84000000 cmp eax, 84 如果是注册码的长度的话,是84位还是132位? ---------------------------------------------------------------- 以下是不是正确的注册码的计算方法?或者是陷阱?我解释得对码?循环计算在哪个CALL?请看下面: 00464318 /$ 53 push ebx 《========计算注册码开始???
00464319 |. 56 push esi
0046431A |. 57 push edi
0046431B |. 83C4 F0 add esp, -10
0046431E |. 8BF2 mov esi, edx
00464320 |. 8BD8 mov ebx, eax
00464322 |. 8B06 mov eax, [esi]
00464324 |. 3D 84000000 cmp eax, 84 〈===== 长度84位!! 83F8 2C CMP EAX,2C Switch (cases 7..20A)
00464329 |. 7F 18 jg short 00464343 〈===JG大于就跳!跳转已实现!
0046432B |. 74 70 je short 0046439D 〈=====等于转移.
0046432D |. 83E8 07 sub eax, 7 〈===减去7
00464330 |. 74 32 je short 00464364 〈=====等于转移.
00464332 |. 48 dec eax 〈=====减1
00464333 |. 74 59 je short 0046438E 〈=====等于转移.
00464335 |. 83E8 17 sub eax, 17 〈===减去17
00464338 |. 0F84 F5000000 je 00464433 〈=====等于转移.
0046433E |. E9 28010000 jmp 0046446B
00464343 |> 05 00FFFFFF add eax, -100 〈===EAX减-100
00464348 |. 83E8 09 sub eax, 9
0046434B |. 0F82 D5000000 jb 00464426 〈====〈===EAX减-9
00464351 |. 05 09FFFFFF add eax, -0F7〈=====
00464356 |. 83E8 0B sub eax, 0B 〈===EAX=AEOD
00464359 |. 0F82 8F000000 jb 004643EE 〈===小于转移跳转未实现!!!
0046435F |. E9 07010000 jmp 0046446B
00464364 |> 8BC3 mov eax, ebx ; Case 7 of switch 00464324
00464366 |. E8 F52E0100 call 00477260
0046436B |. 8BF8 mov edi, eax
0046436D |. 85FF test edi, edi
0046436F |. 0F84 F6000000 je 0046446B
00464375 |. 8BD3 mov edx, ebx
00464377 |. 8BC7 mov eax, edi
00464379 |. 8B08 mov ecx, [eax]
0046437B |. FF91 E8000000 call [ecx+E8]
00464381 |. 84C0 test al, al
00464383 |. 0F84 EB000000 je 00464474
00464389 |. E9 DD000000 jmp 0046446B
0046438E |> F643 54 20 test byte ptr [ebx+54], 20 ; Case 8 of switch 00464324
00464392 |. 0F85 DC000000 jnz 00464474
00464398 |. E9 CE000000 jmp 0046446B
0046439D |> 8BD6 mov edx, esi ; Case 84 of switch 00464324
0046439F |. 8BC3 mov eax, ebx
004643A1 |. E8 F6CFFFFF call 0046139C
004643A6 |. 837E 0C FF cmp dword ptr [esi+C], -1
004643AA |. 0F85 C4000000 jnz 00464474
004643B0 |. 6A 00 push 0
004643B2 |. 8D5424 0C lea edx, [esp+C]
004643B6 |. 8B46 08 mov eax, [esi+8]
004643B9 |. E8 0A34FAFF call 004077C8
004643BE |. 8D5424 0C lea edx, [esp+C]
004643C2 |. 8D4C24 04 lea ecx, [esp+4]
004643C6 |. 8BC3 mov eax, ebx
004643C8 |. E8 93B8FFFF call 0045FC60
004643CD |. 8D5424 04 lea edx, [esp+4] ; |
004643D1 |. 33C9 xor ecx, ecx ; |
004643D3 |. 8BC3 mov eax, ebx ; |
004643D5 |. E8 16FEFFFF call 004641F0 ; \Unpacked.004641F0
004643DA |. 85C0 test eax, eax
004643DC |. 0F84 92000000 je 00464474
004643E2 |. C746 0C 01000>mov dword ptr [esi+C], 1
004643E9 |. E9 86000000 jmp 00464474
004643EE |> 8BD6 mov edx, esi Cases 200,201,202,203,204,205,206,207,208,209,20A of switch00464324
004643F0 |. 8BC3 mov eax, ebx
004643F2 |. E8 8DFEFFFF call 00464284
004643F7 |. 84C0 test al, al
004643F9 |. 74 70 je short 0046446B
004643FB |. 837E 0C 00 cmp dword ptr [esi+C], 0
004643FF |. 75 73 jnz short 00464474
00464401 |. 8BC3 mov eax, ebx
00464403 |. E8 00280000 call 00466C08
00464408 |. 84C0 test al, al
0046440A |. 74 68 je short 00464474
0046440C |. 8B46 08 mov eax, [esi+8]
0046440F |. 50 push eax
00464410 |. 8B46 04 mov eax, [esi+4]
00464413 |. 50 push eax
00464414 |. 8B06 mov eax, [esi]
00464416 |. 50 push eax
00464417 |. 8BC3 mov eax, ebx
00464419 |. E8 E6240000 call 00466904
0046441E |. 50 push eax ; |hWnd
0046441F |. E8 D42DFAFF call <jmp.&user32.DefWindowProcA> ; \DefWindowProcA
00464424 |. EB 4E jmp short 00464474
00464426 |> 8BC3 mov eax, ebx ; Cases 100,101,102,103,104,105,106,107,108 of switch 00464324
00464428 |. E8 5FC4FFFF call 0046088C
0046442D |. 84C0 test al, al
0046442F |. 75 43 jnz short 00464474
00464431 |. EB 38 jmp short 0046446B
00464433 |> 8BC3 mov eax, ebx ; Case 1F of switch 00464324
00464435 |. E8 CA240000 call 00466904
0046443A |. 8BF8 mov edi, eax
0046443C |. E8 A72EFAFF call <jmp.&user32.GetCapture> ; [GetCapture
00464441 |. 3BF8 cmp edi, eax
00464443 |. 75 26 jnz short 0046446B
00464445 |. 833D CC9F5200>cmp dword ptr [529FCC], 0
0046444C |. 74 1D je short 0046446B
0046444E |. A1 CC9F5200 mov eax, [529FCC]
00464453 |. 3B58 30 cmp ebx, [eax+30]
00464456 |. 75 13 jnz short 0046446B
00464458 |. 6A 00 push 0 ; /Arg1 = 00000000
0046445A |. 33C9 xor ecx, ecx ; |
0046445C |. BA 1F000000 mov edx, 1F ; |
00464461 |. A1 CC9F5200 mov eax, [529FCC] ; |
00464466 |. E8 65CEFFFF call 004612D0 ; \Unpacked.004612D0
0046446B |> 8BD6 mov edx, esi ; Default case of switch 00464324
0046446D |. 8BC3 mov eax, ebx
0046446F |. E8 28CFFFFF call 0046139C
00464474 |> 83C4 10 add esp, 10
00464477 |. 5F pop edi
00464478 |. 5E pop esi
00464479 |. 5B pop ebx
0046447A \. C3 retn
我看 到这里塞车了
[课程]FART 脱壳王!加量不加价!FART作者讲授!