Magic Photo Recovery 2.0.2算法分析
【破文标题】Magic Photo Recovery 2.0.2算法分析【破文作者】tianxj
【作者邮箱】tianxj_2007@126.com
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD
【破解平台】Windows XP
【软件名称】CrackMe1
【软件大小】906KB
【软件类别】国外软件/数据恢复
【软件授权】共享版
【软件语言】英文
【更新时间】2008-10-13
【原版下载】自己找一下
【保护方式】注册码
【软件简介】Magic Photo Recovery是一款恢复软件,假如,你不小心从您的电脑,相机,闪存卡,或记忆卡中删除了你的相片,你可以通过这款软件轻松的找回来
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、运行程序,进行注册,输入错误的注册信息进行检测,有提示信息
"Wrong registration data!"
**************************************************************
二、用PEiD对Magic Photo Recovery.exe查壳,为 ASPack 2.12 -> Alexey Solodovnikov
用PEiD插件脱壳后为 Borland Delphi 6.0 - 7.0
**************************************************************
三、用DeDe查找按钮事件,运行OD,打开Magic Photo Recovery.exe.unpacked_.exe
==============================================================
005246B8 .55PUSHEBP
005246B9 .8BECMOV EBP, ESP
005246BB .B9 0E000000 MOV ECX, 0E
005246C0 >6A 00 PUSH0
005246C2 .6A 00 PUSH0
005246C4 .49DEC ECX
005246C5 .^ 75 F9 JNZ SHORT Magic_Ph.005246C0
005246C7 .53PUSHEBX
005246C8 .56PUSHESI
005246C9 .57PUSHEDI
005246CA .8945 FC MOV DWORD PTR , EAX
005246CD .33C0XOR EAX, EAX
005246CF .55PUSHEBP
005246D0 .68 214B5200 PUSHMagic_Ph.00524B21
005246D5 .64:FF30 PUSHDWORD PTR FS:
005246D8 .64:8920 MOV DWORD PTR FS:, ESP
005246DB .33C0XOR EAX, EAX
005246DD .55PUSHEBP
005246DE .68 734A5200 PUSHMagic_Ph.00524A73
005246E3 .64:FF30 PUSHDWORD PTR FS:
005246E6 .64:8920 MOV DWORD PTR FS:, ESP
005246E9 .8D55 F0 LEA EDX, DWORD PTR
005246EC .8B45 FC MOV EAX, DWORD PTR
005246EF .8B98 60030000 MOV EBX, DWORD PTR
005246F5 .8BC3MOV EAX, EBX
005246F7 .E8 3CD7F2FF CALLMagic_Ph.00451E38
005246FC .8B45 F0 MOV EAX, DWORD PTR ;//用户名
005246FF .8D55 F4 LEA EDX, DWORD PTR
00524702 .E8 3151EEFF CALLMagic_Ph.00409838
00524707 .8B55 F4 MOV EDX, DWORD PTR ;//用户名
0052470A .8BC3MOV EAX, EBX
0052470C .E8 57D7F2FF CALLMagic_Ph.00451E68
00524711 .8D55 E8 LEA EDX, DWORD PTR
00524714 .8B45 FC MOV EAX, DWORD PTR
00524717 .8B98 64030000 MOV EBX, DWORD PTR
0052471D .8BC3MOV EAX, EBX
0052471F .E8 14D7F2FF CALLMagic_Ph.00451E38
00524724 .8B45 E8 MOV EAX, DWORD PTR ;//试练码
00524727 .8D55 EC LEA EDX, DWORD PTR
0052472A .E8 0951EEFF CALLMagic_Ph.00409838
0052472F .8B55 EC MOV EDX, DWORD PTR ;//试练码
00524732 .8BC3MOV EAX, EBX
00524734 .E8 2FD7F2FF CALLMagic_Ph.00451E68
00524739 .8D55 E4 LEA EDX, DWORD PTR
0052473C .8B45 FC MOV EAX, DWORD PTR
0052473F .8B80 60030000 MOV EAX, DWORD PTR
00524745 .E8 EED6F2FF CALLMagic_Ph.00451E38
0052474A .837D E4 00CMP DWORD PTR , 0
0052474E .75 54 JNZ SHORT Magic_Ph.005247A4;//用户名为空则跳
00524750 .6A 30 PUSH30
00524752 .8D55 E0 LEA EDX, DWORD PTR
00524755 .A1 48E65200 MOV EAX, DWORD PTR
0052475A .8B00MOV EAX, DWORD PTR
0052475C .E8 E7B6F4FF CALLMagic_Ph.0046FE48
00524761 .8B45 E0 MOV EAX, DWORD PTR
00524764 .E8 5B0EEEFF CALLMagic_Ph.004055C4
00524769 .50PUSHEAX
0052476A .A1 28E55200 MOV EAX, DWORD PTR
0052476F .8B40 1C MOV EAX, DWORD PTR
00524772 .E8 4D0EEEFF CALLMagic_Ph.004055C4
00524777 .8BD0MOV EDX, EAX
00524779 .A1 48E65200 MOV EAX, DWORD PTR
0052477E .8B00MOV EAX, DWORD PTR
00524780 .59POP ECX
00524781 .E8 12BFF4FF CALLMagic_Ph.00470698
00524786 .8B45 FC MOV EAX, DWORD PTR
00524789 .8B80 60030000 MOV EAX, DWORD PTR
0052478F .8B10MOV EDX, DWORD PTR
00524791 .FF92 D4000000 CALLDWORD PTR
00524797 .33C0XOR EAX, EAX
00524799 .5APOP EDX
0052479A .59POP ECX
0052479B .59POP ECX
0052479C .64:8910 MOV DWORD PTR FS:, EDX
0052479F .E9 D9020000 JMP Magic_Ph.00524A7D
005247A4 >8D55 DC LEA EDX, DWORD PTR
005247A7 .8B45 FC MOV EAX, DWORD PTR
005247AA .8B80 64030000 MOV EAX, DWORD PTR
005247B0 .E8 83D6F2FF CALLMagic_Ph.00451E38
005247B5 .837D DC 00CMP DWORD PTR , 0
005247B9 .75 54 JNZ SHORT Magic_Ph.0052480F;//注册码为空则跳
005247BB .6A 30 PUSH30
005247BD .8D55 D8 LEA EDX, DWORD PTR
005247C0 .A1 48E65200 MOV EAX, DWORD PTR
005247C5 .8B00MOV EAX, DWORD PTR
005247C7 .E8 7CB6F4FF CALLMagic_Ph.0046FE48
005247CC .8B45 D8 MOV EAX, DWORD PTR
005247CF .E8 F00DEEFF CALLMagic_Ph.004055C4
005247D4 .50PUSHEAX
005247D5 .A1 28E55200 MOV EAX, DWORD PTR
005247DA .8B40 20 MOV EAX, DWORD PTR
005247DD .E8 E20DEEFF CALLMagic_Ph.004055C4
005247E2 .8BD0MOV EDX, EAX
005247E4 .A1 48E65200 MOV EAX, DWORD PTR
005247E9 .8B00MOV EAX, DWORD PTR
005247EB .59POP ECX
005247EC .E8 A7BEF4FF CALLMagic_Ph.00470698
005247F1 .8B45 FC MOV EAX, DWORD PTR
005247F4 .8B80 64030000 MOV EAX, DWORD PTR
005247FA .8B10MOV EDX, DWORD PTR
005247FC .FF92 D4000000 CALLDWORD PTR
00524802 .33C0XOR EAX, EAX
00524804 .5APOP EDX
00524805 .59POP ECX
00524806 .59POP ECX
00524807 .64:8910 MOV DWORD PTR FS:, EDX
0052480A .E9 6E020000 JMP Magic_Ph.00524A7D
0052480F >8D55 D4 LEA EDX, DWORD PTR
00524812 .8B45 FC MOV EAX, DWORD PTR
00524815 .8B80 64030000 MOV EAX, DWORD PTR
0052481B .E8 18D6F2FF CALLMagic_Ph.00451E38
00524820 .8B45 D4 MOV EAX, DWORD PTR ;//试练码
00524823 .50PUSHEAX
00524824 .8D55 CC LEA EDX, DWORD PTR
00524827 .8B45 FC MOV EAX, DWORD PTR
0052482A .8B80 60030000 MOV EAX, DWORD PTR
00524830 .E8 03D6F2FF CALLMagic_Ph.00451E38
00524835 .8B45 CC MOV EAX, DWORD PTR ;//用户名
00524838 .8D55 D0 LEA EDX, DWORD PTR
0052483B .E8 A03EFFFF CALLMagic_Ph.005186E0;//关键CALL
00524840 .8B55 D0 MOV EDX, DWORD PTR ;//真码
00524843 .58POP EAX;//假码
00524844 .E8 C70CEEFF CALLMagic_Ph.00405510;//比较CALL
00524849 .0F85 AA010000 JNZ Magic_Ph.005249F9;//关键跳转
0052484F .8B45 FC MOV EAX, DWORD PTR
00524852 .C680 84030000>MOV BYTE PTR , 1
00524859 .8D55 C8 LEA EDX, DWORD PTR
0052485C .8B45 FC MOV EAX, DWORD PTR
0052485F .8B80 60030000 MOV EAX, DWORD PTR
00524865 .E8 CED5F2FF CALLMagic_Ph.00451E38
0052486A .8B55 C8 MOV EDX, DWORD PTR
0052486D .8B45 FC MOV EAX, DWORD PTR
00524870 .05 88030000 ADD EAX, 388
00524875 .E8 DA08EEFF CALLMagic_Ph.00405154
0052487A .8D55 C4 LEA EDX, DWORD PTR
0052487D .A1 48E65200 MOV EAX, DWORD PTR
00524882 .8B00MOV EAX, DWORD PTR
00524884 .E8 BFB5F4FF CALLMagic_Ph.0046FE48
00524889 .8B55 C4 MOV EDX, DWORD PTR
0052488C .A1 80E25200 MOV EAX, DWORD PTR
00524891 .8B00MOV EAX, DWORD PTR
00524893 .E8 D0D5F2FF CALLMagic_Ph.00451E68
00524898 .A1 80E25200 MOV EAX, DWORD PTR
0052489D .8B00MOV EAX, DWORD PTR
0052489F .8B80 A8030000 MOV EAX, DWORD PTR
005248A5 .33D2XOR EDX, EDX
005248A7 .E8 ACD4F2FF CALLMagic_Ph.00451D58
005248AC .B2 01 MOV DL, 1
005248AE .A1 98934200 MOV EAX, DWORD PTR
005248B3 .E8 E04BF0FF CALLMagic_Ph.00429498
005248B8 .8945 F8 MOV DWORD PTR , EAX
005248BB .33C0XOR EAX, EAX
005248BD .55PUSHEBP
005248BE .68 64495200 PUSHMagic_Ph.00524964
005248C3 .64:FF30 PUSHDWORD PTR FS:
005248C6 .64:8920 MOV DWORD PTR FS:, ESP
005248C9 .BA 01000080 MOV EDX, 80000001
005248CE .8B45 F8 MOV EAX, DWORD PTR
005248D1 .E8 624CF0FF CALLMagic_Ph.00429538
005248D6 .68 3C4B5200 PUSHMagic_Ph.00524B3C;ASCII "Software\East Imperial Soft\"
005248DB .8D55 BC LEA EDX, DWORD PTR
005248DE .A1 48E65200 MOV EAX, DWORD PTR
005248E3 .8B00MOV EAX, DWORD PTR
005248E5 .E8 5EB5F4FF CALLMagic_Ph.0046FE48
005248EA .FF75 BC PUSHDWORD PTR
005248ED .68 644B5200 PUSHMagic_Ph.00524B64;ASCII "\Settings"
005248F2 .8D45 C0 LEA EAX, DWORD PTR
005248F5 .BA 03000000 MOV EDX, 3
005248FA .E8 850BEEFF CALLMagic_Ph.00405484
005248FF .8B55 C0 MOV EDX, DWORD PTR
00524902 .B1 01 MOV CL, 1
00524904 .8B45 F8 MOV EAX, DWORD PTR
00524907 .E8 904CF0FF CALLMagic_Ph.0042959C
0052490C .8D55 B8 LEA EDX, DWORD PTR
0052490F .8B45 FC MOV EAX, DWORD PTR
00524912 .8B80 60030000 MOV EAX, DWORD PTR
00524918 .E8 1BD5F2FF CALLMagic_Ph.00451E38
0052491D .8B4D B8 MOV ECX, DWORD PTR
00524920 .BA 784B5200 MOV EDX, Magic_Ph.00524B78 ;ASCII "UserName"
00524925 .8B45 F8 MOV EAX, DWORD PTR
00524928 .E8 C34FF0FF CALLMagic_Ph.004298F0
0052492D .8D55 B4 LEA EDX, DWORD PTR
00524930 .8B45 FC MOV EAX, DWORD PTR
00524933 .8B80 64030000 MOV EAX, DWORD PTR
00524939 .E8 FAD4F2FF CALLMagic_Ph.00451E38
0052493E .8B4D B4 MOV ECX, DWORD PTR
00524941 .BA 8C4B5200 MOV EDX, Magic_Ph.00524B8C ;ASCII "LicenseKey"
00524946 .8B45 F8 MOV EAX, DWORD PTR
00524949 .E8 A24FF0FF CALLMagic_Ph.004298F0
0052494E .33C0XOR EAX, EAX
00524950 .5APOP EDX
00524951 .59POP ECX
00524952 .59POP ECX
00524953 .64:8910 MOV DWORD PTR FS:, EDX
00524956 .68 6B495200 PUSHMagic_Ph.0052496B
0052495B >8B45 F8 MOV EAX, DWORD PTR
0052495E .E8 D1F8EDFF CALLMagic_Ph.00404234
00524963 .C3RETN
00524964 .^ E9 9F00EEFF JMP Magic_Ph.00404A08
00524969 .^ EB F0 JMP SHORT Magic_Ph.0052495B
0052496B .6A 40 PUSH40
0052496D .A1 28E55200 MOV EAX, DWORD PTR
00524972 .FF70 24 PUSHDWORD PTR
00524975 .68 A04B5200 PUSHMagic_Ph.00524BA0;ASCII "
"
0052497A .8D45 AC LEA EAX, DWORD PTR
0052497D .50PUSHEAX
0052497E .8D55 A0 LEA EDX, DWORD PTR
00524981 .8B45 FC MOV EAX, DWORD PTR
00524984 .8B80 60030000 MOV EAX, DWORD PTR
0052498A .E8 A9D4F2FF CALLMagic_Ph.00451E38
0052498F .8B45 A0 MOV EAX, DWORD PTR ; |
00524992 .8945 A4 MOV DWORD PTR , EAX; |
00524995 .C645 A8 0BMOV BYTE PTR , 0B; |
00524999 .8D55 A4 LEA EDX, DWORD PTR ; |
0052499C .A1 28E55200 MOV EAX, DWORD PTR ; |
005249A1 .8B40 28 MOV EAX, DWORD PTR ; |
005249A4 .33C9XOR ECX, ECX ; |
005249A6 .E8 7D63EEFF CALLMagic_Ph.0040AD28; \Magic_Ph.0040AD28
005249AB .FF75 AC PUSHDWORD PTR
005249AE .8D45 B0 LEA EAX, DWORD PTR
005249B1 .BA 03000000 MOV EDX, 3
005249B6 .E8 C90AEEFF CALLMagic_Ph.00405484
005249BB .8B45 B0 MOV EAX, DWORD PTR
005249BE .E8 010CEEFF CALLMagic_Ph.004055C4
005249C3 .50PUSHEAX
005249C4 .8D55 9C LEA EDX, DWORD PTR
005249C7 .A1 48E65200 MOV EAX, DWORD PTR
005249CC .8B00MOV EAX, DWORD PTR
005249CE .E8 75B4F4FF CALLMagic_Ph.0046FE48
005249D3 .8B45 9C MOV EAX, DWORD PTR
005249D6 .E8 E90BEEFF CALLMagic_Ph.004055C4
005249DB .8BC8MOV ECX, EAX
005249DD .A1 48E65200 MOV EAX, DWORD PTR
005249E2 .8B00MOV EAX, DWORD PTR
005249E4 .5APOP EDX
005249E5 .E8 AEBCF4FF CALLMagic_Ph.00470698
005249EA .8B45 FC MOV EAX, DWORD PTR
005249ED .C780 94020000>MOV DWORD PTR , 1
005249F7 .EB 70 JMP SHORT Magic_Ph.00524A69
005249F9 >6A 30 PUSH30
005249FB .A1 28E55200 MOV EAX, DWORD PTR
00524A00 .FF70 2C PUSHDWORD PTR
00524A03 .68 A04B5200 PUSHMagic_Ph.00524BA0;ASCII "
"
00524A08 .8D45 94 LEA EAX, DWORD PTR
00524A0B .50PUSHEAX; /Arg1
00524A0C .B8 AC4B5200 MOV EAX, Magic_Ph.00524BAC ; |ASCII "support@magicuneraser.com"
00524A11 .8945 A4 MOV DWORD PTR , EAX; |
00524A14 .C645 A8 0BMOV BYTE PTR , 0B; |
00524A18 .8D55 A4 LEA EDX, DWORD PTR ; |
00524A1B .A1 28E55200 MOV EAX, DWORD PTR ; |
00524A20 .8B40 30 MOV EAX, DWORD PTR ; |
00524A23 .33C9XOR ECX, ECX ; |
00524A25 .E8 FE62EEFF CALLMagic_Ph.0040AD28; \Magic_Ph.0040AD28
00524A2A .FF75 94 PUSHDWORD PTR
00524A2D .8D45 98 LEA EAX, DWORD PTR
00524A30 .BA 03000000 MOV EDX, 3
00524A35 .E8 4A0AEEFF CALLMagic_Ph.00405484
00524A3A .8B45 98 MOV EAX, DWORD PTR
00524A3D .E8 820BEEFF CALLMagic_Ph.004055C4
00524A42 .50PUSHEAX
00524A43 .8D55 90 LEA EDX, DWORD PTR
00524A46 .A1 48E65200 MOV EAX, DWORD PTR
00524A4B .8B00MOV EAX, DWORD PTR
00524A4D .E8 F6B3F4FF CALLMagic_Ph.0046FE48
00524A52 .8B45 90 MOV EAX, DWORD PTR
00524A55 .E8 6A0BEEFF CALLMagic_Ph.004055C4
00524A5A .8BC8MOV ECX, EAX
00524A5C .A1 48E65200 MOV EAX, DWORD PTR
00524A61 .8B00MOV EAX, DWORD PTR
00524A63 .5APOP EDX
00524A64 .E8 2FBCF4FF CALLMagic_Ph.00470698
00524A69 >33C0XOR EAX, EAX
00524A6B .5APOP EDX
00524A6C .59POP ECX
00524A6D .59POP ECX
00524A6E .64:8910 MOV DWORD PTR FS:, EDX
00524A71 .EB 0A JMP SHORT Magic_Ph.00524A7D
00524A73 .^ E9 DCFCEDFF JMP Magic_Ph.00404754
00524A78 .E8 E700EEFF CALLMagic_Ph.00404B64
00524A7D >33C0XOR EAX, EAX
00524A7F .5APOP EDX
00524A80 .59POP ECX
00524A81 .59POP ECX
00524A82 .64:8910 MOV DWORD PTR FS:, EDX
00524A85 .68 2B4B5200 PUSHMagic_Ph.00524B2B
00524A8A >8D45 90 LEA EAX, DWORD PTR
00524A8D .BA 04000000 MOV EDX, 4
00524A92 .E8 8D06EEFF CALLMagic_Ph.00405124
00524A97 .8D45 A0 LEA EAX, DWORD PTR
00524A9A .E8 6106EEFF CALLMagic_Ph.00405100
00524A9F .8D45 AC LEA EAX, DWORD PTR
00524AA2 .BA 02000000 MOV EDX, 2
00524AA7 .E8 7806EEFF CALLMagic_Ph.00405124
00524AAC .8D45 B4 LEA EAX, DWORD PTR
00524AAF .BA 02000000 MOV EDX, 2
00524AB4 .E8 6B06EEFF CALLMagic_Ph.00405124
00524AB9 .8D45 BC LEA EAX, DWORD PTR
00524ABC .BA 03000000 MOV EDX, 3
00524AC1 .E8 5E06EEFF CALLMagic_Ph.00405124
00524AC6 .8D45 C8 LEA EAX, DWORD PTR
00524AC9 .BA 02000000 MOV EDX, 2
00524ACE .E8 5106EEFF CALLMagic_Ph.00405124
00524AD3 .8D45 D0 LEA EAX, DWORD PTR
00524AD6 .E8 2506EEFF CALLMagic_Ph.00405100
00524ADB .8D45 D4 LEA EAX, DWORD PTR
00524ADE .E8 1D06EEFF CALLMagic_Ph.00405100
00524AE3 .8D45 D8 LEA EAX, DWORD PTR
00524AE6 .E8 1506EEFF CALLMagic_Ph.00405100
00524AEB .8D45 DC LEA EAX, DWORD PTR
00524AEE .E8 0D06EEFF CALLMagic_Ph.00405100
00524AF3 .8D45 E0 LEA EAX, DWORD PTR
00524AF6 .E8 0506EEFF CALLMagic_Ph.00405100
00524AFB .8D45 E4 LEA EAX, DWORD PTR
00524AFE .BA 02000000 MOV EDX, 2
00524B03 .E8 1C06EEFF CALLMagic_Ph.00405124
00524B08 .8D45 EC LEA EAX, DWORD PTR
00524B0B .E8 F005EEFF CALLMagic_Ph.00405100
00524B10 .8D45 F0 LEA EAX, DWORD PTR
00524B13 .E8 E805EEFF CALLMagic_Ph.00405100
00524B18 .8D45 F4 LEA EAX, DWORD PTR
00524B1B .E8 E005EEFF CALLMagic_Ph.00405100
00524B20 .C3RETN
00524B21 .^ E9 E2FEEDFF JMP Magic_Ph.00404A08
00524B26 .^ E9 5FFFFFFF JMP Magic_Ph.00524A8A
00524B2B .5FPOP EDI
00524B2C .5EPOP ESI
00524B2D .5BPOP EBX
00524B2E .8BE5MOV ESP, EBP
00524B30 .5DPOP EBP
00524B31 .C3RETN
==============================================================
005186E0/$55PUSHEBP
005186E1|.8BECMOV EBP, ESP
005186E3|.B9 07000000 MOV ECX, 7
005186E8|>6A 00 /PUSH0
005186EA|.6A 00 |PUSH0
005186EC|.49|DEC ECX
005186ED|.^ 75 F9 \JNZ SHORT Magic_Ph.005186E8
005186EF|.51PUSHECX
005186F0|.53PUSHEBX
005186F1|.56PUSHESI
005186F2|.8955 F8 MOV DWORD PTR , EDX
005186F5|.8BD8MOV EBX, EAX
005186F7|.33C0XOR EAX, EAX
005186F9|.55PUSHEBP
005186FA|.68 E5895100 PUSHMagic_Ph.005189E5
005186FF|.64:FF30 PUSHDWORD PTR FS:
00518702|.64:8920 MOV DWORD PTR FS:, ESP
00518705|.8D45 FC LEA EAX, DWORD PTR
00518708|.8BD3MOV EDX, EBX
0051870A|.E8 89CAEEFF CALLMagic_Ph.00405198
0051870F|.8B45 F8 MOV EAX, DWORD PTR
00518712|.E8 E9C9EEFF CALLMagic_Ph.00405100
00518717|.8B45 FC MOV EAX, DWORD PTR ;//用户名
0051871A|.85C0TESTEAX, EAX
0051871C|.74 05 JESHORT Magic_Ph.00518723
0051871E|.83E8 04 SUB EAX, 4
00518721|.8B00MOV EAX, DWORD PTR ;//用户名长度
00518723|>85C0TESTEAX, EAX
00518725|.0F84 8A020000 JEMagic_Ph.005189B5
0051872B|.8D55 F4 LEA EDX, DWORD PTR
0051872E|.8B45 FC MOV EAX, DWORD PTR ;//用户名
00518731|.E8 6610EFFF CALLMagic_Ph.0040979C;//用户名转小写
00518736|.8B55 F4 MOV EDX, DWORD PTR ;//小写用户名
00518739|.8D45 FC LEA EAX, DWORD PTR
0051873C|.E8 57CAEEFF CALLMagic_Ph.00405198
00518741|.33DBXOR EBX, EBX ;//EBX=0
00518743|.8B45 FC MOV EAX, DWORD PTR ;//小写用户名
00518746|.85C0TESTEAX, EAX
00518748|.74 05 JESHORT Magic_Ph.0051874F
0051874A|.83E8 04 SUB EAX, 4
0051874D|.8B00MOV EAX, DWORD PTR ;//用户名长度
0051874F|>8BD0MOV EDX, EAX ;//EDX=EAX=用户名长度
00518751|.85D2TESTEDX, EDX
00518753|.7E 35 JLE SHORT Magic_Ph.0051878A
00518755|.B8 01000000 MOV EAX, 1 ;//EAX=1
0051875A|>8B4D FC /MOV ECX, DWORD PTR ;//小写用户名
0051875D|.48|DEC EAX
0051875E|.85C9|TESTECX, ECX
00518760|.74 05 |JESHORT Magic_Ph.00518767
00518762|.3B41 FC |CMP EAX, DWORD PTR ;//与用户名长度比较
00518765|.72 05 |JBSHORT Magic_Ph.0051876C
00518767|>E8 98B9EEFF |CALLMagic_Ph.00404104
0051876C|>40|INC EAX
0051876D|.0FB64C01 FF |MOVZX ECX, BYTE PTR ;//依次取用户名ASCII码
00518772|.6BF0 15 |IMULESI, EAX, 15;//ESI=EAX*15
00518775|.81C6 8D020000 |ADD ESI, 28D;//ESI=ESI+28D
0051877B|.0FAFCE|IMULECX, ESI;//ECX=ECX*ESI
0051877E|.03D9|ADD EBX, ECX;//EBX=EBX+ECX
00518780|.81C3 C2040000 |ADD EBX, 4C2;//EBX=EBX+4C2
00518786|.40|INC EAX ;//EAX=EAX+1
00518787|.4A|DEC EDX ;//EDX=EDX-1
00518788|.^ 75 D0 \JNZ SHORT Magic_Ph.0051875A ;//循环
0051878A|>81C3 48050000 ADD EBX, 548 ;//EBX=EBX+548
00518790|.8D55 F0 LEA EDX, DWORD PTR
00518793|.8BC3MOV EAX, EBX
00518795|.E8 0A12EFFF CALLMagic_Ph.004099A4;//将EBX转10进制
0051879A|.8B45 F0 MOV EAX, DWORD PTR ;//10进制字符串
0051879D|.8945 EC MOV DWORD PTR , EAX
005187A0|.8B75 EC MOV ESI, DWORD PTR
005187A3|.85F6TESTESI, ESI
005187A5|.74 05 JESHORT Magic_Ph.005187AC
005187A7|.83EE 04 SUB ESI, 4
005187AA|.8B36MOV ESI, DWORD PTR
005187AC|>8B45 F8 MOV EAX, DWORD PTR
005187AF|.50PUSHEAX
005187B0|.8D55 E8 LEA EDX, DWORD PTR
005187B3|.8BC3MOV EAX, EBX
005187B5|.E8 EA11EFFF CALLMagic_Ph.004099A4
005187BA|.8B45 E8 MOV EAX, DWORD PTR ; |
005187BD|.8BD6MOV EDX, ESI ; |
005187BF|.83EA 03 SUB EDX, 3 ; |
005187C2|.B9 04000000 MOV ECX, 4 ; |
005187C7|.E8 58CEEEFF CALLMagic_Ph.00405624; \//取10进制字符串3-6位
005187CC|.33DBXOR EBX, EBX
005187CE|.8B45 FC MOV EAX, DWORD PTR
005187D1|.85C0TESTEAX, EAX
005187D3|.74 05 JESHORT Magic_Ph.005187DA
005187D5|.83E8 04 SUB EAX, 4
005187D8|.8B00MOV EAX, DWORD PTR
005187DA|>8BD0MOV EDX, EAX
005187DC|.85D2TESTEDX, EDX
005187DE|.7E 2F JLE SHORT Magic_Ph.0051880F
005187E0|.B8 01000000 MOV EAX, 1
005187E5|>8B4D FC /MOV ECX, DWORD PTR
005187E8|.48|DEC EAX
005187E9|.85C9|TESTECX, ECX
005187EB|.74 05 |JESHORT Magic_Ph.005187F2
005187ED|.3B41 FC |CMP EAX, DWORD PTR
005187F0|.72 05 |JBSHORT Magic_Ph.005187F7
005187F2|>E8 0DB9EEFF |CALLMagic_Ph.00404104
005187F7|>40|INC EAX
005187F8|.0FB64C01 FF |MOVZX ECX, BYTE PTR ;//依次取用户名ASCII码
005187FD|.6BF0 6B |IMULESI, EAX, 6B;//ESI=EAX*6B
00518800|.83C6 0C |ADD ESI, 0C ;//ESI=ESI+0C
00518803|.0FAFCE|IMULECX, ESI;//ECX=ECX*ESI
00518806|.03D9|ADD EBX, ECX;//EBX=EBX+ECX
00518808|.83C3 75 |ADD EBX, 75 ;//EBX=EBX+75
0051880B|.40|INC EAX
0051880C|.4A|DEC EDX
0051880D|.^ 75 D6 \JNZ SHORT Magic_Ph.005187E5 ;//循环
0051880F|>81C3 E3090000 ADD EBX, 9E3 ;//EBX=EBX+9E3
00518815|.8D55 E4 LEA EDX, DWORD PTR
00518818|.8BC3MOV EAX, EBX
0051881A|.E8 8511EFFF CALLMagic_Ph.004099A4;//将EBX转10进制
0051881F|.8B45 E4 MOV EAX, DWORD PTR ;//10进制字符串
00518822|.8945 EC MOV DWORD PTR , EAX
00518825|.8B75 EC MOV ESI, DWORD PTR
00518828|.85F6TESTESI, ESI
0051882A|.74 05 JESHORT Magic_Ph.00518831
0051882C|.83EE 04 SUB ESI, 4
0051882F|.8B36MOV ESI, DWORD PTR
00518831|>8B45 F8 MOV EAX, DWORD PTR
00518834|.FF30PUSHDWORD PTR
00518836|.68 FC895100 PUSHMagic_Ph.005189FC
0051883B|.8D45 E0 LEA EAX, DWORD PTR
0051883E|.50PUSHEAX
0051883F|.8D55 DC LEA EDX, DWORD PTR
00518842|.8BC3MOV EAX, EBX
00518844|.E8 5B11EFFF CALLMagic_Ph.004099A4
00518849|.8B45 DC MOV EAX, DWORD PTR ; |
0051884C|.8BD6MOV EDX, ESI ; |
0051884E|.83EA 03 SUB EDX, 3 ; |
00518851|.B9 04000000 MOV ECX, 4 ; |
00518856|.E8 C9CDEEFF CALLMagic_Ph.00405624; \//取10进制字符串3-6位
0051885B|.FF75 E0 PUSHDWORD PTR
0051885E|.8B45 F8 MOV EAX, DWORD PTR
00518861|.BA 03000000 MOV EDX, 3
00518866|.E8 19CCEEFF CALLMagic_Ph.00405484
0051886B|.33DBXOR EBX, EBX
0051886D|.8B45 FC MOV EAX, DWORD PTR
00518870|.85C0TESTEAX, EAX
00518872|.74 05 JESHORT Magic_Ph.00518879
00518874|.83E8 04 SUB EAX, 4
00518877|.8B00MOV EAX, DWORD PTR
00518879|>8BD0MOV EDX, EAX
0051887B|.85D2TESTEDX, EDX
0051887D|.7E 38 JLE SHORT Magic_Ph.005188B7
0051887F|.B8 01000000 MOV EAX, 1
00518884|>8B4D FC /MOV ECX, DWORD PTR
00518887|.48|DEC EAX
00518888|.85C9|TESTECX, ECX
0051888A|.74 05 |JESHORT Magic_Ph.00518891
0051888C|.3B41 FC |CMP EAX, DWORD PTR
0051888F|.72 05 |JBSHORT Magic_Ph.00518896
00518891|>E8 6EB8EEFF |CALLMagic_Ph.00404104
00518896|>40|INC EAX
00518897|.0FB64C01 FF |MOVZX ECX, BYTE PTR ;//依次取用户名ASCII码
0051889C|.8BF0|MOV ESI, EAX;//ESI=EAX
0051889E|.03F6|ADD ESI, ESI;//ESI=ESI+ESI
005188A0|.03F6|ADD ESI, ESI;//ESI=ESI+ESI
005188A2|.81C6 9F000000 |ADD ESI, 9F ;//ESI=ESI+9F
005188A8|.0FAFCE|IMULECX, ESI;//ECX=ECX*ESI
005188AB|.03D9|ADD EBX, ECX;//EBX=EBX+ECX
005188AD|.81C3 12010000 |ADD EBX, 112;//EBX=EBX+112
005188B3|.40|INC EAX
005188B4|.4A|DEC EDX
005188B5|.^ 75 CD \JNZ SHORT Magic_Ph.00518884 ;//循环
005188B7|>81C3 02150000 ADD EBX, 1502;//EBX=EBX+1502
005188BD|.8D55 D8 LEA EDX, DWORD PTR
005188C0|.8BC3MOV EAX, EBX
005188C2|.E8 DD10EFFF CALLMagic_Ph.004099A4;//将EBX转10进制
005188C7|.8B45 D8 MOV EAX, DWORD PTR ;//10进制字符串
005188CA|.8945 EC MOV DWORD PTR , EAX
005188CD|.8B75 EC MOV ESI, DWORD PTR
005188D0|.85F6TESTESI, ESI
005188D2|.74 05 JESHORT Magic_Ph.005188D9
005188D4|.83EE 04 SUB ESI, 4
005188D7|.8B36MOV ESI, DWORD PTR
005188D9|>8B45 F8 MOV EAX, DWORD PTR
005188DC|.FF30PUSHDWORD PTR
005188DE|.68 FC895100 PUSHMagic_Ph.005189FC
005188E3|.8D45 D4 LEA EAX, DWORD PTR
005188E6|.50PUSHEAX
005188E7|.8D55 D0 LEA EDX, DWORD PTR
005188EA|.8BC3MOV EAX, EBX
005188EC|.E8 B310EFFF CALLMagic_Ph.004099A4
005188F1|.8B45 D0 MOV EAX, DWORD PTR ; |
005188F4|.8BD6MOV EDX, ESI ; |
005188F6|.83EA 03 SUB EDX, 3 ; |
005188F9|.B9 04000000 MOV ECX, 4 ; |
005188FE|.E8 21CDEEFF CALLMagic_Ph.00405624; \//取10进制字符串3-6位
00518903|.FF75 D4 PUSHDWORD PTR
00518906|.8B45 F8 MOV EAX, DWORD PTR
00518909|.BA 03000000 MOV EDX, 3
0051890E|.E8 71CBEEFF CALLMagic_Ph.00405484
00518913|.33DBXOR EBX, EBX
00518915|.8B45 FC MOV EAX, DWORD PTR
00518918|.85C0TESTEAX, EAX
0051891A|.74 05 JESHORT Magic_Ph.00518921
0051891C|.83E8 04 SUB EAX, 4
0051891F|.8B00MOV EAX, DWORD PTR
00518921|>8BD0MOV EDX, EAX
00518923|.85D2TESTEDX, EDX
00518925|.7E 32 JLE SHORT Magic_Ph.00518959
00518927|.B8 01000000 MOV EAX, 1
0051892C|>8B4D FC /MOV ECX, DWORD PTR
0051892F|.48|DEC EAX
00518930|.85C9|TESTECX, ECX
00518932|.74 05 |JESHORT Magic_Ph.00518939
00518934|.3B41 FC |CMP EAX, DWORD PTR
00518937|.72 05 |JBSHORT Magic_Ph.0051893E
00518939|>E8 C6B7EEFF |CALLMagic_Ph.00404104
0051893E|>40|INC EAX
0051893F|.0FB64C01 FF |MOVZX ECX, BYTE PTR ;//依次取用户名ASCII码
00518944|.6BF0 5F |IMULESI, EAX, 5F;//ESI=EAX*5F
00518947|.83C6 6F |ADD ESI, 6F ;//ESI=ESI+6F
0051894A|.0FAFCE|IMULECX, ESI;//ECX=ECX*ESI
0051894D|.03D9|ADD EBX, ECX;//EBX=EBX+ECX
0051894F|.81C3 6D180000 |ADD EBX, 186D ;//EBX=EBX+186D
00518955|.40|INC EAX
00518956|.4A|DEC EDX
00518957|.^ 75 D3 \JNZ SHORT Magic_Ph.0051892C ;//循环
00518959|>81C3 57040000 ADD EBX, 457 ;//EBX=EBX+457
0051895F|.8D55 CC LEA EDX, DWORD PTR
00518962|.8BC3MOV EAX, EBX
00518964|.E8 3B10EFFF CALLMagic_Ph.004099A4;//将EBX转10进制
00518969|.8B45 CC MOV EAX, DWORD PTR ;//10进制字符串
0051896C|.8945 EC MOV DWORD PTR , EAX
0051896F|.8B75 EC MOV ESI, DWORD PTR
00518972|.85F6TESTESI, ESI
00518974|.74 05 JESHORT Magic_Ph.0051897B
00518976|.83EE 04 SUB ESI, 4
00518979|.8B36MOV ESI, DWORD PTR
0051897B|>8B45 F8 MOV EAX, DWORD PTR
0051897E|.FF30PUSHDWORD PTR
00518980|.68 FC895100 PUSHMagic_Ph.005189FC
00518985|.8D45 C8 LEA EAX, DWORD PTR
00518988|.50PUSHEAX
00518989|.8D55 C4 LEA EDX, DWORD PTR
0051898C|.8BC3MOV EAX, EBX
0051898E|.E8 1110EFFF CALLMagic_Ph.004099A4
00518993|.8B45 C4 MOV EAX, DWORD PTR ; |
00518996|.8BD6MOV EDX, ESI ; |
00518998|.83EA 03 SUB EDX, 3 ; |
0051899B|.B9 04000000 MOV ECX, 4 ; |
005189A0|.E8 7FCCEEFF CALLMagic_Ph.00405624; \//取10进制字符串3-6位
005189A5|.FF75 C8 PUSHDWORD PTR
005189A8|.8B45 F8 MOV EAX, DWORD PTR
005189AB|.BA 03000000 MOV EDX, 3
005189B0|.E8 CFCAEEFF CALLMagic_Ph.00405484
005189B5|>33C0XOR EAX, EAX
005189B7|.5APOP EDX
005189B8|.59POP ECX
005189B9|.59POP ECX
005189BA|.64:8910 MOV DWORD PTR FS:, EDX
005189BD|.68 EC895100 PUSHMagic_Ph.005189EC
005189C2|>8D45 C4 LEA EAX, DWORD PTR
005189C5|.BA 0A000000 MOV EDX, 0A
005189CA|.E8 55C7EEFF CALLMagic_Ph.00405124
005189CF|.8D45 F0 LEA EAX, DWORD PTR
005189D2|.BA 02000000 MOV EDX, 2
005189D7|.E8 48C7EEFF CALLMagic_Ph.00405124
005189DC|.8D45 FC LEA EAX, DWORD PTR
005189DF|.E8 1CC7EEFF CALLMagic_Ph.00405100
005189E4\.C3RETN
005189E5 .^ E9 1EC0EEFF JMP Magic_Ph.00404A08
005189EA .^ EB D6 JMP SHORT Magic_Ph.005189C2
005189EC .5EPOP ESI
005189ED .5BPOP EBX
005189EE .8BE5MOV ESP, EBP
005189F0 .5DPOP EBP
005189F1 .C3RETN
**************************************************************
【破解总结】
--------------------------------------------------------------
【算法总结】
将用户名转小写,分别作4次运算,取运算值的3-6位,用"-"相连即是注册码
--------------------------------------------------------------
【算法注册机】
〖易语言代码〗
.版本 2
.子程序 _按钮1_被单击
.局部变量 小写用户名, 文本型
.局部变量 EAX, 整数型
.局部变量 ECX, 整数型
.局部变量 ESI, 整数型
.局部变量 EBX, 整数型
.局部变量 字符串1, 文本型
.局部变量 字符串2, 文本型
.局部变量 字符串3, 文本型
.局部变量 字符串4, 文本型
.判断开始 (编辑框1.内容 = “”)
编辑框2.内容 = “输入有误,请重新输入。”
.默认
小写用户名 = 到小写 (编辑框1.内容)
EBX = 0
.计次循环首 (取文本长度 (小写用户名), EAX)
ECX = 取代码 (小写用户名, EAX)
ESI = EAX × 十六进制到十进制 (“15”)
ESI = ESI + 十六进制到十进制 (“28D”)
ECX = ECX × ESI
EBX = EBX + ECX
EBX = EBX + 十六进制到十进制 (“4C2”)
.计次循环尾 ()
EBX = EBX + 十六进制到十进制 (“548”)
字符串1 = 取文本中间 (到文本 (EBX), 3, 4)
EBX = 0
.计次循环首 (取文本长度 (小写用户名), EAX)
ECX = 取代码 (小写用户名, EAX)
ESI = EAX × 十六进制到十进制 (“6B”)
ESI = ESI + 十六进制到十进制 (“0C”)
ECX = ECX × ESI
EBX = EBX + ECX
EBX = EBX + 十六进制到十进制 (“75”)
.计次循环尾 ()
EBX = EBX + 十六进制到十进制 (“9E3”)
字符串2 = 取文本中间 (到文本 (EBX), 3, 4)
EBX = 0
.计次循环首 (取文本长度 (小写用户名), EAX)
ECX = 取代码 (小写用户名, EAX)
ESI = EAX
ESI = ESI + ESI
ESI = ESI + ESI
ESI = ESI + 十六进制到十进制 (“9F”)
ECX = ECX × ESI
EBX = EBX + ECX
EBX = EBX + 十六进制到十进制 (“112”)
.计次循环尾 ()
EBX = EBX + 十六进制到十进制 (“1502”)
字符串3 = 取文本中间 (到文本 (EBX), 3, 4)
EBX = 0
.计次循环首 (取文本长度 (小写用户名), EAX)
ECX = 取代码 (小写用户名, EAX)
ESI = EAX × 十六进制到十进制 (“5F”)
ESI = ESI + 十六进制到十进制 (“6F”)
ECX = ECX × ESI
EBX = EBX + ECX
EBX = EBX + 十六进制到十进制 (“186D”)
.计次循环尾 ()
EBX = EBX + 十六进制到十进制 (“457”)
字符串4 = 取文本中间 (到文本 (EBX), 3, 4)
编辑框2.内容 = 字符串1 + “-” + 字符串2 + “-” + 字符串3 + “-” + 字符串4
.判断结束
.子程序 十六进制到十进制, 整数型
.参数 十六进制文本, 文本型
.局部变量 文本, 文本型
.局部变量 最终值, 整数型
.局部变量 i, 整数型, , , 中间循环变量
.局部变量 临时数值, 文本型, , , 每一位上的值
文本 = 到小写 (十六进制文本)
.变量循环首 (1, 取文本长度 (文本), 1, i)
临时数值 = 取文本中间 (文本, i, 1)
.如果 (取代码 (临时数值, ) ≥ 取代码 (“a”, ) 且 取代码 (临时数值, ) ≤ 取代码 (“f”, ))
最终值 = 最终值 + (取代码 (临时数值, ) - 取代码 (“a”, ) + 10) × 求次方 (16, 取文本长度 (文本) - i)
.否则
最终值 = 最终值 + 到数值 (临时数值) × 求次方 (16, 取文本长度 (文本) - i)
.如果结束
.变量循环尾 ()
返回 (最终值)
--------------------------------------------------------------
【内存注册机】
中断地址 00524844
中断次数 1
第一字节 E8
指令长度 5
内存方式-寄存器-EDX
--------------------------------------------------------------
【注册信息】
保存在
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及徐超等所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
_/_/_/ _/ _/ _/_/_/
_/ _/_/_/_/
_/_/_/_/_/ _/_/_/_/
_/ _/_/_/
_/ _/_/_/_/ _/tianxj
页:
[1]