HA_4UWMAMP3Converter_v592算法分析
1.我是用万能断点找的~~~~~~~~~这的!!!!!2.因为算法分析,因此我也不具体讲怎么找到个这的.
3.不会自已找找一些破解教程,好的我也不多说看我分析吧!!!!!!!!!!
0048DA60/$55 PUSH EBP
0048DA61|.8BEC MOV EBP,ESP
0048DA63|.6A 00 PUSH 0
0048DA65|.6A 00 PUSH 0
0048DA67|.6A 00 PUSH 0
0048DA69|.6A 00 PUSH 0
0048DA6B|.6A 00 PUSH 0
0048DA6D|.53 PUSH EBX
0048DA6E|.56 PUSH ESI
0048DA6F|.894D F8 MOV DWORD PTR SS:,ECX
0048DA72|.8955 FC MOV DWORD PTR SS:,EDX
0048DA75|.8BF0 MOV ESI,EAX
0048DA77|.8B45 FC MOV EAX,DWORD PTR SS:
0048DA7A|.E8 0171F7FF CALL WMAMP3Co.00404B80
0048DA7F|.8B45 F8 MOV EAX,DWORD PTR SS:
0048DA82|.E8 F970F7FF CALL WMAMP3Co.00404B80
0048DA87|.33C0 XOR EAX,EAX
0048DA89|.55 PUSH EBP
0048DA8A|.68 57DB4800 PUSH WMAMP3Co.0048DB57
0048DA8F|.64:FF30 PUSH DWORD PTR FS:
0048DA92|.64:8920 MOV DWORD PTR FS:,ESP
0048DA95|.33DB XOR EBX,EBX
0048DA97|.33D2 XOR EDX,EDX
0048DA99|.8B45 FC MOV EAX,DWORD PTR SS:
0048DA9C|.E8 3372F7FF CALL WMAMP3Co.00404CD4
0048DAA1|.85C0 TEST EAX,EAX
0048DAA3|.7E 0B JLE SHORT WMAMP3Co.0048DAB0
0048DAA5|.8D45 F8 LEA EAX,DWORD PTR SS:
0048DAA8|.8B55 FC MOV EDX,DWORD PTR SS:
0048DAAB|.E8 C86CF7FF CALL WMAMP3Co.00404778
0048DAB0|>8D4D F4 LEA ECX,DWORD PTR SS:
0048DAB3|.8B55 FC MOV EDX,DWORD PTR SS:
0048DAB6|.8BC6 MOV EAX,ESI
0048DAB8|.E8 2F010000 CALL WMAMP3Co.0048DBEC //算法CALL跟进去看看
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
来到CALL WMAMP3Co.0048DBEC 就可以看下面这些代码经过分析就可以得到下的 0048DBEC/$55 PUSH EBP
0048DBED|.8BEC MOV EBP,ESP
0048DBEF|.6A 00 PUSH 0
0048DBF1|.6A 00 PUSH 0
0048DBF3|.6A 00 PUSH 0
0048DBF5|.6A 00 PUSH 0
0048DBF7|.6A 00 PUSH 0
0048DBF9|.6A 00 PUSH 0
0048DBFB|.6A 00 PUSH 0
0048DBFD|.6A 00 PUSH 0
0048DBFF|.53 PUSH EBX
0048DC00|.56 PUSH ESI
0048DC01|.57 PUSH EDI
0048DC02|.8BD9 MOV EBX,ECX
0048DC04|.8955 FC MOV DWORD PTR SS:,EDX
0048DC07|.8BF8 MOV EDI,EAX
0048DC09|.8B45 FC MOV EAX,DWORD PTR SS:
0048DC0C|.E8 6F6FF7FF CALL WMAMP3Co.00404B80
0048DC11|.33C0 XOR EAX,EAX
0048DC13|.55 PUSH EBP
0048DC14|.68 47DD4800 PUSH WMAMP3Co.0048DD47
0048DC19|.64:FF30 PUSH DWORD PTR FS:
0048DC1C|.64:8920 MOV DWORD PTR FS:,ESP
0048DC1F|.8D45 FC LEA EAX,DWORD PTR SS:
0048DC22|.BA 60DD4800 MOV EDX,WMAMP3Co.0048DD60 ;ASCII "Jt^S0Mvx5C1"
0048DC27|.E8 746DF7FF CALL WMAMP3Co.004049A0 ;把用户名的固定字符串连起来我叫这个字符为 字符1
0048DC2C|.8B45 FC MOV EAX,DWORD PTR SS:
0048DC2F|.E8 646DF7FF CALL WMAMP3Co.00404998 ;字符串1的位数传给EAX
0048DC34|.8BF0 MOV ESI,EAX ;在给ESI
0048DC36|.D1FE SAR ESI,1 ;算术右移1
0048DC38|.79 03 JNS SHORT WMAMP3Co.0048DC3D
0048DC3A|.83D6 00 ADC ESI,0
0048DC3D|>8D45 F0 LEA EAX,DWORD PTR SS:
0048DC40|.50 PUSH EAX
0048DC41|.8BCE MOV ECX,ESI ;把ESI的值给ECX做取字串的参数
0048DC43|.BA 01000000 MOV EDX,1
0048DC48|.8B45 FC MOV EAX,DWORD PTR SS:
0048DC4B|.E8 A06FF7FF CALL WMAMP3Co.00404BF0 ;在取字符串1的前ECX位做为字符串2
0048DC50|.8B45 F0 MOV EAX,DWORD PTR SS:
0048DC53|.50 PUSH EAX
0048DC54|.8D45 EC LEA EAX,DWORD PTR SS:
0048DC57|.50 PUSH EAX
0048DC58|.8B45 FC MOV EAX,DWORD PTR SS:
0048DC5B|.E8 386DF7FF CALL WMAMP3Co.00404998
0048DC60|.8BC8 MOV ECX,EAX ;把字符1位数做取字符串3最后一位的参数
0048DC62|.8D56 01 LEA EDX,DWORD PTR DS: ;把取字符串3第一位的参数给EDX
0048DC65|.8B45 FC MOV EAX,DWORD PTR SS:
0048DC68|.E8 836FF7FF CALL WMAMP3Co.00404BF0
0048DC6D|.8B55 EC MOV EDX,DWORD PTR SS:
0048DC70|.8D45 FC LEA EAX,DWORD PTR SS:
0048DC73|.59 POP ECX
0048DC74|.E8 6B6DF7FF CALL WMAMP3Co.004049E4 ;把取出的字符串3和在取字符串2连起来
0048DC79|.8D45 F8 LEA EAX,DWORD PTR SS:
0048DC7C|.50 PUSH EAX
0048DC7D|.B9 0A000000 MOV ECX,0A
0048DC82|.BA 01000000 MOV EDX,1
0048DC87|.8B45 FC MOV EAX,DWORD PTR SS:
0048DC8A|.E8 616FF7FF CALL WMAMP3Co.00404BF0 ;取字串的前10位为字符串4
0048DC8F|.8D45 F4 LEA EAX,DWORD PTR SS:
0048DC92|.50 PUSH EAX
0048DC93|.8B45 FC MOV EAX,DWORD PTR SS:
0048DC96|.E8 FD6CF7FF CALL WMAMP3Co.00404998
0048DC9B|.8BC8 MOV ECX,EAX
0048DC9D|.BA 06000000 MOV EDX,6
0048DCA2|.8B45 FC MOV EAX,DWORD PTR SS:
0048DCA5|.E8 466FF7FF CALL WMAMP3Co.00404BF0 ;从字符串的第6位开始取一直到最后一位为字符串5
0048DCAA|.837D F4 00 CMP DWORD PTR SS:,0
0048DCAE|.75 10 JNZ SHORT WMAMP3Co.0048DCC0
0048DCB0|.8D45 F4 LEA EAX,DWORD PTR SS:
0048DCB3|.BA 60DD4800 MOV EDX,WMAMP3Co.0048DD60 ;ASCII "Jt^S0Mvx5C1"
0048DCB8|.8B4D F8 MOV ECX,DWORD PTR SS:
0048DCBB|.E8 246DF7FF CALL WMAMP3Co.004049E4
0048DCC0|>53 PUSH EBX
0048DCC1|.8B4D F4 MOV ECX,DWORD PTR SS:
0048DCC4|.8B55 F8 MOV EDX,DWORD PTR SS:
0048DCC7|.8BC7 MOV EAX,EDI
0048DCC9|.E8 92F0FFFF CALL WMAMP3Co.0048CD60 ;这是关键的算法CALL要进看看哪就来到 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
注意了就是算了
0048CD60/$55 PUSH EBP
0048CD61|.8BEC MOV EBP,ESP
0048CD63|.83C4 E0 ADD ESP,-20
0048CD66|.53 PUSH EBX
0048CD67|.56 PUSH ESI
0048CD68|.57 PUSH EDI
0048CD69|.33DB XOR EBX,EBX
0048CD6B|.895D E0 MOV DWORD PTR SS:,EBX
0048CD6E|.895D F0 MOV DWORD PTR SS:,EBX
0048CD71|.894D F8 MOV DWORD PTR SS:,ECX
0048CD74|.8955 FC MOV DWORD PTR SS:,EDX
0048CD77|.8B45 FC MOV EAX,DWORD PTR SS:
0048CD7A|.E8 017EF7FF CALL WMAMP3Co.00404B80
0048CD7F|.8B45 F8 MOV EAX,DWORD PTR SS:
0048CD82|.E8 F97DF7FF CALL WMAMP3Co.00404B80
0048CD87|.33C0 XOR EAX,EAX
0048CD89|.55 PUSH EBP
0048CD8A|.68 7CCE4800 PUSH WMAMP3Co.0048CE7C
0048CD8F|.64:FF30 PUSH DWORD PTR FS:
0048CD92|.64:8920 MOV DWORD PTR FS:,ESP
0048CD95|.8B45 F8 MOV EAX,DWORD PTR SS:
0048CD98|.E8 FB7BF7FF CALL WMAMP3Co.00404998
0048CD9D|.8945 F4 MOV DWORD PTR SS:,EAX
0048CDA0|.837D F4 00 CMP DWORD PTR SS:,0
0048CDA4|.75 0D JNZ SHORT WMAMP3Co.0048CDB3
0048CDA6|.8D45 F8 LEA EAX,DWORD PTR SS:
0048CDA9|.BA 94CE4800 MOV EDX,WMAMP3Co.0048CE94 ;ASCII "Think Space"
0048CDAE|.E8 C579F7FF CALL WMAMP3Co.00404778
0048CDB3|>33F6 XOR ESI,ESI ;ESI清0
0048CDB5|.BB 00010000 MOV EBX,100 ;EBX置16进制的100
0048CDBA|.8D45 F0 LEA EAX,DWORD PTR SS:
0048CDBD|.50 PUSH EAX
0048CDBE|.C745 E4 00010>MOV DWORD PTR SS:,100
0048CDC5|.C645 E8 00 MOV BYTE PTR SS:,0
0048CDC9|.8D55 E4 LEA EDX,DWORD PTR SS:
0048CDCC|.33C9 XOR ECX,ECX
0048CDCE|.B8 A8CE4800 MOV EAX,WMAMP3Co.0048CEA8 ;ASCII "%1.2x"
0048CDD3|.E8 30CFF7FF CALL WMAMP3Co.00409D08
0048CDD8|.8B45 FC MOV EAX,DWORD PTR SS: ;这是前10位的字符串给EAX
0048CDDB|.E8 B87BF7FF CALL WMAMP3Co.00404998 ;算出字串的位数给EAX
0048CDE0|.8BF8 MOV EDI,EAX ;把EAX的值给EDI做下面的循环的参数用
0048CDE2|.85FF TEST EDI,EDI
0048CDE4|.7E 60 JLE SHORT WMAMP3Co.0048CE46
0048CDE6|.C745 EC 01000>MOV DWORD PTR SS:,1 ;SS;置1
0048CDED|>8B45 FC /MOV EAX,DWORD PTR SS: ;把字符串4给EAX
0048CDF0|.8B55 EC |MOV EDX,DWORD PTR SS: ;SS;传给EDX做取字符串的参数
0048CDF3|.0FB64410 FF |MOVZX EAX,BYTE PTR DS: ;循环取出字符串4的字符给EAX
0048CDF8|.03C3 |ADD EAX,EBX ;EAX加16进制的100
0048CDFA|.B9 FF000000 |MOV ECX,0FF ;ECX置0FF
0048CDFF|.99 |CDQ ;EDX清0
0048CE00|.F7F9 |IDIV ECX ;EAX带符号数除ECX
0048CE02|.8BDA |MOV EBX,EDX ;把佘数给EBX
0048CE04|.3B75 F4 |CMP ESI,DWORD PTR SS:
0048CE07|.7D 03 |JGE SHORT WMAMP3Co.0048CE0C
0048CE09|.46 |INC ESI ;ESI自动加1
0048CE0A|.EB 05 |JMP SHORT WMAMP3Co.0048CE11
0048CE0C|>BE 01000000 |MOV ESI,1
0048CE11|>8B45 F8 |MOV EAX,DWORD PTR SS: ;把字符5给EAX
0048CE14|.0FB64430 FF |MOVZX EAX,BYTE PTR DS: ;循环取出字符串5的字符给EAX
0048CE19|.33D8 |XOR EBX,EAX ;EBX和EAX逻辑异或运算
0048CE1B|.8D45 E0 |LEA EAX,DWORD PTR SS:
0048CE1E|.50 |PUSH EAX
0048CE1F|.895D E4 |MOV DWORD PTR SS:,EBX ;把运算结果给SS;
0048CE22|.C645 E8 00 |MOV BYTE PTR SS:,0
0048CE26|.8D55 E4 |LEA EDX,DWORD PTR SS:
0048CE29|.33C9 |XOR ECX,ECX ;ECX清0
0048CE2B|.B8 A8CE4800 |MOV EAX,WMAMP3Co.0048CEA8 ;ASCII "%1.2x"
0048CE30|.E8 D3CEF7FF |CALL WMAMP3Co.00409D08
0048CE35|.8B55 E0 |MOV EDX,DWORD PTR SS:
0048CE38|.8D45 F0 |LEA EAX,DWORD PTR SS:
0048CE3B|.E8 607BF7FF |CALL WMAMP3Co.004049A0 ;100加上运出字符串6
0048CE40|.FF45 EC |INC DWORD PTR SS:
0048CE43|.4F |DEC EDI
0048CE44|.^ 75 A7 \JNZ SHORT WMAMP3Co.0048CDED
0048CE46|>8B45 08 MOV EAX,DWORD PTR SS:
0048CE49|.8B55 F0 MOV EDX,DWORD PTR SS:
0048CE4C|.E8 E378F7FF CALL WMAMP3Co.00404734
0048CE51|.33C0 XOR EAX,EAX
0048CE53|.5A POP EDX
0048CE54|.59 POP ECX
0048CE55|.59 POP ECX
0048CE56|.64:8910 MOV DWORD PTR FS:,EDX
0048CE59|.68 83CE4800 PUSH WMAMP3Co.0048CE83
0048CE5E|>8D45 E0 LEA EAX,DWORD PTR SS:
0048CE61|.E8 7A78F7FF CALL WMAMP3Co.004046E0
0048CE66|.8D45 F0 LEA EAX,DWORD PTR SS:
0048CE69|.E8 7278F7FF CALL WMAMP3Co.004046E0
0048CE6E|.8D45 F8 LEA EAX,DWORD PTR SS:
0048CE71|.BA 02000000 MOV EDX,2
0048CE76|.E8 8978F7FF CALL WMAMP3Co.00404704
0048CE7B\.C3 RETN
0048CE7C .^ E9 E371F7FF JMP WMAMP3Co.00404064
0048CE81 .^ EB DB JMP SHORT WMAMP3Co.0048CE5E
0048CE83 .5F POP EDI
0048CE84 .5E POP ESI
0048CE85 .5B POP EBX
0048CE86 .8BE5 MOV ESP,EBP
0048CE88 .5D POP EBP
0048CE89 .C2 0400 RETN 4
页:
[1]