TimeRecorder V4.17.3簡單算法分析
日期:2005年8月19日 破解人:lnn1123[BCG]
———————————————————————————————————————————
【軟件名稱】:TimeRecorder 軟件版本:V4.17.3
【軟件大小】: 1912KB
【下載地址】:天空軟件
【軟件簡介】:TimeRecorder is a timer and reminder software. It provides the
following functions: as a reminder, can show tips about scheduled
and important tasks at the prearranged time; as a recorder, to
keep track of time and record everything we do in a whole day,
a week or even a month; as a memo, what we write or paste into
will be saved automatically for future reference. Also, it can
shut down computer automatically at the specified time.
TimeRecorder (copyright 2001-2004 by SunShine Software Inc.) is
a shareware application. If, after a reasonable period, you decide
that you find TimeRecorder useful and plan to continue to use it,
please register with SunShine Software Inc.
There is a convenient way to register. For more details on
registration, see "Help/Documentation/How To Buy" from within
TimeRecorder or visit web site http://timerecorder.51.net .
【軟件限制】:次數限制,只能夠用40次
【破解聲明】:初學Crack,只是感興趣,沒有其它目的。失誤之處敬請諸位大俠賜教!
【破解工具】:OLLYDBG,PEID
———————————————————————————————————————————
【破解過程】:
======================================================================================
分析過程
======================================================================================
OD載入,PEID查看無殼,VB的好怕怕啊,註冊有錯誤提示,無反跟蹤,BP MsgBoxA,可以找到下面下斷處
004748F0 > 55 PUSH EBP ; 下斷處
004748F1 . 8BEC MOV EBP,ESP
004748F3 . 83EC 0C SUB ESP,0C
004748F6 . 68 561E4000 PUSH <JMP.&MSVBVM50.__vbaExceptHandler> ; SE handler installation
004748FB . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
00474901 . 50 PUSH EAX
00474902 . 64:8925 000000>MOV DWORD PTR FS:[0],ESP
00474909 . 81EC F0000000 SUB ESP,0F0
0047490F . 53 PUSH EBX
00474910 . 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]
00474913 . 8BC3 MOV EAX,EBX
00474915 . 56 PUSH ESI
00474916 . 83E3 FE AND EBX,FFFFFFFE
00474919 . 57 PUSH EDI
0047491A . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP
0047491D . 83E0 01 AND EAX,1
00474920 . 8B33 MOV ESI,DWORD PTR DS:[EBX]
00474922 . C745 F8 401640>MOV DWORD PTR SS:[EBP-8],TimeReco.004016>
00474929 . 53 PUSH EBX
0047492A . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0047492D . 895D 08 MOV DWORD PTR SS:[EBP+8],EBX
00474930 . 89B5 0CFFFFFF MOV DWORD PTR SS:[EBP-F4],ESI
00474936 . FF56 04 CALL DWORD PTR DS:[ESI+4]
00474939 . 8BB6 10030000 MOV ESI,DWORD PTR DS:[ESI+310]
0047493F . 33FF XOR EDI,EDI
00474941 . 53 PUSH EBX
00474942 . 897D E0 MOV DWORD PTR SS:[EBP-20],EDI
00474945 . 897D DC MOV DWORD PTR SS:[EBP-24],EDI
00474948 . 897D D8 MOV DWORD PTR SS:[EBP-28],EDI
0047494B . 897D D4 MOV DWORD PTR SS:[EBP-2C],EDI
0047494E . 897D D0 MOV DWORD PTR SS:[EBP-30],EDI
00474951 . 897D CC MOV DWORD PTR SS:[EBP-34],EDI
00474954 . 897D C8 MOV DWORD PTR SS:[EBP-38],EDI
00474957 . 897D C4 MOV DWORD PTR SS:[EBP-3C],EDI
0047495A . 897D C0 MOV DWORD PTR SS:[EBP-40],EDI
0047495D . 897D B0 MOV DWORD PTR SS:[EBP-50],EDI
00474960 . 897D A0 MOV DWORD PTR SS:[EBP-60],EDI
00474963 . 897D 90 MOV DWORD PTR SS:[EBP-70],EDI
00474966 . 897D 80 MOV DWORD PTR SS:[EBP-80],EDI
00474969 . 89BD 70FFFFFF MOV DWORD PTR SS:[EBP-90],EDI
0047496F . 89BD 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EDI
00474975 . 89BD 3CFFFFFF MOV DWORD PTR SS:[EBP-C4],EDI
0047497B . 89B5 08FFFFFF MOV DWORD PTR SS:[EBP-F8],ESI
00474981 . FFD6 CALL ESI
00474983 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474986 . 50 PUSH EAX
00474987 . 51 PUSH ECX
00474988 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
0047498E . 8B10 MOV EDX,DWORD PTR DS:[EAX]
00474990 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474993 . 51 PUSH ECX
00474994 . 50 PUSH EAX
00474995 . 8985 38FFFFFF MOV DWORD PTR SS:[EBP-C8],EAX
0047499B . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
004749A1 . 3BC7 CMP EAX,EDI
004749A3 . 7D 18 JGE SHORT TimeReco.004749BD
004749A5 . 8B95 38FFFFFF MOV EDX,DWORD PTR SS:[EBP-C8]
004749AB . 68 A0000000 PUSH 0A0
004749B0 . 68 C8664100 PUSH TimeReco.004166C8
004749B5 . 52 PUSH EDX
004749B6 . 50 PUSH EAX
004749B7 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
004749BD > 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 註冊名
004749C0 . 50 PUSH EAX ; 比較參數1
004749C1 . 68 0C654100 PUSH TimeReco.0041650C ; 比較參數2
004749C6 . FF15 F0834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrCm>; MSVBVM50.__vbaStrCmp
004749CC . F7D8 NEG EAX ; 比較註冊名是否爲空
004749CE . 1BC0 SBB EAX,EAX
004749D0 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
004749D3 . F7D8 NEG EAX
004749D5 . F7D8 NEG EAX
004749D7 . 8985 30FFFFFF MOV DWORD PTR SS:[EBP-D0],EAX ; 保存
004749DD . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
004749E3 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
004749E6 . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
004749EC . 66:39BD 30FFFF>CMP WORD PTR SS:[EBP-D0],DI ; 是否輸入了
004749F3 . 0F84 310B0000 JE TimeReco.0047552A ; 不能夠跳
004749F9 . 53 PUSH EBX
004749FA . FF95 08FFFFFF CALL DWORD PTR SS:[EBP-F8]
00474A00 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474A03 . 50 PUSH EAX
00474A04 . 51 PUSH ECX
00474A05 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474A0B . 8B10 MOV EDX,DWORD PTR DS:[EAX]
00474A0D . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474A10 . 51 PUSH ECX
00474A11 . 50 PUSH EAX
00474A12 . 8985 38FFFFFF MOV DWORD PTR SS:[EBP-C8],EAX
00474A18 . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
00474A1E . 3BC7 CMP EAX,EDI
00474A20 . 7D 18 JGE SHORT TimeReco.00474A3A
00474A22 . 8B95 38FFFFFF MOV EDX,DWORD PTR SS:[EBP-C8]
00474A28 . 68 A0000000 PUSH 0A0
00474A2D . 68 C8664100 PUSH TimeReco.004166C8
00474A32 . 52 PUSH EDX
00474A33 . 50 PUSH EAX
00474A34 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474A3A > 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 註冊名
00474A3D . 50 PUSH EAX ; 參數
00474A3E . FF15 08834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaLenBs>; MSVBVM50.__vbaLenBstr
00474A44 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20] ; 長度值在EAX
00474A47 . 8985 1CFFFFFF MOV DWORD PTR SS:[EBP-E4],EAX ; 保存
00474A4D . BE 01000000 MOV ESI,1
00474A52 . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
00474A58 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474A5B . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00474A61 > 3BB5 1CFFFFFF CMP ESI,DWORD PTR SS:[EBP-E4] ; 循環得到註冊名ASC和
00474A67 . 0F8F A6000000 JG TimeReco.00474B13
00474A6D . 53 PUSH EBX
00474A6E . FF95 08FFFFFF CALL DWORD PTR SS:[EBP-F8]
00474A74 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474A77 . 50 PUSH EAX
00474A78 . 51 PUSH ECX
00474A79 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474A7F . 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]
00474A82 . 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
00474A85 . 8945 B8 MOV DWORD PTR SS:[EBP-48],EAX
00474A88 . 52 PUSH EDX
00474A89 . 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
00474A8C . 56 PUSH ESI
00474A8D . 8D4D 90 LEA ECX,DWORD PTR SS:[EBP-70]
00474A90 . 50 PUSH EAX
00474A91 . 51 PUSH ECX
00474A92 . C745 A8 010000>MOV DWORD PTR SS:[EBP-58],1
00474A99 . C745 A0 020000>MOV DWORD PTR SS:[EBP-60],2
00474AA0 . C745 C8 000000>MOV DWORD PTR SS:[EBP-38],0
00474AA7 . C745 B0 090000>MOV DWORD PTR SS:[EBP-50],9
00474AAE . FF15 D4834900 CALL DWORD PTR DS:[<&MSVBVM50.#632>] ; MSVBVM50.rtcMidCharVar
00474AB4 . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70] ; 上面的是VB中的取字符函數
00474AB7 . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
00474ABA . 52 PUSH EDX
00474ABB . 50 PUSH EAX
00474ABC . FF15 80844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>; MSVBVM50.__vbaStrVarVal
00474AC2 . 50 PUSH EAX ; 轉化爲變量型
00474AC3 . FF15 20834900 CALL DWORD PTR DS:[<&MSVBVM50.#516>] ; MSVBVM50.rtcAnsiValueBstr
00474AC9 . 0FBFC8 MOVSX ECX,AX ; AX爲註冊名某位ASC
00474ACC . 03CF ADD ECX,EDI ; 累加到ECX
00474ACE . 0F80 6A0B0000 JO TimeReco.0047563E
00474AD4 . 8BF9 MOV EDI,ECX ; 轉移
00474AD6 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474AD9 . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
00474ADF . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474AE2 . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00474AE8 . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
00474AEB . 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
00474AEE . 52 PUSH EDX
00474AEF . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
00474AF2 . 50 PUSH EAX
00474AF3 . 51 PUSH ECX
00474AF4 . 6A 03 PUSH 3
00474AF6 . FF15 10834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>; MSVBVM50.__vbaFreeVarList
00474AFC . B8 01000000 MOV EAX,1
00474B01 . 83C4 10 ADD ESP,10
00474B04 . 03C6 ADD EAX,ESI ; EAX=EAX+ESI
00474B06 . 0F80 320B0000 JO TimeReco.0047563E
00474B0C . 8BF0 MOV ESI,EAX
00474B0E .^E9 4EFFFFFF JMP TimeReco.00474A61 ; 循環到00474A61
00474B13 > A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474B18 . 85C0 TEST EAX,EAX
00474B1A . 75 19 JNZ SHORT TimeReco.00474B35
00474B1C . 8B1D AC844900 MOV EBX,DWORD PTR DS:[<&MSVBVM50.__vbaNe>; MSVBVM50.__vbaNew2
00474B22 . 68 80204900 PUSH TimeReco.00492080
00474B27 . 68 94044100 PUSH TimeReco.00410494
00474B2C . FFD3 CALL EBX ; <&MSVBVM50.__vbaNew2>
00474B2E . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474B33 . EB 06 JMP SHORT TimeReco.00474B3B
00474B35 > 8B1D AC844900 MOV EBX,DWORD PTR DS:[<&MSVBVM50.__vbaNe>; MSVBVM50.__vbaNew2
00474B3B > 85C0 TEST EAX,EAX
00474B3D . 8985 28FFFFFF MOV DWORD PTR SS:[EBP-D8],EAX
00474B43 . 75 11 JNZ SHORT TimeReco.00474B56
00474B45 . 68 80204900 PUSH TimeReco.00492080
00474B4A . 68 94044100 PUSH TimeReco.00410494
00474B4F . FFD3 CALL EBX
00474B51 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474B56 > 8B10 MOV EDX,DWORD PTR DS:[EAX]
00474B58 . 50 PUSH EAX
00474B59 . FF92 D4030000 CALL DWORD PTR DS:[EDX+3D4]
00474B5F . 50 PUSH EAX
00474B60 . 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
00474B63 . 50 PUSH EAX
00474B64 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474B6A . 8BF0 MOV ESI,EAX
00474B6C . 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
00474B6F . 52 PUSH EDX
00474B70 . 56 PUSH ESI
00474B71 . 8B0E MOV ECX,DWORD PTR DS:[ESI]
00474B73 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
00474B79 . 85C0 TEST EAX,EAX
00474B7B . 7D 12 JGE SHORT TimeReco.00474B8F
00474B7D . 68 A0000000 PUSH 0A0
00474B82 . 68 C8664100 PUSH TimeReco.004166C8
00474B87 . 56 PUSH ESI
00474B88 . 50 PUSH EAX
00474B89 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474B8F > A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474B94 . 85C0 TEST EAX,EAX
00474B96 . 75 11 JNZ SHORT TimeReco.00474BA9
00474B98 . 68 80204900 PUSH TimeReco.00492080
00474B9D . 68 94044100 PUSH TimeReco.00410494
00474BA2 . FFD3 CALL EBX
00474BA4 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474BA9 > 8B08 MOV ECX,DWORD PTR DS:[EAX]
00474BAB . 50 PUSH EAX
00474BAC . FF91 D4030000 CALL DWORD PTR DS:[ECX+3D4]
00474BB2 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
00474BB5 . 50 PUSH EAX
00474BB6 . 52 PUSH EDX
00474BB7 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474BBD . 8BF0 MOV ESI,EAX
00474BBF . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
00474BC2 . 51 PUSH ECX
00474BC3 . 56 PUSH ESI
00474BC4 . 8B06 MOV EAX,DWORD PTR DS:[ESI]
00474BC6 . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]
00474BCC . 85C0 TEST EAX,EAX
00474BCE . 7D 12 JGE SHORT TimeReco.00474BE2
00474BD0 . 68 A0000000 PUSH 0A0
00474BD5 . 68 C8664100 PUSH TimeReco.004166C8
00474BDA . 56 PUSH ESI
00474BDB . 50 PUSH EAX
00474BDC . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474BE2 > 8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
00474BE8 . 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 1123
00474BEB > . 50 PUSH EAX ; 參數
00474BEC . 8B1A MOV EBX,DWORD PTR DS:[EDX] ; 下面是浮點轉換
00474BEE . FF15 88854900 CALL DWORD PTR DS:[<&MSVBVM50.#581>] ; MSVBVM50.rtcR8ValFromBstr
00474BF4 . FF15 1C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFpI4>>; MSVBVM50.__vbaFpI4
00474BFA . 99 CDQ ; 雙字擴展,爲下面除運算做準備
00474BFB . B9 E8030000 MOV ECX,3E8 ; 被除常數
00474C00 . F7F9 IDIV ECX ; 除法運算,餘數在EDX
00474C02 . 8BF2 MOV ESI,EDX ; 餘數在EDX
00474C04 . 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24]
00474C07 . 52 PUSH EDX ; 參數
00474C08 . FF15 88854900 CALL DWORD PTR DS:[<&MSVBVM50.#581>] ; MSVBVM50.rtcR8ValFromBstr
00474C0E . FF15 1C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFpI4>>; MSVBVM50.__vbaFpI4
00474C14 . 99 CDQ ; 雙字擴展,爲下面除運算做準備
00474C15 . B9 E8030000 MOV ECX,3E8 ; 被除常數
00474C1A . F7F9 IDIV ECX
00474C1C . 0FAFF2 IMUL ESI,EDX ; 乘法運算,ESI=ESI*EDX
00474C1F . 0F80 190A0000 JO TimeReco.0047563E ; 益出跳轉
00474C25 . 03F7 ADD ESI,EDI ; 加上註冊名ASC和
00474C27 . 0F80 110A0000 JO TimeReco.0047563E ; 益出跳轉
00474C2D . 83C6 02 ADD ESI,2 ; 加2
00474C30 . 0F80 080A0000 JO TimeReco.0047563E ; 益出跳轉
00474C36 . 46 INC ESI ; 加1
00474C37 . 0F80 010A0000 JO TimeReco.0047563E ; 益出跳轉
00474C3D . 56 PUSH ESI ; 壓鍵,現在的ESI記爲SN
00474C3E . 8BB5 28FFFFFF MOV ESI,DWORD PTR SS:[EBP-D8]
00474C44 . 56 PUSH ESI
00474C45 . FF93 E8070000 CALL DWORD PTR DS:[EBX+7E8]
00474C4B . 85C0 TEST EAX,EAX
00474C4D . 7D 12 JGE SHORT TimeReco.00474C61
00474C4F . 68 E8070000 PUSH 7E8
00474C54 . 68 94524100 PUSH TimeReco.00415294
00474C59 . 56 PUSH ESI
00474C5A . 50 PUSH EAX
00474C5B . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474C61 > 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
00474C64 . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
00474C67 . 52 PUSH EDX
00474C68 . 50 PUSH EAX
00474C69 . 6A 02 PUSH 2
00474C6B . FF15 D0844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStrList
00474C71 . 83C4 0C ADD ESP,0C
00474C74 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
00474C77 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00474C7A . 51 PUSH ECX
00474C7B . 52 PUSH EDX
00474C7C . 6A 02 PUSH 2
00474C7E . FF15 18834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObjList
00474C84 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474C89 . 83C4 0C ADD ESP,0C
00474C8C . 85C0 TEST EAX,EAX
00474C8E . 75 10 JNZ SHORT TimeReco.00474CA0
00474C90 . 68 80204900 PUSH TimeReco.00492080
00474C95 . 68 94044100 PUSH TimeReco.00410494
00474C9A . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2
00474CA0 > 8B35 80204900 MOV ESI,DWORD PTR DS:[492080]
00474CA6 . 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]
00474CAC . 51 PUSH ECX
00474CAD . 56 PUSH ESI
00474CAE . 8B06 MOV EAX,DWORD PTR DS:[ESI]
00474CB0 . FF90 E4070000 CALL DWORD PTR DS:[EAX+7E4]
00474CB6 . 85C0 TEST EAX,EAX
00474CB8 . 7D 12 JGE SHORT TimeReco.00474CCC
00474CBA . 68 E4070000 PUSH 7E4
00474CBF . 68 94524100 PUSH TimeReco.00415294
00474CC4 . 56 PUSH ESI
00474CC5 . 50 PUSH EAX
00474CC6 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474CCC > 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]
00474CCF . 8BBD 0CFFFFFF MOV EDI,DWORD PTR SS:[EBP-F4]
00474CD5 . 53 PUSH EBX
00474CD6 . FF97 00030000 CALL DWORD PTR DS:[EDI+300]
00474CDC . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00474CDF . 50 PUSH EAX
00474CE0 . 52 PUSH EDX
00474CE1 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474CE7 . 8BF0 MOV ESI,EAX
00474CE9 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474CEC . 51 PUSH ECX
00474CED . 56 PUSH ESI
00474CEE . 8B06 MOV EAX,DWORD PTR DS:[ESI]
00474CF0 . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]
00474CF6 . 85C0 TEST EAX,EAX
00474CF8 . 7D 12 JGE SHORT TimeReco.00474D0C
00474CFA . 68 A0000000 PUSH 0A0
00474CFF . 68 C8664100 PUSH TimeReco.004166C8
00474D04 . 56 PUSH ESI
00474D05 . 50 PUSH EAX
00474D06 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474D0C > 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; 註冊碼
00474D0F . 52 PUSH EDX
00474D10 . FF15 88854900 CALL DWORD PTR DS:[<&MSVBVM50.#581>] ; MSVBVM50.rtcR8ValFromBstr
00474D16 . FF15 C4834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFpR8>>; MSVBVM50.__vbaFpR8
00474D1C . DB85 3CFFFFFF FILD DWORD PTR SS:[EBP-C4] ; 裝入SN
00474D22 . DD9D 00FFFFFF FSTP QWORD PTR SS:[EBP-100]
00474D28 . DC9D 00FFFFFF FCOMP QWORD PTR SS:[EBP-100] ; 浮點比較,這裏看到註冊碼
00474D2E . DFE0 FSTSW AX
00474D30 . F6C4 40 TEST AH,40 ; 是否是40
00474D33 . 74 07 JE SHORT TimeReco.00474D3C
00474D35 . BE 01000000 MOV ESI,1
00474D3A . EB 02 JMP SHORT TimeReco.00474D3E
00474D3C > 33F6 XOR ESI,ESI
00474D3E > 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474D41 . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
00474D47 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474D4A . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00474D50 . F7DE NEG ESI
00474D52 . 66:85F6 TEST SI,SI
00474D55 . 0F84 70040000 JE TimeReco.004751CB ; 關鍵跳轉,不跳就註冊成功
00474D5B . A1 80204900 MOV EAX,DWORD PTR DS:[492080] ;下面就是建立一個Iotmrd.sys文件,裏面有註冊信息
00474D60 . 85C0 TEST EAX,EAX
00474D62 . 75 15 JNZ SHORT TimeReco.00474D79
00474D64 . 68 80204900 PUSH TimeReco.00492080
00474D69 . 68 94044100 PUSH TimeReco.00410494
00474D6E . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2
00474D74 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474D79 > 8B08 MOV ECX,DWORD PTR DS:[EAX]
00474D7B . 50 PUSH EAX
00474D7C . FF91 DC030000 CALL DWORD PTR DS:[ECX+3DC]
00474D82 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00474D85 . 50 PUSH EAX
00474D86 . 52 PUSH EDX
00474D87 . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474D8D . 8BF8 MOV EDI,EAX
00474D8F . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474D94 . 85C0 TEST EAX,EAX
00474D96 . 75 10 JNZ SHORT TimeReco.00474DA8
00474D98 . 68 80204900 PUSH TimeReco.00492080
00474D9D . 68 94044100 PUSH TimeReco.00410494
00474DA2 . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2
00474DA8 > 8B35 80204900 MOV ESI,DWORD PTR DS:[492080]
00474DAE . 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]
00474DB4 . 51 PUSH ECX
00474DB5 . 56 PUSH ESI
00474DB6 . 8B06 MOV EAX,DWORD PTR DS:[ESI]
00474DB8 . FF90 E4070000 CALL DWORD PTR DS:[EAX+7E4]
00474DBE . 85C0 TEST EAX,EAX
00474DC0 . 7D 12 JGE SHORT TimeReco.00474DD4
00474DC2 . 68 E4070000 PUSH 7E4
00474DC7 . 68 94524100 PUSH TimeReco.00415294
00474DCC . 56 PUSH ESI
00474DCD . 50 PUSH EAX
00474DCE . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474DD4 > 8B95 3CFFFFFF MOV EDX,DWORD PTR SS:[EBP-C4]
00474DDA . 8B37 MOV ESI,DWORD PTR DS:[EDI]
00474DDC . 52 PUSH EDX
00474DDD . FF15 F4824900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrI4>; MSVBVM50.__vbaStrI4
00474DE3 . 8BD0 MOV EDX,EAX
00474DE5 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474DE8 . FF15 38854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrMo>; MSVBVM50.__vbaStrMove
00474DEE . 50 PUSH EAX
00474DEF . 57 PUSH EDI
00474DF0 . FF96 A4000000 CALL DWORD PTR DS:[ESI+A4]
00474DF6 . 85C0 TEST EAX,EAX
00474DF8 . 7D 12 JGE SHORT TimeReco.00474E0C
00474DFA . 68 A4000000 PUSH 0A4
00474DFF . 68 C8664100 PUSH TimeReco.004166C8
00474E04 . 57 PUSH EDI
00474E05 . 50 PUSH EAX
00474E06 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474E0C > 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474E0F . FF15 80854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
00474E15 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474E18 . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00474E1E . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474E23 . 85C0 TEST EAX,EAX
00474E25 . 75 15 JNZ SHORT TimeReco.00474E3C
00474E27 . 68 80204900 PUSH TimeReco.00492080
00474E2C . 68 94044100 PUSH TimeReco.00410494
00474E31 . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2
00474E37 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474E3C > 8B08 MOV ECX,DWORD PTR DS:[EAX]
00474E3E . 50 PUSH EAX
00474E3F . FF91 DC030000 CALL DWORD PTR DS:[ECX+3DC]
00474E45 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00474E48 . 50 PUSH EAX
00474E49 . 52 PUSH EDX
00474E4A . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474E50 . 8BF0 MOV ESI,EAX
00474E52 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474E55 . 51 PUSH ECX
00474E56 . 56 PUSH ESI
00474E57 . 8B06 MOV EAX,DWORD PTR DS:[ESI]
00474E59 . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]
00474E5F . 85C0 TEST EAX,EAX
00474E61 . 7D 12 JGE SHORT TimeReco.00474E75
00474E63 . 68 A0000000 PUSH 0A0
00474E68 . 68 C8664100 PUSH TimeReco.004166C8
00474E6D . 56 PUSH ESI
00474E6E . 50 PUSH EAX
00474E6F . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474E75 > A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474E7A . 85C0 TEST EAX,EAX
00474E7C . 75 10 JNZ SHORT TimeReco.00474E8E
00474E7E . 68 80204900 PUSH TimeReco.00492080
00474E83 . 68 94044100 PUSH TimeReco.00410494
00474E88 . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2
00474E8E > 8B35 80204900 MOV ESI,DWORD PTR DS:[492080]
00474E94 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
00474E97 . 50 PUSH EAX
00474E98 . 56 PUSH ESI
00474E99 . 8B16 MOV EDX,DWORD PTR DS:[ESI]
00474E9B . FF92 70070000 CALL DWORD PTR DS:[EDX+770]
00474EA1 . 85C0 TEST EAX,EAX
00474EA3 . 7D 12 JGE SHORT TimeReco.00474EB7
00474EA5 . 68 70070000 PUSH 770
00474EAA . 68 94524100 PUSH TimeReco.00415294
00474EAF . 56 PUSH ESI
00474EB0 . 50 PUSH EAX
00474EB1 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474EB7 > 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
00474EBA . 8B35 04854900 MOV ESI,DWORD PTR DS:[<&MSVBVM50.__vbaSt>; MSVBVM50.__vbaStrToAnsi
00474EC0 . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
00474EC3 . 51 PUSH ECX
00474EC4 . 52 PUSH EDX
00474EC5 . FFD6 CALL ESI ; <&MSVBVM50.__vbaStrToAnsi>
00474EC7 . 50 PUSH EAX
00474EC8 . 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
00474ECB . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
00474ECE . 50 PUSH EAX
00474ECF . 51 PUSH ECX
00474ED0 . FFD6 CALL ESI
00474ED2 . 50 PUSH EAX
00474ED3 . 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
00474ED6 . 68 08754100 PUSH TimeReco.00417508 ; UNICODE "pt3"
00474EDB . 52 PUSH EDX
00474EDC . FFD6 CALL ESI
00474EDE . 50 PUSH EAX
00474EDF . 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
00474EE2 . 68 B0664100 PUSH TimeReco.004166B0 ; UNICODE "MyApp"
00474EE7 . 50 PUSH EAX
00474EE8 . FFD6 CALL ESI
00474EEA . 50 PUSH EAX
00474EEB . E8 840EFAFF CALL TimeReco.00415D74
00474EF0 . 8985 3CFFFFFF MOV DWORD PTR SS:[EBP-C4],EAX
00474EF6 . FF15 44834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaSetSy>; MSVBVM50.__vbaSetSystemError
00474EFC . 8B8D 3CFFFFFF MOV ECX,DWORD PTR SS:[EBP-C4]
00474F02 . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
00474F05 . 894B 38 MOV DWORD PTR DS:[EBX+38],ECX
00474F08 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
00474F0B . 52 PUSH EDX
00474F0C . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
00474F0F . 50 PUSH EAX
00474F10 . 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
00474F13 . 51 PUSH ECX
00474F14 . 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
00474F17 . 52 PUSH EDX
00474F18 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
00474F1B . 50 PUSH EAX
00474F1C . 51 PUSH ECX
00474F1D . 6A 06 PUSH 6
00474F1F . FF15 D0844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStrList
00474F25 . 83C4 1C ADD ESP,1C
00474F28 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00474F2B . FF15 7C854900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00474F31 . 53 PUSH EBX
00474F32 . FF95 08FFFFFF CALL DWORD PTR SS:[EBP-F8]
00474F38 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
00474F3B . 50 PUSH EAX
00474F3C . 52 PUSH EDX
00474F3D . FF15 80834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00474F43 . 8BF8 MOV EDI,EAX
00474F45 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00474F48 . 51 PUSH ECX
00474F49 . 57 PUSH EDI
00474F4A . 8B07 MOV EAX,DWORD PTR DS:[EDI]
00474F4C . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]
00474F52 . 85C0 TEST EAX,EAX
00474F54 . 7D 12 JGE SHORT TimeReco.00474F68
00474F56 . 68 A0000000 PUSH 0A0
00474F5B . 68 C8664100 PUSH TimeReco.004166C8
00474F60 . 57 PUSH EDI
00474F61 . 50 PUSH EAX
00474F62 . FF15 4C834900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00474F68 > A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474F6D . 85C0 TEST EAX,EAX
00474F6F . 75 10 JNZ SHORT TimeReco.00474F81
00474F71 . 68 80204900 PUSH TimeReco.00492080
00474F76 . 68 94044100 PUSH TimeReco.00410494
00474F7B . FF15 AC844900 CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>; MSVBVM50.__vbaNew2
00474F81 > 8B3D 80204900 MOV EDI,DWORD PTR DS:[492080]
00474F87 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
00474F8A . 50 PUSH EAX
00474F8B . 57 PUSH EDI
00474F8C . 8B17 MOV EDX,DWORD PTR DS:[EDI]
00474F8E . FF92 70070000 CALL DWORD PTR DS:[EDX+770]
00474F94 . 85C0 TEST EAX,EAX
00474F96 . 7D 16 JGE SHORT TimeReco.00474FAE
00474F98 . 68 70070000 PUSH 770
00474F9D . 68 94524100 PUSH TimeReco.00415294
00474FA2 . 57 PUSH EDI
00474FA3 . 8B3D 4C834900 MOV EDI,DWORD PTR DS:[<&MSVB
———————————————————————————————————————————
【Crack_總結】:
用到了浮點算法,但是幾乎沒有作用,就是比較的時候用了一下,大概註冊是這樣的,取註冊名ASC和記爲NH,取機器碼運算得到的值記JY,然後就是SN=(JY%0X3EB)*(JY%0X3EB)+NH+3的十進制,算法比較簡單,但是感覺到VB的繁雜,這麼多垃圾代碼,而且如果你VB的函數不懂的話破解VB軟件也是滿難的,這也體現了編程的重要性
TimeRecorder V4.17.3簡單算法分析
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章
Auto Power-on Version 1.52算法分析
lnn1123
2020-07-02 07:19:40
ReverseMe 不完美分析過程
lnn1123
2018-08-23 15:33:43
flashtools註冊算法分析過程
lnn1123
2018-08-23 15:33:39
加密算法運用不當的後果
lnn1123
2018-08-23 15:33:37
WebPageMaker 2.2.0 註冊算法分析
lnn1123
2018-08-23 15:33:37
Absolute Video Splitter Joiner註冊算法分析
lnn1123
2018-08-23 15:33:37
ParaBytes ReVerSeMe2 逆向分析過程
lnn1123
2018-08-23 15:33:17
My Notes Keeper V 1.4註冊算法分析
lnn1123
2018-08-23 15:33:16
TitleBarClock Pro5.2算法分析
lnn1123
2018-08-23 15:32:26
ReverseMe分析過程
lnn1123
2018-08-23 15:32:23