破解资源 发布日期:2024/10/7 浏览次数:1
前言 : 我在破解完这个屏幕录像专家的注册算法后想分享一下我的思路和大家一起学习一下,但是我不知道这是否违规所以在论坛上搜了一下原来以前已经有几个大佬分析过这个软件了,分析的确实好条理清晰。我是新手,所以我主要是站在新手的角度详细说一下软件的破解思路(和那几位大佬自然不能比),我始终认为只有站在菜鸟的立场去分析软件才能把文章写的通俗易懂。(但是这次我最后分析的并不好,前面思路还算清晰大家可以看文章最后链接那位大佬的贴子,我的帖子就给他打打辅助吧(估计也不配哈哈))
20200220133124.png
20200220133041.png
20200220142518.png
20200220150345.png
MJ8AFTW[0WFA9KZ]U~(AD0B.png
5%(U_}H2}%F%{RQ)DGRLVB5.png
G~)_X`XYEE74C{GL}7TUS0G.png
BE9`OA`W2_F]_JZC@BGJ]]C.png
7}B4Q@0X~XPVMJI0~}1IKE2.png
XTCPFSZ4GEI9_F`1P}KO.png
1YB3G]M]{)S`HK6[GYJ7D25.png
I)B8LH7FM4_U]7OVKBXM)(V.png
{KL{9M66(`ZAI%]2CFD8O)7.png
3(PPOR_T$[HD%%WQJX}@E.png
RK8(J_`@}%IJ7TI5)QR~_LA.png
Q34~`Z9DQ~RO9E5D2@59921.png
D_)1_I(MLB1I(V40$[PX2$S.png
004A111A . 8985 18FFFFFF mov dword ptr ss:[ebp-0xE8],eax004A1120 . 8DB5 00FFFFFF lea esi,dword ptr ss:[ebp-0x100]004A1126 . 33DB xor ebx,ebx ; ebx = 0004A1128 > 8B95 18FFFFFF mov edx,dword ptr ss:[ebp-0xE8] ; do{004A112E . 0FBE06 movsx eax,byte ptr ds:[esi] ; esi指向一个含有5个字符的字符串004A1131 . 0FBE0A movsx ecx,byte ptr ds:[edx] ; edx指向5个数据004A1134 . 83C1 EC add ecx,-0x14 ; ecx = ecx - 0x14004A1137 . 3BC1 cmp eax,ecx004A1139 . 0F85 80000000 jnz 屏录专家.004A11BF ; if(eax == ecx)004A113F . 83FB 03 cmp ebx,0x3 ; {004A1142 . 75 6A jnz X屏录专家.004A11AE ; if(ebx == 3)004A1144 . 81C7 444D0000 add edi,0x4D44 ; {004A114A . 89BD A0F6FFFF mov dword ptr ss:[ebp-0x960],edi ; edi = edi + 0x4d44004A1150 . DB85 A0F6FFFF fild dword ptr ss:[ebp-0x960] ; st = edi * 3.14004A1156 . DC0D 58194A00 fmul qword ptr ds:[0x4A1958] ; st = st * 0.1594896331738427110004A115C . DB2D 60194A00 fld tbyte ptr ds:[0x4A1960]004A1162 . DEC9 fmulp st(1),st004A1164 . E8 5FCA1200 call 屏录专家.005CDBC8 ; eax = int(st)004A1169 . 8BF8 mov edi,eax ; edi = eax004A116B . 8BC7 mov eax,edi004A116D . B9 A0860100 mov ecx,0x186A0 ; ecx = 0x186a0004A1172 . 99 cdq004A1173 . F7F9 idiv ecx ; edx:eax = eax / ecx004A1175 . 8BFA mov edi,edx ; - edi = edx004A1177 . 33C0 xor eax,eax ; eax = 0004A1179 . 8985 3CFFFFFF mov dword ptr ss:[ebp-0xC4],eax ; [ebp - 0xc4] = 0004A117F . 33D2 xor edx,edx ; edx =0004A1181 . 8D85 A4FEFFFF lea eax,dword ptr ss:[ebp-0x15C]004A1187 > 0FBE08 movsx ecx,byte ptr ds:[eax] ; 把那20个字符的前19个累加到 [ebp - 0xc4]004A118A . 018D 3CFFFFFF add dword ptr ss:[ebp-0xC4],ecx004A1190 . 42 inc edx004A1191 . 40 inc eax004A1192 . 83FA 13 cmp edx,0x13004A1195 .^ 7C F0 jl X屏录专家.004A1187004A1197 . 8B85 3CFFFFFF mov eax,dword ptr ss:[ebp-0xC4] ; eax = [ebp - 0xc4]004A119D . B9 0A000000 mov ecx,0xA ; ecx = 0xa004A11A2 . 99 cdq004A11A3 . F7F9 idiv ecx ; edx:eax = eax / ecx004A11A5 . 83C2 30 add edx,0x30 ; edx = edx + 0x30004A11A8 . 8995 3CFFFFFF mov dword ptr ss:[ebp-0xC4],edx ; [ebp - 0xc4] = edx004A11AE > 43 inc ebx ; }004A11AF . FF85 18FFFFFF inc dword ptr ss:[ebp-0xE8]004A11B5 . 46 inc esi ; ebx++004A11B6 . 83FB 05 cmp ebx,0x5 ; esi++004A11B9 .^ 0F8C 69FFFFFF jl 屏录专家.004A1128 ; }while(ebx < 5)004A11BF > 83FB 05 cmp ebx,0x5004A11C2 . 0F8C BE060000 jl 屏录专家.004A1886 ; 不能跳(跳转就失败)
SX0FO}($K1M]724LQ~OO_{B.png
}1I`}Q]TM@_ZWMN]BK}AIC5.png
L]D7P(N3_T@M9%N{HGDX25D.png
2GGNW}N5UQ2[L4YY}GE0OTF.png
M3)ZRUMTF(39XTK}Q%TP4.png
IY0O)E43)(HA6~TM]HD0_XI.png
DPCO9$L0VX28QAGDWJY1NV4.png
004A1126 . 33DB xor ebx,ebx ; ebx = 0004A1128 > 8B95 18FFFFFF mov edx,dword ptr ss:[ebp-0xE8] ; do{004A112E . 0FBE06 movsx eax,byte ptr ds:[esi] ; esi指向一个含有5个字符的字符串004A1131 . 0FBE0A movsx ecx,byte ptr ds:[edx] ; edx指向一个含有20个字符的字符串004A1134 . 83C1 EC add ecx,-0x14 ; ecx = ecx - 0x14004A1137 . 3BC1 cmp eax,ecx004A1139 . 0F85 80000000 jnz 屏录专家.004A11BF ; if(eax == ecx)004A113F . 83FB 03 cmp ebx,0x3 ; {004A1142 . 75 6A jnz X屏录专家.004A11AE ; if(ebx == 3)004A1144 . 81C7 444D0000 add edi,0x4D44 ; {004A114A . 89BD A0F6FFFF mov dword ptr ss:[ebp-0x960],edi ; edi = edi + 0x4d44004A1150 . DB85 A0F6FFFF fild dword ptr ss:[ebp-0x960] ; st = edi * 3.14004A1156 . DC0D 58194A00 fmul qword ptr ds:[0x4A1958] ; st = st * 0.1594896331738427110004A115C . DB2D 60194A00 fld tbyte ptr ds:[0x4A1960]004A1162 . DEC9 fmulp st(1),st004A1164 . E8 5FCA1200 call 屏录专家.005CDBC8 ; eax = int(st)004A1169 . 8BF8 mov edi,eax ; edi = eax004A116B . 8BC7 mov eax,edi004A116D . B9 A0860100 mov ecx,0x186A0 ; ecx = 0x186a0004A1172 . 99 cdq004A1173 . F7F9 idiv ecx ; edx:eax = eax / ecx004A1175 . 8BFA mov edi,edx ; - edi = edx004A1177 . 33C0 xor eax,eax ; eax = 0004A1179 . 8985 3CFFFFFF mov dword ptr ss:[ebp-0xC4],eax ; [ebp - 0xc4] = 0004A117F . 33D2 xor edx,edx ; edx =0004A1181 . 8D85 A4FEFFFF lea eax,dword ptr ss:[ebp-0x15C]004A1187 > 0FBE08 movsx ecx,byte ptr ds:[eax] ; 把那20个字符的前19个累加到 [ebp - 0xc4]004A118A . 018D 3CFFFFFF add dword ptr ss:[ebp-0xC4],ecx004A1190 . 42 inc edx004A1191 . 40 inc eax004A1192 . 83FA 13 cmp edx,0x13004A1195 .^ 7C F0 jl X屏录专家.004A1187004A1197 . 8B85 3CFFFFFF mov eax,dword ptr ss:[ebp-0xC4] ; eax = [ebp - 0xc4]004A119D . B9 0A000000 mov ecx,0xA ; ecx = 0xa004A11A2 . 99 cdq004A11A3 . F7F9 idiv ecx ; edx:eax = eax / ecx004A11A5 . 83C2 30 add edx,0x30 ; edx = edx + 0x30004A11A8 . 8995 3CFFFFFF mov dword ptr ss:[ebp-0xC4],edx ; [ebp - 0xc4] = edx004A11AE > 43 inc ebx ; }004A11AF . FF85 18FFFFFF inc dword ptr ss:[ebp-0xE8]004A11B5 . 46 inc esi ; ebx++004A11B6 . 83FB 05 cmp ebx,0x5 ; esi++004A11B9 .^ 0F8C 69FFFFFF jl 屏录专家.004A1128 ; }while(ebx < 5)004A11BF > 83FB 05 cmp ebx,0x5004A11C2 . 0F8C BE060000 jl 屏录专家.004A1886 ; 不能跳(跳转就失败)004A11C8 . 0FBE85 B7FEFF>movsx eax,byte ptr ss:[ebp-0x149] ; 看那20个字符的最后一个字符是不是等于[ebp - 0xc4]004A11CF . 3B85 3CFFFFFF cmp eax,dword ptr ss:[ebp-0xC4]004A11D5 . 74 09 je X屏录专家.004A11E0 ; 或者最后一个字符大于等于0x41004A11D7 . 83F8 41 cmp eax,0x41004A11DA . 0F8C A6060000 jl 屏录专家.004A1886 ; 不能跳(跳转就失败)004A11E0 > 8BC7 mov eax,edi ; eax = edi004A11E2 . B9 0A000000 mov ecx,0xA ; ecx = 0xa004A11E7 . 99 cdq004A11E8 . F7F9 idiv ecx ; edx = eax % ecx004A11EA . 0FBE841D A4FE>movsx eax,byte ptr ss:[ebp+ebx-0x15C] ; eax = 第6个字符004A11F2 . 83C0 BF add eax,-0x41 ; eax = eax - 0x41004A11F5 . 2BC2 sub eax,edx ; eax = eax - edx004A11F7 . 8985 40FFFFFF mov dword ptr ss:[ebp-0xC0],eax004A11FD . 83BD 40FFFFFF>cmp dword ptr ss:[ebp-0xC0],0x0 ; if(eax == 0 || eax == 9)004A1204 . 74 0D je X屏录专家.004A1213 ; 成功004A1206 . 83BD 40FFFFFF>cmp dword ptr ss:[ebp-0xC0],0x9 ; else004A120D . 0F85 EC050000 jnz 屏录专家.004A17FF ; 其跳转就失败004A1213 > 66:C785 5CFFF>mov word ptr ss:[ebp-0xA4],0x104004A121C . BA 5CCF6200 mov edx,屏录专家.0062CF5C004A1221 . 8D45 B4 lea eax,dword ptr ss:[ebp-0x4C]004A1224 . E8 9B411300 call 屏录专家.005D53C4004A1229 . FF85 68FFFFFF inc dword ptr ss:[ebp-0x98]004A122F . 8B00 mov eax,dword ptr ds:[eax]004A1231 . E8 3E4B0E00 call 屏录专家.00585D74 ; 成功