|
|
160个CrackMe[79 fireworx.11]算法分析+注册机源码
学习算法分析+Delphi注册机源码
- 00402CAC 8D8D 68FFFFFF lea ecx,dword ptr ss:[ebp-0x98]
- 00402CB2 8D55 AC lea edx,dword ptr ss:[ebp-0x54]
- 00402CB5 51 push ecx
- 00402CB6 52 push edx
- 00402CB7 FFD7 call edi
- 00402CB9 50 push eax ; eax=00162AD4, (UNICODE "4") 固定字符先处理一遍输入的密码
- 00402CBA FFD6 call esi
- 00402CBC 0FBFD8 movsx ebx,ax
- 00402CBF 8D45 88 lea eax,dword ptr ss:[ebp-0x78]
- 00402CC2 8D4D B0 lea ecx,dword ptr ss:[ebp-0x50]
- 00402CC5 50 push eax
- 00402CC6 51 push ecx
- 00402CC7 FFD7 call edi
- 00402CC9 50 push eax ; eax=00160E94, (UNICODE "1")取输入的密码的每一位
- 00402CCA FFD6 call esi
- 00402CCC 0FBFD0 movsx edx,ax
- 00402CCF 33DA xor ebx,edx
- 00402CD1 8D85 58FFFFFF lea eax,dword ptr ss:[ebp-0xA8]
- 00402CD7 53 push ebx
- 00402CD8 50 push eax
- 00402CD9 FF15 6C614000 call dword ptr ds:[<&MSVBVM50.#608>] ; msvbvm50.rtcVarBstrFromAnsi
- 00402CDF 8D4D C8 lea ecx,dword ptr ss:[ebp-0x38]
- 00402CE2 8D95 58FFFFFF lea edx,dword ptr ss:[ebp-0xA8]
- 00402CE8 51 push ecx
- 00402CE9 8D85 48FFFFFF lea eax,dword ptr ss:[ebp-0xB8]
- 00402CEF 52 push edx
- 00402CF0 50 push eax
- 00402CF1 FF15 78614000 call dword ptr ds:[<&MSVBVM50.__vbaVarCa>; msvbvm50.__vbaVarCat
- 00402CF7 8BD0 mov edx,eax
- 00402CF9 8D4D C8 lea ecx,dword ptr ss:[ebp-0x38]
- 00402CFC FF15 00614000 call dword ptr ds:[<&MSVBVM50.__vbaVarMo>; msvbvm50.__vbaVarMove
- 00402D02 8D4D AC lea ecx,dword ptr ss:[ebp-0x54]
- 00402D05 8D55 B0 lea edx,dword ptr ss:[ebp-0x50]
- 00402D08 51 push ecx
- 00402D09 52 push edx
- 00402D0A 6A 02 push 0x2
- 00402D0C FF15 94614000 call dword ptr ds:[<&MSVBVM50.__vbaFreeS>; msvbvm50.__vbaFreeStrList
- 00402D12 83C4 0C add esp,0xC
- 00402D15 8D85 58FFFFFF lea eax,dword ptr ss:[ebp-0xA8]
- 00402D1B 8D8D 68FFFFFF lea ecx,dword ptr ss:[ebp-0x98]
- 00402D21 8D95 78FFFFFF lea edx,dword ptr ss:[ebp-0x88]
- 00402D27 50 push eax
- 00402D28 51 push ecx
- 00402D29 8D45 88 lea eax,dword ptr ss:[ebp-0x78]
- 00402D2C 52 push edx
- 00402D2D 8D4D 98 lea ecx,dword ptr ss:[ebp-0x68]
- 00402D30 50 push eax
- 00402D31 51 push ecx
- 00402D32 6A 05 push 0x5
- 00402D34 FF15 08614000 call dword ptr ds:[<&MSVBVM50.__vbaFreeV>; msvbvm50.__vbaFreeVarList
- 00402D3A B8 01000000 mov eax,0x1
- 00402D3F 83C4 18 add esp,0x18
- 00402D42 66:0345 C4 add ax,word ptr ss:[ebp-0x3C]
- 00402D46 0F80 A0030000 jo cracking.004030EC
- 00402D4C 8945 C4 mov dword ptr ss:[ebp-0x3C],eax
- 00402D4F ^ E9 FEFEFFFF jmp cracking.00402C52
- 00402D54 8D55 C8 lea edx,dword ptr ss:[ebp-0x38]
- 00402D57 8D45 98 lea eax,dword ptr ss:[ebp-0x68]
- 00402D5A 52 push edx
- 00402D5B 50 push eax
- 00402D5C C745 E8 0100000>mov dword ptr ss:[ebp-0x18],0x1
- 00402D63 FF15 20614000 call dword ptr ds:[<&MSVBVM50.__vbaLenVa>; msvbvm50.__vbaLenVar
- 00402D69 50 push eax
- 00402D6A FF15 7C614000 call dword ptr ds:[<&MSVBVM50.__vbaI2Var>; msvbvm50.__vbaI2Var
- 00402D70 B9 01000000 mov ecx,0x1
- 00402D75 8985 E0FEFFFF mov dword ptr ss:[ebp-0x120],eax
- 00402D7B 8BC1 mov eax,ecx
- 00402D7D 8945 C4 mov dword ptr ss:[ebp-0x3C],eax
- 00402D80 66:3B85 E0FEFFF>cmp ax,word ptr ss:[ebp-0x120]
- 00402D87 0F8F 2D010000 jg cracking.00402EBA
- 00402D8D 66:837D E8 04 cmp word ptr ss:[ebp-0x18],0x4
- 00402D92 7E 03 jle short cracking.00402D97
- 00402D94 894D E8 mov dword ptr ss:[ebp-0x18],ecx
- 00402D97 894D A0 mov dword ptr ss:[ebp-0x60],ecx
- 00402D9A 8D4D 98 lea ecx,dword ptr ss:[ebp-0x68]
- 00402D9D 0FBFD0 movsx edx,ax
- 00402DA0 51 push ecx
- 00402DA1 8D45 C8 lea eax,dword ptr ss:[ebp-0x38]
- 00402DA4 52 push edx
- 00402DA5 8D4D 88 lea ecx,dword ptr ss:[ebp-0x78]
- 00402DA8 50 push eax
- 00402DA9 51 push ecx
- 00402DAA C745 98 0200000>mov dword ptr ss:[ebp-0x68],0x2
- 00402DB1 FFD3 call ebx
- 00402DB3 B8 02000000 mov eax,0x2
- 00402DB8 8D95 68FFFFFF lea edx,dword ptr ss:[ebp-0x98]
- 00402DBE 8985 68FFFFFF mov dword ptr ss:[ebp-0x98],eax
- 00402DC4 8985 78FFFFFF mov dword ptr ss:[ebp-0x88],eax
- 00402DCA 0FBF45 E8 movsx eax,word ptr ss:[ebp-0x18]
- 00402DCE 52 push edx
- 00402DCF 8D8D 78FFFFFF lea ecx,dword ptr ss:[ebp-0x88]
- 00402DD5 50 push eax
- 00402DD6 8D95 58FFFFFF lea edx,dword ptr ss:[ebp-0xA8]
- 00402DDC 51 push ecx
- 00402DDD 52 push edx
- 00402DDE C785 70FFFFFF 0>mov dword ptr ss:[ebp-0x90],0x1
- 00402DE8 C745 80 D007000>mov dword ptr ss:[ebp-0x80],0x7D0
- 00402DEF FFD3 call ebx
- 00402DF1 8D85 58FFFFFF lea eax,dword ptr ss:[ebp-0xA8]
- 00402DF7 8D4D AC lea ecx,dword ptr ss:[ebp-0x54]
- 00402DFA 50 push eax
- 00402DFB 51 push ecx
- 00402DFC FFD7 call edi
- 00402DFE 50 push eax ; eax=0015E0DC, (UNICODE "2") 循环取2000字符
- 00402DFF FFD6 call esi
- 00402E01 0FBFD8 movsx ebx,ax
- 00402E04 8D55 88 lea edx,dword ptr ss:[ebp-0x78]
- 00402E07 8D45 B0 lea eax,dword ptr ss:[ebp-0x50]
- 00402E0A 52 push edx
- 00402E0B 50 push eax
- 00402E0C FFD7 call edi
- 00402E0E 50 push eax ; eax=00163374 这里循环取第一边处理后的密码,直接去内存地址看
- 00402E0F FFD6 call esi
- 00402E11 0FBFC8 movsx ecx,ax
- 00402E14 33D9 xor ebx,ecx ; XOR处理
- 。。。。。。
- 00402EBA 8D45 B4 lea eax,dword ptr ss:[ebp-0x4C]
- 00402EBD 8D8D 28FFFFFF lea ecx,dword ptr ss:[ebp-0xD8]
- 00402EC3 50 push eax
- 00402EC4 51 push ecx
- 00402EC5 C785 30FFFFFF 9>mov dword ptr ss:[ebp-0xD0],cracking.004>; VeiajeEjbavwij 最后处理结果要跟这个相同
- 00402ECF C785 28FFFFFF 0>mov dword ptr ss:[ebp-0xD8],0x8008
- 00402ED9 FF15 A4614000 call dword ptr ds:[<&MSVBVM50.__vbaVarTs>; msvbvm50.__vbaVarTstNe 比较是否相同
- 00402EDF 66:85C0 test ax,ax
- 00402EE2 0F84 A1000000 je cracking.00402F89
- 00402EE8 8B35 A8614000 mov esi,dword ptr ds:[<&MSVBVM50.__vbaVa>; msvbvm50.__vbaVarDup
注册机源码
- procedure TForm1.Button1Click(Sender: TObject);
- var
- s1,s2,s:String;
- i:integer;
- begin
- s1:='20002000200020';
- s2:='VeiajeEjbavwij';
- for i:=1 to 14 do
- begin
- s:=s+char(ord(s1[i]) xor ord(s2[i]) xor $34);
- end;
- Edit1.Text:=s;
- end;
|
评分
-
| 参与人数 27 | HB +45 |
THX +18 |
收起
理由
|
|
花盗睡鼠
| + 2 |
+ 1 |
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
虚心学习
| |
+ 1 |
[吾爱汇编论坛52HB.COM]-感谢楼主热心分享,小小评分不成敬意! |
|
24567
| |
+ 1 |
|
|
Jawon
| |
+ 1 |
|
|
一路走来不容易
| + 1 |
|
|
|
Soul1999
| + 1 |
|
|
|
消逝的过去
| + 2 |
|
|
|
车太震
| |
+ 1 |
[吾爱汇编论坛52HB.COM]-感谢楼主热心分享,小小评分不成敬意! |
|
法莎莉雅
| + 1 |
|
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
Wayne
| + 1 |
|
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
liugu0hai
| + 1 |
|
[吾爱汇编论坛52HB.COM]-软件反汇编逆向分析,软件安全必不可少! |
|
军工强国
| + 1 |
+ 1 |
|
|
叶落花开
| |
+ 1 |
|
|
jaunic
| |
+ 1 |
|
|
hnymsh
| + 2 |
|
|
|
lies
| + 1 |
|
|
|
Evan2291
| + 1 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
Top丶邪少
| + 5 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
狮子
| + 1 |
+ 1 |
因果报应:这么热心分享知识,以后活该你发财!!该!哈~ |
|
奥特曼
| + 1 |
+ 1 |
教程非常易懂,对新人帮助极大!楼主大爱! |
|
Shark恒
| + 10 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
Desire
| + 3 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
岁月神偷
| + 2 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
起凡第一华佗
| + 3 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
逍遥枷锁
| + 2 |
+ 1 |
因果报应:这么热心分享知识,以后活该你发财!!该!哈~ |
|
ningzhonghui
| + 2 |
+ 1 |
好人有好报!你的热心我永远不忘!谢谢! |
|
520Kelly
| + 2 |
|
评分=感恩!简单却充满爱!感谢您的作品! |
查看全部评分
|
[复制链接]
|RSS|手机版|小黑屋|帮助|吾爱汇编
( 
京公网安备11011502005403号 , 京ICP备20003498号-6 )|网站地图
窥视卡
雷达卡
