-
-
Greensoft)格林财务软件 3.55.12.08破解过程
-
发表于: 2004-12-12 13:49
-
【原创】Greensoft)格林财务软件 3.55.12.08破解过程
【破解作者】 kyc
【作者邮箱】 [email]muyang008@163.com[/email]
【使用工具】 OD1.1
【破解平台】 Win2003
【软件名称】 (Greensoft)格林财务软件 3.55.12.08
http://www.greensoft.cn/
【软件简介】 一套易学易用的商品化通用财务软件,会计电算化的好帮手。
本软件是根据最新会计制度,使用C++、DELPHI等优秀的开发工具, 以SQL_Server、 Access为底层数据库。在软件开发中采用了多种独有的尖端技术,
充分发挥计算机特点,研发出来的一套功能强大、技术领先、安全稳定、易学易用的商品化通用财务软件。适用于各类大、中、小型企业,行政、
事业单位。
财务软件教程下载地址:http://www.greensoft.cn/download.htm
【软件大小】 2129KB
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】这个软件是以充值方式注册的,每年充值费480.00元。
根据软件充值错误提示,很容易找到如下代码,以下代码是从OD1.1中拷贝出的代码:
008186FF . 55 push ebp
00818700 . 68 D78D8100 push GreenSof.00818DD7
00818705 . 64:FF30 push dword ptr fs:[eax]
00818708 . 64:8920 mov dword ptr fs:[eax],esp
0081870B . E8 583FFDFF call GreenSof.007EC668 ; 这里有异常
00818710 . 8BD8 mov ebx,eax ; F2 所以在这里下断
00818712 . 8D55 E0 lea edx,dword ptr ss:[ebp-20]
00818715 . 8B45 FC mov eax,dword ptr ss:[ebp-4]
00818718 . 8B80 10030000 mov eax,dword ptr ds:[eax+310]
0081871E . E8 E123C5FF call GreenSof.0046AB04 ; 第一组CODE长度
00818723 . 8B45 E0 mov eax,dword ptr ss:[ebp-20] ; EAX=第一组CODE
00818726 . 8D55 E4 lea edx,dword ptr ss:[ebp-1C]
00818729 . E8 3E0CBFFF call GreenSof.0040936C
0081872E . 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
00818731 . 8D55 F0 lea edx,dword ptr ss:[ebp-10]
00818734 . E8 BB09BFFF call GreenSof.004090F4
00818739 . 8D55 D8 lea edx,dword ptr ss:[ebp-28]
0081873C . 8B45 FC mov eax,dword ptr ss:[ebp-4]
0081873F . 8B80 3C030000 mov eax,dword ptr ds:[eax+33C]
00818745 . E8 BA23C5FF call GreenSof.0046AB04 ; 第2组CODE长度
0081874A . 8B45 D8 mov eax,dword ptr ss:[ebp-28] ; EAX=第2组CODE
0081874D . 8D55 DC lea edx,dword ptr ss:[ebp-24]
00818750 . E8 170CBFFF call GreenSof.0040936C
00818755 . 8B45 DC mov eax,dword ptr ss:[ebp-24]
00818758 . 8D55 EC lea edx,dword ptr ss:[ebp-14]
0081875B . E8 9409BFFF call GreenSof.004090F4
00818760 . 8D55 D0 lea edx,dword ptr ss:[ebp-30]
00818763 . 8B45 FC mov eax,dword ptr ss:[ebp-4]
00818766 . 8B80 40030000 mov eax,dword ptr ds:[eax+340]
0081876C . E8 9323C5FF call GreenSof.0046AB04 ; 第3组CODE长度
00818771 . 8B45 D0 mov eax,dword ptr ss:[ebp-30] ; EAX=第3组CODE
00818774 . 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
00818777 . E8 F00BBFFF call GreenSof.0040936C
0081877C . 8B45 D4 mov eax,dword ptr ss:[ebp-2C]
0081877F . 8D55 E8 lea edx,dword ptr ss:[ebp-18]
00818782 . E8 6D09BFFF call GreenSof.004090F4
00818787 . A1 50248800 mov eax,dword ptr ds:[882450]
0081878C . 8338 00 cmp dword ptr ds:[eax],0
0081878F . 74 33 je short GreenSof.008187C4
00818791 . A1 AC248800 mov eax,dword ptr ds:[8824AC]
00818796 . 8338 00 cmp dword ptr ds:[eax],0
00818799 . 74 29 je short GreenSof.008187C4
0081879B . 8B45 F0 mov eax,dword ptr ss:[ebp-10] ; EAX=第1组CODE
0081879E . 50 push eax
0081879F . 8B45 EC mov eax,dword ptr ss:[ebp-14] ; EAX=第2组CODE
008187A2 . 50 push eax
008187A3 . 8B45 E8 mov eax,dword ptr ss:[ebp-18] ; EAX=第3组CODE
008187A6 . 50 push eax
008187A7 . 6A 01 push 1
008187A9 . 8B15 AC248800 mov edx,dword ptr ds:[8824AC] ; GreenSof.00884124
008187AF . 8B12 mov edx,dword ptr ds:[edx]
008187B1 . A1 50248800 mov eax,dword ptr ds:[882450]
008187B6 . 8B00 mov eax,dword ptr ds:[eax]
008187B8 . 8BCB mov ecx,ebx
008187BA . E8 9529FDFF call GreenSof.007EB154 ;
008187BF . 8945 F8 mov dword ptr ss:[ebp-8],eax
008187C2 . EB 07 jmp short GreenSof.008187CB
008187C4 > C745 F8 FFFFF>mov dword ptr ss:[ebp-8],-1
008187CB > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
008187CE . 83E8 31 sub eax,31
008187D1 . 0F83 90050000 jnb GreenSof.00818D67
===================================================================================jmp GreenSof.007EB324
007EB324 > \837D F0 00 cmp dword ptr ss:[ebp-10],0
007EB328 . 74 1A je short GreenSof.007EB344
007EB32A . 8B45 F4 mov eax,dword ptr ss:[ebp-C]
007EB32D . 50 push eax
007EB32E . 8B45 F0 mov eax,dword ptr ss:[ebp-10] ; EAX=3组CODE
007EB331 . 50 push eax
007EB332 . 8B4D F8 mov ecx,dword ptr ss:[ebp-8]
007EB335 . 8B55 FC mov edx,dword ptr ss:[ebp-4]
007EB338 . A1 D8408800 mov eax,dword ptr ds:[8840D8]
007EB33D . E8 B288FFFF call GreenSof.007E3BF4 ; F7 关键算法
007EB342 . EB 03 jmp short GreenSof.007EB347
========================================================================call GreenSof.007E3BF4这里需要有耐性有8千多行的代码。
每个充值到期日的算法好象都不同.看的头晕
007E3BF4 /$ 55 push ebp
007E3BF5 |. 8BEC mov ebp,esp
007E3BF7 |. 51 push ecx
007E3BF8 |. B9 B1000000 mov ecx,0B1
007E3BFD |> 6A 00 /push 0
007E3BFF |. 6A 00 |push 0
007E3C01 |. 49 |dec ecx
007E3C02 |.^ 75 F9 \jnz short GreenSof.007E3BFD
007E3C04 |. 874D FC xchg dword ptr ss:[ebp-4],ecx ; F4
007E3C07 |. 53 push ebx
007E3C08 |. 56 push esi
007E3C09 |. 57 push edi
007E3C0A |. 894D F8 mov dword ptr ss:[ebp-8],ecx ; 充值帐号
007E3C0D |. 8955 FC mov dword ptr ss:[ebp-4],edx
007E3C10 |. 8B7D 0C mov edi,dword ptr ss:[ebp+C] ; 充值帐号
007E3C13 |. 8B45 08 mov eax,dword ptr ss:[ebp+8] ; 我们输入的充值号
007E3C16 |. E8 9911C2FF call GreenSof.00404DB4
007E3C1B |. 33C0 xor eax,eax
007E3C1D |. 55 push ebp
007E3C1E |. 68 30B17E00 push GreenSof.007EB130
007E3C23 |. 64:FF30 push dword ptr fs:[eax]
007E3C26 |. 64:8920 mov dword ptr fs:[eax],esp
007E3C29 |. B2 01 mov dl,1
007E3C2B |. A1 C8C84100 mov eax,dword ptr ds:[41C8C8]
007E3C30 |. E8 23FEC1FF call GreenSof.00403A58
007E3C35 |. 8BF0 mov esi,eax
007E3C37 |. 8D55 F4 lea edx,dword ptr ss:[ebp-C]
007E3C3A |. 8BC7 mov eax,edi
007E3C3C |. E8 6B5BC2FF call GreenSof.004097AC F7
==========================================================================call GreenSof.004097AC
004097AC /$ 56 push esi
004097AD |. 89E6 mov esi,esp
004097AF |. 83EC 10 sub esp,10
004097B2 |. 31C9 xor ecx,ecx
004097B4 |. 52 push edx
004097B5 |. 31D2 xor edx,edx
004097B7 |. E8 A4FFFFFF call GreenSof.00409760 ; F7
004097BC |. 89F2 mov edx,esi
004097BE |. 58 pop eax
004097BF |. E8 20B2FFFF call GreenSof.004049E4
004097C4 |. 83C4 10 add esp,10
004097C7 |. 5E pop esi
004097C8 \. C3 retn
========================================================================call GreenSof.00409760
00409760 /$ 08C9 or cl,cl
00409762 |. 75 17 jnz short GreenSof.0040977B
00409764 |. 09C0 or eax,eax
00409766 |. 79 0E jns short GreenSof.00409776
00409768 |. F7D8 neg eax
0040976A |. E8 07000000 call GreenSof.00409776
0040976F |. B0 2D mov al,2D
00409771 |. 41 inc ecx
00409772 |. 4E dec esi
00409773 |. 8806 mov byte ptr ds:[esi],al
00409775 |. C3 retn
00409776 |$ B9 0A000000 mov ecx,0A ;ECX=A=10D
0040977B |> 52 push edx
0040977C |. 56 push esi
0040977D |> 31D2 /xor edx,edx
0040977F |. F7F1 |div ecx ; 充值帐号/A
00409781 |. 4E |dec esi
00409782 |. 80C2 30 |add dl,30 ; 充值帐号%A+30
00409785 |. 80FA 3A |cmp dl,3A
00409788 |. 72 03 |jb short GreenSof.0040978D ; 小于3A吗
0040978A |. 80C2 07 |add dl,7
0040978D |> 8816 |mov byte ptr ds:[esi],dl ; 运算结果输入到[ESI]
0040978F |. 09C0 |or eax,eax
00409791 |.^ 75 EA \jnz short GreenSof.0040977D ; 除完了吗
00409793 |. 59 pop ecx
00409794 |. 5A pop edx
00409795 |. 29F1 sub ecx,esi
00409797 |. 29CA sub edx,ecx
00409799 |. 76 10 jbe short GreenSof.004097AB
0040979B |. 01D1 add ecx,edx
0040979D |. B0 30 mov al,30
0040979F |. 29D6 sub esi,edx
004097A1 |. EB 03 jmp short GreenSof.004097A6
004097A3 |> 880432 /mov byte ptr ds:[edx+esi],al
004097A6 |> 4A dec edx
004097A7 |.^ 75 FA \jnz short GreenSof.004097A3
004097A9 |. 8806 mov byte ptr ds:[esi],al
004097AB \> C3 retn
===========================================================================
007E3C41 |. 8D45 E0 lea eax,dword ptr ss:[ebp-20]
007E3C44 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C] ; EDX=运算后结果
007E3C47 |. 8A52 01 mov dl,byte ptr ds:[edx+1]
007E3C4A |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3C4D |. C600 01 mov byte ptr ds:[eax],1
007E3C50 |. 8D55 E0 lea edx,dword ptr ss:[ebp-20]
007E3C53 |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007E3C56 |. E8 41F6C1FF call GreenSof.0040329C
007E3C5B |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3C5E |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3C61 |. 8A52 02 mov dl,byte ptr ds:[edx+2]
007E3C64 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3C67 |. C600 01 mov byte ptr ds:[eax],1
007E3C6A |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3C6D |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007E3C70 |. B1 02 mov cl,2
007E3C72 |. E8 F5F5C1FF call GreenSof.0040326C
007E3C77 |. 8D55 DC lea edx,dword ptr ss:[ebp-24]
007E3C7A |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007E3C7D |. E8 1AF6C1FF call GreenSof.0040329C
007E3C82 |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3C85 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3C88 |. 8A52 03 mov dl,byte ptr ds:[edx+3]
007E3C8B |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3C8E |. C600 01 mov byte ptr ds:[eax],1
007E3C91 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3C94 |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007E3C97 |. B1 03 mov cl,3
007E3C99 |. E8 CEF5C1FF call GreenSof.0040326C
007E3C9E |. 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
007E3CA1 |. 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
007E3CA4 |. E8 BF0EC2FF call GreenSof.00404B68
007E3CA9 |. 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
007E3CAC |. E8 375CC2FF call GreenSof.004098E8
007E3CB1 |. 8BD8 mov ebx,eax
007E3CB3 |. 035D FC add ebx,dword ptr ss:[ebp-4]
007E3CB6 |. 8D55 F0 lea edx,dword ptr ss:[ebp-10]
007E3CB9 |. 8BC3 mov eax,ebx
007E3CBB |. E8 EC5AC2FF call GreenSof.004097AC
007E3CC0 |. 8D45 E0 lea eax,dword ptr ss:[ebp-20]
007E3CC3 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3CC6 |. 8A52 01 mov dl,byte ptr ds:[edx+1]
007E3CC9 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3CCC |. C600 01 mov byte ptr ds:[eax],1
007E3CCF |. 8D55 E0 lea edx,dword ptr ss:[ebp-20]
007E3CD2 |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007E3CD5 |. E8 C2F5C1FF call GreenSof.0040329C
007E3CDA |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3CDD |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3CE0 |. 8A52 03 mov dl,byte ptr ds:[edx+3]
007E3CE3 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3CE6 |. C600 01 mov byte ptr ds:[eax],1
007E3CE9 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3CEC |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007E3CEF |. B1 02 mov cl,2
007E3CF1 |. E8 76F5C1FF call GreenSof.0040326C
007E3CF6 |. 8D55 DC lea edx,dword ptr ss:[ebp-24]
007E3CF9 |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007E3CFC |. E8 9BF5C1FF call GreenSof.0040329C
007E3D01 |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3D04 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3D07 |. 8A12 mov dl,byte ptr ds:[edx]
007E3D09 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3D0C |. C600 01 mov byte ptr ds:[eax],1
007E3D0F |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3D12 |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007E3D15 |. B1 03 mov cl,3
007E3D17 |. E8 50F5C1FF call GreenSof.0040326C
007E3D1C |. 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
007E3D1F |. 8D45 C8 lea eax,dword ptr ss:[ebp-38]
007E3D22 |. E8 75F5C1FF call GreenSof.0040329C
007E3D27 |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3D2A |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3D2D |. 8A52 02 mov dl,byte ptr ds:[edx+2]
007E3D30 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3D33 |. C600 01 mov byte ptr ds:[eax],1
007E3D36 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3D39 |. 8D45 C8 lea eax,dword ptr ss:[ebp-38]
007E3D3C |. B1 04 mov cl,4
007E3D3E |. E8 29F5C1FF call GreenSof.0040326C
007E3D43 |. 8D55 C8 lea edx,dword ptr ss:[ebp-38]
007E3D46 |. 8D45 D0 lea eax,dword ptr ss:[ebp-30]
007E3D49 |. E8 1A0EC2FF call GreenSof.00404B68
007E3D4E |. 8B45 D0 mov eax,dword ptr ss:[ebp-30]
007E3D51 |. E8 925BC2FF call GreenSof.004098E8
007E3D56 |. 8BD8 mov ebx,eax
007E3D58 |. 035D F8 add ebx,dword ptr ss:[ebp-8]
007E3D5B |. 8D55 EC lea edx,dword ptr ss:[ebp-14]
007E3D5E |. 8BC3 mov eax,ebx
007E3D60 |. E8 475AC2FF call GreenSof.004097AC
007E3D65 |. 8D45 E0 lea eax,dword ptr ss:[ebp-20]
007E3D68 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3D6B |. 8A52 01 mov dl,byte ptr ds:[edx+1]
007E3D6E |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3D71 |. C600 01 mov byte ptr ds:[eax],1
007E3D74 |. 8D55 E0 lea edx,dword ptr ss:[ebp-20]
007E3D77 |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007E3D7A |. E8 1DF5C1FF call GreenSof.0040329C
007E3D7F |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3D82 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3D85 |. 8A12 mov dl,byte ptr ds:[edx]
007E3D87 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3D8A |. C600 01 mov byte ptr ds:[eax],1
007E3D8D |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3D90 |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007E3D93 |. B1 02 mov cl,2
007E3D95 |. E8 D2F4C1FF call GreenSof.0040326C
007E3D9A |. 8D55 DC lea edx,dword ptr ss:[ebp-24]
007E3D9D |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007E3DA0 |. E8 F7F4C1FF call GreenSof.0040329C
007E3DA5 |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3DA8 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3DAB |. 8A52 01 mov dl,byte ptr ds:[edx+1]
007E3DAE |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3DB1 |. C600 01 mov byte ptr ds:[eax],1
007E3DB4 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3DB7 |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007E3DBA |. B1 03 mov cl,3
007E3DBC |. E8 ABF4C1FF call GreenSof.0040326C
007E3DC1 |. 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
007E3DC4 |. 8D45 C8 lea eax,dword ptr ss:[ebp-38]
007E3DC7 |. E8 D0F4C1FF call GreenSof.0040329C
007E3DCC |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3DCF |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3DD2 |. 8A52 03 mov dl,byte ptr ds:[edx+3]
007E3DD5 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3DD8 |. C600 01 mov byte ptr ds:[eax],1
007E3DDB |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3DDE |. 8D45 C8 lea eax,dword ptr ss:[ebp-38]
007E3DE1 |. B1 04 mov cl,4
007E3DE3 |. E8 84F4C1FF call GreenSof.0040326C
007E3DE8 |. 8D55 C8 lea edx,dword ptr ss:[ebp-38]
007E3DEB |. 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
007E3DEE |. E8 750DC2FF call GreenSof.00404B68
007E3DF3 |. 8B45 C4 mov eax,dword ptr ss:[ebp-3C]
007E3DF6 |. E8 ED5AC2FF call GreenSof.004098E8
007E3DFB |. 8BD8 mov ebx,eax
007E3DFD |. 03DF add ebx,edi
007E3DFF |. 8D55 E8 lea edx,dword ptr ss:[ebp-18]
007E3E02 |. 8BC3 mov eax,ebx
007E3E04 |. E8 A359C2FF call GreenSof.004097AC
007E3E09 |. 8BC6 mov eax,esi
007E3E0B |. 8B10 mov edx,dword ptr ds:[eax]
007E3E0D |. FF52 44 call dword ptr ds:[edx+44]
007E3E10 |. 8D55 BC lea edx,dword ptr ss:[ebp-44]
007E3E13 |. 8B45 F0 mov eax,dword ptr ss:[ebp-10]
007E3E16 |. E8 D1750000 call GreenSof.007EB3EC
007E3E1B |. FF75 BC push dword ptr ss:[ebp-44]
007E3E1E |. 68 50B17E00 push GreenSof.007EB150
007E3E23 |. 8D55 B8 lea edx,dword ptr ss:[ebp-48]
007E3E26 |. 8B45 EC mov eax,dword ptr ss:[ebp-14]
007E3E29 |. E8 BE750000 call GreenSof.007EB3EC
007E3E2E |. FF75 B8 push dword ptr ss:[ebp-48]
007E3E31 |. 68 50B17E00 push GreenSof.007EB150
007E3E36 |. 8D55 B4 lea edx,dword ptr ss:[ebp-4C]
007E3E39 |. 8B45 E8 mov eax,dword ptr ss:[ebp-18]
007E3E3C |. E8 AB750000 call GreenSof.007EB3EC
007E3E41 |. FF75 B4 push dword ptr ss:[ebp-4C]
007E3E44 |. 8D45 C0 lea eax,dword ptr ss:[ebp-40]
007E3E47 |. BA 05000000 mov edx,5
007E3E4C |. E8 330EC2FF call GreenSof.00404C84
007E3E51 |. 8B55 C0 mov edx,dword ptr ss:[ebp-40] ; EDX=FLT5-XVQQF2NMP4-AQRHFLKH
....................省略
省略.....................自己跟踪一下看看
007EAF60 |. 8BD8 mov ebx,eax
007EAF62 |. 6B45 F8 2A imul eax,dword ptr ss:[ebp-8],2A
007EAF66 |. B9 17000000 mov ecx,17
007EAF6B |. 99 cdq
007EAF6C |. F7F9 idiv ecx
007EAF6E |. 03D8 add ebx,eax
007EAF70 |. 8D55 EC lea edx,dword ptr ss:[ebp-14]
007EAF73 |. 8BC3 mov eax,ebx
007EAF75 |. E8 32E8C1FF call GreenSof.004097AC
007EAF7A |. 8D45 E0 lea eax,dword ptr ss:[ebp-20]
007EAF7D |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007EAF80 |. 8A52 01 mov dl,byte ptr ds:[edx+1]
007EAF83 |. 8850 01 mov byte ptr ds:[eax+1],dl
007EAF86 |. C600 01 mov byte ptr ds:[eax],1
007EAF89 |. 8D55 E0 lea edx,dword ptr ss:[ebp-20]
007EAF8C |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007EAF8F |. E8 0883C1FF call GreenSof.0040329C
007EAF94 |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007EAF97 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007EAF9A |. 8A12 mov dl,byte ptr ds:[edx]
007EAF9C |. 8850 01 mov byte ptr ds:[eax+1],dl
007EAF9F |. C600 01 mov byte ptr ds:[eax],1
007EAFA2 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007EAFA5 |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007EAFA8 |. B1 02 mov cl,2
007EAFAA |. E8 BD82C1FF call GreenSof.0040326C
007EAFAF |. 8D55 DC lea edx,dword ptr ss:[ebp-24]
007EAFB2 |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007EAFB5 |. E8 E282C1FF call GreenSof.0040329C
007EAFBA |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007EAFBD |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007EAFC0 |. 8A52 01 mov dl,byte ptr ds:[edx+1]
007EAFC3 |. 8850 01 mov byte ptr ds:[eax+1],dl
007EAFC6 |. C600 01 mov byte ptr ds:[eax],1
007EAFC9 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007EAFCC |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007EAFCF |. B1 03 mov cl,3
007EAFD1 |. E8 9682C1FF call GreenSof.0040326C
007EAFD6 |. 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
007EAFD9 |. 8D45 C8 lea eax,dword ptr ss:[ebp-38]
007EAFDC |. E8 BB82C1FF call GreenSof.0040329C
007EAFE1 |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007EAFE4 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007EAFE7 |. 8A52 03 mov dl,byte ptr ds:[edx+3]
007EAFEA |. 8850 01 mov byte ptr ds:[eax+1],dl
007EAFED |. C600 01 mov byte ptr ds:[eax],1
007EAFF0 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007EAFF3 |. 8D45 C8 lea eax,dword ptr ss:[ebp-38]
007EAFF6 |. B1 04 mov cl,4
007EAFF8 |. E8 6F82C1FF call GreenSof.0040326C
007EAFFD |. 8D55 C8 lea edx,dword ptr ss:[ebp-38]
007EB000 |. 8D85 84FAFFFF lea eax,dword ptr ss:[ebp-57C]
007EB006 |. E8 5D9BC1FF call GreenSof.00404B68
007EB00B |. 8B85 84FAFFFF mov eax,dword ptr ss:[ebp-57C]
007EB011 |. E8 D2E8C1FF call GreenSof.004098E8
007EB016 |. 8BD8 mov ebx,eax
007EB018 |. 6BC7 35 imul eax,edi,35
007EB01B |. B9 1B000000 mov ecx,1B
007EB020 |. 99 cdq
007EB021 |. F7F9 idiv ecx
007EB023 |. 03D8 add ebx,eax
007EB025 |. 8D55 E8 lea edx,dword ptr ss:[ebp-18]
007EB028 |. 8BC3 mov eax,ebx
007EB02A |. E8 7DE7C1FF call GreenSof.004097AC
007EB02F |. 8D95 7CFAFFFF lea edx,dword ptr ss:[ebp-584]
007EB035 |. 8B45 F0 mov eax,dword ptr ss:[ebp-10]
007EB038 |. E8 AF030000 call GreenSof.007EB3EC
007EB03D |. FFB5 7CFAFFFF push dword ptr ss:[ebp-584]
007EB043 |. 68 50B17E00 push GreenSof.007EB150
007EB048 |. 8D95 78FAFFFF lea edx,dword ptr ss:[ebp-588]
007EB04E |. 8B45 EC mov eax,dword ptr ss:[ebp-14]
007EB051 |. E8 96030000 call GreenSof.007EB3EC
007EB056 |. FFB5 78FAFFFF push dword ptr ss:[ebp-588]
007EB05C |. 68 50B17E00 push GreenSof.007EB150
007EB061 |. 8D95 74FAFFFF lea edx,dword ptr ss:[ebp-58C]
007EB067 |. 8B45 E8 mov eax,dword ptr ss:[ebp-18]
007EB06A |. E8 7D030000 call GreenSof.007EB3EC
007EB06F |. FFB5 74FAFFFF push dword ptr ss:[ebp-58C]
007EB075 |. 8D85 80FAFFFF lea eax,dword ptr ss:[ebp-580]
007EB07B |. BA 05000000 mov edx,5
007EB080 |. E8 FF9BC1FF call GreenSof.00404C84
007EB085 |. 8B95 80FAFFFF mov edx,dword ptr ss:[ebp-580]
007EB08B |. 8BC6 mov eax,esi **************; DD EDX 这里可以做内存注册机
总结:
我第一次看见这么长的加密算法
以下是我不完全跟踪得到的一些充值码
DD Ebp-580看到内存区域的充值码内容
0012F160 00EF4914 ASCII "SCMSSLBD"
0012F164 00EF48CC ASCII "C9UQFBDI"
0012F168 00EF4888 ASCII "AQXT"
0012F16C 00EF492C ASCII "AQXT-C9UQFBDI-SCMSSLBD" 充值码到期日 2050 12/31
............................. 省略:( :(
【破解作者】 kyc
【作者邮箱】 [email]muyang008@163.com[/email]
【使用工具】 OD1.1
【破解平台】 Win2003
【软件名称】 (Greensoft)格林财务软件 3.55.12.08
http://www.greensoft.cn/
【软件简介】 一套易学易用的商品化通用财务软件,会计电算化的好帮手。
本软件是根据最新会计制度,使用C++、DELPHI等优秀的开发工具, 以SQL_Server、 Access为底层数据库。在软件开发中采用了多种独有的尖端技术,
充分发挥计算机特点,研发出来的一套功能强大、技术领先、安全稳定、易学易用的商品化通用财务软件。适用于各类大、中、小型企业,行政、
事业单位。
财务软件教程下载地址:http://www.greensoft.cn/download.htm
【软件大小】 2129KB
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】这个软件是以充值方式注册的,每年充值费480.00元。
根据软件充值错误提示,很容易找到如下代码,以下代码是从OD1.1中拷贝出的代码:
008186FF . 55 push ebp
00818700 . 68 D78D8100 push GreenSof.00818DD7
00818705 . 64:FF30 push dword ptr fs:[eax]
00818708 . 64:8920 mov dword ptr fs:[eax],esp
0081870B . E8 583FFDFF call GreenSof.007EC668 ; 这里有异常
00818710 . 8BD8 mov ebx,eax ; F2 所以在这里下断
00818712 . 8D55 E0 lea edx,dword ptr ss:[ebp-20]
00818715 . 8B45 FC mov eax,dword ptr ss:[ebp-4]
00818718 . 8B80 10030000 mov eax,dword ptr ds:[eax+310]
0081871E . E8 E123C5FF call GreenSof.0046AB04 ; 第一组CODE长度
00818723 . 8B45 E0 mov eax,dword ptr ss:[ebp-20] ; EAX=第一组CODE
00818726 . 8D55 E4 lea edx,dword ptr ss:[ebp-1C]
00818729 . E8 3E0CBFFF call GreenSof.0040936C
0081872E . 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
00818731 . 8D55 F0 lea edx,dword ptr ss:[ebp-10]
00818734 . E8 BB09BFFF call GreenSof.004090F4
00818739 . 8D55 D8 lea edx,dword ptr ss:[ebp-28]
0081873C . 8B45 FC mov eax,dword ptr ss:[ebp-4]
0081873F . 8B80 3C030000 mov eax,dword ptr ds:[eax+33C]
00818745 . E8 BA23C5FF call GreenSof.0046AB04 ; 第2组CODE长度
0081874A . 8B45 D8 mov eax,dword ptr ss:[ebp-28] ; EAX=第2组CODE
0081874D . 8D55 DC lea edx,dword ptr ss:[ebp-24]
00818750 . E8 170CBFFF call GreenSof.0040936C
00818755 . 8B45 DC mov eax,dword ptr ss:[ebp-24]
00818758 . 8D55 EC lea edx,dword ptr ss:[ebp-14]
0081875B . E8 9409BFFF call GreenSof.004090F4
00818760 . 8D55 D0 lea edx,dword ptr ss:[ebp-30]
00818763 . 8B45 FC mov eax,dword ptr ss:[ebp-4]
00818766 . 8B80 40030000 mov eax,dword ptr ds:[eax+340]
0081876C . E8 9323C5FF call GreenSof.0046AB04 ; 第3组CODE长度
00818771 . 8B45 D0 mov eax,dword ptr ss:[ebp-30] ; EAX=第3组CODE
00818774 . 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
00818777 . E8 F00BBFFF call GreenSof.0040936C
0081877C . 8B45 D4 mov eax,dword ptr ss:[ebp-2C]
0081877F . 8D55 E8 lea edx,dword ptr ss:[ebp-18]
00818782 . E8 6D09BFFF call GreenSof.004090F4
00818787 . A1 50248800 mov eax,dword ptr ds:[882450]
0081878C . 8338 00 cmp dword ptr ds:[eax],0
0081878F . 74 33 je short GreenSof.008187C4
00818791 . A1 AC248800 mov eax,dword ptr ds:[8824AC]
00818796 . 8338 00 cmp dword ptr ds:[eax],0
00818799 . 74 29 je short GreenSof.008187C4
0081879B . 8B45 F0 mov eax,dword ptr ss:[ebp-10] ; EAX=第1组CODE
0081879E . 50 push eax
0081879F . 8B45 EC mov eax,dword ptr ss:[ebp-14] ; EAX=第2组CODE
008187A2 . 50 push eax
008187A3 . 8B45 E8 mov eax,dword ptr ss:[ebp-18] ; EAX=第3组CODE
008187A6 . 50 push eax
008187A7 . 6A 01 push 1
008187A9 . 8B15 AC248800 mov edx,dword ptr ds:[8824AC] ; GreenSof.00884124
008187AF . 8B12 mov edx,dword ptr ds:[edx]
008187B1 . A1 50248800 mov eax,dword ptr ds:[882450]
008187B6 . 8B00 mov eax,dword ptr ds:[eax]
008187B8 . 8BCB mov ecx,ebx
008187BA . E8 9529FDFF call GreenSof.007EB154 ;
008187BF . 8945 F8 mov dword ptr ss:[ebp-8],eax
008187C2 . EB 07 jmp short GreenSof.008187CB
008187C4 > C745 F8 FFFFF>mov dword ptr ss:[ebp-8],-1
008187CB > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
008187CE . 83E8 31 sub eax,31
008187D1 . 0F83 90050000 jnb GreenSof.00818D67
===================================================================================jmp GreenSof.007EB324
007EB324 > \837D F0 00 cmp dword ptr ss:[ebp-10],0
007EB328 . 74 1A je short GreenSof.007EB344
007EB32A . 8B45 F4 mov eax,dword ptr ss:[ebp-C]
007EB32D . 50 push eax
007EB32E . 8B45 F0 mov eax,dword ptr ss:[ebp-10] ; EAX=3组CODE
007EB331 . 50 push eax
007EB332 . 8B4D F8 mov ecx,dword ptr ss:[ebp-8]
007EB335 . 8B55 FC mov edx,dword ptr ss:[ebp-4]
007EB338 . A1 D8408800 mov eax,dword ptr ds:[8840D8]
007EB33D . E8 B288FFFF call GreenSof.007E3BF4 ; F7 关键算法
007EB342 . EB 03 jmp short GreenSof.007EB347
========================================================================call GreenSof.007E3BF4这里需要有耐性有8千多行的代码。
每个充值到期日的算法好象都不同.看的头晕
007E3BF4 /$ 55 push ebp
007E3BF5 |. 8BEC mov ebp,esp
007E3BF7 |. 51 push ecx
007E3BF8 |. B9 B1000000 mov ecx,0B1
007E3BFD |> 6A 00 /push 0
007E3BFF |. 6A 00 |push 0
007E3C01 |. 49 |dec ecx
007E3C02 |.^ 75 F9 \jnz short GreenSof.007E3BFD
007E3C04 |. 874D FC xchg dword ptr ss:[ebp-4],ecx ; F4
007E3C07 |. 53 push ebx
007E3C08 |. 56 push esi
007E3C09 |. 57 push edi
007E3C0A |. 894D F8 mov dword ptr ss:[ebp-8],ecx ; 充值帐号
007E3C0D |. 8955 FC mov dword ptr ss:[ebp-4],edx
007E3C10 |. 8B7D 0C mov edi,dword ptr ss:[ebp+C] ; 充值帐号
007E3C13 |. 8B45 08 mov eax,dword ptr ss:[ebp+8] ; 我们输入的充值号
007E3C16 |. E8 9911C2FF call GreenSof.00404DB4
007E3C1B |. 33C0 xor eax,eax
007E3C1D |. 55 push ebp
007E3C1E |. 68 30B17E00 push GreenSof.007EB130
007E3C23 |. 64:FF30 push dword ptr fs:[eax]
007E3C26 |. 64:8920 mov dword ptr fs:[eax],esp
007E3C29 |. B2 01 mov dl,1
007E3C2B |. A1 C8C84100 mov eax,dword ptr ds:[41C8C8]
007E3C30 |. E8 23FEC1FF call GreenSof.00403A58
007E3C35 |. 8BF0 mov esi,eax
007E3C37 |. 8D55 F4 lea edx,dword ptr ss:[ebp-C]
007E3C3A |. 8BC7 mov eax,edi
007E3C3C |. E8 6B5BC2FF call GreenSof.004097AC F7
==========================================================================call GreenSof.004097AC
004097AC /$ 56 push esi
004097AD |. 89E6 mov esi,esp
004097AF |. 83EC 10 sub esp,10
004097B2 |. 31C9 xor ecx,ecx
004097B4 |. 52 push edx
004097B5 |. 31D2 xor edx,edx
004097B7 |. E8 A4FFFFFF call GreenSof.00409760 ; F7
004097BC |. 89F2 mov edx,esi
004097BE |. 58 pop eax
004097BF |. E8 20B2FFFF call GreenSof.004049E4
004097C4 |. 83C4 10 add esp,10
004097C7 |. 5E pop esi
004097C8 \. C3 retn
========================================================================call GreenSof.00409760
00409760 /$ 08C9 or cl,cl
00409762 |. 75 17 jnz short GreenSof.0040977B
00409764 |. 09C0 or eax,eax
00409766 |. 79 0E jns short GreenSof.00409776
00409768 |. F7D8 neg eax
0040976A |. E8 07000000 call GreenSof.00409776
0040976F |. B0 2D mov al,2D
00409771 |. 41 inc ecx
00409772 |. 4E dec esi
00409773 |. 8806 mov byte ptr ds:[esi],al
00409775 |. C3 retn
00409776 |$ B9 0A000000 mov ecx,0A ;ECX=A=10D
0040977B |> 52 push edx
0040977C |. 56 push esi
0040977D |> 31D2 /xor edx,edx
0040977F |. F7F1 |div ecx ; 充值帐号/A
00409781 |. 4E |dec esi
00409782 |. 80C2 30 |add dl,30 ; 充值帐号%A+30
00409785 |. 80FA 3A |cmp dl,3A
00409788 |. 72 03 |jb short GreenSof.0040978D ; 小于3A吗
0040978A |. 80C2 07 |add dl,7
0040978D |> 8816 |mov byte ptr ds:[esi],dl ; 运算结果输入到[ESI]
0040978F |. 09C0 |or eax,eax
00409791 |.^ 75 EA \jnz short GreenSof.0040977D ; 除完了吗
00409793 |. 59 pop ecx
00409794 |. 5A pop edx
00409795 |. 29F1 sub ecx,esi
00409797 |. 29CA sub edx,ecx
00409799 |. 76 10 jbe short GreenSof.004097AB
0040979B |. 01D1 add ecx,edx
0040979D |. B0 30 mov al,30
0040979F |. 29D6 sub esi,edx
004097A1 |. EB 03 jmp short GreenSof.004097A6
004097A3 |> 880432 /mov byte ptr ds:[edx+esi],al
004097A6 |> 4A dec edx
004097A7 |.^ 75 FA \jnz short GreenSof.004097A3
004097A9 |. 8806 mov byte ptr ds:[esi],al
004097AB \> C3 retn
===========================================================================
007E3C41 |. 8D45 E0 lea eax,dword ptr ss:[ebp-20]
007E3C44 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C] ; EDX=运算后结果
007E3C47 |. 8A52 01 mov dl,byte ptr ds:[edx+1]
007E3C4A |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3C4D |. C600 01 mov byte ptr ds:[eax],1
007E3C50 |. 8D55 E0 lea edx,dword ptr ss:[ebp-20]
007E3C53 |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007E3C56 |. E8 41F6C1FF call GreenSof.0040329C
007E3C5B |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3C5E |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3C61 |. 8A52 02 mov dl,byte ptr ds:[edx+2]
007E3C64 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3C67 |. C600 01 mov byte ptr ds:[eax],1
007E3C6A |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3C6D |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007E3C70 |. B1 02 mov cl,2
007E3C72 |. E8 F5F5C1FF call GreenSof.0040326C
007E3C77 |. 8D55 DC lea edx,dword ptr ss:[ebp-24]
007E3C7A |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007E3C7D |. E8 1AF6C1FF call GreenSof.0040329C
007E3C82 |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3C85 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3C88 |. 8A52 03 mov dl,byte ptr ds:[edx+3]
007E3C8B |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3C8E |. C600 01 mov byte ptr ds:[eax],1
007E3C91 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3C94 |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007E3C97 |. B1 03 mov cl,3
007E3C99 |. E8 CEF5C1FF call GreenSof.0040326C
007E3C9E |. 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
007E3CA1 |. 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
007E3CA4 |. E8 BF0EC2FF call GreenSof.00404B68
007E3CA9 |. 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
007E3CAC |. E8 375CC2FF call GreenSof.004098E8
007E3CB1 |. 8BD8 mov ebx,eax
007E3CB3 |. 035D FC add ebx,dword ptr ss:[ebp-4]
007E3CB6 |. 8D55 F0 lea edx,dword ptr ss:[ebp-10]
007E3CB9 |. 8BC3 mov eax,ebx
007E3CBB |. E8 EC5AC2FF call GreenSof.004097AC
007E3CC0 |. 8D45 E0 lea eax,dword ptr ss:[ebp-20]
007E3CC3 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3CC6 |. 8A52 01 mov dl,byte ptr ds:[edx+1]
007E3CC9 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3CCC |. C600 01 mov byte ptr ds:[eax],1
007E3CCF |. 8D55 E0 lea edx,dword ptr ss:[ebp-20]
007E3CD2 |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007E3CD5 |. E8 C2F5C1FF call GreenSof.0040329C
007E3CDA |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3CDD |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3CE0 |. 8A52 03 mov dl,byte ptr ds:[edx+3]
007E3CE3 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3CE6 |. C600 01 mov byte ptr ds:[eax],1
007E3CE9 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3CEC |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007E3CEF |. B1 02 mov cl,2
007E3CF1 |. E8 76F5C1FF call GreenSof.0040326C
007E3CF6 |. 8D55 DC lea edx,dword ptr ss:[ebp-24]
007E3CF9 |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007E3CFC |. E8 9BF5C1FF call GreenSof.0040329C
007E3D01 |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3D04 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3D07 |. 8A12 mov dl,byte ptr ds:[edx]
007E3D09 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3D0C |. C600 01 mov byte ptr ds:[eax],1
007E3D0F |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3D12 |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007E3D15 |. B1 03 mov cl,3
007E3D17 |. E8 50F5C1FF call GreenSof.0040326C
007E3D1C |. 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
007E3D1F |. 8D45 C8 lea eax,dword ptr ss:[ebp-38]
007E3D22 |. E8 75F5C1FF call GreenSof.0040329C
007E3D27 |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3D2A |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3D2D |. 8A52 02 mov dl,byte ptr ds:[edx+2]
007E3D30 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3D33 |. C600 01 mov byte ptr ds:[eax],1
007E3D36 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3D39 |. 8D45 C8 lea eax,dword ptr ss:[ebp-38]
007E3D3C |. B1 04 mov cl,4
007E3D3E |. E8 29F5C1FF call GreenSof.0040326C
007E3D43 |. 8D55 C8 lea edx,dword ptr ss:[ebp-38]
007E3D46 |. 8D45 D0 lea eax,dword ptr ss:[ebp-30]
007E3D49 |. E8 1A0EC2FF call GreenSof.00404B68
007E3D4E |. 8B45 D0 mov eax,dword ptr ss:[ebp-30]
007E3D51 |. E8 925BC2FF call GreenSof.004098E8
007E3D56 |. 8BD8 mov ebx,eax
007E3D58 |. 035D F8 add ebx,dword ptr ss:[ebp-8]
007E3D5B |. 8D55 EC lea edx,dword ptr ss:[ebp-14]
007E3D5E |. 8BC3 mov eax,ebx
007E3D60 |. E8 475AC2FF call GreenSof.004097AC
007E3D65 |. 8D45 E0 lea eax,dword ptr ss:[ebp-20]
007E3D68 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3D6B |. 8A52 01 mov dl,byte ptr ds:[edx+1]
007E3D6E |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3D71 |. C600 01 mov byte ptr ds:[eax],1
007E3D74 |. 8D55 E0 lea edx,dword ptr ss:[ebp-20]
007E3D77 |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007E3D7A |. E8 1DF5C1FF call GreenSof.0040329C
007E3D7F |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3D82 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3D85 |. 8A12 mov dl,byte ptr ds:[edx]
007E3D87 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3D8A |. C600 01 mov byte ptr ds:[eax],1
007E3D8D |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3D90 |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007E3D93 |. B1 02 mov cl,2
007E3D95 |. E8 D2F4C1FF call GreenSof.0040326C
007E3D9A |. 8D55 DC lea edx,dword ptr ss:[ebp-24]
007E3D9D |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007E3DA0 |. E8 F7F4C1FF call GreenSof.0040329C
007E3DA5 |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3DA8 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3DAB |. 8A52 01 mov dl,byte ptr ds:[edx+1]
007E3DAE |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3DB1 |. C600 01 mov byte ptr ds:[eax],1
007E3DB4 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3DB7 |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007E3DBA |. B1 03 mov cl,3
007E3DBC |. E8 ABF4C1FF call GreenSof.0040326C
007E3DC1 |. 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
007E3DC4 |. 8D45 C8 lea eax,dword ptr ss:[ebp-38]
007E3DC7 |. E8 D0F4C1FF call GreenSof.0040329C
007E3DCC |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007E3DCF |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007E3DD2 |. 8A52 03 mov dl,byte ptr ds:[edx+3]
007E3DD5 |. 8850 01 mov byte ptr ds:[eax+1],dl
007E3DD8 |. C600 01 mov byte ptr ds:[eax],1
007E3DDB |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007E3DDE |. 8D45 C8 lea eax,dword ptr ss:[ebp-38]
007E3DE1 |. B1 04 mov cl,4
007E3DE3 |. E8 84F4C1FF call GreenSof.0040326C
007E3DE8 |. 8D55 C8 lea edx,dword ptr ss:[ebp-38]
007E3DEB |. 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
007E3DEE |. E8 750DC2FF call GreenSof.00404B68
007E3DF3 |. 8B45 C4 mov eax,dword ptr ss:[ebp-3C]
007E3DF6 |. E8 ED5AC2FF call GreenSof.004098E8
007E3DFB |. 8BD8 mov ebx,eax
007E3DFD |. 03DF add ebx,edi
007E3DFF |. 8D55 E8 lea edx,dword ptr ss:[ebp-18]
007E3E02 |. 8BC3 mov eax,ebx
007E3E04 |. E8 A359C2FF call GreenSof.004097AC
007E3E09 |. 8BC6 mov eax,esi
007E3E0B |. 8B10 mov edx,dword ptr ds:[eax]
007E3E0D |. FF52 44 call dword ptr ds:[edx+44]
007E3E10 |. 8D55 BC lea edx,dword ptr ss:[ebp-44]
007E3E13 |. 8B45 F0 mov eax,dword ptr ss:[ebp-10]
007E3E16 |. E8 D1750000 call GreenSof.007EB3EC
007E3E1B |. FF75 BC push dword ptr ss:[ebp-44]
007E3E1E |. 68 50B17E00 push GreenSof.007EB150
007E3E23 |. 8D55 B8 lea edx,dword ptr ss:[ebp-48]
007E3E26 |. 8B45 EC mov eax,dword ptr ss:[ebp-14]
007E3E29 |. E8 BE750000 call GreenSof.007EB3EC
007E3E2E |. FF75 B8 push dword ptr ss:[ebp-48]
007E3E31 |. 68 50B17E00 push GreenSof.007EB150
007E3E36 |. 8D55 B4 lea edx,dword ptr ss:[ebp-4C]
007E3E39 |. 8B45 E8 mov eax,dword ptr ss:[ebp-18]
007E3E3C |. E8 AB750000 call GreenSof.007EB3EC
007E3E41 |. FF75 B4 push dword ptr ss:[ebp-4C]
007E3E44 |. 8D45 C0 lea eax,dword ptr ss:[ebp-40]
007E3E47 |. BA 05000000 mov edx,5
007E3E4C |. E8 330EC2FF call GreenSof.00404C84
007E3E51 |. 8B55 C0 mov edx,dword ptr ss:[ebp-40] ; EDX=FLT5-XVQQF2NMP4-AQRHFLKH
....................省略
省略.....................自己跟踪一下看看
007EAF60 |. 8BD8 mov ebx,eax
007EAF62 |. 6B45 F8 2A imul eax,dword ptr ss:[ebp-8],2A
007EAF66 |. B9 17000000 mov ecx,17
007EAF6B |. 99 cdq
007EAF6C |. F7F9 idiv ecx
007EAF6E |. 03D8 add ebx,eax
007EAF70 |. 8D55 EC lea edx,dword ptr ss:[ebp-14]
007EAF73 |. 8BC3 mov eax,ebx
007EAF75 |. E8 32E8C1FF call GreenSof.004097AC
007EAF7A |. 8D45 E0 lea eax,dword ptr ss:[ebp-20]
007EAF7D |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007EAF80 |. 8A52 01 mov dl,byte ptr ds:[edx+1]
007EAF83 |. 8850 01 mov byte ptr ds:[eax+1],dl
007EAF86 |. C600 01 mov byte ptr ds:[eax],1
007EAF89 |. 8D55 E0 lea edx,dword ptr ss:[ebp-20]
007EAF8C |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007EAF8F |. E8 0883C1FF call GreenSof.0040329C
007EAF94 |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007EAF97 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007EAF9A |. 8A12 mov dl,byte ptr ds:[edx]
007EAF9C |. 8850 01 mov byte ptr ds:[eax+1],dl
007EAF9F |. C600 01 mov byte ptr ds:[eax],1
007EAFA2 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007EAFA5 |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
007EAFA8 |. B1 02 mov cl,2
007EAFAA |. E8 BD82C1FF call GreenSof.0040326C
007EAFAF |. 8D55 DC lea edx,dword ptr ss:[ebp-24]
007EAFB2 |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007EAFB5 |. E8 E282C1FF call GreenSof.0040329C
007EAFBA |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007EAFBD |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007EAFC0 |. 8A52 01 mov dl,byte ptr ds:[edx+1]
007EAFC3 |. 8850 01 mov byte ptr ds:[eax+1],dl
007EAFC6 |. C600 01 mov byte ptr ds:[eax],1
007EAFC9 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007EAFCC |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
007EAFCF |. B1 03 mov cl,3
007EAFD1 |. E8 9682C1FF call GreenSof.0040326C
007EAFD6 |. 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
007EAFD9 |. 8D45 C8 lea eax,dword ptr ss:[ebp-38]
007EAFDC |. E8 BB82C1FF call GreenSof.0040329C
007EAFE1 |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
007EAFE4 |. 8B55 F4 mov edx,dword ptr ss:[ebp-C]
007EAFE7 |. 8A52 03 mov dl,byte ptr ds:[edx+3]
007EAFEA |. 8850 01 mov byte ptr ds:[eax+1],dl
007EAFED |. C600 01 mov byte ptr ds:[eax],1
007EAFF0 |. 8D55 D8 lea edx,dword ptr ss:[ebp-28]
007EAFF3 |. 8D45 C8 lea eax,dword ptr ss:[ebp-38]
007EAFF6 |. B1 04 mov cl,4
007EAFF8 |. E8 6F82C1FF call GreenSof.0040326C
007EAFFD |. 8D55 C8 lea edx,dword ptr ss:[ebp-38]
007EB000 |. 8D85 84FAFFFF lea eax,dword ptr ss:[ebp-57C]
007EB006 |. E8 5D9BC1FF call GreenSof.00404B68
007EB00B |. 8B85 84FAFFFF mov eax,dword ptr ss:[ebp-57C]
007EB011 |. E8 D2E8C1FF call GreenSof.004098E8
007EB016 |. 8BD8 mov ebx,eax
007EB018 |. 6BC7 35 imul eax,edi,35
007EB01B |. B9 1B000000 mov ecx,1B
007EB020 |. 99 cdq
007EB021 |. F7F9 idiv ecx
007EB023 |. 03D8 add ebx,eax
007EB025 |. 8D55 E8 lea edx,dword ptr ss:[ebp-18]
007EB028 |. 8BC3 mov eax,ebx
007EB02A |. E8 7DE7C1FF call GreenSof.004097AC
007EB02F |. 8D95 7CFAFFFF lea edx,dword ptr ss:[ebp-584]
007EB035 |. 8B45 F0 mov eax,dword ptr ss:[ebp-10]
007EB038 |. E8 AF030000 call GreenSof.007EB3EC
007EB03D |. FFB5 7CFAFFFF push dword ptr ss:[ebp-584]
007EB043 |. 68 50B17E00 push GreenSof.007EB150
007EB048 |. 8D95 78FAFFFF lea edx,dword ptr ss:[ebp-588]
007EB04E |. 8B45 EC mov eax,dword ptr ss:[ebp-14]
007EB051 |. E8 96030000 call GreenSof.007EB3EC
007EB056 |. FFB5 78FAFFFF push dword ptr ss:[ebp-588]
007EB05C |. 68 50B17E00 push GreenSof.007EB150
007EB061 |. 8D95 74FAFFFF lea edx,dword ptr ss:[ebp-58C]
007EB067 |. 8B45 E8 mov eax,dword ptr ss:[ebp-18]
007EB06A |. E8 7D030000 call GreenSof.007EB3EC
007EB06F |. FFB5 74FAFFFF push dword ptr ss:[ebp-58C]
007EB075 |. 8D85 80FAFFFF lea eax,dword ptr ss:[ebp-580]
007EB07B |. BA 05000000 mov edx,5
007EB080 |. E8 FF9BC1FF call GreenSof.00404C84
007EB085 |. 8B95 80FAFFFF mov edx,dword ptr ss:[ebp-580]
007EB08B |. 8BC6 mov eax,esi **************; DD EDX 这里可以做内存注册机
总结:
我第一次看见这么长的加密算法
以下是我不完全跟踪得到的一些充值码
DD Ebp-580看到内存区域的充值码内容
0012F160 00EF4914 ASCII "SCMSSLBD"
0012F164 00EF48CC ASCII "C9UQFBDI"
0012F168 00EF4888 ASCII "AQXT"
0012F16C 00EF492C ASCII "AQXT-C9UQFBDI-SCMSSLBD" 充值码到期日 2050 12/31
............................. 省略:( :(
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
