• 标 题:网络验证——拼音大师 V1.9(VB) 
  • 作 者:fly
  • 时 间:2003/08/25 02:48am
  • 链 接:http://bbs.pediy.com

网络验证——拼音大师 V1.9(VB)



下载页面:  http://www.skycn.com/soft/7579.html
软件大小:  1889 KB
软件语言:  简体中文
软件类别:  国产软件 / 共享版 / 文科工具
应用平台:  Win9x/NT/2000/XP
加入时间:  2003-04-26 15:34:01
下载次数:  31411
推荐等级:  ***
开 发 商:  http://authorware.myrice.com/pyds/index.htm

【软件简介】:《拼音大师》是一个专门用于将汉字转换为汉语拼音的软件。它具有以下功能:1、拥有大容量汉字库,包括简体字库和繁体字库,所以既可以查简体字拼音,又可以查繁体字拼音。 2、本软件可以将整篇文章迅速转换成带有声调的真正的拼音,而不像word中的拼音标注(如zhu2)。 3、软件具有智能化识别功能,能较好地识别多音字,此功能远超过word软件中的拼音指南。如百色、倘徉、龟兹等不常用的多音字也能很好地识别。

【软件限制】:10次试用、功能限制

【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!

【破解工具】:Ollydbg1.09、PEiD、W32Dasm 9.0白金版

—————————————————————————————————
【过    程】:
         
       
         
拼音大师.exe 无壳。 Visual Basic 6.0 编写。

机器码:633145146
试炼码:13572468  (其实不需要输入注册码)
—————————————————————————————————

拼音大师 升级有一段时间了,至少我还没发现有破解版的出现,看来是作者这次升级的注册方式起了大作用呀。

看看作者的注册方式:“作者会将你的注册码加入网络中的正版用户数据库。启动拼音大师,在注册对话框中单击‘注册认证’按钮,不用输入任何内容,稍等片刻即可完成注册。”

呵呵,说句实话,这种不用注册码而采用“正版用户数据库”网络验证的注册方式确实不错,最起码使如我等刚入门的Cracker有点无处下手了。但是,想给作者一个建议:何不只公开不完全的试用版?仅对注册用户发送附加验证的注册版,这样可以更有效的防止解密了。 ^O^ ^O^

其实这个东东前些天就看了,留这段时间给作者再次升级吧。好了,Let's Go!

—————————————————————————————————


…… ……省 略…… ……

:004703EB E81008FEFF              call 00450C00
                                 ====>是否已连网?

:004703F0 89859CFDFFFF            mov dword ptr [ebp+FFFFFD9C], eax

* Reference To: MSVBVM60.__vbaSetSystemError, Ord:0000h
                                 |
:004703F6 E85718F9FF              Call 00401C52
:004703FB FFB564FFFFFF            push dword ptr [ebp+FFFFFF64]
:00470401 8D45E0                  lea eax, dword ptr [ebp-20]
:00470404 50                      push eax

* Reference To: MSVBVM60.__vbaStrToUnicode, Ord:0000h
                                 |
:00470405 E84A19F9FF              Call 00401D54
:0047040A 33C0                    xor eax, eax
:0047040C 83BD9CFDFFFF00          cmp dword ptr [ebp+FFFFFD9C], 00000000
:00470413 0F95C0                  setne al
:00470416 F7D8                    neg eax
:00470418 66898598FDFFFF          mov word ptr [ebp+FFFFFD98], ax
:0047041F 8D8D64FFFFFF            lea ecx, dword ptr [ebp+FFFFFF64]

* Reference To: MSVBVM60.__vbaFreeStr, Ord:0000h
                                 |
:00470425 E82218F9FF              Call 00401C4C
:0047042A 0FBF8598FDFFFF          movsx eax, word ptr [ebp+FFFFFD98]
:00470431 85C0                    test eax, eax
:00470433 7405                    je 0047043A
                                 ====>跳则OVER!
                                 ====>呵呵,偷点懒,就从这里动手爆破吧!^O^ ^O^

:00470435 E9DE000000              jmp 00470518

…… ……省 略…… ……

* Reference To: MSVBVM60.rtcMsgBox, Ord:0253h
                                 |
:004704CA E87F18F9FF              Call 00401D4E
                                 ====>没连网? @v@  小猫不敢上呀  @v@

…… ……省 略…… ……

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470435(U)
|
:00470518 6A00                    push 00000000
:0047051A 6A12                    push 00000012
:0047051C 8B4508                  mov eax, dword ptr [ebp+08]
:0047051F 8B00                    mov eax, dword ptr [eax]
:00470521 FF7508                  push [ebp+08]
:00470524 FF903C030000            call dword ptr [eax+0000033C]
:0047052A 50                      push eax
:0047052B 8D8554FFFFFF            lea eax, dword ptr [ebp+FFFFFF54]
:00470531 50                      push eax

* Reference To: MSVBVM60.__vbaObjSet, Ord:0000h
                                 |
:00470532 E84B17F9FF              Call 00401C82
:00470537 50                      push eax

* Reference To: MSVBVM60.__vbaLateIdCall, Ord:0000h
                                 |
:00470538 E8FF17F9FF              Call 00401D3C
:0047053D 83C40C                  add esp, 0000000C
:00470540 8D8D54FFFFFF            lea ecx, dword ptr [ebp+FFFFFF54]

* Reference To: MSVBVM60.__vbaFreeObj, Ord:0000h
                                 |
:00470546 E81917F9FF              Call 00401C64

* Possible StringData Ref from Code Obj ->"hhttp://jyhy.jyjy.net.cn/pyds/zbyh.txt"
                                 ====>验证网址

:0047054B C78508FEFFFFA80C4500    mov dword ptr [ebp+FFFFFE08], 00450CA8
:00470555 C78500FEFFFF08000000    mov dword ptr [ebp+FFFFFE00], 00000008
:0047055F 6A10                    push 00000010
:00470561 58                      pop eax

* Reference To: MSVBVM60.__vbaChkstk, Ord:0000h
                                 |
:00470562 E84916F9FF              Call 00401BB0
:00470567 8DB500FEFFFF            lea esi, dword ptr [ebp+FFFFFE00]
:0047056D 8BFC                    mov edi, esp
:0047056F A5                      movsd
:00470570 A5                      movsd
:00470571 A5                      movsd
:00470572 A5                      movsd
:00470573 6A09                    push 00000009
:00470575 8B4508                  mov eax, dword ptr [ebp+08]
:00470578 8B00                    mov eax, dword ptr [eax]
:0047057A FF7508                  push [ebp+08]
:0047057D FF903C030000            call dword ptr [eax+0000033C]
:00470583 50                      push eax
:00470584 8D8554FFFFFF            lea eax, dword ptr [ebp+FFFFFF54]
:0047058A 50                      push eax

* Reference To: MSVBVM60.__vbaObjSet, Ord:0000h
                                 |
:0047058B E8F216F9FF              Call 00401C82
:00470590 50                      push eax

* Reference To: MSVBVM60.__vbaLateIdSt, Ord:0000h
                                 |
:00470591 E8A017F9FF              Call 00401D36
:00470596 8D8D54FFFFFF            lea ecx, dword ptr [ebp+FFFFFF54]

* Reference To: MSVBVM60.__vbaFreeObj, Ord:0000h
                                 |
:0047059C E8C316F9FF              Call 00401C64
:004705A1 C78508FEFFFF04000280    mov dword ptr [ebp+FFFFFE08], 80020004
:004705AB C78500FEFFFF0A000000    mov dword ptr [ebp+FFFFFE00], 0000000A
:004705B5 C785E8FDFFFF01000000    mov dword ptr [ebp+FFFFFDE8], 00000001
:004705BF C785E0FDFFFF03000000    mov dword ptr [ebp+FFFFFDE0], 00000003
:004705C9 6A10                    push 00000010
:004705CB 58                      pop eax

* Reference To: MSVBVM60.__vbaChkstk, Ord:0000h
                                 |
:004705CC E8DF15F9FF              Call 00401BB0
:004705D1 8DB500FEFFFF            lea esi, dword ptr [ebp+FFFFFE00]
:004705D7 8BFC                    mov edi, esp
:004705D9 A5                      movsd
:004705DA A5                      movsd
:004705DB A5                      movsd
:004705DC A5                      movsd
:004705DD 6A10                    push 00000010
:004705DF 58                      pop eax

* Reference To: MSVBVM60.__vbaChkstk, Ord:0000h
                                 |
:004705E0 E8CB15F9FF              Call 00401BB0
:004705E5 8DB5E0FDFFFF            lea esi, dword ptr [ebp+FFFFFDE0]
:004705EB 8BFC                    mov edi, esp
:004705ED A5                      movsd
:004705EE A5                      movsd
:004705EF A5                      movsd
:004705F0 A5                      movsd
:004705F1 6A02                    push 00000002
:004705F3 6A16                    push 00000016
:004705F5 8B4508                  mov eax, dword ptr [ebp+08]
:004705F8 8B00                    mov eax, dword ptr [eax]
:004705FA FF7508                  push [ebp+08]
:004705FD FF903C030000            call dword ptr [eax+0000033C]
:00470603 50                      push eax
:00470604 8D8554FFFFFF            lea eax, dword ptr [ebp+FFFFFF54]
:0047060A 50                      push eax

* Reference To: MSVBVM60.__vbaObjSet, Ord:0000h
                                 |
:0047060B E87216F9FF              Call 00401C82
:00470610 50                      push eax
:00470611 8D8544FFFFFF            lea eax, dword ptr [ebp+FFFFFF44]
:00470617 50                      push eax

* Reference To: MSVBVM60.__vbaLateIdCallLd, Ord:0000h
                                 |
:00470618 E80717F9FF              Call 00401D24
:0047061D 83C430                  add esp, 00000030
:00470620 50                      push eax
:00470621 8D8510FEFFFF            lea eax, dword ptr [ebp+FFFFFE10]
:00470627 50                      push eax

* Reference To: MSVBVM60.__vbaVar2Vec, Ord:0000h
                                 |
:00470628 E8FD16F9FF              Call 00401D2A
:0047062D 8D8510FEFFFF            lea eax, dword ptr [ebp+FFFFFE10]
:00470633 50                      push eax
:00470634 8B4508                  mov eax, dword ptr [ebp+08]
:00470637 05AC000000              add eax, 000000AC
:0047063C 50                      push eax

* Reference To: MSVBVM60.__vbaAryMove, Ord:0000h
                                 |
:0047063D E8EE16F9FF              Call 00401D30
:00470642 8D8D54FFFFFF            lea ecx, dword ptr [ebp+FFFFFF54]

* Reference To: MSVBVM60.__vbaFreeObj, Ord:0000h
                                 |
:00470648 E81716F9FF              Call 00401C64
:0047064D 8D8D44FFFFFF            lea ecx, dword ptr [ebp+FFFFFF44]

* Reference To: MSVBVM60.__vbaFreeVar, Ord:0000h
                                 |
:00470653 E8EE15F9FF              Call 00401C46
:00470658 833D34264A0000          cmp dword ptr [004A2634], 00000000
:0047065F 751B                    jne 0047067C
:00470661 6834264A00              push 004A2634
:00470666 6874084500              push 00450874

* Reference To: MSVBVM60.__vbaNew2, Ord:0000h
                                 |
:0047066B E80616F9FF              Call 00401C76
:00470670 C78574FDFFFF34264A00    mov dword ptr [ebp+FFFFFD74], 004A2634
:0047067A EB0A                    jmp 00470686

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047065F(C)
|
:0047067C C78574FDFFFF34264A00    mov dword ptr [ebp+FFFFFD74], 004A2634

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047067A(U)
|
:00470686 8B8574FDFFFF            mov eax, dword ptr [ebp+FFFFFD74]
:0047068C 8B00                    mov eax, dword ptr [eax]
:0047068E 898598FDFFFF            mov dword ptr [ebp+FFFFFD98], eax
:00470694 8D8554FFFFFF            lea eax, dword ptr [ebp+FFFFFF54]
:0047069A 50                      push eax
:0047069B 8B8598FDFFFF            mov eax, dword ptr [ebp+FFFFFD98]
:004706A1 8B00                    mov eax, dword ptr [eax]
:004706A3 FFB598FDFFFF            push dword ptr [ebp+FFFFFD98]
:004706A9 FF5014                  call [eax+14]
:004706AC DBE2                    fclex
:004706AE 898594FDFFFF            mov dword ptr [ebp+FFFFFD94], eax
:004706B4 83BD94FDFFFF00          cmp dword ptr [ebp+FFFFFD94], 00000000
:004706BB 7D20                    jge 004706DD
:004706BD 6A14                    push 00000014
:004706BF 6864084500              push 00450864
:004706C4 FFB598FDFFFF            push dword ptr [ebp+FFFFFD98]
:004706CA FFB594FDFFFF            push dword ptr [ebp+FFFFFD94]

* Reference To: MSVBVM60.__vbaHresultCheckObj, Ord:0000h
                                 |
:004706D0 E89515F9FF              Call 00401C6A
:004706D5 898570FDFFFF            mov dword ptr [ebp+FFFFFD70], eax
:004706DB EB07                    jmp 004706E4

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004706BB(C)
|
:004706DD 83A570FDFFFF00          and dword ptr [ebp+FFFFFD70], 00000000

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004706DB(U)
|
:004706E4 8B8554FFFFFF            mov eax, dword ptr [ebp+FFFFFF54]
:004706EA 898590FDFFFF            mov dword ptr [ebp+FFFFFD90], eax
:004706F0 8D8564FFFFFF            lea eax, dword ptr [ebp+FFFFFF64]
:004706F6 50                      push eax
:004706F7 8B8590FDFFFF            mov eax, dword ptr [ebp+FFFFFD90]
:004706FD 8B00                    mov eax, dword ptr [eax]
:004706FF FFB590FDFFFF            push dword ptr [ebp+FFFFFD90]
:00470705 FF5050                  call [eax+50]
:00470708 DBE2                    fclex
:0047070A 89858CFDFFFF            mov dword ptr [ebp+FFFFFD8C], eax
:00470710 83BD8CFDFFFF00          cmp dword ptr [ebp+FFFFFD8C], 00000000
:00470717 7D20                    jge 00470739
:00470719 6A50                    push 00000050

* Possible StringData Ref from Code Obj ->"yO?檉??"
                                 |
:0047071B 68F40C4500              push 00450CF4
:00470720 FFB590FDFFFF            push dword ptr [ebp+FFFFFD90]
:00470726 FFB58CFDFFFF            push dword ptr [ebp+FFFFFD8C]

* Reference To: MSVBVM60.__vbaHresultCheckObj, Ord:0000h
                                 |
:0047072C E83915F9FF              Call 00401C6A
:00470731 89856CFDFFFF            mov dword ptr [ebp+FFFFFD6C], eax
:00470737 EB07                    jmp 00470740

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470717(C)
|
:00470739 83A56CFDFFFF00          and dword ptr [ebp+FFFFFD6C], 00000000

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470737(U)
|
:00470740 FFB564FFFFFF            push dword ptr [ebp+FFFFFF64]

* Possible StringData Ref from Code Obj ->"\\zbyh.txt"


:00470746 68080D4500              push 00450D08

* Reference To: MSVBVM60.__vbaStrCat, Ord:0000h
                                 |
:0047074B E8C215F9FF              Call 00401D12
:00470750 89854CFFFFFF            mov dword ptr [ebp+FFFFFF4C], eax
:00470756 C78544FFFFFF08000000    mov dword ptr [ebp+FFFFFF44], 00000008
:00470760 6A00                    push 00000000
:00470762 8D8544FFFFFF            lea eax, dword ptr [ebp+FFFFFF44]
:00470768 50                      push eax

* Reference To: MSVBVM60.rtcDir, Ord:0285h
                                 |
:00470769 E8AA15F9FF              Call 00401D18
:0047076E 8BD0                    mov edx, eax
:00470770 8D8D60FFFFFF            lea ecx, dword ptr [ebp+FFFFFF60]

* Reference To: MSVBVM60.__vbaStrMove, Ord:0000h
                                 |
:00470776 E8E515F9FF              Call 00401D60
:0047077B 50                      push eax
:0047077C 68200D4500              push 00450D20

* Reference To: MSVBVM60.__vbaStrCmp, Ord:0000h
                                 |
:00470781 E89815F9FF              Call 00401D1E
                                 ====>比较同目录下是否有zbyh.txt这个文件? @v@

:00470786 F7D8                    neg eax
                                 ====>没有则EAX返回0则下面新建一个。有则删之!

:00470788 1BC0                    sbb eax, eax
:0047078A F7D8                    neg eax
:0047078C F7D8                    neg eax
:0047078E 66898588FDFFFF          mov word ptr [ebp+FFFFFD88], ax
:00470795 8D8560FFFFFF            lea eax, dword ptr [ebp+FFFFFF60]
:0047079B 50                      push eax
:0047079C 8D8564FFFFFF            lea eax, dword ptr [ebp+FFFFFF64]
:004707A2 50                      push eax
:004707A3 6A02                    push 00000002

* Reference To: MSVBVM60.__vbaFreeStrList, Ord:0000h
                                 |
:004707A5 E86215F9FF              Call 00401D0C
:004707AA 83C40C                  add esp, 0000000C
:004707AD 8D8D54FFFFFF            lea ecx, dword ptr [ebp+FFFFFF54]

* Reference To: MSVBVM60.__vbaFreeObj, Ord:0000h
                                 |
:004707B3 E8AC14F9FF              Call 00401C64
:004707B8 8D8D44FFFFFF            lea ecx, dword ptr [ebp+FFFFFF44]

* Reference To: MSVBVM60.__vbaFreeVar, Ord:0000h
                                 |
:004707BE E88314F9FF              Call 00401C46
:004707C3 0FBF8588FDFFFF          movsx eax, word ptr [ebp+FFFFFD88]
:004707CA 85C0                    test eax, eax
:004707CC 0F8435010000            je 00470907
                                 ====>没有zbyh.txt则跳下去新建一个

:004707D2 833D34264A0000          cmp dword ptr [004A2634], 00000000
:004707D9 751B                    jne 004707F6
:004707DB 6834264A00              push 004A2634
:004707E0 6874084500              push 00450874

* Reference To: MSVBVM60.__vbaNew2, Ord:0000h
                                 |
:004707E5 E88C14F9FF              Call 00401C76
:004707EA C78568FDFFFF34264A00    mov dword ptr [ebp+FFFFFD68], 004A2634
:004707F4 EB0A                    jmp 00470800

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004707D9(C)
|
:004707F6 C78568FDFFFF34264A00    mov dword ptr [ebp+FFFFFD68], 004A2634

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004707F4(U)
|
:00470800 8B8568FDFFFF            mov eax, dword ptr [ebp+FFFFFD68]
:00470806 8B00                    mov eax, dword ptr [eax]
:00470808 898598FDFFFF            mov dword ptr [ebp+FFFFFD98], eax
:0047080E 8D8554FFFFFF            lea eax, dword ptr [ebp+FFFFFF54]
:00470814 50                      push eax
:00470815 8B8598FDFFFF            mov eax, dword ptr [ebp+FFFFFD98]
:0047081B 8B00                    mov eax, dword ptr [eax]
:0047081D FFB598FDFFFF            push dword ptr [ebp+FFFFFD98]
:00470823 FF5014                  call [eax+14]
:00470826 DBE2                    fclex
:00470828 898594FDFFFF            mov dword ptr [ebp+FFFFFD94], eax
:0047082E 83BD94FDFFFF00          cmp dword ptr [ebp+FFFFFD94], 00000000
:00470835 7D20                    jge 00470857
:00470837 6A14                    push 00000014
:00470839 6864084500              push 00450864
:0047083E FFB598FDFFFF            push dword ptr [ebp+FFFFFD98]
:00470844 FFB594FDFFFF            push dword ptr [ebp+FFFFFD94]

* Reference To: MSVBVM60.__vbaHresultCheckObj, Ord:0000h
                                 |
:0047084A E81B14F9FF              Call 00401C6A
:0047084F 898564FDFFFF            mov dword ptr [ebp+FFFFFD64], eax
:00470855 EB07                    jmp 0047085E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470835(C)
|
:00470857 83A564FDFFFF00          and dword ptr [ebp+FFFFFD64], 00000000

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470855(U)
|
:0047085E 8B8554FFFFFF            mov eax, dword ptr [ebp+FFFFFF54]
:00470864 898590FDFFFF            mov dword ptr [ebp+FFFFFD90], eax
:0047086A 8D8564FFFFFF            lea eax, dword ptr [ebp+FFFFFF64]
:00470870 50                      push eax
:00470871 8B8590FDFFFF            mov eax, dword ptr [ebp+FFFFFD90]
:00470877 8B00                    mov eax, dword ptr [eax]
:00470879 FFB590FDFFFF            push dword ptr [ebp+FFFFFD90]
:0047087F FF5050                  call [eax+50]
:00470882 DBE2                    fclex
:00470884 89858CFDFFFF            mov dword ptr [ebp+FFFFFD8C], eax
:0047088A 83BD8CFDFFFF00          cmp dword ptr [ebp+FFFFFD8C], 00000000
:00470891 7D20                    jge 004708B3
:00470893 6A50                    push 00000050

* Possible StringData Ref from Code Obj ->"yO?檉??"
                                 |
:00470895 68F40C4500              push 00450CF4
:0047089A FFB590FDFFFF            push dword ptr [ebp+FFFFFD90]
:004708A0 FFB58CFDFFFF            push dword ptr [ebp+FFFFFD8C]

* Reference To: MSVBVM60.__vbaHresultCheckObj, Ord:0000h
                                 |
:004708A6 E8BF13F9FF              Call 00401C6A
:004708AB 898560FDFFFF            mov dword ptr [ebp+FFFFFD60], eax
:004708B1 EB07                    jmp 004708BA

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470891(C)
|
:004708B3 83A560FDFFFF00          and dword ptr [ebp+FFFFFD60], 00000000

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004708B1(U)
|
:004708BA FFB564FFFFFF            push dword ptr [ebp+FFFFFF64]

* Possible StringData Ref from Code Obj ->"\\zbyh.txt"
                                 |
:004708C0 68080D4500              push 00450D08

* Reference To: MSVBVM60.__vbaStrCat, Ord:0000h
                                 |
:004708C5 E84814F9FF              Call 00401D12
:004708CA 89854CFFFFFF            mov dword ptr [ebp+FFFFFF4C], eax
:004708D0 C78544FFFFFF08000000    mov dword ptr [ebp+FFFFFF44], 00000008
:004708DA 8D8544FFFFFF            lea eax, dword ptr [ebp+FFFFFF44]
:004708E0 50                      push eax

* Reference To: MSVBVM60.rtcKillFiles, Ord:0211h
                                 |
:004708E1 E82014F9FF              Call 00401D06
                                 ====>这里就是“杀”zbyh.txt了  *o*

:004708E6 8D8D64FFFFFF            lea ecx, dword ptr [ebp+FFFFFF64]

* Reference To: MSVBVM60.__vbaFreeStr, Ord:0000h
                                 |
:004708EC E85B13F9FF              Call 00401C4C
:004708F1 8D8D54FFFFFF            lea ecx, dword ptr [ebp+FFFFFF54]

* Reference To: MSVBVM60.__vbaFreeObj, Ord:0000h
                                 |
:004708F7 E86813F9FF              Call 00401C64
:004708FC 8D8D44FFFFFF            lea ecx, dword ptr [ebp+FFFFFF44]

* Reference To: MSVBVM60.__vbaFreeVar, Ord:0000h
                                 |
:00470902 E83F13F9FF              Call 00401C46

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004707CC(C)
|
:00470907 833D34264A0000          cmp dword ptr [004A2634], 00000000
:0047090E 751B                    jne 0047092B
:00470910 6834264A00              push 004A2634
:00470915 6874084500              push 00450874

* Reference To: MSVBVM60.__vbaNew2, Ord:0000h
                                 |
:0047091A E85713F9FF              Call 00401C76
:0047091F C7855CFDFFFF34264A00    mov dword ptr [ebp+FFFFFD5C], 004A2634
:00470929 EB0A                    jmp 00470935

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047090E(C)
|
:0047092B C7855CFDFFFF34264A00    mov dword ptr [ebp+FFFFFD5C], 004A2634

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470929(U)
|
:00470935 8B855CFDFFFF            mov eax, dword ptr [ebp+FFFFFD5C]
:0047093B 8B00                    mov eax, dword ptr [eax]
:0047093D 898598FDFFFF            mov dword ptr [ebp+FFFFFD98], eax
:00470943 8D8554FFFFFF            lea eax, dword ptr [ebp+FFFFFF54]
:00470949 50                      push eax
:0047094A 8B8598FDFFFF            mov eax, dword ptr [ebp+FFFFFD98]
:00470950 8B00                    mov eax, dword ptr [eax]
:00470952 FFB598FDFFFF            push dword ptr [ebp+FFFFFD98]
:00470958 FF5014                  call [eax+14]
:0047095B DBE2                    fclex
:0047095D 898594FDFFFF            mov dword ptr [ebp+FFFFFD94], eax
:00470963 83BD94FDFFFF00          cmp dword ptr [ebp+FFFFFD94], 00000000
:0047096A 7D20                    jge 0047098C
:0047096C 6A14                    push 00000014
:0047096E 6864084500              push 00450864
:00470973 FFB598FDFFFF            push dword ptr [ebp+FFFFFD98]
:00470979 FFB594FDFFFF            push dword ptr [ebp+FFFFFD94]

* Reference To: MSVBVM60.__vbaHresultCheckObj, Ord:0000h
                                 |
:0047097F E8E612F9FF              Call 00401C6A
:00470984 898558FDFFFF            mov dword ptr [ebp+FFFFFD58], eax
:0047098A EB07                    jmp 00470993

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047096A(C)
|
:0047098C 83A558FDFFFF00          and dword ptr [ebp+FFFFFD58], 00000000

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047098A(U)
|
:00470993 8B8554FFFFFF            mov eax, dword ptr [ebp+FFFFFF54]
:00470999 898590FDFFFF            mov dword ptr [ebp+FFFFFD90], eax
:0047099F 8D8564FFFFFF            lea eax, dword ptr [ebp+FFFFFF64]
:004709A5 50                      push eax
:004709A6 8B8590FDFFFF            mov eax, dword ptr [ebp+FFFFFD90]
:004709AC 8B00                    mov eax, dword ptr [eax]
:004709AE FFB590FDFFFF            push dword ptr [ebp+FFFFFD90]
:004709B4 FF5050                  call [eax+50]
:004709B7 DBE2                    fclex
:004709B9 89858CFDFFFF            mov dword ptr [ebp+FFFFFD8C], eax
:004709BF 83BD8CFDFFFF00          cmp dword ptr [ebp+FFFFFD8C], 00000000
:004709C6 7D20                    jge 004709E8
:004709C8 6A50                    push 00000050

* Possible StringData Ref from Code Obj ->"yO?檉??"
                                 |
:004709CA 68F40C4500              push 00450CF4
:004709CF FFB590FDFFFF            push dword ptr [ebp+FFFFFD90]
:004709D5 FFB58CFDFFFF            push dword ptr [ebp+FFFFFD8C]

* Reference To: MSVBVM60.__vbaHresultCheckObj, Ord:0000h
                                 |
:004709DB E88A12F9FF              Call 00401C6A
:004709E0 898554FDFFFF            mov dword ptr [ebp+FFFFFD54], eax
:004709E6 EB07                    jmp 004709EF

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004709C6(C)
|
:004709E8 83A554FDFFFF00          and dword ptr [ebp+FFFFFD54], 00000000

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004709E6(U)
|
:004709EF FFB564FFFFFF            push dword ptr [ebp+FFFFFF64]

* Possible StringData Ref from Code Obj ->"\\zbyh.txt"

:004709F5 68080D4500              push 00450D08

* Reference To: MSVBVM60.__vbaStrCat, Ord:0000h
                                 |
:004709FA E81313F9FF              Call 00401D12
:004709FF 8BD0                    mov edx, eax
:00470A01 8D8D60FFFFFF            lea ecx, dword ptr [ebp+FFFFFF60]

* Reference To: MSVBVM60.__vbaStrMove, Ord:0000h
                                 |
:00470A07 E85413F9FF              Call 00401D60
:00470A0C 50                      push eax
:00470A0D 6A01                    push 00000001
:00470A0F 6AFF                    push FFFFFFFF
:00470A11 6820020000              push 00000220

* Reference To: MSVBVM60.__vbaFileOpen, Ord:0000h
                                 |
:00470A16 E8E512F9FF              Call 00401D00
                                 ====>这里:程序自动建立空白的zbyh.txt

:00470A1B 8D8560FFFFFF            lea eax, dword ptr [ebp+FFFFFF60]
:00470A21 50                      push eax
:00470A22 8D8564FFFFFF            lea eax, dword ptr [ebp+FFFFFF64]
:00470A28 50                      push eax
:00470A29 6A02                    push 00000002

* Reference To: MSVBVM60.__vbaFreeStrList, Ord:0000h
                                 |
:00470A2B E8DC12F9FF              Call 00401D0C
:00470A30 83C40C                  add esp, 0000000C
:00470A33 8D8D54FFFFFF            lea ecx, dword ptr [ebp+FFFFFF54]

* Reference To: MSVBVM60.__vbaFreeObj, Ord:0000h
                                 |
:00470A39 E82612F9FF              Call 00401C64
:00470A3E 6A01                    push 00000001
:00470A40 8B4508                  mov eax, dword ptr [ebp+08]
:00470A43 05AC000000              add eax, 000000AC
:00470A48 50                      push eax
:00470A49 68280D4500              push 00450D28

* Reference To: MSVBVM60.__vbaPutOwner3, Ord:0000h
                                 |
:00470A4E E8A712F9FF              Call 00401CFA
:00470A53 6A01                    push 00000001

* Reference To: MSVBVM60.__vbaFileClose, Ord:0000h
                                 |
:00470A55 E89A12F9FF              Call 00401CF4
:00470A5A 833D34264A0000          cmp dword ptr [004A2634], 00000000
:00470A61 751B                    jne 00470A7E
:00470A63 6834264A00              push 004A2634
:00470A68 6874084500              push 00450874

* Reference To: MSVBVM60.__vbaNew2, Ord:0000h
                                 |
:00470A6D E80412F9FF              Call 00401C76
:00470A72 C78550FDFFFF34264A00    mov dword ptr [ebp+FFFFFD50], 004A2634
:00470A7C EB0A                    jmp 00470A88

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470A61(C)
|
:00470A7E C78550FDFFFF34264A00    mov dword ptr [ebp+FFFFFD50], 004A2634

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470A7C(U)
|
:00470A88 8B8550FDFFFF            mov eax, dword ptr [ebp+FFFFFD50]
:00470A8E 8B00                    mov eax, dword ptr [eax]
:00470A90 898598FDFFFF            mov dword ptr [ebp+FFFFFD98], eax
:00470A96 8D8554FFFFFF            lea eax, dword ptr [ebp+FFFFFF54]
:00470A9C 50                      push eax
:00470A9D 8B8598FDFFFF            mov eax, dword ptr [ebp+FFFFFD98]
:00470AA3 8B00                    mov eax, dword ptr [eax]
:00470AA5 FFB598FDFFFF            push dword ptr [ebp+FFFFFD98]
:00470AAB FF5014                  call [eax+14]
:00470AAE DBE2                    fclex
:00470AB0 898594FDFFFF            mov dword ptr [ebp+FFFFFD94], eax
:00470AB6 83BD94FDFFFF00          cmp dword ptr [ebp+FFFFFD94], 00000000
:00470ABD 7D20                    jge 00470ADF
:00470ABF 6A14                    push 00000014
:00470AC1 6864084500              push 00450864
:00470AC6 FFB598FDFFFF            push dword ptr [ebp+FFFFFD98]
:00470ACC FFB594FDFFFF            push dword ptr [ebp+FFFFFD94]

* Reference To: MSVBVM60.__vbaHresultCheckObj, Ord:0000h
                                 |
:00470AD2 E89311F9FF              Call 00401C6A
:00470AD7 89854CFDFFFF            mov dword ptr [ebp+FFFFFD4C], eax
:00470ADD EB07                    jmp 00470AE6

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470ABD(C)
|
:00470ADF 83A54CFDFFFF00          and dword ptr [ebp+FFFFFD4C], 00000000

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470ADD(U)
|
:00470AE6 8B8554FFFFFF            mov eax, dword ptr [ebp+FFFFFF54]
:00470AEC 898590FDFFFF            mov dword ptr [ebp+FFFFFD90], eax
:00470AF2 8D8564FFFFFF            lea eax, dword ptr [ebp+FFFFFF64]
:00470AF8 50                      push eax
:00470AF9 8B8590FDFFFF            mov eax, dword ptr [ebp+FFFFFD90]
:00470AFF 8B00                    mov eax, dword ptr [eax]
:00470B01 FFB590FDFFFF            push dword ptr [ebp+FFFFFD90]
:00470B07 FF5050                  call [eax+50]
:00470B0A DBE2                    fclex
:00470B0C 89858CFDFFFF            mov dword ptr [ebp+FFFFFD8C], eax
:00470B12 83BD8CFDFFFF00          cmp dword ptr [ebp+FFFFFD8C], 00000000
:00470B19 7D20                    jge 00470B3B
:00470B1B 6A50                    push 00000050

* Possible StringData Ref from Code Obj ->"yO?檉??"
                                 |
:00470B1D 68F40C4500              push 00450CF4
:00470B22 FFB590FDFFFF            push dword ptr [ebp+FFFFFD90]
:00470B28 FFB58CFDFFFF            push dword ptr [ebp+FFFFFD8C]

* Reference To: MSVBVM60.__vbaHresultCheckObj, Ord:0000h
                                 |
:00470B2E E83711F9FF              Call 00401C6A
:00470B33 898548FDFFFF            mov dword ptr [ebp+FFFFFD48], eax
:00470B39 EB07                    jmp 00470B42

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470B19(C)
|
:00470B3B 83A548FDFFFF00          and dword ptr [ebp+FFFFFD48], 00000000

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470B39(U)
|
:00470B42 FFB564FFFFFF            push dword ptr [ebp+FFFFFF64]

* Possible StringData Ref from Code Obj ->"\\zbyh.txt"
                                 ====>现在自己动手在zbyh.txt填入:13572468  下面会用到的
                                 ====>Ollydbg很方便,不用SUSPEND返回Windows再操作 ^Q^ ^Q^

:00470B48 68080D4500              push 00450D08

* Reference To: MSVBVM60.__vbaStrCat, Ord:0000h
                                 |
:00470B4D E8C011F9FF              Call 00401D12
:00470B52 8BD0                    mov edx, eax
:00470B54 8D8D60FFFFFF            lea ecx, dword ptr [ebp+FFFFFF60]

* Reference To: MSVBVM60.__vbaStrMove, Ord:0000h
                                 |
:00470B5A E80112F9FF              Call 00401D60
:00470B5F 50                      push eax
:00470B60 6A01                    push 00000001
:00470B62 6AFF                    push FFFFFFFF
:00470B64 6A01                    push 00000001

* Reference To: MSVBVM60.__vbaFileOpen, Ord:0000h
                                 |
:00470B66 E89511F9FF              Call 00401D00
                                 ====>开始读取 zbyh.txt 里的内容

:00470B6B 8D8560FFFFFF            lea eax, dword ptr [ebp+FFFFFF60]
:00470B71 50                      push eax
:00470B72 8D8564FFFFFF            lea eax, dword ptr [ebp+FFFFFF64]
:00470B78 50                      push eax
:00470B79 6A02                    push 00000002

* Reference To: MSVBVM60.__vbaFreeStrList, Ord:0000h
                                 |
:00470B7B E88C11F9FF              Call 00401D0C
:00470B80 83C40C                  add esp, 0000000C
:00470B83 8D8D54FFFFFF            lea ecx, dword ptr [ebp+FFFFFF54]

* Reference To: MSVBVM60.__vbaFreeObj, Ord:0000h
                                 |
:00470B89 E8D610F9FF              Call 00401C64

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470BA7(U)
|
:00470B8E 6A01                    push 00000001

* Reference To: MSVBVM60.rtcEndOfFile, Ord:023Bh
                                 |
:00470B90 E85911F9FF              Call 00401CEE
:00470B95 0FBFC0                  movsx eax, ax
:00470B98 85C0                    test eax, eax
:00470B9A 750D                    jne 00470BA9
:00470B9C 6A01                    push 00000001
:00470B9E 8D45DC                  lea eax, dword ptr [ebp-24]
:00470BA1 50                      push eax

* Reference To: MSVBVM60.__vbaLineInputStr, Ord:0000h
                                 |
:00470BA2 E84111F9FF              Call 00401CE8
:00470BA7 EBE5                    jmp 00470B8E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470B9A(C)
|
:00470BA9 6A01                    push 00000001

* Reference To: MSVBVM60.__vbaFileClose, Ord:0000h
                                 |
:00470BAB E84411F9FF              Call 00401CF4
:00470BB0 FF75DC                  push [ebp-24]
                                 ====>[ebp-24]=13572468  我在zbyh.txt填的东西

:00470BB3 68200D4500              push 00450D20

* Reference To: MSVBVM60.__vbaStrCmp, Ord:0000h
                                 |
:00470BB8 E86111F9FF              Call 00401D1E
                                 ====>比较zbyh.txt里是否有“东西”?呵呵,这次有

:00470BBD 85C0                    test eax, eax
                                 ====>有则 EAX 返回 1

:00470BBF 0F85C0000000            jne 00470C85
                                 ====>不跳则OVER!

…… ……省 略…… ……

* Reference To: MSVBVM60.rtcMsgBox, Ord:0253h
                                 |
:00470C55 E8F410F9FF              Call 00401D4E
                                 ====>BAD BOY! “没登陆服务器或下载没完成”

…… ……省 略…… ……

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470BBF(C)
|
:00470C85 8B4508                  mov eax, dword ptr [ebp+08]
:00470C88 8B00                    mov eax, dword ptr [eax]
:00470C8A FF7508                  push [ebp+08]
:00470C8D FF9020030000            call dword ptr [eax+00000320]
:00470C93 50                      push eax
:00470C94 8D8554FFFFFF            lea eax, dword ptr [ebp+FFFFFF54]
:00470C9A 50                      push eax

* Reference To: MSVBVM60.__vbaObjSet, Ord:0000h
                                 |
:00470C9B E8E20FF9FF              Call 00401C82
:00470CA0 898598FDFFFF            mov dword ptr [ebp+FFFFFD98], eax
:00470CA6 8D8564FFFFFF            lea eax, dword ptr [ebp+FFFFFF64]
:00470CAC 50                      push eax
:00470CAD 8B8598FDFFFF            mov eax, dword ptr [ebp+FFFFFD98]
:00470CB3 8B00                    mov eax, dword ptr [eax]
:00470CB5 FFB598FDFFFF            push dword ptr [ebp+FFFFFD98]
:00470CBB FF90A0000000            call dword ptr [eax+000000A0]
:00470CC1 DBE2                    fclex
:00470CC3 898594FDFFFF            mov dword ptr [ebp+FFFFFD94], eax
:00470CC9 83BD94FDFFFF00          cmp dword ptr [ebp+FFFFFD94], 00000000
:00470CD0 7D23                    jge 00470CF5
:00470CD2 68A0000000              push 000000A0

* Possible StringData Ref from Code Obj ->"酦?檉??"
                                 |
:00470CD7 68A00D4500              push 00450DA0
:00470CDC FFB598FDFFFF            push dword ptr [ebp+FFFFFD98]
:00470CE2 FFB594FDFFFF            push dword ptr [ebp+FFFFFD94]

* Reference To: MSVBVM60.__vbaHresultCheckObj, Ord:0000h
                                 |
:00470CE8 E87D0FF9FF              Call 00401C6A
:00470CED 898544FDFFFF            mov dword ptr [ebp+FFFFFD44], eax
:00470CF3 EB07                    jmp 00470CFC

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470CD0(C)
|
:00470CF5 83A544FDFFFF00          and dword ptr [ebp+FFFFFD44], 00000000

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470CF3(U)
|
:00470CFC 6A01                    push 00000001
:00470CFE FF75DC                  push [ebp-24]
                                 ====>[ebp-24]=13572468  我在zbyh.txt里填的东西!

:00470D01 FFB564FFFFFF            push dword ptr [ebp+FFFFFF64]
                                 ====>[ebp+FFFFFF64]=633145146   机器码!

:00470D07 6A00                    push 00000000

* Reference To: MSVBVM60.__vbaInStr, Ord:0000h
                                 |
:00470D09 E8D40FF9FF              Call 00401CE2
                                 ====>比较zbyh.txt里的是否是机器码?!
                                 ====>如果不是机器码,下面作者会告诉你的 ^a^ ^a^

:00470D0E F7D8                    neg eax
                                 ====>不是则 EAX 返回 0

:00470D10 1BC0                    sbb eax, eax
:00470D12 40                      inc eax
:00470D13 F7D8                    neg eax
:00470D15 66898590FDFFFF          mov word ptr [ebp+FFFFFD90], ax
:00470D1C 8D8D64FFFFFF            lea ecx, dword ptr [ebp+FFFFFF64]

* Reference To: MSVBVM60.__vbaFreeStr, Ord:0000h
                                 |
:00470D22 E8250FF9FF              Call 00401C4C
:00470D27 8D8D54FFFFFF            lea ecx, dword ptr [ebp+FFFFFF54]

* Reference To: MSVBVM60.__vbaFreeObj, Ord:0000h
                                 |
:00470D2D E8320FF9FF              Call 00401C64
:00470D32 0FBF8590FDFFFF          movsx eax, word ptr [ebp+FFFFFD90]
:00470D39 85C0                    test eax, eax
:00470D3B 0F8496020000            je 00470FD7
                                 ====>不跳则OVER!

…… ……省 略…… ……

* Reference To: MSVBVM60.rtcMsgBox, Ord:0253h
                                 |
:00470F37 E8120EF9FF              Call 00401D4E
                                 ====>BAD BOY! 呵呵,让作者发现了  *o*  @v@
                                 ====>“你不是正版用户!可能原因……” 还有一个:CRACK

…… ……省 略…… ……


                                 ====>能跳到下面就成功了!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00470D3B(C)
|

* Possible StringData Ref from Code Obj ->"ppyds"
                                 ====>写注册表:pyds

:00470FD7 C78508FEFFFF8C0E4500    mov dword ptr [ebp+FFFFFE08], 00450E8C
:00470FE1 C78500FEFFFF08000000    mov dword ptr [ebp+FFFFFE00], 00000008
:00470FEB 8D9500FEFFFF            lea edx, dword ptr [ebp+FFFFFE00]
:00470FF1 8D4D9C                  lea ecx, dword ptr [ebp-64]

* Reference To: MSVBVM60.__vbaVarCopy, Ord:0000h
                                 |
:00470FF4 E8D10CF9FF              Call 00401CCA

* Possible StringData Ref from Code Obj ->"zzc"
                                 ====>写注册表:zc

:00470FF9 C78508FEFFFF9C0E4500    mov dword ptr [ebp+FFFFFE08], 00450E9C
:00471003 C78500FEFFFF08000000    mov dword ptr [ebp+FFFFFE00], 00000008
:0047100D 8D9500FEFFFF            lea edx, dword ptr [ebp+FFFFFE00]
:00471013 8D8D6CFFFFFF            lea ecx, dword ptr [ebp+FFFFFF6C]

* Reference To: MSVBVM60.__vbaVarCopy, Ord:0000h
                                 |
:00471019 E8AC0CF9FF              Call 00401CCA
:0047101E C78508FEFFFF200D4500    mov dword ptr [ebp+FFFFFE08], 00450D20
:00471028 C78500FEFFFF08000000    mov dword ptr [ebp+FFFFFE00], 00000008
:00471032 8D9500FEFFFF            lea edx, dword ptr [ebp+FFFFFE00]
:00471038 8D4D8C                  lea ecx, dword ptr [ebp-74]

* Reference To: MSVBVM60.__vbaVarCopy, Ord:0000h
                                 |
:0047103B E88A0CF9FF              Call 00401CCA

* Possible StringData Ref from Code Obj ->"ppyds"
                                 |
:00471040 C78508FEFFFF8C0E4500    mov dword ptr [ebp+FFFFFE08], 00450E8C
:0047104A C78500FEFFFF08000000    mov dword ptr [ebp+FFFFFE00], 00000008
:00471054 8D9500FEFFFF            lea edx, dword ptr [ebp+FFFFFE00]
:0047105A 8D8D7CFFFFFF            lea ecx, dword ptr [ebp+FFFFFF7C]

* Reference To: MSVBVM60.__vbaVarCopy, Ord:0000h
                                 |
:00471060 E8650CF9FF              Call 00401CCA

* Possible StringData Ref from Code Obj ->"ttrue"
                                 ====>写注册表:true

…… ……省 略…… ……

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047131F(U)
|
:00471328 FFB564FFFFFF            push dword ptr [ebp+FFFFFF64]

* Possible StringData Ref from Code Obj ->"\\kise.dll"
                                 ====>呵呵,kise.dll,还好不是 kill.dll  *o*

:0047132E 6888184500              push 00451888

* Reference To: MSVBVM60.__vbaStrCat, Ord:0000h
                                 |
:00471333 E8DA09F9FF              Call 00401D12
:00471338 89854CFFFFFF            mov dword ptr [ebp+FFFFFF4C], eax
                                 ====>EAX=C:\WINDOWS\SYSTEM\kise.dll

:0047133E C78544FFFFFF08000000    mov dword ptr [ebp+FFFFFF44], 00000008
:00471348 8D9544FFFFFF            lea edx, dword ptr [ebp+FFFFFF44]
:0047134E 8D4DCC                  lea ecx, dword ptr [ebp-34]

* Reference To: MSVBVM60.__vbaVarMove, Ord:0000h
                                 |
:00471351 E80809F9FF              Call 00401C5E
:00471356 8D8D64FFFFFF            lea ecx, dword ptr [ebp+FFFFFF64]

* Reference To: MSVBVM60.__vbaFreeStr, Ord:0000h
                                 |
:0047135C E8EB08F9FF              Call 00401C4C
:00471361 8D8D54FFFFFF            lea ecx, dword ptr [ebp+FFFFFF54]

* Reference To: MSVBVM60.__vbaFreeObj, Ord:0000h
                                 |
:00471367 E8F808F9FF              Call 00401C64
:0047136C 8D45CC                  lea eax, dword ptr [ebp-34]
:0047136F 50                      push eax

* Reference To: MSVBVM60.__vbaStrVarCopy, Ord:0000h
                                 |
:00471370 E83709F9FF              Call 00401CAC
:00471375 8BD0                    mov edx, eax
:00471377 8D8D64FFFFFF            lea ecx, dword ptr [ebp+FFFFFF64]

* Reference To: MSVBVM60.__vbaStrMove, Ord:0000h
                                 |
:0047137D E8DE09F9FF              Call 00401D60
:00471382 50                      push eax
:00471383 6A01                    push 00000001
:00471385 6A08                    push 00000008
:00471387 6A04                    push 00000004

* Reference To: MSVBVM60.__vbaFileOpen, Ord:0000h
                                 |
:00471389 E87209F9FF              Call 00401D00
:0047138E 8D8D64FFFFFF            lea ecx, dword ptr [ebp+FFFFFF64]

* Reference To: MSVBVM60.__vbaFreeStr, Ord:0000h
                                 |
:00471394 E8B308F9FF              Call 00401C4C

* Possible StringData Ref from Code Obj ->"44#7%9$"
                                 ====>注意:4#7%9$ 可是注册版本的标志呀!^v^
                                 
:00471399 BAA0184500              mov edx, 004518A0
:0047139E 8D8D64FFFFFF            lea ecx, dword ptr [ebp+FFFFFF64]

* Reference To: MSVBVM60.__vbaStrCopy, Ord:0000h
                                 |
:004713A4 E8F708F9FF              Call 00401CA0
:004713A9 6A01                    push 00000001
:004713AB 8D8564FFFFFF            lea eax, dword ptr [ebp+FFFFFF64]
:004713B1 50                      push eax
:004713B2 6A00                    push 00000000

* Reference To: MSVBVM60.__vbaPut3, Ord:0000h
                                 |
:004713B4 E8ED08F9FF              Call 00401CA6
                                 ====>OK,4#7%9$写入kise.dll

…… ……省 略…… ……

* Reference To: MSVBVM60.rtcMsgBox, Ord:0253h
                                 |
:0047145B E8EE08F9FF              Call 00401D4E
                                 ====>呵呵,胜利女神!


—————————————————————————————————
【完 美  爆 破】:


好了,其实调试完程序就已经解除了试用等限制,得到正确的注册DLL和注册信息了。
还是爆破一下吧。还要改上面的所有跳转吗?NO!呵呵,偷点懒吧: ^O^  ^O^

00470431 85C0                    test eax, eax
00470433 7405                    je 0047043A
00470435 E9DE000000              jmp 00470518

———————————————
把上面的代码改成下面的代码就OK了!

00470431      58                  pop eax      //加1个POP吧,否则会……  *o*  *o*        
00470432      90                  nop
00470433      E9 9F0B0000         jmp 00470FD7 //直接跳下去,让程序自动保存注册信息 @v@
00470438      90                  nop
00470439      90                  nop

   
—————————————————————————————————
【注册信息保存】:


1、C:\WINDOWS\SYSTEM 下的 kise.dll 文件
  0600342337253924       4#7%9$

2、REGEDIT4
[HKEY_CURRENT_USER\Software\VB and VBA Program Settings\pyds\zc]
"pyds"="true"

3、C:\WINDOWS\SYSTEM 下的 fsck.dll 文件  这里是使用次数!

—————————————————————————————————
【后        记】:


数月前在[FCG]交的一篇滥竽充数的作业。 ^O^  ^O^  

CRACK是兴趣,人生还有许多其他的事要做 …… ……

—————————————————————————————————
   
                               
        ,     _/
       /| _.-~/            \_     ,        青春都一饷
      ( /~   /              \~-._ |\
      `\\  _/                \   ~\ )          忍把浮名
  _-~~~-.)  )__/;;,.          \_  //'
 /'_,\   --~   \ ~~~-  ,;;\___(  (.-~~~-.        换了破解轻狂
`~ _( ,_..--\ (     ,;'' /    ~--   /._`\
 /~~//'   /' `~\         ) /--.._, )_  `~
 "  `~"  "      `"      /~'`\    `\\~~\  
                        "     "   "~'  ""

   

                   Cracked By 巢水工作坊——fly [OCN][FCG]

                            2003-07-17  0:45