- UID
- 2
注册时间2004-12-1
阅读权限255
最后登录1970-1-1
总坛主
TA的每日心情 | 开心
2024-12-1 11:04 |
|---|
签到天数: 12 天 [LV.3]偶尔看看II
|
软件名称:变变变 V1.07 2006世界杯特别版
下载地址:http://www3.skycn.com/soft/27101.html
介绍:略!
只是简单介绍一下过程,时间关系,所以不按流行的破文格式了~ ,有任何错误请指出来~~
下断 rtcMsgBox 来到如下关键:
004C62F0 55 push ebp
004C62F1 8BEC mov ebp,esp
004C62F3 83EC 0C sub esp,0C
004C62F6 68 E6174000 push <jmp.&MSVBVM60.__vbaExceptHandle>
004C62FB 64:A1 00000000 mov eax,dword ptr fs:[0]
004C6301 50 push eax
004C6302 64:8925 00000000 mov dword ptr fs:[0],esp
004C6309 81EC D4000000 sub esp,0D4
004C630F 53 push ebx
004C6310 56 push esi
004C6311 57 push edi
004C6312 8965 F4 mov dword ptr ss:[ebp-C],esp
004C6315 C745 F8 C0164000 mov dword ptr ss:[ebp-8],变变变.004016C0
004C631C 8B75 08 mov esi,dword ptr ss:[ebp+8]
004C631F 8BC6 mov eax,esi
004C6321 83E0 01 and eax,1
004C6324 8945 FC mov dword ptr ss:[ebp-4],eax
004C6327 83E6 FE and esi,FFFFFFFE
004C632A 56 push esi
004C632B 8975 08 mov dword ptr ss:[ebp+8],esi
004C632E 8B0E mov ecx,dword ptr ds:[esi]
004C6330 FF51 04 call dword ptr ds:[ecx+4]
004C6333 8B16 mov edx,dword ptr ds:[esi]
004C6335 33DB xor ebx,ebx
004C6337 56 push esi
004C6338 895D DC mov dword ptr ss:[ebp-24],ebx
004C633B 895D CC mov dword ptr ss:[ebp-34],ebx
004C633E 895D C8 mov dword ptr ss:[ebp-38],ebx
004C6341 895D C4 mov dword ptr ss:[ebp-3C],ebx
004C6344 895D B4 mov dword ptr ss:[ebp-4C],ebx
004C6347 895D A4 mov dword ptr ss:[ebp-5C],ebx
004C634A 895D 94 mov dword ptr ss:[ebp-6C],ebx
004C634D 895D 84 mov dword ptr ss:[ebp-7C],ebx
004C6350 899D 74FFFFFF mov dword ptr ss:[ebp-8C],ebx
004C6356 899D 64FFFFFF mov dword ptr ss:[ebp-9C],ebx
004C635C 899D 34FFFFFF mov dword ptr ss:[ebp-CC],ebx
004C6362 899D 30FFFFFF mov dword ptr ss:[ebp-D0],ebx
004C6368 FF92 00030000 call dword ptr ds:[edx+300]
004C636E 50 push eax
004C636F 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
004C6372 50 push eax
004C6373 FF15 74104000 call dword ptr ds:[<&MSVBVM60.__vbaOb>;
MSVBVM60.__vbaObjSet
004C6379 8BF8 mov edi,eax
004C637B 8D55 C8 lea edx,dword ptr ss:[ebp-38]
004C637E 52 push edx
004C637F 57 push edi
004C6380 8B0F mov ecx,dword ptr ds:[edi]
004C6382 FF91 A0000000 call dword ptr ds:[ecx+A0]
004C6388 3BC3 cmp eax,ebx
004C638A DBE2 fclex
004C638C 7D 12 jge short 变变变.004C63A0
004C638E 68 A0000000 push 0A0
004C6393 68 0C5D4600 push 变变变.00465D0C
004C6398 57 push edi
004C6399 50 push eax
004C639A FF15 54104000 call dword ptr ds:[<&MSVBVM60.__vbaHr>;
MSVBVM60.__vbaHresultCheckObj
004C63A0 8B45 C8 mov eax,dword ptr ss:[ebp-38] ; 假码
004C63A3 50 push eax
004C63A4 68 34574600 push 变变变.00465734
004C63A9 FF15 AC104000 call dword ptr ds:[<&MSVBVM60.__vbaSt>;
MSVBVM60.__vbaStrCmp
004C63AF 8BF8 mov edi,eax
004C63B1 8D4D C8 lea ecx,dword ptr ss:[ebp-38]
004C63B4 F7DF neg edi
004C63B6 1BFF sbb edi,edi
004C63B8 47 inc edi
004C63B9 F7DF neg edi
004C63BB FF15 A0114000 call dword ptr ds:[<&MSVBVM60.__vbaFr>;
MSVBVM60.__vbaFreeStr
004C63C1 8D4D C4 lea ecx,dword ptr ss:[ebp-3C]
004C63C4 FF15 9C114000 call dword ptr ds:[<&MSVBVM60.__vbaFr>;
MSVBVM60.__vbaFreeObj
.
.
.
.
(省略部分代码)
004C6516 8D95 30FFFFFF lea edx,dword ptr ss:[ebp-D0]
004C651C 8985 30FFFFFF mov dword ptr ss:[ebp-D0],eax
004C6522 52 push edx
004C6523 68 50C14C00 push 变变变.004CC150
004C6528 E8 83090000 call 变变变.004C6EB0 ; 关键CALL
{******************以下为关键CALL内容***********************
004C6EB0 55 push ebp
004C6EB1 8BEC mov ebp,esp
004C6EB3 83EC 08 sub esp,8
004C6EB6 68 E6174000 push <jmp.&MSVBVM60.__vbaExceptHandle>
004C6EBB 64:A1 00000000 mov eax,dword ptr fs:[0]
004C6EC1 50 push eax
004C6EC2 64:8925 00000000 mov dword ptr fs:[0],esp
004C6EC9 83EC 48 sub esp,48
004C6ECC 53 push ebx
004C6ECD 56 push esi
004C6ECE 57 push edi
004C6ECF 8965 F8 mov dword ptr ss:[ebp-8],esp
004C6ED2 C745 FC 00174000 mov dword ptr ss:[ebp-4],变变变.00401700
004C6ED9 33C0 xor eax,eax
004C6EDB 8945 E0 mov dword ptr ss:[ebp-20],eax
004C6EDE 8945 D8 mov dword ptr ss:[ebp-28],eax
004C6EE1 8945 D4 mov dword ptr ss:[ebp-2C],eax
004C6EE4 8945 D0 mov dword ptr ss:[ebp-30],eax
004C6EE7 8945 C0 mov dword ptr ss:[ebp-40],eax
004C6EEA 8945 B0 mov dword ptr ss:[ebp-50],eax
004C6EED 8B45 08 mov eax,dword ptr ss:[ebp+8]
004C6EF0 8B00 mov eax,dword ptr ds:[eax] ; eax=机器码
004C6EF2 3D B6710800 cmp eax,871B6 //分析:纵观以下代码,发现机器码应该是
从作者预设好的一些字符串中随机提取的 而注册码则是根据机器码来查找,没有具体有意义的算法,仅仅是查找而已,读者自行分析对应的注册码~~
004C6EF7 0F8F AA000000 jg 变变变.004C6FA7
004C6EFD 0F84 96000000 je 变变变.004C6F99
004C6F03 3D A7A10300 cmp eax,3A1A7
004C6F08 7F 5E jg short 变变变.004C6F68
004C6F0A 74 34 je short 变变变.004C6F40
004C6F0C 3D 24690200 cmp eax,26924
004C6F11 74 19 je short 变变变.004C6F2C
004C6F13 3D 6D100300 cmp eax,3106D
004C6F18 0F85 A9010000 jnz 变变变.004C70C7
004C6F1E 8B45 0C mov eax,dword ptr ss:[ebp+C]
004C6F21 8138 44E10000 cmp dword ptr ds:[eax],0E144
004C6F27 E9 2C010000 jmp 变变变.004C7058
004C6F2C 8B45 0C mov eax,dword ptr ss:[ebp+C]
004C6F2F 8138 7D570000 cmp dword ptr ds:[eax],577D
004C6F35 0F85 36020000 jnz 变变变.004C7171
004C6F3B E9 B6010000 jmp 变变变.004C70F6
004C6F40 8B55 0C mov edx,dword ptr ss:[ebp+C]
004C6F43 813A 6F220100 cmp dword ptr ds:[edx],1226F
004C6F49 0F85 22020000 jnz 变变变.004C7171
004C6F4F 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
004C6F52 C745 D4 E7030000 mov dword ptr ss:[ebp-2C],3E7
004C6F59 8945 B8 mov dword ptr ss:[ebp-48],eax
004C6F5C C745 B0 02400000 mov dword ptr ss:[ebp-50],4002
004C6F63 E9 07010000 jmp 变变变.004C706F
004C6F68 3D 7C7B0400 cmp eax,47B7C
004C6F6D 74 1F je short 变变变.004C6F8E
004C6F6F 3D 20AE0500 cmp eax,5AE20
004C6F74 0F85 4D010000 jnz 变变变.004C70C7
004C6F7A 8B45 0C mov eax,dword ptr ss:[ebp+C]
004C6F7D 8138 EDE00000 cmp dword ptr ds:[eax],0E0ED
004C6F83 0F85 E8010000 jnz 变变变.004C7171
004C6F89 E9 68010000 jmp 变变变.004C70F6
004C6F8E 8B45 0C mov eax,dword ptr ss:[ebp+C]
004C6F91 8138 B02F0000 cmp dword ptr ds:[eax],2FB0
004C6F97 EB 4E jmp short 变变变.004C6FE7
004C6F99 8B45 0C mov eax,dword ptr ss:[ebp+C]
004C6F9C 8138 89D90000 cmp dword ptr ds:[eax],0D989
004C6FA2 E9 B1000000 jmp 变变变.004C7058
004C6FA7 3D 4EFD0C00 cmp eax,0CFD4E
004C6FAC 0F8F 0E010000 jg 变变变.004C70C0
004C6FB2 0F84 97000000 je 变变变.004C704F
004C6FB8 3D 2A8F0A00 cmp eax,0A8F2A
004C6FBD 74 1F je short 变变变.004C6FDE
004C6FBF 3D 2A300C00 cmp eax,0C302A
004C6FC4 0F85 FD000000 jnz 变变变.004C70C7
004C6FCA 8B45 0C mov eax,dword ptr ss:[ebp+C]
004C6FCD 8138 50920000 cmp dword ptr ds:[eax],9250
004C6FD3 0F85 98010000 jnz 变变变.004C7171
004C6FD9 E9 18010000 jmp 变变变.004C70F6
004C6FDE 8B45 0C mov eax,dword ptr ss:[ebp+C]
004C6FE1 8138 0D5A0000 cmp dword ptr ds:[eax],5A0D
004C6FE7 0F85 84010000 jnz 变变变.004C7171
004C6FED 8945 B8 mov dword ptr ss:[ebp-48],eax
004C6FF0 8D55 B0 lea edx,dword ptr ss:[ebp-50]
004C6FF3 8D45 C0 lea eax,dword ptr ss:[ebp-40]
004C6FF6 52 push edx
004C6FF7 50 push eax
004C6FF8 C745 D4 E7030000 mov dword ptr ss:[ebp-2C],3E7
004C6FFF C745 B0 03400000 mov dword ptr ss:[ebp-50],4003
004C7006 FF15 60114000 call dword ptr ds:[<&MSVBVM60.#613>] ;
MSVBVM60.rtcVarStrFromVar
004C700C 8D4D C0 lea ecx,dword ptr ss:[ebp-40]
004C700F 51 push ecx
004C7010 FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaSt>;
MSVBVM60.__vbaStrVarMove
004C7016 8B35 7C114000 mov esi,dword ptr ds:[<&MSVBVM60.__vb>;
MSVBVM60.__vbaStrMove
004C701C 8BD0 mov edx,eax
004C701E 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
004C7021 FFD6 call esi
004C7023 8D4D C0 lea ecx,dword ptr ss:[ebp-40]
004C7026 FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaFr>;
MSVBVM60.__vbaFreeVar
004C702C 8B15 3CC14C00 mov edx,dword ptr ds:[4CC13C]
004C7032 52 push edx
004C7033 68 F05A4600 push 变变变.00465AF0 ; \
004C7038 FF15 44104000 call dword ptr ds:[<&MSVBVM60.__vbaSt>;
MSVBVM60.__vbaStrCat
004C703E 8BD0 mov edx,eax
004C7040 8D4D D0 lea ecx,dword ptr ss:[ebp-30]
004C7043 FFD6 call esi
004C7045 50 push eax
004C7046 8B45 D8 mov eax,dword ptr ss:[ebp-28]
004C7049 50 push eax
004C704A E9 03010000 jmp 变变变.004C7152
004C704F 8B45 0C mov eax,dword ptr ss:[ebp+C]
004C7052 8138 C9580100 cmp dword ptr ds:[eax],158C9
004C7058 0F85 13010000 jnz 变变变.004C7171
004C705E C745 D4 E7030000 mov dword ptr ss:[ebp-2C],3E7
004C7065 8945 B8 mov dword ptr ss:[ebp-48],eax
004C7068 C745 B0 03400000 mov dword ptr ss:[ebp-50],4003
004C706F 8D4D B0 lea ecx,dword ptr ss:[ebp-50]
004C7072 8D55 C0 lea edx,dword ptr ss:[ebp-40]
004C7075 51 push ecx
004C7076 52 push edx
004C7077 FF15 60114000 call dword ptr ds:[<&MSVBVM60.#613>] ;
MSVBVM60.rtcVarStrFromVar
004C707D 8D45 C0 lea eax,dword ptr ss:[ebp-40]
004C7080 50 push eax
004C7081 FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaSt>;
MSVBVM60.__vbaStrVarMove
004C7087 8B35 7C114000 mov esi,dword ptr ds:[<&MSVBVM60.__vb>;
MSVBVM60.__vbaStrMove
004C708D 8BD0 mov edx,eax
004C708F 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
004C7092 FFD6 call esi
004C7094 8D4D C0 lea ecx,dword ptr ss:[ebp-40]
004C7097 FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaFr>;
MSVBVM60.__vbaFreeVar
004C709D 8B0D 3CC14C00 mov ecx,dword ptr ds:[4CC13C]
004C70A3 51 push ecx
004C70A4 68 F05A4600 push 变变变.00465AF0 ; \
004C70A9 FF15 44104000 call dword ptr ds:[<&MSVBVM60.__vbaSt>;
MSVBVM60.__vbaStrCat
004C70AF 8BD0 mov edx,eax
004C70B1 8D4D D0 lea ecx,dword ptr ss:[ebp-30]
004C70B4 FFD6 call esi
004C70B6 8B55 D8 mov edx,dword ptr ss:[ebp-28]
004C70B9 50 push eax
004C70BA 52 push edx
004C70BB E9 92000000 jmp 变变变.004C7152
004C70C0 3D BB380F00 cmp eax,0F38BB
004C70C5 74 24 je short 变变变.004C70EB
004C70C7 8D55 B0 lea edx,dword ptr ss:[ebp-50]
004C70CA 8D4D E0 lea ecx,dword ptr ss:[ebp-20]
004C70CD C745 B8 6F000000 mov dword ptr ss:[ebp-48],6F
004C70D4 C745 B0 02000000 mov dword ptr ss:[ebp-50],2
004C70DB FF15 14104000 call dword ptr ds:[<&MSVBVM60.__vbaVa>;
MSVBVM60.__vbaVarMove
004C70E1 68 A5714C00 push 变变变.004C71A5
004C70E6 E9 A7000000 jmp 变变变.004C7192
004C70EB 8B45 0C mov eax,dword ptr ss:[ebp+C]
004C70EE 8138 A2730100 cmp dword ptr ds:[eax],173A2
004C70F4 75 7B jnz short 变变变.004C7171
004C70F6 8945 B8 mov dword ptr ss:[ebp-48],eax
004C70F9 8D45 B0 lea eax,dword ptr ss:[ebp-50]
004C70FC 8D4D C0 lea ecx,dword ptr ss:[ebp-40]
004C70FF 50 push eax
004C7100 51 push ecx
004C7101 C745 D4 E7030000 mov dword ptr ss:[ebp-2C],3E7
004C7108 C745 B0 03400000 mov dword ptr ss:[ebp-50],4003
004C710F FF15 60114000 call dword ptr ds:[<&MSVBVM60.#613>] ;
MSVBVM60.rtcVarStrFromVar
004C7115 8D55 C0 lea edx,dword ptr ss:[ebp-40]
004C7118 52 push edx
004C7119 FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaSt>;
MSVBVM60.__vbaStrVarMove
004C711F 8B35 7C114000 mov esi,dword ptr ds:[<&MSVBVM60.__vb>;
MSVBVM60.__vbaStrMove
004C7125 8BD0 mov edx,eax
004C7127 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
004C712A FFD6 call esi
004C712C 8D4D C0 lea ecx,dword ptr ss:[ebp-40]
004C712F FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaFr>;
MSVBVM60.__vbaFreeVar
004C7135 A1 3CC14C00 mov eax,dword ptr ds:[4CC13C]
004C713A 50 push eax
004C713B 68 F05A4600 push 变变变.00465AF0 ; \ 开始向
配置文件写注册信息
004C7140 FF15 44104000 call dword ptr ds:[<&MSVBVM60.__vbaSt>;
MSVBVM60.__vbaStrCat
004C7146 8BD0 mov edx,eax
004C7148 8D4D D0 lea ecx,dword ptr ss:[ebp-30]
004C714B FFD6 call esi
004C714D 8B4D D8 mov ecx,dword ptr ss:[ebp-28]
004C7150 50 push eax
004C7151 51 push ecx
004C7152 68 A85F4600 push 变变变.00465FA8 ; r
004C7157 68 C05A4600 push 变变变.00465AC0
004C715C E8 BFE2FFFF call 变变变.004C5420
004C7161 8D4D D0 lea ecx,dword ptr ss:[ebp-30]
004C7164 FF15 A0114000 call dword ptr ds:[<&MSVBVM60.__vbaFr>;
MSVBVM60.__vbaFreeStr
004C716A 68 A5714C00 push 变变变.004C71A5
004C716F EB 21 jmp short 变变变.004C7192
004C7171 C745 D4 2B020000 mov dword ptr ss:[ebp-2C],22B
004C7178 68 A5714C00 push 变变变.004C71A5
004C717D EB 13 jmp short 变变变.004C7192
004C717F 8D4D D0 lea ecx,dword ptr ss:[ebp-30]
004C7182 FF15 A0114000 call dword ptr ds:[<&MSVBVM60.__vbaFr>;
MSVBVM60.__vbaFreeStr
004C7188 8D4D C0 lea ecx,dword ptr ss:[ebp-40]
004C718B FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaFr>;
MSVBVM60.__vbaFreeVar
004C7191 C3 retn
*****************************关键CALL内容结束******************************
}
004C652D 8D95 74FFFFFF lea edx,dword ptr ss:[ebp-8C]
004C6533 8D4D CC lea ecx,dword ptr ss:[ebp-34]
004C6536 66:8985 7CFFFFFF mov word ptr ss:[ebp-84],ax
004C653D C785 74FFFFFF 020000>mov dword ptr ss:[ebp-8C],2
★为了验证上面推断,将"配置文件.ini"中的"use=******" 改为 "use=" 然后命令行下断bp
rtcRandomNext★
找到以下关键:
004C6D01 FF15 6C104000 call dword ptr ds:[<&MSVBVM60.#594>]
004C6D07 8B35 18104000 mov esi,dword ptr ds:[<&MSVBVM60.__vb>;
MSVBVM60.__vbaFreeVar
004C6D0D 8D4D B8 lea ecx,dword ptr ss:[ebp-48]
004C6D10 FFD6 call esi
004C6D12 8D4D B8 lea ecx,dword ptr ss:[ebp-48]
004C6D15 895D C0 mov dword ptr ss:[ebp-40],ebx
004C6D18 51 push ecx
004C6D19 897D B8 mov dword ptr ss:[ebp-48],edi
004C6D1C FF15 68104000 call dword ptr ds:[<&MSVBVM60.#593>] ;
MSVBVM60.rtcRandomNext
004C6D22 D95D A4 fstp dword ptr ss:[ebp-5C]
004C6D25 D945 A4 fld dword ptr ss:[ebp-5C]
004C6D28 D80D EC164000 fmul dword ptr ds:[4016EC]
004C6D2E D805 E8164000 fadd dword ptr ds:[4016E8]
004C6D34 DFE0 fstsw ax
004C6D36 A8 0D test al,0D
004C6D38 0F85 6A010000 jnz 变变变.004C6EA8
004C6D3E FF15 70114000 call dword ptr ds:[<&MSVBVM60.__vbaR8>;
MSVBVM60.__vbaR8IntI2
004C6D44 8D4D B8 lea ecx,dword ptr ss:[ebp-48]
004C6D47 8BF8 mov edi,eax
004C6D49 FFD6 call esi
004C6D4B 0FBFC7 movsx eax,di
004C6D4E 48 dec eax
004C6D4F 83F8 09 cmp eax,9
004C6D52 77 5F ja short 变变变.004C6DB3
004C6D54 FF2485 806E4C00 jmp dword ptr ds:[eax*4+4C6E80] //★果然,这里就开始
选择机器码了!★
004C6D5B C745 DC A7A10300 mov dword ptr ss:[ebp-24],3A1A7 //预设机器码1
004C6D62 EB 4F jmp short 变变变.004C6DB3
004C6D64 C745 DC 24690200 mov dword ptr ss:[ebp-24],26924 //预设机器码2
004C6D6B EB 46 jmp short 变变变.004C6DB3
004C6D6D C745 DC B5710800 mov dword ptr ss:[ebp-24],871B5 //....
004C6D74 EB 3D jmp short 变变变.004C6DB3
004C6D76 C745 DC 7C7B0400 mov dword ptr ss:[ebp-24],47B7C
004C6D7D EB 34 jmp short 变变变.004C6DB3
004C6D7F C745 DC 2A300C00 mov dword ptr ss:[ebp-24],0C302A
004C6D86 EB 2B jmp short 变变变.004C6DB3
004C6D88 C745 DC 6D100300 mov dword ptr ss:[ebp-24],3106D
004C6D8F EB 22 jmp short 变变变.004C6DB3
004C6D91 C745 DC BB380F00 mov dword ptr ss:[ebp-24],0F38BB
004C6D98 EB 19 jmp short 变变变.004C6DB3
004C6D9A C745 DC 4EFD0C00 mov dword ptr ss:[ebp-24],0CFD4E
004C6DA1 EB 10 jmp short 变变变.004C6DB3
004C6DA3 C745 DC 20AE0500 mov dword ptr ss:[ebp-24],5AE20
004C6DAA EB 07 jmp short 变变变.004C6DB3
004C6DAC C745 DC 2A8F0A00 mov dword ptr ss:[ebp-24],0A8F2A
004C6DB3 8B55 DC mov edx,dword ptr ss:[ebp-24]
总结:这个软件的注册没有什么具体算法而言,仅仅是查找对应的固定注册码而已~ 适合初学者练习!
注册机就没有必要写了!
随意找一组信息写入到 “配置文件.ini”中应该就Ok了~~
[用户信息]
use= 851278
reg= 88265
By PiaoYun[PYG] |
|
IP卡
发表于 2006-6-11 23:52:45
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-6-12 14:54:47
发表于 2006-6-12 15:42:16
发表于 2006-7-5 18:44:23