【文章标题】: Excel Workbook Splitter V1.05注册算法简析
【文章作者】: 蚊香
【作者邮箱】: xpi386com@gmail.com
【作者主页】: http://www.xpi386.com
【软件大小】: 1.01MB
【下载地址】: http://www.leleware.com/download/ExcelWorkbookSplitter105.exe
【使用工具】: PEiD,VBExplorer,OllyDBG,计算器
【操作平台】: D版XP-SP3
【软件介绍】: 一个处理Excel表格的工具.
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
PEiD看了一下,VB,于是用VBExplorer找到‘Register’单击事件响应代码开始处004137B0下断开始跟踪.
代码:
004137B0 > \55 PUSH EBP ; 一大堆垃圾代码影响大家的眼球 004137B1 . 8BEC MOV EBP,ESP 004137B3 . 83EC 0C SUB ESP,0C 004137B6 . 68 E6194000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler> ; SE 处理程序安装 004137BB . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 004137C1 . 50 PUSH EAX 004137C2 . 64:8925 00000>MOV DWORD PTR FS:[0],ESP 004137C9 . 81EC B0000000 SUB ESP,0B0 004137CF . 53 PUSH EBX 004137D0 . 56 PUSH ESI 004137D1 . 57 PUSH EDI 004137D2 . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP 004137D5 . C745 F8 38124>MOV DWORD PTR SS:[EBP-8],ExcelWor.004012> 004137DC . 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8] 004137DF . 8BC6 MOV EAX,ESI 004137E1 . 83E0 01 AND EAX,1 004137E4 . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX 004137E7 . 83E6 FE AND ESI,FFFFFFFE 004137EA . 56 PUSH ESI 004137EB . 8975 08 MOV DWORD PTR SS:[EBP+8],ESI 004137EE . 8B0E MOV ECX,DWORD PTR DS:[ESI] 004137F0 . FF51 04 CALL DWORD PTR DS:[ECX+4] 004137F3 . 8B16 MOV EDX,DWORD PTR DS:[ESI] 004137F5 . 33DB XOR EBX,EBX 004137F7 . 56 PUSH ESI 004137F8 . 895D E8 MOV DWORD PTR SS:[EBP-18],EBX 004137FB . 895D E4 MOV DWORD PTR SS:[EBP-1C],EBX 004137FE . 895D E0 MOV DWORD PTR SS:[EBP-20],EBX 00413801 . 895D DC MOV DWORD PTR SS:[EBP-24],EBX 00413804 . 895D CC MOV DWORD PTR SS:[EBP-34],EBX 00413807 . 895D BC MOV DWORD PTR SS:[EBP-44],EBX 0041380A . 895D AC MOV DWORD PTR SS:[EBP-54],EBX 0041380D . 895D 9C MOV DWORD PTR SS:[EBP-64],EBX 00413810 . 895D 8C MOV DWORD PTR SS:[EBP-74],EBX 00413813 . 899D 7CFFFFFF MOV DWORD PTR SS:[EBP-84],EBX 00413819 . 899D 58FFFFFF MOV DWORD PTR SS:[EBP-A8],EBX 0041381F . FF92 0C030000 CALL DWORD PTR DS:[EDX+30C] 00413825 . 50 PUSH EAX 00413826 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24] 00413829 . 50 PUSH EAX 0041382A . FF15 6C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet 00413830 . 8BF8 MOV EDI,EAX 00413832 . 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18] 00413835 . 52 PUSH EDX 00413836 . 57 PUSH EDI 00413837 . 8B0F MOV ECX,DWORD PTR DS:[EDI] 00413839 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0] 0041383F . 3BC3 CMP EAX,EBX 00413841 . DBE2 FCLEX 00413843 . 7D 12 JGE SHORT ExcelWor.00413857 00413845 . 68 A0000000 PUSH 0A0 0041384A . 68 88564000 PUSH ExcelWor.00405688 0041384F . 57 PUSH EDI 00413850 . 50 PUSH EAX 00413851 . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj 00413857 > 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; 用户名 0041385A . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44] 0041385D . 8945 D4 MOV DWORD PTR SS:[EBP-2C],EAX 00413860 . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34] 00413863 . 50 PUSH EAX 00413864 . 51 PUSH ECX 00413865 . 895D E8 MOV DWORD PTR SS:[EBP-18],EBX 00413868 . C745 CC 08000>MOV DWORD PTR SS:[EBP-34],8 0041386F . FF15 84104000 CALL DWORD PTR DS:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar 00413875 . 8B15 20604200 MOV EDX,DWORD PTR DS:[426020] 0041387B . 8D85 58FFFFFF LEA EAX,DWORD PTR SS:[EBP-A8] 00413881 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44] 00413884 . 50 PUSH EAX 00413885 . 8B3A MOV EDI,DWORD PTR DS:[EDX] 00413887 . 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C] 0041388A . 51 PUSH ECX 0041388B . 52 PUSH EDX 0041388C . FF15 20114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarVal 00413892 . 50 PUSH EAX 00413893 . A1 20604200 MOV EAX,DWORD PTR DS:[426020] 00413898 . 68 4C524000 PUSH ExcelWor.0040524C ; UNICODE "LicenseName" 0041389D . 50 PUSH EAX 0041389E . FF57 20 CALL DWORD PTR DS:[EDI+20] 004138A1 . 3BC3 CMP EAX,EBX 004138A3 . DBE2 FCLEX 004138A5 . 7D 15 JGE SHORT ExcelWor.004138BC 004138A7 . 8B0D 20604200 MOV ECX,DWORD PTR DS:[426020] 004138AD . 6A 20 PUSH 20 004138AF . 68 7C524000 PUSH ExcelWor.0040527C 004138B4 . 51 PUSH ECX 004138B5 . 50 PUSH EAX 004138B6 . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj 004138BC > 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C] 004138BF . FF15 D8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr 004138C5 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24] 004138C8 . FF15 DC114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj 004138CE . 8B1D 24104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeVarList 004138D4 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44] 004138D7 . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34] 004138DA . 52 PUSH EDX 004138DB . 50 PUSH EAX 004138DC . 6A 02 PUSH 2 004138DE . FFD3 CALL EBX ; <&MSVBVM60.__vbaFreeVarList> 004138E0 . 8B0E MOV ECX,DWORD PTR DS:[ESI] 004138E2 . 83C4 0C ADD ESP,0C 004138E5 . 56 PUSH ESI 004138E6 . FF91 08030000 CALL DWORD PTR DS:[ECX+308] 004138EC . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24] 004138EF . 50 PUSH EAX 004138F0 . 52 PUSH EDX 004138F1 . FF15 6C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet 004138F7 . 8BF8 MOV EDI,EAX 004138F9 . 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18] 004138FC . 51 PUSH ECX 004138FD . 57 PUSH EDI 004138FE . 8B07 MOV EAX,DWORD PTR DS:[EDI] 00413900 . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0] 00413906 . 85C0 TEST EAX,EAX 00413908 . DBE2 FCLEX 0041390A . 7D 12 JGE SHORT ExcelWor.0041391E 0041390C . 68 A0000000 PUSH 0A0 00413911 . 68 88564000 PUSH ExcelWor.00405688 00413916 . 57 PUSH EDI 00413917 . 50 PUSH EAX 00413918 . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj 0041391E > 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; 假码 00413921 . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34] 00413924 . 8945 D4 MOV DWORD PTR SS:[EBP-2C],EAX 00413927 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44] 0041392A . 52 PUSH EDX 0041392B . 50 PUSH EAX 0041392C . C745 E8 00000>MOV DWORD PTR SS:[EBP-18],0 00413933 . C745 CC 08000>MOV DWORD PTR SS:[EBP-34],8 0041393A . FF15 84104000 CALL DWORD PTR DS:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar 00413940 . 8B0D 20604200 MOV ECX,DWORD PTR DS:[426020] 00413946 . 8D95 58FFFFFF LEA EDX,DWORD PTR SS:[EBP-A8] 0041394C . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44] 0041394F . 52 PUSH EDX 00413950 . 8B39 MOV EDI,DWORD PTR DS:[ECX] 00413952 . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C] 00413955 . 50 PUSH EAX 00413956 . 51 PUSH ECX 00413957 . FF15 20114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarVal 0041395D . 8B15 20604200 MOV EDX,DWORD PTR DS:[426020] 00413963 . 50 PUSH EAX 00413964 . 68 90524000 PUSH ExcelWor.00405290 ; UNICODE "LicenseCode" 00413969 . 52 PUSH EDX 0041396A . FF57 20 CALL DWORD PTR DS:[EDI+20] 0041396D . 85C0 TEST EAX,EAX 0041396F . DBE2 FCLEX 00413971 . 7D 15 JGE SHORT ExcelWor.00413988 00413973 . 8B0D 20604200 MOV ECX,DWORD PTR DS:[426020] 00413979 . 6A 20 PUSH 20 0041397B . 68 7C524000 PUSH ExcelWor.0040527C 00413980 . 51 PUSH ECX 00413981 . 50 PUSH EAX 00413982 . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj 00413988 > 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C] 0041398B . FF15 D8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr 00413991 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24] 00413994 . FF15 DC114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj 0041399A . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44] 0041399D . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34] 004139A0 . 52 PUSH EDX 004139A1 . 50 PUSH EAX 004139A2 . 6A 02 PUSH 2 004139A4 . FFD3 CALL EBX 004139A6 . 83C4 0C ADD ESP,0C 004139A9 . E8 52F5FFFF CALL ExcelWor.00412F00 ; 关键CALL,F7进 004139AE . 66:3D FFFF CMP AX,0FFFF ; 比较 004139B2 . B9 04000280 MOV ECX,80020004 004139B7 . B8 0A000000 MOV EAX,0A 004139BC . 894D A4 MOV DWORD PTR SS:[EBP-5C],ECX 004139BF . 8945 9C MOV DWORD PTR SS:[EBP-64],EAX 004139C2 . 894D B4 MOV DWORD PTR SS:[EBP-4C],ECX 004139C5 . 8945 AC MOV DWORD PTR SS:[EBP-54],EAX 004139C8 . 0F85 25010000 JNZ ExcelWor.00413AF3 ; 关键跳,跳向失败 004139CE . 894D C4 MOV DWORD PTR SS:[EBP-3C],ECX ; 以下无关代码省略......
重载后F7跟进004139A9
代码:
00412F00 $ 55 PUSH EBP 00412F01 . 8BEC MOV EBP,ESP 00412F03 . 83EC 08 SUB ESP,8 00412F06 . 68 E6194000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler> ; SE 处理程序安装 00412F0B . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 00412F11 . 50 PUSH EAX 00412F12 . 64:8925 00000>MOV DWORD PTR FS:[0],ESP 00412F19 . 83EC 48 SUB ESP,48 00412F1C . 53 PUSH EBX 00412F1D . 56 PUSH ESI 00412F1E . 57 PUSH EDI 00412F1F . 8965 F8 MOV DWORD PTR SS:[EBP-8],ESP 00412F22 . C745 FC E8114>MOV DWORD PTR SS:[EBP-4],ExcelWor.004011> 00412F29 . A1 20604200 MOV EAX,DWORD PTR DS:[426020] 00412F2E . 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50] 00412F31 . 52 PUSH EDX 00412F32 . 33F6 XOR ESI,ESI 00412F34 . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24] 00412F37 . 8975 E0 MOV DWORD PTR SS:[EBP-20],ESI 00412F3A . 8975 DC MOV DWORD PTR SS:[EBP-24],ESI 00412F3D . 8975 D4 MOV DWORD PTR SS:[EBP-2C],ESI 00412F40 . 8975 C4 MOV DWORD PTR SS:[EBP-3C],ESI 00412F43 . 8975 B4 MOV DWORD PTR SS:[EBP-4C],ESI 00412F46 . 8975 B0 MOV DWORD PTR SS:[EBP-50],ESI 00412F49 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 00412F4B . 52 PUSH EDX 00412F4C . 68 4C524000 PUSH ExcelWor.0040524C ; UNICODE "LicenseName" 00412F51 . 50 PUSH EAX 00412F52 . FF51 1C CALL DWORD PTR DS:[ECX+1C] 00412F55 . 3BC6 CMP EAX,ESI 00412F57 . DBE2 FCLEX 00412F59 . 7D 15 JGE SHORT ExcelWor.00412F70 00412F5B . 8B0D 20604200 MOV ECX,DWORD PTR DS:[426020] 00412F61 . 6A 1C PUSH 1C 00412F63 . 68 7C524000 PUSH ExcelWor.0040527C 00412F68 . 51 PUSH ECX 00412F69 . 50 PUSH EAX 00412F6A . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj 00412F70 > A1 20604200 MOV EAX,DWORD PTR DS:[426020] 00412F75 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50] 00412F78 . 51 PUSH ECX 00412F79 . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C] 00412F7C . 8B10 MOV EDX,DWORD PTR DS:[EAX] 00412F7E . 51 PUSH ECX 00412F7F . 68 90524000 PUSH ExcelWor.00405290 ; UNICODE "LicenseCode" 00412F84 . 50 PUSH EAX 00412F85 . FF52 1C CALL DWORD PTR DS:[EDX+1C] 00412F88 . 3BC6 CMP EAX,ESI 00412F8A . DBE2 FCLEX 00412F8C . 7D 15 JGE SHORT ExcelWor.00412FA3 00412F8E . 8B15 20604200 MOV EDX,DWORD PTR DS:[426020] 00412F94 . 6A 1C PUSH 1C 00412F96 . 68 7C524000 PUSH ExcelWor.0040527C 00412F9B . 52 PUSH EDX 00412F9C . 50 PUSH EAX 00412F9D . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj 00412FA3 > 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C] ; 假码 00412FA6 . 8B3D 1C104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaLe>; MSVBVM60.__vbaLenBstr 00412FAC . 50 PUSH EAX 00412FAD . FFD7 CALL EDI ; 假码位数; <&MSVBVM60.__vbaLenBstr> 00412FAF . 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24] ; 用户名 00412FB2 . 8BD8 MOV EBX,EAX 00412FB4 . F7DB NEG EBX 00412FB6 . 1BDB SBB EBX,EBX 00412FB8 . 51 PUSH ECX 00412FB9 . F7DB NEG EBX 00412FBB . FFD7 CALL EDI ; 用户名位数 00412FBD . F7D8 NEG EAX 00412FBF . 1BC0 SBB EAX,EAX 00412FC1 . F7D8 NEG EAX 00412FC3 . 85D8 TEST EAX,EBX 00412FC5 . 75 0A JNZ SHORT ExcelWor.00412FD1 00412FC7 . 8975 D8 MOV DWORD PTR SS:[EBP-28],ESI 00412FCA . 68 41304100 PUSH ExcelWor.00413041 00412FCF . EB 56 JMP SHORT ExcelWor.00413027 00412FD1 > 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24] 00412FD4 . 52 PUSH EDX 00412FD5 . E8 86000000 CALL ExcelWor.00413060 ; 算法CALL,F7进 00412FDA . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C] ; 省略以下无关代码......
进入00412FD5
代码:
00413060 $ 55 PUSH EBP 00413061 . 8BEC MOV EBP,ESP 00413063 . 83EC 0C SUB ESP,0C 00413066 . 68 E6194000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler> ; SE 处理程序安装 0041306B . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 00413071 . 50 PUSH EAX 00413072 . 64:8925 00000>MOV DWORD PTR FS:[0],ESP 00413079 . 81EC 98000000 SUB ESP,98 0041307F . 53 PUSH EBX 00413080 . 56 PUSH ESI 00413081 . 57 PUSH EDI 00413082 . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP 00413085 . C745 F8 F8114>MOV DWORD PTR SS:[EBP-8],ExcelWor.004011> 0041308C . 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] 0041308F . 33C0 XOR EAX,EAX 00413091 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28] 00413094 . 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX 00413097 . 8945 DC MOV DWORD PTR SS:[EBP-24],EAX 0041309A . 8945 D8 MOV DWORD PTR SS:[EBP-28],EAX 0041309D . 8945 D4 MOV DWORD PTR SS:[EBP-2C],EAX 004130A0 . 8945 C4 MOV DWORD PTR SS:[EBP-3C],EAX 004130A3 . 8945 B4 MOV DWORD PTR SS:[EBP-4C],EAX 004130A6 . 8945 A4 MOV DWORD PTR SS:[EBP-5C],EAX 004130A9 . 8945 94 MOV DWORD PTR SS:[EBP-6C],EAX 004130AC . 8945 84 MOV DWORD PTR SS:[EBP-7C],EAX 004130AF . 8985 64FFFFFF MOV DWORD PTR SS:[EBP-9C],EAX 004130B5 . FF15 54114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCo>; MSVBVM60.__vbaStrCopy 004130BB . 8B3D 9C104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar 004130C1 . 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28] 004130C4 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C] 004130C7 . 8945 8C MOV DWORD PTR SS:[EBP-74],EAX 004130CA . 51 PUSH ECX 004130CB . 8D55 84 LEA EDX,DWORD PTR SS:[EBP-7C] 004130CE . 6A 01 PUSH 1 004130D0 . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C] 004130D3 . 52 PUSH EDX 004130D4 . 50 PUSH EAX 004130D5 . C745 CC 01000>MOV DWORD PTR SS:[EBP-34],1 004130DC . C745 C4 02000>MOV DWORD PTR SS:[EBP-3C],2 004130E3 . C745 84 08400>MOV DWORD PTR SS:[EBP-7C],4008 004130EA . FFD7 CALL EDI ; <&MSVBVM60.#632> 004130EC . 8B1D 20114000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrVarVal 004130F2 . 8D4D B4 LEA ECX,DWORD PTR SS:[EBP-4C] 004130F5 . 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C] 004130F8 . 51 PUSH ECX 004130F9 . 52 PUSH EDX 004130FA . FFD3 CALL EBX ; <&MSVBVM60.__vbaStrVarVal> 004130FC . 50 PUSH EAX 004130FD . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.#516>] ; 用户名第一位的ASCII 00413103 . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C] 00413106 . 8BF0 MOV ESI,EAX 00413108 . FF15 D8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr 0041310E . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C] 00413111 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C] 00413114 . 50 PUSH EAX 00413115 . 51 PUSH ECX 00413116 . 6A 02 PUSH 2 00413118 . FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList 0041311E . 66:8BC6 MOV AX,SI 00413121 . 66:B9 0A00 MOV CX,0A ; CX=0AH 00413125 . 66:99 CWD 00413127 . 66:F7F9 IDIV CX ; 用户名第一位ASCII与0AH取余保存到EDX,记为A 0041312A . 83C4 0C ADD ESP,0C 0041312D . 8955 E0 MOV DWORD PTR SS:[EBP-20],EDX 00413130 . 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28] 00413133 . 52 PUSH EDX 00413134 . FF15 1C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr 0041313A . 8BC8 MOV ECX,EAX 0041313C . FF15 C0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI2I4>>; MSVBVM60.__vbaI2I4 00413142 . 8985 5CFFFFFF MOV DWORD PTR SS:[EBP-A4],EAX 00413148 . BE 01000000 MOV ESI,1 0041314D > 66:3BB5 5CFFF>CMP SI,WORD PTR SS:[EBP-A4] 00413154 . 0F8F CE000000 JG ExcelWor.00413228 0041315A . 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C] 0041315D . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28] 00413160 . 8985 6CFFFFFF MOV DWORD PTR SS:[EBP-94],EAX 00413166 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C] 00413169 . 0FBFC6 MOVSX EAX,SI 0041316C . 894D 8C MOV DWORD PTR SS:[EBP-74],ECX 0041316F . 52 PUSH EDX 00413170 . 8D4D 84 LEA ECX,DWORD PTR SS:[EBP-7C] 00413173 . 50 PUSH EAX 00413174 . 8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C] 00413177 . 51 PUSH ECX 00413178 . 52 PUSH EDX 00413179 . C785 64FFFFFF>MOV DWORD PTR SS:[EBP-9C],8 00413183 . C745 CC 01000>MOV DWORD PTR SS:[EBP-34],1 0041318A . C745 C4 02000>MOV DWORD PTR SS:[EBP-3C],2 00413191 . C745 84 08400>MOV DWORD PTR SS:[EBP-7C],4008 00413198 . FFD7 CALL EDI 0041319A . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C] 0041319D . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C] 004131A0 . 50 PUSH EAX 004131A1 . 51 PUSH ECX 004131A2 . FFD3 CALL EBX 004131A4 . 50 PUSH EAX 004131A5 . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.#516>] ; 依次取用户名ASCII 004131AB . 66:0345 E0 ADD AX,WORD PTR SS:[EBP-20] ; 加上上面得到的A 004131AF . 0F80 E1000000 JO ExcelWor.00413296 004131B5 . 66:03C6 ADD AX,SI ; 加上自己所在用户名的位数i 004131B8 . 0F80 D8000000 JO ExcelWor.00413296 004131BE . 0FBFD0 MOVSX EDX,AX 004131C1 . 8D45 A4 LEA EAX,DWORD PTR SS:[EBP-5C] 004131C4 . 52 PUSH EDX 004131C5 . 50 PUSH EAX 004131C6 . FF15 18114000 CALL DWORD PTR DS:[<&MSVBVM60.#608>] ; 转换为对应的字符 004131CC . 8D8D 64FFFFFF LEA ECX,DWORD PTR SS:[EBP-9C] 004131D2 . 8D55 A4 LEA EDX,DWORD PTR SS:[EBP-5C] 004131D5 . 51 PUSH ECX 004131D6 . 8D45 94 LEA EAX,DWORD PTR SS:[EBP-6C] 004131D9 . 52 PUSH EDX 004131DA . 50 PUSH EAX 004131DB . FF15 24114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCa>; MSVBVM60.__vbaVarCat 004131E1 . 50 PUSH EAX 004131E2 . FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; 连接字符串 004131E8 . 8BD0 MOV EDX,EAX 004131EA . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C] 004131ED . FF15 9C114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove 004131F3 . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C] 004131F6 . FF15 D8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr 004131FC . 8D4D 94 LEA ECX,DWORD PTR SS:[EBP-6C] 004131FF . 8D55 A4 LEA EDX,DWORD PTR SS:[EBP-5C] 00413202 . 51 PUSH ECX 00413203 . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C] 00413206 . 52 PUSH EDX 00413207 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C] 0041320A . 50 PUSH EAX 0041320B . 51 PUSH ECX 0041320C . 6A 04 PUSH 4 0041320E . FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList 00413214 . B8 01000000 MOV EAX,1 00413219 . 83C4 14 ADD ESP,14 0041321C . 66:03C6 ADD AX,SI 0041321F . 70 75 JO SHORT ExcelWor.00413296 00413221 . 8BF0 MOV ESI,EAX 00413223 .^ E9 25FFFFFF JMP ExcelWor.0041314D ; 循环 00413228 > 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C] ; 省略以下无关代码......
【算法总结】
首先取用户名第一位ASCII与10(0AH)取余得到A.
依次取用户名每一位的ASCII加上A,再加上所在用户名的位数i,再转换为对应ASCII的字符.
最后依次连接所得字符即为对应注册码..注册信息保存到软件安装目录下的 \Config\Config.cfg
KeyGen核心源码(VB Code):
代码:
Dim Name, Code As String Dim L, A As Integer Name = CStr(Text1.Text) L = Len(Name) If L = 0 Then Text2.Text = "Input your name!" Else A = Asc(Left(Name, 1)) Mod 10 For i = 1 To L Code = Code & Chr((Asc(Mid(Name, i, 1)) + A + i)) Next Text2.Text = Code End If
【版权声明】: 本文由 蚊香 原创,转载请注明作者并保持文章的完整,谢谢!