AD Stream Recorder 3.8.0简单分析
【破文标题】AD Stream Recorder 3.8.0简单分析【破文作者】tianxj
【作者邮箱】tianxj_2007@126.com
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD
【破解平台】D-Windows XP sp2
【软件名称】AD Stream Recorder 3.8.0
【软件大小】1221KB
【软件类别】国外软件/音频处理
【软件授权】共享版
【软件语言】英文
【运行环境】Win9x/Me/NT/2000/XP/2003
【原版下载】华军软件园
【保护方式】注册码
【软件简介】是一款声音录制软件,它能录制internet流媒体、Windows媒体播放器播放的电影和音乐、WinAmp、RealPlayer以及麦克风、音频输入、CD音乐等音源。录制和监视过程中用实时的图形显示信号,使你可以录制高质量的音频。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、运行程序,进行注册,输入错误的注册信息进行检测,有提示信息
"Incorrect Code!"
**************************************************************
二、用PEiD对adsrecorder.exe查壳,为 Borland Delphi 6.0 - 7.0
**************************************************************
三、运行OD,打开adsrecorder.exe,右键—超级字串参考—查找ASCII.
发现"Incorrect Code!"
==============================================================
00488B9C/.55PUSH EBP
00488B9D|.8BECMOV EBP,ESP
00488B9F|.33C9XOR ECX,ECX
00488BA1|.51PUSH ECX
00488BA2|.51PUSH ECX
00488BA3|.51PUSH ECX
00488BA4|.51PUSH ECX
00488BA5|.51PUSH ECX
00488BA6|.51PUSH ECX
00488BA7|.51PUSH ECX
00488BA8|.53PUSH EBX
00488BA9|.56PUSH ESI
00488BAA|.57PUSH EDI
00488BAB|.8945 FC MOV DWORD PTR SS:,EAX
00488BAE|.33C0XOR EAX,EAX
00488BB0|.55PUSH EBP
00488BB1|.68 F68C4800 PUSH adsrecor.00488CF6
00488BB6|.64:FF30 PUSH DWORD PTR FS:
00488BB9|.64:8920 MOV DWORD PTR FS:,ESP
00488BBC|.68 C8000000 PUSH 0C8 ; /Timeout = 200. ms
00488BC1|.E8 5E4BF8FF CALL <JMP.&kernel32.Sleep> ; \Sleep
00488BC6|.C745 F8 32000>MOV DWORD PTR SS:,32
00488BCD|.BF 3C734A00 MOV EDI,adsrecor.004A733C;ASCII 04,"1297"
00488BD2|>8D55 F0 /LEA EDX,DWORD PTR SS:
00488BD5|.8B45 FC |MOV EAX,DWORD PTR SS:
00488BD8|.8B80 14030000 |MOV EAX,DWORD PTR DS:
00488BDE|.E8 89A7FBFF |CALL adsrecor.0044336C
00488BE3|.8B45 F0 |MOV EAX,DWORD PTR SS: ;//左边注册框内的试练码
00488BE6|.50|PUSH EAX
00488BE7|.8D45 EC |LEA EAX,DWORD PTR SS:
00488BEA|.8BD7|MOV EDX,EDI
00488BEC|.E8 83BCF7FF |CALL adsrecor.00404874
00488BF1|.8B55 EC |MOV EDX,DWORD PTR SS: ;//左边注册框内的真码
00488BF4|.58|POP EAX ;//左边注册框内的试练码
00488BF5|.E8 22BEF7FF |CALL adsrecor.00404A1C;//比较CALL
00488BFA|.0F85 92000000 |JNZ adsrecor.00488C92 ;//不等则跳
00488C00|.BE 32000000 |MOV ESI,32
00488C05|.BB 38744A00 |MOV EBX,adsrecor.004A7438 ;\n1157717132\n1275215397\n1566343884\n2565740578\n2662106601\n2691296134\n2891286439\n2976152334\n3129671956\n3215798652\n3310760636\n3408623238\n3613335510\n3613792109\n3682429757\n4137188610\n4342271231\n4576195302\n4794974223\n4866392884\n5488323045 ..
00488C0A|>8D55 E8 |/LEA EDX,DWORD PTR SS:
00488C0D|.8B45 FC ||MOV EAX,DWORD PTR SS:
00488C10|.8B80 18030000 ||MOV EAX,DWORD PTR DS:
00488C16|.E8 51A7FBFF ||CALL adsrecor.0044336C
00488C1B|.8B45 E8 ||MOV EAX,DWORD PTR SS:;//右边注册框内的试练码
00488C1E|.50||PUSH EAX
00488C1F|.8D45 E4 ||LEA EAX,DWORD PTR SS:
00488C22|.8BD3||MOV EDX,EBX
00488C24|.E8 4BBCF7FF ||CALL adsrecor.00404874
00488C29|.8B55 E4 ||MOV EDX,DWORD PTR SS:;//右边注册框内的真码
00488C2C|.58||POP EAX;//右边注册框内的试练码
00488C2D|.E8 EABDF7FF ||CALL adsrecor.00404A1C ;//比较CALL
00488C32|.75 54 ||JNZ SHORT adsrecor.00488C88;//不等则跳
00488C34|.A1 F87F4A00 ||MOV EAX,DWORD PTR DS:
00488C39|.C600 01 ||MOV BYTE PTR DS:,1
00488C3C|.A1 1C824A00 ||MOV EAX,DWORD PTR DS:
00488C41|.C700 F6750100 ||MOV DWORD PTR DS:,175F6
00488C47|.8D45 F4 ||LEA EAX,DWORD PTR SS:
00488C4A|.50||PUSH EAX ; /pHandle
00488C4B|.68 06000200 ||PUSH 20006 ; |Access = KEY_WRITE
00488C50|.6A 00 ||PUSH 0 ; |Reserved = 0
00488C52|.68 048D4800 ||PUSH adsrecor.00488D04 ; |software\adrosoft\ad sound recorder
00488C57|.68 01000080 ||PUSH 80000001; |hKey = HKEY_CURRENT_USER
00488C5C|.E8 A3D9F7FF ||CALL <JMP.&advapi32.RegOpenKeyExA> ; \RegOpenKeyExA
00488C61|.85C0||TEST EAX,EAX
00488C63|.75 63 ||JNZ SHORT adsrecor.00488CC8
00488C65|.6A 04 ||PUSH 4 ; /BufSize = 4
00488C67|.A1 1C824A00 ||MOV EAX,DWORD PTR DS:; |
00488C6C|.50||PUSH EAX ; |Buffer => adsrecor.004FDDE0
00488C6D|.6A 04 ||PUSH 4 ; |ValueType = REG_DWORD
00488C6F|.6A 00 ||PUSH 0 ; |Reserved = 0
00488C71|.68 288D4800 ||PUSH adsrecor.00488D28 ; |control1
00488C76|.8B45 F4 ||MOV EAX,DWORD PTR SS: ; |
00488C79|.50||PUSH EAX ; |hKey
00488C7A|.E8 95D9F7FF ||CALL <JMP.&advapi32.RegSetValueExA>; \RegSetValueExA
00488C7F|.8B45 F4 ||MOV EAX,DWORD PTR SS:
00488C82|.50||PUSH EAX ; /hKey
00488C83|.E8 74D9F7FF ||CALL <JMP.&advapi32.RegCloseKey> ; \RegCloseKey
00488C88|>83C3 0B ||ADD EBX,0B
00488C8B|.4E||DEC ESI
00488C8C|.^ 0F85 78FFFFFF |\JNZ adsrecor.00488C0A;//循环
00488C92|>83C7 05 |ADD EDI,5
00488C95|.FF4D F8 |DEC DWORD PTR SS:
00488C98|.^ 0F85 34FFFFFF \JNZ adsrecor.00488BD2 ;//循环
00488C9E|.A1 F87F4A00 MOV EAX,DWORD PTR DS:
00488CA3|.8038 00 CMP BYTE PTR DS:,0
00488CA6|.75 0C JNZ SHORT adsrecor.00488CB4
00488CA8|.B8 3C8D4800 MOV EAX,adsrecor.00488D3C;incorrect code!
00488CAD|.E8 CE05FAFF CALL adsrecor.00429280
00488CB2|.EB 14 JMP SHORT adsrecor.00488CC8
00488CB4|>B8 548D4800 MOV EAX,adsrecor.00488D54;thank you for using our product!\nyou have registered ad sound recorder!
00488CB9|.E8 C205FAFF CALL adsrecor.00429280
00488CBE|.A1 C8F14F00 MOV EAX,DWORD PTR DS:
00488CC3|.E8 AC6CFDFF CALL adsrecor.0045F974
00488CC8|>33C0XOR EAX,EAX
00488CCA|.5APOP EDX
00488CCB|.59POP ECX
00488CCC|.59POP ECX
00488CCD|.64:8910 MOV DWORD PTR FS:,EDX
00488CD0|.68 FD8C4800 PUSH adsrecor.00488CFD
00488CD5|>8D45 E4 LEA EAX,DWORD PTR SS:
00488CD8|.E8 33B9F7FF CALL adsrecor.00404610
00488CDD|.8D45 E8 LEA EAX,DWORD PTR SS:
00488CE0|.E8 2BB9F7FF CALL adsrecor.00404610
00488CE5|.8D45 EC LEA EAX,DWORD PTR SS:
00488CE8|.E8 23B9F7FF CALL adsrecor.00404610
00488CED|.8D45 F0 LEA EAX,DWORD PTR SS:
00488CF0|.E8 1BB9F7FF CALL adsrecor.00404610
00488CF5\.C3RETN
00488CF6 .^ E9 95B2F7FF JMP adsrecor.00403F90
00488CFB .^ EB D8 JMP SHORT adsrecor.00488CD5
00488CFD .5FPOP EDI
00488CFE .5EPOP ESI
00488CFF .5BPOP EBX
00488D00 .8BE5MOV ESP,EBP
00488D02 .5DPOP EBP
00488D03 .C3RETN
==============================================================
左边注册框内的真码表
004A733C04 31 32 39 37 04 31 33 39 37 04 31 34 36 31 04129713971461
004A734C31 35 35 36 04 31 36 31 32 04 32 34 30 37 04 321556161224072
004A735C34 33 34 04 32 35 30 33 04 32 39 37 36 04 33 314342503297631
004A736C35 36 04 33 33 34 37 04 33 34 38 37 04 33 36 305633473487360
004A737C31 04 33 39 33 30 04 34 31 30 35 04 34 31 31 381393041054118
004A738C04 34 33 35 36 04 34 33 36 33 04 34 34 30 31 04435643634401
004A739C34 35 34 33 04 34 35 35 38 04 34 38 35 32 04 344543455848524
004A73AC39 38 32 04 34 39 39 33 04 35 31 38 36 04 35 339824993518653
004A73BC37 37 04 35 36 35 34 04 35 36 39 31 04 35 37 397756545691579
004A73CC37 04 35 38 39 37 04 35 39 37 31 04 36 31 33 307589759716130
004A73DC04 36 33 31 37 04 36 33 32 33 04 36 33 38 31 04631763236381
004A73EC36 35 35 36 04 36 36 39 37 04 36 37 35 30 04 376556669767507
004A73FC33 38 33 04 37 36 30 39 04 37 37 31 35 04 37 383837609771578
004A740C34 36 04 37 39 32 39 04 38 31 36 30 04 38 38 364679298160886
004A741C37 04 38 39 38 35 04 39 32 38 37 04 39 33 37 377898592879377
004A742C04 39 37 34 30 04 39 39 38 32 8B C0 0A 31 31 3597409982嬂.115
==============================================================
右边注册框内的真码表
004A74380A 31 31 35 37 37 31 37 31 33 32 0A 31 32 37 35.1157717132.1275
004A744832 31 35 33 39 37 0A 31 35 36 36 33 34 33 38 38215397.156634388
004A745834 0A 32 35 36 35 37 34 30 35 37 38 0A 32 36 364.2565740578.266
004A746832 31 30 36 36 30 31 0A 32 36 39 31 32 39 36 312106601.26912961
004A747833 34 0A 32 38 39 31 32 38 36 34 33 39 0A 32 3934.2891286439.29
004A748837 36 31 35 32 33 33 34 0A 33 31 32 39 36 37 3176152334.3129671
004A749839 35 36 0A 33 32 31 35 37 39 38 36 35 32 0A 33956.3215798652.3
004A74A833 31 30 37 36 30 36 33 36 0A 33 34 30 38 36 32310760636.340862
004A74B833 32 33 38 0A 33 36 31 33 33 33 35 35 31 30 0A3238.3613335510.
004A74C833 36 31 33 37 39 32 31 30 39 0A 33 36 38 32 343613792109.36824
004A74D832 39 37 35 37 0A 34 31 33 37 31 38 38 36 31 3029757.4137188610
004A74E80A 34 33 34 32 32 37 31 32 33 31 0A 34 35 37 36.4342271231.4576
004A74F831 39 35 33 30 32 0A 34 37 39 34 39 37 34 32 32195302.479497422
004A750833 0A 34 38 36 36 33 39 32 38 38 34 0A 35 34 383.4866392884.548
004A751838 33 32 33 30 34 35 0A 35 35 37 36 36 34 39 358323045.55766495
004A752833 31 0A 35 37 30 35 39 31 34 39 38 36 0A 35 3731.5705914986.57
004A753834 32 37 39 33 36 33 38 0A 35 38 34 33 32 39 3642793638.5843296
004A754832 38 30 0A 35 39 31 36 38 35 34 36 36 36 0A 35280.5916854666.5
004A755839 32 38 37 37 37 37 38 32 0A 36 32 33 39 37 33928777782.623973
004A756833 39 35 31 0A 36 33 35 34 34 39 33 30 36 32 0A3951.6354493062.
004A757836 34 34 37 33 34 38 37 38 35 0A 36 34 37 30 366447348785.64706
004A758834 39 36 38 35 0A 36 38 34 33 30 38 36 31 36 3949685.6843086169
004A75980A 37 31 33 37 39 38 32 30 35 30 0A 37 34 30 38.7137982050.7408
004A75A836 38 39 35 31 33 0A 37 35 39 30 31 30 30 38 33689513.759010083
004A75B831 0A 37 37 31 32 33 30 32 37 31 32 0A 37 38 301.7712302712.780
004A75C833 36 35 39 34 35 34 0A 37 38 33 38 33 39 34 333659454.78383943
004A75D830 38 0A 37 38 37 33 32 30 33 34 30 36 0A 38 3108.7873203406.81
004A75E830 30 36 38 34 34 30 39 0A 38 35 35 32 30 38 3100684409.8552081
004A75F830 39 37 0A 38 35 37 35 31 32 33 34 33 38 0A 38097.8575123438.8
004A760836 39 32 39 37 33 32 38 38 0A 38 37 32 38 37 30692973288.872870
004A761836 31 32 36 0A 39 32 31 31 31 32 33 33 34 38 0A6126.9211123348.
004A762839 33 37 34 31 30 39 34 30 36 0A 39 35 30 37 339374109406.95073
004A763836 32 39 39 31 0A 39 36 33 33 37 36 39 31 39 3662991.9633769196
004A76480A 39 37 35 35 30 36 36 35 34 34 0A 39 39 33 32.9755066544.9932
004A765835 37 39 33 39 38 8B C0 5A 00 00 00 00 00 00 01579398嬂Z......
**************************************************************
【破解总结】
只要输入的注册码与左边注册框内的真码表和右边注册框内的真码表里的注册码相符即可注册成功
--------------------------------------------------------------
【注册信息】
一个可用注册码:1297-1157717132
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! 算法之牛也到这边捧场 一路追着T大学习
再看一遍 分析的比较透彻啊!! tianxj大哥水平一天天强大啊! 慢慢研究下,支持LZ!!! 写得非常好,幸苦了。。。。。。。。。 楼主是算法王子
页:
[1]