Simple kingftp Simplified Chinese version 1.2 Registration Algorithm

[Break text title] kingftp Simplified Chinese version 1.2 Registration Algorithm
[Author] XXNB
[Author's mailbox] supports PYG
[Author's homepage] binbinbin7456.ys168.com
[Cracking tool] OD
[Cracking platform] XP SP2
[Software] kingftp Simplified Chinese version 1.2
[Software size] 85KB
[Original download] http://www.newhua.com/soft/46446.htm
[Protection method] email + code
[Software Overview] 1. kingftp is a simple and easy-to-use FTP software. You only need to click a button and drag the mouse to complete uploading and downloading;
2. It is an FTP software for the customer. Its framework is like combining two resource managers and right-clicking them to complete all the work;
3. kingftp supports windows 2000 Series, windows xp, windows 2003 series, SunOS, aix unix, Red Linux, Digital UNIX, And FreeBSD.

System ..
[Cracking statement] cainiao learns from experts!
------------------------------------------------------------------------
[Cracking process]
------------------------------------------------------------------------
1. I was bored today and found this software of huajun. After downloading it, I couldn't understand it even though it was "kingftp Simplified Chinese version 1.1. Take care of him.

This software Icon has not been changed. You can see that it is VC. There is no shell. That's exactly what I want to do. Then I will look at it.

After my analysis, this software did not even detect the input. So I entered the Email: B Registration Code: 1 because there is a loop in it, so try to save

The string looks for "incorrect registration code. Please register again !". Get:

00414C80. 6A FF push-1
00414C82. 68 30F84100 push 0041F830; SE processing program installation
00414C87. 64: A1 0000000> mov eax, dword ptr fs: [0]
00414C8D. 50 push eax
00414C8E. 64: 8925 00000> mov dword ptr fs: [0], esp
00414C95. 83EC 20 sub esp, 20
00414C98. 56 push esi
00414C99. 8BF1 mov esi, ecx
00414C9B. 8D4C24 0C lea ecx, dword ptr [esp + C]
00414C9F. E8 CC730000 call <jmp. & MFC42. #540>
00414CA4. 8D4C24 08 lea ecx, dword ptr [esp + 8]
00414CA8. C74424 2C 000> mov dword ptr [esp + 2C], 0
00414CB0. E8 BB730000 call <jmp. & MFC42. #540>
00414CB5. 8D4C24 04 lea ecx, dword ptr [esp + 4]
00414CB9. C64424 2C 01 mov byte ptr [esp + 2C], 1
00414CBE. E8 AD730000 call <jmp. & MFC42. #540>
00414CC3. 8D4424 08 lea eax, dword ptr [esp + 8]
00414CC7. 8BCE mov ecx, esi
00414CC9. 50 push eax
00414CCA. 68 FC030000 push 3FC
00414CCF. C64424 34 02 mov byte ptr [esp + 34], 2
00414CD4. E8 197C0000 call <jmp. & MFC42. #3097>
00414CD9. 8D4C24 0C lea ecx, dword ptr [esp + C]; obtain the machine code
00414CDD. 51 push ecx
00414CDE. 68 FB030000 push 3FB
00414e3. 8BCE mov ecx, esi
00414CE5. E8 087C0000 call <jmp. & MFC42. #3097>; get the email address
00414CEA. 8D5424 04 lea edx, dword ptr [esp + 4]
00414CEE. 8BCE mov ecx, esi
00414CF0. 52 push edx
00414CF1. 68 FD030000 push 3FD
00414CF6. E8 F77B0000 call <jmp. & MFC42. #3097>; get the false registration code. None of them are symmetric.
00414CFB. 68 ED000000 push 0ED
00414D00. 51 push ecx
00414D01. 8D4C24 14 lea ecx, dword ptr [esp + 14]
00414D05. 8BC4 mov eax, esp
00414D07. 896424 1C mov dword ptr [esp + 1C], esp
00414D0B. 8D5424 10 lea edx, dword ptr [esp + 10]
00414D0F. 51 push ecx
00414D10. 52 push edx
00414D11. 50 push eax
00414D12. E8 63750000 call <jmp. & MFC42. #922>
00414D17. 8D4424 18 lea eax, dword ptr [esp + 18] after the call above, the machine code is connected to the mailbox.
00414D1B. 50 push eax
00414D1C. E8 1FC3FEFF call 00401040; this should be the algorithm call 《《《《《《《《《《《《
00414D21. 8B4C24 1C mov ecx, dword ptr [esp + 1C]; it's not the real code here, so the call above is not !!
00414D25. 8B5424 10 mov edx, dword ptr [esp + 10]; (initial cpu selection)
00414D29. 51 push ecx;/real code into Stack
00414D2A. 52 & nbs