-
-
[原创]菜鸟maomaoma的算法练习破文七
-
2006-12-21 22:01
-
【破文标题】菜鸟maomaoma的算法练习破文七
【破文作者】maomaoma
【作者邮箱】
【作者主页】无
【破解工具】OD、PEiD
【破解平台】winxp
【软件名称】**休闲五子棋
【软件大小】926K
【原版下载】
【保护方式】无
【软件简介】五子棋游戏
【破解声明】我是菜鸟,学写破文,还请大侠多多指教:)
【 关键词 】 VB VBExplorer 浮点运算 硬件写入(用关键词我觉得方便大家整理查阅)
------------------------------------------------------------------------
【破解过程】
1、PEiD扫描该软件,为Microsoft Visual Basic 5.0 / 6.0编译
2、VBExplorer反编译,得注册过程起始地址00464FD0
3、OD载入,Ctrl+G,跟随至00464FD0,F2下断点,F9运行,OD断下
(1)真假码比较
00464FD0 55 push ebp ; OD断在此处
00464FD1 8BEC mov ebp, esp
00464FD3 83EC 0C sub esp, 0C
00464FD6 68 16164000 push <jmp.&MSVBVM60.__vbaExceptHandle>
00464FDB 64:A1 00000000 mov eax, fs:[0]
00464FE1 50 push eax
00464FE2 64:8925 0000000>mov fs:[0], esp
00464FE9 81EC 1C010000 sub esp, 11C
00464FEF 53 push ebx
00464FF0 56 push esi
00464FF1 57 push edi
00464FF2 8965 F4 mov [ebp-C], esp
00464FF5 C745 F8 0016400>mov dword ptr [ebp-8], 00401600
00464FFC 8B75 08 mov esi, [ebp+8]
00464FFF 8BC6 mov eax, esi
00465001 83E0 01 and eax, 1
00465004 8945 FC mov [ebp-4], eax
00465007 83E6 FE and esi, FFFFFFFE
0046500A 56 push esi
0046500B 8975 08 mov [ebp+8], esi
0046500E 8B0E mov ecx, [esi]
00465010 FF51 04 call [ecx+4]
00465013 8B15 5C704600 mov edx, [46705C]
00465019 8B0D 58704600 mov ecx, [467058] ; 真注册码入ECX
0046501F 33C0 xor eax, eax
00465021 3BD1 cmp edx, ecx
00465023 8945 E8 mov [ebp-18], eax
00465026 8945 E4 mov [ebp-1C], eax
00465029 8945 E0 mov [ebp-20], eax
0046502C 8945 DC mov [ebp-24], eax
0046502F 8945 CC mov [ebp-34], eax
00465032 8945 BC mov [ebp-44], eax
00465035 8945 AC mov [ebp-54], eax
00465038 8945 9C mov [ebp-64], eax
0046503B 8945 8C mov [ebp-74], eax
0046503E 8985 7CFFFFFF mov [ebp-84], eax
00465044 8985 6CFFFFFF mov [ebp-94], eax
0046504A 8985 5CFFFFFF mov [ebp-A4], eax
00465050 8985 4CFFFFFF mov [ebp-B4], eax
00465056 8985 3CFFFFFF mov [ebp-C4], eax
0046505C 8985 2CFFFFFF mov [ebp-D4], eax
00465062 0F84 C8090000 je 00465A30
00465068 8B06 mov eax, [esi]
0046506A 56 push esi
0046506B FF90 00030000 call [eax+300]
00465071 8B1D 7C104000 mov ebx, [<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
00465077 8D4D E0 lea ecx, [ebp-20]
0046507A 50 push eax
0046507B 51 push ecx
0046507C FFD3 call ebx
0046507E 8BF8 mov edi, eax
00465080 8D45 E8 lea eax, [ebp-18]
00465083 50 push eax
00465084 57 push edi
00465085 8B17 mov edx, [edi]
00465087 FF92 A0000000 call [edx+A0] ; 取假码
0046508D 85C0 test eax, eax
0046508F DBE2 fclex
00465091 7D 12 jge short 004650A5
00465093 68 A0000000 push 0A0
00465098 68 2C134500 push 0045132C
0046509D 57 push edi
0046509E 50 push eax
0046509F FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004650A5 8B4D E8 mov ecx, [ebp-18]
004650A8 51 push ecx
004650A9 68 04064500 push 00450604
004650AE FF15 BC104000 call [<&MSVBVM60.__vbaStrCmp>] ; MSVBVM60.__vbaStrCmp
004650B4 8BF8 mov edi, eax
004650B6 8D4D E8 lea ecx, [ebp-18]
004650B9 F7DF neg edi
004650BB 1BFF sbb edi, edi
004650BD F7DF neg edi
004650BF F7DF neg edi
004650C1 FF15 BC114000 call [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
004650C7 8D4D E0 lea ecx, [ebp-20]
004650CA FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
004650D0 66:85FF test di, di
004650D3 0F84 22080000 je 004658FB
004650D9 8B16 mov edx, [esi]
004650DB 56 push esi
004650DC FF92 00030000 call [edx+300]
004650E2 50 push eax
004650E3 8D45 E0 lea eax, [ebp-20]
004650E6 50 push eax
004650E7 FFD3 call ebx
004650E9 8BF8 mov edi, eax
004650EB 8D55 E8 lea edx, [ebp-18]
004650EE 52 push edx
004650EF 57 push edi
004650F0 8B0F mov ecx, [edi]
004650F2 FF91 A0000000 call [ecx+A0] ; 取假码
004650F8 85C0 test eax, eax
004650FA DBE2 fclex
004650FC 7D 12 jge short 00465110
004650FE 68 A0000000 push 0A0
00465103 68 2C134500 push 0045132C
00465108 57 push edi
00465109 50 push eax
0046510A FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
00465110 8B45 E8 mov eax, [ebp-18]
00465113 C745 E8 0000000>mov dword ptr [ebp-18], 0
0046511A 8945 D4 mov [ebp-2C], eax
0046511D 8D45 CC lea eax, [ebp-34]
00465120 50 push eax
00465121 C745 CC 0800000>mov dword ptr [ebp-34], 8
00465128 FF15 C4104000 call [<&MSVBVM60.#561>] ; MSVBVM60.rtcIsNumeric
0046512E 66:8BF8 mov di, ax
00465131 8D4D E0 lea ecx, [ebp-20]
00465134 F7D7 not edi
00465136 FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
0046513C 8D4D CC lea ecx, [ebp-34]
0046513F FF15 24104000 call [<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
00465145 66:85FF test di, di
00465148 0F84 9D010000 je 004652EB
0046514E BF 0A000000 mov edi, 0A
00465153 B8 04000280 mov eax, 80020004
00465158 897D 9C mov [ebp-64], edi
0046515B 897D AC mov [ebp-54], edi
0046515E 8B3D 80114000 mov edi, [<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
00465164 8D95 3CFFFFFF lea edx, [ebp-C4]
0046516A 8D4D BC lea ecx, [ebp-44]
0046516D 8945 A4 mov [ebp-5C], eax
00465170 8945 B4 mov [ebp-4C], eax
00465173 C785 44FFFFFF 3>mov dword ptr [ebp-BC], 0045093C
0046517D C785 3CFFFFFF 0>mov dword ptr [ebp-C4], 8
00465187 FFD7 call edi
00465189 8D95 4CFFFFFF lea edx, [ebp-B4]
0046518F 8D4D CC lea ecx, [ebp-34]
00465192 C785 54FFFFFF 4>mov dword ptr [ebp-AC], 00451340
0046519C C785 4CFFFFFF 0>mov dword ptr [ebp-B4], 8
004651A6 FFD7 call edi
004651A8 8D4D 9C lea ecx, [ebp-64]
004651AB 8D55 AC lea edx, [ebp-54]
004651AE 51 push ecx
004651AF 8D45 BC lea eax, [ebp-44]
004651B2 52 push edx
004651B3 50 push eax
004651B4 8D4D CC lea ecx, [ebp-34]
004651B7 6A 30 push 30
004651B9 51 push ecx
004651BA FF15 80104000 call [<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
004651C0 8D55 9C lea edx, [ebp-64]
004651C3 8D45 AC lea eax, [ebp-54]
004651C6 52 push edx
004651C7 8D4D BC lea ecx, [ebp-44]
004651CA 50 push eax
004651CB 8D55 CC lea edx, [ebp-34]
004651CE 51 push ecx
004651CF 52 push edx
004651D0 6A 04 push 4
004651D2 FF15 38104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
004651D8 8B06 mov eax, [esi]
004651DA 83C4 14 add esp, 14
004651DD 56 push esi
004651DE FF90 00030000 call [eax+300]
004651E4 8D4D E0 lea ecx, [ebp-20]
004651E7 50 push eax
004651E8 51 push ecx
004651E9 FFD3 call ebx
004651EB 8BF8 mov edi, eax
004651ED 57 push edi
004651EE 8B17 mov edx, [edi]
004651F0 FF92 04020000 call [edx+204]
004651F6 85C0 test eax, eax
004651F8 DBE2 fclex
004651FA 7D 12 jge short 0046520E
004651FC 68 04020000 push 204
00465201 68 2C134500 push 0045132C
00465206 57 push edi
00465207 50 push eax
00465208 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0046520E 8D4D E0 lea ecx, [ebp-20]
00465211 FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00465217 8B06 mov eax, [esi]
00465219 56 push esi
0046521A FF90 00030000 call [eax+300]
00465220 8D4D E0 lea ecx, [ebp-20]
00465223 50 push eax
00465224 51 push ecx
00465225 FFD3 call ebx
00465227 8BF8 mov edi, eax
00465229 6A 00 push 0
0046522B 57 push edi
0046522C 8B17 mov edx, [edi]
0046522E FF92 14010000 call [edx+114]
00465234 85C0 test eax, eax
00465236 DBE2 fclex
00465238 7D 12 jge short 0046524C
0046523A 68 14010000 push 114
0046523F 68 2C134500 push 0045132C
00465244 57 push edi
00465245 50 push eax
00465246 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0046524C 8D4D E0 lea ecx, [ebp-20]
0046524F FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00465255 8B06 mov eax, [esi]
00465257 56 push esi
00465258 FF90 00030000 call [eax+300]
0046525E 8D4D DC lea ecx, [ebp-24]
00465261 50 push eax
00465262 51 push ecx
00465263 FFD3 call ebx
00465265 8B16 mov edx, [esi]
00465267 56 push esi
00465268 8BF8 mov edi, eax
0046526A FF92 00030000 call [edx+300]
00465270 50 push eax
00465271 8D45 E0 lea eax, [ebp-20]
00465274 50 push eax
00465275 FFD3 call ebx
00465277 8BF0 mov esi, eax
00465279 8D55 E8 lea edx, [ebp-18]
0046527C 52 push edx
0046527D 56 push esi
0046527E 8B0E mov ecx, [esi]
00465280 FF91 A0000000 call [ecx+A0]
00465286 85C0 test eax, eax
00465288 DBE2 fclex
0046528A 7D 12 jge short 0046529E
0046528C 68 A0000000 push 0A0
00465291 68 2C134500 push 0045132C
00465296 56 push esi
00465297 50 push eax
00465298 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0046529E 8B45 E8 mov eax, [ebp-18]
004652A1 8B37 mov esi, [edi]
004652A3 50 push eax
004652A4 FF15 28104000 call [<&MSVBVM60.__vbaLenBstr>] ; MSVBVM60.__vbaLenBstr
004652AA 50 push eax
004652AB 57 push edi
004652AC FF96 1C010000 call [esi+11C]
004652B2 85C0 test eax, eax
004652B4 DBE2 fclex
004652B6 7D 12 jge short 004652CA
004652B8 68 1C010000 push 11C
004652BD 68 2C134500 push 0045132C
004652C2 57 push edi
004652C3 50 push eax
004652C4 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004652CA 8D4D E8 lea ecx, [ebp-18]
004652CD FF15 BC114000 call [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
004652D3 8D4D DC lea ecx, [ebp-24]
004652D6 8D55 E0 lea edx, [ebp-20]
004652D9 51 push ecx
004652DA 52 push edx
004652DB 6A 02 push 2
004652DD FF15 4C104000 call [<&MSVBVM60.__vbaFreeObjList>] ; MSVBVM60.__vbaFreeObjList
004652E3 83C4 0C add esp, 0C
004652E6 E9 43070000 jmp 00465A2E
004652EB 8B06 mov eax, [esi]
004652ED 56 push esi
004652EE FF90 00030000 call [eax+300]
004652F4 8D4D E0 lea ecx, [ebp-20]
004652F7 50 push eax
004652F8 51 push ecx
004652F9 FFD3 call ebx
004652FB 8BF8 mov edi, eax
004652FD 8D45 E8 lea eax, [ebp-18]
00465300 50 push eax
00465301 57 push edi
00465302 8B17 mov edx, [edi]
00465304 FF92 A0000000 call [edx+A0] ; 取假码
0046530A 85C0 test eax, eax
0046530C DBE2 fclex
0046530E 7D 12 jge short 00465322
00465310 68 A0000000 push 0A0
00465315 68 2C134500 push 0045132C
0046531A 57 push edi
0046531B 50 push eax
0046531C FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
00465322 8B4D E8 mov ecx, [ebp-18]
00465325 51 push ecx
00465326 FF15 40114000 call [<&MSVBVM60.__vbaR8Str>] ; MSVBVM60.__vbaR8Str
0046532C DB05 58704600 fild dword ptr [467058] ; 真码装入st0
00465332 DD9D E0FEFFFF fstp qword ptr [ebp-120] ; 真码装入st7
00465338 DC9D E0FEFFFF fcomp qword ptr [ebp-120] ; 真假码比较
0046533E DFE0 fstsw ax ; 保存状态子到AX
00465340 F6C4 40 test ah, 40
00465343 74 07 je short 0046534C
00465345 BF 01000000 mov edi, 1
0046534A EB 02 jmp short 0046534E
0046534C 33FF xor edi, edi
0046534E 8D4D E8 lea ecx, [ebp-18]
00465351 FF15 BC114000 call [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
00465357 8D4D E0 lea ecx, [ebp-20]
0046535A FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00465360 F7DF neg edi
00465362 66:85FF test di, di
00465365 0F84 71030000 je 004656DC
0046536B A1 68744600 mov eax, [467468]
00465370 85C0 test eax, eax
00465372 75 10 jnz short 00465384
00465374 68 68744600 push 00467468 ; ASCII ",沐"
00465379 68 F4084500 push 004508F4
0046537E FF15 44114000 call [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00465384 8B3D 68744600 mov edi, [467468]
0046538A 8D45 E0 lea eax, [ebp-20]
0046538D 50 push eax
0046538E 57 push edi
0046538F 8B17 mov edx, [edi]
00465391 FF52 14 call [edx+14]
00465394 85C0 test eax, eax
00465396 DBE2 fclex
00465398 7D 0F jge short 004653A9
0046539A 6A 14 push 14
0046539C 68 90054500 push 00450590
004653A1 57 push edi
004653A2 50 push eax
004653A3 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004653A9 8B45 E0 mov eax, [ebp-20]
004653AC 8D55 E8 lea edx, [ebp-18]
004653AF 52 push edx
004653B0 50 push eax
004653B1 8B08 mov ecx, [eax]
004653B3 8BF8 mov edi, eax
004653B5 FF51 58 call [ecx+58]
004653B8 85C0 test eax, eax
004653BA DBE2 fclex
004653BC 7D 0F jge short 004653CD
004653BE 6A 58 push 58
004653C0 68 04094500 push 00450904
004653C5 57 push edi
004653C6 50 push eax
004653C7 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004653CD 8B06 mov eax, [esi]
004653CF 56 push esi
004653D0 FF90 00030000 call [eax+300]
004653D6 8D4D DC lea ecx, [ebp-24]
004653D9 50 push eax
004653DA 51 push ecx
004653DB FFD3 call ebx
004653DD 8BF8 mov edi, eax
004653DF 8D45 E4 lea eax, [ebp-1C]
004653E2 50 push eax
004653E3 57 push edi
004653E4 8B17 mov edx, [edi]
004653E6 FF92 A0000000 call [edx+A0]
004653EC 85C0 test eax, eax
004653EE DBE2 fclex
004653F0 7D 12 jge short 00465404
004653F2 68 A0000000 push 0A0
004653F7 68 2C134500 push 0045132C
004653FC 57 push edi
004653FD 50 push eax
004653FE FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
00465404 8B4D E4 mov ecx, [ebp-1C]
00465407 8B55 E8 mov edx, [ebp-18]
0046540A 51 push ecx
0046540B 68 5C0A4500 push 00450A5C ; hawk wzq ma
00465410 68 500A4500 push 00450A50 ; zc
00465415 52 push edx
00465416 FF15 08104000 call [<&MSVBVM60.#690>] ; MSVBVM60.rtcSaveSetting
0046541C 8D45 E4 lea eax, [ebp-1C]
0046541F 8D4D E8 lea ecx, [ebp-18]
00465422 50 push eax
00465423 51 push ecx
00465424 6A 02 push 2
00465426 FF15 5C114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0046542C 8D55 DC lea edx, [ebp-24]
0046542F 8D45 E0 lea eax, [ebp-20]
00465432 52 push edx
00465433 50 push eax
00465434 6A 02 push 2
00465436 FF15 4C104000 call [<&MSVBVM60.__vbaFreeObjList>] ; MSVBVM60.__vbaFreeObjList
0046543C 83C4 18 add esp, 18
0046543F BF 0A000000 mov edi, 0A
00465444 8D4D CC lea ecx, [ebp-34]
00465447 57 push edi
00465448 51 push ecx
00465449 FF15 18114000 call [<&MSVBVM60.#608>] ; MSVBVM60.rtcVarBstrFromAnsi
0046544F 8D55 AC lea edx, [ebp-54]
00465452 57 push edi
00465453 52 push edx
00465454 FF15 18114000 call [<&MSVBVM60.#608>] ; MSVBVM60.rtcVarBstrFromAnsi
0046545A 89BD 5CFFFFFF mov [ebp-A4], edi
00465460 89BD 6CFFFFFF mov [ebp-94], edi
00465466 B8 04000280 mov eax, 80020004
0046546B BF 08000000 mov edi, 8
00465470 8D95 2CFFFFFF lea edx, [ebp-D4]
00465476 8D8D 7CFFFFFF lea ecx, [ebp-84]
0046547C 8985 64FFFFFF mov [ebp-9C], eax
00465482 8985 74FFFFFF mov [ebp-8C], eax
00465488 C785 34FFFFFF C>mov dword ptr [ebp-CC], 004505C8 ; ASCII "秀:y"
00465492 89BD 2CFFFFFF mov [ebp-D4], edi
00465498 FF15 80114000 call [<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
0046549E 8D85 5CFFFFFF lea eax, [ebp-A4]
004654A4 8D8D 6CFFFFFF lea ecx, [ebp-94]
004654AA 50 push eax
004654AB 8D95 7CFFFFFF lea edx, [ebp-84]
004654B1 51 push ecx
004654B2 52 push edx
004654B3 8D85 4CFFFFFF lea eax, [ebp-B4]
004654B9 6A 40 push 40
004654BB 8D4D CC lea ecx, [ebp-34]
004654BE 50 push eax
004654BF 8D55 BC lea edx, [ebp-44]
004654C2 89BD 4CFFFFFF mov [ebp-B4], edi
004654C8 89BD 3CFFFFFF mov [ebp-C4], edi
004654CE 8B3D 7C114000 mov edi, [<&MSVBVM60.__vbaVarAdd>] ; MSVBVM60.__vbaVarAdd
004654D4 51 push ecx
004654D5 52 push edx
004654D6 C785 54FFFFFF 6>mov dword ptr [ebp-AC], 00451368
004654E0 C785 44FFFFFF 7>mov dword ptr [ebp-BC], 00451378
004654EA FFD7 call edi
004654EC 50 push eax
004654ED 8D45 AC lea eax, [ebp-54]
004654F0 8D4D 9C lea ecx, [ebp-64]
004654F3 50 push eax
004654F4 51 push ecx
004654F5 FFD7 call edi
004654F7 50 push eax
004654F8 8D95 3CFFFFFF lea edx, [ebp-C4]
004654FE 8D45 8C lea eax, [ebp-74]
00465501 52 push edx
00465502 50 push eax
00465503 FFD7 call edi
00465505 50 push eax
00465506 FF15 80104000 call [<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
0046550C 8D8D 5CFFFFFF lea ecx, [ebp-A4]
00465512 8D95 6CFFFFFF lea edx, [ebp-94]
00465518 51 push ecx
00465519 8D85 7CFFFFFF lea eax, [ebp-84]
0046551F 52 push edx
00465520 8D4D 8C lea ecx, [ebp-74]
00465523 50 push eax
00465524 51 push ecx
00465525 8D55 9C lea edx, [ebp-64]
00465528 8D45 AC lea eax, [ebp-54]
0046552B 52 push edx
0046552C 8D4D BC lea ecx, [ebp-44]
0046552F 50 push eax
00465530 8D55 CC lea edx, [ebp-34]
00465533 51 push ecx
00465534 52 push edx
00465535 6A 08 push 8
00465537 FF15 38104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0046553D A1 10704600 mov eax, [467010]
00465542 83C4 24 add esp, 24
00465545 85C0 test eax, eax
00465547 75 10 jnz short 00465559
00465549 68 10704600 push 00467010
0046554E 68 F4F04400 push 0044F0F4
00465553 FF15 44114000 call [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00465559 A1 10704600 mov eax, [467010]
0046555E 8985 F8FEFFFF mov [ebp-108], eax
00465564 A1 68744600 mov eax, [467468]
00465569 85C0 test eax, eax
0046556B 75 10 jnz short 0046557D
0046556D 68 68744600 push 00467468 ; ASCII ",沐"
00465572 68 F4084500 push 004508F4
00465577 FF15 44114000 call [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
0046557D 8B3D 68744600 mov edi, [467468]
00465583 8D55 E0 lea edx, [ebp-20]
00465586 52 push edx
00465587 57 push edi
00465588 8B0F mov ecx, [edi]
0046558A FF51 14 call [ecx+14]
0046558D 85C0 test eax, eax
0046558F DBE2 fclex
00465591 7D 0F jge short 004655A2
00465593 6A 14 push 14
00465595 68 90054500 push 00450590
0046559A 57 push edi
0046559B 50 push eax
0046559C FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004655A2 8B45 E0 mov eax, [ebp-20]
004655A5 8D55 E8 lea edx, [ebp-18]
004655A8 52 push edx
004655A9 50 push eax
004655AA 8B08 mov ecx, [eax]
004655AC 8BF8 mov edi, eax
004655AE FF51 60 call [ecx+60]
004655B1 85C0 test eax, eax
004655B3 DBE2 fclex
004655B5 7D 0F jge short 004655C6
004655B7 6A 60 push 60
004655B9 68 04094500 push 00450904
004655BE 57 push edi
004655BF 50 push eax
004655C0 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004655C6 8B4D E8 mov ecx, [ebp-18]
004655C9 8B85 F8FEFFFF mov eax, [ebp-108]
004655CF 51 push ecx
004655D0 68 800A4500 push 00450A80 ; UNICODE "========>"
004655D5 8B38 mov edi, [eax]
004655D7 FF15 58104000 call [<&MSVBVM60.__vbaStrCat>] ; MSVBVM60.__vbaStrCat
004655DD 8BD0 mov edx, eax
004655DF 8D4D E4 lea ecx, [ebp-1C]
004655E2 FF15 94114000 call [<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
004655E8 8BD7 mov edx, edi
004655EA 8BBD F8FEFFFF mov edi, [ebp-108]
004655F0 50 push eax
004655F1 57 push edi
004655F2 FF52 54 call [edx+54]
004655F5 85C0 test eax, eax
004655F7 DBE2 fclex
004655F9 7D 0F jge short 0046560A
004655FB 6A 54 push 54
004655FD 68 64014500 push 00450164
00465602 57 push edi
00465603 50 push eax
00465604 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0046560A 8D45 E4 lea eax, [ebp-1C]
0046560D 8D4D E8 lea ecx, [ebp-18]
00465610 50 push eax
00465611 51 push ecx
00465612 6A 02 push 2
00465614 FF15 5C114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0046561A 83C4 0C add esp, 0C
0046561D 8D4D E0 lea ecx, [ebp-20]
00465620 FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00465626 8B16 mov edx, [esi]
00465628 56 push esi
00465629 FF92 00030000 call [edx+300]
0046562F 50 push eax
00465630 8D45 E0 lea eax, [ebp-20]
00465633 50 push eax
00465634 FFD3 call ebx
00465636 8BF8 mov edi, eax
00465638 8D55 E8 lea edx, [ebp-18]
0046563B 52 push edx
0046563C 57 push edi
0046563D 8B0F mov ecx, [edi]
0046563F FF91 A0000000 call [ecx+A0]
00465645 85C0 test eax, eax
00465647 DBE2 fclex
00465649 7D 12 jge short 0046565D
0046564B 68 A0000000 push 0A0
00465650 68 2C134500 push 0045132C
00465655 57 push edi
00465656 50 push eax
00465657 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0046565D 8B45 E8 mov eax, [ebp-18]
00465660 50 push eax
00465661 FF15 58114000 call [<&MSVBVM60.__vbaI4Str>] ; MSVBVM60.__vbaI4Str
00465667 8D4D E8 lea ecx, [ebp-18]
0046566A A3 5C704600 mov [46705C], eax
0046566F FF15 BC114000 call [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
00465675 8B1D B8114000 mov ebx, [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
0046567B 8D4D E0 lea ecx, [ebp-20]
0046567E FFD3 call ebx
00465680 A1 68744600 mov eax, [467468]
00465685 85C0 test eax, eax
00465687 75 10 jnz short 00465699
00465689 68 68744600 push 00467468 ; ASCII ",沐"
0046568E 68 F4084500 push 004508F4
00465693 FF15 44114000 call [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00465699 8B3D 68744600 mov edi, [467468]
0046569F 8D4D E0 lea ecx, [ebp-20]
004656A2 56 push esi
004656A3 51 push ecx
004656A4 8B17 mov edx, [edi]
004656A6 8995 D8FEFFFF mov [ebp-128], edx
004656AC FF15 88104000 call [<&MSVBVM60.__vbaObjSetAddref>] ; MSVBVM60.__vbaObjSetAddref
004656B2 8B95 D8FEFFFF mov edx, [ebp-128]
004656B8 50 push eax
004656B9 57 push edi
004656BA FF52 10 call [edx+10]
004656BD 85C0 test eax, eax
004656BF DBE2 fclex
004656C1 7D 0F jge short 004656D2
004656C3 6A 10 push 10
004656C5 68 90054500 push 00450590
004656CA 57 push edi
004656CB 50 push eax
004656CC FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004656D2 8D4D E0 lea ecx, [ebp-20]
004656D5 FFD3 call ebx
004656D7 E9 52030000 jmp 00465A2E
004656DC 8B06 mov eax, [esi]
004656DE 56 push esi
004656DF FF90 00030000 call [eax+300]
004656E5 8D4D E0 lea ecx, [ebp-20]
004656E8 50 push eax
004656E9 51 push ecx
004656EA FFD3 call ebx
004656EC 8BF8 mov edi, eax
004656EE 8D45 E8 lea eax, [ebp-18]
004656F1 50 push eax
004656F2 57 push edi
004656F3 8B17 mov edx, [edi]
004656F5 FF92 A0000000 call [edx+A0] ; 取假码
004656FB 85C0 test eax, eax
004656FD DBE2 fclex
004656FF 7D 12 jge short 00465713
00465701 68 A0000000 push 0A0
00465706 68 2C134500 push 0045132C
0046570B 57 push edi
0046570C 50 push eax
0046570D FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
00465713 8B4D E8 mov ecx, [ebp-18]
00465716 51 push ecx
00465717 FF15 40114000 call [<&MSVBVM60.__vbaR8Str>] ; MSVBVM60.__vbaR8Str
0046571D DB05 58704600 fild dword ptr [467058] ; 真码装入st0
00465723 DD9D D0FEFFFF fstp qword ptr [ebp-130] ; 真码装入st7
00465729 DC9D D0FEFFFF fcomp qword ptr [ebp-130] ; 真假码比较
0046572F DFE0 fstsw ax ; 保存状态子到AX
00465731 F6C4 40 test ah, 40
00465734 75 07 jnz short 0046573D
00465736 B8 01000000 mov eax, 1
0046573B EB 02 jmp short 0046573F
0046573D 33C0 xor eax, eax
0046573F F7D8 neg eax
00465741 8D4D E8 lea ecx, [ebp-18]
00465744 8BF8 mov edi, eax
00465746 FF15 BC114000 call [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
0046574C 8D4D E0 lea ecx, [ebp-20]
0046574F FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00465755 66:85FF test di, di
00465758 0F84 D0020000 je 00465A2E
0046575E BF 0A000000 mov edi, 0A
00465763 B8 04000280 mov eax, 80020004
00465768 897D 9C mov [ebp-64], edi
0046576B 897D AC mov [ebp-54], edi
0046576E 8B3D 80114000 mov edi, [<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
00465774 8D95 3CFFFFFF lea edx, [ebp-C4]
0046577A 8D4D BC lea ecx, [ebp-44]
0046577D 8945 A4 mov [ebp-5C], eax
00465780 8945 B4 mov [ebp-4C], eax
00465783 C785 44FFFFFF 3>mov dword ptr [ebp-BC], 0045093C
0046578D C785 3CFFFFFF 0>mov dword ptr [ebp-C4], 8
00465797 FFD7 call edi
00465799 8D95 4CFFFFFF lea edx, [ebp-B4]
0046579F 8D4D CC lea ecx, [ebp-34]
004657A2 C785 54FFFFFF 4>mov dword ptr [ebp-AC], 00451340
004657AC C785 4CFFFFFF 0>mov dword ptr [ebp-B4], 8
004657B6 FFD7 call edi
004657B8 8D55 9C lea edx, [ebp-64]
004657BB 8D45 AC lea eax, [ebp-54]
004657BE 52 push edx
004657BF 8D4D BC lea ecx, [ebp-44]
004657C2 50 push eax
004657C3 51 push ecx
004657C4 8D55 CC lea edx, [ebp-34]
004657C7 6A 30 push 30
004657C9 52 push edx
004657CA FF15 80104000 call [<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
004657D0 8D45 9C lea eax, [ebp-64]
004657D3 8D4D AC lea ecx, [ebp-54]
004657D6 50 push eax
004657D7 8D55 BC lea edx, [ebp-44]
004657DA 51 push ecx
004657DB 8D45 CC lea eax, [ebp-34]
004657DE 52 push edx
004657DF 50 push eax
004657E0 6A 04 push 4
(2)追踪真注册码来源
1、根据第一步,得知真码保存于内存[467058],ctrl+F2重新运行程序,在数据窗口,Ctrl+G跟随至00467058,下硬件写入断点
2、F9运行,程序断在系统领空,alt+F9,返回到程序领空如下位置处
0045614D A3 58704600 mov [467058], eax ; eax值(即真码十六进制值)保存于内存00467058处
00456152 FFD6 call esi
00456154 A1 68744600 mov eax, [467468]
00456159 85C0 test eax, eax
0045615B 75 10 jnz short 0045616D
3、向上查看,在
0045612D E8 0EEA0000 call 00464B40 ;
00456132 8BC8 mov ecx, eax
0045612D处下断点
4、重新运行程序,程序断下
0045612D E8 0EEA0000 call 00464B40 ; OD断在此处,此处为机器码计算call
00456132 8BC8 mov ecx, eax
00456134 FF15 74104000 call [<&MSVBVM60.__vbaI4Abs>] ; MSVBVM60.__vbaI4Abs
0045613A 99 cdq
0045613B 2BC2 sub eax, edx ; eax=eax-edx
0045613D 8D4D D4 lea ecx, [ebp-2C]
00456140 D1F8 sar eax, 1 ; eax算术右移
00456142 2D 0EFB2D01 sub eax, 12DFB0E ; eax=eax-12DFB0E
00456147 0F80 45150000 jo 00457692 ; 溢出则跳至程序出错处理部分
0045614D A3 58704600 mov [467058], eax ; eax值(即真码十六进制值)保存于内存00467058处备用
------------------------------------------------------------------------
【破解总结】
1、注册码在程序运行后由机器码计算而来,并保存于内存中;
2、真假码浮点运算比较;
3、注册码以明码形式保存于注册表中。
------------------------------------------------------------------------
【版权声明】本文系作者原创, 转载请注明作者并保持文章的完整, 谢谢!
【破文作者】maomaoma
【作者邮箱】
【作者主页】无
【破解工具】OD、PEiD
【破解平台】winxp
【软件名称】**休闲五子棋
【软件大小】926K
【原版下载】
【保护方式】无
【软件简介】五子棋游戏
【破解声明】我是菜鸟,学写破文,还请大侠多多指教:)
【 关键词 】 VB VBExplorer 浮点运算 硬件写入(用关键词我觉得方便大家整理查阅)
------------------------------------------------------------------------
【破解过程】
1、PEiD扫描该软件,为Microsoft Visual Basic 5.0 / 6.0编译
2、VBExplorer反编译,得注册过程起始地址00464FD0
3、OD载入,Ctrl+G,跟随至00464FD0,F2下断点,F9运行,OD断下
(1)真假码比较
00464FD0 55 push ebp ; OD断在此处
00464FD1 8BEC mov ebp, esp
00464FD3 83EC 0C sub esp, 0C
00464FD6 68 16164000 push <jmp.&MSVBVM60.__vbaExceptHandle>
00464FDB 64:A1 00000000 mov eax, fs:[0]
00464FE1 50 push eax
00464FE2 64:8925 0000000>mov fs:[0], esp
00464FE9 81EC 1C010000 sub esp, 11C
00464FEF 53 push ebx
00464FF0 56 push esi
00464FF1 57 push edi
00464FF2 8965 F4 mov [ebp-C], esp
00464FF5 C745 F8 0016400>mov dword ptr [ebp-8], 00401600
00464FFC 8B75 08 mov esi, [ebp+8]
00464FFF 8BC6 mov eax, esi
00465001 83E0 01 and eax, 1
00465004 8945 FC mov [ebp-4], eax
00465007 83E6 FE and esi, FFFFFFFE
0046500A 56 push esi
0046500B 8975 08 mov [ebp+8], esi
0046500E 8B0E mov ecx, [esi]
00465010 FF51 04 call [ecx+4]
00465013 8B15 5C704600 mov edx, [46705C]
00465019 8B0D 58704600 mov ecx, [467058] ; 真注册码入ECX
0046501F 33C0 xor eax, eax
00465021 3BD1 cmp edx, ecx
00465023 8945 E8 mov [ebp-18], eax
00465026 8945 E4 mov [ebp-1C], eax
00465029 8945 E0 mov [ebp-20], eax
0046502C 8945 DC mov [ebp-24], eax
0046502F 8945 CC mov [ebp-34], eax
00465032 8945 BC mov [ebp-44], eax
00465035 8945 AC mov [ebp-54], eax
00465038 8945 9C mov [ebp-64], eax
0046503B 8945 8C mov [ebp-74], eax
0046503E 8985 7CFFFFFF mov [ebp-84], eax
00465044 8985 6CFFFFFF mov [ebp-94], eax
0046504A 8985 5CFFFFFF mov [ebp-A4], eax
00465050 8985 4CFFFFFF mov [ebp-B4], eax
00465056 8985 3CFFFFFF mov [ebp-C4], eax
0046505C 8985 2CFFFFFF mov [ebp-D4], eax
00465062 0F84 C8090000 je 00465A30
00465068 8B06 mov eax, [esi]
0046506A 56 push esi
0046506B FF90 00030000 call [eax+300]
00465071 8B1D 7C104000 mov ebx, [<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
00465077 8D4D E0 lea ecx, [ebp-20]
0046507A 50 push eax
0046507B 51 push ecx
0046507C FFD3 call ebx
0046507E 8BF8 mov edi, eax
00465080 8D45 E8 lea eax, [ebp-18]
00465083 50 push eax
00465084 57 push edi
00465085 8B17 mov edx, [edi]
00465087 FF92 A0000000 call [edx+A0] ; 取假码
0046508D 85C0 test eax, eax
0046508F DBE2 fclex
00465091 7D 12 jge short 004650A5
00465093 68 A0000000 push 0A0
00465098 68 2C134500 push 0045132C
0046509D 57 push edi
0046509E 50 push eax
0046509F FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004650A5 8B4D E8 mov ecx, [ebp-18]
004650A8 51 push ecx
004650A9 68 04064500 push 00450604
004650AE FF15 BC104000 call [<&MSVBVM60.__vbaStrCmp>] ; MSVBVM60.__vbaStrCmp
004650B4 8BF8 mov edi, eax
004650B6 8D4D E8 lea ecx, [ebp-18]
004650B9 F7DF neg edi
004650BB 1BFF sbb edi, edi
004650BD F7DF neg edi
004650BF F7DF neg edi
004650C1 FF15 BC114000 call [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
004650C7 8D4D E0 lea ecx, [ebp-20]
004650CA FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
004650D0 66:85FF test di, di
004650D3 0F84 22080000 je 004658FB
004650D9 8B16 mov edx, [esi]
004650DB 56 push esi
004650DC FF92 00030000 call [edx+300]
004650E2 50 push eax
004650E3 8D45 E0 lea eax, [ebp-20]
004650E6 50 push eax
004650E7 FFD3 call ebx
004650E9 8BF8 mov edi, eax
004650EB 8D55 E8 lea edx, [ebp-18]
004650EE 52 push edx
004650EF 57 push edi
004650F0 8B0F mov ecx, [edi]
004650F2 FF91 A0000000 call [ecx+A0] ; 取假码
004650F8 85C0 test eax, eax
004650FA DBE2 fclex
004650FC 7D 12 jge short 00465110
004650FE 68 A0000000 push 0A0
00465103 68 2C134500 push 0045132C
00465108 57 push edi
00465109 50 push eax
0046510A FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
00465110 8B45 E8 mov eax, [ebp-18]
00465113 C745 E8 0000000>mov dword ptr [ebp-18], 0
0046511A 8945 D4 mov [ebp-2C], eax
0046511D 8D45 CC lea eax, [ebp-34]
00465120 50 push eax
00465121 C745 CC 0800000>mov dword ptr [ebp-34], 8
00465128 FF15 C4104000 call [<&MSVBVM60.#561>] ; MSVBVM60.rtcIsNumeric
0046512E 66:8BF8 mov di, ax
00465131 8D4D E0 lea ecx, [ebp-20]
00465134 F7D7 not edi
00465136 FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
0046513C 8D4D CC lea ecx, [ebp-34]
0046513F FF15 24104000 call [<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
00465145 66:85FF test di, di
00465148 0F84 9D010000 je 004652EB
0046514E BF 0A000000 mov edi, 0A
00465153 B8 04000280 mov eax, 80020004
00465158 897D 9C mov [ebp-64], edi
0046515B 897D AC mov [ebp-54], edi
0046515E 8B3D 80114000 mov edi, [<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
00465164 8D95 3CFFFFFF lea edx, [ebp-C4]
0046516A 8D4D BC lea ecx, [ebp-44]
0046516D 8945 A4 mov [ebp-5C], eax
00465170 8945 B4 mov [ebp-4C], eax
00465173 C785 44FFFFFF 3>mov dword ptr [ebp-BC], 0045093C
0046517D C785 3CFFFFFF 0>mov dword ptr [ebp-C4], 8
00465187 FFD7 call edi
00465189 8D95 4CFFFFFF lea edx, [ebp-B4]
0046518F 8D4D CC lea ecx, [ebp-34]
00465192 C785 54FFFFFF 4>mov dword ptr [ebp-AC], 00451340
0046519C C785 4CFFFFFF 0>mov dword ptr [ebp-B4], 8
004651A6 FFD7 call edi
004651A8 8D4D 9C lea ecx, [ebp-64]
004651AB 8D55 AC lea edx, [ebp-54]
004651AE 51 push ecx
004651AF 8D45 BC lea eax, [ebp-44]
004651B2 52 push edx
004651B3 50 push eax
004651B4 8D4D CC lea ecx, [ebp-34]
004651B7 6A 30 push 30
004651B9 51 push ecx
004651BA FF15 80104000 call [<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
004651C0 8D55 9C lea edx, [ebp-64]
004651C3 8D45 AC lea eax, [ebp-54]
004651C6 52 push edx
004651C7 8D4D BC lea ecx, [ebp-44]
004651CA 50 push eax
004651CB 8D55 CC lea edx, [ebp-34]
004651CE 51 push ecx
004651CF 52 push edx
004651D0 6A 04 push 4
004651D2 FF15 38104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
004651D8 8B06 mov eax, [esi]
004651DA 83C4 14 add esp, 14
004651DD 56 push esi
004651DE FF90 00030000 call [eax+300]
004651E4 8D4D E0 lea ecx, [ebp-20]
004651E7 50 push eax
004651E8 51 push ecx
004651E9 FFD3 call ebx
004651EB 8BF8 mov edi, eax
004651ED 57 push edi
004651EE 8B17 mov edx, [edi]
004651F0 FF92 04020000 call [edx+204]
004651F6 85C0 test eax, eax
004651F8 DBE2 fclex
004651FA 7D 12 jge short 0046520E
004651FC 68 04020000 push 204
00465201 68 2C134500 push 0045132C
00465206 57 push edi
00465207 50 push eax
00465208 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0046520E 8D4D E0 lea ecx, [ebp-20]
00465211 FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00465217 8B06 mov eax, [esi]
00465219 56 push esi
0046521A FF90 00030000 call [eax+300]
00465220 8D4D E0 lea ecx, [ebp-20]
00465223 50 push eax
00465224 51 push ecx
00465225 FFD3 call ebx
00465227 8BF8 mov edi, eax
00465229 6A 00 push 0
0046522B 57 push edi
0046522C 8B17 mov edx, [edi]
0046522E FF92 14010000 call [edx+114]
00465234 85C0 test eax, eax
00465236 DBE2 fclex
00465238 7D 12 jge short 0046524C
0046523A 68 14010000 push 114
0046523F 68 2C134500 push 0045132C
00465244 57 push edi
00465245 50 push eax
00465246 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0046524C 8D4D E0 lea ecx, [ebp-20]
0046524F FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00465255 8B06 mov eax, [esi]
00465257 56 push esi
00465258 FF90 00030000 call [eax+300]
0046525E 8D4D DC lea ecx, [ebp-24]
00465261 50 push eax
00465262 51 push ecx
00465263 FFD3 call ebx
00465265 8B16 mov edx, [esi]
00465267 56 push esi
00465268 8BF8 mov edi, eax
0046526A FF92 00030000 call [edx+300]
00465270 50 push eax
00465271 8D45 E0 lea eax, [ebp-20]
00465274 50 push eax
00465275 FFD3 call ebx
00465277 8BF0 mov esi, eax
00465279 8D55 E8 lea edx, [ebp-18]
0046527C 52 push edx
0046527D 56 push esi
0046527E 8B0E mov ecx, [esi]
00465280 FF91 A0000000 call [ecx+A0]
00465286 85C0 test eax, eax
00465288 DBE2 fclex
0046528A 7D 12 jge short 0046529E
0046528C 68 A0000000 push 0A0
00465291 68 2C134500 push 0045132C
00465296 56 push esi
00465297 50 push eax
00465298 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0046529E 8B45 E8 mov eax, [ebp-18]
004652A1 8B37 mov esi, [edi]
004652A3 50 push eax
004652A4 FF15 28104000 call [<&MSVBVM60.__vbaLenBstr>] ; MSVBVM60.__vbaLenBstr
004652AA 50 push eax
004652AB 57 push edi
004652AC FF96 1C010000 call [esi+11C]
004652B2 85C0 test eax, eax
004652B4 DBE2 fclex
004652B6 7D 12 jge short 004652CA
004652B8 68 1C010000 push 11C
004652BD 68 2C134500 push 0045132C
004652C2 57 push edi
004652C3 50 push eax
004652C4 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004652CA 8D4D E8 lea ecx, [ebp-18]
004652CD FF15 BC114000 call [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
004652D3 8D4D DC lea ecx, [ebp-24]
004652D6 8D55 E0 lea edx, [ebp-20]
004652D9 51 push ecx
004652DA 52 push edx
004652DB 6A 02 push 2
004652DD FF15 4C104000 call [<&MSVBVM60.__vbaFreeObjList>] ; MSVBVM60.__vbaFreeObjList
004652E3 83C4 0C add esp, 0C
004652E6 E9 43070000 jmp 00465A2E
004652EB 8B06 mov eax, [esi]
004652ED 56 push esi
004652EE FF90 00030000 call [eax+300]
004652F4 8D4D E0 lea ecx, [ebp-20]
004652F7 50 push eax
004652F8 51 push ecx
004652F9 FFD3 call ebx
004652FB 8BF8 mov edi, eax
004652FD 8D45 E8 lea eax, [ebp-18]
00465300 50 push eax
00465301 57 push edi
00465302 8B17 mov edx, [edi]
00465304 FF92 A0000000 call [edx+A0] ; 取假码
0046530A 85C0 test eax, eax
0046530C DBE2 fclex
0046530E 7D 12 jge short 00465322
00465310 68 A0000000 push 0A0
00465315 68 2C134500 push 0045132C
0046531A 57 push edi
0046531B 50 push eax
0046531C FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
00465322 8B4D E8 mov ecx, [ebp-18]
00465325 51 push ecx
00465326 FF15 40114000 call [<&MSVBVM60.__vbaR8Str>] ; MSVBVM60.__vbaR8Str
0046532C DB05 58704600 fild dword ptr [467058] ; 真码装入st0
00465332 DD9D E0FEFFFF fstp qword ptr [ebp-120] ; 真码装入st7
00465338 DC9D E0FEFFFF fcomp qword ptr [ebp-120] ; 真假码比较
0046533E DFE0 fstsw ax ; 保存状态子到AX
00465340 F6C4 40 test ah, 40
00465343 74 07 je short 0046534C
00465345 BF 01000000 mov edi, 1
0046534A EB 02 jmp short 0046534E
0046534C 33FF xor edi, edi
0046534E 8D4D E8 lea ecx, [ebp-18]
00465351 FF15 BC114000 call [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
00465357 8D4D E0 lea ecx, [ebp-20]
0046535A FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00465360 F7DF neg edi
00465362 66:85FF test di, di
00465365 0F84 71030000 je 004656DC
0046536B A1 68744600 mov eax, [467468]
00465370 85C0 test eax, eax
00465372 75 10 jnz short 00465384
00465374 68 68744600 push 00467468 ; ASCII ",沐"
00465379 68 F4084500 push 004508F4
0046537E FF15 44114000 call [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00465384 8B3D 68744600 mov edi, [467468]
0046538A 8D45 E0 lea eax, [ebp-20]
0046538D 50 push eax
0046538E 57 push edi
0046538F 8B17 mov edx, [edi]
00465391 FF52 14 call [edx+14]
00465394 85C0 test eax, eax
00465396 DBE2 fclex
00465398 7D 0F jge short 004653A9
0046539A 6A 14 push 14
0046539C 68 90054500 push 00450590
004653A1 57 push edi
004653A2 50 push eax
004653A3 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004653A9 8B45 E0 mov eax, [ebp-20]
004653AC 8D55 E8 lea edx, [ebp-18]
004653AF 52 push edx
004653B0 50 push eax
004653B1 8B08 mov ecx, [eax]
004653B3 8BF8 mov edi, eax
004653B5 FF51 58 call [ecx+58]
004653B8 85C0 test eax, eax
004653BA DBE2 fclex
004653BC 7D 0F jge short 004653CD
004653BE 6A 58 push 58
004653C0 68 04094500 push 00450904
004653C5 57 push edi
004653C6 50 push eax
004653C7 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004653CD 8B06 mov eax, [esi]
004653CF 56 push esi
004653D0 FF90 00030000 call [eax+300]
004653D6 8D4D DC lea ecx, [ebp-24]
004653D9 50 push eax
004653DA 51 push ecx
004653DB FFD3 call ebx
004653DD 8BF8 mov edi, eax
004653DF 8D45 E4 lea eax, [ebp-1C]
004653E2 50 push eax
004653E3 57 push edi
004653E4 8B17 mov edx, [edi]
004653E6 FF92 A0000000 call [edx+A0]
004653EC 85C0 test eax, eax
004653EE DBE2 fclex
004653F0 7D 12 jge short 00465404
004653F2 68 A0000000 push 0A0
004653F7 68 2C134500 push 0045132C
004653FC 57 push edi
004653FD 50 push eax
004653FE FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
00465404 8B4D E4 mov ecx, [ebp-1C]
00465407 8B55 E8 mov edx, [ebp-18]
0046540A 51 push ecx
0046540B 68 5C0A4500 push 00450A5C ; hawk wzq ma
00465410 68 500A4500 push 00450A50 ; zc
00465415 52 push edx
00465416 FF15 08104000 call [<&MSVBVM60.#690>] ; MSVBVM60.rtcSaveSetting
0046541C 8D45 E4 lea eax, [ebp-1C]
0046541F 8D4D E8 lea ecx, [ebp-18]
00465422 50 push eax
00465423 51 push ecx
00465424 6A 02 push 2
00465426 FF15 5C114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0046542C 8D55 DC lea edx, [ebp-24]
0046542F 8D45 E0 lea eax, [ebp-20]
00465432 52 push edx
00465433 50 push eax
00465434 6A 02 push 2
00465436 FF15 4C104000 call [<&MSVBVM60.__vbaFreeObjList>] ; MSVBVM60.__vbaFreeObjList
0046543C 83C4 18 add esp, 18
0046543F BF 0A000000 mov edi, 0A
00465444 8D4D CC lea ecx, [ebp-34]
00465447 57 push edi
00465448 51 push ecx
00465449 FF15 18114000 call [<&MSVBVM60.#608>] ; MSVBVM60.rtcVarBstrFromAnsi
0046544F 8D55 AC lea edx, [ebp-54]
00465452 57 push edi
00465453 52 push edx
00465454 FF15 18114000 call [<&MSVBVM60.#608>] ; MSVBVM60.rtcVarBstrFromAnsi
0046545A 89BD 5CFFFFFF mov [ebp-A4], edi
00465460 89BD 6CFFFFFF mov [ebp-94], edi
00465466 B8 04000280 mov eax, 80020004
0046546B BF 08000000 mov edi, 8
00465470 8D95 2CFFFFFF lea edx, [ebp-D4]
00465476 8D8D 7CFFFFFF lea ecx, [ebp-84]
0046547C 8985 64FFFFFF mov [ebp-9C], eax
00465482 8985 74FFFFFF mov [ebp-8C], eax
00465488 C785 34FFFFFF C>mov dword ptr [ebp-CC], 004505C8 ; ASCII "秀:y"
00465492 89BD 2CFFFFFF mov [ebp-D4], edi
00465498 FF15 80114000 call [<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
0046549E 8D85 5CFFFFFF lea eax, [ebp-A4]
004654A4 8D8D 6CFFFFFF lea ecx, [ebp-94]
004654AA 50 push eax
004654AB 8D95 7CFFFFFF lea edx, [ebp-84]
004654B1 51 push ecx
004654B2 52 push edx
004654B3 8D85 4CFFFFFF lea eax, [ebp-B4]
004654B9 6A 40 push 40
004654BB 8D4D CC lea ecx, [ebp-34]
004654BE 50 push eax
004654BF 8D55 BC lea edx, [ebp-44]
004654C2 89BD 4CFFFFFF mov [ebp-B4], edi
004654C8 89BD 3CFFFFFF mov [ebp-C4], edi
004654CE 8B3D 7C114000 mov edi, [<&MSVBVM60.__vbaVarAdd>] ; MSVBVM60.__vbaVarAdd
004654D4 51 push ecx
004654D5 52 push edx
004654D6 C785 54FFFFFF 6>mov dword ptr [ebp-AC], 00451368
004654E0 C785 44FFFFFF 7>mov dword ptr [ebp-BC], 00451378
004654EA FFD7 call edi
004654EC 50 push eax
004654ED 8D45 AC lea eax, [ebp-54]
004654F0 8D4D 9C lea ecx, [ebp-64]
004654F3 50 push eax
004654F4 51 push ecx
004654F5 FFD7 call edi
004654F7 50 push eax
004654F8 8D95 3CFFFFFF lea edx, [ebp-C4]
004654FE 8D45 8C lea eax, [ebp-74]
00465501 52 push edx
00465502 50 push eax
00465503 FFD7 call edi
00465505 50 push eax
00465506 FF15 80104000 call [<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
0046550C 8D8D 5CFFFFFF lea ecx, [ebp-A4]
00465512 8D95 6CFFFFFF lea edx, [ebp-94]
00465518 51 push ecx
00465519 8D85 7CFFFFFF lea eax, [ebp-84]
0046551F 52 push edx
00465520 8D4D 8C lea ecx, [ebp-74]
00465523 50 push eax
00465524 51 push ecx
00465525 8D55 9C lea edx, [ebp-64]
00465528 8D45 AC lea eax, [ebp-54]
0046552B 52 push edx
0046552C 8D4D BC lea ecx, [ebp-44]
0046552F 50 push eax
00465530 8D55 CC lea edx, [ebp-34]
00465533 51 push ecx
00465534 52 push edx
00465535 6A 08 push 8
00465537 FF15 38104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0046553D A1 10704600 mov eax, [467010]
00465542 83C4 24 add esp, 24
00465545 85C0 test eax, eax
00465547 75 10 jnz short 00465559
00465549 68 10704600 push 00467010
0046554E 68 F4F04400 push 0044F0F4
00465553 FF15 44114000 call [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00465559 A1 10704600 mov eax, [467010]
0046555E 8985 F8FEFFFF mov [ebp-108], eax
00465564 A1 68744600 mov eax, [467468]
00465569 85C0 test eax, eax
0046556B 75 10 jnz short 0046557D
0046556D 68 68744600 push 00467468 ; ASCII ",沐"
00465572 68 F4084500 push 004508F4
00465577 FF15 44114000 call [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
0046557D 8B3D 68744600 mov edi, [467468]
00465583 8D55 E0 lea edx, [ebp-20]
00465586 52 push edx
00465587 57 push edi
00465588 8B0F mov ecx, [edi]
0046558A FF51 14 call [ecx+14]
0046558D 85C0 test eax, eax
0046558F DBE2 fclex
00465591 7D 0F jge short 004655A2
00465593 6A 14 push 14
00465595 68 90054500 push 00450590
0046559A 57 push edi
0046559B 50 push eax
0046559C FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004655A2 8B45 E0 mov eax, [ebp-20]
004655A5 8D55 E8 lea edx, [ebp-18]
004655A8 52 push edx
004655A9 50 push eax
004655AA 8B08 mov ecx, [eax]
004655AC 8BF8 mov edi, eax
004655AE FF51 60 call [ecx+60]
004655B1 85C0 test eax, eax
004655B3 DBE2 fclex
004655B5 7D 0F jge short 004655C6
004655B7 6A 60 push 60
004655B9 68 04094500 push 00450904
004655BE 57 push edi
004655BF 50 push eax
004655C0 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004655C6 8B4D E8 mov ecx, [ebp-18]
004655C9 8B85 F8FEFFFF mov eax, [ebp-108]
004655CF 51 push ecx
004655D0 68 800A4500 push 00450A80 ; UNICODE "========>"
004655D5 8B38 mov edi, [eax]
004655D7 FF15 58104000 call [<&MSVBVM60.__vbaStrCat>] ; MSVBVM60.__vbaStrCat
004655DD 8BD0 mov edx, eax
004655DF 8D4D E4 lea ecx, [ebp-1C]
004655E2 FF15 94114000 call [<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
004655E8 8BD7 mov edx, edi
004655EA 8BBD F8FEFFFF mov edi, [ebp-108]
004655F0 50 push eax
004655F1 57 push edi
004655F2 FF52 54 call [edx+54]
004655F5 85C0 test eax, eax
004655F7 DBE2 fclex
004655F9 7D 0F jge short 0046560A
004655FB 6A 54 push 54
004655FD 68 64014500 push 00450164
00465602 57 push edi
00465603 50 push eax
00465604 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0046560A 8D45 E4 lea eax, [ebp-1C]
0046560D 8D4D E8 lea ecx, [ebp-18]
00465610 50 push eax
00465611 51 push ecx
00465612 6A 02 push 2
00465614 FF15 5C114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0046561A 83C4 0C add esp, 0C
0046561D 8D4D E0 lea ecx, [ebp-20]
00465620 FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00465626 8B16 mov edx, [esi]
00465628 56 push esi
00465629 FF92 00030000 call [edx+300]
0046562F 50 push eax
00465630 8D45 E0 lea eax, [ebp-20]
00465633 50 push eax
00465634 FFD3 call ebx
00465636 8BF8 mov edi, eax
00465638 8D55 E8 lea edx, [ebp-18]
0046563B 52 push edx
0046563C 57 push edi
0046563D 8B0F mov ecx, [edi]
0046563F FF91 A0000000 call [ecx+A0]
00465645 85C0 test eax, eax
00465647 DBE2 fclex
00465649 7D 12 jge short 0046565D
0046564B 68 A0000000 push 0A0
00465650 68 2C134500 push 0045132C
00465655 57 push edi
00465656 50 push eax
00465657 FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0046565D 8B45 E8 mov eax, [ebp-18]
00465660 50 push eax
00465661 FF15 58114000 call [<&MSVBVM60.__vbaI4Str>] ; MSVBVM60.__vbaI4Str
00465667 8D4D E8 lea ecx, [ebp-18]
0046566A A3 5C704600 mov [46705C], eax
0046566F FF15 BC114000 call [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
00465675 8B1D B8114000 mov ebx, [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
0046567B 8D4D E0 lea ecx, [ebp-20]
0046567E FFD3 call ebx
00465680 A1 68744600 mov eax, [467468]
00465685 85C0 test eax, eax
00465687 75 10 jnz short 00465699
00465689 68 68744600 push 00467468 ; ASCII ",沐"
0046568E 68 F4084500 push 004508F4
00465693 FF15 44114000 call [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00465699 8B3D 68744600 mov edi, [467468]
0046569F 8D4D E0 lea ecx, [ebp-20]
004656A2 56 push esi
004656A3 51 push ecx
004656A4 8B17 mov edx, [edi]
004656A6 8995 D8FEFFFF mov [ebp-128], edx
004656AC FF15 88104000 call [<&MSVBVM60.__vbaObjSetAddref>] ; MSVBVM60.__vbaObjSetAddref
004656B2 8B95 D8FEFFFF mov edx, [ebp-128]
004656B8 50 push eax
004656B9 57 push edi
004656BA FF52 10 call [edx+10]
004656BD 85C0 test eax, eax
004656BF DBE2 fclex
004656C1 7D 0F jge short 004656D2
004656C3 6A 10 push 10
004656C5 68 90054500 push 00450590
004656CA 57 push edi
004656CB 50 push eax
004656CC FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004656D2 8D4D E0 lea ecx, [ebp-20]
004656D5 FFD3 call ebx
004656D7 E9 52030000 jmp 00465A2E
004656DC 8B06 mov eax, [esi]
004656DE 56 push esi
004656DF FF90 00030000 call [eax+300]
004656E5 8D4D E0 lea ecx, [ebp-20]
004656E8 50 push eax
004656E9 51 push ecx
004656EA FFD3 call ebx
004656EC 8BF8 mov edi, eax
004656EE 8D45 E8 lea eax, [ebp-18]
004656F1 50 push eax
004656F2 57 push edi
004656F3 8B17 mov edx, [edi]
004656F5 FF92 A0000000 call [edx+A0] ; 取假码
004656FB 85C0 test eax, eax
004656FD DBE2 fclex
004656FF 7D 12 jge short 00465713
00465701 68 A0000000 push 0A0
00465706 68 2C134500 push 0045132C
0046570B 57 push edi
0046570C 50 push eax
0046570D FF15 60104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
00465713 8B4D E8 mov ecx, [ebp-18]
00465716 51 push ecx
00465717 FF15 40114000 call [<&MSVBVM60.__vbaR8Str>] ; MSVBVM60.__vbaR8Str
0046571D DB05 58704600 fild dword ptr [467058] ; 真码装入st0
00465723 DD9D D0FEFFFF fstp qword ptr [ebp-130] ; 真码装入st7
00465729 DC9D D0FEFFFF fcomp qword ptr [ebp-130] ; 真假码比较
0046572F DFE0 fstsw ax ; 保存状态子到AX
00465731 F6C4 40 test ah, 40
00465734 75 07 jnz short 0046573D
00465736 B8 01000000 mov eax, 1
0046573B EB 02 jmp short 0046573F
0046573D 33C0 xor eax, eax
0046573F F7D8 neg eax
00465741 8D4D E8 lea ecx, [ebp-18]
00465744 8BF8 mov edi, eax
00465746 FF15 BC114000 call [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
0046574C 8D4D E0 lea ecx, [ebp-20]
0046574F FF15 B8114000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00465755 66:85FF test di, di
00465758 0F84 D0020000 je 00465A2E
0046575E BF 0A000000 mov edi, 0A
00465763 B8 04000280 mov eax, 80020004
00465768 897D 9C mov [ebp-64], edi
0046576B 897D AC mov [ebp-54], edi
0046576E 8B3D 80114000 mov edi, [<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
00465774 8D95 3CFFFFFF lea edx, [ebp-C4]
0046577A 8D4D BC lea ecx, [ebp-44]
0046577D 8945 A4 mov [ebp-5C], eax
00465780 8945 B4 mov [ebp-4C], eax
00465783 C785 44FFFFFF 3>mov dword ptr [ebp-BC], 0045093C
0046578D C785 3CFFFFFF 0>mov dword ptr [ebp-C4], 8
00465797 FFD7 call edi
00465799 8D95 4CFFFFFF lea edx, [ebp-B4]
0046579F 8D4D CC lea ecx, [ebp-34]
004657A2 C785 54FFFFFF 4>mov dword ptr [ebp-AC], 00451340
004657AC C785 4CFFFFFF 0>mov dword ptr [ebp-B4], 8
004657B6 FFD7 call edi
004657B8 8D55 9C lea edx, [ebp-64]
004657BB 8D45 AC lea eax, [ebp-54]
004657BE 52 push edx
004657BF 8D4D BC lea ecx, [ebp-44]
004657C2 50 push eax
004657C3 51 push ecx
004657C4 8D55 CC lea edx, [ebp-34]
004657C7 6A 30 push 30
004657C9 52 push edx
004657CA FF15 80104000 call [<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
004657D0 8D45 9C lea eax, [ebp-64]
004657D3 8D4D AC lea ecx, [ebp-54]
004657D6 50 push eax
004657D7 8D55 BC lea edx, [ebp-44]
004657DA 51 push ecx
004657DB 8D45 CC lea eax, [ebp-34]
004657DE 52 push edx
004657DF 50 push eax
004657E0 6A 04 push 4
(2)追踪真注册码来源
1、根据第一步,得知真码保存于内存[467058],ctrl+F2重新运行程序,在数据窗口,Ctrl+G跟随至00467058,下硬件写入断点
2、F9运行,程序断在系统领空,alt+F9,返回到程序领空如下位置处
0045614D A3 58704600 mov [467058], eax ; eax值(即真码十六进制值)保存于内存00467058处
00456152 FFD6 call esi
00456154 A1 68744600 mov eax, [467468]
00456159 85C0 test eax, eax
0045615B 75 10 jnz short 0045616D
3、向上查看,在
0045612D E8 0EEA0000 call 00464B40 ;
00456132 8BC8 mov ecx, eax
0045612D处下断点
4、重新运行程序,程序断下
0045612D E8 0EEA0000 call 00464B40 ; OD断在此处,此处为机器码计算call
00456132 8BC8 mov ecx, eax
00456134 FF15 74104000 call [<&MSVBVM60.__vbaI4Abs>] ; MSVBVM60.__vbaI4Abs
0045613A 99 cdq
0045613B 2BC2 sub eax, edx ; eax=eax-edx
0045613D 8D4D D4 lea ecx, [ebp-2C]
00456140 D1F8 sar eax, 1 ; eax算术右移
00456142 2D 0EFB2D01 sub eax, 12DFB0E ; eax=eax-12DFB0E
00456147 0F80 45150000 jo 00457692 ; 溢出则跳至程序出错处理部分
0045614D A3 58704600 mov [467058], eax ; eax值(即真码十六进制值)保存于内存00467058处备用
------------------------------------------------------------------------
【破解总结】
1、注册码在程序运行后由机器码计算而来,并保存于内存中;
2、真假码浮点运算比较;
3、注册码以明码形式保存于注册表中。
------------------------------------------------------------------------
【版权声明】本文系作者原创, 转载请注明作者并保持文章的完整, 谢谢!
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界
