好友
阅读权限40
听众
最后登录1970-1-1
|
我是用户
发表于 2012-9-20 12:07
【文章标题】: 小宝音乐电子相册算法分析
【文章作者】: 我是用户
【软件名称】: 小宝音乐电子相册
【软件大小】: 1.07MB
【下载地址】: 自己搜索下载
【加壳方式】: Aspack
【编写语言】: VB
【操作平台】: XP SP2
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
程序的保护如下:
重启验证:在C:\Documents and Settings\Administrator\My Documents\小宝音乐电子相册\相册设置\XBalbum.ini里会保存注册码,重启起验证.
另外这个程序是明码比较,比较简单,所以我们跟下他的算法,看下他是怎么把明码算出来的.
根据机器码算注册码,位数和机器码保持一致.
005A1B60 $ 55 push ebp
005A1B61 . 8BEC mov ebp, esp
005A1B63 . 83EC 18 sub esp, 18
005A1B66 . 68 C6414000 push <jmp.&MSVBVM60.__vbaExceptHandler> ; SE handler installation
005A1B6B . 64:A1 0000000>mov eax, dword ptr fs:[0]
005A1B71 . 50 push eax
005A1B72 . 64:8925 00000>mov dword ptr fs:[0], esp
005A1B79 . B8 24010000 mov eax, 124
005A1B7E . E8 3D26E6FF call <jmp.&MSVBVM60.__vbaChkstk>
005A1B83 . 53 push ebx
005A1B84 . 56 push esi
005A1B85 . 57 push edi
005A1B86 . 8965 E8 mov dword ptr [ebp-18], esp
005A1B89 . C745 EC B8354>mov dword ptr [ebp-14], 004035B8 ; .
005A1B90 . C745 F0 00000>mov dword ptr [ebp-10], 0
005A1B97 . C745 F4 00000>mov dword ptr [ebp-C], 0
005A1B9E . C745 FC 01000>mov dword ptr [ebp-4], 1
005A1BA5 . C745 FC 02000>mov dword ptr [ebp-4], 2
005A1BAC . 6A FF push -1 ; /OnErrEvent = Resume Next
005A1BAE . FF15 D8104000 call dword ptr [<&MSVBVM60.__vbaOnError>] ; \__vbaOnError
005A1BB4 . C745 FC 03000>mov dword ptr [ebp-4], 3
005A1BBB . C785 30FFFFFF>mov dword ptr [ebp-D0], 1
005A1BC5 . C785 28FFFFFF>mov dword ptr [ebp-D8], 2
005A1BCF . C785 20FFFFFF>mov dword ptr [ebp-E0], 1
005A1BD9 . C785 18FFFFFF>mov dword ptr [ebp-E8], 2
005A1BE3 . 8D85 28FFFFFF lea eax, dword ptr [ebp-D8]
005A1BE9 . 50 push eax
005A1BEA . 8B55 0C mov edx, dword ptr [ebp+C]
005A1BED . 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8]
005A1BF3 . FF15 24104000 call dword ptr [<&MSVBVM60.__vbaVarVargNofree>] ; MSVBVM60.__vbaVarVargNofree
005A1BF9 . 50 push eax ; |/var18
005A1BFA . 8D8D 68FFFFFF lea ecx, dword ptr [ebp-98] ; ||
005A1C00 . 51 push ecx ; ||retBuffer8
005A1C01 . FF15 A0104000 call dword ptr [<&MSVBVM60.__vbaLenVar>] ; |\__vbaLenVar
005A1C07 . 50 push eax ; |End8
005A1C08 . 8D95 18FFFFFF lea edx, dword ptr [ebp-E8] ; |
005A1C0E . 52 push edx ; |Start8
005A1C0F . 8D85 F8FEFFFF lea eax, dword ptr [ebp-108] ; |
005A1C15 . 50 push eax ; |TMPend8
005A1C16 . 8D8D 08FFFFFF lea ecx, dword ptr [ebp-F8] ; |
005A1C1C . 51 push ecx ; |TMPstep8
005A1C1D . 8D55 AC lea edx, dword ptr [ebp-54] ; |
005A1C20 . 52 push edx ; |Counter8
005A1C21 . FF15 C0104000 call dword ptr [<&MSVBVM60.__vbaVarForInit>] ; \__vbaVarForInit
005A1C27 . 8985 C0FEFFFF mov dword ptr [ebp-140], eax
005A1C2D . E9 F0000000 jmp 005A1D22
005A1C32 > C745 FC 04000>mov dword ptr [ebp-4], 4
005A1C39 . C785 70FFFFFF>mov dword ptr [ebp-90], 1
005A1C43 . C785 68FFFFFF>mov dword ptr [ebp-98], 2
005A1C4D . 8D85 68FFFFFF lea eax, dword ptr [ebp-98]
005A1C53 . 50 push eax
005A1C54 . 8D4D AC lea ecx, dword ptr [ebp-54]
005A1C57 . 51 push ecx
005A1C58 . FF15 C4124000 call dword ptr [<&MSVBVM60.__vbaI4Var>] ; MSVBVM60.__vbaI4Var
005A1C5E . 50 push eax ; |Start
005A1C5F . 8B55 0C mov edx, dword ptr [ebp+C] ; |
005A1C62 . 52 push edx ; |dString8
005A1C63 . 8D85 58FFFFFF lea eax, dword ptr [ebp-A8] ; |
005A1C69 . 50 push eax ; |RetBUFFER
005A1C6A . FF15 30114000 call dword ptr [<&MSVBVM60.rtcMidCharVar>] ; \rtcMidCharVar
005A1C70 . 8D8D 58FFFFFF lea ecx, dword ptr [ebp-A8]
005A1C76 . 51 push ecx ; /String8
005A1C77 . 8D95 78FFFFFF lea edx, dword ptr [ebp-88] ; |
005A1C7D . 52 push edx ; |ARG2
005A1C7E . FF15 1C124000 call dword ptr [<&MSVBVM60.__vbaStrVarVal>] ; \__vbaStrVarVal
005A1C84 . 50 push eax ; /String
005A1C85 . FF15 60104000 call dword ptr [<&MSVBVM60.rtcAnsiValueBstr>] ; \rtcAnsiValueBstr
005A1C8B . 66:8985 30FFF>mov word ptr [ebp-D0], ax
005A1C92 . C785 28FFFFFF>mov dword ptr [ebp-D8], 2
005A1C9C . 8D95 28FFFFFF lea edx, dword ptr [ebp-D8]
005A1CA2 . 8D4D CC lea ecx, dword ptr [ebp-34]
005A1CA5 . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A1CAB . 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
005A1CB1 . FF15 64134000 call dword ptr [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005A1CB7 . 8D85 58FFFFFF lea eax, dword ptr [ebp-A8]
005A1CBD . 50 push eax
005A1CBE . 8D8D 68FFFFFF lea ecx, dword ptr [ebp-98]
005A1CC4 . 51 push ecx
005A1CC5 . 6A 02 push 2
005A1CC7 . FF15 4C104000 call dword ptr [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
005A1CCD . 83C4 0C add esp, 0C
005A1CD0 . C745 FC 05000>mov dword ptr [ebp-4], 5
005A1CD7 . 8D95 7CFFFFFF lea edx, dword ptr [ebp-84]
005A1CDD . 52 push edx ; /var18
005A1CDE . 8D45 CC lea eax, dword ptr [ebp-34] ; |
005A1CE1 . 50 push eax ; |var28
005A1CE2 . 8D8D 68FFFFFF lea ecx, dword ptr [ebp-98] ; |
005A1CE8 . 51 push ecx ; |saveto8
005A1CE9 . FF15 D8124000 call dword ptr [<&MSVBVM60.__vbaVarAdd>] ; \__vbaVarAdd
005A1CEF . 8BD0 mov edx, eax
005A1CF1 . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84]
005A1CF7 . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A1CFD . C745 FC 06000>mov dword ptr [ebp-4], 6
005A1D04 . 8D95 F8FEFFFF lea edx, dword ptr [ebp-108]
005A1D0A . 52 push edx ; /TMPend8
005A1D0B . 8D85 08FFFFFF lea eax, dword ptr [ebp-F8] ; |
005A1D11 . 50 push eax ; |TMPstep8
005A1D12 . 8D4D AC lea ecx, dword ptr [ebp-54] ; |
005A1D15 . 51 push ecx ; |Counter8
005A1D16 . FF15 58134000 call dword ptr [<&MSVBVM60.__vbaVarForNext>] ; \__vbaVarForNext
005A1D1C . 8985 C0FEFFFF mov dword ptr [ebp-140], eax
005A1D22 > 83BD C0FEFFFF>cmp dword ptr [ebp-140], 0
005A1D29 .^ 0F85 03FFFFFF jnz 005A1C32
005A1D2F . C745 FC 07000>mov dword ptr [ebp-4], 7 ; 变量4=7
005A1D36 . C785 40FFFFFF>mov dword ptr [ebp-C0], 9999999A
005A1D40 . C785 44FFFFFF>mov dword ptr [ebp-BC], 3FB99999 ; 浮点数0.1
005A1D4A . C785 38FFFFFF>mov dword ptr [ebp-C8], 5 ; C8=5(表示为浮点类型)
005A1D54 . C785 30FFFFFF>mov dword ptr [ebp-D0], 6 ; D0=6(字节值6)
005A1D5E . C785 28FFFFFF>mov dword ptr [ebp-D8], 2 ; D8=2(表示Byte)
005A1D68 . 8D95 7CFFFFFF lea edx, dword ptr [ebp-84] ; 变量84保存qm....的Ascii码之和
005A1D6E . 52 push edx ; /var18
005A1D6F . 8D85 38FFFFFF lea eax, dword ptr [ebp-C8] ; |
005A1D75 . 50 push eax ; |var28
005A1D76 . 8D8D 68FFFFFF lea ecx, dword ptr [ebp-98] ; |
005A1D7C . 51 push ecx ; |SaveTo8
005A1D7D . FF15 D0114000 call dword ptr [<&MSVBVM60.__vbaVarMul>] ; \__vbaVarMul
005A1D83 . 50 push eax ; /var18
005A1D84 . 8D95 28FFFFFF lea edx, dword ptr [ebp-D8] ; |
005A1D8A . 52 push edx ; |var28
005A1D8B . 8D85 58FFFFFF lea eax, dword ptr [ebp-A8] ; |
005A1D91 . 50 push eax ; |SaveToST
005A1D92 . FF15 00124000 call dword ptr [<&MSVBVM60.__vbaVarDiv>] ; \__vbaVarDiv
005A1D98 . 50 push eax
005A1D99 . 8D8D 48FFFFFF lea ecx, dword ptr [ebp-B8]
005A1D9F . 51 push ecx
005A1DA0 . FF15 74124000 call dword ptr [<&MSVBVM60.__vbaVarInt>] ; MSVBVM60.__vbaVarInt
005A1DA6 . 8BD0 mov edx, eax ; 取int给变量84
005A1DA8 . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84]
005A1DAE . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A1DB4 . C745 FC 08000>mov dword ptr [ebp-4], 8 ; 变量4=8
005A1DBB . 8D95 7CFFFFFF lea edx, dword ptr [ebp-84]
005A1DC1 . 8B4D 0C mov ecx, dword ptr [ebp+C]
005A1DC4 . FF15 A8104000 call dword ptr [<&MSVBVM60.__vbaVargVarCopy>] ; MSVBVM60.__vbaVargVarCopy
005A1DCA . C745 FC 09000>mov dword ptr [ebp-4], 9
005A1DD1 . C785 40FFFFFF>mov dword ptr [ebp-C0], 0
005A1DDB . C785 38FFFFFF>mov dword ptr [ebp-C8], 2 ; 变量C8=2(变量C0转成int类型)
005A1DE5 . 8D95 38FFFFFF lea edx, dword ptr [ebp-C8]
005A1DEB . 8D4D 8C lea ecx, dword ptr [ebp-74] ; 变量74=0
005A1DEE . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A1DF4 . C745 FC 0A000>mov dword ptr [ebp-4], 0A ; 作某种计数
005A1DFB . C785 30FFFFFF>mov dword ptr [ebp-D0], 1
005A1E05 . C785 28FFFFFF>mov dword ptr [ebp-D8], 2 ; 变量D8=2
005A1E0F . C785 20FFFFFF>mov dword ptr [ebp-E0], 1
005A1E19 . C785 18FFFFFF>mov dword ptr [ebp-E8], 2 ; 变量E8=2
005A1E23 . 8D95 28FFFFFF lea edx, dword ptr [ebp-D8]
005A1E29 . 52 push edx
005A1E2A . 8B55 08 mov edx, dword ptr [ebp+8]
005A1E2D . 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8] ; 取机器码长度
005A1E33 . FF15 24104000 call dword ptr [<&MSVBVM60.__vbaVarVargNofree>] ; MSVBVM60.__vbaVarVargNofree
005A1E39 . 50 push eax ; |/var18
005A1E3A . 8D85 68FFFFFF lea eax, dword ptr [ebp-98] ; ||
005A1E40 . 50 push eax ; ||retBuffer8
005A1E41 . FF15 A0104000 call dword ptr [<&MSVBVM60.__vbaLenVar>] ; |\__vbaLenVar
005A1E47 . 50 push eax ; |End8
005A1E48 . 8D8D 18FFFFFF lea ecx, dword ptr [ebp-E8] ; |
005A1E4E . 51 push ecx ; |Start8
005A1E4F . 8D95 D8FEFFFF lea edx, dword ptr [ebp-128] ; |
005A1E55 . 52 push edx ; |TMPend8
005A1E56 . 8D85 E8FEFFFF lea eax, dword ptr [ebp-118] ; |
005A1E5C . 50 push eax ; |TMPstep8
005A1E5D . 8D4D 9C lea ecx, dword ptr [ebp-64] ; |
005A1E60 . 51 push ecx ; |Counter8
005A1E61 . FF15 C0104000 call dword ptr [<&MSVBVM60.__vbaVarForInit>] ; \__vbaVarForInit
005A1E67 . 8985 BCFEFFFF mov dword ptr [ebp-144], eax
005A1E6D . E9 75050000 jmp 005A23E7
005A1E72 > C745 FC 0B000>mov dword ptr [ebp-4], 0B ; 变量4为B
005A1E79 . C785 70FFFFFF>mov dword ptr [ebp-90], 1
005A1E83 . C785 68FFFFFF>mov dword ptr [ebp-98], 2 ; 变量98为1
005A1E8D . 8D95 68FFFFFF lea edx, dword ptr [ebp-98]
005A1E93 . 52 push edx
005A1E94 . 8D45 9C lea eax, dword ptr [ebp-64]
005A1E97 . 50 push eax
005A1E98 . FF15 C4124000 call dword ptr [<&MSVBVM60.__vbaI4Var>] ; MSVBVM60.__vbaI4Var
005A1E9E . 50 push eax ; |Start
005A1E9F . 8B4D 08 mov ecx, dword ptr [ebp+8] ; |
005A1EA2 . 51 push ecx ; |dString8
005A1EA3 . 8D95 58FFFFFF lea edx, dword ptr [ebp-A8] ; |
005A1EA9 . 52 push edx ; |RetBUFFER
005A1EAA . FF15 30114000 call dword ptr [<&MSVBVM60.rtcMidCharVar>] ; \rtcMidCharVar
005A1EB0 . 8D85 58FFFFFF lea eax, dword ptr [ebp-A8] ; 依次取机器码的每一次
005A1EB6 . 50 push eax ; /String8
005A1EB7 . 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88] ; |
005A1EBD . 51 push ecx ; |ARG2
005A1EBE . FF15 1C124000 call dword ptr [<&MSVBVM60.__vbaStrVarVal>] ; \__vbaStrVarVal
005A1EC4 . 50 push eax ; /String
005A1EC5 . FF15 60104000 call dword ptr [<&MSVBVM60.rtcAnsiValueBstr>] ; \rtcAnsiValueBstr
005A1ECB . 66:8985 30FFF>mov word ptr [ebp-D0], ax ; 转成ascii码
005A1ED2 . C785 28FFFFFF>mov dword ptr [ebp-D8], 2 ; 变量D8为ASCII码
005A1EDC . 8D95 28FFFFFF lea edx, dword ptr [ebp-D8]
005A1EE2 . 8D4D CC lea ecx, dword ptr [ebp-34] ; 变量34为ASCII码
005A1EE5 . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A1EEB . 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
005A1EF1 . FF15 64134000 call dword ptr [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005A1EF7 . 8D95 58FFFFFF lea edx, dword ptr [ebp-A8]
005A1EFD . 52 push edx
005A1EFE . 8D85 68FFFFFF lea eax, dword ptr [ebp-98]
005A1F04 . 50 push eax
005A1F05 . 6A 02 push 2
005A1F07 . FF15 4C104000 call dword ptr [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
005A1F0D . 83C4 0C add esp, 0C
005A1F10 . C745 FC 0C000>mov dword ptr [ebp-4], 0C
005A1F17 . C785 40FFFFFF>mov dword ptr [ebp-C0], 1
005A1F21 . C785 38FFFFFF>mov dword ptr [ebp-C8], 2 ; 变量C8=1
005A1F2B . 8D4D 8C lea ecx, dword ptr [ebp-74] ; 变量74=0
005A1F2E . 51 push ecx ; /var18
005A1F2F . 8D95 38FFFFFF lea edx, dword ptr [ebp-C8] ; |
005A1F35 . 52 push edx ; |var28
005A1F36 . 8D85 68FFFFFF lea eax, dword ptr [ebp-98] ; |
005A1F3C . 50 push eax ; |saveto8
005A1F3D . FF15 D8124000 call dword ptr [<&MSVBVM60.__vbaVarAdd>] ; \__vbaVarAdd
005A1F43 . 8BD0 mov edx, eax ; 变量98=变量74+c8=0+1=1
005A1F45 . 8D4D 8C lea ecx, dword ptr [ebp-74]
005A1F48 . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A1F4E . C745 FC 0D000>mov dword ptr [ebp-4], 0D ; 保存在74里面
005A1F55 . C785 40FFFFFF>mov dword ptr [ebp-C0], 6 ; 6
005A1F5F . C785 38FFFFFF>mov dword ptr [ebp-C8], 8002
005A1F69 . 8D4D 8C lea ecx, dword ptr [ebp-74]
005A1F6C . 51 push ecx ; /var18
005A1F6D . 8D95 38FFFFFF lea edx, dword ptr [ebp-C8] ; |
005A1F73 . 52 push edx ; |var28
005A1F74 . FF15 64114000 call dword ptr [<&MSVBVM60.__vbaVarTstEq>] ; \__vbaVarTstEq
005A1F7A . 0FBFC0 movsx eax, ax ; 前面相加的和与6是否相等
005A1F7D . 85C0 test eax, eax
005A1F7F . 74 2A je short 005A1FAB ; 如果变量74=6,那么变量74=0
005A1F81 . C745 FC 0E000>mov dword ptr [ebp-4], 0E
005A1F88 . C785 40FFFFFF>mov dword ptr [ebp-C0], 0
005A1F92 . C785 38FFFFFF>mov dword ptr [ebp-C8], 2 ; 变量C8=0
005A1F9C . 8D95 38FFFFFF lea edx, dword ptr [ebp-C8]
005A1FA2 . 8D4D 8C lea ecx, dword ptr [ebp-74]
005A1FA5 . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A1FAB > C745 FC 10000>mov dword ptr [ebp-4], 10
005A1FB2 . C785 40FFFFFF>mov dword ptr [ebp-C0], 0
005A1FBC . C785 38FFFFFF>mov dword ptr [ebp-C8], 2
005A1FC6 . 8D95 38FFFFFF lea edx, dword ptr [ebp-C8]
005A1FCC . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84] ; 变量84=0
005A1FD2 . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A1FD8 . C745 FC 11000>mov dword ptr [ebp-4], 11
005A1FDF . C785 40FFFFFF>mov dword ptr [ebp-C0], 0 ; 0
005A1FE9 . C785 38FFFFFF>mov dword ptr [ebp-C8], 8002 ; 变量C8=0
005A1FF3 . 8D4D 8C lea ecx, dword ptr [ebp-74]
005A1FF6 . 51 push ecx ; /var18
005A1FF7 . 8D95 38FFFFFF lea edx, dword ptr [ebp-C8] ; |
005A1FFD . 52 push edx ; |var28
005A1FFE . FF15 64114000 call dword ptr [<&MSVBVM60.__vbaVarTstEq>] ; \__vbaVarTstEq
005A2004 . 0FBFC0 movsx eax, ax ; 前面相加的和与0进行比较
005A2007 . 85C0 test eax, eax
005A2009 . 74 5F je short 005A206A
005A200B . C745 FC 12000>mov dword ptr [ebp-4], 12
005A2012 . C785 40FFFFFF>mov dword ptr [ebp-C0], 2
005A201C . C785 38FFFFFF>mov dword ptr [ebp-C8], 2 ; 变量C8=2
005A2026 . 8D4D CC lea ecx, dword ptr [ebp-34]
005A2029 . 51 push ecx
005A202A . 8B55 0C mov edx, dword ptr [ebp+C]
005A202D . 8D8D 28FFFFFF lea ecx, dword ptr [ebp-D8]
005A2033 . FF15 24104000 call dword ptr [<&MSVBVM60.__vbaVarVargNofree>] ; MSVBVM60.__vbaVarVargNofree
005A2039 . 50 push eax ; |/var18
005A203A . 8D95 38FFFFFF lea edx, dword ptr [ebp-C8] ; ||
005A2040 . 52 push edx ; ||var28
005A2041 . 8D85 68FFFFFF lea eax, dword ptr [ebp-98] ; ||11-2=9
005A2047 . 50 push eax ; ||SaveTo8
005A2048 . FF15 04104000 call dword ptr [<&MSVBVM60.__vbaVarSub>] ; |\__vbaVarSub
005A204E . 50 push eax ; |var28
005A204F . 8D8D 58FFFFFF lea ecx, dword ptr [ebp-A8] ; |
005A2055 . 51 push ecx ; |SaveTo8
005A2056 . FF15 04104000 call dword ptr [<&MSVBVM60.__vbaVarSub>] ; \__vbaVarSub
005A205C . 8BD0 mov edx, eax
005A205E . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84]
005A2064 . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A206A > C745 FC 14000>mov dword ptr [ebp-4], 14
005A2071 . C785 40FFFFFF>mov dword ptr [ebp-C0], 1
005A207B . C785 38FFFFFF>mov dword ptr [ebp-C8], 8002
005A2085 . 8D55 8C lea edx, dword ptr [ebp-74]
005A2088 . 52 push edx ; /var18
005A2089 . 8D85 38FFFFFF lea eax, dword ptr [ebp-C8] ; |
005A208F . 50 push eax ; |var28
005A2090 . FF15 64114000 call dword ptr [<&MSVBVM60.__vbaVarTstEq>] ; \__vbaVarTstEq
005A2096 . 0FBFC8 movsx ecx, ax
005A2099 . 85C9 test ecx, ecx
005A209B . 74 5F je short 005A20FC
005A209D . C745 FC 15000>mov dword ptr [ebp-4], 15
005A20A4 . C785 40FFFFFF>mov dword ptr [ebp-C0], 5
005A20AE . C785 38FFFFFF>mov dword ptr [ebp-C8], 2 ; 变量C8=5
005A20B8 . 8D55 CC lea edx, dword ptr [ebp-34]
005A20BB . 52 push edx
005A20BC . 8B55 0C mov edx, dword ptr [ebp+C]
005A20BF . 8D8D 28FFFFFF lea ecx, dword ptr [ebp-D8]
005A20C5 . FF15 24104000 call dword ptr [<&MSVBVM60.__vbaVarVargNofree>] ; MSVBVM60.__vbaVarVargNofree
005A20CB . 50 push eax ; |/var18
005A20CC . 8D85 38FFFFFF lea eax, dword ptr [ebp-C8] ; ||
005A20D2 . 50 push eax ; ||var28
005A20D3 . 8D8D 68FFFFFF lea ecx, dword ptr [ebp-98] ; ||
005A20D9 . 51 push ecx ; ||SaveTo8
005A20DA . FF15 04104000 call dword ptr [<&MSVBVM60.__vbaVarSub>] ; |\__vbaVarSub
005A20E0 . 50 push eax ; |var28
005A20E1 . 8D95 58FFFFFF lea edx, dword ptr [ebp-A8] ; |
005A20E7 . 52 push edx ; |saveto8
005A20E8 . FF15 D8124000 call dword ptr [<&MSVBVM60.__vbaVarAdd>] ; \__vbaVarAdd
005A20EE . 8BD0 mov edx, eax
005A20F0 . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84]
005A20F6 . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A20FC > C745 FC 17000>mov dword ptr [ebp-4], 17
005A2103 . C785 40FFFFFF>mov dword ptr [ebp-C0], 2
005A210D . C785 38FFFFFF>mov dword ptr [ebp-C8], 8002
005A2117 . 8D45 8C lea eax, dword ptr [ebp-74]
005A211A . 50 push eax ; /var18
005A211B . 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8] ; |
005A2121 . 51 push ecx ; |var28
005A2122 . FF15 64114000 call dword ptr [<&MSVBVM60.__vbaVarTstEq>] ; \__vbaVarTstEq
005A2128 . 0FBFD0 movsx edx, ax ; 变量74与2比较
005A212B . 85D2 test edx, edx
005A212D . 74 5F je short 005A218E ; 不等就跳
005A212F . C745 FC 18000>mov dword ptr [ebp-4], 18
005A2136 . C785 40FFFFFF>mov dword ptr [ebp-C0], 4
005A2140 . C785 38FFFFFF>mov dword ptr [ebp-C8], 2
005A214A . 8D45 CC lea eax, dword ptr [ebp-34]
005A214D . 50 push eax
005A214E . 8B55 0C mov edx, dword ptr [ebp+C]
005A2151 . 8D8D 28FFFFFF lea ecx, dword ptr [ebp-D8]
005A2157 . FF15 24104000 call dword ptr [<&MSVBVM60.__vbaVarVargNofree>] ; MSVBVM60.__vbaVarVargNofree
005A215D . 50 push eax ; |/var18
005A215E . 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8] ; ||
005A2164 . 51 push ecx ; ||var28
005A2165 . 8D95 68FFFFFF lea edx, dword ptr [ebp-98] ; ||
005A216B . 52 push edx ; ||SaveTo8
005A216C . FF15 04104000 call dword ptr [<&MSVBVM60.__vbaVarSub>] ; |\__vbaVarSub
005A2172 . 50 push eax ; |var28
005A2173 . 8D85 58FFFFFF lea eax, dword ptr [ebp-A8] ; |
005A2179 . 50 push eax ; |SaveTo8
005A217A . FF15 04104000 call dword ptr [<&MSVBVM60.__vbaVarSub>] ; \__vbaVarSub
005A2180 . 8BD0 mov edx, eax
005A2182 . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84]
005A2188 . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A218E > C745 FC 1A000>mov dword ptr [ebp-4], 1A
005A2195 . C785 40FFFFFF>mov dword ptr [ebp-C0], 3
005A219F . C785 38FFFFFF>mov dword ptr [ebp-C8], 8002 ; 变量C8=3
005A21A9 . 8D4D 8C lea ecx, dword ptr [ebp-74]
005A21AC . 51 push ecx ; /var18
005A21AD . 8D95 38FFFFFF lea edx, dword ptr [ebp-C8] ; |
005A21B3 . 52 push edx ; |var28
005A21B4 . FF15 64114000 call dword ptr [<&MSVBVM60.__vbaVarTstEq>] ; \__vbaVarTstEq
005A21BA . 0FBFC0 movsx eax, ax
005A21BD . 85C0 test eax, eax
005A21BF . 74 5F je short 005A2220 ; 不等就跳
005A21C1 . C745 FC 1B000>mov dword ptr [ebp-4], 1B
005A21C8 . C785 40FFFFFF>mov dword ptr [ebp-C0], 2
005A21D2 . C785 38FFFFFF>mov dword ptr [ebp-C8], 2
005A21DC . 8D4D CC lea ecx, dword ptr [ebp-34]
005A21DF . 51 push ecx
005A21E0 . 8B55 0C mov edx, dword ptr [ebp+C]
005A21E3 . 8D8D 28FFFFFF lea ecx, dword ptr [ebp-D8]
005A21E9 . FF15 24104000 call dword ptr [<&MSVBVM60.__vbaVarVargNofree>] ; MSVBVM60.__vbaVarVargNofree
005A21EF . 50 push eax ; |/var18
005A21F0 . 8D95 38FFFFFF lea edx, dword ptr [ebp-C8] ; ||
005A21F6 . 52 push edx ; ||var28
005A21F7 . 8D85 68FFFFFF lea eax, dword ptr [ebp-98] ; ||
005A21FD . 50 push eax ; ||SaveTo8
005A21FE . FF15 04104000 call dword ptr [<&MSVBVM60.__vbaVarSub>] ; |\__vbaVarSub
005A2204 . 50 push eax ; |var28
005A2205 . 8D8D 58FFFFFF lea ecx, dword ptr [ebp-A8] ; |
005A220B . 51 push ecx ; |saveto8
005A220C . FF15 D8124000 call dword ptr [<&MSVBVM60.__vbaVarAdd>] ; \__vbaVarAdd
005A2212 . 8BD0 mov edx, eax
005A2214 . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84]
005A221A . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A2220 > C745 FC 1D000>mov dword ptr [ebp-4], 1D
005A2227 . C785 40FFFFFF>mov dword ptr [ebp-C0], 4
005A2231 . C785 38FFFFFF>mov dword ptr [ebp-C8], 8002 ; 变量C8=4
005A223B . 8D55 8C lea edx, dword ptr [ebp-74]
005A223E . 52 push edx ; /var18
005A223F . 8D85 38FFFFFF lea eax, dword ptr [ebp-C8] ; |
005A2245 . 50 push eax ; |var28
005A2246 . FF15 64114000 call dword ptr [<&MSVBVM60.__vbaVarTstEq>] ; \__vbaVarTstEq
005A224C . 0FBFC8 movsx ecx, ax
005A224F . 85C9 test ecx, ecx
005A2251 . 74 5F je short 005A22B2
005A2253 . C745 FC 1E000>mov dword ptr [ebp-4], 1E
005A225A . C785 40FFFFFF>mov dword ptr [ebp-C0], 3
005A2264 . C785 38FFFFFF>mov dword ptr [ebp-C8], 2
005A226E . 8D55 CC lea edx, dword ptr [ebp-34]
005A2271 . 52 push edx
005A2272 . 8B55 0C mov edx, dword ptr [ebp+C]
005A2275 . 8D8D 28FFFFFF lea ecx, dword ptr [ebp-D8]
005A227B . FF15 24104000 call dword ptr [<&MSVBVM60.__vbaVarVargNofree>] ; MSVBVM60.__vbaVarVargNofree
005A2281 . 50 push eax ; |/var18
005A2282 . 8D85 38FFFFFF lea eax, dword ptr [ebp-C8] ; ||
005A2288 . 50 push eax ; ||var28
005A2289 . 8D8D 68FFFFFF lea ecx, dword ptr [ebp-98] ; ||
005A228F . 51 push ecx ; ||SaveTo8
005A2290 . FF15 04104000 call dword ptr [<&MSVBVM60.__vbaVarSub>] ; |\__vbaVarSub
005A2296 . 50 push eax ; |var28
005A2297 . 8D95 58FFFFFF lea edx, dword ptr [ebp-A8] ; |
005A229D . 52 push edx ; |SaveTo8
005A229E . FF15 04104000 call dword ptr [<&MSVBVM60.__vbaVarSub>] ; \__vbaVarSub
005A22A4 . 8BD0 mov edx, eax
005A22A6 . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84]
005A22AC . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A22B2 > C745 FC 20000>mov dword ptr [ebp-4], 20
005A22B9 . C785 40FFFFFF>mov dword ptr [ebp-C0], 5
005A22C3 . C785 38FFFFFF>mov dword ptr [ebp-C8], 8002 ; 变量C8=5
005A22CD . 8D45 8C lea eax, dword ptr [ebp-74]
005A22D0 . 50 push eax ; /var18
005A22D1 . 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8] ; |
005A22D7 . 51 push ecx ; |var28
005A22D8 . FF15 64114000 call dword ptr [<&MSVBVM60.__vbaVarTstEq>] ; \__vbaVarTstEq
005A22DE . 0FBFD0 movsx edx, ax
005A22E1 . 85D2 test edx, edx
005A22E3 . 74 5F je short 005A2344 ; 不等就跳
005A22E5 . C745 FC 21000>mov dword ptr [ebp-4], 21
005A22EC . C785 40FFFFFF>mov dword ptr [ebp-C0], 5
005A22F6 . C785 38FFFFFF>mov dword ptr [ebp-C8], 2
005A2300 . 8D45 CC lea eax, dword ptr [ebp-34]
005A2303 . 50 push eax
005A2304 . 8B55 0C mov edx, dword ptr [ebp+C]
005A2307 . 8D8D 28FFFFFF lea ecx, dword ptr [ebp-D8]
005A230D . FF15 24104000 call dword ptr [<&MSVBVM60.__vbaVarVargNofree>] ; MSVBVM60.__vbaVarVargNofree
005A2313 . 50 push eax ; |/var18
005A2314 . 8D8D 38FFFFFF lea ecx, dword ptr [ebp-C8] ; ||
005A231A . 51 push ecx ; ||var28
005A231B . 8D95 68FFFFFF lea edx, dword ptr [ebp-98] ; ||
005A2321 . 52 push edx ; ||SaveTo8
005A2322 . FF15 04104000 call dword ptr [<&MSVBVM60.__vbaVarSub>] ; |\__vbaVarSub
005A2328 . 50 push eax ; |var28
005A2329 . 8D85 58FFFFFF lea eax, dword ptr [ebp-A8] ; |
005A232F . 50 push eax ; |saveto8
005A2330 . FF15 D8124000 call dword ptr [<&MSVBVM60.__vbaVarAdd>] ; \__vbaVarAdd
005A2336 . 8BD0 mov edx, eax
005A2338 . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84]
005A233E . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A2344 > C745 FC 23000>mov dword ptr [ebp-4], 23
005A234B . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84] ; 变量84经过相加后的ASCII码
005A2351 . 51 push ecx ; /var18
005A2352 . 8D55 8C lea edx, dword ptr [ebp-74] ; |
005A2355 . 52 push edx ; |var28
005A2356 . 8D85 68FFFFFF lea eax, dword ptr [ebp-98] ; |
005A235C . 50 push eax ; |saveto8
005A235D . FF15 D8124000 call dword ptr [<&MSVBVM60.__vbaVarAdd>] ; \__vbaVarAdd
005A2363 . 8BD0 mov edx, eax ; 变量98=变量74+84
005A2365 . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84]
005A236B . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A2371 . C745 FC 24000>mov dword ptr [ebp-4], 24
005A2378 . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84]
005A237E . 51 push ecx
005A237F . FF15 C4124000 call dword ptr [<&MSVBVM60.__vbaI4Var>] ; MSVBVM60.__vbaI4Var
005A2385 . 50 push eax ; 转成long
005A2386 . 8D95 68FFFFFF lea edx, dword ptr [ebp-98]
005A238C . 52 push edx
005A238D . FF15 04124000 call dword ptr [<&MSVBVM60.rtcVarBstrFromAnsi>] ; MSVBVM60.rtcVarBstrFromAnsi
005A2393 . 8D45 BC lea eax, dword ptr [ebp-44]
005A2396 . 50 push eax
005A2397 . 8D8D 68FFFFFF lea ecx, dword ptr [ebp-98]
005A239D . 51 push ecx
005A239E . 8D95 58FFFFFF lea edx, dword ptr [ebp-A8]
005A23A4 . 52 push edx
005A23A5 . FF15 24124000 call dword ptr [<&MSVBVM60.__vbaVarCat>] ; MSVBVM60.__vbaVarCat
005A23AB . 8BD0 mov edx, eax
005A23AD . 8D4D BC lea ecx, dword ptr [ebp-44]
005A23B0 . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaVarMove>] ; MSVBVM60.__vbaVarMove
005A23B6 . 8D8D 68FFFFFF lea ecx, dword ptr [ebp-98]
005A23BC . FF15 28104000 call dword ptr [<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
005A23C2 . C745 FC 25000>mov dword ptr [ebp-4], 25
005A23C9 . 8D85 D8FEFFFF lea eax, dword ptr [ebp-128]
005A23CF . 50 push eax ; /TMPend8
005A23D0 . 8D8D E8FEFFFF lea ecx, dword ptr [ebp-118] ; |
005A23D6 . 51 push ecx ; |TMPstep8
005A23D7 . 8D55 9C lea edx, dword ptr [ebp-64] ; |
005A23DA . 52 push edx ; |Counter8
005A23DB . FF15 58134000 call dword ptr [<&MSVBVM60.__vbaVarForNext>] ; \__vbaVarForNext
005A23E1 . 8985 BCFEFFFF mov dword ptr [ebp-144], eax
005A23E7 > 83BD BCFEFFFF>cmp dword ptr [ebp-144], 0
005A23EE .^ 0F85 7EFAFFFF jnz 005A1E72 ; 以上for计算注册码
005A23F4 . C745 FC 26000>mov dword ptr [ebp-4], 26
005A23FB . 8D45 BC lea eax, dword ptr [ebp-44]
005A23FE . 50 push eax
005A23FF . FF15 2C134000 call dword ptr [<&MSVBVM60.__vbaStrVarCopy>] ; MSVBVM60.__vbaStrVarCopy
005A2405 . 8BD0 mov edx, eax
005A2407 . 8D4D DC lea ecx, dword ptr [ebp-24]
005A240A . FF15 1C134000 call dword ptr [<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005A2410 . 9B wait
005A2411 . 68 B9245A00 push 005A24B9
005A2416 . EB 40 jmp short 005A2458
005A2418 . 8B4D F0 mov ecx, dword ptr [ebp-10]
005A241B . 83E1 04 and ecx, 4
005A241E . 85C9 test ecx, ecx
005A2420 . 74 09 je short 005A242B
005A2422 . 8D4D DC lea ecx, dword ptr [ebp-24]
005A2425 . FF15 64134000 call dword ptr [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005A242B > 8D8D 78FFFFFF lea ecx, dword ptr [ebp-88]
005A2431 . FF15 64134000 call dword ptr [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005A2437 . 8D95 48FFFFFF lea edx, dword ptr [ebp-B8]
005A243D . 52 push edx
005A243E . 8D85 58FFFFFF lea eax, dword ptr [ebp-A8]
005A2444 . 50 push eax
005A2445 . 8D8D 68FFFFFF lea ecx, dword ptr [ebp-98]
005A244B . 51 push ecx
005A244C . 6A 03 push 3
005A244E . FF15 4C104000 call dword ptr [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
005A2454 . 83C4 10 add esp, 10
005A2457 . C3 retn
005A2458 > 8D95 D8FEFFFF lea edx, dword ptr [ebp-128]
005A245E . 52 push edx
005A245F . 8D85 E8FEFFFF lea eax, dword ptr [ebp-118]
005A2465 . 50 push eax
005A2466 . 8D8D F8FEFFFF lea ecx, dword ptr [ebp-108]
005A246C . 51 push ecx
005A246D . 8D95 08FFFFFF lea edx, dword ptr [ebp-F8]
005A2473 . 52 push edx
005A2474 . 6A 04 push 4
005A2476 . FF15 4C104000 call dword ptr [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
005A247C . 83C4 14 add esp, 14
005A247F . 8D4D CC lea ecx, dword ptr [ebp-34]
005A2482 . FF15 28104000 call dword ptr [<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
005A2488 . 8D4D BC lea ecx, dword ptr [ebp-44]
005A248B . FF15 28104000 call dword ptr [<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
005A2491 . 8D4D AC lea ecx, dword ptr [ebp-54]
005A2494 . FF15 28104000 call dword ptr [<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
005A249A . 8D4D 9C lea ecx, dword ptr [ebp-64]
005A249D . FF15 28104000 call dword ptr [<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
005A24A3 . 8D4D 8C lea ecx, dword ptr [ebp-74]
005A24A6 . FF15 28104000 call dword ptr [<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
005A24AC . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84]
005A24B2 . FF15 28104000 call dword ptr [<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
005A24B8 . C3 retn
005A24B9 . 8B45 DC mov eax, dword ptr [ebp-24] ; eax为注册码
005A24BC . 8B4D E0 mov ecx, dword ptr [ebp-20]
005A24BF . 64:890D 00000>mov dword ptr fs:[0], ecx
005A24C6 . 5F pop edi
005A24C7 . 5E pop esi
005A24C8 . 5B pop ebx
005A24C9 . 8BE5 mov esp, ebp
005A24CB . 5D pop ebp
005A24CC . C2 0800 retn 8
其实算法很简单,就是VB的程序分析起来很烦人,c++代码如下:
void CMyDlg::OnButton1()
{
// TODO: Add your control notification handler code here
UpdateData();
char key1[]="QMszAlb";
char machine[512]="",key[512]="";
DWORD keyAscii=0,key2=0,key3=0,temp;
strcpy(machine,m_machine);
for (int i=0;i<strlen(key1);i++)
{
keyAscii=keyAscii+key1[i];
}
key2=keyAscii/10/6;
for (i=0;i<strlen(machine);i++)
{
temp=machine[i];
key3++;
if (key3==6)
{
key3=0;
}
if (key3==0)
{
temp=temp-9;
}
if (key3==1)
{
temp=temp+6;
}
if (key3==2)
{
temp=temp-7;
}
if (key3==3)
{
temp=temp+9;
}
if (key3==4)
{
temp=temp-8;
}
if (key3==5)
{
temp=temp+6;
}
key[i]=char(temp+key3);
}
m_key=key;
UpdateData(FALSE);
【版权声明】: 本文原创于我是用户, 转载请注明作者并保持文章的完整, 谢谢!
2012年09月19日 10:18:46
|
免费评分
-
查看全部评分
|
发表于 2012-9-20 12:33
|
发表于 2012-9-20 13:02
