軟件大�。� 884 KB

    軟件語言： 簡體中文

    軟件類別： 國產(chǎn)軟件 / 共享版 / 趣味軟件

    應(yīng)用平臺(tái)： Win9x/NT/2000/XP

    開 發(fā) 商： http://go3.163.com/pyeditor/

    下載地址： http://www.skycn.com/soft/6605.html

    軟件介紹：

    “浪漫情書”是一個(gè)專業(yè)級(jí)的情書編輯軟件！該軟件是用Delphi編寫的純32位軟件，程序設(shè)計(jì)精

    巧、功能強(qiáng)大、擴(kuò)充方便，不需要任何數(shù)據(jù)庫驅(qū)動(dòng)程式支持，

浪漫情書v3.11注冊(cè)算法分析

    操作簡單，你只需輕輕點(diǎn)擊幾下鼠標(biāo)就可以寫出讓你感到滿意的情書；2、可以由電腦自動(dòng)書寫情書，

    并且電腦寫出的情書也很通順；3、支持發(fā)Email功能，可使用軟件附帶的各種精美的信紙，信紙中有

    動(dòng)聽的音樂，現(xiàn)在情書也可以“有聲有色”；4、支持各種文本處理功能，包括查找、替換、復(fù)制、

    撤消、打印等；5、開放式的情話庫管理，可以自動(dòng)搜索新情話，可以自制情話庫；6、除了有詳盡的

    幫助文件之外，還有“情書精靈”及時(shí)地提醒您使用的方法；7、更多精彩功能等待您去探索……

    Cracked by eCool 2002.07.20

    一：脫殼&除去文件大小判斷

    這個(gè)軟件是用Aspack加殼的，用Caspr很容易搞定，不過脫殼后不能運(yùn)行，提示文件大小改變了，

    不過去除這個(gè)是Very Easy的，用w32dasm反匯編，自己找出錯(cuò)時(shí)的提示字符串，結(jié)果來到這：

    -------------------------------------------------------------------------------

    :004974C5 E8DAB2F6FF call 004027A4

    :004974CA 3DD0050500 cmp eax, 000505D0

    :004974CF 7F17 jg 004974E8 // 文件大小大于329168字節(jié)就Over

    :004974D1 8D85B4FEFFFF lea eax, dword ptr [ebp+FFFFFEB4]

    :004974D7 E860E0F6FF call 0040553C

    :004974DC E8C3B2F6FF call 004027A4

    :004974E1 3D18FA0400 cmp eax, 0004FA18 // 文件大小小于326168字節(jié)也Over

    :004974E6 7D3D jge 00497525

    * Referenced by a (U)nconditional or ?onditional Jump at Address:

    |:004974CF?

    |

    :004974E8 8D85B0FEFFFF lea eax, dword ptr [ebp+FFFFFEB0]

    :004974EE 8B8E90060000 mov ecx, dword ptr [esi+00000690]

    * Possible StringData Ref from Code Obj->"文件讀寫錯(cuò)誤,由于某些原因（例如：被病毒感染）

    "

    ->"改變了loveletter31.exe文件，為了保證您的電腦安"

    ->"

    全，程式將會(huì)自動(dòng)退出!

    建議您訪問下址重新下載"

    ->"“浪漫情書”軟件：

    "

    -------------------------------------------------------------------------------

    二：找注冊(cè)算法

    用DeDe來對(duì)付Delphi的程序吧，很容易來到這：

    -------------------------------------------------------------------------------

    * Reference to control Trrr.username : TFlatEdit

    |

    00488F47 8B80E0020000 mov eax, [eax+$02E0] // 取得用戶名

    |

    00488F4D E8DE5CFAFF call 0042EC30

    00488F52 8B45F0 mov eax, [ebp-$10]

    |

    00488F55 E836ADF7FF call 00403C90

    00488F5A 83F806 cmp eax, +$06 // 用戶名長度小于6則Over

    00488F5D 7D20 jnl 00488F7F

    * Possible String Reference to: ’用戶名的長度不能小于6個(gè)字符！’

    |

    00488F5F B8F4914800 mov eax, $004891F4

    |

    00488F64 E8E78AFCFF call 00451A50

    00488F69 8B45FC mov eax, [ebp-$04]

    * Reference to control Trrr.username : TFlatEdit

    |

    00488F6C 8B80E0020000 mov eax, [eax+$02E0]

    00488F72 8B10 mov edx, [eax]

    * Possible reference to virtual method TFlatEdit.OFFS_00B4

    |

    00488F74 FF92B4000000 call dword ptr [edx+$00B4]

    00488F7A E92F020000 jmp 004891AE

    00488F7F 8D55F0 lea edx, [ebp-$10]

    00488F82 8B45FC mov eax, [ebp-$04]

    * Reference to control Trrr.regcode : TFlatEdit

    |

    00488F85 8B80D0020000 mov eax, [eax+$02D0] // 取注冊(cè)碼

    |

    00488F8B E8A05CFAFF call 0042EC30

    00488F90 8B45F0 mov eax, [ebp-$10]

    |

    00488F93 E8F8ACF7FF call 00403C90 // 注冊(cè)碼為空則Over

    00488F98 48 dec eax

    00488F99 7D20 jnl 00488FBB

    * Possible String Reference to: ’請(qǐng)輸入注冊(cè)碼！’

    |

    00488F9B B81C924800 mov eax, $0048921C

    |

    00488FA0 E8AB8AFCFF call 00451A50

    00488FA5 8B45FC mov eax, [ebp-$04]

    * Reference to control Trrr.regcode : TFlatEdit

    |

    00488FA8 8B80D0020000 mov eax, [eax+$02D0]

    00488FAE 8B10 mov edx, [eax]

    * Possible reference to virtual method TFlatEdit.OFFS_00B4

    |

    00488FB0 FF92B4000000 call dword ptr [edx+$00B4]

    00488FB6 E9F3010000 jmp 004891AE

    00488FBB 8D45F8 lea eax, [ebp-$08]

    |

    00488FBE E851AAF7FF call 00403A14

    00488FC3 8D55F4 lea edx, [ebp-$0C]

    00488FC6 8B45FC mov eax, [ebp-$04]

    * Reference to control Trrr.regcode : TFlatEdit

    |

    00488FC9 8B80D0020000 mov eax, [eax+$02D0]

    |

    00488FCF E85C5CFAFF call 0042EC30

    00488FD4 8B45F4 mov eax, [ebp-$0C] // 取注冊(cè)碼長度

    |

    00488FD7 E8B4ACF7FF call 00403C90

    00488FDC 8BF0 mov esi, eax

    00488FDE 85F6 test esi, esi

    00488FE0 7C37 jl 00489019

    00488FE2 46 inc esi

    00488FE3 33DB xor ebx, ebx

    00488FE5 8B45F4 mov eax, [ebp-$0C]

    00488FE8 8A4418FF mov al, byte ptr [eax+ebx-$01]

    00488FEC 3C30 cmp al, $30 // "0"

    00488FEE 7225 jb 00489015

    00488FF0 8B55F4 mov edx, [ebp-$0C]

    00488FF3 3C39 cmp al, $39 // "9"

    00488FF5 771E jnbe 00489015

    00488FF7 8D45EC lea eax, [ebp-$14]

    00488FFA 50 push eax

    00488FFB B901000000 mov ecx, $00000001

    00489000 8BD3 mov edx, ebx

    00489002 8B45F4 mov eax, [ebp-$0C]

    |

    00489005 E88AAEF7FF call 00403E94

    0048900A 8B55EC mov edx, [ebp-$14]

    0048900D 8D45F8 lea eax, [ebp-$08]

    |

    00489010 E883ACF7FF call 00403C98

    00489015 43 inc ebx

    00489016 4E dec esi

    00489017 75CC jnz 00488FE5

    00489019 8D55F0 lea edx, [ebp-$10]

    0048901C 8B45FC mov eax, [ebp-$04]

    上面的語句用來判斷注冊(cè)碼是否都是數(shù)字

    -------------------------------------------------------------------------------

    * Reference to control Trrr.username : TFlatEdit

    |

    0048901F 8B80E0020000 mov eax, [eax+$02E0]

    |

    00489025 E8065CFAFF call 0042EC30

    0048902A 8B45F0 mov eax, [ebp-$10]

    0048902D 8D55EC lea edx, [ebp-$14]

    |

    00489030 E83BFEFFFF call 00488E70 // 進(jìn)去看看

    ---------------------------- CALL 00488E70 ----------------------------------------------

    00488E70 55 push ebp

    00488E71 8BEC mov ebp, esp

    00488E73 83C4F8 add esp, -$08

    00488E76 53 push ebx

    00488E77 56 push esi

    00488E78 57 push edi

    00488E79 33C9 xor ecx, ecx

    00488E7B 894DF8 mov [ebp-$08], ecx

    00488E7E 8BF2 mov esi, edx

    00488E80 8945FC mov [ebp-$04], eax

    00488E83 8B45FC mov eax, [ebp-$04]

    |

    00488E86 E8B9AFF7FF call 00403E44

    00488E8B 33C0 xor eax, eax

    00488E8D 55 push ebp

    * Possible String Reference to: ’榫腚_^[YY]脨U嬱3蒕QQQQQQQSVW塃?

    | 繳h迲H’

    |

    00488E8E 68118F4800 push $00488F11

    ***** TRY

    |

    00488E93 64FF30 push dword ptr fs:[eax]

    00488E96 648920 mov fs:[eax], esp

    00488E99 33DB xor ebx, ebx

    00488E9B 8D55F8 lea edx, [ebp-$08]

    * Reference to Tmainform. instance

    |

    00488E9E A1E4784A00 mov eax, dword ptr [$4A78E4]

    00488EA3 8B00 mov eax, [eax]

    * Reference to : Tmainform.GetDrvID()

    |

    00488EA5 E882D90000 call 0049682C

    00488EAA 8B55F8 mov edx, [ebp-$08] // 取用戶名

    00488EAD 8D45FC lea eax, [ebp-$04]

    00488EB0 8B4DFC mov ecx, [ebp-$04] // 取機(jī)器碼

    |

    00488EB3 E824AEF7FF call 00403CDC

    00488EB8 8B45FC mov eax, [ebp-$04] // 合并“機(jī)器碼”，“用戶名”

    // 設(shè)s=“機(jī)器碼”+“用戶名”

    |

    00488EBB E8D0ADF7FF call 00403C90 // 取s的長度

    00488EC0 8BD0 mov edx, eax

    00488EC2 85D2 test edx, edx

    00488EC4 7C17 jl 00488EDD

    00488EC6 42 inc edx

    00488EC7 33C0 xor eax, eax

    00488EC9 8B4DFC mov ecx, [ebp-$04]

    00488ECC 0FB64C01FF movzx ecx, byte ptr [ecx+eax-$01] // 依次取s中的每個(gè)字符的

    // ASCII碼

    * Reference to field TFlatEdit.OFFS_0003

    |

    00488ED1 8D7803 lea edi, [eax+$03] // edi=eax+3

    00488ED4 0FAFCF imul ecx, edi // ecx=ecx*edi

    00488ED7 03D9 add ebx, ecx // add ebx,ecx

    00488ED9 40 inc eax // eax=eax+1

    00488EDA 4A dec edx

    00488EDB 75EC jnz 00488EC9 // 有沒有取完？

    00488EDD 8BC3 mov eax, ebx // eax=ebx

    00488EDF 99 cdq

    00488EE0 33C2 xor eax, edx //

    00488EE2 2BC2 sub eax, edx // 這兩句是廢話

    // 因?yàn)閑dx=0,eax xor 0 = eax

    00488EE4 69C0C9430000 imul eax, eax, $000043C9 // eax=eax*43C9H

    00488EEA 05BBEF9505 add eax, +$0595EFBB // eax=eax+595EFBBH

    00488EEF 8BD6 mov edx, esi // 這時(shí)的eax就是注冊(cè)碼了

    ---------------------------- END CALL 00488E70 ----------------------------------------

    00489035 8B45EC mov eax, [ebp-$14]

    00489038 8B55F8 mov edx, [ebp-$08]

    |

    0048903B E860ADF7FF call 00403DA0

    00489040 0F8556010000 jnz 0048919C // 這里很眼熟吧，

    * Possible String Reference to: ’注冊(cè)成功！請(qǐng)重新啟動(dòng)浪漫情書……’

    |

    00489046 B834924800 mov eax, $00489234

    .

    .

    .

    .

    |

    004891E5 5F pop edi

    004891E6 5E pop esi

    004891E7 5B pop ebx

    004891E8 8BE5 mov esp, ebp

    004891EA 5D pop ebp

    004891EB C3 ret

    三. 注冊(cè)算法總結(jié)

    s1 = 機(jī)器碼(不為空)

    s2 = 用戶名(大于等于6個(gè)字符)

    s3 = s1跟s2合并，s1在前，s2在后

    len = s3的長度

    sn = 0

    for i=1 to len

    sn = (i+3) * (s3中的第i個(gè)字符的ASCII碼) + sn

    next i

    sn = sn + 43C9h

    sn = sn * 595EFBBh

    唉，現(xiàn)在用win2000，上班時(shí)SoftIce又不能用，只好用Ollydge揀軟柿子了，望大家見諒，

電腦資料