【文章标题】: 罕见奇难的大数算法-Registry Winner多语版注册算法分析(VB注册机源码)
【文章作者】: suredwang
【作者邮箱】: suredwang@126.com
【软件名称】: Registry Winner
【软件大小】: 3242KB
【下载地址】: http://www.onlinedown.net/soft/84289.htm
【加壳方式】: 无壳
【保护方式】: 注册码
【编写语言】: Microsoft Visual C++ 6.0 [Overlay]
【使用工具】: OD
【操作平台】: XP-SP3
【软件说明】Registry Winner是一款一流的注册表错误清理及系统性能优化软件,有数十种主流语言供不同语种使用,该软件不仅能修复计算机的常见错误还能最大限度的优化系统性能。看名称好像它只是一个注册表维护工具,事实上它是一款全能型的系统维护工具,其功能包括:注册表清理、隐私清理、垃圾文件清理、文件粉碎、启动项管理、程序卸载、系统优化、服务优化、内存优化,还包括IE修复、Windows管理等等诸多强大功能 ,运用最先进的技术在十几秒种的时间内扫描系统的注册表,并给予最全方位的诊断。通过使用Registry Winner,您的系统不仅会保持稳定,而且不需要花费高昂的硬件升级费用。
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
高手飘过,没有耐心的也不要看了,过程很多很复杂交叉循环上万次,纯粹是力气活,没技术含量
【详细过程】
这个软件注册算法是本人历中遇到最复杂奇难的大数算法,经过上万次循环,包含了大数运算的加减乘除,加进位减借位,任一个地方的进位或借位错了,结果都大相径庭,可谓是“差之毫厘,谬之千里”,所以根本无法逆算,只能暴力算号。想爆破也很难,爆破点多达数百之多(未统计),而且渗透在修复过程中的每一步中,要想完全爆破成功,工程量可想而知。也难怪这个软件未加壳等其他保护措施,竟用数十种语言叫卖,可见其实力和自信不一般啊。本人在调试过程中发现跳转越来越复杂,暗桩也越来越多,一度曾放弃过,但心中一直不爽,半途而废,在学习过程是很不好的现象,特别是老外的软件咱们不能软了,呵呵,现在再跟踪整理了一番,但注册机还不理想,由于VB 不能调用ASM大数都要经过多次转换,所以速度就慢下来,达不到暴力算号的要求,所以改用DELPHI编写,时间水平有限,DELPHI可以调用ASM,不用大数转换,但本人太菜,DELPHI调用数据上出现问题,一直没拿下来,有DELPHI大牛们能帮写出注册机就最好了,现在先把笔记拿来大家分享下,有感兴趣的可以跟跟试试
首先用查壳工具PEID查无壳Microsoft Visual C++ 6.0 [Overlay]语言编写,用OD载入查找注册相关的字符,无,因为点注册按钮弹出错误对话框,所以就下对话框拦截 BP MessageBoxA ,点注册后断下往上翻来到这里
00454254 /$ 55 push ebp ; 在这里下断点,再重新注册,断在这里
00454255 |. 8BEC mov ebp, esp
00454257 |. 6A FF push -1
00454259 |. 68 A6A75800 push 0058A7A6 ; SE 处理程序安装
0045425E |. 64:A1 0000000>mov eax, dword ptr fs:[0]
00454264 |. 50 push eax
00454265 |. 64:8925 00000>mov dword ptr fs:[0], esp
0045426C |. 81EC A0020000 sub esp, 2A0
00454272 |. 898D 78FDFFFF mov dword ptr [ebp-288], ecx
00454278 |. A1 9C7C5E00 mov eax, dword ptr [5E7C9C]
0045427D |. 8945 F0 mov dword ptr [ebp-10], eax
00454280 |. C745 FC 00000>mov dword ptr [ebp-4], 0
00454287 |. 8D4D F0 lea ecx, dword ptr [ebp-10]
0045428A |. 51 push ecx
0045428B |. 8B8D 78FDFFFF mov ecx, dword ptr [ebp-288]
00454291 |. 81C1 E00B0000 add ecx, 0BE0
00454297 |. E8 00BB1100 call 0056FD9C
0045429C |. 8B55 F0 mov edx, dword ptr [ebp-10]
0045429F |. 8B42 F8 mov eax, dword ptr [edx-8]
004542A2 |. 8985 88FDFFFF mov dword ptr [ebp-278], eax
004542A8 |. 83BD 88FDFFFF>cmp dword ptr [ebp-278], 0 ; 注册码长度不能为0
004542AF |. 0F84 DC020000 je 00454591
004542B5 |. 68 08020000 push 208 ; /BufSize = 208 (520.)
004542BA |. 8D8D E8FDFFFF lea ecx, dword ptr [ebp-218] ; |
004542C0 |. 51 push ecx ; |PathBuffer
004542C1 |. 6A 00 push 0 ; |hModule = NULL
004542C3 |. FF15 B4E45900 call dword ptr [<&KERNEL32.GetModuleF>; \GetModuleFileNameW
004542C9 |. 8D95 E8FDFFFF lea edx, dword ptr [ebp-218]
004542CF |. 52 push edx
004542D0 |. 8D8D E4FDFFFF lea ecx, dword ptr [ebp-21C]
004542D6 |. E8 AB9C1100 call 0056DF86
004542DB |. C645 FC 01 mov byte ptr [ebp-4], 1
004542DF |. 6A 5C push 5C
004542E1 |. 8D8D E4FDFFFF lea ecx, dword ptr [ebp-21C]
004542E7 |. E8 5A701100 call 0056B346
004542EC |. 8985 D8FDFFFF mov dword ptr [ebp-228], eax
004542F2 |. 8B85 D8FDFFFF mov eax, dword ptr [ebp-228]
004542F8 |. 83C0 01 add eax, 1
004542FB |. 50 push eax
004542FC |. 8D8D E0FDFFFF lea ecx, dword ptr [ebp-220]
00454302 |. 51 push ecx
00454303 |. 8D8D E4FDFFFF lea ecx, dword ptr [ebp-21C]
00454309 |. E8 C06F1100 call 0056B2CE
0045430E |. C645 FC 02 mov byte ptr [ebp-4], 2
00454312 |. E8 4FBF1200 call 00580266
00454317 |. 8B50 04 mov edx, dword ptr [eax+4]
0045431A |. 8995 DCFDFFFF mov dword ptr [ebp-224], edx
00454320 |. 51 push ecx
00454321 |. 8BCC mov ecx, esp
00454323 |. 89A5 9CFDFFFF mov dword ptr [ebp-264], esp
00454329 |. 8D45 F0 lea eax, dword ptr [ebp-10]
0045432C |. 50 push eax
0045432D |. E8 4D991100 call 0056DC7F
00454332 |. 8985 74FDFFFF mov dword ptr [ebp-28C], eax
00454338 |. 8B8D DCFDFFFF mov ecx, dword ptr [ebp-224]
0045433E |. E8 ED500700 call 004C9430 ; 总关键算法CALL F7进入
00454343 |. 8985 70FDFFFF mov dword ptr [ebp-290], eax
00454349 |. 83BD 70FDFFFF>cmp dword ptr [ebp-290], 1
00454350 0F85 C7010000 jnz 0045451D ; 不通过就跳走,一个爆破点
00454356 |. 8D8D BCFDFFFF lea ecx, dword ptr [ebp-244]
0045435C |. E8 18F51100 call 00573879
00454361 |. C645 FC 03 mov byte ptr [ebp-4], 3
00454365 |. 8D8D A8FDFFFF lea ecx, dword ptr [ebp-258]
0045436B |. E8 86F01100 call 005733F6
00454370 |. C645 FC 04 mov byte ptr [ebp-4], 4
00454374 |. 8D8D B8FDFFFF lea ecx, dword ptr [ebp-248]
0045437A |. 898D 84FDFFFF mov dword ptr [ebp-27C], ecx
00454380 |. 8B95 84FDFFFF mov edx, dword ptr [ebp-27C]
00454386 |. A1 9C7C5E00 mov eax, dword ptr [5E7C9C]
0045438B |. 8902 mov dword ptr [edx], eax
0045438D |. C645 FC 05 mov byte ptr [ebp-4], 5
00454391 |. C785 A8FDFFFF>mov dword ptr [ebp-258], 005ACDF4
0045439B |. C785 B0FDFFFF>mov dword ptr [ebp-250], 0
004543A5 |. C785 B4FDFFFF>mov dword ptr [ebp-24C], -1
004543AF |. 6A 00 push 0
004543B1 |. 8D8D B8FDFFFF lea ecx, dword ptr [ebp-248]
004543B7 |. E8 ED9C1100 call 0056E0A9 ; 生成文件
004543BC |. C645 FC 06 mov byte ptr [ebp-4], 6
004543C0 |. 68 08635D00 push 005D6308 ; r -----005D6308=005D6308 (UNICODE "reg.ini")
004543C5 |. 8D8D E0FDFFFF lea ecx, dword ptr [ebp-220]
004543CB |. 51 push ecx
004543CC |. 8D95 98FDFFFF lea edx, dword ptr [ebp-268]
004543D2 |. 52 push edx
004543D3 |. E8 DF9D1100 call 0056E1B7
004543D8 |. 8985 6CFDFFFF mov dword ptr [ebp-294], eax
004543DE |. 8B85 6CFDFFFF mov eax, dword ptr [ebp-294]
004543E4 |. 8985 80FDFFFF mov dword ptr [ebp-280], eax
004543EA |. C645 FC 07 mov byte ptr [ebp-4], 7
004543EE |. 8B8D 80FDFFFF mov ecx, dword ptr [ebp-280]
004543F4 |. 8B11 mov edx, dword ptr [ecx]
004543F6 |. 8995 7CFDFFFF mov dword ptr [ebp-284], edx
004543FC |. 8D85 A8FDFFFF lea eax, dword ptr [ebp-258]
00454402 |. 50 push eax
00454403 |. 68 01100000 push 1001
00454408 |. 8B8D 7CFDFFFF mov ecx, dword ptr [ebp-284]
0045440E |. 51 push ecx
0045440F |. 8D8D BCFDFFFF lea ecx, dword ptr [ebp-244]
00454415 |. E8 6DF51100 call 00573987
0045441A |. C645 FC 06 mov byte ptr [ebp-4], 6
0045441E |. 8D8D 98FDFFFF lea ecx, dword ptr [ebp-268]
00454424 |. E8 E99A1100 call 0056DF12
00454429 |. 8B55 F0 mov edx, dword ptr [ebp-10]
0045442C |. 52 push edx
0045442D |. 8D8D BCFDFFFF lea ecx, dword ptr [ebp-244]
00454433 |. E8 C2F61100 call 00573AFA ; 注册成功就把真码写入REG.INI文件中
00454438 |. 8D8D BCFDFFFF lea ecx, dword ptr [ebp-244]
0045443E |. E8 7CF81100 call 00573CBF
00454443 |. 51 push ecx
00454444 |. 8BCC mov ecx, esp
00454446 |. 89A5 94FDFFFF mov dword ptr [ebp-26C], esp
0045444C |. 68 18635D00 push 005D6318 ; m -----005D6318=005D6318 (UNICODE "M_THANK_REGISTER")
00454451 |. E8 309B1100 call 0056DF86 ; 成功对话框
00454456 |. 8985 68FDFFFF mov dword ptr [ebp-298], eax
0045445C |. 8D85 D0FDFFFF lea eax, dword ptr [ebp-230]
00454462 |. 50 push eax
00454463 |. 8B8D DCFDFFFF mov ecx, dword ptr [ebp-224]
00454469 |. E8 E9770700 call 004CBC57
0045446E |. 8985 64FDFFFF mov dword ptr [ebp-29C], eax
00454474 |. C645 FC 08 mov byte ptr [ebp-4], 8
00454478 |. 6A 00 push 0
0045447A |. 6A 40 push 40
0045447C |. 8B8D D0FDFFFF mov ecx, dword ptr [ebp-230]
00454482 |. 51 push ecx
00454483 |. E8 3D241200 call 005768C5
00454488 |. 8B95 78FDFFFF mov edx, dword ptr [ebp-288]
0045448E |. 8B42 1C mov eax, dword ptr [edx+1C]
00454491 |. 50 push eax ; /hWnd
00454492 |. FF15 B0E85900 call dword ptr [<&USER32.GetParent>] ; \GetParent
00454498 |. 50 push eax
00454499 |. E8 3EAF1100 call 0056F3DC
0045449E |. 8985 D4FDFFFF mov dword ptr [ebp-22C], eax
004544A4 |. 6A 00 push 0
004544A6 |. 8B8D D4FDFFFF mov ecx, dword ptr [ebp-22C]
004544AC |. 81C1 E0B40200 add ecx, 2B4E0
004544B2 |. E8 DBDD1100 call 00572292
004544B7 |. 68 94C75E00 push 005EC794
004544BC |. 8B8D D4FDFFFF mov ecx, dword ptr [ebp-22C]
004544C2 |. 81C1 E0B40200 add ecx, 2B4E0
004544C8 |. E8 A9DC1100 call 00572176
004544CD |. 6A 00 push 0
004544CF |. 6A 0A push 0A
004544D1 |. 8B8D D4FDFFFF mov ecx, dword ptr [ebp-22C]
004544D7 |. E8 44140800 call 004D5920
004544DC |. C645 FC 06 mov byte ptr [ebp-4], 6
004544E0 |. 8D8D D0FDFFFF lea ecx, dword ptr [ebp-230]
004544E6 |. E8 279A1100 call 0056DF12
004544EB |. C645 FC 03 mov byte ptr [ebp-4], 3
004544EF |. C785 A8FDFFFF>mov dword ptr [ebp-258], 005ACDF4
004544F9 |. C645 FC 09 mov byte ptr [ebp-4], 9
004544FD |. 8D8D B8FDFFFF lea ecx, dword ptr [ebp-248]
00454503 |. E8 0A9A1100 call 0056DF12
00454508 |. C645 FC 03 mov byte ptr [ebp-4], 3
0045450C |. C645 FC 02 mov byte ptr [ebp-4], 2
00454510 |. 8D8D BCFDFFFF lea ecx, dword ptr [ebp-244]
00454516 |. E8 29F41100 call 00573944
0045451B |. EB 54 jmp short 00454571
0045451D |> 51 push ecx
0045451E |. 8BCC mov ecx, esp
00454520 |. 89A5 90FDFFFF mov dword ptr [ebp-270], esp
00454526 |. 68 3C635D00 push 005D633C ; m ----005D633C=005D633C (UNICODE "M_WRONGNUMBER")
0045452B |. E8 569A1100 call 0056DF86 ; 失败对话框
00454530 |. 8985 60FDFFFF mov dword ptr [ebp-2A0], eax
00454536 |. 8D8D A4FDFFFF lea ecx, dword ptr [ebp-25C]
0045453C |. 51 push ecx
0045453D |. 8B8D DCFDFFFF mov ecx, dword ptr [ebp-224]
00454543 |. E8 0F770700 call 004CBC57
00454548 |. 8985 5CFDFFFF mov dword ptr [ebp-2A4], eax
0045454E |. C645 FC 0A mov byte ptr [ebp-4], 0A
00454552 |. 6A 00 push 0
00454554 |. 6A 30 push 30
00454556 |. 8B95 A4FDFFFF mov edx, dword ptr [ebp-25C]
0045455C |. 52 push edx
0045455D |. E8 63231200 call 005768C5
00454562 |. C645 FC 02 mov byte ptr [ebp-4], 2
00454566 |. 8D8D A4FDFFFF lea ecx, dword ptr [ebp-25C]
0045456C |. E8 A1991100 call 0056DF12
00454571 |> C645 FC 01 mov byte ptr [ebp-4], 1
00454575 |. 8D8D E0FDFFFF lea ecx, dword ptr [ebp-220]
0045457B |. E8 92991100 call 0056DF12
00454580 |. C645 FC 00 mov byte ptr [ebp-4], 0
00454584 |. 8D8D E4FDFFFF lea ecx, dword ptr [ebp-21C]
0045458A |. E8 83991100 call 0056DF12
0045458F |. EB 57 jmp short 004545E8
00454591 |> 51 push ecx
00454592 |. 8BCC mov ecx, esp ; 注册码为空就来到这
00454594 |. 89A5 8CFDFFFF mov dword ptr [ebp-274], esp
0045459A |. 68 58635D00 push 005D6358 ; m ---005D6358=005D6358 (UNICODE "M_INPUTSERIAL")
0045459F |. E8 E2991100 call 0056DF86
004545A4 |. 8985 58FDFFFF mov dword ptr [ebp-2A8], eax
004545AA |. 8D85 A0FDFFFF lea eax, dword ptr [ebp-260]
004545B0 |. 50 push eax
004545B1 |. 8B8D 78FDFFFF mov ecx, dword ptr [ebp-288]
004545B7 |. 8B49 64 mov ecx, dword ptr [ecx+64]
004545BA |. E8 98760700 call 004CBC57
004545BF |. 8985 54FDFFFF mov dword ptr [ebp-2AC], eax
004545C5 |. C645 FC 0B mov byte ptr [ebp-4], 0B
004545C9 |. 6A 00 push 0
004545CB |. 6A 30 push 30
004545CD |. 8B95 A0FDFFFF mov edx, dword ptr [ebp-260]
004545D3 |. 52 push edx
004545D4 |. E8 EC221200 call 005768C5
004545D9 |. C645 FC 00 mov byte ptr [ebp-4], 0
004545DD |. 8D8D A0FDFFFF lea ecx, dword ptr [ebp-260]
004545E3 |. E8 2A991100 call 0056DF12
004545E8 |> C745 FC FFFFF>mov dword ptr [ebp-4], -1
004545EF |. 8D4D F0 lea ecx, dword ptr [ebp-10]
004545F2 |. E8 1B991100 call 0056DF12
004545F7 |. 8B4D F4 mov ecx, dword ptr [ebp-C]
004545FA |. 64:890D 00000>mov dword ptr fs:[0], ecx
00454601 |. 8BE5 mov esp, ebp
00454603 |. 5D pop ebp
00454604 \. C3 retn
总算法CALL 004C9430进入:
004C9430 /$ 55 push ebp
004C9431 |. 8BEC mov ebp, esp
004C9433 |. 6A FF push -1
004C9435 |. 68 5A6D5900 push 00596D5A ; 膏-\; SE 处理程序安装
004C943A |. 64:A1 0000000>mov eax, dword ptr fs:[0]
004C9440 |. 50 push eax
004C9441 |. 64:8925 00000>mov dword ptr fs:[0], esp
004C9448 |. 81EC 98060000 sub esp, 698
004C944E |. 56 push esi
004C944F |. 57 push edi
004C9450 |. 898D B4F9FFFF mov dword ptr [ebp-64C], ecx
004C9456 |. C745 FC 00000>mov dword ptr [ebp-4], 0
004C945D |. A1 9C7C5E00 mov eax, dword ptr [5E7C9C]
004C9462 |. 8985 24FBFFFF mov dword ptr [ebp-4DC], eax
004C9468 |. C645 FC 01 mov byte ptr [ebp-4], 1
004C946C |. 68 782A5E00 push 005E2A78 ; 9 出现固定字符串,经多台电脑测试,字符串固定的,但不完整,后来又多出28位,估计是由短字符串的计算结果
004C9471 |. 68 7C2B5E00 push 005E2B7C ; %
004C9476 |. 8D8D 24FBFFFF lea ecx, dword ptr [ebp-4DC]
004C947C |. 51 push ecx
004C947D |. E8 5A220A00 call 0056B6DC
004C9482 |. 83C4 0C add esp, 0C
004C9485 |. 68 08020000 push 208 ; /BufSize = 208 (520.)
004C948A |. 8D95 14FDFFFF lea edx, dword ptr [ebp-2EC] ; |
004C9490 |. 52 push edx ; |PathBuffer
004C9491 |. 6A 00 push 0 ; |hModule = NULL
004C9493 |. FF15 B4E45900 call dword ptr [<&KERNEL32.GetModuleF>; \GetModuleFileNameW
004C9499 |. 8D85 14FDFFFF lea eax, dword ptr [ebp-2EC]
004C949F |. 50 push eax
004C94A0 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C94A6 |. E8 DB4A0A00 call 0056DF86
004C94AB |. C645 FC 02 mov byte ptr [ebp-4], 2
004C94AF |. 6A 5C push 5C
004C94B1 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C94B7 |. E8 8A1E0A00 call 0056B346
004C94BC |. 8985 28FBFFFF mov dword ptr [ebp-4D8], eax
004C94C2 |. 8B8D 28FBFFFF mov ecx, dword ptr [ebp-4D8]
004C94C8 |. 83C1 01 add ecx, 1
004C94CB |. 51 push ecx
004C94CC |. 8D95 60FCFFFF lea edx, dword ptr [ebp-3A0]
004C94D2 |. 52 push edx
004C94D3 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C94D9 |. E8 F01D0A00 call 0056B2CE
004C94DE |. C645 FC 03 mov byte ptr [ebp-4], 3
004C94E2 |. A1 9C7C5E00 mov eax, dword ptr [5E7C9C]
004C94E7 |. 8945 BC mov dword ptr [ebp-44], eax
004C94EA |. C645 FC 04 mov byte ptr [ebp-4], 4
004C94EE |. 8B0D 9C7C5E00 mov ecx, dword ptr [5E7C9C] ; Registry.005E7CB0
004C94F4 |. 898D 1CFFFFFF mov dword ptr [ebp-E4], ecx
004C94FA |. C645 FC 05 mov byte ptr [ebp-4], 5
004C94FE |. 68 ACD45E00 push 005ED4AC
004C9503 |. 8B55 08 mov edx, dword ptr [ebp+8] ; 取出假码
004C9506 |. 52 push edx
004C9507 |. E8 59F20800 call 00558765 ; 判断是否上次已注册
004C950C |. 83C4 08 add esp, 8
004C950F |. 8985 F0F9FFFF mov dword ptr [ebp-610], eax
004C9515 |. 33C0 xor eax, eax
004C9517 |. 83BD F0F9FFFF>cmp dword ptr [ebp-610], 0
004C951E |. 0F94C0 sete al
004C9521 |. 25 FF000000 and eax, 0FF
004C9526 |. 85C0 test eax, eax
004C9528 |. 0F84 18020000 je 004C9746 ; 未注册过就跳走去注册
004C952E |. 68 842B5E00 push 005E2B84 ; r ---005E2B84=005E2B84 (UNICODE "reg.ini")
004C9533 |. 8D8D 60FCFFFF lea ecx, dword ptr [ebp-3A0]
004C9539 |. 51 push ecx ; ---注册成功过就来到这里再次验证成功后产生REG.INI文件
004C953A |. 8D95 F0FAFFFF lea edx, dword ptr [ebp-510]
004C9540 |. 52 push edx
004C9541 |. E8 714C0A00 call 0056E1B7
004C9546 |. 8985 ECF9FFFF mov dword ptr [ebp-614], eax
004C954C |. 8B85 ECF9FFFF mov eax, dword ptr [ebp-614]
004C9552 |. 8B08 mov ecx, dword ptr [eax]
004C9554 |. 898D E8F9FFFF mov dword ptr [ebp-618], ecx
004C955A |. 8B95 E8F9FFFF mov edx, dword ptr [ebp-618]
004C9560 |. 52 push edx ; /Path
004C9561 |. FF15 34E55900 call dword ptr [<&SHLWAPI.PathFileExi>; \PathFileExistsW
004C9567 |. F7D8 neg eax
004C9569 |. 1BC0 sbb eax, eax
004C956B |. 40 inc eax
004C956C |. 8885 F4FAFFFF mov byte ptr [ebp-50C], al
004C9572 |. 8D8D F0FAFFFF lea ecx, dword ptr [ebp-510]
004C9578 |. E8 95490A00 call 0056DF12
004C957D |. 8B85 F4FAFFFF mov eax, dword ptr [ebp-50C]
004C9583 |. 25 FF000000 and eax, 0FF
004C9588 |. 85C0 test eax, eax
004C958A |. 74 6C je short 004C95F8
004C958C |. C785 ECFAFFFF>mov dword ptr [ebp-514], 0
004C9596 |. C645 FC 04 mov byte ptr [ebp-4], 4
004C959A |. 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
004C95A0 |. E8 6D490A00 call 0056DF12
004C95A5 |. C645 FC 03 mov byte ptr [ebp-4], 3
004C95A9 |. 8D4D BC lea ecx, dword ptr [ebp-44]
004C95AC |. E8 61490A00 call 0056DF12
004C95B1 |. C645 FC 02 mov byte ptr [ebp-4], 2
004C95B5 |. 8D8D 60FCFFFF lea ecx, dword ptr [ebp-3A0]
004C95BB |. E8 52490A00 call 0056DF12
004C95C0 |. C645 FC 01 mov byte ptr [ebp-4], 1
004C95C4 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C95CA |. E8 43490A00 call 0056DF12
004C95CF |. C645 FC 00 mov byte ptr [ebp-4], 0
004C95D3 |. 8D8D 24FBFFFF lea ecx, dword ptr [ebp-4DC]
004C95D9 |. E8 34490A00 call 0056DF12
004C95DE |. C745 FC FFFFF>mov dword ptr [ebp-4], -1
004C95E5 |. 8D4D 08 lea ecx, dword ptr [ebp+8]
004C95E8 |. E8 25490A00 call 0056DF12
004C95ED |. 8B85 ECFAFFFF mov eax, dword ptr [ebp-514]
004C95F3 |. E9 C00E0000 jmp 004CA4B8
004C95F8 |> 8D8D 0CFBFFFF lea ecx, dword ptr [ebp-4F4]
004C95FE |. E8 76A20A00 call 00573879
004C9603 |. C645 FC 06 mov byte ptr [ebp-4], 6
004C9607 |. 8D8D F8FAFFFF lea ecx, dword ptr [ebp-508]
004C960D |. E8 E49D0A00 call 005733F6
004C9612 |. C645 FC 07 mov byte ptr [ebp-4], 7
004C9616 |. 8D8D 08FBFFFF lea ecx, dword ptr [ebp-4F8]
004C961C |. 898D E4F9FFFF mov dword ptr [ebp-61C], ecx
004C9622 |. 8B95 E4F9FFFF mov edx, dword ptr [ebp-61C]
004C9628 |. A1 9C7C5E00 mov eax, dword ptr [5E7C9C]
004C962D |. 8902 mov dword ptr [edx], eax
004C962F |. C645 FC 08 mov byte ptr [ebp-4], 8
004C9633 |. C785 F8FAFFFF>mov dword ptr [ebp-508], 005ACDF4
004C963D |. C785 00FBFFFF>mov dword ptr [ebp-500], 0
004C9647 |. C785 04FBFFFF>mov dword ptr [ebp-4FC], -1
004C9651 |. 6A 00 push 0
004C9653 |. 8D8D 08FBFFFF lea ecx, dword ptr [ebp-4F8]
004C9659 |. E8 4B4A0A00 call 0056E0A9
004C965E |. C645 FC 09 mov byte ptr [ebp-4], 9
004C9662 |. 68 942B5E00 push 005E2B94 ; UNICODE "reg.ini"
004C9667 |. 8D8D 60FCFFFF lea ecx, dword ptr [ebp-3A0]
004C966D |. 51 push ecx
004C966E |. 8D95 E8FAFFFF lea edx, dword ptr [ebp-518]
004C9674 |. 52 push edx
004C9675 |. E8 3D4B0A00 call 0056E1B7
004C967A |. 8985 B0F9FFFF mov dword ptr [ebp-650], eax
004C9680 |. 8B85 B0F9FFFF mov eax, dword ptr [ebp-650]
004C9686 |. 8985 E0F9FFFF mov dword ptr [ebp-620], eax
004C968C |. C645 FC 0A mov byte ptr [ebp-4], 0A
004C9690 |. 8B8D E0F9FFFF mov ecx, dword ptr [ebp-620]
004C9696 |. 8B11 mov edx, dword ptr [ecx]
004C9698 |. 8995 DCF9FFFF mov dword ptr [ebp-624], edx
004C969E |. 8D85 F8FAFFFF lea eax, dword ptr [ebp-508]
004C96A4 |. 50 push eax
004C96A5 |. 6A 00 push 0
004C96A7 |. 8B8D DCF9FFFF mov ecx, dword ptr [ebp-624]
004C96AD |. 51 push ecx
004C96AE |. 8D8D 0CFBFFFF lea ecx, dword ptr [ebp-4F4]
004C96B4 |. E8 CEA20A00 call 00573987
004C96B9 |. C645 FC 09 mov byte ptr [ebp-4], 9
004C96BD |. 8D8D E8FAFFFF lea ecx, dword ptr [ebp-518]
004C96C3 |. E8 4A480A00 call 0056DF12
004C96C8 |> 8D95 1CFFFFFF /lea edx, dword ptr [ebp-E4]
004C96CE |. 52 |push edx
004C96CF |. 8D8D 0CFBFFFF |lea ecx, dword ptr [ebp-4F4]
004C96D5 |. E8 92A40A00 |call 00573B6C
004C96DA |. 85C0 |test eax, eax
004C96DC |. 74 11 |je short 004C96EF
004C96DE |. 8D85 1CFFFFFF |lea eax, dword ptr [ebp-E4]
004C96E4 |. 50 |push eax
004C96E5 |. 8D4D BC |lea ecx, dword ptr [ebp-44]
004C96E8 |. E8 524C0A00 |call 0056E33F
004C96ED |.^ EB D9 \jmp short 004C96C8
004C96EF |> 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
004C96F5 |. 51 push ecx
004C96F6 |. 8D4D BC lea ecx, dword ptr [ebp-44]
004C96F9 |. E8 414C0A00 call 0056E33F
004C96FE |. 8D8D 0CFBFFFF lea ecx, dword ptr [ebp-4F4]
004C9704 |. E8 B6A50A00 call 00573CBF
004C9709 |. 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
004C970F |. E8 86470A00 call 0056DE9A
004C9714 |. C645 FC 06 mov byte ptr [ebp-4], 6
004C9718 |. C785 F8FAFFFF>mov dword ptr [ebp-508], 005ACDF4
004C9722 |. C645 FC 0B mov byte ptr [ebp-4], 0B
004C9726 |. 8D8D 08FBFFFF lea ecx, dword ptr [ebp-4F8]
004C972C |. E8 E1470A00 call 0056DF12
004C9731 |. C645 FC 06 mov byte ptr [ebp-4], 6
004C9735 |. C645 FC 05 mov byte ptr [ebp-4], 5
004C9739 |. 8D8D 0CFBFFFF lea ecx, dword ptr [ebp-4F4]
004C973F |. E8 00A20A00 call 00573944
004C9744 |. EB 0C jmp short 004C9752
004C9746 |> 8D55 08 lea edx, dword ptr [ebp+8] ; 首次注册来到这
004C9749 |. 52 push edx
004C974A |. 8D4D BC lea ecx, dword ptr [ebp-44]
004C974D |. E8 07490A00 call 0056E059
004C9752 |> 8D4D BC lea ecx, dword ptr [ebp-44]
004C9755 |. E8 19210A00 call 0056B873
004C975A |. 8D4D BC lea ecx, dword ptr [ebp-44] ; 假码
004C975D |. E8 20200A00 call 0056B782
004C9762 |. 68 B0D45E00 push 005ED4B0
004C9767 |. 68 A42B5E00 push 005E2BA4 ; \n
004C976C |. 8D4D BC lea ecx, dword ptr [ebp-44]
004C976F |. E8 B4180A00 call 0056B028
004C9774 |. 68 B4D45E00 push 005ED4B4
004C9779 |. 68 A82B5E00 push 005E2BA8 ; \n
004C977E |. 8D4D BC lea ecx, dword ptr [ebp-44]
004C9781 |. E8 A2180A00 call 0056B028
004C9786 |. 68 B8D45E00 push 005ED4B8
004C978B |. 68 AC2B5E00 push 005E2BAC ; \
004C9790 |. 8D4D BC lea ecx, dword ptr [ebp-44]
004C9793 |. E8 90180A00 call 0056B028 ; 算出注册码长度
004C9798 |. 8B45 BC mov eax, dword ptr [ebp-44]
004C979B |. 8B48 F8 mov ecx, dword ptr [eax-8]
004C979E |. 898D D8F9FFFF mov dword ptr [ebp-628], ecx
004C97A4 |. 83BD D8F9FFFF>cmp dword ptr [ebp-628], 78 ; 限定注册码长度要大于等于78H
004C97AB |. 7C 18 jl short 004C97C5
004C97AD |. 8B55 BC mov edx, dword ptr [ebp-44]
004C97B0 |. 8B42 F8 mov eax, dword ptr [edx-8]
004C97B3 |. 8985 D4F9FFFF mov dword ptr [ebp-62C], eax
004C97B9 |. 81BD D4F9FFFF>cmp dword ptr [ebp-62C], 82 ; 注册码长度小于等于82H
004C97C3 |. 7E 6C jle short 004C9831 ; 否则不跳,注册失败
004C97C5 |> C785 E4FAFFFF>mov dword ptr [ebp-51C], 0
004C97CF |. C645 FC 04 mov byte ptr [ebp-4], 4
004C97D3 |. 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
004C97D9 |. E8 34470A00 call 0056DF12
004C97DE |. C645 FC 03 mov byte ptr [ebp-4], 3
004C97E2 |. 8D4D BC lea ecx, dword ptr [ebp-44]
004C97E5 |. E8 28470A00 call 0056DF12
004C97EA |. C645 FC 02 mov byte ptr [ebp-4], 2
004C97EE |. 8D8D 60FCFFFF lea ecx, dword ptr [ebp-3A0]
004C97F4 |. E8 19470A00 call 0056DF12
004C97F9 |. C645 FC 01 mov byte ptr [ebp-4], 1
004C97FD |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9803 |. E8 0A470A00 call 0056DF12
004C9808 |. C645 FC 00 mov byte ptr [ebp-4], 0
004C980C |. 8D8D 24FBFFFF lea ecx, dword ptr [ebp-4DC]
004C9812 |. E8 FB460A00 call 0056DF12
004C9817 |. C745 FC FFFFF>mov dword ptr [ebp-4], -1
004C981E |. 8D4D 08 lea ecx, dword ptr [ebp+8]
004C9821 |. E8 EC460A00 call 0056DF12
004C9826 |. 8B85 E4FAFFFF mov eax, dword ptr [ebp-51C]
004C982C |. E9 870C0000 jmp 004CA4B8
004C9831 |> 68 B42B5E00 push 005E2BB4 ; 1---005E2BB4=005E2BB4 (UNICODE "116AB")
004C9836 |. 8D8D 64FCFFFF lea ecx, dword ptr [ebp-39C] ; 又出现固定字符串
004C983C |. E8 45470A00 call 0056DF86
004C9841 |. C645 FC 0C mov byte ptr [ebp-4], 0C
004C9845 |. 8B0D 9C7C5E00 mov ecx, dword ptr [5E7C9C] ; Registry.005E7CB0
004C984B |. 898D 20FBFFFF mov dword ptr [ebp-4E0], ecx
004C9851 |. C645 FC 0D mov byte ptr [ebp-4], 0D
004C9855 |. 8D8D 2CFBFFFF lea ecx, dword ptr [ebp-4D4]
004C985B |. E8 D086F3FF call 00401F30 ; 取到存放空间
004C9860 |. C645 FC 0E mov byte ptr [ebp-4], 0E
004C9864 |. 8D8D 84FCFFFF lea ecx, dword ptr [ebp-37C]
004C986A |. E8 C186F3FF call 00401F30
004C986F |. C645 FC 0F mov byte ptr [ebp-4], 0F
004C9873 |. 8D8D C0FBFFFF lea ecx, dword ptr [ebp-440]
004C9879 |. E8 B286F3FF call 00401F30
004C987E |. C645 FC 10 mov byte ptr [ebp-4], 10
004C9882 |. 8D8D 20FFFFFF lea ecx, dword ptr [ebp-E0]
004C9888 |. E8 A386F3FF call 00401F30
004C988D |. C645 FC 11 mov byte ptr [ebp-4], 11
004C9891 |. 6A 10 push 10
004C9893 |. 8D95 24FBFFFF lea edx, dword ptr [ebp-4DC]
004C9899 |. 52 push edx
004C989A |. 8D8D 2CFBFFFF lea ecx, dword ptr [ebp-4D4]
004C98A0 |. E8 229DF3FF call 004035C7 ; 转为十六进制字符
004C98A5 |. 6A 10 push 10
004C98A7 |. 8D85 64FCFFFF lea eax, dword ptr [ebp-39C]
004C98AD |. 50 push eax
004C98AE |. 8D8D 84FCFFFF lea ecx, dword ptr [ebp-37C]
004C98B4 |. E8 0E9DF3FF call 004035C7 ; 固定字符串"116AB"转十六制字符
004C98B9 |. 6A 10 push 10
004C98BB |. 8D4D BC lea ecx, dword ptr [ebp-44]
004C98BE |. 51 push ecx
004C98BF |. 8D8D 20FFFFFF lea ecx, dword ptr [ebp-E0]
004C98C5 |. E8 FD9CF3FF call 004035C7 ; 假码转为十六制字符,所以说假码要是0到F之间的字符
004C98CA |. 8D95 2CFBFFFF lea edx, dword ptr [ebp-4D4]
004C98D0 |. 52 push edx
004C98D1 |. 8D85 84FCFFFF lea eax, dword ptr [ebp-37C]
004C98D7 |. 50 push eax
004C98D8 |. 8D8D 54FAFFFF lea ecx, dword ptr [ebp-5AC]
004C98DE |. 51 push ecx
004C98DF |. 8D8D 20FFFFFF lea ecx, dword ptr [ebp-E0]
004C98E5 |. E8 0DA5F3FF call 00403DF7 ; 关键算法CALL F7进入
004C98EA |. 8985 ACF9FFFF mov dword ptr [ebp-654], eax
004C98F0 |. 8BB5 ACF9FFFF mov esi, dword ptr [ebp-654]
004C98F6 |. B9 24000000 mov ecx, 24
004C98FB |. 8DBD C0FBFFFF lea edi, dword ptr [ebp-440]
004C9901 |. F3:A5 rep movs dword ptr es:[edi], dword p>
004C9903 |. 8D8D 54FAFFFF lea ecx, dword ptr [ebp-5AC]
004C9909 |. E8 6386F3FF call 00401F71
004C990E |. 6A 10 push 10
004C9910 |. 8D95 20FBFFFF lea edx, dword ptr [ebp-4E0]
004C9916 |. 52 push edx
004C9917 |. 8D8D C0FBFFFF lea ecx, dword ptr [ebp-440]
004C991D |. E8 109FF3FF call 00403832 ; 处理关键算法CALL的计算结果并连接成字符串
004C9922 |. 8B85 20FBFFFF mov eax, dword ptr [ebp-4E0]
004C9928 |. 8B48 F8 mov ecx, dword ptr [eax-8] ; 第一次判断注册码正确与否
004C992B |. 898D D0F9FFFF mov dword ptr [ebp-630], ecx
004C9931 |. 8B95 D0F9FFFF mov edx, dword ptr [ebp-630]
004C9937 |. 81E2 01000080 and edx, 80000001 ;尾数与1相与
004C993D |. 79 05 jns short 004C9944
004C993F |. 4A dec edx
004C9940 |. 83CA FE or edx, FFFFFFFE
004C9943 |. 42 inc edx
004C9944 |> 83FA 01 cmp edx, 1 ; 这里也就是限定经过上面计算的结果长度尾数要为0才通过
004C9947 |. 0F85 C6000000 jnz 004C9A13 ; 不跳即失败
004C994D |. C785 50FAFFFF>mov dword ptr [ebp-5B0], 0
004C9957 |. C645 FC 10 mov byte ptr [ebp-4], 10
004C995B |. 8D8D 20FFFFFF lea ecx, dword ptr [ebp-E0]
004C9961 |. E8 0B86F3FF call 00401F71
...........................此处省略多行
004C9A0E |. E9 A50A0000 jmp 004CA4B8
004C9A13 |> 51 push ecx
004C9A14 |. 8BCC mov ecx, esp
004C9A16 |. 89A5 4CFAFFFF mov dword ptr [ebp-5B4], esp
004C9A1C |. 8D85 20FBFFFF lea eax, dword ptr [ebp-4E0]
004C9A22 |. 50 push eax
004C9A23 |. E8 57420A00 call 0056DC7F ; 锁定上面计算结果
004C9A28 |. 8985 A8F9FFFF mov dword ptr [ebp-658], eax
004C9A2E |. 8D8D 48FAFFFF lea ecx, dword ptr [ebp-5B8]
004C9A34 |. 51 push ecx
004C9A35 |. 8B8D B4F9FFFF mov ecx, dword ptr [ebp-64C]
004C9A3B |. E8 80680000 call 004D02C0 ; 对上面结果双字节处理,并调整成反顺序作为ASC码转为字符串
004C9A40 |. 8985 A4F9FFFF mov dword ptr [ebp-65C], eax
004C9A46 |. 8B95 A4F9FFFF mov edx, dword ptr [ebp-65C]
004C9A4C |. 8995 A0F9FFFF mov dword ptr [ebp-660], edx
004C9A52 |. C645 FC 12 mov byte ptr [ebp-4], 12
004C9A56 |. 8B85 A0F9FFFF mov eax, dword ptr [ebp-660]
004C9A5C |. 50 push eax
004C9A5D |. 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
004C9A63 |. E8 F1450A00 call 0056E059
004C9A68 |. C645 FC 11 mov byte ptr [ebp-4], 11
004C9A6C |. 8D8D 48FAFFFF lea ecx, dword ptr [ebp-5B8]
004C9A72 |. E8 9B440A00 call 0056DF12
004C9A77 |. 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
004C9A7D |. 51 push ecx
004C9A7E |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9A84 |. E8 D0450A00 call 0056E059
004C9A89 |. 6A 02 push 2
004C9A8B |. 8D95 44FAFFFF lea edx, dword ptr [ebp-5BC]
004C9A91 |. 52 push edx
004C9A92 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9A98 |. E8 31180A00 call 0056B2CE
004C9A9D |. 8985 9CF9FFFF mov dword ptr [ebp-664], eax
004C9AA3 |. 8B85 9CF9FFFF mov eax, dword ptr [ebp-664]
004C9AA9 |. 8985 98F9FFFF mov dword ptr [ebp-668], eax
004C9AAF |. C645 FC 13 mov byte ptr [ebp-4], 13
004C9AB3 |. 8B8D 98F9FFFF mov ecx, dword ptr [ebp-668]
004C9AB9 |. 51 push ecx
004C9ABA |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9AC0 |. E8 94450A00 call 0056E059
004C9AC5 |. C645 FC 11 mov byte ptr [ebp-4], 11
004C9AC9 |. 8D8D 44FAFFFF lea ecx, dword ptr [ebp-5BC]
004C9ACF |. E8 3E440A00 call 0056DF12
004C9AD4 |. 68 C02B5E00 push 005E2BC0 ; 计算结果前两位数转为字符必须为RW
004C9AD9 |. 8B95 78FCFFFF mov edx, dword ptr [ebp-388]
004C9ADF |. 52 push edx
004C9AE0 |. E8 80EC0800 call 00558765 ; 比较CALL
004C9AE5 |. 83C4 08 add esp, 8
004C9AE8 |. 8985 CCF9FFFF mov dword ptr [ebp-634], eax
004C9AEE |. 33C0 xor eax, eax
004C9AF0 |. 83BD CCF9FFFF>cmp dword ptr [ebp-634], 0 ; 比较成功的EAX值与0比较
004C9AF7 |. 0F95C0 setne al ; 为0就是不相等就赋值AL为1
004C9AFA |. 25 FF000000 and eax, 0FF
004C9AFF |. 85C0 test eax, eax
004C9B01 0F84 D6000000 je 004C9BDD ; 应该是关键跳,不跳失败
004C9B07 |. 8B8D B4F9FFFF mov ecx, dword ptr [ebp-64C]
004C9B0D |. C781 14010000>mov dword ptr [ecx+114], 0
004C9B17 |. C785 40FAFFFF>mov dword ptr [ebp-5C0], 0
004C9B21 |. C645 FC 10 mov byte ptr [ebp-4], 10
004C9B25 |. 8D8D 20FFFFFF lea ecx, dword ptr [ebp-E0]
004C9B2B |. E8 4184F3FF call 00401F71
004C9B30 |. C645 FC 0F mov byte ptr [ebp-4], 0F
004C9B34 |. 8D8D C0FBFFFF lea ecx, dword ptr [ebp-440]
004C9B3A |. E8 3284F3FF call 00401F71
004C9B3F |. C645 FC 0E mov byte ptr [ebp-4], 0E
004C9B43 |. 8D8D 84FCFFFF lea ecx, dword ptr [ebp-37C]
004C9B49 |. E8 2384F3FF call 00401F71
004C9B4E |. C645 FC 0D mov byte ptr [ebp-4], 0D
004C9B52 |. 8D8D 2CFBFFFF lea ecx, dword ptr [ebp-4D4]
004C9B58 |. E8 1484F3FF call 00401F71
004C9B5D |. C645 FC 0C mov byte ptr [ebp-4], 0C
004C9B61 |. 8D8D 20FBFFFF lea ecx, dword ptr [ebp-4E0]
004C9B67 |. E8 A6430A00 call 0056DF12
004C9B6C |. C645 FC 05 mov byte ptr [ebp-4], 5
004C9B70 |. 8D8D 64FCFFFF lea ecx, dword ptr [ebp-39C]
004C9B76 |. E8 97430A00 call 0056DF12
004C9B7B |. C645 FC 04 mov byte ptr [ebp-4], 4
004C9B7F |. 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
004C9B85 |. E8 88430A00 call 0056DF12
004C9B8A |. C645 FC 03 mov byte ptr [ebp-4], 3
004C9B8E |. 8D4D BC lea ecx, dword ptr [ebp-44]
004C9B91 |. E8 7C430A00 call 0056DF12
004C9B96 |. C645 FC 02 mov byte ptr [ebp-4], 2
004C9B9A |. 8D8D 60FCFFFF lea ecx, dword ptr [ebp-3A0]
004C9BA0 |. E8 6D430A00 call 0056DF12
004C9BA5 |. C645 FC 01 mov byte ptr [ebp-4], 1
004C9BA9 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9BAF |. E8 5E430A00 call 0056DF12
004C9BB4 |. C645 FC 00 mov byte ptr [ebp-4], 0
004C9BB8 |. 8D8D 24FBFFFF lea ecx, dword ptr [ebp-4DC]
004C9BBE |. E8 4F430A00 call 0056DF12
004C9BC3 |. C745 FC FFFFF>mov dword ptr [ebp-4], -1
004C9BCA |. 8D4D 08 lea ecx, dword ptr [ebp+8]
004C9BCD |. E8 40430A00 call 0056DF12
004C9BD2 |. 8B85 40FAFFFF mov eax, dword ptr [ebp-5C0]
004C9BD8 |. E9 DB080000 jmp 004CA4B8
004C9BDD |> C785 6CFCFFFF>mov dword ptr [ebp-394], 0 ; 比较相等就跳到这继续
004C9BE7 |. C785 68FCFFFF>mov dword ptr [ebp-398], 0
004C9BF1 |. C785 70FCFFFF>mov dword ptr [ebp-390], 0
004C9BFB |. 8D95 1CFFFFFF lea edx, dword ptr [ebp-E4]
004C9C01 |. 52 push edx
004C9C02 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9C08 |. E8 4C440A00 call 0056E059 ; 取出字符串的第4--7位
004C9C0D |. 6A 04 push 4
004C9C0F |. 6A 03 push 3
004C9C11 |. 8D85 3CFAFFFF lea eax, dword ptr [ebp-5C4]
004C9C17 |. 50 push eax
004C9C18 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9C1E |. E8 99150A00 call 0056B1BC
004C9C23 |. 8985 94F9FFFF mov dword ptr [ebp-66C], eax
004C9C29 |. 8B8D 94F9FFFF mov ecx, dword ptr [ebp-66C]
004C9C2F |. 898D 90F9FFFF mov dword ptr [ebp-670], ecx
004C9C35 |. C645 FC 14 mov byte ptr [ebp-4], 14
004C9C39 |. 8B95 90F9FFFF mov edx, dword ptr [ebp-670]
004C9C3F |. 52 push edx
004C9C40 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9C46 |. E8 0E440A00 call 0056E059 ; 取出字符串的第9--10位
004C9C4B |. C645 FC 11 mov byte ptr [ebp-4], 11
004C9C4F |. 8D8D 3CFAFFFF lea ecx, dword ptr [ebp-5C4]
004C9C55 |. E8 B8420A00 call 0056DF12
004C9C5A |. 8B85 78FCFFFF mov eax, dword ptr [ebp-388]
004C9C60 |. 50 push eax
004C9C61 |. E8 98E30800 call 00557FFE
004C9C66 |. 83C4 04 add esp, 4
004C9C69 |. 8985 6CFCFFFF mov dword ptr [ebp-394], eax
004C9C6F |. 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
004C9C75 |. 51 push ecx
004C9C76 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9C7C |. E8 D8430A00 call 0056E059 ; 取出字符串的第12--13位
004C9C81 |. 6A 02 push 2
004C9C83 |. 6A 08 push 8
004C9C85 |. 8D95 38FAFFFF lea edx, dword ptr [ebp-5C8]
004C9C8B |. 52 push edx
004C9C8C |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9C92 |. E8 25150A00 call 0056B1BC
004C9C97 |. 8985 8CF9FFFF mov dword ptr [ebp-674], eax
004C9C9D |. 8B85 8CF9FFFF mov eax, dword ptr [ebp-674]
004C9CA3 |. 8985 88F9FFFF mov dword ptr [ebp-678], eax
004C9CA9 |. C645 FC 15 mov byte ptr [ebp-4], 15
004C9CAD |. 8B8D 88F9FFFF mov ecx, dword ptr [ebp-678]
004C9CB3 |. 51 push ecx
004C9CB4 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9CBA |. E8 9A430A00 call 0056E059 ; 取出字符串
004C9CBF |. C645 FC 11 mov byte ptr [ebp-4], 11
004C9CC3 |. 8D8D 38FAFFFF lea ecx, dword ptr [ebp-5C8]
004C9CC9 |. E8 44420A00 call 0056DF12
004C9CCE |. 8B95 78FCFFFF mov edx, dword ptr [ebp-388]
004C9CD4 |. 52 push edx
004C9CD5 |. E8 24E30800 call 00557FFE
004C9CDA |. 83C4 04 add esp, 4
004C9CDD |. 8985 68FCFFFF mov dword ptr [ebp-398], eax
004C9CE3 |. 8D85 1CFFFFFF lea eax, dword ptr [ebp-E4]
004C9CE9 |. 50 push eax
004C9CEA |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9CF0 |. E8 64430A00 call 0056E059 ; 取出字符串
004C9CF5 |. 6A 02 push 2
004C9CF7 |. 6A 0B push 0B
004C9CF9 |. 8D8D 34FAFFFF lea ecx, dword ptr [ebp-5CC]
004C9CFF |. 51 push ecx
004C9D00 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9D06 |. E8 B1140A00 call 0056B1BC
004C9D0B |. 8985 84F9FFFF mov dword ptr [ebp-67C], eax
004C9D11 |. 8B95 84F9FFFF mov edx, dword ptr [ebp-67C]
004C9D17 |. 8995 80F9FFFF mov dword ptr [ebp-680], edx
004C9D1D |. C645 FC 16 mov byte ptr [ebp-4], 16
004C9D21 |. 8B85 80F9FFFF mov eax, dword ptr [ebp-680]
004C9D27 |. 50 push eax
004C9D28 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9D2E |. E8 26430A00 call 0056E059 ; 取出字符串
004C9D33 |. C645 FC 11 mov byte ptr [ebp-4], 11
004C9D37 |. 8D8D 34FAFFFF lea ecx, dword ptr [ebp-5CC]
004C9D3D |. E8 D0410A00 call 0056DF12
004C9D42 |. 8B8D 78FCFFFF mov ecx, dword ptr [ebp-388]
004C9D48 |. 51 push ecx
004C9D49 |. E8 B0E20800 call 00557FFE
004C9D4E |. 83C4 04 add esp, 4
004C9D51 |. 8985 70FCFFFF mov dword ptr [ebp-390], eax
004C9D57 |. 6A FF push -1
004C9D59 |. 6A 00 push 0
004C9D5B |. 6A 00 push 0
004C9D5D |. 6A 00 push 0
004C9D5F |. 8B95 70FCFFFF mov edx, dword ptr [ebp-390]
004C9D65 |. 52 push edx
004C9D66 |. 8B85 68FCFFFF mov eax, dword ptr [ebp-398]
004C9D6C |. 50 push eax
004C9D6D |. 8B8D 6CFCFFFF mov ecx, dword ptr [ebp-394]
004C9D73 |. 51 push ecx
004C9D74 |. 8D8D 7CFCFFFF lea ecx, dword ptr [ebp-384]
004C9D7A |. E8 2C1C0A00 call 0056B9AB
004C9D7F |. C745 B4 00000>mov dword ptr [ebp-4C], 0
004C9D86 |. 6A 34 push 34
004C9D88 |. 6A 00 push 0
004C9D8A |. 8D55 C0 lea edx, dword ptr [ebp-40]
004C9D8D |. 52 push edx
004C9D8E |. E8 8DDD0800 call 00557B20
004C9D93 |. 83C4 0C add esp, 0C
004C9D96 |. 68 08020000 push 208 ; /BufSize = 208 (520.)
004C9D9B |. 8D85 14FDFFFF lea eax, dword ptr [ebp-2EC] ; |
004C9DA1 |. 50 push eax ; |PathBuffer
004C9DA2 |. 6A 00 push 0 ; |hModule = NULL
004C9DA4 |. FF15 B4E45900 call dword ptr [<&KERNEL32.GetModuleF>; \GetModuleFileNameW
004C9DAA |. 6A 00 push 0 ; /hTemplateFile = NULL
004C9DAC |. 6A 27 push 27 ; |Attributes = READONLY|HIDDEN|SYSTEM|ARCHIVE
004C9DAE |. 6A 03 push 3 ; |Mode = OPEN_EXISTING
004C9DB0 |. 6A 00 push 0 ; |pSecurity = NULL
004C9DB2 |. 6A 01 push 1 ; |ShareMode = FILE_SHARE_READ
004C9DB4 |. 68 00000080 push 80000000 ; |Access = GENERIC_READ
004C9DB9 |. 8D8D 14FDFFFF lea ecx, dword ptr [ebp-2EC] ; |
004C9DBF |. 51 push ecx ; |FileName
004C9DC0 |. FF15 B8E45900 call dword ptr [<&KERNEL32.CreateFile>; \CreateFileW
004C9DC6 |. 8985 BCFBFFFF mov dword ptr [ebp-444], eax
004C9DCC |. 83BD BCFBFFFF>cmp dword ptr [ebp-444], -1
004C9DD3 |. 0F85 C6000000 jnz 004C9E9F
004C9DD9 |. C785 30FAFFFF>mov dword ptr [ebp-5D0], 0
004C9DE3 |. C645 FC 10 mov byte ptr [ebp-4], 10
004C9DE7 |. 8D8D 20FFFFFF lea ecx, dword ptr [ebp-E0]
004C9DED |. E8 7F81F3FF call 00401F71
004C9DF2 |. C645 FC 0F mov byte ptr [ebp-4], 0F
004C9DF6 |. 8D8D C0FBFFFF lea ecx, dword ptr [ebp-440]
004C9DFC |. E8 7081F3FF call 00401F71
004C9E01 |. C645 FC 0E mov byte ptr [ebp-4], 0E
004C9E05 |. 8D8D 84FCFFFF lea ecx, dword ptr [ebp-37C]
004C9E0B |. E8 6181F3FF call 00401F71
004C9E10 |. C645 FC 0D mov byte ptr [ebp-4], 0D
004C9E14 |. 8D8D 2CFBFFFF lea ecx, dword ptr [ebp-4D4]
004C9E1A |. E8 5281F3FF call 00401F71
004C9E1F |. C645 FC 0C mov byte ptr [ebp-4], 0C
004C9E23 |. 8D8D 20FBFFFF lea ecx, dword ptr [ebp-4E0]
004C9E29 |. E8 E4400A00 call 0056DF12
004C9E2E |. C645 FC 05 mov byte ptr [ebp-4], 5
004C9E32 |. 8D8D 64FCFFFF lea ecx, dword ptr [ebp-39C]
004C9E38 |. E8 D5400A00 call 0056DF12
004C9E3D |. C645 FC 04 mov byte ptr [ebp-4], 4
004C9E41 |. 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
004C9E47 |. E8 C6400A00 call 0056DF12
004C9E4C |. C645 FC 03 mov byte ptr [ebp-4], 3
004C9E50 |. 8D4D BC lea ecx, dword ptr [ebp-44]
004C9E53 |. E8 BA400A00 call 0056DF12
004C9E58 |. C645 FC 02 mov byte ptr [ebp-4], 2
004C9E5C |. 8D8D 60FCFFFF lea ecx, dword ptr [ebp-3A0]
004C9E62 |. E8 AB400A00 call 0056DF12
004C9E67 |. C645 FC 01 mov byte ptr [ebp-4], 1
004C9E6B |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9E71 |. E8 9C400A00 call 0056DF12
004C9E76 |. C645 FC 00 mov byte ptr [ebp-4], 0
004C9E7A |. 8D8D 24FBFFFF lea ecx, dword ptr [ebp-4DC]
004C9E80 |. E8 8D400A00 call 0056DF12
004C9E85 |. C745 FC FFFFF>mov dword ptr [ebp-4], -1
004C9E8C |. 8D4D 08 lea ecx, dword ptr [ebp+8]
004C9E8F |. E8 7E400A00 call 0056DF12
004C9E94 |. 8B85 30FAFFFF mov eax, dword ptr [ebp-5D0]
004C9E9A |. E9 19060000 jmp 004CA4B8
004C9E9F |> 8D55 C0 lea edx, dword ptr [ebp-40]
004C9EA2 |. 52 push edx ; /pFileInformation
004C9EA3 |. 8B85 BCFBFFFF mov eax, dword ptr [ebp-444] ; |
004C9EA9 |. 50 push eax ; |hFile
004C9EAA |. FF15 80E45900 call dword ptr [<&KERNEL32.GetFileInf>; \GetFileInformationByHandle
004C9EB0 |. 8985 54FCFFFF mov dword ptr [ebp-3AC], eax
004C9EB6 |. 8B8D BCFBFFFF mov ecx, dword ptr [ebp-444]
004C9EBC |. 51 push ecx ; /hObject
004C9EBD |. FF15 C0E45900 call dword ptr [<&KERNEL32.CloseHandl>; \CloseHandle
004C9EC3 |. 8D55 C4 lea edx, dword ptr [ebp-3C]
004C9EC6 |. 8955 B4 mov dword ptr [ebp-4C], edx
004C9EC9 |. 837D B4 00 cmp dword ptr [ebp-4C], 0
004C9ECD |. 74 22 je short 004C9EF1
004C9ECF |. 6A FF push -1
004C9ED1 |. 8B45 B4 mov eax, dword ptr [ebp-4C]
004C9ED4 |. 50 push eax
004C9ED5 |. 8D8D 2CFAFFFF lea ecx, dword ptr [ebp-5D4]
004C9EDB |. E8 631B0A00 call 0056BA43
004C9EE0 |. 8985 C8F9FFFF mov dword ptr [ebp-638], eax
004C9EE6 |. 8B8D C8F9FFFF mov ecx, dword ptr [ebp-638]
004C9EEC |. 8B11 mov edx, dword ptr [ecx]
004C9EEE |. 8955 B0 mov dword ptr [ebp-50], edx
004C9EF1 |> 68 C82B5E00 push 005E2BC8 ; %
004C9EF6 |. 8D85 28FAFFFF lea eax, dword ptr [ebp-5D8]
004C9EFC |. 50 push eax
004C9EFD |. 8D4D B0 lea ecx, dword ptr [ebp-50]
004C9F00 |. E8 231C0A00 call 0056BB28 ; 可能是规定注册时间格式
004C9F05 |. 8985 7CF9FFFF mov dword ptr [ebp-684], eax
004C9F0B |. 8B8D 7CF9FFFF mov ecx, dword ptr [ebp-684]
004C9F11 |. 898D 78F9FFFF mov dword ptr [ebp-688], ecx
004C9F17 |. C645 FC 17 mov byte ptr [ebp-4], 17
004C9F1B |. 8B95 78F9FFFF mov edx, dword ptr [ebp-688]
004C9F21 |. 52 push edx
004C9F22 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004C9F28 |. E8 2C410A00 call 0056E059
004C9F2D |. C645 FC 11 mov byte ptr [ebp-4], 11
004C9F31 |. 8D8D 28FAFFFF lea ecx, dword ptr [ebp-5D8]
004C9F37 |. E8 D63F0A00 call 0056DF12
004C9F3C |. 8D45 B8 lea eax, dword ptr [ebp-48]
004C9F3F |. 50 push eax
004C9F40 |. E8 4A1B0A00 call 0056BA8F
004C9F45 |. 51 push ecx
004C9F46 |. 8BCC mov ecx, esp
004C9F48 |. 89A5 24FAFFFF mov dword ptr [ebp-5DC], esp
004C9F4E |. 898D C4F9FFFF mov dword ptr [ebp-63C], ecx
004C9F54 |. 8B95 C4F9FFFF mov edx, dword ptr [ebp-63C]
004C9F5A |. 8B45 B8 mov eax, dword ptr [ebp-48]
004C9F5D |. 8902 mov dword ptr [edx], eax
004C9F5F |. 8D8D 20FAFFFF lea ecx, dword ptr [ebp-5E0]
004C9F65 |. 51 push ecx
004C9F66 |. 8D4D B0 lea ecx, dword ptr [ebp-50]
004C9F69 |. E8 F27AF7FF call 00441A60 ; 用以上结果计算出新结果,作用不清楚
004C9F6E |. 8985 74F9FFFF mov dword ptr [ebp-68C], eax
004C9F74 |. 8B95 74F9FFFF mov edx, dword ptr [ebp-68C]
004C9F7A |. 8B02 mov eax, dword ptr [edx]
004C9F7C |. 8985 50FCFFFF mov dword ptr [ebp-3B0], eax
004C9F82 |. 8B85 50FCFFFF mov eax, dword ptr [ebp-3B0]
004C9F88 |. 99 cdq
004C9F89 |. B9 80510100 mov ecx, 15180
004C9F8E |. F7F9 idiv ecx
004C9F90 |. 85C0 test eax, eax
004C9F92 |. 0F8E D6000000 jle 004CA06E
004C9F98 |. 8B95 B4F9FFFF mov edx, dword ptr [ebp-64C]
004C9F9E |. C782 14010000>mov dword ptr [edx+114], 0
004C9FA8 |. C785 1CFAFFFF>mov dword ptr [ebp-5E4], 0
004C9FB2 |. C645 FC 10 mov byte ptr [ebp-4], 10
004C9FB6 |. 8D8D 20FFFFFF lea ecx, dword ptr [ebp-E0]
004C9FBC |. E8 B07FF3FF call 00401F71
004C9FC1 |. C645 FC 0F mov byte ptr [ebp-4], 0F
004C9FC5 |. 8D8D C0FBFFFF lea ecx, dword ptr [ebp-440]
004C9FCB |. E8 A17FF3FF call 00401F71
004C9FD0 |. C645 FC 0E mov byte ptr [ebp-4], 0E
004C9FD4 |. 8D8D 84FCFFFF lea ecx, dword ptr [ebp-37C]
004C9FDA |. E8 927FF3FF call 00401F71
004C9FDF |. C645 FC 0D mov byte ptr [ebp-4], 0D
004C9FE3 |. 8D8D 2CFBFFFF lea ecx, dword ptr [ebp-4D4]
004C9FE9 |. E8 837FF3FF call 00401F71
004C9FEE |. C645 FC 0C mov byte ptr [ebp-4], 0C
004C9FF2 |. 8D8D 20FBFFFF lea ecx, dword ptr [ebp-4E0]
004C9FF8 |. E8 153F0A00 call 0056DF12 ;下面这几个CALL应该是储存上面所有运算出字符串的结果,写入RWJunk.dll文件中
004C9FFD |. C645 FC 05 mov byte ptr [ebp-4], 5
004CA001 |. 8D8D 64FCFFFF lea ecx, dword ptr [ebp-39C]
004CA007 |. E8 063F0A00 call 0056DF12
...............................算了,还是省略掉吧,代码太多看着就头晕哦,呵呵
004CA438 |. E8 347BF3FF call 00401F71
004CA43D |. C645 FC 0C mov byte ptr [ebp-4], 0C
004CA441 |. 8D8D 20FBFFFF lea ecx, dword ptr [ebp-4E0]
004CA447 |. E8 C63A0A00 call 0056DF12 ; 下面这几个CALL应该是储存上面所有运算出字符串的结果
004CA44C |. C645 FC 05 mov byte ptr [ebp-4], 5
004CA450 |. 8D8D 64FCFFFF lea ecx, dword ptr [ebp-39C]
004CA456 |. E8 B73A0A00 call 0056DF12
004CA45B |. C645 FC 04 mov byte ptr [ebp-4], 4
004CA45F |. 8D8D 1CFFFFFF lea ecx, dword ptr [ebp-E4]
004CA465 |. E8 A83A0A00 call 0056DF12
004CA46A |. C645 FC 03 mov byte ptr [ebp-4], 3
004CA46E |. 8D4D BC lea ecx, dword ptr [ebp-44]
004CA471 |. E8 9C3A0A00 call 0056DF12
004CA476 |. C645 FC 02 mov byte ptr [ebp-4], 2
004CA47A |. 8D8D 60FCFFFF lea ecx, dword ptr [ebp-3A0]
004CA480 |. E8 8D3A0A00 call 0056DF12
004CA485 |. C645 FC 01 mov byte ptr [ebp-4], 1
004CA489 |. 8D8D 78FCFFFF lea ecx, dword ptr [ebp-388]
004CA48F |. E8 7E3A0A00 call 0056DF12
004CA494 |. C645 FC 00 mov byte ptr [ebp-4], 0
004CA498 |. 8D8D 24FBFFFF lea ecx, dword ptr [ebp-4DC]
004CA49E |. E8 6F3A0A00 call 0056DF12
004CA4A3 |. C745 FC FFFFF>mov dword ptr [ebp-4], -1
004CA4AA |. 8D4D 08 lea ecx, dword ptr [ebp+8]
004CA4AD |. E8 603A0A00 call 0056DF12
004CA4B2 |. 8B85 F4F9FFFF mov eax, dword ptr [ebp-60C]
004CA4B8 |> 8B4D F4 mov ecx, dword ptr [ebp-C]
004CA4BB |. 64:890D 00000>mov dword ptr fs:[0], ecx
004CA4C2 |. 5F pop edi
004CA4C3 |. 5E pop esi
004CA4C4 |. 8BE5 mov esp, ebp
004CA4C6 |. 5D pop ebp
004CA4C7 \. C2 0400 retn 4
关键算法CALL 00403DF7 F7进入
00403DF7 /$ 55 push ebp
00403DF8 |. 8BEC mov ebp, esp
00403DFA |. 6A FF push -1
00403DFC |. 68 83475800 push 00584783 ; SE 处理程序安装
00403E01 |. 64:A1 0000000>mov eax, dword ptr fs:[0]
00403E07 |. 50 push eax
00403E08 |. 64:8925 00000>mov dword ptr fs:[0], esp
00403E0F |. 81EC 2C070000 sub esp, 72C
00403E15 |. 56 push esi
00403E16 |. 57 push edi
00403E17 |. 898D 18F9FFFF mov dword ptr [ebp-6E8], ecx
00403E1D |. C785 1CF9FFFF>mov dword ptr [ebp-6E4], 0
00403E27 |. 8D8D 64FFFFFF lea ecx, dword ptr [ebp-9C]
00403E2D |. E8 FEE0FFFF call 00401F30 ; 生成存放地址
00403E32 |. C745 FC 01000>mov dword ptr [ebp-4], 1
00403E39 |. 8D8D D0FEFFFF lea ecx, dword ptr [ebp-130]
00403E3F |. E8 ECE0FFFF call 00401F30
00403E44 |. C645 FC 02 mov byte ptr [ebp-4], 2
00403E48 |. 8B45 0C mov eax, dword ptr [ebp+C]
00403E4B |. 8B08 mov ecx, dword ptr [eax]
00403E4D |. C1E1 05 shl ecx, 5
00403E50 |. 83E9 20 sub ecx, 20
00403E53 |. 898D C8FEFFFF mov dword ptr [ebp-138], ecx
00403E59 |. 8B55 0C mov edx, dword ptr [ebp+C]
00403E5C |. 8B02 mov eax, dword ptr [edx]
00403E5E |. 8B4D 0C mov ecx, dword ptr [ebp+C]
00403E61 |. 8B1481 mov edx, dword ptr [ecx+eax*4]
00403E64 |. 8995 C4FEFFFF mov dword ptr [ebp-13C], edx
00403E6A |> 83BD C4FEFFFF>/cmp dword ptr [ebp-13C], 0
00403E71 |. 74 1F |je short 00403E92
00403E73 |. 8B85 C4FEFFFF |mov eax, dword ptr [ebp-13C] ; 这个小算法循环算出"116AB"右移一位的次数
00403E79 |. D1E8 |shr eax, 1 ; 求得短字符串的除2的方数
00403E7B |. 8985 C4FEFFFF |mov dword ptr [ebp-13C], eax
00403E81 |. 8B8D C8FEFFFF |mov ecx, dword ptr [ebp-138]
00403E87 |. 83C1 01 |add ecx, 1
00403E8A |. 898D C8FEFFFF |mov dword ptr [ebp-138], ecx
00403E90 |.^ EB D8 \jmp short 00403E6A
00403E92 |> 8B95 18F9FFFF mov edx, dword ptr [ebp-6E8] ; 得到11次方
00403E98 |. 52 push edx
00403E99 |. 8D8D 64FFFFFF lea ecx, dword ptr [ebp-9C]
00403E9F |. E8 65E1FFFF call 00402009 ; 存放地址
00403EA4 |. 8B85 C8FEFFFF mov eax, dword ptr [ebp-138]
00403EAA |. 83E8 02 sub eax, 2
00403EAD |. 8985 60FFFFFF mov dword ptr [ebp-A0], eax
00403EB3 |. EB 0F jmp short 00403EC4
00403EB5 |> 8B8D 60FFFFFF /mov ecx, dword ptr [ebp-A0]
00403EBB |. 83E9 01 |sub ecx, 1
00403EBE |. 898D 60FFFFFF |mov dword ptr [ebp-A0], ecx
00403EC4 |> 83BD 60FFFFFF> cmp dword ptr [ebp-A0], 0 ; 对短字符串的循环开始
00403ECB |. 0F8C 81040000 |jl 00404352 ; 第一段循环开始
00403ED1 |. 8B95 64FFFFFF |mov edx, dword ptr [ebp-9C]
00403ED7 |. 8B8495 64FFFF>|mov eax, dword ptr [ebp+edx*4-9C]
00403EDE |. 50 |push eax
00403EDF |. 8D8D 30FEFFFF |lea ecx, dword ptr [ebp-1D0]
00403EE5 |. 51 |push ecx
00403EE6 |. 8D8D 64FFFFFF |lea ecx, dword ptr [ebp-9C]
00403EEC |. E8 90EBFFFF |call 00402A81 ; 算法A CALL---前后八位数相乘后再以十六位字符串前后再相加
00403EF1 |. 8985 14F9FFFF |mov dword ptr [ebp-6EC], eax
00403EF7 |. 8B95 14F9FFFF |mov edx, dword ptr [ebp-6EC]
00403EFD |. 8995 10F9FFFF |mov dword ptr [ebp-6F0], edx
00403F03 |. C645 FC 03 |mov byte ptr [ebp-4], 3
00403F07 |. 8B85 10F9FFFF |mov eax, dword ptr [ebp-6F0]
00403F0D |. 50 |push eax
00403F0E |. 8D8D D0FEFFFF |lea ecx, dword ptr [ebp-130]
00403F14 |. E8 F0E0FFFF |call 00402009
00403F19 |. C645 FC 02 |mov byte ptr [ebp-4], 2
00403F1D |. 8D8D 30FEFFFF |lea ecx, dword ptr [ebp-1D0]
00403F23 |. E8 49E0FFFF |call 00401F71
00403F28 |. 8B4D 10 |mov ecx, dword ptr [ebp+10]
00403F2B |. 51 |push ecx
00403F2C |. 8D95 A0FDFFFF |lea edx, dword ptr [ebp-260]
00403F32 |. 52 |push edx
00403F33 |. 8D8D D0FEFFFF |lea ecx, dword ptr [ebp-130]
00403F39 |. E8 8CF2FFFF |call 004031CA ; 算法B CALL---作取商等相乘相加相减的运算
00403F3E |. 8985 0CF9FFFF |mov dword ptr [ebp-6F4], eax
00403F44 |. 8B85 0CF9FFFF |mov eax, dword ptr [ebp-6F4]
00403F4A |. 8985 08F9FFFF |mov dword ptr [ebp-6F8], eax
00403F50 |. C645 FC 04 |mov byte ptr [ebp-4], 4
00403F54 |. 8B8D 08F9FFFF |mov ecx, dword ptr [ebp-6F8]
00403F5A |. 51 |push ecx
00403F5B |. 8D8D D0FEFFFF |lea ecx, dword ptr [ebp-130]
00403F61 |. E8 A3E0FFFF |call 00402009
00403F66 |. C645 FC 02 |mov byte ptr [ebp-4], 2
00403F6A |. 8D8D A0FDFFFF |lea ecx, dword ptr [ebp-260]
00403F70 |. E8 FCDFFFFF |call 00401F71
00403F75 |. C785 C0FEFFFF>|mov dword ptr [ebp-140], 1
00403F7F |. EB 0F |jmp short 00403F90
00403F81 |> 8B95 C0FEFFFF |/mov edx, dword ptr [ebp-140]
00403F87 |. 83C2 01 ||add edx, 1
00403F8A |. 8995 C0FEFFFF ||mov dword ptr [ebp-140], edx
00403F90 |> 8B85 C0FEFFFF | mov eax, dword ptr [ebp-140]
00403F96 |. 3B85 64FFFFFF ||cmp eax, dword ptr [ebp-9C] ; 第二段循环M2开始,循环10H
00403F9C |. 0F83 48010000 ||jnb 004040EA
00403FA2 |. 8B8D D0FEFFFF ||mov ecx, dword ptr [ebp-130]
00403FA8 |. 898D CCFEFFFF ||mov dword ptr [ebp-134], ecx
00403FAE |. EB 0F ||jmp short 00403FBF
00403FB0 |> 8B95 CCFEFFFF ||/mov edx, dword ptr [ebp-134]
00403FB6 |. 83EA 01 |||sub edx, 1
00403FB9 |. 8995 CCFEFFFF |||mov dword ptr [ebp-134], edx
00403FBF |> 83BD CCFEFFFF>|| cmp dword ptr [ebp-134], 0
00403FC6 |. 7E 1C |||jle short 00403FE4
00403FC8 |. 8B85 CCFEFFFF |||mov eax, dword ptr [ebp-134]
00403FCE |. 8B8D CCFEFFFF |||mov ecx, dword ptr [ebp-134]
00403FD4 |. 8B948D D0FEFF>|||mov edx, dword ptr [ebp+ecx*4-130>; 上面循环运算出的结果全部储存起来
00403FDB |. 899485 D4FEFF>|||mov dword ptr [ebp+eax*4-12C], ed>
00403FE2 |.^ EB CC ||\jmp short 00403FB0
00403FE4 |> C785 D4FEFFFF>||mov dword ptr [ebp-12C], 0
00403FEE |. 8B85 D0FEFFFF ||mov eax, dword ptr [ebp-130]
00403FF4 |. 83C0 01 ||add eax, 1
00403FF7 |. 8985 D0FEFFFF ||mov dword ptr [ebp-130], eax
00403FFD |. 8B8D 64FFFFFF ||mov ecx, dword ptr [ebp-9C]
00404003 |. 2B8D C0FEFFFF ||sub ecx, dword ptr [ebp-140]
00404009 |. 8B948D 64FFFF>||mov edx, dword ptr [ebp+ecx*4-9C]
00404010 |. 52 ||push edx
00404011 |. 8D85 10FDFFFF ||lea eax, dword ptr [ebp-2F0]
00404017 |. 50 ||push eax
00404018 |. 8D8D 64FFFFFF ||lea ecx, dword ptr [ebp-9C]
0040401E |. E8 5EEAFFFF ||call 00402A81 ; 第二段循环M2重复第一算法A(赋值不一样)
00404023 |. 8985 04F9FFFF ||mov dword ptr [ebp-6FC], eax
00404029 |. 8B8D 04F9FFFF ||mov ecx, dword ptr [ebp-6FC]
0040402F |. 898D 00F9FFFF ||mov dword ptr [ebp-700], ecx
00404035 |. C645 FC 05 ||mov byte ptr [ebp-4], 5
00404039 |. 8B95 00F9FFFF ||mov edx, dword ptr [ebp-700]
0040403F |. 52 ||push edx
00404040 |. 8D85 80FCFFFF ||lea eax, dword ptr [ebp-380]
00404046 |. 50 ||push eax
00404047 |. 8D8D D0FEFFFF ||lea ecx, dword ptr [ebp-130]
0040404D |. E8 80E0FFFF ||call 004020D2 ; 对上面计算结果保存
00404052 |. 8985 FCF8FFFF ||mov dword ptr [ebp-704], eax
00404058 |. 8B8D FCF8FFFF ||mov ecx, dword ptr [ebp-704]
0040405E |. 898D F8F8FFFF ||mov dword ptr [ebp-708], ecx
00404064 |. C645 FC 06 ||mov byte ptr [ebp-4], 6
00404068 |. 8B95 F8F8FFFF ||mov edx, dword ptr [ebp-708]
0040406E |. 52 ||push edx
0040406F |. 8D8D D0FEFFFF ||lea ecx, dword ptr [ebp-130]
00404075 |. E8 8FDFFFFF ||call 00402009
0040407A |. C645 FC 05 ||mov byte ptr [ebp-4], 5
0040407E |. 8D8D 80FCFFFF ||lea ecx, dword ptr [ebp-380]
00404084 |. E8 E8DEFFFF ||call 00401F71
00404089 |. C645 FC 02 ||mov byte ptr [ebp-4], 2
0040408D |. 8D8D 10FDFFFF ||lea ecx, dword ptr [ebp-2F0]
00404093 |. E8 D9DEFFFF ||call 00401F71
00404098 |. 8B45 10 ||mov eax, dword ptr [ebp+10]
0040409B |. 50 ||push eax
0040409C |. 8D8D F0FBFFFF ||lea ecx, dword ptr [ebp-410]
004040A2 |. 51 ||push ecx
004040A3 |. 8D8D D0FEFFFF ||lea ecx, dword ptr [ebp-130]
004040A9 |. E8 1CF1FFFF ||call 004031CA ; M2 结合上面结果的算法B (赋值不一样)
004040AE |. 8985 F4F8FFFF ||mov dword ptr [ebp-70C], eax
004040B4 |. 8B95 F4F8FFFF ||mov edx, dword ptr [ebp-70C]
004040BA |. 8995 F0F8FFFF ||mov dword ptr [ebp-710], edx
004040C0 |. C645 FC 07 ||mov byte ptr [ebp-4], 7
004040C4 |. 8B85 F0F8FFFF ||mov eax, dword ptr [ebp-710]
004040CA |. 50 ||push eax
004040CB |. 8D8D D0FEFFFF ||lea ecx, dword ptr [ebp-130]
004040D1 |. E8 33DFFFFF ||call 00402009
004040D6 |. C645 FC 02 ||mov byte ptr [ebp-4], 2
004040DA |. 8D8D F0FBFFFF ||lea ecx, dword ptr [ebp-410]
004040E0 |. E8 8CDEFFFF ||call 00401F71
004040E5 |.^ E9 97FEFFFF |\jmp 00403F81
004040EA |> 8D8D D0FEFFFF |lea ecx, dword ptr [ebp-130]
004040F0 |. 51 |push ecx
004040F1 |. 8D8D 64FFFFFF |lea ecx, dword ptr [ebp-9C]
004040F7 |. E8 0DDFFFFF |call 00402009
004040FC |. 8B95 60FFFFFF |mov edx, dword ptr [ebp-A0]
00404102 |. C1FA 05 |sar edx, 5
00404105 |. 8B8D 60FFFFFF |mov ecx, dword ptr [ebp-A0]
0040410B |. 83E1 1F |and ecx, 1F
0040410E |. 8B45 0C |mov eax, dword ptr [ebp+C]
00404111 |. 8B5490 04 |mov edx, dword ptr [eax+edx*4+4] ; 取短固定字符串
00404115 |. D3EA |shr edx, cl ; 右移上面计算2的次方位
00404117 |. 83E2 01 |and edx, 1 ; 与1相与 作为不同大循环的路径的判断
0040411A |. 85D2 |test edx, edx
0040411C |. 0F84 2B020000 |je 0040434D ; 跳就是到M循环,不跳就到N循环
00404122 |. 8B85 64FFFFFF |mov eax, dword ptr [ebp-9C]
00404128 |. 8B8C85 64FFFF>|mov ecx, dword ptr [ebp+eax*4-9C]
0040412F |. 51 |push ecx
00404130 |. 8D95 60FBFFFF |lea edx, dword ptr [ebp-4A0]
00404136 |. 52 |push edx
00404137 |. 8B8D 18F9FFFF |mov ecx, dword ptr [ebp-6E8]
0040413D |. E8 3FE9FFFF |call 00402A81 ; 第二种循环N算法A
00404142 |. 8985 ECF8FFFF |mov dword ptr [ebp-714], eax
00404148 |. 8B85 ECF8FFFF |mov eax, dword ptr [ebp-714]
0040414E |. 8985 E8F8FFFF |mov dword ptr [ebp-718], eax
00404154 |. C645 FC 08 |mov byte ptr [ebp-4], 8
00404158 |. 8B8D E8F8FFFF |mov ecx, dword ptr [ebp-718]
0040415E |. 51 |push ecx
0040415F |. 8D8D D0FEFFFF |lea ecx, dword ptr [ebp-130]
00404165 |. E8 9FDEFFFF |call 00402009
0040416A |. C645 FC 02 |mov byte ptr [ebp-4], 2
0040416E |. 8D8D 60FBFFFF |lea ecx, dword ptr [ebp-4A0]
00404174 |. E8 F8DDFFFF |call 00401F71
00404179 |. 8B55 10 |mov edx, dword ptr [ebp+10]
0040417C |. 52 |push edx
0040417D |. 8D85 D0FAFFFF |lea eax, dword ptr [ebp-530]
00404183 |. 50 |push eax
00404184 |. 8D8D D0FEFFFF |lea ecx, dword ptr [ebp-130]
0040418A |. E8 3BF0FFFF |call 004031CA ; 第二种循环N的算法B
0040418F |. 8985 E4F8FFFF |mov dword ptr [ebp-71C], eax
00404195 |. 8B8D E4F8FFFF |mov ecx, dword ptr [ebp-71C]
0040419B |. 898D E0F8FFFF |mov dword ptr [ebp-720], ecx
004041A1 |. C645 FC 09 |mov byte ptr [ebp-4], 9
004041A5 |. 8B95 E0F8FFFF |mov edx, dword ptr [ebp-720]
004041AB |. 52 |push edx
004041AC |. 8D8D D0FEFFFF |lea ecx, dword ptr [ebp-130]
004041B2 |. E8 52DEFFFF |call 00402009
004041B7 |. C645 FC 02 |mov byte ptr [ebp-4], 2
004041BB |. 8D8D D0FAFFFF |lea ecx, dword ptr [ebp-530]
004041C1 |. E8 ABDDFFFF |call 00401F71
004041C6 |. C785 C0FEFFFF>|mov dword ptr [ebp-140], 1
004041D0 |. EB 0F |jmp short 004041E1
004041D2 |> 8B85 C0FEFFFF |/mov eax, dword ptr [ebp-140]
004041D8 |. 83C0 01 ||add eax, 1
004041DB |. 8985 C0FEFFFF ||mov dword ptr [ebp-140], eax
004041E1 |> 8B8D C0FEFFFF | mov ecx, dword ptr [ebp-140]
004041E7 |. 3B8D 64FFFFFF ||cmp ecx, dword ptr [ebp-9C] ; 第二种循环N第二段循环M2的开始
004041ED |. 0F83 48010000 ||jnb 0040433B
004041F3 |. 8B95 D0FEFFFF ||mov edx, dword ptr [ebp-130]
004041F9 |. 8995 CCFEFFFF ||mov dword ptr [ebp-134], edx
004041FF |. EB 0F ||jmp short 00404210
00404201 |> 8B85 CCFEFFFF ||/mov eax, dword ptr [ebp-134]
00404207 |. 83E8 01 |||sub eax, 1
0040420A |. 8985 CCFEFFFF |||mov dword ptr [ebp-134], eax
00404210 |> 83BD CCFEFFFF>|| cmp dword ptr [ebp-134], 0
00404217 |. 7E 1C |||jle short 00404235
00404219 |. 8B8D CCFEFFFF |||mov ecx, dword ptr [ebp-134]
0040421F |. 8B95 CCFEFFFF |||mov edx, dword ptr [ebp-134]
00404225 |. 8B8495 D0FEFF>|||mov eax, dword ptr [ebp+edx*4-130>
0040422C |. 89848D D4FEFF>|||mov dword ptr [ebp+ecx*4-12C], ea>
00404233 |.^ EB CC ||\jmp short 00404201
00404235 |> C785 D4FEFFFF>||mov dword ptr [ebp-12C], 0
0040423F |. 8B8D D0FEFFFF ||mov ecx, dword ptr [ebp-130]
00404245 |. 83C1 01 ||add ecx, 1
00404248 |. 898D D0FEFFFF ||mov dword ptr [ebp-130], ecx
0040424E |. 8B95 64FFFFFF ||mov edx, dword ptr [ebp-9C]
00404254 |. 2B95 C0FEFFFF ||sub edx, dword ptr [ebp-140]
0040425A |. 8B8495 64FFFF>||mov eax, dword ptr [ebp+edx*4-9C]
00404261 |. 50 ||push eax
00404262 |. 8D8D 40FAFFFF ||lea ecx, dword ptr [ebp-5C0]
00404268 |. 51 ||push ecx
00404269 |. 8B8D 18F9FFFF ||mov ecx, dword ptr [ebp-6E8]
0040426F |. E8 0DE8FFFF ||call 00402A81 ; 算法A
00404274 |. 8985 DCF8FFFF ||mov dword ptr [ebp-724], eax
0040427A |. 8B95 DCF8FFFF ||mov edx, dword ptr [ebp-724]
00404280 |. 8995 D8F8FFFF ||mov dword ptr [ebp-728], edx
00404286 |. C645 FC 0A ||mov byte ptr [ebp-4], 0A
0040428A |. 8B85 D8F8FFFF ||mov eax, dword ptr [ebp-728]
00404290 |. 50 ||push eax
00404291 |. 8D8D B0F9FFFF ||lea ecx, dword ptr [ebp-650]
00404297 |. 51 ||push ecx
00404298 |. 8D8D D0FEFFFF ||lea ecx, dword ptr [ebp-130]
0040429E |. E8 2FDEFFFF ||call 004020D2
004042A3 |. 8985 D4F8FFFF ||mov dword ptr [ebp-72C], eax
004042A9 |. 8B95 D4F8FFFF ||mov edx, dword ptr [ebp-72C]
004042AF |. 8995 D0F8FFFF ||mov dword ptr [ebp-730], edx
004042B5 |. C645 FC 0B ||mov byte ptr [ebp-4], 0B
004042B9 |. 8B85 D0F8FFFF ||mov eax, dword ptr [ebp-730]
004042BF |. 50 ||push eax
004042C0 |. 8D8D D0FEFFFF ||lea ecx, dword ptr [ebp-130]
004042C6 |. E8 3EDDFFFF ||call 00402009
004042CB |. C645 FC 0A ||mov byte ptr [ebp-4], 0A
004042CF |. 8D8D B0F9FFFF ||lea ecx, dword ptr [ebp-650]
004042D5 |. E8 97DCFFFF ||call 00401F71
004042DA |. C645 FC 02 ||mov byte ptr [ebp-4], 2
004042DE |. 8D8D 40FAFFFF ||lea ecx, dword ptr [ebp-5C0]
004042E4 |. E8 88DCFFFF ||call 00401F71
004042E9 |. 8B4D 10 ||mov ecx, dword ptr [ebp+10]
004042EC |. 51 ||push ecx
004042ED |. 8D95 20F9FFFF ||lea edx, dword ptr [ebp-6E0]
004042F3 |. 52 ||push edx
004042F4 |. 8D8D D0FEFFFF ||lea ecx, dword ptr [ebp-130]
004042FA |. E8 CBEEFFFF ||call 004031CA '算法B
004042FF |. 8985 CCF8FFFF ||mov dword ptr [ebp-734], eax
00404305 |. 8B85 CCF8FFFF ||mov eax, dword ptr [ebp-734]
0040430B |. 8985 C8F8FFFF ||mov dword ptr [ebp-738], eax
00404311 |. C645 FC 0C ||mov byte ptr [ebp-4], 0C
00404315 |. 8B8D C8F8FFFF ||mov ecx, dword ptr [ebp-738]
0040431B |. 51 ||push ecx
0040431C |. 8D8D D0FEFFFF ||lea ecx, dword ptr [ebp-130]
00404322 |. E8 E2DCFFFF ||call 00402009
00404327 |. C645 FC 02 ||mov byte ptr [ebp-4], 2
0040432B |. 8D8D 20F9FFFF ||lea ecx, dword ptr [ebp-6E0]
00404331 |. E8 3BDCFFFF ||call 00401F71
00404336 |.^ E9 97FEFFFF |\jmp 004041D2
0040433B |> 8D95 D0FEFFFF |lea edx, dword ptr [ebp-130]
00404341 |. 52 |push edx
00404342 |. 8D8D 64FFFFFF |lea ecx, dword ptr [ebp-9C]
00404348 |. E8 BCDCFFFF |call 00402009
0040434D |>^ E9 63FBFFFF \jmp 00403EB5 ; 继续循环
00404352 |> B9 24000000 mov ecx, 24 ; 全部循环完毕,跳到这里
00404357 |. 8DB5 64FFFFFF lea esi, dword ptr [ebp-9C]
0040435D |. 8B7D 08 mov edi, dword ptr [ebp+8]
00404360 |. F3:A5 rep movs dword ptr es:[edi], dword p>
00404362 |. 8B85 1CF9FFFF mov eax, dword ptr [ebp-6E4]
00404368 |. 0C 01 or al, 1
0040436A |. 8985 1CF9FFFF mov dword ptr [ebp-6E4], eax
00404370 |. C645 FC 01 mov byte ptr [ebp-4], 1
00404374 |. 8D8D D0FEFFFF lea ecx, dword ptr [ebp-130]
0040437A |. E8 F2DBFFFF call 00401F71
0040437F |. C645 FC 00 mov byte ptr [ebp-4], 0
00404383 |. 8D8D 64FFFFFF lea ecx, dword ptr [ebp-9C]
00404389 |. E8 E3DBFFFF call 00401F71
0040438E |. 8B45 08 mov eax, dword ptr [ebp+8]
00404391 |. 8B4D F4 mov ecx, dword ptr [ebp-C]
00404394 |. 64:890D 00000>mov dword ptr fs:[0], ecx
0040439B |. 5F pop edi
0040439C |. 5E pop esi
0040439D |. 8BE5 mov esp, ebp
0040439F |. 5D pop ebp
004043A0 \. C2 0C00 retn 0C
下面分别列出上面几个内循环的算法CALL
算法A
00402A81 /$ 55 push ebp
00402A82 |. 8BEC mov ebp, esp
00402A84 |. 6A FF push -1
00402A86 |. 68 BA445800 push 005844BA ; SE 处理程序安装
00402A8B |. 64:A1 0000000>mov eax, dword ptr fs:[0]
00402A91 |. 50 push eax
00402A92 |. 64:8925 00000>mov dword ptr fs:[0], esp
00402A99 |. 81EC A8000000 sub esp, 0A8
00402A9F |. 56 push esi
00402AA0 |. 57 push edi
00402AA1 |. 898D 4CFFFFFF mov dword ptr [ebp-B4], ecx
00402AA7 |. C785 50FFFFFF>mov dword ptr [ebp-B0], 0
00402AB1 |. 8D8D 64FFFFFF lea ecx, dword ptr [ebp-9C]
00402AB7 |. E8 74F4FFFF call 00401F30 ; 存放空间
00402ABC |. C745 FC 01000>mov dword ptr [ebp-4], 1
00402AC3 |. C785 54FFFFFF>mov dword ptr [ebp-AC], 0
00402ACD |. 8B85 4CFFFFFF mov eax, dword ptr [ebp-B4]
00402AD3 |. 50 push eax
00402AD4 |. 8D8D 64FFFFFF lea ecx, dword ptr [ebp-9C]
00402ADA |. E8 2AF5FFFF call 00402009
00402ADF |. C785 60FFFFFF>mov dword ptr [ebp-A0], 0
00402AE9 |. EB 0F jmp short 00402AFA
00402AEB |> 8B8D 60FFFFFF /mov ecx, dword ptr [ebp-A0] ; 算法循环
00402AF1 |. 83C1 01 |add ecx, 1 ; 次数加1
00402AF4 |. 898D 60FFFFFF |mov dword ptr [ebp-A0], ecx
00402AFA |> 8B95 4CFFFFFF mov edx, dword ptr [ebp-B4]
00402B00 |. 8B85 60FFFFFF |mov eax, dword ptr [ebp-A0]
00402B06 |. 3B02 |cmp eax, dword ptr [edx] ; 循环10H 次
00402B08 |. 0F83 84000000 |jnb 00402B92
00402B0E |. 8B8D 60FFFFFF |mov ecx, dword ptr [ebp-A0]
00402B14 |. 8B95 4CFFFFFF |mov edx, dword ptr [ebp-B4]
00402B1A |. 8B448A 04 |mov eax, dword ptr [edx+ecx*4+4] ; 取出假码最后的八位数
00402B1E |. 33C9 |xor ecx, ecx
00402B20 |. 8985 58FFFFFF |mov dword ptr [ebp-A8], eax
00402B26 |. 898D 5CFFFFFF |mov dword ptr [ebp-A4], ecx
00402B2C |. 8B55 0C |mov edx, dword ptr [ebp+C]
00402B2F |. 33C0 |xor eax, eax
00402B31 |. 50 |push eax
00402B32 |. 52 |push edx
00402B33 |. 8B8D 5CFFFFFF |mov ecx, dword ptr [ebp-A4]
00402B39 |. 51 |push ecx
00402B3A |. 8B95 58FFFFFF |mov edx, dword ptr [ebp-A8] ; 假码最后的八位数转到寄存器准备计算
00402B40 |. 52 |push edx
00402B41 |. E8 AA551500 |call 005580F0 ; 二个八位相成的算法CALL F7进入
00402B46 |. 8B8D 54FFFFFF |mov ecx, dword ptr [ebp-AC]
00402B4C |. 33F6 |xor esi, esi
00402B4E |. 03C1 |add eax, ecx ; 前一个高八位与后一个低八位相加
00402B50 |. 13D6 |adc edx, esi ; 加上进位值
00402B52 |. 8985 58FFFFFF |mov dword ptr [ebp-A8], eax ; 计算结果分别储存起来
00402B58 |. 8995 5CFFFFFF |mov dword ptr [ebp-A4], edx
00402B5E |. 8B95 58FFFFFF |mov edx, dword ptr [ebp-A8]
00402B64 |. 8B85 60FFFFFF |mov eax, dword ptr [ebp-A0]
00402B6A |. 899485 68FFFF>|mov dword ptr [ebp+eax*4-98], edx ; 计算结果再转到相应的地址中
00402B71 |. B9 20000000 |mov ecx, 20
00402B76 |. 8B85 58FFFFFF |mov eax, dword ptr [ebp-A8]
00402B7C |. 8B95 5CFFFFFF |mov edx, dword ptr [ebp-A4]
00402B82 |. E8 49551500 |call 005580D0
00402B87 |. 8985 54FFFFFF |mov dword ptr [ebp-AC], eax
00402B8D |.^ E9 59FFFFFF \jmp 00402AEB ; 继续循环
00402B92 |> 83BD 54FFFFFF>cmp dword ptr [ebp-AC], 0
00402B99 |. 74 22 je short 00402BBD
00402B9B |. 8B8D 64FFFFFF mov ecx, dword ptr [ebp-9C]
00402BA1 |. 83C1 01 add ecx, 1 ; 循环总数加1 = 11H
00402BA4 |. 898D 64FFFFFF mov dword ptr [ebp-9C], ecx
00402BAA |. 8B95 64FFFFFF mov edx, dword ptr [ebp-9C]
00402BB0 |. 8B85 54FFFFFF mov eax, dword ptr [ebp-AC]
00402BB6 |. 898495 64FFFF>mov dword ptr [ebp+edx*4-9C], eax
00402BBD |> B9 24000000 mov ecx, 24
00402BC2 |. 8DB5 64FFFFFF lea esi, dword ptr [ebp-9C]
00402BC8 |. 8B7D 08 mov edi, dword ptr [ebp+8]
00402BCB |. F3:A5 rep movs dword ptr es:[edi], dword p>
00402BCD |. 8B8D 50FFFFFF mov ecx, dword ptr [ebp-B0]
00402BD3 |. 83C9 01 or ecx, 1
00402BD6 |. 898D 50FFFFFF mov dword ptr [ebp-B0], ecx
00402BDC |. C645 FC 00 mov byte ptr [ebp-4], 0
00402BE0 |. 8D8D 64FFFFFF lea ecx, dword ptr [ebp-9C]
00402BE6 |. E8 86F3FFFF call 00401F71
00402BEB |. 8B45 08 mov eax, dword ptr [ebp+8]
00402BEE |. 8B4D F4 mov ecx, dword ptr [ebp-C]
00402BF1 |. 64:890D 00000>mov dword ptr fs:[0], ecx
00402BF8 |. 5F pop edi
00402BF9 |. 5E pop esi
00402BFA |. 8BE5 mov esp, ebp
00402BFC |. 5D pop ebp
00402BFD \. C2 0800 retn 8
二个八位相乘的算法CALL F7进入
005580F0 /$ 8B4424 08 mov eax, dword ptr [esp+8]
005580F4 |. 8B4C24 10 mov ecx, dword ptr [esp+10]
005580F8 |. 0BC8 or ecx, eax
005580FA |. 8B4C24 0C mov ecx, dword ptr [esp+C] ; 假码的前面八位数
005580FE |. 75 09 jnz short 00558109 ; 不为0不跳
00558100 |. 8B4424 04 mov eax, dword ptr [esp+4]
00558104 |. F7E1 mul ecx ; 与假码最后八位数相乘结果变为十六位数放在EAX与EDX里
00558106 |. C2 1000 retn 10
00558109 |> 53 push ebx
0055810A |. F7E1 mul ecx
0055810C |. 8BD8 mov ebx, eax
0055810E |. 8B4424 08 mov eax, dword ptr [esp+8]
00558112 |. F76424 14 mul dword ptr [esp+14]
00558116 |. 03D8 add ebx, eax
00558118 |. 8B4424 08 mov eax, dword ptr [esp+8]
0055811C |. F7E1 mul ecx
0055811E |. 03D3 add edx, ebx
00558120 |. 5B pop ebx
00558121 \. C2 1000 retn 10
算法B
004031CA /$ 55 push ebp
004031CB |. 8BEC mov ebp, esp
004031CD |. 6A FF push -1
004031CF |. 68 C2455800 push 005845C2 ; SE 处理程序安装
004031D4 |. 64:A1 0000000>mov eax, dword ptr fs:[0]
004031DA |. 50 push eax
004031DB |. 64:8925 00000>mov dword ptr fs:[0], esp
004031E2 |. 81EC 0C030000 sub esp, 30C
004031E8 |. 56 push esi
004031E9 |. 57 push edi
004031EA |. 898D 00FDFFFF mov dword ptr [ebp-300], ecx
004031F0 |. C785 04FDFFFF>mov dword ptr [ebp-2FC], 0
004031FA |. 8D8D 5CFFFFFF lea ecx, dword ptr [ebp-A4]
00403200 |. E8 2BEDFFFF call 00401F30
00403205 |. C745 FC 01000>mov dword ptr [ebp-4], 1
0040320C |. 8D8D C8FEFFFF lea ecx, dword ptr [ebp-138]
00403212 |. E8 19EDFFFF call 00401F30
00403217 |. C645 FC 02 mov byte ptr [ebp-4], 2
0040321B |. C785 C0FEFFFF>mov dword ptr [ebp-140], 0
00403225 |. 8B85 00FDFFFF mov eax, dword ptr [ebp-300]
0040322B |. 50 push eax
0040322C |. 8D8D 5CFFFFFF lea ecx, dword ptr [ebp-A4]
00403232 |. E8 D2EDFFFF call 00402009
00403237 |> 8B4D 0C /mov ecx, dword ptr [ebp+C]
0040323A |. 51 |push ecx
0040323B |. 8D8D 5CFFFFFF |lea ecx, dword ptr [ebp-A4]
00403241 |. E8 36EDFFFF |call 00401F7C ; 循环次数比较
00403246 |. 85C0 |test eax, eax
00403248 |. 0F8C 90020000 |jl 004034DE
0040324E |. 8B95 5CFFFFFF |mov edx, dword ptr [ebp-A4]
00403254 |. 8B8495 5CFFFF>|mov eax, dword ptr [ebp+edx*4-A4]
0040325B |. 33C9 |xor ecx, ecx
0040325D |. 8945 EC |mov dword ptr [ebp-14], eax ; 最后一组的前八位取出作比较
00403260 |. 894D F0 |mov dword ptr [ebp-10], ecx
00403263 |. 8B55 0C |mov edx, dword ptr [ebp+C]
00403266 |. 8B02 |mov eax, dword ptr [edx]
00403268 |. 8B4D 0C |mov ecx, dword ptr [ebp+C]
0040326B |. 8B1481 |mov edx, dword ptr [ecx+eax*4] ; 取固定字符串的前八位
0040326E |. 33C0 |xor eax, eax
00403270 |. 8995 B8FEFFFF |mov dword ptr [ebp-148], edx
00403276 |. 8985 BCFEFFFF |mov dword ptr [ebp-144], eax
0040327C |. 8B4D 0C |mov ecx, dword ptr [ebp+C]
0040327F |. 8B95 5CFFFFFF |mov edx, dword ptr [ebp-A4]
00403285 |. 2B11 |sub edx, dword ptr [ecx] ; 次数相减
00403287 |. 8995 C4FEFFFF |mov dword ptr [ebp-13C], edx
0040328D |. 8B45 EC |mov eax, dword ptr [ebp-14]
00403290 |. 3B85 B8FEFFFF |cmp eax, dword ptr [ebp-148] ; 比较相等就不跳走
00403296 |. 75 66 |jnz short 004032FE
00403298 |. 8B4D F0 |mov ecx, dword ptr [ebp-10]
0040329B |. 3B8D BCFEFFFF |cmp ecx, dword ptr [ebp-144]
004032A1 |. 75 5B |jnz short 004032FE
004032A3 |. 83BD C4FEFFFF>|cmp dword ptr [ebp-13C], 0
004032AA |. 75 52 |jnz short 004032FE
004032AC |. 8B55 0C |mov edx, dword ptr [ebp+C]
004032AF |. 52 |push edx
004032B0 |. 8D85 28FEFFFF |lea eax, dword ptr [ebp-1D8]
004032B6 |. 50 |push eax
004032B7 |. 8D8D 5CFFFFFF |lea ecx, dword ptr [ebp-A4]
004032BD |. E8 DBF0FFFF |call 0040239D ; 如果结果后八位与固定字符串前八位相等就作减法CALL
004032C2 |. 8985 FCFCFFFF |mov dword ptr [ebp-304], eax
004032C8 |. 8B8D FCFCFFFF |mov ecx, dword ptr [ebp-304]
004032CE |. 898D F8FCFFFF |mov dword ptr [ebp-308], ecx
004032D4 |. C645 FC 03 |mov byte ptr [ebp-4], 3
004032D8 |. 8B95 F8FCFFFF |mov edx, dword ptr [ebp-308]
004032DE |. 52 |push edx
004032DF |. 8D8D 5CFFFFFF |lea ecx, dword ptr [ebp-A4]
004032E5 |. E8 1FEDFFFF |call 00402009
004032EA |. C645 FC 02 |mov byte ptr [ebp-4], 2
004032EE |. 8D8D 28FEFFFF |lea ecx, dword ptr [ebp-1D8]
004032F4 |. E8 78ECFFFF |call 00401F71
004032F9 |. E9 E0010000 |jmp 004034DE
004032FE |> 8B45 F0 |mov eax, dword ptr [ebp-10]
00403301 |. 3B85 BCFEFFFF |cmp eax, dword ptr [ebp-144]
00403307 |. 77 4E |ja short 00403357
00403309 |. 72 0B |jb short 00403316
0040330B |. 8B4D EC |mov ecx, dword ptr [ebp-14]
0040330E |. 3B8D B8FEFFFF |cmp ecx, dword ptr [ebp-148]
00403314 |. 77 41 |ja short 00403357
00403316 |> 83BD C4FEFFFF>|cmp dword ptr [ebp-13C], 0
0040331D |. 74 38 |je short 00403357
0040331F |. 8B95 C4FEFFFF |mov edx, dword ptr [ebp-13C]
00403325 |. 83EA 01 |sub edx, 1
00403328 |. 8995 C4FEFFFF |mov dword ptr [ebp-13C], edx
0040332E |. B9 20000000 |mov ecx, 20
00403333 |. 8B45 EC |mov eax, dword ptr [ebp-14]
00403336 |. 8B55 F0 |mov edx, dword ptr [ebp-10]
00403339 |. E8 624E1500 |call 005581A0
0040333E |. 8B8D 5CFFFFFF |mov ecx, dword ptr [ebp-A4]
00403344 |. 8B8C8D 58FFFF>|mov ecx, dword ptr [ebp+ecx*4-A8]
0040334B |. 33F6 |xor esi, esi
0040334D |. 03C1 |add eax, ecx
0040334F |. 13D6 |adc edx, esi
00403351 |. 8945 EC |mov dword ptr [ebp-14], eax
00403354 |. 8955 F0 |mov dword ptr [ebp-10], edx
00403357 |> 8B95 B8FEFFFF |mov edx, dword ptr [ebp-148]
0040335D |. 83C2 01 |add edx, 1 ; 固定字符串前八位加1
00403360 |. 8B85 BCFEFFFF |mov eax, dword ptr [ebp-144]
00403366 |. 83D0 00 |adc eax, 0
00403369 |. 50 |push eax
0040336A |. 52 |push edx
0040336B |. 8B4D F0 |mov ecx, dword ptr [ebp-10]
0040336E |. 51 |push ecx
0040336F |. 8B55 EC |mov edx, dword ptr [ebp-14]
00403372 |. 52 |push edx
00403373 |. E8 B84D1500 |call 00558130 ; 取商 算法CALL F7进入
00403378 |. 8945 EC |mov dword ptr [ebp-14], eax
0040337B |. 8955 F0 |mov dword ptr [ebp-10], edx
0040337E |. 8B45 F0 |mov eax, dword ptr [ebp-10]
00403381 |. 50 |push eax
00403382 |. 8B4D EC |mov ecx, dword ptr [ebp-14]
00403385 |. 51 |push ecx
00403386 |. 8D8D C8FEFFFF |lea ecx, dword ptr [ebp-138]
0040338C |. E8 C1ECFFFF |call 00402052
00403391 |. 8D95 C8FEFFFF |lea edx, dword ptr [ebp-138]
00403397 |. 52 |push edx
00403398 |. 8D85 98FDFFFF |lea eax, dword ptr [ebp-268]
0040339E |. 50 |push eax
0040339F |. 8B4D 0C |mov ecx, dword ptr [ebp+C]
004033A2 |. E8 0EF4FFFF |call 004027B5 ; 用上面的商计算算法CALL F7进入
004033A7 |. 8985 F4FCFFFF |mov dword ptr [ebp-30C], eax
004033AD |. 8B8D F4FCFFFF |mov ecx, dword ptr [ebp-30C]
004033B3 |. 898D F0FCFFFF |mov dword ptr [ebp-310], ecx
004033B9 |. C645 FC 04 |mov byte ptr [ebp-4], 4
004033BD |. 8B95 F0FCFFFF |mov edx, dword ptr [ebp-310]
004033C3 |. 52 |push edx
004033C4 |. 8D8D C8FEFFFF |lea ecx, dword ptr [ebp-138]
004033CA |. E8 3AECFFFF |call 00402009
004033CF |. C645 FC 02 |mov byte ptr [ebp-4], 2
004033D3 |. 8D8D 98FDFFFF |lea ecx, dword ptr [ebp-268]
004033D9 |. E8 93EBFFFF |call 00401F71
004033DE |. 83BD C4FEFFFF>|cmp dword ptr [ebp-13C], 0 ; 判断标志位是否为0
004033E5 |. 0F84 9E000000 |je 00403489 ; 跳到下面计算
004033EB |. 8B85 C8FEFFFF |mov eax, dword ptr [ebp-138]
004033F1 |. 0385 C4FEFFFF |add eax, dword ptr [ebp-13C]
004033F7 |. 8985 C8FEFFFF |mov dword ptr [ebp-138], eax
004033FD |. 8B8D C8FEFFFF |mov ecx, dword ptr [ebp-138]
00403403 |. 83E9 01 |sub ecx, 1
00403406 |. 898D 58FFFFFF |mov dword ptr [ebp-A8], ecx
0040340C |. EB 0F |jmp short 0040341D
0040340E |> 8B95 58FFFFFF |/mov edx, dword ptr [ebp-A8]
00403414 |. 83EA 01 ||sub edx, 1
00403417 |. 8995 58FFFFFF ||mov dword ptr [ebp-A8], edx
0040341D |> 8B85 58FFFFFF | mov eax, dword ptr [ebp-A8]
00403423 |. 3B85 C4FEFFFF ||cmp eax, dword ptr [ebp-13C]
00403429 |. 72 22 ||jb short 0040344D
0040342B |. 8B8D 58FFFFFF ||mov ecx, dword ptr [ebp-A8]
00403431 |. 2B8D C4FEFFFF ||sub ecx, dword ptr [ebp-13C]
00403437 |. 8B95 58FFFFFF ||mov edx, dword ptr [ebp-A8]
0040343D |. 8B848D CCFEFF>||mov eax, dword ptr [ebp+ecx*4-134]
00403444 |. 898495 CCFEFF>||mov dword ptr [ebp+edx*4-134], eax
0040344B |.^ EB C1 |\jmp short 0040340E
0040344D |> C785 58FFFFFF>|mov dword ptr [ebp-A8], 0
00403457 |. EB 0F |jmp short 00403468
00403459 |> 8B8D 58FFFFFF |/mov ecx, dword ptr [ebp-A8]
0040345F |. 83C1 01 ||add ecx, 1
00403462 |. 898D 58FFFFFF ||mov dword ptr [ebp-A8], ecx
00403468 |> 8B95 58FFFFFF | mov edx, dword ptr [ebp-A8]
0040346E |. 3B95 C4FEFFFF ||cmp edx, dword ptr [ebp-13C]
00403474 |. 73 13 ||jnb short 00403489
00403476 |. 8B85 58FFFFFF ||mov eax, dword ptr [ebp-A8]
0040347C |. C78485 CCFEFF>||mov dword ptr [ebp+eax*4-134], 0
00403487 |.^ EB D0 |\jmp short 00403459
00403489 |> 8D8D C8FEFFFF |lea ecx, dword ptr [ebp-138]
0040348F |. 51 |push ecx
00403490 |. 8D95 08FDFFFF |lea edx, dword ptr [ebp-2F8]
00403496 |. 52 |push edx
00403497 |. 8D8D 5CFFFFFF |lea ecx, dword ptr [ebp-A4]
0040349D |. E8 FBEEFFFF |call 0040239D ; 每次循环的最后一道相减的算法 F7进入
004034A2 |. 8985 ECFCFFFF |mov dword ptr [ebp-314], eax
004034A8 |. 8B85 ECFCFFFF |mov eax, dword ptr [ebp-314]
004034AE |. 8985 E8FCFFFF |mov dword ptr [ebp-318], eax
004034B4 |. C645 FC 05 |mov byte ptr [ebp-4], 5
004034B8 |. 8B8D E8FCFFFF |mov ecx, dword ptr [ebp-318]
004034BE |. 51 |push ecx
004034BF |. 8D8D 5CFFFFFF |lea ecx, dword ptr [ebp-A4]
004034C5 |. E8 3FEBFFFF |call 00402009
004034CA |. C645 FC 02 |mov byte ptr [ebp-4], 2
004034CE |. 8D8D 08FDFFFF |lea ecx, dword ptr [ebp-2F8]
004034D4 |. E8 98EAFFFF |call 00401F71
004034D9 |.^ E9 59FDFFFF \jmp 00403237
004034DE |> B9 24000000 mov ecx, 24
004034E3 |. 8DB5 5CFFFFFF lea esi, dword ptr [ebp-A4]
004034E9 |. 8B7D 08 mov edi, dword ptr [ebp+8]
004034EC |. F3:A5 rep movs dword ptr es:[edi], dword p>
004034EE |. 8B95 04FDFFFF mov edx, dword ptr [ebp-2FC]
004034F4 |. 83CA 01 or edx, 1
004034F7 |. 8995 04FDFFFF mov dword ptr [ebp-2FC], edx
004034FD |. C645 FC 01 mov byte ptr [ebp-4], 1
00403501 |. 8D8D C8FEFFFF lea ecx, dword ptr [ebp-138]
00403507 |. E8 65EAFFFF call 00401F71
0040350C |. C645 FC 00 mov byte ptr [ebp-4], 0
00403510 |. 8D8D 5CFFFFFF lea ecx, dword ptr [ebp-A4]
00403516 |. E8 56EAFFFF call 00401F71
0040351B |. 8B45 08 mov eax, dword ptr [ebp+8]
0040351E |. 8B4D F4 mov ecx, dword ptr [ebp-C]
00403521 |. 64:890D 00000>mov dword ptr fs:[0], ecx
00403528 |. 5F pop edi
00403529 |. 5E pop esi
0040352A |. 8BE5 mov esp, ebp
0040352C |. 5D pop ebp ; 01651FEC
0040352D \. C2 0800 retn 8
取商 算法CALL F7进入
00558130 /$ 53 push ebx
00558131 |. 56 push esi
00558132 |. 8B4424 18 mov eax, dword ptr [esp+18]
00558136 |. 0BC0 or eax, eax ;相OR不为0即跳出
00558138 |. 75 18 jnz short 00558152
0055813A |. 8B4C24 14 mov ecx, dword ptr [esp+14] ; 固定字符串的前八位加1后的 “9F17F275”
0055813E |. 8B4424 10 mov eax, dword ptr [esp+10] ; 计算结果的后序第二组八位
00558142 |. 33D2 xor edx, edx
00558144 |. F7F1 div ecx
00558146 |. 8BD8 mov ebx, eax
00558148 |. 8B4424 0C mov eax, dword ptr [esp+C] ; 计算结果的后序最后八位
0055814C |. F7F1 div ecx ; 二者合为十六位被除数与9F17F275 除取商
0055814E |. 8BD3 mov edx, ebx
00558150 |. EB 41 jmp short 00558193
00558152 |> 8BC8 mov ecx, eax
00558154 |. 8B5C24 14 mov ebx, dword ptr [esp+14]
00558158 |. 8B5424 10 mov edx, dword ptr [esp+10]
0055815C |. 8B4424 0C mov eax, dword ptr [esp+C]
00558160 |> D1E9 /shr ecx, 1
00558162 |. D1DB |rcr ebx, 1
00558164 |. D1EA |shr edx, 1
00558166 |. D1D8 |rcr eax, 1
00558168 |. 0BC9 |or ecx, ecx
0055816A |.^ 75 F4 \jnz short 00558160
0055816C |. F7F3 div ebx
0055816E |. 8BF0 mov esi, eax
00558170 |. F76424 18 mul dword ptr [esp+18]
00558174 |. 8BC8 mov ecx, eax
00558176 |. 8B4424 14 mov eax, dword ptr [esp+14]
0055817A |. F7E6 mul esi
0055817C |. 03D1 add edx, ecx
0055817E |. 72 0E jb short 0055818E
00558180 |. 3B5424 10 cmp edx, dword ptr [esp+10]
00558184 |. 77 08 ja short 0055818E
00558186 |. 72 07 jb short 0055818F
00558188 |. 3B4424 0C cmp eax, dword ptr [esp+C]
0055818C |. 76 01 jbe short 0055818F
0055818E |> 4E dec esi
0055818F |> 33D2 xor edx, edx
00558191 |. 8BC6 mov eax, esi
00558193 |> 5E pop esi
00558194 |. 5B pop ebx
00558195 \. C2 1000 retn 10
用上面的商计算算法CALL F7进入
004027B5 /$ 55 push ebp
004027B6 |. 8BEC mov ebp, esp
004027B8 |. 6A FF push -1
004027BA |. 68 8A445800 push 0058448A ; SE 处理程序安装
004027BF |. 64:A1 0000000>mov eax, dword ptr fs:[0]
004027C5 |. 50 push eax
004027C6 |. 64:8925 00000>mov dword ptr fs:[0], esp
004027CD |. 81EC B8000000 sub esp, 0B8
004027D3 |. 56 push esi
004027D4 |. 57 push edi
004027D5 |. 898D 3CFFFFFF mov dword ptr [ebp-C4], ecx
004027DB |. C785 40FFFFFF>mov dword ptr [ebp-C0], 0
004027E5 |. 8B45 0C mov eax, dword ptr [ebp+C]
004027E8 |. 8338 01 cmp dword ptr [eax], 1 ; 判断地址里标志值是否为1
004027EB |. 75 2D jnz short 0040281A ; 不为1 跳走
004027ED |. 8B4D 0C mov ecx, dword ptr [ebp+C]
004027F0 |. 8B51 04 mov edx, dword ptr [ecx+4]
004027F3 |. 52 push edx
004027F4 |. 8B45 08 mov eax, dword ptr [ebp+8]
004027F7 |. 50 push eax
004027F8 |. 8B8D 3CFFFFFF mov ecx, dword ptr [ebp-C4]
004027FE |. E8 7E020000 call 00402A81 ; 上面计算的商加入计算,同算法A
00402803 |. 8B8D 40FFFFFF mov ecx, dword ptr [ebp-C0]
00402809 |. 83C9 01 or ecx, 1
0040280C |. 898D 40FFFFFF mov dword ptr [ebp-C0], ecx
00402812 |. 8B45 08 mov eax, dword ptr [ebp+8]
00402815 |. E9 55020000 jmp 00402A6F ; 计算完毕跳出
0040281A |> 8D8D 5CFFFFFF lea ecx, dword ptr [ebp-A4]
00402820 |. E8 0BF7FFFF call 00401F30 ; 下面部分代码没有用到,省略 了
00402825 |. C785 4CFFFFFF>mov dword ptr [ebp-B4], 0
0040282F |. C785 50FFFFFF>mov dword ptr [ebp-B0], 0
00402839 |. C785 44FFFFFF>mov dword ptr [ebp-BC], 0
00402843 |. C785 48FFFFFF>mov dword ptr [ebp-B8], 0
0040284D |. 8B95 3CFFFFFF mov edx, dword ptr [ebp-C4]
00402853 |. 8B02 mov eax, dword ptr [edx]
....................................省略一段代码
00402A61 |. 8D8D 5CFFFFFF lea ecx, dword ptr [ebp-A4]
00402A67 |. E8 05F5FFFF call 00401F71
00402A6C |. 8B45 08 mov eax, dword ptr [ebp+8]
00402A6F |> 8B4D F4 mov ecx, dword ptr [ebp-C]
00402A72 |. 64:890D 00000>mov dword ptr fs:[0], ecx
00402A79 |. 5F pop edi
00402A7A |. 5E pop esi
00402A7B |. 8BE5 mov esp, ebp
00402A7D |. 5D pop ebp
00402A7E \. C2 0800 retn 8
每次循环的最后一道相减的算法CALL F7进入
0040239D /$ 55 push ebp
0040239E |. 8BEC mov ebp, esp
004023A0 |. 6A FF push -1
004023A2 |. 68 36445800 push 00584436 ; SE 处理程序安装
004023A7 |. 64:A1 0000000>mov eax, dword ptr fs:[0]
004023AD |. 50 push eax
004023AE |. 64:8925 00000>mov dword ptr fs:[0], esp
004023B5 |. 81EC A8000000 sub esp, 0A8
004023BB |. 56 push esi
004023BC |. 57 push edi
004023BD |. 898D 4CFFFFFF mov dword ptr [ebp-B4], ecx
004023C3 |. C785 50FFFFFF>mov dword ptr [ebp-B0], 0
004023CD |. 8D8D 64FFFFFF lea ecx, dword ptr [ebp-9C]
004023D3 |. E8 58FBFFFF call 00401F30
004023D8 |. C745 FC 01000>mov dword ptr [ebp-4], 1
004023DF |. 8B85 4CFFFFFF mov eax, dword ptr [ebp-B4]
004023E5 |. 50 push eax
004023E6 |. 8D8D 64FFFFFF lea ecx, dword ptr [ebp-9C]
004023EC |. E8 18FCFFFF call 00402009
004023F1 |. 8B4D 0C mov ecx, dword ptr [ebp+C]
004023F4 |. 51 push ecx
004023F5 |. 8D8D 64FFFFFF lea ecx, dword ptr [ebp-9C]
004023FB |. E8 7CFBFFFF call 00401F7C
00402400 |. 85C0 test eax, eax
00402402 |. 7F 45 jg short 00402449
00402404 |. 6A 00 push 0
00402406 |. 6A 00 push 0
00402408 |. 8D8D 64FFFFFF lea ecx, dword ptr [ebp-9C]
0040240E |. E8 3FFCFFFF call 00402052
00402413 |. B9 24000000 mov ecx, 24
00402418 |. 8DB5 64FFFFFF lea esi, dword ptr [ebp-9C]
0040241E |. 8B7D 08 mov edi, dword ptr [ebp+8]
00402421 |. F3:A5 rep movs dword ptr es:[edi], dword p>
00402423 |. 8B95 50FFFFFF mov edx, dword ptr [ebp-B0]
00402429 |. 83CA 01 or edx, 1
0040242C |. 8995 50FFFFFF mov dword ptr [ebp-B0], edx
00402432 |. C645 FC 00 mov byte ptr [ebp-4], 0
00402436 |. 8D8D 64FFFFFF lea ecx, dword ptr [ebp-9C]
0040243C |. E8 30FBFFFF call 00401F71
00402441 |. 8B45 08 mov eax, dword ptr [ebp+8]
00402444 |. E9 79010000 jmp 004025C2
00402449 |> C785 5CFFFFFF>mov dword ptr [ebp-A4], 0
00402453 |. C785 60FFFFFF>mov dword ptr [ebp-A0], 0
0040245D |. EB 0F jmp short 0040246E
0040245F |> 8B85 60FFFFFF /mov eax, dword ptr [ebp-A0]
00402465 |. 83C0 01 |add eax, 1
00402468 |. 8985 60FFFFFF |mov dword ptr [ebp-A0], eax
0040246E |> 8B8D 4CFFFFFF mov ecx, dword ptr [ebp-B4]
00402474 |. 8B95 60FFFFFF |mov edx, dword ptr [ebp-A0]
0040247A |. 3B11 |cmp edx, dword ptr [ecx] ; 循环次数11H
0040247C |. 0F83 EE000000 |jnb 00402570
00402482 |. 8B85 60FFFFFF |mov eax, dword ptr [ebp-A0]
00402488 |. 8B8D 4CFFFFFF |mov ecx, dword ptr [ebp-B4]
0040248E |. 8B95 60FFFFFF |mov edx, dword ptr [ebp-A0]
00402494 |. 8B75 0C |mov esi, dword ptr [ebp+C]
00402497 |. 8B4481 04 |mov eax, dword ptr [ecx+eax*4+4] ; 取出循环A的计算结果
0040249B |. 3B4496 04 |cmp eax, dword ptr [esi+edx*4+4] ; 取出商数的计算结果比较大小
0040249F 77 28 ja short 004024C9 ; 大于就跳到作减法并减借位值
004024A1 |. 8B8D 60FFFFFF |mov ecx, dword ptr [ebp-A0]
004024A7 |. 8B95 4CFFFFFF |mov edx, dword ptr [ebp-B4]
004024AD |. 8B85 60FFFFFF |mov eax, dword ptr [ebp-A0]
004024B3 |. 8B75 0C |mov esi, dword ptr [ebp+C]
004024B6 |. 8B4C8A 04 |mov ecx, dword ptr [edx+ecx*4+4] ; 作下一个数比较是否有借位
004024BA |. 3B4C86 04 |cmp ecx, dword ptr [esi+eax*4+4]
004024BE |. 75 45 |jnz short 00402505
004024C0 |. 83BD 5CFFFFFF>|cmp dword ptr [ebp-A4], 0
004024C7 |. 75 3C |jnz short 00402505
004024C9 |> 8B95 60FFFFFF |mov edx, dword ptr [ebp-A0]
004024CF |. 8B85 4CFFFFFF |mov eax, dword ptr [ebp-B4]
004024D5 |. 8B4C90 04 |mov ecx, dword ptr [eax+edx*4+4]
004024D9 |. 2B8D 5CFFFFFF |sub ecx, dword ptr [ebp-A4]
004024DF |. 8B95 60FFFFFF |mov edx, dword ptr [ebp-A0]
004024E5 |. 8B45 0C |mov eax, dword ptr [ebp+C]
004024E8 |. 2B4C90 04 |sub ecx, dword ptr [eax+edx*4+4] ; 结果相减
004024EC |. 8B95 60FFFFFF |mov edx, dword ptr [ebp-A0]
004024F2 |. 898C95 68FFFF>|mov dword ptr [ebp+edx*4-98], ecx ; 结果保存
004024F9 |. C785 5CFFFFFF>|mov dword ptr [ebp-A4], 0
00402503 |. EB 66 |jmp short 0040256B
00402505 |> 8B85 60FFFFFF |mov eax, dword ptr [ebp-A0]
0040250B |. 8B8D 4CFFFFFF |mov ecx, dword ptr [ebp-B4]
00402511 |. 8B5481 04 |mov edx, dword ptr [ecx+eax*4+4]
00402515 |. 33C0 |xor eax, eax
00402517 |. 83C2 00 |add edx, 0
0040251A |. 83D0 01 |adc eax, 1 ; 进位加1
0040251D |. 8995 54FFFFFF |mov dword ptr [ebp-AC], edx
00402523 |. 8985 58FFFFFF |mov dword ptr [ebp-A8], eax
00402529 |. 8B8D 5CFFFFFF |mov ecx, dword ptr [ebp-A4]
0040252F |. 33D2 |xor edx, edx
00402531 |. 8B85 54FFFFFF |mov eax, dword ptr [ebp-AC]
00402537 |. 2BC1 |sub eax, ecx
00402539 |. 8B8D 58FFFFFF |mov ecx, dword ptr [ebp-A8]
0040253F |. 1BCA |sbb ecx, edx
00402541 |. 8B95 60FFFFFF |mov edx, dword ptr [ebp-A0]
00402547 |. 8B75 0C |mov esi, dword ptr [ebp+C]
0040254A |. 8B5496 04 |mov edx, dword ptr [esi+edx*4+4]
0040254E |. 33F6 |xor esi, esi
00402550 |. 2BC2 |sub eax, edx ; 结果相减
00402552 |. 1BCE |sbb ecx, esi ; 减去借位值
00402554 |. 8B8D 60FFFFFF |mov ecx, dword ptr [ebp-A0]
0040255A |. 89848D 68FFFF>|mov dword ptr [ebp+ecx*4-98], eax
00402561 |. C785 5CFFFFFF>|mov dword ptr [ebp-A4], 1
0040256B |>^ E9 EFFEFFFF \jmp 0040245F ; 继续循环
00402570 |> 8B95 64FFFFFF /mov edx, dword ptr [ebp-9C]
00402576 |. 83BC95 64FFFF>|cmp dword ptr [ebp+edx*4-9C], 0
0040257E |. 75 11 |jnz short 00402591
00402580 |. 8B85 64FFFFFF |mov eax, dword ptr [ebp-9C]
00402586 |. 83E8 01 |sub eax, 1
00402589 |. 8985 64FFFFFF |mov dword ptr [ebp-9C], eax
0040258F |.^ EB DF \jmp short 00402570
00402591 |> B9 24000000 mov ecx, 24
00402596 |. 8DB5 64FFFFFF lea esi, dword ptr [ebp-9C]
0040259C |. 8B7D 08 mov edi, dword ptr [ebp+8]
0040259F |. F3:A5 rep movs dword ptr es:[edi], dword p>
004025A1 |. 8B8D 50FFFFFF mov ecx, dword ptr [ebp-B0]
004025A7 |. 83C9 01 or ecx, 1
004025AA |. 898D 50FFFFFF mov dword ptr [ebp-B0], ecx
004025B0 |. C645 FC 00 mov byte ptr [ebp-4], 0
004025B4 |. 8D8D 64FFFFFF lea ecx, dword ptr [ebp-9C]
004025BA |. E8 B2F9FFFF call 00401F71
004025BF |. 8B45 08 mov eax, dword ptr [ebp+8]
004025C2 |> 8B4D F4 mov ecx, dword ptr [ebp-C]
004025C5 |. 64:890D 00000>mov dword ptr fs:[0], ecx
004025CC |. 5F pop edi
004025CD |. 5E pop esi
004025CE |. 8BE5 mov esp, ebp
004025D0 |. 5D pop ebp
004025D1 \. C2 0800 retn 8
爆破的可以看下面:
所有字符验证比较都是用这个CALL ,而且形式相似,想爆破的可以用查找来找所有爆破点
004FB436 |. E8 2AD30500 call 00558765
004FB43B |. 83C4 08 add esp, 8
004FB43E |. 8985 D0F7FFFF mov dword ptr [ebp-830], eax
004FB444 |. 33D2 xor edx, edx
004FB446 |. 83BD D0F7FFFF>cmp dword ptr [ebp-830], 0
004FB44D |. 0F94C2 sete dl
004FB450 |. 81E2 FF000000 and edx, 0FF
004FB456 |. 85D2 test edx, edx
004FB458 |. 74 42 je short 004FB49C
跟入 但在这里面不能爆破,因为这里还有验证其它功能的字符,如果爆破就出错
00558765 /$ 8B5424 04 mov edx, dword ptr [esp+4]
00558769 |. 56 push esi
0055876A |. 8B7424 0C mov esi, dword ptr [esp+C]
0055876E |. 57 push edi
0055876F |. 66:8B0E mov cx, word ptr [esi]
00558772 |> 0FB702 /movzx eax, word ptr [edx]
00558775 |. 0FB7F9 |movzx edi, cx
00558778 |. 2BC7 |sub eax, edi
0055877A 75 0E jnz short 0055878A
0055877C |. 66:85C9 |test cx, cx
0055877F |. 74 09 |je short 0055878A
00558781 |. 42 |inc edx
00558782 |. 42 |inc edx
00558783 |. 46 |inc esi
00558784 |. 46 |inc esi
00558785 |. 66:8B0E |mov cx, word ptr [esi]
00558788 |.^ EB E8 \jmp short 00558772
0055878A |> 5F pop edi
0055878B |. 5E pop esi
0055878C |. 85C0 test eax, eax
0055878E |. 7D 04 jge short 00558794
00558790 |. 83C8 FF or eax, FFFFFFFF
00558793 |. C3 retn
00558794 |> 7E 03 jle short 00558799
00558796 |. 6A 01 push 1
00558798 |. 58 pop eax
00558799 \> C3 retn
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)