Joboshare全系列爆破、追码、算法及注册机源码

expasy · 发表于 2015-11-29 22:07

本帖最后由 expasy 于 2015-11-30 12:15 编辑

边做边写，大家慢慢看，去网吧用大屏幕看着真爽

【文章标题】: Joboshare全系列爆破、追码（算法注册机还在写）
【文章作者】: expasy
【作者邮箱】: expasy@sina.com
【作者主页】: 无
【软件名称】: joboshare Video Converter
【软件大小】: 5.91M
【下载地址】: http://www.joboshare.com/
【加壳方式】: 无
【保护方式】: 序列号
【编写语言】: vc++ 7
【使用工具】: OD
【操作平台】: win7 x86
【软件介绍】: 一系列的软件，很多
【作者声明】: 学习而已
--------------------------------------------------------------------------------
【详细过程】
  其实研究的时候分析的是DVD Ripper这个软件，为了写破文就重新换了个软件来做，这样看着更像重头开始做的。
  这个系列的算法全部一模一样，作者是有多懒~~
  1、peid查壳，无壳，vc++ 7的,
  2、OD载入：
Image 1.png

查找字符串“invalid”、"unregistered"都没有。（做完后发现用C32asm能找到，汗！但是不用字符串也可以继续）
  3、直接运行，填入假码
  用户名：expasy
  密码：98765432
  弹出错误信息，先别点
  4、F12暂停、查看堆栈调用（Alt+K）
  然后如图返回
Image 3.png

5、这个关键跳太明显了，上面两个call，一般来说很可能有个是关键的算法
Image 5.png

6、段首00430EB0 下断，F8单步下来大概可以知道哪个是关键的算法call了

[Asm] 纯文本查看 复制代码

00430EB0   .  64:A1 0000000>mov eax,dword ptr fs:[0]                 ;  这里下断
00430EB6   .  6A FF         push -0x1
00430EB8   .  68 822D4800   push videoenc.00482D82
00430EBD   .  50            push eax
00430EBE   .  64:8925 00000>mov dword ptr fs:[0],esp
00430EC5   .  83EC 08       sub esp,0x8
00430EC8   .  56            push esi
00430EC9   .  8BF1          mov esi,ecx
00430ECB   .  E8 A0E3FFFF   call videoenc.0042F270                   ;  call 加密SN、写注册表
00430ED0   .  E8 6BE5FFFF   call videoenc.0042F440                   ;  call 关键：注册表读取、解密、计算SN、比较
00430ED5   .  85C0          test eax,eax
00430ED7   .  75 49         jnz short videoenc.00430F22              ;  关键跳
00430ED9   .  8B0D F8904C00 mov ecx,dword ptr ds:[0x4C90F8]          ;  鸸L
00430EDF   .  68 442F0000   push 0x2F44
00430EE4   .  8D4424 08     lea eax,dword ptr ss:[esp+0x8]
00430EE8   .  50            push eax
00430EE9   .  E8 32B1FFFF   call videoenc.0042C020
00430EEE   .  6A 00         push 0x0
00430EF0   .  6A 30         push 0x30
00430EF2   .  8BC8          mov ecx,eax
00430EF4   .  C74424 1C 000>mov dword ptr ss:[esp+0x1C],0x0
00430EFC   .  FF15 F0894800 call dword ptr ds:[<&MFC71.#??B?$CSimple>;  mfc71.#?GetString@?$CSimpleStringT@D$00@ATL@@QBEPBDXZ_3397
00430F02   .  50            push eax
00430F03   .  E8 8A060300   call <jmp.&MFC71.#?AfxMessageBox@@YGHPBD>;  错误提示
00430F08   .  8D4C24 04     lea ecx,dword ptr ss:[esp+0x4]
00430F0C   .  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
00430F12   .  5E            pop esi                                  ;  user32.7663438D
00430F13   .  8B4C24 08     mov ecx,dword ptr ss:[esp+0x8]
00430F17   .  64:890D 00000>mov dword ptr fs:[0],ecx
00430F1E   .  83C4 14       add esp,0x14
00430F21   .  C3            retn

7、先来爆破，我爆破的习惯是验证少的就直接该跳转，验证多的改算法的返回值，而这个刚好就是后面这个了
Image 6.png

F7跟到算法，段首直接改为：

[Asm] 纯文本查看 复制代码

0042F440      33C0          xor eax,eax                              ;  算法
0042F442      40            inc eax
0042F443      C3            retn
0042F444      90            nop
0042F445      90            nop
0042F446      90            nop

保存修改，倒是显示注册成功了，但是标题栏上面还有显示未注册，看了还有验证
Image 9.png

看下注册表，发现了注册信息保存在了这里：
Image 20.png

用户名倒是和输入的一样，但是code就是些奇怪的东西了，看来注册码是加密存储的，先不管，爆破再说

于是BP RegQueryValueExA
重新运行，断下了，但不是想要的，f9好像15次吧，终于堆栈出现了“name”，
Image 10.png

然后就可以返回了，到了00449C4C这里：

[Asm] 纯文本查看 复制代码

00449B90      6A FF         push -0x1                                ;  另一个算法验证（看了下和第一个算法基本一样，所以直接用beyondcompare比了下，还真是一样的，汗！）
00449B92      68 9F484800   push videoenc.0048489F                   ;  入口地址
00449B97  |.  64:A1 0000000>mov eax,dword ptr fs:[0]
00449B9D  |.  50            push eax
00449B9E  |.  64:8925 00000>mov dword ptr fs:[0],esp
00449BA5  |.  81EC A4000000 sub esp,0xA4
00449BAB  |.  A1 70694C00   mov eax,dword ptr ds:[0x4C6970]
00449BB0  |.  53            push ebx
00449BB1  |.  56            push esi
00449BB2  |.  8D4C24 10     lea ecx,dword ptr ss:[esp+0x10]
00449BB6  |.  898424 A80000>mov dword ptr ss:[esp+0xA8],eax
00449BBD  |.  FF15 E8894800 call dword ptr ds:[<&MFC71.#??0?$CString>;  mfc71.#??0?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_310
00449BC3  |.  8D4C24 18     lea ecx,dword ptr ss:[esp+0x18]
00449BC7  |.  C78424 B40000>mov dword ptr ss:[esp+0xB4],0x0
00449BD2  |.  FF15 E8894800 call dword ptr ds:[<&MFC71.#??0?$CString>;  mfc71.#??0?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_310
00449BD8  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
00449BDC  |.  FF15 E8894800 call dword ptr ds:[<&MFC71.#??0?$CString>;  mfc71.#??0?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_310
00449BE2  |.  8B0D FC904C00 mov ecx,dword ptr ds:[0x4C90FC]          ;  赞H
00449BE8  |.  8D4424 20     lea eax,dword ptr ss:[esp+0x20]
00449BEC  |.  50            push eax
00449BED  |.  C68424 B80000>mov byte ptr ss:[esp+0xB8],0x2
00449BF5  |.  E8 E606FEFF   call videoenc.0042A2E0
00449BFA  |.  8BC8          mov ecx,eax
00449BFC  |.  83C1 2C       add ecx,0x2C
00449BFF  |.  FF15 F0894800 call dword ptr ds:[<&MFC71.#??B?$CSimple>;  mfc71.#?GetString@?$CSimpleStringT@D$00@ATL@@QBEPBDXZ_3397
00449C05  |.  50            push eax                                 ; |Subkey = NULL
00449C06  |.  68 01000080   push 0x80000001                          ; |hKey = HKEY_CURRENT_USER
00449C0B  |.  FF15 20804800 call dword ptr ds:[<&ADVAPI32.RegCreateK>; \RegCreateKeyA
00449C11  |.  85C0          test eax,eax
00449C13  |.  0F85 B1000000 jnz videoenc.00449CCA
00449C19  |.  8D4C24 08     lea ecx,dword ptr ss:[esp+0x8]
00449C1D  |.  51            push ecx
00449C1E  |.  68 00020000   push 0x200
00449C23  |.  8D4C24 18     lea ecx,dword ptr ss:[esp+0x18]
00449C27  |.  C74424 10 000>mov dword ptr ss:[esp+0x10],0x200
00449C2F  |.  FF15 84834800 call dword ptr ds:[<&MFC71.#?GetBuffer@?>;  mfc71.#?Preallocate@?$CSimpleStringT@D$00@ATL@@QAEXH@Z_5154
00449C35  |.  8B5424 24     mov edx,dword ptr ss:[esp+0x24]          ; |ctcodec.00A2404D
00449C39  |.  8B35 0C804800 mov esi,dword ptr ds:[<&ADVAPI32.RegQuer>; |advapi32.RegQueryValueExA
00449C3F  |.  50            push eax                                 ; |Buffer = NULL
00449C40  |.  6A 00         push 0x0                                 ; |pValueType = NULL
00449C42  |.  6A 00         push 0x0                                 ; |Reserved = NULL
00449C44  |.  68 98C44800   push videoenc.0048C498                   ; |Name
00449C49  |.  52            push edx                                 ; |hKey = 0x0
00449C4A  |.  FFD6          call esi                                 ; \RegQueryValueExA
00449C4C  |.  6A FF         push -0x1                                ;  返回到的地方
00449C4E  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
00449C52  |.  FF15 EC834800 call dword ptr ds:[<&MFC71.#?ReleaseBuff>;  mfc71.#?ReleaseBuffer@?$CSimpleStringT@D$00@ATL@@QAEXH@Z_5403

初看就是之前的那个算法呀，仔细一看还真是一样的，作者又偷懒了
同样的改法，把00449B90这里改成：

[Asm] 纯文本查看 复制代码

00449B90      33C0          xor eax,eax
00449B92      40            inc eax
00449B93      C3            retn
00449B94      90            nop
00449B95      90            nop
00449B96      90            nop

再保存，这次没显示未注册了
Image 13.png

8、测试一下爆破的效果
转了2个视频，一个自定义了时间，一个大于10分钟，都成功了看来已经是完全爆破了。

Image 16.png

至此爆破完成。
爆破点2个地方：
00449B90
0042F440

9、追码，我也忘了怎么追到码的，其实单步看看算法很容易就找到注册码了，太简单了反而不知道怎么写

[Asm] 纯文本查看 复制代码

0042F999  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]          ;  内存注册机断下的位置

或者

[Asm] 纯文本查看 复制代码

0044A0E9  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]

两个地方都可以，真码在ecx和edx中
10、内存注册机，如图设置就ok了
Image 17.png

测试

10、为什么我的图片老出问题呢？

--------------------------------------------------------------------------------
2015年11月29日 22:24:18

expasy · 发表于 2015-11-29 23:18

本帖最后由 expasy 于 2015-11-30 13:07 编辑

算法分析

1、先用文字描述一下把：
Sn好像和用户名没有关系
Sn长度39位
Sn的后面19位是根据前20位以及一个字符串“Jobosharevideoconverter2008.07.28”通过一定的变化，然后取MD5值，最后将md5值取奇数位连起来，每4位插入一个’-‘符号
比如前20位是”11111111111111111111“
和字符串“Jobosharevideoconverter2008.07.28”连起来就是“11111111111111111111Jobosharevideoconverter2008.07.28”---------------------【字符串1】

处理字符串“Jobosharevideoconverter2008.07.28”
取出它的第(3*i+1) 位(i=0，1，2，3.....，字符串长度)位，
“Jobosharevideoconverter2008.07.28”=
4A 6F 62 6F 73 68 61 72 65 76 69 64 65 6F 63 6F 6E 76 65 72 74 65 72 32 30 30 38 2E 30 37 2E 32 38
取出它的第(3*i+1) 位(i=0，1，2，3.....，字符串长度)位就是
4A 6F  61  76  65  6F  65  65  30  2E 2E
剩下的是
6F 62  73 68 72 65  69 64  6F 63 6E 76 72 74  72 32  30 38  30 37  32 38
连起来
4A 6F  61  76  65  6F  65  65  30  2E 2E 6F 62  73 68 72 65  69 64 6F 63 6E 76 72 74  72 32  30 38  30 37  32 38
然后在每位后面插入数字，该数字就是这些字符在原始字符串中的位置序号，结果如下面(hex)：
4A 01 6F 04 61 07 76 0A 65 0D 6F 10 65 13 65 16 30 19 2E 1C 2E 1F 6F 02 62 03 73 05 68 06 72 08
65 09 69 0B 64 0C 6F 0E 63 0F 6E 11 76 12 72 14 74 15 72 17 32 18 30 1A 38 1B 30 1D 37 1E 32 20
38 21

然后这一窜东西，前面插入个0x31,后面插入两个0x30,这个也是算出来的，变成这样：
31 4A 01 6F 04 61 07 76 0A 65 0D 6F 10 65 13 65 16 30 19 2E 1C 2E 1F 6F 02 62 03 73 05 68 06 72
08 65 09 69 0B 64 0C 6F 0E 63 0F 6E 11 76 12 72 14 74 15 72 17 32 18 30 1A 38 1B 30 1D 37 1E 32
20 38 21 30 30

后面在连接上【字符串1】=“11111111111111111111Jobosharevideoconverter2008.07.28”，就是（hex）：
31 4A 01 6F 04 61 07 76 0A 65 0D 6F 10 65 13 65 16 30 19 2E 1C 2E 1F 6F 02 62 03 73 05 68 06 72
08 65 09 69 0B 64 0C 6F 0E 63 0F 6E 11 76 12 72 14 74 15 72 17 32 18 30 1A 38 1B 30 1D 37 1E 32
20 38 21 30 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 4A 6F 62 6F 73 68 61
72 65 76 69 64 65 6F 63 6F 6E 76 65 72 74 65 72 32 30 30 38 2E 30 37 2E 32 38 00 00

后面就简单了，这窜hex的字符串，取md5，就是
52bd778517b17c75a61a9eaf79a7d12a
最后将md5值取奇数位连起来，每4位插入一个’-‘符号就是Sn的后19位，对了要转大写字母。
SN= "111111111111111111115B78-1B77-A19A-7AD2"

2、然后是代码

[Asm] 纯文本查看 复制代码

0042F440      6A FF         push -0x1                                ;  算法
0042F442      68 2F2C4800   push videoenc.00482C2F                   ;  入口地址
0042F447  |.  64:A1 0000000>mov eax,dword ptr fs:[0]
0042F44D  |.  50            push eax
0042F44E  |.  64:8925 00000>mov dword ptr fs:[0],esp
0042F455  |.  81EC A4000000 sub esp,0xA4
0042F45B  |.  A1 70694C00   mov eax,dword ptr ds:[0x4C6970]
0042F460  |.  53            push ebx
0042F461  |.  56            push esi
0042F462  |.  8D4C24 10     lea ecx,dword ptr ss:[esp+0x10]
0042F466  |.  898424 A80000>mov dword ptr ss:[esp+0xA8],eax
0042F46D  |.  FF15 E8894800 call dword ptr ds:[<&MFC71.#??0?$CString>;  mfc71.#??0?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_310
0042F473  |.  8D4C24 18     lea ecx,dword ptr ss:[esp+0x18]
0042F477  |.  C78424 B40000>mov dword ptr ss:[esp+0xB4],0x0
0042F482  |.  FF15 E8894800 call dword ptr ds:[<&MFC71.#??0?$CString>;  mfc71.#??0?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_310
0042F488  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
0042F48C  |.  FF15 E8894800 call dword ptr ds:[<&MFC71.#??0?$CString>;  mfc71.#??0?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_310
0042F492  |.  8B0D FC904C00 mov ecx,dword ptr ds:[0x4C90FC]          ;  赞H
0042F498  |.  8D4424 20     lea eax,dword ptr ss:[esp+0x20]
0042F49C  |.  50            push eax
0042F49D  |.  C68424 B80000>mov byte ptr ss:[esp+0xB8],0x2
0042F4A5  |.  E8 36AEFFFF   call videoenc.0042A2E0
0042F4AA  |.  8BC8          mov ecx,eax
0042F4AC  |.  83C1 2C       add ecx,0x2C
0042F4AF  |.  FF15 F0894800 call dword ptr ds:[<&MFC71.#??B?$CSimple>;  mfc71.#?GetString@?$CSimpleStringT@D$00@ATL@@QBEPBDXZ_3397
0042F4B5  |.  50            push eax                                 ; |Subkey = 00000027 ???
0042F4B6  |.  68 01000080   push 0x80000001                          ; |hKey = HKEY_CURRENT_USER
0042F4BB  |.  FF15 20804800 call dword ptr ds:[<&ADVAPI32.RegCreateK>; \RegCreateKeyA
0042F4C1  |.  85C0          test eax,eax
0042F4C3  |.  0F85 B1000000 jnz videoenc.0042F57A
0042F4C9  |.  8D4C24 08     lea ecx,dword ptr ss:[esp+0x8]
0042F4CD  |.  51            push ecx
0042F4CE  |.  68 00020000   push 0x200
0042F4D3  |.  8D4C24 18     lea ecx,dword ptr ss:[esp+0x18]
0042F4D7  |.  C74424 10 000>mov dword ptr ss:[esp+0x10],0x200
0042F4DF  |.  FF15 84834800 call dword ptr ds:[<&MFC71.#?GetBuffer@?>;  mfc71.#?Preallocate@?$CSimpleStringT@D$00@ATL@@QAEXH@Z_5154
0042F4E5  |.  8B5424 24     mov edx,dword ptr ss:[esp+0x24]          ; |
0042F4E9  |.  8B35 0C804800 mov esi,dword ptr ds:[<&ADVAPI32.RegQuer>; |advapi32.RegQueryValueExA
0042F4EF  |.  50            push eax                                 ; |Buffer = 00000027
0042F4F0  |.  6A 00         push 0x0                                 ; |pValueType = NULL
0042F4F2  |.  6A 00         push 0x0                                 ; |Reserved = NULL
0042F4F4  |.  68 98C44800   push videoenc.0048C498                   ; |Name
0042F4F9  |.  52            push edx                                 ; |hKey = 0x5598938
0042F4FA  |.  FFD6          call esi                                 ; \RegQueryValueExA
0042F4FC  |.  6A FF         push -0x1                                ;  用户名
0042F4FE  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
0042F502  |.  FF15 EC834800 call dword ptr ds:[<&MFC71.#?ReleaseBuff>;  mfc71.#?ReleaseBuffer@?$CSimpleStringT@D$00@ATL@@QAEXH@Z_5403
0042F508  |.  8D4424 08     lea eax,dword ptr ss:[esp+0x8]
0042F50C  |.  50            push eax
0042F50D  |.  68 00020000   push 0x200
0042F512  |.  8D4C24 20     lea ecx,dword ptr ss:[esp+0x20]
0042F516  |.  C74424 10 000>mov dword ptr ss:[esp+0x10],0x200
0042F51E  |.  FF15 84834800 call dword ptr ds:[<&MFC71.#?GetBuffer@?>;  mfc71.#?Preallocate@?$CSimpleStringT@D$00@ATL@@QAEXH@Z_5154
0042F524  |.  8B4C24 24     mov ecx,dword ptr ss:[esp+0x24]
0042F528  |.  50            push eax
0042F529  |.  6A 00         push 0x0
0042F52B  |.  6A 00         push 0x0
0042F52D  |.  68 30114900   push videoenc.00491130                   ;  Serial
0042F532  |.  51            push ecx
0042F533  |.  FFD6          call esi                                 ;  根本就没有这项
0042F535  |.  6A FF         push -0x1
0042F537  |.  8D4C24 1C     lea ecx,dword ptr ss:[esp+0x1C]
0042F53B  |.  FF15 EC834800 call dword ptr ds:[<&MFC71.#?ReleaseBuff>;  mfc71.#?ReleaseBuffer@?$CSimpleStringT@D$00@ATL@@QAEXH@Z_5403
0042F541  |.  8D5424 08     lea edx,dword ptr ss:[esp+0x8]
0042F545  |.  52            push edx
0042F546  |.  68 00020000   push 0x200
0042F54B  |.  8D4C24 1C     lea ecx,dword ptr ss:[esp+0x1C]
0042F54F  |.  C74424 10 000>mov dword ptr ss:[esp+0x10],0x200
0042F557  |.  FF15 84834800 call dword ptr ds:[<&MFC71.#?GetBuffer@?>;  mfc71.#?Preallocate@?$CSimpleStringT@D$00@ATL@@QAEXH@Z_5154
0042F55D  |.  50            push eax
0042F55E  |.  8B4424 28     mov eax,dword ptr ss:[esp+0x28]
0042F562  |.  6A 00         push 0x0
0042F564  |.  6A 00         push 0x0
0042F566  |.  68 28114900   push videoenc.00491128                   ;  Code
0042F56B  |.  50            push eax
0042F56C  |.  FFD6          call esi                                 ;  加密过的注册码
0042F56E  |.  6A FF         push -0x1
0042F570  |.  8D4C24 18     lea ecx,dword ptr ss:[esp+0x18]
0042F574  |.  FF15 EC834800 call dword ptr ds:[<&MFC71.#?ReleaseBuff>;  mfc71.#?ReleaseBuffer@?$CSimpleStringT@D$00@ATL@@QAEXH@Z_5403
0042F57A  |>  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
0042F57E  |.  FF15 88834800 call dword ptr ds:[<&MFC71.#?IsEmpty@?$C>;  mfc71.#?IsEmpty@?$CSimpleStringT@D$00@ATL@@QBE_NXZ_3934
0042F584  |.  84C0          test al,al
0042F586  |.  BB 03000000   mov ebx,0x3
0042F58B  |.  0F85 8C000000 jnz videoenc.0042F61D
0042F591  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
0042F595  |.  FF15 F0894800 call dword ptr ds:[<&MFC71.#??B?$CSimple>;  mfc71.#?GetString@?$CSimpleStringT@D$00@ATL@@QBEPBDXZ_3397
0042F59B  |.  50            push eax
0042F59C  |.  8D4C24 0C     lea ecx,dword ptr ss:[esp+0xC]
0042F5A0  |.  51            push ecx
0042F5A1  |.  E8 BAF3FFFF   call videoenc.0042E960                   ;  call 解密准备，将字符串当16进制
0042F5A6  |.  83C4 08       add esp,0x8
0042F5A9  |.  8D4C24 34     lea ecx,dword ptr ss:[esp+0x34]
0042F5AD  |.  889C24 B40000>mov byte ptr ss:[esp+0xB4],bl
0042F5B4  |.  E8 07EB0100   call videoenc.0044E0C0                   ;  call 解密用到的常数，
0042F5B9  |.  8D4C24 08     lea ecx,dword ptr ss:[esp+0x8]
0042F5BD  |.  C68424 B40000>mov byte ptr ss:[esp+0xB4],0x4
0042F5C5  |.  FF15 80834800 call dword ptr ds:[<&MFC71.#?GetBuffer@?>;  mfc71.#?GetBuffer@?$CSimpleStringT@D$00@ATL@@QAEPADXZ_2469
0042F5CB  |.  50            push eax
0042F5CC  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
0042F5D0  |.  FF15 F0894800 call dword ptr ds:[<&MFC71.#??B?$CSimple>;  mfc71.#?GetString@?$CSimpleStringT@D$00@ATL@@QBEPBDXZ_3397
0042F5D6  |.  50            push eax
0042F5D7  |.  8D4C24 3C     lea ecx,dword ptr ss:[esp+0x3C]
0042F5DB  |.  E8 E0EF0100   call videoenc.0044E5C0                   ;  call 解密（解密和加密是一个函数）
0042F5E0  |.  6A FF         push -0x1
0042F5E2  |.  8D4C24 0C     lea ecx,dword ptr ss:[esp+0xC]
0042F5E6  |.  FF15 EC834800 call dword ptr ds:[<&MFC71.#?ReleaseBuff>;  mfc71.#?ReleaseBuffer@?$CSimpleStringT@D$00@ATL@@QAEXH@Z_5403
0042F5EC  |.  8D5424 08     lea edx,dword ptr ss:[esp+0x8]
0042F5F0  |.  52            push edx
0042F5F1  |.  8D4C24 18     lea ecx,dword ptr ss:[esp+0x18]
0042F5F5  |.  FF15 BC894800 call dword ptr ds:[<&MFC71.#??4?$CString>;  mfc71.#??4?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV01@ABV01@@Z_781
0042F5FB  |.  8D4C24 34     lea ecx,dword ptr ss:[esp+0x34]
0042F5FF  |.  889C24 B40000>mov byte ptr ss:[esp+0xB4],bl
0042F606  |.  E8 25EB0100   call videoenc.0044E130
0042F60B  |.  8D4C24 08     lea ecx,dword ptr ss:[esp+0x8]
0042F60F  |.  C68424 B40000>mov byte ptr ss:[esp+0xB4],0x2
0042F617  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042F61D  |>  6A 14         push 0x14
0042F61F  |.  8D4424 0C     lea eax,dword ptr ss:[esp+0xC]
0042F623  |.  50            push eax
0042F624  |.  8D4C24 1C     lea ecx,dword ptr ss:[esp+0x1C]
0042F628  |.  FF15 B8894800 call dword ptr ds:[<&MFC71.#?Left@?$CStr>;  mfc71.#?Left@?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QBE?AV12@H@Z_3997
0042F62E  |.  50            push eax
0042F62F  |.  8D4C24 1C     lea ecx,dword ptr ss:[esp+0x1C]
0042F633  |.  C68424 B80000>mov byte ptr ss:[esp+0xB8],0x5
0042F63B  |.  FF15 BC894800 call dword ptr ds:[<&MFC71.#??4?$CString>;  mfc71.#??4?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV01@ABV01@@Z_781
0042F641  |.  8D4C24 08     lea ecx,dword ptr ss:[esp+0x8]
0042F645  |.  C68424 B40000>mov byte ptr ss:[esp+0xB4],0x2
0042F64D  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042F653  |.  8D4C24 10     lea ecx,dword ptr ss:[esp+0x10]
0042F657  |.  FF15 88834800 call dword ptr ds:[<&MFC71.#?IsEmpty@?$C>;  mfc71.#?IsEmpty@?$CSimpleStringT@D$00@ATL@@QBE_NXZ_3934
0042F65D  |.  84C0          test al,al
0042F65F  |.  0F85 C0030000 jnz videoenc.0042FA25
0042F665  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
0042F669  |.  FF15 88834800 call dword ptr ds:[<&MFC71.#?IsEmpty@?$C>;  mfc71.#?IsEmpty@?$CSimpleStringT@D$00@ATL@@QBE_NXZ_3934
0042F66F  |.  84C0          test al,al
0042F671  |.  0F85 AE030000 jnz videoenc.0042FA25
0042F677  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
0042F67B  |.  FF15 84824800 call dword ptr ds:[<&MFC71.#?GetLength@?>;  mfc71.#?GetLength@?$CSimpleStringT@D$00@ATL@@QBEHXZ_2902
0042F681  |.  83F8 27       cmp eax,0x27                             ;  注册码的长度和0x27（29）比较，不等就完蛋
0042F684  |.  0F85 9B030000 jnz videoenc.0042FA25
0042F68A  |.  8D4C24 18     lea ecx,dword ptr ss:[esp+0x18]
0042F68E  |.  FF15 F0894800 call dword ptr ds:[<&MFC71.#??B?$CSimple>;  mfc71.#?GetString@?$CSimpleStringT@D$00@ATL@@QBEPBDXZ_3397
0042F694  |.  8B0D FC904C00 mov ecx,dword ptr ds:[0x4C90FC]          ;  赞H
0042F69A  |.  E8 41ACFFFF   call videoenc.0042A2E0
0042F69F  |.  83C0 38       add eax,0x38
0042F6A2  |.  50            push eax
0042F6A3  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
0042F6A7  |.  FF15 BC894800 call dword ptr ds:[<&MFC71.#??4?$CString>;  mfc71.#??4?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV01@ABV01@@Z_781
0042F6AD  |.  8D4C24 0C     lea ecx,dword ptr ss:[esp+0xC]
0042F6B1  |.  FF15 E8894800 call dword ptr ds:[<&MFC71.#??0?$CString>;  mfc71.#??0?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_310
0042F6B7  |.  8D4C24 10     lea ecx,dword ptr ss:[esp+0x10]
0042F6BB  |.  C68424 B40000>mov byte ptr ss:[esp+0xB4],0x6
0042F6C3  |.  33F6          xor esi,esi
0042F6C5  |.  FF15 84824800 call dword ptr ds:[<&MFC71.#?GetLength@?>;  mfc71.#?GetLength@?$CSimpleStringT@D$00@ATL@@QBEHXZ_2902
0042F6CB  |.  85C0          test eax,eax
0042F6CD  |.  7E 53         jle short videoenc.0042F722
0042F6CF  |.  90            nop
0042F6D0  |>  8BC6          /mov eax,esi                             ;  处理字符串“Jobosharevideoconverter2008.07.28”的第一步
0042F6D2  |.  99            |cdq                                     ;  好老的软件……-……2008.07.28
0042F6D3  |.  8BCB          |mov ecx,ebx
0042F6D5  |.  F7F9          |idiv ecx
0042F6D7  |.  85D2          |test edx,edx
0042F6D9  |.  75 38         |jnz short videoenc.0042F713
0042F6DB  |.  56            |push esi
0042F6DC  |.  8D4C24 14     |lea ecx,dword ptr ss:[esp+0x14]
0042F6E0  |.  FF15 B8824800 |call dword ptr ds:[<&MFC71.#??A?$CSimpl>;  mfc71.#?GetAt@?$CSimpleStringT@D$00@ATL@@QBEDH@Z_2451
0042F6E6  |.  8D4C24 0C     |lea ecx,dword ptr ss:[esp+0xC]
0042F6EA  |.  50            |push eax
0042F6EB  |.  FF15 98864800 |call dword ptr ds:[<&MFC71.#??Y?$CStrin>;  mfc71.#??Y?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV01@E@Z_909
0042F6F1  |.  8D46 01       |lea eax,dword ptr ds:[esi+0x1]
0042F6F4  |.  99            |cdq
0042F6F5  |.  B9 FF000000   |mov ecx,0xFF
0042F6FA  |.  F7F9          |idiv ecx
0042F6FC  |.  84D2          |test dl,dl
0042F6FE  |.  885424 08     |mov byte ptr ss:[esp+0x8],dl
0042F702  |.  74 0F         |je short videoenc.0042F713
0042F704  |.  8B5424 08     |mov edx,dword ptr ss:[esp+0x8]
0042F708  |.  52            |push edx
0042F709  |.  8D4C24 10     |lea ecx,dword ptr ss:[esp+0x10]
0042F70D  |.  FF15 98864800 |call dword ptr ds:[<&MFC71.#??Y?$CStrin>;  mfc71.#??Y?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV01@E@Z_909
0042F713  |>  8D4C24 10     |lea ecx,dword ptr ss:[esp+0x10]
0042F717  |.  46            |inc esi
0042F718  |.  FF15 84824800 |call dword ptr ds:[<&MFC71.#?GetLength@>;  mfc71.#?GetLength@?$CSimpleStringT@D$00@ATL@@QBEHXZ_2902
0042F71E  |.  3BF0          |cmp esi,eax
0042F720  |.^ 7C AE         \jl short videoenc.0042F6D0
0042F722  |>  8D4C24 10     lea ecx,dword ptr ss:[esp+0x10]
0042F726  |.  33F6          xor esi,esi
0042F728  |.  FF15 84824800 call dword ptr ds:[<&MFC71.#?GetLength@?>;  mfc71.#?GetLength@?$CSimpleStringT@D$00@ATL@@QBEHXZ_2902
0042F72E  |.  85C0          test eax,eax
0042F730  |.  7E 52         jle short videoenc.0042F784
0042F732  |>  8BC6          /mov eax,esi                             ;  处理字符串“Jobosharevideoconverter2008.07.28”的第二步
0042F734  |.  99            |cdq
0042F735  |.  8BCB          |mov ecx,ebx
0042F737  |.  F7F9          |idiv ecx
0042F739  |.  85D2          |test edx,edx
0042F73B  |.  74 38         |je short videoenc.0042F775
0042F73D  |.  56            |push esi
0042F73E  |.  8D4C24 14     |lea ecx,dword ptr ss:[esp+0x14]
0042F742  |.  FF15 B8824800 |call dword ptr ds:[<&MFC71.#??A?$CSimpl>;  mfc71.#?GetAt@?$CSimpleStringT@D$00@ATL@@QBEDH@Z_2451
0042F748  |.  8D4C24 0C     |lea ecx,dword ptr ss:[esp+0xC]
0042F74C  |.  50            |push eax
0042F74D  |.  FF15 98864800 |call dword ptr ds:[<&MFC71.#??Y?$CStrin>;  mfc71.#??Y?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV01@E@Z_909
0042F753  |.  8D46 01       |lea eax,dword ptr ds:[esi+0x1]
0042F756  |.  99            |cdq
0042F757  |.  B9 FF000000   |mov ecx,0xFF
0042F75C  |.  F7F9          |idiv ecx
0042F75E  |.  84D2          |test dl,dl
0042F760  |.  885424 08     |mov byte ptr ss:[esp+0x8],dl
0042F764  |.  74 0F         |je short videoenc.0042F775
0042F766  |.  8B5424 08     |mov edx,dword ptr ss:[esp+0x8]
0042F76A  |.  52            |push edx
0042F76B  |.  8D4C24 10     |lea ecx,dword ptr ss:[esp+0x10]
0042F76F  |.  FF15 98864800 |call dword ptr ds:[<&MFC71.#??Y?$CStrin>;  mfc71.#??Y?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV01@E@Z_909
0042F775  |>  8D4C24 10     |lea ecx,dword ptr ss:[esp+0x10]
0042F779  |.  46            |inc esi
0042F77A  |.  FF15 84824800 |call dword ptr ds:[<&MFC71.#?GetLength@>;  mfc71.#?GetLength@?$CSimpleStringT@D$00@ATL@@QBEHXZ_2902
0042F780  |.  3BF0          |cmp esi,eax
0042F782  |.^ 7C AE         \jl short videoenc.0042F732
0042F784  |>  8D4C24 24     lea ecx,dword ptr ss:[esp+0x24]
0042F788  |.  FF15 E8894800 call dword ptr ds:[<&MFC71.#??0?$CString>;  mfc71.#??0?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_310
0042F78E  |.  6A 01         push 0x1
0042F790  |.  8D4424 28     lea eax,dword ptr ss:[esp+0x28]
0042F794  |.  68 F8CE4800   push videoenc.0048CEF8                   ;  %d
0042F799  |.  50            push eax                                 ;  处理的变成“d%”这种格式
0042F79A  |.  C68424 C00000>mov byte ptr ss:[esp+0xC0],0x7
0042F7A2  |.  FF15 C4894800 call dword ptr ds:[<&MFC71.#?Format@?$CS>;  mfc71.#?Format@?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAAXPBDZZ_2322
0042F7A8  |.  83C4 0C       add esp,0xC
0042F7AB  |.  8D4C24 24     lea ecx,dword ptr ss:[esp+0x24]
0042F7AF  |.  FF15 F0894800 call dword ptr ds:[<&MFC71.#??B?$CSimple>;  mfc71.#?GetString@?$CSimpleStringT@D$00@ATL@@QBEPBDXZ_3397
0042F7B5  |.  50            push eax
0042F7B6  |.  6A 00         push 0x0
0042F7B8  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
0042F7BC  |.  FF15 AC864800 call dword ptr ds:[<&MFC71.#?Insert@?$CS>;  mfc71.#?Insert@?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEHHPBD@Z_3850
0042F7C2  |.  8D4C24 28     lea ecx,dword ptr ss:[esp+0x28]
0042F7C6  |.  FF15 E8894800 call dword ptr ds:[<&MFC71.#??0?$CString>;  mfc71.#??0?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_310
0042F7CC  |.  8D4C24 2C     lea ecx,dword ptr ss:[esp+0x2C]
0042F7D0  |.  FF15 E8894800 call dword ptr ds:[<&MFC71.#??0?$CString>;  mfc71.#??0?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_310
0042F7D6  |.  6A 00         push 0x0
0042F7D8  |.  8D4C24 2C     lea ecx,dword ptr ss:[esp+0x2C]
0042F7DC  |.  68 F8CE4800   push videoenc.0048CEF8                   ;  %d
0042F7E1  |.  B3 09         mov bl,0x9
0042F7E3  |.  51            push ecx
0042F7E4  |.  889C24 C00000>mov byte ptr ss:[esp+0xC0],bl
0042F7EB  |.  FF15 C4894800 call dword ptr ds:[<&MFC71.#?Format@?$CS>;  mfc71.#?Format@?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAAXPBDZZ_2322
0042F7F1  |.  6A 00         push 0x0
0042F7F3  |.  8D5424 3C     lea edx,dword ptr ss:[esp+0x3C]
0042F7F7  |.  68 F8CE4800   push videoenc.0048CEF8                   ;  %d
0042F7FC  |.  52            push edx
0042F7FD  |.  FF15 C4894800 call dword ptr ds:[<&MFC71.#?Format@?$CS>;  mfc71.#?Format@?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAAXPBDZZ_2322
0042F803  |.  8D4424 44     lea eax,dword ptr ss:[esp+0x44]
0042F807  |.  50            push eax
0042F808  |.  8D4C24 44     lea ecx,dword ptr ss:[esp+0x44]
0042F80C  |.  51            push ecx
0042F80D  |.  8D5424 28     lea edx,dword ptr ss:[esp+0x28]
0042F811  |.  52            push edx
0042F812  |.  E8 49F4FDFF   call videoenc.0040EC60
0042F817  |.  83C4 24       add esp,0x24
0042F81A  |.  50            push eax
0042F81B  |.  8D4C24 10     lea ecx,dword ptr ss:[esp+0x10]
0042F81F  |.  C68424 B80000>mov byte ptr ss:[esp+0xB8],0xA
0042F827  |.  FF15 CC894800 call dword ptr ds:[<&MFC71.#??Y?$CString>;  mfc71.#??Y?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV01@ABV?$CSimpleStringT@D$00@1@@Z_907
0042F82D  |.  8D4C24 08     lea ecx,dword ptr ss:[esp+0x8]
0042F831  |.  889C24 B40000>mov byte ptr ss:[esp+0xB4],bl
0042F838  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042F83E  |.  8D4424 18     lea eax,dword ptr ss:[esp+0x18]
0042F842  |.  50            push eax
0042F843  |.  8D4C24 20     lea ecx,dword ptr ss:[esp+0x20]
0042F847  |.  FF15 D4894800 call dword ptr ds:[<&MFC71.#??0?$CString>;  mfc71.#??0?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@ABV01@@Z_297
0042F84D  |.  B3 0B         mov bl,0xB
0042F84F  |.  8D4C24 1C     lea ecx,dword ptr ss:[esp+0x1C]
0042F853  |.  889C24 B40000>mov byte ptr ss:[esp+0xB4],bl
0042F85A  |.  FF15 B8844800 call dword ptr ds:[<&MFC71.#?MakeUpper@?>;  mfc71.#?MakeUpper@?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV12@XZ_4085
0042F860  |.  8D4C24 1C     lea ecx,dword ptr ss:[esp+0x1C]
0042F864  |.  FF15 94864800 call dword ptr ds:[<&MFC71.#?TrimLeft@?$>;  mfc71.#?TrimLeft@?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV12@XZ_6174
0042F86A  |.  8D4C24 1C     lea ecx,dword ptr ss:[esp+0x1C]
0042F86E  |.  FF15 90864800 call dword ptr ds:[<&MFC71.#?TrimRight@?>;  mfc71.#?TrimRight@?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV12@XZ_6180
0042F874  |.  8D4C24 1C     lea ecx,dword ptr ss:[esp+0x1C]
0042F878  |.  FF15 88834800 call dword ptr ds:[<&MFC71.#?IsEmpty@?$C>;  mfc71.#?IsEmpty@?$CSimpleStringT@D$00@ATL@@QBE_NXZ_3934
0042F87E  |.  84C0          test al,al
0042F880  |.  74 0F         je short videoenc.0042F891
0042F882  |.  68 38114900   push videoenc.00491138                   ;  joboshare
0042F887  |.  8D4C24 20     lea ecx,dword ptr ss:[esp+0x20]
0042F88B  |.  FF15 EC894800 call dword ptr ds:[<&MFC71.#??4?$CString>;  mfc71.#??4?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV01@PBE@Z_785
0042F891  |>  8B0D FC904C00 mov ecx,dword ptr ds:[0x4C90FC]          ;  赞H
0042F897  |.  E8 44AAFFFF   call videoenc.0042A2E0
0042F89C  |.  83C0 38       add eax,0x38
0042F89F  |.  50            push eax
0042F8A0  |.  8D4C24 20     lea ecx,dword ptr ss:[esp+0x20]
0042F8A4  |.  51            push ecx
0042F8A5  |.  8D5424 10     lea edx,dword ptr ss:[esp+0x10]
0042F8A9  |.  52            push edx
0042F8AA  |.  E8 B1F3FDFF   call videoenc.0040EC60                   ;  将SN的前20位和字符串“Jobosharevideoconverter2008.07.28”连起来
0042F8AF  |.  83C4 0C       add esp,0xC
0042F8B2  |.  50            push eax
0042F8B3  |.  8D4C24 10     lea ecx,dword ptr ss:[esp+0x10]
0042F8B7  |.  C68424 B80000>mov byte ptr ss:[esp+0xB8],0xC
0042F8BF  |.  FF15 CC894800 call dword ptr ds:[<&MFC71.#??Y?$CString>;  mfc71.#??Y?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV01@ABV?$CSimpleStringT@D$00@1@@Z_907
0042F8C5  |.  8D4C24 08     lea ecx,dword ptr ss:[esp+0x8]
0042F8C9  |.  889C24 B40000>mov byte ptr ss:[esp+0xB4],bl
0042F8D0  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042F8D6  |.  8D4C24 0C     lea ecx,dword ptr ss:[esp+0xC]
0042F8DA  |.  FF15 F0894800 call dword ptr ds:[<&MFC71.#??B?$CSimple>;  mfc71.#?GetString@?$CSimpleStringT@D$00@ATL@@QBEPBDXZ_3397
0042F8E0  |.  50            push eax
0042F8E1  |.  8D4C24 70     lea ecx,dword ptr ss:[esp+0x70]
0042F8E5  |.  E8 36EE0100   call videoenc.0044E720                   ;  call 最关键的地方，我还单步跟了好一会跟不出来，后来突然却发现是个常用的密码学的函数MD5
0042F8EA  |.  8D4C24 6C     lea ecx,dword ptr ss:[esp+0x6C]
0042F8EE  |.  C68424 B40000>mov byte ptr ss:[esp+0xB4],0xD
0042F8F6  |.  E8 65ED0100   call videoenc.0044E660
0042F8FB  |.  50            push eax
0042F8FC  |.  8D4C24 34     lea ecx,dword ptr ss:[esp+0x34]
0042F900  |.  FF15 D0894800 call dword ptr ds:[<&MFC71.#??0?$CString>;  mfc71.#??0?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@PBD@Z_304
0042F906  |.  8D4C24 0C     lea ecx,dword ptr ss:[esp+0xC]
0042F90A  |.  C68424 B40000>mov byte ptr ss:[esp+0xB4],0xE
0042F912  |.  FF15 70844800 call dword ptr ds:[<&MFC71.#?Empty@?$CSi>;  mfc71.#?Empty@?$CSimpleStringT@D$00@ATL@@QAEXXZ_2131
0042F918  |.  33F6          xor esi,esi
0042F91A  |.  8D9B 00000000 lea ebx,dword ptr ds:[ebx]
0042F920  |>  56            /push esi                                ;  产生sn的后19位（产生的是20位）
0042F921  |.  8D4C24 34     |lea ecx,dword ptr ss:[esp+0x34]
0042F925  |.  FF15 B8824800 |call dword ptr ds:[<&MFC71.#??A?$CSimpl>;  mfc71.#?GetAt@?$CSimpleStringT@D$00@ATL@@QBEDH@Z_2451
0042F92B  |.  8D4C24 0C     |lea ecx,dword ptr ss:[esp+0xC]
0042F92F  |.  50            |push eax
0042F930  |.  FF15 98864800 |call dword ptr ds:[<&MFC71.#??Y?$CStrin>;  mfc71.#??Y?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV01@E@Z_909
0042F936  |.  8BC6          |mov eax,esi
0042F938  |.  D1E8          |shr eax,1
0042F93A  |.  40            |inc eax
0042F93B  |.  25 03000080   |and eax,0x80000003
0042F940  |.  79 05         |jns short videoenc.0042F947
0042F942  |.  48            |dec eax
0042F943  |.  83C8 FC       |or eax,-0x4
0042F946  |.  40            |inc eax
0042F947  |>  75 0F         |jnz short videoenc.0042F958
0042F949  |.  68 08BD4800   |push videoenc.0048BD08                  ;  -
0042F94E  |.  8D4C24 10     |lea ecx,dword ptr ss:[esp+0x10]
0042F952  |.  FF15 C8894800 |call dword ptr ds:[<&MFC71.#??Y?$CStrin>;  mfc71.#??Y?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV01@PBD@Z_911
0042F958  |>  83C6 02       |add esi,0x2
0042F95B  |.  83FE 20       |cmp esi,0x20
0042F95E  |.^ 7C C0         \jl short videoenc.0042F920
0042F960  |.  8D4C24 0C     lea ecx,dword ptr ss:[esp+0xC]
0042F964  |.  FF15 B8844800 call dword ptr ds:[<&MFC71.#?MakeUpper@?>;  mfc71.#?MakeUpper@?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEAAV12@XZ_4085
0042F96A  |.  6A 01         push 0x1
0042F96C  |.  8D4C24 10     lea ecx,dword ptr ss:[esp+0x10]
0042F970  |.  FF15 84824800 call dword ptr ds:[<&MFC71.#?GetLength@?>;  去掉最后一位（就是个‘-’）
0042F976  |.  48            dec eax
0042F977  |.  50            push eax
0042F978  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
0042F97C  |.  FF15 A8864800 call dword ptr ds:[<&MFC71.#?Delete@?$CS>;  mfc71.#?Delete@?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAEHHH@Z_1916
0042F982  |.  8D4C24 18     lea ecx,dword ptr ss:[esp+0x18]
0042F986  |.  FF15 F0894800 call dword ptr ds:[<&MFC71.#??B?$CSimple>;  mfc71.#?GetString@?$CSimpleStringT@D$00@ATL@@QBEPBDXZ_3397
0042F98C  |.  50            push eax
0042F98D  |.  6A 00         push 0x0
0042F98F  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
0042F993  |.  FF15 AC864800 call dword ptr ds:[<&MFC71.#?Insert@?$CS>;  和前面连起来，总共39位（）
0042F999  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]          ;  内存注册机断下的位置
0042F99D  |.  FF15 F0894800 call dword ptr ds:[<&MFC71.#??B?$CSimple>;  mfc71.#?GetString@?$CSimpleStringT@D$00@ATL@@QBEPBDXZ_3397
0042F9A3  |.  50            push eax
0042F9A4  |.  8D4C24 10     lea ecx,dword ptr ss:[esp+0x10]
0042F9A8  |.  FF15 80884800 call dword ptr ds:[<&MFC71.#?Compare@?$C>;  mfc71.#?Compare@?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QBEHPBD@Z_1482
0042F9AE  |.  F7D8          neg eax
0042F9B0  |.  1AC0          sbb al,al
0042F9B2  |.  FEC0          inc al
0042F9B4  |.  8D4C24 30     lea ecx,dword ptr ss:[esp+0x30]
0042F9B8  |.  0FB6F0        movzx esi,al
0042F9BB  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042F9C1  |.  8D4C24 6C     lea ecx,dword ptr ss:[esp+0x6C]
0042F9C5  |.  889C24 B40000>mov byte ptr ss:[esp+0xB4],bl
0042F9CC  |.  E8 7FEC0100   call videoenc.0044E650
0042F9D1  |.  8D4C24 1C     lea ecx,dword ptr ss:[esp+0x1C]
0042F9D5  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042F9DB  |.  8D4C24 2C     lea ecx,dword ptr ss:[esp+0x2C]
0042F9DF  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042F9E5  |.  8D4C24 28     lea ecx,dword ptr ss:[esp+0x28]
0042F9E9  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042F9EF  |.  8D4C24 24     lea ecx,dword ptr ss:[esp+0x24]
0042F9F3  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042F9F9  |.  8D4C24 0C     lea ecx,dword ptr ss:[esp+0xC]
0042F9FD  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042FA03  |.  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
0042FA07  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042FA0D  |.  8D4C24 18     lea ecx,dword ptr ss:[esp+0x18]
0042FA11  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042FA17  |.  8D4C24 10     lea ecx,dword ptr ss:[esp+0x10]
0042FA1B  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042FA21  |.  8BC6          mov eax,esi
0042FA23  |.  EB 20         jmp short videoenc.0042FA45
0042FA25  |>  8D4C24 14     lea ecx,dword ptr ss:[esp+0x14]
0042FA29  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042FA2F  |.  8D4C24 18     lea ecx,dword ptr ss:[esp+0x18]
0042FA33  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042FA39  |.  8D4C24 10     lea ecx,dword ptr ss:[esp+0x10]
0042FA3D  |.  FF15 E4894800 call dword ptr ds:[<&MFC71.#??1?$CString>;  mfc71.#??1?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@QAE@XZ_578
0042FA43  |.  33C0          xor eax,eax
0042FA45  |>  8B8C24 AC0000>mov ecx,dword ptr ss:[esp+0xAC]
0042FA4C  |.  5E            pop esi                                  ;  00180520
0042FA4D  |.  64:890D 00000>mov dword ptr fs:[0],ecx
0042FA54  |.  8B8C24 A40000>mov ecx,dword ptr ss:[esp+0xA4]
0042FA5B  |.  5B            pop ebx                                  ;  00180520
0042FA5C  |.  E8 69290300   call videoenc.004623CA
0042FA61  |.  81C4 B0000000 add esp,0xB0
0042FA67  \.  C3            retn

md5的标志：

[Asm] 纯文本查看 复制代码

0044E750  /$  8B4424 04     mov eax,dword ptr ss:[esp+0x4]
0044E754  |.  33C9          xor ecx,ecx
0044E756  |.  8948 14       mov dword ptr ds:[eax+0x14],ecx
0044E759  |.  8948 10       mov dword ptr ds:[eax+0x10],ecx
0044E75C  |.  C700 01234567 mov dword ptr ds:[eax],0x67452301
0044E762  |.  C740 04 89ABC>mov dword ptr ds:[eax+0x4],0xEFCDAB89
0044E769  |.  C740 08 FEDCB>mov dword ptr ds:[eax+0x8],0x98BADCFE
0044E770  |.  C740 0C 76543>mov dword ptr ds:[eax+0xC],0x10325476
0044E777  \.  C3            retn

3、注册机，依然用的吾爱的注册机生成器写的，就是http://www.52pojie.cn/thread-159470-1-1.html这个东西，提供代码，注册机自己去生成吧，那几天电脑中毒了，可能还没弄干净
源码：怎么设置回复可见？？

[Visual Basic] 纯文本查看 复制代码

Function GetMC(X) 
GetMC=x
MC=GetMC 
'如机器码不参与运算,则直接MC=X即可
End Function

Function GetName(X) 

GetName=x
Name=GetName 
End Function

Function GetSN() 
Dim softname
 '这系列的软件就这个字符串不一样,找到这个字符串,换一下就成了系列注册机了
softname = "Jobosharevideoconverter2008.07.28" 

'softname = "Joboshareaudiomaker2010.05.06" 'Audio Maker
'softname = "Jobosharedvdripperplatinum2008.07.28" 'DVD Ripper Platinum
'softname = "Jobosharedvdtomp4share2008.07.28" 'DVD to MP4 Converter
'softname = "Jobosharepdftotextconverter2011.09.15" 'PDF to Text Converter
'softname = "Jobosharevideoconverter2008.07.28" 'Video Converter
'太多了,我目前就只看了这几个,目测都差不多



Dim username, sncode, sn(39), midsn1, i, j, k
Dim midsn '这是要md5的字符串
Dim expasy '测试
username=Name
if len(username)=0 then 
expasy = "请输入用户名！"
else
'前20位我随机产生的
For i = 1 To 20 
Randomize
sn(i) = Asc(Hex(Int(Rnd() * 15)) & "")
'sn(i) = 56
If i Mod 5 = 0 Then
sn(i) = 45
End If
Next 
'ok,前20位搞定

Dim soft()   '这是用来存要md5的那个字符串的ascii的
n = Len(softname) * 3 + 24  '字符串总长度
ReDim soft(n)  '在一般情况下,我数组下标喜欢从1开始,0不喜欢用

i = Int((Len(softname) + 2) \ 3) '


soft(1) = 49                 '第一位是0x31(49)
For j = 1 To Len(softname)   '因为第一位是0x31所以全部后移一位就都+1了
If j <= i Then                '这是取出第(3*j+1) 位(j=0,1,2,3.....,字符串长度)位的过程
soft(2 * j + 1) = Int(3 * j - 2)
soft(2 * j) = Asc(Mid(softname, 3 * j - 2, 1))
Else                          '这是取出第(3*i+1) 位(i=0,1,2,3.....,字符串长度)位的过程
soft(2 * j + 1) = Int((3 * (j - i) + 1) \ 2)
soft(2 * j) = Asc(Mid(softname, Int((3 * (j - i) + 1) \ 2), 1))
End If                                  '偶数搞定
Next 

soft(2 * Len(softname) + 2) = 48     '这里连续2位0x30(48)
soft(2 * Len(softname) + 3) = 48

For j = (2 * Len(softname) + 4) To (2 * Len(softname) + 4 + 19) '这是sn前20位
soft(j) = sn(j - (2 * Len(softname) + 4) + 1)
Next 

For j = 1 To n - (2 * Len(softname) + 23) - 1   '这是softname
soft(j + (2 * Len(softname) + 23)) = Asc(Mid(softname, j, 1))
Next 

' soft(n) = 0


For i = 1 To n - 1
midsn = midsn & Chr(soft(i))
'soft(i) = Hex(soft(i))      '测试
Next

midsn1 = midsn '测试

midsn = UCase(md5(midsn1)) '转大写

Dim ss(16) '测试

For i = 1 To 16
ss(i) = Mid(midsn, 2 * i - 1, 1)
Next 

For j = 1 To 19
If j Mod 5 = 0 Then
sn(j + 20) = 45 '- 这个符号
Else
sn(j + 20) = Asc(ss(j - (j - 1) \ 5))
End If
Next 

For i = 1 To 39 '生成sn
sncode = sncode & Chr(sn(i))
Next 
expasy = sncode '测试
end if
GetSN=expasy

End Function

4、注册机测试：

Sound · 发表于 2015-11-29 22:13

本帖最后由 Sound 于 2015-11-29 22:16 编辑

直播贴吗? 坐在沙发上、买了可乐,爆米花。

A型血的我 · 发表于 2015-11-29 22:14

谢谢楼主已收藏

yAYa · 发表于 2015-11-29 22:15

刚还说占个沙发,就被sound师傅抢去了. 占个板凳~

-Zing- · 发表于 2015-11-29 22:18

提示: 作者被禁止或删除内容自动屏蔽

夜之零落兮 · 发表于 2015-11-29 22:25

前排露个脸，买了瓜子

2909094965 · 发表于 2015-11-29 22:32

好厉害啊，长见识了

不依baya · 发表于 2015-11-29 22:38

我也来看看！！！1

lies2014 · 发表于 2015-11-30 21:13

谢谢楼主的教学，非常用心仔细，加分了！

帐号		自动登录	找回密码
密码			注册[Register]

[原创] Joboshare全系列爆破、追码、算法及注册机源码

点评

免费评分

-Zing- -Zing- 当前离线好友阅读权限 0 听众最后登录 1970-1-1 头像被屏蔽	-Zing- 发表于 2015-11-29 22:18 提示: 作者被禁止或删除内容自动屏蔽

	回复支持举报