<<Anti-Hack>> 2.0註冊演算法分析
<<Anti-Hack>> 2.0註冊演算法分析
作者:lordor[BCG]
Mail:lordor@sina.com
目的:屬技術交流,無其它目的,請不要任意散佈或用用商業用途。初學破解,如有不對的地方歡迎批評指出。
工具:softice,w32Dasm,ollydbg
試煉碼:
使用者名稱:lordor[BCG]
註冊碼:9876543210
查詢出錯資訊。
* Reference To: MSVBVM60.__vbaVarTstEq,
Ord:0000h
|
:0042B243 FF15D0104000 Call dword
ptr [004010D0]
:0042B249 6685C0 test
ax, ax
:0042B24C 0F848D000000 je 0042B2DF
:0042B252 EB06
jmp 0042B25A ====>
* Referenced by a (U)nconditional or
(C)onditional Jump at Address:
|:0042B17D(C)
|
* Reference To: MSVBVM60.__vbaFreeVarList,
Ord:0000h
|
:0042B254 8B3D30104000 mov edi, dword
ptr [00401030]
* Referenced by a (U)nconditional or
(C)onditional Jump at Address:
|:0042B252(U)
|
:0042B25A B904000280 mov ecx,
80020004
:0042B25F B80A000000 mov eax,
0000000A
:0042B264 894D88 mov
dword ptr [ebp-78], ecx
:0042B267 894D98 mov
dword ptr [ebp-68], ecx
:0042B26A BE08000000 mov esi,
00000008
:0042B26F 8D9560FFFFFF lea edx, dword
ptr [ebp+FFFFFF60]
:0042B275 8D4DA0 lea
ecx, dword ptr [ebp-60]
:0042B278 894580 mov
dword ptr [ebp-80], eax
:0042B27B 894590 mov
dword ptr [ebp-70], eax
* Possible StringData Ref from Code Obj
->"error"
|
:0042B27E C78568FFFFFF48CE4000 mov dword ptr [ebp+FFFFFF68],
0040CE48
:0042B288 89B560FFFFFF mov dword
ptr [ebp+FFFFFF60], esi
:0042B28E FFD3
call ebx
:0042B290 8D9570FFFFFF lea edx, dword
ptr [ebp+FFFFFF70]
:0042B296 8D4DB0 lea
ecx, dword ptr [ebp-50]
* Possible StringData Ref from Code Obj
->"Invalid serial number. Try Again"
|
在od中查詢出錯資訊
0042AE09 . 50 PUSH EAX
0042AE0A . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
0042AE10 . 8BF8 MOV EDI,EAX
0042AE12 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
0042AE15 . 52 PUSH EDX
0042AE16 . 57 PUSH EDI
0042AE17 . 8B0F MOV ECX,DWORD
PTR DS:[EDI]
0042AE19 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
; 取使用者名稱
0042AE1F . 3BC3 CMP EAX,EBX
0042AE21 . DBE2 FCLEX
0042AE23 . 7D 12 JGE SHORT Anti-Hac.0042AE37
0042AE25 . 68 A0000000 PUSH 0A0
0042AE2A . 68 38CF4000 PUSH Anti-Hac.0040CF38
0042AE2F . 57 PUSH EDI
0042AE30 . 50 PUSH EAX
0042AE31 . FF15 68104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;
MSVBVM60.__vbaHresultCheckObj
0042AE37 > 8B45 C4 MOV EAX,DWORD PTR
SS:[EBP-3C] ; 使用者名稱入eax
0042AE3A . 50 PUSH EAX
0042AE3B . 68 E0CD4000 PUSH Anti-Hac.0040CDE0
0042AE40 . FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;
MSVBVM60.__vbaStrCmp
0042AE46 . 8BF8 MOV EDI,EAX
0042AE48 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0042AE4B . F7DF NEG EDI
0042AE4D . 1BFF SBB EDI,EDI
0042AE4F . 47 INC EDI
0042AE50 . F7DF NEG EDI
0042AE52 . FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;
MSVBVM60.__vbaFreeStr
0042AE58 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042AE5B . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;
MSVBVM60.__vbaFreeObj
0042AE61 . 66:3BFB CMP DI,BX
0042AE64 . 0F84 8C000000 JE Anti-Hac.0042AEF6
; 此為判斷使用者名稱是否為空
0042AE6A . 8B1D 9C114000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVa>;
MSVBVM60.__vbaVarDup
0042AE70 . B9 04000280 MOV ECX,80020004
0042AE75 . 894D 88 MOV DWORD PTR SS:[EBP-78],ECX
0042AE78 . B8 0A000000 MOV EAX,0A
0042AE7D . 894D 98 MOV DWORD PTR SS:[EBP-68],ECX
0042AE80 . BF 08000000 MOV EDI,8
0042AE85 . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
0042AE8B . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042AE8E . 8945 80 MOV DWORD PTR SS:[EBP-80],EAX
0042AE91 . 8945 90 MOV DWORD PTR SS:[EBP-70],EAX
0042AE94 . C785 68FFFFFF>MOV DWORD PTR SS:[EBP-98],Anti-Hac.0040D>;
UNICODE "Error"
0042AE9E . 89BD 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EDI
0042AEA4 . FFD3 CALL EBX
; <&MSVBVM60.__vbaVarDup>
0042AEA6 . 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0042AEAC . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042AEAF . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],Anti-Hac.0040F>;
UNICODE "Please enter your name"
0042AEB9 . 89BD 70FFFFFF MOV DWORD PTR SS:[EBP-90],EDI
0042AEBF . FFD3 CALL EBX
0042AEC1 . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
0042AEC4 . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
0042AEC7 . 51 PUSH ECX
0042AEC8 . 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
0042AECB . 52 PUSH EDX
0042AECC . 50 PUSH EAX
0042AECD . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042AED0 . 6A 10 PUSH 10
0042AED2 . 51 PUSH ECX
0042AED3 . FF15 94104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>]
; MSVBVM60.rtcMsgBox
0042AED9 . 8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
0042AEDC . 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
0042AEDF . 52 PUSH EDX
0042AEE0 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042AEE3 . 50 PUSH EAX
0042AEE4 . 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
0042AEE7 . 51 PUSH ECX
0042AEE8 . 52 PUSH EDX
0042AEE9 . 6A 04 PUSH 4
0042AEEB . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>;
MSVBVM60.__vbaFreeVarList
0042AEF1 . 83C4 14 ADD ESP,14
0042AEF4 . EB 06 JMP SHORT Anti-Hac.0042AEFC
0042AEF6 > 8B1D 9C114000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVa>;
MSVBVM60.__vbaVarDup
0042AEFC > 8B06 MOV EAX,DWORD
PTR DS:[ESI]
0042AEFE . 56 PUSH ESI
0042AEFF . FF90 14030000 CALL DWORD PTR DS:[EAX+314]
0042AF05 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042AF08 . 50 PUSH EAX
0042AF09 . 51 PUSH ECX
0042AF0A . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
0042AF10 . 8BF8 MOV EDI,EAX
0042AF12 . 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
0042AF15 . 50 PUSH EAX
0042AF16 . 57 PUSH EDI
0042AF17 . 8B17 MOV EDX,DWORD
PTR DS:[EDI]
0042AF19 . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
0042AF1F . 85C0 TEST EAX,EAX
0042AF21 . DBE2 FCLEX
0042AF23 . 7D 12 JGE SHORT Anti-Hac.0042AF37
0042AF25 . 68 A0000000 PUSH 0A0
0042AF2A . 68 38CF4000 PUSH Anti-Hac.0040CF38
0042AF2F . 57 PUSH EDI
0042AF30 . 50 PUSH EAX
0042AF31 . FF15 68104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;
MSVBVM60.__vbaHresultCheckObj
0042AF37 > 8B4D C4 MOV ECX,DWORD PTR
SS:[EBP-3C] ; 使用者名稱入ecx
0042AF3A . 51 PUSH ECX
0042AF3B . 68 E0CD4000 PUSH Anti-Hac.0040CDE0
0042AF40 . FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;
MSVBVM60.__vbaStrCmp
0042AF46 . 8BF8 MOV EDI,EAX
0042AF48 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0042AF4B . F7DF NEG EDI
0042AF4D . 1BFF SBB EDI,EDI
0042AF4F . 47 INC EDI
0042AF50 . F7DF NEG EDI
0042AF52 . FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;
MSVBVM60.__vbaFreeStr
0042AF58 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042AF5B . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;
MSVBVM60.__vbaFreeObj
0042AF61 . 66:85FF TEST DI,DI
0042AF64 . 0F85 11080000 JNZ Anti-Hac.0042B77B
0042AF6A . 8B16 MOV EDX,DWORD
PTR DS:[ESI]
0042AF6C . 56 PUSH ESI
0042AF6D . FF92 10030000 CALL DWORD PTR DS:[EDX+310]
0042AF73 . 50 PUSH EAX
0042AF74 . 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
0042AF77 . 50 PUSH EAX
0042AF78 . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
0042AF7E . 8BF8 MOV EDI,EAX
0042AF80 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
0042AF83 . 52 PUSH EDX
0042AF84 . 57 PUSH EDI
0042AF85 . 8B0F MOV ECX,DWORD
PTR DS:[EDI]
0042AF87 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
0042AF8D . 85C0 TEST EAX,EAX
0042AF8F . DBE2 FCLEX
0042AF91 . 7D 12 JGE SHORT Anti-Hac.0042AFA5
0042AF93 . 68 A0000000 PUSH 0A0
0042AF98 . 68 38CF4000 PUSH Anti-Hac.0040CF38
0042AF9D . 57 PUSH EDI
0042AF9E . 50 PUSH EAX
0042AF9F . FF15 68104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;
MSVBVM60.__vbaHresultCheckObj
0042AFA5 > 8B45 C4 MOV EAX,DWORD PTR
SS:[EBP-3C] ; 註冊碼入eax
0042AFA8 . 50 PUSH EAX
0042AFA9 . 68 E0CD4000 PUSH Anti-Hac.0040CDE0
0042AFAE . FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;
MSVBVM60.__vbaStrCmp
0042AFB4 . 8BF8 MOV EDI,EAX
0042AFB6 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0042AFB9 . F7DF NEG EDI
0042AFBB . 1BFF SBB EDI,EDI
0042AFBD . 47 INC EDI
0042AFBE . F7DF NEG EDI
0042AFC0 . FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;
MSVBVM60.__vbaFreeStr
0042AFC6 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042AFC9 . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;
MSVBVM60.__vbaFreeObj
0042AFCF . 66:85FF TEST DI,DI
0042AFD2 . 0F84 84000000 JE Anti-Hac.0042B05C
; 註冊碼是否為空
0042AFD8 . B9 04000280 MOV ECX,80020004
0042AFDD . B8 0A000000 MOV EAX,0A
0042AFE2 . 894D 88 MOV DWORD PTR SS:[EBP-78],ECX
0042AFE5 . 894D 98 MOV DWORD PTR SS:[EBP-68],ECX
0042AFE8 . BF 08000000 MOV EDI,8
0042AFED . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
0042AFF3 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042AFF6 . 8945 80 MOV DWORD PTR SS:[EBP-80],EAX
0042AFF9 . 8945 90 MOV DWORD PTR SS:[EBP-70],EAX
0042AFFC . C785 68FFFFFF>MOV DWORD PTR SS:[EBP-98],Anti-Hac.0040D>;
UNICODE "Error"
0042B006 . 89BD 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EDI
0042B00C . FFD3 CALL EBX
0042B00E . 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0042B014 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042B017 . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],Anti-Hac.0040F>;
UNICODE "Please enter a serial number"
0042B021 . 89BD 70FFFFFF MOV DWORD PTR SS:[EBP-90],EDI
0042B027 . FFD3 CALL EBX
0042B029 . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
0042B02C . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
0042B02F . 51 PUSH ECX
0042B030 . 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
0042B033 . 52 PUSH EDX
0042B034 . 50 PUSH EAX
0042B035 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042B038 . 6A 10 PUSH 10
0042B03A . 51 PUSH ECX
0042B03B . FF15 94104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>]
; MSVBVM60.rtcMsgBox
0042B041 . 8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
0042B044 . 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
0042B047 . 52 PUSH EDX
0042B048 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042B04B . 50 PUSH EAX
0042B04C . 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
0042B04F . 51 PUSH ECX
0042B050 . 52 PUSH EDX
0042B051 . 6A 04 PUSH 4
0042B053 . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>;
MSVBVM60.__vbaFreeVarList
0042B059 . 83C4 14 ADD ESP,14
0042B05C > 8B06 MOV EAX,DWORD
PTR DS:[ESI]
0042B05E . 56 PUSH ESI
0042B05F . FF90 10030000 CALL DWORD PTR DS:[EAX+310]
0042B065 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042B068 . 50 PUSH EAX
0042B069 . 51 PUSH ECX
0042B06A . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
0042B070 . 8BF8 MOV EDI,EAX
0042B072 . 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
0042B075 . 50 PUSH EAX
0042B076 . 57 PUSH EDI
0042B077 . 8B17 MOV EDX,DWORD
PTR DS:[EDI]
0042B079 . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
0042B07F . 85C0 TEST EAX,EAX
0042B081 . DBE2 FCLEX
0042B083 . 7D 12 JGE SHORT Anti-Hac.0042B097
0042B085 . 68 A0000000 PUSH 0A0
0042B08A . 68 38CF4000 PUSH Anti-Hac.0040CF38
0042B08F . 57 PUSH EDI
0042B090 . 50 PUSH EAX
0042B091 . FF15 68104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;
MSVBVM60.__vbaHresultCheckObj
0042B097 > 8B4D C4 MOV ECX,DWORD PTR
SS:[EBP-3C] ; 註冊碼入ecx
0042B09A . 51 PUSH ECX
0042B09B . 68 E0CD4000 PUSH Anti-Hac.0040CDE0
0042B0A0 . FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;
MSVBVM60.__vbaStrCmp
0042B0A6 . 8BF8 MOV EDI,EAX
0042B0A8 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0042B0AB . F7DF NEG EDI
0042B0AD . 1BFF SBB EDI,EDI
0042B0AF . 47 INC EDI
0042B0B0 . F7DF NEG EDI
0042B0B2 . FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;
MSVBVM60.__vbaFreeStr
0042B0B8 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042B0BB . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;
MSVBVM60.__vbaFreeObj
0042B0C1 . 66:85FF TEST DI,DI
0042B0C4 . 0F85 B1060000 JNZ Anti-Hac.0042B77B
0042B0CA . 8B16 MOV EDX,DWORD
PTR DS:[ESI]
0042B0CC . 56 PUSH ESI
0042B0CD . FF92 10030000 CALL DWORD PTR DS:[EDX+310]
0042B0D3 . 50 PUSH EAX
0042B0D4 . 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
0042B0D7 . 50 PUSH EAX
0042B0D8 . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
0042B0DE . 8BF8 MOV EDI,EAX
0042B0E0 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
0042B0E3 . 52 PUSH EDX
0042B0E4 . 57 PUSH EDI
0042B0E5 . 8B0F MOV ECX,DWORD
PTR DS:[EDI]
0042B0E7 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
0042B0ED . 85C0 TEST EAX,EAX
0042B0EF . DBE2 FCLEX
0042B0F1 . 7D 12 JGE SHORT Anti-Hac.0042B105
0042B0F3 . 68 A0000000 PUSH 0A0
0042B0F8 . 68 38CF4000 PUSH Anti-Hac.0040CF38
0042B0FD . 57 PUSH EDI
0042B0FE . 50 PUSH EAX
0042B0FF . FF15 68104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;
MSVBVM60.__vbaHresultCheckObj
0042B105 > 8B45 C4 MOV EAX,DWORD PTR
SS:[EBP-3C] ; 註冊碼入eax
0042B108 . 50 PUSH EAX
0042B109 . FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>;
MSVBVM60.__vbaLenBstr
0042B10F . 33C9 XOR ECX,ECX
; 取註冊碼長度
0042B111 . 83F8 0A CMP EAX,0A
; 是否為大於10位
0042B114 . 0F9CC1 SETL CL
0042B117 . F7D9 NEG ECX
0042B119 . 8BF9 MOV EDI,ECX
0042B11B . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0042B11E . FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;
MSVBVM60.__vbaFreeStr
0042B124 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042B127 . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;
MSVBVM60.__vbaFreeObj
0042B12D . 66:85FF TEST DI,DI
0042B130 . 74 23 JE SHORT Anti-Hac.0042B155
0042B132 . 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0042B138 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0042B13B . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],-1
0042B145 . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],0B
0042B14F . FF15 18104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMo>;
MSVBVM60.__vbaVarMove
0042B155 > 8D55 DC LEA EDX,DWORD PTR
SS:[EBP-24]
0042B158 . 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90]
0042B15E . 52 PUSH EDX
0042B15F . 50 PUSH EAX
0042B160 . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],-1
0042B16A . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],800B
0042B174 . FF15 D0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>;
MSVBVM60.__vbaVarTstEq
0042B17A . 66:85C0 TEST AX,AX
0042B17D . 0F85 D1000000 JNZ Anti-Hac.0042B254
; 註冊碼不為10位就跳往出錯
0042B183 . 8B0E MOV ECX,DWORD
PTR DS:[ESI]
0042B185 . 56 PUSH ESI
0042B186 . FF91 10030000 CALL DWORD PTR DS:[ECX+310]
0042B18C . 8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40]
0042B18F . 50 PUSH EAX
0042B190 . 52 PUSH EDX
0042B191 . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
0042B197 . 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40]
0042B19A . 6A 0A PUSH 0A
0042B19C . 8945 B8 MOV DWORD PTR SS:[EBP-48],EAX
0042B19F . 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
0042B1A2 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042B1A5 . 50 PUSH EAX
0042B1A6 . 51 PUSH ECX
0042B1A7 . C745 C0 00000>MOV DWORD PTR SS:[EBP-40],0
0042B1AE . C745 B0 09000>MOV DWORD PTR SS:[EBP-50],9
0042B1B5 . FF15 B0114000 CALL DWORD PTR DS:[<&MSVBVM60.#617>]
; MSVBVM60.rtcLeftCharVar
0042B1BB . 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
; 從註冊碼中左邊開始取10位
0042B1BE . 52 PUSH EDX
0042B1BF . FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>;
MSVBVM60.__vbaStrVarMove
0042B1C5 . 8BD0 MOV EDX,EAX
0042B1C7 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
0042B1CA . FF15 B8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>;
MSVBVM60.__vbaStrMove
0042B1D0 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042B1D3 . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;
MSVBVM60.__vbaFreeObj
0042B1D9 . 8B3D 30104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaFr>;
MSVBVM60.__vbaFreeVarList
0042B1DF . 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
0042B1E2 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042B1E5 . 50 PUSH EAX
0042B1E6 . 51 PUSH ECX
0042B1E7 . 6A 02 PUSH 2
0042B1E9 . FFD7 CALL EDI
; <&MSVBVM60.__vbaFreeVarList>
0042B1EB . 8B55 C8 MOV EDX,DWORD PTR SS:[EBP-38]
; 取得的十位註冊碼入edx
0042B1EE . 83C4 0C ADD ESP,0C
0042B1F1 . 52 PUSH EDX
0042B1F2 . 68 F4F54000 PUSH Anti-Hac.0040F5F4
; UNICODE "s81d-9adf-"
0042B1F7 . FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;
MSVBVM60.__vbaStrCmp
0042B1FD . 85C0 TEST EAX,EAX
; 比較與s81d-9adf-是否相等
0042B1FF . 75 23 JNZ SHORT Anti-Hac.0042B224
; 不等則跳
0042B201 . 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0042B207 . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
0042B20A . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],-1
0042B214 . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],0B
0042B21E . FF15 18104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMo>;
MSVBVM60.__vbaVarMove
0042B224 > 8D45 CC LEA EAX,DWORD PTR
SS:[EBP-34]
0042B227 . 8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90]
0042B22D . 50 PUSH EAX
0042B22E . 51 PUSH ECX
0042B22F . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],0
0042B239 . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],800B
0042B243 . FF15 D0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>;
MSVBVM60.__vbaVarTstEq
0042B249 . 66:85C0 TEST AX,AX
0042B24C . 0F84 8D000000 JE Anti-Hac.0042B2DF
0042B252 . EB 06 JMP SHORT Anti-Hac.0042B25A
0042B254 > 8B3D 30104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaFr>;
MSVBVM60.__vbaFreeVarList
0042B25A > B9 04000280 MOV ECX,80020004
0042B25F . B8 0A000000 MOV EAX,0A
0042B264 . 894D 88 MOV DWORD PTR SS:[EBP-78],ECX
0042B267 . 894D 98 MOV DWORD PTR SS:[EBP-68],ECX
0042B26A . BE 08000000 MOV ESI,8
0042B26F . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
0042B275 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042B278 . 8945 80 MOV DWORD PTR SS:[EBP-80],EAX
0042B27B . 8945 90 MOV DWORD PTR SS:[EBP-70],EAX
0042B27E . C785 68FFFFFF>MOV DWORD PTR SS:[EBP-98],Anti-Hac.0040C>;
UNICODE "error"
0042B288 . 89B5 60FFFFFF MOV DWORD PTR SS:[EBP-A0],ESI
0042B28E . FFD3 CALL EBX
0042B290 . 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0042B296 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042B299 . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],Anti-Hac.0040F>;
UNICODE "Invalid serial number. Try Again"
0042B2A3 . 89B5 70FFFFFF MOV DWORD PTR SS:[EBP-90],ESI
0042B2A9 . FFD3 CALL EBX
0042B2AB . 8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
0042B2AE . 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
0042B2B1 . 52 PUSH EDX
0042B2B2 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042B2B5 . 50 PUSH EAX
0042B2B6 . 51 PUSH ECX
0042B2B7 . 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
0042B2BA . 6A 10 PUSH 10
0042B2BC . 52 PUSH EDX
0042B2BD . FF15 94104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>]
; MSVBVM60.rtcMsgBox
0042B2C3 . 8D45 80 LEA EAX,DWORD PTR SS:[EBP-80]
0042B2C6 . 8D4D 90 LEA ECX,DWORD PTR SS:[EBP-70]
0042B2C9 . 50 PUSH EAX
0042B2CA . 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
0042B2CD . 51 PUSH ECX
0042B2CE . 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
0042B2D1 . 52 PUSH EDX
0042B2D2 . 50 PUSH EAX
0042B2D3 . 6A 04 PUSH 4
0042B2D5 . FFD7 CALL EDI
0042B2D7 . 83C4 14 ADD ESP,14
0042B2DA . E9 9C040000 JMP Anti-Hac.0042B77B
0042B2DF > B9 0A000000 MOV ECX,0A
0042B2E4 . B8 04000280 MOV EAX,80020004
0042B2E9 . 894D 80 MOV DWORD PTR SS:[EBP-80],ECX
0042B2EC . 894D 90 MOV DWORD PTR SS:[EBP-70],ECX
0042B2EF . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
0042B2F5 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042B2F8 . 8945 88 MOV DWORD PTR SS:[EBP-78],EAX
0042B2FB . 8945 98 MOV DWORD PTR SS:[EBP-68],EAX
0042B2FE . C785 68FFFFFF>MOV DWORD PTR SS:[EBP-98],Anti-Hac.0040F>;
UNICODE "Registerd"
0042B308 . C785 60FFFFFF>MOV DWORD PTR SS:[EBP-A0],8
0042B312 . FFD3 CALL EBX
0042B314 . 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0042B31A . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042B31D . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],Anti-Hac.0040F>;
UNICODE "Thank you for registering Anti-Hack!"
0042B327 . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],8
0042B331 . FFD3 CALL EBX
0042B333 . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
0042B336 . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
0042B339 . 51 PUSH ECX
0042B33A . 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
0042B33D . 52 PUSH EDX
0042B33E . 50 PUSH EAX
0042B33F . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0042B342 . 6A 40 PUSH 40
0042B344 . 51 PUSH ECX
0042B345 . FF15 94104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>]
; MSVBVM60.rtcMsgBox
0042B34B . 8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
0042B34E . 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
0042B351 . 52 PUSH EDX
0042B352 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0042B355 . 50 PUSH EAX
0042B356 . 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
0042B359 . 51 PUSH ECX
0042B35A . 52 PUSH EDX
0042B35B . 6A 04 PUSH 4
0042B35D . FFD7 CALL EDI
0042B35F . 8B1D 08104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.#690>]
; MSVBVM60.rtcSaveSetting
0042B365 . 83C4 14 ADD ESP,14
0042B368 . 68 DCD14000 PUSH Anti-Hac.0040D1DC
; UNICODE "(2k)-(2000)-Carbosoft
:)"
0042B36D . 68 C0D14000 PUSH Anti-Hac.0040D1C0
; UNICODE "Registered?"
0042B372 . 68 A8D14000 PUSH Anti-Hac.0040D1A8
; UNICODE "Register"
0042B377 . 68 90D14000 PUSH Anti-Hac.0040D190
; UNICODE "Anti-Hack"
0042B37C . FFD3 CALL EBX
; <&MSVBVM60.#690>
0042B37E . 8B06 MOV EAX,DWORD
PTR DS:[ESI]
0042B380 . 56 PUSH ESI
0042B381 . FF90 14030000 CALL DWORD PTR DS:[EAX+314]
0042B387 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0042B38A . 50 PUSH EAX
0042B38B . 51 PUSH ECX
0042B38C . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;
MSVBVM60.__vbaObjSet
----------------------------------------
註冊碼左邊必須是s81d-9adf-,後面是任意
總結:
使用者名稱:lordor[BCG]
註冊碼:s81d-9adf-987654321
註冊資訊儲存在:
[HKEY_USERS\S-1-5-21-1275210071-764733703-842925246-1003\Software\VB and VBA
Program Settings\Anti-Hack\Register]
"loaded"="1"
"Registered?"="(2k)-(2000)-Carbosoft :)"
"Owner"="lordor[BCG]"
"SerialNumber"="s81d-9adf-987654321"
cracked by lordor[BCG]
03.06.05
相關文章
- 新狐傳真群發2.0註冊演算法分析2003-06-29演算法
- supercleaner註冊演算法分析2015-11-15演算法
- SpeedFlash註冊演算法分析(VB)2015-11-15演算法
- 財智老闆通3.04註冊版---註冊演算法分析2003-03-16演算法
- Instant Source 註冊演算法分析+註冊器原始碼2015-11-15演算法原始碼
- Screen Demo Maker 3.0 註冊演算法分析2003-07-15演算法
- Personal Antispy 1.14 註冊演算法分析2015-11-15演算法
- 冰盾濾鏡註冊演算法分析2015-11-15演算法
- ChinaZip v2.0的註冊碼演算法(初學者)2000-11-30演算法
- DLL Show V4.4 註冊演算法分析2015-11-15演算法
- Disk
Chief 1.2 簡單註冊演算法分析2015-11-15演算法
- E族百變桌面6.0註冊演算法分析2015-11-15演算法
- FolderView 1.7
註冊演算法分析 (14千字)2015-11-15View演算法
- ffmpeg分析系列之一(註冊該註冊的)2010-11-04
- LanSee 註冊演算法2015-11-15演算法
- 網路精確時鐘 2.25註冊演算法分析2003-07-30演算法
- 重新貼過註冊演算法分析 (16千字)2001-10-23演算法
- 長沙vod點歌系統(註冊演算法分析)2015-11-15演算法
- Netscan pro 3.3 註冊演算法分析全過程2015-11-15演算法
- 公務員之路3.0註冊分析2015-11-15
- 東晨庫管網路版 6.5註冊演算法分析2003-08-14演算法
- EffeTech HTTP Sniffer 3.2註冊演算法分析 (5千字)2002-06-24HTTP演算法
- Green Tea 2.60註冊碼演算法分析 (3千字)2000-07-17演算法
- VB控制元件21Hex DockIt註冊演算法分析2015-11-15控制元件演算法
- [原創]Focus
Magic V3.01 註冊演算法分析2015-11-15演算法
- 海嘯錄音機Ver2.1註冊演算法分析2015-11-15演算法
- 財智家庭理財V3.30註冊演算法分析2003-08-19演算法
- SuperCleaner 2.31註冊碼演算法分析 - OCG (13千字)2002-04-02演算法
- Registry Crawler 4.0註冊碼演算法分析 - OCG
(20千字)2002-04-07演算法
- UltraEdit-32
10註冊碼演算法分析 (19千字)2003-05-17演算法
- AZR註冊流程分析及疑問(BlowFish演算法) (699字)2001-11-03演算法
- 完美解除安裝6.0註冊演算法分析 (2千字)2002-02-27演算法
- Directory Scanner v1.5 註冊演算法分析 (6千字)2015-11-15演算法
- 海月圖片獵手(SeaMoon Pic Hunter) 1.52 註冊演算法分析2015-11-15演算法
- MouseStar V3.01註冊演算法分析 (18千字)2015-11-15演算法
- **********.exe註冊碼演算法分析--高手莫笑 (31千字)2015-11-15演算法
- Vue2.0原始碼學習(6) - 元件註冊2022-02-22Vue原始碼元件
- Theme Builder註冊碼分析2015-11-15UI