AVI-GIF1.09算法分析
-
AVI-GIF1.09算法分析
软件名称:AVI-GIF
整理日期:2002.9.2
最新版本:1.0.9
文件大小:592KB
软件授权:共享软件
使用平台:Win9x/Me/NT/2000
发布公司:Home Page
软件简介:
AVI-GIF是一套影像转换器,它可以将 AVI转换成GIF.GIF转换成AVI影像格式,您的AVI影片若有好看的片段,但苦无转文件程序转换成GIF的话,AVI-GIF是一个不错的选择。
下载:
http://sz.onlinedown.net/down/AVI-GIF.exe
反汇编后很容易找断点,这是就不再多说,以下是算法部分:
004ACE20 . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
004ACE23 . BA 8E91C621 MOV EDX,21C6918E
004ACE28 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004ACE2B . E8 D8FDFFFF CALL unpacked.004ACC08,关键CALL,跟入
004ACE30 . 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24],d edx就看到真码
004ACE33 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004ACE36 . E8 B57AF5FF CALL unpacked.004048F0
004ACE3B . 0F85 52010000 JNZ unpacked.004ACF93,不等就失败
在004ACE2B跟入后来到这里
004ACC1E |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8],注册名
004ACC21 |. E8 6E7DF5FF CALL unpacked.00404994
004ACC26 |. 33C0 XOR EAX,EAX
004ACC28 |. 55 PUSH EBP
004ACC29 |. 68 9ACD4A00 PUSH unpacked.004ACD9A
004ACC2E |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004ACC31 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004ACC34 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004ACC37 |. E8 B878F5FF CALL unpacked.004044F4
004ACC3C |. 33F6 XOR ESI,ESI
004ACC3E |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
004ACC42 |. 0F84 2C010000 JE unpacked.004ACD74
004ACC48 |. 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
004ACC4C |. 0F84 22010000 JE unpacked.004ACD74
004ACC52 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004ACC55 |. E8 527BF5FF CALL unpacked.004047AC,这处CALL是计算注册名的长度,结果在EAX。
004ACC5A |. 8BD8 MOV EBX,EAX
004ACC5C |. 85DB TEST EBX,EBX
004ACC5E |. 7E 26 JLE SHORT unpacked.004ACC86
004ACC60 |. BF 01000000 MOV EDI,1
004ACC65 |> 8B45 F8 /MOV EAX,DWORD PTR SS:[EBP-8],注册名
004ACC68 |. E8 3F7BF5FF |CALL unpacked.004047AC,长度为len
004ACC6D |. F76D FC |IMUL DWORD PTR SS:[EBP-4],len*21c6918eh
004ACC70 |. 03F0 |ADD ESI,EAX,esi=esi+len*21c6918eh
004ACC72 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004ACC75 |. 0FB64438 FF |MOVZX EAX,BYTE PTR DS:[EAX+EDI-1],取注册名一个字符到EAX
004ACC7A |. 69C0 CE020000 |IMUL EAX,EAX,2CE,EAX*2CEH
004ACC80 |. 03F0 |ADD ESI,EAX,ESI=ESI+EAX
004ACC82 |. 47 |INC EDI
004ACC83 |. 4B |DEC EBX
004ACC84 |.^75 DF \JNZ SHORT unpacked.004ACC65,循环
004ACC86 |> 8BC6 MOV EAX,ESI,以下四行是对ESI的值取绝对值
004ACC88 |. 99 CDQ
004ACC89 |. 33C2 XOR EAX,EDX
004ACC8B |. 2BC2 SUB EAX,EDX,结果放EAX,其十进制就是第一组注册码。
004ACC8D |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
004ACC90 |. E8 6BBDF5FF CALL unpacked.00408A00,INTTOSTR()
004ACC95 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004ACC98 |. 50 PUSH EAX
004ACC99 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004ACC9C |. E8 0B7BF5FF CALL unpacked.004047AC
004ACCA1 |. 8BD0 MOV EDX,EAX
004ACCA3 |. 83EA 0A SUB EDX,0A
004ACCA6 |. B9 0A000000 MOV ECX,0A
004ACCAB |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004ACCAE |. E8 517DF5FF CALL unpacked.00404A04
004ACCB3 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004ACCB6 |. E8 F17AF5FF CALL unpacked.004047AC
004ACCBB |. 8BD8 MOV EBX,EAX
004ACCBD |. 85DB TEST EBX,EBX
004ACCBF |. 7E 27 JLE SHORT unpacked.004ACCE8
004ACCC1 |. BF 01000000 MOV EDI,1
004ACCC6 |> 8B45 F8 /MOV EAX,DWORD PTR SS:[EBP-8],注册名
004ACCC9 |. E8 DE7AF5FF |CALL unpacked.004047AC,LEN
004ACCCE |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
004ACCD1 |. 0FB6543A FF |MOVZX EDX,BYTE PTR DS:[EDX+EDI-1],取注册名一个字符N到EDX
004ACCD6 |. 0FAF55 FC |IMUL EDX,DWORD PTR SS:[EBP-4] N=N*21C6918EH
004ACCDA |. 69D2 BC070000 |IMUL EDX,EDX,7BC ,N=N*7BCH
004ACCE0 |. 03F2 |ADD ESI,EDXESI=ESE+N
004ACCE2 |. 2BF0 |SUB ESI,EAXESI-LEN
004ACCE4 |. 47 |INC EDI
004ACCE5 |. 4B |DEC EBX
004ACCE6 |.^75 DE \JNZ SHORT unpacked.004ACCC6
004ACCE8 |> FF75 F4 PUSH DWORD PTR SS:[EBP-C]
004ACCEB |. 68 B4CD4A00 PUSH unpacked.004ACDB4
004ACCF0 |. 8BC6 MOV EAX,ESI
004ACCF2 |. 99 CDQ
004ACCF3 |. 33C2 XOR EAX,EDX
004ACCF5 |. 2BC2 SUB EAX,EDX结果放EAX,其十进制就是第一组注册码。
004ACCF7 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004ACCFA |. E8 01BDF5FF CALL unpacked.00408A00
004ACCFF |. FF75 F0 PUSH DWORD PTR SS:[EBP-10]
004ACD02 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004ACD05 |. BA 03000000 MOV EDX,3
004ACD0A |. E8 5D7BF5FF CALL unpacked.0040486C
004ACD0F |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004ACD12 |. E8 957AF5FF CALL unpacked.004047AC
004ACD17 |. 8BD8 MOV EBX,EAX
004ACD19 |. 85DB TEST EBX,EBX
004ACD1B |. 7E 2D JLE SHORT unpacked.004ACD4A
004ACD1D |. BF 01000000 MOV EDI,1
004ACD22 |> 8B45 F8 /MOV EAX,DWORD PTR SS:[EBP-8],这是第三组的计算,方法大致同上
004ACD25 |. E8 827AF5FF |CALL unpacked.004047AC
004ACD2A |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
004ACD2D |. 0FB6543A FF |MOVZX EDX,BYTE PTR DS:[EDX+EDI-1]
004ACD32 |. F7EA |IMUL EDX
004ACD34 |. 69C0 C6040000 |IMUL EAX,EAX,4C6
004ACD3A |. 03F0 |ADD ESI,EAX
004ACD3C |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004ACD3F |. E8 687AF5FF |CALL unpacked.004047AC
004ACD44 |. 03F0 |ADD ESI,EAX
004ACD46 |. 47 |INC EDI
004ACD47 |. 4B |DEC EBX
004ACD48 |.^75 D8 \JNZ SHORT unpacked.004ACD22
004ACD4A |> 0375 FC ADD ESI,DWORD PTR SS:[EBP-4],esi+21c6918e6
004ACD4D |. FF75 F4 PUSH DWORD PTR SS:[EBP-C]
004ACD50 |. 68 B4CD4A00 PUSH unpacked.004ACDB4
004ACD55 |. 8BC6 MOV EAX,ESI
004ACD57 |. 99 CDQ
004ACD58 |. 33C2 XOR EAX,EDX
004ACD5A |. 2BC2 SUB EAX,EDX
004ACD5C |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
004ACD5F |. E8 9CBCF5FF CALL unpacked.00408A00
004ACD64 |. FF75 EC PUSH DWORD PTR SS:[EBP-14]
004ACD67 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004ACD6A |. BA 03000000 MOV EDX,3
004ACD6F |. E8 F87AF5FF CALL unpacked.0040486C
004ACD74 |> 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004ACD77 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
004ACD7A |. E8 C977F5FF CALL unpacked.00404548
004ACD7F |. 33C0 XOR EAX,EAX
004ACD81 |. 5A POP EDX
004ACD82 |. 59 POP ECX
004ACD83 |. 59 POP ECX
004ACD84 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004ACD87 |. 68 A1CD4A00 PUSH unpacked.004ACDA1
004ACD8C |> 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
004ACD8F |. BA 04000000 MOV EDX,4
004ACD94 |. E8 7F77F5FF CALL unpacked.00404518
004ACD99 \. C3 RETN
总结:
假定注册名为name
1、第一组注册码x=|循环(name[i]*2ceh+x+len(name)*21c6918eh)|,其中i为注册名长度的循环。
2、第二组注册码y=|循环(name[i]*21c6918eh*7bch+y-len(name))|.i同上。
3、第三组注册码z=|循环(z+name[i]*len(name)*4c6h+len)+21c6918eh|,i同上。
附上注册机源码(DELPHI,KOL&MCK):
{ KOL MCK } // Do not remove this line!
{$DEFINE KOL_MCK}
unit Unit1;
interface
{$IFDEF KOL_MCK}
uses Windows, Messages, ShellAPI, KOL {$IFNDEF KOL_MCK}, mirror, Classes,
Controls, mckCtrls {$ENDIF};
{$ELSE}
{$I uses.inc} mirror,
Windows, Messages, SysUtils, Classes, Graphics, Controls, forms, Dialogs;
{$ENDIF}
type
{$IFDEF KOL_MCK}
{$I MCKfakeClasses.inc}
Pform1 = ^Tform1;
Tform1 = object(TObj)
form: PControl;
{$ELSE not_KOL_MCK}
Tform1 = class(Tform)
{$ENDIF KOL_MCK}
KOLProject1: TKOLProject;
KOLform1: TKOLform;
GroupBox1: TKOLGroupBox;
EditBox1: TKOLEditBox;
GroupBox2: TKOLGroupBox;
EditBox2: TKOLEditBox;
Button1: TKOLButton;
Button2: TKOLButton;
procedure Button1Click(Sender: PObj);
procedure Button2Click(Sender: PObj);
private
{ Private declarations }
public
{ Public declarations }
end;
var
form1 {$IFDEF KOL_MCK} : Pform1 {$ELSE} : Tform1 {$ENDIF} ;
{$IFDEF KOL_MCK}
procedure Newform1( var Result: Pform1; AParent: PControl );
{$ENDIF}
implementation
{$IFNDEF KOL_MCK} {$R *.DFM} {$ENDIF}
{$IFDEF KOL_MCK}
{$I Unit1_1.inc}
{$ENDIF}
procedure Tform1.Button1Click(Sender: PObj);
VAR
i,j,c:integer;
x,y,z,name:string;
begin
name:=editbox1.Text;
c:=length(name);
j:=0;
for i:=1 to c do
begin
j:=j+c*$21c6918e;
j:=j+ord(name[i])*$2ce;
end;
x:=int2str(abs(j));
for i:=1 to c do
j:=j+ord(name[i])*$21c6918e*$7bc-c;
y:=int2str(abs(j));
for i:=1 to c do
j:=j+ord(name[i])*c*$4c6+c;
j:=j+$21c6918e;
z:=int2str(abs(j));
editbox2.Text:=x+'-'+y+'-'+z;
end;
end.
注册机在win2000,delphi6环境下测试通过。
jwh51[FCG][DFCG]
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>