初學者(20) (3千字)

Wintility(R) Lite 2000 - version 5.3.00
Copyright (C) 1999-2000 PX Technologies, Inc.
http://www.wintility.com
All Rights Reserved

*** Brief Description ***
Wintility Lite is an indispensable tool for any type of user who manages significant
volumes of documents and needs to recover them promptly.
Wintility is a software utility to organize personnal documents and selected e-mail
messages in your computer or network. With a simple and intuitive interface you will
be able to browse through your documents such as texts, projects, worksheets,
presentations, e-mails, images, and any other work that can be saved in your computer.
You will also be allowed to easily manage your documents without activating the program
that originated them, viewing their contents and verifying if they are what you are looking for.

With Wintility you see only the documents and messages of your interest,
controlling all of your work environment, avoiding the exhibition of files
which you don't know the use. Each new document or message received or sent is
automatically identified and catalogued.

Wintility creates a logical catalog, fully personalized, that doesn't interfere with
the original structure of your files in the computer, allowing you to add additional
features to the documents such as descriptions, passwords, expiration dates and versions.

These new features, together with the usual properties of the document, will allow you
to easily identify and retrieve any document stored on your computer.


開始破解時,想找出軟體的註冊過程,但似乎運算過程比較複雜.
在跟蹤過程中,找到:
              call 0043DBA0
              add esp, 00000008
              jz ********
若將jz改為nop,則在註冊時,輸入任何註冊碼都可註冊,但下次執行時,仍有提示註冊的畫面.

繼續跟蹤又發現:                                 
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043DC84(C)
|
:0043DC62 8A10                    mov dl, byte ptr [eax]
:0043DC64 8A1E                    mov bl, byte ptr [esi]
:0043DC66 8ACA                    mov cl, dl
:0043DC68 3AD3                    cmp dl, bl
:0043DC6A 90                      nop<----***
:0043DC6B 90                      nop
:0043DC6C 84C9                    test cl, cl
:0043DC6E 7416                    je 0043DC86
:0043DC70 8A5001                  mov dl, byte ptr [eax+01]
:0043DC73 8A5E01                  mov bl, byte ptr [esi+01]
:0043DC76 8ACA                    mov cl, dl
:0043DC78 3AD3                    cmp dl, bl
:0043DC7A 90                      nop<----***
:0043DC7B 90                      nop
:0043DC7C 83C002                  add eax, 00000002
:0043DC7F 83C602                  add esi, 00000002
:0043DC82 84C9                    test cl, cl
:0043DC84 75DC                    jne 0043DC62

原來***處為jnz指令，將其改為nop，就不會再有提示註冊的畫面了．
注意：在用HEX編輯器修改程式時,會搜尋到兩處上面的程式碼,兩處都要改.

使用者名稱:LiuTong
註冊碼:87654321
跟蹤過程中找到了一個碼(3879573111),上面的程式就是比較7654和3111的.
另外軟體將使用者名稱和註冊碼,按下面的方法進行了運算:
m*n=i*600937的1次方=j
m--使用者名稱或註冊碼的HEX碼
n--序號
將使用者名稱(或註冊碼)每個字元的運算結果j累加
使用者名稱運算後得到E73d9677
註冊碼運算後得到308606D8
然後我就跟不下去了
若有哪位找出了註冊碼的生成過程,煩請E-mail給我一份.