分析:
00401650 /. 55 push ebp 00401651 |. 8BEC mov ebp,esp 00401653 |. 83E4 F8 and esp,0xFFFFFFF8 00401656 |. 81EC 9C000000 sub esp,0x9C 0040165C |. A1 20504000 mov eax,dword ptr ds:[0x405020] 00401661 |. 53 push ebx 00401662 |. 56 push esi 00401663 |. 57 push edi 00401664 |. 8BF1 mov esi,ecx 00401666 |. 898424 A40000>mov dword ptr ss:[esp+0xA4],eax 0040166D |. 33C0 xor eax,eax 0040166F |. C64424 20 FF mov byte ptr ss:[esp+0x20],0xFF 00401674 |. B9 1F000000 mov ecx,0x1F 00401679 |. 8D7C24 21 lea edi,dword ptr ss:[esp+0x21] 0040167D |. F3:AB rep stos dword ptr es:[edi] 0040167F |. 66:AB stos word ptr es:[edi] 00401681 |. 6A 01 push 0x1 00401683 |. 8BCE mov ecx,esi 00401685 |. 897424 20 mov dword ptr ss:[esp+0x20],esi 00401689 |. AA stos byte ptr es:[edi] 0040168A |. E8 27040000 call <jmp.&MFC71.#6236> ; 输入 账号 密码 0040168F |. 8D4E 74 lea ecx,dword ptr ds:[esi+0x74] 00401692 |. FF15 9C314000 call dword ptr ds:[<&MFC71.#876>] ; MFC71.#3397 00401698 |. 8D5424 20 lea edx,dword ptr ss:[esp+0x20] 0040169C |. 8D6424 00 lea esp,dword ptr ss:[esp] 004016A0 |> 8A08 /mov cl,byte ptr ds:[eax] 004016A2 |. 40 |inc eax 004016A3 |. 880A |mov byte ptr ds:[edx],cl 004016A5 |. 42 |inc edx 004016A6 |. 84C9 |test cl,cl 004016A8 |.^ 75 F6 jnz XCRECKME_.004016A0 ;存入缓冲区 004016AA |. 33C0 xor eax,eax 004016AC |. B1 30 mov cl,0x30 004016AE |. 8BFF mov edi,edi 004016B0 |> 384C04 20 /cmp byte ptr ss:[esp+eax+0x20],cl 004016B4 0F84 97000000 |je CRECKME_.00401751 004016BA |. 40 |inc eax 004016BB |. 83F8 07 |cmp eax,0x7 004016BE |.^ 7C F0 jl XCRECKME_.004016B0 ;看是否为6位 004016C0 |. 8A4424 26 mov al,byte ptr ss:[esp+0x26] 004016C4 |. 84C0 test al,al 004016C6 0F85 85000000 jnz CRECKME_.00401751 004016CC |. 8A4424 25 mov al,byte ptr ss:[esp+0x25] 004016D0 |. 84C0 test al,al 004016D2 74 7D je XCRECKME_.00401751 004016D4 |. 8B4E 7C mov ecx,dword ptr ds:[esi+0x7C] 004016D7 |. 85C9 test ecx,ecx 004016D9 |. 8B56 78 mov edx,dword ptr ds:[esi+0x78] 004016DC 7C 73 jl XCRECKME_.00401751 004016DE 7F 08 jg XCRECKME_.004016E8 004016E0 |. 81FA A0860100 cmp edx,0x186A0 ; jiama 004016E6 72 69 jb XCRECKME_.00401751 004016E8 |> 0FBE4424 22 movsx eax,byte ptr ss:[esp+0x22] ; c 004016ED |. 0FBE7C24 21 movsx edi,byte ptr ss:[esp+0x21] ; b 004016F2 |. 0FBE7424 24 movsx esi,byte ptr ss:[esp+0x24] ; e 004016F7 |. 0FAFF8 imul edi,eax ; b * c 004016FA |. 0FBE4424 20 movsx eax,byte ptr ss:[esp+0x20] ; a 004016FF |. 0FAFF8 imul edi,eax ; b*c*a 00401702 |. 0FBE4424 23 movsx eax,byte ptr ss:[esp+0x23] ; d 00401707 |. 0FAFC6 imul eax,esi ; d*e 0040170A |. 6A 00 push 0x0 0040170C |. 68 A0860100 push 0x186A0 00401711 |. 51 push ecx ; 0 00401712 |. 52 push edx ; jiama16进制 00401713 |. D1E7 shl edi,1 ; b*c*a <<1 这里的*2 是说 初始化为2 00401715 |. 8D3440 lea esi,dword ptr ds:[eax+eax*2] ; esi= 3*d*e 这里也是初始化位3 00401718 |. E8 A3040000 call CRECKME_.00401BC0 ; 重要的算法 { 00401BC0 /$ 57 push edi 00401BC1 |. 56 push esi 00401BC2 |. 55 push ebp 00401BC3 |. 33FF xor edi,edi 00401BC5 |. 33ED xor ebp,ebp 00401BC7 |. 8B4424 14 mov eax,dword ptr ss:[esp+0x14] 00401BCB |. 0BC0 or eax,eax 00401BCD |. 7D 15 jge XCRECKME_.00401BE4 00401BCF |. 47 inc edi 00401BD0 |. 45 inc ebp 00401BD1 |. 8B5424 10 mov edx,dword ptr ss:[esp+0x10] 00401BD5 |. F7D8 neg eax 00401BD7 |. F7DA neg edx 00401BD9 |. 83D8 00 sbb eax,0x0 00401BDC |. 894424 14 mov dword ptr ss:[esp+0x14],eax 00401BE0 |. 895424 10 mov dword ptr ss:[esp+0x10],edx 00401BE4 |> 8B4424 1C mov eax,dword ptr ss:[esp+0x1C] 00401BE8 |. 0BC0 or eax,eax 00401BEA |. 7D 14 jge XCRECKME_.00401C00 00401BEC |. 47 inc edi 00401BED |. 8B5424 18 mov edx,dword ptr ss:[esp+0x18] 00401BF1 |. F7D8 neg eax 00401BF3 |. F7DA neg edx 00401BF5 |. 83D8 00 sbb eax,0x0 00401BF8 |. 894424 1C mov dword ptr ss:[esp+0x1C],eax 00401BFC |. 895424 18 mov dword ptr ss:[esp+0x18],edx 00401C00 |> 0BC0 or eax,eax 00401C02 |. 75 28 jnz XCRECKME_.00401C2C 00401C04 |. 8B4C24 18 mov ecx,dword ptr ss:[esp+0x18] ; 100000 00401C08 |. 8B4424 14 mov eax,dword ptr ss:[esp+0x14] ; 0 00401C0C |. 33D2 xor edx,edx 00401C0E |. F7F1 div ecx 00401C10 |. 8BD8 mov ebx,eax 00401C12 |. 8B4424 10 mov eax,dword ptr ss:[esp+0x10] ; 123456 00401C16 |. F7F1 div ecx 00401C18 |. 8BF0 mov esi,eax ; esi = 除数 00401C1A |. 8BC3 mov eax,ebx 00401C1C |. F76424 18 mul dword ptr ss:[esp+0x18] 00401C20 |. 8BC8 mov ecx,eax 00401C22 |. 8BC6 mov eax,esi ; eax = 除数 * 100000 00401C24 |. F76424 18 mul dword ptr ss:[esp+0x18] 00401C28 |. 03D1 add edx,ecx 00401C2A |. EB 47 jmp XCRECKME_.00401C73 00401C2C |> 8BD8 mov ebx,eax 00401C2E |. 8B4C24 18 mov ecx,dword ptr ss:[esp+0x18] 00401C32 |. 8B5424 14 mov edx,dword ptr ss:[esp+0x14] 00401C36 |. 8B4424 10 mov eax,dword ptr ss:[esp+0x10] 00401C3A |> D1EB /shr ebx,1 00401C3C |. D1D9 |rcr ecx,1 00401C3E |. D1EA |shr edx,1 00401C40 |. D1D8 |rcr eax,1 00401C42 |. 0BDB |or ebx,ebx 00401C44 |.^ 75 F4 jnz XCRECKME_.00401C3A 00401C46 |. F7F1 div ecx 00401C48 |. 8BF0 mov esi,eax 00401C4A |. F76424 1C mul dword ptr ss:[esp+0x1C] 00401C4E |. 8BC8 mov ecx,eax 00401C50 |. 8B4424 18 mov eax,dword ptr ss:[esp+0x18] 00401C54 |. F7E6 mul esi 00401C56 |. 03D1 add edx,ecx 00401C58 |. 72 0E jb XCRECKME_.00401C68 00401C5A |. 3B5424 14 cmp edx,dword ptr ss:[esp+0x14] 00401C5E |. 77 08 ja XCRECKME_.00401C68 00401C60 |. 72 0F jb XCRECKME_.00401C71 00401C62 |. 3B4424 10 cmp eax,dword ptr ss:[esp+0x10] 00401C66 |. 76 09 jbe XCRECKME_.00401C71 00401C68 |> 4E dec esi 00401C69 |. 2B4424 18 sub eax,dword ptr ss:[esp+0x18] 00401C6D |. 1B5424 1C sbb edx,dword ptr ss:[esp+0x1C] 00401C71 |> 33DB xor ebx,ebx 00401C73 |> 2B4424 10 sub eax,dword ptr ss:[esp+0x10] ; 100000-123456 00401C77 |. 1B5424 14 sbb edx,dword ptr ss:[esp+0x14] 00401C7B |. 4D dec ebp 00401C7C |. 79 07 jns XCRECKME_.00401C85 00401C7E |. F7DA neg edx 00401C80 |. F7D8 neg eax ; 取反 就得到 余数23456 00401C82 |. 83DA 00 sbb edx,0x0 ; 带借位减法 肯定有借位 00401C85 |> 8BCA mov ecx,edx 00401C87 |. 8BD3 mov edx,ebx 00401C89 |. 8BD9 mov ebx,ecx 00401C8B |. 8BC8 mov ecx,eax 00401C8D |. 8BC6 mov eax,esi 00401C8F |. 4F dec edi 00401C90 |. 75 07 jnz XCRECKME_.00401C99 00401C92 |. F7DA neg edx 00401C94 |. F7D8 neg eax 00401C96 |. 83DA 00 sbb edx,0x0 00401C99 |> 5D pop ebp 00401C9A |. 5E pop esi 00401C9B |. 5F pop edi 00401C9C . C2 1000 retn 0x10 } 0040171D |. 894C24 10 mov dword ptr ss:[esp+0x10],ecx ; 23456 00401721 |. 8BC8 mov ecx,eax 00401723 |. 895C24 14 mov dword ptr ss:[esp+0x14],ebx 00401727 |. 8BC7 mov eax,edi 00401729 |. 8BDA mov ebx,edx 0040172B |. 99 cdq 0040172C |. 3BC1 cmp eax,ecx ; E5C26 * 2 =1CB84C 0040172E 75 21 jnz XCRECKME_.00401751 00401730 |. 3BD3 cmp edx,ebx 00401732 75 1D jnz XCRECKME_.00401751 00401734 |. 8B4C24 10 mov ecx,dword ptr ss:[esp+0x10] 00401738 |. 8BC6 mov eax,esi 0040173A |. 99 cdq 0040173B |. 3BC1 cmp eax,ecx 0040173D 75 12 jnz XCRECKME_.00401751 ; 23456 0040173F |. 3B5424 14 cmp edx,dword ptr ss:[esp+0x14] 00401743 75 0C jnz XCRECKME_.00401751 00401745 |. 8B4C24 1C mov ecx,dword ptr ss:[esp+0x1C] 00401749 |. 8B11 mov edx,dword ptr ds:[ecx] 0040174B |. FF92 54010000 call dword ptr ds:[edx+0x154] 00401751 |> 8B8C24 A40000>mov ecx,dword ptr ss:[esp+0xA4] 00401758 |. E8 4C040000 call CRECKME_.00401BA9 0040175D |. 5F pop edi 0040175E |. 5E pop esi 0040175F |. 5B pop ebx 00401760 |. 8BE5 mov esp,ebp 00401762 |. 5D pop ebp 00401763 . C3 retn
char cTmep[128] = {0xFF}; int iCount1 =2,iCount2 =3; UpdateData(true); int i =0; _tcscpy(cTmep, m_Name); for(int i=0;i<7;i++) { if(cTmep[i] == _T('0')) return; } if(cTmep[6] != 0x00 || cTmep[5] == 0x00) //用于判断长度,故意不用你API的GETLENGTH return; if(m_Serial< 100000) return; for(i=0;i< 3;i++) iCount1 *= cTmep[i]; for(i= 3;i< 5;i++) iCount2 *= cTmep[i]; if(iCount1 == m_Serial/100000 && iCount2 == (m_Serial % 100000))//密码可以做成想要的样子 { OnOK(); } else return;