Open Video Converter 3.0.3算法分析--菜菜鸟进,其他人飘
菜鸟学破文的笔记,有错误处请指正 :loveliness:【破文标题】Open Video Converter 3.0.3算法分析
【破文作者】ZHOU2X,lvcaolhx
【作者邮箱】[email protected]
【作者主页】
【破解工具】OD
【破解平台】XPSP2
【软件名称】Open Video Converter 3.0.3
【软件大小】546kb
【原版下载】http://hn.onlinedown.net/soft/27574.htm
【保护方式】注册码
【软件简介】根据ZHOU2X的破文写的详细学习笔记
【破解声明】学习他人的破文,积累经验
------------------------------------------------------------------------
【破解过程】下断点,找字串
00417233 .55 push ebp
00417234 .56 push esi
00417235 .57 push edi
00417236 .BF 01000000 mov edi, 1
0041723B .57 push edi
0041723C .8BF1 mov esi, ecx
0041723E .E8 8BC30100 call 004335CE
00417243 .8B46 70 mov eax, dword ptr //注册名
00417246 .8B68 F4 mov ebp, dword ptr //注册名长度
00417249 .83FD 02 cmp ebp, 2//比较注册名长度是否大于2
0041724C .7D 15 jge short 00417263//大于等于就跳
0041724E .6A 00 push 0
00417250 .6A 00 push 0
00417252 .68 0CAB4400 push 0044AB0C ;please input correct user name!
00417257 .E8 0B620200 call 0043D467
0041725C .5F pop edi
0041725D .5E pop esi
0041725E .5D pop ebp
0041725F .83C4 0C add esp, 0C
00417262 .C3 retn
00417263 >8B4E 74 mov ecx, dword ptr //输入的注册码
00417266 .8379 F4 08 cmp dword ptr , 8//比较注册码是否大于8
0041726A .7D 15 jge short 00417281
0041726C .6A 00 push 0
0041726E .6A 00 push 0
00417270 .68 E4AA4400 push 0044AAE4 ;please input correct registration code!
00417275 .E8 ED610200 call 0043D467
0041727A .5F pop edi
0041727B .5E pop esi
0041727C .5D pop ebp
0041727D .83C4 0C add esp, 0C
00417280 .C3 retn
00417281 >8B46 70 mov eax, dword ptr
00417284 .8B48 F4 mov ecx, dword ptr
00417287 .85C9 test ecx, ecx
00417289 .7D 0A jge short 00417295
0041728B .68 57000780 push 80070057
00417290 .E8 5BA0FEFF call 004012F0
00417295 >8A10 mov dl, byte ptr
00417297 .8B46 70 mov eax, dword ptr
0041729A .3978 F4 cmp dword ptr , edi
0041729D .7D 0A jge short 004172A9
0041729F .68 57000780 push 80070057
004172A4 .E8 47A0FEFF call 004012F0
004172A9 >8A40 01 mov al, byte ptr
004172AC .884424 0E mov byte ptr , al
004172B0 .8B46 70 mov eax, dword ptr
004172B3 .8B48 F4 mov ecx, dword ptr
004172B6 .85C9 test ecx, ecx
004172B8 .7D 0A jge short 004172C4
004172BA .68 57000780 push 80070057
004172BF .E8 2CA0FEFF call 004012F0
004172C4 >8B4E 70 mov ecx, dword ptr
004172C7 .53 push ebx
004172C8 .8A18 mov bl, byte ptr
004172CA .3979 F4 cmp dword ptr , edi
004172CD .7D 0A jge short 004172D9
004172CF .68 57000780 push 80070057
004172D4 .E8 17A0FEFF call 004012F0
004172D9 >0FB6C2 movzx eax, dl//取注册名第一位,dl=4B('K')
004172DC .83C8 41 or eax, 41//注册名第一位字符ASCII码值和16进制数41或运算(4B or 41=4B),运算结果可在下一行代码的FPU窗口中的EAX值中看到(须在调试过程中)
004172DF .99 cdq//字符扩展,作用是EDX=0可在下一行代码的FPU窗口中的EDX值中看到
004172E0 .BF 0A000000 mov edi, 0A//edi=0A,10进制为10
004172E5 .F7FF idiv edi//注册名第一位字符第一次或运算结果除以10,商为7,余数为5
则EAX=7,EDX=5在下一行代码的FPU窗口中查看EAX,EDX值可看到
004172E7 .0FB64424 12 movzx eax, byte ptr //取注册名第2位<76('v')>
004172EC .83C8 56 or eax, 56//注册名第2位字符ASCII码值和16进制数56或运算
结果为16进制数76
004172EF .885424 16 mov byte ptr , dl//保存注册名第一位字符第一次或运算结果除以10的余数,记为余数1,=5,后面要用到
004172F3 .99 cdq//字符扩展
004172F4 .F7FF idiv edi//注册名第2位字符第一次或运算结果除以10,商为11,余数为8
则EAX=B(11的16进制),EDX=8
004172F6 .0FB6C3 movzx eax, bl//取注册名第一位,进行第2次运算
004172F9 .83C8 49 or eax, 49//注册名第一位字符第2次或运算
结果为16进制数4B
004172FC .885424 12 mov byte ptr , dl//保存注册名第2位字符第1次或运算结果除以10的余数,记为余数2,=8,后面要用到
00417300 .99 cdq////字符扩展
00417301 .F7FF idiv edi//注册名第一位字符第2次或运算结果除以10,商为7,余数为5
则EAX=7,EDX=5
00417303 .0FB641 01 movzx eax, byte ptr //取注册名第二位字符76('v')
00417307 .83C8 43 or eax, 43//注册名第2位字符ASCII码值和16进制数43或运算
0041730A .8BCF mov ecx, edi
0041730C .885424 17 mov byte ptr , dl//保存注册名第一位字符第2次或运算结果除以10的余数,记为余数3,=5,后面要用到
00417310 .99 cdq
00417311 .F7F9 idiv ecx//注册名第2位字符第2次或运算结果除以10,商为11,余数为9
则EAX=B(11的16进制),EDX=9
00417313 .33C0 xor eax, eax//清零
00417315 .33C9 xor ecx, ecx//清零
00417317 .85ED test ebp, ebp//ebp是否为0
00417319 .885424 18 mov byte ptr , dl//保存注册名第2位字符第2次或运算结果除以10的余数,记为余数4,=9,后面要用到
0041731D .7E 20 jle short 0041733F
0041731F .90 nop
00417320 >85C9 test ecx, ecx
00417322 .0F8C D2000000 jl 004173FA
00417328 .8B7E 70 mov edi, dword ptr
0041732B .3B4F F4 cmp ecx, dword ptr
0041732E .0F8F C6000000 jg 004173FA
00417334 .0FB6140F movzx edx, byte ptr
00417338 .03C2 add eax, edx
0041733A .41 inc ecx
0041733B .3BCD cmp ecx, ebp
0041733D .^ 7C E1 jl short 00417320
0041733F >8B4E 74 mov ecx, dword ptr
00417342 .8B51 F4 mov edx, dword ptr
00417345 .85D2 test edx, edx
00417347 .7D 0A jge short 00417353
00417349 .68 57000780 push 80070057
0041734E .E8 9D9FFEFF call 004012F0
00417353 >8A11 mov dl, byte ptr
00417355 .8B4E 74 mov ecx, dword ptr
00417358 .8379 F4 01 cmp dword ptr , 1
0041735C .885424 19 mov byte ptr , dl
00417360 .7D 0A jge short 0041736C
00417362 .68 57000780 push 80070057
00417367 .E8 849FFEFF call 004012F0
0041736C >8A49 01 mov cl, byte ptr
0041736F .8B7E 74 mov edi, dword ptr
00417372 .884C24 13 mov byte ptr , cl
00417376 .837F F4 02 cmp dword ptr , 2
0041737A .7D 0A jge short 00417386
0041737C .68 57000780 push 80070057
00417381 .E8 6A9FFEFF call 004012F0
00417386 >8A4F 02 mov cl, byte ptr
00417389 .8B7E 74 mov edi, dword ptr
0041738C .884C24 14 mov byte ptr , cl
00417390 .837F F4 03 cmp dword ptr , 3
00417394 .7D 0A jge short 004173A0
00417396 .68 57000780 push 80070057
0041739B .E8 509FFEFF call 004012F0
004173A0 >8A4F 03 mov cl, byte ptr
004173A3 .8B7E 74 mov edi, dword ptr
004173A6 .884C24 15 mov byte ptr , cl
004173AA .837F F4 04 cmp dword ptr , 4
004173AE .7D 0A jge short 004173BA
004173B0 .68 57000780 push 80070057
004173B5 .E8 369FFEFF call 004012F0
004173BA >8A5F 04 mov bl, byte ptr
004173BD .8B7E 74 mov edi, dword ptr
004173C0 .837F F4 05 cmp dword ptr , 5
004173C4 .7D 0A jge short 004173D0
004173C6 .68 57000780 push 80070057
004173CB .E8 209FFEFF call 004012F0
004173D0 >8A4F 05 mov cl, byte ptr
004173D3 .8B7E 74 mov edi, dword ptr
004173D6 .884C24 1A mov byte ptr , cl
004173DA .837F F4 06 cmp dword ptr , 6
004173DE .7D 0A jge short 004173EA
004173E0 .68 57000780 push 80070057
004173E5 .E8 069FFEFF call 004012F0
004173EA >8A4F 06 mov cl, byte ptr
004173ED .8B7E 74 mov edi, dword ptr
004173F0 .884C24 1B mov byte ptr , cl
004173F4 .837F F4 07 cmp dword ptr , 7
004173F8 .7D 0A jge short 00417404
004173FA >68 57000780 push 80070057
004173FF .E8 EC9EFEFF call 004012F0
00417404 >8A4F 07 mov cl, byte ptr
00417407 .0FB67C24 16 movzx edi, byte ptr //余数1
0041740C .0FB6D2 movzx edx, dl
0041740F .83EA 30 sub edx, 30//注册码第1位ASCII码值减16进制数30
00417412 .3BFA cmp edi, edx//注册码第1位ASCII码值减16进制数30的结果与余数1的值比较
00417414 .75 48 jnz short 0041745E//不等就跳
00417416 .0FB65424 13 movzx edx, byte ptr
0041741B .0FB67C24 12 movzx edi, byte ptr //余数2
00417420 .83EA 30 sub edx, 30
00417423 .3BFA cmp edi, edx
00417425 .75 37 jnz short 0041745E
00417427 .0FB65424 14 movzx edx, byte ptr
0041742C .0FB67C24 17 movzx edi, byte ptr //余数3
00417431 .83EA 30 sub edx, 30
00417434 .3BFA cmp edi, edx
00417436 .75 26 jnz short 0041745E
00417438 .0FB65424 15 movzx edx, byte ptr
0041743D .0FB67C24 18 movzx edi, byte ptr //余数4
00417442 .83EA 30 sub edx, 30
00417445 .3BFA cmp edi, edx
00417447 .75 15 jnz short 0041745E
00417449 .99 cdq
0041744A .BF 0A000000 mov edi, 0A
0041744F .F7FF idiv edi
00417451 .0FB6C2 movzx eax, dl
00417454 .0FB6D3 movzx edx, bl
00417457 .83EA 30 sub edx, 30
0041745A .3BC2 cmp eax, edx
0041745C .74 38 je short 00417496
0041745E >807C24 19 35cmp byte ptr , 35//通用注册码518962
00417463 .0F85 83000000 jnz 004174EC
00417469 .807C24 13 31cmp byte ptr , 31
0041746E .75 7C jnz short 004174EC
00417470 .807C24 14 38cmp byte ptr , 38
00417475 .75 75 jnz short 004174EC
00417477 .807C24 15 39cmp byte ptr , 39
0041747C .75 6E jnz short 004174EC
0041747E .80FB 37 cmp bl, 37
00417481 .75 69 jnz short 004174EC
00417483 .807C24 1A 36cmp byte ptr , 36
00417488 .75 62 jnz short 004174EC
0041748A .807C24 1B 32cmp byte ptr , 32
0041748F .75 5B jnz short 004174EC
00417491 .80F9 39 cmp cl, 39
00417494 .75 56 jnz short 004174EC
00417496 >6A 00 push 0
00417498 .6A 00 push 0
0041749A .68 C8AA4400 push 0044AAC8 ;registration has succeeded!
0041749F .E8 C35F0200 call 0043D467
------------------------------------------------------------------------
【破解总结】一句话:学得苦,写得更苦!!!!!!!
------------------------------------------------------------------------
【版权声明】本文由ZHOU2X原创,本人添加的详细解释,转载请注明作者并保持完整,Thank You! 又是一个沙发,呵呵,
学习下,支持下!
强人越来越多了,呵/:good
[ 本帖最后由 yingfeng 于 2007-9-4 17:37 编辑 ] 写的很好 我是新手 学习了 怎么没有算法总结和注册码、内存注册机/:L /:L 是学习笔记,只详细解释算法中的一部分
/:014 很好的帖子,学习一下算法/:014 不能只是把代码贴出来吧,建议有简要操作过程说明,否则叫新手如何下手? 比较详细的教程 ,, 一直不知道学习算法怎么入手~/:011
页:
[1]