<<Anti-Hack>> 2.0註冊演算法分析
<<Anti-Hack>> 2.0註冊演算法分析
作者:lordor[BCG]
Mail:lordor@sina.com
目的:屬技術交流,無其它目的,請不要任意散佈或用用商業用途。初學破解,如有不對的地方歡迎批評指出。
工具:softice,w32Dasm,ollydbg
試煉碼:
使用者名稱:lordor[BCG]
註冊碼:9876543210
查詢出錯資訊。
* Reference To: MSVBVM60.__vbaVarTstEq,
Ord:0000h
|
:0042B243 FF15D0104000 Call dword
ptr [004010D0]
:0042B249 6685C0 test
ax, ax
:0042B24C 0F848D000000 je 0042B2DF
:0042B252 EB06
jmp 0042B25A ====>
* Referenced by a (U)nconditional or
(C)onditional Jump at Address:
|:0042B17D(C)
|
* Reference To: MSVBVM60.__vbaFreeVarList,
Ord:0000h
|
:0042B254 8B3D30104000 mov edi, dword
ptr [00401030]
* Referenced by a (U)nconditional or
(C)onditional Jump at Address:
|:0042B252(U)
|
:0042B25A B904000280 mov ecx,
80020004
:0042B25F B80A000000 mov eax,
0000000A
:0042B264 894D88 mov
dword ptr [ebp-78], ecx
:0042B267 894D98 mov
dword ptr [ebp-68], ecx
:0042B26A BE08000000 mov esi,
00000008
:0042B26F 8D9560FFFFFF lea edx, dword
ptr [ebp+FFFFFF60]
:0042B275 8D4DA0 lea
ecx, dword ptr [ebp-60]
:0042B278 894580 mov
dword ptr [ebp-80], eax
:0042B27B 894590 mov
dword ptr [ebp-70], eax
* Possible StringData Ref from Code Obj
->"error"
|
:0042B27E C78568FFFFFF48CE4000 mov dword ptr [ebp+FFFFFF68],
0040CE48
:0042B288 89B560FFFFFF mov dword
ptr [ebp+FFFFFF60], esi
:0042B28E FFD3
call ebx
:0042B290 8D9570FFFFFF lea edx, dword
ptr [ebp+FFFFFF70]
:0042B296 8D4DB0 lea
ecx, dword ptr [ebp-50]
* Possible StringData Ref from Code Obj
->"Invalid serial number. Try Again"
|
在od中查詢出錯資訊
0042AE09 . 50 PUSH EAX
0042AE0A . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
0042AE10 . 8BF8 MOV EDI,EAX
0042AE12 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
0042AE15 . 52 PUSH EDX
0042AE16 . 57 PUSH EDI
0042AE17 . 8B0F MOV ECX,DWORD
PTR DS:[EDI]
0042AE19 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
; 取使用者名稱
0042AE1F . 3BC3 CMP EAX,EBX
0042AE21 . DBE2 FCLEX
0042AE23 . 7D 12 JGE SHORT Anti-Hac.0042AE37
0042AE25 . 68 A0000000 PUSH 0A0
0042AE2A . 68 38CF4000 PUSH Anti-Hac.0040CF38
0042AE2F . 57 PUSH EDI
0042AE30 . 50 PUSH EAX
0042AE31 . FF15 68104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;
MSVBVM60.__vbaHresultCheckObj
0042AE37 > 8B45 C4 MOV EAX,DWORD PTR
SS:[EBP-3C] ; 使用者名稱入eax
0042AE3A . 50 PUSH EAX
0042AE3B . 68 E0CD4000 PUSH Anti-Hac.0040CDE0
0042AE40 . FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;
MSVBVM60.__vbaStrCmp
0042AE46 . 8BF8 MOV EDI,EAX
0042AE48 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0042AE4B . F7DF NEG EDI
0042AE4D . 1BFF SBB EDI,EDI
0042AE4F . 47 INC EDI
0042AE50 . F7DF NEG EDI
0042AE52 . FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;
MSVBVM60.__vbaFreeStr
0042AE58 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042AE5B . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;
MSVBVM60.__vbaFreeObj
0042AE61 . 66:3BFB CMP DI,BX
0042AE64 . 0F84 8C000000 JE Anti-Hac.0042AEF6
; 此為判斷使用者名稱是否為空
0042AE6A . 8B1D 9C114000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVa>;
MSVBVM60.__vbaVarDup
0042AE70 . B9 04000280 MOV ECX,80020004
0042AE75 . 894D 88 MOV DWORD PTR SS:[EBP-78],ECX
0042AE78 . B8 0A000000 MOV EAX,0A
0042AE7D . 894D 98 MOV DWORD PTR SS:[EBP-68],ECX
0042AE80 . BF 08000000 MOV EDI,8
0042AE85 . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
0042AE8B . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042AE8E . 8945 80 MOV DWORD PTR SS:[EBP-80],EAX
0042AE91 . 8945 90 MOV DWORD PTR SS:[EBP-70],EAX
0042AE94 . C785 68FFFFFF>MOV DWORD PTR SS:[EBP-98],Anti-Hac.0040D>;
UNICODE "Error"
0042AE9E . 89BD 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EDI
0042AEA4 . FFD3 CALL EBX
; <&MSVBVM60.__vbaVarDup>
0042AEA6 . 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0042AEAC . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042AEAF . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],Anti-Hac.0040F>;
UNICODE "Please enter your name"
0042AEB9 . 89BD 70FFFFFF MOV DWORD PTR SS:[EBP-90],EDI
0042AEBF . FFD3 CALL EBX
0042AEC1 . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
0042AEC4 . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
0042AEC7 . 51 PUSH ECX
0042AEC8 . 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
0042AECB . 52 PUSH EDX
0042AECC . 50 PUSH EAX
0042AECD . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042AED0 . 6A 10 PUSH 10
0042AED2 . 51 PUSH ECX
0042AED3 . FF15 94104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>]
; MSVBVM60.rtcMsgBox
0042AED9 . 8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
0042AEDC . 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
0042AEDF . 52 PUSH EDX
0042AEE0 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042AEE3 . 50 PUSH EAX
0042AEE4 . 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
0042AEE7 . 51 PUSH ECX
0042AEE8 . 52 PUSH EDX
0042AEE9 . 6A 04 PUSH 4
0042AEEB . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>;
MSVBVM60.__vbaFreeVarList
0042AEF1 . 83C4 14 ADD ESP,14
0042AEF4 . EB 06 JMP SHORT Anti-Hac.0042AEFC
0042AEF6 > 8B1D 9C114000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVa>;
MSVBVM60.__vbaVarDup
0042AEFC > 8B06 MOV EAX,DWORD
PTR DS:[ESI]
0042AEFE . 56 PUSH ESI
0042AEFF . FF90 14030000 CALL DWORD PTR DS:[EAX+314]
0042AF05 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042AF08 . 50 PUSH EAX
0042AF09 . 51 PUSH ECX
0042AF0A . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
0042AF10 . 8BF8 MOV EDI,EAX
0042AF12 . 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
0042AF15 . 50 PUSH EAX
0042AF16 . 57 PUSH EDI
0042AF17 . 8B17 MOV EDX,DWORD
PTR DS:[EDI]
0042AF19 . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
0042AF1F . 85C0 TEST EAX,EAX
0042AF21 . DBE2 FCLEX
0042AF23 . 7D 12 JGE SHORT Anti-Hac.0042AF37
0042AF25 . 68 A0000000 PUSH 0A0
0042AF2A . 68 38CF4000 PUSH Anti-Hac.0040CF38
0042AF2F . 57 PUSH EDI
0042AF30 . 50 PUSH EAX
0042AF31 . FF15 68104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;
MSVBVM60.__vbaHresultCheckObj
0042AF37 > 8B4D C4 MOV ECX,DWORD PTR
SS:[EBP-3C] ; 使用者名稱入ecx
0042AF3A . 51 PUSH ECX
0042AF3B . 68 E0CD4000 PUSH Anti-Hac.0040CDE0
0042AF40 . FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;
MSVBVM60.__vbaStrCmp
0042AF46 . 8BF8 MOV EDI,EAX
0042AF48 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0042AF4B . F7DF NEG EDI
0042AF4D . 1BFF SBB EDI,EDI
0042AF4F . 47 INC EDI
0042AF50 . F7DF NEG EDI
0042AF52 . FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;
MSVBVM60.__vbaFreeStr
0042AF58 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042AF5B . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;
MSVBVM60.__vbaFreeObj
0042AF61 . 66:85FF TEST DI,DI
0042AF64 . 0F85 11080000 JNZ Anti-Hac.0042B77B
0042AF6A . 8B16 MOV EDX,DWORD
PTR DS:[ESI]
0042AF6C . 56 PUSH ESI
0042AF6D . FF92 10030000 CALL DWORD PTR DS:[EDX+310]
0042AF73 . 50 PUSH EAX
0042AF74 . 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
0042AF77 . 50 PUSH EAX
0042AF78 . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
0042AF7E . 8BF8 MOV EDI,EAX
0042AF80 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
0042AF83 . 52 PUSH EDX
0042AF84 . 57 PUSH EDI
0042AF85 . 8B0F MOV ECX,DWORD
PTR DS:[EDI]
0042AF87 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
0042AF8D . 85C0 TEST EAX,EAX
0042AF8F . DBE2 FCLEX
0042AF91 . 7D 12 JGE SHORT Anti-Hac.0042AFA5
0042AF93 . 68 A0000000 PUSH 0A0
0042AF98 . 68 38CF4000 PUSH Anti-Hac.0040CF38
0042AF9D . 57 PUSH EDI
0042AF9E . 50 PUSH EAX
0042AF9F . FF15 68104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;
MSVBVM60.__vbaHresultCheckObj
0042AFA5 > 8B45 C4 MOV EAX,DWORD PTR
SS:[EBP-3C] ; 註冊碼入eax
0042AFA8 . 50 PUSH EAX
0042AFA9 . 68 E0CD4000 PUSH Anti-Hac.0040CDE0
0042AFAE . FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;
MSVBVM60.__vbaStrCmp
0042AFB4 . 8BF8 MOV EDI,EAX
0042AFB6 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0042AFB9 . F7DF NEG EDI
0042AFBB . 1BFF SBB EDI,EDI
0042AFBD . 47 INC EDI
0042AFBE . F7DF NEG EDI
0042AFC0 . FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;
MSVBVM60.__vbaFreeStr
0042AFC6 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042AFC9 . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;
MSVBVM60.__vbaFreeObj
0042AFCF . 66:85FF TEST DI,DI
0042AFD2 . 0F84 84000000 JE Anti-Hac.0042B05C
; 註冊碼是否為空
0042AFD8 . B9 04000280 MOV ECX,80020004
0042AFDD . B8 0A000000 MOV EAX,0A
0042AFE2 . 894D 88 MOV DWORD PTR SS:[EBP-78],ECX
0042AFE5 . 894D 98 MOV DWORD PTR SS:[EBP-68],ECX
0042AFE8 . BF 08000000 MOV EDI,8
0042AFED . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
0042AFF3 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042AFF6 . 8945 80 MOV DWORD PTR SS:[EBP-80],EAX
0042AFF9 . 8945 90 MOV DWORD PTR SS:[EBP-70],EAX
0042AFFC . C785 68FFFFFF>MOV DWORD PTR SS:[EBP-98],Anti-Hac.0040D>;
UNICODE "Error"
0042B006 . 89BD 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EDI
0042B00C . FFD3 CALL EBX
0042B00E . 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0042B014 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042B017 . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],Anti-Hac.0040F>;
UNICODE "Please enter a serial number"
0042B021 . 89BD 70FFFFFF MOV DWORD PTR SS:[EBP-90],EDI
0042B027 . FFD3 CALL EBX
0042B029 . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
0042B02C . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
0042B02F . 51 PUSH ECX
0042B030 . 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
0042B033 . 52 PUSH EDX
0042B034 . 50 PUSH EAX
0042B035 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042B038 . 6A 10 PUSH 10
0042B03A . 51 PUSH ECX
0042B03B . FF15 94104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>]
; MSVBVM60.rtcMsgBox
0042B041 . 8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
0042B044 . 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
0042B047 . 52 PUSH EDX
0042B048 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042B04B . 50 PUSH EAX
0042B04C . 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
0042B04F . 51 PUSH ECX
0042B050 . 52 PUSH EDX
0042B051 . 6A 04 PUSH 4
0042B053 . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>;
MSVBVM60.__vbaFreeVarList
0042B059 . 83C4 14 ADD ESP,14
0042B05C > 8B06 MOV EAX,DWORD
PTR DS:[ESI]
0042B05E . 56 PUSH ESI
0042B05F . FF90 10030000 CALL DWORD PTR DS:[EAX+310]
0042B065 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042B068 . 50 PUSH EAX
0042B069 . 51 PUSH ECX
0042B06A . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
0042B070 . 8BF8 MOV EDI,EAX
0042B072 . 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
0042B075 . 50 PUSH EAX
0042B076 . 57 PUSH EDI
0042B077 . 8B17 MOV EDX,DWORD
PTR DS:[EDI]
0042B079 . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
0042B07F . 85C0 TEST EAX,EAX
0042B081 . DBE2 FCLEX
0042B083 . 7D 12 JGE SHORT Anti-Hac.0042B097
0042B085 . 68 A0000000 PUSH 0A0
0042B08A . 68 38CF4000 PUSH Anti-Hac.0040CF38
0042B08F . 57 PUSH EDI
0042B090 . 50 PUSH EAX
0042B091 . FF15 68104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;
MSVBVM60.__vbaHresultCheckObj
0042B097 > 8B4D C4 MOV ECX,DWORD PTR
SS:[EBP-3C] ; 註冊碼入ecx
0042B09A . 51 PUSH ECX
0042B09B . 68 E0CD4000 PUSH Anti-Hac.0040CDE0
0042B0A0 . FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;
MSVBVM60.__vbaStrCmp
0042B0A6 . 8BF8 MOV EDI,EAX
0042B0A8 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0042B0AB . F7DF NEG EDI
0042B0AD . 1BFF SBB EDI,EDI
0042B0AF . 47 INC EDI
0042B0B0 . F7DF NEG EDI
0042B0B2 . FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;
MSVBVM60.__vbaFreeStr
0042B0B8 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042B0BB . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;
MSVBVM60.__vbaFreeObj
0042B0C1 . 66:85FF TEST DI,DI
0042B0C4 . 0F85 B1060000 JNZ Anti-Hac.0042B77B
0042B0CA . 8B16 MOV EDX,DWORD
PTR DS:[ESI]
0042B0CC . 56 PUSH ESI
0042B0CD . FF92 10030000 CALL DWORD PTR DS:[EDX+310]
0042B0D3 . 50 PUSH EAX
0042B0D4 . 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
0042B0D7 . 50 PUSH EAX
0042B0D8 . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
0042B0DE . 8BF8 MOV EDI,EAX
0042B0E0 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
0042B0E3 . 52 PUSH EDX
0042B0E4 . 57 PUSH EDI
0042B0E5 . 8B0F MOV ECX,DWORD
PTR DS:[EDI]
0042B0E7 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
0042B0ED . 85C0 TEST EAX,EAX
0042B0EF . DBE2 FCLEX
0042B0F1 . 7D 12 JGE SHORT Anti-Hac.0042B105
0042B0F3 . 68 A0000000 PUSH 0A0
0042B0F8 . 68 38CF4000 PUSH Anti-Hac.0040CF38
0042B0FD . 57 PUSH EDI
0042B0FE . 50 PUSH EAX
0042B0FF . FF15 68104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;
MSVBVM60.__vbaHresultCheckObj
0042B105 > 8B45 C4 MOV EAX,DWORD PTR
SS:[EBP-3C] ; 註冊碼入eax
0042B108 . 50 PUSH EAX
0042B109 . FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>;
MSVBVM60.__vbaLenBstr
0042B10F . 33C9 XOR ECX,ECX
; 取註冊碼長度
0042B111 . 83F8 0A CMP EAX,0A
; 是否為大於10位
0042B114 . 0F9CC1 SETL CL
0042B117 . F7D9 NEG ECX
0042B119 . 8BF9 MOV EDI,ECX
0042B11B . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0042B11E . FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;
MSVBVM60.__vbaFreeStr
0042B124 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042B127 . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;
MSVBVM60.__vbaFreeObj
0042B12D . 66:85FF TEST DI,DI
0042B130 . 74 23 JE SHORT Anti-Hac.0042B155
0042B132 . 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0042B138 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0042B13B . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],-1
0042B145 . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],0B
0042B14F . FF15 18104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMo>;
MSVBVM60.__vbaVarMove
0042B155 > 8D55 DC LEA EDX,DWORD PTR
SS:[EBP-24]
0042B158 . 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90]
0042B15E . 52 PUSH EDX
0042B15F . 50 PUSH EAX
0042B160 . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],-1
0042B16A . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],800B
0042B174 . FF15 D0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>;
MSVBVM60.__vbaVarTstEq
0042B17A . 66:85C0 TEST AX,AX
0042B17D . 0F85 D1000000 JNZ Anti-Hac.0042B254
; 註冊碼不為10位就跳往出錯
0042B183 . 8B0E MOV ECX,DWORD
PTR DS:[ESI]
0042B185 . 56 PUSH ESI
0042B186 . FF91 10030000 CALL DWORD PTR DS:[ECX+310]
0042B18C . 8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40]
0042B18F . 50 PUSH EAX
0042B190 . 52 PUSH EDX
0042B191 . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
0042B197 . 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40]
0042B19A . 6A 0A PUSH 0A
0042B19C . 8945 B8 MOV DWORD PTR SS:[EBP-48],EAX
0042B19F . 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
0042B1A2 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042B1A5 . 50 PUSH EAX
0042B1A6 . 51 PUSH ECX
0042B1A7 . C745 C0 00000>MOV DWORD PTR SS:[EBP-40],0
0042B1AE . C745 B0 09000>MOV DWORD PTR SS:[EBP-50],9
0042B1B5 . FF15 B0114000 CALL DWORD PTR DS:[<&MSVBVM60.#617>]
; MSVBVM60.rtcLeftCharVar
0042B1BB . 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
; 從註冊碼中左邊開始取10位
0042B1BE . 52 PUSH EDX
0042B1BF . FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>;
MSVBVM60.__vbaStrVarMove
0042B1C5 . 8BD0 MOV EDX,EAX
0042B1C7 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
0042B1CA . FF15 B8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>;
MSVBVM60.__vbaStrMove
0042B1D0 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042B1D3 . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;
MSVBVM60.__vbaFreeObj
0042B1D9 . 8B3D 30104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaFr>;
MSVBVM60.__vbaFreeVarList
0042B1DF . 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
0042B1E2 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042B1E5 . 50 PUSH EAX
0042B1E6 . 51 PUSH ECX
0042B1E7 . 6A 02 PUSH 2
0042B1E9 . FFD7 CALL EDI
; <&MSVBVM60.__vbaFreeVarList>
0042B1EB . 8B55 C8 MOV EDX,DWORD PTR SS:[EBP-38]
; 取得的十位註冊碼入edx
0042B1EE . 83C4 0C ADD ESP,0C
0042B1F1 . 52 PUSH EDX
0042B1F2 . 68 F4F54000 PUSH Anti-Hac.0040F5F4
; UNICODE "s81d-9adf-"
0042B1F7 . FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;
MSVBVM60.__vbaStrCmp
0042B1FD . 85C0 TEST EAX,EAX
; 比較與s81d-9adf-是否相等
0042B1FF . 75 23 JNZ SHORT Anti-Hac.0042B224
; 不等則跳
0042B201 . 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0042B207 . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
0042B20A . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],-1
0042B214 . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],0B
0042B21E . FF15 18104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMo>;
MSVBVM60.__vbaVarMove
0042B224 > 8D45 CC LEA EAX,DWORD PTR
SS:[EBP-34]
0042B227 . 8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90]
0042B22D . 50 PUSH EAX
0042B22E . 51 PUSH ECX
0042B22F . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],0
0042B239 . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],800B
0042B243 . FF15 D0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>;
MSVBVM60.__vbaVarTstEq
0042B249 . 66:85C0 TEST AX,AX
0042B24C . 0F84 8D000000 JE Anti-Hac.0042B2DF
0042B252 . EB 06 JMP SHORT Anti-Hac.0042B25A
0042B254 > 8B3D 30104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaFr>;
MSVBVM60.__vbaFreeVarList
0042B25A > B9 04000280 MOV ECX,80020004
0042B25F . B8 0A000000 MOV EAX,0A
0042B264 . 894D 88 MOV DWORD PTR SS:[EBP-78],ECX
0042B267 . 894D 98 MOV DWORD PTR SS:[EBP-68],ECX
0042B26A . BE 08000000 MOV ESI,8
0042B26F . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
0042B275 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042B278 . 8945 80 MOV DWORD PTR SS:[EBP-80],EAX
0042B27B . 8945 90 MOV DWORD PTR SS:[EBP-70],EAX
0042B27E . C785 68FFFFFF>MOV DWORD PTR SS:[EBP-98],Anti-Hac.0040C>;
UNICODE "error"
0042B288 . 89B5 60FFFFFF MOV DWORD PTR SS:[EBP-A0],ESI
0042B28E . FFD3 CALL EBX
0042B290 . 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0042B296 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042B299 . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],Anti-Hac.0040F>;
UNICODE "Invalid serial number. Try Again"
0042B2A3 . 89B5 70FFFFFF MOV DWORD PTR SS:[EBP-90],ESI
0042B2A9 . FFD3 CALL EBX
0042B2AB . 8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
0042B2AE . 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
0042B2B1 . 52 PUSH EDX
0042B2B2 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042B2B5 . 50 PUSH EAX
0042B2B6 . 51 PUSH ECX
0042B2B7 . 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
0042B2BA . 6A 10 PUSH 10
0042B2BC . 52 PUSH EDX
0042B2BD . FF15 94104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>]
; MSVBVM60.rtcMsgBox
0042B2C3 . 8D45 80 LEA EAX,DWORD PTR SS:[EBP-80]
0042B2C6 . 8D4D 90 LEA ECX,DWORD PTR SS:[EBP-70]
0042B2C9 . 50 PUSH EAX
0042B2CA . 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
0042B2CD . 51 PUSH ECX
0042B2CE . 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
0042B2D1 . 52 PUSH EDX
0042B2D2 . 50 PUSH EAX
0042B2D3 . 6A 04 PUSH 4
0042B2D5 . FFD7 CALL EDI
0042B2D7 . 83C4 14 ADD ESP,14
0042B2DA . E9 9C040000 JMP Anti-Hac.0042B77B
0042B2DF > B9 0A000000 MOV ECX,0A
0042B2E4 . B8 04000280 MOV EAX,80020004
0042B2E9 . 894D 80 MOV DWORD PTR SS:[EBP-80],ECX
0042B2EC . 894D 90 MOV DWORD PTR SS:[EBP-70],ECX
0042B2EF . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
0042B2F5 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042B2F8 . 8945 88 MOV DWORD PTR SS:[EBP-78],EAX
0042B2FB . 8945 98 MOV DWORD PTR SS:[EBP-68],EAX
0042B2FE . C785 68FFFFFF>MOV DWORD PTR SS:[EBP-98],Anti-Hac.0040F>;
UNICODE "Registerd"
0042B308 . C785 60FFFFFF>MOV DWORD PTR SS:[EBP-A0],8
0042B312 . FFD3 CALL EBX
0042B314 . 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0042B31A . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042B31D . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],Anti-Hac.0040F>;
UNICODE "Thank you for registering Anti-Hack!"
0042B327 . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],8
0042B331 . FFD3 CALL EBX
0042B333 . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
0042B336 . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
0042B339 . 51 PUSH ECX
0042B33A . 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
0042B33D . 52 PUSH EDX
0042B33E . 50 PUSH EAX
0042B33F . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042B342 . 6A 40 PUSH 40
0042B344 . 51 PUSH ECX
0042B345 . FF15 94104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>]
; MSVBVM60.rtcMsgBox
0042B34B . 8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
0042B34E . 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
0042B351 . 52 PUSH EDX
0042B352 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042B355 . 50 PUSH EAX
0042B356 . 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
0042B359 . 51 PUSH ECX
0042B35A . 52 PUSH EDX
0042B35B . 6A 04 PUSH 4
0042B35D . FFD7 CALL EDI
0042B35F . 8B1D 08104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.#690>]
; MSVBVM60.rtcSaveSetting
0042B365 . 83C4 14 ADD ESP,14
0042B368 . 68 DCD14000 PUSH Anti-Hac.0040D1DC
; UNICODE "(2k)-(2000)-Carbosoft
:)"
0042B36D . 68 C0D14000 PUSH Anti-Hac.0040D1C0
; UNICODE "Registered?"
0042B372 . 68 A8D14000 PUSH Anti-Hac.0040D1A8
; UNICODE "Register"
0042B377 . 68 90D14000 PUSH Anti-Hac.0040D190
; UNICODE "Anti-Hack"
0042B37C . FFD3 CALL EBX
; <&MSVBVM60.#690>
0042B37E . 8B06 MOV EAX,DWORD
PTR DS:[ESI]
0042B380 . 56 PUSH ESI
0042B381 . FF90 14030000 CALL DWORD PTR DS:[EAX+314]
0042B387 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042B38A . 50 PUSH EAX
0042B38B . 51 PUSH ECX
0042B38C . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
----------------------------------------
註冊碼左邊必須是s81d-9adf-,後面是任意
總結:
使用者名稱:lordor[BCG]
註冊碼:s81d-9adf-987654321
註冊資訊儲存在:
[HKEY_USERS\S-1-5-21-1275210071-764733703-842925246-1003\Software\VB and VBA
Program Settings\Anti-Hack\Register]
"loaded"="1"
"Registered?"="(2k)-(2000)-Carbosoft :)"
"Owner"="lordor[BCG]"
"SerialNumber"="s81d-9adf-987654321"
cracked by lordor[BCG]
03.06.05
相關文章
- ShadowDefender 註冊碼 分析2024-08-17
- Vue2.0原始碼學習(6) - 元件註冊2022-02-22Vue原始碼元件
- EmEditor 24.4.1 離線註冊分析2024-11-09
- 雲伺服器IIS 註冊 ASP.NET 2.0/4.02021-03-15伺服器ASP.NET
- Dubbo 中 Zookeeper 註冊中心原理分析2023-02-02
- 需求分析案例 - “自動註冊”功能2020-11-02
- nacos註冊中心原始碼流程分析2020-12-23原始碼
- AllenExplorer v6.8 離線註冊分析2024-12-07
- containerd 原始碼分析:啟動註冊流程2024-05-21AI原始碼
- Netty原始碼分析--Channel註冊(中)(六)2019-07-02Netty原始碼
- Netty原始碼分析--Channel註冊(上)(五)2019-07-02Netty原始碼
- @angular/router 原始碼分析之註冊路由2018-07-10Angular原始碼路由
- Nacos 服務註冊與發現原理分析2022-12-08
- 【Java】NIO中Channel的註冊原始碼分析2019-05-17Java原始碼
- Nacos(一)原始碼分析Nacos註冊示例流程2020-12-26原始碼
- 動態註冊和靜態註冊2018-05-21
- springboot註冊2024-03-09Spring Boot
- oracle的靜態註冊和動態註冊2024-11-11Oracle
- Dubbo系列之 (二)Registry註冊中心-註冊(1)2020-08-09
- Dubbo系列之 (二)Registry註冊中心-註冊(2)2020-08-13
- 註冊中心 Eureka 原始碼解析 —— 應用例項註冊發現(一)之註冊2019-03-03原始碼
- 原始碼分析 SpringCloud 2020.0.4 版本 EurekaClient 的註冊過程2021-12-29原始碼SpringGCCloudclient
- Netty原始碼分析--Channel註冊&繫結埠(下)(七)2019-07-04Netty原始碼
- 小程式生命週期分析與註冊流程回撥2019-03-04
- spring-IOC容器原始碼分析(二)BeanDefinition註冊流程2018-11-19Spring原始碼Bean
- 【SpringBoot】服務對註冊中心的註冊時機2024-05-25Spring Boot
- Laravel-admin 原始碼分析系列 1——註冊服務與安裝分析2019-08-03Laravel原始碼
- 註冊中心-consul2024-03-19
- Eureka註冊中心2024-03-20
- 註冊中心consul2022-11-11
- IJCNN註冊流程2020-05-11CNN
- PhpStorm註冊碼2020-04-07PHPORM
- PHP註冊功能2021-09-09PHP
- Spring元件註冊2021-02-15Spring元件
- VMware註冊碼2018-10-18
- winform註冊功能2019-01-08ORM
- ChatGPT最詳細註冊教程+不註冊直接使用教程2023-02-09ChatGPT
- 金寶廳代理註冊-V加:18288129714線上註冊2021-04-18
- Nacos(二)原始碼分析Nacos服務端註冊示例流程2021-01-18原始碼服務端