Real Spy Monitor 2.76 算法分析
Real Spy Monitor 2.76 算法分析【文章标题】: Real Spy Monitor 2.76 算法分析
【文章作者】: xss517
【作者QQ号】: 251496329
【软件名称】: Real Spy Monitor
【下载地址】: 自己搜索下载
【加壳方式】: 无
【编写语言】: vb6
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
Real Spy Monitor 2.76 注册机
软件大小:1416KB 软件类别:国外软件/系统监视
下载次数:18806 软件授权:共享版
软件语言:英文 运行环境:Win9x/Me/NT/2000/XP/2003
软件评级: 更新时间:2007-9-29 9:08:39
开 发 商:Home Page 联 系 人:未知
Real Spy Monitor是一个监测互联网和个人电脑、以保障其安全的软件。包括键盘敲击、网页站点、视窗开关、程序执行、屏幕扫描以及文件的出入等都是其监控的对象。网络的监视可以纪录的不只是网页的浏览,包含 AOL、ICQ、MSN、AIM、Yahoo Messenger等实时通讯的软件,通通可以留下纪录。此外,还有直接在网页上使用邮件系统的 Web Mail 内容,包含 MSN 和 Hotmail 等等,都可以详细的纪录所有资料
这个东西安装以后会隐藏自己的安装目录,不过我还是打开了它的目录,把主程序winrsm.exe拖进peid
Microsoft Visual Basic 5.0 / 6.0
原来是vb写的东西,我最怕vb这类东西,只好硬着头皮看看
字符串分析插件得到注册
超级字串参考, 条目 817
地址=0046A2D7
反汇编=mov dword ptr , 0041433C
文本字串=Registration Sucessful,please restart Real Spy Monitor
当然要进去看看,0041433C往上拖,到00469DE0入口处,里面的代码比c编译出来的烦琐的多了
00469DE0 > \55 push ebp
00469DE1 .8BEC mov ebp, esp
00469DE3 .83EC 0C sub esp, 0C
00469DE6 .68 261E4000 push <jmp.&MSVBVM50.__vbaExceptHandl>;SE 处理程序安装
00469DEB .64:A1 00000000 mov eax, dword ptr fs:
00469DF1 .50 push eax
00469DF2 .64:8925 00000000 mov dword ptr fs:, esp
00469DF9 .81EC D8000000 sub esp, 0D8
00469DFF .53 push ebx
00469E00 .56 push esi
00469E01 .57 push edi
00469E02 .8B7D 08 mov edi, dword ptr
00469E05 .8BC7 mov eax, edi
00469E07 .83E7 FE and edi, FFFFFFFE
00469E0A .8965 F4 mov dword ptr , esp
00469E0D .83E0 01 and eax, 1
00469E10 .8B37 mov esi, dword ptr
00469E12 .C745 F8 98144000 mov dword ptr , 00401498
00469E19 .57 push edi
00469E1A .8945 FC mov dword ptr , eax
00469E1D .897D 08 mov dword ptr , edi
00469E20 .FF56 04 call dword ptr
00469E23 .33C0 xor eax, eax
00469E25 .57 push edi
00469E26 .8945 E4 mov dword ptr , eax
00469E29 .8945 E0 mov dword ptr , eax
00469E2C .8945 DC mov dword ptr , eax
00469E2F .8945 D4 mov dword ptr , eax
00469E32 .8945 D0 mov dword ptr , eax
00469E35 .8945 CC mov dword ptr , eax
00469E38 .8945 C8 mov dword ptr , eax
00469E3B .8945 C4 mov dword ptr , eax
00469E3E .8945 C0 mov dword ptr , eax
00469E41 .8945 BC mov dword ptr , eax
00469E44 .8945 AC mov dword ptr , eax
00469E47 .8945 9C mov dword ptr , eax
00469E4A .8945 8C mov dword ptr , eax
00469E4D .8985 7CFFFFFF mov dword ptr , eax
00469E53 .8985 6CFFFFFF mov dword ptr , eax
00469E59 .FF96 10030000 call dword ptr
00469E5F .8D4D AC lea ecx, dword ptr
00469E62 .8D55 9C lea edx, dword ptr
00469E65 .51 push ecx
00469E66 .52 push edx
00469E67 .8945 B4 mov dword ptr , eax
00469E6A .C745 AC 09000000 mov dword ptr , 9
00469E71 .FF15 9C834A00 call dword ptr [<&MSVBVM50.#520>] ;MSVBVM50.rtcTrimVar
00469E77 .8B35 F8824A00 mov esi, dword ptr [<&MSVBVM50.__vb>;MSVBVM50.__vbaStrVarMove
00469E7D .8D45 9C lea eax, dword ptr
00469E80 .50 push eax
00469E81 .FFD6 call esi ;<&MSVBVM50.__vbaStrVarMove>
00469E83 .8B3D 44854A00 mov edi, dword ptr [<&MSVBVM50.__vb>;MSVBVM50.__vbaStrMove
00469E89 .8BD0 mov edx, eax ;取注册名
00469E8B .8D4D E4 lea ecx, dword ptr
00469E8E .FFD7 call edi ;<&MSVBVM50.__vbaStrMove>
00469E90 .8B1D 04834A00 mov ebx, dword ptr [<&MSVBVM50.__vb>;MSVBVM50.__vbaFreeVarList
00469E96 .8D4D 9C lea ecx, dword ptr
00469E99 .8D55 AC lea edx, dword ptr
00469E9C .51 push ecx
00469E9D .52 push edx
00469E9E .6A 02 push 2
00469EA0 .FFD3 call ebx ;<&MSVBVM50.__vbaFreeVarList>
00469EA2 .83C4 0C add esp, 0C
00469EA5 .8D8D 6CFFFFFF lea ecx, dword ptr
00469EAB .8D55 AC lea edx, dword ptr
00469EAE .8D45 E4 lea eax, dword ptr
00469EB1 .51 push ecx
00469EB2 .52 push edx
00469EB3 .8985 74FFFFFF mov dword ptr , eax
00469EB9 .C785 6CFFFFFF 0840>mov dword ptr , 4008 ;转成大写,vb里面的ucase函数
00469EC3 .FF15 CC834A00 call dword ptr [<&MSVBVM50.#528>] ;MSVBVM50.rtcUpperCaseVar
00469EC9 .8D45 AC lea eax, dword ptr
00469ECC .50 push eax
00469ECD .FFD6 call esi
00469ECF .8BD0 mov edx, eax
00469ED1 .8D4D E4 lea ecx, dword ptr
00469ED4 .FFD7 call edi
00469ED6 .8D4D AC lea ecx, dword ptr
00469ED9 .FF15 F0824A00 call dword ptr [<&MSVBVM50.__vbaFree>;MSVBVM50.__vbaFreeVar
00469EDF .BA BCF04000 mov edx, 0040F0BC
00469EE4 .8D4D DC lea ecx, dword ptr
00469EE7 .C745 D8 01000000 mov dword ptr , 1
00469EEE .FF15 C0844A00 call dword ptr [<&MSVBVM50.__vbaStrC>;MSVBVM50.__vbaStrCopy
00469EF4 >0FBF4D D8 movsx ecx, word ptr
00469EF8 .8B55 E4 mov edx, dword ptr
00469EFB .898D 1CFFFFFF mov dword ptr , ecx
00469F01 .52 push edx
00469F02 .FF15 F4824A00 call dword ptr [<&MSVBVM50.__vbaLenB>;MSVBVM50.__vbaLenBstr
00469F08 .8B8D 1CFFFFFF mov ecx, dword ptr
00469F0E .3BC8 cmp ecx, eax
00469F10 .0F8F 4D010000 jg 0046A063
00469F16 .8D45 E4 lea eax, dword ptr
00469F19 .8D55 AC lea edx, dword ptr
00469F1C .8985 74FFFFFF mov dword ptr , eax
00469F22 .52 push edx
00469F23 .51 push ecx
00469F24 .8D85 6CFFFFFF lea eax, dword ptr
00469F2A .8D4D 9C lea ecx, dword ptr
00469F2D .50 push eax
00469F2E .51 push ecx
00469F2F .C745 B4 01000000 mov dword ptr , 1
00469F36 .C745 AC 02000000 mov dword ptr , 2
00469F3D .C785 6CFFFFFF 0840>mov dword ptr , 4008
00469F47 .FF15 B8834A00 call dword ptr [<&MSVBVM50.#632>] ;MSVBVM50.rtcMidCharVar
00469F4D .8D55 9C lea edx, dword ptr
00469F50 .52 push edx
00469F51 .FFD6 call esi
00469F53 .8BD0 mov edx, eax
00469F55 .8D4D E0 lea ecx, dword ptr
00469F58 .FFD7 call edi
00469F5A .8D45 9C lea eax, dword ptr
00469F5D .8D4D AC lea ecx, dword ptr
00469F60 .50 push eax
00469F61 .51 push ecx
00469F62 .6A 02 push 2
00469F64 .FFD3 call ebx
00469F66 .8B55 E0 mov edx, dword ptr
00469F69 .83C4 0C add esp, 0C
00469F6C .52 push edx
00469F6D .FF15 10834A00 call dword ptr [<&MSVBVM50.#516>] ;MSVBVM50.rtcAnsiValueBstr
00469F73 .66:8B4D D8 mov cx, word ptr ;先将注册名转为大写,再取每一位注册名进行运算
00469F77 .66:6BC9 06 imul cx, cx, 6 ;cx=6*cx
00469F7B .0F80 C5050000 jo 0046A546
00469F81 .66:03C1 add ax, cx ;ax=ax+cx
00469F84 .0F80 BC050000 jo 0046A546
00469F8A .66:2D 0F00 sub ax, 0F ;ax=ax-6f
00469F8E .0F80 B2050000 jo 0046A546
00469F94 .66:3D 2100 cmp ax, 21 ;和33比较,是否在asc字符区域
00469F98 .7C 56 jl short 00469FF0
00469F9A .66:3D 7E00 cmp ax, 7E ;和126比较
00469F9E .7F 4A jg short 00469FEA
00469FA0 .8B55 DC mov edx, dword ptr
00469FA3 .8D4D AC lea ecx, dword ptr
00469FA6 .0FBFC0 movsx eax, ax
00469FA9 .50 push eax
00469FAA .51 push ecx
00469FAB .8995 74FFFFFF mov dword ptr , edx
00469FB1 .C785 6CFFFFFF 0800>mov dword ptr , 8
00469FBB .FF15 64844A00 call dword ptr [<&MSVBVM50.#608>] ;MSVBVM50.rtcVarBstrFromAnsi
00469FC1 .8D95 6CFFFFFF lea edx, dword ptr
00469FC7 .8D45 AC lea eax, dword ptr
00469FCA .52 push edx
00469FCB .8D4D 9C lea ecx, dword ptr
00469FCE .50 push eax
00469FCF .51 push ecx
00469FD0 .FF15 08854A00 call dword ptr [<&MSVBVM50.__vbaVarA>;MSVBVM50.__vbaVarAdd
00469FD6 .50 push eax
00469FD7 .FFD6 call esi
00469FD9 .8BD0 mov edx, eax ;注册码每次连接起来
00469FDB .8D4D DC lea ecx, dword ptr
00469FDE .FFD7 call edi
00469FE0 .8D55 9C lea edx, dword ptr
00469FE3 .8D45 AC lea eax, dword ptr
00469FE6 .52 push edx
00469FE7 .50 push eax
00469FE8 .EB 5E jmp short 0046A048
00469FEA >66:3D 2100 cmp ax, 21
00469FEE .7D 05 jge short 00469FF5
00469FF0 >B8 65000000 mov eax, 65
00469FF5 >66:3D 7E00 cmp ax, 7E
00469FF9 .7E 05 jle short 0046A000
00469FFB .B8 2A000000 mov eax, 2A
0046A000 >8B4D DC mov ecx, dword ptr
0046A003 .C785 6CFFFFFF 0800>mov dword ptr , 8
0046A00D .0FBFD0 movsx edx, ax
0046A010 .8D45 AC lea eax, dword ptr
0046A013 .52 push edx
0046A014 .50 push eax
0046A015 .898D 74FFFFFF mov dword ptr , ecx
0046A01B .FF15 64844A00 call dword ptr [<&MSVBVM50.#608>] ;MSVBVM50.rtcVarBstrFromAnsi
0046A021 .8D8D 6CFFFFFF lea ecx, dword ptr
0046A027 .8D55 AC lea edx, dword ptr
0046A02A .51 push ecx
0046A02B .8D45 9C lea eax, dword ptr
0046A02E .52 push edx
0046A02F .50 push eax
0046A030 .FF15 08854A00 call dword ptr [<&MSVBVM50.__vbaVarA>;MSVBVM50.__vbaVarAdd
0046A036 .50 push eax
0046A037 .FFD6 call esi
0046A039 .8BD0 mov edx, eax
0046A03B .8D4D DC lea ecx, dword ptr
0046A03E .FFD7 call edi
0046A040 .8D4D 9C lea ecx, dword ptr
0046A043 .8D55 AC lea edx, dword ptr
0046A046 .51 push ecx
0046A047 .52 push edx
0046A048 >6A 02 push 2
0046A04A .FFD3 call ebx
0046A04C .66:8B45 D8 mov ax, word ptr
0046A050 .83C4 0C add esp, 0C
0046A053 .66:40 inc ax
0046A055 .0F80 EB040000 jo 0046A546
0046A05B .8945 D8 mov dword ptr , eax
0046A05E .^ E9 91FEFFFF jmp 00469EF4
0046A063 >8B7D 08 mov edi, dword ptr
0046A066 .57 push edi
0046A067 .8B07 mov eax, dword ptr
0046A069 .8B80 0C030000 mov eax, dword ptr
0046A06F .8985 18FFFFFF mov dword ptr , eax
0046A075 .FFD0 call eax
0046A077 .8D4D C0 lea ecx, dword ptr
0046A07A .50 push eax
0046A07B .51 push ecx
0046A07C .FF15 84834A00 call dword ptr [<&MSVBVM50.__vbaObjS>;MSVBVM50.__vbaObjSet
0046A082 .8BF0 mov esi, eax
0046A084 .8D45 D4 lea eax, dword ptr
0046A087 .50 push eax
0046A088 .56 push esi
0046A089 .8B16 mov edx, dword ptr
0046A08B .FF92 A0000000 call dword ptr
0046A091 .85C0 test eax, eax
0046A093 .7D 12 jge short 0046A0A7
0046A095 .68 A0000000 push 0A0
0046A09A .68 C0F04000 push 0040F0C0
0046A09F .56 push esi
0046A0A0 .50 push eax
0046A0A1 .FF15 50834A00 call dword ptr [<&MSVBVM50.__vbaHres>;MSVBVM50.__vbaHresultCheckObj
0046A0A7 >57 push edi
0046A0A8 .FF95 18FFFFFF call dword ptr
0046A0AE .8D4D BC lea ecx, dword ptr
0046A0B1 .50 push eax
0046A0B2 .51 push ecx
0046A0B3 .FF15 84834A00 call dword ptr [<&MSVBVM50.__vbaObjS>;MSVBVM50.__vbaObjSet
0046A0B9 .8BF0 mov esi, eax
0046A0BB .8D45 D0 lea eax, dword ptr
0046A0BE .50 push eax
0046A0BF .56 push esi
0046A0C0 .8B16 mov edx, dword ptr
0046A0C2 .FF92 A0000000 call dword ptr
0046A0C8 .85C0 test eax, eax
0046A0CA .7D 12 jge short 0046A0DE
0046A0CC .68 A0000000 push 0A0
0046A0D1 .68 C0F04000 push 0040F0C0
0046A0D6 .56 push esi
0046A0D7 .50 push eax
0046A0D8 .FF15 50834A00 call dword ptr [<&MSVBVM50.__vbaHres>;MSVBVM50.__vbaHresultCheckObj
0046A0DE >8B4D D0 mov ecx, dword ptr
0046A0E1 .51 push ecx
0046A0E2 .68 BCF04000 push 0040F0BC
0046A0E7 .FF15 DC834A00 call dword ptr [<&MSVBVM50.__vbaStrC>;MSVBVM50.__vbaStrCmp
0046A0ED .8B55 D4 mov edx, dword ptr ;strcmp注册码的比较
0046A0F0 .8BF0 mov esi, eax
0046A0F2 .8B45 DC mov eax, dword ptr
0046A0F5 .52 push edx
0046A0F6 .F7DE neg esi
0046A0F8 .1BF6 sbb esi, esi
0046A0FA .50 push eax
0046A0FB .F7DE neg esi
0046A0FD .F7DE neg esi
0046A0FF .FF15 DC834A00 call dword ptr [<&MSVBVM50.__vbaStrC>;MSVBVM50.__vbaStrCmp
0046A105 .8B4D E4 mov ecx, dword ptr
0046A108 .F7D8 neg eax
0046A10A .1BC0 sbb eax, eax
0046A10C .51 push ecx
0046A10D .40 inc eax
0046A10E .F7D8 neg eax
0046A110 .23F0 and esi, eax
0046A112 .FF15 F4824A00 call dword ptr [<&MSVBVM50.__vbaLenB>;MSVBVM50.__vbaLenBstr
0046A118 .33D2 xor edx, edx
0046A11A .83F8 08 cmp eax, 8 ;注册名不小于八位
0046A11D .8D45 D0 lea eax, dword ptr
0046A120 .8D4D D4 lea ecx, dword ptr
0046A123 .0F9DC2 setge dl
0046A126 .50 push eax
0046A127 .51 push ecx
0046A128 .F7DA neg edx
0046A12A .6A 02 push 2
0046A12C .23F2 and esi, edx
0046A12E .FF15 D0844A00 call dword ptr [<&MSVBVM50.__vbaFree>;MSVBVM50.__vbaFreeStrList
0046A134 .83C4 0C add esp, 0C
0046A137 .8D55 BC lea edx, dword ptr
0046A13A .8D45 C0 lea eax, dword ptr
0046A13D .52 push edx
0046A13E .50 push eax
0046A13F .6A 02 push 2
0046A141 .FF15 0C834A00 call dword ptr [<&MSVBVM50.__vbaFree>;MSVBVM50.__vbaFreeObjList
0046A147 .83C4 0C add esp, 0C
0046A14A .66:85F6 test si, si
0046A14D 0F84 9B020000 je 0046A3EE ;不能跳,否则就失败
0046A153 .8B07 mov eax, dword ptr
0046A155 .57 push edi
0046A156 .FF90 10030000 call dword ptr
0046A15C .8D4D C0 lea ecx, dword ptr
0046A15F .50 push eax
0046A160 .51 push ecx
0046A161 .FF15 84834A00 call dword ptr [<&MSVBVM50.__vbaObjS>;MSVBVM50.__vbaObjSet
0046A167 .8BF0 mov esi, eax
0046A169 .8D45 D4 lea eax, dword ptr
0046A16C .50 push eax
0046A16D .56 push esi
0046A16E .8B16 mov edx, dword ptr
0046A170 .FF92 A0000000 call dword ptr
0046A176 .85C0 test eax, eax
0046A178 .7D 12 jge short 0046A18C
0046A17A .68 A0000000 push 0A0
0046A17F .68 C0F04000 push 0040F0C0
0046A184 .56 push esi
0046A185 .50 push eax
0046A186 .FF15 50834A00 call dword ptr [<&MSVBVM50.__vbaHres>;MSVBVM50.__vbaHresultCheckObj
0046A18C >8B0D 50B04900 mov ecx, dword ptr ;C:\windows\RegisterRSM.ini,注册文件路径出现,看来是重启靠这个来储存注册信息的
0046A192 .8B35 10854A00 mov esi, dword ptr [<&MSVBVM50.__vb>;MSVBVM50.__vbaStrToAnsi
0046A198 .8D55 C4 lea edx, dword ptr
0046A19B .51 push ecx
0046A19C .52 push edx
0046A19D .FFD6 call esi ;<&MSVBVM50.__vbaStrToAnsi>
0046A19F .50 push eax
0046A1A0 .8B45 D4 mov eax, dword ptr
0046A1A3 .8D4D C8 lea ecx, dword ptr
0046A1A6 .50 push eax
0046A1A7 .51 push ecx
0046A1A8 .FFD6 call esi
0046A1AA .50 push eax
0046A1AB .8D55 CC lea edx, dword ptr
0046A1AE .68 EC424100 push 004142EC ;Registration Name
0046A1B3 .52 push edx
0046A1B4 .FFD6 call esi
0046A1B6 .50 push eax
0046A1B7 .8D45 D0 lea eax, dword ptr
0046A1BA .68 D8424100 push 004142D8 ;Confirm
0046A1BF .50 push eax
0046A1C0 .FFD6 call esi
0046A1C2 .50 push eax
0046A1C3 .E8 185CFAFF call 0040FDE0
0046A1C8 .FF15 44834A00 call dword ptr [<&MSVBVM50.__vbaSetS>;MSVBVM50.__vbaSetSystemError
0046A1CE .8B4D C4 mov ecx, dword ptr
0046A1D1 .51 push ecx
0046A1D2 .68 50B04900 push 0049B050
0046A1D7 .FF15 44844A00 call dword ptr [<&MSVBVM50.__vbaStrT>;MSVBVM50.__vbaStrToUnicode
0046A1DD .8D55 C4 lea edx, dword ptr
0046A1E0 .8D45 C8 lea eax, dword ptr
0046A1E3 .52 push edx
0046A1E4 .8D4D D4 lea ecx, dword ptr
0046A1E7 .50 push eax
0046A1E8 .8D55 CC lea edx, dword ptr
0046A1EB .51 push ecx
0046A1EC .8D45 D0 lea eax, dword ptr
0046A1EF .52 push edx
0046A1F0 .50 push eax
0046A1F1 .6A 05 push 5
0046A1F3 .FF15 D0844A00 call dword ptr [<&MSVBVM50.__vbaFree>;MSVBVM50.__vbaFreeStrList
0046A1F9 .83C4 18 add esp, 18
0046A1FC .8D4D C0 lea ecx, dword ptr
0046A1FF .FF15 78854A00 call dword ptr [<&MSVBVM50.__vbaFree>;MSVBVM50.__vbaFreeObj
0046A205 .57 push edi
0046A206 .FF95 18FFFFFF call dword ptr
0046A20C .8D4D C0 lea ecx, dword ptr
0046A20F .50 push eax
0046A210 .51 push ecx
0046A211 .FF15 84834A00 call dword ptr [<&MSVBVM50.__vbaObjS>;MSVBVM50.__vbaObjSet
0046A217 .8BF8 mov edi, eax
0046A219 .8D45 D4 lea eax, dword ptr
0046A21C .50 push eax
0046A21D .57 push edi
0046A21E .8B17 mov edx, dword ptr
0046A220 .FF92 A0000000 call dword ptr
0046A226 .85C0 test eax, eax
0046A228 .7D 12 jge short 0046A23C
0046A22A .68 A0000000 push 0A0
0046A22F .68 C0F04000 push 0040F0C0
0046A234 .57 push edi
0046A235 .50 push eax
0046A236 .FF15 50834A00 call dword ptr [<&MSVBVM50.__vbaHres>;MSVBVM50.__vbaHresultCheckObj
0046A23C >8B0D 50B04900 mov ecx, dword ptr
0046A242 .8D55 C4 lea edx, dword ptr
0046A245 .51 push ecx
0046A246 .52 push edx
0046A247 .FFD6 call esi
0046A249 .50 push eax
0046A24A .8B45 D4 mov eax, dword ptr
0046A24D .8D4D C8 lea ecx, dword ptr
0046A250 .50 push eax
0046A251 .51 push ecx
0046A252 .FFD6 call esi
0046A254 .50 push eax
0046A255 .8D55 CC lea edx, dword ptr
0046A258 .68 14434100 push 00414314 ;Registration Key
0046A25D .52 push edx
0046A25E .FFD6 call esi
0046A260 .50 push eax
0046A261 .8D45 D0 lea eax, dword ptr
0046A264 .68 D8424100 push 004142D8 ;Confirm
0046A269 .50 push eax
0046A26A .FFD6 call esi
0046A26C .50 push eax
0046A26D .E8 6E5BFAFF call 0040FDE0
0046A272 .FF15 44834A00 call dword ptr [<&MSVBVM50.__vbaSetS>;MSVBVM50.__vbaSetSystemError
0046A278 .8B4D C4 mov ecx, dword ptr
0046A27B .51 push ecx
0046A27C .68 50B04900 push 0049B050
0046A281 .FF15 44844A00 call dword ptr [<&MSVBVM50.__vbaStrT>;MSVBVM50.__vbaStrToUnicode
0046A287 .8D55 C4 lea edx, dword ptr
0046A28A .8D45 C8 lea eax, dword ptr
0046A28D .52 push edx
0046A28E .8D4D D4 lea ecx, dword ptr
0046A291 .50 push eax
0046A292 .8D55 CC lea edx, dword ptr
0046A295 .51 push ecx
0046A296 .8D45 D0 lea eax, dword ptr
0046A299 .52 push edx
0046A29A .50 push eax
0046A29B .6A 05 push 5
0046A29D .FF15 D0844A00 call dword ptr [<&MSVBVM50.__vbaFree>;MSVBVM50.__vbaFreeStrList
0046A2A3 .83C4 18 add esp, 18
0046A2A6 .8D4D C0 lea ecx, dword ptr
0046A2A9 .FF15 78854A00 call dword ptr [<&MSVBVM50.__vbaFree>;MSVBVM50.__vbaFreeObj
0046A2AF .B9 04000280 mov ecx, 80020004
0046A2B4 .B8 0A000000 mov eax, 0A
0046A2B9 .894D 84 mov dword ptr , ecx
0046A2BC .894D 94 mov dword ptr , ecx
0046A2BF .894D A4 mov dword ptr , ecx
0046A2C2 .8D95 6CFFFFFF lea edx, dword ptr
0046A2C8 .8D4D AC lea ecx, dword ptr
0046A2CB .8985 7CFFFFFF mov dword ptr , eax
0046A2D1 .8945 8C mov dword ptr , eax
0046A2D4 .8945 9C mov dword ptr , eax
0046A2D7 .C785 74FFFFFF 3C43>mov dword ptr , 0041433C ;Registration Sucessful,please restart Real Spy Monitor
0046A2E1 .C785 6CFFFFFF 0800>mov dword ptr , 8
0046A2EB .FF15 0C854A00 call dword ptr [<&MSVBVM50.__vbaVarD>;MSVBVM50.__vbaVarDup
0046A2F1 .8D8D 7CFFFFFF lea ecx, dword ptr
0046A2F7 .8D55 8C lea edx, dword ptr
0046A2FA .51 push ecx
0046A2FB .8D45 9C lea eax, dword ptr
0046A2FE .52 push edx
0046A2FF .50 push eax
0046A300 .8D4D AC lea ecx, dword ptr
0046A303 .6A 40 push 40
0046A305 .51 push ecx
0046A306 .FF15 80834A00 call dword ptr [<&MSVBVM50.#595>] ;MSVBVM50.rtcMsgBox
0046A30C .8D95 7CFFFFFF lea edx, dword ptr
0046A312 .8D45 8C lea eax, dword ptr
0046A315 .52 push edx
0046A316 .8D4D 9C lea ecx, dword ptr
0046A319 .50 push eax
0046A31A .8D55 AC lea edx, dword ptr
0046A31D .51 push ecx
0046A31E .52 push edx
0046A31F .6A 04 push 4
0046A321 .FFD3 call ebx
0046A323 .A1 0C0F4A00 mov eax, dword ptr
0046A328 .83C4 14 add esp, 14
0046A32B .85C0 test eax, eax
0046A32D .75 10 jnz short 0046A33F
0046A32F .68 0C0F4A00 push 004A0F0C ;ASCII "宆?
0046A334 .68 78F04000 push 0040F078
0046A339 .FF15 AC844A00 call dword ptr [<&MSVBVM50.__vbaNew2>;MSVBVM50.__vbaNew2
0046A33F >8B45 08 mov eax, dword ptr
0046A342 .8B35 0C0F4A00 mov esi, dword ptr
0046A348 .8B1D 8C834A00 mov ebx, dword ptr [<&MSVBVM50.__vb>;MSVBVM50.__vbaObjSetAddref
0046A34E .8D4D C0 lea ecx, dword ptr
0046A351 .8B3E mov edi, dword ptr
0046A353 .50 push eax
0046A354 .51 push ecx
0046A355 .FFD3 call ebx ;<&MSVBVM50.__vbaObjSetAddref>
0046A357 .50 push eax
0046A358 .56 push esi
0046A359 .FF57 10 call dword ptr
0046A35C .85C0 test eax, eax
0046A35E .7D 0F jge short 0046A36F
0046A360 .6A 10 push 10
0046A362 .68 68F04000 push 0040F068
0046A367 .56 push esi
0046A368 .50 push eax
0046A369 .FF15 50834A00 call dword ptr [<&MSVBVM50.__vbaHres>;MSVBVM50.__vbaHresultCheckObj
0046A36F >8B3D 78854A00 mov edi, dword ptr [<&MSVBVM50.__vb>;MSVBVM50.__vbaFreeObj
0046A375 .8D4D C0 lea ecx, dword ptr
0046A378 .FFD7 call edi ;<&MSVBVM50.__vbaFreeObj>
0046A37A .A1 0C0F4A00 mov eax, dword ptr
0046A37F .85C0 test eax, eax
0046A381 .75 10 jnz short 0046A393
0046A383 .68 0C0F4A00 push 004A0F0C ;ASCII "宆?
0046A388 .68 78F04000 push 0040F078
0046A38D .FF15 AC844A00 call dword ptr [<&MSVBVM50.__vbaNew2>;MSVBVM50.__vbaNew2
0046A393 >A1 ECB34900 mov eax, dword ptr
0046A398 .8B35 0C0F4A00 mov esi, dword ptr
0046A39E .85C0 test eax, eax
0046A3A0 .75 10 jnz short 0046A3B2
0046A3A2 .68 ECB34900 push 0049B3EC
0046A3A7 .68 7CA94000 push 0040A97C
0046A3AC .FF15 AC844A00 call dword ptr [<&MSVBVM50.__vbaNew2>;MSVBVM50.__vbaNew2
0046A3B2 >A1 ECB34900 mov eax, dword ptr
0046A3B7 .8B16 mov edx, dword ptr
0046A3B9 .8D4D C0 lea ecx, dword ptr
0046A3BC .50 push eax
0046A3BD .51 push ecx
0046A3BE .8995 14FFFFFF mov dword ptr , edx
0046A3C4 .FFD3 call ebx
0046A3C6 .8B95 14FFFFFF mov edx, dword ptr
0046A3CC .50 push eax
0046A3CD .56 push esi
0046A3CE .FF52 10 call dword ptr
0046A3D1 .85C0 test eax, eax
0046A3D3 .7D 0F jge short 0046A3E4
0046A3D5 .6A 10 push 10
0046A3D7 .68 68F04000 push 0040F068
0046A3DC .56 push esi
0046A3DD .50 push eax
0046A3DE .FF15 50834A00 call dword ptr [<&MSVBVM50.__vbaHres>;MSVBVM50.__vbaHresultCheckObj
0046A3E4 >8D4D C0 lea ecx, dword ptr
0046A3E7 .FFD7 call edi
0046A3E9 .E9 C4000000 jmp 0046A4B2
0046A3EE >B9 04000280 mov ecx, 80020004
0046A3F3 .B8 0A000000 mov eax, 0A
0046A3F8 .894D 84 mov dword ptr , ecx
0046A3FB .894D 94 mov dword ptr , ecx
0046A3FE .894D A4 mov dword ptr , ecx
0046A401 .8D95 6CFFFFFF lea edx, dword ptr
0046A407 .8D4D AC lea ecx, dword ptr
0046A40A .8985 7CFFFFFF mov dword ptr , eax
0046A410 .8945 8C mov dword ptr , eax
0046A413 .8945 9C mov dword ptr , eax
0046A416 .C785 74FFFFFF B043>mov dword ptr , 004143B0 ;Registration Key Wrong
0046A420 .C785 6CFFFFFF 0800>mov dword ptr , 8
0046A42A .FF15 0C854A00 call dword ptr [<&MSVBVM50.__vbaVarD>;MSVBVM50.__vbaVarDup
0046A430 .8D85 7CFFFFFF lea eax, dword ptr
0046A436 .8D4D 8C lea ecx, dword ptr
算法:首先要求注册名长度不小于八位,并且用Ucase来转为大写字符串
逐位取注册名的asc值+所在位数*6-15=A
判断A是否在7bit的asc字符范围内,如果A小于33则加上101,大于126就跳出,结束
用chr函数将A转换为字符,并且连接起来构成注册码。
Option Explicit
Private Sub Command1_Click()
Dim i As Integer, j As Integer, k As Integer, key As String
For i = 1 To Len(Text1.Text)
j = Asc(UCase(Mid(Text1.Text, i, 1)))
k = 6 * i
j = j + k
j = j - 15
If (j < 33) Then
j = j + 101
End If
If (j > 126) Then
End If
key = key & Chr(j)
Next i
Text2.Text = key
End Sub
注册成功后注册信息放在C:\WINDOWS\RegisterRSM.ini
Registration Name=xss51720
Registration Key=OPV>@LMQ
--------------------------------------------------------------------------------
【版权声明】: 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! 学习了
不错的教材 貌似你发的论坛比我写文章发的论坛还要多/:L 很好很强大。。/:017
页:
[1]