|
作者: yongmin [yongmin] 论坛用户 | 登录 |
【破解作者】 小子贼野 【作者主页】 http://mayday.unpack.cn/ 【使用工具】 OD 【破解平台】 Win9x/NT/2000/XP 【软件名称】 Open Video Capture 1.24.553 【下载地址】 http://www.onlinedown.net/soft/46986.htm 【软件简介】 Open Video Converter 是一款易于使用的视频转换,分割和编辑工具。它能转换多个视频 格式如MPG,AVI,ASF,WMV到AVI 文件。它能改变帧尺寸,帧频,视频和音频压缩编码。 主要功能有:-转换MPEG,WMV,ASF,MPG,VCD,OGM,DAT,SVCD为AVI。 【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:) -------------------------------------------------------------------------------- 超级字串参考, 项目 54 地址=00402D23 反汇编=PUSH openvcap.0041B744 文本字串=registration has succeeded! -------------------------------------------------------------------------------- 来到下面: -------------------------------------------------------------------------------- 00402B2D > \8B7C24 1C MOV EDI,DWORD PTR SS:[ESP+1C] ; 案例 1 --> 分支 00402AD9 00402B31 . 8B35 04B34100 MOV ESI,DWORD PTR DS:[<&USER32.GetDlgIte>; USER32.GetDlgItemTextA 00402B37 . 68 00010000 PUSH 100 ; /Count = 100 (256.) 00402B3C . 68 B0104200 PUSH openvcap.004210B0 ; |Buffer = openvcap.004210B0 00402B41 . 68 E8030000 PUSH 3E8 ; |ControlID = 3E8 (1000.) 00402B46 . 57 PUSH EDI ; |hWnd 00402B47 . FFD6 CALL ESI ; \GetDlgItemTextA 00402B49 . 68 00010000 PUSH 100 ; /Count = 100 (256.) 00402B4E . 68 20164200 PUSH openvcap.00421620 ; |Buffer = openvcap.00421620 00402B53 . 68 E9030000 PUSH 3E9 ; |ControlID = 3E9 (1001.) 00402B58 . 57 PUSH EDI ; |hWnd 00402B59 . FFD6 CALL ESI ; \GetDlgItemTextA 00402B5B . B8 B0104200 MOV EAX,openvcap.004210B0 ; ASCII "mayday" 00402B60 . 8D50 01 LEA EDX,DWORD PTR DS:[EAX+1] 00402B63 > 8A08 MOV CL,BYTE PTR DS:[EAX] 00402B65 . 40 INC EAX 00402B66 . 84C9 TEST CL,CL 00402B68 .^ 75 F9 JNZ SHORT openvcap.00402B63 00402B6A . 2BC2 SUB EAX,EDX 00402B6C . 83F8 02 CMP EAX,2 ; 用户名必须大于2 00402B6F . 73 22 JNB SHORT openvcap.00402B93 00402B71 . 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL 00402B73 . 68 B0B74100 PUSH openvcap.0041B7B0 ; |Title = "Error" 00402B78 . 68 90B74100 PUSH openvcap.0041B790 ; |Text = "Please input correct User Name!" 00402B7D . 57 PUSH EDI ; |hOwner 00402B7E . FF15 68B24100 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA 00402B84 . 5F POP EDI 00402B85 . 5E POP ESI 00402B86 . 5D POP EBP 00402B87 . B8 01000000 MOV EAX,1 00402B8C . 5B POP EBX 00402B8D . 83C4 08 ADD ESP,8 00402B90 . C2 1000 RETN 10 00402B93 > B8 20164200 MOV EAX,openvcap.00421620 ; ASCII "123456789" 00402B98 . 8D50 01 LEA EDX,DWORD PTR DS:[EAX+1] 00402B9B . EB 03 JMP SHORT openvcap.00402BA0 00402B9D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] 00402BA0 > 8A08 MOV CL,BYTE PTR DS:[EAX] 00402BA2 . 40 INC EAX 00402BA3 . 84C9 TEST CL,CL 00402BA5 .^ 75 F9 JNZ SHORT openvcap.00402BA0 00402BA7 . 2BC2 SUB EAX,EDX 00402BA9 . 83F8 08 CMP EAX,8 ; 注册码必须大于8 00402BAC . 73 22 JNB SHORT openvcap.00402BD0 00402BAE . 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL 00402BB0 . 68 B0B74100 PUSH openvcap.0041B7B0 ; |Title = "Error" 00402BB5 . 68 68B74100 PUSH openvcap.0041B768 ; |please input correct registration code! 00402BBA . 57 PUSH EDI ; |hOwner 00402BBB . FF15 68B24100 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA 00402BC1 . 5F POP EDI 00402BC2 . 5E POP ESI 00402BC3 . 5D POP EBP 00402BC4 . B8 01000000 MOV EAX,1 00402BC9 . 5B POP EBX 00402BCA . 83C4 08 ADD ESP,8 00402BCD . C2 1000 RETN 10 00402BD0 > 0FB60D B01042>MOVZX ECX,BYTE PTR DS:[4210B0] ; ECX=用户名第一位的Ascii 00402BD7 . 8BC1 MOV EAX,ECX ; ECX=EAX 00402BD9 . 83C8 57 OR EAX,57 ; EAX=EAX OR $57 00402BDC . 99 CDQ 00402BDD . BE 0A000000 MOV ESI,0A ; ESI=$A 00402BE2 . F7FE IDIV ESI ; EAX与A进行idiv运算 00402BE4 . 0FB635 B11042>MOVZX ESI,BYTE PTR DS:[4210B1] ; ESI=用户名第二位的Ascii 00402BEB . 8BC6 MOV EAX,ESI ; ESI=EAX 00402BED . 83C8 45 OR EAX,45 ; EAX=EAX OR $45 00402BF0 . BF 0A000000 MOV EDI,0A ; EDI=$A 00402BF5 . 33ED XOR EBP,EBP ; EBP=0 00402BF7 . 885424 20 MOV BYTE PTR SS:[ESP+20],DL ; dl=07,送ESP+20 00402BFB . 99 CDQ 00402BFC . F7FF IDIV EDI ; EAX与A进行idiv运算 00402BFE . 8BC1 MOV EAX,ECX ; 用户名第一位的Ascii 00402C00 . 83C8 42 OR EAX,42 ; EAX=EAX OR $42 00402C03 . 8BCF MOV ECX,EDI ; EDI=用户名第一位Ascii 00402C05 . 885424 24 MOV BYTE PTR SS:[ESP+24],DL ; DL=1,送ESP+24 00402C09 . 99 CDQ 00402C0A . F7F9 IDIV ECX ; EAX与A进行idiv运算 00402C0C . 8BC6 MOV EAX,ESI ; EAX=用户名第二位的Ascii 00402C0E . 83C8 43 OR EAX,43 ; EAX=EAX OR $43 00402C11 . 885424 12 MOV BYTE PTR SS:[ESP+12],DL 00402C15 . 99 CDQ 00402C16 . F7F9 IDIV ECX ; EAX与A进行idiv运算 00402C18 . B9 B0104200 MOV ECX,openvcap.004210B0 ; ASCII "mayday" 00402C1D . 33F6 XOR ESI,ESI 00402C1F . 8D79 01 LEA EDI,DWORD PTR DS:[ECX+1] 00402C22 . 885424 13 MOV BYTE PTR SS:[ESP+13],DL 00402C26 > 8A01 MOV AL,BYTE PTR DS:[ECX] ; 注册名逐位ascii码送al,进入循环 00402C28 . 41 INC ECX 00402C29 . 84C0 TEST AL,AL 00402C2B .^ 75 F9 JNZ SHORT openvcap.00402C26 00402C2D . 2BCF SUB ECX,EDI 00402C2F . 894C24 14 MOV DWORD PTR SS:[ESP+14],ECX 00402C33 . 74 2A JE SHORT openvcap.00402C5F 00402C35 . EB 09 JMP SHORT openvcap.00402C40 00402C37 . 8DA424 000000>LEA ESP,DWORD PTR SS:[ESP] 00402C3E . 8BFF MOV EDI,EDI 00402C40 > 0FB696 B01042>MOVZX EDX,BYTE PTR DS:[ESI+4210B0] 00402C47 . B9 B0104200 MOV ECX,openvcap.004210B0 ; ASCII "mayday" 00402C4C . 03EA ADD EBP,EDX 00402C4E . 46 INC ESI 00402C4F . 8D79 01 LEA EDI,DWORD PTR DS:[ECX+1] 00402C52 > 8A01 MOV AL,BYTE PTR DS:[ECX] ; 注册名逐位ascii码送al,进入循环 00402C54 . 41 INC ECX 00402C55 . 84C0 TEST AL,AL 00402C57 .^ 75 F9 JNZ SHORT openvcap.00402C52 00402C59 . 2BCF SUB ECX,EDI 00402C5B . 3BF1 CMP ESI,ECX 00402C5D .^ 72 E1 JB SHORT openvcap.00402C40 00402C5F > 8A0D 20164200 MOV CL,BYTE PTR DS:[421620] 00402C65 . 0FB67C24 20 MOVZX EDI,BYTE PTR SS:[ESP+20] 00402C6A . 8A1D 21164200 MOV BL,BYTE PTR DS:[421621] ; $32给bl 00402C70 . A0 22164200 MOV AL,BYTE PTR DS:[421622] ; $33给al 00402C75 . 8A15 23164200 MOV DL,BYTE PTR DS:[421623] ; $34给dl 00402C7B . 0FB6F1 MOVZX ESI,CL 00402C7E . 83EE 30 SUB ESI,30 ; ESI-$30 ESI=1 00402C81 . 3BFE CMP EDI,ESI ; EDI=7和ESI=1比较,即第一位必须是7 00402C83 . 75 48 JNZ SHORT openvcap.00402CCD ; 不相等回家睡觉 00402C85 . 0FB67C24 24 MOVZX EDI,BYTE PTR SS:[ESP+24] 00402C8A . 0FB6F3 MOVZX ESI,BL 00402C8D . 83EE 30 SUB ESI,30 00402C90 . 3BFE CMP EDI,ESI ; EDI=1和ESI=2比较,即第二位必须是1 00402C92 . 75 39 JNZ SHORT openvcap.00402CCD ; 不相等回家睡觉 00402C94 . 0FB67424 12 MOVZX ESI,BYTE PTR SS:[ESP+12] 00402C99 . 0FB6C0 MOVZX EAX,AL 00402C9C . 83E8 30 SUB EAX,30 00402C9F . 3BF0 CMP ESI,EAX ; ESI=1和EAX=3比较,即第三位必须是1 00402CA1 . 75 2A JNZ SHORT openvcap.00402CCD ; 不相等回家睡觉 00402CA3 . 0FB64424 13 MOVZX EAX,BYTE PTR SS:[ESP+13] 00402CA8 . 0FB6D2 MOVZX EDX,DL 00402CAB . 83EA 30 SUB EDX,30 00402CAE . 3BC2 CMP EAX,EDX ; EAX=9和EDX=4比较,即第四位必须是9 00402CB0 . 75 1B JNZ SHORT openvcap.00402CCD ; 不相等回家睡觉 00402CB2 . 8BC5 MOV EAX,EBP ; EAX=EBP=285(用户名的Ascii) 00402CB4 . 99 CDQ 00402CB5 . BE 0A000000 MOV ESI,0A ; ESI=$A 00402CBA . F7FE IDIV ESI ; EAX=285 IDIV $A 00402CBC . 0FB605 241642>MOVZX EAX,BYTE PTR DS:[421624] 00402CC3 . 83E8 30 SUB EAX,30 00402CC6 . 0FB6D2 MOVZX EDX,DL 00402CC9 . 3BD0 CMP EDX,EAX ; EDX=5和EAX=5比较 00402CCB . 74 4B JE SHORT openvcap.00402D18 ; 相等就注册成功 00402CCD > 80F9 32 CMP CL,32 00402CD0 . 0F85 99000000 JNZ openvcap.00402D6F 00402CD6 . 80FB 33 CMP BL,33 00402CD9 . 0F85 90000000 JNZ openvcap.00402D6F 00402CDF . 803D 22164200>CMP BYTE PTR DS:[421622],39 00402CE6 . 0F85 83000000 JNZ openvcap.00402D6F 00402CEC . 803D 23164200>CMP BYTE PTR DS:[421623],31 00402CF3 . 75 7A JNZ SHORT openvcap.00402D6F 00402CF5 . 381D 24164200 CMP BYTE PTR DS:[421624],BL 00402CFB . 75 72 JNZ SHORT openvcap.00402D6F 00402CFD . 803D 25164200>CMP BYTE PTR DS:[421625],31 00402D04 . 75 69 JNZ SHORT openvcap.00402D6F 00402D06 . 803D 26164200>CMP BYTE PTR DS:[421626],34 00402D0D . 75 60 JNZ SHORT openvcap.00402D6F 00402D0F . 803D 27164200>CMP BYTE PTR DS:[421627],36 00402D16 . 75 57 JNZ SHORT openvcap.00402D6F 00402D18 > 8B7C24 1C MOV EDI,DWORD PTR SS:[ESP+1C] 00402D1C . 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL 00402D1E . 68 60B74100 PUSH openvcap.0041B760 ; |message 00402D23 . 68 44B74100 PUSH openvcap.0041B744 ; |registration has succeeded! 00402D28 . 57 PUSH EDI ; |hOwner 00402D29 . FF15 68B24100 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA 00402D2F . 8B35 A0B04100 MOV ESI,DWORD PTR DS:[<&KERNEL32.WritePr>; kernel32.WriteProfileStringA 00402D35 . 68 B0104200 PUSH openvcap.004210B0 ; /String = "mayday" 00402D3A . 68 38B74100 PUSH openvcap.0041B738 ; |username 00402D3F . 68 ECB64100 PUSH openvcap.0041B6EC ; |openvideocapture 00402D44 . FFD6 CALL ESI ; \WriteProfileStringA 00402D46 . 68 20164200 PUSH openvcap.00421620 ; /String = "123456789" 00402D4B . 68 24B74100 PUSH openvcap.0041B724 ; |registration_code 00402D50 . 68 ECB64100 PUSH openvcap.0041B6EC ; |openvideocapture 00402D55 . FFD6 CALL ESI ; \WriteProfileStringA 00402D57 . 6A 01 PUSH 1 ; /Result = 1 00402D59 . 57 PUSH EDI ; |hWnd 00402D5A . FF15 18B34100 CALL DWORD PTR DS:[<&USER32.EndDialog>] ; \EndDialog 00402D60 . 5F POP EDI 00402D61 . 5E POP ESI 00402D62 . 5D POP EBP 00402D63 . B8 01000000 MOV EAX,1 00402D68 . 5B POP EBX 00402D69 . 83C4 08 ADD ESP,8 00402D6C . C2 1000 RETN 10 00402D6F > 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+1C] 00402D73 . 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL 00402D75 . 68 B0B74100 PUSH openvcap.0041B7B0 ; |error 00402D7A . 68 0CB74100 PUSH openvcap.0041B70C ; |registration failed! 00402D7F . 51 PUSH ECX ; |hOwner 00402D80 . FF15 68B24100 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA 00402D86 . 5F POP EDI 00402D87 . 5E POP ESI 00402D88 . 5D POP EBP 00402D89 . B8 01000000 MOV EAX,1 00402D8E . 5B POP EBX 00402D8F . 83C4 08 ADD ESP,8 00402D92 . C2 1000 RETN 10 00402D95 > 8B7424 1C MOV ESI,DWORD PTR SS:[ESP+1C] ; 案例 110 --> 分支 00402AB7 00402D99 . 8B3D 0CB34100 MOV EDI,DWORD PTR DS:[<&USER32.SetDlgIte>; USER32.SetDlgItemTextA 00402D9F . 68 B0104200 PUSH openvcap.004210B0 ; /Text = "mayday" 00402DA4 . 68 E8030000 PUSH 3E8 ; |ControlID = 3E8 (1000.) 00402DA9 . 56 PUSH ESI ; |hWnd 00402DAA . FFD7 CALL EDI ; \SetDlgItemTextA 00402DAC . 68 20164200 PUSH openvcap.00421620 ; /Text = "123456789" 00402DB1 . 68 E9030000 PUSH 3E9 ; |ControlID = 3E9 (1001.) 00402DB6 . 56 PUSH ESI ; |hWnd 00402DB7 . FFD7 CALL EDI ; \SetDlgItemTextA 00402DB9 > 5F POP EDI ; 分支 00402AD9 默认案例 00402DBA . 5E POP ESI 00402DBB . 5D POP EBP 00402DBC . B8 01000000 MOV EAX,1 00402DC1 . 5B POP EBX 00402DC2 . 83C4 08 ADD ESP,8 00402DC5 . C2 1000 RETN 10 -------------------------------------------------------------------------------- 注册名须不小于两位,注册码位数为8位以上,主要思路如下: 1.注册名第一位的ascii码与$57做or运算,再与A进行idiv运算,余数“7”为注册码第一位; 2.注册名第二位的ascii码与$45做or运算,再与A进行idiv运算,余数“1”为注册码第二位; 3.注册名第一位的ascii码与$42做or运算,再与A进行idiv运算,余数“1”为注册码第三位; 4.注册名第二位的ascii码与$43做or运算,再与A进行idiv运算,余数“9”为注册码第四位; 5.此时ebp=$285(用户名的Ascii),与A进行idiv运算,余数“5”为注册码第五位; 6.第六位以后任意 -------------------------------------------------------------------------------- 合起来,即注册名:mayday,注册码:71195***,还有一组通用注册码:2391146 -------------------------------------------------------------------------------- 【Delphi注册机源码】 -------------------------------------------------------------------------------- procedure TForm1.Button1Click(Sender: TObject); var sn1,sn2,sn3,sn4,sn5,i:integer; begin sn5:=0; for i:=1 to length(edit1.text) do sn5:=sn5+ord(edit1.text[i]); sn5:=sn5 mod $A; sn1:=ord(edit1.text[1]) or $57; sn1:=sn1 mod $A; sn2:=ord(edit1.text[2]) or $45; sn2:=sn2 mod $A; sn3:=ord(edit1.text[1]) or $42; sn3:=sn3 mod $A; sn4:=ord(edit1.text[2]) or $43; sn4:=sn4 mod $A; edit2.Text:=inttostr(sn1)+inttostr(sn2)+inttostr(sn3)+inttostr(sn4)+inttostr(sn5)+'555'; end; end. |
地主 发表时间: 07-09-07 09:36 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号