anti3.txt

vb反编译工具,可以反编译vb5或vb6的部分代码

Hello all!!

Here's another (probably lame) tutorial.  In this one we'll be attacking
EB's anticrackme3.  This one has anti-smartcheck code in it and has a
simple algo.  First I'll be showing the output from ExDec then the
"translation" followed by a simple explanation.

First we'll start with the SmartCheck problem.

403937: 27 LitVar_Missing         
40393A: 3a LitVarStr:              ( local_0094 ) Numega SmartCheck
40393F: 4e FStVarCopyObj           local_00A4
403942: 04 FLdRfVar                local_00A4
403945: 0a ImpAdCallFPR4:          rtcAppActivate
40394A: 36 FFreeVar
403951: 63 LitVar_TRUE            
403954: 1b LitStr:                 %{F4} 
403957: 0a ImpAdCallFPR4:          rtcSendKeys
40395C: 35 FFree1Var               local_00A4
40395F: 63 LitVar_TRUE            
403962: 1b LitStr:                 %Y 
403965: 0a ImpAdCallFPR4:          rtcSendKeys
40396A: 35 FFree1Var               local_00A4

AppActivate "Numega SmartCheck"     'Switch to SmartCheck
SendKeys "%{F4}", True        'Send ALT+F4 to it and close it
SendKeys "%Y", True           'Send ALT+Y to confirm the closure

Simple isn't it? ;)

Now that we've skipped this, lets move onto our algo.

403B20: 28 LitVarI2:               ( local_00CC ) 0x1  (1)  'push 1 onto stack
403B25: 04 FLdRfVar                local_009C
403B28: 28 LitVarI2:               ( local_00BC ) 0x8  (8)  'push 8 onto stack
403B2D: Lead3/68 ForVar:           (when done) 403B7E       'FOR loops starts
403B33: 28 LitVarI2:               ( local_00FC ) 0x1  (1)  'push 1 for MID$
403B38: 04 FLdRfVar                local_009C               'address of "i"
403B3B: Lead1/22 CI4Var           
403B3D: 08 FLdPr                   local_param_0008         
403B40: 06 MemLdRfVar              local_param_0034         '"NAME"
403B43: 04 FLdRfVar                local_010C
403B46: 0a ImpAdCallFPR4:          rtcMidCharVar            'MID$()
403B4B: 04 FLdRfVar                local_010C
403B4E: Lead2/fe CStrVarVal        local_0110
403B52: 0b ImpAdCallI2             rtcAnsiValueBstr         'ASC()
403B57: eb CR8I2                  
403B58: 74 FStFPR8                 local_008C               
403B5B: 2f FFree1Str               local_0110
403B5E: 36 FFreeVar
403B65: 08 FLdPr                   local_param_0008         
403B68: 8d MemLdFPR8               local_param_004C         'address of "j"
403B6B: 6f FLdFPR8                 local_008C
403B6E: ab AddR8                  
403B6F: 08 FLdPr                   local_param_0008
403B72: 92 MemStFPR8               local_param_004C
403B75: 04 FLdRfVar                local_009C
403B78: Lead3/7e NextStepVar:      (continue) 403B33
403B7E: 08 FLdPr                   local_param_0008
403B81: 8d MemLdFPR8               local_param_004C        'address of "j"
403B84: f4 LitI2_Byte:             0x7  7  (.)             'push 7
403B86: eb CR8I2                                           'convert 7
403B87: b3 MulR8                                           'j*7
403B88: 08 FLdPr                   local_param_0008
403B8B: 92 MemStFPR8               local_param_004C

All of this "garbage" translates to:

for i = 1 to 8
  j = j+Asc(mid$(name,i,1))
next i
j=j*7

In case you aren't a VB guru (I'm definately NOT), this just takes the first
8 letters of your name and adds the ascii value together then multiplies
the total by 7.

Welp that's about it for me.  There's probably more I should say but.....