GaitCD

标题：GaitCD破解全过程(installshield) (3千字)
作者：BurSH
时间：2004-01-29 17:09:18
链接：http://bbs.pediy.com

软件名称 : GaitCD

软件介绍：标题：[求助]谁会算serial???   内容:"有盘CD,SERIAL丢了,现在公司也关了,谁会算SERIAL,      谢谢。。。 "

   So,我只是帮忙,也不知道这个软件是作什么的?:P

网址:http://www.google.com

破解人:BurSH (于2004.1.29)
所属组织:FCG-CCG-BCG-OCN-DFCG
破解工具:isDcc 2.10

⑴ 用isDcc 2.10 反编译installshield 脚本setup.ins

⑵查找字符Serial,来到这里:

label11: //Ref: 000F99  001040  001079
000FB0:00B5:         function105();------------------->调用function105()
000FB8:0021:         lNumber0 = LAST_RESULT;---------->lNumber0=返回值
000FC0:0128:         lNumber1 = lNumber0 = 12;-------->lNumber0是否等于12?
000FD2:0022:         if (lNumber1 = 0) then----------->不相等就跳到下面,提示出错!!(0=False,1=True)
                         goto label12;
                     endif;
000FE0:002C:         goto label10;-------------------->否则继续安装!!

label12: //Ref: 000FD2  ------------------------------>说明是从000FD2来的,就在上面.....
000FE9:0128:         lNumber1 = lNumber0 = 0;
000FFB:0022:         if (lNumber1 = 0) then
                         goto label13;
                     endif;
001009:002A:         MessageBox("Serial number is incorrect. Check and retype.", -65534);
001040:002C:         goto label11;

⑶来到function105()......

label11: //Ref: 000F99  001040  001079
000FB0:00B5:         function105();
000FB8:0021:         lNumber0 = LAST_RESULT;
000FC0:0128:         lNumber1 = lNumber0 = 12;
000FD2:0022:         if (lNumber1 = 0) then
                         goto label12;
                     endif;
000FE0:002C:         goto label10;

    // ------------- FUNCTION function105 --------------
    function function105()
        number lNumber0;
        number lNumber1;
        string lString0;
        string lString1;
        string lString2;
    begin
001BCD:0013:         string5 = "";
001BD5:0013:         string6 = "";
001BDD:0013:         lString0 = "";
001BE5:0013:         lString1 = "";
001BED:0013:         lString2 = "7907-8206-5207";--------------------------------->这串字符像什么?!
001C03:00B5:         function1(lString0, lString1, string5, string6, string7);---->经过分析function1是用来读取姓名(string5),公司(string6),序列号(string7)的
001C1A:0021:         lNumber0 = LAST_RESULT;-------------------------------------->lNumber0=返回值
001C22:0128:         lNumber1 = lNumber0 = 12;------------------------------------>lNumber0是否等于12?
001C34:0022:         if (lNumber1 = 0) then
                         goto label46;
                     endif;
001C42:0021:         lNumber0 = 12;
001C4C:002C:         goto label48;

label46: //Ref: 001C34
001C55:0128:         lNumber1 = lNumber0 = 1;
001C67:0022:         if (lNumber1 = 0) then
                         goto label48;
                     endif;
001C75:0023:         StrCompare(lString2, string7);-------------------------------->字符串比较!lString2就是上面001BED赋值的字符串!而string7就是我们输入的序列号!
001C7D:0021:         lNumber1 = LAST_RESULT;--------------------------------------->lNumber1=返回值
001C85:0128:         lNumber1 = lNumber1 = 0;
001C97:0022:         if (lNumber1 = 0) then
                         goto label47;
                     endif;
001CA5:0021:         lNumber0 = 1;001CAF:002C:         goto label48;

label47: //Ref: 001C97
001CB8:0021:         lNumber0 = 0;
label48: //Ref: 001C4C  001C67  001CAF
001CC6:012F:         return(lNumber0);
001CCD:00B8:         return;
    end;

⑶所以得出结论,function105的作用是得到并比较我们输入的序列号的合法性!正确的序列号是7907-8206-5207!