-
-
AstroVideo分析过程[原创]
-
发表于: 2005-5-11 15:41 3326
-
[作者]xsy3660[]
[文章题目]AstroVideo分析过程
[软件名称]AstroVideo
[破解工具]flyodbg修改版
[软件限制]21天使用
[破解难度]+++初级+++ 中级 高级 超难
[破解平台]/XP+sp2
[软件简介]AstroVideo 用任何Windows兼容的视频截取设备都可以创建一个专业曝光的摄影效果,自动整合多个视频祯。AstroVideo 使一个低费用视频照相机获得更多的捕获和叠加(附加)成千的视频祯成为 可能。AstroVideo 提供了多祯图像平滑过度效果。如果层叠的图像不完美,Astrovideo 可以自动排 列图像。
为了平滑遮盖图像,AstroVideo 允许你去选择那些非常稳定的祯截取并整合它们,用自动注册的的方式去制作一个复合的图像。如果你的相机修改了曝光时间,AstroVideo 可以控制相机达到比较好的效果。AstroVideo 给你一个改变局部图像达到高CCD摄像机的机会。
[破解过程]软件是采用 F(机器码)=F(注册码)的形式。软件启动时显示You are now on day %d of your 21-day free trial period.
Do you wish to register AstroVideo to keep using it?"搜索后往上看到40525D处跳过来的,暴破之!
--------------------------启动检验部分------------------------------------------------------
00405239 8B95 0CFAFFFF mov edx,dword ptr ss:[ebp-5F4]
0040523F 8B82 20080000 mov eax,dword ptr ds:[edx+820]
00405245 50 push eax
00405246 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
0040524C E8 10CB0100 call AstroVid.00421D61
00405251 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
00405257 3B81 24080000 cmp eax,dword ptr ds:[ecx+824]
0040525D 75 54 jnz short AstroVid.004052B3 ; 启动时检验是否注册,没则跳。暴破点!
0040525F 8B95 0CFAFFFF mov edx,dword ptr ss:[ebp-5F4]
00405265 C782 1C080000 01000000 mov dword ptr ds:[edx+81C],1
0040526F 8B85 0CFAFFFF mov eax,dword ptr ss:[ebp-5F4]
00405275 8B88 24080000 mov ecx,dword ptr ds:[eax+824]
0040527B 51 push ecx
0040527C 68 48ED4B00 push AstroVid.004BED48 ; ASCII "Registered {%d}"
00405281 8D95 F4FDFFFF lea edx,dword ptr ss:[ebp-20C]
00405287 52 push edx
00405288 E8 4E970600 call AstroVid.0046E9DB
0040528D 83C4 0C add esp,0C
00405290 8D85 F4FDFFFF lea eax,dword ptr ss:[ebp-20C]
00405296 50 push eax
00405297 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
0040529D 8B89 000F0000 mov ecx,dword ptr ds:[ecx+F00]
004052A3 81C1 C0000000 add ecx,0C0
004052A9 E8 F52E0800 call AstroVid.004881A3
004052AE E9 E9010000 jmp AstroVid.0040549C
004052B3 8B95 0CFAFFFF mov edx,dword ptr ss:[ebp-5F4]
004052B9 C782 1C080000 00000000 mov dword ptr ds:[edx+81C],0
004052C3 68 58ED4B00 push AstroVid.004BED58 ; ASCII "Unregistered copy."
004052C8 8D85 B0FDFFFF lea eax,dword ptr ss:[ebp-250]
004052CE 50 push eax
004052CF E8 07970600 call AstroVid.0046E9DB
004052D4 83C4 08 add esp,8
004052D7 8D8D B0FDFFFF lea ecx,dword ptr ss:[ebp-250]
004052DD 51 push ecx
004052DE 8B95 0CFAFFFF mov edx,dword ptr ss:[ebp-5F4]
004052E4 8B8A 000F0000 mov ecx,dword ptr ds:[edx+F00]
004052EA 81C1 C0000000 add ecx,0C0
004052F0 E8 AE2E0800 call AstroVid.004881A3
004052F5 8B85 0CFAFFFF mov eax,dword ptr ss:[ebp-5F4]
004052FB 05 28080000 add eax,828
00405300 51 push ecx
00405301 8BCC mov ecx,esp
00405303 89A5 14FAFFFF mov dword ptr ss:[ebp-5EC],esp
00405309 50 push eax
0040530A E8 018C0400 call AstroVid.0044DF10
0040530F 8D8D F0FDFFFF lea ecx,dword ptr ss:[ebp-210]
00405315 51 push ecx
00405316 8D8D DCFEFFFF lea ecx,dword ptr ss:[ebp-124]
0040531C E8 0F8C0400 call AstroVid.0044DF30
00405321 8D8D F0FDFFFF lea ecx,dword ptr ss:[ebp-210]
00405327 E8 A48B0400 call AstroVid.0044DED0
0040532C 83C0 01 add eax,1
0040532F 50 push eax
00405330 68 6CED4B00 push AstroVid.004BED6C ; ASCII "You are now on day %d of your 21-day free trial period.
Do you wish to register AstroVideo to keep using it?"
00405335 8D95 BCFBFFFF lea edx,dword ptr ss:[ebp-444]
0040533B 52 push edx
0040533C E8 9A960600 call AstroVid.0046E9DB
00405341 83C4 0C add esp,0C
00405344 6A 00 push 0
00405346 6A 04 push 4
00405348 8D85 BCFBFFFF lea eax,dword ptr ss:[ebp-444]
0040534E 50 push eax
0040534F E8 01AA0800 call AstroVid.0048FD55
00405354 83F8 06 cmp eax,6
00405357 74 14 je short AstroVid.0040536D
00405359 8D8D F0FDFFFF lea ecx,dword ptr ss:[ebp-210]
0040535F E8 6C8B0400 call AstroVid.0044DED0
00405364 83F8 15 cmp eax,15
00405367 0F8E 08010000 jle AstroVid.00405475
0040536D 6A 00 push 0
0040536F 8D8D C8FAFFFF lea ecx,dword ptr ss:[ebp-538]
00405375 E8 86FF0400 call AstroVid.00455300
0040537A C645 FC 24 mov byte ptr ss:[ebp-4],24
0040537E 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
00405384 8B91 20080000 mov edx,dword ptr ds:[ecx+820]
0040538A 52 push edx
0040538B 68 DCED4B00 push AstroVid.004BEDDC ; ASCII "AW%d"
00405390 8D85 6CFBFFFF lea eax,dword ptr ss:[ebp-494]
00405396 50 push eax
00405397 E8 3F960600 call AstroVid.0046E9DB
0040539C 83C4 0C add esp,0C
0040539F 68 E4ED4B00 push AstroVid.004BEDE4 ; ASCII "You can register AstroVideo for just US$29 (+VAT in EU)"
004053A4 8D8D 68FBFFFF lea ecx,dword ptr ss:[ebp-498]
004053AA E8 F42D0800 call AstroVid.004881A3
004053AF 8D8D 6CFBFFFF lea ecx,dword ptr ss:[ebp-494]
004053B5 51 push ecx
004053B6 8D8D 60FBFFFF lea ecx,dword ptr ss:[ebp-4A0]
004053BC E8 E22D0800 call AstroVid.004881A3
004053C1 8D8D C8FAFFFF lea ecx,dword ptr ss:[ebp-538]
004053C7 E8 D3E90700 call AstroVid.00483D9F
004053CC 83F8 01 cmp eax,1
004053CF 0F85 91000000 jnz AstroVid.00405466
004053D5 8B95 0CFAFFFF mov edx,dword ptr ss:[ebp-5F4]
004053DB 8B82 20080000 mov eax,dword ptr ds:[edx+820]
004053E1 50 push eax
004053E2 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
004053E8 E8 74C90100 call AstroVid.00421D61
004053ED 3B85 64FBFFFF cmp eax,dword ptr ss:[ebp-49C]
004053F3 75 63 jnz short AstroVid.00405458
004053F5 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
004053FB 8B95 64FBFFFF mov edx,dword ptr ss:[ebp-49C]
00405401 8991 24080000 mov dword ptr ds:[ecx+824],edx
00405407 8B85 0CFAFFFF mov eax,dword ptr ss:[ebp-5F4]
0040540D C780 1C080000 01000000 mov dword ptr ds:[eax+81C],1
00405417 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
0040541D 8B91 24080000 mov edx,dword ptr ds:[ecx+824]
00405423 52 push edx
00405424 68 1CEE4B00 push AstroVid.004BEE1C ; ASCII "Registered {%d}"
00405429 8D85 88FAFFFF lea eax,dword ptr ss:[ebp-578]
0040542F 50 push eax
00405430 E8 A6950600 call AstroVid.0046E9DB
00405435 83C4 0C add esp,0C
00405438 8D8D 88FAFFFF lea ecx,dword ptr ss:[ebp-578]
0040543E 51 push ecx
0040543F 8B95 0CFAFFFF mov edx,dword ptr ss:[ebp-5F4]
00405445 8B8A 000F0000 mov ecx,dword ptr ds:[edx+F00]
0040544B 81C1 C0000000 add ecx,0C0
00405451 E8 4D2D0800 call AstroVid.004881A3
00405456 EB 0E jmp short AstroVid.00405466
00405458 6A 00 push 0
0040545A 6A 00 push 0
0040545C 68 2CEE4B00 push AstroVid.004BEE2C ; ASCII "Sorry that registration number is incorrect.
Email info@coaa.co.uk for help."
00405461 E8 EFA80800 call AstroVid.0048FD55
00405466 C645 FC 21 mov byte ptr ss:[ebp-4],21
0040546A 8D8D C8FAFFFF lea ecx,dword ptr ss:[ebp-538]
00405470 E8 9B8C0400 call AstroVid.0044E110
00405475 8D8D F0FDFFFF lea ecx,dword ptr ss:[ebp-210]
0040547B E8 508A0400 call AstroVid.0044DED0
00405480 83F8 15 cmp eax,15
00405483 7E 17 jle short AstroVid.0040549C
00405485 8B85 0CFAFFFF mov eax,dword ptr ss:[ebp-5F4]
0040548B 83B8 1C080000 00 cmp dword ptr ds:[eax+81C],0
00405492 75 08 jnz short AstroVid.0040549C
00405494 6A 00 push 0
------------------------启动后注册------------------------------------
00421B5D 55 push ebp
00421B5E 8BEC mov ebp,esp
00421B60 6A FF push -1
00421B62 68 C6334A00 push AstroVid.004A33C6
00421B67 64:A1 000000>mov eax,dword ptr fs:[0]
00421B6D 50 push eax
00421B6E 64:8925 0000>mov dword ptr fs:[0],esp
00421B75 81EC 4C01000>sub esp,14C
00421B7B 898D B0FEFFF>mov dword ptr ss:[ebp-150],ecx
00421B81 6A 00 push 0
00421B83 8D8D 00FFFFF>lea ecx,dword ptr ss:[ebp-100]
00421B89 E8 72370300 call AstroVid.00455300
00421B8E C745 FC 0000>mov dword ptr ss:[ebp-4],0
00421B95 8B85 B0FEFFF>mov eax,dword ptr ss:[ebp-150]
00421B9B 8B88 2008000>mov ecx,dword ptr ds:[eax+820]
00421BA1 51 push ecx
00421BA2 68 2C104C00 push AstroVid.004C102C ; ASCII "AW%d"
00421BA7 8D55 A4 lea edx,dword ptr ss:[ebp-5C]
00421BAA 52 push edx
00421BAB E8 2BCE0400 call AstroVid.0046E9DB
00421BB0 83C4 0C add esp,0C
00421BB3 68 34104C00 push AstroVid.004C1034 ; ASCII "You can register AstroVideo for just US$29 (+VAT in EU)"
00421BB8 8D4D A0 lea ecx,dword ptr ss:[ebp-60]
00421BBB E8 E3650600 call AstroVid.004881A3
00421BC0 8D45 A4 lea eax,dword ptr ss:[ebp-5C]
00421BC3 50 push eax
00421BC4 8D4D 98 lea ecx,dword ptr ss:[ebp-68]
00421BC7 E8 D7650600 call AstroVid.004881A3
00421BCC 8D4D 98 lea ecx,dword ptr ss:[ebp-68]
00421BCF 51 push ecx
00421BD0 68 6C104C00 push AstroVid.004C106C ; ASCII "Registered "
00421BD5 8D95 FCFEFFF>lea edx,dword ptr ss:[ebp-104]
00421BDB 52 push edx
00421BDC E8 42670600 call AstroVid.00488323
00421BE1 C645 FC 01 mov byte ptr ss:[ebp-4],1
00421BE5 68 78104C00 push AstroVid.004C1078
00421BEA 8D8D FCFEFFF>lea ecx,dword ptr ss:[ebp-104]
00421BF0 E8 01680600 call AstroVid.004883F6
00421BF5 8A45 9C mov al,byte ptr ss:[ebp-64]
00421BF8 50 push eax
00421BF9 8D8D FCFEFFF>lea ecx,dword ptr ss:[ebp-104]
00421BFF E8 19680600 call AstroVid.0048841D
00421C04 8D8D 00FFFFF>lea ecx,dword ptr ss:[ebp-100]
00421C0A E8 90210600 call AstroVid.00483D9F ; 注册对话框
00421C0F 83F8 01 cmp eax,1
00421C12 0F85 E700000>jnz AstroVid.00421CFF
00421C18 8B8D B0FEFFF>mov ecx,dword ptr ss:[ebp-150] ; CE73B0(此值应是由机器码得出,何处得出没有去细看)
00421C1E 8B91 2008000>mov edx,dword ptr ds:[ecx+820] ; C0FF5(此值应是由机器码得出)
00421C24 52 push edx
00421C25 8B8D B0FEFFF>mov ecx,dword ptr ss:[ebp-150]
00421C2B E8 31010000 call AstroVid.00421D61 ; 进入
00421C30 3B45 9C cmp eax,dword ptr ss:[ebp-64] ;比较,不对则跳
00421C33 0F85 8C00000>jnz AstroVid.00421CC5 ;暴破点!!!
00421C39 8B85 B0FEFFF>mov eax,dword ptr ss:[ebp-150]
00421C3F 8B4D 9C mov ecx,dword ptr ss:[ebp-64]
00421C42 8988 2408000>mov dword ptr ds:[eax+824],ecx
00421C48 8B95 B0FEFFF>mov edx,dword ptr ss:[ebp-150]
00421C4E C782 1C08000>mov dword ptr ds:[edx+81C],1
00421C58 8B85 B0FEFFF>mov eax,dword ptr ss:[ebp-150]
00421C5E 8B88 2408000>mov ecx,dword ptr ds:[eax+824]
00421C64 51 push ecx
00421C65 68 7C104C00 push AstroVid.004C107C ; ASCII "Registered {%d}"
00421C6A 8D95 BCFEFFF>lea edx,dword ptr ss:[ebp-144]
00421C70 52 push edx
00421C71 E8 65CD0400 call AstroVid.0046E9DB
00421C76 83C4 0C add esp,0C
00421C79 8D85 BCFEFFF>lea eax,dword ptr ss:[ebp-144]
00421C7F 50 push eax
00421C80 8B8D B0FEFFF>mov ecx,dword ptr ss:[ebp-150]
00421C86 8B89 000F000>mov ecx,dword ptr ds:[ecx+F00]
00421C8C 81C1 C000000>add ecx,0C0
00421C92 E8 0C650600 call AstroVid.004881A3
00421C97 51 push ecx
00421C98 8BD4 mov edx,esp
00421C9A 89A5 B8FEFFF>mov dword ptr ss:[ebp-148],esp
00421CA0 68 8C104C00 push AstroVid.004C108C ; ASCII "OK"
00421CA5 8D85 FCFEFFF>lea eax,dword ptr ss:[ebp-104]
00421CAB 50 push eax
00421CAC 52 push edx
00421CAD E8 FD650600 call AstroVid.004882AF
00421CB2 8985 ACFEFFF>mov dword ptr ss:[ebp-154],eax
00421CB8 8B8D B0FEFFF>mov ecx,dword ptr ss:[ebp-150]
00421CBE E8 DBB40200 call AstroVid.0044D19E
00421CC3 EB 3A jmp short AstroVid.00421CFF
00421CC5 6A 00 push 0
00421CC7 6A 00 push 0
00421CC9 68 90104C00 push AstroVid.004C1090 ; ASCII "Sorry that registration number is incorrect.
Email info@coaa.co.uk for help."
00421CCE E8 82E00600 call AstroVid.0048FD55
00421CD3 51 push ecx
00421CD4 8BCC mov ecx,esp
00421CD6 89A5 B4FEFFF>mov dword ptr ss:[ebp-14C],esp
00421CDC 68 E0104C00 push AstroVid.004C10E0 ; ASCII "error"
00421CE1 8D95 FCFEFFF>lea edx,dword ptr ss:[ebp-104]
00421CE7 52 push edx
00421CE8 51 push ecx
00421CE9 E8 C1650600 call AstroVid.004882AF
00421CEE 8985 A8FEFFF>mov dword ptr ss:[ebp-158],eax
00421CF4 8B8D B0FEFFF>mov ecx,dword ptr ss:[ebp-150]
00421CFA E8 9FB40200 call AstroVid.0044D19E
00421CFF C645 FC 00 mov byte ptr ss:[ebp-4],0
00421D03 8D8D FCFEFFF>lea ecx,dword ptr ss:[ebp-104]
00421D09 E8 0C630600 call AstroVid.0048801A
00421D0E C745 FC FFFF>mov dword ptr ss:[ebp-4],-1
00421D15 8D8D 00FFFFF>lea ecx,dword ptr ss:[ebp-100]
00421D1B E8 F0C30200 call AstroVid.0044E110
00421D20 8B4D F4 mov ecx,dword ptr ss:[ebp-C]
00421D23 64:890D 0000>mov dword ptr fs:[0],ecx
00421D2A 8BE5 mov esp,ebp
00421D2C 5D pop ebp
00421D2D C3 retn
-----------------------00421C2B E8 31010000 call AstroVid.00421D61----------------------------
00421D2E 55 push ebp
00421D2F 8BEC mov ebp,esp
00421D31 51 push ecx
00421D32 894D F>mov dword ptr ss:[ebp-4],ecx
00421D35 8B45 F>mov eax,dword ptr ss:[ebp-4]
00421D38 83B8 1>cmp dword ptr ds:[eax+81C],0
00421D3F 75 0E jnz short AstroVid.00421D4F
00421D41 6A 01 push 1
00421D43 8B4D 0>mov ecx,dword ptr ss:[ebp+8]
00421D46 8B11 mov edx,dword ptr ds:[ecx]
00421D48 8B4D 0>mov ecx,dword ptr ss:[ebp+8]
00421D4B FF12 call dword ptr ds:[edx]
00421D4D EB 0C jmp short AstroVid.00421D5B
00421D4F 6A 00 push 0
00421D51 8B45 0>mov eax,dword ptr ss:[ebp+8]
00421D54 8B10 mov edx,dword ptr ds:[eax]
00421D56 8B4D 0>mov ecx,dword ptr ss:[ebp+8]
00421D59 FF12 call dword ptr ds:[edx]
00421D5B 8BE5 mov esp,ebp
00421D5D 5D pop ebp
00421D5E C2 040>retn 4
00421D61 55 push ebp
00421D62 8BEC mov ebp,esp
00421D64 83EC 1>sub esp,10
00421D67 894D F>mov dword ptr ss:[ebp-10],ecx ; CE73B0
00421D6A 8B45 0>mov eax,dword ptr ss:[ebp+8] ; C0FF5
00421D6D 8945 F>mov dword ptr ss:[ebp-8],eax
00421D70 8B4D F>mov ecx,dword ptr ss:[ebp-8]
00421D73 81C1 B>add ecx,4B7 ; C0FF5 AND 4B7
00421D79 894D F>mov dword ptr ss:[ebp-8],ecx ; 结果送[ebp-8]
00421D7C C745 F>mov dword ptr ss:[ebp-C],0
00421D83 C745 F>mov dword ptr ss:[ebp-C],0
00421D8A EB 09 jmp short AstroVid.00421D95
00421D8C 8B55 F>mov edx,dword ptr ss:[ebp-C]
00421D8F 83C2 0>add edx,1 ; 循环次数加1
00421D92 8955 F>mov dword ptr ss:[ebp-C],edx
00421D95 837D F>cmp dword ptr ss:[ebp-C],10 ; 循环次数控制
00421D99 7D 27 jge short AstroVid.00421DC2
00421D9B 8B45 F>mov eax,dword ptr ss:[ebp-8]
00421D9E D1E0 shl eax,1 ; 逻辑左移1 位
00421DA0 8945 F>mov dword ptr ss:[ebp-8],eax ; 结果送[ebp-8]
00421DA3 8B4D F>mov ecx,dword ptr ss:[ebp-8]
00421DA6 81E1 0>and ecx,10000
00421DAC 81F9 0>cmp ecx,10000 ; UNICODE "ALLUSERSPROFILE=D:\Documents and Settings\All Users"
00421DB2 75 0C jnz short AstroVid.00421DC0
00421DB4 8B55 F>mov edx,dword ptr ss:[ebp-8]
00421DB7 81F2 7>xor edx,0C75 ; 与0c75异或
00421DBD 8955 F>mov dword ptr ss:[ebp-8],edx
00421DC0 ^ EB CA jmp short AstroVid.00421D8C
00421DC2 8B45 F>mov eax,dword ptr ss:[ebp-8] ; 结果送eax
00421DC5 25 FFF>and eax,0FFFF ; 高位清0
00421DCA 8945 F>mov dword ptr ss:[ebp-4],eax
00421DCD 8B45 F>mov eax,dword ptr ss:[ebp-4] ;返回结果放入eax
00421DD0 8BE5 mov esp,ebp
00421DD2 5D pop ebp
00421DD3 C2 040>retn 4
本人是在“00421C30 3B45 9C cmp eax,dword ptr ss:[ebp-64] ;比较,不对则跳”处发现在ebp-64中放的是假码运算后的结果,那算出来的开始时感到迷惑,后来才想到何不在那地方下 hr呢?于是下hr 12fa50,填假码:987654。断下后才发现是上面“注册框出现”处的那call中经过N个call后来到此的!!
-----------------------------假码运算部分-------------------------------------------------------
0047045F 55 push ebp
00470460 8BEC mov ebp,esp
00470462 83EC>sub esp,0C
00470465 53 push ebx
00470466 8365>and dword ptr ss:[ebp-8],0
0047046A 56 push esi
0047046B 57 push edi
0047046C 8B7D>mov edi,dword ptr ss:[ebp+8] ;ebp+8中放的是假码
0047046F 8A1F mov bl,byte ptr ds:[edi]
00470471 8D77>lea esi,dword ptr ds:[edi+1]
00470474 8975>mov dword ptr ss:[ebp-4],esi
00470477 833D>cmp dword ptr ds:[4CE1DC],1
0047047E 7E 0>jle short AstroVid.0047048F
00470480 0FB6>movzx eax,bl
00470483 6A 0>push 8
00470485 50 push eax
00470486 E8 B>call AstroVid.0047983B
0047048B 59 pop ecx
0047048C 59 pop ecx
0047048D EB 0>jmp short AstroVid.0047049E
0047048F 8B0D>mov ecx,dword ptr ds:[4CDFD0] ; AstroVid.004CDFDA
00470495 0FB6>movzx eax,bl
00470498 8A04>mov al,byte ptr ds:[ecx+eax*2]
0047049B 83E0>and eax,8
0047049E 85C0 test eax,eax
004704A0 74 0>je short AstroVid.004704A7
004704A2 8A1E mov bl,byte ptr ds:[esi]
004704A4 46 inc esi
004704A5 ^ EB D>jmp short AstroVid.00470477
004704A7 80FB>cmp bl,2D
004704AA 8975>mov dword ptr ss:[ebp-4],esi
004704AD 75 0>jnz short AstroVid.004704B5
004704AF 834D>or dword ptr ss:[ebp+14],2
004704B3 EB 0>jmp short AstroVid.004704BA
004704B5 80FB>cmp bl,2B
004704B8 75 0>jnz short AstroVid.004704C0
004704BA 8A1E mov bl,byte ptr ds:[esi]
004704BC 46 inc esi
004704BD 8975>mov dword ptr ss:[ebp-4],esi
004704C0 8B45>mov eax,dword ptr ss:[ebp+10]
004704C3 85C0 test eax,eax
004704C5 0F8C>jl AstroVid.00470654
004704CB 83F8>cmp eax,1
004704CE 0F84>je AstroVid.00470654
004704D4 83F8>cmp eax,24
004704D7 0F8F>jg AstroVid.00470654
004704DD 6A 1>push 10
004704DF 85C0 test eax,eax
004704E1 59 pop ecx
004704E2 75 2>jnz short AstroVid.00470508
004704E4 80FB>cmp bl,30
004704E7 74 0>je short AstroVid.004704F2
004704E9 C745>mov dword ptr ss:[ebp+10],0A
004704F0 EB 3>jmp short AstroVid.00470524
004704F2 8A06 mov al,byte ptr ds:[esi]
004704F4 3C 7>cmp al,78
004704F6 74 0>je short AstroVid.00470505
004704F8 3C 5>cmp al,58
004704FA 74 0>je short AstroVid.00470505
004704FC C745>mov dword ptr ss:[ebp+10],8
00470503 EB 1>jmp short AstroVid.00470524
00470505 894D>mov dword ptr ss:[ebp+10],ecx
00470508 394D>cmp dword ptr ss:[ebp+10],ecx
0047050B 75 1>jnz short AstroVid.00470524
0047050D 80FB>cmp bl,30
00470510 75 1>jnz short AstroVid.00470524
00470512 8A06 mov al,byte ptr ds:[esi]
00470514 3C 7>cmp al,78
00470516 74 0>je short AstroVid.0047051C
00470518 3C 5>cmp al,58
0047051A 75 0>jnz short AstroVid.00470524
0047051C 8A5E>mov bl,byte ptr ds:[esi+1]
0047051F 46 inc esi
00470520 46 inc esi
00470521 8975>mov dword ptr ss:[ebp-4],esi
00470524 83C8>or eax,FFFFFFFF
00470527 33D2 xor edx,edx
00470529 F775>div dword ptr ss:[ebp+10]
0047052C BF 0>mov edi,103
00470531 8945>mov dword ptr ss:[ebp-C],eax
00470534 833D>cmp dword ptr ds:[4CE1DC],1 ; 算法部分
0047053B 0FB6>movzx esi,bl
0047053E 7E 0>jle short AstroVid.0047054C
00470540 6A 0>push 4
00470542 56 push esi
00470543 E8 F>call AstroVid.0047983B
00470548 59 pop ecx
00470549 59 pop ecx
0047054A EB 0>jmp short AstroVid.00470557
0047054C A1 D0DF4C00 mov eax,dword ptr ds:[4CDFD0]
00470551 8A0470 mov al,byte ptr ds:[eax+esi*2] ; 查表得一值
00470554 83E0 04 and eax,4
00470557 85C0 test eax,eax
00470559 74 08 je short AstroVid.00470563 ; 此五行是判断假码中的字符是否是数字,
不是则跳。跳则注册失败
0047055B 0FBECB movsx ecx,bl
0047055E 83E9 30 sub ecx,30
00470561 EB 32 jmp short AstroVid.00470595
00470563 833D DCE14C0>cmp dword ptr ds:[4CE1DC],1
0047056A 7E 0B jle short AstroVid.00470577
0047056C 57 push edi
0047056D 56 push esi
0047056E E8 C8920000 call AstroVid.0047983B
00470573 59 pop ecx
00470574 59 pop ecx
00470575 EB 0B jmp short AstroVid.00470582
00470577 A1 D0DF4C00 mov eax,dword ptr ds:[4CDFD0]
0047057C 66:8B0470 mov ax,word ptr ds:[eax+esi*2]
00470580 23C7 and eax,edi
00470582 85C0 test eax,eax
00470584 74 4A je short AstroVid.004705D0
00470586 0FBEC3 movsx eax,bl
00470589 50 push eax
0047058A E8 71910000 call AstroVid.00479700 ; 把小写字母变成大写字母
0047058F 59 pop ecx
00470590 8BC8 mov ecx,eax
00470592 83E9 37 sub ecx,37
00470595 3B4D 10 cmp ecx,dword ptr ss:[ebp+10]
00470598 73 36 jnb short AstroVid.004705D0
0047059A 8B75 F8 mov esi,dword ptr ss:[ebp-8]
0047059D 834D 14 08 or dword ptr ss:[ebp+14],8
004705A1 3B75 F4 cmp esi,dword ptr ss:[ebp-C] ; 与19999999比较
004705A4 72 1>jb short AstroVid.004705BA
004705A6 75 0>jnz short AstroVid.004705B4
004705A8 83C8>or eax,FFFFFFFF
004705AB 33D2 xor edx,edx
004705AD F775>div dword ptr ss:[ebp+10]
004705B0 3BCA cmp ecx,edx
004705B2 76 0>jbe short AstroVid.004705BA
004705B4 834D>or dword ptr ss:[ebp+14],4
004705B8 EB 0>jmp short AstroVid.004705C3
004705BA 0FAF>imul esi,dword ptr ss:[ebp+10] ; 乘以“A”
004705BE 03F1 add esi,ecx ; 加假码的第i位
004705C0 8975>mov dword ptr ss:[ebp-8],esi ;把结果放到[ebp-8]
004705C3 8B45>mov eax,dword ptr ss:[ebp-4] ;假码的剩余部分给eax
004705C6 FF45>inc dword ptr ss:[ebp-4] ;循环控制
004705C9 8A18 mov bl,byte ptr ds:[eax] ;把假码传给bl
004705CB ^ E9 6>jmp AstroVid.00470534
004705D0 8B45>mov eax,dword ptr ss:[ebp+14]
004705D3 FF4D>dec dword ptr ss:[ebp-4]
004705D6 8B5D>mov ebx,dword ptr ss:[ebp+C]
004705D9 A8 0>test al,8
004705DB 75 1>jnz short AstroVid.004705ED
004705DD 85DB test ebx,ebx
004705DF 74 0>je short AstroVid.004705E7
004705E1 8B45>mov eax,dword ptr ss:[ebp+8]
004705E4 8945>mov dword ptr ss:[ebp-4],eax
004705E7 8365>and dword ptr ss:[ebp-8],0
004705EB EB 4>jmp short AstroVid.00470638
004705ED A8 0>test al,4
004705EF BE F>mov esi,7FFFFFFF
004705F4 75 1>jnz short AstroVid.00470611
004705F6 A8 0>test al,1
004705F8 75 3>jnz short AstroVid.00470638
004705FA 83E0>and eax,2
004705FD 74 0>je short AstroVid.00470608
004705FF 817D>cmp dword ptr ss:[ebp-8],80000000
00470606 77 0>ja short AstroVid.00470611
00470608 85C0 test eax,eax
0047060A 75 2>jnz short AstroVid.00470638
0047060C 3975>cmp dword ptr ss:[ebp-8],esi
0047060F 76 2>jbe short AstroVid.00470638
00470611 E8 8>call AstroVid.004722A3
00470616 F645>test byte ptr ss:[ebp+14],1
0047061A C700>mov dword ptr ds:[eax],22
00470620 74 0>je short AstroVid.00470628
00470622 834D>or dword ptr ss:[ebp-8],FFFFFFFF
00470626 EB 1>jmp short AstroVid.00470638
00470628 8B45>mov eax,dword ptr ss:[ebp+14]
0047062B 24 0>and al,2
0047062D F6D8 neg al
0047062F 1BC0 sbb eax,eax
00470631 F7D8 neg eax
00470633 03C6 add eax,esi
00470635 8945>mov dword ptr ss:[ebp-8],eax
00470638 85DB test ebx,ebx
0047063A 74 0>je short AstroVid.00470641
0047063C 8B45>mov eax,dword ptr ss:[ebp-4]
0047063F 8903 mov dword ptr ds:[ebx],eax
00470641 F645>test byte ptr ss:[ebp+14],2
00470645 74 0>je short AstroVid.0047064F
00470647 8B45>mov eax,dword ptr ss:[ebp-8]
0047064A F7D8 neg eax
0047064C 8945>mov dword ptr ss:[ebp-8],eax
0047064F 8B45>mov eax,dword ptr ss:[ebp-8] ;断在这,向上看看,得出算法
00470652 EB 0>jmp short AstroVid.0047065F
00470654 8B45>mov eax,dword ptr ss:[ebp+C]
00470657 85C0 test eax,eax
00470659 74 0>je short AstroVid.0047065D
0047065B 8938 mov dword ptr ds:[eax],edi
0047065D 33C0 xor eax,eax
0047065F 5F pop edi
00470660 5E pop esi
00470661 5B pop ebx
00470662 C9 leave
00470663 C3 retn
小结:暴破点可有二处,第一处是启动验证,第二处是注册检验。
0040525D 75 54 jnz short AstroVid.004052B3
00421C33 0F85 8C00000>jnz AstroVid.00421CC5
若要得到真码,自己去写注册机吧,本人较笨,不怎么会写。
[破解声明]我是一只小菜鸟,偶得一点心得,愿与大家分享:)
[版权]本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[文章题目]AstroVideo分析过程
[软件名称]AstroVideo
[破解工具]flyodbg修改版
[软件限制]21天使用
[破解难度]+++初级+++ 中级 高级 超难
[破解平台]/XP+sp2
[软件简介]AstroVideo 用任何Windows兼容的视频截取设备都可以创建一个专业曝光的摄影效果,自动整合多个视频祯。AstroVideo 使一个低费用视频照相机获得更多的捕获和叠加(附加)成千的视频祯成为 可能。AstroVideo 提供了多祯图像平滑过度效果。如果层叠的图像不完美,Astrovideo 可以自动排 列图像。
为了平滑遮盖图像,AstroVideo 允许你去选择那些非常稳定的祯截取并整合它们,用自动注册的的方式去制作一个复合的图像。如果你的相机修改了曝光时间,AstroVideo 可以控制相机达到比较好的效果。AstroVideo 给你一个改变局部图像达到高CCD摄像机的机会。
[破解过程]软件是采用 F(机器码)=F(注册码)的形式。软件启动时显示You are now on day %d of your 21-day free trial period.
Do you wish to register AstroVideo to keep using it?"搜索后往上看到40525D处跳过来的,暴破之!
--------------------------启动检验部分------------------------------------------------------
00405239 8B95 0CFAFFFF mov edx,dword ptr ss:[ebp-5F4]
0040523F 8B82 20080000 mov eax,dword ptr ds:[edx+820]
00405245 50 push eax
00405246 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
0040524C E8 10CB0100 call AstroVid.00421D61
00405251 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
00405257 3B81 24080000 cmp eax,dword ptr ds:[ecx+824]
0040525D 75 54 jnz short AstroVid.004052B3 ; 启动时检验是否注册,没则跳。暴破点!
0040525F 8B95 0CFAFFFF mov edx,dword ptr ss:[ebp-5F4]
00405265 C782 1C080000 01000000 mov dword ptr ds:[edx+81C],1
0040526F 8B85 0CFAFFFF mov eax,dword ptr ss:[ebp-5F4]
00405275 8B88 24080000 mov ecx,dword ptr ds:[eax+824]
0040527B 51 push ecx
0040527C 68 48ED4B00 push AstroVid.004BED48 ; ASCII "Registered {%d}"
00405281 8D95 F4FDFFFF lea edx,dword ptr ss:[ebp-20C]
00405287 52 push edx
00405288 E8 4E970600 call AstroVid.0046E9DB
0040528D 83C4 0C add esp,0C
00405290 8D85 F4FDFFFF lea eax,dword ptr ss:[ebp-20C]
00405296 50 push eax
00405297 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
0040529D 8B89 000F0000 mov ecx,dword ptr ds:[ecx+F00]
004052A3 81C1 C0000000 add ecx,0C0
004052A9 E8 F52E0800 call AstroVid.004881A3
004052AE E9 E9010000 jmp AstroVid.0040549C
004052B3 8B95 0CFAFFFF mov edx,dword ptr ss:[ebp-5F4]
004052B9 C782 1C080000 00000000 mov dword ptr ds:[edx+81C],0
004052C3 68 58ED4B00 push AstroVid.004BED58 ; ASCII "Unregistered copy."
004052C8 8D85 B0FDFFFF lea eax,dword ptr ss:[ebp-250]
004052CE 50 push eax
004052CF E8 07970600 call AstroVid.0046E9DB
004052D4 83C4 08 add esp,8
004052D7 8D8D B0FDFFFF lea ecx,dword ptr ss:[ebp-250]
004052DD 51 push ecx
004052DE 8B95 0CFAFFFF mov edx,dword ptr ss:[ebp-5F4]
004052E4 8B8A 000F0000 mov ecx,dword ptr ds:[edx+F00]
004052EA 81C1 C0000000 add ecx,0C0
004052F0 E8 AE2E0800 call AstroVid.004881A3
004052F5 8B85 0CFAFFFF mov eax,dword ptr ss:[ebp-5F4]
004052FB 05 28080000 add eax,828
00405300 51 push ecx
00405301 8BCC mov ecx,esp
00405303 89A5 14FAFFFF mov dword ptr ss:[ebp-5EC],esp
00405309 50 push eax
0040530A E8 018C0400 call AstroVid.0044DF10
0040530F 8D8D F0FDFFFF lea ecx,dword ptr ss:[ebp-210]
00405315 51 push ecx
00405316 8D8D DCFEFFFF lea ecx,dword ptr ss:[ebp-124]
0040531C E8 0F8C0400 call AstroVid.0044DF30
00405321 8D8D F0FDFFFF lea ecx,dword ptr ss:[ebp-210]
00405327 E8 A48B0400 call AstroVid.0044DED0
0040532C 83C0 01 add eax,1
0040532F 50 push eax
00405330 68 6CED4B00 push AstroVid.004BED6C ; ASCII "You are now on day %d of your 21-day free trial period.
Do you wish to register AstroVideo to keep using it?"
00405335 8D95 BCFBFFFF lea edx,dword ptr ss:[ebp-444]
0040533B 52 push edx
0040533C E8 9A960600 call AstroVid.0046E9DB
00405341 83C4 0C add esp,0C
00405344 6A 00 push 0
00405346 6A 04 push 4
00405348 8D85 BCFBFFFF lea eax,dword ptr ss:[ebp-444]
0040534E 50 push eax
0040534F E8 01AA0800 call AstroVid.0048FD55
00405354 83F8 06 cmp eax,6
00405357 74 14 je short AstroVid.0040536D
00405359 8D8D F0FDFFFF lea ecx,dword ptr ss:[ebp-210]
0040535F E8 6C8B0400 call AstroVid.0044DED0
00405364 83F8 15 cmp eax,15
00405367 0F8E 08010000 jle AstroVid.00405475
0040536D 6A 00 push 0
0040536F 8D8D C8FAFFFF lea ecx,dword ptr ss:[ebp-538]
00405375 E8 86FF0400 call AstroVid.00455300
0040537A C645 FC 24 mov byte ptr ss:[ebp-4],24
0040537E 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
00405384 8B91 20080000 mov edx,dword ptr ds:[ecx+820]
0040538A 52 push edx
0040538B 68 DCED4B00 push AstroVid.004BEDDC ; ASCII "AW%d"
00405390 8D85 6CFBFFFF lea eax,dword ptr ss:[ebp-494]
00405396 50 push eax
00405397 E8 3F960600 call AstroVid.0046E9DB
0040539C 83C4 0C add esp,0C
0040539F 68 E4ED4B00 push AstroVid.004BEDE4 ; ASCII "You can register AstroVideo for just US$29 (+VAT in EU)"
004053A4 8D8D 68FBFFFF lea ecx,dword ptr ss:[ebp-498]
004053AA E8 F42D0800 call AstroVid.004881A3
004053AF 8D8D 6CFBFFFF lea ecx,dword ptr ss:[ebp-494]
004053B5 51 push ecx
004053B6 8D8D 60FBFFFF lea ecx,dword ptr ss:[ebp-4A0]
004053BC E8 E22D0800 call AstroVid.004881A3
004053C1 8D8D C8FAFFFF lea ecx,dword ptr ss:[ebp-538]
004053C7 E8 D3E90700 call AstroVid.00483D9F
004053CC 83F8 01 cmp eax,1
004053CF 0F85 91000000 jnz AstroVid.00405466
004053D5 8B95 0CFAFFFF mov edx,dword ptr ss:[ebp-5F4]
004053DB 8B82 20080000 mov eax,dword ptr ds:[edx+820]
004053E1 50 push eax
004053E2 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
004053E8 E8 74C90100 call AstroVid.00421D61
004053ED 3B85 64FBFFFF cmp eax,dword ptr ss:[ebp-49C]
004053F3 75 63 jnz short AstroVid.00405458
004053F5 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
004053FB 8B95 64FBFFFF mov edx,dword ptr ss:[ebp-49C]
00405401 8991 24080000 mov dword ptr ds:[ecx+824],edx
00405407 8B85 0CFAFFFF mov eax,dword ptr ss:[ebp-5F4]
0040540D C780 1C080000 01000000 mov dword ptr ds:[eax+81C],1
00405417 8B8D 0CFAFFFF mov ecx,dword ptr ss:[ebp-5F4]
0040541D 8B91 24080000 mov edx,dword ptr ds:[ecx+824]
00405423 52 push edx
00405424 68 1CEE4B00 push AstroVid.004BEE1C ; ASCII "Registered {%d}"
00405429 8D85 88FAFFFF lea eax,dword ptr ss:[ebp-578]
0040542F 50 push eax
00405430 E8 A6950600 call AstroVid.0046E9DB
00405435 83C4 0C add esp,0C
00405438 8D8D 88FAFFFF lea ecx,dword ptr ss:[ebp-578]
0040543E 51 push ecx
0040543F 8B95 0CFAFFFF mov edx,dword ptr ss:[ebp-5F4]
00405445 8B8A 000F0000 mov ecx,dword ptr ds:[edx+F00]
0040544B 81C1 C0000000 add ecx,0C0
00405451 E8 4D2D0800 call AstroVid.004881A3
00405456 EB 0E jmp short AstroVid.00405466
00405458 6A 00 push 0
0040545A 6A 00 push 0
0040545C 68 2CEE4B00 push AstroVid.004BEE2C ; ASCII "Sorry that registration number is incorrect.
Email info@coaa.co.uk for help."
00405461 E8 EFA80800 call AstroVid.0048FD55
00405466 C645 FC 21 mov byte ptr ss:[ebp-4],21
0040546A 8D8D C8FAFFFF lea ecx,dword ptr ss:[ebp-538]
00405470 E8 9B8C0400 call AstroVid.0044E110
00405475 8D8D F0FDFFFF lea ecx,dword ptr ss:[ebp-210]
0040547B E8 508A0400 call AstroVid.0044DED0
00405480 83F8 15 cmp eax,15
00405483 7E 17 jle short AstroVid.0040549C
00405485 8B85 0CFAFFFF mov eax,dword ptr ss:[ebp-5F4]
0040548B 83B8 1C080000 00 cmp dword ptr ds:[eax+81C],0
00405492 75 08 jnz short AstroVid.0040549C
00405494 6A 00 push 0
------------------------启动后注册------------------------------------
00421B5D 55 push ebp
00421B5E 8BEC mov ebp,esp
00421B60 6A FF push -1
00421B62 68 C6334A00 push AstroVid.004A33C6
00421B67 64:A1 000000>mov eax,dword ptr fs:[0]
00421B6D 50 push eax
00421B6E 64:8925 0000>mov dword ptr fs:[0],esp
00421B75 81EC 4C01000>sub esp,14C
00421B7B 898D B0FEFFF>mov dword ptr ss:[ebp-150],ecx
00421B81 6A 00 push 0
00421B83 8D8D 00FFFFF>lea ecx,dword ptr ss:[ebp-100]
00421B89 E8 72370300 call AstroVid.00455300
00421B8E C745 FC 0000>mov dword ptr ss:[ebp-4],0
00421B95 8B85 B0FEFFF>mov eax,dword ptr ss:[ebp-150]
00421B9B 8B88 2008000>mov ecx,dword ptr ds:[eax+820]
00421BA1 51 push ecx
00421BA2 68 2C104C00 push AstroVid.004C102C ; ASCII "AW%d"
00421BA7 8D55 A4 lea edx,dword ptr ss:[ebp-5C]
00421BAA 52 push edx
00421BAB E8 2BCE0400 call AstroVid.0046E9DB
00421BB0 83C4 0C add esp,0C
00421BB3 68 34104C00 push AstroVid.004C1034 ; ASCII "You can register AstroVideo for just US$29 (+VAT in EU)"
00421BB8 8D4D A0 lea ecx,dword ptr ss:[ebp-60]
00421BBB E8 E3650600 call AstroVid.004881A3
00421BC0 8D45 A4 lea eax,dword ptr ss:[ebp-5C]
00421BC3 50 push eax
00421BC4 8D4D 98 lea ecx,dword ptr ss:[ebp-68]
00421BC7 E8 D7650600 call AstroVid.004881A3
00421BCC 8D4D 98 lea ecx,dword ptr ss:[ebp-68]
00421BCF 51 push ecx
00421BD0 68 6C104C00 push AstroVid.004C106C ; ASCII "Registered "
00421BD5 8D95 FCFEFFF>lea edx,dword ptr ss:[ebp-104]
00421BDB 52 push edx
00421BDC E8 42670600 call AstroVid.00488323
00421BE1 C645 FC 01 mov byte ptr ss:[ebp-4],1
00421BE5 68 78104C00 push AstroVid.004C1078
00421BEA 8D8D FCFEFFF>lea ecx,dword ptr ss:[ebp-104]
00421BF0 E8 01680600 call AstroVid.004883F6
00421BF5 8A45 9C mov al,byte ptr ss:[ebp-64]
00421BF8 50 push eax
00421BF9 8D8D FCFEFFF>lea ecx,dword ptr ss:[ebp-104]
00421BFF E8 19680600 call AstroVid.0048841D
00421C04 8D8D 00FFFFF>lea ecx,dword ptr ss:[ebp-100]
00421C0A E8 90210600 call AstroVid.00483D9F ; 注册对话框
00421C0F 83F8 01 cmp eax,1
00421C12 0F85 E700000>jnz AstroVid.00421CFF
00421C18 8B8D B0FEFFF>mov ecx,dword ptr ss:[ebp-150] ; CE73B0(此值应是由机器码得出,何处得出没有去细看)
00421C1E 8B91 2008000>mov edx,dword ptr ds:[ecx+820] ; C0FF5(此值应是由机器码得出)
00421C24 52 push edx
00421C25 8B8D B0FEFFF>mov ecx,dword ptr ss:[ebp-150]
00421C2B E8 31010000 call AstroVid.00421D61 ; 进入
00421C30 3B45 9C cmp eax,dword ptr ss:[ebp-64] ;比较,不对则跳
00421C33 0F85 8C00000>jnz AstroVid.00421CC5 ;暴破点!!!
00421C39 8B85 B0FEFFF>mov eax,dword ptr ss:[ebp-150]
00421C3F 8B4D 9C mov ecx,dword ptr ss:[ebp-64]
00421C42 8988 2408000>mov dword ptr ds:[eax+824],ecx
00421C48 8B95 B0FEFFF>mov edx,dword ptr ss:[ebp-150]
00421C4E C782 1C08000>mov dword ptr ds:[edx+81C],1
00421C58 8B85 B0FEFFF>mov eax,dword ptr ss:[ebp-150]
00421C5E 8B88 2408000>mov ecx,dword ptr ds:[eax+824]
00421C64 51 push ecx
00421C65 68 7C104C00 push AstroVid.004C107C ; ASCII "Registered {%d}"
00421C6A 8D95 BCFEFFF>lea edx,dword ptr ss:[ebp-144]
00421C70 52 push edx
00421C71 E8 65CD0400 call AstroVid.0046E9DB
00421C76 83C4 0C add esp,0C
00421C79 8D85 BCFEFFF>lea eax,dword ptr ss:[ebp-144]
00421C7F 50 push eax
00421C80 8B8D B0FEFFF>mov ecx,dword ptr ss:[ebp-150]
00421C86 8B89 000F000>mov ecx,dword ptr ds:[ecx+F00]
00421C8C 81C1 C000000>add ecx,0C0
00421C92 E8 0C650600 call AstroVid.004881A3
00421C97 51 push ecx
00421C98 8BD4 mov edx,esp
00421C9A 89A5 B8FEFFF>mov dword ptr ss:[ebp-148],esp
00421CA0 68 8C104C00 push AstroVid.004C108C ; ASCII "OK"
00421CA5 8D85 FCFEFFF>lea eax,dword ptr ss:[ebp-104]
00421CAB 50 push eax
00421CAC 52 push edx
00421CAD E8 FD650600 call AstroVid.004882AF
00421CB2 8985 ACFEFFF>mov dword ptr ss:[ebp-154],eax
00421CB8 8B8D B0FEFFF>mov ecx,dword ptr ss:[ebp-150]
00421CBE E8 DBB40200 call AstroVid.0044D19E
00421CC3 EB 3A jmp short AstroVid.00421CFF
00421CC5 6A 00 push 0
00421CC7 6A 00 push 0
00421CC9 68 90104C00 push AstroVid.004C1090 ; ASCII "Sorry that registration number is incorrect.
Email info@coaa.co.uk for help."
00421CCE E8 82E00600 call AstroVid.0048FD55
00421CD3 51 push ecx
00421CD4 8BCC mov ecx,esp
00421CD6 89A5 B4FEFFF>mov dword ptr ss:[ebp-14C],esp
00421CDC 68 E0104C00 push AstroVid.004C10E0 ; ASCII "error"
00421CE1 8D95 FCFEFFF>lea edx,dword ptr ss:[ebp-104]
00421CE7 52 push edx
00421CE8 51 push ecx
00421CE9 E8 C1650600 call AstroVid.004882AF
00421CEE 8985 A8FEFFF>mov dword ptr ss:[ebp-158],eax
00421CF4 8B8D B0FEFFF>mov ecx,dword ptr ss:[ebp-150]
00421CFA E8 9FB40200 call AstroVid.0044D19E
00421CFF C645 FC 00 mov byte ptr ss:[ebp-4],0
00421D03 8D8D FCFEFFF>lea ecx,dword ptr ss:[ebp-104]
00421D09 E8 0C630600 call AstroVid.0048801A
00421D0E C745 FC FFFF>mov dword ptr ss:[ebp-4],-1
00421D15 8D8D 00FFFFF>lea ecx,dword ptr ss:[ebp-100]
00421D1B E8 F0C30200 call AstroVid.0044E110
00421D20 8B4D F4 mov ecx,dword ptr ss:[ebp-C]
00421D23 64:890D 0000>mov dword ptr fs:[0],ecx
00421D2A 8BE5 mov esp,ebp
00421D2C 5D pop ebp
00421D2D C3 retn
-----------------------00421C2B E8 31010000 call AstroVid.00421D61----------------------------
00421D2E 55 push ebp
00421D2F 8BEC mov ebp,esp
00421D31 51 push ecx
00421D32 894D F>mov dword ptr ss:[ebp-4],ecx
00421D35 8B45 F>mov eax,dword ptr ss:[ebp-4]
00421D38 83B8 1>cmp dword ptr ds:[eax+81C],0
00421D3F 75 0E jnz short AstroVid.00421D4F
00421D41 6A 01 push 1
00421D43 8B4D 0>mov ecx,dword ptr ss:[ebp+8]
00421D46 8B11 mov edx,dword ptr ds:[ecx]
00421D48 8B4D 0>mov ecx,dword ptr ss:[ebp+8]
00421D4B FF12 call dword ptr ds:[edx]
00421D4D EB 0C jmp short AstroVid.00421D5B
00421D4F 6A 00 push 0
00421D51 8B45 0>mov eax,dword ptr ss:[ebp+8]
00421D54 8B10 mov edx,dword ptr ds:[eax]
00421D56 8B4D 0>mov ecx,dword ptr ss:[ebp+8]
00421D59 FF12 call dword ptr ds:[edx]
00421D5B 8BE5 mov esp,ebp
00421D5D 5D pop ebp
00421D5E C2 040>retn 4
00421D61 55 push ebp
00421D62 8BEC mov ebp,esp
00421D64 83EC 1>sub esp,10
00421D67 894D F>mov dword ptr ss:[ebp-10],ecx ; CE73B0
00421D6A 8B45 0>mov eax,dword ptr ss:[ebp+8] ; C0FF5
00421D6D 8945 F>mov dword ptr ss:[ebp-8],eax
00421D70 8B4D F>mov ecx,dword ptr ss:[ebp-8]
00421D73 81C1 B>add ecx,4B7 ; C0FF5 AND 4B7
00421D79 894D F>mov dword ptr ss:[ebp-8],ecx ; 结果送[ebp-8]
00421D7C C745 F>mov dword ptr ss:[ebp-C],0
00421D83 C745 F>mov dword ptr ss:[ebp-C],0
00421D8A EB 09 jmp short AstroVid.00421D95
00421D8C 8B55 F>mov edx,dword ptr ss:[ebp-C]
00421D8F 83C2 0>add edx,1 ; 循环次数加1
00421D92 8955 F>mov dword ptr ss:[ebp-C],edx
00421D95 837D F>cmp dword ptr ss:[ebp-C],10 ; 循环次数控制
00421D99 7D 27 jge short AstroVid.00421DC2
00421D9B 8B45 F>mov eax,dword ptr ss:[ebp-8]
00421D9E D1E0 shl eax,1 ; 逻辑左移1 位
00421DA0 8945 F>mov dword ptr ss:[ebp-8],eax ; 结果送[ebp-8]
00421DA3 8B4D F>mov ecx,dword ptr ss:[ebp-8]
00421DA6 81E1 0>and ecx,10000
00421DAC 81F9 0>cmp ecx,10000 ; UNICODE "ALLUSERSPROFILE=D:\Documents and Settings\All Users"
00421DB2 75 0C jnz short AstroVid.00421DC0
00421DB4 8B55 F>mov edx,dword ptr ss:[ebp-8]
00421DB7 81F2 7>xor edx,0C75 ; 与0c75异或
00421DBD 8955 F>mov dword ptr ss:[ebp-8],edx
00421DC0 ^ EB CA jmp short AstroVid.00421D8C
00421DC2 8B45 F>mov eax,dword ptr ss:[ebp-8] ; 结果送eax
00421DC5 25 FFF>and eax,0FFFF ; 高位清0
00421DCA 8945 F>mov dword ptr ss:[ebp-4],eax
00421DCD 8B45 F>mov eax,dword ptr ss:[ebp-4] ;返回结果放入eax
00421DD0 8BE5 mov esp,ebp
00421DD2 5D pop ebp
00421DD3 C2 040>retn 4
本人是在“00421C30 3B45 9C cmp eax,dword ptr ss:[ebp-64] ;比较,不对则跳”处发现在ebp-64中放的是假码运算后的结果,那算出来的开始时感到迷惑,后来才想到何不在那地方下 hr呢?于是下hr 12fa50,填假码:987654。断下后才发现是上面“注册框出现”处的那call中经过N个call后来到此的!!
-----------------------------假码运算部分-------------------------------------------------------
0047045F 55 push ebp
00470460 8BEC mov ebp,esp
00470462 83EC>sub esp,0C
00470465 53 push ebx
00470466 8365>and dword ptr ss:[ebp-8],0
0047046A 56 push esi
0047046B 57 push edi
0047046C 8B7D>mov edi,dword ptr ss:[ebp+8] ;ebp+8中放的是假码
0047046F 8A1F mov bl,byte ptr ds:[edi]
00470471 8D77>lea esi,dword ptr ds:[edi+1]
00470474 8975>mov dword ptr ss:[ebp-4],esi
00470477 833D>cmp dword ptr ds:[4CE1DC],1
0047047E 7E 0>jle short AstroVid.0047048F
00470480 0FB6>movzx eax,bl
00470483 6A 0>push 8
00470485 50 push eax
00470486 E8 B>call AstroVid.0047983B
0047048B 59 pop ecx
0047048C 59 pop ecx
0047048D EB 0>jmp short AstroVid.0047049E
0047048F 8B0D>mov ecx,dword ptr ds:[4CDFD0] ; AstroVid.004CDFDA
00470495 0FB6>movzx eax,bl
00470498 8A04>mov al,byte ptr ds:[ecx+eax*2]
0047049B 83E0>and eax,8
0047049E 85C0 test eax,eax
004704A0 74 0>je short AstroVid.004704A7
004704A2 8A1E mov bl,byte ptr ds:[esi]
004704A4 46 inc esi
004704A5 ^ EB D>jmp short AstroVid.00470477
004704A7 80FB>cmp bl,2D
004704AA 8975>mov dword ptr ss:[ebp-4],esi
004704AD 75 0>jnz short AstroVid.004704B5
004704AF 834D>or dword ptr ss:[ebp+14],2
004704B3 EB 0>jmp short AstroVid.004704BA
004704B5 80FB>cmp bl,2B
004704B8 75 0>jnz short AstroVid.004704C0
004704BA 8A1E mov bl,byte ptr ds:[esi]
004704BC 46 inc esi
004704BD 8975>mov dword ptr ss:[ebp-4],esi
004704C0 8B45>mov eax,dword ptr ss:[ebp+10]
004704C3 85C0 test eax,eax
004704C5 0F8C>jl AstroVid.00470654
004704CB 83F8>cmp eax,1
004704CE 0F84>je AstroVid.00470654
004704D4 83F8>cmp eax,24
004704D7 0F8F>jg AstroVid.00470654
004704DD 6A 1>push 10
004704DF 85C0 test eax,eax
004704E1 59 pop ecx
004704E2 75 2>jnz short AstroVid.00470508
004704E4 80FB>cmp bl,30
004704E7 74 0>je short AstroVid.004704F2
004704E9 C745>mov dword ptr ss:[ebp+10],0A
004704F0 EB 3>jmp short AstroVid.00470524
004704F2 8A06 mov al,byte ptr ds:[esi]
004704F4 3C 7>cmp al,78
004704F6 74 0>je short AstroVid.00470505
004704F8 3C 5>cmp al,58
004704FA 74 0>je short AstroVid.00470505
004704FC C745>mov dword ptr ss:[ebp+10],8
00470503 EB 1>jmp short AstroVid.00470524
00470505 894D>mov dword ptr ss:[ebp+10],ecx
00470508 394D>cmp dword ptr ss:[ebp+10],ecx
0047050B 75 1>jnz short AstroVid.00470524
0047050D 80FB>cmp bl,30
00470510 75 1>jnz short AstroVid.00470524
00470512 8A06 mov al,byte ptr ds:[esi]
00470514 3C 7>cmp al,78
00470516 74 0>je short AstroVid.0047051C
00470518 3C 5>cmp al,58
0047051A 75 0>jnz short AstroVid.00470524
0047051C 8A5E>mov bl,byte ptr ds:[esi+1]
0047051F 46 inc esi
00470520 46 inc esi
00470521 8975>mov dword ptr ss:[ebp-4],esi
00470524 83C8>or eax,FFFFFFFF
00470527 33D2 xor edx,edx
00470529 F775>div dword ptr ss:[ebp+10]
0047052C BF 0>mov edi,103
00470531 8945>mov dword ptr ss:[ebp-C],eax
00470534 833D>cmp dword ptr ds:[4CE1DC],1 ; 算法部分
0047053B 0FB6>movzx esi,bl
0047053E 7E 0>jle short AstroVid.0047054C
00470540 6A 0>push 4
00470542 56 push esi
00470543 E8 F>call AstroVid.0047983B
00470548 59 pop ecx
00470549 59 pop ecx
0047054A EB 0>jmp short AstroVid.00470557
0047054C A1 D0DF4C00 mov eax,dword ptr ds:[4CDFD0]
00470551 8A0470 mov al,byte ptr ds:[eax+esi*2] ; 查表得一值
00470554 83E0 04 and eax,4
00470557 85C0 test eax,eax
00470559 74 08 je short AstroVid.00470563 ; 此五行是判断假码中的字符是否是数字,
不是则跳。跳则注册失败
0047055B 0FBECB movsx ecx,bl
0047055E 83E9 30 sub ecx,30
00470561 EB 32 jmp short AstroVid.00470595
00470563 833D DCE14C0>cmp dword ptr ds:[4CE1DC],1
0047056A 7E 0B jle short AstroVid.00470577
0047056C 57 push edi
0047056D 56 push esi
0047056E E8 C8920000 call AstroVid.0047983B
00470573 59 pop ecx
00470574 59 pop ecx
00470575 EB 0B jmp short AstroVid.00470582
00470577 A1 D0DF4C00 mov eax,dword ptr ds:[4CDFD0]
0047057C 66:8B0470 mov ax,word ptr ds:[eax+esi*2]
00470580 23C7 and eax,edi
00470582 85C0 test eax,eax
00470584 74 4A je short AstroVid.004705D0
00470586 0FBEC3 movsx eax,bl
00470589 50 push eax
0047058A E8 71910000 call AstroVid.00479700 ; 把小写字母变成大写字母
0047058F 59 pop ecx
00470590 8BC8 mov ecx,eax
00470592 83E9 37 sub ecx,37
00470595 3B4D 10 cmp ecx,dword ptr ss:[ebp+10]
00470598 73 36 jnb short AstroVid.004705D0
0047059A 8B75 F8 mov esi,dword ptr ss:[ebp-8]
0047059D 834D 14 08 or dword ptr ss:[ebp+14],8
004705A1 3B75 F4 cmp esi,dword ptr ss:[ebp-C] ; 与19999999比较
004705A4 72 1>jb short AstroVid.004705BA
004705A6 75 0>jnz short AstroVid.004705B4
004705A8 83C8>or eax,FFFFFFFF
004705AB 33D2 xor edx,edx
004705AD F775>div dword ptr ss:[ebp+10]
004705B0 3BCA cmp ecx,edx
004705B2 76 0>jbe short AstroVid.004705BA
004705B4 834D>or dword ptr ss:[ebp+14],4
004705B8 EB 0>jmp short AstroVid.004705C3
004705BA 0FAF>imul esi,dword ptr ss:[ebp+10] ; 乘以“A”
004705BE 03F1 add esi,ecx ; 加假码的第i位
004705C0 8975>mov dword ptr ss:[ebp-8],esi ;把结果放到[ebp-8]
004705C3 8B45>mov eax,dword ptr ss:[ebp-4] ;假码的剩余部分给eax
004705C6 FF45>inc dword ptr ss:[ebp-4] ;循环控制
004705C9 8A18 mov bl,byte ptr ds:[eax] ;把假码传给bl
004705CB ^ E9 6>jmp AstroVid.00470534
004705D0 8B45>mov eax,dword ptr ss:[ebp+14]
004705D3 FF4D>dec dword ptr ss:[ebp-4]
004705D6 8B5D>mov ebx,dword ptr ss:[ebp+C]
004705D9 A8 0>test al,8
004705DB 75 1>jnz short AstroVid.004705ED
004705DD 85DB test ebx,ebx
004705DF 74 0>je short AstroVid.004705E7
004705E1 8B45>mov eax,dword ptr ss:[ebp+8]
004705E4 8945>mov dword ptr ss:[ebp-4],eax
004705E7 8365>and dword ptr ss:[ebp-8],0
004705EB EB 4>jmp short AstroVid.00470638
004705ED A8 0>test al,4
004705EF BE F>mov esi,7FFFFFFF
004705F4 75 1>jnz short AstroVid.00470611
004705F6 A8 0>test al,1
004705F8 75 3>jnz short AstroVid.00470638
004705FA 83E0>and eax,2
004705FD 74 0>je short AstroVid.00470608
004705FF 817D>cmp dword ptr ss:[ebp-8],80000000
00470606 77 0>ja short AstroVid.00470611
00470608 85C0 test eax,eax
0047060A 75 2>jnz short AstroVid.00470638
0047060C 3975>cmp dword ptr ss:[ebp-8],esi
0047060F 76 2>jbe short AstroVid.00470638
00470611 E8 8>call AstroVid.004722A3
00470616 F645>test byte ptr ss:[ebp+14],1
0047061A C700>mov dword ptr ds:[eax],22
00470620 74 0>je short AstroVid.00470628
00470622 834D>or dword ptr ss:[ebp-8],FFFFFFFF
00470626 EB 1>jmp short AstroVid.00470638
00470628 8B45>mov eax,dword ptr ss:[ebp+14]
0047062B 24 0>and al,2
0047062D F6D8 neg al
0047062F 1BC0 sbb eax,eax
00470631 F7D8 neg eax
00470633 03C6 add eax,esi
00470635 8945>mov dword ptr ss:[ebp-8],eax
00470638 85DB test ebx,ebx
0047063A 74 0>je short AstroVid.00470641
0047063C 8B45>mov eax,dword ptr ss:[ebp-4]
0047063F 8903 mov dword ptr ds:[ebx],eax
00470641 F645>test byte ptr ss:[ebp+14],2
00470645 74 0>je short AstroVid.0047064F
00470647 8B45>mov eax,dword ptr ss:[ebp-8]
0047064A F7D8 neg eax
0047064C 8945>mov dword ptr ss:[ebp-8],eax
0047064F 8B45>mov eax,dword ptr ss:[ebp-8] ;断在这,向上看看,得出算法
00470652 EB 0>jmp short AstroVid.0047065F
00470654 8B45>mov eax,dword ptr ss:[ebp+C]
00470657 85C0 test eax,eax
00470659 74 0>je short AstroVid.0047065D
0047065B 8938 mov dword ptr ds:[eax],edi
0047065D 33C0 xor eax,eax
0047065F 5F pop edi
00470660 5E pop esi
00470661 5B pop ebx
00470662 C9 leave
00470663 C3 retn
小结:暴破点可有二处,第一处是启动验证,第二处是注册检验。
0040525D 75 54 jnz short AstroVid.004052B3
00421C33 0F85 8C00000>jnz AstroVid.00421CC5
若要得到真码,自己去写注册机吧,本人较笨,不怎么会写。
[破解声明]我是一只小菜鸟,偶得一点心得,愿与大家分享:)
[版权]本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
赞赏
|
|
|---|---|
|
|
他的文章
- 今天杀毒,Crack Tutorial.chm中杀出毒来了? 5055
- 家庭医生2006去CRC后退出问题 8549
- 有一软件不知如何下手(解决)另附上herbs2.exe的算法 6613
- 新年第一天,咱也来一个暴破的东东[原创] 4993
- 如何在当点击按钮时下断? 3980
赞赏
雪币:
留言: