Folder Browser Control v1.0.10註冊碼的計算 (15千字)
控制元件名稱:Folder Browser
軟體授權:共享軟體
下載地址:http://www.bitdebris.com/downloads/bdsfbrws.zip
控制元件簡介:From the developer: "When all you want to do is select a folder. The Folder
Browser Control provides an interface for selecting a folder to the user of
your program. It implements a common feel of the Windows interface, a hierarchical
tree structure representing the local and network file system, similar to the
one found in the Windows Explorer. The Folder Browser Control acts as a drop-in
replacement for the Common Dialog control when all you want to do is to select
a folder."
目標程式:bdsfbrws.ocx,69632 bytes
破解工具:W32Dasm 8.93(打過VB支援補丁),SoftICE 4.05
說明:本人想用VB編一個程式,需要用到只取得資料夾名稱的控制元件,而VB中的Dirlist控制元件只能顯示當前驅動器的資料夾,必須結合DriveList控制元件,但這樣用起來又太不方便了,讓人感覺太彆扭,於是上網搜尋,奮戰了3個多小時,終於找到兩個滿意的,確實比微軟的那個強,但都需要註冊,前面我說過FolderView
3.0註冊部分的計算過程,這次介紹Folder Browser註冊部分的計算過程,該控制元件採用VB 6.0程式設計,Active編碼方式(^_^,如果是P-Code,我立即只有瞪眼的份),我沒有象FolderView那樣立即寫出註冊部分的計算過程,就是因為它的註冊碼的計算含有冪和sin的計算,我從“五一”才開始利用一點時間練習用VB程式設計(我很討厭VB,程式碼有臭又長,尤其討厭該程式至少必須有一個更臭更長的DLL支援庫,我希望以後轉到DEPHI,我練習用VB程式設計也是因為現在很多程式都是用VB編的,要想破解容易點兒,瞭解它所用的編譯語言會很有幫助的,當然,我學破解的部分目的是學習軟體作者的程式設計思想),對於VB程式設計中冪等浮點的計算的W32Dasm反彙編結果中push引數如何進行沒有十分搞清楚(不過現在基本明白了――我是指的非P-Code形式)。另外,該控制元件用SmartCheck可以看到真正的註冊碼。好了,閒話少說,現在就說一下它註冊部分的計算過程。
* Referenced by a CALL at Addresses:
|:110065E4 , :11006D6A , :1100831E
|
:11007AB0 55
push ebp
:
:
:
:11007B26 8B45E0
mov eax, dword ptr [ebp-20] ====> RegCode
* Reference To: MSVBVM60.__vbaLenBstr, Ord:0000h
|
:11007B29 8B1D1C100011 mov ebx, dword
ptr [1100101C]
:11007B2F 50
push eax
:11007B30 FFD3
call ebx
:11007B32 8B4DEC
mov ecx, dword ptr [ebp-14] ====> UserName
:11007B35 8BD0
mov edx, eax
:11007B37 F7DA
neg edx
:11007B39 1BD2
sbb edx, edx
:11007B3B 51
push ecx
:11007B3C F7DA
neg edx
:11007B3E 89955CFFFFFF mov dword ptr
[ebp+FFFFFF5C], edx
:11007B44 FFD3
call ebx
:11007B46 8B955CFFFFFF mov edx, dword
ptr [ebp+FFFFFF5C]
:11007B4C F7D8
neg eax
:11007B4E 1BC0
sbb eax, eax
:11007B50 F7D8
neg eax
:11007B52 85D0
test eax, edx
:11007B54 0F84F1000000 je 11007C4B
:11007B5A 8B45DC
mov eax, dword ptr [ebp-24] ====> CompanyName
:11007B5D 50
push eax
:11007B5E FFD3
call ebx
:11007B60 85C0
test eax, eax
:11007B62 0F8EA1000000 jle 11007C09
:11007B68 8D5588
lea edx, dword ptr [ebp-78]
:11007B6B 6A01
push 00000001
====> 取一個字元
:11007B6D 8D45C8
lea eax, dword ptr [ebp-38]
:11007B70 8D4DDC
lea ecx, dword ptr [ebp-24]
:11007B73 BE08400000 mov esi,
00004008
:11007B78 52
push edx
:11007B79 50
push eax
:11007B7A 894D90
mov dword ptr [ebp-70], ecx
:11007B7D 897588
mov dword ptr [ebp-78], esi
* Reference To: MSVBVM60.rtcLeftCharVar, Ord:0269h
|
:11007B80 FF1568110011 Call dword ptr
[11001168] ====> 取單位名左第一個字元
:11007B86 8B4DEC
mov ecx, dword ptr [ebp-14]
:11007B89 8D8568FFFFFF lea eax, dword
ptr [ebp+FFFFFF68]
:11007B8F 894D80
mov dword ptr [ebp-80], ecx
:11007B92 6A01
push 00000001
====> 取一個字元
:11007B94 8D4DA8
lea ecx, dword ptr [ebp-58]
:11007B97 8D55DC
lea edx, dword ptr [ebp-24]
:11007B9A 50
push eax
:11007B9B 51
push ecx
:11007B9C C78578FFFFFF08000000 mov dword ptr [ebp+FFFFFF78], 00000008
:11007BA6 899570FFFFFF mov dword ptr
[ebp+FFFFFF70], edx
:11007BAC 89B568FFFFFF mov dword ptr
[ebp+FFFFFF68], esi
* Reference To: MSVBVM60.rtcRightCharVar, Ord:026Bh
|
:11007BB2 FF1574110011 Call dword ptr
[11001174] ====> 取單位名右第一個字元
* Reference To: MSVBVM60.__vbaVarCat, Ord:0000h
|
:11007BB8 8B35E4100011 mov esi, dword
ptr [110010E4]
:11007BBE 8D55C8
lea edx, dword ptr [ebp-38]
:11007BC1 8D8578FFFFFF lea eax, dword
ptr [ebp+FFFFFF78]
:11007BC7 52
push edx
:11007BC8 8D4DB8
lea ecx, dword ptr [ebp-48]
:11007BCB 50
push eax
:11007BCC 51
push ecx
:11007BCD FFD6
call esi
====> 複製左側字元
:11007BCF 50
push eax
:11007BD0 8D55A8
lea edx, dword ptr [ebp-58]
:11007BD3 8D4598
lea eax, dword ptr [ebp-68]
:11007BD6 52
push edx
:11007BD7 50
push eax
:11007BD8 FFD6
call esi
====> 複製右側字元
:11007BDA 50
push eax
:
:
:
:11007C11 8B55E0
mov edx, dword ptr [ebp-20] ====> NewRegName
:11007C14 8D4514
lea eax, dword ptr [ebp+14] ====> eax=0x18DEB=101867
:11007C17 52
push edx
:11007C18 8D4DE8
lea ecx, dword ptr [ebp-18] ====> Username
:11007C1B 50
push eax
:11007C1C 51
push ecx
:11007C1D E89EFBFFFF call 110077C0
====> 計算註冊碼
:11007C22 8BD0
mov edx, eax
:11007C24 8D4DD8
lea ecx, dword ptr [ebp-28]
* Reference To: MSVBVM60.__vbaStrMove, Ord:0000h
|
:11007C27 FF1570110011 Call dword ptr
[11001170]
:11007C2D 50
push eax
====> SoftICE下d eax即可看到真正註冊碼
* Reference To: MSVBVM60.__vbaStrCmp, Ord:0000h
|
:11007C2E FF159C100011 Call dword ptr
[1100109C] ====> 比較兩個註冊碼是否相等
:11007C34 8BF0
mov esi, eax
====> 改為xor esi, esi (機器碼33F6)即可暴力破解
:
:
:
:11007C94 C3
ret
* Referenced by a CALL at Address:
|:11007C1D
|
:110077C0 55
push ebp
:
:
:
:1100780C 8B4508
mov eax, dword ptr [ebp+08]
:1100780F 8B08
mov ecx, dword ptr [eax]
:11007811 51
push ecx
* Reference To: MSVBVM60.__vbaLenBstr, Ord:0000h
|
:11007812 FF151C100011 Call dword ptr
[1100101C] ====> 計算NewRegName的長度
:11007818 8BC8
mov ecx, eax
* Reference To: MSVBVM60.__vbaI2I4, Ord:0000h
|
:1100781A FF15A8100011 Call dword ptr
[110010A8]
* Reference To: MSVBVM60.__vbaStrMove, Ord:0000h
|
:11007820 8B1D70110011 mov ebx, dword
ptr [11001170]
:11007826 898574FFFFFF mov dword ptr
[ebp+FFFFFF74], eax
:1100782C BF01000000 mov edi,
00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:11007A29(U)
|
:11007831 663BBD74FFFFFF cmp di, word ptr
[ebp+FFFFFF74]
:11007838 0F8FF0010000 jg 11007A2E
:1100783E 8B5508
mov edx, dword ptr [ebp+08] ====> NewRegName
:11007841 8D4DB8
lea ecx, dword ptr [ebp-48]
:11007844 0FBFC7
movsx eax, di
:11007847 8955A0
mov dword ptr [ebp-60], edx
:1100784A 51
push ecx
:1100784B 898568FFFFFF mov dword ptr
[ebp+FFFFFF68], eax
:11007851 50
push eax
:11007852 8D5598
lea edx, dword ptr [ebp-68]
:11007855 8D45A8
lea eax, dword ptr [ebp-58]
:11007858 52
push edx
:11007859 50
push eax
:1100785A C745C001000000 mov [ebp-40], 00000001
:11007861 C745B802000000 mov [ebp-48], 00000002
:11007868 C7459808400000 mov [ebp-68], 00004008
* Reference To: MSVBVM60.rtcMidCharVar, Ord:0278h
|
:1100786F FF1584100011 Call dword ptr
[11001084] ====> 從NewRegName中取一個字元
:11007875 8D4DA8
lea ecx, dword ptr [ebp-58]
:11007878 8D55D0
lea edx, dword ptr [ebp-30]
:1100787B 51
push ecx
:1100787C 52
push edx
* Reference To: MSVBVM60.__vbaStrVarVal, Ord:0000h
|
:1100787D FF15E0100011 Call dword ptr
[110010E0] ====> 轉為數值型
:11007883 50
push eax
* Reference To: MSVBVM60.rtcAnsiValueBstr, Ord:0204h
|
:11007884 FF1534100011 Call dword ptr
[11001034] ====> ascii轉為字元
:1100788A 8D4DD0
lea ecx, dword ptr [ebp-30]
:1100788D 8BF0
mov esi, eax
====> 放到esi中
* Reference To: MSVBVM60.__vbaFreeStr, Ord:0000h
|
:1100788F FF1588110011 Call dword ptr
[11001188]
:11007895 8D45A8
lea eax, dword ptr [ebp-58]
:11007898 8D4DB8
lea ecx, dword ptr [ebp-48]
:1100789B 50
push eax
:1100789C 51
push ecx
:1100789D 6A02
push 00000002
* Reference To: MSVBVM60.__vbaFreeVarList, Ord:0000h
|
:1100789F FF1528100011 Call dword ptr
[11001028]
:110078A5 8B5508
mov edx, dword ptr [ebp+08]
:110078A8 83C40C
add esp, 0000000C
:110078AB DB8568FFFFFF fild dword ptr
[ebp+FFFFFF68] ====> st0=1
:110078B1 8B02
mov eax, dword ptr [edx]
:110078B3 50
push eax
:110078B4 DD9D60FFFFFF fstp qword ptr
[ebp+FFFFFF60]
* Reference To: MSVBVM60.__vbaLenBstr, Ord:0000h
|
:110078BA FF151C100011 Call dword ptr
[1100101C] ====> NewRegName的長度
:110078C0 89855CFFFFFF mov dword ptr
[ebp+FFFFFF5C], eax
:110078C6 8B4D0C
mov ecx, dword ptr [ebp+0C] ====> ecx=0x18DEB
:110078C9 DB855CFFFFFF fild dword ptr
[ebp+FFFFFF5C]
:110078CF 83EC08
sub esp, 00000008
:110078D2 DD9D54FFFFFF fstp qword ptr
[ebp+FFFFFF54] ====> 長度放到此
:110078D8 DD8560FFFFFF fld qword ptr
[ebp+FFFFFF60] ====> st0=1
:110078DE 833D00C0001100 cmp dword ptr [1100C000],
00000000
:110078E5 7508
jne 110078EF
:110078E7 DCB554FFFFFF fdiv qword ptr
[ebp+FFFFFF54] ====> 1/len(NewRegName)
:110078ED EB11
jmp 11007900
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:110078E5(C)
|
:110078EF FFB558FFFFFF push dword ptr
[ebp+FFFFFF58]
:110078F5 FFB554FFFFFF push dword ptr
[ebp+FFFFFF54]
* Reference To: MSVBVM60._adj_fdiv_m64, Ord:0000h
|
:110078FB E8D49AFFFF Call 110013D4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:110078ED(U)
|
:11007900 DFE0
fstsw ax
:11007902 A80D
test al, 0D
:11007904 0F858F010000 jne 11007A99
:1100790A DD1C24
fstp qword ptr [esp] ====> 作為冪
:1100790D DB01
fild dword ptr [ecx] ====> [ecx]=18DEB=101867
:1100790F DD9D4CFFFFFF fstp qword ptr
[ebp+FFFFFF4C]
:11007915 8B9550FFFFFF mov edx, dword
ptr [ebp+FFFFFF50]
:1100791B 8B854CFFFFFF mov eax, dword
ptr [ebp+FFFFFF4C]
:11007921 52
push edx
:11007922 50
push eax
* Reference To: MSVBVM60.__vbaPowerR8, Ord:0000h
|
:11007923 FF1524110011 Call dword ptr
[11001124] ====> 101867的冪
:11007929 DD0578120011 fld qword ptr
[11001278] ====> st0=3.14159265359(用pi表示)
:1100792F 833D00C0001100 cmp dword ptr [1100C000],
00000000
:11007936 7508
jne 11007940
:11007938 DC3570120011 fdiv qword ptr
[11001270] ====> pi/180
:1100793E EB11
jmp 11007951
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:11007936(C)
|
:11007940 FF3574120011 push dword ptr
[11001274]
:11007946 FF3570120011 push dword ptr
[11001270]
* Reference To: MSVBVM60._adj_fdiv_m64, Ord:0000h
|
:1100794C E8839AFFFF Call 110013D4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1100793E(U)
|
:11007951 83EC08
sub esp, 00000008
:11007954 DEC9
fmulp st(1), st(0)
:11007956 DFE0
fstsw ax
:11007958 A80D
test al, 0D
:1100795A 0F8539010000 jne 11007A99
:11007960 DD1C24
fstp qword ptr [esp] ====> 放到[esp]
* Reference To: MSVBVM60.rtcSin, Ord:0246h
|
:11007963 FF1504100011 Call dword ptr
[11001004] ====> sin
:11007969 DD9D7CFFFFFF fstp qword ptr
[ebp+FFFFFF7C]
:1100796F DD857CFFFFFF fld qword ptr
[ebp+FFFFFF7C]
:11007975 DC0D68120011 fmul qword ptr
[11001268] ====> 乘以255
:1100797B D9E1
fabs
====> 取絕對值
:1100797D DFE0
fstsw ax
:1100797F A80D
test al, 0D
:11007981 0F8512010000 jne 11007A99
* Reference To: MSVBVM60.__vbaR8IntI2, Ord:0000h
|
:11007987 FF1560110011 Call dword ptr
[11001160] ====> 取整
:1100798D 33F0
xor esi, eax
====> 與所取字元異或
:1100798F 8D5598
lea edx, dword ptr [ebp-68]
:11007992 8D45B8
lea eax, dword ptr [ebp-48]
:11007995 8D4DD4
lea ecx, dword ptr [ebp-2C]
:11007998 52
push edx
:11007999 50
push eax
:1100799A 8975D4
mov dword ptr [ebp-2C], esi
:1100799D 894DA0
mov dword ptr [ebp-60], ecx
:110079A0 C7459802400000 mov [ebp-68], 00004002
* Reference To: MSVBVM60.rtcHexVarFromVar, Ord:023Dh
|
:110079A7 FF1510110011 Call dword ptr
[11001110] ====> 計算結果轉為16進位制
:
:
:
:11007A1D B801000000 mov eax,
00000001 ====> 準備下一個字元
:11007A22 6603C7
add ax, di
:11007A25 7077
jo 11007A9E
:11007A27 8BF8
mov edi, eax
:11007A29 E903FEFFFF jmp 11007831
計算過程:
NewRegName=left(company,1)+UserName+right(company,1);
for i=1 to len(NewRegName);
Regcode=Regcode+Hex(Asc(Mid(NewRegName, i, 1)) Xor Abs(Int(Sin(101867^(i/len(NewRegName))*(3.14159265359/180))*255)))
next i
上面的註冊適用於英文名字註冊,如果適合中英文名字,改為:
Regcode=Regcode+Right(Hex(Asc(Mid(NewRegName, i, 1)) Xor Abs(Int(Sin(101867^(i/len(NewRegName))*(3.14159265359/180))*255))),4)
註冊器已經制作成功
相關文章
- FINAL DATA註冊碼計算 (2千字)2000-07-24
- 註冊你的Fast Browser4.01 (7千字)2001-10-06AST
- vfp&exe1.70註冊碼計算 (2千字)2001-06-04
- FolderView註冊部分的計算 (13千字)2001-05-27View
- IP搜尋客 1.61 註冊碼計算 (2千字)2000-05-16
- 離線註冊你的Fast Browser v4.0 (2千字)2001-09-14AST
- getPassword2.3註冊碼計算分析過程 (3千字)2001-11-07
- 計算占星軟體Numerology Star Reader (version
15.0)註冊碼 (4千字)2000-10-02
- Nktools(手機工具箱)註冊碼計算處,請高手指點~~~~ (15千字)2001-03-06
- 如何計算 批量檔案設定器 2.05 的註冊碼 (6千字)2000-04-24
- 如何計算 “IQ網際搜尋家99” 註冊碼 (4千字)2000-05-15
- 《奧數2000》註冊碼的計算(VB5程式)
(6千字)2015-11-15
- 用dede3和trw追Fast Browser Pro V5.0註冊碼
(16千字)2002-03-27AST
- 標 題:DirectMediaXtra.x32 V2.01 註冊碼的計算 (13千字)2015-11-15
- SWF Browser的註冊演算法 (874字)2001-10-26演算法
- Flash ActionScript Tool 的註冊碼! (22千字)2001-05-04
- 《TxEdit 4.6》的註冊碼破解 (11千字)2001-07-28
- 請教關於DremEdit2.28如何算註冊碼? (3千字)2000-07-13REM
- 社群遊戲伴侶
V1.0註冊碼的計算,序號產生器 (30千字)2003-05-09遊戲
- 註冊時間差計算2017-06-13
- 註冊碼演算法 (2千字)2001-01-14演算法
- PCPro(PigChamp Pro) v3.0.23註冊碼的計算(VB程式,非常簡單) (3千字)2001-10-08GC
- 一種非明碼比較程式的註冊------NS-SHAFT註冊碼破解 (9千字)2015-11-15
- Photocaster xtra v3.0.3 註冊過程的分析 (15千字)2001-11-22AST
- Regediter 1.3 破解(得到註冊碼) (9千字)2002-01-23
- 財智證券結算軟體2.5 破解註冊碼分析!使用ollydbg 破解註冊動畫!高手莫入! (1千字)2001-11-20動畫
- estiprojm 註冊 (12千字)2001-11-08
- CPUCOOL 5.1000註冊碼分析 (6千字)2001-01-19
- IconToy 3.1 註冊碼快速破解 (11千字)2001-03-02
- BabyGame 破解方法及註冊碼錶 (1千字)2001-07-04GAM
- winimp1.11註冊碼破解 (2千字)2000-07-16
- SMailserver2.5註冊碼的破解手記 (1千字)2001-03-01AIServer
- Macs Fan Control Pro for mac1.5.16中文註冊碼2023-11-14Mac
- 《ICONSCAN 2.4》註冊碼破解 高手莫入! (3千字)2001-05-06
- 《MAGICWIN RELEASE 1.2》註冊碼破解 高手莫入! (2千字)2001-05-07
- Kugle Regediter 1.0 註冊碼破解法(非明碼) (8千字)2001-11-03
- 《超級小精靈》Ver 1.00共享版的註冊分析 (15千字)2001-02-10
- Konvertor 3.03的註冊碼演算法模組的分析
(7千字)2015-11-15演算法