您的位置:首页精文荟萃破解文章 → 卸载精灵3.2的注册算法

卸载精灵3.2的注册算法

时间:2004/10/15 0:56:00来源:本站整理作者:蓝点我要评论(0)

 小弟经过几天调试,终于弄懂了卸载精灵3.2的注册算法,下面就是破解过程
请我要大侠多多指点!!谢谢!
载入卸载精灵3.2
在帮助菜单下选择我要注册
姓名:crackerboy
注册码:98765432
运行trw2000
CTRL+N呼出
下断点bpx hmemcpy
g
点确定
被拦下来到这里:
我记住断点,用ollydbg1.09b调试:


0040C6BF . 3BC3 CMP EAX,EBX
0040C6C1 . DBE2 FCLEX
0040C6C3 . 7D 12 JGE SHORT CLEANER.0040C6D7
0040C6C5 . 68 A0000000 PUSH 0A0
0040C6CA . 68 004D4000 PUSH CLEANER.00404D00
0040C6CF . 56 PUSH ESI
0040C6D0 . 50 PUSH EAX
0040C6D1 . FF15 40104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
0040C6D7 > 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24]
0040C6DA . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
0040C6DD . 895D DC MOV DWORD PTR SS:[EBP-24],EBX
0040C6E0 . FF15 34114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
0040C6E6 . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
0040C6E9 . FF15 44114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
0040C6EF . 8B07 MOV EAX,DWORD PTR DS:[EDI]
0040C6F1 . 57 PUSH EDI
0040C6F2 . FF90 08030000 CALL DWORD PTR DS:[EAX+308]
0040C6F8 . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
0040C6FB . 50 PUSH EAX
0040C6FC . 51 PUSH ECX
0040C6FD . FF15 54104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
0040C703 . 8BF0 MOV ESI,EAX
0040C705 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
0040C708 . 50 PUSH EAX
0040C709 . 56 PUSH ESI
0040C70A . 8B16 MOV EDX,DWORD PTR DS:[ESI]
0040C70C . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
0040C712 . 3BC3 CMP EAX,EBX
0040C714 . DBE2 FCLEX
0040C716 . 7D 12 JGE SHORT CLEANER.0040C72A
0040C718 . 68 A0000000 PUSH 0A0
0040C71D . 68 004D4000 PUSH CLEANER.00404D00
0040C722 . 56 PUSH ESI
0040C723 . 50 PUSH EAX
0040C724 . FF15 40104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
0040C72A > 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24]
0040C72D . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
0040C730 . 895D DC MOV DWORD PTR SS:[EBP-24],EBX
0040C733 . FF15 34114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
0040C739 . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
0040C73C . FF15 44114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
0040C742 . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
0040C745 . 51 PUSH ECX
一路F10到这里
0040C746 . E8 75F2FFFF CALL CLEANER.0040B9C0 //关键Call,跟进去。
0040C74B . 66:85C0 TEST AX,AX
0040C74E . 0F84 92010000 JE CLEANER.0040C8E6
0040C754 . 8B35 1C114000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrToAnsi
0040C75A . 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]


跟进来后到达下面:
0040B9C0 $ 55 PUSH EBP
0040B9C1 . 8BEC MOV EBP,ESP
0040B9C3 . 83EC 08 SUB ESP,8
0040B9C6 . 68 F6124000 PUSH ; SE handler installation
0040B9CB . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
0040B9D1 . 50 PUSH EAX
0040B9D2 . 64:8925 000000>MOV DWORD PTR FS:[0],ESP
0040B9D9 . 81EC 94000000 SUB ESP,94
0040B9DF . 53 PUSH EBX
0040B9E0 . 56 PUSH ESI
0040B9E1 . 57 PUSH EDI
0040B9E2 . 8965 F8 MOV DWORD PTR SS:[EBP-8],ESP
0040B9E5 . C745 FC 181240>MOV DWORD PTR SS:[EBP-4],CLEANER.0040121>
0040B9EC . 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
0040B9EF . 33FF XOR EDI,EDI//清空EdI,下面用的着
0040B9F1 . 897D DC MOV DWORD PTR SS:[EBP-24],EDI
0040B9F4 . 897D CC MOV DWORD PTR SS:[EBP-34],EDI
0040B9F7 . 8B06 MOV EAX,DWORD PTR DS:[ESI]
0040B9F9 . 897D BC MOV DWORD PTR SS:[EBP-44],EDI
0040B9FC . 50 PUSH EAX
0040B9FD . 897D AC MOV DWORD PTR SS:[EBP-54],EDI
0040BA00 . 897D 9C MOV DWORD PTR SS:[EBP-64],EDI
0040BA03 . 89BD 7CFFFFFF MOV DWORD PTR SS:[EBP-84],EDI
0040BA09 . FF15 18104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr
0040BA0F . 83F8 08 CMP EAX,8 //EAX中是你输入的注册码长度,必须等于8,否则就出错。
0040BA12 . 74 0D JE SHORT CLEANER.0040BA21//相等就跳,不跳就over了。
0040BA14 . 897D EC MOV DWORD PTR SS:[EBP-14],EDI//置标志位
0040BA17 . 68 FFBD4000 PUSH CLEANER.0040BDFF
0040BA1C . E9 DD030000 JMP CLEANER.0040BDFE//跳出这个Call

0040BA21 > 8B3D 7C104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
0040BA27 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0040BA2A . 51 PUSH ECX
0040BA2B . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64]
0040BA2E . 6A 01 PUSH 1//VB函数,取第一个注册码
0040BA30 . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0040BA33 . BB 08400000 MOV EBX,4008
0040BA38 . 52 PUSH EDX
0040BA39 . 50 PUSH EAX
0040BA3A . C745 E4 010000>MOV DWORD PTR SS:[EBP-1C],1
0040BA41 . C745 DC 020000>MOV DWORD PTR SS:[EBP-24],2
0040BA48 . 8975 A4 MOV DWORD PTR SS:[EBP-5C],ESI
0040BA4B . 895D 9C MOV DWORD PTR SS:[EBP-64],EBX
0040BA4E . FFD7 CALL EDI ; <&MSVBVM60.#632>
0040BA50 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
0040BA53 . 8D95 7CFFFFFF LEA EDX,DWORD PTR SS:[EBP-84]
0040BA59 . 51 PUSH ECX
0040BA5A . 6A 03 PUSH 3//取第三个注册码
0040BA5C . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
0040BA5F . 52 PUSH EDX
0040BA60 . 50 PUSH EAX
0040BA61 . C745 C4 010000>MOV DWORD PTR SS:[EBP-3C],1
0040BA68 . C745 BC 020000>MOV DWORD PTR SS:[EBP-44],2
0040BA6F . 8975 84 MOV DWORD PTR SS:[EBP-7C],ESI
0040BA72 . 899D 7CFFFFFF MOV DWORD PTR SS:[EBP-84],EBX
0040BA78 . FFD7 CALL EDI
0040BA7A . 8B1D 30114000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaI2>; MSVBVM60.__vbaI2ErrVar
0040BA80 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
0040BA83 . 51 PUSH ECX
0040BA84 . FFD3 CALL EBX//这个函数把字符转换成数字,如果不是数字,则到这个call就会出错,发生异常; <&MSVBVM60.__vbaI2ErrVar>
0040BA86 . 66:8BD0 MOV DX,AX//存Dx中,dx中现在存放的是第一个注册码的数字。
0040BA89 . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0040BA8C . 50 PUSH EAX
0040BA8D . 66:8995 62FFFF>MOV WORD PTR SS:[EBP-9E],DX
0040BA94 . FFD3 CALL EBX//转换第三个注册码变成数字。
0040BA96 . 66:8B8D 62FFFF>MOV CX,WORD PTR SS:[EBP-9E]
0040BA9D . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0040BAA0 . 66:03C8 ADD CX,AX//第一个注册码+第三个注册码存cx.
0040BAA3 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
0040BAA6 . 0F80 6A030000 JO CLEANER.0040BE16
0040BAAC . 33DB XOR EBX,EBX
0040BAAE . 66:83F9 07 CMP CX,7//与7比较,如果不相等就会跳到出错的地方。
0040BAB2 . 52 PUSH EDX
0040BAB3 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
0040BAB6 . 50 PUSH EAX
0040BAB7 . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
0040BABA . 51 PUSH ECX
0040BABB . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0040BABE . 52 PUSH EDX
0040BABF . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0040BAC2 . 50 PUSH EAX
0040BAC3 . 51 PUSH ECX
0040BAC4 . 0F95C3 SETNE BL
0040BAC7 . 6A 06 PUSH 6
0040BAC9 . F7DB NEG EBX
0040BACB . FF15 1C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
0040BAD1 . 83C4 1C ADD ESP,1C
0040BAD4 . 66:85DB TEST BX,BX
0040BAD7 . 74 11 JE SHORT CLEANER.0040BAEA//相等则跳,不跳则死。
0040BAD9 . C745 EC 000000>MOV DWORD PTR SS:[EBP-14],0//置标志位
0040BAE0 . 68 FFBD4000 PUSH CLEANER.0040BDFF
0040BAE5 . E9 14030000 JMP CLEANER.0040BDFE//跳到这个call的出口
0040BAEA > 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
0040BAED . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
0040BAF0 . 52 PUSH EDX
0040BAF1 . 6A 02 PUSH 2//取第二个注册码
0040BAF3 . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
0040BAF6 . BB 08400000 MOV EBX,4008
0040BAFB . 50 PUSH EAX
0040BAFC . 51 PUSH ECX
0040BAFD . C745 E4 010000>MOV DWORD PTR SS:[EBP-1C],1
0040BB04 . C745 DC 020000>MOV DWORD PTR SS:[EBP-24],2
0040BB0B . 8975 A4 MOV DWORD PTR SS:[EBP-5C],ESI
0040BB0E . 895D 9C MOV DWORD PTR SS:[EBP-64],EBX
0040BB11 . FFD7 CALL EDI
0040BB13 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
0040BB16 . 8D85 7CFFFFFF LEA EAX,DWORD PTR SS:[EBP-84]
0040BB1C . 52 PUSH EDX
0040BB1D . 6A 04 PUSH 4//取第四个注册码
0040BB1F . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
0040BB22 . 50 PUSH EAX
0040BB23 . 51 PUSH ECX
0040BB24 . C745 C4 010000>MOV DWORD PTR SS:[EBP-3C],1
0040BB2B . C745 BC 020000>MOV DWORD PTR SS:[EBP-44],2
0040BB32 . 8975 84 MOV DWORD PTR SS:[EBP-7C],ESI
0040BB35 . 899D 7CFFFFFF MOV DWORD PTR SS:[EBP-84],EBX
0040BB3B . FFD7 CALL EDI
0040BB3D . 8B1D 30114000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaI2>; MSVBVM60.__vbaI2ErrVar
0040BB43 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0040BB46 . 52 PUSH EDX
0040BB47 . FFD3 CALL EBX//转换第二个注册码为数字。 ; <&MSVBVM60.__vbaI2ErrVar>
0040BB49 . 66:8BD0 MOV DX,AX//存dx
0040BB4C . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0040BB4F . 50 PUSH EAX
0040BB50 . 66:8995 60FFFF>MOV WORD PTR SS:[EBP-A0],DX
0040BB57 . FFD3 CALL EBX//转换第四个注册码为数字。
0040BB59 . 66:8B8D 60FFFF>MOV CX,WORD PTR SS:[EBP-A0]
0040BB60 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0040BB63 . 66:03C8 ADD CX,AX//相加
0040BB66 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
0040BB69 . 0F80 A7020000 JO CLEANER.0040BE16
0040BB6F . 33DB XOR EBX,EBX
0040BB71 . 66:83F9 08 CMP CX,8//与8比较,不等就死,等则比较下两个注册码
0040BB75 . 52 PUSH EDX
0040BB76 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
0040BB79 . 50 PUSH EAX
0040BB7A . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
0040BB7D . 51 PUSH ECX
0040BB7E . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0040BB81 . 52 PUSH EDX
0040BB82 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0040BB85 . 50 PUSH EAX
0040BB86 . 51 PUSH ECX
0040BB87 . 0F95C3 SETNE BL
0040BB8A . 6A 06 PUSH 6
0040BB8C . F7DB NEG EBX
0040BB8E . FF15 1C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
0040BB94 . 83C4 1C ADD ESP,1C
0040BB97 . 66:85DB TEST BX,BX
0040BB9A . 74 11 JE SHORT CLEANER.0040BBAD//相等则跳,不跳则死
0040BB9C . C745 EC 000000>MOV DWORD PTR SS:[EBP-14],0//置"死"的标志位
0040BBA3 . 68 FFBD4000 PUSH CLEANER.0040BDFF
0040BBA8 . E9 51020000 JMP CLEANER.0040BDFE//跳到这个call的出口
0040BBAD > 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
0040BBB0 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
0040BBB3 . 52 PUSH EDX
0040BBB4 . 6A 05 PUSH 5//取第五个注册码
0040BBB6 . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
0040BBB9 . BB 08400000 MOV EBX,4008
0040BBBE . 50 PUSH EAX
0040BBBF . 51 PUSH ECX
0040BBC0 . C745 E4 010000>MOV DWORD PTR SS:[EBP-1C],1
0040BBC7 . C745 DC 020000>MOV DWORD PTR SS:[EBP-24],2
0040BBCE . 8975 A4 MOV DWORD PTR SS:[EBP-5C],ESI
0040BBD1 . 895D 9C MOV DWORD PTR SS:[EBP-64],EBX
0040BBD4 . FFD7 CALL EDI//调用函数取第五个注册码
0040BBD6 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
0040BBD9 . 8D85 7CFFFFFF LEA EAX,DWORD PTR SS:[EBP-84]
0040BBDF . 52 PUSH EDX
0040BBE0 . 6A 07 PUSH 7//取第七个注册码
0040BBE2 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
0040BBE5 . 50 PUSH EAX
0040BBE6 . 51 PUSH ECX
0040BBE7 . C745 C4 010000>MOV DWORD PTR SS:[EBP-3C],1
0040BBEE . C745 BC 020000>MOV DWORD PTR SS:[EBP-44],2
0040BBF5 . 8975 84 MOV DWORD PTR SS:[EBP-7C],ESI
0040BBF8 . 899D 7CFFFFFF MOV DWORD PTR SS:[EBP-84],EBX
0040BBFE . FFD7 CALL EDI//调用函数取第五个注册码
0040BC00 . 8B1D 30114000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaI2>; MSVBVM60.__vbaI2ErrVar
0040BC06 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0040BC09 . 52 PUSH EDX
0040BC0A . FFD3 CALL EBX//转换第五个注册码成数字 ; <&MSVBVM60.__vbaI2ErrVar>
0040BC0C . 66:8BD0 MOV DX,AX//存dx
0040BC0F . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0040BC12 . 50 PUSH EAX
0040BC13 . 66:8995 5EFFFF>MOV WORD PTR SS:[EBP-A2],DX
0040BC1A . FFD3 CALL EBX//转换第七个注册码成数字
0040BC1C . 66:8B8D 5EFFFF>MOV CX,WORD PTR SS:[EBP-A2]
0040BC23 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0040BC26 . 66:03C8 ADD CX,AX//第五个注册码+第七个注册码存cx
0040BC29 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
0040BC2C . 0F80 E4010000 JO CLEANER.0040BE16
0040BC32 . 33DB XOR EBX,EBX
0040BC34 . 66:83F9 09 CMP CX,9//与9比较,不等则死
0040BC38 . 52 PUSH EDX
0040BC39 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
0040BC3C . 50 PUSH EAX
0040BC3D . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
0040BC40 . 51 PUSH ECX
0040BC41 . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0040BC44 . 52 PUSH EDX
0040BC45 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0040BC48 . 50 PUSH EAX
0040BC49 . 51 PUSH ECX
0040BC4A . 0F95C3 SETNE BL
0040BC4D . 6A 06 PUSH 6
0040BC4F . F7DB NEG EBX
0040BC51 . FF15 1C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
0040BC57 . 83C4 1C ADD ESP,1C
0040BC5A . 66:85DB TEST BX,BX
0040BC5D . 74 11 JE SHORT CLEANER.0040BC70//相等则跳
0040BC5F . C745 EC 000000>MOV DWORD PTR SS:[EBP-14],0//置"死“的标志位
0040BC66 . 68 FFBD4000 PUSH CLEANER.0040BDFF
0040BC6B . E9 8E010000 JMP CLEANER.0040BDFE//跳到出口
0040BC70 > 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
0040BC73 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
0040BC76 . 52 PUSH EDX
0040BC77 . 6A 06 PUSH 6//取第六个注册码
0040BC79 . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
0040BC7C . BB 08400000 MOV EBX,4008
0040BC81 . 50 PUSH EAX
0040BC82 . 51 PUSH ECX
0040BC83 . C745 E4 010000>MOV DWORD PTR SS:[EBP-1C],1
0040BC8A . C745 DC 020000>MOV DWORD PTR SS:[EBP-24],2
0040BC91 . 8975 A4 MOV DWORD PTR SS:[EBP-5C],ESI
0040BC94 . 895D 9C MOV DWORD PTR SS:[EBP-64],EBX
0040BC97 . FFD7 CALL EDI
0040BC99 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
0040BC9C . 8D85 7CFFFFFF LEA EAX,DWORD PTR SS:[EBP-84]
0040BCA2 . 52 PUSH EDX
0040BCA3 . 6A 08 PUSH 8//取第八个注册码
0040BCA5 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
0040BCA8 . 50 PUSH EAX
0040BCA9 . 51 PUSH ECX
0040BCAA . C745 C4 010000>MOV DWORD PTR SS:[EBP-3C],1
0040BCB1 . C745 BC 020000>MOV DWORD PTR SS:[EBP-44],2
0040BCB8 . 8975 84 MOV DWORD PTR SS:[EBP-7C],ESI
0040BCBB . 899D 7CFFFFFF MOV DWORD PTR SS:[EBP-84],EBX
0040BCC1 . FFD7 CALL EDI
0040BCC3 . 8B1D 30114000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaI2>; MSVBVM60.__vbaI2ErrVar
0040BCC9 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0040BCCC . 52 PUSH EDX
0040BCCD . FFD3 CALL EBX//转换第六个注册码成数字 ; <&MSVBVM60.__vbaI2ErrVar>
0040BCCF . 66:8BD0 MOV DX,AX
0040BCD2 . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0040BCD5 . 50 PUSH EAX
0040BCD6 . 66:8995 5CFFFF>MOV WORD PTR SS:[EBP-A4],DX
0040BCDD . FFD3 CALL EBX//转换第八个注册码成数字
0040BCDF . 66:8B8D 5CFFFF>MOV CX,WORD PTR SS:[EBP-A4]
0040BCE6 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0040BCE9 . 66:03C8 ADD CX,AX
0040BCEC . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
0040BCEF . 0F80 21010000 JO CLEANER.0040BE16
0040BCF5 . 33DB XOR EBX,EBX
0040BCF7 . 66:83F9 0A CMP CX,0A//与十比较,不等则死
0040BCFB . 52 PUSH EDX
0040BCFC . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
0040BCFF . 50 PUSH EAX
0040BD00 . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
0040BD03 . 51 PUSH ECX
0040BD04 . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0040BD07 . 52 PUSH EDX
0040BD08 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0040BD0B . 50 PUSH EAX
0040BD0C . 51 PUSH ECX
0040BD0D . 0F95C3 SETNE BL
0040BD10 . 6A 06 PUSH 6
0040BD12 . F7DB NEG EBX
0040BD14 . FF15 1C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
0040BD1A . 83C4 1C ADD ESP,1C
0040BD1D . 66:85DB TEST BX,BX
0040BD20 . 74 11 JE SHORT CLEANER.0040BD33//相等则跳,不等则死
0040BD22 . C745 EC 000000>MOV DWORD PTR SS:[EBP-14],0//置标志位
0040BD29 . 68 FFBD4000 PUSH CLEANER.0040BDFF
0040BD2E . E9 CB000000 JMP CLEANER.0040BDFE//跳到出口
0040BD33 > 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
0040BD36 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
0040BD39 . 52 PUSH EDX
0040BD3A . 6A 01 PUSH 1//取第一个注册码
0040BD3C . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
0040BD3F . BB 08400000 MOV EBX,4008
0040BD44 . 50 PUSH EAX
0040BD45 . 51 PUSH ECX
0040BD46 . C745 E4 010000>MOV DWORD PTR SS:[EBP-1C],1
0040BD4D . C745 DC 020000>MOV DWORD PTR SS:[EBP-24],2
0040BD54 . 8975 A4 MOV DWORD PTR SS:[EBP-5C],ESI
0040BD57 . 895D 9C MOV DWORD PTR SS:[EBP-64],EBX
0040BD5A . FFD7 CALL EDI
0040BD5C . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
0040BD5F . 8D85 7CFFFFFF LEA EAX,DWORD PTR SS:[EBP-84]
0040BD65 . 52 PUSH EDX
0040BD66 . 6A 08 PUSH 8//取第八个注册码
0040BD68 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
0040BD6B . 50 PUSH EAX
0040BD6C . 51 PUSH ECX
0040BD6D . C745 C4 010000>MOV DWORD PTR SS:[EBP-3C],1
0040BD74 . C745 BC 020000>MOV DWORD PTR SS:[EBP-44],2
0040BD7B . 8975 84 MOV DWORD PTR SS:[EBP-7C],ESI
0040BD7E . 899D 7CFFFFFF MOV DWORD PTR SS:[EBP-84],EBX
0040BD84 . FFD7 CALL EDI
0040BD86 . 8B35 30114000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaI2>; MSVBVM60.__vbaI2ErrVar
0040BD8C . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0040BD8F . 52 PUSH EDX
0040BD90 . FFD6 CALL ESI //转换第一个注册码成数字 ; <&MSVBVM60.__vbaI2ErrVar>
0040BD92 . 66:8BF8 MOV DI,AX
0040BD95 . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0040BD98 . 50 PUSH EAX
0040BD99 . FFD6 CALL ESI//转换第八个注册码成数字
0040BD9B . 66:03F8 ADD DI,AX//第一个注册码+第八个注册码存di
0040BD9E . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0040BDA1 . 70 73 JO SHORT CLEANER.0040BE16
0040BDA3 . 33C9 XOR ECX,ECX
0040BDA5 . 66:83FF 08 CMP DI,8//与8比较,不相等下面的esi就会等于0,相等则为1
0040BDA9 . 0F95C1 SETNE CL
0040BDAC . F7D9 NEG ECX
0040BDAE . 8BF1 MOV ESI,ECX
0040BDB0 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
0040BDB3 . 52 PUSH EDX
0040BDB4 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
0040BDB7 . 50 PUSH EAX
0040BDB8 . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
0040BDBB . 51 PUSH ECX
0040BDBC . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0040BDBF . 52 PUSH EDX
0040BDC0 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0040BDC3 . 50 PUSH EAX
0040BDC4 . 51 PUSH ECX
0040BDC5 . 6A 06 PUSH 6
0040BDC7 . FF15 1C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
0040BDCD . 83C4 1C ADD ESP,1C
0040BDD0 . 66:F7DE NEG SI
0040BDD3 . 1BF6 SBB ESI,ESI
0040BDD5 . 68 FFBD4000 PUSH CLEANER.0040BDFF
0040BDDA . F7DE NEG ESI
0040BDDC . 4E DEC ESI
0040BDDD . 8975 EC MOV DWORD PTR SS:[EBP-14],ESI
0040BDE0 . EB 1C JMP SHORT CLEANER.0040BDFE
0040BDE2 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0040BDE5 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
0040BDE8 . 52 PUSH EDX
0040BDE9 . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
0040BDEC . 50 PUSH EAX
0040BDED . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
0040BDF0 . 51 PUSH ECX
0040BDF1 . 52 PUSH EDX
0040BDF2 . 6A 04 PUSH 4
0040BDF4 . FF15 1C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
0040BDFA . 83C4 14 ADD ESP,14
0040BDFD . C3 RETN
0040BDFE > C3 RETN ; RET used as a jump to 0040BDFF


0040BDFF > 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0040BE02 . 66:8B45 EC MOV AX,WORD PTR SS:[EBP-14]//取标志位给ax,ax等于0就死,等于1就成功
0040BE06 . 5F POP EDI ; 00420A24
0040BE07 . 5E POP ESI
0040BE08 . 64:890D 000000>MOV DWORD PTR FS:[0],ECX
0040BE0F . 5B POP EBX
0040BE10 . 8BE5 MOV ESP,EBP
0040BE12 . 5D POP EBP
0040BE13 . C2 0400 RETN 4


至此,这个卸载精灵的算法就清楚了:
他与你的注册名无关。
注册码的长度必须是8位
注册码是这样练成的:
第一次: 取注册码的1 ,3 位,相加,必须等于8
第二次: 取注册码的2 ,4 位,相加,必须等于9
第三次: 取注册码的5 ,7 位,相加,必须等于9
第四次: 取注册码的1 ,3 位,相加,必须等于10
第五次: 取注册码的1 ,8 位,相加,必须等于8
这样就可以写出注册机了


下面是我用vc++6.0写的注册机,不妥之处,请我要大侠多多指点!!

void CCleanerDlg::OnOK()
{
// TODO: Add extra validation here
int a1=7,a2=8,a3=9,a4=10,a5=8,flag0=0,flag1=0,i;
int code0[8];//八个注册码
CString code;//注册码
UpdateData();
if(GetDlgItem(IDC_EDIT1)->GetWindowTextLength()==0)
{MessageBox("名字不能为空!","错误",MB_OK);
flag0=1;
}
if(!flag0)
{ srand(time (NULL));
code0[1]=rand()%a2; //第二位注册码
code0[3]=a2-code0[1];//第四位注册码
code0[4]=rand()%a3;//第五位注册码
code0[6]=a3-code0[4];//第七位注册码
code0[7]=rand()%a5;//第八位注册码
code0[5]=a4-code0[7];//第六位注册码
code0[0]=a5-code0[7];//第一位注册码
code0[2]=a1-code0[0];//第三位注册码
for(i=0;i<8;i++)
{code0[i]+=0x30;
code+=(char)code0[i];//转换成数字字符
}
GetDlgItem(IDC_EDIT2)->SetWindowText(code);显示注册码
}
else
{GetDlgItem(IDC_EDIT1)->SetWindowText("");
GetDlgItem(IDC_EDIT2)->SetWindowText("");
}


//CDialog::OnOK();
}
注册成功后,注册信息保存在注册表
HKEY_LOCAL_MACHINE\SOFTWARE\lengendsoft子键下
删除这个lengendsoft又变成了未注册版了。
如果您觉得满意,能否考虑我加入DFCG?
望回信:
crackerboy.student@sina.com
谢谢!!!

    
    
     
    
    
     

相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么

文章评论
发表评论

热门文章 去除winrar注册框方法

最新文章 比特币病毒怎么破解 比去除winrar注册框方法 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据

人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程