• 桥牌程序
  • 标 题:桥牌程序Suit.exe的破解 (3千字)
  • 作 者:blowfish
  • 时 间:2001-1-13 20:20:34
  • 链 接:http://bbs.pediy.com

2.DaBriSoft 软件公司出品的系列桥牌教学软件
① 花色定约的坐庄打法 1.1
http://www.dabrisoft.dk/download-uk/Suit.exe[1150K]
以上三个软件均由VB3编制,是为提高坐庄水平而设计的,包括不同难度级别的165副牌,未注册时可玩15副。
--------------------------------------------------------------

用Dodi的VB3 decompiler将suit.exe反汇编之后,在REG.BAS看到如下的注册码判断。显然,suit.exe通过文件c:\input.dat和c:\windows\system\dptkey.exe和c:\windows\system\dptwkey.exe进行通信,由这两个exe根据生成与机器相关的序列号存放在文件c:\output.dat中,并对注册码进行判断,如果注册码正确它们就会建一个名为c:\success的目录,否则就建一个c:\wrong目录。而suit.exe只用这两个目录作为注册码正确与否的依据。

Open gv1D10 + ":\input.data" For Output As l001E
Print #l001E, Reg.adgang
Close #l001E
l0022% = 282
l0022% = Shell(gv1D14 + "dptreg.exe /" + gv1D14 + "dptwkey.EXE", 1)
While extfn00DB(l0022%) > 0
    l0024% = DoEvents()
Wend
If  Dir(gv1D10 + ":\wrong") <> "" Then
    MsgBox "The access code you have typed is wrong - try again.", 48, "Information"
    GoTo L3C528
End If
If  Dir(gv1D10 + ":\success") = "" Then
    MsgBox "An unknown error has occured - try again. Your harddisk may be in a bad condition.", 48, "Information"
    GoTo L3C528
End If
If  Dir(gv1D10 + ":\success") <> "" Then
    MsgBox "The access code has been accepted and the program is being exited. When you start the program again, it will be updated to the full version.", 48, "Information"
    sub071A
    Unload Reg
    Unload Spil
    End
End If

以上只是输入注册码之后的判断,因为将dptreg.exe修改一下让它始终只建立c:\success目录,则虽能通过输入注册码后的检查,但下次suit.exe启动时还是demo版本。可见启动时的判断不同。

查找启动时显示的“Demo Vesion”字符串,发现是在Pral.FRM中,相应地在Pral.bas中有如下的程序段:

Sub Form_Load ()
sub070E
If  gv1CE0 = 1 Then Spil.mnureg.Enabled = False
gv1CF0 = 3
If  gv1CE0 = 1 Then gv1CF0 = 33
If  gv1CE0 = 1 Then
    Pral.Label2.Visible = False
    Pral.Label7.Visible = False
    Pral.Label8.Visible = False
End If
..........
End Sub

很显然gv1CE0是个全局标志(gv=Global Variable),表示注册与否。若gv1CE0为1,则Help菜单不显示Registration and Purchase,启动时不显示“Demo version”,且每个级别有33个牌局可玩。

查找gv1CE0,看它是在哪里被赋值的。在MODULE1.BAS中看到,它启动时是调用“dptwkey.exe /3”来判断是否已经注册,生成文件c:\XMQRPT.DAT,如果已注册的话则该文件的第一行的前两个字符是“00”。

Sub sub070E ()
Dim l0BF4 As Integer
Dim l0BF6 As Integer
Dim l0BF8 As Variant
gv1CE0 = 0
l0BF8 = FreeFile
gv1D10 = String$(145, Chr$(0))
gv1D10 = Left$(gv1D10, extfn00AE(gv1D10, Len(gv1D10)))
gv1D10 = Left$(gv1D10, 1)
gv1D14 = String$(145, Chr$(0))
gv1D14 = Left$(gv1D14, extfn00C5(gv1D14, Len(gv1D14)))
If  Right$(gv1D14, 1) <> "\" Then gv1D14 = gv1D14 + "\"
sub071A
l0BF4% = 282
l0BF4% = Shell(gv1D14 + "dptwkey.EXE /3", 1)
While extfn00DB(l0BF4%) > 0
    l0BF6% = DoEvents()
Wend
Open gv1D10 + ":\XMQRPT.DAT" For Input As l0BF8
Line Input #l0BF8, gv19D4$
If  (Left$(gv19D4$, 2) = "07") Then
    MsgBox "The program is installed on another computer. A registered program cannot be copied.", 48, "Information"
    Unload Spil
    End
End If
If  (Left$(gv19D4$, 2) = "00") Then gv1CE0 = 1
Close l0BF8
sub071A
End Sub

经过上面的分析,最终得到破解方法如下:
1、将suit.exe中的“XMQRPT.DAT”改成“123456.dat”。该文件中共有4个“XMQRPT.DAT”,只改第一处即可。
3、建立一个文本文件c:\123456.dat,只要其第一行的前两个字符为“00”即可。

dptreg.exe和dptwkey.exe是两个小文件,且不是VB3的。有兴趣的可研究一下这两个东西写个注册机(bpint 21 if ah=xx)。
其它两个Vb3的估计与此类似。

blowfish 2001/01/13