- UID
- 5592
注册时间2005-12-21
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 慵懒
2019-1-18 17:27 |
|---|
签到天数: 30 天 [LV.5]常住居民I
|
===================汉之源美容美发管理系统 V1.1.20 破解分析=============
【破解作者】 lzq1973
【作者邮箱】 [email protected]
【使用工具】 PEiD V0.93、C32Asm、OllyDBG1.1
【破解平台】 Win9x/NT/2000/XP
【软件名称】 汉之源美容美发管理系统 V1.1.20
【下载地址】 http://www4.skycn.com/soft/23144.html
【软件大小】 8834 KB
【加壳方式】 无
【软件简介】 本系统是一套专门为美容美发行业设计开发的智能经营管理软件,该系统把先进的经营理念融入其中,从管理者的角度出发,以客户管理为切入点,把客户管理与营业分析、员工考核、内部管理等管理工作高度结合起来,形成一套完整独到的不同于以往的管理系统。
系统主要特色
1、功能强大,操作简单
本系统功能强大,基本包括美容美发店所有的经营活动,但操作界面非常简洁,操作流程严格按照实际的流程设计,使操作人员非常容易理解和操作。顾客一进店就对顾客进行登记,然后记录顾客消费的项目,到收银的时候直接收款就行,这样就大大减小顾客交钱等待的时间。
2、先进的会员卡管理
在系统中可以实行一卡通管理,顾客凭卡可以存钱、取钱、消费也可以凭卡使用已经购买的护理卡(包月卡)或疗程卡。每个卡都设有密码(像银行的一样,由顾客自己输入),只有系统管理员才有权限修改,保证顾客的资金安全。与护理卡(包月卡)、疗程卡有机结合,顾客购买护理卡或疗程卡都结合到会员卡中,避免顾客手上有几张卡。
3、工资自动生成
系统实时自动生成员工工资,包括基本工资、服务提成等项目,使复杂的工资变得清清楚楚,同时可以打印工资条和工资表。
4、考勤管理
系统可对员工考勤管理,考勤结果自动生产报表。每个员工的上下班时间、请假、迟到、早退、旷工等情况一目了然。
5、支持POST打印
本系统支持各种POST打印机,每次收钱都会打印出像超市收银一样的小票。
6、报表内容丰富
系统提供各种管理报表,经营分析报表,支持各种查询方式,满足美容美发店进行管理分析的需求。
7、系统安全可靠
系统对管理权限进行分级管理,使系统具有更高的保密性、安全性;同时系统提供备份功能,保证数据的稳定存储。
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
===================================
【破解内容】
按规程还是先侦壳,用PEID看看,无。又是一个没壳的,看来有戏,此等软体正适合我。
运行程序,来到注册界面,随便输些什么点注册看看有什么提示,记下来。我的校验码是00006E610287,这些相关的都要记住,后面会有用的。
用C32Asm打开MeiRong.exe,找有关字符串(就是刚才记下的那些),这样可方便的找到断点。
OD载入程序,在005EBF08处下断,来到
0061BB86 |. E8 BD04E6FF call MEIRONG.0047C048 在这里下断
0061BB8B |. 8B45 F4 mov eax,dword ptr ss:[ebp-C] ; 假码
0061BB8E |. 8D55 F8 lea edx,dword ptr ss:[ebp-8]
0061BB91 |. E8 22DDDEFF call MEIRONG.004098B8
0061BB96 |. 8B45 F8 mov eax,dword ptr ss:[ebp-8]
0061BB99 |. 50 push eax ; 假码送到堆栈
0061BB9A |. 8D55 EC lea edx,dword ptr ss:[ebp-14]
0061BB9D |. 8B83 18030000 mov eax,dword ptr ds:[ebx+318]
0061BBA3 |. E8 A004E6FF call MEIRONG.0047C048
0061BBA8 |. 8B45 EC mov eax,dword ptr ss:[ebp-14] ; (ASCII "TOPTHINK")
0061BBAB |. 8D55 F0 lea edx,dword ptr ss:[ebp-10]
0061BBAE |. E8 05DDDEFF call MEIRONG.004098B8
0061BBB3 |. 8B45 F0 mov eax,dword ptr ss:[ebp-10]
0061BBB6 |. 50 push eax
0061BBB7 |. 8D55 E4 lea edx,dword ptr ss:[ebp-1C]
0061BBBA |. 8B83 14030000 mov eax,dword ptr ds:[ebx+314]
0061BBC0 |. E8 8304E6FF call MEIRONG.0047C048
0061BBC5 |. 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
0061BBC8 |. 8D55 E8 lea edx,dword ptr ss:[ebp-18]
0061BBCB |. E8 E8DCDEFF call MEIRONG.004098B8
0061BBD0 |. 8B55 E8 mov edx,dword ptr ss:[ebp-18]
0061BBD3 |. 8B83 2C030000 mov eax,dword ptr ds:[ebx+32C]
0061BBD9 |. 59 pop ecx
0061BBDA |. E8 B1EFFFFF call MEIRONG.0061AB90 ; 计算比较注册码的
0061BBDF |. 84C0 test al,al ; 进行测试
0061BBE1 |. 75 2C jnz short MEIRONG.0061BC0F ; 如相等就跳(成功),否则错了
0061BBE3 |. 8D45 FC lea eax,dword ptr ss:[ebp-4]
0061BBE6 |. BA B4BC6100 mov edx,MEIRONG.0061BCB4 ; 输入注册码不正确,请检查
0061BBEB |. E8 5890DEFF call MEIRONG.00404C48 ; 没意思
0061BBF0 |. 6A 40 push 40
0061BBF2 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
0061BBF5 |. E8 7694DEFF call MEIRONG.00405070
0061BBFA |. 8BD0 mov edx,eax
0061BBFC |. B9 D0BC6100 mov ecx,MEIRONG.0061BCD0 ; 输入错误
0061BC01 |. A1 580B6A00 mov eax,dword ptr ds:[6A0B58]
0061BC06 |. 8B00 mov eax,dword ptr ds:[eax]
0061BC08 |. E8 6315E8FF call MEIRONG.0049D170
0061BC0D |. EB 4E jmp short MEIRONG.0061BC5D
0061BC0F |> 68 E4BC6100 push MEIRONG.0061BCE4 ; 注册成功
0061BC14 |. 8B83 2C030000 mov eax,dword ptr ds:[ebx+32C]
0061BC1A |. FF70 5C push dword ptr ds:[eax+5C]
0061BC1D |. 68 10BD6100 push MEIRONG.0061BD10
0061BC22 |. 68 1CBD6100 push MEIRONG.0061BD1C
0061BC27 |. 8D45 FC lea eax,dword ptr ss:[ebp-4]
0061BC2A |. BA 04000000 mov edx,4
0061BC2F |. E8 FC92DEFF call MEIRONG.00404F30
0061BC34 |. 6A 40 push 40
0061BC36 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
0061BC39 |. E8 3294DEFF call MEIRONG.00405070
0061BC3E |. 8BD0 mov edx,eax
0061BC40 |. B9 50BD6100 mov ecx,MEIRONG.0061BD50 ; 注册成功
0061BC45 |. A1 580B6A00 mov eax,dword ptr ds:[6A0B58]
0061BC4A |. 8B00 mov eax,dword ptr ds:[eax]
0061BC4C |. E8 1F15E8FF call MEIRONG.0049D170
0061BC51 |. A1 580B6A00 mov eax,dword ptr ds:[6A0B58]
0061BC56 |. 8B00 mov eax,dword ptr ds:[eax]
0061BC58 |. E8 6F14E8FF call MEIRONG.0049D0CC
0061BC5D |> 33C0 xor eax,eax
0061BC5F |. 5A pop edx
0061BC60 |. 59 pop ecx
0061BC61 |. 59 pop ecx
0061BC62 |. 64:8910 mov dword ptr fs:[eax],edx
0061BC65 |. 68 A7BC6100 push MEIRONG.0061BCA7
0061BC6A |> 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
0061BC6D |. E8 3E8FDEFF call MEIRONG.00404BB0
0061BC72 |. 8D45 E8 lea eax,dword ptr ss:[ebp-18]
0061BC75 |. E8 368FDEFF call MEIRONG.00404BB0
0061BC7A |. 8D45 EC lea eax,dword ptr ss:[ebp-14]
0061BC7D |. E8 2E8FDEFF call MEIRONG.00404BB0
0061BC82 |. 8D45 F0 lea eax,dword ptr ss:[ebp-10]
0061BC85 |> E8 268FDEFF call MEIRONG.00404BB0
0061BC8A |. 8D45 F4 lea eax,dword ptr ss:[ebp-C]
0061BC8D |. E8 1E8FDEFF call MEIRONG.00404BB0
0061BC92 |. 8D45 F8 lea eax,dword ptr ss:[ebp-8]
0061BC95 |. BA 02000000 mov edx,2
0061BC9A |. E8 358FDEFF call MEIRONG.00404BD4
0061BC9F \. C3 retn
================在0061BBDA处F7跟进来到这里(比较计算注册码)==============
0061AB90 /$ 55 push ebp
0061AB91 |. 8BEC mov ebp,esp
0061AB93 |. 83C4 F0 add esp,-10
0061AB96 |. 53 push ebx
0061AB97 |. 33DB xor ebx,ebx
0061AB99 |. 895D F0 mov dword ptr ss:[ebp-10],ebx
0061AB9C |. 895D F4 mov dword ptr ss:[ebp-C],ebx
0061AB9F |. 894D F8 mov dword ptr ss:[ebp-8],ecx ; 将"TOPTHINK"送到EDX
0061ABA2 |. 8955 FC mov dword ptr ss:[ebp-4],edx
0061ABA5 |. 8BD8 mov ebx,eax
0061ABA7 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
0061ABAA |. E8 B1A4DEFF call MEIRONG.00405060
0061ABAF |. 8B45 F8 mov eax,dword ptr ss:[ebp-8]
0061ABB2 |. E8 A9A4DEFF call MEIRONG.00405060
0061ABB7 |. 8B45 08 mov eax,dword ptr ss:[ebp+8] ; 假码到EAX
0061ABBA |. E8 A1A4DEFF call MEIRONG.00405060
0061ABBF |. 33C0 xor eax,eax
0061ABC1 |. 55 push ebp
0061ABC2 |. 68 7AAC6100 push MEIRONG.0061AC7A
0061ABC7 |. 64:FF30 push dword ptr fs:[eax]
0061ABCA |. 64:8920 mov dword ptr fs:[eax],esp
0061ABCD |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
0061ABD0 |. E8 9BA2DEFF call MEIRONG.00404E70
0061ABD5 |. 3B43 4C cmp eax,dword ptr ds:[ebx+4C]
0061ABD8 |. 7F 19 jg short MEIRONG.0061ABF3
0061ABDA |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
0061ABDD |. E8 8EA2DEFF call MEIRONG.00404E70
0061ABE2 |. 3B43 50 cmp eax,dword ptr ds:[ebx+50]
0061ABE5 |. 7C 0C jl short MEIRONG.0061ABF3
0061ABE7 |. 8B45 08 mov eax,dword ptr ss:[ebp+8]
0061ABEA |. E8 81A2DEFF call MEIRONG.00404E70
0061ABEF |. 85C0 test eax,eax
0061ABF1 |. 75 04 jnz short MEIRONG.0061ABF7
0061ABF3 |> 33DB xor ebx,ebx
0061ABF5 |. EB 60 jmp short MEIRONG.0061AC57
0061ABF7 |> 8D55 F4 lea edx,dword ptr ss:[ebp-C]
0061ABFA |. 8B45 08 mov eax,dword ptr ss:[ebp+8]
0061ABFD |. E8 46EADEFF call MEIRONG.00409648
0061AC02 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
0061AC05 |. 8D45 08 lea eax,dword ptr ss:[ebp+8]
0061AC08 |. E8 3BA0DEFF call MEIRONG.00404C48
0061AC0D |. 8D4D F0 lea ecx,dword ptr ss:[ebp-10]
0061AC10 |. 8B55 FC mov edx,dword ptr ss:[ebp-4]
0061AC13 |. 8BC3 mov eax,ebx
0061AC15 |. E8 46FBFFFF call MEIRONG.0061A760 ; 计算注册码的
0061AC1A |. 8B45 F0 mov eax,dword ptr ss:[ebp-10] ; 真码传给EAX(ASCII "0000932C03BD")
0061AC1D |. 8B55 08 mov edx,dword ptr ss:[ebp+8] ; 假码传给EDX
0061AC20 |. E8 9BEADEFF call MEIRONG.004096C0 ; 两相比较
0061AC25 |. 85C0 test eax,eax ; 进行测试
0061AC27 |. 74 04 je short MEIRONG.0061AC2D
0061AC29 |. 33DB xor ebx,ebx
0061AC2B |. EB 2A jmp short MEIRONG.0061AC57
0061AC2D |> 8D43 48 lea eax,dword ptr ds:[ebx+48]
0061AC30 |. 8B55 FC mov edx,dword ptr ss:[ebp-4]
0061AC33 |. E8 CC9FDEFF call MEIRONG.00404C04
0061AC38 |. 8D43 54 lea eax,dword ptr ds:[ebx+54]
0061AC3B |. 8B55 F8 mov edx,dword ptr ss:[ebp-8]
0061AC3E |. E8 C19FDEFF call MEIRONG.00404C04
0061AC43 |. 8D43 5C lea eax,dword ptr ds:[ebx+5C]
0061AC46 |. 8B55 08 mov edx,dword ptr ss:[ebp+8]
0061AC49 |. E8 B69FDEFF call MEIRONG.00404C04
0061AC4E |. 8BC3 mov eax,ebx
0061AC50 |. E8 5B020000 call MEIRONG.0061AEB0
0061AC55 |. B3 01 mov bl,1
0061AC57 |> 33C0 xor eax,eax
0061AC59 |. 5A pop edx
0061AC5A |. 59 pop ecx
0061AC5B |. 59 pop ecx
0061AC5C |. 64:8910 mov dword ptr fs:[eax],edx
0061AC5F |. 68 81AC6100 push MEIRONG.0061AC81
0061AC64 |> 8D45 F0 lea eax,dword ptr ss:[ebp-10]
0061AC67 |. BA 04000000 mov edx,4
0061AC6C |. E8 639FDEFF call MEIRONG.00404BD4
0061AC71 |. 8D45 08 lea eax,dword ptr ss:[ebp+8]
0061AC74 |. E8 379FDEFF call MEIRONG.00404BB0
0061AC79 \. C3 retn
0061AC7A .^ E9 3598DEFF jmp MEIRONG.004044B4
0061AC7F .^ EB E3 jmp short MEIRONG.0061AC64
0061AC81 . 8BC3 mov eax,ebx
0061AC83 . 5B pop ebx
0061AC84 . 8BE5 mov esp,ebp
0061AC86 . 5D pop ebp
0061AC87 . C2 0400 retn 4
======================在0061AC15处F7后来到这里(计算注册码)===============
0061A760 /$ 55 push ebp
0061A761 |. 8BEC mov ebp,esp
0061A763 |. 51 push ecx
0061A764 |. B9 04000000 mov ecx,4
0061A769 |> 6A 00 /push 0 ; |
0061A76B |. 6A 00 |push 0 ; |
0061A76D |. 49 |dec ecx ; |
0061A76E |.^ 75 F9 \jnz short MEIRONG.0061A769 ; |
0061A770 |. 874D FC xchg dword ptr ss:[ebp-4],ecx
0061A773 |. 53 push ebx
0061A774 |. 56 push esi
0061A775 |. 57 push edi
0061A776 |. 8BF9 mov edi,ecx
0061A778 |. 8955 FC mov dword ptr ss:[ebp-4],edx
0061A77B |. 8BF0 mov esi,eax
0061A77D |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
0061A780 |. E8 DBA8DEFF call MEIRONG.00405060
0061A785 |. 33C0 xor eax,eax
0061A787 |. 55 push ebp
0061A788 |. 68 00A96100 push MEIRONG.0061A900
0061A78D |. 64:FF30 push dword ptr fs:[eax]
0061A790 |. 64:8920 mov dword ptr fs:[eax],esp
0061A793 |. 8D55 DC lea edx,dword ptr ss:[ebp-24]
0061A796 |. 8BC6 mov eax,esi
0061A798 |. E8 070F0000 call MEIRONG.0061B6A4 ; 计算校验码——通过硬盘ID(计算过程与注册码计算过程一样)
0061A79D |. 8B45 DC mov eax,dword ptr ss:[ebp-24] ; 校验码
0061A7A0 |. 8D55 EC lea edx,dword ptr ss:[ebp-14] ; 取硬盘ID
0061A7A3 |. E8 10F1DEFF call MEIRONG.004098B8
0061A7A8 |. 837D EC 00 cmp dword ptr ss:[ebp-14],0
0061A7AC |. 75 0D jnz short MEIRONG.0061A7BB
0061A7AE |. 8D45 E0 lea eax,dword ptr ss:[ebp-20]
0061A7B1 |. 8B55 FC mov edx,dword ptr ss:[ebp-4]
0061A7B4 |. E8 8FA4DEFF call MEIRONG.00404C48
0061A7B9 |. EB 5D jmp short MEIRONG.0061A818
0061A7BB |> 8B45 EC mov eax,dword ptr ss:[ebp-14]
0061A7BE |. E8 ADA6DEFF call MEIRONG.00404E70
0061A7C3 |. 8BD8 mov ebx,eax
0061A7C5 |. 8D45 E8 lea eax,dword ptr ss:[ebp-18]
0061A7C8 |. 50 push eax
0061A7C9 |. 8BCB mov ecx,ebx
0061A7CB |. D1F9 sar ecx,1
0061A7CD |. 79 03 jns short MEIRONG.0061A7D2
0061A7CF |. 83D1 00 adc ecx,0
0061A7D2 |> BA 01000000 mov edx,1
0061A7D7 |. 8B45 EC mov eax,dword ptr ss:[ebp-14]
0061A7DA |. E8 F1A8DEFF call MEIRONG.004050D0
0061A7DF |. 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
0061A7E2 |. 50 push eax
0061A7E3 |. 8BC3 mov eax,ebx
0061A7E5 |. D1F8 sar eax,1
0061A7E7 |. 79 03 jns short MEIRONG.0061A7EC
0061A7E9 |. 83D0 00 adc eax,0
0061A7EC |> 8BCB mov ecx,ebx
0061A7EE |. 2BC8 sub ecx,eax
0061A7F0 |. 8BD3 mov edx,ebx
0061A7F2 |. D1FA sar edx,1
0061A7F4 |. 79 03 jns short MEIRONG.0061A7F9
0061A7F6 |. 83D2 00 adc edx,0
0061A7F9 |> 42 inc edx
0061A7FA |. 8B45 EC mov eax,dword ptr ss:[ebp-14]
0061A7FD |. E8 CEA8DEFF call MEIRONG.004050D0
0061A802 |. FF75 E8 push dword ptr ss:[ebp-18] ; 将序列号分成两部分(一部分为前6)
0061A805 |. FF75 FC push dword ptr ss:[ebp-4] ; 两部分中间为"TOPTHINK"
0061A808 |. FF75 E4 push dword ptr ss:[ebp-1C] ; 二部分为后6位数
0061A80B |. 8D45 E0 lea eax,dword ptr ss:[ebp-20]
0061A80E |. BA 03000000 mov edx,3
0061A813 |. E8 18A7DEFF call MEIRONG.00404F30
0061A818 |> C745 F0 000000>mov dword ptr ss:[ebp-10],0
0061A81F |. C745 F4 000000>mov dword ptr ss:[ebp-C],0
0061A826 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
0061A829 |. E8 42A6DEFF call MEIRONG.00404E70
0061A82E |. 3B46 4C cmp eax,dword ptr ds:[esi+4C]
0061A831 |. 7F 0D jg short MEIRONG.0061A840
0061A833 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
0061A836 |. E8 35A6DEFF call MEIRONG.00404E70
0061A83B |. 3B46 50 cmp eax,dword ptr ds:[esi+50]
0061A83E |. 7D 0C jge short MEIRONG.0061A84C
0061A840 |> 8BC7 mov eax,edi
0061A842 |. E8 69A3DEFF call MEIRONG.00404BB0
0061A847 |. E9 91000000 jmp MEIRONG.0061A8DD
0061A84C |> 8B45 E0 mov eax,dword ptr ss:[ebp-20] ; 将拼接好的"00006ETOPTHINK610287"送到EAX
0061A84F |. E8 1CA6DEFF call MEIRONG.00404E70
0061A854 |. 8BD8 mov ebx,eax
0061A856 |. EB 37 jmp short MEIRONG.0061A88F
0061A858 |> 8B45 F0 /mov eax,dword ptr ss:[ebp-10] ;/计算注册码开始
0061A85B |. 8B55 F4 |mov edx,dword ptr ss:[ebp-C] ;|
0061A85E |. 0346 68 |add eax,dword ptr ds:[esi+68] ;|
0061A861 |. 1356 6C |adc edx,dword ptr ds:[esi+6C] ;|
0061A864 |. 52 |push edx ;|
0061A865 |. 50 |push eax ;|
0061A866 |. 8B45 E0 |mov eax,dword ptr ss:[ebp-20] ;| 将(ASCII "00006ETOPTHINK610287")送入EAX
0061A869 |. 0FB64418 FF |movzx eax,byte ptr ds:[eax+ebx-1] ;| 从最后一位依次向前
0061A86E |. 50 |push eax ;|
0061A86F |. B8 59040000 |mov eax,459 ;|
0061A874 |. 5A |pop edx ;|
0061A875 |. 8BCA |mov ecx,edx ;|
0061A877 |. 33D2 |xor edx,edx ;| 异或运算
0061A879 |. F7F1 |div ecx ;| 无符号除法
0061A87B |. 8BC2 |mov eax,edx ;|
0061A87D |. 33D2 |xor edx,edx ;|
0061A87F |. 290424 |sub dword ptr ss:[esp],eax ;| 减法
0061A882 |. 195424 04 |sbb dword ptr ss:[esp+4],edx ;|
0061A886 |. 58 |pop eax ;|
0061A887 |. 5A |pop edx ;|
0061A888 |. 8945 F0 |mov dword ptr ss:[ebp-10],eax ;|
0061A88B |. 8955 F4 |mov dword ptr ss:[ebp-C],edx ;|
0061A88E |. 4B |dec ebx ;| 减 1
0061A88F |> 8B45 E0 mov eax,dword ptr ss:[ebp-20] ;|
0061A892 |. E8 D9A5DEFF |call MEIRONG.00404E70 ;|
0061A897 |. 3BD8 |cmp ebx,eax ;|
0061A899 |. 7F 04 |jg short MEIRONG.0061A89F ;|
0061A89B |. 85DB |test ebx,ebx ;|
0061A89D |.^ 7F B9 \jg short MEIRONG.0061A858 ;\ 循环
0061A89F |> 8B5E 60 mov ebx,dword ptr ds:[esi+60]
0061A8A2 |. 85DB test ebx,ebx
0061A8A4 |. 7F 11 jg short MEIRONG.0061A8B7
0061A8A6 |. FF75 F4 push dword ptr ss:[ebp-C] ; /Arg2
0061A8A9 |. FF75 F0 push dword ptr ss:[ebp-10] ; |Arg1
0061A8AC |. 8BD7 mov edx,edi ; |
0061A8AE |. 33C0 xor eax,eax ; |
0061A8B0 |. E8 CBF5DEFF call MEIRONG.00409E80 ; \MEIRONG.00409E80
0061A8B5 |. EB 26 jmp short MEIRONG.0061A8DD
0061A8B7 |> FF75 F4 push dword ptr ss:[ebp-C] ; /Arg2
0061A8BA |. FF75 F0 push dword ptr ss:[ebp-10] ; |Arg1
0061A8BD |. 8BD7 mov edx,edi ; |
0061A8BF |. 8BC3 mov eax,ebx ; |
0061A8C1 |. E8 BAF5DEFF call MEIRONG.00409E80 ; \MEIRONG.00409E80
0061A8C6 |. 8B07 mov eax,dword ptr ds:[edi] ; 这是计算出的真注册码(ASCII "0000932C03BD")
0061A8C8 |. E8 A3A5DEFF call MEIRONG.00404E70 ; 这里可做内存注册器
0061A8CD |. 8BC8 mov ecx,eax
0061A8CF |. 2B4E 60 sub ecx,dword ptr ds:[esi+60]
0061A8D2 |. 8B56 60 mov edx,dword ptr ds:[esi+60]
0061A8D5 |. 42 inc edx
0061A8D6 |. 8BC7 mov eax,edi
0061A8D8 |. E8 33A8DEFF call MEIRONG.00405110
0061A8DD |> 33C0 xor eax,eax
0061A8DF |. 5A pop edx
0061A8E0 |. 59 pop ecx
0061A8E1 |. 59 pop ecx
0061A8E2 |. 64:8910 mov dword ptr fs:[eax],edx
0061A8E5 |. 68 07A96100 push MEIRONG.0061A907
0061A8EA |> 8D45 DC lea eax,dword ptr ss:[ebp-24]
0061A8ED |. BA 05000000 mov edx,5
0061A8F2 |. E8 DDA2DEFF call MEIRONG.00404BD4 ; 有好看的
0061A8F7 |. 8D45 FC lea eax,dword ptr ss:[ebp-4]
0061A8FA |. E8 B1A2DEFF call MEIRONG.00404BB0
0061A8FF \. C3 retn
0061A900 .^ E9 AF9BDEFF jmp MEIRONG.004044B4
0061A905 .^ EB E3 jmp short MEIRONG.0061A8EA
0061A907 . 5F pop edi
0061A908 . 5E pop esi
0061A909 . 5B pop ebx
0061A90A . 8BE5 mov esp,ebp
0061A90C . 5D pop ebp
0061A90D . C3 retn
--------------------------------------------------------------------------------
【破解总结】
追注册码不是很难,其算法搞不懂(有待深入学习,望指教,明明找到了计算处)。校验码是根据硬盘ID而计算得来的(注册码算法一样),注册码是把校验码分为前后两部分即前后各6位,中间加“TOPTHINK”,再从后往前逐一计算(如何计算的呢,不明)。
此版本与上一版V1.1.18好象没什么变化,内存注册器就是用的V1.1.18的。
--------------------------------------------------------------------------------
【内存注册机】
内存注册机写法:
中断地址:61A8C8
中断次数:1
第一字节:E8
指令长度:5
选内存方式->寄存器->EAX,其它就不用管了
--------------------------------------------------------------------------------
【爆破地址】
在0061BBE1处改“JNZ”为“JZ”后虽提示注册成功,但重启时会校验,仅改此处不行
--------------------------------------------------------------------------------------------------------------------
继续往下走来到
::0061CA6C:: E8 A7DCFFFF CALL 0061A718
::0061CA71:: 8D55 A8 LEA EDX,[EBP-58]
::0061CA74:: E8 CBD2DEFF CALL 00409D44
::0061CA79:: 8B45 A8 MOV EAX,[EBP-58]
::0061CA7C:: BA 2CCF6100 MOV EDX,61CF2C
::0061CA81:: E8 3685DEFF CALL 00404FBC \
::0061CA86:: 0F84 3C010000 JE 0061CBC8 \ 把“JE”改为“JNE”就可跳过重启验证注册码
和计算试用期(30天),直接进入主程序界面(仅改此一处就行)
::0061CA8C:: A1 D40E6A00 MOV EAX,[6A0ED4]
::0061CA91:: 8B00 MOV EAX,[EAX]
::0061CA93:: 8B80 2C030000 MOV EAX,[EAX+32C]
--------------------------------------------------------------------------------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[ 本帖最后由 lzq1973 于 2005-12-29 13:11 编辑 ] |
|
IP卡
发表于 2005-12-29 13:09:50
提升卡
置顶卡
变色卡
千斤顶
显身卡