标题:SISWare 4.2注册过程(VB)
链接:http://www.unpack.cn/viewthread.php?tid=20737
贴者:lelfei
日期:2007-12-25 18:01
SISWare 4.2(自己搜索下载地址)
软件大小:3.88 MB
SISWare是最好的Symbian应用程序安装包打包解包工具适用于任何Symbian9.x版的sis和sisx文件。
主要功能包括:
·打开SIS文件或打开PKG文件
·从sis文件中提取文件.支持多种SIS文件
·编辑SIS文件或PKG文件.生成SIS文件
·建立sis文件时可以设置选项
·批量提取sis文件
·签名或去除签名,可创建自用签名证书
前言:
复习一下VB程序的分析方法,适合初级VB CRACKER观看。
前段时间刚买了N73,找了下相关的工具,这款软件不错,但是需要序列号,干脆自己研究一下吧!
先用PEiD查看一下:Microsoft Visual Basic 5.0 / 6.0。没有壳,直接开工!
用OD载入,
用UltraStringRef插件搜索所有的Unicode字符串,
查找出错的消息框文字:"Invalid serial number, please try again",直接定位到0044A5FC,往上翻到这一段代码的起始位置。
也可以查找消息框API:rtcMsgBox来快速定位注册码处理过程。
……
00712C66 lea edx,dword ptr ss:[ebp-20]
00712C69 mov ebx,eax
00712C6B mov ecx,dword ptr ds:[ebx]
00712C6D push edx
00712C6E push ebx
00712C6F call dword ptr ds:[ecx+A0] ; 取注册码第一节s1
00712C75 fclex
00712C77 cmp eax,edi
00712C79 jge short SISWare.00712C8D
00712C7B push 0A0
00712C80 push SISWare.00435B88
00712C85 push ebx
00712C86 push eax
00712C87 call dword ptr ds:[<&MSVBVM60.__vbaHresultCheckObj>] ; MSVBVM60.__vbaHresultCheckObj
00712C8D mov eax,dword ptr ss:[ebp-20]
00712C90 push eax
00712C91 call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ; Len(s1)
00712C97 lea ecx,dword ptr ss:[ebp-20]
00712C9A mov dword ptr ss:[ebp-C4],eax
00712CA0 mov dword ptr ss:[ebp-18],1 ; 初始化循环变量i
00712CA7 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
00712CAD mov ebx,dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00712CB3 lea ecx,dword ptr ss:[ebp-34]
00712CB6 call ebx ; <&MSVBVM60.__vbaFreeObj>
00712CB8 mov edi,dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
00712CBE mov ecx,dword ptr ss:[ebp-C4] ; --------循环开始--------
00712CC4 cmp dword ptr ss:[ebp-18],ecx ; cmp i,Len(s1)
00712CC7 jg SISWare.00712EAA ; 是否达到循环次数?
00712CCD fild dword ptr ss:[ebp-18] ; i
00712CD0 cmp dword ptr ds:[751000],0
00712CD7 jnz short SISWare.00712CE1
00712CD9 fdiv qword ptr ds:[402D08] ; i/2
00712CDF jmp short SISWare.00712CF2
00712CE1 push dword ptr ds:[402D0C]
00712CE7 push dword ptr ds:[402D08]
00712CED call
00712CF2 fstp qword ptr ss:[ebp-100]
00712CF8 fild dword ptr ss:[ebp-18] ; i
00712CFB cmp dword ptr ds:[751000],0
00712D02 jnz short SISWare.00712D0C
00712D04 fdiv qword ptr ds:[402D08] ; i/2
00712D0A jmp short SISWare.00712D1D
00712D0C push dword ptr ds:[402D0C]
00712D12 push dword ptr ds:[402D08]
00712D18 call
00712D1D call dword ptr ds:[<&MSVBVM60.__vbaFPFix>] ; Fix(i/2)
00712D23 fcomp qword ptr ss:[ebp-100] ; cmp Fix(i/2),i/2
00712D29 fstsw ax
00712D2B test ah,40
00712D2E jnz SISWare.00712DE3 ; 当i为偶数时跳转
00712D34 mov edx,dword ptr ds:[esi] ; ----当i为奇数时----
00712D36 push esi
00712D37 call dword ptr ds:[edx+314]
00712D3D push eax
00712D3E lea eax,dword ptr ss:[ebp-34]
00712D41 push eax
00712D42 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
00712D48 mov eax,dword ptr ss:[ebp-34]
00712D4B mov edx,dword ptr ss:[ebp-18]
00712D4E lea ecx,dword ptr ss:[ebp-54]
00712D51 push ecx
00712D52 mov dword ptr ss:[ebp-3C],eax
00712D55 push edx
00712D56 lea eax,dword ptr ss:[ebp-44]
00712D59 push eax
00712D5A lea ecx,dword ptr ss:[ebp-64]
00712D5D push ecx
00712D5E mov dword ptr ss:[ebp-4C],1
00712D65 mov dword ptr ss:[ebp-54],2
00712D6C mov dword ptr ss:[ebp-34],0
00712D73 mov dword ptr ss:[ebp-44],9
00712D7A call dword ptr ds:[<&MSVBVM60.#632>] ; mid(s1,i,1)
00712D80 mov edx,dword ptr ss:[ebp-1C]
00712D83 push edx
00712D84 lea eax,dword ptr ss:[ebp-64]
00712D87 push eax
00712D88 lea ecx,dword ptr ss:[ebp-20]
00712D8B push ecx
00712D8C call dword ptr ds:[<&MSVBVM60.__vbaStrVarVal>] ; MSVBVM60.__vbaStrVarVal
00712D92 push eax
00712D93 call dword ptr ds:[<&MSVBVM60.#516>] ; Asc(mid(s1,i,1))
00712D99 add eax,80 ; Asc(mid(s1,i,1))+80
00712D9E push eax
00712D9F call dword ptr ds:[<&MSVBVM60.__vbaStrI2>] ; Str(Asc(mid(s1,i,1))+80)
00712DA5 mov edx,eax
00712DA7 lea ecx,dword ptr ss:[ebp-24]
00712DAA call edi
00712DAC push eax
00712DAD call dword ptr ds:[<&MSVBVM60.__vbaStrCat>] ; 保存Str
00712DB3 mov edx,eax
00712DB5 lea ecx,dword ptr ss:[ebp-1C]
00712DB8 call edi
00712DBA lea edx,dword ptr ss:[ebp-24]
00712DBD push edx
00712DBE lea eax,dword ptr ss:[ebp-20]
00712DC1 push eax
00712DC2 push 2
00712DC4 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
00712DCA add esp,0C
00712DCD lea ecx,dword ptr ss:[ebp-34]
00712DD0 call ebx
00712DD2 lea ecx,dword ptr ss:[ebp-64]
00712DD5 push ecx
00712DD6 lea edx,dword ptr ss:[ebp-54]
00712DD9 push edx
00712DDA lea eax,dword ptr ss:[ebp-44]
00712DDD push eax
00712DDE jmp SISWare.00712E8D
00712DE3 mov ecx,dword ptr ds:[esi] ; ----当i为偶数时----
00712DE5 push esi
00712DE6 call dword ptr ds:[ecx+314]
00712DEC push eax
00712DED lea edx,dword ptr ss:[ebp-34]
00712DF0 push edx
00712DF1 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
00712DF7 mov eax,dword ptr ss:[ebp-34]
00712DFA mov ecx,dword ptr ss:[ebp-18]
00712DFD mov dword ptr ss:[ebp-3C],eax
00712E00 lea eax,dword ptr ss:[ebp-54]
00712E03 push eax
00712E04 push ecx
00712E05 lea edx,dword ptr ss:[ebp-44]
00712E08 push edx
00712E09 lea eax,dword ptr ss:[ebp-64]
00712E0C push eax
00712E0D mov dword ptr ss:[ebp-4C],1
00712E14 mov dword ptr ss:[ebp-54],2
00712E1B mov dword ptr ss:[ebp-34],0
00712E22 mov dword ptr ss:[ebp-44],9
00712E29 call dword ptr ds:[<&MSVBVM60.#632>] ; mid(s1,i,1)
00712E2F mov ecx,dword ptr ss:[ebp-1C]
00712E32 push ecx
00712E33 lea edx,dword ptr ss:[ebp-64]
00712E36 push edx
00712E37 lea eax,dword ptr ss:[ebp-20]
00712E3A push eax
00712E3B call dword ptr ds:[<&MSVBVM60.__vbaStrVarVal>] ; MSVBVM60.__vbaStrVarVal
00712E41 push eax
00712E42 call dword ptr ds:[<&MSVBVM60.#516>] ; Asc(mid(s1,i,1))
00712E48 add eax,0C8 ; Asc(mid(s1,i,1))+C8
00712E4D push eax
00712E4E call dword ptr ds:[<&MSVBVM60.__vbaStrI2>] ; Str(Asc(mid(s1,i,1))+C8)
00712E54 mov edx,eax
00712E56 lea ecx,dword ptr ss:[ebp-24]
00712E59 call edi
00712E5B push eax
00712E5C call dword ptr ds:[<&MSVBVM60.__vbaStrCat>] ; 保存Str
00712E62 mov edx,eax
00712E64 lea ecx,dword ptr ss:[ebp-1C]
00712E67 call edi
00712E69 lea ecx,dword ptr ss:[ebp-24]
00712E6C push ecx
00712E6D lea edx,dword ptr ss:[ebp-20]
00712E70 push edx
00712E71 push 2
00712E73 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
00712E79 add esp,0C
00712E7C lea ecx,dword ptr ss:[ebp-34]
00712E7F call ebx
00712E81 lea eax,dword ptr ss:[ebp-64]
00712E84 push eax
00712E85 lea ecx,dword ptr ss:[ebp-54]
00712E88 push ecx
00712E89 lea edx,dword ptr ss:[ebp-44]
00712E8C push edx
00712E8D push 3
00712E8F call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
00712E95 mov ecx,dword ptr ss:[ebp-18]
00712E98 mov eax,1
00712E9D add esp,10
00712EA0 add ecx,eax
00712EA2 mov dword ptr ss:[ebp-18],ecx
00712EA5 jmp SISWare.00712CBE ; --------循环结束--------
00712EAA mov eax,dword ptr ds:[esi]
00712EAC push esi
00712EAD call dword ptr ds:[eax+318]
00712EB3 push eax
00712EB4 lea ecx,dword ptr ss:[ebp-34]
00712EB7 push ecx
00712EB8 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
00712EBE mov edx,dword ptr ds:[eax]
00712EC0 lea ecx,dword ptr ss:[ebp-20]
00712EC3 push ecx
00712EC4 push eax
00712EC5 mov dword ptr ss:[ebp-B8],eax
00712ECB call dword ptr ds:[edx+A0] ; 取注册码第二节s2
00712ED1 fclex
00712ED3 test eax,eax
00712ED5 jge short SISWare.00712EEF
00712ED7 mov edx,dword ptr ss:[ebp-B8]
00712EDD push 0A0
00712EE2 push SISWare.00435B88
00712EE7 push edx
00712EE8 push eax
00712EE9 call dword ptr ds:[<&MSVBVM60.__vbaHresultCheckObj>] ; MSVBVM60.__vbaHresultCheckObj
00712EEF mov eax,dword ptr ss:[ebp-20]
00712EF2 push eax
00712EF3 call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ; Len(s2)
00712EF9 lea ecx,dword ptr ss:[ebp-20]
00712EFC mov dword ptr ss:[ebp-CC],eax
00712F02 mov dword ptr ss:[ebp-18],1 ; 初始化循环变量i
00712F09 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
00712F0F lea ecx,dword ptr ss:[ebp-34]
00712F12 call ebx
00712F14 mov ecx,dword ptr ss:[ebp-CC] ; --------循环开始--------
00712F1A cmp dword ptr ss:[ebp-18],ecx ; cmp i,Len(s2)
00712F1D jg SISWare.007130FC ; 是否达到循环次数?
00712F23 fild dword ptr ss:[ebp-18] ; i
00712F26 cmp dword ptr ds:[751000],0
00712F2D jnz short SISWare.00712F37
00712F2F fdiv qword ptr ds:[402D08] ; i/2
00712F35 jmp short SISWare.00712F48
00712F37 push dword ptr ds:[402D0C]
00712F3D push dword ptr ds:[402D08]
00712F43 call
00712F48 fstp qword ptr ss:[ebp-108]
00712F4E fild dword ptr ss:[ebp-18] ; i
00712F51 cmp dword ptr ds:[751000],0
00712F58 jnz short SISWare.00712F62
00712F5A fdiv qword ptr ds:[402D08] ; i/2
00712F60 jmp short SISWare.00712F73
00712F62 push dword ptr ds:[402D0C]
00712F68 push dword ptr ds:[402D08]
00712F6E call
00712F73 call dword ptr ds:[<&MSVBVM60.__vbaFPFix>] ; Fix(i/2)
00712F79 fcomp qword ptr ss:[ebp-108] ; cmp Fix(i/2),i/2
00712F7F fstsw ax
00712F81 test ah,40
00712F84 jnz SISWare.00713037 ; 当i为偶数时跳转
00712F8A mov edx,dword ptr ds:[esi] ; ----当i为奇数时----
00712F8C push esi
00712F8D call dword ptr ds:[edx+318]
00712F93 push eax
00712F94 lea eax,dword ptr ss:[ebp-34]
00712F97 push eax
00712F98 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
00712F9E mov eax,dword ptr ss:[ebp-34]
00712FA1 mov edx,dword ptr ss:[ebp-18]
00712FA4 lea ecx,dword ptr ss:[ebp-54]
00712FA7 push ecx
00712FA8 mov dword ptr ss:[ebp-3C],eax
00712FAB push edx
00712FAC lea eax,dword ptr ss:[ebp-44]
00712FAF push eax
00712FB0 lea ecx,dword ptr ss:[ebp-64]
00712FB3 push ecx
00712FB4 mov dword ptr ss:[ebp-4C],1
00712FBB mov dword ptr ss:[ebp-54],2
00712FC2 mov dword ptr ss:[ebp-34],0
00712FC9 mov dword ptr ss:[ebp-44],9
00712FD0 call dword ptr ds:[<&MSVBVM60.#632>] ; mid(s2,i,1)
00712FD6 mov edx,dword ptr ss:[ebp-1C]
00712FD9 push edx
00712FDA lea eax,dword ptr ss:[ebp-64]
00712FDD push eax
00712FDE lea ecx,dword ptr ss:[ebp-20]
00712FE1 push ecx
00712FE2 call dword ptr ds:[<&MSVBVM60.__vbaStrVarVal>] ; MSVBVM60.__vbaStrVarVal
00712FE8 push eax
00712FE9 call dword ptr ds:[<&MSVBVM60.#516>] ; Asc(mid(s2,i,1))
00712FEF add eax,28 ; Asc(mid(s2,i,1))+28
00712FF2 push eax
00712FF3 call dword ptr ds:[<&MSVBVM60.__vbaStrI2>] ; Str(Asc(mid(s2,i,1))+28)
00712FF9 mov edx,eax
00712FFB lea ecx,dword ptr ss:[ebp-24]
00712FFE call edi
00713000 push eax
00713001 call dword ptr ds:[<&MSVBVM60.__vbaStrCat>] ; 保存Str
00713007 mov edx,eax
00713009 lea ecx,dword ptr ss:[ebp-1C]
0071300C call edi
0071300E lea edx,dword ptr ss:[ebp-24]
00713011 push edx
00713012 lea eax,dword ptr ss:[ebp-20]
00713015 push eax
00713016 push 2
00713018 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0071301E add esp,0C
00713021 lea ecx,dword ptr ss:[ebp-34]
00713024 call ebx
00713026 lea ecx,dword ptr ss:[ebp-64]
00713029 push ecx
0071302A lea edx,dword ptr ss:[ebp-54]
0071302D push edx
0071302E lea eax,dword ptr ss:[ebp-44]
00713031 push eax
00713032 jmp SISWare.007130DF
00713037 mov ecx,dword ptr ds:[esi] ; ----当i为偶数时----
00713039 push esi
0071303A call dword ptr ds:[ecx+318]
00713040 push eax
00713041 lea edx,dword ptr ss:[ebp-34]
00713044 push edx
00713045 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
0071304B mov eax,dword ptr ss:[ebp-34]
0071304E mov ecx,dword ptr ss:[ebp-18]
00713051 mov dword ptr ss:[ebp-3C],eax
00713054 lea eax,dword ptr ss:[ebp-54]
00713057 push eax
00713058 push ecx
00713059 lea edx,dword ptr ss:[ebp-44]
0071305C push edx
0071305D lea eax,dword ptr ss:[ebp-64]
00713060 push eax
00713061 mov dword ptr ss:[ebp-4C],1
00713068 mov dword ptr ss:[ebp-54],2
0071306F mov dword ptr ss:[ebp-34],0
00713076 mov dword ptr ss:[ebp-44],9
0071307D call dword ptr ds:[<&MSVBVM60.#632>] ; mid(s2,i,1)
00713083 mov ecx,dword ptr ss:[ebp-1C]
00713086 push ecx
00713087 lea edx,dword ptr ss:[ebp-64]
0071308A push edx
0071308B lea eax,dword ptr ss:[ebp-20]
0071308E push eax
0071308F call dword ptr ds:[<&MSVBVM60.__vbaStrVarVal>] ; MSVBVM60.__vbaStrVarVal
00713095 push eax
00713096 call dword ptr ds:[<&MSVBVM60.#516>] ; Asc(mid(s2,i,1))
0071309C add eax,3C ; Asc(mid(s2,i,1))+3C
0071309F push eax
007130A0 call dword ptr ds:[<&MSVBVM60.__vbaStrI2>] ; Str(Asc(mid(s2,i,1))+3C)
007130A6 mov edx,eax
007130A8 lea ecx,dword ptr ss:[ebp-24]
007130AB call edi
007130AD push eax
007130AE call dword ptr ds:[<&MSVBVM60.__vbaStrCat>] ; 保存Str
007130B4 mov edx,eax
007130B6 lea ecx,dword ptr ss:[ebp-1C]
007130B9 call edi
007130BB lea ecx,dword ptr ss:[ebp-24]
007130BE push ecx
007130BF lea edx,dword ptr ss:[ebp-20]
007130C2 push edx
007130C3 push 2
007130C5 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
007130CB add esp,0C
007130CE lea ecx,dword ptr ss:[ebp-34]
007130D1 call ebx
007130D3 lea eax,dword ptr ss:[ebp-64]
007130D6 push eax
007130D7 lea ecx,dword ptr ss:[ebp-54]
007130DA push ecx
007130DB lea edx,dword ptr ss:[ebp-44]
007130DE push edx
007130DF push 3
007130E1 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
007130E7 mov ecx,dword ptr ss:[ebp-18]
007130EA mov eax,1
007130EF add esp,10
007130F2 add ecx,eax
007130F4 mov dword ptr ss:[ebp-18],ecx
007130F7 jmp SISWare.00712F14 ; --------循环结束--------
007130FC mov eax,dword ptr ds:[esi]
007130FE push esi
007130FF call dword ptr ds:[eax+31C]
00713105 push eax
00713106 lea ecx,dword ptr ss:[ebp-34]
00713109 push ecx
0071310A call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
00713110 mov edx,dword ptr ds:[eax]
00713112 lea ecx,dword ptr ss:[ebp-20]
00713115 push ecx
00713116 push eax
00713117 mov dword ptr ss:[ebp-B8],eax
0071311D call dword ptr ds:[edx+A0] ; 取注册码第三节s3
00713123 fclex
00713125 test eax,eax
00713127 jge short SISWare.00713141
00713129 mov edx,dword ptr ss:[ebp-B8]
0071312F push 0A0
00713134 push SISWare.00435B88
00713139 push edx
0071313A push eax
0071313B call dword ptr ds:[<&MSVBVM60.__vbaHresultCheckObj>] ; MSVBVM60.__vbaHresultCheckObj
00713141 mov eax,dword ptr ss:[ebp-20]
00713144 push eax
00713145 call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ; Len(s3)
0071314B lea ecx,dword ptr ss:[ebp-20]
0071314E mov dword ptr ss:[ebp-D4],eax
00713154 mov dword ptr ss:[ebp-18],1 ; 初始化循环变量i
0071315B call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
00713161 lea ecx,dword ptr ss:[ebp-34]
00713164 call ebx
00713166 mov ecx,dword ptr ss:[ebp-D4] ; --------循环开始--------
0071316C cmp dword ptr ss:[ebp-18],ecx ; cmp i,Len(s3)
0071316F jg SISWare.00713352 ; 是否达到循环次数?
00713175 fild dword ptr ss:[ebp-18] ; i
00713178 cmp dword ptr ds:[751000],0
0071317F jnz short SISWare.00713189
00713181 fdiv qword ptr ds:[402D08] ; i/2
00713187 jmp short SISWare.0071319A
00713189 push dword ptr ds:[402D0C]
0071318F push dword ptr ds:[402D08]
00713195 call
0071319A fstp qword ptr ss:[ebp-110]
007131A0 fild dword ptr ss:[ebp-18] ; i
007131A3 cmp dword ptr ds:[751000],0
007131AA jnz short SISWare.007131B4
007131AC fdiv qword ptr ds:[402D08] ; i/2
007131B2 jmp short SISWare.007131C5
007131B4 push dword ptr ds:[402D0C]
007131BA push dword ptr ds:[402D08]
007131C0 call
007131C5 call dword ptr ds:[<&MSVBVM60.__vbaFPFix>] ; Fix(i/2)
007131CB fcomp qword ptr ss:[ebp-110] ; cmp Fix(i/2),i/2
007131D1 fstsw ax
007131D3 test ah,40
007131D6 jnz SISWare.0071328B ; 当i为偶数时跳转
007131DC mov edx,dword ptr ds:[esi] ; ----当i为奇数时----
007131DE push esi
007131DF call dword ptr ds:[edx+31C]
007131E5 push eax
007131E6 lea eax,dword ptr ss:[ebp-34]
007131E9 push eax
007131EA call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
007131F0 mov eax,dword ptr ss:[ebp-34]
007131F3 mov edx,dword ptr ss:[ebp-18]
007131F6 lea ecx,dword ptr ss:[ebp-54]
007131F9 push ecx
007131FA mov dword ptr ss:[ebp-3C],eax
007131FD push edx
007131FE lea eax,dword ptr ss:[ebp-44]
00713201 push eax
00713202 lea ecx,dword ptr ss:[ebp-64]
00713205 push ecx
00713206 mov dword ptr ss:[ebp-4C],1
0071320D mov dword ptr ss:[ebp-54],2
00713214 mov dword ptr ss:[ebp-34],0
0071321B mov dword ptr ss:[ebp-44],9
00713222 call dword ptr ds:[<&MSVBVM60.#632>] ; Mid(s3,i,1)
00713228 mov edx,dword ptr ss:[ebp-1C]
0071322B push edx
0071322C lea eax,dword ptr ss:[ebp-64]
0071322F push eax
00713230 lea ecx,dword ptr ss:[ebp-20]
00713233 push ecx
00713234 call dword ptr ds:[<&MSVBVM60.__vbaStrVarVal>] ; MSVBVM60.__vbaStrVarVal
0071323A push eax
0071323B call dword ptr ds:[<&MSVBVM60.#516>] ; Asc(Mid(s3,i,1))
00713241 add eax,0C8 ; Asc(Mid(s3,i,1))+C8
00713246 push eax
00713247 call dword ptr ds:[<&MSVBVM60.__vbaStrI2>] ; Str(Asc(Mid(s3,i,1))+C8)
0071324D mov edx,eax
0071324F lea ecx,dword ptr ss:[ebp-24]
00713252 call edi
00713254 push eax
00713255 call dword ptr ds:[<&MSVBVM60.__vbaStrCat>] ; 保存Str
0071325B mov edx,eax
0071325D lea ecx,dword ptr ss:[ebp-1C]
00713260 call edi
00713262 lea edx,dword ptr ss:[ebp-24]
00713265 push edx
00713266 lea eax,dword ptr ss:[ebp-20]
00713269 push eax
0071326A push 2
0071326C call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
00713272 add esp,0C
00713275 lea ecx,dword ptr ss:[ebp-34]
00713278 call ebx
0071327A lea ecx,dword ptr ss:[ebp-64]
0071327D push ecx
0071327E lea edx,dword ptr ss:[ebp-54]
00713281 push edx
00713282 lea eax,dword ptr ss:[ebp-44]
00713285 push eax
00713286 jmp SISWare.00713335
0071328B mov ecx,dword ptr ds:[esi] ; ----当i为偶数时----
0071328D push esi
0071328E call dword ptr ds:[ecx+31C]
00713294 push eax
00713295 lea edx,dword ptr ss:[ebp-34]
00713298 push edx
00713299 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
0071329F mov eax,dword ptr ss:[ebp-34]
007132A2 mov ecx,dword ptr ss:[ebp-18]
007132A5 mov dword ptr ss:[ebp-3C],eax
007132A8 lea eax,dword ptr ss:[ebp-54]
007132AB push eax
007132AC push ecx
007132AD lea edx,dword ptr ss:[ebp-44]
007132B0 push edx
007132B1 lea eax,dword ptr ss:[ebp-64]
007132B4 push eax
007132B5 mov dword ptr ss:[ebp-4C],1
007132BC mov dword ptr ss:[ebp-54],2
007132C3 mov dword ptr ss:[ebp-34],0
007132CA mov dword ptr ss:[ebp-44],9
007132D1 call dword ptr ds:[<&MSVBVM60.#632>] ; Mid(s3,i,1)
007132D7 mov ecx,dword ptr ss:[ebp-1C]
007132DA push ecx
007132DB lea edx,dword ptr ss:[ebp-64]
007132DE push edx
007132DF lea eax,dword ptr ss:[ebp-20]
007132E2 push eax
007132E3 call dword ptr ds:[<&MSVBVM60.__vbaStrVarVal>] ; MSVBVM60.__vbaStrVarVal
007132E9 push eax
007132EA call dword ptr ds:[<&MSVBVM60.#516>] ; Asc(Mid(s3,i,1))
007132F0 add eax,80 ; Asc(Mid(s3,i,1))+80
007132F5 push eax
007132F6 call dword ptr ds:[<&MSVBVM60.__vbaStrI2>] ; Str(Asc(Mid(s3,i,1))+80)
007132FC mov edx,eax
007132FE lea ecx,dword ptr ss:[ebp-24]
00713301 call edi
00713303 push eax
00713304 call dword ptr ds:[<&MSVBVM60.__vbaStrCat>] ; 保存Str
0071330A mov edx,eax
0071330C lea ecx,dword ptr ss:[ebp-1C]
0071330F call edi
00713311 lea ecx,dword ptr ss:[ebp-24]
00713314 push ecx
00713315 lea edx,dword ptr ss:[ebp-20]
00713318 push edx
00713319 push 2
0071331B call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
00713321 add esp,0C
00713324 lea ecx,dword ptr ss:[ebp-34]
00713327 call ebx
00713329 lea eax,dword ptr ss:[ebp-64]
0071332C push eax
0071332D lea ecx,dword ptr ss:[ebp-54]
00713330 push ecx
00713331 lea edx,dword ptr ss:[ebp-44]
00713334 push edx
00713335 push 3
00713337 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0071333D mov ecx,dword ptr ss:[ebp-18]
00713340 mov eax,1
00713345 add esp,10
00713348 add ecx,eax
0071334A mov dword ptr ss:[ebp-18],ecx
0071334D jmp SISWare.00713166 ; --------循环结束--------
00713352 mov eax,dword ptr ds:[esi]
00713354 push esi
00713355 call dword ptr ds:[eax+308] ; 取用户名un
0071335B lea ecx,dword ptr ss:[ebp-44]
0071335E push ecx
0071335F lea edx,dword ptr ss:[ebp-54]
00713362 push edx
00713363 mov dword ptr ss:[ebp-3C],eax
00713366 mov dword ptr ss:[ebp-44],9
0071336D call dword ptr ds:[<&MSVBVM60.#520>] ; Trim(un)
00713373 lea eax,dword ptr ss:[ebp-54]
00713376 push eax
00713377 lea ecx,dword ptr ss:[ebp-84]
0071337D push ecx
0071337E mov dword ptr ss:[ebp-7C],SISWare.00435BAC
00713385 mov dword ptr ss:[ebp-84],8008
0071338F call dword ptr ds:[<&MSVBVM60.__vbaVarTextTstEq>] ; Trim(un)=""?
00713395 lea edx,dword ptr ss:[ebp-54]
00713398 mov word ptr ss:[ebp-B8],ax
0071339F push edx
007133A0 lea eax,dword ptr ss:[ebp-44]
007133A3 push eax
007133A4 push 2
007133A6 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
007133AC add esp,0C
007133AF cmp word ptr ss:[ebp-B8],0
007133B7 je SISWare.00713449 ; un不能为空
007133BD mov esi,dword ptr ds:[<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
007133C3 mov ecx,80020004
007133C8 mov eax,0A
007133CD mov dword ptr ss:[ebp-6C],ecx
007133D0 mov dword ptr ss:[ebp-5C],ecx
007133D3 mov edi,8
007133D8 lea edx,dword ptr ss:[ebp-94]
007133DE lea ecx,dword ptr ss:[ebp-54]
007133E1 mov dword ptr ss:[ebp-74],eax
007133E4 mov dword ptr ss:[ebp-64],eax
007133E7 mov dword ptr ss:[ebp-8C],SISWare.00436BE4 ; sisware
007133F1 mov dword ptr ss:[ebp-94],edi
007133F7 call esi ; <&MSVBVM60.__vbaVarDup>
007133F9 lea edx,dword ptr ss:[ebp-84]
007133FF lea ecx,dword ptr ss:[ebp-44]
00713402 mov dword ptr ss:[ebp-7C],SISWare.0044A5C8 ; please enter your name
00713409 mov dword ptr ss:[ebp-84],edi
0071340F call esi ; <&MSVBVM60.__vbaVarDup>
00713411 lea ecx,dword ptr ss:[ebp-74]
00713414 push ecx
00713415 lea edx,dword ptr ss:[ebp-64]
00713418 push edx
00713419 lea eax,dword ptr ss:[ebp-54]
0071341C push eax
0071341D push 40
0071341F lea ecx,dword ptr ss:[ebp-44]
00713422 push ecx
00713423 call dword ptr ds:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
00713429 lea edx,dword ptr ss:[ebp-74]
0071342C push edx
0071342D lea eax,dword ptr ss:[ebp-64]
00713430 push eax
00713431 lea ecx,dword ptr ss:[ebp-54]
00713434 push ecx
00713435 lea edx,dword ptr ss:[ebp-44]
00713438 push edx
00713439 push 4
0071343B call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
00713441 add esp,14
00713444 jmp SISWare.00713678
00713449 mov edx,SISWare.0043D1A8 ; autorize1
0071344E lea ecx,dword ptr ss:[ebp-28]
00713451 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
00713457 mov edx,SISWare.00436F94 ; general
0071345C lea ecx,dword ptr ss:[ebp-24]
0071345F call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
00713465 mov edx,SISWare.00436BE4 ; sisware
0071346A lea ecx,dword ptr ss:[ebp-20]
0071346D call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
00713473 lea eax,dword ptr ss:[ebp-1C]
00713476 push eax
00713477 lea ecx,dword ptr ss:[ebp-28]
0071347A push ecx
0071347B lea edx,dword ptr ss:[ebp-24]
0071347E push edx
0071347F lea eax,dword ptr ss:[ebp-20]
00713482 push eax
00713483 lea ecx,dword ptr ss:[ebp-44]
00713486 push ecx
00713487 call SISWare.00526400 ; 建立注册表项目
0071348C lea edx,dword ptr ss:[ebp-28]
0071348F push edx
00713490 lea eax,dword ptr ss:[ebp-24]
00713493 push eax
00713494 lea ecx,dword ptr ss:[ebp-20]
00713497 push ecx
00713498 push 3
0071349A call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
007134A0 add esp,10
007134A3 lea ecx,dword ptr ss:[ebp-44]
007134A6 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
007134AC mov edx,dword ptr ss:[ebp-1C]
007134AF push edx ; Str
007134B0 push SISWare.0043D1C0 ; FixStr="21128721524917624818124817710610996112901099210895270206284179250181252178248"
007134B5 call dword ptr ds:[<&MSVBVM60.__vbaStrTextCmp>] ; MSVBVM60.__vbaStrTextCmp
007134BB neg eax
007134BD sbb eax,eax
007134BF test ax,ax
007134C2 mov word ptr ds:[7518F8],ax
007134C8 jnz SISWare.0071358E ; Str必须与FixStr相同
007134CE mov eax,dword ptr ds:[esi] ; 当Str=FixStr时:注册成功
007134D0 push esi
007134D1 call dword ptr ds:[eax+308]
007134D7 push eax
007134D8 lea ecx,dword ptr ss:[ebp-34]
007134DB push ecx
007134DC call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
007134E2 mov edx,dword ptr ds:[eax]
007134E4 lea ecx,dword ptr ss:[ebp-20]
007134E7 push ecx
007134E8 push eax
007134E9 mov dword ptr ss:[ebp-B8],eax
007134EF call dword ptr ds:[edx+A0]
007134F5 fclex
007134F7 test eax,eax
007134F9 jge short SISWare.00713513
007134FB mov edx,dword ptr ss:[ebp-B8]
00713501 push 0A0
00713506 push SISWare.00435B88
0071350B push edx
0071350C push eax
0071350D call dword ptr ds:[<&MSVBVM60.__vbaHresultCheckObj>] ; MSVBVM60.__vbaHresultCheckObj
00713513 mov edx,dword ptr ss:[ebp-20]
00713516 lea ecx,dword ptr ss:[ebp-30]
00713519 mov dword ptr ss:[ebp-20],0
00713520 call edi
00713522 mov edi,dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
00713528 mov edx,SISWare.0043D670 ; autorize2
0071352D lea ecx,dword ptr ss:[ebp-2C]
00713530 call edi ; <&MSVBVM60.__vbaStrCopy>
00713532 mov edx,SISWare.00436F94 ; general
00713537 lea ecx,dword ptr ss:[ebp-28]
0071353A call edi ; <&MSVBVM60.__vbaStrCopy>
0071353C mov edx,SISWare.00436BE4 ; sisware
00713541 lea ecx,dword ptr ss:[ebp-24]
00713544 call edi ; <&MSVBVM60.__vbaStrCopy>
00713546 lea eax,dword ptr ss:[ebp-30]
00713549 push eax
0071354A lea ecx,dword ptr ss:[ebp-2C]
0071354D push ecx
0071354E lea edx,dword ptr ss:[ebp-28]
00713551 push edx
00713552 lea eax,dword ptr ss:[ebp-24]
00713555 push eax
00713556 lea ecx,dword ptr ss:[ebp-44]
00713559 push ecx
0071355A call SISWare.00526400
0071355F lea edx,dword ptr ss:[ebp-30]
00713562 push edx
00713563 lea eax,dword ptr ss:[ebp-2C]
00713566 push eax
00713567 lea ecx,dword ptr ss:[ebp-28]
0071356A push ecx
0071356B lea edx,dword ptr ss:[ebp-24]
0071356E push edx
0071356F push 4
00713571 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
00713577 add esp,14
0071357A lea ecx,dword ptr ss:[ebp-34]
0071357D call ebx
0071357F lea ecx,dword ptr ss:[ebp-44]
00713582 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
00713588 mov ax,word ptr ds:[7518F8]
0071358E cmp ax,0FFFF ; 当Str!=FixStr时:注册失败
00713592 jnz SISWare.00713621
00713598 mov esi,dword ptr ds:[<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
0071359E mov ecx,80020004
007135A3 mov eax,0A
007135A8 mov dword ptr ss:[ebp-6C],ecx
007135AB mov dword ptr ss:[ebp-5C],ecx
007135AE mov edi,8
007135B3 lea edx,dword ptr ss:[ebp-94]
007135B9 lea ecx,dword ptr ss:[ebp-54]
007135BC mov dword ptr ss:[ebp-74],eax
007135BF mov dword ptr ss:[ebp-64],eax
007135C2 mov dword ptr ss:[ebp-8C],SISWare.00436BE4 ; sisware
007135CC mov dword ptr ss:[ebp-94],edi
007135D2 call esi ; <&MSVBVM60.__vbaVarDup>
007135D4 lea edx,dword ptr ss:[ebp-84]
007135DA lea ecx,dword ptr ss:[ebp-44]
007135DD mov dword ptr ss:[ebp-7C],SISWare.0044A5FC ; invalid serial number, please try again
007135E4 mov dword ptr ss:[ebp-84],edi
007135EA call esi ; <&MSVBVM60.__vbaVarDup>
007135EC lea eax,dword ptr ss:[ebp-74]
007135EF push eax
007135F0 lea ecx,dword ptr ss:[ebp-64]
007135F3 push ecx
007135F4 lea edx,dword ptr ss:[ebp-54]
007135F7 push edx
007135F8 push 30
007135FA lea eax,dword ptr ss:[ebp-44]
007135FD push eax
007135FE call dword ptr ds:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
……
至此注册码算法已经完成。总结注册码算法如下:
1.第一节注册码奇数位ASC值+&H80,偶数位ASC值+&HC8,并转换成十进制字符连接起来。
2.第二节注册码奇数位ASC值+&H28,偶数位ASC值+&H3C,并转换成十进制字符连接起来。
3.第三节注册码奇数位ASC值+&HC8,偶数位ASC值+&H80,并转换成十进制字符连接起来。
4.将上述三节字符串连接起来与21128721524917624818124817710610996112901099210895270206284179250181252178248比较,相等注册成功。
用VB描述流程如下:
Private Sub Command1_Click()
Const FixStr as String = "21128721524917624818124817710610996112901099210895270206284179250181252178248"
Dim i As Long, s As String, sStr As String
s = Text1.Text
For i = 1 To Len(s)
If i Mod 2 = 1 Then
sStr = sStr & (Asc(Mid$(s, i, 1)) + &H80)
Else
sStr = sStr & (Asc(Mid$(s, i, 1)) + &HC8)
End If
Next
s = Text2.Text
For i = 1 To Len(s)
If i Mod 2 = 1 Then
sStr = sStr & (Asc(Mid$(s, i, 1)) + &H28)
Else
sStr = sStr & (Asc(Mid$(s, i, 1)) + &H3C)
End If
Next
s = Text3.Text
For i = 1 To Len(s)
If i Mod 2 = 1 Then
sStr = sStr & (Asc(Mid$(s, i, 1)) + &HC8)
Else
sStr = sStr & (Asc(Mid$(s, i, 1)) + &H80)
End If
Next
If sStr = FixStr Then
MsgBox "Reg OK!"
Else
MsgBox "invalid serial number, please try again"
End If
End Sub
逆推注册码就比较容易了:
Private Sub Command2_Click()
Dim i As Long, j As Long, k As Long
Dim sStr As String
Const FixStr as String = "211287215249176248181248177106109 96112 90109 92108 95270206284179250181252178248"
For i = 1 To 3
For j = 1 To 9
k = Val(Mid$(FixStr, ((i - 1) * 9 + j - 1) * 3 + 1, 3))
If i = 1 Then
If j Mod 2 = 1 Then
sStr = sStr & Chr(k - &H80)
Else
sStr = sStr & Chr(k - &HC8)
End If
End If
If i = 2 Then
If j = 1 Then sStr = sStr & "-"
If j Mod 2 = 1 Then
sStr = sStr & Chr(k - &H28)
Else
sStr = sStr & Chr(k - &H3C)
End If
End If
If i = 3 Then
If j = 1 Then sStr = sStr & "-"
If j Mod 2 = 1 Then
sStr = sStr & Chr(k - &HC8)
Else
sStr = sStr & Chr(k - &H80)
End If
End If
Next j, i
MsgBox "RegCode is:" & vbCrLf & sStr
End Sub
注意要把上面的FixStr中加上几个空格,这样在取位时可以按对齐的3位一个数来取。
最后算出的注册码为:
---------------------------
工程1
---------------------------
RegCode is:
SWW100501-B18421407-FNT325420
---------------------------
确定
---------------------------
|
