【破解作者】 Wind
【作者邮箱】 winddyj@163.com
【作者主页】 winddyj.126.com
【使用工具】 OD、fi250
【破解平台】 Win9x
【软件名称】 KingCopy 2.5 Beta
【下载地址】 http://www.r4cn.com
【软件简介】 KingCopy 是一款优越的应用于文件复制、备份、修复的实用工具。
具有速度快、人工智能度高特点,结合到资源管理器的右键菜单,能大大地简化平常的文件复制操作。
具有较高的文件读取及纠错能力,能读取软盘上损坏的文件,并能对损坏的文件进行修复,恢复重要的数据。
具有的更新文件及重命名文件的功能。可跳过难读的文件
具有的文件断点续拷。
未注册版本没有功能或时间的限制,但每隔三天就会出现一次提示注册的窗口。
【软件大小】 879K
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
用FI检测,无壳,VB5编写,打开OD,载入程序,在查看--执行模块里选中msvbvm50.dll,在搜索--当前模块名称中找到__vbastrcomp下断点。然后运行程序,程序会被拦断三次,直接按F9带过,之后主程序打开,输入用户名:Wind,假码:1980124,点注册,程序被拦:
798B3563 > 55 PUSH EBP ------->我们来到这儿(我们将还会来到这儿)
798B3564 8BEC MOV EBP,ESP
798B3566 53 PUSH EBX
798B3567 56 PUSH ESI
798B3568 57 PUSH EDI
798B3569 837D 10 00 CMP DWORD PTR SS:[EBP+10],0 ------->检测有没有输入用户名(等下会在这儿检测有没有假码和真码,所以一共要来这儿三次)
798B356D BE 00000000 MOV ESI,0
798B3572 74 06 JE SHORT MSVBVM50.798B357A ------->没有输就飞了
798B3574 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
798B3577 8B70 FC MOV ESI,DWORD PTR DS:[EAX-4]
798B357A 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
798B357E BF 00000000 MOV EDI,0
798B3583 74 06 JE SHORT MSVBVM50.798B358B
798B3585 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
798B3588 8B79 FC MOV EDI,DWORD PTR DS:[ECX-4]
798B358B 3BFE CMP EDI,ESI
798B358D 8BDF MOV EBX,EDI
798B358F 73 25 JNB SHORT MSVBVM50.798B35B6
798B3591 837D 08 00 CMP DWORD PTR SS:[EBP+8],0
798B3595 75 36 JNZ SHORT MSVBVM50.798B35CD
798B3597 85DB TEST EBX,EBX
798B3599 74 28 JE SHORT MSVBVM50.798B35C3 -------->跳到下面
798B359B 8BC3 MOV EAX,EBX
798B359D D1E8 SHR EAX,1
798B359F 50 PUSH EAX
798B35A0 FF75 0C PUSH DWORD PTR SS:[EBP+C]
798B35A3 FF75 10 PUSH DWORD PTR SS:[EBP+10]
798B35A6 E8 3FA40000 CALL MSVBVM50.798BD9EA
798B35AB 85C0 TEST EAX,EAX
798B35AD 74 0B JE SHORT MSVBVM50.798B35BA
798B35AF 5F POP EDI
798B35B0 5E POP ESI
798B35B1 5B POP EBX
798B35B2 5D POP EBP
798B35B3 C2 0C00 RETN 0C
798B35B6 8BDE MOV EBX,ESI
798B35B8 ^EB D7 JMP SHORT MSVBVM50.798B3591
798B35C3 3BF7 CMP ESI,EDI -------->跳到这了
798B35C5 76 54 JBE SHORT MSVBVM50.798B361B
798B35C7 66:B8 0100 MOV AX,1
798B35CB ^EB E2 JMP SHORT MSVBVM50.798B35AF --------->继续跳
798B35CD D1EE SHR ESI,1
798B35CF D1EF SHR EDI,1
798B35AF 5F POP EDI ; MSVBVM50.799BC358 --------->来到这儿
798B35B0 5E POP ESI
798B35B1 5B POP EBX
798B35B2 5D POP EBP
798B35B3 C2 0C00 RETN 0C ---------->再走
798B35B6 8BDE MOV EBX,ESI
798B35B8 ^EB D7 JMP SHORT MSVBVM50.798B3591
798B35BA F6C3 01 TEST BL,1
798B35BD 0F85 CFFA0500 JNZ MSVBVM50.79913092
798CF900 E8 5E3CFEFF CALL MSVBVM50.__vbaStrComp
798CF905 0FBFC0 MOVSX EAX,AX --------->来到这儿
798CF908 C2 0800 RETN 8 ---------->再走 (在检测完假码后,此处将会跳到00463CF7,去计算真码;生成正确的注册码后,也就是第三次,将会跳到463DE5,去进行对比)
798CF90B > 51 PUSH ECX
00463C50 . FFD6 CALL ESI ; <&MSVBVM50.__vbaStrCmp>
00463C52 . 85C0 TEST EAX,EAX --------->来到这儿
00463C54 . 0F85 92000000 JNZ YKINGCOP.00463CEC ----------->跳走
00463C5A . 8B1D 90D54600 MOV EBX,DWORD PTR DS:[<&MSVBVM50.__vbaVa>; MSVBVM50.__vbaVarDup
。。。。。。。。。
00463CEC > 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] --------->来到这儿
00463CEF . 51 PUSH ECX
00463CF0 . 68 FCBD4000 PUSH YKINGCOP.0040BDFC
00463CF5 . FFD6 CALL ESI ---------->回到我们的入口,去检测有没有输入注册码(去进行第二次对比)
00463CF7 . 85C0 TEST EAX,EAX ---------->检测完注册码,会再回到这儿
00463CF9 . 0F85 CB000000 JNZ YKINGCOP.00463DCA -------------------->这儿去计算注册码
00463CFF . 8B3D 90D54600 MOV EDI,DWORD PTR DS:[<&MSVBVM50.__vbaVa>; MSVBVM50.__vbaVarDup
00463DC5 . E9 A1060000 JMP YKINGCOP.0046446B
00463DCA > 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
00463DCD . 51 PUSH ECX
00463DCE . E8 3DBBFCFF CALL YKINGCOP.0042F910 ------------>关键CALL,跟入
00463DD3 . 8BD0 MOV EDX,EAX
00463DD5 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
00463DD8 . FF15 BCD54600 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrMo>; MSVBVM50.__vbaStrMove
00463DDE . 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20]
00463DE1 . 50 PUSH EAX
00463DE2 . 52 PUSH EDX
00463DE3 . FFD6 CALL ESI
00463DE5 . 8B1D F8D54600 MOV EBX,DWORD PTR DS:[<&MSVBVM50.__vbaFr>; MSVBVM50.__vbaFreeStr ------------>关键对比(但不能用于爆破,因为软件运行时还会对比)
00463DEB . 8BF0 MOV ESI,EAX
00463DED . F7DE NEG ESI
00463DEF . 1BF6 SBB ESI,ESI
00463DF1 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
00463DF4 . 46 INC ESI
00463DF5 . F7DE NEG ESI
00463DF7 . FFD3 CALL EBX ; <&MSVBVM50.__vbaFreeStr>
00463DF9 . 66:85F6 TEST SI,SI
00463DFC . 0F84 DE040000 JE YKINGCOP.004642E0 -------->关键跳转,跳就失败
00463E02 . 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
00463E05 . 85C0 TEST EAX,EAX
00463E07 . 75 0F JNZ SHORT YKINGCOP.00463E18
00463E09 . 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
00463E0C . 50 PUSH EAX
00463E0D . 68 34484000 PUSH YKINGCOP.00404834
00463E12 . FF15 28D54600 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2
00463E18 > 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
00463E1B . 8D95 34FFFFFF LEA EDX,DWORD PTR SS:[EBP-CC]
00463E21 . 51 PUSH ECX
00463E22 . 52 PUSH EDX
00463E23 . FF15 E0D34600 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSetAddref
00463E29 . 8B85 34FFFFFF MOV EAX,DWORD PTR SS:[EBP-CC]
00463E2F . 68 02000080 PUSH 80000002
00463E34 . 50 PUSH EAX
00463E35 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
00463E37 . FF51 50 CALL DWORD PTR DS:[ECX+50]
00463E3A . 85C0 TEST EAX,EAX
00463E3C . 7D 19 JGE SHORT YKINGCOP.00463E57
00463E3E . 8B95 34FFFFFF MOV EDX,DWORD PTR SS:[EBP-CC]
00463E44 . 8B35 A4D34600 MOV ESI,DWORD PTR DS:[<&MSVBVM50.__vbaHr>; MSVBVM50.__vbaHresultCheckObj
00463E4A . 6A 50 PUSH 50
00463E4C . 68 98D74000 PUSH YKINGCOP.0040D798
00463E51 . 52 PUSH EDX
00463E52 . 50 PUSH EAX
00463E53 . FFD6 CALL ESI ; <&MSVBVM50.__vbaHresultCheckObj>
00463E55 . EB 06 JMP SHORT YKINGCOP.00463E5D
00463E57 > 8B35 A4D34600 MOV ESI,DWORD PTR DS:[<&MSVBVM50.__vbaHr>; MSVBVM50.__vbaHresultCheckObj ---->不跳就注册成功
00463E5D > 8B85 34FFFFFF MOV EAX,DWORD PTR SS:[EBP-CC]
00463E63 . 68 7CDC4000 PUSH YKINGCOP.0040DC7C ; UNICODE "Software
4c cutesoftKingCopy"
00463E68 . 68 90F44000 PUSH YKINGCOP.0040F490 ; UNICODE "REG"
00463E6D . 8B38 MOV EDI,DWORD PTR DS:[EAX]
00463E6F . FF15 88D34600 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrCa>; MSVBVM50.__vbaStrCat
00463E75 . 8BD0 MOV EDX,EAX
00463E77 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
00463E7A . FF15 BCD54600 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrMo>; MSVBVM50.__vbaStrMove
00463E80 . 8B8D 34FFFFFF MOV ECX,DWORD PTR SS:[EBP-CC]
00463E86 . 50 PUSH EAX
.................
004642D5 . FF15 F4D54600 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
004642DB . E9 8B010000 JMP YKINGCOP.0046446B
004642E0 > 8B1D 90D54600 MOV EBX,DWORD PTR DS:[<&MSVBVM50.__vbaVa>; MSVBVM50.__vbaVarDup ------>注册码对比失败,会来到这儿
004642E6 . B9 04000280 MOV ECX,80020004
004642EB . 894D 90 MOV DWORD PTR SS:[EBP-70],ECX
004642EE . B8 0A000000 MOV EAX,0A
004642F3 . 894D A0 MOV DWORD PTR SS:[EBP-60],ECX
004642F6 . BE 08000000 MOV ESI,8
004642FB . 8D95 68FFFFFF LEA EDX,DWORD PTR SS:[EBP-98]
00464301 . 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-58]
00464304 . 8945 88 MOV DWORD PTR SS:[EBP-78],EAX
00464307 . 8945 98 MOV DWORD PTR SS:[EBP-68],EAX
0046430A . C785 70FFFFFF >MOV DWORD PTR SS:[EBP-90],YKINGCOP.00411>; UNICODE "Register"
00464314 . 89B5 68FFFFFF MOV DWORD PTR SS:[EBP-98],ESI
0046431A . FFD3 CALL EBX ; <&MSVBVM50.__vbaVarDup>
0046431C . 8D95 78FFFFFF LEA EDX,DWORD PTR SS:[EBP-88]
00464322 . 8D4D B8 LEA ECX,DWORD PTR SS:[EBP-48]
00464325 . C745 80 3C1641>MOV DWORD PTR SS:[EBP-80],YKINGCOP.00411>
0046432C . 89B5 78FFFFFF MOV DWORD PTR SS:[EBP-88],ESI
00464332 . FFD3 CALL EBX
00464334 . 8D45 88 LEA EAX,DWORD PTR SS:[EBP-78]
00464337 . 8D4D 98 LEA ECX,DWORD PTR SS:[EBP-68]
0046433A . 50 PUSH EAX
0046433B . 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-58]
0046433E . 51 PUSH ECX
0046433F . 52 PUSH EDX
00464340 . 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48]
00464343 . 6A 40 PUSH 40
00464345 . 50 PUSH EAX
00464346 . FF15 D0D34600 CALL DWORD PTR DS:[<&MSVBVM50.#595>] ; MSVBVM50.rtcMsgBox -------->注册码错误
0046434C . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
0046434F . 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
00464352 . 51 PUSH ECX
00464353 . 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58]
00464356 . 52 PUSH EDX
00464357 . 8D4D B8 LEA ECX,DWORD PTR SS:[EBP-48]
----------------------------------------------------------------------------------------------------------
关键CALL:
0042F910 $ 55 PUSH EBP
0042F911 . 8BEC MOV EBP,ESP
0042F913 . 83EC 0C SUB ESP,0C
0042F916 . 68 762C4000 PUSH <JMP.&MSVBVM50.__vbaExceptHandler> ; SE handler installation
0042F91B . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
0042F921 . 50 PUSH EAX
0042F922 . 64:8925 000000>MOV DWORD PTR FS:[0],ESP
0042F929 . 81EC E4000000 SUB ESP,0E4
0042F92F . 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0042F932 . 53 PUSH EBX
0042F933 . 56 PUSH ESI
0042F934 . 57 PUSH EDI
0042F935 . 33F6 XOR ESI,ESI
0042F937 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
0042F93A . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP
0042F93D . C745 F8 701240>MOV DWORD PTR SS:[EBP-8],YKINGCOP.004012>
0042F944 . 8975 E4 MOV DWORD PTR SS:[EBP-1C],ESI
0042F947 . 8975 E0 MOV DWORD PTR SS:[EBP-20],ESI
0042F94A . 8975 DC MOV DWORD PTR SS:[EBP-24],ESI
0042F94D . 8975 D8 MOV DWORD PTR SS:[EBP-28],ESI
0042F950 . 8975 D4 MOV DWORD PTR SS:[EBP-2C],ESI
0042F953 . 8975 D0 MOV DWORD PTR SS:[EBP-30],ESI
0042F956 . 8975 CC MOV DWORD PTR SS:[EBP-34],ESI
0042F959 . 8975 C8 MOV DWORD PTR SS:[EBP-38],ESI
0042F95C . 8975 B8 MOV DWORD PTR SS:[EBP-48],ESI
0042F95F . 8975 A8 MOV DWORD PTR SS:[EBP-58],ESI
0042F962 . 8975 98 MOV DWORD PTR SS:[EBP-68],ESI
0042F965 . 8975 88 MOV DWORD PTR SS:[EBP-78],ESI
0042F968 . 89B5 78FFFFFF MOV DWORD PTR SS:[EBP-88],ESI
0042F96E . 89B5 68FFFFFF MOV DWORD PTR SS:[EBP-98],ESI
0042F974 . 89B5 58FFFFFF MOV DWORD PTR SS:[EBP-A8],ESI
0042F97A . 89B5 38FFFFFF MOV DWORD PTR SS:[EBP-C8],ESI
0042F980 . FF15 44D54600 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrCo>; MSVBVM50.__vbaStrCopy
0042F986 . 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
0042F989 . 50 PUSH EAX
0042F98A . FF15 28D44600 CALL DWORD PTR DS:[<&MSVBVM50.#527>] ; MSVBVM50.rtcUpperCaseBstr
0042F990 . 8B3D BCD54600 MOV EDI,DWORD PTR DS:[<&MSVBVM50.__vbaSt>; MSVBVM50.__vbaStrMove
0042F996 . 8BD0 MOV EDX,EAX
0042F998 . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0042F99B . FFD7 CALL EDI ; <&MSVBVM50.__vbaStrMove>
0042F99D . 50 PUSH EAX
0042F99E . FF15 7CD34600 CALL DWORD PTR DS:[<&MSVBVM50.#519>] ; MSVBVM50.rtcTrimBstr
0042F9A4 . 8BD0 MOV EDX,EAX
..................省略N多代码
0042FBD4 > 3BB5 18FFFFFF CMP ESI,DWORD PTR SS:[EBP-E8] ----------->终于来到关键
0042FBDA . 0F8F B3000000 JG YKINGCOP.0042FC93
0042FBE0 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
0042FBE3 . 8D55 B8 LEA EDX,DWORD PTR SS:[EBP-48]
0042FBE6 . 898D 60FFFFFF MOV DWORD PTR SS:[EBP-A0],ECX
0042FBEC . 52 PUSH EDX
0042FBED . 8D85 58FFFFFF LEA EAX,DWORD PTR SS:[EBP-A8]
0042FBF3 . 56 PUSH ESI
0042FBF4 . 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-58]
0042FBF7 . 50 PUSH EAX
0042FBF8 . 51 PUSH ECX
0042FBF9 . C745 C0 010000>MOV DWORD PTR SS:[EBP-40],1
0042FC00 . C745 B8 020000>MOV DWORD PTR SS:[EBP-48],2
0042FC07 . C785 58FFFFFF >MOV DWORD PTR SS:[EBP-A8],4008
0042FC11 . FF15 84D34600 CALL DWORD PTR DS:[<&MSVBVM50.#629>] ; MSVBVM50.rtcMidVar
0042FC17 . 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-58]
0042FC1A . 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
0042FC1D . 52 PUSH EDX
0042FC1E . 50 PUSH EAX
0042FC1F . FF15 E0D44600 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>; MSVBVM50.__vbaStrVarVal
0042FC25 . 50 PUSH EAX
0042FC26 . FF15 30D34600 CALL DWORD PTR DS:[<&MSVBVM50.#693>] ; MSVBVM50.rtcByteValueBstr ----->在这个CALL里计算每个用户名对应的注册码
0042FC2C . 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
0042FC2F . 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
0042FC32 . 51 PUSH ECX
0042FC33 . 52 PUSH EDX
0042FC34 . 8845 A0 MOV BYTE PTR SS:[EBP-60],AL ------->AL里的数值为每个用户名对应的注册码
0042FC37 . C745 98 110000>MOV DWORD PTR SS:[EBP-68],11
0042FC3E . FF15 3CD54600 CALL DWORD PTR DS:[<&MSVBVM50.#572>] ; MSVBVM50.rtcHexBstrFromVar
0042FC44 . 8BD0 MOV EDX,EAX ------->每次取完后都放入EDX
0042FC46 . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
0042FC49 . FFD7 CALL EDI
0042FC4B . 50 PUSH EAX
0042FC4C . FF15 88D34600 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrCa>; MSVBVM50.__vbaStrCat
0042FC52 . 8BD0 MOV EDX,EAX
0042FC54 . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
0042FC57 . FFD7 CALL EDI
0042FC59 . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0042FC5C . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0042FC5F . 50 PUSH EAX
0042FC60 . 51 PUSH ECX
0042FC61 . 6A 02 PUSH 2
0042FC63 . FF15 54D54600 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStrList
0042FC69 . 83C4 0C ADD ESP,0C
0042FC6C . 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
0042FC6F . 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58]
0042FC72 . 8D4D B8 LEA ECX,DWORD PTR SS:[EBP-48]
0042FC75 . 52 PUSH EDX
0042FC76 . 50 PUSH EAX
0042FC77 . 51 PUSH ECX
0042FC78 . 6A 03 PUSH 3
0042FC7A . FFD3 CALL EBX
0042FC7C . B8 01000000 MOV EAX,1
0042FC81 . 83C4 10 ADD ESP,10
0042FC84 . 03C6 ADD EAX,ESI
0042FC86 . 0F80 BE000000 JO YKINGCOP.0042FD4A -------->没计算完?继续取
0042FC8C . 8BF0 MOV ESI,EAX
0042FC8E .^E9 41FFFFFF JMP YKINGCOP.0042FBD4
0042FC93 > 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
0042FC96 . 68 24D04000 PUSH YKINGCOP.0040D024 ; UNICODE "KC25-" --------->在算出的注册码前加"KC25-"
0042FC9B . 6A 14 PUSH 14
0042FC9D . 52 PUSH EDX
0042FC9E . FF15 A4D54600 CALL DWORD PTR DS:[<&MSVBVM50.#616>] ; MSVBVM50.rtcLeftCharBstr
0042FCA4 . 8BD0 MOV EDX,EAX --------->计算完后,在这儿可以看到正确的注册码
0042FCA6 . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0042FCA9 . FFD7 CALL EDI
0042FCAB . 50 PUSH EAX
0042FCAC . FF15 88D34600 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrCa>; MSVBVM50.__vbaStrCat
0042FCB2 . 8BD0 MOV EDX,EAX
0042FCB4 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0042FCB7 . FFD7 CALL EDI
0042FCB9 . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0042FCBC . FF15 F8D54600 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
0042FCC2 . 68 34FD4200 PUSH YKINGCOP.0042FD34
0042FCC7 . EB 50 JMP SHORT YKINGCOP.0042FD19 --------->跳走
0042FCC9 . F645 FC 04 TEST BYTE PTR SS:[EBP-4],4
..............................
0042FD15 . 83C4 1C ADD ESP,1C
0042FD18 . C3 RETN
0042FD19 > 8B35 F8D54600 MOV ESI,DWORD PTR DS:[<&MSVBVM50.__vbaFr>; MSVBVM50.__vbaFreeStr -------->跳到这儿
0042FD1F . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
0042FD22 . FFD6 CALL ESI ; <&MSVBVM50.__vbaFreeStr> ------>又回到入口点,进行第三次对比
0042FD24 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
0042FD27 . FFD6 CALL ESI
0042FD29 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
0042FD2C . FFD6 CALL ESI
0042FD2E . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
0042FD31 . FFE6 JMP ESI
0042FD33 . C3 RETN
0042FD34 . 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
--------------------------------------------------------------------------------
【用户名、密码】
一组可用的注册码:
Name=Wind
Code=KC25-7149944
--------------------------------------------------------------------------------
【注册码存放位置】
[HKEY_LOCAL_MACHINESoftware 4c cutesoftKingCopyReg]
"Date"="03-12-14"
"Name"="Wind"
"Code"="KC25-7149944"
--------------------------------------------------------------------------------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!