winzip.asm

破解很多程序的序列号算法程序

.386P
Locals
jumps

include tiny_win32.inc

.Model Flat, StdCall

.Data

caption   db "http://csir.cjb.net  http://beam.to/evc",0  ; about box

box_1_text   db "R!SC eVC",0

blank2  db "name >= 1 character ok?  ",0
buffer1 db  42 dup (?)

about   db 'WinZip 7.0 ** kEYGEN #3 bY R!SC ** risc@notme.com **',10,13,0	;)

msg     MSGSTRUCT   <?>
wc      WNDCLASS    <?>
hIce    dd 0

regcode     db 14 dup (0)
regend      db 0,0,0
tempreg     db 40h dup (0)
tempregend  db 0

value_1     dd  0
value_2     dd  0
finalvalue  dd  0

       reg1        dd  0       ; yah, contains part 1 of the reg code
       reg2        dd  0       ; yah, contains part 2...

count       db  0
hiya        dd  0
lengthy     db  0
	
;----------------------------------------------------------------------------------------------

.Code
 
main:
	jmp		boring	; do all the windows stuff

    
getit:          ; begin keygen code :) hahaha
				; this bit is executed when
				; cmp 	word ptr [wparam],IDD_BOX1	; box 1 iD
    			; is equal...(and when dialog is initialised)

;   int 03
    push    041				; size of buffer
    push    offset buffer1	; buffer
    push    IDD_BOX1		; what box to snatch the text from
    push    hwnd			; our dialog handle
    call    GetDlgItemTextA	; do it
setit:
    cmp     eax, 01			; eax=length of text
    jl      blank_box2		; less than 1 character, put a message in box 2
    
    mov     byte ptr [lengthy],al	; save the length

start_conversion_of_name:
    lea     esi,buffer1
    xor     ecx,ecx
chekk:
    inc     esi
    cmp     byte ptr [esi],0
    jnz 	chekk				; find the end of the name, should have done 'add esi,eax'
ohmy:
    dec     esi
    inc     ecx
    cmp     byte ptr [esi],20h	; check for spaces at the end, as these dont get used..
    jz      ohmy
    mov     byte ptr [esi+1],0	; null terminate the name, after killing all spaces..
    lea     edi, buffer1
    cmp     byte ptr [edi],0
    jz      blank_box2			; check the whole input wasnt spaces, if so...

    mov     esi, edi
chekk2:
    cmp     byte ptr [esi],020h	; check start of name for spaces
    jnz     ohmy2
    inc     esi
    jmp     chekk2
ohmy2:
    cmp     esi, edi
    jz      calc_value_1
lpcpy:
    movsb
    cmp byte ptr [esi-1],0		; moves the whole name to the left, killing any spaces at the beginning
    jnz lpcpy
	
calc_value_1:	; we are now ready to do the maths :)
    ;int 03
    lea     esi, buffer1
    xor     edi, edi
    mov     dword ptr [value_1],edi
    mov     dword ptr [value_2],edi
    mov     dword ptr [finalvalue],edi	; just clear all previous serial calculations
    xor     eax, eax
    xor     ebx, ebx
    mov     dl, byte ptr [esi]
value_1_loop:
    test    dl, dl
    jz      done_value_1
    movzx   dx, dl
    mov     ebx, edi
    imul    ebx, edx
    add     dword ptr [value_1],ebx
    mov     dl, byte ptr [esi+1]
    inc     edi
    inc     esi
    jmp     value_1_loop
    
done_value_1:
    lea     esi, buffer1
value_2_loop:
    xor     ecx, ecx
    mov     ch, byte ptr [esi]
    test    ch, ch
    jz      done_value_2
    mov     edx, 8
arrgh_1:
    mov     ebx, ecx    ; i use ebx instead of esi for this bit :)
    xor     ebx, eax
    test    bx, 08000h
    jz      arrgh_signed
    add     eax, eax
    xor     eax, 00001021h
    jmp     arrgh_not_signed
arrgh_signed:
    shl     eax, 01
arrgh_not_signed:
    shl     ecx, 01
    dec     edx
    jnz     arrgh_1
    
    inc     esi
    jmp     value_2_loop
done_value_2:
    add     eax, 063h
    movzx   eax, ax
    mov     word ptr [finalvalue+2], ax
    mov     eax, value_1
    mov     word ptr [finalvalue],ax
    mov     eax, [finalvalue]	; now the two words have been made into a DD
 
convert_values:
    lea 	esi, tempregend-1   ; temp storing place, starting from the end
    mov     edx, 4				; 4 bytes to convert
loopy_hex:
    xor     ebx,ebx
    mov     bl, al
    movzx   ebx, bl
    
    and     bl, 0fh			; clear high 4 bits..
    add     bl, 030h		; add 30h
    cmp     bl, 39h			; compare with ascii '9'
    jle     oki1
    add     bl, 7			; if its > 9, add 7 to make it a ascii letter (A..F/41h..46h)
    mov     byte ptr [esi], bl
    dec     esi
    jmp     hmmm
oki1:
    mov     byte ptr [esi], bl	; save it
    dec     esi					; ready esi for next one
hmmm:
    mov     bl, al
    movzx   ebx, bl
    shr     bl, 04		; get high 4 bits..
    add     bl, 030h
    cmp     bl, 39h		; is it > '9'
    jle     oki2

    add     bl, 7		; make it a letter
    mov     byte ptr [esi], bl
    dec     esi
    jmp     hmmm2
oki2:
    mov     byte ptr [esi], bl	; save it
    dec     esi					; ready esi for next one
hmmm2:
    shr     eax, 08		; ready al with next byte..
    dec     edx
    jnz     loopy_hex


conversion_done:        
    inc esi                  ; point to first digit..(of ascii serial)
    lea edi, regcode         ; where to copy it to
copy_number:
    movsb                    ; copy it, byte by byte
    cmp    byte ptr [esi],0  ; see if we have finished
    jnz copy_number          ; if not, loop
    movsb
 
print_code_into_box_2: 
    push    offset regcode	; ASCii serial
    push    0
    push    WM_SETTEXT		; command
    push    IDD_BOX2		; what box?
    push    hwnd			; dialog handle
    call    SendDlgItemMessageA
    mov 	eax, 1
    jmp 	main_finish		; DONE!


blank_box2:
    push    offset blank2	; oh, less than 1 character
    push    0
    push    WM_SETTEXT
    push    IDD_BOX2
    push    hwnd
    call    SendDlgItemMessageA
    mov 	eax, 1
    jmp 	main_finish

;----------------------------------------------------------------------------------------------

boring:				; boring code, windows stuff
    push    0
    call    GetModuleHandleA
    mov 	[hIce], eax

    mov     [wc.clsStyle], CS_HREDRAW + CS_VREDRAW + CS_GLOBALCLASS
    mov     [wc.clsLpfnWndProc], offset WndProc
    mov     [wc.clsCbClsExtra], 0
    mov     [wc.clsCbWndExtra], 0
	
    mov     eax, [hIce]
    mov     [wc.clsHInstance], eax

    push    0              
    push    offset Main_DlgProc    
    push    0
    push    IDD_DLG
    push    [hIce]
    call    DialogBoxParamA
    jmp     finish

		
Main_DlgProc proc hwnd:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD

    push    ebx
    push    esi
    push    edi

    cmp     [wmsg], WM_COMMAND		; is the message a command?
    jz      main_command
    cmp     [wmsg], WM_INITDIALOG	; has the box been initialised?
    jz      main_init
    cmp     [wmsg], WM_CLOSE		; was close pressed?
    jz      main_dlgdestroy
    mov     eax, 0

main_finish:

    pop     edi
    pop     esi
    pop     ebx
    ret


msg_loop:

    push    0
    push    0
    push    0
    push    offset msg
    call    GetMessageA

    cmp     ax, 0
    jz      end_loop

    push    offset msg
    call    TranslateMessage

    push    offset msg
    call    DispatchMessageA

    jmp     msg_loop

end_loop:

    push    [msg.msWPARAM]
    call    ExitProcess

Main_DlgProc    endp



WndProc proc hwnd:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD
    push    esi
    push    edi
    push    ebx

defwndproc:

    push    [lparam]
    push    [wparam]
    push    [wmsg]
    push    [hwnd]
    call    DefWindowProcA

finish:

    pop     ebx
    pop     edi
    pop     esi
    ret

WndProc          endp



main_abt:			; about messagebox...
    
    push    0
    push    offset caption
    push    offset about
    push    0
    call    MessageBoxA
    mov     eax, 1
    jmp     main_finish

    
main_init:  		; initialise dialog text
    
    push    offset box_1_text
    push    0
    push    WM_SETTEXT
    push    IDD_BOX1
    push    hwnd
    call    SendDlgItemMessageA

    jmp     getit	; getit, get text in box 1, and creates serial from it


main_command:

    cmp		[wparam], IDD_ABT			; about button iD
    jz  	main_abt
    cmp 	word ptr [wparam],IDD_BOX1	; box 1 iD
    jz  	getit
    cmp     [wparam], IDD_EXIT			; quit button iD
    jz      main_dlgdestroy

    mov     eax, 0
    jmp     main_finish
	
main_dlgdestroy:

    call    ExitProcess

End main