求高手帮忙分析一下这个程序的重启验证-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] 求高手帮忙分析一下这个程序的重启验证 0.00雪花

发表于: 2010-11-22 23:04 3048

[旧帖] 求高手帮忙分析一下这个程序的重启验证 0.00雪花

zhendeaini 活跃值

2010-11-22 23:04

3048

00444AE3 .  3C 01       cmp    al, 1
00444AE5 .  0F85 6E020000 jnz    00444D59
00444AEB .  66:C785 48FFF>mov    word ptr [ebp-B8], 0B0
00444AF4 .  BA 73F84C00 mov    edx, 004CF873                   ;  注册成功
00444AF9 .  8D45 C8    lea    eax, dword ptr [ebp-38]
00444AFC .  E8 FB8C0600 call 004AD7FC
00444B01 .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444B07 .  8B00       mov    eax, dword ptr [eax]
00444B09 .  E8 FEB10200 call 0046FD0C
00444B0E .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444B14 .  8D45 C8    lea    eax, dword ptr [ebp-38]
00444B17 .  BA 02000000 mov    edx, 2
00444B1C .  E8 D78D0600 call 004AD8F8
00444B21 .  8B0D 785E4D00 mov    ecx, dword ptr [4D5E78]       ;  0402_._PlayForm
00444B27 .  33C0       xor    eax, eax
00444B29 .  8B39       mov    edi, dword ptr [ecx]
00444B2B .  8D8D 20F8FFFF lea    ecx, dword ptr [ebp-7E0]
00444B31 .  66:C785 48FFF>mov    word ptr [ebp-B8], 0C8
00444B3A .  8945 C4    mov    dword ptr [ebp-3C], eax
00444B3D .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444B43 .  8B97 D8030000 mov    edx, dword ptr [edi+3D8]
00444B49 .  52          push edx
00444B4A .  68 7CF84C00 push 004CF87C                      ;  %d
00444B4F .  51          push ecx
00444B50 .  E8 87E30500 call 004A2EDC
00444B55 .  83C4 0C    add    esp, 0C
00444B58 .  68 04010000 push 104                            ; /BufSize = 104 (260.)
00444B5D .  8D85 1CF7FFFF lea    eax, dword ptr [ebp-8E4]       ; |
00444B63 .  50          push eax                            ; |Buffer
00444B64 .  E8 6FD70700 call <jmp.&KERNEL32.GetWindowsDirecto>; \GetWindowsDirectoryA
00444B69 .  68 7FF84C00 push 004CF87F                      ;  /ai8dplaydd
00444B6E .  8D95 1CF7FFFF lea    edx, dword ptr [ebp-8E4]
00444B74 .  52          push edx
00444B75 .  E8 96AC0500 call 0049F810
00444B7A .  83C4 08    add    esp, 8
00444B7D .  8D8D 20F8FFFF lea    ecx, dword ptr [ebp-7E0]
00444B83 .  51          push ecx
00444B84 .  8D85 1CF7FFFF lea    eax, dword ptr [ebp-8E4]
00444B8A .  50          push eax
00444B8B .  E8 80AC0500 call 0049F810
00444B90 .  83C4 08    add    esp, 8
00444B93 .  68 8BF84C00 push 004CF88B                      ;  .dat
00444B98 .  8D95 1CF7FFFF lea    edx, dword ptr [ebp-8E4]
00444B9E .  52          push edx
00444B9F .  E8 6CAC0500 call 0049F810
00444BA4 .  83C4 08    add    esp, 8
00444BA7 .  8D95 1CF7FFFF lea    edx, dword ptr [ebp-8E4]
00444BAD .  8D45 C0    lea    eax, dword ptr [ebp-40]
00444BB0 .  E8 478C0600 call 004AD7FC
00444BB5 .  8BD0       mov    edx, eax
00444BB7 .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444BBD .  8D45 C4    lea    eax, dword ptr [ebp-3C]
00444BC0 .  E8 638D0600 call 004AD928
00444BC5 .  B2 01       mov    dl, 1
00444BC7 .  A1 9C8B4800 mov    eax, dword ptr [488B9C]
00444BCC .  E8 6712FCFF call 00405E38
00444BD1 .  8BD8       mov    ebx, eax
00444BD3 .  BA 90F84C00 mov    edx, 004CF890
00444BD8 .  8D45 BC    lea    eax, dword ptr [ebp-44]
00444BDB .  E8 1C8C0600 call 004AD7FC
00444BE0 .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444BE6 .  8B10       mov    edx, dword ptr [eax]
00444BE8 .  8BC3       mov    eax, ebx
00444BEA .  8B08       mov    ecx, dword ptr [eax]
00444BEC .  FF51 34    call dword ptr [ecx+34]
00444BEF .  8D97 04040000 lea    edx, dword ptr [edi+404]
00444BF5 .  8D45 B8    lea    eax, dword ptr [ebp-48]
00444BF8 .  E8 FF8B0600 call 004AD7FC
00444BFD .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444C03 .  8B10       mov    edx, dword ptr [eax]
00444C05 .  8BC3       mov    eax, ebx
00444C07 .  8B08       mov    ecx, dword ptr [eax]
00444C09 .  FF51 34    call dword ptr [ecx+34]
00444C0C .  8D97 19040000 lea    edx, dword ptr [edi+419]
00444C12 .  8D45 B4    lea    eax, dword ptr [ebp-4C]
00444C15 .  E8 E28B0600 call 004AD7FC
00444C1A .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444C20 .  8B10       mov    edx, dword ptr [eax]
00444C22 .  8BC3       mov    eax, ebx
00444C24 .  8B08       mov    ecx, dword ptr [eax]
00444C26 .  FF51 34    call dword ptr [ecx+34]
00444C29 .  8D97 19050000 lea    edx, dword ptr [edi+519]
00444C2F .  8D45 B0    lea    eax, dword ptr [ebp-50]
00444C32 .  E8 C58B0600 call 004AD7FC
00444C37 .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444C3D .  8B10       mov    edx, dword ptr [eax]
00444C3F .  8BC3       mov    eax, ebx
00444C41 .  8B08       mov    ecx, dword ptr [eax]
00444C43 .  FF51 34    call dword ptr [ecx+34]
00444C46 .  8B45 C4    mov    eax, dword ptr [ebp-3C]
00444C49 .  E8 A68B0600 call 004AD7F4
00444C4E .  8B55 C4    mov    edx, dword ptr [ebp-3C]
00444C51 .  8BC3       mov    eax, ebx
00444C53 .  8B08       mov    ecx, dword ptr [eax]
00444C55 .  FF51 64    call dword ptr [ecx+64]
00444C58 .  8BFB       mov    edi, ebx
00444C5A .  897D A8    mov    dword ptr [ebp-58], edi
00444C5D .  85FF       test edi, edi
00444C5F .  74 24       je    short 00444C85
00444C61 .  8B07       mov    eax, dword ptr [edi]
00444C63 .  8945 AC    mov    dword ptr [ebp-54], eax
00444C66 .  66:C785 48FFF>mov    word ptr [ebp-B8], 0D4
00444C6F .  BA 03000000 mov    edx, 3
00444C74 .  8B45 A8    mov    eax, dword ptr [ebp-58]
00444C77 .  8B08       mov    ecx, dword ptr [eax]
00444C79 .  FF51 FC    call dword ptr [ecx-4]
00444C7C .  66:C785 48FFF>mov    word ptr [ebp-B8], 0C8
00444C85 >  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444C8B .  8D45 B0    lea    eax, dword ptr [ebp-50]
00444C8E .  BA 02000000 mov    edx, 2
00444C93 .  E8 608C0600 call 004AD8F8
00444C98 .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444C9E .  8D45 B4    lea    eax, dword ptr [ebp-4C]
00444CA1 .  BA 02000000 mov    edx, 2
00444CA6 .  E8 4D8C0600 call 004AD8F8
00444CAB .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444CB1 .  8D45 B8    lea    eax, dword ptr [ebp-48]
00444CB4 .  BA 02000000 mov    edx, 2
00444CB9 .  E8 3A8C0600 call 004AD8F8
00444CBE .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444CC4 .  8D45 BC    lea    eax, dword ptr [ebp-44]
00444CC7 .  BA 02000000 mov    edx, 2
00444CCC .  E8 278C0600 call 004AD8F8
00444CD1 .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444CD7 .  8D45 C0    lea    eax, dword ptr [ebp-40]
00444CDA .  BA 02000000 mov    edx, 2
00444CDF .  E8 148C0600 call 004AD8F8
00444CE4 .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444CEA .  8D45 C4    lea    eax, dword ptr [ebp-3C]
00444CED .  BA 02000000 mov    edx, 2
00444CF2 .  E8 018C0600 call 004AD8F8
00444CF7 .  66:C785 48FFF>mov    word ptr [ebp-B8], 0BC
00444D00 .  C686 08030000>mov    byte ptr [esi+308], 1
00444D07 .  8BC6       mov    eax, esi
00444D09 .  E8 EA2F0200 call 00467CF8
00444D0E .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444D14 .  8D45 F4    lea    eax, dword ptr [ebp-C]
00444D17 .  BA 02000000 mov    edx, 2
00444D1C .  E8 D78B0600 call 004AD8F8
00444D21 .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444D27 .  8D45 F8    lea    eax, dword ptr [ebp-8]
00444D2A .  BA 02000000 mov    edx, 2
00444D2F .  E8 C48B0600 call 004AD8F8
00444D34 .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444D3A .  8D45 FC    lea    eax, dword ptr [ebp-4]
00444D3D .  BA 02000000 mov    edx, 2
00444D42 .  E8 B18B0600 call 004AD8F8
00444D47 .  8B8D 38FFFFFF mov    ecx, dword ptr [ebp-C8]
00444D4D .  64:890D 00000>mov    dword ptr fs:[0], ecx
00444D54 .  E9 85050000 jmp    004452DE
00444D59 >  A1 785E4D00 mov    eax, dword ptr [4D5E78]
00444D5E .  8D8D 08F7FFFF lea    ecx, dword ptr [ebp-8F8]
00444D64 .  8B30       mov    esi, dword ptr [eax]
00444D66 .  33C0       xor    eax, eax
00444D68 .  66:C785 48FFF>mov    word ptr [ebp-B8], 0EC
00444D71 .  8945 A4    mov    dword ptr [ebp-5C], eax
00444D74 .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444D7A .  8B96 D8030000 mov    edx, dword ptr [esi+3D8]
00444D80 .  52          push edx
00444D81 .  68 91F84C00 push 004CF891                      ;  %d
00444D86 .  51          push ecx
00444D87 .  E8 50E10500 call 004A2EDC
00444D8C .  83C4 0C    add    esp, 0C
00444D8F .  68 04010000 push 104                            ; /BufSize = 104 (260.)
00444D94 .  8D85 04F6FFFF lea    eax, dword ptr [ebp-9FC]       ; |
00444D9A .  50          push eax                            ; |Buffer
00444D9B .  E8 38D50700 call <jmp.&KERNEL32.GetWindowsDirecto>; \GetWindowsDirectoryA
00444DA0 .  68 94F84C00 push 004CF894                      ;  /ai8dplaydd
00444DA5 .  8D95 04F6FFFF lea    edx, dword ptr [ebp-9FC]
00444DAB .  52          push edx
00444DAC .  E8 5FAA0500 call 0049F810
00444DB1 .  83C4 08    add    esp, 8
00444DB4 .  8D8D 08F7FFFF lea    ecx, dword ptr [ebp-8F8]
00444DBA .  51          push ecx
00444DBB .  8D85 04F6FFFF lea    eax, dword ptr [ebp-9FC]
00444DC1 .  50          push eax
00444DC2 .  E8 49AA0500 call 0049F810
00444DC7 .  83C4 08    add    esp, 8
00444DCA .  68 A0F84C00 push 004CF8A0                      ;  .dat
00444DCF .  8D95 04F6FFFF lea    edx, dword ptr [ebp-9FC]
00444DD5 .  52          push edx
00444DD6 .  E8 35AA0500 call 0049F810
00444DDB .  83C4 08    add    esp, 8
00444DDE .  8D95 04F6FFFF lea    edx, dword ptr [ebp-9FC]
00444DE4 .  8D45 A0    lea    eax, dword ptr [ebp-60]
00444DE7 .  E8 108A0600 call 004AD7FC
00444DEC .  8BD0       mov    edx, eax
00444DEE .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444DF4 .  8D45 A4    lea    eax, dword ptr [ebp-5C]
00444DF7 .  E8 2C8B0600 call 004AD928
00444DFC .  B2 01       mov    dl, 1
00444DFE .  A1 9C8B4800 mov    eax, dword ptr [488B9C]
00444E03 .  E8 3010FCFF call 00405E38
00444E08 .  8BD8       mov    ebx, eax
00444E0A .  BA A5F84C00 mov    edx, 004CF8A5
00444E0F .  8D45 9C    lea    eax, dword ptr [ebp-64]
00444E12 .  E8 E5890600 call 004AD7FC
00444E17 .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444E1D .  8B10       mov    edx, dword ptr [eax]
00444E1F .  8BC3       mov    eax, ebx
00444E21 .  8B08       mov    ecx, dword ptr [eax]
00444E23 .  FF51 34    call dword ptr [ecx+34]
00444E26 .  8D96 04040000 lea    edx, dword ptr [esi+404]
00444E2C .  8D45 98    lea    eax, dword ptr [ebp-68]
00444E2F .  E8 C8890600 call 004AD7FC
00444E34 .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444E3A .  8B10       mov    edx, dword ptr [eax]
00444E3C .  8BC3       mov    eax, ebx
00444E3E .  8B08       mov    ecx, dword ptr [eax]
00444E40 .  FF51 34    call dword ptr [ecx+34]
00444E43 .  8D96 19040000 lea    edx, dword ptr [esi+419]
00444E49 .  8D45 94    lea    eax, dword ptr [ebp-6C]
00444E4C .  E8 AB890600 call 004AD7FC
00444E51 .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444E57 .  8B10       mov    edx, dword ptr [eax]
00444E59 .  8BC3       mov    eax, ebx
00444E5B .  8B08       mov    ecx, dword ptr [eax]
00444E5D .  FF51 34    call dword ptr [ecx+34]
00444E60 .  8D96 19050000 lea    edx, dword ptr [esi+519]
00444E66 .  8D45 90    lea    eax, dword ptr [ebp-70]
00444E69 .  E8 8E890600 call 004AD7FC
00444E6E .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444E74 .  8B10       mov    edx, dword ptr [eax]
00444E76 .  8BC3       mov    eax, ebx
00444E78 .  8B08       mov    ecx, dword ptr [eax]
00444E7A .  FF51 34    call dword ptr [ecx+34]
00444E7D .  8B45 A4    mov    eax, dword ptr [ebp-5C]
00444E80 .  E8 6F890600 call 004AD7F4
00444E85 .  8B55 A4    mov    edx, dword ptr [ebp-5C]
00444E88 .  8BC3       mov    eax, ebx
00444E8A .  8B08       mov    ecx, dword ptr [eax]
00444E8C .  FF51 64    call dword ptr [ecx+64]
00444E8F .  8BF3       mov    esi, ebx
00444E91 .  8975 88    mov    dword ptr [ebp-78], esi
00444E94 .  85F6       test esi, esi
00444E96 .  74 24       je    short 00444EBC
00444E98 .  8B06       mov    eax, dword ptr [esi]
00444E9A .  8945 8C    mov    dword ptr [ebp-74], eax
00444E9D .  66:C785 48FFF>mov    word ptr [ebp-B8], 0F8
00444EA6 .  BA 03000000 mov    edx, 3
00444EAB .  8B45 88    mov    eax, dword ptr [ebp-78]
00444EAE .  8B08       mov    ecx, dword ptr [eax]
00444EB0 .  FF51 FC    call dword ptr [ecx-4]
00444EB3 .  66:C785 48FFF>mov    word ptr [ebp-B8], 0EC
00444EBC >  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444EC2 .  8D45 90    lea    eax, dword ptr [ebp-70]
00444EC5 .  BA 02000000 mov    edx, 2
00444ECA .  E8 298A0600 call 004AD8F8
00444ECF .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444ED5 .  8D45 94    lea    eax, dword ptr [ebp-6C]
00444ED8 .  BA 02000000 mov    edx, 2
00444EDD .  E8 168A0600 call 004AD8F8
00444EE2 .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444EE8 .  8D45 98    lea    eax, dword ptr [ebp-68]
00444EEB .  BA 02000000 mov    edx, 2
00444EF0 .  E8 038A0600 call 004AD8F8
00444EF5 .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444EFB .  8D45 9C    lea    eax, dword ptr [ebp-64]
00444EFE .  BA 02000000 mov    edx, 2
00444F03 .  E8 F0890600 call 004AD8F8
00444F08 .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444F0E .  8D45 A0    lea    eax, dword ptr [ebp-60]
00444F11 .  BA 02000000 mov    edx, 2
00444F16 .  E8 DD890600 call 004AD8F8
00444F1B .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444F21 .  8D45 A4    lea    eax, dword ptr [ebp-5C]
00444F24 .  BA 02000000 mov    edx, 2
00444F29    E8 CA890600 call 004AD8F8
00444F2E .  66:C785 48FFF>mov    word ptr [ebp-B8], 0E0
00444F37 .  66:C785 48FFF>mov    word ptr [ebp-B8], 104
00444F40 .  BA A6F84C00 mov    edx, 004CF8A6                   ;  注册失败3,请检查用户名和注册码是否都正确输入了
00444F45 .  8D45 84    lea    eax, dword ptr [ebp-7C]
00444F48    E8 AF880600  jmp    00444AEB
00444F4D .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444F53 .  8B00       mov    eax, dword ptr [eax]
00444F55 .  E8 B2AD0200 call 0046FD0C
00444F5A .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444F60 .  8D45 84    lea    eax, dword ptr [ebp-7C]
00444F63 .  BA 02000000 mov    edx, 2
00444F68 .  E8 8B890600 call 004AD8F8
00444F6D .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444F73 .  8D45 F4    lea    eax, dword ptr [ebp-C]
00444F76 .  BA 02000000 mov    edx, 2
00444F7B .  E8 78890600 call 004AD8F8
00444F80 .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444F86 .  8D45 F8    lea    eax, dword ptr [ebp-8]
00444F89 .  BA 02000000 mov    edx, 2
00444F8E .  E8 65890600 call 004AD8F8
00444F93 .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00444F99 .  8D45 FC    lea    eax, dword ptr [ebp-4]
00444F9C .  BA 02000000 mov    edx, 2
00444FA1 .  E8 52890600 call 004AD8F8
00444FA6 .  8B8D 38FFFFFF mov    ecx, dword ptr [ebp-C8]
00444FAC .  64:890D 00000>mov    dword ptr fs:[0], ecx
00444FB3 .  E9 26030000 jmp    004452DE
00444FB8 >  A1 785E4D00 mov    eax, dword ptr [4D5E78]
00444FBD .  8D8D F0F5FFFF lea    ecx, dword ptr [ebp-A10]
00444FC3 .  8B30       mov    esi, dword ptr [eax]
00444FC5 .  33C0       xor    eax, eax
00444FC7 .  66:C785 48FFF>mov    word ptr [ebp-B8], 11C
00444FD0 .  8945 80    mov    dword ptr [ebp-80], eax
00444FD3 .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00444FD9 .  8B96 D8030000 mov    edx, dword ptr [esi+3D8]
00444FDF .  52          push edx
00444FE0 .  68 D5F84C00 push 004CF8D5                      ;  %d
00444FE5 .  51          push ecx
00444FE6 .  E8 F1DE0500 call 004A2EDC
00444FEB .  83C4 0C    add    esp, 0C
00444FEE .  68 04010000 push 104                            ; /BufSize = 104 (260.)
00444FF3 .  8D85 ECF4FFFF lea    eax, dword ptr [ebp-B14]       ; |
00444FF9 .  50          push eax                            ; |Buffer
00444FFA .  E8 D9D20700 call <jmp.&KERNEL32.GetWindowsDirecto>; \GetWindowsDirectoryA
00444FFF .  68 D8F84C00 push 004CF8D8                      ;  /ai8dplaydd
00445004 .  8D95 ECF4FFFF lea    edx, dword ptr [ebp-B14]
0044500A .  52          push edx
0044500B .  E8 00A80500 call 0049F810
00445010 .  83C4 08    add    esp, 8
00445013 .  8D8D F0F5FFFF lea    ecx, dword ptr [ebp-A10]
00445019 .  51          push ecx
0044501A .  8D85 ECF4FFFF lea    eax, dword ptr [ebp-B14]
00445020 .  50          push eax
00445021 .  E8 EAA70500 call 0049F810
00445026 .  83C4 08    add    esp, 8
00445029 .  68 E4F84C00 push 004CF8E4                      ;  .dat
0044502E .  8D95 ECF4FFFF lea    edx, dword ptr [ebp-B14]
00445034 .  52          push edx
00445035 .  E8 D6A70500 call 0049F810
0044503A .  83C4 08    add    esp, 8
0044503D .  8D95 ECF4FFFF lea    edx, dword ptr [ebp-B14]
00445043 .  8D85 7CFFFFFF lea    eax, dword ptr [ebp-84]
00445049 .  E8 AE870600 call 004AD7FC
0044504E .  8BD0       mov    edx, eax
00445050 .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00445056 .  8D45 80    lea    eax, dword ptr [ebp-80]
00445059 .  E8 CA880600 call 004AD928
0044505E .  B2 01       mov    dl, 1
00445060 .  A1 9C8B4800 mov    eax, dword ptr [488B9C]
00445065 .  E8 CE0DFCFF call 00405E38
0044506A .  8BD8       mov    ebx, eax
0044506C .  BA E9F84C00 mov    edx, 004CF8E9
00445071 .  8D85 78FFFFFF lea    eax, dword ptr [ebp-88]
00445077 .  E8 80870600 call 004AD7FC
0044507C .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
00445082 .  8B10       mov    edx, dword ptr [eax]
00445084 .  8BC3       mov    eax, ebx
00445086 .  8B08       mov    ecx, dword ptr [eax]
00445088 .  FF51 34    call dword ptr [ecx+34]
0044508B .  8D96 04040000 lea    edx, dword ptr [esi+404]
00445091 .  8D85 74FFFFFF lea    eax, dword ptr [ebp-8C]
00445097 .  E8 60870600 call 004AD7FC
0044509C .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
004450A2 .  8B10       mov    edx, dword ptr [eax]
004450A4 .  8BC3       mov    eax, ebx
004450A6 .  8B08       mov    ecx, dword ptr [eax]
004450A8 .  FF51 34    call dword ptr [ecx+34]
004450AB .  8D96 19040000 lea    edx, dword ptr [esi+419]
004450B1 .  8D85 70FFFFFF lea    eax, dword ptr [ebp-90]
004450B7 .  E8 40870600 call 004AD7FC
004450BC .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
004450C2 .  8B10       mov    edx, dword ptr [eax]
004450C4 .  8BC3       mov    eax, ebx
004450C6 .  8B08       mov    ecx, dword ptr [eax]
004450C8 .  FF51 34    call dword ptr [ecx+34]
004450CB .  8D96 19050000 lea    edx, dword ptr [esi+519]
004450D1 .  8D85 6CFFFFFF lea    eax, dword ptr [ebp-94]
004450D7 .  E8 20870600 call 004AD7FC
004450DC .  FF85 54FFFFFF inc    dword ptr [ebp-AC]
004450E2 .  8B10       mov    edx, dword ptr [eax]
004450E4 .  8BC3       mov    eax, ebx
004450E6 .  8B08       mov    ecx, dword ptr [eax]
004450E8 .  FF51 34    call dword ptr [ecx+34]
004450EB .  8B45 80    mov    eax, dword ptr [ebp-80]
004450EE .  E8 01870600 call 004AD7F4
004450F3 .  8B55 80    mov    edx, dword ptr [ebp-80]
004450F6 .  8BC3       mov    eax, ebx
004450F8 .  8B08       mov    ecx, dword ptr [eax]
004450FA .  FF51 64    call dword ptr [ecx+64]
004450FD .  8BF3       mov    esi, ebx
004450FF .  89B5 64FFFFFF mov    dword ptr [ebp-9C], esi
00445105 .  85F6       test esi, esi
00445107 .  74 2A       je    short 00445133
00445109 .  8B06       mov    eax, dword ptr [esi]
0044510B .  8985 68FFFFFF mov    dword ptr [ebp-98], eax
00445111 .  66:C785 48FFF>mov    word ptr [ebp-B8], 128
0044511A .  BA 03000000 mov    edx, 3
0044511F .  8B85 64FFFFFF mov    eax, dword ptr [ebp-9C]
00445125 .  8B08       mov    ecx, dword ptr [eax]
00445127 .  FF51 FC    call dword ptr [ecx-4]
0044512A .  66:C785 48FFF>mov    word ptr [ebp-B8], 11C
00445133 >  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00445139 .  8D85 6CFFFFFF lea    eax, dword ptr [ebp-94]
0044513F .  BA 02000000 mov    edx, 2
00445144 .  E8 AF870600 call 004AD8F8
00445149 .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
0044514F .  8D85 70FFFFFF lea    eax, dword ptr [ebp-90]
00445155 .  BA 02000000 mov    edx, 2
0044515A .  E8 99870600 call 004AD8F8
0044515F .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00445165 .  8D85 74FFFFFF lea    eax, dword ptr [ebp-8C]
0044516B .  BA 02000000 mov    edx, 2
00445170 .  E8 83870600 call 004AD8F8
00445175 .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
0044517B .  8D85 78FFFFFF lea    eax, dword ptr [ebp-88]
00445181 .  BA 02000000 mov    edx, 2
00445186 .  E8 6D870600 call 004AD8F8
0044518B .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
00445191 .  8D85 7CFFFFFF lea    eax, dword ptr [ebp-84]
00445197 .  BA 02000000 mov    edx, 2
0044519C .  E8 57870600 call 004AD8F8
004451A1 .  FF8D 54FFFFFF dec    dword ptr [ebp-AC]
004451A7 .  8D45 80    lea    eax, dword ptr [ebp-80]
004451AA .  BA 02000000 mov    edx, 2
004451AF .  E8 44870600 call 004AD8F8
004451B4 .  66:C785 48FFF>mov    word ptr [ebp-B8], 110
004451BD .  66:C785 48FFF>mov    word ptr [ebp-B8], 134
004451C6 .  BA EAF84C00 mov    edx, 004CF8EA                   ;  注册失败2,请检查用户名和注册码是否都正确输入了
004451CB .  8D85 60FFFFFF lea    eax, dword ptr [ebp-A0]
004451D1 .^ E9 0CF9FFFF jmp    00444AE3

现在跟到注册成功，但那里看不明白重启验证怎么做的，他会在本身目录生成个文件,在C盘根目录还生成个,打开的时候好像，都要验证，具体怎么回事不明白，

[课程]Android-CTF解题方法汇总！

收藏・1

免费・0

支持

最新回复 (2)
Aker 雪币： 2134 活跃值： (14) 能力值： (RANK：170 ) 在线值：发帖 50 回帖 773 粉丝 3 关注私信	Aker 4 2 楼这么长的汇编码贴这里，估计没几个有耐心认真看下去 2010-11-22 23:27 0
tomken 雪币： 983 活跃值： (967) 能力值： ( LV2，RANK：10 ) 在线值：发帖 10 回帖 107 粉丝 1 关注私信	tomken 3 楼生成的文件后缀名是dat的，验证就是程序启动的时候读取dat中的内容来判断你输入注册码的正确性，当然dat的内容有加密的也有不加密的，全凭个人爱好 2010-12-6 21:08 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

zhendeaini

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
Aker 雪币： 2134 活跃值： (14) 能力值： (RANK：170 ) 在线值：发帖 50 回帖 773 粉丝 3 关注私信	Aker 4 2 楼这么长的汇编码贴这里，估计没几个有耐心认真看下去 2010-11-22 23:27 0
tomken 雪币： 983 活跃值： (967) 能力值： ( LV2，RANK：10 ) 在线值：发帖 10 回帖 107 粉丝 1 关注私信	tomken 3 楼生成的文件后缀名是dat的，验证就是程序启动的时候读取dat中的内容来判断你输入注册码的正确性，当然dat的内容有加密的也有不加密的，全凭个人爱好 2010-12-6 21:08 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复