破解者:tieji
破解时间:2001-12-05
破解工具:W32dasm黄金版, UltraEdit-32
作者主页:http://www.acesoft.net/china
说 明:您的电脑监视您在电脑上的一举一动,并把所有痕迹保存在硬 盘的隐蔽地方,包括:
所有您曾经去过的网站,网页,图片,小电影,音乐等等 隐私保护神正是专为保护
您的隐私而设计,只需鼠标一点,所有的痕迹将会彻底、安全的清除
是vb5,不想跟注册码,爆破算了
启动W32dasm黄金版,反汇编te.exe主程序,找到username字符串,有两处分别如下:
第一处:是注册的地方
:0041CBC6 FF15FC444400 Call dword ptr
[004444FC]
:0041CBCC 8D45D4
lea eax, dword ptr [ebp-2C]
:0041CBCF 50
push eax
:0041CBD0 E8BBE60000 call 0042B290
<========此call为比较注册码
:0041CBD5 8D4DD4
lea ecx, dword ptr [ebp-2C]
:0041CBD8 668BF0
mov si, ax <========将比较结果ax传给si
是零注册不成功
* Reference To: MSVBVM50.__vbaFreeStr, Ord:0000h
|
:0041CBDB FF1530454400 Call dword ptr
[00444530]
:0041CBE1 8D4DD0
lea ecx, dword ptr [ebp-30]
* Reference To: MSVBVM50.__vbaFreeObj, Ord:0000h
|
:0041CBE4 FF1534454400 Call dword ptr
[00444534]
:0041CBEA 8D4DAC
lea ecx, dword ptr [ebp-54]
:0041CBED 8D55BC
lea edx, dword ptr [ebp-44]
:0041CBF0 51
push ecx
:0041CBF1 52
push edx
:0041CBF2 6A02
push 00000002
* Reference To: MSVBVM50.__vbaFreeVarList, Ord:0000h
|
:0041CBF4 FF15EC424400 Call dword ptr
[004442EC]
:0041CBFA 83C40C
add esp, 0000000C
:0041CBFD 663BF7
cmp si, di <========比较si与di
:0041CC00 0F8461030000 je 0041CF67
<========相等则跳,注册不成功,
此处不能跳,nop掉
:0041CC06 8B03
mov eax, dword ptr [ebx]
:0041CC08 53
push ebx
:0041CC09 FF9010030000 call dword ptr
[eax+00000310]
:0041CC0F 8D4DD0
lea ecx, dword ptr [ebp-30]
:0041CC12 50
push eax
:0041CC13 51
push ecx
* Reference To: MSVBVM50.__vbaObjSet, Ord:0000h
|
:0041CC14 FF1560434400 Call dword ptr
[00444360]
:0041CC1A 8BF0
mov esi, eax
:0041CC1C 8D45D8
lea eax, dword ptr [ebp-28]
:0041CC1F 50
push eax
:0041CC20 56
push esi
:0041CC21 8B16
mov edx, dword ptr [esi]
:0041CC23 FF92A0000000 call dword ptr
[edx+000000A0]
:0041CC29 3BC7
cmp eax, edi
:0041CC2B 7D12
jge 0041CC3F
:0041CC2D 68A0000000 push 000000A0
* Possible StringData Ref from Code Obj ->"酦?檉??"
|
:0041CC32 6864924000 push 00409264
:0041CC37 56
push esi
:0041CC38 50
push eax
* Reference To: MSVBVM50.__vbaHresultCheckObj, Ord:0000h
|
:0041CC39 FF1528434400 Call dword ptr
[00444328]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041CC2B(C)
|
:0041CC3F 8B45D8
mov eax, dword ptr [ebp-28]
:0041CC42 8D4DBC
lea ecx, dword ptr [ebp-44]
:0041CC45 8D55AC
lea edx, dword ptr [ebp-54]
:0041CC48 51
push ecx
:0041CC49 52
push edx
:0041CC4A 897DD8
mov dword ptr [ebp-28], edi
:0041CC4D 8945C4
mov dword ptr [ebp-3C], eax
:0041CC50 C745BC08000000 mov [ebp-44], 00000008
* Reference To: MSVBVM50.rtcTrimVar, Ord:0208h
|
:0041CC57 FF158C434400 Call dword ptr
[0044438C]
:0041CC5D 393DA8F04300 cmp dword ptr
[0043F0A8], edi
:0041CC63 7510
jne 0041CC75
:0041CC65 68A8F04300 push 0043F0A8
:0041CC6A 6888284000 push 00402888
* Reference To: MSVBVM50.__vbaNew2, Ord:0000h
|
:0041CC6F FF1588444400 Call dword ptr
[00444488]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041CC63(C)
|
:0041CC75 8B35A8F04300 mov esi, dword
ptr [0043F0A8]
:0041CC7B 8D459C
lea eax, dword ptr [ebp-64]
:0041CC7E 8D4DAC
lea ecx, dword ptr [ebp-54]
:0041CC81 50
push eax
:0041CC82 8B3E
mov edi, dword ptr [esi]
:0041CC84 8D55D4
lea edx, dword ptr [ebp-2C]
:0041CC87 51
push ecx
:0041CC88 52
push edx
* Reference To: MSVBVM50.__vbaStrVarVal, Ord:0000h
|
:0041CC89 FF155C444400 Call dword ptr
[0044445C]
:0041CC8F 50
push eax
* Possible StringData Ref from Code Obj ->"uusername" <=========第一处,向上看
|
:0041CC90 68689D4000 push 00409D68
===================================================================
第二处:是程序启动时判断注册码的地方,是关键,即判断注册码是否正确.
* Possible StringData Ref from Code Obj ->"uusername" <==========第二处,向下看
|
:0042FE33 68689D4000 push 00409D68
* Possible StringData Ref from Code Obj ->"ggeneral"
|
:0042FE38 68F0CA4000 push 0040CAF0
:0042FE3D 8B95E4FEFFFF mov edx, dword
ptr [ebp+FFFFFEE4]
:0042FE43 8B02
mov eax, dword ptr [edx]
:0042FE45 8B8DE4FEFFFF mov ecx, dword
ptr [ebp+FFFFFEE4]
:0042FE4B 51
push ecx
:0042FE4C FF502C
call [eax+2C]
:0042FE4F 8985E0FEFFFF mov dword ptr
[ebp+FFFFFEE0], eax
:0042FE55 83BDE0FEFFFF00 cmp dword ptr [ebp+FFFFFEE0],
00000000
:0042FE5C 7D23
jge 0042FE81
:0042FE5E 6A2C
push 0000002C
:0042FE60 68AC9D4000 push 00409DAC
:0042FE65 8B95E4FEFFFF mov edx, dword
ptr [ebp+FFFFFEE4]
:0042FE6B 52
push edx
:0042FE6C 8B85E0FEFFFF mov eax, dword
ptr [ebp+FFFFFEE0]
:0042FE72 50
push eax
* Reference To: MSVBVM50.__vbaHresultCheckObj, Ord:0000h
|
:0042FE73 FF1528434400 Call dword ptr
[00444328]
:0042FE79 8985B4FEFFFF mov dword ptr
[ebp+FFFFFEB4], eax
:0042FE7F EB0A
jmp 0042FE8B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042FE5C(C)
|
:0042FE81 C785B4FEFFFF00000000 mov dword ptr [ebp+FFFFFEB4], 00000000
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042FE7F(U)
|
:0042FE8B 8B4DD0
mov ecx, dword ptr [ebp-30]
:0042FE8E 898DC0FEFFFF mov dword ptr
[ebp+FFFFFEC0], ecx
:0042FE94 C745D000000000 mov [ebp-30], 00000000
:0042FE9B 8B95C0FEFFFF mov edx, dword
ptr [ebp+FFFFFEC0]
:0042FEA1 8D4DD8
lea ecx, dword ptr [ebp-28]
* Reference To: MSVBVM50.__vbaStrMove, Ord:0000h
|
:0042FEA4 FF15FC444400 Call dword ptr
[004444FC]
:0042FEAA C745FC04000000 mov [ebp-04], 00000004
:0042FEB1 833DA8F0430000 cmp dword ptr [0043F0A8],
00000000
:0042FEB8 751C
jne 0042FED6
:0042FEBA 68A8F04300 push 0043F0A8
:0042FEBF 6888284000 push 00402888
* Reference To: MSVBVM50.__vbaNew2, Ord:0000h
|
:0042FEC4 FF1588444400 Call dword ptr
[00444488]
:0042FECA C785B0FEFFFFA8F04300 mov dword ptr [ebp+FFFFFEB0], 0043F0A8
:0042FED4 EB0A
jmp 0042FEE0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042FEB8(C)
|
:0042FED6 C785B0FEFFFFA8F04300 mov dword ptr [ebp+FFFFFEB0], 0043F0A8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042FED4(U)
|
:0042FEE0 8B95B0FEFFFF mov edx, dword
ptr [ebp+FFFFFEB0]
:0042FEE6 8B02
mov eax, dword ptr [edx]
:0042FEE8 8985E4FEFFFF mov dword ptr
[ebp+FFFFFEE4], eax
:0042FEEE 8D4DD0
lea ecx, dword ptr [ebp-30]
:0042FEF1 51
push ecx
* Possible StringData Ref from Code Obj ->"rregcode"
|
:0042FEF2 68F89E4000 push 00409EF8
* Possible StringData Ref from Code Obj ->"ggeneral"
|
:0042FEF7 68F0CA4000 push 0040CAF0
:0042FEFC 8B95E4FEFFFF mov edx, dword
ptr [ebp+FFFFFEE4]
:0042FF02 8B02
mov eax, dword ptr [edx]
:0042FF04 8B8DE4FEFFFF mov ecx, dword
ptr [ebp+FFFFFEE4]
:0042FF0A 51
push ecx
:0042FF0B FF502C
call [eax+2C]
:0042FF0E 8985E0FEFFFF mov dword ptr
[ebp+FFFFFEE0], eax
:0042FF14 83BDE0FEFFFF00 cmp dword ptr [ebp+FFFFFEE0],
00000000
:0042FF1B 7D23
jge 0042FF40
:0042FF1D 6A2C
push 0000002C
:0042FF1F 68AC9D4000 push 00409DAC
:0042FF24 8B95E4FEFFFF mov edx, dword
ptr [ebp+FFFFFEE4]
:0042FF2A 52
push edx
:0042FF2B 8B85E0FEFFFF mov eax, dword
ptr [ebp+FFFFFEE0]
:0042FF31 50
push eax
* Reference To: MSVBVM50.__vbaHresultCheckObj, Ord:0000h
|
:0042FF32 FF1528434400 Call dword ptr
[00444328]
:0042FF38 8985ACFEFFFF mov dword ptr
[ebp+FFFFFEAC], eax
:0042FF3E EB0A
jmp 0042FF4A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042FF1B(C)
|
:0042FF40 C785ACFEFFFF00000000 mov dword ptr [ebp+FFFFFEAC], 00000000
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042FF3E(U)
|
:0042FF4A 8B4DD0
mov ecx, dword ptr [ebp-30]
:0042FF4D 898DBCFEFFFF mov dword ptr
[ebp+FFFFFEBC], ecx
:0042FF53 C745D000000000 mov [ebp-30], 00000000
:0042FF5A 8B95BCFEFFFF mov edx, dword
ptr [ebp+FFFFFEBC]
:0042FF60 8D4DDC
lea ecx, dword ptr [ebp-24]
* Reference To: MSVBVM50.__vbaStrMove, Ord:0000h
|
:0042FF63 FF15FC444400 Call dword ptr
[004444FC]
:0042FF69 C745FC05000000 mov [ebp-04], 00000005
:0042FF70 8D55DC
lea edx, dword ptr [ebp-24]
:0042FF73 52
push edx
:0042FF74 E817B3FFFF call 0042B290
<========此call为比较注册码
:0042FF79 0FBFC0
movsx eax, ax
:0042FF7C 85C0
test eax, eax <========测试eax是否为零
:0042FF7E 0F848F010000 je 00430113
<========eax为零注册失败
此处不能跳,nop掉
:0042FF84 C745FC06000000 mov [ebp-04], 00000006
:0042FF8B 833D50F1430000 cmp dword ptr [0043F150],
00000000
:0042FF92 751C
jne 0042FFB0
:0042FF94 6850F14300 push 0043F150
:0042FF99 68F4554000 push 004055F4
* Reference To: MSVBVM50.__vbaNew2, Ord:0000h
|
:0042FF9E FF1588444400 Call dword ptr
[00444488]
- 标 题:隐私保护神3.0暴破 (11千字)
- 作 者:[tieji]
- 时 间:2001-12-5 13:42:56
- 链 接:http://bbs.pediy.com