Ap Document To PDF V2.1算法分析
【破文标题】Ap Document To PDF V2.1算法分析【破文作者】tianxj
【作者邮箱】tianxj_2007@126.com
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD
【破解平台】D-Windows XP sp2
【软件名称】Ap Document To PDF V2.1
【软件大小】1.3 MB
【软件语言】英文
【软件类别】国外软件 / 共享软件 / 文字处理
【更新时间】2007-01-18
【原版下载】自己找一下
【保护方式】注册码
【软件简介】文档转换工具。可以将你的文档批量转换成可搜索的PDF文件。允许将任何windows应用程序的文档转换成上百种文件类型,包括可搜索的PDF, DOC, TIFF, JPEG, RTF, HTML等等。只要应用程序支持打印功能,就能转换成PDF文档。对于PDF文档,甚至提供了多种选项:字体嵌入、分辨率、页面尺寸、文档信息、安全书签、自动链接、多语言等。是制作专业级PDF文档的最佳选择。
Picture To Video Converter图片视频转换器的应用被设计为一个易于使用的工具,加入图片一起视频过渡效果。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、运行程序,进行注册,输入错误的注册信息进行检测,有提示信息
"Series number error,please check it and try again."
**************************************************************
二、用PEiD对ApDocToPDF.exe查壳,为 ASPack 2.12 -> Alexey Solodovnikov
**************************************************************
三、带壳调试,运行OD,打开ApDocToPDF.exe,输入注册信息,F12暂停,alt+K
调用堆栈 , 项目 14
地址=0012F0D8
堆栈=00409317
程序过程 / 参数=? ApDocToP.004C22F8
调用来自=ApDocToP.00409312
结构=0012F0D4
==============================================================
004091E455PUSHEBP
004091E58BECMOV EBP, ESP
004091E783C4 D0 ADD ESP, -30
004091EA53PUSHEBX
004091EB8BD8MOV EBX, EAX
004091EDB8 3C5C4C00 MOV EAX, ApDocToP.004C5C3C
004091F2E8 FDB00A00 CALLApDocToP.004B42F4
004091F766:C745 E4 1400 MOV WORD PTR , 14
004091FD33D2XOR EDX, EDX
004091FF8955 FC MOV DWORD PTR , EDX
004092028D55 FC LEA EDX, DWORD PTR
00409205FF45 F0 INC DWORD PTR
004092088B83 F4020000 MOV EAX, DWORD PTR
0040920EE8 75E40700 CALLApDocToP.00487688
0040921366:C745 E4 0800 MOV WORD PTR , 8
00409219837D FC 00CMP DWORD PTR , 0
0040921D74 05 JESHORT ApDocToP.00409224; //注册码为空则跳
0040921F8B4D FC MOV ECX, DWORD PTR ; //试练码
00409222EB 05 JMP SHORT ApDocToP.00409229
00409224B9 645A4C00 MOV ECX, ApDocToP.004C5A64
0040922951PUSHECX
0040922A53PUSHEBX
0040922BE8 58FFFFFF CALLApDocToP.00409188; //关键CALL
0040923083C4 08 ADD ESP, 8
004092333C 01 CMP AL, 1
004092350F85 C3000000 JNZ ApDocToP.004092FE; //关键跳转
0040923B6A 40 PUSH40
0040923D68 BC5A4C00 PUSHApDocToP.004C5ABC; ASCII "Registered Version"
0040924268 655A4C00 PUSHApDocToP.004C5A65; ASCII "Thank you register Ap DoumentToPDF software,if you have any problem,contact us please."
004092478BC3MOV EAX, EBX
00409249E8 4E4B0800 CALLApDocToP.0048DD9C
0040924E50PUSHEAX
0040924FE8 A4900B00 CALLApDocToP.004C22F8; JMP 到 USER32.MessageBoxA
004092548D55 D0 LEA EDX, DWORD PTR
0040925752PUSHEDX
0040925868 CF5A4C00 PUSHApDocToP.004C5ACF; ASCII "Software\AdultPDF\Doc2PDF"
0040925D68 02000080 PUSH80000002
00409262E8 97870B00 CALLApDocToP.004C19FE; JMP 到 advapi32.RegCreateKeyA
00409267837D D0 00CMP DWORD PTR , 0
0040926B74 3C JESHORT ApDocToP.004092A9
0040926D837D FC 00CMP DWORD PTR , 0
0040927174 05 JESHORT ApDocToP.00409278
004092738B45 FC MOV EAX, DWORD PTR
00409276EB 05 JMP SHORT ApDocToP.0040927D
00409278B8 E95A4C00 MOV EAX, ApDocToP.004C5AE9
0040927D50PUSHEAX
0040927EE8 FDAC0A00 CALLApDocToP.004B3F80
0040928359POP ECX
0040928440INC EAX
0040928550PUSHEAX
00409286837D FC 00CMP DWORD PTR , 0
0040928A74 05 JESHORT ApDocToP.00409291
0040928C8B55 FC MOV EDX, DWORD PTR
0040928FEB 05 JMP SHORT ApDocToP.00409296
00409291BA F15A4C00 MOV EDX, ApDocToP.004C5AF1
0040929652PUSHEDX
004092976A 01 PUSH1
004092996A 00 PUSH0
0040929B68 EA5A4C00 PUSHApDocToP.004C5AEA; ASCII "Serial"
004092A08B45 D0 MOV EAX, DWORD PTR
004092A350PUSHEAX
004092A4E8 6D870B00 CALLApDocToP.004C1A16; JMP 到 advapi32.RegSetValueExA
004092A98B4D D0 MOV ECX, DWORD PTR
004092AC51PUSHECX
004092ADE8 46870B00 CALLApDocToP.004C19F8; JMP 到 advapi32.RegCloseKey
004092B233D2XOR EDX, EDX
004092B48B83 08030000 MOV EAX, DWORD PTR
004092BA8B08MOV ECX, DWORD PTR
004092BCFF51 64 CALLDWORD PTR
004092BF66:C745 E4 2000 MOV WORD PTR , 20
004092C5BA F25A4C00 MOV EDX, ApDocToP.004C5AF2 ; ASCII "Close"
004092CA8D45 F8 LEA EAX, DWORD PTR
004092CDE8 9A6A0B00 CALLApDocToP.004BFD6C
004092D2FF45 F0 INC DWORD PTR
004092D58B10MOV EDX, DWORD PTR
004092D78B83 00030000 MOV EAX, DWORD PTR
004092DDE8 D6E30700 CALLApDocToP.004876B8
004092E2FF4D F0 DEC DWORD PTR
004092E58D45 F8 LEA EAX, DWORD PTR
004092E8BA 02000000 MOV EDX, 2
004092EDE8 1E6C0B00 CALLApDocToP.004BFF10
004092F2C783 4C020000 01000>MOV DWORD PTR , 1
004092FCEB 35 JMP SHORT ApDocToP.00409333
004092FE6A 10 PUSH10
0040930068 2B5B4C00 PUSHApDocToP.004C5B2B; ASCII "Error"
0040930568 F85A4C00 PUSHApDocToP.004C5AF8; ASCII "Series number error,please check it and try again."
0040930A8BC3MOV EAX, EBX
0040930CE8 8B4A0800 CALLApDocToP.0048DD9C
0040931150PUSHEAX
00409312E8 E18F0B00 CALLApDocToP.004C22F8; JMP 到 USER32.MessageBoxA
00409317FF4D F0 DEC DWORD PTR
0040931A8D45 FC LEA EAX, DWORD PTR
0040931DBA 02000000 MOV EDX, 2
00409322E8 E96B0B00 CALLApDocToP.004BFF10
004093278B4D D4 MOV ECX, DWORD PTR
0040932A64:890D 00000000MOV DWORD PTR FS:, ECX
00409331EB 1A JMP SHORT ApDocToP.0040934D
00409333FF4D F0 DEC DWORD PTR
004093368D45 FC LEA EAX, DWORD PTR
00409339BA 02000000 MOV EDX, 2
0040933EE8 CD6B0B00 CALLApDocToP.004BFF10
004093438B4D D4 MOV ECX, DWORD PTR
0040934664:890D 00000000MOV DWORD PTR FS:, ECX
0040934D5BPOP EBX
0040934E8BE5MOV ESP, EBP
004093505DPOP EBP
00409351C3RETN
=========================================================================
0040918855PUSHEBP
004091898BECMOV EBP, ESP
0040918B53PUSHEBX
0040918C56PUSHESI
0040918D57PUSHEDI
0040918E8B5D 0C MOV EBX, DWORD PTR
0040919185DBTESTEBX, EBX
0040919374 0C JESHORT ApDocToP.004091A1
0040919553PUSHEBX
00409196E8 E5AD0A00 CALLApDocToP.004B3F80
0040919B59POP ECX
0040919C83F8 10 CMP EAX, 10
0040919F74 04 JESHORT ApDocToP.004091A5; //注册码长度等于10h则跳
004091A133C0XOR EAX, EAX
004091A3EB 39 JMP SHORT ApDocToP.004091DE
004091A50FBE73 07 MOVSX ESI, BYTE PTR ; //ESI=注册码的第8个字符ASCII值
004091A98BC6MOV EAX, ESI ; //EAX=ESI
004091AB0FBE7B 0A MOVSX EDI, BYTE PTR ; //EDI=注册码的第11个字符ASCII值
004091AF03C7ADD EAX, EDI ; //EAX=EAX+EDI
004091B13D 9B000000 CMP EAX, 9B; //EAX与9B比较
004091B675 24 JNZ SHORT ApDocToP.004091DC; //不等则跳
004091B88BCEMOV ECX, ESI ; //ECX=ESI=注册码的第8个字符ASCII值
004091BA2BCFSUB ECX, EDI ; //ECX=ECX-EDI
004091BC8BC1MOV EAX, ECX ; //EAX=ECX
004091BE99CDQ
004091BF33C2XOR EAX, EDX ; //EAX=EAX xor EDX
004091C12BC2SUB EAX, EDX ; //EAX=EAX-EDX
004091C383C0 41 ADD EAX, 41; //EAX=EAX+41
004091C60FBE53 03 MOVSX EDX, BYTE PTR ; //EDX=注册码的第4个字符ASCII值
004091CA3BC2CMP EAX, EDX ; //EAX与EDX比较
004091CC75 0E JNZ SHORT ApDocToP.004091DC; //不等则跳
004091CE8B45 08 MOV EAX, DWORD PTR
004091D1C680 34030000 01MOV BYTE PTR , 1
004091D8B0 01 MOV AL, 1
004091DAEB 02 JMP SHORT ApDocToP.004091DE
004091DC33C0XOR EAX, EAX
004091DE5FPOP EDI
004091DF5EPOP ESI
004091E05BPOP EBX
004091E15DPOP EBP
004091E2C3RETN
**************************************************************
【破解总结】
--------------------------------------------------------------
【算法总结】
1、注册码长度必须为16位
2、注册码的第8个字符和第11个字符ASCII值之和必须等于9Bh
3、注册码的第8个字符和第11个字符ASCII值之差加上41h必须等于第4个字符ASCII值
--------------------------------------------------------------
【算法注册机】
VB代码
Private Sub Command1_Click()
C11 = Int(Rnd() * 10)
C8 = Chr(&H9B - Asc(C11))
C4 = Chr(Asc(C8) - Asc(C11) + &H41)
Text1.Text = Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & C4 & Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & C8 & Int(Rnd() * 10) & Int(Rnd() * 10) & C11 & Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & Int (Rnd() * 10)
End Sub
--------------------------------------------------------------
【注册信息】
一组可用的注册码:288x599i26292519
保存在
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! 支持哦!谢谢高手指点 tianxj算法厉害,向你学习。 酷毙了....这个看着还舒服些..那个看的有点晕头转向了 算法王子的东西,一定得顶,学习了,谢谢! 偶像 我来啦.. 赶紧拜,
tianxjo(∩_∩)o...算法王子 啊 膜拜了啊
页:
[1]