【破解作者】 blue_devil_bomb
【作者邮箱】 [email]ninesunnine@sina.com[/email] or [email]booksunwang@21cn.com[/email]
【使用工具】 OllyDbg1.09
【破解平台】 Win2000
【软件名称】 决战单词1.7
【下载地址】 网上到处都是
【软件简介】 学好英语是我们很多人的夙愿!要实现这个美好的梦想,记大量的单词是必不可少的重要环节。但长久以来我们饱受记单词效率低下、遗忘快的折磨,而找不到有效的办法。但现在,我们会因为有决战单词而成倍地提高记单词的效率,并使记忆牢固。记单词已经告别了传统的死记硬背、枯燥无味,而走上从容、轻松、愉快之路!!
【软件大小】 8.65MB(安装后)
【加壳方式】 未加壳 VB程序
【破解声明】 不为破解而破解,只为学习而破解
--------------------------------------------------------------------------------
【破解内容】
VB程序,利用smartcheck或利用olldbg等软件设端点vbastrcmp 既可!
004C985E . 51 PUSH ECX //真正的注册码后面的8个
004C985F . 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30]
004C9862 . 52 PUSH EDX
004C9863 . 8B35 50114000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrCmp
004C9869 . FFD6 CALL ESI ; <&MSVBVM60.__vbaStrCmp>
004C986B . 8BF8 MOV EDI,EAX
004C986D . F7DF NEG EDI
004C986F . 1BFF SBB EDI,EDI
004C9871 . F7DF NEG EDI
004C9873 . 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
004C9876 . 50 PUSH EAX //真正的注册码前面8个
004C9877 . 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]
004C987A . 51 PUSH ECX
004C987B . FFD6 CALL ESI
16位注册码,中间插入"-"如 07B78115-198BF478
该软件作内存注册机很容易,为了达到提高水平的目的,我决定找出注册算法,写出算法注册机!!
由于我破解该软件有一段时间了,为方便阅读,详细破解过程如下!
004C97A9 > 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C] ; 堆栈值为JmgDBWords
004C97AC . 50 PUSH EAX
004C97AD . E8 5E010000 CALL DBWords.004C9910 ; 计算JmgDBWords对应值
004C97B2 . 8BD0 MOV EDX,EAX
004C97B4 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
004C97B7 . FFD6 CALL ESI
004C97B9 . 50 PUSH EAX
004C97BA . 8B1D 7C124000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaI4>; MSVBVM60.__vbaI4Str
004C97C0 . FFD3 CALL EBX ; <&MSVBVM60.__vbaI4Str>转换成16进制0x1
004C97C2 . 8BF8 MOV EDI,EAX
004C97C4 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
004C97C7 . 51 PUSH ECX ; 注册机器码的前四个字节
004C97C8 . E8 43010000 CALL DBWords.004C9910 ; 计算出值
004C97CD . 8BD0 MOV EDX,EAX
004C97CF . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
004C97D2 . FFD6 CALL ESI
004C97D4 . 50 PUSH EAX
004C97D5 . FFD3 CALL EBX ; 转换成16进制0x2
004C97D7 . 33F8 XOR EDI,EAX ; 0x1^0x2=0x3;
004C97D9 . 89BD 78FFFFFF MOV DWORD PTR SS:[EBP-88],EDI
004C97DF . 8D95 78FFFFFF LEA EDX,DWORD PTR SS:[EBP-88]
004C97E5 . 52 PUSH EDX
004C97E6 . E8 A5EA0500 CALL DBWords.00528290
004C97EB . 8BD0 MOV EDX,EAX
004C97ED . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
004C97F0 . FFD6 CALL ESI
004C97F2 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
004C97F5 . 50 PUSH EAX
004C97F6 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
004C97F9 . 51 PUSH ECX
004C97FA . 6A 02 PUSH 2
004C97FC . FF15 80124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStrList
004C9802 . 83C4 0C ADD ESP,0C
004C9805 . 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C]
004C9808 . 52 PUSH EDX ; 堆栈值为JmgDBWords
004C9809 . E8 02010000 CALL DBWords.004C9910 ; 计算JmgDBWords对应值
004C980E . 8BD0 MOV EDX,EAX
004C9810 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
004C9813 . FFD6 CALL ESI
004C9815 . 50 PUSH EAX
004C9816 . FFD3 CALL EBX ; 转换成16进制0x4
004C9818 . 8BF8 MOV EDI,EAX
004C981A . 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
004C981D . 50 PUSH EAX ; 注册机器码的右4个字节
004C981E . E8 ED000000 CALL DBWords.004C9910
004C9823 . 8BD0 MOV EDX,EAX
004C9825 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
004C9828 . FFD6 CALL ESI
004C982A . 50 PUSH EAX
004C982B . FFD3 CALL EBX ; 转换成16进制0x5;
004C982D . 33F8 XOR EDI,EAX ; 0x4^0x5=0x6;
004C982F . 89BD 78FFFFFF MOV DWORD PTR SS:[EBP-88],EDI
004C9835 . 8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88]
004C983B . 51 PUSH ECX
004C983C . E8 4FEA0500 CALL DBWords.00528290
004C9841 . 8BD0 MOV EDX,EAX
004C9843 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
004C9846 . FFD6 CALL ESI
004C9848 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
004C984B . 52 PUSH EDX
004C984C . 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
004C984F . 50 PUSH EAX
004C9850 . 6A 02 PUSH 2
004C9852 . FF15 80124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStrList
004C9858 . 83C4 0C ADD ESP,0C
004C985B . 8B4D C4 MOV ECX,DWORD PTR SS:[EBP-3C]
004C985E . 51 PUSH ECX ;真正的注册码后面的8个
004C985F . 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30]
004C9862 . 52 PUSH EDX
004C9863 . 8B35 50114000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrCmp
004C9869 . FFD6 CALL ESI ;比较输入信息与真正注册码后8 0x6
004C986B . 8BF8 MOV EDI,EAX
004C986D . F7DF NEG EDI
004C986F . 1BFF SBB EDI,EDI
004C9871 . F7DF NEG EDI
004C9873 . 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
004C9876 . 50 PUSH EAX ;真正的注册码前面8个 0x3
004C9877 . 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]
004C987A . 51 PUSH ECX
004C987B . FFD6 CALL ESI ;比较输入信息与真正注册码前8
004C987D . F7D8 NEG EAX
004C987F . 1BC0 SBB EAX,EAX
004C9881 . F7D8 NEG EAX
004C9883 . 23F8 AND EDI,EAX
004C9885 . F7DF NEG EDI
004C9887 . 1BFF SBB EDI,EDI
004C9889 . F7DF NEG EDI
004C988B . 4F DEC EDI
004C988C . 897D D4 MOV DWORD PTR SS:[EBP-2C],EDI
004C988F . FF15 C4104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaExitP>; MSVBVM60.__vbaExitProc
004C9895 . 68 F2984C00 PUSH DBWords.004C98F2
CALL DBWords.004C9910函数:
004C9910 $ 55 PUSH EBP
004C9911 . 8BEC MOV EBP,ESP
004C9913 . 83EC 0C SUB ESP,0C
004C9916 . 68 56754000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler> ; SE handler installation
004C991B . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
004C9921 . 50 PUSH EAX
004C9922 . 64:8925 000000>MOV DWORD PTR FS:[0],ESP
004C9929 . 81EC E0000000 SUB ESP,0E0
004C992F . 53 PUSH EBX
004C9930 . 56 PUSH ESI
004C9931 . 57 PUSH EDI
004C9932 . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP
004C9935 . C745 F8 F81F40>MOV DWORD PTR SS:[EBP-8],DBWords.00401FF>
004C993C . 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004C993F . 8B08 MOV ECX,DWORD PTR DS:[EAX]
004C9941 . 33F6 XOR ESI,ESI
004C9943 . 51 PUSH ECX
004C9944 . 8975 E0 MOV DWORD PTR SS:[EBP-20],ESI
004C9947 . 8975 DC MOV DWORD PTR SS:[EBP-24],ESI
004C994A . 8975 D4 MOV DWORD PTR SS:[EBP-2C],ESI
004C994D . 8975 D0 MOV DWORD PTR SS:[EBP-30],ESI
004C9950 . 8975 BC MOV DWORD PTR SS:[EBP-44],ESI
004C9953 . 8975 AC MOV DWORD PTR SS:[EBP-54],ESI
004C9956 . 8975 9C MOV DWORD PTR SS:[EBP-64],ESI
004C9959 . 8975 8C MOV DWORD PTR SS:[EBP-74],ESI
004C995C . 89B5 7CFFFFFF MOV DWORD PTR SS:[EBP-84],ESI
004C9962 . 89B5 6CFFFFFF MOV DWORD PTR SS:[EBP-94],ESI
004C9968 . 89B5 5CFFFFFF MOV DWORD PTR SS:[EBP-A4],ESI
004C996E . 89B5 4CFFFFFF MOV DWORD PTR SS:[EBP-B4],ESI
004C9974 . 89B5 3CFFFFFF MOV DWORD PTR SS:[EBP-C4],ESI
004C997A . 89B5 2CFFFFFF MOV DWORD PTR SS:[EBP-D4],ESI
004C9980 . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr 要计算字串长度
004C9986 . 8BC8 MOV ECX,EAX
004C9988 . FF15 70114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI2I4>>; MSVBVM60.__vbaI2I4
004C998E . 8B1D 44104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeVarList
004C9994 . BF 01000000 MOV EDI,1 循环起点
004C9999 . 8945 CC MOV DWORD PTR SS:[EBP-34],EAX eax循环长度
004C999C > 66:3B7D CC CMP DI,WORD PTR SS:[EBP-34] 判断循环是否结束
004C99A0 . 0F8F B1010000 JG DBWords.004C9B57
004C99A6 . 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
004C99A9 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
004C99AC . 50 PUSH EAX
004C99AD . 0FBFCF MOVSX ECX,DI
004C99B0 . 8995 54FFFFFF MOV DWORD PTR SS:[EBP-AC],EDX
004C99B6 . 51 PUSH ECX
004C99B7 . 8D95 4CFFFFFF LEA EDX,DWORD PTR SS:[EBP-B4]
004C99BD . 52 PUSH EDX
004C99BE . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
004C99C1 . 50 PUSH EAX
004C99C2 . C745 C4 010000>MOV DWORD PTR SS:[EBP-3C],1
004C99C9 . C745 BC 020000>MOV DWORD PTR SS:[EBP-44],2
004C99D0 . C785 4CFFFFFF >MOV DWORD PTR SS:[EBP-B4],4008
004C99DA . FF15 2C114000 CALL DWORD PTR DS:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar 取字串第i个字符
004C99E0 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
004C99E3 . 51 PUSH ECX
004C99E4 . FF15 34104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarMove
004C99EA . 8BD0 MOV EDX,EAX
004C99EC . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
004C99EF . FF15 F8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
004C99F5 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
004C99F8 . 52 PUSH EDX
004C99F9 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
004C99FC . 50 PUSH EAX
004C99FD . 6A 02 PUSH 2
004C99FF . FFD3 CALL EBX
004C9A01 . 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]
004C9A04 . 83C4 0C ADD ESP,0C
004C9A07 . 51 PUSH ECX
004C9A08 . FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.#516>] ; MSVBVM60.rtcAnsiValueBstr
004C9A0E . 66:3D FF00 CMP AX,0FF
004C9A12 . 0F8F C7000000 JG DBWords.004C9ADF
004C9A18 . 66:3BC6 CMP AX,SI
004C9A1B . 0F8C BE000000 JL DBWords.004C9ADF
004C9A21 . 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20]
004C9A24 . 52 PUSH EDX
004C9A25 . FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.#516>] ; MSVBVM60.rtcAnsiValueBstr 第i个字符的ASCII值放到EAX
004C9A2B . 8BC8 MOV ECX,EAX
004C9A2D . FF15 B4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaUI1I2>; MSVBVM60.__vbaUI1I2
004C9A33 . 8B4D D0 MOV ECX,DWORD PTR SS:[EBP-30]
004C9A36 . 66:0FB6F0 MOVZX SI,AL
004C9A3A . 66:8BC6 MOV AX,SI
004C9A3D . 66:99 CWD
004C9A3F . 898D 44FFFFFF MOV DWORD PTR SS:[EBP-BC],ECX
004C9A45 . 66:B9 0A00 MOV CX,0A
004C9A49 . 66:F7F9 IDIV CX
004C9A4C . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
004C9A4F . C785 3CFFFFFF >MOV DWORD PTR SS:[EBP-C4],8
004C9A59 . C745 BC 020000>MOV DWORD PTR SS:[EBP-44],2
004C9A60 . 66:8955 C4 MOV WORD PTR SS:[EBP-3C],DX ;余数存放
004C9A64 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
004C9A67 . 52 PUSH EDX
004C9A68 . 50 PUSH EAX
004C9A69 . FF15 D0124000 CALL DWORD PTR DS:[<&MSVBVM60.#613>] ; MSVBVM60.rtcVarStrFromVar
004C9A6F . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
004C9A72 . 51 PUSH ECX
004C9A73 . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64]
004C9A76 . 52 PUSH EDX
004C9A77 . FF15 04114000 CALL DWORD PTR DS:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
004C9A7D . 8D85 3CFFFFFF LEA EAX,DWORD PTR SS:[EBP-C4]
004C9A83 . 50 PUSH EAX
004C9A84 . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64]
004C9A87 . 51 PUSH ECX
004C9A88 . 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
004C9A8B . 52 PUSH EDX ;堆栈存放i位前字符ASCII值/10余数
004C9A8C . FF15 2C124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCa>; MSVBVM60.__vbaVarCat 将余数连接
004C9A92 . 50 PUSH EAX
004C9A93 . FF15 34104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarMove
004C9A99 . 8BD0 MOV EDX,EAX
004C9A9B . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
004C9A9E . FF15 F8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
004C9AA4 . 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74]
004C9AA7 . 50 PUSH EAX
004C9AA8 . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64]
004C9AAB . 51 PUSH ECX
004C9AAC . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
004C9AAF . 52 PUSH EDX
004C9AB0 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
004C9AB3 . 50 PUSH EAX
004C9AB4 . 6A 04 PUSH 4
004C9AB6 . FFD3 CALL EBX
004C9AB8 . 83C4 14 ADD ESP,14
004C9ABB . 66:0375 D4 ADD SI,WORD PTR SS:[EBP-2C]
004C9ABF . B8 01000000 MOV EAX,1
004C9AC4 . 0F80 1E030000 JO DBWords.004C9DE8
004C9ACA . 66:03C7 ADD AX,DI
004C9ACD . 0F80 15030000 JO DBWords.004C9DE8
004C9AD3 . 8975 D4 MOV DWORD PTR SS:[EBP-2C],ESI //存贮字串ASCII值累加和
004C9AD6 . 33F6 XOR ESI,ESI
004C9AD8 . 8BF8 MOV EDI,EAX
004C9ADA .^E9 BDFEFFFF JMP DBWords.004C999C
004C9ADF > B9 0A000000 MOV ECX,0A
004C9AE4 . B8 04000280 MOV EAX,80020004
004C9AE9 . 894D 8C MOV DWORD PTR SS:[EBP-74],ECX
004C9AEC . 894D 9C MOV DWORD PTR SS:[EBP-64],ECX
004C9AEF . 894D AC MOV DWORD PTR SS:[EBP-54],ECX
004C9AF2 . 8D95 4CFFFFFF LEA EDX,DWORD PTR SS:[EBP-B4]
004C9AF8 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
004C9AFB . 8945 94 MOV DWORD PTR SS:[EBP-6C],EAX
004C9AFE . 8945 A4 MOV DWORD PTR SS:[EBP-5C],EAX
004C9B01 . 8945 B4 MOV DWORD PTR SS:[EBP-4C],EAX
004C9B04 . C785 54FFFFFF >MOV DWORD PTR SS:[EBP-AC],DBWords.004611>
004C9B0E . C785 4CFFFFFF >MOV DWORD PTR SS:[EBP-B4],8
004C9B18 . FF15 BC124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarDu>; MSVBVM60.__vbaVarDup
004C9B1E . 8D4D 8C LEA ECX,DWORD PTR SS:[EBP-74]
004C9B21 . 51 PUSH ECX
004C9B22 . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64]
004C9B25 . 52 PUSH EDX
004C9B26 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
004C9B29 . 50 PUSH EAX
004C9B2A . 56 PUSH ESI
004C9B2B . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
004C9B2E . 51 PUSH ECX
004C9B2F . FF15 E0104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
004C9B35 . 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
004C9B38 . 52 PUSH EDX
004C9B39 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
004C9B3C . 50 PUSH EAX
004C9B3D . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
004C9B40 . 51 PUSH ECX
004C9B41 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
004C9B44 . 52 PUSH EDX
004C9B45 . 6A 04 PUSH 4
004C9B47 . FFD3 CALL EBX
004C9B49 . 9B WAIT
004C9B4A . 83C4 14 ADD ESP,14
004C9B4D . 68 D29D4C00 PUSH DBWords.004C9DD2
004C9B52 . E9 6A020000 JMP DBWords.004C9DC1
004C9B57 > 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30] //字符ASCII值/10余数串成新串
004C9B5A . 50 PUSH EAX
004C9B5B . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr
004C9B61 . 83F8 04 CMP EAX,4
004C9B64 . 7C 62 JL SHORT DBWords.004C9BC8
004C9B66 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
004C9B69 . 52 PUSH EDX
004C9B6A . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
004C9B6D . 6A 02 PUSH 2
004C9B6F . 8D85 4CFFFFFF LEA EAX,DWORD PTR SS:[EBP-B4]
004C9B75 . 898D 54FFFFFF MOV DWORD PTR SS:[EBP-AC],ECX
004C9B7B . 50 PUSH EAX
004C9B7C . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
004C9B7F . 51 PUSH ECX
004C9B80 . C745 C4 030000>MOV DWORD PTR SS:[EBP-3C],3 ;取3位
004C9B87 . C745 BC 020000>MOV DWORD PTR SS:[EBP-44],2 ;起点2
004C9B8E . C785 4CFFFFFF >MOV DWORD PTR SS:[EBP-B4],4008
004C9B98 . FF15 2C114000 CALL DWORD PTR DS:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
004C9B9E . 8B3D 34104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrVarMove
004C9BA4 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
004C9BA7 . 52 PUSH EDX
004C9BA8 . FFD7 CALL EDI ; 取字串的2,3,4位和成一数=a
004C9BAA . 8B35 F8124000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrMove
004C9BB0 . 8BD0 MOV EDX,EAX
004C9BB2 . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
004C9BB5 . FFD6 CALL ESI ; <&MSVBVM60.__vbaStrMove>
004C9BB7 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
004C9BBA . 50 PUSH EAX
004C9BBB . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
004C9BBE . 51 PUSH ECX
004C9BBF . 6A 02 PUSH 2
004C9BC1 . FFD3 CALL EBX
004C9BC3 . 83C4 0C ADD ESP,0C
004C9BC6 . EB 0C JMP SHORT DBWords.004C9BD4
004C9BC8 > 8B35 F8124000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrMove
004C9BCE . 8B3D 34104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrVarMove
004C9BD4 > 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30]
004C9BD7 . 52 PUSH EDX
004C9BD8 . FF15 40134000 CALL DWORD PTR DS:[<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
004C9BDE . FF15 E0124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFpI4>>; MSVBVM60.__vbaFpI4
004C9BE4 . 35 E8030000 XOR EAX,3E8 ; a^=0x3e8;
004C9BE9 . 8945 C4 MOV DWORD PTR SS:[EBP-3C],EAX
004C9BEC . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
004C9BEF . 50 PUSH EAX
004C9BF0 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
004C9BF3 . 51 PUSH ECX
004C9BF4 . C745 BC 030000>MOV DWORD PTR SS:[EBP-44],3
004C9BFB . FF15 D0124000 CALL DWORD PTR DS:[<&MSVBVM60.#613>] ; MSVBVM60.rtcVarStrFromVar
004C9C01 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
004C9C04 . 52 PUSH EDX
004C9C05 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
004C9C08 . 50 PUSH EAX
004C9C09 . FF15 04114000 CALL DWORD PTR DS:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
004C9C0F . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64]
004C9C12 . 51 PUSH ECX
004C9C13 . FFD7 CALL EDI
004C9C15 . 8BD0 MOV EDX,EAX
004C9C17 . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
004C9C1A . FFD6 CALL ESI
004C9C1C . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64]
004C9C1F . 52 PUSH EDX
004C9C20 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
004C9C23 . 50 PUSH EAX
004C9C24 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
004C9C27 . 51 PUSH ECX
004C9C28 . 6A 03 PUSH 3
004C9C2A . FFD3 CALL EBX
004C9C2C . 66:8B45 D4 MOV AX,WORD PTR SS:[EBP-2C] ;原始字串字符ASCII值和=b
004C9C30 . 66:99 CWD
004C9C32 . 66:B9 E803 MOV CX,3E8
004C9C36 . 66:F7F9 IDIV CX
004C9C39 . 83C4 10 ADD ESP,10
004C9C3C . 8955 D4 MOV DWORD PTR SS:[EBP-2C],EDX
004C9C3F . 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30]
004C9C42 . 52 PUSH EDX
004C9C43 . FF15 40134000 CALL DWORD PTR DS:[<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
004C9C49 . FF15 E0124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFpI4>>; MSVBVM60.__vbaFpI4
004C9C4F . 0FBF4D D4 MOVSX ECX,WORD PTR SS:[EBP-2C]
004C9C53 . 33C1 XOR EAX,ECX ; b^=a;
004C9C55 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
004C9C58 . 8945 C4 MOV DWORD PTR SS:[EBP-3C],EAX
004C9C5B . 52 PUSH EDX
004C9C5C . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
004C9C5F . 50 PUSH EAX
004C9C60 . C745 BC 030000>MOV DWORD PTR SS:[EBP-44],3
004C9C67 . FF15 D0124000 CALL DWORD PTR DS:[<&MSVBVM60.#613>] ; MSVBVM60.rtcVarStrFromVar
004C9C6D . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
004C9C70 . 51 PUSH ECX
004C9C71 . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64]
004C9C74 . 52 PUSH EDX
004C9C75 . FF15 04114000 CALL DWORD PTR DS:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
004C9C7B . 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]
004C9C81 . 51 PUSH ECX
004C9C82 . 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
004C9C85 . 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
004C9C88 . 52 PUSH EDX
004C9C89 . 8985 44FFFFFF MOV DWORD PTR SS:[EBP-BC],EAX
004C9C8F . C785 3CFFFFFF >MOV DWORD PTR SS:[EBP-C4],4002
004C9C99 . FF15 D0124000 CALL DWORD PTR DS:[<&MSVBVM60.#613>] ; MSVBVM60.rtcVarStrFromVar
004C9C9F . 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74]
004C9CA2 . 50 PUSH EAX
004C9CA3 . 8D8D 7CFFFFFF LEA ECX,DWORD PTR SS:[EBP-84]
004C9CA9 . 51 PUSH ECX
004C9CAA . FF15 04114000 CALL DWORD PTR DS:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
004C9CB0 . 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30]
004C9CB3 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
004C9CB6 . 50 PUSH EAX
004C9CB7 . 8D8D 7CFFFFFF LEA ECX,DWORD PTR SS:[EBP-84]
004C9CBD . 8995 34FFFFFF MOV DWORD PTR SS:[EBP-CC],EDX
004C9CC3 . 51 PUSH ECX
004C9CC4 . 8D95 6CFFFFFF LEA EDX,DWORD PTR SS:[EBP-94]
004C9CCA . 52 PUSH EDX
004C9CCB . C785 2CFFFFFF >MOV DWORD PTR SS:[EBP-D4],8
004C9CD5 . FF15 2C124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCa>; ; 字串连接
004C9CDB . 50 PUSH EAX
004C9CDC . 8D85 2CFFFFFF LEA EAX,DWORD PTR SS:[EBP-D4]
004C9CE2 . 50 PUSH EAX
004C9CE3 . 8D8D 5CFFFFFF LEA ECX,DWORD PTR SS:[EBP-A4]
004C9CE9 . 51 PUSH ECX
004C9CEA . FF15 2C124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCa>; ; 字串连接
004C9CF0 . 50 PUSH EAX
004C9CF1 . FFD7 CALL EDI
004C9CF3 . 8BD0 MOV EDX,EAX ; eax存放计算结果
004C9CF5 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
004C9CF8 . FFD6 CALL ESI
004C9CFA . 8D95 5CFFFFFF LEA EDX,DWORD PTR SS:[EBP-A4]
004C9D00 . 52 PUSH EDX
004C9D01 . 8D85 6CFFFFFF LEA EAX,DWORD PTR SS:[EBP-94]
004C9D07 . 50 PUSH EAX
004C9D08 . 8D8D 7CFFFFFF LEA ECX,DWORD PTR SS:[EBP-84]
004C9D0E . 51 PUSH ECX
004C9D0F . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64]
004C9D12 . 52 PUSH EDX
004C9D13 . 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74]
004C9D16 . 50 PUSH EAX
004C9D17 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
004C9D1A . 51 PUSH ECX
004C9D1B . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
004C9D1E . 52 PUSH EDX
004C9D1F . 6A 07 PUSH 7
004C9D21 . FFD3 CALL EBX
004C9D23 . 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
004C9D26 . 83C4 20 ADD ESP,20
004C9D29 . 50 PUSH EAX
004C9D2A . FF15 5C124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaR8Str>; MSVBVM60.__vbaR8Str
004C9D30 . DC1D F01F4000 FCOMP QWORD PTR DS:[401FF0]
004C9D36 . DFE0 FSTSW AX
004C9D38 . F6C4 41 TEST AH,41
004C9D3B . 75 3C JNZ SHORT DBWords.004C9D79
004C9D3D . 6A 09 PUSH 9
004C9D3F . 8D95 4CFFFFFF LEA EDX,DWORD PTR SS:[EBP-B4]
004C9D45 . 52 PUSH EDX
004C9D46 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
004C9D49 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
004C9D4C . 50 PUSH EAX
004C9D4D . 898D 54FFFFFF MOV DWORD PTR SS:[EBP-AC],ECX
004C9D53 . C785 4CFFFFFF >MOV DWORD PTR SS:[EBP-B4],4008
004C9D5D . FF15 04134000 CALL DWORD PTR DS:[<&MSVBVM60.#619>] ; MSVBVM60.rtcRightCharVar
004C9D63 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
004C9D66 . 51 PUSH ECX
004C9D67 . FFD7 CALL EDI
004C9D69 . 8BD0 MOV EDX,EAX
004C9D6B . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
004C9D6E . FFD6 CALL ESI
004C9D70 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
004C9D73 . FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVar
004C9D79 > 9B WAIT
004C9D7A . 68 D29D4C00 PUSH DBWords.004C9DD2
004C9D7F . EB 40 JMP SHORT DBWords.004C9DC1
004C9D81 . F645 FC 04 TEST BYTE PTR SS:[EBP-4],4
004C9D85 . 74 09 JE SHORT DBWords.004C9D90
004C9D87 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
004C9D8A . FF15 38134000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
004C9D90 > 8D95 5CFFFFFF LEA EDX,DWORD PTR SS:[EBP-A4]
004C9D96 . 52 PUSH EDX
004C9D97 . 8D85 6CFFFFFF LEA EAX,DWORD PTR SS:[EBP-94]
004C9D9D . 50 PUSH EAX
004C9D9E . 8D8D 7CFFFFFF LEA ECX,DWORD PTR SS:[EBP-84]
004C9DA4 . 51 PUSH ECX
004C9DA5 . 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
004C9DA8 . 52 PUSH EDX
004C9DA9 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
004C9DAC . 50 PUSH EAX
004C9DAD . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
004C9DB0 . 51 PUSH ECX
004C9DB1 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
004C9DB4 . 52 PUSH EDX
004C9DB5 . 6A 07 PUSH 7
004C9DB7 . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
004C9DBD . 83C4 20 ADD ESP,20
004C9DC0 . C3 RETN
004C9DC1 > 8B35 38134000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeStr
004C9DC7 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
004C9DCA . FFD6 CALL ESI ; <&MSVBVM60.__vbaFreeStr>
004C9DCC . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
004C9DCF . FFD6 CALL ESI
004C9DD1 . C3 RETN
004C9DD2 . 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
004C9DD5 . 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
004C9DD8 . 5F POP EDI
004C9DD9 . 5E POP ESI
004C9DDA . 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004C9DE1 . 5B POP EBX
004C9DE2 . 8BE5 MOV ESP,EBP
004C9DE4 . 5D POP EBP
004C9DE5 . C2 0400 RETN 4
至此算法清楚,我们写出其算法注册机:
算法:
1、利用一个固定的串Str1="JmgDBWords"
2、机器码Str=XXXXXXXX-XXXXXXXX 左八位StrL,右八位StrR
3、函数JS(CString)返回16进制32位值
则注册码为[JS(Str1)^JS(StrL)]-[JS(Str1)^JS(StrR)]
函数JS()如下:
unsigned long CJzdc107zcjDlg::JS(CString str)
{
unsigned long a=0;
int i;
unsigned long temp=0;
for(i=0;i<str.GetLength();i++) a+=str.GetAt(i);
for(i=1;i<4;i++) temp=temp*10+str.GetAt(i)%10;
CString tt,sum="";
temp=temp^0x3e8;
tt.Format("%d",temp);
sum+=tt;
a%=1000;
tt.Format("%d",a);
sum.Insert(0,tt);
temp=a^temp;
tt.Format("%d",temp);
sum.Insert(0,tt);
unsigned long b=0;
for(i=0;i<sum.GetLength();i++)
b=b*10+(sum.GetAt(i)-'0');
return b;
}
--------------------------------------------------------------------------------
【破解总结】
软件注册成功后将注册信息写到了注册表的HKEY_LOCAL_MACHINE\SoftWare\JmgSoft\DBWords\Register\RegCode和
HKEY_LOCAL_MACHINE\SoftWare\JmgSoft\DBWords\Register\UserName处
每次启动读取此处的信息进行注册验证成功则为注册,否则为未注册。
--------------------------------------------------------------------------------
不到万不得已我们不爆破,不为别得,只为提高自己的编程水平,哈哈!!
我想别人可能已经破解了该软件,或者别人不屑一破,没有任何参考独立完成,对于我来说真是一次很好的锻炼~!!
--------------------------------------------------------------------------------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
