好友
阅读权限20
听众
最后登录1970-1-1
|
本帖最后由 zmjxx341 于 2010-2-19 10:04 编辑
【软件名称】: 闪电会员管理
【软件大小】: 2.几M
【下载地址】: 百度一下你就知道
【编写语言】: VB
【软件介绍】: 开店用的。软件
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
在吾爱看到一个破解版的下了看下,好象没有破解。所以自己弄了一下。
VB的程序。有壳
运行程序点注册按钮输入 假码111111 用户名zmjxx341
VB的没字串 下 _vbaStrComp
断下后返回程序模块,取消断点,到本段开始出下断,从新输入假码,确定后程序断下
020D3DA0 55 push ebp
020D3DA1 8BEC mov ebp,esp
020D3DA3 83EC 0C sub esp,0C
020D3DA6 68 16130D02 push LDRLib.020D1316 ; jmp 到 msvbvm60.__vbaExceptHandler
020D3DAB 64:A1 00000000 mov eax,dword ptr fs:[0]
020D3DB1 50 push eax
020D3DB2 64:8925 0000000>mov dword ptr fs:[0],esp
020D3DB9 83EC 34 sub esp,34
020D3DBC 53 push ebx
020D3DBD 56 push esi
020D3DBE 57 push edi
020D3DBF 8965 F4 mov dword ptr ss:[ebp-C],esp
020D3DC2 C745 F8 B8110D0>mov dword ptr ss:[ebp-8],LDRLib.02>
020D3DC9 8B55 08 mov edx,dword ptr ss:[ebp+8]
020D3DCC 8B35 04110D02 mov esi,dword ptr ds:[20D1104] ; msvbvm60.__vbaStrCopy
020D3DD2 33C0 xor eax,eax
020D3DD4 8D4D CC lea ecx,dword ptr ss:[ebp-34]
020D3DD7 8945 E4 mov dword ptr ss:[ebp-1C],eax
020D3DDA 8945 E0 mov dword ptr ss:[ebp-20],eax
020D3DDD 8945 DC mov dword ptr ss:[ebp-24],eax
020D3DE0 8945 D8 mov dword ptr ss:[ebp-28],eax
020D3DE3 8945 D4 mov dword ptr ss:[ebp-2C],eax
020D3DE6 8945 D0 mov dword ptr ss:[ebp-30],eax
020D3DE9 8945 CC mov dword ptr ss:[ebp-34],eax
020D3DEC 8945 C8 mov dword ptr ss:[ebp-38],eax
020D3DEF 8945 C4 mov dword ptr ss:[ebp-3C],eax
020D3DF2 8945 C0 mov dword ptr ss:[ebp-40],eax
020D3DF5 FFD6 call esi
020D3DF7 8B55 0C mov edx,dword ptr ss:[ebp+C]
020D3DFA 8D4D D0 lea ecx,dword ptr ss:[ebp-30]
020D3DFD FFD6 call esi
020D3DFF 8B55 10 mov edx,dword ptr ss:[ebp+10]
020D3E02 8D4D DC lea ecx,dword ptr ss:[ebp-24]
020D3E05 FFD6 call esi
020D3E07 8B45 DC mov eax,dword ptr ss:[ebp-24]
020D3E0A 50 push eax
020D3E0B 68 D4240D02 push LDRLib.020D24D4
020D3E10 FF15 8C100D02 call dword ptr ds:[20D108C] ; msvbvm60.__vbaStrCmp
020D3E16 85C0 test eax,eax
020D3E18 75 14 jnz short LDRLib.020D3E2E
020D3E1A E8 11010000 call LDRLib.020D3F30
020D3E1F 8B35 44110D02 mov esi,dword ptr ds:[20D1144] ; msvbvm60.__vbaStrMove
020D3E25 8BD0 mov edx,eax
020D3E27 8D4D E4 lea ecx,dword ptr ss:[ebp-1C]
020D3E2A FFD6 call esi
020D3E2C EB 0E jmp short LDRLib.020D3E3C
020D3E2E 8B55 DC mov edx,dword ptr ss:[ebp-24]
020D3E31 8D4D E4 lea ecx,dword ptr ss:[ebp-1C]
020D3E34 FFD6 call esi
020D3E36 8B35 44110D02 mov esi,dword ptr ds:[20D1144] ; msvbvm60.__vbaStrMove
020D3E3C 8B4D E4 mov ecx,dword ptr ss:[ebp-1C]
020D3E3F 8B55 D0 mov edx,dword ptr ss:[ebp-30]
020D3E42 8B3D 3C100D02 mov edi,dword ptr ds:[20D103C] ; msvbvm60.__vbaStrCat
020D3E48 51 push ecx
020D3E49 52 push edx
020D3E4A FFD7 call edi ; 机器码与用户名连接
020D3E4C 8BD0 mov edx,eax ;
020D3E4E 8D4D C4 lea ecx,dword ptr ss:[ebp-3C]
020D3E51 FFD6 call esi
020D3E53 50 push eax
020D3E54 8B45 CC mov eax,dword ptr ss:[ebp-34]
020D3E57 50 push eax
020D3E58 FFD7 call edi ; 机器码用户名与字符串FlashHYNew连接
020D3E5A 8BD0 mov edx,eax
020D3E5C 8D4D E4 lea ecx,dword ptr ss:[ebp-1C]
020D3E5F FFD6 call esi
020D3E61 8D4D C4 lea ecx,dword ptr ss:[ebp-3C]
020D3E64 FF15 58110D02 call dword ptr ds:[20D1158] ; msvbvm60.__vbaFreeStr
020D3E6A 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
020D3E6D 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
020D3E70 8D55 E0 lea edx,dword ptr ss:[ebp-20]
020D3E73 51 push ecx
020D3E74 52 push edx
020D3E75 50 push eax
020D3E76 E8 A5020000 call LDRLib.020D4120 ; 算法
算法CALL
088F41A5 52 push edx
088F41A6 C745 D8 0100000>mov dword ptr ss:[ebp-28],1
088F41AD C745 D0 0200000>mov dword ptr ss:[ebp-30],2
088F41B4 C745 B0 0840000>mov dword ptr ss:[ebp-50],4008
088F41BB FF15 7C108F08 call dword ptr ds:[88F107C] ; msvbvm60.rtcMidCharVar
088F41C1 8D45 C0 lea eax,dword ptr ss:[ebp-40]
088F41C4 8D4D E0 lea ecx,dword ptr ss:[ebp-20]
088F41C7 50 push eax
088F41C8 51 push ecx
088F41C9 FF15 E0108F08 call dword ptr ds:[88F10E0] ; msvbvm60.__vbaStrVarVal
088F41CF 50 push eax
088F41D0 FF15 2C108F08 call dword ptr ds:[88F102C] ; 取第I位的ASCLL码
088F41D6 8BC8 mov ecx,eax
088F41D8 FFD3 call ebx
088F41DA 0FBFD0 movsx edx,ax
088F41DD 03D6 add edx,esi ; 与ESI累加
088F41DF 8D4D E0 lea ecx,dword ptr ss:[ebp-20]
088F41E2 0F80 30010000 jo LDRLib.088F4318
088F41E8 8BF2 mov esi,edx ; 相加的结果放入ESI
088F41EA FF15 58118F08 call dword ptr ds:[88F1158] ; msvbvm60.__vbaFreeStr
088F41F0 8D45 C0 lea eax,dword ptr ss:[ebp-40]
088F41F3 8D4D D0 lea ecx,dword ptr ss:[ebp-30]
088F41F6 50 push eax
088F41F7 51 push ecx
088F41F8 6A 02 push 2
088F41FA FF15 20108F08 call dword ptr ds:[88F1020] ; msvbvm60.__vbaFreeVarList
088F4200 B8 01000000 mov eax,1
088F4205 83C4 0C add esp,0C
088F4208 66:03C7 add ax,di ; 记次
088F420B 0F80 07010000 jo LDRLib.088F4318
088F4211 8BF8 mov edi,eax
088F4213 ^ E9 6EFFFFFF jmp LDRLib.088F4186
088F4218 8B55 E4 mov edx,dword ptr ss:[ebp-1C]
020D4218 8B55 E4 mov edx,dword ptr ss:[ebp-1C]
020D421B 8B3D 1C100D02 mov edi,dword ptr ds:[20D101C] ; msvbvm60.__vbaLenBstr
020D4221 52 push edx
020D4222 FFD7 call edi
020D4224 83F8 05 cmp eax,5
020D4227 0F8E 8D000000 jle LDRLib.020D42BA
020D422D 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
020D4230 8D4D D0 lea ecx,dword ptr ss:[ebp-30]
020D4233 8945 B8 mov dword ptr ss:[ebp-48],eax
020D4236 51 push ecx
020D4237 8D55 B0 lea edx,dword ptr ss:[ebp-50]
020D423A 6A 05 push 5
020D423C 8D45 C0 lea eax,dword ptr ss:[ebp-40]
020D423F 52 push edx
020D4240 50 push eax
020D4241 C745 D8 01000000 mov dword ptr ss:[ebp-28],1
020D4248 C745 D0 02000000 mov dword ptr ss:[ebp-30],2
020D424F C745 B0 08400000 mov dword ptr ss:[ebp-50],4008
020D4256 FF15 7C100D02 call dword ptr ds:[20D107C] ; msvbvm60.rtcMidCharVar
020D425C 8D4D C0 lea ecx,dword ptr ss:[ebp-40]
020D425F 8D55 E0 lea edx,dword ptr ss:[ebp-20]
020D4262 51 push ecx
020D4263 52 push edx
020D4264 FF15 E0100D02 call dword ptr ds:[20D10E0] ; msvbvm60.__vbaStrVarVal
020D426A 50 push eax
020D426B FF15 2C100D02 call dword ptr ds:[20D102C] ; 取机器码第5位的ASCLL码
020D4271 8BC8 mov ecx,eax
020D4273 FFD3 call ebx
020D4275 8B5D 10 mov ebx,dword ptr ss:[ebp+10]
020D4278 8D4D E0 lea ecx,dword ptr ss:[ebp-20]
020D427B 0FBFC0 movsx eax,ax
020D427E 8903 mov dword ptr ds:[ebx],eax
020D4280 FF15 58110D02 call dword ptr ds:[20D1158] ; msvbvm60.__vbaFreeStr
020D4286 8D4D C0 lea ecx,dword ptr ss:[ebp-40]
020D4289 8D55 D0 lea edx,dword ptr ss:[ebp-30]
020D428C 51 push ecx
020D428D 52 push edx
020D428E 6A 02 push 2
020D4290 FF15 20100D02 call dword ptr ds:[20D1020] ; msvbvm60.__vbaFreeVarList
020D4296 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
020D4299 83C4 0C add esp,0C
020D429C 50 push eax
020D429D FFD7 call edi ; 长度放入EAX
020D429F 6BC0 02 imul eax,eax,2 ; 长度 乘 2
020D42A2 8B13 mov edx,dword ptr ds:[ebx]
020D42A4 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
020D42A7 70 6F jo short LDRLib.020D4318
020D42A9 2BF2 sub esi,edx ; 累加值减第5位的ASCLL码
020D42AB 68 05430D02 push LDRLib.020D4305
020D42B0 70 66 jo short LDRLib.020D4318
020D42B2 03C6 add eax,esi ; 上一步的值加上 (长度乘2的值)
020D42B4 70 62 jo short LDRLib.020D4318
020D42B6 8901 mov dword ptr ds:[ecx],eax
020D42B8 EB 41 jmp short LDRLib.020D42FB
020D42BA 8B55 E4 mov edx,dword ptr ss:[ebp-1C]
020D42BD 52 push edx
020D42BE FFD7 call edi
020D42C0 6BC0 02 imul eax,eax,2
020D42C3 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
020D42C6 8B55 10 mov edx,dword ptr ss:[ebp+10]
020D42C9 70 4D jo short LDRLib.020D4318
020D42CB 03C6 add eax,esi
020D42CD 68 05430D02 push LDRLib.020D4305
020D42D2 70 44 jo short LDRLib.020D4318
020D42D4 8901 mov dword ptr ds:[ecx],eax
020D42D6 C702 71010000 mov dword ptr ds:[edx],171
020D42DC EB 1D jmp short LDRLib.020D42FB
020D42DE 8D4D E0 lea ecx,dword ptr ss:[ebp-20]
020D42E1 FF15 58110D02 call dword ptr ds:[20D1158] ; msvbvm60.__vbaFreeStr
020D42E7 8D45 C0 lea eax,dword ptr ss:[ebp-40]
020D42EA 8D4D D0 lea ecx,dword ptr ss:[ebp-30]
020D42ED 50 push eax
020D42EE 51 push ecx
020D42EF 6A 02 push 2
020D42F1 FF15 20100D02 call dword ptr ds:[20D1020] ; msvbvm60.__vbaFreeVarList
020D42F7 83C4 0C add esp,0C
020D42FA C3 retn
020D42FB 8D4D E4 lea ecx,dword ptr ss:[ebp-1C]
020D42FE FF15 58110D02 call dword ptr ds:[20D1158] ; msvbvm60.__vbaFreeStr
020D4304 C3 retn 返回
返回到这里
020D3E7B 8B4D E0 mov ecx,dword ptr ss:[ebp-20] ; 算法结果放入ECX
020D3E7E 8B1D 10100D02 mov ebx,dword ptr ds:[20D1010] ; msvbvm60.__vbaStrI4
020D3E84 51 push ecx
020D3E85 FFD3 call ebx
020D3E87 8BD0 mov edx,eax
020D3E89 8D4D C4 lea ecx,dword ptr ss:[ebp-3C]
020D3E8C FFD6 call esi
020D3E8E 8B55 D4 mov edx,dword ptr ss:[ebp-2C]
020D3E91 50 push eax
020D3E92 52 push edx
020D3E93 FF15 1C100D02 call dword ptr ds:[20D101C] ; msvbvm60.__vbaLenBstr
020D3E99 0FAF45 D8 imul eax,dword ptr ss:[ebp-28]
020D3E9D 0F80 87000000 jo LDRLib.020D3F2A
020D3EA3 50 push eax
020D3EA4 FFD3 call ebx
020D3EA6 8BD0 mov edx,eax
020D3EA8 8D4D C0 lea ecx,dword ptr ss:[ebp-40]
020D3EAB FFD6 call esi
020D3EAD 50 push eax
020D3EAE FFD7 call edi ; 算法结果与“0”连接
020D3EB0 8BD0 mov edx,eax ; 此时得到的就是注册码。。
020D3EB2 8D4D C8 lea ecx,dword ptr ss:[ebp-38]
算法
机器码用户名字符串FlashHYNew 记为 A 长度*2 记为len(一个中文算一个长度)
A的每一位ASCLL码累加值 + LEN X 2 - 第5位的ASCLL码 连接 字符 0 === SN(注册码)
中文用户名算法有点小改动。这就不写了。。
附件为易的注册机源码支持中文
闪电会员管理源码.rar
(88.19 KB, 下载次数: 119)
--------------------------------------------------------------------------------
【经验总结】
算法很简单。像我这样的菜鸟都会。
--------------------------------------------------------------------------------
【版权声明】: 本文原创于zmjxx341, 转载请注明作者并保持文章的完整, 谢谢! |
|
发表于 2010-2-19 10:02
发表于 2010-2-19 10:35
