目标软件: Archive XP 2003 v10.92 SP9b
软件大小: 3.47 MB
软件语言: 英文
软件类别: 国外软件 / 共享版 / 压缩解压
运行环境: Win9x/NT/2000/XP/
下载地址: http://www.65888.com/soft/soft/870.htm
软件介绍:
获得了“Designed for Windows”徽标认证的 Archive XP 2003
是一个高性能的文件压缩工具,支持包括ZIP,ACE,RAR,CAB,7ZIP,GZIP等在内的超过31种压缩格式,内置一个功能强大而且非常容易使用的文件管理器,可以让你轻松管理压缩包里的文件,支持快速对整个硬盘进行搜索功能,程序可以无缝整合到Windows中,使得操作更加简单方便,支持Plugin功能,可以无限制的增加压缩功能!
使用工具: TRW2000 V1.23、FengMa's Toy Beta1
破解过程:
首先,我们来看看我们在输入序列号而未点“OK”按钮的时候,程序是怎样验证你输入序列号的格式的:
PUSH EBP
MOV EBP,ESP
XOR
ECX,ECX
PUSH ECX
PUSH ECX
PUSH
ECX
PUSH ECX
PUSH ECX
PUSH
ECX
PUSH ECX
PUSH ECX
PUSH
EBX
PUSH ESI
MOV
ESI,EAX
XOR EAX,EAX
PUSH
EBP
PUSH DWORD 004AA13C
PUSH DWORD
[FS:EAX]
MOV [FS:EAX],ESP
MOV
BL,01
XOR EDX,EDX
MOV
EAX,[ESI+033C]
CALL 0043966C
LEA
EDX,[EBP-04]
MOV EAX,[ESI+02FC]
CALL
00475BD4 //序列号必须为
20 位
MOV EAX,[EBP-04]
CALL
00405100
CMP EAX,BYTE +04
JZ
004AA033
XOR EBX,EBX
LEA
EDX,[EBP-08]
MOV EAX,[ESI+0304]
CALL
00475BD4
MOV EAX,[EBP-08]
CALL
00405100
CMP EAX,BYTE +04
JZ
004AA050
XOR EBX,EBX
LEA
EDX,[EBP-0C]
MOV EAX,[ESI+030C]
CALL
00475BD4
MOV EAX,[EBP-0C]
CALL
00405100
CMP EAX,BYTE +04
JZ
004AA06D
XOR EBX,EBX
LEA
EDX,[EBP-10]
MOV EAX,[ESI+0314]
CALL
00475BD4
MOV EAX,[EBP-10]
CALL
00405100
CMP EAX,BYTE +04
JZ
004AA08A
XOR EBX,EBX
LEA
EDX,[EBP-14]
MOV EAX,[ESI+031C]
CALL
00475BD4
MOV EAX,[EBP-14]
CALL
00405100
CMP EAX,BYTE +04
JZ
004AA0A7
XOR EBX,EBX
LEA
EDX,[EBP-18]
MOV EAX,[ESI+0320]
CALL
00475BD4
MOV EAX,[EBP-18]
CALL
00405100
TEST EAX,EAX
JNZ 004AA0C5
//邮件地址不能为空
XOR
EBX,EBX
JMP SHORT 004AA107
LEA
EDX,[EBP-1C]
MOV EAX,[ESI+0320]
CALL
00475BD4
MOV EDX,[EBP-1C]
MOV
EAX,004AA154
CALL 00405444
//是否有“@”
TEST EAX,EAX
JNZ
004AA0E6
XOR EBX,EBX
LEA
EDX,[EBP-20]
MOV EAX,[ESI+0320]
CALL
00475BD4
MOV EDX,[EBP-20]
MOV
EAX,004AA160
CALL 00405444
//是否有“.”
TEST EAX,EAX
JNZ
004AA107
XOR EBX,EBX
MOV
EDX,EBX
MOV EAX,[ESI+032C]
MOV
ECX,[EAX]
CALL NEAR [ECX+64]
MOV
DL,01
MOV EAX,[ESI+033C]
CALL
0043966C
XOR EAX,EAX
POP
EDX
POP ECX
POP ECX
MOV
[FS:EAX],EDX
PUSH DWORD 004AA143
LEA
EAX,[EBP-20]
MOV EDX,08
CALL
00404E64
RET
然后,我们来看看注册算法:
PUSH EBP
MOV EBP,ESP
PUSH
ECX
MOV ECX,04
PUSH BYTE
+00
PUSH BYTE +00
DEC ECX
JNZ
004A4B39
XCHG ECX,[EBP-04]
PUSH
EBX
PUSH ESI
PUSH EDI
MOV
EDI,ECX
MOV EBX,EDX
MOV
[EBP-04],EAX
MOV EAX,[EBP-04]
CALL
004052F0
//取你输入的邮件地址
XOR EAX,EAX
PUSH
EBP
PUSH DWORD 004A4CF4
PUSH DWORD
[FS:EAX]
MOV [FS:EAX],ESP
LEA
EDX,[EBP-14]
MOV EAX,[EBP-04]
CALL
0040A1CC
MOV EDX,[EBP-14]
LEA
EAX,[EBP-04]
CALL 00404ED8
TEST
BL,BL
JZ 004A4B89
MOV DWORD
[0053B770],5D79
JMP SHORT 004A4B93
MOV
DWORD [0053B770],7AB7
LEA EAX,[EBP-0C]
CALL
00404E40
MOV EAX,[EBP-04]
CALL
00405100
//其长度,作为下面循环的次数
MOV ESI,EAX
TEST
ESI,ESI
JNG 004A4BCB
MOV
EAX,FF
CALL 004A4B00
//重要的子运算
MOV EDX,EAX
LEA
EAX,[EBP-18]
CALL 00405028
MOV
EDX,[EBP-18]
LEA EAX,[EBP-0C]
CALL
00405108
DEC ESI
JNZ 004A4BA9
//向上循环
LEA
EAX,[EBP-10]
CALL 00404E40
MOV
EAX,[EBP-04]
CALL 00405100
MOV
ESI,EAX
ADD ESI,ESI
DEC
ESI
TEST ESI,ESI
JNG
004A4C45
MOV EBX,01
MOV
EAX,EBX
//这里的循环是将上面的结果插入到邮件地址中
AND EAX,80000001
JNS
004A4BF7
DEC EAX
OR
EAX,BYTE -02
INC EAX
TEST
EAX,EAX
JNZ 004A4C1F
LEA
EAX,[EBP-1C]
MOV EDX,EBX
SAR
EDX,1
JNS 004A4C07
ADC
EDX,BYTE +00
MOV ECX,[EBP-0C]
MOV
DL,[ECX+EDX]
CALL 00405028
MOV
EDX,[EBP-1C]
LEA EAX,[EBP-10]
CALL
00405108
JMP SHORT 004A4C41
LEA
EAX,[EBP-20]
MOV EDX,EBX
SAR
EDX,1
JNS 004A4C2B
ADC
EDX,BYTE +00
MOV ECX,[EBP-04]
MOV
DL,[ECX+EDX]
CALL 00405028
MOV
EDX,[EBP-20]
LEA EAX,[EBP-10]
CALL
00405108
INC EBX
DEC ESI
JNZ
004A4BE9
//向上循环
XOR EAX,EAX
MOV
[EBP-08],EAX
MOV EAX,[EBP-10]
CALL
00405100
MOV ESI,EAX
TEST ESI,ESI
JNG
004A4C6C
MOV EBX,01
MOV
EAX,[EBP-10]
//EAX中为插入后的结果
MOVZX EAX,BYTE [EAX+EBX-01]
ADD
[EBP-08],EAX //完成累加
INC
EBX
DEC ESI
JNZ
004A4C5D
//向上循环
MOV EAX,[EBP-08]
MOV
[0053B770],EAX
MOV EAX,EDI
CALL
00404E40
MOV EBX,14
MOV EAX,09
//这里开始进行序列号的计算
CALL 004A4B00
LEA
EDX,[EBP-24]
CALL 0040A88C
MOV
EDX,[EBP-24]
MOV EAX,EDI
CALL
00405108
DEC EBX
JNZ 004A4C80
//向上循环19次
MOV
EAX,[EDI]
CALL 00405100
MOV
ESI,EAX
TEST ESI,ESI
JNG
004A4CD1
MOV EBX,01
MOV
EAX,EBX
//插入“-”号
MOV ECX,05
CDQ
IDIV
ECX
TEST EDX,EDX
JNZ
004A4CCD
MOV EDX,EDI
MOV
ECX,EBX
MOV EAX,004A4D0C
CALL
004053E8
INC EBX
DEC ESI
JNZ
004A4CB1
XOR EAX,EAX
POP
EDX
POP ECX
POP
ECX
MOV [FS:EAX],EDX
PUSH DWORD
004A4CFB
LEA EAX,[EBP-24]
MOV
EDX,07
CALL 00404E64
LEA
EAX,[EBP-04]
CALL 00404E40
RET
//返回
一处重要的子运算:
PUSH EBX
PUSH ESI
MOV
EBX,EAX
IMUL ECX,[0053B770],5F11
ADD
ECX,43A0
MOV EAX,ECX
MOV
ESI,7FFF
CDQ
IDIV ESI
MOV
[0053B770],EDX
MOV EAX,ECX
CDQ
IDIV EBX
MOV ECX,EDX
MOV
EAX,ECX
POP ESI
POP
EBX
RET
最后总结:
(1):序列号必须为 20 位,邮件地址必须包含“@”和“.”;
(2):根据邮件地址的长度进行 i 组运算;
(3):将步骤(2)的结果插入到邮件地址中;
(4):根据步骤(3)的结果进行累加;
(5):步骤(4)的结果作为基值,进行 20 组运算;
(6):将步骤(5)的结果连接成为字符串;
(7):将符号“-”每隔 4 位插入到步骤(6)的结果中去。
然后据此写出注册机:
Option Explicit
Private Sub form_Load()
cmdCalc.Enabled = False
End Sub
Private Sub txtUserName_Change()
Dim i As Byte
Dim MailOK As
Byte
For i = 1 To Len(txtUserName.Text)
If
Mid(txtUserName.Text, i, 1) = "@" Or Mid(txtUserName.Text, i, 1) = "."
Then
MailOK = MailOK + 1
End If
If MailOK = 2 Then
cmdCalc.Enabled = True
Else
cmdCalc.Enabled = False
End
If
Next i
End Sub
Private Sub cmdCalc_Click() '序列号计算过程
On Error Resume Next
Dim i As Byte
Dim BaseA As Double
Dim BaseB As
Integer
Dim BaseC As Double
Dim BaseD As Integer
Dim BaseE As Byte
Dim BaseF As Byte
Dim Sum As
Double
Dim AddSum As Double
Dim InsertSum As
Double
Dim SN As String
BaseA = 31415
BaseB = 24337
BaseC =
17312
BaseD = 32767
BaseE = 255
BaseF =
9
For i = 1 To Len(txtUserName.Text)
Sum = BaseA * BaseB + BaseC
BaseA = Sum Mod
BaseD
If i <> 1
Then
InsertSum = InsertSum + Sum Mod
BaseE
End If
AddSum = AddSum + Asc(Mid(txtUserName.Text, i, 1))
Next i
BaseA = InsertSum +
AddSum
For i = 1 To 24
If i Mod 5 = 0
Then
SN = SN & "-"
Else
Sum = BaseA * BaseB + BaseC
BaseA = Sum
Mod BaseD
SN = SN & Chr(Sum Mod BaseF +
48)
End If
Next i
txtSerial =
SN
cmdCalc.Enabled = False
End Sub
注册成功之后,注册信息保存在:
HKEY_CURRENT_USER\Software\MimarSinan\Codex\2.0\Licensing
子键中。
这篇文章我写得很详细,希望初学者朋友能够看懂,并掌握 Crack 的一般思路。
ThE frEE crAckIng GrOup Of ChinA
fengma
于 21:20 03-5-17