Delphi学习宝典1.2版的破解(vb版)
vc下的注册机:
软件简介:Delphi是全新的可视化编程环境,为我们提供了一种方便、快捷的Windows应用程序开发工具。它使用了Microsoft Windows图形用户界面的许多先进特性和设计思想,采用了弹性可重复利用的完整的面向对象程序语言(Object-Oriented Language)、当今世界上最快的编辑器、最为领先的数据库技术。对于广大的程序开发人员来讲,使用Delphi开发应用软件,无疑会大大地提高编程效率,而且随着应用的深入,您将会发现编程不再是枯燥无味的工作——Delphi的每一个设计细节,都将带给您一份欣喜。
破解声明:只为技术而破解!
最近心血来潮,找了些vb的咚咚,发现有的也不是很难得,这个软件的这个注册码算法很简单,嚷大侠见笑了,需要重启验证!
笨办法:当检测重启验证的时候,不行就用万能断点,虽然慢点,但一般都能发现目标
受fly兄注册表终结者的启发在MSVBVM60.rtcMidCharBstr是破解vb程序的一个很有效的断点!在004221FA处设断,他的作用是从字符串的位置i上得到相应的字符。
注册算法的开始
004221D3 > 66:3BB5 1CFFFF>CMP SI,WORD PTR SS:[EBP-E4]
004221DA . 0F8F 94000000 JG Delphi学.00422274[
004221E0 . 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30]
004221E3 . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]
004221E6 . 0FBFCE MOVSX ECX,SI
004221E9 . 50 PUSH EAX
004221EA . 51 PUSH ECX
004221EB . 52 PUSH EDX
004221EC . C745 BC 010000>MOV DWORD PTR SS:[EBP-44],1
004221F3 . C745 B4 020000>MOV DWORD PTR SS:[EBP-4C],2
004221FA . FF15 80104000 CALL DWORD PTR DS:[<&MSVBVM60.#631>] ; MSVBVM60.rtcMidCharBstr
//设断
00422200 . 50 PUSH EAX
00422201 . 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
00422204 . 50 PUSH EAX
00422205 . 6A 01 PUSH 1
00422207 . FF15 E8104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLsetFixstrFree>>; MSVBVM60.__vbaLsetFixstrFree
0042220D . 8D4D B4 LEA ECX,DWORD PTR SS:[EBP-4C]
00422210 . FF15 14104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
00422216 . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
00422219 . 51 PUSH ECX
0042221A . 6A 01 PUSH 1
0042221C . FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrFixstr>] ; MSVBVM60.__vbaStrFixstr
00422222 . 8BD0 MOV EDX,EAX
00422224 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00422227 . FF15 60114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0042222D . 50 PUSH EAX
0042222E . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.#516>] ; MSVBVM60.rtcAnsiValueBstr
00422234 . 8B55 C8 MOV EDX,DWORD PTR SS:[EBP-38]
00422237 . 52 PUSH EDX
00422238 . 8BD8 MOV EBX,EAX
0042223A . 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
0042223D . 50 PUSH EAX
0042223E . 6A 01 PUSH 1
00422240 . FF15 3C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLsetFixstr>] ; MSVBVM60.__vbaLsetFixstr
00422246 . 0FBFCB MOVSX ECX,BX
00422249 . 03CF ADD ECX,EDI
0042224B . 0F80 92030000 JO Delphi学.004225E3
00422251 . 8BF9 MOV EDI,ECX
00422253 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00422256 . FF15 80114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
0042225C . 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]
0042225F . B8 01000000 MOV EAX,1
00422264 . 66:03C6 ADD AX,SI
00422267 . 0F80 76030000 JO Delphi学.004225E3 //当用户名取完后,跳出
0042226D . 8BF0 MOV ESI,EAX
0042226F .^E9 5FFFFFFF JMP Delphi学.004221D3
//以上的作用是取用户名的相应字符的ascii码累加,存入eax中,并转入edi
例如mejy ----'m'+'e'+'j'+'y'==1b5
00422274 > 8B13 MOV EDX,DWORD PTR DS:[EBX]
00422276 . 69FF 87D61200 IMUL EDI,EDI,12D687 乘法将用户名ascii码的累加结果
与12d687(十六进制)相乘,结果存入edi中
这就是注册码的算法了,很简单!(他的十进制就是他的注册码)
0042227C . 0F80 61030000 JO Delphi学.004225E3
00422282 . 53 PUSH EBX
00422283 . 897D CC MOV DWORD PTR SS:[EBP-34],EDI
00422286 . FF92 00030000 CALL DWORD PTR DS:[EDX+300]
0042228C 8B3D 5C104000 MOV EDI,DWORD PTR
DS:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
00422292 . 50 PUSH EAX
00422293 . 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
00422296 . 50 PUSH EAX
00422297 . FFD7 CALL EDI
; <&MSVBVM60.__vbaObjSet>
00422299 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
0042229C . 8BF0 MOV ESI,EAX
0042229E . 8B0E MOV ECX,DWORD PTR DS:[ESI]
004222A0 . 52 PUSH EDX
004222A1 . 56 PUSH ESI
004222A2 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
004222A8 . DBE2 FCLEX
004222AA . 85C0 TEST EAX,EAX
004222AC . 7D 12 JGE SHORT Delphi学.004222C0
004222AE . 68 A0000000 PUSH 0A0
004222B3 . 68 C0874000 PUSH Delphi学.004087C0
004222B8 . 56 PUSH ESI
004222B9 . 50 PUSH EAX
004222BA . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004222C0 > DB45 CC FILD DWORD PTR SS:[EBP-34] //经过浮点运算得到上面结果的,十进制
004222C3 . 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]
//输入的假序列号入栈
004222C6 . 50 PUSH EAX
004222C7 . DD9D 08FFFFFF FSTP QWORD PTR SS:[EBP-F8]
//此时能看见正确序列号的浮点数形式
004222CD . FF15 00114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaR8Str>] ; MSVBVM60.__vbaR8Str
//将字符串转化为双精度型
004222D3 . DC9D 08FFFFFF FCOMP QWORD PTR SS:[EBP-F8]
//假序列号的浮点数形式
004222D9 . DFE0 FSTSW AX
004222DB . F6C4 40 TEST AH,40 //比较语句
004222DE 74 07 JE SHORT Delphi学.004222E7 //关键跳转 爆破点1
004222E0 . B8 01000000 MOV EAX,1
004222E5 . EB 02 JMP SHORT Delphi学.004222E9
004222E7 > 33C0 XOR EAX,EAX
004222E9 > F7D8 NEG EAX
004222EB . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
004222EE . 8BF0 MOV ESI,EAX
004222F0 . FF15 80114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStr>]
; MSVBVM60.__vbaFreeStr
004222F6 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
004222F9 . FF15 7C114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeObj>]
; MSVBVM60.__vbaFreeObj
004222FF . 66:85F6 TEST SI,SI
00422302 . 0F84 C3010000 JE Delphi学.004224CB
以下是程序启动时验证注册码的部分,先从注册表中读出用户名(当然先要成功注册即要修改上面的爆破点1)
0041430B > 66:3B75 94 CMP SI,WORD PTR SS:[EBP-6C]
0041430F . 0F8F 8F000000 JG Delphi学.004143A4[
00414315 . 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
00414318 . 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
0041431B . 0FBFCE MOVSX ECX,SI
0041431E . 50 PUSH EAX
0041431F . 51 PUSH ECX
00414320 . 52 PUSH EDX
00414321 . C745 D0 010000>MOV DWORD PTR SS:[EBP-30],1
00414328 . C745 C8 020000>MOV DWORD PTR SS:[EBP-38],2
0041432F . FF15 80104000 CALL DWORD PTR DS:[<&MSVBVM60.#631>] ; MSVBVM60.rtcMidCharBstr
00414335 . 50 PUSH EAX
00414336 . 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
00414339 . 50 PUSH EAX
0041433A . 6A 01 PUSH 1
0041433C . FF15 E8104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLsetF>; MSVBVM60.__vbaLsetFixstrFree
00414342 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
00414345 . FF15 14104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVar
0041434B . 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
0041434E . 51 PUSH ECX
0041434F . 6A 01 PUSH 1
00414351 . FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrFi>; MSVBVM60.__vbaStrFixstr
00414357 . 8BD0 MOV EDX,EAX
00414359 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
0041435C . FFD3 CALL EBX
0041435E . 50 PUSH EAX
0041435F . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.#516>] ; MSVBVM60.rtcAnsiValueBstr
00414365 . 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
00414368 . 52 PUSH EDX
00414369 . 8945 A4 MOV DWORD PTR SS:[EBP-5C],EAX
0041436C . 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
0041436F . 50 PUSH EAX
00414370 . 6A 01 PUSH 1
00414372 . FF15 3C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLsetF>; MSVBVM60.__vbaLsetFixstr
00414378 . 0FBF4D A4 MOVSX ECX,WORD PTR SS:[EBP-5C]
0041437C . 03CF ADD ECX,EDI
0041437E . 0F80 7F020000 JO Delphi学.00414603
00414384 . 8BF9 MOV EDI,ECX
00414386 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
00414389 . FF15 80114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
0041438F . B8 01000000 MOV EAX,1
00414394 . 66:03C6 ADD AX,SI
00414397 . 0F80 66020000 JO Delphi学.00414603
0041439D . 8BF0 MOV ESI,EAX
0041439F .^E9 67FFFFFF JMP Delphi学.0041430B 和上面的算法一样
004143A4 > 8B75 E0 MOV ESI,DWORD PTR SS:[EBP-20]
004143A7 . 69FF 87D61200 IMUL EDI,EDI,12D687
004143AD . 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
004143B0 . 0F80 4D020000 JO Delphi学.00414603S
004143B6 . 33D2 XOR EDX,EDX
004143B8 . 3BF7 CMP ESI,EDI
004143BA . 0F95C2 SETNE DL
004143BD . 50 PUSH EAX
004143BE . 68 80684000 PUSH Delphi学.00406880
004143C3 . 4A DEC EDX
004143C4 . 66:8915 484042>MOV WORD PTR DS:[424048],DX
004143CB . FF15 94104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp
004143D1 . 85C0 TEST EAX,EAX
004143D3 . 74 04 JE SHORT Delphi学.004143D9
004143D5 . 85F6 TEST ESI,ESI
004143D7 . 75 09 JNZ SHORT Delphi学.004143E2
004143D9 > 66:C705 484042>MOV WORD PTR DS:[424048],0
004143E2 > 66:833D 484042>CMP WORD PTR DS:[424048],0
004143EA 0F84 55010000 JE Delphi学.004145454 此处为关键跳转,爆破点2
004143F0 . A1 10404200 MOV EAX,DWORD PTR DS:[424010]
004143F5 . 85C0 TEST EAX,EAX
004143F7 . 75 10 JNZ SHORT Delphi学.00414409
004143F9 . 68 10404200 PUSH Delphi学.004240101
004143FE . 68 48384000 PUSH Delphi学.004038481
00414403 . FF15 08114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaNew2>>; MSVBVM60.__vbaNew2
00414409 > 8B35 10404200 MOV ESI,DWORD PTR DS:[424010]
0041440F . 8B0E MOV ECX,DWORD PTR DS:[ESI]
00414411 . 6A 0B PUSH 0B
00414413 . 56 PUSH ESI
更改上述两个爆破点后,可使其成为注册办,但还是有功能限制,这需要继续跟踪,在每个功能限制的地方,改掉关键跳转就能解除限制,这儿我就不跟踪下去了,因为毕竟注册码算法已找到。有兴趣可以做作 ! :)
写完了呵呵!
注册信息保存在hkey_CURRent_USERSOFTWAREVB AND VBA program SETtingsDelphi学习宝典信息下面。。删掉key的键值可重新注册!
目的是增强大家破解vb的信心!让大家笑话了!
一个可用的注册码:mejy-------539505779
char h[15],ch;
int i=0;
m_zcm=0;
UpdateData(TRUE);
strcpy(h,m_yhm);
while(h[i]!=' ')
{
ch=int(h[i]);
m_zcm+=ch;
i++;
}
m_zcm*=1234567;
UpdateData(FALSE);
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _
----------------******---------------
--------------"欢迎交流"------------------
----------------******---------------
【BCG】【FCG】【DFCG】【NUKE】【IPB】
-----------学习、学习、在练习----------