TimeRecorder V4.17.3简单算法分析
日期:2005年8月19日破解人:lnn1123[BCG]
———————————————————————————————————————————
【软件名称】:TimeRecorder 软件版本:V4.17.3
【软件大小】: 1912KB
【下载地址】:天空软件
【软件简介】:TimeRecorder is a timer and reminder software. It provides the
following functions: as a reminder, can show tips about scheduled
and important tasks at the prearranged time; as a recorder, to
keep track of time and record everything we do in a whole day,
a week or even a month; as a memo, what we write or paste into
will be saved automatically for future reference. Also, it can
shut down computer automatically at the specified time.
TimeRecorder (copyright 2001-2004 by SunShine Software Inc.) is
a shareware application. If, after a reasonable period, you decide
that you find TimeRecorder useful and plan to continue to use it,
please register with SunShine Software Inc.
There is a convenient way to register. For more details on
registration, see "Help/Documentation/How To Buy" from within
TimeRecorder or visit web site http://timerecorder.51.net .
【软件限制】:次数限制,只能够用40次
【破解声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:OLLYDBG,PEID
———————————————————————————————————————————
【破解过程】:
======================================================================================
分析过程
======================================================================================
OD载入,PEID查看无壳,VB的好怕怕啊,注册有错误提示,无反跟踪,BP MsgBoxA,可以找到下面下断处
004748F0 > 55 PUSH EBP ; 下断处
004748F1 . 8BEC MOV EBP,ESP
004748F3 . 83EC 0C SUB ESP,0C
004748F6 . 68 561E4000 PUSH <JMP.&MSVBVM50.__vbaExceptHandler> ; SE handler installation
004748FB . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
00474901 . 50 PUSH EAX
00474902 . 64:8925 000000>MOV DWORD PTR FS:[0],ESP
00474909 . 81EC F0000000 SUB ESP,0F0
0047490F . 53 PUSH EBX
00474910 . 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]
00474913 . 8BC3 MOV EAX,EBX
00474915 . 56 PUSH ESI
00474916 . 83E3 FE AND EBX,FFFFFFFE
00474919 . 57 PUSH EDI
0047491A . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP
0047491D . 83E0 01 AND EAX,1
00474920 . 8B33 MOV ESI,DWORD PTR DS:[EBX]
00474922 . C745 F8 401640>MOV DWORD PTR SS:[EBP-8],TimeReco.004016>
00474929 . 53 PUSH EBX
0047492A . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0047492D . 895D 08 MOV DWORD PTR SS:[EBP+8],EBX
00474930 . 89B5 0CFFFFFF MOV DWORD PTR SS:[EBP-F4],ESI
00474936 . FF56 04 CALL DWORD PTR DS:[ESI+4]
00474939 . 8BB6 10030000 MOV ESI,DWORD PTR DS:[ESI+310]
0047493F . 33FF XOR EDI,EDI
00474941 . 53 PUSH EBX
00474942 . 897D E0 MOV DWORD PTR SS:[EBP-20],EDI
00474945 . 897D DC MOV DWORD PTR SS:[EBP-24],EDI
00474948 . 897D D8 MOV DWORD PTR SS:[EBP-28],EDI
0047494B . 897D D4 MOV DWORD PTR SS:[EBP-2C],EDI
0047494E . 897D D0 MOV DWORD PTR SS:[EBP-30],EDI
00474951 . 897D CC MOV DWORD PTR SS:[EBP-34],EDI
00474954 . 897D C8 MOV DWORD PTR SS:[EBP-38],EDI
00474957 . 897D C4 MOV DWORD PTR SS:[EBP-3C],EDI
0047495A . 897D C0 MOV DWORD PTR SS:[EBP-40],EDI
0047495D . 897D B0 MOV DWORD PTR SS:[EBP-50],EDI
00474960 . 897D A0 MOV DWORD PTR SS:[EBP-60],EDI
00474963 . 897D 90 MOV DWORD PTR SS:[EBP-70],EDI
00474966 . 897D 80 MOV DWORD PTR SS:[EBP-80],EDI
00474969 . 89BD 70FFFFFF MOV DWORD PTR SS:[EBP-90],EDI
0047496F . 89BD 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EDI
00474975 . 89BD 3CFFFFFF MOV DWORD PTR SS:[EBP-C4],EDI
0047497B . 89B5 08FFFFFF MOV DWORD PTR SS:[EBP-F8],ESI
00474981 . FFD6 CALL ESI
00474983 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474986 . 50 PUSH EAX
00474987 . 51 PUSH ECX
00474988 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
0047498E . 8B10 MOV EDX,DWORD PTR DS:[EAX]
00474990 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474993 . 51 PUSH ECX
00474994 . 50 PUSH EAX
00474995 . 8985 38FFFFFF MOV DWORD PTR SS:[EBP-C8],EAX
0047499B . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
004749A1 . 3BC7 CMP EAX,EDI
004749A3 . 7D 18 JGE SHORT TimeReco.004749BD
004749A5 . 8B95 38FFFFFF MOV EDX,DWORD PTR SS:[EBP-C8]
004749AB . 68 A0000000 PUSH 0A0
004749B0 . 68 C8664100 PUSH TimeReco.004166C8
004749B5 . 52 PUSH EDX
004749B6 . 50 PUSH EAX
004749B7 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
004749BD > 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 注册名
004749C0 . 50 PUSH EAX ; 比较参数1
004749C1 . 68 0C654100 PUSH TimeReco.0041650C ; 比较参数2
004749C6 . FF15 F0834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrCm>; MSVBVM50.__vbaStrCmp
004749CC . F7D8 NEG EAX ; 比较注册名是否为空
004749CE . 1BC0 SBB EAX,EAX
004749D0 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
004749D3 . F7D8 NEG EAX
004749D5 . F7D8 NEG EAX
004749D7 . 8985 30FFFFFF MOV DWORD PTR SS:[EBP-D0],EAX ; 保存
004749DD . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
004749E3 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
004749E6 . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
004749EC . 66:39BD 30FFFF>CMP WORD PTR SS:[EBP-D0],DI ; 是否输入了
004749F3 . 0F84 310B0000 JE TimeReco.0047552A ; 不能够跳
004749F9 . 53 PUSH EBX
004749FA . FF95 08FFFFFF CALL DWORD PTR SS:[EBP-F8]
00474A00 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474A03 . 50 PUSH EAX
00474A04 . 51 PUSH ECX
00474A05 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474A0B . 8B10 MOV EDX,DWORD PTR DS:[EAX]
00474A0D . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474A10 . 51 PUSH ECX
00474A11 . 50 PUSH EAX
00474A12 . 8985 38FFFFFF MOV DWORD PTR SS:[EBP-C8],EAX
00474A18 . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
00474A1E . 3BC7 CMP EAX,EDI
00474A20 . 7D 18 JGE SHORT TimeReco.00474A3A
00474A22 . 8B95 38FFFFFF MOV EDX,DWORD PTR SS:[EBP-C8]
00474A28 . 68 A0000000 PUSH 0A0
00474A2D . 68 C8664100 PUSH TimeReco.004166C8
00474A32 . 52 PUSH EDX
00474A33 . 50 PUSH EAX
00474A34 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474A3A > 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 注册名
00474A3D . 50 PUSH EAX ; 参数
00474A3E . FF15 08834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaLenBs>; MSVBVM50.__vbaLenBstr
00474A44 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20] ; 长度值在EAX
00474A47 . 8985 1CFFFFFF MOV DWORD PTR SS:[EBP-E4],EAX ; 保存
00474A4D . BE 01000000 MOV ESI,1
00474A52 . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
00474A58 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474A5B . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00474A61 > 3BB5 1CFFFFFF CMP ESI,DWORD PTR SS:[EBP-E4] ; 循环得到注册名ASC和
00474A67 . 0F8F A6000000 JG TimeReco.00474B13
00474A6D . 53 PUSH EBX
00474A6E . FF95 08FFFFFF CALL DWORD PTR SS:[EBP-F8]
00474A74 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474A77 . 50 PUSH EAX
00474A78 . 51 PUSH ECX
00474A79 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474A7F . 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]
00474A82 . 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
00474A85 . 8945 B8 MOV DWORD PTR SS:[EBP-48],EAX
00474A88 . 52 PUSH EDX
00474A89 . 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
00474A8C . 56 PUSH ESI
00474A8D . 8D4D 90 LEA ECX,DWORD PTR SS:[EBP-70]
00474A90 . 50 PUSH EAX
00474A91 . 51 PUSH ECX
00474A92 . C745 A8 010000>MOV DWORD PTR SS:[EBP-58],1
00474A99 . C745 A0 020000>MOV DWORD PTR SS:[EBP-60],2
00474AA0 . C745 C8 000000>MOV DWORD PTR SS:[EBP-38],0
00474AA7 . C745 B0 090000>MOV DWORD PTR SS:[EBP-50],9
00474AAE . FF15 D4834900 CALL DWORD PTR DS:[<&MSVBVM50.#632>] ; MSVBVM50.rtcMidCharVar
00474AB4 . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70] ; 上面的是VB中的取字符函数
00474AB7 . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
00474ABA . 52 PUSH EDX
00474ABB . 50 PUSH EAX
00474ABC . FF15 80844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>; MSVBVM50.__vbaStrVarVal
00474AC2 . 50 PUSH EAX ; 转化为变量型
00474AC3 . FF15 20834900 CALL DWORD PTR DS:[<&MSVBVM50.#516>] ; MSVBVM50.rtcAnsiValueBstr
00474AC9 . 0FBFC8 MOVSX ECX,AX ; AX为注册名某位ASC
00474ACC . 03CF ADD ECX,EDI ; 累加到ECX
00474ACE . 0F80 6A0B0000 JO TimeReco.0047563E
00474AD4 . 8BF9 MOV EDI,ECX ; 转移
00474AD6 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474AD9 . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
00474ADF . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474AE2 . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00474AE8 . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
00474AEB . 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
00474AEE . 52 PUSH EDX
00474AEF . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
00474AF2 . 50 PUSH EAX
00474AF3 . 51 PUSH ECX
00474AF4 . 6A 03 PUSH 3
00474AF6 . FF15 10834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>; MSVBVM50.__vbaFreeVarList
00474AFC . B8 01000000 MOV EAX,1
00474B01 . 83C4 10 ADD ESP,10
00474B04 . 03C6 ADD EAX,ESI ; EAX=EAX+ESI
00474B06 . 0F80 320B0000 JO TimeReco.0047563E
00474B0C . 8BF0 MOV ESI,EAX
00474B0E .^E9 4EFFFFFF JMP TimeReco.00474A61 ; 循环到00474A61
00474B13 > A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474B18 . 85C0 TEST EAX,EAX
00474B1A . 75 19 JNZ SHORT TimeReco.00474B35
00474B1C . 8B1D AC844900 MOV EBX,DWORD PTR DS:[<&MSVBVM50.__vbaNe>; MSVBVM50.__vbaNew2
00474B22 . 68 80204900 PUSH TimeReco.00492080
00474B27 . 68 94044100 PUSH TimeReco.00410494
00474B2C . FFD3 CALL EBX ; <&MSVBVM50.__vbaNew2>
00474B2E . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474B33 . EB 06 JMP SHORT TimeReco.00474B3B
00474B35 > 8B1D AC844900 MOV EBX,DWORD PTR DS:[<&MSVBVM50.__vbaNe>; MSVBVM50.__vbaNew2
00474B3B > 85C0 TEST EAX,EAX
00474B3D . 8985 28FFFFFF MOV DWORD PTR SS:[EBP-D8],EAX
00474B43 . 75 11 JNZ SHORT TimeReco.00474B56
00474B45 . 68 80204900 PUSH TimeReco.00492080
00474B4A . 68 94044100 PUSH TimeReco.00410494
00474B4F . FFD3 CALL EBX
00474B51 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474B56 > 8B10 MOV EDX,DWORD PTR DS:[EAX]
00474B58 . 50 PUSH EAX
00474B59 . FF92 D4030000 CALL DWORD PTR DS:[EDX+3D4]
00474B5F . 50 PUSH EAX
00474B60 . 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
00474B63 . 50 PUSH EAX
00474B64 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474B6A . 8BF0 MOV ESI,EAX
00474B6C . 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
00474B6F . 52 PUSH EDX
00474B70 . 56 PUSH ESI
00474B71 . 8B0E MOV ECX,DWORD PTR DS:[ESI]
00474B73 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
00474B79 . 85C0 TEST EAX,EAX
00474B7B . 7D 12 JGE SHORT TimeReco.00474B8F
00474B7D . 68 A0000000 PUSH 0A0
00474B82 . 68 C8664100 PUSH TimeReco.004166C8
00474B87 . 56 PUSH ESI
00474B88 . 50 PUSH EAX
00474B89 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474B8F > A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474B94 . 85C0 TEST EAX,EAX
00474B96 . 75 11 JNZ SHORT TimeReco.00474BA9
00474B98 . 68 80204900 PUSH TimeReco.00492080
00474B9D . 68 94044100 PUSH TimeReco.00410494
00474BA2 . FFD3 CALL EBX
00474BA4 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474BA9 > 8B08 MOV ECX,DWORD PTR DS:[EAX]
00474BAB . 50 PUSH EAX
00474BAC . FF91 D4030000 CALL DWORD PTR DS:[ECX+3D4]
00474BB2 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
00474BB5 . 50 PUSH EAX
00474BB6 . 52 PUSH EDX
00474BB7 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474BBD . 8BF0 MOV ESI,EAX
00474BBF . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
00474BC2 . 51 PUSH ECX
00474BC3 . 56 PUSH ESI
00474BC4 . 8B06 MOV EAX,DWORD PTR DS:[ESI]
00474BC6 . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]
00474BCC . 85C0 TEST EAX,EAX
00474BCE . 7D 12 JGE SHORT TimeReco.00474BE2
00474BD0 . 68 A0000000 PUSH 0A0
00474BD5 . 68 C8664100 PUSH TimeReco.004166C8
00474BDA . 56 PUSH ESI
00474BDB . 50 PUSH EAX
00474BDC . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474BE2 > 8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
00474BE8 . 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 1123
00474BEB > . 50 PUSH EAX ; 参数
00474BEC . 8B1A MOV EBX,DWORD PTR DS:[EDX] ; 下面是浮点转换
00474BEE . FF15 88854900 CALL DWORD PTR DS:[<&MSVBVM50.#581>] ; MSVBVM50.rtcR8ValFromBstr
00474BF4 . FF15 1C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFpI4>>; MSVBVM50.__vbaFpI4
00474BFA . 99 CDQ ; 双字扩展,为下面除运算做准备
00474BFB . B9 E8030000 MOV ECX,3E8 ; 被除常数
00474C00 . F7F9 IDIV ECX ; 除法运算,余数在EDX
00474C02 . 8BF2 MOV ESI,EDX ; 余数在EDX
00474C04 . 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24]
00474C07 . 52 PUSH EDX ; 参数
00474C08 . FF15 88854900 CALL DWORD PTR DS:[<&MSVBVM50.#581>] ; MSVBVM50.rtcR8ValFromBstr
00474C0E . FF15 1C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFpI4>>; MSVBVM50.__vbaFpI4
00474C14 . 99 CDQ ; 双字扩展,为下面除运算做准备
00474C15 . B9 E8030000 MOV ECX,3E8 ; 被除常数
00474C1A . F7F9 IDIV ECX
00474C1C . 0FAFF2 IMUL ESI,EDX ; 乘法运算,ESI=ESI*EDX
00474C1F . 0F80 190A0000 JO TimeReco.0047563E ; 益出跳转
00474C25 . 03F7 ADD ESI,EDI ; 加上注册名ASC和
00474C27 . 0F80 110A0000 JO TimeReco.0047563E ; 益出跳转
00474C2D . 83C6 02 ADD ESI,2 ; 加2
00474C30 . 0F80 080A0000 JO TimeReco.0047563E ; 益出跳转
00474C36 . 46 INC ESI ; 加1
00474C37 . 0F80 010A0000 JO TimeReco.0047563E ; 益出跳转
00474C3D . 56 PUSH ESI ; 压键,现在的ESI记为SN
00474C3E . 8BB5 28FFFFFF MOV ESI,DWORD PTR SS:[EBP-D8]
00474C44 . 56 PUSH ESI
00474C45 . FF93 E8070000 CALL DWORD PTR DS:[EBX+7E8]
00474C4B . 85C0 TEST EAX,EAX
00474C4D . 7D 12 JGE SHORT TimeReco.00474C61
00474C4F . 68 E8070000 PUSH 7E8
00474C54 . 68 94524100 PUSH TimeReco.00415294
00474C59 . 56 PUSH ESI
00474C5A . 50 PUSH EAX
00474C5B . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474C61 > 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
00474C64 . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
00474C67 . 52 PUSH EDX
00474C68 . 50 PUSH EAX
00474C69 . 6A 02 PUSH 2
00474C6B . FF15 D0844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStrList
00474C71 . 83C4 0C ADD ESP,0C
00474C74 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
00474C77 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00474C7A . 51 PUSH ECX
00474C7B . 52 PUSH EDX
00474C7C . 6A 02 PUSH 2
00474C7E . FF15 18834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObjList
00474C84 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474C89 . 83C4 0C ADD ESP,0C
00474C8C . 85C0 TEST EAX,EAX
00474C8E . 75 10 JNZ SHORT TimeReco.00474CA0
00474C90 . 68 80204900 PUSH TimeReco.00492080
00474C95 . 68 94044100 PUSH TimeReco.00410494
00474C9A . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2
00474CA0 > 8B35 80204900 MOV ESI,DWORD PTR DS:[492080]
00474CA6 . 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]
00474CAC . 51 PUSH ECX
00474CAD . 56 PUSH ESI
00474CAE . 8B06 MOV EAX,DWORD PTR DS:[ESI]
00474CB0 . FF90 E4070000 CALL DWORD PTR DS:[EAX+7E4]
00474CB6 . 85C0 TEST EAX,EAX
00474CB8 . 7D 12 JGE SHORT TimeReco.00474CCC
00474CBA . 68 E4070000 PUSH 7E4
00474CBF . 68 94524100 PUSH TimeReco.00415294
00474CC4 . 56 PUSH ESI
00474CC5 . 50 PUSH EAX
00474CC6 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474CCC > 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]
00474CCF . 8BBD 0CFFFFFF MOV EDI,DWORD PTR SS:[EBP-F4]
00474CD5 . 53 PUSH EBX
00474CD6 . FF97 00030000 CALL DWORD PTR DS:[EDI+300]
00474CDC . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00474CDF . 50 PUSH EAX
00474CE0 . 52 PUSH EDX
00474CE1 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474CE7 . 8BF0 MOV ESI,EAX
00474CE9 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474CEC . 51 PUSH ECX
00474CED . 56 PUSH ESI
00474CEE . 8B06 MOV EAX,DWORD PTR DS:[ESI]
00474CF0 . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]
00474CF6 . 85C0 TEST EAX,EAX
00474CF8 . 7D 12 JGE SHORT TimeReco.00474D0C
00474CFA . 68 A0000000 PUSH 0A0
00474CFF . 68 C8664100 PUSH TimeReco.004166C8
00474D04 . 56 PUSH ESI
00474D05 . 50 PUSH EAX
00474D06 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474D0C > 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; 注册码
00474D0F . 52 PUSH EDX
00474D10 . FF15 88854900 CALL DWORD PTR DS:[<&MSVBVM50.#581>] ; MSVBVM50.rtcR8ValFromBstr
00474D16 . FF15 C4834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFpR8>>; MSVBVM50.__vbaFpR8
00474D1C . DB85 3CFFFFFF FILD DWORD PTR SS:[EBP-C4] ; 装入SN
00474D22 . DD9D 00FFFFFF FSTP QWORD PTR SS:[EBP-100]
00474D28 . DC9D 00FFFFFF FCOMP QWORD PTR SS:[EBP-100] ; 浮点比较,这里看到注册码
00474D2E . DFE0 FSTSW AX
00474D30 . F6C4 40 TEST AH,40 ; 是否是40
00474D33 . 74 07 JE SHORT TimeReco.00474D3C
00474D35 . BE 01000000 MOV ESI,1
00474D3A . EB 02 JMP SHORT TimeReco.00474D3E
00474D3C > 33F6 XOR ESI,ESI
00474D3E > 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474D41 . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
00474D47 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474D4A . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00474D50 . F7DE NEG ESI
00474D52 . 66:85F6 TEST SI,SI
00474D55 . 0F84 70040000 JE TimeReco.004751CB ; 关键跳转,不跳就注册成功
00474D5B . A1 80204900 MOV EAX,DWORD PTR DS:[492080] ;下面就是建立一个Iotmrd.sys文件,里面有注册信息
00474D60 . 85C0 TEST EAX,EAX
00474D62 . 75 15 JNZ SHORT TimeReco.00474D79
00474D64 . 68 80204900 PUSH TimeReco.00492080
00474D69 . 68 94044100 PUSH TimeReco.00410494
00474D6E . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2
00474D74 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474D79 > 8B08 MOV ECX,DWORD PTR DS:[EAX]
00474D7B . 50 PUSH EAX
00474D7C . FF91 DC030000 CALL DWORD PTR DS:[ECX+3DC]
00474D82 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00474D85 . 50 PUSH EAX
00474D86 . 52 PUSH EDX
00474D87 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474D8D . 8BF8 MOV EDI,EAX
00474D8F . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474D94 . 85C0 TEST EAX,EAX
00474D96 . 75 10 JNZ SHORT TimeReco.00474DA8
00474D98 . 68 80204900 PUSH TimeReco.00492080
00474D9D . 68 94044100 PUSH TimeReco.00410494
00474DA2 . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2
00474DA8 > 8B35 80204900 MOV ESI,DWORD PTR DS:[492080]
00474DAE . 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]
00474DB4 . 51 PUSH ECX
00474DB5 . 56 PUSH ESI
00474DB6 . 8B06 MOV EAX,DWORD PTR DS:[ESI]
00474DB8 . FF90 E4070000 CALL DWORD PTR DS:[EAX+7E4]
00474DBE . 85C0 TEST EAX,EAX
00474DC0 . 7D 12 JGE SHORT TimeReco.00474DD4
00474DC2 . 68 E4070000 PUSH 7E4
00474DC7 . 68 94524100 PUSH TimeReco.00415294
00474DCC . 56 PUSH ESI
00474DCD . 50 PUSH EAX
00474DCE . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474DD4 > 8B95 3CFFFFFF MOV EDX,DWORD PTR SS:[EBP-C4]
00474DDA . 8B37 MOV ESI,DWORD PTR DS:[EDI]
00474DDC . 52 PUSH EDX
00474DDD . FF15 F4824900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrI4>; MSVBVM50.__vbaStrI4
00474DE3 . 8BD0 MOV EDX,EAX
00474DE5 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474DE8 . FF15 38854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrMo>; MSVBVM50.__vbaStrMove
00474DEE . 50 PUSH EAX
00474DEF . 57 PUSH EDI
00474DF0 . FF96 A4000000 CALL DWORD PTR DS:[ESI+A4]
00474DF6 . 85C0 TEST EAX,EAX
00474DF8 . 7D 12 JGE SHORT TimeReco.00474E0C
00474DFA . 68 A4000000 PUSH 0A4
00474DFF . 68 C8664100 PUSH TimeReco.004166C8
00474E04 . 57 PUSH EDI
00474E05 . 50 PUSH EAX
00474E06 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474E0C > 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474E0F . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
00474E15 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474E18 . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00474E1E . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474E23 . 85C0 TEST EAX,EAX
00474E25 . 75 15 JNZ SHORT TimeReco.00474E3C
00474E27 . 68 80204900 PUSH TimeReco.00492080
00474E2C . 68 94044100 PUSH TimeReco.00410494
00474E31 . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2
00474E37 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474E3C > 8B08 MOV ECX,DWORD PTR DS:[EAX]
00474E3E . 50 PUSH EAX
00474E3F . FF91 DC030000 CALL DWORD PTR DS:[ECX+3DC]
00474E45 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00474E48 . 50 PUSH EAX
00474E49 . 52 PUSH EDX
00474E4A . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474E50 . 8BF0 MOV ESI,EAX
00474E52 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474E55 . 51 PUSH ECX
00474E56 . 56 PUSH ESI
00474E57 . 8B06 MOV EAX,DWORD PTR DS:[ESI]
00474E59 . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]
00474E5F . 85C0 TEST EAX,EAX
00474E61 . 7D 12 JGE SHORT TimeReco.00474E75
00474E63 . 68 A0000000 PUSH 0A0
00474E68 . 68 C8664100 PUSH TimeReco.004166C8
00474E6D . 56 PUSH ESI
00474E6E . 50 PUSH EAX
00474E6F . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474E75 > A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474E7A . 85C0 TEST EAX,EAX
00474E7C . 75 10 JNZ SHORT TimeReco.00474E8E
00474E7E . 68 80204900 PUSH TimeReco.00492080
00474E83 . 68 94044100 PUSH TimeReco.00410494
00474E88 . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2
00474E8E > 8B35 80204900 MOV ESI,DWORD PTR DS:[492080]
00474E94 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
00474E97 . 50 PUSH EAX
00474E98 . 56 PUSH ESI
00474E99 . 8B16 MOV EDX,DWORD PTR DS:[ESI]
00474E9B . FF92 70070000 CALL DWORD PTR DS:[EDX+770]
00474EA1 . 85C0 TEST EAX,EAX
00474EA3 . 7D 12 JGE SHORT TimeReco.00474EB7
00474EA5 . 68 70070000 PUSH 770
00474EAA . 68 94524100 PUSH TimeReco.00415294
00474EAF . 56 PUSH ESI
00474EB0 . 50 PUSH EAX
00474EB1 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474EB7 > 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
00474EBA . 8B35 04854900 MOV ESI,DWORD PTR DS:[<&MSVBVM50.__vbaSt>; MSVBVM50.__vbaStrToAnsi
00474EC0 . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
00474EC3 . 51 PUSH ECX
00474EC4 . 52 PUSH EDX
00474EC5 . FFD6 CALL ESI ; <&MSVBVM50.__vbaStrToAnsi>
00474EC7 . 50 PUSH EAX
00474EC8 . 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
00474ECB . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
00474ECE . 50 PUSH EAX
00474ECF . 51 PUSH ECX
00474ED0 . FFD6 CALL ESI
00474ED2 . 50 PUSH EAX
00474ED3 . 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
00474ED6 . 68 08754100 PUSH TimeReco.00417508 ; UNICODE "pt3"
00474EDB . 52 PUSH EDX
00474EDC . FFD6 CALL ESI
00474EDE . 50 PUSH EAX
00474EDF . 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
00474EE2 . 68 B0664100 PUSH TimeReco.004166B0 ; UNICODE "MyApp"
00474EE7 . 50 PUSH EAX
00474EE8 . FFD6 CALL ESI
00474EEA . 50 PUSH EAX
00474EEB . E8 840EFAFF CALL TimeReco.00415D74
00474EF0 . 8985 3CFFFFFF MOV DWORD PTR SS:[EBP-C4],EAX
00474EF6 . FF15 44834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaSetSy>; MSVBVM50.__vbaSetSystemError
00474EFC . 8B8D 3CFFFFFF MOV ECX,DWORD PTR SS:[EBP-C4]
00474F02 . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
00474F05 . 894B 38 MOV DWORD PTR DS:[EBX+38],ECX
00474F08 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
00474F0B . 52 PUSH EDX
00474F0C . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
00474F0F . 50 PUSH EAX
00474F10 . 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
00474F13 . 51 PUSH ECX
00474F14 . 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
00474F17 . 52 PUSH EDX
00474F18 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
00474F1B . 50 PUSH EAX
00474F1C . 51 PUSH ECX
00474F1D . 6A 06 PUSH 6
00474F1F . FF15 D0844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStrList
00474F25 . 83C4 1C ADD ESP,1C
00474F28 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474F2B . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00474F31 . 53 PUSH EBX
00474F32 . FF95 08FFFFFF CALL DWORD PTR SS:[EBP-F8]
00474F38 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00474F3B . 50 PUSH EAX
00474F3C . 52 PUSH EDX
00474F3D . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474F43 . 8BF8 MOV EDI,EAX
00474F45 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474F48 . 51 PUSH ECX
00474F49 . 57 PUSH EDI
00474F4A . 8B07 MOV EAX,DWORD PTR DS:[EDI]
00474F4C . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]
00474F52 . 85C0 TEST EAX,EAX
00474F54 . 7D 12 JGE SHORT TimeReco.00474F68
00474F56 . 68 A0000000 PUSH 0A0
00474F5B . 68 C8664100 PUSH TimeReco.004166C8
00474F60 . 57 PUSH EDI
00474F61 . 50 PUSH EAX
00474F62 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474F68 > A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474F6D . 85C0 TEST EAX,EAX
00474F6F . 75 10 JNZ SHORT TimeReco.00474F81
00474F71 . 68 80204900 PUSH TimeReco.00492080
00474F76 . 68 94044100 PUSH TimeReco.00410494
00474F7B . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2
00474F81 > 8B3D 80204900 MOV EDI,DWORD PTR DS:[492080]
00474F87 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
00474F8A . 50 PUSH EAX
00474F8B . 57 PUSH EDI
00474F8C . 8B17 MOV EDX,DWORD PTR DS:[EDI]
00474F8E . FF92 70070000 CALL DWORD PTR DS:[EDX+770]
00474F94 . 85C0 TEST EAX,EAX
00474F96 . 7D 16 JGE SHORT TimeReco.00474FAE
00474F98 . 68 70070000 PUSH 770
00474F9D . 68 94524100 PUSH TimeReco.00415294
00474FA2 . 57 PUSH EDI
00474FA3 . 8B3D 4C834900 MOV EDI,DWORD PTR DS:[<&MSVB
———————————————————————————————————————————
【Crack_总结】:
用到了浮点算法,但是几乎没有作用,就是比较的时候用了一下,大概注册是这样的,取注册名ASC和记为NH,取机器码运算得到的值记JY,然后就是SN=(JY%0X3EB)*(JY%0X3EB)+NH+3的十进制,算法比较简单,但是感觉到VB的繁杂,这么多垃圾代码,而且如果你VB的函数不懂的话破解VB软件也是满难的,这也体现了编程的重要性