- UID
- 5592
注册时间2005-12-21
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 慵懒
2019-1-18 17:27 |
|---|
签到天数: 30 天 [LV.5]常住居民I
|
【破文标题】VE人事管理系统 1.5 解码分析
【破文作者】lzq1973[PYG][CZG][OCN][DFCG]
【作者邮箱】lzq9888@126.com
【作者主页】http://my.winzheng.com/?455397
【破解工具】OD、PEiD
【破解平台】WinXP
【软件名称】VE人事管理系统 1.5
【软件大小】1320KB
【原版下载】http://www.sharebank.com.cn/soft/soft_view.php?id=21892
【保护方式】SN
【软件简介】一款专为中小企业、机关事业单位精心设计的人事管理系统。
软件适用于各机关、企事业单位进行人事管理。内容涵盖人事
管理的方方面面,是人事管理人员的得力助手。
系统特色:
1.软件稳定实用,界面较友好,操作方便。
2.数据输出功能强大:
软件支持把职员列表、花名册、通信录等导出到 Microsoft Excel 2000/2003;
支持把人事信息表导出到Microsoft Word 2000/2003。
【破解声明】俺是只小小鸟,纯为学习,愿与大家分享!
------------------------------------------------------------------------
【破解过程】 查壳无,暗喜;运行之,试注册,有提示,窃喜;OD载入,查找字符串并下断,运行来到
00510280 /. 55 push ebp ; ——》断在这里
00510281 |. 8BEC mov ebp, esp
00510283 |. B9 07000000 mov ecx, 7
00510288 |> 6A 00 /push 0
0051028A |. 6A 00 |push 0
0051028C |. 49 |dec ecx
0051028D |.^ 75 F9 \jnz short 00510288
0051028F |. 53 push ebx
00510290 |. 8BD8 mov ebx, eax
00510292 |. 33C0 xor eax, eax
00510294 |. 55 push ebp
00510295 |. 68 BF045100 push 005104BF
0051029A |. 64:FF30 push dword ptr fs:[eax]
0051029D |. 64:8920 mov fs:[eax], esp
005102A0 |. 8D55 F8 lea edx, [ebp-8]
005102A3 |. 8B83 04030000 mov eax, [ebx+304]
005102A9 |. E8 1A2CF6FF call 00472EC8
005102AE |. 8B45 F8 mov eax, [ebp-8] ; (ASCII "lzq1973")
005102B1 |. 8D55 FC lea edx, [ebp-4]
005102B4 |. E8 0B88EFFF call 00408AC4
005102B9 |. 837D FC 00 cmp dword ptr [ebp-4], 0
005102BD |. 75 26 jnz short 005102E5
005102BF |. 6A 40 push 40
005102C1 |. 68 CC045100 push 005104CC ; 提示
005102C6 |. 68 D4045100 push 005104D4 ; 注册单位不能为空。
005102CB |. 8BC3 mov eax, ebx
005102CD |. E8 BE95F6FF call 00479890
005102D2 |. 50 push eax ; |hOwner
005102D3 |. E8 7870EFFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
005102D8 |. 33C0 xor eax, eax
005102DA |. 8983 4C020000 mov [ebx+24C], eax
005102E0 |. E9 62010000 jmp 00510447
005102E5 |> 8D55 F0 lea edx, [ebp-10]
005102E8 |. 8B83 0C030000 mov eax, [ebx+30C]
005102EE |. E8 D52BF6FF call 00472EC8
005102F3 |. 8B45 F0 mov eax, [ebp-10]
005102F6 |. 8D55 F4 lea edx, [ebp-C]
005102F9 |. E8 C687EFFF call 00408AC4
005102FE |. 837D F4 00 cmp dword ptr [ebp-C], 0
00510302 |. 75 26 jnz short 0051032A
00510304 |. 6A 40 push 40
00510306 |. 68 CC045100 push 005104CC ; 提示
0051030B |. 68 E8045100 push 005104E8 ; 请输入注册码。
00510310 |. 8BC3 mov eax, ebx
00510312 |. E8 7995F6FF call 00479890
00510317 |. 50 push eax ; |hOwner
00510318 |. E8 3370EFFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
0051031D |. 33C0 xor eax, eax
0051031F |. 8983 4C020000 mov [ebx+24C], eax
00510325 |. E9 1D010000 jmp 00510447
0051032A |> 8D55 E4 lea edx, [ebp-1C]
0051032D |. 8B83 04030000 mov eax, [ebx+304]
00510333 |. E8 902BF6FF call 00472EC8
00510338 |. 8B45 E4 mov eax, [ebp-1C]
0051033B |. 8D55 E8 lea edx, [ebp-18]
0051033E |. E8 8187EFFF call 00408AC4
00510343 |. 8B45 E8 mov eax, [ebp-18]
00510346 |. 8D55 EC lea edx, [ebp-14]
00510349 |. E8 A239FEFF call 004F3CF0 ; 关键CALL
0051034E |. 8B45 EC mov eax, [ebp-14] ; (ASCII "14216561")
00510351 |. 50 push eax
00510352 |. 8D55 DC lea edx, [ebp-24]
00510355 |. 8B83 0C030000 mov eax, [ebx+30C]
0051035B |. E8 682BF6FF call 00472EC8
00510360 |. 8B45 DC mov eax, [ebp-24]
00510363 |. 8D55 E0 lea edx, [ebp-20]
00510366 |. E8 5987EFFF call 00408AC4
0051036B |. 8B55 E0 mov edx, [ebp-20]
0051036E |. 58 pop eax
0051036F |. E8 7C43EFFF call 004046F0 ; 内存注册器(EAX)
00510374 74 26 je short 0051039C ; 爆破处(改变跳转后注册码会自动写入注册表)
00510376 |. 6A 40 push 40
00510378 |. 68 CC045100 push 005104CC ; 提示
0051037D |. 68 F8045100 push 005104F8 ; 注册码不正确,请重新输入。
00510382 |. 8BC3 mov eax, ebx
00510384 |. E8 0795F6FF call 00479890
00510389 |. 50 push eax ; |hOwner
0051038A |. E8 C16FEFFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
0051038F |. 33C0 xor eax, eax
00510391 |. 8983 4C020000 mov [ebx+24C], eax
00510397 |. E9 AB000000 jmp 00510447
0051039C |> 8D55 D0 lea edx, [ebp-30]
0051039F |. 8B83 04030000 mov eax, [ebx+304]
005103A5 |. E8 1E2BF6FF call 00472EC8
005103AA |. 8B45 D0 mov eax, [ebp-30]
005103AD |. 8D55 D4 lea edx, [ebp-2C]
005103B0 |. E8 0F87EFFF call 00408AC4
005103B5 |. 8B45 D4 mov eax, [ebp-2C]
005103B8 |. 8D55 D8 lea edx, [ebp-28]
005103BB |. E8 3039FEFF call 004F3CF0
005103C0 |. 8B45 D8 mov eax, [ebp-28]
005103C3 |. 50 push eax
005103C4 |. 8D55 C8 lea edx, [ebp-38]
005103C7 |. 8B83 04030000 mov eax, [ebx+304]
005103CD |. E8 F62AF6FF call 00472EC8
005103D2 |. 8B45 C8 mov eax, [ebp-38]
005103D5 |. 8D55 CC lea edx, [ebp-34]
005103D8 |. E8 E786EFFF call 00408AC4
005103DD |. 8B45 CC mov eax, [ebp-34]
005103E0 |. 5A pop edx
005103E1 |. E8 663AFEFF call 004F3E4C
005103E6 |. E8 493BFEFF call 004F3F34
005103EB |. 84C0 test al, al
005103ED |. 74 37 je short 00510426
005103EF |. 6A 40 push 40
005103F1 |. 68 CC045100 push 005104CC ; 提示
005103F6 |. 68 14055100 push 00510514 ; 注册成功!谢谢您的注册。
005103FB |. 8BC3 mov eax, ebx
005103FD |. E8 8E94F6FF call 00479890
00510402 |. 50 push eax ; |hOwner
00510403 |. E8 486FEFFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00510408 |. A1 28565100 mov eax, [515628]
0051040D |. C600 01 mov byte ptr [eax], 1
00510410 |. 8B15 6C5A5100 mov edx, [515A6C] ; HRM.005482E4
00510416 |. 8B12 mov edx, [edx]
00510418 |. A1 74565100 mov eax, [515674]
0051041D |. 8B00 mov eax, [eax]
0051041F |. E8 D42AF6FF call 00472EF8
00510424 |. EB 21 jmp short 00510447
00510426 |> 6A 40 push 40
00510428 |. 68 CC045100 push 005104CC ; 提示
0051042D |. 68 2C055100 push 0051052C ; 注册失败,请重启再试。
00510432 |. 8BC3 mov eax, ebx
00510434 |. E8 5794F6FF call 00479890
00510439 |. 50 push eax ; |hOwner
0051043A |. E8 116FEFFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
0051043F |. 33C0 xor eax, eax
00510441 |. 8983 4C020000 mov [ebx+24C], eax
00510447 |> 33C0 xor eax, eax
00510449 |. 5A pop edx
0051044A |. 59 pop ecx
0051044B |. 59 pop ecx
0051044C |. 64:8910 mov fs:[eax], edx
0051044F |. 68 C6045100 push 005104C6
00510454 |> 8D45 C8 lea eax, [ebp-38]
00510457 |. E8 883EEFFF call 004042E4
0051045C |. 8D45 CC lea eax, [ebp-34]
0051045F |. E8 803EEFFF call 004042E4
00510464 |. 8D45 D0 lea eax, [ebp-30]
00510467 |. E8 783EEFFF call 004042E4
0051046C |. 8D45 D4 lea eax, [ebp-2C]
0051046F |. BA 02000000 mov edx, 2
00510474 |. E8 8F3EEFFF call 00404308
00510479 |. 8D45 DC lea eax, [ebp-24]
0051047C |. E8 633EEFFF call 004042E4
00510481 |. 8D45 E0 lea eax, [ebp-20]
00510484 |. E8 5B3EEFFF call 004042E4
00510489 |. 8D45 E4 lea eax, [ebp-1C]
0051048C |. E8 533EEFFF call 004042E4
00510491 |. 8D45 E8 lea eax, [ebp-18]
00510494 |. BA 02000000 mov edx, 2
00510499 |. E8 6A3EEFFF call 00404308
0051049E |. 8D45 F0 lea eax, [ebp-10]
005104A1 |. E8 3E3EEFFF call 004042E4
005104A6 |. 8D45 F4 lea eax, [ebp-C]
005104A9 |. E8 363EEFFF call 004042E4
005104AE |. 8D45 F8 lea eax, [ebp-8]
005104B1 |> E8 2E3EEFFF call 004042E4
005104B6 |. 8D45 FC lea eax, [ebp-4]
005104B9 |. E8 263EEFFF call 004042E4
005104BE \. C3 retn
005104BF >^ E9 4437EFFF jmp 00403C08
005104C4 .^ EB 8E jmp short 00510454
005104C6 > 5B pop ebx
005104C7 . 8BE5 mov esp, ebp
005104C9 . 5D pop ebp
005104CA . C3 retn
================================================
004F3CF0 /$ 55 push ebp ; ——》 算法部分
004F3CF1 |. 8BEC mov ebp, esp
004F3CF3 |. 33C9 xor ecx, ecx
004F3CF5 |. 51 push ecx
004F3CF6 |. 51 push ecx
004F3CF7 |. 51 push ecx
004F3CF8 |. 51 push ecx
004F3CF9 |. 51 push ecx
004F3CFA |. 51 push ecx
004F3CFB |. 51 push ecx
004F3CFC |. 53 push ebx
004F3CFD |. 56 push esi
004F3CFE |. 57 push edi
004F3CFF |. 8955 F8 mov [ebp-8], edx
004F3D02 |. 8945 FC mov [ebp-4], eax
004F3D05 |. 8B45 FC mov eax, [ebp-4] ; (ASCII "lzq1973")
004F3D08 |. E8 870AF1FF call 00404794
004F3D0D |. 33C0 xor eax, eax
004F3D0F |. 55 push ebp
004F3D10 |. 68 3B3E4F00 push 004F3E3B
004F3D15 |. 64:FF30 push dword ptr fs:[eax]
004F3D18 |. 64:8920 mov fs:[eax], esp
004F3D1B |. 8D45 F4 lea eax, [ebp-C]
004F3D1E |. E8 C105F1FF call 004042E4
004F3D23 |. 8B45 FC mov eax, [ebp-4]
004F3D26 |. E8 7908F1FF call 004045A4
004F3D2B |. 83F8 18 cmp eax, 18 ; 长度小于24就跳走
004F3D2E |. 7E 73 jle short 004F3DA3
004F3D30 |. 8BF0 mov esi, eax
004F3D32 |. 85F6 test esi, esi
004F3D34 |. 7E 60 jle short 004F3D96 ; 用户名长大于24算法如下
004F3D36 |. BB 01000000 mov ebx, 1
004F3D3B |> 8BC3 /mov eax, ebx ; 取3的整数倍位(0除外)
004F3D3D |. B9 03000000 |mov ecx, 3
004F3D42 |. 99 |cdq
004F3D43 |. F7F9 |idiv ecx
004F3D45 |. 85D2 |test edx, edx
004F3D47 |. 75 49 |jnz short 004F3D92
004F3D49 |. 8D45 F0 |lea eax, [ebp-10]
004F3D4C |. 50 |push eax
004F3D4D |. B9 01000000 |mov ecx, 1
004F3D52 |. 8BD3 |mov edx, ebx
004F3D54 |. 8B45 FC |mov eax, [ebp-4]
004F3D57 |. E8 A80AF1FF |call 00404804
004F3D5C |. 8B45 F0 |mov eax, [ebp-10]
004F3D5F |. E8 400AF1FF |call 004047A4
004F3D64 |. 8A00 |mov al, [eax]
004F3D66 |. 8BF8 |mov edi, eax
004F3D68 |. 81E7 FF000000 |and edi, 0FF
004F3D6E |. 8BC7 |mov eax, edi
004F3D70 |. B9 62000000 |mov ecx, 62
004F3D75 |. 99 |cdq
004F3D76 |. F7F9 |idiv ecx
004F3D78 |. 8BC2 |mov eax, edx
004F3D7A |. 03C3 |add eax, ebx
004F3D7C |. 83C0 03 |add eax, 3
004F3D7F |. 8D55 EC |lea edx, [ebp-14]
004F3D82 |. E8 A550F1FF |call 00408E2C
004F3D87 |. 8B55 EC |mov edx, [ebp-14]
004F3D8A |. 8D45 F4 |lea eax, [ebp-C]
004F3D8D |. E8 1A08F1FF |call 004045AC
004F3D92 |> 43 |inc ebx
004F3D93 |. 4E |dec esi
004F3D94 |.^ 75 A5 \jnz short 004F3D3B
004F3D96 |> 8B45 F8 mov eax, [ebp-8]
004F3D99 |. 8B55 F4 mov edx, [ebp-C]
004F3D9C |. E8 9705F1FF call 00404338
004F3DA1 |. EB 75 jmp short 004F3E18
004F3DA3 |> 8BF0 mov esi, eax
004F3DA5 |. 85F6 test esi, esi
004F3DA7 |. 7E 64 jle short 004F3E0D
004F3DA9 |. BB 01000000 mov ebx, 1
004F3DAE |> 8BC3 /mov eax, ebx ; / 算法开始 ---》取第几位
004F3DB0 |. 25 01000080 |and eax, 80000001 ; | 断奇偶
004F3DB5 |. 79 05 |jns short 004F3DBC ; |
004F3DB7 |. 48 |dec eax ; |
004F3DB8 |. 83C8 FE |or eax, FFFFFFFE ; |
004F3DBB |. 40 |inc eax ; |
004F3DBC |> 85C0 |test eax, eax ; |
004F3DBE |. 74 49 |je short 004F3E09 ; | 偶位数跳走
004F3DC0 |. 8D45 E8 |lea eax, [ebp-18] ; |
004F3DC3 |. 50 |push eax ; |
004F3DC4 |. B9 01000000 |mov ecx, 1 ; |
004F3DC9 |. 8BD3 |mov edx, ebx ; |
004F3DCB |. 8B45 FC |mov eax, [ebp-4] ; | (ASCII "lzq1973")
004F3DCE |. E8 310AF1FF |call 00404804 ; |
004F3DD3 |. 8B45 E8 |mov eax, [ebp-18] ; |
004F3DD6 |. E8 C909F1FF |call 004047A4 ; |
004F3DDB |. 8A00 |mov al, [eax] ; |
004F3DDD |. 8BF8 |mov edi, eax ; |
004F3DDF |. 81E7 FF000000 |and edi, 0FF ; |
004F3DE5 |. 8BC7 |mov eax, edi ; |
004F3DE7 |. B9 62000000 |mov ecx, 62 ; |
004F3DEC |. 99 |cdq ; |
004F3DED |. F7F9 |idiv ecx ; | 62/? (字符串奇位数的16进制,取余数,令其为A)
004F3DEF |. 8BC2 |mov eax, edx ; | 如是数字取其本身
004F3DF1 |. 03C3 |add eax, ebx ; | B=A+EBX EXB初始值为1
004F3DF3 |. 83C0 03 |add eax, 3 ; | C=B+3
004F3DF6 |. 8D55 E4 |lea edx, [ebp-1C] ; |
004F3DF9 |. E8 2E50F1FF |call 00408E2C ; |
004F3DFE |. 8B55 E4 |mov edx, [ebp-1C] ; | C的十进制
004F3E01 |. 8D45 F4 |lea eax, [ebp-C] ; |
004F3E04 |. E8 A307F1FF |call 004045AC ; |
004F3E09 |> 43 |inc ebx ; | EBX=EBX+1
004F3E0A |. 4E |dec esi ; |
004F3E0B |.^ 75 A1 \jnz short 004F3DAE ; \ 循环
004F3E0D |> 8B45 F8 mov eax, [ebp-8]
004F3E10 |. 8B55 F4 mov edx, [ebp-C] ; (ASCII "14216561")
004F3E13 |. E8 2005F1FF call 00404338
004F3E18 |> 33C0 xor eax, eax
004F3E1A |. 5A pop edx
004F3E1B |. 59 pop ecx
004F3E1C |. 59 pop ecx
004F3E1D |. 64:8910 mov fs:[eax], edx
004F3E20 |. 68 423E4F00 push 004F3E42
004F3E25 |> 8D45 E4 lea eax, [ebp-1C]
004F3E28 |. BA 05000000 mov edx, 5
004F3E2D |. E8 D604F1FF call 00404308
004F3E32 |. 8D45 FC lea eax, [ebp-4]
004F3E35 |. E8 AA04F1FF call 004042E4
004F3E3A \. C3 retn
004F3E3B .^ E9 C8FDF0FF jmp 00403C08
004F3E40 .^ EB E3 jmp short 004F3E25
004F3E42 . 5F pop edi
004F3E43 . 5E pop esi
004F3E44 . 5B pop ebx
004F3E45 . 8BE5 mov esp, ebp
004F3E47 . 5D pop ebp
004F3E48 . C3 retn
===========================================
004F3F34 /$ 55 push ebp ; ——》注册信息
004F3F35 |. 8BEC mov ebp, esp
004F3F37 |. B9 04000000 mov ecx, 4
004F3F3C |> 6A 00 /push 0
004F3F3E |. 6A 00 |push 0
004F3F40 |. 49 |dec ecx
004F3F41 |.^ 75 F9 \jnz short 004F3F3C
004F3F43 |. 51 push ecx
004F3F44 |. 33C0 xor eax, eax
004F3F46 |. 55 push ebp
004F3F47 |. 68 49404F00 push 004F4049
004F3F4C |. 64:FF30 push dword ptr fs:[eax]
004F3F4F |. 64:8920 mov fs:[eax], esp
004F3F52 |. C645 FF 00 mov byte ptr [ebp-1], 0
004F3F56 |. B2 01 mov dl, 1
004F3F58 |. A1 F4194400 mov eax, [4419F4]
004F3F5D |. E8 92DBF4FF call 00441AF4
004F3F62 |. 8945 F8 mov [ebp-8], eax
004F3F65 |. 33C0 xor eax, eax
004F3F67 |. 55 push ebp
004F3F68 |. 68 27404F00 push 004F4027
004F3F6D |. 64:FF30 push dword ptr fs:[eax]
004F3F70 |. 64:8920 mov fs:[eax], esp
004F3F73 |. BA 03000080 mov edx, 80000003
004F3F78 |. 8B45 F8 mov eax, [ebp-8]
004F3F7B |. E8 14DCF4FF call 00441B94
004F3F80 |. B1 01 mov cl, 1
004F3F82 |. BA 60404F00 mov edx, 004F4060 ; ASCII "\.DEFAULT\Software\HJSoft"
004F3F87 |. 8B45 F8 mov eax, [ebp-8]
004F3F8A |. E8 69DCF4FF call 00441BF8
004F3F8F |. 84C0 test al, al
004F3F91 |. 74 7E je short 004F4011
004F3F93 |. 8D4D EC lea ecx, [ebp-14]
004F3F96 |. BA 84404F00 mov edx, 004F4084 ; ASCII "UserName"
004F3F9B |. 8B45 F8 mov eax, [ebp-8]
004F3F9E |. E8 1DDEF4FF call 00441DC0
004F3FA3 |. 8B45 EC mov eax, [ebp-14]
004F3FA6 |. 8D55 F4 lea edx, [ebp-C]
004F3FA9 |. E8 164BF1FF call 00408AC4
004F3FAE |. 8D4D E8 lea ecx, [ebp-18]
004F3FB1 |. BA 98404F00 mov edx, 004F4098 ; ASCII "RegCode"
004F3FB6 |. 8B45 F8 mov eax, [ebp-8]
004F3FB9 |. E8 02DEF4FF call 00441DC0
004F3FBE |. 8B45 E8 mov eax, [ebp-18]
004F3FC1 |. 8D55 F0 lea edx, [ebp-10]
004F3FC4 |. E8 FB4AF1FF call 00408AC4
004F3FC9 |. 8B45 F8 mov eax, [ebp-8]
004F3FCC |. E8 93DBF4FF call 00441B64
004F3FD1 |. 837D F0 00 cmp dword ptr [ebp-10], 0
004F3FD5 |. 74 3A je short 004F4011
004F3FD7 |. 837D F4 00 cmp dword ptr [ebp-C], 0
004F3FDB |. 74 34 je short 004F4011
004F3FDD |. 8D55 E0 lea edx, [ebp-20]
004F3FE0 |. 8B45 F4 mov eax, [ebp-C]
004F3FE3 |. E8 DC4AF1FF call 00408AC4
004F3FE8 |. 8B45 E0 mov eax, [ebp-20]
004F3FEB |. 8D55 E4 lea edx, [ebp-1C]
004F3FEE |. E8 FDFCFFFF call 004F3CF0
004F3FF3 |. 8B45 E4 mov eax, [ebp-1C]
004F3FF6 |. 50 push eax
004F3FF7 |. 8D55 DC lea edx, [ebp-24]
004F3FFA |. 8B45 F0 mov eax, [ebp-10]
004F3FFD |. E8 C24AF1FF call 00408AC4
004F4002 |. 8B55 DC mov edx, [ebp-24]
004F4005 |. 58 pop eax
004F4006 |. E8 E506F1FF call 004046F0
004F400B |. 75 04 jnz short 004F4011
004F400D |. C645 FF 01 mov byte ptr [ebp-1], 1
004F4011 |> 33C0 xor eax, eax
004F4013 |. 5A pop edx
004F4014 |. 59 pop ecx
004F4015 |. 59 pop ecx
004F4016 |. 64:8910 mov fs:[eax], edx
004F4019 |. 68 2E404F00 push 004F402E
004F401E |> 8B45 F8 mov eax, [ebp-8]
004F4021 |. E8 4EF4F0FF call 00403474
004F4026 \. C3 retn
004F4027 .^ E9 DCFBF0FF jmp 00403C08
004F402C .^ EB F0 jmp short 004F401E
004F402E . 33C0 xor eax, eax
004F4030 . 5A pop edx
004F4031 . 59 pop ecx
004F4032 . 59 pop ecx
004F4033 . 64:8910 mov fs:[eax], edx
004F4036 . 68 50404F00 push 004F4050
004F403B > 8D45 DC lea eax, [ebp-24]
004F403E . BA 07000000 mov edx, 7
004F4043 . E8 C002F1FF call 00404308
004F4048 . C3 retn
004F4049 .^ E9 BAFBF0FF jmp 00403C08
004F404E .^ EB EB jmp short 004F403B
004F4050 . 8A45 FF mov al, [ebp-1]
004F4053 . 8BE5 mov esp, ebp
004F4055 . 5D pop ebp
004F4056 . C3 retn
------------------------------------------------------------------------
【破解总结】
明码比较,注册码计算有两种(用户名长度大于24是另一算注),这里以小于24为例。
1、取用户名长度的奇位字符(大于24位的取3的整数倍);
2、当前字符的16进制(令其为A,数字取本身)除以62取余数+EBX+3为对应的注册码部分;
3、各部分相连即为注册码。
注:EBX=EBX+1
=========================================
注册名:lzq1973[PYG][CZG][OCN][DFCG][D.4s]
注册码:2164921081081121029510110153
------------------------------------------------------------------------
【版权声明】本文纯属技术交流, 转载请注明作者信息并保持文章的完整, 谢谢! |
|
IP卡
发表于 2007-8-7 17:13:01
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2007-8-7 20:42:16
发表于 2007-8-7 20:54:30
发表于 2012-4-1 21:34:45
发表于 2012-5-26 19:21:12
发表于 2016-7-2 14:50:47