五笔打字员2.5

标题：五笔打字员2.5
作者：lordor
时间：2003/07/05 02:23pm
链接：http://bbs.pediy.com

对象：五笔打字员2.5
破解人：lordor[BCG]
目的：初学破解，属技术交流，无其它目的，请不要任意散布或用用商业用途。
工具：wktvbdebuger1.4e,exdec
假设：
机器码：818314132231985
注册码：987654321

前几天在学习破解vb的p-code的程序破解，有所体会，所以公布这篇笔记。
好了，在wktvbdebuger中，在反汇编窗口，右击，选bpx api list,找rtcLeftCharVar函数，并在上面下断，运行注册，断下来了，看一面地址51c39e，好运行反汇篇程序exdec,查找地址51c39e，向上找这一call的第一条

语句，如下：

Proc: 51d0e0

51BCD8: 00 LargeBos
51BCDA: 00 LargeBos
51BCDC: 4b onErrorGoto
51BCDF: 00 LargeBos

好了，可以在wktvbdebuger中在51BCD8处下断，运行如下：

Proc: 51d0e0

51BCD8: 00 LargeBos ＝＝＞不知这个含义
51BCDA: 00 LargeBos
51BCDC: 4b onErrorGoto
51BCDF: 00 LargeBos
51BCE1: f5 LitI4: 0xbb8 3000 (....)
51BCE6: 71 FStR4 local_008C
51BCE9: 00 LargeBos
51BCEB: 27 LitVar_Missing
51BCEE: 0a ImpAdCallFPR4:
51BCF3: 35 FFree1Var local_00B0
51BCF6: 00 LargeBos
51BCF8: 27 LitVar_Missing
51BCFB: 0a ImpAdCallFPR4:
51BD00: 73 FStFPR4
51BD03: f4 LitI2_Byte: 0x18 24 (.)==>装入一个字节值24
51BD05: eb CR8I2 ＝＞数据类型转换为double
51BD06: 6e FLdFPR4
51BD09: b3 MulR8
51BD0A: Lead0/e6 FnIntR8
51BD0C: f4 LitI2_Byte: 0x1 1 (.)
51BD0E: eb CR8I2
51BD0F: ab AddR8
51BD10: e5 CI2R8
51BD11: 70 FStI2 local_0086
51BD14: 35 FFree1Var local_00B0
51BD17: 00 LargeBos
51BD19: 6b FLdI2 local_0086
51BD1C: 70 FStI2 local_00B6
51BD1F: 00 LargeBos
51BD21: 6b FLdI2 local_00B6
51BD24: f4 LitI2_Byte: 0x1 1 (.)
51BD26: c6 EqI2
51BD27: 1c BranchF: 51BD5F==>跳到51BD5F
51BD2A: 00 LargeBos
51BD2C: 6c ILdRf local_008C
51BD2F: 71 FStR4 local_0090
51BD32: 00 LargeBos
51BD34: 6c ILdRf local_008C
51BD37: f5 LitI4: 0x168 360 (...h)
51BD3C: aa AddI4
51BD3D: 71 FStR4 local_0090
51BD40: 00 LargeBos
51BD42: 6c ILdRf local_008C
51BD45: f5 LitI4: 0x2d0 720 (....)
51BD4A: aa AddI4
51BD4B: 71 FStR4 local_0090
51BD4E: 00 LargeBos
51BD50: 6c ILdRf local_008C
51BD53: f5 LitI4: 0x438 1080 (...8)
51BD58: aa AddI4
51BD59: 71 FStR4 local_0090
51BD5C: 1e Branch: 51c31c
51BD5F: 00 LargeBos
51BD61: 6b FLdI2 local_00B6
51BD64: f4 LitI2_Byte: 0x2 2 (.)
51BD66: c6 EqI2 =>与2是否相等
51BD67: 1c BranchF: 51BD9F＝＞跳到51BD9F
51BD6A: 00 LargeBos
51BD6C: 6c ILdRf local_008C
51BD6F: 71 FStR4 local_0090
51BD72: 00 LargeBos
51BD74: 6c ILdRf local_008C
51BD77: f5 LitI4: 0x168 360 (...h)
51BD7C: aa AddI4
51BD7D: 71 FStR4 local_0090
51BD80: 00 LargeBos
51BD82: 6c ILdRf local_008C
51BD85: f5 LitI4: 0x2d0 720 (....)
51BD8A: aa AddI4
51BD8B: 71 FStR4 local_0090
51BD8E: 00 LargeBos
51BD90: 6c ILdRf local_008C
51BD93: f5 LitI4: 0x438 1080 (...8)
51BD98: aa AddI4
51BD99: 71 FStR4 local_0090
51BD9C: 1e Branch: 51c31c
51BD9F: 00 LargeBos
51BDA1: 6b FLdI2 local_00B6
51BDA4: f4 LitI2_Byte: 0x3 3 (.)
51BDA6: c6 EqI2 ＝＞3是否等于8
51BDA7: 1c BranchF: 51BDDF＝＞不等则跳到51BDDF
51BDAA: 00 LargeBos
51BDAC: 6c ILdRf local_008C
51BDAF: 71 FStR4 local_0090
51BDB2: 00 LargeBos
51BDB4: 6c ILdRf local_008C
51BDB7: f5 LitI4: 0x168 360 (...h)
51BDBC: aa AddI4
51BDBD: 71 FStR4 local_0090
51BDC0: 00 LargeBos
51BDC2: 6c ILdRf local_008C
51BDC5: f5 LitI4: 0x2d0 720 (....)
51BDCA: aa AddI4
51BDCB: 71 FStR4 local_0090
51BDCE: 00 LargeBos
51BDD0: 6c ILdRf local_008C
51BDD3: f5 LitI4: 0x438 1080 (...8)
51BDD8: aa AddI4
51BDD9: 71 FStR4 local_0090
51BDDC: 1e Branch: 51c31c
51BDDF: 00 LargeBos
51BDE1: 6b FLdI2 local_00B6
51BDE4: f4 LitI2_Byte: 0x4 4 (.)
51BDE6: c6 EqI2 ＝＞8与4是否等
51BDE7: 1c BranchF: 51BE1F＝＞不等则跳
51BDEA: 00 LargeBos
51BDEC: 6c ILdRf local_008C
51BDEF: 71 FStR4 local_0090
51BDF2: 00 LargeBos
51BDF4: 6c ILdRf local_008C
51BDF7: f5 LitI4: 0x168 360 (...h)
51BDFC: aa AddI4
51BDFD: 71 FStR4 local_0090
51BE00: 00 LargeBos
51BE02: 6c ILdRf local_008C
51BE05: f5 LitI4: 0x2d0 720 (....)
51BE0A: aa AddI4
51BE0B: 71 FStR4 local_0090
51BE0E: 00 LargeBos
51BE10: 6c ILdRf local_008C
51BE13: f5 LitI4: 0x438 1080 (...8)
51BE18: aa AddI4
51BE19: 71 FStR4 local_0090
51BE1C: 1e Branch: 51c31c
51BE1F: 00 LargeBos
51BE21: 6b FLdI2 local_00B6
51BE24: f4 LitI2_Byte: 0x5 5 (.)
51BE26: c6 EqI2 ＝＝＞是否等5
51BE27: 1c BranchF: 51BE5F＝不则跳
51BE2A: 00 LargeBos
51BE2C: 6c ILdRf local_008C
51BE2F: 71 FStR4 local_0090
51BE32: 00 LargeBos
51BE34: 6c ILdRf local_008C
51BE37: f5 LitI4: 0x168 360 (...h)
51BE3C: aa AddI4
51BE3D: 71 FStR4 local_0090
51BE40: 00 LargeBos
51BE42: 6c ILdRf local_008C
51BE45: f5 LitI4: 0x2d0 720 (....)
51BE4A: aa AddI4
51BE4B: 71 FStR4 local_0090
51BE4E: 00 LargeBos
51BE50: 6c ILdRf local_008C
51BE53: f5 LitI4: 0x438 1080 (...8)
51BE58: aa AddI4
51BE59: 71 FStR4 local_0090
51BE5C: 1e Branch: 51c31c
51BE5F: 00 LargeBos
51BE61: 6b FLdI2 local_00B6
51BE64: f4 LitI2_Byte: 0x6 6 (.)
51BE66: c6 EqI2 ＝＞等于6吗
51BE67: 1c BranchF: 51BE9F＝＞否则跳
51BE6A: 00 LargeBos
51BE6C: 6c ILdRf local_008C
51BE6F: 71 FStR4 local_0090
51BE72: 00 LargeBos
51BE74: 6c ILdRf local_008C
51BE77: f5 LitI4: 0x168 360 (...h)
51BE7C: aa AddI4
51BE7D: 71 FStR4 local_0090
51BE80: 00 LargeBos
51BE82: 6c ILdRf local_008C
51BE85: f5 LitI4: 0x2d0 720 (....)
51BE8A: aa AddI4
51BE8B: 71 FStR4 local_0090
51BE8E: 00 LargeBos
51BE90: 6c ILdRf local_008C
51BE93: f5 LitI4: 0x438 1080 (...8)
51BE98: aa AddI4
51BE99: 71 FStR4 local_0090
51BE9C: 1e Branch: 51c31c
51BE9F: 00 LargeBos
51BEA1: 6b FLdI2 local_00B6
51BEA4: f4 LitI2_Byte: 0x7 7 (.)
51BEA6: c6 EqI2 ＝＞7呢
51BEA7: 1c BranchF: 51BEDF＝＞跳
51BEAA: 00 LargeBos
51BEAC: 6c ILdRf local_008C
51BEAF: 71 FStR4 local_0090
51BEB2: 00 LargeBos
51BEB4: 6c ILdRf local_008C
51BEB7: f5 LitI4: 0x168 360 (...h)
51BEBC: aa AddI4
51BEBD: 71 FStR4 local_0090
51BEC0: 00 LargeBos
51BEC2: 6c ILdRf local_008C
51BEC5: f5 LitI4: 0x2d0 720 (....)
51BECA: aa AddI4
51BECB: 71 FStR4 local_0090
51BECE: 00 LargeBos
51BED0: 6c ILdRf local_008C
51BED3: f5 LitI4: 0x438 1080 (...8)
51BED8: aa AddI4
51BED9: 71 FStR4 local_0090
51BEDC: 1e Branch: 51c31c
51BEDF: 00 LargeBos
51BEE1: 6b FLdI2 local_00B6
51BEE4: f4 LitI2_Byte: 0x8 8 (.)
51BEE6: c6 EqI2 ＝＞8呢
51BEE7: 1c BranchF: 51BF1F
51BEEA: 00 LargeBos
51BEEC: 6c ILdRf local_008C
51BEEF: 71 FStR4 local_0090
51BEF2: 00 LargeBos
51BEF4: 6c ILdRf local_008C=>为bb8
51BEF7: f5 LitI4: 0x168 360 (...h)＝＞装入360
51BEFC: aa AddI4 =>相加
51BEFD: 71 FStR4 local_0090
51BF00: 00 LargeBos
51BF02: 6c ILdRf local_008C
51BF05: f5 LitI4: 0x2d0 720 (....)
51BF0A: aa AddI4
51BF0B: 71 FStR4 local_0090
51BF0E: 00 LargeBos
51BF10: 6c ILdRf local_008C
51BF13: f5 LitI4: 0x438 1080 (...8)
51BF18: aa AddI4
51BF19: 71 FStR4 local_0090
51BF1C: 1e Branch: 51c31c＝＞jmp　51c31c
51BF1F: 00 LargeBos
51BF21: 6b FLdI2 local_00B6
51BF24: f4 LitI2_Byte: 0x9 9 (.)
51BF26: c6 EqI2
51BF27: 1c BranchF: 51BF5F
51BF2A: 00 LargeBos
51BF2C: 6c ILdRf local_008C
51BF2F: 71 FStR4 local_0090
51BF32: 00 LargeBos
51BF34: 6c ILdRf local_008C
51BF37: f5 LitI4: 0x168 360 (...h)
51BF3C: aa AddI4
51BF3D: 71 FStR4 local_0090
51BF40: 00 LargeBos
51BF42: 6c ILdRf local_008C
51BF45: f5 LitI4: 0x2d0 720 (....)
51BF4A: aa AddI4
51BF4B: 71 FStR4 local_0090
51BF4E: 00 LargeBos
51BF50: 6c ILdRf local_008C
51BF53: f5 LitI4: 0x438 1080 (...8)
51BF58: aa AddI4
51BF59: 71 FStR4 local_0090
51BF5C: 1e Branch: 51c31c
51BF5F: 00 LargeBos
51BF61: 6b FLdI2 local_00B6
51BF64: f4 LitI2_Byte: 0xa 10 (.)
51BF66: c6 EqI2
51BF67: 1c BranchF: 51BF9F
51BF6A: 00 LargeBos
51BF6C: 6c ILdRf local_008C
51BF6F: 71 FStR4 local_0090
51BF72: 00 LargeBos
51BF74: 6c ILdRf local_008C
51BF77: f5 LitI4: 0x168 360 (...h)
51BF7C: aa AddI4
51BF7D: 71 FStR4 local_0090
51BF80: 00 LargeBos
51BF82: 6c ILdRf local_008C
51BF85: f5 LitI4: 0x2d0 720 (....)
51BF8A: aa AddI4
51BF8B: 71 FStR4 local_0090
51BF8E: 00 LargeBos
51BF90: 6c ILdRf local_008C
51BF93: f5 LitI4: 0x438 1080 (...8)
51BF98: aa AddI4
51BF99: 71 FStR4 local_0090
51BF9C: 1e Branch: 51c31c
51BF9F: 00 LargeBos
51BFA1: 6b FLdI2 local_00B6
51BFA4: f4 LitI2_Byte: 0xb 11 (.)
51BFA6: c6 EqI2
51BFA7: 1c BranchF: 51BFDF
51BFAA: 00 LargeBos
51BFAC: 6c ILdRf local_008C
51BFAF: 71 FStR4 local_0090
51BFB2: 00 LargeBos
51BFB4: 6c ILdRf local_008C
51BFB7: f5 LitI4: 0x168 360 (...h)
51BFBC: aa AddI4
51BFBD: 71 FStR4 local_0090
51BFC0: 00 LargeBos
51BFC2: 6c ILdRf local_008C
51BFC5: f5 LitI4: 0x2d0 720 (....)
51BFCA: aa AddI4
51BFCB: 71 FStR4 local_0090
51BFCE: 00 LargeBos
51BFD0: 6c ILdRf local_008C
51BFD3: f5 LitI4: 0x438 1080 (...8)
51BFD8: aa AddI4
51BFD9: 71 FStR4 local_0090
51BFDC: 1e Branch: 51c31c
51BFDF: 00 LargeBos
51BFE1: 6b FLdI2 local_00B6
51BFE4: f4 LitI2_Byte: 0xc 12 (.)
51BFE6: c6 EqI2
51BFE7: 1c BranchF: 51C01F
51BFEA: 00 LargeBos
51BFEC: 6c ILdRf local_008C
51BFEF: 71 FStR4 local_0090
51BFF2: 00 LargeBos
51BFF4: 6c ILdRf local_008C
51BFF7: f5 LitI4: 0x168 360 (...h)
51BFFC: aa AddI4
51BFFD: 71 FStR4 local_0090
51C000: 00 LargeBos
51C002: 6c ILdRf local_008C
51C005: f5 LitI4: 0x2d0 720 (....)
51C00A: aa AddI4
51C00B: 71 FStR4 local_0090
51C00E: 00 LargeBos
51C010: 6c ILdRf local_008C
51C013: f5 LitI4: 0x438 1080 (...8)
51C018: aa AddI4
51C019: 71 FStR4 local_0090
51C01C: 1e Branch: 51c31c
51C01F: 00 LargeBos
51C021: 6b FLdI2 local_00B6
51C024: f4 LitI2_Byte: 0xd 13 (.)
51C026: c6 EqI2
51C027: 1c BranchF: 51C05F
51C02A: 00 LargeBos
51C02C: 6c ILdRf local_008C
51C02F: 71 FStR4 local_0090
51C032: 00 LargeBos
51C034: 6c ILdRf local_008C
51C037: f5 LitI4: 0x168 360 (...h)
51C03C: aa AddI4
51C03D: 71 FStR4 local_0090
51C040: 00 LargeBos
51C042: 6c ILdRf local_008C
51C045: f5 LitI4: 0x2d0 720 (....)
51C04A: aa AddI4
51C04B: 71 FStR4 local_0090
51C04E: 00 LargeBos
51C050: 6c ILdRf local_008C
51C053: f5 LitI4: 0x438 1080 (...8)
51C058: aa AddI4
51C059: 71 FStR4 local_0090
51C05C: 1e Branch: 51c31c
51C05F: 00 LargeBos
51C061: 6b FLdI2 local_00B6
51C064: f4 LitI2_Byte: 0xe 14 (.)
51C066: c6 EqI2
51C067: 1c BranchF: 51C09F
51C06A: 00 LargeBos
51C06C: 6c ILdRf local_008C
51C06F: 71 FStR4 local_0090
51C072: 00 LargeBos
51C074: 6c ILdRf local_008C
51C077: f5 LitI4: 0x168 360 (...h)
51C07C: aa AddI4
51C07D: 71 FStR4 local_0090
51C080: 00 LargeBos
51C082: 6c ILdRf local_008C
51C085: f5 LitI4: 0x2d0 720 (....)
51C08A: aa AddI4
51C08B: 71 FStR4 local_0090
51C08E: 00 LargeBos
51C090: 6c ILdRf local_008C
51C093: f5 LitI4: 0x438 1080 (...8)
51C098: aa AddI4
51C099: 71 FStR4 local_0090
51C09C: 1e Branch: 51c31c
51C09F: 00 LargeBos
51C0A1: 6b FLdI2 local_00B6
51C0A4: f4 LitI2_Byte: 0xf 15 (.)
51C0A6: c6 EqI2
51C0A7: 1c BranchF: 51C0DF
51C0AA: 00 LargeBos
51C0AC: 6c ILdRf local_008C
51C0AF: 71 FStR4 local_0090
51C0B2: 00 LargeBos
51C0B4: 6c ILdRf local_008C
51C0B7: f5 LitI4: 0x168 360 (...h)
51C0BC: aa AddI4
51C0BD: 71 FStR4 local_0090
51C0C0: 00 LargeBos
51C0C2: 6c ILdRf local_008C
51C0C5: f5 LitI4: 0x2d0 720 (....)
51C0CA: aa AddI4
51C0CB: 71 FStR4 local_0090
51C0CE: 00 LargeBos
51C0D0: 6c ILdRf local_008C
51C0D3: f5 LitI4: 0x438 1080 (...8)
51C0D8: aa AddI4
51C0D9: 71 FStR4 local_0090
51C0DC: 1e Branch: 51c31c
51C0DF: 00 LargeBos
51C0E1: 6b FLdI2 local_00B6
51C0E4: f4 LitI2_Byte: 0x10 16 (.)
51C0E6: c6 EqI2
51C0E7: 1c BranchF: 51C11F
51C0EA: 00 LargeBos
51C0EC: 6c ILdRf local_008C
51C0EF: 71 FStR4 local_0090
51C0F2: 00 LargeBos
51C0F4: 6c ILdRf local_008C
51C0F7: f5 LitI4: 0x168 360 (...h)
51C0FC: aa AddI4
51C0FD: 71 FStR4 local_0090
51C100: 00 LargeBos
51C102: 6c ILdRf local_008C
51C105: f5 LitI4: 0x2d0 720 (....)
51C10A: aa AddI4
51C10B: 71 FStR4 local_0090
51C10E: 00 LargeBos
51C110: 6c ILdRf local_008C
51C113: f5 LitI4: 0x438 1080 (...8)
51C118: aa AddI4
51C119: 71 FStR4 local_0090
51C11C: 1e Branch: 51c31c
51C11F: 00 LargeBos
51C121: 6b FLdI2 local_00B6
51C124: f4 LitI2_Byte: 0x11 17 (.)
51C126: c6 EqI2
51C127: 1c BranchF: 51C15F
51C12A: 00 LargeBos
51C12C: 6c ILdRf local_008C
51C12F: 71 FStR4 local_0090
51C132: 00 LargeBos
51C134: 6c ILdRf local_008C
51C137: f5 LitI4: 0x168 360 (...h)
51C13C: aa AddI4
51C13D: 71 FStR4 local_0090
51C140: 00 LargeBos
51C142: 6c ILdRf local_008C
51C145: f5 LitI4: 0x2d0 720 (....)
51C14A: aa AddI4
51C14B: 71 FStR4 local_0090
51C14E: 00 LargeBos
51C150: 6c ILdRf local_008C
51C153: f5 LitI4: 0x438 1080 (...8)
51C158: aa AddI4
51C159: 71 FStR4 local_0090
51C15C: 1e Branch: 51c31c
51C15F: 00 LargeBos
51C161: 6b FLdI2 local_00B6
51C164: f4 LitI2_Byte: 0x12 18 (.)
51C166: c6 EqI2
51C167: 1c BranchF: 51C19F
51C16A: 00 LargeBos
51C16C: 6c ILdRf local_008C
51C16F: 71 FStR4 local_0090
51C172: 00 LargeBos
51C174: 6c ILdRf local_008C
51C177: f5 LitI4: 0x168 360 (...h)
51C17C: aa AddI4
51C17D: 71 FStR4 local_0090
51C180: 00 LargeBos
51C182: 6c ILdRf local_008C
51C185: f5 LitI4: 0x2d0 720 (....)
51C18A: aa AddI4
51C18B: 71 FStR4 local_0090
51C18E: 00 LargeBos
51C190: 6c ILdRf local_008C
51C193: f5 LitI4: 0x438 1080 (...8)
51C198: aa AddI4
51C199: 71 FStR4 local_0090
51C19C: 1e Branch: 51c31c
51C19F: 00 LargeBos
51C1A1: 6b FLdI2 local_00B6
51C1A4: f4 LitI2_Byte: 0x13 19 (.)
51C1A6: c6 EqI2
51C1A7: 1c BranchF: 51C1DF
51C1AA: 00 LargeBos
51C1AC: 6c ILdRf local_008C
51C1AF: 71 FStR4 local_0090
51C1B2: 00 LargeBos
51C1B4: 6c ILdRf local_008C
51C1B7: f5 LitI4: 0x168 360 (...h)
51C1BC: aa AddI4
51C1BD: 71 FStR4 local_0090
51C1C0: 00 LargeBos
51C1C2: 6c ILdRf local_008C
51C1C5: f5 LitI4: 0x2d0 720 (....)
51C1CA: aa AddI4
51C1CB: 71 FStR4 local_0090
51C1CE: 00 LargeBos
51C1D0: 6c ILdRf local_008C
51C1D3: f5 LitI4: 0x438 1080 (...8)
51C1D8: aa AddI4
51C1D9: 71 FStR4 local_0090
51C1DC: 1e Branch: 51c31c
51C1DF: 00 LargeBos
51C1E1: 6b FLdI2 local_00B6
51C1E4: f4 LitI2_Byte: 0x14 20 (.)
51C1E6: c6 EqI2
51C1E7: 1c BranchF: 51C21F
51C1EA: 00 LargeBos
51C1EC: 6c ILdRf local_008C
51C1EF: 71 FStR4 local_0090
51C1F2: 00 LargeBos
51C1F4: 6c ILdRf local_008C
51C1F7: f5 LitI4: 0x168 360 (...h)
51C1FC: aa AddI4
51C1FD: 71 FStR4 local_0090
51C200: 00 LargeBos
51C202: 6c ILdRf local_008C
51C205: f5 LitI4: 0x2d0 720 (....)
51C20A: aa AddI4
51C20B: 71 FStR4 local_0090
51C20E: 00 LargeBos
51C210: 6c ILdRf local_008C
51C213: f5 LitI4: 0x438 1080 (...8)
51C218: aa AddI4
51C219: 71 FStR4 local_0090
51C21C: 1e Branch: 51c31c
51C21F: 00 LargeBos
51C221: 6b FLdI2 local_00B6
51C224: f4 LitI2_Byte: 0x15 21 (.)
51C226: c6 EqI2
51C227: 1c BranchF: 51C25F
51C22A: 00 LargeBos
51C22C: 6c ILdRf local_008C
51C22F: 71 FStR4 local_0090
51C232: 00 LargeBos
51C234: 6c ILdRf local_008C
51C237: f5 LitI4: 0x168 360 (...h)
51C23C: aa AddI4
51C23D: 71 FStR4 local_0090
51C240: 00 LargeBos
51C242: 6c ILdRf local_008C
51C245: f5 LitI4: 0x2d0 720 (....)
51C24A: aa AddI4
51C24B: 71 FStR4 local_0090
51C24E: 00 LargeBos
51C250: 6c ILdRf local_008C
51C253: f5 LitI4: 0x438 1080 (...8)
51C258: aa AddI4
51C259: 71 FStR4 local_0090
51C25C: 1e Branch: 51c31c
51C25F: 00 LargeBos
51C261: 6b FLdI2 local_00B6
51C264: f4 LitI2_Byte: 0x16 22 (.)
51C266: c6 EqI2
51C267: 1c BranchF: 51C29F
51C26A: 00 LargeBos
51C26C: 6c ILdRf local_008C
51C26F: 71 FStR4 local_0090
51C272: 00 LargeBos
51C274: 6c ILdRf local_008C
51C277: f5 LitI4: 0x168 360 (...h)
51C27C: aa AddI4
51C27D: 71 FStR4 local_0090
51C280: 00 LargeBos
51C282: 6c ILdRf local_008C
51C285: f5 LitI4: 0x2d0 720 (....)
51C28A: aa AddI4
51C28B: 71 FStR4 local_0090
51C28E: 00 LargeBos
51C290: 6c ILdRf local_008C
51C293: f5 LitI4: 0x438 1080 (...8)
51C298: aa AddI4
51C299: 71 FStR4 local_0090
51C29C: 1e Branch: 51c31c
51C29F: 00 LargeBos
51C2A1: 6b FLdI2 local_00B6
51C2A4: f4 LitI2_Byte: 0x17 23 (.)
51C2A6: c6 EqI2
51C2A7: 1c BranchF: 51C2DF

以上为注册码的长度－1，然后与1－23间的值比较，不知有何用，

51C2AA: 00 LargeBos
51C2AC: 6c ILdRf local_008C
51C2AF: 71 FStR4 local_0090
51C2B2: 00 LargeBos
51C2B4: 6c ILdRf local_008C
51C2B7: f5 LitI4: 0x168 360 (...h)
51C2BC: aa AddI4
51C2BD: 71 FStR4 local_0090
51C2C0: 00 LargeBos
51C2C2: 6c ILdRf local_008C
51C2C5: f5 LitI4: 0x2d0 720 (....)
51C2CA: aa AddI4
51C2CB: 71 FStR4 local_0090
51C2CE: 00 LargeBos
51C2D0: 6c ILdRf local_008C
51C2D3: f5 LitI4: 0x438 1080 (...8)
51C2D8: aa AddI4
51C2D9: 71 FStR4 local_0090
51C2DC: 1e Branch: 51c31c
51C2DF: 00 LargeBos
51C2E1: 6b FLdI2 local_00B6
51C2E4: f4 LitI2_Byte: 0x18 24 (.)
51C2E6: c6 EqI2
51C2E7: 1c BranchF: 51C31C
51C2EA: 00 LargeBos
51C2EC: 6c ILdRf local_008C
51C2EF: 71 FStR4 local_0090
51C2F2: 00 LargeBos
51C2F4: 6c ILdRf local_008C
51C2F7: f5 LitI4: 0x168 360 (...h)
51C2FC: aa AddI4
51C2FD: 71 FStR4 local_0090
51C300: 00 LargeBos
51C302: 6c ILdRf local_008C
51C305: f5 LitI4: 0x2d0 720 (....)
51C30A: aa AddI4
51C30B: 71 FStR4 local_0090
51C30E: 00 LargeBos
51C310: 6c ILdRf local_008C
51C313: f5 LitI4: 0x438 1080 (...8)
51C318: aa AddI4
51C319: 71 FStR4 local_0090
51C31C: 00 LargeBos
51C31E: 00 LargeBos
51C320: 04 FLdRfVar local_00D0
51C323: 21 FLdPrThis
51C324: 0f VCallAd menu＝＝＞取text5框中的句柄
51C327: 19 FStAdFunc local_00CC＝＞取得的内容放入到指针中
51C32A: 08 FLdPr local_00CC　＝＞地址内容
51C32D: 0d VCallHresult get__ipropMDIWINDOWMENU
51C332: 6c ILdRf local_00D0＝＞取得text5中的内容，此为41093315
51C335: 50 CI4Str
51C336: f5 LitI4: 0x3fe 1022 (....)＝＞取3fe
51C33B: c0 IDvI4 27308c3（十进制为41093315）除以3fe=9d10
51C33C: Lead0/fe CStrI4 =>转为十进制，此为40208
51C33E: 23 FStStrNoPop local_00D4＝＞保存
51C341: 0b ImpAdCallI2 ＝＞40208反倒即为80204
51C346: 46 CVarStr local_00B0
51C349: Lead1/f6 FStVar
51C34D: 32 FFreeStr
51C354: 1a FFree1Ad local_00CC
51C357: 00 LargeBos
51C359: 04 FLdRfVar local_00D0
51C35C: 21 FLdPrThis
51C35D: 0f VCallAd menu
51C360: 19 FStAdFunc local_00CC
51C363: 08 FLdPr local_00CC
51C366: 0d VCallHresult get__ipropMDIWINDOWMENU
51C36B: 04 FLdRfVar local_00D4
51C36E: 21 FLdPrThis
51C36F: 0f VCallAd menu
51C372: 19 FStAdFunc local_00D8
51C375: 08 FLdPr local_00D8
51C378: 0d VCallHresult get__ipropMDIWINDOWMENU
51C37D: 6c ILdRf local_00D4==>再次取得41093315
51C380: 50 CI4Str
51C381: f5 LitI4: 0x3fe 1022 (....)
51C386: c0 IDvI4 =>41093315除以1022＝
51C387: Lead0/fe CStrI4
51C389: 23 FStStrNoPop local_00DC
51C38C: 0b ImpAdCallI2
51C391: 23 FStStrNoPop local_00E0
51C394: 4a FnLenStr ＝＞取得长度，为5
51C395: 3e FLdZeroAd local_00D0
51C398: 46 CVarStr local_00B0＝＞取得输入的注册码
51C39B: 04 FLdRfVar local_00F0
51C39E: 0a ImpAdCallFPR4: ＝＞取得注册码左边5位数
51C3A3: 04 FLdRfVar local_00F0
51C3A6: 04 FLdRfVar local_00F8
51C3A9: 21 FLdPrThis
51C3AA: 0f VCallAd menu
51C3AD: 19 FStAdFunc local_00F4
51C3B0: 08 FLdPr local_00F4
51C3B3: 0d VCallHresult get__ipropMDIWINDOWMENU
51C3B8: 6c ILdRf local_00F8
51C3BB: 50 CI4Str
51C3BC: f5 LitI4: 0x3fe 1022 (....)
51C3C1: c0 IDvI4
51C3C2: Lead0/fe CStrI4
51C3C4: 23 FStStrNoPop local_00FC
51C3C7: 0b ImpAdCallI2
51C3CC: 46 CVarStr local_010C
51C3CF: 5d HardType
51C3D0: Lead0/33 EqVarBool
51C3D2: 32 FFreeStr
51C3DF: 29 FFreeAd:
51C3E8: 36 FFreeVar
51C3F1: 1c BranchF: 51D0C5＝＞是否跳出错地方
51C3F4: 00 LargeBos
51C3F6: f5 LitI4: 0x7530 30000 (..u0)
51C3FB: 71 FStR4 local_008C

......(省略).........

51CA1A: f5 LitI4: 0x2d0 720 (....)
51CA1F: aa AddI4
51CA20: 71 FStR4 local_0090
51CA23: 00 LargeBos
51CA25: 6c ILdRf local_008C
51CA28: f5 LitI4: 0x438 1080 (...8)
51CA2D: aa AddI4
51CA2E: 71 FStR4 local_0090
51CA31: 00 LargeBos
51CA33: 00 LargeBos
51CA35: 04 FLdRfVar local_00D0
51CA38: 21 FLdPrThis
51CA39: 0f VCallAd menu
51CA3C: 19 FStAdFunc local_00CC
51CA3F: 08 FLdPr local_00CC
51CA42: 0d VCallHresult get__ipropMDIWINDOWMENU
51CA47: 6c ILdRf local_00D0＝＞取得注册码
51CA4A: 0b ImpAdCallI2 ＝＞注册码串反倒
51CA4F: 23 FStStrNoPop local_00D4
51CA52: 1b LitStr: wbregfilename
51CA55: 1b LitStr: wbregfile
51CA58: 1b LitStr: wbreg
51CA5B: 0a ImpAdCallFPR4: 衊帬＝＞写入到注册表中
51CA60: 32 FFreeStr
51CA67: 1a FFree1Ad local_00CC
51CA6A: 00 LargeBos
51CA6C: 27 LitVar_Missing
51CA6F: 27 LitVar_Missing
51CA72: 3a LitVarStr: ( local_0130 )
51CA77: 4e FStVarCopyObj local_00F0
51CA7A: 04 FLdRfVar local_00F0
51CA7D: f5 LitI4: 0x40 64 (...@)
51CA82: 3a LitVarStr: ( local_00A0 )
51CA87: 4e FStVarCopyObj local_00B0
51CA8A: 04 FLdRfVar local_00B0
51CA8D: 0a ImpAdCallFPR4: ＝＞注册成功标志框
51CA92: 36 FFreeVar
51CA9D: 00 LargeBos
51CA9F: 27 LitVar_Missing
51CAA2: 0a ImpAdCallFPR4:
51CAA7: 73 FStFPR4
51CAAA: f4 LitI2_Byte: 0x18 24 (.)
51CAAC: eb CR8I2
51CAAD: 6e FLdFPR4

........(省略)..........

51D0AC: f5 LitI4: 0x2d0 720 (....)
51D0B1: aa AddI4
51D0B2: 71 FStR4 local_0090
51D0B5: 00 LargeBos
51D0B7: 6c ILdRf local_008C
51D0BA: f5 LitI4: 0x438 1080 (...8)
51D0BF: aa AddI4
51D0C0: 71 FStR4 local_0090
51D0C3: 00 LargeBos
51D0C5: 00 LargeBos
51D0C7: 00 LargeBos
51D0C9: 21 FLdPrThis
51D0CA: 0f VCallAd menu
51D0CD: 19 FStAdFunc local_00CC
51D0D0: 08 FLdPr local_00CC
51D0D3: 0d VCallHresult 
51D0D8: 1a FFree1Ad local_00CC
51D0DB: 00 LargeBos
51D0DD: 13 ExitProcHresult ＝＞注册码不正确则直接跳出

此外还还一个暗桩：
用rtcMsg下断，在弹出的注册窗口时，会断到这里，代码如下：

Proc: 50598c

5058D0: f5 LitI4: 0x1 1 (....)
5058D5: 3a LitVarStr: ( local_0094 ) 110
5058DA: 25 PopAdLdVar
5058DB: 1b LitStr: wbregfilename
5058DE: 1b LitStr: wbregfile
5058E1: 1b LitStr: wbreg
5058E4: 0b ImpAdCallI2 衊帬＝＝＝＝＞从注册表中读取注册码
5058E9: 23 FStStrNoPop local_0098
5058EC: 0b ImpAdCallI2
5058F1: 23 FStStrNoPop local_00D0
5058F4: 05 ImpAdLdRf: 526030
5058F7: 28 LitVarI2: ( local_00A8 ) 0x3fe (1022)
5058FC: Lead0/ac IDvVar
505900: Lead1/4b FnCStrVar
505902: 23 FStStrNoPop local_00BC
505905: 0b ImpAdCallI2
50590A: 23 FStStrNoPop local_00C4
50590D: 76 ImpAdLdI4
505910: 50 CI4Str
505911: f5 LitI4: 0x7 7 (....)
505916: c0 IDvI4 ＝＞值除以7
505917: Lead0/fe CStrI4
505919: 23 FStStrNoPop local_00C0
50591C: 0b ImpAdCallI2 ＝＞反转为注册码
505921: 23 FStStrNoPop local_00C8
505924: 2a ConcatStr
505925: 23 FStStrNoPop local_00CC
505928: f5 LitI4: 0x1 1 (....)
50592D: Lead3/fd FnInStr4
50592F: f5 LitI4: 0x1 1 (....)
505934: d1 LtI4
505935: 32 FFreeStr
505946: 1c BranchF: 505988
505949: 04 FLdRfVar local_0098
50594C: f5 LitI4: 0xd3 211 (....)
505951: 05 ImpAdLdRf: 5267dc
505954: 24 NewIfNullPr 40bfe4
505957: 0d VCallHresult 
50595C: 27 LitVar_Missing
50595F: 27 LitVar_Missing
505962: 3a LitVarStr: ( local_0094 )
505967: 4e FStVarCopyObj local_00E0
50596A: 04 FLdRfVar local_00E0
50596D: f5 LitI4: 0x40 64 (...@)
505972: 3e FLdZeroAd local_0098
505975: 46 CVarStr local_00B8
505978: 0a ImpAdCallFPR4:
50597D: 36 FFreeVar
505988: 13 ExitProcHresult

－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－

注册码总结，共为8位，分两部分，左边5位，及右边3位，在输入时先检验左边的5位，如正确则存　注册表中，在运行时，从注册表中取得右边3位进行检验。

左边5位注册码：
走到51c33e时会产生40208，反过来就是注册码左边5位了，即为：08021
右边3位注册码：
走到50591C处会得到。

总结：

机器码：818314132231985
注册码：08021716

注册信息保存在：
[HKEY_CURRENT_USER\Software\VB and VBA Program Settings\wbreg\wbregfile]
"wbregfilename"="61712080"

cracked by lordor[BCG]
03.5.21