阿蛮出纳(票据打印)注册算法分析
日期:2005年5月20日 破解人:微笑刺客~~~
软件名称』:阿蛮出纳(票据打印)
『下载地址』:http://amdlcom.nease.net/
『软件介绍』:
阿蛮出纳(票据打印) 本软件为安装版,界面友好、操作简单、
不断更新,适用于出纳工作打印银行单据:电汇单、进帐单、汇票申请
书、现金解款单、委托单、贷记单、现金支票、转帐支票以及在线升级
功能等。让您的工作效率大大提高。
『保护方式』:注册码保护
『破解声明』:初学Crack,只是感兴趣,失误之处敬请诸位大侠赐教!
『破解工具』:OllyDbg.V1.10 聆风听雨汉化第二版、PeID 0.93、ASPackDie v1.41
『破解过程』:
PeID查壳,ASPack 2.12 -> Alexey Solodovnikov,用ASPackDie v1.41轻松搞定,默认另存为UnPacked.exe,再查vb,OD载入,F9运行,输入用户名lovexy,注册码1234-5678-9123-4567 下断bp rtcMsgBox,点确定 返回到这里
004D1F62 . FF15 A010400>call dword ptr ds:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
004D1F68 . 8D45 8C lea eax,dword ptr ss:[ebp-74] ; 返回到这里
004D1F6B . 8D4D 9C lea ecx,dword ptr ss:[ebp-64]
然后向上看,
004D1C10 . FF15 F810400>call dword ptr ds:[<&MSVBVM60.__vbaStrCmp>] ; MSVBVM60.__vbaStrCmp
004D1C16 . 85C0 test eax,eax ; 很明显 上面是比较
004D1C18 . 0F85 ED02000>jnz unpacked.004D1F0B ; 这里往下跳 OVER!~~~~
很明显是经过比较之后 不相等就跳
再往上面看,在004D1930处下断 重新开始断在这里,F8继续往下走~~
=======下面将会把输入的注册码连接起来==================
004D1B17 > \8B45 E0 mov eax,dword ptr ss:[ebp-20]
004D1B1A . 8B4D DC mov ecx,dword ptr ss:[ebp-24]
004D1B1D . 50 push eax
004D1B1E . 51 push ecx
004D1B1F . FF15 5C10400>call dword ptr ds:[<&MSVBVM60.__vbaStrCat>] ; MSVBVM60.__vbaStrCat
004D1B25 . 8B35 2C12400>mov esi,dword ptr ds:[<&MSVBVM60.__vbaStrMove>>; MSVBVM60.__vbaStrMove
004D1B2B . 8BD0 mov edx,eax
004D1B2D . 8D4D E0 lea ecx,dword ptr ss:[ebp-20]
004D1B30 . FFD6 call esi ; <&MSVBVM60.__vbaStrMove>
004D1B32 . 8D4D DC lea ecx,dword ptr ss:[ebp-24]
004D1B35 . FF15 5812400>call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
004D1B3B . 8D55 D0 lea edx,dword ptr ss:[ebp-30]
004D1B3E . 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
004D1B41 . 52 push edx
004D1B42 . 50 push eax
004D1B43 . 6A 02 push 2
004D1B45 . FF15 4C10400>call dword ptr ds:[<&MSVBVM60.__vbaFreeObjList>; MSVBVM60.__vbaFreeObjList
004D1B4B . 8B5D 08 mov ebx,dword ptr ss:[ebp+8]
004D1B4E . B8 01000000 mov eax,1
004D1B53 . 83C4 0C add esp,0C
004D1B56 . 03C7 add eax,edi
004D1B58 . 0F80 A304000>jo unpacked.004D2001
004D1B5E . 8BF8 mov edi,eax
004D1B60 .^ E9 3CFFFFFF jmp unpacked.004D1AA1
上面得到 1234567891234567 ,接着往下走 到下面
=========================================================
004D1BCD > \8B55 DC mov edx,dword ptr ss:[ebp-24] ; 用户名
004D1BD0 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
004D1BD3 . C745 DC 0000>mov dword ptr ss:[ebp-24],0
004D1BDA . FFD6 call esi
004D1BDC . 8D55 D8 lea edx,dword ptr ss:[ebp-28]
004D1BDF . 52 push edx
004D1BE0 . E8 BBD60700 call unpacked.0054F2A0 ; 关键CALL
004D1BE5 . 8BD0 mov edx,eax ; 真码16位,不过是连接的
下面我们跟进004D1BE0看看
0054F2A0 $ 55 push ebp // 到这里
0054F2A1 . 8BEC mov ebp,esp
0054F2A3 . 83EC 18 sub esp,18
0054F2A6 . 68 46344000 push <jmp.&MSVBVM60.__vbaExceptHandler> ; SE handler installation
。。。
0054F2FB . 8B45 08 mov eax,dword ptr ss:[ebp+8]
0054F2FE . 8B10 mov edx,dword ptr ds:[eax] ; 用户名
0054F300 . 8D4D B0 lea ecx,dword ptr ss:[ebp-50]
0054F303 . FF15 C411400>call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
0054F309 . C745 FC 0400>mov dword ptr ss:[ebp-4],4
0054F310 . 8D4D B4 lea ecx,dword ptr ss:[ebp-4C]
0054F313 . 51 push ecx
0054F314 . E8 03FAEDFF call unpacked.0042ED1C
0054F319 . FF15 6C10400>call dword ptr ds:[<&MSVBVM60.__vbaSetSystemEr>; MSVBVM60.__vbaSetSystemError
0054F31F . C745 FC 0500>mov dword ptr ss:[ebp-4],5
0054F326 . 8B55 D4 mov edx,dword ptr ss:[ebp-2C]
0054F329 . 52 push edx
0054F32A . FF15 1810400>call dword ptr ds:[<&MSVBVM60.__vbaStrI4>] ; MSVBVM60.__vbaStrI4
0054F330 . 8BD0 mov edx,eax ; 机器码 134283270
0054F399 . 8955 DC mov dword ptr ss:[ebp-24],edx
0054F39C > 8B45 DC mov eax,dword ptr ss:[ebp-24] ; 开始循环
0054F39F . 3B85 E8FEFFF>cmp eax,dword ptr ss:[ebp-118]
0054F3A5 . 0F8F 9B00000>jg unpacked.0054F446
0054F3AB . C745 FC 0900>mov dword ptr ss:[ebp-4],9
0054F3DA . 50 push eax
0054F3DB . 8D8D 30FFFFF>lea ecx,dword ptr ss:[ebp-D0]
0054F3E1 . 51 push ecx
0054F3E2 . 8D55 80 lea edx,dword ptr ss:[ebp-80]
0054F3E5 . 52 push edx
0054F3E6 . FF15 D810400>call dword ptr ds:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
0054F3EC . 8D45 80 lea eax,dword ptr ss:[ebp-80] //依次取用户名字符 name[i]
0054F3EF . 50 push eax
,。。。。。。
0054F3FA . 50 push eax
0054F3FB . FF15 5010400>call dword ptr ds:[<&MSVBVM60.#516>] ; MSVBVM60.rtcAnsiValueBstr
0054F401 . 0FBFD0 movsx edx,ax ; edx=ax(name[i]的ASC)
0054F404 . 8B45 DC mov eax,dword ptr ss:[ebp-24] // i
0054F407 . 0FAFC2 imul eax,edx // eax=i*name[i]
0054F40A . 0F80 C203000>jo unpacked.0054F7D2
0054F410 . 8B4D A8 mov ecx,dword ptr ss:[ebp-58]
0054F413 . 03C8 add ecx,eax //ecx+=eax;
0054F415 . 0F80 B703000>jo unpacked.0054F7D2
0054F41B . 894D A8 mov dword ptr ss:[ebp-58],ecx
0054F41E . 8D4D A0 lea ecx,dword ptr ss:[ebp-60]
0054F421 . FF15 5812400>call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
0054F427 . 8D55 80 lea edx,dword ptr ss:[ebp-80]
,,,,,,,
0054F441 .^ E9 44FFFFFF jmp unpacked.0054F38A
====================
即
for(i=0;i<len(name);i++)
temp+=i*name[i];
//temp为16进制
===================
继续走
0054F44D . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
0054F450 . 8B11 mov edx,dword ptr ds:[ecx]
0054F452 . 52 push edx
0054F453 . FF15 3810400>call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ; MSVBVM60.__vbaLenBstr
0054F459 . 8B4D A8 mov ecx,dword ptr ss:[ebp-58] // 取用户名长度 ,然后上面运算得到结果
0054F45C . 0FAFC8 imul ecx,eax // temp=temp*len(name)
0054F47D . C745 FC 0D00>mov dword ptr ss:[ebp-4],0D
0054F484 . 8B55 AC mov edx,dword ptr ss:[ebp-54] ; 机器码 134283270
0054F487 . 52 push edx
0054F488 . 8B45 A8 mov eax,dword ptr ss:[ebp-58]
0054F48B . 50 push eax
0054F48C . FF15 1810400>call dword ptr ds:[<&MSVBVM60.__vbaStrI4>] ; MSVBVM60.__vbaStrI4
0054F492 . 8BD0 mov edx,eax ; 14484(上面得到的temp10进制)
0054F494 . 8D4D A0 lea ecx,dword ptr ss:[ebp-60]
0054F497 . FF15 2C12400>call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0054F49D . 50 push eax
0054F49E . FF15 5C10400>call dword ptr ds:[<&MSVBVM60.__vbaStrCat>] ; MSVBVM60.__vbaStrCat
0054F4A4 . 8BD0 mov edx,eax ; 机器码和上面出来的结果连接13428327014484
0054F4A6 . 8D4D AC lea ecx,dword ptr ss:[ebp-54]
0054F4A9 . FF15 2C12400>call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0054F4AF . 8D4D A0 lea ecx,dword ptr ss:[ebp-60]
0054F4B2 . FF15 5812400>call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
0054F4B8 . C745 FC 0E00>mov dword ptr ss:[ebp-4],0E
0054F4BF . 8B4D AC mov ecx,dword ptr ss:[ebp-54]
0054F4C2 . 51 push ecx
0054F4C3 . FF15 3810400>call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ; MSVBVM60.__vbaLenBstr
0054F4C9 . 8945 D8 mov dword ptr ss:[ebp-28],eax ; 长度
0054F4CC . C745 FC 0F00>mov dword ptr ss:[ebp-4],0F
0054F4D3 . 837D D8 04 cmp dword ptr ss:[ebp-28],4
0054F4D7 . 7D 0E jge short unpacked.0054F4E7
0054F4D9 . C745 FC 1000>mov dword ptr ss:[ebp-4],10
0054F4E0 . C745 D8 0400>mov dword ptr ss:[ebp-28],4
0054F4E7 > C745 FC 1200>mov dword ptr ss:[ebp-4],12
0054F4EE . 8B55 AC mov edx,dword ptr ss:[ebp-54]
0054F4F1 . 52 push edx
0054F4F2 . FF15 3810400>call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ; MSVBVM60.__vbaLenBstr
0054F4F8 . 8985 E0FEFFF>mov dword ptr ss:[ebp-120],eax
0054F4FE . C785 E4FEFFF>mov dword ptr ss:[ebp-11C],1
0054F508 . C745 DC 0100>mov dword ptr ss:[ebp-24],1
0054F50F . EB 12 jmp short unpacked.0054F523
0054F511 > 8B45 DC mov eax,dword ptr ss:[ebp-24]
0054F514 . 0385 E4FEFFF>add eax,dword ptr ss:[ebp-11C]
0054F51A . 0F80 B202000>jo unpacked.0054F7D2
0054F520 . 8945 DC mov dword ptr ss:[ebp-24],eax
0054F523 > 8B4D DC mov ecx,dword ptr ss:[ebp-24]
0054F526 . 3B8D E0FEFFF>cmp ecx,dword ptr ss:[ebp-120]
0054F52C . 0F8F 1401000>jg unpacked.0054F646
0054F532 . C745 FC 1300>mov dword ptr ss:[ebp-4],13
0054F539 . 8B55 B0 mov edx,dword ptr ss:[ebp-50]
0054F53C . 8995 F8FEFFF>mov dword ptr ss:[ebp-108],edx
0054F542 . C785 F0FEFFF>mov dword ptr ss:[ebp-110],8
0054F54C . C745 98 0100>mov dword ptr ss:[ebp-68],1
0054F553 . C745 90 0200>mov dword ptr ss:[ebp-70],2
0054F55A . 8D45 AC lea eax,dword ptr ss:[ebp-54]
0054F55D . 8985 38FFFFF>mov dword ptr ss:[ebp-C8],eax
0054F563 . C785 30FFFFF>mov dword ptr ss:[ebp-D0],4008
0054F56D . 8D4D 90 lea ecx,dword ptr ss:[ebp-70]
0054F570 . 51 push ecx
0054F571 . 8B55 DC mov edx,dword ptr ss:[ebp-24]
0054F574 . 52 push edx
0054F575 . 8D85 30FFFFF>lea eax,dword ptr ss:[ebp-D0]
0054F57B . 50 push eax
0054F57C . 8D4D 80 lea ecx,dword ptr ss:[ebp-80]
0054F57F . 51 push ecx
0054F580 . FF15 D810400>call dword ptr ds:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
0054F586 . C785 78FFFFF>mov dword ptr ss:[ebp-88],1 ; 挨个取13428327014484字符
0054F590 . C785 70FFFFF>mov dword ptr ss:[ebp-90],2
0054F59A . 8D55 A8 lea edx,dword ptr ss:[ebp-58]
0054F59D . 8995 18FFFFF>mov dword ptr ss:[ebp-E8],edx
0054F5A3 . C785 10FFFFF>mov dword ptr ss:[ebp-F0],4003
0054F5AD . 8D85 70FFFFF>lea eax,dword ptr ss:[ebp-90]
0054F5B3 . 50 push eax
0054F5B4 . 8B4D DC mov ecx,dword ptr ss:[ebp-24]
0054F5B7 . 51 push ecx
0054F5B8 . 8D95 10FFFFF>lea edx,dword ptr ss:[ebp-F0]
0054F5BE . 52 push edx
0054F5BF . 8D85 60FFFFF>lea eax,dword ptr ss:[ebp-A0]
0054F5C5 . 50 push eax
0054F5C6 . FF15 D810400>call dword ptr ds:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
0054F5CC . 8D8D F0FEFFF>lea ecx,dword ptr ss:[ebp-110] //挨个取14484字符
0054F5D2 . 51 push ecx
0054F5D3 . 8D55 80 lea edx,dword ptr ss:[ebp-80]
0054F5D6 . 52 push edx
0054F5D7 . 8D85 60FFFFF>lea eax,dword ptr ss:[ebp-A0]
0054F5DD . 50 push eax
0054F5DE . 8D8D 50FFFFF>lea ecx,dword ptr ss:[ebp-B0]
0054F5E4 . 51 push ecx
0054F5E5 . FF15 F411400>call dword ptr ds:[<&MSVBVM60.__vbaVarAdd>] ; MSVBVM60.__vbaVarAdd
0054F5EB . 50 push eax //然后相连
0054F5EC . 8D95 40FFFFF>lea edx,dword ptr ss:[ebp-C0]
0054F5F2 . 52 push edx
0054F5F3 . FF15 8C11400>call dword ptr ds:[<&MSVBVM60.__vbaVarCat>] ; MSVBVM60.__vbaVarCat
0054F5F9 . 50 push eax
0054F5FA . FF15 3410400>call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>; MSVBVM60.__vbaStrVarMove
0054F600 . 8BD0 mov edx,eax // 第一次得到‘11’
0054F602 . 8D4D B0 lea ecx,dword ptr ss:[ebp-50]
0054F605 . FF15 2C12400>call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0054F60B . 8D85 40FFFFF>lea eax,dword ptr ss:[ebp-C0]
0054F611 . 50 push eax
0054F612 . 8D8D 50FFFFF>lea ecx,dword ptr ss:[ebp-B0]
0054F618 . 51 push ecx
0054F619 . 8D95 60FFFFF>lea edx,dword ptr ss:[ebp-A0]
0054F61F . 52 push edx
0054F620 . 8D45 80 lea eax,dword ptr ss:[ebp-80]
0054F623 . 50 push eax
0054F624 . 8D8D 70FFFFF>lea ecx,dword ptr ss:[ebp-90]
0054F62A . 51 push ecx
0054F62B . 8D55 90 lea edx,dword ptr ss:[ebp-70]
0054F62E . 52 push edx
0054F62F . 6A 06 push 6
0054F631 . FF15 4410400>call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
0054F637 . 83C4 1C add esp,1C
0054F63A . C745 FC 1400>mov dword ptr ss:[ebp-4],14
0054F641 .^ E9 CBFEFFFF jmp unpacked.0054F511 //返回去 循环
==========================
上面代码就是将机器码和用户名转换后的结果连接s1=13428327014484(机器码+用户名处理后) s2=14484
分别依次取字符连接(循环次数len(s2)) 就会得到1134442884327014484 (s3)
==========================
0054F646 > C745 FC 1500>mov dword ptr ss:[ebp-4],15
0054F64D . 8B45 B0 mov eax,dword ptr ss:[ebp-50]
0054F650 . 50 push eax ; 上面运算结果变成实数
0054F651 . FF15 AC11400>call dword ptr ds:[<&MSVBVM60.__vbaR8Str>] ; MSVBVM60.__vbaR8Str
0054F657 . DB45 A8 fild dword ptr ss:[ebp-58] ; 用户名处理后的10进制
0054F65A . DD9D C4FEFFF>fstp qword ptr ss:[ebp-13C]
0054F660 . DC85 C4FEFFF>fadd qword ptr ss:[ebp-13C] ; 相加 s3=s3+s2
0054F666 . DFE0 fstsw ax
0054F668 . A8 0D test al,0D
0054F66A . 0F85 5D01000>jnz unpacked.0054F7CD
0054F670 . 83EC 08 sub esp,8
0054F673 . DD1C24 fstp qword ptr ss:[esp]
0054F676 . FF15 3811400>call dword ptr ds:[<&MSVBVM60.__vbaStrR8>] ; MSVBVM60.__vbaStrR8
0054F67C . 8BD0 mov edx,eax ; 相加后结果
0054F67E . 8D4D B0 lea ecx,dword ptr ss:[ebp-50]
0054F681 . FF15 2C12400>call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0054F687 . C745 FC 1600>mov dword ptr ss:[ebp-4],16
0054F68E . C785 28FFFFF>mov dword ptr ss:[ebp-D8],unpacked.00432FE4 ; UNICODE "0000000000000000"
0054F698 . C785 20FFFFF>mov dword ptr ss:[ebp-E0],8
0054F6A2 . 8D95 20FFFFF>lea edx,dword ptr ss:[ebp-E0]
0054F6A8 . 8D4D 90 lea ecx,dword ptr ss:[ebp-70]
0054F6AB . FF15 0012400>call dword ptr ds:[<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
0054F6B1 . 8D4D B0 lea ecx,dword ptr ss:[ebp-50]
0054F6B4 . 898D 38FFFFF>mov dword ptr ss:[ebp-C8],ecx
0054F6BA . C785 30FFFFF>mov dword ptr ss:[ebp-D0],4008
0054F6C4 . 6A 01 push 1
0054F6C6 . 6A 01 push 1
0054F6C8 . 8D55 90 lea edx,dword ptr ss:[ebp-70]
0054F6CB . 52 push edx
0054F6CC . 8D85 30FFFFF>lea eax,dword ptr ss:[ebp-D0]
0054F6D2 . 50 push eax
0054F6D3 . 8D4D 80 lea ecx,dword ptr ss:[ebp-80]
0054F6D6 . 51 push ecx
0054F6D7 . FF15 6410400>call dword ptr ds:[<&MSVBVM60.#660>] ; MSVBVM60.rtcVarFromFormatVar
0054F6DD . 8D55 80 lea edx,dword ptr ss:[ebp-80] ; 看函数名 就知道是格式化了
0054F6E0 . 52 push edx
0054F6E1 . FF15 3410400>call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>; MSVBVM60.__vbaStrVarMove
0054F6E7 . 8BD0 mov edx,eax //("1134442884327030000")
0054F6E9 . 8D4D B0 lea ecx,dword ptr ss:[ebp-50]
0054F6EC . FF15 2C12400>call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0054F6F2 . 8D45 80 lea eax,dword ptr ss:[ebp-80]
0054F6F5 . 50 push eax
0054F6F6 . 8D4D 90 lea ecx,dword ptr ss:[ebp-70]
0054F6F9 . 51 push ecx
0054F6FA . 6A 02 push 2
0054F6FC . FF15 4410400>call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
0054F702 . 83C4 0C add esp,0C
0054F705 . C745 FC 1700>mov dword ptr ss:[ebp-4],17
0054F70C . 8D55 B0 lea edx,dword ptr ss:[ebp-50]
0054F70F . 8995 38FFFFF>mov dword ptr ss:[ebp-C8],edx
0054F715 . C785 30FFFFF>mov dword ptr ss:[ebp-D0],4008
0054F71F . 6A 10 push 10
0054F721 . 8D85 30FFFFF>lea eax,dword ptr ss:[ebp-D0]
0054F727 . 50 push eax
0054F728 . 8D4D 90 lea ecx,dword ptr ss:[ebp-70]
0054F72B . 51 push ecx
0054F72C . FF15 1C12400>call dword ptr ds:[<&MSVBVM60.#617>] ; MSVBVM60.rtcLeftCharVar
0054F732 . 8D55 90 lea edx,dword ptr ss:[ebp-70]
0054F735 . 52 push edx
0054F736 . FF15 3410400>call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>; MSVBVM60.__vbaStrVarMove
0054F73C . 8BD0 mov edx,eax
0054F73E . 8D4D A4 lea ecx,dword ptr ss:[ebp-5C]
0054F741 . FF15 2C12400>call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0054F747 . 8D4D 90 lea ecx,dword ptr ss:[ebp-70]
============================================
很明显是从左到右取16个数字 得到1134442884327030
=========================================
在往下走 就返回了~~~
-------------------------------------------------------------------------------------------------------------------------
『算法总结』:
还是比较简单 跟进去就明白
(1)
首先对用户名进行处理 设为 name[i]
temp=0;
for(i=0;i<strlen(name);i++)
{
temp+=i*name[i];
//temp为16进制
}
temp=temp*len(name);,然后将其转换为实数
(2)
将机器码和上面的转换后的结果s1=13428327014484(机器码+用户名处理后) s2=14484
分别依次取字符连接(循环次数len(s2)) 就会得到1134442884327014484 (s3)
(3)
format(结果变成实数+用户名的10进制)
然后从左开始取16位就得到了真码了 sn=1134442884327030
sn=mid(sn,1,4)&'-'&mid(sn,5,4)&'-'&mid(sn,9,4)&'-'&mid(sn,13,4)
//我对VB语言不熟悉 不知道上面写对了么,错了请指教一下 ~~~
by 微笑刺客~~`
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)