不会编程，也来个 CrackMe-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

最新回复 (12)
dennislwy 雪币： 182 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 42 粉丝 0 关注私信	dennislwy 2006-8-4 08:15 2 楼 0 已经下了. 等会看看!! 感谢楼主提供给我们新手练习!!
小剑雪币： 110 活跃值： (13) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 375 粉丝 1 关注私信	小剑 2006-8-4 20:32 3 楼 0 没人把破解的结果上传吗？。。。。晕
happytown 雪币： 721 活跃值： (350) 能力值： ( LV9，RANK：1250 ) 在线值：发帖 131 回帖 1014 粉丝 1 关注私信	happytown 31 2006-8-4 20:37 4 楼 0 至少有人在分析。因为目前已经有12个人下载了。
emgbb 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 1 粉丝 0 关注私信	emgbb 2006-8-4 22:45 5 楼 0 又是VB啊？看看是什么
小剑雪币： 110 活跃值： (13) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 375 粉丝 1 关注私信	小剑 2006-8-4 23:34 6 楼 0 上次发的 CrackMe ，给 PYG 的惊涛版主破了，这次大侠可有下
小剑雪币： 110 活跃值： (13) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 375 粉丝 1 关注私信	小剑 2006-8-5 15:19 7 楼 0 期待大家的结果啊，鼓励一下，结果出来心里才舒服的
小剑雪币： 110 活跃值： (13) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 375 粉丝 1 关注私信	小剑 2006-8-6 12:54 8 楼 0 再顶一次，没人破解出来就让它沉下去吧，失望
小剑雪币： 110 活跃值： (13) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 375 粉丝 1 关注私信	小剑 2006-8-7 19:08 9 楼 0 真的难吗？？？？？？？？？？？？？？程序只是拐了个弯，大家不是看不出吧，还是要顶上去
ForEver 雪币： 343 活跃值： (611) 能力值： ( LV9，RANK：810 ) 在线值：发帖 28 回帖 361 粉丝 0 关注私信	ForEver 20 2006-8-7 19:15 10 楼 0 注册名：forever[RCT] 注册码：9724241 00402830 > \55 PUSH EBP 00402831 . 8BEC MOV EBP,ESP 00402833 . 83EC 0C SUB ESP,0C 00402836 . 68 E6104000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler> ; SE handler installation 0040283B . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 00402841 . 50 PUSH EAX 00402842 . 64:8925 00000>MOV DWORD PTR FS:[0],ESP 00402849 . 81EC 14010000 SUB ESP,114 0040284F . 53 PUSH EBX 00402850 . 56 PUSH ESI 00402851 . 57 PUSH EDI 00402852 . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP 00402855 . C745 F8 C0104>MOV DWORD PTR SS:[EBP-8],004010C0 0040285C . 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8] 0040285F . 8BC3 MOV EAX,EBX 00402861 . 83E0 01 AND EAX,1 00402864 . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX 00402867 . 83E3 FE AND EBX,FFFFFFFE 0040286A . 53 PUSH EBX 0040286B . 895D 08 MOV DWORD PTR SS:[EBP+8],EBX 0040286E . 8B0B MOV ECX,DWORD PTR DS:[EBX] 00402870 . FF51 04 CALL DWORD PTR DS:[ECX+4] 00402873 . 8B35 0C104000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaVa>; MSVBVM60.__vbaVarMove 00402879 . 33FF XOR EDI,EDI 0040287B . 89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI 00402881 . 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104] 00402887 . 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-58] 0040288A . 897D DC MOV DWORD PTR SS:[EBP-24],EDI 0040288D . 897D D8 MOV DWORD PTR SS:[EBP-28],EDI 00402890 . 897D C8 MOV DWORD PTR SS:[EBP-38],EDI 00402893 . 897D B8 MOV DWORD PTR SS:[EBP-48],EDI 00402896 . 897D A8 MOV DWORD PTR SS:[EBP-58],EDI 00402899 . 897D 98 MOV DWORD PTR SS:[EBP-68],EDI 0040289C . 897D 88 MOV DWORD PTR SS:[EBP-78],EDI 0040289F . 89BD 78FFFFFF MOV DWORD PTR SS:[EBP-88],EDI 004028A5 . 89BD 68FFFFFF MOV DWORD PTR SS:[EBP-98],EDI 004028AB . 89BD 54FFFFFF MOV DWORD PTR SS:[EBP-AC],EDI 004028B1 . 89BD 44FFFFFF MOV DWORD PTR SS:[EBP-BC],EDI 004028B7 . 89BD 34FFFFFF MOV DWORD PTR SS:[EBP-CC],EDI 004028BD . 89BD 30FFFFFF MOV DWORD PTR SS:[EBP-D0],EDI 004028C3 . 89BD 2CFFFFFF MOV DWORD PTR SS:[EBP-D4],EDI 004028C9 . 89BD 1CFFFFFF MOV DWORD PTR SS:[EBP-E4],EDI 004028CF . 89BD 0CFFFFFF MOV DWORD PTR SS:[EBP-F4],EDI 004028D5 . 89BD ECFEFFFF MOV DWORD PTR SS:[EBP-114],EDI 004028DB . C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],5352E18 004028E5 . C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],3 004028EF . FFD6 CALL ESI ; <&MSVBVM60.__vbaVarMove> 004028F1 . 8B13 MOV EDX,DWORD PTR DS:[EBX] 004028F3 . 53 PUSH EBX 004028F4 . FF92 04030000 CALL DWORD PTR DS:[EDX+304] 004028FA . 50 PUSH EAX 004028FB . 8D85 2CFFFFFF LEA EAX,DWORD PTR SS:[EBP-D4] 00402901 . 50 PUSH EAX 00402902 . FF15 2C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet 00402908 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 0040290A . 8D95 30FFFFFF LEA EDX,DWORD PTR SS:[EBP-D0] 00402910 . 52 PUSH EDX 00402911 . 50 PUSH EAX 00402912 . 8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX 00402918 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0] 0040291E . 3BC7 CMP EAX,EDI 00402920 . DBE2 FCLEX 00402922 . 7D 18 JGE SHORT 0040293C 00402924 . 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118] 0040292A . 68 A0000000 PUSH 0A0 0040292F . 68 5C214000 PUSH 0040215C 00402934 . 51 PUSH ECX 00402935 . 50 PUSH EAX 00402936 . FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj 0040293C > 8B95 30FFFFFF MOV EDX,DWORD PTR SS:[EBP-D0] 00402942 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28] 00402945 . 89BD 30FFFFFF MOV DWORD PTR SS:[EBP-D0],EDI 0040294B . FF15 9C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove 00402951 . 8D8D 2CFFFFFF LEA ECX,DWORD PTR SS:[EBP-D4] 00402957 . FF15 AC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj 0040295D . 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28] 00402960 . 52 PUSH EDX 00402961 . FF15 14104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr 00402967 . 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104] 0040296D . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78] 00402970 . 8985 04FFFFFF MOV DWORD PTR SS:[EBP-FC],EAX 00402976 . C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],3 00402980 . FFD6 CALL ESI 00402982 . 8B03 MOV EAX,DWORD PTR DS:[EBX] 00402984 . 53 PUSH EBX 00402985 . FF90 00030000 CALL DWORD PTR DS:[EAX+300] 0040298B . 8D8D 2CFFFFFF LEA ECX,DWORD PTR SS:[EBP-D4] 00402991 . 50 PUSH EAX 00402992 . 51 PUSH ECX 00402993 . FF15 2C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet 00402999 . 8BD8 MOV EBX,EAX 0040299B . 8D85 30FFFFFF LEA EAX,DWORD PTR SS:[EBP-D0] 004029A1 . 50 PUSH EAX 004029A2 . 53 PUSH EBX 004029A3 . 8B13 MOV EDX,DWORD PTR DS:[EBX] 004029A5 . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0] 004029AB . 3BC7 CMP EAX,EDI 004029AD . DBE2 FCLEX 004029AF . 7D 12 JGE SHORT 004029C3 004029B1 . 68 A0000000 PUSH 0A0 004029B6 . 68 5C214000 PUSH 0040215C 004029BB . 53 PUSH EBX 004029BC . 50 PUSH EAX 004029BD . FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj 004029C3 > 8B8D 30FFFFFF MOV ECX,DWORD PTR SS:[EBP-D0] 004029C9 . 51 PUSH ECX 004029CA . FF15 B4104000 CALL DWORD PTR DS:[<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr 004029D0 . DD9D 04FFFFFF FSTP QWORD PTR SS:[EBP-FC] 004029D6 . 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104] 004029DC . 8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88] 004029E2 . C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],5 004029EC . FFD6 CALL ESI 004029EE . 8D8D 30FFFFFF LEA ECX,DWORD PTR SS:[EBP-D0] 004029F4 . FF15 B0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr 004029FA . 8D8D 2CFFFFFF LEA ECX,DWORD PTR SS:[EBP-D4] 00402A00 . FF15 AC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj 00402A06 . 8B1D 8C104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVa>; MSVBVM60.__vbaVarAdd 00402A0C . 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-58] 00402A0F . 8D85 78FFFFFF LEA EAX,DWORD PTR SS:[EBP-88] 00402A15 . 52 PUSH EDX 00402A16 . 8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4] 00402A1C . 50 PUSH EAX 00402A1D . 51 PUSH ECX 00402A1E . FFD3 CALL EBX ; <&MSVBVM60.__vbaVarAdd> 00402A20 . 8BD0 MOV EDX,EAX 00402A22 . 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-58] 00402A25 . FFD6 CALL ESI 00402A27 . 8D55 88 LEA EDX,DWORD PTR SS:[EBP-78] 00402A2A . 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104] 00402A30 . 52 PUSH EDX 00402A31 . 8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4] 00402A37 . 50 PUSH EAX 00402A38 . 51 PUSH ECX 00402A39 . C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],20 00402A43 . C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2 00402A4D . FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMu>; MSVBVM60.__vbaVarMul 00402A53 . 8BD0 MOV EDX,EAX 00402A55 . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78] 00402A58 . FFD6 CALL ESI 00402A5A . 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104] 00402A60 . 8D4D B8 LEA ECX,DWORD PTR SS:[EBP-48] 00402A63 . 89BD 04FFFFFF MOV DWORD PTR SS:[EBP-FC],EDI 00402A69 . C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2 00402A73 . FFD6 CALL ESI 00402A75 . 8D55 B8 LEA EDX,DWORD PTR SS:[EBP-48] 00402A78 . 8D45 88 LEA EAX,DWORD PTR SS:[EBP-78] 00402A7B . 52 PUSH EDX 00402A7C . 8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4] 00402A82 . 50 PUSH EAX 00402A83 . 51 PUSH ECX 00402A84 . FFD3 CALL EBX 00402A86 . 8BD0 MOV EDX,EAX 00402A88 . 8D4D B8 LEA ECX,DWORD PTR SS:[EBP-48] 00402A8B . FFD6 CALL ESI 00402A8D . 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-58] 00402A90 . 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38] 00402A93 . 52 PUSH EDX 00402A94 . 8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4] 00402A9A . 50 PUSH EAX 00402A9B . 51 PUSH ECX 00402A9C . FFD3 CALL EBX 00402A9E . 50 PUSH EAX 00402A9F . 8D55 B8 LEA EDX,DWORD PTR SS:[EBP-48] 00402AA2 . 8D85 0CFFFFFF LEA EAX,DWORD PTR SS:[EBP-F4] 00402AA8 . 52 PUSH EDX 00402AA9 . 50 PUSH EAX 00402AAA . FF15 00104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarSu>; MSVBVM60.__vbaVarSub 00402AB0 . 8BD0 MOV EDX,EAX 00402AB2 . 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-58] 00402AB5 . FFD6 CALL ESI 00402AB7 . 8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4] 00402ABD . FF15 10104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVar 00402AC3 . 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-58] 00402AC6 . 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104] 00402ACC . 51 PUSH ECX 00402ACD . 8D85 1CFFFFFF LEA EAX,DWORD PTR SS:[EBP-E4] 00402AD3 . 52 PUSH EDX 00402AD4 . 50 PUSH EAX 00402AD5 . C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],3CB 00402ADF . C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2 00402AE9 . 89BD F4FEFFFF MOV DWORD PTR SS:[EBP-10C],EDI 00402AEF . C785 ECFEFFFF>MOV DWORD PTR SS:[EBP-114],8002 00402AF9 . FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMo>; MSVBVM60.__vbaVarMod 00402AFF . 50 PUSH EAX 00402B00 . 8D8D ECFEFFFF LEA ECX,DWORD PTR SS:[EBP-114] 00402B06 . 51 PUSH ECX 00402B07 . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>; MSVBVM60.__vbaVarTstEq 00402B0D . 66:85C0 TEST AX,AX 00402B10 . 74 22 JE SHORT 00402B34 00402B12 . 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104] 00402B18 . 8D8D 34FFFFFF LEA ECX,DWORD PTR SS:[EBP-CC] 00402B1E . C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],1 00402B28 . C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2 00402B32 . FFD6 CALL ESI 00402B34 > 8D95 34FFFFFF LEA EDX,DWORD PTR SS:[EBP-CC] 00402B3A . 8D4D 98 LEA ECX,DWORD PTR SS:[EBP-68] 00402B3D . FF15 94104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCo>; MSVBVM60.__vbaVarCopy 00402B43 . 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104] 00402B49 . 8D8D 68FFFFFF LEA ECX,DWORD PTR SS:[EBP-98] 00402B4F . C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],3CB 00402B59 . C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2 00402B63 . FFD6 CALL ESI 00402B65 . 8D95 68FFFFFF LEA EDX,DWORD PTR SS:[EBP-98] 00402B6B . 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104] 00402B71 . 52 PUSH EDX 00402B72 . 8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4] 00402B78 . 50 PUSH EAX 00402B79 . 51 PUSH ECX 00402B7A . C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],5 00402B84 . C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2 00402B8E . FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMu>; MSVBVM60.__vbaVarMul 00402B94 . 8BD0 MOV EDX,EAX 00402B96 . 8D8D 44FFFFFF LEA ECX,DWORD PTR SS:[EBP-BC] 00402B9C . FFD6 CALL ESI 00402B9E . 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-58] 00402BA1 . 8D85 44FFFFFF LEA EAX,DWORD PTR SS:[EBP-BC] 00402BA7 . 52 PUSH EDX 00402BA8 . 8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4] 00402BAE . 50 PUSH EAX 00402BAF . 51 PUSH ECX 00402BB0 . C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],5C9A0E0 00402BBA . C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],8003 00402BC4 . FFD3 CALL EBX 00402BC6 . 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104] 00402BCC . 50 PUSH EAX 00402BCD . 52 PUSH EDX 00402BCE . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>; MSVBVM60.__vbaVarTstEq 00402BD4 . 8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4] 00402BDA . 66:8BD8 MOV BX,AX 00402BDD . FF15 10104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVar 00402BE3 . 66:3BDF CMP BX,DI 00402BE6 . 74 16 JE SHORT 00402BFE 00402BE8 . C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],1 00402BF2 . C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2 00402BFC . EB 1E JMP SHORT 00402C1C 00402BFE > 8D85 54FFFFFF LEA EAX,DWORD PTR SS:[EBP-AC] 00402C04 . 50 PUSH EAX 00402C05 . FF15 6C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI2Var>; MSVBVM60.__vbaI2Var 00402C0B . B8 02000000 MOV EAX,2 00402C10 . 8985 04FFFFFF MOV DWORD PTR SS:[EBP-FC],EAX 00402C16 . 8985 FCFEFFFF MOV DWORD PTR SS:[EBP-104],EAX 00402C1C > 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104] 00402C22 . 8D8D 54FFFFFF LEA ECX,DWORD PTR SS:[EBP-AC] 00402C28 . FFD6 CALL ESI 00402C2A . 8D8D 34FFFFFF LEA ECX,DWORD PTR SS:[EBP-CC] 00402C30 . 8D95 54FFFFFF LEA EDX,DWORD PTR SS:[EBP-AC] 00402C36 . 51 PUSH ECX 00402C37 . 8D85 1CFFFFFF LEA EAX,DWORD PTR SS:[EBP-E4] 00402C3D . 52 PUSH EDX 00402C3E . 50 PUSH EAX 00402C3F . 89BD 04FFFFFF MOV DWORD PTR SS:[EBP-FC],EDI 00402C45 . C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],8002 00402C4F . FF15 00104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarSu>; MSVBVM60.__vbaVarSub 00402C55 . 8D8D FCFEFFFF LEA ECX,DWORD PTR SS:[EBP-104] 00402C5B . 50 PUSH EAX 00402C5C . 51 PUSH ECX 00402C5D . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>; MSVBVM60.__vbaVarTstEq 00402C63 . 66:85C0 TEST AX,AX 00402C66 . A1 10404000 MOV EAX,DWORD PTR DS:[404010] 00402C6B . 74 2D JE SHORT 00402C9A 00402C6D . 3BC7 CMP EAX,EDI 00402C6F . 75 10 JNZ SHORT 00402C81 00402C71 . 68 10404000 PUSH 00404010 00402C76 . 68 BC224000 PUSH 004022BC 00402C7B . FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaNew2>>; MSVBVM60.__vbaNew2 00402C81 > 8B35 10404000 MOV ESI,DWORD PTR DS:[404010] 00402C87 . 68 70214000 PUSH 00402170 00402C8C . 56 PUSH ESI 00402C8D . 8B16 MOV EDX,DWORD PTR DS:[ESI] 00402C8F . FF52 54 CALL DWORD PTR DS:[EDX+54] 00402C92 . 3BC7 CMP EAX,EDI 00402C94 . DBE2 FCLEX 00402C96 . 7D 3C JGE SHORT 00402CD4 00402C98 . EB 2B JMP SHORT 00402CC5 00402C9A > 3BC7 CMP EAX,EDI 00402C9C . 75 10 JNZ SHORT 00402CAE 00402C9E . 68 10404000 PUSH 00404010 00402CA3 . 68 BC224000 PUSH 004022BC 00402CA8 . FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaNew2>>; MSVBVM60.__vbaNew2 00402CAE > 8B35 10404000 MOV ESI,DWORD PTR DS:[404010] 00402CB4 . 68 7C214000 PUSH 0040217C 00402CB9 . 56 PUSH ESI 00402CBA . 8B06 MOV EAX,DWORD PTR DS:[ESI] 00402CBC . FF50 54 CALL DWORD PTR DS:[EAX+54] 00402CBF . 3BC7 CMP EAX,EDI 00402CC1 . DBE2 FCLEX 00402CC3 . 7D 0F JGE SHORT 00402CD4 00402CC5 > 6A 54 PUSH 54 00402CC7 . 68 3C204000 PUSH 0040203C 00402CCC . 56 PUSH ESI 00402CCD . 50 PUSH EAX 00402CCE . FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj 00402CD4 > 897D FC MOV DWORD PTR SS:[EBP-4],EDI 00402CD7 . 9B WAIT 00402CD8 . 68 672D4000 PUSH 00402D67 00402CDD . EB 32 JMP SHORT 00402D11 00402CDF . 8D8D 30FFFFFF LEA ECX,DWORD PTR SS:[EBP-D0] 00402CE5 . FF15 B0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr 00402CEB . 8D8D 2CFFFFFF LEA ECX,DWORD PTR SS:[EBP-D4] 00402CF1 . FF15 AC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj 00402CF7 . 8D8D 0CFFFFFF LEA ECX,DWORD PTR SS:[EBP-F4] 00402CFD . 8D95 1CFFFFFF LEA EDX,DWORD PTR SS:[EBP-E4] 00402D03 . 51 PUSH ECX 00402D04 . 52 PUSH EDX 00402D05 . 6A 02 PUSH 2 00402D07 . FF15 18104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList 00402D0D . 83C4 0C ADD ESP,0C 00402D10 . C3 RETN 00402D11 > 8B35 10104000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeVar 00402D17 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24] 00402D1A . FFD6 CALL ESI ; <&MSVBVM60.__vbaFreeVar> 00402D1C . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28] 00402D1F . FF15 B0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr 00402D25 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38] 00402D28 . FFD6 CALL ESI 00402D2A . 8D4D B8 LEA ECX,DWORD PTR SS:[EBP-48] 00402D2D . FFD6 CALL ESI 00402D2F . 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-58] 00402D32 . FFD6 CALL ESI 00402D34 . 8D4D 98 LEA ECX,DWORD PTR SS:[EBP-68] 00402D37 . FFD6 CALL ESI 00402D39 . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78] 00402D3C . FFD6 CALL ESI 00402D3E . 8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88] 00402D44 . FFD6 CALL ESI 00402D46 . 8D8D 68FFFFFF LEA ECX,DWORD PTR SS:[EBP-98] 00402D4C . FFD6 CALL ESI 00402D4E . 8D8D 54FFFFFF LEA ECX,DWORD PTR SS:[EBP-AC] 00402D54 . FFD6 CALL ESI 00402D56 . 8D8D 44FFFFFF LEA ECX,DWORD PTR SS:[EBP-BC] 00402D5C . FFD6 CALL ESI 00402D5E . 8D8D 34FFFFFF LEA ECX,DWORD PTR SS:[EBP-CC] 00402D64 . FFD6 CALL ESI 00402D66 . C3 RETN 00402D67 . 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 00402D6A . 50 PUSH EAX 00402D6B . 8B08 MOV ECX,DWORD PTR DS:[EAX] 00402D6D . FF51 08 CALL DWORD PTR DS:[ECX+8] 00402D70 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 00402D73 . 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] 00402D76 . 5F POP EDI 00402D77 . 5E POP ESI 00402D78 . 64:890D 00000>MOV DWORD PTR FS:[0],ECX 00402D7F . 5B POP EBX 00402D80 . 8BE5 MOV ESP,EBP 00402D82 . 5D POP EBP 00402D83 . C2 0400 RETN 4 下面是程序中使用的变量。没赋值的默认为0。想看分析的大概失望了。我这里是在od中静态分析的。直接把各个变量的使用情况记录下来了。然后看这些变量就可以了。 v104 = &H5352E18 // 87371288 v58 = v104 v28 = 用户名 // forever[RCT] v78 = 用户名长度 // 12 vd0 ＝注册码 // 1 v88 = 注册码转换成的实数 // 1 v58 = v58 + v88 // 87371288 + 1 = 87371289 v78 = v78 * 32 // 12 * 32 = 384 v48 = 0 v48 = v48 + v78 // 384 ve4 = v58 + v38 // 87371289 v58 = ve4 - v48 // 87371289 - 384 = 87370905 ve4 = v58 mod &H3CB // 87370905 MOD 971 = 325 如果结果为0则vcc = 1 // 要想成功注册这里必须相等 v68 = vcc // 0 v98 = &H3CB // 971 vbc = v98 * 5 // 971 * 5 = 4855 ve4 = v58 + vbc // 87370905 + 4855 = 87375760 v104 = &H5C9A0E0 // 97100000 测试ve4与v104是否相等，相等则v104 = 1 // 要想成功注册这里必须相等否则v104 = 2 vac = v104 ve4 = vcc-vac 测试ve4是否为0 **关键比较** 总结：注册机算法：1. 取用户名长度，设为 len 2. 求出要使用的常量 97100000 - 4855 = 97095145 3. 97095145 + len * 32 - 87371288,所得结果就是注册码
小剑雪币： 110 活跃值： (13) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 375 粉丝 1 关注私信	小剑 2006-8-7 19:20 11 楼 0 强，就等你了，好几天了，下次来个难的
ForEver 雪币： 343 活跃值： (611) 能力值： ( LV9，RANK：810 ) 在线值：发帖 28 回帖 361 粉丝 0 关注私信	ForEver 20 2006-8-7 19:24 12 楼 0 呵呵。你回复的够快的。高手现在都太忙，大概顾不上。我今天下午正好没事看看，碰巧找到注册码了。表等我啊。
happyboygd 雪币： 191 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 28 粉丝 0 关注私信	happyboygd 2006-10-1 12:36 13 楼 0 呵呵呵呵呵呵呵呵
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复

dennislwy

雪币： 182

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

8

回帖

42

粉丝

0

关注

私信

dennislwy 2006-8-4 08:15: 2 楼
0

已经下了.

等会看看!!

感谢楼主提供给我们新手练习!!

小剑

雪币： 110

活跃值： (13)

能力值：

( LV2，RANK：10 )

在线值：

发帖

7

回帖

375

粉丝

1

关注

私信

小剑 2006-8-4 20:32: 3 楼
0

没人把破解的结果上传吗？。。。。晕

happytown

雪币： 721

活跃值： (350)

能力值：

( LV9，RANK：1250 )

在线值：

发帖

131

回帖

1014

粉丝

1

关注

私信

happytown 31 2006-8-4 20:37: 4 楼
0

至少有人在分析。
因为目前已经有12个人下载了。

emgbb

雪币： 200

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

0

回帖

1

粉丝

0

关注

私信

emgbb 2006-8-4 22:45: 5 楼
0

又是VB啊？看看是什么

小剑

雪币： 110

活跃值： (13)

能力值：

( LV2，RANK：10 )

在线值：

发帖

7

回帖

375

粉丝

1

关注

私信

小剑 2006-8-4 23:34: 6 楼
0

上次发的 CrackMe ，给 PYG 的惊涛版主破了，这次大侠可有下

小剑

雪币： 110

活跃值： (13)

能力值：

( LV2，RANK：10 )

在线值：

发帖

7

回帖

375

粉丝

1

关注

私信

小剑 2006-8-5 15:19: 7 楼
0

期待大家的结果啊，鼓励一下，结果出来心里才舒服的

小剑

雪币： 110

活跃值： (13)

能力值：

( LV2，RANK：10 )

在线值：

发帖

7

回帖

375

粉丝

1

关注

私信

小剑 2006-8-6 12:54: 8 楼
0

再顶一次，没人破解出来就让它沉下去吧，失望

小剑

雪币： 110

活跃值： (13)

能力值：

( LV2，RANK：10 )

在线值：

发帖

7

回帖

375

粉丝

1

关注

私信

小剑 2006-8-7 19:08: 9 楼
0

真的难吗？？？？？？？？？？？？？？
程序只是拐了个弯，大家不是看不出吧，还是要顶上去

ForEver

雪币： 343

活跃值： (611)

能力值：

( LV9，RANK：810 )

在线值：

发帖

28

回帖

361

粉丝

0

关注

私信

ForEver 20 2006-8-7 19:15: 10 楼
0

注册名：forever[RCT]
注册码：9724241
00402830 > \55          PUSH EBP
00402831 .  8BEC       MOV EBP,ESP
00402833 .  83EC 0C    SUB ESP,0C
00402836 .  68 E6104000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler>  ;  SE handler installation
0040283B .  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00402841 .  50          PUSH EAX
00402842 .  64:8925 00000>MOV DWORD PTR FS:[0],ESP
00402849 .  81EC 14010000 SUB ESP,114
0040284F .  53          PUSH EBX
00402850 .  56          PUSH ESI
00402851 .  57          PUSH EDI
00402852 .  8965 F4    MOV DWORD PTR SS:[EBP-C],ESP
00402855 .  C745 F8 C0104>MOV DWORD PTR SS:[EBP-8],004010C0
0040285C .  8B5D 08    MOV EBX,DWORD PTR SS:[EBP+8]
0040285F .  8BC3       MOV EAX,EBX
00402861 .  83E0 01    AND EAX,1
00402864 .  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
00402867 .  83E3 FE    AND EBX,FFFFFFFE
0040286A .  53          PUSH EBX
0040286B .  895D 08    MOV DWORD PTR SS:[EBP+8],EBX
0040286E .  8B0B       MOV ECX,DWORD PTR DS:[EBX]
00402870 .  FF51 04    CALL DWORD PTR DS:[ECX+4]
00402873 .  8B35 0C104000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaVa>;  MSVBVM60.__vbaVarMove
00402879 .  33FF       XOR EDI,EDI
0040287B .  89BD FCFEFFFF MOV DWORD PTR SS:[EBP-104],EDI
00402881 .  8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00402887 .  8D4D A8    LEA ECX,DWORD PTR SS:[EBP-58]
0040288A .  897D DC    MOV DWORD PTR SS:[EBP-24],EDI
0040288D .  897D D8    MOV DWORD PTR SS:[EBP-28],EDI
00402890 .  897D C8    MOV DWORD PTR SS:[EBP-38],EDI
00402893 .  897D B8    MOV DWORD PTR SS:[EBP-48],EDI
00402896 .  897D A8    MOV DWORD PTR SS:[EBP-58],EDI
00402899 .  897D 98    MOV DWORD PTR SS:[EBP-68],EDI
0040289C .  897D 88    MOV DWORD PTR SS:[EBP-78],EDI
0040289F .  89BD 78FFFFFF MOV DWORD PTR SS:[EBP-88],EDI
004028A5 .  89BD 68FFFFFF MOV DWORD PTR SS:[EBP-98],EDI
004028AB .  89BD 54FFFFFF MOV DWORD PTR SS:[EBP-AC],EDI
004028B1 .  89BD 44FFFFFF MOV DWORD PTR SS:[EBP-BC],EDI
004028B7 .  89BD 34FFFFFF MOV DWORD PTR SS:[EBP-CC],EDI
004028BD .  89BD 30FFFFFF MOV DWORD PTR SS:[EBP-D0],EDI
004028C3 .  89BD 2CFFFFFF MOV DWORD PTR SS:[EBP-D4],EDI
004028C9 .  89BD 1CFFFFFF MOV DWORD PTR SS:[EBP-E4],EDI
004028CF .  89BD 0CFFFFFF MOV DWORD PTR SS:[EBP-F4],EDI
004028D5 .  89BD ECFEFFFF MOV DWORD PTR SS:[EBP-114],EDI
004028DB .  C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],5352E18
004028E5 .  C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],3
004028EF .  FFD6       CALL ESI                               ;  <&MSVBVM60.__vbaVarMove>
004028F1 .  8B13       MOV EDX,DWORD PTR DS:[EBX]
004028F3 .  53          PUSH EBX
004028F4 .  FF92 04030000 CALL DWORD PTR DS:[EDX+304]
004028FA .  50          PUSH EAX
004028FB .  8D85 2CFFFFFF LEA EAX,DWORD PTR SS:[EBP-D4]
00402901 .  50          PUSH EAX
00402902 .  FF15 2C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;  MSVBVM60.__vbaObjSet
00402908 .  8B08       MOV ECX,DWORD PTR DS:[EAX]
0040290A .  8D95 30FFFFFF LEA EDX,DWORD PTR SS:[EBP-D0]
00402910 .  52          PUSH EDX
00402911 .  50          PUSH EAX
00402912 .  8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX
00402918 .  FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
0040291E .  3BC7       CMP EAX,EDI
00402920 .  DBE2       FCLEX
00402922 .  7D 18       JGE SHORT 0040293C
00402924 .  8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118]
0040292A .  68 A0000000 PUSH 0A0
0040292F .  68 5C214000 PUSH 0040215C
00402934 .  51          PUSH ECX
00402935 .  50          PUSH EAX
00402936 .  FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;  MSVBVM60.__vbaHresultCheckObj
0040293C >  8B95 30FFFFFF MOV EDX,DWORD PTR SS:[EBP-D0]
00402942 .  8D4D D8    LEA ECX,DWORD PTR SS:[EBP-28]
00402945 .  89BD 30FFFFFF MOV DWORD PTR SS:[EBP-D0],EDI
0040294B .  FF15 9C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>;  MSVBVM60.__vbaStrMove
00402951 .  8D8D 2CFFFFFF LEA ECX,DWORD PTR SS:[EBP-D4]
00402957 .  FF15 AC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;  MSVBVM60.__vbaFreeObj
0040295D .  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]
00402960 .  52          PUSH EDX
00402961 .  FF15 14104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>;  MSVBVM60.__vbaLenBstr
00402967 .  8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
0040296D .  8D4D 88    LEA ECX,DWORD PTR SS:[EBP-78]
00402970 .  8985 04FFFFFF MOV DWORD PTR SS:[EBP-FC],EAX
00402976 .  C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],3
00402980 .  FFD6       CALL ESI
00402982 .  8B03       MOV EAX,DWORD PTR DS:[EBX]
00402984 .  53          PUSH EBX
00402985 .  FF90 00030000 CALL DWORD PTR DS:[EAX+300]
0040298B .  8D8D 2CFFFFFF LEA ECX,DWORD PTR SS:[EBP-D4]
00402991 .  50          PUSH EAX
00402992 .  51          PUSH ECX
00402993 .  FF15 2C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;  MSVBVM60.__vbaObjSet
00402999 .  8BD8       MOV EBX,EAX
0040299B .  8D85 30FFFFFF LEA EAX,DWORD PTR SS:[EBP-D0]
004029A1 .  50          PUSH EAX
004029A2 .  53          PUSH EBX
004029A3 .  8B13       MOV EDX,DWORD PTR DS:[EBX]
004029A5 .  FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
004029AB .  3BC7       CMP EAX,EDI
004029AD .  DBE2       FCLEX
004029AF .  7D 12       JGE SHORT 004029C3
004029B1 .  68 A0000000 PUSH 0A0
004029B6 .  68 5C214000 PUSH 0040215C
004029BB .  53          PUSH EBX
004029BC .  50          PUSH EAX
004029BD .  FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;  MSVBVM60.__vbaHresultCheckObj
004029C3 >  8B8D 30FFFFFF MOV ECX,DWORD PTR SS:[EBP-D0]
004029C9 .  51          PUSH ECX
004029CA .  FF15 B4104000 CALL DWORD PTR DS:[<&MSVBVM60.#581>]    ;  MSVBVM60.rtcR8ValFromBstr
004029D0 .  DD9D 04FFFFFF FSTP QWORD PTR SS:[EBP-FC]
004029D6 .  8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
004029DC .  8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88]
004029E2 .  C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],5
004029EC .  FFD6       CALL ESI
004029EE .  8D8D 30FFFFFF LEA ECX,DWORD PTR SS:[EBP-D0]
004029F4 .  FF15 B0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;  MSVBVM60.__vbaFreeStr
004029FA .  8D8D 2CFFFFFF LEA ECX,DWORD PTR SS:[EBP-D4]
00402A00 .  FF15 AC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;  MSVBVM60.__vbaFreeObj
00402A06 .  8B1D 8C104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVa>;  MSVBVM60.__vbaVarAdd
00402A0C .  8D55 A8    LEA EDX,DWORD PTR SS:[EBP-58]
00402A0F .  8D85 78FFFFFF LEA EAX,DWORD PTR SS:[EBP-88]
00402A15 .  52          PUSH EDX
00402A16 .  8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4]
00402A1C .  50          PUSH EAX
00402A1D .  51          PUSH ECX
00402A1E .  FFD3       CALL EBX                               ;  <&MSVBVM60.__vbaVarAdd>
00402A20 .  8BD0       MOV EDX,EAX
00402A22 .  8D4D A8    LEA ECX,DWORD PTR SS:[EBP-58]
00402A25 .  FFD6       CALL ESI
00402A27 .  8D55 88    LEA EDX,DWORD PTR SS:[EBP-78]
00402A2A .  8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
00402A30 .  52          PUSH EDX
00402A31 .  8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4]
00402A37 .  50          PUSH EAX
00402A38 .  51          PUSH ECX
00402A39 .  C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],20
00402A43 .  C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2
00402A4D .  FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMu>;  MSVBVM60.__vbaVarMul
00402A53 .  8BD0       MOV EDX,EAX
00402A55 .  8D4D 88    LEA ECX,DWORD PTR SS:[EBP-78]
00402A58 .  FFD6       CALL ESI
00402A5A .  8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00402A60 .  8D4D B8    LEA ECX,DWORD PTR SS:[EBP-48]
00402A63 .  89BD 04FFFFFF MOV DWORD PTR SS:[EBP-FC],EDI
00402A69 .  C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2
00402A73 .  FFD6       CALL ESI
00402A75 .  8D55 B8    LEA EDX,DWORD PTR SS:[EBP-48]
00402A78 .  8D45 88    LEA EAX,DWORD PTR SS:[EBP-78]
00402A7B .  52          PUSH EDX
00402A7C .  8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4]
00402A82 .  50          PUSH EAX
00402A83 .  51          PUSH ECX
00402A84 .  FFD3       CALL EBX
00402A86 .  8BD0       MOV EDX,EAX
00402A88 .  8D4D B8    LEA ECX,DWORD PTR SS:[EBP-48]
00402A8B .  FFD6       CALL ESI
00402A8D .  8D55 A8    LEA EDX,DWORD PTR SS:[EBP-58]
00402A90 .  8D45 C8    LEA EAX,DWORD PTR SS:[EBP-38]
00402A93 .  52          PUSH EDX
00402A94 .  8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4]
00402A9A .  50          PUSH EAX
00402A9B .  51          PUSH ECX
00402A9C .  FFD3       CALL EBX
00402A9E .  50          PUSH EAX
00402A9F .  8D55 B8    LEA EDX,DWORD PTR SS:[EBP-48]
00402AA2 .  8D85 0CFFFFFF LEA EAX,DWORD PTR SS:[EBP-F4]
00402AA8 .  52          PUSH EDX
00402AA9 .  50          PUSH EAX
00402AAA .  FF15 00104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarSu>;  MSVBVM60.__vbaVarSub
00402AB0 .  8BD0       MOV EDX,EAX
00402AB2 .  8D4D A8    LEA ECX,DWORD PTR SS:[EBP-58]
00402AB5 .  FFD6       CALL ESI
00402AB7 .  8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4]
00402ABD .  FF15 10104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>;  MSVBVM60.__vbaFreeVar
00402AC3 .  8D4D A8    LEA ECX,DWORD PTR SS:[EBP-58]
00402AC6 .  8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00402ACC .  51          PUSH ECX
00402ACD .  8D85 1CFFFFFF LEA EAX,DWORD PTR SS:[EBP-E4]
00402AD3 .  52          PUSH EDX
00402AD4 .  50          PUSH EAX
00402AD5 .  C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],3CB
00402ADF .  C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2
00402AE9 .  89BD F4FEFFFF MOV DWORD PTR SS:[EBP-10C],EDI
00402AEF .  C785 ECFEFFFF>MOV DWORD PTR SS:[EBP-114],8002
00402AF9 .  FF15 90104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMo>;  MSVBVM60.__vbaVarMod
00402AFF .  50          PUSH EAX
00402B00 .  8D8D ECFEFFFF LEA ECX,DWORD PTR SS:[EBP-114]
00402B06 .  51          PUSH ECX
00402B07 .  FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>;  MSVBVM60.__vbaVarTstEq
00402B0D .  66:85C0    TEST AX,AX
00402B10 .  74 22       JE SHORT 00402B34
00402B12 .  8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00402B18 .  8D8D 34FFFFFF LEA ECX,DWORD PTR SS:[EBP-CC]
00402B1E .  C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],1
00402B28 .  C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2
00402B32 .  FFD6       CALL ESI
00402B34 >  8D95 34FFFFFF LEA EDX,DWORD PTR SS:[EBP-CC]
00402B3A .  8D4D 98    LEA ECX,DWORD PTR SS:[EBP-68]
00402B3D .  FF15 94104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCo>;  MSVBVM60.__vbaVarCopy
00402B43 .  8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00402B49 .  8D8D 68FFFFFF LEA ECX,DWORD PTR SS:[EBP-98]
00402B4F .  C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],3CB
00402B59 .  C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2
00402B63 .  FFD6       CALL ESI
00402B65 .  8D95 68FFFFFF LEA EDX,DWORD PTR SS:[EBP-98]
00402B6B .  8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
00402B71 .  52          PUSH EDX
00402B72 .  8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4]
00402B78 .  50          PUSH EAX
00402B79 .  51          PUSH ECX
00402B7A .  C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],5
00402B84 .  C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2
00402B8E .  FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMu>;  MSVBVM60.__vbaVarMul
00402B94 .  8BD0       MOV EDX,EAX
00402B96 .  8D8D 44FFFFFF LEA ECX,DWORD PTR SS:[EBP-BC]
00402B9C .  FFD6       CALL ESI
00402B9E .  8D55 A8    LEA EDX,DWORD PTR SS:[EBP-58]
00402BA1 .  8D85 44FFFFFF LEA EAX,DWORD PTR SS:[EBP-BC]
00402BA7 .  52          PUSH EDX
00402BA8 .  8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4]
00402BAE .  50          PUSH EAX
00402BAF .  51          PUSH ECX
00402BB0 .  C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],5C9A0E0
00402BBA .  C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],8003
00402BC4 .  FFD3       CALL EBX
00402BC6 .  8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00402BCC .  50          PUSH EAX
00402BCD .  52          PUSH EDX
00402BCE .  FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>;  MSVBVM60.__vbaVarTstEq
00402BD4 .  8D8D 1CFFFFFF LEA ECX,DWORD PTR SS:[EBP-E4]
00402BDA .  66:8BD8    MOV BX,AX
00402BDD .  FF15 10104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>;  MSVBVM60.__vbaFreeVar
00402BE3 .  66:3BDF    CMP BX,DI
00402BE6 .  74 16       JE SHORT 00402BFE
00402BE8 .  C785 04FFFFFF>MOV DWORD PTR SS:[EBP-FC],1
00402BF2 .  C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],2
00402BFC .  EB 1E       JMP SHORT 00402C1C
00402BFE >  8D85 54FFFFFF LEA EAX,DWORD PTR SS:[EBP-AC]
00402C04 .  50          PUSH EAX
00402C05 .  FF15 6C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI2Var>;  MSVBVM60.__vbaI2Var
00402C0B .  B8 02000000 MOV EAX,2
00402C10 .  8985 04FFFFFF MOV DWORD PTR SS:[EBP-FC],EAX
00402C16 .  8985 FCFEFFFF MOV DWORD PTR SS:[EBP-104],EAX
00402C1C >  8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
00402C22 .  8D8D 54FFFFFF LEA ECX,DWORD PTR SS:[EBP-AC]
00402C28 .  FFD6       CALL ESI
00402C2A .  8D8D 34FFFFFF LEA ECX,DWORD PTR SS:[EBP-CC]
00402C30 .  8D95 54FFFFFF LEA EDX,DWORD PTR SS:[EBP-AC]
00402C36 .  51          PUSH ECX
00402C37 .  8D85 1CFFFFFF LEA EAX,DWORD PTR SS:[EBP-E4]
00402C3D .  52          PUSH EDX
00402C3E .  50          PUSH EAX
00402C3F .  89BD 04FFFFFF MOV DWORD PTR SS:[EBP-FC],EDI
00402C45 .  C785 FCFEFFFF>MOV DWORD PTR SS:[EBP-104],8002
00402C4F .  FF15 00104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarSu>;  MSVBVM60.__vbaVarSub
00402C55 .  8D8D FCFEFFFF LEA ECX,DWORD PTR SS:[EBP-104]
00402C5B .  50          PUSH EAX
00402C5C .  51          PUSH ECX
00402C5D .  FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>;  MSVBVM60.__vbaVarTstEq
00402C63 .  66:85C0    TEST AX,AX
00402C66 .  A1 10404000 MOV EAX,DWORD PTR DS:[404010]
00402C6B .  74 2D       JE SHORT 00402C9A
00402C6D .  3BC7       CMP EAX,EDI
00402C6F .  75 10       JNZ SHORT 00402C81
00402C71 .  68 10404000 PUSH 00404010
00402C76 .  68 BC224000 PUSH 004022BC
00402C7B .  FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaNew2>>;  MSVBVM60.__vbaNew2
00402C81 >  8B35 10404000 MOV ESI,DWORD PTR DS:[404010]
00402C87 .  68 70214000 PUSH 00402170
00402C8C .  56          PUSH ESI
00402C8D .  8B16       MOV EDX,DWORD PTR DS:[ESI]
00402C8F .  FF52 54    CALL DWORD PTR DS:[EDX+54]
00402C92 .  3BC7       CMP EAX,EDI
00402C94 .  DBE2       FCLEX
00402C96 .  7D 3C       JGE SHORT 00402CD4
00402C98 .  EB 2B       JMP SHORT 00402CC5
00402C9A >  3BC7       CMP EAX,EDI
00402C9C .  75 10       JNZ SHORT 00402CAE
00402C9E .  68 10404000 PUSH 00404010
00402CA3 .  68 BC224000 PUSH 004022BC
00402CA8 .  FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaNew2>>;  MSVBVM60.__vbaNew2
00402CAE >  8B35 10404000 MOV ESI,DWORD PTR DS:[404010]
00402CB4 .  68 7C214000 PUSH 0040217C
00402CB9 .  56          PUSH ESI
00402CBA .  8B06       MOV EAX,DWORD PTR DS:[ESI]
00402CBC .  FF50 54    CALL DWORD PTR DS:[EAX+54]
00402CBF .  3BC7       CMP EAX,EDI
00402CC1 .  DBE2       FCLEX
00402CC3 .  7D 0F       JGE SHORT 00402CD4
00402CC5 >  6A 54       PUSH 54
00402CC7 .  68 3C204000 PUSH 0040203C
00402CCC .  56          PUSH ESI
00402CCD .  50          PUSH EAX
00402CCE .  FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;  MSVBVM60.__vbaHresultCheckObj
00402CD4 >  897D FC    MOV DWORD PTR SS:[EBP-4],EDI
00402CD7 .  9B          WAIT
00402CD8 .  68 672D4000 PUSH 00402D67
00402CDD .  EB 32       JMP SHORT 00402D11
00402CDF .  8D8D 30FFFFFF LEA ECX,DWORD PTR SS:[EBP-D0]
00402CE5 .  FF15 B0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;  MSVBVM60.__vbaFreeStr
00402CEB .  8D8D 2CFFFFFF LEA ECX,DWORD PTR SS:[EBP-D4]
00402CF1 .  FF15 AC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;  MSVBVM60.__vbaFreeObj
00402CF7 .  8D8D 0CFFFFFF LEA ECX,DWORD PTR SS:[EBP-F4]
00402CFD .  8D95 1CFFFFFF LEA EDX,DWORD PTR SS:[EBP-E4]
00402D03 .  51          PUSH ECX
00402D04 .  52          PUSH EDX
00402D05 .  6A 02       PUSH 2
00402D07 .  FF15 18104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>;  MSVBVM60.__vbaFreeVarList
00402D0D .  83C4 0C    ADD ESP,0C
00402D10 .  C3          RETN
00402D11 >  8B35 10104000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaFr>;  MSVBVM60.__vbaFreeVar
00402D17 .  8D4D DC    LEA ECX,DWORD PTR SS:[EBP-24]
00402D1A .  FFD6       CALL ESI                               ;  <&MSVBVM60.__vbaFreeVar>
00402D1C .  8D4D D8    LEA ECX,DWORD PTR SS:[EBP-28]
00402D1F .  FF15 B0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;  MSVBVM60.__vbaFreeStr
00402D25 .  8D4D C8    LEA ECX,DWORD PTR SS:[EBP-38]
00402D28 .  FFD6       CALL ESI
00402D2A .  8D4D B8    LEA ECX,DWORD PTR SS:[EBP-48]
00402D2D .  FFD6       CALL ESI
00402D2F .  8D4D A8    LEA ECX,DWORD PTR SS:[EBP-58]
00402D32 .  FFD6       CALL ESI
00402D34 .  8D4D 98    LEA ECX,DWORD PTR SS:[EBP-68]
00402D37 .  FFD6       CALL ESI
00402D39 .  8D4D 88    LEA ECX,DWORD PTR SS:[EBP-78]
00402D3C .  FFD6       CALL ESI
00402D3E .  8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88]
00402D44 .  FFD6       CALL ESI
00402D46 .  8D8D 68FFFFFF LEA ECX,DWORD PTR SS:[EBP-98]
00402D4C .  FFD6       CALL ESI
00402D4E .  8D8D 54FFFFFF LEA ECX,DWORD PTR SS:[EBP-AC]
00402D54 .  FFD6       CALL ESI
00402D56 .  8D8D 44FFFFFF LEA ECX,DWORD PTR SS:[EBP-BC]
00402D5C .  FFD6       CALL ESI
00402D5E .  8D8D 34FFFFFF LEA ECX,DWORD PTR SS:[EBP-CC]
00402D64 .  FFD6       CALL ESI
00402D66 .  C3          RETN
00402D67 .  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
00402D6A .  50          PUSH EAX
00402D6B .  8B08       MOV ECX,DWORD PTR DS:[EAX]
00402D6D .  FF51 08    CALL DWORD PTR DS:[ECX+8]
00402D70 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00402D73 .  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
00402D76 .  5F          POP EDI
00402D77 .  5E          POP ESI
00402D78 .  64:890D 00000>MOV DWORD PTR FS:[0],ECX
00402D7F .  5B          POP EBX
00402D80 .  8BE5       MOV ESP,EBP
00402D82 .  5D          POP EBP
00402D83 .  C2 0400    RETN 4

下面是程序中使用的变量。没赋值的默认为0。
想看分析的大概失望了。我这里是在od中静态分析的。直接把各个变量的使用情况记录下来了。然后看这些变量就可以了。

v104 = &H5352E18                      // 87371288
v58 = v104
v28 = 用户名                            // forever[RCT]
v78 = 用户名长度                      // 12
vd0 ＝注册码                         // 1
v88 = 注册码转换成的实数                // 1
v58 = v58 + v88                         // 87371288 + 1 = 87371289
v78 = v78 * 32                         // 12 * 32    = 384
v48 = 0
v48 = v48 + v78                         // 384
ve4 = v58 + v38                         // 87371289
v58 = ve4 - v48                         // 87371289 - 384 = 87370905
ve4 = v58 mod &H3CB                   // 87370905 MOD 971 = 325
如果结果为0则vcc = 1                   // 要想成功注册这里必须相等
v68 = vcc                               // 0
v98 = &H3CB                            // 971
vbc = v98 * 5                         // 971 * 5 = 4855
ve4 = v58 + vbc                         // 87370905 + 4855 = 87375760
v104 = &H5C9A0E0                      // 97100000
测试ve4与v104是否相等，相等则v104 = 1 // 要想成功注册这里必须相等
否则v104 = 2
vac = v104
ve4 = vcc-vac
测试ve4是否为0 ****关键比较****

总结：
注册机算法：1. 取用户名长度，设为 len
            2. 求出要使用的常量 97100000 - 4855 = 97095145
            3. 97095145 + len * 32 - 87371288,所得结果就是注册码

小剑

雪币： 110

活跃值： (13)

能力值：

( LV2，RANK：10 )

在线值：

发帖

7

回帖

375

粉丝

1