- UID
- 8608
注册时间2006-2-27
阅读权限20
最后登录1970-1-1
以武会友
 
TA的每日心情 | 擦汗
2020-7-7 10:06 |
|---|
签到天数: 2 天 [LV.1]初来乍到
|
软件名称:Sweet Sixteen MIDI Sequencer 3.30
软件大小:433KB
软件语言:英文
软件类别:国外软件/共享版/MIDI工具
运行环境:Win9x/Me/NT/2000/XP
下载地址:
[url=http://sq.onlinedown.net:82/down/s32wshar.zip]Sweet Sixteen MIDI Sequencer 3.30[/url]软件介绍
Sweet Sixteen MIDI Sequencer 是一个可以广泛应用且功能强大的 MIDI 音乐创作编辑程序,支持 PC/Windows 及 Atari ST/STE 计算机,提供您专业的合成功能,还可以播放 24 + 24 的音轨。
==================================================
运行程序,要求注册,随便输入一个注册码时显示:"Not a valid password!"
用OD加载后搜索该字符串,可找到如下程序。
============
00430BAC > \6A 1E push 1E ; /Count = 1E (30.); Case 1 of switch 00430B50
00430BAE . 68 4823>push 00472348 ; |Buffer = Sweet_32.00472348
00430BB3 . 6A 64 push 64 ; |ControlID = 64 (100.)
00430BB5 . 53 push ebx ; |hWnd
00430BB6 . FF15 4C>call [<&USER32.GetDlgItemTextA>] ; \GetDlgItemTextA //获取输入的SN
00430BBC . E8 9FFE>call 00430A60 //关键调用
===>>
00430A60 /$ 83EC 54 sub esp, 54
00430A63 |. A1 34CD>mov eax, [46CD34] ; EAX=9D51E743
00430A68 |. 33C4 xor eax, esp
00430A6A |. 894424 >mov [esp+50], eax
00430A6E |. 33C0 xor eax, eax
00430A70 |> 8A88 E0>/mov cl, [eax+46B2E0]
00430A76 |. 884C04 >|mov [esp+eax+18], cl
00430A7A |. 83C0 01 |add eax, 1
00430A7D |. 84C9 |test cl, cl
00430A7F |.^ 75 EF \jnz short 00430A70
00430A81 |. 8D4C24 >lea ecx, [esp+18] ; [EAX]=Stj0`x:3+<wd
00430A85 |. E8 86FF>call 00430A10
=====>
00430A10 /$ 56 push esi
00430A11 |. 33F6 xor esi, esi ; ESI=i=0
00430A13 |. 8039 0>cmp byte ptr [ecx], 0 ; [ECX]=arS="Stj0`x:3+<wd"
00430A16 |. 74 3B je short 00430A53
00430A18 |. EB 06 jmp short 00430A20
00430A1A | 8D9B 0>lea ebx, [ebx]
00430A20 |> B8 565>/mov eax, 55555556 ; EAX=C1=55555556
00430A25 |. F7EE |imul esi ; EAX=C1*i
00430A27 |. 8BC2 |mov eax, edx ; EAX=EDX=X=HIGH(C1*i)
00430A29 |. C1E8 1>|shr eax, 1F ; EAX=X SHR 31
00430A2C |. 03C2 |add eax, edx ; EAX=(X SHR 31)+X
00430A2E |. 8D1440 |lea edx, [eax+eax*2] ; EDX=((X SHR 31)+X)*3
00430A31 |. 8BC6 |mov eax, esi ; EAX=i
00430A33 |. 2BC2 |sub eax, edx ; EAX=i-((X SHR 31)+X)*3
00430A35 |. 75 05 |jnz short 00430A3C ; IF EAX=0 THEN
00430A37 |. 8001 F>|add byte ptr [ecx], 0FD ; arS[i]=arS[i]+0xFD
00430A3A |. EB 0C |jmp short 00430A48 ; else
00430A3C |> 83F8 0>|cmp eax, 1
00430A3F |. 75 04 |jnz short 00430A45 ; if eax=1 then
00430A41 |. 0001 |add [ecx], al ; arS[i]=arS[i]+1
00430A43 |. EB 03 |jmp short 00430A48 ; else
00430A45 |> 8001 0>|add byte ptr [ecx], 2 ; arS[i]=arS[i]+2
00430A48 |> 83C1 0>|add ecx, 1 ; i=i+1
00430A4B |. 83C6 0>|add esi, 1
00430A4E |. 8039 0>|cmp byte ptr [ecx], 0
00430A51 |.^ 75 CD \jnz short 00430A20
00430A53 |> 5E pop esi
00430A54 \. C3 retn
0012F5EC 50 75 6C 2D 61 7A 37 34 2D 39 78 66 Pul-az74-9xf
<<====
00430A8A |. 8D4424 >lea eax, [esp+38] ; [eax]=sn
00430A8E |. 50 push eax
00430A8F |. B9 C042>mov ecx, 004742C0
00430A94 |. E8 07F4>call 0043FEA0
00430A99 |. 50 push eax
00430A9A |. B9 C042>mov ecx, 004742C0
00430A9F |. E8 ECF5>call 00440090
00430AA4 |. 6A 10 push 10
00430AA6 |. 8D4C24 >lea ecx, [esp+4]
00430AAA |. 51 push ecx
00430AAB |. 50 push eax
00430AAC |. E8 5F91>call 00449C10
00430AB1 |. 83C4 0C add esp, 0C
00430AB4 |. 8D1424 lea edx, [esp]
00430AB7 |. 52 push edx ; /StringOrChar
00430AB8 |. FF15 60>call [<&USER32.CharUpperA>] ; \CharUpperA
00430ABE |. 8D4424 >lea eax, [esp+18]
00430AC2 |. 50 push eax //SN
00430AC3 |. 68 4823>push 00472348 ; ASCII "Pul-az74-9xf"
00430AC8 |. B9 C042>mov ecx, 004742C0
00430ACD |. E8 BEF1>call 0043FC90
00430AD2 |. 85C0 test eax, eax
00430AD4 |. 74 29 je short 00430AFF //跳就OK了。
00430AD6 |. 68 4823>push 00472348 ; ASCII "Pul-az74-9xf"
00430ADB |. 8D4C24 >lea ecx, [esp+4]
00430ADF |. 51 push ecx
00430AE0 |. B9 C042>mov ecx, 004742C0
00430AE5 |. E8 A6F1>call 0043FC90
00430AEA |. 85C0 test eax, eax
00430AEC |. 74 11 je short 00430AFF
00430AEE |. 33C0 xor eax, eax
00430AF0 |. 8B4C24 >mov ecx, [esp+50]
00430AF4 |. 33CC xor ecx, esp
00430AF6 |. E8 7990>call 00449B74
00430AFB |. 83C4 54 add esp, 54
00430AFE |. C3 retn
00430AFF |> 8B4C24 >mov ecx, [esp+50] //跳到这里就OK
00430B03 |. 33CC xor ecx, esp
00430B05 |. B8 0100>mov eax, 1
00430B0A |. E8 6590>call 00449B74
00430B0F |. 83C4 54 add esp, 54
00430B12 \. C3 retn
<<====
00430BC1 . 85C0 test eax, eax //eax=1就OK
00430BC3 . 6A 30 push 30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL
00430BC5 . 74 4B je short 00430C12 ; |
00430BC7 . 8B0D 0C>mov ecx, [47370C] ; |Sweet_32.00460FD4
00430BCD . 51 push ecx ; |Title => "Sweet Sixteen MIDI Sequencer"
00430BCE . 68 2800>push 00460028 ; |Text = "Thanks for registering!",LF,"Please restart the program!"
00430BD3 . 53 push ebx ; |hOwner
00430BD4 . FF15 C8>call [<&USER32.MessageBoxA>] ; \MessageBoxA
00430BDA . 33C0 xor eax, eax
00430BDC . 6A 01 push 1 ; /Result = 1
00430BDE . 53 push ebx ; |hWnd
00430BDF . C705 FC>mov dword ptr [46C1FC], 1 ; |
00430BE9 . 66:A3 0>mov [474208], ax ; |
00430BEF . 66:A3 0>mov [474204], ax ; |
00430BF5 . FF15 90>call [<&USER32.EndDialog>] ; \EndDialog
00430BFB . B8 0100>mov eax, 1
00430C00 . 5B pop ebx
00430C01 . 8B4C24 >mov ecx, [esp+60]
00430C05 . 33CC xor ecx, esp
00430C07 . E8 688F>call 00449B74
00430C0C . 83C4 64 add esp, 64
00430C0F . C2 1000 retn 10
00430C12 > 8B15 0C>mov edx, [47370C] ; |Sweet_32.00460FD4
00430C18 . 52 push edx ; |Title => "Sweet Sixteen MIDI Sequencer"
00430C19 . 68 1000>push 00460010 ; |Text = "Not a valid password!"
00430C1E . 53 push ebx ; |hOwner
00430C1F . FF15 C8>call [<&USER32.MessageBoxA>] ; \MessageBoxA
00430C25 . 6A 01 push 1 ; /Result = 1
00430C27 . 53 push ebx ; |hWnd
00430C28 . C705 FC>mov dword ptr [46C1FC], 0 ; |
00430C32 . FF15 90>call [<&USER32.EndDialog>] ; \EndDialog
================
SN:Pul-az74-9xf
[[i] 本帖最后由 spc_cll 于 2006-4-3 15:19 编辑 [/i]] |
|
IP卡
发表于 2006-4-3 23:11:48
提升卡
置顶卡
变色卡
千斤顶
显身卡