- 小小电影
- 趣味软件
- 测字算命
- 桌面屏保
- 电脑游戏
- 模拟游戏
- 迷你游戏
- 影视 MTV
- 精彩动画
- 精彩FLASH
- 外挂下载
- 网络游戏
- 整人工具
- 益智游戏
- 游戏补丁
- 魔兽争霸
MP3 Tag Clinic 2.7破解手记--完美爆破
MP3 Tag Clinic 2.7破解手记--完美爆破
软件名称:MP3 Tag Clinic 2.7(收藏管理)
整理日期:2003.3.16
最新版本:2.7
文件大小:2049KB
软件授权:共享软件
使用平台:Win9x/Me/NT/2000/XP
发布公司: http://www.kevesoft.com/"
软件简介:只要指定好文件夹,MP3Tag Clinic便会将该文件夹中所有MP3文件的Tag资料汇总于一个表格中,包括歌手名称、专辑名称、歌名、备注等等,便于你针对单一文件或是文件群做Tag的浏览与修改。
加密方式:ASPROTECT1.23.b+注册码
功能限制:30次试用
PJ工具:TRW20001.23注册版(加SuperBPM)、W32Dasm8.93黄金版,FI2.5,Import Reconstructor 1.4.2+,fs0-loader
PJ日期:2003-03-27
作者newlaos申明:只是学习,请不用于商业用途或是将本文方法制作的注册机任意传播,造成后果,本人一概不负。水平低,只能找到爆破点,而没有办法找到关键算法,还请高手指点!
1、先用FI2.5看一下主文件“MP3TagClinic.exe”,加了ASPROTECT1.23.b壳,只有手动脱壳了。
a、用fs0_loader找入口点工具,找到入口点。软件提示在4BE858位置DUMP最好,因为这时文件结构表没有损坏。软件再提示入口点在660A7C。好!先记下来。
b、用trw2000初步脱壳,打开SuperBPM,点erase,用trw载入MP3TagClinic.exe,下g 4BE858. 接着下pedump脱出程序为DUMP1.EXE。
C、打开原加壳程序,在Import REConstructor v1.4.2+ 的 Attach to an Active Process 窗口中选取MP3TagClinic.exe的进程,然后在下方的oep处填入rva即260A7C(入口点地址660A7C-40000),点IAT AutoSearch,再点Get Imports,点Auto Trace,然后点Show Invalid,在Imported Functions Found窗口里的无效地址上点鼠标右键,选Trace Leve11(disasm),再点show invaids,发现部分修复。再在无效地址上点鼠标右键,选Trace Leve11(HOOK),再点show invaids,发现又有几个被修复。同理再选Trace Leve11(Tray Flag),又修复几个。若还有几个没有修复,再次在那几个没有修复的地址上点鼠标右键. 选中Plugin Tracer(Asprotect 1.2X Emul),再点show invaids应发现所有的dll显示 valid:Yes了。
再点Fix Dump,选中你用trw2000 pedump出的文件修复,最后生成完全脱壳程序名称为dump1_.exe。退出一运行,成功!
2、用W32Dasm8.93黄金版对主程序进行静态反汇编,再用串式数据参考,找到"MP3 Tag Clinic v2.7 (UNREGISTERED)",对于那些要在重启后再验证注册码的软件,最好就是找与窗口标题栏上未注册的那一串字符,双击来到下面代码段。这样就很快定位注册码的计算部分。
3、再用TRW20001.23注册版进行动态跟踪,下断BPX 004BED3F(通常在注册成功与否的前面一些下断,这样,才能找到关键部分),先输入假码78787878
.......
.......
:004BED3F 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:004BED45 E8626AF7FF call 004357AC
:004BED4A 8D55FC lea edx, dword ptr [ebp-04]
:004BED4D A148846600 mov eax, dword ptr [00668448]
:004BED52 8B00 mov eax, dword ptr [eax]
:004BED54 E8EF71F7FF call 00435F48 <===呵呵,这个CALL会使下面算出下面需要的EAX,F8跟进。
:004BED59 8B45FC mov eax, dword ptr [ebp-04] <===这里要正确,则这里必须为EAX=MP3 Tag Clinic v2.7,而不能是MP3 Tag Clinic v2.7 (UNREGISTERED)
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (UNREGISTERED)"
|
:004BED5C BAC8F14B00 mov edx, 004BF1C8
:004BED61 E8EA53F4FF call 00404150 <===对比EAX和EDX的值,看是不是未注册模式。
:004BED66 7440 je 004BEDA8 <==相等就从这里跳走,就是不正确的了。针对下面的情况,在这里爆破比较合适,将7440改为9090,即可完美爆破
:004BED68 8D55F8 lea edx, dword ptr [ebp-08]
:004BED6B A148846600 mov eax, dword ptr [00668448]
:004BED70 8B00 mov eax, dword ptr [eax]
:004BED72 E8D171F7FF call 00435F48
:004BED77 8B45F8 mov eax, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (registration "
->"pending)"
|
:004BED7A BAF4F14B00 mov edx, 004BF1F4
:004BED7F E8CC53F4FF call 00404150 <===对比EAX和EDX的值,看是不是注册待验证模式。
:004BED84 7422 je 004BEDA8 <===是,就跳走!
:004BED86 8D55F4 lea edx, dword ptr [ebp-0C]
:004BED89 A148846600 mov eax, dword ptr [00668448]
:004BED8E 8B00 mov eax, dword ptr [eax]
:004BED90 E8B371F7FF call 00435F48
:004BED95 8B45F4 mov eax, dword ptr [ebp-0C]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (DEBUG MODE)"
|
:004BED98 BA28F24B00 mov edx, 004BF228
:004BED9D E8AE53F4FF call 00404150 <===对比EAX和EDX的值,看是不是调试模式。
:004BEDA2 0F856E010000 jne 004BEF16
<===如果不是上面三种模式任一种,则这里就跳向胜利。呵呵!
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004BED66(C), :004BED84(C)
|
:004BEDA8 8D55F0 lea edx, dword ptr [ebp-10]
<===如果是三种模式任一种,都会来到这里,也就意味着不是正式注册用户了
:004BEDAB A148846600 mov eax, dword ptr [00668448]
:004BEDB0 8B00 mov eax, dword ptr [eax]
:004BEDB2 E89171F7FF call 00435F48
:004BEDB7 8B45F0 mov eax, dword ptr [ebp-10]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (registration "
->"pending)"
|
:004BEDBA BAF4F14B00 mov edx, 004BF1F4
:004BEDBF E88C53F4FF call 00404150
:004BEDC4 0F84B7000000 je 004BEE81
:004BEDCA 8BC3 mov eax, ebx
:004BEDCC E8FF0A0000 call 004BF8D0
:004BEDD1 833D6871660000 cmp dword ptr [00667168], 00000000
:004BEDD8 7E37 jle 004BEE11
:004BEDDA 8D55E8 lea edx, dword ptr [ebp-18]
:004BEDDD A168716600 mov eax, dword ptr [00667168]
:004BEDE2 83E801 sub eax, 00000001
:004BEDE5 7105 jno 004BEDEC
:004BEDE7 E89041F4FF call 00402F7C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEDE5(C)
|
:004BEDEC E8DFA6F4FF call 004094D0
:004BEDF1 8B4DE8 mov ecx, dword ptr [ebp-18]
:004BEDF4 8D45EC lea eax, dword ptr [ebp-14]
* Possible StringData Ref from Code Obj ->"Trial runs remaining: "
|
:004BEDF7 BA54F24B00 mov edx, 004BF254
:004BEDFC E88B52F4FF call 0040408C
:004BEE01 8B55EC mov edx, dword ptr [ebp-14]
:004BEE04 8B83E8020000 mov eax, dword ptr [ebx+000002E8]
:004BEE0A E86971F7FF call 00435F78
:004BEE0F EB51 jmp 004BEE62
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEDD8(C)
|
:004BEE11 8D55E4 lea edx, dword ptr [ebp-1C]
:004BEE14 A148846600 mov eax, dword ptr [00668448]
:004BEE19 8B00 mov eax, dword ptr [eax]
:004BEE1B E82871F7FF call 00435F48
:004BEE20 8B45E4 mov eax, dword ptr [ebp-1C]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (DEBUG MODE)"
|
:004BEE23 BA28F24B00 mov edx, 004BF228
:004BEE28 E82353F4FF call 00404150
:004BEE2D 7512 jne 004BEE41
* Possible StringData Ref from Code Obj ->"- DEBUG MODE -"
|
:004BEE2F BA74F24B00 mov edx, 004BF274
:004BEE34 8B83E8020000 mov eax, dword ptr [ebx+000002E8]
:004BEE3A E83971F7FF call 00435F78
:004BEE3F EB21 jmp 004BEE62
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEE2D(C)
|
:004BEE41 A148846600 mov eax, dword ptr [00668448]
:004BEE46 8B00 mov eax, dword ptr [eax]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (UNREGISTERED)"
|
:004BEE48 BAC8F14B00 mov edx, 004BF1C8
:004BEE4D E82671F7FF call 00435F78
* Possible StringData Ref from Code Obj ->"- UNREGISTERED -"
|
:004BEE52 BA8CF24B00 mov edx, 004BF28C
:004BEE57 8B83E8020000 mov eax, dword ptr [ebx+000002E8]
:004BEE5D E81671F7FF call 00435F78
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004BEE0F(U), :004BEE3F(U)
|
:004BEE62 BA0F000080 mov edx, 8000000F
:004BEE67 8B83E4020000 mov eax, dword ptr [ebx+000002E4]
:004BEE6D E8B642FFFF call 004B3128
:004BEE72 B201 mov dl, 01
:004BEE74 8B83E4020000 mov eax, dword ptr [ebx+000002E4]
:004BEE7A E8E16FF7FF call 00435E60
:004BEE7F EB66 jmp 004BEEE7
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEDC4(C)
|
* Possible StringData Ref from Code Obj ->"registration pending"
|
:004BEE81 BAA8F24B00 mov edx, 004BF2A8
:004BEE86 8B83E8020000 mov eax, dword ptr [ebx+000002E8]
:004BEE8C E8E770F7FF call 00435F78
:004BEE91 A148846600 mov eax, dword ptr [00668448]
:004BEE96 8B00 mov eax, dword ptr [eax]
:004BEE98 8B80FC020000 mov eax, dword ptr [eax+000002FC]
:004BEE9E 8B4028 mov eax, dword ptr [eax+28]
:004BEEA1 BA03000000 mov edx, 00000003
:004BEEA6 E8FD78F8FF call 004467A8
:004BEEAB 33D2 xor edx, edx
:004BEEAD E8F678F8FF call 004467A8
:004BEEB2 8B4024 mov eax, dword ptr [eax+24]
* Possible StringData Ref from Code Obj ->"Register"
|
:004BEEB5 BAC8F24B00 mov edx, 004BF2C8
:004BEEBA E89152F4FF call 00404150
:004BEEBF 7526 jne 004BEEE7
:004BEEC1 A148846600 mov eax, dword ptr [00668448]
:004BEEC6 8B00 mov eax, dword ptr [eax]
:004BEEC8 8B80FC020000 mov eax, dword ptr [eax+000002FC]
:004BEECE 8B4028 mov eax, dword ptr [eax+28]
:004BEED1 BA03000000 mov edx, 00000003
:004BEED6 E8CD78F8FF call 004467A8
:004BEEDB 33D2 xor edx, edx
:004BEEDD E8C678F8FF call 004467A8
:004BEEE2 E85541F4FF call 0040303C
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004BEE7F(U), :004BEEBF(C)
|
:004BEEE7 8D8304030000 lea eax, dword ptr [ebx+00000304]
* Possible StringData Ref from Code Obj ->"UNREGISTERED"
|
:004BEEED BADCF24B00 mov edx, 004BF2DC
:004BEEF2 E81D4FF4FF call 00403E14
:004BEEF7 33D2 xor edx, edx
:004BEEF9 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:004BEEFF E85C6FF7FF call 00435E60
:004BEF04 B201 mov dl, 01
:004BEF06 8B83E8020000 mov eax, dword ptr [ebx+000002E8]
:004BEF0C E84F6FF7FF call 00435E60
:004BEF11 E963010000 jmp 004BF079
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEDA2(C) <===关键的跳转过来的地方,向上看
|
:004BEF16 8D4DDC lea ecx, dword ptr [ebp-24]
:004BEF19 8B159C826600 mov edx, dword ptr [0066829C]
:004BEF1F 8B12 mov edx, dword ptr [edx]
:004BEF21 8BC3 mov eax, ebx
:004BEF23 E8300E0000 call 004BFD58
:004BEF28 8B4DDC mov ecx, dword ptr [ebp-24]
:004BEF2B 8D45E0 lea eax, dword ptr [ebp-20]
* Possible StringData Ref from Code Obj ->"Registered to: "
|
:004BEF2E BAF4F24B00 mov edx, 004BF2F4
:004BEF33 E85451F4FF call 0040408C
:004BEF38 8B55E0 mov edx, dword ptr [ebp-20]
:004BEF3B 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:004BEF41 E83270F7FF call 00435F78
:004BEF46 8D55D8 lea edx, dword ptr [ebp-28]
:004BEF49 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:004BEF4F E8F46FF7FF call 00435F48
:004BEF54 8B45D8 mov eax, dword ptr [ebp-28]
* Possible StringData Ref from Code Obj ->"Registered to: "
|
:004BEF57 BAF4F24B00 mov edx, 004BF2F4
:004BEF5C E8EF51F4FF call 00404150 <===这个是再进行一次运算,验证注册码的合法性
:004BEF61 754C jne 004BEFAF <===如果这里正确就跳走,如果不跳走就显示注册码的非法性
* Possible StringData Ref from Code Obj ->"Registered to: Unknown"
|
:004BEF63 BA10F34B00 mov edx, 004BF310
:004BEF68 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:004BEF6E E80570F7FF call 00435F78
:004BEF73 A148846600 mov eax, dword ptr [00668448]
:004BEF78 8B00 mov eax, dword ptr [eax]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (UNKNOWN USER)"
|
:004BEF7A BA30F34B00 mov edx, 004BF330
:004BEF7F E8F46FF7FF call 00435F78
:004BEF84 8BC3 mov eax, ebx
:004BEF86 E845090000 call 004BF8D0
:004BEF8B 6A00 push 00000000
:004BEF8D 668B0D54F34B00 mov cx, word ptr [004BF354]
:004BEF94 B201 mov dl, 01
* Possible StringData Ref from Code Obj ->"User unknown; this program must "
->"be reinstalled."
|
:004BEF96 B860F34B00 mov eax, 004BF360
:004BEF9B E8FCCCF9FF call 0045BC9C
:004BEFA0 A1C09D6600 mov eax, dword ptr [00669DC0]
:004BEFA5 E88221F9FF call 0045112C
:004BEFAA E9B8010000 jmp 004BF167 <===程序已经判断出是非法注册,并要求重新安装,从这里跳走了。
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEF61(C) <===正确跳来的地方,向上看
|
:004BEFAF 33D2 xor edx, edx
:004BEFB1 8B83E4020000 mov eax, dword ptr [ebx+000002E4]
:004BEFB7 E8A46EF7FF call 00435E60
:004BEFBC 33D2 xor edx, edx
:004BEFBE 8B83E8020000 mov eax, dword ptr [ebx+000002E8]
:004BEFC4 E8976EF7FF call 00435E60
:004BEFC9 8B93D0020000 mov edx, dword ptr [ebx+000002D0]
:004BEFCF 8B5238 mov edx, dword ptr [edx+38]
:004BEFD2 8B83D4020000 mov eax, dword ptr [ebx+000002D4]
:004BEFD8 2B5038 sub edx, dword ptr [eax+38]
:004BEFDB 7105 jno 004BEFE2
:004BEFDD E89A3FF4FF call 00402F7C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEFDB(C)
|
:004BEFE2 D1FA sar edx, 1
:004BEFE4 7903 jns 004BEFE9
:004BEFE6 83D200 adc edx, 00000000
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEFE4(C)
|
:004BEFE9 E87A67F7FF call 00435768
:004BEFEE 8D8304030000 lea eax, dword ptr [ebx+00000304]
* Possible StringData Ref from Code Obj ->"- REGISTERED -"
|
:004BEFF4 BA98F34B00 mov edx, 004BF398
:004BEFF9 E8164EF4FF call 00403E14
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7"
|
:004BEFFE BAB0F34B00 mov edx, 004BF3B0
:004BF003 A1C09D6600 mov eax, dword ptr [00669DC0]
:004BF008 E86B6FF7FF call 00435F78
:004BF00D A148846600 mov eax, dword ptr [00668448]
:004BF012 8B00 mov eax, dword ptr [eax]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7"
|
:004BF014 BAB0F34B00 mov edx, 004BF3B0
:004BF019 E85A6FF7FF call 00435F78
:004BF01E 8D45D4 lea eax, dword ptr [ebp-2C]
.......
.......
4、注册信息保存在注册表里:
[HKEY_CURRENT_USER\Software\MP3TagClinic\Options]
"Key"="newlaos is trying his best to study cracking"
[HKEY_LOCAL_MACHINE\Software\MP3TagClinic\MP3 Tag Clinic v2.7\2.7.0.3]
"Name"="newlaos"
"Company"="newlaos.com"
整理日期:2003.3.16
最新版本:2.7
文件大小:2049KB
软件授权:共享软件
使用平台:Win9x/Me/NT/2000/XP
发布公司: http://www.kevesoft.com/"
软件简介:只要指定好文件夹,MP3Tag Clinic便会将该文件夹中所有MP3文件的Tag资料汇总于一个表格中,包括歌手名称、专辑名称、歌名、备注等等,便于你针对单一文件或是文件群做Tag的浏览与修改。
加密方式:ASPROTECT1.23.b+注册码
功能限制:30次试用
PJ工具:TRW20001.23注册版(加SuperBPM)、W32Dasm8.93黄金版,FI2.5,Import Reconstructor 1.4.2+,fs0-loader
PJ日期:2003-03-27
作者newlaos申明:只是学习,请不用于商业用途或是将本文方法制作的注册机任意传播,造成后果,本人一概不负。水平低,只能找到爆破点,而没有办法找到关键算法,还请高手指点!
1、先用FI2.5看一下主文件“MP3TagClinic.exe”,加了ASPROTECT1.23.b壳,只有手动脱壳了。
a、用fs0_loader找入口点工具,找到入口点。软件提示在4BE858位置DUMP最好,因为这时文件结构表没有损坏。软件再提示入口点在660A7C。好!先记下来。
b、用trw2000初步脱壳,打开SuperBPM,点erase,用trw载入MP3TagClinic.exe,下g 4BE858. 接着下pedump脱出程序为DUMP1.EXE。
C、打开原加壳程序,在Import REConstructor v1.4.2+ 的 Attach to an Active Process 窗口中选取MP3TagClinic.exe的进程,然后在下方的oep处填入rva即260A7C(入口点地址660A7C-40000),点IAT AutoSearch,再点Get Imports,点Auto Trace,然后点Show Invalid,在Imported Functions Found窗口里的无效地址上点鼠标右键,选Trace Leve11(disasm),再点show invaids,发现部分修复。再在无效地址上点鼠标右键,选Trace Leve11(HOOK),再点show invaids,发现又有几个被修复。同理再选Trace Leve11(Tray Flag),又修复几个。若还有几个没有修复,再次在那几个没有修复的地址上点鼠标右键. 选中Plugin Tracer(Asprotect 1.2X Emul),再点show invaids应发现所有的dll显示 valid:Yes了。
再点Fix Dump,选中你用trw2000 pedump出的文件修复,最后生成完全脱壳程序名称为dump1_.exe。退出一运行,成功!
2、用W32Dasm8.93黄金版对主程序进行静态反汇编,再用串式数据参考,找到"MP3 Tag Clinic v2.7 (UNREGISTERED)",对于那些要在重启后再验证注册码的软件,最好就是找与窗口标题栏上未注册的那一串字符,双击来到下面代码段。这样就很快定位注册码的计算部分。
3、再用TRW20001.23注册版进行动态跟踪,下断BPX 004BED3F(通常在注册成功与否的前面一些下断,这样,才能找到关键部分),先输入假码78787878
.......
.......
:004BED3F 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:004BED45 E8626AF7FF call 004357AC
:004BED4A 8D55FC lea edx, dword ptr [ebp-04]
:004BED4D A148846600 mov eax, dword ptr [00668448]
:004BED52 8B00 mov eax, dword ptr [eax]
:004BED54 E8EF71F7FF call 00435F48 <===呵呵,这个CALL会使下面算出下面需要的EAX,F8跟进。
:004BED59 8B45FC mov eax, dword ptr [ebp-04] <===这里要正确,则这里必须为EAX=MP3 Tag Clinic v2.7,而不能是MP3 Tag Clinic v2.7 (UNREGISTERED)
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (UNREGISTERED)"
|
:004BED5C BAC8F14B00 mov edx, 004BF1C8
:004BED61 E8EA53F4FF call 00404150 <===对比EAX和EDX的值,看是不是未注册模式。
:004BED66 7440 je 004BEDA8 <==相等就从这里跳走,就是不正确的了。针对下面的情况,在这里爆破比较合适,将7440改为9090,即可完美爆破
:004BED68 8D55F8 lea edx, dword ptr [ebp-08]
:004BED6B A148846600 mov eax, dword ptr [00668448]
:004BED70 8B00 mov eax, dword ptr [eax]
:004BED72 E8D171F7FF call 00435F48
:004BED77 8B45F8 mov eax, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (registration "
->"pending)"
|
:004BED7A BAF4F14B00 mov edx, 004BF1F4
:004BED7F E8CC53F4FF call 00404150 <===对比EAX和EDX的值,看是不是注册待验证模式。
:004BED84 7422 je 004BEDA8 <===是,就跳走!
:004BED86 8D55F4 lea edx, dword ptr [ebp-0C]
:004BED89 A148846600 mov eax, dword ptr [00668448]
:004BED8E 8B00 mov eax, dword ptr [eax]
:004BED90 E8B371F7FF call 00435F48
:004BED95 8B45F4 mov eax, dword ptr [ebp-0C]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (DEBUG MODE)"
|
:004BED98 BA28F24B00 mov edx, 004BF228
:004BED9D E8AE53F4FF call 00404150 <===对比EAX和EDX的值,看是不是调试模式。
:004BEDA2 0F856E010000 jne 004BEF16
<===如果不是上面三种模式任一种,则这里就跳向胜利。呵呵!
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004BED66(C), :004BED84(C)
|
:004BEDA8 8D55F0 lea edx, dword ptr [ebp-10]
<===如果是三种模式任一种,都会来到这里,也就意味着不是正式注册用户了
:004BEDAB A148846600 mov eax, dword ptr [00668448]
:004BEDB0 8B00 mov eax, dword ptr [eax]
:004BEDB2 E89171F7FF call 00435F48
:004BEDB7 8B45F0 mov eax, dword ptr [ebp-10]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (registration "
->"pending)"
|
:004BEDBA BAF4F14B00 mov edx, 004BF1F4
:004BEDBF E88C53F4FF call 00404150
:004BEDC4 0F84B7000000 je 004BEE81
:004BEDCA 8BC3 mov eax, ebx
:004BEDCC E8FF0A0000 call 004BF8D0
:004BEDD1 833D6871660000 cmp dword ptr [00667168], 00000000
:004BEDD8 7E37 jle 004BEE11
:004BEDDA 8D55E8 lea edx, dword ptr [ebp-18]
:004BEDDD A168716600 mov eax, dword ptr [00667168]
:004BEDE2 83E801 sub eax, 00000001
:004BEDE5 7105 jno 004BEDEC
:004BEDE7 E89041F4FF call 00402F7C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEDE5(C)
|
:004BEDEC E8DFA6F4FF call 004094D0
:004BEDF1 8B4DE8 mov ecx, dword ptr [ebp-18]
:004BEDF4 8D45EC lea eax, dword ptr [ebp-14]
* Possible StringData Ref from Code Obj ->"Trial runs remaining: "
|
:004BEDF7 BA54F24B00 mov edx, 004BF254
:004BEDFC E88B52F4FF call 0040408C
:004BEE01 8B55EC mov edx, dword ptr [ebp-14]
:004BEE04 8B83E8020000 mov eax, dword ptr [ebx+000002E8]
:004BEE0A E86971F7FF call 00435F78
:004BEE0F EB51 jmp 004BEE62
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEDD8(C)
|
:004BEE11 8D55E4 lea edx, dword ptr [ebp-1C]
:004BEE14 A148846600 mov eax, dword ptr [00668448]
:004BEE19 8B00 mov eax, dword ptr [eax]
:004BEE1B E82871F7FF call 00435F48
:004BEE20 8B45E4 mov eax, dword ptr [ebp-1C]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (DEBUG MODE)"
|
:004BEE23 BA28F24B00 mov edx, 004BF228
:004BEE28 E82353F4FF call 00404150
:004BEE2D 7512 jne 004BEE41
* Possible StringData Ref from Code Obj ->"- DEBUG MODE -"
|
:004BEE2F BA74F24B00 mov edx, 004BF274
:004BEE34 8B83E8020000 mov eax, dword ptr [ebx+000002E8]
:004BEE3A E83971F7FF call 00435F78
:004BEE3F EB21 jmp 004BEE62
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEE2D(C)
|
:004BEE41 A148846600 mov eax, dword ptr [00668448]
:004BEE46 8B00 mov eax, dword ptr [eax]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (UNREGISTERED)"
|
:004BEE48 BAC8F14B00 mov edx, 004BF1C8
:004BEE4D E82671F7FF call 00435F78
* Possible StringData Ref from Code Obj ->"- UNREGISTERED -"
|
:004BEE52 BA8CF24B00 mov edx, 004BF28C
:004BEE57 8B83E8020000 mov eax, dword ptr [ebx+000002E8]
:004BEE5D E81671F7FF call 00435F78
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004BEE0F(U), :004BEE3F(U)
|
:004BEE62 BA0F000080 mov edx, 8000000F
:004BEE67 8B83E4020000 mov eax, dword ptr [ebx+000002E4]
:004BEE6D E8B642FFFF call 004B3128
:004BEE72 B201 mov dl, 01
:004BEE74 8B83E4020000 mov eax, dword ptr [ebx+000002E4]
:004BEE7A E8E16FF7FF call 00435E60
:004BEE7F EB66 jmp 004BEEE7
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEDC4(C)
|
* Possible StringData Ref from Code Obj ->"registration pending"
|
:004BEE81 BAA8F24B00 mov edx, 004BF2A8
:004BEE86 8B83E8020000 mov eax, dword ptr [ebx+000002E8]
:004BEE8C E8E770F7FF call 00435F78
:004BEE91 A148846600 mov eax, dword ptr [00668448]
:004BEE96 8B00 mov eax, dword ptr [eax]
:004BEE98 8B80FC020000 mov eax, dword ptr [eax+000002FC]
:004BEE9E 8B4028 mov eax, dword ptr [eax+28]
:004BEEA1 BA03000000 mov edx, 00000003
:004BEEA6 E8FD78F8FF call 004467A8
:004BEEAB 33D2 xor edx, edx
:004BEEAD E8F678F8FF call 004467A8
:004BEEB2 8B4024 mov eax, dword ptr [eax+24]
* Possible StringData Ref from Code Obj ->"Register"
|
:004BEEB5 BAC8F24B00 mov edx, 004BF2C8
:004BEEBA E89152F4FF call 00404150
:004BEEBF 7526 jne 004BEEE7
:004BEEC1 A148846600 mov eax, dword ptr [00668448]
:004BEEC6 8B00 mov eax, dword ptr [eax]
:004BEEC8 8B80FC020000 mov eax, dword ptr [eax+000002FC]
:004BEECE 8B4028 mov eax, dword ptr [eax+28]
:004BEED1 BA03000000 mov edx, 00000003
:004BEED6 E8CD78F8FF call 004467A8
:004BEEDB 33D2 xor edx, edx
:004BEEDD E8C678F8FF call 004467A8
:004BEEE2 E85541F4FF call 0040303C
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004BEE7F(U), :004BEEBF(C)
|
:004BEEE7 8D8304030000 lea eax, dword ptr [ebx+00000304]
* Possible StringData Ref from Code Obj ->"UNREGISTERED"
|
:004BEEED BADCF24B00 mov edx, 004BF2DC
:004BEEF2 E81D4FF4FF call 00403E14
:004BEEF7 33D2 xor edx, edx
:004BEEF9 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:004BEEFF E85C6FF7FF call 00435E60
:004BEF04 B201 mov dl, 01
:004BEF06 8B83E8020000 mov eax, dword ptr [ebx+000002E8]
:004BEF0C E84F6FF7FF call 00435E60
:004BEF11 E963010000 jmp 004BF079
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEDA2(C) <===关键的跳转过来的地方,向上看
|
:004BEF16 8D4DDC lea ecx, dword ptr [ebp-24]
:004BEF19 8B159C826600 mov edx, dword ptr [0066829C]
:004BEF1F 8B12 mov edx, dword ptr [edx]
:004BEF21 8BC3 mov eax, ebx
:004BEF23 E8300E0000 call 004BFD58
:004BEF28 8B4DDC mov ecx, dword ptr [ebp-24]
:004BEF2B 8D45E0 lea eax, dword ptr [ebp-20]
* Possible StringData Ref from Code Obj ->"Registered to: "
|
:004BEF2E BAF4F24B00 mov edx, 004BF2F4
:004BEF33 E85451F4FF call 0040408C
:004BEF38 8B55E0 mov edx, dword ptr [ebp-20]
:004BEF3B 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:004BEF41 E83270F7FF call 00435F78
:004BEF46 8D55D8 lea edx, dword ptr [ebp-28]
:004BEF49 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:004BEF4F E8F46FF7FF call 00435F48
:004BEF54 8B45D8 mov eax, dword ptr [ebp-28]
* Possible StringData Ref from Code Obj ->"Registered to: "
|
:004BEF57 BAF4F24B00 mov edx, 004BF2F4
:004BEF5C E8EF51F4FF call 00404150 <===这个是再进行一次运算,验证注册码的合法性
:004BEF61 754C jne 004BEFAF <===如果这里正确就跳走,如果不跳走就显示注册码的非法性
* Possible StringData Ref from Code Obj ->"Registered to: Unknown"
|
:004BEF63 BA10F34B00 mov edx, 004BF310
:004BEF68 8B83F0020000 mov eax, dword ptr [ebx+000002F0]
:004BEF6E E80570F7FF call 00435F78
:004BEF73 A148846600 mov eax, dword ptr [00668448]
:004BEF78 8B00 mov eax, dword ptr [eax]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7 (UNKNOWN USER)"
|
:004BEF7A BA30F34B00 mov edx, 004BF330
:004BEF7F E8F46FF7FF call 00435F78
:004BEF84 8BC3 mov eax, ebx
:004BEF86 E845090000 call 004BF8D0
:004BEF8B 6A00 push 00000000
:004BEF8D 668B0D54F34B00 mov cx, word ptr [004BF354]
:004BEF94 B201 mov dl, 01
* Possible StringData Ref from Code Obj ->"User unknown; this program must "
->"be reinstalled."
|
:004BEF96 B860F34B00 mov eax, 004BF360
:004BEF9B E8FCCCF9FF call 0045BC9C
:004BEFA0 A1C09D6600 mov eax, dword ptr [00669DC0]
:004BEFA5 E88221F9FF call 0045112C
:004BEFAA E9B8010000 jmp 004BF167 <===程序已经判断出是非法注册,并要求重新安装,从这里跳走了。
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEF61(C) <===正确跳来的地方,向上看
|
:004BEFAF 33D2 xor edx, edx
:004BEFB1 8B83E4020000 mov eax, dword ptr [ebx+000002E4]
:004BEFB7 E8A46EF7FF call 00435E60
:004BEFBC 33D2 xor edx, edx
:004BEFBE 8B83E8020000 mov eax, dword ptr [ebx+000002E8]
:004BEFC4 E8976EF7FF call 00435E60
:004BEFC9 8B93D0020000 mov edx, dword ptr [ebx+000002D0]
:004BEFCF 8B5238 mov edx, dword ptr [edx+38]
:004BEFD2 8B83D4020000 mov eax, dword ptr [ebx+000002D4]
:004BEFD8 2B5038 sub edx, dword ptr [eax+38]
:004BEFDB 7105 jno 004BEFE2
:004BEFDD E89A3FF4FF call 00402F7C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEFDB(C)
|
:004BEFE2 D1FA sar edx, 1
:004BEFE4 7903 jns 004BEFE9
:004BEFE6 83D200 adc edx, 00000000
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BEFE4(C)
|
:004BEFE9 E87A67F7FF call 00435768
:004BEFEE 8D8304030000 lea eax, dword ptr [ebx+00000304]
* Possible StringData Ref from Code Obj ->"- REGISTERED -"
|
:004BEFF4 BA98F34B00 mov edx, 004BF398
:004BEFF9 E8164EF4FF call 00403E14
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7"
|
:004BEFFE BAB0F34B00 mov edx, 004BF3B0
:004BF003 A1C09D6600 mov eax, dword ptr [00669DC0]
:004BF008 E86B6FF7FF call 00435F78
:004BF00D A148846600 mov eax, dword ptr [00668448]
:004BF012 8B00 mov eax, dword ptr [eax]
* Possible StringData Ref from Code Obj ->"MP3 Tag Clinic v2.7"
|
:004BF014 BAB0F34B00 mov edx, 004BF3B0
:004BF019 E85A6FF7FF call 00435F78
:004BF01E 8D45D4 lea eax, dword ptr [ebp-2C]
.......
.......
4、注册信息保存在注册表里:
[HKEY_CURRENT_USER\Software\MP3TagClinic\Options]
"Key"="newlaos is trying his best to study cracking"
[HKEY_LOCAL_MACHINE\Software\MP3TagClinic\MP3 Tag Clinic v2.7\2.7.0.3]
"Name"="newlaos"
"Company"="newlaos.com"
站长推荐
经典收藏
| Sorry!没有查询到任何记录。 |
$WeekDownTop$
关于我们 | 联系方式 | 广告刊例 | 业务合作 | 软件发布 | 版权声明 | 帮助信息 | 网站地图
广告联系 QQ:53104695 Msn: jfskychina(#)hotmail.com
Copyright © 2004 - 2010 www.jfsky.com™, 飓风软件园版权所有 湘ICP备05003989号
本站所有资源均来自互联网,如有侵犯您的版权或其他问题,请通知管理员,以便我们及时处理!!