直接上反汇编,解码看后面的代码.解码可能有误,只是一个参考,没仔细弄.附件在后
; int __cdecl InitializeVM()
.text:004011D8 InitializeVM proc near ; CODE XREF: .text:004012B0p
.text:004011D8 ; .text:004012C8p ...
.text:004011D8 xor ebx, ebx
.text:004011DA mov eax, ebx
.text:004011DC mov VM_EAX, 0
.text:004011E6 mov VM_EBX, 0
.text:004011F0 mov VM_ECX, 0
.text:004011FA lea ecx, KeyIndex
.text:00401200 mov bl, [ecx]
.text:00401202 add ebx, offset User
.text:00401208 mov al, [ebx]
.text:0040120A mov VM_EDX, eax
.text:0040120F mov StackPos, 32h
.text:00401219 mov OpcodeIndex, 0
.text:00401223 mov VM_ZF, 0
.text:0040122A mov VM_SF, 0
.text:00401231 inc KeyIndex
.text:00401237 retn
.text:00401237
.text:00401237 InitializeVM endp
.text:00401237
.text:00401238 ; ---------------------------------------------------------------------------
.text:00401238
.text:00401238 VirtualMachine: ; CODE XREF: DialogFunc+145p
.text:00401238 push ebp
.text:00401239 mov ebp, esp
.text:0040123B add esp, 0FFFFFFFCh
.text:0040123E push offset User ; user name store address
.text:00401243 call strlen ; (strlen(user)>=7)==true
.text:00401243
.text:00401248 cmp ecx, 7 ; user name leng greater or equal 7?
.text:0040124B jnb short loc_40124F
.text:0040124B
.text:0040124D leave ; user name length less 7 direct return
.text:0040124E retn
.text:0040124E
.text:0040124F ; ---------------------------------------------------------------------------
.text:0040124F
.text:0040124F loc_40124F: ; CODE XREF: .text:0040124Bj
.text:0040124F lea eax, UserLen
.text:00401255 mov [eax], ecx ; store user name length to userlen
.text:00401257 push offset KeyCode ; serial store address
.text:0040125C call strlen ; (strlen(user)>=7)==true
.text:0040125C
.text:00401261 cmp ecx, 7 ; new comp serial length for greater or equal 7.
.text:00401264 jnb short loc_401268
.text:00401264
.text:00401266 leave ; store less 7 direct return.
.text:00401267 retn
.text:00401267
.text:00401268 ; ---------------------------------------------------------------------------
.text:00401268
.text:00401268 loc_401268: ; CODE XREF: .text:00401264j
.text:00401268 xor ecx, ecx ; user and serial length verified through
.text:0040126A push edx
.text:0040126B lea edx, UserLen
.text:0040126B
.text:00401271
.text:00401271 LoopEncrypt: ; CODE XREF: .text:00401291j
.text:00401271 lea eax, [ebp-4] ; junk code
.text:00401274 xor ebx, ebx
.text:00401276 lea eax, User ; user name address
.text:0040127C mov ebx, [ecx+eax] ; cycle get each bit user name
.text:0040127F xor ebx, ecx ; each user name XOR cycle counter.
.text:00401281 add eax, ecx ; get store pos
.text:00401283 mov [eax], bl ; bl is after XOR user name
.text:00401285 lea eax, User ; junk code
.text:0040128B mov eax, [ebp-4] ; junk code
.text:0040128E inc ecx ; conter incremented
.text:0040128F cmp ecx, [edx] ; cmp cycle number of time whether greater user name lengt
.text:00401291 jle short LoopEncrypt ; less or equal continue to cycle encrypt user name
.text:00401291
.text:00401293 pop edx
.text:00401294 lea eax, UserLoopLen
.text:0040129A mov [eax], ecx
.text:0040129C lea eax, DispatchOpcodeTable
.text:004012A2 lea ebx, OpcodeIndex
.text:004012A8 push dword ptr [ebx]
.text:004012AA pop HandlerIndex
.text:004012B0 call InitializeVM ; 初始化VM环境
.text:004012B0
.text:004012B5 push offset SehAddress
.text:004012BA push large dword ptr fs:0
.text:004012C1 mov large fs:0, esp
.text:004012C8 call InitializeVM ; Seh处理点一
.text:004012C8
.text:004012CD int 3 ; Trap to Debugger
.text:004012CE xor eax, eax
.text:004012D0 mul ecx
.text:004012D2
.text:004012D2 loc_4012D2: ; CODE XREF: .text:004012D5j
.text:004012D2 add esp, 0FFFFFFFFh
.text:004012D5 jmp short near ptr loc_4012D2+2
.text:004012D5
.text:004012D7 ; ---------------------------------------------------------------------------
.text:004012D7
.text:004012D7 SehAddress: ; DATA XREF: .text:004012B5o
.text:004012D7 pop large dword ptr fs:0
.text:004012DE add esp, 4
.text:004012E1 push offset SehAddressA
.text:004012E6 push large dword ptr fs:0
.text:004012ED mov large fs:0, esp
.text:004012F4 mov eax, 1 ; Seh处理点二
.text:004012F9 xor ecx, ecx
.text:004012FB div ecx
.text:004012FD xor eax, eax
.text:004012FF mul ecx
.text:00401301
.text:00401301 loc_401301: ; CODE XREF: .text:00401304j
.text:00401301 add esp, 0FFFFFFFFh
.text:00401304 jmp short near ptr loc_401301+2
.text:00401304
.text:00401306 ; ---------------------------------------------------------------------------
.text:00401306
.text:00401306 SehAddressA: ; DATA XREF: .text:004012E1o
.text:00401306 pop large dword ptr fs:0
.text:0040130D add esp, 4
.text:00401310 push offset SehAddressB
.text:00401315 push large dword ptr fs:0
.text:0040131C mov large fs:0, esp
.text:00401323 xor ecx, ecx ; Seh处理点三
.text:00401325 mov ebx, [ecx]
.text:00401327 xor eax, eax
.text:00401329 mul ecx
.text:0040132B
.text:0040132B loc_40132B: ; CODE XREF: .text:0040132Ej
.text:0040132B add esp, 0FFFFFFFFh
.text:0040132E jmp short near ptr loc_40132B+2
.text:0040132E
.text:00401330 ; ---------------------------------------------------------------------------
.text:00401330
.text:00401330 SehAddressB: ; DATA XREF: .text:00401310o
.text:00401330 pop large dword ptr fs:0
.text:00401337 add esp, 4
.text:0040133A push offset DirectVMLoop ; Seh处理点四
.text:0040133F push large dword ptr fs:0
.text:00401346 mov large fs:0, esp
.text:0040134D int 3 ; Trap to Debugger
.text:0040134E xor eax, eax
.text:00401350 mul ecx
.text:00401352
.text:00401352 loc_401352: ; CODE XREF: .text:00401355j
.text:00401352 add esp, 0FFFFFFFFh
.text:00401355 jmp short near ptr loc_401352+2
.text:00401355
.text:00401357 ; ---------------------------------------------------------------------------
.text:00401357
.text:00401357 VMLoop: ; CODE XREF: .text:SubSwitchAEndj
.text:00401357 ; .text:SubSwitch0xBEndj ...
.text:00401357 add OpcodeIndex, 2
.text:00401357
.text:0040135E
.text:0040135E DirectVMLoop: ; CODE XREF: .text:IntoVMLoopj
.text:0040135E ; DATA XREF: .text:0040133Ao
.text:0040135E mov ecx, OpcodeIndex ; 需要用于获得Opcode的索引值.
.text:00401364 push DispatchOpcodeTable[ecx] ; Opcode4位一组
.text:0040136A pop HandlerIndex ; 弹出来.顺序取反
.text:00401370 cmp byte ptr HandlerIndex, 0Ah ; Switch循环,相当于VMP的JumpTable.
.text:00401370 ; 每个目标地址有一个子SubSwitch.只
.text:00401370 ; 是这个方式不一样.
.text:00401377 jnz short HandlerEqual0xB ; VM执行过程:根据OpcodeIndex的索引从DispatchOpcodeTable
.text:00401377 ; 里面反弹出4字节数据到HandlerIndex里面,然后比较4字节数据
.text:00401377 ; 里面的最低位执行每个指令Handler.
.text:00401377
.text:00401379 inc ecx
.text:0040137A push DispatchOpcodeTable[ecx]
.text:00401380 pop HandlerIndex
.text:00401386 cmp byte ptr HandlerIndex, 1
.text:0040138D jnz short SubSwitchACase2
.text:0040138D
.text:0040138F push offset VM_EAX ; pdwValue
.text:00401394 call PushStackIntoPos ; Push到指定位置.
.text:00401394
.text:00401399 jmp short SubSwitchAEnd
.text:00401399
.text:0040139B ; ---------------------------------------------------------------------------
.text:0040139B
.text:0040139B SubSwitchACase2: ; CODE XREF: .text:0040138Dj
.text:0040139B cmp byte ptr HandlerIndex, 2
.text:004013A2 jnz short SubSwitchACase3
.text:004013A2
.text:004013A4 push offset VM_EBX ; pdwValue
.text:004013A9 call PushStackIntoPos ; Push到指定位置.
.text:004013A9
.text:004013AE jmp short SubSwitchAEnd
.text:004013AE
.text:004013B0 ; ---------------------------------------------------------------------------
.text:004013B0
.text:004013B0 SubSwitchACase3: ; CODE XREF: .text:004013A2j
.text:004013B0 cmp byte ptr HandlerIndex, 3
.text:004013B7 jnz short SubSwitchACase4
.text:004013B7
.text:004013B9 push offset VM_ECX ; pdwValue
.text:004013BE call PushStackIntoPos ; Push到指定位置.
.text:004013BE
.text:004013C3 jmp short SubSwitchAEnd
.text:004013C3
.text:004013C5 ; ---------------------------------------------------------------------------
.text:004013C5
.text:004013C5 SubSwitchACase4: ; CODE XREF: .text:004013B7j
.text:004013C5 cmp byte ptr HandlerIndex, 4
.text:004013CC jnz short SubSwitchACase5
.text:004013CC
.text:004013CE push offset VM_EDX ; pdwValue
.text:004013D3 call PushStackIntoPos ; Push到指定位置.
.text:004013D3
.text:004013D8 jmp short SubSwitchAEnd
.text:004013D8
.text:004013DA ; ---------------------------------------------------------------------------
.text:004013DA
.text:004013DA SubSwitchACase5: ; CODE XREF: .text:004013CCj
.text:004013DA cmp byte ptr HandlerIndex, 5
.text:004013E1 jnz short SubSwitchAEnd
.text:004013E1
.text:004013E3 push 0 ; pdwValue
.text:004013E5 call PushStackIntoPos ; Push到指定位置.
.text:004013E5
.text:004013EA
.text:004013EA SubSwitchAEnd: ; CODE XREF: .text:00401399j
.text:004013EA ; .text:004013AEj ...
.text:004013EA jmp VMLoop
.text:004013EA
.text:004013EF ; ---------------------------------------------------------------------------
.text:004013EF
.text:004013EF HandlerEqual0xB: ; CODE XREF: .text:00401377j
.text:004013EF cmp byte ptr HandlerIndex, 0Bh
.text:004013F6 jnz short HandlerEqual0xC
.text:004013F6
.text:004013F8 inc ecx
.text:004013F9 push DispatchOpcodeTable[ecx]
.text:004013FF pop HandlerIndex
.text:00401405 cmp byte ptr HandlerIndex, 1
.text:0040140C jnz short SubSwitch0xBCase2
.text:0040140C
.text:0040140E push offset VM_EAX ; pdwValue
.text:00401413 call PopStackIntoPos ; Pop到当前参数位置.
.text:00401413
.text:00401418 jmp short SubSwitch0xBEnd
.text:00401418
.text:0040141A ; ---------------------------------------------------------------------------
.text:0040141A
.text:0040141A SubSwitch0xBCase2: ; CODE XREF: .text:0040140Cj
.text:0040141A cmp byte ptr HandlerIndex, 2
.text:00401421 jnz short SubSwitch0xBCase3
.text:00401421
.text:00401423 push offset VM_EBX ; pdwValue
.text:00401428 call PopStackIntoPos ; Pop到当前参数位置.
.text:00401428
.text:0040142D jmp short SubSwitch0xBEnd
.text:0040142D
.text:0040142F ; ---------------------------------------------------------------------------
.text:0040142F
.text:0040142F SubSwitch0xBCase3: ; CODE XREF: .text:00401421j
.text:0040142F cmp byte ptr HandlerIndex, 3
.text:00401436 jnz short SubSwitch0xBCase4
.text:00401436
.text:00401438 push offset VM_ECX ; pdwValue
.text:0040143D call PopStackIntoPos ; Pop到当前参数位置.
.text:0040143D
.text:00401442 jmp short SubSwitch0xBEnd
.text:00401442
.text:00401444 ; ---------------------------------------------------------------------------
.text:00401444
.text:00401444 SubSwitch0xBCase4: ; CODE XREF: .text:00401436j
.text:00401444 cmp byte ptr HandlerIndex, 4
.text:0040144B jnz short SubSwitch0xBEnd
.text:0040144B
.text:0040144D push offset VM_EDX ; pdwValue
.text:00401452 call PopStackIntoPos ; Pop到当前参数位置.
.text:00401452
.text:00401457
.text:00401457 SubSwitch0xBEnd: ; CODE XREF: .text:00401418j
.text:00401457 ; .text:0040142Dj ...
.text:00401457 jmp VMLoop
.text:00401457
.text:0040145C ; ---------------------------------------------------------------------------
.text:0040145C
.text:0040145C HandlerEqual0xC: ; CODE XREF: .text:004013F6j
.text:0040145C cmp byte ptr HandlerIndex, 0Ch
.text:00401463 jnz HandlerEqual0xD
.text:00401463
.text:00401469 inc ecx
.text:0040146A push DispatchOpcodeTable[ecx]
.text:00401470 pop HandlerIndex
.text:00401476 cmp byte ptr HandlerIndex, 1
.text:0040147D jnz short SubSwitch0xCCase2
.text:0040147D
.text:0040147F push offset VM_EBX
.text:00401484 push offset VM_EAX
.text:00401489 call MoveTwoIntoOne ; Move地址二数据到地址一
.text:00401489
.text:0040148E jmp short SubSwitch0xCEnd
.text:0040148E
.text:00401490 ; ---------------------------------------------------------------------------
.text:00401490
.text:00401490 SubSwitch0xCCase2: ; CODE XREF: .text:0040147Dj
.text:00401490 cmp byte ptr HandlerIndex, 2
.text:00401497 jnz short SubSwitch0xCCase3
.text:00401497
.text:00401499 push offset VM_ECX
.text:0040149E push offset VM_EAX
.text:004014A3 call MoveTwoIntoOne ; Move地址二数据到地址一
.text:004014A3
.text:004014A8 jmp short SubSwitch0xCEnd
.text:004014A8
.text:004014AA ; ---------------------------------------------------------------------------
.text:004014AA
.text:004014AA SubSwitch0xCCase3: ; CODE XREF: .text:00401497j
.text:004014AA cmp byte ptr HandlerIndex, 3
.text:004014B1 jnz short SubSwitch0xCCase6
.text:004014B1
.text:004014B3 push offset VM_EDX
.text:004014B8 push offset VM_EAX
.text:004014BD call MoveTwoIntoOne ; Move地址二数据到地址一
.text:004014BD
.text:004014C2 jmp short SubSwitch0xCEnd
.text:004014C2
.text:004014C4 ; ---------------------------------------------------------------------------
.text:004014C4
.text:004014C4 SubSwitch0xCCase6: ; CODE XREF: .text:004014B1j
.text:004014C4 cmp byte ptr HandlerIndex, 6
.text:004014CB jnz short SubSwitch0xCCase7
.text:004014CB
.text:004014CD push 0
.text:004014CF push offset VM_EAX
.text:004014D4 call MoveTwoIntoOne ; Move地址二数据到地址一
.text:004014D4
.text:004014D9 jmp short SubSwitch0xCEnd
.text:004014D9
.text:004014DB ; ---------------------------------------------------------------------------
.text:004014DB
.text:004014DB SubSwitch0xCCase7: ; CODE XREF: .text:004014CBj
.text:004014DB cmp byte ptr HandlerIndex, 7
.text:004014E2 jnz short SubSwitch0xCCase8
.text:004014E2
.text:004014E4 push 0
.text:004014E6 push offset VM_EBX
.text:004014EB call MoveTwoIntoOne ; Move地址二数据到地址一
.text:004014EB
.text:004014F0 jmp short SubSwitch0xCEnd
.text:004014F0
.text:004014F2 ; ---------------------------------------------------------------------------
.text:004014F2
.text:004014F2 SubSwitch0xCCase8: ; CODE XREF: .text:004014E2j
.text:004014F2 cmp byte ptr HandlerIndex, 8
.text:004014F9 jnz short SubSwitch0xCEnd
.text:004014F9
.text:004014FB push 0
.text:004014FD push offset VM_ECX
.text:00401502 call MoveTwoIntoOne ; Move地址二数据到地址一
.text:00401502
.text:00401507
.text:00401507 SubSwitch0xCEnd: ; CODE XREF: .text:0040148Ej
.text:00401507 ; .text:004014A8j ...
.text:00401507 jmp VMLoop
.text:00401507
.text:0040150C ; ---------------------------------------------------------------------------
.text:0040150C
.text:0040150C HandlerEqual0xD: ; CODE XREF: .text:00401463j
.text:0040150C cmp byte ptr HandlerIndex, 0Dh
.text:00401513 jnz HandlerEqual0xE
.text:00401513
.text:00401519 inc ecx
.text:0040151A push DispatchOpcodeTable[ecx]
.text:00401520 pop HandlerIndex
.text:00401526 cmp byte ptr HandlerIndex, 1
.text:0040152D jnz short SubSwitch0xDCase2
.text:0040152D
.text:0040152F push VM_EBX
.text:00401535 push VM_EAX
.text:0040153B call ImitateMemcmp ; 比较两个数据是否一样.模拟memcmp函数
.text:0040153B
.text:00401540 jmp short SubSwitch0xDEnd
.text:00401540
.text:00401542 ; ---------------------------------------------------------------------------
.text:00401542
.text:00401542 SubSwitch0xDCase2: ; CODE XREF: .text:0040152Dj
.text:00401542 cmp byte ptr HandlerIndex, 2
.text:00401549 jnz short SubSwitch0xDCase3
.text:00401549
.text:0040154B push 0
.text:0040154D push VM_EAX
.text:00401553 call ImitateMemcmp ; 比较两个数据是否一样.模拟memcmp函数
.text:00401553
.text:00401558 jmp short SubSwitch0xDEnd
.text:00401558
.text:0040155A ; ---------------------------------------------------------------------------
.text:0040155A
.text:0040155A SubSwitch0xDCase3: ; CODE XREF: .text:00401549j
.text:0040155A cmp byte ptr HandlerIndex, 3
.text:00401561 jnz short SubSwitch0xDCase4
.text:00401561
.text:00401563 push 0
.text:00401565 push VM_EBX
.text:0040156B call ImitateMemcmp ; 比较两个数据是否一样.模拟memcmp函数
.text:0040156B
.text:00401570 jmp short SubSwitch0xDEnd
.text:00401570
.text:00401572 ; ---------------------------------------------------------------------------
.text:00401572
.text:00401572 SubSwitch0xDCase4: ; CODE XREF: .text:00401561j
.text:00401572 cmp byte ptr HandlerIndex, 4
.text:00401579 jnz short SubSwitch0xDCase5
.text:00401579
.text:0040157B push 0
.text:0040157D push VM_ECX
.text:00401583 call ImitateMemcmp ; 比较两个数据是否一样.模拟memcmp函数
.text:00401583
.text:00401588 jmp short SubSwitch0xDEnd
.text:00401588
.text:0040158A ; ---------------------------------------------------------------------------
.text:0040158A
.text:0040158A SubSwitch0xDCase5: ; CODE XREF: .text:00401579j
.text:0040158A cmp byte ptr HandlerIndex, 5
.text:00401591 jnz short SubSwitch0xDEnd
.text:00401591
.text:00401593 push 0
.text:00401595 push VM_EDX
.text:0040159B call ImitateMemcmp ; 比较两个数据是否一样.模拟memcmp函数
.text:0040159B
.text:004015A0
.text:004015A0 SubSwitch0xDEnd: ; CODE XREF: .text:00401540j
.text:004015A0 ; .text:00401558j ...
.text:004015A0 jmp VMLoop
.text:004015A0
.text:004015A5 ; ---------------------------------------------------------------------------
.text:004015A5
.text:004015A5 HandlerEqual0xE: ; CODE XREF: .text:00401513j
.text:004015A5 cmp byte ptr HandlerIndex, 0Eh
.text:004015AC jnz short HandlerEqual0xF
.text:004015AC
.text:004015AE inc ecx
.text:004015AF push DispatchOpcodeTable[ecx]
.text:004015B5 pop HandlerIndex
.text:004015BB cmp byte ptr HandlerIndex, 1
.text:004015C2 jnz short SubSwitch0xECase2
.text:004015C2
.text:004015C4 push offset VM_EAX
.text:004015C9 call ImitateIncHandler ; 模拟INC指令,相当于C++里面的++i.
.text:004015C9
.text:004015CE jmp short SubSwitch0xEEnd
.text:004015CE
.text:004015D0 ; ---------------------------------------------------------------------------
.text:004015D0
.text:004015D0 SubSwitch0xECase2: ; CODE XREF: .text:004015C2j
.text:004015D0 cmp byte ptr HandlerIndex, 2
.text:004015D7 jnz short SubSwitch0xECase3
.text:004015D7
.text:004015D9 push offset VM_EBX
.text:004015DE call ImitateIncHandler ; 模拟INC指令,相当于C++里面的++i.
.text:004015DE
.text:004015E3 jmp short SubSwitch0xEEnd
.text:004015E3
.text:004015E5 ; ---------------------------------------------------------------------------
.text:004015E5
.text:004015E5 SubSwitch0xECase3: ; CODE XREF: .text:004015D7j
.text:004015E5 cmp byte ptr HandlerIndex, 3
.text:004015EC jnz short SubSwitch0xECase4
.text:004015EC
.text:004015EE push offset VM_ECX
.text:004015F3 call ImitateIncHandler ; 模拟INC指令,相当于C++里面的++i.
.text:004015F3
.text:004015F8 jmp short SubSwitch0xEEnd
.text:004015F8
.text:004015FA ; ---------------------------------------------------------------------------
.text:004015FA
.text:004015FA SubSwitch0xECase4: ; CODE XREF: .text:004015ECj
.text:004015FA cmp byte ptr HandlerIndex, 4
.text:00401601 jnz short SubSwitch0xEEnd
.text:00401601
.text:00401603 push offset VM_EDX
.text:00401608 call ImitateIncHandler ; 模拟INC指令,相当于C++里面的++i.
.text:00401608
.text:0040160D
.text:0040160D SubSwitch0xEEnd: ; CODE XREF: .text:004015CEj
.text:0040160D ; .text:004015E3j ...
.text:0040160D jmp VMLoop
.text:0040160D
.text:00401612 ; ---------------------------------------------------------------------------
.text:00401612
.text:00401612 HandlerEqual0xF: ; CODE XREF: .text:004015ACj
.text:00401612 cmp byte ptr HandlerIndex, 0Fh
.text:00401619 jnz short HandlerEqual0x1B
.text:00401619
.text:0040161B inc ecx
.text:0040161C push DispatchOpcodeTable[ecx]
.text:00401622 pop HandlerIndex
.text:00401628 cmp byte ptr HandlerIndex, 1
.text:0040162F jnz short SubSwitch0xFCase2
.text:0040162F
.text:00401631 push offset VM_EAX
.text:00401636 call ImitateDecHandler ; 模拟DEC指令,相当于C++里面的--i.
.text:00401636
.text:0040163B jmp short SubSwitch0xFEnd
.text:0040163B
.text:0040163D ; ---------------------------------------------------------------------------
.text:0040163D
.text:0040163D SubSwitch0xFCase2: ; CODE XREF: .text:0040162Fj
.text:0040163D cmp byte ptr HandlerIndex, 2
.text:00401644 jnz short SubSwitch0xFCase3
.text:00401644
.text:00401646 push offset VM_EBX
.text:0040164B call ImitateDecHandler ; 模拟DEC指令,相当于C++里面的--i.
.text:0040164B
.text:00401650 jmp short SubSwitch0xFEnd
.text:00401650
.text:00401652 ; ---------------------------------------------------------------------------
.text:00401652
.text:00401652 SubSwitch0xFCase3: ; CODE XREF: .text:00401644j
.text:00401652 cmp byte ptr HandlerIndex, 3
.text:00401659 jnz short SubSwitch0xFCase4
.text:00401659
.text:0040165B push offset VM_ECX
.text:00401660 call ImitateDecHandler ; 模拟DEC指令,相当于C++里面的--i.
.text:00401660
.text:00401665 jmp short SubSwitch0xFEnd
.text:00401665
.text:00401667 ; ---------------------------------------------------------------------------
.text:00401667
.text:00401667 SubSwitch0xFCase4: ; CODE XREF: .text:00401659j
.text:00401667 cmp byte ptr HandlerIndex, 4
.text:0040166E jnz short SubSwitch0xFEnd
.text:0040166E
.text:00401670 push offset VM_EDX
.text:00401675 call ImitateDecHandler ; 模拟DEC指令,相当于C++里面的--i.
.text:00401675
.text:0040167A
.text:0040167A SubSwitch0xFEnd: ; CODE XREF: .text:0040163Bj
.text:0040167A ; .text:00401650j ...
.text:0040167A jmp VMLoop
.text:0040167A
.text:0040167F ; ---------------------------------------------------------------------------
.text:0040167F
.text:0040167F HandlerEqual0x1B: ; CODE XREF: .text:00401619j
.text:0040167F cmp byte ptr HandlerIndex, 1Bh
.text:00401686 jnz short HandlerEqual0x1C
.text:00401686
.text:00401688 inc ecx
.text:00401689 push DispatchOpcodeTable[ecx]
.text:0040168F pop HandlerIndex
.text:00401695 cmp byte ptr HandlerIndex, 1
.text:0040169C jnz short SubSwitch0x1BEnd
.text:0040169C
.text:0040169E push 0
.text:004016A0 push offset VM_EAX
.text:004016A5 call ImitateAndHandler ; 模拟AND指令,相当于C++里面的按位与(&)操作。参数一&=Opcode
.text:004016A5
.text:004016AA
.text:004016AA SubSwitch0x1BEnd: ; CODE XREF: .text:0040169Cj
.text:004016AA jmp VMLoop
.text:004016AA
.text:004016AF ; ---------------------------------------------------------------------------
.text:004016AF
.text:004016AF HandlerEqual0x1C: ; CODE XREF: .text:00401686j
.text:004016AF cmp byte ptr HandlerIndex, 1Ch
.text:004016B6 jnz short HandlerEqual0x1D
.text:004016B6
.text:004016B8 inc ecx
.text:004016B9 push DispatchOpcodeTable[ecx]
.text:004016BF pop HandlerIndex
.text:004016C5 cmp byte ptr HandlerIndex, 1
.text:004016CC jnz short SubSwitch0x1CEnd
.text:004016CC
.text:004016CE push 0
.text:004016D0 push offset VM_EAX
.text:004016D5 call ImitateOrHandler ; 模拟OR指令,相当于C++里面的按位或(|)操作。参数一|=Opcode
.text:004016D5
.text:004016DA
.text:004016DA SubSwitch0x1CEnd: ; CODE XREF: .text:004016CCj
.text:004016DA jmp VMLoop
.text:004016DA
.text:004016DF ; ---------------------------------------------------------------------------
.text:004016DF
.text:004016DF HandlerEqual0x1D: ; CODE XREF: .text:004016B6j
.text:004016DF cmp byte ptr HandlerIndex, 1Dh
.text:004016E6 jnz HandlerEqual0x1E
.text:004016E6
.text:004016EC inc ecx
.text:004016ED push DispatchOpcodeTable[ecx]
.text:004016F3 pop HandlerIndex
.text:004016F9 cmp byte ptr HandlerIndex, 1
.text:00401700 jnz short SubSwitch0x1DCase2
.text:00401700
.text:00401702 push VM_EBX
.text:00401708 push VM_EAX
.text:0040170E call ImitateXorHandler ; 模拟XOR指令,相当于C++里面的异或(^)操作。b_VmSerial=参数一XOR参数二
.text:0040170E
.text:00401713 jmp short SubSwitch0x1DEnd
.text:00401713
.text:00401715 ; ---------------------------------------------------------------------------
.text:00401715
.text:00401715 SubSwitch0x1DCase2: ; CODE XREF: .text:00401700j
.text:00401715 cmp byte ptr HandlerIndex, 2
.text:0040171C jnz short SubSwitch0x1DCase3
.text:0040171C
.text:0040171E push VM_EBX
.text:00401724 push VM_EAX
.text:0040172A call ImitateXorHandler ; 模拟XOR指令,相当于C++里面的异或(^)操作。b_VmSerial=参数一XOR参数二
.text:0040172A
.text:0040172F jmp short SubSwitch0x1DEnd
.text:0040172F
.text:00401731 ; ---------------------------------------------------------------------------
.text:00401731
.text:00401731 SubSwitch0x1DCase3: ; CODE XREF: .text:0040171Cj
.text:00401731 cmp byte ptr HandlerIndex, 3
.text:00401738 jnz short SubSwitch0x1DCase4
.text:00401738
.text:0040173A push VM_EBX
.text:00401740 push VM_EAX
.text:00401746 call ImitateXorHandler ; 模拟XOR指令,相当于C++里面的异或(^)操作。b_VmSerial=参数一XOR参数二
.text:00401746
.text:0040174B jmp short SubSwitch0x1DEnd
.text:0040174B
.text:0040174D ; ---------------------------------------------------------------------------
.text:0040174D
.text:0040174D SubSwitch0x1DCase4: ; CODE XREF: .text:00401738j
.text:0040174D cmp byte ptr HandlerIndex, 4
.text:00401754 jnz short SubSwitch0x1DEnd
.text:00401754
.text:00401756 push VM_EBX
.text:0040175C push VM_EAX
.text:00401762 call ImitateXorHandler ; 模拟XOR指令,相当于C++里面的异或(^)操作。b_VmSerial=参数一XOR参数二
.text:00401762
.text:00401767
.text:00401767 SubSwitch0x1DEnd: ; CODE XREF: .text:00401713j
.text:00401767 ; .text:0040172Fj ...
.text:00401767 jmp VMLoop
.text:00401767
.text:0040176C ; ---------------------------------------------------------------------------
.text:0040176C
.text:0040176C HandlerEqual0x1E: ; CODE XREF: .text:004016E6j
.text:0040176C cmp byte ptr HandlerIndex, 1Eh
.text:00401773 jnz short HandlerEqualSerial
.text:00401773
.text:00401775 inc ecx
.text:00401776 push DispatchOpcodeTable[ecx]
.text:0040177C pop HandlerIndex
.text:00401782 cmp byte ptr HandlerIndex, 1
.text:00401789 jnz short SubSwitch0x1ECase2
.text:00401789
.text:0040178B push 0
.text:0040178D call AddOneToOpcodeIndex ; 添加参数一到OpcodeIndex
.text:0040178D
.text:00401792 jmp short SubSwitch0x1EEnd
.text:00401792
.text:00401794 ; ---------------------------------------------------------------------------
.text:00401794
.text:00401794 SubSwitch0x1ECase2: ; CODE XREF: .text:00401789j
.text:00401794 cmp byte ptr HandlerIndex, 2
.text:0040179B jnz short SubSwitch0x1ECase3
.text:0040179B
.text:0040179D push 0
.text:0040179F call IsAddOneToOpcodeIndex ; 里面有个条件决定是添加参数一+OpcodeIndex+1还是只OpcodeIndex+1
.text:0040179F
.text:004017A4 jmp short SubSwitch0x1EEnd
.text:004017A4
.text:004017A6 ; ---------------------------------------------------------------------------
.text:004017A6
.text:004017A6 SubSwitch0x1ECase3: ; CODE XREF: .text:0040179Bj
.text:004017A6 cmp byte ptr HandlerIndex, 3
.text:004017AD jnz short SubSwitch0x1ECase4
.text:004017AD
.text:004017AF push 0
.text:004017B1 call IsAddOneToOpcodeIndexA ; 里面有两个条件决定是添加参数一+OpcodeIndex+1还是只OpcodeIndex+1
.text:004017B1
.text:004017B6 jmp short SubSwitch0x1EEnd
.text:004017B6
.text:004017B8 ; ---------------------------------------------------------------------------
.text:004017B8
.text:004017B8 SubSwitch0x1ECase4: ; CODE XREF: .text:004017ADj
.text:004017B8 cmp byte ptr HandlerIndex, 4
.text:004017BF jnz short SubSwitch0x1EEnd
.text:004017BF
.text:004017C1 push 0
.text:004017C3 call IsAddOneToOpcodeIndexB ; 里面有两个条件决定是添加参数一+OpcodeIndex+1还是只OpcodeIndex+1
.text:004017C3
.text:004017C8
.text:004017C8 SubSwitch0x1EEnd: ; CODE XREF: .text:00401792j
.text:004017C8 ; .text:004017A4j ...
.text:004017C8 jmp VMLoop
.text:004017C8
.text:004017CD ; ---------------------------------------------------------------------------
.text:004017CD
.text:004017CD HandlerEqualSerial: ; CODE XREF: .text:00401773j
.text:004017CD cmp byte ptr HandlerIndex, 0FFh
.text:004017D4 jnz short IntoVMLoop
.text:004017D4
.text:004017D6 inc ecx ; 进入VM比较
.text:004017D7 push DispatchOpcodeTable[ecx]
.text:004017DD pop HandlerIndex
.text:004017E3 call EqualSerialForVM ; 最后的VM比较
.text:004017E3
.text:004017E8 cmp ebx, 0FFh
.text:004017EE jnz short IntoVMLoop
.text:004017EE
.text:004017F0 jmp short locret_40180A
.text:004017F0
.text:004017F2 ; ---------------------------------------------------------------------------
.text:004017F2
.text:004017F2 IntoVMLoop: ; CODE XREF: .text:004017D4j
.text:004017F2 ; .text:004017EEj
.text:004017F2 jmp DirectVMLoop
.text:004017F2
.text:004017F7 ; ---------------------------------------------------------------------------
.text:004017F7 push 0
.text:004017F9 push offset aError ; "Error"
.text:004017FE push offset Text ; "The key is wrong."
.text:00401803 push 0
.text:00401805 call MessageBoxA
.text:00401805
.text:0040180A
.text:0040180A locret_40180A: ; CODE XREF: .text:004017F0j
.text:0040180A leave
.text:0040180B leave
.text:0040180C leave
.text:0040180D leave
.text:0040180E leave
.text:0040180F leave
.text:00401810 leave
.text:00401811 retn
.text:00401811
.text:00401812
.text:00401812 ; =============== S U B R O U T I N E =======================================
.text:00401812
.text:00401812 ; Attributes: bp-based frame
.text:00401812
.text:00401812 ; void __stdcall PushStackIntoPos(DWORD *pdwValue)
.text:00401812 PushStackIntoPos proc near ; CODE XREF: .text:00401394p
.text:00401812 ; .text:004013A9p ...
.text:00401812
.text:00401812 pdwValue= dword ptr 8
.text:00401812
.text:00401812 push ebp
.text:00401813 mov ebp, esp
.text:00401815 sub StackPos, 4 ; 堆栈位置
.text:0040181C lea ebx, unk_4031CF
.text:00401822 add ebx, StackPos
.text:00401828 mov ecx, [ebp+8] ; 判断参数是否为零
.text:0040182B or ecx, ecx
.text:0040182D jnz short loc_40183E ; 不等于0就取出参数。保存到令一个位置
.text:0040182D
.text:0040182F mov ecx, HandlerIndex+1 ; 垃圾指令
.text:00401835 add OpcodeIndex, 2
.text:0040183C jmp short ASSIGN
.text:0040183C
.text:0040183E ; ---------------------------------------------------------------------------
.text:0040183E
.text:0040183E loc_40183E: ; CODE XREF: PushStackIntoPos+1Bj
.text:0040183E mov edx, [ebp+8]
.text:00401841 mov ecx, [edx] ; 取出参数一的WORD大小的内容到EBX指向的地址
.text:00401841
.text:00401843
.text:00401843 ASSIGN: ; CODE XREF: PushStackIntoPos+2Aj
.text:00401843 mov [ebx], cx
.text:00401846 leave
.text:00401847 retn 4
.text:00401847
.text:00401847 PushStackIntoPos endp
.text:00401847
.text:0040184A
.text:0040184A ; =============== S U B R O U T I N E =======================================
.text:0040184A
.text:0040184A ; Attributes: bp-based frame
.text:0040184A
.text:0040184A ; void __stdcall PopStackIntoPos(DWORD *pdwValue)
.text:0040184A PopStackIntoPos proc near ; CODE XREF: .text:00401413p
.text:0040184A ; .text:00401428p ...
.text:0040184A
.text:0040184A pdwValue= dword ptr 8
.text:0040184A
.text:0040184A push ebp
.text:0040184B mov ebp, esp
.text:0040184D xor ecx, ecx
.text:0040184F lea ebx, unk_4031CF
.text:00401855 add ebx, StackPos
.text:0040185B mov eax, [ebp+8]
.text:0040185E push dword ptr [ebx]
.text:00401860 pop dword ptr [eax]
.text:00401862 mov [ebx], ecx
.text:00401864 add StackPos, 4 ; 堆栈位置
.text:0040186B mul ecx
.text:0040186D leave
.text:0040186E retn 4
.text:0040186E
.text:0040186E PopStackIntoPos endp
.text:0040186E
.text:00401871
.text:00401871 ; =============== S U B R O U T I N E =======================================
.text:00401871
.text:00401871 ; Attributes: bp-based frame
.text:00401871
.text:00401871 ; void __stdcall MoveTwoIntoOne(PDWORD pdwDst, PDWORD pdwSrc)
.text:00401871 MoveTwoIntoOne proc near ; CODE XREF: .text:00401489p
.text:00401871 ; .text:004014A3p ...
.text:00401871
.text:00401871 pdwDst= dword ptr 8
.text:00401871 pdwSrc= dword ptr 0Ch
.text:00401871
.text:00401871 push ebp
.text:00401872 mov ebp, esp
.text:00401874 mov eax, [ebp+8]
.text:00401877 mov edx, [ebp+0Ch]
.text:0040187A cmp dword ptr [ebp+0Ch], 0
.text:0040187E jnz short loc_40188F
.text:0040187E
.text:00401880 mov ebx, HandlerIndex+1
.text:00401886 add OpcodeIndex, 2
.text:0040188D jmp short loc_401891
.text:0040188D
.text:0040188F ; ---------------------------------------------------------------------------
.text:0040188F
.text:0040188F loc_40188F: ; CODE XREF: MoveTwoIntoOne+Dj
.text:0040188F mov ebx, [edx]
.text:0040188F
.text:00401891
.text:00401891 loc_401891: ; CODE XREF: MoveTwoIntoOne+1Cj
.text:00401891 mov [eax], bx
.text:00401894 leave
.text:00401895 retn 8
.text:00401895
.text:00401895 MoveTwoIntoOne endp
.text:00401895
.text:00401898
.text:00401898 ; =============== S U B R O U T I N E =======================================
.text:00401898
.text:00401898 ; Attributes: bp-based frame
.text:00401898
.text:00401898 ; void __stdcall ImitateIncHandler(PDWORD pdwValue)
.text:00401898 ImitateIncHandler proc near ; CODE XREF: .text:004015C9p
.text:00401898 ; .text:004015DEp ...
.text:00401898
.text:00401898 pdwValue= dword ptr 8
.text:00401898
.text:00401898 push ebp
.text:00401899 mov ebp, esp
.text:0040189B mov eax, [ebp+pdwValue]
.text:0040189E mov ebx, [eax]
.text:004018A0 inc ebx
.text:004018A1 mov [eax], ebx
.text:004018A3 leave
.text:004018A4 retn 4
.text:004018A4
.text:004018A4 ImitateIncHandler endp
.text:004018A4
.text:004018A7
.text:004018A7 ; =============== S U B R O U T I N E =======================================
.text:004018A7
.text:004018A7 ; Attributes: bp-based frame
.text:004018A7
.text:004018A7 ; void __stdcall ImitateDecHandler(PDWORD pdwValue)
.text:004018A7 ImitateDecHandler proc near ; CODE XREF: .text:00401636p
.text:004018A7 ; .text:0040164Bp ...
.text:004018A7
.text:004018A7 pdwValue= dword ptr 8
.text:004018A7
.text:004018A7 push ebp
.text:004018A8 mov ebp, esp
.text:004018AA mov eax, [ebp+pdwValue]
.text:004018AD mov ebx, [eax]
.text:004018AF dec ebx
.text:004018B0 mov [eax], ebx
.text:004018B2 leave
.text:004018B3 retn 4
.text:004018B3
.text:004018B3 ImitateDecHandler endp
.text:004018B3
.text:004018B6
.text:004018B6 ; =============== S U B R O U T I N E =======================================
.text:004018B6
.text:004018B6 ; Attributes: bp-based frame
.text:004018B6
.text:004018B6 ; void __stdcall ImitateAndHandler(PDWORD pdwValue, int NoUse)
.text:004018B6 ImitateAndHandler proc near ; CODE XREF: .text:004016A5p
.text:004018B6
.text:004018B6 pdwValue= dword ptr 8
.text:004018B6 NoUse= dword ptr 0Ch
.text:004018B6
.text:004018B6 push ebp
.text:004018B7 mov ebp, esp
.text:004018B9 mov eax, [ebp+8]
.text:004018BC mov ebx, [eax]
.text:004018BE mov ecx, HandlerIndex+1
.text:004018C4 add OpcodeIndex, 2
.text:004018CB and bx, cx
.text:004018CE mov [eax], bx
.text:004018D1 leave
.text:004018D2 retn 8
.text:004018D2
.text:004018D2 ImitateAndHandler endp
.text:004018D2
.text:004018D5
.text:004018D5 ; =============== S U B R O U T I N E =======================================
.text:004018D5
.text:004018D5 ; Attributes: bp-based frame
.text:004018D5
.text:004018D5 ; void __stdcall ImitateOrHandler(PDWORD pdwValue, int NoUse)
.text:004018D5 ImitateOrHandler proc near ; CODE XREF: .text:004016D5p
.text:004018D5
.text:004018D5 pdwValue= dword ptr 8
.text:004018D5 NoUse= dword ptr 0Ch
.text:004018D5
.text:004018D5 push ebp
.text:004018D6 mov ebp, esp
.text:004018D8 mov eax, [ebp+pdwValue]
.text:004018DB mov ebx, [eax]
.text:004018DD mov ecx, HandlerIndex+1
.text:004018E3 add OpcodeIndex, 2
.text:004018EA or bx, cx
.text:004018ED mov [eax], ebx
.text:004018EF leave
.text:004018F0 retn 8
.text:004018F0
.text:004018F0 ImitateOrHandler endp
.text:004018F0
.text:004018F3
.text:004018F3 ; =============== S U B R O U T I N E =======================================
.text:004018F3
.text:004018F3 ; Attributes: bp-based frame
.text:004018F3
.text:004018F3 ; void __stdcall ImitateXorHandler(DWORD dwValueA, DWORD dwValueB)
.text:004018F3 ImitateXorHandler proc near ; CODE XREF: .text:0040170Ep
.text:004018F3 ; .text:0040172Ap ...
.text:004018F3
.text:004018F3 dwValueA= dword ptr 8
.text:004018F3 dwValueB= dword ptr 0Ch
.text:004018F3
.text:004018F3 push ebp
.text:004018F4 mov ebp, esp
.text:004018F6 mov eax, [ebp+8]
.text:004018F9 mov ebx, [ebp+0Ch]
.text:004018FC cmp dword ptr [ebp+0Ch], 0
.text:00401900 jnz short loc_40190F
.text:00401900
.text:00401902 mov ebx, HandlerIndex+1
.text:00401908 add OpcodeIndex, 2
.text:00401908
.text:0040190F
.text:0040190F loc_40190F: ; CODE XREF: ImitateXorHandler+Dj
.text:0040190F xor eax, ebx
.text:00401911 xchg eax, VM_EAX
.text:00401917 leave
.text:00401918 retn 8
.text:00401918
.text:00401918 ImitateXorHandler endp
.text:00401918
.text:0040191B
.text:0040191B ; =============== S U B R O U T I N E =======================================
.text:0040191B
.text:0040191B
.text:0040191B ; void __cdecl EqualSerialForVM()
.text:0040191B EqualSerialForVM proc near ; CODE XREF: .text:004017E3p
.text:0040191B mov eax, VM_EAX
.text:00401920 cmp al, 21h
.text:00401922 jnb short loc_401926
.text:00401922
.text:00401924 add al, 21h
.text:00401924
.text:00401926
.text:00401926 loc_401926: ; CODE XREF: EqualSerialForVM+7j
.text:00401926 lea ebx, KeyCode
.text:0040192C mov cl, KeyIndex
.text:00401932 mov dl, [ecx+ebx]
.text:00401935 cmp al, dl ; 比较是否一样
.text:00401937 jz short RegNext
.text:00401937
.text:00401939 push 0 ; uType
.text:0040193B push offset aFuelvm ; "FuelVM"
.text:00401940 push offset Text ; "The key is wrong."
.text:00401945 push 0 ; hWnd
.text:00401947 call MessageBoxA
.text:00401947
.text:0040194C mov ebx, 0FFh
.text:00401951 retn
.text:00401951
.text:00401952 ; ---------------------------------------------------------------------------
.text:00401952
.text:00401952 RegNext: ; CODE XREF: EqualSerialForVM+1Cj
.text:00401952 mov al, KeyIndex ; FOR循环索引
.text:00401957 mov ah, UserLen
.text:0040195D cmp al, ah
.text:0040195F jnb short RegSuccess ; 比较循环次数
.text:0040195F
.text:00401961 call InitializeVM
.text:00401961
.text:00401966 jmp short locret_401980 ; 继续循环
.text:00401966
.text:00401968 ; ---------------------------------------------------------------------------
.text:00401968
.text:00401968 RegSuccess: ; CODE XREF: EqualSerialForVM+44j
.text:00401968 push 0 ; uType
.text:0040196A push offset aFuelvm ; "FuelVM"
.text:0040196F push offset aGoodJobNowWrit ; "Good job! Now write a keygen."
.text:00401974 push 0 ; hWnd
.text:00401976 call MessageBoxA
.text:00401976
.text:0040197B mov ebx, 0FFh
.text:0040197B
.text:00401980
.text:00401980 locret_401980: ; CODE XREF: EqualSerialForVM+4Bj
.text:00401980 retn
.text:00401980
.text:00401980 EqualSerialForVM endp
.text:00401980
.text:00401981
.text:00401981 ; =============== S U B R O U T I N E =======================================
.text:00401981
.text:00401981 ; Attributes: bp-based frame
.text:00401981
.text:00401981 ; void __stdcall AddOneToOpcodeIndex(DWORD deValue)
.text:00401981 AddOneToOpcodeIndex proc near ; CODE XREF: .text:0040178Dp
.text:00401981
.text:00401981 deValue= dword ptr 8
.text:00401981
.text:00401981 push ebp
.text:00401982 mov ebp, esp
.text:00401984 mov eax, [ebp+8]
.text:00401987 add OpcodeIndex, eax
.text:0040198D leave
.text:0040198E retn 4
.text:0040198E
.text:0040198E AddOneToOpcodeIndex endp
.text:0040198E
.text:00401991
.text:00401991 ; =============== S U B R O U T I N E =======================================
.text:00401991
.text:00401991 ; Attributes: bp-based frame
.text:00401991
.text:00401991 ; void __stdcall IsAddOneToOpcodeIndex(DWORD dwValue)
.text:00401991 IsAddOneToOpcodeIndex proc near ; CODE XREF: .text:0040179Fp
.text:00401991
.text:00401991 dwValue= dword ptr 8
.text:00401991
.text:00401991 push ebp
.text:00401992 mov ebp, esp
.text:00401994 cmp VM_ZF, 1
.text:0040199B jnz short loc_4019A6
.text:0040199B
.text:0040199D mov eax, [ebp+8]
.text:004019A0 add OpcodeIndex, eax
.text:004019A0
.text:004019A6
.text:004019A6 loc_4019A6: ; CODE XREF: IsAddOneToOpcodeIndex+Aj
.text:004019A6 add OpcodeIndex, 1
.text:004019AD leave
.text:004019AE retn 4
.text:004019AE
.text:004019AE IsAddOneToOpcodeIndex endp
.text:004019AE
.text:004019B1
.text:004019B1 ; =============== S U B R O U T I N E =======================================
.text:004019B1
.text:004019B1 ; Attributes: bp-based frame
.text:004019B1
.text:004019B1 ; void __stdcall IsAddOneToOpcodeIndexA(DWORD dwValue)
.text:004019B1 IsAddOneToOpcodeIndexA proc near ; CODE XREF: .text:004017B1p
.text:004019B1
.text:004019B1 dwValue= dword ptr 8
.text:004019B1
.text:004019B1 push ebp
.text:004019B2 mov ebp, esp
.text:004019B4 cmp VM_ZF, 0
.text:004019BB jnz short loc_4019CF
.text:004019BB
.text:004019BD cmp VM_SF, 1
.text:004019C4 jnz short loc_4019CF
.text:004019C4
.text:004019C6 mov eax, [ebp+8]
.text:004019C9 add OpcodeIndex, eax
.text:004019C9
.text:004019CF
.text:004019CF loc_4019CF: ; CODE XREF: IsAddOneToOpcodeIndexA+Aj
.text:004019CF ; IsAddOneToOpcodeIndexA+13j
.text:004019CF add OpcodeIndex, 1
.text:004019D6 leave
.text:004019D7 retn 4
.text:004019D7
.text:004019D7 IsAddOneToOpcodeIndexA endp
.text:004019D7
.text:004019DA
.text:004019DA ; =============== S U B R O U T I N E =======================================
.text:004019DA
.text:004019DA ; Attributes: bp-based frame
.text:004019DA
.text:004019DA IsAddOneToOpcodeIndexB proc near ; CODE XREF: .text:004017C3p
.text:004019DA
.text:004019DA arg_0= dword ptr 8
.text:004019DA
.text:004019DA push ebp
.text:004019DB mov ebp, esp
.text:004019DD cmp VM_ZF, 0
.text:004019E4 jnz short loc_4019F8
.text:004019E4
.text:004019E6 cmp VM_SF, 0
.text:004019ED jnz short loc_4019F8
.text:004019ED
.text:004019EF mov eax, [ebp+8]
.text:004019F2 add OpcodeIndex, eax
.text:004019F2
.text:004019F8
.text:004019F8 loc_4019F8: ; CODE XREF: IsAddOneToOpcodeIndexB+Aj
.text:004019F8 ; IsAddOneToOpcodeIndexB+13j
.text:004019F8 add OpcodeIndex, 1
.text:004019FF leave
.text:00401A00 retn 4
.text:00401A00
.text:00401A00 IsAddOneToOpcodeIndexB endp
.text:00401A00
.text:00401A03
.text:00401A03 ; =============== S U B R O U T I N E =======================================
.text:00401A03
.text:00401A03 ; Attributes: bp-based frame
.text:00401A03
.text:00401A03 ; void __stdcall ImitateMemcmp(DWORD dwValueA, DWORD dwValueB)
.text:00401A03 ImitateMemcmp proc near ; CODE XREF: .text:0040153Bp
.text:00401A03 ; .text:00401553p ...
.text:00401A03
.text:00401A03 dwValueA= dword ptr 8
.text:00401A03 dwValueB= dword ptr 0Ch
.text:00401A03
.text:00401A03 push ebp
.text:00401A04 mov ebp, esp
.text:00401A06 mov eax, [ebp+dwValueA]
.text:00401A09 mov ebx, [ebp+dwValueB]
.text:00401A0C cmp [ebp+dwValueB], 0
.text:00401A10 jnz short loc_401A2E
.text:00401A10
.text:00401A12 xor ebx, ebx
.text:00401A14 mov ecx, OpcodeIndex
.text:00401A1A mov ebx, HandlerIndex+1
.text:00401A20 add OpcodeIndex, 1
.text:00401A27 add OpcodeIndex, 1
.text:00401A27
.text:00401A2E
.text:00401A2E loc_401A2E: ; CODE XREF: ImitateMemcmp+Dj
.text:00401A2E cmp ax, bx
.text:00401A31 jl short loc_401A37
.text:00401A31
.text:00401A33 jg short loc_401A49
.text:00401A33
.text:00401A35 jz short loc_401A5B
.text:00401A35
.text:00401A37
.text:00401A37 loc_401A37: ; CODE XREF: ImitateMemcmp+2Ej
.text:00401A37 mov VM_SF, 1
.text:00401A3E mov VM_ZF, 0
.text:00401A45 leave
.text:00401A46 retn 8
.text:00401A46
.text:00401A49 ; ---------------------------------------------------------------------------
.text:00401A49
.text:00401A49 loc_401A49: ; CODE XREF: ImitateMemcmp+30j
.text:00401A49 mov VM_SF, 0
.text:00401A50 mov VM_ZF, 0
.text:00401A57 leave
.text:00401A58 retn 8
.text:00401A58
.text:00401A5B ; ---------------------------------------------------------------------------
.text:00401A5B
.text:00401A5B loc_401A5B: ; CODE XREF: ImitateMemcmp+32j
.text:00401A5B mov VM_SF, 0
.text:00401A62 mov VM_ZF, 1
.text:00401A69 leave
.text:00401A6A retn 8
.text:00401A6A
.text:00401A6A ImitateMemcmp endp
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
