软件名称:    SWF探索者XP 1.2(swfexplorer)
软件用途:    SWF探索者，一个日趋完美的Flash动画播放器，闪客和Flash爱好者的绝佳装备。简洁美观的仿XP界面 ，非常直观友好。完整的播放控制，随意缩放，全屏欣赏、“总在最前”，还集成众多实用功能：打开网上Flash动画、 EXE2SWF、播放列表、动画快照、自选片段。本软件与众不同之处——能与Flash动画进行交互。
工具:        TRW2000 1.22 ,fileinfo
日期:        2002.4.14
作者:        pscj@sina.com
####################################################################
用fileinfo查到有upx壳,于是用Procdump脱壳，脱到一半出错，看来自动是不行了，由于手艺差手动脱又不会，只好抄起trw2000了！它和flashget一样，输入后不马上比较，放到注册表里，下次启动时进行比较！

如果只想找到注册码的话用bpx 004b47c7，然后看ebx的值就是注册码，不过要注意里面的字母要转换成小写

(1)。用regqueryvaluea设断
(2)。用s:30:0 l ffffffff '你的用户名'，把找到的再用bpm xxxx r设断
2.用F10来到如下地方
##################################################

0167:004B46FE  LEA      ECX,[EBP-14]
0167:004B4701  XOR      EDX,EDX
0167:004B4703  CALL    004B454C-----------------1 　    [ebp-04]->'SWFExplorer'
0167:004B4708  MOV      EAX,[EBP-04]            
0167:004B470B  CALL    00404A30
0167:004B4710  LEA      ECX,[EBP-18]
0167:004B4713  XOR      EDX,EDX
0167:004B4715  CALL    004B454C------------------2    [ebp-04]->你输的用户名
0167:004B471A  MOV      EAX,[EBP-08]
0167:004B471D  CALL    00404A30
0167:004B4722  MOV      ECX,[EBP+08]
0167:004B4725  XOR      EDX,EDX
0167:004B4727  CALL    004B454C------------------3    [ebp-04]->'Cloud Lee'
0167:004B472C  XOR      EAX,EAX

3次调用004b454c中的函数目的是生成用来计算注册码的用户名
首先它并不是根据你输入的用户名来计算注册码的!
比如你输的用户是pscj,它实际生成的是pscjCloud LeeSWFExplorer1:Plfu6"2-   
天，这么长:(经过分析后得知:最前面的是你输入的用户名，中间的Cloud LeeSWFExplorer1是不变的，最后9位Plfu6"2-是经过上面的3次call计算出来的
###########################################################
以下是call 004B454C的核心部分

0167:004B45B5  MOV      EAX,[EBP-04]
0167:004B45B8  MOV      AL,[EAX+ESI]        ----依次取出每一字符
0167:004B45BB  CMP      AL,20            
0167:004B45BD  JC      NEAR 004B4663        -->20H<AL<7EH才能继续下去,是比较ascii的2最值
0167:004B45C3  CMP      AL,7E
0167:004B45C5  JA      NEAR 004B4663
0167:004B45CB  MOV      EDX,[004BEDD4]        ----004bedd4的初值是01
0167:004B45D1  AND      EDX,1FFFFFFF
0167:004B45D7  MOV      ECX,[004BEDD4]
0167:004B45DD  SHR      ECX,17
0167:004B45E0  AND      ECX,BYTE +1F
0167:004B45E3  XOR      EDX,ECX
0167:004B45E5  MOV      [004BEDD4],EDX        
0167:004B45EB  MOV      [EBP-09],AL
0167:004B45EE  MOV      EAX,[004BEDD4]
0167:004B45F3  MOV      ECX,5F
0167:004B45F8  CDQ   
0167:004B45F9  IDIV    ECX
0167:004B45FB  XOR      EDX,EDX
0167:004B45FD  MOV      DL,[EBP-09]
0167:004B4600  SUB      EDX,BYTE +20
0167:004B4603  SUB      EAX,EDX
0167:004B4605  CALL    004B450C        -------(1) 又一个函数也是用来生成后9位的
0167:004B460A  MOV      EBX,EAX
0167:004B460C  ADD      BL,20            -------bl的值是关键，最后6位由第3次call的bl值组成
0167:004B460F  INC      DWORD [004BEDD8]    -------004BEDD8的初值是64h
0167:004B4615  CMP      DWORD [004BEDD8],07D0
0167:004B461F  JL      004B4628
0167:004B4621  XOR      EAX,EAX
0167:004B4623  MOV      [004BEDD8],EAX        ---------保存到004bedd8中,下一次循环取出
0167:004B4628  MOV      AL,[EBP-09]
0167:004B462B  XOR      AL,BL
0167:004B462D  AND      EAX,FF
0167:004B4632  MOV      EDX,[004BEDD4]
0167:004B4638  ADD      EDX,[004BEDD4]
0167:004B463E  ADD      EAX,EDX
0167:004B4640  ADD      EAX,[004BEDD8]
0167:004B4646  MOV      [004BEDD4],EAX        ---------保存到004bedd4中,下一次循环取出

############################################
(1)处call 004B450C的内容如下

0167:004B450C  CMP      EAX,251C
0167:004B4511  JL      004B451F           
0167:004B4513  SUB      EAX,251C
0167:004B4518  CMP      EAX,251C
0167:004B451D  JNL      004B4513

0167:004B451F  CMP      EAX,03B6
0167:004B4524  JL      004B4532
0167:004B4526  SUB      EAX,03B6
0167:004B452B  CMP      EAX,03B6
0167:004B4530  JNL      004B4526

0167:004B4532  CMP      EAX,BYTE +5F
0167:004B4535  JL      004B453F
0167:004B4537  SUB      EAX,BYTE +5F
0167:004B453A  CMP      EAX,BYTE +5F
0167:004B453D  JNL      004B4537

0167:004B453F  TEST    EAX,EAX
0167:004B4541  JNL      004B454A---->ret
0167:004B4543  ADD      EAX,BYTE +5F
0167:004B4546  TEST    EAX,EAX


3次call每一次都生成与[ebp-04]的字符个数相同的bl值,
第3次[ebp-04]=Cloud Lee生成的9个bl值就是组成实际用户名的最后9位!
那为什么要call3次呢,其实前2次call的目的就是为是给004bedd4和004bedd8不断赋值,给第3次call调用时取出计算最终的bl值!用了这么多口水才刚刚说明怎么生成用于计算注册码的用户名,兄弟们给我倒杯水!我用2天功夫才把这个东东研究彻底，麻烦的还在后头:(
#########################################################
用于生成注册码的部分

0167:004B479B  MOV      ESI,01        
0167:004B47A0  MOV      EDX,[EBP-04]    ------>[ebp-04]=pscjCloud LeeSWFExplorer1:Plfu6"2-
0167:004B47A3  MOV      DL,[EDX+ESI-01]        就是上一步生成的用户名
0167:004B47A7  XOR      DL,BL    ?    
0167:004B47A9  AND      EDX,FF
0167:004B47AF  MOV      EDX,[EDX*4+004BCD48]    ----->关键处!
0167:004B47B6  SHR      EBX,08
0167:004B47B9  AND      EBX,00FFFFFF
0167:004B47BF  XOR      EDX,EBX
0167:004B47C1  MOV      EBX,EDX
0167:004B47C3  INC      ESI
0167:004B47C4  DEC      EAX
0167:004B47C5  JNZ      004B47A0

最后的ebx值就是注册码！本来后面还有一个call是用来把注册码中的英文字母转成小写的！用处不大省去了
[EDX*4+004BCD48]中edx的取值是00-ff,从而计算出地址范围就004BCD48-004BD144,每次都要从这个密码表中取出相应的值赋给edx
密码表见下:
0030:004BCD48 AF AE 29 0F 96 30 07 77-2C 61 0E EE BA 51 09 99 ��).?.w,a.詈Q.?
0030:004BCD58 19 C4 6D 07 8F F4 6A 70-35 A5 63 E9 A3 95 64 9E .膍.忯jp5�c椋昫?
0030:004BCD68 32 88 DB 0E A4 B8 DC 79-1E E9 D5 E0 88 D9 D2 97 2堐.じ躽.檎鄨僖?
0030:004BCD78 2B 4C B6 09 BD 7C B1 7E-07 2D B8 E7 91 1D BF 90 +L?絴眫.-哥?繍
0030:004BCD88 64 10 B7 1D F2 20 B0 6A-48 71 B9 F3 DE 41 BE 84 d.??癹Hq贵轆緞
0030:004BCD98 7D D4 DA 1A EB E4 DD 6D-51 B5 D4 F4 C7 85 D3 83 }在.脘輒Q翟羟呌?
0030:004BCDA8 56 98 6C 13 C0 A8 6B 64-7A F9 62 FD EC C9 65 8A V榣.括kdz鵥�焐e?
0030:004BCDB8 4F 5C 01 14 D9 6C 06 63-63 3D 0F FA F5 0D 08 8D O\..賚.cc=.��..?
0030:004BCDC8 C8 20 6E 3B 5E 10 69 4C-E4 41 60 D5 72 71 67 A2 ?n;^.iL銩`誶qg?
0030:004BCDD8 D1 E4 03 3C 47 D4 04 4B-FD 85 0D D2 6B B5 0A A5 唁.<G?K齾.襨??
0030:004BCDE8 FA A8 B5 35 6C 98 B2 42-D6 C9 BB DB 40 F9 BC AC ��?l槻B稚慧@��?
0030:004BCDF8 E3 6C D8 32 75 5C DF 45-CF 0D D6 DC 59 3D D1 AB 鉲?u\逧?周Y=勋
0030:004BCE08 AC 30 D9 26 3A 00 DE 51-80 51 D7 C8 16 61 D0 BF ??:.轖�Q兹.a锌
0030:004BCE18 B5 F4 B4 21 23 C4 B3 56-99 95 BA CF 0F A5 BD B8 掉?#某V檿合.ソ?
0030:004BCE28 9E B8 02 28 08 88 05 5F-B2 D9 0C C6 24 E9 0B B1 灨.(.?_操.???
0030:004BCE38 87 7C 6F 2F 11 4C 68 58-AB 1D 61 C1 3D 2D 66 B6 噟o/.LhX?a?-f?
0030:004BCE48 90 41 DC 76 06 71 DB 01-BC 20 D2 98 2A 10 D5 EF 怉躹.q??覙*.诊
0030:004BCE58 89 85 B1 71 1F B5 B6 06-A5 E4 BF 9F 33 D4 B8 E8 墔眖.刀.ヤ繜3愿?
0030:004BCE68 A2 C9 07 78 34 F9 00 0F-8E A8 09 96 18 98 0E E1 ⑸.x4?.帹.???
0030:004BCE78 BB 0D 6A 7F 2D 3D 6D 08-97 6C 64 91 01 5C 63 E6 ?j-=m.條d?\c?
0030:004BCE88 F4 51 6B 6B 62 61 6C 1C-D8 30 65 85 4E 00 62 F2 鬛kkbal.?e匩.b?
0030:004BCE98 ED 95 06 6C 7B A5 01 1B-C1 F4 08 82 57 C4 0F F5 頃.l{?.留.俉??
0030:004BCEA8 C6 D9 B0 65 50 E9 B7 12-EA B8 BE 8B 7C 88 B9 FC 瀑癳P榉.旮緥|埞?
0030:004BCEB8 DF 1D DD 62 49 2D DA 15-F3 7C D3 8C 65 4C D4 FB ?輇I-?髚訉eL喳
0030:004BCEC8 58 61 B2 4D CE 51 B5 3A-74 00 BC A3 E2 30 BB D4 Xa睲蜵?t.迹?辉
0030:004BCED8 41 A5 DF 4A D7 95 D8 3D-6D C4 D1 A4 FB F4 D6 D3 AミJ讜?m难��糁?
0030:004BCEE8 6A E9 69 43 FC D9 6E 34-46 88 67 AD D0 B8 60 DA j閕C�賜4F坓�懈`?
0030:004BCEF8 73 2D 04 44 E5 1D 03 33-5F 4C 0A AA C9 7C 0D DD s-.D?.3_L.�蓔.?
0030:004BCF08 3C 71 05 50 AA 41 02 27-10 10 0B BE 86 20 0C C9 <q.P狝.'...締 .?
0030:004BCF18 25 B5 68 57 B3 85 6F 20-09 D4 66 B9 9F E4 61 CE %礹W硡o .詅篃鋋?
0030:004BCF28 0E F9 DE 5E 98 C9 D9 29-22 98 D0 B0 B4 A8 D7 C7 .�轣樕?"樞按ㄗ?
0030:004BCF38 17 3D B3 59 81 0D B4 2E-3B 5C BD B7 AD 6C BA C0 .=砓??;\椒璴豪
0030:004BCF48 20 83 B8 ED B6 B3 BF 9A-0C E2 B6 03 9A D2 B1 74  兏矶晨?舛.氁眛
0030:004BCF58 39 47 D5 EA AF 77 D2 9D-15 26 DB 04 83 16 DC 73 9G贞痺覞.&??躶
0030:004BCF68 12 0B 63 E3 84 3B 64 94-3E 6A 6D 0D A8 5A 6A 7A ..c銊;d?jm.╖jz
0030:004BCF78 0B CF 0E E4 9D FF 09 93-27 AE 00 0A B1 9E 07 7D .?錆�.??.睘.}
0030:004BCF88 44 93 0F F0 D2 A3 08 87-68 F2 01 1E FE C2 06 69 D?鹨?噃?.��.i
0030:004BCF98 5D 57 62 F7 CB 67 65 80-71 36 6C 19 E7 06 6B 6E ]Wb魉ge�q6l.?kn
0030:004BCFA8 76 1B D4 FE E0 2B D3 89-5A 7A DA 10 CC 4A DD 67 v.轧?訅Zz?蘆輌
0030:004BCFB8 6F DF B9 F9 F9 EF BE 8E-43 BE B7 17 D5 8E B0 60 o吖��锞嶤痉.諑癭
0030:004BCFC8 E8 A3 D6 D6 7E 93 D1 A1-C4 C2 D8 38 52 F2 DF 4F 瑁种~撗∧仑8R蜻O
0030:004BCFD8 F1 67 BB D1 67 57 BC A6-DD 06 B5 3F 4B 36 B2 48 駁谎gW鸡??K6睭
0030:004BCFE8 DA 2B 0D D8 4C 1B 0A AF-F6 4A 03 36 60 7A 04 41 ?.豅..�鯦.6`z.A
0030:004BCFF8 C3 EF 60 DF 55 DF 67 A8-EF 8E 6E 31 79 BE 69 46 蔑`遀遟�飵n1y緄F
0030:004BD008 8C B3 61 CB 1A 83 66 BC-A0 D2 6F 25 36 E2 68 52 尦a?僨紶襬%6鈎R
0030:004BD018 95 77 0C CC 03 47 0B BB-B9 16 02 22 2F 26 05 55 晈.?G.还.."/&.U
0030:004BD028 BE 3B BA C5 28 0B BD B2-92 5A B4 2B 04 6A B3 5C ?号(.讲抁?.j砛
0030:004BD038 A7 FF D7 C2 31 CF D0 B5-8B 9E D9 2C 1D AE DE 5B ?茁1闲祴炠,.�轠
0030:004BD048 B0 C2 64 9B 26 F2 63 EC-9C A3 6A 75 0A 93 6D 02 奥d?騝鞙�ju.搈.
0030:004BD058 A9 06 09 9C 3F 36 0E EB-85 67 07 72 13 57 00 05 ?.?6.雲g.r.W..
0030:004BD068 82 4A BF 95 14 7A B8 E2-AE 2B B1 7B 38 1B B6 0C 侸繒.z糕?眥8.?
0030:004BD078 9B 8E D2 92 0D BE D5 E5-B7 EF DC 7C 21 DF DB 0B 泿覓.菊宸镘|!咣.
0030:004BD088 D4 D2 D3 86 42 E2 D4 F1-F8 B3 DD 68 6E 83 DA 1F 砸訂B庠聒齿hn冓.
0030:004BD098 CD 16 BE 81 5B 26 B9 F6-E1 77 B0 6F 77 47 B7 18 ?緛[&滚醱皁wG?
0030:004BD0A8 E6 5A 08 88 70 6A 0F FF-CA 3B 06 66 5C 0B 01 11 鎆.坧j.�?.f\...
0030:004BD0B8 FF 9E 65 8F 69 AE 62 F8-D3 FF 6B 61 45 CF 6C 16 �瀍廼産���kaE蟣.
0030:004BD0C8 78 E2 0A A0 EE D2 0D D7-54 83 04 4E C2 B3 03 39 x?狀?譚?N鲁.9
0030:004BD0D8 61 26 67 A7 F7 16 60 D0-4D 47 69 49 DB 77 6E 3E a&g��.`蠱GiI踳n>
0030:004BD0E8 4A 6A D1 AE DC 5A D6 D9-66 0B DF 40 F0 3B D8 37 Jj旬躗仲f.這??
0030:004BD0F8 53 AE BC A9 C5 9E BB DE-7F CF B2 47 E9 FF B5 30 S�缉艦�?喜G??
0030:004BD108 1C F2 BD BD 8A C2 BA CA-30 93 B3 53 A6 A3 B4 24 .蚪綂潞?摮SΓ?
0030:004BD118 05 36 D0 BA 93 06 D7 CD-29 57 DE 54 BF 67 D9 23 .6泻?淄)W轙縢?
0030:004BD128 2E 7A 66 B3 B8 4A 61 C4-02 1B 68 5D 94 2B 6F 2A .zf掣Ja?.h]?o*
0030:004BD138 37 BE 0B B4 A1 8E 0C C3-1B DF 05 5A 8D EF 02 2D 7?础???Z嶏.-

为了编写注册机,不得不对密码表进行处理，于是操起vb花了一下午功夫写成一个工具!一，终于发现一条真理：破解一点不比编程省事！经过程序处理后，去掉了了左边的地址和右边的adcii码，还有每行中间的横线，然后再高低位取反后就成了程序可以处理的样子，见后面的注册机!
#############################################################################
                QB写的注册机
DECLARE SUB x0 (x AS STRING)
DECLARE FUNCTION x1& (eax AS LONG)
DIM SHARED edx AS LONG
DIM SHARED ebx AS LONG
DIM SHARED eax AS LONG
DIM x AS STRING
DIM temp AS LONG
DIM code(256) AS LONG
DIM SHARED pass AS STRING
DIM pass1 AS STRING
DIM SHARED a4 AS LONG
DIM SHARED a8 AS LONG

CLS
FOR i = 0 TO 255
  READ code(i)
NEXT i

a4 = &H1: a8 = &H64
   
INPUT "user:", x

CALL x0("SWFExplorer")
CALL x0(x)
CALL x0("Cloud Lee")

pass = RIGHT$(pass, 9)
pass = x + "Cloud LeeSWFExplorer1" + pass
PRINT pass
ebx = 0
FOR i = 1 TO LEN(pass)
  edx = ASC(MID$(pass, i, 1))
  edx = edx XOR ebx
  edx = edx AND &HFF
  edx = code(edx)
  ebx = INT(ebx / 2 ^ 8)
  ebx = ebx AND &HFFFFFF
  edx = edx XOR ebx
  ebx = edx
NEXT i

pass = HEX$(edx)

FOR i = 1 TO LEN(pass)
  temp = ASC(MID$(pass, i, 1))
  IF temp >= 65 AND temp <= 90 THEN temp = temp + 32
  pass1 = pass1 + CHR$(temp)
NEXT i
PRINT "sn:"; pass1

DATA &H0F29AEAF,&H77073096,&HEE0E612C,&H990951BA
DATA &H076DC419,&H706AF48F,&HE963A535,&H9E6495A3
DATA &H0EDB8832,&H79DCB8A4,&HE0D5E91E,&H97D2D988
DATA &H09B64C2B,&H7EB17CBD,&HE7B82D07,&H90BF1D91
DATA &H1DB71064,&H6AB020F2,&HF3B97148,&H84BE41DE
DATA &H1ADAD47D,&H6DDDE4EB,&HF4D4B551,&H83D385C7
DATA &H136C9856,&H646BA8C0,&HFD62F97A,&H8A65C9EC
DATA &H14015C4F,&H63066CD9,&HFA0F3D63,&H8D080DF5
DATA &H3B6E20C8,&H4C69105E,&HD56041E4,&HA2677172
DATA &H3C03E4D1,&H4B04D447,&HD20D85FD,&HA50AB56B
DATA &H35B5A8FA,&H42B2986C,&HDBBBC9D6,&HACBCF940
DATA &H32D86CE3,&H45DF5C75,&HDCD60DCF,&HABD13D59
DATA &H26D930AC,&H51DE003A,&HC8D75180,&HBFD06116
DATA &H21B4F4B5,&H56B3C423,&HCFBA9599,&HB8BDA50F
DATA &H2802B89E,&H5F058808,&HC60CD9B2,&HB10BE924
DATA &H2F6F7C87,&H58684C11,&HC1611DAB,&HB6662D3D
DATA &H76DC4190,&H01DB7106,&H98D220BC,&HEFD5102A
DATA &H71B18589,&H06B6B51F,&H9FBFE4A5,&HE8B8D433
DATA &H7807C9A2,&H0F00F934,&H9609A88E,&HE10E9818
DATA &H7F6A0DBB,&H086D3D2D,&H91646C97,&HE6635C01
DATA &H6B6B51F4,&H1C6C6162,&H856530D8,&HF262004E
DATA &H6C0695ED,&H1B01A57B,&H8208F4C1,&HF50FC457
DATA &H65B0D9C6,&H12B7E950,&H8BBEB8EA,&HFCB9887C
DATA &H62DD1DDF,&H15DA2D49,&H8CD37CF3,&HFBD44C65
DATA &H4DB26158,&H3AB551CE,&HA3BC0074,&HD4BB30E2
DATA &H4ADFA541,&H3DD895D7,&HA4D1C46D,&HD3D6F4FB
DATA &H4369E96A,&H346ED9FC,&HAD678846,&HDA60B8D0
DATA &H44042D73,&H33031DE5,&HAA0A4C5F,&HDD0D7CC9
DATA &H5005713C,&H270241AA,&HBE0B1010,&HC90C2086
DATA &H5768B525,&H206F85B3,&HB966D409,&HCE61E49F
DATA &H5EDEF90E,&H29D9C998,&HB0D09822,&HC7D7A8B4
DATA &H59B33D17,&H2EB40D81,&HB7BD5C3B,&HC0BA6CAD
DATA &HEDB88320,&H9ABFB3B6,&H03B6E20C,&H74B1D29A
DATA &HEAD54739,&H9DD277AF,&H04DB2615,&H73DC1683
DATA &HE3630B12,&H94643B84,&H0D6D6A3E,&H7A6A5AA8
DATA &HE40ECF0B,&H9309FF9D,&H0A00AE27,&H7D079EB1
DATA &HF00F9344,&H8708A3D2,&H1E01F268,&H6906C2FE
DATA &HF762575D,&H806567CB,&H196C3671,&H6E6B06E7
DATA &HFED41B76,&H89D32BE0,&H10DA7A5A,&H67DD4ACC
DATA &HF9B9DF6F,&H8EBEEFF9,&H17B7BE43,&H60B08ED5
DATA &HD6D6A3E8,&HA1D1937E,&H38D8C2C4,&H4FDFF252
DATA &HD1BB67F1,&HA6BC5767,&H3FB506DD,&H48B2364B
DATA &HD80D2BDA,&HAF0A1B4C,&H36034AF6,&H41047A60
DATA &HDF60EFC3,&HA867DF55,&H316E8EEF,&H4669BE79
DATA &HCB61B38C,&HBC66831A,&H256FD2A0,&H5268E236
DATA &HCC0C7795,&HBB0B4703,&H220216B9,&H5505262F
DATA &HC5BA3BBE,&HB2BD0B28,&H2BB45A92,&H5CB36A04
DATA &HC2D7FFA7,&HB5D0CF31,&H2CD99E8B,&H5BDEAE1D
DATA &H9B64C2B0,&HEC63F226,&H756AA39C,&H026D930A
DATA &H9C0906A9,&HEB0E363F,&H72076785,&H05005713
DATA &H95BF4A82,&HE2B87A14,&H7BB12BAE,&H0CB61B38
DATA &H92D28E9B,&HE5D5BE0D,&H7CDCEFB7,&H0BDBDF21
DATA &H86D3D2D4,&HF1D4E242,&H68DDB3F8,&H1FDA836E
DATA &H81BE16CD,&HF6B9265B,&H6FB077E1,&H18B74777
DATA &H88085AE6,&HFF0F6A70,&H66063BCA,&H11010B5C
DATA &H8F659EFF,&HF862AE69,&H616BFFD3,&H166CCF45
DATA &HA00AE278,&HD70DD2EE,&H4E048354,&H3903B3C2
DATA &HA7672661,&HD06016F7,&H4969474D,&H3E6E77DB
DATA &HAED16A4A,&HD9D65ADC,&H40DF0B66,&H37D83BF0
DATA &HA9BCAE53,&HDEBB9EC5,&H47B2CF7F,&H30B5FFE9
DATA &HBDBDF21C,&HCABAC28A,&H53B39330,&H24B4A3A6
DATA &HBAD03605,&HCDD70693,&H54DE5729,&H23D967BF
DATA &HB3667A2E,&HC4614AB8,&H5D681B02,&H2A6F2B94
DATA &HB40BBE37,&HC30C8EA1,&H5A05DF1B,&H2D02EF8D
DATA &H0F29AEAF,&H77073096,&HEE0E612C,&H990951BA
DATA &H076DC419,&H706AF48F,&HE963A535,&H9E6495A3
DATA &H0EDB8832,&H79DCB8A4,&HE0D5E91E,&H97D2D988
DATA &H09B64C2B,&H7EB17CBD,&HE7B82D07,&H90BF1D91
DATA &H1DB71064,&H6AB020F2,&HF3B97148,&H84BE41DE
DATA &H1ADAD47D,&H6DDDE4EB,&HF4D4B551,&H83D385C7
DATA &H136C9856,&H646BA8C0,&HFD62F97A,&H8A65C9EC
DATA &H14015C4F,&H63066CD9,&HFA0F3D63,&H8D080DF5
DATA &H3B6E20C8,&H4C69105E,&HD56041E4,&HA2677172
DATA &H3C03E4D1,&H4B04D447,&HD20D85FD,&HA50AB56B
DATA &H35B5A8FA,&H42B2986C,&HDBBBC9D6,&HACBCF940
DATA &H32D86CE3,&H45DF5C75,&HDCD60DCF,&HABD13D59
DATA &H26D930AC,&H51DE003A,&HC8D75180,&HBFD06116
DATA &H21B4F4B5,&H56B3C423,&HCFBA9599,&HB8BDA50F
DATA &H2802B89E,&H5F058808,&HC60CD9B2,&HB10BE924
DATA &H2F6F7C87,&H58684C11,&HC1611DAB,&HB6662D3D
DATA &H76DC4190,&H01DB7106,&H98D220BC,&HEFD5102A
DATA &H71B18589,&H06B6B51F,&H9FBFE4A5,&HE8B8D433
DATA &H7807C9A2,&H0F00F934,&H9609A88E,&HE10E9818
DATA &H7F6A0DBB,&H086D3D2D,&H91646C97,&HE6635C01
DATA &H6B6B51F4,&H1C6C6162,&H856530D8,&HF262004E
DATA &H6C0695ED,&H1B01A57B,&H8208F4C1,&HF50FC457
DATA &H65B0D9C6,&H12B7E950,&H8BBEB8EA,&HFCB9887C
DATA &H62DD1DDF,&H15DA2D49,&H8CD37CF3,&HFBD44C65
DATA &H4DB26158,&H3AB551CE,&HA3BC0074,&HD4BB30E2
DATA &H4ADFA541,&H3DD895D7,&HA4D1C46D,&HD3D6F4FB
DATA &H4369E96A,&H346ED9FC,&HAD678846,&HDA60B8D0
DATA &H44042D73,&H33031DE5,&HAA0A4C5F,&HDD0D7CC9
DATA &H5005713C,&H270241AA,&HBE0B1010,&HC90C2086
DATA &H5768B525,&H206F85B3,&HB966D409,&HCE61E49F
DATA &H5EDEF90E,&H29D9C998,&HB0D09822,&HC7D7A8B4
DATA &H59B33D17,&H2EB40D81,&HB7BD5C3B,&HC0BA6CAD
DATA &HEDB88320,&H9ABFB3B6,&H03B6E20C,&H74B1D29A
DATA &HEAD54739,&H9DD277AF,&H04DB2615,&H73DC1683
DATA &HE3630B12,&H94643B84,&H0D6D6A3E,&H7A6A5AA8
DATA &HE40ECF0B,&H9309FF9D,&H0A00AE27,&H7D079EB1
DATA &HF00F9344,&H8708A3D2,&H1E01F268,&H6906C2FE
DATA &HF762575D,&H806567CB,&H196C3671,&H6E6B06E7
DATA &HFED41B76,&H89D32BE0,&H10DA7A5A,&H67DD4ACC
DATA &HF9B9DF6F,&H8EBEEFF9,&H17B7BE43,&H60B08ED5
DATA &HD6D6A3E8,&HA1D1937E,&H38D8C2C4,&H4FDFF252
DATA &HD1BB67F1,&HA6BC5767,&H3FB506DD,&H48B2364B
DATA &HD80D2BDA,&HAF0A1B4C,&H36034AF6,&H41047A60
DATA &HDF60EFC3,&HA867DF55,&H316E8EEF,&H4669BE79
DATA &HCB61B38C,&HBC66831A,&H256FD2A0,&H5268E236
DATA &HCC0C7795,&HBB0B4703,&H220216B9,&H5505262F
DATA &HC5BA3BBE,&HB2BD0B28,&H2BB45A92,&H5CB36A04
DATA &HC2D7FFA7,&HB5D0CF31,&H2CD99E8B,&H5BDEAE1D
DATA &H9B64C2B0,&HEC63F226,&H756AA39C,&H026D930A
DATA &H9C0906A9,&HEB0E363F,&H72076785,&H05005713
DATA &H95BF4A82,&HE2B87A14,&H7BB12BAE,&H0CB61B38
DATA &H92D28E9B,&HE5D5BE0D,&H7CDCEFB7,&H0BDBDF21
DATA &H86D3D2D4,&HF1D4E242,&H68DDB3F8,&H1FDA836E
DATA &H81BE16CD,&HF6B9265B,&H6FB077E1,&H18B74777
DATA &H88085AE6,&HFF0F6A70,&H66063BCA,&H11010B5C
DATA &H8F659EFF,&HF862AE69,&H616BFFD3,&H166CCF45
DATA &HA00AE278,&HD70DD2EE,&H4E048354,&H3903B3C2
DATA &HA7672661,&HD06016F7,&H4969474D,&H3E6E77DB
DATA &HAED16A4A,&HD9D65ADC,&H40DF0B66,&H37D83BF0
DATA &HA9BCAE53,&HDEBB9EC5,&H47B2CF7F,&H30B5FFE9
DATA &HBDBDF21C,&HCABAC28A,&H53B39330,&H24B4A3A6
DATA &HBAD03605,&HCDD70693,&H54DE5729,&H23D967BF
DATA &HB3667A2E,&HC4614AB8,&H5D681B02,&H2A6F2B94
DATA &HB40BBE37,&HC30C8EA1,&H5A05DF1B,&H2D02EF8D

SUB x0 (x AS STRING)

FOR i = 1 TO LEN(x)
  edx = a4
  edx = edx AND &H1FFFFFFF
  ecx = a4
  ecx = INT(ecx / 2 ^ 23)
  ecx = ecx AND &H1F
  edx = edx XOR ecx
  a4 = edx
  eax = a4
  eax = INT(eax / &H5F)
  edx = ASC(MID$(x, i, 1)) - &H20
  eax = eax - edx
  ebx = x1(eax) + &H20
  pass = pass + CHR$(ebx)
  a8 = a8 + 1

  IF a8 >= &H7D0 THEN
      eax = 0
      d8 = 0
  END IF
  '004b4628
  eax = ASC(MID$(x, i, 1))
  eax = eax XOR ebx
  eax = eax AND &HFF
  edx = a4 * 2
  eax = eax + edx
  eax = eax + a8
  a4 = eax
NEXT i


END SUB

FUNCTION x1& (eax AS LONG)

DO WHILE eax >= &H251C
  eax = eax - &H251C
LOOP

DO WHILE eax >= &H3B6
  eax = eax - &H3B6
LOOP

DO WHILE eax >= &H5F
  eax = eax - &H5F
LOOP

DO WHILE eax < 0
  eax = eax + &H5F
LOOP
x1 = eax

END FUNCTION

全文完!退场时请拿好自己物品，并唤醒身旁熟睡的人！呵呵
第一次写破文，还请各位兄弟多多指教！还有什么不明与我联系pscj@sina.com

1.TRW2000 DD,DB,DW >file这样就得到了密码原始文件。
2.如果这样得到的文件不能用，就用EditPlus的键盘宏功能处理一下。

经过这两步，再复杂的表格基本上也能搞定了！