-
-
[讨论]那们帮分析一下什么算法?附IDA F5结果
-
发表于: 2011-8-30 16:28 4325
-
此函数来源于小弟目前更在跟踪的软件.
但怎奈水平实在有限特请教达人帮看一下.
一种很垃圾的key文件注册方式,
谁能告诉我这应该怎么办呢?
下面是IDA F5后的结果
但怎奈水平实在有限特请教达人帮看一下.
一种很垃圾的key文件注册方式,
谁能告诉我这应该怎么办呢?
0062DC20 >/$ 53 push ebx 0062DC21 |. 56 push esi 0062DC22 |. 57 push edi 0062DC23 |. 55 push ebp 0062DC24 |. BF FE000000 mov edi,0xFE 0062DC29 |. 8BF7 mov esi,edi 0062DC2B |. 4E dec esi 0062DC2C |. 85F6 test esi,esi 0062DC2E |. 7C 1A jl XAPPYServ.0062DC4A 0062DC30 |. 46 inc esi 0062DC31 |. 33D2 xor edx,edx 0062DC33 |> 8A8C10 000200>/mov cl,byte ptr ds:[eax+edx+0x200] 0062DC3A |. 80E9 0C |sub cl,0xC 0062DC3D |. 2ACA |sub cl,dl 0062DC3F |. 888C10 000200>|mov byte ptr ds:[eax+edx+0x200],cl 0062DC46 |. 42 |inc edx 0062DC47 |. 4E |dec esi 0062DC48 |.^ 75 E9 \jnz XAPPYServ.0062DC33 0062DC4A |> 8BF7 mov esi,edi 0062DC4C |. 4E dec esi 0062DC4D |. 85F6 test esi,esi 0062DC4F |. 7C 1A jl XAPPYServ.0062DC6B 0062DC51 |. 46 inc esi 0062DC52 |. 33D2 xor edx,edx 0062DC54 |> 8A8C10 000500>/mov cl,byte ptr ds:[eax+edx+0x500] 0062DC5B |. 80E9 15 |sub cl,0x15 0062DC5E |. 2ACA |sub cl,dl 0062DC60 |. 888C10 000500>|mov byte ptr ds:[eax+edx+0x500],cl 0062DC67 |. 42 |inc edx 0062DC68 |. 4E |dec esi 0062DC69 |.^ 75 E9 \jnz XAPPYServ.0062DC54 0062DC6B |> 8BF7 mov esi,edi 0062DC6D |. 4E dec esi 0062DC6E |. 85F6 test esi,esi 0062DC70 |. 7C 1A jl XAPPYServ.0062DC8C 0062DC72 |. 46 inc esi 0062DC73 |. 33D2 xor edx,edx 0062DC75 |> 8A8C10 000900>/mov cl,byte ptr ds:[eax+edx+0x900] 0062DC7C |. 80E9 0D |sub cl,0xD 0062DC7F |. 2ACA |sub cl,dl 0062DC81 |. 888C10 000900>|mov byte ptr ds:[eax+edx+0x900],cl 0062DC88 |. 42 |inc edx 0062DC89 |. 4E |dec esi 0062DC8A |.^ 75 E9 \jnz XAPPYServ.0062DC75 0062DC8C |> 8BF7 mov esi,edi 0062DC8E |. 4E dec esi 0062DC8F |. 85F6 test esi,esi 0062DC91 |. 7C 1A jl XAPPYServ.0062DCAD 0062DC93 |. 46 inc esi 0062DC94 |. 33D2 xor edx,edx 0062DC96 |> 8A8C10 000A00>/mov cl,byte ptr ds:[eax+edx+0xA00] 0062DC9D |. 80E9 0D |sub cl,0xD 0062DCA0 |. 2ACA |sub cl,dl 0062DCA2 |. 888C10 000A00>|mov byte ptr ds:[eax+edx+0xA00],cl 0062DCA9 |. 42 |inc edx 0062DCAA |. 4E |dec esi 0062DCAB |.^ 75 E9 \jnz XAPPYServ.0062DC96 0062DCAD |> 8BF7 mov esi,edi 0062DCAF |. 4E dec esi 0062DCB0 |. 85F6 test esi,esi 0062DCB2 |. 7C 1A jl XAPPYServ.0062DCCE 0062DCB4 |. 46 inc esi 0062DCB5 |. 33D2 xor edx,edx 0062DCB7 |> 8A8C10 000B00>/mov cl,byte ptr ds:[eax+edx+0xB00] 0062DCBE |. 80E9 0D |sub cl,0xD 0062DCC1 |. 2ACA |sub cl,dl 0062DCC3 |. 888C10 000B00>|mov byte ptr ds:[eax+edx+0xB00],cl 0062DCCA |. 42 |inc edx 0062DCCB |. 4E |dec esi 0062DCCC |.^ 75 E9 \jnz XAPPYServ.0062DCB7 0062DCCE |> 8BF7 mov esi,edi 0062DCD0 |. 4E dec esi 0062DCD1 |. 85F6 test esi,esi 0062DCD3 |. 7C 12 jl XAPPYServ.0062DCE7 0062DCD5 |. 46 inc esi 0062DCD6 |. 33D2 xor edx,edx 0062DCD8 |> 8A0C10 /mov cl,byte ptr ds:[eax+edx] 0062DCDB |. 80E9 0C |sub cl,0xC 0062DCDE |. 2ACA |sub cl,dl 0062DCE0 |. 880C10 |mov byte ptr ds:[eax+edx],cl 0062DCE3 |. 42 |inc edx 0062DCE4 |. 4E |dec esi 0062DCE5 |.^ 75 F1 \jnz XAPPYServ.0062DCD8 0062DCE7 |> 8BF7 mov esi,edi 0062DCE9 |. 4E dec esi 0062DCEA |. 85F6 test esi,esi 0062DCEC |. 7C 1A jl XAPPYServ.0062DD08 0062DCEE |. 46 inc esi 0062DCEF |. 33D2 xor edx,edx 0062DCF1 |> 8A8C10 000100>/mov cl,byte ptr ds:[eax+edx+0x100] 0062DCF8 |. 80E9 15 |sub cl,0x15 0062DCFB |. 2ACA |sub cl,dl 0062DCFD |. 888C10 000100>|mov byte ptr ds:[eax+edx+0x100],cl 0062DD04 |. 42 |inc edx 0062DD05 |. 4E |dec esi 0062DD06 |.^ 75 E9 \jnz XAPPYServ.0062DCF1 0062DD08 |> 8BF7 mov esi,edi 0062DD0A |. 4E dec esi 0062DD0B |. 85F6 test esi,esi 0062DD0D |. 7C 1A jl XAPPYServ.0062DD29 0062DD0F |. 46 inc esi 0062DD10 |. 33D2 xor edx,edx 0062DD12 |> 8A8C10 000800>/mov cl,byte ptr ds:[eax+edx+0x800] 0062DD19 |. 80E9 0D |sub cl,0xD 0062DD1C |. 2ACA |sub cl,dl 0062DD1E |. 888C10 000800>|mov byte ptr ds:[eax+edx+0x800],cl 0062DD25 |. 42 |inc edx 0062DD26 |. 4E |dec esi 0062DD27 |.^ 75 E9 \jnz XAPPYServ.0062DD12 0062DD29 |> 8BF7 mov esi,edi 0062DD2B |. 4E dec esi 0062DD2C |. 85F6 test esi,esi 0062DD2E |. 7C 1A jl XAPPYServ.0062DD4A 0062DD30 |. 46 inc esi 0062DD31 |. 33D2 xor edx,edx 0062DD33 |> 8A8C10 000C00>/mov cl,byte ptr ds:[eax+edx+0xC00] 0062DD3A |. 80E9 0C |sub cl,0xC 0062DD3D |. 2ACA |sub cl,dl 0062DD3F |. 888C10 000C00>|mov byte ptr ds:[eax+edx+0xC00],cl 0062DD46 |. 42 |inc edx 0062DD47 |. 4E |dec esi 0062DD48 |.^ 75 E9 \jnz XAPPYServ.0062DD33 0062DD4A |> 8BF7 mov esi,edi 0062DD4C |. 4E dec esi 0062DD4D |. 85F6 test esi,esi 0062DD4F |. 7C 1A jl XAPPYServ.0062DD6B 0062DD51 |. 46 inc esi 0062DD52 |. 33D2 xor edx,edx 0062DD54 |> 8A8C10 000400>/mov cl,byte ptr ds:[eax+edx+0x400] 0062DD5B |. 80E9 0D |sub cl,0xD 0062DD5E |. 2ACA |sub cl,dl 0062DD60 |. 888C10 000400>|mov byte ptr ds:[eax+edx+0x400],cl 0062DD67 |. 42 |inc edx 0062DD68 |. 4E |dec esi 0062DD69 |.^ 75 E9 \jnz XAPPYServ.0062DD54 0062DD6B |> 8BF7 mov esi,edi 0062DD6D |. 4E dec esi 0062DD6E |. 85F6 test esi,esi 0062DD70 |. 7C 1A jl XAPPYServ.0062DD8C 0062DD72 |. 46 inc esi 0062DD73 |. 33D2 xor edx,edx 0062DD75 |> 8A8C10 000300>/mov cl,byte ptr ds:[eax+edx+0x300] 0062DD7C |. 80E9 0C |sub cl,0xC 0062DD7F |. 2ACA |sub cl,dl 0062DD81 |. 888C10 000300>|mov byte ptr ds:[eax+edx+0x300],cl 0062DD88 |. 42 |inc edx 0062DD89 |. 4E |dec esi 0062DD8A |.^ 75 E9 \jnz XAPPYServ.0062DD75 0062DD8C |> 8BF7 mov esi,edi 0062DD8E |. 4E dec esi 0062DD8F |. 85F6 test esi,esi 0062DD91 |. 7C 1A jl XAPPYServ.0062DDAD 0062DD93 |. 46 inc esi 0062DD94 |. 33D2 xor edx,edx 0062DD96 |> 8A8C10 000600>/mov cl,byte ptr ds:[eax+edx+0x600] 0062DD9D |. 80E9 0D |sub cl,0xD 0062DDA0 |. 2ACA |sub cl,dl 0062DDA2 |. 888C10 000600>|mov byte ptr ds:[eax+edx+0x600],cl 0062DDA9 |. 42 |inc edx 0062DDAA |. 4E |dec esi 0062DDAB |.^ 75 E9 \jnz XAPPYServ.0062DD96 0062DDAD |> 8BF7 mov esi,edi 0062DDAF |. 4E dec esi 0062DDB0 |. 85F6 test esi,esi 0062DDB2 |. 7C 1A jl XAPPYServ.0062DDCE 0062DDB4 |. 46 inc esi 0062DDB5 |. 33D2 xor edx,edx 0062DDB7 |> 8A8C10 000700>/mov cl,byte ptr ds:[eax+edx+0x700] 0062DDBE |. 80E9 0C |sub cl,0xC 0062DDC1 |. 2ACA |sub cl,dl 0062DDC3 |. 888C10 000700>|mov byte ptr ds:[eax+edx+0x700],cl 0062DDCA |. 42 |inc edx 0062DDCB |. 4E |dec esi 0062DDCC |.^ 75 E9 \jnz XAPPYServ.0062DDB7 0062DDCE |> 8BB0 000D0000 mov esi,dword ptr ds:[eax+0xD00] 0062DDD4 |. 4E dec esi 0062DDD5 |. 85F6 test esi,esi 0062DDD7 |. 7C 2D jl XAPPYServ.0062DE06 0062DDD9 |. 46 inc esi 0062DDDA |. 33D2 xor edx,edx 0062DDDC |> 33FF /xor edi,edi 0062DDDE |> 6BEA 29 |/imul ebp,edx,0x29 0062DDE1 |. 8D0C28 ||lea ecx,dword ptr ds:[eax+ebp] 0062DDE4 |. 8A8C39 040D00>||mov cl,byte ptr ds:[ecx+edi+0xD04] 0062DDEB |. 80E9 17 ||sub cl,0x17 0062DDEE |. 2ACA ||sub cl,dl 0062DDF0 |. 51 ||push ecx 0062DDF1 |. 8D0C28 ||lea ecx,dword ptr ds:[eax+ebp] 0062DDF4 |. 5B ||pop ebx 0062DDF5 |. 889C39 040D00>||mov byte ptr ds:[ecx+edi+0xD04],bl 0062DDFC |. 47 ||inc edi 0062DDFD |. 83FF 28 ||cmp edi,0x28 0062DE00 |.^ 75 DC |\jnz XAPPYServ.0062DDDE 0062DE02 |. 42 |inc edx 0062DE03 |. 4E |dec esi 0062DE04 |.^ 75 D6 \jnz XAPPYServ.0062DDDC 0062DE06 |> B0 01 mov al,0x1 0062DE08 |. 5D pop ebp 0062DE09 |. 5F pop edi 0062DE0A |. 5E pop esi 0062DE0B |. 5B pop ebx 0062DE0C \. C3 retn
下面是IDA F5后的结果
char __fastcall sub_62DC20(int a1)
{
int v1; // edx@1
signed int v2; // esi@1
int v3; // edx@3
signed int v4; // esi@3
int v5; // edx@5
signed int v6; // esi@5
int v7; // edx@7
signed int v8; // esi@7
int v9; // edx@9
signed int v10; // esi@9
int v11; // edx@11
signed int v12; // esi@11
int v13; // edx@13
signed int v14; // esi@13
int v15; // edx@15
signed int v16; // esi@15
int v17; // edx@17
signed int v18; // esi@17
int v19; // edx@19
signed int v20; // esi@19
int v21; // edx@21
signed int v22; // esi@21
int v23; // edx@23
signed int v24; // esi@23
int v25; // edx@25
signed int v26; // esi@25
int v27; // edx@28
int v28; // esi@28
int v29; // edi@29
v2 = 254;
v1 = 0;
do
{
*(_BYTE *)(a1 + v1 + 512) = *(_BYTE *)(a1 + v1 + 512) - 12 - v1;
++v1;
--v2;
}
while ( v2 );
v4 = 254;
v3 = 0;
do
{
*(_BYTE *)(a1 + v3 + 1280) = *(_BYTE *)(a1 + v3 + 1280) - 21 - v3;
++v3;
--v4;
}
while ( v4 );
v6 = 254;
v5 = 0;
do
{
*(_BYTE *)(a1 + v5 + 2304) = *(_BYTE *)(a1 + v5 + 2304) - 13 - v5;
++v5;
--v6;
}
while ( v6 );
v8 = 254;
v7 = 0;
do
{
*(_BYTE *)(a1 + v7 + 2560) = *(_BYTE *)(a1 + v7 + 2560) - 13 - v7;
++v7;
--v8;
}
while ( v8 );
v10 = 254;
v9 = 0;
do
{
*(_BYTE *)(a1 + v9 + 2816) = *(_BYTE *)(a1 + v9 + 2816) - 13 - v9;
++v9;
--v10;
}
while ( v10 );
v12 = 254;
v11 = 0;
do
{
*(_BYTE *)(a1 + v11) = *(_BYTE *)(a1 + v11) - 12 - v11;
++v11;
--v12;
}
while ( v12 );
v14 = 254;
v13 = 0;
do
{
*(_BYTE *)(a1 + v13 + 256) = *(_BYTE *)(a1 + v13 + 256) - 21 - v13;
++v13;
--v14;
}
while ( v14 );
v16 = 254;
v15 = 0;
do
{
*(_BYTE *)(a1 + v15 + 2048) = *(_BYTE *)(a1 + v15 + 2048) - 13 - v15;
++v15;
--v16;
}
while ( v16 );
v18 = 254;
v17 = 0;
do
{
*(_BYTE *)(a1 + v17 + 3072) = *(_BYTE *)(a1 + v17 + 3072) - 12 - v17;
++v17;
--v18;
}
while ( v18 );
v20 = 254;
v19 = 0;
do
{
*(_BYTE *)(a1 + v19 + 1024) = *(_BYTE *)(a1 + v19 + 1024) - 13 - v19;
++v19;
--v20;
}
while ( v20 );
v22 = 254;
v21 = 0;
do
{
*(_BYTE *)(a1 + v21 + 768) = *(_BYTE *)(a1 + v21 + 768) - 12 - v21;
++v21;
--v22;
}
while ( v22 );
v24 = 254;
v23 = 0;
do
{
*(_BYTE *)(a1 + v23 + 1536) = *(_BYTE *)(a1 + v23 + 1536) - 13 - v23;
++v23;
--v24;
}
while ( v24 );
v26 = 254;
v25 = 0;
do
{
*(_BYTE *)(a1 + v25 + 1792) = *(_BYTE *)(a1 + v25 + 1792) - 12 - v25;
++v25;
--v26;
}
while ( v26 );
if ( *(_DWORD *)(a1 + 3328) - 1 >= 0 )
{
v28 = *(_DWORD *)(a1 + 3328);
v27 = 0;
do
{
v29 = 0;
do
{
*(_BYTE *)(a1 + 41 * v27 + v29 + 3332) = *(_BYTE *)(a1 + 41 * v27 + v29 + 3332) - 23 - v27;
++v29;
}
while ( v29 != 40 );
++v27;
--v28;
}
while ( v28 );
}
return 1;
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
|
|
|---|---|
|
|
他的文章
赞赏
雪币:
留言:
