这个软件的注册机制主要有两点:
1、获取指定盘的卷值,并进行相应的处理后保存到全局变量
//======Beging First=================
00414E2E > \BA B4A34000 mov edx,shuxue.0040A3B4 ; UNICODE "d:\"
00414E33 . 8D4D C4 lea ecx,dword ptr ss:[ebp-3C]
00414E36 . 8B35 7C114000 mov esi,dword ptr ds:[<&MSVBVM60.__vba>; MSVBVM60.__vbaStrCopy
00414E3C . FFD6 call esi ; <&MSVBVM60.__vbaStrCopy>
00414E3E . 8D4D C4 lea ecx,dword ptr ss:[ebp-3C]
00414E41 . 51 push ecx
00414E42 . E8 49180000 call shuxue.00416690 ; 获取D盘的卷值并取反+1
00414E47 . 8BC8 mov ecx,eax ; 此时EAX时就是返回的卷值
00414E49 . 8B3D 70104000 mov edi,dword ptr ds:[<&MSVBVM60.__vba>; MSVBVM60.__vbaI4Abs
00414E4F . FFD7 call edi ; <&MSVBVM60.__vbaI4Abs>
00414E51 . A3 30D04200 mov dword ptr ds:[42D030],eax
00414E56 . 8D4D C4 lea ecx,dword ptr ss:[ebp-3C]
00414E59 . 8B1D FC114000 mov ebx,dword ptr ds:[<&MSVBVM60.__vba>; MSVBVM60.__vbaFreeStr
00414E5F . FFD3 call ebx ; <&MSVBVM60.__vbaFreeStr>
00414E61 . A1 30D04200 mov eax,dword ptr ds:[42D030]
00414E66 . 85C0 test eax,eax ; 如果没有D般,则获取E盘的
00414E68 . 75 21 jnz short shuxue.00414E8B ; 有则跳过
00414E6A . BA C0A34000 mov edx,shuxue.0040A3C0 ; UNICODE "e:\"
………………
00414E8B > \A1 30D04200 mov eax,dword ptr ds:[42D030] ; 复制一份结果到EAX
00414E90 > A3 38D04200 mov dword ptr ds:[42D038],eax ; 复制到全局变量里
00414E95 . 3D 0065CD1D cmp eax,1DCD6500
00414E9A . 7E 0D jle short shuxue.00414EA9
00414E9C . 2D 00A3E111 sub eax,11E1A300 ; 这是一循环,对获取的值进行处理
00414EA1 . 0F80 F20F0000 jo shuxue.00415E99 ; 直到EAX<=0x1DCD6500
00414EA7 .^ EB E7 jmp short shuxue.00414E90 ; 处理的方法是,逐步减去0x11E1A300
00414EA9 > E8 72100000 call shuxue.00415F20 ; 如果相减的结果为0则出错
//==============End First===============
2、通过上面保存的全局变量来计算用户输入的注册码是否正确
//=============BEGIN===========
0042ACB5 . 8B0D 38D04200 mov ecx,dword ptr ds:[42D038] ; 复制一份到ECX
0042ACBB . 6BC9 02 imul ecx,ecx,2 ; ECX=ECX*2
0042ACBE . 0F80 28040000 jo shuxue.0042B0EC ; 为0则出错
0042ACC4 . 83C1 55 add ecx,55 ; 继续ECX=EXA+0x55
0042ACC7 . 0F80 1F040000 jo shuxue.0042B0EC ; 为0则出错
0042ACCD . A1 34D04200 mov eax,dword ptr ds:[42D034]
0042ACD2 . 3BC1 cmp eax,ecx ; 开始比较,
0042ACD4 . 74 0C je short shuxue.0042ACE2 ; 不等则失败
0042ACD6 . 3B05 44D04200 cmp eax,dword ptr ds:[42D044]
0042ACDC . 0F85 60020000 jnz shuxue.0042AF42
0042ACE2 > 66:837F 34 01 cmp word ptr ds:[edi+34],1
0042ACE7 . 68 20AF4000 push shuxue.0040AF20
0042ACEC . 6A 00 push 0
0042ACEE . 6A 18 push 18
0042ACF0 . 0F85 62010000 jnz shuxue.0042AE58
//=============END============
完整的一个算法源码如下:
#include
#include
#include
int main()
{
char VolumeName[MAX_PATH+1]={0};
DWORD dwVolumeSerial;
char FileSys[64]={0};
DWORD dwS;
if(GetVolumeInformation("D:\\",VolumeName,MAX_PATH+1,&dwVolumeSerial,NULL,NULL,FileSys,64))
{
//printf("VolumeName = %s\n;VolumeSerial = %0X\n",VolumeName,dwVolumeSerial);
}
else{
GetVolumeInformation("E:\\",VolumeName,MAX_PATH+1,&dwVolumeSerial,NULL,NULL,FileSys,64);
}
dwS=abs(dwVolumeSerial);
//printf("=====%X\n",dwS);
while(1){
if(dwS<=0x1DCD6500){
//printf("End=%X\n",dwS);
break;
}
dwS-=0x11E1A300;
if(dwS==0){
printf("Error!\n");
break;
}
}
//printf("你需要帖出的数字是:%X\n\n",dwS);
printf("The RegCode is %d\n",dwS*2+0x55);
printf("请按任意键退出…………\n");
getchar();
getchar();
return 0;
}
下载源文件:
GetVolume.rar
谢谢大牛,膜拜加学习!