【破解作者】 blue_devil_bomb
【作者邮箱】 ninesunnine@sina.com or booksunwang@21cn.com
【使用工具】 OllyDbg1.09
【破解平台】 Win2000
【软件名称】 决战单词1.7
【下载地址】 网上到处都是
【软件简介】 学好英语是我们很多人的夙愿!要实现这个美好的梦想,记大量的单词是必不可少的重要环节。但长久以来我们饱受记单词效率低下、遗忘快的折磨,而找不到有效的办法。但现在,我们会因为有决战单词而成倍地提高记单词的效率,并使记忆牢固。记单词已经告别了传统的死记硬背、枯燥无味,而走上从容、轻松、愉快之路!!
【软件大小】 8.65MB(安装后)
【加壳方式】 未加壳 VB程序
【破解声明】 不为破解而破解,只为学习而破解
--------------------------------------------------------------------------------
【破解内容】
VB程序,利用smartcheck或利用olldbg等软件设端点vbastrcmp 既可!
代码:
004C985E . 51 PUSH ECX //真正的注册码后面的8个 004C985F . 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30] 004C9862 . 52 PUSH EDX 004C9863 . 8B35 50114000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrCmp 004C9869 . FFD6 CALL ESI ; <&MSVBVM60.__vbaStrCmp> 004C986B . 8BF8 MOV EDI,EAX 004C986D . F7DF NEG EDI 004C986F . 1BFF SBB EDI,EDI 004C9871 . F7DF NEG EDI 004C9873 . 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] 004C9876 . 50 PUSH EAX //真正的注册码前面8个 004C9877 . 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] 004C987A . 51 PUSH ECX 004C987B . FFD6 CALL ESI 16位注册码,中间插入"-"如 07B78115-198BF478 该软件作内存注册机很容易,为了达到提高水平的目的,我决定找出注册算法,写出算法注册机!! 由于我破解该软件有一段时间了,为方便阅读,详细破解过程如下! 004C97A9 > 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C] ; 堆栈值为JmgDBWords 004C97AC . 50 PUSH EAX 004C97AD . E8 5E010000 CALL DBWords.004C9910 ; 计算JmgDBWords对应值 004C97B2 . 8BD0 MOV EDX,EAX 004C97B4 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44] 004C97B7 . FFD6 CALL ESI 004C97B9 . 50 PUSH EAX 004C97BA . 8B1D 7C124000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaI4>; MSVBVM60.__vbaI4Str 004C97C0 . FFD3 CALL EBX ; <&MSVBVM60.__vbaI4Str>转换成16进制0x1 004C97C2 . 8BF8 MOV EDI,EAX 004C97C4 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28] 004C97C7 . 51 PUSH ECX ; 注册机器码的前四个字节 004C97C8 . E8 43010000 CALL DBWords.004C9910 ; 计算出值 004C97CD . 8BD0 MOV EDX,EAX 004C97CF . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40] 004C97D2 . FFD6 CALL ESI 004C97D4 . 50 PUSH EAX 004C97D5 . FFD3 CALL EBX ; 转换成16进制0x2 004C97D7 . 33F8 XOR EDI,EAX ; 0x1^0x2=0x3; 004C97D9 . 89BD 78FFFFFF MOV DWORD PTR SS:[EBP-88],EDI 004C97DF . 8D95 78FFFFFF LEA EDX,DWORD PTR SS:[EBP-88] 004C97E5 . 52 PUSH EDX 004C97E6 . E8 A5EA0500 CALL DBWords.00528290 004C97EB . 8BD0 MOV EDX,EAX 004C97ED . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24] 004C97F0 . FFD6 CALL ESI 004C97F2 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44] 004C97F5 . 50 PUSH EAX 004C97F6 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40] 004C97F9 . 51 PUSH ECX 004C97FA . 6A 02 PUSH 2 004C97FC . FF15 80124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStrList 004C9802 . 83C4 0C ADD ESP,0C 004C9805 . 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C] 004C9808 . 52 PUSH EDX ; 堆栈值为JmgDBWords 004C9809 . E8 02010000 CALL DBWords.004C9910 ; 计算JmgDBWords对应值 004C980E . 8BD0 MOV EDX,EAX 004C9810 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44] 004C9813 . FFD6 CALL ESI 004C9815 . 50 PUSH EAX 004C9816 . FFD3 CALL EBX ; 转换成16进制0x4 004C9818 . 8BF8 MOV EDI,EAX 004C981A . 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38] 004C981D . 50 PUSH EAX ; 注册机器码的右4个字节 004C981E . E8 ED000000 CALL DBWords.004C9910 004C9823 . 8BD0 MOV EDX,EAX 004C9825 . 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40] 004C9828 . FFD6 CALL ESI 004C982A . 50 PUSH EAX 004C982B . FFD3 CALL EBX ; 转换成16进制0x5; 004C982D . 33F8 XOR EDI,EAX ; 0x4^0x5=0x6; 004C982F . 89BD 78FFFFFF MOV DWORD PTR SS:[EBP-88],EDI 004C9835 . 8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88] 004C983B . 51 PUSH ECX 004C983C . E8 4FEA0500 CALL DBWords.00528290 004C9841 . 8BD0 MOV EDX,EAX 004C9843 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C] 004C9846 . FFD6 CALL ESI 004C9848 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44] 004C984B . 52 PUSH EDX 004C984C . 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40] 004C984F . 50 PUSH EAX 004C9850 . 6A 02 PUSH 2 004C9852 . FF15 80124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStrList 004C9858 . 83C4 0C ADD ESP,0C 004C985B . 8B4D C4 MOV ECX,DWORD PTR SS:[EBP-3C] 004C985E . 51 PUSH ECX ;真正的注册码后面的8个 004C985F . 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30] 004C9862 . 52 PUSH EDX 004C9863 . 8B35 50114000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrCmp 004C9869 . FFD6 CALL ESI ;比较输入信息与真正注册码后8 0x6 004C986B . 8BF8 MOV EDI,EAX 004C986D . F7DF NEG EDI 004C986F . 1BFF SBB EDI,EDI 004C9871 . F7DF NEG EDI 004C9873 . 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] 004C9876 . 50 PUSH EAX ;真正的注册码前面8个 0x3 004C9877 . 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] 004C987A . 51 PUSH ECX 004C987B . FFD6 CALL ESI ;比较输入信息与真正注册码前8 004C987D . F7D8 NEG EAX 004C987F . 1BC0 SBB EAX,EAX 004C9881 . F7D8 NEG EAX 004C9883 . 23F8 AND EDI,EAX 004C9885 . F7DF NEG EDI 004C9887 . 1BFF SBB EDI,EDI 004C9889 . F7DF NEG EDI 004C988B . 4F DEC EDI 004C988C . 897D D4 MOV DWORD PTR SS:[EBP-2C],EDI 004C988F . FF15 C4104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaExitP>; MSVBVM60.__vbaExitProc 004C9895 . 68 F2984C00 PUSH DBWords.004C98F2 CALL DBWords.004C9910函数: 004C9910 $ 55 PUSH EBP 004C9911 . 8BEC MOV EBP,ESP 004C9913 . 83EC 0C SUB ESP,0C 004C9916 . 68 56754000 PUSH <JMP.&MSVBVM60.__vbaExceptHandler> ; SE handler installation 004C991B . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 004C9921 . 50 PUSH EAX 004C9922 . 64:8925 000000>MOV DWORD PTR FS:[0],ESP 004C9929 . 81EC E0000000 SUB ESP,0E0 004C992F . 53 PUSH EBX 004C9930 . 56 PUSH ESI 004C9931 . 57 PUSH EDI 004C9932 . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP 004C9935 . C745 F8 F81F40>MOV DWORD PTR SS:[EBP-8],DBWords.00401FF> 004C993C . 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 004C993F . 8B08 MOV ECX,DWORD PTR DS:[EAX] 004C9941 . 33F6 XOR ESI,ESI 004C9943 . 51 PUSH ECX 004C9944 . 8975 E0 MOV DWORD PTR SS:[EBP-20],ESI 004C9947 . 8975 DC MOV DWORD PTR SS:[EBP-24],ESI 004C994A . 8975 D4 MOV DWORD PTR SS:[EBP-2C],ESI 004C994D . 8975 D0 MOV DWORD PTR SS:[EBP-30],ESI 004C9950 . 8975 BC MOV DWORD PTR SS:[EBP-44],ESI 004C9953 . 8975 AC MOV DWORD PTR SS:[EBP-54],ESI 004C9956 . 8975 9C MOV DWORD PTR SS:[EBP-64],ESI 004C9959 . 8975 8C MOV DWORD PTR SS:[EBP-74],ESI 004C995C . 89B5 7CFFFFFF MOV DWORD PTR SS:[EBP-84],ESI 004C9962 . 89B5 6CFFFFFF MOV DWORD PTR SS:[EBP-94],ESI 004C9968 . 89B5 5CFFFFFF MOV DWORD PTR SS:[EBP-A4],ESI 004C996E . 89B5 4CFFFFFF MOV DWORD PTR SS:[EBP-B4],ESI 004C9974 . 89B5 3CFFFFFF MOV DWORD PTR SS:[EBP-C4],ESI 004C997A . 89B5 2CFFFFFF MOV DWORD PTR SS:[EBP-D4],ESI 004C9980 . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr 要计算字串长度 004C9986 . 8BC8 MOV ECX,EAX 004C9988 . FF15 70114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaI2I4>>; MSVBVM60.__vbaI2I4 004C998E . 8B1D 44104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeVarList 004C9994 . BF 01000000 MOV EDI,1 循环起点 004C9999 . 8945 CC MOV DWORD PTR SS:[EBP-34],EAX eax循环长度 004C999C > 66:3B7D CC CMP DI,WORD PTR SS:[EBP-34] 判断循环是否结束 004C99A0 . 0F8F B1010000 JG DBWords.004C9B57 004C99A6 . 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] 004C99A9 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44] 004C99AC . 50 PUSH EAX 004C99AD . 0FBFCF MOVSX ECX,DI 004C99B0 . 8995 54FFFFFF MOV DWORD PTR SS:[EBP-AC],EDX 004C99B6 . 51 PUSH ECX 004C99B7 . 8D95 4CFFFFFF LEA EDX,DWORD PTR SS:[EBP-B4] 004C99BD . 52 PUSH EDX 004C99BE . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54] 004C99C1 . 50 PUSH EAX 004C99C2 . C745 C4 010000>MOV DWORD PTR SS:[EBP-3C],1 004C99C9 . C745 BC 020000>MOV DWORD PTR SS:[EBP-44],2 004C99D0 . C785 4CFFFFFF >MOV DWORD PTR SS:[EBP-B4],4008 004C99DA . FF15 2C114000 CALL DWORD PTR DS:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar 取字串第i个字符 004C99E0 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54] 004C99E3 . 51 PUSH ECX 004C99E4 . FF15 34104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarMove 004C99EA . 8BD0 MOV EDX,EAX 004C99EC . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20] 004C99EF . FF15 F8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove 004C99F5 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54] 004C99F8 . 52 PUSH EDX 004C99F9 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44] 004C99FC . 50 PUSH EAX 004C99FD . 6A 02 PUSH 2 004C99FF . FFD3 CALL EBX 004C9A01 . 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] 004C9A04 . 83C4 0C ADD ESP,0C 004C9A07 . 51 PUSH ECX 004C9A08 . FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.#516>] ; MSVBVM60.rtcAnsiValueBstr 004C9A0E . 66:3D FF00 CMP AX,0FF 004C9A12 . 0F8F C7000000 JG DBWords.004C9ADF 004C9A18 . 66:3BC6 CMP AX,SI 004C9A1B . 0F8C BE000000 JL DBWords.004C9ADF 004C9A21 . 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] 004C9A24 . 52 PUSH EDX 004C9A25 . FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.#516>] ; MSVBVM60.rtcAnsiValueBstr 第i个字符的ASCII值放到EAX 004C9A2B . 8BC8 MOV ECX,EAX 004C9A2D . FF15 B4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaUI1I2>; MSVBVM60.__vbaUI1I2 004C9A33 . 8B4D D0 MOV ECX,DWORD PTR SS:[EBP-30] 004C9A36 . 66:0FB6F0 MOVZX SI,AL 004C9A3A . 66:8BC6 MOV AX,SI 004C9A3D . 66:99 CWD 004C9A3F . 898D 44FFFFFF MOV DWORD PTR SS:[EBP-BC],ECX 004C9A45 . 66:B9 0A00 MOV CX,0A 004C9A49 . 66:F7F9 IDIV CX 004C9A4C . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54] 004C9A4F . C785 3CFFFFFF >MOV DWORD PTR SS:[EBP-C4],8 004C9A59 . C745 BC 020000>MOV DWORD PTR SS:[EBP-44],2 004C9A60 . 66:8955 C4 MOV WORD PTR SS:[EBP-3C],DX ;余数存放 004C9A64 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44] 004C9A67 . 52 PUSH EDX 004C9A68 . 50 PUSH EAX 004C9A69 . FF15 D0124000 CALL DWORD PTR DS:[<&MSVBVM60.#613>] ; MSVBVM60.rtcVarStrFromVar 004C9A6F . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54] 004C9A72 . 51 PUSH ECX 004C9A73 . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64] 004C9A76 . 52 PUSH EDX 004C9A77 . FF15 04114000 CALL DWORD PTR DS:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar 004C9A7D . 8D85 3CFFFFFF LEA EAX,DWORD PTR SS:[EBP-C4] 004C9A83 . 50 PUSH EAX 004C9A84 . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64] 004C9A87 . 51 PUSH ECX 004C9A88 . 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74] 004C9A8B . 52 PUSH EDX ;堆栈存放i位前字符ASCII值/10余数 004C9A8C . FF15 2C124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCa>; MSVBVM60.__vbaVarCat 将余数连接 004C9A92 . 50 PUSH EAX 004C9A93 . FF15 34104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarMove 004C9A99 . 8BD0 MOV EDX,EAX 004C9A9B . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30] 004C9A9E . FF15 F8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove 004C9AA4 . 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74] 004C9AA7 . 50 PUSH EAX 004C9AA8 . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64] 004C9AAB . 51 PUSH ECX 004C9AAC . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54] 004C9AAF . 52 PUSH EDX 004C9AB0 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44] 004C9AB3 . 50 PUSH EAX 004C9AB4 . 6A 04 PUSH 4 004C9AB6 . FFD3 CALL EBX 004C9AB8 . 83C4 14 ADD ESP,14 004C9ABB . 66:0375 D4 ADD SI,WORD PTR SS:[EBP-2C] 004C9ABF . B8 01000000 MOV EAX,1 004C9AC4 . 0F80 1E030000 JO DBWords.004C9DE8 004C9ACA . 66:03C7 ADD AX,DI 004C9ACD . 0F80 15030000 JO DBWords.004C9DE8 004C9AD3 . 8975 D4 MOV DWORD PTR SS:[EBP-2C],ESI //存贮字串ASCII值累加和 004C9AD6 . 33F6 XOR ESI,ESI 004C9AD8 . 8BF8 MOV EDI,EAX 004C9ADA .^E9 BDFEFFFF JMP DBWords.004C999C 004C9ADF > B9 0A000000 MOV ECX,0A 004C9AE4 . B8 04000280 MOV EAX,80020004 004C9AE9 . 894D 8C MOV DWORD PTR SS:[EBP-74],ECX 004C9AEC . 894D 9C MOV DWORD PTR SS:[EBP-64],ECX 004C9AEF . 894D AC MOV DWORD PTR SS:[EBP-54],ECX 004C9AF2 . 8D95 4CFFFFFF LEA EDX,DWORD PTR SS:[EBP-B4] 004C9AF8 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44] 004C9AFB . 8945 94 MOV DWORD PTR SS:[EBP-6C],EAX 004C9AFE . 8945 A4 MOV DWORD PTR SS:[EBP-5C],EAX 004C9B01 . 8945 B4 MOV DWORD PTR SS:[EBP-4C],EAX 004C9B04 . C785 54FFFFFF >MOV DWORD PTR SS:[EBP-AC],DBWords.004611> 004C9B0E . C785 4CFFFFFF >MOV DWORD PTR SS:[EBP-B4],8 004C9B18 . FF15 BC124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarDu>; MSVBVM60.__vbaVarDup 004C9B1E . 8D4D 8C LEA ECX,DWORD PTR SS:[EBP-74] 004C9B21 . 51 PUSH ECX 004C9B22 . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64] 004C9B25 . 52 PUSH EDX 004C9B26 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54] 004C9B29 . 50 PUSH EAX 004C9B2A . 56 PUSH ESI 004C9B2B . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44] 004C9B2E . 51 PUSH ECX 004C9B2F . FF15 E0104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox 004C9B35 . 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74] 004C9B38 . 52 PUSH EDX 004C9B39 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64] 004C9B3C . 50 PUSH EAX 004C9B3D . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54] 004C9B40 . 51 PUSH ECX 004C9B41 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44] 004C9B44 . 52 PUSH EDX 004C9B45 . 6A 04 PUSH 4 004C9B47 . FFD3 CALL EBX 004C9B49 . 9B WAIT 004C9B4A . 83C4 14 ADD ESP,14 004C9B4D . 68 D29D4C00 PUSH DBWords.004C9DD2 004C9B52 . E9 6A020000 JMP DBWords.004C9DC1 004C9B57 > 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30] //字符ASCII值/10余数串成新串 004C9B5A . 50 PUSH EAX 004C9B5B . FF15 30104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr 004C9B61 . 83F8 04 CMP EAX,4 004C9B64 . 7C 62 JL SHORT DBWords.004C9BC8 004C9B66 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44] 004C9B69 . 52 PUSH EDX 004C9B6A . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30] 004C9B6D . 6A 02 PUSH 2 004C9B6F . 8D85 4CFFFFFF LEA EAX,DWORD PTR SS:[EBP-B4] 004C9B75 . 898D 54FFFFFF MOV DWORD PTR SS:[EBP-AC],ECX 004C9B7B . 50 PUSH EAX 004C9B7C . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54] 004C9B7F . 51 PUSH ECX 004C9B80 . C745 C4 030000>MOV DWORD PTR SS:[EBP-3C],3 ;取3位 004C9B87 . C745 BC 020000>MOV DWORD PTR SS:[EBP-44],2 ;起点2 004C9B8E . C785 4CFFFFFF >MOV DWORD PTR SS:[EBP-B4],4008 004C9B98 . FF15 2C114000 CALL DWORD PTR DS:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar 004C9B9E . 8B3D 34104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrVarMove 004C9BA4 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54] 004C9BA7 . 52 PUSH EDX 004C9BA8 . FFD7 CALL EDI ; 取字串的2,3,4位和成一数=a 004C9BAA . 8B35 F8124000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrMove 004C9BB0 . 8BD0 MOV EDX,EAX 004C9BB2 . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30] 004C9BB5 . FFD6 CALL ESI ; <&MSVBVM60.__vbaStrMove> 004C9BB7 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54] 004C9BBA . 50 PUSH EAX 004C9BBB . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44] 004C9BBE . 51 PUSH ECX 004C9BBF . 6A 02 PUSH 2 004C9BC1 . FFD3 CALL EBX 004C9BC3 . 83C4 0C ADD ESP,0C 004C9BC6 . EB 0C JMP SHORT DBWords.004C9BD4 004C9BC8 > 8B35 F8124000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrMove 004C9BCE . 8B3D 34104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrVarMove 004C9BD4 > 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30] 004C9BD7 . 52 PUSH EDX 004C9BD8 . FF15 40134000 CALL DWORD PTR DS:[<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr 004C9BDE . FF15 E0124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFpI4>>; MSVBVM60.__vbaFpI4 004C9BE4 . 35 E8030000 XOR EAX,3E8 ; a^=0x3e8; 004C9BE9 . 8945 C4 MOV DWORD PTR SS:[EBP-3C],EAX 004C9BEC . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44] 004C9BEF . 50 PUSH EAX 004C9BF0 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54] 004C9BF3 . 51 PUSH ECX 004C9BF4 . C745 BC 030000>MOV DWORD PTR SS:[EBP-44],3 004C9BFB . FF15 D0124000 CALL DWORD PTR DS:[<&MSVBVM60.#613>] ; MSVBVM60.rtcVarStrFromVar 004C9C01 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54] 004C9C04 . 52 PUSH EDX 004C9C05 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64] 004C9C08 . 50 PUSH EAX 004C9C09 . FF15 04114000 CALL DWORD PTR DS:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar 004C9C0F . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64] 004C9C12 . 51 PUSH ECX 004C9C13 . FFD7 CALL EDI 004C9C15 . 8BD0 MOV EDX,EAX 004C9C17 . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30] 004C9C1A . FFD6 CALL ESI 004C9C1C . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64] 004C9C1F . 52 PUSH EDX 004C9C20 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54] 004C9C23 . 50 PUSH EAX 004C9C24 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44] 004C9C27 . 51 PUSH ECX 004C9C28 . 6A 03 PUSH 3 004C9C2A . FFD3 CALL EBX 004C9C2C . 66:8B45 D4 MOV AX,WORD PTR SS:[EBP-2C] ;原始字串字符ASCII值和=b 004C9C30 . 66:99 CWD 004C9C32 . 66:B9 E803 MOV CX,3E8 004C9C36 . 66:F7F9 IDIV CX 004C9C39 . 83C4 10 ADD ESP,10 004C9C3C . 8955 D4 MOV DWORD PTR SS:[EBP-2C],EDX 004C9C3F . 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30] 004C9C42 . 52 PUSH EDX 004C9C43 . FF15 40134000 CALL DWORD PTR DS:[<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr 004C9C49 . FF15 E0124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFpI4>>; MSVBVM60.__vbaFpI4 004C9C4F . 0FBF4D D4 MOVSX ECX,WORD PTR SS:[EBP-2C] 004C9C53 . 33C1 XOR EAX,ECX ; b^=a; 004C9C55 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44] 004C9C58 . 8945 C4 MOV DWORD PTR SS:[EBP-3C],EAX 004C9C5B . 52 PUSH EDX 004C9C5C . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54] 004C9C5F . 50 PUSH EAX 004C9C60 . C745 BC 030000>MOV DWORD PTR SS:[EBP-44],3 004C9C67 . FF15 D0124000 CALL DWORD PTR DS:[<&MSVBVM60.#613>] ; MSVBVM60.rtcVarStrFromVar 004C9C6D . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54] 004C9C70 . 51 PUSH ECX 004C9C71 . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64] 004C9C74 . 52 PUSH EDX 004C9C75 . FF15 04114000 CALL DWORD PTR DS:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar 004C9C7B . 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4] 004C9C81 . 51 PUSH ECX 004C9C82 . 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74] 004C9C85 . 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C] 004C9C88 . 52 PUSH EDX 004C9C89 . 8985 44FFFFFF MOV DWORD PTR SS:[EBP-BC],EAX 004C9C8F . C785 3CFFFFFF >MOV DWORD PTR SS:[EBP-C4],4002 004C9C99 . FF15 D0124000 CALL DWORD PTR DS:[<&MSVBVM60.#613>] ; MSVBVM60.rtcVarStrFromVar 004C9C9F . 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74] 004C9CA2 . 50 PUSH EAX 004C9CA3 . 8D8D 7CFFFFFF LEA ECX,DWORD PTR SS:[EBP-84] 004C9CA9 . 51 PUSH ECX 004C9CAA . FF15 04114000 CALL DWORD PTR DS:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar 004C9CB0 . 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30] 004C9CB3 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64] 004C9CB6 . 50 PUSH EAX 004C9CB7 . 8D8D 7CFFFFFF LEA ECX,DWORD PTR SS:[EBP-84] 004C9CBD . 8995 34FFFFFF MOV DWORD PTR SS:[EBP-CC],EDX 004C9CC3 . 51 PUSH ECX 004C9CC4 . 8D95 6CFFFFFF LEA EDX,DWORD PTR SS:[EBP-94] 004C9CCA . 52 PUSH EDX 004C9CCB . C785 2CFFFFFF >MOV DWORD PTR SS:[EBP-D4],8 004C9CD5 . FF15 2C124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCa>; ; 字串连接 004C9CDB . 50 PUSH EAX 004C9CDC . 8D85 2CFFFFFF LEA EAX,DWORD PTR SS:[EBP-D4] 004C9CE2 . 50 PUSH EAX 004C9CE3 . 8D8D 5CFFFFFF LEA ECX,DWORD PTR SS:[EBP-A4] 004C9CE9 . 51 PUSH ECX 004C9CEA . FF15 2C124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCa>; ; 字串连接 004C9CF0 . 50 PUSH EAX 004C9CF1 . FFD7 CALL EDI 004C9CF3 . 8BD0 MOV EDX,EAX ; eax存放计算结果 004C9CF5 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24] 004C9CF8 . FFD6 CALL ESI 004C9CFA . 8D95 5CFFFFFF LEA EDX,DWORD PTR SS:[EBP-A4] 004C9D00 . 52 PUSH EDX 004C9D01 . 8D85 6CFFFFFF LEA EAX,DWORD PTR SS:[EBP-94] 004C9D07 . 50 PUSH EAX 004C9D08 . 8D8D 7CFFFFFF LEA ECX,DWORD PTR SS:[EBP-84] 004C9D0E . 51 PUSH ECX 004C9D0F . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64] 004C9D12 . 52 PUSH EDX 004C9D13 . 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74] 004C9D16 . 50 PUSH EAX 004C9D17 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54] 004C9D1A . 51 PUSH ECX 004C9D1B . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44] 004C9D1E . 52 PUSH EDX 004C9D1F . 6A 07 PUSH 7 004C9D21 . FFD3 CALL EBX 004C9D23 . 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] 004C9D26 . 83C4 20 ADD ESP,20 004C9D29 . 50 PUSH EAX 004C9D2A . FF15 5C124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaR8Str>; MSVBVM60.__vbaR8Str 004C9D30 . DC1D F01F4000 FCOMP QWORD PTR DS:[401FF0] 004C9D36 . DFE0 FSTSW AX 004C9D38 . F6C4 41 TEST AH,41 004C9D3B . 75 3C JNZ SHORT DBWords.004C9D79 004C9D3D . 6A 09 PUSH 9 004C9D3F . 8D95 4CFFFFFF LEA EDX,DWORD PTR SS:[EBP-B4] 004C9D45 . 52 PUSH EDX 004C9D46 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44] 004C9D49 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24] 004C9D4C . 50 PUSH EAX 004C9D4D . 898D 54FFFFFF MOV DWORD PTR SS:[EBP-AC],ECX 004C9D53 . C785 4CFFFFFF >MOV DWORD PTR SS:[EBP-B4],4008 004C9D5D . FF15 04134000 CALL DWORD PTR DS:[<&MSVBVM60.#619>] ; MSVBVM60.rtcRightCharVar 004C9D63 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44] 004C9D66 . 51 PUSH ECX 004C9D67 . FFD7 CALL EDI 004C9D69 . 8BD0 MOV EDX,EAX 004C9D6B . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24] 004C9D6E . FFD6 CALL ESI 004C9D70 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44] 004C9D73 . FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVar 004C9D79 > 9B WAIT 004C9D7A . 68 D29D4C00 PUSH DBWords.004C9DD2 004C9D7F . EB 40 JMP SHORT DBWords.004C9DC1 004C9D81 . F645 FC 04 TEST BYTE PTR SS:[EBP-4],4 004C9D85 . 74 09 JE SHORT DBWords.004C9D90 004C9D87 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24] 004C9D8A . FF15 38134000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr 004C9D90 > 8D95 5CFFFFFF LEA EDX,DWORD PTR SS:[EBP-A4] 004C9D96 . 52 PUSH EDX 004C9D97 . 8D85 6CFFFFFF LEA EAX,DWORD PTR SS:[EBP-94] 004C9D9D . 50 PUSH EAX 004C9D9E . 8D8D 7CFFFFFF LEA ECX,DWORD PTR SS:[EBP-84] 004C9DA4 . 51 PUSH ECX 004C9DA5 . 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74] 004C9DA8 . 52 PUSH EDX 004C9DA9 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64] 004C9DAC . 50 PUSH EAX 004C9DAD . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54] 004C9DB0 . 51 PUSH ECX 004C9DB1 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44] 004C9DB4 . 52 PUSH EDX 004C9DB5 . 6A 07 PUSH 7 004C9DB7 . FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList 004C9DBD . 83C4 20 ADD ESP,20 004C9DC0 . C3 RETN 004C9DC1 > 8B35 38134000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeStr 004C9DC7 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20] 004C9DCA . FFD6 CALL ESI ; <&MSVBVM60.__vbaFreeStr> 004C9DCC . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30] 004C9DCF . FFD6 CALL ESI 004C9DD1 . C3 RETN 004C9DD2 . 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] 004C9DD5 . 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] 004C9DD8 . 5F POP EDI 004C9DD9 . 5E POP ESI 004C9DDA . 64:890D 000000>MOV DWORD PTR FS:[0],ECX 004C9DE1 . 5B POP EBX 004C9DE2 . 8BE5 MOV ESP,EBP 004C9DE4 . 5D POP EBP 004C9DE5 . C2 0400 RETN 4 至此算法清楚,我们写出其算法注册机: 算法: 1、利用一个固定的串Str1="JmgDBWords" 2、机器码Str=XXXXXXXX-XXXXXXXX 左八位StrL,右八位StrR 3、函数JS(CString)返回16进制32位值 则注册码为[JS(Str1)^JS(StrL)]-[JS(Str1)^JS(StrR)] 函数JS()如下: unsigned long CJzdc107zcjDlg::JS(CString str) { unsigned long a=0; int i; unsigned long temp=0; for(i=0;i<str.GetLength();i++) a+=str.GetAt(i); for(i=1;i<4;i++) temp=temp*10+str.GetAt(i)%10; CString tt,sum=""; temp=temp^0x3e8; tt.Format("%d",temp); sum+=tt; a%=1000; tt.Format("%d",a); sum.Insert(0,tt); temp=a^temp; tt.Format("%d",temp); sum.Insert(0,tt); unsigned long b=0; for(i=0;i<sum.GetLength();i++) b=b*10+(sum.GetAt(i)-'0'); return b; } --------------------------------------------------------------------------------
【破解总结】
软件注册成功后将注册信息写到了注册表的HKEY_LOCAL_MACHINE\SoftWare\JmgSoft\DBWords\Register\RegCode和
HKEY_LOCAL_MACHINE\SoftWare\JmgSoft\DBWords\Register\UserName处
每次启动读取此处的信息进行注册验证成功则为注册,否则为未注册。
--------------------------------------------------------------------------------
不到万不得已我们不爆破,不为别得,只为提高自己的编程水平,哈哈!!
我想别人可能已经破解了该软件,或者别人不屑一破,没有任何参考独立完成,对于我来说真是一次很好的锻炼~!!
--------------------------------------------------------------------------------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!