-
-
[原创]Real Spy Monitor 2.76 算法分析
-
发表于: 2007-10-5 19:31 6571
-
【文章标题】: Real Spy Monitor 2.76 算法分析
【文章作者】: xss517
【作者QQ号】: 251496329
【软件名称】: Real Spy Monitor
【下载地址】: 自己搜索下载
【加壳方式】: 无
【编写语言】: vb6
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
Real Spy Monitor 2.76 注册机
软件大小:1416KB 软件类别:国外软件/系统监视
下载次数:18806 软件授权:共享版
软件语言:英文 运行环境:Win9x/Me/NT/2000/XP/2003
软件评级: 更新时间:2007-9-29 9:08:39
开 发 商:Home Page 联 系 人:未知
Real Spy Monitor是一个监测互联网和个人电脑、以保障其安全的软件。包括键盘敲击、网页站点、视窗开关、程序执行、屏幕扫描以及文件的出入等都是其监控的对象。网络的监视可以纪录的不只是网页的浏览,包含 AOL、ICQ、MSN、AIM、Yahoo Messenger等实时通讯的软件,通通可以留下纪录。此外,还有直接在网页上使用邮件系统的 Web Mail 内容,包含 MSN 和 Hotmail 等等,都可以详细的纪录所有资料
这个东西安装以后会隐藏自己的安装目录,不过我还是打开了它的目录,把主程序winrsm.exe拖进peid
Microsoft Visual Basic 5.0 / 6.0
原来是vb写的东西,我最怕vb这类东西,只好硬着头皮看看
字符串分析插件得到注册
超级字串参考, 条目 817
地址=0046A2D7
反汇编=mov dword ptr [ebp-8C], 0041433C
文本字串=Registration Sucessful,please restart Real Spy Monitor
当然要进去看看,0041433C往上拖,到00469DE0入口处,里面的代码比c编译出来的烦琐的多了
00469DE0 > \55 push ebp
00469DE1 . 8BEC mov ebp, esp
00469DE3 . 83EC 0C sub esp, 0C
00469DE6 . 68 261E4000 push <jmp.&MSVBVM50.__vbaExceptHandl>; SE 处理程序安装
00469DEB . 64:A1 00000000 mov eax, dword ptr fs:[0]
00469DF1 . 50 push eax
00469DF2 . 64:8925 00000000 mov dword ptr fs:[0], esp
00469DF9 . 81EC D8000000 sub esp, 0D8
00469DFF . 53 push ebx
00469E00 . 56 push esi
00469E01 . 57 push edi
00469E02 . 8B7D 08 mov edi, dword ptr [ebp+8]
00469E05 . 8BC7 mov eax, edi
00469E07 . 83E7 FE and edi, FFFFFFFE
00469E0A . 8965 F4 mov dword ptr [ebp-C], esp
00469E0D . 83E0 01 and eax, 1
00469E10 . 8B37 mov esi, dword ptr [edi]
00469E12 . C745 F8 98144000 mov dword ptr [ebp-8], 00401498
00469E19 . 57 push edi
00469E1A . 8945 FC mov dword ptr [ebp-4], eax
00469E1D . 897D 08 mov dword ptr [ebp+8], edi
00469E20 . FF56 04 call dword ptr [esi+4]
00469E23 . 33C0 xor eax, eax
00469E25 . 57 push edi
00469E26 . 8945 E4 mov dword ptr [ebp-1C], eax
00469E29 . 8945 E0 mov dword ptr [ebp-20], eax
00469E2C . 8945 DC mov dword ptr [ebp-24], eax
00469E2F . 8945 D4 mov dword ptr [ebp-2C], eax
00469E32 . 8945 D0 mov dword ptr [ebp-30], eax
00469E35 . 8945 CC mov dword ptr [ebp-34], eax
00469E38 . 8945 C8 mov dword ptr [ebp-38], eax
00469E3B . 8945 C4 mov dword ptr [ebp-3C], eax
00469E3E . 8945 C0 mov dword ptr [ebp-40], eax
00469E41 . 8945 BC mov dword ptr [ebp-44], eax
00469E44 . 8945 AC mov dword ptr [ebp-54], eax
00469E47 . 8945 9C mov dword ptr [ebp-64], eax
00469E4A . 8945 8C mov dword ptr [ebp-74], eax
00469E4D . 8985 7CFFFFFF mov dword ptr [ebp-84], eax
00469E53 . 8985 6CFFFFFF mov dword ptr [ebp-94], eax
00469E59 . FF96 10030000 call dword ptr [esi+310]
00469E5F . 8D4D AC lea ecx, dword ptr [ebp-54]
00469E62 . 8D55 9C lea edx, dword ptr [ebp-64]
00469E65 . 51 push ecx
00469E66 . 52 push edx
00469E67 . 8945 B4 mov dword ptr [ebp-4C], eax
00469E6A . C745 AC 09000000 mov dword ptr [ebp-54], 9
00469E71 . FF15 9C834A00 call dword ptr [<&MSVBVM50.#520>] ; MSVBVM50.rtcTrimVar
00469E77 . 8B35 F8824A00 mov esi, dword ptr [<&MSVBVM50.__vb>; MSVBVM50.__vbaStrVarMove
00469E7D . 8D45 9C lea eax, dword ptr [ebp-64]
00469E80 . 50 push eax
00469E81 . FFD6 call esi ; <&MSVBVM50.__vbaStrVarMove>
00469E83 . 8B3D 44854A00 mov edi, dword ptr [<&MSVBVM50.__vb>; MSVBVM50.__vbaStrMove
00469E89 . 8BD0 mov edx, eax ; 取注册名
00469E8B . 8D4D E4 lea ecx, dword ptr [ebp-1C]
00469E8E . FFD7 call edi ; <&MSVBVM50.__vbaStrMove>
00469E90 . 8B1D 04834A00 mov ebx, dword ptr [<&MSVBVM50.__vb>; MSVBVM50.__vbaFreeVarList
00469E96 . 8D4D 9C lea ecx, dword ptr [ebp-64]
00469E99 . 8D55 AC lea edx, dword ptr [ebp-54]
00469E9C . 51 push ecx
00469E9D . 52 push edx
00469E9E . 6A 02 push 2
00469EA0 . FFD3 call ebx ; <&MSVBVM50.__vbaFreeVarList>
00469EA2 . 83C4 0C add esp, 0C
00469EA5 . 8D8D 6CFFFFFF lea ecx, dword ptr [ebp-94]
00469EAB . 8D55 AC lea edx, dword ptr [ebp-54]
00469EAE . 8D45 E4 lea eax, dword ptr [ebp-1C]
00469EB1 . 51 push ecx
00469EB2 . 52 push edx
00469EB3 . 8985 74FFFFFF mov dword ptr [ebp-8C], eax
00469EB9 . C785 6CFFFFFF 0840>mov dword ptr [ebp-94], 4008 ; 转成大写,vb里面的ucase函数
00469EC3 . FF15 CC834A00 call dword ptr [<&MSVBVM50.#528>] ; MSVBVM50.rtcUpperCaseVar
00469EC9 . 8D45 AC lea eax, dword ptr [ebp-54]
00469ECC . 50 push eax
00469ECD . FFD6 call esi
00469ECF . 8BD0 mov edx, eax
00469ED1 . 8D4D E4 lea ecx, dword ptr [ebp-1C]
00469ED4 . FFD7 call edi
00469ED6 . 8D4D AC lea ecx, dword ptr [ebp-54]
00469ED9 . FF15 F0824A00 call dword ptr [<&MSVBVM50.__vbaFree>; MSVBVM50.__vbaFreeVar
00469EDF . BA BCF04000 mov edx, 0040F0BC
00469EE4 . 8D4D DC lea ecx, dword ptr [ebp-24]
00469EE7 . C745 D8 01000000 mov dword ptr [ebp-28], 1
00469EEE . FF15 C0844A00 call dword ptr [<&MSVBVM50.__vbaStrC>; MSVBVM50.__vbaStrCopy
00469EF4 > 0FBF4D D8 movsx ecx, word ptr [ebp-28]
00469EF8 . 8B55 E4 mov edx, dword ptr [ebp-1C]
00469EFB . 898D 1CFFFFFF mov dword ptr [ebp-E4], ecx
00469F01 . 52 push edx
00469F02 . FF15 F4824A00 call dword ptr [<&MSVBVM50.__vbaLenB>; MSVBVM50.__vbaLenBstr
00469F08 . 8B8D 1CFFFFFF mov ecx, dword ptr [ebp-E4]
00469F0E . 3BC8 cmp ecx, eax
00469F10 . 0F8F 4D010000 jg 0046A063
00469F16 . 8D45 E4 lea eax, dword ptr [ebp-1C]
00469F19 . 8D55 AC lea edx, dword ptr [ebp-54]
00469F1C . 8985 74FFFFFF mov dword ptr [ebp-8C], eax
00469F22 . 52 push edx
00469F23 . 51 push ecx
00469F24 . 8D85 6CFFFFFF lea eax, dword ptr [ebp-94]
00469F2A . 8D4D 9C lea ecx, dword ptr [ebp-64]
00469F2D . 50 push eax
00469F2E . 51 push ecx
00469F2F . C745 B4 01000000 mov dword ptr [ebp-4C], 1
00469F36 . C745 AC 02000000 mov dword ptr [ebp-54], 2
00469F3D . C785 6CFFFFFF 0840>mov dword ptr [ebp-94], 4008
00469F47 . FF15 B8834A00 call dword ptr [<&MSVBVM50.#632>] ; MSVBVM50.rtcMidCharVar
00469F4D . 8D55 9C lea edx, dword ptr [ebp-64]
00469F50 . 52 push edx
00469F51 . FFD6 call esi
00469F53 . 8BD0 mov edx, eax
00469F55 . 8D4D E0 lea ecx, dword ptr [ebp-20]
00469F58 . FFD7 call edi
00469F5A . 8D45 9C lea eax, dword ptr [ebp-64]
00469F5D . 8D4D AC lea ecx, dword ptr [ebp-54]
00469F60 . 50 push eax
00469F61 . 51 push ecx
00469F62 . 6A 02 push 2
00469F64 . FFD3 call ebx
00469F66 . 8B55 E0 mov edx, dword ptr [ebp-20]
00469F69 . 83C4 0C add esp, 0C
00469F6C . 52 push edx
00469F6D . FF15 10834A00 call dword ptr [<&MSVBVM50.#516>] ; MSVBVM50.rtcAnsiValueBstr
00469F73 . 66:8B4D D8 mov cx, word ptr [ebp-28] ; 先将注册名转为大写,再取每一位注册名进行运算
00469F77 . 66:6BC9 06 imul cx, cx, 6 ; cx=6*cx
00469F7B . 0F80 C5050000 jo 0046A546
00469F81 . 66:03C1 add ax, cx ; ax=ax+cx
00469F84 . 0F80 BC050000 jo 0046A546
00469F8A . 66:2D 0F00 sub ax, 0F ; ax=ax-6f
00469F8E . 0F80 B2050000 jo 0046A546
00469F94 . 66:3D 2100 cmp ax, 21 ; 和33比较,是否在asc字符区域
00469F98 . 7C 56 jl short 00469FF0
00469F9A . 66:3D 7E00 cmp ax, 7E ; 和126比较
00469F9E . 7F 4A jg short 00469FEA
00469FA0 . 8B55 DC mov edx, dword ptr [ebp-24]
00469FA3 . 8D4D AC lea ecx, dword ptr [ebp-54]
00469FA6 . 0FBFC0 movsx eax, ax
00469FA9 . 50 push eax
00469FAA . 51 push ecx
00469FAB . 8995 74FFFFFF mov dword ptr [ebp-8C], edx
00469FB1 . C785 6CFFFFFF 0800>mov dword ptr [ebp-94], 8
00469FBB . FF15 64844A00 call dword ptr [<&MSVBVM50.#608>] ; MSVBVM50.rtcVarBstrFromAnsi
00469FC1 . 8D95 6CFFFFFF lea edx, dword ptr [ebp-94]
00469FC7 . 8D45 AC lea eax, dword ptr [ebp-54]
00469FCA . 52 push edx
00469FCB . 8D4D 9C lea ecx, dword ptr [ebp-64]
00469FCE . 50 push eax
00469FCF . 51 push ecx
00469FD0 . FF15 08854A00 call dword ptr [<&MSVBVM50.__vbaVarA>; MSVBVM50.__vbaVarAdd
00469FD6 . 50 push eax
00469FD7 . FFD6 call esi
00469FD9 . 8BD0 mov edx, eax ; 注册码每次连接起来
00469FDB . 8D4D DC lea ecx, dword ptr [ebp-24]
00469FDE . FFD7 call edi
00469FE0 . 8D55 9C lea edx, dword ptr [ebp-64]
00469FE3 . 8D45 AC lea eax, dword ptr [ebp-54]
00469FE6 . 52 push edx
00469FE7 . 50 push eax
00469FE8 . EB 5E jmp short 0046A048
00469FEA > 66:3D 2100 cmp ax, 21
00469FEE . 7D 05 jge short 00469FF5
00469FF0 > B8 65000000 mov eax, 65
00469FF5 > 66:3D 7E00 cmp ax, 7E
00469FF9 . 7E 05 jle short 0046A000
00469FFB . B8 2A000000 mov eax, 2A
0046A000 > 8B4D DC mov ecx, dword ptr [ebp-24]
0046A003 . C785 6CFFFFFF 0800>mov dword ptr [ebp-94], 8
0046A00D . 0FBFD0 movsx edx, ax
0046A010 . 8D45 AC lea eax, dword ptr [ebp-54]
0046A013 . 52 push edx
0046A014 . 50 push eax
0046A015 . 898D 74FFFFFF mov dword ptr [ebp-8C], ecx
0046A01B . FF15 64844A00 call dword ptr [<&MSVBVM50.#608>] ; MSVBVM50.rtcVarBstrFromAnsi
0046A021 . 8D8D 6CFFFFFF lea ecx, dword ptr [ebp-94]
0046A027 . 8D55 AC lea edx, dword ptr [ebp-54]
0046A02A . 51 push ecx
0046A02B . 8D45 9C lea eax, dword ptr [ebp-64]
0046A02E . 52 push edx
0046A02F . 50 push eax
0046A030 . FF15 08854A00 call dword ptr [<&MSVBVM50.__vbaVarA>; MSVBVM50.__vbaVarAdd
0046A036 . 50 push eax
0046A037 . FFD6 call esi
0046A039 . 8BD0 mov edx, eax
0046A03B . 8D4D DC lea ecx, dword ptr [ebp-24]
0046A03E . FFD7 call edi
0046A040 . 8D4D 9C lea ecx, dword ptr [ebp-64]
0046A043 . 8D55 AC lea edx, dword ptr [ebp-54]
0046A046 . 51 push ecx
0046A047 . 52 push edx
0046A048 > 6A 02 push 2
0046A04A . FFD3 call ebx
0046A04C . 66:8B45 D8 mov ax, word ptr [ebp-28]
0046A050 . 83C4 0C add esp, 0C
0046A053 . 66:40 inc ax
0046A055 . 0F80 EB040000 jo 0046A546
0046A05B . 8945 D8 mov dword ptr [ebp-28], eax
0046A05E .^ E9 91FEFFFF jmp 00469EF4
0046A063 > 8B7D 08 mov edi, dword ptr [ebp+8]
0046A066 . 57 push edi
0046A067 . 8B07 mov eax, dword ptr [edi]
0046A069 . 8B80 0C030000 mov eax, dword ptr [eax+30C]
0046A06F . 8985 18FFFFFF mov dword ptr [ebp-E8], eax
0046A075 . FFD0 call eax
0046A077 . 8D4D C0 lea ecx, dword ptr [ebp-40]
0046A07A . 50 push eax
0046A07B . 51 push ecx
0046A07C . FF15 84834A00 call dword ptr [<&MSVBVM50.__vbaObjS>; MSVBVM50.__vbaObjSet
0046A082 . 8BF0 mov esi, eax
0046A084 . 8D45 D4 lea eax, dword ptr [ebp-2C]
0046A087 . 50 push eax
0046A088 . 56 push esi
0046A089 . 8B16 mov edx, dword ptr [esi]
0046A08B . FF92 A0000000 call dword ptr [edx+A0]
0046A091 . 85C0 test eax, eax
0046A093 . 7D 12 jge short 0046A0A7
0046A095 . 68 A0000000 push 0A0
0046A09A . 68 C0F04000 push 0040F0C0
0046A09F . 56 push esi
0046A0A0 . 50 push eax
0046A0A1 . FF15 50834A00 call dword ptr [<&MSVBVM50.__vbaHres>; MSVBVM50.__vbaHresultCheckObj
0046A0A7 > 57 push edi
0046A0A8 . FF95 18FFFFFF call dword ptr [ebp-E8]
0046A0AE . 8D4D BC lea ecx, dword ptr [ebp-44]
0046A0B1 . 50 push eax
0046A0B2 . 51 push ecx
0046A0B3 . FF15 84834A00 call dword ptr [<&MSVBVM50.__vbaObjS>; MSVBVM50.__vbaObjSet
0046A0B9 . 8BF0 mov esi, eax
0046A0BB . 8D45 D0 lea eax, dword ptr [ebp-30]
0046A0BE . 50 push eax
0046A0BF . 56 push esi
0046A0C0 . 8B16 mov edx, dword ptr [esi]
0046A0C2 . FF92 A0000000 call dword ptr [edx+A0]
0046A0C8 . 85C0 test eax, eax
0046A0CA . 7D 12 jge short 0046A0DE
0046A0CC . 68 A0000000 push 0A0
0046A0D1 . 68 C0F04000 push 0040F0C0
0046A0D6 . 56 push esi
0046A0D7 . 50 push eax
0046A0D8 . FF15 50834A00 call dword ptr [<&MSVBVM50.__vbaHres>; MSVBVM50.__vbaHresultCheckObj
0046A0DE > 8B4D D0 mov ecx, dword ptr [ebp-30]
0046A0E1 . 51 push ecx
0046A0E2 . 68 BCF04000 push 0040F0BC
0046A0E7 . FF15 DC834A00 call dword ptr [<&MSVBVM50.__vbaStrC>; MSVBVM50.__vbaStrCmp
0046A0ED . 8B55 D4 mov edx, dword ptr [ebp-2C] ; strcmp注册码的比较
0046A0F0 . 8BF0 mov esi, eax
0046A0F2 . 8B45 DC mov eax, dword ptr [ebp-24]
0046A0F5 . 52 push edx
0046A0F6 . F7DE neg esi
0046A0F8 . 1BF6 sbb esi, esi
0046A0FA . 50 push eax
0046A0FB . F7DE neg esi
0046A0FD . F7DE neg esi
0046A0FF . FF15 DC834A00 call dword ptr [<&MSVBVM50.__vbaStrC>; MSVBVM50.__vbaStrCmp
0046A105 . 8B4D E4 mov ecx, dword ptr [ebp-1C]
0046A108 . F7D8 neg eax
0046A10A . 1BC0 sbb eax, eax
0046A10C . 51 push ecx
0046A10D . 40 inc eax
0046A10E . F7D8 neg eax
0046A110 . 23F0 and esi, eax
0046A112 . FF15 F4824A00 call dword ptr [<&MSVBVM50.__vbaLenB>; MSVBVM50.__vbaLenBstr
0046A118 . 33D2 xor edx, edx
0046A11A . 83F8 08 cmp eax, 8 ; 注册名不小于八位
0046A11D . 8D45 D0 lea eax, dword ptr [ebp-30]
0046A120 . 8D4D D4 lea ecx, dword ptr [ebp-2C]
0046A123 . 0F9DC2 setge dl
0046A126 . 50 push eax
0046A127 . 51 push ecx
0046A128 . F7DA neg edx
0046A12A . 6A 02 push 2
0046A12C . 23F2 and esi, edx
0046A12E . FF15 D0844A00 call dword ptr [<&MSVBVM50.__vbaFree>; MSVBVM50.__vbaFreeStrList
0046A134 . 83C4 0C add esp, 0C
0046A137 . 8D55 BC lea edx, dword ptr [ebp-44]
0046A13A . 8D45 C0 lea eax, dword ptr [ebp-40]
0046A13D . 52 push edx
0046A13E . 50 push eax
0046A13F . 6A 02 push 2
0046A141 . FF15 0C834A00 call dword ptr [<&MSVBVM50.__vbaFree>; MSVBVM50.__vbaFreeObjList
0046A147 . 83C4 0C add esp, 0C
0046A14A . 66:85F6 test si, si
0046A14D 0F84 9B020000 je 0046A3EE ; 不能跳,否则就失败
0046A153 . 8B07 mov eax, dword ptr [edi]
0046A155 . 57 push edi
0046A156 . FF90 10030000 call dword ptr [eax+310]
0046A15C . 8D4D C0 lea ecx, dword ptr [ebp-40]
0046A15F . 50 push eax
0046A160 . 51 push ecx
0046A161 . FF15 84834A00 call dword ptr [<&MSVBVM50.__vbaObjS>; MSVBVM50.__vbaObjSet
0046A167 . 8BF0 mov esi, eax
0046A169 . 8D45 D4 lea eax, dword ptr [ebp-2C]
0046A16C . 50 push eax
0046A16D . 56 push esi
0046A16E . 8B16 mov edx, dword ptr [esi]
0046A170 . FF92 A0000000 call dword ptr [edx+A0]
0046A176 . 85C0 test eax, eax
0046A178 . 7D 12 jge short 0046A18C
0046A17A . 68 A0000000 push 0A0
0046A17F . 68 C0F04000 push 0040F0C0
0046A184 . 56 push esi
0046A185 . 50 push eax
0046A186 . FF15 50834A00 call dword ptr [<&MSVBVM50.__vbaHres>; MSVBVM50.__vbaHresultCheckObj
0046A18C > 8B0D 50B04900 mov ecx, dword ptr [49B050] ; C:\windows\RegisterRSM.ini,注册文件路径出现,看来是重启靠这个来储存注册信息的
0046A192 . 8B35 10854A00 mov esi, dword ptr [<&MSVBVM50.__vb>; MSVBVM50.__vbaStrToAnsi
0046A198 . 8D55 C4 lea edx, dword ptr [ebp-3C]
0046A19B . 51 push ecx
0046A19C . 52 push edx
0046A19D . FFD6 call esi ; <&MSVBVM50.__vbaStrToAnsi>
0046A19F . 50 push eax
0046A1A0 . 8B45 D4 mov eax, dword ptr [ebp-2C]
0046A1A3 . 8D4D C8 lea ecx, dword ptr [ebp-38]
0046A1A6 . 50 push eax
0046A1A7 . 51 push ecx
0046A1A8 . FFD6 call esi
0046A1AA . 50 push eax
0046A1AB . 8D55 CC lea edx, dword ptr [ebp-34]
0046A1AE . 68 EC424100 push 004142EC ; Registration Name
0046A1B3 . 52 push edx
0046A1B4 . FFD6 call esi
0046A1B6 . 50 push eax
0046A1B7 . 8D45 D0 lea eax, dword ptr [ebp-30]
0046A1BA . 68 D8424100 push 004142D8 ; Confirm
0046A1BF . 50 push eax
0046A1C0 . FFD6 call esi
0046A1C2 . 50 push eax
0046A1C3 . E8 185CFAFF call 0040FDE0
0046A1C8 . FF15 44834A00 call dword ptr [<&MSVBVM50.__vbaSetS>; MSVBVM50.__vbaSetSystemError
0046A1CE . 8B4D C4 mov ecx, dword ptr [ebp-3C]
0046A1D1 . 51 push ecx
0046A1D2 . 68 50B04900 push 0049B050
0046A1D7 . FF15 44844A00 call dword ptr [<&MSVBVM50.__vbaStrT>; MSVBVM50.__vbaStrToUnicode
0046A1DD . 8D55 C4 lea edx, dword ptr [ebp-3C]
0046A1E0 . 8D45 C8 lea eax, dword ptr [ebp-38]
0046A1E3 . 52 push edx
0046A1E4 . 8D4D D4 lea ecx, dword ptr [ebp-2C]
0046A1E7 . 50 push eax
0046A1E8 . 8D55 CC lea edx, dword ptr [ebp-34]
0046A1EB . 51 push ecx
0046A1EC . 8D45 D0 lea eax, dword ptr [ebp-30]
0046A1EF . 52 push edx
0046A1F0 . 50 push eax
0046A1F1 . 6A 05 push 5
0046A1F3 . FF15 D0844A00 call dword ptr [<&MSVBVM50.__vbaFree>; MSVBVM50.__vbaFreeStrList
0046A1F9 . 83C4 18 add esp, 18
0046A1FC . 8D4D C0 lea ecx, dword ptr [ebp-40]
0046A1FF . FF15 78854A00 call dword ptr [<&MSVBVM50.__vbaFree>; MSVBVM50.__vbaFreeObj
0046A205 . 57 push edi
0046A206 . FF95 18FFFFFF call dword ptr [ebp-E8]
0046A20C . 8D4D C0 lea ecx, dword ptr [ebp-40]
0046A20F . 50 push eax
0046A210 . 51 push ecx
0046A211 . FF15 84834A00 call dword ptr [<&MSVBVM50.__vbaObjS>; MSVBVM50.__vbaObjSet
0046A217 . 8BF8 mov edi, eax
0046A219 . 8D45 D4 lea eax, dword ptr [ebp-2C]
0046A21C . 50 push eax
0046A21D . 57 push edi
0046A21E . 8B17 mov edx, dword ptr [edi]
0046A220 . FF92 A0000000 call dword ptr [edx+A0]
0046A226 . 85C0 test eax, eax
0046A228 . 7D 12 jge short 0046A23C
0046A22A . 68 A0000000 push 0A0
0046A22F . 68 C0F04000 push 0040F0C0
0046A234 . 57 push edi
0046A235 . 50 push eax
0046A236 . FF15 50834A00 call dword ptr [<&MSVBVM50.__vbaHres>; MSVBVM50.__vbaHresultCheckObj
0046A23C > 8B0D 50B04900 mov ecx, dword ptr [49B050]
0046A242 . 8D55 C4 lea edx, dword ptr [ebp-3C]
0046A245 . 51 push ecx
0046A246 . 52 push edx
0046A247 . FFD6 call esi
0046A249 . 50 push eax
0046A24A . 8B45 D4 mov eax, dword ptr [ebp-2C]
0046A24D . 8D4D C8 lea ecx, dword ptr [ebp-38]
0046A250 . 50 push eax
0046A251 . 51 push ecx
0046A252 . FFD6 call esi
0046A254 . 50 push eax
0046A255 . 8D55 CC lea edx, dword ptr [ebp-34]
0046A258 . 68 14434100 push 00414314 ; Registration Key
0046A25D . 52 push edx
0046A25E . FFD6 call esi
0046A260 . 50 push eax
0046A261 . 8D45 D0 lea eax, dword ptr [ebp-30]
0046A264 . 68 D8424100 push 004142D8 ; Confirm
0046A269 . 50 push eax
0046A26A . FFD6 call esi
0046A26C . 50 push eax
0046A26D . E8 6E5BFAFF call 0040FDE0
0046A272 . FF15 44834A00 call dword ptr [<&MSVBVM50.__vbaSetS>; MSVBVM50.__vbaSetSystemError
0046A278 . 8B4D C4 mov ecx, dword ptr [ebp-3C]
0046A27B . 51 push ecx
0046A27C . 68 50B04900 push 0049B050
0046A281 . FF15 44844A00 call dword ptr [<&MSVBVM50.__vbaStrT>; MSVBVM50.__vbaStrToUnicode
0046A287 . 8D55 C4 lea edx, dword ptr [ebp-3C]
0046A28A . 8D45 C8 lea eax, dword ptr [ebp-38]
0046A28D . 52 push edx
0046A28E . 8D4D D4 lea ecx, dword ptr [ebp-2C]
0046A291 . 50 push eax
0046A292 . 8D55 CC lea edx, dword ptr [ebp-34]
0046A295 . 51 push ecx
0046A296 . 8D45 D0 lea eax, dword ptr [ebp-30]
0046A299 . 52 push edx
0046A29A . 50 push eax
0046A29B . 6A 05 push 5
0046A29D . FF15 D0844A00 call dword ptr [<&MSVBVM50.__vbaFree>; MSVBVM50.__vbaFreeStrList
0046A2A3 . 83C4 18 add esp, 18
0046A2A6 . 8D4D C0 lea ecx, dword ptr [ebp-40]
0046A2A9 . FF15 78854A00 call dword ptr [<&MSVBVM50.__vbaFree>; MSVBVM50.__vbaFreeObj
0046A2AF . B9 04000280 mov ecx, 80020004
0046A2B4 . B8 0A000000 mov eax, 0A
0046A2B9 . 894D 84 mov dword ptr [ebp-7C], ecx
0046A2BC . 894D 94 mov dword ptr [ebp-6C], ecx
0046A2BF . 894D A4 mov dword ptr [ebp-5C], ecx
0046A2C2 . 8D95 6CFFFFFF lea edx, dword ptr [ebp-94]
0046A2C8 . 8D4D AC lea ecx, dword ptr [ebp-54]
0046A2CB . 8985 7CFFFFFF mov dword ptr [ebp-84], eax
0046A2D1 . 8945 8C mov dword ptr [ebp-74], eax
0046A2D4 . 8945 9C mov dword ptr [ebp-64], eax
0046A2D7 . C785 74FFFFFF 3C43>mov dword ptr [ebp-8C], 0041433C ; Registration Sucessful,please restart Real Spy Monitor
0046A2E1 . C785 6CFFFFFF 0800>mov dword ptr [ebp-94], 8
0046A2EB . FF15 0C854A00 call dword ptr [<&MSVBVM50.__vbaVarD>; MSVBVM50.__vbaVarDup
0046A2F1 . 8D8D 7CFFFFFF lea ecx, dword ptr [ebp-84]
0046A2F7 . 8D55 8C lea edx, dword ptr [ebp-74]
0046A2FA . 51 push ecx
0046A2FB . 8D45 9C lea eax, dword ptr [ebp-64]
0046A2FE . 52 push edx
0046A2FF . 50 push eax
0046A300 . 8D4D AC lea ecx, dword ptr [ebp-54]
0046A303 . 6A 40 push 40
0046A305 . 51 push ecx
0046A306 . FF15 80834A00 call dword ptr [<&MSVBVM50.#595>] ; MSVBVM50.rtcMsgBox
0046A30C . 8D95 7CFFFFFF lea edx, dword ptr [ebp-84]
0046A312 . 8D45 8C lea eax, dword ptr [ebp-74]
0046A315 . 52 push edx
0046A316 . 8D4D 9C lea ecx, dword ptr [ebp-64]
0046A319 . 50 push eax
0046A31A . 8D55 AC lea edx, dword ptr [ebp-54]
0046A31D . 51 push ecx
0046A31E . 52 push edx
0046A31F . 6A 04 push 4
0046A321 . FFD3 call ebx
0046A323 . A1 0C0F4A00 mov eax, dword ptr [4A0F0C]
0046A328 . 83C4 14 add esp, 14
0046A32B . 85C0 test eax, eax
0046A32D . 75 10 jnz short 0046A33F
0046A32F . 68 0C0F4A00 push 004A0F0C ; ASCII "宆?
0046A334 . 68 78F04000 push 0040F078
0046A339 . FF15 AC844A00 call dword ptr [<&MSVBVM50.__vbaNew2>; MSVBVM50.__vbaNew2
0046A33F > 8B45 08 mov eax, dword ptr [ebp+8]
0046A342 . 8B35 0C0F4A00 mov esi, dword ptr [4A0F0C]
0046A348 . 8B1D 8C834A00 mov ebx, dword ptr [<&MSVBVM50.__vb>; MSVBVM50.__vbaObjSetAddref
0046A34E . 8D4D C0 lea ecx, dword ptr [ebp-40]
0046A351 . 8B3E mov edi, dword ptr [esi]
0046A353 . 50 push eax
0046A354 . 51 push ecx
0046A355 . FFD3 call ebx ; <&MSVBVM50.__vbaObjSetAddref>
0046A357 . 50 push eax
0046A358 . 56 push esi
0046A359 . FF57 10 call dword ptr [edi+10]
0046A35C . 85C0 test eax, eax
0046A35E . 7D 0F jge short 0046A36F
0046A360 . 6A 10 push 10
0046A362 . 68 68F04000 push 0040F068
0046A367 . 56 push esi
0046A368 . 50 push eax
0046A369 . FF15 50834A00 call dword ptr [<&MSVBVM50.__vbaHres>; MSVBVM50.__vbaHresultCheckObj
0046A36F > 8B3D 78854A00 mov edi, dword ptr [<&MSVBVM50.__vb>; MSVBVM50.__vbaFreeObj
0046A375 . 8D4D C0 lea ecx, dword ptr [ebp-40]
0046A378 . FFD7 call edi ; <&MSVBVM50.__vbaFreeObj>
0046A37A . A1 0C0F4A00 mov eax, dword ptr [4A0F0C]
0046A37F . 85C0 test eax, eax
0046A381 . 75 10 jnz short 0046A393
0046A383 . 68 0C0F4A00 push 004A0F0C ; ASCII "宆?
0046A388 . 68 78F04000 push 0040F078
0046A38D . FF15 AC844A00 call dword ptr [<&MSVBVM50.__vbaNew2>; MSVBVM50.__vbaNew2
0046A393 > A1 ECB34900 mov eax, dword ptr [49B3EC]
0046A398 . 8B35 0C0F4A00 mov esi, dword ptr [4A0F0C]
0046A39E . 85C0 test eax, eax
0046A3A0 . 75 10 jnz short 0046A3B2
0046A3A2 . 68 ECB34900 push 0049B3EC
0046A3A7 . 68 7CA94000 push 0040A97C
0046A3AC . FF15 AC844A00 call dword ptr [<&MSVBVM50.__vbaNew2>; MSVBVM50.__vbaNew2
0046A3B2 > A1 ECB34900 mov eax, dword ptr [49B3EC]
0046A3B7 . 8B16 mov edx, dword ptr [esi]
0046A3B9 . 8D4D C0 lea ecx, dword ptr [ebp-40]
0046A3BC . 50 push eax
0046A3BD . 51 push ecx
0046A3BE . 8995 14FFFFFF mov dword ptr [ebp-EC], edx
0046A3C4 . FFD3 call ebx
0046A3C6 . 8B95 14FFFFFF mov edx, dword ptr [ebp-EC]
0046A3CC . 50 push eax
0046A3CD . 56 push esi
0046A3CE . FF52 10 call dword ptr [edx+10]
0046A3D1 . 85C0 test eax, eax
0046A3D3 . 7D 0F jge short 0046A3E4
0046A3D5 . 6A 10 push 10
0046A3D7 . 68 68F04000 push 0040F068
0046A3DC . 56 push esi
0046A3DD . 50 push eax
0046A3DE . FF15 50834A00 call dword ptr [<&MSVBVM50.__vbaHres>; MSVBVM50.__vbaHresultCheckObj
0046A3E4 > 8D4D C0 lea ecx, dword ptr [ebp-40]
0046A3E7 . FFD7 call edi
0046A3E9 . E9 C4000000 jmp 0046A4B2
0046A3EE > B9 04000280 mov ecx, 80020004
0046A3F3 . B8 0A000000 mov eax, 0A
0046A3F8 . 894D 84 mov dword ptr [ebp-7C], ecx
0046A3FB . 894D 94 mov dword ptr [ebp-6C], ecx
0046A3FE . 894D A4 mov dword ptr [ebp-5C], ecx
0046A401 . 8D95 6CFFFFFF lea edx, dword ptr [ebp-94]
0046A407 . 8D4D AC lea ecx, dword ptr [ebp-54]
0046A40A . 8985 7CFFFFFF mov dword ptr [ebp-84], eax
0046A410 . 8945 8C mov dword ptr [ebp-74], eax
0046A413 . 8945 9C mov dword ptr [ebp-64], eax
0046A416 . C785 74FFFFFF B043>mov dword ptr [ebp-8C], 004143B0 ; Registration Key Wrong
0046A420 . C785 6CFFFFFF 0800>mov dword ptr [ebp-94], 8
0046A42A . FF15 0C854A00 call dword ptr [<&MSVBVM50.__vbaVarD>; MSVBVM50.__vbaVarDup
0046A430 . 8D85 7CFFFFFF lea eax, dword ptr [ebp-84]
0046A436 . 8D4D 8C lea ecx, dword ptr [ebp-74]
算法:首先要求注册名长度不小于八位,并且用Ucase来转为大写字符串
逐位取注册名的asc值+所在位数*6-15=A
判断A是否在7bit的asc字符范围内,如果A小于33则加上101,大于126就跳出,结束
用chr函数将A转换为字符,并且连接起来构成注册码。
Option Explicit
Private Sub Command1_Click()
Dim i As Integer, j As Integer, k As Integer, key As String
For i = 1 To Len(Text1.Text)
j = Asc(UCase(Mid(Text1.Text, i, 1)))
k = 6 * i
j = j + k
j = j - 15
If (j < 33) Then
j = j + 101
End If
If (j > 126) Then
End If
key = key & Chr(j)
Next i
Text2.Text = key
End Sub
注册成功后注册信息放在C:\WINDOWS\RegisterRSM.ini
[Confirm]
Registration Name=xss51720
Registration Key=OPV>@LMQ
--------------------------------------------------------------------------------
【版权声明】: 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
2007年10月05日 PM 07:30:53
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课