【破文标题】Magic Image Resizer 1.5简单分析
【破文作者】tianxj
【作者邮箱】tianxj_2007@126.com
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD
【破解平台】盗版Windows XP sp2
【软件名称】Magic Image Resizer 1.5
【软件大小】348KB
【软件类别】国外软件/图像处理
【软件授权】共享版
【软件语言】英文
【运行环境】Win9x/Me/NT/2000/XP/2003
【更新时间】2008-9-30
【原版下载】自己找一下
【保护方式】注册码
【软件简介】Magic Image Resizer 一款可将大部分格式的图像文件(jpg, gif, bmp)进行缩放处理而无失真的软件。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、运行程序,进行注册,输入错误的注册信息进行检测,有提示信息
"The keycode is incorrect! Please try again or buy a valid keycode online."
**************************************************************
二、用PEiD对Resizer.exe查壳,为 UPX 0.89.6 - 1.02 / 1.05 - 1.24 (Delphi) stub -> Markus & Laszlo
用PEiD插件脱壳后,为 Borland Delphi 6.0 - 7.0
**************************************************************
三、运行OD,打开Resizer.exe.unpacked_.exe,右键超级字串参考查找ASCII.
==============================================================
代码:
0049202C /$ 55 PUSH EBP 0049202D |. 8BEC MOV EBP, ESP 0049202F |. 6A 00 PUSH 0 00492031 |. 6A 00 PUSH 0 00492033 |. 53 PUSH EBX 00492034 |. 8BD8 MOV EBX, EAX 00492036 |. 33C0 XOR EAX, EAX 00492038 |. 55 PUSH EBP 00492039 |. 68 ED204900 PUSH Resizer_.004920ED 0049203E |. 64:FF30 PUSH DWORD PTR FS:[EAX] 00492041 |. 64:8920 MOV DWORD PTR FS:[EAX], ESP 00492044 |. 8D55 FC LEA EDX, DWORD PTR [EBP-4] 00492047 |. 8B83 00030000 MOV EAX, DWORD PTR [EBX+300] 0049204D |. E8 42D5FAFF CALL Resizer_.0043F594 00492052 |. 8B55 FC MOV EDX, DWORD PTR [EBP-4] ; //试练码 00492055 |. 8BC3 MOV EAX, EBX 00492057 |. E8 A8010000 CALL Resizer_.00492204 ; //关键CALL 0049205C |. 84C0 TEST AL, AL 0049205E |. 74 46 JE SHORT Resizer_.004920A6 ; //关键跳转 00492060 |. 8D55 F8 LEA EDX, DWORD PTR [EBP-8] 00492063 |. 8B83 00030000 MOV EAX, DWORD PTR [EBX+300] 00492069 |. E8 26D5FAFF CALL Resizer_.0043F594 0049206E |. 8B4D F8 MOV ECX, DWORD PTR [EBP-8] 00492071 |. BA 04214900 MOV EDX, Resizer_.00492104 ; reg_geslo 00492076 |. B8 18214900 MOV EAX, Resizer_.00492118 ; Software\Magic Project\Magic Image Resizer 0049207B |. E8 74EEFCFF CALL Resizer_.00460EF4 00492080 |. A1 F0AB4900 MOV EAX, DWORD PTR [49ABF0] 00492085 |. C600 01 MOV BYTE PTR [EAX], 1 00492088 |. 6A 00 PUSH 0 0049208A |. 66:8B0D 44214>MOV CX, WORD PTR [492144] 00492091 |. B2 02 MOV DL, 2 00492093 |. B8 50214900 MOV EAX, Resizer_.00492150 ; Thank you for registering the program! 00492098 |. E8 CB6EFAFF CALL Resizer_.00438F68 0049209D |. 8BC3 MOV EAX, EBX 0049209F |. E8 3898FCFF CALL Resizer_.0045B8DC 004920A4 |. EB 2C JMP SHORT Resizer_.004920D2 004920A6 |> 6A 00 PUSH 0 004920A8 |. 66:8B0D 78214>MOV CX, WORD PTR [492178] 004920AF |. B2 01 MOV DL, 1 004920B1 |. B8 84214900 MOV EAX, Resizer_.00492184 ; The keycode is incorrect! Please try again or buy a valid keycode online. 004920B6 |. E8 AD6EFAFF CALL Resizer_.00438F68 004920BB |. 48 DEC EAX 004920BC |. 75 14 JNZ SHORT Resizer_.004920D2 004920BE |. 6A 01 PUSH 1 ; /IsShown = 1 004920C0 |. 6A 00 PUSH 0 ; |DefDir = NULL 004920C2 |. 6A 00 PUSH 0 ; |Parameters = NULL 004920C4 |. 68 D0214900 PUSH Resizer_.004921D0 ; |http://www.resizer.info/order.php 004920C9 |. 6A 00 PUSH 0 ; |Operation = NULL 004920CB |. 6A 00 PUSH 0 ; |hWnd = NULL 004920CD |. E8 7A2CFAFF CALL <JMP.&SHELL32.ShellExecuteA> ; \ShellExecuteA 004920D2 |> 33C0 XOR EAX, EAX 004920D4 |. 5A POP EDX 004920D5 |. 59 POP ECX 004920D6 |. 59 POP ECX 004920D7 |. 64:8910 MOV DWORD PTR FS:[EAX], EDX 004920DA |. 68 F4204900 PUSH Resizer_.004920F4 004920DF |> 8D45 F8 LEA EAX, DWORD PTR [EBP-8] 004920E2 |. BA 02000000 MOV EDX, 2 004920E7 |. E8 1825F7FF CALL Resizer_.00404604 004920EC \. C3 RETN 004920ED .- E9 921EF7FF JMP Resizer_.00403F84 004920F2 .^ EB EB JMP SHORT Resizer_.004920DF 004920F4 . 5B POP EBX 004920F5 . 59 POP ECX 004920F6 . 59 POP ECX 004920F7 . 5D POP EBP 004920F8 . C3 RETN ============================================================== 00492204 /$ 55 PUSH EBP 00492205 |. 8BEC MOV EBP, ESP 00492207 |. 51 PUSH ECX 00492208 |. 53 PUSH EBX 00492209 |. 8955 FC MOV DWORD PTR [EBP-4], EDX 0049220C |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] ; //试练码 0049220F |. E8 6C28F7FF CALL Resizer_.00404A80 00492214 |. 33C0 XOR EAX, EAX 00492216 |. 55 PUSH EBP 00492217 |. 68 CC224900 PUSH Resizer_.004922CC 0049221C |. 64:FF30 PUSH DWORD PTR FS:[EAX] 0049221F |. 64:8920 MOV DWORD PTR FS:[EAX], ESP 00492222 |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 00492225 |. E8 6E26F7FF CALL Resizer_.00404898 0049222A |. 83F8 13 CMP EAX, 13 0049222D |. 0F85 81000000 JNZ Resizer_.004922B4 ; //注册码长度不等于13h即19则跳 00492233 |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 00492236 |. 8038 6D CMP BYTE PTR [EAX], 6D 00492239 |. 75 79 JNZ SHORT Resizer_.004922B4 ; //注册码第1位不是"m"则跳 0049223B |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 0049223E |. 8078 01 61 CMP BYTE PTR [EAX+1], 61 00492242 |. 75 70 JNZ SHORT Resizer_.004922B4 ; //注册码第2位不是"a"则跳 00492244 |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 00492247 |. 8078 02 67 CMP BYTE PTR [EAX+2], 67 0049224B |. 75 67 JNZ SHORT Resizer_.004922B4 ; //注册码第3位不是"g"则跳 0049224D |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 00492250 |. 8078 03 69 CMP BYTE PTR [EAX+3], 69 00492254 |. 75 5E JNZ SHORT Resizer_.004922B4 ; //注册码第4位不是"i"则跳 00492256 |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 00492259 |. 8078 04 2D CMP BYTE PTR [EAX+4], 2D 0049225D |. 75 55 JNZ SHORT Resizer_.004922B4 ; //注册码第5位不是"-"则跳 0049225F |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 00492262 |. 8078 05 76 CMP BYTE PTR [EAX+5], 76 00492266 |. 75 4C JNZ SHORT Resizer_.004922B4 ; //注册码第6位不是"v"则跳 00492268 |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 0049226B |. 8078 07 30 CMP BYTE PTR [EAX+7], 30 0049226F |. 75 43 JNZ SHORT Resizer_.004922B4 ; //注册码第8位不是"0"则跳 00492271 |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 00492274 |. 8078 08 37 CMP BYTE PTR [EAX+8], 37 00492278 |. 75 3A JNZ SHORT Resizer_.004922B4 ; //注册码第9位不是"7"则跳 0049227A |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 0049227D |. 8078 09 2D CMP BYTE PTR [EAX+9], 2D 00492281 |. 75 31 JNZ SHORT Resizer_.004922B4 ; //注册码第10位不是"-"则跳 00492283 |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 00492286 |. 8078 0B 61 CMP BYTE PTR [EAX+B], 61 0049228A |. 75 28 JNZ SHORT Resizer_.004922B4 ; //注册码第12位不是"a"则跳 0049228C |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 0049228F |. 8078 0F 6D CMP BYTE PTR [EAX+F], 6D 00492293 |. 75 1F JNZ SHORT Resizer_.004922B4 ; //注册码第16位不是"m"则跳 00492295 |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 00492298 |. 8078 10 6C CMP BYTE PTR [EAX+10], 6C 0049229C |. 75 16 JNZ SHORT Resizer_.004922B4 ; //注册码第17位不是"l"则跳 0049229E |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 004922A1 |. 8078 11 73 CMP BYTE PTR [EAX+11], 73 004922A5 |. 75 0D JNZ SHORT Resizer_.004922B4 ; //注册码第18位不是"s"则跳 004922A7 |. 8B45 FC MOV EAX, DWORD PTR [EBP-4] 004922AA |. 8078 12 34 CMP BYTE PTR [EAX+12], 34 004922AE |. 75 04 JNZ SHORT Resizer_.004922B4 ; //注册码第19位不是"4"则跳 004922B0 |. B3 01 MOV BL, 1 004922B2 |. EB 02 JMP SHORT Resizer_.004922B6 004922B4 |> 33DB XOR EBX, EBX 004922B6 |> 33C0 XOR EAX, EAX 004922B8 |. 5A POP EDX 004922B9 |. 59 POP ECX 004922BA |. 59 POP ECX 004922BB |. 64:8910 MOV DWORD PTR FS:[EAX], EDX 004922BE |. 68 D3224900 PUSH Resizer_.004922D3 004922C3 |> 8D45 FC LEA EAX, DWORD PTR [EBP-4] 004922C6 |. E8 1523F7FF CALL Resizer_.004045E0 004922CB \. C3 RETN 004922CC .- E9 B31CF7FF JMP Resizer_.00403F84 004922D1 .^ EB F0 JMP SHORT Resizer_.004922C3 004922D3 . 8BC3 MOV EAX, EBX 004922D5 . 5B POP EBX 004922D6 . 59 POP ECX 004922D7 . 5D POP EBP 004922D8 . C3 RETN
【破解总结】
和固定注册码差不多,就不写注册机了
--------------------------------------------------------------
【算法总结】
注册码为 magi-v*07-*a***mls4 (星号为任意字符)
--------------------------------------------------------------
【注册信息】
保存在
[HKEY_USERS\******\Software\Magic Project\Magic Image Resizer]
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及徐超等所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
_/_/_/ _/ _/ _/_/_/
_/ _/ _/ _/ _/
_/_/_/ _/_/ _/_/_/_/
_/ _/ _/ _/
_/ _/ _/_/_/ _/ tianxj