文章作者: killl
【破文标题】某VB英语记忆软件简单算法
【软件名称】某英语记忆软件
【破文作者】KiLlL
【破解时间】2006-01-1922:51
【破解声明】仅为技术交流之用!
【破解过程】
一些网友英语学习劲头很足,希望得到软件后能真的有所帮助。感觉好用还是去注册吧。
软件无壳,od直接载入分析。借助vbde容易定位到下面:
004F6A00>\55pushebp;按“注册”按钮来到这里
004F6A01.8BECmovebp,esp
004F6A03.83EC0Csubesp,0C
004F6A06.68F6234000push;SE句柄安装
004F6A0B.64:A100000000moveax,dwordptrfs:[0]
004F6A11.50pusheax
004F6A12.64:892500000000movdwordptrfs:[0],esp
004F6A19.81EC24010000subesp,124
这里打开数据库,如果对它感兴趣,可以打开看看:(lluoMrt.dll,密码water1243528rainy)
004F6AAC.68DCD34100pushluoSoft.0041D3DC
004F6AB1.8B08movecx,dwordptrds:[eax]
004F6AB3.68A8EA4100pushluoSoft.0041EAA8;UNICODE"Driver={MicrosoftAccessDriver(*.mdb)};dbq=lluoMrt.dll;password=water1243528rainy"
004F6AB8.50pusheax
下面是对假码处理了:
004F6AFA./7D12jgeshortluoSoft.004F6B0E
004F6AFC.|68A0000000push0A0
004F6B01.|682CD24100pushluoSoft.0041D22C
004F6B06.|56pushesi
004F6B07.|50pusheax
004F6B08.|FF1564104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaHresultCheckObj
004F6B0E>\8B45A4moveax,dwordptrss:[ebp-5C];假码
004F6B11.8D8D78FFFFFFleaecx,dwordptrss:[ebp-88]
004F6B17.894590movdwordptrss:[ebp-70],eax
004F6B1A.8D4588leaeax,dwordptrss:[ebp-78]
004F6B1D.50pusheax
004F6B1E.51pushecx
004F6B1F.897DA4movdwordptrss:[ebp-5C],edi
004F6B22.C7458808000000movdwordptrss:[ebp-78],8;trim(sn)
004F6B29.FF15BC104000calldwordptrds:[<&MSVBVM60.#520>>;MSVBVM60.rtcTrimVar
004F6B2F.8B3514104000movesi,dwordptrds:[<&MSVBVM60.__>;MSVBVM60.__vbaVarMove
004F6B35.8D9578FFFFFFleaedx,dwordptrss:[ebp-88]
004F6B3B.8D4DB8leaecx,dwordptrss:[ebp-48]
004F6B3E.FFD6callesi;<&MSVBVM60.__vbaVarMove>
004F6B40.8D4D98leaecx,dwordptrss:[ebp-68]
004F6B43.FF1534124000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaFreeObj
004F6B49.8D4D88leaecx,dwordptrss:[ebp-78]
004F6B4C.FF151C104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaFreeVar
004F6B52.8D55B8leaedx,dwordptrss:[ebp-48]
004F6B55.6A10push10
004F6B57.8D4588leaeax,dwordptrss:[ebp-78]
004F6B5A.52pushedx
004F6B5B.50pusheax
004F6B5C.FF15EC114000calldwordptrds:[<&MSVBVM60.#617>>;MSVBVM60.rtcLeftCharVar
004F6B62.8D5588leaedx,dwordptrss:[ebp-78];left(sn,0x10)
004F6B65.8D4DD8leaecx,dwordptrss:[ebp-28]
004F6B68.FFD6callesi;<&MSVBVM60.__vbaVarMove>
004F6B6A.8D4DB8leaecx,dwordptrss:[ebp-48]
004F6B6D.6A10push10
004F6B6F.8D5588leaedx,dwordptrss:[ebp-78]
004F6B72.51pushecx
004F6B73.52pushedx
004F6B74.FF1500124000calldwordptrds:[<&MSVBVM60.#619>>;MSVBVM60.rtcRightCharVar
004F6B7A.8D5588leaedx,dwordptrss:[ebp-78];right(sn,0x10)
004F6B7D.8D4DC8leaecx,dwordptrss:[ebp-38]
004F6B80.FFD6callesi;<&MSVBVM60.__vbaVarMove>
004F6B82.393D10505000cmpdwordptrds:[505010],edi
004F6B88.7510jnzshortluoSoft.004F6B9A
004F6B8A.6810505000pushluoSoft.00505010
004F6B8F.68D8714100pushluoSoft.004171D8
004F6B94.FF1584114000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaNew2
004F6B9A>8B3510505000movesi,dwordptrds:[505010]
004F6BA0.8D4D88leaecx,dwordptrss:[ebp-78]
004F6BA3.51pushecx
004F6BA4.56pushesi
004F6BA5.8B06moveax,dwordptrds:[esi]
004F6BA7.FF9024070000calldwordptrds:[eax+724];注册码生成模块
004F6BAD.3BC7cmpeax,edi
004F6BAF.DBE2fclex
004F6BB1./7D12jgeshortluoSoft.004F6BC5
004F6BB3.|6824070000push724
004F6BB8.|6878C54100pushluoSoft.0041C578
004F6BBD.|56pushesi
004F6BBE.|50pusheax
004F6BBF.|FF1564104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaHresultCheckObj
004F6BC5>\8D5588leaedx,dwordptrss:[ebp-78]
我们就跟入注册码生成模块去看看:calldwordptrds:[eax+724]
004D25B0>\55pushebp;验证注册码
004D25B1.8BECmovebp,esp
004D25B3.83EC0Csubesp,0C
004D25B6.68F6234000push;SE句柄安装
004D25BB.64:A100000000moveax,dwordptrfs:[0]
004D25C1.50pusheax
004D25C2.64:892500000000movdwordptrfs:[0],esp
004D25C9.81EC78010000subesp,178
004D25CF.53pushebx
004D25D0.56pushesi
004D25D1.57pushedi
004D25D2.8965F4movdwordptrss:[ebp-C],esp
004D25D5.C745F830184000movdwordptrss:[ebp-8],luoSoft.00>
004D25DC.33FFxoredi,edi
004D25DE.897DFCmovdwordptrss:[ebp-4],edi
004D25E1.8B7508movesi,dwordptrss:[ebp+8]
004D25E4.56pushesi
004D25E5.8B06moveax,dwordptrds:[esi]
004D25E7.FF5004calldwordptrds:[eax+4]
004D25EA.8B4D0Cmovecx,dwordptrss:[ebp+C]
004D25ED.8D8568FFFFFFleaeax,dwordptrss:[ebp-98]
004D25F3.50pusheax
004D25F4.6834FC4100pushluoSoft.0041FC34;UNICODE"C:\"
004D25F9.8939movdwordptrds:[ecx],edi;用到了这个盘符,莫非是取c盘序列号?
004D25FB.8B16movedx,dwordptrds:[esi]
果然是取c盘的序列号:
004D266A.89BD98FEFFFFmovdwordptrss:[ebp-168],edi
004D2670.89BD88FEFFFFmovdwordptrss:[ebp-178],edi
004D2676.FF9240080000calldwordptrds:[edx+840];c盘序列号
004D267C.8B8568FFFFFFmoveax,dwordptrss:[ebp-98];我的硬盘序列号98E20A49
004D2682.8B3514104000movesi,dwordptrds:[<&MSVBVM60.__>;MSVBVM60.__vbaVarMove
004D2688.8D9558FFFFFFleaedx,dwordptrss:[ebp-A8]
004D268E.8D4DBCleaecx,dwordptrss:[ebp-44]
004D2691.89BD68FFFFFFmovdwordptrss:[ebp-98],edi
004D2697.898560FFFFFFmovdwordptrss:[ebp-A0],eax
004D269D.C78558FFFFFF080>movdwordptrss:[ebp-A8],8
004D26A7.FFD6callesi;<&MSVBVM60.__vbaVarMove>
004D26A9.B901000000movecx,1
004D26AE.B802000000moveax,2
004D26B3.898DF0FEFFFFmovdwordptrss:[ebp-110],ecx
004D26B9.898DE0FEFFFFmovdwordptrss:[ebp-120],ecx
004D26BF.8D8DE8FEFFFFleaecx,dwordptrss:[ebp-118]
004D26C5.8985E8FEFFFFmovdwordptrss:[ebp-118],eax
004D26CB.8985D8FEFFFFmovdwordptrss:[ebp-128],eax
004D26D1.8D55BCleaedx,dwordptrss:[ebp-44]
004D26D4.51pushecx
004D26D5.8D8558FFFFFFleaeax,dwordptrss:[ebp-A8]
004D26DB.52pushedx
004D26DC.50pusheax;len(harddiskid)
004D26DD.FF156C104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaLenVar
004D26E3.8D8DD8FEFFFFleaecx,dwordptrss:[ebp-128]
004D26E9.50pusheax
004D26EA.8D95A8FEFFFFleaedx,dwordptrss:[ebp-158]
004D26F0.51pushecx
004D26F1.8D85B8FEFFFFleaeax,dwordptrss:[ebp-148]
004D26F7.52pushedx
004D26F8.8D8D6CFFFFFFleaecx,dwordptrss:[ebp-94]
004D26FE.50pusheax
004D26FF.51pushecx;这里有个循环
004D2700.FF158C104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaVarForInit
004D2706.8B1DC4114000movebx,dwordptrds:[<&MSVBVM60.__>;MSVBVM60.__vbaVarAdd
004D270C>3BC7cmpeax,edi
004D270E.0F84D4000000jeluoSoft.004D27E8
004D2714.8D9558FFFFFFleaedx,dwordptrss:[ebp-A8]
004D271A.8D856CFFFFFFleaeax,dwordptrss:[ebp-94]
004D2720.52pushedx
004D2721.50pusheax
004D2722.C78560FFFFFF010>movdwordptrss:[ebp-A0],1
004D272C.C78558FFFFFF020>movdwordptrss:[ebp-A8],2
004D2736.FF15B8114000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaI4Var
004D273C.8D4DBCleaecx,dwordptrss:[ebp-44]
004D273F.50pusheax
004D2740.8D9548FFFFFFleaedx,dwordptrss:[ebp-B8]
004D2746.51pushecx
004D2747.52pushedx
004D2748.FF15D8104000calldwordptrds:[<&MSVBVM60.#632>>;MSVBVM60.rtcMidCharVar
004D274E.8D8548FFFFFFleaeax,dwordptrss:[ebp-B8];mid(hc,i,1)
004D2754.8D8D68FFFFFFleaecx,dwordptrss:[ebp-98]
004D275A.50pusheax
004D275B.51pushecx
004D275C.FF156C114000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaStrVarVal
004D2762.50pusheax
004D2763.FF153C104000calldwordptrds:[<&MSVBVM60.#516>>;MSVBVM60.rtcAnsiValueBstr
004D2769.50pusheax;asc(mid(hc,i,1))
004D276A.FF1508104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaStrI2
004D2770.8D9538FFFFFFleaedx,dwordptrss:[ebp-C8];hex(asc(mid(hc,i,1)))
004D2776.8D4DDCleaecx,dwordptrss:[ebp-24]
004D2779.898540FFFFFFmovdwordptrss:[ebp-C0],eax
004D277F.C78538FFFFFF080>movdwordptrss:[ebp-C8],8
004D2789.FFD6callesi
004D278B.8D8D68FFFFFFleaecx,dwordptrss:[ebp-98]
004D2791.FF1538124000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaFreeStr
004D2797.8D9548FFFFFFleaedx,dwordptrss:[ebp-B8]
004D279D.8D8558FFFFFFleaeax,dwordptrss:[ebp-A8]
004D27A3.52pushedx
004D27A4.50pusheax
004D27A5.6A02push2
004D27A7.FF1528104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaFreeVarList
004D27AD.83C40Caddesp,0C
004D27B0.8D4DCCleaecx,dwordptrss:[ebp-34]
004D27B3.8D55DCleaedx,dwordptrss:[ebp-24]
004D27B6.8D8558FFFFFFleaeax,dwordptrss:[ebp-A8]
004D27BC.51pushecx
004D27BD.52pushedx
004D27BE.50pusheax
004D27BF.FFD3callebx
004D27C1.8BD0movedx,eax
004D27C3.8D4DCCleaecx,dwordptrss:[ebp-34]
004D27C6.FFD6callesi
004D27C8.8D8DA8FEFFFFleaecx,dwordptrss:[ebp-158];tmp=tmp+hex(asc(mid(hc,i,1)))
004D27CE.8D95B8FEFFFFleaedx,dwordptrss:[ebp-148]
004D27D4.51pushecx
004D27D5.8D856CFFFFFFleaeax,dwordptrss:[ebp-94]
004D27DB.52pushedx
004D27DC.50pusheax
004D27DD.FF152C124000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaVarForNext
004D27E3.^E924FFFFFFjmpluoSoft.004D270C
004D27E8>B901000000movecx,1
004D27ED.B802000000moveax,2
004D27F2.898DF0FEFFFFmovdwordptrss:[ebp-110],ecx
这里是第一个循环,总结一下:
Fori=1ToLen(mc)
Tmp=Tmp+CStr(Asc(Mid$(mc,i,1)))
Next
我的硬盘序列号是98E20A49,得到的tmp是"5756695048655257"
接着还是一个循环:
004D27F2.898DF0FEFFFFmovdwordptrss:[ebp-110],ecx
004D27F8.898DE0FEFFFFmovdwordptrss:[ebp-120],ecx
004D27FE.8D8DE8FEFFFFleaecx,dwordptrss:[ebp-118]
004D2804.8985E8FEFFFFmovdwordptrss:[ebp-118],eax
004D280A.8985D8FEFFFFmovdwordptrss:[ebp-128],eax
004D2810.8D55CCleaedx,dwordptrss:[ebp-34]
004D2813.51pushecx
004D2814.8D8558FFFFFFleaeax,dwordptrss:[ebp-A8]
004D281A.52pushedx;tmp="5756695048655257"
004D281B.50pusheax
004D281C.FF156C104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaLenVar
004D2822.8D8DD8FEFFFFleaecx,dwordptrss:[ebp-128];len(tmp)
004D2828.50pusheax
004D2829.8D9588FEFFFFleaedx,dwordptrss:[ebp-178]
004D282F.51pushecx
004D2830.8D8598FEFFFFleaeax,dwordptrss:[ebp-168]
004D2836.52pushedx
004D2837.8D4D8Cleaecx,dwordptrss:[ebp-74]
004D283A.50pusheax
004D283B.51pushecx;第二个循环
004D283C.FF158C104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaVarForInit
004D2842>3BC7cmpeax,edi
004D2844.0F8446010000jeluoSoft.004D2990
004D284A.8D9558FFFFFFleaedx,dwordptrss:[ebp-A8]
004D2850.8D458Cleaeax,dwordptrss:[ebp-74]
004D2853.52pushedx
004D2854.50pusheax
004D2855.C78560FFFFFF010>movdwordptrss:[ebp-A0],1
004D285F.C78558FFFFFF020>movdwordptrss:[ebp-A8],2
004D2869.FF15B8114000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaI4Var
004D286F.8D4DCCleaecx,dwordptrss:[ebp-34]
004D2872.50pusheax
004D2873.8D9548FFFFFFleaedx,dwordptrss:[ebp-B8]
004D2879.51pushecx
004D287A.52pushedx
004D287B.FF15D8104000calldwordptrds:[<&MSVBVM60.#632>>;MSVBVM60.rtcMidCharVar
004D2881.8D8548FFFFFFleaeax,dwordptrss:[ebp-B8];mid(tmp,i,2)
004D2887.50pusheax
004D2888.FF153C124000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaI4ErrVar
004D288E.8985D0FEFFFFmovdwordptrss:[ebp-130],eax
004D2894.B803000000moveax,3
004D2899.8D8DC8FEFFFFleaecx,dwordptrss:[ebp-138]
004D289F.8985C8FEFFFFmovdwordptrss:[ebp-138],eax
004D28A5.8985E0FEFFFFmovdwordptrss:[ebp-120],eax
004D28AB.8D558Cleaedx,dwordptrss:[ebp-74]
004D28AE.51pushecx
004D28AF.8D85D8FEFFFFleaeax,dwordptrss:[ebp-128]
004D28B5.52pushedx
004D28B6.8D8D38FFFFFFleaecx,dwordptrss:[ebp-C8]
004D28BC.50pusheax
004D28BD.51pushecx
004D28BE.C785D8FEFFFF020>movdwordptrss:[ebp-128],2
004D28C8.FFD3callebx;i+3ADD
004D28CA.8D9528FFFFFFleaedx,dwordptrss:[ebp-D8]
004D28D0.50pusheax
004D28D1.52pushedx;(i+3)*asc(mid(tmp,i,2))
004D28D2.FF1530114000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaVarMul
004D28D8.8BD0movedx,eax;0x23=35=5*7
004D28DA.8D8D18FFFFFFleaecx,dwordptrss:[ebp-E8]
004D28E0.FFD6callesi
004D28E2.8D8518FFFFFFleaeax,dwordptrss:[ebp-E8]
004D28E8.57pushedi
004D28E9.8D8D08FFFFFFleaecx,dwordptrss:[ebp-F8]
004D28EF.50pusheax
004D28F0.51pushecx
004D28F1.FF1558114000calldwordptrds:[<&MSVBVM60.#714>>;MSVBVM60.rtcRound
004D28F7.8D9508FFFFFFleaedx,dwordptrss:[ebp-F8]
004D28FD.52pushedx
004D28FE.FF1540104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaStrErrVarCopy
004D2904.8D95F8FEFFFFleaedx,dwordptrss:[ebp-108];0x23->35
004D290A.8D4DACleaecx,dwordptrss:[ebp-54]
004D290D.898500FFFFFFmovdwordptrss:[ebp-100],eax
004D2913.C785F8FEFFFF080>movdwordptrss:[ebp-108],8
004D291D.FFD6callesi
004D291F.8D8508FFFFFFleaeax,dwordptrss:[ebp-F8]
004D2925.8D8D08FFFFFFleaecx,dwordptrss:[ebp-F8]
004D292B.50pusheax
004D292C.8D9518FFFFFFleaedx,dwordptrss:[ebp-E8]
004D2932.51pushecx
004D2933.8D8538FFFFFFleaeax,dwordptrss:[ebp-C8]
004D2939.52pushedx
004D293A.8D8D48FFFFFFleaecx,dwordptrss:[ebp-B8]
004D2940.50pusheax
004D2941.8D9548FFFFFFleaedx,dwordptrss:[ebp-B8]
004D2947.51pushecx
004D2948.8D8558FFFFFFleaeax,dwordptrss:[ebp-A8]
004D294E.52pushedx
004D294F.50pusheax
004D2950.6A07push7
004D2952.FF1528104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaFreeVarList
004D2958.83C420addesp,20
004D295B.8D4D9Cleaecx,dwordptrss:[ebp-64]
004D295E.8D55ACleaedx,dwordptrss:[ebp-54]
004D2961.8D8558FFFFFFleaeax,dwordptrss:[ebp-A8]
004D2967.51pushecx
004D2968.52pushedx
004D2969.50pusheax
004D296A.FFD3callebx
004D296C.8BD0movedx,eax
004D296E.8D4D9Cleaecx,dwordptrss:[ebp-64]
004D2971.FFD6callesi
004D2973.8D8D88FEFFFFleaecx,dwordptrss:[ebp-178]
004D2979.8D9598FEFFFFleaedx,dwordptrss:[ebp-168]
004D297F.51pushecx
004D2980.8D458Cleaeax,dwordptrss:[ebp-74]
004D2983.52pushedx
004D2984.50pusheax
004D2985.FF152C124000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaVarForNext
004D298B.^E9B2FEFFFFjmpluoSoft.004D2842
004D2990>8D4D9Cleaecx,dwordptrss:[ebp-64]
004D2993.8D95E8FEFFFFleaedx,dwordptrss:[ebp-118]
总结一下:
Fori=1ToLen(Tmp)
str=str&(i+3)*CInt(Mid$(Tmp,i,1))
Next
我的tmp是5756695048655257,得到的str="203530424881500481048475803490133"
004D2990>\8D4D9Cleaecx,dwordptrss:[ebp-64];为了防止硬盘序列号不够长
004D2993.8D95E8FEFFFFleaedx,dwordptrss:[ebp-118]
004D2999.51pushecx
004D299A.8D8558FFFFFFleaeax,dwordptrss:[ebp-A8]
004D29A0.52pushedx
004D29A1.50pusheax;str="203530424881500481048475803490133"
004D29A2.C785F0FEFFFF40F>movdwordptrss:[ebp-110],luoSoft.>;内置固定串"245756846563458546"
004D29AC.C785E8FEFFFF080>movdwordptrss:[ebp-118],8
004D29B6.FFD3callebx;ADD,连接两个串
004D29B8.8BD0movedx,eax;"203530424881500481048475803490133245756846563458546"
004D29BA.8D8D7CFFFFFFleaecx,dwordptrss:[ebp-84]
004D29C0.FFD6callesi
004D29C2.68782A4D00pushluoSoft.004D2A78
004D29C7.EB5BjmpshortluoSoft.004D2A24
把上面两个循环得到的字符串连接固定串"245756846563458546"。得到:"203530424881500481048475803490133245756846563458546"
这个call就结束了。
再回到调用的程序段看看:
004F6BA7.FF9024070000calldwordptrds:[eax+724];注册码验证模块
004F6BAD.3BC7cmpeax,edi
004F6BAF.DBE2fclex
004F6BB1.7D12jgeshortluoSoft.004F6BC5
004F6BB3.6824070000push724
004F6BB8.6878C54100pushluoSoft.0041C578
004F6BBD.56pushesi
004F6BBE.50pusheax
004F6BBF.FF1564104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaHresultCheckObj
004F6BC5>8D5588leaedx,dwordptrss:[ebp-78]
004F6BC8.6A10push10
004F6BCA.8D8578FFFFFFleaeax,dwordptrss:[ebp-88]
004F6BD0.52pushedx
004F6BD1.50pusheax;left(sn,0x10),这里是真码
004F6BD2.FF15EC114000calldwordptrds:[<&MSVBVM60.#617>>;MSVBVM60.rtcLeftCharVar
004F6BD8.8D4DD8leaecx,dwordptrss:[ebp-28]
004F6BDB.8D9578FFFFFFleaedx,dwordptrss:[ebp-88]
004F6BE1.51pushecx
004F6BE2.52pushedx
004F6BE3.FF15F0104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaVarTstEq
004F6BE9.66:8BF0movsi,ax
004F6BEC.8D8578FFFFFFleaeax,dwordptrss:[ebp-88]
004F6BF2.8D4D88leaecx,dwordptrss:[ebp-78]
004F6BF5.50pusheax
004F6BF6.51pushecx
004F6BF7.6A02push2
004F6BF9.FF1528104000calldwordptrds:[<&MSVBVM60.__vba>;MSVBVM60.__vbaFreeVarList
004F6BFF.83C40Caddesp,0C
004F6C02.66:3BF7cmpsi,di
004F6C05.0F8482070000jeluoSoft.004F738D
真码出现了,可以做内存注册机。很简单,把你输入的注册码跟刚才的字串前16位相比较,相等就注册成功了。
但是直接把这个注册码输入,怎么不正确呢?
接着看:
004F6C1D.C7459020000000movdwordptrss:[ebp-70],20
004F6C24.C7458802000000movdwordptrss:[ebp-78],2
004F6C2B.FF92F8060000calldwordptrds:[edx+6F8];md5(sn)
004F6C31.3BC7cmpeax,edi
004F6C33.7D12jgeshortluoSoft.004F6C47
004F6C35.68F8060000push6F8
004F6C3A.68E8E94100pushluoSoft.0041E9E8
004F6C3F.53pushebx
004F6C40.50pusheax
004F6C41.FF1564104000calldwordptrds:[<&MSVBVM60.__vbaHresul>;MSVBVM60.__vbaHresultCheckObj
004F6C47>397DE8cmpdwordptrss:[ebp-18],edi
004F6C4A.750FjnzshortluoSoft.004F6C5B
004F6C4C.8D4DE8leaecx,dwordptrss:[ebp-18]
004F6C4F.51pushecx
004F6C50.681CCD4100pushluoSoft.0041CD1C
004F6C55.FF1584114000calldwordptrds:[<&MSVBVM60.__vbaNew2>];MSVBVM60.__vbaNew2
004F6C5B>8B75E8movesi,dwordptrss:[ebp-18]
004F6C5E.8D8D48FFFFFFleaecx,dwordptrss:[ebp-B8]
004F6C64.C78550FFFFFF040>movdwordptrss:[ebp-B0],80020004
004F6C6E.C78548FFFFFF0A0>movdwordptrss:[ebp-B8],0A
004F6C78.FF15CC114000calldwordptrds:[<&MSVBVM60.__vbaFreeVa>;MSVBVM60.__vbaFreeVarg
004F6C7E.B808000000moveax,8
004F6C83.8D5598leaedx,dwordptrss:[ebp-68]
004F6C86.898518FFFFFFmovdwordptrss:[ebp-E8],eax
004F6C8C.898508FFFFFFmovdwordptrss:[ebp-F8],eax
004F6C92.52pushedx
004F6C93.8D8548FFFFFFleaeax,dwordptrss:[ebp-B8]
004F6C99.6AFFpush-1
004F6C9B.8D8D18FFFFFFleaecx,dwordptrss:[ebp-E8]
004F6CA1.50pusheax
004F6CA2.8D9578FFFFFFleaedx,dwordptrss:[ebp-88]
004F6CA8.51pushecx
004F6CA9.8D8568FFFFFFleaeax,dwordptrss:[ebp-98]
004F6CAF.52pushedx
004F6CB0.C78520FFFFFFB81>movdwordptrss:[ebp-E0],luoSoft.004214B>;UNICODE"select*fromtbRegNumwhereregMa='"
004F6CBA.C78510FFFFFF98E>movdwordptrss:[ebp-F0],luoSoft.0041E09>
004F6CC4.8B1Emovebx,dwordptrds:[esi]
004F6CC6.50pusheax
004F6CC7.FF15C4114000calldwordptrds:[<&MSVBVM60.__vbaVarAdd>;MSVBVM60.__vbaVarAdd
004F6CCD.8D8D08FFFFFFleaecx,dwordptrss:[ebp-F8];"select*fromtbRegNumwhereregMa='377134c7c22070cde94a5ba7523241c0"
004F6CD3.50pusheax
004F6CD4.8D9558FFFFFFleaedx,dwordptrss:[ebp-A8]
004F6CDA.51pushecx
004F6CDB.52pushedx
004F6CDC.FF15C4114000calldwordptrds:[<&MSVBVM60.__vbaVarAdd>;MSVBVM60.__vbaVarAdd
004F6CE2.50pusheax
004F6CE3.8D45A4leaeax,dwordptrss:[ebp-5C]
004F6CE6.50pusheax
004F6CE7.FF156C114000calldwordptrds:[<&MSVBVM60.__vbaStrVar>;MSVBVM60.__vbaStrVarVal
004F6CED.50pusheax
004F6CEE.56pushesi;运行sql
004F6CEF.FF5340calldwordptrds:[ebx+40]
004F6CF2.3BC7cmpeax,edi
004F6CF4.DBE2fclex
004F6CF6.7D0FjgeshortluoSoft.004F6D07
这里打开数据库里面的表tbRegNum,并检索regMa字段,看看有没有md5(sn)这条记录。我们打开数据库看看,发现有好多条记录,但是似乎没有我们的:
004F6CF8.6A40push40
004F6CFA.6854D34100pushluoSoft.0041D354
004F6CFF.56pushesi
004F6D00.50pusheax
004F6D01.FF1564104000calldwordptrds:[<&MSVBVM60.__vbaHresul>;MSVBVM60.__vbaHresultCheckObj
004F6D07>8B4598moveax,dwordptrss:[ebp-68]
004F6D0A.8D4DA8leaecx,dwordptrss:[ebp-58]
004F6D0D.50pusheax
004F6D0E.51pushecx
004F6D0F.897D98movdwordptrss:[ebp-68],edi
004F6D12.FF1590114000calldwordptrds:[<&MSVBVM60.__vbaVarSet>;MSVBVM60.__vbaVarSetObj
004F6D18.8D4DA4leaecx,dwordptrss:[ebp-5C]
004F6D1B.FF1538124000calldwordptrds:[<&MSVBVM60.__vbaFreeSt>;MSVBVM60.__vbaFreeStr
004F6D21.8B1D28104000movebx,dwordptrds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeVarList
004F6D27.8D9548FFFFFFleaedx,dwordptrss:[ebp-B8]
004F6D2D.8D8558FFFFFFleaeax,dwordptrss:[ebp-A8]
004F6D33.52pushedx
004F6D34.8D8D68FFFFFFleaecx,dwordptrss:[ebp-98]
004F6D3A.50pusheax
004F6D3B.8D9578FFFFFFleaedx,dwordptrss:[ebp-88]
004F6D41.51pushecx
004F6D42.8D4588leaeax,dwordptrss:[ebp-78]
004F6D45.52pushedx
004F6D46.50pusheax
004F6D47.6A05push5
004F6D49.FFD3callebx;<&MSVBVM60.__vbaFreeVarList>
004F6D4B.57pushedi
004F6D4C.8D4DA8leaecx,dwordptrss:[ebp-58]
004F6D4F.685CD44100pushluoSoft.0041D45C;UNICODE"EOF"
004F6D54.8D5588leaedx,dwordptrss:[ebp-78]
004F6D57.51pushecx
004F6D58.52pushedx
004F6D59.FF15E0114000calldwordptrds:[<&MSVBVM60.__vbaVarLat>;MSVBVM60.__vbaVarLateMemCallLd
004F6D5F.83C428addesp,28
004F6D62.50pusheax
004F6D63.8D8578FFFFFFleaeax,dwordptrss:[ebp-88]
004F6D69.50pusheax
004F6D6A.FF15A0114000calldwordptrds:[<&MSVBVM60.__vbaVarNot>;MSVBVM60.__vbaVarNot
004F6D70.50pusheax
004F6D71.FF15C0104000calldwordptrds:[<&MSVBVM60.__vbaBoolVa>;MSVBVM60.__vbaBoolVarNull
004F6D77.8D4D88leaecx,dwordptrss:[ebp-78]
004F6D7A.66:8BF0movsi,ax
004F6D7D.FF151C104000calldwordptrds:[<&MSVBVM60.__vbaFreeVa>;MSVBVM60.__vbaFreeVar
004F6D83.66:3BF7cmpsi,di;判断数据库内是否存在这个注册码
004F6D86.0F842B050000jeluoSoft.004F72B7;没有则跳走了,注册失败
这里没有你的记录就跳走了。如果存在你的记录,那么:
004F6D8C.397DE8cmpdwordptrss:[ebp-18],edi
004F6D8F.750FjnzshortluoSoft.004F6DA0
004F6D91.8D4DE8leaecx,dwordptrss:[ebp-18]
004F6D94.51pushecx
004F6D95.681CCD4100pushluoSoft.0041CD1C
004F6D9A.FF1584114000calldwordptrds:[<&MSVBVM60.__vbaNew2>];MSVBVM60.__vbaNew2
004F6DA0>8B75E8movesi,dwordptrss:[ebp-18]
004F6DA3.8D8D78FFFFFFleaecx,dwordptrss:[ebp-88]
004F6DA9.C7458004000280movdwordptrss:[ebp-80],80020004
004F6DB0.C78578FFFFFF0A0>movdwordptrss:[ebp-88],0A
004F6DBA.FF15CC114000calldwordptrds:[<&MSVBVM60.__vbaFreeVa>;MSVBVM60.__vbaFreeVarg
004F6DC0.8D5598leaedx,dwordptrss:[ebp-68]
004F6DC3.B908000000movecx,8
004F6DC8.52pushedx
004F6DC9.8D9578FFFFFFleaedx,dwordptrss:[ebp-88]
004F6DCF.6AFFpush-1
004F6DD1.52pushedx
004F6DD2.68500E4200pushluoSoft.00420E50;UNICODE"updatetbRegNumsetusered=1whereId="
004F6DD7.898D28FFFFFFmovdwordptrss:[ebp-D8],ecx
004F6DDD.83EC10subesp,10
004F6DE0.B844EF4100moveax,luoSoft.0041EF44;UNICODE"Id"
004F6DE5.8BD4movedx,esp
004F6DE7.898530FFFFFFmovdwordptrss:[ebp-D0],eax
004F6DED.8B1Emovebx,dwordptrds:[esi]
004F6DEF.6A01push1
004F6DF1.890Amovdwordptrds:[edx],ecx
004F6DF3.8B8D2CFFFFFFmovecx,dwordptrss:[ebp-D4]
004F6DF9.894A04movdwordptrds:[edx+4],ecx
004F6DFC.8D4DA8leaecx,dwordptrss:[ebp-58]
004F6DFF.51pushecx
004F6E00.894208movdwordptrds:[edx+8],eax
004F6E03.8B8534FFFFFFmoveax,dwordptrss:[ebp-CC]
004F6E09.89420Cmovdwordptrds:[edx+C],eax
004F6E0C.8D5588leaedx,dwordptrss:[ebp-78]
004F6E0F.52pushedx
004F6E10.FF15B0104000calldwordptrds:[<&MSVBVM60.__vbaVarInd>;MSVBVM60.__vbaVarIndexLoad
004F6E16.83C41Caddesp,1C
004F6E19.50pusheax
004F6E1A.FF1540104000calldwordptrds:[<&MSVBVM60.__vbaStrErr>;MSVBVM60.__vbaStrErrVarCopy
004F6E20.8B3DF4114000movedi,dwordptrds:[<&MSVBVM60.__vbaStr>;MSVBVM60.__vbaStrMove
004F6E26.8BD0movedx,eax
004F6E28.8D4DA4leaecx,dwordptrss:[ebp-5C]
004F6E2B.FFD7calledi;<&MSVBVM60.__vbaStrMove>
004F6E2D.50pusheax
004F6E2E.FF1550104000calldwordptrds:[<&MSVBVM60.__vbaStrCat>;MSVBVM60.__vbaStrCat
004F6E34.8BD0movedx,eax
004F6E36.8D4DA0leaecx,dwordptrss:[ebp-60]
004F6E39.FFD7calledi;<&MSVBVM60.__vbaStrMove>
004F6E3B.50pusheax
004F6E3C.68DCD34100pushluoSoft.0041D3DC
004F6E41.FF1550104000calldwordptrds:[<&MSVBVM60.__vbaStrCat>;MSVBVM60.__vbaStrCat
004F6E47.8BD0movedx,eax
004F6E49.8D4D9Cleaecx,dwordptrss:[ebp-64]
004F6E4C.FFD7calledi;<&MSVBVM60.__vbaStrMove>
004F6E4E.50pusheax
004F6E4F.56pushesi
004F6E50.FF5340calldwordptrds:[ebx+40]
004F6E53.33FFxoredi,edi
004F6E55.3BC7cmpeax,edi
004F6E57.DBE2fclex
004F6E59.7D0FjgeshortluoSoft.004F6E6A
004F6E5B.6A40push40
004F6E5D.6854D34100pushluoSoft.0041D354
004F6E62.56pushesi
004F6E63.50pusheax
004F6E64.FF1564104000calldwordptrds:[<&MSVBVM60.__vbaHresul>;MSVBVM60.__vbaHresultCheckObj
004F6E6A>8D459Cleaeax,dwordptrss:[ebp-64]
004F6E6D.8D4DA0leaecx,dwordptrss:[ebp-60]
004F6E70.50pusheax
004F6E71.8D55A4leaedx,dwordptrss:[ebp-5C]
004F6E74.51pushecx
004F6E75.52pushedx
004F6E76.6A03push3
004F6E78.FF159C114000calldwordptrds:[<&MSVBVM60.__vbaFreeSt>;MSVBVM60.__vbaFreeStrList
004F6E7E.83C410addesp,10
004F6E81.8D4D98leaecx,dwordptrss:[ebp-68]
004F6E84.FF1534124000calldwordptrds:[<&MSVBVM60.__vbaFreeOb>;MSVBVM60.__vbaFreeObj
004F6E8A.8D8578FFFFFFleaeax,dwordptrss:[ebp-88]
004F6E90.8D4D88leaecx,dwordptrss:[ebp-78]
004F6E93.50pusheax
004F6E94.51pushecx
004F6E95.6A02push2
004F6E97.FF1528104000calldwordptrds:[<&MSVBVM60.__vbaFreeVa>;MSVBVM60.__vbaFreeVarList
004F6E9D.8B45E8moveax,dwordptrss:[ebp-18]
004F6EA0.83C40Caddesp,0C
004F6EA3.3BC7cmpeax,edi
004F6EA5.750FjnzshortluoSoft.004F6EB6
004F6EA7.8D55E8leaedx,dwordptrss:[ebp-18]
004F6EAA.52pushedx
004F6EAB.681CCD4100pushluoSoft.0041CD1C
004F6EB0.FF1584114000calldwordptrds:[<&MSVBVM60.__vbaNew2>];MSVBVM60.__vbaNew2
004F6EB6>8B1DCC114000movebx,dwordptrds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeVarg
004F6EBC.8B75E8movesi,dwordptrss:[ebp-18]
004F6EBF.8D4D88leaecx,dwordptrss:[ebp-78]
004F6EC2.C7459004000280movdwordptrss:[ebp-70],80020004
004F6EC9.C745880A000000movdwordptrss:[ebp-78],0A
004F6ED0.FFD3callebx;<&MSVBVM60.__vbaFreeVarg>
004F6ED2.8B06moveax,dwordptrds:[esi]
004F6ED4.8D4D98leaecx,dwordptrss:[ebp-68]
004F6ED7.51pushecx
004F6ED8.8D5588leaedx,dwordptrss:[ebp-78]
004F6EDB.6AFFpush-1
004F6EDD.52pushedx
004F6EDE.68A40E4200pushluoSoft.00420EA4;UNICODE"deletefromtbReg"
004F6EE3.56pushesi
004F6EE4.FF5040calldwordptrds:[eax+40]
004F6EE7.3BC7cmpeax,edi
004F6EE9.DBE2fclex
004F6EEB.7D0FjgeshortluoSoft.004F6EFC
004F6EED.6A40push40
004F6EEF.6854D34100pushluoSoft.0041D354
004F6EF4.56pushesi
004F6EF5.50pusheax
004F6EF6.FF1564104000calldwordptrds:[<&MSVBVM60.__vbaHresul>;MSVBVM60.__vbaHresultCheckObj
004F6EFC>8D4D98leaecx,dwordptrss:[ebp-68]
004F6EFF.FF1534124000calldwordptrds:[<&MSVBVM60.__vbaFreeOb>;MSVBVM60.__vbaFreeObj
004F6F05.8D4D88leaecx,dwordptrss:[ebp-78]
004F6F08.FF151C104000calldwordptrds:[<&MSVBVM60.__vbaFreeVa>;MSVBVM60.__vbaFreeVar
004F6F0E.397DE8cmpdwordptrss:[ebp-18],edi
004F6F11.750FjnzshortluoSoft.004F6F22
004F6F13.8D45E8leaeax,dwordptrss:[ebp-18]
004F6F16.50pusheax
004F6F17.681CCD4100pushluoSoft.0041CD1C
004F6F1C.FF1584114000calldwordptrds:[<&MSVBVM60.__vbaNew2>];MSVBVM60.__vbaNew2
004F6F22>8B75E8movesi,dwordptrss:[ebp-18]
004F6F25.8D8D68FFFFFFleaecx,dwordptrss:[ebp-98]
004F6F2B.C78570FFFFFF040>movdwordptrss:[ebp-90],80020004
004F6F35.C78568FFFFFF0A0>movdwordptrss:[ebp-98],0A
004F6F3F.FFD3callebx
004F6F41.B808000000moveax,8
004F6F46.8D4D98leaecx,dwordptrss:[ebp-68]
004F6F49.898528FFFFFFmovdwordptrss:[ebp-D8],eax
004F6F4F.898518FFFFFFmovdwordptrss:[ebp-E8],eax
004F6F55.51pushecx
004F6F56.8D9568FFFFFFleaedx,dwordptrss:[ebp-98]
004F6F5C.6AFFpush-1
004F6F5E.8D8528FFFFFFleaeax,dwordptrss:[ebp-D8]
004F6F64.52pushedx
004F6F65.8D4DB8leaecx,dwordptrss:[ebp-48]
004F6F68.50pusheax
004F6F69.8D5588leaedx,dwordptrss:[ebp-78]
004F6F6C.51pushecx;插入数据库,你的注册码
004F6F6D.C78530FFFFFFCC0>movdwordptrss:[ebp-D0],luoSoft.00420EC>;UNICODE"insertintotbReg(regNum)values('"
004F6F77.C78520FFFFFF28F>movdwordptrss:[ebp-E0],luoSoft.0041F32>;UNICODE"')"
004F6F81.8B1Emovebx,dwordptrds:[esi]
现在终于明白了,注册码正确的同时需要数据库里面有你的注册记录。就是说表tbRegNum里面必须有你注册码的md5这条记录,否则还是注册不成功。所以要想注册,你要做的是算注册码,把注册码的md5值写入数据库。
