小菜的一个CM~

月之精灵 · 发表于 2011-1-16 20:17:40

VB 现在用的人应该小了（以前学过几天，感觉挺容易上手的，调试起来就像骂人 )
lgjxj 发表于 2011-1-16 19:14

哈哈，是要骂人，哈哈

lgjxj · 发表于 2011-1-17 01:18:34

是啊，给她繁化了，很郁闷的，幸好现在很小见到他了，现在见到VM反而方便些，一个 H 一条指令
并且有成就感些

飘云 · 发表于 2011-1-18 00:51:11

哈，程序不支持中文，用户名超过12位退出。。我当初学VB的时候，也不能处理这些问题  慢慢就会了，支持，加油！

文件名校验：
//===============================================================
004126F0  PUSH EBP
004126F1  MOV EBP,ESP
004126F3  SUB ESP,8
004126F6  PUSH <JMP.&msvbvm60.__vbaExceptHandler>
004126FB  MOV EAX,DWORD PTR FS:[0]
00412701  PUSH EAX
.
.
.
.
.
00412799  PUSH EDX
0041279A  PUSH EAX
0041279B  CALL DWORD PTR DS:[<&msvbvm60.__vbaStrCm>; 比较名称是否为 “CrackMe.exe”
004127A1  MOV ESI,EAX
004127A3  LEA ECX,DWORD PTR SS:[EBP-18]
004127A6  NEG ESI
004127A8  SBB ESI,ESI
004127AA  NEG ESI
004127AC  NEG ESI
004127AE  CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeS>; msvbvm60.__vbaFreeStr
004127B4  LEA ECX,DWORD PTR SS:[EBP-1C]
004127B7  CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeO>; msvbvm60.__vbaFreeObj
004127BD  CMP SI,DI
004127C0  JE SHORT dumped_.004127C8             ; ★JMP 跳过★
004127C2  CALL DWORD PTR DS:[<&msvbvm60.__vbaEnd>] ; msvbvm60.__vbaEnd
004127C8  PUSH dumped_.004127EC
004127CD  JMP SHORT dumped_.004127E2
.
.
.
.
004127FA  POP EBX
004127FB  MOV ESP,EBP
004127FD  POP EBP
004127FE  RETN 4
//===============================================================

//===============================================================
//算法开始
0041229E  CALL DWORD PTR DS:[401038]             ; 进入for循环
004122A4  MOV ESI,DWORD PTR DS:[4010B4]          ; msvbvm60.__vbaVarAdd
004122AA  MOV EDI,DWORD PTR DS:[4010B0]          ; msvbvm60.__vbaI4Var
004122B0  TEST EAX,EAX
004122B2  JE Crackme.00412381                   ; 是否循环结束？
004122B8  LEA EAX,DWORD PTR SS:[EBP-74]
004122BB  LEA ECX,DWORD PTR SS:[EBP-24]
004122BE  PUSH EAX
004122BF  PUSH ECX
004122C0  MOV DWORD PTR SS:[EBP-6C],1
004122C7  MOV DWORD PTR SS:[EBP-74],2
004122CE  CALL EDI
004122D0  PUSH EAX
004122D1  LEA EDX,DWORD PTR SS:[EBP-34]
004122D4  LEA EAX,DWORD PTR SS:[EBP-84]
004122DA  PUSH EDX
004122DB  PUSH EAX
004122DC  CALL DWORD PTR DS:[401050]             ; 逐位取用户名
004122E2  LEA ECX,DWORD PTR SS:[EBP-84]
004122E8  LEA EDX,DWORD PTR SS:[EBP-5C]
004122EB  PUSH ECX
004122EC  PUSH EDX
004122ED  CALL DWORD PTR DS:[401088]             ; 字符到数值
004122F3  PUSH EAX
004122F4  CALL DWORD PTR DS:[401024]             ; 转ascii
004122FA  PUSH EAX
004122FB  CALL DWORD PTR DS:[401004]             ; msvbvm60.__vbaStrI2
00412301  MOV EDX,EAX
00412303  LEA ECX,DWORD PTR SS:[EBP-60]
00412306  CALL DWORD PTR DS:[4010C0]             ; msvbvm60.__vbaStrMove
0041230C  PUSH EAX
0041230D  CALL DWORD PTR DS:[4010DC]             ; msvbvm60.rtcR8ValFromBstr
00412313  FSTP QWORD PTR SS:[EBP-BC]
00412319  LEA EAX,DWORD PTR SS:[EBP-54]
0041231C  LEA ECX,DWORD PTR SS:[EBP-C4]
00412322  PUSH EAX
00412323  LEA EDX,DWORD PTR SS:[EBP-94]
00412329  PUSH ECX
0041232A  PUSH EDX
0041232B  MOV DWORD PTR SS:[EBP-C4],5
00412335  CALL ESI                               ; 加法
00412337  MOV EDX,EAX
00412339  LEA ECX,DWORD PTR SS:[EBP-54]
0041233C  CALL EBX
0041233E  LEA EAX,DWORD PTR SS:[EBP-60]
00412341  LEA ECX,DWORD PTR SS:[EBP-5C]
00412344  PUSH EAX
00412345  PUSH ECX
00412346  PUSH 2
00412348  CALL DWORD PTR DS:[4010A0]             ; msvbvm60.__vbaFreeStrList
0041234E  LEA EDX,DWORD PTR SS:[EBP-84]
00412354  LEA EAX,DWORD PTR SS:[EBP-74]
00412357  PUSH EDX
00412358  PUSH EAX
00412359  PUSH 2
0041235B  CALL DWORD PTR DS:[401018]             ; msvbvm60.__vbaFreeVarList
00412361  ADD ESP,18
00412364  LEA ECX,DWORD PTR SS:[EBP-10C]
0041236A  LEA EDX,DWORD PTR SS:[EBP-FC]
00412370  LEA EAX,DWORD PTR SS:[EBP-24]
00412373  PUSH ECX
00412374  PUSH EDX
00412375  PUSH EAX
00412376  CALL DWORD PTR DS:[4010CC]             ; msvbvm60.__vbaVarForNext
0041237C  JMP Crackme.004122B0                   ; 继续循环上面累加结果记为 dwSumName
00412381  MOV EBX,DWORD PTR DS:[401074]          ; msvbvm60.__vbaVarMul
00412387  MOV EAX,2
0041238C  LEA ECX,DWORD PTR SS:[EBP-54]
0041238F  MOV DWORD PTR SS:[EBP-B4],EAX
00412395  MOV DWORD PTR SS:[EBP-C4],EAX
0041239B  LEA EDX,DWORD PTR SS:[EBP-54]
0041239E  PUSH ECX
0041239F  LEA EAX,DWORD PTR SS:[EBP-74]
004123A2  PUSH EDX
004123A3  PUSH EAX
004123A4  MOV DWORD PTR SS:[EBP-AC],7C5          ; 1989 年轻小伙
004123AE  MOV DWORD PTR SS:[EBP-BC],7DA          ; 2010 在PYG的活跃年份，哈
004123B8  CALL EBX                               ; dwSumName * dwSumName
004123BA  LEA ECX,DWORD PTR SS:[EBP-B4]
004123C0  PUSH EAX
004123C1  LEA EDX,DWORD PTR SS:[EBP-84]
004123C7  PUSH ECX
004123C8  PUSH EDX
004123C9  CALL ESI                               ; dwSumName * dwSumName + 1989
004123CB  PUSH EAX
004123CC  LEA EAX,DWORD PTR SS:[EBP-C4]
004123D2  LEA ECX,DWORD PTR SS:[EBP-94]
004123D8  PUSH EAX
004123D9  PUSH ECX
004123DA  CALL EBX                               ; (dwSumName * dwSumName + 1989) * 2010
004123DC  PUSH EAX
004123DD  CALL EDI                               ; 经过这个CALL后，EAX里面的值转换成十进制就是注册码了，，内存注册机处！
004123DF  LEA ECX,DWORD PTR SS:[EBP-84]
004123E5  MOV ESI,EAX
004123E7  CALL DWORD PTR DS:[401014]             ; msvbvm60.__vbaFreeVar
004123ED  LEA EDX,DWORD PTR SS:[EBP-44]
004123F0  LEA EAX,DWORD PTR SS:[EBP-B4]
004123F6  PUSH EDX
004123F7  PUSH EAX
004123F8  MOV DWORD PTR SS:[EBP-AC],ESI
004123FE  MOV DWORD PTR SS:[EBP-B4],8003
00412408  CALL DWORD PTR DS:[401060]             ; 比较！
0041240E  TEST AX,AX
00412411  JE Crackme.004124C2                   ; //爆破点
00412417  MOV ESI,DWORD PTR DS:[4010B8]          ; msvbvm60.__vbaVarDup
0041241D  MOV ECX,80020004
00412422  MOV DWORD PTR SS:[EBP-9C],ECX
00412428  MOV EAX,0A
0041242D  MOV DWORD PTR SS:[EBP-8C],ECX
00412433  MOV EDI,8
00412438  LEA EDX,DWORD PTR SS:[EBP-C4]
0041243E  LEA ECX,DWORD PTR SS:[EBP-84]
00412444  MOV DWORD PTR SS:[EBP-A4],EAX
0041244A  MOV DWORD PTR SS:[EBP-94],EAX
00412450  MOV DWORD PTR SS:[EBP-BC],Crackme.004118>; 恭喜你!
0041245A  MOV DWORD PTR SS:[EBP-C4],EDI
00412460  CALL ESI
00412462  LEA EDX,DWORD PTR SS:[EBP-B4]
00412468  LEA ECX,DWORD PTR SS:[EBP-74]
0041246B  MOV DWORD PTR SS:[EBP-AC],Crackme.004118>; Good job , congratulations
00412475  MOV DWORD PTR SS:[EBP-B4],EDI
0041247B  CALL ESI
0041247D  LEA ECX,DWORD PTR SS:[EBP-A4]
00412483  LEA EDX,DWORD PTR SS:[EBP-94]
00412489  PUSH ECX
0041248A  LEA EAX,DWORD PTR SS:[EBP-84]
00412490  PUSH EDX
00412491  PUSH EAX
00412492  LEA ECX,DWORD PTR SS:[EBP-74]
00412495  PUSH 40
00412497  PUSH ECX
00412498  CALL DWORD PTR DS:[401040]             ; msvbvm60.rtcMsgBox
0041249E  LEA EDX,DWORD PTR SS:[EBP-A4]
004124A4  LEA EAX,DWORD PTR SS:[EBP-94]
.
.
.
.
.
00412506  CALL DWORD PTR DS:[401018]             ; msvbvm60.__vbaFreeVarList
0041250C  ADD ESP,14
0041250F  RETN

KeyGen:

#include <iostream.h>
#include <stdio.h>
#include <windows.h>
void main()
{
cout<<"**************************\n";
cout<<"* Code By PiaoYun[P.Y.G] *\n";
cout<<"* web:www.chinapyg.com *\n";
cout<<"* date:2011-1-18 *\n";
cout<<"**************************\n";
cout<<"请输入用户名:\n";
char szName[256] = {0};
char szSn[256] = {0};
int dwSum = 0;
int dwTemp = 0;
cin>>szName;
int dwLen = strlen(szName);
for (int i=0; i<dwLen;i++)
{
dwSum += szName[i];
}
dwTemp = ((dwSum * dwSum) + 1989) * 2010;
sprintf(szSn,"%d",dwTemp);
cout<<"您的注册码为:\n"<<szSn<<endl;
}

复制代码

xuyang886 · 发表于 2011-1-18 11:27:30

膜拜楼上高手.......

月之精灵 · 发表于 2011-1-18 13:57:03

回复 13# 飘云

哈哈，惊动了老飘哈哈

l12436 · 发表于 2011-2-2 17:09:14

的確不難......，算是給新手熟悉VB判斷的....

		自动登录	找回密码
密码			加入我们

[原创] 小菜的一个CM~

本帖子中包含更多资源