |. D1E8 shr eax,1
0045010B |. 8945 D8 mov [local.10],eax
0045010E |. 8B45 D8 mov eax,[local.10]
00450111 |. 85C0 test eax,eax
00450113 |. 0F8E 82000000 jle KeyGenMe.0045019B
00450119 |. 8945 D4 mov [local.11],eax
0045011C |. C745 E0 01000000 mov [local.8],1 ; 算法部分
00450123 |> 33C0 /xor eax,eax
00450125 |. 8945 DC |mov [local.9],eax
00450128 |. 8B45 F8 |mov eax,[local.2]
0045012B |. 8B55 E0 |mov edx,[local.8]
0045012E |. 0FB64410 FF |movzx eax,byte ptr ds:[eax+edx-1]
00450133 |. C1E0 02 |shl eax,2
00450136 |. B9 1A000000 |mov ecx,1A
0045013B |. 33D2 |xor edx,edx
0045013D |. F7F1 |div ecx
0045013F |. 8955 DC |mov [local.9],edx
00450142 |. 8D45 CC |lea eax,[local.13]
00450145 |. 8B55 F0 |mov edx,[local.4]
00450148 |. 8B4D DC |mov ecx,[local.9]
0045014B |. 8A140A |mov dl,byte ptr ds:[edx+ecx]
0045014E |. E8 A53EFBFF |call KeyGenMe.00403FF8
00450153 |. 8B55 CC |mov edx,[local.13]
00450156 |. 8D45 EC |lea eax,[local.5]
00450159 |. E8 7A3FFBFF |call KeyGenMe.004040D8
0045015E |. 8B45 F8 |mov eax,[local.2]
00450161 |. 8B55 E0 |mov edx,[local.8]
00450164 |. 0FB60410 |movzx eax,byte ptr ds:[eax+edx]
00450168 |. 8D0440 |lea eax,dword ptr ds:[eax+eax*2]
0045016B |. B9 1A000000 |mov ecx,1A
00450170 |. 33D2 |xor edx,edx
00450172 |. F7F1 |div ecx
00450174 |. 8955 DC |mov [local.9],edx
00450177 |. 8D45 C8 |lea eax,[local.14]
0045017A |. 8B55 F0 |mov edx,[local.4]
0045017D |. 8B4D DC |mov ecx,[local.9]
00450180 |. 8A140A |mov dl,byte ptr ds:[edx+ecx]
00450183 |. E8 703EFBFF |call KeyGenMe.00403FF8
00450188 |. 8B55 C8 |mov edx,[local.14]
0045018B |. 8D45 EC |lea eax,[local.5]
0045018E |. E8 453FFBFF |call KeyGenMe.004040D8
00450193 |. FF45 E0 |inc [local.8]
00450196 |. FF4D D4 |dec [local.11]
00450199 |.^ 75 88 \jnz short KeyGenMe.00450123
0045019B |> 8B45 EC mov eax,[local.5] ;正确注册码
0045019E 8B55 F4 mov edx,dword ptr ss:[ebp-C]
004501A1 E8 7640FBFF call KeyGenMe.0040421C
004501A6 75 13 jnz short KeyGenMe.004501BB
004501A8 6A 40 push 40
004501AA 68 20024500 push KeyGenMe.00450220 ; ASCII "Congratulations"
004501AF |. 68 30024500 push KeyGenMe.00450230 ; |Text = "Good job,man!"
004501B4 |. 6A 00 push 0 ; |hOwner = NULL
004501B6 |. E8 E562FBFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
DIY
0045019B |> \8B45 EC mov eax,[local.5]
0045019E 90 nop
0045019F 90 nop
004501A0 90 nop
004501A1 90 nop
004501A2 90 nop
004501A3 90 nop
004501A4 90 nop
004501A5 90 nop
004501A6 E9 47030000 jmp KeyGenMe.004504F2
004501BB |> \33C0 xor eax,eax
004501BD |. 5A pop edx
004501BE |. 59 pop ecx ; KeyGenMe.004501E3
004504F2 6A 40 push 40
004504F4 68 20024500 push KeyGenMe.00450220 ; ASCII "Congratulations"
004504F9 50 push eax
004504FA 6A 00 push 0
004504FC E8 9F5FFBFF call <jmp.&user32.MessageBoxA>
00450501 ^ E9 B5FCFFFF jmp KeyGenMe.004501BB
这么做显然是有问题的...:smoke不过暂且如此罢了...
算法分析部分就不写了.而这个又是明码比较的所以......
附件含注册机...
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
