调试某软件,已经得到注册码,计算部分也已查明。由于不懂汇编,算法看不懂。故想用keymake编制注册机。因初次使用keymake软件,
有些问题在说明中未提及,不知如何编制。问题有:
1. 说明书没有介绍CALL调用,子程序中下面一句是否照抄?
0068EEB7 |. 64:A1 00000000 mov eax, dword ptr fs:[0]
2. 像下面这些ASCII字符串,该如何修改?
0068EF35 |. 68 3C76AF00 |push 00AF763C ; ASCII "%02X"
00409DF8 |. C745 0C 7021AB00 mov dword ptr [ebp+C], 00AB2170 ; ASCII "AuthCode"
3. 下面动态调用子程序该如何处理?
0068EF1E |. FF52 04 call dword ptr [edx+4] ; zwcad.0068F760
0068EF3B |. FFD3 |call ebx
第一个在调试时可以按出现的地址找到0068EF1E子程序,但在keymake里这里如何连接不知道。第二行在循环里,ebx值是变化的,是否要
将所有子程序都要找出并加进来?
4. 下面这行也不知如何处理:
00409FEF |. 68 6021AB00 push 00AB2160 ; |format = "%X"
总之,问题太多。现将算法部分附后,请大侠们帮我看看。一方面看如何改成keymake用的形式,另一方面,将算法公式分析出,我也可以
换用VB来编制注册机。谢谢!
00409F1A |. 8D85 C4F5FFFF lea eax, dword ptr [ebp-A3C] ; eax=机器码
00409F20 |. 8D4D EC lea ecx, dword ptr [ebp-14]
00409F23 |. 50 push eax
00409F24 |. E8 EBA45600 call <jmp.&MFC42.#537_CString::CString>
00409F29 |. 8D45 E4 lea eax, dword ptr [ebp-1C]
00409F2C |. 6A 08 push 8
00409F2E |. 50 push eax
00409F2F |. 8D4D EC lea ecx, dword ptr [ebp-14]
00409F32 |. 8975 FC mov dword ptr [ebp-4], esi
00409F35 |. E8 B8A55600 call <jmp.&MFC42.#4129_CString::Left>
00409F3A |. 6A 04 push 4
00409F3C |. 8D45 E0 lea eax, dword ptr [ebp-20]
00409F3F |. 6A 08 push 8
00409F41 |. 50 push eax
00409F42 |. 8D4D EC lea ecx, dword ptr [ebp-14]
00409F45 |. C645 FC 01 mov byte ptr [ebp-4], 1
00409F49 |. E8 9EA55600 call <jmp.&MFC42.#4278_CString::Mid>
00409F4E |. 8D85 C4F1FFFF lea eax, dword ptr [ebp-E3C]
00409F54 |. C645 FC 02 mov byte ptr [ebp-4], 2
00409F58 |. 50 push eax
00409F59 |. FF75 E4 push dword ptr [ebp-1C]
00409F5C |. FF75 10 push dword ptr [ebp+10]
00409F5F |. E8 4C4F2800 call 0068EEB0
00409F64 |. 80A5 C8F1FFFF 00 and byte ptr [ebp-E38], 0
00409F6B |. 83C4 0C add esp, 0C
00409F6E |. 8D85 C4F1FFFF lea eax, dword ptr [ebp-E3C]
00409F74 |. 8D4D E8 lea ecx, dword ptr [ebp-18]
00409F77 |. 50 push eax
00409F78 |. E8 97A45600 call <jmp.&MFC42.#537_CString::CString>
00409F7D |. 8D45 E0 lea eax, dword ptr [ebp-20]
00409F80 |. 8D4D E8 lea ecx, dword ptr [ebp-18]
00409F83 |. 50 push eax
00409F84 |. C645 FC 03 mov byte ptr [ebp-4], 3
00409F88 |. E8 59A55600 call <jmp.&MFC42.#939_CString::operator+=>
00409F8D |. 8D85 C4F9FFFF lea eax, dword ptr [ebp-63C]
00409F93 |. 50 push eax
00409F94 |. FF75 E8 push dword ptr [ebp-18]
00409F97 |. FF75 10 push dword ptr [ebp+10]
00409F9A |. E8 114F2800 call 0068EEB0 ; 加密算法
00409F9F |. 80A5 CCF9FFFF 00 and byte ptr [ebp-634], 0
00409FA6 |. 83C4 0C add esp, 0C
00409FA9 |. 8D4D E8 lea ecx, dword ptr [ebp-18]
00409FAC |. C645 FC 02 mov byte ptr [ebp-4], 2
00409FB0 |. E8 53A45600 call <jmp.&MFC42.#800_CString::~CString>
00409FB5 |. 8D4D E0 lea ecx, dword ptr [ebp-20]
00409FB8 |. C645 FC 01 mov byte ptr [ebp-4], 1
00409FBC |. E8 47A45600 call <jmp.&MFC42.#800_CString::~CString>
00409FC1 |. 8065 FC 00 and byte ptr [ebp-4], 0
00409FC5 |. 8D4D E4 lea ecx, dword ptr [ebp-1C]
00409FC8 |. E8 3BA45600 call <jmp.&MFC42.#800_CString::~CString>
00409FCD |. 834D FC FF or dword ptr [ebp-4], FFFFFFFF
00409FD1 |. 8D4D EC lea ecx, dword ptr [ebp-14]
00409FD4 |. E8 2FA45600 call <jmp.&MFC42.#800_CString::~CString>
00409FD9 |. EB 47 jmp short 0040A022
00409FDB |> A1 08C0B000 mov eax, dword ptr [B0C008]
00409FE0 |. 3BC6 cmp eax, esi
00409FE2 |.^ 0F84 34FEFFFF je 00409E1C
00409FE8 |. 50 push eax ; /<%X> => 0
00409FE9 |. 8D85 C4FEFFFF lea eax, dword ptr [ebp-13C] ; |
00409FEF |. 68 6021AB00 push 00AB2160 ; |format = "%X"
00409FF4 |. 50 push eax ; |s
00409FF5 |. FF15 4C629C00 call dword ptr [<&MSVCRT.sprintf>] ; \sprintf
00409FFB |. 8D85 C4F9FFFF lea eax, dword ptr [ebp-63C]
0040A001 |. 80A5 CCFEFFFF 00 and byte ptr [ebp-134], 0
0040A008 |. 50 push eax
0040A009 |. 8D85 C4FEFFFF lea eax, dword ptr [ebp-13C]
0040A00F |. 50 push eax
0040A010 |. FF75 10 push dword ptr [ebp+10]
0040A013 |. E8 984E2800 call 0068EEB0 ; 加密算法
0040A018 |. 83C4 18 add esp, 18
0040A01B |. 80A5 CCF9FFFF 00 and byte ptr [ebp-634], 0
0040A022 |> 8B3D 20629C00 mov edi, dword ptr [<&MSVCRT._strlwr>] ; msvcrt._strlwr
0040A028 |. 8D85 C4F9FFFF lea eax, dword ptr [ebp-63C] ; eax=注册码
------------------------------------------------------------------
0068EEB0 /$ 6A FF push -1
0068EEB2 |. 68 00DE9A00 push 009ADE00 ; SE 处理程序安装
0068EEB7 |. 64:A1 00000000 mov eax, dword ptr fs:[0]
0068EEBD |. 50 push eax
0068EEBE |. 64:8925 00000000 mov dword ptr fs:[0], esp
0068EEC5 |. 83EC 18 sub esp, 18
0068EEC8 |. 53 push ebx
0068EEC9 |. 55 push ebp
0068EECA |. 56 push esi
0068EECB |. 57 push edi
0068EECC |. 6A 08 push 8
0068EECE |. C74424 20 18000000 mov dword ptr [esp+20], 18
0068EED6 |. C74424 1C ECB4A000 mov dword ptr [esp+1C], 00A0B4EC
0068EEDE |. C74424 24 08000000 mov dword ptr [esp+24], 8
0068EEE6 |. E8 15542E00 call <jmp.&MFC42.#823_operator new>
0068EEEB |. 8BE8 mov ebp, eax
0068EEED |. 83C4 04 add esp, 4
0068EEF0 |. 896C24 24 mov dword ptr [esp+24], ebp
0068EEF4 |. 8B4424 38 mov eax, dword ptr [esp+38] ; eax=固定字符串24位
0068EEF8 |. 8D4C24 10 lea ecx, dword ptr [esp+10]
0068EEFC |. 50 push eax
0068EEFD |. 33F6 xor esi, esi
0068EEFF |. 51 push ecx
0068EF00 |. 8D4C24 20 lea ecx, dword ptr [esp+20]
0068EF04 |. 897424 38 mov dword ptr [esp+38], esi
0068EF08 |. E8 E3000000 call 0068EFF0
0068EF0D |. 8B4C24 14 mov ecx, dword ptr [esp+14]
0068EF11 |. 8B4424 3C mov eax, dword ptr [esp+3C] ; eax=8位字符串
0068EF15 |. 55 push ebp
0068EF16 |. 50 push eax
0068EF17 |. 8B11 mov edx, dword ptr [ecx]
0068EF19 |. C64424 38 01 mov byte ptr [esp+38], 1
0068EF1E |. FF52 04 call dword ptr [edx+4] ; zwcad.0068F760
0068EF21 |. 8B7C24 40 mov edi, dword ptr [esp+40]
0068EF25 |. 8B1D 4C629C00 mov ebx, dword ptr [<&MSVCRT.sprintf>] ; msvcrt.sprintf
0068EF2B |> 33C9 /xor ecx, ecx
0068EF2D |. 8D5424 38 |lea edx, dword ptr [esp+38]
0068EF31 |. 8A0C2E |mov cl, byte ptr [esi+ebp]
0068EF34 |. 51 |push ecx
0068EF35 |. 68 3C76AF00 |push 00AF763C ; ASCII "%02X"
0068EF3A |. 52 |push edx
0068EF3B |. FFD3 |call ebx
0068EF3D |. 8A4424 44 |mov al, byte ptr [esp+44]
0068EF41 |. 8A4C24 45 |mov cl, byte ptr [esp+45]
0068EF45 |. 83C4 0C |add esp, 0C
0068EF48 |. 8807 |mov byte ptr [edi], al
0068EF4A |. 884F 01 |mov byte ptr [edi+1], cl
0068EF4D |. 46 |inc esi
0068EF4E |. 83C7 02 |add edi, 2
0068EF51 |. 83FE 08 |cmp esi, 8
0068EF54 |.^ 72 D5 \jb short 0068EF2B
0068EF56 |. 8B5424 40 mov edx, dword ptr [esp+40]
0068EF5A |. 8A4424 10 mov al, byte ptr [esp+10]
0068EF5E |. 84C0 test al, al
0068EF60 |. C642 10 00 mov byte ptr [edx+10], 0 ; edx=16位字符串
0068EF64 |. C64424 30 00 mov byte ptr [esp+30], 0
0068EF69 |. 74 0E je short 0068EF79
0068EF6B |. 8B4C24 14 mov ecx, dword ptr [esp+14]
0068EF6F |. 85C9 test ecx, ecx
0068EF71 |. 74 06 je short 0068EF79
0068EF73 |. 8B01 mov eax, dword ptr [ecx]
0068EF75 |. 6A 01 push 1
0068EF77 |. FF10 call dword ptr [eax] ; zwcad.0068F2A0
0068EF79 |> 8BD5 mov edx, ebp
0068EF7B |. 33C9 xor ecx, ecx
0068EF7D |. 55 push ebp ; /block
0068EF7E |. 890A mov dword ptr [edx], ecx ; |
0068EF80 |. 894A 04 mov dword ptr [edx+4], ecx ; |
0068EF83 |. E8 66532E00 call <jmp.&MFC42.#825_operator delete> ; \free
0068EF88 |. 8B4C24 2C mov ecx, dword ptr [esp+2C]
0068EF8C |. 83C4 04 add esp, 4
0068EF8F |. B0 01 mov al, 1
0068EF91 |. 64:890D 00000000 mov dword ptr fs:[0], ecx
0068EF98 |. 5F pop edi
0068EF99 |. 5E pop esi
0068EF9A |. 5D pop ebp
0068EF9B |. 5B pop ebx
0068EF9C |. 83C4 24 add esp, 24
0068EF9F \. C3 retn
--------------------------------------------------------------
0068EFF0 /$ 6A FF push -1
0068EFF2 |. 68 39DE9A00 push 009ADE39 ; SE 处理程序安装
0068EFF7 |. 64:A1 00000000 mov eax, dword ptr fs:[0]
0068EFFD |. 50 push eax
0068EFFE |. 64:8925 00000000 mov dword ptr fs:[0], esp
0068F005 |. 51 push ecx
0068F006 |. 56 push esi
0068F007 |. 6A 20 push 20
0068F009 |. C74424 08 00000000 mov dword ptr [esp+8], 0
0068F011 |. E8 EA522E00 call <jmp.&MFC42.#823_operator new>
0068F016 |. 8BF0 mov esi, eax
0068F018 |. 83C4 04 add esp, 4
0068F01B |. 897424 04 mov dword ptr [esp+4], esi
0068F01F |. 85F6 test esi, esi
0068F021 |. C74424 10 00000000 mov dword ptr [esp+10], 0
0068F029 |. 74 72 je short 0068F09D
0068F02B |. 57 push edi
0068F02C |. C706 0CB5A000 mov dword ptr [esi], 00A0B50C
0068F032 |. 6A 08 push 8
0068F034 |. C64424 18 01 mov byte ptr [esp+18], 1
0068F039 |. C746 04 08000000 mov dword ptr [esi+4], 8
0068F040 |. E8 BB522E00 call <jmp.&MFC42.#823_operator new>
0068F045 |. 8B7C24 24 mov edi, dword ptr [esp+24]
0068F049 |. 8946 08 mov dword ptr [esi+8], eax
0068F04C |. 8BCF mov ecx, edi
0068F04E |. 83C4 04 add esp, 4
0068F051 |. 8B11 mov edx, dword ptr [ecx]
0068F053 |. 8910 mov dword ptr [eax], edx
0068F055 |. 8B49 04 mov ecx, dword ptr [ecx+4]
0068F058 |. 8948 04 mov dword ptr [eax+4], ecx
0068F05B |. 8D57 08 lea edx, dword ptr [edi+8]
0068F05E |. 6A 00 push 0 ; /Arg2 = 00000000
0068F060 |. 52 push edx ; |Arg1
0068F061 |. 8D4E 0C lea ecx, dword ptr [esi+C] ; |
0068F064 |. C64424 1C 02 mov byte ptr [esp+1C], 2 ; |
0068F069 |. E8 72020000 call 0068F2E0 ; \zwcad.0068F2E0
0068F06E |. 6A 08 push 8
0068F070 |. C64424 18 03 mov byte ptr [esp+18], 3
0068F075 |. C746 18 08000000 mov dword ptr [esi+18], 8
0068F07C |. E8 7F522E00 call <jmp.&MFC42.#823_operator new>
0068F081 |. 83C4 04 add esp, 4
0068F084 |. 83C7 10 add edi, 10
0068F087 |. 8946 1C mov dword ptr [esi+1C], eax
0068F08A |. 8B0F mov ecx, dword ptr [edi]
0068F08C |. 8908 mov dword ptr [eax], ecx
0068F08E |. 8B57 04 mov edx, dword ptr [edi+4]
0068F091 |. 5F pop edi
0068F092 |. 8950 04 mov dword ptr [eax+4], edx
0068F095 |. C706 FCB4A000 mov dword ptr [esi], 00A0B4FC
0068F09B |. EB 02 jmp short 0068F09F
0068F09D |> 33F6 xor esi, esi
0068F09F |> 8B4424 18 mov eax, dword ptr [esp+18]
0068F0A3 |. 85F6 test esi, esi
0068F0A5 |. 0F95C1 setne cl
0068F0A8 |. 8808 mov byte ptr [eax], cl
0068F0AA |. 8B4C24 08 mov ecx, dword ptr [esp+8]
0068F0AE |. 8970 04 mov dword ptr [eax+4], esi
0068F0B1 |. 5E pop esi
0068F0B2 |. 64:890D 00000000 mov dword ptr fs:[0], ecx
0068F0B9 |. 83C4 10 add esp, 10
0068F0BC \. C2 0800 retn 8
-----------------------------------------------------------------------
0068F2E0 /$ 6A FF push -1
0068F2E2 |. 68 A3DE9A00 push 009ADEA3 ; SE 处理程序安装
0068F2E7 |. 64:A1 00000000 mov eax, dword ptr fs:[0]
0068F2ED |. 50 push eax
0068F2EE |. 64:8925 00000000 mov dword ptr fs:[0], esp
0068F2F5 |. 83EC 10 sub esp, 10
0068F2F8 |. 53 push ebx
0068F2F9 |. 55 push ebp
0068F2FA |. 8BE9 mov ebp, ecx
0068F2FC |. 56 push esi
0068F2FD |. 57 push edi
0068F2FE |. 896C24 14 mov dword ptr [esp+14], ebp
0068F302 |. C745 00 0CB5A000 mov dword ptr [ebp], 00A0B50C
0068F309 |. 68 80000000 push 80
0068F30E |. C74424 2C 00000000 mov dword ptr [esp+2C], 0
0068F316 |. C745 04 20000000 mov dword ptr [ebp+4], 20
0068F31D |. E8 DE4F2E00 call <jmp.&MFC42.#823_operator new>
0068F322 |. 8945 08 mov dword ptr [ebp+8], eax
0068F325 |. 6A 78 push 78
0068F327 |. C64424 30 01 mov byte ptr [esp+30], 1
0068F32C |. C745 00 C4B5A000 mov dword ptr [ebp], 00A0B5C4
0068F333 |. E8 C84F2E00 call <jmp.&MFC42.#823_operator new>
0068F338 |. 8BD8 mov ebx, eax
0068F33A |. BE 2CB5A000 mov esi, 00A0B52C
0068F33F |. 83C4 08 add esp, 8
0068F342 |. 2BF3 sub esi, ebx
0068F344 |. 895C24 1C mov dword ptr [esp+1C], ebx
0068F348 |. 8D7B 70 lea edi, dword ptr [ebx+70]
0068F34B |. 8BCB mov ecx, ebx
0068F34D |. 897424 14 mov dword ptr [esp+14], esi
0068F351 |. C74424 10 38000000 mov dword ptr [esp+10], 38
0068F359 |. EB 04 jmp short 0068F35F
0068F35B |> 8B7424 14 /mov esi, dword ptr [esp+14]
0068F35F |> 33C0 xor eax, eax
0068F361 |. 8A040E |mov al, byte ptr [esi+ecx]
0068F364 |. 8B7424 30 |mov esi, dword ptr [esp+30]
0068F368 |. 48 |dec eax
0068F369 |. 8BD0 |mov edx, eax
0068F36B |. 83E0 07 |and eax, 7
0068F36E |. C1FA 03 |sar edx, 3
0068F371 |. 8A1432 |mov dl, byte ptr [edx+esi]
0068F374 |. 841485 A4B5A000 |test byte ptr [eax*4+A0B5A4], dl
0068F37B |. 0F95C0 |setne al
0068F37E |. 8801 |mov byte ptr [ecx], al
0068F380 |. 8B4424 10 |mov eax, dword ptr [esp+10]
0068F384 |. 41 |inc ecx
0068F385 |. 48 |dec eax
0068F386 |. 894424 10 |mov dword ptr [esp+10], eax
0068F38A |.^ 75 CF \jnz short 0068F35B
0068F38C |. C74424 30 00000000 mov dword ptr [esp+30], 0
0068F394 |> 8BD7 /mov edx, edi
0068F396 |. 33C9 |xor ecx, ecx
0068F398 |. 890A |mov dword ptr [edx], ecx
0068F39A |. 894A 04 |mov dword ptr [edx+4], ecx
0068F39D |> 8B5424 30 |/mov edx, dword ptr [esp+30]
0068F3A1 |. 33C0 ||xor eax, eax
0068F3A3 |. 8A82 64B5A000 ||mov al, byte ptr [edx+A0B564]
0068F3A9 |. 33D2 ||xor edx, edx
0068F3AB |. 03C1 ||add eax, ecx
0068F3AD |. 83F9 1C ||cmp ecx, 1C
0068F3B0 |. 0F9DC2 ||setge dl
0068F3B3 |. 4A ||dec edx
0068F3B4 |. 8BF0 ||mov esi, eax
0068F3B6 |. 83E2 E4 ||and edx, FFFFFFE4
0068F3B9 |. 83C2 38 ||add edx, 38
0068F3BC |. 3BC2 ||cmp eax, edx
0068F3BE |. 7C 03 ||jl short 0068F3C3
0068F3C0 |. 8D70 E4 ||lea esi, dword ptr [eax-1C]
0068F3C3 |> 8A041E ||mov al, byte ptr [esi+ebx]
0068F3C6 |. 884419 38 ||mov byte ptr [ecx+ebx+38], al
0068F3CA |. 41 ||inc ecx
0068F3CB |. 83F9 38 ||cmp ecx, 38
0068F3CE |.^ 7C CD |\jl short 0068F39D
0068F3D0 |. 33C9 |xor ecx, ecx
0068F3D2 |> 33D2 |/xor edx, edx
0068F3D4 |. 8A91 74B5A000 ||mov dl, byte ptr [ecx+A0B574]
0068F3DA |. 8A441A 37 ||mov al, byte ptr [edx+ebx+37]
0068F3DE |. 84C0 ||test al, al
0068F3E0 |. 74 2F ||je short 0068F411
0068F3E2 |. B8 ABAAAA2A ||mov eax, 2AAAAAAB
0068F3E7 |. BB 06000000 ||mov ebx, 6
0068F3EC |. F7E9 ||imul ecx
0068F3EE |. 8BC2 ||mov eax, edx
0068F3F0 |. C1E8 1F ||shr eax, 1F
0068F3F3 |. 03D0 ||add edx, eax
0068F3F5 |. 8BC1 ||mov eax, ecx
0068F3F7 |. 8D343A ||lea esi, dword ptr [edx+edi]
0068F3FA |. 99 ||cdq
0068F3FB |. F7FB ||idiv ebx
0068F3FD |. 8A06 ||mov al, byte ptr [esi]
0068F3FF |. 8B5C24 1C ||mov ebx, dword ptr [esp+1C]
0068F403 |. 8B1495 A4B5A000 ||mov edx, dword ptr [edx*4+A0B5A4]
0068F40A |. C1FA 02 ||sar edx, 2
0068F40D |. 0AC2 ||or al, dl
0068F40F |. 8806 ||mov byte ptr [esi], al
0068F411 |> 41 ||inc ecx
0068F412 |. 83F9 30 ||cmp ecx, 30
0068F415 |.^ 7C BB |\jl short 0068F3D2
0068F417 |. 33C0 |xor eax, eax
0068F419 |. 8B7424 30 |mov esi, dword ptr [esp+30]
0068F41D |. 8A47 02 |mov al, byte ptr [edi+2]
0068F420 |. 33C9 |xor ecx, ecx
0068F422 |. 8A27 |mov ah, byte ptr [edi]
0068F424 |. 8A4F 04 |mov cl, byte ptr [edi+4]
0068F427 |. C1E0 08 |shl eax, 8
0068F42A |. 0BC1 |or eax, ecx
0068F42C |. 8B4D 08 |mov ecx, dword ptr [ebp+8]
0068F42F |. 33D2 |xor edx, edx
0068F431 |. 8A57 06 |mov dl, byte ptr [edi+6]
0068F434 |. C1E0 08 |shl eax, 8
0068F437 |. 0BC2 |or eax, edx
0068F439 |. 33D2 |xor edx, edx
0068F43B |. 8904F1 |mov dword ptr [ecx+esi*8], eax
0068F43E |. 8A77 01 |mov dh, byte ptr [edi+1]
0068F441 |. 8A57 03 |mov dl, byte ptr [edi+3]
0068F444 |. 33C0 |xor eax, eax
0068F446 |. 8A47 05 |mov al, byte ptr [edi+5]
0068F449 |. 33C9 |xor ecx, ecx
0068F44B |. 8A4F 07 |mov cl, byte ptr [edi+7]
0068F44E |. C1E2 08 |shl edx, 8
0068F451 |. 0BD0 |or edx, eax
0068F453 |. 8B45 08 |mov eax, dword ptr [ebp+8]
0068F456 |. C1E2 08 |shl edx, 8
0068F459 |. 0BD1 |or edx, ecx
0068F45B |. 8954F0 04 |mov dword ptr [eax+esi*8+4], edx
0068F45F |. 46 |inc esi
0068F460 |. 83FE 10 |cmp esi, 10
0068F463 |. 897424 30 |mov dword ptr [esp+30], esi
0068F467 |.^ 0F8C 27FFFFFF \jl 0068F394
0068F46D |. 837C24 34 01 cmp dword ptr [esp+34], 1
0068F472 |. 75 36 jnz short 0068F4AA
0068F474 |. 33C9 xor ecx, ecx
0068F476 |. B8 7C000000 mov eax, 7C
0068F47B |> 8B55 08 /mov edx, dword ptr [ebp+8]
0068F47E |. 83E8 08 |sub eax, 8
0068F481 |. 8B7C10 04 |mov edi, dword ptr [eax+edx+4]
0068F485 |. 8B3411 |mov esi, dword ptr [ecx+edx]
0068F488 |. 893C11 |mov dword ptr [ecx+edx], edi
0068F48B |. 897410 04 |mov dword ptr [eax+edx+4], esi
0068F48F |. 8B55 08 |mov edx, dword ptr [ebp+8]
0068F492 |. 83C1 08 |add ecx, 8
0068F495 |. 83F8 3C |cmp eax, 3C
0068F498 |. 8B7C10 08 |mov edi, dword ptr [eax+edx+8]
0068F49C |. 8B7411 FC |mov esi, dword ptr [ecx+edx-4]
0068F4A0 |. 897C11 FC |mov dword ptr [ecx+edx-4], edi
0068F4A4 |. 897410 08 |mov dword ptr [eax+edx+8], esi
0068F4A8 |.^ 7F D1 \jg short 0068F47B
0068F4AA |> B9 1E000000 mov ecx, 1E
0068F4AF |. 33C0 xor eax, eax
0068F4B1 |. 8BFB mov edi, ebx
0068F4B3 |. 53 push ebx ; /block
0068F4B4 |. F3:AB rep stos dword ptr es:[edi] ; |
0068F4B6 |. E8 334E2E00 call <jmp.&MFC42.#825_operator delete> ; \free
0068F4BB |. 8B4C24 24 mov ecx, dword ptr [esp+24]
0068F4BF |. 83C4 04 add esp, 4
0068F4C2 |. 8BC5 mov eax, ebp
0068F4C4 |. 64:890D 00000000 mov dword ptr fs:[0], ecx
0068F4CB |. 5F pop edi
0068F4CC |. 5E pop esi
0068F4CD |. 5D pop ebp
0068F4CE |. 5B pop ebx
0068F4CF |. 83C4 1C add esp, 1C
0068F4D2 \. C2 0800 retn 8
-------------------------------------------------------------
0068F2A0 . 56 push esi
0068F2A1 . 8BF1 mov esi, ecx
0068F2A3 . E8 68FEFFFF call 0068F110
0068F2A8 . F64424 08 01 test byte ptr [esp+8], 1
0068F2AD . 74 09 je short 0068F2B8
0068F2AF . 56 push esi ; /block
0068F2B0 . E8 39502E00 call <jmp.&MFC42.#825_operator delete> ; \free
0068F2B5 . 83C4 04 add esp, 4
0068F2B8 > 8BC6 mov eax, esi
0068F2BA . 5E pop esi
0068F2BB . C2 0400 retn 4
------------------------------------------------------------
0068F110 /$ 56 push esi
0068F111 |. 8BF1 mov esi, ecx
0068F113 |. 57 push edi
0068F114 |. 33C0 xor eax, eax
0068F116 |. 8B4E 18 mov ecx, dword ptr [esi+18]
0068F119 |. 8B7E 1C mov edi, dword ptr [esi+1C]
0068F11C |. 8BD1 mov edx, ecx
0068F11E |. C1E9 02 shr ecx, 2
0068F121 |. F3:AB rep stos dword ptr es:[edi]
0068F123 |. 8BCA mov ecx, edx
0068F125 |. 83E1 03 and ecx, 3
0068F128 |. F3:AA rep stos byte ptr es:[edi]
0068F12A |. 8B46 1C mov eax, dword ptr [esi+1C]
0068F12D |. 50 push eax ; /block
0068F12E |. E8 BB512E00 call <jmp.&MFC42.#825_operator delete> ; \free
0068F133 |. 8B4E 10 mov ecx, dword ptr [esi+10]
0068F136 |. 8B7E 14 mov edi, dword ptr [esi+14]
0068F139 |. C1E1 02 shl ecx, 2
0068F13C |. 8BD1 mov edx, ecx
0068F13E |. 33C0 xor eax, eax
0068F140 |. C1E9 02 shr ecx, 2
0068F143 |. F3:AB rep stos dword ptr es:[edi]
0068F145 |. 8BCA mov ecx, edx
0068F147 |. 83E1 03 and ecx, 3
0068F14A |. F3:AA rep stos byte ptr es:[edi]
0068F14C |. 8B46 14 mov eax, dword ptr [esi+14]
0068F14F |. 50 push eax ; /block
0068F150 |. E8 99512E00 call <jmp.&MFC42.#825_operator delete> ; \free
0068F155 |. C746 0C 0CB5A000 mov dword ptr [esi+C], 00A0B50C
0068F15C |. 8B4E 04 mov ecx, dword ptr [esi+4]
0068F15F |. 8B7E 08 mov edi, dword ptr [esi+8]
0068F162 |. 8BD1 mov edx, ecx
0068F164 |. 33C0 xor eax, eax
0068F166 |. C1E9 02 shr ecx, 2
0068F169 |. F3:AB rep stos dword ptr es:[edi]
0068F16B |. 8BCA mov ecx, edx
0068F16D |. 83E1 03 and ecx, 3
0068F170 |. F3:AA rep stos byte ptr es:[edi]
0068F172 |. 8B46 08 mov eax, dword ptr [esi+8]
0068F175 |. 50 push eax ; /block
0068F176 |. E8 73512E00 call <jmp.&MFC42.#825_operator delete> ; \free
0068F17B |. 83C4 0C add esp, 0C
0068F17E |. C706 0CB5A000 mov dword ptr [esi], 00A0B50C
0068F184 |. 5F pop edi
0068F185 |. 5E pop esi
0068F186 \. C3 retn
------------------------------------------------------------------
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
