-
-
[求助]这三个参数究竟做了什么样的运算?
-
发表于: 2016-6-15 14:25 5008
-
Private Sub Command1_Click() '564BF0
Dim var_00573A64 As Global
Dim var_9C As CommandButton
loc_00564C74: var_48 = Trim("")
loc_00564CAD: If (var_48 = &H573038) = 0 Then GoTo loc_00564DD7
loc_00564CD8: 00573020h = 00573020h * 2710h
loc_00564CE8: 00573020h = 00573020h + 002Eh
loc_00564CF8: var_eax = Global.LoadResString var_00573020, var_18
loc_00564D37: 00573020h = 00573020h * 2710h
loc_00564D47: 00573020h = 00573020h + 002Ah
loc_00564D57: var_eax = Global.LoadResString var_00573020, var_1C
loc_00564D85: var_40 = var_1C
loc_00564D9C: var_30 = var_18
loc_00564DD2: GoTo loc_00565462
loc_00564DD7: 'Referenced from: 00564CAD
loc_00564DE0: var_30 = var_38
loc_00564E0A: var_58 = Len(Trim(9))
loc_00564E34: If (var_58 < 2) = 0 Then GoTo loc_00564F3D
loc_00564E60: 00573020h = 00573020h * 2710h
loc_00564E70: 00573020h = 00573020h + 002Fh
loc_00564E80: var_eax = Global.LoadResString var_00573020, var_18
loc_00564EBF: 00573020h = 00573020h * 2710h
loc_00564ECF: 00573020h = 00573020h + 002Ah
loc_00564EDF: var_eax = Global.LoadResString var_00573020, var_1C
loc_00564F13: var_40 = var_1C
loc_00564F1B: var_30 = var_18
loc_00564F38: GoTo loc_0056531F
loc_00564F3D: 'Referenced from: 00564E34
loc_00564F62: var_18 = CStr(Trim(&H573A64))
loc_00564F70: var_eax = call Proc_0_2_4C7610(var_00573038, var_18, var_00573A64) //这里调用了三个参数,分别机器码(var_00573038),输入的注册码(var_18),和(var_00573A64)不知道什么数
在这个call里进行了某个运算
loc_00564F99: If call Proc_0_2_4C7610(var_00573038, var_18, var_00573A64) = 0 Then GoTo loc_00565346 //如果运算的结果 = 0就是注册成功,就进行下一步,开始填写注册信息
loc_00564FD1: var_9C = var_28
loc_00564FFC: 00573020h = 00573020h * 2710h
loc_0056500C: 00573020h = 00573020h + 0030h
loc_0056501C: var_eax = Global.LoadResString var_00573020, var_18
loc_0056505B: var_1C = frmAbout.cmdOK.FontName
loc_00565090: var_20 = var_18 & var_1C
loc_005650A0: frmAbout.cmdOK.Caption = var_20
loc_00565116: frmAbout.Command1.Visible = False
loc_00565181: var_1C = "RegCode"
loc_0056518B: var_18 = "software\SSOffice\Register"
loc_00565199: var_eax = call Proc_0_8_4D63B0(var_18, var_1C, Trim(&H5730D8))//向注册表写入注册码信息
loc_005651F7: Set var_24 = var_00573A64
loc_00565205: var_eax = Global.Unload var_24
loc_00565252: 00573020h = 00573020h * 2710h
loc_00565262: 00573020h = 00573020h + 0031h
loc_00565272: var_eax = Global.LoadResString var_00573020, var_18
loc_005652A8: 00573020h = 00573020h * 2710h
loc_005652B8: 00573020h = 00573020h + 0032h
loc_005652C8: var_eax = Global.LoadResString var_00573020, var_1C
loc_005652FA: var_40 = var_1C
loc_00565302: var_30 = var_18
loc_0056531F: 'Referenced from: 00564F38
loc_00565341: GoTo loc_00565462
loc_00565346:
loc_0056536C: 00573020h = 00573020h * 2710h
loc_0056537C: 00573020h = 00573020h + 002Fh
loc_0056538C: var_eax = Global.LoadResString var_00573020, var_18
loc_005653CB: 00573020h = 00573020h * 2710h
loc_005653DB: 00573020h = 00573020h + 002Ah
loc_005653EB: var_eax = Global.LoadResString var_00573020, var_1C
loc_0056541F: var_40 = var_1C
loc_00565427: var_30 = var_18
loc_00565460: call ebx(00000004h, 8, 8, 10, 10, 00000004, 8, 8, 10, 10, 8, 10, 10, var_00573A64, 00000004)
loc_00565462: 'Referenced from: 00564DD2
loc_00565471: GoTo loc_005654B3
loc_005654B2: Exit Sub
loc_005654B3: 'Referenced from: 00565471
loc_005654B3: Exit Sub
End Sub
这段代码来自vb decompiler,我在OD里跟到了那个关键call Proc_0_2_4C7610
但是单步进去之后,里面有多个循环,实在不知道是做了什么,也不要妄想通过该跳转绕过注册,虽然可以成功弹出注册成功的信息,但是在软件使用的时候,依然会谈出软件未注册的错误提示
这也许就是传说中的暗桩吧,多出检测,似乎不是真的注册码,是休想注册成功的
现在请教各位老师 高手们,我该如何找出那三个参数的运算关系,实现真正的注册
欢迎联系我qq19116773,也欢迎各位老师给出好的方法
Dim var_00573A64 As Global
Dim var_9C As CommandButton
loc_00564C74: var_48 = Trim("")
loc_00564CAD: If (var_48 = &H573038) = 0 Then GoTo loc_00564DD7
loc_00564CD8: 00573020h = 00573020h * 2710h
loc_00564CE8: 00573020h = 00573020h + 002Eh
loc_00564CF8: var_eax = Global.LoadResString var_00573020, var_18
loc_00564D37: 00573020h = 00573020h * 2710h
loc_00564D47: 00573020h = 00573020h + 002Ah
loc_00564D57: var_eax = Global.LoadResString var_00573020, var_1C
loc_00564D85: var_40 = var_1C
loc_00564D9C: var_30 = var_18
loc_00564DD2: GoTo loc_00565462
loc_00564DD7: 'Referenced from: 00564CAD
loc_00564DE0: var_30 = var_38
loc_00564E0A: var_58 = Len(Trim(9))
loc_00564E34: If (var_58 < 2) = 0 Then GoTo loc_00564F3D
loc_00564E60: 00573020h = 00573020h * 2710h
loc_00564E70: 00573020h = 00573020h + 002Fh
loc_00564E80: var_eax = Global.LoadResString var_00573020, var_18
loc_00564EBF: 00573020h = 00573020h * 2710h
loc_00564ECF: 00573020h = 00573020h + 002Ah
loc_00564EDF: var_eax = Global.LoadResString var_00573020, var_1C
loc_00564F13: var_40 = var_1C
loc_00564F1B: var_30 = var_18
loc_00564F38: GoTo loc_0056531F
loc_00564F3D: 'Referenced from: 00564E34
loc_00564F62: var_18 = CStr(Trim(&H573A64))
loc_00564F70: var_eax = call Proc_0_2_4C7610(var_00573038, var_18, var_00573A64) //这里调用了三个参数,分别机器码(var_00573038),输入的注册码(var_18),和(var_00573A64)不知道什么数
在这个call里进行了某个运算
loc_00564F99: If call Proc_0_2_4C7610(var_00573038, var_18, var_00573A64) = 0 Then GoTo loc_00565346 //如果运算的结果 = 0就是注册成功,就进行下一步,开始填写注册信息
loc_00564FD1: var_9C = var_28
loc_00564FFC: 00573020h = 00573020h * 2710h
loc_0056500C: 00573020h = 00573020h + 0030h
loc_0056501C: var_eax = Global.LoadResString var_00573020, var_18
loc_0056505B: var_1C = frmAbout.cmdOK.FontName
loc_00565090: var_20 = var_18 & var_1C
loc_005650A0: frmAbout.cmdOK.Caption = var_20
loc_00565116: frmAbout.Command1.Visible = False
loc_00565181: var_1C = "RegCode"
loc_0056518B: var_18 = "software\SSOffice\Register"
loc_00565199: var_eax = call Proc_0_8_4D63B0(var_18, var_1C, Trim(&H5730D8))//向注册表写入注册码信息
loc_005651F7: Set var_24 = var_00573A64
loc_00565205: var_eax = Global.Unload var_24
loc_00565252: 00573020h = 00573020h * 2710h
loc_00565262: 00573020h = 00573020h + 0031h
loc_00565272: var_eax = Global.LoadResString var_00573020, var_18
loc_005652A8: 00573020h = 00573020h * 2710h
loc_005652B8: 00573020h = 00573020h + 0032h
loc_005652C8: var_eax = Global.LoadResString var_00573020, var_1C
loc_005652FA: var_40 = var_1C
loc_00565302: var_30 = var_18
loc_0056531F: 'Referenced from: 00564F38
loc_00565341: GoTo loc_00565462
loc_00565346:
loc_0056536C: 00573020h = 00573020h * 2710h
loc_0056537C: 00573020h = 00573020h + 002Fh
loc_0056538C: var_eax = Global.LoadResString var_00573020, var_18
loc_005653CB: 00573020h = 00573020h * 2710h
loc_005653DB: 00573020h = 00573020h + 002Ah
loc_005653EB: var_eax = Global.LoadResString var_00573020, var_1C
loc_0056541F: var_40 = var_1C
loc_00565427: var_30 = var_18
loc_00565460: call ebx(00000004h, 8, 8, 10, 10, 00000004, 8, 8, 10, 10, 8, 10, 10, var_00573A64, 00000004)
loc_00565462: 'Referenced from: 00564DD2
loc_00565471: GoTo loc_005654B3
loc_005654B2: Exit Sub
loc_005654B3: 'Referenced from: 00565471
loc_005654B3: Exit Sub
End Sub
这段代码来自vb decompiler,我在OD里跟到了那个关键call Proc_0_2_4C7610
但是单步进去之后,里面有多个循环,实在不知道是做了什么,也不要妄想通过该跳转绕过注册,虽然可以成功弹出注册成功的信息,但是在软件使用的时候,依然会谈出软件未注册的错误提示
这也许就是传说中的暗桩吧,多出检测,似乎不是真的注册码,是休想注册成功的
现在请教各位老师 高手们,我该如何找出那三个参数的运算关系,实现真正的注册
欢迎联系我qq19116773,也欢迎各位老师给出好的方法
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
他的文章
- 这个是什么意思? 4529
- win8如何运行OD 2519
- 这个数是怎么计算出来的? 4869
- [求助]求教WINHEX 6679
- [求助]这个是什么命令 4647
看原图
赞赏
雪币:
留言: