分析:
00401650 /. 55 push ebp
00401651 |. 8BEC mov ebp,esp
00401653 |. 83E4 F8 and esp,0xFFFFFFF8
00401656 |. 81EC 9C000000 sub esp,0x9C
0040165C |. A1 20504000 mov eax,dword ptr ds:[0x405020]
00401661 |. 53 push ebx
00401662 |. 56 push esi
00401663 |. 57 push edi
00401664 |. 8BF1 mov esi,ecx
00401666 |. 898424 A40000>mov dword ptr ss:[esp+0xA4],eax
0040166D |. 33C0 xor eax,eax
0040166F |. C64424 20 FF mov byte ptr ss:[esp+0x20],0xFF
00401674 |. B9 1F000000 mov ecx,0x1F
00401679 |. 8D7C24 21 lea edi,dword ptr ss:[esp+0x21]
0040167D |. F3:AB rep stos dword ptr es:[edi]
0040167F |. 66:AB stos word ptr es:[edi]
00401681 |. 6A 01 push 0x1
00401683 |. 8BCE mov ecx,esi
00401685 |. 897424 20 mov dword ptr ss:[esp+0x20],esi
00401689 |. AA stos byte ptr es:[edi]
0040168A |. E8 27040000 call <jmp.&MFC71.#6236> ; 输入 账号 密码
0040168F |. 8D4E 74 lea ecx,dword ptr ds:[esi+0x74]
00401692 |. FF15 9C314000 call dword ptr ds:[<&MFC71.#876>] ; MFC71.#3397
00401698 |. 8D5424 20 lea edx,dword ptr ss:[esp+0x20]
0040169C |. 8D6424 00 lea esp,dword ptr ss:[esp]
004016A0 |> 8A08 /mov cl,byte ptr ds:[eax]
004016A2 |. 40 |inc eax
004016A3 |. 880A |mov byte ptr ds:[edx],cl
004016A5 |. 42 |inc edx
004016A6 |. 84C9 |test cl,cl
004016A8 |.^ 75 F6 jnz XCRECKME_.004016A0 ;存入缓冲区
004016AA |. 33C0 xor eax,eax
004016AC |. B1 30 mov cl,0x30
004016AE |. 8BFF mov edi,edi
004016B0 |> 384C04 20 /cmp byte ptr ss:[esp+eax+0x20],cl
004016B4 0F84 97000000 |je CRECKME_.00401751
004016BA |. 40 |inc eax
004016BB |. 83F8 07 |cmp eax,0x7
004016BE |.^ 7C F0 jl XCRECKME_.004016B0 ;看是否为6位
004016C0 |. 8A4424 26 mov al,byte ptr ss:[esp+0x26]
004016C4 |. 84C0 test al,al
004016C6 0F85 85000000 jnz CRECKME_.00401751
004016CC |. 8A4424 25 mov al,byte ptr ss:[esp+0x25]
004016D0 |. 84C0 test al,al
004016D2 74 7D je XCRECKME_.00401751
004016D4 |. 8B4E 7C mov ecx,dword ptr ds:[esi+0x7C]
004016D7 |. 85C9 test ecx,ecx
004016D9 |. 8B56 78 mov edx,dword ptr ds:[esi+0x78]
004016DC 7C 73 jl XCRECKME_.00401751
004016DE 7F 08 jg XCRECKME_.004016E8
004016E0 |. 81FA A0860100 cmp edx,0x186A0 ; jiama
004016E6 72 69 jb XCRECKME_.00401751
004016E8 |> 0FBE4424 22 movsx eax,byte ptr ss:[esp+0x22] ; c
004016ED |. 0FBE7C24 21 movsx edi,byte ptr ss:[esp+0x21] ; b
004016F2 |. 0FBE7424 24 movsx esi,byte ptr ss:[esp+0x24] ; e
004016F7 |. 0FAFF8 imul edi,eax ; b * c
004016FA |. 0FBE4424 20 movsx eax,byte ptr ss:[esp+0x20] ; a
004016FF |. 0FAFF8 imul edi,eax ; b*c*a
00401702 |. 0FBE4424 23 movsx eax,byte ptr ss:[esp+0x23] ; d
00401707 |. 0FAFC6 imul eax,esi ; d*e
0040170A |. 6A 00 push 0x0
0040170C |. 68 A0860100 push 0x186A0
00401711 |. 51 push ecx ; 0
00401712 |. 52 push edx ; jiama16进制
00401713 |. D1E7 shl edi,1 ; b*c*a <<1 这里的*2 是说 初始化为2
00401715 |. 8D3440 lea esi,dword ptr ds:[eax+eax*2] ; esi= 3*d*e 这里也是初始化位3
00401718 |. E8 A3040000 call CRECKME_.00401BC0 ; 重要的算法
{
00401BC0 /$ 57 push edi
00401BC1 |. 56 push esi
00401BC2 |. 55 push ebp
00401BC3 |. 33FF xor edi,edi
00401BC5 |. 33ED xor ebp,ebp
00401BC7 |. 8B4424 14 mov eax,dword ptr ss:[esp+0x14]
00401BCB |. 0BC0 or eax,eax
00401BCD |. 7D 15 jge XCRECKME_.00401BE4
00401BCF |. 47 inc edi
00401BD0 |. 45 inc ebp
00401BD1 |. 8B5424 10 mov edx,dword ptr ss:[esp+0x10]
00401BD5 |. F7D8 neg eax
00401BD7 |. F7DA neg edx
00401BD9 |. 83D8 00 sbb eax,0x0
00401BDC |. 894424 14 mov dword ptr ss:[esp+0x14],eax
00401BE0 |. 895424 10 mov dword ptr ss:[esp+0x10],edx
00401BE4 |> 8B4424 1C mov eax,dword ptr ss:[esp+0x1C]
00401BE8 |. 0BC0 or eax,eax
00401BEA |. 7D 14 jge XCRECKME_.00401C00
00401BEC |. 47 inc edi
00401BED |. 8B5424 18 mov edx,dword ptr ss:[esp+0x18]
00401BF1 |. F7D8 neg eax
00401BF3 |. F7DA neg edx
00401BF5 |. 83D8 00 sbb eax,0x0
00401BF8 |. 894424 1C mov dword ptr ss:[esp+0x1C],eax
00401BFC |. 895424 18 mov dword ptr ss:[esp+0x18],edx
00401C00 |> 0BC0 or eax,eax
00401C02 |. 75 28 jnz XCRECKME_.00401C2C
00401C04 |. 8B4C24 18 mov ecx,dword ptr ss:[esp+0x18] ; 100000
00401C08 |. 8B4424 14 mov eax,dword ptr ss:[esp+0x14] ; 0
00401C0C |. 33D2 xor edx,edx
00401C0E |. F7F1 div ecx
00401C10 |. 8BD8 mov ebx,eax
00401C12 |. 8B4424 10 mov eax,dword ptr ss:[esp+0x10] ; 123456
00401C16 |. F7F1 div ecx
00401C18 |. 8BF0 mov esi,eax ; esi = 除数
00401C1A |. 8BC3 mov eax,ebx
00401C1C |. F76424 18 mul dword ptr ss:[esp+0x18]
00401C20 |. 8BC8 mov ecx,eax
00401C22 |. 8BC6 mov eax,esi ; eax = 除数 * 100000
00401C24 |. F76424 18 mul dword ptr ss:[esp+0x18]
00401C28 |. 03D1 add edx,ecx
00401C2A |. EB 47 jmp XCRECKME_.00401C73
00401C2C |> 8BD8 mov ebx,eax
00401C2E |. 8B4C24 18 mov ecx,dword ptr ss:[esp+0x18]
00401C32 |. 8B5424 14 mov edx,dword ptr ss:[esp+0x14]
00401C36 |. 8B4424 10 mov eax,dword ptr ss:[esp+0x10]
00401C3A |> D1EB /shr ebx,1
00401C3C |. D1D9 |rcr ecx,1
00401C3E |. D1EA |shr edx,1
00401C40 |. D1D8 |rcr eax,1
00401C42 |. 0BDB |or ebx,ebx
00401C44 |.^ 75 F4 jnz XCRECKME_.00401C3A
00401C46 |. F7F1 div ecx
00401C48 |. 8BF0 mov esi,eax
00401C4A |. F76424 1C mul dword ptr ss:[esp+0x1C]
00401C4E |. 8BC8 mov ecx,eax
00401C50 |. 8B4424 18 mov eax,dword ptr ss:[esp+0x18]
00401C54 |. F7E6 mul esi
00401C56 |. 03D1 add edx,ecx
00401C58 |. 72 0E jb XCRECKME_.00401C68
00401C5A |. 3B5424 14 cmp edx,dword ptr ss:[esp+0x14]
00401C5E |. 77 08 ja XCRECKME_.00401C68
00401C60 |. 72 0F jb XCRECKME_.00401C71
00401C62 |. 3B4424 10 cmp eax,dword ptr ss:[esp+0x10]
00401C66 |. 76 09 jbe XCRECKME_.00401C71
00401C68 |> 4E dec esi
00401C69 |. 2B4424 18 sub eax,dword ptr ss:[esp+0x18]
00401C6D |. 1B5424 1C sbb edx,dword ptr ss:[esp+0x1C]
00401C71 |> 33DB xor ebx,ebx
00401C73 |> 2B4424 10 sub eax,dword ptr ss:[esp+0x10] ; 100000-123456
00401C77 |. 1B5424 14 sbb edx,dword ptr ss:[esp+0x14]
00401C7B |. 4D dec ebp
00401C7C |. 79 07 jns XCRECKME_.00401C85
00401C7E |. F7DA neg edx
00401C80 |. F7D8 neg eax ; 取反 就得到 余数23456
00401C82 |. 83DA 00 sbb edx,0x0 ; 带借位减法 肯定有借位
00401C85 |> 8BCA mov ecx,edx
00401C87 |. 8BD3 mov edx,ebx
00401C89 |. 8BD9 mov ebx,ecx
00401C8B |. 8BC8 mov ecx,eax
00401C8D |. 8BC6 mov eax,esi
00401C8F |. 4F dec edi
00401C90 |. 75 07 jnz XCRECKME_.00401C99
00401C92 |. F7DA neg edx
00401C94 |. F7D8 neg eax
00401C96 |. 83DA 00 sbb edx,0x0
00401C99 |> 5D pop ebp
00401C9A |. 5E pop esi
00401C9B |. 5F pop edi
00401C9C . C2 1000 retn 0x10
}
0040171D |. 894C24 10 mov dword ptr ss:[esp+0x10],ecx ; 23456
00401721 |. 8BC8 mov ecx,eax
00401723 |. 895C24 14 mov dword ptr ss:[esp+0x14],ebx
00401727 |. 8BC7 mov eax,edi
00401729 |. 8BDA mov ebx,edx
0040172B |. 99 cdq
0040172C |. 3BC1 cmp eax,ecx ; E5C26 * 2 =1CB84C
0040172E 75 21 jnz XCRECKME_.00401751
00401730 |. 3BD3 cmp edx,ebx
00401732 75 1D jnz XCRECKME_.00401751
00401734 |. 8B4C24 10 mov ecx,dword ptr ss:[esp+0x10]
00401738 |. 8BC6 mov eax,esi
0040173A |. 99 cdq
0040173B |. 3BC1 cmp eax,ecx
0040173D 75 12 jnz XCRECKME_.00401751 ; 23456
0040173F |. 3B5424 14 cmp edx,dword ptr ss:[esp+0x14]
00401743 75 0C jnz XCRECKME_.00401751
00401745 |. 8B4C24 1C mov ecx,dword ptr ss:[esp+0x1C]
00401749 |. 8B11 mov edx,dword ptr ds:[ecx]
0040174B |. FF92 54010000 call dword ptr ds:[edx+0x154]
00401751 |> 8B8C24 A40000>mov ecx,dword ptr ss:[esp+0xA4]
00401758 |. E8 4C040000 call CRECKME_.00401BA9
0040175D |. 5F pop edi
0040175E |. 5E pop esi
0040175F |. 5B pop ebx
00401760 |. 8BE5 mov esp,ebp
00401762 |. 5D pop ebp
00401763 . C3 retn
char cTmep[128] = {0xFF};
int iCount1 =2,iCount2 =3;
UpdateData(true);
int i =0;
_tcscpy(cTmep, m_Name);
for(int i=0;i<7;i++)
{
if(cTmep[i] == _T('0'))
return;
}
if(cTmep[6] != 0x00 || cTmep[5] == 0x00) //用于判断长度,故意不用你API的GETLENGTH
return;
if(m_Serial< 100000)
return;
for(i=0;i< 3;i++)
iCount1 *= cTmep[i];
for(i= 3;i< 5;i++)
iCount2 *= cTmep[i];
if(iCount1 == m_Serial/100000 && iCount2 == (m_Serial % 100000))//密码可以做成想要的样子
{
OnOK();
}
else
return;