[转载]注册MP3制作大师“AltoMP3 Maker V3.1”
<P><STRONG>文章作者: qduwg</STRONG></P><P><FONT face=宋体>软件功能:该软件可以从音乐CD内提取乐曲并编码为MP3格式,让你获得具有原音轨的声音质量,体积更加小巧的MP3。另外,支持WAV格式与MP3之间相互转换。未注册版本只可以提取前12个音轨。<BR>工具:SOFTICE,PEID。<BR>引子:现在是大年初二,国内都在欢天喜地过大年,我身处异国他乡,倍感孤单。恭祝各位坛友春节快乐!万事如意!大家都过年去了,好象看雪论坛这几天来得坛友也不多了。唉!“春节诚可贵,思乡价更高,若为破解故,二者皆可抛!”下面还是破解话题,写了这篇破文送给关心我的看雪斑竹和各位支持我的坛友们!算是春节贺礼吧!:)话说今天我安装了这个MP3制作工具,美国人写的东西,拿PEID查看没有加壳。安装后启动程序,在HELP菜单内点击Register,在对话框内输入用户名和注册码。比如:wanggang/654321。调出SICE,下断点bpxgetwindowtexta,F5退出,点击Register按钮,被拦住。按F10键跟踪,我们来到如下代码处:<BR><BR>0042B281>8B86E0000000MOVEAX,DWORDPTRDS:[ESI+E0]//用户名地址送EAX。<BR>0042B287.8DBEE0000000LEAEDI,DWORDPTRDS:[ESI+E0]<BR>0042B28D.8B40F8MOVEAX,DWORDPTRDS:[EAX-8]<BR>0042B290.85C0TESTEAX,EAX<BR>0042B292.7528JNZSHORTALTOMP3M.0042B2BC<BR>*省去多行*<BR>0042B2BC>8B8EE4000000MOVECX,DWORDPTRDS:[ESI+E4]//注册码地址送ECX。<BR>0042B2C2.8DAEE4000000LEAEBP,DWORDPTRDS:[ESI+E4]<BR>0042B2C8.8B41F8MOVEAX,DWORDPTRDS:[ECX-8]<BR>0042B2CB.85C0TESTEAX,EAX<BR>0042B2CD.7552JNZSHORTALTOMP3M.0042B321<BR>*省去多行*<BR>0042B321>8D4C2414LEAECX,DWORDPTRSS:[ESP+14]<BR>0042B325.E8D6980200CALL<JMP.&MFC42.#540><BR>0042B32A.8D4C2410LEAECX,DWORDPTRSS:[ESP+10]<BR>0042B32E.C74424280000>MOVDWORDPTRSS:[ESP+28],0<BR>0042B336.E8C5980200CALL<JMP.&MFC42.#540><BR>0042B33B.51PUSHECX<BR>0042B33C.885C242CMOVBYTEPTRSS:[ESP+2C],BL<BR>0042B340.8BCCMOVECX,ESP<BR>0042B342.89642420MOVDWORDPTRSS:[ESP+20],ESP<BR>0042B346.57PUSHEDI<BR>0042B347.E8A2980200CALL<JMP.&MFC42.#535><BR>0042B34C.8D4C2420LEAECX,DWORDPTRSS:[ESP+20]<BR>0042B350.51PUSHECX<BR>0042B351.E8DA92FEFFCALLALTOMP3M.00414630//复制密码表及用户名。后面分析。(*)<BR>0042B356.83C408ADDESP,8<BR>0042B359.50PUSHEAX<BR>0042B35A.8D4C2418LEAECX,DWORDPTRSS:[ESP+18]<BR>0042B35E.C644242C02MOVBYTEPTRSS:[ESP+2C],2<BR>0042B363.E83A990200CALL<JMP.&MFC42.#858>//生成一个16字节的新串。<BR>0042B368.8D4C241CLEAECX,DWORDPTRSS:[ESP+1C]<BR>*省去多行*<BR>0042B3B2.8BF5MOVESI,EBP<BR>0042B3B4>8A10MOVDL,BYTEPTRDS:[EAX]//从这里开始到0042B3D6处,循环比较假码与真码了。<BR>0042B3B6.8A1EMOVBL,BYTEPTRDS:[ESI]//真码送DL,假码送BL。<BR>0042B3B8.8ACAMOVCL,DL<BR>0042B3BA.3AD3CMPDL,BL//真假比较。<BR>0042B3BC.751EJNZSHORTALTOMP3M.0042B3DC//如果不相同则OVER。<BR>0042B3BE.84C9TESTCL,CL<BR>0042B3C0.7416JESHORTALTOMP3M.0042B3D8<BR>0042B3C2.8A5001MOVDL,BYTEPTRDS:[EAX+1]<BR>0042B3C5.8A5E01MOVBL,BYTEPTRDS:[ESI+1]<BR>0042B3C8.8ACAMOVCL,DL<BR>0042B3CA.3AD3CMPDL,BL<BR>0042B3CC.750EJNZSHORTALTOMP3M.0042B3DC<BR>0042B3CE.83C002ADDEAX,2<BR>0042B3D1.83C602ADDESI,2<BR>0042B3D4.84C9TESTCL,CL<BR>0042B3D6.^75DCJNZSHORTALTOMP3M.0042B3B4//未完则继续循环。一道循环比较2个字节。<BR>*省去多行*<BR>0042B481.8B07MOVEAX,DWORDPTRDS:[EDI]//用户名地址送EAX。<BR>0042B483.8B35D8B04500MOVESI,DWORDPTRDS:[<&KERNEL32.WritePr>//写入文件。<BR>0042B489.68DCA74600PUSHALTOMP3M.0046A7DC<BR>0042B48E.50PUSHEAX<BR>*略去多行*<BR>0042B4E5.5BPOPEBX<BR>0042B4E6.83C41CADDESP,1C<BR>0042B4E9.C3RETN//这里返回到下面代码处。<BR>*******返回到这里*********<BR>00439E35.E888AC0100CALL<JMP.&MFC42.#2514><BR>00439E3A.83F801CMPEAX,1//EAX为成功标志,如果为0则OVER。<BR>00439E3D.750EJNZSHORTALTOMP3M.00439E4D//这里不跳才行。<BR>00439E3F.6AFFPUSH-1<BR>00439E41.6A00PUSH0<BR>00439E43.6866E10000PUSH0E166<BR>00439E48.E8C1B10100CALL<JMP.&MFC42.#1199>//显示成功注册信息框。<BR>00439E4D>8D8C24E400000>LEAECX,DWORDPTRSS:[ESP+E4]<BR>==================================================================<BR>下面分析0042B351处的函数CALLALTOMP3M.00414630:<BR>00414630/$6AFFPUSH-1<BR>00414632|.6892624500PUSHALTOMP3M.00456292<BR>00414637|.64:A100000000MOVEAX,DWORDPTRFS:[0]<BR>0041463D|.50PUSHEAX<BR>0041463E|.64:8925000000>MOVDWORDPTRFS:[0],ESP<BR>00414645|.81ECDC010000SUBESP,1DC<BR>0041464B|.53PUSHEBX<BR>0041464C|.55PUSHEBP<BR>0041464D|.33DBXOREBX,EBX<BR>0041464F|.56PUSHESI<BR>00414650|.57PUSHEDI<BR>00414651|.895C2410MOVDWORDPTRSS:[ESP+10],EBX<BR>00414655|.B90D000000MOVECX,0D<BR>0041465A|.BE448C4600MOVESI,ALTOMP3M.00468C44<BR>0041465F|.8DBC24AC00000>LEAEDI,DWORDPTRSS:[ESP+AC]<BR>00414666|.8B84240002000>MOVEAX,DWORDPTRSS:[ESP+200]<BR>0041466D|.F3:A5REPMOVSDWORDPTRES:[EDI],DWORDPTRDS:[ESI]<BR>0041466F|.A4MOVSBYTEPTRES:[EDI],BYTEPTRDS:[ESI]<BR>00414670|.B90D000000MOVECX,0D<BR>00414675|.BE108C4600MOVESI,ALTOMP3M.00468C10<BR>0041467A|.8D7C2478LEAEDI,DWORDPTRSS:[ESP+78]<BR>0041467E|.6A64PUSH64<BR>00414680|.F3:A5REPMOVSDWORDPTRES:[EDI],DWORDPTRDS:[ESI]<BR>00414682|.B90F000000MOVECX,0F<BR>00414687|.BED08B4600MOVESI,ALTOMP3M.00468BD0<BR>0041468C|.8DBC24E800000>LEAEDI,DWORDPTRSS:[ESP+E8]<BR>00414693|.8B68F8MOVEBP,DWORDPTRDS:[EAX-8]<BR>00414696|.F3:A5REPMOVSDWORDPTRES:[EDI],DWORDPTRDS:[ESI]<BR>00414698|.66:A5MOVSWORDPTRES:[EDI],WORDPTRDS:[ESI]<BR>0041469A|.A4MOVSBYTEPTRES:[EDI],BYTEPTRDS:[ESI]<BR>0041469B|.B919000000MOVECX,19<BR>004146A0|.33C0XOREAX,EAX<BR>004146A2|.8DBC242801000>LEAEDI,DWORDPTRSS:[ESP+128]<BR>004146A9|.C78424F801000>MOVDWORDPTRSS:[ESP+1F8],1<BR>004146B4|.F3:ABREPSTOSDWORDPTRES:[EDI]//在此行之前的代码复制密码表。<BR>004146B6|.8D8C240402000>LEAECX,DWORDPTRSS:[ESP+204]//用户名地址。<BR>004146BD|.E8DC060400CALL<JMP.&MFC42.#2915><BR>004146C2|.8BCDMOVECX,EBP<BR>004146C4|.8BF0MOVESI,EAX<BR>004146C6|.8BD1MOVEDX,ECX<BR>004146C8|.8D7C2478LEAEDI,DWORDPTRSS:[ESP+78]<BR>004146CC|.C1E902SHRECX,2<BR>004146CF|.F3:A5REPMOVSDWORDPTRES:[EDI],DWORDPTRDS:[ESI]//复制用户名到密码表前面。<BR>004146D1|.8BCAMOVECX,EDX<BR>004146D3|.83E103ANDECX,3<BR>004146D6|.83FD08CMPEBP,8<BR>004146D9|.F3:A4REPMOVSBYTEPTRES:[EDI],BYTEPTRDS:[ESI]<BR>004146DB|.7F27JGSHORTALTOMP3M.00414704<BR>004146DD|.6A64PUSH64<BR>004146DF|.8D8C240402000>LEAECX,DWORDPTRSS:[ESP+204]<BR>004146E6|.E8B3060400CALL<JMP.&MFC42.#2915><BR>004146EB|.8BCDMOVECX,EBP<BR>004146ED|.8BF0MOVESI,EAX<BR>004146EF|.8BC1MOVEAX,ECX<BR>004146F1|.8DBC248100000>LEAEDI,DWORDPTRSS:[ESP+81]<BR>004146F8|.C1E902SHRECX,2<BR>004146FB|.F3:A5REPMOVSDWORDPTRES:[EDI],DWORDPTRDS:[ESI]//再次复制用户名到密码表前面。<BR>004146FD|.8BC8MOVECX,EAX<BR>004146FF|.83E103ANDECX,3<BR>00414702|.F3:A4REPMOVSBYTEPTRES:[EDI],BYTEPTRDS:[ESI]<BR>00414704|>8BC5MOVEAX,EBP<BR>00414706|.99CDQ<BR>00414707|.83E207ANDEDX,7<BR>0041470A|.03C2ADDEAX,EDX<BR>0041470C|.8BF0MOVESI,EAX<BR>0041470E|.C1FE03SARESI,3<BR>00414711|.46INCESI<BR>00414712|.83FE01CMPESI,1<BR>00414715|.7505JNZSHORTALTOMP3M.0041471C<BR>00414717|.BE02000000MOVESI,2//循环次数送ESI。<BR>0041471C|>33FFXOREDI,EDI<BR>0041471E|.3BF3CMPESI,EBX<BR>00414720|.7E22JLESHORTALTOMP3M.00414744<BR>00414722|>8D8CFC2401000>/LEAECX,DWORDPTRSS:[ESP+EDI*8+124]//循环开始。<BR>00414729|.8D94FCAC00000>|LEAEDX,DWORDPTRSS:[ESP+EDI*8+AC]<BR>00414730|.51|PUSHECX<BR>00414731|.8D44FC7C|LEAEAX,DWORDPTRSS:[ESP+EDI*8+7C]<BR>00414735|.52|PUSHEDX<BR>00414736|.50|PUSHEAX<BR>00414737|.E844E2FFFF|CALLALTOMP3M.00412980//这个函数关键地方。(**)<BR>0041473C|.83C40C|ADDESP,0C<BR>0041473F|.47|INCEDI<BR>00414740|.3BFE|CMPEDI,ESI//比较是否到2。<BR>00414742|.^7CDE\JLSHORTALTOMP3M.00414722//未完继续,总共2遍。循环结束得到16个字节的数。下面用到他们。<BR>00414744|>C1E603SHLESI,3//循环变量初始化为16。下面循环用到。<BR>00414747|.33C9XORECX,ECX<BR>00414749|.3BF3CMPESI,EBX<BR>0041474B|.7E24JLESHORTALTOMP3M.00414771<BR>0041474D|>33C0/XOREAX,EAX//循环开始。<BR>0041474F|.BF3E000000|MOVEDI,3E//除数为3E。<BR>00414754|.8A840C2401000>|MOVAL,BYTEPTRSS:[ESP+ECX+124]//依次取上述16个字节的数值送AL。<BR>0041475B|.99|CDQ<BR>0041475C|.F7FF|IDIVEDI//除以EDI。<BR>0041475E|.41|INCECX<BR>0041475F|.3BCE|CMPECX,ESI//比较是否到16次。<BR>00414761|.8A9414E400000>|MOVDL,BYTEPTRSS:[ESP+EDX+E4]//查密码表得到一个数送DL。<BR>00414768|.88940C8701000>|MOVBYTEPTRSS:[ESP+ECX+187],DL//DL结果保存。<BR>0041476F|.^7CDC\JLSHORTALTOMP3M.0041474D//未完继续。循环结束后得到16个字符组成的串。<BR>00414771|>889C0C8801000>MOVBYTEPTRSS:[ESP+ECX+188],BL<BR>00414778|.B919000000MOVECX,19<BR>0041477D|.B838383838MOVEAX,38383838<BR>00414782|.8D7C2414LEAEDI,DWORDPTRSS:[ESP+14]<BR>00414786|.3BF3CMPESI,EBX<BR>00414788|.F3:ABREPSTOSDWORDPTRES:[EDI]<BR>0041478A|.7E1BJLESHORTALTOMP3M.004147A7<BR>*略去几行*<BR>004147A7|>885C241EMOVBYTEPTRSS:[ESP+1E],BL//把第11位字符换成0,余下的11位以后的字符放弃不用。<BR>004147AB|.33C0XOREAX,EAX<BR>004147AD|>8A540414/MOVDL,BYTEPTRSS:[ESP+EAX+14]//下面这个循环把得到的10位字符串前5位与后5位交换位置。<BR>004147B1|.8A4C0419|MOVCL,BYTEPTRSS:[ESP+EAX+19]<BR>004147B5|.88540419|MOVBYTEPTRSS:[ESP+EAX+19],DL<BR>004147B9|.884C0414|MOVBYTEPTRSS:[ESP+EAX+14],CL<BR>004147BD|.40|INCEAX<BR>004147BE|.83F805|CMPEAX,5<BR>004147C1|.^7CEA\JLSHORTALTOMP3M.004147AD//循环5次。<BR>004147C3|.E82C070400CALL<JMP.&MFC42.#1158><BR>004147C8|.8BB424FC01000>MOVESI,DWORDPTRSS:[ESP+1FC]<BR>004147CF|.8B00MOVEAX,DWORDPTRDS:[EAX]<BR>004147D1|.8D4C2414LEAECX,DWORDPTRSS:[ESP+14]<BR>004147D5|.51PUSHECX<BR>004147D6|.8BCEMOVECX,ESI<BR>004147D8|.8906MOVDWORDPTRDS:[ESI],EAX<BR>004147DA|.E815040400CALL<JMP.&MFC42.#860>//求新串串长,并复制到另外一个地方。<BR>004147DF|.C74424100100>MOVDWORDPTRSS:[ESP+10],1<BR>004147E7|.8D8C240002000>LEAECX,DWORDPTRSS:[ESP+200]<BR>004147EE|.889C24F401000>MOVBYTEPTRSS:[ESP+1F4],BL<BR>004147F5|.E8EE030400CALL<JMP.&MFC42.#800><BR>004147FA|.8B8C24EC01000>MOVECX,DWORDPTRSS:[ESP+1EC]<BR>00414801|.8BC6MOVEAX,ESI<BR>00414803|.5FPOPEDI<BR>00414804|.5EPOPESI<BR>00414805|.5DPOPEBP<BR>00414806|.5BPOPEBX<BR>00414807|.64:890D000000>MOVDWORDPTRFS:[0],ECX<BR>0041480E|.81C4E8010000ADDESP,1E8<BR>00414814\.C3RETN<BR>======================================================================<BR>下面分析00414737CALLALTOMP3M.00412980:--------(**)<BR>00412980/$81ECD8050000SUBESP,5D8<BR>00412986|.53PUSHEBX<BR>00412987|.55PUSHEBP<BR>00412988|.56PUSHESI<BR>00412989|.57PUSHEDI<BR>0041298A|.BD19000000MOVEBP,19<BR>0041298F|.BB11000000MOVEBX,11<BR>00412994|.BF09000000MOVEDI,9<BR>00412999|.BE01000000MOVESI,1<BR>0041299E|.BA1D000000MOVEDX,1D<BR>004129A3|.B915000000MOVECX,15<BR>004129A8|.B80D000000MOVEAX,0D<BR>*省去1900多行*<BR>00413122|.E849F2FFFFCALLALTOMP3M.00412370<BR>00413127|.8B8424F405000>MOVEAX,DWORDPTRSS:[ESP+5F4]<BR>0041312E|.8D9424A803000>LEAEDX,DWORDPTRSS:[ESP+3A8]<BR>00413135|.52PUSHEDX<BR>00413136|.50PUSHEAX<BR>00413137|.E894F1FFFFCALLALTOMP3M.004122D0//根据用户名ASSIC码进行拆解为'0','1'串。<BR>0041313C|.83C410ADDESP,10<BR>0041313F|.33C0XOREAX,EAX<BR>00413141|.8DB424D801000>LEAESI,DWORDPTRSS:[ESP+1D8]<BR>00413148|>8B0E/MOVECX,DWORDPTRDS:[ESI]<BR>0041314A|.40|INCEAX<BR>0041314B|.83C604|ADDESI,4<BR>0041314E|.83F83F|CMPEAX,3F<BR>00413151|.8A940C9F03000>|MOVDL,BYTEPTRSS:[ESP+ECX+39F]<BR>00413158|.8894045F04000>|MOVBYTEPTRSS:[ESP+EAX+45F],DL<BR>0041315F|.^7EE7\JLESHORTALTOMP3M.00413148<BR>00413161|.8D442410LEAEAX,DWORDPTRSS:[ESP+10]<BR>00413165|.8D8C246004000>LEAECX,DWORDPTRSS:[ESP+460]<BR>0041316C|.50PUSHEAX<BR>0041316D|.51PUSHECX<BR>0041316E|.E85DEDFFFFCALLALTOMP3M.00411ED0//根据前面拆解得到的'0','1'串进行一系列“或”运算,得到8字节数。<BR>00413173|.8B44241CMOVEAX,DWORDPTRSS:[ESP+1C]//高4字节送EAX。<BR>00413177|.8B542418MOVEDX,DWORDPTRSS:[ESP+18]//低4字节送EDX。<BR>0041317B|.83C408ADDESP,8<BR>0041317E|.898424D802000>MOVDWORDPTRSS:[ESP+2D8],EAX<BR>00413185|.899424E004000>MOVDWORDPTRSS:[ESP+4E0],EDX<BR>0041318C|.33C0XOREAX,EAX<BR>0041318E|>40/INCEAX<BR>0041318F|.8D4804|LEAECX,DWORDPTRDS:[EAX+4]<BR>00413192|.83F907|CMPECX,7<BR>00413195|.^7EF7\JLESHORTALTOMP3M.0041318E<BR>00413197|.33EDXOREBP,EBP<BR>00413199|>8B842CD802000>/MOVEAX,DWORDPTRSS:[ESP+EBP+2D8]//高4字节送EAX。这里是循环开始,总共15次。<BR>004131A0|.8DB42CD802000>|LEAESI,DWORDPTRSS:[ESP+EBP+2D8]<BR>004131A7|.8D8C242004000>|LEAECX,DWORDPTRSS:[ESP+420]<BR>004131AE|.8D942CE804000>|LEAEDX,DWORDPTRSS:[ESP+EBP+4E8]<BR>004131B5|.51|PUSHECX<BR>004131B6|.56|PUSHESI<BR>004131B7|.8902|MOVDWORDPTRDS:[EDX],EAX<BR>004131B9|.E812F1FFFF|CALLALTOMP3M.004122D0//对高4字节进行拆解,获得一串'0','1'。<BR>004131BE|.83C408|ADDESP,8<BR>004131C1|.33C0|XOREAX,EAX<BR>004131C3|.8D7C2418|LEAEDI,DWORDPTRSS:[ESP+18]<BR>004131C7|>8B17|/MOVEDX,DWORDPTRDS:[EDI]//下面这个循环复制得到的'0','1'串。<BR>004131C9|.40||INCEAX<BR>004131CA|.83C704||ADDEDI,4<BR>004131CD|.83F82F||CMPEAX,2F<BR>004131D0|.8A8C141F04000>||MOVCL,BYTEPTRSS:[ESP+EDX+41F]<BR>004131D7|.888C049F04000>||MOVBYTEPTRSS:[ESP+EAX+49F],CL<BR>004131DE|.^7EE7|\JLESHORTALTOMP3M.004131C7<BR>004131E0|.8D9424A004000>|LEAEDX,DWORDPTRSS:[ESP+4A0]<BR>004131E7|.56|PUSHESI<BR>004131E8|.52|PUSHEDX<BR>004131E9|.E8E2ECFFFF|CALLALTOMP3M.00411ED0//根据前面拆解得到的'0','1'串进行一系列“或”运算,得到8字节数。<BR>004131EE|.83C408|ADDESP,8<BR>004131F1|.33C0|XOREAX,EAX<BR>004131F3|>8D0C28|/LEAECX,DWORDPTRDS:[EAX+EBP]<BR>004131F6|.8D1428||LEAEDX,DWORDPTRDS:[EAX+EBP]<BR>004131F9|.8DBC0CD802000>||LEAEDI,DWORDPTRSS:[ESP+ECX+2D8]//第二次运算所得结果地址送EDI。<BR>00413200|.8A8C146805000>||MOVCL,BYTEPTRSS:[ESP+EDX+568]//一个6字节常数逐位送CL。<BR>00413207|.8A17||MOVDL,BYTEPTRDS:[EDI]//得到的6字节结果逐位送DL。<BR>00413209|.32D1||XORDL,CL//异或运算结果送DL。<BR>0041320B|.40||INCEAX<BR>0041320C|.83F805||CMPEAX,5<BR>0041320F|.8817||MOVBYTEPTRDS:[EDI],DL//DL保存。<BR>00413211|.^7EE0|\JLESHORTALTOMP3M.004131F3//未完继续。<BR>00413213|.56|PUSHESI<BR>00413214|.E8A7000000|CALLALTOMP3M.004132C0//该函数得到4字节结果。<BR>00413219|.8D9424DC02000>|LEAEDX,DWORDPTRSS:[ESP+2DC]<BR>00413220|.83C404|ADDESP,4<BR>00413223|.33C0|XOREAX,EAX<BR>00413225|.2BF2|SUBESI,EDX<BR>00413227|>8D0C06|/LEAECX,DWORDPTRDS:[ESI+EAX]<BR>0041322A|.8D1406||LEAEDX,DWORDPTRDS:[ESI+EAX]<BR>0041322D|.8A8C0CD802000>||MOVCL,BYTEPTRSS:[ESP+ECX+2D8]<BR>00413234|.328C14E004000>||XORCL,BYTEPTRSS:[ESP+EDX+4E0]<BR>0041323B|.8D1406||LEAEDX,DWORDPTRDS:[ESI+EAX]<BR>0041323E|.40||INCEAX<BR>0041323F|.83F803||CMPEAX,3<BR>00413242|.888C14E002000>||MOVBYTEPTRSS:[ESP+EDX+2E0],CL<BR>00413249|.^7EDC|\JLESHORTALTOMP3M.00413227<BR>0041324B|.83C508|ADDEBP,8//循环步长为8。<BR>0041324E|.83FD78|CMPEBP,78//与78比较。<BR>00413251|.^0F8E42FFFFFF\JLEALTOMP3M.00413199//总共循环15次。<BR>00413257|.8BB424F405000>MOVESI,DWORDPTRSS:[ESP+5F4]<BR>0041325E|.8B84245803000>MOVEAX,DWORDPTRSS:[ESP+358]<BR>00413265|.8B8C246005000>MOVECX,DWORDPTRSS:[ESP+560]<BR>0041326C|.8D9424E003000>LEAEDX,DWORDPTRSS:[ESP+3E0]<BR>00413273|.52PUSHEDX<BR>00413274|.8906MOVDWORDPTRDS:[ESI],EAX<BR>00413276|.56PUSHESI<BR>00413277|.894E04MOVDWORDPTRDS:[ESI+4],ECX<BR>0041327A|.E851F0FFFFCALLALTOMP3M.004122D0//对高4字节进行拆解,获得一串'0','1'。<BR>0041327F|.83C408ADDESP,8<BR>00413282|.8D8424D800000>LEAEAX,DWORDPTRSS:[ESP+D8]<BR>00413289|>8B08/MOVECX,DWORDPTRDS:[EAX]<BR>0041328B|.43|INCEBX<BR>0041328C|.83C004|ADDEAX,4<BR>0041328F|.83FB3F|CMPEBX,3F//循环次数3F。<BR>00413292|.8A940CDF03000>|MOVDL,BYTEPTRSS:[ESP+ECX+3DF]//挑选指定数值送DL。<BR>00413299|.88941C5F03000>|MOVBYTEPTRSS:[ESP+EBX+35F],DL//DL值送指定内存。<BR>004132A0|.^7EE7\JLESHORTALTOMP3M.00413289<BR>004132A2|.8D84246003000>LEAEAX,DWORDPTRSS:[ESP+360]<BR>004132A9|.56PUSHESI<BR>004132AA|.50PUSHEAX<BR>004132AB|.E820ECFFFFCALLALTOMP3M.00411ED0//把得到的'0','1'串,重新构造一个8字节数。<BR>004132B0|.83C408ADDESP,8<BR>004132B3|.5FPOPEDI<BR>004132B4|.5EPOPESI<BR>004132B5|.5DPOPEBP<BR>004132B6|.5BPOPEBX<BR>004132B7|.81C4D8050000ADDESP,5D8<BR>004132BD\.C3RETN<BR>==================================================================================<BR>后记:<BR>这个软件的注册码计算过程跟我以前跟踪的一个MP3制作工具非常相似,也是用大量的指令构造密码表,不过这个软件更复杂些。因为对用户名的计算强度非常大,而且都是根据字符ASSCI码进行大量“或”运算,从而获取一个'0','1'串,然后再把这个串加工为8字节的数。翻来覆去循环了15次。计算强度还是比较大的。但是最后这个软件还是用明码比较,所以我认为其保护“功亏一篑”,形同于无。跟踪了1个小时,然后用1个小时写出此破文,注册机就不写了,相信比较麻烦。感兴趣的坛友可以找这个软件试试。:)再次向各位支持的坛友和大侠表示衷心的感谢!祝看雪论坛越来越热!!祝各位技术进步!<BR><BR>结论:<BR>Name:wanggang<BR>Code:8282994716(这个CODE的中间形式是9471682829796741,舍掉了后6位,然后前5位与后5位交换位置)<BR><BR>另外,此软件在Windows目录下生成文件Regkeycr.ini,里面放着你的注册信息,明码形式。如果修改了里面的信息,则变为未注册的。</FONT><BR><BR></P>
页:
[1]