Audio Compositor v4.4破解手記 (6千字)
軟體名稱:Audio Compositor v4.4
破解者:fhmdw[BCG]
難 度:易
破解工具:trw2000 w32dasm keymake
軟體簡介:一個標準MIDI的編輯與製作軟體,能直接即時方式轉換成數碼音響輸出
軟體大小:1510KB
下載地址:http://newhua.ruyi.com/down/ac44.exe
破解流程:
1.用w32dasm查詢"The name/code combination is invalid",向上查詢關鍵call
2.用trw載入,輸入使用者名稱和假碼78787878,下斷點bpx 44D63D 跟蹤關鍵call,找出註冊碼
3.用keymake做另類序號產生器
==================================>>雙擊來到這裡,向上找可以跳過出錯資訊的call
:0044D655 57
push edi
:0044D656 57
push edi
* Possible StringData Ref from
Data Obj ->"The name/code combination is invalid."
|
:0044D657 6838C14D00
push 004DC138
==================================>>向上來到這裡
* Possible Reference to String Resource ID=00001: "Audio Compositor"
|
:0044D5DA 6A01
push 00000001
:0044D5DC 897DFC
mov dword ptr [ebp-04], edi
:0044D5DF E86FA20300 call 00487853
:0044D5E4 8B465C
mov eax, dword ptr [esi+5C]
:0044D5E7 8378F808
cmp dword ptr [eax-08], 00000008----->註冊碼必須為8位
:0044D5EB 7409
je 0044D5F6
:0044D5ED 57
push edi
:0044D5EE 57
push edi
* Possible
StringData Ref from Data Obj ->"The registration code must be "
->"8 characters long."
|
:0044D5EF 689CC14D00
push 004DC19C
:0044D5F4 EB66
jmp 0044D65C
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0044D5EB(C)
|
:0044D5F6 8B4660
mov eax, dword ptr [esi+60]
:0044D5F9 8D5E60
lea ebx, dword ptr [esi+60]
:0044D5FC 8378F805
cmp dword ptr [eax-08], 00000005----->使用者名稱不能小於5位
:0044D600 7D09
jge 0044D60B
:0044D602 57
push edi
:0044D603 57
push edi
* Possible
StringData Ref from Data Obj ->"The registration name must be "
->"at least 5 characters long."
|
:0044D604 6860C14D00
push 004DC160
:0044D609 EB51
jmp 0044D65C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044D600(C)
|
* Possible StringData Ref from Data Obj ->"%s is not a valid
output device"
|
:0044D60B 68F8724D00
push 004D72F8
:0044D610 8D4DEC
lea ecx, dword ptr [ebp-14]
:0044D613 E832740300 call
00484A4A
:0044D618 50
push eax
:0044D619 8D45F0
lea eax, dword ptr [ebp-10]
:0044D61C
53
push ebx
:0044D61D 50
push eax
:0044D61E C645FC01
mov [ebp-04], 01
:0044D622 E889C6FBFF
call 00409CB0------>計算註冊碼的call
:0044D627
8065FC00 and byte ptr [ebp-04],
00
:0044D62B 83C40C
add esp, 0000000C
:0044D62E 8D4DEC
lea ecx, dword ptr [ebp-14]
:0044D631 E8A6730300
call 004849DC
:0044D636 FF75F0
push [ebp-10]
:0044D639
8B465C mov eax,
dword ptr [esi+5C]
:0044D63C 50
push eax
:0044D63D E83C230200
call 0046F97E------>比較真假,F8追入
:0044D642
59
pop ecx
:0044D643 59
pop ecx
:0044D644 85C0
test eax, eax------>註冊標誌
* Possible
StringData Ref from Data Obj ->" "
|
:0044D646 68EC724D00
push 004D72EC
:0044D64B 8D4DF0
lea ecx, dword ptr [ebp-10]
:0044D64E 7413
je 0044D663------>跳則註冊成功
:0044D650 E810750300 call
00484B65
==================================>>由44D63D來到這裡
//
* Referenced by a (U)nconditional
or (C)onditional Jump at Address://這裡開始將真假碼逐位比較
|:0046FA08(U)
//
|
//
:0046F9AD 660FB60F
movzx cx, byte ptr [edi]------>逐個取出假碼
:0046F9B1 0FB6C1
movzx eax, cl
:0046F9B4
47
inc edi--------->計數器
:0046F9B5 894D0C
mov dword ptr [ebp+0C], ecx
:0046F9B8 F6806184540004
test byte ptr [eax+00548461], 04
:0046F9BF 7416
je 0046F9D7
:0046F9C1 8A07
mov al, byte ptr [edi]
:0046F9C3 84C0
test al, al
:0046F9C5 7506
jne 0046F9CD
:0046F9C7 83650C00
and dword ptr [ebp+0C], 00000000
:0046F9CB EB0A
jmp 0046F9D7
* Referenced by a (U)nconditional or (C)onditional
Jump at Address:
|:0046F9C5(C)
|
:0046F9CD 33D2
xor edx, edx
:0046F9CF 47
inc edi
:0046F9D0 8AF1
mov dh, cl
:0046F9D2 8AD0
mov dl, al
:0046F9D4 89550C
mov dword ptr [ebp+0C], edx
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0046F9BF(C),
:0046F9CB(U)
|
:0046F9D7 660FB61E
movzx bx, byte ptr [esi]------->下d esi得真碼
:0046F9DB
0FB6C3 movzx eax,
bl
:0046F9DE 46
inc esi
:0046F9DF F6806184540004
test byte ptr [eax+00548461], 04
:0046F9E6 7413
je 0046F9FB
總結:
name:fhmdw[BCG]
code:3UooUSpf
演算法段有點煩,追了半天,演算法還沒分析出,視力倒增加了不少,只好用keymake來個另類序號產生器:
執行keymake,點選另類序號產生器,
1.按“瀏覽”按鈕,選擇Ac.exe
2.寫入以下數值:
第一個中斷地址:
中斷地址:44D63D
中斷次數:1
第一位元組:E8
指令長度:5
第二個中斷地址:
中斷地址:46F9D7
中斷次數:1
第一位元組:66
指令長度:4
3.在右邊註冊碼選項中選擇“記憶體方式”,並勾選其下方的單選框,選擇ESI
4.按“生成”,輸入生成的EXE檔名
好啦,收工!
整理於2002.4.21
18:00
相關文章
- Audio compositor註冊碼及序號產生器 (5千字)2002-04-06
- 網咖管理專家9.5破解手記 (6千字)2001-01-26
- Turbo Note+ 破解手記 (4千字)2001-05-13
- Trojan Remover 4.3.0破解手記 (8千字)2001-08-31REM
- 漢字通破解手記 (19千字)2000-09-06
- SolSuite v8.0破解手記 (3千字)2001-09-08UI
- ACDSEE4.0的破解手記 (1千字)2002-01-20
- ReGet Junior 2.0破解手記(一) (3千字)2002-02-23
- 轉載:“亂刀”破解手記 (1千字)2000-09-03
- SeaMoon Pic Hunter 1.2破解手記 (8千字)2015-11-15
- ReGet Junior 2.0破解手記(二) (4千字)2015-11-15
- ReGet Junior 2.0破解手記(三) (1千字)2015-11-15
- MagicWin 98 Release
1.20 破解手記 (20千字)2002-06-01
- LogoManager 1.18破解手記 (1千字)2001-02-18Go
- 加密MP3光碟破解手記 (1千字)2000-08-02加密
- MP3 to EXE v 2.6破解手記 (8千字)2001-09-08
- Lockdown2000_7.0.0.1破解手記 (3千字)2000-05-26
- 乾涸的(Asp maker version 2.2 破解手記) (8千字)2015-11-15
- Altomp3maker 2.11破解手記 (1千字)2001-01-29
- 鸚鵡螺網路助手 1.75 破解手記 (1千字)2001-01-30
- freeceltool 空當接龍工具破解手記 (1千字)2001-01-31
- 區域網資料庫快易通破解手記 (1千字)2001-02-02資料庫
- SMailserver2.5註冊碼的破解手記 (1千字)2001-03-01AIServer
- 中華壓縮V7.0破解手記 (4千字)2001-11-20
- 瑞星個人防火牆1.1版破解手記 (3千字)2001-11-25防火牆
- 新倚天屠龍記的光碟破解手記。 (1千字)2001-01-05
- 一個不錯的雪花屏保破解手記 (1千字)2000-12-29
- 敏思硬碟衛士 v2.2破解手記 (4千字)2001-11-20硬碟
- 股票賬戶管理軟體 1.12(破解手記) (9千字)2002-02-16
- 億特代理伺服器簡易版破解手記 (15千字)2002-09-19伺服器
- CDSPACE1.95破解手記(專為初學者而作!) (8千字)2000-12-30
- 電子小說閱讀器黃金版破解手記 (5千字)2001-11-14
- 用ISDCC2破KPT 6的安裝 (8千字)2001-04-17
- 彩票快車破解手記(copyyour兄要的,來看看吧) (1千字)2001-03-25
- 《鐵甲風暴之黑色戰線》免CD破解手記 (5千字)2002-02-14
- Bannershop 4.5破解手記2015-11-15
- 用SOFTICE破解Audio Companion Ver1.13手記
(4千字)2001-02-07
- 分析家資料批量轉換器暴力破解手記 (3千字)2001-09-07