-
-
[原创]VB Crackme 2.0 简单分析
-
2006-11-22 20:56 4376
-
【破解日期】 2006年11月22日
【破解作者】 冷血书生
【作者邮箱】 meiyou
【作者主页】 hxxp://www.126sohu.com/
【使用工具】 OD
【破解平台】 Win9x/NT/2000/XP
【软件名称】 VB Crackme 2.0
【下载地址】 本地
【软件大小】 15.5k
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
------------------------------------------------------------------------
--------
【破解内容】
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
【破解作者】 冷血书生
【作者邮箱】 meiyou
【作者主页】 hxxp://www.126sohu.com/
【使用工具】 OD
【破解平台】 Win9x/NT/2000/XP
【软件名称】 VB Crackme 2.0
【下载地址】 本地
【软件大小】 15.5k
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
------------------------------------------------------------------------
--------
【破解内容】
00402C2A push edx 00402C2B call dword ptr ds:[<&MSVBVM50.__vbaLenVar>] ; MSVBVM50.__vbaLenVar 00402C31 push eax 00402C32 call dword ptr ds:[<&MSVBVM50.__vbaI2Var>] ; MSVBVM50.__vbaI2Var 00402C38 mov esi,dword ptr ds:[<&MSVBVM50.#516>] ; MSVBVM50.rtcAnsiValueBstr 00402C3E mov edi,dword ptr ds:[<&MSVBVM50.__vbaStrVa>; MSVBVM50.__vbaStrVarVal 00402C44 mov dword ptr ss:[ebp-118],eax 00402C4A mov eax,1 00402C4F mov dword ptr ss:[ebp-3C],eax 00402C52 cmp ax,word ptr ss:[ebp-118] 00402C59 mov ebx,dword ptr ds:[<&MSVBVM50.#632>] ; MSVBVM50.rtcMidCharVar 00402C5F jg CM2.00402D54 00402C65 movsx edx,ax 00402C68 lea ecx,dword ptr ss:[ebp-68] 00402C6B lea eax,dword ptr ss:[ebp-28] 00402C6E push ecx 00402C6F push edx 00402C70 lea ecx,dword ptr ss:[ebp-78] 00402C73 push eax 00402C74 push ecx 00402C75 mov dword ptr ss:[ebp-60],1 00402C7C mov dword ptr ss:[ebp-68],2 00402C83 call ebx 00402C85 lea edx,dword ptr ss:[ebp-88] 00402C8B push 1 00402C8D lea eax,dword ptr ss:[ebp-98] 00402C93 push edx 00402C94 push eax 00402C95 mov dword ptr ss:[ebp-80],4 00402C9C mov dword ptr ss:[ebp-88],2 00402CA6 call dword ptr ds:[<&MSVBVM50.#617>] ; MSVBVM50.rtcLeftCharVar 00402CAC lea ecx,dword ptr ss:[ebp-98] 00402CB2 lea edx,dword ptr ss:[ebp-54] 00402CB5 push ecx 00402CB6 push edx 00402CB7 call edi 00402CB9 push eax 00402CBA call esi 00402CBC movsx ebx,ax 00402CBF lea eax,dword ptr ss:[ebp-78] 00402CC2 lea ecx,dword ptr ss:[ebp-50] 00402CC5 push eax 00402CC6 push ecx 00402CC7 call edi 00402CC9 push eax 00402CCA call esi 00402CCC movsx edx,ax ; 密码 00402CCF xor ebx,edx ; 密码 xor 34 00402CD1 lea eax,dword ptr ss:[ebp-A8] 00402CD7 push ebx 00402CD8 push eax 00402CD9 call dword ptr ds:[<&MSVBVM50.#608>] ; MSVBVM50.rtcVarBstrFromAnsi 00402CDF lea ecx,dword ptr ss:[ebp-38] 00402CE2 lea edx,dword ptr ss:[ebp-A8] 00402CE8 push ecx 00402CE9 lea eax,dword ptr ss:[ebp-B8] 00402CEF push edx 00402CF0 push eax 00402CF1 call dword ptr ds:[<&MSVBVM50.__vbaVarCat>] ; MSVBVM50.__vbaVarCat 00402CF7 mov edx,eax 00402CF9 lea ecx,dword ptr ss:[ebp-38] 00402CFC call dword ptr ds:[<&MSVBVM50.__vbaVarMove>>; MSVBVM50.__vbaVarMove 00402D02 lea ecx,dword ptr ss:[ebp-54] 00402D05 lea edx,dword ptr ss:[ebp-50] 00402D08 push ecx 00402D09 push edx 00402D0A push 2 00402D0C call dword ptr ds:[<&MSVBVM50.__vbaFreeStrL>; MSVBVM50.__vbaFreeStrList 00402D12 add esp,0C 00402D15 lea eax,dword ptr ss:[ebp-A8] 00402D1B lea ecx,dword ptr ss:[ebp-98] 00402D21 lea edx,dword ptr ss:[ebp-88] 00402D27 push eax 00402D28 push ecx 00402D29 lea eax,dword ptr ss:[ebp-78] 00402D2C push edx 00402D2D lea ecx,dword ptr ss:[ebp-68] 00402D30 push eax 00402D31 push ecx 00402D32 push 5 00402D34 call dword ptr ds:[<&MSVBVM50.__vbaFreeVarL>; MSVBVM50.__vbaFreeVarList 00402D3A mov eax,1 00402D3F add esp,18 00402D42 add ax,word ptr ss:[ebp-3C] 00402D46 jo CM2.004030EC 00402D4C mov dword ptr ss:[ebp-3C],eax 00402D4F jmp CM2.00402C52 00402D54 lea edx,dword ptr ss:[ebp-38] 00402D57 lea eax,dword ptr ss:[ebp-68] 00402D5A push edx 00402D5B push eax 00402D5C mov dword ptr ss:[ebp-18],1 00402D63 call dword ptr ds:[<&MSVBVM50.__vbaLenVar>] ; MSVBVM50.__vbaLenVar 00402D69 push eax 00402D6A call dword ptr ds:[<&MSVBVM50.__vbaI2Var>] ; MSVBVM50.__vbaI2Var 00402D70 mov ecx,1 00402D75 mov dword ptr ss:[ebp-120],eax 00402D7B mov eax,ecx 00402D7D mov dword ptr ss:[ebp-3C],eax 00402D80 cmp ax,word ptr ss:[ebp-120] 00402D87 jg CM2.00402EBA 00402D8D cmp word ptr ss:[ebp-18],4 00402D92 jle short CM2.00402D97 00402D94 mov dword ptr ss:[ebp-18],ecx 00402D97 mov dword ptr ss:[ebp-60],ecx 00402D9A lea ecx,dword ptr ss:[ebp-68] 00402D9D movsx edx,ax 00402DA0 push ecx 00402DA1 lea eax,dword ptr ss:[ebp-38] 00402DA4 push edx 00402DA5 lea ecx,dword ptr ss:[ebp-78] 00402DA8 push eax 00402DA9 push ecx 00402DAA mov dword ptr ss:[ebp-68],2 00402DB1 call ebx 00402DB3 mov eax,2 00402DB8 lea edx,dword ptr ss:[ebp-98] 00402DBE mov dword ptr ss:[ebp-98],eax 00402DC4 mov dword ptr ss:[ebp-88],eax 00402DCA movsx eax,word ptr ss:[ebp-18] 00402DCE push edx 00402DCF lea ecx,dword ptr ss:[ebp-88] 00402DD5 push eax 00402DD6 lea edx,dword ptr ss:[ebp-A8] 00402DDC push ecx 00402DDD push edx 00402DDE mov dword ptr ss:[ebp-90],1 00402DE8 mov dword ptr ss:[ebp-80],7D0 ; 7D0(2000D 00402DEF call ebx 00402DF1 lea eax,dword ptr ss:[ebp-A8] 00402DF7 lea ecx,dword ptr ss:[ebp-54] 00402DFA push eax 00402DFB push ecx 00402DFC call edi 00402DFE push eax 00402DFF call esi 00402E01 movsx ebx,ax 00402E04 lea edx,dword ptr ss:[ebp-78] 00402E07 lea eax,dword ptr ss:[ebp-50] 00402E0A push edx 00402E0B push eax 00402E0C call edi 00402E0E push eax 00402E0F call esi 00402E11 movsx ecx,ax 00402E14 xor ebx,ecx ; ebx xor ecx 00402E16 lea edx,dword ptr ss:[ebp-B8] 00402E1C push ebx 00402E1D push edx 00402E1E call dword ptr ds:[<&MSVBVM50.#608>] ; MSVBVM50.rtcVarBstrFromAnsi 00402E24 lea eax,dword ptr ss:[ebp-4C] 00402E27 lea ecx,dword ptr ss:[ebp-B8] 00402E2D push eax 00402E2E lea edx,dword ptr ss:[ebp-C8] 00402E34 push ecx 00402E35 push edx 00402E36 call dword ptr ds:[<&MSVBVM50.__vbaVarCat>] ; MSVBVM50.__vbaVarCat 00402E3C mov edx,eax 00402E3E lea ecx,dword ptr ss:[ebp-4C] 00402E41 call dword ptr ds:[<&MSVBVM50.__vbaVarMove>>; MSVBVM50.__vbaVarMove 00402E47 lea eax,dword ptr ss:[ebp-54] 00402E4A lea ecx,dword ptr ss:[ebp-50] 00402E4D push eax 00402E4E push ecx 00402E4F push 2 00402E51 call dword ptr ds:[<&MSVBVM50.__vbaFreeStrL>; MSVBVM50.__vbaFreeStrList 00402E57 add esp,0C 00402E5A lea edx,dword ptr ss:[ebp-B8] 00402E60 lea eax,dword ptr ss:[ebp-A8] 00402E66 lea ecx,dword ptr ss:[ebp-98] 00402E6C push edx 00402E6D push eax 00402E6E lea edx,dword ptr ss:[ebp-88] 00402E74 push ecx 00402E75 lea eax,dword ptr ss:[ebp-78] 00402E78 push edx 00402E79 lea ecx,dword ptr ss:[ebp-68] 00402E7C push eax 00402E7D push ecx 00402E7E push 6 00402E80 call dword ptr ds:[<&MSVBVM50.__vbaFreeVarL>; MSVBVM50.__vbaFreeVarList 00402E86 mov dx,word ptr ss:[ebp-18] 00402E8A add esp,1C 00402E8D inc dx 00402E8F jo CM2.004030EC 00402E95 mov ebx,dword ptr ds:[<&MSVBVM50.#632>] ; MSVBVM50.rtcMidCharVar 00402E9B mov eax,1 00402EA0 add ax,word ptr ss:[ebp-3C] 00402EA4 mov dword ptr ss:[ebp-18],edx 00402EA7 mov ecx,1 00402EAC jo CM2.004030EC 00402EB2 mov dword ptr ss:[ebp-3C],eax 00402EB5 jmp CM2.00402D80 00402EBA lea eax,dword ptr ss:[ebp-4C] 00402EBD lea ecx,dword ptr ss:[ebp-D8] 00402EC3 push eax 00402EC4 push ecx 00402EC5 mov dword ptr ss:[ebp-D0],CM2.0040259C ; UNICODE "VeiajeEjbavwij" 00402ECF mov dword ptr ss:[ebp-D8],8008 00402ED9 call dword ptr ds:[<&MSVBVM50.__vbaVarTstNe>; MSVBVM50.__vbaVarTstNe 00402EDF test ax,ax 00402EE2 je CM2.00402F89 ; 爆破点 00402EE8 mov esi,dword ptr ds:[<&MSVBVM50.__vbaVarDu>; MSVBVM50.__vbaVarDup 00402EEE mov eax,80020004 ///////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////// 1, 密码 XOR 34 = A 2, A XOR 2000(每一位的16进制,不足就复制一次补足) =B 3, B与固定字符串"VeiajeEjbavwij"比较,相等就注册成功 ///////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////// ------------------------------------------------------------------------ --------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏记录
参与人
雪币
留言
时间
Youlor
为你点赞~
2023-10-19 02:30
伟叔叔
为你点赞~
2023-7-20 00:00
一笑人间万事
为你点赞~
2023-5-18 01:17
心游尘世外
为你点赞~
2023-4-26 00:58
QinBeast
为你点赞~
2023-4-26 00:03
飘零丶
为你点赞~
2023-4-24 02:35
shinratensei
为你点赞~
2023-4-10 01:23
赞赏
他的文章
[原创]AV终结者新变种
17293
[原创]最新机器狗变种分析gr.exe
25278
看原图
赞赏
雪币:
留言: