无名小兵 V2.47简单算法分析(浮点)
【破文标题】无名小兵 V2.47简单算法分析(浮点)【破文作者】野猫III
【分析时间】2006-08-03 20:27 湛江12~13级台风
【破解工具】PEiD,W32DASM,UC32,OD
【破解平台】Windows 2K&XP
【软件名称】无名小兵V2.47
【软件大小】213K
【原版下载】http://bx1978.yeah.net
【保护方式】注册码
【软件简介】欢迎您使用无名小兵,非常抱歉的是,如果您没有注册,那您将会受到30分钟的限时,30分钟一到无名小兵将会自动关闭。如果您想继续使用,需要您再次启动无名小兵。
【破解声明】我是一只小小小小鸟WoWoWo...怎么飞呀飞不高WoWoWoOOOOOOOOOoOoooOOoOOOOOOOOOOooo
这个程序之前应陈埃兄在龙族咱做过它的内存注册机演示,如果他有缘应该可以看到这个演示。
------------------------------------------------------------------------
一、软件注册有错误提示,用PEiD查壳:加了这样个“壳”Microsoft Visual Basic 5.0 / 6.0
二、我们用OD载入程序,进入注册窗口输入注册信息,OD下命令断点bp rtcMsgBox,然后点注册确认。
程序中断在以下:
73472F29 >55 PUSH EBP ; 取消断点,看堆栈窗口
73472F2A 8BEC MOV EBP,ESP
73472F2C 83EC 4C SUB ESP,4C
73472F2F 8B4D 14 MOV ECX,DWORD PTR SS:[EBP+14]
73472F32 53 PUSH EBX
73472F33 56 PUSH ESI
73472F34 57 PUSH EDI
+++堆栈友好提示:
0012F4F8 00419A0D返回到 无名小兵.00419A0D 来自 MSVBVM60.rtcMsgBox ;返回程序领空。
0012F4FC 0012F5A8
0012F500 00000030
接着我们就开始分析~
++++++++++++++++++++
00419440 > \55 PUSH EBP
00419441 .8BEC MOV EBP,ESP
00419443 .83EC 0C SUB ESP,0C
00419446 .68 B6214000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler>
;SE处理程序安装
0041944B .64:A1 00000000 MOV EAX,DWORD PTR FS:
00419451 .50 PUSH EAX
00419452 .64:8925 00000000 MOV DWORD PTR FS:,ESP
00419459 .81EC E0000000 SUB ESP,0E0
0041945F .53 PUSH EBX
00419460 .56 PUSH ESI
00419461 .57 PUSH EDI
00419462 .8965 F4 MOV DWORD PTR SS:[EBP-C],ESP
00419465 .C745 F8 98174000 MOV DWORD PTR SS:[EBP-8],无名小兵.00401798
0041946C .8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
0041946F .8BC6 MOV EAX,ESI
00419471 .83E0 01 AND EAX,1
00419474 .8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00419477 .83E6 FE AND ESI,FFFFFFFE
0041947A .56 PUSH ESI
0041947B .8975 08 MOV DWORD PTR SS:[EBP+8],ESI
0041947E .8B0E MOV ECX,DWORD PTR DS:[ESI]
00419480 .FF51 04 CALL DWORD PTR DS:[ECX+4]
00419483 .8B16 MOV EDX,DWORD PTR DS:[ESI]
00419485 .33DB XOR EBX,EBX
00419487 .56 PUSH ESI
00419488 .895D DC MOV DWORD PTR SS:[EBP-24],EBX
0041948B .895D D8 MOV DWORD PTR SS:[EBP-28],EBX
0041948E .895D C8 MOV DWORD PTR SS:[EBP-38],EBX
00419491 .895D C4 MOV DWORD PTR SS:[EBP-3C],EBX
00419494 .895D BC MOV DWORD PTR SS:[EBP-44],EBX
00419497 .895D B8 MOV DWORD PTR SS:[EBP-48],EBX
0041949A .895D B4 MOV DWORD PTR SS:[EBP-4C],EBX
0041949D .895D B0 MOV DWORD PTR SS:[EBP-50],EBX
004194A0 .895D AC MOV DWORD PTR SS:[EBP-54],EBX
004194A3 .895D A8 MOV DWORD PTR SS:[EBP-58],EBX
004194A6 .895D 98 MOV DWORD PTR SS:[EBP-68],EBX
004194A9 .895D 88 MOV DWORD PTR SS:[EBP-78],EBX
004194AC .899D 78FFFFFF MOV DWORD PTR SS:[EBP-88],EBX
004194B2 .899D 68FFFFFF MOV DWORD PTR SS:[EBP-98],EBX
004194B8 .899D 58FFFFFF MOV DWORD PTR SS:[EBP-A8],EBX
004194BE .899D 48FFFFFF MOV DWORD PTR SS:[EBP-B8],EBX
004194C4 .899D 24FFFFFF MOV DWORD PTR SS:[EBP-DC],EBX
004194CA .899D 20FFFFFF MOV DWORD PTR SS:[EBP-E0],EBX
004194D0 .FF92 10030000 CALL DWORD PTR DS:[EDX+310]
004194D6 .8945 A0 MOV DWORD PTR SS:[EBP-60],EAX
004194D9 .8D45 98 LEA EAX,DWORD PTR SS:[EBP-68]
004194DC .8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
004194DF .50 PUSH EAX
004194E0 .51 PUSH ECX
004194E1 .C745 98 09000000 MOV DWORD PTR SS:[EBP-68],9
004194E8 .FF15 98104000 CALL DWORD PTR DS:[<&MSVBVM60.#520>]
;MSVBVM60.rtcTrimVar
004194EE .8D55 88 LEA EDX,DWORD PTR SS:[EBP-78]
004194F1 .8D85 58FFFFFF LEA EAX,DWORD PTR SS:[EBP-A8]
004194F7 .52 PUSH EDX
004194F8 .50 PUSH EAX
004194F9 .C785 60FFFFFF 0CB74000MOV DWORD PTR SS:[EBP-A0],无名小兵.0040B70C
00419503 .C785 58FFFFFF 08800000MOV DWORD PTR SS:[EBP-A8],8008
0041950D .FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTstEq>]
;MSVBVM60.__vbaVarTstEq
00419513 .8B3D 28104000 MOV EDI,DWORD PTR DS
:[<&MSVBVM60.__vbaFreeVarList>];MSVBVM60.__vbaFreeVarList
00419519 .8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
0041951C .8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
0041951F .51 PUSH ECX
00419520 .52 PUSH EDX
00419521 .6A 02 PUSH 2
00419523 .66:8985 1CFFFFFF MOV WORD PTR SS:[EBP-E4],AX
0041952A .FFD7 CALL EDI
;<&MSVBVM60.__vbaFreeVarList>
0041952C .83C4 0C ADD ESP,0C
0041952F .66:399D 1CFFFFFF CMP WORD PTR SS:[EBP-E4],BX
00419536 .0F85 48050000 JNZ 无名小兵.00419A84
0041953C .8D45 98 LEA EAX,DWORD PTR SS:[EBP-68]
0041953F .68 FF000000 PUSH 0FF
00419544 .50 PUSH EAX
00419545 .FF15 B4104000 CALL DWORD PTR DS:[<&MSVBVM60.#526>]
;MSVBVM60.rtcSpaceVar
0041954B .8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
0041954E .8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
00419551 .FF15 0C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMove>]
;MSVBVM60.__vbaVarMove
00419557 .8D4D 98 LEA ECX,DWORD PTR SS:[EBP-68]
0041955A .68 FF000000 PUSH 0FF
0041955F .51 PUSH ECX
00419560 .FF15 B4104000 CALL DWORD PTR DS:[<&MSVBVM60.#526>]
;MSVBVM60.rtcSpaceVar
00419566 .8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
00419569 .8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
0041956C .FF15 0C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMove>]
;MSVBVM60.__vbaVarMove
00419572 .8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00419575 .8D45 88 LEA EAX,DWORD PTR SS:[EBP-78]
00419578 .52 PUSH EDX
00419579 .50 PUSH EAX
0041957A .899D 20FFFFFF MOV DWORD PTR SS:[EBP-E0],EBX
00419580 .899D 24FFFFFF MOV DWORD PTR SS:[EBP-DC],EBX
00419586 .FF15 54104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenVar>] ;MSVBVM60.__vbaLenVar
0041958C .50 PUSH EAX
0041958D .FF15 78114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI4Var>] ;MSVBVM60.__vbaI4Var
00419593 .8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00419596 .50 PUSH EAX
00419597 .8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
0041959A .51 PUSH ECX
0041959B .52 PUSH EDX
0041959C .FF15 28114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVarVal>] ;MSVBVM60.__vbaStrVarVal
004195A2 .50 PUSH EAX
004195A3 .8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
004195A6 .50 PUSH EAX
004195A7 .FF15 88114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrToAnsi>] ;MSVBVM60.__vbaStrToAnsi
004195AD .8D8D 20FFFFFF LEA ECX,DWORD PTR SS:[EBP-E0]
004195B3 .50 PUSH EAX
004195B4 .8D95 24FFFFFF LEA EDX,DWORD PTR SS:[EBP-DC]
004195BA .51 PUSH ECX
004195BB .8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004195BE .52 PUSH EDX
004195BF .8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
004195C2 .50 PUSH EAX
004195C3 .8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
004195C6 .51 PUSH ECX
004195C7 .52 PUSH EDX
004195C8 .FF15 54104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenVar>]
;MSVBVM60.__vbaLenVar
004195CE .50 PUSH EAX
004195CF .FF15 78114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI4Var>]
;MSVBVM60.__vbaI4Var
004195D5 .50 PUSH EAX
004195D6 .8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004195D9 .8D4D B8 LEA ECX,DWORD PTR SS:[EBP-48]
004195DC .50 PUSH EAX
004195DD .51 PUSH ECX
004195DE .FF15 28114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVarVal>]
;MSVBVM60.__vbaStrVarVal
004195E4 .8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C]
004195E7 .50 PUSH EAX
004195E8 .52 PUSH EDX
004195E9 .FF15 88114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrToAnsi>]
;MSVBVM60.__vbaStrToAnsi
004195EF .50 PUSH EAX
004195F0 .8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
004195F3 .68 14B74000 PUSH 无名小兵.0040B714 ;UNICODE "c:\"
004195F8 .50 PUSH EAX
004195F9 .FF15 88114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrToAnsi>]
;MSVBVM60.__vbaStrToAnsi
004195FF .50 PUSH EAX
00419600 .E8 2318FFFF CALL 无名小兵.0040AE28
00419605 .FF15 4C104000CALL DWORD PTR DS:[<&MSVBVM60.__vbaSetSystemError>]
;MSVBVM60.__vbaSetSystemError
0041960B .8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
0041960E .8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
00419611 .51 PUSH ECX
00419612 .8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]
00419615 .52 PUSH EDX
00419616 .8D4D B8 LEA ECX,DWORD PTR SS:[EBP-48]
00419619 .50 PUSH EAX
0041961A .8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
0041961D .51 PUSH ECX
0041961E .52 PUSH EDX
0041961F .6A 05 PUSH 5
00419621 .FF15 64114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStrList>]
;MSVBVM60.__vbaFreeStrList
00419627 .8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
0041962A .83C4 18 ADD ESP,18
0041962D .8985 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EAX
00419633 .C785 58FFFFFF 03400000MOV DWORD PTR SS:[EBP-A8],4003
0041963D .8D8D 58FFFFFF LEA ECX,DWORD PTR SS:[EBP-A8]
00419643 .8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
00419646 .51 PUSH ECX
00419647 .52 PUSH EDX
00419648 .FF15 90114000 CALL DWORD PTR DS:[<&MSVBVM60.#613>] ;MSVBVM60.rtcVarStrFromVar
0041964E .8D45 98 LEA EAX,DWORD PTR SS:[EBP-68]
00419651 .6A 09 PUSH 9
00419653 .8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
00419656 .50 PUSH EAX
00419657 .51 PUSH ECX
00419658 .FF15 A4114000 CALL DWORD PTR DS:[<&MSVBVM60.#619>]
;MSVBVM60.rtcRightCharVar
0041965E .8D55 88 LEA EDX,DWORD PTR SS:[EBP-78]
00419661 .52 PUSH EDX
00419662 .FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVarMove>]
;MSVBVM60.__vbaStrVarMove
00419668 .8BD0 MOV EDX,EAX ;申请码
0041966A .8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
0041966D .FF15 A0114000CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]
;MSVBVM60.__vbaStrMove
00419673 .8D45 88 LEA EAX,DWORD PTR SS:[EBP-78] ;申请码
00419676 .8D4D 98 LEA ECX,DWORD PTR SS:[EBP-68]
00419679 .50 PUSH EAX
0041967A .51 PUSH ECX
0041967B .6A 02 PUSH 2
0041967D .FFD7 CALL EDI
0041967F .8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28] ;申请码
00419682 .83C4 0C ADD ESP,0C
00419685 .52 PUSH EDX
00419686 .FF15 C8114000 CALL DWORD PTR DS:[<&MSVBVM60.#581>] ;MSVBVM60.rtcR8ValFromBstr
0041968C .DC0D 90174000 FMUL QWORD PTR DS:
;浮点值,申请码与1978相乘
00419692 .833D 00804200 00 CMP DWORD PTR DS:,0
00419699 .75 08 JNZ SHORT 无名小兵.004196A3
0041969B .DC35 88174000 FDIV QWORD PTR DS: ;结果除以2002
004196A1 .EB 11 JMP SHORT 无名小兵.004196B4
004196A3 >FF35 8C174000 PUSH DWORD PTR DS:
004196A9 .FF35 88174000 PUSH DWORD PTR DS:
004196AF .E8 208BFEFF CALL <JMP.&MSVBVM60._adj_fdiv_m64>
004196B4 >DFE0 FSTSW AX
004196B6 .A8 0D TEST AL,0D
004196B8 .0F85 54040000 JNZ 无名小兵.00419B12
004196BE .FF15 B8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFPInt>]
;MSVBVM60.__vbaFPInt
004196C4 .83EC 08 SUB ESP,8
004196C7 .DD1C24 FSTP QWORD PTR SS:[ESP] ;取整数
004196CA .FF15 E8104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrR8>]
;MSVBVM60.__vbaStrR8
004196D0 .8BD0 MOV EDX,EAX ;真码浮现
004196D2 .8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
004196D5 .FF15 A0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]
;MSVBVM60.__vbaStrMove
004196DB .8D8D 58FFFFFF LEA ECX,DWORD PTR SS:[EBP-A8]
004196E1 .8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
004196E4 .8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
004196E7 .51 PUSH ECX
004196E8 .52 PUSH EDX
004196E9 .8985 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EAX
004196EF .C785 58FFFFFF 08400000MOV DWORD PTR SS:[EBP-A8],4008
004196F9 .FF15 98104000 CALL DWORD PTR DS:[<&MSVBVM60.#520>]
;MSVBVM60.rtcTrimVar
004196FF .8B06 MOV EAX,DWORD PTR DS:[ESI]
00419701 .56 PUSH ESI
00419702 .FF90 10030000 CALL DWORD PTR DS:[EAX+310]
00419708 .8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
0041970B .8D95 78FFFFFF LEA EDX,DWORD PTR SS:[EBP-88]
00419711 .51 PUSH ECX
00419712 .52 PUSH EDX
00419713 .8945 90 MOV DWORD PTR SS:[EBP-70],EAX
00419716 .C745 88 09000000 MOV DWORD PTR SS:[EBP-78],9
0041971D .FF15 98104000 CALL DWORD PTR DS:[<&MSVBVM60.#520>]
;MSVBVM60.rtcTrimVar
00419723 .8D45 98 LEA EAX,DWORD PTR SS:[EBP-68]
00419726 .8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88]
0041972C .50 PUSH EAX
0041972D .51 PUSH ECX
0041972E .FF15 CC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTstEq>]
;MSVBVM60.__vbaVarTstEq
00419734 .66:8985 1CFFFFFFMOV WORD PTR SS:[EBP-E4],AX
;变量比较,返回标志位AX送
0041973B .8D95 78FFFFFF LEA EDX,DWORD PTR SS:[EBP-88]
00419741 .8D45 98 LEA EAX,DWORD PTR SS:[EBP-68]
00419744 .52 PUSH EDX
00419745 .8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
00419748 .50 PUSH EAX
00419749 .51 PUSH ECX
0041974A .6A 03 PUSH 3
0041974C .FFD7 CALL EDI
0041974E .B9 04000280 MOV ECX,80020004
00419753 .B8 0A000000 MOV EAX,0A
00419758 .83C4 10 ADD ESP,10
0041975B .66:399D 1CFFFFFF CMP WORD PTR SS:[EBP-E4],BX
;BX与比较!关键!
00419762 .898D 70FFFFFF MOV DWORD PTR SS:[EBP-90],ECX
00419768 .8985 68FFFFFF MOV DWORD PTR SS:[EBP-98],EAX
0041976E .894D 80 MOV DWORD PTR SS:[EBP-80],ECX
00419771 .8985 78FFFFFF MOV DWORD PTR SS:[EBP-88],EAX
00419777 .894D 90 MOV DWORD PTR SS:[EBP-70],ECX
0041977A .8945 88 MOV DWORD PTR SS:[EBP-78],EAX
0041977D .0F84 49020000 JE 无名小兵.004199CC
;不想等则注册失败,否则注册成功。
~~~以下代码全略~~~
------------------------------------------------------------------------
算法总结:
申请码 × 1978 ÷2002,取整就是注册码。
+++++++++++++
VB KeyGen 源码:
Private Sub Command1_Click()
Dim b As Double
Dim c As Long
If Text1.Text = "" Then
Text2.Text = "输入有误,请重新输入。"
Else'以上为注册相关信息检测过程及提示。
a = Val(Text1.Text)
b = a * 1978
c = b / 2002
Text2.Text = c
'以上空白处输入算法源码就OK啦。
End If
End Sub
++++++++++
E KeyGen源码:
.版本 2
.程序集 窗口程序集1
.子程序 _按钮1_被单击
.局部变量 Code, 整数型
.局部变量 CodeA, 双精度小数型
.局部变量 CodeB, 长整数型
.判断开始 (编辑框1.内容 = “”)
编辑框2.内容 = “输入有误,请重新输入。”
.默认
Code = 到数值 (编辑框1.内容)
CodeA = Code × 1978
CodeB = 取整 (CodeA ÷ 2002)
编辑框2.内容 = 到文本 (CodeB)
.判断结束
------------------------------------------------------------------------
【版权声明】本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[ 本帖最后由 野猫III 于 2006-8-10 23:57 编辑 ] 不错 学习之~~ 很不错,收藏学习了. 什么叫浮点?
+++++++++++++++++++++++++++++++
前面带F的就是浮点运算。
浮点一般常用在有小数的方式中。---by Mao!
[ 本帖最后由 野猫III 于 2006-8-12 22:54 编辑 ]
页:
[1]