吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 10070|回复: 39
收起左侧

国外某软件算法分析(2)

[复制链接]
shaopeng 发表于 2008-10-11 18:01
00402A00 \55PUSH EBP
00402A018BECMOV EBP,ESP
00402A0383EC 0C SUB ESP,0C
00402A0668 E6104000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler>; SE 处理程序安装
00402A0B64:A1 00000000MOV EAX,DWORD PTR FS:[0]
00402A1150PUSH EAX
00402A1264:8925 0000000>MOV DWORD PTR FS:[0],ESP
00402A1981EC D0000000 SUB ESP,0D0
00402A1F53PUSH EBX
00402A2056PUSH ESI
00402A2157PUSH EDI
00402A228965 F4 MOV DWORD PTR SS:[EBP-C],ESP
00402A25C745 F8 C810400>MOV DWORD PTR SS:[EBP-8],crackme2.004010>
00402A2C8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
00402A2F8BC6MOV EAX,ESI
00402A3183E0 01 AND EAX,1
00402A348945 FC MOV DWORD PTR SS:[EBP-4],EAX
00402A3783E6 FE AND ESI,FFFFFFFE
00402A3A56PUSH ESI
00402A3B8975 08 MOV DWORD PTR SS:[EBP+8],ESI
00402A3E8B0EMOV ECX,DWORD PTR DS:[ESI]
00402A40FF51 04 CALL DWORD PTR DS:[ECX+4]
00402A438B16MOV EDX,DWORD PTR DS:[ESI]
00402A4533FFXOR EDI,EDI
00402A4756PUSH ESI
00402A48897D E4 MOV DWORD PTR SS:[EBP-1C],EDI
00402A4B897D D0 MOV DWORD PTR SS:[EBP-30],EDI
00402A4E897D CC MOV DWORD PTR SS:[EBP-34],EDI
00402A51897D C8 MOV DWORD PTR SS:[EBP-38],EDI
00402A54897D C4 MOV DWORD PTR SS:[EBP-3C],EDI
00402A57897D C0 MOV DWORD PTR SS:[EBP-40],EDI
00402A5A897D B0 MOV DWORD PTR SS:[EBP-50],EDI
00402A5D897D A0 MOV DWORD PTR SS:[EBP-60],EDI
00402A60897D 90 MOV DWORD PTR SS:[EBP-70],EDI
00402A63897D 80 MOV DWORD PTR SS:[EBP-80],EDI
00402A6689BD 70FFFFFF MOV DWORD PTR SS:[EBP-90],EDI
00402A6C89BD 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EDI
00402A72FF92 FC020000 CALL DWORD PTR DS:[EDX+2FC]
00402A7850PUSH EAX
00402A798D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
00402A7C50PUSH EAX
00402A7DFF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
00402A838B08MOV ECX,DWORD PTR DS:[EAX]
00402A858D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00402A8852PUSH EDX
00402A8950PUSH EAX
00402A8A8985 3CFFFFFF MOV DWORD PTR SS:[EBP-C4],EAX
00402A90FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
00402A963BC7CMP EAX,EDI
00402A98DBE2FCLEX
00402A9A7D 18 JGE SHORT crackme2.00402AB4
00402A9C8B8D 3CFFFFFF MOV ECX,DWORD PTR SS:[EBP-C4]
00402AA268 A0000000 PUSH 0A0
00402AA768 4C224000 PUSH crackme2.0040224C
00402AAC51PUSH ECX
00402AAD50PUSH EAX
00402AAEFF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
00402AB48B55 C8 MOV EDX,DWORD PTR SS:[EBP-38]; 把用户名放到EDX
00402AB78D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
00402ABA897D C8 MOV DWORD PTR SS:[EBP-38],EDI
00402ABDFF15 A8104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
00402AC38D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
00402AC6FF15 B8104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
00402ACC8B16MOV EDX,DWORD PTR DS:[ESI]
00402ACE56PUSH ESI
00402ACFFF92 0C030000 CALL DWORD PTR DS:[EDX+30C]
00402AD550PUSH EAX
00402AD68D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
00402AD950PUSH EAX
00402ADAFF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
00402AE08B08MOV ECX,DWORD PTR DS:[EAX]
00402AE28D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00402AE552PUSH EDX
00402AE650PUSH EAX
00402AE78985 3CFFFFFF MOV DWORD PTR SS:[EBP-C4],EAX
00402AEDFF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
00402AF33BC7CMP EAX,EDI
00402AF5DBE2FCLEX
00402AF77D 18 JGE SHORT crackme2.00402B11
00402AF98B8D 3CFFFFFF MOV ECX,DWORD PTR SS:[EBP-C4]
00402AFF68 A0000000 PUSH 0A0
00402B0468 4C224000 PUSH crackme2.0040224C
00402B0951PUSH ECX
00402B0A50PUSH EAX
00402B0BFF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
00402B118B55 C8 MOV EDX,DWORD PTR SS:[EBP-38]; 把注册码放到EDX
00402B148D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
00402B17897D C8 MOV DWORD PTR SS:[EBP-38],EDI
00402B1AFF15 A8104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
00402B208D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
00402B23FF15 B8104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
00402B298B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]; 把用户名放到EDX
00402B2C52PUSH EDX ; 把用户名压到堆栈
00402B2DFF15 14104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>; 读取用户名的位数
00402B3333DBXOR EBX,EBX; EBX清零
00402B3583F8 0B CMP EAX,0B ; 用户名位数与11比较
00402B388B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]; 把用户名放到EAX
00402B3B50PUSH EAX
00402B3C0F9EC3SETLE BL ; BL=00
00402B3FFF15 14104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr
00402B4533C9XOR ECX,ECX; ECX清零
00402B478B55 CC MOV EDX,DWORD PTR SS:[EBP-34]; 把注册码放到EDX
00402B4A83F8 05 CMP EAX,5; 用户名位数与5比较
00402B4D52PUSH EDX
00402B4E0F9DC1SETGE CL ; CL=0
00402B5123D9AND EBX,ECX; EBX+ECX
00402B53F7DBNEG EBX; EBX=1
00402B551BDBSBB EBX,EBX; EBX-EBX
00402B57F7DBNEG EBX; 取值EBX=1
00402B59FF15 14104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>; 读取注册码位数
00402B5F33C9XOR ECX,ECX; ECX清零
00402B6183F8 09 CMP EAX,9; 注册码位数与9比较
00402B640F9DC1SETGE CL ; CL=0
00402B6785D9TEST ECX,EBX ; ECX与EBX比较
00402B690F85 8B000000 JNZ crackme2.00402BFA
00402B6F8B16MOV EDX,DWORD PTR DS:[ESI]
00402B7156PUSH ESI
00402B72FF92 FC020000 CALL DWORD PTR DS:[EDX+2FC]
00402B788B1D 30104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaOb>; MSVBVM60.__vbaObjSet
00402B7E50PUSH EAX
00402B7F8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
00402B8250PUSH EAX
00402B83FFD3CALL EBX ; <&MSVBVM60.__vbaObjSet>
00402B858BF8MOV EDI,EAX
00402B8768 60224000 PUSH crackme2.00402260
00402B8C57PUSH EDI
00402B8D8B0FMOV ECX,DWORD PTR DS:[EDI]
00402B8FFF91 A4000000 CALL DWORD PTR DS:[ECX+A4]
00402B9585C0TEST EAX,EAX
00402B97DBE2FCLEX
00402B997D 12 JGE SHORT crackme2.00402BAD
00402B9B68 A4000000 PUSH 0A4
00402BA068 4C224000 PUSH crackme2.0040224C
00402BA557PUSH EDI
00402BA650PUSH EAX
00402BA7FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
00402BAD8B3D B8104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeObj
00402BB38D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
00402BB6FFD7CALL EDI ; <&MSVBVM60.__vbaFreeObj>
00402BB88B16MOV EDX,DWORD PTR DS:[ESI]
00402BBA56PUSH ESI
00402BBBFF92 0C030000 CALL DWORD PTR DS:[EDX+30C]
00402BC150PUSH EAX
00402BC28D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
00402BC550PUSH EAX
00402BC6FFD3CALL EBX
00402BC88BF0MOV ESI,EAX
00402BCA68 60224000 PUSH crackme2.00402260
00402BCF56PUSH ESI
00402BD08B0EMOV ECX,DWORD PTR DS:[ESI]
00402BD2FF91 A4000000 CALL DWORD PTR DS:[ECX+A4]
00402BD885C0TEST EAX,EAX
00402BDADBE2FCLEX
00402BDC7D 12 JGE SHORT crackme2.00402BF0
00402BDE68 A4000000 PUSH 0A4
00402BE368 4C224000 PUSH crackme2.0040224C
00402BE856PUSH ESI
00402BE950PUSH EAX
00402BEAFF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
00402BF08D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
00402BF3FFD7CALL EDI
00402BF5E9 85020000 JMP crackme2.00402E7F
00402BFA8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]; 把用户名放到EDX
00402BFD52PUSH EDX
00402BFEFF15 14104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr
00402C048BC8MOV ECX,EAX; 用户名位数与1比较
00402C06FF15 54104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI2I4>>; MSVBVM60.__vbaI2I4
00402C0CBB 01000000 MOV EBX,1; EBX=1
00402C118985 2CFFFFFF MOV DWORD PTR SS:[EBP-D4],EAX; 用户名位数
00402C178BF3MOV ESI,EBX; EBX的值放到ESI
00402C1966:3BB5 2CFFFFF>CMP SI,WORD PTR SS:[EBP-D4]; 循环
00402C200F8F A3000000 JG crackme2.00402CC9
00402C268D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
00402C298D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
00402C2C0FBFD6MOVSX EDX,SI
00402C2F8985 78FFFFFF MOV DWORD PTR SS:[EBP-88],EAX
00402C3551PUSH ECX
00402C368D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90]
00402C3C52PUSH EDX
00402C3D8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
00402C4050PUSH EAX
00402C4151PUSH ECX
00402C42C745 B8 0400028>MOV DWORD PTR SS:[EBP-48],80020004
00402C49C745 B0 0A00000>MOV DWORD PTR SS:[EBP-50],0A
00402C50C785 70FFFFFF 0>MOV DWORD PTR SS:[EBP-90],4008
00402C5AFF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
00402C608D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
00402C638D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
00402C6652PUSH EDX
00402C6750PUSH EAX
00402C68FF15 78104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarVal
00402C6E50PUSH EAX
00402C6FFF15 0C104000 CALL DWORD PTR DS:[<&MSVBVM60.#693>] ; 用户名转化成16进制
00402C7566:33C9 XOR CX,CX; CX清零 ECX值为00120000
00402C788AC8MOV CL,AL; 用户名每一位放到ECX
00402C7A66:6BC9 02IMUL CX,CX,2 ; 用户名16进制每一位*2
00402C7E0F80 7A020000 JO crackme2.00402EFE ; 取值
00402C840FBFD1MOVSX EDX,CX ; 把得到的值放到EDX
00402C8703D7ADD EDX,EDI; 累计相加
00402C898D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00402C8C0F80 6C020000 JO crackme2.00402EFE
00402C9283C2 0A ADD EDX,0A ; 用户名每位*2后+0A
00402C950F80 63020000 JO crackme2.00402EFE
00402C9B8BFAMOV EDI,EDX
00402C9DFF15 BC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
00402CA38D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
00402CA68D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
00402CA950PUSH EAX
00402CAA51PUSH ECX
00402CAB6A 02 PUSH 2
00402CADFF15 18104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
00402CB366:8BD3 MOV DX,BX; BX放到DX
00402CB683C4 0C ADD ESP,0C ; ESP=ESP+0C
00402CB966:03D6 ADD DX,SI
00402CBC0F80 3C020000 JO crackme2.00402EFE
00402CC28BF2MOV ESI,EDX; 计算用户名的第几位
00402CC4^ E9 50FFFFFF JMP crackme2.00402C19
00402CC981C7 2770430B ADD EDI,0B437027 ; EDI=(用户名*2+0A之和)+0B437227
00402CCF0F80 29020000 JO crackme2.00402EFE ; EDI=43771F
00402CD58BDFMOV EBX,EDI; EDI=43771F
00402CD78B7D 08 MOV EDI,DWORD PTR SS:[EBP+8]
00402CDA57PUSH EDI ;
00402CDB8B07MOV EAX,DWORD PTR DS:[EDI]
00402CDDFF90 0C030000 CALL DWORD PTR DS:[EAX+30C]
00402CE38D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
00402CE650PUSH EAX
00402CE751PUSH ECX
00402CE8FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
00402CEE8BF0MOV ESI,EAX
00402CF08D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
00402CF350PUSH EAX
00402CF456PUSH ESI
00402CF58B16MOV EDX,DWORD PTR DS:[ESI]
00402CF7FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
00402CFD85C0TEST EAX,EAX
00402CFFDBE2FCLEX
00402D017D 12 JGE SHORT crackme2.00402D15; 跳
00402D0368 A0000000 PUSH 0A0
00402D0868 4C224000 PUSH crackme2.0040224C
00402D0D56PUSH ESI
00402D0E50PUSH EAX
00402D0FFF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
00402D1553PUSH EBX
00402D16FF15 08104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrI4>
00402D1C8BD0MOV EDX,EAX
00402D1E8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
00402D21FF15 A8104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; 读取假码
00402D278B4D C8 MOV ECX,DWORD PTR SS:[EBP-38]; 把假码放到ECX
00402D2A50PUSH EAX
00402D2B51PUSH ECX
00402D2CFF15 50104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp
00402D328BF0MOV ESI,EAX
00402D348D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00402D37F7DENEG ESI
00402D391BF6SBB ESI,ESI
00402D3B8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
00402D3E52PUSH EDX
00402D3F46INC ESI
00402D4050PUSH EAX
00402D416A 02 PUSH 2
00402D43F7DENEG ESI
00402D45FF15 8C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStrList
00402D4B8B1D B8104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeObj
00402D5183C4 0C ADD ESP,0C
00402D548D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
00402D57FFD3CALL EBX ; <&MSVBVM60.__vbaFreeObj>
00402D5966:85F6 TEST SI,SI
00402D5C0F84 9B000000 JE crackme2.00402DFD ; 跳过则OVER
00402D628B35 A0104000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaVa>; MSVBVM60.__vbaVarDup
00402D68B9 0A000000 MOV ECX,0A
00402D6DB8 04000280 MOV EAX,80020004
00402D72894D 80 MOV DWORD PTR SS:[EBP-80],ECX
00402D75894D 90 MOV DWORD PTR SS:[EBP-70],ECX
00402D78BB 08000000 MOV EBX,8
00402D7D8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
00402D838D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
00402D868945 88 MOV DWORD PTR SS:[EBP-78],EAX
00402D898945 98 MOV DWORD PTR SS:[EBP-68],EAX
00402D8CC785 68FFFFFF 7>MOV DWORD PTR SS:[EBP-98],crackme2.00402>
00402D96899D 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EBX
00402D9CFFD6CALL ESI ; <&MSVBVM60.__vbaVarDup>
00402D9E8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
00402DA48D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
00402DA7C785 78FFFFFF 6>MOV DWORD PTR SS:[EBP-88],crackme2.00402>
00402DB1899D 70FFFFFF MOV DWORD PTR SS:[EBP-90],EBX
00402DB7FFD6CALL ESI
00402DB98D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
00402DBC8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
00402DBF51PUSH ECX
00402DC08D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
00402DC352PUSH EDX
00402DC48D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
00402DC750PUSH EAX
00402DC851PUSH ECX
00402DC9FF15 9C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI4Var>; MSVBVM60.__vbaI4Var
00402DCF8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
00402DD250PUSH EAX
00402DD352PUSH EDX
00402DD4FF15 34104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>] ; 光明之巅
00402DDA8D45 80 LEA EAX,DWORD PTR SS:[EBP-80]
00402DDD8D4D 90 LEA ECX,DWORD PTR SS:[EBP-70]
00402DE050PUSH EAX
00402DE18D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
00402DE451PUSH ECX
00402DE58D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
00402DE852PUSH EDX
00402DE950PUSH EAX
00402DEA6A 04 PUSH 4
00402DECFF15 18104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
00402DF28B1D B8104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeObj
00402DF883C4 14 ADD ESP,14
00402DFBEB 41 JMP SHORT crackme2.00402E3E
00402DFD8B0FMOV ECX,DWORD PTR DS:[EDI]
00402DFF57PUSH EDI
00402E00FF91 FC020000 CALL DWORD PTR DS:[ECX+2FC]
00402E068D55 C0 LEA EDX,DWORD PTR SS:[EBP-40]
00402E0950PUSH EAX
00402E0A52PUSH EDX
00402E0BFF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
00402E118BF0MOV ESI,EAX
00402E1368 60224000 PUSH crackme2.00402260
00402E1856PUSH ESI
00402E198B06MOV EAX,DWORD PTR DS:[ESI]
00402E1BFF90 A4000000 CALL DWORD PTR DS:[EAX+A4]
00402E2185C0TEST EAX,EAX
00402E23DBE2FCLEX
00402E257D 12 JGE SHORT crackme2.00402E39
00402E2768 A4000000 PUSH 0A4
00402E2C68 4C224000 PUSH crackme2.0040224C
00402E3156PUSH ESI
00402E3250PUSH EAX
00402E33FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
00402E398D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
00402E3CFFD3CALL EBX
00402E3E8B0FMOV ECX,DWORD PTR DS:[EDI]
00402E4057PUSH EDI
00402E41FF91 0C030000 CALL DWORD PTR DS:[ECX+30C]
00402E478D55 C0 LEA EDX,DWORD PTR SS:[EBP-40]
00402E4A50PUSH EAX
00402E4B52PUSH EDX
00402E4CFF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
00402E528BF0MOV ESI,EAX
00402E5468 60224000 PUSH crackme2.00402260
00402E5956PUSH ESI
00402E5A8B06MOV EAX,DWORD PTR DS:[ESI]
00402E5CFF90 A4000000 CALL DWORD PTR DS:[EAX+A4]
00402E6285C0TEST EAX,EAX
00402E64DBE2FCLEX
00402E667D 12 JGE SHORT crackme2.00402E7A
00402E6868 A4000000 PUSH 0A4
00402E6D68 4C224000 PUSH crackme2.0040224C
00402E7256PUSH ESI
00402E7350PUSH EAX
00402E74FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
00402E7A8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
00402E7DFFD3CALL EBX
00402E7FC745 FC 0000000>MOV DWORD PTR SS:[EBP-4],0
00402E8668 DF2E4000 PUSH crackme2.00402EDF
00402E8BEB 38 JMP SHORT crackme2.00402EC5
00402E8D8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
00402E908D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00402E9351PUSH ECX
00402E9452PUSH EDX
00402E956A 02 PUSH 2
00402E97FF15 8C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStrList
00402E9D83C4 0C ADD ESP,0C
00402EA08D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
00402EA3FF15 B8104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
00402EA98D45 80 LEA EAX,DWORD PTR SS:[EBP-80]
00402EAC8D4D 90 LEA ECX,DWORD PTR SS:[EBP-70]
00402EAF50PUSH EAX
00402EB08D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
00402EB351PUSH ECX
00402EB48D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
00402EB752PUSH EDX
00402EB850PUSH EAX
00402EB96A 04 PUSH 4
00402EBBFF15 18104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
00402EC183C4 14 ADD ESP,14
00402EC4C3RETN

分析得:1 . 取每一位的用户名ASCII再 *2+0A
2.将ASCII总和 + 常量 0B437027 就是注册码~
70 65 6E 67 70 65 6E 67
*2
E0 CA DC CE E0 CA DC CE
+0A
EA D4 E6 D8 EA D4 E6 D8
相加=6F8
6F8+0B437027=B43771F
B43771F转换成10进制=注册码


用户名:pengpeng
注册码:188970783
学算法的找我交流交流

点评

我学算法,大牛一起交流交流吧。  发表于 2014-3-1 06:33

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

Tale 发表于 2008-10-11 18:08
本部分内容设定了隐藏,需要回复后才能看到 回复
Hmily 发表于 2008-10-11 18:18
mantoou 发表于 2008-10-11 18:28
kangye 发表于 2008-10-11 20:59
需要回复后才能看到 回复 [s:40]
zeger 发表于 2008-10-11 22:22
回复看看~~[s:40]
字符卟够呀
yunfeng 发表于 2008-10-12 08:12
看看是什么软件,是什么算法。
634504322 发表于 2008-10-12 11:01
是什么啊
奇怪期待啊
呵呵
zhoudongzhou 发表于 2008-10-12 13:48
看到算法的帖子必回复
jmzhwf 发表于 2008-10-12 21:26
这年头都隐藏起来搞地下战争了 [s:41]
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-11-23 03:38

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表