软件名称 TurboGo v5.0
应用平台 Win95
软件类别 共享软件, 1171KB
下载地址 http://www.turbogo.com/zips/turbogo5.zip
功能限制
调试环境 Win2000: Ollydbg1.10
软件简介
一个有名的围棋人机对弈软件,棋力不是很强,但有很好的教学功能
OllyDbg 打开软件, Help -> Register Turbo 输入:
Name: blackeyes
Serial nr:012345678
下断点 bpx MessageBoxA
点击 OK, 拦截下来, Ctrl+F9, 返回到 0042DEC6
0042DE88 /$ 55 PUSH EBP
0042DE89 |. 8BEC MOV EBP,ESP
0042DE8B |. 83C4 F4 ADD ESP,-0C
0042DE8E |. 53 PUSH EBX
0042DE8F |. 56 PUSH ESI
0042DE90 |. 57 PUSH EDI
0042DE91 |. 8BF9 MOV EDI,ECX
0042DE93 |. 8BF2 MOV ESI,EDX
0042DE95 |. 8BD8 MOV EBX,EAX
0042DE97 |. E8 E883FDFF CALL <JMP.&user32.GetActiveWindow> ; [GetActiveWindow
0042DE9C |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0042DE9F |. 33C0 XOR EAX,EAX
0042DEA1 |. E8 629BFFFF CALL TURBOGO.00427A08
0042DEA6 |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
0042DEA9 |. 33C0 XOR EAX,EAX
0042DEAB |. 55 PUSH EBP
0042DEAC |. 68 E8DE4200 PUSH TURBOGO.0042DEE8
0042DEB1 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0042DEB4 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0042DEB7 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0042DEBA |. 50 PUSH EAX ; /Style
0042DEBB |. 57 PUSH EDI ; |Title
0042DEBC |. 56 PUSH ESI ; |Text
0042DEBD |. 8B43 24 MOV EAX,DWORD PTR DS:[EBX+24] ; |
0042DEC0 |. 50 PUSH EAX ; |hOwner
0042DEC1 |. E8 BE85FDFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0042DEC6 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX // 返回到这
0042DEC9 |. 33C0 XOR EAX,EAX
0042DECB |. 5A POP EDX
0042DECC |. 59 POP ECX
0042DECD |. 59 POP ECX
0042DECE |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0042DED1 |. 68 EFDE4200 PUSH TURBOGO.0042DEEF
0042DED6 |> 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0042DED9 |. E8 DA9BFFFF CALL TURBOGO.00427AB8
0042DEDE |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0042DEE1 |. 50 PUSH EAX ; /hWnd
0042DEE2 |. E8 4586FDFF CALL <JMP.&user32.SetActiveWindow> ; \SetActiveWindow
0042DEE7 \. C3 RETN
前面没有跳转, 判断不在这里, F8单步几次, 返回到 0047552A,
从0047552A 往上看, 很容易看到关键 CALL TURBOGO.0044E1B4
00475400 /. 55 PUSH EBP
00475401 |. 8BEC MOV EBP,ESP
00475403 |. 6A 00 PUSH 0
00475405 |. 53 PUSH EBX
00475406 |. 56 PUSH ESI
00475407 |. 8BD8 MOV EBX,EAX
00475409 |. 33C0 XOR EAX,EAX
0047540B |. 55 PUSH EBP
0047540C |. 68 40554700 PUSH TURBOGO.00475540
00475411 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
00475414 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00475417 |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
0047541A |. 8B83 E8010000 MOV EAX,DWORD PTR DS:[EBX+1E8]
00475420 |. E8 E38BFAFF CALL TURBOGO.0041E008
00475425 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00475428 |. E8 878DFDFF CALL TURBOGO.0044E1B4 ; // ******** F7
0047542D |. 84C0 TEST AL,AL
0047542F |. 0F84 CB000000 JE TURBOGO.00475500 ; 不能跳
00475435 |. A1 68A74900 MOV EAX,DWORD PTR DS:[49A768]
0047543A |. 8038 00 CMP BYTE PTR DS:[EAX],0
0047543D |. 0F85 B4000000 JNZ TURBOGO.004754F7
00475443 |. A1 68A74900 MOV EAX,DWORD PTR DS:[49A768]
00475448 |. C600 01 MOV BYTE PTR DS:[EAX],1
0047544B |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
0047544E |. 8B83 EC010000 MOV EAX,DWORD PTR DS:[EBX+1EC]
00475454 |. E8 AF8BFAFF CALL TURBOGO.0041E008
00475459 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0047545C |. A1 B4A54900 MOV EAX,DWORD PTR DS:[49A5B4]
00475461 |. E8 7EE6F8FF CALL TURBOGO.00403AE4
00475466 |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
00475469 |. 8B83 E8010000 MOV EAX,DWORD PTR DS:[EBX+1E8]
0047546F |. E8 948BFAFF CALL TURBOGO.0041E008
00475474 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00475477 |. A1 C0A44900 MOV EAX,DWORD PTR DS:[49A4C0]
0047547C |. E8 63E6F8FF CALL TURBOGO.00403AE4
00475481 |. 6A 40 PUSH 40
00475483 |. A1 D4A34900 MOV EAX,DWORD PTR DS:[49A3D4]
00475488 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0047548A |. E8 41EAF8FF CALL TURBOGO.00403ED0
0047548F |. 50 PUSH EAX
00475490 |. A1 B8A44900 MOV EAX,DWORD PTR DS:[49A4B8]
00475495 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00475497 |. E8 34EAF8FF CALL TURBOGO.00403ED0
0047549C |. 8BD0 MOV EDX,EAX
0047549E |. A1 00A44900 MOV EAX,DWORD PTR DS:[49A400]
004754A3 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004754A5 |. 59 POP ECX
004754A6 |. E8 DD89FBFF CALL TURBOGO.0042DE88
004754AB |. B9 54554700 MOV ECX,TURBOGO.00475554 ; ASCII "TURBOGO.INI"
004754B0 |. B2 01 MOV DL,1
004754B2 |. A1 F8EB4200 MOV EAX,DWORD PTR DS:[42EBF8]
004754B7 |. E8 9897FBFF CALL TURBOGO.0042EC54
004754BC |. 8BF0 MOV ESI,EAX
004754BE |. A1 B4A54900 MOV EAX,DWORD PTR DS:[49A5B4]
004754C3 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004754C5 |. 50 PUSH EAX
004754C6 |. B9 68554700 MOV ECX,TURBOGO.00475568 ; ASCII "RegisterName"
004754CB |. BA 80554700 MOV EDX,TURBOGO.00475580 ; ASCII "Register"
004754D0 |. 8BC6 MOV EAX,ESI
004754D2 |. E8 1198FBFF CALL TURBOGO.0042ECE8
004754D7 |. A1 C0A44900 MOV EAX,DWORD PTR DS:[49A4C0]
004754DC |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004754DE |. 50 PUSH EAX
004754DF |. B9 94554700 MOV ECX,TURBOGO.00475594 ; ASCII "RegisterNumber"
004754E4 |. BA 80554700 MOV EDX,TURBOGO.00475580 ; ASCII "Register"
004754E9 |. 8BC6 MOV EAX,ESI
004754EB |. E8 F897FBFF CALL TURBOGO.0042ECE8
004754F0 |. 8BC6 MOV EAX,ESI
004754F2 |. E8 C5DAF8FF CALL TURBOGO.00402FBC
004754F7 |> 8BC3 MOV EAX,EBX
004754F9 |. E8 8E67FBFF CALL TURBOGO.0042BC8C
004754FE |. EB 2A JMP SHORT TURBOGO.0047552A
00475500 |> 6A 30 PUSH 30
00475502 |. A1 30A44900 MOV EAX,DWORD PTR DS:[49A430]
00475507 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00475509 |. E8 C2E9F8FF CALL TURBOGO.00403ED0
0047550E |. 50 PUSH EAX
0047550F |. A1 A0A54900 MOV EAX,DWORD PTR DS:[49A5A0]
00475514 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00475516 |. E8 B5E9F8FF CALL TURBOGO.00403ED0
0047551B |. 8BD0 MOV EDX,EAX
0047551D |. A1 00A44900 MOV EAX,DWORD PTR DS:[49A400]
00475522 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00475524 |. 59 POP ECX
00475525 |. E8 5E89FBFF CALL TURBOGO.0042DE88
0047552A |> 33C0 XOR EAX,EAX ; // 返回到这
0047552C |. 5A POP EDX
0047552D |. 59 POP ECX
0047552E |. 59 POP ECX
0047552F |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
00475532 |. 68 47554700 PUSH TURBOGO.00475547
00475537 |> 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0047553A |. E8 51E5F8FF CALL TURBOGO.00403A90
0047553F \. C3 RETN
00475540 .^ E9 EFDFF8FF JMP TURBOGO.00403534
00475545 .^ EB F0 JMP SHORT TURBOGO.00475537
00475547 . 5E POP ESI
00475548 . 5B POP EBX
00475549 . 59 POP ECX
0047554A . 5D POP EBP
0047554B . C3 RETN
F2 在0044E1B4 下断, 重新再来一次
0044E1B4 /$ 55 PUSH EBP
0044E1B5 |. 8BEC MOV EBP,ESP
0044E1B7 |. 83C4 C0 ADD ESP,-40
0044E1BA |. 53 PUSH EBX
0044E1BB |. 56 PUSH ESI
0044E1BC |. 57 PUSH EDI
0044E1BD |. 33D2 XOR EDX,EDX
0044E1BF |. 8955 C8 MOV DWORD PTR SS:[EBP-38],EDX
0044E1C2 |. 8955 EC MOV DWORD PTR SS:[EBP-14],EDX
0044E1C5 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX ; 假码, SN="012345678"
0044E1C8 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0044E1CB |. E8 F05CFBFF CALL TURBOGO.00403EC0
0044E1D0 |. 33C0 XOR EAX,EAX
0044E1D2 |. 55 PUSH EBP
0044E1D3 |. 68 09E44400 PUSH TURBOGO.0044E409
0044E1D8 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0044E1DB |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0044E1DE |. C645 F9 35 MOV BYTE PTR SS:[EBP-7],35 ; '5'
0044E1E2 |. C645 FA 59 MOV BYTE PTR SS:[EBP-6],59 ; 'Y'
0044E1E6 |. C645 FB 49 MOV BYTE PTR SS:[EBP-5],49 ; 'I'
0044E1EA |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0044E1ED |. E8 1A5BFBFF CALL TURBOGO.00403D0C
0044E1F2 |. 83F8 09 CMP EAX,9
0044E1F5 |. 74 09 JE SHORT TURBOGO.0044E200 ; 假码长度==9?
0044E1F7 |. C645 EB 00 MOV BYTE PTR SS:[EBP-15],0 ; 0 = invalid
0044E1FB |. E9 A9010000 JMP TURBOGO.0044E3A9
0044E200 |> C645 EB 01 MOV BYTE PTR SS:[EBP-15],1 ; 1 = OK
0044E204 |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
0044E207 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0044E20A |. 8A12 MOV DL,BYTE PTR DS:[EDX] ; SN[0]
0044E20C |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
0044E20F |. C600 01 MOV BYTE PTR DS:[EAX],1
0044E212 |. 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
0044E215 |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
0044E218 |. E8 6748FBFF CALL TURBOGO.00402A84
0044E21D |. 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
0044E220 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0044E223 |. 8A52 06 MOV DL,BYTE PTR DS:[EDX+6] ; SN[6]
0044E226 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
0044E229 |. C600 01 MOV BYTE PTR DS:[EAX],1
0044E22C |. 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0044E22F |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
0044E232 |. B1 02 MOV CL,2
0044E234 |. E8 1B48FBFF CALL TURBOGO.00402A54
0044E239 |. 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
0044E23C |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0044E23F |. E8 4048FBFF CALL TURBOGO.00402A84
0044E244 |. 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
0044E247 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0044E24A |. 8A52 05 MOV DL,BYTE PTR DS:[EDX+5] ; SN[5]
0044E24D |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
0044E250 |. C600 01 MOV BYTE PTR DS:[EAX],1
0044E253 |. 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0044E256 |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0044E259 |. B1 03 MOV CL,3
0044E25B |. E8 F447FBFF CALL TURBOGO.00402A54
0044E260 |. 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34] ; SN[0,6,5]
0044E263 |. 8D45 DF LEA EAX,DWORD PTR SS:[EBP-21]
0044E266 |. B1 03 MOV CL,3
0044E268 |. E8 3348FBFF CALL TURBOGO.00402AA0
0044E26D |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
0044E270 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0044E273 |. 8A52 04 MOV DL,BYTE PTR DS:[EDX+4] ; SN[4]
0044E276 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
0044E279 |. C600 01 MOV BYTE PTR DS:[EAX],1
0044E27C |. 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
0044E27F |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
0044E282 |. E8 FD47FBFF CALL TURBOGO.00402A84
0044E287 |. 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
0044E28A |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0044E28D |. 8A52 07 MOV DL,BYTE PTR DS:[EDX+7] ; SN[7]
0044E290 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
0044E293 |. C600 01 MOV BYTE PTR DS:[EAX],1
0044E296 |. 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0044E299 |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
0044E29C |. B1 02 MOV CL,2
0044E29E |. E8 B147FBFF CALL TURBOGO.00402A54
0044E2A3 |. 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
0044E2A6 |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0044E2A9 |. E8 D647FBFF CALL TURBOGO.00402A84
0044E2AE |. 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
0044E2B1 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0044E2B4 |. 8A52 01 MOV DL,BYTE PTR DS:[EDX+1] ; SN[1]
0044E2B7 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
0044E2BA |. C600 01 MOV BYTE PTR DS:[EAX],1
0044E2BD |. 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0044E2C0 |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0044E2C3 |. B1 03 MOV CL,3
0044E2C5 |. E8 8A47FBFF CALL TURBOGO.00402A54
0044E2CA |. 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34] ; SN[4,7,1]
0044E2CD |. 8D45 E3 LEA EAX,DWORD PTR SS:[EBP-1D]
0044E2D0 |. B1 03 MOV CL,3
0044E2D2 |. E8 C947FBFF CALL TURBOGO.00402AA0
0044E2D7 |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
0044E2DA |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0044E2DD |. 8A52 08 MOV DL,BYTE PTR DS:[EDX+8] ; SN[8]
0044E2E0 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
0044E2E3 |. C600 01 MOV BYTE PTR DS:[EAX],1
0044E2E6 |. 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
0044E2E9 |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
0044E2EC |. E8 9347FBFF CALL TURBOGO.00402A84
0044E2F1 |. 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
0044E2F4 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0044E2F7 |. 8A52 02 MOV DL,BYTE PTR DS:[EDX+2] ; SN[2]
0044E2FA |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
0044E2FD |. C600 01 MOV BYTE PTR DS:[EAX],1
0044E300 |. 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0044E303 |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
0044E306 |. B1 02 MOV CL,2
0044E308 |. E8 4747FBFF CALL TURBOGO.00402A54
0044E30D |. 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
0044E310 |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0044E313 |. E8 6C47FBFF CALL TURBOGO.00402A84
0044E318 |. 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
0044E31B |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0044E31E |. 8A52 03 MOV DL,BYTE PTR DS:[EDX+3] ; SN[3]
0044E321 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
0044E324 |. C600 01 MOV BYTE PTR DS:[EAX],1
0044E327 |. 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0044E32A |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0044E32D |. B1 03 MOV CL,3
0044E32F |. E8 2047FBFF CALL TURBOGO.00402A54
0044E334 |. 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34] ; SN[8,2,3]
0044E337 |. 8D45 E7 LEA EAX,DWORD PTR SS:[EBP-19]
0044E33A |. B1 03 MOV CL,3
0044E33C |. E8 5F47FBFF CALL TURBOGO.00402AA0
0044E341 |. B3 03 MOV BL,3 ; 循环 3 次
0044E343 |. 8D7D DF LEA EDI,DWORD PTR SS:[EBP-21]
0044E346 |. 8D75 F9 LEA ESI,DWORD PTR SS:[EBP-7] ; "5YI"
0044E349 |> 8D45 C8 /LEA EAX,DWORD PTR SS:[EBP-38]
0044E34C |. 8BD7 |MOV EDX,EDI
0044E34E |. E8 5D59FBFF |CALL TURBOGO.00403CB0
0044E353 |. 8B45 C8 |MOV EAX,DWORD PTR SS:[EBP-38] ; SN[0,6,5]
0044E356 |. 8D55 F0 |LEA EDX,DWORD PTR SS:[EBP-10]
0044E359 |. E8 0A49FBFF |CALL TURBOGO.00402C68 ; num1=atoi()?
0044E35E |. 8945 F4 |MOV DWORD PTR SS:[EBP-C],EAX ; num1=>[EBP-C]
0044E361 |. 837D F0 00 |CMP DWORD PTR SS:[EBP-10],0 ; atoi() Error?
0044E365 |. 75 36 |JNZ SHORT TURBOGO.0044E39D ; 不能跳
0044E367 |. DB45 F4 |FILD DWORD PTR SS:[EBP-C] ; (float)num1
0044E36A |. 33C0 |XOR EAX,EAX
0044E36C |. 8A06 |MOV AL,BYTE PTR DS:[ESI] ; num2="5", "Y", "I"
0044E36E |. 8945 CC |MOV DWORD PTR SS:[EBP-34],EAX
0044E371 |. DB45 CC |FILD DWORD PTR SS:[EBP-34] ; (float)num2
0044E374 |. DEF9 |FDIVP ST(1),ST ; (float)num1/(float)num2, => 商,余
0044E376 |. E8 A146FBFF |CALL TURBOGO.00402A1C ; num3 = (int)商
0044E37B |. 8945 C4 |MOV DWORD PTR SS:[EBP-3C],EAX
0044E37E |. DB45 C4 |FILD DWORD PTR SS:[EBP-3C] ; (float)num3
0044E381 |. DB45 F4 |FILD DWORD PTR SS:[EBP-C] ; (float)num1
0044E384 |. 33C0 |XOR EAX,EAX
0044E386 |. 8A06 |MOV AL,BYTE PTR DS:[ESI]
0044E388 |. 8945 C0 |MOV DWORD PTR SS:[EBP-40],EAX ; num2
0044E38B |. DB45 C0 |FILD DWORD PTR SS:[EBP-40] ; (float)num2
0044E38E |. DEF9 |FDIVP ST(1),ST ; (float)num1/(float)num3 => 商,余
0044E390 |. DED9 |FCOMPP ; 商==(float)num2 ?
0044E392 |. DFE0 |FSTSW AX
0044E394 |. 9E |SAHF
0044E395 |. 75 06 |JNZ SHORT TURBOGO.0044E39D ; 不等就跳, 不能跳!!!
0044E397 |. 837D F4 00 |CMP DWORD PTR SS:[EBP-C],0 ; num1==0?
0044E39B |. 75 04 |JNZ SHORT TURBOGO.0044E3A1 ; 不等就跳, 跳!!!
0044E39D |> C645 EB 00 |MOV BYTE PTR SS:[EBP-15],0 ; 相等就 0 => [EBP-15]
0044E3A1 |> 46 |INC ESI ; 下一循环, "5", "Y", "I"
0044E3A2 |. 83C7 04 |ADD EDI,4 ; 下一循环, SN[0,6,5], SN[4,7,1], SN[8,2,3]
0044E3A5 |. FECB |DEC BL ; 3 次了吗?
0044E3A7 |.^ 75 A0 \JNZ SHORT TURBOGO.0044E349 ; 下一循环
0044E3A9 |> 807D EB 01 CMP BYTE PTR SS:[EBP-15],1 ; 还是 1 吗?
0044E3AD |. 75 31 JNZ SHORT TURBOGO.0044E3E0
0044E3AF |. B3 02 MOV BL,2
0044E3B1 |. BE 7C9B4900 MOV ESI,TURBOGO.00499B7C
0044E3B6 |> 8D45 EC /LEA EAX,DWORD PTR SS:[EBP-14]
0044E3B9 |. 8B16 |MOV EDX,DWORD PTR DS:[ESI]
0044E3BB |. E8 6857FBFF |CALL TURBOGO.00403B28
0044E3C0 |. 8D45 EC |LEA EAX,DWORD PTR SS:[EBP-14]
0044E3C3 |. E8 B82CFFFF |CALL TURBOGO.00441080
0044E3C8 |. 8B45 EC |MOV EAX,DWORD PTR SS:[EBP-14] ; 黑名单, "160339558","856548443"
0044E3CB |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4] ; SN[0-8]
0044E3CE |. E8 495AFBFF |CALL TURBOGO.00403E1C
0044E3D3 |. 75 04 |JNZ SHORT TURBOGO.0044E3D9 ; 在 黑名单 上吗?
0044E3D5 |. C645 EB 00 |MOV BYTE PTR SS:[EBP-15],0 ; 不能到这
0044E3D9 |> 83C6 04 |ADD ESI,4
0044E3DC |. FECB |DEC BL
0044E3DE |.^ 75 D6 \JNZ SHORT TURBOGO.0044E3B6
0044E3E0 |> 8A5D EB MOV BL,BYTE PTR SS:[EBP-15] ; 注册结果
0044E3E3 |. 33C0 XOR EAX,EAX
0044E3E5 |. 5A POP EDX
0044E3E6 |. 59 POP ECX
0044E3E7 |. 59 POP ECX
0044E3E8 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0044E3EB |. 68 10E44400 PUSH TURBOGO.0044E410
0044E3F0 |> 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
0044E3F3 |. E8 9856FBFF CALL TURBOGO.00403A90
0044E3F8 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
0044E3FB |. E8 9056FBFF CALL TURBOGO.00403A90
0044E400 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0044E403 |. E8 8856FBFF CALL TURBOGO.00403A90
0044E408 \. C3 RETN
注册机:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>
char *BadSN[2]={
"160339558",
"856548443"
};
char *seed="5YI";
int main(int argc, char *argv[])
{
int i,j,k;
int num[3];
char str[3][4];
char key[10];
srand( (unsigned)time( NULL ) );
k = 20 + rand()%100;
for( i = 0; i < k; i++ ) rand();
again:
for(i=0;i<3;i++)
{
do{
j = seed[i] * (rand()%20);
}while (j<100||j>=1000);
num[i] = j;
sprintf(str[i],"%03d", num[i]);
}
key[0] = str[0][0];
key[1] = str[1][2];
key[2] = str[2][1];
key[3] = str[2][2];
key[4] = str[1][0];
key[5] = str[0][2];
key[6] = str[0][1];
key[7] = str[1][1];
key[8] = str[2][0];
key[9]='\0';
for(i=0;i<2;i++)
{
if (strcmp(key,BadSN[i])==0) goto again;
}
printf("\nYour register code:%s\n", key);
printf("\n\n\n");
return 0;
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
