00530E2C /. 55 push ebp
00530E2D |. 8BEC mov ebp,esp
00530E2F |. B9 07000000 mov ecx,7
00530E34 |> 6A 00 /push 0
00530E36 |. 6A 00 |push 0
00530E38 |. 49 |dec ecx
00530E39 |.^ 75 F9 \jnz short QTV.00530E34
00530E3B |. 51 push ecx
00530E3C |. 53 push ebx
00530E3D |. 56 push esi
00530E3E |. 57 push edi
00530E3F |. 8BD8 mov ebx,eax
00530E41 |. 33C0 xor eax,eax
00530E43 |. 55 push ebp
00530E44 |. 68 74105300 push QTV.00531074
00530E49 |. 64:FF30 push dword ptr fs:[eax]
00530E4C |. 64:8920 mov dword ptr fs:[eax],esp
00530E4F |. 8D55 F0 lea edx,dword ptr ss:[ebp-10]
00530E52 |. 8B83 24030000 mov eax,dword ptr ds:[ebx+324]
00530E58 |. E8 6716F2FF call QTV.004524C4
00530E5D |. 8D55 EC lea edx,dword ptr ss:[ebp-14]
00530E60 |. 8B83 28030000 mov eax,dword ptr ds:[ebx+328]
00530E66 |. E8 5916F2FF call QTV.004524C4
00530E6B |. 8D55 E8 lea edx,dword ptr ss:[ebp-18]
00530E6E |. 8B83 20030000 mov eax,dword ptr ds:[ebx+320]
00530E74 |. E8 4B16F2FF call QTV.004524C4
00530E79 |. 8D55 E4 lea edx,dword ptr ss:[ebp-1C]
00530E7C |. 8B83 20030000 mov eax,dword ptr ds:[ebx+320]
00530E82 |. E8 3D16F2FF call QTV.004524C4
00530E87 |. 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
00530E8A |. E8 BD36EDFF call QTV.0040454C
00530E8F |. 8BF0 mov esi,eax
00530E91 |. 8D55 E0 lea edx,dword ptr ss:[ebp-20]
00530E94 |. 8B83 24030000 mov eax,dword ptr ds:[ebx+324]
00530E9A |. E8 2516F2FF call QTV.004524C4
00530E9F |. 8B45 E0 mov eax,dword ptr ss:[ebp-20]
00530EA2 |. E8 A536EDFF call QTV.0040454C
00530EA7 |. 8BF8 mov edi,eax
00530EA9 |. 8D55 DC lea edx,dword ptr ss:[ebp-24]
00530EAC |. 8B83 28030000 mov eax,dword ptr ds:[ebx+328]
00530EB2 |. E8 0D16F2FF call QTV.004524C4
00530EB7 |. 8B45 DC mov eax,dword ptr ss:[ebp-24]
00530EBA |. E8 8D36EDFF call QTV.0040454C
00530EBF |. 8BD8 mov ebx,eax
00530EC1 |. 837D F0 00 cmp dword ptr ss:[ebp-10],0
00530EC5 |. 74 1B je short QTV.00530EE2
00530EC7 |. 837D EC 00 cmp dword ptr ss:[ebp-14],0
00530ECB |. 74 15 je short QTV.00530EE2
00530ECD |. 837D E8 00 cmp dword ptr ss:[ebp-18],0
00530ED1 |. 74 0F je short QTV.00530EE2
00530ED3 |. 83FE 06 cmp esi,6
00530ED6 |. 7C 0A jl short QTV.00530EE2
00530ED8 |. 83FF 06 cmp edi,6
00530EDB |. 7C 05 jl short QTV.00530EE2
00530EDD |. 83FB 06 cmp ebx,6
00530EE0 |. 7D 0F jge short QTV.00530EF1
00530EE2 |> B8 8C105300 mov eax,QTV.0053108C
00530EE7 |. E8 2851F0FF call QTV.00436014
00530EEC |. E9 4E010000 jmp QTV.0053103F
00530EF1 |> 8D55 FC lea edx,dword ptr ss:[ebp-4]
00530EF4 |. 8B45 F0 mov eax,dword ptr ss:[ebp-10]
00530EF7 |. E8 8880EDFF call QTV.00408F84
00530EFC |. 84C0 test al,al
00530EFE |. 0F84 31010000 je QTV.00531035
00530F04 |. 8D55 FC lea edx,dword ptr ss:[ebp-4]
00530F07 |. 8B45 EC mov eax,dword ptr ss:[ebp-14]
00530F0A |. E8 7580EDFF call QTV.00408F84
00530F0F |. 84C0 test al,al
00530F11 |. 0F84 1E010000 je QTV.00531035
00530F17 |. 8D45 D8 lea eax,dword ptr ss:[ebp-28]
00530F1A |. 8B55 F0 mov edx,dword ptr ss:[ebp-10]
00530F1D |. 8A52 01 mov dl,byte ptr ds:[edx+1]
00530F20 |. E8 4F35EDFF call QTV.00404474
00530F25 |. 8B45 D8 mov eax,dword ptr ss:[ebp-28]
00530F28 |. E8 0380EDFF call QTV.00408F30
00530F2D |. 50 push eax
00530F2E |. 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
00530F31 |. 8B55 EC mov edx,dword ptr ss:[ebp-14]
00530F34 |. 8A12 mov dl,byte ptr ds:[edx]
00530F36 |. E8 3935EDFF call QTV.00404474
00530F3B |. 8B45 D4 mov eax,dword ptr ss:[ebp-2C]
00530F3E |. E8 ED7FEDFF call QTV.00408F30
00530F43 |. 5A pop edx
00530F44 |. 03D0 add edx,eax
00530F46 |. 8955 F8 mov dword ptr ss:[ebp-8],edx
00530F49 |. 8D45 D0 lea eax,dword ptr ss:[ebp-30]
00530F4C |. 8B55 F0 mov edx,dword ptr ss:[ebp-10]
00530F4F |. 8A52 04 mov dl,byte ptr ds:[edx+4]
00530F52 |. E8 1D35EDFF call QTV.00404474
00530F57 |. 8B45 D0 mov eax,dword ptr ss:[ebp-30]
00530F5A |. E8 D17FEDFF call QTV.00408F30
00530F5F |. 50 push eax
00530F60 |. 8D45 CC lea eax,dword ptr ss:[ebp-34]
00530F63 |. 8B55 EC mov edx,dword ptr ss:[ebp-14]
00530F66 |. 8A52 01 mov dl,byte ptr ds:[edx+1]
00530F69 |. E8 0635EDFF call QTV.00404474
00530F6E |. 8B45 CC mov eax,dword ptr ss:[ebp-34]
00530F71 |. E8 BA7FEDFF call QTV.00408F30
00530F76 |. 5A pop edx
00530F77 |. 03D0 add edx,eax
00530F79 |. 8955 F4 mov dword ptr ss:[ebp-C],edx
00530F7C |. 8D45 C8 lea eax,dword ptr ss:[ebp-38]
00530F7F |. 8B55 F0 mov edx,dword ptr ss:[ebp-10]
00530F82 |. 8A52 03 mov dl,byte ptr ds:[edx+3]
00530F85 |. E8 EA34EDFF call QTV.00404474
00530F8A |. 8B45 C8 mov eax,dword ptr ss:[ebp-38]
00530F8D |. E8 9E7FEDFF call QTV.00408F30
00530F92 |. 50 push eax
00530F93 |. 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
00530F96 |. 8B55 EC mov edx,dword ptr ss:[ebp-14]
00530F99 |. 8A52 03 mov dl,byte ptr ds:[edx+3]
00530F9C |. E8 D334EDFF call QTV.00404474
00530FA1 |. 8B45 C4 mov eax,dword ptr ss:[ebp-3C]
00530FA4 |. E8 877FEDFF call QTV.00408F30
00530FA9 |. 8BD0 mov edx,eax
00530FAB |. 58 pop eax
00530FAC |. 03C2 add eax,edx
00530FAE |. 3BDE cmp ebx,esi
00530FB0 75 16 jnz short QTV.00530FC8
00530FB2 |. 83FF 09 cmp edi,9
00530FB5 75 11 jnz short QTV.00530FC8
00530FB7 |. 837D F8 05 cmp dword ptr ss:[ebp-8],5
00530FBB 75 0B jnz short QTV.00530FC8
00530FBD |. 837D F4 06 cmp dword ptr ss:[ebp-C],6
00530FC1 75 05 jnz short QTV.00530FC8
00530FC3 |. 83F8 08 cmp eax,8
00530FC6 74 0C je short QTV.00530FD4
00530FC8 |> B8 B0105300 mov eax,QTV.005310B0
00530FCD |. E8 4250F0FF call QTV.00436014
00530FD2 |. EB 6B jmp short QTV.0053103F
00530FD4 |> B8 B0105300 mov eax,QTV.005310B0
00530FD9 |. E8 3650F0FF call QTV.00436014
00530FDE |. B2 01 mov dl,1
00530FE0 |. A1 D0AF4300 mov eax,dword ptr ds:[43AFD0]
00530FE5 |. E8 E6A0F0FF call QTV.0043B0D0
00530FEA |. 8BD8 mov ebx,eax
00530FEC |. BA 02000080 mov edx,80000002
00530FF1 |. 8BC3 mov eax,ebx
00530FF3 |. E8 78A1F0FF call QTV.0043B170
00530FF8 |. B1 01 mov cl,1
00530FFA |. BA DC105300 mov edx,QTV.005310DC ; ASCII "Software\Microsoft\Windows\CurrentVersion\QTV"
00530FFF |. 8BC3 mov eax,ebx
00531001 |. E8 CEA1F0FF call QTV.0043B1D4
00531006 |. 84C0 test al,al
00531008 |. 74 1B je short QTV.00531025
0053100A |. B9 14115300 mov ecx,QTV.00531114 ; ASCII "544318"
0053100F |. BA 24115300 mov edx,QTV.00531124 ; ASCII "qtvregid"
00531014 |. 8BC3 mov eax,ebx
00531016 |. E8 55A3F0FF call QTV.0043B370
0053101B |. A1 1CFF5300 mov eax,dword ptr ds:[53FF1C]
00531020 |. E8 43DCF3FF call QTV.0046EC68
00531025 |> 8BC3 mov eax,ebx
00531027 |. E8 14A1F0FF call QTV.0043B140
0053102C |. 8BC3 mov eax,ebx
0053102E |. E8 E923EDFF call QTV.0040341C
00531033 |. EB 0A jmp short QTV.0053103F
00531035 |> B8 38115300 mov eax,QTV.00531138
0053103A |. E8 D54FF0FF call QTV.00436014
0053103F |> 33C0 xor eax,eax
00531041 |. 5A pop edx
00531042 |. 59 pop ecx
00531043 |. 59 pop ecx
00531044 |. 64:8910 mov dword ptr fs:[eax],edx
00531047 |. 68 7B105300 push QTV.0053107B
0053104C |> 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
0053104F |. BA 06000000 mov edx,6
00531054 |. E8 5732EDFF call QTV.004042B0
00531059 |. 8D45 DC lea eax,dword ptr ss:[ebp-24]
0053105C |. BA 03000000 mov edx,3
00531061 |. E8 4A32EDFF call QTV.004042B0
00531066 |. 8D45 E8 lea eax,dword ptr ss:[ebp-18]
00531069 |. BA 03000000 mov edx,3
0053106E |. E8 3D32EDFF call QTV.004042B0
00531073 \. C3 retn
[课程]Android-CTF解题方法汇总!