【www.hzclsc.cn--lol周免英雄】

这几天比较无聊，找了个豪杰大眼睛II，发现它的注册的算法基本与豪杰超级解霸3000英雄版的算法很相似，第一组的注册码是一样的，从第二组开始的变化稍有不同，以下是它的算法的分析过程。

* Reference To: USER32.GetWindowTextA, Ord:015Eh
|
:00401CCA 8B35F8604000 mov esi, dword ptr [004060F8]
:00401CD0 8D442404 lea eax, dword ptr [esp+04]
:00401CD4 6A08 push 00000008
:00401CD6 50 push eax
:00401CD7 51 push ecx
:00401CD8 FFD6 call esi
:00401CDA A128984000 mov eax, dword ptr [00409828]
:00401CDF 8D542409 lea edx, dword ptr [esp+09]
:00401CE3 6A08 push 00000008
:00401CE5 52 push edx
:00401CE6 50 push eax
:00401CE7 FFD6 call esi
:00401CE9 8B1534984000 mov edx, dword ptr [00409834]
:00401CEF 8D4C240E lea ecx, dword ptr [esp+0E]
:00401CF3 6A08 push 00000008
:00401CF5 51 push ecx
:00401CF6 52 push edx
:00401CF7 FFD6 call esi
:00401CF9 8B0D30984000 mov ecx, dword ptr [00409830]
:00401CFF 8D442413 lea eax, dword ptr [esp+13]
:00401D03 6A08 push 00000008
:00401D05 50 push eax
:00401D06 51 push ecx
:00401D07 FFD6 call esi
:00401D09 8B1524984000 mov edx, dword ptr [00409824]
:00401D0F 6800010000 push 00000100
:00401D14 B02D mov al, 2D
:00401D16 6860994000 push 00409960
:00401D1B 52 push edx
:00401D1C 8844241E mov byte ptr [esp+1E], al
:00401D20 88442419 mov byte ptr [esp+19], al
:00401D24 88442414 mov byte ptr [esp+14], al
:00401D28 C644242300 mov [esp+23], 00
:00401D2D FFD6 call esi
:00401D2F 8D442404 lea eax, dword ptr [esp+04]
:00401D33 50 push eax
:00401D34 6860994000 push 00409960

本文来源：http://www.hzclsc.cn/wangyou/19975.html