算法分析适配OSX10.10

影音卫士2003全能版的破戒算法分析

首发日期：2024-05-14 06:26

360安全卫士Mac版发布V1.1.0版，时隔半年之后终于再次发版，不仅新增联网云查杀功能，并适配OS X Yosemite，界面风格清新化。V1.1.0版主打病毒克星，配合六大功能全面保护Mac用户的上网安全。相比PC端复杂的选项和功能，360安全卫士Mac版更加简洁清新。

工具：oll/ w32dasm下载地址：URLhttp://www.skycn.com/download.php?id=7581&url=http://gdhttp.skycn.net/down/MgxpPro.exe

说明：

此软件的算法不难，就是在注册上有一些新的花样，若有注册成功的，请不要向外传播！！！

安装好软件后，你打开c:\windows\regmg.cfg可看见：44604/%SQWRR#[[RTPO5".1TZ[将/%SQWRR#[[RTPO5".1TZ[的每一位xor 62得到MG13500Ap99062-Wyu@LS689 注意第一个的ASCI=12 第二个的ASCI=1B 第三个的ASCI=1744604是 MG13500Ap99062-Wyu@LS689经过运算后得到的十进制数字分析如下：

:0048FA8C 8D4C2418 lea ecx, dword ptr [esp+18] ecx=2448:0048FA90 51 push ecx:0048FA91 8D8E10060000 lea ecx, dword ptr [esi+00000610]

* Reference To: MFC42.Ordinal:0F22, Ord:0F22h |:0048FA97 E8F8D60000 Call 0049D194:0048FA9C 8B542418 mov edx, dword ptr [esp+18] edx=2448MG13500Ap99062-Wyu@LS689:0048FAA0 8B4C241C mov ecx, dword ptr [esp+1C] ecx=2448:0048FAA4 8B42F8 mov eax, dword ptr [edx-08] eax=1C (注册码长度）:0048FAA7 8B51F8 mov edx, dword ptr [ecx-08] EDX=4 （姓名长度）:0048FAAA 3BC2 cmp eax, edx:0048FAAC 7F0C jg 0048FABA一定要跳转呀（注册码长度一定要大于姓名的长度）:0048FAAE 8BCE mov ecx, esi

* Reference To: MFC42.Ordinal:12F5, Ord:12F5h |:0048FAB0 E859D80000 Call 0049D30E:0048FAB5 E949070000 jmp 00490203

* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:0048FAAC(C)|:0048FABA 8D4C2428 lea ecx, dword ptr [esp+28]（跳转到这里）

* Reference To: MFC42.Ordinal:021C, Ord:021Ch |:0048FABE E8D7D60000 Call 0049D19A:0048FAC3 8D542418 lea edx, dword ptr [esp+18]:0048FAC7 8D4C2428 lea ecx, dword ptr [esp+28]:0048FACB 52 push edx:0048FACC C68424A003010002 mov byte ptr [esp+000103A0], 02

* Reference To: MFC42.Ordinal:035A, Ord:035Ah |:0048FAD4 E811D80000 Call 0049D2EA:0048FAD9 8B442418 mov eax, dword ptr [esp+18]eax=2448MG13500Ap99062-Wyu@LS689:0048FADD 8B4C241C mov ecx, dword ptr [esp+1C] ecx=2448:0048FAE1 8D542414 lea edx, dword ptr [esp+14] :0048FAE5 8B40F8 mov eax, dword ptr [eax-08] eax=1c:0048FAE8 8B59F8 mov ebx, dword ptr [ecx-08] ebx=4:0048FAEB 2BC3 sub eax, ebx eax=18:0048FAED 8D4C2418 lea ecx, dword ptr [esp+18] :0048FAF1 50 push eax:0048FAF2 52 push edx

* Reference To: MFC42.Ordinal:164E, Ord:164Eh |:0048FAF3 E85ED80000 Call 0049D356:0048FAF8 50 push eax:0048FAF9 8D4C241C lea ecx, dword ptr [esp+1C]:0048FAFD C68424A003010003 mov byte ptr [esp+000103A0], 03

* Reference To: MFC42.Ordinal:035A, Ord:035Ah |:0048FB05 E8E0D70000 Call 0049D2EA:0048FB0A 8D4C2414 lea ecx, dword ptr [esp+14]:0048FB0E C684249C03010002 mov byte ptr [esp+0001039C], 02

* Reference To: MFC42.Ordinal:0320, Ord:0320h |:0048FB16 E861D60000 Call 0049D17C:0048FB1B 8B44241C mov eax, dword ptr [esp+1C]:0048FB1F 8D4C2410 lea ecx, dword ptr [esp+10]:0048FB23 8B40F8 mov eax, dword ptr [eax-08] eax=4:0048FB26 50 push eax:0048FB27 51 push ecx:0048FB28 8D4C2430 lea ecx, dword ptr [esp+30]

* Reference To: MFC42.Ordinal:1021, Ord:1021h |:0048FB2C E8BFD70000 Call 0049D2F0:0048FB31 8D54241C lea edx, dword ptr [esp+1C]:0048FB35 C684249C03010004 mov byte ptr [esp+0001039C], 04:0048FB3D 52 push edx:0048FB3E 50 push eax:0048FB3F 8D44241C lea eax, dword ptr [esp+1C]:0048FB43 50 push eax

* Reference To: MFC42.Ordinal:039A, Ord:039Ah |:0048FB44 E89BDA0000 Call 0049D5E4:0048FB49 50 push eax:0048FB4A 8D4C242C lea ecx, dword ptr [esp+2C]:0048FB4E C68424A003010005 mov byte ptr [esp+000103A0], 05

* Reference To: MFC42.Ordinal:035A, Ord:035Ah |:0048FB56 E88FD70000 Call 0049D2EA:0048FB5B 8D4C2414 lea ecx, dword ptr [esp+14]:0048FB5F C684249C03010004 mov byte ptr [esp+0001039C], 04

* Reference To: MFC42.Ordinal:0320, Ord:0320h |:0048FB67 E810D60000 Call 0049D17C:0048FB6C 8D4C2410 lea ecx, dword ptr [esp+10]:0048FB70 C684249C03010002 mov byte ptr [esp+0001039C], 02

* Reference To: MFC42.Ordinal:0320, Ord:0320h |:0048FB78 E8FFD50000 Call 0049D17C:0048FB7D 8B4C2418 mov ecx, dword ptr [esp+18] ecx=2448MG13500Ap99062-Wyu@LS689:0048FB81 8D942494030000 lea edx, dword ptr [esp+00000394]:0048FB88 51 push ecx

* Possible StringData Ref from Data Obj ->"%s" |:0048FB89 6808044C00 push 004C0408 004C0408 =%s:0048FB8E 52 push edx

* Reference To: MSVCRT.sprintf, Ord:02B2h |:0048FB8F FF1574C84A00 Call dword ptr [004AC874]:0048FB95 8A8424A0030000 mov al, byte ptr [esp+000003A0]:0048FB9C 83C40C add esp, 0000000C:0048FB9F 33D2 xor edx, edx:0048FBA1 84C0 test al, al:0048FBA3 89542414 mov dword ptr [esp+14], edx:0048FBA7 7418 je 0048FBC1:0048FBA9 8D8C2494030000 lea ecx, dword ptr [esp+00000394]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:0048FBBB(C)|:0048FBB0 0FBEC0 movsx eax, al:0048FBB3 03D0 add edx, eax edx初始数字为0edx=640:0048FBB5 8A4101 mov al, byte ptr [ecx+01]（取MG13500Ap99062-Wyu@LS689的每一位）:0048FBB8 41 inc ecx:0048FBB9 84C0 test al, al:0048FBBB 75F3 jne 0048FBB0 (取位完了确认）:0048FBBD 89542414 mov dword ptr [esp+14], edx edx=640[esp+14]=640

* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:0048FBA7(C)|:0048FBC1 8B4C2418 mov ecx, dword ptr [esp+18] ecx=MG13500Ap99062-Wyu@LS689:0048FBC5 33FF xor edi, edi edi=0:0048FBC7 8B41F8 mov eax, dword ptr [ecx-08]eax=18 (MG13500Ap99062-Wyu@LS689的长度）:0048FBCA 99 cdqedx=0:0048FBCB 2BC2 sub eax, edx eax=18:0048FBCD D1F8 sar eax, 1 右移动一位eax=c:0048FBCF 8A1C08 mov bl, byte ptr [eax+ecx] 取ecx的第c位即bl=(6)36:0048FBD2 33C0 xor eax, eax eax=0

* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:0048FBEC(C)|:0048FBD4 8A8C0494030000 mov cl, byte ptr [esp+eax+00000394] （对MG13500Ap99062-Wyu@LS689进行选择取）位:0048FBDB 84C9 test cl, clcl=M(4D):0048FBDD 740F je 0048FBEE (取位完了就跳转）:0048FBDF 0FBEC9 movsx ecx, cl:0048FBE2 83C002 add eax, 00000002eax=eax+2 (即取位的原则是第0位，第二位，第四位－－－－）:0048FBE5 03F9 add edi, ecx edi=333:0048FBE7 3DFFFF0000 cmp eax, 0000FFFF:0048FBEC 7CE6 jl 0048FBD4eax"%ld" |:0048FC13 681C184C00 push 004C181C:0048FC18 50 push eax:0048FC19 C68424A803010006 mov byte ptr [esp+000103A8], 06

* Reference To: MFC42.Ordinal:0B02, Ord:0B02h |:0048FC21 E83AD60000 Call 0049D260 将esi=ae3c转换撑十进制＝44604:0048FC26 83C40C add esp, 0000000C :0048FC29 8D4C2418 lea ecx, dword ptr [esp+18]:0048FC2D 51 push ecx:0048FC2E 8D4C2430 lea ecx, dword ptr [esp+30]

* Reference To: MFC42.Ordinal:0217, Ord:0217h |:0048FC32 E8A7D60000 Call 0049D2DE:0048FC37 8B44242C mov eax, dword ptr [esp+2C]:0048FC3B 33F6 xor esi, esi:0048FC3D C684249C03010007 mov byte ptr [esp+0001039C], 07:0048FC45 3968F8 cmp dword ptr [eax-08], ebp:0048FC48 7E1A jle 0048FC64

* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:0048FC62(C)|:0048FC4A 8A0430 mov al, byte ptr [eax+esi] 取MG13500Ap99062-Wyu@LS689的每一位:0048FC4D 8D4C242C lea ecx, dword ptr [esp+2C]:0048FC51 3462 xor al, 62每一位xor 62:0048FC53 50 push eax :0048FC54 56 push esi

* Reference To: MFC42.Ordinal:16E0, Ord:16E0h |:0048FC55 E8BAD90000 Call 0049D614 将每一位xor 62得到的结果转换成字符:0048FC5A 8B44242C mov eax, dword ptr [esp+2C]eax=/%SQWRR#[[RTPO5".1TZ[:0048FC5E 46 inc esi:0048FC5F 3B70F8 cmp esi, dword ptr [eax-08]:0048FC62 7CE6 jl 0048FC4A

* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:0048FC48(C)|:0048FC64 8D54242C lea edx, dword ptr [esp+2C]:0048FC68 8D442430 lea eax, dword ptr [esp+30]:0048FC6C 52 push edx:0048FC6D 8D4C2444 lea ecx, dword ptr [esp+44]:0048FC71 50 push eax:0048FC72 51 push ecx

* Reference To: MFC42.Ordinal:039A, Ord:039Ah |:0048FC73 E86CD90000 Call 0049D5E4:0048FC78 55 push ebp:0048FC79 8D542460 lea edx, dword ptr [esp+60]:0048FC7D 55 push ebp:0048FC7E 8D442468 lea eax, dword ptr [esp+68]:0048FC82 52 push edx:0048FC83 8D4C2464 lea ecx, dword ptr [esp+64]:0048FC87 50 push eax:0048FC88 51 push ecx:0048FC89 8D9424A8020000 lea edx, dword ptr [esp+000002A8]

* Possible Reference to String Resource ID=00255: *妍?N(!" |:0048FC90 68FF000000 push 000000FF:0048FC95 52 push edx

* Possible StringData Ref from Data Obj ->"c:\" |:0048FC96 6820184C00 push 004C1820:0048FC9B C68424BC03010008 mov byte ptr [esp+000103BC], 08

* Reference To: KERNEL32.GetVolumeInformationA, Ord:0177h |:0048FCA3 FF15C4C14A00 Call dword ptr [004AC1C4]:0048FCA9 8B442458 mov eax, dword ptr [esp+58]:0048FCAD 8B4C243C mov ecx, dword ptr [esp+3C]:0048FCB1 50 push eax:0048FCB2 E829060000 call 004902E0:0048FCB7 8D4C2438 lea ecx, dword ptr [esp+38]:0048FCBB 8BF0 mov esi, eax

* Reference To: MFC42.Ordinal:021C, Ord:021Ch |:0048FCBD E8D8D40000 Call 0049D19A:0048FCC2 56 push esi:0048FCC3 8D4C243C lea ecx, dword ptr [esp+3C]

* Possible StringData Ref from Data Obj ->"%ld" |:0048FCC7 681C184C00 push 004C181C:0048FCCC 51 push ecx:0048FCCD C68424A803010009 mov byte ptr [esp+000103A8], 09

* Reference To: MFC42.Ordinal:0B02, Ord:0B02h |:0048FCD5 E886D50000 Call 0049D260ecx=2448(软件得到的注册名）你的注册名不是2448,你也可以注册成功，但是在后面的软件进行有比对，不否则你不能用软件的定时提醒）

:0048FCDA 83C40C add esp, 0000000C:0048FCDD 8D4C2448 lea ecx, dword ptr [esp+48]

* Reference To: MFC42.Ordinal:0162, Ord:0162h |:0048FCE1 E810D90000 Call 0049D5F6:0048FCE6 668B15DC394C00 mov dx, word ptr [004C39DC]:0048FCED B940000000 mov ecx, 00000040:0048FCF2 33C0 xor eax, eax:0048FCF4 8D7C2466 lea edi, dword ptr [esp+66]:0048FCF8 6689542464 mov word ptr [esp+64], dx

* Possible Reference to String Resource ID=00260: 婼" |:0048FCFD 6804010000 push 00000104:0048FD02 F3 repz:0048FD03 AB stosd:0048FD04 66AB stosw:0048FD06 8D442468 lea eax, dword ptr [esp+68]:0048FD0A C68424A00301000A mov byte ptr [esp+000103A0], 0A:0048FD12 50 push eax

* Reference To: KERNEL32.GetWindowsDirectoryA, Ord:017Dh |:0048FD13 FF15CCC14A00 Call dword ptr [004AC1CC]:0048FD19 8D4C2464 lea ecx, dword ptr [esp+64]:0048FD1D 51 push ecx:0048FD1E 8D4C2414 lea ecx, dword ptr [esp+14]

* Reference To: MFC42.Ordinal:0219, Ord:0219h |:0048FD22 E8E1D50000 Call 0049D308

* Possible StringData Ref from Data Obj ->"\regmg.cfg" |:0048FD27 6800184C00 push 004C1800:0048FD2C 8D542418 lea edx, dword ptr [esp+18]:0048FD30 50 push eax:0048FD31 52 push edx:0048FD32 C68424A80301000B mov byte ptr [esp+000103A8], 0B

* Reference To: MFC42.Ordinal:039C, Ord:039Ch |:0048FD3A E899D50000 Call 0049D2D8:0048FD3F 8B00 mov eax, dword ptr [eax]:0048FD41 55 push ebp:0048FD42 55 push ebp:0048FD43 50 push eax:0048FD44 8D4C2454 lea ecx, dword ptr [esp+54]:0048FD48 C68424A80301000C mov byte ptr [esp+000103A8], 0C

* Reference To: MFC42.Ordinal:1442, Ord:1442h |:0048FD50 E89BD80000 Call 0049D5F0:0048FD55 85C0 test eax, eax:0048FD57 8D4C2414 lea ecx, dword ptr [esp+14]:0048FD5B C684249C0301000B mov byte ptr [esp+0001039C], 0B:0048FD63 0F94C3 sete bl

* Reference To: MFC42.Ordinal:0320, Ord:0320h |:0048FD66 E811D40000 Call 0049D17C:0048FD6B 8D4C2410 lea ecx, dword ptr [esp+10]:0048FD6F C684249C0301000A mov byte ptr [esp+0001039C], 0A

* Reference To: MFC42.Ordinal:0320, Ord:0320h |:0048FD77 E800D40000 Call 0049D17C:0048FD7C 84DB test bl, bl:0048FD7E 747A je 0048FDFA:0048FD80 8D4C2420 lea ecx, dword ptr [esp+20]

* Reference To: MFC42.Ordinal:021C, Ord:021Ch |:0048FD84 E811D40000 Call 0049D19A:0048FD89 B30D mov bl, 0D:0048FD8B 8D4C2434 lea ecx, dword ptr [esp+34]:0048FD8F 889C249C030100 mov byte ptr [esp+0001039C], bl

* Reference To: MFC42.Ordinal:021C, Ord:021Ch |:0048FD96 E8FFD30000 Call 0049D19A

* Possible Reference to String Resource ID=00664: `勮尷K圅"1_O`舺桶 }錹?&嗾鑼?宼H," |:0048FD9B 6898020000 push 00000298:0048FDA0 8D4C2424 lea ecx, dword ptr [esp+24]:0048FDA4 C68424A00301000E mov byte ptr [esp+000103A0], 0E

* Reference To: MFC42.Ordinal:1040, Ord:1040h |:0048FDAC E869D50000 Call 0049D31A

* Possible Reference to String Resource ID=00665: q髃?003---鑼1%" |:0048FDB1 6899020000 push 00000299:0048FDB6 8D4C2438 lea ecx, dword ptr [esp+38]

* Reference To: MFC42.Ordinal:1040, Ord:1040h |:0048FDBA E85BD50000 Call 0049D31A:0048FDBF 8B442434 mov eax, dword ptr [esp+34]:0048FDC3 8B4C2420 mov ecx, dword ptr [esp+20]:0048FDC7 6A10 push 00000010:0048FDC9 50 push eax:0048FDCA 51 push ecx:0048FDCB 8B4C2448 mov ecx, dword ptr [esp+48]

* Reference To: MFC42.Ordinal:1080, Ord:1080h |:0048FDCF E840D50000 Call 0049D314:0048FDD4 8D4C2434 lea ecx, dword ptr [esp+34]:0048FDD8 889C249C030100 mov byte ptr [esp+0001039C], bl

* Reference To: MFC42.Ordinal:0320, Ord:0320h |:0048FDDF E898D30000 Call 0049D17C:0048FDE4 8D4C2420 lea ecx, dword ptr [esp+20]:0048FDE8 C684249C0301000A mov byte ptr [esp+0001039C], 0A

* Reference To: MFC42.Ordinal:0320, Ord:0320h |:0048FDF0 E887D30000 Call 0049D17C:0048FDF5 E9A3030000 jmp 0049019D

* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:0048FD7E(C)|:0048FDFA 8D942468010000 lea edx, dword ptr [esp+00000168]

* Possible Reference to String Resource ID=00300: 寻v-" |:0048FE01 682C010000 push 0000012C:0048FE06 52 push edx:0048FE07 8D4C2450 lea ecx, dword ptr [esp+50]

* Reference To: MFC42.Ordinal:1542, Ord:1542h |:0048FE0B E80AD80000 Call 0049D61A:0048FE10 8D4C2448 lea ecx, dword ptr [esp+48]

* Reference To: MFC42.Ordinal:07BB, Ord:07BBh |:0048FE14 E807D80000 Call 0049D620:0048FE19 8D842468010000 lea eax, dword ptr [esp+00000168]:0048FE20 8D4C2414 lea ecx, dword ptr [esp+14]:0048FE24 50 push eax

* Reference To: MFC42.Ordinal:0219, Ord:0219h |:0048FE25 E8DED40000 Call 0049D308:0048FE2A 8B30 mov esi, dword ptr [eax]:0048FE2C 8B442440 mov eax, dword ptr [esp+40]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:0048FE52(C)|:0048FE30 8A10 mov dl, byte ptr [eax] eax=前面得到的44604与MG13500Ap99062-Wyu@LS689运算得到/%SQWRR#[[RTPO5".1TZ[的组合---1 :0048FE32 8A1E mov bl, byte ptr [esi] （ esi=c:\windows\regmg.cfg文件你的内容即44604/%SQWRR#[[RTPO5".1TZ[ ）----2在这里你可以看见三个的数字是不一样的！！:0048FE34 8ACA mov cl, dl比较－－1和－－－2的每一位（全部相等就调到0048FE54):0048FE36 3AD3 cmp dl, bl:0048FE38 751E jne 0048FE58:0048FE3A 84C9 test cl, cl:0048FE3C 7416 je 0048FE54:0048FE3E 8A5001 mov dl, byte ptr [eax+01]:0048FE41 8A5E01 mov bl, byte ptr [esi+01]:0048FE44 8ACA mov cl, dl:0048FE46 3AD3 cmp dl, bl:0048FE48 750E jne 0048FE58:0048FE4A 83C002 add eax, 00000002:0048FE4D 83C602 add esi, 00000002:0048FE50 84C9 test cl, cl:0048FE52 75DC jne 0048FE30

* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:0048FE3C(C)|:0048FE54 33C0 xor eax, eax（调到这里，好了eax=0):0048FE56 EB05 jmp 0048FE5D

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:|:0048FE38(C), :0048FE48(C)|:0048FE58 1BC0 sbb eax, eax:0048FE5A 83D8FF sbb eax, FFFFFFFF

* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:0048FE56(U)|:0048FE5D 3BC5 cmp eax, ebp eax=ebp=0:0048FE5F 8D4C2414 lea ecx, dword ptr [esp+14]:0048FE63 0F94C3 sete bl (b1=1好东西）

* Reference To: MFC42.Ordinal:0320, Ord:0320h |:0048FE66 E811D30000 Call 0049D17C:0048FE6B 84DB test bl, bl（b1=1哟，看看不跳了，注册ok):0048FE6D 0F8421030000 je 00490194

* Possible StringData Ref from Data Obj ->"软注支件持册" |:0048FE73 68E8174C00 push 004C17E8:0048FE78 B9683B5000 mov ecx, 00503B68

* Reference To: MFC42.Ordinal:035C, Ord:035Ch |:0048FE7D E8B6D40000 Call 0049D338:0048FE82 8D442464 lea eax, dword ptr [esp+64]:0048FE86 8D4C2424 lea ecx, dword ptr [esp+24]:0048FE8A 50 push eax

* Reference To: MFC42.Ordinal:0219, Ord:0219h |:0048FE8B E878D40000 Call 0049D308

* Possible StringData Ref from Data Obj ->"\regmg.cfg" |:0048FE90 6800184C00 push 004C1800:0048FE95 8D4C2414 lea ecx, dword ptr [esp+14]:0048FE99 B30F mov bl, 0F:0048FE9B 50 push eax:0048FE9C 51 push ecx:0048FE9D 889C24A8030100 mov byte ptr [esp+000103A8], bl

注册完了后把c:\windows\regmg.cfg的内容改成04460 即把44604/%SQWRR#[[RTPO5".1TZ[取前面的四位，并在前面加0在软件退出后在起动时会读c:\windows\regmg.cfg的内容是否是04460若不是你还是注册不成功！！

专题文集：破解文章 windows
引用标题：《算法分析适配OSX10.10》
来源地址：https://www.xjanfang.cn/news/tpart-21314.html

算法分析适配OSX10.10

萌喵大作战

壁纸大全精选

MIX壁纸大全

豹壁纸

安卓精美手机壁纸合集(168张)

B格壁纸

安卓透明主题插件大集合

弹壳特攻队

欢乐三国杀

蛋仔派对

小镇消除故事

长安幻想

云顶之弈手机版

心动搭搭

算法分析 适配OSX10.10

windows资讯推荐

windowsAPP推荐

算法分析适配OSX10.10