原帖由 obi-one 于 2006-5-10 19:57 发表
严重同意!!最重要是飘老大热心,不会看不起菜鸟,刚来PYG完全什么都不懂!!现在简单的也能干掉了!!
思路很简单:
1,先用激活专家激活,看看注册后什么样子,原来 会生成一个REGINFO.KEY文件
2,既然 ...
听起来更牛!使用激活专家这样的软件,是猫万万没有想到的!
建议兄弟做个演示!
这里是不是呀:
00404450 > \55 PUSH EBP
00404451 .8BEC MOV EBP,ESP
00404453 .83EC 14 SUB ESP,14
00404456 .68 76104000 PUSH <JMP.&MSVBVM50.__vbaExceptHandler>;SE 处理程序安装
0040445B .64:A1 0000000>MOV EAX,DWORD PTR FS:
00404461 .50 PUSH EAX
00404462 .64:8925 00000>MOV DWORD PTR FS:,ESP
00404469 .81EC 40010000 SUB ESP,140
0040446F .53 PUSH EBX
00404470 .56 PUSH ESI
00404471 .57 PUSH EDI
00404472 .8965 EC MOV DWORD PTR SS:,ESP
00404475 .C745 F0 20104>MOV DWORD PTR SS:,Volatili.00401>
0040447C .8B45 08 MOV EAX,DWORD PTR SS:
0040447F .8BC8 MOV ECX,EAX
00404481 .83E1 01 AND ECX,1
00404484 .894D F4 MOV DWORD PTR SS:,ECX
00404487 .24 FE AND AL,0FE
00404489 .8945 08 MOV DWORD PTR SS:,EAX
0040448C .33F6 XOR ESI,ESI
0040448E .8975 F8 MOV DWORD PTR SS:,ESI
00404491 .8B10 MOV EDX,DWORD PTR DS:
00404493 .50 PUSH EAX
00404494 .FF52 04 CALL DWORD PTR DS:
00404497 .8975 D4 MOV DWORD PTR SS:,ESI
0040449A .8975 C4 MOV DWORD PTR SS:,ESI
0040449D .8975 B4 MOV DWORD PTR SS:,ESI
004044A0 .8975 A4 MOV DWORD PTR SS:,ESI
004044A3 .8975 94 MOV DWORD PTR SS:,ESI
004044A6 .8975 84 MOV DWORD PTR SS:,ESI
004044A9 .89B5 74FFFFFF MOV DWORD PTR SS:,ESI
004044AF .89B5 64FFFFFF MOV DWORD PTR SS:,ESI
004044B5 .89B5 54FFFFFF MOV DWORD PTR SS:,ESI
004044BB .89B5 50FFFFFF MOV DWORD PTR SS:,ESI
004044C1 .89B5 4CFFFFFF MOV DWORD PTR SS:,ESI
004044C7 .89B5 48FFFFFF MOV DWORD PTR SS:,ESI
004044CD .89B5 44FFFFFF MOV DWORD PTR SS:,ESI
004044D3 .89B5 34FFFFFF MOV DWORD PTR SS:,ESI
004044D9 .89B5 24FFFFFF MOV DWORD PTR SS:,ESI
004044DF .89B5 14FFFFFF MOV DWORD PTR SS:,ESI
004044E5 .89B5 04FFFFFF MOV DWORD PTR SS:,ESI
004044EB .89B5 F4FEFFFF MOV DWORD PTR SS:,ESI
004044F1 .89B5 E4FEFFFF MOV DWORD PTR SS:,ESI
004044F7 .6A 01 PUSH 1
004044F9 .FF15 64814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaOnErr>;MSVBVM50.__vbaOnError
004044FF .8B1D 70814000 MOV EBX,DWORD PTR DS:[<&MSVBVM50.#597>];MSVBVM50.rtcAppActivate
00404505 .8B35 78814000 MOV ESI,DWORD PTR DS:[<&MSVBVM50.#599>];MSVBVM50.rtcSendKeys
0040450B .8B3D 34814000 MOV EDI,DWORD PTR DS:[<&MSVBVM50.__vbaFr>;MSVBVM50.__vbaFreeVar
00404511 >C785 2CFFFFFF>MOV DWORD PTR SS:,80020004
0040451B .C785 24FFFFFF>MOV DWORD PTR SS:,0A
00404525 .C785 FCFEFFFF>MOV DWORD PTR SS:,Volatili.0040>;UNICODE "NuMega SmartCheck"
0040452F .C785 F4FEFFFF>MOV DWORD PTR SS:,8
00404539 .8D95 F4FEFFFF LEA EDX,DWORD PTR SS:
0040453F .8D8D 34FFFFFF LEA ECX,DWORD PTR SS:
00404545 .FF15 FC814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarDu>;MSVBVM50.__vbaVarDup
0040454B .8D85 24FFFFFF LEA EAX,DWORD PTR SS:
00404551 .50 PUSH EAX
00404552 .8D8D 34FFFFFF LEA ECX,DWORD PTR SS:
00404558 .51 PUSH ECX
00404559 .FFD3 CALL EBX
0040455B .8D95 24FFFFFF LEA EDX,DWORD PTR SS:
00404561 .52 PUSH EDX
00404562 .8D85 34FFFFFF LEA EAX,DWORD PTR SS:
00404568 .50 PUSH EAX
00404569 .6A 02 PUSH 2
0040456B .FF15 3C814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>;MSVBVM50.__vbaFreeVarList
00404571 .83C4 0C ADD ESP,0C
00404574 .C785 3CFFFFFF>MOV DWORD PTR SS:,-1
0040457E .C785 34FFFFFF>MOV DWORD PTR SS:,0B
00404588 .8D8D 34FFFFFF LEA ECX,DWORD PTR SS:
0040458E .51 PUSH ECX
0040458F .68 781F4000 PUSH Volatili.00401F78 ;UNICODE "%{F4}"
00404594 .FFD6 CALL ESI
00404596 .8D8D 34FFFFFF LEA ECX,DWORD PTR SS:
0040459C .FFD7 CALL EDI
0040459E .C785 3CFFFFFF>MOV DWORD PTR SS:,-1
004045A8 .C785 34FFFFFF>MOV DWORD PTR SS:,0B
004045B2 .8D95 34FFFFFF LEA EDX,DWORD PTR SS:
004045B8 .52 PUSH EDX
004045B9 .68 881F4000 PUSH Volatili.00401F88 ;UNICODE "%Y"
004045BE .FFD6 CALL ESI
004045C0 .8D8D 34FFFFFF LEA ECX,DWORD PTR SS:
004045C6 .FFD7 CALL EDI
004045C8 .^ E9 44FFFFFF JMP Volatili.00404511
004045CD .BF 181E4000 MOV EDI,Volatili.00401E18 ;UNICODE "reginfo.key"
004045D2 .89BD FCFEFFFF MOV DWORD PTR SS:,EDI
004045D8 .BE 08000000 MOV ESI,8
004045DD .89B5 F4FEFFFF MOV DWORD PTR SS:,ESI
004045E3 .8D95 F4FEFFFF LEA EDX,DWORD PTR SS:
004045E9 .8D8D 34FFFFFF LEA ECX,DWORD PTR SS:
004045EF .FF15 FC814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarDu>;MSVBVM50.__vbaVarDup
004045F5 .6A 00 PUSH 0
004045F7 .8D85 34FFFFFF LEA EAX,DWORD PTR SS:
004045FD .50 PUSH EAX
004045FE .FF15 CC814000 CALL DWORD PTR DS:[<&MSVBVM50.#645>] ;MSVBVM50.rtcDir
00404604 .8985 2CFFFFFF MOV DWORD PTR SS:,EAX
0040460A .89B5 24FFFFFF MOV DWORD PTR SS:,ESI
00404610 .8D95 24FFFFFF LEA EDX,DWORD PTR SS:
00404616 .8D4D A4 LEA ECX,DWORD PTR SS:
00404619 .8B35 30814000 MOV ESI,DWORD PTR DS:[<&MSVBVM50.__vbaVa>;MSVBVM50.__vbaVarMove
0040461F .FFD6 CALL ESI ;<&MSVBVM50.__vbaVarMove>
00404621 .8D8D 34FFFFFF LEA ECX,DWORD PTR SS:
00404627 .FF15 34814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>;MSVBVM50.__vbaFreeVar
0040462D .89BD FCFEFFFF MOV DWORD PTR SS:,EDI
00404633 .C785 F4FEFFFF>MOV DWORD PTR SS:,8008
0040463D .8D4D A4 LEA ECX,DWORD PTR SS:
00404640 .51 PUSH ECX
00404641 .8D95 F4FEFFFF LEA EDX,DWORD PTR SS:
00404647 .52 PUSH EDX
00404648 .FF15 98814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarTs>;MSVBVM50.__vbaVarTstEq
0040464E .66:85C0 TEST AX,AX
00404651 .0F84 17090000 JE Volatili.00404F6E
00404657 .57 PUSH EDI
00404658 .6A 01 PUSH 1
0040465A .6A FF PUSH -1
0040465C .6A 01 PUSH 1
0040465E .FF15 D4814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFileO>;MSVBVM50.__vbaFileOpen
00404664 .8B1D E0814000 MOV EBX,DWORD PTR DS:[<&MSVBVM50.#571>];MSVBVM50.rtcEndOfFile
0040466A .8B3D B4814000 MOV EDI,DWORD PTR DS:[<&MSVBVM50.__vbaIn>;MSVBVM50.__vbaInputFile
00404670 >6A 01 PUSH 1
00404672 .FFD3 CALL EBX
00404674 .66:85C0 TEST AX,AX
00404677 .75 25 JNZ SHORT Volatili.0040469E
00404679 .8D45 D4 LEA EAX,DWORD PTR SS:
0040467C .50 PUSH EAX
0040467D .6A 01 PUSH 1
0040467F .68 941F4000 PUSH Volatili.00401F94
00404684 .FFD7 CALL EDI
00404686 .83C4 0C ADD ESP,0C
00404689 .8D8D 74FFFFFF LEA ECX,DWORD PTR SS:
0040468F .51 PUSH ECX
00404690 .6A 01 PUSH 1
00404692 .68 941F4000 PUSH Volatili.00401F94
00404697 .FFD7 CALL EDI
00404699 .83C4 0C ADD ESP,0C
0040469C .^ EB D2 JMP SHORT Volatili.00404670
0040469E >6A 01 PUSH 1
004046A0 .FF15 90814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFileC>;MSVBVM50.__vbaFileClose
004046A6 .C785 FCFEFFFF>MOV DWORD PTR SS:,5
004046B0 .C785 F4FEFFFF>MOV DWORD PTR SS:,8002
004046BA .8D55 D4 LEA EDX,DWORD PTR SS:
004046BD .52 PUSH EDX
004046BE .8D85 34FFFFFF LEA EAX,DWORD PTR SS:
004046C4 .50 PUSH EAX
004046C5 .FF15 54814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaLenVa>;MSVBVM50.__vbaLenVar
004046CB .50 PUSH EAX
004046CC .8D8D F4FEFFFF LEA ECX,DWORD PTR SS:
004046D2 .51 PUSH ECX
004046D3 .FF15 7C814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarTs>;MSVBVM50.__vbaVarTstLt
004046D9 .66:85C0 TEST AX,AX
004046DC .74 37 JE SHORT Volatili.00404715
004046DE .8B45 08 MOV EAX,DWORD PTR SS:
004046E1 .8B10 MOV EDX,DWORD PTR DS:
004046E3 .50 PUSH EAX
004046E4 .FF92 14030000 CALL DWORD PTR DS:
004046EA .50 PUSH EAX
004046EB .8D85 48FFFFFF LEA EAX,DWORD PTR SS:
004046F1 .50 PUSH EAX
004046F2 .FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;MSVBVM50.__vbaObjSet
004046F8 .8BF0 MOV ESI,EAX
004046FA .8B0E MOV ECX,DWORD PTR DS:
004046FC .68 9C1F4000 PUSH Volatili.00401F9C ;UNICODE "UNREGISTERED: Key File Present - You're Getting Closer!"
00404701 .56 PUSH ESI
00404702 .FF91 A4000000 CALL DWORD PTR DS:
00404708 .85C0 TEST EAX,EAX
0040470A .0F8D 9E080000 JGE Volatili.00404FAE
00404710 .E9 87080000 JMP Volatili.00404F9C
原帖由 fjnhwwx 于 2006-5-10 20:07 发表
谢谢!!!!
激活专家哪有下载,
obi-one,你能否试破解我上传的第二个程序..破解后,告诉我好吗
兄弟不才,只能爆破,具体明天 仔细看看,以我的水平肯定不行
原帖由 obi-one 于 2006-5-10 20:47 发表
兄弟不才,只能爆破,具体明天 仔细看看,以我的水平肯定不行
我好PF你,你能教教我吗.
老兄你太谦虚了,我要求也不高,会爆破而已,等熟练后最多也是用注册机软件作个注册机,算法我是不会的,能告诉我你的QQ
吗.
[ 本帖最后由 fjnhwwx 于 2006-5-10 21:03 编辑 ]
00458011|.8D55 EC |LEA EDX,DWORD PTR SS:
00458014|.8BC3 |MOV EAX,EBX
00458016|.E8 E9FAFAFF |CALL CKme.00407B04
0045801B|.FF75 EC |PUSH DWORD PTR SS:
0045801E|.8D45 FC |LEA EAX,DWORD PTR SS:
00458021|.BA 03000000 |MOV EDX,3
00458026|.E8 11BCFAFF |CALL CKme.00403C3C
0045802B|.43 |INC EBX
0045802C|.83FB 13 |CMP EBX,13
0045802F|.^ 75 AB \JNZ SHORT CKme.00457FDC
00458031|.81BE 0C030000>CMP DWORD PTR DS:,85
0045803B|.75 76 JNZ SHORT CKme.004580B3 爆破口
0045803D|.33DB XOR EBX,EBX
0045803F|>8D55 E4 /LEA EDX,DWORD PTR SS:
00458042|.8B86 D4020000 |MOV EAX,DWORD PTR DS:
00458048|.E8 FBB2FCFF |CALL CKme.00423348
0045804D|.8B45 E4 |MOV EAX,DWORD PTR SS:
00458050|.E8 27BBFAFF |CALL CKme.00403B7C
00458055|.83C0 03 |ADD EAX,3
00458058|.8D55 E8 |LEA EDX,DWORD PTR SS:
0045805B|.E8 A4FAFAFF |CALL CKme.00407B04
00458060|.FF75 E8 |PUSH DWORD PTR SS:
00458063|.8D55 E0 |LEA EDX,DWORD PTR SS:
00458066|.8B86 D4020000 |MOV EAX,DWORD PTR DS:
0045806C|.E8 D7B2FCFF |CALL CKme.00423348
00458071|.FF75 E0 |PUSH DWORD PTR SS:
00458074|.8D55 DC |LEA EDX,DWORD PTR SS:
00458077|.8BC3 |MOV EAX,EBX
00458079|.E8 86FAFAFF |CALL CKme.00407B04
原帖由 hbqjxhw 于 2006-5-10 22:43 发表
00458011|.8D55 EC |LEA EDX,DWORD PTR SS:
00458014|.8BC3 |MOV EAX,EBX
00458016|.E8 E9FAFAFF |CALL CKme.00407B04
0045801B|.FF75 EC |PUSH DWORD PTR SS:
00458 ...
谢谢,请问,您是如何找到这个关键点的
如果不用按钮激活专家,能不能DIY一下,将代码改了呀
我不想用辅助工具,想学习一下如何手工改
第一个crackme的算法我大致分析了一下。
1、用户名不能小于5位。
2、注册码是用户名的ASCⅡ码十进制的第二位到第十一位
用那个突破按钮看看吧
正好遇到一个vb编的灰色按钮的软件,不知道有高手能给点破解思路吗