下载页面: http://www.skycn.com/soft/11099.html
软件大小:
591 KB
软件语言: 简体中文
软件类别: 国产软件 / 共享版 / 音频转换
应用平台: Win9x/NT/2000/XP
加入时间:
2003-04-25 09:51:42
下载次数: 11062
推荐等级: ***
开 发 商: http://www.goldlimit.com/
【软件简介】:
1: 支持的格式多,可将 asf,wmv,wma,wav, mp3、mpeg,dat,dvd,avi,cd音轨,磁带,话筒等 转换为:wma, mp3, wav
及20多种音频格式;2: 可从音频硬件采集声音(包括话筒,线路输入,混音器、磁带等)然后存为 20多种格式,你甚至可以将录音机里的广播录制到电脑里并存成mp3文件!
3: 完全支持第三方免费编解码器,将你电脑潜在的转换,功能发挥到极致。 4: 速度极快,比一般的转换器快出30%; 5: 没有复杂的操作,极易使用。
【软件限制】:NAG、试用30次。
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、PEiD、W32Dasm 9.0白金版
—————————————————————————————————
【过 程】:
ezConverter.exe
无壳。 Visual C++ 6.0 编写。
软件把试炼码保存在同目录下的erf.dat文件中重启时验证,简单的方法是在反汇编代码里查找蛛丝马迹。
注册名:flysky
(提示要求至少6位)
试炼码:13572468
—————————————————————————————————
*
Reference To: KERNEL32.FreeLibrary, Ord:00B4h
|
:00404EBA FF1534D04000 Call
dword ptr [0040D034]
:00404EC0 83CDFF
or ebp, FFFFFFFF
:00404EC3 8D7C2440
lea edi, dword ptr [esp+40]
====>EDI=flysky
注册名
:00404EC7 8BCD
mov ecx, ebp
:00404EC9
33C0 xor
eax, eax
:00404ECB F2
repnz
:00404ECC AE
scasb
:00404ECD F7D1
not ecx
:00404ECF 49
dec ecx
====>取用户名长度 ECX=6
:00404ED0
83F901 cmp ecx,
00000001
:00404ED3 0F82BC010000 jb
00405095
:00404ED9 8D7C2464
lea edi, dword ptr [esp+64]
====>EDI=13572468
试炼码
:00404EDD
8BCD mov
ecx, ebp
:00404EDF F2
repnz
:00404EE0 AE
scasb
:00404EE1 F7D1
not ecx
:00404EE3 49
dec ecx
:00404EE4
83F901 cmp ecx,
00000001
:00404EE7 0F82A8010000 jb
00405095
:00404EED 8D7C2440
lea edi, dword ptr [esp+40]
:00404EF1 8BCD
mov ecx, ebp
:00404EF3 F2
repnz
:00404EF4
AE scasb
*
Reference To: USER32.CharUpperA, Ord:002Fh
|
:00404EF5
8B1D9CD44000 mov ebx, dword ptr [0040D49C]
:00404EFB
8BF5 mov
esi, ebp
:00404EFD F7D1
not ecx
:00404EFF 49
dec ecx
:00404F00 8BF9
mov edi, ecx
:00404F02 8D4C2440
lea ecx, dword ptr [esp+40]
:00404F06
51 push
ecx
:00404F07 FFD3
call ebx
====>EDI=把flysky转化为大写FLYSKY
:00404F09
33C9 xor
ecx, ecx
:00404F0B 85FF
test edi, edi
:00404F0D 7E6B
jle 00404F7A
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404F75(C)
|
:00404F0F
8BC1 mov
eax, ecx
====>从0开始计数。与3求模,根据余数值进行相应运算。
:00404F11
BD03000000 mov ebp, 00000003
====>EBP=3
:00404F16
99 cdq
:00404F17
F7FD idiv
ebp
:00404F19 46
inc esi
:00404F1A 85D2
test edx, edx
:00404F1C 7517
jne 00404F35
====>余数不为0就跳
:00404F1E
8A440C40 mov al, byte ptr
[esp+ecx+40]
====>EDI=[esp+ecx+40]=FLYSKY
:00404F22
0FBED0 movsx edx,
al
:00404F25 83EA05
sub edx, 00000005
:00404F28 83FA41
cmp edx, 00000041
:00404F2B 7E04
jle 00404F31
====>-5后不大于41则跳跳下去+5
:00404F2D
2C05 sub
al, 05
====>第4位此处-5
即:循环计数的第3次
4、 ====>AL=53 - 5=4E 即:N
:00404F2F EB3A jmp 00404F6B
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00404F2B(C)
|
:00404F31
0405 add
al, 05
====>第1位此处加5
1、 ====>AL=46 + 5=4B 即:K
:00404F33 EB36 jmp 00404F6B
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00404F1C(C)
|
:00404F35
83FA01 cmp edx,
00000001
:00404F38 7517
jne 00404F51
:00404F3A 8A440C40
mov al, byte ptr [esp+ecx+40]
:00404F3E 0FBED0
movsx edx, al
:00404F41 83C207
add edx, 00000007
:00404F44
83FA5A cmp edx,
0000005A
:00404F47 7D04
jge 00404F4D
====>+7后不小于5A则跳跳下去-7
:00404F49
0407 add
al, 07
====>第2、5位此处加7
2、
====>AL=4C + 7=53 即:S
5、 ====>AL=4B
+ 7=52 即:R
:00404F4B EB1E jmp 00404F6B
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00404F47(C)
|
:00404F4D
2C07 sub
al, 07
:00404F4F EB1A
jmp 00404F6B
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404F38(C)
|
:00404F51
83FA02 cmp edx,
00000002
:00404F54 751C
jne 00404F72
:00404F56 8A440C40
mov al, byte ptr [esp+ecx+40]
:00404F5A 0FBED0
movsx edx, al
:00404F5D 83EA09
sub edx, 00000009
:00404F60
83FA41 cmp edx,
00000041
:00404F63 7E04
jle 00404F69
====>-9后不大于41则跳下去+9
:00404F65
2C09 sub
al, 09
====>第3、6位此处-9
3、
====>AL=59 - 9=50 即:P
6、 ====>AL=59
- 9=50 即:P
:00404F67 EB02 jmp 00404F6B
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00404F63(C)
|
:00404F69
0409 add
al, 09
* Referenced
by a (U)nconditional or (C)onditional Jump at Addresses:
|:00404F2F(U), :00404F33(U),
:00404F4B(U), :00404F4F(U), :00404F67(U)
|
:00404F6B 88843488000000
mov byte ptr [esp+esi+00000088], al
====>保存结果 FLYSKY 转化为KSPNRP
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404F54(C)
|
:00404F72
41 inc
ecx
:00404F73 3BCF
cmp ecx, edi
:00404F75 7C98
jl 00404F0F
====>循环
:00404F77 83CDFF or ebp, FFFFFFFF
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404F0D(C)
|
:00404F7A
DD05D8DD4000 fld qword ptr [0040DDD8]
:00404F80
33C0 xor
eax, eax
:00404F82 85F6
test esi, esi
====>ESI=5
:00404F84 7E17 jle 00404F9D
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00404F9B(C)
|
:00404F86
0FBE8C0488000000 movsx ecx, byte ptr [esp+eax+00000088]
====>依次取KSPNRP字符HEX值的10进制值
:00404F8E
894C2414 mov dword ptr
[esp+14], ecx
:00404F92 40
inc eax
====>EAX增1
:00404F93
DB442414 fild dword ptr
[esp+14]
:00404F97 3BC6
cmp eax, esi
====>EAX已增1,所以只取前5位的值累加
:00404F99
DEC1 faddp
st(1), st(0)
====>其实是浮点数累加
====>st(0)=75+83+80+78+82=398.00000000000000000
:00404F9B
7CE9 jl 00404F86
====>循环
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404F84(C)
|
:00404F9D
D9C0 fld
st(0), st(0)
:00404F9F D9FE
fsin
====>取SIN值398.00000000000000000=0.8317580087191733248
:00404FA1
D9FF fcos
====>取COS值0.8317580087191733248=0.6735774280714966016
:00404FA3
D9FE fsin
====>取SIN值0.6735774280714966016=0.6237860730035777536
:00404FA5
D9FF fcos
====>取COS值0.6237860730035777536=0.8116727871807730688
:00404FA7
D9FE fsin
====>取SIN值0.8116727871807730688=0.7254395446159557632
:00404FA9
DD542414 fst qword ptr
[esp+14]
:00404FAD DC1DD8DD4000 fcomp
qword ptr [0040DDD8]
:00404FB3 DFE0
fstsw ax
:00404FB5 F6C401
test ah, 01
:00404FB8 7423
je 00404FDD
====>跳了下去 这个测试不清楚。
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404FDB(C)
|
:00404FBA
DC0DD0DD4000 fmul qword ptr [0040DDD0]
:00404FC0
D9C0 fld
st(0), st(0)
:00404FC2 D9FE
fsin
:00404FC4 D9FF
fcos
:00404FC6 D9FE
fsin
:00404FC8 D9FF
fcos
:00404FCA
D9FE fsin
:00404FCC
DD542414 fst qword ptr
[esp+14]
:00404FD0 DC1DD8DD4000 fcomp
qword ptr [0040DDD8]
:00404FD6 DFE0
fstsw ax
:00404FD8 F6C401
test ah, 01
:00404FDB 75DD
jne 00404FBA
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404FB8(C)
|
:00404FDD
8B542418 mov edx, dword
ptr [esp+18]
:00404FE1 8B442414
mov eax, dword ptr [esp+14]
:00404FE5 52
push edx
:00404FE6 50
push eax
:00404FE7
8D8C24E0000000 lea ecx, dword ptr [esp+000000E0]
*
Possible StringData Ref from Data Obj ->"%.14f"
|
:00404FEE 6874134100
push 00411374
:00404FF3 51
push ecx
:00404FF4 DDD8
fstp st(0)
*
Reference To: MSVCRT.sprintf, Ord:02B2h
|
:00404FF6
FF1528D44000 Call dword ptr [0040D428]
====>四舍五入取0.7254395446159557632的前16位
:00404FFC
8DBC24E8000000 lea edi, dword ptr [esp+000000E8]
====>EDI=0.72543954461596
:00405003
8BCD mov
ecx, ebp
:00405005 33C0
xor eax, eax
:00405007 83C410
add esp, 00000010
:0040500A 33D2
xor edx, edx
:0040500C F2
repnz
:0040500D
AE scasb
:0040500E
F7D1 not
ecx
:00405010 49
dec ecx
:00405011 83E902
sub ecx, 00000002
:00405014 7427
je 0040503D
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040503B(C)
|
:00405016
8A8414DA000000 mov al, byte ptr [esp+edx+000000DA]
====>依次取0.725439544615956小数点后字符的HEX值
:0040501D
8DBC24D8000000 lea edi, dword ptr [esp+000000D8]
:00405024
0441 add
al, 41
====>依次+41 只记5位了,因为后面只取5位。即:用户名位数-1
1、 ====>37 + 41=78 即:x
2、
====>32 + 41=73 即:s
3、 ====>35
+ 41=76 即:v
4、 ====>34 + 41=75
即:u
5、 ====>33 + 41=74 即:t
:00405026
8BCD mov
ecx, ebp
:00405028 88841488000000 mov byte
ptr [esp+edx+00000088], al
====>保存在
[esp+edx+00000088]
:0040502F
33C0 xor
eax, eax
:00405031 42
inc edx
:00405032 F2
repnz
:00405033 AE
scasb
:00405034 F7D1
not ecx
:00405036
83C1FD add ecx,
FFFFFFFD
:00405039 3BD1
cmp edx, ecx
:0040503B 72D9
jb 00405016
====>循环
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00405014(C)
|
:0040503D
8D8C2488000000 lea ecx, dword ptr [esp+00000088]
:00405044
C684348800000000 mov byte ptr [esp+esi+00000088], 00
====>多于5位的换成00了。只取用户名位数-1
:0040504C
51 push
ecx
====>ECX=xsvut
:0040504D
FFD3 call
ebx
====>把 xsvut 转换成大写字母 XSVUT
:0040504F
8D7C2464 lea edi, dword
ptr [esp+64]
====>EDI=13572468
试炼码
:00405053
8BCD mov
ecx, ebp
:00405055 33C0
xor eax, eax
:00405057 8DB42488000000
lea esi, dword ptr [esp+00000088]
====>ESI=XSVUT
注册码
:0040505E
F2 repnz
:0040505F
AE scasb
:00405060
F7D1 not
ecx
:00405062 49
dec ecx
:00405063 8D7C2464
lea edi, dword ptr [esp+64]
:00405067 33D2
xor edx, edx
:00405069
89AC2430010000 mov dword ptr [esp+00000130],
ebp
:00405070 F3
repz
:00405071 A6
cmpsb
====>逐位比较。有一处不同就OVER了。
:00405072
8D4C2410 lea ecx, dword
ptr [esp+10]
:00405076 7528
jne 004050A0
====>跳则OVER!
*
Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:00405078
E8D3640000 Call 0040B550
:0040507D
B001 mov
al, 01
====>置1则OK!
:0040507F
8B8C2428010000 mov ecx, dword ptr [esp+00000128]
:00405086
64890D00000000 mov dword ptr fs:[00000000],
ecx
:0040508D 5F
pop edi
:0040508E 5E
pop esi
:0040508F 5D
pop ebp
:00405090 5B
pop
ebx
:00405091 8BE5
mov esp, ebp
:00405093 5D
pop ebp
:00405094 C3
ret
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00404ED3(C),
:00404EE7(C)
|
:00405095 89AC2430010000 mov
dword ptr [esp+00000130], ebp
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404E0A(U)
|
:0040509C
8D4C2410 lea ecx, dword
ptr [esp+10]
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00405076(C)
|
*
Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:004050A0
E8AB640000 Call 0040B550
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404D86(C)
|
:004050A5
8B8C2428010000 mov ecx, dword ptr [esp+00000128]
:004050AC
5F pop
edi
:004050AD 32C0
xor al, al
====>清0则OVER!爆破点!
:004050AF
64890D00000000 mov dword ptr fs:[00000000],
ecx
:004050B6 5E
pop esi
:004050B7 5D
pop ebp
:004050B8 5B
pop ebx
:004050B9 8BE5
mov esp,
ebp
:004050BB 5D
pop ebp
:004050BC C3
ret
—————————————————————————————————
【完 美 爆 破】:
004050AD
32C0 xor al, al
改为: B001
mov al, 01 与0040507D处相映成趣!让其永远返回1。
—————————————————————————————————
【KeyMake之{74th}内存注册机】:
中断地址:00405067
中断次数:1
第一字节:33
指令长度:2
内存方式:ESI
—————————————————————————————————
【注册信息保存】:
同目录下的erf.dat文件中。
—————————————————————————————————
【整 理】:
注册名:flysky
注册号:XSVUT
—————————————————————————————————
, _/
/| _.-~/
\_ , 青春都一饷
( /~ / \~-._
|\
`\\ _/
\ ~\ ) 忍把浮名
_-~~~-.) )__/;;,. \_ //'
/'_,\ --~ \ ~~~- ,;;\___( (.-~~~-.
换了破解轻狂
`~ _( ,_..--\ ( ,;'' /
~-- /._`\
/~~//' /' `~\
) /--.._, )_ `~
" `~" "
`" /~'`\ `\\~~\
"
" "~' ""
Cracked By 巢水工作坊——fly [OCN][FCG]
2003-04-28 23:31