电脑定时关机1.3.6 算法分析
【破文标题】电脑定时关机1.3.6 算法分析【破文作者】pemet
【作者邮箱】[email protected]
【作者主页】
【破解工具】PEID,OD
【破解平台】WINDOWS XP SP3
【软件名称】电脑定时关机1.3.6
【软件大小】
【原版下载】自己找
【保护方式】注册杩
【软件简介】
【破解声明】本人菜鸟一个,第一次写算法破文,在这献丑了~~把学习过程拿出来,跟大家分享一下
------------------------------------------------------------------------
【破解过程】定时关机.exe 查壳 显示为:Microsoft Visual Basic 5.0 / 6.0 没有加壳
下消息断点 bp rtcMsgBox 直到程序领空
0043BCBD .C785 5CFFFFFF 0>mov dword ptr ss:,定时关机.00409500
0043BCC7 .C785 54FFFFFF 0>mov dword ptr ss:,8
0043BCD1 .8D95 54FFFFFF lea edx,dword ptr ss:
0043BCD7 .8D4D 94 lea ecx,dword ptr ss:
0043BCDA .FF15 F8114000 call dword ptr ds:[<&MSVBVM60.__vbaVarDup>>;MSVBVM60.__vbaVarDup
0043BCE0 .8D95 64FFFFFF lea edx,dword ptr ss:
0043BCE6 .52 push edx
0043BCE7 .8D85 74FFFFFF lea eax,dword ptr ss:
0043BCED .50 push eax
0043BCEE .8D4D 84 lea ecx,dword ptr ss:
0043BCF1 .51 push ecx
0043BCF2 .6A 30 push 30
0043BCF4 .8D55 94 lea edx,dword ptr ss:
0043BCF7 .52 push edx
0043BCF8 .FF15 A8104000 call dword ptr ds:[<&MSVBVM60.#595>] ; 提示错误
0043BCFE .8D4D B0 lea ecx,dword ptr ss:
0043BD01 .FF15 74124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>;MSVBVM60.__vbaFreeObj
==================================================================================================
向上翻
0043B9F3 .FF15 74124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>;MSVBVM60.__vbaFreeObj
0043B9F9 .8D55 84 lea edx,dword ptr ss:
0043B9FC .52 push edx
0043B9FD .8D45 94 lea eax,dword ptr ss:
0043BA00 .50 push eax
0043BA01 .6A 02 push 2
0043BA03 .FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>;MSVBVM60.__vbaFreeVarList
0043BA09 .83C4 0C add esp,0C
0043BA0C .C745 FC 0300000>mov dword ptr ss:,3
0043BA13 .8B4D DC mov ecx,dword ptr ss:
0043BA16 .51 push ecx
0043BA17 .68 04694000 push 定时关机.00406904
0043BA1C .FF15 04114000 call dword ptr ds:[<&MSVBVM60.__vbaStrCmp>>;MSVBVM60.__vbaStrCmp
0043BA22 .85C0 test eax,eax
0043BA24 .75 15 jnz short 定时关机.0043BA3B
0043BA26 .C745 FC 0400000>mov dword ptr ss:,4
0043BA2D .BA 7C6B4000 mov edx,定时关机.00406B7C ;UNICODE "none"
0043BA32 .8D4D DC lea ecx,dword ptr ss:
0043BA35 .FF15 C4114000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>;MSVBVM60.__vbaStrCopy
0043BA3B >C745 FC 0600000>mov dword ptr ss:,6
0043BA42 .8D55 DC lea edx,dword ptr ss:
0043BA45 .52 push edx
0043BA46 .E8 558EFEFF call 定时关机.004248A0 ;这里就是算法CALL
0043BA4B .C745 FC 0700000>mov dword ptr ss:,7
0043BA52 .833D D4F74300 0>cmp dword ptr ds:,0
0043BA59 .75 1C jnz short 定时关机.0043BA77 关键跳转
==============================================================================================
F7 跟进0043BA46算法CALL
00424946 .E8 F519FEFF call 定时关机.00406340
0042494B .FF15 84104000 call dword ptr ds:[<&MSVBVM60.__vbaSetSyst>;获取计算机名称MSVBVM60.__vbaSetSystemError
00424951 .8B45 E4 mov eax,dword ptr ss:
00424954 .50 push eax
00424955 .68 28F04300 push 定时关机.0043F028
0042495A .FF15 54114000 call dword ptr ds:[<&MSVBVM60.__vbaStrToUn>;MSVBVM60.__vbaStrToUnicode
00424960 .8D4D E4 lea ecx,dword ptr ss:
00424963 .FF15 78124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>;MSVBVM60.__vbaFreeStr
00424969 .8D4D B4 lea ecx,dword ptr ss:
0042496C .68 FF000000 push 0FF
00424A34 .FF15 58104000 call dword ptr ds:[<&MSVBVM60.#518>] ; 大小写转换
00424A3A .8D4D D4 lea ecx,dword ptr ss:
00424A3D .51 push ecx
00424A3E .FFD3 call ebx ;<&MSVBVM60.__vbaStrVarMove>
00424A40 .8BD0 mov edx,eax
00424A42 .B9 28F04300 mov ecx,定时关机.0043F028
00424A47 .FFD6 call esi ;<&MSVBVM60.__vbaStrMove>
00424A49 .8D4D D4 lea ecx,dword ptr ss:
00424A4C .FFD7 call edi ;<&MSVBVM60.__vbaFreeVar>
00424A4E .BA 247A4000 mov edx,定时关机.00407A24
00424A53 .8D4D E8 lea ecx,dword ptr ss:
00424A56 .FF15 C4114000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>;MSVBVM60.__vbaStrCopy
00424A5C .8B15 28F04300 mov edx,dword ptr ds: ;
00424A62 .52 push edx
00424A63 .FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>;取得计算机名长度
00424A69 .8BF8 mov edi,eax
00424A6B >85FF test edi,edi
00424A6D .0F8E 9F000000 jle 定时关机.00424B12
00424A73 .8D45 D4 lea eax,dword ptr ss: ;
00424A76 .8D4D B4 lea ecx,dword ptr ss: ;
00424A79 .50 push eax
00424A7A .57 push edi
00424A7B .8D55 C4 lea edx,dword ptr ss: ;
00424A7E .51 push ecx
00424A7F .52 push edx
00424A80 .C745 DC 0100000>mov dword ptr ss:,1 ;
00424A87 .C745 D4 0200000>mov dword ptr ss:,2 ;
00424A8E .C745 BC 28F0430>mov dword ptr ss:,定时关机.0043F028
00424A95 .C745 B4 0840000>mov dword ptr ss:,4008 ;
00424A9C .FF15 E4104000 call dword ptr ds:[<&MSVBVM60.#632>] ;MSVBVM60.rtcMidCharVar
00424AA2 .8D45 C4 lea eax,dword ptr ss:
00424AA5 .8D4D E4 lea ecx,dword ptr ss:
00424AA8 .50 push eax
00424AA9 .51 push ecx
00424AAA .FF15 8C114000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarV>;MSVBVM60.__vbaStrVarVal
00424AB0 .50 push eax
00424AB1 .FF15 50104000 call dword ptr ds:[<&MSVBVM60.#516>] ; 反之取计算机名的ASCII值
00424AB7 .8BC8 mov ecx,eax ;eax=110
00424AB9 .FF15 60104000 call dword ptr ds:[<&MSVBVM60.__vbaI2Abs>] ;MSVBVM60.__vbaI2Abs
00424ABF .8B55 E8 mov edx,dword ptr ss:
00424AC2 .52 push edx
00424AC3 .0FBFD8 movsx ebx,ax
00424AC6 .FF15 CC114000 call dword ptr ds:[<&MSVBVM60.__vbaI4Str>] ;MSVBVM60.__vbaI4Str
00424ACC .03D8 add ebx,eax ASCII值进行累加
00424ACE .0F80 49010000 jo 定时关机.00424C1D
00424AD4 .53 push ebx
00424AD5 .FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaStrI4>] ;MSVBVM60.__vbaStrI4
00424ADB .8BD0 mov edx,eax
00424ADD .8D4D E8 lea ecx,dword ptr ss:
00424AE0 .FFD6 call esi
00424AE2 .8D4D E4 lea ecx,dword ptr ss:
00424AE5 .FF15 78124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>;MSVBVM60.__vbaFreeStr
00424AEB .8D45 C4 lea eax,dword ptr ss:
00424AEE .8D4D D4 lea ecx,dword ptr ss:
00424AF1 .50 push eax
00424AF2 .51 push ecx
00424AF3 .6A 02 push 2
00424AF5 .FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>;MSVBVM60.__vbaFreeVarList
00424AFB .8B1D 30104000 mov ebx,dword ptr ds:[<&MSVBVM60.__vbaStrV>;MSVBVM60.__vbaStrVarMove
00424B01 .83C4 0C add esp,0C
00424B04 .83EF 01 sub edi,1
00424B07 .0F80 10010000 jo 定时关机.00424C1D
00424B0D .^ E9 59FFFFFF jmp 定时关机.00424A6B
00424B12 > \8B55 E8 mov edx,dword ptr ss: ;
00424B15 .8B3D 6C104000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaStrC>;MSVBVM60.__vbaStrCat
00424B1B .52 push edx
00424B1C .68 2C7A4000 push 定时关机.00407A2C ;UNICODE "081037"
00424B21 .FFD7 call edi ; 累加和与固定值“081037”相连
00424B23 .8945 DC mov dword ptr ss:,eax ;
00424B26 .8D45 D4 lea eax,dword ptr ss: ;
00424B29 .6A 06 push 6 ;
00424B2B .8D4D C4 lea ecx,dword ptr ss: ;
00424B2E .50 push eax
00424B2F .51 push ecx
00424B30 .C745 D4 0800000>mov dword ptr ss:,8
00424B37 .FF15 1C124000 call dword ptr ds:[<&MSVBVM60.#617>] ;取相连后的前6个字节
00424B3D .8D55 C4 lea edx,dword ptr ss:
00424B40 .52 push edx
00424B41 .FFD3 call ebx
00424B43 .8BD0 mov edx,eax
00424B45 .8D4D E8 lea ecx,dword ptr ss:
00424B48 .FFD6 call esi
00424B4A .8D45 C4 lea eax,dword ptr ss:
00424B4D .8D4D D4 lea ecx,dword ptr ss:
00424B50 .50 push eax
00424B51 .51 push ecx
00424B52 .6A 02 push 2
00424B54 .FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>;MSVBVM60.__vbaFreeVarList
00424B5A .8B55 E8 mov edx,dword ptr ss:
00424B5D .83C4 0C add esp,0C
00424B60 .52 push edx
00424B61 .FF15 CC114000 call dword ptr ds:[<&MSVBVM60.__vbaI4Str>] ;MSVBVM60.__vbaI4Str
00424B67 .8945 DC mov dword ptr ss:,eax
00424B6A .8D45 D4 lea eax,dword ptr ss:
00424B6D .8D4D C4 lea ecx,dword ptr ss:
00424B70 .50 push eax
00424B71 .51 push ecx
00424B72 .C745 D4 0300000>mov dword ptr ss:,3
00424B79 .FF15 C0114000 call dword ptr ds:[<&MSVBVM60.#573>] ;把前6个字节转成十六进制
00424B7F .8D55 C4 lea edx,dword ptr ss:
00424B82 .52 push edx
00424B83 .FFD3 call ebx
00424B85 .8BD0 mov edx,eax
00424B87 .8D4D E8 lea ecx,dword ptr ss:
00424B8A .FFD6 call esi
00424B8C .8D45 C4 lea eax,dword ptr ss:
00424B8F .8D4D D4 lea ecx,dword ptr ss:
00424B92 .50 push eax
00424B93 .51 push ecx
00424B94 .6A 02 push 2
00424B96 .FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>;MSVBVM60.__vbaFreeVarList
00424B9C .8B55 E8 mov edx,dword ptr ss:
00424B9F .83C4 0C add esp,0C
00424BA2 .68 407A4000 push 定时关机.00407A40 ;UNICODE "DG"
00424BA7 .52 push edx
00424BA8 .FFD7 call edi 取得固定值"DG"与前6个字节十六十进相连得到注册码
00424BAA .8BD0 mov edx,eax
00424BAC .8D4D E8 lea ecx,dword ptr ss:
00424BAF .FFD6 call esi
00424BB1 .8B45 08 mov eax,dword ptr ss:
00424BB4 .8B55 E8 mov edx,dword ptr ss:
00424BB7 .8B08 mov ecx,dword ptr ds:
00424BB9 .51 push ecx
00424BBA .52 push edx
00424BBB .FF15 04114000 call dword ptr ds:[<&MSVBVM60.__vbaStrCmp>>;MSVBVM60.__vbaStrCmp
00424BC1 .85C0 test eax,eax
00424BC3 .75 17 jnz short 定时关机.00424BDC
【算法总结】
1.取得计算机名称转成小写
2.累加计算机名称ASCII值
3.累加值与固定值081037相连
4 取得相连前6个字节,再转成十六进制
5、最后固定值"DG"与前6个字节十六进制相连得到注册码
偷懒的写一下注册机 哈哈~~
Private Sub Command1_Click()
On Error Resume Next
a = Text1.Text
n = Mid(a, 1, 1)
If a = "" Then
MsgBox "请输入计算机名", 16, "错误提示"
Else
If Asc(n) < 97 Or Asc(n) > 122 Then
MsgBox "请于小写输入!", 16, "错误提示"
Else
b = Len(a)
For i = 1 To b
c = c + Asc(Mid(a, i, 1))
Next i
c = c & "0" & 81037
c = Mid(c, 1, 6)
c = "DG" & Hex(c)
Text2.Text = c
End If
End If
End Sub
【注册信息】
保存在
------------------------------------------------------------------------
【破解总结】
------------------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[ 本帖最后由 pemet 于 2009-1-21 16:34 编辑 ] 先坐个沙发
楼主辛苦,算法分析得不错
页:
[1]