破解物件:File Shredder 2000一款不錯的清理工具
工具:trw2000,wd32asm黃金版,fi
過程如下:
用wd32asm反彙編查詢
String Resource ID=05001: "Software registration was
successfully completed.
Thank you"
得到:
* Referenced by a (U)nconditional
or (C)onditional Jump at Addresses:
|:00402718(U), :00402724(C)
|
:0040273F 8B550C
mov edx, dword ptr [ebp+0C]
:00402742 83C232
add edx, 00000032
:00402745 52
push edx
:00402746
8B450C mov eax,
dword ptr [ebp+0C]
:00402749 50
push eax
:0040274A E8613B0000
call 004062B0;計算註冊碼
:0040274F 83C408
add esp, 00000008
:00402752 3985F8FEFFFF cmp dword ptr
[ebp+FFFFFEF8], eax;關鍵比較,
在此下斷點可看到註冊碼
:00402758 741B
je 00402775; ;正確跳到註冊成功
:0040275A
68CFEA0000 push 0000EACF
下面是註冊碼運算過程:
* Referenced by a CALL at Addresses:
|:00402479 ,
:0040270A , :00402731 , :0040274A , :0040518D
|
:004062B0 8B442404 mov
eax, dword ptr [esp+04];輸入的使用者名稱
:004062B4 56
push esi
:004062B5 8B35D4FE4100
mov esi, dword ptr [0041FED4] ;一個常數:95989598
:004062BB 50
push eax
:004062BC 81CE78030000
or esi, 00000378
:004062C2 E869020000
call 00406530 ;第一步計算
:004062C7 8B4C2410
mov ecx, dword ptr [esp+10];輸入的公司名
:004062CB 03F0
add esi, eax
:004062CD 51
push ecx
:004062CE E85D020000
call 00406530 ;第二步計算
:004062D3 83C408
add esp, 00000008
:004062D6 03C6
add eax, esi;eax=註冊碼
:004062D8 5E
pop esi
:004062D9 C3
ret
下面是整個上面兩個運算註冊碼的過程:
* Referenced by a CALL at Addresses:
|:004026C4 , :004062C2
, :004062CE
|
:00406530 51
push ecx
:00406531 53
push ebx
:00406532
8B5C240C mov ebx, dword
ptr [esp+0C]
:00406536 56
push esi
:00406537 33F6
xor esi, esi
:00406539 53
push ebx
:0040653A 8974240C
mov dword ptr [esp+0C], esi
* Reference To: KERNEL32.lstrlenA, Ord:0308h
|
:0040653E FF15D4414100
Call dword ptr [004141D4]
:00406544 85DB
test ebx, ebx
:00406546 744F
je 00406597
:00406548 85C0
test eax, eax
:0040654A 744B
je 00406597
:0040654C 33D2
xor edx, edx
:0040654E 85C0
test eax, eax
:00406550 7E45
jle 00406597
:00406552 55
push ebp
:00406553 57
push edi
* Possible StringData Ref from Data Obj ->"|b!pz*ls;rn|lf$vi^Axpe)rx5aic&9/2m5lsi4@0dmZw9"
->"4cmqpfhw"
|
:00406554 BE24774100
mov esi, 00417724
:00406559 BF01000000
mov edi, 00000001
:0040655E 2BF3
sub esi, ebx
:00406560 8BCB
mov ecx, ebx
:00406562 2BFB
sub edi, ebx
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0040658D(C)
|
:00406564 0FBE1C0E
movsx ebx, byte ptr [esi+ecx];系統給定的一串字母就在上面
:00406568 0FBEAC10EC764100 movsx ebp, byte ptr
[eax+edx+004176EC];系統給定的一串字母
:00406570 0FAFDD
imul ebx, ebp
:00406573 8D2C0F
lea ebp, dword ptr [edi+ecx];ebp=第幾次迴圈
:00406576 0FAFDD
imul ebx, ebp
:00406579 0FBE29
movsx ebp, byte ptr [ecx];你輸入的姓名或公司名
的ASCII碼值按位元組取
:0040657C 0FAFDD
imul ebx, ebp
:0040657F 8B6C2410
mov ebp, dword ptr [esp+10]
:00406583
03EB add
ebp, ebx;累加直到結束
:00406585 42
inc edx
:00406586 41
inc ecx
:00406587 3BD0
cmp edx, eax
:00406589 896C2410 mov
dword ptr [esp+10], ebp
:0040658D 7CD5
jl 00406564
:0040658F 8BC5
mov eax, ebp
:00406591
5F
pop edi
:00406592 5D
pop ebp
:00406593 5E
pop esi
:00406594 5B
pop ebx
:00406595
59
pop ecx
:00406596 C3
ret
以上演算法總結如下,並附VB6程式一個供參考。
這是乘數集合:
#serB&nz|mfM1/5(!sd$Mq.{s]+sFjtKpzSdtzoXqmb^Al@dv:s?x/
這是被乘數集合:
|b!pz*ls;rn|lf$vi^Axpe)rx5aic&9/2m5lsi4@0dmZw94cmqpfhw
演算法如下:
先計算姓名的位數i,然後用被乘數*乘數(開始的是乘數的第i位)再乘以
第幾次迴圈再乘以姓名的ASCII碼,進行累加。
計算結束加上一個常量a=959897f8
然後計算公司名的位數j,用同樣的運算方法
最後都加到a上即可!
vb6程式
Dim beichengshu As String
Dim chengshu As String
Dim
mima
Dim xingming As String
Dim gongsiming As String
Dim c
Private Sub Command1_Click()
a = Len(Text1.Text)
b = Len(Text2.Text)
If a Or b = "" Then
MsgBox "請輸入你的姓名和公司名", vbOKOnly
End If
xingming = Text1.Text
gongsiming = Text2.Text
For i = 1 To a
c = Asc(Mid$(beichengshu, i, 1)) * Asc(Mid$(chengshu, i + a, 1)) * i *
Asc(Mid$(xingming, i, 1))
mima = mima + c
Next i
mima =
mima + 2509805560#
For i = 1 To b
c = Asc(Mid$(beichengshu, i,
1)) * Asc(Mid$(chengshu, i + b, 1)) * i * Asc(Mid$(gongsiming, i, 1))
mima = mima + c
Next i
Text3.Text = mima
End Sub
Private
Sub Command2_Click()
Unload Me
End
End Sub
Private Sub
Form_Load()
mima = 0
beichengshu = "|b!pz*ls;rn|lf$vi^Axpe)rx5aic&9/2m5lsi4@0dmZw94cmqpfhw"
chengshu = "#serB&nz|mfM1/5(!sd$Mq.{s]+sFjtKpzSdtzoXqmb^Al@dv:s?x/"
End Sub
以上程式經過VB6除錯