【PYG视频大赛】Aurora Media Workshop追码
软件13.4M太大,请大家自己到网上找Aurora Media Workshop 3.3.46版普通破解,无新颖技术,重在参与
用OD载入
查找字符串“Invalid username or registration code”
超级字串参考, 项目 3118
地址=0045BE2B
反汇编=PUSH Aurora_M.00497C70
文本字串=Invalid username or registration code
双击返回到OD
0045BDBD .50 PUSH EAX //这里下断
0045BDBE .64:8925 00000>MOV DWORD PTR FS:,ESP
0045BDC5 .51 PUSH ECX
0045BDC6 .53 PUSH EBX
0045BDC7 .56 PUSH ESI
0045BDC8 .8BF1 MOV ESI,ECX
0045BDCA .57 PUSH EDI
0045BDCB .8D4C24 0C LEA ECX,DWORD PTR SS:
0045BDCF .E8 D4BE0000 CALL <JMP.&MFC42.#540>
0045BDD4 .6A 01 PUSH 1
0045BDD6 .8BCE MOV ECX,ESI
0045BDD8 .C74424 1C 000>MOV DWORD PTR SS:,0
0045BDE0 .E8 43C30000 CALL <JMP.&MFC42.#6334>
0045BDE5 .E8 6CC20000 CALL <JMP.&MFC42.#1168>
0045BDEA .8B48 04 MOV ECX,DWORD PTR DS:
0045BDED .E8 78C30000 CALL <JMP.&MFC42.#1669>
0045BDF2 68 E8030000 PUSH 3E8
0045BDF7 .FF15 3C524700 CALL DWORD PTR DS:[<&KERNEL32.Sleep>] ; \Sleep
0045BDFD .E8 54C20000 CALL <JMP.&MFC42.#1168>
0045BE02 .8B48 04 MOV ECX,DWORD PTR DS:
0045BE05 .E8 5AC30000 CALL <JMP.&MFC42.#2652>
0045BE0A .8B46 64 MOV EAX,DWORD PTR DS: ;假码
0045BE0D .8B4E 60 MOV ECX,DWORD PTR DS: ;用户名
0045BE10 .8D5E 64 LEA EBX,DWORD PTR DS:
0045BE13 .8D7E 60 LEA EDI,DWORD PTR DS:
0045BE16 .50 PUSH EAX ;假码入栈
0045BE17 .51 PUSH ECX ;用户名入栈
0045BE18 .E8 83430000 CALL Aurora_M.004601A0 ;关键CALL,F7进入
0045BE1D .83C4 08 ADD ESP,8
0045BE20 .85C0 TEST EAX,EAX
0045BE22 .75 1F JNZ SHORT Aurora_M.0045BE43
0045BE24 .6A 40 PUSH 40
0045BE26 .68 9C7C4900 PUSH Aurora_M.00497C9C ;Sorry
0045BE2B .68 707C4900 PUSH Aurora_M.00497C70 ;Invalid username or registration code//返回到这里,向上找下断的地点
0045BE30 .8BCE MOV ECX,ESI
0045BE32 .E8 EDC30000 CALL <JMP.&MFC42.#4224>
0045BE37 .C705 082C4E00>MOV DWORD PTR DS:,0
0045BE41 .EB 76 JMP SHORT Aurora_M.0045BEB9
0045BE43 >8B07 MOV EAX,DWORD PTR DS:
0045BE45 .8D4C24 0C LEA ECX,DWORD PTR SS:
0045BE49 .50 PUSH EAX
0045BE4A .68 547C4900 PUSH Aurora_M.00497C54 ;License To:%s
0045BE4F .51 PUSH ECX
0045BE50 .E8 07C20000 CALL <JMP.&MFC42.#2818>
0045BE55 .8B5424 18 MOV EDX,DWORD PTR SS:
0045BE59 .83C4 0C ADD ESP,0C
0045BE5C .8BCE MOV ECX,ESI
0045BE5E .6A 40 PUSH 40
0045BE60 .68 487C4900 PUSH Aurora_M.00497C48 ;Thank you
进入关键CALL
004601A0/$53 PUSH EBX
004601A1|.55 PUSH EBP
004601A2|.8B6C24 0C MOV EBP,DWORD PTR SS: ;EBP=name
004601A6|.56 PUSH ESI ;ESI=0012F4A0
004601A7|.57 PUSH EDI ;EDI=0012F500
004601A8|.BE 84014A00 MOV ESI,Aurora_M.004A0184
004601AD|.8BC5 MOV EAX,EBP ;EAX=name
004601AF|>8A10 /MOV DL,BYTE PTR DS: ;name(name=6c;)
004601B1|.8A1E |MOV BL,BYTE PTR DS:
004601B3|.8ACA |MOV CL,DL ;cl=name
004601B5|.3AD3 |CMP DL,BL
004601B7 75 1E JNZ SHORT Aurora_M.004601D7 ;在这里跳走
004601B9|.84C9 |TEST CL,CL
004601BB|.74 16 |JE SHORT Aurora_M.004601D3
004601BD|.8A50 01 |MOV DL,BYTE PTR DS:
004601C0|.8A5E 01 |MOV BL,BYTE PTR DS:
004601C3|.8ACA |MOV CL,DL
004601C5|.3AD3 |CMP DL,BL
004601C7 75 0E JNZ SHORT Aurora_M.004601D7
004601C9|.83C0 02 |ADD EAX,2
004601CC|.83C6 02 |ADD ESI,2
004601CF|.84C9 |TEST CL,CL
004601D1|.^ 75 DC \JNZ SHORT Aurora_M.004601AF
004601D3|>33C0 XOR EAX,EAX
004601D5|.EB 05 JMP SHORT Aurora_M.004601DC
004601D7|>1BC0 SBB EAX,EAX
004601D9|.83D8 FF SBB EAX,-1
004601DC|>85C0 TEST EAX,EAX
004601DE 74 62 JE SHORT Aurora_M.00460242 ;这里跳就完蛋
004601E0|.8B7C24 18 MOV EDI,DWORD PTR SS: ;EDI=code
004601E4|.BE 84014A00 MOV ESI,Aurora_M.004A0184
004601E9|.8BC7 MOV EAX,EDI ;EAX=code
004601EB|>8A10 /MOV DL,BYTE PTR DS: ;DL=code(code=37;)
004601ED|.8A1E |MOV BL,BYTE PTR DS: ;BL=0;
004601EF|.8ACA |MOV CL,DL
004601F1|.3AD3 |CMP DL,BL
004601F3 75 1E JNZ SHORT Aurora_M.00460213 ;在这里跳走
004601F5|.84C9 |TEST CL,CL
004601F7|.74 16 |JE SHORT Aurora_M.0046020F
004601F9|.8A50 01 |MOV DL,BYTE PTR DS:
004601FC|.8A5E 01 |MOV BL,BYTE PTR DS:
004601FF|.8ACA |MOV CL,DL
00460201|.3AD3 |CMP DL,BL
00460203 75 0E JNZ SHORT Aurora_M.00460213
00460205|.83C0 02 |ADD EAX,2
00460208|.83C6 02 |ADD ESI,2
0046020B|.84C9 |TEST CL,CL
0046020D|.^ 75 DC \JNZ SHORT Aurora_M.004601EB
0046020F|>33C0 XOR EAX,EAX
00460211|.EB 05 JMP SHORT Aurora_M.00460218
00460213|>1BC0 SBB EAX,EAX
00460215|.83D8 FF SBB EAX,-1
00460218|>85C0 TEST EAX,EAX
0046021A|.74 26 JE SHORT Aurora_M.00460242 ;这里跳就完蛋
0046021C|.57 PUSH EDI
0046021D|.55 PUSH EBP
0046021E|.E8 6DF9FFFF CALL Aurora_M.0045FB90 ;关键CALL2,F7进入
00460223|.83C4 08 ADD ESP,8
00460226|.85C0 TEST EAX,EAX
00460228|.75 0E JNZ SHORT Aurora_M.00460238
0046022A|.57 PUSH EDI
0046022B|.55 PUSH EBP
0046022C|.E8 8FFBFFFF CALL Aurora_M.0045FDC0
00460231|.83C4 08 ADD ESP,8
00460234|.85C0 TEST EAX,EAX
00460236 74 0A JE SHORT Aurora_M.00460242
00460238|>5F POP EDI
00460239|.5E POP ESI
0046023A|.5D POP EBP
0046023B|.B8 01000000 MOV EAX,1
00460240|.5B POP EBX
00460241|.C3 RETN
关键CALL2
0045FB90/$6A FF PUSH -1
0045FB92|.68 70414700 PUSH Aurora_M.00474170 ;SE 处理程序安装
0045FB97|.64:A1 0000000>MOV EAX,DWORD PTR FS:
0045FB9D|.50 PUSH EAX
0045FB9E|.64:8925 00000>MOV DWORD PTR FS:,ESP
0045FBA5|.83EC 14 SUB ESP,14
0045FBA8|.8B4424 24 MOV EAX,DWORD PTR SS: ;EAX=name
0045FBAC|.53 PUSH EBX
0045FBAD|.55 PUSH EBP ;name
0045FBAE|.56 PUSH ESI
0045FBAF|.57 PUSH EDI ;假码,记为code入栈
0045FBB0|.50 PUSH EAX ;name压栈
0045FBB1|.8D4C24 18 LEA ECX,DWORD PTR SS:
0045FBB5|.E8 B8800000 CALL <JMP.&MFC42.#537>
0045FBBA|.8D4C24 14 LEA ECX,DWORD PTR SS:
0045FBBE|.C74424 2C 000>MOV DWORD PTR SS:,0
0045FBC6|.E8 E5840000 CALL <JMP.&MFC42.#6282>
0045FBCB|.8D4C24 14 LEA ECX,DWORD PTR SS:
0045FBCF|.E8 D6840000 CALL <JMP.&MFC42.#6283>
0045FBD4|.6A 20 PUSH 20
0045FBD6|.8D4C24 18 LEA ECX,DWORD PTR SS:
0045FBDA|.E8 71870000 CALL <JMP.&MFC42.#2915>
0045FBDF|.8B4C24 38 MOV ECX,DWORD PTR SS: ;ECX=code
0045FBE3|.8BD8 MOV EBX,EAX ;EBX=name
0045FBE5|.51 PUSH ECX ;code压栈
0045FBE6|.8D4C24 14 LEA ECX,DWORD PTR SS:
0045FBEA|.E8 83800000 CALL <JMP.&MFC42.#537>
0045FBEF|.8D4C24 10 LEA ECX,DWORD PTR SS:
0045FBF3|.C64424 2C 01MOV BYTE PTR SS:,1
0045FBF8|.E8 B3840000 CALL <JMP.&MFC42.#6282>
0045FBFD|.8D4C24 10 LEA ECX,DWORD PTR SS:
0045FC01|.E8 A4840000 CALL <JMP.&MFC42.#6283>
0045FC06|.6A 20 PUSH 20
0045FC08|.8D4C24 14 LEA ECX,DWORD PTR SS:
0045FC0C|.E8 3F870000 CALL <JMP.&MFC42.#2915>
0045FC11|.8BD0 MOV EDX,EAX
0045FC13|.83CE FF OR ESI,FFFFFFFF
0045FC16|.8BFA MOV EDI,EDX
0045FC18|.8BCE MOV ECX,ESI
0045FC1A|.33C0 XOR EAX,EAX
0045FC1C|.895424 20 MOV DWORD PTR SS:,EDX
0045FC20|.F2:AE REPNE SCAS BYTE PTR ES:
0045FC22|.F7D1 NOT ECX
0045FC24|.49 DEC ECX
0045FC25|.8BFB MOV EDI,EBX
0045FC27|.8BE9 MOV EBP,ECX
0045FC29|.8BCE MOV ECX,ESI
0045FC2B|.F2:AE REPNE SCAS BYTE PTR ES:
0045FC2D|.F7D1 NOT ECX
0045FC2F|.49 DEC ECX
0045FC30|.3BCD CMP ECX,EBP
0045FC32|.0F87 54010000 JA Aurora_M.0045FD8C
0045FC38|.8BFB MOV EDI,EBX
0045FC3A|.8BCE MOV ECX,ESI
0045FC3C|.F2:AE REPNE SCAS BYTE PTR ES:
0045FC3E|.F7D1 NOT ECX
0045FC40|.49 DEC ECX
0045FC41|.0F84 45010000 JE Aurora_M.0045FD8C
0045FC47|.8BFA MOV EDI,EDX
0045FC49|.8BCE MOV ECX,ESI
0045FC4B|.F2:AE REPNE SCAS BYTE PTR ES:
0045FC4D|.F7D1 NOT ECX
0045FC4F|.49 DEC ECX
0045FC50|.0F84 36010000 JE Aurora_M.0045FD8C
0045FC56|.894424 38 MOV DWORD PTR SS:,EAX
0045FC5A|>8B5424 38 /MOV EDX,DWORD PTR SS: ;大循环开始
0045FC5E|.8D4C24 34 |LEA ECX,DWORD PTR SS:
0045FC62|.8A82 887E4900 |MOV AL,BYTE PTR DS:
0045FC68|.884424 18 |MOV BYTE PTR SS:,AL
0045FC6C|.E8 37800000 |CALL <JMP.&MFC42.#540>
0045FC71|.8BFB |MOV EDI,EBX ;EDI=name
0045FC73|.83C9 FF |OR ECX,FFFFFFFF ;ECX=FFFFFFF
0045FC76|.33C0 |XOR EAX,EAX ;EAX=0
0045FC78|.33ED |XOR EBP,EBP ;EBP=0
0045FC7A|.F2:AE |REPNE SCAS BYTE PTR ES: ;ECX=FFFFFFF6
0045FC7C|.F7D1 |NOT ECX ;ECX=9
0045FC7E|.49 |DEC ECX ;ECX=ECX-1
0045FC7F|.C64424 2C 02|MOV BYTE PTR SS:,2
0045FC84|.74 4B |JE SHORT Aurora_M.0045FCD1
0045FC86|>8A042B |/MOV AL,BYTE PTR DS: ;小循环开始 循环取用户名各位ASCII码,EBP为循环变量
0045FC89|.33F6 ||XOR ESI,ESI ;ESI=0
0045FC8B|>3A0475 207E49>||/CMP AL,BYTE PTR DS: ;循环查找字符
0045FC92|.74 08 |||JE SHORT Aurora_M.0045FC9C
0045FC94|.46 |||INC ESI ;ESI=ESI+1
0045FC95|.83FE 34 |||CMP ESI,34 ;ESI大于52就跳出循环
0045FC98|.^ 7C F1 ||\JL SHORT Aurora_M.0045FC8B
0045FC9A|.EB 11 ||JMP SHORT Aurora_M.0045FCAD
0045FC9C|>8A0C75 217E49>||MOV CL,BYTE PTR DS: ;Cl=从497E21开始取ESI*2这个位置的字符
0045FCA3|.51 ||PUSH ECX
0045FCA4|.8D4C24 38 ||LEA ECX,DWORD PTR SS:
0045FCA8|.E8 83820000 ||CALL <JMP.&MFC42.#940>
0045FCAD|>83FE 34 ||CMP ESI,34
0045FCB0|.75 0E ||JNZ SHORT Aurora_M.0045FCC0
0045FCB2|.8B5424 18 ||MOV EDX,DWORD PTR SS:
0045FCB6|.8D4C24 34 ||LEA ECX,DWORD PTR SS:
0045FCBA|.52 ||PUSH EDX
0045FCBB|.E8 70820000 ||CALL <JMP.&MFC42.#940>
0045FCC0|>8BFB ||MOV EDI,EBX ;EDI=name
0045FCC2|.83C9 FF ||OR ECX,FFFFFFFF ;ECX=FFFFFFF
0045FCC5|.33C0 ||XOR EAX,EAX ;EAX=0
0045FCC7|.45 ||INC EBP ;EBP=EBP+1
0045FCC8|.F2:AE ||REPNE SCAS BYTE PTR ES: ;ECX=FFFFFFF6
0045FCCA|.F7D1 ||NOT ECX ;ECX=9
0045FCCC|.49 ||DEC ECX ;ECX=ECX-1
0045FCCD|.3BE9 ||CMP EBP,ECX ;循环变量EBP与ECX=8比较
0045FCCF|.^ 72 B5 |\JB SHORT Aurora_M.0045FC86
0045FCD1|>8B4424 34 |MOV EAX,DWORD PTR SS: ;EAX=真码的一部分
0045FCD5|.8B48 F8 |MOV ECX,DWORD PTR DS: ;ECX=8
0045FCD8|.83F9 10 |CMP ECX,10
0045FCDB|.7D 3A |JGE SHORT Aurora_M.0045FD17
0045FCDD|.8BC1 |MOV EAX,ECX ;EAX=ECX
0045FCDF|.B9 10000000 |MOV ECX,10 ;ECX=10
0045FCE4|.2BC8 |SUB ECX,EAX
0045FCE6|.8D5424 1C |LEA EDX,DWORD PTR SS:
0045FCEA|.51 |PUSH ECX
0045FCEB|.52 |PUSH EDX
0045FCEC|.B9 C02B4E00 |MOV ECX,Aurora_M.004E2BC0
0045FCF1|.E8 42800000 |CALL <JMP.&MFC42.#4129>
0045FCF6|.50 |PUSH EAX ;真码的另一部分,看堆栈窗口
0045FCF7|.8D4C24 38 |LEA ECX,DWORD PTR SS:
0045FCFB|.C64424 30 03|MOV BYTE PTR SS:,3
0045FD00|.E8 25820000 |CALL <JMP.&MFC42.#939>
0045FD05|.8D4C24 1C |LEA ECX,DWORD PTR SS:
0045FD09|.C64424 2C 02|MOV BYTE PTR SS:,2
0045FD0E|.E8 4D7F0000 |CALL <JMP.&MFC42.#800>
0045FD13|.8B4424 34 |MOV EAX,DWORD PTR SS: ;EAX=真码
0045FD17|>8B4C24 20 |MOV ECX,DWORD PTR SS: ;假码
0045FD1B|.51 |PUSH ECX ; /s2
0045FD1C|.50 |PUSH EAX ; |s1
0045FD1D|.FF15 A45A4700 |CALL DWORD PTR DS:[<&MSVCRT._mbscmp>] ; \真、假码比较
0045FD23|.83C4 08 |ADD ESP,8
0045FD26|.8D4C24 34 |LEA ECX,DWORD PTR SS:
0045FD2A|.85C0 |TEST EAX,EAX
0045FD2C|.C64424 2C 01|MOV BYTE PTR SS:,1
0045FD31|.74 1B |JE SHORT Aurora_M.0045FD4E
0045FD33|.33F6 |XOR ESI,ESI
0045FD35|.E8 267F0000 |CALL <JMP.&MFC42.#800>
0045FD3A|.8B4424 38 |MOV EAX,DWORD PTR SS:
0045FD3E|.40 |INC EAX
0045FD3F|.83F8 03 |CMP EAX,3
0045FD42|.894424 38 |MOV DWORD PTR SS:,EAX
0045FD46|.^ 0F8C 0EFFFFFF \JL Aurora_M.0045FC5A
0045FD4C|.EB 0A JMP SHORT Aurora_M.0045FD58
0045FD4E|>BE 01000000 MOV ESI,1
0045FD53|.E8 087F0000 CALL <JMP.&MFC42.#800>
0045FD58|>8D4C24 10 LEA ECX,DWORD PTR SS:
0045FD5C|.C64424 2C 00MOV BYTE PTR SS:,0
0045FD61|.E8 FA7E0000 CALL <JMP.&MFC42.#800>
0045FD66|.8D4C24 14 LEA ECX,DWORD PTR SS:
0045FD6A|.C74424 2C FFF>MOV DWORD PTR SS:,-1
0045FD72|.E8 E97E0000 CALL <JMP.&MFC42.#800>
0045FD77|.8BC6 MOV EAX,ESI
0045FD79|.5F POP EDI
0045FD7A|.5E POP ESI
0045FD7B|.5D POP EBP
0045FD7C|.5B POP EBX
0045FD7D|.8B4C24 14 MOV ECX,DWORD PTR SS:
0045FD81|.64:890D 00000>MOV DWORD PTR FS:,ECX
0045FD88|.83C4 20 ADD ESP,20
0045FD8B|.C3 RETN
019E70C86C 76 63 61 6F 6C 68 78lvcaolhx
019E70D000 65 72 69 66 00 .erif.
004A018400 00 00 00 00 00 00 00........
004A018CD4 86 E0 73 D4 86 E0 73詥鄐詥鄐
004A019400 00 00 00 D4 86 E0 73....詥鄐
循环6C(l)00 eax=caolhx esi=004A0186
76(v)00eax=olhx esi=004A0188
;63(c)00;61(a) 00;6F(o) 00;6C(l) 00;68(h) 00;78(x) 00;
00D4;65(e) 86;72(r) E0;69(r) 73(s);66(f) D4;00 86
37(7) 00;38(8) 00;38(8) 00;35(5) 00;35(5) 00;39(9) 00;39(9) 00;36(6) 00;36(6) D4;
00 86;
rif
00497E2061 43 62 78 63 69 64 49aCbxcidI
00497E2865 41 66 58 67 4D 68 6BeAfXgMhk
00497E3069 45 6A 56 6B 5A 6C 65iEjVkZle
00497E386D 52 6E 79 6F 42 70 4BmRnyoBpK
00497E4071 64 72 54 73 53 74 50qdrTsStP
00497E4875 57 76 6C 77 6A 78 44uWvlwjxD
00497E5079 48 7A 46 41 7A 42 71yHzFAzBq
00497E5843 70 44 4F 45 6B 46 67CpDOEkFg
00497E6047 59 48 6D 49 74 4A 61GYHmItJa
00497E684B 72 4C 51 4D 6E 4E 73KrLQMnNs
00497E704F 75 50 55 51 47 52 4AOuPUQGRJ
00497E7853 4C 54 4E 55 62 56 63SLTNUbVc
00497E8057 66 58 68 59 6F 5A 77WfXhYoZw
00497E8850 57 4D 00 PWM.
堆栈 SS:=024A6D70, (ASCII "eliCBekD")
EAX=00000000
跳转来自 0045FC84
堆栈窗口
0012EF60 019E70C8ASCII "lvcaolhx"
0012EF64 0012F500
0012EF68 024A6D20ASCII "788559966"
0012EF6C 024A6CD0ASCII "lvcaolhx"
0012EF70 FFFFFF50
0012EF74 024A6DC0ASCII "LdQsBcmp"
0012EF78 024A6D20ASCII "788559966"
0012EF7C 0012EFC0指向下一个 SEH 记录的指针
0012EF80 00474170SE 处理器
0012EF84 00000002
0012EF88 00460223返回到 Aurora_M.00460223 来自 Aurora_M.0045FB90
0012EF8C 024A6D70ASCII "eliCBekDLdQsBcmp" 顶一下.rhf 太强了,学习啊。。。。。。。 下载看看,看这么多文字头都晕了,
还是视频好点!!1 嘻嘻。。学习一下。。 好东西 啊来学习一下啊 看到明码的就不想下了 下载看看,看这么多文字头都晕了,
还是视频好点!!1 好东西 啊来学习一下啊 太强了,先学习一下。。。。。。。
页:
[1]