- UID
- 37896
注册时间2007-12-1
阅读权限10
最后登录1970-1-1
周游历练
该用户从未签到
|
【破文标题】暴破\MP4-RM 全能视频转换专家2008标准版
【破文作者】hnld
【作者邮箱】
【作者主页】
【破解工具】OD
【破解平台】WIN XP
【软件名称】MP4-RM 全能视频转换专家2008标准版
【软件大小】11.2m
【原版下载】http://www.skycn.com/soft/32897.html
【保护方式】未加壳
【软件简介】MP4/RM 全能视频转换专家2007(标准版)是一款多格式转换软件。
它可以帮助您将几乎所有流行的视频格式
如RM/RMVB/VOB/AVI/MPEG/DAT/VCD/SVCD/DVD/ASF/WMV/MPG
等视频文件转换为普通MP4机、MP4手机、PSP机、iPod或DVD影碟机等硬件支持的AVI、MP4、PMP格式;
AVI格式:适合各种支持DivX/XivD/MJpeg1/MJpeg2/H264编码的MP4机、手机、PDA等,您可以根据您的需求进行参数设置.
MP4格式:适合支持MP4格式的手机、iPod
PMP格式:适合于PSP机
其主要特点如下:
1.转换后的文件可在MP4、手机及支持MP4的DVD碟机上播放;
2.能在 PSP上播放。
3.能在 IPOD上播放。
4.极高的转换速度和高清晰的图像质量。
5.转换过程非常简单、快速。
6.支持批量转换,可以处理多个文件。
【破解声明】本人菜鸟一个,看到zhichuang的暴破\MP4-RM 全能视频转换专家2008标准版中有人说暴破后还是只能用10分钟,于是就不自量力的想追踪一下注册码,晕头晕脑几天之后终于找到了注册码,这是我第一次自己单独找出注册码,于是狂喜。过后也拿出来和大家分享一把。由于本人实在太菜了,不会编注册机。也是一桩憾事。
【破解过程】首先,安装软件,然后用PEID查壳,无壳,是用Microsoft Visual C++ 6.0编写!
根据提示:非法序列号或验证码。来到00406335
向上找来到句首下段
004061B8 . 55 push ebp
004061B9 . 56 push esi
004061BA . 57 push edi
004061BB . 8BF1 mov esi, ecx
004061BD . 6A 01 push 1
在004061B8 F2,然后sfift+F9,来到这里
004061B8 . 55 push ebp
004061B9 . 56 push esi
004061BA . 57 push edi
004061BB . 8BF1 mov esi, ecx
004061BD . 6A 01 push 1
004061BF . E8 B8C70100 call 0042297C
004061C4 . 8B46 60 mov eax, dword ptr [esi+60]
004061C7 . 8B40 F8 mov eax, dword ptr [eax-8]
004061CA . 83F8 13 cmp eax, 13 ; 不是19位帐号就over
004061CD . 0F85 92010000 jnz 00406365
004061D3 . 8B4E 5C mov ecx, dword ptr [esi+5C]
004061D6 . 8379 F8 13 cmp dword ptr [ecx-8], 13 ; 不是19位密码也over
004061DA . 0F85 85010000 jnz 00406365
004061E0 . 53 push ebx
004061E1 . 68 F4454300 push 004345F4 ; \ur.rtbt
004061E6 . 8D5424 14 lea edx, dword ptr [esp+14]
004061EA . 68 B4AB4300 push 0043ABB4 ; x
004061EF . 52 push edx
004061F0 . E8 88970100 call 0041F97D
004061F5 . 8B00 mov eax, dword ptr [eax]
004061F7 . C74424 6C 000>mov dword ptr [esp+6C], 0
004061FF . 50 push eax
00406200 . E8 EBA00000 call 004102F0
00406205 . 83CD FF or ebp, FFFFFFFF
00406208 . 83C4 04 add esp, 4
0040620B . 8D4C24 10 lea ecx, dword ptr [esp+10]
0040620F . 8AD8 mov bl, al
00406211 . 896C24 6C mov dword ptr [esp+6C], ebp
00406215 . E8 5B950100 call 0041F775
0040621A . 84DB test bl, bl
0040621C . 5B pop ebx
0040621D . 74 27 je short 00406246
0040621F . 6A 00 push 0 ; /Arg3 = 00000000
00406221 . 6A 00 push 0 ; |Arg2 = 00000000
00406223 . 68 7C464300 push 0043467C ; |注册成功
00406228 . E8 48010200 call 00426375 ; \MP4X.00426375
0040622D . 8BCE mov ecx, esi
0040622F . E8 A2A40100 call 004206D6
00406234 . 5F pop edi
00406235 . 5E pop esi
00406236 . 5D pop ebp
00406237 . 8B4C24 54 mov ecx, dword ptr [esp+54]
0040623B . 64:890D 00000>mov dword ptr fs:[0], ecx
00406242 . 83C4 60 add esp, 60
00406245 . C3 retn
00406246 > 8D4C24 28 lea ecx, dword ptr [esp+28]
0040624A . E8 E1370000 call 00409A30
0040624F . 8D4424 3C lea eax, dword ptr [esp+3C]
00406253 . C74424 68 010>mov dword ptr [esp+68], 1
0040625B . 50 push eax
0040625C . E8 5F360000 call 004098C0
00406261 . 8B46 60 mov eax, dword ptr [esi+60]
00406264 . 83C4 04 add esp, 4
00406267 . 8D4C24 48 lea ecx, dword ptr [esp+48]
0040626B . 50 push eax
0040626C . E8 6F7C0000 call 0040DEE0
00406271 . 8B46 5C mov eax, dword ptr [esi+5C]
00406274 . 8D4C24 54 lea ecx, dword ptr [esp+54]
00406278 . 50 push eax
00406279 . E8 627C0000 call 0040DEE0
0040627E . 8D4C24 28 lea ecx, dword ptr [esp+28]
00406282 . E8 493B0000 call 00409DD0 ; 关键CALL
00406287 . 84C0 test al, al
00406289 . 6A 00 push 0 ; /Arg3 = 00000000
0040628B . 6A 00 push 0 ; |Arg2 = 00000000
0040628D . 0F84 A2000000 je 00406335 ; |
00406293 . 68 7C464300 push 0043467C ; |注册成功
00406298 . E8 D8000200 call 00426375 ; \MP4X.00426375
0040629D . 68 F4454300 push 004345F4 ; \ur.rtbt
004062A2 . 8D4C24 14 lea ecx, dword ptr [esp+14]
004062A6 . 68 B4AB4300 push 0043ABB4 ; x
004062AB . 51 push ecx
004062AC . E8 CC960100 call 0041F97D
004062B1 . 8B00 mov eax, dword ptr [eax]
004062B3 . 68 AC454300 push 004345AC ; wb
004062B8 . 50 push eax
004062B9 . E8 CBD60000 call 00413989
004062BE . 83C4 08 add esp, 8
004062C1 . 8D4C24 10 lea ecx, dword ptr [esp+10]
004062C5 . 8BF8 mov edi, eax
004062C7 . E8 A9940100 call 0041F775
004062CC . 85FF test edi, edi
004062CE . 75 09 jnz short 004062D9
004062D0 . 8BCE mov ecx, esi
004062D2 . E8 FFA30100 call 004206D6
004062D7 . EB 6D jmp short 00406346
004062D9 > 8D4C24 14 lea ecx, dword ptr [esp+14]
004062DD . E8 CE770000 call 0040DAB0
004062E2 . 68 DC454300 push 004345DC ; 视频转换(标准版)
004062E7 . 8D4C24 34 lea ecx, dword ptr [esp+34]
004062EB . C64424 6C 02 mov byte ptr [esp+6C], 2
004062F0 . E8 EB7B0000 call 0040DEE0
004062F5 . 8D5424 14 lea edx, dword ptr [esp+14]
004062F9 . 8D4C24 28 lea ecx, dword ptr [esp+28]
004062FD . 52 push edx
004062FE . E8 ED380000 call 00409BF0
00406303 . 8B4424 1C mov eax, dword ptr [esp+1C]
00406307 . 8B4C24 18 mov ecx, dword ptr [esp+18]
0040630B . 57 push edi
0040630C . 50 push eax
0040630D . 6A 01 push 1
0040630F . 51 push ecx
00406310 . E8 B1D30000 call 004136C6
00406315 . 57 push edi
00406316 . E8 C0D50000 call 004138DB
0040631B . 83C4 14 add esp, 14
0040631E . 8BCE mov ecx, esi
00406320 . E8 B1A30100 call 004206D6
00406325 . 8D4C24 14 lea ecx, dword ptr [esp+14]
00406329 . C64424 68 01 mov byte ptr [esp+68], 1
0040632E . E8 CD770000 call 0040DB00
00406333 . EB 11 jmp short 00406346
00406335 > 68 68464300 push 00434668 ; |非法序列号或验证码
0040633A . E8 36000200 call 00426375 ; \MP4X.00426375
0040633F . 8BCE mov ecx, esi
00406341 . E8 A9A30100 call 004206EF
00406346 > 8D4C24 28 lea ecx, dword ptr [esp+28]
0040634A . 896C24 68 mov dword ptr [esp+68], ebp
0040634E . E8 7D370000 call 00409AD0
00406353 . 5F pop edi
00406354 . 5E pop esi
00406355 . 5D pop ebp
00406356 . 8B4C24 54 mov ecx, dword ptr [esp+54]
0040635A . 64:890D 00000>mov dword ptr fs:[0], ecx
00406361 . 83C4 60 add esp, 60
00406364 . C3 retn
00406365 > 6A 00 push 0 ; /Arg3 = 00000000
00406367 . 6A 00 push 0 ; |Arg2 = 00000000
00406369 . 68 68464300 push 00434668 ; |非法序列号或验证码
0040636E . E8 02000200 call 00426375 ; \MP4X.00426375
00406373 . 8B4C24 60 mov ecx, dword ptr [esp+60]
00406377 . 5F pop edi
00406378 . 5E pop esi
00406379 . 5D pop ebp
0040637A . 64:890D 00000>mov dword ptr fs:[0], ecx
00406381 . 83C4 60 add esp, 60
00406384 . C3 retn
取消004061B8处断点,F8一步步来到00406282处,F7跟进
00409DD0 /$ 64:A1 0000000>mov eax, dword ptr fs:[0]
00409DD6 |. 6A FF push -1
00409DD8 |. 68 38974200 push 00429738
00409DDD |. 50 push eax
00409DDE |. 64:8925 00000>mov dword ptr fs:[0], esp
00409DE5 |. 83EC 0C sub esp, 0C
00409DE8 |. 53 push ebx
00409DE9 |. 8BD9 mov ebx, ecx
00409DEB |. 55 push ebp
00409DEC |. 8D6B 2C lea ebp, dword ptr [ebx+2C]
00409DEF |. 8BCD mov ecx, ebp
00409DF1 |. E8 BA490000 call 0040E7B0
00409DF6 |. 83F8 13 cmp eax, 13
00409DF9 |. 0F85 9B000000 jnz 00409E9A
00409DFF |. 8D4B 20 lea ecx, dword ptr [ebx+20]
00409E02 |. E8 A9490000 call 0040E7B0
00409E07 |. 83F8 13 cmp eax, 13
00409E0A |. 0F85 8A000000 jnz 00409E9A
00409E10 |. 8D4B 14 lea ecx, dword ptr [ebx+14]
00409E13 |. E8 98490000 call 0040E7B0
00409E18 |. 83F8 20 cmp eax, 20
00409E1B |. 75 7D jnz short 00409E9A
00409E1D |. 56 push esi
00409E1E |. 57 push edi
00409E1F |. 8B7B 24 mov edi, dword ptr [ebx+24]
00409E22 |. B9 03000000 mov ecx, 3
00409E27 |. BE F0474300 mov esi, 004347F0 ; p1_
00409E2C |. 33C0 xor eax, eax
00409E2E |. F3:A6 repe cmps byte ptr es:[edi], byte ptr>
00409E30 |. 5F pop edi
00409E31 |. 5E pop esi
00409E32 |. 75 66 jnz short 00409E9A
00409E34 |. 8D4C24 08 lea ecx, dword ptr [esp+8]
00409E38 |. E8 C33F0000 call 0040DE00
00409E3D |. 8D4C24 08 lea ecx, dword ptr [esp+8]
00409E41 |. C74424 1C 000>mov dword ptr [esp+1C], 0
00409E49 |. 51 push ecx ; /Arg1
00409E4A |. 8BCB mov ecx, ebx ; |
00409E4C |. E8 EFFDFFFF call 00409C40 ; \此CALL内算出密码
00409E51 |. 8D4C24 08 lea ecx, dword ptr [esp+8]
00409E55 |. E8 56490000 call 0040E7B0
00409E5A |. 85C0 test eax, eax
00409E5C |. 74 16 je short 00409E74
00409E5E |. 8D5424 08 lea edx, dword ptr [esp+8]
00409E62 |. 55 push ebp
00409E63 |. 52 push edx
00409E64 |. E8 574B0000 call 0040E9C0
00409E69 |. 83C4 08 add esp, 8
00409E6C |. 84C0 test al, al
00409E6E |. 74 04 je short 00409E74
00409E70 |. B3 01 mov bl, 1
00409E72 |. EB 02 jmp short 00409E76
00409E74 |> 32DB xor bl, bl
00409E76 |> 8D4C24 08 lea ecx, dword ptr [esp+8]
00409E7A |. C74424 1C FFF>mov dword ptr [esp+1C], -1
00409E82 |. E8 39400000 call 0040DEC0
00409E87 |. 8AC3 mov al, bl
00409E89 |. 5D pop ebp
00409E8A |. 5B pop ebx
00409E8B |. 8B4C24 0C mov ecx, dword ptr [esp+C]
00409E8F |. 64:890D 00000>mov dword ptr fs:[0], ecx
00409E96 |. 83C4 18 add esp, 18
00409E99 |. C3 retn
00409E9A |> 8B4C24 14 mov ecx, dword ptr [esp+14]
00409E9E |. 5D pop ebp
00409E9F |. 32C0 xor al, al
00409EA1 |. 5B pop ebx
00409EA2 |. 64:890D 00000>mov dword ptr fs:[0], ecx
00409EA9 |. 83C4 18 add esp, 18
00409EAC \. C3 retn
如果要跟踪算法就在00409E4C跟进,本人刚学,不懂注册机的制作。在00409E51处就能看到密码。到此跟踪完毕。
此软件就是开始时比较难点,它的账号必须是是19位,而且必须是以P1_开头,其他字母开头的就跳走.
注册码:P1_ABCDEFGHIJKMNOPQ
密码:BB49-BD5E-0B30-90D2
[ 本帖最后由 hnld 于 2008-1-26 11:55 编辑 ] |
|
IP卡
发表于 2008-1-26 11:53:43
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2008-1-26 19:16:48
发表于 2008-1-27 17:57:42
