破P-code程序心得 -pc6资讯

您的位置：首页 → 精文荟萃 → 破解文章 → 破P-code程序心得

破P-code程序心得 时间：2004/10/15 0:57:00来源：本站整理作者：蓝点我要评论(0)

　这是我用exdec反编出来的！破P-code程序，这个可是好东东来的啊！
--------------------------------------------------------------

Email josephco_@hotmail.com with any errors or problems

Proc: 50af94

50ABF0: 00 LargeBos
50ABF2: 00 LargeBos
50ABF4: 04 FLdRfVar               local_008A
50ABF7: 04 FLdRfVar               local_0088
50ABFA: 05 ImpAdLdRf:             5257dc
50ABFD: 24 NewIfNullPr             40c054
50AC00: 0d VCallHresult           CVBApplication::get_App
50AC05: 08 FLdPr                   local_0088
50AC08: 0d VCallHresult           CVBApplication::ge88$?(id
50AC0D: 6b FLdI2                   local_008A
50AC10: 1a FFree1Ad               local_0088
50AC13: 1c BranchF:               50AC1A
50AC16: 00 LargeBos
50AC18: Lead1/c8 End
50AC1A: 00 LargeBos
50AC1C: 4b onErrorGoto
50AC1F: 00 LargeBos
50AC21: 04 FLdRfVar               local_0088
50AC24: 04 FLdRfVar               local_0094
50AC27: 24 NewIfNullPr             40e7e0
50AC2A: 0d VCallHresult           CVBApplication::get_Clipboard
50AC2F: 3e FLdZeroAd               local_0088
50AC32: 5b FStAdFuncNoPop         local_00B8
50AC35: 04 FLdRfVar               local_0090
50AC38: Lead3/88 ForEachCollObj
50AC40: 00 LargeBos
50AC42: 04 FLdRfVar               local_00C0
50AC45: 08 FLdPr                   local_0090
50AC48: 0d VCallHresult           CVBApplication::get_forms
50AC4D: 6c ILdRf                   local_00C0
50AC50: f5 LitI4:                 0x2 2 (....)
50AC55: c7 EqI4
50AC56: 1c BranchF:               50AC99
50AC59: 00 LargeBos
50AC5B: 04 FLdRfVar               local_00D0
50AC5E: 08 FLdPr                   local_0090
50AC61: 0d VCallHresult           CVBApplication::LoadResData
50AC66: 04 FLdRfVar               local_00D0
50AC69: 60 CStrVarTmp
50AC6A: 23 FStStrNoPop             local_00D4
50AC6D: 6b FLdI2                   local_0096
50AC70: e7 CI4UI1

***************中间我略去一段汇编*********************

Proc: 51c194

51AD8C: 00 LargeBos → LargeBos表示是一行VB源代码的开头，从当前LargeBos到下一个LargeBos之间的代码是从一行源代码编译过来的
51AD8E: 00 LargeBos
51AD90: 4b onErrorGoto
51AD93: 00 LargeBos
51AD95: f5 LitI4:                 0xbb8 3000 (....) → Lit 代表Literal，表示是装入立即数
51AD9A: 71 FStR4                   local_008C
51AD9D: 00 LargeBos
51AD9F: 27 LitVar_Missing → LitVar_Missing表示可选参数未赋值
51ADA2: 0a ImpAdCallFPR4:
51ADA7: 35 FFree1Var               local_00B0
51ADAA: 00 LargeBos
51ADAC: 27 LitVar_Missing
51ADAF: 0a ImpAdCallFPR4:
51ADB4: 73 FStFPR4
51ADB7: f4 LitI2_Byte:             0x18 24 (.) → 字节立即数
51ADB9: eb CR8I2 → 转换成Double
51ADBA: 6e FLdFPR4
51ADBD: b3 MulR8
51ADBE: Lead0/e6 FnIntR8
51ADC0: f4 LitI2_Byte:             0x1 1 (.)
51ADC2: eb CR8I2
51ADC3: ab AddR8
51ADC4: e5 CI2R8
51ADC5: 70 FStI2                   local_0086
51ADC8: 35 FFree1Var               local_00B0

dim local_00B6 as integer
local_00B6 = local_0086

51ADCB: 00 LargeBos
51ADCD: 6b FLdI2                   local_0086
51ADD0: 70 FStI2                   local_00B6

select case local_00B6
case 1

51ADD3: 00 LargeBos
51ADD5: 6b FLdI2                   local_00B6
51ADD8: f4 LitI2_Byte:             0x1 1 (.)
51ADDA: c6 EqI2
51ADDB: 1c BranchF:               51AE13
51ADDE: 00 LargeBos
51ADE0: 6c ILdRf                   local_008C
51ADE3: 71 FStR4                   local_0090
51ADE6: 00 LargeBos
51ADE8: 6c ILdRf                   local_008C
51ADEB: f5 LitI4:                 0x168 360 (...h)
51ADF0: aa AddI4
51ADF1: 71 FStR4                   local_0090
51ADF4: 00 LargeBos
51ADF6: 6c ILdRf                   local_008C
51ADF9: f5 LitI4:                 0x2d0 720 (....)
51ADFE: aa AddI4
51ADFF: 71 FStR4                   local_0090
51AE02: 00 LargeBos
51AE04: 6c ILdRf                   local_008C
51AE07: f5 LitI4:                 0x438 1080 (...8)
51AE0C: aa AddI4
51AE0D: 71 FStR4                   local_0090
51AE10: 1e Branch:                 51b3d0

***************中间我略去一段汇编*********************

51B3A6: 00 LargeBos
51B3A8: 6c ILdRf                   local_008C
51B3AB: f5 LitI4:                 0x168 360 (...h)
51B3B0: aa AddI4
51B3B1: 71 FStR4                   local_0090
51B3B4: 00 LargeBos
51B3B6: 6c ILdRf                   local_008C
51B3B9: f5 LitI4:                 0x2d0 720 (....)
51B3BE: aa AddI4
51B3BF: 71 FStR4                   local_0090
51B3C2: 00 LargeBos
51B3C4: 6c ILdRf                   local_008C
51B3C7: f5 LitI4:                 0x438 1080 (...8)
51B3CC: aa AddI4
51B3CD: 71 FStR4                   local_0090

由51AD9D到此处是没用的干扰代码，干扰代码后面还出现了两次，删！

dim temp as variant
temp = StrReverse(CStr(CLng(Text5.Text)/1022)) ;真注册码

51B3D0: 00 LargeBos
51B3D2: 00 LargeBos
51B3D4: 04 FLdRfVar               local_00D0
51B3D7: 21 FLdPrThis
51B3D8: 0f VCallAd                 (object 8 )
51B3DB: 19 FStAdFunc               local_00CC
51B3DE: 08 FLdPr                   local_00CC
51B3E1: 0d VCallHresult           禚d
51B3E6: 6c ILdRf                   local_00D0
51B3E9: 50 CI4Str
51B3EA: f5 LitI4:                 0x3fe 1022 (....)
51B3EF: c0 IDvI4
51B3F0: Lead0/fe CStrI4
51B3F2: 23 FStStrNoPop             local_00D4
51B3F5: 0b ImpAdCallI2
51B3FA: 46 CVarStr                 local_00B0
51B3FD: Lead1/f6 FStVar
51B401: 32 FFreeStr
51B408: 1a FFree1Ad               local_00CC

if Left(Text1.Text,Len(StrReverse(CStr(CLng(Text5.Text)/1022)))
= StrReverse(CStr(CLng(Text5.Text)/1022))

51B40B: 00 LargeBos
51B40D: 04 FLdRfVar               local_00D0
51B410: 21 FLdPrThis
51B411: 0f VCallAd                 (object e )
51B414: 19 FStAdFunc               local_00CC
51B417: 08 FLdPr                   local_00CC
51B41A: 0d VCallHresult           禚d
51B41F: 04 FLdRfVar               local_00D4
51B422: 21 FLdPrThis
51B423: 0f VCallAd                 (object 8 )
51B426: 19 FStAdFunc               local_00D8
51B429: 08 FLdPr                   local_00D8
51B42C: 0d VCallHresult           禚d
51B431: 6c ILdRf                   local_00D4
51B434: 50 CI4Str
51B435: f5 LitI4:                 0x3fe 1022 (....)
51B43A: c0 IDvI4
51B43B: Lead0/fe CStrI4
51B43D: 23 FStStrNoPop             local_00DC
51B440: 0b ImpAdCallI2
51B445: 23 FStStrNoPop             local_00E0
51B448: 4a FnLenStr
51B449: 3e FLdZeroAd               local_00D0
51B44C: 46 CVarStr                 local_00B0 → 输入的注册码
51B44F: 04 FLdRfVar               local_00F0
51B452: 0a ImpAdCallFPR4:
51B457: 04 FLdRfVar               local_00F0
51B45A: 04 FLdRfVar               local_00F8
51B45D: 21 FLdPrThis
51B45E: 0f VCallAd                 (object 8 )
51B461: 19 FStAdFunc               local_00F4
51B464: 08 FLdPr                   local_00F4
51B467: 0d VCallHresult           禚d
51B46C: 6c ILdRf                   local_00F8
51B46F: 50 CI4Str
51B470: f5 LitI4:                 0x3fe 1022 (....)
51B475: c0 IDvI4
51B476: Lead0/fe CStrI4
51B478: 23 FStStrNoPop             local_00FC
51B47B: 0b ImpAdCallI2
51B480: 46 CVarStr                 local_010C
51B483: 5d HardType
51B484: Lead0/33 EqVarBool → 比较真注册码与输入的注册码
51B486: 32 FFreeStr
51B493: 29 FFreeAd:
51B49C: 36 FFreeVar
51B4A5: 1c BranchF:               51C179

没用的干扰代码，删去

SaveSetting "wbreg","wbregfile","wbregfilename",注册码

在注册表中保存注册码：（在我的动画里也有意放上这个的！！！）
[HKEY_CURRENT_USER\Software\VB and VBA Program Settings\wbreg\wbregfile]
"wbregfilename"=注册码

51B4A8: 00 LargeBos
51B4AA: f5 LitI4:                 0x7530 30000 (..u0)
51B4AF: 71 FStR4                   local_008C
51B4B2: 00 LargeBos
51B4B4: 27 LitVar_Missing
51B4B7: 0a ImpAdCallFPR4:
51B4BC: 35 FFree1Var               local_00B0
51B4BF: 00 LargeBos
51B4C1: 27 LitVar_Missing
51B4C4: 0a ImpAdCallFPR4:
51B4C9: 73 FStFPR4
51B4CC: f4 LitI2_Byte:             0x18 24 (.)
51B4CE: eb CR8I2
51B4CF: 6e FLdFPR4
51B4D2: b3 MulR8
51B4D3: Lead0/e6 FnIntR8
51B4D5: f4 LitI2_Byte:             0x1 1 (.)
51B4D7: eb CR8I2
51B4D8: ab AddR8
51B4D9: e5 CI2R8
51B4DA: 70 FStI2                   local_0086
51B4DD: 35 FFree1Var               local_00B0
51B4E0: 00 LargeBos
51B4E2: 6b FLdI2                   local_0086
51B4E5: 70 FStI2                   local_011E
51B4E8: 00 LargeBos
51B4EA: 6b FLdI2                   local_011E
51B4ED: f4 LitI2_Byte:             0x1 1 (.)
51B4EF: c6 EqI2
51B4F0: 1c BranchF:               51B528
51B4F3: 00 LargeBos
51B4F5: 6c ILdRf                   local_008C
51B4F8: 71 FStR4                   local_0090
51B4FB: 00 LargeBos
51B4FD: 6c ILdRf                   local_008C
51B500: f5 LitI4:                 0x168 360 (...h)
51B505: aa AddI4
51B506: 71 FStR4                   local_0090
51B509: 00 LargeBos
51B50B: 6c ILdRf                   local_008C
51B50E: f5 LitI4:                 0x2d0 720 (....)
51B513: aa AddI4
51B514: 71 FStR4                   local_0090
51B517: 00 LargeBos
51B519: 6c ILdRf                   local_008C
51B51C: f5 LitI4:                 0x438 1080 (...8)
51B521: aa AddI4

***************中间我略去一段汇编*********************

51BAE5: 00 LargeBos
51BAE7: 00 LargeBos
51BAE9: 04 FLdRfVar               local_00D0
51BAEC: 21 FLdPrThis
51BAED: 0f VCallAd                 (object e )
51BAF0: 19 FStAdFunc               local_00CC
51BAF3: 08 FLdPr                   local_00CC
51BAF6: 0d VCallHresult           禚d
51BAFB: 6c ILdRf                   local_00D0
51BAFE: 0b ImpAdCallI2
51BB03: 23 FStStrNoPop             local_00D4
51BB06: 1b LitStr:                 wbregfilename → 存放在注册表的信息，这里放注册码！
51BB09: 1b LitStr:                 wbregfile → 存放在注册表的信息
51BB0C: 1b LitStr:                 wbreg → 存放在注册表的信息
51BB0F: 0a ImpAdCallFPR4:         衊帬
51BB14: 32 FFreeStr
51BB1B: 1a FFree1Ad               local_00CC → 注册成功提示
51BB1E: 00 LargeBos
51BB20: 27 LitVar_Missing
51BB23: 27 LitVar_Missing
51BB26: 3a LitVarStr:             ( local_0130 )
51BB2B: 4e FStVarCopyObj           local_00F0
51BB2E: 04 FLdRfVar               local_00F0
51BB31: f5 LitI4:                 0x40 64 (...@)
51BB36: 3a LitVarStr:             ( local_00A0 ) → “注册成功”
51BB3B: 4e FStVarCopyObj           local_00B0
51BB3E: 04 FLdRfVar               local_00B0
51BB41: 0a ImpAdCallFPR4:
51BB46: 36 FFreeVar
51BB51: 00 LargeBos

***************中间我略去一段汇编*********************

51C17E: 0f VCallAd                 (object e )
51C181: 19 FStAdFunc               local_00CC
51C184: 08 FLdPr                   local_00CC
51C187: 0d VCallHresult           禚d
51C18C: 1a FFree1Ad               local_00CC
51C18F: 00 LargeBos
51C191: 13 ExitProcHresult

Proc: 502a84

502A1C: 7f ILdI2
502A1F: f4 LitI2_Byte:             0x0 0 (.)
502A21: c6 EqI2
502A22: 1c BranchF:               502A54
502A25: f5 LitI4:                 0x1 1 (....)
502A2A: f5 LitI4:                 0x0 0 (....)
502A2F: f5 LitI4:                 0x0 0 (....)
502A34: 1b LitStr:                 http://www.8ge.net
502A37: 04 FLdRfVar               local_0088
502A3A: 34 CStr2Ansi
502A3B: 6c ILdRf                   local_0088
502A3E: f5 LitI4:                 0x0 0 (....)
502A43: f5 LitI4:                 0x0 0 (....)
502A48: 0a ImpAdCallFPR4:         treedll.dll
502A4D: 3c SetLastSystemError
502A4E: 2f FFree1Str               local_0088
502A51: 1e Branch:                 502a80
502A54: f5 LitI4:                 0x1 1 (....)
502A59: f5 LitI4:                 0x0 0 (....)
502A5E: f5 LitI4:                 0x0 0 (....)
502A63: 1b LitStr:                 mailto:dingganchao@163.com
502A66: 04 FLdRfVar               local_0088
502A69: 34 CStr2Ansi
502A6A: 6c ILdRf                   local_0088
502A6D: f5 LitI4:                 0x0 0 (....)
502A72: f5 LitI4:                 0x0 0 (....)
502A77: 0a ImpAdCallFPR4:         treedll.dll

Proc: 50441c

504314: 7f ILdI2
504317: f4 LitI2_Byte:             0x0 0 (.)
504319: c6 EqI2
50431A: 1c BranchF:               504399
50431D: f4 LitI2_Byte:             0xff -1 (.)
50431F: 21 FLdPrThis
504320: 0f VCallAd                 (object 1 )

***************中间我略去一段汇编*********************

5043FC: 21 FLdPrThis
5043FD: 0f VCallAd                 (object 2 )
504400: 19 FStAdFunc               local_0088
504403: 08 FLdPr                   local_0088
504406: 0d VCallHresult             id
50440B: 08 FLdPr                   local_00AC
50440E: 0d VCallHresult             id

Proc: 502338

502308: f5 LitI4:                 0x1 1 (....)
50230D: f5 LitI4:                 0x0 0 (....)
502312: f5 LitI4:                 0x0 0 (....)
502317: 1b LitStr:                 http://www.softreg.com/shareware_view.asp?id={9441703A-5180-4904-B533-ACD52C9A6CAC}
50231A: 04 FLdRfVar               local_0088
50231D: 34 CStr2Ansi
50231E: 6c ILdRf                   local_0088
502321: f5 LitI4:                 0x0 0 (....)
502326: f5 LitI4:                 0x0 0 (....)
50232B: 0a ImpAdCallFPR4:         treedll.dll

Proc: 50349c

503400: 7f ILdI2
503403: f4 LitI2_Byte:             0x0 0 (.)
503405: c6 EqI2
503406: 1c BranchF:               503420
503409: f4 LitI2_Byte:             0x0 0 (.)
50340B: 21 FLdPrThis
50340C: 0f VCallAd                 (object 1 )
50340F: 19 FStAdFunc               local_0088
503412: 08 FLdPr                   local_0088
503415: 0d VCallHresult             id
50341A: 1a FFree1Ad               local_0088
50341D: 1e Branch:                 50349b
503420: 04 FLdRfVar               local_008A
503423: 21 FLdPrThis
503424: 0f VCallAd                 (object 4 )
503427: 19 FStAdFunc               local_0088
50342A: 08 FLdPr                   local_0088
50342D: 0d VCallHresult             id
503432: 6b FLdI2                   local_008A
503435: f4 LitI2_Byte:             0xff -1 (.)
503437: c6 EqI2
503438: 1a FFree1Ad               local_0088
50343B: 1c BranchF:               503449
50343E: 08 FLdPr                   local_param_0008
503441: 0d VCallHresult             id

***************中间我略去一段汇编*********************

503473: 0d VCallHresult           CVBApplication::ge88$?(id
503478: 6c ILdRf                   local_0090
50347B: 04 FLdRfVar               local_0094
50347E: 05 ImpAdLdRf:             5257dc
503481: 24 NewIfNullPr             40c054
503484: 0d VCallHresult           CVBApplication::get_Clipboard
503489: 08 FLdPr                   local_0094
50348C: 0d VCallHresult           CVBApplication::ge94$?(id
503491: 2f FFree1Str               local_0090

Proc: 50454c

504454: 28 LitVarI2:               ( local_00A4 ) 0x0 (0)
504459: f5 LitI4:                 0x8 8 (....)
50445E: 04 FLdRfVar               local_00B4
504461: 0a ImpAdCallFPR4:
504466: 04 FLdRfVar               local_00B4
504469: 60 CStrVarTmp
50446A: 23 FStStrNoPop             local_00B8
50446D: 08 FLdPr                   local_param_0008
504470: Lead2/91 MemStStrCopy
504474: 2f FFree1Str               local_00B8
504477: 36 FFreeVar
50447E: f4 LitI2_Byte:             0x0 0 (.)

***************中间我略去一段汇编*********************

504534: 4e FStVarCopyObj           local_00A4
504537: 04 FLdRfVar               local_00A4
50453A: 0a ImpAdCallFPR4:
50453F: 36 FFreeVar
50454A: 13 ExitProcHresult

Proc: 501f4c

501F34: 1b LitStr:
501F37: 21 FLdPrThis
501F38: 0f VCallAd                 (object e )
501F3B: 19 FStAdFunc               local_0088
501F3E: 08 FLdPr                   local_0088
501F41: 0d VCallHresult             id
501F46: 1a FFree1Ad               local_0088
501F49: 13 ExitProcHresult

Successfully went through the program!
Now it's up to you to decipher it hehe!

Email josephco_@hotmail.com with any problems or errors

=======================================================================

另附：

一、你也可以用softice跟踪来得到注册码，用symbol loader装入程序，设置断点：bpm 51B484（51b484就是比较注册码的地址，回看上面的内容）

二、G0，帮助菜单调出注册对话框，随意输入一些数字，点<注册>按钮，softice就将程序拦下。（停在msvbvm60.dll的代码领空）

三、输入命令：d *(*esp+8)，即可得到注册码，注意是unicode格式的。