能力值:
( LV3,RANK:20 )
|
-
-
27 楼
你的软件暴露太多的信息了,下面是关键的代码:
00408E31 55 push ebp
00408E32 8BEC mov ebp, esp
00408E34 81EC 10000000 sub esp, 0x10
00408E3A C745 FC 0000000>mov dword ptr [ebp-0x4], 0x0
00408E41 F8 clc
00408E42 73 01 jnb short 00408E45
00408E44 90 nop
00408E45 EB 01 jmp short 00408E48
00408E47 90 nop
00408E48 817D 08 A705000>cmp dword ptr [ebp+0x8], 0x5A7
00408E4F 0F85 16020000 jnz 0040906B
00408E55 EB 01 jmp short 00408E58
00408E57 90 nop
00408E58 E8 00000000 call 00408E5D
00408E5D 830424 06 add dword ptr [esp], 0x6
00408E61 C3 retn
00408E62 90 nop
00408E63 68 01030080 push 0x80000301
00408E68 6A 00 push 0x0
00408E6A EB 01 jmp short 00408E6D
00408E6C 90 nop
00408E6D FF35 94052601 push dword ptr [0x1260594]
00408E73 68 01030080 push 0x80000301
00408E78 6A 00 push 0x0
00408E7A EB 01 jmp short 00408E7D
00408E7C 90 nop
00408E7D FF75 14 push dword ptr [ebp+0x14]
00408E80 68 02000000 push 0x2
00408E85 BB 10090000 mov ebx, 0x910
00408E8A EB 01 jmp short 00408E8D
00408E8C 90 nop
00408E8D E8 5F940000 call 004122F1
00408E92 83C4 1C add esp, 0x1C
00408E95 8945 F8 mov dword ptr [ebp-0x8], eax
00408E98 EB 01 jmp short 00408E9B
00408E9A 90 nop
00408E9B EB 01 jmp short 00408E9E
00408E9D 90 nop
00408E9E EB 01 jmp short 00408EA1
00408EA0 90 nop
00408EA1 8B45 F8 mov eax, dword ptr [ebp-0x8]
00408EA4 50 push eax
00408EA5 F8 clc
00408EA6 73 01 jnb short 00408EA9
00408EA8 90 nop
00408EA9 8B5D FC mov ebx, dword ptr [ebp-0x4]
00408EAC 85DB test ebx, ebx
00408EAE 74 09 je short 00408EB9
00408EB0 53 push ebx
00408EB1 E8 29940000 call 004122DF
00408EB6 83C4 04 add esp, 0x4
00408EB9 58 pop eax
00408EBA 8945 FC mov dword ptr [ebp-0x4], eax
00408EBD F8 clc
00408EBE 73 01 jnb short 00408EC1
00408EC0 90 nop
00408EC1 F9 stc
00408EC2 72 01 jb short 00408EC5
00408EC4 90 nop
00408EC5 F9 stc
00408EC6 72 01 jb short 00408EC9
00408EC8 90 nop
00408EC9 B8 15654000 mov eax, 00406515
00408ECE 33C9 xor ecx, ecx
00408ED0 85C0 test eax, eax
00408ED2 74 03 je short 00408ED7
00408ED4 8B48 04 mov ecx, dword ptr [eax+0x4]
00408ED7 51 push ecx
00408ED8 83C0 08 add eax, 0x8
00408EDB 50 push eax
00408EDC EB 01 jmp short 00408EDF
00408EDE 90 nop
00408EDF 8B45 FC mov eax, dword ptr [ebp-0x4]
00408EE2 33DB xor ebx, ebx
00408EE4 85C0 test eax, eax
00408EE6 74 03 je short 00408EEB
00408EE8 8B58 04 mov ebx, dword ptr [eax+0x4]
00408EEB 83C0 08 add eax, 0x8
00408EEE 50 push eax
00408EEF 3BD9 cmp ebx, ecx
00408EF1 B8 01000000 mov eax, 0x1
00408EF6 75 0A jnz short 00408F02
00408EF8 48 dec eax
00408EF9 85C9 test ecx, ecx
00408EFB 74 05 je short 00408F02
00408EFD E8 00EEFFFF call 00407D02
00408F02 83C4 0C add esp, 0xC
00408F05 85C0 test eax, eax
00408F07 0F85 5E010000 jnz 0040906B ; 关键跳转
00408F0D F9 stc
00408F0E 72 01 jb short 00408F11
00408F10 90 nop
00408F11 68 00000000 push 0x0
00408F16 BB 04010000 mov ebx, 0x104
00408F1B EB 01 jmp short 00408F1E
00408F1D 90 nop
00408F1E E8 CE930000 call 004122F1
00408F23 83C4 04 add esp, 0x4
00408F26 8945 F8 mov dword ptr [ebp-0x8], eax
00408F29 F8 clc
00408F2A 73 01 jnb short 00408F2D
00408F2C 90 nop
00408F2D EB 01 jmp short 00408F30
00408F2F 90 nop
00408F30 F8 clc
00408F31 73 01 jnb short 00408F34
00408F33 90 nop
00408F34 68 25654000 push 00406525 ; ASCII "\reg.txt"
00408F39 EB 01 jmp short 00408F3C
00408F3B 90 nop
00408F3C FF75 F8 push dword ptr [ebp-0x8]
00408F3F B9 02000000 mov ecx, 0x2
00408F44 E8 1AE7FFFF call 00407663
00408F49 83C4 08 add esp, 0x8
00408F4C 8945 F4 mov dword ptr [ebp-0xC], eax
00408F4F 8B5D F8 mov ebx, dword ptr [ebp-0x8]
00408F52 85DB test ebx, ebx
00408F54 74 09 je short 00408F5F
00408F56 53 push ebx
00408F57 E8 83930000 call 004122DF
00408F5C 83C4 04 add esp, 0x4
00408F5F EB 01 jmp short 00408F62
00408F61 90 nop
00408F62 EB 01 jmp short 00408F65
00408F64 90 nop
00408F65 68 04000080 push 0x80000004
00408F6A 6A 00 push 0x0
00408F6C F8 clc
00408F6D 73 01 jnb short 00408F70
00408F6F 90 nop
00408F70 68 2E654000 push 0040652E ; ASCII "adsfdasfasgdfsagasdfsa"
00408F75 68 01000000 push 0x1
00408F7A BB 98010000 mov ebx, 0x198
00408F7F F9 stc
00408F80 72 01 jb short 00408F83
00408F82 90 nop
00408F83 E8 69930000 call 004122F1
00408F88 83C4 10 add esp, 0x10
00408F8B 8945 F0 mov dword ptr [ebp-0x10], eax
00408F8E EB 01 jmp short 00408F91
00408F90 90 nop
00408F91 EB 01 jmp short 00408F94
00408F93 90 nop
00408F94 68 05000080 push 0x80000005
00408F99 6A 00 push 0x0
00408F9B F8 clc
00408F9C 73 01 jnb short 00408F9F
00408F9E 90 nop
00408F9F 8B45 F0 mov eax, dword ptr [ebp-0x10]
00408FA2 85C0 test eax, eax
00408FA4 75 05 jnz short 00408FAB
00408FA6 B8 EB604000 mov eax, 004060EB
00408FAB 50 push eax
00408FAC 68 04000080 push 0x80000004
00408FB1 6A 00 push 0x0
00408FB3 EB 01 jmp short 00408FB6
00408FB5 BC 8B45F485 mov esp, 0x85F4458B
00408FBA C075 05 B8 sal byte ptr [ebp+0x5], 0xB8
00408FBE DF60 40 fbld tbyte ptr [eax+0x40]
00408FC1 0050 68 add byte ptr [eax+0x68], dl
00408FC4 0200 add al, byte ptr [eax]
00408FC6 0000 add byte ptr [eax], al
00408FC8 BB 6C020000 mov ebx, 0x26C
00408FCD F8 clc
00408FCE 73 01 jnb short 00408FD1
00408FD0 90 nop
00408FD1 E8 1B930000 call 004122F1
00408FD6 83C4 1C add esp, 0x1C
00408FD9 8B5D F4 mov ebx, dword ptr [ebp-0xC]
00408FDC 85DB test ebx, ebx
00408FDE 74 09 je short 00408FE9
00408FE0 53 push ebx
00408FE1 E8 F9920000 call 004122DF
00408FE6 83C4 04 add esp, 0x4
00408FE9 8B5D F0 mov ebx, dword ptr [ebp-0x10]
00408FEC 85DB test ebx, ebx
00408FEE 74 09 je short 00408FF9
00408FF0 53 push ebx
00408FF1 E8 E9920000 call 004122DF
00408FF6 83C4 04 add esp, 0x4
00408FF9 EB 01 jmp short 00408FFC
00408FFB 90 nop
00408FFC EB 01 jmp short 00408FFF
00408FFE 90 nop
00408FFF 6A 00 push 0x0
00409001 F9 stc
00409002 72 01 jb short 00409005
00409004 90 nop
00409005 68 45654000 push 00406545 ; ASCII "you are win!"
0040900A 6A FF push -0x1
0040900C 6A 08 push 0x8
0040900E 68 00000106 push 0x6010000
00409013 68 01000152 push 0x52010001
00409018 E8 E0920000 call 004122FD
0040901D 83C4 18 add esp, 0x18
00409020 F8 clc
00409021 73 01 jnb short 00409024
00409023 90 nop
00409024 BB 06000000 mov ebx, 0x6
00409029 E8 FBFDFFFF call 00408E29
0040902E 68 06000080 push 0x80000006
00409033 6A 00 push 0x0
00409035 EB 01 jmp short 00409038
00409037 90 nop
00409038 68 5C9F4000 push 00409F5C
0040903D 68 03000000 push 0x3
00409042 BB 00000000 mov ebx, 0x0
00409047 B8 02000000 mov eax, 0x2
0040904C EB 01 jmp short 0040904F
0040904E 90 nop
0040904F E8 A3920000 call 004122F7
00409054 83C4 28 add esp, 0x28
00409057 EB 01 jmp short 0040905A
00409059 90 nop
0040905A F8 clc
0040905B 73 01 jnb short 0040905E
0040905D 90 nop
0040905E EB 01 jmp short 00409061
00409060 90 nop
00409061 B8 00000000 mov eax, 0x0
00409066 E9 1B000000 jmp 00409086
0040906B EB 01 jmp short 0040906E
0040906D 90 nop
0040906E EB 01 jmp short 00409071
00409070 B7 E8 mov bh, 0xE8
00409072 0000 add byte ptr [eax], al
00409074 0000 add byte ptr [eax], al
00409076 830424 06 add dword ptr [esp], 0x6
0040907A C3 retn
|
