DOC

PowerArchiver 2004

By Paula Alexander,2014-08-31 12:07
8 views 0
PowerArchiver 2004

软件名称 PowerArchiver 2004

9.00.33

    版权所有 软件发行商

    软件平台 Win9X WinNT Win2000 WinME 汉化包 WinXP

    整理日期 2004-08-09

    软件授权 共享

     ????

    软件大小 2760 K

    下载次数 49411 (我知道啦,这个肯定是累计下载次数,哈哈)

    软件简介

    相当值得推荐的压缩程序?除了一般压缩与解压缩的功能外?它并可设立密码及分片压缩功能?且支持鼠标右键的快显功能、可立即压缩与解 压缩或制成自动解压缩文件、功能比起WinZip丝毫不逊色。支持ZIPRARCABARJLHAACEARCTARGZZOOXXEUUE等格式。 ---------------------------------------------------

    下载页面 http://dl.pconline.com.cn/html/1/5/dlid=705&dltypeid=1&pn=0&.html ---------------------------------------------------

    fi查看又是Delphi编写的,没有壳哦:>

    od载入,右键搜索->字符参考->找到"Incorrect registration information." 好耶~~找到了这个提示,我们又成功了一半咯:>

    输入注册码:12121221 注册名:hellohill 确定.

    00676343 |> \55 push ebp ; 这里下断点 00676344 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C] ; 假注册码,12121221

    00676347 |. 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; 注册名,hellohill

    0067634A |. E8 E9FEFFFF call POWERARC.00676238 ; 所以这里是key call:>

    0067634F |. 59 pop ecx

    00676350 |. 84C0 test al,al ; /不跳则执行下面代码弹出错误对话框

    00676352 |. 75 69 jnz short POWERARC.006763BD ; \所以上面的call 出来后al必须为非0

    00676354 |. FE05 88F6B900 inc byte ptr ds:[B9F688]

    0067635A |. A1 8CD57300 mov eax,dword ptr ds:[73D58C]

    0067635F |. 8B55 F8 mov edx,dword ptr ss:[ebp-8]

    00676362 |. E8 F5EDD8FF call POWERARC.0040515C

    00676367 |. A1 08CC7300 mov eax,dword ptr ds:[73CC08]

    0067636C |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]

    0067636F |. E8 E8EDD8FF call POWERARC.0040515C

    00676374 |. A1 64CC7300 mov eax,dword ptr ds:[73CC64]

    00676379 |. C600 00 mov byte ptr ds:[eax],0

    0067637C |. A1 E8CE7300 mov eax,dword ptr ds:[73CEE8]

    00676381 |. 8B00 mov eax,dword ptr ds:[eax]

    00676383 |. 8B80 98040000 mov eax,dword ptr ds:[eax+498]

    00676389 |. B2 01 mov dl,1

    0067638B |. E8 901CE7FF call POWERARC.004E8020

    00676390 |. 66:8B0D 78646700 mov cx,word ptr ds:[676478]

    00676397 |. B2 01 mov dl,1

    00676399 |. B8 80646700 mov eax,POWERARC.00676480 ; UNICODE "Incorrect registration information."

    0067639E |. E8 01940500 call POWERARC.006CF7A4

    006763A3 |. 803D 88F6B900 03 cmp byte ptr ds:[B9F688],3

    006763AA |. 0F85 95000000 jnz POWERARC.00676445

    006763B0 |. 8B45 FC mov eax,dword ptr ss:[ebp-4] 006763B3 |. E8 5CC3E2FF call POWERARC.004A2714 006763B8 |. E9 88000000 jmp POWERARC.00676445 006763BD |> A1 E8CE7300 mov eax,dword ptr ds:[73CEE8] 006763C2 |. 8B00 mov eax,dword ptr ds:[eax] 006763C4 |. 8B80 98040000 mov eax,dword ptr ds:[eax+498] 006763CA |. 33D2 xor edx,edx

    ............. 这里省略了一些代码 .............

    00676421 |. EB 07 jmp short POWERARC.0067642A 00676423 |> 33C0 xor eax,eax

    00676425 |. E8 7A470600 call POWERARC.006DABA4 0067642A |> 66:8B0D 78646700 mov cx,word ptr ds:[676478] 00676431 |. B2 02 mov dl,2

    00676433 |. B8 DC656700 mov eax,POWERARC.006765DC ; UNICODE

    "Registration accepted! Thank you.."

    00676438 |. E8 67930500 call POWERARC.006CF7A4 0067643D |. 8B45 FC mov eax,dword ptr ss:[ebp-4] 00676440 |. E8 CFC2E2FF call POWERARC.004A2714 00676445 |> 33C0 xor eax,eax

    00676447 |. 5A pop edx

    00676448 |. 59 pop ecx

    00676449 |. 59 pop ecx

    0067644A |. 64:8910 mov dword ptr fs:[eax],edx 0067644D |. 68 67646700 push POWERARC.00676467 00676452 |> 8D45 F4 lea eax,dword ptr ss:[ebp-C] 00676455 |. BA 02000000 mov edx,2

    0067645A |. E8 CDECD8FF call POWERARC.0040512C 0067645F \. C3 retn

    ================================================================

F70067634A来到这里:>

    00676238 /$ 55 push ebp

    00676239 |. 8BEC mov ebp,esp

    0067623B |. 83C4 F0 add esp,-10

    0067623E |. 33C9 xor ecx,ecx

    00676240 |. 894D F0 mov dword ptr ss:[ebp-10],ecx 00676243 |. 8955 F8 mov dword ptr ss:[ebp-8],edx 00676246 |. 8945 FC mov dword ptr ss:[ebp-4],eax 00676249 |. 8B45 FC mov eax,dword ptr ss:[ebp-4] ; 注册名,

    hellohill

    0067624C |. E8 93F3D8FF call POWERARC.004055E4 00676251 |. 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; 假注册码,

    12121221

    00676254 |. E8 8BF3D8FF call POWERARC.004055E4 00676259 |. 33C0 xor eax,eax

    0067625B |. 55 push ebp

    0067625C |. 68 AC626700 push POWERARC.006762AC 00676261 |. 64:FF30 push dword ptr fs:[eax] 00676264 |. 64:8920 mov dword ptr fs:[eax],esp 00676267 |. 8D55 F0 lea edx,dword ptr ss:[ebp-10] 0067626A |. 8B45 FC mov eax,dword ptr ss:[ebp-4] ; 注册名,

    hellohill

    0067626D |. E8 FA3E0A00 call POWERARC.0071A16C ; 关键call,

    进去看看:>

    00676272 |. 8B55 F0 mov edx,dword ptr ss:[ebp-10] 00676275 |. 8B45 F8 mov eax,dword ptr ss:[ebp-8] 00676278 |. E8 C3F2D8FF call POWERARC.00405540 0067627D |. 75 06 jnz short POWERARC.00676285 0067627F |. C645 F7 01 mov byte ptr ss:[ebp-9],1

    00676283 |. EB 04 jmp short POWERARC.00676289 00676285 |> C645 F7 00 mov byte ptr ss:[ebp-9],0 00676289 |> 33C0 xor eax,eax

    0067628B |. 5A pop edx

    0067628C |. 59 pop ecx

    0067628D |. 59 pop ecx

    0067628E |. 64:8910 mov dword ptr fs:[eax],edx 00676291 |. 68 B3626700 push POWERARC.006762B3 00676296 |> 8D45 F0 lea eax,dword ptr ss:[ebp-10] 00676299 |. E8 6AEED8FF call POWERARC.00405108 0067629E |. 8D45 F8 lea eax,dword ptr ss:[ebp-8] 006762A1 |. BA 02000000 mov edx,2

    006762A6 |. E8 81EED8FF call POWERARC.0040512C 006762AB \. C3 retn

    ================================================================

F70067626D来到这里:>

    0071A16C /$ 55 push ebp

    0071A16D |. 8BEC mov ebp,esp

    0071A16F |. 81C4 B4FDFFFF add esp,-24C

    0071A175 |. 56 push esi

    0071A176 |. 57 push edi

    0071A177 |. 33C9 xor ecx,ecx

    0071A179 |. 898D B8FDFFFF mov dword ptr ss:[ebp-248],ecx 0071A17F |. 898D B4FDFFFF mov dword ptr ss:[ebp-24C],ecx 0071A185 |. 898D C4FDFFFF mov dword ptr ss:[ebp-23C],ecx 0071A18B |. 898D C0FDFFFF mov dword ptr ss:[ebp-240],ecx 0071A191 |. 898D C8FDFFFF mov dword ptr ss:[ebp-238],ecx 0071A197 |. 894D E8 mov dword ptr ss:[ebp-18],ecx 0071A19A |. 8955 F8 mov dword ptr ss:[ebp-8],edx 0071A19D |. 8945 FC mov dword ptr ss:[ebp-4],eax 0071A1A0 |. 8B45 FC mov eax,dword ptr ss:[ebp-4] ; 注册名,

    hellohill

    0071A1A3 |. E8 3CB4CEFF call POWERARC.004055E4 0071A1A8 |. 33C0 xor eax,eax

    0071A1AA |. 55 push ebp

    0071A1AB |. 68 F4A37100 push POWERARC.0071A3F4 0071A1B0 |. 64:FF30 push dword ptr fs:[eax] 0071A1B3 |. 64:8920 mov dword ptr fs:[eax],esp 0071A1B6 |. BE 04A47100 mov esi,POWERARC.0071A404 ; 这里有一字

    符窜"IP-POWERARC"

    0071A1BB |. 8DBD D4FEFFFF lea edi,dword ptr ss:[ebp-12C] 0071A1C1 |. A5 movs dword ptr es:[edi],dword ptr ds:[esi] 0071A1C2 |. A5 movs dword ptr es:[edi],dword ptr ds:[esi] 0071A1C3 |. A5 movs dword ptr es:[edi],dword ptr ds:[esi] 0071A1C4 |. 8D85 D4FDFFFF lea eax,dword ptr ss:[ebp-22C] 0071A1CA |. 8B55 FC mov edx,dword ptr ss:[ebp-4] ; 注册名,

    hellohill

    0071A1CD |. B9 FF000000 mov ecx,0FF

    0071A1D2 |. E8 F9B1CEFF call POWERARC.004053D0 0071A1D7 |. 33C0 xor eax,eax

    0071A1D9 |. 8A85 D4FEFFFF mov al,byte ptr ss:[ebp-12C] 0071A1DF |. 8945 F4 mov dword ptr ss:[ebp-C],eax 0071A1E2 |. 33C0 xor eax,eax

    0071A1E4 |. 8945 F0 mov dword ptr ss:[ebp-10],eax 0071A1E7 |. C745 EC 03140000 mov dword ptr ss:[ebp-14],1403 ; 1403这个

    固定的数放入ss:[ebp-14]

    0071A1EE |. 8D45 E8 lea eax,dword ptr ss:[ebp-18] 0071A1F1 |. 50 push eax

0071A1F2 |. 8B45 EC mov eax,dword ptr ss:[ebp-14]

    0071A1F5 |. 8985 CCFDFFFF mov dword ptr ss:[ebp-234],eax 0071A1FB |. C685 D0FDFFFF 00 mov byte ptr ss:[ebp-230],0 0071A202 |. 8D95 CCFDFFFF lea edx,dword ptr ss:[ebp-234] 0071A208 |. 33C9 xor ecx,ecx 0071A20A |. B8 18A47100 mov eax,POWERARC.0071A418 0071A20F |. E8 1028CFFF call POWERARC.0040CA24

    0071A214 |. 33C0 xor eax,eax

    0071A216 |. 8A85 D4FDFFFF mov al,byte ptr ss:[ebp-22C]

    0071A21C |. 85C0 test eax,eax

    0071A21E |. 0F8E 8A000000 jle POWERARC.0071A2AE

    0071A224 |. 8945 D4 mov dword ptr ss:[ebp-2C],eax

    0071A227 |. C745 E4 01000000 mov dword ptr ss:[ebp-1C],1

    0071A22E |> 8B45 E4 /mov eax,dword ptr ss:[ebp-1C] ; 一个大的循

    0071A231 |. 0FB68405 D4FDFFFF |movzx eax,byte ptr ss:[ebp+eax-22C] ; 依次取出hellohill放入eax

    0071A239 |. 0345 EC |add eax,dword ptr ss:[ebp-14] ; eax加上ss:[ebp-14](初始值为1403)

    0071A23C |. B9 FF000000 |mov

    ecx,0FF ; ecx=000000FF

    0071A241 |. 99 |cdq

    0071A242 |. F7F9 |idiv ecx ; eax/ecx 0071A244 |. 8955 DC |mov dword ptr ss:[ebp-24],edx ; 存入上面除法的余数

    0071A247 |. 8B45 F0 |mov eax,dword ptr ss:[ebp-10] ; 计数器ss:[ebp-10],初始值为0

    0071A24A |. 3B45 F4 |cmp eax,dword ptr ss:[ebp-C] ; /ss:[ebp-c]=B(循环11)

    0071A24D |. 7D 05 |jge short POWERARC.0071A254 ; | 0071A24F |. FF45 F0 |inc dword ptr ss:[ebp-10] ; |计数器ss:[ebp-10]加一

    0071A252 |. EB 07 |jmp short POWERARC.0071A25B ; | 0071A254 |> C745 F0 01000000 |mov dword ptr ss:[ebp-10],1 ; \若是计数器ss:[ebp-10]超过11着置为1

    0071A25B |> 8B45 F0 |mov eax,dword ptr ss:[ebp-10]

    0071A25E |. 0FB68405 D4FEFFFF |movzx eax,byte ptr ss:[ebp+eax-12C] ; 依次取IP-POWERARC(11),知道为什么要计数11次了:>

    0071A266 |. 3145 DC |xor dword ptr ss:[ebp-24],eax ; IP-POWERARC取到的Ascii码值和上面的余数异或

    0071A269 |. 8D85 C8FDFFFF |lea eax,dword ptr ss:[ebp-238]

    0071A26F |. 50 |push eax

    0071A270 |. 8B45 DC |mov eax,dword ptr ss:[ebp-24] 0071A273 |. 8985 CCFDFFFF |mov dword ptr ss:[ebp-234],eax 0071A279 |. C685 D0FDFFFF 00 |mov byte ptr ss:[ebp-230],0 0071A280 |. 8D95 CCFDFFFF |lea edx,dword ptr ss:[ebp-234]

    0071A286 |. 33C9 |xor ecx,ecx 0071A288 |. B8 18A47100 |mov eax,POWERARC.0071A418 0071A28D |. E8 9227CFFF |call POWERARC.0040CA24 0071A292 |. 8B95 C8FDFFFF |mov edx,dword ptr ss:[ebp-238] 0071A298 |. 8D45 E8 |lea eax,dword ptr ss:[ebp-18]

    0071A29B |. E8 5CB1CEFF |call POWERARC.004053FC

    0071A2A0 |. 8B45 DC |mov eax,dword ptr ss:[ebp-24] ; /依次存入上面异或的结果参加下次循环

    0071A2A3 |. 8945 EC |mov dword ptr ss:[ebp-14],eax ; \36 CB 15 D1 0E 21 CF 6E 9B (9)

    0071A2A6 |. FF45 E4 |inc dword ptr ss:[ebp-1C] ; 假注册码 hellohill 前进一位

    0071A2A9 |. FF4D D4 |dec dword ptr ss:[ebp-2C] ; 假注册码的

长度 9 依次减一

    0071A2AC |.^ 75 80 \jnz short POWERARC.0071A22E ; 这里带着假注册码的下一位返回上面的循环入口

    0071A2AE |> 8B45 E8 mov eax,dword ptr ss:[ebp-18] ; 9次异或结果连接在1403: 140336CB15D10E21CF6E9B

    0071A2B1 |. E8 3EB1CEFF call POWERARC.004053F4

    0071A2B6 |. 85C0 test eax,eax ; eax=16 符窜 140336CB15D10E21CF6E9B 的长度

    0071A2B8 |. 79 03 jns short POWERARC.0071A2BD

    0071A2BA |. 83C0 03 add eax,3

    0071A2BD |> C1F8 02 sar eax,2 ; /右移2 16->5

    0071A2C0 |. 8945 E0 mov dword ptr ss:[ebp-20],eax ; \这个是下面取注册码的基数

    0071A2C3 |. C685 D4FDFFFF 00 mov byte ptr ss:[ebp-22C],0

    0071A2CA |. C745 D8 01000000 mov dword ptr ss:[ebp-28],1 ; 初始值为1,这个变量用来控制循环和取注册码用的:>

    0071A2D1 |> 8D85 C4FDFFFF /lea eax,dword ptr ss:[ebp-23C]

    0071A2D7 |. 8D95 D4FDFFFF |lea edx,dword ptr ss:[ebp-22C]

    0071A2DD |. E8 9AB0CEFF |call POWERARC.0040537C

    0071A2E2 |. 8D85 C4FDFFFF |lea eax,dword ptr ss:[ebp-23C]

    0071A2E8 |. 50 |push eax

    0071A2E9 |. 8D85 BCFDFFFF |lea eax,dword ptr ss:[ebp-244]

    0071A2EF |. 8B55 D8 |mov edx,dword ptr ss:[ebp-28] ; /变量 * ,用来取注册码:>

    0071A2F2 |. 0FAF55 E0 |imul edx,dword ptr ss:[ebp-20] ; \ss:[ebp-28] * ss:[ebp-28]

    0071A2F6 |. 8B4D E8 |mov ecx,dword ptr ss:[ebp-18] ; (ASCII "140336CB15D10E21CF6E9B"

    0071A2F9 |. 8A5411 FF |mov dl,byte ptr ds:[ecx+edx-1] ; 从上面字符窜取出注册码,分别取了 3->5->2->E

    0071A2FD |. 8850 01 |mov byte ptr ds:[eax+1],dl

    0071A300 |. C600 01 |mov byte ptr ds:[eax],1

    0071A303 |. 8D95 BCFDFFFF |lea edx,dword ptr ss:[ebp-244]

    0071A309 |. 8D85 C0FDFFFF |lea eax,dword ptr ss:[ebp-240] 0071A30F |. E8 68B0CEFF |call POWERARC.0040537C

    0071A314 |. 8B95 C0FDFFFF |mov edx,dword ptr ss:[ebp-240] 0071A31A |. 58 |pop eax

    0071A31B |. E8 DCB0CEFF |call POWERARC.004053FC

    0071A320 |. 8B95 C4FDFFFF |mov edx,dword ptr ss:[ebp-23C]

    0071A326 |. 8D85 D4FDFFFF |lea eax,dword ptr ss:[ebp-22C]

    0071A32C |. B9 FF000000 |mov ecx,0FF

    0071A331 |. E8 9AB0CEFF |call POWERARC.004053D0

    0071A336 |. 8D85 B8FDFFFF |lea eax,dword ptr ss:[ebp-248]

    0071A33C |. 8D95 D4FDFFFF |lea edx,dword ptr ss:[ebp-22C]

    0071A342 |. E8 35B0CEFF |call POWERARC.0040537C

    0071A347 |. 8D85 B8FDFFFF |lea eax,dword ptr ss:[ebp-248]

    0071A34D |. 50 |push eax

    0071A34E |. 8D85 BCFDFFFF |lea eax,dword ptr ss:[ebp-244]

    0071A354 |. 8B55 D8 |mov edx,dword ptr ss:[ebp-28] ; /变量 * ,用来取注册码:>

    0071A357 |. 0FAF55 E0 |imul edx,dword ptr ss:[ebp-20] ; \ss:[ebp-28] * ss:[ebp-28]

    0071A35B |. 8B4D E8 |mov ecx,dword ptr ss:[ebp-18] ; (ASCII "140336CB15D10E21CF6E9B"

    0071A35E |. 8A5411 FE |mov dl,byte ptr ds:[ecx+edx-2] ; 从上面字符

窜取出注册码,分别取了 3->1->E->6

    0071A362 |. 8850 01 |mov byte ptr ds:[eax+1],dl 0071A365 |. C600 01 |mov byte ptr ds:[eax],1 0071A368 |. 8D95 BCFDFFFF |lea edx,dword ptr ss:[ebp-244] 0071A36E |. 8D85 B4FDFFFF |lea eax,dword ptr ss:[ebp-24C] 0071A374 |. E8 03B0CEFF |call POWERARC.0040537C 0071A379 |. 8B95 B4FDFFFF |mov edx,dword ptr ss:[ebp-24C] 0071A37F |. 58 |pop eax

    0071A380 |. E8 77B0CEFF |call POWERARC.004053FC 0071A385 |. 8B95 B8FDFFFF |mov edx,dword ptr ss:[ebp-248] 0071A38B |. 8D85 D4FDFFFF |lea eax,dword ptr ss:[ebp-22C] 0071A391 |. B9 FF000000 |mov ecx,0FF

    0071A396 |. E8 35B0CEFF |call POWERARC.004053D0 0071A39B |. FF45 D8 |inc dword ptr ss:[ebp-28] ; /ss:[ebp-

    28]加一并和5比较

    0071A39E |. 837D D8 05 |cmp dword ptr ss:[ebp-28],5 ; \ 0071A3A2 |.^ 0F85 29FFFFFF \jnz POWERARC.0071A2D1 ; 返回到循环

    入口

    0071A3A8 |. 8B45 F8 mov eax,dword ptr ss:[ebp-8] 0071A3AB |. 8D95 D4FDFFFF lea edx,dword ptr ss:[ebp-22C] 0071A3B1 |. E8 C6AFCEFF call POWERARC.0040537C 0071A3B6 |. 33C0 xor eax,eax

    0071A3B8 |. 5A pop edx

    0071A3B9 |. 59 pop ecx

    0071A3BA |. 59 pop ecx

    0071A3BB |. 64:8910 mov dword ptr fs:[eax],edx 0071A3BE |. 68 FBA37100 push POWERARC.0071A3FB 0071A3C3 |> 8D85 B4FDFFFF lea eax,dword ptr ss:[ebp-24C] 0071A3C9 |. BA 02000000 mov edx,2

    0071A3CE |. E8 59ADCEFF call POWERARC.0040512C 0071A3D3 |. 8D85 C0FDFFFF lea eax,dword ptr ss:[ebp-240] 0071A3D9 |. BA 03000000 mov edx,3

    0071A3DE |. E8 49ADCEFF call POWERARC.0040512C 0071A3E3 |. 8D45 E8 lea eax,dword ptr ss:[ebp-18] 0071A3E6 |. E8 1DADCEFF call POWERARC.00405108 0071A3EB |. 8D45 FC lea eax,dword ptr ss:[ebp-4] 0071A3EE |. E8 15ADCEFF call POWERARC.00405108 0071A3F3 \. C3 retn

    ================================================================

    哈哈,终于跟到注册码啦,注册名:hellohill 注册码:33512EE6

总结:

    假设中间变量有: X(初始值1403), Y, Z, M(初始值1403)

1. (依次取出注册名hellohill)+X->Y

    2. (Y/00FF)的余数->Z

    3. Z xor (依次取出字符窜IP-POWERARC)->X

    4. X接在M后面->M

    5. 注册名hellohill取完则6,否则返回1继续循环

    6. 得出一字符串,暂称为密文,注册码就在这里面取出的:>

下面我们从密文中选出注册码啦

1. 计算出密文长度L

    2. (L/2)/2 取整-> Key

    3. 依次取出密文中 (Key*1key*1-1),(Key*2key*2-1),(Key*3key*3-1),(Key*4

    key*4-1) 位置上的字符来组成注册码:>

    我是小小菜鸟,请各位指导不足之处,谢谢大家能抽出时间来看我的文章!! ================================================================

在论坛上看了好多文章,收获很多,

    再次感谢DFCG给我一个作贡献的机会:>

    ================================================================

Report this document

For any questions or suggestions please email
cust-service@docsford.com