破解广联达的方法!
广联达GBG8.0破解过程
加密方式：北京飞天诚信公司公司
使用软件：TRW2000 WIN32DSAM
软件限制：没狗时以学习版方式启动，当然学习版会有很多限制啦。 
动手吧，反汇编后Find “学习版”字样来到： 

:0084F714 A110708500 mov eax, dword ptr [00857010] 
:0084F719 C60001 mov byte ptr [eax], 01 

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses: 
|:0084F70A(C), :0084F712(C) 
| 
:0084F71C A110708500 mov eax, dword ptr [00857010] 
:0084F721 803800 cmp byte ptr [eax], 00 
:0084F724 0F860A010000 jbe 0084F834 //这里不能跳，跳即学习版 
:0084F72A B804AE8500 mov eax, 0085AE04 
:0084F72F E82049BBFF call 00404054 
:0084F734 33C0 xor eax, eax 
:0084F736 A300AE8500 mov dword ptr [0085AE00], eax 

很显然，0084F721处的[EAX]的什很重要，我们用TRW可以得知EAX=853638,同时我们可以得知853638的值是0，只要其值大于0那么就不是学习版了。下断bpm 853638,程序中断如下： 

:0084F5FB E8E442BFFF call 004438E4 
:0084F600 8D4580 lea eax, dword ptr [ebp-80] 
:0084F603 E83091C2FF call 00478738 
:0084F608 8B4580 mov eax, dword ptr [ebp-80] 
:0084F60B E83433BBFF call 00402944 
:0084F610 A110708500 mov eax, dword ptr [00857010] 
:0084F615 C60000 mov byte ptr [eax], 00 //中断在此，很简单吧，把00改为01即可 
:0084F618 C60511AE850000 mov byte ptr [0085AE11], 00 
:0084F61F 8D857CFFFFFF lea eax, dword ptr [ebp+FFFFFF7C] 
:0084F625 E80E91C2FF call 00478738 
:0084F62A 8D857CFFFFFF lea eax, dword ptr [ebp+FFFFFF7C] 

* Possible StringData Ref from Code Obj ->"RYCLIENT.ini" 
| 
:0084F630 BA78FC8400 mov edx, 0084FC78 
:0084F635 E8A24CBBFF call 004042DC 
:0084F63A 8B8D7CFFFFFF mov ecx, dword ptr [ebp+FFFFFF7C] 
:0084F640 B201 mov dl, 01 

再运行程序，不再是学习版了，哈哈没这么简单吧，果然进入后还要求输入每一个模块的注册码，但输入什么注册码也不对，拦也拦不下来，于是我休息几周（KAO，是不是休息的也太长了点，老兄我也是没办法嘛），后来注意到没注册的都有“模块”二字， 

:0055BDD8 55 push ebp 
:0055BDD9 8BEC mov ebp, esp 
:0055BDDB 83C4F0 add esp, FFFFFFF0 
:0055BDDE B898A68500 mov eax, 0085A698 

* Possible StringData Ref from Code Obj ->"预算编制模块" 
| 
:0055BDE3 BA04C35500 mov edx, 0055C304 
:0055BDE8 E8BB82EAFF call 004040A8 
:0055BDED C6059CA6850033 mov byte ptr [0085A69C], 33 
:0055BDF4 C6059DA6850000 mov byte ptr [0085A69D], 00 //这就是是否注册的标志呀，先是给系统没有注册的标志，然后通过读狗如果有狗[85A69D]的值就成了1，没狗就还是0 
:0055BDFB B8A0A68500 mov eax, 0085A6A0 

* Possible StringData Ref from Code Obj ->"洽商变更模块" 
| 
:0055BE00 BA1CC35500 mov edx, 0055C31C 
:0055BE05 E89E82EAFF call 004040A8 
:0055BE0A C605A4A6850034 mov byte ptr [0085A6A4], 34 
:0055BE11 C605A5A6850000 mov byte ptr [0085A6A5], 00 
:0055BE18 B8A8A68500 mov eax, 0085A6A8 

* Possible StringData Ref from Code Obj ->"月度统计模块" 
| 
:0055BE1D BA34C35500 mov edx, 0055C334 
:0055BE22 E88182EAFF call 004040A8 
:0055BE27 C605ACA6850035 mov byte ptr [0085A6AC], 35 
:0055BE2E C605ADA6850000 mov byte ptr [0085A6AD], 00 
:0055BE35 B8B0A68500 mov eax, 0085A6B0 

* Possible StringData Ref from Code Obj ->"结算模块" 
| 
:0055BE3A BA4CC35500 mov edx, 0055C34C 
:0055BE3F E86482EAFF call 004040A8 
:0055BE44 C605B4A6850036 mov byte ptr [0085A6B4], 36 
:0055BE4B C605B5A6850000 mov byte ptr [0085A6B5], 00 
:0055BE52 B8B8A68500 mov eax, 0085A6B8 

* Possible StringData Ref from Code Obj ->"审核模块" 
| 
:0055BE57 BA60C35500 mov edx, 0055C360 
:0055BE5C E84782EAFF call 004040A8 
:0055BE61 C605BCA6850037 mov byte ptr [0085A6BC], 37 
:0055BE68 C605BDA6850000 mov byte ptr [0085A6BD], 00 
:0055BE6F B8C0A68500 mov eax, 0085A6C0 

* Possible StringData Ref from Code Obj ->"施工预算模块" 
| 
:0055BE74 BA74C35500 mov edx, 0055C374 
:0055BE79 E82A82EAFF call 004040A8 
:0055BE7E C605C4A6850038 mov byte ptr [0085A6C4], 38 
:0055BE85 C605C5A6850000 mov byte ptr [0085A6C5], 00 
:0055BE8C B8C8A68500 mov eax, 0085A6C8 

* Possible StringData Ref from Code Obj ->"国际预算模块" 
| 
:0055BE91 BA8CC35500 mov edx, 0055C38C 
:0055BE96 E80D82EAFF call 004040A8 
:0055BE9B C605CCA6850039 mov byte ptr [0085A6CC], 39 
:0055BEA2 C605CDA6850000 mov byte ptr [0085A6CD], 00 
:0055BEA9 B8D0A68500 mov eax, 0085A6D0 

* Possible StringData Ref from Code Obj ->"国际洽商模块" 
| 
:0055BEAE BAA4C35500 mov edx, 0055C3A4 
:0055BEB3 E8F081EAFF call 004040A8 
:0055BEB8 C605D4A685003A mov byte ptr [0085A6D4], 3A 
:0055BEBF C605D5A6850000 mov byte ptr [0085A6D5], 00 
:0055BEC6 B8D8A68500 mov eax, 0085A6D8 

* Possible StringData Ref from Code Obj ->"国际统计模块" 
| 
:0055BECB BABCC35500 mov edx, 0055C3BC 
:0055BED0 E8D381EAFF call 004040A8 
:0055BED5 C605DCA685003B mov byte ptr [0085A6DC], 3B 
:0055BEDC C605DDA6850000 mov byte ptr [0085A6DD], 00 
:0055BEE3 B8E0A68500 mov eax, 0085A6E0 

* Possible StringData Ref from Code Obj ->"国际结算模块" 
| 
:0055BEE8 BAD4C35500 mov edx, 0055C3D4 
:0055BEED E8B681EAFF call 004040A8 
:0055BEF2 C605E4A6850041 mov byte ptr [0085A6E4], 41 
:0055BEF9 C605E5A6850000 mov byte ptr [0085A6E5], 00 
:0055BF00 B8E8A68500 mov eax, 0085A6E8 

* Possible StringData Ref from Code Obj ->"国际审核模块" 
| 
:0055BF05 BAECC35500 mov edx, 0055C3EC 
:0055BF0A E89981EAFF call 004040A8 
:0055BF0F C605ECA6850042 mov byte ptr [0085A6EC], 42 
:0055BF16 C605EDA6850000 mov byte ptr [0085A6ED], 00 
:0055BF1D B8F0A68500 mov eax, 0085A6F0 

* Possible StringData Ref from Code Obj ->"安装模块" 
| 
:0055BF22 BA04C45500 mov edx, 0055C404 
:0055BF27 E87C81EAFF call 004040A8 
:0055BF2C C605F4A6850045 mov byte ptr [0085A6F4], 45 
:0055BF33 C605F5A6850000 mov byte ptr [0085A6F5], 00 
:0055BF3A 33C9 xor ecx, ecx 
:0055BF3C B201 mov dl, 01 

* Possible StringData Ref from Code Obj ->"滯N" 
| 
:0055BF3E A1BC654E00 mov eax, dword ptr [004E65BC] 
:0055BF43 E8003FF9FF call 004EFE48 
:0055BF48 A318A78500 mov dword ptr [0085A718], eax 
:0055BF4D A118A78500 mov eax, dword ptr [0085A718] 
:0055BF52 C7401414000000 mov [eax+14], 00000014 
:0055BF59 33C9 xor ecx, ecx 
:0055BF5B 33D2 xor edx, edx 
:0055BF5D A118A78500 mov eax, dword ptr [0085A718] 
:0055BF62 E8B542F9FF call 004F021C 
:0055BF67 33C9 xor ecx, ecx 
:0055BF69 33D2 xor edx, edx 
:0055BF6B A118A78500 mov eax, dword ptr [0085A718] 
:0055BF70 E8A742F9FF call 004F021C 
:0055BF75 33C9 xor ecx, ecx 
:0055BF77 B201 mov dl, 01 
软件的模块很多，一共有九个，但都是一样的，只要改变其注册标志，就注册了，这里不再垒述！到此这个软件已经破解完成了，余下还有就是要使定额注册，以后再讲!