- UID
- 1132
注册时间2005-4-20
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 无聊
2020-4-10 17:02 |
|---|
签到天数: 5 天 [LV.2]偶尔看看I
|
【破解日期】 2006年11月10日
【破解作者】 冷血书生
【作者邮箱】 meiyou
【作者主页】 hxxp://www.126sohu.com
【使用工具】 OD
【破解平台】 Win9x/NT/2000/XP
【软件名称】 XXXX专家 X.0
【下载地址】 略
【软件简介】 XXXX专家 X.0
【软件大小】 710KB
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
- 004DA467 mov eax,dword ptr ss:[ebp-78] ; 识别码
- 004DA46A lea ecx,dword ptr ss:[ebp-A0]
- 004DA470 mov dword ptr ss:[ebp-88],eax
- 004DA476 lea eax,dword ptr ss:[ebp-90]
- 004DA47C push eax
- 004DA47D push ecx
- 004DA47E mov dword ptr ss:[ebp-78],edi
- 004DA481 mov dword ptr ss:[ebp-90],8
- 004DA48B call dword ptr ds:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
- 004DA491 lea edx,dword ptr ss:[ebp-A0]
- 004DA497 lea ecx,dword ptr ss:[ebp-74]
- 004DA49A call esi
- 004DA49C lea edx,dword ptr ss:[ebp-80]
- 004DA49F lea eax,dword ptr ss:[ebp-7C]
- 004DA4A2 push edx
- 004DA4A3 push eax
- 004DA4A4 push 2
- 004DA4A6 call dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeObjList
- 004DA4AC add esp,0C
- 004DA4AF lea ecx,dword ptr ss:[ebp-90]
- 004DA4B5 call dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeVar
- 004DA4BB lea edx,dword ptr ss:[ebp-160]
- 004DA4C1 lea ecx,dword ptr ss:[ebp-90]
- 004DA4C7 mov dword ptr ss:[ebp-158],cardpro.00>
- 004DA4D1 mov dword ptr ss:[ebp-160],8
- 004DA4DB call dword ptr ds:[<&MSVBVM60.__vbaVa>; MSVBVM60.__vbaVarDup
- 004DA4E1 push edi
- 004DA4E2 lea ecx,dword ptr ss:[ebp-90]
- 004DA4E8 push -1
- 004DA4EA lea edx,dword ptr ss:[ebp-74]
- 004DA4ED push ecx
- 004DA4EE lea eax,dword ptr ss:[ebp-78]
- 004DA4F1 push edx
- 004DA4F2 push eax
- 004DA4F3 call dword ptr ds:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrVarVal
- 004DA4F9 lea ecx,dword ptr ss:[ebp-A0]
- 004DA4FF push eax ;
- 004DA500 push ecx
- 004DA501 call dword ptr ds:[<&MSVBVM60.#711>] ; MSVBVM60.rtcSplit
- 004DA507 lea edx,dword ptr ss:[ebp-A0]
- 004DA50D lea ecx,dword ptr ss:[ebp-64]
- 004DA510 call esi
- 004DA512 lea ecx,dword ptr ss:[ebp-78]
- 004DA515 call dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeStr
- 004DA51B lea ecx,dword ptr ss:[ebp-90]
- 004DA521 call dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeVar
- 004DA527 mov edx,dword ptr ds:[ebx]
- 004DA529 push ebx
- 004DA52A call dword ptr ds:[edx+304]
- 004DA530 push eax
- 004DA531 lea eax,dword ptr ss:[ebp-7C]
- 004DA534 push eax
- 004DA535 call dword ptr ds:[<&MSVBVM60.__vbaOb>; MSVBVM60.__vbaObjSet
- 004DA53B mov ebx,eax
- 004DA53D lea edx,dword ptr ss:[ebp-80]
- 004DA540 push edx
- 004DA541 push 2
- 004DA543 mov ecx,dword ptr ds:[ebx]
- 004DA545 push ebx
- 004DA546 call dword ptr ds:[ecx+40]
- 004DA549 cmp eax,edi
- 004DA54B fclex
- 004DA54D jge short cardpro.004DA55E
- 004DA54F push 40
- 004DA551 push cardpro.0040ABFC
- 004DA556 push ebx
- 004DA557 push eax
- 004DA558 call dword ptr ds:[<&MSVBVM60.__vbaHr>; MSVBVM60.__vbaHresultCheckObj
- 004DA55E mov eax,dword ptr ss:[ebp-80]
- 004DA561 lea edx,dword ptr ss:[ebp-78]
- 004DA564 push edx
- 004DA565 push eax
- 004DA566 mov ecx,dword ptr ds:[eax]
- 004DA568 mov ebx,eax
- 004DA56A call dword ptr ds:[ecx+A0]
- 004DA570 cmp eax,edi
- 004DA572 fclex
- 004DA574 jge short cardpro.004DA588
- 004DA576 push 0A0
- 004DA57B push cardpro.0040ABEC
- 004DA580 push ebx
- 004DA581 push eax
- 004DA582 call dword ptr ds:[<&MSVBVM60.__vbaHr>; MSVBVM60.__vbaHresultCheckObj
- 004DA588 mov eax,dword ptr ss:[ebp-78] ;
- 004DA58B lea ecx,dword ptr ss:[ebp-A0]
- 004DA591 mov dword ptr ss:[ebp-88],eax
- 004DA597 lea eax,dword ptr ss:[ebp-90]
- 004DA59D mov ebx,8
- 004DA5A2 push eax
- 004DA5A3 push ecx
- 004DA5A4 mov dword ptr ss:[ebp-78],edi
- 004DA5A7 mov dword ptr ss:[ebp-90],ebx
- 004DA5AD call dword ptr ds:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
- 004DA5B3 lea edx,dword ptr ss:[ebp-A0]
- 004DA5B9 lea ecx,dword ptr ss:[ebp-54]
- 004DA5BC call esi
- 004DA5BE lea edx,dword ptr ss:[ebp-80]
- 004DA5C1 lea eax,dword ptr ss:[ebp-7C]
- 004DA5C4 push edx
- 004DA5C5 mov edi,2
- 004DA5CA push eax
- 004DA5CB push edi
- 004DA5CC call dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeObjList
- 004DA5D2 add esp,0C
- 004DA5D5 lea ecx,dword ptr ss:[ebp-90]
- 004DA5DB call dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeVar
- 004DA5E1 mov edx,dword ptr ss:[ebp-24]
- 004DA5E4 mov eax,dword ptr ss:[ebp-20]
- 004DA5E7 sub esp,10
- 004DA5EA mov ecx,esp
- 004DA5EC mov dword ptr ds:[ecx],edx
- 004DA5EE mov edx,dword ptr ss:[ebp-1C]
- 004DA5F1 mov dword ptr ds:[ecx+4],eax
- 004DA5F4 mov eax,dword ptr ss:[ebp-18]
- 004DA5F7 mov dword ptr ds:[ecx+8],edx
- 004DA5FA mov dword ptr ds:[ecx+C],eax
- 004DA5FD lea ecx,dword ptr ss:[ebp-90]
- 004DA603 push ecx
- 004DA604 call cardpro.004C5650 ;
- 004DA609 lea edx,dword ptr ss:[ebp-90]
- 004DA60F lea ecx,dword ptr ss:[ebp-44]
- 004DA612 call esi
- 004DA614 sub esp,10
- 004DA617 mov ecx,edi
- 004DA619 mov edx,esp
- 004DA61B mov dword ptr ss:[ebp-160],ecx
- 004DA621 mov eax,1
- 004DA626 push 1
- 004DA628 mov dword ptr ds:[edx],ecx
- 004DA62A mov ecx,dword ptr ss:[ebp-15C]
- 004DA630 mov dword ptr ss:[ebp-158],eax
- 004DA636 mov dword ptr ds:[edx+4],ecx
- 004DA639 lea ecx,dword ptr ss:[ebp-64]
- 004DA63C push ecx
- 004DA63D mov dword ptr ds:[edx+8],eax
- 004DA640 mov eax,dword ptr ss:[ebp-154]
- 004DA646 mov dword ptr ds:[edx+C],eax ;
- 004DA649 lea edx,dword ptr ss:[ebp-90]
- 004DA64F push edx
- 004DA650 call dword ptr ds:[<&MSVBVM60.__vbaVa>; MSVBVM60.__vbaVarIndexLoad
- 004DA656 add esp,1C
- 004DA659 lea eax,dword ptr ss:[ebp-90]
- 004DA65F lea ecx,dword ptr ss:[ebp-180]
- 004DA665 lea edx,dword ptr ss:[ebp-A0]
- 004DA66B push eax
- 004DA66C push ecx
- 004DA66D push edx
- 004DA66E mov dword ptr ss:[ebp-B8],4
- 004DA678 mov dword ptr ss:[ebp-C0],edi
- 004DA67E mov dword ptr ss:[ebp-178],5
- 004DA688 mov dword ptr ss:[ebp-180],edi
- 004DA68E call dword ptr ds:[<&MSVBVM60.__vbaVa>; MSVBVM60.__vbaVarDiv /// 识别码中间部分/5
- 004DA694 mov edx,eax
- 004DA696 lea ecx,dword ptr ss:[ebp-B0]
- 004DA69C call esi
- 004DA69E lea eax,dword ptr ss:[ebp-C0]
- 004DA6A4 lea ecx,dword ptr ss:[ebp-B0]
- 004DA6AA push eax
- 004DA6AB push edi
- 004DA6AC lea edx,dword ptr ss:[ebp-D0]
- 004DA6B2 push ecx
- 004DA6B3 push edx
- 004DA6B4 call dword ptr ds:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
- 004DA6BA mov dword ptr ss:[ebp-198],65 ; 固定字符串
- 004DA6C4 lea eax,dword ptr ss:[ebp-44] ;
- 004DA6C7 push 3
- 004DA6C9 lea ecx,dword ptr ss:[ebp-100]
- 004DA6CF mov dword ptr ss:[ebp-1B0],ebx
- 004DA6D5 mov ebx,dword ptr ds:[<&MSVBVM60.#617>; MSVBVM60.rtcLeftCharVar
- 004DA6DB push eax ; 从左边开始取
- 004DA6DC push ecx
- 004DA6DD mov dword ptr ss:[ebp-1A0],edi
- 004DA6E3 mov dword ptr ss:[ebp-1A8],cardpro.00>
- 004DA6ED call ebx ; 取用户名第一位
- 004DA6EF lea edx,dword ptr ss:[ebp-44] ;
- 004DA6F2 push 4
- 004DA6F4 lea eax,dword ptr ss:[ebp-130]
- 004DA6FA push edx
- 004DA6FB push eax
- 004DA6FC mov dword ptr ss:[ebp-1B8],8
- 004DA706 mov dword ptr ss:[ebp-1C0],edi
- 004DA70C call ebx
- 004DA70E mov ebx,dword ptr ds:[<&MSVBVM60.__vb>; 取用户名第一位和第二位
- 004DA714 lea ecx,dword ptr ss:[ebp-D0]
- 004DA71A lea edx,dword ptr ss:[ebp-1A0]
- 004DA720 push ecx
- 004DA721 lea eax,dword ptr ss:[ebp-E0]
- 004DA727 push edx
- 004DA728 push eax
- 004DA729 mov dword ptr ss:[ebp-1C8],edi
- 004DA72F mov dword ptr ss:[ebp-1D0],edi
- 004DA735 call ebx ; 固定字符串101*A
- 004DA737 mov edi,dword ptr ds:[<&MSVBVM60.__vb>; MSVBVM60.__vbaVarCat
- 004DA73D lea ecx,dword ptr ss:[ebp-1B0]
- 004DA743 push eax
- 004DA744 lea edx,dword ptr ss:[ebp-F0]
- 004DA74A push ecx
- 004DA74B push edx
- 004DA74C call edi
- 004DA74E push eax
- 004DA74F lea eax,dword ptr ss:[ebp-100]
- 004DA755 lea ecx,dword ptr ss:[ebp-1C0]
- 004DA75B push eax
- 004DA75C lea edx,dword ptr ss:[ebp-110]
- 004DA762 push ecx
- 004DA763 push edx
- 004DA764 call ebx ;8*(用户名第一位)D
- 004DA766 push eax
- 004DA767 lea eax,dword ptr ss:[ebp-120]
- 004DA76D push eax
- 004DA76E call edi
- 004DA770 lea ecx,dword ptr ss:[ebp-130]
- 004DA776 push eax
- 004DA777 lea edx,dword ptr ss:[ebp-1D0]
- 004DA77D push ecx
- 004DA77E lea eax,dword ptr ss:[ebp-140]
- 004DA784 push edx
- 004DA785 push eax
- 004DA786 call ebx ; 2*(用户名第一位和第二位)D的前四位
- 004DA788 lea ecx,dword ptr ss:[ebp-150]
- 004DA78E push eax
- 004DA78F push ecx
- 004DA790 call edi
- 004DA792 mov edx,eax
- 004DA794 lea ecx,dword ptr ss:[ebp-34]
- 004DA797 call esi ; 不要以为不是明码,其实进去就可以看见了,呵呵
- 004DA799 lea edx,dword ptr ss:[ebp-120]
- 004DA79F lea eax,dword ptr ss:[ebp-130]
- 004DA7A5 push edx
- 004DA7A6 lea ecx,dword ptr ss:[ebp-F0]
- 004DA7AC push eax
- 004DA7AD lea edx,dword ptr ss:[ebp-100]
- 004DA7B3 push ecx
- 004DA7B4 lea eax,dword ptr ss:[ebp-D0]
- 004DA7BA push edx
- 004DA7BB lea ecx,dword ptr ss:[ebp-C0]
- 004DA7C1 push eax
- 004DA7C2 lea edx,dword ptr ss:[ebp-B0]
- 004DA7C8 push ecx
- 004DA7C9 lea eax,dword ptr ss:[ebp-90]
- 004DA7CF push edx
- 004DA7D0 push eax
- 004DA7D1 push 8
- 004DA7D3 call dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeVarList
- 004DA7D9 add esp,24
- 004DA7DC mov ecx,dword ptr ss:[ebp+C]
- 004DA7DF movsx eax,word ptr ds:[ecx]
- 004DA7E2 sub eax,0
- 004DA7E5 je cardpro.004DAB50
- 004DA7EB dec eax
- 004DA7EC je cardpro.004DA8DA
- 004DA7F2 dec eax
- 004DA7F3 jnz cardpro.004DAD2A
- 004DA7F9 mov eax,dword ptr ds:[4E1740]
- 004DA7FE test eax,eax
- 004DA800 jnz short cardpro.004DA816
- 004DA802 mov ebx,dword ptr ds:[<&MSVBVM60.__vb>; MSVBVM60.__vbaNew2
- 004DA808 push cardpro.004E1740
- 004DA80D push cardpro.0040B3DC
- 004DA812 call ebx
- 004DA814 jmp short cardpro.004DA81C
- 004DA816 mov ebx,dword ptr ds:[<&MSVBVM60.__vb>; MSVBVM60.__vbaNew2
- 004DA81C mov edx,dword ptr ss:[ebp+8]
- 004DA81F mov esi,dword ptr ds:[4E1740]
- 004DA825 lea eax,dword ptr ss:[ebp-7C]
- 004DA828 push edx
- 004DA829 mov edi,dword ptr ds:[esi]
- 004DA82B push eax
- 004DA82C call dword ptr ds:[<&MSVBVM60.__vbaOb>; MSVBVM60.__vbaObjSetAddref
- 004DA832 push eax
- 004DA833 push esi
- 004DA834 call dword ptr ds:[edi+10]
- 004DA837 test eax,eax
- 004DA839 fclex
- 004DA83B jge short cardpro.004DA850
- 004DA83D mov edi,dword ptr ds:[<&MSVBVM60.__vb>; MSVBVM60.__vbaHresultCheckObj
- 004DA843 push 10
- 004DA845 push cardpro.0040B3CC
- 004DA84A push esi
- 004DA84B push eax
- 004DA84C call edi
- 004DA84E jmp short cardpro.004DA856
- 004DA850 mov edi,dword ptr ds:[<&MSVBVM60.__vb>; MSVBVM60.__vbaHresultCheckObj
- 004DA856 lea ecx,dword ptr ss:[ebp-7C]
- 004DA859 call dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeObj
- 004DA85F mov eax,dword ptr ds:[4E1010]
- 004DA864 test eax,eax
- 004DA866 jnz short cardpro.004DA874
- 004DA868 push cardpro.004E1010
- 004DA86D push cardpro.0040DBB0
- 004DA872 call ebx
- 004DA874 mov esi,dword ptr ds:[4E1010]
- 004DA87A push -1
- 004DA87C push esi
- 004DA87D mov ecx,dword ptr ds:[esi]
- 004DA87F call dword ptr ds:[ecx+94]
- 004DA885 test eax,eax
- 004DA887 fclex
- 004DA889 jge short cardpro.004DA899
- 004DA88B push 94
- 004DA890 push cardpro.00409DCC
- 004DA895 push esi
- 004DA896 push eax
- 004DA897 call edi
- 004DA899 mov eax,dword ptr ds:[4E1010]
- 004DA89E test eax,eax
- 004DA8A0 jnz short cardpro.004DA8AE
- 004DA8A2 push cardpro.004E1010
- 004DA8A7 push cardpro.0040DBB0
- 004DA8AC call ebx
- 004DA8AE mov esi,dword ptr ds:[4E1010]
- 004DA8B4 push esi
- 004DA8B5 mov edx,dword ptr ds:[esi]
- 004DA8B7 call dword ptr ds:[edx+2A8]
- 004DA8BD test eax,eax
- 004DA8BF fclex
- 004DA8C1 jge cardpro.004DAD2A
- 004DA8C7 push 2A8
- 004DA8CC push cardpro.00409DCC
- 004DA8D1 push esi
- 004DA8D2 push eax
- 004DA8D3 call edi
- 004DA8D5 jmp cardpro.004DAD2A
- 004DA8DA lea eax,dword ptr ss:[ebp-54]
- 004DA8DD lea ecx,dword ptr ss:[ebp-34]
- 004DA8E0 push eax
- 004DA8E1 push ecx
- 004DA8E2 call dword ptr ds:[<&MSVBVM60.__vbaVa>; MSVBVM60.__vbaVarTstNe
- 004DA8E8 test ax,ax
- 004DA8EB je cardpro.004DA9E9 ; 爆破点
- 004DA8F1 lea edx,dword ptr ss:[ebp-90]
- 004DA8F7 push 0D
- ////////////////////////////////////////////////////////////////////////////////////////////
- ////////////////////////////////////////////////////////////////////////////////////////////
- 算法总结:
- 1) 识别码中间部分/5,取其2--5位,记为A
- 1) 固定字符串101*A = B
- 2) 8*(用户名第一位)D=C
- 3) 2*(用户名第一位和第二位)D的前四位=D
- 4) "B" - "CD" = 注册码
--------------------------------------------------------------------------------
【破解总结】
复习看题目看得眼好花,不小心又捡了软东西~~~~
--------------------------------------------------------------------------------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! |
|
IP卡
发表于 2006-11-10 14:49:15
提升卡
置顶卡
变色卡
千斤顶
显身卡
