Exeinfo查壳,发现是Dev-c++程序
字符串搜索引擎,分析这里的关键代码。
有一个00401390的关键call
总结:
算法其实就是通过GetVersionExA获取一些系统版本信息,根据下面注册机进行一些简单算法。
KeyGen:
#include <iostream>
#include <Windows.h>
using namespace std;
int main()
{
OSVERSIONINFO osvi;
BOOL bIsWindowsXPorLater;
ZeroMemory(&osvi, sizeof(OSVERSIONINFO));
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&osvi);
DWORD dwMajorVersion = osvi.dwMajorVersion;
DWORD dwMinorVersion = osvi.dwMinorVersion;
DWORD dwBuildNumber = osvi.dwBuildNumber;
DWORD nEdx = dwMajorVersion * dwMinorVersion + dwBuildNumber;
nEdx -= dwMinorVersion;
DWORD nEax = dwBuildNumber * 0xCDD;
nEax += nEdx;
nEax += dwBuildNumber;
printf("0x%08x\n", nEax);
printf("nEax:%d\n", nEax);
printf("dwMajorVersion:%d dwMinorVersion:%d dwBuildNumber:0x%x\n",
dwMajorVersion, dwMinorVersion, dwBuildNumber);
getchar();
return 0;
}
执行结果: