教菜鸟写注册机——实战篇

教菜鸟写注册机——实战篇(1)

呵呵，再灌一篇，等再过两天开学就没得灌喽

前面我们折腾了半天都是在跟CRACKME过不去，可能有人觉得没意思了，这次咱们来个有实际意义的，呵呵，一个发布不久的软件——麻将拼图V1.04，这里来下：
UCt.ASP?id=/E5DCF286-05EE-4AA8-8ABE-9524013EFADA" target=_blank>http://skycn.softreg.com.cn/product...BE-9524013EFADA
用W32DASM反下，找串式参考“注册失败！”到下面：（分析见后）

代码:
* Referenced by a (U)nconditional or (C)onditional Jump at Address::00402E16(C):00402E3F 8B3D88974000            mov edi, dWord ptr [00409788]:00402E45 B940000000              mov ecx, 00000040:00402E4A 33C0                    xor eax, eax:00402E4C 8B6C2414                mov ebp, dword ptr [esp+14]:00402E50 F3                      repz:00402E51 AB                      stosd:00402E52 8B3D7C974000            mov edi, dword ptr [0040977C]:00402E58 B940000000              mov ecx, 00000040:00402E5D F3                      repz:00402E5E AB                      stosd:00402E5F 8B0D88974000            mov ecx, dword ptr [00409788]* Reference To: USER32.SendDlgItemMessageA, Ord:020Fh                                  :00402E65 8B1D38714000            mov ebx, dword ptr [00407138]  ;注意:00402E6B 51                      push ecx      ;用户名存放地址[409788]:00402E6C 6A10                    push 00000010:00402E6E 6A0D                    push 0000000D      ;WM_GETTEXT* Possible Reference to Dialog: DialogID_0070, CONTROL_ID:03E8, ""                                  :00402E70 68E8030000              push 000003E8      ;控件ID:00402E75 55                      push ebp:00402E76 FFD3                    call ebx      ;得到用户名:00402E78 8B157C974000            mov edx, dword ptr [0040977C]:00402E7E 52                      push edx      ;注册码地址[40977C]:00402E7F 6A10                    push 00000010    :00402E81 6A0D                    push 0000000D      ;WM_GETTEXT* Possible Reference to Dialog: DialogID_0070, CONTROL_ID:03E9, ""                                  :00402E83 68E9030000              push 000003E9      ;控件ID:00402E88 55                      push ebp:00402E89 FFD3                    call ebx      ;得到注册码:00402E8B A188974000              mov eax, dword ptr [00409788]:00402E90 803800                  cmp byte ptr [eax], 00:00402E93 0F8438010000            je 00402FD1:00402E99 8B0D7C974000            mov ecx, dword ptr [0040977C]:00402E9F 803900                  cmp byte ptr [ecx], 00:00402EA2 0F8429010000            je 00402FD1:00402EA8 50                      push eax      ;压入用户名:00402EA9 E822FEFFFF              call 00402CD0      ;关键CALL:00402EAE 8B3D7C974000            mov edi, dword ptr [0040977C]  ;假码:00402EB4 A188974000              mov eax, dword ptr [00409788]  ;真码:00402EB9 83C404                  add esp, 00000004:00402EBC 8BF7                    mov esi, edi* Referenced by a (U)nconditional or (C)onditional Jump at Address::00402EDC(C):00402EBE 8A10                    mov dl, byte ptr [eax]:00402EC0 8ACA                    mov cl, dl:00402EC2 3A16                    cmp dl, byte ptr [esi]:00402EC4 751C                    jne 00402EE2:00402EC6 84C9                    test cl, cl:00402EC8 7414                    je 00402EDE:00402ECA 8A5001                  mov dl, byte ptr [eax+01]:00402ECD 8ACA                    mov cl, dl:00402ECF 3A5601                  cmp dl, byte ptr [esi+01]:00402ED2 750E                    jne 00402EE2:00402ED4 83C002                  add eax, 00000002:00402ED7 83C602                  add esi, 00000002:00402EDA 84C9                    test cl, cl:00402EDC 75E0                    jne 00402EBE* Referenced by a (U)nconditional or (C)onditional Jump at Address::00402EC8(C):00402EDE 33C0                    xor eax, eax:00402EE0 EB05                    jmp 00402EE7* Referenced by a (U)nconditional or (C)onditional Jump at Addresses::00402EC4(C), :00402ED2(C):00402EE2 1BC0                    sbb eax, eax:00402EE4 83D8FF                  sbb eax, FFFFFFFF* Referenced by a (U)nconditional or (C)onditional Jump at Address::00402EE0(U):00402EE7 85C0                    test eax, eax:00402EE9 0F848D000000            je 00402F7C* Possible StringData Ref from Data Obj ->"52341546"    ;骗人的                                  :00402EEF BEA4904000              mov esi, 004090A4:00402EF4 8BC7                    mov eax, edi* Referenced by a (U)nconditional or (C)onditional Jump at Address::00402F14(C):00402EF6 8A10                    mov dl, byte ptr [eax]:00402EF8 8ACA                    mov cl, dl:00402EFA 3A16                    cmp dl, byte ptr [esi]:00402EFC 751C                    jne 00402F1A:00402EFE 84C9                    test cl, cl:00402F00 7414                    je 00402F16:00402F02 8A5001                  mov dl, byte ptr [eax+01]:00402F05 8ACA                    mov cl, dl:00402F07 3A5601                  cmp dl, byte ptr [esi+01]:00402F0A 750E                    jne 00402F1A:00402F0C 83C002                  add eax, 00000002:00402F0F 83C602                  add esi, 00000002:00402F12 84C9                    test cl, cl:00402F14 75E0                    jne 00402EF6* Referenced by a (U)nconditional or (C)onditional Jump at Address::00402F00(C):00402F16 33C0                    xor eax, eax:00402F18 EB05                    jmp 00402F1F* Referenced by a (U)nconditional or (C)onditional Jump at Addresses::00402EFC(C), :00402F0A(C):00402F1A 1BC0                    sbb eax, eax:00402F1C 83D8FF                  sbb eax, FFFFFFFF* Referenced by a (U)nconditional or (C)onditional Jump at Address::00402F18(U):00402F1F 85C0                    test eax, eax:00402F21 7459                    je 00402F7C:00402F23 A180974000              mov eax, dword ptr [00409780]:00402F28 6A00                    push 00000000:00402F2A 83F803                  cmp eax, 00000003* Possible StringData Ref from Data Obj ->"用户注册"                                  :00402F2D 6898904000              push 00409098:00402F32 7D23                    jge 00402F57* Possible StringData Ref from Data Obj ->"注册码错误！请重新输入！"                                  :00402F34 687C904000              push 0040907C:00402F39 55                      push ebp* Reference To: USER32.MessageBoxA, Ord:01BEh                                  :00402F3A FF1534714000            Call dword ptr [00407134]:00402F40 A180974000              mov eax, dword ptr [00409780]:00402F45 5F                      pop edi:00402F46 40                      inc eax:00402F47 5E                      pop esi:00402F48 A380974000              mov dword ptr [00409780], eax:00402F4D 5D                      pop ebp:00402F4E B801000000              mov eax, 00000001:00402F53 5B                      pop ebx:00402F54 C21000                  ret 0010