AKoff Music Composer V2.0

标题:简单算法——AKoff Music Composer V2.0
发信人:fly
时间:2003/03/07 12:51pm
详细信息:

简单算法——AKoff Music Composer V2.0

下载页面： http://www.skycn.com/soft/1869.html
软件大小： 255 KB
软件语言：英文
软件类别：国外软件 / 共享版 / 音频转换
应用平台： Win9x/NT/2000/XP
加入时间： 2002-07-01 14:36:00
下载次数： 6806
推荐等级： ****
【软件简介】：小巧的音乐转换处理软件。集 MIDI 播放及轨迹检视、WAVE->MIDI转换等功能于一身的迷你软件。有了它，您就可以轻松地获取来至麦克风、线形输入或音频 CD 等各种音源的音频数据信息，予以分析识别和转换，而不需要外接任何 DLL(动态链接库)文件。
【软件限制】：功能限制、30天试用
【作者声明】：初学Crack，只是感兴趣，没有其它目的。失误之处敬请诸位大侠赐教！
【破解工具】：TRW2000娃娃修改版、FI2.5、W32Dasm8.93黄金版
—————————————————————————————————
【过程】：

Composer.exe 无壳，C++ 编写。反汇编吧，查找关键提示。
Your E-mail: fly@263.net
试炼码 : 135726489012
—————————————————————————————————
:0040436B E8CA980100 Call 0041DC3A
:00404370 E8DBF6FFFF call 00403A50
====>关键CALL！F8进入！
:00404375 833DC8EC410000 cmp dword ptr [0041ECC8], 00000000
====> [0041ECC8]应是注册标志位了。
搜索了一下，却发现关键部分正好在上面的CALL里。
:0040437C 7450 je 004043CE
====>跳则OVER！
:0040437E 33C0 xor eax, eax
:00404380 83C9FF or ecx, FFFFFFFF
* Possible Reference to Dialog:
|
:00404383 BF81E14100 mov edi, 0041E181
:00404388 8DB5F0FEFFFF lea esi, dword ptr [ebp+FFFFFEF0]
:0040438E F2 repnz
:0040438F AE scasb
:00404390 F7D1 not ecx
:00404392 2BF9 sub edi, ecx
:00404394 8BD1 mov edx, ecx
:00404396 87F7 xchg edi, esi
:00404398 C1E902 shr ecx, 02
:0040439B 8BC7 mov eax, edi
:0040439D F3 repz
:0040439E A5 movsd
:0040439F 8BCA mov ecx, edx
:004043A1 8D85F0FEFFFF lea eax, dword ptr [ebp+FFFFFEF0]
:004043A7 83E103 and ecx, 00000003
:004043AA F3 repz
:004043AB A4 movsb
* Possible StringData Ref from Data Obj ->" - Registered"
====>呵呵，胜利女神！
:004043AC 6868F84100 push 0041F868
:004043B1 50 push eax
:004043B2 E875160100 call 00415A2C
:004043B7 83C408 add esp, 00000008
:004043BA 50 push eax
:004043BB 8B158CE24100 mov edx, dword ptr [0041E28C]
:004043C1 52 push edx
* Reference To: USER32.SetWindowTextA, Ord:0000h
|
:004043C2 E81B990100 Call 0041DCE2
:004043C7 E8A0FAFFFF call 00403E6C
:004043CC EB12 jmp 004043E0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040437C(C)
|
:004043CE 6A30 push 00000030
* Possible Reference to Dialog:
|
:004043D0 6890F84100 push 0041F890
* Possible StringData Ref from Data Obj ->"Not valid Code or E-mail."
====>BAD BOY！

:004043D5 6876F84100 push 0041F876
:004043DA 53 push ebx
* Reference To: USER32.MessageBoxA, Ord:0000h
|
:004043DB E8A8980100 Call 0041DC88

—————————————————————————————————
F8进入 404370 call 00403A50

* Referenced by a CALL at Addresses:
|:004011F7 , :00404370
|
:00403A50 56 push esi
:00403A51 57 push edi
:00403A52 83C4EC add esp, FFFFFFEC
* Possible Reference to Dialog:
|
:00403A55 B8CBF64100 mov eax, 0041F6CB
:00403A5A BAC1EB4100 mov edx, 0041EBC1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403A79(C)
|
:00403A5F 8A08 mov cl, byte ptr [eax]
:00403A61 3A0A cmp cl, byte ptr [edx]
:00403A63 7516 jne 00403A7B
:00403A65 84C9 test cl, cl
:00403A67 743C je 00403AA5
:00403A69 8A4801 mov cl, byte ptr [eax+01]
:00403A6C 3A4A01 cmp cl, byte ptr [edx+01]
:00403A6F 750A jne 00403A7B
:00403A71 83C002 add eax, 00000002
:00403A74 83C202 add edx, 00000002
:00403A77 84C9 test cl, cl
:00403A79 75E4 jne 00403A5F
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00403A63(C), :00403A6F(C)
|
:00403A7B 7428 je 00403AA5
* Possible StringData Ref from Data Obj ->"镱溧痤?
|
:00403A7D B8D3F64100 mov eax, 0041F6D3
:00403A82 BABCEA4100 mov edx, 0041EABC
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403AA1(C)
|
:00403A87 8A08 mov cl, byte ptr [eax]
:00403A89 3A0A cmp cl, byte ptr [edx]
:00403A8B 7524 jne 00403AB1
:00403A8D 84C9 test cl, cl
:00403A8F 7412 je 00403AA3
:00403A91 8A4801 mov cl, byte ptr [eax+01]
:00403A94 3A4A01 cmp cl, byte ptr [edx+01]
:00403A97 7518 jne 00403AB1
:00403A99 83C002 add eax, 00000002
:00403A9C 83C202 add edx, 00000002
:00403A9F 84C9 test cl, cl
:00403AA1 75E4 jne 00403A87
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403A8F(C)
|
:00403AA3 750C jne 00403AB1
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00403A67(C), :00403A7B(C)
|
* Possible Reference to String Resource ID=00001: "AKoff Music Composer - Version 2.0"
|
:00403AA5 C705C8EC410001000000 mov dword ptr [0041ECC8], 00000001
:00403AAF EB72 jmp 00403B23
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00403A8B(C), :00403A97(C), :00403AA3(C)
|
:00403AB1 BE75F14100 mov esi, 0041F175
:00403AB6 8BFC mov edi, esp
* Possible Reference to String Resource ID=00005: "Pan"
|
:00403AB8 B905000000 mov ecx, 00000005
:00403ABD F3 repz
:00403ABE A5 movsd
:00403ABF 54 push esp
:00403AC0 E8EBFDFFFF call 004038B0
====>算法CALL！F8进入！
:00403AC5 59 pop ecx
:00403AC6 54 push esp
:00403AC7 E8F01F0100 call 00415ABC
====>取注册码位数
:00403ACC 59 pop ecx
:00403ACD 83F80C cmp eax, 0000000C
====>是否12位？
:00403AD0 7510 jne 00403AE2
* Possible Reference to Dialog:
|
:00403AD2 68C1EB4100 push 0041EBC1
:00403AD7 E8E01F0100 call 00415ABC
====>取试炼码位数
:00403ADC 59 pop ecx
:00403ADD 83F80C cmp eax, 0000000C
====>是否12位？
:00403AE0 7409 je 00403AEB
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403AD0(C)
|
:00403AE2 33C0 xor eax, eax
:00403AE4 A3C8EC4100 mov dword ptr [0041ECC8], eax
:00403AE9 EB38 jmp 00403B23
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403AE0(C)
|
:00403AEB 8BC4 mov eax, esp
====>注册码入 EAX
* Possible Reference to Dialog:

:00403AED BAC1EB4100 mov edx, 0041EBC1
====>试炼码入 EDX
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403B0C(C)
====>逐位比较了！
:00403AF2 8A08 mov cl, byte ptr [eax]
:00403AF4 3A0A cmp cl, byte ptr [edx]
:00403AF6 7524 jne 00403B1C
:00403AF8 84C9 test cl, cl
:00403AFA 7412 je 00403B0E
:00403AFC 8A4801 mov cl, byte ptr [eax+01]
:00403AFF 3A4A01 cmp cl, byte ptr [edx+01]
:00403B02 7518 jne 00403B1C
:00403B04 83C002 add eax, 00000002
:00403B07 83C202 add edx, 00000002
:00403B0A 84C9 test cl, cl
:00403B0C 75E4 jne 00403AF2
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403AFA(C)
|
:00403B0E 750C jne 00403B1C
* Possible Reference to String Resource ID=00001: "AKoff Music Composer - Version 2.0"
|
:00403B10 C705C8EC410001000000 mov dword ptr [0041ECC8], 00000001
====>注册标志位置1 ！ OK！
:00403B1A EB07 jmp 00403B23
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00403AF6(C), :00403B02(C), :00403B0E(C)
|
:00403B1C 33C0 xor eax, eax
====>EAX 清零
:00403B1E A3C8EC4100 mov dword ptr [0041ECC8], eax
====>注册标志位置0 ！ OVER！
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00403AAF(U), :00403AE9(U), :00403B1A(U)
|
:00403B23 83C414 add esp, 00000014
:00403B26 5F pop edi
:00403B27 5E pop esi
:00403B28 C3 ret
—————————————————————————————————
F8进入算法CALL：403AC0 call 004038B0

* Referenced by a CALL at Addresses:
|:00403AC0 , :0040427D
|
:004038B0 55 push ebp
:004038B1 8BEC mov ebp, esp
:004038B3 83C4E8 add esp, FFFFFFE8
:004038B6 53 push ebx
:004038B7 56 push esi
:004038B8 57 push edi
:004038B9 33FF xor edi, edi
:004038BB 68BCEA4100 push 0041EABC
====>fly@263.net
:004038C0 E8F7210100 call 00415ABC
====>取E-mail的长度，检测其格式
:004038C5 59 pop ecx
:004038C6 83F805 cmp eax, 00000005
====>EAX=11
:004038C9 730B jnb 004038D6
====>不能少于5位！
:004038CB 8B4508 mov eax, dword ptr [ebp+08]
:004038CE C60000 mov byte ptr [eax], 00
:004038D1 E99E000000 jmp 00403974
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004038C9(C)
|
:004038D6 33DB xor ebx, ebx
* Possible Reference to Dialog:
|
:004038D8 BEBCEA4100 mov esi, 0041EABC
====>ESI=fly@263.net
:004038DD EB07 jmp 004038E6
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004038F3(C)
|
:004038DF 0FBE06 movsx eax, byte ptr [esi]
====>依次取fly@263.net字符的HEX值
1、====>EAX=66
2、====>EAX=6C
3、====>EAX=79
…… …… 省略 …… ……
11、====>EAX=74
:004038E2 03F8 add edi, eax
====>累加！
1、====>EDI=00+66=66
2、====>EDI=66+6C=D2
3、====>EDI=D2+79=14B
…… …… 省略 …… ……
11、====>EDI=327+74=39B

:004038E4 43 inc ebx
====>依次增1
:004038E5 46 inc esi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004038DD(U)
|
:004038E6 68BCEA4100 push 0041EABC
:004038EB E8CC210100 call 00415ABC
:004038F0 59 pop ecx
:004038F1 3BD8 cmp ebx, eax
====>共循环E-mail的位数11次
:004038F3 7CEA jl 004038DF
====>取完了吗？继续循环！
:004038F5 B97B000000 mov ecx, 0000007B
====>7B 入 ECX
:004038FA 8BC7 mov eax, edi
====>EAX=EDI=39B
:004038FC 99 cdq
:004038FD F7F9 idiv ecx
====>EAX=39B % 7B=余数：3E
:004038FF 89D7 mov edi, edx
====>3E 入 EDI
:00403901 33DB xor ebx, ebx
:00403903 8D45E8 lea eax, dword ptr [ebp-18]
* Possible Reference to Dialog:
|
:00403906 BABCEA4100 mov edx, 0041EABC
====>EDX=fly@263.net
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403926(C)
|
:0040390B 0FBE0A movsx ecx, byte ptr [edx]
====>依次取fly@263.net前5位字符的HEX值
1、====>ECX=66
2、====>ECX=6C
3、====>ECX=79
4、====>ECX=40
5、====>ECX=32
:0040390E 03CF add ecx, edi
1、====>EDI=66+3E=A4
2、====>EDI=6C+3E=AA
3、====>EDI=79+3E=B7
4、====>EDI=40+3E=7E
5、====>EDI=32+3E=70
:00403910 8908 mov dword ptr [eax], ecx
====>结果依次存入 [EAX] 处
:00403912 81F9FF000000 cmp ecx, 000000FF
====>结果大于FF？
:00403918 7E04 jle 0040391E
====>结果不大于FF就跳。
:0040391A 33C9 xor ecx, ecx
====>否则 ECX 清零
:0040391C 8908 mov dword ptr [eax], ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403918(C)
|
:0040391E 43 inc ebx
:0040391F 83C004 add eax, 00000004
:00403922 42 inc edx
:00403923 83FB05 cmp ebx, 00000005
====>取前5位
:00403926 7CE3 jl 0040390B
====>继续循环
:00403928 897DFC mov dword ptr [ebp-04], edi
:0040392B 33DB xor ebx, ebx
:0040392D 8B4508 mov eax, dword ptr [ebp+08]
:00403930 8BD0 mov edx, eax
:00403932 8D45E8 lea eax, dword ptr [ebp-18]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040396B(C)
|
:00403935 8B08 mov ecx, dword ptr [eax]
1、====>ECX=A4
2、====>ECX=AA
3、====>ECX=B7
4、====>ECX=7E
5、====>ECX=70
6、====>ECX=3E
:00403937 85C9 test ecx, ecx
:00403939 7903 jns 0040393E
:0040393B 83C10F add ecx, 0000000F
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403939(C)
|
:0040393E C1F904 sar ecx, 04
（同0040394B处分别取前、后位） ====>算术右移4次！
1、====>ECX=A
2、====>ECX=A
3、====>ECX=B
4、====>ECX=7
5、====>ECX=7
6、====>ECX=3
:00403941 8A8964F14100 mov cl, byte ptr [ecx+0041F164]
====>从 [ecx+0041F164] 处查表！
1、====>CL=1
2、====>CL=1
3、====>CL=P
4、====>CL=G
5、====>CL=G
6、====>CL=A
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
[0041F164]处的表值！

0041F164 4B 33 35 41 37 43 32 47 30 34 31 50 39 36 44 38 K35A7C2G041P96D8
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

:00403947 880A mov byte ptr [edx], cl
====>结果保存 [EDX] 处
:00403949 8B08 mov ecx, dword ptr [eax]
1-1、====>ECX=A4
2-2、====>ECX=AA
3-3、====>ECX=B7
4-4、====>ECX=7E
5-5、====>ECX=70
6-6、====>ECX=3E
:0040394B 81E10F000080 and ecx, 8000000F
====>分别和8000000F进行“与”运算！
1-1、====>ECX=4
2-2、====>ECX=A
3-3、====>ECX=7
4-4、====>ECX=E
5-5、====>ECX=0
6-6、====>ECX=E
:00403951 7905 jns 00403958
:00403953 49 dec ecx
:00403954 83C9F0 or ecx, FFFFFFF0
:00403957 41 inc ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403951(C)
|
:00403958 8A8964F14100 mov cl, byte ptr [ecx+0041F164]
====>从 [ecx+0041F164] 处查表！
1-1、====>CL=7
2-2、====>CL=1
3-3、====>CL=G
4-4、====>CL=D
5-5、====>CL=K
6-6、====>CL=D
:0040395E 884A01 mov byte ptr [edx+01], cl
====>结果保存 [EDX+01] 处
:00403961 43 inc ebx
:00403962 83C202 add edx, 00000002
:00403965 83C004 add eax, 00000004
:00403968 83FB06 cmp ebx, 00000006
====>循环6次
:0040396B 7CC8 jl 00403935
====>继续循环？
:0040396D 8B4508 mov eax, dword ptr [ebp+08]
====>上面循环所得的结果入 EAX
====>EAX=1711PGGDGKAD 呵呵，这就是真码了！
:00403970 C6400C00 mov [eax+0C], 00
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004038D1(U)
|
:00403974 5F pop edi
:00403975 5E pop esi
:00403976 5B pop ebx
:00403977 8BE5 mov esp, ebp
:00403979 5D pop ebp
:0040397A C3 ret
—————————————————————————————————
【KeyMake之内存注册机】：

中断地址：404370
中断次数：1
第一字节：E8
指令长度：5
中断地址：403AC5
中断次数：1
第一字节：59
指令长度：1

内存方式：EAX
—————————————————————————————————
【注册信息保存】：

REGEDIT4
[HKEY_LOCAL_MACHINE\Software\AKoff\Composer]
"UserMail"="fly@263.net"
"KeyCode"="1711PGGDGKAD"
—————————————————————————————————
【整理】：

Your E-mail: fly@263.net
Your Code: 1711PGGDGKAD
—————————————————————————————————

Cracked By 巢水工作坊——fly【OCN】
2:58 03-3-7