加密狗技术网 加密狗破解 Aurora Media Workshop 3.4.2注册全过程

Aurora Media Workshop 3.4.2注册全过程

od载入查找字符串‘invalid username or registration code’来到0045B…

od载入查找字符串‘invalid username or registration code’来到
0045BDA0 . 6A FF push -1 ; (initial cpu selection)
0045BDA2 . 68 18204700 push 00472018 ; SE 处理程序安装
0045BDA7 . 64:A1 0000000>mov eax, fs:[0]
0045BDAD . 50 push eax
0045BDAE . 64:8925 00000>mov fs:[0], esp
0045BDB5 . 51 push ecx
0045BDB6 . 53 push ebx
0045BDB7 . 56 push esi
0045BDB8 . 8BF1 mov esi, ecx
0045BDBA . 57 push edi
0045BDBB . 8D4C24 0C lea ecx, [esp+C]
0045BDBF . E8 64A40000 call
0045BDC4 . 6A 01 push 1 ; 在0045BDC4处F2,不然会跳到注册失败,seh?
0045BDC6 . 8BCE mov ecx, esi
0045BDC8 . C74424 1C 000>mov dword ptr [esp+1C], 0
0045BDD0 . E8 D3A80000 call
0045BDD5 . E8 FCA70000 call
0045BDDA . 8B48 04 mov ecx, [eax+4]
0045BDDD . E8 08A90000 call
0045BDE2 . 68 E8030000 push 3E8 ; /Timeout = 1000. ms
0045BDE7 . FF15 3C324700 call [<&KERNEL32.Sleep>] ; \Sleep
0045BDED . E8 E4A70000 call
0045BDF2 . 8B48 04 mov ecx, [eax+4]
0045BDF5 . E8 EAA80000 call
0045BDFA . 8B46 64 mov eax, [esi+64]
0045BDFD . 8B4E 60 mov ecx, [esi+60]
0045BE00 . 8D5E 64 lea ebx, [esi+64]
0045BE03 . 8D7E 60 lea edi, [esi+60]
0045BE06 . 50 push eax
0045BE07 . 51 push ecx
0045BE08 . E8 733F0000 call 0045FD80 ; 关键call 跟进
0045BE0D . 83C4 08 add esp, 8
0045BE10 . 85C0 test eax, eax
0045BE12 . 75 1F jnz short 0045BE33 ; 关键比较
0045BE14 . 6A 40 push 40 ; (initial cpu selection)
0045BE16 . 68 9C4C4900 push 00494C9C ; sorry
0045BE1B . 68 704C4900 push 00494C70 ; invalid username or registration code
0045BE20 . 8BCE mov ecx, esi
0045BE22 . E8 7DA90000 call
0045BE27 . C705 D8FB4D00>mov dword ptr [4DFBD8], 0
0045BE31 . EB 76 jmp short 0045BEA9
0045BE33 > 8B07 mov eax, [edi]
0045BE35 . 8D4C24 0C lea ecx, [esp+C]
0045BE39 . 50 push eax
0045BE3A . 68 544C4900 push 00494C54 ; license to:%s
0045BE3F . 51 push ecx
0045BE40 . E8 97A70000 call
0045BE45 . 8B5424 18 mov edx, [esp+18]
0045BE49 . 83C4 0C add esp, 0C
0045BE4C . 8BCE mov ecx, esi
0045BE4E . 6A 40 push 40
0045BE50 . 68 484C4900 push 00494C48 ; thank you
0045BE55 . 52 push edx
0045BE56 . E8 49A90000 call
0045BE5B . 57 push edi
0045BE5C . B9 D4D24900 mov ecx, 0049D2D4
0045BE61 . E8 CEA30000 call
0045BE66 . 53 push ebx
0045BE67 . B9 D8D24900 mov ecx, 0049D2D8
0045BE6C . E8 C3A30000 call
0045BE71 . C705 D8FB4D00>mov dword ptr [4DFBD8], 1
0045BE7B . 8B3F mov edi, [edi]
0045BE7D . 57 push edi
0045BE7E . 68 A0C24800 push 0048C2A0 ; username
0045BE83 . 68 94C24800 push 0048C294 ; register
0045BE88 . B9 C4D14900 mov ecx, 0049D1C4
0045BE8D . E8 5EC7FEFF call 004485F0
0045BE92 . 8B1B mov ebx, [ebx]
0045BE94 . B9 C4D14900 mov ecx, 0049D1C4
0045BE99 . 53 push ebx
0045BE9A . 68 84C24800 push 0048C284 ; registercode
0045BE9F . 68 94C24800 push 0048C294 ; register
0045BEA4 . E8 47C7FEFF call 004485F0
0045BEA9 > 8BCE mov ecx, esi
0045BEAB . E8 04A80000 call
0045BEB0 . 8D4C24 0C lea ecx, [esp+C]
0045BEB4 . C74424 18 FFF>mov dword ptr [esp+18], -1
0045BEBC . E8 1FA30000 call
0045BEC1 . 8B4C24 10 mov ecx, [esp+10]
0045BEC5 . 5F pop edi
0045BEC6 . 5E pop esi
0045BEC7 . 5B pop ebx
0045BEC8 . 64:890D 00000>mov fs:[0], ecx
0045BECF . 83C4 10 add esp, 10
0045BED2 . C3 retn


进入关键call
0045FD80 /$ 53 push ebx
0045FD81 |. 55 push ebp
0045FD82 |. 8B6C24 0C mov ebp, [esp+C]
0045FD86 |. 56 push esi
0045FD87 |. 57 push edi
0045FD88 |. BE 54D14900 mov esi, 0049D154 ; 下面判断用户名第一位是不是0
0045FD8D |. 8BC5 mov eax, ebp ; 用户名入eax
0045FD8F |> 8A10 /mov dl, [eax] ; 用户名第一位入dl
0045FD91 |. 8A1E |mov bl, [esi] ; 0入bl
0045FD93 |. 8ACA |mov cl, dl ; t和x比较
0045FD95 |. 3AD3 |cmp dl, bl ; t和0比较
0045FD97 |. 75 1E |jnz short 0045FDB7
0045FD99 |. 84C9 |test cl, cl
0045FD9B |. 74 16 |je short 0045FDB3
0045FD9D |. 8A50 01 |mov dl, [eax+1]
0045FDA0 |. 8A5E 01 |mov bl, [esi+1]
0045FDA3 |. 8ACA |mov cl, dl
0045FDA5 |. 3AD3 |cmp dl, bl
0045FDA7 |. 75 0E |jnz short 0045FDB7
0045FDA9 |. 83C0 02 |add eax, 2
0045FDAC |. 83C6 02 |add esi, 2
0045FDAF |. 84C9 |test cl, cl
0045FDB1 |.^ 75 DC \jnz short 0045FD8F
0045FDB3 |> 33C0 xor eax, eax
0045FDB5 |. EB 05 jmp short 0045FDBC
0045FDB7 |> 1BC0 sbb eax, eax ; 借位减=0
0045FDB9 |. 83D8 FF sbb eax, -1 ; =1
0045FDBC |> 85C0 test eax, eax
0045FDBE |. 74 51 je short 0045FE11
0045FDC0 |. 8B7C24 18 mov edi, [esp+18] ; 注册码地址进edi
0045FDC4 |. BE 54D14900 mov esi, 0049D154 ; 下面判断注册码第一位是不是等于0
0045FDC9 |. 8BC7 mov eax, edi ; 注册码进eax
0045FDCB |> 8A10 /mov dl, [eax] ; 注册码第一位进dl
0045FDCD |. 8A1E |mov bl, [esi] ; 49d154地址为0 进bl
0045FDCF |. 8ACA |mov cl, dl ; 注册码第一位进cl
0045FDD1 |. 3AD3 |cmp dl, bl ; 7和0比较
0045FDD3 |. 75 1E |jnz short 0045FDF3
0045FDD5 |. 84C9 |test cl, cl
0045FDD7 |. 74 16 |je short 0045FDEF
0045FDD9 |. 8A50 01 |mov dl, [eax+1]
0045FDDC |. 8A5E 01 |mov bl, [esi+1]
0045FDDF |. 8ACA |mov cl, dl
0045FDE1 |. 3AD3 |cmp dl, bl
0045FDE3 |. 75 0E |jnz short 0045FDF3
0045FDE5 |. 83C0 02 |add eax, 2
0045FDE8 |. 83C6 02 |add esi, 2
0045FDEB |. 84C9 |test cl, cl
0045FDED |.^ 75 DC \jnz short 0045FDCB
0045FDEF |> 33C0 xor eax, eax
0045FDF1 |. EB 05 jmp short 0045FDF8
0045FDF3 |> 1BC0 sbb eax, eax ; 借位减 eax=0
0045FDF5 |. 83D8 FF sbb eax, -1 ; =1
0045FDF8 |> 85C0 test eax, eax
0045FDFA |. 74 15 je short 0045FE11
0045FDFC |. 57 push edi ; 注册码入栈
0045FDFD |. 55 push ebp ; 用户名入栈
0045FDFE |. E8 4DFDFFFF call 0045FB50 ; 关键call
0045FE03 |. 83C4 08 add esp, 8
0045FE06 |. F7D8 neg eax
0045FE08 |. 5F pop edi
0045FE09 |. 5E pop esi
0045FE0A |. 1BC0 sbb eax, eax
0045FE0C |. 5D pop ebp
0045FE0D |. F7D8 neg eax
0045FE0F |. 5B pop ebx
0045FE10 |. C3 retn
0045FE11 |> 5F pop edi
0045FE12 |. 5E pop esi
0045FE13 |. 5D pop ebp
0045FE14 |. 33C0 xor eax, eax
0045FE16 |. 5B pop ebx
0045FE17 . C3 retn

上面是判断用户名和注册码是否为空,继续进入0045FDFE
0045FB50 /$ 6A FF push -1
0045FB52 |. 68 F0264700 push 004726F0 ; SE 处理程序安装
0045FB57 |. 64:A1 0000000>mov eax, fs:[0]
0045FB5D |. 50 push eax
0045FB5E |. 64:8925 00000>mov fs:[0], esp
0045FB65 |. 83EC 14 sub esp, 14
0045FB68 |. 8B4424 24 mov eax, [esp+24] ; 用户名进eax
0045FB6C |. 53 push ebx
0045FB6D |. 55 push ebp
0045FB6E |. 56 push esi
0045FB6F |. 57 push edi
0045FB70 |. 50 push eax
0045FB71 |. 8D4C24 18 lea ecx, [esp+18]
0045FB75 |. E8 78660000 call ; 注册码地址进ecx
0045FB7A |. 8D4C24 14 lea ecx, [esp+14]
0045FB7E |. C74424 2C 000>mov dword ptr [esp+2C], 0
0045FB86 |. E8 A56A0000 call ; 去掉用户名左右空格
0045FB8B |. 8D4C24 14 lea ecx, [esp+14]
0045FB8F |. E8 966A0000 call
0045FB94 |. 6A 20 push 20
0045FB96 |. 8D4C24 18 lea ecx, [esp+18]
0045FB9A |. E8 316D0000 call
0045FB9F |. 8B4C24 38 mov ecx, [esp+38] ; 注册码进ecx
0045FBA3 |. 8BD8 mov ebx, eax
0045FBA5 |. 51 push ecx
0045FBA6 |. 8D4C24 14 lea ecx, [esp+14]
0045FBAA |. E8 43660000 call
0045FBAF |. 8D4C24 10 lea ecx, [esp+10] ; 注册码进ecx
0045FBB3 |. C64424 2C 01 mov byte ptr [esp+2C], 1
0045FBB8 |. E8 736A0000 call ; 去掉注册码左右空格
0045FBBD |. 8D4C24 10 lea ecx, [esp+10]
0045FBC1 |. E8 646A0000 call
0045FBC6 |. 6A 20 push 20
0045FBC8 |. 8D4C24 14 lea ecx, [esp+14]
0045FBCC |. E8 FF6C0000 call
0045FBD1 |. 8BD0 mov edx, eax ; 注册码进edx
0045FBD3 |. 83CE FF or esi, FFFFFFFF
0045FBD6 |. 8BFA mov edi, edx
0045FBD8 |. 8BCE mov ecx, esi
0045FBDA |. 33C0 xor eax, eax
0045FBDC |. 895424 20 mov [esp+20], edx ; 注册码进栈
0045FBE0 |. F2:AE repne scas byte ptr es:[edi] ; ecx=fffffff7
0045FBE2 |. F7D1 not ecx ; ecx=7
0045FBE4 |. 49 dec ecx ; 7-1=6
0045FBE5 |. 8BFB mov edi, ebx ; 注册码进edi
0045FBE7 |. 8BE9 mov ebp, ecx
0045FBE9 |. 8BCE mov ecx, esi
0045FBEB |. F2:AE repne scas byte ptr es:[edi]
0045FBED |. F7D1 not ecx ; fffffff8
0045FBEF |. 49 dec ecx ; 8-1=7
0045FBF0 |. 3BCD cmp ecx, ebp ; 比较注册码位数是否大于用户名
0045FBF2 |. 0F87 54010000 ja 0045FD4C ; 关键不能跳
0045FBF8 |. 8BFB mov edi, ebx ; 注册码进edi
0045FBFA |. 8BCE mov ecx, esi ; ffffffff进ecx
0045FBFC |. F2:AE repne scas byte ptr es:[edi] ; ecx=fffffff7
0045FBFE |. F7D1 not ecx ; ecx=8
0045FC00 |. 49 dec ecx ; 8-1=7
0045FC01 |. 0F84 45010000 je 0045FD4C ; 关键不能跳
0045FC07 |. 8BFA mov edi, edx ; 注册码进edi
0045FC09 |. 8BCE mov ecx, esi
0045FC0B |. F2:AE repne scas byte ptr es:[edi]
0045FC0D |. F7D1 not ecx ; ecx=fffffff8
0045FC0F |. 49 dec ecx ; ecx=7-1=6不等于0
0045FC10 |. 0F84 36010000 je 0045FD4C ; 关键跳不能跳
0045FC16 |. 894424 38 mov [esp+38], eax
0045FC1A |> 8B5424 38 /mov edx, [esp+38] ; 清空edx
0045FC1E |. 8D4C24 34 |lea ecx, [esp+34] ; 用户名进ecx
0045FC22 |. 8A82 884E4900 |mov al, [edx+494E88] ; p的ascll进al
0045FC28 |. 884424 18 |mov [esp+18], al
0045FC2C |. E8 F7650000 |call
0045FC31 |. 8BFB |mov edi, ebx ; 用户名进edi
0045FC33 |. 83C9 FF |or ecx, FFFFFFFF ; ecx=ffffffff
0045FC36 |. 33C0 |xor eax, eax ; eax=0
0045FC38 |. 33ED |xor ebp, ebp ; ebx=0
0045FC3A |. F2:AE |repne scas byte ptr es:[edi]
0045FC3C |. F7D1 |not ecx ; ecx=fffffff7
0045FC3E |. 49 |dec ecx ; ecx=8-1=7
0045FC3F |. C64424 2C 02 |mov byte ptr [esp+2C], 2
0045FC44 |. 74 4B |je short 0045FC91 ; 是否=2
0045FC46 |> 8A042B |/mov al, [ebx+ebp] ; 循环用户名
0045FC49 |. 33F6 ||xor esi, esi
0045FC4B |> 3A0475 204E49>||/cmp al, [esi2+494E20] ; 循环找用户名等于字母表第几位 0045FC52 |. 74 08 |||je short 0045FC5C 0045FC54 |. 46 |||inc esi 0045FC55 |. 83FE 34 |||cmp esi, 34 0045FC58 |.^ 7C F1 ||\jl short 0045FC4B 0045FC5A |. EB 11 ||jmp short 0045FC6D 0045FC5C |> 8A0C75 214E49>||mov cl, [esi2+494E21] ; 然后在乱序表中根据位数找到字母
0045FC63 |. 51 ||push ecx
0045FC64 |. 8D4C24 38 ||lea ecx, [esp+38]
0045FC68 |. E8 43680000 ||call
0045FC6D |> 83FE 34 ||cmp esi, 34 ; 位数是否等于34
0045FC70 |. 75 0E ||jnz short 0045FC80
0045FC72 |. 8B5424 18 ||mov edx, [esp+18]
0045FC76 |. 8D4C24 34 ||lea ecx, [esp+34]
0045FC7A |. 52 ||push edx
0045FC7B |. E8 30680000 ||call ; 得到PkIFkdM
0045FC80 |> 8BFB ||mov edi, ebx
0045FC82 |. 83C9 FF ||or ecx, FFFFFFFF
0045FC85 |. 33C0 ||xor eax, eax
0045FC87 |. 45 ||inc ebp
0045FC88 |. F2:AE ||repne scas byte ptr es:[edi]
0045FC8A |. F7D1 ||not ecx
0045FC8C |. 49 ||dec ecx
0045FC8D |. 3BE9 ||cmp ebp, ecx ; 用户名位数和1比
0045FC8F |.^ 72 B5 |\jb short 0045FC46
0045FC91 |> 8B4424 34 |mov eax, [esp+34] ; PkIFkdM进eax
0045FC95 |. 8B48 F8 |mov ecx, [eax-8] ; 位数进ecx
0045FC98 |. 83F9 10 |cmp ecx, 10 ; 是否等于16位
0045FC9B |. 7D 3A |jge short 0045FCD7 ; 大于等于跳
0045FC9D |. 8BC1 |mov eax, ecx
0045FC9F |. B9 10000000 |mov ecx, 10
0045FCA4 |. 2BC8 |sub ecx, eax ; 16-7=9
0045FCA6 |. 8D5424 1C |lea edx, [esp+1C]
0045FCAA |. 51 |push ecx
0045FCAB |. 52 |push edx
0045FCAC |. B9 90FB4D00 |mov ecx, 004DFB90
0045FCB1 |. E8 02660000 |call ; 取字符串LdQsBcmpJpaE左边位数填充9位
0045FCB6 |. 50 |push eax
0045FCB7 |. 8D4C24 38 |lea ecx, [esp+38]
0045FCBB |. C64424 30 03 |mov byte ptr [esp+30], 3
0045FCC0 |. E8 E5670000 |call ; ‘PkIFkdM’+‘LdQsBcmpJ’
0045FCC5 |. 8D4C24 1C |lea ecx, [esp+1C]
0045FCC9 |. C64424 2C 02 |mov byte ptr [esp+2C], 2
0045FCCE |. E8 0D650000 |call
0045FCD3 |. 8B4424 34 |mov eax, [esp+34]
0045FCD7 |> 8B4C24 20 |mov ecx, [esp+20] ; 注册码进ecx
0045FCDB |. 51 |push ecx ; /s2
0045FCDC |. 50 |push eax ; |s1
0045FCDD |. FF15 A03A4700 |call [<&MSVCRT._mbscmp>] ; \比较是否等于PkIFkdMLdQsBcmpJ
0045FCE3 |. 83C4 08 |add esp, 8
0045FCE6 |. 8D4C24 34 |lea ecx, [esp+34]
0045FCEA |. 85C0 |test eax, eax
0045FCEC |. C64424 2C 01 |mov byte ptr [esp+2C], 1
0045FCF1 |. 74 1B |je short 0045FD0E ; 关键比较
0045FCF3 |. 33F6 |xor esi, esi
0045FCF5 |. E8 E6640000 |call
0045FCFA |. 8B4424 38 |mov eax, [esp+38]
0045FCFE |. 40 |inc eax
0045FCFF |. 83F8 03 |cmp eax, 3
0045FD02 |. 894424 38 |mov [esp+38], eax
0045FD06 |.^ 0F8C 0EFFFFFF \jl 0045FC1A
0045FD0C |. EB 0A jmp short 0045FD18
0045FD0E |> BE 01000000 mov esi, 1
0045FD13 |. E8 C8640000 call
0045FD18 |> 8D4C24 10 lea ecx, [esp+10]
0045FD1C |. C64424 2C 00 mov byte ptr [esp+2C], 0
0045FD21 |. E8 BA640000 call
0045FD26 |. 8D4C24 14 lea ecx, [esp+14]
0045FD2A |. C74424 2C FFF>mov dword ptr [esp+2C], -1
0045FD32 |. E8 A9640000 call
0045FD37 |. 8BC6 mov eax, esi
0045FD39 |. 5F pop edi
0045FD3A |. 5E pop esi
0045FD3B |. 5D pop ebp
0045FD3C |. 5B pop ebx
0045FD3D |. 8B4C24 14 mov ecx, [esp+14]
0045FD41 |. 64:890D 00000>mov fs:[0], ecx
0045FD48 |. 83C4 20 add esp, 20
0045FD4B |. C3 retn
0045FD4C |> 8D4C24 10 lea ecx, [esp+10] ; 注册码进ecx
0045FD50 |. C64424 2C 00 mov byte ptr [esp+2C], 0
0045FD55 |. E8 86640000 call
0045FD5A |. 8D4C24 14 lea ecx, [esp+14] ; 用户名进ecx
0045FD5E |. 897424 2C mov [esp+2C], esi
0045FD62 |. E8 79640000 call
0045FD67 |. 8B4C24 24 mov ecx, [esp+24] ; 注册码进ecx
0045FD6B |. 5F pop edi
0045FD6C |. 5E pop esi
0045FD6D |. 5D pop ebp
0045FD6E |. 33C0 xor eax, eax
0045FD70 |. 5B pop ebx
0045FD71 |. 64:890D 00000>mov fs:[0], ecx
0045FD78 |. 83C4 20 add esp, 20
0045FD7B . C3 retn

本文来自网络,不代表加密狗技术网立场,转载请注明出处:http://www.crackgou.com/pojie/78.html

作者: admin

发表评论

您的电子邮箱地址不会被公开。

联系我们

联系我们

000-00000000

在线咨询: QQ交谈

邮箱: wolfree@qq.com

工作时间:8:00-23:00

关注微信
微信扫一扫关注我们

微信扫一扫关注我们

关注微博
返回顶部