TA的每日心情 | 开心
2019-3-15 21:05 |
|---|
签到天数: 5 天 [LV.2]偶尔看看I
|
【破文标题】Solid Converter PDF V3.0 Build 299注册算法分析
【破文作者】A/N
【作者邮箱】[email protected]
【作者主页】
【破解工具】OD1.01.peid0.94
【破解平台】XP sp2
【软件名称】SolidConverterPDF
【软件大小】15061 KB
【原版下载】http://www.skycn.com/soft/20929.html
【保护方式】(15天使用限制)加密锁+网络验证
【软件简介】 Solid Converter PDF是一套专门将PDF文件转换成DOC的软件,除了转换成DOC文件外,还可以转换成RTF以及Word XML文件。除此之外,它还有一个图片撷取功能,可以让我们将PDF档里的图片撷取出来,以及将PDF档里的表格撷取出来,并输出到Excel里,方便我们编辑表格里的资料。
【破解声明】初学Crack,只是感兴趣,没有其它目的.失误之处敬请诸位大侠赐教!
------------------------------------------------------------------------
【破解过程】peid查壳,无壳.软件为Visual C++ 2005编译.
OD载入,前面代码略...进入算法流程:
10028180 8B4424 10 mov eax,dword ptr ss:[esp+10]
10028184 53 push ebx
10028185 8B5C24 0C mov ebx,dword ptr ss:[esp+C]
10028189 55 push ebp
1002818A 8B6C24 0C mov ebp,dword ptr ss:[esp+C]
1002818E 56 push esi
1002818F 57 push edi
10028190 8B7C24 1C mov edi,dword ptr ss:[esp+1C]
10028194 50 push eax
10028195 57 push edi
10028196 53 push ebx
10028197 55 push ebp
10028198 8BF1 mov esi,ecx
1002819A E8 89B40200 call Converte.10053628 ; 跟进
跟进1002819A处CALL来到:
10053628 55 push ebp
10053629 8BEC mov ebp,esp
1005362B 56 push esi
1005362C 8BF1 mov esi,ecx
1005362E 57 push edi
1005362F 8D4E 2C lea ecx,dword ptr ds:[esi+2C]
10053632 FF15 D8220C10 call dword ptr ds:[<&MFC71LU.#3927>] ; MFC71LU.#3928
10053638 84C0 test al,al
1005363A 74 0C je short Converte.10053648
1005363C 8BCE mov ecx,esi
1005363E E8 A2FCFFFF call Converte.100532E5
10053643 E8 F0C1FFFF call Converte.1004F838
10053648 33FF xor edi,edi
1005364A 57 push edi
1005364B 57 push edi
1005364C 57 push edi
1005364D 57 push edi
1005364E 57 push edi
1005364F 68 13FF0410 push Converte.1004FF13
10053654 E8 F1FD0500 call <jmp.&MFC71LU.#1021>
10053659 8B4D 10 mov ecx,dword ptr ss:[ebp+10]
1005365C FF15 D8220C10 call dword ptr ds:[<&MFC71LU.#3927>] ; MFC71LU.#3928
10053662 84C0 test al,al
10053664 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
10053667 74 45 je short Converte.100536AE
10053669 FF15 C8220C10 call dword ptr ds:[<&MFC71LU.#2895>] ; MFC71LU.#2896
1005366F 85C0 test eax,eax
10053671 74 36 je short Converte.100536A9
10053673 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
10053676 FF15 C8220C10 call dword ptr ds:[<&MFC71LU.#2895>] ; MFC71LU.#2896
1005367C 85C0 test eax,eax
1005367E 74 29 je short Converte.100536A9
10053680 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
10053683 53 push ebx
10053684 FF75 14 push dword ptr ss:[ebp+14]
10053687 8B1E mov ebx,dword ptr ds:[esi]
10053689 FF15 A8220C10 call dword ptr ds:[<&MFC71LU.#870>] ; 取jie
1005368F 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
10053692 50 push eax
10053693 FF15 A8220C10 call dword ptr ds:[<&MFC71LU.#870>] ; 取邮件地址
10053699 50 push eax
1005369A 57 push edi
1005369B 8BCE mov ecx,esi
1005369D FF53 0C call dword ptr ds:[ebx+C] ; 跟进
跟进1005369D处CALL来到:
10027770 6A FF push -1
10027772 68 04840B10 push Converte.100B8404
10027777 64:A1 00000000 mov eax,dword ptr fs:[0]
1002777D 50 push eax
1002777E 64:8925 0000000>mov dword ptr fs:[0],esp
10027785 83EC 0C sub esp,0C
10027788 53 push ebx
10027789 55 push ebp
1002778A 56 push esi
1002778B 57 push edi
1002778C 8D4424 18 lea eax,dword ptr ss:[esp+18]
10027790 6A 01 push 1
10027792 33F6 xor esi,esi
10027794 50 push eax
10027795 897424 18 mov dword ptr ss:[esp+18],esi
10027799 E8 D2FEFFFF call Converte.10027670
1002779E 83C4 08 add esp,8
100277A1 8B7C24 34 mov edi,dword ptr ss:[esp+34]
100277A5 8B6C24 30 mov ebp,dword ptr ss:[esp+30]
100277A9 8B4C24 2C mov ecx,dword ptr ss:[esp+2C]
100277AD 897424 24 mov dword ptr ss:[esp+24],esi
100277B1 8B7424 38 mov esi,dword ptr ss:[esp+38]
100277B5 56 push esi
100277B6 57 push edi
100277B7 55 push ebp
100277B8 51 push ecx
100277B9 BB 01000000 mov ebx,1
100277BE 8BC8 mov ecx,eax
100277C0 895C24 20 mov dword ptr ss:[esp+20],ebx
100277C4 FF15 A8220C10 call dword ptr ds:[<&MFC71LU.#870>] ; MFC71LU.#2806
100277CA 50 push eax
100277CB E8 62340100 call Converte.1003AC32 ; 跟进
跟进100277CB处CALL来到:
1003AC32 B8 CEAA0B10 mov eax,Converte.100BAACE
1003AC37 E8 90910700 call Converte.100B3DCC
1003AC3C 51 push ecx
1003AC3D 837D 08 00 cmp dword ptr ss:[ebp+8],0
1003AC41 0F84 9F000000 je Converte.1003ACE6
1003AC47 837D 10 00 cmp dword ptr ss:[ebp+10],0
1003AC4B 0F84 95000000 je Converte.1003ACE6
1003AC51 837D 14 00 cmp dword ptr ss:[ebp+14],0
1003AC55 0F84 8B000000 je Converte.1003ACE6
1003AC5B 53 push ebx
1003AC5C FF75 10 push dword ptr ss:[ebp+10]
1003AC5F 8D45 08 lea eax,dword ptr ss:[ebp+8]
1003AC62 FF75 0C push dword ptr ss:[ebp+C]
1003AC65 FF75 08 push dword ptr ss:[ebp+8]
1003AC68 50 push eax
1003AC69 E8 64FCFFFF call Converte.1003A8D2 ;
1003AC6E 83C4 10 add esp,10
1003AC71 8365 FC 00 and dword ptr ss:[ebp-4],0
1003AC75 8D4D 08 lea ecx,dword ptr ss:[ebp+8]
1003AC78 FF15 A8220C10 call dword ptr ds:[<&MFC71LU.#870>] ;将SolidConverterPDFv3Pro和[email protected]连接[email protected]
1003AC7E 50 push eax
1003AC7F 8D45 F0 lea eax,dword ptr ss:[ebp-10]
1003AC82 50 push eax
1003AC83 E8 CEFEFFFF call Converte.1003AB56
跟进1003AC83处CALL来到:
1003AB56 B8 BBAA0B10 mov eax,Converte.100BAABB
1003AB5B E8 6C920700 call Converte.100B3DCC
1003AB60 83EC 0C sub esp,0C
1003AB63 8365 E8 00 and dword ptr ss:[ebp-18],0
1003AB67 56 push esi
1003AB68 51 push ecx
1003AB69 8BCC mov ecx,esp
1003AB6B 8965 E8 mov dword ptr ss:[ebp-18],esp
1003AB6E FF75 0C push dword ptr ss:[ebp+C]
1003AB71 FF15 9C220C10 call dword ptr ds:[<&MFC71LU.#283>] ; [email protected]送EDX
1003AB77 E8 2341FFFF call Converte.1002EC9F ; 跟进
1003AB7C 8D4D EC lea ecx,dword ptr ss:[ebp-14]
1003AB7F 8BF0 mov esi,eax ; EAX送ESI
1003AB81 C70424 C0D30C10 mov dword ptr ss:[esp],Converte.100CD3C0 ; 取字符串bcdfghkmnpqrstvwxyz
1003AB88 FF15 9C220C10 call dword ptr ds:[<&MFC71LU.#283>] ; 字符串bcdfghkmnpqrstvwxyz送EDX
1003AB8E 8365 FC 00 and dword ptr ss:[ebp-4],0
1003AB92 68 08310C10 push Converte.100C3108
1003AB97 8D4D F0 lea ecx,dword ptr ss:[ebp-10]
1003AB9A FF15 9C220C10 call dword ptr ds:[<&MFC71LU.#283>] ; MFC71LU.#283
1003ABA0 C645 FC 01 mov byte ptr ss:[ebp-4],1
1003ABA4 EB 50 jmp short Converte.1003ABF6
1003ABA6 8D4D F0 lea ecx,dword ptr ss:[ebp-10]
1003ABA9 FF15 C8220C10 call dword ptr ds:[<&MFC71LU.#2895>] ; 已循环次数送EAX
1003ABAF 83F8 04 cmp eax,4 ; EAX和4比较
1003ABB2 7D 46 jge short Converte.1003ABFA ; 不小于就跳出循环
1003ABB4 8D4D EC lea ecx,dword ptr ss:[ebp-14]
1003ABB7 FF15 C8220C10 call dword ptr ds:[<&MFC71LU.#2895>] ; EAX=13
1003ABBD 8BC8 mov ecx,eax ; EAX送ECX
1003ABBF 8BC6 mov eax,esi ; 将刚才计算结果送EAX
1003ABC1 99 cdq ; 位扩展
1003ABC2 F7F9 idiv ecx ; EAX除以ECX(13),商保存在EAX,余数保存在EDX
1003ABC4 52 push edx
1003ABC5 E8 2E920700 call <jmp.&MSLUR71.labs>
1003ABCA 59 pop ecx
1003ABCB 50 push eax
1003ABCC 8D4D EC lea ecx,dword ptr ss:[ebp-14]
1003ABCF FF15 E8250C10 call dword ptr ds:[<&MFC71LU.#2444>] ; 跟进
1003ABD5 8845 E8 mov byte ptr ss:[ebp-18],al ; 查表结果送[ebp-18]
1003ABD8 FF75 E8 push dword ptr ss:[ebp-18]
1003ABDB 8D4D F0 lea ecx,dword ptr ss:[ebp-10]
1003ABDE FF15 F4280C10 call dword ptr ds:[<&MFC71LU.#897>] ; 查表结果
1003ABE4 8D4D EC lea ecx,dword ptr ss:[ebp-14]
1003ABE7 FF15 C8220C10 call dword ptr ds:[<&MFC71LU.#2895>] ; ***13送EAX***
1003ABED 8BC8 mov ecx,eax ; EAX送ECX
1003ABEF 8BC6 mov eax,esi ; 将刚才计算结果送EAX
1003ABF1 99 cdq ; 位扩展
1003ABF2 F7F9 idiv ecx ; EAX除以ECX(13),商保存在EAX,余数保存在EDX
1003ABF4 8BF0 mov esi,eax ; 商保存在ESI中
1003ABF6 85F6 test esi,esi
1003ABF8 ^ 75 AC jnz short Converte.1003ABA6 ; ***商不为0就继续,该段重复上面的循环过程,主要用于判断商是否为0***
1003ABFA 8D4D F0 lea ecx,dword ptr ss:[ebp-10]
1003ABFD FF15 F0280C10 call dword ptr ds:[<&MFC71LU.#4078>] ; 结果变成大写
1003AC03 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
1003AC06 8D45 F0 lea eax,dword ptr ss:[ebp-10]
1003AC09 50 push eax
1003AC0A FF15 D0220C10 call dword ptr ds:[<&MFC71LU.#280>] ; MFC71LU.#280
1003AC10 8D4D F0 lea ecx,dword ptr ss:[ebp-10]
1003AC13 FF15 B8220C10 call dword ptr ds:[<&MFC71LU.#577>] ; MFC71LU.#577
1003AC19 8D4D EC lea ecx,dword ptr ss:[ebp-14]
1003AC1C FF15 B8220C10 call dword ptr ds:[<&MFC71LU.#577>] ; MFC71LU.#577
1003AC22 8B4D F4 mov ecx,dword ptr ss:[ebp-C]
1003AC25 8B45 08 mov eax,dword ptr ss:[ebp+8]
1003AC28 64:890D 0000000>mov dword ptr fs:[0],ecx
1003AC2F 5E pop esi
1003AC30 C9 leave
1003AC31 C3 retn //返回
跟进1003AB77处CALL来到:
1002EC9F B8 A6920B10 mov eax,Converte.100B92A6
1002ECA4 E8 23510800 call Converte.100B3DCC
1002ECA9 81EC 04040000 sub esp,404
1002ECAF A1 A07E1110 mov eax,dword ptr ds:[10117EA0]
1002ECB4 53 push ebx
1002ECB5 56 push esi
1002ECB6 8945 F0 mov dword ptr ss:[ebp-10],eax
1002ECB9 57 push edi
1002ECBA 33DB xor ebx,ebx
1002ECBC 8D4D 08 lea ecx,dword ptr ss:[ebp+8]
1002ECBF 895D FC mov dword ptr ss:[ebp-4],ebx
1002ECC2 FF15 60280C10 call dword ptr ds:[<&MFC71LU.#4074>] ; MFC71LU.#4074
1002ECC8 53 push ebx
1002ECC9 53 push ebx
1002ECCA 68 00040000 push 400
1002ECCF 8D85 F0FBFFFF lea eax,dword ptr ss:[ebp-410]
1002ECD5 50 push eax
1002ECD6 8D4D 08 lea ecx,dword ptr ss:[ebp+8]
1002ECD9 FF15 C8220C10 call dword ptr ds:[<&MFC71LU.#2895>] ; 计算连接后字符串的长度
1002ECDF 50 push eax
1002ECE0 53 push ebx
1002ECE1 8D4D 08 lea ecx,dword ptr ss:[ebp+8]
1002ECE4 FF15 CC230C10 call dword ptr ds:[<&MFC71LU.#2460>] ; MFC71LU.#5149
1002ECEA 50 push eax
1002ECEB 53 push ebx
1002ECEC 53 push ebx
1002ECED FF15 DC7F1110 call dword ptr ds:[10117FDC] ; kernel32.WideCharToMultiByte
1002ECF3 8BF8 mov edi,eax
1002ECF5 6A FF push -1
1002ECF7 8D4D 08 lea ecx,dword ptr ss:[ebp+8]
1002ECFA 889C3D F0FBFFFF mov byte ptr ss:[ebp+edi-410],bl
1002ED01 FF15 C8230C10 call dword ptr ds:[<&MFC71LU.#5398>] ; 字符串全部变成小写
1002ED07 33C0 xor eax,eax ; 清空EAX
1002ED09 33F6 xor esi,esi ; 清空ESI
1002ED0B 3BFB cmp edi,ebx
1002ED0D 7E 13 jle short Converte.1002ED22
1002ED0F 0FBE8C05 F0FBFF>movsx ecx,byte ptr ss:[ebp+eax-410] ; 字符串逐位送ECX
1002ED17 8D740E 0D lea esi,dword ptr ds:[esi+ecx+D]
1002ED1B 03DE add ebx,esi ; 将字符串各位累加,结果放EBX
1002ED1D 40 inc eax ; EAX加一
1002ED1E 3BC7 cmp eax,edi ; 取完了没
1002ED20 ^ 7C ED jl short Converte.1002ED0F ; 没有就继续
1002ED22 8D4D 08 lea ecx,dword ptr ss:[ebp+8] ; 循环结束后EBX=000175B2
1002ED25 FF15 B8220C10 call dword ptr ds:[<&MFC71LU.#577>] ; MFC71LU.#577
1002ED2B 8B4D F4 mov ecx,dword ptr ss:[ebp-C]
1002ED2E 8BC3 mov eax,ebx ; 结果送EAX
1002ED30 C1E0 10 shl eax,10 ; EAX左移10位(16进制)
1002ED33 5F pop edi
1002ED34 03C6 add eax,esi ; EAX+ESI送EAX,ESI为118A
1002ED36 5E pop esi
1002ED37 64:890D 0000000>mov dword ptr fs:[0],ecx
1002ED3E 8B4D F0 mov ecx,dword ptr ss:[ebp-10]
1002ED41 5B pop ebx
1002ED42 E8 A24B0800 call Converte.100B38E9
1002ED47 C9 leave
1002ED48 C3 retn //返回
跟进1003ABCF处CALL来到
00521463 > 8B5424 04 mov edx,dword ptr ss:[esp+4]
00521467 85D2 test edx,edx
00521469 7C 0E jl short MFC71LU.00521479
0052146B 8B01 mov eax,dword ptr ds:[ecx] ; 字符表bcdfghkmnpqrstvwxyz送EAX
0052146D 3B50 F4 cmp edx,dword ptr ds:[eax-C]
00521470 7F 07 jg short MFC71LU.00521479
00521472 66:8B0450 mov ax,word ptr ds:[eax+edx*2] ; [eax+edx*2]送AX,查表结果
00521476 C2 0400 retn 4 ; 返回
------------------------------------------------------------------------
【破解总结】注册码只和邮件地址有关,将SolidConverterPDFv3Pro和所填邮件地址连接起来然后将各位的ASCII码累加,将累加结果加
上118A记为S,用S除以13(16进制),将商作为下次循环的被除数,余数用与查表bcdfghkmnpqrstvwxyz,循环次数大于4或商
为零时退出循环,最后将查表结果转换成大写字母即为注册码!
注册时,不一定使用邮件地址注册,只要大于5个字符即可计算出解锁码!
比如:
姓名:pyg
电子邮箱:gdyyhk
注册机构:www.chinapyg.com
解锁码:SXVP
姓名:pyg
电子邮箱:[email protected]
注册机构:www.chinapyg.com
解锁码:NZZD
------------------------------------------------------------------------
[ 本帖最后由 VC8 于 2007-8-7 16:35 编辑 ] |
|
IP卡
发表于 2007-2-28 07:35:30
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2007-2-28 13:50:48
发表于 2007-3-1 04:23:06
发表于 2007-3-7 11:22:26
