Ollydbg——轻松文本 2003 V6.13(VB)
-
下载页面: 
http://www.skycn.com/soft/5977.html<;br>
【软件限制】:NAG、功能限制
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:Ollydbg1.09、PEiD、AspackDie、W32Dasm 9.0白金版
—————————————————————————————————
【过 程】:
其实这个东东数10天前就做了,因为太忙,今天才把笔记整理出来,呵呵,作者也快升级了吧?
顺便看了一下同门的《英语音标大师 V1.02》,算法是一样的,就没必要写了。^O^ ^O^
easypad.exe 是ASPack 2.12壳,用AspackDie脱之。169K->732K。 VB 编写。
这个东东不算难,只是有些方面不好掌握。 ~Q~ ^Q^ ^v^ ^v^
序列号:FLYN649065455613
试炼码:fly-12345678-fly[OCN][FCG]-E
—————————————————————————————————
* Reference To: MSVBVM60.rtcInputBox, Ord:0254h
:004620D2 FF15FC104000 Call dword ptr [004010FC]
:004620D8 8BD0 mov edx, eax
====>EDX=fly-12345678-fly[OCN][FCG]-E 试炼码
:004620DA 8D4DA8 lea ecx, dword ptr [ebp-58]
:004620DD FFD6 call esi
:004620DF 8BD0 mov edx, eax
:004620E1 8B8D78FEFFFF mov ecx, dword ptr [ebp+FFFFFE78]
* Reference To: MSVBVM60.__vbaStrCopy, Ord:0000h
|
:004620E7 FF15D4124000 Call dword ptr [004012D4]
:004620ED 8D55A4 lea edx, dword ptr [ebp-5C]
:004620F0 52 push edx
.............................................
..............
* Reference To: MSVBVM60.__vbaFreeVarList, Ord:0000h
|
:00462161 FF1544104000 Call dword ptr [00401044]
:00462167 83C45C add esp, 0000005C
:0046216A 8B0B mov ecx, dword ptr [ebx]
:0046216C 8D95C8FEFFFF lea edx, dword ptr [ebp+FFFFFEC8]
:00462172 52 push edx
:00462173 8B8578FEFFFF mov eax, dword ptr [ebp+FFFFFE78]
:00462179 50 push eax
:0046217A 53 push ebx
:0046217B FF9128070000 call dword ptr [ecx+00000728]
====>关键CALL!进入!
:00462181 85C0 test eax, eax
:00462183 7D12 jge 00462197
:00462185 6828070000 push 00000728
:0046218A 688C574200 push 0042578C
:0046218F 53 push ebx
:00462190 50 push eax
* Reference To: MSVBVM60.__vbaHresultCheckObj, Ord:0000h
|
:00462191 FF15A4104000 Call dword ptr [004010A4]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00462183(C)
|
:00462197 6683BDC8FEFFFF00 cmp word ptr [ebp+FFFFFEC8], 0000
:0046219F 0F84C3030000 je 00462568
====>跳则OVER!
:004621A5 8D4D8C lea ecx, dword ptr [ebp-74]
:004621A8 51 push ecx
* Reference To: MSVBVM60.rtcGetDateVar, Ord:0262h
|
:004621A9 FF1524134000 Call dword ptr [00401324]
:004621AF 6A00 push 00000000
:004621B1 8D558C lea edx, dword ptr [ebp-74]
:004621B4 52 push edx
:004621B5 8D857CFFFFFF lea eax, dword ptr [ebp+FFFFFF7C]
:004621BB 50 push eax
...................................
.........................
:004622C3 8D856CFFFFFF lea eax, dword ptr [ebp+FFFFFF6C]
:004622C9 50 push eax
:004622CA 8D8D7CFFFFFF lea ecx, dword ptr [ebp+FFFFFF7C]
:004622D0 51 push ecx
:004622D1 8D558C lea edx, dword ptr [ebp-74]
:004622D4 52 push edx
* Reference To: MSVBVM60.rtcInputBox, Ord:0254h
|
:004622D5 FF15FC104000 Call dword ptr [004010FC]
====>恭喜完成!输入确认号码!7055
:004622DB 8BD0 mov edx, eax
====>EDX=7055
:004622DD 8D4DC8 lea ecx, dword ptr [ebp-38]
:004622E0 FFD6 call esi
:004622E2 50 push eax
* Reference To: MSVBVM60.__vbaR8Str, Ord:0000h
|
:004622E3 FF15C0124000 Call dword ptr [004012C0]
:004622E9 DB437C fild dword ptr [ebx+7C]
:004622EC DD9D70FEFFFF fstp qword ptr [ebp+FFFFFE70]
:004622F2 DC9D70FEFFFF fcomp qword ptr [ebp+FFFFFE70]
====>比较 确认号码 是否是7055?
:004622F8 DFE0 fstsw ax
:004622FA F6C440 test ah, 40
:004622FD 7407 je 00462306
:004622FF B801000000 mov eax, 00000001
:00462304 EB02 jmp 00462308
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004622FD(C)
|
:00462306 33C0 xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00462304(U)
|
:00462308 F7D8 neg eax
:0046230A 668BF0 mov si, ax
:0046230D 8D45C8 lea eax, dword ptr [ebp-38]
:00462310 50 push eax
:00462311 8D4DCC lea ecx, dword ptr [ebp-34]
:00462314 51 push ecx
:00462315 6A02 push 00000002
* Reference To: MSVBVM60.__vbaFreeStrList, Ord:0000h
|
:00462317 FF15E4124000 Call dword ptr [004012E4]
:0046231D 8D952CFFFFFF lea edx, dword ptr [ebp+FFFFFF2C]
:00462323 52 push edx
:00462324 8D853CFFFFFF lea eax, dword ptr [ebp+FFFFFF3C]
:0046232A 50 push eax
:0046232B 8D8D4CFFFFFF lea ecx, dword ptr [ebp+FFFFFF4C]
:00462331 51 push ecx
:00462332 8D955CFFFFFF lea edx, dword ptr [ebp+FFFFFF5C]
:00462338 52 push edx
:00462339 8D856CFFFFFF lea eax, dword ptr [ebp+FFFFFF6C]
:0046233F 50 push eax
:00462340 8D8D7CFFFFFF lea ecx, dword ptr [ebp+FFFFFF7C]
:00462346 51 push ecx
:00462347 8D558C lea edx, dword ptr [ebp-74]
:0046234A 52 push edx
:0046234B 6A07 push 00000007
* Reference To: MSVBVM60.__vbaFreeVarList, Ord:0000h
|
:0046234D FF1544104000 Call dword ptr [00401044]
:00462353 83C42C add esp, 0000002C
:00462356 6685F6 test si, si
:00462359 0F8409020000 je 00462568
:0046235F 8B8578FEFFFF mov eax, dword ptr [ebp+FFFFFE78]
:00462365 8B08 mov ecx, dword ptr [eax]
:00462367 51 push ecx
* Possible StringData Ref from Code Obj ->"rregnumber"
|
:00462368 6870684200 push 00426870
* Possible StringData Ref from Code Obj ->"rregist"
|
:0046236D 685C684200 push 0042685C
* Possible StringData Ref from Code Obj ->"eeasypad"
|
:00462372 68E8634200 push 004263E8
* Reference To: MSVBVM60.rtcSaveSetting, Ord:02B2h
|
:00462377 FF150C104000 Call dword ptr [0040100C]
====>保存注册信息!
:0046237D E9E6010000 jmp 00462568
—————————————————————————————————
进入关键CALL:0046217B call dword ptr [ecx+00000728]
…… ……省略…… ……
:004724A8 FFD3 call ebx
:004724AA 50 push eax
* Possible StringData Ref from Code Obj ->"CC:\"
|
:004724AB 68A4974200 push 004297A4
:004724B0 8D45CC lea eax, dword ptr [ebp-34]
:004724B3 50 push eax
:004724B4 FFD3 call ebx
:004724B6 50 push eax
:004724B7 E8EC30FBFF call 004255A8
* Reference To: MSVBVM60.__vbaSetSystemError, Ord:0000h
|
:004724BC FF1598104000 Call dword ptr [00401098]
:004724C2 8B4DC8 mov ecx, dword ptr [ebp-38]
* Reference To: MSVBVM60.__vbaStrToUnicode, Ord:0000h
|
:004724C5 8B1D38124000 mov ebx, dword ptr [00401238]
:004724CB 51 push ecx
:004724CC 8D55C4 lea edx, dword ptr [ebp-3C]
:004724CF 52 push edx
:004724D0 FFD3 call ebx
:004724D2 50 push eax
:004724D3 8B45DC mov eax, dword ptr [ebp-24]
:004724D6 50 push eax
:004724D7 57 push edi
* Reference To: MSVBVM60.__vbaLsetFixstr, Ord:0000h
|
:004724D8 FF1594104000 Call dword ptr [00401094]
:004724DE 8B4DC0 mov ecx, dword ptr [ebp-40]
:004724E1 51 push ecx
:004724E2 8D55BC lea edx, dword ptr [ebp-44]
:004724E5 52 push edx
:004724E6 FFD3 call ebx
:004724E8 50 push eax
:004724E9 8B45D8 mov eax, dword ptr [ebp-28]
:004724EC 50 push eax
:004724ED 57 push edi
* Reference To: MSVBVM60.__vbaLsetFixstr, Ord:0000h
|
:004724EE FF1594104000 Call dword ptr [00401094]
:004724F4 8D4DBC lea ecx, dword ptr [ebp-44]
:004724F7 51 push ecx
:004724F8 8D55C0 lea edx, dword ptr [ebp-40]
:004724FB 52 push edx
:004724FC 8D45C4 lea eax, dword ptr [ebp-3C]
:004724FF 50 push eax
:00472500 8D4DC8 lea ecx, dword ptr [ebp-38]
:00472503 51 push ecx
:00472504 8D55CC lea edx, dword ptr [ebp-34]
:00472507 52 push edx
:00472508 6A05 push 00000005
* Reference To: MSVBVM60.__vbaFreeStrList, Ord:0000h
|
:0047250A FF15E4124000 Call dword ptr [004012E4]
:00472510 8B5D0C mov ebx, dword ptr [ebp+0C]
:00472513 8B03 mov eax, dword ptr [ebx]
====>EAX=fly-12345678-fly[OCN][FCG]-E 试炼码
:00472515 83C418 add esp, 00000018
:00472518 6A01 push 00000001
:0047251A 6AFF push FFFFFFFF
:0047251C 6A01 push 00000001
:0047251E 68D0654200 push 004265D0
:00472523 68CC754200 push 004275CC
:00472528 50 push eax
* Reference To: MSVBVM60.rtcReplace, Ord:02C8h
|
:00472529 FF152C124000 Call dword ptr [0040122C]
====>去除试炼码中的-
:0047252F 8BD0 mov edx, eax
====>EDX=fly12345678fly[OCN][FCG]E
:00472531 8D4DD4 lea ecx, dword ptr [ebp-2C]
* Reference To: MSVBVM60.__vbaStrMove, Ord:0000h
|
:00472534 FF1578134000 Call dword ptr [00401378]
:0047253A 8B0B mov ecx, dword ptr [ebx]
* Reference To: MSVBVM60.__vbaLenBstr, Ord:0000h
|
:0047253C 8B1D34104000 mov ebx, dword ptr [00401034]
:00472542 51 push ecx
====>ECX=fly-12345678-fly[OCN][FCG]-E
:00472543 FFD3 call ebx
====>取fly-12345678-fly[OCN][FCG]-E的长度
:00472545 8BD0 mov edx, eax
====>EDX=1C
:00472547 8B45D4 mov eax, dword ptr [ebp-2C]
:0047254A 50 push eax
====>EAX=fly12345678fly[OCN][FCG]E
:0047254B 899528FFFFFF mov dword ptr [ebp+FFFFFF28], edx
====>[ebp+FFFFFF28]=EDX=1C
:00472551 FFD3 call ebx
====>取fly12345678fly[OCN][FCG]E的长度=19
:00472553 8B8D28FFFFFF mov ecx, dword ptr [ebp+FFFFFF28]
====>ECX=1C
:00472559 8B55D4 mov edx, dword ptr [ebp-2C]
:0047255C 33DB xor ebx, ebx
:0047255E 3BC1 cmp eax, ecx
====>比较2者长度是否相同?既检测试炼码中是否有-
:00472560 52 push edx
:00472561 0F9DC3 setnl bl
====>设置BL值!有-则长度不同则BL=0
* Reference To: MSVBVM60.__vbaLenBstr, Ord:0000h
|
:00472564 FF1534104000 Call dword ptr [00401034]
====>取fly12345678fly[OCN][FCG]E的长度=19
:0047256A 33C9 xor ecx, ecx
:0047256C 83F819 cmp eax, 00000019
====>去除试炼码中的-后是否是25位?
:0047256F 0F9CC1 setl cl
====>设置CL值!是25位则CL=0
:00472572 0BD9 or ebx, ecx
:00472574 0F850C010000 jne 00472686
====>如果上面2个条件都符合则此处不跳!
====>若此处跳就直接OVER了!爆破点①!
:0047257A 8B55D4 mov edx, dword ptr [ebp-2C]
====>EDX=fly12345678fly[OCN][FCG]E
:0047257D A110804A00 mov eax, dword ptr [004A8010]
====>EAX=211C1E09 C盘的硬盘序列号
:00472582 8D4DA4 lea ecx, dword ptr [ebp-5C]
:00472585 89955CFFFFFF mov dword ptr [ebp+FFFFFF5C], edx
:0047258B 2DCF337B00 sub eax, 007B33CF
====>EAX=211C1E09 - 007B33CF=20A0EA3A
:00472590 51 push ecx
:00472591 8D5594 lea edx, dword ptr [ebp-6C]
:00472594 0F8020050000 jo 00472ABA
:0047259A 52 push edx
:0047259B C78554FFFFFF08000000 mov dword ptr [ebp+FFFFFF54], 00000008
:004725A5 8945AC mov dword ptr [ebp-54], eax
:004725A8 C745A403000000 mov [ebp-5C], 00000003
* Reference To: MSVBVM60.rtcHexVarFromVar, Ord:023Dh
|
:004725AF FF15D8124000 Call dword ptr [004012D8]
:004725B5 6A01 push 00000001
:004725B7 8D8554FFFFFF lea eax, dword ptr [ebp+FFFFFF54]
:004725BD 50 push eax
:004725BE 8D4D94 lea ecx, dword ptr [ebp-6C]
:004725C1 51 push ecx
:004725C2 6A01 push 00000001
:004725C4 8D5584 lea edx, dword ptr [ebp-7C]
:004725C7 52 push edx
:004725C8 89BD4CFFFFFF mov dword ptr [ebp+FFFFFF4C], edi
:004725CE C78544FFFFFF02800000 mov dword ptr [ebp+FFFFFF44], 00008002
* Reference To: MSVBVM60.__vbaInStrVar, Ord:0000h
|
:004725D8 FF1570124000 Call dword ptr [00401270]
====>比较CALL!进入!有点特别呀 ^O^ ^O^
:004725DE 50 push eax
:004725DF 8D8544FFFFFF lea eax, dword ptr [ebp+FFFFFF44]
:004725E5 50 push eax
* Reference To: MSVBVM60.__vbaVarTstGt, Ord:0000h
|
:004725E6 FF1504104000 Call dword ptr [00401004]
:004725EC 8D4D84 lea ecx, dword ptr [ebp-7C]
:004725EF 51 push ecx
:004725F0 8D5594 lea edx, dword ptr [ebp-6C]
:004725F3 668BD8 mov bx, ax
====>爆破点②! ^O^ ^O^
:004725F6 52 push edx
:004725F7 8D45A4 lea eax, dword ptr [ebp-5C]
:004725FA 50 push eax
:004725FB 6A03 push 00000003
* Reference To: MSVBVM60.__vbaFreeVarList, Ord:0000h
|
:004725FD FF1544104000 Call dword ptr [00401044]
:00472603 83C410 add esp, 00000010
:00472606 663BDF cmp bx, di
:00472609 0F84E3000000 je 004726F2
====>跳则OVER!
:0047260F 8B0E mov ecx, dword ptr [esi]
:00472611 56 push esi
:00472612 C745D0FFFFFFFF mov [ebp-30], FFFFFFFF
:00472619 FF912C060000 call dword ptr [ecx+0000062C]
:0047261F 50 push eax
:00472620 8D55B8 lea edx, dword ptr [ebp-48]
:00472623 52 push edx
* Reference To: MSVBVM60.__vbaObjSet, Ord:0000h
|
:00472624 FF15F4104000 Call dword ptr [004010F4]
:0047262A 8D4DB4 lea ecx, dword ptr [ebp-4C]
:0047262D 51 push ecx
:0047262E 8BF0 mov esi, eax
:00472630 8B06 mov eax, dword ptr [esi]
:00472632 6A03 push 00000003
:00472634 56 push esi
:00472635 FF5040 call [eax+40]
:00472638 DBE2 fclex
:0047263A 3BC7 cmp eax, edi
:0047263C 7D0F jge 0047264D
:0047263E 6A40 push 00000040
:00472640 68BC654200 push 004265BC
:00472645 56 push esi
:00472646 50 push eax
—————————————————————————————————
进入比较CALL:004725D8 Call dword ptr [00401270]
再进入:7347A9CC Call MSVBVM60.__vbaInStr
733A45A5 > 55 push ebp
733A45A6 8BEC mov ebp,esp
733A45A8 81EC BC000000 sub esp,0BC
733A45AE 8365 EC 00 and dword ptr ss:[ebp-14],0
733A45B2 53 push ebx
733A45B3 56 push esi
733A45B4 8B75 0C mov esi,dword ptr ss:[ebp+C]
====>ESI=20A0EA3A
733A45B7 57 push edi
733A45B8 8B7D 10 mov edi,dword ptr ss:[ebp+10]
====>EDI=fly12345678fly[OCN][FCG]E
733A45BB 8D85 44FFFFFF lea eax,dword ptr ss:[ebp-BC]
733A45C1 897D F8 mov dword ptr ss:[ebp-8],edi
733A45C4 85FF test edi,edi
733A45C6 8945 F4 mov dword ptr ss:[ebp-C],eax
733A45C9 8975 FC mov dword ptr ss:[ebp-4],esi
733A45CC 0F84 09350300 je MSVBVM60.733D7ADB
733A45D2 8B47 FC mov eax,dword ptr ds:[edi-4]
733A45D5 D1E8 shr eax,1
====>取fly12345678fly[OCN][FCG]E长度
733A45D7 8945 E4 mov dword ptr ss:[ebp-1C],eax
====>EAX=19
733A45DA 0F84 FB340300 je MSVBVM60.733D7ADB
733A45E0 85F6 test esi,esi
733A45E2 0F84 EB340300 je MSVBVM60.733D7AD3
733A45E8 8B46 FC mov eax,dword ptr ds:[esi-4]
733A45EB D1E8 shr eax,1
====>取20A0EA3A的长度
733A45ED 8945 E4 mov dword ptr ss:[ebp-1C],eax
====>EAX=8
733A45F0 0F84 DD340300 je MSVBVM60.733D7AD3
733A45F6 8B45 14 mov eax,dword ptr ss:[ebp+14]
733A45F9 8D58 FF lea ebx,dword ptr ds:[eax-1]
733A45FC 85DB test ebx,ebx
733A45FE 0F8C 33330300 jl MSVBVM60.733D7937
733A4604 81FB FFFFFF3F cmp ebx,3FFFFFFF
733A460A 0F87 27330300 ja MSVBVM60.733D7937
733A4610 8B45 08 mov eax,dword ptr ss:[ebp+8]
733A4613 895D E8 mov dword ptr ss:[ebp-18],ebx
733A4616 85C0 test eax,eax
733A4618 0F85 20330300 jnz MSVBVM60.733D793E
====>跳下去,转变大写字母为小写字母!
733A461E 8B45 F8 mov eax,dword ptr ss:[ebp-8]
====>转变完了再跳回来!
733A4621 85C0 test eax,eax
====>EAX=fly12345678fly[ocn][fcg]e
733A4623 0F84 06340300 je MSVBVM60.733D7A2F
733A4629 8B48 FC mov ecx,dword ptr ds:[eax-4]
733A462C D1E9 shr ecx,1
733A462E 85F6 test esi,esi
733A4630 0F84 00340300 je MSVBVM60.733D7A36
733A4636 8B56 FC mov edx,dword ptr ds:[esi-4]
733A4639 D1EA shr edx,1
733A463B 8B7D E8 mov edi,dword ptr ss:[ebp-18]
733A463E 3BF9 cmp edi,ecx
733A4640 73 74 jnb short MSVBVM60.733A46B6
733A4642 85D2 test edx,edx
733A4644 0F84 F3330300 je MSVBVM60.733D7A3D
733A464A 3BD1 cmp edx,ecx
733A464C 0F87 F6330300 ja MSVBVM60.733D7A48
733A4652 8D0478 lea eax,dword ptr ds:[eax+edi*2]
733A4655 8B7D F8 mov edi,dword ptr ss:[ebp-8]
733A4658 2BCA sub ecx,edx
733A465A 8D5C4F 02 lea ebx,dword ptr ds:[edi+ecx*2+2]
733A465E 0FB70E movzx ecx,word ptr ds:[esi]
733A4661 894D 14 mov dword ptr ss:[ebp+14],ecx
733A4664 8D4C12 FE lea ecx,dword ptr ds:[edx+edx-2]
733A4668 3BC3 cmp eax,ebx
733A466A 894D E4 mov dword ptr ss:[ebp-1C],ecx
733A466D 73 47 jnb short MSVBVM60.733A46B6
733A466F 8BCB &相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>