program nod32pass;
{$APPTYPE CONSOLE}
uses
SysUtils,
Registry,
Windows;
var
Reg: TRegistry;
buf: PByteArray;
size: Integer;
mask: array[0..19] of Byte = ($61, $D6, $D4, $E9, $DD, $F0, $FB, $F2, $5B, $64, $35, $AD, $B7, $C8, $19, $75, $EC, $31, $2B, $BC);
i: integer;
username, password: string;
begin
try
Reg := TRegistry.Create;
try
Reg.RootKey := HKEY_LOCAL_MACHINE; //用Tregistry来读取注册表的常规做法
if Reg.OpenKeyReadOnly('SOFTWARE\Eset\Nod\CurrentVersion\Modules\Update\Settings\Config000\Settings') then
begin
username := Reg.ReadString('Username'); //用户名字段没有加密
size := Reg.GetDataSize('Password'); //读取密码字段(二进制,加密过)的大小
GetMem(buf, size);//为缓冲区申请内存
Reg.ReadBinaryData('Password', buf^, size); //把注册表中存的加密过的密码读入缓冲区
i := 0;
while i < size - 1 do
begin
password := password + chr(buf xor mask);
Inc(i, 2);
end; //这个循环就是用来解密的。把每一位与mask的其中一位求与或。
WriteLn('Username: ' + username);
WriteLn('Password: ' + password); //输出结果
end;
finally
Reg.CloseKey;
Reg.Free;
//FreeMem(Buf) 作者少了这一句,没有这句可能会产生内存泄露
end;
except
on E: Exception do
Writeln(E.Classname, ': ', E.Message);
end;
end.
以上这段代码,不知道谁能读懂~
微博帐号登录