程序很小,mole的壳已经脱去,现在卡在功能限制上了,是我太菜,还是程序本身就是假的?
占用路过的大侠几分钟帮我分析下,多谢。
00412160 . B8 70170000 MOV EAX,1770
00412165 . E8 B6270100 CALL ty.00424920
0041216A . 8B8424 781700>MOV EAX,DWORD PTR SS:[ESP+1778]
00412171 . 53 PUSH EBX
00412172 . 56 PUSH ESI
00412173 . 8BF0 MOV ESI,EAX
00412175 . 25 FFFF0000 AND EAX,0FFFF
0041217A . 57 PUSH EDI
0041217B . C1EE 10 SHR ESI,10
0041217E . 48 DEC EAX ; Switch (cases 1..20)
0041217F . 8BD9 MOV EBX,ECX
00412181 . 0F84 89000000 JE ty.00412210
00412187 . 83E8 0F SUB EAX,0F
0041218A . 74 3D JE SHORT ty.004121C9
0041218C . 83E8 10 SUB EAX,10
0041218F . 0F85 AE000000 JNZ ty.00412243
00412195 . 8B83 4C020000 MOV EAX,DWORD PTR DS:[EBX+24C] ; Case 20 of switch 0041217E
0041219B . 33FF XOR EDI,EDI
0041219D . 50 PUSH EAX ; /Socket
0041219E . 89BB 50020000 MOV DWORD PTR DS:[EBX+250],EDI ; |
004121A4 . FF15 10964200 CALL DWORD PTR DS:[<&WS2_32.#3>] ; \closesocket
004121AA . 57 PUSH EDI
004121AB . 57 PUSH EDI
004121AC . 68 E4784700 PUSH ty.004778E4 ; [COLOR="Red"]验证中心连接失败,请重新登录[/COLOR]
004121B1 . 893D CC376400 MOV DWORD PTR DS:[6437CC],EDI
004121B7 . 893D D0376400 MOV DWORD PTR DS:[6437D0],EDI
004121BD . E8 4C240100 CALL <JMP.&MFC42.#1200>
004121C2 . 57 PUSH EDI ; /status
004121C3 . FF15 E0944200 CALL DWORD PTR DS:[<&MSVCRT._exit>] ; \_exit
004121C9 > 33FF XOR EDI,EDI ; Case 10 of switch 0041217E
004121CB . 3BF7 CMP ESI,EDI
004121CD . 75 22 JNZ SHORT ty.004121F1
004121CF . 8BCB MOV ECX,EBX
004121D1 . C783 50020000>MOV DWORD PTR DS:[EBX+250],1
004121DB . E8 B0030000 CALL ty.00412590
004121E0 . 5F POP EDI
004121E1 . 5E POP ESI
004121E2 . B8 01000000 MOV EAX,1
004121E7 . 5B POP EBX
004121E8 . 81C4 70170000 ADD ESP,1770
004121EE . C2 0800 RETN 8
004121F1 > 57 PUSH EDI
004121F2 . 57 PUSH EDI
004121F3 . 68 D0784700 PUSH ty.004778D0 ; [COLOR="red"]验证中心连接失败![/COLOR]
004121F8 . 893D CC376400 MOV DWORD PTR DS:[6437CC],EDI
004121FE . 893D D0376400 MOV DWORD PTR DS:[6437D0],EDI
00412204 . E8 05240100 CALL <JMP.&MFC42.#1200>
00412209 . 57 PUSH EDI ; /status
0041220A . FF15 E0944200 CALL DWORD PTR DS:[<&MSVCRT._exit>] ; \_exit
00412210 > 8B93 4C020000 MOV EDX,DWORD PTR DS:[EBX+24C] ; Case 1 of switch 0041217E
00412216 . B9 DC050000 MOV ECX,5DC
0041221B . 33C0 XOR EAX,EAX
0041221D . 8D7C24 0C LEA EDI,DWORD PTR SS:[ESP+C]
00412221 . F3:AB REP STOS DWORD PTR ES:[EDI]
00412223 . 50 PUSH EAX ; /Flags => 0
00412224 . 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10] ; |
00412228 . 68 70170000 PUSH 1770 ; |BufSize = 1770 (6000.)
0041222D . 51 PUSH ECX ; |Buffer
0041222E . 52 PUSH EDX ; |Socket
0041222F . FF15 30964200 CALL DWORD PTR DS:[<&WS2_32.#16>] ; \recv
00412235 . 56 PUSH ESI
00412236 . 50 PUSH EAX
00412237 . 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+14]
0041223B . 8BCB MOV ECX,EBX
0041223D . 50 PUSH EAX
0041223E . E8 DD0D0000 CALL ty.00413020
00412243 > 5F POP EDI ; Default case of switch 0041217E
00412244 . 5E POP ESI
00412245 . B8 01000000 MOV EAX,1
0041224A . 5B POP EBX
0041224B . 81C4 70170000 ADD ESP,1770
00412251 . C2 0800 RETN 8
00412254 90 NOP
00412255 90 NOP
00412256 90 NOP
00412257 90 NOP
00412258 90 NOP
00412259 90 NOP
0041225A 90 NOP
0041225B 90 NOP
0041225C 90 NOP
0041225D 90 NOP
0041225E 90 NOP
0041225F 90 NOP
00412260 . B8 70170000 MOV EAX,1770
00412265 . E8 B6260100 CALL ty.00424920
0041226A . 8B8424 781700>MOV EAX,DWORD PTR SS:[ESP+1778]
00412271 . 53 PUSH EBX
00412272 . 56 PUSH ESI
00412273 . 8BF0 MOV ESI,EAX
00412275 . 25 FFFF0000 AND EAX,0FFFF
0041227A . 8BD9 MOV EBX,ECX
0041227C . C1EE 10 SHR ESI,10
0041227F . 48 DEC EAX ; Switch (cases 1..20)
00412280 . 74 5E JE SHORT ty.004122E0
00412282 . 83E8 0F SUB EAX,0F
00412285 . 74 33 JE SHORT ty.004122BA
00412287 . 83E8 10 SUB EAX,10
0041228A . 75 1E JNZ SHORT ty.004122AA
0041228C . 8B83 40020000 MOV EAX,DWORD PTR DS:[EBX+240] ; Case 20 of switch 0041227F
00412292 . C783 3C020000>MOV DWORD PTR DS:[EBX+23C],0
0041229C . 50 PUSH EAX ; /Socket
0041229D . FF15 10964200 CALL DWORD PTR DS:[<&WS2_32.#3>] ; \closesocket
004122A3 . C605 C0376400>MOV BYTE PTR DS:[6437C0],2
004122AA > 5E POP ESI ; Default case of switch 0041227F
004122AB . B8 01000000 MOV EAX,1
004122B0 . 5B POP EBX
004122B1 . 81C4 70170000 ADD ESP,1770
004122B7 . C2 0800 RETN 8
004122BA > 85F6 TEST ESI,ESI ; Case 10 of switch 0041227F
004122BC . 75 0A JNZ SHORT ty.004122C8
004122BE . C783 3C020000>MOV DWORD PTR DS:[EBX+23C],1
004122C8 > 56 PUSH ESI
004122C9 . 8BCB MOV ECX,EBX
004122CB . E8 60000000 CALL ty.00412330
004122D0 . 5E POP ESI
004122D1 . B8 01000000 MOV EAX,1
004122D6 . 5B POP EBX
004122D7 . 81C4 70170000 ADD ESP,1770
004122DD . C2 0800 RETN 8
004122E0 > 8B93 40020000 MOV EDX,DWORD PTR DS:[EBX+240] ; Case 1 of switch 0041227F
004122E6 . 57 PUSH EDI
004122E7 . B9 DC050000 MOV ECX,5DC
004122EC . 33C0 XOR EAX,EAX
004122EE . 8D7C24 0C LEA EDI,DWORD PTR SS:[ESP+C]
004122F2 . 50 PUSH EAX ; /Flags => 0
004122F3 . F3:AB REP STOS DWORD PTR ES:[EDI] ; |
004122F5 . 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10] ; |
004122F9 . 68 70170000 PUSH 1770 ; |BufSize = 1770 (6000.)
004122FE . 51 PUSH ECX ; |Buffer
004122FF . 52 PUSH EDX ; |Socket
00412300 . FF15 30964200 CALL DWORD PTR DS:[<&WS2_32.#16>] ; \recv
00412306 . 56 PUSH ESI
00412307 . 50 PUSH EAX
00412308 . 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+14]
0041230C . 8BCB MOV ECX,EBX
0041230E . 50 PUSH EAX
0041230F . E8 8C050000 CALL ty.004128A0
00412314 . 5F POP EDI
00412315 . 5E POP ESI
00412316 . B8 01000000 MOV EAX,1
0041231B . 5B POP EBX
0041231C . 81C4 70170000 ADD ESP,1770
00412322 . C2 0800 RETN 8
00412325 90 NOP
00412326 90 NOP
00412327 90 NOP
00412328 90 NOP
00412329 90 NOP
0041232A 90 NOP
0041232B 90 NOP
0041232C 90 NOP
0041232D 90 NOP
0041232E 90 NOP
0041232F 90 NOP
00412330 /$ 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00412336 |. 6A FF PUSH -1
00412338 |. 68 78734200 PUSH ty.00427378
0041233D |. 50 PUSH EAX
0041233E |. 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10]
00412342 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
00412349 |. 56 PUSH ESI
0041234A |. 8BF1 MOV ESI,ECX
0041234C |. 85C0 TEST EAX,EAX
0041234E |. 74 19 JE SHORT ty.00412369
00412350 |. C605 C0376400>MOV BYTE PTR DS:[6437C0],2
00412357 |. 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4]
0041235B |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
00412362 |. 5E POP ESI
00412363 |. 83C4 0C ADD ESP,0C
00412366 |. C2 0400 RETN 4
00412369 |> C605 C0376400>MOV BYTE PTR DS:[6437C0],3
00412370 |. 8B86 38020000 MOV EAX,DWORD PTR DS:[ESI+238]
00412376 |. 85C0 TEST EAX,EAX
00412378 |. 74 35 JE SHORT ty.004123AF
0041237A |. 6A 00 PUSH 0
0041237C |. 6A 00 PUSH 0
0041237E |. 68 FF000000 PUSH 0FF
00412383 |. 51 PUSH ECX
00412384 |. 8BCC MOV ECX,ESP
00412386 |. 896424 24 MOV DWORD PTR SS:[ESP+24],ESP
0041238A |. 68 14794700 PUSH ty.00477914 ; [COLOR="red"] [系统]:与服务器连接成功!\r\n[/COLOR]
0041238F |. E8 C81F0100 CALL <JMP.&MFC42.#537>
00412394 |. C74424 1C FFF>MOV DWORD PTR SS:[ESP+1C],-1
0041239C |. E8 FFA4FFFF CALL ty.0040C8A0
004123A1 |. 8B48 20 MOV ECX,DWORD PTR DS:[EAX+20] ; |
004123A4 |. 81C1 4C410000 ADD ECX,414C ; |
004123AA |. E8 710FFFFF CALL ty.00403320 ; \ty.00403320
004123AF |> 8BCE MOV ECX,ESI
004123B1 |. E8 3A000000 CALL ty.004123F0
004123B6 |. 6A 00 PUSH 0
004123B8 |. 6A 00 PUSH 0
004123BA |. 68 FFFFFF00 PUSH 0FFFFFF
004123BF |. 51 PUSH ECX
004123C0 |. 8BCC MOV ECX,ESP
004123C2 |. 896424 24 MOV DWORD PTR SS:[ESP+24],ESP
004123C6 |. 68 00794700 PUSH ty.00477900 ; [COLOR="red"]连接服务器成功![/COLOR]\r\n
004123CB |. E8 8C1F0100 CALL <JMP.&MFC42.#537>
004123D0 |. 8D8E F8040000 LEA ECX,DWORD PTR DS:[ESI+4F8] ; |
004123D6 |. E8 450FFFFF CALL ty.00403320 ; \ty.00403320
004123DB |. 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4]
004123DF |. 5E POP ESI
004123E0 |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
004123E7 |. 83C4 0C ADD ESP,0C
004123EA \. C2 0400 RETN 4
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)