PixNewsPro(v1.2.2)是一款高速下载的软件,据说下载1.2G的东西只要40分钟.如果你感兴趣的话可以到http://www.techsono.com/pixnewspro去下载.
Fi侦查是VB写的,我们用Ollydbg进行跟踪.
跟踪到如下地方:
004706C8 . E8 6329FEFF CALL PIXNEWSP.00453030 ;F7进入
0045322C . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr
00453232 . 8BC8 MOV ECX,EAX ;长度附值给ecx
00453234 . FF15 48114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI2I4>>; MSVBVM60.__vbaI2I4
0045323A . 8985 30FFFFFF MOV DWORD PTR SS:[EBP-D0],EAX
00453240 . BE 01000000 MOV ESI,1
00453245 > 66:3BB5 30FFFF>CMP SI,WORD PTR SS:[EBP-D0]
0045324C . 0F8F 8A000000 JG PIXNEWSP.004532DC
00453252 . C745 B4 010000>MOV DWORD PTR SS:[EBP-4C],1
00453259 . C745 AC 020000>MOV DWORD PTR SS:[EBP-54],2
00453260 . 89BD 74FFFFFF MOV DWORD PTR SS:[EBP-8C],EDI
00453266 . C785 6CFFFFFF >MOV DWORD PTR SS:[EBP-94],4008
00453270 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
00453273 . 50 PUSH EAX
00453274 . 0FBFCE MOVSX ECX,SI
00453277 . 51 PUSH ECX
00453278 . 8D95 6CFFFFFF LEA EDX,DWORD PTR SS:[EBP-94]
0045327E . 52 PUSH EDX
0045327F . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
00453282 . 50 PUSH EAX
00453283 . FF15 08114000 CALL DWORD PTR DS:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
00453289 . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64]
0045328C . 51 PUSH ECX
0045328D . 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
00453290 . 52 PUSH EDX
00453291 . FF15 F0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarVal
00453297 . 50 PUSH EAX
00453298 . FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.#516>] ; MSVBVM60.rtcAnsiValueBstr
0045329E . 0FBFC0 MOVSX EAX,AX ;姓名的ASCII码
004532A1 . 03C3 ADD EAX,EBX ;上次结果和eax相加
004532A3 . 0F80 60020000 JO PIXNEWSP.00453509
004532A9 . 8BD8 MOV EBX,EAX ;最后的的结果保存在ebx中
004532AB . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
004532AE . FF15 FC124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
004532B4 . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64]
004532B7 . 51 PUSH ECX
004532B8 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
004532BB . 52 PUSH EDX
004532BC . 6A 02 PUSH 2
004532BE . FF15 40104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
004532C4 . 83C4 0C ADD ESP,0C
004532C7 . B8 01000000 MOV EAX,1
004532CC . 66:03C6 ADD AX,SI
004532CF . 0F80 34020000 JO PIXNEWSP.00453509
004532D5 . 8BF0 MOV ESI,EAX
004532D7 .^E9 69FFFFFF JMP PIXNEWSP.00453245 ;
004532DC > 8BC3 MOV EAX,EBX ;把最后的结果送给eax
004532DE . 6BC0 2C IMUL EAX,EAX,2C ;进行运算
004532E1 . 0F80 22020000 JO PIXNEWSP.00453509
004532E7 . 83C0 2C ADD EAX,2C ;结果相加
004532EA . 0F80 19020000 JO PIXNEWSP.00453509
004532F0 . 50 PUSH EAX
004532F1 . 8B35 18104000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrI4
004532F7 . FFD6 CALL ESI ; <&MSVBVM60.__vbaStrI4>
004532F9 . 8BD0 MOV EDX,EAX ;最后的结果在eax中
004532FB . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
004532FE . FF15 BC124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
00453304 . 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
00453307 . 51 PUSH ECX
00453308 . 8B7D 0C MOV EDI,DWORD PTR SS:[EBP+C]
0045330B . 8B17 MOV EDX,DWORD PTR DS:[EDI]
0045330D . 52 PUSH EDX
0045330E . FF15 24114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp ;比较
00453314 . 85C0 TEST EAX,EAX
00453316 . 75 07 JNZ SHORT PIXNEWSP.0045331F
想必大家都看明白了吧!过程不是很复杂!这里给出注册机(TC++):
#include <stdio.h>
#include <string.h>
void main()
{
char name[50];
int nlen;
int i;
unsigned long temp1;
printf("Registration Name:");
scanf("%s",name);
nlen = strlen(name);
temp1=0x00000000;
for(i=0;i<nlen;i++)
{
temp1=temp1+name[i];
}
temp1=temp1*44;
temp1=temp1+44;
printf("Key:%ld
",temp1);
}
我的注册码是:dengkeng 36784
poppig 28864