追踪\MP4-RM 全能视频转换专家2008标准版注册码
【破文标题】暴破\MP4-RM 全能视频转换专家2008标准版【破文作者】hnld
【作者邮箱】
【作者主页】
【破解工具】OD
【破解平台】WIN XP
【软件名称】MP4-RM 全能视频转换专家2008标准版
【软件大小】11.2m
【原版下载】http://www.skycn.com/soft/32897.html
【保护方式】未加壳
【软件简介】MP4/RM 全能视频转换专家2007(标准版)是一款多格式转换软件。
它可以帮助您将几乎所有流行的视频格式
如RM/RMVB/VOB/AVI/MPEG/DAT/VCD/SVCD/DVD/ASF/WMV/MPG
等视频文件转换为普通MP4机、MP4手机、PSP机、iPod或DVD影碟机等硬件支持的AVI、MP4、PMP格式;
AVI格式:适合各种支持DivX/XivD/MJpeg1/MJpeg2/H264编码的MP4机、手机、PDA等,您可以根据您的需求进行参数设置.
MP4格式:适合支持MP4格式的手机、iPod
PMP格式:适合于PSP机
其主要特点如下:
1.转换后的文件可在MP4、手机及支持MP4的DVD碟机上播放;
2.能在 PSP上播放。
3.能在 IPOD上播放。
4.极高的转换速度和高清晰的图像质量。
5.转换过程非常简单、快速。
6.支持批量转换,可以处理多个文件。
【破解声明】本人菜鸟一个,看到zhichuang的暴破\MP4-RM 全能视频转换专家2008标准版中有人说暴破后还是只能用10分钟,于是就不自量力的想追踪一下注册码,晕头晕脑几天之后终于找到了注册码,这是我第一次自己单独找出注册码,于是狂喜。过后也拿出来和大家分享一把。由于本人实在太菜了,不会编注册机。也是一桩憾事。
【破解过程】首先,安装软件,然后用PEID查壳,无壳,是用Microsoft Visual C++ 6.0编写!
根据提示:非法序列号或验证码。来到00406335
向上找来到句首下段
004061B8 .55 push ebp
004061B9 .56 push esi
004061BA .57 push edi
004061BB .8BF1 mov esi, ecx
004061BD .6A 01 push 1
在004061B8F2,然后sfift+F9,来到这里
004061B8 .55 push ebp
004061B9 .56 push esi
004061BA .57 push edi
004061BB .8BF1 mov esi, ecx
004061BD .6A 01 push 1
004061BF .E8 B8C70100 call 0042297C
004061C4 .8B46 60 mov eax, dword ptr
004061C7 .8B40 F8 mov eax, dword ptr
004061CA .83F8 13 cmp eax, 13 ;不是19位帐号就over
004061CD .0F85 92010000 jnz 00406365
004061D3 .8B4E 5C mov ecx, dword ptr
004061D6 .8379 F8 13 cmp dword ptr , 13 ;不是19位密码也over
004061DA .0F85 85010000 jnz 00406365
004061E0 .53 push ebx
004061E1 .68 F4454300 push 004345F4 ;\ur.rtbt
004061E6 .8D5424 14 lea edx, dword ptr
004061EA .68 B4AB4300 push 0043ABB4 ;x
004061EF .52 push edx
004061F0 .E8 88970100 call 0041F97D
004061F5 .8B00 mov eax, dword ptr
004061F7 .C74424 6C 000>mov dword ptr , 0
004061FF .50 push eax
00406200 .E8 EBA00000 call 004102F0
00406205 .83CD FF or ebp, FFFFFFFF
00406208 .83C4 04 add esp, 4
0040620B .8D4C24 10 lea ecx, dword ptr
0040620F .8AD8 mov bl, al
00406211 .896C24 6C mov dword ptr , ebp
00406215 .E8 5B950100 call 0041F775
0040621A .84DB test bl, bl
0040621C .5B pop ebx
0040621D .74 27 je short 00406246
0040621F .6A 00 push 0 ; /Arg3 = 00000000
00406221 .6A 00 push 0 ; |Arg2 = 00000000
00406223 .68 7C464300 push 0043467C ; |注册成功
00406228 .E8 48010200 call 00426375 ; \MP4X.00426375
0040622D .8BCE mov ecx, esi
0040622F .E8 A2A40100 call 004206D6
00406234 .5F pop edi
00406235 .5E pop esi
00406236 .5D pop ebp
00406237 .8B4C24 54 mov ecx, dword ptr
0040623B .64:890D 00000>mov dword ptr fs:, ecx
00406242 .83C4 60 add esp, 60
00406245 .C3 retn
00406246 >8D4C24 28 lea ecx, dword ptr
0040624A .E8 E1370000 call 00409A30
0040624F .8D4424 3C lea eax, dword ptr
00406253 .C74424 68 010>mov dword ptr , 1
0040625B .50 push eax
0040625C .E8 5F360000 call 004098C0
00406261 .8B46 60 mov eax, dword ptr
00406264 .83C4 04 add esp, 4
00406267 .8D4C24 48 lea ecx, dword ptr
0040626B .50 push eax
0040626C .E8 6F7C0000 call 0040DEE0
00406271 .8B46 5C mov eax, dword ptr
00406274 .8D4C24 54 lea ecx, dword ptr
00406278 .50 push eax
00406279 .E8 627C0000 call 0040DEE0
0040627E .8D4C24 28 lea ecx, dword ptr
00406282 .E8 493B0000 call 00409DD0 ;关键CALL
00406287 .84C0 test al, al
00406289 .6A 00 push 0 ; /Arg3 = 00000000
0040628B .6A 00 push 0 ; |Arg2 = 00000000
0040628D .0F84 A2000000 je 00406335 ; |
00406293 .68 7C464300 push 0043467C ; |注册成功
00406298 .E8 D8000200 call 00426375 ; \MP4X.00426375
0040629D .68 F4454300 push 004345F4 ;\ur.rtbt
004062A2 .8D4C24 14 lea ecx, dword ptr
004062A6 .68 B4AB4300 push 0043ABB4 ;x
004062AB .51 push ecx
004062AC .E8 CC960100 call 0041F97D
004062B1 .8B00 mov eax, dword ptr
004062B3 .68 AC454300 push 004345AC ;wb
004062B8 .50 push eax
004062B9 .E8 CBD60000 call 00413989
004062BE .83C4 08 add esp, 8
004062C1 .8D4C24 10 lea ecx, dword ptr
004062C5 .8BF8 mov edi, eax
004062C7 .E8 A9940100 call 0041F775
004062CC .85FF test edi, edi
004062CE .75 09 jnz short 004062D9
004062D0 .8BCE mov ecx, esi
004062D2 .E8 FFA30100 call 004206D6
004062D7 .EB 6D jmp short 00406346
004062D9 >8D4C24 14 lea ecx, dword ptr
004062DD .E8 CE770000 call 0040DAB0
004062E2 .68 DC454300 push 004345DC ;视频转换(标准版)
004062E7 .8D4C24 34 lea ecx, dword ptr
004062EB .C64424 6C 02mov byte ptr , 2
004062F0 .E8 EB7B0000 call 0040DEE0
004062F5 .8D5424 14 lea edx, dword ptr
004062F9 .8D4C24 28 lea ecx, dword ptr
004062FD .52 push edx
004062FE .E8 ED380000 call 00409BF0
00406303 .8B4424 1C mov eax, dword ptr
00406307 .8B4C24 18 mov ecx, dword ptr
0040630B .57 push edi
0040630C .50 push eax
0040630D .6A 01 push 1
0040630F .51 push ecx
00406310 .E8 B1D30000 call 004136C6
00406315 .57 push edi
00406316 .E8 C0D50000 call 004138DB
0040631B .83C4 14 add esp, 14
0040631E .8BCE mov ecx, esi
00406320 .E8 B1A30100 call 004206D6
00406325 .8D4C24 14 lea ecx, dword ptr
00406329 .C64424 68 01mov byte ptr , 1
0040632E .E8 CD770000 call 0040DB00
00406333 .EB 11 jmp short 00406346
00406335 >68 68464300 push 00434668 ; |非法序列号或验证码
0040633A .E8 36000200 call 00426375 ; \MP4X.00426375
0040633F .8BCE mov ecx, esi
00406341 .E8 A9A30100 call 004206EF
00406346 >8D4C24 28 lea ecx, dword ptr
0040634A .896C24 68 mov dword ptr , ebp
0040634E .E8 7D370000 call 00409AD0
00406353 .5F pop edi
00406354 .5E pop esi
00406355 .5D pop ebp
00406356 .8B4C24 54 mov ecx, dword ptr
0040635A .64:890D 00000>mov dword ptr fs:, ecx
00406361 .83C4 60 add esp, 60
00406364 .C3 retn
00406365 >6A 00 push 0 ; /Arg3 = 00000000
00406367 .6A 00 push 0 ; |Arg2 = 00000000
00406369 .68 68464300 push 00434668 ; |非法序列号或验证码
0040636E .E8 02000200 call 00426375 ; \MP4X.00426375
00406373 .8B4C24 60 mov ecx, dword ptr
00406377 .5F pop edi
00406378 .5E pop esi
00406379 .5D pop ebp
0040637A .64:890D 00000>mov dword ptr fs:, ecx
00406381 .83C4 60 add esp, 60
00406384 .C3 retn
取消004061B8处断点,F8一步步来到00406282处,F7跟进
00409DD0/$64:A1 0000000>mov eax, dword ptr fs:
00409DD6|.6A FF push -1
00409DD8|.68 38974200 push 00429738
00409DDD|.50 push eax
00409DDE|.64:8925 00000>mov dword ptr fs:, esp
00409DE5|.83EC 0C sub esp, 0C
00409DE8|.53 push ebx
00409DE9|.8BD9 mov ebx, ecx
00409DEB|.55 push ebp
00409DEC|.8D6B 2C lea ebp, dword ptr
00409DEF|.8BCD mov ecx, ebp
00409DF1|.E8 BA490000 call 0040E7B0
00409DF6|.83F8 13 cmp eax, 13
00409DF9|.0F85 9B000000 jnz 00409E9A
00409DFF|.8D4B 20 lea ecx, dword ptr
00409E02|.E8 A9490000 call 0040E7B0
00409E07|.83F8 13 cmp eax, 13
00409E0A|.0F85 8A000000 jnz 00409E9A
00409E10|.8D4B 14 lea ecx, dword ptr
00409E13|.E8 98490000 call 0040E7B0
00409E18|.83F8 20 cmp eax, 20
00409E1B|.75 7D jnz short 00409E9A
00409E1D|.56 push esi
00409E1E|.57 push edi
00409E1F|.8B7B 24 mov edi, dword ptr
00409E22|.B9 03000000 mov ecx, 3
00409E27|.BE F0474300 mov esi, 004347F0 ;p1_
00409E2C|.33C0 xor eax, eax
00409E2E|.F3:A6 repe cmps byte ptr es:, byte ptr>
00409E30|.5F pop edi
00409E31|.5E pop esi
00409E32|.75 66 jnz short 00409E9A
00409E34|.8D4C24 08 lea ecx, dword ptr
00409E38|.E8 C33F0000 call 0040DE00
00409E3D|.8D4C24 08 lea ecx, dword ptr
00409E41|.C74424 1C 000>mov dword ptr , 0
00409E49|.51 push ecx ; /Arg1
00409E4A|.8BCB mov ecx, ebx ; |
00409E4C|.E8 EFFDFFFF call 00409C40 ; \此CALL内算出密码
00409E51|.8D4C24 08 lea ecx, dword ptr
00409E55|.E8 56490000 call 0040E7B0
00409E5A|.85C0 test eax, eax
00409E5C|.74 16 je short 00409E74
00409E5E|.8D5424 08 lea edx, dword ptr
00409E62|.55 push ebp
00409E63|.52 push edx
00409E64|.E8 574B0000 call 0040E9C0
00409E69|.83C4 08 add esp, 8
00409E6C|.84C0 test al, al
00409E6E|.74 04 je short 00409E74
00409E70|.B3 01 mov bl, 1
00409E72|.EB 02 jmp short 00409E76
00409E74|>32DB xor bl, bl
00409E76|>8D4C24 08 lea ecx, dword ptr
00409E7A|.C74424 1C FFF>mov dword ptr , -1
00409E82|.E8 39400000 call 0040DEC0
00409E87|.8AC3 mov al, bl
00409E89|.5D pop ebp
00409E8A|.5B pop ebx
00409E8B|.8B4C24 0C mov ecx, dword ptr
00409E8F|.64:890D 00000>mov dword ptr fs:, ecx
00409E96|.83C4 18 add esp, 18
00409E99|.C3 retn
00409E9A|>8B4C24 14 mov ecx, dword ptr
00409E9E|.5D pop ebp
00409E9F|.32C0 xor al, al
00409EA1|.5B pop ebx
00409EA2|.64:890D 00000>mov dword ptr fs:, ecx
00409EA9|.83C4 18 add esp, 18
00409EAC\.C3 retn
如果要跟踪算法就在00409E4C跟进,本人刚学,不懂注册机的制作。在00409E51处就能看到密码。到此跟踪完毕。
此软件就是开始时比较难点,它的账号必须是是19位,而且必须是以P1_开头,其他字母开头的就跳走.
注册码:P1_ABCDEFGHIJKMNOPQ
密码:BB49-BD5E-0B30-90D2
[ 本帖最后由 hnld 于 2008-1-26 11:55 编辑 ]