- UID
- 8671
注册时间2006-2-27
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 开心
2018-5-6 16:27 |
|---|
签到天数: 7 天 [LV.3]偶尔看看II
|
软件名称:Syncronize Backup V1.35
下载地址:http://www.skycn.com/soft/27192.html
软件大小: 2627 KB
破文作者: 野猫III[D.4s]
软件语言: 简体中文
软件类别: 国产软件 / 共享版 / 数据备份
应用平台: Win9x/NT/2000/XP/2003
更新时间: 2006-06-07 14:35:40
下载次数: 236
推荐等级: 3星
联 系 人: wangvincent88yahoo.com
开 发 商: http://www.pro-software.it/cns/backup_software.html
软件介绍:
Syncronize Backup (专业版)可以有效的保护您的数据。有两种模式:备份和同步。简洁易用。30天试用。技术特性:界面友好;完全自订制任务;详细的任务报告;快速数据拷贝,省时省力。
演示动画请到PYG专用FTP服务器的“野猫III”目录下载!
破解分析:
一、安装程序后用PEiD查无壳,Microsoft Visual Basic 5.0 / 6.0程序。
二、OD载入,运行到注册窗口,输入任意的试练信息进行注册,程序有提示。接着在OD里下命令断点bp rtcMsgBox,然后返回这个程序进行注册确认,程序被OD断点在:
73472096 > 55 PUSH EBP //F2取消断点,看堆栈友好界面。
73472097 8BEC MOV EBP,ESP
73472099 83EC 4C SUB ESP,4C
++++++堆栈窗口++++
0012EB3C 005E6343 返回到 Syncroni.005E6343 来自 MSVBVM60.rtcMsgBox
//右键--在反汇编窗口中跟随
0012EB40 0012EBF0
0012EB44 00000040
0012EB48 0012EBE0
++++++++++++
返回到这:
005E6343 . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
+++接着在这段代码入口下断,重新注册分析以下:
005E60C0 > \55 PUSH EBP
005E60C1 . 8BEC MOV EBP,ESP
005E60C3 . 83EC 0C SUB ESP,0C
005E60C6 . 68 A6744000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler> ; SE 处理程序安装
005E60CB . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
005E60D1 . 50 PUSH EAX
005E60D2 . 64:8925 00000>MOV DWORD PTR FS:[0],ESP
005E60D9 . 81EC B4000000 SUB ESP,0B4
005E60DF . 53 PUSH EBX
005E60E0 . 56 PUSH ESI
005E60E1 . 57 PUSH EDI
~~~中间略~~~
005E620B . 8985 5CFFFFFF MOV DWORD PTR SS:[EBP-A4],EAX
005E6211 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
005E6217 . 85C0 TEST EAX,EAX
005E6219 . DBE2 FCLEX
005E621B . 7D 18 JGE SHORT Syncroni.005E6235
005E621D . 8B8D 5CFFFFFF MOV ECX,DWORD PTR SS:[EBP-A4]
005E6223 . 68 A0000000 PUSH 0A0
005E6228 . 68 68EB4100 PUSH Syncroni.0041EB68
005E622D . 51 PUSH ECX
005E622E . 50 PUSH EAX
005E622F . FF15 D4104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
005E6235 > 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C] ; 机器码
005E6238 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
005E623B . C745 E4 00000>MOV DWORD PTR SS:[EBP-1C],0
005E6242 . FFD7 CALL EDI
005E6244 . 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
005E6247 . 52 PUSH EDX
005E6248 . E8 C3190000 CALL Syncroni.005E7C10 //算法Call,跟进.
005E624D . 8BD0 MOV EDX,EAX //真码出现!
005E624F . 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
005E6252 . FFD7 CALL EDI
005E6254 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
005E6257 . FFD6 CALL ESI
005E6259 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
005E625C . FF15 88144000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
005E6262 . 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
005E6265 . 50 PUSH EAX
005E6266 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
005E6268 . FF91 08030000 CALL DWORD PTR DS:[ECX+308]
005E626E . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
005E6271 . 50 PUSH EAX
005E6272 . 52 PUSH EDX
005E6273 . FF15 28114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
005E6279 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
005E627B . 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
005E627E . 52 PUSH EDX
005E627F . 50 PUSH EAX
005E6280 . 8985 5CFFFFFF MOV DWORD PTR SS:[EBP-A4],EAX
005E6286 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
005E628C . 85C0 TEST EAX,EAX
005E628E . DBE2 FCLEX
005E6290 . 7D 18 JGE SHORT Syncroni.005E62AA
005E6292 . 8B8D 5CFFFFFF MOV ECX,DWORD PTR SS:[EBP-A4]
005E6298 . 68 A0000000 PUSH 0A0
005E629D . 68 68EB4100 PUSH Syncroni.0041EB68
005E62A2 . 51 PUSH ECX
005E62A3 . 50 PUSH EAX
005E62A4 . FF15 D4104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
005E62AA > 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
005E62AD . 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
005E62B0 . 52 PUSH EDX
005E62B1 . 50 PUSH EAX
005E62B2 . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp
005E62B8 . F7D8 NEG EAX
005E62BA . 1BC0 SBB EAX,EAX
005E62BC . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
005E62BF . F7D8 NEG EAX
005E62C1 . F7D8 NEG EAX
005E62C3 . 66:8985 54FFF>MOV WORD PTR SS:[EBP-AC],AX
005E62CA . FFD6 CALL ESI
005E62CC . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
005E62CF . FF15 88144000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
005E62D5 . 66:83BD 54FFF>CMP WORD PTR SS:[EBP-AC],0 ; 上面Call进比较,取标志位
005E62DD . 0F84 85000000 JE Syncroni.005E6368 ; 关键跳转!不等则OVER!
005E62E3 . 8D8D 64FFFFFF LEA ECX,DWORD PTR SS:[EBP-9C]
005E62E9 . C785 64FFFFFF>MOV DWORD PTR SS:[EBP-9C],0A7
005E62F3 . 51 PUSH ECX
005E62F4 . E8 87BDFBFF CALL Syncroni.005A2080
005E62F9 . 8BD0 MOV EDX,EAX
005E62FB . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
005E62FE . FFD7 CALL EDI
005E6300 . B8 04000280 MOV EAX,80020004
005E6305 . 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
005E6308 . 8945 A0 MOV DWORD PTR SS:[EBP-60],EAX
005E630B . 8945 B0 MOV DWORD PTR SS:[EBP-50],EAX
005E630E . 8945 C0 MOV DWORD PTR SS:[EBP-40],EAX
005E6311 . 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
005E6314 . 8945 D0 MOV DWORD PTR SS:[EBP-30],EAX
005E6317 . 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58]
005E631A . 52 PUSH EDX
005E631B . 8D4D B8 LEA ECX,DWORD PTR SS:[EBP-48]
005E631E . 50 PUSH EAX
005E631F . 51 PUSH ECX
005E6320 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
005E6323 . 6A 40 PUSH 40
005E6325 . 52 PUSH EDX
005E6326 . 895D 98 MOV DWORD PTR SS:[EBP-68],EBX
005E6329 . 895D A8 MOV DWORD PTR SS:[EBP-58],EBX
005E632C . 895D B8 MOV DWORD PTR SS:[EBP-48],EBX
005E632F . C745 E4 00000>MOV DWORD PTR SS:[EBP-1C],0
005E6336 . C745 C8 08000>MOV DWORD PTR SS:[EBP-38],8
005E633D . FF15 2C114000 CALL DWORD PTR DS:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox //OVER!
~~~中间略~~~
005E63EF . 6A 40 PUSH 40
005E63F1 . 52 PUSH EDX
005E63F2 . 895D 98 MOV DWORD PTR SS:[EBP-68],EBX
005E63F5 . 895D A8 MOV DWORD PTR SS:[EBP-58],EBX
005E63F8 . 895D B8 MOV DWORD PTR SS:[EBP-48],EBX
005E63FB . C745 E4 00000>MOV DWORD PTR SS:[EBP-1C],0
005E6402 . C745 C8 08000>MOV DWORD PTR SS:[EBP-38],8
005E6409 . FF15 2C114000 CALL DWORD PTR DS:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
005E640F . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
005E6412 . FFD6 CALL ESI
+++++++++++++++++++++++++
005E7C10 $ 55 PUSH EBP
005E7C11 . 8BEC MOV EBP,ESP
005E7C13 . 83EC 0C SUB ESP,0C
005E7C16 . 68 A6744000 PUSH <JMP.&MSVBVM60.__vbaExceptH>; SE 处理程序安装
005E7C1B . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
005E7C21 . 50 PUSH EAX
005E7C22 . 64:8925 0000000>MOV DWORD PTR FS:[0],ESP
005E7C29 . 81EC 88000000 SUB ESP,88
005E7C2F . 53 PUSH EBX
005E7C30 . 56 PUSH ESI
005E7C31 . 57 PUSH EDI
005E7C32 . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP
005E7C35 . C745 F8 006F400>MOV DWORD PTR SS:[EBP-8],Syncron>
005E7C3C . 33C0 XOR EAX,EAX
005E7C3E . BA FCD24100 MOV EDX,Syncroni.0041D2FC
005E7C43 . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
005E7C46 . 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
005E7C49 . 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
005E7C4C . 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
005E7C4F . 8945 D8 MOV DWORD PTR SS:[EBP-28],EAX
005E7C52 . 8945 D4 MOV DWORD PTR SS:[EBP-2C],EAX
005E7C55 . 8945 C4 MOV DWORD PTR SS:[EBP-3C],EAX
005E7C58 . 8945 B4 MOV DWORD PTR SS:[EBP-4C],EAX
005E7C5B . 8945 A4 MOV DWORD PTR SS:[EBP-5C],EAX
005E7C5E . 8945 94 MOV DWORD PTR SS:[EBP-6C],EAX
005E7C61 . 8945 84 MOV DWORD PTR SS:[EBP-7C],EAX
005E7C64 . 8985 74FFFFFF MOV DWORD PTR SS:[EBP-8C],EAX
005E7C6A . FF15 74134000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrCopy
005E7C70 . 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+8]
005E7C73 . 8B1D 44104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60>; MSVBVM60.__vbaLenBstr
005E7C79 . 8B07 MOV EAX,DWORD PTR DS:[EDI] ; 机器码
005E7C7B . 50 PUSH EAX
005E7C7C . FFD3 CALL EBX ; <&MSVBVM60.__vbaLenBstr>
005E7C7E . 8BC8 MOV ECX,EAX
005E7C80 . FF15 FC114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaI2I4
005E7C86 . 8985 6CFFFFFF MOV DWORD PTR SS:[EBP-94],EAX ; 机器码位数
005E7C8C . BE 01000000 MOV ESI,1 ; ESI=1
005E7C91 > 66:3BB5 6CFFFFF>CMP SI,WORD PTR SS:[EBP-94] ; 机器码位数与SI比较
005E7C98 . 0F8F 64010000 JG Syncroni.005E7E02 ; 等于跳出循环!
005E7C9E . 0FBFD6 MOVSX EDX,SI ; 取SI一位
005E7CA1 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
005E7CA4 . 8D45 84 LEA EAX,DWORD PTR SS:[EBP-7C]
005E7CA7 . 51 PUSH ECX
005E7CA8 . 52 PUSH EDX
005E7CA9 . 8D4D B4 LEA ECX,DWORD PTR SS:[EBP-4C]
005E7CAC . 50 PUSH EAX
005E7CAD . 51 PUSH ECX
005E7CAE . C745 CC 0100000>MOV DWORD PTR SS:[EBP-34],1
005E7CB5 . C745 C4 0200000>MOV DWORD PTR SS:[EBP-3C],2
005E7CBC . 897D 8C MOV DWORD PTR SS:[EBP-74],EDI
005E7CBF . C745 84 0840000>MOV DWORD PTR SS:[EBP-7C],4008
005E7CC6 . FF15 A8114000 CALL DWORD PTR DS:[<&MSVBVM60.#6>; MSVBVM60.rtcMidCharVar
005E7CCC . 8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C]
005E7CCF . 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
005E7CD2 . 52 PUSH EDX
005E7CD3 . 50 PUSH EAX
005E7CD4 . FF15 04134000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrVarVal
005E7CDA . 50 PUSH EAX ; 下面逐位Call取机器码16进制值
005E7CDB . FF15 7C104000 CALL DWORD PTR DS:[<&MSVBVM60.#5>; MSVBVM60.rtcAnsiValueBstr
005E7CE1 . 66:05 0200 ADD AX,2 ; AX=AX+2
005E7CE5 . 0F80 39020000 JO Syncroni.005E7F24
005E7CEB . 0FBFC8 MOVSX ECX,AX ; ECX=AX
005E7CEE . 894D E0 MOV DWORD PTR SS:[EBP-20],ECX ; EBP-20=ECX
005E7CF1 . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
005E7CF4 . FF15 8C144000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeStr
005E7CFA . 8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C]
005E7CFD . 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
005E7D00 . 52 PUSH EDX
005E7D01 . 50 PUSH EAX
005E7D02 . 6A 02 PUSH 2
005E7D04 . FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeVarList
005E7D0A . 8B0F MOV ECX,DWORD PTR DS:[EDI] ; 机器码放到ECX
005E7D0C . 83C4 0C ADD ESP,0C
005E7D0F . 51 PUSH ECX
005E7D10 . FFD3 CALL EBX
005E7D12 . 8BD0 MOV EDX,EAX ; EDX=EAX=机器码位数
005E7D14 . 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; EAX=EBP-20
005E7D17 . 83C2 10 ADD EDX,10 ; EDX=EDX+10h
005E7D1A . 0F80 04020000 JO Syncroni.005E7F24
005E7D20 . 0FAFD0 IMUL EDX,EAX ; EDX=EDX*EAX
005E7D23 . 0F80 FB010000 JO Syncroni.005E7F24
005E7D29 . 03D0 ADD EDX,EAX ; EDX=EDX+EAX
005E7D2B . 8B07 MOV EAX,DWORD PTR DS:[EDI] ; 机器码进EAX
005E7D2D . 0F80 F1010000 JO Syncroni.005E7F24
005E7D33 . 50 PUSH EAX ; 机器码位数
005E7D34 . 8955 E0 MOV DWORD PTR SS:[EBP-20],EDX ; EDX放到EBP-20位置
005E7D37 . FFD3 CALL EBX
005E7D39 . 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20]
005E7D3C . 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
005E7D3F . 03C2 ADD EAX,EDX ; EAX=机器码位数+EDX
005E7D41 . 898D 7CFFFFFF MOV DWORD PTR SS:[EBP-84],ECX ; EBP-84=ECX
005E7D47 . 0F80 D7010000 JO Syncroni.005E7F24
005E7D4D . 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX ; EBP-20=EAX
005E7D50 . 8D45 84 LEA EAX,DWORD PTR SS:[EBP-7C]
005E7D53 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
005E7D56 . 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
005E7D59 . 50 PUSH EAX
005E7D5A . 51 PUSH ECX
005E7D5B . C785 74FFFFFF 0>MOV DWORD PTR SS:[EBP-8C],8
005E7D65 . 8955 8C MOV DWORD PTR SS:[EBP-74],EDX
005E7D68 . C745 84 0340000>MOV DWORD PTR SS:[EBP-7C],4003
005E7D6F . FF15 E8134000 CALL DWORD PTR DS:[<&MSVBVM60.#6>; MSVBVM60.rtcVarStrFromVar
005E7D75 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
005E7D78 . 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
005E7D7B . 52 PUSH EDX
005E7D7C . 50 PUSH EAX
005E7D7D . FF15 04134000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrVarVal
005E7D83 . 50 PUSH EAX ; 转成10进制
005E7D84 . FF15 A8124000 CALL DWORD PTR DS:[<&MSVBVM60.#7>; MSVBVM60.rtcStrReverse
005E7D8A . 8D4D B4 LEA ECX,DWORD PTR SS:[EBP-4C] ; 反转字符!
005E7D8D . 8D55 A4 LEA EDX,DWORD PTR SS:[EBP-5C]
005E7D90 . 51 PUSH ECX
005E7D91 . 52 PUSH EDX
005E7D92 . 8945 BC MOV DWORD PTR SS:[EBP-44],EAX
005E7D95 . C745 B4 0800000>MOV DWORD PTR SS:[EBP-4C],8
005E7D9C . FF15 60114000 CALL DWORD PTR DS:[<&MSVBVM60.#5>; MSVBVM60.rtcTrimVar
005E7DA2 . 8D85 74FFFFFF LEA EAX,DWORD PTR SS:[EBP-8C]
005E7DA8 . 8D4D A4 LEA ECX,DWORD PTR SS:[EBP-5C]
005E7DAB . 50 PUSH EAX
005E7DAC . 51 PUSH ECX
005E7DAD . 8D55 94 LEA EDX,DWORD PTR SS:[EBP-6C]
005E7DB0 . 52 PUSH EDX
005E7DB1 . FF15 08134000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaVarCat
005E7DB7 . 50 PUSH EAX
005E7DB8 . FF15 48104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrVarMove
005E7DBE . 8BD0 MOV EDX,EAX ; 机器码运算出的结果累加到EDX中
005E7DC0 . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
005E7DC3 . FF15 28144000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrMove
005E7DC9 . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
005E7DCC . FF15 8C144000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeStr
005E7DD2 . 8D45 94 LEA EAX,DWORD PTR SS:[EBP-6C]
005E7DD5 . 8D4D A4 LEA ECX,DWORD PTR SS:[EBP-5C]
005E7DD8 . 50 PUSH EAX
005E7DD9 . 8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C]
005E7DDC . 51 PUSH ECX
005E7DDD . 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
005E7DE0 . 52 PUSH EDX
005E7DE1 . 50 PUSH EAX
005E7DE2 . 6A 04 PUSH 4
005E7DE4 . FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeVarList
005E7DEA . B8 01000000 MOV EAX,1 ; EAX=1
005E7DEF . 83C4 14 ADD ESP,14
005E7DF2 . 66:03C6 ADD AX,SI ; AX+SI
005E7DF5 . 0F80 29010000 JO Syncroni.005E7F24
005E7DFB . 8BF0 MOV ESI,EAX
005E7DFD .^ E9 8FFEFFFF JMP Syncroni.005E7C91 ; 循环!
005E7E02 > 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C] ; 循环出来,结果放EDX.
005E7E05 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
005E7E08 . FF15 74134000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrCopy
005E7E0E . 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
005E7E11 . 51 PUSH ECX
005E7E12 . FFD3 CALL EBX
005E7E14 . 83F8 08 CMP EAX,8 ; 位数与8比较!
005E7E17 . 7C 39 JL SHORT Syncroni.005E7E52 ; 小于跳.也就是说机器码二位以下要跳!
005E7E19 . 8B35 7C144000 MOV ESI,DWORD PTR DS:[<&MSVBVM60>; MSVBVM60.__vbaMidStmtBstr
005E7E1F . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
005E7E22 . 52 PUSH EDX
005E7E23 . 6A 05 PUSH 5
005E7E25 . 6A 01 PUSH 1
005E7E27 . 68 74724200 PUSH Syncroni.00427274
005E7E2C . 6A 00 PUSH 0
005E7E2E . FFD6 CALL ESI ; <&MSVBVM60.__vbaMidStmtBstr>
005E7E30 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
005E7E33 . 50 PUSH EAX
005E7E34 . 6A 0A PUSH 0A
005E7E36 . 6A 01 PUSH 1
005E7E38 . 68 74724200 PUSH Syncroni.00427274
005E7E3D . 6A 00 PUSH 0
005E7E3F . FFD6 CALL ESI
005E7E41 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
005E7E44 . 51 PUSH ECX
005E7E45 . 6A 0F PUSH 0F
005E7E47 . 6A 01 PUSH 1
005E7E49 . 68 74724200 PUSH Syncroni.00427274
005E7E4E . 6A 00 PUSH 0
005E7E50 . FFD6 CALL ESI
005E7E52 > 8B35 10144000 MOV ESI,DWORD PTR DS:[<&MSVBVM60>; MSVBVM60.rtcLeftCharVar
005E7E58 . 8D45 84 LEA EAX,DWORD PTR SS:[EBP-7C] ; 跳到上面,经调试,对注册码没影响.
005E7E5B . 6A 10 PUSH 10
005E7E5D . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
005E7E60 . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
005E7E63 . 50 PUSH EAX
005E7E64 . 51 PUSH ECX
005E7E65 . 8955 8C MOV DWORD PTR SS:[EBP-74],EDX
005E7E68 . C745 84 0840000>MOV DWORD PTR SS:[EBP-7C],4008
005E7E6F . FFD6 CALL ESI ; <&MSVBVM60.#617>
005E7E71 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
005E7E74 . 52 PUSH EDX
005E7E75 . FF15 48104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrVarMove
005E7E7B . 8B1D 28144000 MOV EBX,DWORD PTR DS:[<&MSVBVM60>; MSVBVM60.__vbaStrMove
005E7E81 . 8BD0 MOV EDX,EAX ; 取结果前16位,第四位为一组码,第五位都改成-
005E7E83 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
005E7E86 . FFD3 CALL EBX ; <&MSVBVM60.__vbaStrMove>
005E7E88 . 8B3D 38104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60>; MSVBVM60.__vbaFreeVar
005E7E8E . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
005E7E91 . FFD7 CALL EDI ; <&MSVBVM60.__vbaFreeVar>
005E7E93 . 8D4D 84 LEA ECX,DWORD PTR SS:[EBP-7C]
005E7E96 . 6A 0E PUSH 0E
005E7E98 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
005E7E9B . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24] ; 取码后
005E7E9E . 51 PUSH ECX
005E7E9F . 52 PUSH EDX
005E7EA0 . 8945 8C MOV DWORD PTR SS:[EBP-74],EAX
005E7EA3 . C745 84 0840000>MOV DWORD PTR SS:[EBP-7C],4008
005E7EAA . FFD6 CALL ESI
005E7EAC . 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
005E7EAF . 50 PUSH EAX
005E7EB0 . FF15 48104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrVarMove
005E7EB6 . 8BD0 MOV EDX,EAX ; 上面Call进前三组码
005E7EB8 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28] ; 最终真码成型!
005E7EBB . FFD3 CALL EBX
005E7EBD . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
005E7EC0 . FFD7 CALL EDI
005E7EC2 . 68 0E7F5E00 PUSH Syncroni.005E7F0E
005E7EC7 . EB 34 JMP SHORT Syncroni.005E7EFD ; 长跳!
005E7EC9 . F645 FC 04 TEST BYTE PTR SS:[EBP-4],4
005E7ECD . 74 09 JE SHORT Syncroni.005E7ED8
005E7ECF . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
005E7ED2 . FF15 8C144000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeStr
005E7ED8 > 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
005E7EDB . FF15 8C144000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeStr
005E7EE1 . 8D4D 94 LEA ECX,DWORD PTR SS:[EBP-6C]
005E7EE4 . 8D55 A4 LEA EDX,DWORD PTR SS:[EBP-5C]
005E7EE7 . 51 PUSH ECX
005E7EE8 . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]
005E7EEB . 52 PUSH EDX
005E7EEC . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
005E7EEF . 50 PUSH EAX
005E7EF0 . 51 PUSH ECX
005E7EF1 . 6A 04 PUSH 4
005E7EF3 . FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeVarList
005E7EF9 . 83C4 14 ADD ESP,14
005E7EFC . C3 RETN
005E7EFD > 8B35 8C144000 MOV ESI,DWORD PTR DS:[<&MSVBVM60>; MSVBVM60.__vbaFreeStr
005E7F03 . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C] ; 跳来这里!
005E7F06 . FFD6 CALL ESI ; <&MSVBVM60.__vbaFreeStr>
005E7F08 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
005E7F0B . FFD6 CALL ESI
005E7F0D . C3 RETN
005E7F0E . 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
005E7F11 . 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; 真码进EAX
005E7F14 . 5F POP EDI
005E7F15 . 5E POP ESI
005E7F16 . 64:890D 0000000>MOV DWORD PTR FS:[0],ECX
005E7F1D . 5B POP EBX
005E7F1E . 8BE5 MOV ESP,EBP
005E7F20 . 5D POP EBP
005E7F21 . C2 0400 RETN 4 ; 返回!
++++++++++++++++++++++++++++++++++++++++++++++++++
算法总结:
//设机器码位数为W其中它等于11位bh.
n1=逐位取用户的16进制的值+2h
n2=w+10h
n3=n1*n2
n4=n3+n1
n5=w+n4
All1=将n5转换成10进制取反,机器号逐位运算最终结果累加。
//系列号:48947010078
//累加结果:UNICODE "32515361366132517061114193411141114170615361"
all2=结果取一半:3251536136613251.
all3=第四个数字做为一组码,中间用-号代替原有数字.
3251536136613251
3251-3613-6132-1
取前面的三组码就是注册码.
- 机器码:48947010078
- 注册码:3251-3613-6132
机器码运算例1:机器码是48947010078,第一位4
n1=34+2=36
n2=w+10=1b
n3=n1*n2=1b*36=5b2
n4=n3+n1=5b2+36=5e8
n5=w+n4=5f3
将n5转换成10进制=1523
取反=3251
例2:机器码是48947010078,第二位8
n1=38+2=3a
n2=w+10=1b
n3=3a*1n2=61e
n4=n3+n1=61e+3a=658
n5=w+n4=b+658=663
将n5转换成10进制=1635
取反=5361
+++++++++++++++++++++++
破解后记:这个软件是猫在龙族的Key区找到的zeror兄发的内存注册机,呵呵。。。相对简单。所以就拿来搞搞。。。
http://www.chinadforce.com/viewthread.php?tid=546483
软件是6月7日发布的,与申请时间上的限制应该还没过期。
软件的算法注册机还不会写,关键是取多少位这里。那位兄弟会的,帮猫帖个易语言算法注册机上来。谢谢!
最后还请老大审核确认本篇算法分析。第二篇等找到软软再发上来。。。HoHo~~~ ;P ;P
版权声明:本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[ 本帖最后由 野猫III 于 2006-7-2 17:47 编辑 ] |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?加入我们
x
|
IP卡
发表于 2006-6-20 22:11:59
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-6-20 22:33:31
楼主
发表于 2006-6-21 01:21:23
发表于 2006-6-21 21:05:03
发表于 2006-6-24 10:24:43