目标软件：OJOsoft系列
语言：VC
工具：OD

软件是VC写的，用PEID显示为：Microsoft Visual C++ 7.0 Method2 [调试]
二话不说，直接到OD载入，然后输入假的激活码，很快就能找到关键点：

00401D6D     .  C74424 1C 00000>mov dword ptr ss:[esp+1C],0
00401D75     .  E8 96E80100     call <jmp.&MFC71.#3761>
00401D7A     .  51              push ecx
00401D7B     .  8D5424 08       lea edx,dword ptr ss:[esp+8]
00401D7F     .  8BCC            mov ecx,esp
00401D81     .  896424 10       mov dword ptr ss:[esp+10],esp
00401D85     .  52              push edx
00401D86     .  FF15 E4514200   call dword ptr ds:[<&MFC71.#297>]         ;  MFC71.7C14E575
00401D8C     .  8B8E C8000000   mov ecx,dword ptr ds:[esi+C8]
00401D92     .  FF15 30504200   call dword ptr ds:[<&Control.AVProxy::Reg>;  Control.AVProxy::RegisteProduct

003A6C49      C64424 4C 01      mov byte ptr ss:[esp+4C],1
003A6C4E      FF15 94803B00     call dword ptr ds:[<&MFC71.#297>]         ; MFC71.7C14E575
003A6C54      8D4C24 0C         lea ecx,dword ptr ss:[esp+C]
003A6C58      E8 03DB0000       call Control.003B4760                   //这里同样为关键CALL，跟进继续分析
003A6C5D      8BF0              mov esi,eax
003A6C5F      85F6              test esi,esi
003A6C61      75 76             jnz short Control.003A6CD9
003A6C63      8D4C24 10         lea ecx,dword ptr ss:[esp+10]

003B485D      8BCE              mov ecx,esi
003B485F      885C24 3C         mov byte ptr ss:[esp+3C],bl
003B4863      E8 38F5FFFF       call Control.003B3DA0
003B4868      0FB6C0            movzx eax,al
003B486B      85C0              test eax,eax
003B486D      74 69             je short Control.003B48D8

003B3DE7      8BCE              mov ecx,esi
003B3DE9      E8 12FAFFFF       call Control.003B3800
003B3DEE      84C0              test al,al
003B3DF0      0F84 49010000     je Control.003B3F3F

003B3837      2BC2              sub eax,edx
003B3839      83F8 18           cmp eax,18             //比较激活码的长度是否为0x18，不是则失败
…………………………
003B3850     >  56              push esi
003B3851     . |8D4C24 20       lea ecx,dword ptr ss:[esp+20]
003B3855     . |FF15 20813B00   call dword ptr ds:[<&MFC71.#865>]              ;  MFC71.7C1894E7
003B385B     . |0FBEC0          movsx eax,al
003B385E     . |50              push eax
003B385F     . |FFD3            call ebx
003B3861     . |83C4 04         add esp,4
003B3864     . |83FF 04         cmp edi,4
003B3867     . |75 08           jnz short Control.003B3871
003B3869     . |3C 2D           cmp al,2D
003B386B     . |75 33           jnz short Control.003B38A0
003B386D     . |33FF            xor edi,edi
003B386F     . |EB 09           jmp short Control.003B387A
003B3871     > |3C 41           cmp al,41
003B3873     . |7C 2B           jl short Control.003B38A0
003B3875     . |3C 5A           cmp al,5A
003B3877     . |7F 27           jg short Control.003B38A0
003B3879     . |47              inc edi
003B387A     > |46              inc esi
003B387B     . |83FE 18         cmp esi,18
003B387E     .^\7C D0           jl short Control.003B3850

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课