2.DaBriSoft 软件公司出品的系列桥牌教学软件
① 花色定约的坐庄打法 1.1
http://www.dabrisoft.dk/download-uk/Suit.exe[1150K]
以上三个软件均由VB3编制,是为提高坐庄水平而设计的,包括不同难度级别的165副牌,未注册时可玩15副。
--------------------------------------------------------------
用Dodi的VB3 decompiler将suit.exe反汇编之后,在REG.BAS看到如下的注册码判断。显然,suit.exe通过文件c:\input.dat和c:\windows\system\dptkey.exe和c:\windows\system\dptwkey.exe进行通信,由这两个exe根据生成与机器相关的序列号存放在文件c:\output.dat中,并对注册码进行判断,如果注册码正确它们就会建一个名为c:\success的目录,否则就建一个c:\wrong目录。而suit.exe只用这两个目录作为注册码正确与否的依据。
Open gv1D10 + ":\input.data" For Output As l001E
Print #l001E, Reg.adgang
Close #l001E
l0022% = 282
l0022% = Shell(gv1D14 + "dptreg.exe /" + gv1D14 + "dptwkey.EXE", 1)
While extfn00DB(l0022%) > 0
l0024% = DoEvents()
Wend
If Dir(gv1D10 + ":\wrong") <> "" Then
MsgBox "The access code you have typed is wrong - try again.",
48, "Information"
GoTo L3C528
End If
If Dir(gv1D10 + ":\success") = "" Then
MsgBox "An unknown error has occured - try again. Your harddisk
may be in a bad condition.", 48, "Information"
GoTo L3C528
End If
If Dir(gv1D10 + ":\success") <> "" Then
MsgBox "The access code has been accepted and the program is
being exited. When you start the program again, it will be updated to the
full version.", 48, "Information"
sub071A
Unload Reg
Unload Spil
End
End If
以上只是输入注册码之后的判断,因为将dptreg.exe修改一下让它始终只建立c:\success目录,则虽能通过输入注册码后的检查,但下次suit.exe启动时还是demo版本。可见启动时的判断不同。
查找启动时显示的“Demo Vesion”字符串,发现是在Pral.FRM中,相应地在Pral.bas中有如下的程序段:
Sub Form_Load ()
sub070E
If gv1CE0 = 1 Then Spil.mnureg.Enabled = False
gv1CF0 = 3
If gv1CE0 = 1 Then gv1CF0 = 33
If gv1CE0 = 1 Then
Pral.Label2.Visible = False
Pral.Label7.Visible = False
Pral.Label8.Visible = False
End If
..........
End Sub
很显然gv1CE0是个全局标志(gv=Global Variable),表示注册与否。若gv1CE0为1,则Help菜单不显示Registration
and Purchase,启动时不显示“Demo version”,且每个级别有33个牌局可玩。
查找gv1CE0,看它是在哪里被赋值的。在MODULE1.BAS中看到,它启动时是调用“dptwkey.exe /3”来判断是否已经注册,生成文件c:\XMQRPT.DAT,如果已注册的话则该文件的第一行的前两个字符是“00”。
Sub sub070E ()
Dim l0BF4 As Integer
Dim l0BF6 As Integer
Dim l0BF8 As Variant
gv1CE0 = 0
l0BF8 = FreeFile
gv1D10 = String$(145, Chr$(0))
gv1D10 = Left$(gv1D10, extfn00AE(gv1D10, Len(gv1D10)))
gv1D10 = Left$(gv1D10, 1)
gv1D14 = String$(145, Chr$(0))
gv1D14 = Left$(gv1D14, extfn00C5(gv1D14, Len(gv1D14)))
If Right$(gv1D14, 1) <> "\" Then gv1D14 = gv1D14 + "\"
sub071A
l0BF4% = 282
l0BF4% = Shell(gv1D14 + "dptwkey.EXE /3", 1)
While extfn00DB(l0BF4%) > 0
l0BF6% = DoEvents()
Wend
Open gv1D10 + ":\XMQRPT.DAT" For Input As l0BF8
Line Input #l0BF8, gv19D4$
If (Left$(gv19D4$, 2) = "07") Then
MsgBox "The program is installed on another computer. A registered
program cannot be copied.", 48, "Information"
Unload Spil
End
End If
If (Left$(gv19D4$, 2) = "00") Then gv1CE0 = 1
Close l0BF8
sub071A
End Sub
经过上面的分析,最终得到破解方法如下:
1、将suit.exe中的“XMQRPT.DAT”改成“123456.dat”。该文件中共有4个“XMQRPT.DAT”,只改第一处即可。
3、建立一个文本文件c:\123456.dat,只要其第一行的前两个字符为“00”即可。
dptreg.exe和dptwkey.exe是两个小文件,且不是VB3的。有兴趣的可研究一下这两个东西写个注册机(bpint 21 if ah=xx)。
其它两个Vb3的估计与此类似。
blowfish 2001/01/13
- 标 题:桥牌程序Suit.exe的破解 (3千字)
- 作 者:blowfish
- 时 间:2001-1-13 20:20:34
- 链 接:http://bbs.pediy.com