《Wave Corrector pro 3.31》算法简单分析
【破文标题】《Wave Corrector pro 3.31》算法简单分析【破文作者】水中花
【作者邮箱】
【作者主页】
【破解工具】OD
【破解平台】sp2
【软件名称】Wave Corrector pro 3.31
【软件大小】
【原版下载】http://www.newhua.com/soft/19853.htm
【保护方式】序列号
【软件简介】可以将录音文件保存为WAV格式。然后,Wave Corrector会显示一张音频曲线图,里面会显示原始声音曲线和经过修正后的声音曲线。你可以放大曲线图来添加或者删除修正。
【破解声明】新手写得不好,请指教。
------------------------------------------------------------------------
【破解过程】用字符串参考查找可下断,到此
.
.
.
004137F6 .03C7 add eax, edi
004137F8 .41 inc ecx
004137F9 .3BCE cmp ecx, esi
004137FB .^ 7C E5 jl short WaveCor.004137E2
004137FD >99 cdq
004137FE .B9 1A000000 mov ecx, 1A
00413803 .F7F9 idiv ecx
00413805 .8BCD mov ecx, ebp
00413807 .8BFA mov edi, edx
00413809 .83C7 41 add edi, 41
0041380C .E8 9FFAFFFF call WaveCor.004132B0 ; 算法关键call,跟进
00413811 .8B95 C0000000 mov edx, dword ptr
00413817 .8982 FC000000 mov dword ptr , eax
0041381D .8B85 C0000000 mov eax, dword ptr
00413823 .8B88 FC000000 mov ecx, dword ptr
00413829 .85C9 test ecx, ecx
0041382B .74 21 je short WaveCor.0041384E 是个关键跳转,跳向出错处
0041382D .83FB 08 cmp ebx, 8
00413830 .0F84 8A000000 je WaveCor.004138C0 此处更改标志位也可破解成功
00413836 .85F6 test esi, esi
00413838 .7C 7C jl short WaveCor.004138B6
0041383A .8B8424 900000>mov eax, dword ptr
00413841 .3B70 F4 cmp esi, dword ptr
00413844 .7F 70 jg short WaveCor.004138B6
00413846 .0FBE0C06 movsx ecx, byte ptr
0041384A .3BF9 cmp edi, ecx
0041384C .74 72 je short WaveCor.004138C0
0041384E >8B15 FC7A5B00 mov edx, dword ptr
00413854 .68 84384B00 push WaveCor.004B3884 ; /Arg3 = 004B3884
00413859 .68 A85F4B00 push WaveCor.004B5FA8 ; |Arg2 = 004B5FA8 ASCII "UserName"
0041385E .52 push edx ; |Arg1 => 00C72608 ASCII "Settings"
0041385F .8BCD mov ecx, ebp ; |
00413861 .E8 164C0800 call WaveCor.0049847C ; \WaveCor.0049847C
00413866 .6A 00 push 0
00413868 .6A 00 push 0
0041386A .68 B8624B00 push WaveCor.004B62B8 ;ASCII "You User Name or Key is invalid. Try Again."
0041386F .E8 024B0800 call WaveCor.00498376
00413874 .8B4424 10 mov eax, dword ptr
00413878 .83C0 F0 add eax, -10
0041387B .C68424 A00000>mov byte ptr , 0
00413883 .8D48 0C lea ecx, dword ptr
00413886 .83CA FF or edx, FFFFFFFF
00413889 .F0:0FC111 lock xadd dword ptr , edx
0041388D .4A dec edx
0041388E .85D2 test edx, edx
00413890 .7F 08 jg short WaveCor.0041389A
00413892 .8B08 mov ecx, dword ptr
00413894 .8B11 mov edx, dword ptr
00413896 .50 push eax
00413897 .FF52 04 call dword ptr
0041389A >8D4C24 20 lea ecx, dword ptr
0041389E .E8 89690700 call WaveCor.0048A22C
004138A3 .83F8 01 cmp eax, 1
004138A6 .^ 0F84 84FEFFFF je WaveCor.00413730
004138AC .E9 68010000 jmp WaveCor.00413A19
004138B1 >^ E9 6AD8FEFF jmp WaveCor.00401120
004138B6 >68 57000780 push 80070057
004138BB .E8 90D7FEFF call WaveCor.00401050
004138C0 >6A 00 push 0
004138C2 .6A 40 push 40
004138C4 .68 60624B00 push WaveCor.004B6260 ;ASCII "Your Copy of Wave Corrector is now registered.",LF,"Thank You for registering this product."
004138C9 .E8 A84A0800 call WaveCor.00498376
004138CE .A1 FC7A5B00 mov eax, dword ptr
004138D3 .6A 00 push 0
004138D5 .68 A85F4B00 push WaveCor.004B5FA8 ;ASCII "UserName"
004138DA .50 push eax
004138DB .8D4C24 24 lea ecx, dword ptr
004138DF .51 push ecx
004138E0 .8BCD mov ecx, ebp
004138E2 .E8 601C0900 call WaveCor.004A5547
004138E7 .50 push eax
004138E8 .8D5424 18 lea edx, dword ptr
004138EC .68 50624B00 push WaveCor.004B6250 ;ASCII "Registered to "
004138F1 .52 push edx
004138F2 .C68424 AC0000>mov byte ptr , 2
004138FA .E8 41F4FEFF call WaveCor.00402D40
004138FF .83C4 0C add esp, 0C
00413902 .8B08 mov ecx, dword ptr
00413904 .8BB5 BC000000 mov esi, dword ptr
0041390A .8DBD BC000000 lea edi, dword ptr
00413910 .8D41 F0 lea eax, dword ptr
00413913 .83EE 10 sub esi, 10
00413916 .3BC6 cmp eax, esi
00413918 .C68424 A00000>mov byte ptr , 3
00413920 .74 48 je short WaveCor.0041396A
.
.
.
算法关键call:
004132B0 $6A FF push -1
004132B2 .68 10E24A00 push WaveCor.004AE210 ;SE 处理程序安装
004132B7 .64:A1 0000000>mov eax, dword ptr fs:
004132BD .50 push eax
004132BE .64:8925 00000>mov dword ptr fs:, esp
004132C5 .83EC 18 sub esp, 18
004132C8 .A1 FC7A5B00 mov eax, dword ptr
004132CD .53 push ebx
004132CE .55 push ebp
004132CF .56 push esi
004132D0 .57 push edi
004132D1 .33DB xor ebx, ebx
004132D3 .53 push ebx
004132D4 .8BF1 mov esi, ecx
004132D6 .68 A85F4B00 push WaveCor.004B5FA8 ;ASCII "UserName"
004132DB .50 push eax
004132DC .8D4C24 24 lea ecx, dword ptr
004132E0 .51 push ecx
004132E1 .8BCE mov ecx, esi
004132E3 .897424 34 mov dword ptr , esi
004132E7 .E8 5B220900 call WaveCor.004A5547
004132EC .8B15 FC7A5B00 mov edx, dword ptr
004132F2 .53 push ebx
004132F3 .68 4C624B00 push WaveCor.004B624C ;ASCII "Key"
004132F8 .52 push edx
004132F9 .8D4424 20 lea eax, dword ptr
004132FD .50 push eax
004132FE .8BCE mov ecx, esi
00413300 .895C24 40 mov dword ptr , ebx
00413304 .E8 3E220900 call WaveCor.004A5547
00413309 .6A 08 push 8
0041330B .8D4C24 24 lea ecx, dword ptr
0041330F .51 push ecx
00413310 .8D4C24 1C lea ecx, dword ptr
00413314 .C64424 38 01mov byte ptr , 1
00413319 .E8 E2F5FEFF call WaveCor.00402900
0041331E .50 push eax
0041331F .8D4C24 18 lea ecx, dword ptr
00413323 .C64424 34 02mov byte ptr , 2
00413328 .E8 03F8FEFF call WaveCor.00402B30 ;获取假注册码
0041332D .8B4424 20 mov eax, dword ptr
00413331 .83C0 F0 add eax, -10
00413334 .C64424 30 01mov byte ptr , 1
00413339 .8D50 0C lea edx, dword ptr
0041333C .83C9 FF or ecx, FFFFFFFF
0041333F .F0:0FC10A lock xadd dword ptr , ecx
00413343 .49 dec ecx
00413344 .85C9 test ecx, ecx
00413346 .7F 08 jg short WaveCor.00413350
00413348 .8B08 mov ecx, dword ptr
0041334A .8B11 mov edx, dword ptr
0041334C .50 push eax
0041334D .FF52 04 call dword ptr
00413350 >8B6C24 18 mov ebp, dword ptr ; 取输入的用户名
00413354 .899E D8000000 mov dword ptr , ebx
0041335A .8B5D F4 mov ebx, dword ptr ;取用户名长度
0041335D .33C9 xor ecx, ecx
0041335F .85DB test ebx, ebx
00413361 .BE 01000000 mov esi, 1 ;赋esi初值为1
00413366 .BF 0F000000 mov edi, 0F ;赋edi初值为0F
0041336B .7E 2E jle short WaveCor.0041339B
0041336D .8D49 00 lea ecx, dword ptr
00413370 >85C9 test ecx, ecx
00413372 .0F8C D7020000 jl WaveCor.0041364F ;以下循环取用户名的字符
00413378 .3BCB cmp ecx, ebx :与用户名长度比较
0041337A .0F8F CF020000 jg WaveCor.0041364F
00413380 .0FBE0429 movsx eax, byte ptr
00413384 .99 cdq
00413385 .F7FF idiv edi ;各字符的ascII/edi
00413387 .8BC6 mov eax, esi
00413389 .0FAFC6 imul eax, esi ;esi*esi
0041338C .0FAFD7 imul edx, edi ;余数*edi
0041338F .03D0 add edx, eax ;edx+eax
00413391 .41 inc ecx ;指针加1
00413392 .83C7 02 add edi, 2 ;edi+2
00413395 .3BCB cmp ecx, ebx :与用户名升序比较
00413397 .8BF2 mov esi, edx ;计算所得的edx值存esi中
00413399 .^ 7C D5 jl short WaveCor.00413370
0041339B >68 84384B00 push WaveCor.004B3884
004133A0 .8D4C24 14 lea ecx, dword ptr
004133A4 .E8 F7FBFEFF call WaveCor.00402FA0
004133A9 .C64424 30 03mov byte ptr , 3
004133AE .C74424 1C 000>mov dword ptr , 0
004133B6 >8B4C24 10 mov ecx, dword ptr
004133BA .8B41 FC mov eax, dword ptr
004133BD .8B69 F4 mov ebp, dword ptr
004133C0 .BA 01000000 mov edx, 1
004133C5 .2BD0 sub edx, eax
004133C7 .8B41 F8 mov eax, dword ptr
004133CA .8D7D 01 lea edi, dword ptr
004133CD .2BC7 sub eax, edi
004133CF .0BC2 or eax, edx
004133D1 .7D 0E jge short WaveCor.004133E1
004133D3 .57 push edi
004133D4 .8D4C24 14 lea ecx, dword ptr
004133D8 .E8 53DFFEFF call WaveCor.00401330
004133DD .8B4C24 10 mov ecx, dword ptr
004133E1 >33D2 xor edx, edx
004133E3 .8BC6 mov eax, esi ;第一次为上面计算所得的值a,后面为esi的值
004133E5 .BB 1A000000 mov ebx, 1A :1A赋ebx
004133EA .F7F3 div ebx ; eax 除ebx
004133EC .80C2 41 add dl, 41 ;余数+41
004133EF .85FF test edi, edi
004133F1 .881429 mov byte ptr , dl ;转换为字符,存入单元中,此单元为注册码
004133F4 .0F8C 55020000 jl WaveCor.0041364F
004133FA .8B4424 10 mov eax, dword ptr
004133FE .3B78 F8 cmp edi, dword ptr
00413401 .0F8F 48020000 jg WaveCor.0041364F
00413407 .8978 F4 mov dword ptr , edi
0041340A .8B4C24 10 mov ecx, dword ptr
0041340E .B8 25499224 mov eax, 24924925
00413413 .F7E6 mul esi ;24924925*上面计算所得的值a
00413415 .8B4424 1C mov eax, dword ptr
00413419 .2BF2 sub esi, edx ;esi-edx
0041341B .D1EE shr esi, 1 ;右移1位
0041341D .03F2 add esi, edx ;esi+edx
0041341F .C1EE 03 shr esi, 3 ;右移3位
00413422 .40 inc eax ;eax加1
00413423 .83F8 08 cmp eax, 8 :循环8次,注册码为8位
00413426 .C6040F 00 mov byte ptr , 0
0041342A .894424 1C mov dword ptr , eax
0041342E .^ 7C 86 jl short WaveCor.004133B6
00413430 .8B5424 14 mov edx, dword ptr :假码
00413434 .8B4424 10 mov eax, dword ptr :真码
00413438 .52 push edx
00413439 .50 push eax
0041343A .E8 F9290600 call WaveCor.00475E38 ;比较注册码
0041343F .83C4 08 add esp, 8
00413442 .85C0 test eax, eax
00413444 .0F85 84000000 jnz WaveCor.004134CE ;不等跳
0041344A .8B4424 10 mov eax, dword ptr
0041344E .83C0 F0 add eax, -10
00413451 .C64424 30 01mov byte ptr , 1
00413456 .8D48 0C lea ecx, dword ptr
00413459 .83CA FF or edx, FFFFFFFF
0041345C .F0:0FC111 lock xadd dword ptr , edx
00413460 .4A dec edx
00413461 .85D2 test edx, edx
00413463 .7F 08 jg short WaveCor.0041346D
00413465 .8B08 mov ecx, dword ptr
00413467 .8B11 mov edx, dword ptr
00413469 .50 push eax
0041346A .FF52 04 call dword ptr
0041346D >8B4424 14 mov eax, dword ptr
00413471 .83C0 F0 add eax, -10
00413474 .C64424 30 00mov byte ptr , 0
00413479 .8D48 0C lea ecx, dword ptr
0041347C .83CA FF or edx, FFFFFFFF
0041347F .F0:0FC111 lock xadd dword ptr , edx
00413483 .4A dec edx
00413484 .85D2 test edx, edx
00413486 .7F 08 jg short WaveCor.00413490
00413488 .8B08 mov ecx, dword ptr
0041348A .8B11 mov edx, dword ptr
0041348C .50 push eax
0041348D .FF52 04 call dword ptr
00413490 >8B4424 18 mov eax, dword ptr
00413494 .83C0 F0 add eax, -10
00413497 .C74424 30 FFF>mov dword ptr , -1
0041349F .8D48 0C lea ecx, dword ptr
004134A2 .83CA FF or edx, FFFFFFFF
004134A5 .F0:0FC111 lock xadd dword ptr , edx
004134A9 .4A dec edx
004134AA .85D2 test edx, edx
004134AC .7F 08 jg short WaveCor.004134B6
004134AE .8B08 mov ecx, dword ptr
004134B0 .8B11 mov edx, dword ptr
004134B2 .50 push eax
004134B3 .FF52 04 call dword ptr
004134B6 >5F pop edi
004134B7 .5E pop esi
004134B8 .5D pop ebp
004134B9 .B8 01000000 mov eax, 1
004134BE .5B pop ebx
004134BF .8B4C24 18 mov ecx, dword ptr
004134C3 .64:890D 00000>mov dword ptr fs:, ecx
004134CA .83C4 24 add esp, 24
004134CD .C3 retn
------------------------------------------------------------------------
【破解总结】新手只能粗浅分析,软件的大概算法就如上面所分析的,什么时候做个VB注册机!
------------------------------------------------------------------------
[ 本帖最后由 水中花 于 2007-2-7 18:10 编辑 ] 不错嘛,学习了 支持楼主~~感谢 不错啊,都能分析了,我还是看不懂那些分析的
页:
[1]