搜索引擎工廠專業(yè)版算法分析+算法注冊機(jī)
[重要通告]如您遇疑難雜癥,本站支持知識付費業(yè)務(wù),掃右邊二維碼加博主微信,可節(jié)省您寶貴時間哦!
【破解作者】 ----
【作者郵箱】 ---
【作者主頁】 ----
【使用工具】 ollydbg vc++6.0
【破解平臺】 Win9x/NT/2000/XP
【軟件名稱】 搜索引擎工廠專業(yè)版v1.68
【下載地址】 http://www.aleadsoft.com/
【軟件大小】 1.24m
【加殼方式】 無
【破解聲明】 我是一只小菜鳥,偶得一點心得,愿與大家分享:)
--------------------------------------------------------------------------------
【破解內(nèi)容】
今天無意中發(fā)現(xiàn)這個搜索的東西,感覺還不錯,使用需要RMB
就悄悄研究了下哈!
RegOpenKeyA斷下:
* Possible StringData Ref from Data Obj ->"RegInfo"
|
:0042DE9D 6804614A00 push 004A6104
:0042DEA2 52 push edx
:0042DEA3 8BCE mov ecx, esi
:0042DEA5 E8227C0400 call 00475ACC
:0042DEAA 50 push eax
:0042DEAB 8D4C2420 lea ecx, dword ptr [esp+20]
:0042DEAF C68424540200000B mov byte ptr [esp+00000254], 0B
:0042DEB7 E8F21A0300 call 0045F9AE
:0042DEBC 8D4C2410 lea ecx, dword ptr [esp+10]
:0042DEC0 889C2450020000 mov byte ptr [esp+00000250], bl
:0042DEC7 E8A9190300 call 0045F875
:0042DECC 51 push ecx
:0042DECD 8D442420 lea eax, dword ptr [esp+20]
:0042DED1 8BCC mov ecx, esp
:0042DED3 89642424 mov dword ptr [esp+24], esp
:0042DED7 50 push eax
:0042DED8 E80D170300 call 0045F5EA
:0042DEDD 51 push ecx
:0042DEDE 8D542420 lea edx, dword ptr [esp+20]
:0042DEE2 8BCC mov ecx, esp
:0042DEE4 8964241C mov dword ptr [esp+1C], esp
:0042DEE8 52 push edx
:0042DEE9 C684245C0200000C mov byte ptr [esp+0000025C], 0C
:0042DEF1 E8F4160300 call 0045F5EA
:0042DEF6 8BCE mov ecx, esi
:0042DEF8 889C2458020000 mov byte ptr [esp+00000258], bl
:0042DEFF E8AC440000 call 004323B0 //算法
:0042DF04 33ED xor ebp, ebp
:0042DF06 3BC5 cmp eax, ebp
:0042DF08 740C je 0042DF16
:0042DF0A C786E800000001000000 mov dword ptr [esi+000000E8], 00000001
:0042DF14 EB59 jmp 0042DF6F
:004323B0 6AFF push FFFFFFFF
:004323B2 68D03A4800 push 00483AD0
:004323B7 64A100000000 mov eax, dword ptr fs:[00000000]
:004323BD 50 push eax
:004323BE 64892500000000 mov dword ptr fs:[00000000], esp
:004323C5 81ECD4000000 sub esp, 000000D4
:004323CB 53 push ebx
:004323CC 56 push esi
:004323CD 8BF1 mov esi, ecx
:004323CF B801000000 mov eax, 00000001
:004323D4 6870DB4A00 push 004ADB70
:004323D9 898424E8000000 mov dword ptr [esp+000000E8], eax
:004323E0 8986EC000000 mov dword ptr [esi+000000EC], eax
:004323E6 8B8424F0000000 mov eax, dword ptr [esp+000000F0]
:004323ED 50 push eax
:004323EE E82B5B0100 call 00447F1E
:004323F3 83C408 add esp, 00000008
:004323F6 85C0 test eax, eax
:004323F8 0F8477010000 je 00432575
:004323FE 8B8C24F0000000 mov ecx, dword ptr [esp+000000F0]
:00432405 6870DB4A00 push 004ADB70
:0043240A 51 push ecx
:0043240B E80E5B0100 call 00447F1E
:00432410 83C408 add esp, 00000008
:00432413 85C0 test eax, eax
:00432415 0F845A010000 je 00432575
* Possible StringData Ref from Data Obj ->"ttdown" //黑名單
|
:0043241B 68F0964A00 push 004A96F0
:00432420 8D8C24F0000000 lea ecx, dword ptr [esp+000000F0]
:00432427 E8FB580200 call 00457D27
:0043242C 33DB xor ebx, ebx
:0043242E 83F8FF cmp eax, FFFFFFFF
:00432431 7542 jne 00432475
* Possible StringData Ref from Data Obj ->"crsky"
|
:00432433 68E8964A00 push 004A96E8
:00432438 8D8C24F0000000 lea ecx, dword ptr [esp+000000F0]
:0043243F E8E3580200 call 00457D27
:00432444 83F8FF cmp eax, FFFFFFFF
:00432447 752C jne 00432475
* Possible StringData Ref from Data Obj ->".com"
|
:00432449 68D8964A00 push 004A96D8
:0043244E 8D8C24F0000000 lea ecx, dword ptr [esp+000000F0]
:00432455 E8CD580200 call 00457D27
:0043245A 83F8FF cmp eax, FFFFFFFF
:0043245D 7516 jne 00432475
* Possible StringData Ref from Data Obj ->"jetdown"
|
:0043245F 68D0964A00 push 004A96D0
:00432464 8D8C24F0000000 lea ecx, dword ptr [esp+000000F0]
:0043246B E8B7580200 call 00457D27
:00432470 83F8FF cmp eax, FFFFFFFF
:00432473 7406 je 0043247B
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00432431(C), :00432447(C), :0043245D(C)
|
:00432475 899EEC000000 mov dword ptr [esi+000000EC], ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00432473(C)
|
:0043247B 55 push ebp
:0043247C 8BAC24F0000000 mov ebp, dword ptr [esp+000000F0]
:00432483 33C9 xor ecx, ecx
:00432485 C644240C73 mov [esp+0C], 73 //'s'
:0043248A 8B75F8 mov esi, dword ptr [ebp-08]
:0043248D C644240D65 mov [esp+0D], 65 //'e'
:00432492 3BF3 cmp esi, ebx
:00432494 C644240E61 mov [esp+0E], 61 //'a'
:00432499 C644240F72 mov [esp+0F], 72 //'r'
:0043249E C644241062 mov [esp+10], 62 //'b'
:004324A3 C644241175 mov [esp+11], 75 //'u'
:004324A8 C644241269 mov [esp+12], 69 //'i'
:004324AD C64424136C mov [esp+13], 6C //'l'
:004324B2 885C2414 mov byte ptr [esp+14], bl
:004324B6 7E3D jle 004324F5
:004324B8 57 push edi
:004324B9 8D7C341B lea edi, dword ptr [esp+esi+1B]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004324F0(C)
|
:004324BD 8A0429 mov al, byte ptr [ecx+ebp]
:004324C0 8BD1 mov edx, ecx
:004324C2 81E207000080 and edx, 80000007
:004324C8 7905 jns 004324CF
:004324CA 4A dec edx
:004324CB 83CAF8 or edx, FFFFFFF8
:004324CE 42 inc edx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004324C8(C)
|
:004324CF 0FBE541410 movsx edx, byte ptr [esp+edx+10]
:004324D4 0FBEC0 movsx eax, al
:004324D7 8BD9 mov ebx, ecx
:004324D9 03DA add ebx, edx
:004324DB 03C3 add eax, ebx
:004324DD BB09000000 mov ebx, 00000009
:004324E2 03C6 add eax, esi //注冊名字符+對應(yīng)字符+對應(yīng)位數(shù)+注冊名長度
:004324E4 99 cdq
:004324E5 F7FB idiv ebx //除ebx=9,得余數(shù)
:004324E7 80C230 add dl, 30
:004324EA 41 inc ecx
:004324EB 8817 mov byte ptr [edi], dl
:004324ED 4F dec edi
:004324EE 3BCE cmp ecx, esi
:004324F0 7CCB jl 004324BD //全部比完,連接成注冊碼前面的部分
:004324F2 33DB xor ebx, ebx
:004324F4 5F pop edi
:004324F5 8D4668 lea eax, dword ptr [esi+68] //注冊名長度+0x68
:004324F8 B909000000 mov ecx, 00000009 //除9
:004324FD 99 cdq
:004324FE F7F9 idiv ecx
:00432500 8B8424F4000000 mov eax, dword ptr [esp+000000F4] //注冊碼的最后一位
:00432507 5D pop ebp
:00432508 80C230 add dl, 30
:0043250B 88543414 mov byte ptr [esp+esi+14], dl
:0043250F 885C3415 mov byte ptr [esp+esi+15], bl
:00432513 8D742414 lea esi, dword ptr [esp+14]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00432535(C)
|
:00432517 8A10 mov dl, byte ptr [eax]
:00432519 8ACA mov cl, dl
:0043251B 3A16 cmp dl, byte ptr [esi]
:0043251D 751C jne 0043253B
:0043251F 3ACB cmp cl, bl
:00432521 7414 je 00432537
:00432523 8A5001 mov dl, byte ptr [eax+01]
:00432526 8ACA mov cl, dl
:00432528 3A5601 cmp dl, byte ptr [esi+01]
:0043252B 750E jne 0043253B
:0043252D 83C002 add eax, 00000002
:00432530 83C602 add esi, 00000002
:00432533 3ACB cmp cl, bl
:00432535 75E0 jne 00432517
--------------------------------------------------------------------------------
【破解總結(jié)】
1)注冊名不能超過50個字符。
2)“searbuil”是參考字符,參與算法運算。
3)注冊名取一位,參考字符里也取一位,注冊名長度超過8個字符時,循環(huán)取參考字符。
4)每次運算相當(dāng)于:(注冊名字符+參考對應(yīng)字符+對應(yīng)位數(shù)+注冊名長度)mod 9 的計算,
依次連接結(jié)果,保存為注冊碼的首部分。
5)(注冊名長度+0x68) mod 9 的結(jié)果是注冊碼的最后一位。
--------------------------------------------------------------------------------
【算法注冊機(jī)】
ps:vb 那張盤被借去了,只能c++的代碼將就了:(
ps:論壇上說的中文注冊名的問題也解決了,注冊名中可以使用漢字字符:)
#include"iostream.h"
#include"stdio.h"
#include"string.h"
void main()
{ char n[80];
int len(0),i,m(0),s(0),t(0);
puts("code for 搜索引擎工廠專業(yè)版v1.68");
puts("////////////////////////////////////////////////////////////////////////////");
puts(" Cracker : stasi[DCM][BCG][DFCG][FCG][OCN][CZG][D.4s]" );
puts(" Email : stasi@163.com");
puts(" Homepage: http://stasi.7169.com");
puts(" OS : Win2kADV sp4 & vc++ 6.0");
puts(" Date : 2004-1-1 ");
puts(" Note : If you have one or more question, email me please,thank you! ");
puts("////////////////////////////////////////////////////////////////////////////");
while(1)
{
puts("\nPlease enter your name:");
gets(n);
len=strlen(n);
if (len<=50) break;
else cout<<"sorry! The length of the regname can not be more than 50!";
}
puts("\nregcode is :");
for(i=0;i<(len);i++)
{
s=(int)n[len-i-1];
m=(len-i)%8;
switch(m)
{
case 0: m=108;break;
case 1: m=115;break;
case 2: m=101;break;
case 3: m=97;break;
case 4: m=114;break;
case 5: m=98;break;
case 6: m=117;break;
case 7: m=105;break;
default:puts("maybe have had a mistake:(");break;
}
t=(len-i-1)+s+len+m;
t%=9;
cout<<(t);
}
cout<<(len+104)%9;
cout<<"\nThank you for using & enjoy yourself in the new year!";
}
--------------------------------------------------------------------------------
【內(nèi)存注冊機(jī)】
中斷地址:42DEFF
中斷次數(shù):1
第一字節(jié):E8
指令長度:5
中斷地址:43251B
中斷次數(shù):1
第一字節(jié):3A
指令長度:2
--------------------------------------------------------------------------------
【用戶名、密碼】
regname:stasi
regcode:533711
--------------------------------------------------------------------------------
【版權(quán)聲明】 本文純屬技術(shù)交流, 轉(zhuǎn)載請注明作者并保持文章的完整, 謝謝!
問題未解決?付費解決問題加Q或微信 2589053300 (即Q號又微信號)右上方掃一掃可加博主微信
所寫所說,是心之所感,思之所悟,行之所得;文當(dāng)無敷衍,落筆求簡潔。 以所舍,求所獲;有所依,方所成!