- UID
- 1132
注册时间2005-4-20
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 无聊
2020-4-10 17:02 |
|---|
签到天数: 5 天 [LV.2]偶尔看看I
|
【破解日期】 2006年11月22日
【破解作者】 冷血书生
【作者邮箱】 meiyou
【作者主页】 hxxp://www.126sohu.com/
【使用工具】 OD
【破解平台】 Win9x/NT/2000/XP
【软件名称】 VB Crackme 2.0
【下载地址】 本地
【软件大小】 15.5k
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
------------------------------------------------------------------------
--------
【破解内容】
- 00402C2A push edx
- 00402C2B call dword ptr ds:[<&MSVBVM50.__vbaLenVar>] ; MSVBVM50.__vbaLenVar
- 00402C31 push eax
- 00402C32 call dword ptr ds:[<&MSVBVM50.__vbaI2Var>] ; MSVBVM50.__vbaI2Var
- 00402C38 mov esi,dword ptr ds:[<&MSVBVM50.#516>] ; MSVBVM50.rtcAnsiValueBstr
- 00402C3E mov edi,dword ptr ds:[<&MSVBVM50.__vbaStrVa>; MSVBVM50.__vbaStrVarVal
- 00402C44 mov dword ptr ss:[ebp-118],eax
- 00402C4A mov eax,1
- 00402C4F mov dword ptr ss:[ebp-3C],eax
- 00402C52 cmp ax,word ptr ss:[ebp-118]
- 00402C59 mov ebx,dword ptr ds:[<&MSVBVM50.#632>] ; MSVBVM50.rtcMidCharVar
- 00402C5F jg CM2.00402D54
- 00402C65 movsx edx,ax
- 00402C68 lea ecx,dword ptr ss:[ebp-68]
- 00402C6B lea eax,dword ptr ss:[ebp-28]
- 00402C6E push ecx
- 00402C6F push edx
- 00402C70 lea ecx,dword ptr ss:[ebp-78]
- 00402C73 push eax
- 00402C74 push ecx
- 00402C75 mov dword ptr ss:[ebp-60],1
- 00402C7C mov dword ptr ss:[ebp-68],2
- 00402C83 call ebx
- 00402C85 lea edx,dword ptr ss:[ebp-88]
- 00402C8B push 1
- 00402C8D lea eax,dword ptr ss:[ebp-98]
- 00402C93 push edx
- 00402C94 push eax
- 00402C95 mov dword ptr ss:[ebp-80],4
- 00402C9C mov dword ptr ss:[ebp-88],2
- 00402CA6 call dword ptr ds:[<&MSVBVM50.#617>] ; MSVBVM50.rtcLeftCharVar
- 00402CAC lea ecx,dword ptr ss:[ebp-98]
- 00402CB2 lea edx,dword ptr ss:[ebp-54]
- 00402CB5 push ecx
- 00402CB6 push edx
- 00402CB7 call edi
- 00402CB9 push eax
- 00402CBA call esi
- 00402CBC movsx ebx,ax
- 00402CBF lea eax,dword ptr ss:[ebp-78]
- 00402CC2 lea ecx,dword ptr ss:[ebp-50]
- 00402CC5 push eax
- 00402CC6 push ecx
- 00402CC7 call edi
- 00402CC9 push eax
- 00402CCA call esi
- 00402CCC movsx edx,ax ; 密码
- 00402CCF xor ebx,edx ; 密码 xor 34
- 00402CD1 lea eax,dword ptr ss:[ebp-A8]
- 00402CD7 push ebx
- 00402CD8 push eax
- 00402CD9 call dword ptr ds:[<&MSVBVM50.#608>] ; MSVBVM50.rtcVarBstrFromAnsi
- 00402CDF lea ecx,dword ptr ss:[ebp-38]
- 00402CE2 lea edx,dword ptr ss:[ebp-A8]
- 00402CE8 push ecx
- 00402CE9 lea eax,dword ptr ss:[ebp-B8]
- 00402CEF push edx
- 00402CF0 push eax
- 00402CF1 call dword ptr ds:[<&MSVBVM50.__vbaVarCat>] ; MSVBVM50.__vbaVarCat
- 00402CF7 mov edx,eax
- 00402CF9 lea ecx,dword ptr ss:[ebp-38]
- 00402CFC call dword ptr ds:[<&MSVBVM50.__vbaVarMove>>; MSVBVM50.__vbaVarMove
- 00402D02 lea ecx,dword ptr ss:[ebp-54]
- 00402D05 lea edx,dword ptr ss:[ebp-50]
- 00402D08 push ecx
- 00402D09 push edx
- 00402D0A push 2
- 00402D0C call dword ptr ds:[<&MSVBVM50.__vbaFreeStrL>; MSVBVM50.__vbaFreeStrList
- 00402D12 add esp,0C
- 00402D15 lea eax,dword ptr ss:[ebp-A8]
- 00402D1B lea ecx,dword ptr ss:[ebp-98]
- 00402D21 lea edx,dword ptr ss:[ebp-88]
- 00402D27 push eax
- 00402D28 push ecx
- 00402D29 lea eax,dword ptr ss:[ebp-78]
- 00402D2C push edx
- 00402D2D lea ecx,dword ptr ss:[ebp-68]
- 00402D30 push eax
- 00402D31 push ecx
- 00402D32 push 5
- 00402D34 call dword ptr ds:[<&MSVBVM50.__vbaFreeVarL>; MSVBVM50.__vbaFreeVarList
- 00402D3A mov eax,1
- 00402D3F add esp,18
- 00402D42 add ax,word ptr ss:[ebp-3C]
- 00402D46 jo CM2.004030EC
- 00402D4C mov dword ptr ss:[ebp-3C],eax
- 00402D4F jmp CM2.00402C52
- 00402D54 lea edx,dword ptr ss:[ebp-38]
- 00402D57 lea eax,dword ptr ss:[ebp-68]
- 00402D5A push edx
- 00402D5B push eax
- 00402D5C mov dword ptr ss:[ebp-18],1
- 00402D63 call dword ptr ds:[<&MSVBVM50.__vbaLenVar>] ; MSVBVM50.__vbaLenVar
- 00402D69 push eax
- 00402D6A call dword ptr ds:[<&MSVBVM50.__vbaI2Var>] ; MSVBVM50.__vbaI2Var
- 00402D70 mov ecx,1
- 00402D75 mov dword ptr ss:[ebp-120],eax
- 00402D7B mov eax,ecx
- 00402D7D mov dword ptr ss:[ebp-3C],eax
- 00402D80 cmp ax,word ptr ss:[ebp-120]
- 00402D87 jg CM2.00402EBA
- 00402D8D cmp word ptr ss:[ebp-18],4
- 00402D92 jle short CM2.00402D97
- 00402D94 mov dword ptr ss:[ebp-18],ecx
- 00402D97 mov dword ptr ss:[ebp-60],ecx
- 00402D9A lea ecx,dword ptr ss:[ebp-68]
- 00402D9D movsx edx,ax
- 00402DA0 push ecx
- 00402DA1 lea eax,dword ptr ss:[ebp-38]
- 00402DA4 push edx
- 00402DA5 lea ecx,dword ptr ss:[ebp-78]
- 00402DA8 push eax
- 00402DA9 push ecx
- 00402DAA mov dword ptr ss:[ebp-68],2
- 00402DB1 call ebx
- 00402DB3 mov eax,2
- 00402DB8 lea edx,dword ptr ss:[ebp-98]
- 00402DBE mov dword ptr ss:[ebp-98],eax
- 00402DC4 mov dword ptr ss:[ebp-88],eax
- 00402DCA movsx eax,word ptr ss:[ebp-18]
- 00402DCE push edx
- 00402DCF lea ecx,dword ptr ss:[ebp-88]
- 00402DD5 push eax
- 00402DD6 lea edx,dword ptr ss:[ebp-A8]
- 00402DDC push ecx
- 00402DDD push edx
- 00402DDE mov dword ptr ss:[ebp-90],1
- 00402DE8 mov dword ptr ss:[ebp-80],7D0 ; 7D0(2000D
- 00402DEF call ebx
- 00402DF1 lea eax,dword ptr ss:[ebp-A8]
- 00402DF7 lea ecx,dword ptr ss:[ebp-54]
- 00402DFA push eax
- 00402DFB push ecx
- 00402DFC call edi
- 00402DFE push eax
- 00402DFF call esi
- 00402E01 movsx ebx,ax
- 00402E04 lea edx,dword ptr ss:[ebp-78]
- 00402E07 lea eax,dword ptr ss:[ebp-50]
- 00402E0A push edx
- 00402E0B push eax
- 00402E0C call edi
- 00402E0E push eax
- 00402E0F call esi
- 00402E11 movsx ecx,ax
- 00402E14 xor ebx,ecx ; ebx xor ecx
- 00402E16 lea edx,dword ptr ss:[ebp-B8]
- 00402E1C push ebx
- 00402E1D push edx
- 00402E1E call dword ptr ds:[<&MSVBVM50.#608>] ; MSVBVM50.rtcVarBstrFromAnsi
- 00402E24 lea eax,dword ptr ss:[ebp-4C]
- 00402E27 lea ecx,dword ptr ss:[ebp-B8]
- 00402E2D push eax
- 00402E2E lea edx,dword ptr ss:[ebp-C8]
- 00402E34 push ecx
- 00402E35 push edx
- 00402E36 call dword ptr ds:[<&MSVBVM50.__vbaVarCat>] ; MSVBVM50.__vbaVarCat
- 00402E3C mov edx,eax
- 00402E3E lea ecx,dword ptr ss:[ebp-4C]
- 00402E41 call dword ptr ds:[<&MSVBVM50.__vbaVarMove>>; MSVBVM50.__vbaVarMove
- 00402E47 lea eax,dword ptr ss:[ebp-54]
- 00402E4A lea ecx,dword ptr ss:[ebp-50]
- 00402E4D push eax
- 00402E4E push ecx
- 00402E4F push 2
- 00402E51 call dword ptr ds:[<&MSVBVM50.__vbaFreeStrL>; MSVBVM50.__vbaFreeStrList
- 00402E57 add esp,0C
- 00402E5A lea edx,dword ptr ss:[ebp-B8]
- 00402E60 lea eax,dword ptr ss:[ebp-A8]
- 00402E66 lea ecx,dword ptr ss:[ebp-98]
- 00402E6C push edx
- 00402E6D push eax
- 00402E6E lea edx,dword ptr ss:[ebp-88]
- 00402E74 push ecx
- 00402E75 lea eax,dword ptr ss:[ebp-78]
- 00402E78 push edx
- 00402E79 lea ecx,dword ptr ss:[ebp-68]
- 00402E7C push eax
- 00402E7D push ecx
- 00402E7E push 6
- 00402E80 call dword ptr ds:[<&MSVBVM50.__vbaFreeVarL>; MSVBVM50.__vbaFreeVarList
- 00402E86 mov dx,word ptr ss:[ebp-18]
- 00402E8A add esp,1C
- 00402E8D inc dx
- 00402E8F jo CM2.004030EC
- 00402E95 mov ebx,dword ptr ds:[<&MSVBVM50.#632>] ; MSVBVM50.rtcMidCharVar
- 00402E9B mov eax,1
- 00402EA0 add ax,word ptr ss:[ebp-3C]
- 00402EA4 mov dword ptr ss:[ebp-18],edx
- 00402EA7 mov ecx,1
- 00402EAC jo CM2.004030EC
- 00402EB2 mov dword ptr ss:[ebp-3C],eax
- 00402EB5 jmp CM2.00402D80
- 00402EBA lea eax,dword ptr ss:[ebp-4C]
- 00402EBD lea ecx,dword ptr ss:[ebp-D8]
- 00402EC3 push eax
- 00402EC4 push ecx
- 00402EC5 mov dword ptr ss:[ebp-D0],CM2.0040259C ; UNICODE "VeiajeEjbavwij"
- 00402ECF mov dword ptr ss:[ebp-D8],8008
- 00402ED9 call dword ptr ds:[<&MSVBVM50.__vbaVarTstNe>; MSVBVM50.__vbaVarTstNe
- 00402EDF test ax,ax
- 00402EE2 je CM2.00402F89 ; 爆破点
- 00402EE8 mov esi,dword ptr ds:[<&MSVBVM50.__vbaVarDu>; MSVBVM50.__vbaVarDup
- 00402EEE mov eax,80020004
- /////////////////////////////////////////////////////////////////////////
- /////////////////////////////////////////////////////////////////////////
- 1, 密码 XOR 34 = A
- 2, A XOR 2000(每一位的16进制,不足就复制一次补足) =B
- 3, B与固定字符串"VeiajeEjbavwij"比较,相等就注册成功
- /////////////////////////////////////////////////////////////////////////
- /////////////////////////////////////////////////////////////////////////
- ------------------------------------------------------------------------
- --------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?加入我们
x
|
IP卡
发表于 2006-11-22 20:56:46
提升卡
置顶卡
变色卡
千斤顶
显身卡