- UID
- 1542
注册时间2005-5-10
阅读权限20
最后登录1970-1-1
以武会友
 
TA的每日心情 | 擦汗
2017-9-28 11:05 |
|---|
签到天数: 3 天 [LV.2]偶尔看看I
|
楼主 |
发表于 2006-7-9 16:45:04
|
显示全部楼层
【破文标题】飞狐管家(管家婆) V2.0 手工脱壳+破解过程
【破文作者】pentacle[PYG]
【作者邮箱】
【作者主页】www.chinapyg.com
【破解工具】OD1.1caocong版、Peid0.93、AccessFinality、Access2003
【破解平台】WinXP_SP2
【软件名称】飞狐管家(管家婆) V2.0
【软件大小】3.4MB
【原版下载】http://www.downreg.com/Software/View-Software-1448.html
【保护方式】注册码+激活码
【软件简介】(初始密码:123)发了工资后,一个月下来,却不知道这个钱用到了哪儿去了,是不是一直苦于没有记帐软件来统计每月的收支情况。现在好了,有了飞狐管家来管理你的一切费用收支,而且可以用一家人的收支,每一个人的收支都是相互独立的,只有总管可以统计一家人的所有开支情况,而个人只可以看到本人的开支情况。飞狐管家还提供了个人通讯录,方便管理自己的通讯录,且每一个的通讯录也是独立的,只有自己可以看到自己的通讯录,别人是不能看到你的个人通讯录的。
------------------------------------------------------------------------
【破解过程】用Peid查了一下壳~为PECompact 2.x -> Jeremy Collake
HOHO~以前没有碰到过~~
于是F9运行试了一下~~
发现软件的OEP居然和加壳的一样~~~同时可以看出此软件是VB6写的
00401D38 > 68 B43D4000 PUSH unfhgj.00403DB4
00401D3D E8 EEFFFFFF CALL <JMP.&MSVBVM60.ThunRTMain>
Ctrl+F2重新加载~F8单步~没几下就异常OVER了~
没办法~
找出FLY大侠的脱壳文集看了一下~
于是用BP VirtualFree 法轻松搞定~~
用OD加载fhgj.exe
00401D38 > B8 04E06A00 MOV EAX,fhgj.006AE004 //脱完壳你就能发现OEP是这儿~~
00401D3D 50 PUSH EAX
00401D3E 64:FF35 0000000>PUSH DWORD PTR FS:[0]
00401D45 64:8925 0000000>MOV DWORD PTR FS:[0],ESP
00401D4C 33C0 XOR EAX,EAX
00401D4E 8908 MOV DWORD PTR DS:[EAX],ECX
00401D50 50 PUSH EAX
00401D51 45 INC EBP
00401D52 43 INC EBX
00401D53 6F OUTS DX,DWORD PTR ES:[EDI] ; I/O 命令
00401D54 6D INS DWORD PTR ES:[EDI],DX ; I/O 命令
00401D55 70 61 JO SHORT fhgj.00401DB8
00401D57 637432 00 ARPL WORD PTR DS:[EDX+ESI],SI
00401D5B 78 2E JS SHORT fhgj.00401D8B
00401D5D 41 INC ECX
00401D5E CB RETF ; Far return
下断:BP VirtualFree
7C809B14 > 8BFF MOV EDI,EDI ; fhgj.00401000//取消断点~
7C809B16 55 PUSH EBP
7C809B17 8BEC MOV EBP,ESP
7C809B19 FF75 10 PUSH DWORD PTR SS:[EBP+10]
7C809B1C FF75 0C PUSH DWORD PTR SS:[EBP+C]
7C809B1F FF75 08 PUSH DWORD PTR SS:[EBP+8]
7C809B22 6A FF PUSH -1
7C809B24 E8 09000000 CALL kernel32.VirtualFreeEx
7C809B29 5D POP EBP
7C809B2A C2 0C00 RETN 0C
取消断点~我们用Crtl+F9共三次,来到
00371172 C2 0400 RETN 4
00371175 5E POP ESI
00371176 5A POP EDX
00371177 59 POP ECX
00371178 59 POP ECX
00371179 33C0 XOR EAX,EAX
0037117B 40 INC EAX
0037117C 5E POP ESI
0037117D 5F POP EDI
0037117E 5B POP EBX
0037117F C9 LEAVE
00371180 C2 0400 RETN 4
用F8来到下面了
006AE0B1 8985 D0120010 MOV DWORD PTR SS:[EBP+100012D0],EAX ; fhgj.<模块入口点>
006AE0B7 8BF0 MOV ESI,EAX
006AE0B9 59 POP ECX
006AE0BA 5A POP EDX
006AE0BB EB 0C JMP SHORT fhgj.006AE0C9
006AE0BD 03CA ADD ECX,EDX
006AE0BF 68 00800000 PUSH 8000
006AE0C4 6A 00 PUSH 0
006AE0C6 57 PUSH EDI
006AE0C7 FF11 CALL DWORD PTR DS:[ECX]
006AE0C9 8BC6 MOV EAX,ESI
006AE0CB 5A POP EDX
006AE0CC 5E POP ESI
006AE0CD 5F POP EDI
006AE0CE 59 POP ECX
006AE0CF 5B POP EBX
006AE0D0 5D POP EBP
006AE0D1 FFE0 JMP EAX //前面好亮啊~~
继续向下~~
00401D38 > 68 B43D4000 PUSH fhgj.00403DB4 ; OK~我们可以在这儿脱壳了~~~
00401D3D E8 EEFFFFFF CALL fhgj.00401D30 ; JMP to MSVBVM60.ThunRTMain
00401D42 0000 ADD BYTE PTR DS:[EAX],AL
00401D44 0000 ADD BYTE PTR DS:[EAX],AL
00401D46 0000 ADD BYTE PTR DS:[EAX],AL
00401D48 3000 XOR BYTE PTR DS:[EAX],AL
HOHO~~脱完之后不用修复~~
用OD加载脱完壳的unfhgj.exe
F9运行~~
点注册~~
注册码处输入789789789
弹出:请重启本软件,如果注册码正确,将不会显示到期日期!
我就在想~这个软件是写注册表了还是写XX文件里面呢?
于是用FileMon和RegMon看了一下~没有啊~~
怎么办?突然想起了软件目录里的fhgj.mdb
用AccessFinality查出该MDB文件的密码为(^%$#@!1314)注:括号内~~
用Access2003打开~
经过分析注册码应该是放regtable里面的~~
但是我每次点注册后就立马打开该MDB文件也没看见里面有东西啊~~
聪明的你一定想到了~该软件肯定是在点注册就立马判断注册码是否正确~~
不错~
于是重新用OD加载
进入注册窗口
我下断 bpx msvbvm60!__vbastrcmp (再选每个调用都下断点)
这时狂按F9,返回程序领空
在注册码里输入789789789
点注册,程序断在下面
00692BF1 FF15 B8104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>; MSVBVM60.__vbaVarTstEq
00692BF7 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00692BFA 66:8985 48FFFFF>MOV WORD PTR SS:[EBP-B8],AX
00692C01 FF15 DC114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
00692C07 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00692C0A FF15 1C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVar
00692C10 66:39B5 48FFFFF>CMP WORD PTR SS:[EBP-B8],SI
00692C17 0F84 C5000000 JE unfhgj.00692CE2
F8一路向下,来到
00692D31 FFD3 CALL EBX ; 注册码入EDX
00692D33 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
00692D36 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
F8再一路向下。来到
0067FE18 51 PUSH ECX
0067FE19 52 PUSH EDX
0067FE1A C785 F8FEFFFF 2>MOV DWORD PTR SS:[EBP-108],unfhgj.004119>; UNICODE "FHGJ"
0067FE24 C785 F0FEFFFF 0>MOV DWORD PTR SS:[EBP-110],8
0067FE2E FF15 8C114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarAd>; MSVBVM60.__vbaVarAdd
0067FE34 50 PUSH EAX
0067FE35 8D85 20FFFFFF LEA EAX,DWORD PTR SS:[EBP-E0]
0067FE3B 50 PUSH EAX
0067FE3C FF15 34114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCa>; MSVBVM60.__vbaVarCat
0067FE42 50 PUSH EAX
0067FE43 FFD7 CALL EDI
0067FE45 8BD0 MOV EDX,EAX ; 可以做内存注册机了~~看到了EAX中的字符串吧~~注册码
再向下
0067FEB0 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C] ; 下面是比较真假注册码
0067FEB3 52 PUSH EDX ; 压入假注册码
0067FEB4 50 PUSH EAX ; 压入真注册码
0067FEB5 FF15 B4104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp
0067FEBB F7D8 NEG EAX
F8一路向下
00692D72 6A 02 PUSH 2
00692D74 FF15 40104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObjList
00692D7A 83C4 0C ADD ESP,0C
00692D7D 66:39B5 48FFFFF>CMP WORD PTR SS:[EBP-B8],SI ; 判断是否注册成功
00692D84 0F84 500C0000 JE unfhgj.006939DA ; 不成功能就跳啊~~
OK~于是我得到了我的注册码为:13B6FHGJ
重启软件~
输入正确注册码~
哈~软件注册成功,谢谢您支持正版软件!请重启本软件才能正常使用!
(别高兴的太早~~~好戏在后头~~~)
正准备收工~~
重启软件看一下效果~
靠~居然提示:软件还没有激活,请与软件制作者联系索取激活码! 在线QQ:XXXXXXX(一定要在线索取!)
输入789789试了一下~
提示:软件重启后,就会体现是否激活!
确定后又提示:因没有进行激活,软件将不能使用~~
程序自动关闭程序
OD再次加载~~
进入激活窗口
我下断 bpx msvbvm60!__vbastrcmp (再选每个调用都下断点)
这时狂按F9,返回程序领空
输入789789点激活
00698929 FF15 D4114000 CALL DWORD PTR DS:[<&MSVBVM60.rtcGetPresentDa>; MSVBVM60.rtcGetPresentDate
0069892F 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44] ; 程序中断在这儿
00698932 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54] ; 我们F8一路下去看看啊~~
。。。。。。。。。。。。。。。。。。
00698A93 51 PUSH ECX ; 假激活码入ECX
00698A94 68 E8074100 PUSH unfhgj.004107E8
00698A99 FF15 B4104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCmp>] ; MSVBVM60.__vbaStrCmp
一路向下
00698BC5 FFD6 CALL ESI ; 下面就是激活码关键处~~
00698BC7 66:85C0 TEST AX,AX ; 因偶对VB不怎么精通~所以本文未能进行算法分析~~
00698BCA 74 0A JE SHORT unfhgj.00698BD6
00698BCC BA 9C3C4100 MOV EDX,unfhgj.00413C9C ; UNICODE "4AJ"
00698BD1 E9 77050000 JMP unfhgj.0069914D
00698BD6 8D85 B0FEFFFF LEA EAX,DWORD PTR SS:[EBP-150]
00698BDC 8D8D FCFEFFFF LEA ECX,DWORD PTR SS:[EBP-104]
00698BE2 50 PUSH EAX
00698BE3 51 PUSH ECX
00698BE4 C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],2
00698BEE 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698BF4 FFD6 CALL ESI
00698BF6 66:85C0 TEST AX,AX
00698BF9 74 0A JE SHORT unfhgj.00698C05
00698BFB BA A83C4100 MOV EDX,unfhgj.00413CA8 ; UNICODE "5BK"
00698C00 E9 48050000 JMP unfhgj.0069914D
00698C05 8D95 B0FEFFFF LEA EDX,DWORD PTR SS:[EBP-150]
00698C0B 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
00698C11 52 PUSH EDX
00698C12 50 PUSH EAX
00698C13 C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],3
00698C1D 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698C23 FFD6 CALL ESI
00698C25 66:85C0 TEST AX,AX
00698C28 74 0A JE SHORT unfhgj.00698C34
00698C2A BA B43C4100 MOV EDX,unfhgj.00413CB4 ; UNICODE "E7N"
00698C2F E9 19050000 JMP unfhgj.0069914D
00698C34 8D8D B0FEFFFF LEA ECX,DWORD PTR SS:[EBP-150]
00698C3A 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00698C40 51 PUSH ECX
00698C41 52 PUSH EDX
00698C42 C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],4
00698C4C 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698C52 FFD6 CALL ESI
00698C54 66:85C0 TEST AX,AX
00698C57 74 0A JE SHORT unfhgj.00698C63
00698C59 BA C03C4100 MOV EDX,unfhgj.00413CC0 ; UNICODE "NAK"
00698C5E E9 EA040000 JMP unfhgj.0069914D
00698C63 8D85 B0FEFFFF LEA EAX,DWORD PTR SS:[EBP-150]
00698C69 8D8D FCFEFFFF LEA ECX,DWORD PTR SS:[EBP-104]
00698C6F 50 PUSH EAX
00698C70 51 PUSH ECX
00698C71 C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],5
00698C7B 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698C81 FFD6 CALL ESI
00698C83 66:85C0 TEST AX,AX
00698C86 74 0A JE SHORT unfhgj.00698C92
00698C88 BA CC3C4100 MOV EDX,unfhgj.00413CCC ; UNICODE "E3B"
00698C8D E9 BB040000 JMP unfhgj.0069914D
00698C92 8D95 B0FEFFFF LEA EDX,DWORD PTR SS:[EBP-150]
00698C98 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
00698C9E 52 PUSH EDX
00698C9F 50 PUSH EAX
00698CA0 C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],6
00698CAA 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698CB0 FFD6 CALL ESI
00698CB2 66:85C0 TEST AX,AX
00698CB5 74 0A JE SHORT unfhgj.00698CC1
00698CB7 BA D83C4100 MOV EDX,unfhgj.00413CD8 ; UNICODE "SIB"
00698CBC E9 8C040000 JMP unfhgj.0069914D
00698CC1 8D8D B0FEFFFF LEA ECX,DWORD PTR SS:[EBP-150]
00698CC7 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00698CCD 51 PUSH ECX
00698CCE 52 PUSH EDX
00698CCF C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],7
00698CD9 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698CDF FFD6 CALL ESI
00698CE1 66:85C0 TEST AX,AX
00698CE4 74 0A JE SHORT unfhgj.00698CF0
00698CE6 BA F03A4100 MOV EDX,unfhgj.00413AF0 ; UNICODE "ESC"
00698CEB E9 5D040000 JMP unfhgj.0069914D
00698CF0 8D85 B0FEFFFF LEA EAX,DWORD PTR SS:[EBP-150]
00698CF6 8D8D FCFEFFFF LEA ECX,DWORD PTR SS:[EBP-104]
00698CFC 50 PUSH EAX
00698CFD 51 PUSH ECX
00698CFE C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],8
00698D08 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698D0E FFD6 CALL ESI
00698D10 66:85C0 TEST AX,AX
00698D13 74 0A JE SHORT unfhgj.00698D1F
00698D15 BA FC3A4100 MOV EDX,unfhgj.00413AFC ; UNICODE "54T"
00698D1A E9 2E040000 JMP unfhgj.0069914D
00698D1F 8D95 B0FEFFFF LEA EDX,DWORD PTR SS:[EBP-150]
00698D25 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
00698D2B 52 PUSH EDX
00698D2C 50 PUSH EAX
00698D2D C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],9
00698D37 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698D3D FFD6 CALL ESI
00698D3F 66:85C0 TEST AX,AX
00698D42 74 0A JE SHORT unfhgj.00698D4E
00698D44 BA 083B4100 MOV EDX,unfhgj.00413B08 ; UNICODE "5AW"
00698D49 E9 FF030000 JMP unfhgj.0069914D
00698D4E 8D8D B0FEFFFF LEA ECX,DWORD PTR SS:[EBP-150]
00698D54 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00698D5A 51 PUSH ECX
00698D5B 52 PUSH EDX
00698D5C C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],0A
00698D66 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698D6C FFD6 CALL ESI
00698D6E 66:85C0 TEST AX,AX
00698D71 74 0A JE SHORT unfhgj.00698D7D
00698D73 BA 18374100 MOV EDX,unfhgj.00413718 ; UNICODE "ERS"
00698D78 E9 D0030000 JMP unfhgj.0069914D
00698D7D 8D85 B0FEFFFF LEA EAX,DWORD PTR SS:[EBP-150]
00698D83 8D8D FCFEFFFF LEA ECX,DWORD PTR SS:[EBP-104]
00698D89 50 PUSH EAX
00698D8A 51 PUSH ECX
00698D8B C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],0B
00698D95 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698D9B FFD6 CALL ESI
00698D9D 66:85C0 TEST AX,AX
00698DA0 74 0A JE SHORT unfhgj.00698DAC
00698DA2 BA 24374100 MOV EDX,unfhgj.00413724 ; UNICODE "SY2"
00698DA7 E9 A1030000 JMP unfhgj.0069914D
00698DAC 8D95 B0FEFFFF LEA EDX,DWORD PTR SS:[EBP-150]
00698DB2 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
00698DB8 52 PUSH EDX
00698DB9 50 PUSH EAX
00698DBA C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],0C
00698DC4 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698DCA FFD6 CALL ESI
00698DCC 66:85C0 TEST AX,AX
00698DCF 74 0A JE SHORT unfhgj.00698DDB
00698DD1 BA 30374100 MOV EDX,unfhgj.00413730 ; UNICODE "SLE"
00698DD6 E9 72030000 JMP unfhgj.0069914D
00698DDB 8D8D B0FEFFFF LEA ECX,DWORD PTR SS:[EBP-150]
00698DE1 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00698DE7 51 PUSH ECX
00698DE8 52 PUSH EDX
00698DE9 C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],0D
00698DF3 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698DF9 FFD6 CALL ESI
00698DFB 66:85C0 TEST AX,AX
00698DFE 74 0A JE SHORT unfhgj.00698E0A
00698E00 BA 3C374100 MOV EDX,unfhgj.0041373C ; UNICODE "OBV"
00698E05 E9 43030000 JMP unfhgj.0069914D
00698E0A 8D85 B0FEFFFF LEA EAX,DWORD PTR SS:[EBP-150]
00698E10 8D8D FCFEFFFF LEA ECX,DWORD PTR SS:[EBP-104]
00698E16 50 PUSH EAX
00698E17 51 PUSH ECX
00698E18 C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],0E
00698E22 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698E28 FFD6 CALL ESI
00698E2A 66:85C0 TEST AX,AX
00698E2D 74 0A JE SHORT unfhgj.00698E39
00698E2F BA 48374100 MOV EDX,unfhgj.00413748 ; UNICODE "1FU"
00698E34 E9 14030000 JMP unfhgj.0069914D
00698E39 8D95 B0FEFFFF LEA EDX,DWORD PTR SS:[EBP-150]
00698E3F 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
00698E45 52 PUSH EDX
00698E46 50 PUSH EAX
00698E47 C785 04FFFFFF 0>MOV DWORD PTR SS:[EBP-FC],0F
00698E51 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698E57 FFD6 CALL ESI
00698E59 66:85C0 TEST AX,AX
00698E5C 74 0A JE SHORT unfhgj.00698E68
00698E5E BA 98304100 MOV EDX,unfhgj.00413098 ; UNICODE "0CF"
00698E63 E9 E5020000 JMP unfhgj.0069914D
00698E68 8D8D B0FEFFFF LEA ECX,DWORD PTR SS:[EBP-150]
00698E6E 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00698E74 51 PUSH ECX
00698E75 52 PUSH EDX
00698E76 C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],10
00698E80 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698E86 FFD6 CALL ESI
00698E88 66:85C0 TEST AX,AX
00698E8B 74 0A JE SHORT unfhgj.00698E97
00698E8D BA A4304100 MOV EDX,unfhgj.004130A4 ; UNICODE "E7M"
00698E92 E9 B6020000 JMP unfhgj.0069914D
00698E97 8D85 B0FEFFFF LEA EAX,DWORD PTR SS:[EBP-150]
00698E9D 8D8D FCFEFFFF LEA ECX,DWORD PTR SS:[EBP-104]
00698EA3 50 PUSH EAX
00698EA4 51 PUSH ECX
00698EA5 C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],11
00698EAF 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698EB5 FFD6 CALL ESI
00698EB7 66:85C0 TEST AX,AX
00698EBA 74 0A JE SHORT unfhgj.00698EC6
00698EBC BA 18374100 MOV EDX,unfhgj.00413718 ; UNICODE "ERS"
00698EC1 E9 87020000 JMP unfhgj.0069914D
00698EC6 8D95 B0FEFFFF LEA EDX,DWORD PTR SS:[EBP-150]
00698ECC 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
00698ED2 52 PUSH EDX
00698ED3 50 PUSH EAX
00698ED4 C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],12
00698EDE 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698EE4 FFD6 CALL ESI
00698EE6 66:85C0 TEST AX,AX
00698EE9 74 0A JE SHORT unfhgj.00698EF5
00698EEB BA 8C324100 MOV EDX,unfhgj.0041328C ; UNICODE "5BL"
00698EF0 E9 58020000 JMP unfhgj.0069914D
00698EF5 8D8D B0FEFFFF LEA ECX,DWORD PTR SS:[EBP-150]
00698EFB 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00698F01 51 PUSH ECX
00698F02 52 PUSH EDX
00698F03 C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],13
00698F0D 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698F13 FFD6 CALL ESI
00698F15 66:85C0 TEST AX,AX
00698F18 74 0A JE SHORT unfhgj.00698F24
00698F1A BA D82E4100 MOV EDX,unfhgj.00412ED8 ; UNICODE "DGS"
00698F1F E9 29020000 JMP unfhgj.0069914D
00698F24 8D85 B0FEFFFF LEA EAX,DWORD PTR SS:[EBP-150]
00698F2A 8D8D FCFEFFFF LEA ECX,DWORD PTR SS:[EBP-104]
00698F30 50 PUSH EAX
00698F31 51 PUSH ECX
00698F32 C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],14
00698F3C 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698F42 FFD6 CALL ESI
00698F44 66:85C0 TEST AX,AX
00698F47 74 0A JE SHORT unfhgj.00698F53
00698F49 BA B4284100 MOV EDX,unfhgj.004128B4 ; UNICODE "ETG"
00698F4E E9 FA010000 JMP unfhgj.0069914D
00698F53 8D95 B0FEFFFF LEA EDX,DWORD PTR SS:[EBP-150]
00698F59 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
00698F5F 52 PUSH EDX
00698F60 50 PUSH EAX
00698F61 C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],15
00698F6B 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698F71 FFD6 CALL ESI
00698F73 66:85C0 TEST AX,AX
00698F76 74 0A JE SHORT unfhgj.00698F82
00698F78 BA D4264100 MOV EDX,unfhgj.004126D4 ; UNICODE "E2Q"
00698F7D E9 CB010000 JMP unfhgj.0069914D
00698F82 8D8D B0FEFFFF LEA ECX,DWORD PTR SS:[EBP-150]
00698F88 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00698F8E 51 PUSH ECX
00698F8F 52 PUSH EDX
00698F90 C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],16
00698F9A 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698FA0 FFD6 CALL ESI
00698FA2 66:85C0 TEST AX,AX
00698FA5 74 0A JE SHORT unfhgj.00698FB1
00698FA7 BA 28214100 MOV EDX,unfhgj.00412128 ; UNICODE "D2C"
00698FAC E9 9C010000 JMP unfhgj.0069914D
00698FB1 8D85 B0FEFFFF LEA EAX,DWORD PTR SS:[EBP-150]
00698FB7 8D8D FCFEFFFF LEA ECX,DWORD PTR SS:[EBP-104]
00698FBD 50 PUSH EAX
00698FBE 51 PUSH ECX
00698FBF C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],17
00698FC9 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698FCF FFD6 CALL ESI
00698FD1 66:85C0 TEST AX,AX
00698FD4 74 0A JE SHORT unfhgj.00698FE0
00698FD6 BA 581F4100 MOV EDX,unfhgj.00411F58 ; UNICODE "NVK"
00698FDB E9 6D010000 JMP unfhgj.0069914D
00698FE0 8D95 B0FEFFFF LEA EDX,DWORD PTR SS:[EBP-150]
00698FE6 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
00698FEC 52 PUSH EDX
00698FED 50 PUSH EAX
00698FEE C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],18
00698FF8 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00698FFE FFD6 CALL ESI
00699000 66:85C0 TEST AX,AX
00699003 74 0A JE SHORT unfhgj.0069900F
00699005 BA E81B4100 MOV EDX,unfhgj.00411BE8 ; UNICODE "CHN"
0069900A E9 3E010000 JMP unfhgj.0069914D
0069900F 8D8D B0FEFFFF LEA ECX,DWORD PTR SS:[EBP-150]
00699015 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
0069901B 51 PUSH ECX
0069901C 52 PUSH EDX
0069901D C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],19
00699027 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
0069902D FFD6 CALL ESI
0069902F 66:85C0 TEST AX,AX
00699032 74 0A JE SHORT unfhgj.0069903E
00699034 BA 48194100 MOV EDX,unfhgj.00411948 ; UNICODE "ERC"
00699039 E9 0F010000 JMP unfhgj.0069914D
0069903E 8D85 B0FEFFFF LEA EAX,DWORD PTR SS:[EBP-150]
00699044 8D8D FCFEFFFF LEA ECX,DWORD PTR SS:[EBP-104]
0069904A 50 PUSH EAX
0069904B 51 PUSH ECX
0069904C C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],1A
00699056 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
0069905C FFD6 CALL ESI
0069905E 66:85C0 TEST AX,AX
00699061 74 0A JE SHORT unfhgj.0069906D
00699063 BA E83C4100 MOV EDX,unfhgj.00413CE8 ; UNICODE "YJC"
00699068 E9 E0000000 JMP unfhgj.0069914D
0069906D 8D95 B0FEFFFF LEA EDX,DWORD PTR SS:[EBP-150]
00699073 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
00699079 52 PUSH EDX
0069907A 50 PUSH EAX
0069907B C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],1B
00699085 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
0069908B FFD6 CALL ESI
0069908D 66:85C0 TEST AX,AX
00699090 74 0A JE SHORT unfhgj.0069909C
00699092 BA F43C4100 MOV EDX,unfhgj.00413CF4 ; UNICODE "XSE"
00699097 E9 B1000000 JMP unfhgj.0069914D
0069909C 8D8D B0FEFFFF LEA ECX,DWORD PTR SS:[EBP-150]
006990A2 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
006990A8 51 PUSH ECX
006990A9 52 PUSH EDX
006990AA C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],1C
006990B4 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
006990BA FFD6 CALL ESI
006990BC 66:85C0 TEST AX,AX
006990BF 74 0A JE SHORT unfhgj.006990CB
006990C1 BA 003D4100 MOV EDX,unfhgj.00413D00 ; UNICODE "BZC"
006990C6 E9 82000000 JMP unfhgj.0069914D
006990CB 8D85 B0FEFFFF LEA EAX,DWORD PTR SS:[EBP-150]
006990D1 8D8D FCFEFFFF LEA ECX,DWORD PTR SS:[EBP-104]
006990D7 50 PUSH EAX
006990D8 51 PUSH ECX
006990D9 C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],1D
006990E3 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
006990E9 FFD6 CALL ESI
006990EB 66:85C0 TEST AX,AX
006990EE 74 07 JE SHORT unfhgj.006990F7
006990F0 BA 0C3D4100 MOV EDX,unfhgj.00413D0C ; UNICODE "DBF"
006990F5 EB 56 JMP SHORT unfhgj.0069914D
006990F7 8D95 B0FEFFFF LEA EDX,DWORD PTR SS:[EBP-150]
006990FD 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
00699103 52 PUSH EDX
00699104 50 PUSH EAX
00699105 C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],1E
0069910F 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00699115 FFD6 CALL ESI
00699117 66:85C0 TEST AX,AX
0069911A 74 07 JE SHORT unfhgj.00699123
0069911C BA 183D4100 MOV EDX,unfhgj.00413D18 ; UNICODE "KJL"
00699121 EB 2A JMP SHORT unfhgj.0069914D
00699123 8D8D B0FEFFFF LEA ECX,DWORD PTR SS:[EBP-150]
00699129 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
0069912F 51 PUSH ECX
00699130 52 PUSH EDX
00699131 C785 04FFFFFF 1>MOV DWORD PTR SS:[EBP-FC],1F
0069913B 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00699141 FFD6 CALL ESI
00699143 66:85C0 TEST AX,AX
00699146 74 0E JE SHORT unfhgj.00699156
00699148 BA 243D4100 MOV EDX,unfhgj.00413D24 ; UNICODE "PKM"
0069914D 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
00699150 FF15 60114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
。。。。。。。。。。。。。。。。。。。
006991BE 50 PUSH EAX ; 下面弹出提示:软件重启后,就会体现是否激活!
006991BF FF15 78104000 CALL DWORD PTR DS:[<&MSVBVM60.rtcMsgBox>] ; MSVBVM60.rtcMsgBox
返回程序点确定,回来后用F8继续跟
006992FC FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVarMove>; MSVBVM60.__vbaStrVarMove
00699302 8BD0 MOV EDX,EAX ; HOHO~~真正的激活码在EAX中~~~
00699304 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
F8继续
0069939A 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] ; 下面判断真假激活码
0069939D 51 PUSH ECX ; 假激活码入ECX
0069939E 52 PUSH EDX ; 真激活码入EDX
0069939F FF15 B4104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCmp>] ; MSVBVM60.__vbaStrCmp
006993A5 8BF0 MOV ESI,EAX
006993A7 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
006993AA F7DE NEG ESI
006993AC 1BF6 SBB ESI,ESI
006993AE 46 INC ESI
006993AF F7DE NEG ESI
006993B1 FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
006993B7 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
006993BA FF15 DC114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
006993C0 66:85F6 TEST SI,SI
006993C3 0F84 F2010000 JE unfhgj.006995BB ; 激活码不对就跳~~
OK~
到此~整个注册码追踪完毕~~
我的机器码:806146752
我的注册码:13B6FHGJ
我的激活码:E7M330
哈~~~打完收工~~~
简单破解方法2:
用Access打开MDB文件~
将regstart里面的regdate的值改为2099-12-16
这样就永远在试用期内~~HOHO~~
------------------------------------------------------------------------
【破解总结】偶对VB还是比较感冒的~~一般不怎么动VB写的程序~
还好这个是明码比较,一下就让我追出了注册码~~
如果有哪位大哥对些软件进行详细算法分析请PM偶一份啊~~~
------------------------------------------------------------------------
【版权声明】本文纯属技术交流, 转载请注明作者信息并保持文章的完整, 谢谢! |
|
IP卡
发表于 2006-6-15 18:27:54
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-7-8 13:07:43
发表于 2006-7-9 06:43:01