代码写的很清楚了,直接IDA即可看到(难点是异常,其实也没什么难点的,因为只是个try而已,还在本过程中而已):
答案是:401353
.text:00401298 push offset asc_41C6F8 ; "请输入序列号:\n"
.text:0040129D call sub_401410
.text:004012A2 lea eax, [ebp+var_3C]
.text:004012A5 push eax
.text:004012A6 push offset aS ; "%s"
.text:004012AB call sub_4013D0
.text:004012B0 add esp, 0Ch
.text:004012B3 lea edx, [ebp+var_3C]
.text:004012B6 lea ecx, [edx+1]
.text:004012B9 nop dword ptr [eax+00000000h]
.text:004012C0
.text:004012C0 loc_4012C0: ; CODE XREF: _main+65↓j
.text:004012C0 mov al, [edx]
.text:004012C2 inc edx
.text:004012C3 test al, al
.text:004012C5 jnz short loc_4012C0
.text:004012C7 sub edx, ecx
.text:004012C9 cmp edx, 7
.text:004012CC jb short loc_4012F9
.text:004012CE
.text:004012CE loc_4012CE: ; CODE XREF: _main+9D↓j
.text:004012CE ; _main+A3↓j ...
.text:004012CE push offset aError ; "error\n"
.text:004012D3 call sub_401410
.text:004012D8 add esp, 4
.text:004012DB xor eax, eax
.text:004012DD mov ecx, [ebp+ms_exc.registration.Next]
.text:004012E0 mov large fs:0, ecx
.text:004012E7 pop ecx
.text:004012E8 pop edi
.text:004012E9 pop esi
.text:004012EA pop ebx
.text:004012EB mov ecx, [ebp+var_1C]
.text:004012EE xor ecx, ebp
.text:004012F0 call @__security_check_cookie@4 ; __security_check_cookie(x)
.text:004012F5 mov esp, ebp
.text:004012F7 pop ebp
.text:004012F8 retn
.text:004012F9 ; ---------------------------------------------------------------------------
.text:004012F9
.text:004012F9 loc_4012F9: ; CODE XREF: _main+6C↑j
.text:004012F9 cmp [ebp+var_37], 33h
.text:004012FD jnz short loc_4012CE
.text:004012FF cmp [ebp+var_38], 35h
.text:00401303 jnz short loc_4012CE
.text:00401305 cmp [ebp+var_39], 33h
.text:00401309 jnz short loc_4012CE
.text:0040130B movzx ecx, [ebp+var_3C]
.text:0040130F movzx eax, [ebp+var_3B]
.text:00401313 add ecx, eax
.text:00401315 movzx eax, [ebp+var_3A]
.text:00401319 add ecx, eax
.text:0040131B cmp ecx, 95h
.text:00401321 jnz short loc_4012CE
.text:00401323 xor ecx, ecx
.text:00401325 test edx, edx
.text:00401327 jz short loc_401342
.text:00401329 nop dword ptr [eax+00000000h]
.text:00401330
.text:00401330 loc_401330: ; CODE XREF: _main+E0↓j
.text:00401330 movzx eax, [ebp+ecx+var_3C]
.text:00401335 shl esi, 4
.text:00401338 add esi, 0FFFFFFD0h
.text:0040133B add esi, eax
.text:0040133D inc ecx
.text:0040133E cmp ecx, edx
.text:00401340 jb short loc_401330
.text:00401342
.text:00401342 loc_401342: ; CODE XREF: _main+C7↑j
.text:00401342 ; __try { // __except at loc_401379
.text:00401342 mov [ebp+ms_exc.registration.TryLevel], 0
.text:00401349 test esi, esi
.text:0040134B jz short loc_40135D
.text:0040134D push eax
.text:0040134E call loc_401354
.text:0040134E ; ---------------------------------------------------------------------------
.text:00401353 db 0EBh
.text:00401354 ; ---------------------------------------------------------------------------
.text:00401354
.text:00401354 loc_401354: ; CODE XREF: _main+EE↑j
.text:00401354 pop eax
.text:00401355 sub eax, 0
.text:00401358 sub esi, eax
.text:0040135A div esi
.text:0040135C pop eax
.text:0040135D
.text:0040135D loc_40135D: ; CODE XREF: _main+EB↑j
.text:0040135D nop
.text:0040135E nop
.text:0040135F nop
.text:00401360 nop
.text:00401361 nop
.text:00401362 nop
.text:00401363 nop
.text:00401364 push offset aError_0 ; "error!\n"
.text:00401369 call sub_401410
.text:0040136E add esp, 4
.text:00401371
.text:00401371 loc_401371: ; CODE XREF: _main:loc_401371↓j
.text:00401371 jmp short loc_401371
.text:00401373 ; ---------------------------------------------------------------------------
.text:00401373
.text:00401373 loc_401373: ; DATA XREF: .rdata:stru_41CC98↓o
.text:00401373 ; __except filter // owned by 401342
.text:00401373 mov eax, 1
.text:00401378 retn
.text:00401379 ; ---------------------------------------------------------------------------
.text:00401379
.text:00401379 loc_401379: ; DATA XREF: .rdata:stru_41CC98↓o
.text:00401379 ; __except(loc_401373) // owned by 401342
.text:00401379 mov esp, [ebp+ms_exc.old_esp]
.text:0040137C lea edx, [ebp+var_3C]
.text:0040137F lea ecx, [edx+1]
.text:00401382
.text:00401382 loc_401382: ; CODE XREF: _main+127↓j
.text:00401382 mov al, [edx]
.text:00401384 inc edx
.text:00401385 test al, al
.text:00401387 jnz short loc_401382
.text:00401389 sub edx, ecx
.text:0040138B xor ecx, ecx
.text:0040138D test edx, edx
.text:0040138F jle short loc_4013A7
.text:00401391
.text:00401391 loc_401391: ; CODE XREF: _main+145↓j
.text:00401391 movzx eax, [ebp+ecx+var_3C]
.text:00401396 add ax, 9
.text:0040139A mov word_41F300[ecx*2], ax
.text:004013A2 inc ecx
.text:004013A3 cmp ecx, edx
.text:004013A5 jl short loc_401391
.text:004013A7
.text:004013A7 loc_4013A7: ; CODE XREF: _main+12F↑j
.text:004013A7 push offset aSuccess ; "success!\n"
.text:004013AC call sub_401410
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
