Open Video Capture 1.24.553算法分析+Delphi注册机
【破解作者】 小子贼野【作者主页】 http://mayday.unpack.cn/
【使用工具】 OD
【破解平台】 Win9x/NT/2000/XP
【软件名称】 Open Video Capture 1.24.553
【下载地址】 http://www.onlinedown.net/soft/46986.htm
【软件简介】 Open Video Converter 是一款易于使用的视频转换,分割和编辑工具。它能转换多个视频 格式如MPG,AVI,ASF,WMV到AVI 文件。它能改变帧尺寸,帧频,视频和音频压缩编码。 主要功能有:-转换MPEG,WMV,ASF,MPG,VCD,OGM,DAT,SVCD为AVI。
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
超级字串参考, 项目 54
地址=00402D23
反汇编=PUSH openvcap.0041B744
文本字串=registration has succeeded!
--------------------------------------------------------------------------------
来到下面:
--------------------------------------------------------------------------------
00402B2D > \8B7C24 1C MOV EDI,DWORD PTR SS: ;案例 1 --> 分支 00402AD9
00402B31 .8B35 04B34100 MOV ESI,DWORD PTR DS:[<&USER32.GetDlgIte>;USER32.GetDlgItemTextA
00402B37 .68 00010000 PUSH 100 ; /Count = 100 (256.)
00402B3C .68 B0104200 PUSH openvcap.004210B0 ; |Buffer = openvcap.004210B0
00402B41 .68 E8030000 PUSH 3E8 ; |ControlID = 3E8 (1000.)
00402B46 .57 PUSH EDI ; |hWnd
00402B47 .FFD6 CALL ESI ; \GetDlgItemTextA
00402B49 .68 00010000 PUSH 100 ; /Count = 100 (256.)
00402B4E .68 20164200 PUSH openvcap.00421620 ; |Buffer = openvcap.00421620
00402B53 .68 E9030000 PUSH 3E9 ; |ControlID = 3E9 (1001.)
00402B58 .57 PUSH EDI ; |hWnd
00402B59 .FFD6 CALL ESI ; \GetDlgItemTextA
00402B5B .B8 B0104200 MOV EAX,openvcap.004210B0 ;ASCII "mayday"
00402B60 .8D50 01 LEA EDX,DWORD PTR DS:
00402B63 >8A08 MOV CL,BYTE PTR DS:
00402B65 .40 INC EAX
00402B66 .84C9 TEST CL,CL
00402B68 .^ 75 F9 JNZ SHORT openvcap.00402B63
00402B6A .2BC2 SUB EAX,EDX
00402B6C .83F8 02 CMP EAX,2 ;用户名必须大于2
00402B6F .73 22 JNB SHORT openvcap.00402B93
00402B71 .6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
00402B73 .68 B0B74100 PUSH openvcap.0041B7B0 ; |Title = "Error"
00402B78 .68 90B74100 PUSH openvcap.0041B790 ; |Text = "Please input correct User Name!"
00402B7D .57 PUSH EDI ; |hOwner
00402B7E .FF15 68B24100 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
00402B84 .5F POP EDI
00402B85 .5E POP ESI
00402B86 .5D POP EBP
00402B87 .B8 01000000 MOV EAX,1
00402B8C .5B POP EBX
00402B8D .83C4 08 ADD ESP,8
00402B90 .C2 1000 RETN 10
00402B93 >B8 20164200 MOV EAX,openvcap.00421620 ;ASCII "123456789"
00402B98 .8D50 01 LEA EDX,DWORD PTR DS:
00402B9B .EB 03 JMP SHORT openvcap.00402BA0
00402B9D 8D49 00 LEA ECX,DWORD PTR DS:
00402BA0 >8A08 MOV CL,BYTE PTR DS:
00402BA2 .40 INC EAX
00402BA3 .84C9 TEST CL,CL
00402BA5 .^ 75 F9 JNZ SHORT openvcap.00402BA0
00402BA7 .2BC2 SUB EAX,EDX
00402BA9 .83F8 08 CMP EAX,8 ;注册码必须大于8
00402BAC .73 22 JNB SHORT openvcap.00402BD0
00402BAE .6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
00402BB0 .68 B0B74100 PUSH openvcap.0041B7B0 ; |Title = "Error"
00402BB5 .68 68B74100 PUSH openvcap.0041B768 ; |please input correct registration code!
00402BBA .57 PUSH EDI ; |hOwner
00402BBB .FF15 68B24100 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
00402BC1 .5F POP EDI
00402BC2 .5E POP ESI
00402BC3 .5D POP EBP
00402BC4 .B8 01000000 MOV EAX,1
00402BC9 .5B POP EBX
00402BCA .83C4 08 ADD ESP,8
00402BCD .C2 1000 RETN 10
00402BD0 >0FB60D B01042>MOVZX ECX,BYTE PTR DS: ;ECX=用户名第一位的Ascii
00402BD7 .8BC1 MOV EAX,ECX ;ECX=EAX
00402BD9 .83C8 57 OR EAX,57 ;EAX=EAX OR $57
00402BDC .99 CDQ
00402BDD .BE 0A000000 MOV ESI,0A ;ESI=$A
00402BE2 .F7FE IDIV ESI ;EAX与A进行idiv运算
00402BE4 .0FB635 B11042>MOVZX ESI,BYTE PTR DS: ;ESI=用户名第二位的Ascii
00402BEB .8BC6 MOV EAX,ESI ;ESI=EAX
00402BED .83C8 45 OR EAX,45 ;EAX=EAX OR $45
00402BF0 .BF 0A000000 MOV EDI,0A ;EDI=$A
00402BF5 .33ED XOR EBP,EBP ;EBP=0
00402BF7 .885424 20 MOV BYTE PTR SS:,DL ;dl=07,送ESP+20
00402BFB .99 CDQ
00402BFC .F7FF IDIV EDI ;EAX与A进行idiv运算
00402BFE .8BC1 MOV EAX,ECX ;用户名第一位的Ascii
00402C00 .83C8 42 OR EAX,42 ;EAX=EAX OR $42
00402C03 .8BCF MOV ECX,EDI ;EDI=用户名第一位Ascii
00402C05 .885424 24 MOV BYTE PTR SS:,DL ;DL=1,送ESP+24
00402C09 .99 CDQ
00402C0A .F7F9 IDIV ECX ;EAX与A进行idiv运算
00402C0C .8BC6 MOV EAX,ESI ;EAX=用户名第二位的Ascii
00402C0E .83C8 43 OR EAX,43 ;EAX=EAX OR $43
00402C11 .885424 12 MOV BYTE PTR SS:,DL
00402C15 .99 CDQ
00402C16 .F7F9 IDIV ECX ;EAX与A进行idiv运算
00402C18 .B9 B0104200 MOV ECX,openvcap.004210B0 ;ASCII "mayday"
00402C1D .33F6 XOR ESI,ESI
00402C1F .8D79 01 LEA EDI,DWORD PTR DS:
00402C22 .885424 13 MOV BYTE PTR SS:,DL
00402C26 >8A01 MOV AL,BYTE PTR DS: ;注册名逐位ascii码送al,进入循环
00402C28 .41 INC ECX
00402C29 .84C0 TEST AL,AL
00402C2B .^ 75 F9 JNZ SHORT openvcap.00402C26
00402C2D .2BCF SUB ECX,EDI
00402C2F .894C24 14 MOV DWORD PTR SS:,ECX
00402C33 .74 2A JE SHORT openvcap.00402C5F
00402C35 .EB 09 JMP SHORT openvcap.00402C40
00402C37 .8DA424 000000>LEA ESP,DWORD PTR SS:
00402C3E .8BFF MOV EDI,EDI
00402C40 >0FB696 B01042>MOVZX EDX,BYTE PTR DS:
00402C47 .B9 B0104200 MOV ECX,openvcap.004210B0 ;ASCII "mayday"
00402C4C .03EA ADD EBP,EDX
00402C4E .46 INC ESI
00402C4F .8D79 01 LEA EDI,DWORD PTR DS:
00402C52 >8A01 MOV AL,BYTE PTR DS: ;注册名逐位ascii码送al,进入循环
00402C54 .41 INC ECX
00402C55 .84C0 TEST AL,AL
00402C57 .^ 75 F9 JNZ SHORT openvcap.00402C52
00402C59 .2BCF SUB ECX,EDI
00402C5B .3BF1 CMP ESI,ECX
00402C5D .^ 72 E1 JB SHORT openvcap.00402C40
00402C5F >8A0D 20164200 MOV CL,BYTE PTR DS:
00402C65 .0FB67C24 20 MOVZX EDI,BYTE PTR SS:
00402C6A .8A1D 21164200 MOV BL,BYTE PTR DS: ;$32给bl
00402C70 .A0 22164200 MOV AL,BYTE PTR DS: ;$33给al
00402C75 .8A15 23164200 MOV DL,BYTE PTR DS: ;$34给dl
00402C7B .0FB6F1 MOVZX ESI,CL
00402C7E .83EE 30 SUB ESI,30 ;ESI-$30 ESI=1
00402C81 .3BFE CMP EDI,ESI ;EDI=7和ESI=1比较,即第一位必须是7
00402C83 .75 48 JNZ SHORT openvcap.00402CCD ;不相等回家睡觉
00402C85 .0FB67C24 24 MOVZX EDI,BYTE PTR SS:
00402C8A .0FB6F3 MOVZX ESI,BL
00402C8D .83EE 30 SUB ESI,30
00402C90 .3BFE CMP EDI,ESI ;EDI=1和ESI=2比较,即第二位必须是1
00402C92 .75 39 JNZ SHORT openvcap.00402CCD ;不相等回家睡觉
00402C94 .0FB67424 12 MOVZX ESI,BYTE PTR SS:
00402C99 .0FB6C0 MOVZX EAX,AL
00402C9C .83E8 30 SUB EAX,30
00402C9F .3BF0 CMP ESI,EAX ;ESI=1和EAX=3比较,即第三位必须是1
00402CA1 .75 2A JNZ SHORT openvcap.00402CCD ;不相等回家睡觉
00402CA3 .0FB64424 13 MOVZX EAX,BYTE PTR SS:
00402CA8 .0FB6D2 MOVZX EDX,DL
00402CAB .83EA 30 SUB EDX,30
00402CAE .3BC2 CMP EAX,EDX ;EAX=9和EDX=4比较,即第四位必须是9
00402CB0 .75 1B JNZ SHORT openvcap.00402CCD ;不相等回家睡觉
00402CB2 .8BC5 MOV EAX,EBP ;EAX=EBP=285(用户名的Ascii)
00402CB4 .99 CDQ
00402CB5 .BE 0A000000 MOV ESI,0A ;ESI=$A
00402CBA .F7FE IDIV ESI ;EAX=285 IDIV $A
00402CBC .0FB605 241642>MOVZX EAX,BYTE PTR DS:
00402CC3 .83E8 30 SUB EAX,30
00402CC6 .0FB6D2 MOVZX EDX,DL
00402CC9 .3BD0 CMP EDX,EAX ;EDX=5和EAX=5比较
00402CCB .74 4B JE SHORT openvcap.00402D18 ;相等就注册成功
00402CCD >80F9 32 CMP CL,32
00402CD0 .0F85 99000000 JNZ openvcap.00402D6F
00402CD6 .80FB 33 CMP BL,33
00402CD9 .0F85 90000000 JNZ openvcap.00402D6F
00402CDF .803D 22164200>CMP BYTE PTR DS:,39
00402CE6 .0F85 83000000 JNZ openvcap.00402D6F
00402CEC .803D 23164200>CMP BYTE PTR DS:,31
00402CF3 .75 7A JNZ SHORT openvcap.00402D6F
00402CF5 .381D 24164200 CMP BYTE PTR DS:,BL
00402CFB .75 72 JNZ SHORT openvcap.00402D6F
00402CFD .803D 25164200>CMP BYTE PTR DS:,31
00402D04 .75 69 JNZ SHORT openvcap.00402D6F
00402D06 .803D 26164200>CMP BYTE PTR DS:,34
00402D0D .75 60 JNZ SHORT openvcap.00402D6F
00402D0F .803D 27164200>CMP BYTE PTR DS:,36
00402D16 .75 57 JNZ SHORT openvcap.00402D6F
00402D18 >8B7C24 1C MOV EDI,DWORD PTR SS:
00402D1C .6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
00402D1E .68 60B74100 PUSH openvcap.0041B760 ; |message
00402D23 .68 44B74100 PUSH openvcap.0041B744 ; |registration has succeeded!
00402D28 .57 PUSH EDI ; |hOwner
00402D29 .FF15 68B24100 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
00402D2F .8B35 A0B04100 MOV ESI,DWORD PTR DS:[<&KERNEL32.WritePr>;kernel32.WriteProfileStringA
00402D35 .68 B0104200 PUSH openvcap.004210B0 ; /String = "mayday"
00402D3A .68 38B74100 PUSH openvcap.0041B738 ; |username
00402D3F .68 ECB64100 PUSH openvcap.0041B6EC ; |openvideocapture
00402D44 .FFD6 CALL ESI ; \WriteProfileStringA
00402D46 .68 20164200 PUSH openvcap.00421620 ; /String = "123456789"
00402D4B .68 24B74100 PUSH openvcap.0041B724 ; |registration_code
00402D50 .68 ECB64100 PUSH openvcap.0041B6EC ; |openvideocapture
00402D55 .FFD6 CALL ESI ; \WriteProfileStringA
00402D57 .6A 01 PUSH 1 ; /Result = 1
00402D59 .57 PUSH EDI ; |hWnd
00402D5A .FF15 18B34100 CALL DWORD PTR DS:[<&USER32.EndDialog>]; \EndDialog
00402D60 .5F POP EDI
00402D61 .5E POP ESI
00402D62 .5D POP EBP
00402D63 .B8 01000000 MOV EAX,1
00402D68 .5B POP EBX
00402D69 .83C4 08 ADD ESP,8
00402D6C .C2 1000 RETN 10
00402D6F >8B4C24 1C MOV ECX,DWORD PTR SS:
00402D73 .6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
00402D75 .68 B0B74100 PUSH openvcap.0041B7B0 ; |error
00402D7A .68 0CB74100 PUSH openvcap.0041B70C ; |registration failed!
00402D7F .51 PUSH ECX ; |hOwner
00402D80 .FF15 68B24100 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
00402D86 .5F POP EDI
00402D87 .5E POP ESI
00402D88 .5D POP EBP
00402D89 .B8 01000000 MOV EAX,1
00402D8E .5B POP EBX
00402D8F .83C4 08 ADD ESP,8
00402D92 .C2 1000 RETN 10
00402D95 >8B7424 1C MOV ESI,DWORD PTR SS: ;案例 110 --> 分支 00402AB7
00402D99 .8B3D 0CB34100 MOV EDI,DWORD PTR DS:[<&USER32.SetDlgIte>;USER32.SetDlgItemTextA
00402D9F .68 B0104200 PUSH openvcap.004210B0 ; /Text = "mayday"
00402DA4 .68 E8030000 PUSH 3E8 ; |ControlID = 3E8 (1000.)
00402DA9 .56 PUSH ESI ; |hWnd
00402DAA .FFD7 CALL EDI ; \SetDlgItemTextA
00402DAC .68 20164200 PUSH openvcap.00421620 ; /Text = "123456789"
00402DB1 .68 E9030000 PUSH 3E9 ; |ControlID = 3E9 (1001.)
00402DB6 .56 PUSH ESI ; |hWnd
00402DB7 .FFD7 CALL EDI ; \SetDlgItemTextA
00402DB9 >5F POP EDI ;分支 00402AD9 默认案例
00402DBA .5E POP ESI
00402DBB .5D POP EBP
00402DBC .B8 01000000 MOV EAX,1
00402DC1 .5B POP EBX
00402DC2 .83C4 08 ADD ESP,8
00402DC5 .C2 1000 RETN 10
--------------------------------------------------------------------------------
注册名须不小于两位,注册码位数为8位以上,主要思路如下:
1.注册名第一位的ascii码与$57做or运算,再与A进行idiv运算,余数“7”为注册码第一位;
2.注册名第二位的ascii码与$45做or运算,再与A进行idiv运算,余数“1”为注册码第二位;
3.注册名第一位的ascii码与$42做or运算,再与A进行idiv运算,余数“1”为注册码第三位;
4.注册名第二位的ascii码与$43做or运算,再与A进行idiv运算,余数“9”为注册码第四位;
5.此时ebp=$285(用户名的Ascii),与A进行idiv运算,余数“5”为注册码第五位;
6.第六位以后任意
--------------------------------------------------------------------------------
合起来,即注册名:mayday,注册码:71195***,还有一组通用注册码:2391146
--------------------------------------------------------------------------------
【Delphi注册机源码】
--------------------------------------------------------------------------------
procedure TForm1.Button1Click(Sender: TObject);
var
sn1,sn2,sn3,sn4,sn5,i:integer;
begin
sn5:=0;
for i:=1 to length(edit1.text) do
sn5:=sn5+ord(edit1.text);
sn5:=sn5 mod $A;
sn1:=ord(edit1.text) or $57;
sn1:=sn1 mod $A;
sn2:=ord(edit1.text) or $45;
sn2:=sn2 mod $A;
sn3:=ord(edit1.text) or $42;
sn3:=sn3 mod $A;
sn4:=ord(edit1.text) or $43;
sn4:=sn4 mod $A;
edit2.Text:=inttostr(sn1)+inttostr(sn2)+inttostr(sn3)+inttostr(sn4)+inttostr(sn5)+'555';
end;
end. 原帖由 inroading 于 2007-10-3 01:51 发表 https://www.chinapyg.com/images/common/back.gif
在证一分,下载从没见过如此麻烦的
没看懂楼主回复三帖要表达的意思 不要灌水哦~
页:
[1]