- UID
- 8671
注册时间2006-2-27
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 开心
2018-5-6 16:27 |
|---|
签到天数: 7 天 [LV.3]偶尔看看II
|
【破文标题】无名小兵 V2.47简单算法分析(浮点)
【破文作者】野猫III[D.4s][PYG]
【分析时间】2006-08-03 20:27 湛江12~13级台风
【破解工具】PEiD,W32DASM,UC32,OD
【破解平台】Windows 2K&XP
【软件名称】无名小兵V2.47
【软件大小】213K
【原版下载】http://bx1978.yeah.net
【保护方式】注册码
【软件简介】欢迎您使用无名小兵,非常抱歉的是,如果您没有注册,那您将会受到30分钟的限时,30分钟一到无名小兵将会自动关闭。如果您想继续使用,需要您再次启动无名小兵。
【破解声明】我是一只小小小小鸟WoWoWo...怎么飞呀飞不高WoWoWoOOOOOOOOOoOoooOOoOOOOOOOOOOooo
这个程序之前应陈埃兄在龙族咱做过它的内存注册机演示,如果他有缘应该可以看到这个演示。
------------------------------------------------------------------------
一、软件注册有错误提示,用PEiD查壳:加了这样个“壳”Microsoft Visual Basic 5.0 / 6.0
二、我们用OD载入程序,进入注册窗口输入注册信息,OD下命令断点bp rtcMsgBox,然后点注册确认。
程序中断在以下:
73472F29 > 55 PUSH EBP ; 取消断点,看堆栈窗口
73472F2A 8BEC MOV EBP,ESP
73472F2C 83EC 4C SUB ESP,4C
73472F2F 8B4D 14 MOV ECX,DWORD PTR SS:[EBP+14]
73472F32 53 PUSH EBX
73472F33 56 PUSH ESI
73472F34 57 PUSH EDI
+++堆栈友好提示:
0012F4F8 00419A0D 返回到 无名小兵.00419A0D 来自 MSVBVM60.rtcMsgBox ;返回程序领空。
0012F4FC 0012F5A8
0012F500 00000030
接着我们就开始分析~
++++++++++++++++++++
00419440 > \55 PUSH EBP
00419441 . 8BEC MOV EBP,ESP
00419443 . 83EC 0C SUB ESP,0C
00419446 . 68 B6214000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler>
; SE处理程序安装
0041944B . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
00419451 . 50 PUSH EAX
00419452 . 64:8925 00000000 MOV DWORD PTR FS:[0],ESP
00419459 . 81EC E0000000 SUB ESP,0E0
0041945F . 53 PUSH EBX
00419460 . 56 PUSH ESI
00419461 . 57 PUSH EDI
00419462 . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP
00419465 . C745 F8 98174000 MOV DWORD PTR SS:[EBP-8],无名小兵.00401798
0041946C . 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
0041946F . 8BC6 MOV EAX,ESI
00419471 . 83E0 01 AND EAX,1
00419474 . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00419477 . 83E6 FE AND ESI,FFFFFFFE
0041947A . 56 PUSH ESI
0041947B . 8975 08 MOV DWORD PTR SS:[EBP+8],ESI
0041947E . 8B0E MOV ECX,DWORD PTR DS:[ESI]
00419480 . FF51 04 CALL DWORD PTR DS:[ECX+4]
00419483 . 8B16 MOV EDX,DWORD PTR DS:[ESI]
00419485 . 33DB XOR EBX,EBX
00419487 . 56 PUSH ESI
00419488 . 895D DC MOV DWORD PTR SS:[EBP-24],EBX
0041948B . 895D D8 MOV DWORD PTR SS:[EBP-28],EBX
0041948E . 895D C8 MOV DWORD PTR SS:[EBP-38],EBX
00419491 . 895D C4 MOV DWORD PTR SS:[EBP-3C],EBX
00419494 . 895D BC MOV DWORD PTR SS:[EBP-44],EBX
00419497 . 895D B8 MOV DWORD PTR SS:[EBP-48],EBX
0041949A . 895D B4 MOV DWORD PTR SS:[EBP-4C],EBX
0041949D . 895D B0 MOV DWORD PTR SS:[EBP-50],EBX
004194A0 . 895D AC MOV DWORD PTR SS:[EBP-54],EBX
004194A3 . 895D A8 MOV DWORD PTR SS:[EBP-58],EBX
004194A6 . 895D 98 MOV DWORD PTR SS:[EBP-68],EBX
004194A9 . 895D 88 MOV DWORD PTR SS:[EBP-78],EBX
004194AC . 899D 78FFFFFF MOV DWORD PTR SS:[EBP-88],EBX
004194B2 . 899D 68FFFFFF MOV DWORD PTR SS:[EBP-98],EBX
004194B8 . 899D 58FFFFFF MOV DWORD PTR SS:[EBP-A8],EBX
004194BE . 899D 48FFFFFF MOV DWORD PTR SS:[EBP-B8],EBX
004194C4 . 899D 24FFFFFF MOV DWORD PTR SS:[EBP-DC],EBX
004194CA . 899D 20FFFFFF MOV DWORD PTR SS:[EBP-E0],EBX
004194D0 . FF92 10030000 CALL DWORD PTR DS:[EDX+310]
004194D6 . 8945 A0 MOV DWORD PTR SS:[EBP-60],EAX
004194D9 . 8D45 98 LEA EAX,DWORD PTR SS:[EBP-68]
004194DC . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
004194DF . 50 PUSH EAX
004194E0 . 51 PUSH ECX
004194E1 . C745 98 09000000 MOV DWORD PTR SS:[EBP-68],9
004194E8 . FF15 98104000 CALL DWORD PTR DS:[<&MSVBVM60.#520>]
; MSVBVM60.rtcTrimVar
004194EE . 8D55 88 LEA EDX,DWORD PTR SS:[EBP-78]
004194F1 . 8D85 58FFFFFF LEA EAX,DWORD PTR SS:[EBP-A8]
004194F7 . 52 PUSH EDX
004194F8 . 50 PUSH EAX
004194F9 . C785 60FFFFFF 0CB74000 MOV DWORD PTR SS:[EBP-A0],无名小兵.0040B70C
00419503 . C785 58FFFFFF 08800000 MOV DWORD PTR SS:[EBP-A8],8008
0041950D . FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTstEq>]
; MSVBVM60.__vbaVarTstEq
00419513 . 8B3D 28104000 MOV EDI,DWORD PTR DS
:[<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
00419519 . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
0041951C . 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
0041951F . 51 PUSH ECX
00419520 . 52 PUSH EDX
00419521 . 6A 02 PUSH 2
00419523 . 66:8985 1CFFFFFF MOV WORD PTR SS:[EBP-E4],AX
0041952A . FFD7 CALL EDI
; <&MSVBVM60.__vbaFreeVarList>
0041952C . 83C4 0C ADD ESP,0C
0041952F . 66:399D 1CFFFFFF CMP WORD PTR SS:[EBP-E4],BX
00419536 . 0F85 48050000 JNZ 无名小兵.00419A84
0041953C . 8D45 98 LEA EAX,DWORD PTR SS:[EBP-68]
0041953F . 68 FF000000 PUSH 0FF
00419544 . 50 PUSH EAX
00419545 . FF15 B4104000 CALL DWORD PTR DS:[<&MSVBVM60.#526>]
; MSVBVM60.rtcSpaceVar
0041954B . 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
0041954E . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
00419551 . FF15 0C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMove>]
; MSVBVM60.__vbaVarMove
00419557 . 8D4D 98 LEA ECX,DWORD PTR SS:[EBP-68]
0041955A . 68 FF000000 PUSH 0FF
0041955F . 51 PUSH ECX
00419560 . FF15 B4104000 CALL DWORD PTR DS:[<&MSVBVM60.#526>]
; MSVBVM60.rtcSpaceVar
00419566 . 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
00419569 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
0041956C . FF15 0C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMove>]
; MSVBVM60.__vbaVarMove
00419572 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00419575 . 8D45 88 LEA EAX,DWORD PTR SS:[EBP-78]
00419578 . 52 PUSH EDX
00419579 . 50 PUSH EAX
0041957A . 899D 20FFFFFF MOV DWORD PTR SS:[EBP-E0],EBX
00419580 . 899D 24FFFFFF MOV DWORD PTR SS:[EBP-DC],EBX
00419586 . FF15 54104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenVar>] ; MSVBVM60.__vbaLenVar
0041958C . 50 PUSH EAX
0041958D . FF15 78114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI4Var>] ; MSVBVM60.__vbaI4Var
00419593 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00419596 . 50 PUSH EAX
00419597 . 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
0041959A . 51 PUSH ECX
0041959B . 52 PUSH EDX
0041959C . FF15 28114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVarVal>] ; MSVBVM60.__vbaStrVarVal
004195A2 . 50 PUSH EAX
004195A3 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
004195A6 . 50 PUSH EAX
004195A7 . FF15 88114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrToAnsi>] ; MSVBVM60.__vbaStrToAnsi
004195AD . 8D8D 20FFFFFF LEA ECX,DWORD PTR SS:[EBP-E0]
004195B3 . 50 PUSH EAX
004195B4 . 8D95 24FFFFFF LEA EDX,DWORD PTR SS:[EBP-DC]
004195BA . 51 PUSH ECX
004195BB . 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004195BE . 52 PUSH EDX
004195BF . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
004195C2 . 50 PUSH EAX
004195C3 . 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
004195C6 . 51 PUSH ECX
004195C7 . 52 PUSH EDX
004195C8 . FF15 54104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenVar>]
; MSVBVM60.__vbaLenVar
004195CE . 50 PUSH EAX
004195CF . FF15 78114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI4Var>]
; MSVBVM60.__vbaI4Var
004195D5 . 50 PUSH EAX
004195D6 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004195D9 . 8D4D B8 LEA ECX,DWORD PTR SS:[EBP-48]
004195DC . 50 PUSH EAX
004195DD . 51 PUSH ECX
004195DE . FF15 28114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVarVal>]
; MSVBVM60.__vbaStrVarVal
004195E4 . 8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C]
004195E7 . 50 PUSH EAX
004195E8 . 52 PUSH EDX
004195E9 . FF15 88114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrToAnsi>]
; MSVBVM60.__vbaStrToAnsi
004195EF . 50 PUSH EAX
004195F0 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
004195F3 . 68 14B74000 PUSH 无名小兵.0040B714 ; UNICODE "c:\"
004195F8 . 50 PUSH EAX
004195F9 . FF15 88114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrToAnsi>]
; MSVBVM60.__vbaStrToAnsi
004195FF . 50 PUSH EAX
00419600 . E8 2318FFFF CALL 无名小兵.0040AE28
00419605 . FF15 4C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaSetSystemError>]
; MSVBVM60.__vbaSetSystemError
0041960B . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
0041960E . 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
00419611 . 51 PUSH ECX
00419612 . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]
00419615 . 52 PUSH EDX
00419616 . 8D4D B8 LEA ECX,DWORD PTR SS:[EBP-48]
00419619 . 50 PUSH EAX
0041961A . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
0041961D . 51 PUSH ECX
0041961E . 52 PUSH EDX
0041961F . 6A 05 PUSH 5
00419621 . FF15 64114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStrList>]
; MSVBVM60.__vbaFreeStrList
00419627 . 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
0041962A . 83C4 18 ADD ESP,18
0041962D . 8985 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EAX
00419633 . C785 58FFFFFF 03400000 MOV DWORD PTR SS:[EBP-A8],4003
0041963D . 8D8D 58FFFFFF LEA ECX,DWORD PTR SS:[EBP-A8]
00419643 . 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
00419646 . 51 PUSH ECX
00419647 . 52 PUSH EDX
00419648 . FF15 90114000 CALL DWORD PTR DS:[<&MSVBVM60.#613>] ; MSVBVM60.rtcVarStrFromVar
0041964E . 8D45 98 LEA EAX,DWORD PTR SS:[EBP-68]
00419651 . 6A 09 PUSH 9
00419653 . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
00419656 . 50 PUSH EAX
00419657 . 51 PUSH ECX
00419658 . FF15 A4114000 CALL DWORD PTR DS:[<&MSVBVM60.#619>]
; MSVBVM60.rtcRightCharVar
0041965E . 8D55 88 LEA EDX,DWORD PTR SS:[EBP-78]
00419661 . 52 PUSH EDX
00419662 . FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVarMove>]
; MSVBVM60.__vbaStrVarMove
00419668 . 8BD0 MOV EDX,EAX ; 申请码
0041966A . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
0041966D . FF15 A0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]
; MSVBVM60.__vbaStrMove
00419673 . 8D45 88 LEA EAX,DWORD PTR SS:[EBP-78] ; 申请码
00419676 . 8D4D 98 LEA ECX,DWORD PTR SS:[EBP-68]
00419679 . 50 PUSH EAX
0041967A . 51 PUSH ECX
0041967B . 6A 02 PUSH 2
0041967D . FFD7 CALL EDI
0041967F . 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28] ; 申请码
00419682 . 83C4 0C ADD ESP,0C
00419685 . 52 PUSH EDX
00419686 . FF15 C8114000 CALL DWORD PTR DS:[<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0041968C . DC0D 90174000 FMUL QWORD PTR DS:[401790]
; 浮点值,申请码与1978相乘
00419692 . 833D 00804200 00 CMP DWORD PTR DS:[428000],0
00419699 . 75 08 JNZ SHORT 无名小兵.004196A3
0041969B . DC35 88174000 FDIV QWORD PTR DS:[401788] ; 结果除以2002
004196A1 . EB 11 JMP SHORT 无名小兵.004196B4
004196A3 > FF35 8C174000 PUSH DWORD PTR DS:[40178C]
004196A9 . FF35 88174000 PUSH DWORD PTR DS:[401788]
004196AF . E8 208BFEFF CALL <JMP.&MSVBVM60._adj_fdiv_m64>
004196B4 > DFE0 FSTSW AX
004196B6 . A8 0D TEST AL,0D
004196B8 . 0F85 54040000 JNZ 无名小兵.00419B12
004196BE . FF15 B8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFPInt>]
; MSVBVM60.__vbaFPInt
004196C4 . 83EC 08 SUB ESP,8
004196C7 . DD1C24 FSTP QWORD PTR SS:[ESP] ; 取整数
004196CA . FF15 E8104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrR8>]
; MSVBVM60.__vbaStrR8
004196D0 . 8BD0 MOV EDX,EAX ; 真码浮现
004196D2 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
004196D5 . FF15 A0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]
; MSVBVM60.__vbaStrMove
004196DB . 8D8D 58FFFFFF LEA ECX,DWORD PTR SS:[EBP-A8]
004196E1 . 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
004196E4 . 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
004196E7 . 51 PUSH ECX
004196E8 . 52 PUSH EDX
004196E9 . 8985 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EAX
004196EF . C785 58FFFFFF 08400000 MOV DWORD PTR SS:[EBP-A8],4008
004196F9 . FF15 98104000 CALL DWORD PTR DS:[<&MSVBVM60.#520>]
; MSVBVM60.rtcTrimVar
004196FF . 8B06 MOV EAX,DWORD PTR DS:[ESI]
00419701 . 56 PUSH ESI
00419702 . FF90 10030000 CALL DWORD PTR DS:[EAX+310]
00419708 . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
0041970B . 8D95 78FFFFFF LEA EDX,DWORD PTR SS:[EBP-88]
00419711 . 51 PUSH ECX
00419712 . 52 PUSH EDX
00419713 . 8945 90 MOV DWORD PTR SS:[EBP-70],EAX
00419716 . C745 88 09000000 MOV DWORD PTR SS:[EBP-78],9
0041971D . FF15 98104000 CALL DWORD PTR DS:[<&MSVBVM60.#520>]
; MSVBVM60.rtcTrimVar
00419723 . 8D45 98 LEA EAX,DWORD PTR SS:[EBP-68]
00419726 . 8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88]
0041972C . 50 PUSH EAX
0041972D . 51 PUSH ECX
0041972E . FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTstEq>]
; MSVBVM60.__vbaVarTstEq
00419734 . 66:8985 1CFFFFFF MOV WORD PTR SS:[EBP-E4],AX
; 变量比较,返回标志位AX送[EBP-E4]
0041973B . 8D95 78FFFFFF LEA EDX,DWORD PTR SS:[EBP-88]
00419741 . 8D45 98 LEA EAX,DWORD PTR SS:[EBP-68]
00419744 . 52 PUSH EDX
00419745 . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
00419748 . 50 PUSH EAX
00419749 . 51 PUSH ECX
0041974A . 6A 03 PUSH 3
0041974C . FFD7 CALL EDI
0041974E . B9 04000280 MOV ECX,80020004
00419753 . B8 0A000000 MOV EAX,0A
00419758 . 83C4 10 ADD ESP,10
0041975B . 66:399D 1CFFFFFF CMP WORD PTR SS:[EBP-E4],BX
; BX与[EBP-E4]比较!关键!
00419762 . 898D 70FFFFFF MOV DWORD PTR SS:[EBP-90],ECX
00419768 . 8985 68FFFFFF MOV DWORD PTR SS:[EBP-98],EAX
0041976E . 894D 80 MOV DWORD PTR SS:[EBP-80],ECX
00419771 . 8985 78FFFFFF MOV DWORD PTR SS:[EBP-88],EAX
00419777 . 894D 90 MOV DWORD PTR SS:[EBP-70],ECX
0041977A . 8945 88 MOV DWORD PTR SS:[EBP-78],EAX
0041977D . 0F84 49020000 JE 无名小兵.004199CC
; 不想等则注册失败,否则注册成功。
~~~以下代码全略~~~
------------------------------------------------------------------------
算法总结:
申请码 × 1978 ÷2002,取整就是注册码。
+++++++++++++
VB KeyGen 源码:
Private Sub Command1_Click()
Dim b As Double
Dim c As Long
If Text1.Text = "" Then
Text2.Text = "输入有误,请重新输入。"
Else '以上为注册相关信息检测过程及提示。
a = Val(Text1.Text)
b = a * 1978
c = b / 2002
Text2.Text = c
'以上空白处输入算法源码就OK啦。
End If
End Sub
++++++++++
E KeyGen源码:
.版本 2
.程序集 窗口程序集1
.子程序 _按钮1_被单击
.局部变量 Code, 整数型
.局部变量 CodeA, 双精度小数型
.局部变量 CodeB, 长整数型
.判断开始 (编辑框1.内容 = “”)
编辑框2.内容 = “输入有误,请重新输入。”
.默认
Code = 到数值 (编辑框1.内容)
CodeA = Code × 1978
CodeB = 取整 (CodeA ÷ 2002)
编辑框2.内容 = 到文本 (CodeB)
.判断结束
------------------------------------------------------------------------
【版权声明】本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[ 本帖最后由 野猫III 于 2006-8-10 23:57 编辑 ] |
|
IP卡
发表于 2006-8-10 23:36:51
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-8-11 02:22:30
发表于 2006-8-11 06:16:59
发表于 2006-8-11 20:20:55