4U WMA MP3 Converter 6.2.6算法分析
【破文标题】4U WMA MP3 Converter 6.2.6算法分析【破文作者】tianxj
【作者邮箱】[email protected]
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD
【破解平台】Windows XP
【软件名称】4U WMA MP3 Converter 6.2.6
【软件大小】6217KB
【软件类别】国外软件/音频处理
【软件授权】共享版
【软件语言】英文
【运行环境】Win9x/Me/NT/2000/XP/2003
【更新时间】2008-4-21
【原版下载】华军软件园
【保护方式】注册码
【软件简介】是一套具有强大功能的音乐格式转换工具,能在MP3、WAV、WMA、OGG 及VOX音乐格式之间互相转换,还能将MPC, AVI, MP1, MP2, MPEG, MPG, MPA, g721, g726, g723 or RAW格式转换成MP3, WAV, WMA, OGG, or VOX 格式。其他功能包括显示/编辑ID3卷标,播放MP3, WMA, WAV, OGG, VOX, MPC, AVI, MP1, MP2, MPEG, MPG, MPA, g721, g726, g723 or RAW等。而且非常容易操作,轻松透过鼠标右键就可以完成所有动作。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
初学破解与编程,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、运行程序,进行注册,输入错误的注册信息进行检测,有提示信息
"Invalid Registration Code! Please enter an available Registration Code."
**************************************************************
二、用PEiD对WMAMP3Converter.exe查壳,为 Borland Delphi 6.0 - 7.0
**************************************************************
三、运行OD,打开WMAMP3Converter.exe,右键—超级字串参考—查找ASCII.
发现"Invalid Registration Code! Please enter an available Registration Code."
==============================================================0048DA60/$55 PUSH EBP
0048DA61|.8BEC MOV EBP,ESP
0048DA63|.6A 00 PUSH 0
0048DA65|.6A 00 PUSH 0
0048DA67|.6A 00 PUSH 0
0048DA69|.6A 00 PUSH 0
0048DA6B|.6A 00 PUSH 0
0048DA6D|.53 PUSH EBX
0048DA6E|.56 PUSH ESI
0048DA6F|.894D F8 MOV DWORD PTR SS:,ECX ;//试练码
0048DA72|.8955 FC MOV DWORD PTR SS:,EDX ;//用户名
0048DA75|.8BF0 MOV ESI,EAX
0048DA77|.8B45 FC MOV EAX,DWORD PTR SS: ;//用户名
0048DA7A|.E8 0171F7FF CALL WMAMP3Co.00404B80
0048DA7F|.8B45 F8 MOV EAX,DWORD PTR SS: ;//试练码
0048DA82|.E8 F970F7FF CALL WMAMP3Co.00404B80
0048DA87|.33C0 XOR EAX,EAX
0048DA89|.55 PUSH EBP
0048DA8A|.68 57DB4800 PUSH WMAMP3Co.0048DB57
0048DA8F|.64:FF30 PUSH DWORD PTR FS:
0048DA92|.64:8920 MOV DWORD PTR FS:,ESP
0048DA95|.33DB XOR EBX,EBX
0048DA97|.33D2 XOR EDX,EDX
0048DA99|.8B45 FC MOV EAX,DWORD PTR SS: ;//用户名
0048DA9C|.E8 3372F7FF CALL WMAMP3Co.00404CD4
0048DAA1|.85C0 TEST EAX,EAX
0048DAA3|.7E 0B JLE SHORT WMAMP3Co.0048DAB0
0048DAA5|.8D45 F8 LEA EAX,DWORD PTR SS:
0048DAA8|.8B55 FC MOV EDX,DWORD PTR SS:
0048DAAB|.E8 C86CF7FF CALL WMAMP3Co.00404778
0048DAB0|>8D4D F4 LEA ECX,DWORD PTR SS:
0048DAB3|.8B55 FC MOV EDX,DWORD PTR SS: ;//用户名
0048DAB6|.8BC6 MOV EAX,ESI
0048DAB8|.E8 2F010000 CALL WMAMP3Co.0048DBEC ;//算法CALL
0048DABD|.8B55 F4 MOV EDX,DWORD PTR SS: ;//真码
0048DAC0|.8B45 F8 MOV EAX,DWORD PTR SS: ;//试练码
0048DAC3|.E8 DCAFF7FF CALL WMAMP3Co.00408AA4 ;//比较CALL
0048DAC8|.85C0 TEST EAX,EAX
0048DACA|.75 41 JNZ SHORT WMAMP3Co.0048DB0D ;//关键跳转
0048DACC|.8B55 FC MOV EDX,DWORD PTR SS:
0048DACF|.8BC6 MOV EAX,ESI
0048DAD1|.E8 DAF3FFFF CALL WMAMP3Co.0048CEB0
0048DAD6|.84C0 TEST AL,AL
0048DAD8|.74 62 JE SHORT WMAMP3Co.0048DB3C
0048DADA|.B3 01 MOV BL,1
0048DADC|.6A 40 PUSH 40
0048DADE|.8D55 F0 LEA EDX,DWORD PTR SS:
0048DAE1|.A1 ECEF4B00 MOV EAX,DWORD PTR DS:
0048DAE6|.8B00 MOV EAX,DWORD PTR DS:
0048DAE8|.E8 0B97FDFF CALL WMAMP3Co.004671F8
0048DAED|.8B45 F0 MOV EAX,DWORD PTR SS:
0048DAF0|.E8 9B70F7FF CALL WMAMP3Co.00404B90
0048DAF5|.50 PUSH EAX ; |Title
0048DAF6|.68 68DB4800 PUSH WMAMP3Co.0048DB68 ; |registered successfully, thanks for your registration.
0048DAFB|.A1 ECEF4B00 MOV EAX,DWORD PTR DS: ; |
0048DB00|.8B00 MOV EAX,DWORD PTR DS: ; |
0048DB02|.8B40 30 MOV EAX,DWORD PTR DS: ; |
0048DB05|.50 PUSH EAX ; |hOwner
0048DB06|.E8 4D9BF7FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0048DB0B|.EB 2F JMP SHORT WMAMP3Co.0048DB3C
0048DB0D|>6A 10 PUSH 10
0048DB0F|.8D55 EC LEA EDX,DWORD PTR SS:
0048DB12|.A1 ECEF4B00 MOV EAX,DWORD PTR DS:
0048DB17|.8B00 MOV EAX,DWORD PTR DS:
0048DB19|.E8 DA96FDFF CALL WMAMP3Co.004671F8
0048DB1E|.8B45 EC MOV EAX,DWORD PTR SS:
0048DB21|.E8 6A70F7FF CALL WMAMP3Co.00404B90
0048DB26|.50 PUSH EAX ; |Title
0048DB27|.68 A0DB4800 PUSH WMAMP3Co.0048DBA0 ; |invalid registration code! \n\nplease enter an available registration code.
0048DB2C|.A1 ECEF4B00 MOV EAX,DWORD PTR DS: ; |
0048DB31|.8B00 MOV EAX,DWORD PTR DS: ; |
0048DB33|.8B40 30 MOV EAX,DWORD PTR DS: ; |
0048DB36|.50 PUSH EAX ; |hOwner
0048DB37|.E8 1C9BF7FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0048DB3C|>33C0 XOR EAX,EAX
0048DB3E|.5A POP EDX
0048DB3F|.59 POP ECX
0048DB40|.59 POP ECX
0048DB41|.64:8910 MOV DWORD PTR FS:,EDX
0048DB44|.68 5EDB4800 PUSH WMAMP3Co.0048DB5E
0048DB49|>8D45 EC LEA EAX,DWORD PTR SS:
0048DB4C|.BA 05000000 MOV EDX,5
0048DB51|.E8 AE6BF7FF CALL WMAMP3Co.00404704
0048DB56\.C3 RETN
0048DB57 .^ E9 0865F7FF JMP WMAMP3Co.00404064
0048DB5C .^ EB EB JMP SHORT WMAMP3Co.0048DB49
0048DB5E .8BC3 MOV EAX,EBX
0048DB60 .5E POP ESI
0048DB61 .5B POP EBX
0048DB62 .8BE5 MOV ESP,EBP
0048DB64 .5D POP EBP
0048DB65 .C3 RETN
==============================================================
0048DBEC/$55 PUSH EBP
0048DBED|.8BEC MOV EBP,ESP
0048DBEF|.6A 00 PUSH 0
0048DBF1|.6A 00 PUSH 0
0048DBF3|.6A 00 PUSH 0
0048DBF5|.6A 00 PUSH 0
0048DBF7|.6A 00 PUSH 0
0048DBF9|.6A 00 PUSH 0
0048DBFB|.6A 00 PUSH 0
0048DBFD|.6A 00 PUSH 0
0048DBFF|.53 PUSH EBX
0048DC00|.56 PUSH ESI
0048DC01|.57 PUSH EDI
0048DC02|.8BD9 MOV EBX,ECX
0048DC04|.8955 FC MOV DWORD PTR SS:,EDX ;//用户名
0048DC07|.8BF8 MOV EDI,EAX
0048DC09|.8B45 FC MOV EAX,DWORD PTR SS: ;//用户名
0048DC0C|.E8 6F6FF7FF CALL WMAMP3Co.00404B80
0048DC11|.33C0 XOR EAX,EAX
0048DC13|.55 PUSH EBP
0048DC14|.68 47DD4800 PUSH WMAMP3Co.0048DD47
0048DC19|.64:FF30 PUSH DWORD PTR FS:
0048DC1C|.64:8920 MOV DWORD PTR FS:,ESP
0048DC1F|.8D45 FC LEA EAX,DWORD PTR SS:
0048DC22|.BA 60DD4800 MOV EDX,WMAMP3Co.0048DD60 ;lb)a6fcw9k9
0048DC27|.E8 746DF7FF CALL WMAMP3Co.004049A0 ;//用户名与"Lb)a6Fcw9K9"相连
0048DC2C|.8B45 FC MOV EAX,DWORD PTR SS: ;//相连字符串
0048DC2F|.E8 646DF7FF CALL WMAMP3Co.00404998 ;//取相连字符串长度
0048DC34|.8BF0 MOV ESI,EAX ;//ESI=EAX=相连字符串长度
0048DC36|.D1FE SAR ESI,1 ;//ESI右移一位
0048DC38|.79 03 JNS SHORT WMAMP3Co.0048DC3D
0048DC3A|.83D6 00 ADC ESI,0
0048DC3D|>8D45 F0 LEA EAX,DWORD PTR SS:
0048DC40|.50 PUSH EAX
0048DC41|.8BCE MOV ECX,ESI ;//ECX=ESI
0048DC43|.BA 01000000 MOV EDX,1 ;//EDX=1
0048DC48|.8B45 FC MOV EAX,DWORD PTR SS: ;//相连字符串
0048DC4B|.E8 A06FF7FF CALL WMAMP3Co.00404BF0 ;//取相连字符串左边ECX位
0048DC50|.8B45 F0 MOV EAX,DWORD PTR SS: ;//相连字符串左边ECX位,设为X1
0048DC53|.50 PUSH EAX
0048DC54|.8D45 EC LEA EAX,DWORD PTR SS:
0048DC57|.50 PUSH EAX
0048DC58|.8B45 FC MOV EAX,DWORD PTR SS: ;//相连字符串
0048DC5B|.E8 386DF7FF CALL WMAMP3Co.00404998 ;//取相连字符串长度
0048DC60|.8BC8 MOV ECX,EAX ;//ECX=EAX=相连字符串长度
0048DC62|.8D56 01 LEA EDX,DWORD PTR DS:
0048DC65|.8B45 FC MOV EAX,DWORD PTR SS: ;//相连字符串
0048DC68|.E8 836FF7FF CALL WMAMP3Co.00404BF0 ;//取相连字符串余下位数
0048DC6D|.8B55 EC MOV EDX,DWORD PTR SS: ;//相连字符串余下位数,设为X2
0048DC70|.8D45 FC LEA EAX,DWORD PTR SS:
0048DC73|.59 POP ECX ;//字符串X1
0048DC74|.E8 6B6DF7FF CALL WMAMP3Co.004049E4 ;//取字符串X1长度
0048DC79|.8D45 F8 LEA EAX,DWORD PTR SS:
0048DC7C|.50 PUSH EAX
0048DC7D|.B9 0A000000 MOV ECX,0A ;//ECX=0A
0048DC82|.BA 01000000 MOV EDX,1 ;//EDX=1
0048DC87|.8B45 FC MOV EAX,DWORD PTR SS: ;//字符串X2+字符串X1,设为X3
0048DC8A|.E8 616FF7FF CALL WMAMP3Co.00404BF0 ;//取字符串X3左边10位,设为X4
0048DC8F|.8D45 F4 LEA EAX,DWORD PTR SS:
0048DC92|.50 PUSH EAX
0048DC93|.8B45 FC MOV EAX,DWORD PTR SS: ;//字符串X3
0048DC96|.E8 FD6CF7FF CALL WMAMP3Co.00404998 ;//取字符串X3长度
0048DC9B|.8BC8 MOV ECX,EAX ;//ECX=EAX=字符串X3长度
0048DC9D|.BA 06000000 MOV EDX,6 ;//EDX=6
0048DCA2|.8B45 FC MOV EAX,DWORD PTR SS: ;//字符串X3
0048DCA5|.E8 466FF7FF CALL WMAMP3Co.00404BF0 ;//取字符串X3的第6位以后的字符,设为X5
0048DCAA|.837D F4 00 CMP DWORD PTR SS:,0
0048DCAE|.75 10 JNZ SHORT WMAMP3Co.0048DCC0 ;//字符串X5不为空则跳
0048DCB0|.8D45 F4 LEA EAX,DWORD PTR SS:
0048DCB3|.BA 60DD4800 MOV EDX,WMAMP3Co.0048DD60 ;lb)a6fcw9k9
0048DCB8|.8B4D F8 MOV ECX,DWORD PTR SS:
0048DCBB|.E8 246DF7FF CALL WMAMP3Co.004049E4
0048DCC0|>53 PUSH EBX
0048DCC1|.8B4D F4 MOV ECX,DWORD PTR SS: ;//字符串X5
0048DCC4|.8B55 F8 MOV EDX,DWORD PTR SS: ;//字符串X4
0048DCC7|.8BC7 MOV EAX,EDI
0048DCC9|.E8 92F0FFFF CALL WMAMP3Co.0048CD60 ;//又一个算法CALL
0048DCCE|.8D45 E8 LEA EAX,DWORD PTR SS:
0048DCD1|.50 PUSH EAX
0048DCD2|.8B03 MOV EAX,DWORD PTR DS: ;//字符串Y1
0048DCD4|.B9 05000000 MOV ECX,5
0048DCD9|.BA 01000000 MOV EDX,1
0048DCDE|.E8 0D6FF7FF CALL WMAMP3Co.00404BF0
0048DCE3|.FF75 E8 PUSH DWORD PTR SS: ;//字符串Y1的1-5位
0048DCE6|.68 74DD4800 PUSH WMAMP3Co.0048DD74 ;-
0048DCEB|.8D45 E4 LEA EAX,DWORD PTR SS:
0048DCEE|.50 PUSH EAX
0048DCEF|.8B03 MOV EAX,DWORD PTR DS: ;//字符串Y1
0048DCF1|.B9 05000000 MOV ECX,5
0048DCF6|.BA 06000000 MOV EDX,6
0048DCFB|.E8 F06EF7FF CALL WMAMP3Co.00404BF0
0048DD00|.FF75 E4 PUSH DWORD PTR SS: ;//字符串Y1的6-10位
0048DD03|.68 74DD4800 PUSH WMAMP3Co.0048DD74 ;-
0048DD08|.8D45 E0 LEA EAX,DWORD PTR SS:
0048DD0B|.50 PUSH EAX
0048DD0C|.8B03 MOV EAX,DWORD PTR DS: ;//字符串Y1
0048DD0E|.B9 05000000 MOV ECX,5
0048DD13|.BA 0B000000 MOV EDX,0B
0048DD18|.E8 D36EF7FF CALL WMAMP3Co.00404BF0
0048DD1D|.FF75 E0 PUSH DWORD PTR SS: ;//字符串Y1的11-15位
0048DD20|.8BC3 MOV EAX,EBX
0048DD22|.BA 05000000 MOV EDX,5
0048DD27|.E8 2C6DF7FF CALL WMAMP3Co.00404A58
0048DD2C|.33C0 XOR EAX,EAX
0048DD2E|.5A POP EDX
0048DD2F|.59 POP ECX
0048DD30|.59 POP ECX
0048DD31|.64:8910 MOV DWORD PTR FS:,EDX
0048DD34|.68 4EDD4800 PUSH WMAMP3Co.0048DD4E
0048DD39|>8D45 E0 LEA EAX,DWORD PTR SS:
0048DD3C|.BA 08000000 MOV EDX,8
0048DD41|.E8 BE69F7FF CALL WMAMP3Co.00404704
0048DD46\.C3 RETN
0048DD47 .^ E9 1863F7FF JMP WMAMP3Co.00404064
0048DD4C .^ EB EB JMP SHORT WMAMP3Co.0048DD39
0048DD4E .5F POP EDI
0048DD4F .5E POP ESI
0048DD50 .5B POP EBX
0048DD51 .8BE5 MOV ESP,EBP
0048DD53 .5D POP EBP
0048DD54 .C3 RETN
==============================================================
0048CD60/$55 PUSH EBP
0048CD61|.8BEC MOV EBP,ESP
0048CD63|.83C4 E0 ADD ESP,-20
0048CD66|.53 PUSH EBX
0048CD67|.56 PUSH ESI
0048CD68|.57 PUSH EDI
0048CD69|.33DB XOR EBX,EBX
0048CD6B|.895D E0 MOV DWORD PTR SS:,EBX
0048CD6E|.895D F0 MOV DWORD PTR SS:,EBX
0048CD71|.894D F8 MOV DWORD PTR SS:,ECX
0048CD74|.8955 FC MOV DWORD PTR SS:,EDX
0048CD77|.8B45 FC MOV EAX,DWORD PTR SS: ;//字符串X4
0048CD7A|.E8 017EF7FF CALL WMAMP3Co.00404B80
0048CD7F|.8B45 F8 MOV EAX,DWORD PTR SS: ;//字符串X5
0048CD82|.E8 F97DF7FF CALL WMAMP3Co.00404B80
0048CD87|.33C0 XOR EAX,EAX
0048CD89|.55 PUSH EBP
0048CD8A|.68 7CCE4800 PUSH WMAMP3Co.0048CE7C
0048CD8F|.64:FF30 PUSH DWORD PTR FS:
0048CD92|.64:8920 MOV DWORD PTR FS:,ESP
0048CD95|.8B45 F8 MOV EAX,DWORD PTR SS: ;//字符串X5
0048CD98|.E8 FB7BF7FF CALL WMAMP3Co.00404998 ;//取字符串X5长度
0048CD9D|.8945 F4 MOV DWORD PTR SS:,EAX ;//=EAX=字符串X5长度
0048CDA0|.837D F4 00 CMP DWORD PTR SS:,0
0048CDA4|.75 0D JNZ SHORT WMAMP3Co.0048CDB3 ;//字符串X5长度不为0则跳
0048CDA6|.8D45 F8 LEA EAX,DWORD PTR SS:
0048CDA9|.BA 94CE4800 MOV EDX,WMAMP3Co.0048CE94 ;think space
0048CDAE|.E8 C579F7FF CALL WMAMP3Co.00404778
0048CDB3|>33F6 XOR ESI,ESI
0048CDB5|.BB 00010000 MOV EBX,100 ;//EBX=100
0048CDBA|.8D45 F0 LEA EAX,DWORD PTR SS:
0048CDBD|.50 PUSH EAX ; /Arg1
0048CDBE|.C745 E4 00010>MOV DWORD PTR SS:,100 ; |
0048CDC5|.C645 E8 00 MOV BYTE PTR SS:,0 ; |
0048CDC9|.8D55 E4 LEA EDX,DWORD PTR SS: ; |
0048CDCC|.33C9 XOR ECX,ECX ; |//ECX=0
0048CDCE|.B8 A8CE4800 MOV EAX,WMAMP3Co.0048CEA8 ; |%1.2x
0048CDD3|.E8 30CFF7FF CALL WMAMP3Co.00409D08 ; \WMAMP3Co.00409D08
0048CDD8|.8B45 FC MOV EAX,DWORD PTR SS: ;//字符串X4
0048CDDB|.E8 B87BF7FF CALL WMAMP3Co.00404998 ;//取字符串X4长度
0048CDE0|.8BF8 MOV EDI,EAX ;//EDI=EAX=字符串X4长度
0048CDE2|.85FF TEST EDI,EDI
0048CDE4|.7E 60 JLE SHORT WMAMP3Co.0048CE46
0048CDE6|.C745 EC 01000>MOV DWORD PTR SS:,1 ;//=1
0048CDED|>8B45 FC /MOV EAX,DWORD PTR SS: ;//字符串X4
0048CDF0|.8B55 EC |MOV EDX,DWORD PTR SS: ;//EDX=
0048CDF3|.0FB64410 FF |MOVZX EAX,BYTE PTR DS: ;//逐位取字符串X4的ASC值
0048CDF8|.03C3 |ADD EAX,EBX ;//EAX=EAX+EBX
0048CDFA|.B9 FF000000 |MOV ECX,0FF ;//ECX=0FF
0048CDFF|.99 |CDQ
0048CE00|.F7F9 |IDIV ECX ;//EAX/ECX,商送EAX,余送EDX
0048CE02|.8BDA |MOV EBX,EDX ;//EBX=EDX
0048CE04|.3B75 F4 |CMP ESI,DWORD PTR SS: ;//ESI与比较
0048CE07|.7D 03 |JGE SHORT WMAMP3Co.0048CE0C ;//若大于则跳
0048CE09|.46 |INC ESI ;//ESI=ESI+1
0048CE0A|.EB 05 |JMP SHORT WMAMP3Co.0048CE11
0048CE0C|>BE 01000000 |MOV ESI,1 ;//ESI=1
0048CE11|>8B45 F8 |MOV EAX,DWORD PTR SS: ;//字符串X5
0048CE14|.0FB64430 FF |MOVZX EAX,BYTE PTR DS: ;//逐位取字符串X5的ASC值
0048CE19|.33D8 |XOR EBX,EAX ;//EBX=EBX xor EAX
0048CE1B|.8D45 E0 |LEA EAX,DWORD PTR SS:
0048CE1E|.50 |PUSH EAX ; /Arg1
0048CE1F|.895D E4 |MOV DWORD PTR SS:,EBX ; |//=EBX
0048CE22|.C645 E8 00 |MOV BYTE PTR SS:,0 ; |
0048CE26|.8D55 E4 |LEA EDX,DWORD PTR SS: ; |
0048CE29|.33C9 |XOR ECX,ECX ; |//ECX=0
0048CE2B|.B8 A8CE4800 |MOV EAX,WMAMP3Co.0048CEA8 ; |%1.2x
0048CE30|.E8 D3CEF7FF |CALL WMAMP3Co.00409D08 ; \//将EBX转为字符形式
0048CE35|.8B55 E0 |MOV EDX,DWORD PTR SS: ;//EBX的字符形式
0048CE38|.8D45 F0 |LEA EAX,DWORD PTR SS:
0048CE3B|.E8 607BF7FF |CALL WMAMP3Co.004049A0 ;//相连
0048CE40|.FF45 EC |INC DWORD PTR SS: ;//=+1
0048CE43|.4F |DEC EDI ;//EDI=EDI-1
0048CE44|.^ 75 A7 \JNZ SHORT WMAMP3Co.0048CDED ;//循环
0048CE46|>8B45 08 MOV EAX,DWORD PTR SS:
0048CE49|.8B55 F0 MOV EDX,DWORD PTR SS: ;//相连的字符串,设为Y1
0048CE4C|.E8 E378F7FF CALL WMAMP3Co.00404734
0048CE51|.33C0 XOR EAX,EAX
0048CE53|.5A POP EDX
0048CE54|.59 POP ECX
0048CE55|.59 POP ECX
0048CE56|.64:8910 MOV DWORD PTR FS:,EDX
0048CE59|.68 83CE4800 PUSH WMAMP3Co.0048CE83
0048CE5E|>8D45 E0 LEA EAX,DWORD PTR SS:
0048CE61|.E8 7A78F7FF CALL WMAMP3Co.004046E0
0048CE66|.8D45 F0 LEA EAX,DWORD PTR SS:
0048CE69|.E8 7278F7FF CALL WMAMP3Co.004046E0
0048CE6E|.8D45 F8 LEA EAX,DWORD PTR SS:
0048CE71|.BA 02000000 MOV EDX,2
0048CE76|.E8 8978F7FF CALL WMAMP3Co.00404704
0048CE7B\.C3 RETN
0048CE7C .^ E9 E371F7FF JMP WMAMP3Co.00404064
0048CE81 .^ EB DB JMP SHORT WMAMP3Co.0048CE5E
0048CE83 .5F POP EDI
0048CE84 .5E POP ESI
0048CE85 .5B POP EBX
0048CE86 .8BE5 MOV ESP,EBP
0048CE88 .5D POP EBP
0048CE89 .C2 0400 RETN 4**************************************************************
【破解总结】
--------------------------------------------------------------
【算法总结】
将用户名变形,分成两部分计算,最后将计算结果1-5位,6-10位,11-15位用"-"相连即是注册码
--------------------------------------------------------------
【算法注册机】
〖VB代码〗
Private Sub Command1_Click()
If Len(Text1.Text) = 0 Then
Text2.Text = "请输入用户名!"
Else
A = Text1.Text
B = "Lb)a6Fcw9K9"
C = A & B
D = Len(C) \ 2
X1 = Left(C, D)
X2 = Right(C, Len(C) - D)
X3 = X2 & X1
X4 = Left(X3, 10)
X5 = Mid(X3, 6, Len(C) - 5)
E = 256
Y = Hex(E)
j = 0
For i = 1 To (Len(X4))
F = Asc(Mid(X4, i, 1))
F = F + E
F = F Mod 255
If j >= Len(X5) Then
j = 1
Else
j = j + 1
End If
G = Asc(Mid(X5, j, 1))
E = F Xor G
H = Hex(E)
For k = 1 To (2 - Len(H))
H = "0" & H
Next
Y = Y & H
Next
Text2.Text = Mid(Y, 1, 5) & "-" & Mid(Y, 6, 5) & "-" & Mid(Y, 11, 5)
End If
End Sub
--------------------------------------------------------------
【内存注册机】
中断地址 0048DAC3
中断次数 1
第一字节 E8
指令长度 5
内存方式-寄存器-EDX
--------------------------------------------------------------
【注册信息】
用户名:abcdef
注册码:1005D-87F60-4061F
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! 还没有看懂,保存下来认真看,看完再谈体会。 注释排版有点不爽...不过还是支持一下..辛苦了~~
页:
[1]