Morpher for Windows version 2.0 的中文修改版

简介:
   你看过电影的『变脸』吗？这是一个蛮好玩的图形处理软件，可让你将一张图形
中的脸，变形转换成另一张图形中的脸；或是将一张图形中的脸部给它扭曲。例如你
可以透过 Morpher 的变形处理技术，将一张「男」的图片变成一张「女」的图片，
或者将猫与狗的图片结合而成一张图片。蛮好玩的！

软件保护介绍:
   用户名与注册码无关,软件没有加壳,但是进行了字符保护,无法用静态反汇编查找到有用
的提示信息,所以要从动态跟踪入手!

:00409950 E866610100              call 0041FABB
:00409955 C645FC02                mov [ebp-04], 02
:00409959 8D4DE8                  lea ecx, dword ptr [ebp-18]
:0040995C E85A610100              call 0041FABB
:00409961 C645FC03                mov [ebp-04], 03
:00409965 8D4D80                  lea ecx, dword ptr [ebp-80]
:00409968 E8C51D0100              call 0041B732
:0040996D 83F801                  cmp eax, 00000001
:00409970 7577                    jne 004099E9
:00409972 8D45E0                  lea eax, dword ptr [ebp-20]
:00409975 8D4DEC                  lea ecx, dword ptr [ebp-14]
:00409978 50                      push eax
:00409979 E895630100              call 0041FD13
:0040997E 8D45DC                  lea eax, dword ptr [ebp-24]
:00409981 8D4DE8                  lea ecx, dword ptr [ebp-18]
:00409984 50                      push eax
:00409985 E889630100              call 0041FD13
:0040998A 8B7DF0                  mov edi, dword ptr [ebp-10]
:0040998D 6A0A                    push 0000000A
:0040998F 56                      push esi
:00409990 FF75EC                  push [ebp-14]
:00409993 E868390000              call 0040D300--------------->将输入的SN变成十六进制
:00409998 83C40C                  add esp, 0000000C
:0040999B 8987E0000000            mov dword ptr [edi+000000E0], eax
:004099A1 50                      push eax
:004099A2 E830040000              call 00409DD7--------------->算法关键CALL
:004099A7 83C404                  add esp, 00000004
:004099AA 85C0                    test eax, eax--------------->比较EAX是否为0
:004099AC 7579                    jne 00409A27---------------->不为0则跳,跳就成功了
:004099AE 8D4DF0                  lea ecx, dword ptr [ebp-10]
:004099B1 E805610100              call 0041FABB

* Possible Reference to String Resource ID=61218: "鑼

cn."
                                 |
:004099B6 6822EF0000              push 0000EF22
:004099BB 8D4DF0                  lea ecx, dword ptr [ebp-10]
:004099BE C645FC04                mov [ebp-04], 04
:004099C2 E8F07D0100              call 004217B7
:004099C7 6A10                    push 00000010

* Reference To: USER32.MessageBeep, Ord:0196h
                                 |
:004099C9 FF15743D4500            Call dword ptr [00453D74]----------->发出BEEP声音
:004099CF 6A10                    push 00000010

* Possible StringData Ref from Data Obj ->"Error"---------------->错误提示
                                 |
:004099D1 68CCB54400              push 0044B5CC
:004099D6 FF75F0                  push [ebp-10]

=======================================================================================
:00409DD7 8B4C2404                mov ecx, dword ptr [esp+04]---->ECX=输入SN的十六进制
:00409DDB 56                      push esi
:00409DDC BE971F0000              mov esi, 00001F97-------------->ESI=&H1F97
:00409DE1 8BC1                    mov eax, ecx------------------->EAX=ECX
:00409DE3 2BD2                    sub edx, edx------------------->EDX=0
:00409DE5 F7F6                    div esi------------------------>EAX=EAX/ESI----|这两句说明注册码
:00409DE7 0FAFC6                  imul eax, esi------------------>EAX=EAX*ESI----|要能被&H1F97整除
:00409DEA 3BC1                    cmp eax, ecx------------------->比较EAX和ECX
:00409DEC 750D                    jne 00409DFB------------------->不等则跳
:00409DEE B801000000              mov eax, 00000001
:00409DF3 81F9A03B0100            cmp ecx, 00013BA0
:00409DF9 7702                    ja 00409DFD

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409DEC(C)
|
:00409DFB 33C0                    xor eax, eax

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409DF9(C)
|
:00409DFD 5E                      pop esi
:00409DFE C3                      ret

原版:
http://www.asahi-net.or.jp/~FX6M-FJMY/mop05e.html