Audio compositor註冊碼及序號產生器
工具:TRW2000,Keymake,w32dasm
軟體介紹:Audio compositor3.1b,一個聲音處理程式,能在Wav和Midi之間轉換,具體不會用,拿來練手。
1、執行Audio compositor,選Help-Register Audio compositor,填寫Name:esoft2001.51.net(要大於5位),Registration
code:12345678(要8位)。按OK,出現提示“The name/code combination is invalid.”
2、w32dasm反彙編AC.exe,使用“串式資料參考”可找到上面提示的一句,雙擊該句會找到顯示該提示的CALL語句(見下面),下面是註冊相關的一段程式碼:
:0042B493 B87C1E4800
mov eax, 00481E7C
:0042B498 E833960100
call 00444AD0
:0042B49D 51
push ecx
:0042B49E 51
push ecx
:0042B49F
53
push ebx
:0042B4A0 56
push esi
:0042B4A1 8BF1
mov esi, ecx
:0042B4A3 57
push edi
:0042B4A4
8D4DF0 lea ecx,
dword ptr [ebp-10]
:0042B4A7 E842130300
call 0045C7EE
:0042B4AC 33FF
xor edi, edi
* Possible Reference
to Menu: MenuID_0001
|
* Possible
Reference to String Resource ID=00001: "Audio Compositor"
|
:0042B4AE 6A01
push 00000001
:0042B4B0 8BCE
mov ecx, esi
:0042B4B2 897DFC
mov dword ptr [ebp-04],
edi
:0042B4B5 E898480300
call 0045FD52
:0042B4BA 8B465C
mov eax, dword ptr [esi+5C]
:0042B4BD 8378F808
cmp dword ptr [eax-08], 00000008
:0042B4C1 7409
je 0042B4CC
:0042B4C3 57
push edi
:0042B4C4 57
push edi
* Possible
StringData Ref from Data Obj ->"The registration code must be "
->"8 characters long."
|
:0042B4C5 68045A4A00
push 004A5A04
:0042B4CA EB5E
jmp 0042B52A
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0042B4C1(C)
|
:0042B4CC 8B4660
mov eax, dword ptr [esi+60]
:0042B4CF 8D5E60
lea ebx, dword ptr [esi+60]
:0042B4D2 8378F805
cmp dword ptr [eax-08], 00000005
:0042B4D6 7D09
jge 0042B4E1
:0042B4D8 57
push edi
:0042B4D9 57
push edi
* Possible StringData Ref from
Data Obj ->"The registration name must be "
->"at least 5 characters long."
|
:0042B4DA 68C8594A00
push 004A59C8
:0042B4DF EB49
jmp 0042B52A
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0042B4D6(C)
|
* Possible
StringData Ref from Data Obj ->"%s is not a valid output device"
|
:0042B4E1 6834224A00
push 004A2234
:0042B4E6 8D4DEC
lea ecx, dword ptr [ebp-14]
:0042B4E9 E8B9140300
call 0045C9A7
:0042B4EE 50
push eax
:0042B4EF 8D45F0
lea eax, dword ptr [ebp-10]
:0042B4F2 53
push ebx
:0042B4F3 50
push eax
:0042B4F4
C645FC01 mov [ebp-04],
01
:0042B4F8 E80699FDFF call
00404E03
:0042B4FD 8065FC00
and byte ptr [ebp-04], 00
:0042B501 83C40C
add esp, 0000000C
:0042B504 8D4DEC
lea ecx, dword ptr [ebp-14]
:0042B507 E82D140300 call
0045C939
:0042B50C FF75F0
push [ebp-10]
:0042B50F FF765C
push [esi+5C]
:0042B512 E8C9960100
call 00444BE0(關鍵)
:0042B517 F7D8
neg eax
:0042B519
1BC0 sbb
eax, eax
:0042B51B 59
pop ecx
:0042B51C F7D8
neg eax
:0042B51E 84C0
test al, al(用al做註冊標誌)
:0042B520
59
pop ecx
:0042B521 740E
je 0042B531
:0042B523 57
push edi
:0042B524 57
push edi
* Possible StringData Ref from Data Obj ->"The name/code combination is invalid."
|
:0042B525 68A0594A00
push 004A59A0
* Referenced by a (U)nconditional
or (C)onditional Jump at Addresses:
|:0042B4CA(U), :0042B4DF(U)
|
:0042B52A E89EC50300 call 00467ACD(提示“The
name/code combination is invalid.”)
:0042B52F EB4B
jmp 0042B57C
3、啟動TRW並載入AC.exe,g
0042B512並按F8進入:
:00444BE0 A150E64A00
mov eax, dword ptr [004AE650]
:00444BE5 53
push ebx
:00444BE6 55
push ebp
:00444BE7 33ED
xor ebp, ebp
:00444BE9 56
push esi
:00444BEA 3BC5
cmp eax, ebp
:00444BEC 57
push edi
:00444BED 7541
jne 00444C30(這裡會跳走)
…………
:00444C30 6A19
push 00000019
:00444C32 E8396E0000
call 0044BA70
:00444C37 8B74241C
mov esi, dword ptr [esp+1C]
:00444C3B 8B7C2418 mov
edi, dword ptr [esp+18](D ESI看到註冊碼)
:00444C3F 83C404
add esp, 00000004
:00444C42 B204
mov dl, 04
4、編寫序號產生器
使用“序號產生器編寫器(Keymaker)”之“另類序號產生器”功能
1、程式名稱:ac.exe
2、新增資料:
中斷地址:42B512
中斷次數:1
第一位元組:E8
指令長度:5
中斷地址:444C3B
中斷次數:1
第一位元組:8B
指令長度:4
3、選擇記憶體方式ESI。
esoft2001.51.net
2002年4月5日