- UID
- 5592
注册时间2005-12-21
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 慵懒
2019-1-18 17:27 |
|---|
签到天数: 30 天 [LV.5]常住居民I
|
【破文标题】Koan VCD 极速转换器V1.1寻码记
【破文作者】lzq1973[PYG][CZG][OCN][DFCG]
【作者邮箱】[email protected]
【作者主页】http://my.winzheng.com/?455397
【破解工具】OD、PEiD
【破解平台】WinXP
【软件名称】Koan VCD 极速转换器
【软件大小】5.80 MB
【原版下载】http://www.koansun.com/download.html
【保护方式】壳、SN
【软件简介】该软件主要功能是将各类视频文件转换为可供刻录的VCD格式,软件采用了世界上最顶尖的视频转换引擎,具有高速、稳定、高质量、资源占用率低的显著特点,转换速度比起国内绝大部分软件要快几倍以上,独立支持几乎所有主流视频格式,完全内置解码,不用安装大量雍肿的解码器和插件,不改变系统原解码器结构,是准绿色软件,操作界面实而不华,简单直接,即使是软件新手也能轻松使用,是已知最快的AVI、RM、RMVB转VCD工具之一.......
【破解声明】俺是只小小鸟,纯为学习,愿与大家分享!
------------------------------------------------------------------------
【破解过程】 PEID查之ASPack 2.12 -> Alexey Solodovnikov,脱后不能运行,有自校验,于是带壳分析,来到这里
00460FF0 55 push ebp
00460FF1 8BEC mov ebp, esp
00460FF3 83EC 18 sub esp, 18
00460FF6 68 06374000 push 00403706 ; jmp 到 msvbvm60.__vbaExceptHandler
00460FFB 64:A1 00000000 mov eax, fs:[0]
00461001 50 push eax
00461002 64:8925 0000000>mov fs:[0], esp
00461009 B8 F8000000 mov eax, 0F8
0046100E E8 ED26FAFF call 00403700 ; jmp 到 msvbvm60.__vbaChkstk
00461013 53 push ebx
00461014 56 push esi
00461015 57 push edi
00461016 8965 E8 mov [ebp-18], esp
00461019 C745 EC 3024400>mov dword ptr [ebp-14], 00402430
00461020 8B45 08 mov eax, [ebp+8]
00461023 83E0 01 and eax, 1
00461026 8945 F0 mov [ebp-10], eax
00461029 8B4D 08 mov ecx, [ebp+8]
0046102C 83E1 FE and ecx, FFFFFFFE
0046102F 894D 08 mov [ebp+8], ecx
00461032 C745 F4 0000000>mov dword ptr [ebp-C], 0
00461039 8B55 08 mov edx, [ebp+8]
0046103C 8B02 mov eax, [edx]
0046103E 8B4D 08 mov ecx, [ebp+8]
00461041 51 push ecx
00461042 FF50 04 call [eax+4]
00461045 C745 FC 0100000>mov dword ptr [ebp-4], 1
0046104C C745 FC 0200000>mov dword ptr [ebp-4], 2
00461053 6A FF push -1
00461055 FF15 94104000 call [401094] ; msvbvm60.__vbaOnError
0046105B C745 FC 0300000>mov dword ptr [ebp-4], 3
00461062 8B55 0C mov edx, [ebp+C]
00461065 66:8B02 mov ax, [edx]
00461068 66:8985 18FFFFF>mov [ebp-E8], ax
0046106F 0FBF8D 18FFFFFF movsx ecx, word ptr [ebp-E8]
00461076 898D 00FFFFFF mov [ebp-100], ecx
0046107C 83BD 00FFFFFF 0>cmp dword ptr [ebp-100], 3
00461083 0F87 65060000 ja 004616EE
00461089 8B95 00FFFFFF mov edx, [ebp-100]
0046108F FF2495 79174600 jmp [edx*4+461779]
00461096 E9 53060000 jmp 004616EE
0046109B C745 FC 0500000>mov dword ptr [ebp-4], 5
004610A2 C785 6CFFFFFF 6>mov dword ptr [ebp-94], 0040A66C
004610AC C785 64FFFFFF 0>mov dword ptr [ebp-9C], 8
004610B6 8D95 64FFFFFF lea edx, [ebp-9C]
004610BC 8D4D D0 lea ecx, [ebp-30]
004610BF FF15 64124000 call [401264] ; msvbvm60.__vbaVarCopy
004610C5 C745 FC 0600000>mov dword ptr [ebp-4], 6
004610CC 8D85 30FFFFFF lea eax, [ebp-D0]
004610D2 50 push eax
004610D3 8B4D 08 mov ecx, [ebp+8]
004610D6 8B11 mov edx, [ecx]
004610D8 8B45 08 mov eax, [ebp+8]
004610DB 50 push eax
004610DC FF92 F8060000 call [edx+6F8]
004610E2 8985 28FFFFFF mov [ebp-D8], eax
004610E8 83BD 28FFFFFF 0>cmp dword ptr [ebp-D8], 0
004610EF 7D 23 jge short 00461114
004610F1 68 F8060000 push 6F8
004610F6 68 08E34000 push 0040E308
004610FB 8B4D 08 mov ecx, [ebp+8]
004610FE 51 push ecx
004610FF 8B95 28FFFFFF mov edx, [ebp-D8]
00461105 52 push edx
00461106 FF15 78104000 call [401078] ; msvbvm60.__vbaHresultCheckObj
0046110C 8985 FCFEFFFF mov [ebp-104], eax
00461112 EB 0A jmp short 0046111E
00461114 C785 FCFEFFFF 0>mov dword ptr [ebp-104], 0
0046111E 66:83BD 30FFFFF>cmp word ptr [ebp-D0], 0FFFF
00461126 0F85 18010000 jnz 00461244
0046112C C745 FC 0700000>mov dword ptr [ebp-4], 7
00461133 8B45 08 mov eax, [ebp+8]
00461136 8B08 mov ecx, [eax]
00461138 8B55 08 mov edx, [ebp+8]
0046113B 52 push edx
0046113C FF91 FC020000 call [ecx+2FC]
00461142 50 push eax
00461143 8D45 B8 lea eax, [ebp-48]
00461146 50 push eax
00461147 FF15 98104000 call [401098] ; msvbvm60.__vbaObjSet
0046114D 8985 28FFFFFF mov [ebp-D8], eax
00461153 8D4D B4 lea ecx, [ebp-4C]
00461156 51 push ecx
00461157 6A 00 push 0
00461159 8B95 28FFFFFF mov edx, [ebp-D8]
0046115F 8B02 mov eax, [edx]
00461161 8B8D 28FFFFFF mov ecx, [ebp-D8]
00461167 51 push ecx
00461168 FF50 40 call [eax+40]
0046116B DBE2 fclex
0046116D 8985 24FFFFFF mov [ebp-DC], eax
00461173 83BD 24FFFFFF 0>cmp dword ptr [ebp-DC], 0
0046117A 7D 23 jge short 0046119F
0046117C 6A 40 push 40
0046117E 68 4CDE4000 push 0040DE4C
00461183 8B95 28FFFFFF mov edx, [ebp-D8]
00461189 52 push edx
0046118A 8B85 24FFFFFF mov eax, [ebp-DC]
00461190 50 push eax
00461191 FF15 78104000 call [401078] ; msvbvm60.__vbaHresultCheckObj
00461197 8985 F8FEFFFF mov [ebp-108], eax
0046119D EB 0A jmp short 004611A9
0046119F C785 F8FEFFFF 0>mov dword ptr [ebp-108], 0
004611A9 8B4D B4 mov ecx, [ebp-4C]
004611AC 898D 20FFFFFF mov [ebp-E0], ecx
004611B2 6A 00 push 0
004611B4 8B95 20FFFFFF mov edx, [ebp-E0]
004611BA 8B02 mov eax, [edx]
004611BC 8B8D 20FFFFFF mov ecx, [ebp-E0]
004611C2 51 push ecx
004611C3 FF90 8C000000 call [eax+8C]
004611C9 DBE2 fclex
004611CB 8985 1CFFFFFF mov [ebp-E4], eax
004611D1 83BD 1CFFFFFF 0>cmp dword ptr [ebp-E4], 0
004611D8 7D 26 jge short 00461200
004611DA 68 8C000000 push 8C
004611DF 68 58DF4000 push 0040DF58
004611E4 8B95 20FFFFFF mov edx, [ebp-E0]
004611EA 52 push edx
004611EB 8B85 1CFFFFFF mov eax, [ebp-E4]
004611F1 50 push eax
004611F2 FF15 78104000 call [401078] ; msvbvm60.__vbaHresultCheckObj
004611F8 8985 F4FEFFFF mov [ebp-10C], eax
004611FE EB 0A jmp short 0046120A
00461200 C785 F4FEFFFF 0>mov dword ptr [ebp-10C], 0
0046120A 8D4D B4 lea ecx, [ebp-4C]
0046120D 51 push ecx
0046120E 8D55 B8 lea edx, [ebp-48]
00461211 52 push edx
00461212 6A 02 push 2
00461214 FF15 44104000 call [401044] ; msvbvm60.__vbaFreeObjList
0046121A 83C4 0C add esp, 0C
0046121D C745 FC 0800000>mov dword ptr [ebp-4], 8
00461224 8B45 08 mov eax, [ebp+8]
00461227 8B08 mov ecx, [eax]
00461229 8B55 08 mov edx, [ebp+8]
0046122C 52 push edx
0046122D FF91 08070000 call [ecx+708]
00461233 C745 FC 0900000>mov dword ptr [ebp-4], 9
0046123A E8 21720000 call 00468460
0046123F E9 A8000000 jmp 004612EC
00461244 C745 FC 0B00000>mov dword ptr [ebp-4], 0B
0046124B C785 7CFFFFFF 0>mov dword ptr [ebp-84], 80020004
00461255 C785 74FFFFFF 0>mov dword ptr [ebp-8C], 0A
0046125F C745 8C 0400028>mov dword ptr [ebp-74], 80020004
00461266 C745 84 0A00000>mov dword ptr [ebp-7C], 0A
0046126D C785 5CFFFFFF E>mov dword ptr [ebp-A4], 0040E0E8 ; ASCII "衏:y"
00461277 C785 54FFFFFF 0>mov dword ptr [ebp-AC], 8
00461281 8D95 54FFFFFF lea edx, [ebp-AC]
00461287 8D4D 94 lea ecx, [ebp-6C]
0046128A FF15 50124000 call [401250] ; msvbvm60.__vbaVarDup
00461290 C785 6CFFFFFF 2>mov dword ptr [ebp-94], 0040EB24
0046129A C785 64FFFFFF 0>mov dword ptr [ebp-9C], 8
004612A4 8D95 64FFFFFF lea edx, [ebp-9C]
004612AA 8D4D A4 lea ecx, [ebp-5C]
004612AD FF15 50124000 call [401250] ; msvbvm60.__vbaVarDup
004612B3 8D85 74FFFFFF lea eax, [ebp-8C]
004612B9 50 push eax
004612BA 8D4D 84 lea ecx, [ebp-7C]
004612BD 51 push ecx
004612BE 8D55 94 lea edx, [ebp-6C]
004612C1 52 push edx
004612C2 6A 40 push 40
004612C4 8D45 A4 lea eax, [ebp-5C]
004612C7 50 push eax
004612C8 FF15 90104000 call [401090] ; msvbvm60.rtcMsgBox
004612CE 8D8D 74FFFFFF lea ecx, [ebp-8C]
004612D4 51 push ecx
004612D5 8D55 84 lea edx, [ebp-7C]
004612D8 52 push edx
004612D9 8D45 94 lea eax, [ebp-6C]
004612DC 50 push eax
004612DD 8D4D A4 lea ecx, [ebp-5C]
004612E0 51 push ecx
004612E1 6A 04 push 4
004612E3 FF15 3C104000 call [40103C] ; msvbvm60.__vbaFreeVarList
004612E9 83C4 14 add esp, 14
004612EC E9 FD030000 jmp 004616EE
004612F1 C745 FC 0E00000>mov dword ptr [ebp-4], 0E
004612F8 8D95 2CFFFFFF lea edx, [ebp-D4]
004612FE 52 push edx
004612FF 8B45 08 mov eax, [ebp+8]
00461302 8B08 mov ecx, [eax]
00461304 8B55 08 mov edx, [ebp+8]
00461307 52 push edx
00461308 FF51 58 call [ecx+58]
0046130B DBE2 fclex
0046130D 8985 28FFFFFF mov [ebp-D8], eax
00461313 83BD 28FFFFFF 0>cmp dword ptr [ebp-D8], 0
0046131A 7D 20 jge short 0046133C
0046131C 6A 58 push 58
0046131E 68 D8E24000 push 0040E2D8
00461323 8B45 08 mov eax, [ebp+8]
00461326 50 push eax
00461327 8B8D 28FFFFFF mov ecx, [ebp-D8]
0046132D 51 push ecx
0046132E FF15 78104000 call [401078] ; msvbvm60.__vbaHresultCheckObj
00461334 8985 F0FEFFFF mov [ebp-110], eax
0046133A EB 0A jmp short 00461346
0046133C C785 F0FEFFFF 0>mov dword ptr [ebp-110], 0
00461346 6A 05 push 5
00461348 68 6CA64000 push 0040A66C
0046134D 8D55 BC lea edx, [ebp-44]
00461350 52 push edx
00461351 FF15 54124000 call [401254] ; msvbvm60.__vbaStrToAnsi
00461357 50 push eax
00461358 68 6CA64000 push 0040A66C
0046135D 8D45 C0 lea eax, [ebp-40]
00461360 50 push eax
00461361 FF15 54124000 call [401254] ; msvbvm60.__vbaStrToAnsi
00461367 50 push eax
00461368 8B0D 68E04700 mov ecx, [47E068]
0046136E 51 push ecx
0046136F 68 D8E34000 push 0040E3D8 ; koanvcd.html
00461374 FF15 5C104000 call [40105C] ; msvbvm60.__vbaStrCat
0046137A 8BD0 mov edx, eax
0046137C 8D4D C8 lea ecx, [ebp-38]
0046137F FF15 88124000 call [401288] ; msvbvm60.__vbaStrMove
00461385 50 push eax
00461386 8D55 C4 lea edx, [ebp-3C]
00461389 52 push edx
0046138A FF15 54124000 call [401254] ; msvbvm60.__vbaStrToAnsi
00461390 50 push eax
00461391 68 80E34000 push 0040E380 ; open
00461396 8D45 CC lea eax, [ebp-34]
00461399 50 push eax
0046139A FF15 54124000 call [401254] ; msvbvm60.__vbaStrToAnsi
004613A0 50 push eax
004613A1 8B8D 2CFFFFFF mov ecx, [ebp-D4]
004613A7 51 push ecx
004613A8 E8 0789FAFF call 00409CB4
004613AD FF15 74104000 call [401074] ; msvbvm60.__vbaSetSystemError
004613B3 8D55 BC lea edx, [ebp-44]
004613B6 52 push edx
004613B7 8D45 C0 lea eax, [ebp-40]
004613BA 50 push eax
004613BB 8D4D C4 lea ecx, [ebp-3C]
004613BE 51 push ecx
004613BF 8D55 C8 lea edx, [ebp-38]
004613C2 52 push edx
004613C3 8D45 CC lea eax, [ebp-34]
004613C6 50 push eax
004613C7 6A 05 push 5
004613C9 FF15 10124000 call [401210] ; msvbvm60.__vbaFreeStrList
004613CF 83C4 18 add esp, 18
004613D2 E9 17030000 jmp 004616EE
004613D7 C745 FC 1000000>mov dword ptr [ebp-4], 10
004613DE 8B4D 08 mov ecx, [ebp+8]
004613E1 8B11 mov edx, [ecx]
004613E3 8B45 08 mov eax, [ebp+8]
004613E6 50 push eax
004613E7 FF92 0C030000 call [edx+30C]
004613ED 50 push eax
004613EE 8D4D B8 lea ecx, [ebp-48]
004613F1 51 push ecx
004613F2 FF15 98104000 call [401098] ; msvbvm60.__vbaObjSet
004613F8 8985 28FFFFFF mov [ebp-D8], eax
004613FE 8D55 CC lea edx, [ebp-34]
00461401 52 push edx
00461402 8B85 28FFFFFF mov eax, [ebp-D8]
00461408 8B08 mov ecx, [eax]
0046140A 8B95 28FFFFFF mov edx, [ebp-D8]
00461410 52 push edx
00461411 FF91 A0000000 call [ecx+A0]
00461417 DBE2 fclex
00461419 8985 24FFFFFF mov [ebp-DC], eax
0046141F 83BD 24FFFFFF 0>cmp dword ptr [ebp-DC], 0
00461426 7D 26 jge short 0046144E
00461428 68 A0000000 push 0A0
0046142D 68 10C24000 push 0040C210
00461432 8B85 28FFFFFF mov eax, [ebp-D8]
00461438 50 push eax
00461439 8B8D 24FFFFFF mov ecx, [ebp-DC]
0046143F 51 push ecx
00461440 FF15 78104000 call [401078] ; msvbvm60.__vbaHresultCheckObj
00461446 8985 ECFEFFFF mov [ebp-114], eax
0046144C EB 0A jmp short 00461458
0046144E C785 ECFEFFFF 0>mov dword ptr [ebp-114], 0
00461458 E8 D3F6FFFF call 00460B30 ;算法关键处
0046145D 8BD0 mov edx, eax ; E8992A811AEF26CC6A594A9BC3D1541834E648870FFC21502A4FBDAEE10DA93E413FCB36F5A0FF6E2FA66900F42E55511B7EAF93882287C191A1D63E0E0A9069
0046145F 8D4D C8 lea ecx, [ebp-38]
00461462 FF15 88124000 call [401288] ; msvbvm60.__vbaStrMove
00461468 50 push eax ; (UNICODE "E8992A811AEF26CC6A594A9BC3D1541834E648870FFC21502A4FBDAEE10DA93E413FCB36F5A0FF6E2FA66900F42E55511B7E")
00461469 8B55 CC mov edx, [ebp-34]
0046146C 52 push edx
0046146D FF15 10114000 call [401110] ; msvbvm60.__vbaStrCmp
00461473 F7D8 neg eax
00461475 1BC0 sbb eax, eax
00461477 F7D8 neg eax
00461479 F7D8 neg eax
0046147B 66:8985 20FFFFF>mov [ebp-E0], ax
00461482 8D45 CC lea eax, [ebp-34]
00461485 50 push eax
00461486 8D4D C8 lea ecx, [ebp-38]
00461489 51 push ecx
0046148A 6A 02 push 2
0046148C FF15 10124000 call [401210] ; msvbvm60.__vbaFreeStrList
00461492 83C4 0C add esp, 0C
00461495 8D4D B8 lea ecx, [ebp-48]
00461498 FF15 D8124000 call [4012D8] ; msvbvm60.__vbaFreeObj
0046149E 0FBF95 20FFFFFF movsx edx, word ptr [ebp-E0]
004614A5 85D2 test edx, edx
004614A7 0F84 AD000000 je 0046155A
004614AD C745 FC 1100000>mov dword ptr [ebp-4], 11
004614B4 C785 7CFFFFFF 0>mov dword ptr [ebp-84], 80020004
004614BE C785 74FFFFFF 0>mov dword ptr [ebp-8C], 0A
004614C8 C745 8C 0400028>mov dword ptr [ebp-74], 80020004
004614CF C745 84 0A00000>mov dword ptr [ebp-7C], 0A
004614D6 C785 5CFFFFFF 8>mov dword ptr [ebp-A4], 0040EB84
004614E0 C785 54FFFFFF 0>mov dword ptr [ebp-AC], 8
004614EA 8D95 54FFFFFF lea edx, [ebp-AC]
004614F0 8D4D 94 lea ecx, [ebp-6C]
004614F3 FF15 50124000 call [401250] ; msvbvm60.__vbaVarDup
004614F9 C785 6CFFFFFF 6>mov dword ptr [ebp-94], 0040EB64
00461503 C785 64FFFFFF 0>mov dword ptr [ebp-9C], 8
0046150D 8D95 64FFFFFF lea edx, [ebp-9C]
00461513 8D4D A4 lea ecx, [ebp-5C]
00461516 FF15 50124000 call [401250] ; msvbvm60.__vbaVarDup
0046151C 8D85 74FFFFFF lea eax, [ebp-8C]
00461522 50 push eax
00461523 8D4D 84 lea ecx, [ebp-7C]
00461526 51 push ecx
00461527 8D55 94 lea edx, [ebp-6C]
0046152A 52 push edx
0046152B 6A 10 push 10
0046152D 8D45 A4 lea eax, [ebp-5C]
00461530 50 push eax
00461531 FF15 90104000 call [401090] ; msvbvm60.rtcMsgBox
00461537 8D8D 74FFFFFF lea ecx, [ebp-8C]
0046153D 51 push ecx
0046153E 8D55 84 lea edx, [ebp-7C]
00461541 52 push edx
00461542 8D45 94 lea eax, [ebp-6C]
00461545 50 push eax
00461546 8D4D A4 lea ecx, [ebp-5C]
00461549 51 push ecx
0046154A 6A 04 push 4
0046154C FF15 3C104000 call [40103C] ; msvbvm60.__vbaFreeVarList
00461552 83C4 14 add esp, 14
00461555 E9 CB000000 jmp 00461625
0046155A C745 FC 1300000>mov dword ptr [ebp-4], 13
00461561 8B55 08 mov edx, [ebp+8]
00461564 8B02 mov eax, [edx]
00461566 8B4D 08 mov ecx, [ebp+8]
00461569 51 push ecx
0046156A FF90 04070000 call [eax+704]
00461570 C745 FC 1400000>mov dword ptr [ebp-4], 14
00461577 C785 7CFFFFFF 0>mov dword ptr [ebp-84], 80020004
00461581 C785 74FFFFFF 0>mov dword ptr [ebp-8C], 0A
0046158B C745 8C 0400028>mov dword ptr [ebp-74], 80020004
00461592 C745 84 0A00000>mov dword ptr [ebp-7C], 0A
00461599 C785 5CFFFFFF E>mov dword ptr [ebp-A4], 0040E9E0
004615A3 C785 54FFFFFF 0>mov dword ptr [ebp-AC], 8
004615AD 8D95 54FFFFFF lea edx, [ebp-AC]
004615B3 8D4D 94 lea ecx, [ebp-6C]
004615B6 FF15 50124000 call [401250] ; msvbvm60.__vbaVarDup
004615BC C785 6CFFFFFF 9>mov dword ptr [ebp-94], 0040EB94
004615C6 C785 64FFFFFF 0>mov dword ptr [ebp-9C], 8
004615D0 8D95 64FFFFFF lea edx, [ebp-9C]
004615D6 8D4D A4 lea ecx, [ebp-5C]
004615D9 FF15 50124000 call [401250] ; msvbvm60.__vbaVarDup
004615DF 8D95 74FFFFFF lea edx, [ebp-8C]
004615E5 52 push edx
004615E6 8D45 84 lea eax, [ebp-7C]
004615E9 50 push eax
004615EA 8D4D 94 lea ecx, [ebp-6C]
004615ED 51 push ecx
004615EE 6A 40 push 40
004615F0 8D55 A4 lea edx, [ebp-5C]
004615F3 52 push edx
004615F4 FF15 90104000 call [401090] ; msvbvm60.rtcMsgBox
004615FA 8D85 74FFFFFF lea eax, [ebp-8C]
00461600 50 push eax
00461601 8D4D 84 lea ecx, [ebp-7C]
00461604 51 push ecx
00461605 8D55 94 lea edx, [ebp-6C]
00461608 52 push edx
00461609 8D45 A4 lea eax, [ebp-5C]
0046160C 50 push eax
0046160D 6A 04 push 4
0046160F FF15 3C104000 call [40103C] ; msvbvm60.__vbaFreeVarList
00461615 83C4 14 add esp, 14
00461618 C745 FC 1500000>mov dword ptr [ebp-4], 15
0046161F FF15 38104000 call [401038] ; msvbvm60.__vbaEnd
00461625 E9 C4000000 jmp 004616EE
0046162A C745 FC 1800000>mov dword ptr [ebp-4], 18
00461631 8D8D 2CFFFFFF lea ecx, [ebp-D4]
00461637 51 push ecx
00461638 8B55 08 mov edx, [ebp+8]
0046163B 8B02 mov eax, [edx]
0046163D 8B4D 08 mov ecx, [ebp+8]
00461640 51 push ecx
00461641 FF50 58 call [eax+58]
00461644 DBE2 fclex
00461646 8985 28FFFFFF mov [ebp-D8], eax
0046164C 83BD 28FFFFFF 0>cmp dword ptr [ebp-D8], 0
00461653 7D 20 jge short 00461675
00461655 6A 58 push 58
00461657 68 D8E24000 push 0040E2D8
0046165C 8B55 08 mov edx, [ebp+8]
0046165F 52 push edx
00461660 8B85 28FFFFFF mov eax, [ebp-D8]
00461666 50 push eax
00461667 FF15 78104000 call [401078] ; msvbvm60.__vbaHresultCheckObj
0046166D 8985 E8FEFFFF mov [ebp-118], eax
00461673 EB 0A jmp short 0046167F
00461675 C785 E8FEFFFF 0>mov dword ptr [ebp-118], 0
0046167F 6A 05 push 5
00461681 68 6CA64000 push 0040A66C
00461686 8D4D C0 lea ecx, [ebp-40]
00461689 51 push ecx
0046168A FF15 54124000 call [401254] ; msvbvm60.__vbaStrToAnsi
00461690 50 push eax
00461691 68 6CA64000 push 0040A66C
00461696 8D55 C4 lea edx, [ebp-3C]
00461699 52 push edx
0046169A FF15 54124000 call [401254] ; msvbvm60.__vbaStrToAnsi
004616A0 50 push eax
004616A1 68 90E34000 push 0040E390 ; http://www.koansun.com/order.html
004616A6 8D45 C8 lea eax, [ebp-38]
004616A9 50 push eax
004616AA FF15 54124000 call [401254] ; msvbvm60.__vbaStrToAnsi
004616B0 50 push eax
004616B1 68 80E34000 push 0040E380 ; open
004616B6 8D4D CC lea ecx, [ebp-34]
004616B9 51 push ecx
004616BA FF15 54124000 call [401254] ; msvbvm60.__vbaStrToAnsi
004616C0 50 push eax
004616C1 8B95 2CFFFFFF mov edx, [ebp-D4]
004616C7 52 push edx
004616C8 E8 E785FAFF call 00409CB4
004616CD FF15 74104000 call [401074] ; msvbvm60.__vbaSetSystemError
004616D3 8D45 C0 lea eax, [ebp-40]
004616D6 50 push eax
004616D7 8D4D C4 lea ecx, [ebp-3C]
004616DA 51 push ecx
004616DB 8D55 C8 lea edx, [ebp-38]
004616DE 52 push edx
004616DF 8D45 CC lea eax, [ebp-34]
004616E2 50 push eax
004616E3 6A 04 push 4
004616E5 FF15 10124000 call [401210] ; msvbvm60.__vbaFreeStrList
004616EB 83C4 14 add esp, 14
004616EE C745 F0 0000000>mov dword ptr [ebp-10], 0
004616F5 68 57174600 push 00461757
004616FA EB 51 jmp short 0046174D
004616FC 8D4D BC lea ecx, [ebp-44]
004616FF 51 push ecx
00461700 8D55 C0 lea edx, [ebp-40]
00461703 52 push edx
00461704 8D45 C4 lea eax, [ebp-3C]
00461707 50 push eax
00461708 8D4D C8 lea ecx, [ebp-38]
0046170B 51 push ecx
0046170C 8D55 CC lea edx, [ebp-34]
0046170F 52 push edx
00461710 6A 05 push 5
00461712 FF15 10124000 call [401210] ; msvbvm60.__vbaFreeStrList
00461718 83C4 18 add esp, 18
0046171B 8D45 B4 lea eax, [ebp-4C]
0046171E 50 push eax
0046171F 8D4D B8 lea ecx, [ebp-48]
00461722 51 push ecx
00461723 6A 02 push 2
00461725 FF15 44104000 call [401044] ; msvbvm60.__vbaFreeObjList
0046172B 83C4 0C add esp, 0C
0046172E 8D95 74FFFFFF lea edx, [ebp-8C]
00461734 52 push edx
00461735 8D45 84 lea eax, [ebp-7C]
00461738 50 push eax
00461739 8D4D 94 lea ecx, [ebp-6C]
0046173C 51 push ecx
0046173D 8D55 A4 lea edx, [ebp-5C]
00461740 52 push edx
00461741 6A 04 push 4
00461743 FF15 3C104000 call [40103C] ; msvbvm60.__vbaFreeVarList
00461749 83C4 14 add esp, 14
0046174C C3 retn
0046174D 8D4D D0 lea ecx, [ebp-30]
00461750 FF15 28104000 call [401028] ; msvbvm60.__vbaFreeVar
00461756 C3 retn
00461757 8B45 08 mov eax, [ebp+8]
0046175A 8B08 mov ecx, [eax]
0046175C 8B55 08 mov edx, [ebp+8]
0046175F 52 push edx
00461760 FF51 08 call [ecx+8]
00461763 8B45 F0 mov eax, [ebp-10]
00461766 8B4D E0 mov ecx, [ebp-20]
00461769 64:890D 0000000>mov fs:[0], ecx
00461770 5F pop edi
00461771 5E pop esi
00461772 5B pop ebx
00461773 8BE5 mov esp, ebp
00461775 5D pop ebp
00461776 C2 0800 retn 8
---------00461458 E8 D3F6FFFF call 00460B30------
00460B30 55 push ebp
00460B31 8BEC mov ebp, esp
00460B33 83EC 0C sub esp, 0C
00460B36 68 06374000 push 00403706 ; jmp 到 msvbvm60.__vbaExceptHandler
00460B3B 64:A1 00000000 mov eax, fs:[0]
00460B41 50 push eax
00460B42 64:8925 0000000>mov fs:[0], esp
00460B49 83EC 4C sub esp, 4C
00460B4C 53 push ebx
00460B4D 56 push esi
00460B4E 57 push edi
00460B4F 8965 F4 mov [ebp-C], esp
00460B52 C745 F8 8023400>mov dword ptr [ebp-8], 00402380
00460B59 33F6 xor esi, esi
00460B5B 68 E0424000 push 004042E0
00460B60 8975 E8 mov [ebp-18], esi
00460B63 8975 E4 mov [ebp-1C], esi
00460B66 8975 E0 mov [ebp-20], esi
00460B69 8975 DC mov [ebp-24], esi
00460B6C 8975 D8 mov [ebp-28], esi
00460B6F 8975 D4 mov [ebp-2C], esi
00460B72 8975 D0 mov [ebp-30], esi
00460B75 8975 C0 mov [ebp-40], esi
00460B78 8975 B0 mov [ebp-50], esi
00460B7B FF15 70114000 call [401170] ; msvbvm60.__vbaNew
00460B81 50 push eax
00460B82 8D45 E8 lea eax, [ebp-18]
00460B85 50 push eax
00460B86 FF15 98104000 call [401098] ; msvbvm60.__vbaObjSet
00460B8C 8B0D 6CE04700 mov ecx, [47E06C] ; (UNICODE "PF2B27K2119S5A")
00460B92 8B1D 5C104000 mov ebx, [40105C] ; msvbvm60.__vbaStrCat
00460B98 51 push ecx
00460B99 68 F0E64000 push 0040E6F0 ; kvcd
00460B9E FFD3 call ebx
00460BA0 8B3D 88124000 mov edi, [401288] ; msvbvm60.__vbaStrMove
00460BA6 8BD0 mov edx, eax ; (UNICODE "PF2B27K2119S5Akvcd")
00460BA8 8D4D E0 lea ecx, [ebp-20]
00460BAB FFD7 call edi
00460BAD 8B45 E8 mov eax, [ebp-18]
00460BB0 8D4D DC lea ecx, [ebp-24]
00460BB3 51 push ecx
00460BB4 8D4D E0 lea ecx, [ebp-20]
00460BB7 8B10 mov edx, [eax]
00460BB9 51 push ecx
00460BBA 50 push eax
00460BBB FF52 1C call [edx+1C]
00460BBE 3BC6 cmp eax, esi
00460BC0 DBE2 fclex
00460BC2 7D 12 jge short 00460BD6
00460BC4 8B55 E8 mov edx, [ebp-18]
00460BC7 6A 1C push 1C
00460BC9 68 0CA74000 push 0040A70C
00460BCE 52 push edx
00460BCF 50 push eax
00460BD0 FF15 78104000 call [401078] ; msvbvm60.__vbaHresultCheckObj
00460BD6 A1 6CE04700 mov eax, [47E06C]
00460BDB 50 push eax
00460BDC FF15 A0114000 call [4011A0] ; msvbvm60.rtcStrReverse
00460BE2 8BD0 mov edx, eax ; (UNICODE "A5S9112K72B2FP")
00460BE4 8D4D D8 lea ecx, [ebp-28]
00460BE7 FFD7 call edi
00460BE9 50 push eax
00460BEA 68 60E74000 push 0040E760 ; yiwa
00460BEF FFD3 call ebx
00460BF1 8BD0 mov edx, eax ; (UNICODE "A5S9112K72B2FPyiwa")
00460BF3 8D4D D4 lea ecx, [ebp-2C]
00460BF6 FFD7 call edi
00460BF8 8B45 E8 mov eax, [ebp-18]
00460BFB 8D55 D0 lea edx, [ebp-30]
00460BFE 52 push edx
00460BFF 8D55 D4 lea edx, [ebp-2C]
00460C02 8B08 mov ecx, [eax]
00460C04 52 push edx
00460C05 50 push eax
00460C06 FF51 1C call [ecx+1C]
00460C09 3BC6 cmp eax, esi
00460C0B DBE2 fclex
00460C0D 7D 12 jge short 00460C21
00460C0F 8B4D E8 mov ecx, [ebp-18]
00460C12 6A 1C push 1C
00460C14 68 0CA74000 push 0040A70C
00460C19 51 push ecx
00460C1A 50 push eax
00460C1B FF15 78104000 call [401078] ; msvbvm60.__vbaHresultCheckObj
00460C21 8B55 DC mov edx, [ebp-24] ; (UNICODE "e8992a811aef26cc6a594a9bc3d1541834e648870ffc21502a4fbdaee10da93e")
00460C24 8B45 D0 mov eax, [ebp-30] ; (UNICODE "413fcb36f5a0ff6e2fa66900f42e55511b7eaf93882287c191a1d63e0e0a9069")
00460C27 52 push edx
00460C28 50 push eax
00460C29 FFD3 call ebx
00460C2B 8D4D C0 lea ecx, [ebp-40]
00460C2E 8D55 B0 lea edx, [ebp-50]
00460C31 51 push ecx
00460C32 52 push edx
00460C33 8945 C8 mov [ebp-38], eax ; E8992A811AEF26CC6A594A9BC3D1541834E648870FFC21502A4FBDAEE10DA93E413FCB36F5A0FF6E2FA66900F42E55511B7EAF93882287C191A1D63E0E0A9069
00460C36 C745 C0 0800000>mov dword ptr [ebp-40], 8
00460C3D FF15 00114000 call [401100] ; msvbvm60.rtcUpperCaseVar
00460C43 8D45 B0 lea eax, [ebp-50]
00460C46 50 push eax
00460C47 FF15 34104000 call [401034] ; msvbvm60.__vbaStrVarMove
00460C4D 8BD0 mov edx, eax ; (UNICODE "E8992A811AEF26CC6A594A9BC3D1541834E648870FFC21502A4FBDAEE10DA93E413FCB36F5A0FF6E2FA66900F42E55511B7E")
00460C4F 8D4D E4 lea ecx, [ebp-1C]
00460C52 FFD7 call edi
00460C54 8D4D D0 lea ecx, [ebp-30]
00460C57 8D55 DC lea edx, [ebp-24]
00460C5A 51 push ecx
00460C5B 8D45 D4 lea eax, [ebp-2C]
00460C5E 52 push edx
00460C5F 8D4D D8 lea ecx, [ebp-28]
00460C62 50 push eax
00460C63 8D55 E0 lea edx, [ebp-20]
00460C66 51 push ecx
00460C67 52 push edx
00460C68 6A 05 push 5
00460C6A FF15 10124000 call [401210] ; msvbvm60.__vbaFreeStrList
00460C70 8D45 B0 lea eax, [ebp-50]
00460C73 8D4D C0 lea ecx, [ebp-40]
00460C76 50 push eax
00460C77 51 push ecx
00460C78 6A 02 push 2
00460C7A FF15 3C104000 call [40103C] ; msvbvm60.__vbaFreeVarList
00460C80 83C4 24 add esp, 24
00460C83 68 D30C4600 push 00460CD3
00460C88 EB 3F jmp short 00460CC9
00460C8A F645 FC 04 test byte ptr [ebp-4], 4
00460C8E 74 09 je short 00460C99
00460C90 8D4D E4 lea ecx, [ebp-1C]
00460C93 FF15 D4124000 call [4012D4] ; msvbvm60.__vbaFreeStr
00460C99 8D55 D0 lea edx, [ebp-30]
00460C9C 8D45 D4 lea eax, [ebp-2C]
00460C9F 52 push edx
00460CA0 8D4D D8 lea ecx, [ebp-28]
00460CA3 50 push eax
00460CA4 8D55 DC lea edx, [ebp-24]
00460CA7 51 push ecx
00460CA8 8D45 E0 lea eax, [ebp-20]
00460CAB 52 push edx
00460CAC 50 push eax
00460CAD 6A 05 push 5
00460CAF FF15 10124000 call [401210] ; msvbvm60.__vbaFreeStrList
00460CB5 8D4D B0 lea ecx, [ebp-50]
00460CB8 8D55 C0 lea edx, [ebp-40]
00460CBB 51 push ecx
00460CBC 52 push edx
00460CBD 6A 02 push 2
00460CBF FF15 3C104000 call [40103C] ; msvbvm60.__vbaFreeVarList
00460CC5 83C4 24 add esp, 24
00460CC8 C3 retn
00460CC9 8D4D E8 lea ecx, [ebp-18]
00460CCC FF15 D8124000 call [4012D8] ; msvbvm60.__vbaFreeObj
00460CD2 C3 retn
00460CD3 8B4D EC mov ecx, [ebp-14]
00460CD6 8B45 E4 mov eax, [ebp-1C]
00460CD9 5F pop edi
00460CDA 5E pop esi
00460CDB 64:890D 0000000>mov fs:[0], ecx
00460CE2 5B pop ebx
00460CE3 8BE5 mov esp, ebp
00460CE5 5D pop ebp
00460CE6 C3 retn
明码比较,但在OD中只能显示长度为100的字串,先前总是注册不成功,后比较长度只有100位......
------------------------------------------------------------------------
【破解总结】算法极其简单,就是一个SHA256加密~~~
1、令硬盘ID为C,其倒序为D。如我这里的C是PF2B27K2119S5A,则D就是A5S9112K72B2FP;
2、常量kvcd、yiwa分别为E、F;
3、那K1=SHA256(C+E),K2=SHA256(D+F);
4、注册码K=K1+K2.
注:这里的“+”表示连接的意思;在软件界面中看不到ID号,估计是在那个注册密匙中。
------------------------------------------------------------------------
【版权声明】本文纯属技术交流, 转载请注明作者信息并保持文章的完整, 谢谢! |
|
IP卡
发表于 2007-2-28 08:44:06
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2007-3-2 19:49:36
发表于 2007-3-3 08:35:55
发表于 2007-3-3 14:43:38
