WingFaster2.8(VB)爆破
【文章标题】: WingFaster2.8(VB)爆破【文章作者】: gongsui
【下载地址】: 自己搜索下载
【加壳方式】: no
【编写语言】: Microsoft Visual Basic | Basic
【使用工具】: die/od/c32asm
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
很简单的一个小程序,老规矩——高手直接飘过~~~~~
由于是Microsoft Visual Basic | Basic程序,od找不到字符串,所以用c32asm的unicode查找字符串(注册码错误、已注册)
可以找到关键字符串的位置
看一下代码:
0040F064 .8945 98 mov dword ptr , eax
0040F067 .894D B0 mov dword ptr , ecx
0040F06A .8945 A8 mov dword ptr , eax
0040F06D .894D C0 mov dword ptr , ecx
0040F070 .8945 B8 mov dword ptr , eax
0040F073 0F84 91010000 je 0040F20A ;关键跳转
0040F079 .8D55 88 lea edx, dword ptr
0040F07C .8D4D C8 lea ecx, dword ptr
0040F07F .C745 90 C8894>mov dword ptr , 004089C8 ;ASCII "m`淯!"
0040F086 .C745 88 08000>mov dword ptr , 8
0040F08D .FF15 68114000 call dword ptr [<&MSVBVM60.__vbaVarDu>;MSVBVM60.__vbaVarDup
0040F093 .8D55 98 lea edx, dword ptr
0040F096 .8D45 A8 lea eax, dword ptr
0040F099 .52 push edx
0040F09A .8D4D B8 lea ecx, dword ptr
0040F09D .50 push eax
0040F09E .51 push ecx
0040F09F .8D55 C8 lea edx, dword ptr
0040F0A2 .6A 40 push 40
0040F0A4 .52 push edx
0040F0A5 .FF15 7C104000 call dword ptr [<&MSVBVM60.#595>] ;MSVBVM60.rtcMsgBox
0040F0AB .8D45 98 lea eax, dword ptr
0040F0AE .8D4D A8 lea ecx, dword ptr
0040F0B1 .50 push eax
0040F0B2 .8D55 B8 lea edx, dword ptr
0040F0B5 .51 push ecx
0040F0B6 .8D45 C8 lea eax, dword ptr
0040F0B9 .52 push edx
0040F0BA .50 push eax
0040F0BB .6A 04 push 4
0040F0BD .FFD6 call esi
0040F0BF .83C4 14 add esp, 14
0040F0C2 .6A 01 push 1
0040F0C4 .FF15 04104000 call dword ptr [<&MSVBVM60.__vbaStrI2>;MSVBVM60.__vbaStrI2
0040F0CA .8BD0 mov edx, eax
0040F0CC .8D4D E8 lea ecx, dword ptr
0040F0CF .FF15 84114000 call dword ptr [<&MSVBVM60.__vbaStrMo>;MSVBVM60.__vbaStrMove
0040F0D5 .50 push eax
0040F0D6 .68 60814000 push 00408160 ;UNICODE "RegInfo"
0040F0DB .68 58794000 push 00407958 ;UNICODE "WingFaster"
0040F0E0 .68 48794000 push 00407948 ;UNICODE "81915"
0040F0E5 .FF15 00104000 call dword ptr [<&MSVBVM60.#690>] ;MSVBVM60.rtcSaveSetting
0040F0EB .8D4D E8 lea ecx, dword ptr
0040F0EE .FF15 A0114000 call dword ptr [<&MSVBVM60.__vbaFreeS>;MSVBVM60.__vbaFreeStr
0040F0F4 .A1 10304100 mov eax, dword ptr
0040F0F9 .85C0 test eax, eax
0040F0FB .75 15 jnz short 0040F112
0040F0FD .68 10304100 push 00413010
0040F102 .68 245C4000 push 00405C24
0040F107 .FF15 34114000 call dword ptr [<&MSVBVM60.__vbaNew2>>;MSVBVM60.__vbaNew2
0040F10D .A1 10304100 mov eax, dword ptr
0040F112 >8B08 mov ecx, dword ptr
0040F114 .50 push eax
0040F115 .FF91 58030000 call dword ptr
0040F11B .8B1D 74104000 mov ebx, dword ptr [<&MSVBVM60.__vba>;MSVBVM60.__vbaObjSet
0040F121 .8D55 DC lea edx, dword ptr
0040F124 .50 push eax
0040F125 .52 push edx
0040F126 .FFD3 call ebx ;<&MSVBVM60.__vbaObjSet>
0040F128 .8BF0 mov esi, eax
0040F12A .6A 00 push 0
0040F12C .56 push esi
0040F12D .8B06 mov eax, dword ptr
0040F12F .FF90 8C000000 call dword ptr
0040F135 .85C0 test eax, eax
0040F137 .DBE2 fclex
0040F139 .7D 12 jge short 0040F14D
0040F13B .68 8C000000 push 8C
0040F140 .68 70814000 push 00408170
0040F145 .56 push esi
0040F146 .50 push eax
0040F147 .FF15 5C104000 call dword ptr [<&MSVBVM60.__vbaHresu>;MSVBVM60.__vbaHresultCheckObj
0040F14D >8D4D DC lea ecx, dword ptr
0040F150 .FF15 9C114000 call dword ptr [<&MSVBVM60.__vbaFreeO>;MSVBVM60.__vbaFreeObj
0040F156 .A1 10304100 mov eax, dword ptr
0040F15B .85C0 test eax, eax
0040F15D .75 15 jnz short 0040F174
0040F15F .68 10304100 push 00413010
0040F164 .68 245C4000 push 00405C24
0040F169 .FF15 34114000 call dword ptr [<&MSVBVM60.__vbaNew2>>;MSVBVM60.__vbaNew2
0040F16F .A1 10304100 mov eax, dword ptr
0040F174 >8B08 mov ecx, dword ptr
0040F176 .50 push eax
0040F177 .FF91 58030000 call dword ptr
0040F17D .8D55 DC lea edx, dword ptr
0040F180 .50 push eax
0040F181 .52 push edx
0040F182 .FFD3 call ebx
0040F184 .8BF0 mov esi, eax
0040F186 .68 84814000 push 00408184 ; 已注册
0040F18B .56 push esi
0040F18C .8B06 mov eax, dword ptr
0040F18E .FF50 54 call dword ptr
0040F191 .85C0 test eax, eax
0040F193 .DBE2 fclex
0040F195 .7D 0F jge short 0040F1A6
0040F197 .6A 54 push 54
0040F199 .68 70814000 push 00408170
0040F19E .56 push esi
0040F19F .50 push eax
0040F1A0 .FF15 5C104000 call dword ptr [<&MSVBVM60.__vbaHresu>;MSVBVM60.__vbaHresultCheckObj
0040F1A6 >8B1D 9C114000 mov ebx, dword ptr [<&MSVBVM60.__vba>;MSVBVM60.__vbaFreeObj
0040F1AC .8D4D DC lea ecx, dword ptr
0040F1AF .FFD3 call ebx ;<&MSVBVM60.__vbaFreeObj>
0040F1B1 .A1 D0364100 mov eax, dword ptr
0040F1B6 .85C0 test eax, eax
0040F1B8 .75 10 jnz short 0040F1CA
0040F1BA .68 D0364100 push 004136D0
0040F1BF .68 38804000 push 00408038
0040F1C4 .FF15 34114000 call dword ptr [<&MSVBVM60.__vbaNew2>>;MSVBVM60.__vbaNew2
0040F1CA >8B35 D0364100 mov esi, dword ptr
0040F1D0 .8D4D DC lea ecx, dword ptr
0040F1D3 .57 push edi
0040F1D4 .51 push ecx
0040F1D5 .8B16 mov edx, dword ptr
0040F1D7 .8995 34FFFFFF mov dword ptr , edx
0040F1DD .FF15 84104000 call dword ptr [<&MSVBVM60.__vbaObjSe>;MSVBVM60.__vbaObjSetAddref
0040F1E3 .8B95 34FFFFFF mov edx, dword ptr
0040F1E9 .50 push eax
0040F1EA .56 push esi
0040F1EB .FF52 10 call dword ptr
0040F1EE .85C0 test eax, eax
0040F1F0 .DBE2 fclex
0040F1F2 .7D 0F jge short 0040F203
0040F1F4 .6A 10 push 10
0040F1F6 .68 28804000 push 00408028
0040F1FB .56 push esi
0040F1FC .50 push eax
0040F1FD .FF15 5C104000 call dword ptr [<&MSVBVM60.__vbaHresu>;MSVBVM60.__vbaHresultCheckObj
0040F203 >8D4D DC lea ecx, dword ptr
0040F206 .FFD3 call ebx
0040F208 .EB 49 jmp short 0040F253
0040F20A >8D55 88 lea edx, dword ptr ;0040F073跳转到这里。
0040F20D .8D4D C8 lea ecx, dword ptr
0040F210 .C745 90 E0894>mov dword ptr , 004089E0 ;注册码错误!
0040F217 .C745 88 08000>mov dword ptr , 8
0040F21E .FF15 68114000 call dword ptr [<&MSVBVM60.__vbaVarDu>;MSVBVM60.__vbaVarDup
0040F224 .8D45 98 lea eax, dword ptr
0040F227 .8D4D A8 lea ecx, dword ptr
0040F22A .50 push eax
0040F22B .8D55 B8 lea edx, dword ptr
0040F22E .51 push ecx
0040F22F .52 push edx
可以看到0040F073 /0F84 91010000 je 0040F20A是跳转到
0040F20A > \8D55 88 lea edx, dword ptr
将0040F073 /0F84 91010000 je 0040F20A
改成0040F073 /0F84 91010000 jnz 0040F20A
保存,打开,再重启看一下有没有重启验证。
ok,没有重启验证
大功告成
--------------------------------------------------------------------------------
【经验总结】
我看到vb程序就怕。。。。。尤其是pcode的。。。。
--------------------------------------------------------------------------------
【版权声明】: 本文原创于pyg, 转载请注明作者并保持文章的完整, 谢谢!
2007年09月13日 17:25:23 学习vb!!! vb的,感觉不是很难破的说.! 也是挺怕Vb的,有没有破Vb高手的 教一把吧
本人QQ 404763383
页:
[1]