【破文标题】Magic Photo Editor 4.9 算法分析
【破文作者】tianxj
【作者邮箱】[email]tianxj_2007@126.com[/email]
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD
【破解平台】雨林木风Windows XP sp3
【软件名称】Magic Photo Editor 4.9
【软件大小】3167KB
【软件类别】国外软件/图像处理
【软件授权】共享版
【软件语言】英文
【运行环境】Win9x/Me/NT/2000/XP/2003
【更新时间】2009-1-12
【原版下载】华军软件园
【保护方式】注册码
【软件简介】一个图片编辑工具。可以轻松地将一张图片中的某些部份合成到另一张图片中,成为一张有特殊效果的图片。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、运行程序,进行注册,输入错误的注册信息进行检测,有提示信息
**************************************************************
二、用PEiD对MagicPhoto.exe查壳,为 Borland Delphi 6.0 - 7.0
**************************************************************
三、运行OD,打开MagicPhoto.exe,右键—超级字串参考—查找ASCII.
==============================================================
004831B4 /. 55 PUSH EBP
004831B5 |. 8BEC MOV EBP,ESP
004831B7 |. B9 05000000 MOV ECX,5
004831BC |> 6A 00 /PUSH 0
004831BE |. 6A 00 |PUSH 0
004831C0 |. 49 |DEC ECX
004831C1 |.^ 75 F9 \JNZ SHORT MagicPho.004831BC
004831C3 |. 51 PUSH ECX
004831C4 |. 53 PUSH EBX
004831C5 |. 56 PUSH ESI
004831C6 |. 8BD8 MOV EBX,EAX
004831C8 |. 33C0 XOR EAX,EAX
004831CA |. 55 PUSH EBP
004831CB |. 68 72334800 PUSH MagicPho.00483372
004831D0 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004831D3 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004831D6 |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
004831DC |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004831DE |. FF52 50 CALL DWORD PTR DS:[EDX+50]
004831E1 |. 3C 01 CMP AL,1
004831E3 |. 0F85 18010000 JNZ MagicPho.00483301
004831E9 |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
004831EC |. 8BB3 00030000 MOV ESI,DWORD PTR DS:[EBX+300]
004831F2 |. 8BC6 MOV EAX,ESI
004831F4 |. E8 8F39FBFF CALL MagicPho.00436B88
004831F9 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; //假码
004831FC |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
004831FF |. E8 EC54F8FF CALL MagicPho.004086F0
00483204 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; //假码
00483207 |. 8BC6 MOV EAX,ESI
00483209 |. E8 AA39FBFF CALL MagicPho.00436BB8
0048320E |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
00483211 |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
00483217 |. E8 6C39FBFF CALL MagicPho.00436B88
0048321C |. 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
00483220 |. 0F84 CF000000 JE MagicPho.004832F5 ; //假码为空则跳
00483226 |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
00483229 |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
0048322F |. E8 5439FBFF CALL MagicPho.00436B88
00483234 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; //假码
00483237 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
0048323A |. E8 6152F8FF CALL MagicPho.004084A0
0048323F |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; //假码
00483242 |. E8 4DA4FFFF CALL MagicPho.0047D694 ; //关键CALL
00483247 |. 84C0 TEST AL,AL
00483249 |. 0F84 9A000000 JE MagicPho.004832E9
0048324F |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
00483252 |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
00483258 |. E8 2B39FBFF CALL MagicPho.00436B88
0048325D |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; //假码
00483260 |. E8 E713F8FF CALL MagicPho.0040464C ; //取假码长度
00483265 |. 83F8 0B CMP EAX,0B
00483268 |. 75 7F JNZ SHORT MagicPho.004832E9 ; //假码长度不等于11则跳
0048326A |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
0048326D |. 50 PUSH EAX
0048326E |. 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
00483271 |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
00483277 |. E8 0C39FBFF CALL MagicPho.00436B88
0048327C |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
0048327F |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
00483282 |. E8 1952F8FF CALL MagicPho.004084A0
00483287 |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; //假码
0048328A |. B9 01000000 MOV ECX,1
0048328F |. BA 0B000000 MOV EDX,0B
00483294 |. E8 0B16F8FF CALL MagicPho.004048A4 ; //取假码第11位
00483299 |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C] ; //假码第11位
0048329C |. BA 88334800 MOV EDX,MagicPho.00483388 ; U
004832A1 |. E8 EA14F8FF CALL MagicPho.00404790
004832A6 |. 75 41 JNZ SHORT MagicPho.004832E9 ; //假码第11位不为"U"则跳
004832A8 |. 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
004832AB |. 8B83 00030000 MOV EAX,DWORD PTR DS:[EBX+300]
004832B1 |. E8 D238FBFF CALL MagicPho.00436B88
004832B6 |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
004832B9 |. 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
004832BC |. E8 DF51F8FF CALL MagicPho.004084A0
004832C1 |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
004832C4 |. B8 94334800 MOV EAX,MagicPho.00483394 ; magic.bin
004832C9 |. E8 FEA4FFFF CALL MagicPho.0047D7CC
004832CE |. A1 149B4800 MOV EAX,DWORD PTR DS:[489B14]
004832D3 |. BA A8334800 MOV EDX,MagicPho.004833A8 ; Y
004832D8 |. E8 0B11F8FF CALL MagicPho.004043E8
004832DD |. B8 B4334800 MOV EAX,MagicPho.004833B4 ; Successfully Registered!
004832E2 |. E8 35D4FAFF CALL MagicPho.0043071C
004832E7 |. EB 22 JMP SHORT MagicPho.0048330B
004832E9 |> B8 D8334800 MOV EAX,MagicPho.004833D8 ; Invalid SerialNumber!
004832EE |. E8 29D4FAFF CALL MagicPho.0043071C
004832F3 |. EB 16 JMP SHORT MagicPho.0048330B
004832F5 |> B8 D8334800 MOV EAX,MagicPho.004833D8 ; Invalid SerialNumber!
004832FA |. E8 1DD4FAFF CALL MagicPho.0043071C
004832FF |. EB 0A JMP SHORT MagicPho.0048330B
00483301 |> B8 F8334800 MOV EAX,MagicPho.004833F8 ; Already Registered!
00483306 |. E8 11D4FAFF CALL MagicPho.0043071C
0048330B |> A1 5CAD4800 MOV EAX,DWORD PTR DS:[48AD5C]
00483310 |. E8 D708FDFF CALL MagicPho.00453BEC
00483315 |. 33C0 XOR EAX,EAX
00483317 |. 5A POP EDX
00483318 |. 59 POP ECX
00483319 |. 59 POP ECX
0048331A |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0048331D |. 68 79334800 PUSH MagicPho.00483379
00483322 |> 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
00483325 |. E8 6A10F8FF CALL MagicPho.00404394
0048332A |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
0048332D |. E8 6210F8FF CALL MagicPho.00404394
00483332 |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
00483335 |. E8 5A10F8FF CALL MagicPho.00404394
0048333A |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
0048333D |. BA 02000000 MOV EDX,2
00483342 |. E8 7110F8FF CALL MagicPho.004043B8
00483347 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
0048334A |. BA 02000000 MOV EDX,2
0048334F |. E8 6410F8FF CALL MagicPho.004043B8
00483354 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
00483357 |. E8 3810F8FF CALL MagicPho.00404394
0048335C |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
0048335F |. BA 02000000 MOV EDX,2
00483364 |. E8 4F10F8FF CALL MagicPho.004043B8
00483369 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0048336C |. E8 2310F8FF CALL MagicPho.00404394
00483371 \. C3 RETN
00483372 .^ E9 450AF8FF JMP MagicPho.00403DBC
00483377 .^ EB A9 JMP SHORT MagicPho.00483322
00483379 . 5E POP ESI
0048337A . 5B POP EBX
0048337B . 8BE5 MOV ESP,EBP
0048337D . 5D POP EBP
0048337E . C3 RETN
0047D694 /$ 55 PUSH EBP
0047D695 |. 8BEC MOV EBP,ESP
0047D697 |. B9 04000000 MOV ECX,4
0047D69C |> 6A 00 /PUSH 0
0047D69E |. 6A 00 |PUSH 0
0047D6A0 |. 49 |DEC ECX
0047D6A1 |.^ 75 F9 \JNZ SHORT MagicPho.0047D69C
0047D6A3 |. 51 PUSH ECX
0047D6A4 |. 53 PUSH EBX
0047D6A5 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0047D6A8 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //假码
0047D6AB |. E8 8471F8FF CALL MagicPho.00404834
0047D6B0 |. 33C0 XOR EAX,EAX
0047D6B2 |. 55 PUSH EBP
0047D6B3 |. 68 BDD74700 PUSH MagicPho.0047D7BD
0047D6B8 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0047D6BB |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0047D6BE |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0047D6C1 |. E8 B2FDFFFF CALL MagicPho.0047D478
0047D6C6 |. 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
0047D6C9 |. 33D2 XOR EDX,EDX
0047D6CB |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; //用户名
0047D6CE |. E8 1DFBFFFF CALL MagicPho.0047D1F0 ; //将用户名重新排序
0047D6D3 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; //重新排序后的用户名
0047D6D6 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0047D6D9 |. E8 4E6DF8FF CALL MagicPho.0040442C
0047D6DE |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0047D6E1 |. 50 PUSH EAX
0047D6E2 |. B9 0A000000 MOV ECX,0A
0047D6E7 |. BA 01000000 MOV EDX,1
0047D6EC |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //假码
0047D6EF |. E8 B071F8FF CALL MagicPho.004048A4 ; //取假码第1-10位
0047D6F4 |. 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
0047D6F7 |. 66:BA 0001 MOV DX,100 ; //DX=100
0047D6FB |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //假码第1-10位
0047D6FE |. E8 1DFFFFFF CALL MagicPho.0047D620 ; //将假码变形
0047D703 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] ; //变形后的假码
0047D706 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0047D709 |. E8 1E6DF8FF CALL MagicPho.0040442C
0047D70E |. 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
0047D711 |. 33D2 XOR EDX,EDX
0047D713 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //变形后的假码
0047D716 |. E8 D5FAFFFF CALL MagicPho.0047D1F0 ; //将变形后的假码重新排序
0047D71B |. 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C] ; //重新排序后的假码
0047D71E |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0047D721 |. E8 066DF8FF CALL MagicPho.0040442C
0047D726 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
0047D729 |. 50 PUSH EAX
0047D72A |. B9 04000000 MOV ECX,4
0047D72F |. BA 0A000000 MOV EDX,0A
0047D734 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //重新排序后的假码
0047D737 |. E8 6871F8FF CALL MagicPho.004048A4 ; //取重新排序后的假码第10-13位
0047D73C |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0047D73F |. 50 PUSH EAX
0047D740 |. B9 06000000 MOV ECX,6
0047D745 |. BA 05000000 MOV EDX,5
0047D74A |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; //重新排序后的假码
0047D74D |. E8 5271F8FF CALL MagicPho.004048A4 ; //取重新排序后的假码第5-10位
0047D752 |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
0047D755 |. 50 PUSH EAX
0047D756 |. B9 04000000 MOV ECX,4
0047D75B |. BA 01000000 MOV EDX,1
0047D760 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; //用户名
0047D763 |. E8 3C71F8FF CALL MagicPho.004048A4 ; //取用户名第1-4位
0047D768 |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; //用户名第1-4位
0047D76B |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; //重新排序后的假码第10-13位
0047D76E |. E8 1572F8FF CALL MagicPho.00404988
0047D773 |. 85C0 TEST EAX,EAX
0047D775 |. 7F 25 JG SHORT MagicPho.0047D79C
0047D777 |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
0047D77A |. 50 PUSH EAX
0047D77B |. B9 06000000 MOV ECX,6
0047D780 |. BA 05000000 MOV EDX,5
0047D785 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; //用户名
0047D788 |. E8 1771F8FF CALL MagicPho.004048A4 ; //取用户名第5-10位
0047D78D |. 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24] ; //用户名第5-10位
0047D790 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; //重新排序后的假码第5-10位
0047D793 |. E8 F071F8FF CALL MagicPho.00404988 ; //关键比较
0047D798 |. 85C0 TEST EAX,EAX
0047D79A |. 7E 04 JLE SHORT MagicPho.0047D7A0 ; //关键跳转
0047D79C |> B3 01 MOV BL,1
0047D79E |. EB 02 JMP SHORT MagicPho.0047D7A2
0047D7A0 |> 33DB XOR EBX,EBX
0047D7A2 |> 33C0 XOR EAX,EAX
0047D7A4 |. 5A POP EDX
0047D7A5 |. 59 POP ECX
0047D7A6 |. 59 POP ECX
0047D7A7 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0047D7AA |. 68 C4D74700 PUSH MagicPho.0047D7C4
0047D7AF |> 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
0047D7B2 |. BA 09000000 MOV EDX,9
0047D7B7 |. E8 FC6BF8FF CALL MagicPho.004043B8
0047D7BC \. C3 RETN
0047D7BD .^ E9 FA65F8FF JMP MagicPho.00403DBC
0047D7C2 .^ EB EB JMP SHORT MagicPho.0047D7AF
0047D7C4 . 8BC3 MOV EAX,EBX
0047D7C6 . 5B POP EBX
0047D7C7 . 8BE5 MOV ESP,EBP
0047D7C9 . 5D POP EBP
0047D7CA . C3 RETN
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
