宇佳倉庫管理系統 V1.6.1(VB6 native)
Ollydbg――宇佳倉庫管理系統
V1.6.1(VB6 native)
下載頁面: http://www.skycn.com/soft/12136.html
軟體大小: 9081 KB
軟體語言: 簡體中文
軟體類別: 國產軟體 / 共享版 / 商業貿易
應用平臺: Win9x/NT/2000/XP
加入時間: 2003-06-18 17:02:29
下載次數: 2356
推薦等級: ***
【軟體簡介】:通用倉庫及貨物管理軟體;支援多套帳簿(無限制)、多倉庫管理(無限制)、多種計量單位(無限制)及多達8種的數量進位制、可自定義多種入庫及出庫單據型別(無限制);允許使用者自定義小數點位數(0-8位);支援商品動態分類級次達五級。介面直觀、操作簡單,支援全鍵盤操作;支援網路,及多使用者;適合於各行各業的倉儲及貨物的計算機管理。 共享軟體 免費註冊。
【軟體限制】:NAG、功能限制
【作者宣告】:初學Crack,只是感興趣,沒有其它目的。失誤之處敬請諸位大俠賜教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、PEiD、AspackDie、UPXWin、Guw32、W32Dasm 9.0白金版
―――――――――――――――――――――――――――――――――
【過 程】:
Waregoods.exe 無殼。 VB6 native 。暈倒,這個東東在我的WIN 98SE上居然無法正常執行,需要更新某某檔案……呵呵,幸好我還有第2作業系統XP,只好去XP下分析了。這是我第一次在XP下除錯。^O^
^O^
序列號:IELKLKHIDP
單 位:雨佳商業公司
試煉碼:1357 - 2468 (注意:-前後各有1個空格!)
―――――――――――――――――――――――――――――――――
可下MSVBVM60.rtcMidCharVar斷點,生成序列號後會來到下面:
:006629E9 FF90D4000000 call dword
ptr [eax+000000D4]
====>生成程式顯示的序列號!
:006629EF 3BC3
cmp eax, ebx
:006629F1 7D11
jge 00662A04
:006629F3 68D4000000 push
000000D4
* Possible StringData Ref from
Code Obj ->"om<)L5Q8A?"
|
:006629F8 6830544200 push
00425430
:006629FD 57
push edi
:006629FE 50
push eax
* Reference To: MSVBVM60.__vbaHresultCheckObj,
Ord:0000h
|
:006629FF E83859DAFF Call
0040833C
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:006629F1(C)
|
:00662A04 8B55C8 mov
edx, dword ptr [ebp-38]
====>EDX=IELKLKHIDP
序列號
:00662A07 895DC8
mov dword ptr [ebp-38], ebx
:00662A0A 8D4DD4 lea
ecx, dword ptr [ebp-2C]
* Reference To: MSVBVM60.__vbaStrMove,
Ord:0000h
|
:00662A0D E83059DAFF Call
00408342
:00662A12 6A01
push 00000001
:00662A14 FF36
push dword ptr [esi]
====>[esi]=1357 - 2468
試煉碼
* Possible StringData Ref from
Code Obj ->" - "
|
:00662A16 6820634300 push
00436320
:00662A1B 53
push ebx
* Reference To: MSVBVM60.__vbaInStr,
Ord:0000h
|
:00662A1C E8775ADAFF Call
00408498
====>檢測輸入的試煉碼的格式是否是K1 - K2
====>暈倒 ~Q~ 為了這-前後的2個空格我在這兒看了15分鐘
:00662A21 8BC8 mov ecx, eax
* Reference To: MSVBVM60.__vbaI2I4,
Ord:0000h
|
:00662A23 E81E58DAFF Call
00408246
:00662A28 8945DC mov
dword ptr [ebp-24], eax
:00662A2B 663BC3 cmp
ax, bx
:00662A2E 0F8E2B010000 jle 00662B5F
====>跳則OVER!
:00662A34 8975A8
mov dword ptr [ebp-58], esi
:00662A37 BB08400000 mov ebx,
00004008
:00662A3C 895DA0 mov
dword ptr [ebp-60], ebx
:00662A3F 662D0100 sub
ax, 0001
:00662A43 0F809C010000 jo 00662BE5
:00662A49 0FBFC0 movsx
eax, ax
:00662A4C 50
push eax
:00662A4D 8D45A0 lea
eax, dword ptr [ebp-60]
:00662A50 50
push eax
:00662A51 8D45B0 lea
eax, dword ptr [ebp-50]
:00662A54 50
push eax
* Reference To: MSVBVM60.rtcLeftCharVar,
Ord:0269h
|
:00662A55 E88459DAFF Call
004083DE
====>取試煉碼的前段
:00662A5A 8D45B0
lea eax, dword ptr [ebp-50]
:00662A5D 50
push eax
* Reference To: MSVBVM60.__vbaStrVarMove,
Ord:0000h
|
:00662A5E E81559DAFF Call
00408378
:00662A63 8BD0
mov edx, eax
====>EDX=1357 試煉碼的前段
:00662A65 8D4DD8 lea ecx, dword ptr [ebp-28]
* Reference To: MSVBVM60.__vbaStrMove,
Ord:0000h
|
:00662A68 E8D558DAFF Call
00408342
:00662A6D 8D4DB0 lea
ecx, dword ptr [ebp-50]
* Reference To: MSVBVM60.__vbaFreeVar,
Ord:0000h
|
:00662A70 E83D58DAFF Call
004082B2
:00662A75 8975A8 mov
dword ptr [ebp-58], esi
:00662A78 895DA0 mov
dword ptr [ebp-60], ebx
:00662A7B FF36
push dword ptr [esi]
* Reference To: MSVBVM60.__vbaLenBstr,
Ord:0000h
|
:00662A7D E8E257DAFF Call
00408264
:00662A82 0FBF4DDC movsx
ecx, word ptr [ebp-24]
:00662A86 2BC1
sub eax, ecx
:00662A88 0F8057010000 jo 00662BE5
:00662A8E 83E802 sub
eax, 00000002
:00662A91 0F804E010000 jo 00662BE5
:00662A97 50
push eax
:00662A98 8D45A0 lea
eax, dword ptr [ebp-60]
:00662A9B 50
push eax
:00662A9C 8D45B0 lea
eax, dword ptr [ebp-50]
:00662A9F 50
push eax
* Reference To: MSVBVM60.rtcRightCharVar,
Ord:026Bh
|
:00662AA0 E8B759DAFF Call
0040845C
====>取試煉碼的後段
:00662AA5 8D45B0
lea eax, dword ptr [ebp-50]
:00662AA8 50
push eax
* Reference To: MSVBVM60.__vbaStrVarMove,
Ord:0000h
|
:00662AA9 E8CA58DAFF Call
00408378
:00662AAE 8BD0
mov edx, eax
====>EDX=2468 試煉碼的後段
:00662AB0 8D4DCC lea ecx, dword ptr [ebp-34]
* Reference To: MSVBVM60.__vbaStrMove,
Ord:0000h
|
:00662AB3 E88A58DAFF Call
00408342
:00662AB8 8D4DB0 lea
ecx, dword ptr [ebp-50]
* Reference To: MSVBVM60.__vbaFreeVar,
Ord:0000h
|
:00662ABB E8F257DAFF Call
004082B2
:00662AC0 8B07
mov eax, dword ptr [edi]
:00662AC2 8D4DC8 lea
ecx, dword ptr [ebp-38]
====>[ebp-38]=IELKLKHIDP
序列號
:00662AC5 51
push ecx
:00662AC6 FF75D4 push
[ebp-2C]
:00662AC9 57
push edi
:00662ACA FF90EC000000 call dword
ptr [eax+000000EC]
====>演算法CALL①!進入!生成前段註冊碼
:00662AD0 85C0
test eax, eax
:00662AD2 7D11
jge 00662AE5
:00662AD4 68EC000000 push
000000EC
* Possible StringData Ref from
Code Obj ->"om<)L5Q8A?"
|
:00662AD9 6830544200 push
00425430
:00662ADE 57
push edi
:00662ADF 50
push eax
* Reference To: MSVBVM60.__vbaHresultCheckObj,
Ord:0000h
|
:00662AE0 E85758DAFF Call
0040833C
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00662AD2(C)
|
:00662AE5 33D2
xor edx, edx
:00662AE7 8D4DC4 lea
ecx, dword ptr [ebp-3C]
* Reference To: MSVBVM60.__vbaStrCopy,
Ord:0000h
|
:00662AEA E8B157DAFF Call
004082A0
:00662AEF 8B07
mov eax, dword ptr [edi]
:00662AF1 8D4DC0 lea
ecx, dword ptr [ebp-40]
:00662AF4 51
push ecx
:00662AF5 8D4DC4 lea
ecx, dword ptr [ebp-3C]
:00662AF8 51
push ecx
:00662AF9 57
push edi
:00662AFA FF90D8000000 call dword
ptr [eax+000000D8]
====>演算法CALL②!進入!生成後段註冊碼
:00662B00 85C0
test eax, eax
:00662B02 7D11
jge 00662B15
:00662B04 68D8000000 push
000000D8
* Possible StringData Ref from
Code Obj ->"om<)L5Q8A?"
|
:00662B09 6830544200 push
00425430
:00662B0E 57
push edi
:00662B0F 50
push eax
* Reference To: MSVBVM60.__vbaHresultCheckObj,
Ord:0000h
|
:00662B10 E82758DAFF Call
0040833C
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00662B02(C)
|
:00662B15 FF75CC push
[ebp-34]
====>[ebp-34]=2468
:00662B18 FF75C0
push [ebp-40]
====>[ebp-40]=CNSZNOG 後段註冊碼
* Reference To: MSVBVM60.__vbaStrCmp,
Ord:0000h
|
:00662B1B E81658DAFF Call
00408336
====>比較後段註冊碼!
:00662B20 8BF0
mov esi, eax
:00662B22 F7DE
neg esi
:00662B24 1BF6
sbb esi, esi
:00662B26 46
inc esi
:00662B27 F7DE
neg esi
:00662B29 FF75D8 push
[ebp-28]
====>[ebp-28]=1357
:00662B2C FF75C8
push [ebp-38]
====>[ebp-38]=WAYAAYYQTU 前段註冊碼
* Reference To: MSVBVM60.__vbaStrCmp,
Ord:0000h
|
:00662B2F E80258DAFF Call
00408336
====>比較前段註冊碼!
:00662B34 F7D8
neg eax
:00662B36 1BC0
sbb eax, eax
:00662B38 40
inc eax
:00662B39 F7D8
neg eax
:00662B3B 23F0
and esi, eax
:00662B3D 8D45C0 lea
eax, dword ptr [ebp-40]
:00662B40 50
push eax
:00662B41 8D45C4 lea
eax, dword ptr [ebp-3C]
:00662B44 50
push eax
:00662B45 8D45C8 lea
eax, dword ptr [ebp-38]
:00662B48 50
push eax
:00662B49 6A03
push 00000003
* Reference To: MSVBVM60.__vbaFreeStrList, Ord:0000h
|
:00662B4B E8A457DAFF Call
004082F4
:00662B50 83C410 add
esp, 00000010
:00662B53 6685F6 test
si, si
:00662B56 7407
je 00662B5F
====>跳則OVER!
:00662B58 C745D001000000 mov [ebp-30], 00000001
* Referenced by a (U)nconditional
or (C)onditional Jump at Addresses:
|:006629B0(U), :006629C6(C), :00662A2E(C), :00662B56(C)
|
:00662B5F 668B45D0 mov
ax, word ptr [ebp-30]
:00662B63 66898784000000 mov word ptr [edi+00000084],
ax
:00662B6A EB0E
jmp 00662B7A
…… ……省 略…… ……
:0068E139 E892A1D7FF
Call 004082D0
====>BAD BOY!
―――――――――――――――――――――――――――――――――
進入演算法CALL①:00662ACA call dword ptr [eax+000000EC]
…… ……省 略…… ……
* Reference To: MSVBVM60.__vbaLenBstr,
Ord:0000h
|
:00663176 E8E950DAFF Call
00408264
:0066317B 6A01
push 00000001
:0066317D 5B
pop ebx
:0066317E 2BC3
sub eax, ebx
:00663180 0F806F020000 jo 006633F5
:00663186 50
push eax
:00663187 8D459C lea
eax, dword ptr [ebp-64]
:0066318A 50
push eax
:0066318B 8D45BC lea
eax, dword ptr [ebp-44]
:0066318E 50
push eax
* Reference To: MSVBVM60.rtcLeftCharVar,
Ord:0269h
|
:0066318F E84A52DAFF Call
004083DE
====>取序列號左邊的幾位。其實就是E盤序列號的變形
:00663194 8D45BC
lea eax, dword ptr [ebp-44]
:00663197 50
push eax
* Reference To: MSVBVM60.__vbaStrVarMove,
Ord:0000h
|
:00663198 E8DB51DAFF Call
00408378
:0066319D 8BD0
mov edx, eax
====>[ebp-38]=IELKLKHID
:0066319F 8D4DDC lea ecx, dword ptr [ebp-24]
* Reference To: MSVBVM60.__vbaStrMove,
Ord:0000h
|
:006631A2 E89B51DAFF Call
00408342
:006631A7 8D4DBC lea
ecx, dword ptr [ebp-44]
* Reference To: MSVBVM60.__vbaFreeVar,
Ord:0000h
|
:006631AA E80351DAFF Call
004082B2
:006631AF 8D45E4 lea
eax, dword ptr [ebp-1C]
:006631B2 53
push ebx
:006631B3 8945A4 mov
dword ptr [ebp-5C], eax
:006631B6 8D459C lea
eax, dword ptr [ebp-64]
:006631B9 50
push eax
:006631BA 8D45BC lea
eax, dword ptr [ebp-44]
:006631BD 50
push eax
:006631BE 89759C mov
dword ptr [ebp-64], esi
* Reference To: MSVBVM60.rtcRightCharVar,
Ord:026Bh
|
:006631C1 E89652DAFF Call
0040845C
:006631C6 8D45BC lea
eax, dword ptr [ebp-44]
:006631C9 50
push eax
* Reference To: MSVBVM60.__vbaStrVarMove,
Ord:0000h
|
:006631CA E8A951DAFF Call
00408378
:006631CF 8BD0
mov edx, eax
:006631D1 8D4DD0 lea
ecx, dword ptr [ebp-30]
* Reference To: MSVBVM60.__vbaStrMove,
Ord:0000h
|
:006631D4 E86951DAFF Call
00408342
:006631D9 8D4DBC lea
ecx, dword ptr [ebp-44]
* Reference To: MSVBVM60.__vbaFreeVar,
Ord:0000h
|
:006631DC E8D150DAFF Call
004082B2
:006631E1 8BD7
mov edx, edi
:006631E3 8D4DE0 lea
ecx, dword ptr [ebp-20]
* Reference To: MSVBVM60.__vbaStrCopy,
Ord:0000h
|
:006631E6 E8B550DAFF Call
004082A0
:006631EB FF75DC push
[ebp-24]
* Reference To: MSVBVM60.__vbaLenBstr,
Ord:0000h
|
:006631EE E87150DAFF Call
00408264
====>取IELKLKHID的長度
:006631F3 8BC8
mov ecx, eax
====>ECX=9
* Reference To: MSVBVM60.__vbaI2I4,
Ord:0000h
|
:006631F5 E84C50DAFF Call
00408246
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:006632DC(U)
|
:006631FA 6A01
push 00000001
:006631FC 8BF8
mov edi, eax
:006631FE 58
pop eax
:006631FF 663BF8 cmp
di, ax
:00663202 0F8CD9000000 jl 006632E1
:00663208 8D45DC lea
eax, dword ptr [ebp-24]
:0066320B 895DC4 mov
dword ptr [ebp-3C], ebx
:0066320E 8945A4 mov
dword ptr [ebp-5C], eax
:00663211 8D45BC lea
eax, dword ptr [ebp-44]
:00663214 50
push eax
:00663215 C745BC02000000 mov [ebp-44], 00000002
:0066321C 0FBFC7 movsx
eax, di
:0066321F 50
push eax
:00663220 8D459C lea
eax, dword ptr [ebp-64]
:00663223 50
push eax
:00663224 8D45AC lea
eax, dword ptr [ebp-54]
:00663227 50
push eax
:00663228 89759C mov
dword ptr [ebp-64], esi
* Reference To: MSVBVM60.rtcMidCharVar,
Ord:0278h
|
:0066322B E88451DAFF Call
004083B4
====>倒序取IELKLKHID字元
:00663230 8D45AC
lea eax, dword ptr [ebp-54]
:00663233 50
push eax
* Reference To: MSVBVM60.__vbaStrVarMove,
Ord:0000h
|
:00663234 E83F51DAFF Call
00408378
:00663239 8BD0
mov edx, eax
:0066323B 8D4DD4 lea
ecx, dword ptr [ebp-2C]
* Reference To: MSVBVM60.__vbaStrMove,
Ord:0000h
|
:0066323E E8FF50DAFF Call
00408342
:00663243 8D45AC lea
eax, dword ptr [ebp-54]
:00663246 50
push eax
:00663247 8D45BC lea
eax, dword ptr [ebp-44]
:0066324A 50
push eax
:0066324B 6A02
push 00000002
* Reference To: MSVBVM60.__vbaFreeVarList,
Ord:0000h
|
:0066324D E8B450DAFF Call
00408306
:00663252 8B45E0 mov
eax, dword ptr [ebp-20]
:00663255 83C40C add
esp, 0000000C
:00663258 8945A4 mov
dword ptr [ebp-5C], eax
:0066325B C7459C08000000 mov [ebp-64], 00000008
:00663262 FF75D4 push
[ebp-2C]
* Reference To: MSVBVM60.rtcAnsivalueBstr,
Ord:0204h
|
:00663265 E85051DAFF Call
004083BA
====>依次取字元所對應的HEX值
:0066326A 6603C7
add ax, di
====>依次加上9、8、7、……、1 遞減位數
:0066326D 66B91A00
mov cx, 001A
====>CX=1A
:00663271 0F807E010000
jo 006633F5
:00663277 66051700 add
ax, 0017
====>AX再加上17
:0066327B 0F8074010000
jo 006633F5
:00663281 6699
cwd
:00663283 66F7F9 idiv
cx
====>DX=AX % 1A
:00663286 6683C241
add dx, 0041
====>餘數再加41
:0066328A 0F8065010000
jo 006633F5
:00663290 0FBFC2 movsx
eax, dx
:00663293 50
push eax
:00663294 8D45BC lea
eax, dword ptr [ebp-44]
:00663297 50
push eax
* Reference To: MSVBVM60.rtcVarBstrFromAnsi,
Ord:0260h
|
:00663298 E82F51DAFF Call
004083CC
====>依次把上面所得的HEX值轉變為所對應的字元
:0066329D 8D459C
lea eax, dword ptr [ebp-64]
:006632A0 50
push eax
:006632A1 8D45BC lea
eax, dword ptr [ebp-44]
:006632A4 50
push eax
:006632A5 8D45AC lea
eax, dword ptr [ebp-54]
:006632A8 50
push eax
* Reference To: MSVBVM60.__vbaVarCat,
Ord:0000h
|
:006632A9 E81650DAFF Call
004082C4
====>依次連線所得的字元
:006632AE 50 push eax
* Reference To: MSVBVM60.__vbaStrVarMove,
Ord:0000h
|
:006632AF E8C450DAFF Call
00408378
:006632B4 8BD0
mov edx, eax
====>最後得出:WAYAAYYQT
:006632B6 8D4DE0 lea ecx, dword ptr [ebp-20]
* Reference To: MSVBVM60.__vbaStrMove,
Ord:0000h
|
:006632B9 E88450DAFF Call
00408342
:006632BE 8D45AC lea
eax, dword ptr [ebp-54]
:006632C1 50
push eax
:006632C2 8D45BC lea
eax, dword ptr [ebp-44]
:006632C5 50
push eax
:006632C6 6A02
push 00000002
* Reference To: MSVBVM60.__vbaFreeVarList,
Ord:0000h
|
:006632C8 E83950DAFF Call
00408306
:006632CD 83C8FF or
eax, FFFFFFFF
:006632D0 83C40C add
esp, 0000000C
:006632D3 6603C7 add
ax, di
:006632D6 0F8019010000 jo 006633F5
:006632DC E919FFFFFF jmp 006631FA
====>迴圈!
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00663202(C)
|
:006632E1 8B7508 mov
esi, dword ptr [ebp+08]
:006632E4 8D4DCC lea
ecx, dword ptr [ebp-34]
:006632E7 51
push ecx
:006632E8 FF75E0 push
[ebp-20]
====>[ebp-20]=WAYAAYYQT
:006632EB 8B06
mov eax, dword ptr [esi]
:006632ED 56
push esi
:006632EE FF90DC000000 call dword
ptr [eax+000000DC]
====>生成前段註冊碼K1的最後1位:U
:006632F4 85C0
test eax, eax
:006632F6 7D11
jge 00663309
:006632F8 68DC000000 push
000000DC
* Possible StringData Ref from
Code Obj ->"om<)L5Q8A?"
|
:006632FD 6830544200 push
00425430
:00663302 56
push esi
:00663303 50
push eax
* Reference To: MSVBVM60.__vbaHresultCheckObj,
Ord:0000h
|
:00663304 E83350DAFF Call
0040833C
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:006632F6(C)
|
:00663309 FF75E0 push
[ebp-20]
====>[ebp-20]=WAYAAYYQT
:0066330C FF75CC
push [ebp-34]
====>[ebp-34]=U 前段註冊碼K1的最後1位
* Reference To: MSVBVM60.__vbaStrCat,
Ord:0000h
|
:0066330F E8EC4FDAFF Call
00408300
====>連線上面2組字元
:00663314 8BD0
mov edx, eax
====>EDX=WAYAAYYQTU 這就是前段註冊碼K1
―――――――――――――――――――――――――――――――――
生成前幾位註冊碼K1的最後1位:006632EE call dword ptr [eax+000000DC]
…… ……省 略…… ……
* Reference To: MSVBVM60.rtcMidCharVar,
Ord:0278h
|
:00662828 E8875BDAFF Call
004083B4
====>依次取WAYAAYYQT的字元
:0066282D 8D45B4
lea eax, dword ptr [ebp-4C]
:00662830 50
push eax
* Reference To: MSVBVM60.__vbaStrVarMove,
Ord:0000h
|
:00662831 E8425BDAFF Call
00408378
:00662836 8BD0
mov edx, eax
:00662838 8D4DD8 lea
ecx, dword ptr [ebp-28]
* Reference To: MSVBVM60.__vbaStrMove,
Ord:0000h
|
:0066283B E8025BDAFF Call
00408342
:00662840 8D45B4 lea
eax, dword ptr [ebp-4C]
:00662843 50
push eax
:00662844 8D45C4 lea
eax, dword ptr [ebp-3C]
:00662847 50
push eax
:00662848 53
push ebx
* Reference To: MSVBVM60.__vbaFreeVarList,
Ord:0000h
|
:00662849 E8B85ADAFF Call
00408306
:0066284E 83C40C add
esp, 0000000C
:00662851 FF75D8 push
[ebp-28]
* Reference To: MSVBVM60.rtcAnsivalueBstr,
Ord:0204h
|
:00662854 E8615BDAFF Call
004083BA
====>依次取對應的HEX值
:00662859 660345E4
add ax, word ptr [ebp-1C]
①、 ====>AX=57 + 00=57
②、 ====>AX=41 + 55=96
③、 ====>AX=59 + 94=ED
…… ……省 略…… ……
⑨、 ====>AX=54 + 266=2BA
:0066285D 6A01
push 00000001
:0066285F 0F80B7000000 jo 0066291C
:00662865 662BC3 sub
ax, bx
①、 ====>AX=57 - 02=55
②、 ====>AX=96 - 02=94
③、 ====>AX=ED - 02=EB
…… ……省 略…… ……
⑨、 ====>AX=2BA - 02=2B8
:00662868 0F80AE000000 jo 0066291C
:0066286E 8945E4 mov
dword ptr [ebp-1C], eax
====>[ebp-1C]=EAX
:00662871 58
pop eax
:00662872 6603C7 add
ax, di
:00662875 0F80A1000000 jo 0066291C
:0066287B 8BF8
mov edi, eax
:0066287D EB80
jmp 006627FF
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00662803(C)
|
:0066287F 668B45E4 mov
ax, word ptr [ebp-1C]
====>AX=2B8 上面的累加運算之和
:00662883 66B91A00
mov cx, 001A
:00662887 6699
cwd
:00662889 66F7F9 idiv
cx
====>DX=2B8 % 1A=14
:0066288C 6683C241
add dx, 0041
====>DX=14 + 41=55
:00662890 0F8086000000
jo 0066291C
:00662896 0FBFC2 movsx
eax, dx
:00662899 50
push eax
:0066289A 8D45C4 lea
eax, dword ptr [ebp-3C]
:0066289D 50
push eax
* Reference To: MSVBVM60.rtcVarBstrFromAnsi,
Ord:0260h
|
:0066289E E8295BDAFF Call
004083CC
====>把上面所得的45轉變成字元
:006628A3 8D45C4
lea eax, dword ptr [ebp-3C]
:006628A6 50
push eax
* Reference To: MSVBVM60.__vbaStrVarMove,
Ord:0000h
|
:006628A7 E8CC5ADAFF Call
00408378
:006628AC 8BD0
mov edx, eax
====>EDX=U
這就是K1的最後1位
――――――――――――――――
注:生成程式顯示的序列號的最後1位:
對IELKLKHID運算得出:27F % 1A=F F + 41=50 即:P
―――――――――――――――――――――――――――――――――
進入演算法CALL②:00662AFA call dword ptr [eax+000000D8]
我改變E盤序列號測試了幾次,發現後段註冊碼是相同的,或許這是根據單位名來運算的。但是在我機子上安裝後的程式單位名是無法改變的,有朋友做的話麻煩驗證一下!
…… ……省 略…… ……
:00662669 50
push eax
:0066266A 895DA8 mov
dword ptr [ebp-58], ebx
* Reference To: MSVBVM60.rtcMidCharVar,
Ord:0278h
|
:0066266D E8425DDAFF Call
004083B4
====>依次取E8 96 73 4F 46 55 1A 4E
6C 51 F8 53 20 00
:00662672 8D45B8
lea eax, dword ptr [ebp-48]
:00662675 50
push eax
* Reference To: MSVBVM60.__vbaStrVarMove,
Ord:0000h
|
:00662676 E8FD5CDAFF Call
00408378
:0066267B 8BD0
mov edx, eax
:0066267D 8D4DDC lea
ecx, dword ptr [ebp-24]
* Reference To: MSVBVM60.__vbaStrMove,
Ord:0000h
|
:00662680 E8BD5CDAFF Call
00408342
:00662685 8D45B8 lea
eax, dword ptr [ebp-48]
:00662688 50
push eax
:00662689 8D45C8 lea
eax, dword ptr [ebp-38]
:0066268C 50
push eax
:0066268D 56
push esi
* Reference To: MSVBVM60.__vbaFreeVarList,
Ord:0000h
|
:0066268E E8735CDAFF Call
00408306
:00662693 8B45E0 mov
eax, dword ptr [ebp-20]
:00662696 83C40C add
esp, 0000000C
:00662699 8945B0 mov
dword ptr [ebp-50], eax
:0066269C C745A808000000 mov [ebp-58], 00000008
:006626A3 FF75DC push
[ebp-24]
* Reference To: MSVBVM60.rtcAnsivalueBstr,
Ord:0204h
|
:006626A6 E80F5DDAFF Call
004083BA
:006626AB 8BC8
mov ecx, eax
* Reference To: MSVBVM60.__vbaI2Abs,
Ord:0000h
|
:006626AD E87E5FDAFF Call
00408630
:006626B2 6699
cwd
:006626B4 66B91A00 mov
cx, 001A
:006626B8 66F7F9 idiv
cx
:006626BB 6683C241 add
dx, 0041
:006626BF 0F80BF000000 jo 00662784
====>上面是求模、相加運算
:006626C5 0FBFC2
movsx eax, dx
:006626C8 50
push eax
:006626C9 8D45C8 lea
eax, dword ptr [ebp-38]
:006626CC 50
push eax
* Reference To: MSVBVM60.rtcVarBstrFromAnsi,
Ord:0260h
|
:006626CD E8FA5CDAFF Call
004083CC
====>依次把上面所得的HEX值轉變為所對應的字元
:006626D2 8D45A8
lea eax, dword ptr [ebp-58]
:006626D5 50
push eax
:006626D6 8D45C8 lea
eax, dword ptr [ebp-38]
:006626D9 50
push eax
:006626DA 8D45B8 lea
eax, dword ptr [ebp-48]
:006626DD 50
push eax
* Reference To: MSVBVM60.__vbaVarCat,
Ord:0000h
|
:006626DE E8E15BDAFF Call
004082C4
====>依次連線所得的字元
:006626E3 50 push eax
* Reference To: MSVBVM60.__vbaStrVarMove,
Ord:0000h
|
:006626E4 E88F5CDAFF Call
00408378
:006626E9 8BD0
mov edx, eax
====>最後得出:EDX=CNSZNOG 這就是後段註冊碼K2
:006626EB 8D4DE0 lea ecx, dword ptr [ebp-20]
* Reference To: MSVBVM60.__vbaStrMove,
Ord:0000h
|
:006626EE E84F5CDAFF Call
00408342
:006626F3 8D45B8 lea
eax, dword ptr [ebp-48]
:006626F6 50
push eax
:006626F7 8D45C8 lea
eax, dword ptr [ebp-38]
:006626FA 50
push eax
:006626FB 56
push esi
* Reference To: MSVBVM60.__vbaFreeVarList,
Ord:0000h
|
:006626FC E8055CDAFF Call
00408306
:00662701 83C40C add
esp, 0000000C
:00662704 6A01
push 00000001
:00662706 58
pop eax
:00662707 6603C7 add
ax, di
:0066270A 7078
jo 00662784
:0066270C 8BF8
mov edi, eax
:0066270E E92DFFFFFF jmp 00662640
====>迴圈!
★★★★★★★★☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆★★★★★★★★
取E盤的序列號生成程式顯示的序列號:006629E9 call dword ptr [eax+000000D4]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00662484(U)
|
:006623A4 8B45E8 mov
eax, dword ptr [ebp-18]
:006623A7 663B4588 cmp
ax, word ptr [ebp-78]
:006623AB 0F8FD8000000 jg 00662489
:006623B1 8D4DDC lea
ecx, dword ptr [ebp-24]
:006623B4 895DCC mov
dword ptr [ebp-34], ebx
:006623B7 894DAC mov
dword ptr [ebp-54], ecx
:006623BA 8D4DC4 lea
ecx, dword ptr [ebp-3C]
:006623BD 0FBFC0 movsx
eax, ax
:006623C0 51
push ecx
:006623C1 50
push eax
:006623C2 8D45A4 lea
eax, dword ptr [ebp-5C]
:006623C5 C745C402000000 mov [ebp-3C], 00000002
:006623CC 50
push eax
:006623CD 8D45B4 lea
eax, dword ptr [ebp-4C]
:006623D0 50
push eax
:006623D1 C745A408400000 mov [ebp-5C], 00004008
* Reference To: MSVBVM60.rtcMidCharVar,
Ord:0278h
|
:006623D8 E8D75FDAFF Call
004083B4
====>依次取518787450 E盤序列號的10進位制值
:006623DD 8D45B4
lea eax, dword ptr [ebp-4C]
:006623E0 50
push eax
* Reference To: MSVBVM60.__vbaStrVarMove,
Ord:0000h
|
:006623E1 E8925FDAFF Call
00408378
:006623E6 8BD0
mov edx, eax
:006623E8 8D4DE0 lea
ecx, dword ptr [ebp-20]
* Reference To: MSVBVM60.__vbaStrMove,
Ord:0000h
|
:006623EB E8525FDAFF Call
00408342
:006623F0 8D45B4 lea
eax, dword ptr [ebp-4C]
:006623F3 50
push eax
:006623F4 8D45C4 lea
eax, dword ptr [ebp-3C]
:006623F7 50
push eax
:006623F8 6A02
push 00000002
* Reference To: MSVBVM60.__vbaFreeVarList,
Ord:0000h
|
:006623FA E8075FDAFF Call
00408306
:006623FF 8B45E4 mov
eax, dword ptr [ebp-1C]
:00662402 83C40C add
esp, 0000000C
:00662405 8945AC mov
dword ptr [ebp-54], eax
:00662408 C745A408000000 mov [ebp-5C], 00000008
:0066240F FF75E0 push
[ebp-20]
* Reference To: MSVBVM60.rtcAnsivalueBstr,
Ord:0204h
|
:00662412 E8A35FDAFF Call
004083BA
====>取其字元對應的HEX值
:00662417 66053F00
add ax, 003F
====>依次+3F
:0066241B 66B91B00
mov cx, 001B
:0066241F 0F8014010000 jo 00662539
:00662425 6699
cwd
:00662427 66F7F9 idiv
cx
====>依次模1B
:0066242A 6683C241
add dx, 0041
====>餘數+41
:0066242E 0F8005010000
jo 00662539
:00662434 0FBFC2 movsx
eax, dx
:00662437 50
push eax
:00662438 8D45C4 lea
eax, dword ptr [ebp-3C]
:0066243B 50
push eax
* Reference To: MSVBVM60.rtcVarBstrFromAnsi,
Ord:0260h
|
:0066243C E88B5FDAFF Call
004083CC
====>取上面的HEX值對應的字元
:00662441 8D45A4
lea eax, dword ptr [ebp-5C]
:00662444 50
push eax
:00662445 8D45C4 lea
eax, dword ptr [ebp-3C]
:00662448 50
push eax
:00662449 8D45B4 lea
eax, dword ptr [ebp-4C]
:0066244C 50
push eax
* Reference To: MSVBVM60.__vbaVarCat,
Ord:0000h
|
:0066244D E8725EDAFF Call
004082C4
====>依次連線所得字元
:00662452 50 push eax
* Reference To: MSVBVM60.__vbaStrVarMove,
Ord:0000h
|
:00662453 E8205FDAFF Call
00408378
:00662458 8BD0
mov edx, eax
====>最後得出:EDX=IELKLKHID
:0066245A 8D4DE4 lea ecx, dword ptr [ebp-1C]
* Reference To: MSVBVM60.__vbaStrMove,
Ord:0000h
|
:0066245D E8E05EDAFF Call
00408342
:00662462 8D45B4 lea
eax, dword ptr [ebp-4C]
:00662465 50
push eax
:00662466 8D45C4 lea
eax, dword ptr [ebp-3C]
:00662469 50
push eax
:0066246A 6A02
push 00000002
* Reference To: MSVBVM60.__vbaFreeVarList,
Ord:0000h
|
:0066246C E8955EDAFF Call
00408306
:00662471 83C40C add
esp, 0000000C
:00662474 6A01
push 00000001
:00662476 58
pop eax
:00662477 660345E8 add
ax, word ptr [ebp-18]
:0066247B 0F80B8000000 jo 00662539
:00662481 8945E8 mov
dword ptr [ebp-18], eax
:00662484 E91BFFFFFF jmp 006623A4
====>迴圈!
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:006623AB(C)
|
:00662489 8B07
mov eax, dword ptr [edi]
:0066248B 8D4DD4 lea
ecx, dword ptr [ebp-2C]
:0066248E 51
push ecx
:0066248F FF75E4 push
[ebp-1C]
:00662492 57
push edi
:00662493 FF90DC000000 call dword
ptr [eax+000000DC]
====>對IELKLKHID運算 生成序列號最後1位
====>詳見:生成前幾位註冊碼K1的最後1位
:00662499 3BC6
cmp eax, esi
:0066249B 7D11
jge 006624AE
:0066249D 68DC000000 push
000000DC
* Possible StringData Ref from
Code Obj ->"om<)L5Q8A?"
|
:006624A2 6830544200 push
00425430
:006624A7 57
push edi
:006624A8 50
push eax
* Reference To: MSVBVM60.__vbaHresultCheckObj,
Ord:0000h
|
:006624A9 E88E5EDAFF Call
0040833C
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0066249B(C)
|
:006624AE FF75E4 push
[ebp-1C]
====>[ebp-1C]=IELKLKHID
:006624B1 FF75D4
push [ebp-2C]
====>[ebp-2C]=P
序列號最後1位
* Reference To: MSVBVM60.__vbaStrCat,
Ord:0000h
|
:006624B4 E8475EDAFF Call
00408300
====>連線以上2組字元
:006624B9 8BD0
mov edx, eax
====>EDX=IELKLKHIDP 這就是序列號
★★★★★★★★☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆★★★★★★★★
程式啟動時的比較:
:0052692A FF91E0000000 call dword
ptr [ecx+000000E0]
====>進入運算比較CALL!
:00526930 85C0
test eax, eax
:00526932 DBE2
fclex
:00526934 7D12
jge 00526948
====>跳則OVER!
―――――――――――――――――――――――――――――――――
【完 美 爆 破】:
想做完美爆破還是有點麻煩的。呵 呵 ~@~ ~@~
―――――――――――――――――――――――――――――――――
【註冊資訊儲存】:
Windows Registry Editor Version 5.00
[HKEY_USERS\S-1-5-21-1614895754-436374069-1957994488-1003\Software\VB
and VBA Program Settings\Account\RegisterCode]
"RegisterCode"="WAYAAYYQTU - CNSZNOG"
―――――――――――――――――――――――――――――――――
【整 理】:
序列號:IELKLKHIDP
單 位:雨佳商業公司
註冊碼:WAYAAYYQTU - CNSZNOG
―――――――――――――――――――――――――――――――――
, _/
/| _.-~/ \_
, 青春都一餉
( /~ /
\~-._ |\
`\\ _/
\ ~\ ) 忍把浮名
_-~~~-.) )__/;;,. \_
//'
/'_,\ --~ \ ~~~- ,;;\___( (.-~~~-.
換了破解輕狂
`~ _( ,_..--\ ( ,;'' / ~-- /._`\
/~~//' /' `~\ ) /--.._, )_ `~
" `~" " `"
/~'`\ `\\~~\
" " "~' ""
Cracked By 巢水工作坊――fly [OCN][FCG]
2003-06-23 2:00
相關文章
- 什麼是倉庫管理系統?2020-09-15
- ban COME IN倉庫管理系統2004-05-05
- 倉庫系統(2)-商品庫存/庫位管理2019-01-02
- wms倉庫管理系統,php進銷存系統2019-05-11PHP
- 吉特倉庫管理系統截圖展示2016-03-16
- wms倉庫管理系統常問問題2021-04-28
- 大型WMS倉庫管理系統【原始碼分享】2022-06-21原始碼
- 吉特倉庫管理系統-ORM框架的使用2016-09-12ORM框架
- 吉特倉庫管理系統- 基本問題解答2016-08-31
- Gitlab倉庫管理系統-高可用部署2024-08-12Gitlab
- 倉庫管理一團糟,WMS倉庫管理系統如何解決這些難點2022-12-05
- 智慧倉庫管理系統:如何實現“零庫存”?2022-12-20
- 基於java jsp的倉庫庫存管理系統2020-11-27JavaJS
- WMS倉儲管理系統與ERP倉庫模組怎麼選?2021-06-21
- 智慧物流之RFID倉庫管理系統,為傳統的倉庫管理帶來了希望-新導智慧2020-12-02
- 樓宇控制系統解決方案,樓宇自控系統2019-03-13
- 2022國產WMS倉庫管理系統排名2022-09-16
- 吉特倉庫管理系統-.NET列印問題總結2016-07-11
- JEEVMS倉庫管理系統任意檔案讀取漏洞2024-05-19
- ERP管理系統是如何進行倉庫管理的呢?ERP管理系統開發2020-08-19
- 跨境統一版申報監管倉庫管理系統2021-09-09
- 廣州WMS倉儲管理系統2024-10-28
- .NET 7+Vue 3 開源倉庫管理系統 ModernWMS2024-10-17Vue
- 倉儲配送管理系統採購-製造業倉儲物流管理系統定製2019-08-21
- 吉特倉庫管理系統-- 後臺管理開源啦,原始碼大放送2016-05-19原始碼
- 倉庫管理、dockerfile2023-03-26Docker
- Docker 倉庫管理2017-11-09Docker
- C語言-超市倉庫管理系統的設計與實現2020-11-02C語言
- 條碼倉庫管理系統在食品行業中的應用2021-01-25行業
- SAP+條碼系統軟體是如何最佳化倉庫庫存管理?2020-09-14
- abp(net core)+easyui+efcore實現倉儲管理系統——出庫管理之二(五十)2020-10-11UI
- 庫存管理系統2016-11-15
- [WMS]倉儲管理系統專案紀實2018-12-14
- 微商雲倉管理系統開發功能搭建2022-02-22
- 數商雲SCM管理系統庫存管理功能助力新能源汽車企業倉儲管理更高效2022-10-24
- Abp(net core)+easyui+efcore實現倉儲管理系統——出庫管理之八(五十七)2020-12-28UI
- Abp(net core)+easyui+efcore實現倉儲管理系統——出庫管理之七(五十六)2020-12-06UI
- abp(net core)+easyui+efcore實現倉儲管理系統——出庫管理之六(五十五)2020-11-22UI