【文章标题】: *** WordV3.9算法分析
【文章作者】: yzs&yzslly
【软件名称】: BatchDoc for WordV3.9
【下载地址】: 自己搜索下载
【保护方式】: 注册码
【编写语言】: vb
【使用工具】: OD
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
输入试炼码:123-456,点注册中断在
0043CA80 > \55 push ebp
0043CA81 . 8BEC mov ebp,esp
0043CA83 . 83EC 0C sub esp,0C
0043CA86 . 68 061E4000 push ; SE 句柄安装
。。。省略往下
0043CB38 . 52 push edx ; 压入注册码
0043CB39 . 68 60114100 push BatchDoc.00411160 ; -
0043CB3E . 53 push ebx
0043CB3F . FF15 7811400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaInStr
0043CB45 . 8BC8 mov ecx,eax
0043CB47 . FF15 D010400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaI2I4
0043CB4D . 8D4D DC lea ecx,dword ptr ss:[ebp-24]
0043CB50 . 8945 E8 mov dword ptr ss:[ebp-18],eax
0043CB53 . FF15 FC11400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeStr
0043CB59 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
0043CB5C . FF15 F811400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeObj
0043CB62 . 8B06 mov eax,dword ptr ds:[esi]
0043CB64 . 56 push esi
0043CB65 . FF90 0803000>call dword ptr ds:[eax+308]
0043CB6B . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
0043CB6E . 50 push eax
0043CB6F . 51 push ecx
0043CB70 . FFD7 call edi
0043CB72 . 8BD8 mov ebx,eax
0043CB74 . 8D45 DC lea eax,dword ptr ss:[ebp-24]
0043CB77 . 50 push eax
0043CB78 . 53 push ebx
0043CB79 . 8B13 mov edx,dword ptr ds:[ebx]
0043CB7B . FF92 A000000>call dword ptr ds:[edx+A0]
0043CB81 . 85C0 test eax,eax
0043CB83 . DBE2 fclex
0043CB85 . 7D 12 jge short BatchDoc.0043CB99
0043CB87 . 68 A0000000 push 0A0
0043CB8C . 68 58064100 push BatchDoc.00410658
0043CB91 . 53 push ebx
0043CB92 . 50 push eax
0043CB93 . FF15 5C10400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
0043CB99 > 8B4D DC mov ecx,dword ptr ss:[ebp-24]
0043CB9C . 51 push ecx
0043CB9D . FF15 2810400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaLenBstr
0043CBA3 . 33DB xor ebx,ebx
0043CBA5 . 83F8 03 cmp eax,3 ; 注册码长度大于3
0043CBA8 . 0F9FC3 setg bl
0043CBAB . F7DB neg ebx
0043CBAD . 33D2 xor edx,edx
0043CBAF . 66:837D E8 0>cmp word ptr ss:[ebp-18],1
0043CBB4 . 8D4D DC lea ecx,dword ptr ss:[ebp-24]
0043CBB7 . 0F9FC2 setg dl
0043CBBA . F7DA neg edx
0043CBBC . 23DA and ebx,edx
0043CBBE . FF15 FC11400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeStr
0043CBC4 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
0043CBC7 . FF15 F811400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeObj
0043CBCD . 66:85DB test bx,bx
0043CBD0 . 0F84 0104000>je BatchDoc.0043CFD7 ; 判断注册码是否有“-”号,长度大于3
///////////////////////////////////////////////////////////////////////////////////////////////////
0043CBD6 . 8B06 mov eax,dword ptr ds:[esi]
0043CBD8 . 56 push esi
0043CBD9 . FF90 0803000>call dword ptr ds:[eax+308]
0043CBDF . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
0043CBE2 . 50 push eax
0043CBE3 . 51 push ecx
0043CBE4 . FFD7 call edi
0043CBE6 . 8BD8 mov ebx,eax
0043CBE8 . 8D45 DC lea eax,dword ptr ss:[ebp-24]
0043CBEB . 50 push eax
0043CBEC . 53 push ebx
0043CBED . 8B13 mov edx,dword ptr ds:[ebx]
0043CBEF . FF92 A000000>call dword ptr ds:[edx+A0]
0043CBF5 . 85C0 test eax,eax
0043CBF7 . DBE2 fclex
0043CBF9 . 7D 12 jge short BatchDoc.0043CC0D
0043CBFB . 68 A0000000 push 0A0
0043CC00 . 68 58064100 push BatchDoc.00410658
0043CC05 . 53 push ebx
0043CC06 . 50 push eax
0043CC07 . FF15 5C10400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
0043CC0D > 66:8B4D E8 mov cx,word ptr ss:[ebp-18]
0043CC11 . 8B45 DC mov eax,dword ptr ss:[ebp-24]
0043CC14 . 66:83E9 01 sub cx,1
0043CC18 . 8945 C4 mov dword ptr ss:[ebp-3C],eax
0043CC1B . 0F80 0606000>jo BatchDoc.0043D227
0043CC21 . 0FBFD1 movsx edx,cx
0043CC24 . 8D45 BC lea eax,dword ptr ss:[ebp-44]
0043CC27 . 52 push edx ; /Arg3
0043CC28 . 8D4D AC lea ecx,dword ptr ss:[ebp-54] ; |
0043CC2B . 50 push eax ; |Arg2
0043CC2C . 51 push ecx ; |Arg1
0043CC2D . C745 DC 0000>mov dword ptr ss:[ebp-24],0 ; |
0043CC34 . C745 BC 0800>mov dword ptr ss:[ebp-44],8 ; |
0043CC3B . FF15 CC11400>call dword ptr ds:[<&MSVBVM60.#61>; \rtcLeftCharVar
0043CC41 . 8D55 AC lea edx,dword ptr ss:[ebp-54]
0043CC44 . 52 push edx
0043CC45 . FF15 2410400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaStrVarMove
0043CC4B . 8B1D D411400>mov ebx,dword ptr ds:[<&MSVBVM60.>; MSVBVM60.__vbaStrMove
0043CC51 . 8BD0 mov edx,eax
0043CC53 . 8D4D E4 lea ecx,dword ptr ss:[ebp-1C]
0043CC56 . FFD3 call ebx ; <&MSVBVM60.__vbaStrMove>
0043CC58 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
0043CC5B . FF15 F811400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeObj
0043CC61 . 8D45 AC lea eax,dword ptr ss:[ebp-54]
0043CC64 . 8D4D BC lea ecx,dword ptr ss:[ebp-44]
0043CC67 . 50 push eax
0043CC68 . 51 push ecx
0043CC69 . 6A 02 push 2
0043CC6B . FF15 2C10400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeVarList
0043CC71 . 8B16 mov edx,dword ptr ds:[esi]
0043CC73 . 83C4 0C add esp,0C
0043CC76 . 56 push esi
0043CC77 . FF92 0803000>call dword ptr ds:[edx+308]
0043CC7D . 50 push eax
0043CC7E . 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
0043CC81 . 50 push eax
0043CC82 . FFD7 call edi
0043CC84 . 8B08 mov ecx,dword ptr ds:[eax]
0043CC86 . 8D55 DC lea edx,dword ptr ss:[ebp-24]
0043CC89 . 52 push edx
0043CC8A . 50 push eax
0043CC8B . 8985 58FFFFF>mov dword ptr ss:[ebp-A8],eax
0043CC91 . FF91 A000000>call dword ptr ds:[ecx+A0]
0043CC97 . 85C0 test eax,eax
0043CC99 . DBE2 fclex
0043CC9B . 7D 18 jge short BatchDoc.0043CCB5
0043CC9D . 8B8D 58FFFFF>mov ecx,dword ptr ss:[ebp-A8]
0043CCA3 . 68 A0000000 push 0A0
0043CCA8 . 68 58064100 push BatchDoc.00410658
0043CCAD . 51 push ecx
0043CCAE . 50 push eax
0043CCAF . FF15 5C10400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
0043CCB5 > 8B16 mov edx,dword ptr ds:[esi]
0043CCB7 . 56 push esi
0043CCB8 . FF92 0803000>call dword ptr ds:[edx+308]
0043CCBE . 50 push eax
0043CCBF . 8D45 D0 lea eax,dword ptr ss:[ebp-30]
0043CCC2 . 50 push eax
0043CCC3 . FFD7 call edi
0043CCC5 . 8BF8 mov edi,eax
0043CCC7 . 8D55 D8 lea edx,dword ptr ss:[ebp-28]
0043CCCA . 52 push edx
0043CCCB . 57 push edi
0043CCCC . 8B0F mov ecx,dword ptr ds:[edi]
0043CCCE . FF91 A000000>call dword ptr ds:[ecx+A0]
0043CCD4 . 85C0 test eax,eax
0043CCD6 . DBE2 fclex
0043CCD8 . 7D 12 jge short BatchDoc.0043CCEC
0043CCDA . 68 A0000000 push 0A0
0043CCDF . 68 58064100 push BatchDoc.00410658
0043CCE4 . 57 push edi
0043CCE5 . 50 push eax
0043CCE6 . FF15 5C10400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
0043CCEC > 8B45 DC mov eax,dword ptr ss:[ebp-24]
0043CCEF . C745 DC 0000>mov dword ptr ss:[ebp-24],0
0043CCF6 . 8945 C4 mov dword ptr ss:[ebp-3C],eax
0043CCF9 . 8B45 D8 mov eax,dword ptr ss:[ebp-28]
0043CCFC . 50 push eax
0043CCFD . C745 BC 0800>mov dword ptr ss:[ebp-44],8
0043CD04 . FF15 2810400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaLenBstr
0043CD0A . 0FBF4D E8 movsx ecx,word ptr ss:[ebp-18]
0043CD0E . 2BC1 sub eax,ecx
0043CD10 . 8D55 BC lea edx,dword ptr ss:[ebp-44]
0043CD13 . 0F80 0E05000>jo BatchDoc.0043D227
0043CD19 . 50 push eax ; /Arg3
0043CD1A . 8D45 AC lea eax,dword ptr ss:[ebp-54] ; |
0043CD1D . 52 push edx ; |Arg2
0043CD1E . 50 push eax ; |Arg1
0043CD1F . FF15 E011400>call dword ptr ds:[<&MSVBVM60.#61>; \rtcRightCharVar
0043CD25 . 8D4D AC lea ecx,dword ptr ss:[ebp-54]
0043CD28 . 51 push ecx
0043CD29 . FF15 2410400>call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaStrVarMove
1 2 下一页 |
安全中国首页 > 文章中心 > 加密算法