好友
阅读权限30
听众
最后登录1970-1-1
|
小黑冰
发表于 2008-8-28 09:41
来吧,算法入门连载(七)
修改时间:2008年6月1日(星期天) 晚上11:34 | 分类:经典算法 | 字数:18120 | 发送到我的Qzone | 另存为...
[ 录入者:admin | 时间:2008-03-09 00:41:24 | 作者:冷血书生 | 来源:http://www.crack520.cn | 浏览:164次 ]
【破解日期】 2007年2月18日
【破解作者】 冷血书生
【作者邮箱】 meiyou
【作者主页】 http://www.crack520.cn
【使用工具】 OD
【破解平台】 Win9x/NT/2000/XP
【软件名称】 [PYG]CrackMe#1
【下载地址】
【软件大小】 74kb
【加壳方式】 ASPack 2.12
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
0041D44F push ecx ; /Arg2
0041D450 push edx ; |Arg1
0041D451 mov dword ptr ss:[ebp-F8],ebx; |
0041D457 mov dword ptr ss:[ebp-100],8002; |
0041D461 call dword ptr ds:[<&MSVBVM60.__vbaLen>; \__vbaLenVar
0041D467 push eax
0041D468 lea eax,dword ptr ss:[ebp-100]
0041D46E push eax
0041D46F call dword ptr ds:[<&MSVBVM60.__vbaVar>;MSVBVM60.__vbaVarTstEq
0041D475 test ax,ax ;是否输入用户名?
0041D478 je short [PYG]Cra.0041D49F ;没就OVER
0041D47A mov esi,dword ptr ss:[ebp+8]
0041D47D lea edx,dword ptr ss:[ebp-8C]
0041D483 push edx
0041D484 push esi
0041D485 mov ecx,dword ptr ds:[esi]
0041D487 call dword ptr ds:[ecx+6FC]
0041D48D cmp eax,ebx
0041D48F jge [PYG]Cra.0041DC96
0041D495 push 6FC
0041D49A jmp [PYG]Cra.0041DC89
0041D49F mov eax,dword ptr ss:[ebp+8]
0041D4A2 mov dword ptr ds:[eax+34],ebx
0041D4A5 mov ecx,dword ptr ss:[ebp+8]
0041D4A8 mov eax,dword ptr ds:[ecx+34]
0041D4AB mov ecx,3
0041D4B0 cmp eax,ecx
0041D4B2 jg [PYG]Cra.0041D612
0041D4B8 mov edx,dword ptr ss:[ebp-38]
0041D4BB lea ecx,dword ptr ss:[ebp-8C]
0041D4C1 add eax,1
0041D4C4 mov dword ptr ss:[ebp-108],edx
0041D4CA push ecx ; /Arg4
0041D4CB lea edx,dword ptr ss:[ebp-24]; |
0041D4CE jo [PYG]Cra.0041DD71 ; |
0041D4D4 push eax ; |Arg3
0041D4D5 lea eax,dword ptr ss:[ebp-9C]; |
0041D4DB push edx ; |Arg2
0041D4DC push eax ; |Arg1
0041D4DD mov dword ptr ss:[ebp-110],8 ; |
0041D4E7 mov dword ptr ss:[ebp-84],1; |
0041D4F1 mov dword ptr ss:[ebp-8C],edi; |
0041D4F7 call dword ptr ds:[<&MSVBVM60.rtcMidCh>; \rtcMidCharVar
0041D4FD mov ecx,dword ptr ss:[ebp+8]
0041D500 lea eax,dword ptr ds:[ecx+64]
0041D503 mov eax,dword ptr ds:[ecx+64]
0041D506 cmp eax,ebx
0041D508 je short [PYG]Cra.0041D53A
0041D50A cmp word ptr ds:[eax],1
0041D50E jnz short [PYG]Cra.0041D53A
0041D510 mov edx,ecx
0041D512 mov ecx,dword ptr ds:[edx+34]
0041D515 mov edx,dword ptr ds:[eax+14]
0041D518 sub ecx,edx
0041D51A mov edx,dword ptr ds:[eax+10]
0041D51D cmp ecx,edx
0041D51F mov dword ptr ss:[ebp-284],ecx
0041D525 jb short [PYG]Cra.0041D533
0041D527 call dword ptr ds:[<&MSVBVM60.__vbaGen>;MSVBVM60.__vbaGenerateBoundsError
0041D52D mov ecx,dword ptr ss:[ebp-284]
0041D533 shl ecx,4
0041D536 mov eax,ecx
0041D538 jmp short [PYG]Cra.0041D540
0041D53A call dword ptr ds:[<&MSVBVM60.__vbaGen>;MSVBVM60.__vbaGenerateBoundsError
0041D540 mov ecx,dword ptr ss:[ebp+8]
0041D543 mov dword ptr ss:[ebp-118],0AC
0041D54D add ecx,64
0041D550 mov dword ptr ss:[ebp-120],edi
0041D556 mov edx,dword ptr ds:[ecx]
0041D558 mov ecx,dword ptr ds:[edx+C]
0041D55B lea edx,dword ptr ss:[ebp-120]
0041D561 add ecx,eax
0041D563 lea eax,dword ptr ss:[ebp-BC]
0041D569 push ecx
0041D56A push edx
0041D56B push eax
0041D56C call dword ptr ds:[<&MSVBVM60.__vbaVar>;MSVBVM60.__vbaVarXor
0041D572 push eax
0041D573 call dword ptr ds:[<&MSVBVM60.__vbaI4V>;MSVBVM60.__vbaI4Var
0041D579 lea ecx,dword ptr ss:[ebp-CC]
0041D57F push eax
0041D580 push ecx
0041D581 call dword ptr ds:[<&MSVBVM60.rtcVarBs>;MSVBVM60.rtcVarBstrFromAnsi
0041D587 lea edx,dword ptr ss:[ebp-110]
0041D58D lea eax,dword ptr ss:[ebp-9C]
0041D593 push edx
0041D594 lea ecx,dword ptr ss:[ebp-AC]
0041D59A push eax
0041D59B push ecx
0041D59C call dword ptr ds:[<&MSVBVM60.__vbaVar>;MSVBVM60.__vbaVarCat
0041D5A2 push eax
0041D5A3 lea edx,dword ptr ss:[ebp-CC]
0041D5A9 lea eax,dword ptr ss:[ebp-DC]
0041D5AF push edx
0041D5B0 push eax
0041D5B1 call dword ptr ds:[<&MSVBVM60.__vbaVar>;MSVBVM60.__vbaVarCat
0041D5B7 push eax
0041D5B8 call dword ptr ds:[<&MSVBVM60.__vbaStr>;MSVBVM60.__vbaStrVarMove
0041D5BE mov edx,eax;
0041D5C0 lea ecx,dword ptr ss:[ebp-38]
0041D5C3 call dword ptr ds:[<&MSVBVM60.__vbaStr>;MSVBVM60.__vbaStrMove
0041D5C9 lea ecx,dword ptr ss:[ebp-DC]
0041D5CF lea edx,dword ptr ss:[ebp-CC]
0041D5D5 push ecx
0041D5D6 lea eax,dword ptr ss:[ebp-AC]
0041D5DC push edx
0041D5DD lea ecx,dword ptr ss:[ebp-9C]
0041D5E3 push eax
0041D5E4 lea edx,dword ptr ss:[ebp-8C]
0041D5EA push ecx
0041D5EB push edx
0041D5EC push 5
0041D5EE call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeVarList
0041D5F4 mov ecx,dword ptr ss:[ebp+8]
0041D5F7 mov eax,1
0041D5FC add esp,18
0041D5FF mov edx,dword ptr ds:[ecx+34]
0041D602 add edx,eax
0041D604 jo [PYG]Cra.0041DD71
0041D60A mov dword ptr ds:[ecx+34],edx
0041D60D jmp [PYG]Cra.0041D4A5
0041D612 mov eax,dword ptr ss:[ebp-38];
0041D615 push eax
0041D616 call dword ptr ds:[<&MSVBVM60.__vbaLen>;MSVBVM60.__vbaLenBstr
0041D61C mov ecx,dword ptr ss:[ebp+8]
0041D61F mov dword ptr ss:[ebp-29C],eax ;eax保存长度
0041D625 mov dword ptr ds:[ecx+34],1
0041D62C mov edx,dword ptr ss:[ebp+8]
0041D62F mov ecx,dword ptr ss:[ebp-29C]
0041D635 mov eax,dword ptr ds:[edx+34]
0041D638 cmp eax,ecx
0041D63A jg [PYG]Cra.0041D6FF
0041D640 lea edx,dword ptr ss:[ebp-8C]
0041D646 lea ecx,dword ptr ss:[ebp-38]
0041D649 push edx ; /Arg4
0041D64A push eax ; |Arg3
0041D64B mov dword ptr ss:[ebp-F8],ecx; |
0041D651 lea eax,dword ptr ss:[ebp-100] ; |
0041D657 lea ecx,dword ptr ss:[ebp-9C]; |
0041D65D push eax ; |Arg2
0041D65E push ecx ; |Arg1
0041D65F mov dword ptr ss:[ebp-84],1; |
0041D669 mov dword ptr ss:[ebp-8C],edi; |
0041D66F mov dword ptr ss:[ebp-100],4008; |
0041D679 call dword ptr ds:[<&MSVBVM60.rtcMidCh>; \rtcMidCharVar
0041D67F lea edx,dword ptr ss:[ebp-9C]
0041D685 lea eax,dword ptr ss:[ebp-74]
0041D688 push edx ; /Arg2
0041D689 push eax ; |Arg1
0041D68A call dword ptr ds:[<&MSVBVM60.__vbaStr>; \__vbaStrVarVal
0041D690 push eax ; /Arg1
0041D691 call dword ptr ds:[<&MSVBVM60.rtcAnsiV>; \rtcAnsiValueBstr
0041D697 lea ecx,dword ptr ss:[ebp-48]
0041D69A mov word ptr ss:[ebp-118],ax
0041D6A1 lea edx,dword ptr ss:[ebp-120]
0041D6A7 push ecx
0041D6A8 lea eax,dword ptr ss:[ebp-AC]
0041D6AE push edx
0041D6AF push eax
0041D6B0 mov dword ptr ss:[ebp-120],edi
0041D6B6 call dword ptr ds:[<&MSVBVM60.__vbaVar>;MSVBVM60.__vbaVarAdd
0041D6BC mov edx,eax;累加
0041D6BE lea ecx,dword ptr ss:[ebp-48]
0041D6C1 call esi
0041D6C3 lea ecx,dword ptr ss:[ebp-74]
0041D6C6 call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeStr
0041D6CC lea ecx,dword ptr ss:[ebp-9C]
0041D6D2 lea edx,dword ptr ss:[ebp-8C]
0041D6D8 push ecx
0041D6D9 push edx
0041D6DA push edi
0041D6DB call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeVarList
0041D6E1 mov ecx,dword ptr ss:[ebp+8]
0041D6E4 mov eax,1
0041D6E9 add esp,0C
0041D6EC mov edx,dword ptr ds:[ecx+34]
0041D6EF add edx,eax
0041D6F1 jo [PYG]Cra.0041DD71
0041D6F7 mov dword ptr ds:[ecx+34],edx
0041D6FA jmp [PYG]Cra.0041D62C;循环
0041D6FF mov eax,dword ptr ss:[ebp-60]
0041D702 push eax
0041D703 call dword ptr ds:[<&MSVBVM60.__vbaLen>;MSVBVM60.__vbaLenBstr
0041D709 cmp eax,20 ;比较注册码是不是32位
0041D70C jnz [PYG]Cra.0041D976
0041D712 lea eax,dword ptr ss:[ebp-48]
0041D715 lea ecx,dword ptr ss:[ebp-78]
0041D718 push eax ; /Arg2
0041D719 push ecx ; |Arg1
0041D71A call dword ptr ds:[<&MSVBVM60.__vbaStr>; \__vbaStrVarVal
0041D720 push eax
0041D721 call dword ptr ds:[<&MSVBVM60.rtcR8Val>;MSVBVM60.rtcR8ValFromBstr
0041D727 fstp qword ptr ss:[ebp-280];840
0041D72D lea edx,dword ptr ss:[ebp-48]
0041D730 lea eax,dword ptr ss:[ebp-8C]
0041D736 push edx ; /Arg2
0041D737 push eax ; |Arg1
0041D738 call dword ptr ds:[<&MSVBVM60.__vbaLen>; \__vbaLenVar
0041D73E mov edx,eax
0041D740 lea ecx,dword ptr ss:[ebp-9C]
0041D746 call esi
0041D748 lea ecx,dword ptr ss:[ebp-60]
0041D74B lea edx,dword ptr ss:[ebp-9C]
0041D751 mov dword ptr ss:[ebp-F8],ecx
0041D757 push edx ; /Arg4
0041D758 lea eax,dword ptr ss:[ebp-100] ; |
0041D75E push 1 ; |Arg3 = 00000001
0041D760 lea ecx,dword ptr ss:[ebp-AC]; |
0041D766 push eax ; |Arg2
0041D767 push ecx ; |Arg1
0041D768 mov dword ptr ss:[ebp-100],4008; |
0041D772 call dword ptr ds:[<&MSVBVM60.rtcMidCh>; \rtcMidCharVar
0041D778 lea edx,dword ptr ss:[ebp-AC]
0041D77E lea eax,dword ptr ss:[ebp-74]
0041D781 push edx ; /Arg2
0041D782 push eax ; |Arg1
0041D783 call dword ptr ds:[<&MSVBVM60.__vbaStr>; \__vbaStrVarVal
0041D789 push eax
0041D78A call dword ptr ds:[<&MSVBVM60.rtcR8Val>;MSVBVM60.rtcR8ValFromBstr
0041D790 call dword ptr ds:[<&MSVBVM60.__vbaFpR>;MSVBVM60.__vbaFpR8
0041D796 fstp qword ptr ss:[ebp-2D8]
0041D79C fld qword ptr ss:[ebp-280]
0041D7A2 call dword ptr ds:[<&MSVBVM60.__vbaFpR>;MSVBVM60.__vbaFpR8
0041D7A8 fcomp qword ptr ss:[ebp-2D8] ;比较前三位
0041D7AE mov dword ptr ss:[ebp-2DC],1
0041D7B8 fstsw ax
0041D7BA test ah,40
0041D7BD je short [PYG]Cra.0041D7C5
0041D7BF mov dword ptr ss:[ebp-2DC],ebx
0041D7C5 lea ecx,dword ptr ss:[ebp-78]
0041D7C8 lea edx,dword ptr ss:[ebp-74]
0041D7CB push ecx
0041D7CC push edx
0041D7CD push edi
0041D7CE call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeStrList
0041D7D4 lea eax,dword ptr ss:[ebp-AC]
0041D7DA lea ecx,dword ptr ss:[ebp-9C]
0041D7E0 push eax
0041D7E1 push ecx
0041D7E2 push edi
0041D7E3 call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeVarList
0041D7E9 mov eax,dword ptr ss:[ebp-2DC]
0041D7EF add esp,18
0041D7F2 neg eax
0041D7F4 test ax,ax
0041D7F7 je short [PYG]Cra.0041D81E ;必须跳
0041D7F9 mov esi,dword ptr ss:[ebp+8]
0041D7FC lea eax,dword ptr ss:[ebp-8C]
0041D802 push eax
0041D803 push esi
0041D804 mov edx,dword ptr ds:[esi]
0041D806 call dword ptr ds:[edx+6F8]
0041D80C cmp eax,ebx
0041D80E jge [PYG]Cra.0041DC96
0041D814 push 6F8
0041D819 jmp [PYG]Cra.0041DC89
0041D81E lea ecx,dword ptr ss:[ebp-24]
0041D821 lea edx,dword ptr ss:[ebp-CC]
0041D827 push ecx ; /Arg2
0041D828 push edx ; |Arg1
0041D829 mov dword ptr ss:[ebp-128],edi ; |
0041D82F mov dword ptr ss:[ebp-130],edi ; |
0041D835 call dword ptr ds:[<&MSVBVM60.__vbaLen>; \__vbaLenVar
0041D83B push eax
0041D83C lea eax,dword ptr ss:[ebp-130]
0041D842 lea ecx,dword ptr ss:[ebp-DC]
0041D848 push eax
0041D849 push ecx
0041D84A call dword ptr ds:[<&MSVBVM60.__vbaVar>;MSVBVM60.__vbaVarDiv
0041D850 lea edx,dword ptr ss:[ebp-EC];用户名长度/2
0041D856 push eax
0041D857 push edx
0041D858 call dword ptr ds:[<&MSVBVM60.__vbaVar>;MSVBVM60.__vbaVarInt
0041D85E push eax ; /取整
0041D85F lea eax,dword ptr ss:[ebp-78]; |
0041D862 push eax ; |Arg1
0041D863 call dword ptr ds:[<&MSVBVM60.__vbaStr>; \__vbaStrVarVal
0041D869 push eax
0041D86A call dword ptr ds:[<&MSVBVM60.rtcR8Val>;MSVBVM60.rtcR8ValFromBstr
0041D870 fstp qword ptr ss:[ebp-280]
0041D876 mov eax,1
0041D87B lea ecx,dword ptr ss:[ebp-60]
0041D87E mov dword ptr ss:[ebp-A4],eax
0041D884 mov dword ptr ss:[ebp-F8],eax
0041D88A lea edx,dword ptr ss:[ebp-AC]
0041D890 mov dword ptr ss:[ebp-108],ecx
0041D896 lea eax,dword ptr ss:[ebp-48]
0041D899 push edx
0041D89A lea ecx,dword ptr ss:[ebp-8C]
0041D8A0 push eax ; /Arg2
0041D8A1 push ecx ; |Arg1
0041D8A2 mov dword ptr ss:[ebp-AC],edi; |
0041D8A8 mov dword ptr ss:[ebp-100],edi ; |
0041D8AE mov dword ptr ss:[ebp-110],4008; |
0041D8B8 call dword ptr ds:[<&MSVBVM60.__vbaLen>; \__vbaLenVar
0041D8BE push eax
0041D8BF lea edx,dword ptr ss:[ebp-100]
0041D8C5 lea eax,dword ptr ss:[ebp-9C]
0041D8CB push edx
0041D8CC push eax
0041D8CD call dword ptr ds:[<&MSVBVM60.__vbaVar>;MSVBVM60.__vbaVarAdd
0041D8D3 push eax
0041D8D4 call dword ptr ds:[<&MSVBVM60.__vbaI4V>;MSVBVM60.__vbaI4Var
0041D8DA lea ecx,dword ptr ss:[ebp-110] ; |
0041D8E0 push eax ; |Arg3
0041D8E1 lea edx,dword ptr ss:[ebp-BC]; |
0041D8E7 push ecx ; |Arg2
0041D8E8 push edx ; |Arg1
0041D8E9 call dword ptr ds:[<&MSVBVM60.rtcMidCh>; \rtcMidCharVar
0041D8EF lea eax,dword ptr ss:[ebp-BC]
0041D8F5 lea ecx,dword ptr ss:[ebp-74]
0041D8F8 push eax ; /Arg2
0041D8F9 push ecx ; |Arg1
0041D8FA call dword ptr ds:[<&MSVBVM60.__vbaStr>; \__vbaStrVarVal
0041D900 push eax
0041D901 call dword ptr ds:[<&MSVBVM60.rtcR8Val>;MSVBVM60.rtcR8ValFromBstr
0041D907 call dword ptr ds:[<&MSVBVM60.__vbaFpR>;MSVBVM60.__vbaFpR8
0041D90D fstp qword ptr ss:[ebp-2E4]
0041D913 fld qword ptr ss:[ebp-280] ;
0041D919 call dword ptr ds:[<&MSVBVM60.__vbaFpR>;MSVBVM60.__vbaFpR8
0041D91F fcomp qword ptr ss:[ebp-2E4] ;比较
0041D925 fstsw ax
0041D927 test ah,40
0041D92A jnz short [PYG]Cra.0041D933
0041D92C mov eax,1
0041D931 jmp short [PYG]Cra.0041D935
0041D933 xor eax,eax
0041D935 neg eax
0041D937 mov word ptr ss:[ebp-284],ax
0041D93E lea edx,dword ptr ss:[ebp-78]
0041D941 lea eax,dword ptr ss:[ebp-74]
0041D944 push edx
0041D945 push eax
0041D946 push edi
0041D947 call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeStrList
0041D94D lea ecx,dword ptr ss:[ebp-BC]
0041D953 lea edx,dword ptr ss:[ebp-AC]
0041D959 push ecx
0041D95A lea eax,dword ptr ss:[ebp-9C]
0041D960 push edx
0041D961 push eax
0041D962 push 3
0041D964 call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeVarList
0041D96A add esp,1C
0041D96D cmp word ptr ss:[ebp-284],bx
0041D974 je short [PYG]Cra.0041D99B ;必须跳
0041D976 mov esi,dword ptr ss:[ebp+8]
0041D979 lea edx,dword ptr ss:[ebp-8C]
0041D97F push edx
0041D980 push esi
0041D981 mov ecx,dword ptr ds:[esi]
0041D983 call dword ptr ds:[ecx+6F8]
0041D989 cmp eax,ebx
0041D98B jge [PYG]Cra.0041DC96
0041D991 push 6F8
0041D996 jmp [PYG]Cra.0041DC89
0041D99B mov eax,dword ptr ss:[ebp-60]
0041D99E push eax
0041D99F call dword ptr ds:[<&MSVBVM60.__vbaLen>;MSVBVM60.__vbaLenBstr
0041D9A5 lea ecx,dword ptr ss:[ebp-48]
0041D9A8 lea edx,dword ptr ss:[ebp-8C]
0041D9AE push ecx ; /Arg2
0041D9AF push edx ; |Arg1
0041D9B0 mov dword ptr ss:[ebp-2A4],eax ; |
0041D9B6 mov dword ptr ss:[ebp-F8],edi; |
0041D9BC mov dword ptr ss:[ebp-100],edi ; |
0041D9C2 call dword ptr ds:[<&MSVBVM60.__vbaLen>; \__vbaLenVar
0041D9C8 push eax
0041D9C9 lea eax,dword ptr ss:[ebp-100]
0041D9CF lea ecx,dword ptr ss:[ebp-9C]
0041D9D5 push eax
0041D9D6 push ecx
0041D9D7 call dword ptr ds:[<&MSVBVM60.__vbaVar>;MSVBVM60.__vbaVarAdd
0041D9DD push eax
0041D9DE call dword ptr ds:[<&MSVBVM60.__vbaI4V>;MSVBVM60.__vbaI4Var
0041D9E4 mov edx,dword ptr ss:[ebp+8]
0041D9E7 lea ecx,dword ptr ss:[ebp-9C]
0041D9ED mov dword ptr ds:[edx+34],eax
0041D9F0 call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeVar
0041D9F6 mov eax,dword ptr ss:[ebp+8]
0041D9F9 mov ecx,dword ptr ss:[ebp-2A4]
0041D9FF cmp dword ptr ds:[eax+34],ecx
0041DA02 jg [PYG]Cra.0041DC24
0041DA08 mov edx,dword ptr ss:[ebp-60]
0041DA0B push edx
0041DA0C call dword ptr ds:[<&MSVBVM60.__vbaLen>;MSVBVM60.__vbaLenBstr
0041DA12 mov dword ptr ss:[ebp-F8],eax;eax保存长度
0041DA18 lea eax,dword ptr ss:[ebp-100]
0041DA1E lea ecx,dword ptr ss:[ebp-48]
0041DA21 push eax ; /Arg3
0041DA22 lea edx,dword ptr ss:[ebp-8C]; |
0041DA28 push ecx ; |/Arg2
0041DA29 push edx ; ||Arg1
0041DA2A mov dword ptr ss:[ebp-100],3 ; ||
0041DA34 mov dword ptr ss:[ebp-108],1 ; ||
0041DA3E mov dword ptr ss:[ebp-110],edi ; ||
0041DA44 call dword ptr ds:[<&MSVBVM60.__vbaLen>; |\__vbaLenVar
0041DA4A push eax ; |Arg2
0041DA4B lea eax,dword ptr ss:[ebp-9C]; |
0041DA51 push eax ; |Arg1
0041DA52 call dword ptr ds:[<&MSVBVM60.__vbaVar>; \__vbaVarSub
0041DA58 lea ecx,dword ptr ss:[ebp-110]
0041DA5E push eax ; /Arg3
0041DA5F lea edx,dword ptr ss:[ebp-AC]; |
0041DA65 push ecx ; |Arg2
0041DA66 push edx ; |Arg1
0041DA67 call dword ptr ds:[<&MSVBVM60.__vbaVar>; \__vbaVarSub
0041DA6D mov edx,eax
0041DA6F lea ecx,dword ptr ss:[ebp-34]
0041DA72 call esi
0041DA74 mov edx,dword ptr ss:[ebp+8]
0041DA77 lea eax,dword ptr ss:[ebp-60]
0041DA7A lea ecx,dword ptr ss:[ebp-8C]
0041DA80 mov dword ptr ss:[ebp-F8],eax
0041DA86 mov eax,dword ptr ds:[edx+34]
0041DA89 push ecx ; /Arg4
0041DA8A lea ecx,dword ptr ss:[ebp-100] ; |
0041DA90 push eax ; |Arg3
0041DA91 lea edx,dword ptr ss:[ebp-9C]; |
0041DA97 push ecx ; |Arg2
0041DA98 push edx ; |Arg1
0041DA99 mov dword ptr ss:[ebp-84],1; |
0041DAA3 mov dword ptr ss:[ebp-8C],edi; |
0041DAA9 mov dword ptr ss:[ebp-100],4008; |
0041DAB3 call dword ptr ds:[<&MSVBVM60.rtcMidCh>; \rtcMidCharVar
0041DAB9 lea eax,dword ptr ss:[ebp-9C];
0041DABF lea ecx,dword ptr ss:[ebp-74]
0041DAC2 push eax ; /Arg2
0041DAC3 push ecx ; |Arg1
0041DAC4 call dword ptr ds:[<&MSVBVM60.__vbaStr>; \__vbaStrVarVal
0041DACA push eax ; /Arg1
0041DACB call dword ptr ds:[<&MSVBVM60.rtcAnsiV>; \rtcAnsiValueBstr
0041DAD1 lea edx,dword ptr ss:[ebp-120]
0041DAD7 lea ecx,dword ptr ss:[ebp-70]
0041DADA mov word ptr ss:[ebp-118],ax ;
0041DAE1 mov dword ptr ss:[ebp-120],edi
0041DAE7 call esi
0041DAE9 lea ecx,dword ptr ss:[ebp-74]
0041DAEC call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeStr
0041DAF2 lea edx,dword ptr ss:[ebp-9C]
0041DAF8 lea eax,dword ptr ss:[ebp-8C]
0041DAFE push edx
0041DAFF push eax
0041DB00 push edi
0041DB01 call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeVarList
0041DB07 mov eax,dword ptr ss:[ebp+8]
0041DB0A add esp,0C
0041DB0D lea ecx,dword ptr ss:[ebp-8C]
0041DB13 mov dword ptr ss:[ebp-84],1
0041DB1D mov edx,dword ptr ds:[eax+34]
0041DB20 push ecx ; /Arg4
0041DB21 add eax,48 ; |
0041DB24 push edx ; |Arg3
0041DB25 push eax ; |Arg2
0041DB26 lea eax,dword ptr ss:[ebp-9C]; |
0041DB2C push eax ; |Arg1
0041DB2D mov dword ptr ss:[ebp-8C],edi; |
0041DB33 call dword ptr ds:[<&MSVBVM60.rtcMidCh>; \rtcMidCharVar
0041DB39 lea ecx,dword ptr ss:[ebp-9C];取字符串
0041DB3F lea edx,dword ptr ss:[ebp-74]
0041DB42 push ecx ; /Arg2
0041DB43 push edx ; |Arg1
0041DB44 call dword ptr ds:[<&MSVBVM60.__vbaStr>; \__vbaStrVarVal
0041DB4A push eax ; /Arg1
0041DB4B call dword ptr ds:[<&MSVBVM60.rtcAnsiV>; \rtcAnsiValueBstr
0041DB51 lea edx,dword ptr ss:[ebp-110]
0041DB57 lea ecx,dword ptr ss:[ebp-58]
0041DB5A mov word ptr ss:[ebp-108],ax
0041DB61 mov dword ptr ss:[ebp-110],edi
0041DB67 call esi
0041DB69 lea ecx,dword ptr ss:[ebp-74]
0041DB6C call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeStr
0041DB72 lea eax,dword ptr ss:[ebp-9C]
0041DB78 lea ecx,dword ptr ss:[ebp-8C]
0041DB7E push eax
0041DB7F push ecx
0041DB80 push edi
0041DB81 call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeVarList
0041DB87 add esp,0C
0041DB8A lea edx,dword ptr ss:[ebp-70]
0041DB8D lea eax,dword ptr ss:[ebp-58]
0041DB90 push edx
0041DB91 push eax
0041DB92 call dword ptr ds:[<&MSVBVM60.__vbaVar>;MSVBVM60.__vbaVarTstNe
0041DB98 test ax,ax ;比较第四位
0041DB9B jnz short [PYG]Cra.0041DC06;跳就OVER
0041DB9D mov ecx,dword ptr ss:[ebp+8]
0041DBA0 mov edx,dword ptr ds:[ecx+6C]
0041DBA3 lea eax,dword ptr ds:[ecx+6C]
0041DBA6 push edx
0041DBA7 call dword ptr ds:[<&MSVBVM60.__vbaR8S>;MSVBVM60.__vbaR8Str
0041DBAD fadd qword ptr ds:[401330]
0041DBB3 sub esp,8
0041DBB6 fstsw ax
0041DBB8 test al,0D
0041DBBA jnz [PYG]Cra.0041DD6C
0041DBC0 fstp qword ptr ss:[esp]
0041DBC3 call dword ptr ds:[<&MSVBVM60.__vbaStr>;MSVBVM60.__vbaStrR8
0041DBC9 mov edx,eax
0041DBCB lea ecx,dword ptr ss:[ebp-74]
0041DBCE call dword ptr ds:[<&MSVBVM60.__vbaStr>;MSVBVM60.__vbaStrMove
0041DBD4 mov edx,eax
0041DBD6 mov eax,dword ptr ss:[ebp+8]
0041DBD9 lea ecx,dword ptr ds:[eax+6C]
0041DBDC call dword ptr ds:[<&MSVBVM60.__vbaStr>;MSVBVM60.__vbaStrCopy
0041DBE2 lea ecx,dword ptr ss:[ebp-74]
0041DBE5 call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeStr
0041DBEB mov ecx,dword ptr ss:[ebp+8]
0041DBEE mov eax,1
0041DBF3 mov edx,dword ptr ds:[ecx+34]
0041DBF6 add edx,eax
0041DBF8 jo [PYG]Cra.0041DD71
0041DBFE mov dword ptr ds:[ecx+34],edx
0041DC01 jmp [PYG]Cra.0041D9F6
0041DC06 mov esi,dword ptr ss:[ebp+8]
0041DC09 lea ecx,dword ptr ss:[ebp-8C]
0041DC0F push ecx
0041DC10 push esi
0041DC11 mov eax,dword ptr ds:[esi]
0041DC13 call dword ptr ds:[eax+6F8]
0041DC19 cmp eax,ebx
0041DC1B jge short [PYG]Cra.0041DC96
0041DC1D push 6F8
0041DC22 jmp short [PYG]Cra.0041DC89
0041DC24 mov edx,dword ptr ds:[eax+6C]
0041DC27 lea ecx,dword ptr ss:[ebp-28C]
0041DC2D call dword ptr ds:[<&MSVBVM60.__vbaStr>;MSVBVM60.__vbaStrCopy
0041DC33 mov edx,dword ptr ss:[ebp-28C]
0041DC39 lea eax,dword ptr ss:[ebp-34]
0041DC3C push edx
0041DC3D push eax ; /Arg1
0041DC3E call dword ptr ds:[<&MSVBVM60.__vbaStr>; \__vbaStrVarCopy
0041DC44 mov edx,eax
0041DC46 lea ecx,dword ptr ss:[ebp-74]
0041DC49 call dword ptr ds:[<&MSVBVM60.__vbaStr>;MSVBVM60.__vbaStrMove
0041DC4F push eax
0041DC50 call dword ptr ds:[<&MSVBVM60.__vbaStr>;MSVBVM60.__vbaStrCmp
0041DC56 mov esi,eax
0041DC58 lea ecx,dword ptr ss:[ebp-74]
0041DC5B neg esi
0041DC5D sbb esi,esi
0041DC5F inc esi
0041DC60 neg esi
0041DC62 call dword ptr ds:[<&MSVBVM60.__vbaFre>;MSVBVM60.__vbaFreeStr
0041DC68 cmp si,bx
0041DC6B je short [PYG]Cra.0041DCA2
0041DC6D mov esi,dword ptr ss:[ebp+8]
--------------------------------------------------------------------------------
算法总结:
1, 注册码必须为32位
2, 取用户名前四位为奇数位,取chinapyg.com前四位为偶数位,组成新字符串A
3, A进行累加后,结果为注册码前三位
4, 用户名长度除以2后取整,结果为注册码第四位
5, 剩下的28位注册码为DE846DE982C89D6F18DA0147A37C
6, 满足上面信息即可注册成功
name: lengxue
code: 8403DE846DE982C89D6F18DA0147A37C
name: chinapyg
code: 8364DE846DE982C89D6F18DA0147A37C |
|