- UID
- 1481
注册时间2005-5-8
阅读权限20
最后登录1970-1-1
以武会友
 
TA的每日心情 | 衰
2024-4-11 22:10 |
|---|
签到天数: 53 天 [LV.5]常住居民I
|
【破文作者】 rdsnow[BCG][PYG][D.4s]
【作者主页】 http://rdsnow.ys168.com
【 E-mail 】 [email protected]
【 作者QQ 】 83757177
【文章题目】 VCD MPG AVI TO RMVB V3.00 的注册
【下载地址】 http://www.tyusoft.com/files/tyurmvb.rar
http://conut.skycn.com/softdownl ... om/down/tyurmvb.rar
----------------------------------------------------------------------------------------------
【加密方式】 序列号
【破解工具】 ODbyDYK v1.10[05.09]
【软件限制】 功能限制
【破解平台】 Microsoft Windows XP Professional
【平台版本】 5.1.2600 Service Pack 2 内部版本号 2600
----------------------------------------------------------------------------------------------
【软件简介】
VCD MPG AVI TO RMVB 是“田雨软件工作室”最新开发的一款视频压缩软件。简单易用,支持将VCD的DAT文件、MPG、AVI等格式转换成RMVB文件格式,操作简单。
特点:支持文件批量转换、转换完毕自动关闭计算机等。
【文章简介】
不知不觉又要过年了,有长大了一岁,最近因基础知识的欠缺,感觉水平停滞不前,很羡慕把计算机作为专业的朋友,看来新的一年的要加把劲学习才行。
为了给自己增强一下信心,找了个简单的,高手就不要看了。
程序的特点,VB语言编写,用了些浮点运算。
----------------------------------------------------------------------------------------------
【破解过程】
OD载入程序目录下的zhuce.exe程序,运行,输入:
用户名:rdsnow
Email:[email protected]
假码:987654abcd-987654ABCD
命令行下断:bp rtcMidCharVar,走几步到程序领空,就会来到这儿:
//下面循环计算用户名各字符的ASC的和
0040428B . 83C4 10 ADD ESP,10
0040428E > 8B85 34FDFFFF MOV EAX,SS:[EBP-2CC]
00404294 . 85C0 TEST EAX,EAX
00404296 . 0F84 25010000 JE zhuce.004043C1
0040429C . 8B06 MOV EAX,DS:[ESI]
0040429E . 56 PUSH ESI
0040429F . FF90 1C030000 CALL DS:[EAX+31C]
004042A5 . 8D8D 58FFFFFF LEA ECX,SS:[EBP-A8]
004042AB . 8D95 48FFFFFF LEA EDX,SS:[EBP-B8]
004042B1 . 51 PUSH ECX
004042B2 . 52 PUSH EDX
004042B3 . 8985 60FFFFFF MOV SS:[EBP-A0],EAX
004042B9 . C785 58FFFFFF > MOV DWORD PTR SS:[EBP-A8],9
004042C3 . FF15 70104000 CALL DS:[<&MSVBVM60.rtcRightTrimVar>] ; 删除字串右边的空白
004042C9 . 8D85 48FFFFFF LEA EAX,SS:[EBP-B8]
004042CF . 8D8D 38FFFFFF LEA ECX,SS:[EBP-C8]
004042D5 . 50 PUSH EAX
004042D6 . 51 PUSH ECX
004042D7 . FF15 68104000 CALL DS:[<&MSVBVM60.rtcLeftTrimVar>] ; 删除字串左边的空白
004042DD . 8D95 28FFFFFF LEA EDX,SS:[EBP-D8]
004042E3 . 8D45 98 LEA EAX,SS:[EBP-68]
004042E6 . 52 PUSH EDX
004042E7 . 50 PUSH EAX
004042E8 . C785 30FFFFFF > MOV DWORD PTR SS:[EBP-D0],1
004042F2 . C785 28FFFFFF > MOV DWORD PTR SS:[EBP-D8],2
004042FC . FF15 F8104000 CALL DS:[<&MSVBVM60.__vbaI4Var>] ; MSVBVM60.__vbaI4Var
00404302 . 8D8D 38FFFFFF LEA ECX,SS:[EBP-C8]
00404308 . 50 PUSH EAX
00404309 . 8D95 18FFFFFF LEA EDX,SS:[EBP-E8]
0040430F . 51 PUSH ECX
00404310 . 52 PUSH EDX
00404311 . FF15 74104000 CALL DS:[<&MSVBVM60.rtcMidCharVar>] ; 循环取用户名的一个字符
00404317 . 8D85 18FFFFFF LEA EAX,SS:[EBP-E8]
0040431D . 8D4D 84 LEA ECX,SS:[EBP-7C]
00404320 . 50 PUSH EAX
00404321 . 51 PUSH ECX
00404322 . FF15 C0104000 CALL DS:[<&MSVBVM60.__vbaStrVarVal>] ; 取字符的ASC
00404328 . 50 PUSH EAX
00404329 . FF15 2C104000 CALL DS:[<&MSVBVM60.#516>] ; MSVBVM60.rtcAnsiValueBstr
0040432F . 8D95 28FEFFFF LEA EDX,SS:[EBP-1D8]
00404335 . 8D4D AC LEA ECX,SS:[EBP-54]
00404338 . 66:8985 30FEFF> MOV SS:[EBP-1D0],AX
0040433F . C785 28FEFFFF > MOV DWORD PTR SS:[EBP-1D8],2
00404349 . FFD7 CALL EDI
0040434B . 8D4D 84 LEA ECX,SS:[EBP-7C]
0040434E . FF15 30114000 CALL DS:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
00404354 . 8D95 18FFFFFF LEA EDX,SS:[EBP-E8]
0040435A . 8D85 28FFFFFF LEA EAX,SS:[EBP-D8]
00404360 . 52 PUSH EDX
00404361 . 8D8D 38FFFFFF LEA ECX,SS:[EBP-C8]
00404367 . 50 PUSH EAX
00404368 . 8D95 48FFFFFF LEA EDX,SS:[EBP-B8]
0040436E . 51 PUSH ECX
0040436F . 8D85 58FFFFFF LEA EAX,SS:[EBP-A8]
00404375 . 52 PUSH EDX
00404376 . 50 PUSH EAX
00404377 . 6A 05 PUSH 5
00404379 . FF15 1C104000 CALL DS:[<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0040437F . 83C4 18 ADD ESP,18
00404382 . 8D4D CC LEA ECX,SS:[EBP-34]
00404385 . 8D55 AC LEA EDX,SS:[EBP-54]
00404388 . 8D85 58FFFFFF LEA EAX,SS:[EBP-A8]
0040438E . 51 PUSH ECX
0040438F . 52 PUSH EDX
00404390 . 50 PUSH EAX
00404391 . FF15 FC104000 CALL DS:[<&MSVBVM60.__vbaVarAdd>] ; 用户名各个字符的ASC求和得到 a = 0x29D
00404397 . 8BD0 MOV EDX,EAX
00404399 . 8D4D CC LEA ECX,SS:[EBP-34]
0040439C . FFD7 CALL EDI
0040439E . 8D8D 64FDFFFF LEA ECX,SS:[EBP-29C]
004043A4 . 8D95 74FDFFFF LEA EDX,SS:[EBP-28C]
004043AA . 51 PUSH ECX
004043AB . 8D45 98 LEA EAX,SS:[EBP-68]
004043AE . 52 PUSH EDX
004043AF . 50 PUSH EAX
004043B0 . FF15 24114000 CALL DS:[<&MSVBVM60.__vbaVarForNext>] ; MSVBVM60.__vbaVarForNext
004043B6 . 8985 34FDFFFF MOV SS:[EBP-2CC],EAX
004043BC .^ E9 CDFEFFFF JMP zhuce.0040428E
004043C1 > 8D95 38FEFFFF LEA EDX,SS:[EBP-1C8]
004043C7 . 8D4D 88 LEA ECX,SS:[EBP-78]
004043CA . C785 40FEFFFF > MOV DWORD PTR SS:[EBP-1C0],0
004043D4 . C785 38FEFFFF > MOV DWORD PTR SS:[EBP-1C8],2
004043DE . FFD7 CALL EDI
004043E0 . 8B0E MOV ECX,DS:[ESI]
004043E2 . 56 PUSH ESI
004043E3 . C785 40FEFFFF > MOV DWORD PTR SS:[EBP-1C0],1
004043ED . C785 38FEFFFF > MOV DWORD PTR SS:[EBP-1C8],2
004043F7 . FF91 20030000 CALL DS:[ECX+320]
004043FD . 8985 60FFFFFF MOV SS:[EBP-A0],EAX
00404403 . 8D95 58FFFFFF LEA EDX,SS:[EBP-A8]
00404409 . 8D85 48FFFFFF LEA EAX,SS:[EBP-B8]
0040440F . 52 PUSH EDX
00404410 . 50 PUSH EAX
00404411 . C785 58FFFFFF > MOV DWORD PTR SS:[EBP-A8],9
0040441B . FF15 70104000 CALL DS:[<& MSVBVM60.rtcRightTrimVar>] ; 删除字串右边的空白
00404421 . 8D8D 48FFFFFF LEA ECX,SS:[EBP-B8]
00404427 . 8D95 38FFFFFF LEA EDX,SS:[EBP-C8]
0040442D . 51 PUSH ECX
0040442E . 52 PUSH EDX
0040442F . FF15 68104000 CALL DS:[<&MSVBVM60.rtcLeftTrimVar>] ; 删除字串左边的空白
00404435 . 8D85 38FEFFFF LEA EAX,SS:[EBP-1C8]
0040443B . 8D8D 38FFFFFF LEA ECX,SS:[EBP-C8]
00404441 . 50 PUSH EAX
00404442 . 8D95 28FFFFFF LEA EDX,SS:[EBP-D8]
00404448 . 51 PUSH ECX
00404449 . 52 PUSH EDX
0040444A . C785 30FEFFFF > MOV DWORD PTR SS:[EBP-1D0],1
00404454 . C785 28FEFFFF > MOV DWORD PTR SS:[EBP-1D8],2
0040445E . FF15 40104000 CALL DS:[<&MSVBVM60.__vbaLenVar>] ; 取邮箱地址的长度
00404464 . 50 PUSH EAX
00404465 . 8D85 28FEFFFF LEA EAX,SS:[EBP-1D8]
0040446B . 8D8D 44FDFFFF LEA ECX,SS:[EBP-2BC]
00404471 . 50 PUSH EAX
00404472 . 8D95 54FDFFFF LEA EDX,SS:[EBP-2AC]
00404478 . 51 PUSH ECX
00404479 . 8D45 BC LEA EAX,SS:[EBP-44]
0040447C . 52 PUSH EDX
0040447D . 50 PUSH EAX
0040447E . FF15 48104000 CALL DS:[<&MSVBVM60.__vbaVarForInit>] ; MSVBVM60.__vbaVarForInit
00404484 . 8D8D 38FFFFFF LEA ECX,SS:[EBP-C8]
0040448A . 8985 30FDFFFF MOV SS:[EBP-2D0],EAX
00404490 . 8D95 48FFFFFF LEA EDX,SS:[EBP-B8]
00404496 . 51 PUSH ECX
00404497 . 8D85 58FFFFFF LEA EAX,SS:[EBP-A8]
0040449D . 52 PUSH EDX
0040449E . 50 PUSH EAX
0040449F . 6A 03 PUSH 3
004044A1 . FF15 1C104000 CALL DS:[<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
//下面循环计算Email地址中各字符的ASC的和
004044A7 . 83C4 10 ADD ESP
004044AA > 8B85 30FDFFFF MOV EAX,SS:[EBP-2D0]
004044B0 . 85C0 TEST EAX,EAX
004044B2 . 0F84 25010000 JE zhuce.004045DD
004044B8 . 8B0E MOV ECX,DS:[ESI]
004044BA . 56 PUSH ESI
004044BB . FF91 20030000 CALL DS:[ECX+320]
004044C1 . 8985 60FFFFFF MOV SS:[EBP-A0],EAX
004044C7 . 8D95 58FFFFFF LEA EDX,SS:[EBP-A8]
004044CD . 8D85 48FFFFFF LEA EAX,SS:[EBP-B8]
004044D3 . 52 PUSH EDX
004044D4 . 50 PUSH EAX
004044D5 . C785 58FFFFFF > MOV DWORD PTR SS:[EBP-A8],9
004044DF . FF15 70104000 CALL DS:[<&MSVBVM60.rtcRightTrimVar>] ; ,删除字串右边的空白
004044E5 . 8D8D 48FFFFFF LEA ECX,SS:[EBP-B8]
004044EB . 8D95 38FFFFFF LEA EDX,SS:[EBP-C8]
004044F1 . 51 PUSH ECX
004044F2 . 52 PUSH EDX
004044F3 . FF15 68104000 CALL DS:[<&MSVBVM60.rtcLeftTrimVar>] ; 删除字串左边的空白
004044F9 . 8D85 28FFFFFF LEA EAX,SS:[EBP-D8]
004044FF . 8D4D BC LEA ECX,SS:[EBP-44]
00404502 . 50 PUSH EAX
00404503 . 51 PUSH ECX
00404504 . C785 30FFFFFF > MOV DWORD PTR SS:[EBP-D0],1
0040450E . C785 28FFFFFF > MOV DWORD PTR SS:[EBP-D8],2
00404518 . FF15 F8104000 CALL DS:[<&MSVBVM60.__vbaI4Var>] ; MSVBVM60.__vbaI4Var
0040451E . 50 PUSH EAX
0040451F . 8D95 38FFFFFF LEA EDX,SS:[EBP-C8]
00404525 . 8D85 18FFFFFF LEA EAX,SS:[EBP-E8]
0040452B . 52 PUSH EDX
0040452C . 50 PUSH EAX
0040452D . FF15 74104000 CALL DS:[<&MSVBVM60.rtcMidCharVar>] ; MSVBVM60.rtcMidCharVar,循环取邮箱地址的一个字符
00404533 . 8D8D 18FFFFFF LEA ECX,SS:[EBP-E8]
00404539 . 8D55 84 LEA EDX,SS:[EBP-7C]
0040453C . 51 PUSH ECX
0040453D . 52 PUSH EDX
0040453E . FF15 C0104000 CALL DS:[<&MSVBVM60.__vbaStrVarVal>] ; MSVBVM60.__vbaStrVarVal
00404544 . 50 PUSH EAX
00404545 . FF15 2C104000 CALL DS:[<&MSVBVM60.#516>] ; MSVBVM60.rtcAnsiValueBstr
0040454B . 8D95 28FEFFFF LEA EDX,SS:[EBP-1D8]
00404551 . 8D4D DC LEA ECX,SS:[EBP-24]
00404554 . 66:8985 30FEFF> MOV SS:[EBP-1D0],AX
0040455B . C785 28FEFFFF > MOV DWORD PTR SS:[EBP-1D8],2
00404565 . FFD7 CALL EDI
00404567 . 8D4D 84 LEA ECX,SS:[EBP-7C]
0040456A . FF15 30114000 CALL DS:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
00404570 . 8D85 18FFFFFF LEA EAX,SS:[EBP-E8]
00404576 . 8D8D 28FFFFFF LEA ECX,SS:[EBP-D8]
0040457C . 50 PUSH EAX
0040457D . 8D95 38FFFFFF LEA EDX,SS:[EBP-C8]
00404583 . 51 PUSH ECX
00404584 . 8D85 48FFFFFF LEA EAX,SS:[EBP-B8]
0040458A . 52 PUSH EDX
0040458B . 8D8D 58FFFFFF LEA ECX,SS:[EBP-A8]
00404591 . 50 PUSH EAX
00404592 . 51 PUSH ECX
00404593 . 6A 05 PUSH 5
00404595 . FF15 1C104000 CALL DS:[<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0040459B . 83C4 18 ADD ESP,18
0040459E . 8D55 88 LEA EDX,SS:[EBP-78]
004045A1 . 8D45 DC LEA EAX,SS:[EBP-24]
004045A4 . 8D8D 58FFFFFF LEA ECX,SS:[EBP-A8]
004045AA . 52 PUSH EDX
004045AB . 50 PUSH EAX
004045AC . 51 PUSH ECX
004045AD . FF15 FC104000 CALL DS:[<&MSVBVM60.__vbaVarAdd>] ; Email地址的所有字符的ASC进行相加得到 b = 0x4E4
//对以上得到的 a 进行处理
004045B3 . 8BD0 MOV EDX,EAX
004045B5 . 8D4D 88 LEA ECX,SS:[EBP-78]
004045B8 . FFD7 CALL EDI
004045BA . 8D95 44FDFFFF LEA EDX,SS:[EBP-2BC]
004045C0 . 8D85 54FDFFFF LEA EAX,SS:[EBP-2AC]
004045C6 . 52 PUSH EDX
004045C7 . 8D4D BC LEA ECX,SS:[EBP-44]
004045CA . 50 PUSH EAX
004045CB . 51 PUSH ECX
004045CC . FF15 24114000 CALL DS:[<&MSVBVM60.__vbaVarForNext>] ; MSVBVM60.__vbaVarForNext
004045D2 . 8985 30FDFFFF MOV SS:[EBP-2D0],EAX
004045D8 .^ E9 CDFEFFFF JMP zhuce.004044AA
004045DD > DD05 40114000 FLD QWORD PTR DS:[401140]
004045E3 . 833D 00704000 > CMP DWORD PTR DS:[407000],0
004045EA . 75 08 JNZ SHORT zhuce.004045F4
004045EC . DC35 38114000 FDIV QWORD PTR DS:[401138]
004045F2 . EB 11 JMP SHORT zhuce.00404605
004045F4 > FF35 3C114000 PUSH DWORD PTR DS:[40113C]
004045FA . FF35 38114000 PUSH DWORD PTR DS:[401138]
00404600 . E8 FFCBFFFF CALL <JMP.&MSVBVM60._adj_fdiv_m64>
00404605 > B9 02000000 MOV ECX,2
0040460A . 8D55 CC LEA EDX,SS:[EBP-34]
0040460D . 898D 38FEFFFF MOV SS:[EBP-1C8],ECX
00404613 . 898D 28FEFFFF MOV SS:[EBP-1D8],ECX
00404619 . 898D 20FEFFFF MOV SS:[EBP-1E0],ECX
0040461F . 898D 18FEFFFF MOV SS:[EBP-1E8],ECX
00404625 . 898D F8FDFFFF MOV SS:[EBP-208],ECX
0040462B . 52 PUSH EDX
0040462C . 8D8D 58FFFFFF LEA ECX,SS:[EBP-A8]
00404632 . C785 40FEFFFF > MOV DWORD PTR SS:[EBP-1C0],0C8
0040463C . C785 30FEFFFF > MOV DWORD PTR SS:[EBP-1D0],44
00404646 . C785 08FEFFFF > MOV DWORD PTR SS:[EBP-1F8],5
00404650 . C785 00FEFFFF > MOV DWORD PTR SS:[EBP-200],1
0040465A . DD9D 10FEFFFF FSTP QWORD PTR SS:[EBP-1F0]
00404660 . DFE0 FSTSW AX
00404662 . A8 0D TEST AL,0D
00404664 . 0F85 BE080000 JNZ zhuce.00404F28
0040466A . 8D85 38FEFFFF LEA EAX,SS:[EBP-1C8]
00404670 . 50 PUSH EAX
00404671 . 51 PUSH ECX
00404672 . FF15 9C104000 CALL DS:[<&MSVBVM60.__vbaVarMul>] ; a = a × 200 = 0x20AA8
00404678 . 50 PUSH EAX
00404679 . 8D95 28FEFFFF LEA EDX,SS:[EBP-1D8]
0040467F . 8D85 48FFFFFF LEA EAX,SS:[EBP-B8]
00404685 . 52 PUSH EDX
00404686 . 50 PUSH EAX
00404687 . FF15 00104000 CALL DS:[<&MSVBVM60.__vbaVarSub>] ; a = a - 44 = 0x20A64
0040468D . 8D8D 18FEFFFF LEA ECX,SS:[EBP-1E8]
00404693 . 50 PUSH EAX
00404694 . 8D95 38FFFFFF LEA EDX,SS:[EBP-C8]
0040469A . 51 PUSH ECX
0040469B . 52 PUSH EDX
0040469C . FF15 B4104000 CALL DS:[<&MSVBVM60.__vbaVarDiv>] ; a = a ÷ 2 = 66866.0
004046A2 . 50 PUSH EAX
004046A3 . 8D85 08FEFFFF LEA EAX,SS:[EBP-1F8]
004046A9 . 8D8D 28FFFFFF LEA ECX,SS:[EBP-D8]
004046AF . 50 PUSH EAX
004046B0 . 51 PUSH ECX
004046B1 . FF15 FC104000 CALL DS:[<&MSVBVM60.__vbaVarAdd>] ; a =a + 2 =66868.0
004046B7 . 50 PUSH EAX
004046B8 . 8D95 F8FDFFFF LEA EDX,SS:[EBP-208]
004046BE . 8D85 18FFFFFF LEA EAX,SS:[EBP-E8]
004046C4 . 52 PUSH EDX
004046C5 . 50 PUSH EAX
004046C6 . FF15 FC104000 CALL DS:[<&MSVBVM60.__vbaVarAdd>] ; a = a + 1 =66869.0
004046CC . 8D8D 08FFFFFF LEA ECX,SS:[EBP-F8]
004046D2 . 50 PUSH EAX
004046D3 . 51 PUSH ECX
004046D4 . FF15 D0104000 CALL DS:[<&MSVBVM60.__vbaVarInt>] ; a 取整 = 66869
004046DA . 8BD0 MOV EDX,EAX
004046DC . 8D8D F8FEFFFF LEA ECX,SS:[EBP-108]
004046E2 . FFD7 CALL EDI
004046E4 . 8D95 F8FEFFFF LEA EDX,SS:[EBP-108]
004046EA . 8D85 E8FEFFFF LEA EAX,SS:[EBP-118]
004046F0 . 52 PUSH EDX
004046F1 . 50 PUSH EAX
004046F2 . FF15 E0104000 CALL DS:[<&rtcHexVarFromVar>] ; a 转化为十六进制字符串"10535"
//对以上得到的 b 进行处理
004046F8 . DD05 40114000 FLD QWORD PTR DS:[401140]
004046FE . 833D 00704000 > CMP DWORD PTR DS:[407000],0
00404705 . 75 08 JNZ SHORT zhuce.0040470F
00404707 . DC35 38114000 FDIV QWORD PTR DS:[401138]
0040470D . EB 11 JMP SHORT zhuce.00404720
0040470F > FF35 3C114000 PUSH DWORD PTR DS:[40113C]
00404715 . FF35 38114000 PUSH DWORD PTR DS:[401138]
0040471B . E8 E4CAFFFF CALL <JMP.&MSVBVM60._adj_fdiv_m64>
00404720 > B9 02000000 MOV ECX,2
00404725 . 8D95 D8FDFFFF LEA EDX,SS:[EBP-228]
0040472B . 898D D8FDFFFF MOV SS:[EBP-228],ECX
00404731 . 898D C8FDFFFF MOV SS:[EBP-238],ECX
00404737 . 898D B8FDFFFF MOV SS:[EBP-248],ECX
0040473D . 898D 98FDFFFF MOV SS:[EBP-268],ECX
00404743 . 8D4D 88 LEA ECX,SS:[EBP-78]
00404746 . C785 F0FDFFFF > MOV DWORD PTR SS:[EBP-210],zhuce.00403>
00404750 . 51 PUSH ECX
00404751 . C785 E8FDFFFF > MOV DWORD PTR SS:[EBP-218],8
0040475B . C785 E0FDFFFF > MOV DWORD PTR SS:[EBP-220],0C8
00404765 . C785 D0FDFFFF > MOV DWORD PTR SS:[EBP-230],44
0040476F . C785 C0FDFFFF > MOV DWORD PTR SS:[EBP-240],3
00404779 . C785 A8FDFFFF > MOV DWORD PTR SS:[EBP-258],5
00404783 . C785 A0FDFFFF > MOV DWORD PTR SS:[EBP-260],1
0040478D . 52 PUSH EDX
0040478E . DD9D B0FDFFFF FSTP QWORD PTR SS:[EBP-250]
00404794 . DFE0 FSTSW AX
00404796 . A8 0D TEST AL,0D
00404798 . 0F85 8A070000 JNZ zhuce.00404F28
0040479E . 8D85 C8FEFFFF LEA EAX,SS:[EBP-138]
004047A4 . 50 PUSH EAX
004047A5 . FF15 9C104000 CALL DS:[<&MSVBVM60.__vbaVarMul>] ; b = b × 200
004047AB . 8D8D C8FDFFFF LEA ECX,SS:[EBP-238]
004047B1 . 50 PUSH EAX
004047B2 . 8D95 B8FEFFFF LEA EDX,SS:[EBP-148]
004047B8 . 51 PUSH ECX
004047B9 . 52 PUSH EDX
004047BA . FF15 00104000 CALL DS:[<&MSVBVM60.__vbaVarSub>] ; b = b - 0x44 = 0x3D1DC
004047C0 . 50 PUSH EAX
004047C1 . 8D85 B8FDFFFF LEA EAX,SS:[EBP-248]
004047C7 . 8D8D A8FEFFFF LEA ECX,SS:[EBP-158]
004047CD . 50 PUSH EAX
004047CE . 51 PUSH ECX
004047CF . FF15 B4104000 CALL DS:[<&MSVBVM60.__vbaVarDiv>] ; b = b ÷ 3 = 83444.0
004047D5 . 50 PUSH EAX
004047D6 . 8D95 A8FDFFFF LEA EDX,SS:[EBP-258]
004047DC . 8D85 98FEFFFF LEA EAX,SS:[EBP-168]
004047E2 . 52 PUSH EDX
004047E3 . 50 PUSH EAX
004047E4 . FF15 FC104000 CALL DS:[<&MSVBVM60.__vbaVarAdd>] ; b = B + 2 = 83446.0
004047EA . 8D8D 98FDFFFF LEA ECX,SS:[EBP-268]
004047F0 . 50 PUSH EAX
004047F1 . 8D95 88FEFFFF LEA EDX,SS:[EBP-178]
004047F7 . 51 PUSH ECX
004047F8 . 52 PUSH EDX
004047F9 . FF15 FC104000 CALL DS:[<&MSVBVM60.__vbaVarAdd>] ; b = b + 1 = 83447.0
004047FF . 50 PUSH EAX
00404800 . 8D85 78FEFFFF LEA EAX,SS:[EBP-188]
00404806 . 50 PUSH EAX
00404807 . FF15 D0104000 CALL DS:[<&MSVBVM60.__vbaVarInt>] ; b 取整 = 83447
0040480D . 8BD0 MOV EDX,EAX
0040480F . 8D8D 68FEFFFF LEA ECX,SS:[EBP-198]
00404815 . FFD7 CALL EDI
00404817 . 8D8D 68FEFFFF LEA ECX,SS:[EBP-198]
0040481D . 8D95 58FEFFFF LEA EDX,SS:[EBP-1A8]
00404823 . 51 PUSH ECX
00404824 . 52 PUSH EDX
00404825 . FF15 E0104000 CALL DS:[<&MSVBVM60.rtcHexVarFromVar>] ; b转为十六进制字符串"145F7"
//下面将"10535"和"145F7"用"-"连接
0040482B . 8B3D C4104000 MOV EDI,DS:[<&MSVBVM60.__vbaVarCat>] ; MSVBVM60.__vbaVarCat
00404831 . 8D85 E8FEFFFF LEA EAX,SS:[EBP-118]
00404837 . 8D8D E8FDFFFF LEA ECX,SS:[EBP-218]
0040483D . 50 PUSH EAX
0040483E . 8D95 D8FEFFFF LEA EDX,SS:[EBP-128]
00404844 . 51 PUSH ECX
00404845 . 52 PUSH EDX
00404846 . FFD7 CALL EDI ; <&MSVBVM60.__vbaVarCat>
00404848 . 50 PUSH EAX
00404849 . 8D85 58FEFFFF LEA EAX,SS:[EBP-1A8]
0040484F . 8D8D 48FEFFFF LEA ECX,SS:[EBP-1B8]
00404855 . 50 PUSH EAX
00404856 . 51 PUSH ECX
00404857 . FFD7 CALL EDI ; <&MSVBVM60.__vbaVarCat>
…………………………
得到的"10535-145F7"就是真码了。
004048B5 . 83C4 2C ADD ESP,2C
004048B8 . 8B06 MOV EAX,DS:[ESI]
004048BA . 56 PUSH ESI
004048BB . FF90 18030000 CALL DS:[EAX+318] ; 取假码
004048C1 . 8D8D 58FFFFFF LEA ECX,SS:[EBP-A8]
004048C7 . 8D95 48FFFFFF LEA EDX,SS:[EBP-B8]
004048CD . 51 PUSH ECX
004048CE . 52 PUSH EDX
004048CF . 8985 60FFFFFF MOV SS:[EBP-A0],EAX
004048D5 . C785 58FFFFFF > MOV DWORD PTR SS:[EBP-A8],9
004048DF . FF15 70104000 CALL DS:[<&MSVBVM60.#524>] ; MSVBVM60.rtcRightTrimVar,删除字串右边的空白
004048E5 . 8D85 48FFFFFF LEA EAX,SS:[EBP-B8]
004048EB . 8D8D 38FFFFFF LEA ECX,SS:[EBP-C8]
004048F1 . 50 PUSH EAX
004048F2 . 51 PUSH ECX
004048F3 . FF15 68104000 CALL DS:[<&MSVBVM60.#522>] ; MSVBVM60.rtcLeftTrimVar,删除字串左边的空白
004048F9 . 8B55 A8 MOV EDX,SS:[EBP-58]
004048FC . 8D85 38FFFFFF LEA EAX,SS:[EBP-C8]
00404902 . 8D8D 38FEFFFF LEA ECX,SS:[EBP-1C8]
00404908 . 50 PUSH EAX ; 真码和假码比较
00404909 . 51 PUSH ECX
0040490A . 8995 40FEFFFF MOV SS:[EBP-1C0],EDX
00404910 . C785 38FEFFFF > MOV DWORD PTR SS:[EBP-1C8],8008
0040491A . FF15 80104000 CALL DS:[<&MSVBVM60.__vbaVarTstEq>] ; MSVBVM60.__vbaVarTstEq
00404920 . 66:8BF8 MOV DI,AX
00404923 . 8D95 38FFFFFF LEA EDX,SS:[EBP-C8]
00404929 . 8D85 48FFFFFF LEA EAX,SS:[EBP-B8]
0040492F . 52 PUSH EDX
00404930 . 8D8D 58FFFFFF LEA ECX,SS:[EBP-A8]
00404936 . 50 PUSH EAX
00404937 . 51 PUSH ECX
00404938 . 6A 03 PUSH 3
0040493A . FF15 1C104000 CALL DS:[<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
00404940 . 83C4 10 ADD ESP,10
00404943 . 66:85FF TEST DI,DI
00404946 . 0F84 84040000 JE zhuce.00404DD0 ; 关键跳转
----------------------------------------------------------------------------------------------
【破解小结】
注册过程很简单,将用户名的所有字符的ASC求和,然后运算,得到的结果与Email地址采用类似运算的结果用"-"连接,就是注册码了。
个人觉得针对采用浮点运算的程序,可以将转存窗口显示为64位浮点数,会给调试带来方便。马上要放寒假了,希望能够在假期多学学,祝各位看雪的朋友新年快乐。
【注册机源码】
/******************************************************************************/
/* */
/* Microsoft Visual C++ 6.0 MFC */
/* */
/* Microsoft Windows XP Professional Service Pack 2 编译通过 */
/* */
/******************************************************************************/
void CKeyGenDlg::OnOK()
{
// TODO: Add extra validation here
//CDialog::OnOK();
char UseName[256],Email[256];
int i,n,SN;
UpdateData(true);
n = m_Edit1.GetLength () ;
strcpy(UseName,m_Edit1) ;
SN = 0 ;
for(i=0;i<n;i++) SN += UseName[ i] ;
SN = (SN * 200 -0x44)/2 + 3 ;
sprintf ( UseName,"%X",SN) ;
n = m_Edit2.GetLength () ;
strcpy(Email,m_Edit2) ;
SN = 0 ;
for(i=0;i<n;i++) SN += Email[ i] ;
SN = (SN * 200 -0x44)/3 + 3 ;
sprintf ( Email,"%X",SN) ;
strcat (UseName,"-") ;
strcat (UseName,Email) ;
m_Edit3 = UseName;
UpdateData(false) ;
}
----------------------------------------------------------------------------------------------
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
----------------------------------------------------------------------------------------------
文章写于2005-12-28 10:05:16
[ 本帖最后由 rdsnow 于 2005-12-31 17:32 编辑 ] |
|
IP卡
发表于 2005-12-31 17:31:17
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2005-12-31 19:34:48
发表于 2005-12-31 21:35:14
发表于 2006-1-3 13:48:44
发表于 2006-1-31 00:17:18