飘云阁MP4/RM全能视频转换专家豪华版2008

破解爱好者 发表于 2008-6-2 22:54:59

MP4/RM全能视频转换专家豪华版2008

无壳，试运行假注册，得到字符串，od载入，查找，分析后来到下面
004061B6 .6A FF          push -1
004061B8 .68 58914200    push MP4_Conv.00429158
004061BD .50             push eax
004061BE .64:8925 00000000 mov dword ptr fs:,esp
004061C5 .83EC 54          sub esp,54
004061C8 .55             push ebp
004061C9 .56             push esi
004061CA .57             push edi
004061CB .8BF1             mov esi,ecx
004061CD .6A 01          push 1
004061CF .E8 9BC70100    call MP4_Conv.0042296F
004061D4 .8B46 60          mov eax,dword ptr ds:          ;假注册码入eax
004061D7 .8B40 F8          mov eax,dword ptr ds:             ;假注册码位数入eax
004061DA .83F8 13          cmp eax,13                               ;注册码位数和19位比较
004061DD    0F85 92010000    jnz MP4_Conv.00406375                   ;不是19位就 over
004061E3 .8B4E 5C          mov ecx,dword ptr ds:          ;假序列号入ecx
004061E6 .8379 F8 13       cmp dword ptr ds:,13             ;取假序列号位数和19位比较
004061EA    0F85 85010000    jnz MP4_Conv.00406375
004061F0 .53             push ebx
004061F1 .68 D4454300    push MP4_Conv.004345D4                   ;\ur.rtbt
004061F6 .8D5424 14       lea edx,dword ptr ss:
004061FA .68 94AB4300    push MP4_Conv.0043AB94
004061FF .52             push edx
00406200 .E8 68970100    call MP4_Conv.0041F96D
00406205 .8B00             mov eax,dword ptr ds:
00406207 .C74424 6C 00000000 mov dword ptr ss:,0
0040620F .50             push eax
00406210 .E8 CBA00000    call MP4_Conv.004102E0
00406215 .83CD FF          or ebp,FFFFFFFF
00406218 .83C4 04          add esp,4
0040621B .8D4C24 10       lea ecx,dword ptr ss:
0040621F .8AD8             mov bl,al
00406221 .896C24 6C       mov dword ptr ss:,ebp
00406225 .E8 3B950100    call MP4_Conv.0041F765
0040622A .84DB             test bl,bl
0040622C .5B             pop ebx
0040622D .74 27          je short MP4_Conv.00406256
0040622F .6A 00          push 0                                  ; /Arg3 = 00000000
00406231 .6A 00          push 0                                  ; |Arg2 = 00000000
00406233 .68 58464300    push MP4_Conv.00434658                   ; |注册成功
00406238 .E8 28010200    call MP4_Conv.00426365                   ; \MP4_Conv.00426365
0040623D .8BCE             mov ecx,esi
0040623F .E8 85A40100    call MP4_Conv.004206C9
00406244 .5F             pop edi
00406245 .5E             pop esi
00406246 .5D             pop ebp
00406247 .8B4C24 54       mov ecx,dword ptr ss:
0040624B .64:890D 00000000 mov dword ptr fs:,ecx
00406252 .83C4 60          add esp,60
00406255 .C3             retn
00406256 >8D4C24 28       lea ecx,dword ptr ss:
0040625A .E8 E1370000    call MP4_Conv.00409A40
0040625F .8D4424 3C       lea eax,dword ptr ss:
00406263 .C74424 68 01000000 mov dword ptr ss:,1
0040626B .50             push eax
0040626C .E8 5F360000    call MP4_Conv.004098D0
00406271 .8B46 60          mov eax,dword ptr ds:
00406274 .83C4 04          add esp,4
00406277 .8D4C24 48       lea ecx,dword ptr ss:
0040627B .50             push eax
0040627C .E8 4F7C0000    call MP4_Conv.0040DED0
00406281 .8B46 5C          mov eax,dword ptr ds:
00406284 .8D4C24 54       lea ecx,dword ptr ss:
00406288 .50             push eax
00406289 .E8 427C0000    call MP4_Conv.0040DED0
0040628E .8D4C24 28       lea ecx,dword ptr ss:
00406292 .E8 493B0000    call MP4_Conv.00409DE0                   ;关键CALL，跟进
00406297 .84C0             test al,al
00406299 .6A 00          push 0                                  ; /Arg3 = 00000000
0040629B .6A 00          push 0                                  ; |Arg2 = 00000000
0040629D .0F84 A2000000    je MP4_Conv.00406345                   ; |
004062A3 .68 58464300    push MP4_Conv.00434658                   ; |注册成功
004062A8 .E8 B8000200    call MP4_Conv.00426365                   ; \MP4_Conv.00426365
004062AD .68 D4454300    push MP4_Conv.004345D4                   ;\ur.rtbt

跟进关键CALL，来到
00409DE0 /$64:A1 00000000 mov eax,dword ptr fs:
00409DE6 |.6A FF          push -1
00409DE8 |.68 28974200    push MP4_Conv.00429728
00409DED |.50             push eax
00409DEE |.64:8925 00000000 mov dword ptr fs:,esp
00409DF5 |.83EC 0C          sub esp,0C
00409DF8 |.53             push ebx
00409DF9 |.8BD9             mov ebx,ecx
00409DFB |.55             push ebp
00409DFC |.8D6B 2C          lea ebp,dword ptr ds:
00409DFF |.8BCD             mov ecx,ebp
00409E01 |.E8 9A490000    call MP4_Conv.0040E7A0
00409E06 |.83F8 13          cmp eax,13
00409E09 |.0F85 9B000000    jnz MP4_Conv.00409EAA
00409E0F |.8D4B 20          lea ecx,dword ptr ds:
00409E12 |.E8 89490000    call MP4_Conv.0040E7A0
00409E17 |.83F8 13          cmp eax,13
00409E1A |.0F85 8A000000    jnz MP4_Conv.00409EAA
00409E20 |.8D4B 14          lea ecx,dword ptr ds:
00409E23 |.E8 78490000    call MP4_Conv.0040E7A0
00409E28 |.83F8 20          cmp eax,20
00409E2B |.75 7D          jnz short MP4_Conv.00409EAA
00409E2D |.56             push esi
00409E2E |.57             push edi
00409E2F |.8B7B 24          mov edi,dword ptr ds:
00409E32 |.B9 03000000    mov ecx,3
00409E37 |.BE CC474300    mov esi,MP4_Conv.004347CC                   ;p2_
00409E3C |.33C0             xor eax,eax
00409E3E |.F3:A6          repe cmps byte ptr es:,byte ptr ds:
00409E40 |.5F             pop edi
00409E41 |.5E             pop esi
00409E42    75 66          jnz short MP4_Conv.00409EAA
00409E44 |.8D4C24 08       lea ecx,dword ptr ss:
00409E48 |.E8 A33F0000    call MP4_Conv.0040DDF0
00409E4D |.8D4C24 08       lea ecx,dword ptr ss:
00409E51 |.C74424 1C 00000000 mov dword ptr ss:,0
00409E59 |.51             push ecx                                     ; /Arg1
00409E5A |.8BCB             mov ecx,ebx                                  ; |
00409E5C |.E8 EFFDFFFF    call MP4_Conv.00409C50                      ; \MP4_Conv.00409C50
00409E61 |.8D4C24 08       lea ecx,dword ptr ss:
00409E65 |.E8 36490000    call MP4_Conv.0040E7A0
00409E6A |.85C0             test eax,eax
00409E6C |.74 16          je short MP4_Conv.00409E84
00409E6E |.8D5424 08       lea edx,dword ptr ss:
00409E72 |.55             push ebp
00409E73 |.52             push edx
00409E74 |.E8 374B0000    call MP4_Conv.0040E9B0
00409E79 |.83C4 08          add esp,8
00409E7C |.84C0             test al,al
00409E7E |.74 04          je short MP4_Conv.00409E84
00409E80 |.B3 01          mov bl,1
00409E82 |.EB 02          jmp short MP4_Conv.00409E86
00409E84 |>32DB             xor bl,bl
00409E86 |>8D4C24 08       lea ecx,dword ptr ss:
00409E8A |.C74424 1C FFFFFFFF mov dword ptr ss:,-1
00409E92 |.E8 19400000    call MP4_Conv.0040DEB0       关键CALL
00409E97 |.8AC3             mov al,bl                      做注册机
00409E99 |.5D             pop ebp
00409E9A |.5B             pop ebx
00409E9B |.8B4C24 0C       mov ecx,dword ptr ss:
00409E9F |.64:890D 00000000 mov dword ptr fs:,ecx
00409EA6 |.83C4 18          add esp,18
00409EA9 |.C3             retn

注册成功后会在根目录生成ur.rtbt文件！删除后会变成未注册版！

[ 本帖最后由破解爱好者于 2008-6-8 13:29 编辑 ]

GGLHY 发表于 2008-6-2 22:58:57

呵呵,顶了.兄弟!!!

wanily16 发表于 2008-6-2 23:28:05

不错奥谢谢分享改的过程都写出来了学习学习

cur 发表于 2008-6-3 00:11:16

非常感谢。。。我家电视支持AVI格式的电影老爸非要看哎正在找什么能转换下呢谢谢啦哈

linghangzhe 发表于 2008-6-3 08:31:29

真的不错的好东西，辛苦了。

cur 发表于 2008-6-3 16:36:13

好像注册的时候提示成功关闭在开注册又有提示框。。。难道没成功？

tianxj 发表于 2008-6-3 18:08:41

把下面这个文件复制到C:\Program Files\MP4 Converter 3.0,试试看

bhcjl 发表于 2008-6-3 18:24:12

还是超版厉害啊，哈哈

cur 发表于 2008-6-3 21:50:59

嘿嘿做了个完美的破解补丁解决了重复注册的麻烦
https://www.chinapyg.com/viewthread.php?tid=32936&extra=page%3D1

很简单的哦适合新手入门练习

破解爱好者 发表于 2008-6-3 22:28:07

原帖由 tianxj 于 2008-6-3 18:08 发表 https://www.chinapyg.com/images/common/back.gif
把下面这个文件复制到C:\Program Files\MP4 Converter 3.0,试试看
31816
这个软件的加密方式和家家乐相册那个软件差不多啊，就是断在重启验证处时跟跟就晕头转向了！/:L

页: [1] 2

飘云阁's Archiver

MP4/RM全能视频转换专家豪华版2008