Ollydbg——注册表终结者(regboy) V5.7 [VB]
下载页面: http://www.skycn.com/soft/8796.html
软件大小: 1631 KB
软件语言: 简体中文
软件类别: 国产软件 / 共享版 / 系统设置
应用平台: Win9x/NT/2000/XP
加入时间: 2003-08-11 16:55:30
下载次数: 48786
推荐等级: ****
开 发 商: http://www.regboy.com/
【软件简介】:注册表终结者是一个系统全能优化软件!从网络安全到系统优化,从计算机性能提升到个性设置,解决恶意网页的攻击,注册表终结者均替您想到。有了本软件即使不懂注册表的初学者,你也能瞬间成为修改注册表的高手,初学者使用本软件也能成为系统优化大师!本软件全面支持Windows9x/ME/NT/2000/XP。并对2000/xp进行了专门的设计,您使用一个软件就可以任意修改所有的windows系统注册表。
【软件限制】:NAG、30次试用、功能限制
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:Ollydbg1.09、PEiD、PE-Scan、W32Dasm 9.0白金版
—————————————————————————————————
【过 程】:
regboy.exe 是ASPack 2.1壳,用PE-Scan脱之。851K->4.76M。 VB 编写。
用户名:fly
试炼码:13572468
—————————————————————————————————
程序启动后跳出注册框,可以在 MSVBVM50.rtcMidCharBstr 下断
呵呵, rtcMidCharBstr 快成 VB程序 的“千 能 断 点”了 :-)
* Reference To: MSVBVM50.__vbaLenVar, Ord:0000h
|
:006D8BFB FF15A0738800 Call dword ptr [008873A0]
====>取 用户名 长度
:006D8C01 8BD0 mov edx, eax
====>EDX=03
…… …… 省 略 …… ……
:006D8CA6 50 push eax
====>EAX=fly 用户名
* Reference To: MSVBVM50.rtcMidCharBstr, Ord:0277h
|
:006D8CA7 FF1520748800 Call dword ptr [00887420]
====>依次取 f、l、y 字符
:006D8CAD 8BD0 mov edx, eax
:006D8CAF 8D8D70FCFFFF lea ecx, dword ptr [ebp+FFFFFC70]
* Reference To: MSVBVM50.__vbaStrMove, Ord:0000h
|
:006D8CB5 FF15A8758800 Call dword ptr [008875A8]
:006D8CBB 50 push eax
* Reference To: MSVBVM50.rtcAnsiValueBstr, Ord:0204h
|
:006D8CBC FF155C738800 Call dword ptr [0088735C]
====>依次取 f、l、y 字符对应的ASCII码值
:006D8CC2 8D9518FAFFFF lea edx, dword ptr [ebp+FFFFFA18]
:006D8CC8 8D8D20FFFFFF lea ecx, dword ptr [ebp+FFFFFF20]
:006D8CCE 66898520FAFFFF mov word ptr [ebp+FFFFFA20], ax
====>[ebp+FFFFFA20]=66、6C、79
…… …… 省 略 …… ……
* Reference To: MSVBVM50.__vbaVarAdd, Ord:0000h
|
:006D8D1B FF1570758800 Call dword ptr [00887570]
====>累加:66 + 6C + 79=0000014B
…… …… 省 略 …… ……
* Reference To: MSVBVM50.__vbaVarForNext, Ord:0000h
|
:006D8D44 FF15D8758800 Call dword ptr [008875D8]
:006D8D4A E912FFFFFF jmp 006D8C61
====>循环
…… …… 省 略 …… ……
:006D8D64 C78530FAFFFF85B10000 mov dword ptr [ebp+FFFFFA30], 0000B185
====>[ebp+FFFFFA30]=0000B185
:006D8D6E C78528FAFFFF03000000 mov dword ptr [ebp+FFFFFA28], 00000003
* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
|
:006D8D78 FF15AC738800 Call dword ptr [008873AC]
====>异或:0000014B XOR 0000B185=0000B0CE
…… …… 省 略 …… ……
:006D8D9E C78530FAFFFF7B000000 mov dword ptr [ebp+FFFFFA30], 0000007B
:006D8DA8 C78528FAFFFF02000000 mov dword ptr [ebp+FFFFFA28], 00000002
* Reference To: MSVBVM50.__vbaVarMul, Ord:0000h
|
:006D8DB2 FF15A8748800 Call dword ptr [008874A8]
====>相乘:000393AD * 0000007B=01B7F41F
:006D8DB8 50 push eax
:006D8DB9 8D9500FFFFFF lea edx, dword ptr [ebp+FFFFFF00]
:006D8DBF 8D85D8FBFFFF lea eax, dword ptr [ebp+FFFFFBD8]
:006D8DC5 52 push edx
:006D8DC6 50 push eax
* Reference To: MSVBVM50.__vbaVarAdd, Ord:0000h
|
:006D8DC7 FF1570758800 Call dword ptr [00887570]
====>相加:01B7F41F + 0000B0CE=01B8A4ED
…… …… 省 略 …… ……
:006D8E3D C78530FAFFFF4E7D3100 mov dword ptr [ebp+FFFFFA30], 00317D4E
====>[ebp+FFFFFA30]=00317D4E
:006D8E47 C78528FAFFFF03000000 mov dword ptr [ebp+FFFFFA28], 00000003
* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
|
:006D8E51 FF15AC738800 Call dword ptr [008873AC]
====>异或:01B8A4ED XOR 00317D4E=0189D9A3
…… …… 省 略 …… ……
:006D8E7A C78530FAFFFFE7100000 mov dword ptr [ebp+FFFFFA30], 000010E7
====>[ebp+FFFFFA30]=000010E7
:006D8E84 C78528FAFFFF02000000 mov dword ptr [ebp+FFFFFA28], 00000002
* Reference To: MSVBVM50.__vbaVarSub, Ord:0000h
|
:006D8E8E FF1514738800 Call dword ptr [00887314]
====>相减:0189D9A3 - 000010E7=0189C8BC
…… …… 省 略 …… ……
:006D8EB7 C78530FAFFFF670ABC00 mov dword ptr [ebp+FFFFFA30], 00BC0A67
====>[ebp+FFFFFA30]=00BC0A67
:006D8EC1 C78528FAFFFF03000000 mov dword ptr [ebp+FFFFFA28], 00000003
* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
|
:006D8ECB FF15AC738800 Call dword ptr [008873AC]
====>异或:0189C8BC XOR 00BC0A67=0135C2DB
…… …… 省 略 …… ……
:006D8EF4 C78530FAFFFF03000000 mov dword ptr [ebp+FFFFFA30], 00000003
====>[ebp+FFFFFA30]=00000003
:006D8EFE C78528FAFFFF02000000 mov dword ptr [ebp+FFFFFA28], 00000002
* Reference To: MSVBVM50.__vbaVarMul, Ord:0000h
|
:006D8F08 FF15A8748800 Call dword ptr [008874A8]
====>相乘:0135C2DB * 00000003=03A14891
…… …… 省 略 …… ……
:006D8F31 C78530FAFFFF83000000 mov dword ptr [ebp+FFFFFA30], 00000083
====>[ebp+FFFFFA30]=00000083
:006D8F3B C78528FAFFFF02000000 mov dword ptr [ebp+FFFFFA28], 00000002
* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
|
:006D8F45 FF15AC738800 Call dword ptr [008873AC]
====>异或:03A14891 XOR 00000083=03A14812
…… …… 省 略 …… ……
:006D8F6E C78530FAFFFF0E000000 mov dword ptr [ebp+FFFFFA30], 0000000E
====>[ebp+FFFFFA30]=0000000E
:006D8F78 C78528FAFFFF02000000 mov dword ptr [ebp+FFFFFA28], 00000002
* Reference To: MSVBVM50.__vbaVarSub, Ord:0000h
|
:006D8F82 FF1514738800 Call dword ptr [00887314]
====>相减:03A14812 - 0000000E=03A14804
…… …… 省 略 …… ……
:006D8FAB C78530FAFFFF108A0000 mov dword ptr [ebp+FFFFFA30], 00008A10
====>[ebp+FFFFFA30]=00008A10
:006D8FB5 C78528FAFFFF03000000 mov dword ptr [ebp+FFFFFA28], 00000003
* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
|
:006D8FBF FF15AC738800 Call dword ptr [008873AC]
====>异或:03A14804 XOR 00008A10=03A1C214
…… …… 省 略 …… ……
:006D90A8 C78530FAFFFFED6B0A0F mov dword ptr [ebp+FFFFFA30], 0F0A6BED
====>[ebp+FFFFFA30]=0F0A6BED
:006D90B2 C78528FAFFFF03000000 mov dword ptr [ebp+FFFFFA28], 00000003
* Reference To: MSVBVM50.__vbaVarAdd, Ord:0000h
|
:006D90BC FF1570758800 Call dword ptr [00887570]
====>相加:03A1C214 + 0F0A6BED=12AC2E01
…… …… 省 略 …… ……
:006D9207 C78530FAFFFF0C000000 mov dword ptr [ebp+FFFFFA30], 0000000C
====>[ebp+FFFFFA30]=0000000C
:006D9211 C78528FAFFFF02000000 mov dword ptr [ebp+FFFFFA28], 00000002
* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
|
:006D921B FF15AC738800 Call dword ptr [008873AC]
====>异或:12AC2E01 XOR 0000000C=12AC2E0D
…… …… 省 略 …… ……
:006D9366 C78530FAFFFF07296601 mov dword ptr [ebp+FFFFFA30], 01662907
====>[ebp+FFFFFA30]=01662907
:006D9370 C78528FAFFFF03000000 mov dword ptr [ebp+FFFFFA28], 00000003
* Reference To: MSVBVM50.__vbaVarAdd, Ord:0000h
|
:006D937A FF1570758800 Call dword ptr [00887570]
====>相加:12AC2E0D + 01662907=14125714
…… …… 省 略 …… ……
:006D94C5 C78530FAFFFF08000000 mov dword ptr [ebp+FFFFFA30], 00000008
====>[ebp+FFFFFA30]=00000008
:006D94CF C78528FAFFFF02000000 mov dword ptr [ebp+FFFFFA28], 00000002
* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
|
:006D94D9 FF15AC738800 Call dword ptr [008873AC]
====>异或:14125714 XOR 00000008=1412571C
…… …… 省 略 …… ……
:006D9624 C78530FAFFFF92300000 mov dword ptr [ebp+FFFFFA30], 00003092
====>[ebp+FFFFFA30]=00003092
:006D962E C78528FAFFFF02000000 mov dword ptr [ebp+FFFFFA28], 00000002
* Reference To: MSVBVM50.__vbaVarSub, Ord:0000h
|
:006D9638 FF1514738800 Call dword ptr [00887314]
====>相减:1412571C - 00003092=1412268A
…… …… 省 略 …… ……
:006D9783 C78530FAFFFF9F050000 mov dword ptr [ebp+FFFFFA30], 0000059F
====>[ebp+FFFFFA30]=0000059F
:006D978D C78528FAFFFF02000000 mov dword ptr [ebp+FFFFFA28], 00000002
* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
|
:006D9797 FF15AC738800 Call dword ptr [008873AC]
====>异或:1412268A XOR 0000059F=14122315
…… …… 省 略 …… ……
:006D98E2 C78530FAFFFFD598EF01 mov dword ptr [ebp+FFFFFA30], 01EF98D5
====>[ebp+FFFFFA30]=01EF98D5
:006D98EC C78528FAFFFF03000000 mov dword ptr [ebp+FFFFFA28], 00000003
* Reference To: MSVBVM50.__vbaVarAdd, Ord:0000h
|
:006D98F6 FF1570758800 Call dword ptr [00887570]
====>相加:14122315 + 01EF98D5=1601BBEA
…… …… 省 略 …… ……
:006D9A41 C78530FAFFFFF8920300 mov dword ptr [ebp+FFFFFA30], 000392F8
====>[ebp+FFFFFA30]=000392F8
:006D9A4B C78528FAFFFF03000000 mov dword ptr [ebp+FFFFFA28], 00000003
* Reference To: MSVBVM50.__vbaVarXor, Ord:0000h
|
:006D9A55 FF15AC738800 Call dword ptr [008873AC]
====>异或:1601BBEA XOR 000392F8=16022912(H)=369240338(D)
…… …… 省 略 …… ……
* Reference To: MSVBVM50.__vbaStrVarVal, Ord:0000h
|
:006D9B1E FF15E4748800 Call dword ptr [008874E4]
:006D9B24 50 push eax
====>EAX=13572468 试炼码
…… …… 省 略 …… ……
* Reference To: MSVBVM50.rtcR8ValFromBstr, Ord:0245h
|
:006D9B4F FF15F0758800 Call dword ptr [008875F0]
:006D9B55 DD9D30FAFFFF fstp qword ptr [ebp+FFFFFA30]
====>ST=13572468.00000000
…… …… 省 略 …… ……
* Reference To: MSVBVM50.__vbaVarTstEq, Ord:0000h
|
:006D9BCB FF154C748800 Call dword ptr [0088744C]
====>比较CALL!
:006D9BD1 6685C0 test ax, ax
:006D9BD4 0F850E4D0000 jne 006DE8E8
———————————————————
进入比较CALL: 006D9BCB Call dword ptr [0088744C]
78356F97 DB43 08 fild dword ptr ds:[ebx+8]
78356F9A 8B55 0C mov edx,dword ptr ss:[ebp+C]
78356F9D DC52 08 fcom qword ptr ds:[edx+8] //比较啦 :-)
====>ST=369240338.00000000000 注册码
====>[edx+8]=13572468.00000000 试炼码
78356FA0 DD5D F8 fstp qword ptr ss:[ebp-8]
78356FA3 DFE0 fstsw ax
78356FA5 9E sahf
78356FA6 72 1B jb short MSVBVM50.78356FC3
—————————————————————————————————
【算 法 总 结】:
哎,有必要放如此多而烦琐的 简单运算 吗?建议使用密码学算法吧! :-)
—————————————————————————————————
【注册信息保存】:
REGEDIT4
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionexplorerAdvancedBitAdv]
"NoDriveRun"="kat"
"NoVirtMemPage"="'\"-& $'',"
BTW:程序自身的密码保存在:
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionCheck_Pss]
"pssword"=" 125 127 121 123" 忘记口令删了这个就行了。或者你自己求逆出来 ^O^
—————————————————————————————————
【整 理】:
用户名:fly
注册码:369240338
—————————————————————————————————
, _/
/| _.-~/ _ , 青春都一饷
( /~ / ~-._ |
`\ _/ ~ ) 忍把浮名
_-~~~-.) )__/;;,. _ //'
/'_, --~ ~~~- ,;;___( (.-~~~-. 换了破解轻狂
`~ _( ,_..-- ( ,;'' / ~-- /._`
/~~//' /' `~ ) /--.._, )_ `~
" `~" " `" /~'` `\~~
" " "~' ""
Cracked By 巢水工作坊——fly [OCN][FCG]
2003-09-24 16:55