- UID
- 28352
注册时间2007-2-21
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 开心
2024-5-1 14:44 |
|---|
签到天数: 2 天 [LV.1]初来乍到
|
【破文标题】PhotoShrink 2.0算法分析
【破文作者】tianxj
【作者邮箱】[email protected]
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD,DeDe
【破解平台】Windows XP sp3
【软件名称】PhotoShrink 2.0
【软件大小】1245KB
【软件语言】英文
【软件类别】国外软件/图像处理
【软件授权】共享版
【运行环境】Win9x/Me/NT/2000/XP/2003
【更新时间】2007-5-31
【原版下载】http://www.onlinedown.net/soft/58519.htm
【保护方式】注册码
【软件简介】PhotoShrink是一个使用方便的图形优化工具,可以根据电子邮件或者网页设计的需要对图形文件进行缩放以节省存储空间。它使用简单,支持批量缩放和鼠标操作,可以调整JPG格式文件的质量。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、对photoshrink.exe查壳为Borland Delphi 6.0 - 7.0
**************************************************************
二、用DeDe查找按钮事件就可以快速到达关键部位
- 00506A74 /. 55 push ebp
- 00506A75 |. 8BEC mov ebp, esp
- 00506A77 |. 33C9 xor ecx, ecx
- 00506A79 |. 51 push ecx
- 00506A7A |. 51 push ecx
- 00506A7B |. 51 push ecx
- 00506A7C |. 51 push ecx
- 00506A7D |. 51 push ecx
- 00506A7E |. 51 push ecx
- 00506A7F |. 53 push ebx
- 00506A80 |. 8BD8 mov ebx, eax
- 00506A82 |. 33C0 xor eax, eax
- 00506A84 |. 55 push ebp
- 00506A85 |. 68 C86B5000 push 00506BC8
- 00506A8A |. 64:FF30 push dword ptr fs:[eax]
- 00506A8D |. 64:8920 mov dword ptr fs:[eax], esp
- 00506A90 |. 8D55 FC lea edx, dword ptr [ebp-4]
- 00506A93 |. 8B83 08030000 mov eax, dword ptr [ebx+308]
- 00506A99 |. E8 02DFF3FF call 004449A0
- 00506A9E |. 837D FC 00 cmp dword ptr [ebp-4], 0
- 00506AA2 |. 0F84 E4000000 je 00506B8C ; //邮箱名为空则跳
- 00506AA8 |. 8D55 F4 lea edx, dword ptr [ebp-C]
- 00506AAB |. 8B83 08030000 mov eax, dword ptr [ebx+308]
- 00506AB1 |. E8 EADEF3FF call 004449A0
- 00506AB6 |. 8B55 F4 mov edx, dword ptr [ebp-C] ; //邮箱名
- 00506AB9 |. 8D4D F8 lea ecx, dword ptr [ebp-8]
- 00506ABC |. A1 BC185100 mov eax, dword ptr [5118BC]
- 00506AC1 |. 8B00 mov eax, dword ptr [eax]
- 00506AC3 |. E8 8C050000 call 00507054 ; //算法CALL
- 00506AC8 |. 8B45 F8 mov eax, dword ptr [ebp-8]
- 00506ACB |. 50 push eax
- 00506ACC |. 8D55 F0 lea edx, dword ptr [ebp-10]
- 00506ACF |. 8B83 10030000 mov eax, dword ptr [ebx+310]
- 00506AD5 |. E8 C6DEF3FF call 004449A0
- 00506ADA |. 8B55 F0 mov edx, dword ptr [ebp-10] ; //试炼码
- 00506ADD |. 58 pop eax ; //注册码
- 00506ADE |. E8 D9DEEFFF call 004049BC ; //比较CALL
- 00506AE3 |. 0F85 A3000000 jnz 00506B8C ; //关键跳转
- 00506AE9 |. 8D55 EC lea edx, dword ptr [ebp-14]
- 00506AEC |. 8B83 08030000 mov eax, dword ptr [ebx+308]
- 00506AF2 |. E8 A9DEF3FF call 004449A0
- 00506AF7 |. 8B55 EC mov edx, dword ptr [ebp-14]
- 00506AFA |. A1 BC185100 mov eax, dword ptr [5118BC]
- 00506AFF |. 8B00 mov eax, dword ptr [eax]
- 00506B01 |. 05 28030000 add eax, 328
- 00506B06 |. E8 EDDAEFFF call 004045F8
- 00506B0B |. 8D55 E8 lea edx, dword ptr [ebp-18]
- 00506B0E |. 8B83 10030000 mov eax, dword ptr [ebx+310]
- 00506B14 |. E8 87DEF3FF call 004449A0
- 00506B19 |. 8B55 E8 mov edx, dword ptr [ebp-18]
- 00506B1C |. A1 BC185100 mov eax, dword ptr [5118BC]
- 00506B21 |. 8B00 mov eax, dword ptr [eax]
- 00506B23 |. 05 2C030000 add eax, 32C
- 00506B28 |. E8 CBDAEFFF call 004045F8
- 00506B2D |. A1 BC185100 mov eax, dword ptr [5118BC]
- 00506B32 |. 8B00 mov eax, dword ptr [eax]
- 00506B34 |. C680 24030000>mov byte ptr [eax+324], 1
- 00506B3B |. A1 BC185100 mov eax, dword ptr [5118BC]
- 00506B40 |. 8B00 mov eax, dword ptr [eax]
- 00506B42 |. E8 05060000 call 0050714C
- 00506B47 |. A1 BC185100 mov eax, dword ptr [5118BC]
- 00506B4C |. 8B00 mov eax, dword ptr [eax]
- 00506B4E |. 8B80 F4020000 mov eax, dword ptr [eax+2F4]
- 00506B54 |. 33D2 xor edx, edx
- 00506B56 |. E8 65DDF3FF call 004448C0
- 00506B5B |. A1 BC185100 mov eax, dword ptr [5118BC]
- 00506B60 |. 8B00 mov eax, dword ptr [eax]
- 00506B62 |. 8B80 08030000 mov eax, dword ptr [eax+308]
- 00506B68 |. BA 08000000 mov edx, 8
- 00506B6D |. E8 76D5F3FF call 004440E8
- 00506B72 |. 8BC3 mov eax, ebx
- 00506B74 |. E8 BB45F4FF call 0044B134
- 00506B79 |. BA D86B5000 mov edx, 00506BD8 ; UNICODE "Thank you for registering PhotoShrink"
- 00506B7E |. E8 75B5F8FF call 004920F8
- 00506B83 |. 8BC3 mov eax, ebx
- 00506B85 |. E8 7EB3F5FF call 00461F08
- 00506B8A |. EB 11 jmp short 00506B9D
- 00506B8C |> 8BC3 mov eax, ebx
- 00506B8E |. E8 A145F4FF call 0044B134
- 00506B93 |. BA 286C5000 mov edx, 00506C28 ; UNICODE "Name and Key do not Match!",LF,LF,"Make sure you've entered your email address and the key correctly and th"
- 00506B98 |. E8 CBB5F8FF call 00492168
- 00506B9D |> 33C0 xor eax, eax
- 00506B9F |. 5A pop edx
- 00506BA0 |. 59 pop ecx
- 00506BA1 |. 59 pop ecx
- 00506BA2 |. 64:8910 mov dword ptr fs:[eax], edx
- 00506BA5 |. 68 CF6B5000 push 00506BCF
- 00506BAA |> 8D45 E8 lea eax, dword ptr [ebp-18]
- 00506BAD |. BA 04000000 mov edx, 4
- 00506BB2 |. E8 11DAEFFF call 004045C8
- 00506BB7 |. 8D45 F8 lea eax, dword ptr [ebp-8]
- 00506BBA |. E8 E5D9EFFF call 004045A4
- 00506BBF |. 8D45 FC lea eax, dword ptr [ebp-4]
- 00506BC2 |. E8 DDD9EFFF call 004045A4
- 00506BC7 \. C3 retn
- 00506BC8 .^ E9 3FD3EFFF jmp 00403F0C
- 00506BCD .^ EB DB jmp short 00506BAA
- 00506BCF . 5B pop ebx
- 00506BD0 . 8BE5 mov esp, ebp
- 00506BD2 . 5D pop ebp
- 00506BD3 . C3 retn
- =====================================
- 00507054 /$ 55 push ebp
- 00507055 |. 8BEC mov ebp, esp
- 00507057 |. 6A 00 push 0
- 00507059 |. 6A 00 push 0
- 0050705B |. 6A 00 push 0
- 0050705D |. 53 push ebx
- 0050705E |. 56 push esi
- 0050705F |. 8BF1 mov esi, ecx
- 00507061 |. 8955 FC mov dword ptr [ebp-4], edx
- 00507064 |. 8B45 FC mov eax, dword ptr [ebp-4]
- 00507067 |. E8 F4D9EFFF call 00404A60
- 0050706C |. 33C0 xor eax, eax
- 0050706E |. 55 push ebp
- 0050706F |. 68 16715000 push 00507116
- 00507074 |. 64:FF30 push dword ptr fs:[eax]
- 00507077 |. 64:8920 mov dword ptr fs:[eax], esp
- 0050707A |. 837D FC 00 cmp dword ptr [ebp-4], 0
- 0050707E |. 75 09 jnz short 00507089 ; //邮箱名不为空则跳
- 00507080 |. 8BC6 mov eax, esi
- 00507082 |. E8 1DD5EFFF call 004045A4
- 00507087 |. EB 72 jmp short 005070FB
- 00507089 |> 8D4D F8 lea ecx, dword ptr [ebp-8]
- 0050708C |. BA 14000000 mov edx, 14
- 00507091 |. B8 2C715000 mov eax, 0050712C ; ASCII "How DARE you crack my software!"
- 00507096 |. E8 0DB4F8FF call 004924A8
- 0050709B |. BB 01000000 mov ebx, 1
- 005070A0 |> 8B45 FC /mov eax, dword ptr [ebp-4] ; //邮箱名
- 005070A3 |. E8 D0D7EFFF |call 00404878 ; //取邮箱名长度
- 005070A8 |. 50 |push eax
- 005070A9 |. 8BC3 |mov eax, ebx
- 005070AB |. 48 |dec eax
- 005070AC |. 5A |pop edx
- 005070AD |. 8BCA |mov ecx, edx
- 005070AF |. 99 |cdq
- 005070B0 |. F7F9 |idiv ecx
- 005070B2 |. 8B45 FC |mov eax, dword ptr [ebp-4] ; //邮箱名
- 005070B5 |. 8A0410 |mov al, byte ptr [eax+edx] ; //循环取邮箱名
- 005070B8 |. 8B55 F8 |mov edx, dword ptr [ebp-8] ; //字符串"How DARE you crack my software!"
- 005070BB |. 8A541A FF |mov dl, byte ptr [edx+ebx-1] ; //逐位取字符串"How DARE you crack my software!"
- 005070BF |. 32C2 |xor al, dl ; //异或
- 005070C1 |. 25 FF000000 |and eax, 0FF
- 005070C6 |. 8D55 F4 |lea edx, dword ptr [ebp-C]
- 005070C9 |. E8 A221F0FF |call 00409270 ; //EAX转10进制
- 005070CE |. 8B45 F4 |mov eax, dword ptr [ebp-C] ; //10进制字符
- 005070D1 |. E8 A2D7EFFF |call 00404878
- 005070D6 |. 8B55 F4 |mov edx, dword ptr [ebp-C] ; //10进制字符
- 005070D9 |. 8A4402 FF |mov al, byte ptr [edx+eax-1] ; //取字符右边1位
- 005070DD |. 50 |push eax
- 005070DE |. 8D45 F8 |lea eax, dword ptr [ebp-8]
- 005070E1 |. E8 E2D9EFFF |call 00404AC8
- 005070E6 |. 5A |pop edx
- 005070E7 |. 885418 FF |mov byte ptr [eax+ebx-1], dl ; //保存
- 005070EB |. 43 |inc ebx ; //计数器+1
- 005070EC |. 83FB 15 |cmp ebx, 15
- 005070EF |.^ 75 AF \jnz short 005070A0 ; //循环
- 005070F1 |. 8BC6 mov eax, esi
- 005070F3 |. 8B55 F8 mov edx, dword ptr [ebp-8] ; //注册码
- 005070F6 |. E8 FDD4EFFF call 004045F8
- 005070FB |> 33C0 xor eax, eax
- 005070FD |. 5A pop edx
- 005070FE |. 59 pop ecx
- 005070FF |. 59 pop ecx
- 00507100 |. 64:8910 mov dword ptr fs:[eax], edx
- 00507103 |. 68 1D715000 push 0050711D
- 00507108 |> 8D45 F4 lea eax, dword ptr [ebp-C]
- 0050710B |. BA 03000000 mov edx, 3
- 00507110 |. E8 B3D4EFFF call 004045C8
- 00507115 \. C3 retn
- 00507116 .^ E9 F1CDEFFF jmp 00403F0C
- 0050711B .^ EB EB jmp short 00507108
- 0050711D . 5E pop esi
- 0050711E . 5B pop ebx
- 0050711F . 8BE5 mov esp, ebp
- 00507121 . 5D pop ebp
- 00507122 . C3 retn
【破解总结】
--------------------------------------------------------------
【算法总结】
用户名和固定字符串"How DARE you crack my software!"中的字符异或得到注册码
--------------------------------------------------------------
【算法注册机】
〖VB代码〗
Private Sub Command1_Click()
If Len(Text1.Text) = 0 Then
Text2.Text = "输入有误,请重新输入!"
Else
For I = 1 To 20
J = ((I - 1) Mod Len(Text1.Text)) + 1
X = Asc(Mid(Text1.Text, J, 1)) Xor Asc(Mid("How DARE you crack my software!", I, 1))
Y = Y & Right(X, 1)
Next
Text2.Text = Y
End If
End Sub
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! |
评分
-
查看全部评分
|
IP卡
发表于 2009-12-7 22:10:22
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2009-12-8 00:14:23
发表于 2009-12-9 15:01:00
发表于 2009-12-9 18:25:08