管得多 2003 V3.60 　

标题：管得多 2003 V3.60 　
作者：fly
时间：2003/04/30 04:00pm
链接：http://bbs.pediy.com

下载页面： http://www.skycn.com/soft/9373.html
软件大小： 6951 KB
软件语言：简体中文
软件类别：国产软件 / 共享版 / 行政管理
应用平台： Win9x/NT/2000/XP
加入时间： 2003-03-10 10:08:30
下载次数： 9165
推荐等级： ****
开发商： http://lqohero.51.net/

【软件简介】：管得多2003是一款集数据库、文件管理、数据浏览一身的傻瓜式通用型信息管理软件。它用途广泛，操作简便，将信息进行树型目录分类是该软件的一大特色。管理内容可以根据需要自行定义，查询方便快捷，信息输入速度极快。数据分析所见即得。并内置有职工档案管理系统、工资管理系统、学生档案管理系统,学生成绩管理系统、客户关系管理系统、固定资产管理系统、商品信息管理系统、图书管理系统、源程序片断管理系统、文件管理系统等多套系统。

【软件限制】：60次试用

【作者声明】：初学Crack，只是感兴趣，没有其它目的。失误之处敬请诸位大侠赐教！

【破解工具】：TRW2000娃娃修改版、Ollydbg1.09、PEiD、W32Dasm 9.0白金版

—————————————————————————————————
【过程】：

呵呵，想找一款好用的软件来管理我曾经“研究”过的程序的资料，托朋友从天空上寻觅，谁知找了好几个也没有如意的。今天朋友又拿来这个东东给我，顺手CRACK，虽然用不上，也算不枉费朋友的一番功夫呀。^O^^O^

BrightEYE.exe 无壳，Delphi 6.0 编写。如今不加壳的软件少见了。
软件分2个版本：标准版+网络版无任何限制；个人版数据不能超过500行，目录不能超过3层。

这个Delphi的东东用TRW下万能断点，PMODULE返回程序领空后F12七次就到核心了。

用户号：85KA089DJ012SL
试炼码：13572468
—————————————————————————————————
:00606286 E819DCE4FF call 00453EA4
====>来到这里

:0060628B 8B55FC mov edx, dword ptr [ebp-04]
====>EDX=13572468

:0060628E 8BC3 mov eax, ebx
:00606290 E823000000 call 006062B8
====>F10走过这里就出来错误提示了！进入！

:00606295 33C0 xor eax, eax
:00606297 5A pop edx
:00606298 59 pop ecx
:00606299 59 pop ecx
:0060629A 648910 mov dword ptr fs:[eax], edx
:0060629D 68B2626000 push 006062B2

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:006062B0(U)
|
:006062A2 8D45FC lea eax, dword ptr [ebp-04]
:006062A5 E8E2E9DFFF call 00404C8C
:006062AA C3 ret

—————————————————————————————————
进入关键CALL：00606290 call 006062B8

* Referenced by a CALL at Address:
|:00606290
|
:006062B8 55 push ebp
:006062B9 8BEC mov ebp, esp
:006062BB 83C4F0 add esp, FFFFFFF0
:006062BE 53 push ebx
:006062BF 56 push esi
:006062C0 57 push edi
:006062C1 33C9 xor ecx, ecx
:006062C3 894DF0 mov dword ptr [ebp-10], ecx
:006062C6 8955FC mov dword ptr [ebp-04], edx
:006062C9 8B45FC mov eax, dword ptr [ebp-04]
====>EAX=13572468

:006062CC E85BEEDFFF call 0040512C
:006062D1 33C0 xor eax, eax
:006062D3 55 push ebp
:006062D4 686E646000 push 0060646E
:006062D9 64FF30 push dword ptr fs:[eax]
:006062DC 648920 mov dword ptr fs:[eax], esp
:006062DF A104216100 mov eax, dword ptr [00612104]
:006062E4 E8AF9AF7FF call 0057FD98
====>标准版+网络版算法CALL！

:006062E9 8945F4 mov dword ptr [ebp-0C], eax
====>[ebp-0C]=06672F18 注册码的16进制值

:006062EC 33C0 xor eax, eax
:006062EE 55 push ebp
:006062EF 680E636000 push 0060630E
:006062F4 64FF30 push dword ptr fs:[eax]
:006062F7 648920 mov dword ptr fs:[eax], esp
:006062FA 8B45FC mov eax, dword ptr [ebp-04]
====>EAX=13572468 试炼码

:006062FD E8323BE0FF call 00409E34
====>将13572468转化成16进制值表示

:00606302 8BD8 mov ebx, eax
====>EBX=00CF1974（H）=13572468（D）

:00606304 33C0 xor eax, eax
:00606306 5A pop edx
:00606307 59 pop ecx
:00606308 59 pop ecx
:00606309 648910 mov dword ptr fs:[eax], edx
:0060630C EB0D jmp 0060631B
:0060630E E90DE0DFFF jmp 00404320
:00606313 83CBFF or ebx, FFFFFFFF
:00606316 E831E4DFFF call 0040474C

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0060630C(U)
|
:0060631B 33C0 xor eax, eax
:0060631D 8945F8 mov dword ptr [ebp-08], eax
:00606320 8B45FC mov eax, dword ptr [ebp-04]
====>EAX=13572468 试炼码

* Possible StringData Ref from Code Obj ->"liyunhong3398"
|
:00606323 BA84646000 mov edx, 00606484
====>EDX=liyunhong3398 个人版注册码

:00606328 E85BEDDFFF call 00405088
====>比较个人版注册码！

:0060632D 7507 jne 00606336
====>不跳则个人版注册成功！

:0060632F C745F801000000 mov [ebp-08], 00000001

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0060632D(C)
|
:00606336 837DF800 cmp dword ptr [ebp-08], 00000000
:0060633A 7509 jne 00606345
:0060633C 3B5DF4 cmp ebx, dword ptr [ebp-0C]
====>比较标准版+网络版注册码！
====>EBX=00CF1974
====>[ebp-0C]=06672F18

:0060633F 0F8501010000 jne 00606446
====>不跳则标准版+网络版注册成功！

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0060633A(C)
|
:00606345 C745F801000000 mov [ebp-08], 00000001
:0060634C E8DF5CE0FF call 0040C030
:00606351 83C4F8 add esp, FFFFFFF8
:00606354 DD1C24 fstp qword ptr [esp]
:00606357 9B wait
:00606358 8D45F0 lea eax, dword ptr [ebp-10]
:0060635B E8206AE0FF call 0040CD80
:00606360 8B55F0 mov edx, dword ptr [ebp-10]
:00606363 8D45F8 lea eax, dword ptr [ebp-08]
:00606366 E8AD67F7FF call 0057CB18
:0060636B A1D01E6100 mov eax, dword ptr [00611ED0]
:00606370 C70001000000 mov dword ptr [eax], 00000001
:00606376 A1481B6100 mov eax, dword ptr [00611B48]
:0060637B 8B00 mov eax, dword ptr [eax]
:0060637D 8B8014030000 mov eax, dword ptr [eax+00000314]
:00606383 E844E0EBFF call 004C43CC
:00606388 84C0 test al, al
:0060638A 7512 jne 0060639E
:0060638C A1481B6100 mov eax, dword ptr [00611B48]
:00606391 8B00 mov eax, dword ptr [eax]
:00606393 8B8014030000 mov eax, dword ptr [eax+00000314]
:00606399 E8E2DEEBFF call 004C4280

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0060638A(C)
|
:0060639E A1481B6100 mov eax, dword ptr [00611B48]
:006063A3 8B00 mov eax, dword ptr [eax]
:006063A5 8B8014030000 mov eax, dword ptr [eax+00000314]
:006063AB E81405ECFF call 004C68C4
:006063B0 A1481B6100 mov eax, dword ptr [00611B48]
:006063B5 8B00 mov eax, dword ptr [eax]
:006063B7 8B8014030000 mov eax, dword ptr [eax+00000314]
:006063BD E89A08ECFF call 004C6C5C
:006063C2 A1481B6100 mov eax, dword ptr [00611B48]
:006063C7 8B00 mov eax, dword ptr [eax]
:006063C9 8B8014030000 mov eax, dword ptr [eax+00000314]

* Possible StringData Ref from Code Obj ->"cisu"
|
:006063CF BA9C646000 mov edx, 0060649C
:006063D4 E85BF1EBFF call 004C5534
:006063D9 BABFF1FFFF mov edx, FFFFF1BF
:006063DE 8B08 mov ecx, dword ptr [eax]
:006063E0 FF91A8000000 call dword ptr [ecx+000000A8]
:006063E6 A1481B6100 mov eax, dword ptr [00611B48]
:006063EB 8B00 mov eax, dword ptr [eax]
:006063ED 8B8014030000 mov eax, dword ptr [eax+00000314]

* Possible StringData Ref from Code Obj ->"Zuce"
====>保存注册信息！

:006063F3 BAAC646000 mov edx, 006064AC
:006063F8 E837F1EBFF call 004C5534
:006063FD B201 mov dl, 01
:006063FF 8B08 mov ecx, dword ptr [eax]
:00606401 FF9194000000 call dword ptr [ecx+00000094]
:00606407 A1481B6100 mov eax, dword ptr [00611B48]
:0060640C 8B00 mov eax, dword ptr [eax]
:0060640E 8B8014030000 mov eax, dword ptr [eax+00000314]
:00606414 8B10 mov edx, dword ptr [eax]
:00606416 FF9248020000 call dword ptr [edx+00000248]
:0060641C A1481B6100 mov eax, dword ptr [00611B48]
:00606421 8B00 mov eax, dword ptr [eax]
:00606423 8B8014030000 mov eax, dword ptr [eax+00000314]
:00606429 E85EDEEBFF call 004C428C

* Possible StringData Ref from Code Obj ->"注册成功！请重启本软件！"
====>呵呵，胜利女神！

:0060642E B8BC646000 mov eax, 006064BC
:00606433 E88460E4FF call 0044C4BC
:00606438 A1D4216100 mov eax, dword ptr [006121D4]
:0060643D 8B00 mov eax, dword ptr [eax]
:0060643F E8A8AEE6FF call 004712EC
:00606444 EB0A jmp 00606450

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0060633F(C)
|

* Possible StringData Ref from Code Obj ->"无效注册码！"
====>BAD BOY！

:00606446 B8E0646000 mov eax, 006064E0
:0060644B E86C60E4FF call 0044C4BC

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00606444(U)
|
:00606450 33C0 xor eax, eax
:00606452 5A pop edx
:00606453 59 pop ecx
:00606454 59 pop ecx
:00606455 648910 mov dword ptr fs:[eax], edx
:00606458 6875646000 push 00606475

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00606473(U)
|
:0060645D 8D45F0 lea eax, dword ptr [ebp-10]
:00606460 E827E8DFFF call 00404C8C
:00606465 8D45FC lea eax, dword ptr [ebp-04]
:00606468 E81FE8DFFF call 00404C8C
:0060646D C3 ret

—————————————————————————————————
进入算法CALL：006062E4 call 0057FD98

* Referenced by a CALL at Address:
|:006062E4
|
:0057FD98 55 push ebp
:0057FD99 8BEC mov ebp, esp
:0057FD9B 33C9 xor ecx, ecx
:0057FD9D 51 push ecx
:0057FD9E 51 push ecx
:0057FD9F 51 push ecx
:0057FDA0 51 push ecx
:0057FDA1 51 push ecx
:0057FDA2 51 push ecx
:0057FDA3 51 push ecx
:0057FDA4 53 push ebx
:0057FDA5 56 push esi
:0057FDA6 57 push edi
:0057FDA7 8BD8 mov ebx, eax
:0057FDA9 33C0 xor eax, eax
:0057FDAB 55 push ebp
:0057FDAC 68A9005800 push 005800A9
:0057FDB1 64FF30 push dword ptr fs:[eax]
:0057FDB4 648920 mov dword ptr fs:[eax], esp
:0057FDB7 8D45EC lea eax, dword ptr [ebp-14]
:0057FDBA 8B13 mov edx, dword ptr [ebx]
====>EDX=85KA089DJ012SL 用户号

:0057FDBC E8634FE8FF call 00404D24
:0057FDC1 8D45F8 lea eax, dword ptr [ebp-08]
:0057FDC4 E8C34EE8FF call 00404C8C
:0057FDC9 8B45EC mov eax, dword ptr [ebp-14]
:0057FDCC E87351E8FF call 00404F44
====>取用户号长度

:0057FDD1 8BD8 mov ebx, eax
====>EBX=EAX=C

:0057FDD3 85DB test ebx, ebx
:0057FDD5 0F8ED2000000 jle 0057FEAD
:0057FDDB BE01000000 mov esi, 00000001

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0057FEA7(C)
|
:0057FDE0 8D45FC lea eax, dword ptr [ebp-04]
:0057FDE3 50 push eax
:0057FDE4 B901000000 mov ecx, 00000001
:0057FDE9 8BD6 mov edx, esi
:0057FDEB 8B45EC mov eax, dword ptr [ebp-14]
:0057FDEE E8A953E8FF call 0040519C
:0057FDF3 8B45FC mov eax, dword ptr [ebp-04]
:0057FDF6 BAC4005800 mov edx, 005800C4
:0057FDFB E88852E8FF call 00405088
:0057FE00 0F8487000000 je 0057FE8D
:0057FE06 8B45FC mov eax, dword ptr [ebp-04]
:0057FE09 BAD0005800 mov edx, 005800D0
:0057FE0E E87552E8FF call 00405088
:0057FE13 7478 je 0057FE8D
:0057FE15 8B45FC mov eax, dword ptr [ebp-04]
:0057FE18 BADC005800 mov edx, 005800DC
:0057FE1D E86652E8FF call 00405088
:0057FE22 7469 je 0057FE8D
:0057FE24 8B45FC mov eax, dword ptr [ebp-04]
:0057FE27 BAE8005800 mov edx, 005800E8
:0057FE2C E85752E8FF call 00405088
:0057FE31 745A je 0057FE8D
:0057FE33 8B45FC mov eax, dword ptr [ebp-04]
:0057FE36 BAE8005800 mov edx, 005800E8
:0057FE3B E84852E8FF call 00405088
:0057FE40 744B je 0057FE8D
:0057FE42 8B45FC mov eax, dword ptr [ebp-04]
:0057FE45 BAF4005800 mov edx, 005800F4
:0057FE4A E83952E8FF call 00405088
:0057FE4F 743C je 0057FE8D
:0057FE51 8B45FC mov eax, dword ptr [ebp-04]
:0057FE54 BA00015800 mov edx, 00580100
:0057FE59 E82A52E8FF call 00405088
:0057FE5E 742D je 0057FE8D
:0057FE60 8B45FC mov eax, dword ptr [ebp-04]
:0057FE63 BA0C015800 mov edx, 0058010C
:0057FE68 E81B52E8FF call 00405088
:0057FE6D 741E je 0057FE8D
:0057FE6F 8B45FC mov eax, dword ptr [ebp-04]
:0057FE72 BA18015800 mov edx, 00580118
:0057FE77 E80C52E8FF call 00405088
:0057FE7C 740F je 0057FE8D
:0057FE7E 8B45FC mov eax, dword ptr [ebp-04]
:0057FE81 BA24015800 mov edx, 00580124
:0057FE86 E8FD51E8FF call 00405088
:0057FE8B 7518 jne 0057FEA5

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0057FE00(C), :0057FE13(C), :0057FE22(C), :0057FE31(C), :0057FE40(C)
|:0057FE4F(C), :0057FE5E(C), :0057FE6D(C), :0057FE7C(C)
|
:0057FE8D 8D45F8 lea eax, dword ptr [ebp-08]
:0057FE90 8B55FC mov edx, dword ptr [ebp-04]
:0057FE93 E8B450E8FF call 00404F4C
:0057FE98 8B45F8 mov eax, dword ptr [ebp-08]
:0057FE9B E8A450E8FF call 00404F44
:0057FEA0 83F806 cmp eax, 00000006
:0057FEA3 7408 je 0057FEAD

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0057FE8B(C)
|
:0057FEA5 46 inc esi
:0057FEA6 4B dec ebx
:0057FEA7 0F8533FFFFFF jne 0057FDE0
====>呵呵，这循环其实是正序取用户号中大于0的数字！

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0057FDD5(C), :0057FEA3(C)
|
:0057FEAD 837DF800 cmp dword ptr [ebp-08], 00000000
====>[ebp-08]=858912

:0057FEB1 740C je 0057FEBF
:0057FEB3 8B45F8 mov eax, dword ptr [ebp-08]
====>EAX=[ebp-08]=858912

:0057FEB6 E8799FE8FF call 00409E34
====>取858912的16进制值

:0057FEBB 8BF8 mov edi, eax
====>EDI=000D1B20（H）=858912（D）

:0057FEBD EB05 jmp 0057FEC4

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0057FEB1(C)
|
:0057FEBF BFB19C0800 mov edi, 00089CB1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0057FEBD(U)
|
:0057FEC4 8D45FC lea eax, dword ptr [ebp-04]
:0057FEC7 E8C04DE8FF call 00404C8C
:0057FECC 8B45F8 mov eax, dword ptr [ebp-08]
:0057FECF E87050E8FF call 00404F44
:0057FED4 8BD8 mov ebx, eax
:0057FED6 4B dec ebx
:0057FED7 85DB test ebx, ebx
:0057FED9 7C2F jl 0057FF0A
:0057FEDB 43 inc ebx
:0057FEDC 33F6 xor esi, esi

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0057FF08(C)
|
:0057FEDE 8D45E8 lea eax, dword ptr [ebp-18]
:0057FEE1 50 push eax
:0057FEE2 8B45F8 mov eax, dword ptr [ebp-08]
:0057FEE5 E85A50E8FF call 00404F44
:0057FEEA 8BD0 mov edx, eax
:0057FEEC 2BD6 sub edx, esi
:0057FEEE B901000000 mov ecx, 00000001
:0057FEF3 8B45F8 mov eax, dword ptr [ebp-08]
:0057FEF6 E8A152E8FF call 0040519C
:0057FEFB 8B55E8 mov edx, dword ptr [ebp-18]
:0057FEFE 8D45FC lea eax, dword ptr [ebp-04]
:0057FF01 E84650E8FF call 00404F4C
:0057FF06 46 inc esi
:0057FF07 4B dec ebx
:0057FF08 75D4 jne 0057FEDE
====>这个循环把858912倒序排列！

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0057FED9(C)
|
:0057FF0A 8B45FC mov eax, dword ptr [ebp-04]
====>EAX=219858

:0057FF0D E8229FE8FF call 00409E34
====>取219858的16进制值

:0057FF12 8945F0 mov dword ptr [ebp-10], eax
====>[ebp-10]=00035AD2（H）=219858（D）

:0057FF15 8D45F8 lea eax, dword ptr [ebp-08]
:0057FF18 E86F4DE8FF call 00404C8C
:0057FF1D 8B45EC mov eax, dword ptr [ebp-14]
:0057FF20 E81F50E8FF call 00404F44
:0057FF25 8BD8 mov ebx, eax
:0057FF27 85DB test ebx, ebx
:0057FF29 0F8CDA000000 jl 00580009
:0057FF2F 43 inc ebx
:0057FF30 33F6 xor esi, esi

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00580003(C)
|
:0057FF32 8D45FC lea eax, dword ptr [ebp-04]
:0057FF35 50 push eax
:0057FF36 8B45EC mov eax, dword ptr [ebp-14]
:0057FF39 E80650E8FF call 00404F44
:0057FF3E 8BD0 mov edx, eax
:0057FF40 2BD6 sub edx, esi
:0057FF42 B901000000 mov ecx, 00000001
:0057FF47 8B45EC mov eax, dword ptr [ebp-14]
:0057FF4A E84D52E8FF call 0040519C
:0057FF4F 8B45FC mov eax, dword ptr [ebp-04]
:0057FF52 BAC4005800 mov edx, 005800C4
:0057FF57 E82C51E8FF call 00405088
:0057FF5C 0F8487000000 je 0057FFE9
:0057FF62 8B45FC mov eax, dword ptr [ebp-04]
:0057FF65 BAD0005800 mov edx, 005800D0
:0057FF6A E81951E8FF call 00405088
:0057FF6F 7478 je 0057FFE9
:0057FF71 8B45FC mov eax, dword ptr [ebp-04]
:0057FF74 BADC005800 mov edx, 005800DC
:0057FF79 E80A51E8FF call 00405088
:0057FF7E 7469 je 0057FFE9
:0057FF80 8B45FC mov eax, dword ptr [ebp-04]
:0057FF83 BAE8005800 mov edx, 005800E8
:0057FF88 E8FB50E8FF call 00405088
:0057FF8D 745A je 0057FFE9
:0057FF8F 8B45FC mov eax, dword ptr [ebp-04]
:0057FF92 BAE8005800 mov edx, 005800E8
:0057FF97 E8EC50E8FF call 00405088
:0057FF9C 744B je 0057FFE9
:0057FF9E 8B45FC mov eax, dword ptr [ebp-04]
:0057FFA1 BAF4005800 mov edx, 005800F4
:0057FFA6 E8DD50E8FF call 00405088
:0057FFAB 743C je 0057FFE9
:0057FFAD 8B45FC mov eax, dword ptr [ebp-04]
:0057FFB0 BA00015800 mov edx, 00580100
:0057FFB5 E8CE50E8FF call 00405088
:0057FFBA 742D je 0057FFE9
:0057FFBC 8B45FC mov eax, dword ptr [ebp-04]
:0057FFBF BA0C015800 mov edx, 0058010C
:0057FFC4 E8BF50E8FF call 00405088
:0057FFC9 741E je 0057FFE9
:0057FFCB 8B45FC mov eax, dword ptr [ebp-04]
:0057FFCE BA18015800 mov edx, 00580118
:0057FFD3 E8B050E8FF call 00405088
:0057FFD8 740F je 0057FFE9
:0057FFDA 8B45FC mov eax, dword ptr [ebp-04]
:0057FFDD BA24015800 mov edx, 00580124
:0057FFE2 E8A150E8FF call 00405088
:0057FFE7 7518 jne 00580001

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0057FF5C(C), :0057FF6F(C), :0057FF7E(C), :0057FF8D(C), :0057FF9C(C)
|:0057FFAB(C), :0057FFBA(C), :0057FFC9(C), :0057FFD8(C)
|
:0057FFE9 8D45F8 lea eax, dword ptr [ebp-08]
:0057FFEC 8B55FC mov edx, dword ptr [ebp-04]
:0057FFEF E8584FE8FF call 00404F4C
:0057FFF4 8B45F8 mov eax, dword ptr [ebp-08]
:0057FFF7 E8484FE8FF call 00404F44
:0057FFFC 83F806 cmp eax, 00000006
:0057FFFF 7408 je 00580009

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0057FFE7(C)
|
:00580001 46 inc esi
:00580002 4B dec ebx
:00580003 0F8529FFFFFF jne 0057FF32
====>呵呵，这循环其实是倒序取用户号中大于0的数字！

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0057FF29(C), :0057FFFF(C)
|
:00580009 837DF800 cmp dword ptr [ebp-08], 00000000
:0058000D 740D je 0058001C
:0058000F 8B45F8 mov eax, dword ptr [ebp-08]
====>EAX=[ebp-08]=219858

:00580012 E81D9EE8FF call 00409E34
====>取219858的16进制值

:00580017 8945F4 mov dword ptr [ebp-0C], eax
====>[ebp-0C]=00035AD2（H）=219858（D）

:0058001A EB07 jmp 00580023

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0058000D(C)
|
:0058001C C745F4D89B0A00 mov [ebp-0C], 000A9BD8

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0058001A(U)
|
:00580023 8D45FC lea eax, dword ptr [ebp-04]
:00580026 E8614CE8FF call 00404C8C
:0058002B 8B45F8 mov eax, dword ptr [ebp-08]
:0058002E E8114FE8FF call 00404F44
:00580033 8BD8 mov ebx, eax
:00580035 4B dec ebx
:00580036 85DB test ebx, ebx
:00580038 7C2F jl 00580069
:0058003A 43 inc ebx
:0058003B 33F6 xor esi, esi

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00580067(C)
|
:0058003D 8D45E4 lea eax, dword ptr [ebp-1C]
:00580040 50 push eax
:00580041 8B45F8 mov eax, dword ptr [ebp-08]
:00580044 E8FB4EE8FF call 00404F44
:00580049 8BD0 mov edx, eax
:0058004B 2BD6 sub edx, esi
:0058004D B901000000 mov ecx, 00000001
:00580052 8B45F8 mov eax, dword ptr [ebp-08]
:00580055 E84251E8FF call 0040519C
:0058005A 8B55E4 mov edx, dword ptr [ebp-1C]
:0058005D 8D45FC lea eax, dword ptr [ebp-04]
:00580060 E8E74EE8FF call 00404F4C
:00580065 46 inc esi
:00580066 4B dec ebx
:00580067 75D4 jne 0058003D
====>这个循环把219858倒序排列！晕，为什么重复。

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00580038(C)
|
:00580069 8B45FC mov eax, dword ptr [ebp-04]
====>EAX=858921

:0058006C E8C39DE8FF call 00409E34
====>取858912的16进制值=000D1B20

:00580071 6BF779 imul esi, edi, 00000079
====>ESI=000D1B20 * 79=0631D220

:00580074 6B55F40B imul edx, dword ptr [ebp-0C], 0000000B
====>EDX=00035AD2 * 0B=0024E706

:00580078 03F2 add esi, edx
====>ESI=0631D220 + 0024E706=0656B926

:0058007A 0375F0 add esi, dword ptr [ebp-10]
====>ESI=0656B926 + 00035AD2=065A13F8

:0058007D 03F0 add esi, eax
====>ESI=065A13F8 + 000D1B20=06672F18
====>06672F18的10进制值107425560就是我的注册码了！

:0058007F 8BDE mov ebx, esi
:00580081 33C0 xor eax, eax
:00580083 5A pop edx
:00580084 59 pop ecx
:00580085 59 pop ecx
:00580086 648910 mov dword ptr fs:[eax], edx
:00580089 68B0005800 push 005800B0

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005800AE(U)
|
:0058008E 8D45E4 lea eax, dword ptr [ebp-1C]
:00580091 BA03000000 mov edx, 00000003
:00580096 E8154CE8FF call 00404CB0
:0058009B 8D45F8 lea eax, dword ptr [ebp-08]
:0058009E BA02000000 mov edx, 00000002
:005800A3 E8084CE8FF call 00404CB0
:005800A8 C3 ret

—————————————————————————————————
【算法总结】：

一、个人版：注册码固定为liyunhong3398

二、标准版+网络版：算法乍看有点麻烦，其实挺简单。

1、正序取用户号85KA089DJ012SL中大于0的数字：858912（D）=000D1B20（H）
2、倒序取用户号85KA089DJ012SL中大于0的数字：219858（D）=00035AD2（H）
3、000D1B20 * 79=0631D220
4、00035AD2 * 0B=0024E706
5、0631D220 + 0024E706=0656B926
6、0656B926 + 00035AD2 + 000D1B20=06672F18
06672F18的10进制值107425560就是我的注册码了！

—————————————————————————————————
【完美爆破】：

0060633F 0F8501010000 jne 00606446
改为： 909090909090 NOP掉（标准版+网络版）

—————————————————————————————————
【KeyMake之{76th}内存注册机】：

中断地址：006062E9
中断次数：1
第一字节：89
指令长度：3

寄存器方式：EAX
十进制

—————————————————————————————————
【注册信息保存】：

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\ODBC\ODBC.INI\PublicProDataBase]

"UseNumber"=dword:00000002
"Date"="03-4-30"

—————————————————————————————————
【整理】：

用户号：85KA089DJ012SL
注册码：107425560

—————————————————————————————————

, _/
/| _.-~/ \_ , 青春都一饷
( /~ / \~-._ |\
`\\ _/ \ ~\ ) 忍把浮名
_-~~~-.) )__/;;,. \_ //'
/'_,\ --~ \ ~~~- ,;;\___( (.-~~~-. 换了破解轻狂
`~ _( ,_..--\ ( ,;'' / ~-- /._`\
/~~//' /' `~\ ) /--.._, )_ `~
" `~" " `" /~'`\ `\\~~\
" " "~' ""

Cracked By 巢水工作坊——fly [OCN][FCG]

2003-04-30 14:16