[原创]雅丁软件鞋业软件的详细分析-软件逆向-看雪-安全社区|安全招聘|kanxue.com

[原创]雅丁软件鞋业软件的详细分析

发表于: 2005-2-20 10:24 6964

[原创]雅丁软件鞋业软件的详细分析

liyangsj

2005-2-20 10:24

6964

【破解作者】 jsliyangsj
【作者邮箱】 sjcrack@yahoo.com.cn
【使用工具】 peid OllyDbg1.10
【破解平台】 Winxp
【软件名称】雅丁软件JXCShoes0110.exe
【编写语言】 VB
【软件地址】 http://www.yqdown.com/soft/2650.htm

此软件，是用输入的注册名来计算注册码的

00519B9A .  50          PUSH EAX
00519B9B .  68 A03A4500 PUSH JXCShoes.00453AA0
00519BA0 .  FF15 18114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCmp>]    ;  MSVBVM60.__vbaStrCmp
00519BA6 .  8BD8       MOV EBX,EAX
00519BA8 .  F7DB       NEG EBX
00519BAA .  1BDB       SBB EBX,EBX
00519BAC .  43          INC EBX
00519BAD .  8D4D E4    LEA ECX,DWORD PTR SS:[EBP-1C]
00519BB0 .  F7DB       NEG EBX
00519BB2 .  FF15 78124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStr>]    ;  MSVBVM60.__vbaFreeStr
00519BB8 .  8D4D D4    LEA ECX,DWORD PTR SS:[EBP-2C]
00519BBB .  FF15 74124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeObj>]    ;  MSVBVM60.__vbaFreeObj
00519BC1 .  66:85DB    TEST BX,BX
00519BC4 .  0F84 93000000 JE JXCShoes.00519C5D
00519BCA .  B9 04000280 MOV ECX,80020004
00519BCF .  B8 0A000000 MOV EAX,0A
00519BD4 .  894D 9C    MOV DWORD PTR SS:[EBP-64],ECX
00519BD7 .  894D AC    MOV DWORD PTR SS:[EBP-54],ECX
00519BDA .  894D BC    MOV DWORD PTR SS:[EBP-44],ECX
00519BDD .  8D55 84    LEA EDX,DWORD PTR SS:[EBP-7C]
00519BE0 .  8D4D C4    LEA ECX,DWORD PTR SS:[EBP-3C]
00519BE3 .  8945 94    MOV DWORD PTR SS:[EBP-6C],EAX
00519BE6 .  8945 A4    MOV DWORD PTR SS:[EBP-5C],EAX
00519BE9 .  8945 B4    MOV DWORD PTR SS:[EBP-4C],EAX
00519BEC .  C745 8C 1C4B4>MOV DWORD PTR SS:[EBP-74],JXCShoes.00454B1C
00519BF3 .  C745 84 08000>MOV DWORD PTR SS:[EBP-7C],8
00519BFA .  FF15 18124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarDup>]    ;  MSVBVM60.__vbaVarDup
00519C00 .  8D4D 94    LEA ECX,DWORD PTR SS:[EBP-6C]
00519C03 .  51          PUSH ECX
00519C04 .  8D55 A4    LEA EDX,DWORD PTR SS:[EBP-5C]
00519C07 .  52          PUSH EDX
00519C08 .  8D45 B4    LEA EAX,DWORD PTR SS:[EBP-4C]
00519C0B .  50          PUSH EAX
00519C0C .  6A 40       PUSH 40
00519C0E .  8D4D C4    LEA ECX,DWORD PTR SS:[EBP-3C]
00519C11 .  51          PUSH ECX
00519C12 .  FF15 A4104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>]          ;  MSVBVM60.rtcMsgBox
00519C18 .  8D55 94    LEA EDX,DWORD PTR SS:[EBP-6C]
00519C1B .  52          PUSH EDX
00519C1C .  8D45 A4    LEA EAX,DWORD PTR SS:[EBP-5C]
00519C1F .  50          PUSH EAX
00519C20 .  8D4D B4    LEA ECX,DWORD PTR SS:[EBP-4C]
00519C23 .  51          PUSH ECX
00519C24 .  8D55 C4    LEA EDX,DWORD PTR SS:[EBP-3C]
00519C27 .  52          PUSH EDX
00519C28 .  6A 04       PUSH 4
00519C2A .  FF15 38104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVarList>] ;  MSVBVM60.__vbaFreeVarList
00519C30 .  8B06       MOV EAX,DWORD PTR DS:[ESI]
00519C32 .  83C4 14    ADD ESP,14
00519C35 .  56          PUSH ESI
00519C36 .  FF90 00030000 CALL DWORD PTR DS:[EAX+300]
00519C3C .  50          PUSH EAX
00519C3D .  8D4D D4    LEA ECX,DWORD PTR SS:[EBP-2C]
00519C40 .  51          PUSH ECX
00519C41 .  FFD7       CALL EDI
00519C43 .  8BF0       MOV ESI,EAX
00519C45 .  8B16       MOV EDX,DWORD PTR DS:[ESI]
00519C47 .  56          PUSH ESI
00519C48 .  FF92 04020000 CALL DWORD PTR DS:[EDX+204]
00519C4E .  DBE2       FCLEX
00519C50 .  85C0       TEST EAX,EAX
00519C52 .^ 0F8D FAFEFFFF JGE JXCShoes.00519B52
00519C58 .^ E9 E3FEFFFF JMP JXCShoes.00519B40
00519C5D >  8B06       MOV EAX,DWORD PTR DS:[ESI]
00519C5F .  56          PUSH ESI
00519C60 .  FF90 04030000 CALL DWORD PTR DS:[EAX+304]
00519C66 .  50          PUSH EAX
00519C67 .  8D4D D4    LEA ECX,DWORD PTR SS:[EBP-2C]
00519C6A .  51          PUSH ECX
00519C6B .  FFD7       CALL EDI
00519C6D .  8BD8       MOV EBX,EAX
00519C6F .  8B13       MOV EDX,DWORD PTR DS:[EBX]
00519C71 .  8D45 E4    LEA EAX,DWORD PTR SS:[EBP-1C]
00519C74 .  50          PUSH EAX
00519C75 .  53          PUSH EBX
00519C76 .  FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
00519C7C .  DBE2       FCLEX
00519C7E .  85C0       TEST EAX,EAX
00519C80 .  7D 12       JGE SHORT JXCShoes.00519C94
00519C82 .  68 A0000000 PUSH 0A0
00519C87 .  68 F44A4500 PUSH JXCShoes.00454AF4
00519C8C .  53          PUSH EBX
00519C8D .  50          PUSH EAX
00519C8E .  FF15 80104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresultCheckO>;  MSVBVM60.__vbaHresultCheckObj
00519C94 >  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
00519C97 .  51          PUSH ECX
00519C98 .  E8 53E6FFFF CALL JXCShoes.005182F0                         ;  此处把注册名改成ACII码的UNICODE形式
00519C9D .  8D55 C4    LEA EDX,DWORD PTR SS:[EBP-3C]
00519CA0 .  8945 CC    MOV DWORD PTR SS:[EBP-34],EAX
00519CA3 .  52          PUSH EDX
00519CA4 .  8D45 B4    LEA EAX,DWORD PTR SS:[EBP-4C]
00519CA7 .  50          PUSH EAX
00519CA8 .  C745 C4 08000>MOV DWORD PTR SS:[EBP-3C],8
00519CAF .  FF15 DC104000 CALL DWORD PTR DS:[<&MSVBVM60.#520>]          ;  MSVBVM60.rtcTrimVar
00519CB5 .  8D4D B4    LEA ECX,DWORD PTR SS:[EBP-4C]
00519CB8 .  51          PUSH ECX
00519CB9 .  FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVarMove>]  ;  MSVBVM60.__vbaStrVarMove
00519CBF .  8B1D 40124000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]  ;  MSVBVM60.__vbaStrMove
00519CC5 .  8BD0       MOV EDX,EAX
00519CC7 .  8D4D E8    LEA ECX,DWORD PTR SS:[EBP-18]
00519CCA .  FFD3       CALL EBX                                        ;  <&MSVBVM60.__vbaStrMove>
00519CCC .  8D4D E4    LEA ECX,DWORD PTR SS:[EBP-1C]
00519CCF .  FF15 78124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStr>]    ;  MSVBVM60.__vbaFreeStr
00519CD5 .  8D4D D4    LEA ECX,DWORD PTR SS:[EBP-2C]
00519CD8 .  FF15 74124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeObj>]    ;  MSVBVM60.__vbaFreeObj
00519CDE .  8D55 B4    LEA EDX,DWORD PTR SS:[EBP-4C]
00519CE1 .  52          PUSH EDX
00519CE2 .  8D45 C4    LEA EAX,DWORD PTR SS:[EBP-3C]
00519CE5 .  50          PUSH EAX
00519CE6 .  6A 02       PUSH 2
00519CE8 .  FF15 38104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVarList>] ;  MSVBVM60.__vbaFreeVarList
00519CEE .  8B0E       MOV ECX,DWORD PTR DS:[ESI]
00519CF0 .  83C4 0C    ADD ESP,0C
00519CF3 .  56          PUSH ESI
00519CF4 .  FF91 00030000 CALL DWORD PTR DS:[ECX+300]
00519CFA .  50          PUSH EAX
00519CFB .  8D55 D4    LEA EDX,DWORD PTR SS:[EBP-2C]
00519CFE .  52          PUSH EDX
00519CFF .  FFD7       CALL EDI
00519D01 .  8D4D E4    LEA ECX,DWORD PTR SS:[EBP-1C]
00519D04 .  8BF8       MOV EDI,EAX
00519D06 .  8B07       MOV EAX,DWORD PTR DS:[EDI]
00519D08 .  51          PUSH ECX
00519D09 .  57          PUSH EDI
00519D0A .  FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]
00519D10 .  DBE2       FCLEX
00519D12 .  85C0       TEST EAX,EAX
00519D14 .  7D 12       JGE SHORT JXCShoes.00519D28
00519D16 .  68 A0000000 PUSH 0A0
00519D1B .  68 F44A4500 PUSH JXCShoes.00454AF4
00519D20 .  57          PUSH EDI
00519D21 .  50          PUSH EAX
00519D22 .  FF15 80104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresultCheckO>;  MSVBVM60.__vbaHresultCheckObj
00519D28 >  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
00519D2B .  52          PUSH EDX
00519D2C .  E8 EFE9FFFF CALL JXCShoes.00518720                         ;  根据注册名计算处注册码
00519D31 .  8BD0       MOV EDX,EAX
00519D33 .  8D4D E0    LEA ECX,DWORD PTR SS:[EBP-20]
00519D36 .  FFD3       CALL EBX
00519D38 .  50          PUSH EAX
00519D39 .  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
00519D3C .  50          PUSH EAX
00519D3D .  FF15 18114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCmp>]    ;  关键比较不正确就出现错误信息
………………………………………………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………………………………………………
先进入00519C98 .  E8 53E6FFFF CALL JXCShoes.005182F0 此处把注册名改成ACII码
………………………………………………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………………………………………………

005182F0 $  55          PUSH EBP
005182F1 .  8BEC       MOV EBP,ESP
005182F3 .  83EC 0C    SUB ESP,0C
005182F6 .  68 C67E4000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler>       ;  SE handler installation
005182FB .  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00518301 .  50          PUSH EAX
00518302 .  64:8925 00000>MOV DWORD PTR FS:[0],ESP
00518309 .  81EC B4000000 SUB ESP,0B4
0051830F .  53          PUSH EBX
00518310 .  56          PUSH ESI
00518311 .  57          PUSH EDI
00518312 .  8965 F4    MOV DWORD PTR SS:[EBP-C],ESP
00518315 .  C745 F8 80134>MOV DWORD PTR SS:[EBP-8],JXCShoes.00401380
0051831C .  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
0051831F .  33F6       XOR ESI,ESI
00518321 .  8D4D C8    LEA ECX,DWORD PTR SS:[EBP-38]
00518324 .  8975 E4    MOV DWORD PTR SS:[EBP-1C],ESI
00518327 .  8975 DC    MOV DWORD PTR SS:[EBP-24],ESI
0051832A .  8975 D8    MOV DWORD PTR SS:[EBP-28],ESI
0051832D .  8975 D4    MOV DWORD PTR SS:[EBP-2C],ESI
00518330 .  8975 D0    MOV DWORD PTR SS:[EBP-30],ESI
00518333 .  8975 CC    MOV DWORD PTR SS:[EBP-34],ESI
00518336 .  8975 C8    MOV DWORD PTR SS:[EBP-38],ESI
00518339 .  8975 C4    MOV DWORD PTR SS:[EBP-3C],ESI
0051833C .  8975 C0    MOV DWORD PTR SS:[EBP-40],ESI
0051833F .  8975 BC    MOV DWORD PTR SS:[EBP-44],ESI
00518342 .  8975 AC    MOV DWORD PTR SS:[EBP-54],ESI
00518345 .  8975 9C    MOV DWORD PTR SS:[EBP-64],ESI
00518348 .  8975 8C    MOV DWORD PTR SS:[EBP-74],ESI
0051834B .  89B5 7CFFFFFF MOV DWORD PTR SS:[EBP-84],ESI
00518351 .  89B5 6CFFFFFF MOV DWORD PTR SS:[EBP-94],ESI
00518357 .  89B5 5CFFFFFF MOV DWORD PTR SS:[EBP-A4],ESI
0051835D .  FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCopy>]    ;  MSVBVM60.__vbaStrCopy
00518363 .  56          PUSH ESI
00518364 .  68 80000000 PUSH 80
00518369 .  8D8D 7CFFFFFF LEA ECX,DWORD PTR SS:[EBP-84]
0051836F .  51          PUSH ECX
00518370 .  8D55 AC    LEA EDX,DWORD PTR SS:[EBP-54]
00518373 .  8D45 C8    LEA EAX,DWORD PTR SS:[EBP-38]
00518376 .  52          PUSH EDX
00518377 .  8945 84    MOV DWORD PTR SS:[EBP-7C],EAX
0051837A .  C785 7CFFFFFF>MOV DWORD PTR SS:[EBP-84],4008
00518384 .  FF15 A0114000 CALL DWORD PTR DS:[<&MSVBVM60.#717>]          ;  MSVBVM60.rtcStrConvVar2
0051838A .  8B1D 30104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaStrVarMove>;  MSVBVM60.__vbaStrVarMove
00518390 .  8D45 AC    LEA EAX,DWORD PTR SS:[EBP-54]
00518393 .  50          PUSH EAX
00518394 .  FFD3       CALL EBX                                        ;  <&MSVBVM60.__vbaStrVarMove>
00518396 .  8B35 40124000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]  ;  MSVBVM60.__vbaStrMove
0051839C .  8BD0       MOV EDX,EAX
0051839E .  8D4D D8    LEA ECX,DWORD PTR SS:[EBP-28]
005183A1 .  FFD6       CALL ESI                                        ;  <&MSVBVM60.__vbaStrMove>
005183A3 .  8D4D AC    LEA ECX,DWORD PTR SS:[EBP-54]
005183A6 .  FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVar>]    ;  MSVBVM60.__vbaFreeVar
005183AC .  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
005183AF .  68 A03A4500 PUSH JXCShoes.00453AA0
005183B4 .  51          PUSH ECX
005183B5 .  FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60.#693>]          ;  取第一个注册名的ACII码
005183BB .  25 FF000000 AND EAX,0FF
005183C0 .  8985 40FFFFFF MOV DWORD PTR SS:[EBP-C0],EAX
005183C6 .  DB85 40FFFFFF FILD DWORD PTR SS:[EBP-C0]                      把上面的ACII码变成10进制并是实数形式
005183CC .  DD9D 38FFFFFF FSTP QWORD PTR SS:[EBP-C8]
005183D2 .  DD85 38FFFFFF FLD QWORD PTR SS:[EBP-C8]
005183D8 .  833D 00607600>CMP DWORD PTR DS:[766000],0
005183DF .  75 08       JNZ SHORT JXCShoes.005183E9
005183E1 .  DC35 78134000 FDIV QWORD PTR DS:[401378]                      把上面的10进制的实数形式除以2
005183E7 .  EB 11       JMP SHORT JXCShoes.005183FA
005183E9 >  FF35 7C134000 PUSH DWORD PTR DS:[40137C]
005183EF .  FF35 78134000 PUSH DWORD PTR DS:[401378]
005183F5 .  E8 EAFAEEFF CALL <JMP.&MSVBVM60._adj_fdiv_m64>
005183FA >  DFE0       FSTSW AX
005183FC .  A8 0D       TEST AL,0D
005183FE .  0F85 0E030000 JNZ JXCShoes.00518712
00518404 .  FF15 24124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFpI2>]       ;  取其正数部分
0051840A .  50          PUSH EAX
0051840B .  FF15 0C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrI2>]    ;  转化为10进制
00518411 .  8BD0       MOV EDX,EAX
00518413 .  8D4D C0    LEA ECX,DWORD PTR SS:[EBP-40]
00518416 .  FFD6       CALL ESI
00518418 .  50          PUSH EAX
00518419 .  FF15 68104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCat>]    ;  MSVBVM60.__vbaStrCat
0051841F .  8BD0       MOV EDX,EAX
00518421 .  8D4D BC    LEA ECX,DWORD PTR SS:[EBP-44]
00518424 .  FFD6       CALL ESI
00518426 .  50          PUSH EAX
00518427 .  FF15 90114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI2Str>]    ;  又转化为16进制
0051842D .  8D55 BC    LEA EDX,DWORD PTR SS:[EBP-44]
00518430 .  52          PUSH EDX
00518431 .  8BF8       MOV EDI,EAX
00518433 .  8D45 C0    LEA EAX,DWORD PTR SS:[EBP-40]
00518436 .  50          PUSH EAX
00518437 .  6A 02       PUSH 2
00518439 .  FF15 E8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStrList>] ;  MSVBVM60.__vbaFreeStrList
0051843F .  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
00518442 .  83C4 0C    ADD ESP,0C
00518445 .  51          PUSH ECX
00518446 .  FF15 7C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBstrB>] ;  得到字符串的长度
0051844C .  83F8 0A    CMP EAX,0A
0051844F .  0F8C 63010000 JL JXCShoes.005185B8
00518455 .  6A 0A       PUSH 0A
00518457 .  8D85 7CFFFFFF LEA EAX,DWORD PTR SS:[EBP-84]
0051845D .  50          PUSH EAX
0051845E .  8D4D AC    LEA ECX,DWORD PTR SS:[EBP-54]
00518461 .  8D55 D8    LEA EDX,DWORD PTR SS:[EBP-28]
00518464 .  51          PUSH ECX
00518465 .  8955 84    MOV DWORD PTR SS:[EBP-7C],EDX
00518468 .  C785 7CFFFFFF>MOV DWORD PTR SS:[EBP-84],4008
00518472 .  FF15 48104000 CALL DWORD PTR DS:[<&MSVBVM60.#513>]          ;  MSVBVM60.rtcLeftVar
00518478 .  8D55 AC    LEA EDX,DWORD PTR SS:[EBP-54]
0051847B .  52          PUSH EDX
0051847C .  FFD3       CALL EBX
0051847E .  8BD0       MOV EDX,EAX
00518480 .  8D4D D8    LEA ECX,DWORD PTR SS:[EBP-28]
00518483 .  FFD6       CALL ESI
00518485 .  8D4D AC    LEA ECX,DWORD PTR SS:[EBP-54]
00518488 .  FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVar>]    ;  MSVBVM60.__vbaFreeVar
0051848E >  C785 4CFFFFFF>MOV DWORD PTR SS:[EBP-B4],0A
00518498 .  BF 01000000 MOV EDI,1
0051849D >  66:3BBD 4CFFF>CMP DI,WORD PTR SS:[EBP-B4]                   ;  DI是计数器
005184A4 .  0F8F B7010000 JG JXCShoes.00518661
005184AA .  8D55 AC    LEA EDX,DWORD PTR SS:[EBP-54]
005184AD .  52          PUSH EDX
005184AE .  0FBFC7       MOVSX EAX,DI
005184B1 .  8D4D D8    LEA ECX,DWORD PTR SS:[EBP-28]
005184B4 .  894D 84    MOV DWORD PTR SS:[EBP-7C],ECX
005184B7 .  50          PUSH EAX
005184B8 .  8D8D 7CFFFFFF LEA ECX,DWORD PTR SS:[EBP-84]
005184BE .  51          PUSH ECX
005184BF .  8D55 9C    LEA EDX,DWORD PTR SS:[EBP-64]
005184C2 .  52          PUSH EDX
005184C3 .  C745 B4 01000>MOV DWORD PTR SS:[EBP-4C],1
005184CA .  C745 AC 02000>MOV DWORD PTR SS:[EBP-54],2
005184D1 .  C785 7CFFFFFF>MOV DWORD PTR SS:[EBP-84],4008
005184DB .  FF15 64104000 CALL DWORD PTR DS:[<&MSVBVM60.#629>]          ;  MSVBVM60.rtcMidVar
005184E1 .  8D45 9C    LEA EAX,DWORD PTR SS:[EBP-64]
005184E4 .  50          PUSH EAX
005184E5 .  FFD3       CALL EBX
005184E7 .  8BD0       MOV EDX,EAX
005184E9 .  8D4D D0    LEA ECX,DWORD PTR SS:[EBP-30]
005184EC .  FFD6       CALL ESI
005184EE .  8D4D 9C    LEA ECX,DWORD PTR SS:[EBP-64]
005184F1 .  51          PUSH ECX
005184F2 .  8D55 AC    LEA EDX,DWORD PTR SS:[EBP-54]
005184F5 .  52          PUSH EDX
005184F6 .  6A 02       PUSH 2
005184F8 .  FF15 38104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVarList>] ;  MSVBVM60.__vbaFreeVarList
005184FE .  8B45 D0    MOV EAX,DWORD PTR SS:[EBP-30]
00518501 .  83C4 0C    ADD ESP,0C
00518504 .  50          PUSH EAX
00518505 .  FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60.#693>]          ;  取各个字符
0051850B .  8B55 DC    MOV EDX,DWORD PTR SS:[EBP-24]
0051850E .  66:33C9    XOR CX,CX
00518511 .  8AC8       MOV CL,AL
00518513 .  8995 74FFFFFF MOV DWORD PTR SS:[EBP-8C],EDX
00518519 .  8D55 AC    LEA EDX,DWORD PTR SS:[EBP-54]
0051851C .  8D45 D4    LEA EAX,DWORD PTR SS:[EBP-2C]
0051851F .  C785 6CFFFFFF>MOV DWORD PTR SS:[EBP-94],8
00518529 .  8945 84    MOV DWORD PTR SS:[EBP-7C],EAX
0051852C .  C785 7CFFFFFF>MOV DWORD PTR SS:[EBP-84],4002
00518536 .  894D D4    MOV DWORD PTR SS:[EBP-2C],ECX
00518539 .  8D8D 7CFFFFFF LEA ECX,DWORD PTR SS:[EBP-84]
0051853F .  51          PUSH ECX
00518540 .  52          PUSH EDX
00518541 .  FF15 DC114000 CALL DWORD PTR DS:[<&MSVBVM60.#573>]          ;  MSVBVM60.rtcHexVarFromVar
00518547 .  8D85 6CFFFFFF LEA EAX,DWORD PTR SS:[EBP-94]
0051854D .  50          PUSH EAX
0051854E .  8D4D AC    LEA ECX,DWORD PTR SS:[EBP-54]
00518551 .  51          PUSH ECX
00518552 .  8D55 9C    LEA EDX,DWORD PTR SS:[EBP-64]
00518555 .  52          PUSH EDX
00518556 .  C785 64FFFFFF>MOV DWORD PTR SS:[EBP-9C],JXCShoes.004541C4
00518560 .  C785 5CFFFFFF>MOV DWORD PTR SS:[EBP-A4],8
0051856A .  FF15 AC114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCat>]    ;  MSVBVM60.__vbaVarCat
00518570 .  50          PUSH EAX
00518571 .  8D85 5CFFFFFF LEA EAX,DWORD PTR SS:[EBP-A4]
00518577 .  50          PUSH EAX
00518578 .  8D4D 8C    LEA ECX,DWORD PTR SS:[EBP-74]
0051857B .  51          PUSH ECX
0051857C .  FF15 AC114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCat>]    ;  把输入的注册名改成UNICODE一个一个存储
00518582 .  50          PUSH EAX
00518583 .  FFD3       CALL EBX                                        ;  得到刚刚存储好合并字符的地址
00518585 .  8BD0       MOV EDX,EAX
00518587 .  8D4D DC    LEA ECX,DWORD PTR SS:[EBP-24]
0051858A .  FFD6       CALL ESI
0051858C .  8D55 8C    LEA EDX,DWORD PTR SS:[EBP-74]
0051858F .  52          PUSH EDX
00518590 .  8D45 9C    LEA EAX,DWORD PTR SS:[EBP-64]
00518593 .  50          PUSH EAX
00518594 .  8D4D AC    LEA ECX,DWORD PTR SS:[EBP-54]
00518597 .  51          PUSH ECX
00518598 .  6A 03       PUSH 3
0051859A .  FF15 38104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVarList>] ;  MSVBVM60.__vbaFreeVarList
005185A0 .  B8 01000000 MOV EAX,1
005185A5 .  83C4 10    ADD ESP,10
005185A8 .  66:03C7    ADD AX,DI
005185AB .  0F80 66010000 JO JXCShoes.00518717
005185B1 .  8BF8       MOV EDI,EAX
005185B3 .^ E9 E5FEFFFF JMP JXCShoes.0051849D
005185B8 >  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]
005185BB .  50          PUSH EAX
005185BC .  FF15 7C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBstrB>] ;  MSVBVM60.__vbaLenBstrB
005185C2 .  B9 0A000000 MOV ECX,0A
005185C7 .  2BC8       SUB ECX,EAX                                     ;  你输入的位数与A相差多少
005185C9 .  0F80 48010000 JO JXCShoes.00518717
005185CF .  FF15 2C114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI2I4>]       ;  MSVBVM60.__vbaI2I4
005185D5 .  C745 E8 01000>MOV DWORD PTR SS:[EBP-18],1
005185DC .  8985 54FFFFFF MOV DWORD PTR SS:[EBP-AC],EAX
005185E2 >  66:8B8D 54FFF>MOV CX,WORD PTR SS:[EBP-AC]
005185E9 .  66:394D E8 CMP WORD PTR SS:[EBP-18],CX                   ;  EBP-18是计算器，一共相差3位，要三次
005185ED .^ 0F8F 9BFEFFFF JG JXCShoes.0051848E
005185F3 .  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]
005185F6 .  0FBFC7       MOVSX EAX,DI
005185F9 .  50          PUSH EAX
005185FA .  8D4D AC    LEA ECX,DWORD PTR SS:[EBP-54]
005185FD .  51          PUSH ECX
005185FE .  8955 84    MOV DWORD PTR SS:[EBP-7C],EDX
00518601 .  C785 7CFFFFFF>MOV DWORD PTR SS:[EBP-84],8
0051860B .  FF15 94114000 CALL DWORD PTR DS:[<&MSVBVM60.#608>]          ;  MSVBVM60.rtcVarBstrFromAnsi
00518611 .  8D95 7CFFFFFF LEA EDX,DWORD PTR SS:[EBP-84]
00518617 .  52          PUSH EDX
00518618 .  8D45 AC    LEA EAX,DWORD PTR SS:[EBP-54]
0051861B .  50          PUSH EAX
0051861C .  8D4D 9C    LEA ECX,DWORD PTR SS:[EBP-64]
0051861F .  51          PUSH ECX
00518620 .  FF15 AC114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCat>]    ;  把相差的字符存储在原来注册名的后面
00518626 .  50          PUSH EAX
00518627 .  FFD3       CALL EBX                                        ;  得到刚刚存储好合并字符的地址
00518629 .  8BD0       MOV EDX,EAX
0051862B .  8D4D D8    LEA ECX,DWORD PTR SS:[EBP-28]
0051862E .  FFD6       CALL ESI
00518630 .  8D55 9C    LEA EDX,DWORD PTR SS:[EBP-64]
00518633 .  52          PUSH EDX
00518634 .  8D45 AC    LEA EAX,DWORD PTR SS:[EBP-54]
00518637 .  50          PUSH EAX
00518638 .  6A 02       PUSH 2
0051863A .  FF15 38104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVarList>] ;  MSVBVM60.__vbaFreeVarList
00518640 .  83C4 0C    ADD ESP,0C
00518643 .  66:83C7 0A ADD DI,0A                                     ;  把上一次的加上0A
00518647 .  B8 01000000 MOV EAX,1
0051864C .  0F80 C5000000 JO JXCShoes.00518717
00518652 .  66:0345 E8 ADD AX,WORD PTR SS:[EBP-18]                   ;  累加一次共相差3次
00518656 .  0F80 BB000000 JO JXCShoes.00518717
0051865C .  8945 E8    MOV DWORD PTR SS:[EBP-18],EAX                   ;  存储到计数器
0051865F .^ EB 81       JMP SHORT JXCShoes.005185E2
00518661 >  8D85 7CFFFFFF LEA EAX,DWORD PTR SS:[EBP-84]
00518667 .  50          PUSH EAX
00518668 .  8D4D AC    LEA ECX,DWORD PTR SS:[EBP-54]
0051866B .  8D55 DC    LEA EDX,DWORD PTR SS:[EBP-24]
0051866E .  51          PUSH ECX
0051866F .  8955 84    MOV DWORD PTR SS:[EBP-7C],EDX
00518672 .  C785 7CFFFFFF>MOV DWORD PTR SS:[EBP-84],4008
0051867C .  FF15 DC104000 CALL DWORD PTR DS:[<&MSVBVM60.#520>]          ;  MSVBVM60.rtcTrimVar
00518682 .  8D55 AC    LEA EDX,DWORD PTR SS:[EBP-54]
00518685 .  52          PUSH EDX
00518686 .  FFD3       CALL EBX
00518688 .  8BD0       MOV EDX,EAX
0051868A .  8D4D C4    LEA ECX,DWORD PTR SS:[EBP-3C]
0051868D .  FFD6       CALL ESI
0051868F .  8D4D AC    LEA ECX,DWORD PTR SS:[EBP-54]
00518692 .  FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVar>]    ;  MSVBVM60.__vbaFreeVar
00518698 .  9B          WAIT
00518699 .  68 FC865100 PUSH JXCShoes.005186FC
0051869E .  EB 37       JMP SHORT JXCShoes.005186D7
005186A0 .  F645 FC 04 TEST BYTE PTR SS:[EBP-4],4
005186A4 .  74 09       JE SHORT JXCShoes.005186AF
005186A6 .  8D4D C4    LEA ECX,DWORD PTR SS:[EBP-3C]
005186A9 .  FF15 78124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStr>]    ;  MSVBVM60.__vbaFreeStr
005186AF >  8D45 BC    LEA EAX,DWORD PTR SS:[EBP-44]
005186B2 .  50          PUSH EAX
005186B3 .  8D4D C0    LEA ECX,DWORD PTR SS:[EBP-40]
005186B6 .  51          PUSH ECX
005186B7 .  6A 02       PUSH 2
005186B9 .  FF15 E8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStrList>] ;  MSVBVM60.__vbaFreeStrList
005186BF .  8D55 8C    LEA EDX,DWORD PTR SS:[EBP-74]
005186C2 .  52          PUSH EDX
005186C3 .  8D45 9C    LEA EAX,DWORD PTR SS:[EBP-64]
005186C6 .  50          PUSH EAX
005186C7 .  8D4D AC    LEA ECX,DWORD PTR SS:[EBP-54]
005186CA .  51          PUSH ECX
005186CB .  6A 03       PUSH 3
005186CD .  FF15 38104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVarList>] ;  MSVBVM60.__vbaFreeVarList
005186D3 .  83C4 1C    ADD ESP,1C
005186D6 .  C3          RETN
005186D7 >  8B35 78124000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaFreeStr>]  ;  MSVBVM60.__vbaFreeStr
005186DD .  8D4D E4    LEA ECX,DWORD PTR SS:[EBP-1C]
005186E0 .  FFD6       CALL ESI                                        ;  <&MSVBVM60.__vbaFreeStr>
005186E2 .  8D4D DC    LEA ECX,DWORD PTR SS:[EBP-24]
005186E5 .  FFD6       CALL ESI
005186E7 .  8D4D D8    LEA ECX,DWORD PTR SS:[EBP-28]
005186EA .  FFD6       CALL ESI
005186EC .  8D4D D0    LEA ECX,DWORD PTR SS:[EBP-30]
005186EF .  FFD6       CALL ESI
005186F1 .  8D4D CC    LEA ECX,DWORD PTR SS:[EBP-34]
005186F4 .  FFD6       CALL ESI
005186F6 .  8D4D C8    LEA ECX,DWORD PTR SS:[EBP-38]
005186F9 .  FFD6       CALL ESI
005186FB .  C3          RETN
………………………………………………………………………………………………………………………………………………………………
上面一段是这样的：
先检查你输入的注册码是否大于0A（16进制）位，如果大于0A位，只要把前0A位，转化为相应的ACII码的UNICODE形式。
如果小于0A位，比如我输入7位，少了3位（运行3次），第一次：是这样的，第8位：把注册名的第一个ACII码转化为10进制的实数形式，
再除以2并取结果的整数（四舍五入），再把它转化为16进制，这就是第8位，因为是UNIC0DE所以第9位必为00，第二次：第10位，是第8位
加上0A便是了，第11位00，第三次：第12位：是第10位加上0A便是，第13位是：00。但这样有了13位，只要取前0A位就够了。
………………………………………………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………………………………………………
进入00519D2C .  E8 EFE9FFFF CALL JXCShoes.00518720                         ;  根据注册名计算处注册码
………………………………………………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………………………………………………
省略了部分代码

005188C4 .  8BF0       MOV ESI,EAX                                     ;  取各个字符的ACII码
005188C6 .  FF15 38104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVarList>] ;  MSVBVM60.__vbaFreeVarList
005188CC .  83C4 0C    ADD ESP,0C
005188CF .  68 D8414500 PUSH JXCShoes.004541D8                            中的第一个字符是B就是42以便下面取值
005188D4 .  FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60.#693>]          ;  取固定值42
005188DA .  66:0FB6C0    MOVZX AX,AL
005188DE .  33F0       XOR ESI,EAX                                     ;  固定值与每一个字符的ACII码 XOR
005188E0 .  0FBFCE       MOVSX ECX,SI
005188E3 .  898D 30FFFFFF MOV DWORD PTR SS:[EBP-D0],ECX
005188E9 .  DB85 30FFFFFF FILD DWORD PTR SS:[EBP-D0]                      ;  XOR的结果的10进制的实数形式
005188EF .  DD9D 28FFFFFF FSTP QWORD PTR SS:[EBP-D8]
005188F5 .  DD85 28FFFFFF FLD QWORD PTR SS:[EBP-D8]
005188FB .  833D 00607600>CMP DWORD PTR DS:[766000],0
00518902 .  75 08       JNZ SHORT JXCShoes.0051890C
00518904 .  DC35 98134000 FDIV QWORD PTR DS:[401398]                      ;  实数结果除以255
0051890A .  EB 11       JMP SHORT JXCShoes.0051891D
0051890C >  FF35 9C134000 PUSH DWORD PTR DS:[40139C]
00518912 .  FF35 98134000 PUSH DWORD PTR DS:[401398]
00518918 .  E8 C7F5EEFF CALL <JMP.&MSVBVM60._adj_fdiv_m64>
0051891D >  DC0D 90134000 FMUL QWORD PTR DS:[401390]                      ;  向除的结果乘以93
00518923 .  DFE0       FSTSW AX
00518925 .  A8 0D       TEST AL,0D
00518927 .  0F85 28010000 JNZ JXCShoes.00518A55
0051892D .  FF15 24124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFpI2>]       ;  把结果四舍五入取整，再转化为16进制
00518933 .  66:05 2100 ADD AX,21                                     ;  这个16进制加上21 准备存储
00518937 .  0F80 1D010000 JO JXCShoes.00518A5A
0051893D .  0FBFD0       MOVSX EDX,AX
00518940 .  52          PUSH EDX
00518941 .  8D85 78FFFFFF LEA EAX,DWORD PTR SS:[EBP-88]
00518947 .  50          PUSH EAX
00518948 .  FF15 94114000 CALL DWORD PTR DS:[<&MSVBVM60.#608>]          ;  MSVBVM60.rtcVarBstrFromAnsi
0051894E .  8D95 78FFFFFF LEA EDX,DWORD PTR SS:[EBP-88]
00518954 .  8D4D C8    LEA ECX,DWORD PTR SS:[EBP-38]
00518957 .  FFD3       CALL EBX
00518959 .  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
0051895C .  8D95 58FFFFFF LEA EDX,DWORD PTR SS:[EBP-A8]
00518962 .  52          PUSH EDX
00518963 .  8D45 C8    LEA EAX,DWORD PTR SS:[EBP-38]
00518966 .  898D 60FFFFFF MOV DWORD PTR SS:[EBP-A0],ECX
0051896C .  50          PUSH EAX
0051896D .  8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88]
00518973 .  51          PUSH ECX
00518974 .  C785 58FFFFFF>MOV DWORD PTR SS:[EBP-A8],8
0051897E .  FFD7       CALL EDI                                        ;  存储了！！！！
00518980 .  50          PUSH EAX
00518981 .  FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVarMove>]  ;  MSVBVM60.__vbaStrVarMove
00518987 .  8BD0       MOV EDX,EAX
………………………………………………………………………………………………………………………………………………………………
取注册名的各个字符的ACII码，（实际上是UNICODE，每次取2个字节，就包括00，如：字符"S",存储“73 00”，只用到了73。），
分别与42 XOR，结果以10进制的实数形式存储，用这个实数结果除以255，再把这个结果乘以93，再把这个结果四舍五入取整，
再转化为16进制，16进制加上21，就完成了一次存储，一共10次。这10个字符就是要的结果！
………………………………………………………………………………………………………………………………………………………………
我输入sjcrack
注册码是：30-3.-0M9#
注册机源代码：
#include <stdio.h>
main (  )
{
char zcmin[81],zj[81],zh[81];
int a,b,e,i,g;
float c,d;
scanf("%s",zcmin);
/*gets(zcmin)*/
a=strlen(zcmin);
if(a<10)
  {
b=10-a;
c=zcmin[0];
e=c/2;
if (c/2>=e+0.5)
e=e+1;
zj[0]=e;
zj[1]=0;
for(i=1,g=2;i!=b;i++)
{
zj[g]=zj[g-2]+10;
   g++;
   zj[g]=0;
   g++;
}
for(i=a,e=0;e<b;e++,i++)
{
zcmin[i]=zj[e];
}
  }
for(i=0;i<10;i++)
  {
c=zcmin[i]^66;
e=c/255*93;
if(c/255*93>=e+0.5)
   e++;
zh[i]=e+33;

  }
for(i=0;i<10;i++)
printf("%c",zh[i]);
}

登录后可查看完整内容

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・1

免费・7

支持

最新回复 (2)
qwert 雪币： 209 活跃值： (55) 能力值： ( LV2，RANK：10 ) 在线值：发帖 11 回帖 97 粉丝 0 关注私信	qwert 2 楼学一学，谢谢！ 2005-2-20 12:26 0
jackily 雪币： 265 活跃值： (430) 能力值： ( LV9，RANK：370 ) 在线值：发帖 11 回帖 70 粉丝 0 关注私信	jackily 9 3 楼分析得不错，不过这里不提倡将注册机程序传上来。 2005-2-20 12:58 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

liyangsj

发帖

195

回帖

1010

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
qwert 雪币： 209 活跃值： (55) 能力值： ( LV2，RANK：10 ) 在线值：发帖 11 回帖 97 粉丝 0 关注私信	qwert 2 楼学一学，谢谢！ 2005-2-20 12:26 0
jackily 雪币： 265 活跃值： (430) 能力值： ( LV9，RANK：370 ) 在线值：发帖 11 回帖 70 粉丝 0 关注私信	jackily 9 3 楼分析得不错，不过这里不提倡将注册机程序传上来。 2005-2-20 12:58 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复