Chinese riddle algorithm analysis

[Break text title] Chinese riddle algorithm analysis
[Author] missviola
[Author's email]
[Author's homepage]
[Cracking tool] DEDE OD PEID
[Cracking platform] Windows XP
[Software name] Chinese riddle
[Software size]
[Original download]
[Protection method] serial number
[Software Overview] [Chinese riddle] software was recommended by dozens of publications. The software comes with more than 10 thousand riddles, a wide range of categories, a vast number. The software supports fuzzy search, sorting by method, addition, modification, and deletion of riddles at any time. It is easy to use and powerful. The software supports batch import, allowing you to import your own databases in bulk anytime, anywhere. The database supports unlimited expansion. The software is upgraded at any time, and riddles are added at any time. The software also integrates the Chinese riddle book. The Chinese riddle book contains frequently-used riddle and riddle-making resources. The materials are extremely precious. The software is pure green, environmentally friendly, and can be completely uninstalled.
[Cracking statement] is only interesting and has no other purpose. For errors, please enlighten us!
------------------------------------------------------------------------
[Cracking process] The software has not been broken for a long time. If you are free for the Chinese New Year, take a small software trainer. After installing the software, you can use peid to check the shell and find that the ASPack shell is added. You can use the peid plug-in to easily solve the problem. After re-checking the shell, you can find that it is written for delphi. Put it in dede to generate the map file, load the software with od, import the map file, and start the formal cracking.
Right-click the super string to find the ASCII, and find the registration successful. Thank you for your registration! Double-click to the corresponding location, pull up to 0054EE6C, F2 breakpoint, F9 run the program, enter the order number and registration code, click "OK", the program is disconnected, and f8.

0054EE6C>/. 55 push ebp; <-TForm1 @ BitBtn5Click
0054EE6D |. 8BEC mov ebp, ESP
0054EE6F |. B9 16000000 mov ecx, 16
0054EE74 |> 6A 00/PUSH 0
0054EE76 |. 6A 00 | PUSH 0
0054EE78 |. 49 | DEC ECX
0054EE79 |. ^ 75 F9 jnz short zhdm_exe.0054EE74
0054EE7B |. 51 PUSH ECX
0054EE7C |. 53 PUSH EBX
0054EE7D |. 56 PUSH ESI
0054EE7E |. 8BD8 mov ebx, EAX
0054EE80 |. 33C0 xor eax, EAX
0054EE82 |. 55 PUSH EBP
0054EE83 |. 68 BEF05400 PUSH <zhdm_exe.-> System. @ HandleFinally;>
0054EE88 |. 64: FF30 push dword ptr fs: [EAX]
0054EE8B |. 64: 8920 mov dword ptr fs: [EAX], ESP
0054EE8E |. 68 80000000 PUSH 80;/BufSize = 80 (128 .)
0054EE93 |. 8D85 7 bffffff lea eax, dword ptr ss: [EBP-85]; |
0054EE99 |. 50 push eax; | Buffer
0054EE9A> |. E8 4584 ebff call <JMP. & KERNEL32.GetSystemDirectoryA>;->? GetSystemDirectoryA ()
0054EE9F |. 8D45 fc lea eax, dword ptr ss: [EBP-4]
0054EEA2 |. 8D95 7 bffffff lea edx, dword ptr ss: [EBP-85]
0054EEA8 |. B9 81000000 mov ecx, 81
0054 EEAD> |. E8 665 debff call zhdm_exe.00404c6;-> System. @ LStrFromArray (String; PAnsiChar; Integer); <+>
0054EEB2 |. 8D95 74 ffffff lea edx, dword ptr ss: [EBP-8C]
0054EEB8> |. 8B83 C8030000 mov eax, dword ptr ds: [EBX + 3C8]; * FlatEdit2: TFlatEdit
0054 EEBE> |. E8 C58CEFFF CALL zhdm_exe.00447B88;-> Controls. TControl. GetText (TControl): TCaption;
0054EEC3 |. 83BD 74 FFFFFF> cmp dword ptr ss: [EBP-8C], 0; check whether the registration code is entered
0054 EECA |. 74 1A je short zhdm_exe.0054EEE6
0054 EECC |. 8D95 70 ffffff lea edx, dword ptr ss: [EBP-90]
0054EED2> |. 8B83 C0030000 mov eax, dword ptr ds: [EBX + 3C0]; * FlatEdit1: TFlatEdit
0054EED8> |. E8 AB8CEFFF CALL zhdm_exe.00447B88;-> Controls. TControl. GetText (TControl): TCaption;
0054 EEDD |. 83BD 70 FFFFFF> cmp dword ptr ss: [EBP-90], 0; check whether the order number is entered
0054EEE4 |. 75 0F jnz short zhdm_exe.0054EEF5
0054EEE6 |> B8 D4F05400 mov eax, zhdm_exe.0054F0D4; registration information not complete
0054 EEEB> |. E8 8C1EEFFF CALL zhdm_exe.0020.d7c;-> Dialogs. ShowMessage (AnsiString );
0054EEF0 |. E9 51010000 JMP zhdm_exe.0054F046
0054EEF5 |> 8D95 6 cffffff lea edx, dword ptr ss: [EBP-94]
0054 EEFB> |. 8B83 C8030000 mov eax, dword ptr ds: [EBX + 3C8]; * FlatEdit2: TFlatEdit
0054EF01> |. E8 828 cefff call zhdm_exe.00447B88;-> Controls. TControl. GetText (TControl): TCaption;
0054EF06 |. 8B85 6 cffffff mov eax, dword ptr ss: [EBP-94]
0054EF0C |. 50 PUSH EAX
0054EF0D |. 8D95 64 ffffff lea edx, dword ptr ss: [EBP-9C]
0054EF13> |. 8B83 C0030000 mov eax, dword ptr ds: [EBX + 3C0]; * FlatEdit1: TFlatEdit
0054EF19> |. E8 6A8CEFFF CALL zhdm_exe.00447B88;-> Controls. TControl. GetText (TControl): TCaption;
0054EF1E |. 8B85 64 ffffff mov eax, dword ptr ss: [EBP-9C]
0054EF24> |. E8 DBA6EBFF CALL zhdm_exe.00409604;-> SysUtils. StrToInt (AnsiString): Integer; Convert order number to Integer
0054EF29 |. B9 3A000000 mov ecx, 3A
0054EF2E |. 99 cdq edx resetting
0054EF2F |. F7