程序自己显示注册码
【文章标题】: 让程序自己显示注册码【文章作者】: kangroo
【作者邮箱】: iknelen@163.com
【软件大小】: 400KB
【下载地址】: http://www.skycn.com/soft/2063.html
【加壳方式】: ASPack 2.11
【保护方式】: 重起验证
【编写语言】: VB
【使用工具】: OD PEID
【操作平台】: XP sp2
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
先用PEID 查壳 是ASPack 2.11就用自带的插件PEID Generic unpacker脱它,再查得是VB语言编写的。用OD 载入脱壳后的
程序 超级字符串参考找到RegCodeTrue 在汇编代码中跟随 来到向下找关键跳转
0042D0C1.68 C89D4000 PUSH CODE_u.00409DC8 ;UNICODE "RegCodeTrue"
0042D0C6.68 BC9D4000 PUSH CODE_u.00409DBC ;UNICODE "Reg"
0042D0CB.8908 MOV DWORD PTR DS:,ECX
0042D0CD.8B8D 1CFFFFFFMOV ECX,DWORD PTR SS:
0042D0D3.68 849D4000 PUSH CODE_u.00409D84 ;UNICODE "Stock-Star-Website\Code41"
0042D0D8.8950 04 MOV DWORD PTR DS:,EDX
0042D0DB.8B95 20FFFFFFMOV EDX,DWORD PTR SS:
0042D0E1.8948 08 MOV DWORD PTR DS:,ECX
0042D0E4.8950 0C MOV DWORD PTR DS:,EDX
0042D0E7.FF15 CCF34300CALL DWORD PTR DS:[<&MSVBVM50.#689>] ;MSVBVM50.rtcGetSetting
0042D0ED.8BD0 MOV EDX,EAX
0042D0EF.8D8D 38FFFFFFLEA ECX,DWORD PTR SS:
0042D0F5.FF15 04F44300CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrMo>;MSVBVM50.__vbaStrMove
0042D0FB.50 PUSH EAX
0042D0FC.FF15 30F44300CALL DWORD PTR DS:[<&MSVBVM50.#581>] ;MSVBVM50.rtcR8ValFromBstr
0042D102.DD9D ECFEFFFFFSTP QWORD PTR SS:
0042D108.8D95 E4FEFFFFLEA EDX,DWORD PTR SS:
0042D10E.8D4D CC LEA ECX,DWORD PTR SS:
0042D111.C785 E4FEFFFF >MOV DWORD PTR SS:,5
0042D11B.FFD6 CALL ESI
0042D11D.8D8D 38FFFFFFLEA ECX,DWORD PTR SS:
0042D123.FF15 28F44300CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;MSVBVM50.__vbaFreeStr
0042D129.8D85 14FFFFFFLEA EAX,DWORD PTR SS:
0042D12F.8D8D 24FFFFFFLEA ECX,DWORD PTR SS:
0042D135.50 PUSH EAX
0042D136.51 PUSH ECX
0042D137.6A 02 PUSH 2
0042D139.FF15 64F24300CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>;MSVBVM50.__vbaFreeVarList
0042D13F.83C4 0C ADD ESP,0C
0042D142.8D95 3CFFFFFFLEA EDX,DWORD PTR SS:
0042D148.8D85 6CFFFFFFLEA EAX,DWORD PTR SS:
0042D14E.8D8D 24FFFFFFLEA ECX,DWORD PTR SS:
0042D154.52 PUSH EDX
0042D155.50 PUSH EAX
0042D156.51 PUSH ECX
0042D157.FF15 D4F34300CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarAd>;MSVBVM50.__vbaVarAdd
0042D15D.50 PUSH EAX
0042D15E.8D95 6CFFFFFFLEA EDX,DWORD PTR SS:
0042D164.8D85 14FFFFFFLEA EAX,DWORD PTR SS:
0042D16A.52 PUSH EDX
0042D16B.50 PUSH EAX
0042D16C.FF15 A4F24300CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarXo>;MSVBVM50.__vbaVarXor
0042D172.8BD0 MOV EDX,EAX
0042D174.8D8D 4CFFFFFFLEA ECX,DWORD PTR SS:
0042D17A.FFD6 CALL ESI
0042D17C.8D8D 24FFFFFFLEA ECX,DWORD PTR SS:
0042D182.FF15 50F24300CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>;MSVBVM50.__vbaFreeVar
0042D188.8D4D CC LEA ECX,DWORD PTR SS:
0042D18B.8D95 4CFFFFFFLEA EDX,DWORD PTR SS:
0042D191.51 PUSH ECX
0042D192.52 PUSH EDX
0042D193.FF15 0CF34300CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarTs>;MSVBVM50.__vbaVarTstEq
0042D199.66:85C0 TEST AX,AX
0042D19C.0F84 C8000000JE CODE_u.0042D26A / /将此处NOP 掉 保存就可以在注册窗口显示注册码
0042D1A2.8B85 CCFEFFFFMOV EAX,DWORD PTR SS:
0042D1A8.53 PUSH EBX
0042D1A9.FF90 18030000CALL DWORD PTR DS:
0042D1AF.8D8D 34FFFFFFLEA ECX,DWORD PTR SS:
0042D1B5.50 PUSH EAX
0042D1B6.51 PUSH ECX
0042D1B7.FF15 B4F24300CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;MSVBVM50.__vbaObjSet
0042D1BD.8B30 MOV ESI,DWORD PTR DS:
0042D1BF.8985 DCFEFFFFMOV DWORD PTR SS:,EAX
0042D1C5.8D95 4CFFFFFFLEA EDX,DWORD PTR SS:
0042D1CB.8D85 38FFFFFFLEA EAX,DWORD PTR SS:
0042D1D1.52 PUSH EDX
0042D1D2.50 PUSH EAX
0042D1D3.FF15 74F34300CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>;MSVBVM50.__vbaStrVarVal
0042D1D9.89B5 C4FEFFFFMOV DWORD PTR SS:,ESI
0042D1DF.8BB5 DCFEFFFFMOV ESI,DWORD PTR SS:
0042D1E5.8B8D C4FEFFFFMOV ECX,DWORD PTR SS:
0042D1EB.50 PUSH EAX
0042D1EC.56 PUSH ESI
0042D1ED.FF91 A4000000CALL DWORD PTR DS:
0042D1F3.3BC7 CMP EAX,EDI
0042D1F5.7D 12 JGE SHORT CODE_u.0042D209
0042D1F7.68 A4000000 PUSH 0A4
0042D1FC.68 F4994000 PUSH CODE_u.004099F4
0042D201.56 PUSH ESI
0042D202.50 PUSH EAX
0042D203.FF15 8CF24300CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;MSVBVM50.__vbaHresultCheckObj
0042D209>8D8D 38FFFFFFLEA ECX,DWORD PTR SS:
0042D20F.FF15 28F44300CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;MSVBVM50.__vbaFreeStr
0042D215.8D8D 34FFFFFFLEA ECX,DWORD PTR SS:
0042D21B.FF15 2CF44300CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;MSVBVM50.__vbaFreeObj
0042D221.8B95 CCFEFFFFMOV EDX,DWORD PTR SS:
0042D227.53 PUSH EBX
0042D228.FF92 24030000CALL DWORD PTR DS:
0042D22E.50 PUSH EAX
0042D22F.8D85 34FFFFFFLEA EAX,DWORD PTR SS:
0042D235.50 PUSH EAX
0042D236.FF15 B4F24300CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;MSVBVM50.__vbaObjSet
0042D23C.8BF0 MOV ESI,EAX
0042D23E.57 PUSH EDI
0042D23F.56 PUSH ESI
0042D240.8B0E MOV ECX,DWORD PTR DS:
0042D242.FF91 8C000000CALL DWORD PTR DS:
0042D248.3BC7 CMP EAX,EDI
0042D24A.7D 12 JGE SHORT CODE_u.0042D25E
0042D24C.68 8C000000 PUSH 8C
0042D251.68 28A24000 PUSH CODE_u.0040A228
0042D256.56 PUSH ESI
0042D257.50 PUSH EAX
0042D258.FF15 8CF24300CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;MSVBVM50.__vbaHresultCheckObj
0042D25E>8D8D 34FFFFFFLEA ECX,DWORD PTR SS:
0042D264.FF15 2CF44300CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;MSVBVM50.__vbaFreeObj
0042D26A>8B95 CCFEFFFFMOV EDX,DWORD PTR SS:
0042D270.53 PUSH EBX
0042D271.FF92 20030000CALL DWORD PTR DS:
0042D277.50 PUSH EAX
0042D278.8D85 34FFFFFFLEA EAX,DWORD PTR SS:
0042D27E.50 PUSH EAX
0042D27F.FF15 B4F24300CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;MSVBVM50.__vbaObjSet
0042D285.8D8D 3CFFFFFFLEA ECX,DWORD PTR SS:
0042D28B.8BF0 MOV ESI,EAX
0042D28D.8D95 38FFFFFFLEA EDX,DWORD PTR SS:
0042D293.51 PUSH ECX
0042D327.8D4D BC LEA ECX,DWORD PTR SS:
0042D32A.FFD6 CALL ESI
0042D32C.8D4D AC LEA ECX,DWORD PTR SS:
0042D32F.FFD6 CALL ESI
0042D331.8D4D 9C LEA ECX,DWORD PTR SS:
0042D334.FFD6 CALL ESI
0042D336.8D4D 8C LEA ECX,DWORD PTR SS:
0042D339.FFD6 CALL ESI
0042D33B.8D8D 7CFFFFFFLEA ECX,DWORD PTR SS:
0042D341.FFD6 CALL ESI
0042D343.8D8D 6CFFFFFFLEA ECX,DWORD PTR SS:
0042D349.FFD6 CALL ESI
0042D34B.8D8D 5CFFFFFFLEA ECX,DWORD PTR SS:
0042D351.FFD6 CALL ESI
0042D353.8D8D 4CFFFFFFLEA ECX,DWORD PTR SS:
0042D359.FFD6 CALL ESI
0042D35B.8D8D 3CFFFFFFLEA ECX,DWORD PTR SS:
0042D361.FFE6 JMP ESI
0042D363.C3 RETN
--------------------------------------------------------------------------------
【经验总结】
软件是重起验证 类型,保护比较简单,我偷懒 直接把地址0042D19C 处代码NOP掉,让它直接显示注册码,省去了分析算法
的时间。运行修改后的程序,点击注册后 ,在注册窗口就会出现注册码了,再运行未修改过的原程序填入刚才的注册码,重起后程序就变成注册的了 ,其实修改后的程序就相当于注册机了。如果有哪位高手有空分析出算法,那我就非常感谢了。 说的太多拉 好东西。。拿来学习学习。。 JMP掉也可以啊
页:
[1]