Absolute Sound Recorder 3.5.7 汉化版—zgmap注册版
Absolute Sound Recorder 3.57中文简介:Absolute Sound Recorder 是一款强大的录音工具。
用这个容易使用的工具,你可以从麦克风,Line-in音频,
互联网的音频流录音,或者可以把Winamp, Windows Media Player, Quick Time, Real Player, Flash,
游戏等播放的音乐录到你的硬盘上,毫无数据损失。支持三种输出格式:WAV,MP3和WMA。
该软件支持四种流行的音频格式:MP3、WAV、WMA 与 OGG。
软件的向导功能使用分割工作非常容易地被用户理解。
而且,你还可以对目标文件的 ID3 标签信息进行编辑。
软件除了支持设置音频格式的比特率与频率,
同样还支持 MP3 与OGG 文件的 VBR 功能。
用户名:zgmap
注册码:azz=W1cvnEGNay8A
截图:
原版华军下载:
http://www.onlinedown.net/soft/39322.htm
本注册码根据Absolute Sound Recorder v3.4.1 英文版算法分析得出,经测试3.5.7版可用:
下载地址:http://download.it168.com/04/0410/22971/22971_3.shtml
【破文标题】Absolute Sound Recorder v3.4.1算法分析
【破文作者】zgmap
【作者邮箱】
【作者主页】
【破解工具】PEiD,OD
【破解平台】Windows XP
【软件名称】Absolute Sound Recorder v3.4.1
【软件大小】2376 KB
【原版下载】http://download.it168.com/04/0410/22971/22971_3.shtml
【保护方式】注册码
【软件简介】Absolute Sound Recorder是一款强大的录音工具。用这个容易使用的工具,你可以从麦克风,Line-in音频,互联网的音频流录音,或者可以把Winamp, Windows Media Player, Quick Time, Real Player, Flash, 游戏等播放的音乐录到你的硬盘上,毫无数据损失。支持三种输出格式:WAV,MP3和WMA。
【破解声明】初学
------------------------------------------------------------------------
1、查壳 无壳。Borland Delphi 6.0 - 7.0编写。
2、OD载入,很容易找到关键点。停在这里。
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
004A75B0/.55 PUSH EBP ;注册程序的入口。
004A75B1|.8BEC MOV EBP,ESP
004A75B3|.6A 00 PUSH 0
004A75B5|.6A 00 PUSH 0
004A75B7|.53 PUSH EBX
004A75B8|.8BD8 MOV EBX,EAX
004A75BA|.33C0 XOR EAX,EAX
004A75BC|.55 PUSH EBP
004A75BD|.68 43764A00 PUSH Absolute.004A7643
004A75C2|.64:FF30 PUSH DWORD PTR FS:
004A75C5|.64:8920 MOV DWORD PTR FS:,ESP
004A75C8|.8D55 FC LEA EDX,DWORD PTR SS:
004A75CB|.8B83 0C030000 MOV EAX,DWORD PTR DS:
004A75D1|.E8 B2B0F9FF CALL Absolute.00442688
004A75D6|.8D55 F8 LEA EDX,DWORD PTR SS: ;用户名位数放EAX中。
004A75D9|.8B83 10030000 MOV EAX,DWORD PTR DS:
004A75DF|.E8 A4B0F9FF CALL Absolute.00442688
004A75E4|.A1 F4B94A00 MOV EAX,DWORD PTR DS:
004A75E9|.8B00 MOV EAX,DWORD PTR DS:
004A75EB|.8B4D F8 MOV ECX,DWORD PTR SS: ;我们输入的试练码放到ECX中。
004A75EE|.8B55 FC MOV EDX,DWORD PTR SS: ;输入的用户名入到EDX中。
004A75F1|.E8 2EC5FFFF CALL Absolute.004A3B24 ;关键CALL
004A75F6|.84C0 TEST AL,AL ;标志位,可以爆破。
004A75F8|.74 2E JE SHORT Absolute.004A7628 ;关键跳。
004A75FA|.A1 F4B94A00 MOV EAX,DWORD PTR DS:
004A75FF|.8B00 MOV EAX,DWORD PTR DS:
004A7601|.8B55 FC MOV EDX,DWORD PTR SS:
004A7604|.E8 93C8FFFF CALL Absolute.004A3E9C
004A7609|.6A 40 PUSH 40
004A760B|.B9 50764A00 MOV ECX,Absolute.004A7650 ;这里注册成功的标志!
004A7610|.BA 64764A00 MOV EDX,Absolute.004A7664 ;ASCII "Register successfully!Thank you for your support!"
004A7615|.A1 C0B84A00 MOV EAX,DWORD PTR DS:
004A761A|.8B00 MOV EAX,DWORD PTR DS:
004A761C|.E8 0BBFFBFF CALL Absolute.0046352C
004A7621|.8BC3 MOV EAX,EBX
004A7623|.E8 C886FBFF CALL Absolute.0045FCF0
004A7628|>33C0 XOR EAX,EAX
004A762A|.5A POP EDX
004A762B|.59 POP ECX
004A762C|.59 POP ECX
004A762D|.64:8910 MOV DWORD PTR FS:,EDX
004A7630|.68 4A764A00 PUSH Absolute.004A764A
004A7635|>8D45 F8 LEA EAX,DWORD PTR SS:
004A7638|.BA 02000000 MOV EDX,2
004A763D|.E8 2AD1F5FF CALL Absolute.0040476C
004A7642\.C3 RETN
004A7643 .^ E9 08CBF5FF JMP Absolute.00404150
004A7648 .^ EB EB JMP SHORT Absolute.004A7635
004A764A .5B POP EBX
004A764B .59 POP ECX
004A764C .59 POP ECX
004A764D .5D POP EBP
004A764E .C3 RETN
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
第一次关键CALL跳进
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
004A3B24/$55 PUSH EBP ;关键CALL入口。
004A3B25|.8BEC MOV EBP,ESP
004A3B27|.83C4 E4 ADD ESP,-1C
004A3B2A|.53 PUSH EBX
004A3B2B|.33DB XOR EBX,EBX
004A3B2D|.895D F4 MOV DWORD PTR SS:,EBX
004A3B30|.894D F8 MOV DWORD PTR SS:,ECX ;试练码!
004A3B33|.8955 FC MOV DWORD PTR SS:,EDX ;用户名。
004A3B36|.8B45 FC MOV EAX,DWORD PTR SS: ;用户名放EAX中。
004A3B39|.E8 AA10F6FF CALL Absolute.00404BE8
004A3B3E|.8B45 F8 MOV EAX,DWORD PTR SS:
004A3B41|.E8 A210F6FF CALL Absolute.00404BE8
004A3B46|.8D45 EC LEA EAX,DWORD PTR SS:
004A3B49|.8B15 14C44900 MOV EDX,DWORD PTR DS: ;Absolute.0049C418
004A3B4F|.E8 6016F6FF CALL Absolute.004051B4
004A3B54|.8D45 E4 LEA EAX,DWORD PTR SS:
004A3B57|.8B15 14C44900 MOV EDX,DWORD PTR DS: ;Absolute.0049C418
004A3B5D|.E8 5216F6FF CALL Absolute.004051B4
004A3B62|.33C0 XOR EAX,EAX
004A3B64|.55 PUSH EBP
004A3B65|.68 E63B4A00 PUSH Absolute.004A3BE6
004A3B6A|.64:FF30 PUSH DWORD PTR FS:
004A3B6D|.64:8920 MOV DWORD PTR FS:,ESP
004A3B70|.33DB XOR EBX,EBX
004A3B72|.8D55 EC LEA EDX,DWORD PTR SS:
004A3B75|.A1 9CB54A00 MOV EAX,DWORD PTR DS: ;这里有一组字符65537放到EAX中。
004A3B7A|.E8 258FFFFF CALL Absolute.0049CAA4 ;这个CALL也要跟进。
004A3B7F|.8D55 E4 LEA EDX,DWORD PTR SS:
004A3B82|.A1 A0B54A00 MOV EAX,DWORD PTR DS: ;这里也是一组常数放到EAX中。
004A3B87|.E8 188FFFFF CALL Absolute.0049CAA4 ;这个CALL是把这个常数转为二进制。
004A3B8C|.8D45 FC LEA EAX,DWORD PTR SS:
004A3B8F|.50 PUSH EAX
004A3B90|.8D4D E4 LEA ECX,DWORD PTR SS:
004A3B93|.8D55 EC LEA EDX,DWORD PTR SS:
004A3B96|.8B45 FC MOV EAX,DWORD PTR SS:
004A3B99|.E8 F2B2FFFF CALL Absolute.0049EE90 ;这里是用户名二进制放到EAX中。进行四次大循环二进制运算
004A3B9E|.8D55 F4 LEA EDX,DWORD PTR SS:
004A3BA1|.8B45 FC MOV EAX,DWORD PTR SS:
004A3BA4|.E8 D38AFFFF CALL Absolute.0049C67C
004A3BA9|.8B45 F8 MOV EAX,DWORD PTR SS: ;假码放EAX中。
004A3BAC|.8B55 F4 MOV EDX,DWORD PTR SS: ;这里出现真码放EDX中。!!!
004A3BAF|.E8 900FF6FF CALL Absolute.00404B44 ;比较CALL。
004A3BB4|.75 02 JNZ SHORT Absolute.004A3BB8 ;不相等就跳,死,可以进行标志位爆破!!
004A3BB6|.B3 01 MOV BL,1
004A3BB8|>33C0 XOR EAX,EAX
004A3BBA|.5A POP EDX
004A3BBB|.59 POP ECX
004A3BBC|.59 POP ECX
004A3BBD|.64:8910 MOV DWORD PTR FS:,EDX
004A3BC0|.68 ED3B4A00 PUSH Absolute.004A3BED
004A3BC5|>8D45 E4 LEA EAX,DWORD PTR SS:
004A3BC8|.8B15 14C44900 MOV EDX,DWORD PTR DS: ;Absolute.0049C418
004A3BCE|.B9 02000000 MOV ECX,2
004A3BD3|.E8 E016F6FF CALL Absolute.004052B8
004A3BD8|.8D45 F4 LEA EAX,DWORD PTR SS:
004A3BDB|.BA 03000000 MOV EDX,3
004A3BE0|.E8 870BF6FF CALL Absolute.0040476C
004A3BE5\.C3 RETN
004A3BE6 .^ E9 6505F6FF JMP Absolute.00404150
004A3BEB .^ EB D8 JMP SHORT Absolute.004A3BC5
004A3BED .8BC3 MOV EAX,EBX
004A3BEF .5B POP EBX
004A3BF0 .8BE5 MOV ESP,EBP
004A3BF2 .5D POP EBP
004A3BF3 .C3 RETN
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
第二次关键CALL跟进
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
0049EE90/$55 PUSH EBP ;第三次CALL入口。
0049EE91|.8BEC MOV EBP,ESP
0049EE93|.83C4 D0 ADD ESP,-30
0049EE96|.53 PUSH EBX
0049EE97|.56 PUSH ESI
0049EE98|.57 PUSH EDI
0049EE99|.33DB XOR EBX,EBX
0049EE9B|.895D D0 MOV DWORD PTR SS:,EBX
0049EE9E|.895D DC MOV DWORD PTR SS:,EBX
0049EEA1|.895D D8 MOV DWORD PTR SS:,EBX
0049EEA4|.895D D4 MOV DWORD PTR SS:,EBX
0049EEA7|.8BF9 MOV EDI,ECX
0049EEA9|.8955 F8 MOV DWORD PTR SS:,EDX
0049EEAC|.8945 FC MOV DWORD PTR SS:,EAX
0049EEAF|.8B45 FC MOV EAX,DWORD PTR SS:
0049EEB2|.E8 315DF6FF CALL Absolute.00404BE8
0049EEB7|.8D45 F0 LEA EAX,DWORD PTR SS:
0049EEBA|.8B15 14C44900 MOV EDX,DWORD PTR DS: ;Absolute.0049C418
0049EEC0|.E8 EF62F6FF CALL Absolute.004051B4
0049EEC5|.8D45 E8 LEA EAX,DWORD PTR SS:
0049EEC8|.8B15 14C44900 MOV EDX,DWORD PTR DS: ;Absolute.0049C418
0049EECE|.E8 E162F6FF CALL Absolute.004051B4
0049EED3|.8D45 E0 LEA EAX,DWORD PTR SS:
0049EED6|.8B15 14C44900 MOV EDX,DWORD PTR DS: ;Absolute.0049C418
0049EEDC|.E8 D362F6FF CALL Absolute.004051B4
0049EEE1|.33C0 XOR EAX,EAX
0049EEE3|.55 PUSH EBP
0049EEE4|.68 D7F04900 PUSH Absolute.0049F0D7
0049EEE9|.64:FF30 PUSH DWORD PTR FS:
0049EEEC|.64:8920 MOV DWORD PTR FS:,ESP
0049EEEF|.8D55 E0 LEA EDX,DWORD PTR SS:
0049EEF2|.B8 F0F04900 MOV EAX,Absolute.0049F0F0
0049EEF7|.E8 3CEBFFFF CALL Absolute.0049DA38
0049EEFC|.8D55 DC LEA EDX,DWORD PTR SS:
0049EEFF|.8BC7 MOV EAX,EDI
0049EF01|.E8 4EEAFFFF CALL Absolute.0049D954
0049EF06|.8B45 DC MOV EAX,DWORD PTR SS: ;常数转为的二进制放EAX中。
0049EF09|.E8 F25AF6FF CALL Absolute.00404A00
0049EF0E|.8BD8 MOV EBX,EAX
0049EF10|.8D55 DC LEA EDX,DWORD PTR SS:
0049EF13|.8B45 FC MOV EAX,DWORD PTR SS:
0049EF16|.E8 E1D8FFFF CALL Absolute.0049C7FC ;取出用户名。
0049EF1B|.8D45 DC LEA EAX,DWORD PTR SS:
0049EF1E|.8B4D DC MOV ECX,DWORD PTR SS: ;把用户的我ASCII转为二进制。
0049EF21|.BA FCF04900 MOV EDX,Absolute.0049F0FC ;ASCII "111"
0049EF26|.E8 215BF6FF CALL Absolute.00404A4C ;这个CALL是把一个常数111放到用户名ASCII转二进制的前面。
0049EF2B|.8BF3 MOV ESI,EBX
0049EF2D|.4E DEC ESI
0049EF2E|.EB 10 JMP SHORT Absolute.0049EF40
0049EF30|>8D45 DC /LEA EAX,DWORD PTR SS: ;这里是把用户名的二进制码与一个常数111连接。
0049EF33|.8B4D DC |MOV ECX,DWORD PTR SS:
0049EF36|.BA F0F04900 |MOV EDX,Absolute.0049F0F0
0049EF3B|.E8 0C5BF6FF |CALL Absolute.00404A4C
0049EF40|>8B45 DC MOV EAX,DWORD PTR SS:
0049EF43|.E8 B85AF6FF |CALL Absolute.00404A00
0049EF48|.99 |CDQ
0049EF49|.F7FE |IDIV ESI
0049EF4B|.85D2 |TEST EDX,EDX
0049EF4D|.^ 75 E1 \JNZ SHORT Absolute.0049EF30 ;取第二组常数的位数进行循环。
0049EF4F|.8B45 DC MOV EAX,DWORD PTR SS:
0049EF52|.E8 A95AF6FF CALL Absolute.00404A00
0049EF57|.8BD3 MOV EDX,EBX
0049EF59|.4A DEC EDX
0049EF5A|.8BCA MOV ECX,EDX
0049EF5C|.99 CDQ
0049EF5D|.F7F9 IDIV ECX
0049EF5F|.8BF0 MOV ESI,EAX
0049EF61|.8D45 D8 LEA EAX,DWORD PTR SS:
0049EF64|.E8 DF57F6FF CALL Absolute.00404748
0049EF69|.85F6 TEST ESI,ESI
0049EF6B|.0F8E 0A010000 JLE Absolute.0049F07B
0049EF71|>8D45 D4 /LEA EAX,DWORD PTR SS: ;以下是,把用户名的二进制进行循环处理,得到二进制数。
0049EF74|.50 |PUSH EAX
0049EF75|.8BCB |MOV ECX,EBX
0049EF77|.49 |DEC ECX
0049EF78|.BA 01000000 |MOV EDX,1
0049EF7D|.8B45 DC |MOV EAX,DWORD PTR SS:
0049EF80|.E8 D35CF6FF |CALL Absolute.00404C58
0049EF85|.EB 12 |JMP SHORT Absolute.0049EF99
0049EF87|>8D45 D4 |/LEA EAX,DWORD PTR SS:
0049EF8A|.B9 01000000 ||MOV ECX,1
0049EF8F|.BA 01000000 ||MOV EDX,1
0049EF94|.E8 FF5CF6FF ||CALL Absolute.00404C98
0049EF99|>8D45 D0 | LEA EAX,DWORD PTR SS:
0049EF9C|.50 ||PUSH EAX
0049EF9D|.B9 01000000 ||MOV ECX,1
0049EFA2|.BA 01000000 ||MOV EDX,1
0049EFA7|.8B45 D4 ||MOV EAX,DWORD PTR SS:
0049EFAA|.E8 A95CF6FF ||CALL Absolute.00404C58 ;这里可以看到如果用户名二进制的位数小于常数2的位数就在前面补0
0049EFAF|.8B45 D0 ||MOV EAX,DWORD PTR SS:
0049EFB2|.BA F0F04900 ||MOV EDX,Absolute.0049F0F0
0049EFB7|.E8 885BF6FF ||CALL Absolute.00404B44
0049EFBC|.75 0B ||JNZ SHORT Absolute.0049EFC9
0049EFBE|.8B45 D4 ||MOV EAX,DWORD PTR SS:
0049EFC1|.E8 3A5AF6FF ||CALL Absolute.00404A00
0049EFC6|.48 ||DEC EAX
0049EFC7|.^ 7F BE |\JG SHORT Absolute.0049EF87
0049EFC9|>8D55 F0 |LEA EDX,DWORD PTR SS:
0049EFCC|.8B45 D4 |MOV EAX,DWORD PTR SS:
0049EFCF|.E8 64EAFFFF |CALL Absolute.0049DA38 ;这里是用户名的二进制ASCII
0049EFD4|.8BCB |MOV ECX,EBX
0049EFD6|.49 |DEC ECX
0049EFD7|.8D45 DC |LEA EAX,DWORD PTR SS:
0049EFDA|.BA 01000000 |MOV EDX,1
0049EFDF|.E8 B45CF6FF |CALL Absolute.00404C98
0049EFE4|.8B45 D4 |MOV EAX,DWORD PTR SS:
0049EFE7|.BA F0F04900 |MOV EDX,Absolute.0049F0F0
0049EFEC|.E8 535BF6FF |CALL Absolute.00404B44
0049EFF1|.75 0D |JNZ SHORT Absolute.0049F000
0049EFF3|.8D55 E8 |LEA EDX,DWORD PTR SS:
0049EFF6|.8D45 E0 |LEA EAX,DWORD PTR SS:
0049EFF9|.E8 6EE3FFFF |CALL Absolute.0049D36C
0049EFFE|.EB 11 |JMP SHORT Absolute.0049F011
0049F000|>8D45 E8 |LEA EAX,DWORD PTR SS:
0049F003|.50 |PUSH EAX
0049F004|.8BCF |MOV ECX,EDI
0049F006|.8B55 F8 |MOV EDX,DWORD PTR SS:
0049F009|.8D45 F0 |LEA EAX,DWORD PTR SS:
0049F00C|.E8 CFF7FFFF |CALL Absolute.0049E7E0
0049F011|>8D45 F0 |LEA EAX,DWORD PTR SS:
0049F014|.E8 03DDFFFF |CALL Absolute.0049CD1C
0049F019|.8D45 D4 |LEA EAX,DWORD PTR SS:
0049F01C|.E8 2757F6FF |CALL Absolute.00404748
0049F021|.8D55 D4 |LEA EDX,DWORD PTR SS:
0049F024|.8D45 E8 |LEA EAX,DWORD PTR SS:
0049F027|.E8 28E9FFFF |CALL Absolute.0049D954 ;这个CALL有兴趣可以跟进,里面是把用户进行多重二进制比较。得出一个新的二进制码
0049F02C|.EB 10 |JMP SHORT Absolute.0049F03E
0049F02E|>8D45 D4 |/LEA EAX,DWORD PTR SS:
0049F031|.8B4D D4 ||MOV ECX,DWORD PTR SS:
0049F034|.BA F0F04900 ||MOV EDX,Absolute.0049F0F0
0049F039|.E8 0E5AF6FF ||CALL Absolute.00404A4C
0049F03E|>8B45 D4 | MOV EAX,DWORD PTR SS:
0049F041|.E8 BA59F6FF ||CALL Absolute.00404A00
0049F046|.99 ||CDQ
0049F047|.F7FB ||IDIV EBX
0049F049|.85D2 ||TEST EDX,EDX
0049F04B|.^ 75 E1 |\JNZ SHORT Absolute.0049F02E
0049F04D|.8D45 D8 |LEA EAX,DWORD PTR SS:
0049F050|.8B55 D4 |MOV EDX,DWORD PTR SS:
0049F053|.E8 B059F6FF |CALL Absolute.00404A08
0049F058|.8D45 E8 |LEA EAX,DWORD PTR SS:
0049F05B|.E8 BCDCFFFF |CALL Absolute.0049CD1C
0049F060|.4E |DEC ESI
0049F061|.^ 0F85 0AFFFFFF \JNZ Absolute.0049EF71
0049F067|.EB 12 JMP SHORT Absolute.0049F07B
0049F069|>8D45 D8 /LEA EAX,DWORD PTR SS:
0049F06C|.B9 01000000 |MOV ECX,1
0049F071|.BA 01000000 |MOV EDX,1
0049F076|.E8 1D5CF6FF |CALL Absolute.00404C98
0049F07B|>8B45 D8 MOV EAX,DWORD PTR SS: ;这里可以看到用户的二进制码经过多次处理后的二进制码。
0049F07E|.8038 30 |CMP BYTE PTR DS:,30
0049F081|.75 0B |JNZ SHORT Absolute.0049F08E
0049F083|.8B45 D8 |MOV EAX,DWORD PTR SS:
0049F086|.E8 7559F6FF |CALL Absolute.00404A00
0049F08B|.48 |DEC EAX
0049F08C|.^ 7F DB \JG SHORT Absolute.0049F069 ;这个操作是去除前面的0。
0049F08E|>8B55 08 MOV EDX,DWORD PTR SS:
0049F091|.8B45 D8 MOV EAX,DWORD PTR SS: ;看到去除前面0的二进制值。
0049F094|.E8 0FD8FFFF CALL Absolute.0049C8A8
0049F099|.8D45 E0 LEA EAX,DWORD PTR SS:
0049F09C|.E8 7BDCFFFF CALL Absolute.0049CD1C
0049F0A1|.33C0 XOR EAX,EAX
0049F0A3|.5A POP EDX
0049F0A4|.59 POP ECX
0049F0A5|.59 POP ECX
0049F0A6|.64:8910 MOV DWORD PTR FS:,EDX
0049F0A9|.68 DEF04900 PUSH Absolute.0049F0DE
0049F0AE|>8D45 D0 LEA EAX,DWORD PTR SS:
0049F0B1|.BA 04000000 MOV EDX,4
0049F0B6|.E8 B156F6FF CALL Absolute.0040476C
0049F0BB|.8D45 E0 LEA EAX,DWORD PTR SS:
0049F0BE|.8B15 14C44900 MOV EDX,DWORD PTR DS: ;Absolute.0049C418
0049F0C4|.B9 03000000 MOV ECX,3
0049F0C9|.E8 EA61F6FF CALL Absolute.004052B8
0049F0CE|.8D45 FC LEA EAX,DWORD PTR SS:
0049F0D1|.E8 7256F6FF CALL Absolute.00404748
0049F0D6\.C3 RETN
0049F0D7 .^ E9 7450F6FF JMP Absolute.00404150
0049F0DC .^ EB D0 JMP SHORT Absolute.0049F0AE
0049F0DE .5F POP EDI
0049F0DF .5E POP ESI
0049F0E0 .5B POP EBX
0049F0E1 .8BE5 MOV ESP,EBP
0049F0E3 .5D POP EBP
0049F0E4 .C2 0400 RETN 4
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
第三个关键CALL跟进
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
0049C67C/$55 PUSH EBP ;这又是一个关键的入口点。
0049C67D|.8BEC MOV EBP,ESP
0049C67F|.81C4 ECFBFFFF ADD ESP,-414
0049C685|.53 PUSH EBX
0049C686|.56 PUSH ESI
0049C687|.57 PUSH EDI
0049C688|.33C9 XOR ECX,ECX
0049C68A|.898D ECFBFFFF MOV DWORD PTR SS:,ECX
0049C690|.898D F0FBFFFF MOV DWORD PTR SS:,ECX
0049C696|.894D F8 MOV DWORD PTR SS:,ECX
0049C699|.8BFA MOV EDI,EDX
0049C69B|.8945 FC MOV DWORD PTR SS:,EAX
0049C69E|.B9 00010000 MOV ECX,100
0049C6A3|.8D85 F4FBFFFF LEA EAX,DWORD PTR SS:
0049C6A9|.8B15 10114000 MOV EDX,DWORD PTR DS: ;Absolute.00401114
0049C6AF|.E8 308BF6FF CALL Absolute.004051E4
0049C6B4|.33C0 XOR EAX,EAX
0049C6B6|.55 PUSH EBP
0049C6B7|.68 E1C74900 PUSH Absolute.0049C7E1
0049C6BC|.64:FF30 PUSH DWORD PTR FS:
0049C6BF|.64:8920 MOV DWORD PTR FS:,ESP
0049C6C2|.8D85 F4FBFFFF LEA EAX,DWORD PTR SS:
0049C6C8|.BA FF000000 MOV EDX,0FF
0049C6CD|.E8 36FEFFFF CALL Absolute.0049C508
0049C6D2|.8D45 F8 LEA EAX,DWORD PTR SS:
0049C6D5|.E8 6E80F6FF CALL Absolute.00404748
0049C6DA|.8B45 FC MOV EAX,DWORD PTR SS:
0049C6DD|.E8 1E83F6FF CALL Absolute.00404A00
0049C6E2|.8BD8 MOV EBX,EAX
0049C6E4|.85DB TEST EBX,EBX
0049C6E6|.7E 2F JLE SHORT Absolute.0049C717
0049C6E8|.BE 01000000 MOV ESI,1
0049C6ED|>8D45 F8 /LEA EAX,DWORD PTR SS:
0049C6F0|.8B55 FC |MOV EDX,DWORD PTR SS:
0049C6F3|.0FB65432 FF |MOVZX EDX,BYTE PTR DS:
0049C6F8|.8B9495 F4FBFF>|MOV EDX,DWORD PTR SS:
0049C6FF|.E8 0483F6FF |CALL Absolute.00404A08
0049C704|.46 |INC ESI ;这里是每组取八个二进制数。
0049C705|.4B |DEC EBX ;EBX做循环变量,每次减一。
0049C706|.^ 75 E5 \JNZ SHORT Absolute.0049C6ED
0049C708|.EB 0D JMP SHORT Absolute.0049C717
0049C70A|>8D45 F8 /LEA EAX,DWORD PTR SS:
0049C70D|.BA F8C74900 |MOV EDX,Absolute.0049C7F8
0049C712|.E8 F182F6FF |CALL Absolute.00404A08
0049C717|>8B45 F8 MOV EAX,DWORD PTR SS: ;循环后得到的二进制数。
0049C71A|.E8 E182F6FF |CALL Absolute.00404A00
0049C71F|.B9 06000000 |MOV ECX,6 ;把6放到ECX中,准备做除法运算
0049C724|.99 |CDQ
0049C725|.F7F9 |IDIV ECX
0049C727|.85D2 |TEST EDX,EDX ;余数放EDX中。
0049C729|.^ 75 DF \JNZ SHORT Absolute.0049C70A ;测试EDX,如果为0就跳过。
0049C72B|.8B45 F8 MOV EAX,DWORD PTR SS:
0049C72E|.E8 CD82F6FF CALL Absolute.00404A00
0049C733|.B9 06000000 MOV ECX,6 ;常数6
0049C738|.99 CDQ
0049C739|.F7F9 IDIV ECX ;除法。
0049C73B|.8BD8 MOV EBX,EAX
0049C73D|.8BC7 MOV EAX,EDI
0049C73F|.E8 0480F6FF CALL Absolute.00404748
0049C744|.85DB TEST EBX,EBX
0049C746|.7E 5D JLE SHORT Absolute.0049C7A5
0049C748|>8D85 F0FBFFFF /LEA EAX,DWORD PTR SS: ;这里是精典算法。查表。
0049C74E|.50 |PUSH EAX
0049C74F|.B9 06000000 |MOV ECX,6 ;把常数6放入ECX中。
0049C754|.BA 01000000 |MOV EDX,1
0049C759|.8B45 F8 |MOV EAX,DWORD PTR SS:
0049C75C|.E8 F784F6FF |CALL Absolute.00404C58
0049C761|.8B95 F0FBFFFF |MOV EDX,DWORD PTR SS: ;上面那个CALL取出二进制运算后的前六位。
0049C767|.8D45 F4 |LEA EAX,DWORD PTR SS: ;首先得到先得到的二进制运算的前六位。
0049C76A|.E8 55FDFFFF |CALL Absolute.0049C4C4
0049C76F|.8D85 ECFBFFFF |LEA EAX,DWORD PTR SS: ;把取得的二进制数位数加1
0049C775|.8B55 F4 |MOV EDX,DWORD PTR SS: ;取出上面取得的二进制数的十进制值放入EDX中。
0049C778|.8A92 53B54A00 |MOV DL,BYTE PTR DS: ;这里就是要查表。
0049C77E|.E8 A581F6FF |CALL Absolute.00404928
0049C783|.8B95 ECFBFFFF |MOV EDX,DWORD PTR SS:
0049C789|.8BC7 |MOV EAX,EDI
0049C78B|.E8 7882F6FF |CALL Absolute.00404A08
0049C790|.8D45 F8 |LEA EAX,DWORD PTR SS:
0049C793|.B9 06000000 |MOV ECX,6
0049C798|.BA 01000000 |MOV EDX,1
0049C79D|.E8 F684F6FF |CALL Absolute.00404C98 ;EBX每次都减一。
0049C7A2|.4B |DEC EBX
0049C7A3|.^ 75 A3 \JNZ SHORT Absolute.0049C748 ;不相等跳出。
0049C7A5|>33C0 XOR EAX,EAX
0049C7A7|.5A POP EDX
0049C7A8|.59 POP ECX
0049C7A9|.59 POP ECX
0049C7AA|.64:8910 MOV DWORD PTR FS:,EDX
0049C7AD|.68 E8C74900 PUSH Absolute.0049C7E8
0049C7B2|>8D85 ECFBFFFF LEA EAX,DWORD PTR SS:
0049C7B8|.BA 02000000 MOV EDX,2
0049C7BD|.E8 AA7FF6FF CALL Absolute.0040476C
0049C7C2|.8D85 F4FBFFFF LEA EAX,DWORD PTR SS:
0049C7C8|.B9 00010000 MOV ECX,100
0049C7CD|.8B15 10114000 MOV EDX,DWORD PTR DS: ;Absolute.00401114
0049C7D3|.E8 E08AF6FF CALL Absolute.004052B8
0049C7D8|.8D45 F8 LEA EAX,DWORD PTR SS:
0049C7DB|.E8 687FF6FF CALL Absolute.00404748
0049C7E0\.C3 RETN
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
------------------------------------------------------------------------
简单说如下,注册码为16位。
1、取用户名的二进制ASCII
2、把这个用户的二进与两组常数的二进制的位数进行操作。
3、把操作后的数再进行二进制操作。四次大循环。
4、把第三步得到的二进制值每次取六位,转为十进制。
5、把转为十进制的值。进行查表。(下表)
表:aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ0123456789+=
6、把查得的字符连接就是注册码,水平有限写不了注册机。
用户名:zgmap 注册码:azz=W1cvnEGNay8A
------------------------------------------------------------------------
【版权声明】本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[ 本帖最后由 zgmap 于 2007-11-15 00:30 编辑 ] 晕,网上注册机,有很多啊,随便一个注册机就可以算出注册码/:012 不信我来上传个注册机。 先顶一下~支持楼主的软件 应该写以下算法~~~ 谢谢分享!支持一下! 辛苦楼主了 不错的东西`
页:
[1]