|
/在GetWindowsTextA处下断点,通过栈回溯可以找到4个获取控件文本的函数,运行完这四个函数之后将stack窗口向下(xia)滑会发现6个字符串,在用户名上下断点,F9运行就可以找到加密函数,因为是MFC程序,其中的调用逻辑很复杂,建议不要用消息断点,如果你熟悉MFC程序手中有符号,就当我没说/
#include "pch.h"
#include <iostream>
using namespace std;
#define BL 0x55555556
#define AL 0x66666667
#define CARRYDIGITAL 0x1F
int OperationExtend(int mWord, int MH);
int main()
{
char lp[100];
int mWord;
char MagicString[] = "zouzhiyong";
int copy;
int remainder;
cout << "[+]请输入用户名(不小于五个字符):";
cin >> lp;
string magicWord;
string key;
for (int q = 0;q < 5;q++) {
mWord = 0;
mWord += static_cast<int>(lp[q]);
for (int a = 1, d = q + 1;d < strlen(lp);a++, d++) {
mWord += static_cast<int>(lp[a]);
}
while (mWord < 0x2710) {
mWord = mWord + mWord * 2;
}
int mValue = OperationExtend(BL, mWord);
mValue += (mValue >> 0x1F);
int DQ = mValue;
while (DQ != 0) {
remainder = DQ % 0xA;
DQ -= remainder;
DQ = OperationExtend(AL, DQ) >> 2;
copy = DQ >> CARRYDIGITAL;
DQ += copy;
magicWord.push_back(MagicString[remainder]);
}
}
for (int a = 0;a < magicWord.length();a++) {
char end = magicWord[a] - magicWord[a] % 5 - 0x14 - (magicWord[a] & 0x80000001) - 0xc;
if (a % 4 == 0 && a != 0) {
key.push_back('-');
}
key.push_back(end);
}
cout << "[+]注册码为:" << key.c_str() << endl;
while (1);
return 0;
}
//将运算位数扩展到8个字节,取高32位
int OperationExtend(int MH,int mWord) {
//每一个元素只保存2个字节,将字节扩展到8个
int stopOverflow[4];
//进位标志位
unsigned short int CF = 0;
int mWord_high=0;
stopOverflow[3] = MH & 0xFFFF;
stopOverflow[2] = (MH & 0xFFFF0000) >> 16;
stopOverflow[1] = 0;
stopOverflow[0] = 0;
//将0x55555556与mWord相乘取其中高32位
for (int a = 3;a >=0;a--) {
stopOverflow[a] *= mWord;
stopOverflow[a] += CF;
CF = (stopOverflow[a] & 0xFFFF0000) >> 16;
}
mWord_high |= (stopOverflow[0] & 0xFFFF);
mWord_high <<= 16;
mWord_high |= (stopOverflow[1] & 0xFFFF);
return mWord_high;
| 
发表于 2021-3-29 10:59:17
|
查看: 4648|
回复: 0
窥视卡
雷达卡
提升卡
置顶卡
关闭卡
开启卡
变色卡
千斤顶
照妖镜