【破文标题】Cute MP4 Video Converter V1.40 算法分析
【破文作者】tianxj
【作者邮箱】tianxj_2007@126.com
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD
【破解平台】Windows XP
【软件名称】Cute MP4 Video Converter V1.40
【软件大小】2.38MB
【原版下载】http://www.videotool.net/download/mp4videoconverter.exe
【保护方式】注册码
【软件简介】Cute MP4 Video Converter is a easyt-to-use video converter software. It can convert many video formats, e.g. DivX, XviD, MOV, MPEG-4,MPEG, WMV, H.263,AVI,WMV,ASF to MP4 Movie Video format.
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、运行程序,进行注册,输入错误的注册信息进行检测,有提示信息
**************************************************************
二、用PEiD对MP4VideoConverter.exe查壳,为 Microsoft Visual C++ 6.0
**************************************************************
三、运行OD,打开MP4VideoConverter.exe,右键超级字串参考查找ASCII.
==============================================================
0040EE30 . 6A FF PUSH -1 0040EE32 . 68 48144100 PUSH MP4Video.00411448 ; 父LA; SE 处理程序安装 0040EE37 . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 0040EE3D . 50 PUSH EAX 0040EE3E . 64:8925 00000>MOV DWORD PTR FS:[0],ESP 0040EE45 . 83EC 14 SUB ESP,14 0040EE48 . 55 PUSH EBP 0040EE49 . 56 PUSH ESI 0040EE4A . 57 PUSH EDI 0040EE4B . 8BF1 MOV ESI,ECX 0040EE4D . 6A 01 PUSH 1 0040EE4F . E8 240F0000 CALL <JMP.&MFC42.#6334_CWnd::UpdateData> 0040EE54 . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14] 0040EE58 . E8 D3010000 CALL MP4Video.0040F030 0040EE5D . 51 PUSH ECX 0040EE5E . 8DAE 1C010000 LEA EBP,DWORD PTR DS:[ESI+11C] 0040EE64 . 8BCC MOV ECX,ESP 0040EE66 . 896424 10 MOV DWORD PTR SS:[ESP+10],ESP 0040EE6A . 55 PUSH EBP 0040EE6B . C74424 30 000>MOV DWORD PTR SS:[ESP+30],0 0040EE73 . E8 30090000 CALL <JMP.&MFC42.#535_CString::CString> 0040EE78 . 51 PUSH ECX 0040EE79 . 8DBE 18010000 LEA EDI,DWORD PTR DS:[ESI+118] 0040EE7F . 8BCC MOV ECX,ESP 0040EE81 . 896424 18 MOV DWORD PTR SS:[ESP+18],ESP 0040EE85 . 57 PUSH EDI 0040EE86 . C64424 34 01 MOV BYTE PTR SS:[ESP+34],1 0040EE8B . E8 18090000 CALL <JMP.&MFC42.#535_CString::CString> 0040EE90 . 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C] 0040EE94 . C64424 30 00 MOV BYTE PTR SS:[ESP+30],0 0040EE99 . E8 C2050000 CALL MP4Video.0040F460 0040EE9E . 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+18] 0040EEA2 . 8BCF MOV ECX,EDI 0040EEA4 . 50 PUSH EAX 0040EEA5 . E8 BE090000 CALL <JMP.&MFC42.#858_CString::operator=> 0040EEAA . 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C] 0040EEAE . 51 PUSH ECX 0040EEAF . 8BCD MOV ECX,EBP 0040EEB1 . E8 B2090000 CALL <JMP.&MFC42.#858_CString::operator=>; //取用户名 0040EEB6 . 8B17 MOV EDX,DWORD PTR DS:[EDI] 0040EEB8 . 8B42 F8 MOV EAX,DWORD PTR DS:[EDX-8] 0040EEBB . 85C0 TEST EAX,EAX 0040EEBD . 75 2B JNZ SHORT MP4Video.0040EEEA ; //用户名不为空则跳 0040EEBF . 6A 40 PUSH 40 0040EEC1 . 68 CC7D4100 PUSH MP4Video.00417DCC ; Warning 0040EEC6 . 68 A47E4100 PUSH MP4Video.00417EA4 ; Please enter registration name! 0040EECB . 8BCE MOV ECX,ESI 0040EECD . E8 C20D0000 CALL <JMP.&MFC42.#4224_CWnd::MessageBoxA> 0040EED2 . 68 03040000 PUSH 403 0040EED7 . 8BCE MOV ECX,ESI 0040EED9 . E8 C00C0000 CALL <JMP.&MFC42.#3092_CWnd::GetDlgItem> 0040EEDE . 8BC8 MOV ECX,EAX 0040EEE0 . E8 2F0C0000 CALL <JMP.&MFC42.#5981_CWnd::SetFocus> 0040EEE5 . E9 DE000000 JMP MP4Video.0040EFC8 0040EEEA > 8B45 00 MOV EAX,DWORD PTR SS:[EBP] ; //机器码 0040EEED . 8B48 F8 MOV ECX,DWORD PTR DS:[EAX-8] 0040EEF0 . 85C9 TEST ECX,ECX 0040EEF2 . 75 2B JNZ SHORT MP4Video.0040EF1F ; //机器码不为空则跳 0040EEF4 . 6A 40 PUSH 40 0040EEF6 . 68 CC7D4100 PUSH MP4Video.00417DCC ; Warning 0040EEFB . 68 847E4100 PUSH MP4Video.00417E84 ; Please enter registration code! 0040EF00 . 8BCE MOV ECX,ESI 0040EF02 . E8 8D0D0000 CALL <JMP.&MFC42.#4224_CWnd::MessageBoxA> 0040EF07 . 68 04040000 PUSH 404 0040EF0C . 8BCE MOV ECX,ESI 0040EF0E . E8 8B0C0000 CALL <JMP.&MFC42.#3092_CWnd::GetDlgItem> 0040EF13 . 8BC8 MOV ECX,EAX 0040EF15 . E8 FA0B0000 CALL <JMP.&MFC42.#5981_CWnd::SetFocus> 0040EF1A . E9 A9000000 JMP MP4Video.0040EFC8 0040EF1F > 51 PUSH ECX 0040EF20 . 8BCC MOV ECX,ESP 0040EF22 . 896424 14 MOV DWORD PTR SS:[ESP+14],ESP 0040EF26 . 55 PUSH EBP 0040EF27 . E8 7C080000 CALL <JMP.&MFC42.#535_CString::CString> 0040EF2C . 51 PUSH ECX 0040EF2D . C64424 30 02 MOV BYTE PTR SS:[ESP+30],2 0040EF32 . 8BCC MOV ECX,ESP 0040EF34 . 896424 14 MOV DWORD PTR SS:[ESP+14],ESP 0040EF38 . 57 PUSH EDI 0040EF39 . E8 6A080000 CALL <JMP.&MFC42.#535_CString::CString> 0040EF3E . 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C] 0040EF42 . C64424 30 00 MOV BYTE PTR SS:[ESP+30],0 0040EF47 . E8 C4010000 CALL MP4Video.0040F110 ; //关键CALL 0040EF4C . 84C0 TEST AL,AL 0040EF4E . 74 65 JE SHORT MP4Video.0040EFB5 0040EF50 . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14] 0040EF54 . E8 A7010000 CALL MP4Video.0040F100 0040EF59 . 84C0 TEST AL,AL 0040EF5B . 75 39 JNZ SHORT MP4Video.0040EF96 0040EF5D . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14] 0040EF61 . E8 8A050000 CALL MP4Video.0040F4F0 0040EF66 . 84C0 TEST AL,AL 0040EF68 . 75 2C JNZ SHORT MP4Video.0040EF96 0040EF6A . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14] 0040EF6E . E8 9D020000 CALL MP4Video.0040F210 0040EF73 . 84C0 TEST AL,AL 0040EF75 . 74 3E JE SHORT MP4Video.0040EFB5 0040EF77 . 6A 40 PUSH 40 0040EF79 . 68 7C7E4100 PUSH MP4Video.00417E7C ; Message 0040EF7E . 68 587E4100 PUSH MP4Video.00417E58 ; You have successfully registered! 0040EF83 . 8BCE MOV ECX,ESI 0040EF85 . E8 0A0D0000 CALL <JMP.&MFC42.#4224_CWnd::MessageBoxA> 0040EF8A . 8B16 MOV EDX,DWORD PTR DS:[ESI] 0040EF8C . 8BCE MOV ECX,ESI 0040EF8E . FF92 CC000000 CALL DWORD PTR DS:[EDX+CC] 0040EF94 . EB 32 JMP SHORT MP4Video.0040EFC8 0040EF96 > 6A 40 PUSH 40 0040EF98 . 68 7C7E4100 PUSH MP4Video.00417E7C ; Message 0040EF9D . 68 587E4100 PUSH MP4Video.00417E58 ; You have successfully registered! 0040EFA2 . 8BCE MOV ECX,ESI 0040EFA4 . E8 EB0C0000 CALL <JMP.&MFC42.#4224_CWnd::MessageBoxA> 0040EFA9 . 8B06 MOV EAX,DWORD PTR DS:[ESI] 0040EFAB . 8BCE MOV ECX,ESI 0040EFAD . FF90 CC000000 CALL DWORD PTR DS:[EAX+CC] 0040EFB3 . EB 13 JMP SHORT MP4Video.0040EFC8 0040EFB5 > 6A 10 PUSH 10 0040EFB7 . 68 A8744100 PUSH MP4Video.004174A8 ; Error 0040EFBC . 68 447E4100 PUSH MP4Video.00417E44 ; failed register! 0040EFC1 . 8BCE MOV ECX,ESI 0040EFC3 . E8 CC0C0000 CALL <JMP.&MFC42.#4224_CWnd::MessageBoxA> 0040EFC8 > 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14] 0040EFCC . C74424 28 FFF>MOV DWORD PTR SS:[ESP+28],-1 0040EFD4 . E8 C7000000 CALL MP4Video.0040F0A0 0040EFD9 . 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+20] 0040EFDD . 5F POP EDI 0040EFDE . 5E POP ESI 0040EFDF . 64:890D 00000>MOV DWORD PTR FS:[0],ECX 0040EFE6 . 5D POP EBP 0040EFE7 . 83C4 20 ADD ESP,20 0040EFEA . C3 RETN ============================================================== 0040F110 /$ 6A FF PUSH -1 0040F112 |. 68 B0144100 PUSH MP4Video.004114B0 ; SE 处理程序安装 0040F117 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 0040F11D |. 50 PUSH EAX 0040F11E |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP 0040F125 |. 51 PUSH ECX 0040F126 |. 53 PUSH EBX 0040F127 |. 55 PUSH EBP 0040F128 |. 56 PUSH ESI 0040F129 |. 57 PUSH EDI 0040F12A |. 8BE9 MOV EBP,ECX 0040F12C |. 8B7C24 28 MOV EDI,DWORD PTR SS:[ESP+28] ; //机器码 0040F130 |. 33DB XOR EBX,EBX ; //EBX=0 0040F132 |. 33C9 XOR ECX,ECX 0040F134 |. C74424 1C 010>MOV DWORD PTR SS:[ESP+1C],1 0040F13C |. 8B57 F8 MOV EDX,DWORD PTR DS:[EDI-8] 0040F13F |. 3BD3 CMP EDX,EBX 0040F141 |. 7E 14 JLE SHORT MP4Video.0040F157 0040F143 |> 8A0439 /MOV AL,BYTE PTR DS:[ECX+EDI] 0040F146 |. 3C 30 |CMP AL,30 0040F148 |. 0F8C 83000000 |JL MP4Video.0040F1D1 0040F14E |. 3C 39 |CMP AL,39 0040F150 |. 7F 7F |JG SHORT MP4Video.0040F1D1 0040F152 |. 41 |INC ECX 0040F153 |. 3BCA |CMP ECX,EDX 0040F155 |.^ 7C EC \JL SHORT MP4Video.0040F143 ; //循环,注册码必须为数字 0040F157 |> 8B7424 24 MOV ESI,DWORD PTR SS:[ESP+24] ; //用户名 0040F15B |. 8B56 F8 MOV EDX,DWORD PTR DS:[ESI-8] ; //用户名长度 0040F15E |. 3BD3 CMP EDX,EBX 0040F160 |. 74 6F JE SHORT MP4Video.0040F1D1 ; //用户名长度为0则跳 0040F162 |. 33C9 XOR ECX,ECX 0040F164 |. 33C0 XOR EAX,EAX 0040F166 |. 3BD3 CMP EDX,EBX 0040F168 |. 7E 0D JLE SHORT MP4Video.0040F177 ; //用户名长度小于等于0则跳 0040F16A |> 0FBE1C30 /MOVSX EBX,BYTE PTR DS:[EAX+ESI] 0040F16E |. 03CB |ADD ECX,EBX 0040F170 |. 40 |INC EAX 0040F171 |. 3BC2 |CMP EAX,EDX 0040F173 |.^ 7C F5 \JL SHORT MP4Video.0040F16A ; //循环,将用户名ASCII码累加到ECX 0040F175 |. 33DB XOR EBX,EBX 0040F177 |> 69C9 C3220000 IMUL ECX,ECX,22C3 ; //ECX=ECX*22C3 0040F17D |. 81C1 24E4DC04 ADD ECX,4DCE424 ; //ECX=ECX+4DCE424 0040F183 |. 57 PUSH EDI ; /s 0040F184 |. 8BF1 MOV ESI,ECX ; |//ESI=ECX 0040F186 |. FF15 9C254100 CALL DWORD PTR DS:[<&MSVCRT.atol>] ; \//将假码转16进制送入EAX 0040F18C |. 83C4 04 ADD ESP,4 0040F18F |. 3BC6 CMP EAX,ESI ; //真假码比较 0040F191 |. 75 3E JNZ SHORT MP4Video.0040F1D1 ; //关键跳转 0040F193 |. 51 PUSH ECX 0040F194 |. 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+28] 0040F198 |. 8BCC MOV ECX,ESP 0040F19A |. 896424 14 MOV DWORD PTR SS:[ESP+14],ESP 0040F19E |. 50 PUSH EAX 0040F19F |. E8 04060000 CALL <JMP.&MFC42.#535_CString::CString> 0040F1A4 |. 8BCD MOV ECX,EBP ; | 0040F1A6 |. E8 A5010000 CALL MP4Video.0040F350 ; \MP4Video.0040F350 0040F1AB |. 3AC3 CMP AL,BL 0040F1AD |. 75 22 JNZ SHORT MP4Video.0040F1D1 0040F1AF |. 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24] 0040F1B3 |. 885C24 1C MOV BYTE PTR SS:[ESP+1C],BL 0040F1B7 |. E8 E6050000 CALL <JMP.&MFC42.#800_CString::~CString> 0040F1BC |. 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28] 0040F1C0 |. C74424 1C FFF>MOV DWORD PTR SS:[ESP+1C],-1 0040F1C8 |. E8 D5050000 CALL <JMP.&MFC42.#800_CString::~CString> 0040F1CD |. B0 01 MOV AL,1 0040F1CF |. EB 20 JMP SHORT MP4Video.0040F1F1 0040F1D1 |> 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24] 0040F1D5 |. 885C24 1C MOV BYTE PTR SS:[ESP+1C],BL 0040F1D9 |. E8 C4050000 CALL <JMP.&MFC42.#800_CString::~CString> 0040F1DE |. 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28] 0040F1E2 |. C74424 1C FFF>MOV DWORD PTR SS:[ESP+1C],-1 0040F1EA |. E8 B3050000 CALL <JMP.&MFC42.#800_CString::~CString> 0040F1EF |. 32C0 XOR AL,AL 0040F1F1 |> 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14] 0040F1F5 |. 5F POP EDI 0040F1F6 |. 5E POP ESI 0040F1F7 |. 5D POP EBP 0040F1F8 |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX 0040F1FF |. 5B POP EBX 0040F200 |. 83C4 10 ADD ESP,10 0040F203 \. C2 0800 RETN 8
【破解总结】
--------------------------------------------------------------
【算法总结】
注册码=用户名ASCII码累加值*22C3h+4DCE424h
--------------------------------------------------------------
【算法注册机】
算法比较简单,用keymake作算法注册机比较快
KeyGen.rek
.const
.data
szHomePage db "http://www.chinapyg.com",0
szEmail db "mailto:tianxj_2007@126.com",0
szErrMess db "请输入用户名!",0
szFMT db "%d",0
szBuffer db 50 dup (0)
.code
MOV ESI,EAX
invoke lstrlen,esi
MOV EDX,EAX
XOR ECX,ECX
XOR EAX,EAX
@MP4Video_0040F16A:
MOVSX EBX,BYTE PTR DS:[EAX+ESI]
ADD ECX,EBX
INC EAX
CMP EAX,EDX
JL @MP4Video_0040F16A
IMUL ECX,ECX,022C3h
ADD ECX,04DCE424h
MOV ESI,ECX
invoke wsprintf,addr szBuffer,addr szFMT,esi
lea eax,szBuffer
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及徐超等所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!