-
-
[求助]WININET SSL通信加密的奇怪问题
-
发表于: 2010-4-14 17:47 4429
-
xxx客户端软件
CInternetSession 建立
......
push 0
push 4
lea edx, dword ptr [esp+1C]
push edx
push 5
mov ecx, ebp
call <jmp.&mfc90u.#6415_CInternetSession::SetOption>
跟踪edx=000060EA
请问第2个参数传进去的是什么值,同加密有关吗?
得到连接
005C24C4 |. 6A 03 push 3
005C24C6 |. 8D96 245D0000 lea edx, dword ptr [esi+5D24]
005C24CC |. 8D4C24 20 lea ecx, dword ptr [esp+20]
005C24D0 |. 52 push edx
005C24D1 |. 8D4424 20 lea eax, dword ptr [esp+20]
005C24D5 |. 894C24 20 mov dword ptr [esp+20], ecx
005C24D9 |. E8 C2090000 call 005C2EA0
005C24DE |. 80BC24 340200>cmp byte ptr [esp+234], 0
005C24E6 |. 6A 00 push 0
005C24E8 |. C78424 300200>mov dword ptr [esp+230], 1
005C24F3 |. 6A 00 push 0
005C24F5 |. 74 1F je short 005C2516
005C24F7 |. 0FB786 346100>movzx eax, word ptr [esi+6134]
005C24FE |. 8B4C24 20 mov ecx, dword ptr [esp+20]
005C2502 |. 50 push eax
005C2503 |. 68 00008000 push 800000
005C2508 |. 51 push ecx
005C2509 |. 8B8E 28720000 mov ecx, dword ptr [esi+7228]
005C250F |. E8 121C0000 call <jmp.&mfc90u.#3072_CInternetSession::GetHttpConnection>
005C2514 |. EB 18 jmp short 005C252E
005C2516 |> 0FB796 346100>movzx edx, word ptr [esi+6134]
005C251D |. 8B4424 20 mov eax, dword ptr [esp+20]
005C2521 |. 8B8E 28720000 mov ecx, dword ptr [esi+7228]
005C2527 |. 52 push edx
005C2528 |. 50 push eax
005C2529 |. E8 F21B0000 call <jmp.&mfc90u.#3071_CInternetSession::GetHttpConnection>
005C25ED |. 80BC24 340200>cmp byte ptr [esp+234], 0
005C25F5 |. BF 02000000 mov edi, 2
005C25FA |. 89BC24 2C0200>mov dword ptr [esp+22C], edi
005C2601 |. 74 17 je short 005C261A
005C2603 |. 8B8C24 1C0100>mov ecx, dword ptr [esp+11C]
005C260A |. 68 0000E086 push 86E00000
005C260F |. 6A 00 push 0
005C2611 |. 6A 00 push 0
005C2613 |. 6A 01 push 1
005C2615 |. 6A 00 push 0
005C2617 |. 51 push ecx
005C2618 |. EB 15 jmp short 005C262F
005C261A |> 8B9424 1C0100>mov edx, dword ptr [esp+11C]
005C2621 |. 68 00006086 push 86600000
005C2626 |. 6A 00 push 0
005C2628 |. 6A 00 push 0
005C262A |. 6A 01 push 1
005C262C |. 6A 00 push 0
005C262E |. 52 push edx
005C262F |> 8B8E 2C720000 mov ecx, dword ptr [esi+722C]
005C2635 |. 6A 00 push 0
005C2637 |. E8 DE1A0000 call <jmp.&mfc90u.#5553_CHttpConnection::OpenRequest>
发送xml
005C2C00 $ 55 push ebp ; sendrequest entry
005C2C01 . 8DAC24 FCFBFFFF lea ebp, dword ptr [esp-404]
005C2C08 . 81EC 04040000 sub esp, 404
005C2C0E . 6A FF push -1
005C2C10 . 68 D9625C00 push 005C62D9
005C2C15 . 64:A1 00000000 mov eax, dword ptr fs:[0]
005C2C1B . 50 push eax
005C2C1C . 83EC 0C sub esp, 0C
005C2C1F . A1 9C705D00 mov eax, dword ptr [5D709C]
005C2C24 . 33C5 xor eax, ebp
005C2C26 . 8985 00040000 mov dword ptr [ebp+400], eax
005C2C2C . 53 push ebx
005C2C2D . 56 push esi
005C2C2E . 57 push edi
005C2C2F . 50 push eax
005C2C30 . 8D45 F4 lea eax, dword ptr [ebp-C]
005C2C33 . 64:A3 00000000 mov dword ptr fs:[0], eax
005C2C39 . 8965 F0 mov dword ptr [ebp-10], esp
005C2C3C . 8BF1 mov esi, ecx
005C2C3E . 33DB xor ebx, ebx
005C2C40 . 8975 EC mov dword ptr [ebp-14], esi
005C2C43 . 399E 30720000 cmp dword ptr [esi+7230], ebx
005C2C49 . 75 10 jnz short 005C2C5B
005C2C4B > B8 1D000000 mov eax, 1D
005C2C50 . 8986 68610000 mov dword ptr [esi+6168], eax
005C2C56 . E9 1E010000 jmp 005C2D79
005C2C5B > 895D E8 mov dword ptr [ebp-18], ebx
005C2C5E > C745 FC 00000000 mov dword ptr [ebp-4], 0
005C2C65 . 8B86 A8300000 mov eax, dword ptr [esi+30A8]
005C2C6B . 8B8E BC300000 mov ecx, dword ptr [esi+30BC]
005C2C71 . 50 push eax
005C2C72 . 51 push ecx
005C2C73 . 8B8E 30720000 mov ecx, dword ptr [esi+7230]
005C2C79 . 6A 00 push 0
005C2C7B . 6A 00 push 0
005C2C7D . E8 C2140000 call <jmp.&mfc90u.#6115_CHttpFile::SendReques>
005C2C82 . 85C0 test eax, eax
005C2C84 .^ 74 C5 je short 005C2C4B
005C2C86 . 43 inc ebx
005C2C87 . 83FB 02 cmp ebx, 2
005C2C8A . C745 FC FFFFFFFF mov dword ptr [ebp-4], -1
005C2C91 .^ 7F B8 jg short 005C2C4B
005C2C93 . 8B8E 30720000 mov ecx, dword ptr [esi+7230]
005C2C99 . 8D55 E8 lea edx, dword ptr [ebp-18]
005C2C9C . 52 push edx
005C2C9D . E8 96140000 call <jmp.&mfc90u.#5737_CHttpFile::QueryInfoStausCode>
005C2CA2 . 8B45 E8 mov eax, dword ptr [ebp-18]
005C2CA5 . 8BBE 30720000 mov edi, dword ptr [esi+7230]
005C2CAB . 50 push eax
005C2CAC . E8 9F00FBFF call 00572D50
005C2CB1 . 83C4 04 add esp, 4
005C2CB4 . 84C0 test al, al
005C2CB6 .^ 75 A6 jnz short 005C2C5E
005C2CB8 . 83BE 30720000 00 cmp dword ptr [esi+7230], 0
005C2CBF . BF 1D000000 mov edi, 1D
005C2CC4 . 74 7F je short 005C2D45
005C2CC6 . 8D4D EC lea ecx, dword ptr [ebp-14]
005C2CC9 . FF15 40735C00 call dword ptr [<&mfc90u.#296_ATL::CStringT<w>; mfc90u.78A5A472
005C2CCF . C745 FC 02000000 mov dword ptr [ebp-4], 2
005C2CD6 . 8B45 E8 mov eax, dword ptr [ebp-18]
005C2CD9 . 3D C8000000 cmp eax, 0C8
005C2CDE . 74 74 je short 005C2D54
005C2CE0 . 3D 2C010000 cmp eax, 12C
005C2CE5 . 76 4E jbe short 005C2D35
005C2CE7 . 3D 2F010000 cmp eax, 12F
005C2CEC . 77 47 ja short 005C2D35
005C2CEE . 6A 00 push 0
005C2CF0 . 8D4D EC lea ecx, dword ptr [ebp-14]
005C2CF3 . 51 push ecx
005C2CF4 . 8B8E 30720000 mov ecx, dword ptr [esi+7230]
005C2CFA . 6A 21 push 21
005C2CFC . E8 3D140000 call <jmp.&mfc90u.#5734_CHttpFile::QueryInfo>
005C2D01 . 8B45 EC mov eax, dword ptr [ebp-14]
005C2D04 . 8378 F4 00 cmp dword ptr [eax-C], 0
005C2D08 . 74 2B je short 005C2D35
005C2D0A . 6A 00 push 0 ; /pDefaultCharUsed = NULL
005C2D0C . 6A 00 push 0 ; |pDefaultChar = NULL
005C2D0E . 68 00040000 push 400 ; |MultiByteCount = 400 (1024.)
005C2D13 . 8D55 00 lea edx, dword ptr [ebp] ; |
005C2D16 . 52 push edx ; |MultiByteStr
005C2D17 . 6A FF push -1 ; |WideCharCount = FFFFFFFF (-1.)
005C2D19 . 50 push eax ; |WideCharStr
005C2D1A . 6A 00 push 0 ; |Options = 0
005C2D1C . 6A 00 push 0 ; |CodePage = CP_ACP
005C2D1E . FF15 48705C00 call dword ptr [<&KERNEL32.WideCharToMultiByt>; \WideCharToMultiByte
005C2D24 . 56 push esi
005C2D25 . 8D45 00 lea eax, dword ptr [ebp]
005C2D28 . E8 E3D3FFFF call 005C0110
005C2D2D . 83C4 04 add esp, 4
005C2D30 . BF FEFFFFFF mov edi, -2
005C2D35 > 8D4D EC lea ecx, dword ptr [ebp-14]
005C2D38 . C745 FC FFFFFFFF mov dword ptr [ebp-4], -1
005C2D3F . FF15 D8725C00 call dword ptr [<&mfc90u.#600_ATL::CStringT<w>; mfc90u.78A56C19
005C2D45 > E8 C6F2FFFF call 005C2010
005C2D4A . 89BE 68610000 mov dword ptr [esi+6168], edi
005C2D50 . 8BC7 mov eax, edi
005C2D52 . EB 25 jmp short 005C2D79
005C2D54 > 8D4D EC lea ecx, dword ptr [ebp-14]
005C2D57 . FF15 D8725C00 call dword ptr [<&mfc90u.#600_ATL::CStringT<w>; mfc90u.78A56C19
005C2D5D . 33C0 xor eax, eax
005C2D5F . EB 18 jmp short 005C2D79
005C2D61 . 8B45 EC mov eax, dword ptr [ebp-14]
005C2D64 . C780 68610000 1D0>mov dword ptr [eax+6168], 1D
005C2D6E . B8 742D5C00 mov eax, 005C2D74
005C2D73 . C3 retn
005C2D74 . B8 1D000000 mov eax, 1D
005C2D79 > 8B4D F4 mov ecx, dword ptr [ebp-C]
005C2D7C . 64:890D 00000000 mov dword ptr fs:[0], ecx
005C2D83 . 59 pop ecx
005C2D84 . 5F pop edi
005C2D85 . 5E pop esi
005C2D86 . 5B pop ebx
005C2D87 . 8B8D 00040000 mov ecx, dword ptr [ebp+400]
005C2D8D . 33CD xor ecx, ebp
005C2D8F . E8 AE160000 call 005C4442
005C2D94 . 81C5 04040000 add ebp, 404
005C2D9A . 8BE5 mov esp, ebp
005C2D9C . 5D pop ebp
005C2D9D . C3 retn
将跟踪出来的xml发服务器
....
<user>111</user><pwd>aaa</pwd>
...
系统返回正确xml格式base64加密过sessionid
.....
<sessionid>axadsfsdf==<sessionid>
.....
用这个sessionid call其它功能显示会话无效.
这个xxx客户端软件除了ssl加密还有别加密吗?
CInternetSession 建立
......
push 0
push 4
lea edx, dword ptr [esp+1C]
push edx
push 5
mov ecx, ebp
call <jmp.&mfc90u.#6415_CInternetSession::SetOption>
跟踪edx=000060EA
请问第2个参数传进去的是什么值,同加密有关吗?
得到连接
005C24C4 |. 6A 03 push 3
005C24C6 |. 8D96 245D0000 lea edx, dword ptr [esi+5D24]
005C24CC |. 8D4C24 20 lea ecx, dword ptr [esp+20]
005C24D0 |. 52 push edx
005C24D1 |. 8D4424 20 lea eax, dword ptr [esp+20]
005C24D5 |. 894C24 20 mov dword ptr [esp+20], ecx
005C24D9 |. E8 C2090000 call 005C2EA0
005C24DE |. 80BC24 340200>cmp byte ptr [esp+234], 0
005C24E6 |. 6A 00 push 0
005C24E8 |. C78424 300200>mov dword ptr [esp+230], 1
005C24F3 |. 6A 00 push 0
005C24F5 |. 74 1F je short 005C2516
005C24F7 |. 0FB786 346100>movzx eax, word ptr [esi+6134]
005C24FE |. 8B4C24 20 mov ecx, dword ptr [esp+20]
005C2502 |. 50 push eax
005C2503 |. 68 00008000 push 800000
005C2508 |. 51 push ecx
005C2509 |. 8B8E 28720000 mov ecx, dword ptr [esi+7228]
005C250F |. E8 121C0000 call <jmp.&mfc90u.#3072_CInternetSession::GetHttpConnection>
005C2514 |. EB 18 jmp short 005C252E
005C2516 |> 0FB796 346100>movzx edx, word ptr [esi+6134]
005C251D |. 8B4424 20 mov eax, dword ptr [esp+20]
005C2521 |. 8B8E 28720000 mov ecx, dword ptr [esi+7228]
005C2527 |. 52 push edx
005C2528 |. 50 push eax
005C2529 |. E8 F21B0000 call <jmp.&mfc90u.#3071_CInternetSession::GetHttpConnection>
005C25ED |. 80BC24 340200>cmp byte ptr [esp+234], 0
005C25F5 |. BF 02000000 mov edi, 2
005C25FA |. 89BC24 2C0200>mov dword ptr [esp+22C], edi
005C2601 |. 74 17 je short 005C261A
005C2603 |. 8B8C24 1C0100>mov ecx, dword ptr [esp+11C]
005C260A |. 68 0000E086 push 86E00000
005C260F |. 6A 00 push 0
005C2611 |. 6A 00 push 0
005C2613 |. 6A 01 push 1
005C2615 |. 6A 00 push 0
005C2617 |. 51 push ecx
005C2618 |. EB 15 jmp short 005C262F
005C261A |> 8B9424 1C0100>mov edx, dword ptr [esp+11C]
005C2621 |. 68 00006086 push 86600000
005C2626 |. 6A 00 push 0
005C2628 |. 6A 00 push 0
005C262A |. 6A 01 push 1
005C262C |. 6A 00 push 0
005C262E |. 52 push edx
005C262F |> 8B8E 2C720000 mov ecx, dword ptr [esi+722C]
005C2635 |. 6A 00 push 0
005C2637 |. E8 DE1A0000 call <jmp.&mfc90u.#5553_CHttpConnection::OpenRequest>
发送xml
005C2C00 $ 55 push ebp ; sendrequest entry
005C2C01 . 8DAC24 FCFBFFFF lea ebp, dword ptr [esp-404]
005C2C08 . 81EC 04040000 sub esp, 404
005C2C0E . 6A FF push -1
005C2C10 . 68 D9625C00 push 005C62D9
005C2C15 . 64:A1 00000000 mov eax, dword ptr fs:[0]
005C2C1B . 50 push eax
005C2C1C . 83EC 0C sub esp, 0C
005C2C1F . A1 9C705D00 mov eax, dword ptr [5D709C]
005C2C24 . 33C5 xor eax, ebp
005C2C26 . 8985 00040000 mov dword ptr [ebp+400], eax
005C2C2C . 53 push ebx
005C2C2D . 56 push esi
005C2C2E . 57 push edi
005C2C2F . 50 push eax
005C2C30 . 8D45 F4 lea eax, dword ptr [ebp-C]
005C2C33 . 64:A3 00000000 mov dword ptr fs:[0], eax
005C2C39 . 8965 F0 mov dword ptr [ebp-10], esp
005C2C3C . 8BF1 mov esi, ecx
005C2C3E . 33DB xor ebx, ebx
005C2C40 . 8975 EC mov dword ptr [ebp-14], esi
005C2C43 . 399E 30720000 cmp dword ptr [esi+7230], ebx
005C2C49 . 75 10 jnz short 005C2C5B
005C2C4B > B8 1D000000 mov eax, 1D
005C2C50 . 8986 68610000 mov dword ptr [esi+6168], eax
005C2C56 . E9 1E010000 jmp 005C2D79
005C2C5B > 895D E8 mov dword ptr [ebp-18], ebx
005C2C5E > C745 FC 00000000 mov dword ptr [ebp-4], 0
005C2C65 . 8B86 A8300000 mov eax, dword ptr [esi+30A8]
005C2C6B . 8B8E BC300000 mov ecx, dword ptr [esi+30BC]
005C2C71 . 50 push eax
005C2C72 . 51 push ecx
005C2C73 . 8B8E 30720000 mov ecx, dword ptr [esi+7230]
005C2C79 . 6A 00 push 0
005C2C7B . 6A 00 push 0
005C2C7D . E8 C2140000 call <jmp.&mfc90u.#6115_CHttpFile::SendReques>
005C2C82 . 85C0 test eax, eax
005C2C84 .^ 74 C5 je short 005C2C4B
005C2C86 . 43 inc ebx
005C2C87 . 83FB 02 cmp ebx, 2
005C2C8A . C745 FC FFFFFFFF mov dword ptr [ebp-4], -1
005C2C91 .^ 7F B8 jg short 005C2C4B
005C2C93 . 8B8E 30720000 mov ecx, dword ptr [esi+7230]
005C2C99 . 8D55 E8 lea edx, dword ptr [ebp-18]
005C2C9C . 52 push edx
005C2C9D . E8 96140000 call <jmp.&mfc90u.#5737_CHttpFile::QueryInfoStausCode>
005C2CA2 . 8B45 E8 mov eax, dword ptr [ebp-18]
005C2CA5 . 8BBE 30720000 mov edi, dword ptr [esi+7230]
005C2CAB . 50 push eax
005C2CAC . E8 9F00FBFF call 00572D50
005C2CB1 . 83C4 04 add esp, 4
005C2CB4 . 84C0 test al, al
005C2CB6 .^ 75 A6 jnz short 005C2C5E
005C2CB8 . 83BE 30720000 00 cmp dword ptr [esi+7230], 0
005C2CBF . BF 1D000000 mov edi, 1D
005C2CC4 . 74 7F je short 005C2D45
005C2CC6 . 8D4D EC lea ecx, dword ptr [ebp-14]
005C2CC9 . FF15 40735C00 call dword ptr [<&mfc90u.#296_ATL::CStringT<w>; mfc90u.78A5A472
005C2CCF . C745 FC 02000000 mov dword ptr [ebp-4], 2
005C2CD6 . 8B45 E8 mov eax, dword ptr [ebp-18]
005C2CD9 . 3D C8000000 cmp eax, 0C8
005C2CDE . 74 74 je short 005C2D54
005C2CE0 . 3D 2C010000 cmp eax, 12C
005C2CE5 . 76 4E jbe short 005C2D35
005C2CE7 . 3D 2F010000 cmp eax, 12F
005C2CEC . 77 47 ja short 005C2D35
005C2CEE . 6A 00 push 0
005C2CF0 . 8D4D EC lea ecx, dword ptr [ebp-14]
005C2CF3 . 51 push ecx
005C2CF4 . 8B8E 30720000 mov ecx, dword ptr [esi+7230]
005C2CFA . 6A 21 push 21
005C2CFC . E8 3D140000 call <jmp.&mfc90u.#5734_CHttpFile::QueryInfo>
005C2D01 . 8B45 EC mov eax, dword ptr [ebp-14]
005C2D04 . 8378 F4 00 cmp dword ptr [eax-C], 0
005C2D08 . 74 2B je short 005C2D35
005C2D0A . 6A 00 push 0 ; /pDefaultCharUsed = NULL
005C2D0C . 6A 00 push 0 ; |pDefaultChar = NULL
005C2D0E . 68 00040000 push 400 ; |MultiByteCount = 400 (1024.)
005C2D13 . 8D55 00 lea edx, dword ptr [ebp] ; |
005C2D16 . 52 push edx ; |MultiByteStr
005C2D17 . 6A FF push -1 ; |WideCharCount = FFFFFFFF (-1.)
005C2D19 . 50 push eax ; |WideCharStr
005C2D1A . 6A 00 push 0 ; |Options = 0
005C2D1C . 6A 00 push 0 ; |CodePage = CP_ACP
005C2D1E . FF15 48705C00 call dword ptr [<&KERNEL32.WideCharToMultiByt>; \WideCharToMultiByte
005C2D24 . 56 push esi
005C2D25 . 8D45 00 lea eax, dword ptr [ebp]
005C2D28 . E8 E3D3FFFF call 005C0110
005C2D2D . 83C4 04 add esp, 4
005C2D30 . BF FEFFFFFF mov edi, -2
005C2D35 > 8D4D EC lea ecx, dword ptr [ebp-14]
005C2D38 . C745 FC FFFFFFFF mov dword ptr [ebp-4], -1
005C2D3F . FF15 D8725C00 call dword ptr [<&mfc90u.#600_ATL::CStringT<w>; mfc90u.78A56C19
005C2D45 > E8 C6F2FFFF call 005C2010
005C2D4A . 89BE 68610000 mov dword ptr [esi+6168], edi
005C2D50 . 8BC7 mov eax, edi
005C2D52 . EB 25 jmp short 005C2D79
005C2D54 > 8D4D EC lea ecx, dword ptr [ebp-14]
005C2D57 . FF15 D8725C00 call dword ptr [<&mfc90u.#600_ATL::CStringT<w>; mfc90u.78A56C19
005C2D5D . 33C0 xor eax, eax
005C2D5F . EB 18 jmp short 005C2D79
005C2D61 . 8B45 EC mov eax, dword ptr [ebp-14]
005C2D64 . C780 68610000 1D0>mov dword ptr [eax+6168], 1D
005C2D6E . B8 742D5C00 mov eax, 005C2D74
005C2D73 . C3 retn
005C2D74 . B8 1D000000 mov eax, 1D
005C2D79 > 8B4D F4 mov ecx, dword ptr [ebp-C]
005C2D7C . 64:890D 00000000 mov dword ptr fs:[0], ecx
005C2D83 . 59 pop ecx
005C2D84 . 5F pop edi
005C2D85 . 5E pop esi
005C2D86 . 5B pop ebx
005C2D87 . 8B8D 00040000 mov ecx, dword ptr [ebp+400]
005C2D8D . 33CD xor ecx, ebp
005C2D8F . E8 AE160000 call 005C4442
005C2D94 . 81C5 04040000 add ebp, 404
005C2D9A . 8BE5 mov esp, ebp
005C2D9C . 5D pop ebp
005C2D9D . C3 retn
将跟踪出来的xml发服务器
....
<user>111</user><pwd>aaa</pwd>
...
系统返回正确xml格式base64加密过sessionid
.....
<sessionid>axadsfsdf==<sessionid>
.....
用这个sessionid call其它功能显示会话无效.
这个xxx客户端软件除了ssl加密还有别加密吗?
赞赏
看原图
赞赏
雪币:
留言: