📄 zenms7kg.asm
字号:
; ###############################; # MICRO-STRATEGY 7 SP2 KEYGEN #; ##############[XOR37H/ZENiTH]##;; serial format is: nnnnnnnnn-xxxx ;.386.MODEL FLAT,STDCALLlocalsjumpsUNICODE=0 ; Not Unicodeinclude res.inc ; Resource Includesinclude w32.inc ; Win 32 DefinitionsICON_SMALL equ 0; KERNEL32.dll extrn lstrcatA:proc extrn GetTickCount:proc extrn DrawIcon:proc.data unk_1000C110 db 005h,040h,014h,004h,041h,000h,010h,008h db 004h,045h,010h,00Dh,001h,050h,001h,004h db 040h,004h,041h,004h,055h,041h,055h,009h db 045h,041h,010h,00Ch,041h,050h,041h,00Dh db 050h,041h,010h,001h,051h,045h,051h,001h db 045h,004h,055h,000h,051h,054h,001h,005h db 051h,000h,041h,005h unk_1000C144 db 054h,014h,051h,00Ch,011h,015h,000h,00Ch db 045h,050h,040h,005h,045h,050h,050h,000h db 011h,011h,015h,00Dh,011h,044h,050h,001h db 055h,054h,004h,008h,041h,050h,014h,005h db 005h,044h,010h,000h,041h,000h,041h,005h db 051h,010h,045h,00Ch,040h,040h,044h,001h db 044h,045h,054h,001h,015h,010h,001h,009h db 014h,005h,044h,008h,045h,011h,010h,001h db 011h,044h,054h,001h,050h,041h,044h,000h db 045h,014h,055h,009h,011h,040h,004h,00Dh unk_1000C194 db 002h,000h,000h,000h,008h,000h,000h,000h db 020h,000h,000h,000h,080h,000h,000h,000h db 000h,002h,000h,000h,000h,008h,000h,000h db 000h,020h,000h,000h,000h,080h,000h,000h db 000h,000h,002h,000h,000h,000h,008h,000h db 000h,000h,020h,000h,000h,000h,080h,000h db 000h,000h,000h,002h unk_1000C1C8 db 001h,000h,000h,000h,002h,000h,000h,000h db 004h,000h,000h,000h,008h,000h,000h,000h db 010h,000h,000h,000h,020h,000h,000h,000h db 040h,000h,000h,000h,080h,000h,000h,000h db 000h,001h,000h,000h,000h,002h,000h,000h db 000h,004h,000h,000h,000h,008h,000h,000h db 000h,010h,000h,000h,000h,020h,000h,000h db 000h,040h,000h,000h,000h,080h,000h,000h db 000h,000h,001h,000h,000h,000h,002h,000h db 000h,000h,004h,000h,000h,000h,008h,000h unk_1000C218 db 004h,000h,000h,000h,008h,000h,000h,000h db 020h,000h,000h,000h,080h,000h,000h,000h db 000h,002h,000h,000h,000h,008h,000h,000h db 000h,020h,000h,000h,000h,080h,000h,000h db 000h,000h,002h,000h,000h,000h,008h,000h db 000h,000h,020h,000h,000h,000h,080h,000h db 000h,000h,000h,002h unk_1000C29C db 005h,007h,001h,000h,003h,004h,009h,008h db 006h,002h,000h,000h unk_1000C24C db 010h,000h,000h,000h,040h,000h,000h,000h db 000h,001h,000h,000h,000h,004h,000h,000h db 000h,010h,000h,000h,000h,040h,000h,000h db 000h,000h,001h,000h,000h,000h,004h,000h db 000h,000h,010h,000h,000h,000h,040h,000h db 000h,000h,000h,001h,000h,000h,000h,004h db 000h,000h,000h,010h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h random_number_seed dd 0DEADBEEFh ; 32-bit random number seed serial_end equ byte ptr $-01h serial_dash equ byte ptr $+09h serial_halfway_through equ byte ptr $+0ah serial_start equ byte ptr $+0dh serial db '000000000-0000',00h ; Serial to start bruteforcing from... done dd 0 ; To tell it to exit the app _hInst dd ? ; the hInst _hWnd dd ? ; Window Handle _hIcon dd ? _msg MSG <?> ; The message Structure _pnt PAINTSTRUCT <?> DlgRect RECT <> DlgWidth dd ? DlgHeight dd ? DesktopRect RECT <> .codecode_begin: call GetModuleHandle, NULL ; Get the handle to our app mov _hinst, eax ; Store it xor eax, eax ; clear eax mov ax, IDD_DIALOG1 ; load the handle of the dialog into eax push 0 ; Initialization Value...we don't need it, make it 0 push offset DlgProc ; Pointer to the Procedure which handles messages for the dialog push 0 ; We have no owner window, so this can be null push eax ; The dialog that we want to load push _hinst ; The hInst call DialogBoxParamA ; Create the Dialog call ExitProcess ; Exit the Program; ############### SUBROUTINE #######################################PUBLIC DlgProc DlgProc proc STDCALL, __hwnd:DWORD, wmsg:DWORD, _wparam:DWORD, _lparam:DWORD USES ebx, edi, esi xor eax,eax ; Clear eax mov ax, word ptr [wmsg] ; Put the message into eax .IF ax==WM_DESTROY ; Was the msg WM_DESTROY jmp _wmdestroy ; If so, destroy the window .ELSEIF ax==WM_CLOSE ; Same thing if it's WM_CLOSE jmp _wmdestroy .ELSEIF ax==WM_COMMAND ; WM_COMMAND means something interesting happened jmp _wmcommand ; So process it .ELSEIF ax==WM_INITDIALOG ; Code runs when the dialog is first initialized jmp _initdlg .ENDIF xor eax,eax ret ; Exit the message loop, return 0_wmdestroy: push 0 ; Return 0 push __hWnd ; The handle of the Dialog call EndDialog ; End the Dialog call ExitProcess ; Exit Process mov done, 1 ; This wasn't working even before i added the ExitProcess call ;) ret_wmcommand: cmp _wparam, IDOK ; Did they press the OK button? jne @teo call GenKey, __hWnd ; If they did, generate their key@teo: ret_initdlg: ; Here we will put the icon on the dialog and center the dialog push IDI_ICON ; The Icon Identifier, from the resource file (included in res.inc) push _hinst ; The hInstance call LoadIcon ; Load the Icon mov _hIcon, eax ; Store the Icon handle push eax ; Push it for the call to load the icon into the titlebar push ICON_SMALL ; The icon to be used in the title bar is the small icon push WM_SETICON ; The message to send push __hwnd ; The window handle call SendMessage ; Send the Message ; Code to center the dialog push OFFSET DlgRect ; Ptr to the Rect struct that will store the coordinates push __hwnd ; The window handle call GetWindowRect call GetDesktopWindow ; get the handle to the Desktop window push OFFSET DesktopRect ; offset to the Rect struct that holds the size ofthe desktop push eax ; The hWnd ofthe desktop call GetWindowRect ; Get the info push 0 ; Part of the later call to MoveWindow (no repaint) mov eax,DlgRect.rc_bottom ; Get the bottom of our dialogs window sub eax,DlgRect.rc_top ; subtract the y value at the top of our window mov DlgHeight,eax ; And store it as the dialog's height push eax ; Push it for the call to MoveWindow mov eax,DlgRect.rc_right ; The X coordinate of the right side of our dialog sub eax,DlgRect.rc_left ; minus that of the left side mov DlgWidth,eax ; gives us the width push eax ; Push it for the call to MoveWindow mov eax,DesktopRect.rc_bottom ; Get the bottom of the desktop window sub eax,DlgHeight ; Subtract the height of our dialog shr eax,1 ; and divide by 2...this gives the middle of the screen push eax ; Push for the movewindow call mov eax,DesktopRect.rc_right ; Get the right side of the desktop sub eax,DlgWidth ; Minus the width of our dialog shr eax,1 ; Divide by 2 push eax ; Push it push __hwnd ; Push the window handle call MoveWindow ; Move the window ret DlgProc ENDP; ############### SUBROUTINE #######################################GenKey proc _hDlg:dworduses eax, ecx, edx, edigenerate: push 09h pop ecx lea edi,serialgen_first_half: push 0ah ; Get random number within ten pop eax ; " " " " " call get_random_number_within_range xchg eax,edx add al,'0' stosb loop gen_first_half push 04h pop ecx inc edigen_second_half: push 24h ; Get random number within thirty-seven pop eax ; " " " " " call get_random_number_within_range xchg eax,edx add al,'0' cmp al,'9' jbe store_byte_of_serial add al,'A'-'9'-01hstore_byte_of_serial: stosb loop gen_second_half next_serial: lea edi,serial_startgenerate_serial: inc byte ptr [edi] cmp byte ptr [edi],'9' jbe CheckSerial cmp edi,offset serial_halfway_through jb beyond_halfway cmp byte ptr [edi],'Z' ja beyond_halfway mov al,'A' cmp [edi],al ja CheckSerial mov [edi],al jmp CheckSerialbeyond_halfway: mov byte ptr [edi],'0'found_dash: dec edi cmp edi,offset serial_dash je found_dash cmp edi,offset serial_end jne generate_serial_ExitProcess: push 00h ; Exit code for all threads call ExitProcessCheckSerial: push offset serial call fnSerialkey cmp eax,0FFFFFFFBh ; dont know correct return je next_serial ; so we check against known, error returns cmp eax,0FFFFFFFCh⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -