-
-
[原创]菜鸟对一CrackMe的算法分析
-
发表于: 2011-3-2 22:13
-
这两天很烦,就随手拿了个CrakeMe来分析,是腾讯2008年那啥活动第一阶段的第二题。
看了下,是MFC程序,蛋疼,F12暂停法,从深深的堆栈中找到到了地方。(大家对MFC程序如何下断啊?求教!)
虽然用的是OD,但基本上都是静态分析,主要是不太会用IDA啊!
00403C81 |. 8945 F4 mov dword ptr [ebp-C], eax
00403C84 |. 8B55 F8 mov edx, dword ptr [ebp-8] ; 验证码
00403C87 |. 52 push edx
00403C88 |. 8B45 F4 mov eax, dword ptr [ebp-C] ; 用户名
00403C8B |. 50 push eax
00403C8C |. E8 82D4FFFF call 00401113 ; 关键函数
00403C91 |. 83C4 08 add esp, 8
00403C94 |. 5F pop edi
00403C95 |. 5E pop esi
跟入关键函数
此后有个判断CC断点和计算验校和的过程,此处略去
00403276 > /6A 0A push 0A ; /size = A (10.)
00403278 . |FF15 F8954000 call dword ptr [<&MSVCRT.malloc>] ; \malloc
0040327E . |83C4 04 add esp, 4
00403281 . |8985 FCFEFFFF mov dword ptr [ebp-104], eax
00403287 . |8B8D FCFEFFFF mov ecx, dword ptr [ebp-104]
0040328D . |C601 7D mov byte ptr [ecx], 7D
00403290 . |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
00403296 . |C642 01 7B mov byte ptr [edx+1], 7B
0040329A . |8B85 FCFEFFFF mov eax, dword ptr [ebp-104]
004032A0 . |C640 02 6D mov byte ptr [eax+2], 6D
004032A4 . |8B8D FCFEFFFF mov ecx, dword ptr [ebp-104]
004032AA . |C641 03 7A mov byte ptr [ecx+3], 7A
004032AE . |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
004032B4 . |C642 04 66 mov byte ptr [edx+4], 66
004032B8 . |8B85 FCFEFFFF mov eax, dword ptr [ebp-104]
004032BE . |C640 05 69 mov byte ptr [eax+5], 69
004032C2 . |8B8D FCFEFFFF mov ecx, dword ptr [ebp-104]
004032C8 . |C641 06 65 mov byte ptr [ecx+6], 65
004032CC . |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
004032D2 . |C642 07 6D mov byte ptr [edx+7], 6D
004032D6 . |8B85 FCFEFFFF mov eax, dword ptr [ebp-104]
004032DC . |C640 08 37 mov byte ptr [eax+8], 37
004032E0 . |8B8D FCFEFFFF mov ecx, dword ptr [ebp-104]
004032E6 . |C641 09 08 mov byte ptr [ecx+9], 8
004032EA . |C745 FC 00000>mov dword ptr [ebp-4], 0
004032F1 > |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
004032F7 . |52 push edx ; /s
004032F8 . |E8 8F100000 call <jmp.&MSVCRT.strlen> ; \strlen
004032FD . |83C4 04 add esp, 4
00403300 . |3945 FC cmp dword ptr [ebp-4], eax
00403303 . |73 24 jnb short 00403329
00403305 . |8B85 FCFEFFFF mov eax, dword ptr [ebp-104]
0040330B . |0345 FC add eax, dword ptr [ebp-4]
0040330E . |8A08 mov cl, byte ptr [eax]
00403310 . |80F1 08 xor cl, 8
00403313 . |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
00403319 . |0355 FC add edx, dword ptr [ebp-4]
0040331C . |880A mov byte ptr [edx], cl ; 堆中字符xor8
0040331E . |8B45 FC mov eax, dword ptr [ebp-4]
00403321 . |83C0 01 add eax, 1
00403324 . |8945 FC mov dword ptr [ebp-4], eax ; 堆中字符串最后为username?
00403327 .^|EB C8 jmp short 004032F1
00403329 > |8B4D 08 mov ecx, dword ptr [ebp+8]
0040332C . |51 push ecx ; /s
0040332D . |E8 5A100000 call <jmp.&MSVCRT.strlen> ; \strlen
00403332 . |83C4 04 add esp, 4 ; 用户名长度
00403335 . |83F8 0C cmp eax, 0C ; 为C
00403338 . |74 14 je short 0040334E
0040333A . |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
00403340 . |52 push edx
00403341 . |E8 7DDDFFFF call 004010C3 ; 失败
00403346 . |83C4 04 add esp, 4
00403349 . |E9 B6060000 jmp 00403A04
0040334E > |C745 FC 00000>mov dword ptr [ebp-4], 0
00403355 > |8B45 08 mov eax, dword ptr [ebp+8] ; eax指向用户名
00403358 . |50 push eax ; /s
00403359 . |E8 2E100000 call <jmp.&MSVCRT.strlen> ; \strlen
0040335E . |83C4 04 add esp, 4
00403361 . |3945 FC cmp dword ptr [ebp-4], eax ; eax用户名长度0c
00403364 . |73 3B jnb short 004033A1 ; 循环c次
00403366 . |8B4D 08 mov ecx, dword ptr [ebp+8]
00403369 . |034D FC add ecx, dword ptr [ebp-4]
0040336C . |0FBE11 movsx edx, byte ptr [ecx]
0040336F . |83FA 61 cmp edx, 61 ; 判断是否小写字母
00403372 . |7C 0E jl short 00403382 ; 跳了则失败
00403374 . |8B45 08 mov eax, dword ptr [ebp+8] ; 大于等于a
00403377 . |0345 FC add eax, dword ptr [ebp-4]
0040337A . |0FBE08 movsx ecx, byte ptr [eax]
0040337D . |83F9 7A cmp ecx, 7A
00403380 . |7C 14 jl short 00403396 ; 小于z
00403382 > |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
00403388 . |52 push edx
00403389 . |E8 35DDFFFF call 004010C3 ; 失败
0040338E . |83C4 04 add esp, 4
00403391 . |E9 6E060000 jmp 00403A04
00403396 > |8B45 FC mov eax, dword ptr [ebp-4] ; 是小写字母
00403399 . |83C0 01 add eax, 1
0040339C . |8945 FC mov dword ptr [ebp-4], eax
0040339F .^|EB B4 jmp short 00403355
004033A1 > |837D F8 0C cmp dword ptr [ebp-8], 0C ; for(j = 0;j < 12;j++)
004033A5 . |0F8D E5000000 jge 00403490
004033AB . |C745 FC 00000>mov dword ptr [ebp-4], 0 ; int i = 0;
004033B2 . |8B4D 08 mov ecx, dword ptr [ebp+8]
004033B5 . |8A11 mov dl, byte ptr [ecx]
004033B7 . |8895 F4FEFFFF mov byte ptr [ebp-10C], dl ; char MinChar = szName[0]
004033BD . |C785 F8FEFFFF>mov dword ptr [ebp-108], 0 ; int PositionOfMin = 0;
004033C7 > |8B45 08 mov eax, dword ptr [ebp+8]
004033CA . |50 push eax ; /s
004033CB . |E8 BC0F0000 call <jmp.&MSVCRT.strlen> ; \strlen
004033D0 . |83C4 04 add esp, 4
004033D3 . |83E8 01 sub eax, 1
004033D6 . |3945 FC cmp dword ptr [ebp-4], eax ; for(i = 0;i < strlen(szName)-1;i++)
004033D9 . |73 7F jnb short 0040345A
004033DB . |0FBE8D F4FEFF>movsx ecx, byte ptr [ebp-10C] ; 当前最小字母
004033E2 . |8B55 08 mov edx, dword ptr [ebp+8] ; 用户名
004033E5 . |0355 FC add edx, dword ptr [ebp-4]
004033E8 . |0FBE42 01 movsx eax, byte ptr [edx+1] ; 用户名中后一个字母
004033EC . |33D2 xor edx, edx
004033EE . |3BC8 cmp ecx, eax ; if(MinChar == szName[i+1])
004033F0 . |0F94C2 sete dl ; 用户名之后一个字母不能与当前最小字母相等
004033F3 . |0FBE85 F4FEFF>movsx eax, byte ptr [ebp-10C]
004033FA . |33C9 xor ecx, ecx
004033FC . |83F8 7A cmp eax, 7A ; if(MinChar != 'z')
004033FF . |0F95C1 setne cl
00403402 . |23D1 and edx, ecx
00403404 . |85D2 test edx, edx
00403406 . |74 14 je short 0040341C ; if((MinChar == szName[i+1])&&(MinChar != 'z'))
00403408 . |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
0040340E . |52 push edx
0040340F . |E8 AFDCFFFF call 004010C3
00403414 . |83C4 04 add esp, 4
00403417 . |E9 E8050000 jmp 00403A04
0040341C > |0FBE85 F4FEFF>movsx eax, byte ptr [ebp-10C] ; 当前最小字母
00403423 . |8B4D 08 mov ecx, dword ptr [ebp+8]
00403426 . |034D FC add ecx, dword ptr [ebp-4]
00403429 . |0FBE51 01 movsx edx, byte ptr [ecx+1]
0040342D . |3BC2 cmp eax, edx ; 判断后一个字母是否是当前最小
0040342F . |7E 1B jle short 0040344C ; if(MinChar <= szName[i+1])
00403431 . |8B45 08 mov eax, dword ptr [ebp+8]
00403434 . |0345 FC add eax, dword ptr [ebp-4]
00403437 . |8A48 01 mov cl, byte ptr [eax+1]
0040343A . |888D F4FEFFFF mov byte ptr [ebp-10C], cl ; MinChar = szName[i+1]
00403440 . |8B55 FC mov edx, dword ptr [ebp-4]
00403443 . |83C2 01 add edx, 1
00403446 . |8995 F8FEFFFF mov dword ptr [ebp-108], edx ; PositionOfMin = i+1;
0040344C > |8B45 FC mov eax, dword ptr [ebp-4]
0040344F . |83C0 01 add eax, 1
00403452 . |8945 FC mov dword ptr [ebp-4], eax ; i++
00403455 .^|E9 6DFFFFFF jmp 004033C7
0040345A > |8B8D F8FEFFFF mov ecx, dword ptr [ebp-108] ; 最小字母位置
00403460 . |8B55 F8 mov edx, dword ptr [ebp-8]
00403463 . |89548D C8 mov dword ptr [ebp+ecx*4-38], edx ; order[PositionOfMin] = j
00403467 . |8B45 08 mov eax, dword ptr [ebp+8]
0040346A . |0385 F8FEFFFF add eax, dword ptr [ebp-108]
00403470 . |C600 7A mov byte ptr [eax], 7A ; szName[PositionOfMin] = 'z';
00403473 . |8B4D F8 mov ecx, dword ptr [ebp-8]
00403476 . |83C1 01 add ecx, 1
00403479 . |894D F8 mov dword ptr [ebp-8], ecx ; j++
0040347C . |8B95 64FFFFFF mov edx, dword ptr [ebp-9C]
00403482 . |83C2 01 add edx, 1
00403485 . |8995 64FFFFFF mov dword ptr [ebp-9C], edx ; k++
0040348B .^|E9 11FFFFFF jmp 004033A1
00403490 > |C685 ECFEFFFF>mov byte ptr [ebp-114], 7F ; ebp-114为堆栈中构造的字符串
00403497 . |C685 EDFEFFFF>mov byte ptr [ebp-113], 7A
0040349E . |C685 EEFEFFFF>mov byte ptr [ebp-112], 67
004034A5 . |C685 EFFEFFFF>mov byte ptr [ebp-111], 66
004034AC . |C685 F0FEFFFF>mov byte ptr [ebp-110], 6F
004034B3 . |C685 F1FEFFFF>mov byte ptr [ebp-10F], 29
004034BA . |C685 F2FEFFFF>mov byte ptr [ebp-10E], 8
004034C1 . |C745 FC 00000>mov dword ptr [ebp-4], 0
004034C8 > |8D85 ECFEFFFF lea eax, dword ptr [ebp-114] ; 构造一个"wrong!"字符串
004034CE . |50 push eax ; /s
004034CF . |E8 B80E0000 call <jmp.&MSVCRT.strlen> ; \strlen
004034D4 . |83C4 04 add esp, 4
004034D7 . |3945 FC cmp dword ptr [ebp-4], eax
004034DA . |73 22 jnb short 004034FE
004034DC . |8B4D FC mov ecx, dword ptr [ebp-4]
004034DF . |8A940D ECFEFF>mov dl, byte ptr [ebp+ecx-114]
004034E6 . |80F2 08 xor dl, 8
004034E9 . |8B45 FC mov eax, dword ptr [ebp-4]
004034EC . |889405 ECFEFF>mov byte ptr [ebp+eax-114], dl
004034F3 . |8B4D FC mov ecx, dword ptr [ebp-4]
004034F6 . |83C1 01 add ecx, 1
004034F9 . |894D FC mov dword ptr [ebp-4], ecx
004034FC .^|EB CA jmp short 004034C8 ; 将字符串每个字符与8做xor运算
004034FE > |8B55 FC mov edx, dword ptr [ebp-4]
00403501 . |C68415 ECFEFF>mov byte ptr [ebp+edx-114], 0 ; ebp-114:char szWrong = "Wrong!"
00403509 . |83BD 64FFFFFF>cmp dword ptr [ebp-9C], 0C
00403510 . |7D 10 jge short 00403522 ; if(k>=12)
00403512 . |8D85 ECFEFFFF lea eax, dword ptr [ebp-114]
00403518 . |50 push eax
00403519 . |E8 A5DBFFFF call 004010C3
0040351E . |83C4 04 add esp, 4
00403521 . |C3 retn
00403522 > |C685 E0FEFFFF>mov byte ptr [ebp-120], 63
00403529 . |C685 E1FEFFFF>mov byte ptr [ebp-11F], 6D
00403530 . |C685 E2FEFFFF>mov byte ptr [ebp-11E], 71
00403537 . |C685 E3FEFFFF>mov byte ptr [ebp-11D], 37
0040353E . |C685 E4FEFFFF>mov byte ptr [ebp-11C], 8
00403545 . |C745 FC 00000>mov dword ptr [ebp-4], 0
0040354C > |8D8D E0FEFFFF lea ecx, dword ptr [ebp-120] ; 构造一个"key?"字符串
00403552 . |51 push ecx ; /s
00403553 . |E8 340E0000 call <jmp.&MSVCRT.strlen> ; \strlen
00403558 . |83C4 04 add esp, 4
0040355B . |3945 FC cmp dword ptr [ebp-4], eax
0040355E . |73 21 jnb short 00403581
00403560 . |8B55 FC mov edx, dword ptr [ebp-4]
00403563 . |8A8415 E0FEFF>mov al, byte ptr [ebp+edx-120]
0040356A . |34 08 xor al, 8
0040356C . |8B4D FC mov ecx, dword ptr [ebp-4]
0040356F . |88840D E0FEFF>mov byte ptr [ebp+ecx-120], al
00403576 . |8B55 FC mov edx, dword ptr [ebp-4]
00403579 . |83C2 01 add edx, 1
0040357C . |8955 FC mov dword ptr [ebp-4], edx
0040357F .^|EB CB jmp short 0040354C
00403581 > |8B45 FC mov eax, dword ptr [ebp-4]
00403584 . |C68405 E0FEFF>mov byte ptr [ebp+eax-120], 0 ; ebp-120:char szKeyInfo = "Key?"
0040358C . |8B4D 0C mov ecx, dword ptr [ebp+C]
0040358F . |51 push ecx ; /s
00403590 . |E8 F70D0000 call <jmp.&MSVCRT.strlen> ; \strlen
00403595 . |83C4 04 add esp, 4
00403598 . |83F8 35 cmp eax, 35 ; 验证码长度要大于等于0x35
0040359B . |73 14 jnb short 004035B1 ; if(lstrlen(szKey) >= 53)
0040359D . |8D95 E0FEFFFF lea edx, dword ptr [ebp-120]
004035A3 . |52 push edx
004035A4 . |E8 1ADBFFFF call 004010C3
004035A9 . |83C4 04 add esp, 4
004035AC . |E9 53040000 jmp 00403A04
004035B1 > |C745 FC 00000>mov dword ptr [ebp-4], 0 ; int i =0;
004035B8 > |8B45 0C mov eax, dword ptr [ebp+C] ; for(i = 0;i < lstrlen(szKey);i++)
004035BB . |50 push eax ; /s
004035BC . |E8 CB0D0000 call <jmp.&MSVCRT.strlen> ; \strlen
004035C1 . |83C4 04 add esp, 4
004035C4 . |3945 FC cmp dword ptr [ebp-4], eax
004035C7 . |73 42 jnb short 0040360B
004035C9 . |8B4D 0C mov ecx, dword ptr [ebp+C]
004035CC . |034D FC add ecx, dword ptr [ebp-4]
004035CF . |0FBE11 movsx edx, byte ptr [ecx]
004035D2 . |83EA 30 sub edx, 30
004035D5 . |8B45 FC mov eax, dword ptr [ebp-4]
004035D8 . |899485 50FDFF>mov dword ptr [ebp+eax*4-2B0], edx ; ebp-2b0:int *nKey;nKey[i] = szKey[i]-0x30
004035DF . |8B4D FC mov ecx, dword ptr [ebp-4]
004035E2 . |83C1 01 add ecx, 1
004035E5 . |894D FC mov dword ptr [ebp-4], ecx
004035E8 . |8B55 FC mov edx, dword ptr [ebp-4]
004035EB . |83BC95 4CFDFF>cmp dword ptr [ebp+edx*4-2B4], 3 ; 第n个字符是否小于等于3
004035F3 . |7E 14 jle short 00403609 ; if(nKey[i] <= 3)
004035F5 . |8D85 E0FEFFFF lea eax, dword ptr [ebp-120]
004035FB . |50 push eax
004035FC . |E8 C2DAFFFF call 004010C3
00403601 . |83C4 04 add esp, 4
00403604 . |E9 FB030000 jmp 00403A04
00403609 >^|EB AD jmp short 004035B8
0040360B > |C685 18FFFFFF>mov byte ptr [ebp-E8], 0 ; 给in字符串末尾舔0'
00403612 . |8D4D C8 lea ecx, dword ptr [ebp-38] ; 用户名字符大小顺序的数组
00403615 . |51 push ecx
00403616 . |8D95 00FFFFFF lea edx, dword ptr [ebp-100] ; char in[28]
0040361C . |52 push edx
0040361D . |8D85 50FDFFFF lea eax, dword ptr [ebp-2B0] ; 验证码大小数组
00403623 . |50 push eax
00403624 . |E8 5EDAFFFF call 00401087 ; SomeFunc(nKey,in,order);
这里又有一个关键函数,跟入
004022A0 /> \55 push ebp
004022A1 |. 8BEC mov ebp, esp
004022A3 |. 81EC 64010000 sub esp, 164
004022A9 |. 53 push ebx
004022AA |. 56 push esi
004022AB |. 57 push edi
004022AC |. C745 FC 00000>mov dword ptr [ebp-4], 0 ; int i = 0;
004022B3 |. C745 F8 00000>mov dword ptr [ebp-8], 0 ; int j = 0;
004022BA |. C745 F4 00000>mov dword ptr [ebp-C], 0 ; int s = 0;
004022C1 |. C745 F0 00000>mov dword ptr [ebp-10], 0 ; int t = 0;
004022C8 |> 837D FC 0C /cmp dword ptr [ebp-4], 0C ; ebp-40:int SomeData[12]
004022CC |. 7D 16 |jge short 004022E4 ; if(i < 12)
004022CE |. 8B45 FC |mov eax, dword ptr [ebp-4]
004022D1 |. C74485 C0 1E0>|mov dword ptr [ebp+eax*4-40], 1E ; SomeData[i] = 30;
004022D9 |. 8B4D FC |mov ecx, dword ptr [ebp-4]
004022DC |. 83C1 01 |add ecx, 1
004022DF |. 894D FC |mov dword ptr [ebp-4], ecx ; i++;
004022E2 |.^ EB E4 \jmp short 004022C8
004022E4 |> C785 FCFEFFFF>mov dword ptr [ebp-104], 0 ; int str[0] = 0;
004022EE |. C785 F8FEFFFF>mov dword ptr [ebp-108], 0 ; int str[1] = 0;
004022F8 |. 8B55 08 mov edx, dword ptr [ebp+8] ; 验证码数组
004022FB |. 833A 00 cmp dword ptr [edx], 0
004022FE |. 7E 11 jle short 00402311 ; if(nKey[0] <= 0)
00402300 |. 8B4D 08 mov ecx, dword ptr [ebp+8]
00402303 |. B8 0C000000 mov eax, 0C
00402308 |. 99 cdq
00402309 |. F739 idiv dword ptr [ecx]
0040230B |. 8985 FCFEFFFF mov dword ptr [ebp-104], eax ; str[0] = 12/nKey[0];
00402311 |> C785 F4FEFFFF>mov dword ptr [ebp-10C], 0 ; str[2] = 0;
0040231B |> 83BD F8FEFFFF>/cmp dword ptr [ebp-108], 2
00402322 |. 0F8D F90B0000 |jge 00402F21 ; if(str[1] >= 2)
00402328 |. 83BD F4FEFFFF>|cmp dword ptr [ebp-10C], 0
0040232F |. 7E 15 |jle short 00402346 ; if(str[2] <= 0)
00402331 |. 8B95 F4FEFFFF |mov edx, dword ptr [ebp-10C]
00402337 |. 8B45 10 |mov eax, dword ptr [ebp+10]
0040233A |. 8B4C90 FC |mov ecx, dword ptr [eax+edx*4-4]
0040233E |. C7448D C0 1E0>|mov dword ptr [ebp+ecx*4-40], 1E ; SomeData[order[str[2]-1]] = 30
00402346 |> C785 F4FEFFFF>|mov dword ptr [ebp-10C], 0 ; str[2] = 0;
00402350 |> 83BD F4FEFFFF>|/cmp dword ptr [ebp-10C], 0C
00402357 |. 0F8D B00B0000 ||jge 00402F0D ; if(str[2] >= 12)
0040235D |. 83BD F4FEFFFF>||cmp dword ptr [ebp-10C], 0
00402364 |. 7E 15 ||jle short 0040237B ; if(str[2] <= 0)
00402366 |. 8B95 F4FEFFFF ||mov edx, dword ptr [ebp-10C]
0040236C |. 8B45 10 ||mov eax, dword ptr [ebp+10]
0040236F |. 8B4C90 FC ||mov ecx, dword ptr [eax+edx*4-4]
00402373 |. C7448D C0 1E0>||mov dword ptr [ebp+ecx*4-40], 1E ; SomeData[order[str[2]-1]] = 30;
0040237B |> 83BD F8FEFFFF>||cmp dword ptr [ebp-108], 0
00402382 |. 75 23 ||jnz short 004023A7 ; if(str[1] != 0)
00402384 |. 8B95 F4FEFFFF ||mov edx, dword ptr [ebp-10C]
0040238A |. 8B45 10 ||mov eax, dword ptr [ebp+10]
0040238D |. 8B0C90 ||mov ecx, dword ptr [eax+edx*4]
00402390 |. C7448D C0 280>||mov dword ptr [ebp+ecx*4-40], 28 ; SomeData[order[str[2]]] = 40;
00402398 |. 8B95 F4FEFFFF ||mov edx, dword ptr [ebp-10C]
0040239E |. 83C2 01 ||add edx, 1
004023A1 |. 8995 F4FEFFFF ||mov dword ptr [ebp-10C], edx ; str[2] += 1;
004023A7 |> 83BD F8FEFFFF>||cmp dword ptr [ebp-108], 1
004023AE |. 75 23 ||jnz short 004023D3 ; if(str[1] != 1)
004023B0 |. 8B85 F4FEFFFF ||mov eax, dword ptr [ebp-10C]
004023B6 |. 8B4D 10 ||mov ecx, dword ptr [ebp+10]
004023B9 |. 8B1481 ||mov edx, dword ptr [ecx+eax*4]
004023BC |. C74495 C0 140>||mov dword ptr [ebp+edx*4-40], 14 ; SomeData[order[str[2]]] = 20
004023C4 |. 8B85 F4FEFFFF ||mov eax, dword ptr [ebp-10C]
004023CA |. 83C0 01 ||add eax, 1
004023CD |. 8985 F4FEFFFF ||mov dword ptr [ebp-10C], eax ; str[2] += 1;
004023D3 |> C745 FC 00000>||mov dword ptr [ebp-4], 0 ; i = 0;
004023DA |. C745 F4 00000>||mov dword ptr [ebp-C], 0 ; s = 0;
004023E1 |. C745 FC 00000>||mov dword ptr [ebp-4], 0
004023E8 |. EB 09 ||jmp short 004023F3
004023EA |> 8B4D FC ||/mov ecx, dword ptr [ebp-4]
004023ED |. 83C1 01 |||add ecx, 1
004023F0 |. 894D FC |||mov dword ptr [ebp-4], ecx ; i += 1;
004023F3 |> 8B55 08 || mov edx, dword ptr [ebp+8]
004023F6 |. 8B45 FC |||mov eax, dword ptr [ebp-4]
004023F9 |. 3B02 |||cmp eax, dword ptr [edx]
004023FB |. 7D 4B |||jge short 00402448 ; if(i >= nKey[0])
004023FD |. C745 F8 00000>|||mov dword ptr [ebp-8], 0 ; j = 0;
00402404 |. C745 F8 00000>|||mov dword ptr [ebp-8], 0
0040240B |. EB 09 |||jmp short 00402416
0040240D |> 8B4D F8 |||/mov ecx, dword ptr [ebp-8]
00402410 |. 83C1 01 ||||add ecx, 1
00402413 |. 894D F8 ||||mov dword ptr [ebp-8], ecx ; j += 1;
00402416 |> 8B55 F8 ||| mov edx, dword ptr [ebp-8]
00402419 |. 3B95 FCFEFFFF ||||cmp edx, dword ptr [ebp-104]
0040241F |. 7D 25 ||||jge short 00402446 ; if(j >= str[0])
00402421 |. 8B45 F4 ||||mov eax, dword ptr [ebp-C]
00402424 |. 8B4C85 C0 ||||mov ecx, dword ptr [ebp+eax*4-40>; SomeData[s]
00402428 |. 8B55 FC ||||mov edx, dword ptr [ebp-4]
0040242B |. C1E2 04 ||||shl edx, 4
0040242E |. 8D8415 00FFFF>||||lea eax, dword ptr [ebp+edx-100]
00402435 |. 8B55 F8 ||||mov edx, dword ptr [ebp-8]
00402438 |. 890C90 ||||mov dword ptr [eax+edx*4], ecx ; SomeOtherData[4*i+j] = SomeData[s];
0040243B |. 8B45 F4 ||||mov eax, dword ptr [ebp-C]
0040243E |. 83C0 01 ||||add eax, 1
00402441 |. 8945 F4 ||||mov dword ptr [ebp-C], eax ; s += 1;
00402444 |.^ EB C7 |||\jmp short 0040240D
00402446 |>^ EB A2 ||\jmp short 004023EA
00402448 |> C785 F0FEFFFF>||mov dword ptr [ebp-110], 0 ; str[3] = 0;
00402452 |. C785 ECFEFFFF>||mov dword ptr [ebp-114], 0 ; str[4] = 0;
0040245C |. C745 FC 00000>||mov dword ptr [ebp-4], 0 ; i = 0;
00402463 |> 8B4D FC ||/mov ecx, dword ptr [ebp-4]
00402466 |. 3B8D FCFEFFFF |||cmp ecx, dword ptr [ebp-104]
0040246C |. 7D 4F |||jge short 004024BD ; if(i >= str[0])
0040246E |. 8B55 08 |||mov edx, dword ptr [ebp+8]
00402471 |. 8B42 04 |||mov eax, dword ptr [edx+4]
00402474 |. C1E0 04 |||shl eax, 4
00402477 |. 8D8C05 00FFFF>|||lea ecx, dword ptr [ebp+eax-100]
0040247E |. 8B55 FC |||mov edx, dword ptr [ebp-4]
00402481 |. 8B85 F0FEFFFF |||mov eax, dword ptr [ebp-110]
00402487 |. 030491 |||add eax, dword ptr [ecx+edx*4] ; SomeOtherData[4*nKey[1]+i]
0040248A |. 8985 F0FEFFFF |||mov dword ptr [ebp-110], eax ; str[3] = str[3]+SomeOtherData[4*nKey[1]+i]
00402490 |. 8B4D 08 |||mov ecx, dword ptr [ebp+8]
00402493 |. 8B51 08 |||mov edx, dword ptr [ecx+8]
00402496 |. C1E2 04 |||shl edx, 4
00402499 |. 8D8415 00FFFF>|||lea eax, dword ptr [ebp+edx-100]
004024A0 |. 8B4D FC |||mov ecx, dword ptr [ebp-4]
004024A3 |. 8B95 ECFEFFFF |||mov edx, dword ptr [ebp-114]
004024A9 |. 031488 |||add edx, dword ptr [eax+ecx*4]
004024AC |. 8995 ECFEFFFF |||mov dword ptr [ebp-114], edx ; str[4] = str[4]+SomeOtherData[4*nKey[2]+i]
004024B2 |. 8B45 FC |||mov eax, dword ptr [ebp-4]
004024B5 |. 83C0 01 |||add eax, 1
004024B8 |. 8945 FC |||mov dword ptr [ebp-4], eax ; i += 1;
004024BB |.^ EB A6 ||\jmp short 00402463
004024BD |> 8B8D F0FEFFFF ||mov ecx, dword ptr [ebp-110]
004024C3 |. 3B8D ECFEFFFF ||cmp ecx, dword ptr [ebp-114]
004024C9 |. 0F85 EA000000 ||jnz 004025B9 ; if(str[3] != str[4])
004024CF |. 8B55 08 ||mov edx, dword ptr [ebp+8]
004024D2 |. 8B42 0C ||mov eax, dword ptr [edx+C]
004024D5 |. C1E0 04 ||shl eax, 4
004024D8 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
004024DF |. 8B55 08 ||mov edx, dword ptr [ebp+8]
004024E2 |. 8B42 10 ||mov eax, dword ptr [edx+10]
004024E5 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
004024E8 |. 8B52 14 ||mov edx, dword ptr [edx+14]
004024EB |. C1E2 04 ||shl edx, 4
004024EE |. 8D9415 00FFFF>||lea edx, dword ptr [ebp+edx-100]
004024F5 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
004024F8 |. 8B76 18 ||mov esi, dword ptr [esi+18]
004024FB |. 8B0481 ||mov eax, dword ptr [ecx+eax*4]
004024FE |. 3B04B2 ||cmp eax, dword ptr [edx+esi*4]
00402501 |. 75 5C ||jnz short 0040255F ; if(SomeOtherData[4*nKey[3]+nKey[4]] != SomeOtherData[4*nKey[5]+nKey[6]]
00402503 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402506 |. 8B51 1C ||mov edx, dword ptr [ecx+1C]
00402509 |. C1E2 04 ||shl edx, 4
0040250C |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402513 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402516 |. 8B51 20 ||mov edx, dword ptr [ecx+20]
00402519 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
0040251C |. 8B49 24 ||mov ecx, dword ptr [ecx+24]
0040251F |. C1E1 04 ||shl ecx, 4
00402522 |. 8D8C0D 00FFFF>||lea ecx, dword ptr [ebp+ecx-100]
00402529 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
0040252C |. 8B76 28 ||mov esi, dword ptr [esi+28]
0040252F |. 8B1490 ||mov edx, dword ptr [eax+edx*4]
00402532 |. 3B14B1 ||cmp edx, dword ptr [ecx+esi*4]
00402535 |. 75 14 ||jnz short 0040254B ; if(SomeOtherData[4*nKey[7]+nKey[8] != SomeOtherData[4*nKey[9]+nKey[10]])
00402537 |. 8B45 0C ||mov eax, dword ptr [ebp+C]
0040253A |. 0345 F0 ||add eax, dword ptr [ebp-10]
0040253D |. C600 6C ||mov byte ptr [eax], 6C ; in[t] = 'l';
00402540 |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
00402543 |. 83C1 01 ||add ecx, 1
00402546 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t += 1;
00402549 |. EB 12 ||jmp short 0040255D
0040254B |> 8B55 0C ||mov edx, dword ptr [ebp+C]
0040254E |. 0355 F0 ||add edx, dword ptr [ebp-10]
00402551 |. C602 6B ||mov byte ptr [edx], 6B ; in[t] = 'k';
00402554 |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
00402557 |. 83C0 01 ||add eax, 1
0040255A |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t += 1;
0040255D |> EB 5A ||jmp short 004025B9
0040255F |> 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402562 |. 8B51 1C ||mov edx, dword ptr [ecx+1C]
00402565 |. C1E2 04 ||shl edx, 4
00402568 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
0040256F |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402572 |. 8B51 20 ||mov edx, dword ptr [ecx+20]
00402575 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402578 |. 8B49 24 ||mov ecx, dword ptr [ecx+24]
0040257B |. C1E1 04 ||shl ecx, 4
0040257E |. 8D8C0D 00FFFF>||lea ecx, dword ptr [ebp+ecx-100]
00402585 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402588 |. 8B76 28 ||mov esi, dword ptr [esi+28]
0040258B |. 8B1490 ||mov edx, dword ptr [eax+edx*4]
0040258E |. 3B14B1 ||cmp edx, dword ptr [ecx+esi*4]
00402591 |. 75 14 ||jnz short 004025A7 ; if(SomeOtherData[4*nKey[7]+nKey[8]] != SomeOtherData[4*nKey[9]+nKey[10]])
00402593 |. 8B45 0C ||mov eax, dword ptr [ebp+C]
00402596 |. 0345 F0 ||add eax, dword ptr [ebp-10]
00402599 |. C600 6A ||mov byte ptr [eax], 6A ; in[t] = 'j';
0040259C |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
0040259F |. 83C1 01 ||add ecx, 1
004025A2 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t += 1;
004025A5 |. EB 12 ||jmp short 004025B9
004025A7 |> 8B55 0C ||mov edx, dword ptr [ebp+C]
004025AA |. 0355 F0 ||add edx, dword ptr [ebp-10]
004025AD |. C602 69 ||mov byte ptr [edx], 69 ; in[t] = 'i';
004025B0 |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
004025B3 |. 83C0 01 ||add eax, 1
004025B6 |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t += 1;
004025B9 |> 8B8D F0FEFFFF ||mov ecx, dword ptr [ebp-110]
004025BF |. 3B8D ECFEFFFF ||cmp ecx, dword ptr [ebp-114]
004025C5 |. 0F8E 91040000 ||jle 00402A5C ; if(str[3] <= str[4])
004025CB |. C745 FC 00000>||mov dword ptr [ebp-4], 0 ; i = 0;
004025D2 |. C785 E8FEFFFF>||mov dword ptr [ebp-118], 0 ; str[5] = 0;
004025DC |. C785 E4FEFFFF>||mov dword ptr [ebp-11C], 0 ; str[6] = 0;
004025E6 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
004025E9 |. 8B42 30 ||mov eax, dword ptr [edx+30]
004025EC |. C1E0 04 ||shl eax, 4
004025EF |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
004025F6 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
004025F9 |. 8B42 34 ||mov eax, dword ptr [edx+34]
004025FC |. 8B0C81 ||mov ecx, dword ptr [ecx+eax*4]
004025FF |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402602 |. 8B42 04 ||mov eax, dword ptr [edx+4]
00402605 |. C1E0 04 ||shl eax, 4
00402608 |. 8D9405 00FFFF>||lea edx, dword ptr [ebp+eax-100]
0040260F |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402612 |. 8B40 2C ||mov eax, dword ptr [eax+2C]
00402615 |. 890C82 ||mov dword ptr [edx+eax*4], ecx ; SomeOtherData[4*nKey[1]+nKey[11]] = SomeOtherData[4*nKey[12]+nKey[13]];
00402618 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
0040261B |. 8B51 3C ||mov edx, dword ptr [ecx+3C]
0040261E |. C1E2 04 ||shl edx, 4
00402621 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402628 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
0040262B |. 8B51 40 ||mov edx, dword ptr [ecx+40]
0040262E |. 8B0490 ||mov eax, dword ptr [eax+edx*4]
00402631 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402634 |. 8B51 04 ||mov edx, dword ptr [ecx+4]
00402637 |. C1E2 04 ||shl edx, 4
0040263A |. 8D8C15 00FFFF>||lea ecx, dword ptr [ebp+edx-100]
00402641 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402644 |. 8B52 38 ||mov edx, dword ptr [edx+38]
00402647 |. 890491 ||mov dword ptr [ecx+edx*4], eax ; SOD[4*nKey[1]+nKey[14]] = SOD[4*nKey[15]+nKey[16]];
0040264A |. 8B45 08 ||mov eax, dword ptr [ebp+8]
0040264D |. 8B48 48 ||mov ecx, dword ptr [eax+48]
00402650 |. C1E1 04 ||shl ecx, 4
00402653 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
0040265A |. 8B45 08 ||mov eax, dword ptr [ebp+8]
0040265D |. 8B48 4C ||mov ecx, dword ptr [eax+4C]
00402660 |. 8B148A ||mov edx, dword ptr [edx+ecx*4]
00402663 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402666 |. 8B48 04 ||mov ecx, dword ptr [eax+4]
00402669 |. C1E1 04 ||shl ecx, 4
0040266C |. 8D840D 00FFFF>||lea eax, dword ptr [ebp+ecx-100]
00402673 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402676 |. 8B49 44 ||mov ecx, dword ptr [ecx+44]
00402679 |. 891488 ||mov dword ptr [eax+ecx*4], edx ; SOD[4*nKey[1]+nKey[17]] = SOD[4*nKey[18]+nKey[19]]
0040267C |. 8B55 08 ||mov edx, dword ptr [ebp+8]
0040267F |. 8B42 54 ||mov eax, dword ptr [edx+54]
00402682 |. C1E0 04 ||shl eax, 4
00402685 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
0040268C |. 8B55 08 ||mov edx, dword ptr [ebp+8]
0040268F |. 8B42 58 ||mov eax, dword ptr [edx+58]
00402692 |. 8B0C81 ||mov ecx, dword ptr [ecx+eax*4]
00402695 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402698 |. 8B42 08 ||mov eax, dword ptr [edx+8]
0040269B |. C1E0 04 ||shl eax, 4
0040269E |. 8D9405 00FFFF>||lea edx, dword ptr [ebp+eax-100]
004026A5 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004026A8 |. 8B40 50 ||mov eax, dword ptr [eax+50]
004026AB |. 890C82 ||mov dword ptr [edx+eax*4], ecx ; SOD[4*nKey[2]+nKey[20]] = SOD[4*nKey[21]+nKey[22]];
004026AE |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
004026B1 |. 8B51 60 ||mov edx, dword ptr [ecx+60]
004026B4 |. C1E2 04 ||shl edx, 4
004026B7 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
004026BE |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
004026C1 |. 8B51 64 ||mov edx, dword ptr [ecx+64]
004026C4 |. 8B0490 ||mov eax, dword ptr [eax+edx*4]
004026C7 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
004026CA |. 8B51 08 ||mov edx, dword ptr [ecx+8]
004026CD |. C1E2 04 ||shl edx, 4
004026D0 |. 8D8C15 00FFFF>||lea ecx, dword ptr [ebp+edx-100]
004026D7 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
004026DA |. 8B52 5C ||mov edx, dword ptr [edx+5C]
004026DD |. 890491 ||mov dword ptr [ecx+edx*4], eax ; SOD[4*nKey[2]+nKey[23]] = SOD[4*nKey[24]+nKey[25]];
004026E0 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004026E3 |. 8B48 6C ||mov ecx, dword ptr [eax+6C]
004026E6 |. C1E1 04 ||shl ecx, 4
004026E9 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
004026F0 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004026F3 |. 8B48 70 ||mov ecx, dword ptr [eax+70]
004026F6 |. 8B148A ||mov edx, dword ptr [edx+ecx*4]
004026F9 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004026FC |. 8B48 08 ||mov ecx, dword ptr [eax+8]
004026FF |. C1E1 04 ||shl ecx, 4
00402702 |. 8D840D 00FFFF>||lea eax, dword ptr [ebp+ecx-100]
00402709 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
0040270C |. 8B49 68 ||mov ecx, dword ptr [ecx+68]
0040270F |. 891488 ||mov dword ptr [eax+ecx*4], edx ; SOD[4*nKey[2]+nKey[26]] = SOD[4*nKey[27]+nKey[28]];
00402712 |> 8B55 FC ||/mov edx, dword ptr [ebp-4]
00402715 |. 3B95 FCFEFFFF |||cmp edx, dword ptr [ebp-104]
0040271B |. 7D 4F |||jge short 0040276C ; if(i >= str[1])
0040271D |. 8B45 08 |||mov eax, dword ptr [ebp+8]
00402720 |. 8B48 04 |||mov ecx, dword ptr [eax+4]
00402723 |. C1E1 04 |||shl ecx, 4
00402726 |. 8D940D 00FFFF>|||lea edx, dword ptr [ebp+ecx-100]
0040272D |. 8B45 FC |||mov eax, dword ptr [ebp-4]
00402730 |. 8B8D E8FEFFFF |||mov ecx, dword ptr [ebp-118]
00402736 |. 030C82 |||add ecx, dword ptr [edx+eax*4]
00402739 |. 898D E8FEFFFF |||mov dword ptr [ebp-118], ecx ; str[5] += SomeOtherData[4*nKey[1]+i];
0040273F |. 8B55 08 |||mov edx, dword ptr [ebp+8]
00402742 |. 8B42 08 |||mov eax, dword ptr [edx+8]
00402745 |. C1E0 04 |||shl eax, 4
00402748 |. 8D8C05 00FFFF>|||lea ecx, dword ptr [ebp+eax-100]
0040274F |. 8B55 FC |||mov edx, dword ptr [ebp-4]
00402752 |. 8B85 E4FEFFFF |||mov eax, dword ptr [ebp-11C]
00402758 |. 030491 |||add eax, dword ptr [ecx+edx*4] ; str[6] += SomeOtherData[4*nKey[2]+i];
0040275B |. 8985 E4FEFFFF |||mov dword ptr [ebp-11C], eax
00402761 |. 8B4D FC |||mov ecx, dword ptr [ebp-4]
00402764 |. 83C1 01 |||add ecx, 1
00402767 |. 894D FC |||mov dword ptr [ebp-4], ecx ; i++
0040276A |.^ EB A6 ||\jmp short 00402712
0040276C |> 8B95 E8FEFFFF ||mov edx, dword ptr [ebp-118]
00402772 |. 3B95 E4FEFFFF ||cmp edx, dword ptr [ebp-11C]
00402778 |. 7E 5D ||jle short 004027D7 ; if(str[5] <= str[6])
0040277A |. 8B45 08 ||mov eax, dword ptr [ebp+8]
0040277D |. 8B48 74 ||mov ecx, dword ptr [eax+74]
00402780 |. C1E1 04 ||shl ecx, 4
00402783 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
0040278A |. 8B45 08 ||mov eax, dword ptr [ebp+8]
0040278D |. 8B48 78 ||mov ecx, dword ptr [eax+78]
00402790 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402793 |. 8B40 7C ||mov eax, dword ptr [eax+7C]
00402796 |. C1E0 04 ||shl eax, 4
00402799 |. 8D8405 00FFFF>||lea eax, dword ptr [ebp+eax-100]
004027A0 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
004027A3 |. 8BB6 80000000 ||mov esi, dword ptr [esi+80]
004027A9 |. 8B0C8A ||mov ecx, dword ptr [edx+ecx*4]
004027AC |. 3B0CB0 ||cmp ecx, dword ptr [eax+esi*4]
004027AF |. 75 14 ||jnz short 004027C5 ; if(SOD[4*nKey[29]+nKey[30]] != SOD[4*nKey[31]+nKey[32])
004027B1 |. 8B55 0C ||mov edx, dword ptr [ebp+C]
004027B4 |. 0355 F0 ||add edx, dword ptr [ebp-10]
004027B7 |. C602 65 ||mov byte ptr [edx], 65 ; in[t] = 'e';
004027BA |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
004027BD |. 83C0 01 ||add eax, 1
004027C0 |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t++;
004027C3 |. EB 12 ||jmp short 004027D7
004027C5 |> 8B4D 0C ||mov ecx, dword ptr [ebp+C]
004027C8 |. 034D F0 ||add ecx, dword ptr [ebp-10]
004027CB |. C601 61 ||mov byte ptr [ecx], 61 ; in[t] = 'a';
004027CE |. 8B55 F0 ||mov edx, dword ptr [ebp-10]
004027D1 |. 83C2 01 ||add edx, 1
004027D4 |. 8955 F0 ||mov dword ptr [ebp-10], edx ; t++;
004027D7 |> 8B85 E8FEFFFF ||mov eax, dword ptr [ebp-118]
004027DD |. 3B85 E4FEFFFF ||cmp eax, dword ptr [ebp-11C]
004027E3 |. 0F8D F6000000 ||jge 004028DF ; if(str[5] >= str[6])
004027E9 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
004027EC |. 8B91 84000000 ||mov edx, dword ptr [ecx+84]
004027F2 |. C1E2 04 ||shl edx, 4
004027F5 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
004027FC |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
004027FF |. 8B91 88000000 ||mov edx, dword ptr [ecx+88]
00402805 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402808 |. 8B89 8C000000 ||mov ecx, dword ptr [ecx+8C]
0040280E |. C1E1 04 ||shl ecx, 4
00402811 |. 8D8C0D 00FFFF>||lea ecx, dword ptr [ebp+ecx-100]
00402818 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
0040281B |. 8BB6 90000000 ||mov esi, dword ptr [esi+90]
00402821 |. 8B1490 ||mov edx, dword ptr [eax+edx*4]
00402824 |. 3B14B1 ||cmp edx, dword ptr [ecx+esi*4]
00402827 |. 7E 12 ||jle short 0040283B ; if(SOD[4*nKey[33]+nKey[34]] <= SOD[4*nKey[35]+nKey[36]])
00402829 |. 8B45 0C ||mov eax, dword ptr [ebp+C]
0040282C |. 0345 F0 ||add eax, dword ptr [ebp-10]
0040282F |. C600 67 ||mov byte ptr [eax], 67 ; in[t] = 'g';
00402832 |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
00402835 |. 83C1 01 ||add ecx, 1
00402838 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t++;
0040283B |> 8B55 08 ||mov edx, dword ptr [ebp+8]
0040283E |. 8B82 84000000 ||mov eax, dword ptr [edx+84]
00402844 |. C1E0 04 ||shl eax, 4
00402847 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
0040284E |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402851 |. 8B82 88000000 ||mov eax, dword ptr [edx+88]
00402857 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
0040285A |. 8B92 8C000000 ||mov edx, dword ptr [edx+8C]
00402860 |. C1E2 04 ||shl edx, 4
00402863 |. 8D9415 00FFFF>||lea edx, dword ptr [ebp+edx-100]
0040286A |. 8B75 08 ||mov esi, dword ptr [ebp+8]
0040286D |. 8BB6 90000000 ||mov esi, dword ptr [esi+90]
00402873 |. 8B0481 ||mov eax, dword ptr [ecx+eax*4]
00402876 |. 3B04B2 ||cmp eax, dword ptr [edx+esi*4]
00402879 |. 7D 12 ||jge short 0040288D ; if(SOD[4*nKey[33]+nKey[34]] >= SOD[4*nKey[35]+nKey[36]])
0040287B |. 8B4D 0C ||mov ecx, dword ptr [ebp+C]
0040287E |. 034D F0 ||add ecx, dword ptr [ebp-10]
00402881 |. C601 66 ||mov byte ptr [ecx], 66 ; in[t] = 'f'
00402884 |. 8B55 F0 ||mov edx, dword ptr [ebp-10]
00402887 |. 83C2 01 ||add edx, 1
0040288A |. 8955 F0 ||mov dword ptr [ebp-10], edx ; t++;
0040288D |> 8B45 08 ||mov eax, dword ptr [ebp+8]
00402890 |. 8B88 84000000 ||mov ecx, dword ptr [eax+84]
00402896 |. C1E1 04 ||shl ecx, 4
00402899 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
004028A0 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004028A3 |. 8B88 88000000 ||mov ecx, dword ptr [eax+88]
004028A9 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004028AC |. 8B80 8C000000 ||mov eax, dword ptr [eax+8C]
004028B2 |. C1E0 04 ||shl eax, 4
004028B5 |. 8D8405 00FFFF>||lea eax, dword ptr [ebp+eax-100]
004028BC |. 8B75 08 ||mov esi, dword ptr [ebp+8]
004028BF |. 8BB6 90000000 ||mov esi, dword ptr [esi+90]
004028C5 |. 8B0C8A ||mov ecx, dword ptr [edx+ecx*4]
004028C8 |. 3B0CB0 ||cmp ecx, dword ptr [eax+esi*4]
004028CB |. 75 12 ||jnz short 004028DF ; if(SOD[4*nKey[33]+nKey[34]] != SOD[4*nKey[35]+nKey[36]])
004028CD |. 8B55 0C ||mov edx, dword ptr [ebp+C]
004028D0 |. 0355 F0 ||add edx, dword ptr [ebp-10]
004028D3 |. C602 68 ||mov byte ptr [edx], 68 ; in[t] = 'h'
004028D6 |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
004028D9 |. 83C0 01 ||add eax, 1
004028DC |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t++;
004028DF |> 8B8D E8FEFFFF ||mov ecx, dword ptr [ebp-118]
004028E5 |. 3B8D E4FEFFFF ||cmp ecx, dword ptr [ebp-11C]
004028EB |. 0F85 6B010000 ||jnz 00402A5C ; if(str[5] != str[6])
004028F1 |. C745 FC 00000>||mov dword ptr [ebp-4], 0 ; i = 0;
004028F8 |. C745 F4 00000>||mov dword ptr [ebp-C], 0 ; s = 0;
004028FF |. C745 FC 00000>||mov dword ptr [ebp-4], 0
00402906 |. EB 09 ||jmp short 00402911
00402908 |> 8B55 FC ||/mov edx, dword ptr [ebp-4]
0040290B |. 83C2 01 |||add edx, 1
0040290E |. 8955 FC |||mov dword ptr [ebp-4], edx ; i++;
00402911 |> 8B45 08 || mov eax, dword ptr [ebp+8]
00402914 |. 8B4D FC |||mov ecx, dword ptr [ebp-4]
00402917 |. 3B08 |||cmp ecx, dword ptr [eax]
00402919 |. 7D 4B |||jge short 00402966 ; if(i >= nKey[0])
0040291B |. C745 F8 00000>|||mov dword ptr [ebp-8], 0
00402922 |. C745 F8 00000>|||mov dword ptr [ebp-8], 0 ; j = 0;
00402929 |. EB 09 |||jmp short 00402934
0040292B |> 8B55 F8 |||/mov edx, dword ptr [ebp-8]
0040292E |. 83C2 01 ||||add edx, 1
00402931 |. 8955 F8 ||||mov dword ptr [ebp-8], edx ; j++;
00402934 |> 8B45 F8 ||| mov eax, dword ptr [ebp-8]
00402937 |. 3B85 FCFEFFFF ||||cmp eax, dword ptr [ebp-104]
0040293D |. 7D 25 ||||jge short 00402964 ; if(j >= str[0])
0040293F |. 8B4D F4 ||||mov ecx, dword ptr [ebp-C]
00402942 |. 8B548D C0 ||||mov edx, dword ptr [ebp+ecx*4-40>
00402946 |. 8B45 FC ||||mov eax, dword ptr [ebp-4]
00402949 |. C1E0 04 ||||shl eax, 4
0040294C |. 8D8C05 00FFFF>||||lea ecx, dword ptr [ebp+eax-100]
00402953 |. 8B45 F8 ||||mov eax, dword ptr [ebp-8]
00402956 |. 891481 ||||mov dword ptr [ecx+eax*4], edx ; SOD[4*i+j] = SD[s];
00402959 |. 8B4D F4 ||||mov ecx, dword ptr [ebp-C]
0040295C |. 83C1 01 ||||add ecx, 1
0040295F |. 894D F4 ||||mov dword ptr [ebp-C], ecx ; s++;
00402962 |.^ EB C7 |||\jmp short 0040292B
00402964 |>^ EB A2 ||\jmp short 00402908
00402966 |> 8B55 08 ||mov edx, dword ptr [ebp+8]
00402969 |. 8B82 94000000 ||mov eax, dword ptr [edx+94]
0040296F |. C1E0 04 ||shl eax, 4
00402972 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
00402979 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
0040297C |. 8B82 98000000 ||mov eax, dword ptr [edx+98]
00402982 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402985 |. 8B92 9C000000 ||mov edx, dword ptr [edx+9C]
0040298B |. C1E2 04 ||shl edx, 4
0040298E |. 8D9415 00FFFF>||lea edx, dword ptr [ebp+edx-100]
00402995 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402998 |. 8BB6 A0000000 ||mov esi, dword ptr [esi+A0]
0040299E |. 8B0481 ||mov eax, dword ptr [ecx+eax*4]
004029A1 |. 3B04B2 ||cmp eax, dword ptr [edx+esi*4]
004029A4 |. 7E 12 ||jle short 004029B8 ; if(SOD[4*nKey[37]+nKey[38]] <= SOD[4*nKey[39]+nKey[40]])
004029A6 |. 8B4D 0C ||mov ecx, dword ptr [ebp+C]
004029A9 |. 034D F0 ||add ecx, dword ptr [ebp-10]
004029AC |. C601 62 ||mov byte ptr [ecx], 62 ; in[t] = 'b'
004029AF |. 8B55 F0 ||mov edx, dword ptr [ebp-10]
004029B2 |. 83C2 01 ||add edx, 1
004029B5 |. 8955 F0 ||mov dword ptr [ebp-10], edx ; t++;
004029B8 |> 8B45 08 ||mov eax, dword ptr [ebp+8]
004029BB |. 8B88 94000000 ||mov ecx, dword ptr [eax+94]
004029C1 |. C1E1 04 ||shl ecx, 4
004029C4 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
004029CB |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004029CE |. 8B88 98000000 ||mov ecx, dword ptr [eax+98]
004029D4 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004029D7 |. 8B80 9C000000 ||mov eax, dword ptr [eax+9C]
004029DD |. C1E0 04 ||shl eax, 4
004029E0 |. 8D8405 00FFFF>||lea eax, dword ptr [ebp+eax-100]
004029E7 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
004029EA |. 8BB6 A0000000 ||mov esi, dword ptr [esi+A0]
004029F0 |. 8B0C8A ||mov ecx, dword ptr [edx+ecx*4]
004029F3 |. 3B0CB0 ||cmp ecx, dword ptr [eax+esi*4]
004029F6 |. 7D 12 ||jge short 00402A0A ; if(SOD[4*nKey[37]+nKey[38]] >= SOD[4*nKey[39]+nKey[40]])
004029F8 |. 8B55 0C ||mov edx, dword ptr [ebp+C]
004029FB |. 0355 F0 ||add edx, dword ptr [ebp-10]
004029FE |. C602 63 ||mov byte ptr [edx], 63 ; in[t] = 'c';
00402A01 |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
00402A04 |. 83C0 01 ||add eax, 1
00402A07 |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t++;
00402A0A |> 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402A0D |. 8B91 94000000 ||mov edx, dword ptr [ecx+94]
00402A13 |. C1E2 04 ||shl edx, 4
00402A16 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402A1D |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402A20 |. 8B91 98000000 ||mov edx, dword ptr [ecx+98]
00402A26 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402A29 |. 8B89 9C000000 ||mov ecx, dword ptr [ecx+9C]
00402A2F |. C1E1 04 ||shl ecx, 4
00402A32 |. 8D8C0D 00FFFF>||lea ecx, dword ptr [ebp+ecx-100]
00402A39 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402A3C |. 8BB6 A0000000 ||mov esi, dword ptr [esi+A0]
00402A42 |. 8B1490 ||mov edx, dword ptr [eax+edx*4]
00402A45 |. 3B14B1 ||cmp edx, dword ptr [ecx+esi*4]
00402A48 |. 75 12 ||jnz short 00402A5C ; if(SOD[4*nKey[37]+nKey[38]] != SOD[4*nKey[39]+nKey[40]])
00402A4A |. 8B45 0C ||mov eax, dword ptr [ebp+C]
00402A4D |. 0345 F0 ||add eax, dword ptr [ebp-10]
00402A50 |. C600 64 ||mov byte ptr [eax], 64 ; in[t] = 'd';
00402A53 |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
00402A56 |. 83C1 01 ||add ecx, 1
00402A59 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t++;
00402A5C |> 8B95 F0FEFFFF ||mov edx, dword ptr [ebp-110]
00402A62 |. 3B95 ECFEFFFF ||cmp edx, dword ptr [ebp-114]
00402A68 |. 0F8D 9A040000 ||jge 00402F08 ; if(str[3] >= str[4])
00402A6E |. C745 FC 00000>||mov dword ptr [ebp-4], 0 ; i = 0;
00402A75 |. C785 E0FEFFFF>||mov dword ptr [ebp-120], 0 ; str[7] = 0;
00402A7F |. C785 DCFEFFFF>||mov dword ptr [ebp-124], 0 ; str[8] = 0;
00402A89 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402A8C |. 8B48 30 ||mov ecx, dword ptr [eax+30]
00402A8F |. C1E1 04 ||shl ecx, 4
00402A92 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
00402A99 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402A9C |. 8B48 34 ||mov ecx, dword ptr [eax+34]
00402A9F |. 8B148A ||mov edx, dword ptr [edx+ecx*4]
00402AA2 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402AA5 |. 8B48 04 ||mov ecx, dword ptr [eax+4]
00402AA8 |. C1E1 04 ||shl ecx, 4
00402AAB |. 8D840D 00FFFF>||lea eax, dword ptr [ebp+ecx-100]
00402AB2 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402AB5 |. 8B49 2C ||mov ecx, dword ptr [ecx+2C]
00402AB8 |. 891488 ||mov dword ptr [eax+ecx*4], edx ; SOD[4*nKey[1]+nKey[11]] = SOD[4*nKey[12]+nKey[13]];
00402ABB |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402ABE |. 8B42 3C ||mov eax, dword ptr [edx+3C]
00402AC1 |. C1E0 04 ||shl eax, 4
00402AC4 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
00402ACB |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402ACE |. 8B42 40 ||mov eax, dword ptr [edx+40]
00402AD1 |. 8B0C81 ||mov ecx, dword ptr [ecx+eax*4]
00402AD4 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402AD7 |. 8B42 04 ||mov eax, dword ptr [edx+4]
00402ADA |. C1E0 04 ||shl eax, 4
00402ADD |. 8D9405 00FFFF>||lea edx, dword ptr [ebp+eax-100]
00402AE4 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402AE7 |. 8B40 38 ||mov eax, dword ptr [eax+38]
00402AEA |. 890C82 ||mov dword ptr [edx+eax*4], ecx ; SOD[4*nKey[1]+nKey[14]] = SOD[4*nKey[15]+nKey[16];
00402AED |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402AF0 |. 8B51 48 ||mov edx, dword ptr [ecx+48]
00402AF3 |. C1E2 04 ||shl edx, 4
00402AF6 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402AFD |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402B00 |. 8B51 4C ||mov edx, dword ptr [ecx+4C]
00402B03 |. 8B0490 ||mov eax, dword ptr [eax+edx*4]
00402B06 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402B09 |. 8B51 04 ||mov edx, dword ptr [ecx+4]
00402B0C |. C1E2 04 ||shl edx, 4
00402B0F |. 8D8C15 00FFFF>||lea ecx, dword ptr [ebp+edx-100]
00402B16 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402B19 |. 8B52 44 ||mov edx, dword ptr [edx+44]
00402B1C |. 890491 ||mov dword ptr [ecx+edx*4], eax ; SOD[4*nKey[1]+nKey[17]] = SOD[4*nKey[18]+nKey[19]];
00402B1F |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402B22 |. 8B48 54 ||mov ecx, dword ptr [eax+54]
00402B25 |. C1E1 04 ||shl ecx, 4
00402B28 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
00402B2F |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402B32 |. 8B48 58 ||mov ecx, dword ptr [eax+58]
00402B35 |. 8B148A ||mov edx, dword ptr [edx+ecx*4]
00402B38 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402B3B |. 8B48 08 ||mov ecx, dword ptr [eax+8]
00402B3E |. C1E1 04 ||shl ecx, 4
00402B41 |. 8D840D 00FFFF>||lea eax, dword ptr [ebp+ecx-100]
00402B48 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402B4B |. 8B49 50 ||mov ecx, dword ptr [ecx+50]
00402B4E |. 891488 ||mov dword ptr [eax+ecx*4], edx ; SOD[4*nKey[2]+nKey[20]] = SOD[4*nKey[21]+nKey[22]];
00402B51 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402B54 |. 8B42 60 ||mov eax, dword ptr [edx+60]
00402B57 |. C1E0 04 ||shl eax, 4
00402B5A |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
00402B61 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402B64 |. 8B42 64 ||mov eax, dword ptr [edx+64]
00402B67 |. 8B0C81 ||mov ecx, dword ptr [ecx+eax*4]
00402B6A |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402B6D |. 8B42 08 ||mov eax, dword ptr [edx+8]
00402B70 |. C1E0 04 ||shl eax, 4
00402B73 |. 8D9405 00FFFF>||lea edx, dword ptr [ebp+eax-100]
00402B7A |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402B7D |. 8B40 5C ||mov eax, dword ptr [eax+5C]
00402B80 |. 890C82 ||mov dword ptr [edx+eax*4], ecx ; SOD[4*nKey[2]+nKey[23]] = SOD[4*nKey[24]+nKey[25]];
00402B83 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402B86 |. 8B51 6C ||mov edx, dword ptr [ecx+6C]
00402B89 |. C1E2 04 ||shl edx, 4
00402B8C |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402B93 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402B96 |. 8B51 70 ||mov edx, dword ptr [ecx+70]
00402B99 |. 8B0490 ||mov eax, dword ptr [eax+edx*4]
00402B9C |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402B9F |. 8B51 08 ||mov edx, dword ptr [ecx+8]
00402BA2 |. C1E2 04 ||shl edx, 4
00402BA5 |. 8D8C15 00FFFF>||lea ecx, dword ptr [ebp+edx-100]
00402BAC |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402BAF |. 8B52 68 ||mov edx, dword ptr [edx+68]
00402BB2 |. 890491 ||mov dword ptr [ecx+edx*4], eax ; SOD[4*nKey[2]+nKey[26]] = SOD[4*nKey[27]+nKey[28]];
00402BB5 |> 8B45 FC ||/mov eax, dword ptr [ebp-4]
00402BB8 |. 3B85 FCFEFFFF |||cmp eax, dword ptr [ebp-104]
00402BBE |. 7D 4F |||jge short 00402C0F ; if(i >= str[0])
00402BC0 |. 8B4D 08 |||mov ecx, dword ptr [ebp+8]
00402BC3 |. 8B51 04 |||mov edx, dword ptr [ecx+4]
00402BC6 |. C1E2 04 |||shl edx, 4
00402BC9 |. 8D8415 00FFFF>|||lea eax, dword ptr [ebp+edx-100]
00402BD0 |. 8B4D FC |||mov ecx, dword ptr [ebp-4]
00402BD3 |. 8B95 E0FEFFFF |||mov edx, dword ptr [ebp-120]
00402BD9 |. 031488 |||add edx, dword ptr [eax+ecx*4]
00402BDC |. 8995 E0FEFFFF |||mov dword ptr [ebp-120], edx ; str[7] += SOD[4*nKey[1]+i]
00402BE2 |. 8B45 08 |||mov eax, dword ptr [ebp+8]
00402BE5 |. 8B48 08 |||mov ecx, dword ptr [eax+8]
00402BE8 |. C1E1 04 |||shl ecx, 4
00402BEB |. 8D940D 00FFFF>|||lea edx, dword ptr [ebp+ecx-100]
00402BF2 |. 8B45 FC |||mov eax, dword ptr [ebp-4]
00402BF5 |. 8B8D DCFEFFFF |||mov ecx, dword ptr [ebp-124]
00402BFB |. 030C82 |||add ecx, dword ptr [edx+eax*4]
00402BFE |. 898D DCFEFFFF |||mov dword ptr [ebp-124], ecx ; str[8] += SOD[4*nKey[2]+i];
00402C04 |. 8B55 FC |||mov edx, dword ptr [ebp-4]
00402C07 |. 83C2 01 |||add edx, 1
00402C0A |. 8955 FC |||mov dword ptr [ebp-4], edx ; i++;
00402C0D |.^ EB A6 ||\jmp short 00402BB5
00402C0F |> 8B85 E0FEFFFF ||mov eax, dword ptr [ebp-120]
00402C15 |. 3B85 DCFEFFFF ||cmp eax, dword ptr [ebp-124]
00402C1B |. 0F8E F6000000 ||jle 00402D17 ; if(str[7] <= str[8])
00402C21 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402C24 |. 8B91 A4000000 ||mov edx, dword ptr [ecx+A4]
00402C2A |. C1E2 04 ||shl edx, 4
00402C2D |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402C34 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402C37 |. 8B91 A8000000 ||mov edx, dword ptr [ecx+A8]
00402C3D |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402C40 |. 8B89 AC000000 ||mov ecx, dword ptr [ecx+AC]
00402C46 |. C1E1 04 ||shl ecx, 4
00402C49 |. 8D8C0D 00FFFF>||lea ecx, dword ptr [ebp+ecx-100]
00402C50 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402C53 |. 8BB6 B0000000 ||mov esi, dword ptr [esi+B0]
00402C59 |. 8B1490 ||mov edx, dword ptr [eax+edx*4]
00402C5C |. 3B14B1 ||cmp edx, dword ptr [ecx+esi*4]
00402C5F |. 7E 12 ||jle short 00402C73 ; if(SOD[4*nKey[41]+nKey[42]] <= SOD[4*nKey[43]+nKey[44]])
00402C61 |. 8B45 0C ||mov eax, dword ptr [ebp+C]
00402C64 |. 0345 F0 ||add eax, dword ptr [ebp-10]
00402C67 |. C600 66 ||mov byte ptr [eax], 66 ; in[t] = 'f';
00402C6A |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
00402C6D |. 83C1 01 ||add ecx, 1
00402C70 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t++;
00402C73 |> 8B55 08 ||mov edx, dword ptr [ebp+8]
00402C76 |. 8B82 A4000000 ||mov eax, dword ptr [edx+A4]
00402C7C |. C1E0 04 ||shl eax, 4
00402C7F |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
00402C86 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402C89 |. 8B82 A8000000 ||mov eax, dword ptr [edx+A8]
00402C8F |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402C92 |. 8B92 AC000000 ||mov edx, dword ptr [edx+AC]
00402C98 |. C1E2 04 ||shl edx, 4
00402C9B |. 8D9415 00FFFF>||lea edx, dword ptr [ebp+edx-100]
00402CA2 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402CA5 |. 8BB6 B0000000 ||mov esi, dword ptr [esi+B0]
00402CAB |. 8B0481 ||mov eax, dword ptr [ecx+eax*4]
00402CAE |. 3B04B2 ||cmp eax, dword ptr [edx+esi*4]
00402CB1 |. 7D 12 ||jge short 00402CC5 ; if(SOD[4*nKey[41]+nKey[42]] >= SOD[4*nKey[43]+nKey[44]])
00402CB3 |. 8B4D 0C ||mov ecx, dword ptr [ebp+C]
00402CB6 |. 034D F0 ||add ecx, dword ptr [ebp-10]
00402CB9 |. C601 67 ||mov byte ptr [ecx], 67 ; in[t] = 'g';
00402CBC |. 8B55 F0 ||mov edx, dword ptr [ebp-10]
00402CBF |. 83C2 01 ||add edx, 1
00402CC2 |. 8955 F0 ||mov dword ptr [ebp-10], edx ; t++;
00402CC5 |> 8B45 08 ||mov eax, dword ptr [ebp+8]
00402CC8 |. 8B88 A4000000 ||mov ecx, dword ptr [eax+A4]
00402CCE |. C1E1 04 ||shl ecx, 4
00402CD1 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
00402CD8 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402CDB |. 8B88 A8000000 ||mov ecx, dword ptr [eax+A8]
00402CE1 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402CE4 |. 8B80 AC000000 ||mov eax, dword ptr [eax+AC]
00402CEA |. C1E0 04 ||shl eax, 4
00402CED |. 8D8405 00FFFF>||lea eax, dword ptr [ebp+eax-100]
00402CF4 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402CF7 |. 8BB6 B0000000 ||mov esi, dword ptr [esi+B0]
00402CFD |. 8B0C8A ||mov ecx, dword ptr [edx+ecx*4]
00402D00 |. 3B0CB0 ||cmp ecx, dword ptr [eax+esi*4]
00402D03 |. 7D 12 ||jge short 00402D17 ; if(SOD[4*nKey[41]+nKey[42]] >= SOD[4*nKey[43]+nKey[44]])
00402D05 |. 8B55 0C ||mov edx, dword ptr [ebp+C]
00402D08 |. 0355 F0 ||add edx, dword ptr [ebp-10]
00402D0B |. C602 68 ||mov byte ptr [edx], 68 ; in[t] = 'h';
00402D0E |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
00402D11 |. 83C0 01 ||add eax, 1
00402D14 |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t++;
00402D17 |> 8B8D E0FEFFFF ||mov ecx, dword ptr [ebp-120]
00402D1D |. 3B8D DCFEFFFF ||cmp ecx, dword ptr [ebp-124]
00402D23 |. 7D 66 ||jge short 00402D8B ; if(str[7] >= str[8])
00402D25 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402D28 |. 8B82 B4000000 ||mov eax, dword ptr [edx+B4]
00402D2E |. C1E0 04 ||shl eax, 4
00402D31 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
00402D38 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402D3B |. 8B82 B8000000 ||mov eax, dword ptr [edx+B8]
00402D41 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402D44 |. 8B92 BC000000 ||mov edx, dword ptr [edx+BC]
00402D4A |. C1E2 04 ||shl edx, 4
00402D4D |. 8D9415 00FFFF>||lea edx, dword ptr [ebp+edx-100]
00402D54 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402D57 |. 8BB6 C0000000 ||mov esi, dword ptr [esi+C0]
00402D5D |. 8B0481 ||mov eax, dword ptr [ecx+eax*4]
00402D60 |. 3B04B2 ||cmp eax, dword ptr [edx+esi*4]
00402D63 |. 75 14 ||jnz short 00402D79 ; if(SOD[4*nKey[45]+nKey[46]] != SOD[4*nKey[47]+nKey[48]])
00402D65 |. 8B4D 0C ||mov ecx, dword ptr [ebp+C]
00402D68 |. 034D F0 ||add ecx, dword ptr [ebp-10]
00402D6B |. C601 65 ||mov byte ptr [ecx], 65 ; in[t] = 'e';
00402D6E |. 8B55 F0 ||mov edx, dword ptr [ebp-10]
00402D71 |. 83C2 01 ||add edx, 1
00402D74 |. 8955 F0 ||mov dword ptr [ebp-10], edx ; t++;
00402D77 |. EB 12 ||jmp short 00402D8B
00402D79 |> 8B45 0C ||mov eax, dword ptr [ebp+C]
00402D7C |. 0345 F0 ||add eax, dword ptr [ebp-10]
00402D7F |. C600 61 ||mov byte ptr [eax], 61 ; in[t] = 'a';
00402D82 |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
00402D85 |. 83C1 01 ||add ecx, 1
00402D88 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t++;
00402D8B |> 8B95 E0FEFFFF ||mov edx, dword ptr [ebp-120]
00402D91 |. 3B95 DCFEFFFF ||cmp edx, dword ptr [ebp-124]
00402D97 |. 0F85 6B010000 ||jnz 00402F08 ; if(str[7] != str[8])
00402D9D |. C745 FC 00000>||mov dword ptr [ebp-4], 0 ; i = 0;
00402DA4 |. C745 F4 00000>||mov dword ptr [ebp-C], 0 ; s = 0;
00402DAB |. C745 FC 00000>||mov dword ptr [ebp-4], 0
00402DB2 |. EB 09 ||jmp short 00402DBD
00402DB4 |> 8B45 FC ||/mov eax, dword ptr [ebp-4]
00402DB7 |. 83C0 01 |||add eax, 1
00402DBA |. 8945 FC |||mov dword ptr [ebp-4], eax ; i++;
00402DBD |> 8B4D 08 || mov ecx, dword ptr [ebp+8]
00402DC0 |. 8B55 FC |||mov edx, dword ptr [ebp-4]
00402DC3 |. 3B11 |||cmp edx, dword ptr [ecx]
00402DC5 |. 7D 4B |||jge short 00402E12 ; if(i >= nKey[0])
00402DC7 |. C745 F8 00000>|||mov dword ptr [ebp-8], 0
00402DCE |. C745 F8 00000>|||mov dword ptr [ebp-8], 0 ; j = 0;
00402DD5 |. EB 09 |||jmp short 00402DE0
00402DD7 |> 8B45 F8 |||/mov eax, dword ptr [ebp-8]
00402DDA |. 83C0 01 ||||add eax, 1
00402DDD |. 8945 F8 ||||mov dword ptr [ebp-8], eax ; j++;
00402DE0 |> 8B4D F8 ||| mov ecx, dword ptr [ebp-8]
00402DE3 |. 3B8D FCFEFFFF ||||cmp ecx, dword ptr [ebp-104]
00402DE9 |. 7D 25 ||||jge short 00402E10 ; if(j >= str[0])
00402DEB |. 8B55 F4 ||||mov edx, dword ptr [ebp-C]
00402DEE |. 8B4495 C0 ||||mov eax, dword ptr [ebp+edx*4-40>
00402DF2 |. 8B4D FC ||||mov ecx, dword ptr [ebp-4]
00402DF5 |. C1E1 04 ||||shl ecx, 4
00402DF8 |. 8D940D 00FFFF>||||lea edx, dword ptr [ebp+ecx-100]
00402DFF |. 8B4D F8 ||||mov ecx, dword ptr [ebp-8]
00402E02 |. 89048A ||||mov dword ptr [edx+ecx*4], eax ; SOD[4*i+j] = SD[s];
00402E05 |. 8B55 F4 ||||mov edx, dword ptr [ebp-C]
00402E08 |. 83C2 01 ||||add edx, 1
00402E0B |. 8955 F4 ||||mov dword ptr [ebp-C], edx ; s++;
00402E0E |.^ EB C7 |||\jmp short 00402DD7
00402E10 |>^ EB A2 ||\jmp short 00402DB4
00402E12 |> 8B45 08 ||mov eax, dword ptr [ebp+8]
00402E15 |. 8B88 C4000000 ||mov ecx, dword ptr [eax+C4]
00402E1B |. C1E1 04 ||shl ecx, 4
00402E1E |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
00402E25 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402E28 |. 8B88 C8000000 ||mov ecx, dword ptr [eax+C8]
00402E2E |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402E31 |. 8B80 CC000000 ||mov eax, dword ptr [eax+CC]
00402E37 |. C1E0 04 ||shl eax, 4
00402E3A |. 8D8405 00FFFF>||lea eax, dword ptr [ebp+eax-100]
00402E41 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402E44 |. 8BB6 D0000000 ||mov esi, dword ptr [esi+D0]
00402E4A |. 8B0C8A ||mov ecx, dword ptr [edx+ecx*4]
00402E4D |. 3B0CB0 ||cmp ecx, dword ptr [eax+esi*4]
00402E50 |. 7E 12 ||jle short 00402E64 ; if[SOD[4*nKey[49]+nKey[50]] <= SOD[4*nKey[51]+nKey[52]])
00402E52 |. 8B55 0C ||mov edx, dword ptr [ebp+C]
00402E55 |. 0355 F0 ||add edx, dword ptr [ebp-10]
00402E58 |. C602 63 ||mov byte ptr [edx], 63 ; in[t] = 'c';
00402E5B |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
00402E5E |. 83C0 01 ||add eax, 1
00402E61 |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t++;
00402E64 |> 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402E67 |. 8B91 C4000000 ||mov edx, dword ptr [ecx+C4]
00402E6D |. C1E2 04 ||shl edx, 4
00402E70 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402E77 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402E7A |. 8B91 C8000000 ||mov edx, dword ptr [ecx+C8]
00402E80 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402E83 |. 8B89 CC000000 ||mov ecx, dword ptr [ecx+CC]
00402E89 |. C1E1 04 ||shl ecx, 4
00402E8C |. 8D8C0D 00FFFF>||lea ecx, dword ptr [ebp+ecx-100]
00402E93 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402E96 |. 8BB6 D0000000 ||mov esi, dword ptr [esi+D0]
00402E9C |. 8B1490 ||mov edx, dword ptr [eax+edx*4]
00402E9F |. 3B14B1 ||cmp edx, dword ptr [ecx+esi*4]
00402EA2 |. 7D 12 ||jge short 00402EB6 ; if[SOD[4*nKey[49]+nKey[50]] >= SOD[4*nKey[51]+nKey[52]])
00402EA4 |. 8B45 0C ||mov eax, dword ptr [ebp+C]
00402EA7 |. 0345 F0 ||add eax, dword ptr [ebp-10]
00402EAA |. C600 62 ||mov byte ptr [eax], 62 ; in[t] = 'b';
00402EAD |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
00402EB0 |. 83C1 01 ||add ecx, 1
00402EB3 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t++;
00402EB6 |> 8B55 08 ||mov edx, dword ptr [ebp+8]
00402EB9 |. 8B82 C4000000 ||mov eax, dword ptr [edx+C4]
00402EBF |. C1E0 04 ||shl eax, 4
00402EC2 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
00402EC9 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402ECC |. 8B82 C8000000 ||mov eax, dword ptr [edx+C8]
00402ED2 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402ED5 |. 8B92 CC000000 ||mov edx, dword ptr [edx+CC]
00402EDB |. C1E2 04 ||shl edx, 4
00402EDE |. 8D9415 00FFFF>||lea edx, dword ptr [ebp+edx-100]
00402EE5 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402EE8 |. 8BB6 D0000000 ||mov esi, dword ptr [esi+D0]
00402EEE |. 8B0481 ||mov eax, dword ptr [ecx+eax*4]
00402EF1 |. 3B04B2 ||cmp eax, dword ptr [edx+esi*4]
00402EF4 |. 75 12 ||jnz short 00402F08 ; if[SOD[4*nKey[49]+nKey[50]] != SOD[4*nKey[51]+nKey[52]])
00402EF6 |. 8B4D 0C ||mov ecx, dword ptr [ebp+C]
00402EF9 |. 034D F0 ||add ecx, dword ptr [ebp-10]
00402EFC |. C601 64 ||mov byte ptr [ecx], 64 ; in[t] = 'd';
00402EFF |. 8B55 F0 ||mov edx, dword ptr [ebp-10]
00402F02 |. 83C2 01 ||add edx, 1
00402F05 |. 8955 F0 ||mov dword ptr [ebp-10], edx ; t++;
00402F08 |>^ E9 43F4FFFF |\jmp 00402350
00402F0D |> 8B85 F8FEFFFF |mov eax, dword ptr [ebp-108]
00402F13 |. 83C0 01 |add eax, 1
00402F16 |. 8985 F8FEFFFF |mov dword ptr [ebp-108], eax ; str[1]++;
00402F1C |.^ E9 FAF3FFFF \jmp 0040231B
00402F21 |> 5F pop edi
00402F22 |. 5E pop esi
00402F23 |. 5B pop ebx
00402F24 |. 8BE5 mov esp, ebp
00402F26 |. 5D pop ebp
00402F27 \. C3 retn
返回后
00403624 . E8 5EDAFFFF call 00401087 ; SomeFunc(nKey,in,order);
00403629 . 83C4 0C add esp, 0C
0040362C . 8D8D 00FFFFFF lea ecx, dword ptr [ebp-100]
00403632 . 898D 4CFDFFFF mov dword ptr [ebp-2B4], ecx ; char *result;result = in;
00403638 . C785 48FDFFFF>mov dword ptr [ebp-2B8], 0 ; int l = 0;
00403642 > 83BD 48FDFFFF>cmp dword ptr [ebp-2B8], 2
00403649 . 0F8D 6E010000 jge 004037BD ; if(l >= 2)
0040364F . C745 F8 00000>mov dword ptr [ebp-8], 0 ; j = 0;
00403656 . C785 64FFFFFF>mov dword ptr [ebp-9C], 0 ; k = 0;
00403660 . 83BD 48FDFFFF>cmp dword ptr [ebp-2B8], 1
00403667 . 75 0F jnz short 00403678 ; if(l != 1)
00403669 . 8B95 4CFDFFFF mov edx, dword ptr [ebp-2B4]
0040366F . 83C2 0C add edx, 0C
00403672 . 8995 4CFDFFFF mov dword ptr [ebp-2B4], edx ; result += 12;
00403678 > 837D F8 0C cmp dword ptr [ebp-8], 0C
0040367C . 0F8D 27010000 jge 004037A9 ; if(j >= 12)
00403682 . C745 FC 00000>mov dword ptr [ebp-4], 0 ; i = 0;
00403689 . 8B85 4CFDFFFF mov eax, dword ptr [ebp-2B4]
0040368F . 8A08 mov cl, byte ptr [eax] ; in[0]
00403691 . 888D F4FEFFFF mov byte ptr [ebp-10C], cl ; MinChar = in[0];
00403697 . C785 F8FEFFFF>mov dword ptr [ebp-108], 0 ; PositionOfMin = 0;
004036A1 > 8B95 4CFDFFFF mov edx, dword ptr [ebp-2B4]
004036A7 . 52 push edx ; /s
004036A8 . E8 DF0C0000 call <jmp.&MSVCRT.strlen> ; \strlen
004036AD . 83C4 04 add esp, 4
004036B0 . 83E8 01 sub eax, 1
004036B3 . 3945 FC cmp dword ptr [ebp-4], eax ; if(i < strlen(in)-1)
004036B6 . 1BC0 sbb eax, eax
004036B8 . F7D8 neg eax ; eax = 1
004036BA . 33C9 xor ecx, ecx
004036BC . 837D FC 0B cmp dword ptr [ebp-4], 0B ; if(i < 11)
004036C0 . 0F9CC1 setl cl ; cl = 1
004036C3 . 23C1 and eax, ecx
004036C5 . 85C0 test eax, eax
004036C7 . 0F84 88000000 je 00403755
004036CD . 0FBE95 F4FEFF>movsx edx, byte ptr [ebp-10C] ; MinChar
004036D4 . 8B85 4CFDFFFF mov eax, dword ptr [ebp-2B4]
004036DA . 0345 FC add eax, dword ptr [ebp-4] ; in[i]
004036DD . 0FBE48 01 movsx ecx, byte ptr [eax+1] ; in[i+1]
004036E1 . 33C0 xor eax, eax
004036E3 . 3BD1 cmp edx, ecx ; if(MinChar == in[i+1])
004036E5 . 0F94C0 sete al ; al = 1
004036E8 . 0FBE8D F4FEFF>movsx ecx, byte ptr [ebp-10C]
004036EF . 33D2 xor edx, edx
004036F1 . 83F9 7A cmp ecx, 7A ; if(MinChar != 'z')
004036F4 . 0F95C2 setne dl ; dl = 1
004036F7 . 23C2 and eax, edx
004036F9 . 85C0 test eax, eax
004036FB . 74 14 je short 00403711 ; if((MinCHar == in[i+1])&&MinChar != 'z')
004036FD . 8D85 ECFEFFFF lea eax, dword ptr [ebp-114]
00403703 . 50 push eax
00403704 . E8 BAD9FFFF call 004010C3
00403709 . 83C4 04 add esp, 4
0040370C . E9 F3020000 jmp 00403A04
00403711 > 0FBE8D F4FEFF>movsx ecx, byte ptr [ebp-10C]
00403718 . 8B95 4CFDFFFF mov edx, dword ptr [ebp-2B4]
0040371E . 0355 FC add edx, dword ptr [ebp-4]
00403721 . 0FBE42 01 movsx eax, byte ptr [edx+1]
00403725 . 3BC8 cmp ecx, eax
00403727 . 7E 1E jle short 00403747 ; if(MinChar <= in[i+1])
00403729 . 8B8D 4CFDFFFF mov ecx, dword ptr [ebp-2B4]
0040372F . 034D FC add ecx, dword ptr [ebp-4]
00403732 . 8A51 01 mov dl, byte ptr [ecx+1]
00403735 . 8895 F4FEFFFF mov byte ptr [ebp-10C], dl ; MinChar = in[i+1];
0040373B . 8B45 FC mov eax, dword ptr [ebp-4]
0040373E . 83C0 01 add eax, 1
00403741 . 8985 F8FEFFFF mov dword ptr [ebp-108], eax ; PositionOfMin = i+1;
00403747 > 8B4D FC mov ecx, dword ptr [ebp-4]
0040374A . 83C1 01 add ecx, 1
0040374D . 894D FC mov dword ptr [ebp-4], ecx ; i++;
00403750 .^ E9 4CFFFFFF jmp 004036A1
00403755 > 83BD 48FDFFFF>cmp dword ptr [ebp-2B8], 0
0040375C . 75 0F jnz short 0040376D ; if(l != 0)
0040375E . 8B95 F8FEFFFF mov edx, dword ptr [ebp-108]
00403764 . 8B45 F8 mov eax, dword ptr [ebp-8]
00403767 . 894495 98 mov dword ptr [ebp+edx*4-68], eax ; ResultOrder1[PositionOfMin] = j;
0040376B . EB 10 jmp short 0040377D
0040376D > 8B8D F8FEFFFF mov ecx, dword ptr [ebp-108]
00403773 . 8B55 F8 mov edx, dword ptr [ebp-8]
00403776 . 89948D 68FFFF>mov dword ptr [ebp+ecx*4-98], edx ; ResultOrder2[PositionOfMin] = j;
0040377D > 8B85 4CFDFFFF mov eax, dword ptr [ebp-2B4]
00403783 . 0385 F8FEFFFF add eax, dword ptr [ebp-108]
00403789 . C600 7A mov byte ptr [eax], 7A ; in[PositionOfMin] = 'z'
0040378C . 8B4D F8 mov ecx, dword ptr [ebp-8]
0040378F . 83C1 01 add ecx, 1
00403792 . 894D F8 mov dword ptr [ebp-8], ecx ; j++;
00403795 . 8B95 64FFFFFF mov edx, dword ptr [ebp-9C]
0040379B . 83C2 01 add edx, 1
0040379E . 8995 64FFFFFF mov dword ptr [ebp-9C], edx ; k++;
004037A4 .^ E9 CFFEFFFF jmp 00403678
004037A9 > 8B85 48FDFFFF mov eax, dword ptr [ebp-2B8]
004037AF . 83C0 01 add eax, 1
004037B2 . 8985 48FDFFFF mov dword ptr [ebp-2B8], eax ; l++;
004037B8 .^ E9 85FEFFFF jmp 00403642
004037BD > C745 FC 00000>mov dword ptr [ebp-4], 0
004037C4 > 837D FC 0C cmp dword ptr [ebp-4], 0C
004037C8 . 7D 55 jge short 0040381F ; if(i >= 12)
004037CA . 8B4D FC mov ecx, dword ptr [ebp-4]
004037CD . 8B55 FC mov edx, dword ptr [ebp-4]
004037D0 . 8B448D C8 mov eax, dword ptr [ebp+ecx*4-38]
004037D4 . 3B4495 98 cmp eax, dword ptr [ebp+edx*4-68]
004037D8 . 75 26 jnz short 00403800 ; if(order[i] != ResultOrder1[i])
004037DA . 8B4D FC mov ecx, dword ptr [ebp-4]
004037DD . 8B55 FC mov edx, dword ptr [ebp-4]
004037E0 . 8B448D C8 mov eax, dword ptr [ebp+ecx*4-38]
004037E4 . 3B8495 68FFFF>cmp eax, dword ptr [ebp+edx*4-98]
004037EB . 75 13 jnz short 00403800 ; if(order[i] != ResultOrder2[i])
004037ED . 8B4D FC mov ecx, dword ptr [ebp-4]
004037F0 . 8B55 FC mov edx, dword ptr [ebp-4]
004037F3 . 8B448D 98 mov eax, dword ptr [ebp+ecx*4-68]
004037F7 . 3B8495 68FFFF>cmp eax, dword ptr [ebp+edx*4-98]
004037FE . 74 14 je short 00403814 ; if(ResultOrder1[i] == ResultOrder2[i])
00403800 > 8D8D ECFEFFFF lea ecx, dword ptr [ebp-114]
00403806 . 51 push ecx
00403807 . E8 B7D8FFFF call 004010C3
0040380C . 83C4 04 add esp, 4
0040380F . E9 F0010000 jmp 00403A04
00403814 > 8B55 FC mov edx, dword ptr [ebp-4]
00403817 . 83C2 01 add edx, 1
0040381A . 8955 FC mov dword ptr [ebp-4], edx ; i++
0040381D .^ EB A5 jmp short 004037C4
0040381F > C745 FC 00000>mov dword ptr [ebp-4], 0 ; i = 0;
00403826 . C685 34FDFFFF>mov byte ptr [ebp-2CC], 67 ; o
0040382D . C685 35FDFFFF>mov byte ptr [ebp-2CB], 63 ; k
00403834 . C685 36FDFFFF>mov byte ptr [ebp-2CA], 29 ; !
0040383B . C685 37FDFFFF>mov byte ptr [ebp-2C9], 8
00403842 > 8D85 34FDFFFF lea eax, dword ptr [ebp-2CC]
00403848 . 50 push eax ; /s
00403849 . E8 3E0B0000 call <jmp.&MSVCRT.strlen> ; \strlen
0040384E . 83C4 04 add esp, 4
00403851 . 3945 FC cmp dword ptr [ebp-4], eax ; 构造字符串
00403854 . 73 22 jnb short 00403878
00403856 . 8B4D FC mov ecx, dword ptr [ebp-4]
00403859 . 8A940D 34FDFF>mov dl, byte ptr [ebp+ecx-2CC]
00403860 . 80F2 08 xor dl, 8
00403863 . 8B45 FC mov eax, dword ptr [ebp-4]
00403866 . 889405 34FDFF>mov byte ptr [ebp+eax-2CC], dl
0040386D . 8B4D FC mov ecx, dword ptr [ebp-4]
00403870 . 83C1 01 add ecx, 1
00403873 . 894D FC mov dword ptr [ebp-4], ecx
00403876 .^ EB CA jmp short 00403842
00403878 > 8B55 FC mov edx, dword ptr [ebp-4]
0040387B . C68415 34FDFF>mov byte ptr [ebp+edx-2CC], 0
00403883 . 8D85 34FDFFFF lea eax, dword ptr [ebp-2CC]
00403889 . 50 push eax
0040388A . E8 34D8FFFF call 004010C3
0040388F . 83C4 04 add esp, 4
00403892 . E9 6C010000 jmp 00403A03
到此已经完成验证
下面是C实现的算法
void SomeFunc(int nKey[53],char in[28],int order[12])
{
int i = 0,j = 0,s = 0,t = 0;
int str[10];
int SD[12]; //SomeData,I don't know how to name it
int SOD[53]; //SomeOtherData
for(i = 0;i < 12;i++)
{
SD[i] = 30;
}
str[0] = 0;
if(nKey[0] > 0)
{
str[0] = 12/nKey[0];
}
str[2] = 0;
for(str[1] = 0;str[1] < 2;str[1]++)
{
if(str[2] > 0)
{
SD[order[str[2]-1]] = 30;
}
str[2] = 0;
while(str[2] < 12)
{
if(str[2] > 0)
{
SD[order[str[2]-1]] = 30;
}
if(str[1] == 0)
{
SD[order[str[2]]] = 40;
str[2]++;
}
if(str[1] == 1)
{
SD[order[str[2]]] = 20;
str[2]++;
}
i = 0;
s = 0;
for(i = 0;i < nKey[0];i++)
{
for(j = 0;j < str[0];j++)
{
SOD[4*i+j] = SD[s];
s++;
}
}
i = 0;
str[3] = 0;
str[4] = 0;
for(i = 0;i < str[0];i++)
{
str[3] += SOD[4*nKey[1]+i];
str[4] += SOD[4*nKey[2]+i];
}
if(str[3] == str[4])
{
if(SOD[4*nKey[3]+nKey[4]] == SOD[4*nKey[5]+nKey[6]])
{
if(SOD[4*nKey[7]+SOD[nKey[8]] == SOD[4*nKey[9]+nKey[10]])
{
in[t] = 'l';
t++;
}
else
{
in[t] = 'k';
t++;
}
}
else
{
if(SOD[4*nKey[7]+SOD[nKey[8]] == SOD[4*nKey[9]+nKey[10]])
{
in[t] = 'j';
t++;
}
else
{
in[t] = 'i';
t++;
}
}
}
if(str[3] > str[4])
{
i = 0;
str[5] = 0;
str[6] = 0;
SOD[4*nKey[1]+nKey[11]] = SOD[4*nKey[12]+nKey[13]];
SOD[4*nKey[1]+nKey[14]] = SOD[4*nKey[15]+nKey[16]];
SOD[4*nKey[1]+nKey[17]] = SOD[4*nKey[18]+nKey[19]];
SOD[4*nKey[2]+nKey[20]] = SOD[4*nKey[21]+nKey[22]];
SOD[4*nKey[2]+nKey[23]] = SOD[4*nKey[24]+nKey[25]];
SOD[4*nKey[2]+nKey[26]] = SOD[4*nKey[27]+nKey[28]];
for(i = 0;i < str[1];i++)
{
str[5] += SOD[4*nKey[1]+i];
str[6] += SOD[4*nKey[2]+i];
}
if(str[5] > str[6])
{
if(SOD[4*nKey[29]+nKey[30]] == SOD[4*nKey[31]+nKey[32]])
{
in[t] = 'e';
t++;
}
else
{
in[t] = 'a';
t++;
}
}
if(str[5] < str[6])
{
if(SOD[4*nKey[33]+nKey[34]] > SOD[4*nKey[35]+nKey[36]])
{
in[t] = 'g';
t++;
}
if(SOD[4*nKey[33]+nKey[34]] < SOD[4*nKey[35]+nKey[36]])
{
in[t] = 'f';
t++;
}
if(SOD[4*nKey[33]+nKey[34]] == SOD[4*nKey[35]+nKey[36]])
{
in[t] = 'h';
t++;
}
}
if(str[5] == str[6])
{
i = 0;
s = 0;
for(i = 0;i < nKey[0];i++)
{
for(j = 0;j < str[0];j++)
{
SOD[4*i+j] = SD[s];
s++;
}
}
if(SOD[4*nKey[37]+nKey[38]] > SOD[4*nKey[39]+nKey[40]])
{
in[t] = 'b';
t++;
}
if(SOD[4*nKey[37]+nKey[38]] < SOD[4*nKey[39]+nKey[40]])
{
in[t] = 'c';
t++;
}
if(SOD[4*nKey[37]+nKey[38]] == SOD[4*nKey[39]+nKey[40]])
{
in[t] = 'd';
t++;
}
}
}
if(str[3] < str[4])
{
i = 0;
str[7] = 0;
str[8] = 0;
SOD[4*nKey[1]+nKey[11]] = SOD[4*nKey[12]+nKey[13]];
SOD[4*nKey[1]+nKey[14]] = SOD[4*nKey[15]+nKey[16]];
SOD[4*nKey[1]+nKey[17]] = SOD[4*nKey[18]+nKey[19]];
SOD[4*nKey[2]+nKey[20]] = SOD[4*nKey[21]+nKey[22]];
SOD[4*nKey[2]+nKey[23]] = SOD[4*nKey[24]+nKey[25]];
SOD[4*nKey[2]+nKey[26]] = SOD[4*nKey[27]+nKey[28]];
for(i = 0;i < str[0];i++)
{
str[7] += SOD[4*nKey[1]+i];
str[8] += SOD[4*nKey[2]+i];
}
if(str[7] > str[8])
{
if(SOD[4*nKey[41]+nKey[42]] > SOD[4*nKey[43]+nKey[44]])
{
in[t] = 'f';
t++;
}
if(SOD[4*nKey[41]+nKey[42]] < SOD[4*nKey[43]+nKey[44]])
{
in[t] = 'g';
t++;
}
if(SOD[4*nKey[41]+nKey[42]] == SOD[4*nKey[43]+nKey[44]]) //本应该是小于,我怀疑有错
{
in[t] = 'h';
t++;
}
}
if(str[7] < str[8])
{
if(SOD[4*nKey[45]+nKey[46]] != SOD[4*nKey[47]+nKey[48]])
{
in[t] = 'e';
t++;
}
else
{
in[t] = 'a';
t++;
}
}
if(str[7] == str[8])
{
i = 0;
s = 0;
for(i = 0;i < nKey[0];i++)
{
for(j = 0;j < str[0];j++)
{
SOD[4*i+j] = SD[s];
s++;
}
}
if[SOD[4*nKey[49]+nKey[50]] > SOD[4*nKey[51]+nKey[52]])
{
in[t] = 'c';
t++;
}
if[SOD[4*nKey[49]+nKey[50]] < SOD[4*nKey[51]+nKey[52]])
{
in[t] = 'b';
t++;
}
if[SOD[4*nKey[49]+nKey[50]] == SOD[4*nKey[51]+nKey[52]])
{
in[t] = 'd';
t++;
}
}
}
}
}
}
BOOL check(char szUserName[12],char szKey[53])
{
int i = 0,j = 0,k = 0,l = 0;
int nKey[53];
int order[12];
int FirstResultOrder[12];
int SecondResultOrder[12];
char MinChar;
int PositionOfMin;
char in[28] = {0};
char *result;
for(i = 0;i < 12;i++)
{
if(szUserName[i] < 0x61 || szUserName[i] >= 0x7a)
{
return FALSE;
}
}
for(j = 0;j < 12;j++)
{
i = 0;
MinChar = szUserName[0];
PositionOfMin = 0;
for(i = 0;i < strlen(szUserName)-1;i++)
{
if((MinChar == szUserName[i+1]) && (MinChar != 'z'))
{
return FALSE;
}
if(MinChar > szUserName[i+1])
{
MinChar = szUserName[i+1];
PositionOfMin = i+1;
}
}
order[PositionOfMin] = j;
k++;
}
if(k < 12)
{
return FALSE;
}
if(strlen(szKey) < 53)
{
return FALSE;
}
for(i = 0;i < strlen(szKey);i++)
{
nKey[i] = szKey[i] - 30;
if(nKey[i] > 3)
{
return FALSE;
}
}
SomeFunc(nKey,in,order);
result = in;
l = 0;
for(l = 0;l < 2;l++)
{
j = 0;
k = 0;
if(l == 1)
{
result += 12;
}
for(j = 0;j < 12;j++)
{
i = 0;
MinChar = in[0];
PositionOfMin = 0;
while(1)
{
if((i < strlen(in)-1) && (i < 11))
{
if((MinChar == in[i+1]) && (MinChar != 'z'))
{
return FALSE;
}
if(MinChar > in[i+1])
{
MinChar = in[i+1];
PositionOfMin = i+1;
}
i++;
}
else
{
break;
}
}
if(l == 0)
{
FirstResultOrder[PositionOfMin] = j;
}
else
{
SecondResultOrder[PositionOfMin] = j;
}
in[PositionOfMin] = 'z';
k++;
}
}
for(i = 0;i < 12;i++)
{
if(order[i] != FirstResultOrder[i]
{
return FALSE;
}
if(order[i] != SecondResultOrder[i])
{
return FALSE;
}
if(FirstResultOrder[i] != SecondResult[i])
{
return FALSE;
}
}
return TRUE;
}
注册算法看不出来。逆向出程序流程不难,理解算法就是
在此膜拜下诸位大牛,好好学习,天天向上!
看了下,是MFC程序,蛋疼,F12暂停法,从深深的堆栈中找到到了地方。(大家对MFC程序如何下断啊?求教!)
虽然用的是OD,但基本上都是静态分析,主要是不太会用IDA啊!
00403C81 |. 8945 F4 mov dword ptr [ebp-C], eax
00403C84 |. 8B55 F8 mov edx, dword ptr [ebp-8] ; 验证码
00403C87 |. 52 push edx
00403C88 |. 8B45 F4 mov eax, dword ptr [ebp-C] ; 用户名
00403C8B |. 50 push eax
00403C8C |. E8 82D4FFFF call 00401113 ; 关键函数
00403C91 |. 83C4 08 add esp, 8
00403C94 |. 5F pop edi
00403C95 |. 5E pop esi
跟入关键函数
此后有个判断CC断点和计算验校和的过程,此处略去
00403276 > /6A 0A push 0A ; /size = A (10.)
00403278 . |FF15 F8954000 call dword ptr [<&MSVCRT.malloc>] ; \malloc
0040327E . |83C4 04 add esp, 4
00403281 . |8985 FCFEFFFF mov dword ptr [ebp-104], eax
00403287 . |8B8D FCFEFFFF mov ecx, dword ptr [ebp-104]
0040328D . |C601 7D mov byte ptr [ecx], 7D
00403290 . |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
00403296 . |C642 01 7B mov byte ptr [edx+1], 7B
0040329A . |8B85 FCFEFFFF mov eax, dword ptr [ebp-104]
004032A0 . |C640 02 6D mov byte ptr [eax+2], 6D
004032A4 . |8B8D FCFEFFFF mov ecx, dword ptr [ebp-104]
004032AA . |C641 03 7A mov byte ptr [ecx+3], 7A
004032AE . |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
004032B4 . |C642 04 66 mov byte ptr [edx+4], 66
004032B8 . |8B85 FCFEFFFF mov eax, dword ptr [ebp-104]
004032BE . |C640 05 69 mov byte ptr [eax+5], 69
004032C2 . |8B8D FCFEFFFF mov ecx, dword ptr [ebp-104]
004032C8 . |C641 06 65 mov byte ptr [ecx+6], 65
004032CC . |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
004032D2 . |C642 07 6D mov byte ptr [edx+7], 6D
004032D6 . |8B85 FCFEFFFF mov eax, dword ptr [ebp-104]
004032DC . |C640 08 37 mov byte ptr [eax+8], 37
004032E0 . |8B8D FCFEFFFF mov ecx, dword ptr [ebp-104]
004032E6 . |C641 09 08 mov byte ptr [ecx+9], 8
004032EA . |C745 FC 00000>mov dword ptr [ebp-4], 0
004032F1 > |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
004032F7 . |52 push edx ; /s
004032F8 . |E8 8F100000 call <jmp.&MSVCRT.strlen> ; \strlen
004032FD . |83C4 04 add esp, 4
00403300 . |3945 FC cmp dword ptr [ebp-4], eax
00403303 . |73 24 jnb short 00403329
00403305 . |8B85 FCFEFFFF mov eax, dword ptr [ebp-104]
0040330B . |0345 FC add eax, dword ptr [ebp-4]
0040330E . |8A08 mov cl, byte ptr [eax]
00403310 . |80F1 08 xor cl, 8
00403313 . |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
00403319 . |0355 FC add edx, dword ptr [ebp-4]
0040331C . |880A mov byte ptr [edx], cl ; 堆中字符xor8
0040331E . |8B45 FC mov eax, dword ptr [ebp-4]
00403321 . |83C0 01 add eax, 1
00403324 . |8945 FC mov dword ptr [ebp-4], eax ; 堆中字符串最后为username?
00403327 .^|EB C8 jmp short 004032F1
00403329 > |8B4D 08 mov ecx, dword ptr [ebp+8]
0040332C . |51 push ecx ; /s
0040332D . |E8 5A100000 call <jmp.&MSVCRT.strlen> ; \strlen
00403332 . |83C4 04 add esp, 4 ; 用户名长度
00403335 . |83F8 0C cmp eax, 0C ; 为C
00403338 . |74 14 je short 0040334E
0040333A . |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
00403340 . |52 push edx
00403341 . |E8 7DDDFFFF call 004010C3 ; 失败
00403346 . |83C4 04 add esp, 4
00403349 . |E9 B6060000 jmp 00403A04
0040334E > |C745 FC 00000>mov dword ptr [ebp-4], 0
00403355 > |8B45 08 mov eax, dword ptr [ebp+8] ; eax指向用户名
00403358 . |50 push eax ; /s
00403359 . |E8 2E100000 call <jmp.&MSVCRT.strlen> ; \strlen
0040335E . |83C4 04 add esp, 4
00403361 . |3945 FC cmp dword ptr [ebp-4], eax ; eax用户名长度0c
00403364 . |73 3B jnb short 004033A1 ; 循环c次
00403366 . |8B4D 08 mov ecx, dword ptr [ebp+8]
00403369 . |034D FC add ecx, dword ptr [ebp-4]
0040336C . |0FBE11 movsx edx, byte ptr [ecx]
0040336F . |83FA 61 cmp edx, 61 ; 判断是否小写字母
00403372 . |7C 0E jl short 00403382 ; 跳了则失败
00403374 . |8B45 08 mov eax, dword ptr [ebp+8] ; 大于等于a
00403377 . |0345 FC add eax, dword ptr [ebp-4]
0040337A . |0FBE08 movsx ecx, byte ptr [eax]
0040337D . |83F9 7A cmp ecx, 7A
00403380 . |7C 14 jl short 00403396 ; 小于z
00403382 > |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
00403388 . |52 push edx
00403389 . |E8 35DDFFFF call 004010C3 ; 失败
0040338E . |83C4 04 add esp, 4
00403391 . |E9 6E060000 jmp 00403A04
00403396 > |8B45 FC mov eax, dword ptr [ebp-4] ; 是小写字母
00403399 . |83C0 01 add eax, 1
0040339C . |8945 FC mov dword ptr [ebp-4], eax
0040339F .^|EB B4 jmp short 00403355
004033A1 > |837D F8 0C cmp dword ptr [ebp-8], 0C ; for(j = 0;j < 12;j++)
004033A5 . |0F8D E5000000 jge 00403490
004033AB . |C745 FC 00000>mov dword ptr [ebp-4], 0 ; int i = 0;
004033B2 . |8B4D 08 mov ecx, dword ptr [ebp+8]
004033B5 . |8A11 mov dl, byte ptr [ecx]
004033B7 . |8895 F4FEFFFF mov byte ptr [ebp-10C], dl ; char MinChar = szName[0]
004033BD . |C785 F8FEFFFF>mov dword ptr [ebp-108], 0 ; int PositionOfMin = 0;
004033C7 > |8B45 08 mov eax, dword ptr [ebp+8]
004033CA . |50 push eax ; /s
004033CB . |E8 BC0F0000 call <jmp.&MSVCRT.strlen> ; \strlen
004033D0 . |83C4 04 add esp, 4
004033D3 . |83E8 01 sub eax, 1
004033D6 . |3945 FC cmp dword ptr [ebp-4], eax ; for(i = 0;i < strlen(szName)-1;i++)
004033D9 . |73 7F jnb short 0040345A
004033DB . |0FBE8D F4FEFF>movsx ecx, byte ptr [ebp-10C] ; 当前最小字母
004033E2 . |8B55 08 mov edx, dword ptr [ebp+8] ; 用户名
004033E5 . |0355 FC add edx, dword ptr [ebp-4]
004033E8 . |0FBE42 01 movsx eax, byte ptr [edx+1] ; 用户名中后一个字母
004033EC . |33D2 xor edx, edx
004033EE . |3BC8 cmp ecx, eax ; if(MinChar == szName[i+1])
004033F0 . |0F94C2 sete dl ; 用户名之后一个字母不能与当前最小字母相等
004033F3 . |0FBE85 F4FEFF>movsx eax, byte ptr [ebp-10C]
004033FA . |33C9 xor ecx, ecx
004033FC . |83F8 7A cmp eax, 7A ; if(MinChar != 'z')
004033FF . |0F95C1 setne cl
00403402 . |23D1 and edx, ecx
00403404 . |85D2 test edx, edx
00403406 . |74 14 je short 0040341C ; if((MinChar == szName[i+1])&&(MinChar != 'z'))
00403408 . |8B95 FCFEFFFF mov edx, dword ptr [ebp-104]
0040340E . |52 push edx
0040340F . |E8 AFDCFFFF call 004010C3
00403414 . |83C4 04 add esp, 4
00403417 . |E9 E8050000 jmp 00403A04
0040341C > |0FBE85 F4FEFF>movsx eax, byte ptr [ebp-10C] ; 当前最小字母
00403423 . |8B4D 08 mov ecx, dword ptr [ebp+8]
00403426 . |034D FC add ecx, dword ptr [ebp-4]
00403429 . |0FBE51 01 movsx edx, byte ptr [ecx+1]
0040342D . |3BC2 cmp eax, edx ; 判断后一个字母是否是当前最小
0040342F . |7E 1B jle short 0040344C ; if(MinChar <= szName[i+1])
00403431 . |8B45 08 mov eax, dword ptr [ebp+8]
00403434 . |0345 FC add eax, dword ptr [ebp-4]
00403437 . |8A48 01 mov cl, byte ptr [eax+1]
0040343A . |888D F4FEFFFF mov byte ptr [ebp-10C], cl ; MinChar = szName[i+1]
00403440 . |8B55 FC mov edx, dword ptr [ebp-4]
00403443 . |83C2 01 add edx, 1
00403446 . |8995 F8FEFFFF mov dword ptr [ebp-108], edx ; PositionOfMin = i+1;
0040344C > |8B45 FC mov eax, dword ptr [ebp-4]
0040344F . |83C0 01 add eax, 1
00403452 . |8945 FC mov dword ptr [ebp-4], eax ; i++
00403455 .^|E9 6DFFFFFF jmp 004033C7
0040345A > |8B8D F8FEFFFF mov ecx, dword ptr [ebp-108] ; 最小字母位置
00403460 . |8B55 F8 mov edx, dword ptr [ebp-8]
00403463 . |89548D C8 mov dword ptr [ebp+ecx*4-38], edx ; order[PositionOfMin] = j
00403467 . |8B45 08 mov eax, dword ptr [ebp+8]
0040346A . |0385 F8FEFFFF add eax, dword ptr [ebp-108]
00403470 . |C600 7A mov byte ptr [eax], 7A ; szName[PositionOfMin] = 'z';
00403473 . |8B4D F8 mov ecx, dword ptr [ebp-8]
00403476 . |83C1 01 add ecx, 1
00403479 . |894D F8 mov dword ptr [ebp-8], ecx ; j++
0040347C . |8B95 64FFFFFF mov edx, dword ptr [ebp-9C]
00403482 . |83C2 01 add edx, 1
00403485 . |8995 64FFFFFF mov dword ptr [ebp-9C], edx ; k++
0040348B .^|E9 11FFFFFF jmp 004033A1
00403490 > |C685 ECFEFFFF>mov byte ptr [ebp-114], 7F ; ebp-114为堆栈中构造的字符串
00403497 . |C685 EDFEFFFF>mov byte ptr [ebp-113], 7A
0040349E . |C685 EEFEFFFF>mov byte ptr [ebp-112], 67
004034A5 . |C685 EFFEFFFF>mov byte ptr [ebp-111], 66
004034AC . |C685 F0FEFFFF>mov byte ptr [ebp-110], 6F
004034B3 . |C685 F1FEFFFF>mov byte ptr [ebp-10F], 29
004034BA . |C685 F2FEFFFF>mov byte ptr [ebp-10E], 8
004034C1 . |C745 FC 00000>mov dword ptr [ebp-4], 0
004034C8 > |8D85 ECFEFFFF lea eax, dword ptr [ebp-114] ; 构造一个"wrong!"字符串
004034CE . |50 push eax ; /s
004034CF . |E8 B80E0000 call <jmp.&MSVCRT.strlen> ; \strlen
004034D4 . |83C4 04 add esp, 4
004034D7 . |3945 FC cmp dword ptr [ebp-4], eax
004034DA . |73 22 jnb short 004034FE
004034DC . |8B4D FC mov ecx, dword ptr [ebp-4]
004034DF . |8A940D ECFEFF>mov dl, byte ptr [ebp+ecx-114]
004034E6 . |80F2 08 xor dl, 8
004034E9 . |8B45 FC mov eax, dword ptr [ebp-4]
004034EC . |889405 ECFEFF>mov byte ptr [ebp+eax-114], dl
004034F3 . |8B4D FC mov ecx, dword ptr [ebp-4]
004034F6 . |83C1 01 add ecx, 1
004034F9 . |894D FC mov dword ptr [ebp-4], ecx
004034FC .^|EB CA jmp short 004034C8 ; 将字符串每个字符与8做xor运算
004034FE > |8B55 FC mov edx, dword ptr [ebp-4]
00403501 . |C68415 ECFEFF>mov byte ptr [ebp+edx-114], 0 ; ebp-114:char szWrong = "Wrong!"
00403509 . |83BD 64FFFFFF>cmp dword ptr [ebp-9C], 0C
00403510 . |7D 10 jge short 00403522 ; if(k>=12)
00403512 . |8D85 ECFEFFFF lea eax, dword ptr [ebp-114]
00403518 . |50 push eax
00403519 . |E8 A5DBFFFF call 004010C3
0040351E . |83C4 04 add esp, 4
00403521 . |C3 retn
00403522 > |C685 E0FEFFFF>mov byte ptr [ebp-120], 63
00403529 . |C685 E1FEFFFF>mov byte ptr [ebp-11F], 6D
00403530 . |C685 E2FEFFFF>mov byte ptr [ebp-11E], 71
00403537 . |C685 E3FEFFFF>mov byte ptr [ebp-11D], 37
0040353E . |C685 E4FEFFFF>mov byte ptr [ebp-11C], 8
00403545 . |C745 FC 00000>mov dword ptr [ebp-4], 0
0040354C > |8D8D E0FEFFFF lea ecx, dword ptr [ebp-120] ; 构造一个"key?"字符串
00403552 . |51 push ecx ; /s
00403553 . |E8 340E0000 call <jmp.&MSVCRT.strlen> ; \strlen
00403558 . |83C4 04 add esp, 4
0040355B . |3945 FC cmp dword ptr [ebp-4], eax
0040355E . |73 21 jnb short 00403581
00403560 . |8B55 FC mov edx, dword ptr [ebp-4]
00403563 . |8A8415 E0FEFF>mov al, byte ptr [ebp+edx-120]
0040356A . |34 08 xor al, 8
0040356C . |8B4D FC mov ecx, dword ptr [ebp-4]
0040356F . |88840D E0FEFF>mov byte ptr [ebp+ecx-120], al
00403576 . |8B55 FC mov edx, dword ptr [ebp-4]
00403579 . |83C2 01 add edx, 1
0040357C . |8955 FC mov dword ptr [ebp-4], edx
0040357F .^|EB CB jmp short 0040354C
00403581 > |8B45 FC mov eax, dword ptr [ebp-4]
00403584 . |C68405 E0FEFF>mov byte ptr [ebp+eax-120], 0 ; ebp-120:char szKeyInfo = "Key?"
0040358C . |8B4D 0C mov ecx, dword ptr [ebp+C]
0040358F . |51 push ecx ; /s
00403590 . |E8 F70D0000 call <jmp.&MSVCRT.strlen> ; \strlen
00403595 . |83C4 04 add esp, 4
00403598 . |83F8 35 cmp eax, 35 ; 验证码长度要大于等于0x35
0040359B . |73 14 jnb short 004035B1 ; if(lstrlen(szKey) >= 53)
0040359D . |8D95 E0FEFFFF lea edx, dword ptr [ebp-120]
004035A3 . |52 push edx
004035A4 . |E8 1ADBFFFF call 004010C3
004035A9 . |83C4 04 add esp, 4
004035AC . |E9 53040000 jmp 00403A04
004035B1 > |C745 FC 00000>mov dword ptr [ebp-4], 0 ; int i =0;
004035B8 > |8B45 0C mov eax, dword ptr [ebp+C] ; for(i = 0;i < lstrlen(szKey);i++)
004035BB . |50 push eax ; /s
004035BC . |E8 CB0D0000 call <jmp.&MSVCRT.strlen> ; \strlen
004035C1 . |83C4 04 add esp, 4
004035C4 . |3945 FC cmp dword ptr [ebp-4], eax
004035C7 . |73 42 jnb short 0040360B
004035C9 . |8B4D 0C mov ecx, dword ptr [ebp+C]
004035CC . |034D FC add ecx, dword ptr [ebp-4]
004035CF . |0FBE11 movsx edx, byte ptr [ecx]
004035D2 . |83EA 30 sub edx, 30
004035D5 . |8B45 FC mov eax, dword ptr [ebp-4]
004035D8 . |899485 50FDFF>mov dword ptr [ebp+eax*4-2B0], edx ; ebp-2b0:int *nKey;nKey[i] = szKey[i]-0x30
004035DF . |8B4D FC mov ecx, dword ptr [ebp-4]
004035E2 . |83C1 01 add ecx, 1
004035E5 . |894D FC mov dword ptr [ebp-4], ecx
004035E8 . |8B55 FC mov edx, dword ptr [ebp-4]
004035EB . |83BC95 4CFDFF>cmp dword ptr [ebp+edx*4-2B4], 3 ; 第n个字符是否小于等于3
004035F3 . |7E 14 jle short 00403609 ; if(nKey[i] <= 3)
004035F5 . |8D85 E0FEFFFF lea eax, dword ptr [ebp-120]
004035FB . |50 push eax
004035FC . |E8 C2DAFFFF call 004010C3
00403601 . |83C4 04 add esp, 4
00403604 . |E9 FB030000 jmp 00403A04
00403609 >^|EB AD jmp short 004035B8
0040360B > |C685 18FFFFFF>mov byte ptr [ebp-E8], 0 ; 给in字符串末尾舔0'
00403612 . |8D4D C8 lea ecx, dword ptr [ebp-38] ; 用户名字符大小顺序的数组
00403615 . |51 push ecx
00403616 . |8D95 00FFFFFF lea edx, dword ptr [ebp-100] ; char in[28]
0040361C . |52 push edx
0040361D . |8D85 50FDFFFF lea eax, dword ptr [ebp-2B0] ; 验证码大小数组
00403623 . |50 push eax
00403624 . |E8 5EDAFFFF call 00401087 ; SomeFunc(nKey,in,order);
这里又有一个关键函数,跟入
004022A0 /> \55 push ebp
004022A1 |. 8BEC mov ebp, esp
004022A3 |. 81EC 64010000 sub esp, 164
004022A9 |. 53 push ebx
004022AA |. 56 push esi
004022AB |. 57 push edi
004022AC |. C745 FC 00000>mov dword ptr [ebp-4], 0 ; int i = 0;
004022B3 |. C745 F8 00000>mov dword ptr [ebp-8], 0 ; int j = 0;
004022BA |. C745 F4 00000>mov dword ptr [ebp-C], 0 ; int s = 0;
004022C1 |. C745 F0 00000>mov dword ptr [ebp-10], 0 ; int t = 0;
004022C8 |> 837D FC 0C /cmp dword ptr [ebp-4], 0C ; ebp-40:int SomeData[12]
004022CC |. 7D 16 |jge short 004022E4 ; if(i < 12)
004022CE |. 8B45 FC |mov eax, dword ptr [ebp-4]
004022D1 |. C74485 C0 1E0>|mov dword ptr [ebp+eax*4-40], 1E ; SomeData[i] = 30;
004022D9 |. 8B4D FC |mov ecx, dword ptr [ebp-4]
004022DC |. 83C1 01 |add ecx, 1
004022DF |. 894D FC |mov dword ptr [ebp-4], ecx ; i++;
004022E2 |.^ EB E4 \jmp short 004022C8
004022E4 |> C785 FCFEFFFF>mov dword ptr [ebp-104], 0 ; int str[0] = 0;
004022EE |. C785 F8FEFFFF>mov dword ptr [ebp-108], 0 ; int str[1] = 0;
004022F8 |. 8B55 08 mov edx, dword ptr [ebp+8] ; 验证码数组
004022FB |. 833A 00 cmp dword ptr [edx], 0
004022FE |. 7E 11 jle short 00402311 ; if(nKey[0] <= 0)
00402300 |. 8B4D 08 mov ecx, dword ptr [ebp+8]
00402303 |. B8 0C000000 mov eax, 0C
00402308 |. 99 cdq
00402309 |. F739 idiv dword ptr [ecx]
0040230B |. 8985 FCFEFFFF mov dword ptr [ebp-104], eax ; str[0] = 12/nKey[0];
00402311 |> C785 F4FEFFFF>mov dword ptr [ebp-10C], 0 ; str[2] = 0;
0040231B |> 83BD F8FEFFFF>/cmp dword ptr [ebp-108], 2
00402322 |. 0F8D F90B0000 |jge 00402F21 ; if(str[1] >= 2)
00402328 |. 83BD F4FEFFFF>|cmp dword ptr [ebp-10C], 0
0040232F |. 7E 15 |jle short 00402346 ; if(str[2] <= 0)
00402331 |. 8B95 F4FEFFFF |mov edx, dword ptr [ebp-10C]
00402337 |. 8B45 10 |mov eax, dword ptr [ebp+10]
0040233A |. 8B4C90 FC |mov ecx, dword ptr [eax+edx*4-4]
0040233E |. C7448D C0 1E0>|mov dword ptr [ebp+ecx*4-40], 1E ; SomeData[order[str[2]-1]] = 30
00402346 |> C785 F4FEFFFF>|mov dword ptr [ebp-10C], 0 ; str[2] = 0;
00402350 |> 83BD F4FEFFFF>|/cmp dword ptr [ebp-10C], 0C
00402357 |. 0F8D B00B0000 ||jge 00402F0D ; if(str[2] >= 12)
0040235D |. 83BD F4FEFFFF>||cmp dword ptr [ebp-10C], 0
00402364 |. 7E 15 ||jle short 0040237B ; if(str[2] <= 0)
00402366 |. 8B95 F4FEFFFF ||mov edx, dword ptr [ebp-10C]
0040236C |. 8B45 10 ||mov eax, dword ptr [ebp+10]
0040236F |. 8B4C90 FC ||mov ecx, dword ptr [eax+edx*4-4]
00402373 |. C7448D C0 1E0>||mov dword ptr [ebp+ecx*4-40], 1E ; SomeData[order[str[2]-1]] = 30;
0040237B |> 83BD F8FEFFFF>||cmp dword ptr [ebp-108], 0
00402382 |. 75 23 ||jnz short 004023A7 ; if(str[1] != 0)
00402384 |. 8B95 F4FEFFFF ||mov edx, dword ptr [ebp-10C]
0040238A |. 8B45 10 ||mov eax, dword ptr [ebp+10]
0040238D |. 8B0C90 ||mov ecx, dword ptr [eax+edx*4]
00402390 |. C7448D C0 280>||mov dword ptr [ebp+ecx*4-40], 28 ; SomeData[order[str[2]]] = 40;
00402398 |. 8B95 F4FEFFFF ||mov edx, dword ptr [ebp-10C]
0040239E |. 83C2 01 ||add edx, 1
004023A1 |. 8995 F4FEFFFF ||mov dword ptr [ebp-10C], edx ; str[2] += 1;
004023A7 |> 83BD F8FEFFFF>||cmp dword ptr [ebp-108], 1
004023AE |. 75 23 ||jnz short 004023D3 ; if(str[1] != 1)
004023B0 |. 8B85 F4FEFFFF ||mov eax, dword ptr [ebp-10C]
004023B6 |. 8B4D 10 ||mov ecx, dword ptr [ebp+10]
004023B9 |. 8B1481 ||mov edx, dword ptr [ecx+eax*4]
004023BC |. C74495 C0 140>||mov dword ptr [ebp+edx*4-40], 14 ; SomeData[order[str[2]]] = 20
004023C4 |. 8B85 F4FEFFFF ||mov eax, dword ptr [ebp-10C]
004023CA |. 83C0 01 ||add eax, 1
004023CD |. 8985 F4FEFFFF ||mov dword ptr [ebp-10C], eax ; str[2] += 1;
004023D3 |> C745 FC 00000>||mov dword ptr [ebp-4], 0 ; i = 0;
004023DA |. C745 F4 00000>||mov dword ptr [ebp-C], 0 ; s = 0;
004023E1 |. C745 FC 00000>||mov dword ptr [ebp-4], 0
004023E8 |. EB 09 ||jmp short 004023F3
004023EA |> 8B4D FC ||/mov ecx, dword ptr [ebp-4]
004023ED |. 83C1 01 |||add ecx, 1
004023F0 |. 894D FC |||mov dword ptr [ebp-4], ecx ; i += 1;
004023F3 |> 8B55 08 || mov edx, dword ptr [ebp+8]
004023F6 |. 8B45 FC |||mov eax, dword ptr [ebp-4]
004023F9 |. 3B02 |||cmp eax, dword ptr [edx]
004023FB |. 7D 4B |||jge short 00402448 ; if(i >= nKey[0])
004023FD |. C745 F8 00000>|||mov dword ptr [ebp-8], 0 ; j = 0;
00402404 |. C745 F8 00000>|||mov dword ptr [ebp-8], 0
0040240B |. EB 09 |||jmp short 00402416
0040240D |> 8B4D F8 |||/mov ecx, dword ptr [ebp-8]
00402410 |. 83C1 01 ||||add ecx, 1
00402413 |. 894D F8 ||||mov dword ptr [ebp-8], ecx ; j += 1;
00402416 |> 8B55 F8 ||| mov edx, dword ptr [ebp-8]
00402419 |. 3B95 FCFEFFFF ||||cmp edx, dword ptr [ebp-104]
0040241F |. 7D 25 ||||jge short 00402446 ; if(j >= str[0])
00402421 |. 8B45 F4 ||||mov eax, dword ptr [ebp-C]
00402424 |. 8B4C85 C0 ||||mov ecx, dword ptr [ebp+eax*4-40>; SomeData[s]
00402428 |. 8B55 FC ||||mov edx, dword ptr [ebp-4]
0040242B |. C1E2 04 ||||shl edx, 4
0040242E |. 8D8415 00FFFF>||||lea eax, dword ptr [ebp+edx-100]
00402435 |. 8B55 F8 ||||mov edx, dword ptr [ebp-8]
00402438 |. 890C90 ||||mov dword ptr [eax+edx*4], ecx ; SomeOtherData[4*i+j] = SomeData[s];
0040243B |. 8B45 F4 ||||mov eax, dword ptr [ebp-C]
0040243E |. 83C0 01 ||||add eax, 1
00402441 |. 8945 F4 ||||mov dword ptr [ebp-C], eax ; s += 1;
00402444 |.^ EB C7 |||\jmp short 0040240D
00402446 |>^ EB A2 ||\jmp short 004023EA
00402448 |> C785 F0FEFFFF>||mov dword ptr [ebp-110], 0 ; str[3] = 0;
00402452 |. C785 ECFEFFFF>||mov dword ptr [ebp-114], 0 ; str[4] = 0;
0040245C |. C745 FC 00000>||mov dword ptr [ebp-4], 0 ; i = 0;
00402463 |> 8B4D FC ||/mov ecx, dword ptr [ebp-4]
00402466 |. 3B8D FCFEFFFF |||cmp ecx, dword ptr [ebp-104]
0040246C |. 7D 4F |||jge short 004024BD ; if(i >= str[0])
0040246E |. 8B55 08 |||mov edx, dword ptr [ebp+8]
00402471 |. 8B42 04 |||mov eax, dword ptr [edx+4]
00402474 |. C1E0 04 |||shl eax, 4
00402477 |. 8D8C05 00FFFF>|||lea ecx, dword ptr [ebp+eax-100]
0040247E |. 8B55 FC |||mov edx, dword ptr [ebp-4]
00402481 |. 8B85 F0FEFFFF |||mov eax, dword ptr [ebp-110]
00402487 |. 030491 |||add eax, dword ptr [ecx+edx*4] ; SomeOtherData[4*nKey[1]+i]
0040248A |. 8985 F0FEFFFF |||mov dword ptr [ebp-110], eax ; str[3] = str[3]+SomeOtherData[4*nKey[1]+i]
00402490 |. 8B4D 08 |||mov ecx, dword ptr [ebp+8]
00402493 |. 8B51 08 |||mov edx, dword ptr [ecx+8]
00402496 |. C1E2 04 |||shl edx, 4
00402499 |. 8D8415 00FFFF>|||lea eax, dword ptr [ebp+edx-100]
004024A0 |. 8B4D FC |||mov ecx, dword ptr [ebp-4]
004024A3 |. 8B95 ECFEFFFF |||mov edx, dword ptr [ebp-114]
004024A9 |. 031488 |||add edx, dword ptr [eax+ecx*4]
004024AC |. 8995 ECFEFFFF |||mov dword ptr [ebp-114], edx ; str[4] = str[4]+SomeOtherData[4*nKey[2]+i]
004024B2 |. 8B45 FC |||mov eax, dword ptr [ebp-4]
004024B5 |. 83C0 01 |||add eax, 1
004024B8 |. 8945 FC |||mov dword ptr [ebp-4], eax ; i += 1;
004024BB |.^ EB A6 ||\jmp short 00402463
004024BD |> 8B8D F0FEFFFF ||mov ecx, dword ptr [ebp-110]
004024C3 |. 3B8D ECFEFFFF ||cmp ecx, dword ptr [ebp-114]
004024C9 |. 0F85 EA000000 ||jnz 004025B9 ; if(str[3] != str[4])
004024CF |. 8B55 08 ||mov edx, dword ptr [ebp+8]
004024D2 |. 8B42 0C ||mov eax, dword ptr [edx+C]
004024D5 |. C1E0 04 ||shl eax, 4
004024D8 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
004024DF |. 8B55 08 ||mov edx, dword ptr [ebp+8]
004024E2 |. 8B42 10 ||mov eax, dword ptr [edx+10]
004024E5 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
004024E8 |. 8B52 14 ||mov edx, dword ptr [edx+14]
004024EB |. C1E2 04 ||shl edx, 4
004024EE |. 8D9415 00FFFF>||lea edx, dword ptr [ebp+edx-100]
004024F5 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
004024F8 |. 8B76 18 ||mov esi, dword ptr [esi+18]
004024FB |. 8B0481 ||mov eax, dword ptr [ecx+eax*4]
004024FE |. 3B04B2 ||cmp eax, dword ptr [edx+esi*4]
00402501 |. 75 5C ||jnz short 0040255F ; if(SomeOtherData[4*nKey[3]+nKey[4]] != SomeOtherData[4*nKey[5]+nKey[6]]
00402503 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402506 |. 8B51 1C ||mov edx, dword ptr [ecx+1C]
00402509 |. C1E2 04 ||shl edx, 4
0040250C |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402513 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402516 |. 8B51 20 ||mov edx, dword ptr [ecx+20]
00402519 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
0040251C |. 8B49 24 ||mov ecx, dword ptr [ecx+24]
0040251F |. C1E1 04 ||shl ecx, 4
00402522 |. 8D8C0D 00FFFF>||lea ecx, dword ptr [ebp+ecx-100]
00402529 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
0040252C |. 8B76 28 ||mov esi, dword ptr [esi+28]
0040252F |. 8B1490 ||mov edx, dword ptr [eax+edx*4]
00402532 |. 3B14B1 ||cmp edx, dword ptr [ecx+esi*4]
00402535 |. 75 14 ||jnz short 0040254B ; if(SomeOtherData[4*nKey[7]+nKey[8] != SomeOtherData[4*nKey[9]+nKey[10]])
00402537 |. 8B45 0C ||mov eax, dword ptr [ebp+C]
0040253A |. 0345 F0 ||add eax, dword ptr [ebp-10]
0040253D |. C600 6C ||mov byte ptr [eax], 6C ; in[t] = 'l';
00402540 |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
00402543 |. 83C1 01 ||add ecx, 1
00402546 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t += 1;
00402549 |. EB 12 ||jmp short 0040255D
0040254B |> 8B55 0C ||mov edx, dword ptr [ebp+C]
0040254E |. 0355 F0 ||add edx, dword ptr [ebp-10]
00402551 |. C602 6B ||mov byte ptr [edx], 6B ; in[t] = 'k';
00402554 |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
00402557 |. 83C0 01 ||add eax, 1
0040255A |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t += 1;
0040255D |> EB 5A ||jmp short 004025B9
0040255F |> 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402562 |. 8B51 1C ||mov edx, dword ptr [ecx+1C]
00402565 |. C1E2 04 ||shl edx, 4
00402568 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
0040256F |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402572 |. 8B51 20 ||mov edx, dword ptr [ecx+20]
00402575 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402578 |. 8B49 24 ||mov ecx, dword ptr [ecx+24]
0040257B |. C1E1 04 ||shl ecx, 4
0040257E |. 8D8C0D 00FFFF>||lea ecx, dword ptr [ebp+ecx-100]
00402585 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402588 |. 8B76 28 ||mov esi, dword ptr [esi+28]
0040258B |. 8B1490 ||mov edx, dword ptr [eax+edx*4]
0040258E |. 3B14B1 ||cmp edx, dword ptr [ecx+esi*4]
00402591 |. 75 14 ||jnz short 004025A7 ; if(SomeOtherData[4*nKey[7]+nKey[8]] != SomeOtherData[4*nKey[9]+nKey[10]])
00402593 |. 8B45 0C ||mov eax, dword ptr [ebp+C]
00402596 |. 0345 F0 ||add eax, dword ptr [ebp-10]
00402599 |. C600 6A ||mov byte ptr [eax], 6A ; in[t] = 'j';
0040259C |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
0040259F |. 83C1 01 ||add ecx, 1
004025A2 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t += 1;
004025A5 |. EB 12 ||jmp short 004025B9
004025A7 |> 8B55 0C ||mov edx, dword ptr [ebp+C]
004025AA |. 0355 F0 ||add edx, dword ptr [ebp-10]
004025AD |. C602 69 ||mov byte ptr [edx], 69 ; in[t] = 'i';
004025B0 |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
004025B3 |. 83C0 01 ||add eax, 1
004025B6 |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t += 1;
004025B9 |> 8B8D F0FEFFFF ||mov ecx, dword ptr [ebp-110]
004025BF |. 3B8D ECFEFFFF ||cmp ecx, dword ptr [ebp-114]
004025C5 |. 0F8E 91040000 ||jle 00402A5C ; if(str[3] <= str[4])
004025CB |. C745 FC 00000>||mov dword ptr [ebp-4], 0 ; i = 0;
004025D2 |. C785 E8FEFFFF>||mov dword ptr [ebp-118], 0 ; str[5] = 0;
004025DC |. C785 E4FEFFFF>||mov dword ptr [ebp-11C], 0 ; str[6] = 0;
004025E6 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
004025E9 |. 8B42 30 ||mov eax, dword ptr [edx+30]
004025EC |. C1E0 04 ||shl eax, 4
004025EF |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
004025F6 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
004025F9 |. 8B42 34 ||mov eax, dword ptr [edx+34]
004025FC |. 8B0C81 ||mov ecx, dword ptr [ecx+eax*4]
004025FF |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402602 |. 8B42 04 ||mov eax, dword ptr [edx+4]
00402605 |. C1E0 04 ||shl eax, 4
00402608 |. 8D9405 00FFFF>||lea edx, dword ptr [ebp+eax-100]
0040260F |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402612 |. 8B40 2C ||mov eax, dword ptr [eax+2C]
00402615 |. 890C82 ||mov dword ptr [edx+eax*4], ecx ; SomeOtherData[4*nKey[1]+nKey[11]] = SomeOtherData[4*nKey[12]+nKey[13]];
00402618 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
0040261B |. 8B51 3C ||mov edx, dword ptr [ecx+3C]
0040261E |. C1E2 04 ||shl edx, 4
00402621 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402628 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
0040262B |. 8B51 40 ||mov edx, dword ptr [ecx+40]
0040262E |. 8B0490 ||mov eax, dword ptr [eax+edx*4]
00402631 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402634 |. 8B51 04 ||mov edx, dword ptr [ecx+4]
00402637 |. C1E2 04 ||shl edx, 4
0040263A |. 8D8C15 00FFFF>||lea ecx, dword ptr [ebp+edx-100]
00402641 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402644 |. 8B52 38 ||mov edx, dword ptr [edx+38]
00402647 |. 890491 ||mov dword ptr [ecx+edx*4], eax ; SOD[4*nKey[1]+nKey[14]] = SOD[4*nKey[15]+nKey[16]];
0040264A |. 8B45 08 ||mov eax, dword ptr [ebp+8]
0040264D |. 8B48 48 ||mov ecx, dword ptr [eax+48]
00402650 |. C1E1 04 ||shl ecx, 4
00402653 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
0040265A |. 8B45 08 ||mov eax, dword ptr [ebp+8]
0040265D |. 8B48 4C ||mov ecx, dword ptr [eax+4C]
00402660 |. 8B148A ||mov edx, dword ptr [edx+ecx*4]
00402663 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402666 |. 8B48 04 ||mov ecx, dword ptr [eax+4]
00402669 |. C1E1 04 ||shl ecx, 4
0040266C |. 8D840D 00FFFF>||lea eax, dword ptr [ebp+ecx-100]
00402673 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402676 |. 8B49 44 ||mov ecx, dword ptr [ecx+44]
00402679 |. 891488 ||mov dword ptr [eax+ecx*4], edx ; SOD[4*nKey[1]+nKey[17]] = SOD[4*nKey[18]+nKey[19]]
0040267C |. 8B55 08 ||mov edx, dword ptr [ebp+8]
0040267F |. 8B42 54 ||mov eax, dword ptr [edx+54]
00402682 |. C1E0 04 ||shl eax, 4
00402685 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
0040268C |. 8B55 08 ||mov edx, dword ptr [ebp+8]
0040268F |. 8B42 58 ||mov eax, dword ptr [edx+58]
00402692 |. 8B0C81 ||mov ecx, dword ptr [ecx+eax*4]
00402695 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402698 |. 8B42 08 ||mov eax, dword ptr [edx+8]
0040269B |. C1E0 04 ||shl eax, 4
0040269E |. 8D9405 00FFFF>||lea edx, dword ptr [ebp+eax-100]
004026A5 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004026A8 |. 8B40 50 ||mov eax, dword ptr [eax+50]
004026AB |. 890C82 ||mov dword ptr [edx+eax*4], ecx ; SOD[4*nKey[2]+nKey[20]] = SOD[4*nKey[21]+nKey[22]];
004026AE |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
004026B1 |. 8B51 60 ||mov edx, dword ptr [ecx+60]
004026B4 |. C1E2 04 ||shl edx, 4
004026B7 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
004026BE |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
004026C1 |. 8B51 64 ||mov edx, dword ptr [ecx+64]
004026C4 |. 8B0490 ||mov eax, dword ptr [eax+edx*4]
004026C7 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
004026CA |. 8B51 08 ||mov edx, dword ptr [ecx+8]
004026CD |. C1E2 04 ||shl edx, 4
004026D0 |. 8D8C15 00FFFF>||lea ecx, dword ptr [ebp+edx-100]
004026D7 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
004026DA |. 8B52 5C ||mov edx, dword ptr [edx+5C]
004026DD |. 890491 ||mov dword ptr [ecx+edx*4], eax ; SOD[4*nKey[2]+nKey[23]] = SOD[4*nKey[24]+nKey[25]];
004026E0 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004026E3 |. 8B48 6C ||mov ecx, dword ptr [eax+6C]
004026E6 |. C1E1 04 ||shl ecx, 4
004026E9 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
004026F0 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004026F3 |. 8B48 70 ||mov ecx, dword ptr [eax+70]
004026F6 |. 8B148A ||mov edx, dword ptr [edx+ecx*4]
004026F9 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004026FC |. 8B48 08 ||mov ecx, dword ptr [eax+8]
004026FF |. C1E1 04 ||shl ecx, 4
00402702 |. 8D840D 00FFFF>||lea eax, dword ptr [ebp+ecx-100]
00402709 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
0040270C |. 8B49 68 ||mov ecx, dword ptr [ecx+68]
0040270F |. 891488 ||mov dword ptr [eax+ecx*4], edx ; SOD[4*nKey[2]+nKey[26]] = SOD[4*nKey[27]+nKey[28]];
00402712 |> 8B55 FC ||/mov edx, dword ptr [ebp-4]
00402715 |. 3B95 FCFEFFFF |||cmp edx, dword ptr [ebp-104]
0040271B |. 7D 4F |||jge short 0040276C ; if(i >= str[1])
0040271D |. 8B45 08 |||mov eax, dword ptr [ebp+8]
00402720 |. 8B48 04 |||mov ecx, dword ptr [eax+4]
00402723 |. C1E1 04 |||shl ecx, 4
00402726 |. 8D940D 00FFFF>|||lea edx, dword ptr [ebp+ecx-100]
0040272D |. 8B45 FC |||mov eax, dword ptr [ebp-4]
00402730 |. 8B8D E8FEFFFF |||mov ecx, dword ptr [ebp-118]
00402736 |. 030C82 |||add ecx, dword ptr [edx+eax*4]
00402739 |. 898D E8FEFFFF |||mov dword ptr [ebp-118], ecx ; str[5] += SomeOtherData[4*nKey[1]+i];
0040273F |. 8B55 08 |||mov edx, dword ptr [ebp+8]
00402742 |. 8B42 08 |||mov eax, dword ptr [edx+8]
00402745 |. C1E0 04 |||shl eax, 4
00402748 |. 8D8C05 00FFFF>|||lea ecx, dword ptr [ebp+eax-100]
0040274F |. 8B55 FC |||mov edx, dword ptr [ebp-4]
00402752 |. 8B85 E4FEFFFF |||mov eax, dword ptr [ebp-11C]
00402758 |. 030491 |||add eax, dword ptr [ecx+edx*4] ; str[6] += SomeOtherData[4*nKey[2]+i];
0040275B |. 8985 E4FEFFFF |||mov dword ptr [ebp-11C], eax
00402761 |. 8B4D FC |||mov ecx, dword ptr [ebp-4]
00402764 |. 83C1 01 |||add ecx, 1
00402767 |. 894D FC |||mov dword ptr [ebp-4], ecx ; i++
0040276A |.^ EB A6 ||\jmp short 00402712
0040276C |> 8B95 E8FEFFFF ||mov edx, dword ptr [ebp-118]
00402772 |. 3B95 E4FEFFFF ||cmp edx, dword ptr [ebp-11C]
00402778 |. 7E 5D ||jle short 004027D7 ; if(str[5] <= str[6])
0040277A |. 8B45 08 ||mov eax, dword ptr [ebp+8]
0040277D |. 8B48 74 ||mov ecx, dword ptr [eax+74]
00402780 |. C1E1 04 ||shl ecx, 4
00402783 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
0040278A |. 8B45 08 ||mov eax, dword ptr [ebp+8]
0040278D |. 8B48 78 ||mov ecx, dword ptr [eax+78]
00402790 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402793 |. 8B40 7C ||mov eax, dword ptr [eax+7C]
00402796 |. C1E0 04 ||shl eax, 4
00402799 |. 8D8405 00FFFF>||lea eax, dword ptr [ebp+eax-100]
004027A0 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
004027A3 |. 8BB6 80000000 ||mov esi, dword ptr [esi+80]
004027A9 |. 8B0C8A ||mov ecx, dword ptr [edx+ecx*4]
004027AC |. 3B0CB0 ||cmp ecx, dword ptr [eax+esi*4]
004027AF |. 75 14 ||jnz short 004027C5 ; if(SOD[4*nKey[29]+nKey[30]] != SOD[4*nKey[31]+nKey[32])
004027B1 |. 8B55 0C ||mov edx, dword ptr [ebp+C]
004027B4 |. 0355 F0 ||add edx, dword ptr [ebp-10]
004027B7 |. C602 65 ||mov byte ptr [edx], 65 ; in[t] = 'e';
004027BA |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
004027BD |. 83C0 01 ||add eax, 1
004027C0 |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t++;
004027C3 |. EB 12 ||jmp short 004027D7
004027C5 |> 8B4D 0C ||mov ecx, dword ptr [ebp+C]
004027C8 |. 034D F0 ||add ecx, dword ptr [ebp-10]
004027CB |. C601 61 ||mov byte ptr [ecx], 61 ; in[t] = 'a';
004027CE |. 8B55 F0 ||mov edx, dword ptr [ebp-10]
004027D1 |. 83C2 01 ||add edx, 1
004027D4 |. 8955 F0 ||mov dword ptr [ebp-10], edx ; t++;
004027D7 |> 8B85 E8FEFFFF ||mov eax, dword ptr [ebp-118]
004027DD |. 3B85 E4FEFFFF ||cmp eax, dword ptr [ebp-11C]
004027E3 |. 0F8D F6000000 ||jge 004028DF ; if(str[5] >= str[6])
004027E9 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
004027EC |. 8B91 84000000 ||mov edx, dword ptr [ecx+84]
004027F2 |. C1E2 04 ||shl edx, 4
004027F5 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
004027FC |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
004027FF |. 8B91 88000000 ||mov edx, dword ptr [ecx+88]
00402805 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402808 |. 8B89 8C000000 ||mov ecx, dword ptr [ecx+8C]
0040280E |. C1E1 04 ||shl ecx, 4
00402811 |. 8D8C0D 00FFFF>||lea ecx, dword ptr [ebp+ecx-100]
00402818 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
0040281B |. 8BB6 90000000 ||mov esi, dword ptr [esi+90]
00402821 |. 8B1490 ||mov edx, dword ptr [eax+edx*4]
00402824 |. 3B14B1 ||cmp edx, dword ptr [ecx+esi*4]
00402827 |. 7E 12 ||jle short 0040283B ; if(SOD[4*nKey[33]+nKey[34]] <= SOD[4*nKey[35]+nKey[36]])
00402829 |. 8B45 0C ||mov eax, dword ptr [ebp+C]
0040282C |. 0345 F0 ||add eax, dword ptr [ebp-10]
0040282F |. C600 67 ||mov byte ptr [eax], 67 ; in[t] = 'g';
00402832 |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
00402835 |. 83C1 01 ||add ecx, 1
00402838 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t++;
0040283B |> 8B55 08 ||mov edx, dword ptr [ebp+8]
0040283E |. 8B82 84000000 ||mov eax, dword ptr [edx+84]
00402844 |. C1E0 04 ||shl eax, 4
00402847 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
0040284E |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402851 |. 8B82 88000000 ||mov eax, dword ptr [edx+88]
00402857 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
0040285A |. 8B92 8C000000 ||mov edx, dword ptr [edx+8C]
00402860 |. C1E2 04 ||shl edx, 4
00402863 |. 8D9415 00FFFF>||lea edx, dword ptr [ebp+edx-100]
0040286A |. 8B75 08 ||mov esi, dword ptr [ebp+8]
0040286D |. 8BB6 90000000 ||mov esi, dword ptr [esi+90]
00402873 |. 8B0481 ||mov eax, dword ptr [ecx+eax*4]
00402876 |. 3B04B2 ||cmp eax, dword ptr [edx+esi*4]
00402879 |. 7D 12 ||jge short 0040288D ; if(SOD[4*nKey[33]+nKey[34]] >= SOD[4*nKey[35]+nKey[36]])
0040287B |. 8B4D 0C ||mov ecx, dword ptr [ebp+C]
0040287E |. 034D F0 ||add ecx, dword ptr [ebp-10]
00402881 |. C601 66 ||mov byte ptr [ecx], 66 ; in[t] = 'f'
00402884 |. 8B55 F0 ||mov edx, dword ptr [ebp-10]
00402887 |. 83C2 01 ||add edx, 1
0040288A |. 8955 F0 ||mov dword ptr [ebp-10], edx ; t++;
0040288D |> 8B45 08 ||mov eax, dword ptr [ebp+8]
00402890 |. 8B88 84000000 ||mov ecx, dword ptr [eax+84]
00402896 |. C1E1 04 ||shl ecx, 4
00402899 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
004028A0 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004028A3 |. 8B88 88000000 ||mov ecx, dword ptr [eax+88]
004028A9 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004028AC |. 8B80 8C000000 ||mov eax, dword ptr [eax+8C]
004028B2 |. C1E0 04 ||shl eax, 4
004028B5 |. 8D8405 00FFFF>||lea eax, dword ptr [ebp+eax-100]
004028BC |. 8B75 08 ||mov esi, dword ptr [ebp+8]
004028BF |. 8BB6 90000000 ||mov esi, dword ptr [esi+90]
004028C5 |. 8B0C8A ||mov ecx, dword ptr [edx+ecx*4]
004028C8 |. 3B0CB0 ||cmp ecx, dword ptr [eax+esi*4]
004028CB |. 75 12 ||jnz short 004028DF ; if(SOD[4*nKey[33]+nKey[34]] != SOD[4*nKey[35]+nKey[36]])
004028CD |. 8B55 0C ||mov edx, dword ptr [ebp+C]
004028D0 |. 0355 F0 ||add edx, dword ptr [ebp-10]
004028D3 |. C602 68 ||mov byte ptr [edx], 68 ; in[t] = 'h'
004028D6 |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
004028D9 |. 83C0 01 ||add eax, 1
004028DC |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t++;
004028DF |> 8B8D E8FEFFFF ||mov ecx, dword ptr [ebp-118]
004028E5 |. 3B8D E4FEFFFF ||cmp ecx, dword ptr [ebp-11C]
004028EB |. 0F85 6B010000 ||jnz 00402A5C ; if(str[5] != str[6])
004028F1 |. C745 FC 00000>||mov dword ptr [ebp-4], 0 ; i = 0;
004028F8 |. C745 F4 00000>||mov dword ptr [ebp-C], 0 ; s = 0;
004028FF |. C745 FC 00000>||mov dword ptr [ebp-4], 0
00402906 |. EB 09 ||jmp short 00402911
00402908 |> 8B55 FC ||/mov edx, dword ptr [ebp-4]
0040290B |. 83C2 01 |||add edx, 1
0040290E |. 8955 FC |||mov dword ptr [ebp-4], edx ; i++;
00402911 |> 8B45 08 || mov eax, dword ptr [ebp+8]
00402914 |. 8B4D FC |||mov ecx, dword ptr [ebp-4]
00402917 |. 3B08 |||cmp ecx, dword ptr [eax]
00402919 |. 7D 4B |||jge short 00402966 ; if(i >= nKey[0])
0040291B |. C745 F8 00000>|||mov dword ptr [ebp-8], 0
00402922 |. C745 F8 00000>|||mov dword ptr [ebp-8], 0 ; j = 0;
00402929 |. EB 09 |||jmp short 00402934
0040292B |> 8B55 F8 |||/mov edx, dword ptr [ebp-8]
0040292E |. 83C2 01 ||||add edx, 1
00402931 |. 8955 F8 ||||mov dword ptr [ebp-8], edx ; j++;
00402934 |> 8B45 F8 ||| mov eax, dword ptr [ebp-8]
00402937 |. 3B85 FCFEFFFF ||||cmp eax, dword ptr [ebp-104]
0040293D |. 7D 25 ||||jge short 00402964 ; if(j >= str[0])
0040293F |. 8B4D F4 ||||mov ecx, dword ptr [ebp-C]
00402942 |. 8B548D C0 ||||mov edx, dword ptr [ebp+ecx*4-40>
00402946 |. 8B45 FC ||||mov eax, dword ptr [ebp-4]
00402949 |. C1E0 04 ||||shl eax, 4
0040294C |. 8D8C05 00FFFF>||||lea ecx, dword ptr [ebp+eax-100]
00402953 |. 8B45 F8 ||||mov eax, dword ptr [ebp-8]
00402956 |. 891481 ||||mov dword ptr [ecx+eax*4], edx ; SOD[4*i+j] = SD[s];
00402959 |. 8B4D F4 ||||mov ecx, dword ptr [ebp-C]
0040295C |. 83C1 01 ||||add ecx, 1
0040295F |. 894D F4 ||||mov dword ptr [ebp-C], ecx ; s++;
00402962 |.^ EB C7 |||\jmp short 0040292B
00402964 |>^ EB A2 ||\jmp short 00402908
00402966 |> 8B55 08 ||mov edx, dword ptr [ebp+8]
00402969 |. 8B82 94000000 ||mov eax, dword ptr [edx+94]
0040296F |. C1E0 04 ||shl eax, 4
00402972 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
00402979 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
0040297C |. 8B82 98000000 ||mov eax, dword ptr [edx+98]
00402982 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402985 |. 8B92 9C000000 ||mov edx, dword ptr [edx+9C]
0040298B |. C1E2 04 ||shl edx, 4
0040298E |. 8D9415 00FFFF>||lea edx, dword ptr [ebp+edx-100]
00402995 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402998 |. 8BB6 A0000000 ||mov esi, dword ptr [esi+A0]
0040299E |. 8B0481 ||mov eax, dword ptr [ecx+eax*4]
004029A1 |. 3B04B2 ||cmp eax, dword ptr [edx+esi*4]
004029A4 |. 7E 12 ||jle short 004029B8 ; if(SOD[4*nKey[37]+nKey[38]] <= SOD[4*nKey[39]+nKey[40]])
004029A6 |. 8B4D 0C ||mov ecx, dword ptr [ebp+C]
004029A9 |. 034D F0 ||add ecx, dword ptr [ebp-10]
004029AC |. C601 62 ||mov byte ptr [ecx], 62 ; in[t] = 'b'
004029AF |. 8B55 F0 ||mov edx, dword ptr [ebp-10]
004029B2 |. 83C2 01 ||add edx, 1
004029B5 |. 8955 F0 ||mov dword ptr [ebp-10], edx ; t++;
004029B8 |> 8B45 08 ||mov eax, dword ptr [ebp+8]
004029BB |. 8B88 94000000 ||mov ecx, dword ptr [eax+94]
004029C1 |. C1E1 04 ||shl ecx, 4
004029C4 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
004029CB |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004029CE |. 8B88 98000000 ||mov ecx, dword ptr [eax+98]
004029D4 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
004029D7 |. 8B80 9C000000 ||mov eax, dword ptr [eax+9C]
004029DD |. C1E0 04 ||shl eax, 4
004029E0 |. 8D8405 00FFFF>||lea eax, dword ptr [ebp+eax-100]
004029E7 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
004029EA |. 8BB6 A0000000 ||mov esi, dword ptr [esi+A0]
004029F0 |. 8B0C8A ||mov ecx, dword ptr [edx+ecx*4]
004029F3 |. 3B0CB0 ||cmp ecx, dword ptr [eax+esi*4]
004029F6 |. 7D 12 ||jge short 00402A0A ; if(SOD[4*nKey[37]+nKey[38]] >= SOD[4*nKey[39]+nKey[40]])
004029F8 |. 8B55 0C ||mov edx, dword ptr [ebp+C]
004029FB |. 0355 F0 ||add edx, dword ptr [ebp-10]
004029FE |. C602 63 ||mov byte ptr [edx], 63 ; in[t] = 'c';
00402A01 |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
00402A04 |. 83C0 01 ||add eax, 1
00402A07 |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t++;
00402A0A |> 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402A0D |. 8B91 94000000 ||mov edx, dword ptr [ecx+94]
00402A13 |. C1E2 04 ||shl edx, 4
00402A16 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402A1D |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402A20 |. 8B91 98000000 ||mov edx, dword ptr [ecx+98]
00402A26 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402A29 |. 8B89 9C000000 ||mov ecx, dword ptr [ecx+9C]
00402A2F |. C1E1 04 ||shl ecx, 4
00402A32 |. 8D8C0D 00FFFF>||lea ecx, dword ptr [ebp+ecx-100]
00402A39 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402A3C |. 8BB6 A0000000 ||mov esi, dword ptr [esi+A0]
00402A42 |. 8B1490 ||mov edx, dword ptr [eax+edx*4]
00402A45 |. 3B14B1 ||cmp edx, dword ptr [ecx+esi*4]
00402A48 |. 75 12 ||jnz short 00402A5C ; if(SOD[4*nKey[37]+nKey[38]] != SOD[4*nKey[39]+nKey[40]])
00402A4A |. 8B45 0C ||mov eax, dword ptr [ebp+C]
00402A4D |. 0345 F0 ||add eax, dword ptr [ebp-10]
00402A50 |. C600 64 ||mov byte ptr [eax], 64 ; in[t] = 'd';
00402A53 |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
00402A56 |. 83C1 01 ||add ecx, 1
00402A59 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t++;
00402A5C |> 8B95 F0FEFFFF ||mov edx, dword ptr [ebp-110]
00402A62 |. 3B95 ECFEFFFF ||cmp edx, dword ptr [ebp-114]
00402A68 |. 0F8D 9A040000 ||jge 00402F08 ; if(str[3] >= str[4])
00402A6E |. C745 FC 00000>||mov dword ptr [ebp-4], 0 ; i = 0;
00402A75 |. C785 E0FEFFFF>||mov dword ptr [ebp-120], 0 ; str[7] = 0;
00402A7F |. C785 DCFEFFFF>||mov dword ptr [ebp-124], 0 ; str[8] = 0;
00402A89 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402A8C |. 8B48 30 ||mov ecx, dword ptr [eax+30]
00402A8F |. C1E1 04 ||shl ecx, 4
00402A92 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
00402A99 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402A9C |. 8B48 34 ||mov ecx, dword ptr [eax+34]
00402A9F |. 8B148A ||mov edx, dword ptr [edx+ecx*4]
00402AA2 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402AA5 |. 8B48 04 ||mov ecx, dword ptr [eax+4]
00402AA8 |. C1E1 04 ||shl ecx, 4
00402AAB |. 8D840D 00FFFF>||lea eax, dword ptr [ebp+ecx-100]
00402AB2 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402AB5 |. 8B49 2C ||mov ecx, dword ptr [ecx+2C]
00402AB8 |. 891488 ||mov dword ptr [eax+ecx*4], edx ; SOD[4*nKey[1]+nKey[11]] = SOD[4*nKey[12]+nKey[13]];
00402ABB |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402ABE |. 8B42 3C ||mov eax, dword ptr [edx+3C]
00402AC1 |. C1E0 04 ||shl eax, 4
00402AC4 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
00402ACB |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402ACE |. 8B42 40 ||mov eax, dword ptr [edx+40]
00402AD1 |. 8B0C81 ||mov ecx, dword ptr [ecx+eax*4]
00402AD4 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402AD7 |. 8B42 04 ||mov eax, dword ptr [edx+4]
00402ADA |. C1E0 04 ||shl eax, 4
00402ADD |. 8D9405 00FFFF>||lea edx, dword ptr [ebp+eax-100]
00402AE4 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402AE7 |. 8B40 38 ||mov eax, dword ptr [eax+38]
00402AEA |. 890C82 ||mov dword ptr [edx+eax*4], ecx ; SOD[4*nKey[1]+nKey[14]] = SOD[4*nKey[15]+nKey[16];
00402AED |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402AF0 |. 8B51 48 ||mov edx, dword ptr [ecx+48]
00402AF3 |. C1E2 04 ||shl edx, 4
00402AF6 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402AFD |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402B00 |. 8B51 4C ||mov edx, dword ptr [ecx+4C]
00402B03 |. 8B0490 ||mov eax, dword ptr [eax+edx*4]
00402B06 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402B09 |. 8B51 04 ||mov edx, dword ptr [ecx+4]
00402B0C |. C1E2 04 ||shl edx, 4
00402B0F |. 8D8C15 00FFFF>||lea ecx, dword ptr [ebp+edx-100]
00402B16 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402B19 |. 8B52 44 ||mov edx, dword ptr [edx+44]
00402B1C |. 890491 ||mov dword ptr [ecx+edx*4], eax ; SOD[4*nKey[1]+nKey[17]] = SOD[4*nKey[18]+nKey[19]];
00402B1F |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402B22 |. 8B48 54 ||mov ecx, dword ptr [eax+54]
00402B25 |. C1E1 04 ||shl ecx, 4
00402B28 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
00402B2F |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402B32 |. 8B48 58 ||mov ecx, dword ptr [eax+58]
00402B35 |. 8B148A ||mov edx, dword ptr [edx+ecx*4]
00402B38 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402B3B |. 8B48 08 ||mov ecx, dword ptr [eax+8]
00402B3E |. C1E1 04 ||shl ecx, 4
00402B41 |. 8D840D 00FFFF>||lea eax, dword ptr [ebp+ecx-100]
00402B48 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402B4B |. 8B49 50 ||mov ecx, dword ptr [ecx+50]
00402B4E |. 891488 ||mov dword ptr [eax+ecx*4], edx ; SOD[4*nKey[2]+nKey[20]] = SOD[4*nKey[21]+nKey[22]];
00402B51 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402B54 |. 8B42 60 ||mov eax, dword ptr [edx+60]
00402B57 |. C1E0 04 ||shl eax, 4
00402B5A |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
00402B61 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402B64 |. 8B42 64 ||mov eax, dword ptr [edx+64]
00402B67 |. 8B0C81 ||mov ecx, dword ptr [ecx+eax*4]
00402B6A |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402B6D |. 8B42 08 ||mov eax, dword ptr [edx+8]
00402B70 |. C1E0 04 ||shl eax, 4
00402B73 |. 8D9405 00FFFF>||lea edx, dword ptr [ebp+eax-100]
00402B7A |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402B7D |. 8B40 5C ||mov eax, dword ptr [eax+5C]
00402B80 |. 890C82 ||mov dword ptr [edx+eax*4], ecx ; SOD[4*nKey[2]+nKey[23]] = SOD[4*nKey[24]+nKey[25]];
00402B83 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402B86 |. 8B51 6C ||mov edx, dword ptr [ecx+6C]
00402B89 |. C1E2 04 ||shl edx, 4
00402B8C |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402B93 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402B96 |. 8B51 70 ||mov edx, dword ptr [ecx+70]
00402B99 |. 8B0490 ||mov eax, dword ptr [eax+edx*4]
00402B9C |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402B9F |. 8B51 08 ||mov edx, dword ptr [ecx+8]
00402BA2 |. C1E2 04 ||shl edx, 4
00402BA5 |. 8D8C15 00FFFF>||lea ecx, dword ptr [ebp+edx-100]
00402BAC |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402BAF |. 8B52 68 ||mov edx, dword ptr [edx+68]
00402BB2 |. 890491 ||mov dword ptr [ecx+edx*4], eax ; SOD[4*nKey[2]+nKey[26]] = SOD[4*nKey[27]+nKey[28]];
00402BB5 |> 8B45 FC ||/mov eax, dword ptr [ebp-4]
00402BB8 |. 3B85 FCFEFFFF |||cmp eax, dword ptr [ebp-104]
00402BBE |. 7D 4F |||jge short 00402C0F ; if(i >= str[0])
00402BC0 |. 8B4D 08 |||mov ecx, dword ptr [ebp+8]
00402BC3 |. 8B51 04 |||mov edx, dword ptr [ecx+4]
00402BC6 |. C1E2 04 |||shl edx, 4
00402BC9 |. 8D8415 00FFFF>|||lea eax, dword ptr [ebp+edx-100]
00402BD0 |. 8B4D FC |||mov ecx, dword ptr [ebp-4]
00402BD3 |. 8B95 E0FEFFFF |||mov edx, dword ptr [ebp-120]
00402BD9 |. 031488 |||add edx, dword ptr [eax+ecx*4]
00402BDC |. 8995 E0FEFFFF |||mov dword ptr [ebp-120], edx ; str[7] += SOD[4*nKey[1]+i]
00402BE2 |. 8B45 08 |||mov eax, dword ptr [ebp+8]
00402BE5 |. 8B48 08 |||mov ecx, dword ptr [eax+8]
00402BE8 |. C1E1 04 |||shl ecx, 4
00402BEB |. 8D940D 00FFFF>|||lea edx, dword ptr [ebp+ecx-100]
00402BF2 |. 8B45 FC |||mov eax, dword ptr [ebp-4]
00402BF5 |. 8B8D DCFEFFFF |||mov ecx, dword ptr [ebp-124]
00402BFB |. 030C82 |||add ecx, dword ptr [edx+eax*4]
00402BFE |. 898D DCFEFFFF |||mov dword ptr [ebp-124], ecx ; str[8] += SOD[4*nKey[2]+i];
00402C04 |. 8B55 FC |||mov edx, dword ptr [ebp-4]
00402C07 |. 83C2 01 |||add edx, 1
00402C0A |. 8955 FC |||mov dword ptr [ebp-4], edx ; i++;
00402C0D |.^ EB A6 ||\jmp short 00402BB5
00402C0F |> 8B85 E0FEFFFF ||mov eax, dword ptr [ebp-120]
00402C15 |. 3B85 DCFEFFFF ||cmp eax, dword ptr [ebp-124]
00402C1B |. 0F8E F6000000 ||jle 00402D17 ; if(str[7] <= str[8])
00402C21 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402C24 |. 8B91 A4000000 ||mov edx, dword ptr [ecx+A4]
00402C2A |. C1E2 04 ||shl edx, 4
00402C2D |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402C34 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402C37 |. 8B91 A8000000 ||mov edx, dword ptr [ecx+A8]
00402C3D |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402C40 |. 8B89 AC000000 ||mov ecx, dword ptr [ecx+AC]
00402C46 |. C1E1 04 ||shl ecx, 4
00402C49 |. 8D8C0D 00FFFF>||lea ecx, dword ptr [ebp+ecx-100]
00402C50 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402C53 |. 8BB6 B0000000 ||mov esi, dword ptr [esi+B0]
00402C59 |. 8B1490 ||mov edx, dword ptr [eax+edx*4]
00402C5C |. 3B14B1 ||cmp edx, dword ptr [ecx+esi*4]
00402C5F |. 7E 12 ||jle short 00402C73 ; if(SOD[4*nKey[41]+nKey[42]] <= SOD[4*nKey[43]+nKey[44]])
00402C61 |. 8B45 0C ||mov eax, dword ptr [ebp+C]
00402C64 |. 0345 F0 ||add eax, dword ptr [ebp-10]
00402C67 |. C600 66 ||mov byte ptr [eax], 66 ; in[t] = 'f';
00402C6A |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
00402C6D |. 83C1 01 ||add ecx, 1
00402C70 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t++;
00402C73 |> 8B55 08 ||mov edx, dword ptr [ebp+8]
00402C76 |. 8B82 A4000000 ||mov eax, dword ptr [edx+A4]
00402C7C |. C1E0 04 ||shl eax, 4
00402C7F |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
00402C86 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402C89 |. 8B82 A8000000 ||mov eax, dword ptr [edx+A8]
00402C8F |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402C92 |. 8B92 AC000000 ||mov edx, dword ptr [edx+AC]
00402C98 |. C1E2 04 ||shl edx, 4
00402C9B |. 8D9415 00FFFF>||lea edx, dword ptr [ebp+edx-100]
00402CA2 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402CA5 |. 8BB6 B0000000 ||mov esi, dword ptr [esi+B0]
00402CAB |. 8B0481 ||mov eax, dword ptr [ecx+eax*4]
00402CAE |. 3B04B2 ||cmp eax, dword ptr [edx+esi*4]
00402CB1 |. 7D 12 ||jge short 00402CC5 ; if(SOD[4*nKey[41]+nKey[42]] >= SOD[4*nKey[43]+nKey[44]])
00402CB3 |. 8B4D 0C ||mov ecx, dword ptr [ebp+C]
00402CB6 |. 034D F0 ||add ecx, dword ptr [ebp-10]
00402CB9 |. C601 67 ||mov byte ptr [ecx], 67 ; in[t] = 'g';
00402CBC |. 8B55 F0 ||mov edx, dword ptr [ebp-10]
00402CBF |. 83C2 01 ||add edx, 1
00402CC2 |. 8955 F0 ||mov dword ptr [ebp-10], edx ; t++;
00402CC5 |> 8B45 08 ||mov eax, dword ptr [ebp+8]
00402CC8 |. 8B88 A4000000 ||mov ecx, dword ptr [eax+A4]
00402CCE |. C1E1 04 ||shl ecx, 4
00402CD1 |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
00402CD8 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402CDB |. 8B88 A8000000 ||mov ecx, dword ptr [eax+A8]
00402CE1 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402CE4 |. 8B80 AC000000 ||mov eax, dword ptr [eax+AC]
00402CEA |. C1E0 04 ||shl eax, 4
00402CED |. 8D8405 00FFFF>||lea eax, dword ptr [ebp+eax-100]
00402CF4 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402CF7 |. 8BB6 B0000000 ||mov esi, dword ptr [esi+B0]
00402CFD |. 8B0C8A ||mov ecx, dword ptr [edx+ecx*4]
00402D00 |. 3B0CB0 ||cmp ecx, dword ptr [eax+esi*4]
00402D03 |. 7D 12 ||jge short 00402D17 ; if(SOD[4*nKey[41]+nKey[42]] >= SOD[4*nKey[43]+nKey[44]])
00402D05 |. 8B55 0C ||mov edx, dword ptr [ebp+C]
00402D08 |. 0355 F0 ||add edx, dword ptr [ebp-10]
00402D0B |. C602 68 ||mov byte ptr [edx], 68 ; in[t] = 'h';
00402D0E |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
00402D11 |. 83C0 01 ||add eax, 1
00402D14 |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t++;
00402D17 |> 8B8D E0FEFFFF ||mov ecx, dword ptr [ebp-120]
00402D1D |. 3B8D DCFEFFFF ||cmp ecx, dword ptr [ebp-124]
00402D23 |. 7D 66 ||jge short 00402D8B ; if(str[7] >= str[8])
00402D25 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402D28 |. 8B82 B4000000 ||mov eax, dword ptr [edx+B4]
00402D2E |. C1E0 04 ||shl eax, 4
00402D31 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
00402D38 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402D3B |. 8B82 B8000000 ||mov eax, dword ptr [edx+B8]
00402D41 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402D44 |. 8B92 BC000000 ||mov edx, dword ptr [edx+BC]
00402D4A |. C1E2 04 ||shl edx, 4
00402D4D |. 8D9415 00FFFF>||lea edx, dword ptr [ebp+edx-100]
00402D54 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402D57 |. 8BB6 C0000000 ||mov esi, dword ptr [esi+C0]
00402D5D |. 8B0481 ||mov eax, dword ptr [ecx+eax*4]
00402D60 |. 3B04B2 ||cmp eax, dword ptr [edx+esi*4]
00402D63 |. 75 14 ||jnz short 00402D79 ; if(SOD[4*nKey[45]+nKey[46]] != SOD[4*nKey[47]+nKey[48]])
00402D65 |. 8B4D 0C ||mov ecx, dword ptr [ebp+C]
00402D68 |. 034D F0 ||add ecx, dword ptr [ebp-10]
00402D6B |. C601 65 ||mov byte ptr [ecx], 65 ; in[t] = 'e';
00402D6E |. 8B55 F0 ||mov edx, dword ptr [ebp-10]
00402D71 |. 83C2 01 ||add edx, 1
00402D74 |. 8955 F0 ||mov dword ptr [ebp-10], edx ; t++;
00402D77 |. EB 12 ||jmp short 00402D8B
00402D79 |> 8B45 0C ||mov eax, dword ptr [ebp+C]
00402D7C |. 0345 F0 ||add eax, dword ptr [ebp-10]
00402D7F |. C600 61 ||mov byte ptr [eax], 61 ; in[t] = 'a';
00402D82 |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
00402D85 |. 83C1 01 ||add ecx, 1
00402D88 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t++;
00402D8B |> 8B95 E0FEFFFF ||mov edx, dword ptr [ebp-120]
00402D91 |. 3B95 DCFEFFFF ||cmp edx, dword ptr [ebp-124]
00402D97 |. 0F85 6B010000 ||jnz 00402F08 ; if(str[7] != str[8])
00402D9D |. C745 FC 00000>||mov dword ptr [ebp-4], 0 ; i = 0;
00402DA4 |. C745 F4 00000>||mov dword ptr [ebp-C], 0 ; s = 0;
00402DAB |. C745 FC 00000>||mov dword ptr [ebp-4], 0
00402DB2 |. EB 09 ||jmp short 00402DBD
00402DB4 |> 8B45 FC ||/mov eax, dword ptr [ebp-4]
00402DB7 |. 83C0 01 |||add eax, 1
00402DBA |. 8945 FC |||mov dword ptr [ebp-4], eax ; i++;
00402DBD |> 8B4D 08 || mov ecx, dword ptr [ebp+8]
00402DC0 |. 8B55 FC |||mov edx, dword ptr [ebp-4]
00402DC3 |. 3B11 |||cmp edx, dword ptr [ecx]
00402DC5 |. 7D 4B |||jge short 00402E12 ; if(i >= nKey[0])
00402DC7 |. C745 F8 00000>|||mov dword ptr [ebp-8], 0
00402DCE |. C745 F8 00000>|||mov dword ptr [ebp-8], 0 ; j = 0;
00402DD5 |. EB 09 |||jmp short 00402DE0
00402DD7 |> 8B45 F8 |||/mov eax, dword ptr [ebp-8]
00402DDA |. 83C0 01 ||||add eax, 1
00402DDD |. 8945 F8 ||||mov dword ptr [ebp-8], eax ; j++;
00402DE0 |> 8B4D F8 ||| mov ecx, dword ptr [ebp-8]
00402DE3 |. 3B8D FCFEFFFF ||||cmp ecx, dword ptr [ebp-104]
00402DE9 |. 7D 25 ||||jge short 00402E10 ; if(j >= str[0])
00402DEB |. 8B55 F4 ||||mov edx, dword ptr [ebp-C]
00402DEE |. 8B4495 C0 ||||mov eax, dword ptr [ebp+edx*4-40>
00402DF2 |. 8B4D FC ||||mov ecx, dword ptr [ebp-4]
00402DF5 |. C1E1 04 ||||shl ecx, 4
00402DF8 |. 8D940D 00FFFF>||||lea edx, dword ptr [ebp+ecx-100]
00402DFF |. 8B4D F8 ||||mov ecx, dword ptr [ebp-8]
00402E02 |. 89048A ||||mov dword ptr [edx+ecx*4], eax ; SOD[4*i+j] = SD[s];
00402E05 |. 8B55 F4 ||||mov edx, dword ptr [ebp-C]
00402E08 |. 83C2 01 ||||add edx, 1
00402E0B |. 8955 F4 ||||mov dword ptr [ebp-C], edx ; s++;
00402E0E |.^ EB C7 |||\jmp short 00402DD7
00402E10 |>^ EB A2 ||\jmp short 00402DB4
00402E12 |> 8B45 08 ||mov eax, dword ptr [ebp+8]
00402E15 |. 8B88 C4000000 ||mov ecx, dword ptr [eax+C4]
00402E1B |. C1E1 04 ||shl ecx, 4
00402E1E |. 8D940D 00FFFF>||lea edx, dword ptr [ebp+ecx-100]
00402E25 |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402E28 |. 8B88 C8000000 ||mov ecx, dword ptr [eax+C8]
00402E2E |. 8B45 08 ||mov eax, dword ptr [ebp+8]
00402E31 |. 8B80 CC000000 ||mov eax, dword ptr [eax+CC]
00402E37 |. C1E0 04 ||shl eax, 4
00402E3A |. 8D8405 00FFFF>||lea eax, dword ptr [ebp+eax-100]
00402E41 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402E44 |. 8BB6 D0000000 ||mov esi, dword ptr [esi+D0]
00402E4A |. 8B0C8A ||mov ecx, dword ptr [edx+ecx*4]
00402E4D |. 3B0CB0 ||cmp ecx, dword ptr [eax+esi*4]
00402E50 |. 7E 12 ||jle short 00402E64 ; if[SOD[4*nKey[49]+nKey[50]] <= SOD[4*nKey[51]+nKey[52]])
00402E52 |. 8B55 0C ||mov edx, dword ptr [ebp+C]
00402E55 |. 0355 F0 ||add edx, dword ptr [ebp-10]
00402E58 |. C602 63 ||mov byte ptr [edx], 63 ; in[t] = 'c';
00402E5B |. 8B45 F0 ||mov eax, dword ptr [ebp-10]
00402E5E |. 83C0 01 ||add eax, 1
00402E61 |. 8945 F0 ||mov dword ptr [ebp-10], eax ; t++;
00402E64 |> 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402E67 |. 8B91 C4000000 ||mov edx, dword ptr [ecx+C4]
00402E6D |. C1E2 04 ||shl edx, 4
00402E70 |. 8D8415 00FFFF>||lea eax, dword ptr [ebp+edx-100]
00402E77 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402E7A |. 8B91 C8000000 ||mov edx, dword ptr [ecx+C8]
00402E80 |. 8B4D 08 ||mov ecx, dword ptr [ebp+8]
00402E83 |. 8B89 CC000000 ||mov ecx, dword ptr [ecx+CC]
00402E89 |. C1E1 04 ||shl ecx, 4
00402E8C |. 8D8C0D 00FFFF>||lea ecx, dword ptr [ebp+ecx-100]
00402E93 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402E96 |. 8BB6 D0000000 ||mov esi, dword ptr [esi+D0]
00402E9C |. 8B1490 ||mov edx, dword ptr [eax+edx*4]
00402E9F |. 3B14B1 ||cmp edx, dword ptr [ecx+esi*4]
00402EA2 |. 7D 12 ||jge short 00402EB6 ; if[SOD[4*nKey[49]+nKey[50]] >= SOD[4*nKey[51]+nKey[52]])
00402EA4 |. 8B45 0C ||mov eax, dword ptr [ebp+C]
00402EA7 |. 0345 F0 ||add eax, dword ptr [ebp-10]
00402EAA |. C600 62 ||mov byte ptr [eax], 62 ; in[t] = 'b';
00402EAD |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
00402EB0 |. 83C1 01 ||add ecx, 1
00402EB3 |. 894D F0 ||mov dword ptr [ebp-10], ecx ; t++;
00402EB6 |> 8B55 08 ||mov edx, dword ptr [ebp+8]
00402EB9 |. 8B82 C4000000 ||mov eax, dword ptr [edx+C4]
00402EBF |. C1E0 04 ||shl eax, 4
00402EC2 |. 8D8C05 00FFFF>||lea ecx, dword ptr [ebp+eax-100]
00402EC9 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402ECC |. 8B82 C8000000 ||mov eax, dword ptr [edx+C8]
00402ED2 |. 8B55 08 ||mov edx, dword ptr [ebp+8]
00402ED5 |. 8B92 CC000000 ||mov edx, dword ptr [edx+CC]
00402EDB |. C1E2 04 ||shl edx, 4
00402EDE |. 8D9415 00FFFF>||lea edx, dword ptr [ebp+edx-100]
00402EE5 |. 8B75 08 ||mov esi, dword ptr [ebp+8]
00402EE8 |. 8BB6 D0000000 ||mov esi, dword ptr [esi+D0]
00402EEE |. 8B0481 ||mov eax, dword ptr [ecx+eax*4]
00402EF1 |. 3B04B2 ||cmp eax, dword ptr [edx+esi*4]
00402EF4 |. 75 12 ||jnz short 00402F08 ; if[SOD[4*nKey[49]+nKey[50]] != SOD[4*nKey[51]+nKey[52]])
00402EF6 |. 8B4D 0C ||mov ecx, dword ptr [ebp+C]
00402EF9 |. 034D F0 ||add ecx, dword ptr [ebp-10]
00402EFC |. C601 64 ||mov byte ptr [ecx], 64 ; in[t] = 'd';
00402EFF |. 8B55 F0 ||mov edx, dword ptr [ebp-10]
00402F02 |. 83C2 01 ||add edx, 1
00402F05 |. 8955 F0 ||mov dword ptr [ebp-10], edx ; t++;
00402F08 |>^ E9 43F4FFFF |\jmp 00402350
00402F0D |> 8B85 F8FEFFFF |mov eax, dword ptr [ebp-108]
00402F13 |. 83C0 01 |add eax, 1
00402F16 |. 8985 F8FEFFFF |mov dword ptr [ebp-108], eax ; str[1]++;
00402F1C |.^ E9 FAF3FFFF \jmp 0040231B
00402F21 |> 5F pop edi
00402F22 |. 5E pop esi
00402F23 |. 5B pop ebx
00402F24 |. 8BE5 mov esp, ebp
00402F26 |. 5D pop ebp
00402F27 \. C3 retn
返回后
00403624 . E8 5EDAFFFF call 00401087 ; SomeFunc(nKey,in,order);
00403629 . 83C4 0C add esp, 0C
0040362C . 8D8D 00FFFFFF lea ecx, dword ptr [ebp-100]
00403632 . 898D 4CFDFFFF mov dword ptr [ebp-2B4], ecx ; char *result;result = in;
00403638 . C785 48FDFFFF>mov dword ptr [ebp-2B8], 0 ; int l = 0;
00403642 > 83BD 48FDFFFF>cmp dword ptr [ebp-2B8], 2
00403649 . 0F8D 6E010000 jge 004037BD ; if(l >= 2)
0040364F . C745 F8 00000>mov dword ptr [ebp-8], 0 ; j = 0;
00403656 . C785 64FFFFFF>mov dword ptr [ebp-9C], 0 ; k = 0;
00403660 . 83BD 48FDFFFF>cmp dword ptr [ebp-2B8], 1
00403667 . 75 0F jnz short 00403678 ; if(l != 1)
00403669 . 8B95 4CFDFFFF mov edx, dword ptr [ebp-2B4]
0040366F . 83C2 0C add edx, 0C
00403672 . 8995 4CFDFFFF mov dword ptr [ebp-2B4], edx ; result += 12;
00403678 > 837D F8 0C cmp dword ptr [ebp-8], 0C
0040367C . 0F8D 27010000 jge 004037A9 ; if(j >= 12)
00403682 . C745 FC 00000>mov dword ptr [ebp-4], 0 ; i = 0;
00403689 . 8B85 4CFDFFFF mov eax, dword ptr [ebp-2B4]
0040368F . 8A08 mov cl, byte ptr [eax] ; in[0]
00403691 . 888D F4FEFFFF mov byte ptr [ebp-10C], cl ; MinChar = in[0];
00403697 . C785 F8FEFFFF>mov dword ptr [ebp-108], 0 ; PositionOfMin = 0;
004036A1 > 8B95 4CFDFFFF mov edx, dword ptr [ebp-2B4]
004036A7 . 52 push edx ; /s
004036A8 . E8 DF0C0000 call <jmp.&MSVCRT.strlen> ; \strlen
004036AD . 83C4 04 add esp, 4
004036B0 . 83E8 01 sub eax, 1
004036B3 . 3945 FC cmp dword ptr [ebp-4], eax ; if(i < strlen(in)-1)
004036B6 . 1BC0 sbb eax, eax
004036B8 . F7D8 neg eax ; eax = 1
004036BA . 33C9 xor ecx, ecx
004036BC . 837D FC 0B cmp dword ptr [ebp-4], 0B ; if(i < 11)
004036C0 . 0F9CC1 setl cl ; cl = 1
004036C3 . 23C1 and eax, ecx
004036C5 . 85C0 test eax, eax
004036C7 . 0F84 88000000 je 00403755
004036CD . 0FBE95 F4FEFF>movsx edx, byte ptr [ebp-10C] ; MinChar
004036D4 . 8B85 4CFDFFFF mov eax, dword ptr [ebp-2B4]
004036DA . 0345 FC add eax, dword ptr [ebp-4] ; in[i]
004036DD . 0FBE48 01 movsx ecx, byte ptr [eax+1] ; in[i+1]
004036E1 . 33C0 xor eax, eax
004036E3 . 3BD1 cmp edx, ecx ; if(MinChar == in[i+1])
004036E5 . 0F94C0 sete al ; al = 1
004036E8 . 0FBE8D F4FEFF>movsx ecx, byte ptr [ebp-10C]
004036EF . 33D2 xor edx, edx
004036F1 . 83F9 7A cmp ecx, 7A ; if(MinChar != 'z')
004036F4 . 0F95C2 setne dl ; dl = 1
004036F7 . 23C2 and eax, edx
004036F9 . 85C0 test eax, eax
004036FB . 74 14 je short 00403711 ; if((MinCHar == in[i+1])&&MinChar != 'z')
004036FD . 8D85 ECFEFFFF lea eax, dword ptr [ebp-114]
00403703 . 50 push eax
00403704 . E8 BAD9FFFF call 004010C3
00403709 . 83C4 04 add esp, 4
0040370C . E9 F3020000 jmp 00403A04
00403711 > 0FBE8D F4FEFF>movsx ecx, byte ptr [ebp-10C]
00403718 . 8B95 4CFDFFFF mov edx, dword ptr [ebp-2B4]
0040371E . 0355 FC add edx, dword ptr [ebp-4]
00403721 . 0FBE42 01 movsx eax, byte ptr [edx+1]
00403725 . 3BC8 cmp ecx, eax
00403727 . 7E 1E jle short 00403747 ; if(MinChar <= in[i+1])
00403729 . 8B8D 4CFDFFFF mov ecx, dword ptr [ebp-2B4]
0040372F . 034D FC add ecx, dword ptr [ebp-4]
00403732 . 8A51 01 mov dl, byte ptr [ecx+1]
00403735 . 8895 F4FEFFFF mov byte ptr [ebp-10C], dl ; MinChar = in[i+1];
0040373B . 8B45 FC mov eax, dword ptr [ebp-4]
0040373E . 83C0 01 add eax, 1
00403741 . 8985 F8FEFFFF mov dword ptr [ebp-108], eax ; PositionOfMin = i+1;
00403747 > 8B4D FC mov ecx, dword ptr [ebp-4]
0040374A . 83C1 01 add ecx, 1
0040374D . 894D FC mov dword ptr [ebp-4], ecx ; i++;
00403750 .^ E9 4CFFFFFF jmp 004036A1
00403755 > 83BD 48FDFFFF>cmp dword ptr [ebp-2B8], 0
0040375C . 75 0F jnz short 0040376D ; if(l != 0)
0040375E . 8B95 F8FEFFFF mov edx, dword ptr [ebp-108]
00403764 . 8B45 F8 mov eax, dword ptr [ebp-8]
00403767 . 894495 98 mov dword ptr [ebp+edx*4-68], eax ; ResultOrder1[PositionOfMin] = j;
0040376B . EB 10 jmp short 0040377D
0040376D > 8B8D F8FEFFFF mov ecx, dword ptr [ebp-108]
00403773 . 8B55 F8 mov edx, dword ptr [ebp-8]
00403776 . 89948D 68FFFF>mov dword ptr [ebp+ecx*4-98], edx ; ResultOrder2[PositionOfMin] = j;
0040377D > 8B85 4CFDFFFF mov eax, dword ptr [ebp-2B4]
00403783 . 0385 F8FEFFFF add eax, dword ptr [ebp-108]
00403789 . C600 7A mov byte ptr [eax], 7A ; in[PositionOfMin] = 'z'
0040378C . 8B4D F8 mov ecx, dword ptr [ebp-8]
0040378F . 83C1 01 add ecx, 1
00403792 . 894D F8 mov dword ptr [ebp-8], ecx ; j++;
00403795 . 8B95 64FFFFFF mov edx, dword ptr [ebp-9C]
0040379B . 83C2 01 add edx, 1
0040379E . 8995 64FFFFFF mov dword ptr [ebp-9C], edx ; k++;
004037A4 .^ E9 CFFEFFFF jmp 00403678
004037A9 > 8B85 48FDFFFF mov eax, dword ptr [ebp-2B8]
004037AF . 83C0 01 add eax, 1
004037B2 . 8985 48FDFFFF mov dword ptr [ebp-2B8], eax ; l++;
004037B8 .^ E9 85FEFFFF jmp 00403642
004037BD > C745 FC 00000>mov dword ptr [ebp-4], 0
004037C4 > 837D FC 0C cmp dword ptr [ebp-4], 0C
004037C8 . 7D 55 jge short 0040381F ; if(i >= 12)
004037CA . 8B4D FC mov ecx, dword ptr [ebp-4]
004037CD . 8B55 FC mov edx, dword ptr [ebp-4]
004037D0 . 8B448D C8 mov eax, dword ptr [ebp+ecx*4-38]
004037D4 . 3B4495 98 cmp eax, dword ptr [ebp+edx*4-68]
004037D8 . 75 26 jnz short 00403800 ; if(order[i] != ResultOrder1[i])
004037DA . 8B4D FC mov ecx, dword ptr [ebp-4]
004037DD . 8B55 FC mov edx, dword ptr [ebp-4]
004037E0 . 8B448D C8 mov eax, dword ptr [ebp+ecx*4-38]
004037E4 . 3B8495 68FFFF>cmp eax, dword ptr [ebp+edx*4-98]
004037EB . 75 13 jnz short 00403800 ; if(order[i] != ResultOrder2[i])
004037ED . 8B4D FC mov ecx, dword ptr [ebp-4]
004037F0 . 8B55 FC mov edx, dword ptr [ebp-4]
004037F3 . 8B448D 98 mov eax, dword ptr [ebp+ecx*4-68]
004037F7 . 3B8495 68FFFF>cmp eax, dword ptr [ebp+edx*4-98]
004037FE . 74 14 je short 00403814 ; if(ResultOrder1[i] == ResultOrder2[i])
00403800 > 8D8D ECFEFFFF lea ecx, dword ptr [ebp-114]
00403806 . 51 push ecx
00403807 . E8 B7D8FFFF call 004010C3
0040380C . 83C4 04 add esp, 4
0040380F . E9 F0010000 jmp 00403A04
00403814 > 8B55 FC mov edx, dword ptr [ebp-4]
00403817 . 83C2 01 add edx, 1
0040381A . 8955 FC mov dword ptr [ebp-4], edx ; i++
0040381D .^ EB A5 jmp short 004037C4
0040381F > C745 FC 00000>mov dword ptr [ebp-4], 0 ; i = 0;
00403826 . C685 34FDFFFF>mov byte ptr [ebp-2CC], 67 ; o
0040382D . C685 35FDFFFF>mov byte ptr [ebp-2CB], 63 ; k
00403834 . C685 36FDFFFF>mov byte ptr [ebp-2CA], 29 ; !
0040383B . C685 37FDFFFF>mov byte ptr [ebp-2C9], 8
00403842 > 8D85 34FDFFFF lea eax, dword ptr [ebp-2CC]
00403848 . 50 push eax ; /s
00403849 . E8 3E0B0000 call <jmp.&MSVCRT.strlen> ; \strlen
0040384E . 83C4 04 add esp, 4
00403851 . 3945 FC cmp dword ptr [ebp-4], eax ; 构造字符串
00403854 . 73 22 jnb short 00403878
00403856 . 8B4D FC mov ecx, dword ptr [ebp-4]
00403859 . 8A940D 34FDFF>mov dl, byte ptr [ebp+ecx-2CC]
00403860 . 80F2 08 xor dl, 8
00403863 . 8B45 FC mov eax, dword ptr [ebp-4]
00403866 . 889405 34FDFF>mov byte ptr [ebp+eax-2CC], dl
0040386D . 8B4D FC mov ecx, dword ptr [ebp-4]
00403870 . 83C1 01 add ecx, 1
00403873 . 894D FC mov dword ptr [ebp-4], ecx
00403876 .^ EB CA jmp short 00403842
00403878 > 8B55 FC mov edx, dword ptr [ebp-4]
0040387B . C68415 34FDFF>mov byte ptr [ebp+edx-2CC], 0
00403883 . 8D85 34FDFFFF lea eax, dword ptr [ebp-2CC]
00403889 . 50 push eax
0040388A . E8 34D8FFFF call 004010C3
0040388F . 83C4 04 add esp, 4
00403892 . E9 6C010000 jmp 00403A03
到此已经完成验证
下面是C实现的算法
void SomeFunc(int nKey[53],char in[28],int order[12])
{
int i = 0,j = 0,s = 0,t = 0;
int str[10];
int SD[12]; //SomeData,I don't know how to name it
int SOD[53]; //SomeOtherData
for(i = 0;i < 12;i++)
{
SD[i] = 30;
}
str[0] = 0;
if(nKey[0] > 0)
{
str[0] = 12/nKey[0];
}
str[2] = 0;
for(str[1] = 0;str[1] < 2;str[1]++)
{
if(str[2] > 0)
{
SD[order[str[2]-1]] = 30;
}
str[2] = 0;
while(str[2] < 12)
{
if(str[2] > 0)
{
SD[order[str[2]-1]] = 30;
}
if(str[1] == 0)
{
SD[order[str[2]]] = 40;
str[2]++;
}
if(str[1] == 1)
{
SD[order[str[2]]] = 20;
str[2]++;
}
i = 0;
s = 0;
for(i = 0;i < nKey[0];i++)
{
for(j = 0;j < str[0];j++)
{
SOD[4*i+j] = SD[s];
s++;
}
}
i = 0;
str[3] = 0;
str[4] = 0;
for(i = 0;i < str[0];i++)
{
str[3] += SOD[4*nKey[1]+i];
str[4] += SOD[4*nKey[2]+i];
}
if(str[3] == str[4])
{
if(SOD[4*nKey[3]+nKey[4]] == SOD[4*nKey[5]+nKey[6]])
{
if(SOD[4*nKey[7]+SOD[nKey[8]] == SOD[4*nKey[9]+nKey[10]])
{
in[t] = 'l';
t++;
}
else
{
in[t] = 'k';
t++;
}
}
else
{
if(SOD[4*nKey[7]+SOD[nKey[8]] == SOD[4*nKey[9]+nKey[10]])
{
in[t] = 'j';
t++;
}
else
{
in[t] = 'i';
t++;
}
}
}
if(str[3] > str[4])
{
i = 0;
str[5] = 0;
str[6] = 0;
SOD[4*nKey[1]+nKey[11]] = SOD[4*nKey[12]+nKey[13]];
SOD[4*nKey[1]+nKey[14]] = SOD[4*nKey[15]+nKey[16]];
SOD[4*nKey[1]+nKey[17]] = SOD[4*nKey[18]+nKey[19]];
SOD[4*nKey[2]+nKey[20]] = SOD[4*nKey[21]+nKey[22]];
SOD[4*nKey[2]+nKey[23]] = SOD[4*nKey[24]+nKey[25]];
SOD[4*nKey[2]+nKey[26]] = SOD[4*nKey[27]+nKey[28]];
for(i = 0;i < str[1];i++)
{
str[5] += SOD[4*nKey[1]+i];
str[6] += SOD[4*nKey[2]+i];
}
if(str[5] > str[6])
{
if(SOD[4*nKey[29]+nKey[30]] == SOD[4*nKey[31]+nKey[32]])
{
in[t] = 'e';
t++;
}
else
{
in[t] = 'a';
t++;
}
}
if(str[5] < str[6])
{
if(SOD[4*nKey[33]+nKey[34]] > SOD[4*nKey[35]+nKey[36]])
{
in[t] = 'g';
t++;
}
if(SOD[4*nKey[33]+nKey[34]] < SOD[4*nKey[35]+nKey[36]])
{
in[t] = 'f';
t++;
}
if(SOD[4*nKey[33]+nKey[34]] == SOD[4*nKey[35]+nKey[36]])
{
in[t] = 'h';
t++;
}
}
if(str[5] == str[6])
{
i = 0;
s = 0;
for(i = 0;i < nKey[0];i++)
{
for(j = 0;j < str[0];j++)
{
SOD[4*i+j] = SD[s];
s++;
}
}
if(SOD[4*nKey[37]+nKey[38]] > SOD[4*nKey[39]+nKey[40]])
{
in[t] = 'b';
t++;
}
if(SOD[4*nKey[37]+nKey[38]] < SOD[4*nKey[39]+nKey[40]])
{
in[t] = 'c';
t++;
}
if(SOD[4*nKey[37]+nKey[38]] == SOD[4*nKey[39]+nKey[40]])
{
in[t] = 'd';
t++;
}
}
}
if(str[3] < str[4])
{
i = 0;
str[7] = 0;
str[8] = 0;
SOD[4*nKey[1]+nKey[11]] = SOD[4*nKey[12]+nKey[13]];
SOD[4*nKey[1]+nKey[14]] = SOD[4*nKey[15]+nKey[16]];
SOD[4*nKey[1]+nKey[17]] = SOD[4*nKey[18]+nKey[19]];
SOD[4*nKey[2]+nKey[20]] = SOD[4*nKey[21]+nKey[22]];
SOD[4*nKey[2]+nKey[23]] = SOD[4*nKey[24]+nKey[25]];
SOD[4*nKey[2]+nKey[26]] = SOD[4*nKey[27]+nKey[28]];
for(i = 0;i < str[0];i++)
{
str[7] += SOD[4*nKey[1]+i];
str[8] += SOD[4*nKey[2]+i];
}
if(str[7] > str[8])
{
if(SOD[4*nKey[41]+nKey[42]] > SOD[4*nKey[43]+nKey[44]])
{
in[t] = 'f';
t++;
}
if(SOD[4*nKey[41]+nKey[42]] < SOD[4*nKey[43]+nKey[44]])
{
in[t] = 'g';
t++;
}
if(SOD[4*nKey[41]+nKey[42]] == SOD[4*nKey[43]+nKey[44]]) //本应该是小于,我怀疑有错
{
in[t] = 'h';
t++;
}
}
if(str[7] < str[8])
{
if(SOD[4*nKey[45]+nKey[46]] != SOD[4*nKey[47]+nKey[48]])
{
in[t] = 'e';
t++;
}
else
{
in[t] = 'a';
t++;
}
}
if(str[7] == str[8])
{
i = 0;
s = 0;
for(i = 0;i < nKey[0];i++)
{
for(j = 0;j < str[0];j++)
{
SOD[4*i+j] = SD[s];
s++;
}
}
if[SOD[4*nKey[49]+nKey[50]] > SOD[4*nKey[51]+nKey[52]])
{
in[t] = 'c';
t++;
}
if[SOD[4*nKey[49]+nKey[50]] < SOD[4*nKey[51]+nKey[52]])
{
in[t] = 'b';
t++;
}
if[SOD[4*nKey[49]+nKey[50]] == SOD[4*nKey[51]+nKey[52]])
{
in[t] = 'd';
t++;
}
}
}
}
}
}
BOOL check(char szUserName[12],char szKey[53])
{
int i = 0,j = 0,k = 0,l = 0;
int nKey[53];
int order[12];
int FirstResultOrder[12];
int SecondResultOrder[12];
char MinChar;
int PositionOfMin;
char in[28] = {0};
char *result;
for(i = 0;i < 12;i++)
{
if(szUserName[i] < 0x61 || szUserName[i] >= 0x7a)
{
return FALSE;
}
}
for(j = 0;j < 12;j++)
{
i = 0;
MinChar = szUserName[0];
PositionOfMin = 0;
for(i = 0;i < strlen(szUserName)-1;i++)
{
if((MinChar == szUserName[i+1]) && (MinChar != 'z'))
{
return FALSE;
}
if(MinChar > szUserName[i+1])
{
MinChar = szUserName[i+1];
PositionOfMin = i+1;
}
}
order[PositionOfMin] = j;
k++;
}
if(k < 12)
{
return FALSE;
}
if(strlen(szKey) < 53)
{
return FALSE;
}
for(i = 0;i < strlen(szKey);i++)
{
nKey[i] = szKey[i] - 30;
if(nKey[i] > 3)
{
return FALSE;
}
}
SomeFunc(nKey,in,order);
result = in;
l = 0;
for(l = 0;l < 2;l++)
{
j = 0;
k = 0;
if(l == 1)
{
result += 12;
}
for(j = 0;j < 12;j++)
{
i = 0;
MinChar = in[0];
PositionOfMin = 0;
while(1)
{
if((i < strlen(in)-1) && (i < 11))
{
if((MinChar == in[i+1]) && (MinChar != 'z'))
{
return FALSE;
}
if(MinChar > in[i+1])
{
MinChar = in[i+1];
PositionOfMin = i+1;
}
i++;
}
else
{
break;
}
}
if(l == 0)
{
FirstResultOrder[PositionOfMin] = j;
}
else
{
SecondResultOrder[PositionOfMin] = j;
}
in[PositionOfMin] = 'z';
k++;
}
}
for(i = 0;i < 12;i++)
{
if(order[i] != FirstResultOrder[i]
{
return FALSE;
}
if(order[i] != SecondResultOrder[i])
{
return FALSE;
}
if(FirstResultOrder[i] != SecondResult[i])
{
return FALSE;
}
}
return TRUE;
}
注册算法看不出来。逆向出程序流程不难,理解算法就是
在此膜拜下诸位大牛,好好学习,天天向上!
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
|
|
|
|
|
太长了,没有看明白
|
|
|
 好长 看到就怕了 - -
|
|
|
|
