【破解作者】 blue_devil_bomb[BCG]
【作者邮箱】 [email]ninesunnine@sina.com[/email]
【使用工具】 peid OllyDbg1.09 vc6.0 regsnap
【破解平台】 Win2000
【软件名称】 聪明宝宝健康成长指南(又一个MD5算法的运用)
【下载地址】 忘了
【软件简介】 聪明宝宝健康成长指南
【软件大小】 446kb
【加壳方式】 ASPack 2.12 -> Alexey Solodovnikov
【破解声明】 不为破解而破解,只为学习而破解
--------------------------------------------------------------------------------
【破解内容】
首先用peid检测为ASPack 2.12 -> Alexey Solodovnikov加的壳, 用stripper.exe v2.03脱壳,很幸运一切OK!
脱壳前446kb脱壳后为1.24Mb
OD打开脱壳后的程序并运行,由于该软件在输入的注册名与注册码的计算不正解时,没有任何提示,只有在注册成功时才有提示,
搜索断点GetWindowtexta(w) 等没有,我们在OD下点右键,搜索字符参考,查找Name和RegCode找到后下断点!运行,程序中断于如下:
004CC712 |. BA 48C84C00 MOV EDX,_BB.004CC848 ; ASCII "\\Software\\WinBB\\"
004CC717 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004CC71A |. E8 59F1F6FF CALL _BB.0043B878
004CC71F |. 84C0 TEST AL,AL
004CC721 |. 74 20 JE SHORT _BB.004CC743
004CC723 |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C]
004CC726 |. BA 64C84C00 MOV EDX,_BB.004CC864 ; ASCII "Name"
004CC72B |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004CC72E |. E8 0DF3F6FF CALL _BB.0043BA40
004CC733 |. 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
004CC736 |. BA 74C84C00 MOV EDX,_BB.004CC874 ; ASCII "RegCode"
004CC73B |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004CC73E |. E8 FDF2F6FF CALL _BB.0043BA40
004CC743 |> 33C0 XOR EAX,EAX
004CC745 |. 5A POP EDX
004CC746 |. 59 POP ECX
004CC747 |. 59 POP ECX
004CC748 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004CC74B |. 68 60C74C00 PUSH _BB.004CC760
004CC750 |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004CC753 |. E8 D06BF3FF CALL _BB.00403328
004CC758 \. C3 RETN
至此我们在注册表中建立HKEY_CURRENT_USER\Software\winbb\name
和HKEY_CURRENT_USER\Software\winbb\RegCode键值,值随便填,重新启动运行到上面的断点,
按F8往下走到
004CC770 > 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24] //
004CC773 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] //Name(在内存中)
004CC776 . E8 61F1FFFF CALL _BB.004CB8DC //Name进行一次MD5运算结果存放在EAX指向的地址中
004CC77B . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24] //MD5运算的结果
004CC77E . 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28] //
004CC781 . E8 CAF1FFFF CALL _BB.004CB950
004CC786 . 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
004CC789 . BA 84C84C00 MOV EDX,_BB.004CC884 //4cc884存放值为"聪明宝宝健康成长指南"
004CC78E . E8 ED7CF3FF CALL _BB.00404480 //将上次MD5运算的结果与"聪明宝宝健康成长指南"联接成一个新串
004CC793 . 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] //存放联接的新串
004CC796 . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24] //上次MD5结果
004CC799 . E8 3EF1FFFF CALL _BB.004CB8DC //对新串进行一次MD5运算,结果存放在EAX地址
004CC79E . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004CC7A1 . 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
004CC7A4 . E8 A7F1FFFF CALL _BB.004CB950
004CC7A9 . 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] //MD5运算结果,真正的注册码?
004CC7AC . 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] //输入的注册码
004CC7AF . E8 107EF3FF CALL _BB.004045C4
004CC7B4 . 75 3C JNZ SHORT _BB.004CC7F2
004CB7B4 /$ C700 01234567 MOV DWORD PTR DS:[EAX],67452301 MD5初始化
004CB7BA |. C740 04 89ABCD>MOV DWORD PTR DS:[EAX+4],EFCDAB89
004CB7C1 |. C740 08 FEDCBA>MOV DWORD PTR DS:[EAX+8],98BADCFE
004CB7C8 |. C740 0C 765432>MOV DWORD PTR DS:[EAX+C],10325476
004CB7CF |. 33D2 XOR EDX,EDX
004CB7D1 |. 8950 10 MOV DWORD PTR DS:[EAX+10],EDX
004CB7D4 |. 33D2 XOR EDX,EDX
004CB7D6 |. 8950 14 MOV DWORD PTR DS:[EAX+14],EDX
004CB7D9 |. 83C0 18 ADD EAX,18
004CB7DC |. BA 40000000 MOV EDX,40
004CB7E1 |. E8 1ABBF3FF CALL _BB.00407300
004CB7E6 \. C3 RETN
MD5算法
004CB084 /$ 53 PUSH EBX ; md5
004CB085 |. 56 PUSH ESI
004CB086 |. 57 PUSH EDI
004CB087 |. 55 PUSH EBP
004CB088 |. 83C4 A8 ADD ESP,-58
004CB08B |. 895424 04 MOV DWORD PTR SS:[ESP+4],EDX
004CB08F |. 890424 MOV DWORD PTR SS:[ESP],EAX
004CB092 |. 8D5C24 08 LEA EBX,DWORD PTR SS:[ESP+8]
004CB096 |. 8D7424 0C LEA ESI,DWORD PTR SS:[ESP+C]
004CB09A |. 8D7C24 10 LEA EDI,DWORD PTR SS:[ESP+10]
004CB09E |. 8D6C24 14 LEA EBP,DWORD PTR SS:[ESP+14]
004CB0A2 |. 8D5424 18 LEA EDX,DWORD PTR SS:[ESP+18]
004CB0A6 |. B9 40000000 MOV ECX,40
004CB0AB |. 8B0424 MOV EAX,DWORD PTR SS:[ESP]
004CB0AE |. E8 5DFFFFFF CALL _BB.004CB010
004CB0B3 |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004CB0B7 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004CB0B9 |. 8903 MOV DWORD PTR DS:[EBX],EAX
004CB0BB |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004CB0BF |. 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
004CB0C2 |. 8906 MOV DWORD PTR DS:[ESI],EAX
004CB0C4 |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004CB0C8 |. 8B40 08 MOV EAX,DWORD PTR DS:[EAX+8]
004CB0CB |. 8907 MOV DWORD PTR DS:[EDI],EAX
004CB0CD |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004CB0D1 |. 8B40 0C MOV EAX,DWORD PTR DS:[EAX+C]
004CB0D4 |. 8945 00 MOV DWORD PTR SS:[EBP],EAX
004CB0D7 |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB0DA |. 50 PUSH EAX ; /Arg4
004CB0DB |. 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+1C] ; |
004CB0DF |. 50 PUSH EAX ; |Arg3
004CB0E0 |. 6A 07 PUSH 7 ; |Arg2 = 00000007
004CB0E2 |. 68 78A46AD7 PUSH D76AA478 ; |Arg1 = D76AA478
004CB0E7 |. 8BC3 MOV EAX,EBX ; |
004CB0E9 |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB0EB |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB0ED |. E8 4EFEFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB0F2 |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB0F4 |. 50 PUSH EAX ; /Arg4
004CB0F5 |. 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+20] ; |
004CB0F9 |. 50 PUSH EAX ; |Arg3
004CB0FA |. 6A 0C PUSH 0C ; |Arg2 = 0000000C
004CB0FC |. 68 56B7C7E8 PUSH E8C7B756 ; |Arg1 = E8C7B756
004CB101 |. 8BC5 MOV EAX,EBP ; |
004CB103 |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB105 |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB107 |. E8 34FEFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB10C |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB10E |. 50 PUSH EAX ; /Arg4
004CB10F |. 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24] ; |
004CB113 |. 50 PUSH EAX ; |Arg3
004CB114 |. 6A 11 PUSH 11 ; |Arg2 = 00000011
004CB116 |. 68 DB702024 PUSH 242070DB ; |Arg1 = 242070DB
004CB11B |. 8BC7 MOV EAX,EDI ; |
004CB11D |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB11F |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB122 |. E8 19FEFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB127 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB129 |. 50 PUSH EAX ; /Arg4
004CB12A |. 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+28] ; |
004CB12E |. 50 PUSH EAX ; |Arg3
004CB12F |. 6A 16 PUSH 16 ; |Arg2 = 00000016
004CB131 |. 68 EECEBDC1 PUSH C1BDCEEE ; |Arg1 = C1BDCEEE
004CB136 |. 8BC6 MOV EAX,ESI ; |
004CB138 |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB13B |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB13D |. E8 FEFDFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB142 |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB145 |. 50 PUSH EAX ; /Arg4
004CB146 |. 8B4424 2C MOV EAX,DWORD PTR SS:[ESP+2C] ; |
004CB14A |. 50 PUSH EAX ; |Arg3
004CB14B |. 6A 07 PUSH 7 ; |Arg2 = 00000007
004CB14D |. 68 AF0F7CF5 PUSH F57C0FAF ; |Arg1 = F57C0FAF
004CB152 |. 8BC3 MOV EAX,EBX ; |
004CB154 |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB156 |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB158 |. E8 E3FDFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB15D |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB15F |. 50 PUSH EAX ; /Arg4
004CB160 |. 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+30] ; |
004CB164 |. 50 PUSH EAX ; |Arg3
004CB165 |. 6A 0C PUSH 0C ; |Arg2 = 0000000C
004CB167 |. 68 2AC68747 PUSH 4787C62A ; |Arg1 = 4787C62A
004CB16C |. 8BC5 MOV EAX,EBP ; |
004CB16E |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB170 |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB172 |. E8 C9FDFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB177 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB179 |. 50 PUSH EAX ; /Arg4
004CB17A |. 8B4424 34 MOV EAX,DWORD PTR SS:[ESP+34] ; |
004CB17E |. 50 PUSH EAX ; |Arg3
004CB17F |. 6A 11 PUSH 11 ; |Arg2 = 00000011
004CB181 |. 68 134630A8 PUSH A8304613 ; |Arg1 = A8304613
004CB186 |. 8BC7 MOV EAX,EDI ; |
004CB188 |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB18A |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB18D |. E8 AEFDFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB192 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB194 |. 50 PUSH EAX ; /Arg4
004CB195 |. 8B4424 38 MOV EAX,DWORD PTR SS:[ESP+38] ; |
004CB199 |. 50 PUSH EAX ; |Arg3
004CB19A |. 6A 16 PUSH 16 ; |Arg2 = 00000016
004CB19C |. 68 019546FD PUSH FD469501 ; |Arg1 = FD469501
004CB1A1 |. 8BC6 MOV EAX,ESI ; |
004CB1A3 |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB1A6 |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB1A8 |. E8 93FDFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB1AD |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB1B0 |. 50 PUSH EAX ; /Arg4
004CB1B1 |. 8B4424 3C MOV EAX,DWORD PTR SS:[ESP+3C] ; |
004CB1B5 |. 50 PUSH EAX ; |Arg3
004CB1B6 |. 6A 07 PUSH 7 ; |Arg2 = 00000007
004CB1B8 |. 68 D8988069 PUSH 698098D8 ; |Arg1 = 698098D8
004CB1BD |. 8BC3 MOV EAX,EBX ; |
004CB1BF |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB1C1 |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB1C3 |. E8 78FDFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB1C8 |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB1CA |. 50 PUSH EAX ; /Arg4
004CB1CB |. 8B4424 40 MOV EAX,DWORD PTR SS:[ESP+40] ; |
004CB1CF |. 50 PUSH EAX ; |Arg3
004CB1D0 |. 6A 0C PUSH 0C ; |Arg2 = 0000000C
004CB1D2 |. 68 AFF7448B PUSH 8B44F7AF ; |Arg1 = 8B44F7AF
004CB1D7 |. 8BC5 MOV EAX,EBP ; |
004CB1D9 |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB1DB |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB1DD |. E8 5EFDFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB1E2 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB1E4 |. 50 PUSH EAX ; /Arg4
004CB1E5 |. 8B4424 44 MOV EAX,DWORD PTR SS:[ESP+44] ; |
004CB1E9 |. 50 PUSH EAX ; |Arg3
004CB1EA |. 6A 11 PUSH 11 ; |Arg2 = 00000011
004CB1EC |. 68 B15BFFFF PUSH FFFF5BB1 ; |Arg1 = FFFF5BB1
004CB1F1 |. 8BC7 MOV EAX,EDI ; |
004CB1F3 |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB1F5 |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB1F8 |. E8 43FDFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB1FD |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB1FF |. 50 PUSH EAX ; /Arg4
004CB200 |. 8B4424 48 MOV EAX,DWORD PTR SS:[ESP+48] ; |
004CB204 |. 50 PUSH EAX ; |Arg3
004CB205 |. 6A 16 PUSH 16 ; |Arg2 = 00000016
004CB207 |. 68 BED75C89 PUSH 895CD7BE ; |Arg1 = 895CD7BE
004CB20C |. 8BC6 MOV EAX,ESI ; |
004CB20E |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB211 |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB213 |. E8 28FDFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB218 |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB21B |. 50 PUSH EAX ; /Arg4
004CB21C |. 8B4424 4C MOV EAX,DWORD PTR SS:[ESP+4C] ; |
004CB220 |. 50 PUSH EAX ; |Arg3
004CB221 |. 6A 07 PUSH 7 ; |Arg2 = 00000007
004CB223 |. 68 2211906B PUSH 6B901122 ; |Arg1 = 6B901122
004CB228 |. 8BC3 MOV EAX,EBX ; |
004CB22A |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB22C |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB22E |. E8 0DFDFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB233 |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB235 |. 50 PUSH EAX ; /Arg4
004CB236 |. 8B4424 50 MOV EAX,DWORD PTR SS:[ESP+50] ; |
004CB23A |. 50 PUSH EAX ; |Arg3
004CB23B |. 6A 0C PUSH 0C ; |Arg2 = 0000000C
004CB23D |. 68 937198FD PUSH FD987193 ; |Arg1 = FD987193
004CB242 |. 8BC5 MOV EAX,EBP ; |
004CB244 |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB246 |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB248 |. E8 F3FCFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB24D |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB24F |. 50 PUSH EAX ; /Arg4
004CB250 |. 8B4424 54 MOV EAX,DWORD PTR SS:[ESP+54] ; |
004CB254 |. 50 PUSH EAX ; |Arg3
004CB255 |. 6A 11 PUSH 11 ; |Arg2 = 00000011
004CB257 |. 68 8E4379A6 PUSH A679438E ; |Arg1 = A679438E
004CB25C |. 8BC7 MOV EAX,EDI ; |
004CB25E |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB260 |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB263 |. E8 D8FCFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB268 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB26A |. 50 PUSH EAX ; /Arg4
004CB26B |. 8B4424 58 MOV EAX,DWORD PTR SS:[ESP+58] ; |
004CB26F |. 50 PUSH EAX ; |Arg3
004CB270 |. 6A 16 PUSH 16 ; |Arg2 = 00000016
004CB272 |. 68 2108B449 PUSH 49B40821 ; |Arg1 = 49B40821
004CB277 |. 8BC6 MOV EAX,ESI ; |
004CB279 |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB27C |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB27E |. E8 BDFCFFFF CALL _BB.004CAF40 ; \_BB.004CAF40
004CB283 |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB286 |. 50 PUSH EAX ; /Arg4
004CB287 |. 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+20] ; |
004CB28B |. 50 PUSH EAX ; |Arg3
004CB28C |. 6A 05 PUSH 5 ; |Arg2 = 00000005
004CB28E |. 68 62251EF6 PUSH F61E2562 ; |Arg1 = F61E2562
004CB293 |. 8BC3 MOV EAX,EBX ; |
004CB295 |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB297 |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB299 |. E8 D6FCFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB29E |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB2A0 |. 50 PUSH EAX ; /Arg4
004CB2A1 |. 8B4424 34 MOV EAX,DWORD PTR SS:[ESP+34] ; |
004CB2A5 |. 50 PUSH EAX ; |Arg3
004CB2A6 |. 6A 09 PUSH 9 ; |Arg2 = 00000009
004CB2A8 |. 68 40B340C0 PUSH C040B340 ; |Arg1 = C040B340
004CB2AD |. 8BC5 MOV EAX,EBP ; |
004CB2AF |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB2B1 |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB2B3 |. E8 BCFCFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB2B8 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB2BA |. 50 PUSH EAX ; /Arg4
004CB2BB |. 8B4424 48 MOV EAX,DWORD PTR SS:[ESP+48] ; |
004CB2BF |. 50 PUSH EAX ; |Arg3
004CB2C0 |. 6A 0E PUSH 0E ; |Arg2 = 0000000E
004CB2C2 |. 68 515A5E26 PUSH 265E5A51 ; |Arg1 = 265E5A51
004CB2C7 |. 8BC7 MOV EAX,EDI ; |
004CB2C9 |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB2CB |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB2CE |. E8 A1FCFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB2D3 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB2D5 |. 50 PUSH EAX ; /Arg4
004CB2D6 |. 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+1C] ; |
004CB2DA |. 50 PUSH EAX ; |Arg3
004CB2DB |. 6A 14 PUSH 14 ; |Arg2 = 00000014
004CB2DD |. 68 AAC7B6E9 PUSH E9B6C7AA ; |Arg1 = E9B6C7AA
004CB2E2 |. 8BC6 MOV EAX,ESI ; |
004CB2E4 |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB2E7 |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB2E9 |. E8 86FCFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB2EE |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB2F1 |. 50 PUSH EAX ; /Arg4
004CB2F2 |. 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+30] ; |
004CB2F6 |. 50 PUSH EAX ; |Arg3
004CB2F7 |. 6A 05 PUSH 5 ; |Arg2 = 00000005
004CB2F9 |. 68 5D102FD6 PUSH D62F105D ; |Arg1 = D62F105D
004CB2FE |. 8BC3 MOV EAX,EBX ; |
004CB300 |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB302 |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB304 |. E8 6BFCFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB309 |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB30B |. 50 PUSH EAX ; /Arg4
004CB30C |. 8B4424 44 MOV EAX,DWORD PTR SS:[ESP+44] ; |
004CB310 |. 50 PUSH EAX ; |Arg3
004CB311 |. 6A 09 PUSH 9 ; |Arg2 = 00000009
004CB313 |. 68 53144402 PUSH 2441453 ; |Arg1 = 02441453
004CB318 |. 8BC5 MOV EAX,EBP ; |
004CB31A |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB31C |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB31E |. E8 51FCFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB323 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB325 |. 50 PUSH EAX ; /Arg4
004CB326 |. 8B4424 58 MOV EAX,DWORD PTR SS:[ESP+58] ; |
004CB32A |. 50 PUSH EAX ; |Arg3
004CB32B |. 6A 0E PUSH 0E ; |Arg2 = 0000000E
004CB32D |. 68 81E6A1D8 PUSH D8A1E681 ; |Arg1 = D8A1E681
004CB332 |. 8BC7 MOV EAX,EDI ; |
004CB334 |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB336 |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB339 |. E8 36FCFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB33E |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB340 |. 50 PUSH EAX ; /Arg4
004CB341 |. 8B4424 2C MOV EAX,DWORD PTR SS:[ESP+2C] ; |
004CB345 |. 50 PUSH EAX ; |Arg3
004CB346 |. 6A 14 PUSH 14 ; |Arg2 = 00000014
004CB348 |. 68 C8FBD3E7 PUSH E7D3FBC8 ; |Arg1 = E7D3FBC8
004CB34D |. 8BC6 MOV EAX,ESI ; |
004CB34F |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB352 |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB354 |. E8 1BFCFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB359 |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB35C |. 50 PUSH EAX ; /Arg4
004CB35D |. 8B4424 40 MOV EAX,DWORD PTR SS:[ESP+40] ; |
004CB361 |. 50 PUSH EAX ; |Arg3
004CB362 |. 6A 05 PUSH 5 ; |Arg2 = 00000005
004CB364 |. 68 E6CDE121 PUSH 21E1CDE6 ; |Arg1 = 21E1CDE6
004CB369 |. 8BC3 MOV EAX,EBX ; |
004CB36B |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB36D |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB36F |. E8 00FCFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB374 |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB376 |. 50 PUSH EAX ; /Arg4
004CB377 |. 8B4424 54 MOV EAX,DWORD PTR SS:[ESP+54] ; |
004CB37B |. 50 PUSH EAX ; |Arg3
004CB37C |. 6A 09 PUSH 9 ; |Arg2 = 00000009
004CB37E |. 68 D60737C3 PUSH C33707D6 ; |Arg1 = C33707D6
004CB383 |. 8BC5 MOV EAX,EBP ; |
004CB385 |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB387 |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB389 |. E8 E6FBFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB38E |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB390 |. 50 PUSH EAX ; /Arg4
004CB391 |. 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+28] ; |
004CB395 |. 50 PUSH EAX ; |Arg3
004CB396 |. 6A 0E PUSH 0E ; |Arg2 = 0000000E
004CB398 |. 68 870DD5F4 PUSH F4D50D87 ; |Arg1 = F4D50D87
004CB39D |. 8BC7 MOV EAX,EDI ; |
004CB39F |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB3A1 |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB3A4 |. E8 CBFBFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB3A9 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB3AB |. 50 PUSH EAX ; /Arg4
004CB3AC |. 8B4424 3C MOV EAX,DWORD PTR SS:[ESP+3C] ; |
004CB3B0 |. 50 PUSH EAX ; |Arg3
004CB3B1 |. 6A 14 PUSH 14 ; |Arg2 = 00000014
004CB3B3 |. 68 ED145A45 PUSH 455A14ED ; |Arg1 = 455A14ED
004CB3B8 |. 8BC6 MOV EAX,ESI ; |
004CB3BA |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB3BD |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB3BF |. E8 B0FBFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB3C4 |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB3C7 |. 50 PUSH EAX ; /Arg4
004CB3C8 |. 8B4424 50 MOV EAX,DWORD PTR SS:[ESP+50] ; |
004CB3CC |. 50 PUSH EAX ; |Arg3
004CB3CD |. 6A 05 PUSH 5 ; |Arg2 = 00000005
004CB3CF |. 68 05E9E3A9 PUSH A9E3E905 ; |Arg1 = A9E3E905
004CB3D4 |. 8BC3 MOV EAX,EBX ; |
004CB3D6 |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB3D8 |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB3DA |. E8 95FBFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB3DF |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB3E1 |. 50 PUSH EAX ; /Arg4
004CB3E2 |. 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24] ; |
004CB3E6 |. 50 PUSH EAX ; |Arg3
004CB3E7 |. 6A 09 PUSH 9 ; |Arg2 = 00000009
004CB3E9 |. 68 F8A3EFFC PUSH FCEFA3F8 ; |Arg1 = FCEFA3F8
004CB3EE |. 8BC5 MOV EAX,EBP ; |
004CB3F0 |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB3F2 |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB3F4 |. E8 7BFBFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB3F9 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB3FB |. 50 PUSH EAX ; /Arg4
004CB3FC |. 8B4424 38 MOV EAX,DWORD PTR SS:[ESP+38] ; |
004CB400 |. 50 PUSH EAX ; |Arg3
004CB401 |. 6A 0E PUSH 0E ; |Arg2 = 0000000E
004CB403 |. 68 D9026F67 PUSH 676F02D9 ; |Arg1 = 676F02D9
004CB408 |. 8BC7 MOV EAX,EDI ; |
004CB40A |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB40C |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB40F |. E8 60FBFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB414 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB416 |. 50 PUSH EAX ; /Arg4
004CB417 |. 8B4424 4C MOV EAX,DWORD PTR SS:[ESP+4C] ; |
004CB41B |. 50 PUSH EAX ; |Arg3
004CB41C |. 6A 14 PUSH 14 ; |Arg2 = 00000014
004CB41E |. 68 8A4C2A8D PUSH 8D2A4C8A ; |Arg1 = 8D2A4C8A
004CB423 |. 8BC6 MOV EAX,ESI ; |
004CB425 |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB428 |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB42A |. E8 45FBFFFF CALL _BB.004CAF74 ; \_BB.004CAF74
004CB42F |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB432 |. 50 PUSH EAX ; /Arg4
004CB433 |. 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+30] ; |
004CB437 |. 50 PUSH EAX ; |Arg3
004CB438 |. 6A 04 PUSH 4 ; |Arg2 = 00000004
004CB43A |. 68 4239FAFF PUSH FFFA3942 ; |Arg1 = FFFA3942
004CB43F |. 8BC3 MOV EAX,EBX ; |
004CB441 |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB443 |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB445 |. E8 5EFBFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB44A |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB44C |. 50 PUSH EAX ; /Arg4
004CB44D |. 8B4424 3C MOV EAX,DWORD PTR SS:[ESP+3C] ; |
004CB451 |. 50 PUSH EAX ; |Arg3
004CB452 |. 6A 0B PUSH 0B ; |Arg2 = 0000000B
004CB454 |. 68 81F67187 PUSH 8771F681 ; |Arg1 = 8771F681
004CB459 |. 8BC5 MOV EAX,EBP ; |
004CB45B |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB45D |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB45F |. E8 44FBFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB464 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB466 |. 50 PUSH EAX ; /Arg4
004CB467 |. 8B4424 48 MOV EAX,DWORD PTR SS:[ESP+48] ; |
004CB46B |. 50 PUSH EAX ; |Arg3
004CB46C |. 6A 10 PUSH 10 ; |Arg2 = 00000010
004CB46E |. 68 22619D6D PUSH 6D9D6122 ; |Arg1 = 6D9D6122
004CB473 |. 8BC7 MOV EAX,EDI ; |
004CB475 |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB477 |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB47A |. E8 29FBFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB47F |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB481 |. 50 PUSH EAX ; /Arg4
004CB482 |. 8B4424 54 MOV EAX,DWORD PTR SS:[ESP+54] ; |
004CB486 |. 50 PUSH EAX ; |Arg3
004CB487 |. 6A 17 PUSH 17 ; |Arg2 = 00000017
004CB489 |. 68 0C38E5FD PUSH FDE5380C ; |Arg1 = FDE5380C
004CB48E |. 8BC6 MOV EAX,ESI ; |
004CB490 |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB493 |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB495 |. E8 0EFBFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB49A |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB49D |. 50 PUSH EAX ; /Arg4
004CB49E |. 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+20] ; |
004CB4A2 |. 50 PUSH EAX ; |Arg3
004CB4A3 |. 6A 04 PUSH 4 ; |Arg2 = 00000004
004CB4A5 |. 68 44EABEA4 PUSH A4BEEA44 ; |Arg1 = A4BEEA44
004CB4AA |. 8BC3 MOV EAX,EBX ; |
004CB4AC |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB4AE |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB4B0 |. E8 F3FAFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB4B5 |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB4B7 |. 50 PUSH EAX ; /Arg4
004CB4B8 |. 8B4424 2C MOV EAX,DWORD PTR SS:[ESP+2C] ; |
004CB4BC |. 50 PUSH EAX ; |Arg3
004CB4BD |. 6A 0B PUSH 0B ; |Arg2 = 0000000B
004CB4BF |. 68 A9CFDE4B PUSH 4BDECFA9 ; |Arg1 = 4BDECFA9
004CB4C4 |. 8BC5 MOV EAX,EBP ; |
004CB4C6 |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB4C8 |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB4CA |. E8 D9FAFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB4CF |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB4D1 |. 50 PUSH EAX ; /Arg4
004CB4D2 |. 8B4424 38 MOV EAX,DWORD PTR SS:[ESP+38] ; |
004CB4D6 |. 50 PUSH EAX ; |Arg3
004CB4D7 |. 6A 10 PUSH 10 ; |Arg2 = 00000010
004CB4D9 |. 68 604BBBF6 PUSH F6BB4B60 ; |Arg1 = F6BB4B60
004CB4DE |. 8BC7 MOV EAX,EDI ; |
004CB4E0 |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB4E2 |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB4E5 |. E8 BEFAFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB4EA |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB4EC |. 50 PUSH EAX ; /Arg4
004CB4ED |. 8B4424 44 MOV EAX,DWORD PTR SS:[ESP+44] ; |
004CB4F1 |. 50 PUSH EAX ; |Arg3
004CB4F2 |. 6A 17 PUSH 17 ; |Arg2 = 00000017
004CB4F4 |. 68 70BCBFBE PUSH BEBFBC70 ; |Arg1 = BEBFBC70
004CB4F9 |. 8BC6 MOV EAX,ESI ; |
004CB4FB |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB4FE |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB500 |. E8 A3FAFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB505 |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB508 |. 50 PUSH EAX ; /Arg4
004CB509 |. 8B4424 50 MOV EAX,DWORD PTR SS:[ESP+50] ; |
004CB50D |. 50 PUSH EAX ; |Arg3
004CB50E |. 6A 04 PUSH 4 ; |Arg2 = 00000004
004CB510 |. 68 C67E9B28 PUSH 289B7EC6 ; |Arg1 = 289B7EC6
004CB515 |. 8BC3 MOV EAX,EBX ; |
004CB517 |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB519 |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB51B |. E8 88FAFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB520 |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB522 |. 50 PUSH EAX ; /Arg4
004CB523 |. 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+1C] ; |
004CB527 |. 50 PUSH EAX ; |Arg3
004CB528 |. 6A 0B PUSH 0B ; |Arg2 = 0000000B
004CB52A |. 68 FA27A1EA PUSH EAA127FA ; |Arg1 = EAA127FA
004CB52F |. 8BC5 MOV EAX,EBP ; |
004CB531 |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB533 |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB535 |. E8 6EFAFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB53A |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB53C |. 50 PUSH EAX ; /Arg4
004CB53D |. 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+28] ; |
004CB541 |. 50 PUSH EAX ; |Arg3
004CB542 |. 6A 10 PUSH 10 ; |Arg2 = 00000010
004CB544 |. 68 8530EFD4 PUSH D4EF3085 ; |Arg1 = D4EF3085
004CB549 |. 8BC7 MOV EAX,EDI ; |
004CB54B |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB54D |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB550 |. E8 53FAFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB555 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB557 |. 50 PUSH EAX ; /Arg4
004CB558 |. 8B4424 34 MOV EAX,DWORD PTR SS:[ESP+34] ; |
004CB55C |. 50 PUSH EAX ; |Arg3
004CB55D |. 6A 17 PUSH 17 ; |Arg2 = 00000017
004CB55F |. 68 051D8804 PUSH 4881D05 ; |Arg1 = 04881D05
004CB564 |. 8BC6 MOV EAX,ESI ; |
004CB566 |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB569 |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB56B |. E8 38FAFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB570 |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB573 |. 50 PUSH EAX ; /Arg4
004CB574 |. 8B4424 40 MOV EAX,DWORD PTR SS:[ESP+40] ; |
004CB578 |. 50 PUSH EAX ; |Arg3
004CB579 |. 6A 04 PUSH 4 ; |Arg2 = 00000004
004CB57B |. 68 39D0D4D9 PUSH D9D4D039 ; |Arg1 = D9D4D039
004CB580 |. 8BC3 MOV EAX,EBX ; |
004CB582 |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB584 |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB586 |. E8 1DFAFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB58B |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB58D |. 50 PUSH EAX ; /Arg4
004CB58E |. 8B4424 4C MOV EAX,DWORD PTR SS:[ESP+4C] ; |
004CB592 |. 50 PUSH EAX ; |Arg3
004CB593 |. 6A 0B PUSH 0B ; |Arg2 = 0000000B
004CB595 |. 68 E599DBE6 PUSH E6DB99E5 ; |Arg1 = E6DB99E5
004CB59A |. 8BC5 MOV EAX,EBP ; |
004CB59C |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB59E |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB5A0 |. E8 03FAFFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB5A5 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB5A7 |. 50 PUSH EAX ; /Arg4
004CB5A8 |. 8B4424 58 MOV EAX,DWORD PTR SS:[ESP+58] ; |
004CB5AC |. 50 PUSH EAX ; |Arg3
004CB5AD |. 6A 10 PUSH 10 ; |Arg2 = 00000010
004CB5AF |. 68 F87CA21F PUSH 1FA27CF8 ; |Arg1 = 1FA27CF8
004CB5B4 |. 8BC7 MOV EAX,EDI ; |
004CB5B6 |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB5B8 |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB5BB |. E8 E8F9FFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB5C0 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB5C2 |. 50 PUSH EAX ; /Arg4
004CB5C3 |. 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24] ; |
004CB5C7 |. 50 PUSH EAX ; |Arg3
004CB5C8 |. 6A 17 PUSH 17 ; |Arg2 = 00000017
004CB5CA |. 68 6556ACC4 PUSH C4AC5665 ; |Arg1 = C4AC5665
004CB5CF |. 8BC6 MOV EAX,ESI ; |
004CB5D1 |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB5D4 |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB5D6 |. E8 CDF9FFFF CALL _BB.004CAFA8 ; \_BB.004CAFA8
004CB5DB |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB5DE |. 50 PUSH EAX ; /Arg4
004CB5DF |. 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+1C] ; |
004CB5E3 |. 50 PUSH EAX ; |Arg3
004CB5E4 |. 6A 06 PUSH 6 ; |Arg2 = 00000006
004CB5E6 |. 68 442229F4 PUSH F4292244 ; |Arg1 = F4292244
004CB5EB |. 8BC3 MOV EAX,EBX ; |
004CB5ED |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB5EF |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB5F1 |. E8 E6F9FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB5F6 |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB5F8 |. 50 PUSH EAX ; /Arg4
004CB5F9 |. 8B4424 38 MOV EAX,DWORD PTR SS:[ESP+38] ; |
004CB5FD |. 50 PUSH EAX ; |Arg3
004CB5FE |. 6A 0A PUSH 0A ; |Arg2 = 0000000A
004CB600 |. 68 97FF2A43 PUSH 432AFF97 ; |Arg1 = 432AFF97
004CB605 |. 8BC5 MOV EAX,EBP ; |
004CB607 |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB609 |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB60B |. E8 CCF9FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB610 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB612 |. 50 PUSH EAX ; /Arg4
004CB613 |. 8B4424 54 MOV EAX,DWORD PTR SS:[ESP+54] ; |
004CB617 |. 50 PUSH EAX ; |Arg3
004CB618 |. 6A 0F PUSH 0F ; |Arg2 = 0000000F
004CB61A |. 68 A72394AB PUSH AB9423A7 ; |Arg1 = AB9423A7
004CB61F |. 8BC7 MOV EAX,EDI ; |
004CB621 |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB623 |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB626 |. E8 B1F9FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB62B |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB62D |. 50 PUSH EAX ; /Arg4
004CB62E |. 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+30] ; |
004CB632 |. 50 PUSH EAX ; |Arg3
004CB633 |. 6A 15 PUSH 15 ; |Arg2 = 00000015
004CB635 |. 68 39A093FC PUSH FC93A039 ; |Arg1 = FC93A039
004CB63A |. 8BC6 MOV EAX,ESI ; |
004CB63C |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB63F |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB641 |. E8 96F9FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB646 |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB649 |. 50 PUSH EAX ; /Arg4
004CB64A |. 8B4424 4C MOV EAX,DWORD PTR SS:[ESP+4C] ; |
004CB64E |. 50 PUSH EAX ; |Arg3
004CB64F |. 6A 06 PUSH 6 ; |Arg2 = 00000006
004CB651 |. 68 C3595B65 PUSH 655B59C3 ; |Arg1 = 655B59C3
004CB656 |. 8BC3 MOV EAX,EBX ; |
004CB658 |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB65A |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB65C |. E8 7BF9FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB661 |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB663 |. 50 PUSH EAX ; /Arg4
004CB664 |. 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+28] ; |
004CB668 |. 50 PUSH EAX ; |Arg3
004CB669 |. 6A 0A PUSH 0A ; |Arg2 = 0000000A
004CB66B |. 68 92CC0C8F PUSH 8F0CCC92 ; |Arg1 = 8F0CCC92
004CB670 |. 8BC5 MOV EAX,EBP ; |
004CB672 |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB674 |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB676 |. E8 61F9FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB67B |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB67D |. 50 PUSH EAX ; /Arg4
004CB67E |. 8B4424 44 MOV EAX,DWORD PTR SS:[ESP+44] ; |
004CB682 |. 50 PUSH EAX ; |Arg3
004CB683 |. 6A 0F PUSH 0F ; |Arg2 = 0000000F
004CB685 |. 68 7DF4EFFF PUSH FFEFF47D ; |Arg1 = FFEFF47D
004CB68A |. 8BC7 MOV EAX,EDI ; |
004CB68C |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB68E |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB691 |. E8 46F9FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB696 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB698 |. 50 PUSH EAX ; /Arg4
004CB699 |. 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+20] ; |
004CB69D |. 50 PUSH EAX ; |Arg3
004CB69E |. 6A 15 PUSH 15 ; |Arg2 = 00000015
004CB6A0 |. 68 D15D8485 PUSH 85845DD1 ; |Arg1 = 85845DD1
004CB6A5 |. 8BC6 MOV EAX,ESI ; |
004CB6A7 |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB6AA |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB6AC |. E8 2BF9FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB6B1 |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB6B4 |. 50 PUSH EAX ; /Arg4
004CB6B5 |. 8B4424 3C MOV EAX,DWORD PTR SS:[ESP+3C] ; |
004CB6B9 |. 50 PUSH EAX ; |Arg3
004CB6BA |. 6A 06 PUSH 6 ; |Arg2 = 00000006
004CB6BC |. 68 4F7EA86F PUSH 6FA87E4F ; |Arg1 = 6FA87E4F
004CB6C1 |. 8BC3 MOV EAX,EBX ; |
004CB6C3 |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB6C5 |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB6C7 |. E8 10F9FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB6CC |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB6CE |. 50 PUSH EAX ; /Arg4
004CB6CF |. 8B4424 58 MOV EAX,DWORD PTR SS:[ESP+58] ; |
004CB6D3 |. 50 PUSH EAX ; |Arg3
004CB6D4 |. 6A 0A PUSH 0A ; |Arg2 = 0000000A
004CB6D6 |. 68 E0E62CFE PUSH FE2CE6E0 ; |Arg1 = FE2CE6E0
004CB6DB |. 8BC5 MOV EAX,EBP ; |
004CB6DD |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB6DF |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB6E1 |. E8 F6F8FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB6E6 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB6E8 |. 50 PUSH EAX ; /Arg4
004CB6E9 |. 8B4424 34 MOV EAX,DWORD PTR SS:[ESP+34] ; |
004CB6ED |. 50 PUSH EAX ; |Arg3
004CB6EE |. 6A 0F PUSH 0F ; |Arg2 = 0000000F
004CB6F0 |. 68 144301A3 PUSH A3014314 ; |Arg1 = A3014314
004CB6F5 |. 8BC7 MOV EAX,EDI ; |
004CB6F7 |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB6F9 |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB6FC |. E8 DBF8FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB701 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB703 |. 50 PUSH EAX ; /Arg4
004CB704 |. 8B4424 50 MOV EAX,DWORD PTR SS:[ESP+50] ; |
004CB708 |. 50 PUSH EAX ; |Arg3
004CB709 |. 6A 15 PUSH 15 ; |Arg2 = 00000015
004CB70B |. 68 A111084E PUSH 4E0811A1 ; |Arg1 = 4E0811A1
004CB710 |. 8BC6 MOV EAX,ESI ; |
004CB712 |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB715 |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB717 |. E8 C0F8FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB71C |. 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
004CB71F |. 50 PUSH EAX ; /Arg4
004CB720 |. 8B4424 2C MOV EAX,DWORD PTR SS:[ESP+2C] ; |
004CB724 |. 50 PUSH EAX ; |Arg3
004CB725 |. 6A 06 PUSH 6 ; |Arg2 = 00000006
004CB727 |. 68 827E53F7 PUSH F7537E82 ; |Arg1 = F7537E82
004CB72C |. 8BC3 MOV EAX,EBX ; |
004CB72E |. 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
004CB730 |. 8B16 MOV EDX,DWORD PTR DS:[ESI] ; |
004CB732 |. E8 A5F8FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB737 |. 8B07 MOV EAX,DWORD PTR DS:[EDI]
004CB739 |. 50 PUSH EAX ; /Arg4
004CB73A |. 8B4424 48 MOV EAX,DWORD PTR SS:[ESP+48] ; |
004CB73E |. 50 PUSH EAX ; |Arg3
004CB73F |. 6A 0A PUSH 0A ; |Arg2 = 0000000A
004CB741 |. 68 35F23ABD PUSH BD3AF235 ; |Arg1 = BD3AF235
004CB746 |. 8BC5 MOV EAX,EBP ; |
004CB748 |. 8B0E MOV ECX,DWORD PTR DS:[ESI] ; |
004CB74A |. 8B13 MOV EDX,DWORD PTR DS:[EBX] ; |
004CB74C |. E8 8BF8FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB751 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004CB753 |. 50 PUSH EAX ; /Arg4
004CB754 |. 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24] ; |
004CB758 |. 50 PUSH EAX ; |Arg3
004CB759 |. 6A 0F PUSH 0F ; |Arg2 = 0000000F
004CB75B |. 68 BBD2D72A PUSH 2AD7D2BB ; |Arg1 = 2AD7D2BB
004CB760 |. 8BC7 MOV EAX,EDI ; |
004CB762 |. 8B0B MOV ECX,DWORD PTR DS:[EBX] ; |
004CB764 |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP] ; |
004CB767 |. E8 70F8FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB76C |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
004CB76E |. 50 PUSH EAX ; /Arg4
004CB76F |. 8B4424 40 MOV EAX,DWORD PTR SS:[ESP+40] ; |
004CB773 |. 50 PUSH EAX ; |Arg3
004CB774 |. 6A 15 PUSH 15 ; |Arg2 = 00000015
004CB776 |. 68 91D386EB PUSH EB86D391 ; |Arg1 = EB86D391
004CB77B |. 8BC6 MOV EAX,ESI ; |
004CB77D |. 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] ; |
004CB780 |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004CB782 |. E8 55F8FFFF CALL _BB.004CAFDC ; \_BB.004CAFDC
004CB787 |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004CB78B |. 8B13 MOV EDX,DWORD PTR DS:[EBX]
004CB78D |. 0110 ADD DWORD PTR DS:[EAX],EDX //MD5前四个字节结果
004CB78F |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004CB793 |. 8B16 MOV EDX,DWORD PTR DS:[ESI]
004CB795 |. 0150 04 ADD DWORD PTR DS:[EAX+4],EDX //MD5第二个四字节结果
004CB798 |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004CB79C |. 8B17 MOV EDX,DWORD PTR DS:[EDI]
004CB79E |. 0150 08 ADD DWORD PTR DS:[EAX+8],EDX //MD5第三个四字节结果
004CB7A1 |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004CB7A5 |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP]
004CB7A8 |. 0150 0C ADD DWORD PTR DS:[EAX+C],EDX //MD5第四个四字节结果
004CB7AB |. 83C4 58 ADD ESP,58
004CB7AE |. 5D POP EBP
004CB7AF |. 5F POP EDI
004CB7B0 |. 5E POP ESI
004CB7B1 |. 5B POP EBX
004CB7B2 \. C3 RETN
至此,我们可以做内存注册机了,也可以直接爆破了,不过写出算法注册机是我们的追求!
注册算法为我们输入的名字做一次MD5运算,将MD5的结果与“聪明宝宝健康成长指南”合并成新串,再做一次MD5
运算,结果便为该名字对应的注册码。
VC编程:
代码如下:
void CCmbbjkczznzcjDlg::OnButton1()
{
// TODO: Add your control notification handler code here
m_Ctrledit1.GetWindowText(m_Vedit1);
CMD5 md5;
unsigned long M[10000];
md5.Length=md5.GetLength(m_Vedit1);
md5.GetData(m_Vedit1,M);
md5.MD5_Crypt(M);
md5.Length=1;
m_Vedit1="";
m_Vedit1.Format("%08x",md5.A);
CString str;
str.Format("%08x",md5.B);
m_Vedit1+=str;
str.Format("%08x",md5.C);
m_Vedit1+=str;
str.Format("%08x",md5.D);
m_Vedit1+=str;
m_Vedit1+="聪明宝宝健康成长指南";
md5.Length=md5.GetLength(m_Vedit1);
md5.GetData(m_Vedit1,M);
md5.MD5_Crypt(M);
m_Vedit2.Format("%08x%08x%08x%08x",md5.A,md5.B,md5.C,md5.D);
m_Ctrledit2.SetWindowText(m_Vedit2);
}
完毕!需要注册机与我联系!
--------------------------------------------------------------------------------
【破解总结】
程序启动时打开注册表,读取HKEY_CURRENT_USER\Software\winbb\name和HKEY_CURRENT_USER\Software\winbb\RegCode键值进行判断,正确的话则注册,否则未注册
--------------------------------------------------------------------------------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
