山东农业大学论坛
标题:
让程序自己显示注册码
[打印本页]
作者:
xiaoneihaoge
时间:
2011-4-9 16:04:50
标题:
让程序自己显示注册码
0042D203 . FF15 8CF24300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;MSVBVM50.__vbaHresultCheckObj
0042D209 > 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
0042D20F . FF15 28F44300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
0042D215 . 8D8D 34FFFFFF LEA ECX,DWORD PTR SS:[EBP-CC]
0042D21B . FF15 2CF44300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
0042D221 . 8B95 CCFEFFFF MOV EDX,DWORD PTR SS:[EBP-134]
0042D227 . 53 PUSH EBX
0042D228 . FF92 24030000 CALL DWORD PTR DS:[EDX+324]
0042D22E . 50 PUSH EAX
0042D22F . 8D85 34FFFFFF LEA EAX,DWORD PTR SS:[EBP-CC]
0042D235 . 50 PUSH EAX
0042D236 . FF15 B4F24300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
0042D23C . 8BF0 MOV ESI,EAX
0042D23E . 57 PUSH EDI
0042D23F . 56 PUSH ESI
0042D240 . 8B0E MOV ECX,DWORD PTR DS:[ESI]
0042D242 . FF91 8C000000 CALL DWORD PTR DS:[ECX+8C]
0042D248 . 3BC7 CMP EAX,EDI
0042D24A . 7D 12 JGE SHORT CODE_u.0042D25E
0042D24C . 68 8C000000 PUSH 8C
0042D251 . 68 28A24000 PUSH CODE_u.0040A228
0042D256 . 56 PUSH ESI
0042D257 . 50 PUSH EAX
0042D258 . FF15 8CF24300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;MSVBVM50.__vbaHresultCheckObj
0042D25E > 8D8D 34FFFFFF LEA ECX,DWORD PTR SS:[EBP-CC]
0042D264 . FF15 2CF44300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
0042D26A > 8B95 CCFEFFFF MOV EDX,DWORD PTR SS:[EBP-134]
0042D270 . 53 PUSH EBX
0042D271 . FF92 20030000 CALL DWORD PTR DS:[EDX+320]
0042D277 . 50 PUSH EAX
0042D278 . 8D85 34FFFFFF LEA EAX,DWORD PTR SS:[EBP-CC]
0042D27E . 50 PUSH EAX
0042D27F . FF15 B4F24300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
0042D285 . 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]
0042D28B . 8BF0 MOV ESI,EAX
0042D28D . 8D95 38FFFFFF LEA EDX,DWORD PTR SS:[EBP-C8]
0042D293 . 51 PUSH ECX
0042D294 . 8B1E MOV EBX,DWORD PTR DS:[ESI]
0042D296 . 52 PUSH EDX
0042D297 . FF15 74F34300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>; MSVBVM50.__vbaStrVarVal
0042D29D . 50 PUSH EAX
0042D29E . 56 PUSH ESI
0042D29F . FF93 A4000000 CALL DWORD PTR DS:[EBX+A4]
0042D2A5 . 3BC7 CMP EAX,EDI
0042D2A7 . 7D 12 JGE SHORT CODE_u.0042D2BB
0042D2A9 . 68 A4000000 PUSH 0A4
0042D2AE . 68 F4994000 PUSH CODE_u.004099F4
0042D2B3 . 56 PUSH ESI
0042D2B4 . 50 PUSH EAX
0042D2B5 . FF15 8CF24300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;MSVBVM50.__vbaHresultCheckObj
0042D2BB > 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
0042D2C1 . FF15 28F44300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
0042D2C7 . 8D8D 34FFFFFF LEA ECX,DWORD PTR SS:[EBP-CC]
0042D2CD . FF15 2CF44300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
0042D2D3 . 897D FC MOV DWORD PTR SS:[EBP-4],EDI
0042D2D6 . 9B WAIT
0042D2D7 . 68 64D34200 PUSH CODE_u.0042D364
0042D2DC . EB 39 JMP SHORT CODE_u.0042D317
0042D2DE . 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
0042D2E4 . FF15 28F44300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
0042D2EA . 8D8D 34FFFFFF LEA ECX,DWORD PTR SS:[EBP-CC]
0042D2F0 . FF15 2CF44300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
0042D2F6 . 8D85 04FFFFFF LEA EAX,DWORD PTR SS:[EBP-FC]
0042D2FC . 8D8D 14FFFFFF LEA ECX,DWORD PTR SS:[EBP-EC]
0042D302 . 50 PUSH EAX
0042D303 . 8D95 24FFFFFF LEA EDX,DWORD PTR SS:[EBP-DC]
0042D309 . 51 PUSH ECX
0042D30A . 52 PUSH EDX
0042D30B . 6A 03 PUSH 3
0042D30D . FF15 64F24300 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>; MSVBVM50.__vbaFreeVarList
0042D313 . 83C4 10 ADD ESP,10
0042D316 . C3 RETN
0042D317 > 8B35 50F24300 MOV ESI,DWORD PTR DS:[<&MSVBVM50.__vbaFr>; MSVBVM50.__vbaFreeVar
0042D31D . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0042D320 . FFD6 CALL ESI ; <&MSVBVM50.__vbaFreeVar>
0042D322 . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
0042D325 . FFD6 CALL ESI
0042D327 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
0042D32A . FFD6 CALL ESI
0042D32C . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
0042D32F . FFD6 CALL ESI
0042D331 . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64]
0042D334 . FFD6 CALL ESI
0042D336 . 8D4D 8C LEA ECX,DWORD PTR SS:[EBP-74]
0042D339 . FFD6 CALL ESI
0042D33B . 8D8D 7CFFFFFF LEA ECX,DWORD PTR SS:[EBP-84]
0042D341 . FFD6 CALL ESI
0042D343 . 8D8D 6CFFFFFF LEA ECX,DWORD PTR SS:[EBP-94]
0042D349 . FFD6 CALL ESI
0042D34B . 8D8D 5CFFFFFF LEA ECX,DWORD PTR SS:[EBP-A4]
0042D351 . FFD6 CALL ESI
0042D353 . 8D8D 4CFFFFFF LEA ECX,DWORD PTR SS:[EBP-B4]
0042D359 . FFD6 CALL ESI
0042D35B . 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]
0042D361 . FFE6 JMP ESI
0042D363 . C3 RETN
--------------------------------------------------------------------------------
【经验总结】
软件是重起验证 类型,保护比较简单,我偷懒 直接把地址0042D19C 处代码NOP掉,让它直接显示注册码,省去了分析算法
的时间。运行修改后的程序,点击注册后 ,在注册窗口就会出现注册码了,再运行未修改过的原程序填入刚才的注册码,重起后程序就变成注册的了 ,其实修改后的程序就相当于注册机了。如果有哪位高手
作者:
wangriyunyan
时间:
2011-4-9 21:48:30
顶
作者:
红袜子
时间:
2011-4-10 06:53:21
看不懂
作者:
hexer
时间:
2011-7-25 20:58:29
我了个去,翻了半天,终于找到关于汇编的帖子了。
这个vb的程序爆破忒简单。
重启验证的也好,直接找爆破点,那样什么注册码不注册码的。
直接pass。
或者直接lpk pass
或者就是分析算法
作者:
hexer
时间:
2011-7-25 20:59:30
代码拍拍版,汇编代码多优美啊。。。。这样糟蹋了。。。。
欢迎光临 山东农业大学论坛 (http://mysdau.com/)
Powered by Discuz! X2