吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 6083|回复: 1
收起左侧

Magic Photo Recovery 2.0.2算法分析

[复制链接]
tianxj 发表于 2008-10-16 20:39
【破文标题】Magic Photo Recovery 2.0.2算法分析
【破文作者】tianxj
【作者邮箱】tianxj_2007@126.com
【作者主页】WwW.ChiNaPYG.CoM
破解工具】PEiD,OD
【破解平台】Windows XP
【软件名称】CrackMe1
【软件大小】906KB
【软件类别】国外软件/数据恢复
【软件授权】共享版
【软件语言】英文
【更新时间】2008-10-13
【原版下载】自己找一下
【保护方式】注册码
【软件简介】Magic Photo Recovery是一款恢复软件,假如,你不小心从您的电脑,相机,闪存卡,或记忆卡中删除了你的相片,你可以通过这款软件轻松的找回来
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、运行程序,进行注册,输入错误的注册信息进行检测,有提示信息
"Wrong registration data!"
**************************************************************
二、用PEiD对Magic Photo Recovery.exe查壳,为 ASPack 2.12 -> Alexey Solodovnikov
用PEiD插件脱壳后为 Borland Delphi 6.0 - 7.0
**************************************************************
三、用DeDe查找按钮事件,运行OD,打开Magic Photo Recovery.exe.unpacked_.exe
==============================================================
005246B8 .55PUSHEBP005246B9 .8BECMOV EBP, ESP005246BB .B9 0E000000 MOV ECX, 0E005246C0 >6A 00 PUSH0005246C2 .6A 00 PUSH0005246C4 .49DEC ECX005246C5 .^ 75 F9 JNZ SHORT Magic_Ph.005246C0005246C7 .53PUSHEBX005246C8 .56PUSHESI005246C9 .57PUSHEDI005246CA .8945 FC MOV DWORD PTR [EBP-4], EAX005246CD .33C0XOR EAX, EAX005246CF .55PUSHEBP005246D0 .68 214B5200 PUSHMagic_Ph.00524B21005246D5 .64:FF30 PUSHDWORD PTR FS:[EAX]005246D8 .64:8920 MOV DWORD PTR FS:[EAX], ESP005246DB .33C0XOR EAX, EAX005246DD .55PUSHEBP005246DE .68 734A5200 PUSHMagic_Ph.00524A73005246E3 .64:FF30 PUSHDWORD PTR FS:[EAX]005246E6 .64:8920 MOV DWORD PTR FS:[EAX], ESP005246E9 .8D55 F0 LEA EDX, DWORD PTR [EBP-10]005246EC .8B45 FC MOV EAX, DWORD PTR [EBP-4]005246EF .8B98 60030000 MOV EBX, DWORD PTR [EAX+360]005246F5 .8BC3MOV EAX, EBX005246F7 .E8 3CD7F2FF CALLMagic_Ph.00451E38005246FC .8B45 F0 MOV EAX, DWORD PTR [EBP-10];//用户名005246FF .8D55 F4 LEA EDX, DWORD PTR [EBP-C]00524702 .E8 3151EEFF CALLMagic_Ph.0040983800524707 .8B55 F4 MOV EDX, DWORD PTR [EBP-C] ;//用户名0052470A .8BC3MOV EAX, EBX0052470C .E8 57D7F2FF CALLMagic_Ph.00451E6800524711 .8D55 E8 LEA EDX, DWORD PTR [EBP-18]00524714 .8B45 FC MOV EAX, DWORD PTR [EBP-4]00524717 .8B98 64030000 MOV EBX, DWORD PTR [EAX+364]0052471D .8BC3MOV EAX, EBX0052471F .E8 14D7F2FF CALLMagic_Ph.00451E3800524724 .8B45 E8 MOV EAX, DWORD PTR [EBP-18];//试练码00524727 .8D55 EC LEA EDX, DWORD PTR [EBP-14]0052472A .E8 0951EEFF CALLMagic_Ph.004098380052472F .8B55 EC MOV EDX, DWORD PTR [EBP-14];//试练码00524732 .8BC3MOV EAX, EBX00524734 .E8 2FD7F2FF CALLMagic_Ph.00451E6800524739 .8D55 E4 LEA EDX, DWORD PTR [EBP-1C]0052473C .8B45 FC MOV EAX, DWORD PTR [EBP-4]0052473F .8B80 60030000 MOV EAX, DWORD PTR [EAX+360]00524745 .E8 EED6F2FF CALLMagic_Ph.00451E380052474A .837D E4 00CMP DWORD PTR [EBP-1C], 00052474E .75 54 JNZ SHORT Magic_Ph.005247A4;//用户名为空则跳00524750 .6A 30 PUSH3000524752 .8D55 E0 LEA EDX, DWORD PTR [EBP-20]00524755 .A1 48E65200 MOV EAX, DWORD PTR [52E648]0052475A .8B00MOV EAX, DWORD PTR [EAX]0052475C .E8 E7B6F4FF CALLMagic_Ph.0046FE4800524761 .8B45 E0 MOV EAX, DWORD PTR [EBP-20]00524764 .E8 5B0EEEFF CALLMagic_Ph.004055C400524769 .50PUSHEAX0052476A .A1 28E55200 MOV EAX, DWORD PTR [52E528]0052476F .8B40 1C MOV EAX, DWORD PTR [EAX+1C]00524772 .E8 4D0EEEFF CALLMagic_Ph.004055C400524777 .8BD0MOV EDX, EAX00524779 .A1 48E65200 MOV EAX, DWORD PTR [52E648]0052477E .8B00MOV EAX, DWORD PTR [EAX]00524780 .59POP ECX00524781 .E8 12BFF4FF CALLMagic_Ph.0047069800524786 .8B45 FC MOV EAX, DWORD PTR [EBP-4]00524789 .8B80 60030000 MOV EAX, DWORD PTR [EAX+360]0052478F .8B10MOV EDX, DWORD PTR [EAX]00524791 .FF92 D4000000 CALLDWORD PTR [EDX+D4]00524797 .33C0XOR EAX, EAX00524799 .5APOP EDX0052479A .59POP ECX0052479B .59POP ECX0052479C .64:8910 MOV DWORD PTR FS:[EAX], EDX0052479F .E9 D9020000 JMP Magic_Ph.00524A7D005247A4 >8D55 DC LEA EDX, DWORD PTR [EBP-24]005247A7 .8B45 FC MOV EAX, DWORD PTR [EBP-4]005247AA .8B80 64030000 MOV EAX, DWORD PTR [EAX+364]005247B0 .E8 83D6F2FF CALLMagic_Ph.00451E38005247B5 .837D DC 00CMP DWORD PTR [EBP-24], 0005247B9 .75 54 JNZ SHORT Magic_Ph.0052480F;//注册码为空则跳005247BB .6A 30 PUSH30005247BD .8D55 D8 LEA EDX, DWORD PTR [EBP-28]005247C0 .A1 48E65200 MOV EAX, DWORD PTR [52E648]005247C5 .8B00MOV EAX, DWORD PTR [EAX]005247C7 .E8 7CB6F4FF CALLMagic_Ph.0046FE48005247CC .8B45 D8 MOV EAX, DWORD PTR [EBP-28]005247CF .E8 F00DEEFF CALLMagic_Ph.004055C4005247D4 .50PUSHEAX005247D5 .A1 28E55200 MOV EAX, DWORD PTR [52E528]005247DA .8B40 20 MOV EAX, DWORD PTR [EAX+20]005247DD .E8 E20DEEFF CALLMagic_Ph.004055C4005247E2 .8BD0MOV EDX, EAX005247E4 .A1 48E65200 MOV EAX, DWORD PTR [52E648]005247E9 .8B00MOV EAX, DWORD PTR [EAX]005247EB .59POP ECX005247EC .E8 A7BEF4FF CALLMagic_Ph.00470698005247F1 .8B45 FC MOV EAX, DWORD PTR [EBP-4]005247F4 .8B80 64030000 MOV EAX, DWORD PTR [EAX+364]005247FA .8B10MOV EDX, DWORD PTR [EAX]005247FC .FF92 D4000000 CALLDWORD PTR [EDX+D4]00524802 .33C0XOR EAX, EAX00524804 .5APOP EDX00524805 .59POP ECX00524806 .59POP ECX00524807 .64:8910 MOV DWORD PTR FS:[EAX], EDX0052480A .E9 6E020000 JMP Magic_Ph.00524A7D0052480F >8D55 D4 LEA EDX, DWORD PTR [EBP-2C]00524812 .8B45 FC MOV EAX, DWORD PTR [EBP-4]00524815 .8B80 64030000 MOV EAX, DWORD PTR [EAX+364]0052481B .E8 18D6F2FF CALLMagic_Ph.00451E3800524820 .8B45 D4 MOV EAX, DWORD PTR [EBP-2C];//试练码00524823 .50PUSHEAX00524824 .8D55 CC LEA EDX, DWORD PTR [EBP-34]00524827 .8B45 FC MOV EAX, DWORD PTR [EBP-4]0052482A .8B80 60030000 MOV EAX, DWORD PTR [EAX+360]00524830 .E8 03D6F2FF CALLMagic_Ph.00451E3800524835 .8B45 CC MOV EAX, DWORD PTR [EBP-34];//用户名00524838 .8D55 D0 LEA EDX, DWORD PTR [EBP-30]0052483B .E8 A03EFFFF CALLMagic_Ph.005186E0;//关键CALL00524840 .8B55 D0 MOV EDX, DWORD PTR [EBP-30];//真码00524843 .58POP EAX;//假码00524844 .E8 C70CEEFF CALLMagic_Ph.00405510;//比较CALL00524849 .0F85 AA010000 JNZ Magic_Ph.005249F9;//关键跳转0052484F .8B45 FC MOV EAX, DWORD PTR [EBP-4]00524852 .C680 84030000>MOV BYTE PTR [EAX+384], 100524859 .8D55 C8 LEA EDX, DWORD PTR [EBP-38]0052485C .8B45 FC MOV EAX, DWORD PTR [EBP-4]0052485F .8B80 60030000 MOV EAX, DWORD PTR [EAX+360]00524865 .E8 CED5F2FF CALLMagic_Ph.00451E380052486A .8B55 C8 MOV EDX, DWORD PTR [EBP-38]0052486D .8B45 FC MOV EAX, DWORD PTR [EBP-4]00524870 .05 88030000 ADD EAX, 38800524875 .E8 DA08EEFF CALLMagic_Ph.004051540052487A .8D55 C4 LEA EDX, DWORD PTR [EBP-3C]0052487D .A1 48E65200 MOV EAX, DWORD PTR [52E648]00524882 .8B00MOV EAX, DWORD PTR [EAX]00524884 .E8 BFB5F4FF CALLMagic_Ph.0046FE4800524889 .8B55 C4 MOV EDX, DWORD PTR [EBP-3C]0052488C .A1 80E25200 MOV EAX, DWORD PTR [52E280]00524891 .8B00MOV EAX, DWORD PTR [EAX]00524893 .E8 D0D5F2FF CALLMagic_Ph.00451E6800524898 .A1 80E25200 MOV EAX, DWORD PTR [52E280]0052489D .8B00MOV EAX, DWORD PTR [EAX]0052489F .8B80 A8030000 MOV EAX, DWORD PTR [EAX+3A8]005248A5 .33D2XOR EDX, EDX005248A7 .E8 ACD4F2FF CALLMagic_Ph.00451D58005248AC .B2 01 MOV DL, 1005248AE .A1 98934200 MOV EAX, DWORD PTR [429398]005248B3 .E8 E04BF0FF CALLMagic_Ph.00429498005248B8 .8945 F8 MOV DWORD PTR [EBP-8], EAX005248BB .33C0XOR EAX, EAX005248BD .55PUSHEBP005248BE .68 64495200 PUSHMagic_Ph.00524964005248C3 .64:FF30 PUSHDWORD PTR FS:[EAX]005248C6 .64:8920 MOV DWORD PTR FS:[EAX], ESP005248C9 .BA 01000080 MOV EDX, 80000001005248CE .8B45 F8 MOV EAX, DWORD PTR [EBP-8]005248D1 .E8 624CF0FF CALLMagic_Ph.00429538005248D6 .68 3C4B5200 PUSHMagic_Ph.00524B3C;ASCII "Software\East Imperial Soft"005248DB .8D55 BC LEA EDX, DWORD PTR [EBP-44]005248DE .A1 48E65200 MOV EAX, DWORD PTR [52E648]005248E3 .8B00MOV EAX, DWORD PTR [EAX]005248E5 .E8 5EB5F4FF CALLMagic_Ph.0046FE48005248EA .FF75 BC PUSHDWORD PTR [EBP-44]005248ED .68 644B5200 PUSHMagic_Ph.00524B64;ASCII "\Settings"005248F2 .8D45 C0 LEA EAX, DWORD PTR [EBP-40]005248F5 .BA 03000000 MOV EDX, 3005248FA .E8 850BEEFF CALLMagic_Ph.00405484005248FF .8B55 C0 MOV EDX, DWORD PTR [EBP-40]00524902 .B1 01 MOV CL, 100524904 .8B45 F8 MOV EAX, DWORD PTR [EBP-8]00524907 .E8 904CF0FF CALLMagic_Ph.0042959C0052490C .8D55 B8 LEA EDX, DWORD PTR [EBP-48]0052490F .8B45 FC MOV EAX, DWORD PTR [EBP-4]00524912 .8B80 60030000 MOV EAX, DWORD PTR [EAX+360]00524918 .E8 1BD5F2FF CALLMagic_Ph.00451E380052491D .8B4D B8 MOV ECX, DWORD PTR [EBP-48]00524920 .BA 784B5200 MOV EDX, Magic_Ph.00524B78 ;ASCII "UserName"00524925 .8B45 F8 MOV EAX, DWORD PTR [EBP-8]00524928 .E8 C34FF0FF CALLMagic_Ph.004298F00052492D .8D55 B4 LEA EDX, DWORD PTR [EBP-4C]00524930 .8B45 FC MOV EAX, DWORD PTR [EBP-4]00524933 .8B80 64030000 MOV EAX, DWORD PTR [EAX+364]00524939 .E8 FAD4F2FF CALLMagic_Ph.00451E380052493E .8B4D B4 MOV ECX, DWORD PTR [EBP-4C]00524941 .BA 8C4B5200 MOV EDX, Magic_Ph.00524B8C ;ASCII "LicenseKey"00524946 .8B45 F8 MOV EAX, DWORD PTR [EBP-8]00524949 .E8 A24FF0FF CALLMagic_Ph.004298F00052494E .33C0XOR EAX, EAX00524950 .5APOP EDX00524951 .59POP ECX00524952 .59POP ECX00524953 .64:8910 MOV DWORD PTR FS:[EAX], EDX00524956 .68 6B495200 PUSHMagic_Ph.0052496B0052495B >8B45 F8 MOV EAX, DWORD PTR [EBP-8]0052495E .E8 D1F8EDFF CALLMagic_Ph.0040423400524963 .C3RETN00524964 .^ E9 9F00EEFF JMP Magic_Ph.00404A0800524969 .^ EB F0 JMP SHORT Magic_Ph.0052495B0052496B .6A 40 PUSH400052496D .A1 28E55200 MOV EAX, DWORD PTR [52E528]00524972 .FF70 24 PUSHDWORD PTR [EAX+24]00524975 .68 A04B5200 PUSHMagic_Ph.00524BA0;ASCII ""0052497A .8D45 AC LEA EAX, DWORD PTR [EBP-54]0052497D .50PUSHEAX0052497E .8D55 A0 LEA EDX, DWORD PTR [EBP-60]00524981 .8B45 FC MOV EAX, DWORD PTR [EBP-4]00524984 .8B80 60030000 MOV EAX, DWORD PTR [EAX+360]0052498A .E8 A9D4F2FF CALLMagic_Ph.00451E380052498F .8B45 A0 MOV EAX, DWORD PTR [EBP-60]; |00524992 .8945 A4 MOV DWORD PTR [EBP-5C], EAX; |00524995 .C645 A8 0BMOV BYTE PTR [EBP-58], 0B; |00524999 .8D55 A4 LEA EDX, DWORD PTR [EBP-5C]; |0052499C .A1 28E55200 MOV EAX, DWORD PTR [52E528]; |005249A1 .8B40 28 MOV EAX, DWORD PTR [EAX+28]; |005249A4 .33C9XOR ECX, ECX ; |005249A6 .E8 7D63EEFF CALLMagic_Ph.0040AD28; \Magic_Ph.0040AD28005249AB .FF75 AC PUSHDWORD PTR [EBP-54]005249AE .8D45 B0 LEA EAX, DWORD PTR [EBP-50]005249B1 .BA 03000000 MOV EDX, 3005249B6 .E8 C90AEEFF CALLMagic_Ph.00405484005249BB .8B45 B0 MOV EAX, DWORD PTR [EBP-50]005249BE .E8 010CEEFF CALLMagic_Ph.004055C4005249C3 .50PUSHEAX005249C4 .8D55 9C LEA EDX, DWORD PTR [EBP-64]005249C7 .A1 48E65200 MOV EAX, DWORD PTR [52E648]005249CC .8B00MOV EAX, DWORD PTR [EAX]005249CE .E8 75B4F4FF CALLMagic_Ph.0046FE48005249D3 .8B45 9C MOV EAX, DWORD PTR [EBP-64]005249D6 .E8 E90BEEFF CALLMagic_Ph.004055C4005249DB .8BC8MOV ECX, EAX005249DD .A1 48E65200 MOV EAX, DWORD PTR [52E648]005249E2 .8B00MOV EAX, DWORD PTR [EAX]005249E4 .5APOP EDX005249E5 .E8 AEBCF4FF CALLMagic_Ph.00470698005249EA .8B45 FC MOV EAX, DWORD PTR [EBP-4]005249ED .C780 94020000>MOV DWORD PTR [EAX+294], 1005249F7 .EB 70 JMP SHORT Magic_Ph.00524A69005249F9 >6A 30 PUSH30005249FB .A1 28E55200 MOV EAX, DWORD PTR [52E528]00524A00 .FF70 2C PUSHDWORD PTR [EAX+2C]00524A03 .68 A04B5200 PUSHMagic_Ph.00524BA0;ASCII ""00524A08 .8D45 94 LEA EAX, DWORD PTR [EBP-6C]00524A0B .50PUSHEAX; /Arg100524A0C .B8 AC4B5200 MOV EAX, Magic_Ph.00524BAC ; |ASCII "[email]support@magicuneraser.com[/email]"00524A11 .8945 A4 MOV DWORD PTR [EBP-5C], EAX; |00524A14 .C645 A8 0BMOV BYTE PTR [EBP-58], 0B; |00524A18 .8D55 A4 LEA EDX, DWORD PTR [EBP-5C]; |00524A1B .A1 28E55200 MOV EAX, DWORD PTR [52E528]; |00524A20 .8B40 30 MOV EAX, DWORD PTR [EAX+30]; |00524A23 .33C9XOR ECX, ECX ; |00524A25 .E8 FE62EEFF CALLMagic_Ph.0040AD28; \Magic_Ph.0040AD2800524A2A .FF75 94 PUSHDWORD PTR [EBP-6C]00524A2D .8D45 98 LEA EAX, DWORD PTR [EBP-68]00524A30 .BA 03000000 MOV EDX, 300524A35 .E8 4A0AEEFF CALLMagic_Ph.0040548400524A3A .8B45 98 MOV EAX, DWORD PTR [EBP-68]00524A3D .E8 820BEEFF CALLMagic_Ph.004055C400524A42 .50PUSHEAX00524A43 .8D55 90 LEA EDX, DWORD PTR [EBP-70]00524A46 .A1 48E65200 MOV EAX, DWORD PTR [52E648]00524A4B .8B00MOV EAX, DWORD PTR [EAX]00524A4D .E8 F6B3F4FF CALLMagic_Ph.0046FE4800524A52 .8B45 90 MOV EAX, DWORD PTR [EBP-70]00524A55 .E8 6A0BEEFF CALLMagic_Ph.004055C400524A5A .8BC8MOV ECX, EAX00524A5C .A1 48E65200 MOV EAX, DWORD PTR [52E648]00524A61 .8B00MOV EAX, DWORD PTR [EAX]00524A63 .5APOP EDX00524A64 .E8 2FBCF4FF CALLMagic_Ph.0047069800524A69 >33C0XOR EAX, EAX00524A6B .5APOP EDX00524A6C .59POP ECX00524A6D .59POP ECX00524A6E .64:8910 MOV DWORD PTR FS:[EAX], EDX00524A71 .EB 0A JMP SHORT Magic_Ph.00524A7D00524A73 .^ E9 DCFCEDFF JMP Magic_Ph.0040475400524A78 .E8 E700EEFF CALLMagic_Ph.00404B6400524A7D >33C0XOR EAX, EAX00524A7F .5APOP EDX00524A80 .59POP ECX00524A81 .59POP ECX00524A82 .64:8910 MOV DWORD PTR FS:[EAX], EDX00524A85 .68 2B4B5200 PUSHMagic_Ph.00524B2B00524A8A >8D45 90 LEA EAX, DWORD PTR [EBP-70]00524A8D .BA 04000000 MOV EDX, 400524A92 .E8 8D06EEFF CALLMagic_Ph.0040512400524A97 .8D45 A0 LEA EAX, DWORD PTR [EBP-60]00524A9A .E8 6106EEFF CALLMagic_Ph.0040510000524A9F .8D45 AC LEA EAX, DWORD PTR [EBP-54]00524AA2 .BA 02000000 MOV EDX, 200524AA7 .E8 7806EEFF CALLMagic_Ph.0040512400524AAC .8D45 B4 LEA EAX, DWORD PTR [EBP-4C]00524AAF .BA 02000000 MOV EDX, 200524AB4 .E8 6B06EEFF CALLMagic_Ph.0040512400524AB9 .8D45 BC LEA EAX, DWORD PTR [EBP-44]00524ABC .BA 03000000 MOV EDX, 300524AC1 .E8 5E06EEFF CALLMagic_Ph.0040512400524AC6 .8D45 C8 LEA EAX, DWORD PTR [EBP-38]00524AC9 .BA 02000000 MOV EDX, 200524ACE .E8 5106EEFF CALLMagic_Ph.0040512400524AD3 .8D45 D0 LEA EAX, DWORD PTR [EBP-30]00524AD6 .E8 2506EEFF CALLMagic_Ph.0040510000524ADB .8D45 D4 LEA EAX, DWORD PTR [EBP-2C]00524ADE .E8 1D06EEFF CALLMagic_Ph.0040510000524AE3 .8D45 D8 LEA EAX, DWORD PTR [EBP-28]00524AE6 .E8 1506EEFF CALLMagic_Ph.0040510000524AEB .8D45 DC LEA EAX, DWORD PTR [EBP-24]00524AEE .E8 0D06EEFF CALLMagic_Ph.0040510000524AF3 .8D45 E0 LEA EAX, DWORD PTR [EBP-20]00524AF6 .E8 0506EEFF CALLMagic_Ph.0040510000524AFB .8D45 E4 LEA EAX, DWORD PTR [EBP-1C]00524AFE .BA 02000000 MOV EDX, 200524B03 .E8 1C06EEFF CALLMagic_Ph.0040512400524B08 .8D45 EC LEA EAX, DWORD PTR [EBP-14]00524B0B .E8 F005EEFF CALLMagic_Ph.0040510000524B10 .8D45 F0 LEA EAX, DWORD PTR [EBP-10]00524B13 .E8 E805EEFF CALLMagic_Ph.0040510000524B18 .8D45 F4 LEA EAX, DWORD PTR [EBP-C]00524B1B .E8 E005EEFF CALLMagic_Ph.0040510000524B20 .C3RETN00524B21 .^ E9 E2FEEDFF JMP Magic_Ph.00404A0800524B26 .^ E9 5FFFFFFF JMP Magic_Ph.00524A8A00524B2B .5FPOP EDI00524B2C .5EPOP ESI00524B2D .5BPOP EBX00524B2E .8BE5MOV ESP, EBP00524B30 .5DPOP EBP00524B31 .C3RETN==============================================================005186E0/$55PUSHEBP005186E1|.8BECMOV EBP, ESP005186E3|.B9 07000000 MOV ECX, 7005186E8|>6A 00 /PUSH0005186EA|.6A 00 |PUSH0005186EC|.49|DEC ECX005186ED|.^ 75 F9 \JNZ SHORT Magic_Ph.005186E8005186EF|.51PUSHECX005186F0|.53PUSHEBX005186F1|.56PUSHESI005186F2|.8955 F8 MOV DWORD PTR [EBP-8], EDX005186F5|.8BD8MOV EBX, EAX005186F7|.33C0XOR EAX, EAX005186F9|.55PUSHEBP005186FA|.68 E5895100 PUSHMagic_Ph.005189E5005186FF|.64:FF30 PUSHDWORD PTR FS:[EAX]00518702|.64:8920 MOV DWORD PTR FS:[EAX], ESP00518705|.8D45 FC LEA EAX, DWORD PTR [EBP-4]00518708|.8BD3MOV EDX, EBX0051870A|.E8 89CAEEFF CALLMagic_Ph.004051980051870F|.8B45 F8 MOV EAX, DWORD PTR [EBP-8]00518712|.E8 E9C9EEFF CALLMagic_Ph.0040510000518717|.8B45 FC MOV EAX, DWORD PTR [EBP-4] ;//用户名0051871A|.85C0TESTEAX, EAX0051871C|.74 05 JESHORT Magic_Ph.005187230051871E|.83E8 04 SUB EAX, 400518721|.8B00MOV EAX, DWORD PTR [EAX] ;//用户名长度00518723|>85C0TESTEAX, EAX00518725|.0F84 8A020000 JEMagic_Ph.005189B50051872B|.8D55 F4 LEA EDX, DWORD PTR [EBP-C]0051872E|.8B45 FC MOV EAX, DWORD PTR [EBP-4] ;//用户名00518731|.E8 6610EFFF CALLMagic_Ph.0040979C;//用户名转小写00518736|.8B55 F4 MOV EDX, DWORD PTR [EBP-C] ;//小写用户名00518739|.8D45 FC LEA EAX, DWORD PTR [EBP-4]0051873C|.E8 57CAEEFF CALLMagic_Ph.0040519800518741|.33DBXOR EBX, EBX ;//EBX=000518743|.8B45 FC MOV EAX, DWORD PTR [EBP-4] ;//小写用户名00518746|.85C0TESTEAX, EAX00518748|.74 05 JESHORT Magic_Ph.0051874F0051874A|.83E8 04 SUB EAX, 40051874D|.8B00MOV EAX, DWORD PTR [EAX] ;//用户名长度0051874F|>8BD0MOV EDX, EAX ;//EDX=EAX=用户名长度00518751|.85D2TESTEDX, EDX00518753|.7E 35 JLE SHORT Magic_Ph.0051878A00518755|.B8 01000000 MOV EAX, 1 ;//EAX=10051875A|>8B4D FC /MOV ECX, DWORD PTR [EBP-4];//小写用户名0051875D|.48|DEC EAX0051875E|.85C9|TESTECX, ECX00518760|.74 05 |JESHORT Magic_Ph.0051876700518762|.3B41 FC |CMP EAX, DWORD PTR [ECX-4];//与用户名长度比较00518765|.72 05 |JBSHORT Magic_Ph.0051876C00518767|>E8 98B9EEFF |CALLMagic_Ph.004041040051876C|>40|INC EAX0051876D|.0FB64C01 FF |MOVZX ECX, BYTE PTR [ECX+EAX-1] ;//依次取用户名ASCII码00518772|.6BF0 15 |IMULESI, EAX, 15;//ESI=EAX*1500518775|.81C6 8D020000 |ADD ESI, 28D;//ESI=ESI+28D0051877B|.0FAFCE|IMULECX, ESI;//ECX=ECX*ESI0051877E|.03D9|ADD EBX, ECX;//EBX=EBX+ECX00518780|.81C3 C2040000 |ADD EBX, 4C2;//EBX=EBX+4C200518786|.40|INC EAX ;//EAX=EAX+100518787|.4A|DEC EDX ;//EDX=EDX-100518788|.^ 75 D0 \JNZ SHORT Magic_Ph.0051875A ;//循环0051878A|>81C3 48050000 ADD EBX, 548 ;//EBX=EBX+54800518790|.8D55 F0 LEA EDX, DWORD PTR [EBP-10]00518793|.8BC3MOV EAX, EBX00518795|.E8 0A12EFFF CALLMagic_Ph.004099A4;//将EBX转10进制0051879A|.8B45 F0 MOV EAX, DWORD PTR [EBP-10];//10进制字符串0051879D|.8945 EC MOV DWORD PTR [EBP-14], EAX005187A0|.8B75 EC MOV ESI, DWORD PTR [EBP-14]005187A3|.85F6TESTESI, ESI005187A5|.74 05 JESHORT Magic_Ph.005187AC005187A7|.83EE 04 SUB ESI, 4005187AA|.8B36MOV ESI, DWORD PTR [ESI]005187AC|>8B45 F8 MOV EAX, DWORD PTR [EBP-8]005187AF|.50PUSHEAX005187B0|.8D55 E8 LEA EDX, DWORD PTR [EBP-18]005187B3|.8BC3MOV EAX, EBX005187B5|.E8 EA11EFFF CALLMagic_Ph.004099A4005187BA|.8B45 E8 MOV EAX, DWORD PTR [EBP-18]; |005187BD|.8BD6MOV EDX, ESI ; |005187BF|.83EA 03 SUB EDX, 3 ; |005187C2|.B9 04000000 MOV ECX, 4 ; |005187C7|.E8 58CEEEFF CALLMagic_Ph.00405624; \//取10进制字符串3-6位005187CC|.33DBXOR EBX, EBX005187CE|.8B45 FC MOV EAX, DWORD PTR [EBP-4]005187D1|.85C0TESTEAX, EAX005187D3|.74 05 JESHORT Magic_Ph.005187DA005187D5|.83E8 04 SUB EAX, 4005187D8|.8B00MOV EAX, DWORD PTR [EAX]005187DA|>8BD0MOV EDX, EAX005187DC|.85D2TESTEDX, EDX005187DE|.7E 2F JLE SHORT Magic_Ph.0051880F005187E0|.B8 01000000 MOV EAX, 1005187E5|>8B4D FC /MOV ECX, DWORD PTR [EBP-4] 005187E8|.48|DEC EAX005187E9|.85C9|TESTECX, ECX005187EB|.74 05 |JESHORT Magic_Ph.005187F2005187ED|.3B41 FC |CMP EAX, DWORD PTR [ECX-4]005187F0|.72 05 |JBSHORT Magic_Ph.005187F7005187F2|>E8 0DB9EEFF |CALLMagic_Ph.00404104005187F7|>40|INC EAX005187F8|.0FB64C01 FF |MOVZX ECX, BYTE PTR [ECX+EAX-1] ;//依次取用户名ASCII码005187FD|.6BF0 6B |IMULESI, EAX, 6B;//ESI=EAX*6B00518800|.83C6 0C |ADD ESI, 0C ;//ESI=ESI+0C00518803|.0FAFCE|IMULECX, ESI;//ECX=ECX*ESI00518806|.03D9|ADD EBX, ECX;//EBX=EBX+ECX00518808|.83C3 75 |ADD EBX, 75 ;//EBX=EBX+750051880B|.40|INC EAX0051880C|.4A|DEC EDX0051880D|.^ 75 D6 \JNZ SHORT Magic_Ph.005187E5 ;//循环0051880F|>81C3 E3090000 ADD EBX, 9E3 ;//EBX=EBX+9E300518815|.8D55 E4 LEA EDX, DWORD PTR [EBP-1C]00518818|.8BC3MOV EAX, EBX0051881A|.E8 8511EFFF CALLMagic_Ph.004099A4;//将EBX转10进制0051881F|.8B45 E4 MOV EAX, DWORD PTR [EBP-1C];//10进制字符串00518822|.8945 EC MOV DWORD PTR [EBP-14], EAX00518825|.8B75 EC MOV ESI, DWORD PTR [EBP-14]00518828|.85F6TESTESI, ESI0051882A|.74 05 JESHORT Magic_Ph.005188310051882C|.83EE 04 SUB ESI, 40051882F|.8B36MOV ESI, DWORD PTR [ESI]00518831|>8B45 F8 MOV EAX, DWORD PTR [EBP-8]00518834|.FF30PUSHDWORD PTR [EAX]00518836|.68 FC895100 PUSHMagic_Ph.005189FC0051883B|.8D45 E0 LEA EAX, DWORD PTR [EBP-20]0051883E|.50PUSHEAX0051883F|.8D55 DC LEA EDX, DWORD PTR [EBP-24]00518842|.8BC3MOV EAX, EBX00518844|.E8 5B11EFFF CALLMagic_Ph.004099A400518849|.8B45 DC MOV EAX, DWORD PTR [EBP-24]; |0051884C|.8BD6MOV EDX, ESI ; |0051884E|.83EA 03 SUB EDX, 3 ; |00518851|.B9 04000000 MOV ECX, 4 ; |00518856|.E8 C9CDEEFF CALLMagic_Ph.00405624; \//取10进制字符串3-6位0051885B|.FF75 E0 PUSHDWORD PTR [EBP-20]0051885E|.8B45 F8 MOV EAX, DWORD PTR [EBP-8]00518861|.BA 03000000 MOV EDX, 300518866|.E8 19CCEEFF CALLMagic_Ph.004054840051886B|.33DBXOR EBX, EBX0051886D|.8B45 FC MOV EAX, DWORD PTR [EBP-4]00518870|.85C0TESTEAX, EAX00518872|.74 05 JESHORT Magic_Ph.0051887900518874|.83E8 04 SUB EAX, 400518877|.8B00MOV EAX, DWORD PTR [EAX]00518879|>8BD0MOV EDX, EAX0051887B|.85D2TESTEDX, EDX0051887D|.7E 38 JLE SHORT Magic_Ph.005188B70051887F|.B8 01000000 MOV EAX, 100518884|>8B4D FC /MOV ECX, DWORD PTR [EBP-4]00518887|.48|DEC EAX00518888|.85C9|TESTECX, ECX0051888A|.74 05 |JESHORT Magic_Ph.005188910051888C|.3B41 FC |CMP EAX, DWORD PTR [ECX-4]0051888F|.72 05 |JBSHORT Magic_Ph.0051889600518891|>E8 6EB8EEFF |CALLMagic_Ph.0040410400518896|>40|INC EAX00518897|.0FB64C01 FF |MOVZX ECX, BYTE PTR [ECX+EAX-1] ;//依次取用户名ASCII码0051889C|.8BF0|MOV ESI, EAX;//ESI=EAX0051889E|.03F6|ADD ESI, ESI;//ESI=ESI+ESI005188A0|.03F6|ADD ESI, ESI;//ESI=ESI+ESI005188A2|.81C6 9F000000 |ADD ESI, 9F ;//ESI=ESI+9F005188A8|.0FAFCE|IMULECX, ESI;//ECX=ECX*ESI005188AB|.03D9|ADD EBX, ECX;//EBX=EBX+ECX005188AD|.81C3 12010000 |ADD EBX, 112;//EBX=EBX+112005188B3|.40|INC EAX005188B4|.4A|DEC EDX 005188B5|.^ 75 CD \JNZ SHORT Magic_Ph.00518884 ;//循环005188B7|>81C3 02150000 ADD EBX, 1502;//EBX=EBX+1502005188BD|.8D55 D8 LEA EDX, DWORD PTR [EBP-28]005188C0|.8BC3MOV EAX, EBX005188C2|.E8 DD10EFFF CALLMagic_Ph.004099A4;//将EBX转10进制005188C7|.8B45 D8 MOV EAX, DWORD PTR [EBP-28];//10进制字符串005188CA|.8945 EC MOV DWORD PTR [EBP-14], EAX005188CD|.8B75 EC MOV ESI, DWORD PTR [EBP-14]005188D0|.85F6TESTESI, ESI005188D2|.74 05 JESHORT Magic_Ph.005188D9005188D4|.83EE 04 SUB ESI, 4005188D7|.8B36MOV ESI, DWORD PTR [ESI]005188D9|>8B45 F8 MOV EAX, DWORD PTR [EBP-8]005188DC|.FF30PUSHDWORD PTR [EAX]005188DE|.68 FC895100 PUSHMagic_Ph.005189FC005188E3|.8D45 D4 LEA EAX, DWORD PTR [EBP-2C]005188E6|.50PUSHEAX005188E7|.8D55 D0 LEA EDX, DWORD PTR [EBP-30]005188EA|.8BC3MOV EAX, EBX005188EC|.E8 B310EFFF CALLMagic_Ph.004099A4005188F1|.8B45 D0 MOV EAX, DWORD PTR [EBP-30]; |005188F4|.8BD6MOV EDX, ESI ; |005188F6|.83EA 03 SUB EDX, 3 ; |005188F9|.B9 04000000 MOV ECX, 4 ; |005188FE|.E8 21CDEEFF CALLMagic_Ph.00405624; \//取10进制字符串3-6位00518903|.FF75 D4 PUSHDWORD PTR [EBP-2C]00518906|.8B45 F8 MOV EAX, DWORD PTR [EBP-8]00518909|.BA 03000000 MOV EDX, 30051890E|.E8 71CBEEFF CALLMagic_Ph.0040548400518913|.33DBXOR EBX, EBX00518915|.8B45 FC MOV EAX, DWORD PTR [EBP-4]00518918|.85C0TESTEAX, EAX0051891A|.74 05 JESHORT Magic_Ph.005189210051891C|.83E8 04 SUB EAX, 40051891F|.8B00MOV EAX, DWORD PTR [EAX]00518921|>8BD0MOV EDX, EAX00518923|.85D2TESTEDX, EDX00518925|.7E 32 JLE SHORT Magic_Ph.0051895900518927|.B8 01000000 MOV EAX, 10051892C|>8B4D FC /MOV ECX, DWORD PTR [EBP-4]0051892F|.48|DEC EAX00518930|.85C9|TESTECX, ECX00518932|.74 05 |JESHORT Magic_Ph.0051893900518934|.3B41 FC |CMP EAX, DWORD PTR [ECX-4]00518937|.72 05 |JBSHORT Magic_Ph.0051893E00518939|>E8 C6B7EEFF |CALLMagic_Ph.004041040051893E|>40|INC EAX0051893F|.0FB64C01 FF |MOVZX ECX, BYTE PTR [ECX+EAX-1] ;//依次取用户名ASCII码00518944|.6BF0 5F |IMULESI, EAX, 5F;//ESI=EAX*5F00518947|.83C6 6F |ADD ESI, 6F ;//ESI=ESI+6F0051894A|.0FAFCE|IMULECX, ESI;//ECX=ECX*ESI0051894D|.03D9|ADD EBX, ECX;//EBX=EBX+ECX0051894F|.81C3 6D180000 |ADD EBX, 186D ;//EBX=EBX+186D00518955|.40|INC EAX00518956|.4A|DEC EDX00518957|.^ 75 D3 \JNZ SHORT Magic_Ph.0051892C ;//循环00518959|>81C3 57040000 ADD EBX, 457 ;//EBX=EBX+4570051895F|.8D55 CC LEA EDX, DWORD PTR [EBP-34]00518962|.8BC3MOV EAX, EBX00518964|.E8 3B10EFFF CALLMagic_Ph.004099A4;//将EBX转10进制00518969|.8B45 CC MOV EAX, DWORD PTR [EBP-34];//10进制字符串0051896C|.8945 EC MOV DWORD PTR [EBP-14], EAX0051896F|.8B75 EC MOV ESI, DWORD PTR [EBP-14]00518972|.85F6TESTESI, ESI00518974|.74 05 JESHORT Magic_Ph.0051897B00518976|.83EE 04 SUB ESI, 400518979|.8B36MOV ESI, DWORD PTR [ESI]0051897B|>8B45 F8 MOV EAX, DWORD PTR [EBP-8]0051897E|.FF30PUSHDWORD PTR [EAX]00518980|.68 FC895100 PUSHMagic_Ph.005189FC00518985|.8D45 C8 LEA EAX, DWORD PTR [EBP-38]00518988|.50PUSHEAX00518989|.8D55 C4 LEA EDX, DWORD PTR [EBP-3C]0051898C|.8BC3MOV EAX, EBX0051898E|.E8 1110EFFF CALLMagic_Ph.004099A400518993|.8B45 C4 MOV EAX, DWORD PTR [EBP-3C]; |00518996|.8BD6MOV EDX, ESI ; |00518998|.83EA 03 SUB EDX, 3 ; |0051899B|.B9 04000000 MOV ECX, 4 ; |005189A0|.E8 7FCCEEFF CALLMagic_Ph.00405624; \//取10进制字符串3-6位005189A5|.FF75 C8 PUSHDWORD PTR [EBP-38]005189A8|.8B45 F8 MOV EAX, DWORD PTR [EBP-8]005189AB|.BA 03000000 MOV EDX, 3005189B0|.E8 CFCAEEFF CALLMagic_Ph.00405484005189B5|>33C0XOR EAX, EAX005189B7|.5APOP EDX005189B8|.59POP ECX005189B9|.59POP ECX005189BA|.64:8910 MOV DWORD PTR FS:[EAX], EDX005189BD|.68 EC895100 PUSHMagic_Ph.005189EC005189C2|>8D45 C4 LEA EAX, DWORD PTR [EBP-3C]005189C5|.BA 0A000000 MOV EDX, 0A005189CA|.E8 55C7EEFF CALLMagic_Ph.00405124005189CF|.8D45 F0 LEA EAX, DWORD PTR [EBP-10]005189D2|.BA 02000000 MOV EDX, 2005189D7|.E8 48C7EEFF CALLMagic_Ph.00405124005189DC|.8D45 FC LEA EAX, DWORD PTR [EBP-4]005189DF|.E8 1CC7EEFF CALLMagic_Ph.00405100005189E4\.C3RETN005189E5 .^ E9 1EC0EEFF JMP Magic_Ph.00404A08005189EA .^ EB D6 JMP SHORT Magic_Ph.005189C2005189EC .5EPOP ESI005189ED .5BPOP EBX005189EE .8BE5MOV ESP, EBP005189F0 .5DPOP EBP005189F1 .C3RETN
**************************************************************
【破解总结】
--------------------------------------------------------------
【算法总结】
将用户名转小写,分别作4次运算,取运算值的3-6位,用"-"相连即是注册码
--------------------------------------------------------------
【算法注册机】
〖易语言代码〗
.版本 2

.子程序 _按钮1_被单击
.局部变量 小写用户名, 文本型
.局部变量 EAX, 整数型
.局部变量 ECX, 整数型
.局部变量 ESI, 整数型
.局部变量 EBX, 整数型
.局部变量 字符串1, 文本型
.局部变量 字符串2, 文本型
.局部变量 字符串3, 文本型
.局部变量 字符串4, 文本型

.判断开始 (编辑框1.内容 = “”)
编辑框2.内容 = “输入有误,请重新输入。”
.默认

小写用户名 = 到小写 (编辑框1.内容)
EBX = 0
.计次循环首 (取文本长度 (小写用户名), EAX)
ECX = 取代码 (小写用户名, EAX)
ESI = EAX × 十六进制到十进制 (“15”)
ESI = ESI + 十六进制到十进制 (“28D”)
ECX = ECX × ESI
EBX = EBX + ECX
EBX = EBX + 十六进制到十进制 (“4C2”)
.计次循环尾 ()
EBX = EBX + 十六进制到十进制 (“548”)
字符串1 = 取文本中间 (到文本 (EBX), 3, 4)
EBX = 0
.计次循环首 (取文本长度 (小写用户名), EAX)
ECX = 取代码 (小写用户名, EAX)
ESI = EAX × 十六进制到十进制 (“6B”)
ESI = ESI + 十六进制到十进制 (“0C”)
ECX = ECX × ESI
EBX = EBX + ECX
EBX = EBX + 十六进制到十进制 (“75”)
.计次循环尾 ()
EBX = EBX + 十六进制到十进制 (“9E3”)
字符串2 = 取文本中间 (到文本 (EBX), 3, 4)
EBX = 0
.计次循环首 (取文本长度 (小写用户名), EAX)
ECX = 取代码 (小写用户名, EAX)
ESI = EAX
ESI = ESI + ESI
ESI = ESI + ESI
ESI = ESI + 十六进制到十进制 (“9F”)
ECX = ECX × ESI
EBX = EBX + ECX
EBX = EBX + 十六进制到十进制 (“112”)
.计次循环尾 ()
EBX = EBX + 十六进制到十进制 (“1502”)
字符串3 = 取文本中间 (到文本 (EBX), 3, 4)
EBX = 0
.计次循环首 (取文本长度 (小写用户名), EAX)
ECX = 取代码 (小写用户名, EAX)
ESI = EAX × 十六进制到十进制 (“5F”)
ESI = ESI + 十六进制到十进制 (“6F”)
ECX = ECX × ESI
EBX = EBX + ECX
EBX = EBX + 十六进制到十进制 (“186D”)
.计次循环尾 ()
EBX = EBX + 十六进制到十进制 (“457”)
字符串4 = 取文本中间 (到文本 (EBX), 3, 4)
编辑框2.内容 = 字符串1 + “-” + 字符串2 + “-” + 字符串3 + “-” + 字符串4

.判断结束


.子程序 十六进制到十进制, 整数型
.参数 十六进制文本, 文本型
.局部变量 文本, 文本型
.局部变量 最终值, 整数型
.局部变量 i, 整数型, , , 中间循环变量
.局部变量 临时数值, 文本型, , , 每一位上的值

文本 = 到小写 (十六进制文本)
.变量循环首 (1, 取文本长度 (文本), 1, i)
临时数值 = 取文本中间 (文本, i, 1)
.如果 (取代码 (临时数值, ) ≥ 取代码 (“a”, ) 且 取代码 (临时数值, ) ≤ 取代码 (“f”, ))
最终值 = 最终值 + (取代码 (临时数值, ) - 取代码 (“a”, ) + 10) × 求次方 (16, 取文本长度 (文本) - i)
.否则
最终值 = 最终值 + 到数值 (临时数值) × 求次方 (16, 取文本长度 (文本) - i)
.如果结束

.变量循环尾 ()
返回 (最终值)

--------------------------------------------------------------
【内存注册机】
中断地址 00524844
中断次数 1
第一字节 E8
指令长度 5

内存方式-寄存器-EDX
--------------------------------------------------------------
【注册信息】
保存在[HKEY_CURRENT_USER\Software\East Imperial Soft\Magic Photo Recovery 2.0\Settings]
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及徐超等所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!

_/_/_/ _/ _/ _/_/_/
_/ _/_/_/_/
_/_/_/_/_/ _/_/_/_/
_/ _/_/_/
_/ _/_/_/_/ _/tianxj

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

头像被屏蔽
灯纸王桌 发表于 2008-10-17 04:04
提示: 作者被禁止或删除 内容自动屏蔽
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-11-22 16:09

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表