- UID
- 5592
注册时间2005-12-21
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 慵懒
2019-1-18 17:27 |
|---|
签到天数: 30 天 [LV.5]常住居民I
|
【破文标题】通玩具贸易管理系统 2007 寻码记
【破文作者】lzq1973[PYG][CZG][OCN][DFCG]
【作者邮箱】lzq9888@126.com
【作者主页】http://my.winzheng.com/?455397
【破解工具】OD、PEiD
【破解平台】WinXP
【软件名称】易通玩具贸易管理系统 2007
【软件大小】5573KB
【原版下载】http://www.newhua.com/soft/51785.htm
【保护方式】SN
【软件简介】 《易通玩具贸易管理系统》,适合玩具公司的内、外销业务,是经过多年与用户交流,共同探索,综合多家玩具贸易公司日常业务工作流程设计而成的玩具贸易管理系统,软件突出“易用通用”的特点,易学易懂,操作方便。系统具有高度的稳定性和安全性,具有用户加密设置、数据加密、数据自动备份等功能。
【破解声明】俺是只小小鸟,纯为学习,愿与大家分享!
------------------------------------------------------------------------
【破解过程】 下载的只是试用版,无论注册码正确与否都提示无法注册,看了下修改006B5437处为jmp short 006B5470则能正常注册,且运行正常。
载入修改后的来到这里,
006B52B0 . 55 push ebp
006B52B1 . 8BEC mov ebp, esp
006B52B3 . B9 0C000000 mov ecx, 0C
006B52B8 > 6A 00 push 0
006B52BA . 6A 00 push 0
006B52BC . 49 dec ecx
006B52BD .^ 75 F9 jnz short 006B52B8
006B52BF . 53 push ebx
006B52C0 . 56 push esi
006B52C1 . 8945 FC mov [ebp-4], eax
006B52C4 . 33C0 xor eax, eax
006B52C6 . 55 push ebp
006B52C7 . 68 DB556B00 push 006B55DB
006B52CC . 64:FF30 push dword ptr fs:[eax]
006B52CF . 64:8920 mov fs:[eax], esp
006B52D2 . 8D55 D8 lea edx, [ebp-28]
006B52D5 . A1 C84D7100 mov eax, [714DC8]
006B52DA . 8B00 mov eax, [eax]
006B52DC . E8 D7860400 call 006FD9B8
006B52E1 . 8B45 D8 mov eax, [ebp-28]
006B52E4 . 8D55 DC lea edx, [ebp-24]
006B52E7 . E8 404CD5FF call 00409F2C
006B52EC . 837D DC 00 cmp dword ptr [ebp-24], 0
006B52F0 . 74 1C je short 006B530E
006B52F2 . 8D55 D4 lea edx, [ebp-2C]
006B52F5 . A1 C84D7100 mov eax, [714DC8]
006B52FA . 8B00 mov eax, [eax]
006B52FC . E8 B7860400 call 006FD9B8
006B5301 . 8B45 D4 mov eax, [ebp-2C]
006B5304 . 8D55 E8 lea edx, [ebp-18]
006B5307 . E8 204CD5FF call 00409F2C
006B530C . EB 4D jmp short 006B535B
006B530E > 8D4D CC lea ecx, [ebp-34]
006B5311 . A1 C84D7100 mov eax, [714DC8]
006B5316 . 8B00 mov eax, [eax]
006B5318 . 33D2 xor edx, edx
006B531A . E8 09890400 call 006FDC28
006B531F . 8B45 CC mov eax, [ebp-34] ; 机器码(ASCII "001A37275F5E")
006B5322 . 8D55 D0 lea edx, [ebp-30]
006B5325 . E8 024CD5FF call 00409F2C
006B532A . 837D D0 00 cmp dword ptr [ebp-30], 0
006B532E . 74 1E je short 006B534E
006B5330 . 8D4D C8 lea ecx, [ebp-38]
006B5333 . A1 C84D7100 mov eax, [714DC8]
006B5338 . 8B00 mov eax, [eax]
006B533A . 33D2 xor edx, edx
006B533C . E8 E7880400 call 006FDC28
006B5341 . 8B45 C8 mov eax, [ebp-38]
006B5344 . 8D55 E8 lea edx, [ebp-18]
006B5347 . E8 E04BD5FF call 00409F2C
006B534C . EB 0D jmp short 006B535B
006B534E > 8D45 E8 lea eax, [ebp-18]
006B5351 . BA F0556B00 mov edx, 006B55F0 ; wd-wcajc2512504
006B5356 . E8 49FCD4FF call 00404FA4
006B535B > 8D45 E4 lea eax, [ebp-1C]
006B535E . E8 A9FBD4FF call 00404F0C
006B5363 . 8B45 E8 mov eax, [ebp-18]
006B5366 . E8 61FED4FF call 004051CC
006B536B . 8BF0 mov esi, eax
006B536D . 85F6 test esi, esi
006B536F . 7E 58 jle short 006B53C9
006B5371 . C745 E0 01000>mov dword ptr [ebp-20], 1
006B5378 > 8D45 C4 lea eax, [ebp-3C] ; /
006B537B . 50 push eax
006B537C . B9 01000000 mov ecx, 1
006B5381 . 8B55 E0 mov edx, [ebp-20]
006B5384 . 8B45 E8 mov eax, [ebp-18] ; (ASCII "001A37275F5E")
006B5387 . E8 A000D5FF call 0040542C
006B538C . 8B45 C4 mov eax, [ebp-3C]
006B538F . E8 3800D5FF call 004053CC
006B5394 . 8A18 mov bl, [eax] ; 逐位取
006B5396 . 8D45 C0 lea eax, [ebp-40]
006B5399 . 50 push eax
006B539A . 8D55 BC lea edx, [ebp-44]
006B539D . 33C0 xor eax, eax
006B539F . 8AC3 mov al, bl
006B53A1 . E8 2A51D5FF call 0040A4D0
006B53A6 . 8B45 BC mov eax, [ebp-44] ; 如是数字则相加,即48+所取的数字,如是字母则取其十进制
006B53A9 . B9 01000000 mov ecx, 1
006B53AE . BA 02000000 mov edx, 2
006B53B3 . E8 7400D5FF call 0040542C
006B53B8 . 8B55 C0 mov edx, [ebp-40]
006B53BB . 8D45 E4 lea eax, [ebp-1C]
006B53BE . E8 11FED4FF call 004051D4
006B53C3 . FF45 E0 inc dword ptr [ebp-20]
006B53C6 . 4E dec esi
006B53C7 .^ 75 AF jnz short 006B5378 ; \循环
006B53C9 > 8B45 E4 mov eax, [ebp-1C] ; 各字符相对应的个位相连接(ASCII "889515053039")
006B53CC . E8 FBFDD4FF call 004051CC
006B53D1 . 83F8 08 cmp eax, 8
006B53D4 . 7E 63 jle short 006B5439
006B53D6 . 68 08566B00 push 006B5608 ; et
006B53DB . 8D45 B4 lea eax, [ebp-4C]
006B53DE . 50 push eax
006B53DF . B9 08000000 mov ecx, 8
006B53E4 . BA 01000000 mov edx, 1
006B53E9 . 8B45 E4 mov eax, [ebp-1C]
006B53EC . E8 3B00D5FF call 0040542C ; 取前8位
006B53F1 . 8B45 B4 mov eax, [ebp-4C] ; (ASCII "88951505")
006B53F4 . E8 1352D5FF call 0040A60C
006B53F9 . 8D0440 lea eax, [eax+eax*2] ; EAX×3
006B53FC . 05 8B8F0C00 add eax, 0C8F8B ; EAX+C8F8B
006B5401 . 8D55 B8 lea edx, [ebp-48]
006B5404 . E8 C750D5FF call 0040A4D0
006B5409 . FF75 B8 push dword ptr [ebp-48] ; (ASCII "267677694")
006B540C . 8D45 B0 lea eax, [ebp-50]
006B540F . 50 push eax
006B5410 . 8B45 E4 mov eax, [ebp-1C]
006B5413 . E8 B4FDD4FF call 004051CC
006B5418 . 8BC8 mov ecx, eax
006B541A . BA 09000000 mov edx, 9
006B541F . 8B45 E4 mov eax, [ebp-1C]
006B5422 . E8 0500D5FF call 0040542C ; 后4位
006B5427 . FF75 B0 push dword ptr [ebp-50] ; 堆栈 ss:[0012EDE8]=012DE320, (ASCII "3039")
006B542A . 8D45 EC lea eax, [ebp-14]
006B542D . BA 03000000 mov edx, 3
006B5432 . E8 55FED4FF call 0040528C
006B5437 EB 37 jmp short 006B5470 ; 这是修改后的
006B5439 > 8B45 E4 mov eax, [ebp-1C]
006B543C . E8 CB51D5FF call 0040A60C
006B5441 . 8D0440 lea eax, [eax+eax*2]
006B5444 . 05 8B8F0C00 add eax, 0C8F8B ; EAX+C8F8B
006B5449 . 8D55 AC lea edx, [ebp-54]
006B544C . E8 7F50D5FF call 0040A4D0
006B5451 . 8B4D AC mov ecx, [ebp-54]
006B5454 . 8D45 EC lea eax, [ebp-14]
006B5457 . BA 08566B00 mov edx, 006B5608 ; et
006B545C . E8 B7FDD4FF call 00405218
006B5461 > B8 14566B00 mov eax, 006B5614 ; 输入注册码错误,请重新注册.
006B5466 . E8 A9BFD8FF call 00441414
006B546B . E8 7C9ED5FF call 0040F2EC
006B5470 . 8B45 FC mov eax, [ebp-4]
006B5473 . C680 18030000>mov byte ptr [eax+318], 1
006B547A . 8D55 A4 lea edx, [ebp-5C]
006B547D . 8B45 FC mov eax, [ebp-4]
006B5480 . 8B80 00030000 mov eax, [eax+300]
006B5486 . E8 917EDDFF call 0048D31C
006B548B . 8B45 A4 mov eax, [ebp-5C]
006B548E . 8D55 A8 lea edx, [ebp-58]
006B5491 . E8 964AD5FF call 00409F2C
006B5496 . 8B45 A8 mov eax, [ebp-58]
006B5499 . 8B55 EC mov edx, [ebp-14] ; (ASCII "eT2676776943039")
006B549C . E8 77FED4FF call 00405318
006B54A1 . 74 0F je short 006B54B2
006B54A3 . B8 14566B00 mov eax, 006B5614 ; 输入注册码错误,请重新注册.
006B54A8 . E8 67BFD8FF call 00441414
006B54AD . E9 F4000000 jmp 006B55A6
006B54B2 > 33C0 xor eax, eax
006B54B4 . 55 push ebp
006B54B5 . 68 9F556B00 push 006B559F
006B54BA . 64:FF30 push dword ptr fs:[eax]
006B54BD . 64:8920 mov fs:[eax], esp
006B54C0 . B2 01 mov dl, 1
006B54C2 . A1 ECD24400 mov eax, [44D2EC]
006B54C7 . E8 8C7FD9FF call 0044D458
006B54CC . 8BD8 mov ebx, eax
006B54CE . BA 02000080 mov edx, 80000002
006B54D3 . 8BC3 mov eax, ebx
006B54D5 . E8 5A80D9FF call 0044D534
006B54DA . 8D45 F8 lea eax, [ebp-8]
006B54DD . BA 38566B00 mov edx, 006B5638 ; software\login\fsyotte
006B54E2 . E8 BDFAD4FF call 00404FA4
006B54E7 . B1 01 mov cl, 1
006B54E9 . 8B55 F8 mov edx, [ebp-8]
006B54EC . 8BC3 mov eax, ebx
006B54EE . E8 8581D9FF call 0044D678
006B54F3 . 84C0 test al, al
006B54F5 . 0F84 8E000000 je 006B5589
006B54FB . 8D4D F4 lea ecx, [ebp-C]
006B54FE . BA 58566B00 mov edx, 006B5658 ; passwd
006B5503 . 8BC3 mov eax, ebx
006B5505 . E8 1685D9FF call 0044DA20
006B550A . 837D F4 00 cmp dword ptr [ebp-C], 0
006B550E . 74 1A je short 006B552A
006B5510 . 8BC3 mov eax, ebx
006B5512 . E8 ED7FD9FF call 0044D504
006B5517 . 8BC3 mov eax, ebx
006B5519 . E8 DAEAD4FF call 00403FF8
006B551E . B8 68566B00 mov eax, 006B5668 ; 已注册过,不能再注册!
006B5523 . E8 ECBED8FF call 00441414
006B5528 . EB 5F jmp short 006B5589
006B552A > 8D55 A0 lea edx, [ebp-60]
006B552D . 8B45 FC mov eax, [ebp-4]
006B5530 . 8B80 00030000 mov eax, [eax+300]
006B5536 . E8 E17DDDFF call 0048D31C
006B553B . 8B45 A0 mov eax, [ebp-60]
006B553E . 8D55 F0 lea edx, [ebp-10]
006B5541 . E8 E649D5FF call 00409F2C
006B5546 . 8D4D EC lea ecx, [ebp-14]
006B5549 . A1 C84D7100 mov eax, [714DC8]
006B554E . 8B00 mov eax, [eax]
006B5550 . 8B55 F0 mov edx, [ebp-10]
006B5553 . E8 DC8A0400 call 006FE034
006B5558 . 8B4D EC mov ecx, [ebp-14]
006B555B . BA 58566B00 mov edx, 006B5658 ; passwd
006B5560 . 8BC3 mov eax, ebx
006B5562 . E8 8D84D9FF call 0044D9F4
006B5567 . A1 48737100 mov eax, [717348]
006B556C . E8 7364DFFF call 004AB9E4
006B5571 . B8 88566B00 mov eax, 006B5688 ; 恭喜,您已注册成功.
006B5576 . E8 99BED8FF call 00441414
006B557B . 8BC3 mov eax, ebx
006B557D . E8 827FD9FF call 0044D504
006B5582 . 8BC3 mov eax, ebx
006B5584 . E8 6FEAD4FF call 00403FF8
006B5589 > 33C0 xor eax, eax
006B558B . 5A pop edx
006B558C . 59 pop ecx
006B558D . 59 pop ecx
006B558E . 64:8910 mov fs:[eax], edx
006B5591 . 68 A6556B00 push 006B55A6
006B5596 > 8B45 FC mov eax, [ebp-4]
006B5599 . E8 625FDFFF call 004AB500
006B559E . C3 retn
006B559F .^ E9 E8F1D4FF jmp 0040478C
006B55A4 .^ EB F0 jmp short 006B5596
006B55A6 > 33C0 xor eax, eax
006B55A8 . 5A pop edx
006B55A9 . 59 pop ecx
006B55AA . 59 pop ecx
006B55AB . 64:8910 mov fs:[eax], edx
006B55AE . 68 E2556B00 push 006B55E2
006B55B3 > 8D45 A0 lea eax, [ebp-60]
006B55B6 . BA 02000000 mov edx, 2
006B55BB . E8 70F9D4FF call 00404F30
006B55C0 . 8D45 A8 lea eax, [ebp-58]
006B55C3 . BA 0E000000 mov edx, 0E
006B55C8 . E8 63F9D4FF call 00404F30
006B55CD . 8D45 E4 lea eax, [ebp-1C]
006B55D0 . BA 06000000 mov edx, 6
006B55D5 . E8 56F9D4FF call 00404F30
006B55DA . C3 retn
006B55DB .^ E9 ACF1D4FF jmp 0040478C
006B55E0 .^ EB D1 jmp short 006B55B3
006B55E2 . 5E pop esi
006B55E3 . 5B pop ebx
006B55E4 . 8BE5 mov esp, ebp
006B55E6 . 5D pop ebp
006B55E7 . C3 retn
------------------------------------------------------------------------
【破解总结】
1、由机器码运算后的字符串为D,其各字符一一对应机器码的各字符。如是数字则加48再取和的个位,如是字母则取字母的十进制的个位;
2、取D的前8位为E,后4位为C;
3、B为E×3+C8F8B的十进制;
4、设常量eT为A;
5、则注册码K=A+B+C,这里的“+”为连接符。
------------------------------------------------------------------------
【版权声明】本文纯属技术交流, 转载请注明作者信息并保持文章的完整, 谢谢! |
|
IP卡
发表于 2007-2-28 08:18:37
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2007-2-28 14:24:36
