htmltab.asm

破解很多程序的序列号算法程序

.386P
Locals
jumps

include ..\tiny_win32.inc

.Model Flat, StdCall

.Data

caption   db "http://csir.cjb.net",0  ; about box

box_1_text   db "R!SC",0

blank2  db "enter 3 or more characters",0
buffer1 db  42 dup (?)
buffer2 db  82 dup (?)
about   db 'HtmlTab ** kEYGEN #10 bY R!SC ** risc@notme.com **',10,13,0

msg     MSGSTRUCT   <?>
wc      WNDCLASS    <?>
hIce    dd 0


currentnumber   dd  0
myname          db 41 dup (0)
myserial        db 10 dup (0)

;----------------------------------------------------------------------------------------------

.Code
 
main:
    jmp     boring  ; do all the windows stuff

    
getit:          ; begin keygen code :) hahaha
                ; this bit is executed when
                ; cmp   word ptr [wparam],IDD_BOX1  ; box 1 iD
                ; is equal...(and when dialog is initialised)


    push    040             ; size of buffer
    push    offset myname  ; buffer
    push    IDD_BOX1        ; what box to snatch the text from
    push    hwnd            ; our dialog handle
    call    GetDlgItemTextA ; do it
setit:
    cmp     eax, 03         ; eax=length of text
    jl      blank_box2      ; less than 1 character, put a message in box 2
    
    call    serialgencode
    
    
print_code_into_box_2: 
    push    offset myserial  ; ASCii serial
    push    0
    push    WM_SETTEXT      ; command
    push    IDD_BOX2        ; what box?
    push    hwnd            ; dialog handle
    call    SendDlgItemMessageA
    mov     eax, 1
    jmp     main_finish     ; DONE!
    



loc0040C660:

 mov ecx, dword ptr [esp+04]
 mov dword ptr [currentnumber], ecx       ; store current letter
 ret


loc0040C670:

 mov ecx, dword ptr [currentnumber]       ; last result, or current letter
 lea edx, dword ptr [ecx+2*ecx]
 lea edx, dword ptr [ecx+4*edx]
 shl edx, 04
 add edx, ecx
 shl edx, 08
 sub edx, ecx
 lea ecx, dword ptr [ecx+4*edx+00269EC3h]
 mov dword ptr [currentnumber], ecx
 mov eax, ecx
 shr eax, 10h
 and eax, 00007FFFh
 ret

serialgencode:
    pushad
 lea    eax, myname
 movsx  ecx, byte ptr [eax+02]      ; letter 3 into ecx
 push   ecx
 call   loc0040C660
 add    esp, 00000004
 mov    edi, 00000004                 ; math count #1

@0040187F:
 call   loc0040C670                     ; do some maths
 cdq
 mov    ecx, 00000009         
 idiv   ecx                          ; divide result with 9
 dec    edi   
 jne    @0040187F                      ; loop until edi==0
 lea    eax, myserial
 add    edx, 00000030h                 ; first real serial digit
 mov    byte ptr [eax],dl             ; our fake? digit

 lea    edx, myname
 movsx  eax, byte ptr [edx+01]
 push   eax
 call   loc0040C660
 add    esp, 00000004
 mov    edi, 00000003

@004018B9:
 call   loc0040C670
 cdq
 mov    ecx, 00000009
 idiv   ecx
 dec    edi
 jne    @004018B9
 lea    eax, myserial
 add    edx, 00000030h
 mov    byte ptr [eax+1],dl


 lea    edx, myname
 movsx  eax, byte ptr [edx]
 push   eax
 call   loc0040C660
 add    esp, 00000004
 mov    edi, 00000002

@004018F3:
 call   loc0040C670
 cdq
 mov    ecx, 00000009
 idiv   ecx
 dec    edi
 jne    @004018F3
 lea    eax, myserial
 add    edx, 00000030h
 mov    byte ptr [eax+2],dl


 lea    edx, myname
 movsx  eax, byte ptr [edx+02]
 push   eax
 call   loc0040C660
 add    esp, 00000004
 mov    edi, 00000003

@0040192E:
 call   loc0040C670
 cdq
 mov    ecx, 00000009
 idiv   ecx
 dec    edi
 jne    @0040192E
 lea    eax, myserial
 add    edx, 00000030h
 mov    byte ptr [eax+3],dl

 lea    edx, myname
 movsx  eax, byte ptr [edx+01]
 push   eax
 call   loc0040C660
 add    esp, 00000004
 mov    edi, 00000002

@00401969:
 call   loc0040C670
 cdq
 mov    ecx, 00000009
 idiv   ecx
 dec    edi
 jne    @00401969
 lea    eax, myserial
 add    edx, 00000030h
 mov    byte ptr [eax+4],dl

 lea    edx, myname
 movsx  eax, byte ptr [edx]
 push   eax
 call   loc0040C660
 add    esp, 00000004
 mov    esi, 01

@0040199E:
 call   loc0040C670
 cdq
 mov    ecx, 00000009
 idiv   ecx
 dec    esi
 jne    @0040199E
 lea    eax, myserial
 add    edx, 00000030h
 mov    byte ptr [eax+5],dl

 lea    edx, myname
 movsx  eax, byte ptr [edx+02]
 push   eax
 call   loc0040C660
 add    esp, 00000004
 mov    esi, 00000008

@004019D9:
 call   loc0040C670
 cdq
 mov    ecx, 00000009
 idiv   ecx
 dec    esi
 jne    @004019D9
 lea    eax, myserial
 add    edx, 00000030h
 mov    byte ptr [eax+6],dl


 lea    edx, myname
 movsx  eax, byte ptr [edx+01]
 push   eax
 call   loc0040C660
 add    esp, 00000004
 mov    esi, 00000007

@00401A14:
 call   loc0040C670
 cdq
 mov    ecx, 00000009
 idiv   ecx
 dec    esi
 jne    @00401A14
 lea    eax, myserial
 add    edx, 00000030h
 mov    byte ptr [eax+7],dl



 lea    edx, myname
 movsx  eax, byte ptr [edx]
 push   eax
 call   loc0040C660
 add    esp, 00000004
 mov    esi, 00000006

@00401A4E:
 call   loc0040C670
 cdq
 mov    ecx, 00000009
 idiv   ecx
 dec    esi
 jne    @00401A4E
 lea eax, myserial
 add edx, 00000030h
 mov byte ptr [eax+8],dl

    popad
 ret
    
    
blank_box2:
    push    offset blank2   ; oh, less than 1 character
    push    0
    push    WM_SETTEXT
    push    IDD_BOX2
    push    hwnd
    call    SendDlgItemMessageA
    mov     eax, 1
    jmp     main_finish

;----------------------------------------------------------------------------------------------

boring:             ; boring code, windows stuff
    push    0
    call    GetModuleHandleA
    mov     [hIce], eax

    mov     [wc.clsStyle], CS_HREDRAW + CS_VREDRAW + CS_GLOBALCLASS
    mov     [wc.clsLpfnWndProc], offset WndProc
    mov     [wc.clsCbClsExtra], 0
    mov     [wc.clsCbWndExtra], 0
    
    mov     eax, [hIce]
    mov     [wc.clsHInstance], eax

    push    0              
    push    offset Main_DlgProc    
    push    0
    push    IDD_DLG
    push    [hIce]
    call    DialogBoxParamA
    jmp     finish

        
Main_DlgProc proc hwnd:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD

    push    ebx
    push    esi
    push    edi

    cmp     [wmsg], WM_COMMAND      ; is the message a command?
    jz      main_command
    cmp     [wmsg], WM_INITDIALOG   ; has the box been initialised?
    jz      main_init
    cmp     [wmsg], WM_CLOSE        ; was close pressed?
    jz      main_dlgdestroy
    mov     eax, 0

main_finish:

    pop     edi
    pop     esi
    pop     ebx
    ret


msg_loop:

    push    0
    push    0
    push    0
    push    offset msg
    call    GetMessageA

    cmp     ax, 0
    jz      end_loop

    push    offset msg
    call    TranslateMessage

    push    offset msg
    call    DispatchMessageA

    jmp     msg_loop

end_loop:

    push    [msg.msWPARAM]
    call    ExitProcess

Main_DlgProc    endp



WndProc proc hwnd:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD
    push    esi
    push    edi
    push    ebx

defwndproc:

    push    [lparam]
    push    [wparam]
    push    [wmsg]
    push    [hwnd]
    call    DefWindowProcA

finish:

    pop     ebx
    pop     edi
    pop     esi
    ret

WndProc          endp



main_abt:           ; about messagebox...
    
    push    0
    push    offset caption
    push    offset about
    push    0
    call    MessageBoxA
    mov     eax, 1
    jmp     main_finish

    
main_init:          ; initialise dialog text
    
    push    offset box_1_text
    push    0
    push    WM_SETTEXT
    push    IDD_BOX1
    push    hwnd
    call    SendDlgItemMessageA

    jmp     getit   ; getit, get text in box 1, and creates serial from it


main_command:

    cmp     [wparam], IDD_ABT           ; about button iD
    jz      main_abt
    cmp     word ptr [wparam],IDD_BOX1  ; box 1 iD
    jz      getit
    cmp     [wparam], IDD_EXIT          ; quit button iD
    jz      main_dlgdestroy

    mov     eax, 0
    jmp     main_finish
    
main_dlgdestroy:

    call    ExitProcess

End main