- UID
- 14878
注册时间2006-6-4
阅读权限30
最后登录1970-1-1
龙战于野
该用户从未签到
|
【破文标题】里诺固定资产及设备管理软件算法分析
【破文作者】黑夜彩虹
【破解工具】OD
【破解平台】Windows 2K&XP
【软件名称】里诺固定资产及设备管理软件(单机版)v 1.60
【软件大小】
【原版下载】Google
【保护方式】注册码
【软件简介】2006-7-1 里诺固定资产及设备管理软件(单机版) 1.60
新版本做了如下改进:
1 支持一个设备对应多个图片;
2 设备信息自定义选项;
3 增加导出设备信息为文本文件和html的文件两种格式.
4 完善了权限;
5 其它一些改进和优化
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
【破解过程】
一、安装软件后,运行注册有错误提示。PEiD查无壳。
软件是Borland Delphi 6.0 - 7.0编写。
运行,注册名:vxin 试练码:123456
二、OD载入后,超级ASCII参串
****************************
从而找到程序注册检测代码段:
超级字串参考+ , 条目 3898
地址=00644B65
反汇编=PUSH Assets.00644C18
文本字串=已保存了注册信息!下次启动本程序时将会对你的注册码进行验证,如注册码正确,本程序所有功能限制将被解除,
您成为我们正式版本用户! //双击
006449E6 |. E8 C903DCFF CALL Assets.00404DB4 //下断
006449EB |. 83F8 04 CMP EAX,4
006449EE |. 7D 2F JGE SHORT Assets.00644A1F
006449F0 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
006449F3 |. E8 BC03DCFF CALL Assets.00404DB4
006449F8 |. 8BD8 MOV EBX,EAX
006449FA |. 83FB 03 CMP EBX,3
006449FD |. 7F 20 JG SHORT Assets.00644A1F
.........................中间省略N行代码..............................
00644B60 . 68 0C4C6400 PUSH Assets.00644C0C ; 软件注册
00644B65 . 68 184C6400 PUSH Assets.00644C18 ; 已保存了注册信息!下次启动本程序时将会对你的注册码进行验证,如注册码正确,本程序所有功能限制将被解除,您成为我们正式版本用户!
00644B6A . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00644B6D . E8 9299E4FF CALL Assets.0048E504
00644B72 . 50 PUSH EAX ; |hOwner
00644B73 . E8 7C36DCFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
.........................中间省略N行代码..............................
00644EF0 |. 68 884F6400 PUSH Assets.00644F88 ; 警告
00644EF5 |. 68 904F6400 PUSH Assets.00644F90 ; 注册名不能为空!
00644EFA |. 8BC3 MOV EAX,EBX
00644EFC |. E8 0396E4FF CALL Assets.0048E504
00644F01 |. 50 PUSH EAX ; |hOwner
00644F02 |. E8 ED32DCFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
.........................中间省略N行代码..............................
00644F33 |. 68 884F6400 PUSH Assets.00644F88 ; 警告
00644F38 |. 68 A04F6400 PUSH Assets.00644FA0 ; 注册码不能为空!
00644F3D |. 8BC3 MOV EAX,EBX
00644F3F |. E8 C095E4FF CALL Assets.0048E504
00644F44 |. 50 PUSH EAX ; |hOwner
00644F45 |. E8 AA32DCFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
运行,停在断点处:
0064498C |. E8 8306DCFF CALL Assets.00405014 ; EAX 01530EDC ASCII "E6968767"
00644991 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
00644994 |. 50 PUSH EAX
00644995 |. B9 04000000 MOV ECX,4
0064499A |. BA 05000000 MOV EDX,5
0064499F |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 堆栈 SS:[0012FD7C]=01530EDC, (ASCII "E6968767")
006449A2 |. E8 6D06DCFF CALL Assets.00405014
006449A7 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 堆栈 SS:[0012FD80]=01530EF4, (ASCII "E696")
006449AA |. E8 0504DCFF CALL Assets.00404DB4 ; EAX 01530EF4 ASCII "E696"
.........................中间省略N行代码..............................
006449E3 |> \8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 堆栈 SS:[0012FD7C]=01530F08, (ASCII "8767")
006449E6 |. E8 C903DCFF CALL Assets.00404DB4 ; EAX 01530F08 ASCII "8767"
006449EB |. 83F8 04 CMP EAX,4
006449EE |. 7D 2F JGE SHORT Assets.00644A1F
.........................中间省略N行代码..............................
00644A1D |.^\75 E0 \JNZ SHORT Assets.006449FF
00644A1F |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
00644A22 |. BA AC4A6400 MOV EDX,Assets.00644AAC ; 00644AAC=Assets.00644AAC (ASCII "Assts45yr87")
00644A27 |. E8 6001DCFF CALL Assets.00404B8C ; EDX 00644AAC ASCII "Assts45yr87"
00644A2C |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
00644A2F |. 50 PUSH EAX
00644A30 |. B9 04000000 MOV ECX,4
00644A35 |. BA 01000000 MOV EDX,1
00644A3A |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; 堆栈 SS:[0012FD78]=00644AAC (Assets.00644AAC), ASCII "Assts45yr87"
00644A3D |. E8 D205DCFF CALL Assets.00405014 ; EAX 00644AAC ASCII "Assts45yr87"
00644A42 |. FF75 DC PUSH DWORD PTR SS:[EBP-24] ; 堆栈 SS:[0012FD64]=01530F1C, (ASCII "Asst")
00644A45 |. 68 C04A6400 PUSH Assets.00644AC0 ; -
00644A4A |. FF75 F8 PUSH DWORD PTR SS:[EBP-8] ; 堆栈 SS:[0012FD80]=01530EF4, (ASCII "E696")
00644A4D |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
00644A50 |. 50 PUSH EAX
00644A51 |. B9 05000000 MOV ECX,5
00644A56 |. BA 05000000 MOV EDX,5
00644A5B |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; 堆栈 SS:[0012FD78]=00644AAC (Assets.00644AAC), ASCII "Assts45yr87"
00644A5E |. E8 B105DCFF CALL Assets.00405014 ; EAX 00644AAC ASCII "Assts45yr87"
00644A63 |. FF75 D8 PUSH DWORD PTR SS:[EBP-28] ; 堆栈 SS:[0012FD60]=01530F30, (ASCII "s45yr")
00644A66 |. 68 C04A6400 PUSH Assets.00644AC0 ; -
00644A6B |. FF75 F4 PUSH DWORD PTR SS:[EBP-C] ; 堆栈 SS:[0012FD7C]=01530F08, (ASCII "8767")
00644A6E |. 8BC7 MOV EAX,EDI
00644A70 |. BA 06000000 MOV EDX,6
00644A75 |. E8 FA03DCFF CALL Assets.00404E74
00644A7A |. 33C0 XOR EAX,EAX
00644A7C |. 5A POP EDX
00644A7D |. 59 POP ECX
00644A7E |. 59 POP ECX
00644A7F |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
00644A82 |. 68 9C4A6400 PUSH Assets.00644A9C
00644A87 |> 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
00644A8A |. BA 0A000000 MOV EDX,0A
00644A8F |. E8 8400DCFF CALL Assets.00404B18
00644A94 \. C3 RETN ; EDX 01530C74 ASCII "vxin"
.........................中间省略N行代码..............................
00647356 . 8B55 B0 MOV EDX,DWORD PTR SS:[EBP-50] ; 堆栈 SS:[0012FDCC]=01530F44, (ASCII "Asst-E696s45yr-8767")
00647359 . A1 58DA6800 MOV EAX,DWORD PTR DS:[68DA58] ; EDX 01530F44 ASCII "Asst-E696s45yr-8767"
0064735E . 8B00 MOV EAX,DWORD PTR DS:[EAX]
00647360 . 8B80 00050000 MOV EAX,DWORD PTR DS:[EAX+500] ; DS:[01506C6C]=01530C88, (ASCII "123456")
00647366 . E8 95DBDBFF CALL Assets.00404F00
0064736B . 0F85 8A000000 JNZ Assets.006473FB
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
【算法小结】
用户名:vxin 注册码:Asst-E696s45yr-8767
作者一系列软件算法似乎都差不多....,呵~~~
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
【版权声明】本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! |
|
IP卡
发表于 2006-7-2 16:02:57
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-7-2 21:55:11