UltraEdit-32 10註冊碼演算法分析 (19千字)
軟體名稱:UltraEdit-32 10.00.c
程式語言:VC++ 6.0
執行環境:Win9x/NT/2000/XP
保護措施:註冊碼,有45天使用期限
破 解 人:wolverine [CCG]
使用工具:Trw2000 1.23 IDA Pro 4.3
作者宣告:初學破解,純屬技術交流,無其它目的。
由於它的註冊方式與其他軟體不一樣,所以我用了大約3天的時間才找到關鍵點,我都看見星星了.
在這裡我只講講它的加密演算法,並給出必要的程式碼.由於我的語文水平有限,可能有些語病.請多包涵.如果有科學性錯誤,請大家指出.我會加以改正,以免誤人子弟.:-)
016F:004185F0 AND BYTE [EBP-14],00
016F:004185F4
AND BYTE [EBP-54],00
016F:004185F8 AND
BYTE [EBP+FFFFFF6C],00
016F:004185FF CMP
[EBP+14],EBX
016F:00418602 JZ NEAR 0041890C
016F:00418608 PUSH ESI
016F:00418609 PUSH
EDI
016F:0041860A CALL 004FF590
016F:0041860F
POP ECX
016F:00418610 PUSH BYTE +3C
016F:00418612 POP ESI
016F:00418613
CMP EAX,ESI
016F:00418615 JA
00418620
016F:00418617 PUSH EDI
016F:00418618
CALL 004FF590
016F:0041861D POP ECX
016F:0041861E MOV ESI,EAX
016F:00418620
MOV [EBP-0C],ESI
016F:00418623 XOR
ECX,ECX
016F:00418625 MOV AL,CL
016F:00418627 MOV DL,03
016F:00418629 IMUL
DL
016F:0041862B SUB AL,DL
016F:0041862D
MOV [EBP+ECX+FFFFFF70],AL
016F:00418634 INC
ECX
016F:00418635 CMP ECX,BYTE +3D
016F:00418638 JC 00418625
上面的一段程式完成下面操作:
有一個儲存空間(或者叫陣列)M[3Dh],
ecx=0
1) M[ecx]=ecx*3-3
2) ecx=ecx+1
重複執行1、2 3Dh次,
============================================================
016F:0041863A PUSH ESI
016F:0041863B LEA
EAX,[EBP+FFFFFF70]
016F:00418641 PUSH EDI
016F:00418642 PUSH EAX
016F:00418643 CALL
004FF990 將name複製到M中,也就是[ebp+ffffff70]
016F:00418648 AND
BYTE [EBP+ESI+FFFFFF70],00
016F:00418650 ADD
ESP,BYTE +0C
016F:00418653 XOR ECX,ECX
016F:00418655 DEC ESI
016F:00418656 PUSH
BYTE +01
016F:00418658 MOV [EBP-10],ECX
016F:0041865B POP EDX
016F:0041865C
CMP ESI,EDX
016F:0041865E JNG
0041869A
016F:00418660 MOV DWORD [EBP+10],02
016F:00418667 MOVSX EDI,BYTE [EBP+EDX+FFFFFF6F]
016F:0041866F
MOVSX EBX,BYTE [EBP+EDX+FFFFFF71]
016F:00418677 LEA
EAX,[EBP+EDX+FFFFFF71]
016F:0041867E IMUL
EDI,EBX
016F:00418681 MOVSX EAX,BYTE [EAX-01]
016F:00418685
SUB EDI,EAX
016F:00418687 SUB
EDI,[EBP+10]
016F:0041868A ADD DWORD [EBP+10],BYTE
+02
016F:0041868E INC EDX
016F:0041868F
CMP EDX,ESI
016F:00418691 LEA
ECX,[ECX+EDI+03]
016F:00418695 JL 00418667
016F:00418697 MOV [EBP-10],ECX
對name的處理,過程如下
設name的地址為X,name的長度為Z,n∈[1,3ch],C=2h,S=0 :
1)T=[X(n)*X(n+2)-X(n+1)-C]
2)C=C+2
3)n=n+1
4)S=S+T+3
重複執行1、2、3、4,Z-1次,最後結果放在[ebp-10]中,後面會用到
=================================================================================
從這開始計算註冊碼,其過程比較繁瑣,我理解它的演算法,但我不道怎樣去描述,
如果你能詳細描述出演算法,並且易懂,請告訴我
016F:0041869A
XOR ECX,ECX
016F:0041869C XOR
EDI,EDI
016F:0041869E MOV DWORD [EBP-08],01
016F:004186A5 LEA EAX,[EBP+FFFFFF70]
016F:004186AB
SUB [EBP-08],EAX
016F:004186AE MOV
[EBP-04],EDI
016F:004186B1 MOV [005933F4],ECX
016F:004186B7 MOV EAX,[EBP-08]
016F:004186BA
LEA ESI,[EBP+ECX+FFFFFF70]
016F:004186C1 ADD
EAX,ESI
016F:004186C3 CMP EAX,BYTE
+3C eax是否大於3ch
016F:004186C6 JNL NEAR
0041874C
016F:004186CC MOV EAX,ECX
ecx=0
016F:004186CE PUSH BYTE +04
016F:004186D0 CDQ
016F:004186D1 POP
EDI
016F:004186D2 IDIV EDI
; edx=ecx mod 4h
016F:004186D4 MOV EAX,ECX
016F:004186D6 PUSH BYTE +20
016F:004186D8 POP
EBX
016F:004186D9 PUSH BYTE +3B
016F:004186DB
MOV EDI,EDX ;edi=edx=ecx mod 4h
016F:004186DD CDQ
016F:004186DE IDIV EBX ;
016F:004186E0 MOV EAX,EDX ; eax=ecx mod 20h
016F:004186E2
CDQ
016F:004186E3 SUB EAX,EDX
016F:004186E5 MOV EDX,[EDI*4+00586C38] ;(ecx mod
20h)*4+586C38
016F:004186EC SAR EAX,1
;eax=eax*2
016F:004186EE
POP EDI ;edi=3bh
016F:004186EF MOVZX
EAX,BYTE [EDX+EAX]
016F:004186F3 MOV DL,CL
016F:004186F5 PUSH BYTE +12
016F:004186F7 ADD
DL,[EBP-10]
016F:004186FA MOVZX EDX,DL
016F:004186FD XOR EAX,EDX
016F:004186FF CDQ
016F:00418700 IDIV EDI
016F:00418702
POP EDI //edi=12h
016F:00418703 PUSH
BYTE +04
016F:00418705 POP EBX //edx=4h
016F:00418706
PUSH BYTE +20
016F:00418708 MOV DL,[EBP+EDX+FFFFFF70]
016F:0041870F MOVZX EAX,DL
016F:00418712 ADD
EAX,ECX
016F:00418714 MOV [EBP+13],DL
016F:00418717 CDQ
016F:00418718 IDIV
EDI
016F:0041871A MOV EDI,EDX
016F:0041871C
MOV EAX,EDI
016F:0041871E CDQ
016F:0041871F IDIV EBX
016F:00418721 MOV
EAX,EDI
016F:00418723 POP EDI //edi=20h
016F:00418724 MOV EBX,EDX
016F:00418726
CDQ
016F:00418727 IDIV EDI
016F:00418729
MOV EDI,[EBP-04]
016F:0041872C MOV
EAX,EDX
016F:0041872E CDQ
016F:0041872F
SUB EAX,EDX
016F:00418731 MOV
EDX,[EBX*4+00586C38]
016F:00418738 SAR EAX,1
016F:0041873A MOV AL,[EDX+EAX]
016F:0041873D
MOV DL,[ESI+01]
016F:00418740 XOR
AL,[EBP+13]
016F:00418743 SHL DL,1
016F:00418745 ADD AL,[EBP+13]
016F:00418748
XOR AL,DL
016F:0041874A MOV
[ESI],AL
016F:0041874C CMP EDI,BYTE +3C
016F:0041874F
JNL 004187C2
016F:00418751 MOV
EAX,ECX
016F:00418753 PUSH BYTE +05
016F:00418755
CDQ
016F:00418756 POP EBX //ebx=5h
016F:00418757 IDIV EBX
016F:00418759 MOV
EBX,EDX
016F:0041875B TEST EBX,EBX
016F:0041875D MOV [EBP+10],EBX
016F:00418760
JZ 0041876C
016F:00418762 CMP
EBX,BYTE +02
016F:00418765 JZ 0041876C
016F:00418767
CMP EBX,BYTE +04
016F:0041876A JNZ
00418786
016F:0041876C MOVZX EAX,BYTE [ESI]
016F:0041876F PUSH BYTE +1A
016F:00418771 CDQ
016F:00418772 POP EBX //ebx=1ah
016F:00418773
IDIV EBX
016F:00418775 MOV EBX,[EBP+10]
016F:00418778 ADD DL,41
016F:0041877B
MOV [EBP+EDI+FFFFFF30],DL
016F:00418782 INC
EDI
016F:00418783 MOV [EBP-04],EDI
016F:00418786 CMP EDI,BYTE +3C
016F:00418789
JNL 004187C2
016F:0041878B CMP
EBX,BYTE +01
016F:0041878E JZ 00418795
016F:00418790
CMP EBX,BYTE +03
016F:00418793 JNZ
004187AC
016F:00418795 MOVZX EAX,BYTE [ESI]
016F:00418798 PUSH BYTE +0A
016F:0041879A CDQ
016F:0041879B POP ESI
016F:0041879C
IDIV ESI
016F:0041879E ADD DL,30
016F:004187A1 MOV [EBP+EDI+FFFFFF30],DL
016F:004187A8
INC EDI
016F:004187A9 MOV [EBP-04],EDI
016F:004187AC CMP EDI,BYTE +3C
016F:004187AF
JNL 004187C2
016F:004187B1 CMP
EBX,BYTE +04
016F:004187B4 JNZ 004187C2
016F:004187B6
MOV BYTE [EBP+EDI+FFFFFF30],2D
016F:004187BE INC
EDI
016F:004187BF MOV [EBP-04],EDI
016F:004187C2 TEST ECX,ECX
016F:004187C4 JNG
004187E5
016F:004187C6 CMP ECX,[EBP-0C]
016F:004187C9 JNL 004187E5
016F:004187CB
CMP EDI,[EBP-0C]
016F:004187CE JNL
004187E5
016F:004187D0 MOV EAX,[EBP+08]
016F:004187D3 MOVSX EDX,BYTE [ECX+EAX-01]
016F:004187D8
MOVSX EAX,BYTE [EDI+EAX]
016F:004187DC IMUL
EDX,EAX
016F:004187DF ADD [005933F4],EDX
;這個值好像沒用到呀?
016F:004187E5 INC ECX
016F:004187E6
CMP ECX,BYTE +3C
016F:004187E9 JL
NEAR 004186B7
演算法分析:
一.做準備工作:
有一個儲存空間(或者叫陣列)M[3Dh],
ecx=0
1) M[ecx]=ecx*3-3
2) ecx=ecx+1
重複執行1、2 3Dh次,再將name複製到M中,也就是上面的[ebp+ffffff70]
二.對name的處理,過程如下:
設name為X,name的長度為Z,n∈[1,3ch],C=2h,S=0
1)T=[X(n)*X(n+2)-X(n+1)-C]
2)C=C+2
3)n=n+1
4)S=S+T+3
重複執行1、2、3、4,Z-1次,最後結果放在S中也就是[ebp-10]中,只用到S的低8為
三.計算註冊碼
初始化:
[ebp-4]=0
ecx=0
[5933f4]=0
1. 計算ecx mod 4h,將算出的值*4+00586C38,從目錄(見附錄)中取出相應的地址p,再計算(ecx
mod 20h)/2算出q,然後以p+q為地址從碼錶取出相應的值,假設為Q
計算(ecx+S xor Q) mod 3bh,以算出的值為索引值,從M中取出相應的值,假設該值為t,計算[(t+ecx)
mod 12h] mod 4h 將算出的值*4+00586C38,從目錄(見附錄)中取出相應的地址p ,{[(t+ecx) mod 12h] mod 20h}/2算出q,然後以p+q為地址從碼錶取出相應的值AL,計算[(AL
xor t)+t] xor M[esi+1]*2,將結果儲存再M[esi]中.
2. 計算 ecx mod 5h,將算出的值儲存到[ebp+10]中,如果等於0或等於2或等於4,則計算(M[esi]
mod 1Ah)+41h.如果等於1或3,則計算(M[esi] mod 1Ah)+30h,結果放在[EBP+EDI+FFFFFF30]中,這就是註冊碼,當然這不是最後的註冊碼.
3.ecx=ecx+1
重複1,2,3直到ecx>3ch為止
在計算註冊碼的過程中,每隔5位插入一個"-".
.text:004187F1 loc_4187F1:
; CODE XREF: sub_4185B8+295j
.text:004187F1 mov
cl, [ebp+edx+var_90]
.text:004187F8
lea eax, [ebp+edx+var_90]
.text:004187FF
cmp cl, 80h
.text:00418802 jb
short loc_418809
.text:00418804
add cl, 80h
.text:00418807
mov [eax], cl
.text:00418809
.text:00418809 loc_418809:
; CODE XREF: sub_4185B8+24Aj
.text:00418809 mov
cl, [eax]
.text:0041880B
cmp cl, 7Fh
.text:0041880E
jl short loc_418815
.text:00418810 sub
cl, 7Fh
.text:00418813
mov [eax], cl
.text:00418815
.text:00418815 loc_418815:
; CODE XREF: sub_4185B8+256j
.text:00418815
mov cl, [eax]
.text:00418817
cmp cl, 21h
.text:0041881A jg
short loc_418821
.text:0041881C
add cl, 21h
.text:0041881F
mov [eax], cl
.text:00418821
.text:00418821 loc_418821:
; CODE XREF: sub_4185B8+262j
.text:00418821 cmp
byte ptr [eax], 22h
.text:00418824
jnz short loc_418829
.text:00418826
mov byte ptr [eax],
23h
.text:00418829
.text:00418829 loc_418829:
; CODE XREF:
sub_4185B8+26Cj
.text:00418829
cmp byte ptr [eax], 27h
.text:0041882C
jnz short loc_418831
.text:0041882E mov
byte ptr [eax], 28h
.text:00418831
.text:00418831 loc_418831:
; CODE XREF: sub_4185B8+274j
.text:00418831
cmp byte ptr [eax], 2Eh
.text:00418834
jnz short loc_418839
.text:00418836 mov
byte ptr [eax], 2Fh
.text:00418839
.text:00418839 loc_418839:
; CODE XREF: sub_4185B8+27Cj
.text:00418839
cmp byte ptr [eax], 60h
.text:0041883C
jnz short loc_418841
.text:0041883E mov
byte ptr [eax], 61h
.text:00418841
.text:00418841 loc_418841:
; CODE XREF: sub_4185B8+284j
.text:00418841
cmp byte ptr [eax], 7Ch
.text:00418844
jnz short loc_418849
.text:00418846 mov
byte ptr [eax], 6Ch
.text:00418849
.text:00418849 loc_418849:
; CODE XREF: sub_4185B8+28Cj
.text:00418849
inc edx
.text:0041884A
cmp edx, 3Ch
.text:0041884D
jl short
loc_4187F1
.text:0041884F
mov esi, [ebp+arg_C]
.text:00418852
push 6
.text:00418854
and [ebp+var_81],
0
.text:0041885B and
[ebp+var_B9], 0
.text:00418862
pop ecx
.text:00418863
lea eax, [ebp+var_50]
.text:00418866
push eax
; char *
.text:00418867
lea edi, [ebp+var_50]
.text:0041886A
push [ebp+arg_4]
; char *
.text:0041886D
mov [ebp+var_CF], 30h
.text:00418874
repe movsd
.text:00418876
and [ebp+var_39], 0
.text:0041887A mov
[ebp+var_4F], 30h
.text:0041887E
mov [ebp+var_46], 30h
.text:00418882
mov [ebp+var_44],
30h
.text:00418886
mov [ebp+var_42], 30h
.text:0041888A
mov [ebp+var_3A], 30h
.text:0041888E
mov [ebp+var_C6],
30h
.text:00418895
mov [ebp+var_C4], 30h
.text:0041889C
mov [ebp+var_C2], 30h
.text:004188A3
mov [ebp+var_BA],
30h
.text:004188AA
call _strcmp
.text:004188AF
pop ecx
.text:004188B0
pop ecx
.text:004188B1
pop esi
.text:004188B2
test eax, eax
.text:004188B4 jnz
short loc_4188D6
.text:004188B6
lea eax, [ebp+var_50]
.text:004188B9
push eax
; char *
.text:004188BA
push [ebp+arg_4] ; char
*
.text:004188BD call
_strcmp
.text:004188C2
pop ecx
.text:004188C3
test eax, eax
.text:004188C5
pop ecx
.text:004188C6
jnz short loc_418919
.text:004188C8 push
[ebp+arg_4] ; char *
.text:004188CB
call _strlen
.text:004188D0
cmp eax, 0Ch
.text:004188D3 pop
ecx
.text:004188D4
jz short loc_418919
.text:004188D6
.text:004188D6
loc_4188D6:
; CODE XREF: sub_4185B8+2FCj
.text:004188D6
lea eax, [ebp+var_90]
.text:004188DC push
eax ; char *
.text:004188DD
lea eax, [ebp+var_50]
.text:004188E0 push
eax ; char *
.text:004188E1
call _strcmp
.text:004188E6 pop
ecx
.text:004188E7
test eax, eax
.text:004188E9
pop ecx
.text:004188EA
jz short loc_418912
.text:004188EC lea
eax, [ebp+var_D0] ;這是最後算出的註冊碼
.text:004188F2
push eax
; char *
.text:004188F3
lea eax, [ebp+var_50] ;這是我們輸入的註冊碼
.text:004188F6
push eax
; char *
.text:004188F7
call _strcmp
;比較註冊碼
.text:004188FC
pop ecx
.text:004188FD
test eax, eax
.text:004188FF
pop ecx
.text:00418900
jz short
loc_418912
.text:00418902
mov dword_593518, 1
.text:0041890C
.text:0041890C
loc_41890C:
; CODE XREF: sub_4185B8+29j
.text:0041890C
; sub_4185B8+32j ...
.text:0041890C
xor eax, eax
.text:0041890E
.text:0041890E loc_41890E:
; CODE XREF: sub_4185B8+364j
.text:0041890E pop
edi
.text:0041890F
pop ebx
.text:00418910
leave
.text:00418911
retn
別以為這樣找到的註冊碼就能順利過關.當你輸入註冊碼後,重新啟動後發現註冊成功.關閉後再啟動,UltraEdit-32又會彈出註冊視窗,再看看UltraEdit-32目錄,Uedit32.reg檔案被刪除了.這說明還有其他的地方檢查註冊碼.於是下bpx
deletefilea,再註冊一次,找到
016F:004486E1 MOV EAX,[005933F4]
016F:004486E6 PUSH DWORD [005933D8]
016F:004486EC MOV [EBP-1C],EAX
016F:004486EF
CALL 004FF590
016F:004486F4 POP ECX
016F:004486F5 CMP EAX,BYTE +0F
016F:004486F8
POP ECX
016F:004486F9 JC NEAR
004487F6
016F:004486FF CMP [0059DD3C],EDI
016F:00448705 JNZ NEAR 004487F6
016F:0044870B
CMP [0059DD40],EDI
016F:00448711 JZ
NEAR 004487F6
016F:00448717 MOVZX EDI,BYTE [EBP-1C]
016F:00448717 MOVZX
EDI,BYTE [EBP-1C]
016F:0044871B MOV
EAX,EDI
eax=byte prt [005933f4]
016F:0044871D PUSH BYTE +09
016F:0044871F CDQ
016F:00448720 POP
EBX
016F:00448721 MOV ECX,[005933D8]
016F:00448727 IDIV EBX
016F:00448729 MOVSX
EAX,BYTE [ECX+0E] //取註冊碼的第15位
016F:0044872D
ADD EDX,BYTE +41
EDX=(eax mod 9h)+41h
016F:00448730 CMP EAX,EDX
EDX與註冊碼的第15位進行比較
016F:00448732 JNZ 0044874D
若不等,Game Over
016F:00448734 MOV
EAX,EDI
016F:00448736 PUSH BYTE +07
016F:00448738 CDQ
016F:00448739 POP
EDI
016F:0044873A MOV CL,[ECX+16]
//取出註冊碼的第23位
016F:0044873D
IDIV EDI
;
016F:0044873F MOVSX EAX,CL
;
016F:00448742 ADD
EDX,BYTE +41 ;EDX=(eax mod 7h)+41h
016F:00448745
CMP EAX,EDX
EDX與註冊碼的第23位進行比較
016F:00448747 JZ NEAR 004487F3
若不等,Game Over
016F:0044874D AND
DWORD [0059DD40],BYTE +00
016F:00448754 CALL 00533F9D
016F:00448759 MOV EAX,[EAX+04]
016F:0044875C
LEA ECX,[EBP-10]
016F:0044875F PUSH
DWORD [EAX+8C]
016F:00448765 CALL 00519DBA
016F:0044876A
MOV EAX,[EBP-10]
016F:0044876D LEA
ECX,[EBP-10]
016F:00448770 MOV BYTE [EBP-04],01
016F:00448774 MOV EAX,[EAX-08]
016F:00448777
ADD EAX,BYTE -03
016F:0044877A PUSH
EAX
016F:0044877B LEA EAX,[EBP-24]
016F:0044877E
PUSH EAX
016F:0044877F CALL 00511C19
016F:00448784 PUSH DWORD 00587018
016F:00448789
PUSH EAX
016F:0044878A LEA EAX,[EBP-1C]
016F:0044878D MOV BYTE [EBP-04],02
016F:00448791
PUSH EAX
016F:00448792 CALL 00519FE1
016F:00448797 PUSH EAX
016F:00448798 LEA
ECX,[EBP-10]
016F:0044879B MOV BYTE [EBP-04],03
016F:0044879F CALL 00519E85
016F:004487A4 LEA
ECX,[EBP-1C]
016F:004487A7 MOV BYTE
[EBP-04],02
016F:004487AB CALL 00519D4C
016F:004487B0
LEA ECX,[EBP-24]
016F:004487B3 MOV
BYTE [EBP-04],01
016F:004487B7 CALL 00519D4C
016F:004487BC PUSH DWORD 80
016F:004487C1 PUSH
DWORD [EBP-10]
016F:004487C4 CALL `KERNEL32!SetFileAttributesA`
016F:004487CA PUSH DWORD [EBP-10]
016F:004487CD
CALL `KERNEL32!DeleteFileA`
還記得在計算註冊碼時有個值沒用到嗎?
對了,就是[005933F4].它在這裡用來檢驗註冊碼的有效性.將[005933F4]中的低8位(二進位制)分別與09h進行異或運算後加上41h,再與我們輸入的註冊碼的第15位和第23位進行比較,有一位不對,就刪掉Uedit32.reg.真夠狡猾的.
至此整個演算法分析完了。這是我加入CCG後的第一篇文章,讓各位高手見笑了.
User Naem:
wolverine[CCG]
Authorization:V7H7L-M2O6S-J1F3H-I8D9B
wolverine[CCG]
2003-5-17
==========================>附錄<=============================
1.
586c38{00586C28,00586B30, ;\
0058CA38,0058D288
;=>我稱這個為目錄
}
;/
===================碼錶====================
00586C28{
D8,00,FE,00,
8E,00,66,00,
2F,00,DE,00,
43,00,A5,00
}
00586B30{
D3,00,1F,00,
78,00,6F,00,
38,00,8F,00,
65,00,5A,00
}
0058CA38{
00,10,00,F1,
00,A5,00,2F,
00,1F,00,CB,
00,98,00,F3
}
0058D288{
00,EF,00,E0,
00,73,00,78,
00,73,00,34,
00,77,00,33
}
2.序號產生器:
(至於序號產生器……)
相關文章
- CPUCOOL 5.1000註冊碼分析 (6千字)2001-01-19
- Green Tea 2.60註冊碼演算法分析 (3千字)2000-07-17演算法
- 註冊碼演算法 (2千字)2001-01-14演算法
- 《棋隱》的註冊演算法 (19千字)2001-08-26演算法
- SuperCleaner 2.31註冊碼演算法分析 - OCG (13千字)2002-04-02演算法
- Registry Crawler 4.0註冊碼演算法分析 - OCG
(20千字)2002-04-07演算法
- **********.exe註冊碼演算法分析--高手莫笑 (31千字)2015-11-15演算法
- FolderView 1.7
註冊演算法分析 (14千字)2015-11-15View演算法
- Konvertor 3.03的註冊碼演算法模組的分析
(7千字)2015-11-15演算法
- Magic convertor 2.8註冊碼演算法分析
- OCG (9千字)2015-11-15演算法
- Instant Source 註冊演算法分析+註冊器原始碼2015-11-15演算法原始碼
- 重新貼過註冊演算法分析 (16千字)2001-10-23演算法
- ClockWise 3.22e註冊碼演算法分析 - OCG (17千字)2002-04-10演算法
- EffeTech HTTP Sniffer 3.2註冊演算法分析 (5千字)2002-06-24HTTP演算法
- 五筆輸入通1.x註冊演算法分析
(10千字)2015-11-15演算法
- 完美解除安裝6.0註冊演算法分析 (2千字)2002-02-27演算法
- Directory Scanner v1.5 註冊演算法分析 (6千字)2015-11-15演算法
- MouseStar V3.01註冊演算法分析 (18千字)2015-11-15演算法
- Cleaner 3.2註冊分析 (18千字)2001-12-09
- supercleaner註冊演算法分析2015-11-15演算法
- EmEditor v3 Version 3.09 漢化版註冊碼演算法分析
(8千字)2001-01-09演算法
- Screen Demo Maker
V3.0註冊演算法分析 (8千字)2002-09-10演算法
- CoolClock V1.02註冊演算法分析 ---OCG (14千字)2015-11-15演算法
- 飄雪動畫秀3.02註冊演算法分析!
(11千字)2015-11-15動畫演算法
- 檔案密使2.6註冊碼分析詳解 (11千字)2001-11-30
- SpeedFlash註冊演算法分析(VB)2015-11-15演算法
- 〖網際營銷〗V2.4 註冊演算法分析 (11千字)2001-11-03演算法
- GSview V4.12 for Windows註冊演算法分析 -
OCG (8千字)2015-11-15ViewWindows演算法
- EZ MP3 Recorder 1.15 註冊演算法分析 (14千字)2015-11-15演算法
- 一個區域網工具的註冊演算法分析
(5千字)2015-11-15演算法
- 財智老闆通3.04註冊版---註冊演算法分析2003-03-16演算法
- 空檔接龍助手2.01註冊碼分析。 (6千字)2003-01-13
- getPassword2.3註冊碼計算分析過程 (3千字)2001-11-07
- CDSpace Power+註冊演算法 (7千字)2001-07-27演算法
- S-DEMO2 註冊分析 (14千字)2002-06-25
- DreamWaver3.0註冊流程分析 (17千字)2001-09-10
- Quickness 3.1
註冊演算法分析 + 序號產生器原始碼(tc2) (15千字)2003-04-13UI演算法原始碼
- Search32-PRO
v6.05註冊演算法分析 - OCG (46千字)2002-04-07演算法