作文快手 V2.1算法分析

作文快手 V2.1算法分析

2004/10/15 0:55:00来源:本站整理作者:蓝点我要评论(0)

软件简介:
软件介绍:  
   《作文快手》是一款中小学作文助写软件,功能:一、范文参考。《作文快手》内置了近两千篇各类优秀作文,内容涵盖了从小学到高中写作的方方面面;二、快速生成。《作文快手》内分类存储了数万段各类题材的文章段落,操作熟练后,可在5分钟之内生成一篇千字作文;三、内置诗词名言库,搜集整理了近5万条词汇,万条成语,近2万句名言,唐诗、宋词、元曲合计近5000首,并提供了模糊检索功能,你只要记得一句诗词或名言其中几个字,就能检索到完整的诗词,免除了到处找参考资料的烦恼。四、《作文快手》提供了智能化的写作辅导;五、2.1版本增加了拼音速查功能;六、2.0版本增加了词语优化功能,增加了同义词、反义词库,可方便地查询;七、《作文快手》允许用户添加自己搜集的文章;八、强大的文本编辑功能。九、内置作文标题库和给材料作文库。
--------------------------------------------------------------------------------------
破解人:北极熊[DFCG]
下载地址:http://www.skycn.com/soft/8632.html
破解工具:TRW2000

破解过程:
1、运行TRW2000后最小化

2、运行程序,弹出注册对话框,输入用户名和任意假注册码,先不要点“注册”按钮

3、Ctrl+N激活TRW2000

4、bpx hmemcpy → 这里用hmemcpy这个万能断点就OK了

5、按F5返回,点击注册按钮,程序被拦截

6、BC * → 清除所有断点
 PMODULE → 直接进入程序领空

7、按F12键7次按F10键来到如下代码处

:005D565D 83BDE4FDFEFF00          cmp dword ptr [ebp+FFFEFDE4], 00000000
:005D5664 0F8478030000            je 005D59E2
:005D566A 8D95E0FDFEFF            lea edx, dword ptr [ebp+FFFEFDE0]
:005D5670 8B45EC                  mov eax, dword ptr [ebp-14]
:005D5673 8B8000030000            mov eax, dword ptr [eax+00000300]
:005D5679 E83201E6FF              call 004357B0
:005D567E 8B85E0FDFEFF            mov eax, dword ptr [ebp+FFFEFDE0]      取用户名
:005D5684 8D55DC                  lea edx, dword ptr [ebp-24]            
:005D5687 E8B046E3FF              call 00409D3C                          
:005D568C C745E000000000          mov [ebp-20], 00000000                 存放注册码地址清零
:005D5693 C745E400000000          mov [ebp-1C], 00000000                 注册码高位地址清零
:005D569A 8D45D8                  lea eax, dword ptr [ebp-28]
:005D569D E8FEE8E2FF              call 00403FA0                          
:005D56A2 8B45DC                  mov eax, dword ptr [ebp-24]            
:005D56A5 E876EBE2FF              call 00404220                         计算用户名长度
:005D56AA 8BF8                    mov edi, eax                          EAX=EDI=用户名长度
:005D56AC 85FF                    test edi, edi                         是否填了用户名
:005D56AE 7E25                    jle 005D56D5                          是就不跳
:005D56B0 BB01000000              mov ebx, 00000001                     EBX=1   (计数)

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D56D3(C)
|
:005D56B5 8B45DC                  mov eax, dword ptr [ebp-24]
:005D56B8 0FB64418FF              movzx eax, byte ptr [eax+ebx-01]    逐位取用户名ascii码
:005D56BD 69C0C3330000            imul eax, 000033C3                  eax=eax*33c3h
:005D56C3 33D2                    xor edx, edx                        edx清零
:005D56C5 0345E0                  add eax, dword ptr [ebp-20]         eax结果相加
:005D56C8 1355E4                  adc edx, dword ptr [ebp-1C]         高位相加
:005D56CB 8945E0                  mov dword ptr [ebp-20], eax         eax的数值存放起来
:005D56CE 8955E4                  mov dword ptr [ebp-1C], edx
:005D56D1 43                      inc ebx                             计数器加1
:005D56D2 4F                      dec edi                             用户长度减1
:005D56D3 75E0                    jne 005D56B5                        未完继续

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D56AE(C)
|
:005D56D5 A1883C5F00              mov eax, dword ptr [005F3C88]       取机器码
:005D56DA E8B548E3FF              call 00409F94
:005D56DF 99                      cdq
:005D56E0 0345E0                  add eax, dword ptr [ebp-20]        
:005D56E3 1355E4                  adc edx, dword ptr [ebp-1C]            
:005D56E6 8945E0                  mov dword ptr [ebp-20], eax
:005D56E9 8955E4                  mov dword ptr [ebp-1C], edx
:005D56EC A1883C5F00              mov eax, dword ptr [005F3C88]        取机器码
:005D56F1 E82AEBE2FF              call 00404220                        计算机器码长度
:005D56F6 8BF8                    mov edi, eax
:005D56F8 85FF                    test edi, edi                        测试是否有机器码
:005D56FA 0F8ECF010000            jle 005D58CF                         有就不跳
:005D5700 BB01000000              mov ebx, 00000001                    EBX=1(计数)

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D58C9(C)
|
:005D5705 A1883C5F00              mov eax, dword ptr [005F3C88]
:005D570A 807C18FF31              cmp byte ptr [eax+ebx-01], 31        
                                                      比较机器码第一位的ASCII码是否是31
:005D570F 7521                    jne 005D5732                          不是就跳过
:005D5711 8B45E0                  mov eax, dword ptr [ebp-20]
:005D5714 8B55E4                  mov edx, dword ptr [ebp-1C]
:005D5717 054D090000              add eax, 0000094D                     eax加上094H
:005D571C 83D200                  adc edx, 00000000
:005D571F 8945E0                  mov dword ptr [ebp-20], eax
:005D5722 8955E4                  mov dword ptr [ebp-1C], edx
:005D5725 8D45D8                  lea eax, dword ptr [ebp-28]
:005D5728 BA94635D00              mov edx, 005D6394                       设置edx=字符"C"
:005D572D E8F6EAE2FF              call 00404228                           连接这些字符放入EBX

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D570F(C)
|
:005D5732 A1883C5F00              mov eax, dword ptr [005F3C88]
:005D5737 807C18FF32              cmp byte ptr [eax+ebx-01], 32
                                                               比较机器码第一位的ASCII码是否是32
:005D573C 7521                    jne 005D575F
:005D573E 8B45E0                  mov eax, dword ptr [ebp-20]
:005D5741 8B55E4                  mov edx, dword ptr [ebp-1C]
:005D5744 0575210100              add eax, 00012175                 eax加12175H
:005D5749 83D200                  adc edx, 00000000
:005D574C 8945E0                  mov dword ptr [ebp-20], eax
:005D574F 8955E4                  mov dword ptr [ebp-1C], edx
:005D5752 8D45D8                  lea eax, dword ptr [ebp-28]
:005D5755 BAA0635D00              mov edx, 005D63A0            设置edx=字符"a"
:005D575A E8C9EAE2FF              call 00404228                连接这些字符

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D573C(C)
|
:005D575F A1883C5F00              mov eax, dword ptr [005F3C88]
:005D5764 807C18FF33              cmp byte ptr [eax+ebx-01], 33
                                                    比较机器码第一位的ASCII码是否是33
:005D5769 7521                    jne 005D578C
:005D576B 8B45E0                  mov eax, dword ptr [ebp-20]
:005D576E 8B55E4                  mov edx, dword ptr [ebp-1C]
:005D5771 0591F60000              add eax, 0000F691              eax加上0F691H
:005D5776 83D200                  adc edx, 00000000
:005D5779 8945E0                  mov dword ptr [ebp-20], eax
:005D577C 8955E4                  mov dword ptr [ebp-1C], edx
:005D577F 8D45D8                  lea eax, dword ptr [ebp-28]
:005D5782 BAAC635D00              mov edx, 005D63AC             设置edx=字符"b"
:005D5787 E89CEAE2FF              call 00404228

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D5769(C)
|
:005D578C A1883C5F00              mov eax, dword ptr [005F3C88]
:005D5791 807C18FF34              cmp byte ptr [eax+ebx-01], 34
                                                    比较机器码第一位的ASCII码是否是34
:005D5796 7521                    jne 005D57B9
:005D5798 8B45E0                  mov eax, dword ptr [ebp-20]
:005D579B 8B55E4                  mov edx, dword ptr [ebp-1C]
:005D579E 05330A0000              add eax, 00000A33        eax加上0A33H
:005D57A3 83D200                  adc edx, 00000000
:005D57A6 8945E0                  mov dword ptr [ebp-20], eax
:005D57A9 8955E4                  mov dword ptr [ebp-1C], edx
:005D57AC 8D45D8                  lea eax, dword ptr [ebp-28]
:005D57AF BAB8635D00              mov edx, 005D63B8                设置edx=字符"D"
:005D57B4 E86FEAE2FF              call 00404228

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D5796(C)
|
:005D57B9 A1883C5F00              mov eax, dword ptr [005F3C88]
:005D57BE 807C18FF35              cmp byte ptr [eax+ebx-01], 35
                                                    比较机器码第一位的ASCII码是否是35
:005D57C3 7521                    jne 005D57E6
:005D57C5 8B45E0                  mov eax, dword ptr [ebp-20]
:005D57C8 8B55E4                  mov edx, dword ptr [ebp-1C]
:005D57CB 0569240000              add eax, 00002469            eax加上02469H
:005D57D0 83D200                  adc edx, 00000000
:005D57D3 8945E0                  mov dword ptr [ebp-20], eax
:005D57D6 8955E4                  mov dword ptr [ebp-1C], edx
:005D57D9 8D45D8                  lea eax, dword ptr [ebp-28]
:005D57DC BAC4635D00              mov edx, 005D63C4           设置edx=字符"z"
:005D57E1 E842EAE2FF              call 00404228

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D57C3(C)
|
:005D57E6 A1883C5F00              mov eax, dword ptr [005F3C88]
:005D57EB 807C18FF36              cmp byte ptr [eax+ebx-01], 36
                                                    比较机器码第一位的ASCII码是否是36
:005D57F0 7521                    jne 005D5813
:005D57F2 8B45E0                  mov eax, dword ptr [ebp-20]
:005D57F5 8B55E4                  mov edx, dword ptr [ebp-1C]
:005D57F8 05E71E0000              add eax, 00001EE7                  eax加上01EE7H
:005D57FD 83D200                  adc edx, 00000000
:005D5800 8945E0                  mov dword ptr [ebp-20], eax
:005D5803 8955E4                  mov dword ptr [ebp-1C], edx
:005D5806 8D45D8                  lea eax, dword ptr [ebp-28]
:005D5809 BAD0635D00              mov edx, 005D63D0                 设置edx=字符"Z"
:005D580E E815EAE2FF              call 00404228

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D57F0(C)
|
:005D5813 A1883C5F00              mov eax, dword ptr [005F3C88]
:005D5818 807C18FF37              cmp byte ptr [eax+ebx-01], 37
                                                    比较机器码第一位的ASCII码是否是37
:005D581D 7521                    jne 005D5840
:005D581F 8B45E0                  mov eax, dword ptr [ebp-20]
:005D5822 8B55E4                  mov edx, dword ptr [ebp-1C]
:005D5825 05770C0000              add eax, 00000C77            eax加上0C77H
:005D582A 83D200                  adc edx, 00000000
:005D582D 8945E0                  mov dword ptr [ebp-20], eax
:005D5830 8955E4                  mov dword ptr [ebp-1C], edx
:005D5833 8D45D8                  lea eax, dword ptr [ebp-28]
:005D5836 BADC635D00              mov edx, 005D63DC                 设置edx=字符"F"
:005D583B E8E8E9E2FF              call 00404228

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D581D(C)
|
:005D5840 A1883C5F00              mov eax, dword ptr [005F3C88]
:005D5845 807C18FF38              cmp byte ptr [eax+ebx-01], 38
                                                    比较机器码第一位的ASCII码是否是38
:005D584A 7521                    jne 005D586D
:005D584C 8B45E0                  mov eax, dword ptr [ebp-20]
:005D584F 8B55E4                  mov edx, dword ptr [ebp-1C]
:005D5852 05C90A0000              add eax, 00000AC9                eax加上0AC9H
:005D5857 83D200                  adc edx, 00000000
:005D585A 8945E0                  mov dword ptr [ebp-20], eax
:005D585D 8955E4                  mov dword ptr [ebp-1C], edx
:005D5860 8D45D8                  lea eax, dword ptr [ebp-28]
:005D5863 BAE8635D00              mov edx, 005D63E8                 设置edx=字符"M"
:005D5868 E8BBE9E2FF              call 00404228

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D584A(C)
|
:005D586D A1883C5F00              mov eax, dword ptr [005F3C88]
:005D5872 807C18FF39              cmp byte ptr [eax+ebx-01], 39
                                                    比较机器码第一位的ASCII码是否是39
:005D5877 7521                    jne 005D589A
:005D5879 8B45E0                  mov eax, dword ptr [ebp-20]
:005D587C 8B55E4                  mov edx, dword ptr [ebp-1C]
:005D587F 05D3E10000              add eax, 0000E1D3              eax加上0E1D3H
:005D5884 83D200                  adc edx, 00000000
:005D5887 8945E0                  mov dword ptr [ebp-20], eax
:005D588A 8955E4                  mov dword ptr [ebp-1C], edx
:005D588D 8D45D8                  lea eax, dword ptr [ebp-28]
:005D5890 BAF4635D00              mov edx, 005D63F4             设置edx=字符"n"
:005D5895 E88EE9E2FF              call 00404228

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D5877(C)
|
:005D589A A1883C5F00              mov eax, dword ptr [005F3C88]
:005D589F 807C18FF30              cmp byte ptr [eax+ebx-01], 30
                                                    比较机器码第一位的ASCII码是否是30
:005D58A4 7521                    jne 005D58C7
:005D58A6 8B45E0                  mov eax, dword ptr [ebp-20]
:005D58A9 8B55E4                  mov edx, dword ptr [ebp-1C]
:005D58AC 05010A0000              add eax, 00000A01               eax加上0A01H
:005D58B1 83D200                  adc edx, 00000000
:005D58B4 8945E0                  mov dword ptr [ebp-20], eax
:005D58B7 8955E4                  mov dword ptr [ebp-1C], edx
:005D58BA 8D45D8                  lea eax, dword ptr [ebp-28]
:005D58BD BA00645D00              mov edx, 005D6400               设置edx=字符"h"
:005D58C2 E861E9E2FF              call 00404228

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D58A4(C)
|
:005D58C7 43                      inc ebx
:005D58C8 4F                      dec edi
:005D58C9 0F8536FEFFFF            jne 005D5705

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005D56FA(C)
|
:005D58CF 8D95DCFDFEFF            lea edx, dword ptr [ebp+FFFEFDDC]
:005D58D5 8B45EC                  mov eax, dword ptr [ebp-14]             EDX=对应机器码的字母串
:005D58D8 8B80DC020000            mov eax, dword ptr [eax+000002DC]
:005D58DE E8CDFEE5FF              call 004357B0                          
                                                             把上面算出来的数字和字串连接起来
:005D58E3 8B85DCFDFEFF            mov eax, dword ptr [ebp+FFFEFDDC]
:005D58E9 50                      push eax
:005D58EA FF75E4                  push [ebp-1C]
:005D58ED FF75E0                  push [ebp-20]
:005D58F0 8D85D8FDFEFF            lea eax, dword ptr [ebp+FFFEFDD8]
:005D58F6 E82546E3FF              call 00409F20
:005D58FB 8D85D8FDFEFF            lea eax, dword ptr [ebp+FFFEFDD8]
:005D5901 8B55D8                  mov edx, dword ptr [ebp-28]
:005D5904 E81FE9E2FF              call 00404228
:005D5909 8B95D8FDFEFF            mov edx, dword ptr [ebp+FFFEFDD8]       真注册码
:005D590F 58                      pop eax                                 假注册码
:005D5910 E81BEAE2FF              call 00404330                 关键比较
:005D5915 0F85D6000000            jne 005D59F1                  不对就死了
:005D591B 8D8DD4FDFEFF            lea ecx, dword ptr [ebp+FFFEFDD4]
:005D5921 66BA2606                mov dx, 0626

* Possible StringData Ref from Code Obj ->"喝黑铭菜姜"
                                 |
:005D5925 B880635D00              mov eax, 005D6380


算法总结:
1.逐位取注册名ASCII码的16进制*33c3后相加  -----------(其中EAX值为所乘低八位值,EDX为高八位值,一般是没有)
2:逐位取机器码,如是1则EAX加上94h,后面加字符C,是2则加12175h,后面加字符a,依此类推。
  取完机器码则完成。
 如果EDX中有值的话,应也要联接。
  应在5D58F6联接,前面那个CALL是十六进制转为十进制。

我的注册名:jxtour
机器码:243606370
注册码:252897143aDbZhZbFh

这是我的第一篇算法!


    
    
     
    
    

阅读本文后您有什么感想? 已有 人给出评价!

  • 0 囧
      囧
  • 0 恶心
      恶心
  • 0 期待
      期待
  • 0
      难过
  • 0 不错
      不错
  • 0 关注
      关注
  • 最新评论
  • 热门评论
共有评论(0)条 查看全部评论
高兴 可 汗 我不要 害羞 好 下下下 送花 屎 亲亲

注:您的评论需要经过审核才会显示出来