Ollydbg——轻松文本 2009 V6.13

下载页面： http://www.skycn.com/soft/5977.html<;br>
【软件限制】：NAG、功能限制 
【作者声明】：初学Crack，只是感兴趣，没有其它目的。失误之处敬请诸位大侠赐教！ 
【破解工具】：Ollydbg1.09、PEiD、AspackDie、W32Dasm 9.0白金版 
————————————————————————————————— 
【过 程】： 
 
其实这个东东数10天前就做了，因为太忙，今天才把笔记整理出来，呵呵，作者也快升级了吧？ 
顺便看了一下同门的《英语音标大师 V1.02》，算法是一样的，就没必要写了。^O^ ^O^ 
easypad.exe 是ASPack 2.12壳，用AspackDie脱之。169K->732K。 VB 编写。 
这个东东不算难，只是有些方面不好掌握。 ~Q~ ^Q^ ^v^ ^v^ 
 
序列号：FLYN649065455613 
试炼码：fly-12345678-fly[OCN][FCG]-E 
————————————————————————————————— 
* Reference To: MSVBVM60.rtcInputBox, Ord:0254h 
 
:004620D2 FF15FC104000 Call dword ptr [004010FC] 
:004620D8 8BD0 mov edx, eax 
 ====>EDX=fly-12345678-fly[OCN][FCG]-E 试炼码 
 
:004620DA 8D4DA8 lea ecx, dword ptr [ebp-58] 
:004620DD FFD6 call esi 
:004620DF 8BD0 mov edx, eax 
:004620E1 8B8D78FEFFFF mov ecx, dword ptr [ebp+FFFFFE78] 
 
* Reference To: MSVBVM60.__vbaStrCopy, Ord:0000h 
 | 
:004620E7 FF15D4124000 Call dword ptr [004012D4] 
:004620ED 8D55A4 lea edx, dword ptr [ebp-5C] 
:004620F0 52 push edx 
 
............................................. 
.............. 
 
 
* Reference To: MSVBVM60.__vbaFreeVarList, Ord:0000h 
 | 
:00462161 FF1544104000 Call dword ptr [00401044] 
:00462167 83C45C add esp, 0000005C 
:0046216A 8B0B mov ecx, dword ptr [ebx] 
:0046216C 8D95C8FEFFFF lea edx, dword ptr [ebp+FFFFFEC8] 
:00462172 52 push edx 
:00462173 8B8578FEFFFF mov eax, dword ptr [ebp+FFFFFE78] 
:00462179 50 push eax 
:0046217A 53 push ebx 
:0046217B FF9128070000 call dword ptr [ecx+00000728] 
 ====>关键CALL！进入！ 
 
:00462181 85C0 test eax, eax 
:00462183 7D12 jge 00462197 
:00462185 6828070000 push 00000728 
:0046218A 688C574200 push 0042578C 
:0046218F 53 push ebx 
:00462190 50 push eax 
 
* Reference To: MSVBVM60.__vbaHresultCheckObj, Ord:0000h 
 | 
:00462191 FF15A4104000 Call dword ptr [004010A4] 
 
* Referenced by a (U)nconditional or (C)onditional Jump at Address: 
|:00462183(C) 
| 
:00462197 6683BDC8FEFFFF00 cmp word ptr [ebp+FFFFFEC8], 0000 
:0046219F 0F84C3030000 je 00462568 
 ====>跳则OVER！ 
 
:004621A5 8D4D8C lea ecx, dword ptr [ebp-74] 
:004621A8 51 push ecx 
 
* Reference To: MSVBVM60.rtcGetDateVar, Ord:0262h 
 | 
:004621A9 FF1524134000 Call dword ptr [00401324] 
:004621AF 6A00 push 00000000 
:004621B1 8D558C lea edx, dword ptr [ebp-74] 
:004621B4 52 push edx 
:004621B5 8D857CFFFFFF lea eax, dword ptr [ebp+FFFFFF7C] 
:004621BB 50 push eax 
 
................................... 
......................... 
 
:004622C3 8D856CFFFFFF lea eax, dword ptr [ebp+FFFFFF6C] 
:004622C9 50 push eax 
:004622CA 8D8D7CFFFFFF lea ecx, dword ptr [ebp+FFFFFF7C] 
:004622D0 51 push ecx 
:004622D1 8D558C lea edx, dword ptr [ebp-74] 
:004622D4 52 push edx 
 
* Reference To: MSVBVM60.rtcInputBox, Ord:0254h 
 | 
:004622D5 FF15FC104000 Call dword ptr [004010FC] 
 ====>恭喜完成！输入确认号码！7055 
 
:004622DB 8BD0 mov edx, eax 
 ====>EDX=7055 
 
:004622DD 8D4DC8 lea ecx, dword ptr [ebp-38] 
:004622E0 FFD6 call esi 
:004622E2 50 push eax 
 
* Reference To: MSVBVM60.__vbaR8Str, Ord:0000h 
 | 
:004622E3 FF15C0124000 Call dword ptr [004012C0] 
:004622E9 DB437C fild dword ptr [ebx+7C] 
:004622EC DD9D70FEFFFF fstp qword ptr [ebp+FFFFFE70] 
:004622F2 DC9D70FEFFFF fcomp qword ptr [ebp+FFFFFE70] 
 ====>比较确认号码是否是7055？ 
 
:004622F8 DFE0 fstsw ax 
:004622FA F6C440 test ah, 40 
:004622FD 7407 je 00462306 
:004622FF B801000000 mov eax, 00000001 
:00462304 EB02 jmp 00462308 
 
* Referenced by a (U)nconditional or (C)onditional Jump at Address: 
|:004622FD(C) 
| 
:00462306 33C0 xor eax, eax 
 
* Referenced by a (U)nconditional or (C)onditional Jump at Address: 
|:00462304(U) 
| 
:00462308 F7D8 neg eax 
:0046230A 668BF0 mov si, ax 
:0046230D 8D45C8 lea eax, dword ptr [ebp-38] 
:00462310 50 push eax 
:00462311 8D4DCC lea ecx, dword ptr [ebp-34] 
:00462314 51 push ecx 
:00462315 6A02 push 00000002 
 
* Reference To: MSVBVM60.__vbaFreeStrList, Ord:0000h 
 | 
:00462317 FF15E4124000 Call dword ptr [004012E4] 
:0046231D 8D952CFFFFFF lea edx, dword ptr [ebp+FFFFFF2C] 
:00462323 52 push edx 
:00462324 8D853CFFFFFF lea eax, dword ptr [ebp+FFFFFF3C] 
:0046232A 50 push eax 
:0046232B 8D8D4CFFFFFF lea ecx, dword ptr [ebp+FFFFFF4C] 
:00462331 51 push ecx 
:00462332 8D955CFFFFFF lea edx, dword ptr [ebp+FFFFFF5C] 
:00462338 52 push edx 
:00462339 8D856CFFFFFF lea eax, dword ptr [ebp+FFFFFF6C] 
:0046233F 50 push eax 
:00462340 8D8D7CFFFFFF lea ecx, dword ptr [ebp+FFFFFF7C] 
:00462346 51 push ecx 
:00462347 8D558C lea edx, dword ptr [ebp-74] 
:0046234A 52 push edx 
:0046234B 6A07 push 00000007 
 
* Reference To: MSVBVM60.__vbaFreeVarList, Ord:0000h 
 | 
:0046234D FF1544104000 Call dword ptr [00401044] 
:00462353 83C42C add esp, 0000002C 
:00462356 6685F6 test si, si 
:00462359 0F8409020000 je 00462568 
:0046235F 8B8578FEFFFF mov eax, dword ptr [ebp+FFFFFE78] 
:00462365 8B08 mov ecx, dword ptr [eax] 
:00462367 51 push ecx 
 
* Possible StringData Ref from Code Obj ->"rregnumber" 
 | 
:00462368 6870684200 push 00426870 
 
* Possible StringData Ref from Code Obj ->"rregist" 
 | 
:0046236D 685C684200 push 0042685C 
 
* Possible StringData Ref from Code Obj ->"eeasypad" 
 | 
:00462372 68E8634200 push 004263E8 
 
* Reference To: MSVBVM60.rtcSaveSetting, Ord:02B2h 
 | 
:00462377 FF150C104000 Call dword ptr [0040100C] 
 ====>保存注册信息！ 
 
:0046237D E9E6010000 jmp 00462568 
 
 
————————————————————————————————— 
进入关键CALL：0046217B call dword ptr [ecx+00000728] 
 
…… ……省略…… …… 
 
:004724A8 FFD3 call ebx 
:004724AA 50 push eax 
 
* Possible StringData Ref from Code Obj ->"CC:\" 
 | 
:004724AB 68A4974200 push 004297A4 
:004724B0 8D45CC lea eax, dword ptr [ebp-34] 
:004724B3 50 push eax 
:004724B4 FFD3 call ebx 
:004724B6 50 push eax 
:004724B7 E8EC30FBFF call 004255A8 
 
* Reference To: MSVBVM60.__vbaSetSystemError, Ord:0000h 
 | 
:004724BC FF1598104000 Call dword ptr [00401098] 
:004724C2 8B4DC8 mov ecx, dword ptr [ebp-38] 
 
* Reference To: MSVBVM60.__vbaStrToUnicode, Ord:0000h 
 | 
:004724C5 8B1D38124000 mov ebx, dword ptr [00401238] 
:004724CB 51 push ecx 
:004724CC 8D55C4 lea edx, dword ptr [ebp-3C] 
:004724CF 52 push edx 
:004724D0 FFD3 call ebx 
:004724D2 50 push eax 
:004724D3 8B45DC mov eax, dword ptr [ebp-24] 
:004724D6 50 push eax 
:004724D7 57 push edi 
 
* Reference To: MSVBVM60.__vbaLsetFixstr, Ord:0000h 
 | 
:004724D8 FF1594104000 Call dword ptr [00401094] 
:004724DE 8B4DC0 mov ecx, dword ptr [ebp-40] 
:004724E1 51 push ecx 
:004724E2 8D55BC lea edx, dword ptr [ebp-44] 
:004724E5 52 push edx 
:004724E6 FFD3 call ebx 
:004724E8 50 push eax 
:004724E9 8B45D8 mov eax, dword ptr [ebp-28] 
:004724EC 50 push eax 
:004724ED 57 push edi 
 
* Reference To: MSVBVM60.__vbaLsetFixstr, Ord:0000h 
 | 
:004724EE FF1594104000 Call dword ptr [00401094] 
:004724F4 8D4DBC lea ecx, dword ptr [ebp-44] 
:004724F7 51 push ecx 
:004724F8 8D55C0 lea edx, dword ptr [ebp-40] 
:004724FB 52 push edx 
:004724FC 8D45C4 lea eax, dword ptr [ebp-3C] 
:004724FF 50 push eax 
:00472500 8D4DC8 lea ecx, dword ptr [ebp-38] 
:00472503 51 push ecx 
:00472504 8D55CC lea edx, dword ptr [ebp-34] 
:00472507 52 push edx 
:00472508 6A05 push 00000005 
 
* Reference To: MSVBVM60.__vbaFreeStrList, Ord:0000h 
 | 
:0047250A FF15E4124000 Call dword ptr [004012E4] 
:00472510 8B5D0C mov ebx, dword ptr [ebp+0C] 
:00472513 8B03 mov eax, dword ptr [ebx] 
 ====>EAX=fly-12345678-fly[OCN][FCG]-E 试炼码 
 
:00472515 83C418 add esp, 00000018 
:00472518 6A01 push 00000001 
:0047251A 6AFF push FFFFFFFF 
:0047251C 6A01 push 00000001 
:0047251E 68D0654200 push 004265D0 
:00472523 68CC754200 push 004275CC 
:00472528 50 push eax 
 
* Reference To: MSVBVM60.rtcReplace, Ord:02C8h 
 | 
:00472529 FF152C124000 Call dword ptr [0040122C] 
 ====>去除试炼码中的- 
 
:0047252F 8BD0 mov edx, eax 
 ====>EDX=fly12345678fly[OCN][FCG]E 
 
:00472531 8D4DD4 lea ecx, dword ptr [ebp-2C] 
 
* Reference To: MSVBVM60.__vbaStrMove, Ord:0000h 
 | 
:00472534 FF1578134000 Call dword ptr [00401378] 
:0047253A 8B0B &