取色小精灵 1.02的破解

Saver · 发表于 2005-2-15 10:56:48

【破文作者】 Saver[PYG]

【作者QQ 】 562194

【软件名称】取色小精灵 1.02

【下载地址】 http://www.onlinedown.net/soft/25382.htm

----------------------------------------------------------------------------------------------
【破解工具】 OD,peid

【软件限制】时间

【破解平台】 XP SP2

----------------------------------------------------------------------------------------------
【软件简介】

可以获取你指定地点的的色彩代码，是图像处理或者网页设计者的好帮手。

【文章简介】

找出注册码

----------------------------------------------------------------------------------------------
【破解过程】

用peid查看为vb写的。
用od载入，然后，就在command里下bpx _vbastrcmp
在OD里转到Intermodular calls里，找到，vbastrcmp，因为不知道在那里，所以就先
全下断吧，一共6个不多
如下6个地址：
00421044，0041c3f0,0041c45f,0041ec8f,004206f4,00420b92
好了我们F9吧，停在了这里：
***********************************************************
***********************************************************
0041EB80 > \55             push ebp
0041EB81 .  8BEC          mov ebp,esp
0041EB83 .  83EC 0C       sub esp,0C
0041EB86 .  68 C6134000    push <jmp.&MSVBVM60.__vbaExceptHandl>;  SE handler installation
0041EB8B .  64:A1 00000000 mov eax,dword ptr fs:[0]
0041EB91 .  50             push eax
0041EB92 .  64:8925 00000000 mov dword ptr fs:[0],esp
0041EB99 .  81EC AC000000 sub esp,0AC
0041EB9F .  53             push ebx
0041EBA0 .  56             push esi
0041EBA1 .  57             push edi
0041EBA2 .  8965 F4       mov dword ptr ss:[ebp-C],esp
0041EBA5 .  C745 F8 F0124000 mov dword ptr ss:[ebp-8],取色小精.004012>
0041EBAC .  8B75 08       mov esi,dword ptr ss:[ebp+8]
0041EBAF .  8BC6          mov eax,esi
0041EBB1 .  83E0 01       and eax,1
0041EBB4 .  8945 FC       mov dword ptr ss:[ebp-4],eax
0041EBB7 .  83E6 FE       and esi,FFFFFFFE
0041EBBA .  56             push esi
0041EBBB .  8975 08       mov dword ptr ss:[ebp+8],esi
0041EBBE .  8B0E          mov ecx,dword ptr ds:[esi]
0041EBC0 .  FF51 04       call dword ptr ds:[ecx+4]
0041EBC3 .  8B16          mov edx,dword ptr ds:[esi]
0041EBC5 .  33DB          xor ebx,ebx
0041EBC7 .  56             push esi
0041EBC8 .  895D E8       mov dword ptr ss:[ebp-18],ebx
0041EBCB .  895D E4       mov dword ptr ss:[ebp-1C],ebx
0041EBCE .  895D E0       mov dword ptr ss:[ebp-20],ebx
0041EBD1 .  895D DC       mov dword ptr ss:[ebp-24],ebx
0041EBD4 .  895D D8       mov dword ptr ss:[ebp-28],ebx
0041EBD7 .  895D C8       mov dword ptr ss:[ebp-38],ebx
0041EBDA .  895D B8       mov dword ptr ss:[ebp-48],ebx
0041EBDD .  895D A8       mov dword ptr ss:[ebp-58],ebx
0041EBE0 .  895D 98       mov dword ptr ss:[ebp-68],ebx
0041EBE3 .  895D 88       mov dword ptr ss:[ebp-78],ebx
0041EBE6 .  899D 78FFFFFF mov dword ptr ss:[ebp-88],ebx
0041EBEC .  FF92 08030000 call dword ptr ds:[edx+308]
0041EBF2 .  50             push eax
0041EBF3 .  8D45 D8       lea eax,dword ptr ss:[ebp-28]
0041EBF6 .  50             push eax
0041EBF7 .  FF15 5C104000 call dword ptr ds:[<&MSVBVM60.__vbaO>;  MSVBVM60.__vbaObjSet
0041EBFD .  8BF8          mov edi,eax
0041EBFF .  8D55 E0       lea edx,dword ptr ss:[ebp-20]
0041EC02 .  52             push edx
0041EC03 .  57             push edi
0041EC04 .  8B0F          mov ecx,dword ptr ds:[edi]
0041EC06 .  FF91 A0000000 call dword ptr ds:[ecx+A0]                //这里得到你的注册名，存放在ebp-20即12f4e8的地址里，稍后会看到
0041EC0C .  3BC3          cmp eax,ebx
0041EC0E .  DBE2          fclex
0041EC10 .  7D 12          jge short 取色小精.0041EC24
0041EC12 .  68 A0000000    push 0A0
0041EC17 .  68 AC974000    push 取色小精.004097AC
0041EC1C .  57             push edi
0041EC1D .  50             push eax
0041EC1E .  FF15 4C104000 call dword ptr ds:[<&MSVBVM60.__vbaH>;  MSVBVM60.__vbaHresultCheckObj
0041EC24 >  8B55 E0       mov edx,dword ptr ss:[ebp-20]                //就是这里，edx=注册名
0041EC27 .  895D E0       mov dword ptr ss:[ebp-20],ebx
0041EC2A .  8B1D 4C114000 mov ebx,dword ptr ds:[<&MSVBVM60.__v>;  MSVBVM60.__vbaStrMove
0041EC30 .  8D4D E8       lea ecx,dword ptr ss:[ebp-18]
0041EC33 .  FFD3          call ebx                            ;  <&MSVBVM60.__vbaStrMove>
0041EC35 .  8D4D D8       lea ecx,dword ptr ss:[ebp-28]
0041EC38 .  FF15 60114000 call dword ptr ds:[<&MSVBVM60.__vbaF>;  MSVBVM60.__vbaFreeObj
0041EC3E .  BA AC9B4000    mov edx,取色小精.00409BAC          ;  UNICODE "0311172114" 这里就放这着明码，第2次分析时，可以知道，原来这软件用的是固定注册码注册的，哎，害我白辛苦了~
0041EC43 .  8D4D E4       lea ecx,dword ptr ss:[ebp-1C]
0041EC46 .  FF15 0C114000 call dword ptr ds:[<&MSVBVM60.__vbaS>;  MSVBVM60.__vbaStrCopy
0041EC4C .  8B06          mov eax,dword ptr ds:[esi]
0041EC4E .  56             push esi
0041EC4F .  FF90 FC020000 call dword ptr ds:[eax+2FC]
0041EC55 .  8D4D D8       lea ecx,dword ptr ss:[ebp-28]
0041EC58 .  50             push eax
0041EC59 .  51             push ecx
0041EC5A .  FF15 5C104000 call dword ptr ds:[<&MSVBVM60.__vbaO>;  MSVBVM60.__vbaObjSet
0041EC60 .  8BF8          mov edi,eax
0041EC62 .  8D45 E0       lea eax,dword ptr ss:[ebp-20]
0041EC65 .  50             push eax
0041EC66 .  57             push edi
0041EC67 .  8B17          mov edx,dword ptr ds:[edi]
0041EC69 .  FF92 A0000000 call dword ptr ds:[edx+A0]                //这里放着你输入的注册码
0041EC6F .  85C0          test eax,eax
0041EC71 .  DBE2          fclex
0041EC73 .  7D 12          jge short 取色小精.0041EC87
0041EC75 .  68 A0000000    push 0A0
0041EC7A .  68 AC974000    push 取色小精.004097AC
0041EC7F .  57             push edi
0041EC80 .  50             push eax
0041EC81 .  FF15 4C104000 call dword ptr ds:[<&MSVBVM60.__vbaH>;  MSVBVM60.__vbaHresultCheckObj
0041EC87 >  8B4D E0       mov ecx,dword ptr ss:[ebp-20]             //ecx=伪注册码
0041EC8A .  8B55 E4       mov edx,dword ptr ss:[ebp-1C]             //edx=真注册码
0041EC8D .  51             push ecx
0041EC8E .  52             push edx
0041EC8F .  FF15 98104000 call dword ptr ds:[<&MSVBVM60.__vbaS>;  MSVBVM60.__vbaStrCmp             //停在这里，下面分析
0041EC95 .  8BF8          mov edi,eax
0041EC97 .  8D4D E0       lea ecx,dword ptr ss:[ebp-20]
0041EC9A .  F7DF          neg edi
0041EC9C .  1BFF          sbb edi,edi
0041EC9E .  47             inc edi
0041EC9F .  F7DF          neg edi
0041ECA1 .  FF15 64114000 call dword ptr ds:[<&MSVBVM60.__vbaF>;  MSVBVM60.__vbaFreeStr
0041ECA7 .  8D4D D8       lea ecx,dword ptr ss:[ebp-28]
0041ECAA .  FF15 60114000 call dword ptr ds:[<&MSVBVM60.__vbaF>;  MSVBVM60.__vbaFreeObj
0041ECB0 .  66:85FF       test di,di
0041ECB3 .  0F84 30020000 je 取色小精.0041EEE9                   //这里跳就完蛋了,爆破的话就改这里吧
0041ECB9 .  E8 62FDFFFF    call 取色小精.0041EA20
0041ECBE .  8BD0          mov edx,eax
0041ECC0 .  8D4D E0       lea ecx,dword ptr ss:[ebp-20]
0041ECC3 .  FFD3          call ebx
0041ECC5 .  8B35 44104000 mov esi,dword ptr ds:[<&MSVBVM60.__v>;  MSVBVM60.__vbaStrCat
0041ECCB .  50             push eax
0041ECCC .  68 00944000    push 取色小精.00409400                ;  UNICODE "\system\xsqs.dll"
0041ECD1 .  FFD6          call esi                            ;  <&MSVBVM60.__vbaStrCat>
0041ECD3 .  8BD0          mov edx,eax
0041ECD5 .  8D4D DC       lea ecx,dword ptr ss:[ebp-24]
0041ECD8 .  FFD3          call ebx
0041ECDA .  50             push eax
0041ECDB .  6A 01          push 1
0041ECDD .  6A FF          push -1
0041ECDF .  6A 20          push 20
0041ECE1 .  FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaF>;  MSVBVM60.__vbaFileOpen
0041ECE7 .  8D45 DC       lea eax,dword ptr ss:[ebp-24]
0041ECEA .  8D4D E0       lea ecx,dword ptr ss:[ebp-20]
0041ECED .  50             push eax
0041ECEE .  51             push ecx
0041ECEF .  6A 02          push 2
0041ECF1 .  FF15 14114000 call dword ptr ds:[<&MSVBVM60.__vbaF>;  MSVBVM60.__vbaFreeStrList
0041ECF7 .  83C4 0C       add esp,0C
0041ECFA .  8D55 E8       lea edx,dword ptr ss:[ebp-18]
0041ECFD .  6A 01          push 1
0041ECFF .  52             push edx
0041ED00 .  6A 00          push 0
0041ED02 .  FF15 2C104000 call dword ptr ds:[<&MSVBVM60.__vbaP>;  MSVBVM60.__vbaPut3
0041ED08 .  6A 01          push 1
0041ED0A .  FF15 8C104000 call dword ptr ds:[<&MSVBVM60.__vbaF>;  MSVBVM60.__vbaFileClose
0041ED10 .  E8 0BFDFFFF    call 取色小精.0041EA20
0041ED15 .  8BD0          mov edx,eax
0041ED17 .  8D4D E0       lea ecx,dword ptr ss:[ebp-20]
0041ED1A .  FFD3          call ebx
0041ED1C .  50             push eax
0041ED1D .  68 28944000    push 取色小精.00409428                ;  UNICODE "\system\xsqssy.dll"
0041ED22 .  FFD6          call esi
0041ED24 .  8945 D0       mov dword ptr ss:[ebp-30],eax
0041ED27 .  8D45 C8       lea eax,dword ptr ss:[ebp-38]
0041ED2A .  BF 08000000    mov edi,8
0041ED2F .  50             push eax
0041ED30 .  897D C8       mov dword ptr ss:[ebp-38],edi
0041ED33 .  FF15 94104000 call dword ptr ds:[<&MSVBVM60.#529>] ;  MSVBVM60.rtcKillFiles
0041ED39 .  8D4D E0       lea ecx,dword ptr ss:[ebp-20]
0041ED3C .  FF15 64114000 call dword ptr ds:[<&MSVBVM60.__vbaF>;  MSVBVM60.__vbaFreeStr
0041ED42 .  8D4D C8       lea ecx,dword ptr ss:[ebp-38]
0041ED45 .  FF15 10104000 call dword ptr ds:[<&MSVBVM60.__vbaF>;  MSVBVM60.__vbaFreeVar
0041ED4B .  A1 34204200    mov eax,dword ptr ds:[422034]
0041ED50 .  85C0          test eax,eax
0041ED52 .  75 10          jnz short 取色小精.0041ED64
0041ED54 .  68 34204200    push 取色小精.00422034
0041ED59 .  68 7C734000    push 取色小精.0040737C
0041ED5E .  FF15 00114000 call dword ptr ds:[<&MSVBVM60.__vbaN>;  MSVBVM60.__vbaNew2
0041ED64 >  8B35 34204200 mov esi,dword ptr ds:[422034]
0041ED6A .  56             push esi
0041ED6B .  8B0E          mov ecx,dword ptr ds:[esi]
0041ED6D .  FF91 B4020000 call dword ptr ds:[ecx+2B4]
0041ED73 .  85C0          test eax,eax
0041ED75 .  DBE2          fclex
0041ED77 .  7D 12          jge short 取色小精.0041ED8B
0041ED79 .  68 B4020000    push 2B4
0041ED7E .  68 D8944000    push 取色小精.004094D8
0041ED83 .  56             push esi
0041ED84 .  50             push eax
0041ED85 .  FF15 4C104000 call dword ptr ds:[<&MSVBVM60.__vbaH>;  MSVBVM60.__vbaHresultCheckObj
0041ED8B >  8B35 34114000 mov esi,dword ptr ds:[<&MSVBVM60.__v>;  MSVBVM60.__vbaVarDup
0041ED91 .  B8 04000280    mov eax,80020004
0041ED96 .  BB 0A000000    mov ebx,0A
0041ED9B .  8D95 78FFFFFF lea edx,dword ptr ss:[ebp-88]
0041EDA1 .  8D4D B8       lea ecx,dword ptr ss:[ebp-48]
0041EDA4 .  8945 A0       mov dword ptr ss:[ebp-60],eax
0041EDA7 .  895D 98       mov dword ptr ss:[ebp-68],ebx
0041EDAA .  8945 B0       mov dword ptr ss:[ebp-50],eax
0041EDAD .  895D A8       mov dword ptr ss:[ebp-58],ebx
0041EDB0 .  C745 80 DC9B4000 mov dword ptr ss:[ebp-80],取色小精.00409>
0041EDB7 .  89BD 78FFFFFF mov dword ptr ss:[ebp-88],edi
0041EDBD .  FFD6          call esi                            ;  <&MSVBVM60.__vbaVarDup>
0041EDBF .  8D55 88       lea edx,dword ptr ss:[ebp-78]
0041EDC2 .  8D4D C8       lea ecx,dword ptr ss:[ebp-38]
0041EDC5 .  C745 90 C89B4000 mov dword ptr ss:[ebp-70],取色小精.00409>
0041EDCC .  897D 88       mov dword ptr ss:[ebp-78],edi
0041EDCF .  FFD6          call esi
0041EDD1 .  8D55 98       lea edx,dword ptr ss:[ebp-68]
0041EDD4 .  8D45 A8       lea eax,dword ptr ss:[ebp-58]
0041EDD7 .  52             push edx
0041EDD8 .  8D4D B8       lea ecx,dword ptr ss:[ebp-48]
0041EDDB .  50             push eax
0041EDDC .  51             push ecx
0041EDDD .  8D55 C8       lea edx,dword ptr ss:[ebp-38]
0041EDE0 .  6A 00          push 0
0041EDE2 .  52             push edx
0041EDE3 .  FF15 60104000 call dword ptr ds:[<&MSVBVM60.#595>] ;  MSVBVM60.rtcMsgBox
0041EDE9 .  8D45 98       lea eax,dword ptr ss:[ebp-68]
0041EDEC .  8D4D A8       lea ecx,dword ptr ss:[ebp-58]
0041EDEF .  50             push eax
0041EDF0 .  8D55 B8       lea edx,dword ptr ss:[ebp-48]
0041EDF3 .  51             push ecx
0041EDF4 .  8D45 C8       lea eax,dword ptr ss:[ebp-38]
0041EDF7 .  52             push edx
0041EDF8 .  50             push eax
0041EDF9 .  6A 04          push 4
0041EDFB .  FF15 28104000 call dword ptr ds:[<&MSVBVM60.__vbaF>;  MSVBVM60.__vbaFreeVarList
0041EE01 .  A1 10204200    mov eax,dword ptr ds:[422010]
0041EE06 .  83C4 14       add esp,14
0041EE09 .  85C0          test eax,eax
0041EE0B .  75 15          jnz short 取色小精.0041EE22
0041EE0D .  68 10204200    push 取色小精.00422010
0041EE12 .  68 B07F4000    push 取色小精.00407FB0
0041EE17 .  FF15 00114000 call dword ptr ds:[<&MSVBVM60.__vbaN>;  MSVBVM60.__vbaNew2
0041EE1D .  A1 10204200    mov eax,dword ptr ds:[422010]
0041EE22 >  8B08          mov ecx,dword ptr ds:[eax]
0041EE24 .  50             push eax
0041EE25 .  FF91 30030000 call dword ptr ds:[ecx+330]
0041EE2B .  8D55 D8       lea edx,dword ptr ss:[ebp-28]
0041EE2E .  50             push eax
0041EE2F .  52             push edx
0041EE30 .  FF15 5C104000 call dword ptr ds:[<&MSVBVM60.__vbaO>;  MSVBVM60.__vbaObjSet
0041EE36 .  8BF0          mov esi,eax
0041EE38 .  6A 00          push 0
0041EE3A .  56             push esi
0041EE3B .  8B06          mov eax,dword ptr ds:[esi]
0041EE3D .  FF50 74       call dword ptr ds:[eax+74]
0041EE40 .  85C0          test eax,eax
0041EE42 .  DBE2          fclex
0041EE44 .  7D 0F          jge short 取色小精.0041EE55
0041EE46 .  6A 74          push 74
0041EE48 .  68 68954000    push 取色小精.00409568
0041EE4D .  56             push esi
0041EE4E .  50             push eax
0041EE4F .  FF15 4C104000 call dword ptr ds:[<&MSVBVM60.__vbaH>;  MSVBVM60.__vbaHresultCheckObj
0041EE55 >  8D4D D8       lea ecx,dword ptr ss:[ebp-28]
0041EE58 .  FF15 60114000 call dword ptr ds:[<&MSVBVM60.__vbaF>;  MSVBVM60.__vbaFreeObj
0041EE5E .  A1 10204200    mov eax,dword ptr ds:[422010]
0041EE63 .  85C0          test eax,eax
0041EE65 .  75 10          jnz short 取色小精.0041EE77
0041EE67 .  68 10204200    push 取色小精.00422010
0041EE6C .  68 B07F4000    push 取色小精.00407FB0
0041EE71 .  FF15 00114000 call dword ptr ds:[<&MSVBVM60.__vbaN>;  MSVBVM60.__vbaNew2
0041EE77 >  83EC 10       sub esp,10
0041EE7A .  8BCB          mov ecx,ebx
0041EE7C .  895D 88       mov dword ptr ss:[ebp-78],ebx
0041EE7F .  8BDC          mov ebx,esp
0041EE81 .  898D 78FFFFFF mov dword ptr ss:[ebp-88],ecx
0041EE87 .  B8 04000280    mov eax,80020004
0041EE8C .  890B          mov dword ptr ds:[ebx],ecx
0041EE8E .  8B8D 7CFFFFFF mov ecx,dword ptr ss:[ebp-84]
0041EE94 .  8945 80       mov dword ptr ss:[ebp-80],eax
0041EE97 .  8BD0          mov edx,eax
0041EE99 .  894B 04       mov dword ptr ds:[ebx+4],ecx
0041EE9C .  83EC 10       sub esp,10
0041EE9F .  8B35 10204200 mov esi,dword ptr ds:[422010]
0041EEA5 .  8BCC          mov ecx,esp
0041EEA7 .  8943 08       mov dword ptr ds:[ebx+8],eax
0041EEAA .  8B45 84       mov eax,dword ptr ss:[ebp-7C]
0041EEAD .  8955 90       mov dword ptr ss:[ebp-70],edx
0041EEB0 .  8B3E          mov edi,dword ptr ds:[esi]
0041EEB2 .  8943 0C       mov dword ptr ds:[ebx+C],eax
0041EEB5 .  8B45 88       mov eax,dword ptr ss:[ebp-78]
0041EEB8 .  8901          mov dword ptr ds:[ecx],eax
0041EEBA .  8B45 8C       mov eax,dword ptr ss:[ebp-74]
0041EEBD .  56             push esi
0041EEBE .  8941 04       mov dword ptr ds:[ecx+4],eax
0041EEC1 .  8951 08       mov dword ptr ds:[ecx+8],edx
0041EEC4 .  8B55 94       mov edx,dword ptr ss:[ebp-6C]
0041EEC7 .  8951 0C       mov dword ptr ds:[ecx+C],edx
0041EECA .  FF97 B0020000 call dword ptr ds:[edi+2B0]
0041EED0 .  85C0          test eax,eax
0041EED2 .  DBE2          fclex
0041EED4 .  0F8D 9C010000 jge 取色小精.0041F076
0041EEDA .  68 B0020000    push 2B0
0041EEDF .  68 D88C4000    push 取色小精.00408CD8
0041EEE4 .  E9 85010000    jmp 取色小精.0041F06E
0041EEE9 >  A1 34204200    mov eax,dword ptr ds:[422034]
0041EEEE .  85C0          test eax,eax
0041EEF0 .  75 10          jnz short 取色小精.0041EF02
0041EEF2 .  68 34204200    push 取色小精.00422034
0041EEF7 .  68 7C734000    push 取色小精.0040737C
0041EEFC .  FF15 00114000 call dword ptr ds:[<&MSVBVM60.__vbaN>;  MSVBVM60.__vbaNew2
0041EF02 >  8B3D 34204200 mov edi,dword ptr ds:[422034]
0041EF08 .  57             push edi
0041EF09 .  8B07          mov eax,dword ptr ds:[edi]
0041EF0B .  FF90 B4020000 call dword ptr ds:[eax+2B4]
0041EF11 .  85C0          test eax,eax
0041EF13 .  DBE2          fclex
0041EF15 .  7D 12          jge short 取色小精.0041EF29
0041EF17 .  68 B4020000    push 2B4
0041EF1C .  68 D8944000    push 取色小精.004094D8
0041EF21 .  57             push edi
0041EF22 .  50             push eax
0041EF23 .  FF15 4C104000 call dword ptr ds:[<&MSVBVM60.__vbaH>;  MSVBVM60.__vbaHresultCheckObj
0041EF29 >  8B0E          mov ecx,dword ptr ds:[esi]
0041EF2B .  56             push esi
0041EF2C .  FF91 FC020000 call dword ptr ds:[ecx+2FC]
0041EF32 .  8D55 D8       lea edx,dword ptr ss:[ebp-28]
0041EF35 .  50             push eax
0041EF36 .  52             push edx
0041EF37 .  FF15 5C104000 call dword ptr ds:[<&MSVBVM60.__vbaO>;  MSVBVM60.__vbaObjSet
0041EF3D .  8BF0          mov esi,eax
0041EF3F .  68 F8934000    push 取色小精.004093F8
0041EF44 .  56             push esi
0041EF45 .  8B06          mov eax,dword ptr ds:[esi]
0041EF47 .  FF90 A4000000 call dword ptr ds:[eax+A4]
0041EF4D .  85C0          test eax,eax
0041EF4F .  DBE2          fclex
0041EF51 .  7D 12          jge short 取色小精.0041EF65
0041EF53 .  68 A4000000    push 0A4
0041EF58 .  68 AC974000    push 取色小精.004097AC
0041EF5D .  56             push esi
0041EF5E .  50             push eax
0041EF5F .  FF15 4C104000 call dword ptr ds:[<&MSVBVM60.__vbaH>;  MSVBVM60.__vbaHresultCheckObj
0041EF65 >  8D4D D8       lea ecx,dword ptr ss:[ebp-28]
0041EF68 .  FF15 60114000 call dword ptr ds:[<&MSVBVM60.__vbaF>;  MSVBVM60.__vbaFreeObj
0041EF6E .  8B35 34114000 mov esi,dword ptr ds:[<&MSVBVM60.__v>;  MSVBVM60.__vbaVarDup
0041EF74 .  B8 04000280    mov eax,80020004
0041EF79 .  BB 0A000000    mov ebx,0A
0041EF7E .  BF 08000000    mov edi,8
0041EF83 .  8D95 78FFFFFF lea edx,dword ptr ss:[ebp-88]
0041EF89 .  8D4D B8       lea ecx,dword ptr ss:[ebp-48]
0041EF8C .  8945 A0       mov dword ptr ss:[ebp-60],eax
0041EF8F .  895D 98       mov dword ptr ss:[ebp-68],ebx
0041EF92 .  8945 B0       mov dword ptr ss:[ebp-50],eax
0041EF95 .  895D A8       mov dword ptr ss:[ebp-58],ebx
0041EF98 .  C745 80 C4944000 mov dword ptr ss:[ebp-80],取色小精.00409>
0041EF9F .  89BD 78FFFFFF mov dword ptr ss:[ebp-88],edi
0041EFA5 .  FFD6          call esi                            ;  <&MSVBVM60.__vbaVarDup>
0041EFA7 .  8D55 88       lea edx,dword ptr ss:[ebp-78]
0041EFAA .  8D4D C8       lea ecx,dword ptr ss:[ebp-38]
0041EFAD .  C745 90 F49B4000 mov dword ptr ss:[ebp-70],取色小精.00409>
0041EFB4 .  897D 88       mov dword ptr ss:[ebp-78],edi
0041EFB7 .  FFD6          call esi
0041EFB9 .  8D4D 98       lea ecx,dword ptr ss:[ebp-68]
0041EFBC .  8D55 A8       lea edx,dword ptr ss:[ebp-58]
0041EFBF .  51             push ecx
0041EFC0 .  8D45 B8       lea eax,dword ptr ss:[ebp-48]
0041EFC3 .  52             push edx
0041EFC4 .  50             push eax
0041EFC5 .  8D4D C8       lea ecx,dword ptr ss:[ebp-38]
0041EFC8 .  6A 00          push 0
0041EFCA .  51             push ecx
0041EFCB .  FF15 60104000 call dword ptr ds:[<&MSVBVM60.#595>] ;    MSVBVM60.rtcMsgBox                                                 //这里就是出错对话框

***********************************************************
***********************************************************
在这个vbastrcmp这，根据经验这应该又是用明码注册的，在右边的寄存器窗口可以看到，ecx里放着我们的注册码，而edx里应该就是放着注册名所对应的注册码
好了，我们跟进这个call看一下吧。
因为我就把最原始的断点下在了刚开始的push处，一步步下来，看得比较清楚
这次把断点就下在0041EB80处，重新注册下，好，就停在0041EB80处了。
看旁边的注释应该就可以懂了。很简单的

----------------------------------------------------------------------------------------------
【破解心得】

最后注册名取个你喜欢的，比如我就用了"Saver"
注册码就是：0311172114
删除system\xsqs.dll这个文件就可以再来次了.
谢谢你的观看~欢迎加我的QQ~

----------------------------------------------------------------------------------------------
【破解声明】我是一只小菜鸟，偶得一点心得，愿与大家分享

【版权声明】本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
----------------------------------------------------------------------------------------------

[ Last edited by Saver on 2005-2-15 at 10:58 AM ]

wynney · 发表于 2005-3-7 12:02:59

强人咯

m0rri · 发表于 2005-10-31 00:20:19

学习收藏了。

aoaili · 发表于 2019-6-19 12:48:31

学习收藏了。

还在呢 · 发表于 2019-6-24 21:41:21

有点看不懂，先收藏起来再说。

zhanhuai1 · 发表于 2019-6-28 08:42:26

高端，感谢分享~~~

wjx0912 · 发表于 2019-7-4 13:32:43

感谢发布原创作品，PYG有你更精彩！

		自动登录	找回密码
密码			加入我们

[原创] 取色小精灵 1.02的破解

相关帖子