用W32DASM破解JPEG Optimizer 4.0 (转载希望保持完整)
作者:丁丁虾 又名:DDXia
软件简介:
该软件能对JPG图形文件压缩 50% 而不损失画质,自定压缩比,能即时显现压缩后的图片,让你比较差异,效果相当不错。
http://www.newhua.com.cn/down/jpopt3.exe
HI!各位早上好!由于自己的一点大意,折磨我一夜又未眠,本想放弃的,结果是
它是它给我光阴和灵魂------http://astalavista.box.sk---查不到这个软件的4.0
版,最高只有3.02,真的来劲了,一边吃着饼干,一边喝着娃哈哈,一边请我细细讲来:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00429579(U)
|
:00429580 52
push edx
:00429581 E88E0B0000 call 0042A114
^^^^^^^^^^^^^---->为了这一CALL,耗了我
半瓶的Wahaha,5555,这是进入比较注册码的子程序
:00429586 59
pop ecx
:00429587 84C0
test al, al
:00429589 7504
jne 0042958F
^^^^^^^^^^^^----->不对,就过了,EASY了。
开始改为je 0042958F,只要输入任意8位数,就认为
注册码为正确,但每次都要进入都要输入一便,真是
繁它,继续加油哦!那为什么要八位呢???别急 :)
下面会说到的。嘻......
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042956E(C)
|
:0042958B 33C0
xor eax, eax
:0042958D EB05
jmp 00429594
接着我们再看一看它的注册码的子程序,不看不知道,看了就下了一跳(一个晚上
就载在它的手里,本以为初学者不用探讨它的注册码生成,唉。说来口水多),言
归正传,看好了,看好了。。。。。
* Referenced by a CALL at Addresses:
|:004047FF , :00429581
|
:0042A114 55
push ebp
:0042A115 8BEC
mov ebp, esp
:0042A117 83C4F4
add esp, FFFFFFF4
:0042A11A 53
push ebx
:0042A11B 8B4508
mov eax, dword ptr [ebp+08]
:0042A11E 8D5DF4
lea ebx, dword ptr [ebp-0C]
:0042A121 8A10
mov dl, byte ptr [eax]
:0042A123 8813
mov byte ptr [ebx], dl
:0042A125 8A4801
mov cl, byte ptr [eax+01]
:0042A128 884B01
mov byte ptr [ebx+01], cl
:0042A12B 8A5002
mov dl, byte ptr [eax+02]
:0042A12E 885302
mov byte ptr [ebx+02], dl
:0042A131 8A4803
mov cl, byte ptr [eax+03]
:0042A134 884B03
mov byte ptr [ebx+03], cl
:0042A137 8A5004
mov dl, byte ptr [eax+04]
:0042A13A 885304
mov byte ptr [ebx+04], dl
:0042A13D 8A4805
mov cl, byte ptr [eax+05]
:0042A140 884B05
mov byte ptr [ebx+05], cl
:0042A143 8A5006
mov dl, byte ptr [eax+06]
:0042A146 885306
mov byte ptr [ebx+06], dl
:0042A149 8A4807
mov cl, byte ptr [eax+07]
:0042A14C 884B07
mov byte ptr [ebx+07], cl
:0042A14F 8A4008
mov al, byte ptr [eax+08]
:0042A152 884308
mov byte ptr [ebx+08], al
:0042A155 C6430900 mov
[ebx+09], 00
:0042A159 0FBE03
movsx eax, byte ptr [ebx]
:0042A15C 50
push eax
:0042A15D E8228C0400 call 00472D84
:0042A162 59
pop ecx
:0042A163 83F84A
cmp eax, 0000004A
:0042A166 7559
jne 0042A1C1
:0042A168 0FBE5301 movsx
edx, byte ptr [ebx+01]
:0042A16C 52
push edx
:0042A16D E8128C0400 call 00472D84
:0042A172 59
pop ecx
:0042A173 83F853
cmp eax, 00000053
^^^^^^^^^^^^^^^^^---->
:0042A176 7549
jne 0042A1C1
:0042A178 0FBE4B02 movsx
ecx, byte ptr [ebx+02]
:0042A17C 83F924
cmp ecx, 00000024
^^^^^^^^^^^^^^^^^---->
:0042A17F 7540
jne 0042A1C1
:0042A181 0FBE4303 movsx
eax, byte ptr [ebx+03]
:0042A185 83F832
cmp eax, 00000032
^^^^^^^^^^^^^^^^^---->
:0042A188 7537
jne 0042A1C1
:0042A18A 0FBE5304 movsx
edx, byte ptr [ebx+04]
:0042A18E 83FA38
cmp edx, 00000038
^^^^^^^^^^^^^^^^^---->
:0042A191 752E
jne 0042A1C1
:0042A193 0FBE4B05 movsx
ecx, byte ptr [ebx+05]
:0042A197 83F939
cmp ecx, 00000039
^^^^^^^^^^^^^^^^^---->
:0042A19A 7525
jne 0042A1C1
:0042A19C 0FBE4306 movsx
eax, byte ptr [ebx+06]
:0042A1A0 83F832
cmp eax, 00000032
^^^^^^^^^^^^^^^^^---->
:0042A1A3 751C
jne 0042A1C1
:0042A1A5 0FBE5307 movsx
edx, byte ptr [ebx+07]
:0042A1A9 83FA31
cmp edx, 00000031
^^^^^^^^^^^^^^^^^---->
仰天长笑,得来全不费工夫,哈。哈。哈。。。比较了八次,然后看到
53,24,32,38,39,32,31,-----很熟,猜一猜,原来是JS$28921--注册码(可能每台机生成的不一样哦)
如果懒的化,可以把第一句jne 0042A1C1---->jmp 0042A1AE,OK!功德圆满。
:0042A1AC 7513
jne 0042A1C1
:0042A1AE C70554A448001443FC69 mov dword ptr [0048A454], 69FC4314
:0042A1B8 E8CFA7FDFF call 0040498C
:0042A1BD B001
mov al, 01
:0042A1BF EB1B
jmp 0042A1DC
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0042A166(C), :0042A176(C), :0042A17F(C), :0042A188(C), :0042A191(C)
|:0042A19A(C), :0042A1A3(C), :0042A1AC(C)
|
:0042A1C1 53
push ebx
:0042A1C2 E8D1280000 call 0042CA98
:0042A1C7 59
pop ecx
:0042A1C8 84C0
test al, al
:0042A1CA 7404
je 0042A1D0
:0042A1CC B001
mov al, 01
:0042A1CE EB0C
jmp 0042A1DC
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042A1CA(C)
|
:0042A1D0 C70554A44800EBBC0396 mov dword ptr [0048A454], 9603BCEB
:0042A1DA 33C0
xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0042A1BF(U), :0042A1CE(U)
|
:0042A1DC 5B
pop ebx
:0042A1DD 8BE5
mov esp, ebp
:0042A1DF 5D
pop ebp
:0042A1E0 C3
ret
对了,刚刚想金盆洗手,还有一个事没有交代呢?关于为什么要输入八位的事,(说
起来,就要记起台湾78787878大师和中国的12121212新生代,八字先生)瞎猫逮着个死老鼠!
让我找一下代码,我的纸上有N个地址,see...see.......找了21分钟...OK!
Let us see 一 see.
:00429533 FF461C
inc [esi+1C]
:00429536 8B83C8010000 mov eax, dword
ptr [ebx+000001C8]
:0042953C E83BC30100 call 0044587C
:00429541 66C746100800 mov [esi+10],
0008
:00429547 66C746103800 mov [esi+10],
0038
:0042954D 33C9
xor ecx, ecx
:0042954F 894DEC
mov dword ptr [ebp-14], ecx
:00429552 8D55EC
lea edx, dword ptr [ebp-14]
:00429555 FF461C
inc [esi+1C]
:00429558 8B83C8010000 mov eax, dword
ptr [ebx+000001C8]
:0042955E E819C30100 call 0044587C
:00429563 8D45EC
lea eax, dword ptr [ebp-14]
:00429566 E863320200 call 0044C7CE
:0042956B 83F808
cmp eax, 00000008
^^^^^^^^^^^^^^^^^---->eax-->为输入码长度
:0042956E 751B
jne 0042958B
^^^^^^^^^^^^--------->不等于8就BaiByby
:00429570 837DF800 cmp
dword ptr [ebp-08], 00000000
:00429574 7405
je 0042957B
:00429576 8B55F8
mov edx, dword ptr [ebp-08]
:00429579 EB05
jmp 00429580
对了对了,还有一点
\HKEY_CURRENT_USER\Software\XA Tech\Jpeg0pt中code值保存注册码。
完成时间
2000.2.18.7:22
历时6个小时零51分钟(包括2个小时的睡眠)^_^
- 标 题:用W32DASM破解JPEG Optimizer 4.0 (8千字)
- 作 者:DDXia
- 时 间:2000-2-21 12:52:50
- 链 接:http://bbs.pediy.com