请各位大虾帮忙分析一下
我已经分析了一部分:
[ebp-1C]=0
[ebp-40]=机器码
[ebp-48]=8008
[ebp-20]=SN
[ebp-30]=sn
请各位牛人帮我分析一下sn的算法或详细帮我注释一下。谢谢!
还有,它的机器码不受重装系统影响,即永远不变。
0046EF50 > \55 push ebp
0046EF51 . 8BEC mov ebp, esp
0046EF53 . 83EC 0C sub esp, 0C
0046EF56 . 68 F6184000 push <jmp.&MSVBVM60.__vbaExceptHandle>; SE handler installation
0046EF5B . 64:A1 0000000>mov eax, dword ptr fs:[0]
0046EF61 . 50 push eax
0046EF62 . 64:8925 00000>mov dword ptr fs:[0], esp
0046EF69 . 81EC C4000000 sub esp, 0C4
0046EF6F . 53 push ebx
0046EF70 . 56 push esi
0046EF71 . 57 push edi
0046EF72 . 8965 F4 mov dword ptr [ebp-C], esp
0046EF75 . C745 F8 A0134>mov dword ptr [ebp-8], 004013A0
0046EF7C . 8B75 08 mov esi, dword ptr [ebp+8]
0046EF7F . 8BC6 mov eax, esi
0046EF81 . 83E0 01 and eax, 1
0046EF84 . 8945 FC mov dword ptr [ebp-4], eax
0046EF87 . 83E6 FE and esi, FFFFFFFE
0046EF8A . 56 push esi
0046EF8B . 8975 08 mov dword ptr [ebp+8], esi
0046EF8E . 8B0E mov ecx, dword ptr [esi]
0046EF90 . FF51 04 call dword ptr [ecx+4]
0046EF93 . 33DB xor ebx, ebx
0046EF95 . 8D55 C8 lea edx, dword ptr [ebp-38]
0046EF98 . 53 push ebx
0046EF99 . 68 14B24000 push 0040B214 ; UNICODE "updata.cl_val"
0046EF9E . 52 push edx
0046EF9F . 895D E8 mov dword ptr [ebp-18], ebx
0046EFA2 . 895D E4 mov dword ptr [ebp-1C], ebx
0046EFA5 . 895D E0 mov dword ptr [ebp-20], ebx
0046EFA8 . 895D DC mov dword ptr [ebp-24], ebx
0046EFAB . 895D D8 mov dword ptr [ebp-28], ebx
0046EFAE . 895D C8 mov dword ptr [ebp-38], ebx
0046EFB1 . 895D B8 mov dword ptr [ebp-48], ebx
0046EFB4 . 895D A8 mov dword ptr [ebp-58], ebx
0046EFB7 . 895D 98 mov dword ptr [ebp-68], ebx
0046EFBA . 895D 88 mov dword ptr [ebp-78], ebx
0046EFBD . 899D 78FFFFFF mov dword ptr [ebp-88], ebx
0046EFC3 . 899D 54FFFFFF mov dword ptr [ebp-AC], ebx
0046EFC9 . FF15 24114000 call dword ptr [<&MSVBVM60.#716>] ; MSVBVM60.rtcCreateObject2
0046EFCF . 8D45 C8 lea eax, dword ptr [ebp-38]
0046EFD2 . 50 push eax
0046EFD3 . FF15 C4104000 call dword ptr [<&MSVBVM60.__vbaObjVa>; MSVBVM60.__vbaObjVar
0046EFD9 . 8D4D E8 lea ecx, dword ptr [ebp-18]
0046EFDC . 50 push eax
0046EFDD . 51 push ecx
0046EFDE . FF15 8C104000 call dword ptr [<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSetAddref
0046EFE4 . 8D4D C8 lea ecx, dword ptr [ebp-38]
0046EFE7 . FF15 1C104000 call dword ptr [<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVar
0046EFED . 8B16 mov edx, dword ptr [esi]
0046EFEF . 56 push esi
0046EFF0 . FF92 00030000 call dword ptr [edx+300]
0046EFF6 . 50 push eax
0046EFF7 . 8D45 DC lea eax, dword ptr [ebp-24]
0046EFFA . 50 push eax
0046EFFB . FF15 7C104000 call dword ptr [<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
0046F001 . 8BF8 mov edi, eax
0046F003 . 8D55 E4 lea edx, dword ptr [ebp-1C]
0046F006 . 52 push edx
0046F007 . 57 push edi
0046F008 . 8B0F mov ecx, dword ptr [edi]
0046F00A . FF91 A0000000 call dword ptr [ecx+A0]
; 读机器码,存于[ebp-1C]
0046F010 . 3BC3 cmp eax, ebx
0046F012 . DBE2 fclex
0046F014 . 7D 12 jge short 0046F028 ; 如果等于0,要检查
0046F016 . 68 A0000000 push 0A0
0046F01B . 68 BCAD4000 push 0040ADBC
0046F020 . 57 push edi
0046F021 . 50 push eax
0046F022 . FF15 54104000 call dword ptr [<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
0046F028 > 8B45 E4 mov eax, dword ptr [ebp-1C]
0046F02B . 56 push esi
0046F02C . 8945 C0 mov dword ptr [ebp-40], eax
0046F02F . 8B06 mov eax, dword ptr [esi]
0046F031 . 895D E4 mov dword ptr [ebp-1C], ebx
0046F034 . C745 B8 08800>mov dword ptr [ebp-48], 8008
0046F03B . FF90 04030000 call dword ptr [eax+304]
0046F041 . 8D4D D8 lea ecx, dword ptr [ebp-28]
0046F044 . 50 push eax
0046F045 . 51 push ecx
0046F046 . FF15 7C104000 call dword ptr [<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
0046F04C . 8BF8 mov edi, eax
0046F04E . 8D45 E0 lea eax, dword ptr [ebp-20]
0046F051 . 50 push eax
0046F052 . 57 push edi
0046F053 . 8B17 mov edx, dword ptr [edi]
0046F055 . FF92 A0000000 call dword ptr [edx+A0]
; 读SN,存[ebp-20]
0046F05B . 3BC3 cmp eax, ebx
0046F05D . DBE2 fclex
0046F05F . 7D 12 jge short 0046F073
0046F061 . 68 A0000000 push 0A0
0046F066 . 68 BCAD4000 push 0040ADBC
0046F06B . 57 push edi
0046F06C . 50 push eax
0046F06D . FF15 54104000 call dword ptr [<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
0046F073 > 8D55 B8 lea edx, dword ptr [ebp-48]
0046F076 . 8B45 E0 mov eax, dword ptr [ebp-20]
0046F079 . 52 push edx
0046F07A . B9 08000000 mov ecx, 8
0046F07F . 83EC 10 sub esp, 10
0046F082 . 894D C8 mov dword ptr [ebp-38], ecx
0046F085 . 8BD4 mov edx, esp
0046F087 . 8945 D0 mov dword ptr [ebp-30], eax
0046F08A . 6A 01 push 1
0046F08C . 68 30B24000 push 0040B230 ; UNICODE "returnnumber"
0046F091 . 890A mov dword ptr [edx], ecx
0046F093 . 8B4D CC mov ecx, dword ptr [ebp-34]
0046F096 . 895D E0 mov dword ptr [ebp-20], ebx
0046F099 . 894A 04 mov dword ptr [edx+4], ecx
0046F09C . 8B4D E8 mov ecx, dword ptr [ebp-18]
0046F09F . 51 push ecx
0046F0A0 . 8942 08 mov dword ptr [edx+8], eax
0046F0A3 . 8B45 D4 mov eax, dword ptr [ebp-2C]
0046F0A6 . 8942 0C mov dword ptr [edx+C], eax
0046F0A9 . 8D55 A8 lea edx, dword ptr [ebp-58]
0046F0AC . 52 push edx
0046F0AD . FF15 A8114000 call dword ptr [<&MSVBVM60.__vbaLateM>; MSVBVM60.__vbaLateMemCallLd
0046F0B3 . 83C4 20 add esp, 20
0046F0B6 . 50 push eax
0046F0B7 . FF15 C0104000 call dword ptr [<&MSVBVM60.__vbaVarTs>; VarTstEq 计算是否相等 注意edi
0046F0BD . 8BF8 mov edi, eax
0046F0BF . 8D45 D8 lea eax, dword ptr [ebp-28]
0046F0C2 . 8D4D DC lea ecx, dword ptr [ebp-24]
0046F0C5 . 50 push eax
0046F0C6 . 51 push ecx
0046F0C7 . 6A 02 push 2
0046F0C9 . FF15 3C104000 call dword ptr [<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObjList
0046F0CF . 8D55 A8 lea edx, dword ptr [ebp-58]
0046F0D2 . 8D45 B8 lea eax, dword ptr [ebp-48]
0046F0D5 . 52 push edx
0046F0D6 . 8D4D C8 lea ecx, dword ptr [ebp-38]
0046F0D9 . 50 push eax
0046F0DA . 51 push ecx
0046F0DB . 6A 03 push 3
0046F0DD . FF15 30104000 call dword ptr [<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
0046F0E3 . 8B16 mov edx, dword ptr [esi]
0046F0E5 . 83C4 1C add esp, 1C
0046F0E8 . 66:3BFB cmp di, bx
0046F0EB . 0F84 35020000 je 跳就玩完。
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
