PhotoShrink 2.0算法分析
【破文标题】PhotoShrink 2.0算法分析【破文作者】tianxj
【作者邮箱】[email protected]
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD,DeDe
【破解平台】Windows XP sp3
【软件名称】PhotoShrink 2.0
【软件大小】1245KB
【软件语言】英文
【软件类别】国外软件/图像处理
【软件授权】共享版
【运行环境】Win9x/Me/NT/2000/XP/2003
【更新时间】2007-5-31
【原版下载】http://www.onlinedown.net/soft/58519.htm
【保护方式】注册码
【软件简介】PhotoShrink是一个使用方便的图形优化工具,可以根据电子邮件或者网页设计的需要对图形文件进行缩放以节省存储空间。它使用简单,支持批量缩放和鼠标操作,可以调整JPG格式文件的质量。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、对photoshrink.exe查壳为Borland Delphi 6.0 - 7.0
**************************************************************
二、用DeDe查找按钮事件就可以快速到达关键部位
00506A74/.55 push ebp
00506A75|.8BEC mov ebp, esp
00506A77|.33C9 xor ecx, ecx
00506A79|.51 push ecx
00506A7A|.51 push ecx
00506A7B|.51 push ecx
00506A7C|.51 push ecx
00506A7D|.51 push ecx
00506A7E|.51 push ecx
00506A7F|.53 push ebx
00506A80|.8BD8 mov ebx, eax
00506A82|.33C0 xor eax, eax
00506A84|.55 push ebp
00506A85|.68 C86B5000 push 00506BC8
00506A8A|.64:FF30 push dword ptr fs:
00506A8D|.64:8920 mov dword ptr fs:, esp
00506A90|.8D55 FC lea edx, dword ptr
00506A93|.8B83 08030000 mov eax, dword ptr
00506A99|.E8 02DFF3FF call 004449A0
00506A9E|.837D FC 00 cmp dword ptr , 0
00506AA2|.0F84 E4000000 je 00506B8C ;//邮箱名为空则跳
00506AA8|.8D55 F4 lea edx, dword ptr
00506AAB|.8B83 08030000 mov eax, dword ptr
00506AB1|.E8 EADEF3FF call 004449A0
00506AB6|.8B55 F4 mov edx, dword ptr ;//邮箱名
00506AB9|.8D4D F8 lea ecx, dword ptr
00506ABC|.A1 BC185100 mov eax, dword ptr
00506AC1|.8B00 mov eax, dword ptr
00506AC3|.E8 8C050000 call 00507054 ;//算法CALL
00506AC8|.8B45 F8 mov eax, dword ptr
00506ACB|.50 push eax
00506ACC|.8D55 F0 lea edx, dword ptr
00506ACF|.8B83 10030000 mov eax, dword ptr
00506AD5|.E8 C6DEF3FF call 004449A0
00506ADA|.8B55 F0 mov edx, dword ptr ;//试炼码
00506ADD|.58 pop eax ;//注册码
00506ADE|.E8 D9DEEFFF call 004049BC ;//比较CALL
00506AE3|.0F85 A3000000 jnz 00506B8C ;//关键跳转
00506AE9|.8D55 EC lea edx, dword ptr
00506AEC|.8B83 08030000 mov eax, dword ptr
00506AF2|.E8 A9DEF3FF call 004449A0
00506AF7|.8B55 EC mov edx, dword ptr
00506AFA|.A1 BC185100 mov eax, dword ptr
00506AFF|.8B00 mov eax, dword ptr
00506B01|.05 28030000 add eax, 328
00506B06|.E8 EDDAEFFF call 004045F8
00506B0B|.8D55 E8 lea edx, dword ptr
00506B0E|.8B83 10030000 mov eax, dword ptr
00506B14|.E8 87DEF3FF call 004449A0
00506B19|.8B55 E8 mov edx, dword ptr
00506B1C|.A1 BC185100 mov eax, dword ptr
00506B21|.8B00 mov eax, dword ptr
00506B23|.05 2C030000 add eax, 32C
00506B28|.E8 CBDAEFFF call 004045F8
00506B2D|.A1 BC185100 mov eax, dword ptr
00506B32|.8B00 mov eax, dword ptr
00506B34|.C680 24030000>mov byte ptr , 1
00506B3B|.A1 BC185100 mov eax, dword ptr
00506B40|.8B00 mov eax, dword ptr
00506B42|.E8 05060000 call 0050714C
00506B47|.A1 BC185100 mov eax, dword ptr
00506B4C|.8B00 mov eax, dword ptr
00506B4E|.8B80 F4020000 mov eax, dword ptr
00506B54|.33D2 xor edx, edx
00506B56|.E8 65DDF3FF call 004448C0
00506B5B|.A1 BC185100 mov eax, dword ptr
00506B60|.8B00 mov eax, dword ptr
00506B62|.8B80 08030000 mov eax, dword ptr
00506B68|.BA 08000000 mov edx, 8
00506B6D|.E8 76D5F3FF call 004440E8
00506B72|.8BC3 mov eax, ebx
00506B74|.E8 BB45F4FF call 0044B134
00506B79|.BA D86B5000 mov edx, 00506BD8 ;UNICODE "Thank you for registering PhotoShrink"
00506B7E|.E8 75B5F8FF call 004920F8
00506B83|.8BC3 mov eax, ebx
00506B85|.E8 7EB3F5FF call 00461F08
00506B8A|.EB 11 jmp short 00506B9D
00506B8C|>8BC3 mov eax, ebx
00506B8E|.E8 A145F4FF call 0044B134
00506B93|.BA 286C5000 mov edx, 00506C28 ;UNICODE "Name and Key do not Match!",LF,LF,"Make sure you've entered your email address and the key correctly and th"
00506B98|.E8 CBB5F8FF call 00492168
00506B9D|>33C0 xor eax, eax
00506B9F|.5A pop edx
00506BA0|.59 pop ecx
00506BA1|.59 pop ecx
00506BA2|.64:8910 mov dword ptr fs:, edx
00506BA5|.68 CF6B5000 push 00506BCF
00506BAA|>8D45 E8 lea eax, dword ptr
00506BAD|.BA 04000000 mov edx, 4
00506BB2|.E8 11DAEFFF call 004045C8
00506BB7|.8D45 F8 lea eax, dword ptr
00506BBA|.E8 E5D9EFFF call 004045A4
00506BBF|.8D45 FC lea eax, dword ptr
00506BC2|.E8 DDD9EFFF call 004045A4
00506BC7\.C3 retn
00506BC8 .^ E9 3FD3EFFF jmp 00403F0C
00506BCD .^ EB DB jmp short 00506BAA
00506BCF .5B pop ebx
00506BD0 .8BE5 mov esp, ebp
00506BD2 .5D pop ebp
00506BD3 .C3 retn
=====================================
00507054/$55 push ebp
00507055|.8BEC mov ebp, esp
00507057|.6A 00 push 0
00507059|.6A 00 push 0
0050705B|.6A 00 push 0
0050705D|.53 push ebx
0050705E|.56 push esi
0050705F|.8BF1 mov esi, ecx
00507061|.8955 FC mov dword ptr , edx
00507064|.8B45 FC mov eax, dword ptr
00507067|.E8 F4D9EFFF call 00404A60
0050706C|.33C0 xor eax, eax
0050706E|.55 push ebp
0050706F|.68 16715000 push 00507116
00507074|.64:FF30 push dword ptr fs:
00507077|.64:8920 mov dword ptr fs:, esp
0050707A|.837D FC 00 cmp dword ptr , 0
0050707E|.75 09 jnz short 00507089 ;//邮箱名不为空则跳
00507080|.8BC6 mov eax, esi
00507082|.E8 1DD5EFFF call 004045A4
00507087|.EB 72 jmp short 005070FB
00507089|>8D4D F8 lea ecx, dword ptr
0050708C|.BA 14000000 mov edx, 14
00507091|.B8 2C715000 mov eax, 0050712C ;ASCII "How DARE you crack my software!"
00507096|.E8 0DB4F8FF call 004924A8
0050709B|.BB 01000000 mov ebx, 1
005070A0|>8B45 FC /mov eax, dword ptr ;//邮箱名
005070A3|.E8 D0D7EFFF |call 00404878 ;//取邮箱名长度
005070A8|.50 |push eax
005070A9|.8BC3 |mov eax, ebx
005070AB|.48 |dec eax
005070AC|.5A |pop edx
005070AD|.8BCA |mov ecx, edx
005070AF|.99 |cdq
005070B0|.F7F9 |idiv ecx
005070B2|.8B45 FC |mov eax, dword ptr ;//邮箱名
005070B5|.8A0410 |mov al, byte ptr ;//循环取邮箱名
005070B8|.8B55 F8 |mov edx, dword ptr ;//字符串"How DARE you crack my software!"
005070BB|.8A541A FF |mov dl, byte ptr ;//逐位取字符串"How DARE you crack my software!"
005070BF|.32C2 |xor al, dl ;//异或
005070C1|.25 FF000000 |and eax, 0FF
005070C6|.8D55 F4 |lea edx, dword ptr
005070C9|.E8 A221F0FF |call 00409270 ;//EAX转10进制
005070CE|.8B45 F4 |mov eax, dword ptr ;//10进制字符
005070D1|.E8 A2D7EFFF |call 00404878
005070D6|.8B55 F4 |mov edx, dword ptr ;//10进制字符
005070D9|.8A4402 FF |mov al, byte ptr ;//取字符右边1位
005070DD|.50 |push eax
005070DE|.8D45 F8 |lea eax, dword ptr
005070E1|.E8 E2D9EFFF |call 00404AC8
005070E6|.5A |pop edx
005070E7|.885418 FF |mov byte ptr , dl ;//保存
005070EB|.43 |inc ebx ;//计数器+1
005070EC|.83FB 15 |cmp ebx, 15
005070EF|.^ 75 AF \jnz short 005070A0 ;//循环
005070F1|.8BC6 mov eax, esi
005070F3|.8B55 F8 mov edx, dword ptr ;//注册码
005070F6|.E8 FDD4EFFF call 004045F8
005070FB|>33C0 xor eax, eax
005070FD|.5A pop edx
005070FE|.59 pop ecx
005070FF|.59 pop ecx
00507100|.64:8910 mov dword ptr fs:, edx
00507103|.68 1D715000 push 0050711D
00507108|>8D45 F4 lea eax, dword ptr
0050710B|.BA 03000000 mov edx, 3
00507110|.E8 B3D4EFFF call 004045C8
00507115\.C3 retn
00507116 .^ E9 F1CDEFFF jmp 00403F0C
0050711B .^ EB EB jmp short 00507108
0050711D .5E pop esi
0050711E .5B pop ebx
0050711F .8BE5 mov esp, ebp
00507121 .5D pop ebp
00507122 .C3 retn
**************************************************************
【破解总结】
--------------------------------------------------------------
【算法总结】
用户名和固定字符串"How DARE you crack my software!"中的字符异或得到注册码
--------------------------------------------------------------
【算法注册机】
〖VB代码〗
Private Sub Command1_Click()
If Len(Text1.Text) = 0 Then
Text2.Text = "输入有误,请重新输入!"
Else
For I = 1 To 20
J = ((I - 1) Mod Len(Text1.Text)) + 1
X = Asc(Mid(Text1.Text, J, 1)) Xor Asc(Mid("How DARE you crack my software!", I, 1))
Y = Y & Right(X, 1)
Next
Text2.Text = Y
End If
End Sub
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! "How DARE you crack my software!"
呵呵!
强悍的T大! 感谢T大的精彩文章 "How DARE you crack my software!"
/:017
页:
[1]