160个CrackMe[79 fireworx.11]算法分析+注册机源码
160个CrackMe算法分析+注册机源码学习算法分析+Delphi注册机源码
00402CAC 8D8D 68FFFFFF lea ecx,dword ptr ss:
00402CB2 8D55 AC lea edx,dword ptr ss:
00402CB5 51 push ecx
00402CB6 52 push edx
00402CB7 FFD7 call edi
00402CB9 50 push eax ; eax=00162AD4, (UNICODE "4") 固定字符先处理一遍输入的密码
00402CBA FFD6 call esi
00402CBC 0FBFD8 movsx ebx,ax
00402CBF 8D45 88 lea eax,dword ptr ss:
00402CC2 8D4D B0 lea ecx,dword ptr ss:
00402CC5 50 push eax
00402CC6 51 push ecx
00402CC7 FFD7 call edi
00402CC9 50 push eax ; eax=00160E94, (UNICODE "1")取输入的密码的每一位
00402CCA FFD6 call esi
00402CCC 0FBFD0 movsx edx,ax
00402CCF 33DA xor ebx,edx
00402CD1 8D85 58FFFFFF lea eax,dword ptr ss:
00402CD7 53 push ebx
00402CD8 50 push eax
00402CD9 FF15 6C614000 call dword ptr ds:[<&MSVBVM50.#608>] ; msvbvm50.rtcVarBstrFromAnsi
00402CDF 8D4D C8 lea ecx,dword ptr ss:
00402CE2 8D95 58FFFFFF lea edx,dword ptr ss:
00402CE8 51 push ecx
00402CE9 8D85 48FFFFFF lea eax,dword ptr ss:
00402CEF 52 push edx
00402CF0 50 push eax
00402CF1 FF15 78614000 call dword ptr ds:[<&MSVBVM50.__vbaVarCa>; msvbvm50.__vbaVarCat
00402CF7 8BD0 mov edx,eax
00402CF9 8D4D C8 lea ecx,dword ptr ss:
00402CFC FF15 00614000 call dword ptr ds:[<&MSVBVM50.__vbaVarMo>; msvbvm50.__vbaVarMove
00402D02 8D4D AC lea ecx,dword ptr ss:
00402D05 8D55 B0 lea edx,dword ptr ss:
00402D08 51 push ecx
00402D09 52 push edx
00402D0A 6A 02 push 0x2
00402D0C FF15 94614000 call dword ptr ds:[<&MSVBVM50.__vbaFreeS>; msvbvm50.__vbaFreeStrList
00402D12 83C4 0C add esp,0xC
00402D15 8D85 58FFFFFF lea eax,dword ptr ss:
00402D1B 8D8D 68FFFFFF lea ecx,dword ptr ss:
00402D21 8D95 78FFFFFF lea edx,dword ptr ss:
00402D27 50 push eax
00402D28 51 push ecx
00402D29 8D45 88 lea eax,dword ptr ss:
00402D2C 52 push edx
00402D2D 8D4D 98 lea ecx,dword ptr ss:
00402D30 50 push eax
00402D31 51 push ecx
00402D32 6A 05 push 0x5
00402D34 FF15 08614000 call dword ptr ds:[<&MSVBVM50.__vbaFreeV>; msvbvm50.__vbaFreeVarList
00402D3A B8 01000000 mov eax,0x1
00402D3F 83C4 18 add esp,0x18
00402D42 66:0345 C4 add ax,word ptr ss:
00402D46 0F80 A0030000 jo cracking.004030EC
00402D4C 8945 C4 mov dword ptr ss:,eax
00402D4F^ E9 FEFEFFFF jmp cracking.00402C52
00402D54 8D55 C8 lea edx,dword ptr ss:
00402D57 8D45 98 lea eax,dword ptr ss:
00402D5A 52 push edx
00402D5B 50 push eax
00402D5C C745 E8 0100000>mov dword ptr ss:,0x1
00402D63 FF15 20614000 call dword ptr ds:[<&MSVBVM50.__vbaLenVa>; msvbvm50.__vbaLenVar
00402D69 50 push eax
00402D6A FF15 7C614000 call dword ptr ds:[<&MSVBVM50.__vbaI2Var>; msvbvm50.__vbaI2Var
00402D70 B9 01000000 mov ecx,0x1
00402D75 8985 E0FEFFFF mov dword ptr ss:,eax
00402D7B 8BC1 mov eax,ecx
00402D7D 8945 C4 mov dword ptr ss:,eax
00402D80 66:3B85 E0FEFFF>cmp ax,word ptr ss:
00402D87 0F8F 2D010000 jg cracking.00402EBA
00402D8D 66:837D E8 04 cmp word ptr ss:,0x4
00402D92 7E 03 jle short cracking.00402D97
00402D94 894D E8 mov dword ptr ss:,ecx
00402D97 894D A0 mov dword ptr ss:,ecx
00402D9A 8D4D 98 lea ecx,dword ptr ss:
00402D9D 0FBFD0 movsx edx,ax
00402DA0 51 push ecx
00402DA1 8D45 C8 lea eax,dword ptr ss:
00402DA4 52 push edx
00402DA5 8D4D 88 lea ecx,dword ptr ss:
00402DA8 50 push eax
00402DA9 51 push ecx
00402DAA C745 98 0200000>mov dword ptr ss:,0x2
00402DB1 FFD3 call ebx
00402DB3 B8 02000000 mov eax,0x2
00402DB8 8D95 68FFFFFF lea edx,dword ptr ss:
00402DBE 8985 68FFFFFF mov dword ptr ss:,eax
00402DC4 8985 78FFFFFF mov dword ptr ss:,eax
00402DCA 0FBF45 E8 movsx eax,word ptr ss:
00402DCE 52 push edx
00402DCF 8D8D 78FFFFFF lea ecx,dword ptr ss:
00402DD5 50 push eax
00402DD6 8D95 58FFFFFF lea edx,dword ptr ss:
00402DDC 51 push ecx
00402DDD 52 push edx
00402DDE C785 70FFFFFF 0>mov dword ptr ss:,0x1
00402DE8 C745 80 D007000>mov dword ptr ss:,0x7D0
00402DEF FFD3 call ebx
00402DF1 8D85 58FFFFFF lea eax,dword ptr ss:
00402DF7 8D4D AC lea ecx,dword ptr ss:
00402DFA 50 push eax
00402DFB 51 push ecx
00402DFC FFD7 call edi
00402DFE 50 push eax ; eax=0015E0DC, (UNICODE "2") 循环取2000字符
00402DFF FFD6 call esi
00402E01 0FBFD8 movsx ebx,ax
00402E04 8D55 88 lea edx,dword ptr ss:
00402E07 8D45 B0 lea eax,dword ptr ss:
00402E0A 52 push edx
00402E0B 50 push eax
00402E0C FFD7 call edi
00402E0E 50 push eax ; eax=00163374 这里循环取第一边处理后的密码,直接去内存地址看
00402E0F FFD6 call esi
00402E11 0FBFC8 movsx ecx,ax
00402E14 33D9 xor ebx,ecx ; XOR处理
。。。。。。
00402EBA 8D45 B4 lea eax,dword ptr ss:
00402EBD 8D8D 28FFFFFF lea ecx,dword ptr ss:
00402EC3 50 push eax
00402EC4 51 push ecx
00402EC5 C785 30FFFFFF 9>mov dword ptr ss:,cracking.004>; VeiajeEjbavwij 最后处理结果要跟这个相同
00402ECF C785 28FFFFFF 0>mov dword ptr ss:,0x8008
00402ED9 FF15 A4614000 call dword ptr ds:[<&MSVBVM50.__vbaVarTs>; msvbvm50.__vbaVarTstNe比较是否相同
00402EDF 66:85C0 test ax,ax
00402EE2 0F84 A1000000 je cracking.00402F89
00402EE8 8B35 A8614000 mov esi,dword ptr ds:[<&MSVBVM50.__vbaVa>; msvbvm50.__vbaVarDup
注册机源码
procedure TForm1.Button1Click(Sender: TObject);
var
s1,s2,s:String;
i:integer;
begin
s1:='20002000200020';
s2:='VeiajeEjbavwij';
for i:=1 to 14 do
begin
s:=s+char(ord(s1) xor ord(s2) xor $34);
end;
Edit1.Text:=s;
end;
我也来学习下
VB的代码很长,头疼、、
下来看看多谢
没看懂什么意思
感谢楼主分享新技能!努力学习ing! [吾爱汇编论坛52HB.COM]-Thanks~向楼主致敬!nice,谢谢,给力非常感谢逆向思路 爱论坛,爱网友!
页:
[1]
2