山东农业大学论坛

标题: 让程序自己显示注册码 [打印本页]

作者: xiaoneihaoge 时间: 2011-4-9 16:04:06 标题: 让程序自己显示注册码

【文章标题】: 让程序自己显示注册码
【加壳方式】: ASPack 2.11
【保护方式】: 重起验证
【编写语言】: VB
【使用工具】: OD PEID
【操作平台】: XP sp2
【作者声明】: 只是感兴趣，没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
  先用PEID 查壳是ASPack 2.11  就用自带的插件PEID Generic unpacker脱它，再查得是VB语言编写的。用OD 载入脱壳后的
  程序超级字符串参考找到RegCodeTrue 在汇编代码中跟随来到  向下找关键跳转
  0042D0C1  .  68 C89D4000 PUSH CODE_u.00409DC8                   ;  UNICODE "RegCodeTrue"
  0042D0C6  .  68 BC9D4000 PUSH CODE_u.00409DBC                   ;  UNICODE "Reg"
  0042D0CB  .  8908       MOV DWORD PTR DS:[EAX],ECX
  0042D0CD  .  8B8D 1CFFFFFF  MOV ECX,DWORD PTR SS:[EBP-E4]
  0042D0D3  .  68 849D4000 PUSH CODE_u.00409D84          ;  UNICODE "Stock-Star-Website\Code41"
  0042D0D8  .  8950 04       MOV DWORD PTR DS:[EAX+4],EDX
  0042D0DB  .  8B95 20FFFFFF  MOV EDX,DWORD PTR SS:[EBP-E0]
  0042D0E1  .  8948 08       MOV DWORD PTR DS:[EAX+8],ECX
  0042D0E4  .  8950 0C       MOV DWORD PTR DS:[EAX+C],EDX
  0042D0E7  .  FF15 CCF34300  CALL DWORD PTR DS:[<&MSVBVM50.#689>] ;  MSVBVM50.rtcGetSetting
  0042D0ED  .  8BD0       MOV EDX,EAX
  0042D0EF  .  8D8D 38FFFFFF  LEA ECX,DWORD PTR SS:[EBP-C8]
  0042D0F5  .  FF15 04F44300  CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrMo>;  MSVBVM50.__vbaStrMove
  0042D0FB  .  50          PUSH EAX
  0042D0FC  .  FF15 30F44300  CALL DWORD PTR DS:[<&MSVBVM50.#581>] ;  MSVBVM50.rtcR8ValFromBstr
  0042D102  .  DD9D ECFEFFFF  FSTP QWORD PTR SS:[EBP-114]
  0042D108  .  8D95 E4FEFFFF  LEA EDX,DWORD PTR SS:[EBP-11C]
  0042D10E  .  8D4D CC       LEA ECX,DWORD PTR SS:[EBP-34]
  0042D111  .  C785 E4FEFFFF >MOV DWORD PTR SS:[EBP-11C],5
  0042D11B  .  FFD6       CALL ESI
  0042D11D  .  8D8D 38FFFFFF  LEA ECX,DWORD PTR SS:[EBP-C8]
  0042D123  .  FF15 28F44300  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;  MSVBVM50.__vbaFreeStr
  0042D129  .  8D85 14FFFFFF  LEA EAX,DWORD PTR SS:[EBP-EC]
  0042D12F  .  8D8D 24FFFFFF  LEA ECX,DWORD PTR SS:[EBP-DC]
  0042D135  .  50          PUSH EAX
  0042D136  .  51          PUSH ECX
  0042D137  .  6A 02       PUSH 2
  0042D139  .  FF15 64F24300  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>;  MSVBVM50.__vbaFreeVarList
  0042D13F  .  83C4 0C       ADD ESP,0C
  0042D142  .  8D95 3CFFFFFF  LEA EDX,DWORD PTR SS:[EBP-C4]
  0042D148  .  8D85 6CFFFFFF  LEA EAX,DWORD PTR SS:[EBP-94]
  0042D14E  .  8D8D 24FFFFFF  LEA ECX,DWORD PTR SS:[EBP-DC]
  0042D154  .  52          PUSH EDX
  0042D155  .  50          PUSH EAX
  0042D156  .  51          PUSH ECX
  0042D157  .  FF15 D4F34300  CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarAd>;  MSVBVM50.__vbaVarAdd
  0042D15D  .  50          PUSH EAX
  0042D15E  .  8D95 6CFFFFFF  LEA EDX,DWORD PTR SS:[EBP-94]
  0042D164  .  8D85 14FFFFFF  LEA EAX,DWORD PTR SS:[EBP-EC]
  0042D16A  .  52          PUSH EDX
  0042D16B  .  50          PUSH EAX
  0042D16C  .  FF15 A4F24300  CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarXo>;  MSVBVM50.__vbaVarXor
  0042D172  .  8BD0       MOV EDX,EAX
  0042D174  .  8D8D 4CFFFFFF  LEA ECX,DWORD PTR SS:[EBP-B4]
  0042D17A  .  FFD6       CALL ESI
  0042D17C  .  8D8D 24FFFFFF  LEA ECX,DWORD PTR SS:[EBP-DC]
  0042D182  .  FF15 50F24300  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>;  MSVBVM50.__vbaFreeVar
  0042D188  .  8D4D CC       LEA ECX,DWORD PTR SS:[EBP-34]
  0042D18B  .  8D95 4CFFFFFF  LEA EDX,DWORD PTR SS:[EBP-B4]
  0042D191  .  51          PUSH ECX
  0042D192  .  52          PUSH EDX
  0042D193  .  FF15 0CF34300  CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarTs>;  MSVBVM50.__vbaVarTstEq
  0042D199  .  66:85C0       TEST AX,AX
  0042D19C  .  0F84 C8000000  JE CODE_u.0042D26A / /将此处NOP 掉保存就可以在注册窗口显示注册码
  0042D1A2  .  8B85 CCFEFFFF  MOV EAX,DWORD PTR SS:[EBP-134]
  0042D1A8  .  53          PUSH EBX
  0042D1A9  .  FF90 18030000  CALL DWORD PTR DS:[EAX+318]
  0042D1AF  .  8D8D 34FFFFFF  LEA ECX,DWORD PTR SS:[EBP-CC]
  0042D1B5  .  50          PUSH EAX
  0042D1B6  .  51          PUSH ECX
  0042D1B7  .  FF15 B4F24300  CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;  MSVBVM50.__vbaObjSet
  0042D1BD  .  8B30       MOV ESI,DWORD PTR DS:[EAX]
  0042D1BF  .  8985 DCFEFFFF  MOV DWORD PTR SS:[EBP-124],EAX
  0042D1C5  .  8D95 4CFFFFFF  LEA EDX,DWORD PTR SS:[EBP-B4]
  0042D1CB  .  8D85 38FFFFFF  LEA EAX,DWORD PTR SS:[EBP-C8]
  0042D1D1  .  52          PUSH EDX
  0042D1D2  .  50          PUSH EAX
  0042D1D3  .  FF15 74F34300  CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>;  MSVBVM50.__vbaStrVarVal
  0042D1D9  .  89B5 C4FEFFFF  MOV DWORD PTR SS:[EBP-13C],ESI
  0042D1DF  .  8BB5 DCFEFFFF  MOV ESI,DWORD PTR SS:[EBP-124]
  0042D1E5  .  8B8D C4FEFFFF  MOV ECX,DWORD PTR SS:[EBP-13C]
  0042D1EB  .  50          PUSH EAX
  0042D1EC  .  56          PUSH ESI
  0042D1ED  .  FF91 A4000000  CALL DWORD PTR DS:[ECX+A4]
  0042D1F3  .  3BC7       CMP EAX,EDI
  0042D1F5  .  7D 12       JGE SHORT CODE_u.0042D209
  0042D1F7  .  68 A4000000 PUSH 0A4
  0042D1FC  .  68 F4994000 PUSH CODE_u.004099F4
  0042D201  .  56          PUSH ESI
  0042D202  .  50          PUSH EAX
  有空分析出算法，那我就非常感谢了

作者: ↓Ψ蓋Ψ↑ 时间: 2011-4-9 16:10:22

沙发~

作者: xiaoneihaoge 时间: 2011-4-9 16:14:36

不好意思，下半部分被版主删了，太麻烦了，有空我再发一遍。

作者: HERE 时间: 2011-4-9 16:18:43

回复 xiaoneihaoge 的帖子

没事没事等夏总回来给你补出来以后这么发帖的时候要改下标题

作者: 葡萄.. 时间: 2011-4-9 17:57:36

晕了我都……

作者: yanyan21o 时间: 2011-4-9 18:20:05

啥东西

作者: 爱在漫步 时间: 2011-4-9 19:10:37

我给你恢复呵呵

作者: wangriyunyan 时间: 2011-4-9 21:48:07

顶

欢迎光临山东农业大学论坛 (http://mysdau.com/)