- UID
- 373
注册时间2005-3-23
阅读权限20
最后登录1970-1-1
以武会友
 
TA的每日心情 | 开心
2019-11-22 21:56 |
|---|
签到天数: 5 天 [LV.2]偶尔看看I
|
【破文标题】里诺销售管理软件 2.10简单算法分析
【破文作者】CHA23[CZG][PYG]
【作者邮箱】[email protected]
【作者主页】http://cha23a.yeah.net
【破解工具】PEID,W32Dasm,OD
【破解平台】winxp
【软件名称】里诺销售管理软件 2.10
【软件大小】3702KB
【原版下载】http://www.onlinedown.net/soft/22518.htm
【保护方式】无壳
【软件简介】 里诺销售管理软件参考了各类销售管理软件,溶入了各自的优点并采纳众多用户的宝贵意见,真正地从用户的需要出发,为客户需要而设计。本软件适合各类企事业单位和门店单位销售管理地需要,爱作极为简便。高效实用。软件功能强大,性能稳定。功能如下:
1、销售发货;2、销售退货;3、销售收款; 4、各种单据的查找、查询、统计汇总;5、销售额、销售数量表分析;6、各种单据都有打印功能;7、货品档案、客户档案管理;8、货品单位、类别资料管理。
------------------------------------------------------------------------
PEID查壳,无,Borland Delphi 6.0 - 7.0编写,爽啊!
试着运行了一下,有提示注册的窗口弹出,输入注册信息后点击注册,弹出“已保存了注册信息!下次启动本程序
时将会对你的注册码进行验证,如注册码正确,本程序所有功能限制将被解除,您成为我们正式版本用户!”的提示
,看来是会重启验证的。查看了一下安装文件夹。发现有一个Config.ini文件,就从它下手。
OD载入,查字符串“Config.ini”来到下面的代码处
0062168B . 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0062168E . B9 781D6200 MOV ECX,Sale,2.00621D78 ; ASCII "Config.ini"《=F2试着下断
00621693 . E8 9836DEFF CALL Sale,2.00404D30
00621698 . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
F8单步来到这里
0062181A . BA 9C1E6200 MOV EDX,Sale,2.00621E9C ; ASCII "Software\zy\Sale"
0062181F . E8 9832DEFF CALL Sale,2.00404ABC ; 《=从注册表里取上次注册时填入的注册名和注册码(假码)
00621824 . B1 01 MOV CL,1
00621826 . 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
00621829 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0062182C . E8 7774E2FF CALL Sale,2.00448CA8
00621831 . 84C0 TEST AL,AL
00621833 . 0F84 8C000000 JE Sale,2.006218C5
00621839 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0062183C . BA B81E6200 MOV EDX,Sale,2.00621EB8 ; ASCII "Name"《=取注册名
00621841 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00621844 . E8 2776E2FF CALL Sale,2.00448E70
00621849 . 8B55 C4 MOV EDX,DWORD PTR SS:[EBP-3C]
0062184C . A1 F4F66500 MOV EAX,DWORD PTR DS:[65F6F4]
00621851 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
00621853 . 05 70050000 ADD EAX,570
00621858 . E8 1B32DEFF CALL Sale,2.00404A78
0062185D . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
00621860 . BA C81E6200 MOV EDX,Sale,2.00621EC8 ; ASCII "Pass"《=取注册码(假码)
00621865 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00621868 . E8 0376E2FF CALL Sale,2.00448E70
0062186D . 8B55 C0 MOV EDX,DWORD PTR SS:[EBP-40]
00621870 . A1 F4F66500 MOV EAX,DWORD PTR DS:[65F6F4]
00621875 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
00621877 . 05 74050000 ADD EAX,574
0062187C . E8 F731DEFF CALL Sale,2.00404A78
00621881 . 33C0 XOR EAX,EAX
00621883 . 55 PUSH EBP
00621884 . 68 A8186200 PUSH Sale,2.006218A8
00621889 . 64:FF30 PUSH DWORD PTR FS:[EAX]
0062188C . 64:8920 MOV DWORD PTR FS:[EAX],ESP
0062188F . BA D81E6200 MOV EDX,Sale,2.00621ED8 ; ASCII "Date"
00621894 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00621897 . E8 EC76E2FF CALL Sale,2.00448F88
0062189C . DDD8 FSTP ST
0062189E . 33C0 XOR EAX,EAX
006218A0 . 5A POP EDX
006218A1 . 59 POP ECX
006218A2 . 59 POP ECX
006218A3 . 64:8910 MOV DWORD PTR FS:[EAX],EDX
006218A6 . EB 1D JMP SHORT Sale,2.006218C5
006218A8 .^E9 6327DEFF JMP Sale,2.00404010
006218AD . FF75 E4 PUSH DWORD PTR SS:[EBP-1C] ; /Arg2
006218B0 . FF75 E0 PUSH DWORD PTR SS:[EBP-20] ; |Arg1
006218B3 . BA D81E6200 MOV EDX,Sale,2.00621ED8 ; |ASCII "Date"
006218B8 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; |
006218BB . E8 B476E2FF CALL Sale,2.00448F74 ; \Sale,2.00448F74
006218C0 . E8 772BDEFF CALL Sale,2.0040443C
006218C5 > 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
006218C8 . E8 6772E2FF CALL Sale,2.00448B34
006218CD . 33C0 XOR EAX,EAX
006218CF . 5A POP EDX
006218D0 . 59 POP ECX
006218D1 . 59 POP ECX
006218D2 . 64:8910 MOV DWORD PTR FS:[EAX],EDX
006218D5 . 68 EA186200 PUSH Sale,2.006218EA
006218DA > 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
006218DD . E8 4E22DEFF CALL Sale,2.00403B30
006218E2 . C3 RETN
006218E3 .^E9 DC29DEFF JMP Sale,2.004042C4
006218E8 .^EB F0 JMP SHORT Sale,2.006218DA
006218EA . A1 F4F66500 MOV EAX,DWORD PTR DS:[65F6F4]
006218EF . 8B00 MOV EAX,DWORD PTR DS:[EAX]
006218F1 . C780 CC050000 >MOV DWORD PTR DS:[EAX+5CC],1
006218FB . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
006218FE . 8B90 50030000 MOV EDX,DWORD PTR DS:[EAX+350]
00621904 . B9 E81E6200 MOV ECX,Sale,2.00621EE8 ; ASCII "select count(*) as T_Num from T_Bill"
00621909 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0062190C . E8 67FCFFFF CALL Sale,2.00621578
00621911 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00621914 . 8B80 50030000 MOV EAX,DWORD PTR DS:[EAX+350]
0062191A . BA 181F6200 MOV EDX,Sale,2.00621F18 ; ASCII "T_Num"
0062191F . E8 B41DEAFF CALL Sale,2.004C36D8
00621924 . 8B10 MOV EDX,DWORD PTR DS:[EAX]
00621926 . FF52 58 CALL DWORD PTR DS:[EDX+58]
00621929 . 8BD8 MOV EBX,EAX
0062192B . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
0062192E . A1 F4F66500 MOV EAX,DWORD PTR DS:[65F6F4]
00621933 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
00621935 . 8B90 70050000 MOV EDX,DWORD PTR DS:[EAX+570]
0062193B . A1 ACF36500 MOV EAX,DWORD PTR DS:[65F3AC]
00621940 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
00621942 . E8 9DECFFFF CALL Sale,2.006205E4 《=单步到这时跳回到006205E4处继续
00621947 . 8B55 BC MOV EDX,DWORD PTR SS:[EBP-44] ; 从006207B2回来后真码出现并赋予DEX
0062194A . A1 F4F66500 MOV EAX,DWORD PTR DS:[65F6F4]
0062194F . 8B00 MOV EAX,DWORD PTR DS:[EAX]
00621951 . 8B80 74050000 MOV EAX,DWORD PTR DS:[EAX+574] ; 假码入EAX
00621957 . E8 D434DEFF CALL Sale,2.00404E30 ; 真假码比较
0062195C . 0F85 8A000000 JNZ Sale,2.006219EC ; 不相等就跳到未注册的提示窗口
00621962 . A1 F4F66500 MOV EAX,DWORD PTR DS:[65F6F4]
#########################################################################################
006205E4 /$ 55 PUSH EBP
006205E5 |. 8BEC MOV EBP,ESP
006205E7 |. 51 PUSH ECX
006205E8 |. B9 04000000 MOV ECX,4
006205ED |> 6A 00 /PUSH 0
006205EF |. 6A 00 |PUSH 0
006205F1 |. 49 |DEC ECX
006205F2 |.^75 F9 \JNZ SHORT Sale,2.006205ED
006205F4 |. 51 PUSH ECX
006205F5 |. 874D FC XCHG DWORD PTR SS:[EBP-4],ECX
006205F8 |. 53 PUSH EBX
006205F9 |. 56 PUSH ESI
006205FA |. 57 PUSH EDI
006205FB |. 8BF9 MOV EDI,ECX
006205FD |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
00620600 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00620603 |. E8 CC48DEFF CALL Sale,2.00404ED4
00620608 |. 33C0 XOR EAX,EAX
0062060A |. 55 PUSH EBP
0062060B |. 68 A5076200 PUSH Sale,2.006207A5
00620610 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
00620613 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00620616 |. 8BC7 MOV EAX,EDI
00620618 |. E8 0744DEFF CALL Sale,2.00404A24
0062061D |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00620620 |. E8 BF46DEFF CALL Sale,2.00404CE4
00620625 |. 8BF0 MOV ESI,EAX
00620627 |. 85F6 TEST ESI,ESI
00620629 |. 7E 26 JLE SHORT Sale,2.00620651
0062062B |. BB 01000000 MOV EBX,1
00620630 |> 8D4D EC /LEA ECX,DWORD PTR SS:[EBP-14]
00620633 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00620636 |. 0FB64418 FF |MOVZX EAX,BYTE PTR DS:[EAX+EBX-1] ; 逐位取注册名的16进制数
0062063B |. 33D2 |XOR EDX,EDX
0062063D |. E8 D69ADEFF |CALL Sale,2.0040A118
00620642 |. 8B55 EC |MOV EDX,DWORD PTR SS:[EBP-14]
00620645 |. 8D45 F8 |LEA EAX,DWORD PTR SS:[EBP-8]
00620648 |. E8 9F46DEFF |CALL Sale,2.00404CEC
0062064D |. 43 |INC EBX
0062064E |. 4E |DEC ESI
0062064F |.^75 DF \JNZ SHORT Sale,2.00620630 ; 循环到取完注册名 我注册名的16进制为"43484132335B435A475D5B5059475D"
00620651 |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00620654 |. E8 8B46DEFF CALL Sale,2.00404CE4
00620659 |. 8BF0 MOV ESI,EAX
0062065B |. 85F6 TEST ESI,ESI
0062065D |. 7E 2C JLE SHORT Sale,2.0062068B
0062065F |. BB 01000000 MOV EBX,1
00620664 |> 8B45 F8 /MOV EAX,DWORD PTR SS:[EBP-8]
00620667 |. E8 7846DEFF |CALL Sale,2.00404CE4
0062066C |. 2BC3 |SUB EAX,EBX
0062066E |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
00620671 |. 8A1402 |MOV DL,BYTE PTR DS:[EDX+EAX]
00620674 |. 8D45 E8 |LEA EAX,DWORD PTR SS:[EBP-18]
00620677 |. E8 9045DEFF |CALL Sale,2.00404C0C
0062067C |. 8B55 E8 |MOV EDX,DWORD PTR SS:[EBP-18]
0062067F |. 8D45 F4 |LEA EAX,DWORD PTR SS:[EBP-C]
00620682 |. E8 6546DEFF |CALL Sale,2.00404CEC
00620687 |. 43 |INC EBX
00620688 |. 4E |DEC ESI
00620689 |.^75 D9 \JNZ SHORT Sale,2.00620664 ; 循环从最后一位取注册名的16进制数,直到取完,即"D5749505B5D574A534B53323148434"
0062068B |> 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0062068E |. 50 PUSH EAX
0062068F |. B9 04000000 MOV ECX,4
00620694 |. BA 01000000 MOV EDX,1
00620699 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; "D5749505B5D574A534B53323148434"赋予EAX
0062069C |. E8 A348DEFF CALL Sale,2.00404F44 ; 这个CALL取了"D5749505B5D574A534B53323148434"的前4位
006206A1 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
006206A4 |. 50 PUSH EAX
006206A5 |. B9 04000000 MOV ECX,4
006206AA |. BA 05000000 MOV EDX,5
006206AF |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
006206B2 |. E8 8D48DEFF CALL Sale,2.00404F44 ; 这个CALL又取了后面的4位即“9505”
006206B7 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
006206BA |. E8 2546DEFF CALL Sale,2.00404CE4
006206BF |. 83F8 04 CMP EAX,4
006206C2 |. 7D 2F JGE SHORT Sale,2.006206F3
006206C4 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
006206C7 |. E8 1846DEFF CALL Sale,2.00404CE4
006206CC |. 8BD8 MOV EBX,EAX
006206CE |. 83FB 03 CMP EBX,3
006206D1 |. 7F 20 JG SHORT Sale,2.006206F3
006206D3 |> 8D4D E4 /LEA ECX,DWORD PTR SS:[EBP-1C]
006206D6 |. 8BC3 |MOV EAX,EBX
006206D8 |. C1E0 02 |SHL EAX,2
006206DB |. 33D2 |XOR EDX,EDX
006206DD |. E8 369ADEFF |CALL Sale,2.0040A118
006206E2 |. 8B55 E4 |MOV EDX,DWORD PTR SS:[EBP-1C]
006206E5 |. 8D45 F8 |LEA EAX,DWORD PTR SS:[EBP-8]
006206E8 |. E8 FF45DEFF |CALL Sale,2.00404CEC
006206ED |. 43 |INC EBX
006206EE |. 83FB 04 |CMP EBX,4
006206F1 |.^75 E0 \JNZ SHORT Sale,2.006206D3
006206F3 |> 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 第2次取的即“9550”赋予EAX
006206F6 |. E8 E945DEFF CALL Sale,2.00404CE4
006206FB |. 83F8 04 CMP EAX,4 ; 和4比较,即查看是否为4位
006206FE |. 7D 2F JGE SHORT Sale,2.0062072F ; 大于或等于就跳
00620700 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00620703 |. E8 DC45DEFF CALL Sale,2.00404CE4
00620708 |. 8BD8 MOV EBX,EAX
0062070A |. 83FB 03 CMP EBX,3
0062070D |. 7F 20 JG SHORT Sale,2.0062072F
0062070F |> 8D4D E0 /LEA ECX,DWORD PTR SS:[EBP-20]
00620712 |. 8BC3 |MOV EAX,EBX
00620714 |. C1E0 02 |SHL EAX,2
00620717 |. 33D2 |XOR EDX,EDX
00620719 |. E8 FA99DEFF |CALL Sale,2.0040A118
0062071E |. 8B55 E0 |MOV EDX,DWORD PTR SS:[EBP-20]
00620721 |. 8D45 F4 |LEA EAX,DWORD PTR SS:[EBP-C]
00620724 |. E8 C345DEFF |CALL Sale,2.00404CEC
00620729 |. 43 |INC EBX
0062072A |. 83FB 04 |CMP EBX,4
0062072D |.^75 E0 \JNZ SHORT Sale,2.0062070F
0062072F |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
00620732 |. BA BC076200 MOV EDX,Sale,2.006207BC ;字符串"Saler954dj5"入EDX
00620737 |. E8 8043DEFF CALL Sale,2.00404ABC
0062073C |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
0062073F |. 50 PUSH EAX
00620740 |. B9 04000000 MOV ECX,4
00620745 |. BA 01000000 MOV EDX,1
0062074A |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0062074D |. E8 F247DEFF CALL Sale,2.00404F44 ; 取了字符串"Saler954dj5"的前4位
00620752 |. FF75 DC PUSH DWORD PTR SS:[EBP-24]
00620755 |. 68 D0076200 PUSH Sale,2.006207D0
0062075A |. FF75 F8 PUSH DWORD PTR SS:[EBP-8]
0062075D |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
00620760 |. 50 PUSH EAX
00620761 |. B9 05000000 MOV ECX,5
00620766 |. BA 05000000 MOV EDX,5
0062076B |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0062076E |. E8 D147DEFF CALL Sale,2.00404F44 ; 又取了后面的5位的即“r954d”
00620773 |. FF75 D8 PUSH DWORD PTR SS:[EBP-28]
00620776 |. 68 D0076200 PUSH Sale,2.006207D0
0062077B |. FF75 F4 PUSH DWORD PTR SS:[EBP-C]
0062077E |. 8BC7 MOV EAX,EDI
00620780 |. BA 06000000 MOV EDX,6
00620785 |. E8 1A46DEFF CALL Sale,2.00404DA4 ; 在这个CALL中将前后取得的4段字符重新组合的到注册码
0062078A |. 33C0 XOR EAX,EAX
0062078C |. 5A POP EDX
0062078D |. 59 POP ECX
0062078E |. 59 POP ECX
0062078F |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
00620792 |. 68 AC076200 PUSH Sale,2.006207AC
00620797 |> 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
0062079A |. BA 0A000000 MOV EDX,0A
0062079F |. E8 A442DEFF CALL Sale,2.00404A48
006207A4 \. C3 RETN
006207A5 .^E9 1A3BDEFF JMP Sale,2.004042C4
006207AA .^EB EB JMP SHORT Sale,2.00620797
006207AC . 5F POP EDI
006207AD . 5E POP ESI
006207AE . 5B POP EBX
006207AF . 8BE5 MOV ESP,EBP
006207B1 . 5D POP EBP
006207B2 . C3 RETN 《=单步到这里会跳到00621947继续比较
------------------------------------------------------------------------
此软件的注册码是根据注册时填入的用户名加上特定的字符组合得出的,以我的为例。
用户名为:CHA23[CZG][PYG]
先将用户名换算成16进制即43484132335B435A475D5B5059475D再倒着排序即D5749505B5D574A534B53323148434
将前八位分为两组即:第一组“D574”和第二组“9505”
再将软件自己定义的字符串Saler954dj5取前9位分成两组即:第三组“Sale”和第四组“r954d”
把四组字符按第三组“Sale”加“-”加第一组加第四组加“-”加第二组的顺序排列得出真码即:“Sale-D574r954d-9505”
注册码和用户名保存在注册表的[HKEY_LOCAL_MACHINE\Software\zy\Sale]里,删除后为未注册
内存注册机设置如下:
中断地址:62194A
中断次数:1
第一字节:A1
指令长度:5
寄存器: EDX
------------------------------------------------------------------------
【版权声明】欢迎转载,请保持文章的完整行,注明出处
CHA23[CZG][PYG]
2006.9.2 |
|
IP卡
发表于 2006-9-3 19:07:30
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-9-6 18:44:52
发表于 2008-4-10 16:24:21
发表于 2008-4-16 16:44:08
楼主
