【文章标题】: 菜鸟也学密码学--MD5
【文章作者】: 网游难民
【作者主页】: www.chinapyg.com
【下载地址】: 本地
【作者声明】: 菜鸟初次接触MD5,失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
看到论坛里好多朋友都在玩密码学加密的软件,偶菜鸟也不甘落后,也来学习下MD5,下面是偶的学习笔记,希望能学习密码学的朋友们提供些帮助。
下面我们用黑夜彩虹老大分析过的一个CM来学习下:)
偶用自己机器上的数据来给大家解释下MD5是怎么实现的,下面是偶用来学习的数据。
机器码:F2918A44BFEBFBFF
用户名:goqq2008
注册码:9876543210
0045184D |. 8D55 E0 lea edx, dword ptr [ebp-20]
00451850 |. 8B83 08030000 mov eax, dword ptr [ebx+308]
00451856 |. E8 81E3FDFF call 0042FBDC
0045185B |. 8B55 E0 mov edx, dword ptr [ebp-20] ; 用户名(goqq2008)
0045185E |. 58 pop eax
0045185F |. E8 7428FBFF call 004040D8
00451864 |. 8B45 E4 mov eax, dword ptr [ebp-1C] ; 机器码+用户名(F2918A44BFEBFBFFgoqq2008)
00451867 |. 8D55 E8 lea edx, dword ptr [ebp-18]
0045186A |. E8 6DFBFFFF call 004513DC ; MD5加密,关键CALL1,F7跟进~
0045186F |. 8D45 E8 lea eax, dword ptr [ebp-18]
00451872 |. 8D55 F8 lea edx, dword ptr [ebp-8]
00451875 |. E8 D6FBFFFF call 00451450
0045187A |. 8B55 F8 mov edx, dword ptr [ebp-8] ; MD5加密后的结果放在EDX中~
0045187D |. 58 pop eax
0045187E |. E8 9929FBFF call 0040421C
00451883 |. 75 1A jnz short 0045189F ; 关键跳转
00451885 |. 6A 40 push 40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
跟进关键CALL1:
00451422 |. 8BD3 mov edx, ebx
00451424 |. 8D45 A4 lea eax, dword ptr [ebp-5C]
00451427 |. E8 3CFFFFFF call 00451368 ; 关键CALL2,跟进~
0045142C |. 33C0 xor eax, eax
0045142E |. 5A pop edx
+++++++++++++++++++++++++++++++++++++++++++++++++++++
跟进关键CALL2:
004513B1 |. 8BC3 mov eax, ebx
004513B3 |. B9 08000000 mov ecx, 8
004513B8 |. E8 2BFFFFFF call 004512E8 ; 关键CALL3,跟进
004513BD |. 8BD6 mov edx, esi
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
跟进关键CALL3:
0045132B |. 8BD6 mov edx, esi
0045132D |. 8D46 18 lea eax, dword ptr [esi+18]
00451330 |. E8 4FF8FFFF call 00450B84 ; 关键CALL4,跟进
00451335 |. EB 0E jmp short 00451345
00451337 |> 8BD6 /mov edx, esi
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
00450B84 /$ 53 push ebx ; 终于到达MD5加密的地方了~~:)
00450B85 |. 56 push esi
00450B86 |. 57 push edi
00450B87 |. 55 push ebp
00450B88 |. 83C4 A8 add esp, -58
00450B8B |. 895424 04 mov dword ptr [esp+4], edx
00450B8F |. 890424 mov dword ptr [esp], eax
00450B92 |. 8D5C24 08 lea ebx, dword ptr [esp+8]
00450B96 |. 8D7424 0C lea esi, dword ptr [esp+C]
00450B9A |. 8D7C24 10 lea edi, dword ptr [esp+10]
00450B9E |. 8D6C24 14 lea ebp, dword ptr [esp+14]
00450BA2 |. 8D5424 18 lea edx, dword ptr [esp+18]
00450BA6 |. B9 40000000 mov ecx, 40
00450BAB |. 8B0424 mov eax, dword ptr [esp]
00450BAE |. E8 5DFFFFFF call 00450B10 ; 增加填充,补足长度
――――――――――――――――――――――――――――――――――
第一步:增加填充
增加padding使得数据长度(bit为单位)模512为448。如果数据长度正好是模512为448,增加512个填充bit,也就是说填充的个数为1-512。第一个bit为1,其余全部为0。
第二步:补足长度
将数据长度转换为64bit的数值,如果长度超过64bit所能表示的数据长度的范围,值保留最后64bit,增加到前面填充的数据后面,使得最后的数据为512bit的整数倍。也就是32bit的16倍的整数倍。在RFC1321中,32bit称为一个word。
第一步:增加填充
因为我这里要用MD5加密的数据是 F2918A44BFEBFBFFgoqq2008 。一共有192位,如果填充到模512为448,一共要填充256位,既第一个为1(二进制),255个0。
第二步:补足长度
F2918A44BFEBFBFFgoqq2008 转换为二进制共192位,二进制表示为11000000,共8位,要补足64位后面要再加56个0。
所以补足长度后的数值如下(16进制表示):
0012F514 46 32 39 31 38 41 34 34 42 46 45 42 46 42 46 46 F2918A44BFEBFBFF
0012F524 67 6F 71 71 32 30 30 38 80 00 00 00 00 00 00 00 goqq2008?......
0012F534 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0012F544 00 00 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 ........?......
――――――――――――――――――――――――――――――――――――――
00450BB3 |. 8B4424 04 mov eax, dword ptr [esp+4]
00450BB7 |. 8B00 mov eax, dword ptr [eax] ; 67452301
00450BB9 |. 8903 mov dword ptr [ebx], eax
00450BBB |. 8B4424 04 mov eax, dword ptr [esp+4]
00450BBF |. 8B40 04 mov eax, dword ptr [eax+4] ; EFCDAB89
00450BC2 |. 8906 mov dword ptr [esi], eax
00450BC4 |. 8B4424 04 mov eax, dword ptr [esp+4]
00450BC8 |. 8B40 08 mov eax, dword ptr [eax+8] ; 98BADCFE
00450BCB |. 8907 mov dword ptr [edi], eax
00450BCD |. 8B4424 04 mov eax, dword ptr [esp+4]
00450BD1 |. 8B40 0C mov eax, dword ptr [eax+C] ; 10325476
00450BD4 |. 8945 00 mov dword ptr [ebp], eax ; 上面初始化变量
―――――――――――――――――――――――――――――――――――――――
第三步:初始化变量:
用到4个变量,分别为A、B、C、D,均为32bit长。初始化为:
a: 01 23 45 67
b: 89 ab cd ef
c: fe dc ba 98
d: 76 54 32 10
上面四个变量都在:)
―――――――――――――――――――――――――――――――――――――――
第四步:数据处理:
首先定义4个辅助函数:
F(X,Y,Z) = (X and Y) or (not(X) and Z)
G(X,Y,Z) = (X and Z) or (Y and not(Z))
H(X,Y,Z) = X xor Y xor Z
I(X,Y,Z) = Y xor (X or not(Z))
函数中的X、Y、Z均为32bit。
这个偶不解释~~~~~~~~~~~~~~
――――――――――――――――――――――――
下面四个非线形函数,每圈使用一个,每圈16步,共4圈:
FF(a,b,c,d,Mj,s,ti)代表 a=b+((a+F(b,c,d)+Mj+ti)<<< s)
GG(a,b,c,d,Mj,s,ti)代表 a=b+((a+G(b,c,d)+Mj+ti)<<< s)
HH(a,b,c,d,Mj,s,ti)代表 a=b+((a+H(b,c,d)+Mj+ti)<<< s)
II(a,b,c,d,Mj,s,ti)代表 a=b+((a+I(b,c,d)+Mj+ti)<<< s)
其中Mi代表消息的第i个子块(0到15),而<<< s表示左循环s位,直接把 s 记为常数的了:)
ti为2的32次方乘abs(sin(i))的整数部分,其中i为弧度,在64步循环中取1-64。偶菜鸟直接把 ti 记为64个常数还方便些:)
下面看下64步循环:
第一圈:
FF(a,b,c,d,M0,7,0xd76aa478)
FF(d,a,b,c,M1,12,0xe8c7b756)
FF(c,d,a,b,M2,17,0x242070db)
FF(b,c,d,a,M3,22,0xclbdceee)
FF(a,b,c,d,M4,7,0xf57c0faf)
FF(d,a,b,c,M5,12,0x4787c62a)
FF(c,d,a,b,M6,17,0xa8304613)
FF(b,c,d,a,M7,22,0xfd469501)
FF(a,b,c,d,M8,7,0x698098d8)
FF(d,a,b,c,M9,12,0x8b44f7af)
FF(c,d,a,b,M10,17,0xffff5bb1)
FF(B,C,D,A,m11,22,0X895cd7be)
FF(a,b,c,d,M12,7,0xf6b901122)
FF(d,a,b,c,M13,12,0xfd987193)
FF(c,d,a,b,M14,17,0xa6794383)
FF(b,c,d,a,M15,22,0x49b40821)
第二圈:
GG(a,b,c,d,M1,5,0xf61e2562)
GG(d,a,b,c,M6,9,0xc040b340)
GG(c,d,a,b,M11,14,0x2b5e5a51)
GG(b,c,d,a,M0,20,0xe9b6c7aa)
GG(a,b,c,d,M5,5,0xd62f105d)
GG(d,a,b,c,M10,9,0x02441453)
GG(c,d,a,b,M15,14,0xd8ale681)
GG(b,c,d,a,M4,20,0xe7d3fbc8)
GG(a,b,c,d,M9,5,0x21elcde6)
GG(d,a,b,c,M14,9.0xc33707d6)
GG(c,d,a,b,M3,14,0xf4d50d87)
GG(b,c,d,a,M8,20,0x45al4ed)
GG(a,b,c,d,M13,5,0xa9e3e905)
GG(d,a,b,c,M2,9,0xfcefaef8)
GG(c,d,a,b,M7,14,0x676f02d9)
GG(b,c,d,a,M12,20,0x8d2a4c8a)
第三圈:
HH(a,b,c,d,M5,4,0xfffa3942)
HH(d,a,b,c,M8,11,0x8771f681)
HH(c,d,a,b,M11,16,0x6d9d6122)
HH(b,c,d,a,M14,23,0xfde5380c)
HH(a,b,c,d,M1,4,0xa4beea44)
HH(d,a,b,c,M4,11,0x4bdecfa9)
HH(c,d,a,b,M7,16,0xf6bb4b60)
HH(b,c,d,a,M10,23,0xbebfbc70)
HH(a,b,c,d,M13,4,0x28967ec6)
HH(d,a,b,c,M0,11,0xeaa127fa)
HH(c,d,a,b,M3,16,0xd4ef3085)
HH(b,c,d,a,M6,23,0x04881d05)
HH(a,b,c,d,M9,4,0xd9d4d039)
HH(d,a,b,c,M12,11,0xe6db99e5)
HH(c,d,a,b,M15,16,0xlfa27cf8)
HH(b,c,d,a,M2,23,0xc4ac5665)
第四圈
II(a,b,c,d,M0,6,0xf4292244)
II(d,a,b,c,M7,10,0x432aff97)
II(c,d,a,b,M14,15,0xab9423a7)
II(b,c,d,a,M5,21,0xfc93a039)
II(a,b,c,d,M12,6,0x655b59c3)
II(d,a,b,c,M3,10,0x8f0ccc92)
II(c,d,a,b,M10,15,0xffeff47d)
II(b,c,d,a,M1,21,0x85845dd1)
II(a,b,c,d,M8,6,0x6fa87e4f)
II(d,a,b,c,M15,10,0xfe2ce6e0)
II(c,d,a,b,M6,15,0xa3014314)
II(b,c,d,a,M13,21,0x4e0811a1)
II(a,b,c,d,M4,6,0xf7537e82)
II(d,a,b,c,M11,10,0xbd3af235)
II(c,d,a,b,M2,15,0x2ad7d2bb)
II(b,c,d,a,M9,21,0xeb86d391)
咱们看下面程序来分析:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
00450BDA |. 50 push eax ; /第一步开始:
00450BDB |. 8B4424 1C mov eax, dword ptr [esp+1C] ; |MO(31393246)放入EAX,就是内存中的前8位:46323931
00450BDF |. 50 push eax ; |第一步中的Mi
00450BE0 |. 6A 07 push 7 ; |第一步中的s
00450BE2 |. 68 78A46AD7 push D76AA478 ; |第一步中的ti(作者都把这个数当作常数来用的吗)
00450BE7 |. 8BC3 mov eax, ebx ; |
00450BE9 |. 8B0F mov ecx, dword ptr [edi] ; |常数c
00450BEB |. 8B16 mov edx, dword ptr [esi] ; |常数b
00450BED |. E8 4EFEFFFF call 00450A40 ; \第一步算法CALL,跟进~
00450BF2 |. 8B07 mov eax, dword ptr [edi] ; 第一步的结果放在EAX中~
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
跟进第一步算法CALL:
00450A40 /$ 55 push ebp
00450A41 |. 8BEC mov ebp, esp
00450A43 |. 53 push ebx
00450A44 |. 56 push esi
00450A45 |. 57 push edi
00450A46 |. 8BF9 mov edi, ecx
00450A48 |. 8BF2 mov esi, edx
00450A4A |. 8BD8 mov ebx, eax
00450A4C |. 8B4D 14 mov ecx, dword ptr [ebp+14]
00450A4F |. 8BD7 mov edx, edi
00450A51 |. 8BC6 mov eax, esi
00450A53 |. E8 9CFFFFFF call 004509F4 ; F(b,c,d),跟进
00450A58 |. 0345 10 add eax, dword ptr [ebp+10] ; F(b,c,d)+M0
00450A5B |. 0345 08 add eax, dword ptr [ebp+8] ; F(b,c,d)+M0+t1
00450A5E |. 0103 add dword ptr [ebx], eax ; a+(F(b,c,d)+M0+t1)
00450A60 |. 8BC3 mov eax, ebx
00450A62 |. 8A55 0C mov dl, byte ptr [ebp+C]
00450A65 |. E8 B6FFFFFF call 00450A20 ; (a+I(b,c,d)+Mj+ti)<<< s,跟进
00450A6A |. 0133 add dword ptr [ebx], esi ; b+((a+F(b,c,d)+Mj+ti)<<< s),第一步结果出来拉~
00450A6C |. 5F pop edi
00450A6D |. 5E pop esi
00450A6E |. 5B pop ebx
00450A6F |. 5D pop ebp
00450A70 \. C2 1000 retn 10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
跟进CALL :函数F(b,c,d):
004509F4 /$ 23D0 and edx, eax ; b and c
004509F6 |. F7D0 not eax ; not(b)
004509F8 |. 23C8 and ecx, eax ; not(b) and d
004509FA |. 0BD1 or edx, ecx ; F(b.c.d)
004509FC |. 8BC2 mov eax, edx ; 结果放在EAX中
004509FE \. C3 retn
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
跟进00450A65处的CALL:
00450A20 /$ 53 push ebx
00450A21 |. 33C9 xor ecx, ecx
00450A23 |. 8ACA mov cl, dl
00450A25 |. 51 push ecx
00450A26 |. B9 20000000 mov ecx, 20 ; ECX中放20,十进制32,重要
00450A2B |. 5B pop ebx
00450A2C |. 2BCB sub ecx, ebx ; 20(十进制32)减第一步的s(7)
00450A2E |. 8B18 mov ebx, dword ptr [eax] ; a+(F(b,c,d)+M0+t1)放在EBX中~
00450A30 |. D3EB shr ebx, cl ; (a+(F(b,c,d)+M0+t1))的值先右移19(十进制25)位,记位字符串A
00450A32 |. 8BCA mov ecx, edx
00450A34 |. 8B10 mov edx, dword ptr [eax]
00450A36 |. D3E2 shl edx, cl ; (a+(F(b,c,d)+M0+t1))的值再左移s(7)位,值记位B
00450A38 |. 0BDA or ebx, edx ; A or B,也就等于(a+(F(b,c,d)+M0+t1))的值左循环s(7)位
00450A3A |. 8918 mov dword ptr [eax], ebx
00450A3C |. 5B pop ebx
解释下上面的CALL:
(a+(F(b,c,d)+M0+t1))的值为32位,先右移25位,右移后只在底7为中保留原来的高7位,其他位数为0,结果记为A。
(a+(F(b,c,d)+M0+t1))的值再左移7位,高25位为原来的8-32位,低7位为0,记为B。
A or B,结果等于(a+(F(b,c,d)+M0+t1))的值左循环7位。
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
下面63步我就不一个一个详细解释拉~~
00450BF4 |. 50 push eax ; /第二步开始
00450BF5 |. 8B4424 20 mov eax, dword ptr [esp+20] ; |M1(34344138)放入EAX,就是内存中的9-16位:38413434
00450BF9 |. 50 push eax ; |第二步中的Mi(M1(34344138))
00450BFA |. 6A 0C push 0C ; |第二步中的s(C(十进制12)
00450BFC |. 68 56B7C7E8 push E8C7B756 ; |第二步中的ti(0xe8c7b756)
00450C01 |. 8BC5 mov eax, ebp ; |
00450C03 |. 8B0E mov ecx, dword ptr [esi] ; |常数b
00450C05 |. 8B13 mov edx, dword ptr [ebx] ; |常数a(此时的a已经是上一步的计算结果了)
00450C07 |. E8 34FEFFFF call 00450A40 ; \Project1.00450A40
00450C0C |. 8B06 mov eax, dword ptr [esi]
00450C0E |. 50 push eax ; /Arg4
00450C0F |. 8B4424 24 mov eax, dword ptr [esp+24] ; |
00450C13 |. 50 push eax ; |Arg3
00450C14 |. 6A 11 push 11 ; |Arg2 = 00000011
00450C16 |. 68 DB702024 push 242070DB ; |Arg1 = 242070DB
00450C1B |. 8BC7 mov eax, edi ; |
00450C1D |. 8B0B mov ecx, dword ptr [ebx] ; |
00450C1F |. 8B55 00 mov edx, dword ptr [ebp] ; |
00450C22 |. E8 19FEFFFF call 00450A40 ; \Project1.00450A40
00450C27 |. 8B03 mov eax, dword ptr [ebx]
00450C29 |. 50 push eax ; /Arg4
00450C2A |. 8B4424 28 mov eax, dword ptr [esp+28] ; |
00450C2E |. 50 push eax ; |Arg3
00450C2F |. 6A 16 push 16 ; |Arg2 = 00000016
00450C31 |. 68 EECEBDC1 push C1BDCEEE ; |Arg1 = C1BDCEEE
00450C36 |. 8BC6 mov eax, esi ; |
00450C38 |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
00450C3B |. 8B17 mov edx, dword ptr [edi] ; |
00450C3D |. E8 FEFDFFFF call 00450A40 ; \Project1.00450A40
00450C42 |. 8B45 00 mov eax, dword ptr [ebp]
00450C45 |. 50 push eax ; /Arg4
00450C46 |. 8B4424 2C mov eax, dword ptr [esp+2C] ; |
00450C4A |. 50 push eax ; |Arg3
00450C4B |. 6A 07 push 7 ; |Arg2 = 00000007
00450C4D |. 68 AF0F7CF5 push F57C0FAF ; |Arg1 = F57C0FAF
00450C52 |. 8BC3 mov eax, ebx ; |
00450C54 |. 8B0F mov ecx, dword ptr [edi] ; |
00450C56 |. 8B16 mov edx, dword ptr [esi] ; |
00450C58 |. E8 E3FDFFFF call 00450A40 ; \Project1.00450A40
00450C5D |. 8B07 mov eax, dword ptr [edi]
00450C5F |. 50 push eax ; /Arg4
00450C60 |. 8B4424 30 mov eax, dword ptr [esp+30] ; |
00450C64 |. 50 push eax ; |Arg3
00450C65 |. 6A 0C push 0C ; |Arg2 = 0000000C
00450C67 |. 68 2AC68747 push 4787C62A ; |Arg1 = 4787C62A
00450C6C |. 8BC5 mov eax, ebp ; |
00450C6E |. 8B0E mov ecx, dword ptr [esi] ; |
00450C70 |. 8B13 mov edx, dword ptr [ebx] ; |
00450C72 |. E8 C9FDFFFF call 00450A40 ; \Project1.00450A40
00450C77 |. 8B06 mov eax, dword ptr [esi]
00450C79 |. 50 push eax ; /Arg4
00450C7A |. 8B4424 34 mov eax, dword ptr [esp+34] ; |
00450C7E |. 50 push eax ; |Arg3
00450C7F |. 6A 11 push 11 ; |Arg2 = 00000011
00450C81 |. 68 134630A8 push A8304613 ; |Arg1 = A8304613
00450C86 |. 8BC7 mov eax, edi ; |
00450C88 |. 8B0B mov ecx, dword ptr [ebx] ; |
00450C8A |. 8B55 00 mov edx, dword ptr [ebp] ; |
00450C8D |. E8 AEFDFFFF call 00450A40 ; \Project1.00450A40
00450C92 |. 8B03 mov eax, dword ptr [ebx]
00450C94 |. 50 push eax ; /Arg4
00450C95 |. 8B4424 38 mov eax, dword ptr [esp+38] ; |
00450C99 |. 50 push eax ; |Arg3
00450C9A |. 6A 16 push 16 ; |Arg2 = 00000016
00450C9C |. 68 019546FD push FD469501 ; |Arg1 = FD469501
00450CA1 |. 8BC6 mov eax, esi ; |
00450CA3 |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
00450CA6 |. 8B17 mov edx, dword ptr [edi] ; |
00450CA8 |. E8 93FDFFFF call 00450A40 ; \Project1.00450A40
00450CAD |. 8B45 00 mov eax, dword ptr [ebp]
00450CB0 |. 50 push eax ; /Arg4
00450CB1 |. 8B4424 3C mov eax, dword ptr [esp+3C] ; |
00450CB5 |. 50 push eax ; |Arg3
00450CB6 |. 6A 07 push 7 ; |Arg2 = 00000007
00450CB8 |. 68 D8988069 push 698098D8 ; |Arg1 = 698098D8
00450CBD |. 8BC3 mov eax, ebx ; |
00450CBF |. 8B0F mov ecx, dword ptr [edi] ; |
00450CC1 |. 8B16 mov edx, dword ptr [esi] ; |
00450CC3 |. E8 78FDFFFF call 00450A40 ; \Project1.00450A40
00450CC8 |. 8B07 mov eax, dword ptr [edi]
00450CCA |. 50 push eax ; /Arg4
00450CCB |. 8B4424 40 mov eax, dword ptr [esp+40] ; |
00450CCF |. 50 push eax ; |Arg3
00450CD0 |. 6A 0C push 0C ; |Arg2 = 0000000C
00450CD2 |. 68 AFF7448B push 8B44F7AF ; |Arg1 = 8B44F7AF
00450CD7 |. 8BC5 mov eax, ebp ; |
00450CD9 |. 8B0E mov ecx, dword ptr [esi] ; |
00450CDB |. 8B13 mov edx, dword ptr [ebx] ; |
00450CDD |. E8 5EFDFFFF call 00450A40 ; \Project1.00450A40
00450CE2 |. 8B06 mov eax, dword ptr [esi]
00450CE4 |. 50 push eax ; /Arg4
00450CE5 |. 8B4424 44 mov eax, dword ptr [esp+44] ; |
00450CE9 |. 50 push eax ; |Arg3
00450CEA |. 6A 11 push 11 ; |Arg2 = 00000011
00450CEC |. 68 B15BFFFF push FFFF5BB1 ; |Arg1 = FFFF5BB1
00450CF1 |. 8BC7 mov eax, edi ; |
00450CF3 |. 8B0B mov ecx, dword ptr [ebx] ; |
00450CF5 |. 8B55 00 mov edx, dword ptr [ebp] ; |
00450CF8 |. E8 43FDFFFF call 00450A40 ; \Project1.00450A40
00450CFD |. 8B03 mov eax, dword ptr [ebx]
00450CFF |. 50 push eax ; /Arg4
00450D00 |. 8B4424 48 mov eax, dword ptr [esp+48] ; |
00450D04 |. 50 push eax ; |Arg3
00450D05 |. 6A 16 push 16 ; |Arg2 = 00000016
00450D07 |. 68 BED75C89 push 895CD7BE ; |Arg1 = 895CD7BE
00450D0C |. 8BC6 mov eax, esi ; |
00450D0E |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
00450D11 |. 8B17 mov edx, dword ptr [edi] ; |
00450D13 |. E8 28FDFFFF call 00450A40 ; \Project1.00450A40
00450D18 |. 8B45 00 mov eax, dword ptr [ebp]
00450D1B |. 50 push eax ; /Arg4
00450D1C |. 8B4424 4C mov eax, dword ptr [esp+4C] ; |
00450D20 |. 50 push eax ; |Arg3
00450D21 |. 6A 07 push 7 ; |Arg2 = 00000007
00450D23 |. 68 2211906B push 6B901122 ; |Arg1 = 6B901122
00450D28 |. 8BC3 mov eax, ebx ; |
00450D2A |. 8B0F mov ecx, dword ptr [edi] ; |
00450D2C |. 8B16 mov edx, dword ptr [esi] ; |
00450D2E |. E8 0DFDFFFF call 00450A40 ; \Project1.00450A40
00450D33 |. 8B07 mov eax, dword ptr [edi]
00450D35 |. 50 push eax ; /Arg4
00450D36 |. 8B4424 50 mov eax, dword ptr [esp+50] ; |
00450D3A |. 50 push eax ; |Arg3
00450D3B |. 6A 0C push 0C ; |Arg2 = 0000000C
00450D3D |. 68 937198FD push FD987193 ; |Arg1 = FD987193
00450D42 |. 8BC5 mov eax, ebp ; |
00450D44 |. 8B0E mov ecx, dword ptr [esi] ; |
00450D46 |. 8B13 mov edx, dword ptr [ebx] ; |
00450D48 |. E8 F3FCFFFF call 00450A40 ; \Project1.00450A40
00450D4D |. 8B06 mov eax, dword ptr [esi]
00450D4F |. 50 push eax ; /Arg4
00450D50 |. 8B4424 54 mov eax, dword ptr [esp+54] ; |
00450D54 |. 50 push eax ; |Arg3
00450D55 |. 6A 11 push 11 ; |Arg2 = 00000011
00450D57 |. 68 8E4379A6 push A679438E ; |Arg1 = A679438E
00450D5C |. 8BC7 mov eax, edi ; |
00450D5E |. 8B0B mov ecx, dword ptr [ebx] ; |
00450D60 |. 8B55 00 mov edx, dword ptr [ebp] ; |
00450D63 |. E8 D8FCFFFF call 00450A40 ; \Project1.00450A40
00450D68 |. 8B03 mov eax, dword ptr [ebx]
00450D6A |. 50 push eax ; /Arg4
00450D6B |. 8B4424 58 mov eax, dword ptr [esp+58] ; |
00450D6F |. 50 push eax ; |Arg3
00450D70 |. 6A 16 push 16 ; |Arg2 = 00000016
00450D72 |. 68 2108B449 push 49B40821 ; |Arg1 = 49B40821
00450D77 |. 8BC6 mov eax, esi ; |
00450D79 |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
00450D7C |. 8B17 mov edx, dword ptr [edi] ; |
00450D7E |. E8 BDFCFFFF call 00450A40 ; \Project1.00450A40
00450D83 |. 8B45 00 mov eax, dword ptr [ebp]
00450D86 |. 50 push eax ; /Arg4
00450D87 |. 8B4424 20 mov eax, dword ptr [esp+20] ; |
00450D8B |. 50 push eax ; |Arg3
00450D8C |. 6A 05 push 5 ; |Arg2 = 00000005
00450D8E |. 68 62251EF6 push F61E2562 ; |Arg1 = F61E2562
00450D93 |. 8BC3 mov eax, ebx ; |
00450D95 |. 8B0F mov ecx, dword ptr [edi] ; |
00450D97 |. 8B16 mov edx, dword ptr [esi] ; |
00450D99 |. E8 D6FCFFFF call 00450A74 ; \Project1.00450A74
00450D9E |. 8B07 mov eax, dword ptr [edi]
00450DA0 |. 50 push eax ; /Arg4
00450DA1 |. 8B4424 34 mov eax, dword ptr [esp+34] ; |
00450DA5 |. 50 push eax ; |Arg3
00450DA6 |. 6A 09 push 9 ; |Arg2 = 00000009
00450DA8 |. 68 40B340C0 push C040B340 ; |Arg1 = C040B340
00450DAD |. 8BC5 mov eax, ebp ; |
00450DAF |. 8B0E mov ecx, dword ptr [esi] ; |
00450DB1 |. 8B13 mov edx, dword ptr [ebx] ; |
00450DB3 |. E8 BCFCFFFF call 00450A74 ; \Project1.00450A74
00450DB8 |. 8B06 mov eax, dword ptr [esi]
00450DBA |. 50 push eax ; /Arg4
00450DBB |. 8B4424 48 mov eax, dword ptr [esp+48] ; |
00450DBF |. 50 push eax ; |Arg3
00450DC0 |. 6A 0E push 0E ; |Arg2 = 0000000E
00450DC2 |. 68 515A5E26 push 265E5A51 ; |Arg1 = 265E5A51
00450DC7 |. 8BC7 mov eax, edi ; |
00450DC9 |. 8B0B mov ecx, dword ptr [ebx] ; |
00450DCB |. 8B55 00 mov edx, dword ptr [ebp] ; |
00450DCE |. E8 A1FCFFFF call 00450A74 ; \Project1.00450A74
00450DD3 |. 8B03 mov eax, dword ptr [ebx]
00450DD5 |. 50 push eax ; /Arg4
00450DD6 |. 8B4424 1C mov eax, dword ptr [esp+1C] ; |
00450DDA |. 50 push eax ; |Arg3
00450DDB |. 6A 14 push 14 ; |Arg2 = 00000014
00450DDD |. 68 AAC7B6E9 push E9B6C7AA ; |Arg1 = E9B6C7AA
00450DE2 |. 8BC6 mov eax, esi ; |
00450DE4 |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
00450DE7 |. 8B17 mov edx, dword ptr [edi] ; |
00450DE9 |. E8 86FCFFFF call 00450A74 ; \Project1.00450A74
00450DEE |. 8B45 00 mov eax, dword ptr [ebp]
00450DF1 |. 50 push eax ; /Arg4
00450DF2 |. 8B4424 30 mov eax, dword ptr [esp+30] ; |
00450DF6 |. 50 push eax ; |Arg3
00450DF7 |. 6A 05 push 5 ; |Arg2 = 00000005
00450DF9 |. 68 5D102FD6 push D62F105D ; |Arg1 = D62F105D
00450DFE |. 8BC3 mov eax, ebx ; |
00450E00 |. 8B0F mov ecx, dword ptr [edi] ; |
00450E02 |. 8B16 mov edx, dword ptr [esi] ; |
00450E04 |. E8 6BFCFFFF call 00450A74 ; \Project1.00450A74
00450E09 |. 8B07 mov eax, dword ptr [edi]
00450E0B |. 50 push eax ; /Arg4
00450E0C |. 8B4424 44 mov eax, dword ptr [esp+44] ; |
00450E10 |. 50 push eax ; |Arg3
00450E11 |. 6A 09 push 9 ; |Arg2 = 00000009
00450E13 |. 68 53144402 push 2441453 ; |Arg1 = 02441453
00450E18 |. 8BC5 mov eax, ebp ; |
00450E1A |. 8B0E mov ecx, dword ptr [esi] ; |
00450E1C |. 8B13 mov edx, dword ptr [ebx] ; |
00450E1E |. E8 51FCFFFF call 00450A74 ; \Project1.00450A74
00450E23 |. 8B06 mov eax, dword ptr [esi]
00450E25 |. 50 push eax ; /Arg4
00450E26 |. 8B4424 58 mov eax, dword ptr [esp+58] ; |
00450E2A |. 50 push eax ; |Arg3
00450E2B |. 6A 0E push 0E ; |Arg2 = 0000000E
00450E2D |. 68 81E6A1D8 push D8A1E681 ; |Arg1 = D8A1E681
00450E32 |. 8BC7 mov eax, edi ; |
00450E34 |. 8B0B mov ecx, dword ptr [ebx] ; |
00450E36 |. 8B55 00 mov edx, dword ptr [ebp] ; |
00450E39 |. E8 36FCFFFF call 00450A74 ; \Project1.00450A74
00450E3E |. 8B03 mov eax, dword ptr [ebx]
00450E40 |. 50 push eax ; /Arg4
00450E41 |. 8B4424 2C mov eax, dword ptr [esp+2C] ; |
00450E45 |. 50 push eax ; |Arg3
00450E46 |. 6A 14 push 14 ; |Arg2 = 00000014
00450E48 |. 68 C8FBD3E7 push E7D3FBC8 ; |Arg1 = E7D3FBC8
00450E4D |. 8BC6 mov eax, esi ; |
00450E4F |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
00450E52 |. 8B17 mov edx, dword ptr [edi] ; |
00450E54 |. E8 1BFCFFFF call 00450A74 ; \Project1.00450A74
00450E59 |. 8B45 00 mov eax, dword ptr [ebp]
00450E5C |. 50 push eax ; /Arg4
00450E5D |. 8B4424 40 mov eax, dword ptr [esp+40] ; |
00450E61 |. 50 push eax ; |Arg3
00450E62 |. 6A 05 push 5 ; |Arg2 = 00000005
00450E64 |. 68 E6CDE121 push 21E1CDE6 ; |Arg1 = 21E1CDE6
00450E69 |. 8BC3 mov eax, ebx ; |
00450E6B |. 8B0F mov ecx, dword ptr [edi] ; |
00450E6D |. 8B16 mov edx, dword ptr [esi] ; |
00450E6F |. E8 00FCFFFF call 00450A74 ; \Project1.00450A74
00450E74 |. 8B07 mov eax, dword ptr [edi]
00450E76 |. 50 push eax ; /Arg4
00450E77 |. 8B4424 54 mov eax, dword ptr [esp+54] ; |
00450E7B |. 50 push eax ; |Arg3
00450E7C |. 6A 09 push 9 ; |Arg2 = 00000009
00450E7E |. 68 D60737C3 push C33707D6 ; |Arg1 = C33707D6
00450E83 |. 8BC5 mov eax, ebp ; |
00450E85 |. 8B0E mov ecx, dword ptr [esi] ; |
00450E87 |. 8B13 mov edx, dword ptr [ebx] ; |
00450E89 |. E8 E6FBFFFF call 00450A74 ; \Project1.00450A74
00450E8E |. 8B06 mov eax, dword ptr [esi]
00450E90 |. 50 push eax ; /Arg4
00450E91 |. 8B4424 28 mov eax, dword ptr [esp+28] ; |
00450E95 |. 50 push eax ; |Arg3
00450E96 |. 6A 0E push 0E ; |Arg2 = 0000000E
00450E98 |. 68 870DD5F4 push F4D50D87 ; |Arg1 = F4D50D87
00450E9D |. 8BC7 mov eax, edi ; |
00450E9F |. 8B0B mov ecx, dword ptr [ebx] ; |
00450EA1 |. 8B55 00 mov edx, dword ptr [ebp] ; |
00450EA4 |. E8 CBFBFFFF call 00450A74 ; \Project1.00450A74
00450EA9 |. 8B03 mov eax, dword ptr [ebx]
00450EAB |. 50 push eax ; /Arg4
00450EAC |. 8B4424 3C mov eax, dword ptr [esp+3C] ; |
00450EB0 |. 50 push eax ; |Arg3
00450EB1 |. 6A 14 push 14 ; |Arg2 = 00000014
00450EB3 |. 68 ED145A45 push 455A14ED ; |Arg1 = 455A14ED
00450EB8 |. 8BC6 mov eax, esi ; |
00450EBA |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
00450EBD |. 8B17 mov edx, dword ptr [edi] ; |
00450EBF |. E8 B0FBFFFF call 00450A74 ; \Project1.00450A74
00450EC4 |. 8B45 00 mov eax, dword ptr [ebp]
00450EC7 |. 50 push eax ; /Arg4
00450EC8 |. 8B4424 50 mov eax, dword ptr [esp+50] ; |
00450ECC |. 50 push eax ; |Arg3
00450ECD |. 6A 05 push 5 ; |Arg2 = 00000005
00450ECF |. 68 05E9E3A9 push A9E3E905 ; |Arg1 = A9E3E905
00450ED4 |. 8BC3 mov eax, ebx ; |
00450ED6 |. 8B0F mov ecx, dword ptr [edi] ; |
00450ED8 |. 8B16 mov edx, dword ptr [esi] ; |
00450EDA |. E8 95FBFFFF call 00450A74 ; \Project1.00450A74
00450EDF |. 8B07 mov eax, dword ptr [edi]
00450EE1 |. 50 push eax ; /Arg4
00450EE2 |. 8B4424 24 mov eax, dword ptr [esp+24] ; |
00450EE6 |. 50 push eax ; |Arg3
00450EE7 |. 6A 09 push 9 ; |Arg2 = 00000009
00450EE9 |. 68 F8A3EFFC push FCEFA3F8 ; |Arg1 = FCEFA3F8
00450EEE |. 8BC5 mov eax, ebp ; |
00450EF0 |. 8B0E mov ecx, dword ptr [esi] ; |
00450EF2 |. 8B13 mov edx, dword ptr [ebx] ; |
00450EF4 |. E8 7BFBFFFF call 00450A74 ; \Project1.00450A74
00450EF9 |. 8B06 mov eax, dword ptr [esi]
00450EFB |. 50 push eax ; /Arg4
00450EFC |. 8B4424 38 mov eax, dword ptr [esp+38] ; |
00450F00 |. 50 push eax ; |Arg3
00450F01 |. 6A 0E push 0E ; |Arg2 = 0000000E
00450F03 |. 68 D9026F67 push 676F02D9 ; |Arg1 = 676F02D9
00450F08 |. 8BC7 mov eax, edi ; |
00450F0A |. 8B0B mov ecx, dword ptr [ebx] ; |
00450F0C |. 8B55 00 mov edx, dword ptr [ebp] ; |
00450F0F |. E8 60FBFFFF call 00450A74 ; \Project1.00450A74
00450F14 |. 8B03 mov eax, dword ptr [ebx]
00450F16 |. 50 push eax ; /Arg4
00450F17 |. 8B4424 4C mov eax, dword ptr [esp+4C] ; |
00450F1B |. 50 push eax ; |Arg3
00450F1C |. 6A 14 push 14 ; |Arg2 = 00000014
00450F1E |. 68 8A4C2A8D push 8D2A4C8A ; |Arg1 = 8D2A4C8A
00450F23 |. 8BC6 mov eax, esi ; |
00450F25 |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
00450F28 |. 8B17 mov edx, dword ptr [edi] ; |
00450F2A |. E8 45FBFFFF call 00450A74 ; \Project1.00450A74
00450F2F |. 8B45 00 mov eax, dword ptr [ebp]
00450F32 |. 50 push eax ; /Arg4
00450F33 |. 8B4424 30 mov eax, dword ptr [esp+30] ; |
00450F37 |. 50 push eax ; |Arg3
00450F38 |. 6A 04 push 4 ; |Arg2 = 00000004
00450F3A |. 68 4239FAFF push FFFA3942 ; |Arg1 = FFFA3942
00450F3F |. 8BC3 mov eax, ebx ; |
00450F41 |. 8B0F mov ecx, dword ptr [edi] ; |
00450F43 |. 8B16 mov edx, dword ptr [esi] ; |
00450F45 |. E8 5EFBFFFF call 00450AA8 ; \Project1.00450AA8
00450F4A |. 8B07 mov eax, dword ptr [edi]
00450F4C |. 50 push eax ; /Arg4
00450F4D |. 8B4424 3C mov eax, dword ptr [esp+3C] ; |
00450F51 |. 50 push eax ; |Arg3
00450F52 |. 6A 0B push 0B ; |Arg2 = 0000000B
00450F54 |. 68 81F67187 push 8771F681 ; |Arg1 = 8771F681
00450F59 |. 8BC5 mov eax, ebp ; |
00450F5B |. 8B0E mov ecx, dword ptr [esi] ; |
00450F5D |. 8B13 mov edx, dword ptr [ebx] ; |
00450F5F |. E8 44FBFFFF call 00450AA8 ; \Project1.00450AA8
00450F64 |. 8B06 mov eax, dword ptr [esi]
00450F66 |. 50 push eax ; /Arg4
00450F67 |. 8B4424 48 mov eax, dword ptr [esp+48] ; |
00450F6B |. 50 push eax ; |Arg3
00450F6C |. 6A 10 push 10 ; |Arg2 = 00000010
00450F6E |. 68 22619D6D push 6D9D6122 ; |Arg1 = 6D9D6122
00450F73 |. 8BC7 mov eax, edi ; |
00450F75 |. 8B0B mov ecx, dword ptr [ebx] ; |
00450F77 |. 8B55 00 mov edx, dword ptr [ebp] ; |
00450F7A |. E8 29FBFFFF call 00450AA8 ; \Project1.00450AA8
00450F7F |. 8B03 mov eax, dword ptr [ebx]
00450F81 |. 50 push eax ; /Arg4
00450F82 |. 8B4424 54 mov eax, dword ptr [esp+54] ; |
00450F86 |. 50 push eax ; |Arg3
00450F87 |. 6A 17 push 17 ; |Arg2 = 00000017
00450F89 |. 68 0C38E5FD push FDE5380C ; |Arg1 = FDE5380C
00450F8E |. 8BC6 mov eax, esi ; |
00450F90 |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
00450F93 |. 8B17 mov edx, dword ptr [edi] ; |
00450F95 |. E8 0EFBFFFF call 00450AA8 ; \Project1.00450AA8
00450F9A |. 8B45 00 mov eax, dword ptr [ebp]
00450F9D |. 50 push eax ; /Arg4
00450F9E |. 8B4424 20 mov eax, dword ptr [esp+20] ; |
00450FA2 |. 50 push eax ; |Arg3
00450FA3 |. 6A 04 push 4 ; |Arg2 = 00000004
00450FA5 |. 68 44EABEA4 push A4BEEA44 ; |Arg1 = A4BEEA44
00450FAA |. 8BC3 mov eax, ebx ; |
00450FAC |. 8B0F mov ecx, dword ptr [edi] ; |
00450FAE |. 8B16 mov edx, dword ptr [esi] ; |
00450FB0 |. E8 F3FAFFFF call 00450AA8 ; \Project1.00450AA8
00450FB5 |. 8B07 mov eax, dword ptr [edi]
00450FB7 |. 50 push eax ; /Arg4
00450FB8 |. 8B4424 2C mov eax, dword ptr [esp+2C] ; |
00450FBC |. 50 push eax ; |Arg3
00450FBD |. 6A 0B push 0B ; |Arg2 = 0000000B
00450FBF |. 68 A9CFDE4B push 4BDECFA9 ; |Arg1 = 4BDECFA9
00450FC4 |. 8BC5 mov eax, ebp ; |
00450FC6 |. 8B0E mov ecx, dword ptr [esi] ; |
00450FC8 |. 8B13 mov edx, dword ptr [ebx] ; |
00450FCA |. E8 D9FAFFFF call 00450AA8 ; \Project1.00450AA8
00450FCF |. 8B06 mov eax, dword ptr [esi]
00450FD1 |. 50 push eax ; /Arg4
00450FD2 |. 8B4424 38 mov eax, dword ptr [esp+38] ; |
00450FD6 |. 50 push eax ; |Arg3
00450FD7 |. 6A 10 push 10 ; |Arg2 = 00000010
00450FD9 |. 68 604BBBF6 push F6BB4B60 ; |Arg1 = F6BB4B60
00450FDE |. 8BC7 mov eax, edi ; |
00450FE0 |. 8B0B mov ecx, dword ptr [ebx] ; |
00450FE2 |. 8B55 00 mov edx, dword ptr [ebp] ; |
00450FE5 |. E8 BEFAFFFF call 00450AA8 ; \Project1.00450AA8
00450FEA |. 8B03 mov eax, dword ptr [ebx]
00450FEC |. 50 push eax ; /Arg4
00450FED |. 8B4424 44 mov eax, dword ptr [esp+44] ; |
00450FF1 |. 50 push eax ; |Arg3
00450FF2 |. 6A 17 push 17 ; |Arg2 = 00000017
00450FF4 |. 68 70BCBFBE push BEBFBC70 ; |Arg1 = BEBFBC70
00450FF9 |. 8BC6 mov eax, esi ; |
00450FFB |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
00450FFE |. 8B17 mov edx, dword ptr [edi] ; |
00451000 |. E8 A3FAFFFF call 00450AA8 ; \Project1.00450AA8
00451005 |. 8B45 00 mov eax, dword ptr [ebp]
00451008 |. 50 push eax ; /Arg4
00451009 |. 8B4424 50 mov eax, dword ptr [esp+50] ; |
0045100D |. 50 push eax ; |Arg3
0045100E |. 6A 04 push 4 ; |Arg2 = 00000004
00451010 |. 68 C67E9B28 push 289B7EC6 ; |Arg1 = 289B7EC6
00451015 |. 8BC3 mov eax, ebx ; |
00451017 |. 8B0F mov ecx, dword ptr [edi] ; |
00451019 |. 8B16 mov edx, dword ptr [esi] ; |
0045101B |. E8 88FAFFFF call 00450AA8 ; \Project1.00450AA8
00451020 |. 8B07 mov eax, dword ptr [edi]
00451022 |. 50 push eax ; /Arg4
00451023 |. 8B4424 1C mov eax, dword ptr [esp+1C] ; |
00451027 |. 50 push eax ; |Arg3
00451028 |. 6A 0B push 0B ; |Arg2 = 0000000B
0045102A |. 68 FA27A1EA push EAA127FA ; |Arg1 = EAA127FA
0045102F |. 8BC5 mov eax, ebp ; |
00451031 |. 8B0E mov ecx, dword ptr [esi] ; |
00451033 |. 8B13 mov edx, dword ptr [ebx] ; |
00451035 |. E8 6EFAFFFF call 00450AA8 ; \Project1.00450AA8
0045103A |. 8B06 mov eax, dword ptr [esi]
0045103C |. 50 push eax ; /Arg4
0045103D |. 8B4424 28 mov eax, dword ptr [esp+28] ; |
00451041 |. 50 push eax ; |Arg3
00451042 |. 6A 10 push 10 ; |Arg2 = 00000010
00451044 |. 68 8530EFD4 push D4EF3085 ; |Arg1 = D4EF3085
00451049 |. 8BC7 mov eax, edi ; |
0045104B |. 8B0B mov ecx, dword ptr [ebx] ; |
0045104D |. 8B55 00 mov edx, dword ptr [ebp] ; |
00451050 |. E8 53FAFFFF call 00450AA8 ; \Project1.00450AA8
00451055 |. 8B03 mov eax, dword ptr [ebx]
00451057 |. 50 push eax ; /Arg4
00451058 |. 8B4424 34 mov eax, dword ptr [esp+34] ; |
0045105C |. 50 push eax ; |Arg3
0045105D |. 6A 17 push 17 ; |Arg2 = 00000017
0045105F |. 68 051D8804 push 4881D05 ; |Arg1 = 04881D05
00451064 |. 8BC6 mov eax, esi ; |
00451066 |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
00451069 |. 8B17 mov edx, dword ptr [edi] ; |
0045106B |. E8 38FAFFFF call 00450AA8 ; \Project1.00450AA8
00451070 |. 8B45 00 mov eax, dword ptr [ebp]
00451073 |. 50 push eax ; /Arg4
00451074 |. 8B4424 40 mov eax, dword ptr [esp+40] ; |
00451078 |. 50 push eax ; |Arg3
00451079 |. 6A 04 push 4 ; |Arg2 = 00000004
0045107B |. 68 39D0D4D9 push D9D4D039 ; |Arg1 = D9D4D039
00451080 |. 8BC3 mov eax, ebx ; |
00451082 |. 8B0F mov ecx, dword ptr [edi] ; |
00451084 |. 8B16 mov edx, dword ptr [esi] ; |
00451086 |. E8 1DFAFFFF call 00450AA8 ; \Project1.00450AA8
0045108B |. 8B07 mov eax, dword ptr [edi]
0045108D |. 50 push eax ; /Arg4
0045108E |. 8B4424 4C mov eax, dword ptr [esp+4C] ; |
00451092 |. 50 push eax ; |Arg3
00451093 |. 6A 0B push 0B ; |Arg2 = 0000000B
00451095 |. 68 E599DBE6 push E6DB99E5 ; |Arg1 = E6DB99E5
0045109A |. 8BC5 mov eax, ebp ; |
0045109C |. 8B0E mov ecx, dword ptr [esi] ; |
0045109E |. 8B13 mov edx, dword ptr [ebx] ; |
004510A0 |. E8 03FAFFFF call 00450AA8 ; \Project1.00450AA8
004510A5 |. 8B06 mov eax, dword ptr [esi]
004510A7 |. 50 push eax ; /Arg4
004510A8 |. 8B4424 58 mov eax, dword ptr [esp+58] ; |
004510AC |. 50 push eax ; |Arg3
004510AD |. 6A 10 push 10 ; |Arg2 = 00000010
004510AF |. 68 F87CA21F push 1FA27CF8 ; |Arg1 = 1FA27CF8
004510B4 |. 8BC7 mov eax, edi ; |
004510B6 |. 8B0B mov ecx, dword ptr [ebx] ; |
004510B8 |. 8B55 00 mov edx, dword ptr [ebp] ; |
004510BB |. E8 E8F9FFFF call 00450AA8 ; \Project1.00450AA8
004510C0 |. 8B03 mov eax, dword ptr [ebx]
004510C2 |. 50 push eax ; /Arg4
004510C3 |. 8B4424 24 mov eax, dword ptr [esp+24] ; |
004510C7 |. 50 push eax ; |Arg3
004510C8 |. 6A 17 push 17 ; |Arg2 = 00000017
004510CA |. 68 6556ACC4 push C4AC5665 ; |Arg1 = C4AC5665
004510CF |. 8BC6 mov eax, esi ; |
004510D1 |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
004510D4 |. 8B17 mov edx, dword ptr [edi] ; |
004510D6 |. E8 CDF9FFFF call 00450AA8 ; \Project1.00450AA8
004510DB |. 8B45 00 mov eax, dword ptr [ebp]
004510DE |. 50 push eax ; /Arg4
004510DF |. 8B4424 1C mov eax, dword ptr [esp+1C] ; |
004510E3 |. 50 push eax ; |Arg3
004510E4 |. 6A 06 push 6 ; |Arg2 = 00000006
004510E6 |. 68 442229F4 push F4292244 ; |Arg1 = F4292244
004510EB |. 8BC3 mov eax, ebx ; |
004510ED |. 8B0F mov ecx, dword ptr [edi] ; |
004510EF |. 8B16 mov edx, dword ptr [esi] ; |
004510F1 |. E8 E6F9FFFF call 00450ADC ; \Project1.00450ADC
004510F6 |. 8B07 mov eax, dword ptr [edi]
004510F8 |. 50 push eax ; /Arg4
004510F9 |. 8B4424 38 mov eax, dword ptr [esp+38] ; |
004510FD |. 50 push eax ; |Arg3
004510FE |. 6A 0A push 0A ; |Arg2 = 0000000A
00451100 |. 68 97FF2A43 push 432AFF97 ; |Arg1 = 432AFF97
00451105 |. 8BC5 mov eax, ebp ; |
00451107 |. 8B0E mov ecx, dword ptr [esi] ; |
00451109 |. 8B13 mov edx, dword ptr [ebx] ; |
0045110B |. E8 CCF9FFFF call 00450ADC ; \Project1.00450ADC
00451110 |. 8B06 mov eax, dword ptr [esi]
00451112 |. 50 push eax ; /Arg4
00451113 |. 8B4424 54 mov eax, dword ptr [esp+54] ; |
00451117 |. 50 push eax ; |Arg3
00451118 |. 6A 0F push 0F ; |Arg2 = 0000000F
0045111A |. 68 A72394AB push AB9423A7 ; |Arg1 = AB9423A7
0045111F |. 8BC7 mov eax, edi ; |
00451121 |. 8B0B mov ecx, dword ptr [ebx] ; |
00451123 |. 8B55 00 mov edx, dword ptr [ebp] ; |
00451126 |. E8 B1F9FFFF call 00450ADC ; \Project1.00450ADC
0045112B |. 8B03 mov eax, dword ptr [ebx]
0045112D |. 50 push eax ; /Arg4
0045112E |. 8B4424 30 mov eax, dword ptr [esp+30] ; |
00451132 |. 50 push eax ; |Arg3
00451133 |. 6A 15 push 15 ; |Arg2 = 00000015
00451135 |. 68 39A093FC push FC93A039 ; |Arg1 = FC93A039
0045113A |. 8BC6 mov eax, esi ; |
0045113C |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
0045113F |. 8B17 mov edx, dword ptr [edi] ; |
00451141 |. E8 96F9FFFF call 00450ADC ; \Project1.00450ADC
00451146 |. 8B45 00 mov eax, dword ptr [ebp]
00451149 |. 50 push eax ; /Arg4
0045114A |. 8B4424 4C mov eax, dword ptr [esp+4C] ; |
0045114E |. 50 push eax ; |Arg3
0045114F |. 6A 06 push 6 ; |Arg2 = 00000006
00451151 |. 68 C3595B65 push 655B59C3 ; |Arg1 = 655B59C3
00451156 |. 8BC3 mov eax, ebx ; |
00451158 |. 8B0F mov ecx, dword ptr [edi] ; |
0045115A |. 8B16 mov edx, dword ptr [esi] ; |
0045115C |. E8 7BF9FFFF call 00450ADC ; \Project1.00450ADC
00451161 |. 8B07 mov eax, dword ptr [edi]
00451163 |. 50 push eax ; /Arg4
00451164 |. 8B4424 28 mov eax, dword ptr [esp+28] ; |
00451168 |. 50 push eax ; |Arg3
00451169 |. 6A 0A push 0A ; |Arg2 = 0000000A
0045116B |. 68 92CC0C8F push 8F0CCC92 ; |Arg1 = 8F0CCC92
00451170 |. 8BC5 mov eax, ebp ; |
00451172 |. 8B0E mov ecx, dword ptr [esi] ; |
00451174 |. 8B13 mov edx, dword ptr [ebx] ; |
00451176 |. E8 61F9FFFF call 00450ADC ; \Project1.00450ADC
0045117B |. 8B06 mov eax, dword ptr [esi]
0045117D |. 50 push eax ; /Arg4
0045117E |. 8B4424 44 mov eax, dword ptr [esp+44] ; |
00451182 |. 50 push eax ; |Arg3
00451183 |. 6A 0F push 0F ; |Arg2 = 0000000F
00451185 |. 68 7DF4EFFF push FFEFF47D ; |Arg1 = FFEFF47D
0045118A |. 8BC7 mov eax, edi ; |
0045118C |. 8B0B mov ecx, dword ptr [ebx] ; |
0045118E |. 8B55 00 mov edx, dword ptr [ebp] ; |
00451191 |. E8 46F9FFFF call 00450ADC ; \Project1.00450ADC
00451196 |. 8B03 mov eax, dword ptr [ebx]
00451198 |. 50 push eax ; /Arg4
00451199 |. 8B4424 20 mov eax, dword ptr [esp+20] ; |
0045119D |. 50 push eax ; |Arg3
0045119E |. 6A 15 push 15 ; |Arg2 = 00000015
004511A0 |. 68 D15D8485 push 85845DD1 ; |Arg1 = 85845DD1
004511A5 |. 8BC6 mov eax, esi ; |
004511A7 |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
004511AA |. 8B17 mov edx, dword ptr [edi] ; |
004511AC |. E8 2BF9FFFF call 00450ADC ; \Project1.00450ADC
004511B1 |. 8B45 00 mov eax, dword ptr [ebp]
004511B4 |. 50 push eax ; /Arg4
004511B5 |. 8B4424 3C mov eax, dword ptr [esp+3C] ; |
004511B9 |. 50 push eax ; |Arg3
004511BA |. 6A 06 push 6 ; |Arg2 = 00000006
004511BC |. 68 4F7EA86F push 6FA87E4F ; |Arg1 = 6FA87E4F
004511C1 |. 8BC3 mov eax, ebx ; |
004511C3 |. 8B0F mov ecx, dword ptr [edi] ; |
004511C5 |. 8B16 mov edx, dword ptr [esi] ; |
004511C7 |. E8 10F9FFFF call 00450ADC ; \Project1.00450ADC
004511CC |. 8B07 mov eax, dword ptr [edi]
004511CE |. 50 push eax ; /Arg4
004511CF |. 8B4424 58 mov eax, dword ptr [esp+58] ; |
004511D3 |. 50 push eax ; |Arg3
004511D4 |. 6A 0A push 0A ; |Arg2 = 0000000A
004511D6 |. 68 E0E62CFE push FE2CE6E0 ; |Arg1 = FE2CE6E0
004511DB |. 8BC5 mov eax, ebp ; |
004511DD |. 8B0E mov ecx, dword ptr [esi] ; |
004511DF |. 8B13 mov edx, dword ptr [ebx] ; |
004511E1 |. E8 F6F8FFFF call 00450ADC ; \Project1.00450ADC
004511E6 |. 8B06 mov eax, dword ptr [esi]
004511E8 |. 50 push eax ; /Arg4
004511E9 |. 8B4424 34 mov eax, dword ptr [esp+34] ; |
004511ED |. 50 push eax ; |Arg3
004511EE |. 6A 0F push 0F ; |Arg2 = 0000000F
004511F0 |. 68 144301A3 push A3014314 ; |Arg1 = A3014314
004511F5 |. 8BC7 mov eax, edi ; |
004511F7 |. 8B0B mov ecx, dword ptr [ebx] ; |
004511F9 |. 8B55 00 mov edx, dword ptr [ebp] ; |
004511FC |. E8 DBF8FFFF call 00450ADC ; \Project1.00450ADC
00451201 |. 8B03 mov eax, dword ptr [ebx]
00451203 |. 50 push eax ; /Arg4
00451204 |. 8B4424 50 mov eax, dword ptr [esp+50] ; |
00451208 |. 50 push eax ; |Arg3
00451209 |. 6A 15 push 15 ; |Arg2 = 00000015
0045120B |. 68 A111084E push 4E0811A1 ; |Arg1 = 4E0811A1
00451210 |. 8BC6 mov eax, esi ; |
00451212 |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
00451215 |. 8B17 mov edx, dword ptr [edi] ; |
00451217 |. E8 C0F8FFFF call 00450ADC ; \Project1.00450ADC
0045121C |. 8B45 00 mov eax, dword ptr [ebp]
0045121F |. 50 push eax ; /Arg4
00451220 |. 8B4424 2C mov eax, dword ptr [esp+2C] ; |
00451224 |. 50 push eax ; |Arg3
00451225 |. 6A 06 push 6 ; |Arg2 = 00000006
00451227 |. 68 827E53F7 push F7537E82 ; |Arg1 = F7537E82
0045122C |. 8BC3 mov eax, ebx ; |
0045122E |. 8B0F mov ecx, dword ptr [edi] ; |
00451230 |. 8B16 mov edx, dword ptr [esi] ; |
00451232 |. E8 A5F8FFFF call 00450ADC ; \Project1.00450ADC
00451237 |. 8B07 mov eax, dword ptr [edi]
00451239 |. 50 push eax ; /Arg4
0045123A |. 8B4424 48 mov eax, dword ptr [esp+48] ; |
0045123E |. 50 push eax ; |Arg3
0045123F |. 6A 0A push 0A ; |Arg2 = 0000000A
00451241 |. 68 35F23ABD push BD3AF235 ; |Arg1 = BD3AF235
00451246 |. 8BC5 mov eax, ebp ; |
00451248 |. 8B0E mov ecx, dword ptr [esi] ; |
0045124A |. 8B13 mov edx, dword ptr [ebx] ; |
0045124C |. E8 8BF8FFFF call 00450ADC ; \Project1.00450ADC
00451251 |. 8B06 mov eax, dword ptr [esi]
00451253 |. 50 push eax ; /Arg4
00451254 |. 8B4424 24 mov eax, dword ptr [esp+24] ; |
00451258 |. 50 push eax ; |Arg3
00451259 |. 6A 0F push 0F ; |Arg2 = 0000000F
0045125B |. 68 BBD2D72A push 2AD7D2BB ; |Arg1 = 2AD7D2BB
00451260 |. 8BC7 mov eax, edi ; |
00451262 |. 8B0B mov ecx, dword ptr [ebx] ; |
00451264 |. 8B55 00 mov edx, dword ptr [ebp] ; |
00451267 |. E8 70F8FFFF call 00450ADC ; \Project1.00450ADC
0045126C |. 8B03 mov eax, dword ptr [ebx]
0045126E |. 50 push eax ; /Arg4
0045126F |. 8B4424 40 mov eax, dword ptr [esp+40] ; |
00451273 |. 50 push eax ; |Arg3
00451274 |. 6A 15 push 15 ; |Arg2 = 00000015
00451276 |. 68 91D386EB push EB86D391 ; |Arg1 = EB86D391
0045127B |. 8BC6 mov eax, esi ; |
0045127D |. 8B4D 00 mov ecx, dword ptr [ebp] ; |
00451280 |. 8B17 mov edx, dword ptr [edi] ; |
00451282 |. E8 55F8FFFF call 00450ADC ; \Project1.00450ADC
00451282 |. E8 55F8FFFF call 00450ADC ; \Project1.00450ADC
00451287 |. 8B4424 04 mov eax, dword ptr [esp+4]
0045128B |. 8B13 mov edx, dword ptr [ebx] ; 64步运算后a的结果记为A放在EDX中
0045128D |. 0110 add dword ptr [eax], edx ; a+A
0045128F |. 8B4424 04 mov eax, dword ptr [esp+4]
00451293 |. 8B16 mov edx, dword ptr [esi] ; 64步运算后b的结果记为B放在EDX中
00451295 |. 0150 04 add dword ptr [eax+4], edx ; b+B
00451298 |. 8B4424 04 mov eax, dword ptr [esp+4]
0045129C |. 8B17 mov edx, dword ptr [edi] ; 64步运算后c的结果记为C放在EDX中
0045129E |. 0150 08 add dword ptr [eax+8], edx ; c+C
004512A1 |. 8B4424 04 mov eax, dword ptr [esp+4]
004512A5 |. 8B55 00 mov edx, dword ptr [ebp] ; 64步运算后d的结果记为D放在EDX中
004512A8 |. 0150 0C add dword ptr [eax+C], edx ; d+D
004512AB |. 83C4 58 add esp, 58
004512AE |. 5D pop ebp
004512AF |. 5F pop edi
004512B0 |. 5E pop esi
004512B1 |. 5B pop ebx
004512B2 \. C3 retn
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++==
经过64步预算后的a,b,c,d在内存中的结果记位A,B,C,D为:
A:3D 07 0C B5
B:3F B5 5D FE
C:D9 62 F8 12
D:80 94 E7 4F
内存中原来的a,b,c,d.
a:01 23 45 67
b:89 AB CD EF
c:FE DC BA 98
d:76 54 32 10
然后相加(注意顺序,这里相加数字是和内存中的排列是不一样的):
a+A=67452301+B50C073D=1C512A3E 内存中结果为:3E2A511C
b+B=EFCDAB89+FE5DB53F=EE2B60C8 内存中结果为:C8602BEE
c+C=98BADCFE+12F862D9=ABB33FD7 内存中结果为:D73FB3AB
d+D=10325476+4FE79480=6019E8F6 内存中结果为:F6E81960
大家看下:内存中的数连接起来:
3E2A511C C8602BEE D73FB3AB F6E81960
就是 F2918A44BFEBFBFFgoqq2008 的MD5值:)
--------------------------------------------------------------------------------
【经验总结】
F2918A44BFEBFBFFgoqq2008 的小写MD5值就是真码。
已经分析出来MD5是怎么算出来的了,收工!
没什么经验,菜鸟的体力活,只希望能给以后学习密码学的朋友提供些方便!
--------------------------------------------------------------------------------
【版权声明】: 菜鸟初学算法,转载请注明作者并保持文章的完整, 谢谢!
2006年11月24日 PM 06:12:03
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
