六合软件

标题：六合软件
作者：独孤求胜
时间：2003/08/21 08:19pm
链接：http://bbs.pediy.com

软件下载地址：http://myweb.hinet.net/home5/biga/HK6A0723.zip
软件大小： 1450 KB
软件语言：中文
软件类别：共享版
应用平台：？？？
【软件简介】：六合软件
【软件限制】：NAG +功能限制

【作者声明】：初学Crack，只是感兴趣，没有其它目的。失误之处敬请诸位大侠赐教！

【破解工具】：Ollydbg，TRW2000
------------------------------------------
【过程】：第一个试练码12345-67890-ABCDE-FGHIJ
004ADC29 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] //EAX=SS:[EBP-14]=12345
004ADC2C |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004ADC2F |. E8 44AEF5FF CALL ⑾せ.00408A78SS:[
004ADC34 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004ADC37 |. B9 02000000 MOV ECX,2
004ADC3C |. BA 01000000 MOV EDX,1
004ADC41 |. E8 5A6FF5FF CALL ⑾せ.00404BA0
004ADC46 |. FF75 F4 PUSH DWORD PTR SS:[EBP-C] //取12345前两位12
004ADC49 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
004ADC4C |. 50 PUSH EAX
004ADC4D |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
004ADC50 |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
004ADC56 |. E8 F942F9FF CALL ⑾せ.00441F54DS:[
004ADC5B |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] //EAX=SS:[EBP-20]=67890
004ADC5E |. 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
004ADC61 |. E8 12AEF5FF CALL ⑾せ.00408A78SS:[
004ADC66 |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C] //EAX=SS:[EBP-1C]=67890
004ADC69 |. B9 01000000 MOV ECX,1
004ADC6E |. BA 05000000 MOV EDX,5
004ADC73 |. E8 286FF5FF CALL ⑾せ.00404BA0
004ADC78 |. FF75 E8 PUSH DWORD PTR SS:[EBP-18]
004ADC7B |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004ADC7E |. 50 PUSH EAX
004ADC7F |. 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
004ADC82 |. 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304]
004ADC88 |. E8 C742F9FF CALL ⑾せ.00441F54DS:[
004ADC8D |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C] //EAX=SS:[EBP-2C]=ABCDE
004ADC90 |. 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
004ADC93 |. E8 E0ADF5FF CALL ⑾せ.00408A78SS:[
004ADC98 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] //EAX=SS:[EBP-28]=ABCDE
004ADC9B |. B9 01000000 MOV ECX,1
004ADCA0 |. BA 01000000 MOV EDX,1
004ADCA5 |. E8 F66EF5FF CALL ⑾せ.00404BA0
004ADCAA |. FF75 DC PUSH DWORD PTR SS:[EBP-24]
004ADCAD |. 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
004ADCB0 |. 50 PUSH EAX
004ADCB1 |. 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
004ADCB4 |. 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308]
004ADCBA |. E8 9542F9FF CALL ⑾せ.00441F54DS:[
004ADCBF |. 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]//EAX=SS:[EBP-38]=FGHIJ
004ADCC2 |. 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
004ADCC5 |. E8 AEADF5FF CALL ⑾せ.00408A78SS:[
004ADCCA |. 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34]//EAX=SS:[EBP-34]=FGHIJ
004ADCCD |. B9 02000000 MOV ECX,2
004ADCD2 |. BA 04000000 MOV EDX,4
004ADCD7 |. E8 C46EF5FF CALL ⑾せ.00404BA0
004ADCDC |. FF75 D0 PUSH DWORD PTR SS:[EBP-30] //SS:[EBP-30]=ij
004ADCDF |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004ADCE2 |. BA 04000000 MOV EDX,4
004ADCE7 |. E8 1C6DF5FF CALL ⑾せ.00404A08
004ADCEC |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004ADCEF |. 50 PUSH EAX
004ADCF0 |. 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
004ADCF3 |. 8B83 F0020000 MOV EAX,DWORD PTR DS:[EBX+2F0]
004ADCF9 |. E8 5642F9FF CALL ⑾せ.00441F54DS:[
004ADCFE |. 8B45 BC MOV EAX,DWORD PTR SS:[EBP-44] //EAX=SS:[EBP-44]=12345
004ADD01 |. 8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40]
004ADD04 |. E8 6FADF5FF CALL ⑾せ.00408A78SS:[
004ADD09 |. 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40]//EAX=SS:[EBP-40]=12345
004ADD0C |. B9 03000000 MOV ECX,3
004ADD11 |. BA 03000000 MOV EDX,3
004ADD16 |. E8 856EF5FF CALL ⑾せ.00404BA0
004ADD1B |. FF75 C4 PUSH DWORD PTR SS:[EBP-3C] //SS:[EBP-3C]=345入栈
004ADD1E |. 68 F0E14A00 PUSH ⑾せ.004AE1F0[EBP
004ADD23 |. 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48]
004ADD26 |. 50 PUSH EAX
004ADD27 |. 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
004ADD2A |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
004ADD30 |. E8 1F42F9FF CALL ⑾せ.00441F54DS:[
004ADD35 |. 8B45 B0 MOV EAX,DWORD PTR SS:[EBP-50]//EAX=SS:[EBP-50]=67890
004ADD38 |. 8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C]
004ADD3B |. E8 38ADF5FF CALL ⑾せ.00408A78SS:[
004ADD40 |. 8B45 B4 MOV EAX,DWORD PTR SS:[EBP-4C]//EAX=SS:[EBP-4C]=67890
004ADD43 |. B9 04000000 MOV ECX,4
004ADD48 |. BA 01000000 MOV EDX,1
004ADD4D |. E8 4E6EF5FF CALL ⑾せ.00404BA0
004ADD52 |. FF75 B8 PUSH DWORD PTR SS:[EBP-48]//SS:[EBP-48]=6789入栈
004ADD55 |. B8 044B5100 MOV EAX,⑾せ.00514B04P-48
004ADD5A |. BA 03000000 MOV EDX,3
004ADD5F |. E8 A46CF5FF CALL ⑾せ.00404A08
004ADD64 |. 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
004ADD67 |. 50 PUSH EAX
004ADD68 |. 8D55 A4 LEA EDX,DWORD PTR SS:[EBP-5C]
004ADD6B |. 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304]
004ADD71 |. E8 DE41F9FF CALL ⑾せ.00441F54DS:[
004ADD76 |. 8B45 A4 MOV EAX,DWORD PTR SS:[EBP-5C]//EAX=SS:[EBP-5C]=ABCDE
004ADD79 |. 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-58]
004ADD7C |. E8 F7ACF5FF CALL ⑾せ.00408A78SS:[
004ADD81 |. 8B45 A8 MOV EAX,DWORD PTR SS:[EBP-58]//EAX=SS:[EBP-58]=ABCDE
004ADD84 |. B9 03000000 MOV ECX,3 //ECX=3
004ADD89 |. BA 02000000 MOV EDX,2
004ADD8E |. E8 0D6EF5FF CALL ⑾せ.00404BA0
004ADD93 |. FF75 AC PUSH DWORD PTR SS:[EBP-54] //SS:[EBP-54]=BCD入栈
004ADD96 |. 68 F0E14A00 PUSH ⑾せ.004AE1F0[EBP
004ADD9B |. 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
004ADD9E |. 50 PUSH EAX
004ADD9F |. 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68]
004ADDA2 |. 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304]
004ADDA8 |. E8 A741F9FF CALL ⑾せ.00441F54DS:[
004ADDAD |. 8B45 98 MOV EAX,DWORD PTR SS:[EBP-68]//EAX=SS:[EBP-68]=ABCDE
004ADDB0 |. 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64]
004ADDB3 |. E8 C0ACF5FF CALL ⑾せ.00408A78SS:[
004ADDB8 |. 8B45 9C MOV EAX,DWORD PTR SS:[EBP-64]
004ADDBB |. B9 01000000 MOV ECX,1
004ADDC0 |. BA 05000000 MOV EDX,5
004ADDC5 |. E8 D66DF5FF CALL ⑾せ.00404BA0
004ADDCA |. FF75 A0 PUSH DWORD PTR SS:[EBP-60]
004ADDCD |. 8D45 94 LEA EAX,DWORD PTR SS:[EBP-6C]
004ADDD0 |. 50 PUSH EAX
004ADDD1 |. 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
004ADDD4 |. 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308]
004ADDDA |. E8 7541F9FF CALL ⑾せ.00441F54DS:[
004ADDDF |. 8B45 8C MOV EAX,DWORD PTR SS:[EBP-74]
004ADDE2 |. 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
004ADDE5 |. E8 8EACF5FF CALL ⑾せ.00408A78SS:[
004ADDEA |. 8B45 90 MOV EAX,DWORD PTR SS:[EBP-70]
004ADDED |. B9 03000000 MOV ECX,3
004ADDF2 |. BA 01000000 MOV EDX,1
004ADDF7 |. E8 A46DF5FF CALL ⑾せ.00404BA0
004ADDFC |. FF75 94 PUSH DWORD PTR SS:[EBP-6C] //SS:[EBP-6C]=FGH入栈
004ADDFF |. B8 084B5100 MOV EAX,⑾せ.00514B08P-6C
004ADE04 |. BA 04000000 MOV EDX,4
004ADE09 |. E8 FA6BF5FF CALL ⑾せ.00404A08
004ADE0E |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] //EAX=SS:[EBP-4]=120AIJ
//注：第一框中前两位&第二框中的最后一位&第三框中第一位&第四框中的后两位
004ADE11 |. BA FCE14A00 MOV EDX,⑾せ.004AE1FC[EBP EDX=2X66IS
004ADE16 |. E8 716CF5FF CALL ⑾せ.00404A8CDE4B 比较CALL，比较120AIJ与2X66IS
004ADE1B |. 75 2E JNZ SHORT ⑾せ.004ADE4B 不等就跳，一跳就OVER
004ADE1D |. BA 044B5100 MOV EDX,⑾せ.00514B044B
004ADE22 |. A1 F8984E00 MOV EAX,DWORD PTR DS:[4E98F8]
004ADE27 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004ADE29 |. E8 4A0B0000 CALL ⑾せ.004AE978DS:[ //算法CALL，进入
004ADE2E |. 84C0 TEST AL,AL
004ADE30 |. 74 19 JE SHORT 

--------------------------算法CALL↓
试练码变成2X345-67896-6ABCDE-FGHIS

004AE978 /$ 55 PUSH EBP
004AE979 |. 8BEC MOV EBP,ESP
004AE97B |. B9 11000000 MOV ECX,11
004AE980 |> 6A 00 /PUSH 0
004AE982 |. 6A 00 |PUSH 0
004AE984 |. 49 |DEC ECX
004AE985 |.^75 F9 \JNZ SHORT ⑾せ.004AE980
004AE987 |. 53 PUSH EBX
004AE988 |. 56 PUSH ESI
004AE989 |. 57 PUSH EDI
004AE98A |. 8BDA MOV EBX,EDX
004AE98C |. BF E4894E00 MOV EDI,⑾せ.004E89E4
004AE991 |. 33C0 XOR EAX,EAX
004AE993 |. 55 PUSH EBP
004AE994 |. 68 EBEE4A00 PUSH ⑾せ.004AEEEB
004AE999 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004AE99C |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004AE99F |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
004AE9A2 |. 8B13 MOV EDX,DWORD PTR DS:[EBX]
004AE9A4 |. E8 7F5DF5FF CALL ⑾せ.00404728DS:[
004AE9A9 |. C645 F7 01 MOV BYTE PTR SS:[EBP-9],1
004AE9AD |. B3 01 MOV BL,1
004AE9AF |. C645 F6 00 MOV BYTE PTR SS:[EBP-A],0
004AE9B3 |. C645 F5 00 MOV BYTE PTR SS:[EBP-B],0
004AE9B7 |. C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
004AE9BB |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004AE9BE |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] //EAX=SS:[EBP-8]=345-6789
004AE9C1 |. E8 B2A0F5FF CALL ⑾せ.00408A78SS:[
004AE9C6 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004AE9C9 |. E8 7A5FF5FF CALL ⑾せ.00404948SS:[
004AE9CE |. 83F8 08 CMP EAX,8 //是否为8位，不是就OVER
004AE9D1 |. 75 25 JNZ SHORT ⑾せ.004AE9F8
004AE9D3 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
004AE9D6 |. 50 PUSH EAX
004AE9D7 |. B9 01000000 MOV ECX,1
004AE9DC |. BA 04000000 MOV EDX,4
004AE9E1 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004AE9E4 |. E8 B761F5FF CALL ⑾せ.00404BA0SS:[
004AE9E9 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
004AE9EC |. BA 04EF4A00 MOV EDX,⑾せ.004AEF04[EBP
004AE9F1 |. E8 9660F5FF CALL ⑾せ.00404A8CF04[
004AE9F6 |. 74 09 JE SHORT ⑾せ.004AEA01
004AE9F8 |> C645 F7 00 MOV BYTE PTR SS:[EBP-9],0
004AE9FC |. E9 92040000 JMP ⑾せ.004AEE93 BP-
004AEA01 |> 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
004AEA04 |. B8 04EF4A00 MOV EAX,⑾せ.004AEF04[EBP
004AEA09 |. E8 7662F5FF CALL ⑾せ.00404C84F04[
004AEA0E |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
004AEA11 |. B9 01000000 MOV ECX,1
004AEA16 |. 92 XCHG EAX,EDX
004AEA17 |. E8 C461F5FF CALL ⑾せ.00404BE0 //此CALL作用是去掉“-”号
004AEA1C |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] //EAX=3456789
004AEA1F |. E8 1C61F5FF CALL ⑾せ.00404B40SS:[
004AEA24 |. 8BF0 MOV ESI,EAX //ESI=EAX=3456789
004AEA26 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
004AEA29 |. 8A16 MOV DL,BYTE PTR DS:[ESI] //DL=DS:[ESI]=33（注：3的ASCII码）
004AEA2B |. E8 405EF5FF CALL ⑾せ.00404870:[ES
004AEA30 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004AEA33 |. 8B15 E0894E00 MOV EDX,DWORD PTR DS:[4E89E0] //EDX=ABCDEFGHIJKLMNOPQRSTUVWXYZ
004AEA39 |. E8 4662F5FF CALL ⑾せ.00404C84DS:[ //此CALL的作用是比较3是否为大写字母
004AEA3E |. 85C0 TEST EAX,EAX //不是的话EAX就为0,是0就OVER,将EAX的置改为1接着调试
004AEA40 |. 75 02 JNZ SHORT ⑾せ.004AEA44
004AEA42 |. 33DB XOR EBX,EBX
004AEA44 |> 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
004AEA47 |. 8A56 01 MOV DL,BYTE PTR DS:[ESI+1] //取第二个数4
004AEA4A |. E8 215EF5FF CALL ⑾せ.00404870:[ES
004AEA4F |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C] //EDX=0123456789
004AEA52 |. 8B17 MOV EDX,DWORD PTR DS:[EDI]
004AEA54 |. E8 2B62F5FF CALL ⑾せ.00404C84DS:[ //看是否为0123456789中的数字
004AEA59 |. 85C0 TEST EAX,EAX //不是的话EAX=0,我们这正好是所以EAX=4+1=5
004AEA5B |. 75 02 JNZ SHORT ⑾せ.004AEA5F
004AEA5D |. 33DB XOR EBX,EBX
004AEA5F |> 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
004AEA62 |. 8A56 02 MOV DL,BYTE PTR DS:[ESI+2] //取第三个数5
004AEA65 |. E8 065EF5FF CALL ⑾せ.00404870:[ES
004AEA6A |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
004AEA6D |. 8B17 MOV EDX,DWORD PTR DS:[EDI]//EDX=0123456789
004AEA6F |. E8 1062F5FF CALL ⑾せ.00404C84DS:[//看是否为0123456789中的数字
004AEA74 |. 85C0 TEST EAX,EAX //不是的话EAX=0,我们这正好是所以EAX=5+1=6
004AEA76 |. 75 02 JNZ SHORT ⑾せ.004AEA7A
004AEA78 |. 33DB XOR EBX,EBX
004AEA7A |> 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004AEA7D |. 8A56 03 MOV DL,BYTE PTR DS:[ESI+3] //取第四个数6
004AEA80 |. E8 EB5DF5FF CALL ⑾せ.00404870:[ES
004AEA85 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
004AEA88 |. 8B15 E0894E00 MOV EDX,DWORD PTR DS:[4E89E0] //EDX=ABCDEFGHIJKLMNOPQRSTUVWXYZ
004AEA8E |. E8 F161F5FF CALL ⑾せ.00404C84DS:[ //是否为大写字母
004AEA93 |. 85C0 TEST EAX,EAX //不是的话EAX就为0,是0就OVER,将EAX的置改为1接着调试
004AEA95 |. 75 02 JNZ SHORT ⑾せ.004AEA99
004AEA97 |. 33DB XOR EBX,EBX
004AEA99 |> 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
004AEA9C |. 8A56 04 MOV DL,BYTE PTR DS:[ESI+4] //取第五个数7
004AEA9F |. E8 CC5DF5FF CALL ⑾せ.00404870:[ES
004AEAA4 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004AEAA7 |. 8B17 MOV EDX,DWORD PTR DS:[EDI]//EDX=0123456789
004AEAA9 |. E8 D661F5FF CALL ⑾せ.00404C84DS:[//看是否为0123456789中的数字
004AEAAE |. 85C0 TEST EAX,EAX//不是的话EAX=0,我们这正好是所以EAX=7+1=8
004AEAB0 |. 75 02 JNZ SHORT ⑾せ.004AEAB4
004AEAB2 |. 33DB XOR EBX,EBX
004AEAB4 |> 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
004AEAB7 |. 8A56 05 MOV DL,BYTE PTR DS:[ESI+5] //取第六个数8
004AEABA |. E8 B15DF5FF CALL ⑾せ.00404870:[ES
004AEABF |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
004AEAC2 |. 8B17 MOV EDX,DWORD PTR DS:[EDI] //EDX=0123456789
004AEAC4 |. E8 BB61F5FF CALL ⑾せ.00404C84DS:[//看是否为0123456789中的数字
004AEAC9 |. 85C0 TEST EAX,EAX //不是的话EAX=0,我们这正好是所以EAX=8+1=9
004AEACB |. 75 02 JNZ SHORT ⑾せ.004AEACF
004AEACD |. 33DB XOR EBX,EBX
004AEACF |> 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
004AEAD2 |. 8A56 06 MOV DL,BYTE PTR DS:[ESI+6] //取第七个数9
004AEAD5 |. E8 965DF5FF CALL ⑾せ.00404870:[ES
004AEADA |. 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30]
004AEADD |. 8B17 MOV EDX,DWORD PTR DS:[EDI]
004AEADF |. E8 A061F5FF CALL ⑾せ.00404C84DS:[ //是否为0123456789中的数字
004AEAE4 |. 85C0 TEST EAX,EAX EAX=A
004AEAE6 |. 75 02 JNZ SHORT ⑾せ.004AEAEA //不是就OVER
004AEAE8 |. 33DB XOR EBX,EBX
//以上如果有一个不合要求的话EBX清零
004AEAEA |> 84DB TEST BL,BL
004AEAEC |. 0F84 A1030000 JE ⑾せ.004AEE93
//跳到死亡处
------为了满足上面要求将试练码再变成2XA45-B7896-6ABCDE-FGHIS------ 调试
004AEAF2 |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
004AEAF5 |. 8A56 04 MOV DL,BYTE PTR DS:[ESI+4] //取第五个数7的ASCII
004AEAF8 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004AEAFB |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEAFE |. 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
004AEB01 |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
004AEB04 |. E8 1743F5FF CALL ⑾せ.00402E20SS:[
004AEB09 |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004AEB0C |. 33D2 XOR EDX,EDX
004AEB0E |. 8A16 MOV DL,BYTE PTR DS:[ESI] //DL=DS:[ESI]=41(注:第一个数的ASCII码)
004AEB10 |. 83EA 19 SUB EDX,19 //EDX=41-19=28(注:(的ASCII码
004AEB13 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL DS:[EAX+1]=DL=28
004AEB16 |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEB19 |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004AEB1C |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
004AEB1F |. B1 02 MOV CL,2
004AEB21 |. E8 CA42F5FF CALL ⑾せ.00402DF0
004AEB26 |. 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
004AEB29 |. 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
004AEB2C |. E8 EF42F5FF CALL ⑾せ.00402E20SS:[
004AEB31 |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004AEB34 |. 8A56 06 MOV DL,BYTE PTR DS:[ESI+6] //DL=DS:[ESI+6]=39
004AEB37 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL //DS:[EAX+1]=DL=39
004AEB3A |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEB3D |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004AEB40 |. 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
004AEB43 |. B1 03 MOV CL,3
004AEB45 |. E8 A642F5FF CALL ⑾せ.00402DF0
004AEB4A |. 8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40]
004AEB4D |. 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48]
004AEB50 |. E8 CB42F5FF CALL ⑾せ.00402E20SS:[
004AEB55 |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004AEB58 |. 33D2 XOR EDX,EDX
004AEB5A |. 8A56 03 MOV DL,BYTE PTR DS:[ESI+3]//DL=DS:[ESI+3]=42(注:第四个数B的ASCII码)
004AEB5D |. 83EA 1E SUB EDX,1E //EDX=42-1E=24(注:24的ASCII码为$)
004AEB60 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004AEB63 |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEB66 |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004AEB69 |. 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48]
004AEB6C |. B1 04 MOV CL,4
004AEB6E |. E8 7D42F5FF CALL ⑾せ.00402DF0 //此CALL作用应该是起连接作用
004AEB73 |. 8D55 B8 LEA EDX,DWORD PTR SS:[EBP-48] //EDX=7(9$
004AEB76 |. 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
004AEB79 |. E8 A242F5FF CALL ⑾せ.00402E20SS:[
004AEB7E |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004AEB81 |. 8A56 02 MOV DL,BYTE PTR DS:[ESI+2] //dl=35(注:A45B789的第三位,上面几个都个这样意思)
004AEB84 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004AEB87 |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEB8A |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004AEB8D |. 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
004AEB90 |. B1 05 MOV CL,5
004AEB92 |. E8 5942F5FF CALL ⑾せ.00402DF0
004AEB97 |. 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50] //EDX=7(9$5
004AEB9A |. 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58]
004AEB9D |. E8 7E42F5FF CALL ⑾せ.00402E20SS:[
004AEBA2 |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004AEBA5 |. 8A56 05 MOV DL,BYTE PTR DS:[ESI+5] //取第六位ASCII,DL=38
004AEBA8 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004AEBAB |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEBAE |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004AEBB1 |. 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58]
004AEBB4 |. B1 06 MOV CL,6
004AEBB6 |. E8 3542F5FF CALL ⑾せ.00402DF0
004AEBBB |. 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-58] //EDX=7(9$58
004AEBBE |. 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
004AEBC1 |. E8 5A42F5FF CALL ⑾せ.00402E20SS:[
004AEBC6 |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
004AEBC9 |. 8A56 01 MOV DL,BYTE PTR DS:[ESI+1] //取第二位ASCII,DL=34
004AEBCC |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004AEBCF |. C600 01 MOV BYTE PTR DS:[EAX],1
004AEBD2 |. 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
004AEBD5 |. 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
004AEBD8 |. B1 07 MOV CL,7
004AEBDA |. E8 1142F5FF CALL ⑾せ.00402DF0
004AEBDF |. 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
004AEBE2 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004AEBE5 |. E8 025DF5FF CALL ⑾せ.004048ECSS:[
004AEBEA |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] //EAX=7(9$584
004AEBED |. E8 4E5FF5FF CALL ⑾せ.00404B40SS:[
004AEBF2 |. 8BF0 MOV ESI,EAX //ESI=EAX=7(9$584

下面又开始字母和数字的比较,到这里我好晕了
004AEBF4 |. 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
004AEBF7 |. 8A56 01 MOV DL,BYTE PTR DS:[ESI+1] //第二位
004AEBFA |. E8 715CF5FF CALL ⑾せ.00404870:[ES
004AEBFF |. 8B45 9C MOV EAX,DWORD PTR SS:[EBP-64]
004AEC02 |. 8B17 MOV EDX,DWORD PTR DS:[EDI]
004AEC04 |. E8 7B60F5FF CALL ⑾せ.00404C84DS:[ //0123456789中的数字?
004AEC09 |. 85C0 TEST EAX,EAX //不是的话EAX置0,因为我们现在的不是数字,所以将0改成1,接着调试
004AEC0B |. 75 02 JNZ SHORT ⑾せ.004AEC0F
004AEC0D |. 33DB XOR EBX,EBX
004AEC0F |> 8D45 98 LEA EAX,DWORD PTR SS:[EBP-68]
004AEC12 |. 8A56 03 MOV DL,BYTE PTR DS:[ESI+3] //第四位
004AEC15 |. E8 565CF5FF CALL ⑾せ.00404870:[ES
004AEC1A |. 8B45 98 MOV EAX,DWORD PTR SS:[EBP-68]
004AEC1D |. 8B17 MOV EDX,DWORD PTR DS:[EDI]
004AEC1F |. E8 6060F5FF CALL ⑾せ.00404C84DS:[ //0123456789中的数字?
004AEC24 |. 85C0 TEST EAX,EAX //不是的话EAX置0,因为我们现在的不是数字,所以将0改成1,接着调试
004AEC26 |. 75 02 JNZ SHORT ⑾せ.004AEC2A
004AEC28 |. 33DB XOR EBX,EBX 和上面一样,要是EAX为0的话EBX就清0,清0就不好了
004AEC2A |> 84DB TEST BL,BL
004AEC2C |. 0F84 61020000 JE ⑾せ.004AEE9
--------先不要晕了,我们又将试练码改一下才能调试了,怎么改?看清了!~
假如我们在上一次假码中去掉2X66IS就剩下A45B789ABCDEFGH,我们先看前两框的即A45B789
分别取第一第四个每母的ASCII码,第一个减19第四个减1E得出的ASCII都要为某数字的ASCII
随便取一个满足上面要求的吧。再用2XI45-N6786-6BCDE-FGHIS调试，经过上面我们可得到一串字符6080574（注：第五位&第一位算得&第七位&第四位算得&第三位&第六位&第二位）

………………
004ADE29 |. E8 4A0B0000 CALL ⑾せ.004AE978潲Ν??
004ADE2E |. 84C0 TEST AL,AL 如果上面所有都成立的话，AL不为0，若不满足AL=0
004ADE30 |. 74 19 JE SHORT ⑾せ.004ADE4B //跳就OVER
004ADE32 |. BA 084B5100 MOV EDX,⑾せ.00514B08B
004ADE37 |. A1 F8984E00 MOV EAX,DWORD PTR DS:[4E98F8]
004ADE3C |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004ADE3E |. E8 4D130000 CALL ⑾せ.004AF190DS:[ //算法CALL2，跟进，和第一个差不多，不写了
004ADE43 |. 84C0 TEST AL,AL
004ADE45 |. 0F85 D9000000 JNZ

--------------算法CALL2
004AF5B7 |. 2D 91300000 SUB EAX,3091 *******就这里不同
004AF5BC |. B9 07000000 MOV ECX,7
004AF5C1 |. 99 CDQ
004AF5C2 |. F7F9 IDIV ECX
004AF5C4 |. 85D2 TEST EDX,EDX
004AF5C6 |. 75 06 JNZ SHORT ⑾せ.004AF5CE
----------------------------------------------------------------------------------
注册码整理：
3E9*7+676C=82CB=33483（注：82CB的十进制）
3+3+4+8+3=15=21
所以由上面算出注册码前两框为2XL13-V3246
再3E9*7+3091=4BF0=19440（注：4BF0的十进制）
1+9+4+4+0=18=24
又由上两式得后两框真码为6R80R-114IS
所以2XL13-V3246-6R80R-114IS为一个可用注册码
-----------------------------------------------------------------------------------------------------------------------------------------------
注册表信息保存：
REGEDIT4

[HKEY_CURRENT_USER\Software\BigA]
"6All"="L13V324R80R114"
"Mark6"="2X66IS"
---------------------------------------------------------------------------
注册机就留给高手们写吧，我快累死了