spycop5.5簡要註冊分析
物件:spycop V5.5
下載地址:http://spycop.com/spycop-free-product.htm
軟體說明:SpyCop能掃瞄電腦中隱藏起來的病毒,比如特落依這種木馬病毒。而電腦使用的螢幕、密碼以及Email也是SpyCop的保護物件.
破解資訊:
作者:lordor
mail:lordor@sina.com
QQ:88378557
工具:ollyDbg1.09
程式是用VB編寫,upx加的殼,但分析時可以帶殼分析,可以省掉脫殼的時間
第一步:程式執行後會提示有檔案損壞,所以首先得修復一下才行。使用rtcMsgBox下斷,可以往上找到這裡
004311AA MOV DWORD PTR SS:[EBP-4],0A2
004311B1 MOVSX ECX,WORD PTR SS:[EBP-90]
004311B8 TEST ECX,ECX
004311BA JNZ SHORT aa.004311C1 ==>這裡判斷,把JNZ改為JMP就可以了
004311BC JMP aa.00432227 ==>這裡就跳往提示檔案損壞
004311C1 MOV DWORD PTR SS:[EBP-4],0A6
第二步:跟蹤註冊碼,觀察一下安裝目錄,找到檔案reginfo.dat,開啟一看,如下內容:
Unregistered
0
0
0
一看就知道是註冊資訊的檔案。由於輸入註冊資訊時正確時才寫入的,現在手工填寫:
lordor
111111
222222
333333
儲存後,用ollyDbg載入帶殼的程式,在command line中輸入bp __vbaFileOpen下斷,F9執行程式,會中斷到下面的註冊過程。(程式會中斷好幾次,注意觀察是開啟reginfo.dat)
0042FF1B MOV EAX,DWORD PTR SS:[EBP-384]
0042FF21 PUSH EAX
0042FF22 CALL DWORD PTR DS:[40108C] ; MSVBVM60.__vbaHresultCheckObj
0042FF28 MOV DWORD PTR SS:[EBP-618],EAX
0042FF2E JMP SHORT setup.0042FF3A
0042FF30 MOV DWORD PTR SS:[EBP-618],0
0042FF3A MOV ECX,DWORD PTR SS:[EBP-A8]
0042FF40 PUSH ECX
0042FF41 PUSH setup.00415D54 ; UNICODE "
eginfo.dat"
0042FF46 CALL DWORD PTR DS:[401070] ; MSVBVM60.__vbaStrCat
0042FF4C MOV EDX,EAX
0042FF4E LEA ECX,DWORD PTR SS:[EBP-AC]
0042FF54 CALL DWORD PTR DS:[4012A4] ; MSVBVM60.__vbaStrMove
0042FF5A PUSH EAX
0042FF5B PUSH 1
0042FF5D PUSH -1
0042FF5F PUSH 1
0042FF61 CALL DWORD PTR DS:[401208] ; MSVBVM60.__vbaFileOpen
0042FF67 LEA EDX,DWORD PTR SS:[EBP-AC]
0042FF6D PUSH EDX
0042FF6E LEA EAX,DWORD PTR SS:[EBP-A8]
0042FF74 PUSH EAX
0042FF75 PUSH 2
0042FF77 CALL DWORD PTR DS:[401244] ; MSVBVM60.__vbaFreeStrList
0042FF7D ADD ESP,0C
0042FF80 LEA ECX,DWORD PTR SS:[EBP-EC]
0042FF86 CALL DWORD PTR DS:[4012DC] ; MSVBVM60.__vbaFreeObj
0042FF8C MOV DWORD PTR SS:[EBP-4],75
0042FF93 PUSH 1
0042FF95 LEA ECX,DWORD PTR SS:[EBP-28]
0042FF98 PUSH ECX
0042FF99 CALL DWORD PTR DS:[401030] ; MSVBVM60.__vbaLineInputStr
0042FF9F MOV DWORD PTR SS:[EBP-4],76
0042FFA6 PUSH 1
0042FFA8 LEA EDX,DWORD PTR SS:[EBP-50]
0042FFAB PUSH EDX
0042FFAC CALL DWORD PTR DS:[401030] ; MSVBVM60.__vbaLineInputStr
0042FFB2 MOV DWORD PTR SS:[EBP-4],77
0042FFB9 PUSH 1
0042FFBB LEA EAX,DWORD PTR SS:[EBP-54]
0042FFBE PUSH EAX
0042FFBF CALL DWORD PTR DS:[401030] ; MSVBVM60.__vbaLineInputStr
0042FFC5 MOV DWORD PTR SS:[EBP-4],78
0042FFCC PUSH 1
0042FFCE LEA ECX,DWORD PTR SS:[EBP-6C]
0042FFD1 PUSH ECX
0042FFD2 CALL DWORD PTR DS:[401030] ; MSVBVM60.__vbaLineInputStr
0042FFD8 MOV DWORD PTR SS:[EBP-4],79
0042FFDF PUSH 1
0042FFE1 CALL DWORD PTR DS:[401114] ; MSVBVM60.__vbaFileClose
0042FFE7 MOV DWORD PTR SS:[EBP-4],7A
0042FFEE CMP DWORD PTR DS:[46B024],0
0042FFF5 JNZ SHORT setup.00430013
0042FFF7 PUSH setup.0046B024
0042FFFC PUSH setup.0040F460
00430001 CALL DWORD PTR DS:[401218] ; MSVBVM60.__vbaNew2
00430007 MOV DWORD PTR SS:[EBP-61C],setup.0046B02>
00430011 JMP SHORT setup.0043001D
00430013 MOV DWORD PTR SS:[EBP-61C],setup.0046B02>
0043001D MOV EDX,DWORD PTR SS:[EBP-61C]
00430023 MOV EAX,DWORD PTR DS:[EDX]
00430025 MOV ECX,DWORD PTR SS:[EBP-61C]
0043002B MOV EDX,DWORD PTR DS:[ECX]
0043002D MOV ECX,DWORD PTR DS:[EDX]
0043002F PUSH EAX
00430030 CALL DWORD PTR DS:[ECX+314]
00430036 PUSH EAX
00430037 LEA EDX,DWORD PTR SS:[EBP-EC]
0043003D PUSH EDX
0043003E CALL DWORD PTR DS:[4010C0] ; MSVBVM60.__vbaObjSet
00430044 MOV DWORD PTR SS:[EBP-378],EAX
0043004A MOV EAX,DWORD PTR SS:[EBP-28]
0043004D PUSH EAX
0043004E MOV ECX,DWORD PTR SS:[EBP-378]
00430054 MOV EDX,DWORD PTR DS:[ECX]
00430056 MOV EAX,DWORD PTR SS:[EBP-378]
0043005C PUSH EAX
0043005D CALL DWORD PTR DS:[EDX+54]
00430060 FCLEX
00430062 MOV DWORD PTR SS:[EBP-37C],EAX
00430068 CMP DWORD PTR SS:[EBP-37C],0
0043006F JGE SHORT setup.00430094
00430071 PUSH 54
00430073 PUSH setup.00414F58
00430078 MOV ECX,DWORD PTR SS:[EBP-378]
0043007E PUSH ECX
0043007F MOV EDX,DWORD PTR SS:[EBP-37C]
00430085 PUSH EDX
00430086 CALL DWORD PTR DS:[40108C] ; MSVBVM60.__vbaHresultCheckObj
0043008C MOV DWORD PTR SS:[EBP-620],EAX
00430092 JMP SHORT setup.0043009E
00430094 MOV DWORD PTR SS:[EBP-620],0
0043009E LEA ECX,DWORD PTR SS:[EBP-EC]
004300A4 CALL DWORD PTR DS:[4012DC] ; MSVBVM60.__vbaFreeObj
004300AA MOV DWORD PTR SS:[EBP-4],7B
004300B1 CMP DWORD PTR DS:[46B024],0
004300B8 JNZ SHORT setup.004300D6
004300BA PUSH setup.0046B024
004300BF PUSH setup.0040F460
004300C4 CALL DWORD PTR DS:[401218] ; MSVBVM60.__vbaNew2
004300CA MOV DWORD PTR SS:[EBP-624],setup.0046B02>
004300D4 JMP SHORT setup.004300E0
004300D6 MOV DWORD PTR SS:[EBP-624],setup.0046B02>
004300E0 MOV EAX,DWORD PTR SS:[EBP-624]
004300E6 MOV ECX,DWORD PTR DS:[EAX]
004300E8 MOV EDX,DWORD PTR SS:[EBP-624]
004300EE MOV EAX,DWORD PTR DS:[EDX]
004300F0 MOV EDX,DWORD PTR DS:[EAX]
004300F2 PUSH ECX
004300F3 CALL DWORD PTR DS:[EDX+30C]
004300F9 PUSH EAX
004300FA LEA EAX,DWORD PTR SS:[EBP-EC]
00430100 PUSH EAX
00430101 CALL DWORD PTR DS:[4010C0] ; MSVBVM60.__vbaObjSet
00430107 MOV DWORD PTR SS:[EBP-378],EAX
0043010D MOV ECX,DWORD PTR SS:[EBP-50]
00430110 PUSH ECX
00430111 MOV EDX,DWORD PTR SS:[EBP-378]
00430117 MOV EAX,DWORD PTR DS:[EDX]
00430119 MOV ECX,DWORD PTR SS:[EBP-378]
0043011F PUSH ECX
00430120 CALL DWORD PTR DS:[EAX+54]
00430123 FCLEX
00430125 MOV DWORD PTR SS:[EBP-37C],EAX
0043012B CMP DWORD PTR SS:[EBP-37C],0
00430132 JGE SHORT setup.00430157
00430134 PUSH 54
00430136 PUSH setup.00414F58
0043013B MOV EDX,DWORD PTR SS:[EBP-378]
00430141 PUSH EDX
00430142 MOV EAX,DWORD PTR SS:[EBP-37C]
00430148 PUSH EAX
00430149 CALL DWORD PTR DS:[40108C] ; MSVBVM60.__vbaHresultCheckObj
0043014F MOV DWORD PTR SS:[EBP-628],EAX
00430155 JMP SHORT setup.00430161
00430157 MOV DWORD PTR SS:[EBP-628],0
00430161 LEA ECX,DWORD PTR SS:[EBP-EC]
00430167 CALL DWORD PTR DS:[4012DC] ; MSVBVM60.__vbaFreeObj
0043016D MOV DWORD PTR SS:[EBP-4],7C
00430174 CMP DWORD PTR DS:[46B024],0
0043017B JNZ SHORT setup.00430199
0043017D PUSH setup.0046B024
00430182 PUSH setup.0040F460
00430187 CALL DWORD PTR DS:[401218] ; MSVBVM60.__vbaNew2
0043018D MOV DWORD PTR SS:[EBP-62C],setup.0046B02>
00430197 JMP SHORT setup.004301A3
00430199 MOV DWORD PTR SS:[EBP-62C],setup.0046B02>
004301A3 MOV ECX,DWORD PTR SS:[EBP-62C]
004301A9 MOV EDX,DWORD PTR DS:[ECX]
004301AB MOV EAX,DWORD PTR SS:[EBP-62C]
004301B1 MOV ECX,DWORD PTR DS:[EAX]
004301B3 MOV EAX,DWORD PTR DS:[ECX]
004301B5 PUSH EDX
004301B6 CALL DWORD PTR DS:[EAX+308]
004301BC PUSH EAX
004301BD LEA ECX,DWORD PTR SS:[EBP-EC]
004301C3 PUSH ECX
004301C4 CALL DWORD PTR DS:[4010C0] ; MSVBVM60.__vbaObjSet
004301CA MOV DWORD PTR SS:[EBP-378],EAX
004301D0 MOV EDX,DWORD PTR SS:[EBP-54]
004301D3 PUSH EDX
004301D4 MOV EAX,DWORD PTR SS:[EBP-378]
004301DA MOV ECX,DWORD PTR DS:[EAX]
004301DC MOV EDX,DWORD PTR SS:[EBP-378]
004301E2 PUSH EDX
004301E3 CALL DWORD PTR DS:[ECX+54]
004301E6 FCLEX
004301E8 MOV DWORD PTR SS:[EBP-37C],EAX
004301EE CMP DWORD PTR SS:[EBP-37C],0
004301F5 JGE SHORT setup.0043021A
004301F7 PUSH 54
004301F9 PUSH setup.00414F58
004301FE MOV EAX,DWORD PTR SS:[EBP-378]
00430204 PUSH EAX
00430205 MOV ECX,DWORD PTR SS:[EBP-37C]
0043020B PUSH ECX
0043020C CALL DWORD PTR DS:[40108C] ; MSVBVM60.__vbaHresultCheckObj
00430212 MOV DWORD PTR SS:[EBP-630],EAX
00430218 JMP SHORT setup.00430224
0043021A MOV DWORD PTR SS:[EBP-630],0
00430224 LEA ECX,DWORD PTR SS:[EBP-EC]
0043022A CALL DWORD PTR DS:[4012DC] ; MSVBVM60.__vbaFreeObj
00430230 MOV DWORD PTR SS:[EBP-4],7D
00430237 CMP DWORD PTR DS:[46B024],0
0043023E JNZ SHORT setup.0043025C
00430240 PUSH setup.0046B024
00430245 PUSH setup.0040F460
0043024A CALL DWORD PTR DS:[401218] ; MSVBVM60.__vbaNew2
00430250 MOV DWORD PTR SS:[EBP-634],setup.0046B02>
0043025A JMP SHORT setup.00430266
0043025C MOV DWORD PTR SS:[EBP-634],setup.0046B02>
00430266 MOV EDX,DWORD PTR SS:[EBP-634]
0043026C MOV EAX,DWORD PTR DS:[EDX]
0043026E MOV ECX,DWORD PTR SS:[EBP-634]
00430274 MOV EDX,DWORD PTR DS:[ECX]
00430276 MOV ECX,DWORD PTR DS:[EDX]
00430278 PUSH EAX
00430279 CALL DWORD PTR DS:[ECX+304]
0043027F PUSH EAX
00430280 LEA EDX,DWORD PTR SS:[EBP-EC]
00430286 PUSH EDX
00430287 CALL DWORD PTR DS:[4010C0] ; MSVBVM60.__vbaObjSet
0043028D MOV DWORD PTR SS:[EBP-378],EAX
00430293 MOV EAX,DWORD PTR SS:[EBP-6C]
00430296 PUSH EAX
00430297 MOV ECX,DWORD PTR SS:[EBP-378]
0043029D MOV EDX,DWORD PTR DS:[ECX]
0043029F MOV EAX,DWORD PTR SS:[EBP-378]
004302A5 PUSH EAX
004302A6 CALL DWORD PTR DS:[EDX+54]
004302A9 FCLEX
004302AB MOV DWORD PTR SS:[EBP-37C],EAX
004302B1 CMP DWORD PTR SS:[EBP-37C],0
004302B8 JGE SHORT setup.004302DD
004302BA PUSH 54
004302BC PUSH setup.00414F58
004302C1 MOV ECX,DWORD PTR SS:[EBP-378]
004302C7 PUSH ECX
004302C8 MOV EDX,DWORD PTR SS:[EBP-37C]
004302CE PUSH EDX
004302CF CALL DWORD PTR DS:[40108C] ; MSVBVM60.__vbaHresultCheckObj
004302D5 MOV DWORD PTR SS:[EBP-638],EAX
004302DB JMP SHORT setup.004302E7
004302DD MOV DWORD PTR SS:[EBP-638],0
004302E7 LEA ECX,DWORD PTR SS:[EBP-EC]
004302ED CALL DWORD PTR DS:[4012DC] ; MSVBVM60.__vbaFreeObj
004302F3 MOV DWORD PTR SS:[EBP-4],7E
004302FA MOV DWORD PTR SS:[EBP-2B8],1
00430304 MOV DWORD PTR SS:[EBP-2C0],2
0043030E MOV EAX,DWORD PTR SS:[EBP-28]
00430311 PUSH EAX ; 使用者名稱
00430312 CALL DWORD PTR DS:[40102C] ; MSVBVM60.__vbaLenBstr
00430318 MOV DWORD PTR SS:[EBP-2C8],EAX
0043031E MOV DWORD PTR SS:[EBP-2D0],3
00430328 MOV DWORD PTR SS:[EBP-2D8],1
00430332 MOV DWORD PTR SS:[EBP-2E0],2
0043033C LEA ECX,DWORD PTR SS:[EBP-2C0]
00430342 PUSH ECX
00430343 LEA EDX,DWORD PTR SS:[EBP-2D0]
00430349 PUSH EDX
0043034A LEA EAX,DWORD PTR SS:[EBP-2E0]
00430350 PUSH EAX
00430351 LEA ECX,DWORD PTR SS:[EBP-3C0]
00430357 PUSH ECX
00430358 LEA EDX,DWORD PTR SS:[EBP-3B0]
0043035E PUSH EDX
0043035F LEA EAX,DWORD PTR SS:[EBP-A0]
00430365 PUSH EAX
00430366 CALL DWORD PTR DS:[4010AC] ; MSVBVM60.__vbaVarForInit
0043036C MOV DWORD PTR SS:[EBP-4AC],EAX
00430372 JMP setup.00430464
00430377 MOV DWORD PTR SS:[EBP-4],7F
0043037E MOV DWORD PTR SS:[EBP-F8],1
00430388 MOV DWORD PTR SS:[EBP-100],2
00430392 LEA ECX,DWORD PTR SS:[EBP-100]
00430398 PUSH ECX
00430399 LEA EDX,DWORD PTR SS:[EBP-A0]
0043039F PUSH EDX
004303A0 CALL DWORD PTR DS:[401264] ; MSVBVM60.__vbaI4Var
004303A6 PUSH EAX
004303A7 MOV EAX,DWORD PTR SS:[EBP-28]
004303AA PUSH EAX
004303AB CALL DWORD PTR DS:[4010F4] ; MSVBVM60.rtcMidCharBstr
004303B1 MOV EDX,EAX
004303B3 LEA ECX,DWORD PTR SS:[EBP-A8]
004303B9 CALL DWORD PTR DS:[4012A4] ; MSVBVM60.__vbaStrMove
004303BF PUSH EAX
004303C0 CALL DWORD PTR DS:[401054] ; MSVBVM60.rtcAnsiValueBstr
004303C6 MOVSX ECX,AX
004303C9 MOV DWORD PTR SS:[EBP-63C],ECX
004303CF FILD DWORD PTR SS:[EBP-63C]
004303D5 FSTP QWORD PTR SS:[EBP-644]
004303DB FLD QWORD PTR SS:[EBP-644]
004303E1 FMUL QWORD PTR DS:[401988]
004303E7 FSTP QWORD PTR SS:[EBP-2C8]
004303ED FSTSW AX
004303EF TEST AL,0D
004303F1 JNZ setup.004328D7
004303F7 MOV DWORD PTR SS:[EBP-2D0],5
00430401 LEA EDX,DWORD PTR SS:[EBP-38]
00430404 PUSH EDX
00430405 LEA EAX,DWORD PTR SS:[EBP-2D0]
0043040B PUSH EAX
0043040C LEA ECX,DWORD PTR SS:[EBP-110]
00430412 PUSH ECX
00430413 CALL DWORD PTR DS:[401274] ; MSVBVM60.__vbaVarAdd
00430419 MOV EDX,EAX
0043041B LEA ECX,DWORD PTR SS:[EBP-38]
0043041E CALL DWORD PTR DS:[401018] ; MSVBVM60.__vbaVarMove
00430424 LEA ECX,DWORD PTR SS:[EBP-A8]
0043042A CALL DWORD PTR DS:[4012E0] ; MSVBVM60.__vbaFreeStr
00430430 LEA ECX,DWORD PTR SS:[EBP-100]
00430436 CALL DWORD PTR DS:[401028] ; MSVBVM60.__vbaFreeVar
0043043C MOV DWORD PTR SS:[EBP-4],80
00430443 LEA EDX,DWORD PTR SS:[EBP-3C0]
00430449 PUSH EDX
0043044A LEA EAX,DWORD PTR SS:[EBP-3B0]
00430450 PUSH EAX
00430451 LEA ECX,DWORD PTR SS:[EBP-A0]
00430457 PUSH ECX
00430458 CALL DWORD PTR DS:[4012CC] ; MSVBVM60.__vbaVarForNext
0043045E MOV DWORD PTR SS:[EBP-4AC],EAX
00430464 CMP DWORD PTR SS:[EBP-4AC],0
0043046B JNZ setup.00430377
00430471 MOV DWORD PTR SS:[EBP-4],81
00430478 MOV DWORD PTR SS:[EBP-2B8],9999999A
00430482 MOV DWORD PTR SS:[EBP-2B4],3FB99999
0043048C MOV DWORD PTR SS:[EBP-2C0],5
00430496 LEA EDX,DWORD PTR SS:[EBP-38]
00430499 PUSH EDX
0043049A LEA EAX,DWORD PTR SS:[EBP-2C0]
004304A0 PUSH EAX
004304A1 LEA ECX,DWORD PTR SS:[EBP-100]
004304A7 PUSH ECX
004304A8 CALL DWORD PTR DS:[4011B8] ; MSVBVM60.__vbaVarDiv
004304AE PUSH EAX
004304AF LEA EDX,DWORD PTR SS:[EBP-110]
004304B5 PUSH EDX
004304B6 CALL DWORD PTR DS:[401220] ; MSVBVM60.__vbaVarInt
004304BC PUSH EAX
004304BD CALL DWORD PTR DS:[40105C] ; MSVBVM60.__vbaStrErrVarCopy
004304C3 MOV EDX,EAX ; 第一串註冊碼
004304C5 LEA ECX,DWORD PTR SS:[EBP-44]
004304C8 CALL DWORD PTR DS:[4012A4] ; MSVBVM60.__vbaStrMove
004304CE MOV DWORD PTR SS:[EBP-4],82
004304D5 MOV DWORD PTR SS:[EBP-2B8],1
004304DF MOV DWORD PTR SS:[EBP-2C0],2
004304E9 MOV EAX,DWORD PTR SS:[EBP-28]
004304EC PUSH EAX ; 使用者名稱
004304ED CALL DWORD PTR DS:[40102C] ; MSVBVM60.__vbaLenBstr
004304F3 MOV DWORD PTR SS:[EBP-2C8],EAX
004304F9 MOV DWORD PTR SS:[EBP-2D0],3
00430503 MOV DWORD PTR SS:[EBP-2D8],1
0043050D MOV DWORD PTR SS:[EBP-2E0],2
00430517 LEA ECX,DWORD PTR SS:[EBP-2C0]
0043051D PUSH ECX
0043051E LEA EDX,DWORD PTR SS:[EBP-2D0]
00430524 PUSH EDX
00430525 LEA EAX,DWORD PTR SS:[EBP-2E0]
0043052B PUSH EAX
0043052C LEA ECX,DWORD PTR SS:[EBP-3E0]
00430532 PUSH ECX
00430533 LEA EDX,DWORD PTR SS:[EBP-3D0]
00430539 PUSH EDX
0043053A LEA EAX,DWORD PTR SS:[EBP-A0]
00430540 PUSH EAX
00430541 CALL DWORD PTR DS:[4010AC] ; MSVBVM60.__vbaVarForInit
00430547 MOV DWORD PTR SS:[EBP-4B0],EAX
0043054D JMP setup.0043063F
00430552 MOV DWORD PTR SS:[EBP-4],83
00430559 MOV DWORD PTR SS:[EBP-F8],1
00430563 MOV DWORD PTR SS:[EBP-100],2
0043056D LEA ECX,DWORD PTR SS:[EBP-100]
00430573 PUSH ECX
00430574 LEA EDX,DWORD PTR SS:[EBP-A0]
0043057A PUSH EDX
0043057B CALL DWORD PTR DS:[401264] ; MSVBVM60.__vbaI4Var
00430581 PUSH EAX
00430582 MOV EAX,DWORD PTR SS:[EBP-28]
00430585 PUSH EAX
00430586 CALL DWORD PTR DS:[4010F4] ; MSVBVM60.rtcMidCharBstr
0043058C MOV EDX,EAX
0043058E LEA ECX,DWORD PTR SS:[EBP-A8]
00430594 CALL DWORD PTR DS:[4012A4] ; MSVBVM60.__vbaStrMove
0043059A PUSH EAX
0043059B CALL DWORD PTR DS:[401054] ; MSVBVM60.rtcAnsiValueBstr
004305A1 MOVSX ECX,AX
004305A4 MOV DWORD PTR SS:[EBP-648],ECX
004305AA FILD DWORD PTR SS:[EBP-648]
004305B0 FSTP QWORD PTR SS:[EBP-650]
004305B6 FLD QWORD PTR SS:[EBP-650]
004305BC FMUL QWORD PTR DS:[401980]
004305C2 FSTP QWORD PTR SS:[EBP-2C8]
004305C8 FSTSW AX
004305CA TEST AL,0D
004305CC JNZ setup.004328D7
004305D2 MOV DWORD PTR SS:[EBP-2D0],5
004305DC LEA EDX,DWORD PTR SS:[EBP-38]
004305DF PUSH EDX
004305E0 LEA EAX,DWORD PTR SS:[EBP-2D0]
004305E6 PUSH EAX
004305E7 LEA ECX,DWORD PTR SS:[EBP-110]
004305ED PUSH ECX
004305EE CALL DWORD PTR DS:[401274] ; MSVBVM60.__vbaVarAdd
004305F4 MOV EDX,EAX
004305F6 LEA ECX,DWORD PTR SS:[EBP-38]
004305F9 CALL DWORD PTR DS:[401018] ; MSVBVM60.__vbaVarMove
004305FF LEA ECX,DWORD PTR SS:[EBP-A8]
00430605 CALL DWORD PTR DS:[4012E0] ; MSVBVM60.__vbaFreeStr
0043060B LEA ECX,DWORD PTR SS:[EBP-100]
00430611 CALL DWORD PTR DS:[401028] ; MSVBVM60.__vbaFreeVar
00430617 MOV DWORD PTR SS:[EBP-4],84
0043061E LEA EDX,DWORD PTR SS:[EBP-3E0]
00430624 PUSH EDX
00430625 LEA EAX,DWORD PTR SS:[EBP-3D0]
0043062B PUSH EAX
0043062C LEA ECX,DWORD PTR SS:[EBP-A0]
00430632 PUSH ECX
00430633 CALL DWORD PTR DS:[4012CC] ; MSVBVM60.__vbaVarForNext
00430639 MOV DWORD PTR SS:[EBP-4B0],EAX
0043063F CMP DWORD PTR SS:[EBP-4B0],0
00430646 JNZ setup.00430552
0043064C MOV DWORD PTR SS:[EBP-4],85
00430653 MOV DWORD PTR SS:[EBP-2B8],9999999A
0043065D MOV DWORD PTR SS:[EBP-2B4],3FC99999
00430667 MOV DWORD PTR SS:[EBP-2C0],5
00430671 LEA EDX,DWORD PTR SS:[EBP-38]
00430674 PUSH EDX
00430675 LEA EAX,DWORD PTR SS:[EBP-2C0]
0043067B PUSH EAX
0043067C LEA ECX,DWORD PTR SS:[EBP-100]
00430682 PUSH ECX
00430683 CALL DWORD PTR DS:[4011B8] ; MSVBVM60.__vbaVarDiv
00430689 PUSH EAX
0043068A LEA EDX,DWORD PTR SS:[EBP-110]
00430690 PUSH EDX
00430691 CALL DWORD PTR DS:[401220] ; MSVBVM60.__vbaVarInt
00430697 PUSH EAX
00430698 CALL DWORD PTR DS:[40105C] ; MSVBVM60.__vbaStrErrVarCopy
0043069E MOV EDX,EAX ; 第二串註冊碼
004306A0 LEA ECX,DWORD PTR SS:[EBP-48]
004306A3 CALL DWORD PTR DS:[4012A4] ; MSVBVM60.__vbaStrMove
004306A9 MOV DWORD PTR SS:[EBP-4],86
004306B0 MOV DWORD PTR SS:[EBP-2B8],1
004306BA MOV DWORD PTR SS:[EBP-2C0],2
004306C4 MOV EAX,DWORD PTR SS:[EBP-28]
004306C7 PUSH EAX
004306C8 CALL DWORD PTR DS:[40102C] ; MSVBVM60.__vbaLenBstr
004306CE MOV DWORD PTR SS:[EBP-2C8],EAX
004306D4 MOV DWORD PTR SS:[EBP-2D0],3
004306DE MOV DWORD PTR SS:[EBP-2D8],1
004306E8 MOV DWORD PTR SS:[EBP-2E0],2
004306F2 LEA ECX,DWORD PTR SS:[EBP-2C0]
004306F8 PUSH ECX
004306F9 LEA EDX,DWORD PTR SS:[EBP-2D0]
004306FF PUSH EDX
00430700 LEA EAX,DWORD PTR SS:[EBP-2E0]
00430706 PUSH EAX
00430707 LEA ECX,DWORD PTR SS:[EBP-400]
0043070D PUSH ECX
0043070E LEA EDX,DWORD PTR SS:[EBP-3F0]
00430714 PUSH EDX
00430715 LEA EAX,DWORD PTR SS:[EBP-A0]
0043071B PUSH EAX
0043071C CALL DWORD PTR DS:[4010AC] ; MSVBVM60.__vbaVarForInit
00430722 MOV DWORD PTR SS:[EBP-4B4],EAX
00430728 JMP setup.0043081A
0043072D MOV DWORD PTR SS:[EBP-4],87
00430734 MOV DWORD PTR SS:[EBP-F8],1
0043073E MOV DWORD PTR SS:[EBP-100],2
00430748 LEA ECX,DWORD PTR SS:[EBP-100]
0043074E PUSH ECX
0043074F LEA EDX,DWORD PTR SS:[EBP-A0]
00430755 PUSH EDX
00430756 CALL DWORD PTR DS:[401264] ; MSVBVM60.__vbaI4Var
0043075C PUSH EAX
0043075D MOV EAX,DWORD PTR SS:[EBP-28]
00430760 PUSH EAX
00430761 CALL DWORD PTR DS:[4010F4] ; MSVBVM60.rtcMidCharBstr
00430767 MOV EDX,EAX
00430769 LEA ECX,DWORD PTR SS:[EBP-A8]
0043076F CALL DWORD PTR DS:[4012A4] ; MSVBVM60.__vbaStrMove
00430775 PUSH EAX
00430776 CALL DWORD PTR DS:[401054] ; MSVBVM60.rtcAnsiValueBstr
0043077C MOVSX ECX,AX
0043077F MOV DWORD PTR SS:[EBP-654],ECX
00430785 FILD DWORD PTR SS:[EBP-654]
0043078B FSTP QWORD PTR SS:[EBP-65C]
00430791 FLD QWORD PTR SS:[EBP-65C]
00430797 FMUL QWORD PTR DS:[401978]
0043079D FSTP QWORD PTR SS:[EBP-2C8]
004307A3 FSTSW AX
004307A5 TEST AL,0D
004307A7 JNZ setup.004328D7
004307AD MOV DWORD PTR SS:[EBP-2D0],5
004307B7 LEA EDX,DWORD PTR SS:[EBP-38]
004307BA PUSH EDX
004307BB LEA EAX,DWORD PTR SS:[EBP-2D0]
004307C1 PUSH EAX
004307C2 LEA ECX,DWORD PTR SS:[EBP-110]
004307C8 PUSH ECX
004307C9 CALL DWORD PTR DS:[401274] ; MSVBVM60.__vbaVarAdd
004307CF MOV EDX,EAX
004307D1 LEA ECX,DWORD PTR SS:[EBP-38]
004307D4 CALL DWORD PTR DS:[401018] ; MSVBVM60.__vbaVarMove
004307DA LEA ECX,DWORD PTR SS:[EBP-A8]
004307E0 CALL DWORD PTR DS:[4012E0] ; MSVBVM60.__vbaFreeStr
004307E6 LEA ECX,DWORD PTR SS:[EBP-100]
004307EC CALL DWORD PTR DS:[401028] ; MSVBVM60.__vbaFreeVar
004307F2 MOV DWORD PTR SS:[EBP-4],88
004307F9 LEA EDX,DWORD PTR SS:[EBP-400]
004307FF PUSH EDX
00430800 LEA EAX,DWORD PTR SS:[EBP-3F0]
00430806 PUSH EAX
00430807 LEA ECX,DWORD PTR SS:[EBP-A0]
0043080D PUSH ECX
0043080E CALL DWORD PTR DS:[4012CC] ; MSVBVM60.__vbaVarForNext
00430814 MOV DWORD PTR SS:[EBP-4B4],EAX
0043081A CMP DWORD PTR SS:[EBP-4B4],0
00430821 JNZ setup.0043072D
00430827 MOV DWORD PTR SS:[EBP-4],89
0043082E MOV DWORD PTR SS:[EBP-2B8],33333333
00430838 MOV DWORD PTR SS:[EBP-2B4],3FD33333
00430842 MOV DWORD PTR SS:[EBP-2C0],5
0043084C LEA EDX,DWORD PTR SS:[EBP-38]
0043084F PUSH EDX
00430850 LEA EAX,DWORD PTR SS:[EBP-2C0]
00430856 PUSH EAX
00430857 LEA ECX,DWORD PTR SS:[EBP-100]
0043085D PUSH ECX
0043085E CALL DWORD PTR DS:[4011B8] ; MSVBVM60.__vbaVarDiv
00430864 PUSH EAX
00430865 LEA EDX,DWORD PTR SS:[EBP-110]
0043086B PUSH EDX
0043086C CALL DWORD PTR DS:[401220] ; MSVBVM60.__vbaVarInt
00430872 PUSH EAX
00430873 CALL DWORD PTR DS:[40105C] ; MSVBVM60.__vbaStrErrVarCopy
00430879 MOV EDX,EAX ; 第三串註冊碼
0043087B LEA ECX,DWORD PTR SS:[EBP-4C]
0043087E CALL DWORD PTR DS:[4012A4] ; MSVBVM60.__vbaStrMove
00430884 MOV DWORD PTR SS:[EBP-4],8A
0043088B MOV EAX,DWORD PTR SS:[EBP-50]
0043088E PUSH EAX
0043088F MOV ECX,DWORD PTR SS:[EBP-44]
00430892 PUSH ECX
00430893 CALL DWORD PTR DS:[40112C] ; MSVBVM60.__vbaStrCmp
00430899 MOV ESI,EAX ==>第一次比較
0043089B NEG ESI
0043089D SBB ESI,ESI
0043089F INC ESI
004308A0 MOV EDX,DWORD PTR SS:[EBP-54]
004308A3 PUSH EDX
004308A4 MOV EAX,DWORD PTR SS:[EBP-48]
004308A7 PUSH EAX
004308A8 CALL DWORD PTR DS:[40112C] ; MSVBVM60.__vbaStrCmp
004308AE NEG EAX ==>第二次比較
004308B0 SBB EAX,EAX
004308B2 INC EAX
004308B3 AND ESI,EAX
004308B5 NEG ESI
004308B7 SBB ESI,ESI
004308B9 NEG ESI
004308BB MOV ECX,DWORD PTR SS:[EBP-6C]
004308BE PUSH ECX
004308BF MOV EDX,DWORD PTR SS:[EBP-4C]
004308C2 PUSH EDX
004308C3 CALL DWORD PTR DS:[40112C] ; MSVBVM60.__vbaStrCmp
004308C9 NEG EAX |--->第三次比較
004308CB SBB EAX,EAX
004308CD INC EAX
004308CE AND ESI,EAX
004308D0 TEST ESI,ESI
004308D2 JNZ setup.00430A94 ==>關鍵跳轉
004308D8 MOV DWORD PTR SS:[EBP-4],8B
004308DF CMP DWORD PTR DS:[46B198],0
004308E6 JNZ SHORT setup.00430904
004308E8 PUSH setup.0046B198
004308ED PUSH setup.0041184C
004308F2 CALL DWORD PTR DS:[401218] ; MSVBVM60.__vbaNew2
004308F8 MOV DWORD PTR SS:[EBP-660],setup.0046B19>
00430902 JMP SHORT setup.0043090E
-----------------------------------------------------
總結:
VB的東西反出來一目瞭然,不過就是太繁雜了,不過過程還是很清楚的。首先開啟reginfo.dat檔案,使用者名稱(如lordor)分別算出三個串,這三個串依次與reginfo.dat檔案中的三串比較,如相等,則註冊成功。
一個可用的註冊碼:
reginfo.dat中的資訊
lordor
151998
119427
192794
cracked by lordor
03.10.11
相關文章
- Disk
Chief 1.2 簡單註冊演算法分析2015-11-15演算法
- Laravel——簡訊註冊2018-05-28Laravel
- ffmpeg分析系列之一(註冊該註冊的)2010-11-04
- 公務員之路3.0註冊分析2015-11-15
- 巨集遠簡訊群發軟體(個人版)註冊分析2015-11-15
- 財智老闆通3.04註冊版---註冊演算法分析2003-03-16演算法
- Instant Source 註冊演算法分析+註冊器原始碼2015-11-15演算法原始碼
- Theme Builder註冊碼分析2015-11-15UI
- supercleaner註冊演算法分析2015-11-15演算法
- ShadowDefender 註冊碼 分析2024-08-17
- EmEditor 24.4.1 離線註冊分析2024-11-09
- 磁碟原理簡要分析2022-06-15
- 需求分析案例 - “自動註冊”功能2020-11-02
- Dubbo 中 Zookeeper 註冊中心原理分析2023-02-02
- nacos註冊中心原始碼流程分析2020-12-23原始碼
- 珠聯跳棋2.27之註冊分析2003-06-09
- SpeedFlash註冊演算法分析(VB)2015-11-15演算法
- 區塊鏈為何要註冊新加坡基金會2018-12-28區塊鏈
- @angular/router 原始碼分析之註冊路由2018-07-10Angular原始碼路由
- Cleaner 3.2註冊分析 (18千字)2001-12-09
- 青少兒發育分析和身高預測註冊演算法(簡單)2015-11-15演算法
- Android Hal層簡要分析2014-09-21Android
- Access Animation破解的簡要分析2003-05-10
- 新專案為什麼要註冊新加坡基金會?2021-11-30
- 動態註冊和靜態註冊2018-05-21
- 靜態註冊和動態註冊2013-11-27
- 【Java】NIO中Channel的註冊原始碼分析2019-05-17Java原始碼
- Netty原始碼分析--Channel註冊(上)(五)2019-07-02Netty原始碼
- Netty原始碼分析--Channel註冊(中)(六)2019-07-02Netty原始碼
- Nacos 服務註冊與發現原理分析2022-12-08
- Nacos(一)原始碼分析Nacos註冊示例流程2020-12-26原始碼
- Screen Demo Maker 3.0 註冊演算法分析2003-07-15演算法
- 標
題:UltraISO7me註冊方法分析2004-04-25AI
- <<Anti-Hack>> 2.0註冊演算法分析2003-06-06演算法
- Personal Antispy 1.14 註冊演算法分析2015-11-15演算法
- 冰盾濾鏡註冊演算法分析2015-11-15演算法
- E族百變桌面7.2註冊流程分析2015-11-15
- containerd 原始碼分析:啟動註冊流程2024-05-21AI原始碼