来吧,算法入门连载(六) 冷血书生
来吧,算法入门连载(六)[ 录入者:admin | 时间:2008-03-09 00:36:18 | 作者:冷血书生 | 来源:http://www.crack520.cn | 浏览:162次 ]
【破解日期】 2007年2月24日
【破解作者】 冷血书生
【作者邮箱】 meiyou
【作者主页】 http://www.crack520.cn
【使用工具】 OD
【破解平台】 Win9x/NT/2000/XP
【软件名称】 Arash RJ CrackMe 1.2
【下载地址】
【软件大小】 380kb
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
00445039 push edx
0044503A call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaLenBstr
00445040 mov dword ptr ss:,eax ; 获得用户名长度
00445046 lea eax,dword ptr ss:
0044504C lea ecx,dword ptr ss:
00445052 push eax
00445053 lea edx,dword ptr ss:
00445059 push ecx
0044505A lea eax,dword ptr ss:
00445060 push edx
00445061 lea ecx,dword ptr ss:
00445067 push eax
00445068 lea edx,dword ptr ss:
0044506B push ecx
0044506C push edx
0044506D mov dword ptr ss:,3
00445077 mov dword ptr ss:,1
00445081 mov dword ptr ss:,2
0044508B call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaVarForInit
00445091 lea ecx,dword ptr ss:
00445094 mov dword ptr ss:,eax
0044509A call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeStr
004450A0 lea ecx,dword ptr ss:
004450A3 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeObj
004450A9 mov esi,dword ptr ds:[<&MSVBVM60.>; MSVBVM60.__vbaStrMove
004450AF mov edi,dword ptr ds:[<&MSVBVM60.>; MSVBVM60.__vbaStrVarVal
004450B5 mov eax,dword ptr ss:
004450BB test eax,eax
004450BD je CrackMe_.0044522B
004450C3 mov eax,dword ptr ds:
004450C5 push ebx
004450C6 call dword ptr ds:
004450CC lea ecx,dword ptr ss:
004450CF push eax
004450D0 push ecx
004450D1 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaObjSet
004450D7 mov edx,dword ptr ds:
004450D9 lea ecx,dword ptr ss:
004450DC push ecx
004450DD push eax
004450DE mov dword ptr ss:,eax
004450E4 call dword ptr ds:
004450EA test eax,eax
004450EC fclex
004450EE jge short CrackMe_.00445108
004450F0 mov edx,dword ptr ss:
004450F6 push 0A0
004450FB push CrackMe_.00418418
00445100 push edx
00445101 push eax
00445102 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
00445108 mov eax,dword ptr ss:
0044510B lea ecx,dword ptr ss:
0044510E mov dword ptr ss:,eax
00445111 lea eax,dword ptr ss:
00445117 push eax
00445118 push ecx
00445119 mov dword ptr ss:,1
00445123 mov dword ptr ss:,2
0044512D mov dword ptr ss:,0
00445134 mov dword ptr ss:,8
0044513E call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaI4Var
00445144 push eax
00445145 lea edx,dword ptr ss:
0044514B lea eax,dword ptr ss:
00445151 push edx
00445152 push eax
00445153 call dword ptr ds:[<&MSVBVM60.#63>; MSVBVM60.rtcMidCharVar
00445159 lea ecx,dword ptr ss:
0044515F lea edx,dword ptr ss:
00445162 push ecx
00445163 push edx
00445164 call edi
00445166 push eax
00445167 call dword ptr ds:[<&MSVBVM60.#51>; MSVBVM60.rtcAnsiValueBstr
0044516D push eax; 每位用户名压栈
0044516E call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaStrI2
00445174 mov edx,eax
00445176 lea ecx,dword ptr ss:
00445179 call esi
0044517B push eax
0044517C call dword ptr ds:[<&MSVBVM60.#58>; MSVBVM60.rtcR8ValFromBstr
00445182 fstp qword ptr ss:
00445188 lea eax,dword ptr ss:
0044518B lea ecx,dword ptr ss:
0044518E push eax
0044518F push ecx
00445190 call edi
00445192 push eax
00445193 call dword ptr ds:[<&MSVBVM60.#58>; MSVBVM60.rtcR8ValFromBstr
00445199 fadd qword ptr ss: ; 累加 用户名
0044519F lea edx,dword ptr ss:
004451A5 lea ecx,dword ptr ss:
004451A8 mov dword ptr ss:,5
004451B2 fstp qword ptr ss:
004451B8 fstsw ax
004451BC jnz CrackMe_.0044589B
004451C2 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaVarMove
004451C8 lea edx,dword ptr ss:
004451CB lea eax,dword ptr ss:
004451CE push edx
004451CF lea ecx,dword ptr ss:
004451D2 push eax
004451D3 push ecx
004451D4 push 3
004451D6 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeStrList
004451DC add esp,10
004451DF lea ecx,dword ptr ss:
004451E2 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeObj
004451E8 lea edx,dword ptr ss:
004451EE lea eax,dword ptr ss:
004451F4 push edx
004451F5 lea ecx,dword ptr ss:
004451FB push eax
004451FC push ecx
004451FD push 3
004451FF call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeVarList
00445205 add esp,10
00445208 lea edx,dword ptr ss:
0044520E lea eax,dword ptr ss:
00445214 lea ecx,dword ptr ss:
00445217 push edx
00445218 push eax
00445219 push ecx
0044521A call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaVarForNext
00445220 mov dword ptr ss:,eax
00445226 jmp CrackMe_.004450B5 ; 循环
0044522B mov edx,dword ptr ds:
0044522D push ebx
0044522E mov dword ptr ss:,1
00445238 mov dword ptr ss:,2
00445242 call dword ptr ds:
00445248 push eax
00445249 lea eax,dword ptr ss:
0044524C push eax
0044524D call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaObjSet
00445253 mov ecx,dword ptr ds:
00445255 lea edx,dword ptr ss:
00445258 push edx
00445259 push eax
0044525A mov dword ptr ss:,eax
00445260 call dword ptr ds:
00445266 test eax,eax
00445268 fclex
0044526A jge short CrackMe_.00445284
0044526C mov ecx,dword ptr ss:
00445272 push 0A0
00445277 push CrackMe_.00418418
0044527C push ecx
0044527D push eax
0044527E call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
00445284 mov edx,dword ptr ss:
00445287 push edx
00445288 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaLenBstr
0044528E mov dword ptr ss:,eax
00445294 lea eax,dword ptr ss:
0044529A lea ecx,dword ptr ss:
004452A0 push eax
004452A1 lea edx,dword ptr ss:
004452A7 push ecx
004452A8 lea eax,dword ptr ss:
004452AE push edx
004452AF lea ecx,dword ptr ss:
004452B5 push eax
004452B6 lea edx,dword ptr ss:
004452B9 push ecx
004452BA push edx
004452BB mov dword ptr ss:,3
004452C5 mov dword ptr ss:,1
004452CF mov dword ptr ss:,2
004452D9 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaVarForInit
004452DF lea ecx,dword ptr ss:
004452E2 mov dword ptr ss:,eax
004452E8 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeStr
004452EE lea ecx,dword ptr ss:
004452F1 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeObj
004452F7 mov eax,dword ptr ss:
004452FD test eax,eax
004452FF je CrackMe_.004454C5
00445305 mov eax,dword ptr ds:
00445307 push ebx
00445308 call dword ptr ds:
0044530E lea ecx,dword ptr ss:
00445311 push eax
00445312 push ecx
00445313 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaObjSet
00445319 mov edx,dword ptr ds:
0044531B lea ecx,dword ptr ss:
0044531E push ecx
0044531F push eax
00445320 mov dword ptr ss:,eax
00445326 call dword ptr ds:
0044532C test eax,eax
0044532E fclex
00445330 jge short CrackMe_.0044534A
00445332 mov edx,dword ptr ss:
00445338 push 0A0
0044533D push CrackMe_.00418418
00445342 push edx
00445343 push eax
00445344 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
0044534A mov eax,dword ptr ss:
0044534D lea ecx,dword ptr ss:
00445350 mov dword ptr ss:,eax
00445353 lea eax,dword ptr ss:
00445359 push eax
0044535A push ecx
0044535B mov dword ptr ss:,1
00445365 mov dword ptr ss:,2
0044536F mov dword ptr ss:,0
00445376 mov dword ptr ss:,8
00445380 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaI4Var
00445386 push eax
00445387 lea edx,dword ptr ss:
0044538D lea eax,dword ptr ss:
00445393 push edx
00445394 push eax
00445395 call dword ptr ds:[<&MSVBVM60.#63>; MSVBVM60.rtcMidCharVar
0044539B lea ecx,dword ptr ss:
0044539E lea edx,dword ptr ss:
004453A1 push ecx
004453A2 push edx
004453A3 call edi
004453A5 push eax
004453A6 call dword ptr ds:[<&MSVBVM60.#58>; MSVBVM60.rtcR8ValFromBstr
004453AC sub esp,8
004453AF fstp qword ptr ss:
004453B2 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaStrR8
004453B8 mov edx,eax
004453BA lea ecx,dword ptr ss:
004453BD call esi
004453BF push eax
004453C0 lea eax,dword ptr ss:
004453C6 lea ecx,dword ptr ss:
004453C9 push eax
004453CA push ecx
004453CB call edi
004453CD push eax
004453CE call dword ptr ds:[<&MSVBVM60.#51>; MSVBVM60.rtcAnsiValueBstr
004453D4 push eax
004453D5 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaStrI2
004453DB mov edx,eax
004453DD lea ecx,dword ptr ss:
004453E0 call esi
004453E2 push eax
004453E3 call dword ptr ds:[<&MSVBVM60.#58>; MSVBVM60.rtcR8ValFromBstr
004453E9 fadd qword ptr ds:; 用户名每一位+5
004453EF cmp dword ptr ds:,0
004453F6 jnz short CrackMe_.00445400
004453F8 fdiv qword ptr ds:; 用户名每一位+5/3
004453FE jmp short CrackMe_.00445411
00445400 push dword ptr ds:
00445406 push dword ptr ds:
0044540C call <jmp.&MSVBVM60._adj_fdiv_m64>
00445411 fstsw ax
00445413 test al,0D
00445415 jnz CrackMe_.0044589B
0044541B call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFPFix
00445421 sub esp,8
00445424 fstp qword ptr ss: ; 保存结果
00445427 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaStrR8
0044542D mov edx,eax
0044542F lea ecx,dword ptr ss:
00445432 call esi
00445434 push eax
00445435 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaStrCat
0044543B lea edx,dword ptr ss:
00445441 lea ecx,dword ptr ss:
00445444 mov dword ptr ss:,eax
0044544A mov dword ptr ss:,8
00445454 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaVarMove
0044545A lea edx,dword ptr ss:
0044545D lea eax,dword ptr ss:
00445460 push edx
00445461 lea ecx,dword ptr ss:
00445464 push eax
00445465 lea edx,dword ptr ss:
00445468 push ecx
00445469 lea eax,dword ptr ss:
0044546C push edx
0044546D push eax
0044546E push 5
00445470 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeStrList
00445476 add esp,18
00445479 lea ecx,dword ptr ss:
0044547C call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeObj
00445482 lea ecx,dword ptr ss:
00445488 push ecx
00445489 lea edx,dword ptr ss:
0044548F lea eax,dword ptr ss:
00445495 push edx
00445496 push eax
00445497 push 3
00445499 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeVarList
0044549F add esp,10
004454A2 lea ecx,dword ptr ss:
004454A8 lea edx,dword ptr ss:
004454AE lea eax,dword ptr ss:
004454B1 push ecx
004454B2 push edx
004454B3 push eax
004454B4 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaVarForNext
004454BA mov dword ptr ss:,eax
004454C0 jmp CrackMe_.004452F7 ; 循环计算
004454C5 mov ecx,dword ptr ds:
004454C7 push ebx
004454C8 mov dword ptr ss:,CrackMe>
004454D2 mov dword ptr ss:,8
004454DC call dword ptr ds:
004454E2 lea edx,dword ptr ss:
004454E5 push eax
004454E6 push edx
004454E7 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaObjSet
004454ED mov esi,eax
004454EF lea ecx,dword ptr ss:
004454F2 push ecx
004454F3 push esi
004454F4 mov eax,dword ptr ds:
004454F6 call dword ptr ds:
004454FC test eax,eax
004454FE fclex
00445500 jge short CrackMe_.00445514
00445502 push 0A0
00445507 push CrackMe_.00418418
0044550C push esi
0044550D push eax
0044550E call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
00445514 mov eax,dword ptr ss:
00445517 mov esi,dword ptr ds:[<&MSVBVM60.>; MSVBVM60.__vbaVarCat
0044551D mov dword ptr ss:,eax
00445523 lea edx,dword ptr ss:
00445526 lea eax,dword ptr ss:
0044552C push edx
0044552D lea ecx,dword ptr ss:
00445533 push eax
00445534 push ecx
00445535 mov dword ptr ss:,0
0044553C mov dword ptr ss:,8008
00445546 call esi
00445548 push eax
00445549 lea edx,dword ptr ss:
0044554C lea eax,dword ptr ss:
00445552 push edx
00445553 push eax
00445554 call esi
00445556 lea ecx,dword ptr ss:
00445559 push eax
0044555A lea edx,dword ptr ss:
00445560 push ecx
00445561 push edx
00445562 call esi
00445564 push eax
00445565 lea eax,dword ptr ss:
0044556B push eax
0044556C call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaVarTstEq /// 经典比较
00445572 lea ecx,dword ptr ss:
00445575 mov edi,eax
--------------------------------------------------------------------------------
算法:
1, 累加用户名, 记为A
2, 用户名最后一位+5/3, 记为B
3, 注册码格式为A-ABA
name: leng
code: 422-42236422
页:
[1]