您的位置:首页精文荟萃破解文章 → 破P-code程序心得

破P-code程序心得

时间:2004/10/15 0:57:00来源:本站整理作者:蓝点我要评论(0)

 这是我用exdec反编出来的!破P-code程序,这个可是好东东来的啊!
--------------------------------------------------------------

Email josephco_@hotmail.com with any errors or problems


Proc: 50af94

50ABF0: 00 LargeBos              
50ABF2: 00 LargeBos              
50ABF4: 04 FLdRfVar                local_008A
50ABF7: 04 FLdRfVar                local_0088
50ABFA: 05 ImpAdLdRf:              5257dc
50ABFD: 24 NewIfNullPr             40c054
50AC00: 0d VCallHresult            CVBApplication::get_App
50AC05: 08 FLdPr                   local_0088
50AC08: 0d VCallHresult            CVBApplication::ge88$?(id
50AC0D: 6b FLdI2                   local_008A
50AC10: 1a FFree1Ad                local_0088
50AC13: 1c BranchF:                50AC1A
50AC16: 00 LargeBos              
50AC18: Lead1/c8 End              
50AC1A: 00 LargeBos              
50AC1C: 4b onErrorGoto            
50AC1F: 00 LargeBos              
50AC21: 04 FLdRfVar                local_0088
50AC24: 04 FLdRfVar                local_0094
50AC27: 24 NewIfNullPr             40e7e0
50AC2A: 0d VCallHresult            CVBApplication::get_Clipboard
50AC2F: 3e FLdZeroAd               local_0088
50AC32: 5b FStAdFuncNoPop          local_00B8
50AC35: 04 FLdRfVar                local_0090
50AC38: Lead3/88 ForEachCollObj  
50AC40: 00 LargeBos              
50AC42: 04 FLdRfVar                local_00C0
50AC45: 08 FLdPr                   local_0090
50AC48: 0d VCallHresult            CVBApplication::get_forms
50AC4D: 6c ILdRf                   local_00C0
50AC50: f5 LitI4:                  0x2  2  (....)
50AC55: c7 EqI4                  
50AC56: 1c BranchF:                50AC99
50AC59: 00 LargeBos              
50AC5B: 04 FLdRfVar                local_00D0
50AC5E: 08 FLdPr                   local_0090
50AC61: 0d VCallHresult            CVBApplication::LoadResData
50AC66: 04 FLdRfVar                local_00D0
50AC69: 60 CStrVarTmp            
50AC6A: 23 FStStrNoPop             local_00D4
50AC6D: 6b FLdI2                   local_0096
50AC70: e7 CI4UI1

***************中间我略去一段汇编*********************

Proc: 51c194

51AD8C: 00 LargeBos  →  LargeBos表示是一行VB源代码的开头,从当前LargeBos到下一个LargeBos之间的代码是从一行源代码编译过来的              
51AD8E: 00 LargeBos              
51AD90: 4b onErrorGoto            
51AD93: 00 LargeBos              
51AD95: f5 LitI4:                  0xbb8  3000  (....)  →  Lit 代表Literal,表示是装入立即数
51AD9A: 71 FStR4                   local_008C
51AD9D: 00 LargeBos              
51AD9F: 27 LitVar_Missing  →  LitVar_Missing表示可选参数未赋值        
51ADA2: 0a ImpAdCallFPR4:          
51ADA7: 35 FFree1Var               local_00B0
51ADAA: 00 LargeBos              
51ADAC: 27 LitVar_Missing        
51ADAF: 0a ImpAdCallFPR4:          
51ADB4: 73 FStFPR4                
51ADB7: f4 LitI2_Byte:             0x18  24  (.)  →  字节立即数
51ADB9: eb CR8I2  →  转换成Double                
51ADBA: 6e FLdFPR4                
51ADBD: b3 MulR8                  
51ADBE: Lead0/e6 FnIntR8          
51ADC0: f4 LitI2_Byte:             0x1  1  (.)
51ADC2: eb CR8I2                  
51ADC3: ab AddR8                  
51ADC4: e5 CI2R8                  
51ADC5: 70 FStI2                   local_0086
51ADC8: 35 FFree1Var               local_00B0

       dim local_00B6 as integer
       local_00B6 = local_0086

51ADCB: 00 LargeBos              
51ADCD: 6b FLdI2                   local_0086
51ADD0: 70 FStI2                   local_00B6

       select case local_00B6
       case 1

51ADD3: 00 LargeBos              
51ADD5: 6b FLdI2                   local_00B6
51ADD8: f4 LitI2_Byte:             0x1  1  (.)
51ADDA: c6 EqI2                  
51ADDB: 1c BranchF:                51AE13
51ADDE: 00 LargeBos              
51ADE0: 6c ILdRf                   local_008C
51ADE3: 71 FStR4                   local_0090
51ADE6: 00 LargeBos              
51ADE8: 6c ILdRf                   local_008C
51ADEB: f5 LitI4:                  0x168  360  (...h)
51ADF0: aa AddI4                  
51ADF1: 71 FStR4                   local_0090
51ADF4: 00 LargeBos              
51ADF6: 6c ILdRf                   local_008C
51ADF9: f5 LitI4:                  0x2d0  720  (....)
51ADFE: aa AddI4                  
51ADFF: 71 FStR4                   local_0090
51AE02: 00 LargeBos              
51AE04: 6c ILdRf                   local_008C
51AE07: f5 LitI4:                  0x438  1080  (...8)
51AE0C: aa AddI4                  
51AE0D: 71 FStR4                   local_0090
51AE10: 1e Branch:                 51b3d0

***************中间我略去一段汇编*********************

51B3A6: 00 LargeBos              
51B3A8: 6c ILdRf                   local_008C
51B3AB: f5 LitI4:                  0x168  360  (...h)
51B3B0: aa AddI4                  
51B3B1: 71 FStR4                   local_0090
51B3B4: 00 LargeBos              
51B3B6: 6c ILdRf                   local_008C
51B3B9: f5 LitI4:                  0x2d0  720  (....)
51B3BE: aa AddI4                  
51B3BF: 71 FStR4                   local_0090
51B3C2: 00 LargeBos              
51B3C4: 6c ILdRf                   local_008C
51B3C7: f5 LitI4:                  0x438  1080  (...8)
51B3CC: aa AddI4                  
51B3CD: 71 FStR4                   local_0090

由51AD9D到此处是没用的干扰代码,干扰代码后面还出现了两次,删!

       dim temp as variant
   temp = StrReverse(CStr(CLng(Text5.Text)/1022)) ;真注册码

51B3D0: 00 LargeBos              
51B3D2: 00 LargeBos              
51B3D4: 04 FLdRfVar                local_00D0
51B3D7: 21 FLdPrThis              
51B3D8: 0f VCallAd                 (object 8 )
51B3DB: 19 FStAdFunc               local_00CC
51B3DE: 08 FLdPr                   local_00CC
51B3E1: 0d VCallHresult            禚d
51B3E6: 6c ILdRf                   local_00D0
51B3E9: 50 CI4Str                
51B3EA: f5 LitI4:                  0x3fe  1022  (....)
51B3EF: c0 IDvI4                  
51B3F0: Lead0/fe CStrI4          
51B3F2: 23 FStStrNoPop             local_00D4
51B3F5: 0b ImpAdCallI2             
51B3FA: 46 CVarStr                 local_00B0
51B3FD: Lead1/f6 FStVar          
51B401: 32 FFreeStr
51B408: 1a FFree1Ad                local_00CC

   if Left(Text1.Text,Len(StrReverse(CStr(CLng(Text5.Text)/1022)))
     = StrReverse(CStr(CLng(Text5.Text)/1022))

51B40B: 00 LargeBos              
51B40D: 04 FLdRfVar                local_00D0
51B410: 21 FLdPrThis              
51B411: 0f VCallAd                 (object e )
51B414: 19 FStAdFunc               local_00CC
51B417: 08 FLdPr                   local_00CC
51B41A: 0d VCallHresult            禚d
51B41F: 04 FLdRfVar                local_00D4
51B422: 21 FLdPrThis              
51B423: 0f VCallAd                 (object 8 )
51B426: 19 FStAdFunc               local_00D8
51B429: 08 FLdPr                   local_00D8
51B42C: 0d VCallHresult            禚d
51B431: 6c ILdRf                   local_00D4
51B434: 50 CI4Str                
51B435: f5 LitI4:                  0x3fe  1022  (....)
51B43A: c0 IDvI4                  
51B43B: Lead0/fe CStrI4          
51B43D: 23 FStStrNoPop             local_00DC
51B440: 0b ImpAdCallI2             
51B445: 23 FStStrNoPop             local_00E0
51B448: 4a FnLenStr              
51B449: 3e FLdZeroAd               local_00D0
51B44C: 46 CVarStr                 local_00B0  →  输入的注册码
51B44F: 04 FLdRfVar                local_00F0
51B452: 0a ImpAdCallFPR4:          
51B457: 04 FLdRfVar                local_00F0
51B45A: 04 FLdRfVar                local_00F8
51B45D: 21 FLdPrThis              
51B45E: 0f VCallAd                 (object 8 )
51B461: 19 FStAdFunc               local_00F4
51B464: 08 FLdPr                   local_00F4
51B467: 0d VCallHresult            禚d
51B46C: 6c ILdRf                   local_00F8
51B46F: 50 CI4Str                
51B470: f5 LitI4:                  0x3fe  1022  (....)
51B475: c0 IDvI4                  
51B476: Lead0/fe CStrI4          
51B478: 23 FStStrNoPop             local_00FC
51B47B: 0b ImpAdCallI2             
51B480: 46 CVarStr                 local_010C
51B483: 5d HardType              
51B484: Lead0/33 EqVarBool  →  比较真注册码与输入的注册码        
51B486: 32 FFreeStr
51B493: 29 FFreeAd:
51B49C: 36 FFreeVar
51B4A5: 1c BranchF:                51C179

       没用的干扰代码,删去

       SaveSetting "wbreg","wbregfile","wbregfilename",注册码

       在注册表中保存注册码:(在我的动画里也有意放上这个的 !!!)
[HKEY_CURRENT_USER\Software\VB and VBA Program Settings\wbreg\wbregfile]
"wbregfilename"=注册码

51B4A8: 00 LargeBos              
51B4AA: f5 LitI4:                  0x7530  30000  (..u0)
51B4AF: 71 FStR4                   local_008C
51B4B2: 00 LargeBos              
51B4B4: 27 LitVar_Missing        
51B4B7: 0a ImpAdCallFPR4:          
51B4BC: 35 FFree1Var               local_00B0
51B4BF: 00 LargeBos              
51B4C1: 27 LitVar_Missing        
51B4C4: 0a ImpAdCallFPR4:          
51B4C9: 73 FStFPR4                
51B4CC: f4 LitI2_Byte:             0x18  24  (.)
51B4CE: eb CR8I2                  
51B4CF: 6e FLdFPR4                
51B4D2: b3 MulR8                  
51B4D3: Lead0/e6 FnIntR8          
51B4D5: f4 LitI2_Byte:             0x1  1  (.)
51B4D7: eb CR8I2                  
51B4D8: ab AddR8                  
51B4D9: e5 CI2R8                  
51B4DA: 70 FStI2                   local_0086
51B4DD: 35 FFree1Var               local_00B0
51B4E0: 00 LargeBos              
51B4E2: 6b FLdI2                   local_0086
51B4E5: 70 FStI2                   local_011E
51B4E8: 00 LargeBos              
51B4EA: 6b FLdI2                   local_011E
51B4ED: f4 LitI2_Byte:             0x1  1  (.)
51B4EF: c6 EqI2                  
51B4F0: 1c BranchF:                51B528
51B4F3: 00 LargeBos              
51B4F5: 6c ILdRf                   local_008C
51B4F8: 71 FStR4                   local_0090
51B4FB: 00 LargeBos              
51B4FD: 6c ILdRf                   local_008C
51B500: f5 LitI4:                  0x168  360  (...h)
51B505: aa AddI4                  
51B506: 71 FStR4                   local_0090
51B509: 00 LargeBos              
51B50B: 6c ILdRf                   local_008C
51B50E: f5 LitI4:                  0x2d0  720  (....)
51B513: aa AddI4                  
51B514: 71 FStR4                   local_0090
51B517: 00 LargeBos              
51B519: 6c ILdRf                   local_008C
51B51C: f5 LitI4:                  0x438  1080  (...8)
51B521: aa AddI4                  

***************中间我略去一段汇编*********************

51BAE5: 00 LargeBos              
51BAE7: 00 LargeBos              
51BAE9: 04 FLdRfVar                local_00D0
51BAEC: 21 FLdPrThis              
51BAED: 0f VCallAd                 (object e )
51BAF0: 19 FStAdFunc               local_00CC
51BAF3: 08 FLdPr                   local_00CC
51BAF6: 0d VCallHresult            禚d
51BAFB: 6c ILdRf                   local_00D0
51BAFE: 0b ImpAdCallI2             
51BB03: 23 FStStrNoPop             local_00D4
51BB06: 1b LitStr:                 wbregfilename  →  存放在注册表的信息,这里放注册码!
51BB09: 1b LitStr:                 wbregfile  →  存放在注册表的信息
51BB0C: 1b LitStr:                 wbreg  →  存放在注册表的信息
51BB0F: 0a ImpAdCallFPR4:          衊帬
51BB14: 32 FFreeStr
51BB1B: 1a FFree1Ad                local_00CC  →  注册成功提示
51BB1E: 00 LargeBos              
51BB20: 27 LitVar_Missing        
51BB23: 27 LitVar_Missing        
51BB26: 3a LitVarStr:              ( local_0130 )
51BB2B: 4e FStVarCopyObj           local_00F0
51BB2E: 04 FLdRfVar                local_00F0
51BB31: f5 LitI4:                  0x40  64  (...@)
51BB36: 3a LitVarStr:              ( local_00A0 )  →  “注册成功”
51BB3B: 4e FStVarCopyObj           local_00B0
51BB3E: 04 FLdRfVar                local_00B0
51BB41: 0a ImpAdCallFPR4:          
51BB46: 36 FFreeVar
51BB51: 00 LargeBos              

***************中间我略去一段汇编*********************

51C17E: 0f VCallAd                 (object e )
51C181: 19 FStAdFunc               local_00CC
51C184: 08 FLdPr                   local_00CC
51C187: 0d VCallHresult            禚d
51C18C: 1a FFree1Ad                local_00CC
51C18F: 00 LargeBos              
51C191: 13 ExitProcHresult        


Proc: 502a84

502A1C: 7f ILdI2                  
502A1F: f4 LitI2_Byte:             0x0  0  (.)
502A21: c6 EqI2                  
502A22: 1c BranchF:                502A54
502A25: f5 LitI4:                  0x1  1  (....)
502A2A: f5 LitI4:                  0x0  0  (....)
502A2F: f5 LitI4:                  0x0  0  (....)
502A34: 1b LitStr:                 http://www.8ge.net
502A37: 04 FLdRfVar                local_0088
502A3A: 34 CStr2Ansi              
502A3B: 6c ILdRf                   local_0088
502A3E: f5 LitI4:                  0x0  0  (....)
502A43: f5 LitI4:                  0x0  0  (....)
502A48: 0a ImpAdCallFPR4:          treedll.dll
502A4D: 3c SetLastSystemError    
502A4E: 2f FFree1Str               local_0088
502A51: 1e Branch:                 502a80
502A54: f5 LitI4:                  0x1  1  (....)
502A59: f5 LitI4:                  0x0  0  (....)
502A5E: f5 LitI4:                  0x0  0  (....)
502A63: 1b LitStr:                 mailto:dingganchao@163.com
502A66: 04 FLdRfVar                local_0088
502A69: 34 CStr2Ansi              
502A6A: 6c ILdRf                   local_0088
502A6D: f5 LitI4:                  0x0  0  (....)
502A72: f5 LitI4:                  0x0  0  (....)
502A77: 0a ImpAdCallFPR4:          treedll.dll


Proc: 50441c

504314: 7f ILdI2                  
504317: f4 LitI2_Byte:             0x0  0  (.)
504319: c6 EqI2                  
50431A: 1c BranchF:                504399
50431D: f4 LitI2_Byte:             0xff  -1  (.)
50431F: 21 FLdPrThis              
504320: 0f VCallAd                 (object 1 )

***************中间我略去一段汇编*********************

5043FC: 21 FLdPrThis              
5043FD: 0f VCallAd                 (object 2 )
504400: 19 FStAdFunc               local_0088
504403: 08 FLdPr                   local_0088
504406: 0d VCallHresult             id
50440B: 08 FLdPr                   local_00AC
50440E: 0d VCallHresult             id


Proc: 502338

502308: f5 LitI4:                  0x1  1  (....)
50230D: f5 LitI4:                  0x0  0  (....)
502312: f5 LitI4:                  0x0  0  (....)
502317: 1b LitStr:                 http://www.softreg.com/shareware_view.asp?id={9441703A-5180-4904-B533-ACD52C9A6CAC}
50231A: 04 FLdRfVar                local_0088
50231D: 34 CStr2Ansi              
50231E: 6c ILdRf                   local_0088
502321: f5 LitI4:                  0x0  0  (....)
502326: f5 LitI4:                  0x0  0  (....)
50232B: 0a ImpAdCallFPR4:          treedll.dll


Proc: 50349c

503400: 7f ILdI2                  
503403: f4 LitI2_Byte:             0x0  0  (.)
503405: c6 EqI2                  
503406: 1c BranchF:                503420
503409: f4 LitI2_Byte:             0x0  0  (.)
50340B: 21 FLdPrThis              
50340C: 0f VCallAd                 (object 1 )
50340F: 19 FStAdFunc               local_0088
503412: 08 FLdPr                   local_0088
503415: 0d VCallHresult             id
50341A: 1a FFree1Ad                local_0088
50341D: 1e Branch:                 50349b
503420: 04 FLdRfVar                local_008A
503423: 21 FLdPrThis              
503424: 0f VCallAd                 (object 4 )
503427: 19 FStAdFunc               local_0088
50342A: 08 FLdPr                   local_0088
50342D: 0d VCallHresult             id
503432: 6b FLdI2                   local_008A
503435: f4 LitI2_Byte:             0xff  -1  (.)
503437: c6 EqI2                  
503438: 1a FFree1Ad                local_0088
50343B: 1c BranchF:                503449
50343E: 08 FLdPr                   local_param_0008
503441: 0d VCallHresult             id

***************中间我略去一段汇编*********************

503473: 0d VCallHresult            CVBApplication::ge88$?(id
503478: 6c ILdRf                   local_0090
50347B: 04 FLdRfVar                local_0094
50347E: 05 ImpAdLdRf:              5257dc
503481: 24 NewIfNullPr             40c054
503484: 0d VCallHresult            CVBApplication::get_Clipboard
503489: 08 FLdPr                   local_0094
50348C: 0d VCallHresult            CVBApplication::ge94$?(id
503491: 2f FFree1Str               local_0090


Proc: 50454c

504454: 28 LitVarI2:               ( local_00A4 ) 0x0  (0)
504459: f5 LitI4:                  0x8  8  (....)
50445E: 04 FLdRfVar                local_00B4
504461: 0a ImpAdCallFPR4:          
504466: 04 FLdRfVar                local_00B4
504469: 60 CStrVarTmp            
50446A: 23 FStStrNoPop             local_00B8
50446D: 08 FLdPr                   local_param_0008
504470: Lead2/91 MemStStrCopy    
504474: 2f FFree1Str               local_00B8
504477: 36 FFreeVar
50447E: f4 LitI2_Byte:             0x0  0  (.)

***************中间我略去一段汇编*********************

504534: 4e FStVarCopyObj           local_00A4
504537: 04 FLdRfVar                local_00A4
50453A: 0a ImpAdCallFPR4:          
50453F: 36 FFreeVar
50454A: 13 ExitProcHresult        


Proc: 501f4c

501F34: 1b LitStr:                  
501F37: 21 FLdPrThis              
501F38: 0f VCallAd                 (object e )
501F3B: 19 FStAdFunc               local_0088
501F3E: 08 FLdPr                   local_0088
501F41: 0d VCallHresult             id
501F46: 1a FFree1Ad                local_0088
501F49: 13 ExitProcHresult        


Successfully went through the program!
Now it's up to you to decipher it hehe!

Email josephco_@hotmail.com with any problems or errors

=======================================================================

另附:

一、你也可以用softice跟踪来得到注册码,用symbol loader装入程序,设置断点:bpm 51B484(51b484就是比较注册码的地址,回看上面的内容)

二、G0,帮助菜单调出注册对话框,随意输入一些数字,点<注册>按钮,softice就将程序拦下。(停在msvbvm60.dll的代码领空)

三、输入命令:d *(*esp+8),即可得到注册码,注意是unicode格式的。


    
    
     
    
    
     

相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么

文章评论
发表评论

热门文章 去除winrar注册框方法

最新文章 比特币病毒怎么破解 比去除winrar注册框方法 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据

人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程