一个处理Excel表格的工具算法分析
PEiD看了一下,VB,于是用VBExplorer找到‘Register’单击事件响应代码开始处004137B0下断开始跟踪.复制内容到剪贴板
代码:
004137B0 > \55 PUSH EBP ; 一大堆垃圾代码影响大家的眼球
004137B1 . 8BEC MOV EBP,ESP
004137B3 . 83EC 0C SUB ESP,0C
004137B6 . 68 E6194000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler> ; SE 处理程序安装
004137BB . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
004137C1 . 50 PUSH EAX
004137C2 . 64:8925 00000>MOV DWORD PTR FS:[0],ESP
004137C9 . 81EC B0000000 SUB ESP,0B0
004137CF . 53 PUSH EBX
004137D0 . 56 PUSH ESI
004137D1 . 57 PUSH EDI
004137D2 . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP
004137D5 . C745 F8 38124>MOV DWORD PTR SS:[EBP-8],ExcelWor.004012>
004137DC . 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
004137DF . 8BC6 MOV EAX,ESI
004137E1 . 83E0 01 AND EAX,1
004137E4 . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004137E7 . 83E6 FE AND ESI,FFFFFFFE
004137EA . 56 PUSH ESI
004137EB . 8975 08 MOV DWORD PTR SS:[EBP+8],ESI
004137EE . 8B0E MOV ECX,DWORD PTR DS:[ESI]
004137F0 . FF51 04 CALL DWORD PTR DS:[ECX+4]
004137F3 . 8B16 MOV EDX,DWORD PTR DS:[ESI]
004137F5 . 33DB XOR EBX,EBX
004137F7 . 56 PUSH ESI
004137F8 . 895D E8 MOV DWORD PTR SS:[EBP-18],EBX
004137FB . 895D E4 MOV DWORD PTR SS:[EBP-1C],EBX
004137FE . 895D E0 MOV DWORD PTR SS:[EBP-20],EBX
00413801 . 895D DC MOV DWORD PTR SS:[EBP-24],EBX
00413804 . 895D CC MOV DWORD PTR SS:[EBP-34],EBX
00413807 . 895D BC MOV DWORD PTR SS:[EBP-44],EBX
0041380A . 895D AC MOV DWORD PTR SS:[EBP-54],EBX
0041380D . 895D 9C MOV DWORD PTR SS:[EBP-64],EBX
00413810 . 895D 8C MOV DWORD PTR SS:[EBP-74],EBX
00413813 . 899D 7CFFFFFF MOV DWORD PTR SS:[EBP-84],EBX
00413819 . 899D 58FFFFFF MOV DWORD PTR SS:[EBP-A8],EBX
0041381F . FF92 0C030000 CALL DWORD PTR DS:[EDX+30C]
00413825 . 50 PUSH EAX
00413826 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
00413829 . 50 PUSH EAX
0041382A . FF15 6C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
00413830 . 8BF8 MOV EDI,EAX
00413832 . 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
00413835 . 52 PUSH EDX
00413836 . 57 PUSH EDI
00413837 . 8B0F MOV ECX,DWORD PTR DS:[EDI]
00413839 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
0041383F . 3BC3 CMP EAX,EBX
00413841 . DBE2 FCLEX
00413843 . 7D 12 JGE SHORT ExcelWor.00413857
00413845 . 68 A0000000 PUSH 0A0
0041384A . 68 88564000 PUSH ExcelWor.00405688
0041384F . 57 PUSH EDI
00413850 . 50 PUSH EAX
00413851 . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
00413857 > 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; 用户名
0041385A . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
0041385D . 8945 D4 MOV DWORD PTR SS:[EBP-2C],EAX
00413860 . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
00413863 . 50 PUSH EAX
00413864 . 51 PUSH ECX
00413865 . 895D E8 MOV DWORD PTR SS:[EBP-18],EBX
00413868 . C745 CC 08000>MOV DWORD PTR SS:[EBP-34],8
0041386F . FF15 84104000 CALL DWORD PTR DS:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
00413875 . 8B15 20604200 MOV EDX,DWORD PTR DS:[426020]
0041387B . 8D85 58FFFFFF LEA EAX,DWORD PTR SS:[EBP-A8]
00413881 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
00413884 . 50 PUSH EAX
00413885 . 8B3A MOV EDI,DWORD PTR DS:[EDX]
00413887 . 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
0041388A . 51 PUSH ECX
0041388B . 52 PUSH EDX
0041388C . FF15 20114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarVal
00413892 . 50 PUSH EAX
00413893 . A1 20604200 MOV EAX,DWORD PTR DS:[426020]
00413898 . 68 4C524000 PUSH ExcelWor.0040524C ; UNICODE "LicenseName"
0041389D . 50 PUSH EAX
0041389E . FF57 20 CALL DWORD PTR DS:[EDI+20]
004138A1 . 3BC3 CMP EAX,EBX
004138A3 . DBE2 FCLEX
004138A5 . 7D 15 JGE SHORT ExcelWor.004138BC
004138A7 . 8B0D 20604200 MOV ECX,DWORD PTR DS:[426020]
004138AD . 6A 20 PUSH 20
004138AF . 68 7C524000 PUSH ExcelWor.0040527C
004138B4 . 51 PUSH ECX
004138B5 . 50 PUSH EAX
004138B6 . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
004138BC > 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
004138BF . FF15 D8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
004138C5 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
004138C8 . FF15 DC114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
004138CE . 8B1D 24104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeVarList
004138D4 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
004138D7 . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
004138DA . 52 PUSH EDX
004138DB . 50 PUSH EAX
004138DC . 6A 02 PUSH 2
004138DE . FFD3 CALL EBX ; <&MSVBVM60.__vbaFreeVarList>
004138E0 . 8B0E MOV ECX,DWORD PTR DS:[ESI]
004138E2 . 83C4 0C ADD ESP,0C
004138E5 . 56 PUSH ESI
004138E6 . FF91 08030000 CALL DWORD PTR DS:[ECX+308]
004138EC . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
004138EF . 50 PUSH EAX
004138F0 . 52 PUSH EDX
004138F1 . FF15 6C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
004138F7 . 8BF8 MOV EDI,EAX
004138F9 . 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
004138FC . 51 PUSH ECX
004138FD . 57 PUSH EDI
004138FE . 8B07 MOV EAX,DWORD PTR DS:[EDI]
00413900 . FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]
00413906 . 85C0 TEST EAX,EAX
00413908 . DBE2 FCLEX
0041390A . 7D 12 JGE SHORT ExcelWor.0041391E
0041390C . 68 A0000000 PUSH 0A0
00413911 . 68 88564000 PUSH ExcelWor.00405688
00413916 . 57 PUSH EDI
00413917 . 50 PUSH EAX
00413918 . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
0041391E > 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; 假码
00413921 . 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
00413924 . 8945 D4 MOV DWORD PTR SS:[EBP-2C],EAX
00413927 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
0041392A . 52 PUSH EDX
0041392B . 50 PUSH EAX
0041392C . C745 E8 00000>MOV DWORD PTR SS:[EBP-18],0
00413933 . C745 CC 08000>MOV DWORD PTR SS:[EBP-34],8
0041393A . FF15 84104000 CALL DWORD PTR DS:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
00413940 . 8B0D 20604200 MOV ECX,DWORD PTR DS:[426020]
00413946 . 8D95 58FFFFFF LEA EDX,DWORD PTR SS:[EBP-A8]
0041394C . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
0041394F . 52 PUSH EDX
00413950 . 8B39 MOV EDI,DWORD PTR DS:[ECX]
00413952 . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
00413955 . 50 PUSH EAX
00413956 . 51 PUSH ECX
00413957 . FF15 20114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarVal
0041395D . 8B15 20604200 MOV EDX,DWORD PTR DS:[426020]
00413963 . 50 PUSH EAX
00413964 . 68 90524000 PUSH ExcelWor.00405290 ; UNICODE "LicenseCode"
00413969 . 52 PUSH EDX
0041396A . FF57 20 CALL DWORD PTR DS:[EDI+20]
0041396D . 85C0 TEST EAX,EAX
0041396F . DBE2 FCLEX
00413971 . 7D 15 JGE SHORT ExcelWor.00413988
00413973 . 8B0D 20604200 MOV ECX,DWORD PTR DS:[426020]
00413979 . 6A 20 PUSH 20
0041397B . 68 7C524000 PUSH ExcelWor.0040527C
00413980 . 51 PUSH ECX
00413981 . 50 PUSH EAX
00413982 . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
00413988 > 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
0041398B . FF15 D8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
00413991 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
00413994 . FF15 DC114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
0041399A . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
0041399D . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
004139A0 . 52 PUSH EDX
004139A1 . 50 PUSH EAX
004139A2 . 6A 02 PUSH 2
004139A4 . FFD3 CALL EBX
004139A6 . 83C4 0C ADD ESP,0C
004139A9 . E8 52F5FFFF CALL ExcelWor.00412F00 ; 关键CALL,F7进
004139AE . 66:3D FFFF CMP AX,0FFFF ; 比较
004139B2 . B9 04000280 MOV ECX,80020004
004139B7 . B8 0A000000 MOV EAX,0A
004139BC . 894D A4 MOV DWORD PTR SS:[EBP-5C],ECX
004139BF . 8945 9C MOV DWORD PTR SS:[EBP-64],EAX
004139C2 . 894D B4 MOV DWORD PTR SS:[EBP-4C],ECX
004139C5 . 8945 AC MOV DWORD PTR SS:[EBP-54],EAX
004139C8 . 0F85 25010000 JNZ ExcelWor.00413AF3 ; 关键跳,跳向失败
004139CE . 894D C4 MOV DWORD PTR SS:[EBP-3C],ECX ; 以下无关代码省略......
重载后F7跟进004139A9复制内容到剪贴板
代码:
00412F00 $ 55 PUSH EBP
00412F01 . 8BEC MOV EBP,ESP
00412F03 . 83EC 08 SUB ESP,8
00412F06 . 68 E6194000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler> ; SE 处理程序安装
00412F0B . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00412F11 . 50 PUSH EAX
00412F12 . 64:8925 00000>MOV DWORD PTR FS:[0],ESP
00412F19 . 83EC 48 SUB ESP,48
00412F1C . 53 PUSH EBX
00412F1D . 56 PUSH ESI
00412F1E . 57 PUSH EDI
00412F1F . 8965 F8 MOV DWORD PTR SS:[EBP-8],ESP
00412F22 . C745 FC E8114>MOV DWORD PTR SS:[EBP-4],ExcelWor.004011>
00412F29 . A1 20604200 MOV EAX,DWORD PTR DS:[426020]
00412F2E . 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
00412F31 . 52 PUSH EDX
00412F32 . 33F6 XOR ESI,ESI
00412F34 . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
00412F37 . 8975 E0 MOV DWORD PTR SS:[EBP-20],ESI
00412F3A . 8975 DC MOV DWORD PTR SS:[EBP-24],ESI
00412F3D . 8975 D4 MOV DWORD PTR SS:[EBP-2C],ESI
00412F40 . 8975 C4 MOV DWORD PTR SS:[EBP-3C],ESI
00412F43 . 8975 B4 MOV DWORD PTR SS:[EBP-4C],ESI
00412F46 . 8975 B0 MOV DWORD PTR SS:[EBP-50],ESI
00412F49 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
00412F4B . 52 PUSH EDX
00412F4C . 68 4C524000 PUSH ExcelWor.0040524C ; UNICODE "LicenseName"
00412F51 . 50 PUSH EAX
00412F52 . FF51 1C CALL DWORD PTR DS:[ECX+1C]
00412F55 . 3BC6 CMP EAX,ESI
00412F57 . DBE2 FCLEX
00412F59 . 7D 15 JGE SHORT ExcelWor.00412F70
00412F5B . 8B0D 20604200 MOV ECX,DWORD PTR DS:[426020]
00412F61 . 6A 1C PUSH 1C
00412F63 . 68 7C524000 PUSH ExcelWor.0040527C
00412F68 . 51 PUSH ECX
00412F69 . 50 PUSH EAX
00412F6A . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
00412F70 > A1 20604200 MOV EAX,DWORD PTR DS:[426020]
00412F75 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
00412F78 . 51 PUSH ECX
00412F79 . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
00412F7C . 8B10 MOV EDX,DWORD PTR DS:[EAX]
00412F7E . 51 PUSH ECX
00412F7F . 68 90524000 PUSH ExcelWor.00405290 ; UNICODE "LicenseCode"
00412F84 . 50 PUSH EAX
00412F85 . FF52 1C CALL DWORD PTR DS:[EDX+1C]
00412F88 . 3BC6 CMP EAX,ESI
00412F8A . DBE2 FCLEX
00412F8C . 7D 15 JGE SHORT ExcelWor.00412FA3
00412F8E . 8B15 20604200 MOV EDX,DWORD PTR DS:[426020]
00412F94 . 6A 1C PUSH 1C
00412F96 . 68 7C524000 PUSH ExcelWor.0040527C
00412F9B . 52 PUSH EDX
00412F9C . 50 PUSH EAX
00412F9D . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
00412FA3 > 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C] ; 假码
00412FA6 . 8B3D 1C104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaLe>; MSVBVM60.__vbaLenBstr
00412FAC . 50 PUSH EAX
00412FAD . FFD7 CALL EDI ; 假码位数; <&MSVBVM60.__vbaLenBstr>
00412FAF . 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24] ; 用户名
00412FB2 . 8BD8 MOV EBX,EAX
00412FB4 . F7DB NEG EBX
00412FB6 . 1BDB SBB EBX,EBX
00412FB8 . 51 PUSH ECX
00412FB9 . F7DB NEG EBX
00412FBB . FFD7 CALL EDI ; 用户名位数
00412FBD . F7D8 NEG EAX
00412FBF . 1BC0 SBB EAX,EAX
00412FC1 . F7D8 NEG EAX
00412FC3 . 85D8 TEST EAX,EBX
00412FC5 . 75 0A JNZ SHORT ExcelWor.00412FD1
00412FC7 . 8975 D8 MOV DWORD PTR SS:[EBP-28],ESI
00412FCA . 68 41304100 PUSH ExcelWor.00413041
00412FCF . EB 56 JMP SHORT ExcelWor.00413027
00412FD1 > 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24]
00412FD4 . 52 PUSH EDX
00412FD5 . E8 86000000 CALL ExcelWor.00413060 ; 算法CALL,F7进
00412FDA . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C] ; 省略以下无关代码......
进入00412FD5复制内容到剪贴板
代码:
00413060 $ 55 PUSH EBP
00413061 . 8BEC MOV EBP,ESP
00413063 . 83EC 0C SUB ESP,0C
00413066 . 68 E6194000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler> ; SE 处理程序安装
0041306B . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00413071 . 50 PUSH EAX
00413072 . 64:8925 00000>MOV DWORD PTR FS:[0],ESP
00413079 . 81EC 98000000 SUB ESP,98
0041307F . 53 PUSH EBX
00413080 . 56 PUSH ESI
00413081 . 57 PUSH EDI
00413082 . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP
00413085 . C745 F8 F8114>MOV DWORD PTR SS:[EBP-8],ExcelWor.004011>
0041308C . 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0041308F . 33C0 XOR EAX,EAX
00413091 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
00413094 . 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
00413097 . 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
0041309A . 8945 D8 MOV DWORD PTR SS:[EBP-28],EAX
0041309D . 8945 D4 MOV DWORD PTR SS:[EBP-2C],EAX
004130A0 . 8945 C4 MOV DWORD PTR SS:[EBP-3C],EAX
004130A3 . 8945 B4 MOV DWORD PTR SS:[EBP-4C],EAX
004130A6 . 8945 A4 MOV DWORD PTR SS:[EBP-5C],EAX
004130A9 . 8945 94 MOV DWORD PTR SS:[EBP-6C],EAX
004130AC . 8945 84 MOV DWORD PTR SS:[EBP-7C],EAX
004130AF . 8985 64FFFFFF MOV DWORD PTR SS:[EBP-9C],EAX
004130B5 . FF15 54114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCo>; MSVBVM60.__vbaStrCopy
004130BB . 8B3D 9C104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
004130C1 . 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
004130C4 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
004130C7 . 8945 8C MOV DWORD PTR SS:[EBP-74],EAX
004130CA . 51 PUSH ECX
004130CB . 8D55 84 LEA EDX,DWORD PTR SS:[EBP-7C]
004130CE . 6A 01 PUSH 1
004130D0 . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]
004130D3 . 52 PUSH EDX
004130D4 . 50 PUSH EAX
004130D5 . C745 CC 01000>MOV DWORD PTR SS:[EBP-34],1
004130DC . C745 C4 02000>MOV DWORD PTR SS:[EBP-3C],2
004130E3 . C745 84 08400>MOV DWORD PTR SS:[EBP-7C],4008
004130EA . FFD7 CALL EDI ; <&MSVBVM60.#632>
004130EC . 8B1D 20114000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrVarVal
004130F2 . 8D4D B4 LEA ECX,DWORD PTR SS:[EBP-4C]
004130F5 . 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
004130F8 . 51 PUSH ECX
004130F9 . 52 PUSH EDX
004130FA . FFD3 CALL EBX ; <&MSVBVM60.__vbaStrVarVal>
004130FC . 50 PUSH EAX
004130FD . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.#516>] ; 用户名第一位的ASCII
00413103 . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
00413106 . 8BF0 MOV ESI,EAX
00413108 . FF15 D8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
0041310E . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]
00413111 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
00413114 . 50 PUSH EAX
00413115 . 51 PUSH ECX
00413116 . 6A 02 PUSH 2
00413118 . FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
0041311E . 66:8BC6 MOV AX,SI
00413121 . 66:B9 0A00 MOV CX,0A ; CX=0AH
00413125 . 66:99 CWD
00413127 . 66:F7F9 IDIV CX ; 用户名第一位ASCII与0AH取余保存到EDX,记为A
0041312A . 83C4 0C ADD ESP,0C
0041312D . 8955 E0 MOV DWORD PTR SS:[EBP-20],EDX
00413130 . 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
00413133 . 52 PUSH EDX
00413134 . FF15 1C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr
0041313A . 8BC8 MOV ECX,EAX
0041313C . FF15 C0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI2I4>>; MSVBVM60.__vbaI2I4
00413142 . 8985 5CFFFFFF MOV DWORD PTR SS:[EBP-A4],EAX
00413148 . BE 01000000 MOV ESI,1
0041314D > 66:3BB5 5CFFF>CMP SI,WORD PTR SS:[EBP-A4]
00413154 . 0F8F CE000000 JG ExcelWor.00413228
0041315A . 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
0041315D . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
00413160 . 8985 6CFFFFFF MOV DWORD PTR SS:[EBP-94],EAX
00413166 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
00413169 . 0FBFC6 MOVSX EAX,SI
0041316C . 894D 8C MOV DWORD PTR SS:[EBP-74],ECX
0041316F . 52 PUSH EDX
00413170 . 8D4D 84 LEA ECX,DWORD PTR SS:[EBP-7C]
00413173 . 50 PUSH EAX
00413174 . 8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C]
00413177 . 51 PUSH ECX
00413178 . 52 PUSH EDX
00413179 . C785 64FFFFFF>MOV DWORD PTR SS:[EBP-9C],8
00413183 . C745 CC 01000>MOV DWORD PTR SS:[EBP-34],1
0041318A . C745 C4 02000>MOV DWORD PTR SS:[EBP-3C],2
00413191 . C745 84 08400>MOV DWORD PTR SS:[EBP-7C],4008
00413198 . FFD7 CALL EDI
0041319A . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]
0041319D . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
004131A0 . 50 PUSH EAX
004131A1 . 51 PUSH ECX
004131A2 . FFD3 CALL EBX
004131A4 . 50 PUSH EAX
004131A5 . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.#516>] ; 依次取用户名ASCII
004131AB . 66:0345 E0 ADD AX,WORD PTR SS:[EBP-20] ; 加上上面得到的A
004131AF . 0F80 E1000000 JO ExcelWor.00413296
004131B5 . 66:03C6 ADD AX,SI ; 加上自己所在用户名的位数i
004131B8 . 0F80 D8000000 JO ExcelWor.00413296
004131BE . 0FBFD0 MOVSX EDX,AX
004131C1 . 8D45 A4 LEA EAX,DWORD PTR SS:[EBP-5C]
004131C4 . 52 PUSH EDX
004131C5 . 50 PUSH EAX
004131C6 . FF15 18114000 CALL DWORD PTR DS:[<&MSVBVM60.#608>] ; 转换为对应的字符
004131CC . 8D8D 64FFFFFF LEA ECX,DWORD PTR SS:[EBP-9C]
004131D2 . 8D55 A4 LEA EDX,DWORD PTR SS:[EBP-5C]
004131D5 . 51 PUSH ECX
004131D6 . 8D45 94 LEA EAX,DWORD PTR SS:[EBP-6C]
004131D9 . 52 PUSH EDX
004131DA . 50 PUSH EAX
004131DB . FF15 24114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCa>; MSVBVM60.__vbaVarCat
004131E1 . 50 PUSH EAX
004131E2 . FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; 连接字符串
004131E8 . 8BD0 MOV EDX,EAX
004131EA . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
004131ED . FF15 9C114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
004131F3 . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
004131F6 . FF15 D8114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
004131FC . 8D4D 94 LEA ECX,DWORD PTR SS:[EBP-6C]
004131FF . 8D55 A4 LEA EDX,DWORD PTR SS:[EBP-5C]
00413202 . 51 PUSH ECX
00413203 . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]
00413206 . 52 PUSH EDX
00413207 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0041320A . 50 PUSH EAX
0041320B . 51 PUSH ECX
0041320C . 6A 04 PUSH 4
0041320E . FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
00413214 . B8 01000000 MOV EAX,1
00413219 . 83C4 14 ADD ESP,14
0041321C . 66:03C6 ADD AX,SI
0041321F . 70 75 JO SHORT ExcelWor.00413296
00413221 . 8BF0 MOV ESI,EAX
00413223 .^ E9 25FFFFFF JMP ExcelWor.0041314D ; 循环
00413228 > 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C] ; 省略以下无关代码......
——————————————————————————–
【算法总结】
首先取用户名第一位ASCII与10(0AH)取余得到A.
依次取用户名每一位的ASCII加上A,再加上所在用户名的位数i,再转换为对应ASCII的字符.
最后依次连接所得字符即为对应注册码..注册信息保存到软件安装目录下的 \Config\Config.cfg
KeyGen核心源码(VB Code):复制内容到剪贴板
代码:
Dim Name, Code As String
Dim L, A As Integer
Name = CStr(Text1.Text)
L = Len(Name)
If L = 0 Then
Text2.Text = "Input your name!"
Else
A = Asc(Left(Name, 1)) Mod 10
For i = 1 To L
Code = Code & Chr((Asc(Mid(Name, i, 1)) + A + i))
Next
Text2.Text = Code
End If
