花了两天时间写了一个VBCrackMe(共有五关)
欢迎大家来尝试,最后一关有难度!!!呵呵!!(感谢老大提供模块). 支持,下来练练! 有五关!下载来试试看. 支持。。。。。。 原帖由 lovewxt 于 2006-7-28 18:00 发表支持!!!
给兄弟置个顶
谢谢兄弟!/:D/:D/:D:victory: 搞定了第一关.
用户名:绝恋风尘
注册码:303337386C686CB8F3D4C6C6AEB3BEB7E7C1B5BEF8
[ 本帖最后由 绝恋风尘 于 2006-7-29 23:06 编辑 ] 【破文标题】菜鸟简析CrackMe By lhl8730第一关
【破文作者】rcracker
【作者邮箱】
【作者主页】
【破解工具】OD、计算器
【破解平台】XP
【软件名称】VBCrackMe.exe
【软件大小】
【原版下载】
【保护方式】
【软件简介】
先把LOCKED TRUE改为LOCKED FALSE-------这样就能输入注册码了!!
断点:随便
输入: 用户名和假码
------------------------------------------------------------------------
0040D7C2 .FF15 6C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarForInit>] ;MSVBVM60.__vbaVarForInit
0040D7C8 >85C0 TEST EAX,EAX
0040D7CA .0F84 2E010000 JE VBCrackM.0040D8FE
0040D7D0 .B8 01000000 MOV EAX,1
0040D7D5 .8D95 FCFEFFFF LEA EDX,DWORD PTR SS:
0040D7DB .8985 04FFFFFF MOV DWORD PTR SS:,EAX
0040D7E1 .8985 D4FEFFFF MOV DWORD PTR SS:,EAX
0040D7E7 .8D45 9C LEA EAX,DWORD PTR SS:
0040D7EA .52 PUSH EDX
0040D7EB .8D8D CCFEFFFF LEA ECX,DWORD PTR SS:
0040D7F1 .50 PUSH EAX
0040D7F2 .8D95 1CFFFFFF LEA EDX,DWORD PTR SS:
0040D7F8 .51 PUSH ECX
0040D7F9 .52 PUSH EDX
0040D7FA .89BD FCFEFFFF MOV DWORD PTR SS:,EDI
0040D800 .89BD CCFEFFFF MOV DWORD PTR SS:,EDI
0040D806 .FF15 8C114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarAdd>] ;MSVBVM60.__vbaVarAdd
0040D80C .50 PUSH EAX
0040D80D .8D45 DC LEA EAX,DWORD PTR SS:
0040D810 .8D8D 0CFFFFFF LEA ECX,DWORD PTR SS:
0040D816 .50 PUSH EAX
0040D817 .51 PUSH ECX
0040D818 .FF15 00104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarSub>] ;MSVBVM60.__vbaVarSub
0040D81E .50 PUSH EAX
0040D81F .FF15 88114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI4Var>] ;MSVBVM60.__vbaI4Var
0040D825 .50 PUSH EAX
0040D826 .8D55 8C LEA EDX,DWORD PTR SS:
0040D829 .8D85 34FFFFFF LEA EAX,DWORD PTR SS:
0040D82F .52 PUSH EDX
0040D830 .50 PUSH EAX
0040D831 .FF15 24114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVarVal>] ;MSVBVM60.__vbaStrVarVal
0040D837 .50 PUSH EAX
0040D838 .FF15 98104000 CALL DWORD PTR DS:[<&MSVBVM60.#631>] ;MSVBVM60.rtcMidCharBstr
0040D83E .8BD0 MOV EDX,EAX
0040D840 .8D8D 30FFFFFF LEA ECX,DWORD PTR SS:
0040D846 .FF15 B4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
0040D84C .50 PUSH EAX
0040D84D .FF15 40104000 CALL DWORD PTR DS:[<&MSVBVM60.#516>] ;MSVBVM60.rtcAnsiValueBstr
0040D853 .8D8D ECFEFFFF LEA ECX,DWORD PTR SS:
0040D859 .66:8985 F4FEF>MOV WORD PTR SS:,AX
0040D860 .51 PUSH ECX
0040D861 .89BD ECFEFFFF MOV DWORD PTR SS:,EDI
0040D867 .FF15 5C114000 CALL DWORD PTR DS:[<&MSVBVM60.#572>] ;MSVBVM60.rtcHexBstrFromVar
0040D86D .8D95 DCFEFFFF LEA EDX,DWORD PTR SS:
0040D873 .8D8D 7CFFFFFF LEA ECX,DWORD PTR SS:
0040D879 .8985 E4FEFFFF MOV DWORD PTR SS:,EAX
0040D87F .C785 DCFEFFFF>MOV DWORD PTR SS:,8
0040D889 .FFD6 CALL ESI
0040D88B .8D95 30FFFFFF LEA EDX,DWORD PTR SS:
0040D891 .8D85 34FFFFFF LEA EAX,DWORD PTR SS:
0040D897 .52 PUSH EDX
0040D898 .50 PUSH EAX
0040D899 .57 PUSH EDI
0040D89A .FF15 70114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStrList>] ;MSVBVM60.__vbaFreeStrList
0040D8A0 .8D8D ECFEFFFF LEA ECX,DWORD PTR SS:
0040D8A6 .8D95 FCFEFFFF LEA EDX,DWORD PTR SS:
0040D8AC .51 PUSH ECX
0040D8AD .8D85 1CFFFFFF LEA EAX,DWORD PTR SS:
0040D8B3 .52 PUSH EDX
0040D8B4 .50 PUSH EAX
0040D8B5 .6A 03 PUSH 3
0040D8B7 .FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVarList>] ;MSVBVM60.__vbaFreeVarList
0040D8BD .83C4 1C ADD ESP,1C
0040D8C0 .8D8D 6CFFFFFF LEA ECX,DWORD PTR SS:
0040D8C6 .8D95 7CFFFFFF LEA EDX,DWORD PTR SS:
0040D8CC .8D85 1CFFFFFF LEA EAX,DWORD PTR SS:
0040D8D2 .51 PUSH ECX
0040D8D3 .52 PUSH EDX
0040D8D4 .50 PUSH EAX
0040D8D5 .FFD3 CALL EBX
0040D8D7 .8BD0 MOV EDX,EAX
0040D8D9 .8D8D 6CFFFFFF LEA ECX,DWORD PTR SS:
0040D8DF .FFD6 CALL ESI
0040D8E1 .8D8D 50FEFFFF LEA ECX,DWORD PTR SS:
0040D8E7 .8D95 60FEFFFF LEA EDX,DWORD PTR SS:
0040D8ED .51 PUSH ECX
0040D8EE .8D45 DC LEA EAX,DWORD PTR SS:
0040D8F1 .52 PUSH EDX
0040D8F2 .50 PUSH EAX
0040D8F3 .FF15 CC114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarForNext>] ;MSVBVM60.__vbaVarForNext
0040D8F9 .^ E9 CAFEFFFF JMP VBCrackM.0040D7C8 ;上面这段的功能是取用户名的HEX值倒排
0040D8FE >8D4D AC LEA ECX,DWORD PTR SS:
0040D901 .8D95 6CFFFFFF LEA EDX,DWORD PTR SS:
0040D907 .51 PUSH ECX
0040D908 .8D85 1CFFFFFF LEA EAX,DWORD PTR SS:
0040D90E .52 PUSH EDX
0040D90F .50 PUSH EAX
0040D910 .FFD3 CALL EBX ;关键call
0040D912 .8BD0 MOV EDX,EAX
0040D914 .8D8D 5CFFFFFF LEA ECX,DWORD PTR SS:
0040D91A .FFD6 CALL ESI
0040D91C .8B75 08 MOV ESI,DWORD PTR SS:
0040D91F .56 PUSH ESI
0040D920 .8B0E MOV ECX,DWORD PTR DS:
0040D922 .FF91 0C030000 CALL DWORD PTR DS:
0040D928 .8B1D 78104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaObjSet>] ;MSVBVM60.__vbaObjSet
0040D92E .8D95 2CFFFFFF LEA EDX,DWORD PTR SS:
0040D934 .50 PUSH EAX
0040D935 .52 PUSH EDX
0040D936 .FFD3 CALL EBX ;<&MSVBVM60.__vbaObjSet>
0040D938 .8BF8 MOV EDI,EAX
0040D93A .8D8D 34FFFFFF LEA ECX,DWORD PTR SS:
0040D940 .51 PUSH ECX
0040D941 .57 PUSH EDI
0040D942 .8B07 MOV EAX,DWORD PTR DS:
0040D944 .FF90 A0000000 CALL DWORD PTR DS:
0040D94A .85C0 TEST EAX,EAX
0040D94C .DBE2 FCLEX
0040D94E .7D 12 JGE SHORT VBCrackM.0040D962
0040D950 .68 A0000000 PUSH 0A0
0040D955 .68 ACAC4000 PUSH VBCrackM.0040ACAC
0040D95A .57 PUSH EDI
0040D95B .50 PUSH EAX
0040D95C .FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresultCheckObj>] ;MSVBVM60.__vbaHresultCheckObj
0040D962 >8B85 34FFFFFF MOV EAX,DWORD PTR SS:
0040D968 .8D95 5CFFFFFF LEA EDX,DWORD PTR SS:
0040D96E .8985 24FFFFFF MOV DWORD PTR SS:,EAX ;真码
0040D974 .8D85 1CFFFFFF LEA EAX,DWORD PTR SS:
0040D97A .52 PUSH EDX
0040D97B .50 PUSH EAX
0040D97C .C785 34FFFFFF>MOV DWORD PTR SS:,0
0040D986 .C785 1CFFFFFF>MOV DWORD PTR SS:,8008
0040D990 .FF15 C0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTstEq>] ;MSVBVM60.__vbaVarTstEq
0040D996 .8D8D 2CFFFFFF LEA ECX,DWORD PTR SS:
0040D99C .8BF8 MOV EDI,EAX
0040D99E .FF15 D4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeObj>] ;MSVBVM60.__vbaFreeObj
0040D9A4 .8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:
0040D9AA .FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
0040D9B0 .66:85FF TEST DI,DI
0040D9B3 .0F84 42010000 JE VBCrackM.0040DAFB
0040D9B9 .8B0E MOV ECX,DWORD PTR DS:
0040D9BB .56 PUSH ESI
0040D9BC .FF91 10030000 CALL DWORD PTR DS:
0040D9C2 .8D95 2CFFFFFF LEA EDX,DWORD PTR SS:
0040D9C8 .50 PUSH EAX
0040D9C9 .52 PUSH EDX
0040D9CA .FFD3 CALL EBX
0040D9CC .8BF8 MOV EDI,EAX
0040D9CE .68 F0AC4000 PUSH VBCrackM.0040ACF0
0040D9D3 .57 PUSH EDI
0040D9D4 .8B07 MOV EAX,DWORD PTR DS:
0040D9D6 .FF90 A4000000 CALL DWORD PTR DS:
0040D9DC .85C0 TEST EAX,EAX
0040D9DE .DBE2 FCLEX
0040D9E0 .7D 12 JGE SHORT VBCrackM.0040D9F4
0040D9E2 .68 A4000000 PUSH 0A4
0040D9E7 .68 ACAC4000 PUSH VBCrackM.0040ACAC
0040D9EC .57 PUSH EDI
0040D9ED .50 PUSH EAX
0040D9EE .FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresultCheckObj>] ;MSVBVM60.__vbaHresultCheckObj
0040D9F4 >8B3D D4114000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaFreeObj>] ;MSVBVM60.__vbaFreeObj
0040D9FA .8D8D 2CFFFFFF LEA ECX,DWORD PTR SS:
0040DA00 .FFD7 CALL EDI ;<&MSVBVM60.__vbaFreeObj>
0040DA02 .8B0E MOV ECX,DWORD PTR DS:
0040DA04 .56 PUSH ESI
0040DA05 .FF91 64030000 CALL DWORD PTR DS:
0040DA0B .8D95 2CFFFFFF LEA EDX,DWORD PTR SS:
0040DA11 .50 PUSH EAX
0040DA12 .52 PUSH EDX
0040DA13 .FFD3 CALL EBX
0040DA15 .8BF0 MOV ESI,EAX
0040DA17 .6A 00 PUSH 0
0040DA19 .56 PUSH ESI
0040DA1A .8B06 MOV EAX,DWORD PTR DS:
0040DA1C .FF90 94000000 CALL DWORD PTR DS:
0040DA22 .85C0 TEST EAX,EAX
0040DA24 .DBE2 FCLEX
0040DA26 .7D 12 JGE SHORT VBCrackM.0040DA3A
0040DA28 .68 94000000 PUSH 94
0040DA2D .68 10AD4000 PUSH VBCrackM.0040AD10
0040DA32 .56 PUSH ESI
0040DA33 .50 PUSH EAX
0040DA34 .FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresultCheckObj>] ;MSVBVM60.__vbaHresultCheckObj
0040DA3A >8D8D 2CFFFFFF LEA ECX,DWORD PTR SS:
0040DA40 .FFD7 CALL EDI
0040DA42 .E9 B4000000 JMP VBCrackM.0040DAFB
0040DA47 >8B35 94114000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaVarDup>] ;MSVBVM60.__vbaVarDup
0040DA4D .B9 04000280 MOV ECX,80020004
0040DA52 .898D F4FEFFFF MOV DWORD PTR SS:,ECX
0040DA58 .B8 0A000000 MOV EAX,0A
0040DA5D .898D 04FFFFFF MOV DWORD PTR SS:,ECX
0040DA63 .BF 08000000 MOV EDI,8
----------------------------------------关键call-------------------------------------
660E5E41 >55 PUSH EBP
660E5E42 8BEC MOV EBP,ESP
660E5E44 83EC 20 SUB ESP,20
660E5E47 53 PUSH EBX
660E5E48 56 PUSH ESI
660E5E49 57 PUSH EDI
660E5E4A E8 DBCBFEFF CALL MSVBVM60.rtcGetCurrentCalendar
660E5E4F 83F8 01 CMP EAX,1
660E5E52 BB FFBFFFFF MOV EBX,FFFFBFFF
660E5E57 0F85 D2000000 JNZ MSVBVM60.660E5F2F
660E5E5D 8B75 0C MOV ESI,DWORD PTR SS:
660E5E60 0FB706 MOVZX EAX,WORD PTR DS:
660E5E63 23C3 AND EAX,EBX
660E5E65 83F8 07 CMP EAX,7
660E5E68 75 1D JNZ SHORT MSVBVM60.660E5E87
660E5E6A 66:8365 F0 00 AND WORD PTR SS:,0
660E5E6F 6A 08 PUSH 8
660E5E71 6A 08 PUSH 8
660E5E73 E8 FB05F2FF CALL MSVBVM60.66006473
660E5E78 50 PUSH EAX
660E5E79 8D45 F0 LEA EAX,DWORD PTR SS:
660E5E7C 56 PUSH ESI
660E5E7D 50 PUSH EAX
660E5E7E FF15 581A0066 CALL DWORD PTR DS:[<&OLEAUT32.#147>] ; OLEAUT32.VariantChangeTypeEx
660E5E84 8D75 F0 LEA ESI,DWORD PTR SS:
660E5E87 8B7D 10 MOV EDI,DWORD PTR SS:
660E5E8A 0FB707 MOVZX EAX,WORD PTR DS:
660E5E8D 23C3 AND EAX,EBX
660E5E8F 83F8 07 CMP EAX,7
660E5E92 75 1D JNZ SHORT MSVBVM60.660E5EB1
660E5E94 66:8365 E0 00 AND WORD PTR SS:,0
660E5E99 6A 08 PUSH 8
660E5E9B 6A 08 PUSH 8
660E5E9D E8 D105F2FF CALL MSVBVM60.66006473
660E5EA2 50 PUSH EAX
660E5EA3 8D45 E0 LEA EAX,DWORD PTR SS:
660E5EA6 57 PUSH EDI
660E5EA7 50 PUSH EAX
660E5EA8 FF15 581A0066 CALL DWORD PTR DS:[<&OLEAUT32.#147>] ; OLEAUT32.VariantChangeTypeEx
660E5EAE 8D7D E0 LEA EDI,DWORD PTR SS:
660E5EB1 0FB706 MOVZX EAX,WORD PTR DS:
660E5EB4 23C3 AND EAX,EBX
660E5EB6 83F8 0B CMP EAX,0B
660E5EB9 75 14 JNZ SHORT MSVBVM60.660E5ECF
660E5EBB 66:8365 F0 00 AND WORD PTR SS:,0
660E5EC0 6A 08 PUSH 8
660E5EC2 8D45 F0 LEA EAX,DWORD PTR SS:
660E5EC5 56 PUSH ESI
660E5EC6 50 PUSH EAX
660E5EC7 E8 DBAAFFFF CALL MSVBVM60.660E09A7
660E5ECC 8D75 F0 LEA ESI,DWORD PTR SS:
660E5ECF 0FB707 MOVZX EAX,WORD PTR DS:
660E5ED2 23C3 AND EAX,EBX
660E5ED4 83F8 0B CMP EAX,0B
660E5ED7 75 14 JNZ SHORT MSVBVM60.660E5EED
660E5ED9 66:8365 E0 00 AND WORD PTR SS:,0
660E5EDE 6A 08 PUSH 8
660E5EE0 8D45 E0 LEA EAX,DWORD PTR SS:
660E5EE3 57 PUSH EDI
660E5EE4 50 PUSH EAX
660E5EE5 E8 BDAAFFFF CALL MSVBVM60.660E09A7
660E5EEA 8D7D E0 LEA EDI,DWORD PTR SS:
660E5EED FF75 08 PUSH DWORD PTR SS:
660E5EF0 56 PUSH ESI
660E5EF1 57 PUSH EDI
660E5EF2 FF15 C8ED1066 CALL DWORD PTR DS: ;关键call(2)
660E5EF8 8B1D E0190066 MOV EBX,DWORD PTR DS:[<&OLEAUT32.#9>] ; OLEAUT32.VariantClear
660E5EFE 8945 10 MOV DWORD PTR SS:,EAX
660E5F01 8D45 F0 LEA EAX,DWORD PTR SS:
660E5F04 3BF0 CMP ESI,EAX
660E5F06 75 03 JNZ SHORT MSVBVM60.660E5F0B
660E5F08 56 PUSH ESI
660E5F09 FFD3 CALL EBX
660E5F0B 8D45 E0 LEA EAX,DWORD PTR SS:
660E5F0E 3BF8 CMP EDI,EAX
660E5F10 75 03 JNZ SHORT MSVBVM60.660E5F15
660E5F12 57 PUSH EDI
660E5F13 FFD3 CALL EBX
660E5F15 837D 10 00 CMP DWORD PTR SS:,0
660E5F19 7D 0A JGE SHORT MSVBVM60.660E5F25
660E5F1B 6A 00 PUSH 0
660E5F1D FF75 10 PUSH DWORD PTR SS:
660E5F20 E8 2430FFFF CALL MSVBVM60.660D8F49
660E5F25 8B45 08 MOV EAX,DWORD PTR SS:
660E5F28 5F POP EDI
660E5F29 5E POP ESI
660E5F2A 5B POP EBX
660E5F2B C9 LEAVE
660E5F2C C2 0C00 RETN 0C
-----------------------------------------关键call(2)---------------------------------
7711BC4C >8BFF MOV EDI,EDI
7711BC4E 55 PUSH EBP
7711BC4F 8BEC MOV EBP,ESP
7711BC51 51 PUSH ECX
7711BC52 51 PUSH ECX
7711BC53 56 PUSH ESI
7711BC54 57 PUSH EDI
7711BC55 FF75 08 PUSH DWORD PTR SS:
7711BC58 8D45 FC LEA EAX,DWORD PTR SS:
7711BC5B 50 PUSH EAX
7711BC5C 8D45 08 LEA EAX,DWORD PTR SS:
7711BC5F 50 PUSH EAX
7711BC60 E8 73000000 CALL OLEAUT32.7711BCD8
7711BC65 8B7D 10 MOV EDI,DWORD PTR SS:
7711BC68 8BF0 MOV ESI,EAX
7711BC6A 85F6 TEST ESI,ESI
7711BC6C 7C 60 JL SHORT OLEAUT32.7711BCCE
7711BC6E FF75 0C PUSH DWORD PTR SS:
7711BC71 8D45 F8 LEA EAX,DWORD PTR SS:
7711BC74 50 PUSH EAX
7711BC75 8D45 0C LEA EAX,DWORD PTR SS:
7711BC78 50 PUSH EAX
7711BC79 E8 5A000000 CALL OLEAUT32.7711BCD8
7711BC7E 8BF0 MOV ESI,EAX
7711BC80 85F6 TEST ESI,ESI
7711BC82 0F8C C20A0100 JL OLEAUT32.7712C74A
7711BC88 837D 0C FF CMP DWORD PTR SS:,-1
7711BC8C 0F84 C50A0100 JE OLEAUT32.7712C757
7711BC92 837D 08 FF CMP DWORD PTR SS:,-1
7711BC96 0F84 D90A0100 JE OLEAUT32.7712C775
7711BC9C 8D47 08 LEA EAX,DWORD PTR DS:
7711BC9F 50 PUSH EAX
7711BCA0 FF75 0C PUSH DWORD PTR SS:
7711BCA3 FF75 08 PUSH DWORD PTR SS:
7711BCA6 E8 7648FEFF CALL OLEAUT32.VarBstrCat ;关键call(3)
7711BCAB FF75 F8 PUSH DWORD PTR SS:
7711BCAE 8BF0 MOV ESI,EAX
7711BCB0 E8 9B8BFDFF CALL OLEAUT32.SysFreeString
7711BCB5 FF75 FC PUSH DWORD PTR SS:
7711BCB8 E8 938BFDFF CALL OLEAUT32.SysFreeString
7711BCBD 85F6 TEST ESI,ESI
7711BCBF 7C 0D JL SHORT OLEAUT32.7711BCCE
7711BCC1 66:C707 0800 MOV WORD PTR DS:,8
7711BCC6 8BC6 MOV EAX,ESI
7711BCC8 5F POP EDI
7711BCC9 5E POP ESI
7711BCCA C9 LEAVE
7711BCCB C2 0C00 RETN 0C
7711BCCE 8327 00 AND DWORD PTR DS:,0
7711BCD1^ EB F3 JMP SHORT OLEAUT32.7711BCC6
--------------------------------------关键call(3)------------------------------
77100521 >8BFF MOV EDI,EDI
77100523 55 PUSH EBP
77100524 8BEC MOV EBP,ESP
77100526 53 PUSH EBX
77100527 56 PUSH ESI
77100528 8B75 08 MOV ESI,DWORD PTR SS:
7710052B 56 PUSH ESI
7710052C E8 7747FFFF CALL OLEAUT32.SysStringByteLen
77100531 FF75 0C PUSH DWORD PTR SS:
77100534 8BD8 MOV EBX,EAX
77100536 E8 6D47FFFF CALL OLEAUT32.SysStringByteLen
7710053B 8945 08 MOV DWORD PTR SS:,EAX
7710053E 03C3 ADD EAX,EBX
77100540 50 PUSH EAX
77100541 6A 00 PUSH 0
77100543 E8 0D47FFFF CALL OLEAUT32.SysAllocStringByteLen
77100548 85C0 TEST EAX,EAX
7710054A 8B4D 10 MOV ECX,DWORD PTR SS:
7710054D 8901 MOV DWORD PTR DS:,EAX
7710054F 0F84 F1C00200 JE OLEAUT32.7712C646
77100555 57 PUSH EDI
77100556 8BCB MOV ECX,EBX
77100558 8BD1 MOV EDX,ECX
7710055A C1E9 02 SHR ECX,2
7710055D 8BF8 MOV EDI,EAX
7710055F F3:A5 REP MOVS DWORD PTR ES:,DWORD PTR DS:
77100561 8BCA MOV ECX,EDX
77100563 83E1 03 AND ECX,3
77100566 F3:A4 REP MOVS BYTE PTR ES:,BYTE PTR DS:
77100568 8B4D 08 MOV ECX,DWORD PTR SS:
7710056B 8B75 0C MOV ESI,DWORD PTR SS:
7710056E 8D3C03 LEA EDI,DWORD PTR DS:
77100571 8BC1 MOV EAX,ECX
77100573 C1E9 02 SHR ECX,2
77100576 F3:A5 REP MOVS DWORD PTR ES:,DWORD PTR DS:
77100578 8BC8 MOV ECX,EAX
7710057A 83E1 03 AND ECX,3
7710057D F3:A4 REP MOVS BYTE PTR ES:,BYTE PTR DS:
7710057F 33C0 XOR EAX,EAX
77100581 5F POP EDI
77100582 5E POP ESI
77100583 5B POP EBX
77100584 5D POP EBP
77100585 C2 0C00 RETN 0C
------------------------------------------------------------------------
固定字串(我这里是303337386C686CB8F3D4C6C6AE)与倒排的用户名的HEX值相连即为注册码.
------------------------------------------------------------------------ 还5关呀,太苦了,最近连续搞crackme,想休整下 试一下!!