这个是我跟踪的算法的代码,可是不知道他最后一段的工作原理是什么,请帮助我总结一下,或者能给我一些建议,同时后段的一个应该是加密的过程,也不知道如何写算法
谢谢!!!
ECX 00343D40 ASCII "kABCDEF78GHIJ"
EDX 00000000
EBX FFFFFFFF
ESP 0012FDA0
EBP 0012FDD0
ebp=12FDD0 注册码在12FDDC中,为13位字母和数字的组合
以下是程序需要的内存位置,也是存放序列号的位置
0012FDA4 00000007
0012FDA8 0000000D
0012FDAC 00000000
0012FDB0 73E086D4 MFC42.73E086D4
0012FDB4 00000001
0012FDB8 00000002
0012FDBC 00000003
0012FDC0 00000005
[分析]
下面是对注册码的提取过程,对每一位的字符提取的函数
00402720 /$ 55 push ebp
00402721 |. 8BEC mov ebp, esp
00402723 |. 51 push ecx
00402724 |. 894D FC mov dword ptr [ebp-4], ecx
00402727 |. 8B45 FC mov eax, dword ptr [ebp-4]
0040272A |. 8B08 mov ecx, dword ptr [eax]
0040272C |. 8B55 08 mov edx, dword ptr [ebp+8]
0040272F |. 8A0411 mov al, byte ptr [ecx+edx]
00402732 |. 8BE5 mov esp, ebp
00402734 |. 5D pop ebp
00402735 \. C2 0400 retn 4
;具体的序列号计算的过程
0040143D |> /8B45 DC /mov eax, dword ptr [ebp-24]
00401440 |. |83C0 01 |add eax, 1
00401443 |. |8945 DC |mov dword ptr [ebp-24], eax
00401446 |> |8B4D DC mov ecx, dword ptr [ebp-24]
00401449 |. |3B4D D8 |cmp ecx, dword ptr [ebp-28] ;//比较计算次数,
0040144C |. |0F8D 5F010000 |jge 004015B1 ;//如果完成进入数据存储单元
00401452 |. |8B45 DC |mov eax, dword ptr [ebp-24]
00401455 |. |99 |cdq
00401456 |. |B9 07000000 |mov ecx, 7
0040145B |. |F7F9 |idiv ecx
0040145D |. |85D2 |test edx, edx
0040145F |. |75 1C |jnz short 0040147D
00401461 |. |8B55 DC |mov edx, dword ptr [ebp-24]
00401464 |. |52 |push edx ; /Arg1
00401465 |. |8D4D 0C |lea ecx, dword ptr [ebp+C] ; |
00401468 |. |E8 B3120000 |call 00402720 ;
0040146D |. |0FBEC0 |movsx eax, al ;从左数第1个和第8个字符的入口
00401470 |. |8B4D E4 |mov ecx, dword ptr [ebp-1C]
00401473 |. |03C8 |add ecx, eax
00401475 |. |894D E4 |mov dword ptr [ebp-1C], ecx
00401478 |. |E9 94000000 |jmp 00401511
0040147D |> |8B45 DC |mov eax, dword ptr [ebp-24]
00401480 |. |99 |cdq
00401481 |. |B9 05000000 |mov ecx, 5
00401486 |. |F7F9 |idiv ecx
00401488 |. |85D2 |test edx, edx
0040148A |. |75 19 |jnz short 004014A5
0040148C |. |8B55 DC |mov edx, dword ptr [ebp-24]
0040148F |. |52 |push edx ; /Arg1
00401490 |. |8D4D 0C |lea ecx, dword ptr [ebp+C] ; |
00401493 |. |E8 88120000 |call 00402720 ; 读字符
00401498 |. |0FBEC0 |movsx eax, al ;//从左数第6个和第11个字符的入口
0040149B |. |8B4D E8 |mov ecx, dword ptr [ebp-18]
0040149E |. |03C8 |add ecx, eax
004014A0 |. |894D E8 |mov dword ptr [ebp-18], ecx
004014A3 |. |EB 6C |jmp short 00401511
004014A5 |> |8B45 DC |mov eax, dword ptr [ebp-24]
004014A8 |. |99 |cdq
004014A9 |. |B9 03000000 |mov ecx, 3
004014AE |. |F7F9 |idiv ecx
004014B0 |. |85D2 |test edx, edx
004014B2 |. |75 19 |jnz short 004014CD
004014B4 |. |8B55 DC |mov edx, dword ptr [ebp-24]
004014B7 |. |52 |push edx ; /Arg1
004014B8 |. |8D4D 0C |lea ecx, dword ptr [ebp+C] ; |
004014BB |. |E8 60120000 |call 00402720 ; 读字符
004014C0 |. |0FBEC0 |movsx eax, al ; //从左数第4个,第7个,第10个和第13个字符的入口
004014C3 |. |8B4D EC |mov ecx, dword ptr [ebp-14]
004014C6 |. |03C8 |add ecx, eax
004014C8 |. |894D EC |mov dword ptr [ebp-14], ecx
004014CB |. |EB 44 |jmp short 00401511
004014CD |> |8B55 DC |mov edx, dword ptr [ebp-24]
004014D0 |. |81E2 01000080 |and edx, 80000001
004014D6 |. |79 05 |jns short 004014DD
004014D8 |. |4A |dec edx
004014D9 |. |83CA FE |or edx, FFFFFFFE
004014DC |. |42 |inc edx
004014DD |> |85D2 |test edx, edx
004014DF |. |75 19 |jnz short 004014FA
004014E1 |. |8B45 DC |mov eax, dword ptr [ebp-24]
004014E4 |. |50 |push eax ; /Arg1
004014E5 |. |8D4D 0C |lea ecx, dword ptr [ebp+C] ; |
004014E8 |. |E8 33120000 |call 00402720 ; 读字符
004014ED |. |0FBEC8 |movsx ecx, al ;//从左数第3个,第5个和第9个字符的入口
004014F0 |. |8B55 F0 |mov edx, dword ptr [ebp-10]
004014F3 |. |03D1 |add edx, ecx
004014F5 |. |8955 F0 |mov dword ptr [ebp-10], edx
004014F8 |. |EB 17 |jmp short 00401511
004014FA |> |8B45 DC |mov eax, dword ptr [ebp-24]
004014FD |. |50 |push eax ; /Arg1
004014FE |. |8D4D 0C |lea ecx, dword ptr [ebp+C] ; |
00401501 |. |E8 1A120000 |call 00402720 ; 读字符
00401506 |. |0FBEC8 |movsx ecx, al ;//从左数第2个和第12个字符的入口
00401509 |. |8B55 D4 |mov edx, dword ptr [ebp-2C]
0040150C |. |03D1 |add edx, ecx
0040150E |. |8955 D4 |mov dword ptr [ebp-2C], edx
00401511 |> |8B45 DC |mov eax, dword ptr [ebp-24]
00401514 |. |50 |push eax ; /Arg1
00401515 |. |8D4D 0C |lea ecx, dword ptr [ebp+C] ; |
00401518 |. |E8 03120000 |call 00402720 ;读字符
从此处开始时每一个字符都会运行得,过程是对已操作的字符在进行相应的处理,就是这段不是很明白
不知道是怎么样进行工作的,原理是如何?应该是一个加密的过程
0040151D |. |0FBEC8 |movsx ecx, al ;
00401520 |. |83E1 01 |and ecx, 1
00401523 |. |85C9 |test ecx, ecx
00401525 |. |74 09 |je short 00401530
00401527 |. |8B55 E4 |mov edx, dword ptr [ebp-1C]
0040152A |. |83C2 01 |add edx, 1
0040152D |. |8955 E4 |mov dword ptr [ebp-1C], edx
00401530 |> |8B45 DC |mov eax, dword ptr [ebp-24]
00401533 |. |50 |push eax ; /Arg1
00401534 |. |8D4D 0C |lea ecx, dword ptr [ebp+C] ; |
00401537 |. |E8 E4110000 |call 00402720 ; 读字符
0040153C |. |0FBEC8 |movsx ecx, al
0040153F |. |83E1 02 |and ecx, 2
00401542 |. |85C9 |test ecx, ecx
00401544 |. |74 09 |je short 0040154F
00401546 |. |8B55 E8 |mov edx, dword ptr [ebp-18]
00401549 |. |83C2 01 |add edx, 1
0040154C |. |8955 E8 |mov dword ptr [ebp-18], edx
0040154F |> |8B45 DC |mov eax, dword ptr [ebp-24]
00401552 |. |50 |push eax ; /Arg1
00401553 |. |8D4D 0C |lea ecx, dword ptr [ebp+C] ; |
00401556 |. |E8 C5110000 |call 00402720 ; 读字符
0040155B |. |0FBEC8 |movsx ecx, al
0040155E |. |83E1 04 |and ecx, 4
00401561 |. |85C9 |test ecx, ecx
00401563 |. |74 09 |je short 0040156E
00401565 |. |8B55 EC |mov edx, dword ptr [ebp-14]
00401568 |. |83C2 01 |add edx, 1
0040156B |. |8955 EC |mov dword ptr [ebp-14], edx
0040156E |> |8B45 DC |mov eax, dword ptr [ebp-24]
00401571 |. |50 |push eax ; /Arg1
00401572 |. |8D4D 0C |lea ecx, dword ptr [ebp+C] ; |
00401575 |. |E8 A6110000 |call 00402720 ; 读字符
0040157A |. |0FBEC8 |movsx ecx, al
0040157D |. |83E1 08 |and ecx, 8
00401580 |. |85C9 |test ecx, ecx
00401582 |. |74 09 |je short 0040158D
00401584 |. |8B55 F0 |mov edx, dword ptr [ebp-10]
00401587 |. |83C2 01 |add edx, 1
0040158A |. |8955 F0 |mov dword ptr [ebp-10], edx
0040158D |> |8B45 DC |mov eax, dword ptr [ebp-24]
00401590 |. |50 |push eax ; /Arg1
00401591 |. |8D4D 0C |lea ecx, dword ptr [ebp+C] ; |
00401594 |. |E8 87110000 |call 00402720 ; 读字符
00401599 |. |0FBEC8 |movsx ecx, al
0040159C |. |83E1 10 |and ecx, 10
0040159F |. |85C9 |test ecx, ecx
004015A1 |. |74 09 |je short 004015AC
004015A3 |. |8B55 D4 |mov edx, dword ptr [ebp-2C]
004015A6 |. |83C2 01 |add edx, 1
004015A9 |. |8955 D4 |mov dword ptr [ebp-2C], edx
004015AC |>^\E9 8CFEFFFF \jmp 0040143D
;得到序列号的过程
;这里就是对于存放到地址单元的数值在进行简单的运算,完成后就可以得到注册的序列号
004015B1 |> 8B45 D4 mov eax, dword ptr [ebp-2C]
004015B4 |. 0C 5A or al, 5A
004015B6 |. 50 push eax
004015B7 |. 8B4D E4 mov ecx, dword ptr [ebp-1C]
004015BA |. 81F1 FA000000 xor ecx, 0FA
004015C0 |. 51 push ecx
004015C1 |. 8B55 F0 mov edx, dword ptr [ebp-10]
004015C4 |. 52 push edx
004015C5 |. 8B45 E8 mov eax, dword ptr [ebp-18]
004015C8 |. 83F0 5F xor eax, 5F
004015CB |. 50 push eax
004015CC |. 8B4D EC mov ecx, dword ptr [ebp-14]
004015CF |. 51 push ecx
004015D0 |. 68 00614400 push 00446100 ; ASCII "%d%d%d%d%d"
要是能帮我写出来注册机,就更好了,谢谢!!!!!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课