首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. CTF对抗
    3. 发新帖
[原创]HappyTown大侠的第十三个Crackme---CRC32分析
发表于: 2011-11-30 10:39 18280

[原创]HappyTown大侠的第十三个Crackme---CRC32分析

邓韬 活跃值
9
2011-11-30 10:39
18280

膜拜下HappyTown大侠用汇编把Crc32算法写的那么精彩,思考半天才明白啊

算法描述:首先根据序号长度得到一个KEY,再获取其CRC32的值,比较为特定值来判断长度,
其中第9位和第17位也是这样是固定值,然后计算分别计算3部分CRC32的值,

验证过程:根据名称得到一个CRC32值,用户名的第一部分8位转换为十六进制,判断它们是否一样。再把第一部分的8位序号获取Crc32值,判断第二部分,判断完之后在获取第二部分8位的CRC值,然后第一部分的值^第二部分的值就是第三部分的值
分析

.text:004011AB                 mov     edx, offset SerialLength
.text:004011B0                 mov     [edx], eax
.text:004011B2                 call    GetCrc32Table   ; 产生一个CRC32的表
.text:004011B7                 lea     ebx, SerialLength
.text:004011BD                 call    GetCrc32Value   ; 根据序号长度产生一个KEY,来判断序号长度
.text:004011C2                 cmp     eax, 2F6016F7h  ; 比较序号长度产生的KEY是否为特定值
.text:004011C7                 jnz     ErrorReturn
.text:004011CD                 push    8
.text:004011CF                 push    offset byte_40347F
.text:004011D4                 call    RtlZeroMemory   ; 清零一个内存地址空间
.text:004011D9                 lea     eax, Serial
.text:004011DF                 add     eax, 8
.text:004011E2                 mov     bl, [eax]       ; 获得第九位的值
.text:004011E4                 lea     edx, byte_40347F
.text:004011EA                 mov     [edx], bl
.text:004011EC                 inc     edx
.text:004011ED                 add     eax, 9
.text:004011F0                 mov     bl, [eax]       ; 获得第十七位的值
.text:004011F2                 mov     [edx], bl
.text:004011F4                 call    GetCrc32Table   ; 产生一个CRC32-HASH表
.text:004011F9                 lea     ebx, byte_40347F
.text:004011FF                 call    GetCrc32Value   ; 根据第九位和第十七位通过CRC32-HASH表产生一个KEY
.text:00401204                 cmp     eax, 242C1465h  ; 判断第九位和第十七位产生的KEY是否为特定值
.text:00401209                 jnz     ErrorReturn
.text:0040120F                 push    10
.text:00401211                 lea     eax, [ebp-16h]
.text:00401214                 push    eax
.text:00401215                 call    RtlZeroMemory
.text:0040121A                 push    10
.text:0040121C                 lea     eax, [ebp-20h]
.text:0040121F                 push    eax
.text:00401220                 call    RtlZeroMemory
.text:00401225                 xor     ecx, ecx
.text:00401227                 lea     eax, Serial
.text:0040122D
.text:0040122D @LOOPA:                                 ; CODE XREF: DialogFunc+1C1j
.text:0040122D                 mov     dl, [ecx+eax]   ; 设置一个循环来判断前8个序号的范围值
.text:00401230                 cmp     dl, '9'
.text:00401233                 jbe     short loc_40123A
.text:00401235                 cmp     dl, 'A'
.text:00401238                 jb      short loc_401244 ; 序号小于大写A就错误
.text:0040123A
.text:0040123A loc_40123A:                             ; CODE XREF: DialogFunc+1A7j
.text:0040123A                 cmp     dl, '0'
.text:0040123D                 jb      short loc_401244 ; 序号小于0就出错
.text:0040123F                 cmp     dl, 'F'
.text:00401242                 jbe     short loc_401249 ; 序号大于大写F也出错
.text:00401244
.text:00401244 loc_401244:                             ; CODE XREF: DialogFunc+1ACj
.text:00401244                                         ; DialogFunc+1B1j
.text:00401244                 jmp     ErrorReturn
.text:00401249 ; ---------------------------------------------------------------------------
.text:00401249
.text:00401249 loc_401249:                             ; CODE XREF: DialogFunc+1B6j
.text:00401249                 inc     ecx
.text:0040124A                 cmp     ecx, 8
.text:0040124D                 jnz     short @LOOPA    ; 依次比较前面8个序号
.text:0040124F                 xor     ecx, ecx
.text:00401251                 xor     ebx, ebx
.text:00401253                 lea     esi, [ebp+Serial1] ; 储存前8位序号的地址
.text:00401256
.text:00401256 @LOOPB:                                 ; CODE XREF: DialogFunc+1F1j
.text:00401256                 shl     ebx, 4          ; 计算KEY
.text:00401259                 mov     dl, [ecx+eax]
.text:0040125C                 mov     [esi], dl
.text:0040125E                 cmp     dl, 'A'         ; 前面8个序号依次减去0x30
.text:00401261                 jb      short MakeHex
.text:00401263                 cmp     dl, 'F'
.text:00401266                 ja      short MakeHex
.text:00401268                 sub     dl, '7'
.text:0040126B                 jmp     short loc_401270
.text:0040126D ; ---------------------------------------------------------------------------
.text:0040126D
.text:0040126D MakeHex:                                ; CODE XREF: DialogFunc+1D5j
.text:0040126D                                         ; DialogFunc+1DAj
.text:0040126D                 sub     dl, 30h         ; 获得的序号减去0x30
.text:00401270
.text:00401270 loc_401270:                             ; CODE XREF: DialogFunc+1DFj
.text:00401270                 and     dl, 0Fh
.text:00401273                 or      bl, dl
.text:00401275                 inc     esi
.text:00401276                 inc     ecx
.text:00401277                 cmp     ecx, 8
.text:0040127A                 mov     [ebp+KEY1], ebx ; 储存得到的KEY1
.text:0040127D                 jnz     short @LOOPB
.text:0040127F                 call    GetCrc32Table   ; 获得一个CRC32-HASH表
.text:00401284                 lea     ebx, Name       ; 用户名的地址
.text:0040128A                 call    GetCrc32Value   ; 根据名称产生一个KEY
.text:0040128F                 cmp     [ebp+KEY1], eax ; 判断是否相等
.text:00401292                 jnz     ErrorReturn
.text:00401298                 xor     ecx, ecx
.text:0040129A                 lea     eax, Serial
.text:004012A0                 add     eax, 9          ; 从序号的第10位开始判断范围,大小为8
.text:004012A3
.text:004012A3 @LOOPC:                                 ; CODE XREF: DialogFunc+237j
.text:004012A3                 mov     dl, [ecx+eax]   ; 根据计数获得一位序号
.text:004012A6                 cmp     dl, '9'
.text:004012A9                 jbe     short loc_4012B0
.text:004012AB                 cmp     dl, 'A'
.text:004012AE                 jb      short loc_4012BA ; 序号小于大写A就错误
.text:004012B0
.text:004012B0 loc_4012B0:                             ; CODE XREF: DialogFunc+21Dj
.text:004012B0                 cmp     dl, '0'
.text:004012B3                 jb      short loc_4012BA ; 序号小于0就错误
.text:004012B5                 cmp     dl, 'F'
.text:004012B8                 jbe     short loc_4012BF ; 序号大于大写F就错误
.text:004012BA
.text:004012BA loc_4012BA:                             ; CODE XREF: DialogFunc+222j
.text:004012BA                                         ; DialogFunc+227j
.text:004012BA                 jmp     ErrorReturn
.text:004012BF ; ---------------------------------------------------------------------------
.text:004012BF
.text:004012BF loc_4012BF:                             ; CODE XREF: DialogFunc+22Cj
.text:004012BF                 inc     ecx
.text:004012C0                 cmp     ecx, 8
.text:004012C3                 jnz     short @LOOPC    ; 根据ECX的值来循环
.text:004012C5                 xor     ecx, ecx
.text:004012C7                 xor     ebx, ebx
.text:004012C9                 lea     esi, [ebp+Serial2] ; 储存中间八位序号的地址
.text:004012CC
.text:004012CC @LOOPD:                                 ; CODE XREF: DialogFunc+269j
.text:004012CC                 shl     ebx, 4          ; 计算KEY
.text:004012CF                 mov     dl, [ecx+eax]
.text:004012D2                 mov     [esi], dl
.text:004012D4                 mov     [eax], dl
.text:004012D6                 cmp     dl, 'A'
.text:004012D9                 jb      short loc_4012E5 ; 序号小于A或者大于F,就减去30
.text:004012DB                 cmp     dl, 'F'
.text:004012DE                 ja      short loc_4012E5
.text:004012E0                 sub     dl, '7'
.text:004012E3                 jmp     short loc_4012E8
.text:004012E5 ; ---------------------------------------------------------------------------
.text:004012E5
.text:004012E5 loc_4012E5:                             ; CODE XREF: DialogFunc+24Dj
.text:004012E5                                         ; DialogFunc+252j
.text:004012E5                 sub     dl, 30h         ; 减去30
.text:004012E8
.text:004012E8 loc_4012E8:                             ; CODE XREF: DialogFunc+257j
.text:004012E8                 and     dl, 0Fh         ; 计算KEY2
.text:004012EB                 or      bl, dl
.text:004012ED                 inc     esi
.text:004012EE                 inc     ecx
.text:004012EF                 cmp     ecx, 8
.text:004012F2                 mov     [ebp+KEY2], ebx
.text:004012F5                 jnz     short @LOOPD    ; 根据ECX计数器来判断循环是否结束
.text:004012F7                 call    GetCrc32Table   ; 获得一个CRC32-HASH表
.text:004012FC                 lea     ebx, [ebp+Serial1]
.text:004012FF                 call    GetCrc32Value   ; 根据前8位序号产生一个Hash---KEY
.text:00401304                 cmp     [ebp+KEY2], eax ; 判断是等于中间八位计算出来的KEY
.text:00401307                 jnz     ErrorReturn
.text:0040130D                 call    GetCrc32Table   ; 获得一个CRC32-HASH表
.text:00401312                 lea     ebx, [ebp+Serial2]
.text:00401315                 call    GetCrc32Value   ; 根据中间八位产生一个Hash---KEY
.text:0040131A                 mov     [ebp+KEY2], eax ; 储存KEY
.text:0040131D                 xor     ecx, ecx
.text:0040131F                 lea     eax, Serial
.text:00401325                 add     eax, 18         ; 从第19位开始判断范围,大小为8
.text:00401328
.text:00401328 @LOOPE:                                 ; CODE XREF: DialogFunc+2B9j
.text:00401328                 mov     dl, [ecx+eax]   ; 获得一位序号
.text:0040132B                 cmp     dl, '9'
.text:0040132E                 jbe     short loc_401335
.text:00401330                 cmp     dl, 'A'
.text:00401333                 jb      short loc_40133F ; 序号小于大写A就错误
.text:00401335
.text:00401335 loc_401335:                             ; CODE XREF: DialogFunc+2A2j
.text:00401335                 cmp     dl, '0'
.text:00401338                 jb      short loc_40133F ; 序号小于0就错误
.text:0040133A                 cmp     dl, 'F'
.text:0040133D                 jbe     short loc_401341 ; 序号大于大写F就错误
.text:0040133F
.text:0040133F loc_40133F:                             ; CODE XREF: DialogFunc+2A7j
.text:0040133F                                         ; DialogFunc+2ACj
.text:0040133F                 jmp     short ErrorReturn
.text:00401341 ; ---------------------------------------------------------------------------
.text:00401341
.text:00401341 loc_401341:                             ; CODE XREF: DialogFunc+2B1j
.text:00401341                 inc     ecx
.text:00401342                 cmp     ecx, 8
.text:00401345                 jnz     short @LOOPE    ; 根据ECX计数器来循环
.text:00401347                 xor     ecx, ecx
.text:00401349                 xor     ebx, ebx
.text:0040134B
.text:0040134B @LOOPF:                                 ; CODE XREF: DialogFunc+2E5j
.text:0040134B                 shl     ebx, 4          ; 计算KEY
.text:0040134E                 mov     dl, [ecx+eax]   ; 获得一位序号
.text:00401351                 mov     [eax], dl
.text:00401353                 cmp     dl, 41h
.text:00401356                 jb      short loc_401362
.text:00401358                 cmp     dl, 46h         ; 判断范围
.text:0040135B                 ja      short loc_401362
.text:0040135D                 sub     dl, 37h
.text:00401360                 jmp     short loc_401365
.text:00401362 ; ---------------------------------------------------------------------------
.text:00401362
.text:00401362 loc_401362:                             ; CODE XREF: DialogFunc+2CAj
.text:00401362                                         ; DialogFunc+2CFj
.text:00401362                 sub     dl, 30h         ; 减去30
.text:00401365
.text:00401365 loc_401365:                             ; CODE XREF: DialogFunc+2D4j
.text:00401365                 and     dl, 0Fh
.text:00401368                 or      bl, dl          ; 计算KEY
.text:0040136A                 inc     ecx
.text:0040136B                 cmp     ecx, 8
.text:0040136E                 mov     [ebp+KEY3], ebx ; 储存根据最后8位产生的KEY3
.text:00401371                 jnz     short @LOOPF
.text:00401373                 mov     eax, [ebp+KEY1] ; 前8位产生的KEY1^中间八位产生的KEY2==最后八位KEY3
.text:00401376                 xor     eax, [ebp+KEY2]
.text:00401379                 cmp     eax, [ebp+KEY3] ; 是否相等
.text:0040137C                 jnz     short ErrorReturn
.text:0040137E                 push    offset String   ; "GOOD JOB, MAN!"
.text:00401383                 push    [ebp+hDlg]
.text:00401386                 call    SetWindowTextA  ; 注册成功
.text:0040138B                 push    3EEh

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

上传的附件:
收藏
免费 6
支持
分享
最新回复 (4)
exile
雪    币: 2105
活跃值: (424)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
2
拜模123456
2011-11-30 10:55
0
uing
雪    币: 85
活跃值: (87)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
韬哥霸气侧漏啊
2011-12-1 08:55
0
网络游侠
雪    币: 0
活跃值: (954)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
4
献个丑

CRC_Table1:array [0..1151] of byte=($00, $00, $00, $00, $96, $30, $07, $77, $2C, $61,
$0E, $EE, $BA, $51, $09, $99, $19, $C4, $6D, $07,
$8F, $F4, $6A, $70, $35, $A5, $63, $E9, $A3, $95,
$64, $9E, $32, $88, $DB, $0E, $A4, $B8, $DC, $79,
$1E, $E9, $D5, $E0, $88, $D9, $D2, $97, $2B, $4C,
$B6, $09, $BD, $7C, $B1, $7E, $07, $2D, $B8, $E7,
$91, $1D, $BF, $90, $64, $10, $B7, $1D, $F2, $20,
$B0, $6A, $48, $71, $B9, $F3, $DE, $41, $BE, $84,
$7D, $D4, $DA, $1A, $EB, $E4, $DD, $6D, $51, $B5,
$D4, $F4, $C7, $85, $D3, $83, $56, $98, $6C, $13,
$C0, $A8, $6B, $64, $7A, $F9, $62, $FD, $EC, $C9,
$65, $8A, $4F, $5C, $01, $14, $D9, $6C, $06, $63,
$63, $3D, $0F, $FA, $F5, $0D, $08, $8D, $C8, $20,
$6E, $3B, $5E, $10, $69, $4C, $E4, $41, $60, $D5,
$72, $71, $67, $A2, $D1, $E4, $03, $3C, $47, $D4,
$04, $4B, $FD, $85, $0D, $D2, $6B, $B5, $0A, $A5,
$FA, $A8, $B5, $35, $6C, $98, $B2, $42, $D6, $C9,
$BB, $DB, $40, $F9, $BC, $AC, $E3, $6C, $D8, $32,
$75, $5C, $DF, $45, $CF, $0D, $D6, $DC, $59, $3D,
$D1, $AB, $AC, $30, $D9, $26, $3A, $00, $DE, $51,
$80, $51, $D7, $C8, $16, $61, $D0, $BF, $B5, $F4,
$B4, $21, $23, $C4, $B3, $56, $99, $95, $BA, $CF,
$0F, $A5, $BD, $B8, $9E, $B8, $02, $28, $08, $88,
$05, $5F, $B2, $D9, $0C, $C6, $24, $E9, $0B, $B1,
$87, $7C, $6F, $2F, $11, $4C, $68, $58, $AB, $1D,
$61, $C1, $3D, $2D, $66, $B6, $90, $41, $DC, $76,
$06, $71, $DB, $01, $BC, $20, $D2, $98, $2A, $10,
$D5, $EF, $89, $85, $B1, $71, $1F, $B5, $B6, $06,
$A5, $E4, $BF, $9F, $33, $D4, $B8, $E8, $A2, $C9,
$07, $78, $34, $F9, $00, $0F, $8E, $A8, $09, $96,
$18, $98, $0E, $E1, $BB, $0D, $6A, $7F, $2D, $3D,
$6D, $08, $97, $6C, $64, $91, $01, $5C, $63, $E6,
$F4, $51, $6B, $6B, $62, $61, $6C, $1C, $D8, $30,
$65, $85, $4E, $00, $62, $F2, $ED, $95, $06, $6C,
$7B, $A5, $01, $1B, $C1, $F4, $08, $82, $57, $C4,
$0F, $F5, $C6, $D9, $B0, $65, $50, $E9, $B7, $12,
$EA, $B8, $BE, $8B, $7C, $88, $B9, $FC, $DF, $1D,
$DD, $62, $49, $2D, $DA, $15, $F3, $7C, $D3, $8C,
$65, $4C, $D4, $FB, $58, $61, $B2, $4D, $CE, $51,
$B5, $3A, $74, $00, $BC, $A3, $E2, $30, $BB, $D4,
$41, $A5, $DF, $4A, $D7, $95, $D8, $3D, $6D, $C4,
$D1, $A4, $FB, $F4, $D6, $D3, $6A, $E9, $69, $43,
$FC, $D9, $6E, $34, $46, $88, $67, $AD, $D0, $B8,
$60, $DA, $73, $2D, $04, $44, $E5, $1D, $03, $33,
$5F, $4C, $0A, $AA, $C9, $7C, $0D, $DD, $3C, $71,
$05, $50, $AA, $41, $02, $27, $10, $10, $0B, $BE,
$86, $20, $0C, $C9, $25, $B5, $68, $57, $B3, $85,
$6F, $20, $09, $D4, $66, $B9, $9F, $E4, $61, $CE,
$0E, $F9, $DE, $5E, $98, $C9, $D9, $29, $22, $98,
$D0, $B0, $B4, $A8, $D7, $C7, $17, $3D, $B3, $59,
$81, $0D, $B4, $2E, $3B, $5C, $BD, $B7, $AD, $6C,
$BA, $C0, $20, $83, $B8, $ED, $B6, $B3, $BF, $9A,
$0C, $E2, $B6, $03, $9A, $D2, $B1, $74, $39, $47,
$D5, $EA, $AF, $77, $D2, $9D, $15, $26, $DB, $04,
$83, $16, $DC, $73, $12, $0B, $63, $E3, $84, $3B,
$64, $94, $3E, $6A, $6D, $0D, $A8, $5A, $6A, $7A,
$0B, $CF, $0E, $E4, $9D, $FF, $09, $93, $27, $AE,
$00, $0A, $B1, $9E, $07, $7D, $44, $93, $0F, $F0,
$D2, $A3, $08, $87, $68, $F2, $01, $1E, $FE, $C2,
$06, $69, $5D, $57, $62, $F7, $CB, $67, $65, $80,
$71, $36, $6C, $19, $E7, $06, $6B, $6E, $76, $1B,
$D4, $FE, $E0, $2B, $D3, $89, $5A, $7A, $DA, $10,
$CC, $4A, $DD, $67, $6F, $DF, $B9, $F9, $F9, $EF,
$BE, $8E, $43, $BE, $B7, $17, $D5, $8E, $B0, $60,
$E8, $A3, $D6, $D6, $7E, $93, $D1, $A1, $C4, $C2,
$D8, $38, $52, $F2, $DF, $4F, $F1, $67, $BB, $D1,
$67, $57, $BC, $A6, $DD, $06, $B5, $3F, $4B, $36,
$B2, $48, $DA, $2B, $0D, $D8, $4C, $1B, $0A, $AF,
$F6, $4A, $03, $36, $60, $7A, $04, $41, $C3, $EF,
$60, $DF, $55, $DF, $67, $A8, $EF, $8E, $6E, $31,
$79, $BE, $69, $46, $8C, $B3, $61, $CB, $1A, $83,
$66, $BC, $A0, $D2, $6F, $25, $36, $E2, $68, $52,
$95, $77, $0C, $CC, $03, $47, $0B, $BB, $B9, $16,
$02, $22, $2F, $26, $05, $55, $BE, $3B, $BA, $C5,
$28, $0B, $BD, $B2, $92, $5A, $B4, $2B, $04, $6A,
$B3, $5C, $A7, $FF, $D7, $C2, $31, $CF, $D0, $B5,
$8B, $9E, $D9, $2C, $1D, $AE, $DE, $5B, $B0, $C2,
$64, $9B, $26, $F2, $63, $EC, $9C, $A3, $6A, $75,
$0A, $93, $6D, $02, $A9, $06, $09, $9C, $3F, $36,
$0E, $EB, $85, $67, $07, $72, $13, $57, $00, $05,
$82, $4A, $BF, $95, $14, $7A, $B8, $E2, $AE, $2B,
$B1, $7B, $38, $1B, $B6, $0C, $9B, $8E, $D2, $92,
$0D, $BE, $D5, $E5, $B7, $EF, $DC, $7C, $21, $DF,
$DB, $0B, $D4, $D2, $D3, $86, $42, $E2, $D4, $F1,
$F8, $B3, $DD, $68, $6E, $83, $DA, $1F, $CD, $16,
$BE, $81, $5B, $26, $B9, $F6, $E1, $77, $B0, $6F,
$77, $47, $B7, $18, $E6, $5A, $08, $88, $70, $6A,
$0F, $FF, $CA, $3B, $06, $66, $5C, $0B, $01, $11,
$FF, $9E, $65, $8F, $69, $AE, $62, $F8, $D3, $FF,
$6B, $61, $45, $CF, $6C, $16, $78, $E2, $0A, $A0,
$EE, $D2, $0D, $D7, $54, $83, $04, $4E, $C2, $B3,
$03, $39, $61, $26, $67, $A7, $F7, $16, $60, $D0,
$4D, $47, $69, $49, $DB, $77, $6E, $3E, $4A, $6A,
$D1, $AE, $DC, $5A, $D6, $D9, $66, $0B, $DF, $40,
$F0, $3B, $D8, $37, $53, $AE, $BC, $A9, $C5, $9E,
$BB, $DE, $7F, $CF, $B2, $47, $E9, $FF, $B5, $30,
$1C, $F2, $BD, $BD, $8A, $C2, $BA, $CA, $30, $93,
$B3, $53, $A6, $A3, $B4, $24, $05, $36, $D0, $BA,
$93, $06, $D7, $CD, $29, $57, $DE, $54, $BF, $67,
$D9, $23, $2E, $7A, $66, $B3, $B8, $4A, $61, $C4,
$02, $1B, $68, $5D, $94, $2B, $6F, $2A, $37, $BE,
$0B, $B4, $A1, $8E, $0C, $C3, $1B, $DF, $05, $5A,
$8D, $EF, $02, $2D, $00, $00, $00, $00, $00, $00,
$00, $00, $DA, $0C, $00, $00, $84, $0C, $00, $00,
$5C, $0C, $00, $00, $00, $00, $00, $00, $00, $00,
$00, $00, $52, $0D, $00, $00, $90, $0C, $00, $00,
$7C, $0C, $00, $00, $00, $00, $00, $00, $00, $00,
$00, $00, $6E, $0D, $00, $00, $B0, $0C, $00, $00,
$00, $00, $00, $00, $00, $00, $00, $00, $00, $00,
$00, $00, $00, $00, $00, $00, $00, $00, $00, $00,
$B8, $0C, $00, $00, $CC, $0C, $00, $00, $00, $00,
$00, $00, $E8, $0C, $00, $00, $FA, $0C, $00, $00,
$06, $0D, $00, $00, $18, $0D, $00, $00, $24, $0D,
$00, $00, $34, $0D, $00, $00, $40, $0D, $00, $00,
$00, $00, $00, $00, $5E, $0D, $00, $00, $00, $00,
$00, $00);

implementation

{$R *.dfm}

procedure MyCrc(pCrcBuf:array of char);
asm
   push    ebx
   push    edx
   push    ecx
   mov     edx, pCrcBuf
   or      ecx, $FFFFFFFF
   jmp     @MyL_2
@MyL_1:
   mov     ebx, ecx
   shr     ebx, $8
   movsx   eax, byte ptr [edx]
   xor     eax, ecx
   movzx   eax, al
   xor     ebx, dword ptr [eax*$4+$10804]
   mov     ecx, ebx
   inc     edx
@MyL_2:
   cmp     byte ptr [edx], 0
   jnz     @MyL_1
   mov     eax, ecx
   not     eax
   pop     ebx
   pop     edx
   pop     ecx
end;

procedure TForm1.Button1Click(Sender: TObject);
var
MyBuf:array [0..199] of char;
p:pointer;
s1:String;
begin
  p:=VirtualAllocEx(Cardinal(-1), pointer($10804),1500 , MEM_COMMIT,PAGE_EXECUTE_READWRITE);
  Fillchar(pointer($10804)^,1500,0);
  Move(CRC_Table1[0],pointer($10804)^,1152);
  Fillchar(MyBuf,200,0);
  s1:='baobaoshizhtou';
  Move(s1[1],MyBuf[0],length(S1));
  MyCrc(MyBuf);

end;

写了20分钟。还没完全写完
2011-12-21 15:00
0
vvking
雪    币: 1737
活跃值: (110)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
正在看crc32 下来试试撒~~
2012-3-22 14:23
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//