下載頁(yè)面：  http://www.skycn.com/soft/10083.html
【軟件限制】：功能限制
【作者聲明】：初學(xué)Crack，只是感興趣，沒(méi)有其它目的。失誤之處敬請(qǐng)諸位大俠賜教！
【破解工具】：TRW2000娃娃修改版、Ollydbg1.09、W32Dasm 9.0白金版
—————————————————————————————————  
【過(guò)    程】：
  
其實(shí)“搜易”系列軟件的算法都是差不多的，只是其商業(yè)軟件大部分放出來(lái)的是不完全版本。
很簡(jiǎn)單的東西，因?yàn)橛信笥岩P記，所以寫(xiě)了一下，沒(méi)有什么價(jià)值。
adslwebserverV12.exe 無(wú)殼。Borland Delphi 6.0 編寫(xiě)。

序列號(hào)：204706460
試煉碼：13572468
—————————————————————————————————  
查看作者給的提示，很容易就找到下面的地方：
* Possible StringData Ref from Code Obj ->"00000000"
                                 |
:004B3AB2 BAE03B4B00              mov edx, 004B3BE0
:004B3AB7 E8B40DF5FF              call 00404870
:004B3ABC 8D4DF4                  lea ecx, dword ptr [ebp-0C]

* Possible StringData Ref from Code Obj ->"請(qǐng)輸入您的軟件注冊(cè)碼"
                                 |
:004B3ABF BAF43B4B00              mov edx, 004B3BF4

* Possible StringData Ref from Code Obj ->"登記注冊(cè)"
                                 |
:004B3AC4 B8143C4B00              mov eax, 004B3C14
:004B3AC9 E80A8FF8FF              call 0043C9D8
:004B3ACE 3C01                    cmp al, 01
:004B3AD0 0F85D5000000            jne 004B3BAB
:004B3AD6 8D55E0                  lea edx, dword ptr [ebp-20]
:004B3AD9 8B45F4                  mov eax, dword ptr [ebp-0C]
                                 ====>EAX=13572468          試煉碼

:004B3ADC E8CB51F5FF              call 00408CAC
:004B3AE1 8B45E0                  mov eax, dword ptr [ebp-20]
:004B3AE4 E89754F5FF              call 00408F80
                                 ====>取試煉碼13572468的16進(jìn)制值

:004B3AE9 8945F8                  mov dword ptr [ebp-08], eax
                                 ====>[ebp-08]=00CF1974（H）=13572468（D）

:004B3AEC 8955FC                  mov dword ptr [ebp-04], edx
:004B3AEF 6A00                    push 00000000
:004B3AF1 6A45                    push 00000045
:004B3AF3 8B45F8                  mov eax, dword ptr [ebp-08]
:004B3AF6 8B55FC                  mov edx, dword ptr [ebp-04]
:004B3AF9 E8BA1CF5FF              call 004057B8
                                 ====>這里面除以45
                                 ====>EAX=00CF1974 / 45=0003005E

:004B3AFE 8945F8                  mov dword ptr [ebp-08], eax
:004B3B01 8955FC                  mov dword ptr [ebp-04], edx
:004B3B04 8B45F8                  mov eax, dword ptr [ebp-08]
:004B3B07 8B55FC                  mov edx, dword ptr [ebp-04]
:004B3B0A 2D983D0100              sub eax, 00013D98
                                 ====>EAX=0003005E - 00013D98=0001C2C6

:004B3B0F 83DA00                  sbb edx, 00000000
:004B3B12 8945F8                  mov dword ptr [ebp-08], eax
                                 ====>[ebp-08]=EAX=0001C2C6

:004B3B15 8955FC                  mov dword ptr [ebp-04], edx
:004B3B18 8D45E4                  lea eax, dword ptr [ebp-1C]
:004B3B1B E8A4DDFFFF              call 004B18C4
                                 ====>取CPUID  =00000F13

:004B3B20 8B4DE4                  mov ecx, dword ptr [ebp-1C]
:004B3B23 8BC1                    mov eax, ecx
:004B3B25 99                      cdq
:004B3B26 3B55FC                  cmp edx, dword ptr [ebp-04]
:004B3B29 756B                    jne 004B3B96
:004B3B2B 3B45F8                  cmp eax, dword ptr [ebp-08]
                                 ====>比較了！相等則OK！     ^O^ ^O^
                                 ====>EAX=00000F13
                                 ====>[ebp-08]=0001C2C6

:004B3B2E 7566                    jne 004B3B96
                                 ====>跳則OVER！

:004B3B30 33D2                    xor edx, edx
:004B3B32 8B83C4030000            mov eax, dword ptr [ebx+000003C4]
:004B3B38 8B08                    mov ecx, dword ptr [eax]
:004B3B3A FF5164                  call [ecx+64]
:004B3B3D B201                    mov dl, 01
:004B3B3F 8B8304030000            mov eax, dword ptr [ebx+00000304]
:004B3B45 8B08                    mov ecx, dword ptr [eax]
:004B3B47 FF5164                  call [ecx+64]

* Possible StringData Ref from Code Obj ->"已注冊(cè)登記版本"
                                 |
:004B3B4A BA283C4B00              mov edx, 004B3C28
:004B3B4F 8B83C0030000            mov eax, dword ptr [ebx+000003C0]
:004B3B55 E846F8F8FF              call 004433A0
:004B3B5A 8B837C030000            mov eax, dword ptr [ebx+0000037C]
:004B3B60 C7400C09000000          mov [eax+0C], 00000009
:004B3B67 33D2                    xor edx, edx
:004B3B69 8B83CC030000            mov eax, dword ptr [ebx+000003CC]
:004B3B6F E82CF8F8FF              call 004433A0
:004B3B74 8B83EC030000            mov eax, dword ptr [ebx+000003EC]
:004B3B7A E831E2FCFF              call 00481DB0
:004B3B7F 6A00                    push 00000000
:004B3B81 668B0D383C4B00          mov cx, word ptr [004B3C38]
:004B3B88 B202                    mov dl, 02

* Possible StringData Ref from Code Obj ->"軟件登記注冊(cè)成功"

:004B3B8A B8443C4B00              mov eax, 004B3C44
:004B3B8F E8288DF8FF              call 0043C8BC
                                 ====>呵呵，勝利女神！

:004B3B94 EB15                    jmp 004B3BAB

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004B3B29(C), :004B3B2E(C)
|
:004B3B96 6A00                    push 00000000
:004B3B98 668B0D383C4B00          mov cx, word ptr [004B3C38]
:004B3B9F B201                    mov dl, 01

* Possible StringData Ref from Code Obj ->"軟件注冊(cè)號(hào)錯(cuò)誤"

:004B3BA1 B8603C4B00              mov eax, 004B3C60
:004B3BA6 E8118DF8FF              call 0043C8BC
                                 ====>BAD BOY！

是否需要簡(jiǎn)單求逆注冊(cè)碼？NO！其實(shí)作者已經(jīng)幫我們把注冊(cè)碼算好了！ ^O^ ^O^
—————————————————————————————————
下面是程序啟動(dòng)時(shí)攔截的：

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B1AEB(C)
|
:004B1B20 8B45FC                  mov eax, dword ptr [ebp-04]
:004B1B23 8B80C4030000            mov eax, dword ptr [eax+000003C4]
:004B1B29 8B10                    mov edx, dword ptr [eax]
:004B1B2B FF5250                  call [edx+50]
:004B1B2E 3C01                    cmp al, 01
:004B1B30 0F8596000000            jne 004B1BCC
:004B1B36 8D45DC                  lea eax, dword ptr [ebp-24]
:004B1B39 E886FDFFFF              call 004B18C4
                                 ====>取CPUID

:004B1B3E 8B45DC                  mov eax, dword ptr [ebp-24]
                                 ====>EAX=0F13               CPUID

:004B1B41 99                      cdq
:004B1B42 8945F0                  mov dword ptr [ebp-10], eax
:004B1B45 8955F4                  mov dword ptr [ebp-0C], edx
:004B1B48 8B45F0                  mov eax, dword ptr [ebp-10]
:004B1B4B 8B55F4                  mov edx, dword ptr [ebp-0C]
:004B1B4E 05983D0100              add eax, 00013D98
                                 ====>EAX=0F13 + 00013D98=00014CAB

:004B1B53 83D200                  adc edx, 00000000
:004B1B56 8945F0                  mov dword ptr [ebp-10], eax
:004B1B59 8955F4                  mov dword ptr [ebp-0C], edx
:004B1B5C 6A00                    push 00000000
:004B1B5E 6A45                    push 00000045
:004B1B60 8B45F0                  mov eax, dword ptr [ebp-10]
:004B1B63 8B55F4                  mov edx, dword ptr [ebp-0C]
:004B1B66 E8293CF5FF              call 00405794
                                 ====>這里面乘以45，所得結(jié)果的10進(jìn)制值其實(shí)就是注冊(cè)碼！
                                 ====>EAX=00014CAB * 45=0059AA17（H）=5876247（D）

:004B1B6B 8945F0                  mov dword ptr [ebp-10], eax
:004B1B6E 8955F4                  mov dword ptr [ebp-0C], edx
:004B1B71 8B45F0                  mov eax, dword ptr [ebp-10]
:004B1B74 8B55F4                  mov edx, dword ptr [ebp-0C]
:004B1B77 2D636B0000              sub eax, 00006B63
                                 ====>EAX=0059AA17 - 00006B63=00593EB4

:004B1B7C 83DA00                  sbb edx, 00000000
:004B1B7F 8945F0                  mov dword ptr [ebp-10], eax
:004B1B82 8955F4                  mov dword ptr [ebp-0C], edx
:004B1B85 6A00                    push 00000000
:004B1B87 6A23                    push 00000023
:004B1B89 8B45F0                  mov eax, dword ptr [ebp-10]
:004B1B8C 8B55F4                  mov edx, dword ptr [ebp-0C]
:004B1B8F E8003CF5FF              call 00405794
                                 ====>這里面再乘以23，所得結(jié)果的10進(jìn)制值其實(shí)就是序列號(hào)！
                                 ====>EAX=00593EB4 * 23=0C33929C

:004B1B94 8945F0                  mov dword ptr [ebp-10], eax
                                 ====>[ebp-10]=0C33929C（H）=204706460（D）   序列號(hào)

—————————————————————————————————
【算 法  總 結(jié)】：

序列號(hào)的16進(jìn)制值除以23，再加上00006B63，所得結(jié)果的10進(jìn)制值就是注冊(cè)碼
—————————————————————————————————  
【C++   KeyGen】：

#include<iostream.h>
void main()
{
unsigned long int m,s;
cout<<"\n\n★★★★寬帶Web服務(wù)器(ADSLWebServer) V1.2 KeyGen{13th}★★★★\n\n\n\n";
cout<<"請(qǐng)輸入序列號(hào):";
cin >>m;
s=m/0X23+0X6B63;
cout<<"\n呵呵，注冊(cè)碼:"<<s<<endl;
cout<<"\n\n\nCracked By 巢水工作坊——fly [OCN][FCG] 2003-06-17  01:30 COMPILE";
cout<<"\n\n\n             * * * 按回車(chē)退出！* * *";cin.get();cin.get();
}
—————————————————————————————————  
【完 美  爆 破】

004B3B2E 7566                    jne 004B3B96
改為： 9090                    NOP掉
—————————————————————————————————  
【KeyMake之{94th}內(nèi)存注冊(cè)機(jī)】：

中斷地址：004B1B6B
中斷次數(shù)：1
第一字節(jié)：89
指令長(zhǎng)度：3

寄存器方式：EAX  
10進(jìn)制值
—————————————————————————————————  
【注冊(cè)信息保存】：

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{1AE69D60-73D0-11D4-BD52-38A480C50000}]
"231114271"="231114271"
—————————————————————————————————  
【整        理】：
序列號(hào)：204706460
注冊(cè)碼：5876247
————————————————————————————————