• 标 题:Ollydbg——注册表终结者(regboy) V5.7 [VB]
  • 作 者:fly
  • 时 间:2003年9月24日 11:41
  • 链 接:http://bbs.pediy.com

Ollydbg——注册表终结者(regboy) V5.7 [VB]
 
 
 
下载页面:  http://www.skycn.com/soft/8796.html
软件大小:  1631 KB
软件语言:  简体中文
软件类别:  国产软件 / 共享版 / 系统设置
应用平台:  Win9x/NT/2000/XP
加入时间:  2003-08-11 16:55:30
下载次数:  48786
推荐等级:  **** 
开 发 商:  http://www.regboy.com/

【软件简介】:注册表终结者是一个系统全能优化软件!从网络安全到系统优化,从计算机性能提升到个性设置,解决恶意网页的攻击,注册表终结者均替您想到。有了本软件即使不懂注册表的初学者,你也能瞬间成为修改注册表的高手,初学者使用本软件也能成为系统优化大师!本软件全面支持Windows9x/ME/NT/2000/XP。并对2000/xp进行了专门的设计,您使用一个软件就可以任意修改所有的windows系统注册表。

【软件限制】:NAG、30次试用、功能限制

【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!

【破解工具】:Ollydbg1.09、PEiD、PE-Scan、W32Dasm 9.0白金版

————————————————————————————————— 
【过    程】:
          
         
          
regboy.exe 是ASPack 2.1壳,用PE-Scan脱之。851K->4.76M。 VB 编写。

用户名:fly
试炼码:13572468
—————————————————————————————————
程序启动后跳出注册框,可以在 MSVBVM50.rtcMidCharBstr 下断
呵呵, rtcMidCharBstr 快成 VB程序 的“千 能 断 点”了 :-)   


* Reference To: MSVBVM50.__vbaLenVar, Ord:0000h
                                  |
:006D8BFB FF15A0738800            Call dword ptr [008873A0]
                                  ====>取 用户名 长度

:006D8C01 8BD0                    mov edxeax
                                  ====>EDX=03

…… …… 省 略 …… ……

:006D8CA6 50                      push eax
                                  ====>EAX=fly                用户名

* Reference To: MSVBVM50.rtcMidCharBstr, Ord:0277h
                                  |
:006D8CA7 FF1520748800            Call dword ptr [00887420]
                                  ====>依次取 f、l、y 字符

:006D8CAD 8BD0                    mov edxeax
:006D8CAF 8D8D70FCFFFF            lea ecxdword ptr [ebp+FFFFFC70]

* Reference To: MSVBVM50.__vbaStrMove, Ord:0000h
                                  |
:006D8CB5 FF15A8758800            Call dword ptr [008875A8]
:006D8CBB 50                      push eax

* Reference To: MSVBVM50.rtcAnsiValueBstr, Ord:0204h
                                  |
:006D8CBC FF155C738800            Call dword ptr [0088735C]
                                  ====>依次取 f、l、y 字符对应的ASCII码值

:006D8CC2 8D9518FAFFFF            lea edxdword ptr [ebp+FFFFFA18]
:006D8CC8 8D8D20FFFFFF            lea ecxdword ptr [ebp+FFFFFF20]
:006D8CCE 66898520FAFFFF          mov word ptr [ebp+FFFFFA20], ax
                                  ====>[ebp+FFFFFA20]=66、6C、79

…… …… 省 略 …… ……

* Reference To: MSVBVM50.__vbaVarAdd, Ord:0000h
                                  |
:006D8D1B FF1570758800            Call dword ptr [00887570]
                                  ====>累加:66 + 6C + 79=0000014B

…… …… 省 略 …… ……

* Reference To: MSVBVM50.__vbaVarForNext, Ord:0000h
                                  |
:006D8D44 FF15D8758800            Call dword ptr [008875D8]
:006D8D4A E912FFFFFF              jmp 006D8C61
                                  ====>循环

…… …… 省 略 …… ……

:006D8D64 C78530FAFFFF85B10000    mov dword ptr [ebp+FFFFFA30], 0000B185
                                  ====>[ebp+FFFFFA30]=0000B185

:006D8D6E C78528FAFFFF03000000    mov dword ptr [ebp+FFFFFA28], 00000003

* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
                                  |
:006D8D78 FF15AC738800            Call dword ptr [008873AC]
                                  ====>异或:0000014B XOR 0000B185=0000B0CE

…… …… 省 略 …… ……

:006D8D9E C78530FAFFFF7B000000    mov dword ptr [ebp+FFFFFA30], 0000007B
:006D8DA8 C78528FAFFFF02000000    mov dword ptr [ebp+FFFFFA28], 00000002

* Reference To: MSVBVM50.__vbaVarMul, Ord:0000h
                                  |
:006D8DB2 FF15A8748800            Call dword ptr [008874A8]
                                  ====>相乘:000393AD * 0000007B=01B7F41F

:006D8DB8 50                      push eax
:006D8DB9 8D9500FFFFFF            lea edxdword ptr [ebp+FFFFFF00]
:006D8DBF 8D85D8FBFFFF            lea eaxdword ptr [ebp+FFFFFBD8]
:006D8DC5 52                      push edx
:006D8DC6 50                      push eax

* Reference To: MSVBVM50.__vbaVarAdd, Ord:0000h
                                  |
:006D8DC7 FF1570758800            Call dword ptr [00887570]
                                  ====>相加:01B7F41F + 0000B0CE=01B8A4ED

…… …… 省 略 …… ……

:006D8E3D C78530FAFFFF4E7D3100    mov dword ptr [ebp+FFFFFA30], 00317D4E
                                  ====>[ebp+FFFFFA30]=00317D4E

:006D8E47 C78528FAFFFF03000000    mov dword ptr [ebp+FFFFFA28], 00000003

* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
                                  |
:006D8E51 FF15AC738800            Call dword ptr [008873AC]
                                  ====>异或:01B8A4ED XOR 00317D4E=0189D9A3

…… …… 省 略 …… ……

:006D8E7A C78530FAFFFFE7100000    mov dword ptr [ebp+FFFFFA30], 000010E7
                                  ====>[ebp+FFFFFA30]=000010E7

:006D8E84 C78528FAFFFF02000000    mov dword ptr [ebp+FFFFFA28], 00000002

* Reference To: MSVBVM50.__vbaVarSub, Ord:0000h
                                  |
:006D8E8E FF1514738800            Call dword ptr [00887314]
                                  ====>相减:0189D9A3 - 000010E7=0189C8BC

…… …… 省 略 …… ……

:006D8EB7 C78530FAFFFF670ABC00    mov dword ptr [ebp+FFFFFA30], 00BC0A67
                                  ====>[ebp+FFFFFA30]=00BC0A67

:006D8EC1 C78528FAFFFF03000000    mov dword ptr [ebp+FFFFFA28], 00000003

* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
                                  |
:006D8ECB FF15AC738800            Call dword ptr [008873AC]
                                  ====>异或:0189C8BC XOR 00BC0A67=0135C2DB

…… …… 省 略 …… ……

:006D8EF4 C78530FAFFFF03000000    mov dword ptr [ebp+FFFFFA30], 00000003
                                  ====>[ebp+FFFFFA30]=00000003

:006D8EFE C78528FAFFFF02000000    mov dword ptr [ebp+FFFFFA28], 00000002

* Reference To: MSVBVM50.__vbaVarMul, Ord:0000h
                                  |
:006D8F08 FF15A8748800            Call dword ptr [008874A8]
                                  ====>相乘:0135C2DB * 00000003=03A14891

…… …… 省 略 …… ……

:006D8F31 C78530FAFFFF83000000    mov dword ptr [ebp+FFFFFA30], 00000083
                                  ====>[ebp+FFFFFA30]=00000083

:006D8F3B C78528FAFFFF02000000    mov dword ptr [ebp+FFFFFA28], 00000002

* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
                                  |
:006D8F45 FF15AC738800            Call dword ptr [008873AC]
                                  ====>异或:03A14891 XOR 00000083=03A14812

…… …… 省 略 …… ……

:006D8F6E C78530FAFFFF0E000000    mov dword ptr [ebp+FFFFFA30], 0000000E
                                  ====>[ebp+FFFFFA30]=0000000E

:006D8F78 C78528FAFFFF02000000    mov dword ptr [ebp+FFFFFA28], 00000002

* Reference To: MSVBVM50.__vbaVarSub, Ord:0000h
                                  |
:006D8F82 FF1514738800            Call dword ptr [00887314]
                                  ====>相减:03A14812 - 0000000E=03A14804

…… …… 省 略 …… ……

:006D8FAB C78530FAFFFF108A0000    mov dword ptr [ebp+FFFFFA30], 00008A10
                                  ====>[ebp+FFFFFA30]=00008A10

:006D8FB5 C78528FAFFFF03000000    mov dword ptr [ebp+FFFFFA28], 00000003

* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
                                  |
:006D8FBF FF15AC738800            Call dword ptr [008873AC]
                                  ====>异或:03A14804 XOR 00008A10=03A1C214

…… …… 省 略 …… ……

:006D90A8 C78530FAFFFFED6B0A0F    mov dword ptr [ebp+FFFFFA30], 0F0A6BED
                                  ====>[ebp+FFFFFA30]=0F0A6BED

:006D90B2 C78528FAFFFF03000000    mov dword ptr [ebp+FFFFFA28], 00000003

* Reference To: MSVBVM50.__vbaVarAdd, Ord:0000h
                                  |
:006D90BC FF1570758800            Call dword ptr [00887570]
                                  ====>相加:03A1C214 + 0F0A6BED=12AC2E01

…… …… 省 略 …… ……

:006D9207 C78530FAFFFF0C000000    mov dword ptr [ebp+FFFFFA30], 0000000C
                                  ====>[ebp+FFFFFA30]=0000000C

:006D9211 C78528FAFFFF02000000    mov dword ptr [ebp+FFFFFA28], 00000002

* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
                                  |
:006D921B FF15AC738800            Call dword ptr [008873AC]
                                  ====>异或:12AC2E01 XOR 0000000C=12AC2E0D

…… …… 省 略 …… ……

:006D9366 C78530FAFFFF07296601    mov dword ptr [ebp+FFFFFA30], 01662907
                                  ====>[ebp+FFFFFA30]=01662907

:006D9370 C78528FAFFFF03000000    mov dword ptr [ebp+FFFFFA28], 00000003

* Reference To: MSVBVM50.__vbaVarAdd, Ord:0000h
                                  |
:006D937A FF1570758800            Call dword ptr [00887570]
                                  ====>相加:12AC2E0D + 01662907=14125714

…… …… 省 略 …… ……

:006D94C5 C78530FAFFFF08000000    mov dword ptr [ebp+FFFFFA30], 00000008
                                  ====>[ebp+FFFFFA30]=00000008

:006D94CF C78528FAFFFF02000000    mov dword ptr [ebp+FFFFFA28], 00000002

* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
                                  |
:006D94D9 FF15AC738800            Call dword ptr [008873AC]
                                  ====>异或:14125714 XOR 00000008=1412571C

…… …… 省 略 …… ……

:006D9624 C78530FAFFFF92300000    mov dword ptr [ebp+FFFFFA30], 00003092
                                  ====>[ebp+FFFFFA30]=00003092

:006D962E C78528FAFFFF02000000    mov dword ptr [ebp+FFFFFA28], 00000002

* Reference To: MSVBVM50.__vbaVarSub, Ord:0000h
                                  |
:006D9638 FF1514738800            Call dword ptr [00887314]
                                  ====>相减:1412571C - 00003092=1412268A

…… …… 省 略 …… ……

:006D9783 C78530FAFFFF9F050000    mov dword ptr [ebp+FFFFFA30], 0000059F
                                  ====>[ebp+FFFFFA30]=0000059F

:006D978D C78528FAFFFF02000000    mov dword ptr [ebp+FFFFFA28], 00000002

* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
                                  |
:006D9797 FF15AC738800            Call dword ptr [008873AC]
                                  ====>异或:1412268A XOR 0000059F=14122315

…… …… 省 略 …… ……

:006D98E2 C78530FAFFFFD598EF01    mov dword ptr [ebp+FFFFFA30], 01EF98D5
                                  ====>[ebp+FFFFFA30]=01EF98D5

:006D98EC C78528FAFFFF03000000    mov dword ptr [ebp+FFFFFA28], 00000003

* Reference To: MSVBVM50.__vbaVarAdd, Ord:0000h
                                  |
:006D98F6 FF1570758800            Call dword ptr [00887570]
                                  ====>相加:14122315 + 01EF98D5=1601BBEA

…… …… 省 略 …… ……

:006D9A41 C78530FAFFFFF8920300    mov dword ptr [ebp+FFFFFA30], 000392F8
                                  ====>[ebp+FFFFFA30]=000392F8

:006D9A4B C78528FAFFFF03000000    mov dword ptr [ebp+FFFFFA28], 00000003

* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
                                  |
:006D9A55 FF15AC738800            Call dword ptr [008873AC]
                                  ====>异或:1601BBEA XOR 000392F8=16022912(H)=369240338(D)


               …… …… 省      略 …… ……


* Reference To: MSVBVM50.__vbaStrVarVal, Ord:0000h
                                  |
:006D9B1E FF15E4748800            Call dword ptr [008874E4]
:006D9B24 50                      push eax
                                  ====>EAX=13572468          试炼码

…… …… 省 略 …… ……

* Reference To: MSVBVM50.rtcR8ValFromBstr, Ord:0245h
                                  |
:006D9B4F FF15F0758800            Call dword ptr [008875F0]
:006D9B55 DD9D30FAFFFF            fstp qword ptr [ebp+FFFFFA30]
                                  ====>ST=13572468.00000000

…… …… 省 略 …… ……

* Reference To: MSVBVM50.__vbaVarTstEq, Ord:0000h
                                  |
:006D9BCB FF154C748800            Call dword ptr [0088744C]
                                  ====>比较CALL!

:006D9BD1 6685C0                  test axax
:006D9BD4 0F850E4D0000            jne 006DE8E8


———————————————————
进入比较CALL:  006D9BCB   Call   dword ptr [0088744C]



78356F97        DB43 08           fild dword ptr ds:[ebx+8]
78356F9A        8B55 0C           mov edx,dword ptr ss:[ebp+C]
78356F9D        DC52 08           fcom qword ptr ds:[edx+8]  //比较啦 :-)
                                  ====>ST=369240338.00000000000    注册码
                                  ====>[edx+8]=13572468.00000000   试炼码

78356FA0        DD5D F8           fstp qword ptr ss:[ebp-8]
78356FA3        DFE0              fstsw ax
78356FA5        9E                sahf
78356FA6        72 1B             jb short MSVBVM50.78356FC3



—————————————————————————————————
【算 法  总 结】:


哎,有必要放如此多而烦琐的 简单运算 吗?建议使用密码学算法吧! :-)            

————————————————————————————————— 
【注册信息保存】:


REGEDIT4

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionexplorerAdvancedBitAdv]
"NoDriveRun"="kat"
"NoVirtMemPage"="'\"-& $'',"


BTW:程序自身的密码保存在:
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionCheck_Pss]
"pssword"=" 125 127 121 123"  忘记口令删了这个就行了。或者你自己求逆出来  ^O^


————————————————————————————————— 
【整        理】:


用户名:fly
注册码:369240338

—————————————————————————————————
    
                                
         ,     _/ 
        /| _.-~/            _     ,        青春都一饷
       ( /~   /              ~-._ |
       `\  _/                   ~ )          忍把浮名 
   _-~~~-.)  )__/;;,.          _  //'
  /'_,   --~    ~~~-  ,;;___(  (.-~~~-.        换了破解轻狂
 `~ _( ,_..-- (     ,;'' /    ~--   /._` 
  /~~//'   /' `~         ) /--.._, )_  `~
  "  `~"  "      `"      /~'`    `\~~   
                         "     "   "~'  ""

    

               Cracked By 巢水工作坊——fly [OCN][FCG]

                       2003-09-24  16:55