來一篇VB的破解教程，看看作者的斷點下到了什麼地方，得好好消化消化了，嘿嘿，喜歡VB的和痛恨VB的都來看看... (9千字)

標題: 來一篇VB的破解教程，看看作者的斷點下到了什麼地方，得好好消化消化了，嘿嘿，喜歡VB的和痛恨VB的都來看看哦。（轉帖）

內容:

THE LESS ATTITUDE OF FISHING SERIAL NUMBER

Andy v2.17
A Piratical Tutes
by ASTAGA [CiA/TTM] - The Tutorial Machine

WHAT THE ROCK SAYS

Andy is a Windows Rename utility especially designed
for managing picture and music files.

Features:

o Rename Files or Folders in a Single Click
o Rename Files or Folders using Sequential Numbering or Lettering
o Create New Names based on the Original Name
o Change the Case of File or Folder Names
o Word List support and user template for Change Case
o Set the File Date and Time
o Set the File or Folder Attributes
o Move, Copy and Delete Files or Folders
o Rename Files and Folders with Search and Replace
o Arrange Pictures for numbering via Thumbnail Images
o Full size Picture Viewer linked to the Rename List
o Edit MP3 Tags
o Subfolder Support for most Actions
o MS Office Style Toolbars
o Drag and Drop Support
o Favorites List
o Template support for saving and reusing New Names
o Plus much More!

o

!!WARNING!!
Andy does exactly what you tell it. If you rename, delete
or move system or software files... your computer may stop
functioning.

SMELL THE ROCK

Realm Softwarre
http://www.realm-online.com/html/products/andyintro.htm
http://www.realm-online.com/html/products/andydown.htm
http://www.realm-online.com/ftp/Andy217.exe
(1.7Mb) - 2/6/2001

THE DUSTY ROADS

o Andy was developed using Visual Basic 6.0 (Service Pack 4).
Visual Basic 6.0 requires a one time installation of the
VB6 runtime library. If your using other Visual Basic 6.0
software you don't need to install the library again.
It won't hurt to install the library again if your unsure.
Download (vbrun60sp4.exe) :
http://www.realm-online.com/ftp/vbrun60sp4.exe

o When the program is VB then try SoftIce first.
When the going gets tough try SmartCheck.
When the tough gets tough decompiled them.
When frustrated comes, buy the program!
( ASTAGA 7388:1050 HELL YEAH )

o This is my experiment on finding valid s/n over VB6
based program.
All you have to do is break within MSVBVM60.DLL
function ( you can set breakpoint that may posible
i.e __vbastrcopy ; __vbastrmove ; etc. - please read
Eternal Bliss' essay ); then do a search byte and
finally press F5 or F11 keys around 27 times.
And there lies your real code in EDI register.

o

THIS IS A SMELL OF THE ROCK

Run ANDY.EXE, in the registration dialog box type
these below informations :

User Name : Red Rackham
Reg Code : 73881050

Do not click OK button yet

Load SoftIce, set a breakpoint as follow :

: BPX HEAPFREE [enter]
F5 to return to the main program

Now, click OK button, you'll return back into SoftIce!
Within SoftIce press F5 2 times then F11 once, until
you see and break at these below snippet codes :

______________________________________________________________

015F:6602CB07 FF15C4100066 CALL [KERNEL32!HeapFree]
015F:6602CB0D 8BC6 MOV EAX,ESI
015F:6602CB0F 5F POP EDI
015F:6602CB10 5E POP ESI
015F:6602CB11 5D POP EBP
015F:6602CB12 C20C00 RET 000C ==> F10
...
015F:6605F1A3 E80FD9FCFF CALL 6602CAB7
015F:6605F1A8 C20800 RET 0008 ==> F10
...
015F:004F653A FF92A0000000 CALL [EDX+000000A0] <== bpx here
015F:004F6540 DBE2 FCLEX <== break here
015F:004F6542 898514FFFFFF MOV [EBP-00EC],EAX
015F:004F6548 83BD14FFFFFF00 CMP DWORD PTR [EBP-00EC],00
015F:004F654F 7D26 JGE 004F6577
015F:004F6551 68A0000000 PUSH 000000A0
015F:004F6556 68C4EB4400 PUSH 0044EBC4
015F:004F655B 8B8D18FFFFFF MOV ECX,[EBP-00E8]
015F:004F6561 51 PUSH ECX
015F:004F6562 8B9514FFFFFF MOV EDX,[EBP-00EC]
015F:004F6568 52 PUSH EDX
015F:004F6569 FF1588104000 CALL [MSVBVM60!__vbaHresultCheckObj]
015F:004F656F 8985D0FEFFFF MOV [EBP-0130],EAX
015F:004F6575 EB0A JMP 004F6581
015F:004F6577 C785D0FEFFFF00
000000 MOV DWORD PTR [EBP-0130],00000000
015F:004F6581 8B45D4 MOV EAX,[EBP-2C]
015F:004F6584 8985E8FEFFFF MOV [EBP-0118],EAX
015F:004F658A C745D400000000 MOV DWORD PTR [EBP-2C],00000000
015F:004F6591 8B8DE8FEFFFF MOV ECX,[EBP-0118]
015F:004F6597 894DB4 MOV [EBP-4C],ECX
...
_____________________________________________________________________

When you break on HEAPFREE just step pass those 2 RET commands
and set a new breakpoint as follows :

: bd * [enter]
: bpx 015F:004F653A

Start tracing by pressing F10 - stop at 015F:004F6584 - dump
EAX register :

: d eax [enter] ==> your name appear at virtual
address 0167:0058A590.

Still at 015F:004F6584, do a search byte and type in the
Command Line as follows :

: S 0 L FFFFFFFFFFFFFFF F3 66 A7 74 05 1B C0 [enter]
Pattern found at 0167:653C2E2E (653C2E2E)

: bd * [enter]
: bpx 0167:653C2E2E [enter]
Press F5 to let SoftIce break into new location

If nothing goes wrong you'll break at these below snippet
codes :

EAX=00000000 EBX=00000010 ECX=00000008 ESI=0058A0F8
EDI=110085EC EBP=0077D96C ESP=0077D95C o d I s Z a P c
CS=015F DS=0167 SS=0167 ES=0167 FS=391F GS=0000
------------------------------dword-------------PROT---(0)--

0167:653C2E2E 74A766F3 83C01B05 167D457F .f.t........E}.
0167:653C2E3E 5E5FC033 10C2C95B EBFC4589 3._^[.....F..E..
0167:653C2E4E FC598BAF C2F6B3EB 4D8B0845 ..Y......t#.E..M
...
...
------------------------------------------------------------
015F:653C2E2C 33C0 XOR EAX,EAX
015F:653C2E2E F366A7 REPZ CMPSW <=== break here
015F:653C2E31 7405 JZ 653C2E38
...
____________________________________________________________
Break due to BPX #0167:653C2E2E

While break at 015F:653C2E2E, press F5 or F11 keys around
27 TIMES (!!!), during this action you'll see that value
in EDI register were changed.
At the 27th of pressing F5 key you'll see EDI=0057A638.
Now, it's time to check what is inside EDI and ESI
registers :

: d edi [enter] ==> did you see 1.2.5.1.-.2.2.1.1.-.6.9.2.1
at virtual address 0167:0057A638 ?
Write it down.

: d esi [enter] ==> your fake 7.3.8.8.1.0.5.0. at virtual
address 0167:0058BDF0

Upto this step I have no intention to continue tracing the
rest codes.
The above facts is too obvious that your fake code is
(being) compared with the real one.
It's your turn to check JZ instruction at 015F:653C2E31
whether brings you to beggar-off message or not.
Further, iam not sure whether the above REPZ CMPSW at
015F:653C2E2E is similar to Razzia's (VB3/4) comparison
address.

GIVE ME THE HELL YEAH

Let's register this program by keyed-in 1251-2211-6921
as your reg.code.
Click OK button .... there you're registered.

THE ROCK BASE HOUSE

The correct registration code is stored in the registry
as follows :
REGEDIT14
[HKEY_LOCAL_MACHINE\Software\Software.pair.com\Soft-Guard1.10
\=E 29}swj?S-$Fp.";7 2%P?";P$0]Xm5PTS`8"`_HI(PL$&%^\
LicensedUsers]
"User1"="Red Rackham"
"Code1"=",{{m,I{,I{$&{," <== 1251-2211-6921
"User2"="Virtual Realm"
"Code2"=",{{N{I{mI{w${7" <== 1231-1511-9801

Your registration code will also saved in the REGISTER.TXT
as follows :
Your Andy Registration Code is Listed Below.
You may Delete or Move this File.

Name: Red Rackham
Key: 1251-2211-6921

THE BONG HITS

00) * BPX HEAPFREE
01) * BPX 015F:004F653A
02) BPX 015F:653C2E2E

THERE IS NOTHING HINTS SO CLEAN & CLEAR AS IT
AS HELL 'ASTAGA' YEAH.

HELL YEAH GAME is OVER

Respect the Author and do not attempt to register this
program by using your own user name, unless you pay
US$20.00 for official licensing.

DON'T BE A LAMER BY DISTRIBUTING YOUR CRACK RELEASE
BASED ON THIS TUTORIAL.

============== D I S C L A I M E R =============
THIS PAPER IS NOT INTENDED TO VIOLATE COPYRIGHTS
LAW BUT EDUCATIONAL PURPOSES ONLY. I HOLD NO RES
PONSIBILITY ( IN ANY SHAPE WHATSOEVER ) OF THE
MIS-USE OF THIS MATERIAL. NO PARTS OF THIS PAPER
IS SOLD/RENT FOR COMMERCIAL NOR PERSONAL BENEFIT.

ASTAGA [CIA/TTM] tute-andy217.zip
[E0F] 8/30/01 12:30 AM
Tute Layout FREE VERSION C

來一篇VB的破解教程，看看作者的斷點下到了什麼地方，得好好消化消化了，嘿嘿，喜歡VB的和痛恨VB的都來看看... (9千字)

相關文章