分享
 
 
 

TimeRecorder V4.17.3简单算法分析

王朝other·作者佚名  2006-01-10
窄屏简体版  字體: |||超大  

TimeRecorder V4.17.3简单算法分析

日期:2005年8月19日破解人:lnn1123[BCG]

———————————————————————————————————————————

【软件名称】:TimeRecorder 软件版本:V4.17.3

【软件大小】: 1912KB

【下载地址】:天空软件

【软件简介】:TimeRecorder is a timer and reminder software. It provides the

following functions: as a reminder, can show tips about scheduled

and important tasks at the prearranged time; as a recorder, to

keep track of time and record everything we do in a whole day,

a week or even a month; as a memo, what we write or paste into

will be saved automatically for future reference. Also, it can

shut down computer automatically at the specified time.

TimeRecorder (copyright 2001-2004 by SunShine Software Inc.) is

a shareware application. If, after a reasonable period, you decide

that you find TimeRecorder useful and plan to continue to use it,

please register with SunShine Software Inc.

There is a convenient way to register. For more details on

registration, see "Help/Documentation/How To Buy" from within

TimeRecorder or visit web site http://timerecorder.51.net .

【软件限制】:次数限制,只能够用40次

【破解声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!

【破解工具】:OLLYDBG,PEID

———————————————————————————————————————————

【破解过程】:

======================================================================================

分析过程

======================================================================================

OD载入,PEID查看无壳,VB的好怕怕啊,注册有错误提示,无反跟踪,BP MsgBoxA,可以找到下面下断处

004748F0 > 55 PUSH EBP ; 下断处

004748F1 . 8BEC MOV EBP,ESP

004748F3 . 83EC 0C SUB ESP,0C

004748F6 . 68 561E4000 PUSH <JMP.&MSVBVM50.__vbaExceptHandler> ; SE handler installation

004748FB . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]

00474901 . 50 PUSH EAX

00474902 . 64:8925 000000>MOV DWORD PTR FS:[0],ESP

00474909 . 81EC F0000000 SUB ESP,0F0

0047490F . 53 PUSH EBX

00474910 . 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]

00474913 . 8BC3 MOV EAX,EBX

00474915 . 56 PUSH ESI

00474916 . 83E3 FE AND EBX,FFFFFFFE

00474919 . 57 PUSH EDI

0047491A . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP

0047491D . 83E0 01 AND EAX,1

00474920 . 8B33 MOV ESI,DWORD PTR DS:[EBX]

00474922 . C745 F8 401640>MOV DWORD PTR SS:[EBP-8],TimeReco.004016>

00474929 . 53 PUSH EBX

0047492A . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX

0047492D . 895D 08 MOV DWORD PTR SS:[EBP+8],EBX

00474930 . 89B5 0CFFFFFF MOV DWORD PTR SS:[EBP-F4],ESI

00474936 . FF56 04 CALL DWORD PTR DS:[ESI+4]

00474939 . 8BB6 10030000 MOV ESI,DWORD PTR DS:[ESI+310]

0047493F . 33FF XOR EDI,EDI

00474941 . 53 PUSH EBX

00474942 . 897D E0 MOV DWORD PTR SS:[EBP-20],EDI

00474945 . 897D DC MOV DWORD PTR SS:[EBP-24],EDI

00474948 . 897D D8 MOV DWORD PTR SS:[EBP-28],EDI

0047494B . 897D D4 MOV DWORD PTR SS:[EBP-2C],EDI

0047494E . 897D D0 MOV DWORD PTR SS:[EBP-30],EDI

00474951 . 897D CC MOV DWORD PTR SS:[EBP-34],EDI

00474954 . 897D C8 MOV DWORD PTR SS:[EBP-38],EDI

00474957 . 897D C4 MOV DWORD PTR SS:[EBP-3C],EDI

0047495A . 897D C0 MOV DWORD PTR SS:[EBP-40],EDI

0047495D . 897D B0 MOV DWORD PTR SS:[EBP-50],EDI

00474960 . 897D A0 MOV DWORD PTR SS:[EBP-60],EDI

00474963 . 897D 90 MOV DWORD PTR SS:[EBP-70],EDI

00474966 . 897D 80 MOV DWORD PTR SS:[EBP-80],EDI

00474969 . 89BD 70FFFFFF MOV DWORD PTR SS:[EBP-90],EDI

0047496F . 89BD 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EDI

00474975 . 89BD 3CFFFFFF MOV DWORD PTR SS:[EBP-C4],EDI

0047497B . 89B5 08FFFFFF MOV DWORD PTR SS:[EBP-F8],ESI

00474981 . FFD6 CALL ESI

00474983 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]

00474986 . 50 PUSH EAX

00474987 . 51 PUSH ECX

00474988 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet

0047498E . 8B10 MOV EDX,DWORD PTR DS:[EAX]

00474990 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]

00474993 . 51 PUSH ECX

00474994 . 50 PUSH EAX

00474995 . 8985 38FFFFFF MOV DWORD PTR SS:[EBP-C8],EAX

0047499B . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]

004749A1 . 3BC7 CMP EAX,EDI

004749A3 . 7D 18 JGE SHORT TimeReco.004749BD

004749A5 . 8B95 38FFFFFF MOV EDX,DWORD PTR SS:[EBP-C8]

004749AB . 68 A0000000 PUSH 0A0

004749B0 . 68 C8664100 PUSH TimeReco.004166C8

004749B5 . 52 PUSH EDX

004749B6 . 50 PUSH EAX

004749B7 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj

004749BD > 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 注册名

004749C0 . 50 PUSH EAX ; 比较参数1

004749C1 . 68 0C654100 PUSH TimeReco.0041650C ; 比较参数2

004749C6 . FF15 F0834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrCm>; MSVBVM50.__vbaStrCmp

004749CC . F7D8 NEG EAX ; 比较注册名是否为空

004749CE . 1BC0 SBB EAX,EAX

004749D0 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]

004749D3 . F7D8 NEG EAX

004749D5 . F7D8 NEG EAX

004749D7 . 8985 30FFFFFF MOV DWORD PTR SS:[EBP-D0],EAX ; 保存

004749DD . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr

004749E3 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]

004749E6 . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj

004749EC . 66:39BD 30FFFF>CMP WORD PTR SS:[EBP-D0],DI ; 是否输入了

004749F3 . 0F84 310B0000 JE TimeReco.0047552A ; 不能够跳

004749F9 . 53 PUSH EBX

004749FA . FF95 08FFFFFF CALL DWORD PTR SS:[EBP-F8]

00474A00 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]

00474A03 . 50 PUSH EAX

00474A04 . 51 PUSH ECX

00474A05 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet

00474A0B . 8B10 MOV EDX,DWORD PTR DS:[EAX]

00474A0D . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]

00474A10 . 51 PUSH ECX

00474A11 . 50 PUSH EAX

00474A12 . 8985 38FFFFFF MOV DWORD PTR SS:[EBP-C8],EAX

00474A18 . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]

00474A1E . 3BC7 CMP EAX,EDI

00474A20 . 7D 18 JGE SHORT TimeReco.00474A3A

00474A22 . 8B95 38FFFFFF MOV EDX,DWORD PTR SS:[EBP-C8]

00474A28 . 68 A0000000 PUSH 0A0

00474A2D . 68 C8664100 PUSH TimeReco.004166C8

00474A32 . 52 PUSH EDX

00474A33 . 50 PUSH EAX

00474A34 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj

00474A3A > 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 注册名

00474A3D . 50 PUSH EAX ; 参数

00474A3E . FF15 08834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaLenBs>; MSVBVM50.__vbaLenBstr

00474A44 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20] ; 长度值在EAX

00474A47 . 8985 1CFFFFFF MOV DWORD PTR SS:[EBP-E4],EAX ; 保存

00474A4D . BE 01000000 MOV ESI,1

00474A52 . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr

00474A58 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]

00474A5B . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj

00474A61 > 3BB5 1CFFFFFF CMP ESI,DWORD PTR SS:[EBP-E4] ; 循环得到注册名ASC和

00474A67 . 0F8F A6000000 JG TimeReco.00474B13

00474A6D . 53 PUSH EBX

00474A6E . FF95 08FFFFFF CALL DWORD PTR SS:[EBP-F8]

00474A74 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]

00474A77 . 50 PUSH EAX

00474A78 . 51 PUSH ECX

00474A79 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet

00474A7F . 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]

00474A82 . 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]

00474A85 . 8945 B8 MOV DWORD PTR SS:[EBP-48],EAX

00474A88 . 52 PUSH EDX

00474A89 . 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]

00474A8C . 56 PUSH ESI

00474A8D . 8D4D 90 LEA ECX,DWORD PTR SS:[EBP-70]

00474A90 . 50 PUSH EAX

00474A91 . 51 PUSH ECX

00474A92 . C745 A8 010000>MOV DWORD PTR SS:[EBP-58],1

00474A99 . C745 A0 020000>MOV DWORD PTR SS:[EBP-60],2

00474AA0 . C745 C8 000000>MOV DWORD PTR SS:[EBP-38],0

00474AA7 . C745 B0 090000>MOV DWORD PTR SS:[EBP-50],9

00474AAE . FF15 D4834900 CALL DWORD PTR DS:[<&MSVBVM50.#632>] ; MSVBVM50.rtcMidCharVar

00474AB4 . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70] ; 上面的是VB中的取字符函数

00474AB7 . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]

00474ABA . 52 PUSH EDX

00474ABB . 50 PUSH EAX

00474ABC . FF15 80844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>; MSVBVM50.__vbaStrVarVal

00474AC2 . 50 PUSH EAX ; 转化为变量型

00474AC3 . FF15 20834900 CALL DWORD PTR DS:[<&MSVBVM50.#516>] ; MSVBVM50.rtcAnsiValueBstr

00474AC9 . 0FBFC8 MOVSX ECX,AX ; AX为注册名某位ASC

00474ACC . 03CF ADD ECX,EDI ; 累加到ECX

00474ACE . 0F80 6A0B0000 JO TimeReco.0047563E

00474AD4 . 8BF9 MOV EDI,ECX ; 转移

00474AD6 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]

00474AD9 . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr

00474ADF . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]

00474AE2 . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj

00474AE8 . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]

00474AEB . 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]

00474AEE . 52 PUSH EDX

00474AEF . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]

00474AF2 . 50 PUSH EAX

00474AF3 . 51 PUSH ECX

00474AF4 . 6A 03 PUSH 3

00474AF6 . FF15 10834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>; MSVBVM50.__vbaFreeVarList

00474AFC . B8 01000000 MOV EAX,1

00474B01 . 83C4 10 ADD ESP,10

00474B04 . 03C6 ADD EAX,ESI ; EAX=EAX+ESI

00474B06 . 0F80 320B0000 JO TimeReco.0047563E

00474B0C . 8BF0 MOV ESI,EAX

00474B0E .^E9 4EFFFFFF JMP TimeReco.00474A61 ; 循环到00474A61

00474B13 > A1 80204900 MOV EAX,DWORD PTR DS:[492080]

00474B18 . 85C0 TEST EAX,EAX

00474B1A . 75 19 JNZ SHORT TimeReco.00474B35

00474B1C . 8B1D AC844900 MOV EBX,DWORD PTR DS:[<&MSVBVM50.__vbaNe>; MSVBVM50.__vbaNew2

00474B22 . 68 80204900 PUSH TimeReco.00492080

00474B27 . 68 94044100 PUSH TimeReco.00410494

00474B2C . FFD3 CALL EBX ; <&MSVBVM50.__vbaNew2>

00474B2E . A1 80204900 MOV EAX,DWORD PTR DS:[492080]

00474B33 . EB 06 JMP SHORT TimeReco.00474B3B

00474B35 > 8B1D AC844900 MOV EBX,DWORD PTR DS:[<&MSVBVM50.__vbaNe>; MSVBVM50.__vbaNew2

00474B3B > 85C0 TEST EAX,EAX

00474B3D . 8985 28FFFFFF MOV DWORD PTR SS:[EBP-D8],EAX

00474B43 . 75 11 JNZ SHORT TimeReco.00474B56

00474B45 . 68 80204900 PUSH TimeReco.00492080

00474B4A . 68 94044100 PUSH TimeReco.00410494

00474B4F . FFD3 CALL EBX

00474B51 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]

00474B56 > 8B10 MOV EDX,DWORD PTR DS:[EAX]

00474B58 . 50 PUSH EAX

00474B59 . FF92 D4030000 CALL DWORD PTR DS:[EDX+3D4]

00474B5F . 50 PUSH EAX

00474B60 . 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]

00474B63 . 50 PUSH EAX

00474B64 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet

00474B6A . 8BF0 MOV ESI,EAX

00474B6C . 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]

00474B6F . 52 PUSH EDX

00474B70 . 56 PUSH ESI

00474B71 . 8B0E MOV ECX,DWORD PTR DS:[ESI]

00474B73 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]

00474B79 . 85C0 TEST EAX,EAX

00474B7B . 7D 12 JGE SHORT TimeReco.00474B8F

00474B7D . 68 A0000000 PUSH 0A0

00474B82 . 68 C8664100 PUSH TimeReco.004166C8

00474B87 . 56 PUSH ESI

00474B88 . 50 PUSH EAX

00474B89 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj

00474B8F > A1 80204900 MOV EAX,DWORD PTR DS:[492080]

00474B94 . 85C0 TEST EAX,EAX

00474B96 . 75 11 JNZ SHORT TimeReco.00474BA9

00474B98 . 68 80204900 PUSH TimeReco.00492080

00474B9D . 68 94044100 PUSH TimeReco.00410494

00474BA2 . FFD3 CALL EBX

00474BA4 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]

00474BA9 > 8B08 MOV ECX,DWORD PTR DS:[EAX]

00474BAB . 50 PUSH EAX

00474BAC . FF91 D4030000 CALL DWORD PTR DS:[ECX+3D4]

00474BB2 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]

00474BB5 . 50 PUSH EAX

00474BB6 . 52 PUSH EDX

00474BB7 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet

00474BBD . 8BF0 MOV ESI,EAX

00474BBF . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]

00474BC2 . 51 PUSH ECX

00474BC3 . 56 PUSH ESI

00474BC4 . 8B06 MOV EAX,DWORD PTR DS:[ESI]

00474BC6 . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]

00474BCC . 85C0 TEST EAX,EAX

00474BCE . 7D 12 JGE SHORT TimeReco.00474BE2

00474BD0 . 68 A0000000 PUSH 0A0

00474BD5 . 68 C8664100 PUSH TimeReco.004166C8

00474BDA . 56 PUSH ESI

00474BDB . 50 PUSH EAX

00474BDC . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj

00474BE2 > 8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]

00474BE8 . 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 1123

00474BEB > . 50 PUSH EAX ; 参数

00474BEC . 8B1A MOV EBX,DWORD PTR DS:[EDX] ; 下面是浮点转换

00474BEE . FF15 88854900 CALL DWORD PTR DS:[<&MSVBVM50.#581>] ; MSVBVM50.rtcR8ValFromBstr

00474BF4 . FF15 1C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFpI4>>; MSVBVM50.__vbaFpI4

00474BFA . 99 CDQ ; 双字扩展,为下面除运算做准备

00474BFB . B9 E8030000 MOV ECX,3E8 ; 被除常数

00474C00 . F7F9 IDIV ECX ; 除法运算,余数在EDX

00474C02 . 8BF2 MOV ESI,EDX ; 余数在EDX

00474C04 . 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24]

00474C07 . 52 PUSH EDX ; 参数

00474C08 . FF15 88854900 CALL DWORD PTR DS:[<&MSVBVM50.#581>] ; MSVBVM50.rtcR8ValFromBstr

00474C0E . FF15 1C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFpI4>>; MSVBVM50.__vbaFpI4

00474C14 . 99 CDQ ; 双字扩展,为下面除运算做准备

00474C15 . B9 E8030000 MOV ECX,3E8 ; 被除常数

00474C1A . F7F9 IDIV ECX

00474C1C . 0FAFF2 IMUL ESI,EDX ; 乘法运算,ESI=ESI*EDX

00474C1F . 0F80 190A0000 JO TimeReco.0047563E ; 益出跳转

00474C25 . 03F7 ADD ESI,EDI ; 加上注册名ASC和

00474C27 . 0F80 110A0000 JO TimeReco.0047563E ; 益出跳转

00474C2D . 83C6 02 ADD ESI,2 ; 加2

00474C30 . 0F80 080A0000 JO TimeReco.0047563E ; 益出跳转

00474C36 . 46 INC ESI ; 加1

00474C37 . 0F80 010A0000 JO TimeReco.0047563E ; 益出跳转

00474C3D . 56 PUSH ESI ; 压键,现在的ESI记为SN

00474C3E . 8BB5 28FFFFFF MOV ESI,DWORD PTR SS:[EBP-D8]

00474C44 . 56 PUSH ESI

00474C45 . FF93 E8070000 CALL DWORD PTR DS:[EBX+7E8]

00474C4B . 85C0 TEST EAX,EAX

00474C4D . 7D 12 JGE SHORT TimeReco.00474C61

00474C4F . 68 E8070000 PUSH 7E8

00474C54 . 68 94524100 PUSH TimeReco.00415294

00474C59 . 56 PUSH ESI

00474C5A . 50 PUSH EAX

00474C5B . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj

00474C61 > 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]

00474C64 . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]

00474C67 . 52 PUSH EDX

00474C68 . 50 PUSH EAX

00474C69 . 6A 02 PUSH 2

00474C6B . FF15 D0844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStrList

00474C71 . 83C4 0C ADD ESP,0C

00474C74 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]

00474C77 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]

00474C7A . 51 PUSH ECX

00474C7B . 52 PUSH EDX

00474C7C . 6A 02 PUSH 2

00474C7E . FF15 18834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObjList

00474C84 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]

00474C89 . 83C4 0C ADD ESP,0C

00474C8C . 85C0 TEST EAX,EAX

00474C8E . 75 10 JNZ SHORT TimeReco.00474CA0

00474C90 . 68 80204900 PUSH TimeReco.00492080

00474C95 . 68 94044100 PUSH TimeReco.00410494

00474C9A . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2

00474CA0 > 8B35 80204900 MOV ESI,DWORD PTR DS:[492080]

00474CA6 . 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]

00474CAC . 51 PUSH ECX

00474CAD . 56 PUSH ESI

00474CAE . 8B06 MOV EAX,DWORD PTR DS:[ESI]

00474CB0 . FF90 E4070000 CALL DWORD PTR DS:[EAX+7E4]

00474CB6 . 85C0 TEST EAX,EAX

00474CB8 . 7D 12 JGE SHORT TimeReco.00474CCC

00474CBA . 68 E4070000 PUSH 7E4

00474CBF . 68 94524100 PUSH TimeReco.00415294

00474CC4 . 56 PUSH ESI

00474CC5 . 50 PUSH EAX

00474CC6 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj

00474CCC > 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]

00474CCF . 8BBD 0CFFFFFF MOV EDI,DWORD PTR SS:[EBP-F4]

00474CD5 . 53 PUSH EBX

00474CD6 . FF97 00030000 CALL DWORD PTR DS:[EDI+300]

00474CDC . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]

00474CDF . 50 PUSH EAX

00474CE0 . 52 PUSH EDX

00474CE1 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet

00474CE7 . 8BF0 MOV ESI,EAX

00474CE9 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]

00474CEC . 51 PUSH ECX

00474CED . 56 PUSH ESI

00474CEE . 8B06 MOV EAX,DWORD PTR DS:[ESI]

00474CF0 . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]

00474CF6 . 85C0 TEST EAX,EAX

00474CF8 . 7D 12 JGE SHORT TimeReco.00474D0C

00474CFA . 68 A0000000 PUSH 0A0

00474CFF . 68 C8664100 PUSH TimeReco.004166C8

00474D04 . 56 PUSH ESI

00474D05 . 50 PUSH EAX

00474D06 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj

00474D0C > 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; 注册码

00474D0F . 52 PUSH EDX

00474D10 . FF15 88854900 CALL DWORD PTR DS:[<&MSVBVM50.#581>] ; MSVBVM50.rtcR8ValFromBstr

00474D16 . FF15 C4834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFpR8>>; MSVBVM50.__vbaFpR8

00474D1C . DB85 3CFFFFFF FILD DWORD PTR SS:[EBP-C4] ; 装入SN

00474D22 . DD9D 00FFFFFF FSTP QWORD PTR SS:[EBP-100]

00474D28 . DC9D 00FFFFFF FCOMP QWORD PTR SS:[EBP-100] ; 浮点比较,这里看到注册码

00474D2E . DFE0 FSTSW AX

00474D30 . F6C4 40 TEST AH,40 ; 是否是40

00474D33 . 74 07 JE SHORT TimeReco.00474D3C

00474D35 . BE 01000000 MOV ESI,1

00474D3A . EB 02 JMP SHORT TimeReco.00474D3E

00474D3C > 33F6 XOR ESI,ESI

00474D3E > 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]

00474D41 . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr

00474D47 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]

00474D4A . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj

00474D50 . F7DE NEG ESI

00474D52 . 66:85F6 TEST SI,SI

00474D55 . 0F84 70040000 JE TimeReco.004751CB ; 关键跳转,不跳就注册成功

00474D5B . A1 80204900 MOV EAX,DWORD PTR DS:[492080] ;下面就是建立一个Iotmrd.sys文件,里面有注册信息

00474D60 . 85C0 TEST EAX,EAX

00474D62 . 75 15 JNZ SHORT TimeReco.00474D79

00474D64 . 68 80204900 PUSH TimeReco.00492080

00474D69 . 68 94044100 PUSH TimeReco.00410494

00474D6E . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2

00474D74 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]

00474D79 > 8B08 MOV ECX,DWORD PTR DS:[EAX]

00474D7B . 50 PUSH EAX

00474D7C . FF91 DC030000 CALL DWORD PTR DS:[ECX+3DC]

00474D82 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]

00474D85 . 50 PUSH EAX

00474D86 . 52 PUSH EDX

00474D87 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet

00474D8D . 8BF8 MOV EDI,EAX

00474D8F . A1 80204900 MOV EAX,DWORD PTR DS:[492080]

00474D94 . 85C0 TEST EAX,EAX

00474D96 . 75 10 JNZ SHORT TimeReco.00474DA8

00474D98 . 68 80204900 PUSH TimeReco.00492080

00474D9D . 68 94044100 PUSH TimeReco.00410494

00474DA2 . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2

00474DA8 > 8B35 80204900 MOV ESI,DWORD PTR DS:[492080]

00474DAE . 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]

00474DB4 . 51 PUSH ECX

00474DB5 . 56 PUSH ESI

00474DB6 . 8B06 MOV EAX,DWORD PTR DS:[ESI]

00474DB8 . FF90 E4070000 CALL DWORD PTR DS:[EAX+7E4]

00474DBE . 85C0 TEST EAX,EAX

00474DC0 . 7D 12 JGE SHORT TimeReco.00474DD4

00474DC2 . 68 E4070000 PUSH 7E4

00474DC7 . 68 94524100 PUSH TimeReco.00415294

00474DCC . 56 PUSH ESI

00474DCD . 50 PUSH EAX

00474DCE . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj

00474DD4 > 8B95 3CFFFFFF MOV EDX,DWORD PTR SS:[EBP-C4]

00474DDA . 8B37 MOV ESI,DWORD PTR DS:[EDI]

00474DDC . 52 PUSH EDX

00474DDD . FF15 F4824900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrI4>; MSVBVM50.__vbaStrI4

00474DE3 . 8BD0 MOV EDX,EAX

00474DE5 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]

00474DE8 . FF15 38854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrMo>; MSVBVM50.__vbaStrMove

00474DEE . 50 PUSH EAX

00474DEF . 57 PUSH EDI

00474DF0 . FF96 A4000000 CALL DWORD PTR DS:[ESI+A4]

00474DF6 . 85C0 TEST EAX,EAX

00474DF8 . 7D 12 JGE SHORT TimeReco.00474E0C

00474DFA . 68 A4000000 PUSH 0A4

00474DFF . 68 C8664100 PUSH TimeReco.004166C8

00474E04 . 57 PUSH EDI

00474E05 . 50 PUSH EAX

00474E06 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj

00474E0C > 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]

00474E0F . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr

00474E15 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]

00474E18 . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj

00474E1E . A1 80204900 MOV EAX,DWORD PTR DS:[492080]

00474E23 . 85C0 TEST EAX,EAX

00474E25 . 75 15 JNZ SHORT TimeReco.00474E3C

00474E27 . 68 80204900 PUSH TimeReco.00492080

00474E2C . 68 94044100 PUSH TimeReco.00410494

00474E31 . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2

00474E37 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]

00474E3C > 8B08 MOV ECX,DWORD PTR DS:[EAX]

00474E3E . 50 PUSH EAX

00474E3F . FF91 DC030000 CALL DWORD PTR DS:[ECX+3DC]

00474E45 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]

00474E48 . 50 PUSH EAX

00474E49 . 52 PUSH EDX

00474E4A . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet

00474E50 . 8BF0 MOV ESI,EAX

00474E52 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]

00474E55 . 51 PUSH ECX

00474E56 . 56 PUSH ESI

00474E57 . 8B06 MOV EAX,DWORD PTR DS:[ESI]

00474E59 . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]

00474E5F . 85C0 TEST EAX,EAX

00474E61 . 7D 12 JGE SHORT TimeReco.00474E75

00474E63 . 68 A0000000 PUSH 0A0

00474E68 . 68 C8664100 PUSH TimeReco.004166C8

00474E6D . 56 PUSH ESI

00474E6E . 50 PUSH EAX

00474E6F . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj

00474E75 > A1 80204900 MOV EAX,DWORD PTR DS:[492080]

00474E7A . 85C0 TEST EAX,EAX

00474E7C . 75 10 JNZ SHORT TimeReco.00474E8E

00474E7E . 68 80204900 PUSH TimeReco.00492080

00474E83 . 68 94044100 PUSH TimeReco.00410494

00474E88 . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2

00474E8E > 8B35 80204900 MOV ESI,DWORD PTR DS:[492080]

00474E94 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]

00474E97 . 50 PUSH EAX

00474E98 . 56 PUSH ESI

00474E99 . 8B16 MOV EDX,DWORD PTR DS:[ESI]

00474E9B . FF92 70070000 CALL DWORD PTR DS:[EDX+770]

00474EA1 . 85C0 TEST EAX,EAX

00474EA3 . 7D 12 JGE SHORT TimeReco.00474EB7

00474EA5 . 68 70070000 PUSH 770

00474EAA . 68 94524100 PUSH TimeReco.00415294

00474EAF . 56 PUSH ESI

00474EB0 . 50 PUSH EAX

00474EB1 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj

00474EB7 > 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]

00474EBA . 8B35 04854900 MOV ESI,DWORD PTR DS:[<&MSVBVM50.__vbaSt>; MSVBVM50.__vbaStrToAnsi

00474EC0 . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]

00474EC3 . 51 PUSH ECX

00474EC4 . 52 PUSH EDX

00474EC5 . FFD6 CALL ESI ; <&MSVBVM50.__vbaStrToAnsi>

00474EC7 . 50 PUSH EAX

00474EC8 . 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]

00474ECB . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]

00474ECE . 50 PUSH EAX

00474ECF . 51 PUSH ECX

00474ED0 . FFD6 CALL ESI

00474ED2 . 50 PUSH EAX

00474ED3 . 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]

00474ED6 . 68 08754100 PUSH TimeReco.00417508 ; UNICODE "pt3"

00474EDB . 52 PUSH EDX

00474EDC . FFD6 CALL ESI

00474EDE . 50 PUSH EAX

00474EDF . 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]

00474EE2 . 68 B0664100 PUSH TimeReco.004166B0 ; UNICODE "MyApp"

00474EE7 . 50 PUSH EAX

00474EE8 . FFD6 CALL ESI

00474EEA . 50 PUSH EAX

00474EEB . E8 840EFAFF CALL TimeReco.00415D74

00474EF0 . 8985 3CFFFFFF MOV DWORD PTR SS:[EBP-C4],EAX

00474EF6 . FF15 44834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaSetSy>; MSVBVM50.__vbaSetSystemError

00474EFC . 8B8D 3CFFFFFF MOV ECX,DWORD PTR SS:[EBP-C4]

00474F02 . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]

00474F05 . 894B 38 MOV DWORD PTR DS:[EBX+38],ECX

00474F08 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]

00474F0B . 52 PUSH EDX

00474F0C . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]

00474F0F . 50 PUSH EAX

00474F10 . 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]

00474F13 . 51 PUSH ECX

00474F14 . 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]

00474F17 . 52 PUSH EDX

00474F18 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]

00474F1B . 50 PUSH EAX

00474F1C . 51 PUSH ECX

00474F1D . 6A 06 PUSH 6

00474F1F . FF15 D0844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStrList

00474F25 . 83C4 1C ADD ESP,1C

00474F28 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]

00474F2B . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj

00474F31 . 53 PUSH EBX

00474F32 . FF95 08FFFFFF CALL DWORD PTR SS:[EBP-F8]

00474F38 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]

00474F3B . 50 PUSH EAX

00474F3C . 52 PUSH EDX

00474F3D . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet

00474F43 . 8BF8 MOV EDI,EAX

00474F45 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]

00474F48 . 51 PUSH ECX

00474F49 . 57 PUSH EDI

00474F4A . 8B07 MOV EAX,DWORD PTR DS:[EDI]

00474F4C . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]

00474F52 . 85C0 TEST EAX,EAX

00474F54 . 7D 12 JGE SHORT TimeReco.00474F68

00474F56 . 68 A0000000 PUSH 0A0

00474F5B . 68 C8664100 PUSH TimeReco.004166C8

00474F60 . 57 PUSH EDI

00474F61 . 50 PUSH EAX

00474F62 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj

00474F68 > A1 80204900 MOV EAX,DWORD PTR DS:[492080]

00474F6D . 85C0 TEST EAX,EAX

00474F6F . 75 10 JNZ SHORT TimeReco.00474F81

00474F71 . 68 80204900 PUSH TimeReco.00492080

00474F76 . 68 94044100 PUSH TimeReco.00410494

00474F7B . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2

00474F81 > 8B3D 80204900 MOV EDI,DWORD PTR DS:[492080]

00474F87 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]

00474F8A . 50 PUSH EAX

00474F8B . 57 PUSH EDI

00474F8C . 8B17 MOV EDX,DWORD PTR DS:[EDI]

00474F8E . FF92 70070000 CALL DWORD PTR DS:[EDX+770]

00474F94 . 85C0 TEST EAX,EAX

00474F96 . 7D 16 JGE SHORT TimeReco.00474FAE

00474F98 . 68 70070000 PUSH 770

00474F9D . 68 94524100 PUSH TimeReco.00415294

00474FA2 . 57 PUSH EDI

00474FA3 . 8B3D 4C834900 MOV EDI,DWORD PTR DS:[<&MSVB

———————————————————————————————————————————

【Crack_总结】:

用到了浮点算法,但是几乎没有作用,就是比较的时候用了一下,大概注册是这样的,取注册名ASC和记为NH,取机器码运算得到的值记JY,然后就是SN=(JY%0X3EB)*(JY%0X3EB)+NH+3的十进制,算法比较简单,但是感觉到VB的繁杂,这么多垃圾代码,而且如果你VB的函数不懂的话破解VB软件也是满难的,这也体现了编程的重要性

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有