md5的全称是message-digest algorithm 5(信息-摘要算法),经md2、md3和md4发展而来。它的作用是让大容量信息在用数字签名软件签署私人密匙前被"压缩"成一种保密的格式(就是把一个任意长度的字节串变换成一定长的大整数)。不管是md2、md4还是md5,它们都需要获得一个随机长度的信息并产生一个128位的信息摘要。虽然这些算法的结构或多或少有些相似,但md2的设计与md4和md5完全不同,那是因为md2是为8位机器做过设计优化的,而md4和md5却是面向32位的电脑。md5的典型应用是对一段信息(message)产生信息摘要(message-digest),以防止被篡改。
--------------------------------------------------------------------------------【注册验证部分代码】
00402864 . 68 00010000 PUSH 100 ; /Count = 100 (256.)
00402869 . 51 PUSH ECX ; |Buffer
0040286A . 68 E8030000 PUSH 3E8 ; |ControlID = 3E8 (1000.)
0040286F . 56 PUSH ESI ; |hWnd
00402870 . FFD5 CALL EBP ; \GetDlgItemTextA
00402872 . 8DBC24 0C0100>LEA EDI,DWORD PTR SS:[ESP+10C] ; 取用户名地址送EDI(根据字符串参考在这里下断) 00402879 . 83C9 FF OR ECX,FFFFFFFF
0040287C . 33C0 XOR EAX,EAX
0040287E . F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00402880 . F7D1 NOT ECX
00402882 . 49 DEC ECX
00402883 . 83F9 01 CMP ECX,1 ; 检测用户名是否为空
00402886 . 73 1F JNB SHORT MD5Crack.004028A7 ; 不为空则跳
00402888 . 6A 40 PUSH 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
0040288A . 68 A4D14000 PUSH MD5Crack.0040D1A4 ; |注册提示
0040288F . 68 8CD14000 PUSH MD5Crack.0040D18C ; |用户名不能为空请输入!
00402894 . 56 PUSH ESI ; |hOwner
00402895 . FF15 D4B04000 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
0040289B . 5F POP EDI
0040289C . 5E POP ESI
0040289D . 33C0 XOR EAX,EAX
0040289F . 5D POP EBP
004028A0 . 81C4 00030000 ADD ESP,300
004028A6 . C3 RET
004028A7 > 8D5424 0C LEA EDX,DWORD PTR SS:[ESP+C]
004028AB . 68 00010000 PUSH 100
004028B0 . 52 PUSH EDX
004028B1 . 68 07040000 PUSH 407
004028B6 . 56 PUSH ESI
004028B7 . FFD5 CALL EBP
004028B9 . 8D7C24 0C LEA EDI,DWORD PTR SS:[ESP+C] ; 取试验码地址送EDI
004028BD . 83C9 FF OR ECX,FFFFFFFF
004028C0 . 33C0 XOR EAX,EAX
004028C2 . F2:AE REPNE SCAS BYTE PTR ES:[EDI]
004028C4 . F7D1 NOT ECX
004028C6 . 49 DEC ECX
004028C7 . 83F9 01 CMP ECX,1 ; 检测试验码是否为空
004028CA . 73 1F JNB SHORT MD5Crack.004028EB ; 不为空则跳
004028CC . 6A 40 PUSH 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
004028CE . 68 A4D14000 PUSH MD5Crack.0040D1A4 ; |注册提示
004028D3 . 68 74D14000 PUSH MD5Crack.0040D174 ; |注册码不能为空请输入!
004028D8 . 56 PUSH ESI ; |hOwner
004028D9 . FF15 D4B04000 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
004028DF . 5F POP EDI
004028E0 . 5E POP ESI
004028E1 . 33C0 XOR EAX,EAX
004028E3 . 5D POP EBP
004028E4 . 81C4 00030000 ADD ESP,300
004028EA . C3 RET
004028EB > 8D8424 0C0200>LEA EAX,DWORD PTR SS:[ESP+20C]
004028F2 . 6A 00 PUSH 0
004028F4 . 8D8C24 100100>LEA ECX,DWORD PTR SS:[ESP+110]
004028FB . 50 PUSH EAX
004028FC . 51 PUSH ECX
004028FD . E8 FEFCFFFF CALL MD5Crack.00402600 ; 算法Call,F7跟进
00402902 . 8D9424 180200>LEA EDX,DWORD PTR SS:[ESP+218]
00402909 . 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+18]
0040290D . 52 PUSH EDX ; 注册码地址
0040290E . 50 PUSH EAX ; 试验码地址
0040290F . E8 CCFDFFFF CALL MD5Crack.004026E0 ; 验证Call,这里不作分析
00402914 . 83C4 14 ADD ESP,14
00402917 . 83F8 01 CMP EAX,1
0040291A . 6A 40 PUSH 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
0040291C . 68 A4D14000 PUSH MD5Crack.0040D1A4 ; |注册提示
00402921 . 75 18 JNZ SHORT MD5Crack.0040293B ; |
00402923 . 68 60D14000 PUSH MD5Crack.0040D160 ; |恭喜你,注册码正确!
00402928 . 56 PUSH ESI ; |hOwner
00402929 . FF15 D4B04000 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
0040292F . 5F POP EDI
00402930 . 5E POP ESI【算法Call代码】
00402600 /$ 6A FF PUSH -1 ; 这里开始
00402602 |. 68 A8A14000 PUSH MD5Crack.0040A1A8 ; SE 处理程序安装
00402607 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0040260D |. 50 PUSH EAX
0040260E |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
00402615 |. 81EC 2C010000 SUB ESP,12C
0040261B |. 53 PUSH EBX
0040261C |. 55 PUSH EBP
0040261D |. 56 PUSH ESI
0040261E |. 57 PUSH EDI
0040261F |. 8D8C24 DC0000>LEA ECX,DWORD PTR SS:[ESP+DC]
00402626 |. E8 15F2FFFF CALL MD5Crack.00401840 ; 用4个链接常量填充数组c1,见如下蓝色代码//
00401840 /$ 8BC1 MOV EAX,ECX ; 指向c1数组地址(12f76c地址)
00401842 |. 33C9 XOR ECX,ECX
00401844 |. 8848 04 MOV BYTE PTR DS:[EAX+4],CL ; c1[1]低8位为0
00401847 |. C700 F0B04000 MOV DWORD PTR DS:[EAX],MD5Crack.0040B0F0 ; c1[0]=0x40b0f0
0040184D |. C740 08 01234>MOV DWORD PTR DS:[EAX+8],67452301 ; c1[2]=0x67452301
00401854 |. C740 0C 89ABC>MOV DWORD PTR DS:[EAX+C],EFCDAB89 ; c1[3]=0xefcdab89
0040185B |. C740 10 FEDCB>MOV DWORD PTR DS:[EAX+10],98BADCFE ; c1[4]=0x98badcfe
00401862 |. C740 14 76543>MOV DWORD PTR DS:[EAX+14],10325476 ; c1[5]=0x10325476
00401869 |. 8948 18 MOV DWORD PTR DS:[EAX+18],ECX ; c1[6]=0
0040186C |. 8948 1C MOV DWORD PTR DS:[EAX+1C],ECX ; c1[7]=0
0040186F \. C3 RET
//
0040262B |. 8BAC24 540100>MOV EBP,DWORD PTR SS:[ESP+154]
00402632 |. 33C0 XOR EAX,EAX
00402634 |. 3BE8 CMP EBP,EAX
00402636 |. 898424 440100>MOV DWORD PTR SS:[ESP+144],EAX
0040263D |. 8DB424 DC0000>LEA ESI,DWORD PTR SS:[ESP+DC]
00402644 |. 74 04 JE SHORT MD5Crack.0040264A
00402646 |. 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+10]
0040264A |> 884424 14 MOV BYTE PTR SS:[ESP+14],AL
0040264E |. B9 10000000 MOV ECX,10
00402653 |. 33C0 XOR EAX,EAX
00402655 |. 8D7C24 15 LEA EDI,DWORD PTR SS:[ESP+15]
00402659 |. F3:AB REP STOS DWORD PTR ES:[EDI]
0040265B |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
0040265D |. 8BCE MOV ECX,ESI
0040265F |. FF50 0C CALL DWORD PTR DS:[EAX+C] ; 用4个链接常量填充数组c1(作用同上)
00402662 |. 8B9424 4C0100>MOV EDX,DWORD PTR SS:[ESP+14C] ; 用户名
00402669 |. 83C9 FF OR ECX,FFFFFFFF
0040266C |. 8BFA MOV EDI,EDX
0040266E |. 33C0 XOR EAX,EAX
00402670 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00402672 |. 8B1E MOV EBX,DWORD PTR DS:[ESI]
00402674 |. F7D1 NOT ECX
00402676 |. 49 DEC ECX
00402677 |. 51 PUSH ECX ; 用户名位数
00402678 |. 52 PUSH EDX ; 用户名
00402679 |. 8BCE MOV ECX,ESI ; 数组c1地址
0040267B |. FF53 04 CALL DWORD PTR DS:[EBX+4] ; 将用户名填充到数组c1中,见下面填充用户名Call
0040267E |. 8B16 MOV EDX,DWORD PTR DS:[ESI]
00402680 |. 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+14]
00402684 |. 50 PUSH EAX
00402685 |. 8BCE MOV ECX,ESI
00402687 |. FF52 08 CALL DWORD PTR DS:[EDX+8] ; MD5算法关键Call,F7跟进
0040268A |. B9 20000000 MOV ECX,20
0040268F |. 33C0 XOR EAX,EAX
00402691 |. 8D7C24 59 LEA EDI,DWORD PTR SS:[ESP+59]
00402695 |. C64424 58 00 MOV BYTE PTR SS:[ESP+58],0
0040269A |. F3:AB REP STOS DWORD PTR ES:[EDI]
0040269C |. 5F POP EDI
0040269D |. 5E POP ESI
0040269E |. 85ED TEST EBP,EBP
004026A0 |. 5D POP EBP
004026A1 |. 5B POP EBX
004026A2 |. 75 14 JNZ SHORT MD5Crack.004026B8
004026A4 |. 8D4C24 48 LEA ECX,DWORD PTR SS:[ESP+48]
004026A8 |. 8D5424 04 LEA EDX,DWORD PTR SS:[ESP+4]
004026AC |. 51 PUSH ECX
004026AD |. 6A 10 PUSH 10
004026AF |. 52 PUSH EDX
004026B0 |. E8 DBFEFFFF CALL MD5Crack.00402590 ; 数值联接Call,不作分析
004026B5 |. 83C4 0C ADD ESP,0C
004026B8 |> 8B8C24 400100>MOV ECX,DWORD PTR SS:[ESP+140]
004026BF |. 8D4424 48 LEA EAX,DWORD PTR SS:[ESP+48]
004026C3 |. 50 PUSH EAX ; /String2
004026C4 |. 51 PUSH ECX ; |String1
004026C5 |. FF15 00B04000 CALL DWORD PTR DS:[<&KERNEL32.lstrcpyA>] ; \lstrcpyA
004026CB |. 8B8C24 2C0100>MOV ECX,DWORD PTR SS:[ESP+12C]
004026D2 |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
004026D9 |. 81C4 38010000 ADD ESP,138
004026DF \. C3 RET ; 这里结束【填充用户名Call】
004018C0 . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
004018C6 . 6A FF PUSH -1
004018C8 . 68 70A14000 PUSH MD5Crack.0040A170
004018CD . 50 PUSH EAX
004018CE . 64:8925 00000>MOV DWORD PTR FS:[0],ESP
004018D5 . 83EC 2C SUB ESP,2C
004018D8 . 53 PUSH EBX
004018D9 . 55 PUSH EBP
004018DA . 8BE9 MOV EBP,ECX ; EBP指向c1数组地址(12f6fc)
004018DC . 33DB XOR EBX,EBX
004018DE . 8B4C24 48 MOV ECX,DWORD PTR SS:[ESP+48] ; 用户名位数
004018E2 . 56 PUSH ESI
004018E3 . 3BCB CMP ECX,EBX ; 用户名位数为0比较
004018E5 . 57 PUSH EDI
004018E6 . 0F8D BC000000 JGE MD5Crack.004019A8 ; 大于等于则跳(这里跳走)
004018EC . 8A4424 4C MOV AL,BYTE PTR SS:[ESP+4C]
004018F0 . BF A8D04000 MOV EDI,MD5Crack.0040D0A8 ; filedigest error: in cmd5::adddata(), data length should be >= 0!
004018F5 . 884424 10 MOV BYTE PTR SS:[ESP+10],AL
004018F9 . 83C9 FF OR ECX,FFFFFFFF
004018FC . 33C0 XOR EAX,EAX
004018FE . 6A 01 PUSH 1
00401900 . F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00401902 . F7D1 NOT ECX
00401904 . 49 DEC ECX
00401905 . 895C24 18 MOV DWORD PTR SS:[ESP+18],EBX
00401909 . 8BE9 MOV EBP,ECX
0040190B . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
0040190F . 55 PUSH EBP
00401910 . 895C24 20 MOV DWORD PTR SS:[ESP+20],EBX
00401914 . 895C24 24 MOV DWORD PTR SS:[ESP+24],EBX
00401918 . E8 D3FBFFFF CALL MD5Crack.004014F0
0040191D . 84C0 TEST AL,AL
0040191F . 74 24 JE SHORT MD5Crack.00401945
00401921 . 8B7C24 14 MOV EDI,DWORD PTR SS:[ESP+14]
00401925 . 8BCD MOV ECX,EBP
00401927 . 8BD1 MOV EDX,ECX
00401929 . BE A8D04000 MOV ESI,MD5Crack.0040D0A8 ; filedigest error: in cmd5::adddata(), data length should be >= 0!
0040192E . C1E9 02 SHR ECX,2
00401931 . F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
00401933 . 8BCA MOV ECX,EDX
00401935 . 83E1 03 AND ECX,3
00401938 . F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
0040193A . 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
0040193E . 896C24 18 MOV DWORD PTR SS:[ESP+18],EBP
00401942 . 881C28 MOV BYTE PTR DS:[EAX+EBP],BL
00401945 > 8D4C24 4C LEA ECX,DWORD PTR SS:[ESP+4C]
00401949 . 895C24 44 MOV DWORD PTR SS:[ESP+44],EBX
0040194D . 51 PUSH ECX
0040194E . 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24]
00401952 . C74424 50 600>MOV DWORD PTR SS:[ESP+50],MD5Crack.00410>
0040195A . E8 6A160000 CALL MD5Crack.00402FC9
0040195F . A1 E8B04000 MOV EAX,DWORD PTR DS:[40B0E8]
00401964 . 8A5424 10 MOV DL,BYTE PTR SS:[ESP+10]
00401968 . 50 PUSH EAX
00401969 . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
0040196D . 53 PUSH EBX
0040196E . 51 PUSH ECX
0040196F . 8D4C24 38 LEA ECX,DWORD PTR SS:[ESP+38]
00401973 . C64424 50 01 MOV BYTE PTR SS:[ESP+50],1
00401978 . 885424 38 MOV BYTE PTR SS:[ESP+38],DL
0040197C . 895C24 3C MOV DWORD PTR SS:[ESP+3C],EBX
00401980 . 895C24 40 MOV DWORD PTR SS:[ESP+40],EBX
00401984 . 895C24 44 MOV DWORD PTR SS:[ESP+44],EBX
00401988 . E8 B3F8FFFF CALL MD5Crack.00401240
0040198D . 8D5424 20 LEA EDX,DWORD PTR SS:[ESP+20]
00401991 . 68 C8BA4000 PUSH MD5Crack.0040BAC8 ; /Arg2 = 0040BAC8
00401996 . 52 PUSH EDX ; |Arg1
00401997 . C74424 28 7CB>MOV DWORD PTR SS:[ESP+28],MD5Crack.0040B>; |
0040199F . 885C24 4C MOV BYTE PTR SS:[ESP+4C],BL ; |
004019A3 . E8 CE1A0000 CALL MD5Crack.00403476 ; \MD5Crack.00403476
004019A8 > 8B45 18 MOV EAX,DWORD PTR SS:[EBP+18] ; 跳到这里,EAX=0
004019AB . 8D14C8 LEA EDX,DWORD PTR DS:[EAX+ECX*8] ; EDX=用户名位数*8=0x20
004019AE . 3BD0 CMP EDX,EAX
004019B0 . 8955 18 MOV DWORD PTR SS:[EBP+18],EDX ; c1[6]=20
004019B3 . 73 03 JNB SHORT MD5Crack.004019B8
004019B5 . FF45 1C INC DWORD PTR SS:[EBP+1C]
004019B8 > 8B7D 1C MOV EDI,DWORD PTR SS:[EBP+1C]
004019BB . 8BD1 MOV EDX,ECX ; 用户名位数
004019BD . C1FA 1D SAR EDX,1D
004019C0 . C1E8 03 SHR EAX,3
004019C3 . 03FA ADD EDI,EDX
004019C5 . 83E0 3F AND EAX,3F
004019C8 . 897D 1C MOV DWORD PTR SS:[EBP+1C],EDI
004019CB . 74 58 JE SHORT MD5Crack.00401A25 ; 这里跳走
004019CD . BB 40000000 MOV EBX,40
004019D2 . 8D7C28 20 LEA EDI,DWORD PTR DS:[EAX+EBP+20]
004019D6 . 2BD8 SUB EBX,EAX
004019D8 . 3BCB CMP ECX,EBX
004019DA . 73 17 JNB SHORT MD5Crack.004019F3
004019DC . 8B7424 4C MOV ESI,DWORD PTR SS:[ESP+4C]
004019E0 . 8BC1 MOV EAX,ECX
004019E2 . C1E9 02 SHR ECX,2
004019E5 . F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
004019E7 . 8BC8 MOV ECX,EAX
004019E9 . 83E1 03 AND ECX,3
004019EC . F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
004019EE . E9 8A000000 JMP MD5Crack.00401A7D
004019F3 > 8B7424 4C MOV ESI,DWORD PTR SS:[ESP+4C]
004019F7 . 8BCB MOV ECX,EBX
004019F9 . 8BD1 MOV EDX,ECX
004019FB . C1E9 02 SHR ECX,2
004019FE . F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
00401A00 . 8BCA MOV ECX,EDX
00401A02 . 83E1 03 AND ECX,3
00401A05 . F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
00401A07 . 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
00401A0A . 8BCD MOV ECX,EBP
00401A0C . FF50 10 CALL DWORD PTR DS:[EAX+10]
00401A0F . 8B4C24 4C MOV ECX,DWORD PTR SS:[ESP+4C]
00401A13 . 8B4424 50 MOV EAX,DWORD PTR SS:[ESP+50]
00401A17 . 03CB ADD ECX,EBX
00401A19 . 2BC3 SUB EAX,EBX
00401A1B . 894C24 4C MOV DWORD PTR SS:[ESP+4C],ECX
00401A1F . 894424 50 MOV DWORD PTR SS:[ESP+50],EAX
00401A23 . 8BC8 MOV ECX,EAX
00401A25 > 83F9 40 CMP ECX,40 ; 用户名是否小于40(十进制数64)
00401A28 . 7C 3A JL SHORT MD5Crack.00401A64 ; 小于则跳(这里跳)
00401A2A . 8BD9 MOV EBX,ECX
00401A2C . C1EB 06 SHR EBX,6
00401A2F . 8BD3 MOV EDX,EBX
00401A31 . F7DA NEG EDX
00401A33 . C1E2 06 SHL EDX,6
00401A36 . 03CA ADD ECX,EDX
00401A38 . 894C24 50 MOV DWORD PTR SS:[ESP+50],ECX
00401A3C > 8B7424 4C MOV ESI,DWORD PTR SS:[ESP+4C]
00401A40 . 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
00401A43 . B9 10000000 MOV ECX,10
00401A48 . 8D7D 20 LEA EDI,DWORD PTR SS:[EBP+20]
00401A4B . F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
00401A4D . 8BCD MOV ECX,EBP
00401A4F . FF50 10 CALL DWORD PTR DS:[EAX+10]
00401A52 . 8B4C24 4C MOV ECX,DWORD PTR SS:[ESP+4C]
00401A56 . 83C1 40 ADD ECX,40
00401A59 . 4B DEC EBX
00401A5A . 894C24 4C MOV DWORD PTR SS:[ESP+4C],ECX
00401A5E .^ 75 DC JNZ SHORT MD5Crack.00401A3C
00401A60 . 8B4C24 50 MOV ECX,DWORD PTR SS:[ESP+50]
00401A64 > 8B7424 4C MOV ESI,DWORD PTR SS:[ESP+4C] ; 来到这里,取用户名
00401A68 . 8BD1 MOV EDX,ECX ; 用户名位数
00401A6A . 8D7D 20 LEA EDI,DWORD PTR SS:[EBP+20] ; 取c1[8]的地址
00401A6D . C1E9 02 SHR ECX,2
00401A70 . F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>; 将用户名的ACSII码填充到数组c1[8]开始的地址中(ECX个字节)
00401A72 . 8BCA MOV ECX,EDX
00401A74 . 83E1 03 AND ECX,3 ; 用户名位数与3进行与运算(ECX=4)
00401A77 . F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>; 继续填充多余的用户名
00401A79 . C645 04 01 MOV BYTE PTR SS:[EBP+4],1 ; c1[1]低8位为1
00401A7D > 8B4C24 3C MOV ECX,DWORD PTR SS:[ESP+3C]
00401A81 . 5F POP EDI
00401A82 . 5E POP ESI
00401A83 . 5D POP EBP
00401A84 . 5B POP EBX
00401A85 . 64:890D 00000>MOV DWORD PTR FS:[0],ECX
00401A8C . 83C4 38 ADD ESP,38
00401A8F . C2 0800 RET 8【MD5算法关键Call】
00401AA0 . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] ; 这里开始
00401AA6 . 6A FF PUSH -1
00401AA8 . 68 90A14000 PUSH MD5Crack.0040A190
00401AAD . 50 PUSH EAX
00401AAE . 64:8925 00000>MOV DWORD PTR FS:[0],ESP
00401AB5 . 83EC 2C SUB ESP,2C
00401AB8 . 53 PUSH EBX
00401AB9 . 56 PUSH ESI
00401ABA . 8BF1 MOV ESI,ECX ; 数组c1地址
00401ABC . 33DB XOR EBX,EBX
00401ABE . 57 PUSH EDI
00401ABF . 385E 04 CMP BYTE PTR DS:[ESI+4],BL ; c1[1]=1与0比较
00401AC2 . 0F85 BE000000 JNZ MD5Crack.00401B86 ; 这里跳走
00401AC8 . 8A4424 48 MOV AL,BYTE PTR SS:[ESP+48]
00401ACC . BF ECD04000 MOV EDI,MD5Crack.0040D0EC ; filedigest error: in cmd5::finaldigest(), no data added before call!
00401AD1 . 884424 0C MOV BYTE PTR SS:[ESP+C],AL
00401AD5 . 83C9 FF OR ECX,FFFFFFFF
00401AD8 . 33C0 XOR EAX,EAX
00401ADA . 55 PUSH EBP
00401ADB . F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00401ADD . F7D1 NOT ECX
00401ADF . 49 DEC ECX
00401AE0 . 6A 01 PUSH 1
00401AE2 . 8BE9 MOV EBP,ECX
00401AE4 . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
00401AE8 . 55 PUSH EBP
00401AE9 . 895C24 1C MOV DWORD PTR SS:[ESP+1C],EBX
00401AED . 895C24 20 MOV DWORD PTR SS:[ESP+20],EBX
00401AF1 . 895C24 24 MOV DWORD PTR SS:[ESP+24],EBX
00401AF5 . E8 F6F9FFFF CALL MD5Crack.004014F0
00401AFA . 84C0 TEST AL,AL
00401AFC . 74 24 JE SHORT MD5Crack.00401B22
00401AFE . 8B7C24 14 MOV EDI,DWORD PTR SS:[ESP+14]
00401B02 . 8BCD MOV ECX,EBP
00401B04 . 8BD1 MOV EDX,ECX
00401B06 . BE ECD04000 MOV ESI,MD5Crack.0040D0EC ; filedigest error: in cmd5::finaldigest(), no data added before call!
00401B0B . C1E9 02 SHR ECX,2
00401B0E . F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
00401B10 . 8BCA MOV ECX,EDX
00401B12 . 83E1 03 AND ECX,3
00401B15 . F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
00401B17 . 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
00401B1B . 896C24 18 MOV DWORD PTR SS:[ESP+18],EBP
00401B1F . 881C28 MOV BYTE PTR DS:[EAX+EBP],BL
00401B22 > 8D4C24 4C LEA ECX,DWORD PTR SS:[ESP+4C]
00401B26 . 895C24 44 MOV DWORD PTR SS:[ESP+44],EBX
00401B2A . 51 PUSH ECX
00401B2B . 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24]
00401B2F . C74424 50 600>MOV DWORD PTR SS:[ESP+50],MD5Crack.00410>
00401B37 . E8 8D140000 CALL MD5Crack.00402FC9
00401B3C . A1 E8B04000 MOV EAX,DWORD PTR DS:[40B0E8]
00401B41 . 8A5424 10 MOV DL,BYTE PTR SS:[ESP+10]
00401B45 . 50 PUSH EAX
00401B46 . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
00401B4A . 53 PUSH EBX
00401B4B . 51 PUSH ECX
00401B4C . 8D4C24 38 LEA ECX,DWORD PTR SS:[ESP+38]
00401B50 . C64424 50 01 MOV BYTE PTR SS:[ESP+50],1
00401B55 . 885424 38 MOV BYTE PTR SS:[ESP+38],DL
00401B59 . 895C24 3C MOV DWORD PTR SS:[ESP+3C],EBX
00401B5D . 895C24 40 MOV DWORD PTR SS:[ESP+40],EBX
00401B61 . 895C24 44 MOV DWORD PTR SS:[ESP+44],EBX
00401B65 . E8 D6F6FFFF CALL MD5Crack.00401240
00401B6A . 8D5424 20 LEA EDX,DWORD PTR SS:[ESP+20]
00401B6E . 68 C8BA4000 PUSH MD5Crack.0040BAC8 ; /Arg2 = 0040BAC8
00401B73 . 52 PUSH EDX ; |Arg1
00401B74 . C74424 28 7CB>MOV DWORD PTR SS:[ESP+28],MD5Crack.0040B>; |
00401B7C . 885C24 4C MOV BYTE PTR SS:[ESP+4C],BL ; |
00401B80 . E8 F1180000 CALL MD5Crack.00403476 ; \MD5Crack.00403476
00401B85 . 5D POP EBP
00401B86 > 8B46 18 MOV EAX,DWORD PTR DS:[ESI+18] ; 来到这里,有EAX=c1[6]=20
00401B89 . B9 3F000000 MOV ECX,3F
00401B8E . C1E8 03 SHR EAX,3
00401B91 . 83E0 3F AND EAX,3F
00401B94 . 2BC8 SUB ECX,EAX ; EAX=4,ECX=3f
00401B96 . 8D7C30 20 LEA EDI,DWORD PTR DS:[EAX+ESI+20] ; EDI=4+12f6fc+20=12f720
00401B9A . C607 80 MOV BYTE PTR DS:[EDI],80 ; 以上主要作用是在c1数组中用户名后填充80作为结束
00401B9D . 47 INC EDI ; EDI加1指向下一个地址
00401B9E . 83F9 08 CMP ECX,8
00401BA1 . 73 25 JNB SHORT MD5Crack.00401BC8 ; 这里跳走
00401BA3 . 8BD1 MOV EDX,ECX
00401BA5 . 33C0 XOR EAX,EAX
00401BA7 . C1E9 02 SHR ECX,2
00401BAA . F3:AB REP STOS DWORD PTR ES:[EDI]
00401BAC . 8BCA MOV ECX,EDX
00401BAE . 83E1 03 AND ECX,3
00401BB1 . F3:AA REP STOS BYTE PTR ES:[EDI]
00401BB3 . 8B06 MOV EAX,DWORD PTR DS:[ESI]
00401BB5 . 8BCE MOV ECX,ESI
00401BB7 . FF50 10 CALL DWORD PTR DS:[EAX+10]
00401BBA . B9 0E000000 MOV ECX,0E
00401BBF . 33C0 XOR EAX,EAX
00401BC1 . 8D7E 20 LEA EDI,DWORD PTR DS:[ESI+20]
00401BC4 . F3:AB REP STOS DWORD PTR ES:[EDI]
00401BC6 . EB 13 JMP SHORT MD5Crack.00401BDB
00401BC8 > 83C1 F8 ADD ECX,-8
00401BCB . 33C0 XOR EAX,EAX
00401BCD . 8BD1 MOV EDX,ECX
00401BCF . C1E9 02 SHR ECX,2 ; ECX=12(十进制数)
00401BD2 . F3:AB REP STOS DWORD PTR ES:[EDI] ; 填充EDI以下的12个字节
00401BD4 . 8BCA MOV ECX,EDX
00401BD6 . 83E1 03 AND ECX,3
00401BD9 . F3:AA REP STOS BYTE PTR ES:[EDI] ; 填充EDI以下的3个字节
00401BDB > 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+1C]
00401BDE . 8B46 18 MOV EAX,DWORD PTR DS:[ESI+18] ; EAX=20
00401BE1 . 8B16 MOV EDX,DWORD PTR DS:[ESI]
00401BE3 . 894E 5C MOV DWORD PTR DS:[ESI+5C],ECX ; c1[23]=0
00401BE6 . 8BCE MOV ECX,ESI
00401BE8 . 8946 58 MOV DWORD PTR DS:[ESI+58],EAX ; c1[22]=20
00401BEB . FF52 10 CALL DWORD PTR DS:[EDX+10] ; MD5核心算法Call,F7跟进
00401BEE . 8B4C24 48 MOV ECX,DWORD PTR SS:[ESP+48] ; ECX=12f634,设为c2数组地址
00401BF2 . 8D46 08 LEA EAX,DWORD PTR DS:[ESI+8] ; EAX指向c1[2]地址
00401BF5 . 8B56 08 MOV EDX,DWORD PTR DS:[ESI+8]
00401BF8 . 8911 MOV DWORD PTR DS:[ECX],EDX ; c2[0]=c1[2]
00401BFA . 8B50 04 MOV EDX,DWORD PTR DS:[EAX+4]
00401BFD . 8951 04 MOV DWORD PTR DS:[ECX+4],EDX ; c2[1]=c1[3]
00401C00 . 8B50 08 MOV EDX,DWORD PTR DS:[EAX+8]
00401C03 . 8951 08 MOV DWORD PTR DS:[ECX+8],EDX ; c2[2]=c1[4]
00401C06 . 8B40 0C MOV EAX,DWORD PTR DS:[EAX+C]
00401C09 . 8941 0C MOV DWORD PTR DS:[ECX+C],EAX ; c2[3]=c1[5]
00401C0C . 8B16 MOV EDX,DWORD PTR DS:[ESI]
00401C0E . 8BCE MOV ECX,ESI ; 以上语句作用是将MD5的4个值复制到另外一个数组中
00401C10 . FF52 0C CALL DWORD PTR DS:[EDX+C] ; 该Call作用是将c1数组重新进行初如化
00401C13 . 8B4C24 38 MOV ECX,DWORD PTR SS:[ESP+38]
00401C17 . 5F POP EDI
00401C18 . 5E POP ESI
00401C19 . 5B POP EBX
00401C1A . 64:890D 00000>MOV DWORD PTR FS:[0],ECX
00401C21 . 83C4 38 ADD ESP,38
00401C24 . C2 0400 RET 4【MD5核心算法Call】( 对应函数fun1)
00401C60 . 83EC 10 SUB ESP,10 ; 这里开始
00401C63 . 53 PUSH EBX
00401C64 . 55 PUSH EBP
00401C65 . 56 PUSH ESI
00401C66 . 8BF1 MOV ESI,ECX ; ESI取得数组地址(12f67c,假设为数组C1首地址)
00401C68 . 57 PUSH EDI
00401C69 . 8B5E 14 MOV EBX,DWORD PTR DS:[ESI+14] ; EBX=数组C1[5]
00401C6C . 8B56 10 MOV EDX,DWORD PTR DS:[ESI+10] ; EDX=数组C1[4]
00401C6F . 8B7E 0C MOV EDI,DWORD PTR DS:[ESI+C] ; EDI=数组C1[3]
00401C72 . 8B6E 08 MOV EBP,DWORD PTR DS:[ESI+8] ; EBP=数组C1[2]
00401C75 . 8B46 20 MOV EAX,DWORD PTR DS:[ESI+20] ; EAX=数组C1[8],用户名开始的前4个字符
00401C78 . 8BCB MOV ECX,EBX
00401C7A . 33CA XOR ECX,EDX
00401C7C . 23CF AND ECX,EDI
00401C7E . 33CB XOR ECX,EBX
00401C80 . 03CD ADD ECX,EBP
00401C82 . 8BEA MOV EBP,EDX
00401C84 . 33EF XOR EBP,EDI
00401C86 . 8D8C01 78A46A>LEA ECX,DWORD PTR DS:[ECX+EAX+D76AA478]
00401C8D . 8BC1 MOV EAX,ECX
00401C8F . C1E8 19 SHR EAX,19
00401C92 . C1E1 07 SHL ECX,7
00401C95 . 0BC1 OR EAX,ECX
00401C97 . 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+24] ; EAX=数组C1[9],用户名开始填充的512字节
00401C9A . 03C7 ADD EAX,EDI
00401C9C . 23E8 AND EBP,EAX
00401C9E . 33EA XOR EBP,EDX
00401CA0 . 03E9 ADD EBP,ECX
00401CA2 . 8D9C2B 56B7C7>LEA EBX,DWORD PTR DS:[EBX+EBP+E8C7B756]
00401CA9 . 8BEF MOV EBP,EDI
00401CAB . 8BCB MOV ECX,EBX
00401CAD . 33E8 XOR EBP,EAX
00401CAF . C1E9 14 SHR ECX,14
00401CB2 . C1E3 0C SHL EBX,0C
00401CB5 . 0BCB OR ECX,EBX
00401CB7 . 8B5E 28 MOV EBX,DWORD PTR DS:[ESI+28] ; EAX=数组C1[10]
00401CBA . 03C8 ADD ECX,EAX
00401CBC . 23E9 AND EBP,ECX
00401CBE . 33EF XOR EBP,EDI
00401CC0 . 03EB ADD EBP,EBX
00401CC2 . 8D9C2A DB7020>LEA EBX,DWORD PTR DS:[EDX+EBP+242070DB]
00401CC9 . 8BE9 MOV EBP,ECX
00401CCB . 8BD3 MOV EDX,EBX
00401CCD . 33E8 XOR EBP,EAX
00401CCF . C1EA 0F SHR EDX,0F
00401CD2 . C1E3 11 SHL EBX,11
00401CD5 . 0BD3 OR EDX,EBX
00401CD7 . 8B5E 2C MOV EBX,DWORD PTR DS:[ESI+2C] ; C1[11]
00401CDA . 03D1 ADD EDX,ECX
00401CDC . 23EA AND EBP,EDX
00401CDE . 33E8 XOR EBP,EAX
00401CE0 . 03EB ADD EBP,EBX
00401CE2 . 8D9C2F EECEBD>LEA EBX,DWORD PTR DS:[EDI+EBP+C1BDCEEE]
00401CE9 . 8BE9 MOV EBP,ECX
00401CEB . 8BFB MOV EDI,EBX
00401CED . 33EA XOR EBP,EDX
00401CEF . C1E7 16 SHL EDI,16
00401CF2 . C1EB 0A SHR EBX,0A
00401CF5 . 0BFB OR EDI,EBX
00401CF7 . 8B5E 30 MOV EBX,DWORD PTR DS:[ESI+30] ; C1[12]
00401CFA . 03FA ADD EDI,EDX
00401CFC . 23EF AND EBP,EDI
00401CFE . 33E9 XOR EBP,ECX
00401D00 . 03EB ADD EBP,EBX
00401D02 . 8D8428 AF0F7C>LEA EAX,DWORD PTR DS:[EAX+EBP+F57C0FAF]
00401D09 . 8BEA MOV EBP,EDX
00401D0B . 8BD8 MOV EBX,EAX
00401D0D . 33EF XOR EBP,EDI
00401D0F . C1EB 19 SHR EBX,19
00401D12 . C1E0 07 SHL EAX,7
00401D15 . 0BD8 OR EBX,EAX
00401D17 . 8B46 34 MOV EAX,DWORD PTR DS:[ESI+34] ; C1[13]
00401D1A . 03DF ADD EBX,EDI
00401D1C . 23EB AND EBP,EBX
00401D1E . 33EA XOR EBP,EDX
00401D20 . 03E8 ADD EBP,EAX
00401D22 . 8D8C29 2AC687>LEA ECX,DWORD PTR DS:[ECX+EBP+4787C62A]
00401D29 . 8BC1 MOV EAX,ECX
00401D2B . C1E8 14 SHR EAX,14
00401D2E . C1E1 0C SHL ECX,0C
00401D31 . 0BC1 OR EAX,ECX
00401D33 . 03C3 ADD EAX,EBX
00401D35 . 8B4E 38 MOV ECX,DWORD PTR DS:[ESI+38] ; C1[14]
00401D38 . 8BEF MOV EBP,EDI
00401D3A . 33EB XOR EBP,EBX
00401D3C . 23E8 AND EBP,EAX
00401D3E . 33EF XOR EBP,EDI
00401D40 . 03E9 ADD EBP,ECX
00401D42 . 8D942A 134630>LEA EDX,DWORD PTR DS:[EDX+EBP+A8304613]
00401D49 . 8BE8 MOV EBP,EAX
00401D4B . 8BCA MOV ECX,EDX
00401D4D . 33EB XOR EBP,EBX
00401D4F . C1E9 0F SHR ECX,0F
00401D52 . C1E2 11 SHL EDX,11
00401D55 . 0BCA OR ECX,EDX
00401D57 . 8B56 3C MOV EDX,DWORD PTR DS:[ESI+3C] ; C1[15]
00401D5A . 03C8 ADD ECX,EAX
00401D5C . 23E9 AND EBP,ECX
00401D5E . 33EB XOR EBP,EBX
00401D60 . 03EA ADD EBP,EDX
00401D62 . 8DBC2F 019546>LEA EDI,DWORD PTR DS:[EDI+EBP+FD469501]
00401D69 . 8BE8 MOV EBP,EAX
00401D6B . 8BD7 MOV EDX,EDI
00401D6D . 33E9 XOR EBP,ECX
00401D6F . C1E2 16 SHL EDX,16
00401D72 . C1EF 0A SHR EDI,0A
00401D75 . 0BD7 OR EDX,EDI
00401D77 . 8B7E 40 MOV EDI,DWORD PTR DS:[ESI+40] ; C1[16]
00401D7A . 03D1 ADD EDX,ECX
00401D7C . 23EA AND EBP,EDX
00401D7E . 33E8 XOR EBP,EAX
00401D80 . 03EF ADD EBP,EDI
00401D82 . 8D9C2B D89880>LEA EBX,DWORD PTR DS:[EBX+EBP+698098D8]
00401D89 . 8BE9 MOV EBP,ECX
00401D8B . 8BFB MOV EDI,EBX
00401D8D . 33EA XOR EBP,EDX
00401D8F . C1EF 19 SHR EDI,19
00401D92 . C1E3 07 SHL EBX,7
00401D95 . 0BFB OR EDI,EBX
00401D97 . 8B5E 44 MOV EBX,DWORD PTR DS:[ESI+44] ; C1[17]
00401D9A . 03FA ADD EDI,EDX
00401D9C . 23EF AND EBP,EDI
00401D9E . 33E9 XOR EBP,ECX
00401DA0 . 03EB ADD EBP,EBX
00401DA2 . 8D8428 AFF744>LEA EAX,DWORD PTR DS:[EAX+EBP+8B44F7AF]
00401DA9 . 8BEA MOV EBP,EDX
00401DAB . 8BD8 MOV EBX,EAX
00401DAD . 33EF XOR EBP,EDI
00401DAF . C1EB 14 SHR EBX,14
00401DB2 . C1E0 0C SHL EAX,0C
00401DB5 . 0BD8 OR EBX,EAX
00401DB7 . 8B46 48 MOV EAX,DWORD PTR DS:[ESI+48] ; C1[18]
00401DBA . 03DF ADD EBX,EDI
00401DBC . 23EB AND EBP,EBX
00401DBE . 33EA XOR EBP,EDX
00401DC0 . 03E8 ADD EBP,EAX
00401DC2 . 8D8C29 B15BFF>LEA ECX,DWORD PTR DS:[ECX+EBP+FFFF5BB1]
00401DC9 . 8BEB MOV EBP,EBX
00401DCB . 8BC1 MOV EAX,ECX
00401DCD . 33EF XOR EBP,EDI
00401DCF . C1E8 0F SHR EAX,0F
00401DD2 . C1E1 11 SHL ECX,11
00401DD5 . 0BC1 OR EAX,ECX
00401DD7 . 8B4E 4C MOV ECX,DWORD PTR DS:[ESI+4C] ; C1[19]
00401DDA . 03C3 ADD EAX,EBX
00401DDC . 23E8 AND EBP,EAX
00401DDE . 33EF XOR EBP,EDI
00401DE0 . 03E9 ADD EBP,ECX
00401DE2 . 8D942A BED75C>LEA EDX,DWORD PTR DS:[EDX+EBP+895CD7BE]
00401DE9 . 8BEB MOV EBP,EBX
00401DEB . 8BCA MOV ECX,EDX
00401DED . 33E8 XOR EBP,EAX
00401DEF . C1E1 16 SHL ECX,16
00401DF2 . C1EA 0A SHR EDX,0A
00401DF5 . 0BCA OR ECX,EDX
00401DF7 . 8B56 50 MOV EDX,DWORD PTR DS:[ESI+50] ; C1[20]
00401DFA . 03C8 ADD ECX,EAX
00401DFC . 23E9 AND EBP,ECX
00401DFE . 33EB XOR EBP,EBX
00401E00 . 03EA ADD EBP,EDX
00401E02 . 8DBC2F 221190>LEA EDI,DWORD PTR DS:[EDI+EBP+6B901122]
00401E09 . 8BD7 MOV EDX,EDI
00401E0B . C1EA 19 SHR EDX,19
00401E0E . C1E7 07 SHL EDI,7
00401E11 . 0BD7 OR EDX,EDI
00401E13 . 8B7E 54 MOV EDI,DWORD PTR DS:[ESI+54] ; C1[21]
00401E16 . 8BE8 MOV EBP,EAX
00401E18 . 03D1 ADD EDX,ECX
00401E1A . 33E9 XOR EBP,ECX
00401E1C . 23EA AND EBP,EDX
00401E1E . 33E8 XOR EBP,EAX
00401E20 . 03EF ADD EBP,EDI
00401E22 . 8B7E 58 MOV EDI,DWORD PTR DS:[ESI+58] ; C1[22]
00401E25 . 8D9C2B 937198>LEA EBX,DWORD PTR DS:[EBX+EBP+FD987193]
00401E2C . 8BEB MOV EBP,EBX
00401E2E . C1ED 14 SHR EBP,14
00401E31 . C1E3 0C SHL EBX,0C
00401E34 . 0BEB OR EBP,EBX
00401E36 . 8BD9 MOV EBX,ECX
00401E38 . 03EA ADD EBP,EDX
00401E3A . 33DA XOR EBX,EDX
00401E3C . 23DD AND EBX,EBP
00401E3E . 33D9 XOR EBX,ECX
00401E40 . 03DF ADD EBX,EDI
00401E42 . 8D8418 8E4379>LEA EAX,DWORD PTR DS:[EAX+EBX+A679438E]
00401E49 . 8BDD MOV EBX,EBP
00401E4B . 8BF8 MOV EDI,EAX
00401E4D . 33DA XOR EBX,EDX
00401E4F . C1EF 0F SHR EDI,0F
00401E52 . C1E0 11 SHL EAX,11
00401E55 . 0BF8 OR EDI,EAX
00401E57 . 8B46 5C MOV EAX,DWORD PTR DS:[ESI+5C] ; C1[23]
00401E5A . 03FD ADD EDI,EBP
00401E5C . 23DF AND EBX,EDI
00401E5E . 33DA XOR EBX,EDX
00401E60 . 03D8 ADD EBX,EAX
00401E62 . 8D8C19 2108B4>LEA ECX,DWORD PTR DS:[ECX+EBX+49B40821] ;第一轮运算结束
00401E69 . 8B5E 24 MOV EBX,DWORD PTR DS:[ESI+24] ; C1[9]
00401E6C . 8BC1 MOV EAX,ECX
00401E6E . C1E0 16 SHL EAX,16
00401E71 . C1E9 0A SHR ECX,0A
00401E74 . 0BC1 OR EAX,ECX
00401E76 . 8BCF MOV ECX,EDI
00401E78 . 03C7 ADD EAX,EDI
00401E7A . 33C8 XOR ECX,EAX
00401E7C . 23CD AND ECX,EBP
00401E7E . 33CF XOR ECX,EDI
00401E80 . 03CB ADD ECX,EBX
00401E82 . 8B5E 38 MOV EBX,DWORD PTR DS:[ESI+38] ; C1[14]
00401E85 . 8D940A 62251E>LEA EDX,DWORD PTR DS:[EDX+ECX+F61E2562]
00401E8C . 8BCA MOV ECX,EDX
00401E8E . C1E9 1B SHR ECX,1B
00401E91 . C1E2 05 SHL EDX,5
00401E94 . 0BCA OR ECX,EDX
00401E96 . 8BD0 MOV EDX,EAX
00401E98 . 03C8 ADD ECX,EAX
00401E9A . 33D1 XOR EDX,ECX
00401E9C . 23D7 AND EDX,EDI
00401E9E . 33D0 XOR EDX,EAX
00401EA0 . 03D3 ADD EDX,EBX
00401EA2 . 8DAC2A 40B340>LEA EBP,DWORD PTR DS:[EDX+EBP+C040B340]
00401EA9 . 8BD5 MOV EDX,EBP
00401EAB . C1EA 17 SHR EDX,17
00401EAE . C1E5 09 SHL EBP,9
00401EB1 . 0BD5 OR EDX,EBP
00401EB3 . 8B6E 4C MOV EBP,DWORD PTR DS:[ESI+4C] ; C1[19]
00401EB6 . 03D1 ADD EDX,ECX
00401EB8 . 8BDA MOV EBX,EDX
00401EBA . 33D9 XOR EBX,ECX
00401EBC . 23D8 AND EBX,EAX
00401EBE . 33D9 XOR EBX,ECX
00401EC0 . 03DD ADD EBX,EBP
00401EC2 . 8B6E 20 MOV EBP,DWORD PTR DS:[ESI+20] ; C1[8]
00401EC5 . 8DBC1F 515A5E>LEA EDI,DWORD PTR DS:[EDI+EBX+265E5A51]
00401ECC . 8BDF MOV EBX,EDI
00401ECE . C1EB 12 SHR EBX,12
00401ED1 . C1E7 0E SHL EDI,0E
00401ED4 . 0BDF OR EBX,EDI
00401ED6 . 8BFA MOV EDI,EDX
00401ED8 . 03DA ADD EBX,EDX
00401EDA . 33FB XOR EDI,EBX
00401EDC . 23F9 AND EDI,ECX
00401EDE . 33FA XOR EDI,EDX
00401EE0 . 03FD ADD EDI,EBP
00401EE2 . 8D8438 AAC7B6>LEA EAX,DWORD PTR DS:[EAX+EDI+E9B6C7AA]
00401EE9 . 8B6E 34 MOV EBP,DWORD PTR DS:[ESI+34] ; C1[13]
00401EEC . 8BF8 MOV EDI,EAX
00401EEE . C1E7 14 SHL EDI,14
00401EF1 . C1E8 0C SHR EAX,0C
00401EF4 . 0BF8 OR EDI,EAX
00401EF6 . 8BC3 MOV EAX,EBX
00401EF8 . 03FB ADD EDI,EBX
00401EFA . 33C7 XOR EAX,EDI
00401EFC . 23C2 AND EAX,EDX
00401EFE . 33C3 XOR EAX,EBX
00401F00 . 03C5 ADD EAX,EBP
00401F02 . 8B6E 48 MOV EBP,DWORD PTR DS:[ESI+48] ; C1[18]
00401F05 . 8D8C01 5D102F>LEA ECX,DWORD PTR DS:[ECX+EAX+D62F105D]
00401F0C . 8BC1 MOV EAX,ECX
00401F0E . C1E8 1B SHR EAX,1B
00401F11 . C1E1 05 SHL ECX,5
00401F14 . 0BC1 OR EAX,ECX
00401F16 . 8BCF MOV ECX,EDI
00401F18 . 03C7 ADD EAX,EDI
00401F1A . 33C8 XOR ECX,EAX
00401F1C . 23CB AND ECX,EBX
00401F1E . 33CF XOR ECX,EDI
00401F20 . 03CD ADD ECX,EBP
00401F22 . 8B6E 5C MOV EBP,DWORD PTR DS:[ESI+5C] ; C1[23]
00401F25 . 8D940A 531444>LEA EDX,DWORD PTR DS:[EDX+ECX+2441453]
00401F2C . 8BCA MOV ECX,EDX
00401F2E . C1E9 17 SHR ECX,17
00401F31 . C1E2 09 SHL EDX,9
00401F34 . 0BCA OR ECX,EDX
00401F36 . 03C8 ADD ECX,EAX
00401F38 . 8BD1 MOV EDX,ECX
00401F3A . 33D0 XOR EDX,EAX
00401F3C . 23D7 AND EDX,EDI
00401F3E . 33D0 XOR EDX,EAX
00401F40 . 03D5 ADD EDX,EBP
00401F42 . 8B6E 30 MOV EBP,DWORD PTR DS:[ESI+30] ; C1[12]
00401F45 . 8D9C13 81E6A1>LEA EBX,DWORD PTR DS:[EBX+EDX+D8A1E681]
00401F4C . 8BD3 MOV EDX,EBX
00401F4E . C1EA 12 SHR EDX,12
00401F51 . C1E3 0E SHL EBX,0E
00401F54 . 0BD3 OR EDX,EBX
00401F56 . 8BD9 MOV EBX,ECX
00401F58 . 03D1 ADD EDX,ECX
00401F5A . 33DA XOR EBX,EDX
00401F5C . 23D8 AND EBX,EAX
00401F5E . 33D9 XOR EBX,ECX
00401F60 . 03DD ADD EBX,EBP
00401F62 . 8B6E 44 MOV EBP,DWORD PTR DS:[ESI+44] ; C1[17]
00401F65 . 8DBC1F C8FBD3>LEA EDI,DWORD PTR DS:[EDI+EBX+E7D3FBC8]
00401F6C . 8BDF MOV EBX,EDI
00401F6E . C1E3 14 SHL EBX,14
00401F71 . C1EF 0C SHR EDI,0C
00401F74 . 0BDF OR EBX,EDI
00401F76 . 8BFA MOV EDI,EDX
00401F78 . 03DA ADD EBX,EDX
00401F7A . 33FB XOR EDI,EBX
00401F7C . 23F9 AND EDI,ECX
00401F7E . 33FA XOR EDI,EDX
00401F80 . 03FD ADD EDI,EBP
00401F82 . 8B6E 58 MOV EBP,DWORD PTR DS:[ESI+58] ; C1[22]
00401F85 . 8D8438 E6CDE1>LEA EAX,DWORD PTR DS:[EAX+EDI+21E1CDE6]
00401F8C . 8BF8 MOV EDI,EAX
00401F8E . C1EF 1B SHR EDI,1B
00401F91 . C1E0 05 SHL EAX,5
00401F94 . 0BF8 OR EDI,EAX
00401F96 . 8BC3 MOV EAX,EBX
00401F98 . 03FB ADD EDI,EBX
00401F9A . 33C7 XOR EAX,EDI
00401F9C . 23C2 AND EAX,EDX
00401F9E . 33C3 XOR EAX,EBX
00401FA0 . 03C5 ADD EAX,EBP
00401FA2 . 8D8C01 D60737>LEA ECX,DWORD PTR DS:[ECX+EAX+C33707D6]
00401FA9 . 8BC1 MOV EAX,ECX
00401FAB . C1E8 17 SHR EAX,17
00401FAE . C1E1 09 SHL ECX,9
00401FB1 . 0BC1 OR EAX,ECX
00401FB3 . 03C7 ADD EAX,EDI
00401FB5 . 8BC8 MOV ECX,EAX
00401FB7 . 33CF XOR ECX,EDI
00401FB9 . 23CB AND ECX,EBX
00401FBB . 8B6E 2C MOV EBP,DWORD PTR DS:[ESI+2C] ; C1[11]
00401FBE . 33CF XOR ECX,EDI
00401FC0 . 03CD ADD ECX,EBP
00401FC2 . 8B6E 40 MOV EBP,DWORD PTR DS:[ESI+40] ; C1[16]
00401FC5 . 8D940A 870DD5>LEA EDX,DWORD PTR DS:[EDX+ECX+F4D50D87]
00401FCC . 8BCA MOV ECX,EDX
00401FCE . C1E9 12 SHR ECX,12
00401FD1 . C1E2 0E SHL EDX,0E
00401FD4 . 0BCA OR ECX,EDX
00401FD6 . 8BD0 MOV EDX,EAX
00401FD8 . 03C8 ADD ECX,EAX
00401FDA . 33D1 XOR EDX,ECX
00401FDC . 23D7 AND EDX,EDI
00401FDE . 33D0 XOR EDX,EAX
00401FE0 . 03D5 ADD EDX,EBP
00401FE2 . 8B6E 54 MOV EBP,DWORD PTR DS:[ESI+54] ; C1[21]
00401FE5 . 8D9C13 ED145A>LEA EBX,DWORD PTR DS:[EBX+EDX+455A14ED]
00401FEC . 8BD3 MOV EDX,EBX
00401FEE . C1E2 14 SHL EDX,14
00401FF1 . C1EB 0C SHR EBX,0C
00401FF4 . 0BD3 OR EDX,EBX
00401FF6 . 8BD9 MOV EBX,ECX
00401FF8 . 03D1 ADD EDX,ECX
00401FFA . 33DA XOR EBX,EDX
00401FFC . 23D8 AND EBX,EAX
00401FFE . 33D9 XOR EBX,ECX
00402000 . 03DD ADD EBX,EBP
00402002 . 8B6E 28 MOV EBP,DWORD PTR DS:[ESI+28] ; C1[10]
00402005 . 8DBC1F 05E9E3>LEA EDI,DWORD PTR DS:[EDI+EBX+A9E3E905]
0040200C . 8BDF MOV EBX,EDI
0040200E . C1EB 1B SHR EBX,1B
00402011 . C1E7 05 SHL EDI,5
00402014 . 0BDF OR EBX,EDI
00402016 . 8BFA MOV EDI,EDX
00402018 . 03DA ADD EBX,EDX
0040201A . 33FB XOR EDI,EBX
0040201C . 23F9 AND EDI,ECX
0040201E . 33FA XOR EDI,EDX
00402020 . 03FD ADD EDI,EBP
00402022 . 8B6E 3C MOV EBP,DWORD PTR DS:[ESI+3C] ; C1[15]
00402025 . 8D8438 F8A3EF>LEA EAX,DWORD PTR DS:[EAX+EDI+FCEFA3F8]
0040202C . 8BF8 MOV EDI,EAX
0040202E . C1EF 17 SHR EDI,17
00402031 . C1E0 09 SHL EAX,9
00402034 . 0BF8 OR EDI,EAX
00402036 . 03FB ADD EDI,EBX
00402038 . 8BC7 MOV EAX,EDI
0040203A . 33C3 XOR EAX,EBX
0040203C . 23C2 AND EAX,EDX
0040203E . 33C3 XOR EAX,EBX
00402040 . 03C5 ADD EAX,EBP
00402042 . 8D8C01 D9026F>LEA ECX,DWORD PTR DS:[ECX+EAX+676F02D9]
00402049 . 8BC7 MOV EAX,EDI
0040204B . 8BE9 MOV EBP,ECX
0040204D . C1ED 12 SHR EBP,12
00402050 . C1E1 0E SHL ECX,0E
00402053 . 0BE9 OR EBP,ECX
00402055 . 8B4E 50 MOV ECX,DWORD PTR DS:[ESI+50] ; C1[20]
00402058 . 03EF ADD EBP,EDI
0040205A . 33C5 XOR EAX,EBP
0040205C . 894424 1C MOV DWORD PTR SS:[ESP+1C],EAX ; 临时变量n1
00402060 . 23C3 AND EAX,EBX
00402062 . 33C7 XOR EAX,EDI
00402064 . 03C1 ADD EAX,ECX
00402066 . 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+1C]
0040206A . 8D9402 8A4C2A>LEA EDX,DWORD PTR DS:[EDX+EAX+8D2A4C8A] ;第二轮运算结束
00402071 . 8BC2 MOV EAX,EDX
00402073 . C1E0 14 SHL EAX,14
00402076 . C1EA 0C SHR EDX,0C
00402079 . 0BC2 OR EAX,EDX
0040207B . 8B56 34 MOV EDX,DWORD PTR DS:[ESI+34] ; C1[13]
0040207E . 03C5 ADD EAX,EBP
00402080 . 33C8 XOR ECX,EAX
00402082 . 03CA ADD ECX,EDX
00402084 . 8BD5 MOV EDX,EBP
00402086 . 8D9C0B 4239FA>LEA EBX,DWORD PTR DS:[EBX+ECX+FFFA3942]
0040208D . 8BCB MOV ECX,EBX
0040208F . C1E9 1C SHR ECX,1C
00402092 . C1E3 04 SHL EBX,4
00402095 . 0BCB OR ECX,EBX
00402097 . 03C8 ADD ECX,EAX
00402099 . 8B5E 40 MOV EBX,DWORD PTR DS:[ESI+40] ; C1[16]
0040209C . 33D0 XOR EDX,EAX
0040209E . 33D1 XOR EDX,ECX
004020A0 . 03D3 ADD EDX,EBX
004020A2 . 8B5E 4C MOV EBX,DWORD PTR DS:[ESI+4C] ; C1[19]
004020A5 . 8DBC17 81F671>LEA EDI,DWORD PTR DS:[EDI+EDX+8771F681]
004020AC . 8BD7 MOV EDX,EDI
004020AE . C1EA 15 SHR EDX,15
004020B1 . C1E7 0B SHL EDI,0B
004020B4 . 0BD7 OR EDX,EDI
004020B6 . 03D1 ADD EDX,ECX
004020B8 . 8BFA MOV EDI,EDX
004020BA . 33F8 XOR EDI,EAX
004020BC . 33F9 XOR EDI,ECX
004020BE . 03FB ADD EDI,EBX
004020C0 . 8BDA MOV EBX,EDX
004020C2 . 8DAC2F 22619D>LEA EBP,DWORD PTR DS:[EDI+EBP+6D9D6122]
004020C9 . 8BFD MOV EDI,EBP
004020CB . C1EF 10 SHR EDI,10
004020CE . C1E5 10 SHL EBP,10
004020D1 . 0BFD OR EDI,EBP
004020D3 . 03FA ADD EDI,EDX
004020D5 . 33DF XOR EBX,EDI
004020D7 . 8BEB MOV EBP,EBX
004020D9 . 33E9 XOR EBP,ECX
004020DB . 036E 58 ADD EBP,DWORD PTR DS:[ESI+58] ; C1[22]
004020DE . 8DAC28 0C38E5>LEA EBP,DWORD PTR DS:[EAX+EBP+FDE5380C]
004020E5 . 8BC5 MOV EAX,EBP
004020E7 . C1E0 17 SHL EAX,17
004020EA . C1ED 09 SHR EBP,9
004020ED . 0BC5 OR EAX,EBP
004020EF . 8B6E 24 MOV EBP,DWORD PTR DS:[ESI+24] ; C1[9]
004020F2 . 03C7 ADD EAX,EDI
004020F4 . 33D8 XOR EBX,EAX
004020F6 . 03DD ADD EBX,EBP
004020F8 . 8B6E 30 MOV EBP,DWORD PTR DS:[ESI+30] ; C1[12]
004020FB . 8D9C19 44EABE>LEA EBX,DWORD PTR DS:[ECX+EBX+A4BEEA44]
00402102 . 8BCB MOV ECX,EBX
00402104 . C1E9 1C SHR ECX,1C
00402107 . C1E3 04 SHL EBX,4
0040210A . 0BCB OR ECX,EBX
0040210C . 8BDF MOV EBX,EDI
0040210E . 03C8 ADD ECX,EAX
00402110 . 33D8 XOR EBX,EAX
00402112 . 33D9 XOR EBX,ECX
00402114 . 03DD ADD EBX,EBP
00402116 . 8B6E 3C MOV EBP,DWORD PTR DS:[ESI+3C] ; C1[15]
00402119 . 8D9C1A A9CFDE>LEA EBX,DWORD PTR DS:[EDX+EBX+4BDECFA9]
00402120 . 8BD3 MOV EDX,EBX
00402122 . C1EA 15 SHR EDX,15
00402125 . C1E3 0B SHL EBX,0B
00402128 . 0BD3 OR EDX,EBX
0040212A . 03D1 ADD EDX,ECX
0040212C . 8BDA MOV EBX,EDX
0040212E . 33D8 XOR EBX,EAX
00402130 . 33D9 XOR EBX,ECX
00402132 . 03DD ADD EBX,EBP
00402134 . 8D9C1F 604BBB>LEA EBX,DWORD PTR DS:[EDI+EBX+F6BB4B60]
0040213B . 8BFB MOV EDI,EBX
0040213D . C1EF 10 SHR EDI,10
00402140 . C1E3 10 SHL EBX,10
00402143 . 0BFB OR EDI,EBX
00402145 . 8BDA MOV EBX,EDX
00402147 . 03FA ADD EDI,EDX
00402149 . 33DF XOR EBX,EDI
0040214B . 8BEB MOV EBP,EBX
0040214D . 33E9 XOR EBP,ECX
0040214F . 036E 48 ADD EBP,DWORD PTR DS:[ESI+48] ; C1[18]
00402152 . 8DAC28 70BCBF>LEA EBP,DWORD PTR DS:[EAX+EBP+BEBFBC70]
00402159 . 8BC5 MOV EAX,EBP
0040215B . C1E0 17 SHL EAX,17
0040215E . C1ED 09 SHR EBP,9
00402161 . 0BC5 OR EAX,EBP
00402163 . 8B6E 54 MOV EBP,DWORD PTR DS:[ESI+54] ; C1[21]
00402166 . 03C7 ADD EAX,EDI
00402168 . 33D8 XOR EBX,EAX
0040216A . 03DD ADD EBX,EBP
0040216C . 8D9C19 C67E9B>LEA EBX,DWORD PTR DS:[ECX+EBX+289B7EC6]
00402173 . 8BCB MOV ECX,EBX
00402175 . C1E9 1C SHR ECX,1C
00402178 . C1E3 04 SHL EBX,4
0040217B . 8B6E 20 MOV EBP,DWORD PTR DS:[ESI+20] ; C1[8]
0040217E . 0BCB OR ECX,EBX
00402180 . 8BDF MOV EBX,EDI
00402182 . 03C8 ADD ECX,EAX
00402184 . 33D8 XOR EBX,EAX
00402186 . 33D9 XOR EBX,ECX
00402188 . 03DD ADD EBX,EBP
0040218A . 8B6E 2C MOV EBP,DWORD PTR DS:[ESI+2C] ; C1[11]
0040218D . 8D9C1A FA27A1>LEA EBX,DWORD PTR DS:[EDX+EBX+EAA127FA]
00402194 . 8BD3 MOV EDX,EBX
00402196 . C1E3 0B SHL EBX,0B
00402199 . C1EA 15 SHR EDX,15
0040219C . 0BD3 OR EDX,EBX
0040219E . 03D1 ADD EDX,ECX
004021A0 . 8BDA MOV EBX,EDX
004021A2 . 33D8 XOR EBX,EAX
004021A4 . 33D9 XOR EBX,ECX
004021A6 . 03DD ADD EBX,EBP
004021A8 . 8D9C1F 8530EF>LEA EBX,DWORD PTR DS:[EDI+EBX+D4EF3085]
004021AF . 8BFB MOV EDI,EBX
004021B1 . C1EF 10 SHR EDI,10
004021B4 . C1E3 10 SHL EBX,10
004021B7 . 0BFB OR EDI,EBX
004021B9 . 8BDA MOV EBX,EDX
004021BB . 03FA ADD EDI,EDX
004021BD . 33DF XOR EBX,EDI
004021BF . 8BEB MOV EBP,EBX
004021C1 . 33E9 XOR EBP,ECX
004021C3 . 036E 38 ADD EBP,DWORD PTR DS:[ESI+38] ; C1[14]
004021C6 . 8DAC28 051D88>LEA EBP,DWORD PTR DS:[EAX+EBP+4881D05]
004021CD . 8BC5 MOV EAX,EBP
004021CF . C1E0 17 SHL EAX,17
004021D2 . C1ED 09 SHR EBP,9
004021D5 . 0BC5 OR EAX,EBP
004021D7 . 8B6E 44 MOV EBP,DWORD PTR DS:[ESI+44] ; C1[17]
004021DA . 03C7 ADD EAX,EDI
004021DC . 33D8 XOR EBX,EAX
004021DE . 03DD ADD EBX,EBP
004021E0 . 8B6E 50 MOV EBP,DWORD PTR DS:[ESI+50] ; C1[20]
004021E3 . 8D9C19 39D0D4>LEA EBX,DWORD PTR DS:[ECX+EBX+D9D4D039]
004021EA . 8BCB MOV ECX,EBX
004021EC . C1E9 1C SHR ECX,1C
004021EF . C1E3 04 SHL EBX,4
004021F2 . 0BCB OR ECX,EBX
004021F4 . 8BDF MOV EBX,EDI
004021F6 . 03C8 ADD ECX,EAX
004021F8 . 33D8 XOR EBX,EAX
004021FA . 33D9 XOR EBX,ECX
004021FC . 03DD ADD EBX,EBP
004021FE . 8B6E 5C MOV EBP,DWORD PTR DS:[ESI+5C] ; C1[23]
00402201 . 8D9C1A E599DB>LEA EBX,DWORD PTR DS:[EDX+EBX+E6DB99E5]
00402208 . 8BD3 MOV EDX,EBX
0040220A . C1EA 15 SHR EDX,15
0040220D . C1E3 0B SHL EBX,0B
00402210 . 0BD3 OR EDX,EBX
00402212 . 03D1 ADD EDX,ECX
00402214 . 8BDA MOV EBX,EDX
00402216 . 33D8 XOR EBX,EAX
00402218 . 33D9 XOR EBX,ECX
0040221A . 03DD ADD EBX,EBP
0040221C . 8B6E 28 MOV EBP,DWORD PTR DS:[ESI+28] ; C1[10]
0040221F . 8D9C1F F87CA2>LEA EBX,DWORD PTR DS:[EDI+EBX+1FA27CF8]
00402226 . 8BFB MOV EDI,EBX
00402228 . C1EF 10 SHR EDI,10
0040222B . C1E3 10 SHL EBX,10
0040222E . 0BFB OR EDI,EBX
00402230 . 8BDA MOV EBX,EDX
00402232 . 03FA ADD EDI,EDX
00402234 . 33DF XOR EBX,EDI
00402236 . 33D9 XOR EBX,ECX
00402238 . 03DD ADD EBX,EBP
0040223A . 8D9C18 6556AC>LEA EBX,DWORD PTR DS:[EAX+EBX+C4AC5665] ;第三轮运算结束
00402241 . 8BC3 MOV EAX,EBX
00402243 . C1E0 17 SHL EAX,17
00402246 . C1EB 09 SHR EBX,9
00402249 . 0BC3 OR EAX,EBX
0040224B . 8BDA MOV EBX,EDX
0040224D . 03C7 ADD EAX,EDI
0040224F . F7D3 NOT EBX
00402251 . 0BD8 OR EBX,EAX
00402253 . 33DF XOR EBX,EDI
00402255 . 8B6E 20 MOV EBP,DWORD PTR DS:[ESI+20] ; C1[8]
00402258 . 03DD ADD EBX,EBP
0040225A . 8B6E 3C MOV EBP,DWORD PTR DS:[ESI+3C] ; C1[15]
0040225D . 8D8C19 442229>LEA ECX,DWORD PTR DS:[ECX+EBX+F4292244]
00402264 . 8BD9 MOV EBX,ECX
00402266 . C1EB 1A SHR EBX,1A
00402269 . C1E1 06 SHL ECX,6
0040226C . 0BD9 OR EBX,ECX
0040226E . 8BCF MOV ECX,EDI
00402270 . 03D8 ADD EBX,EAX
00402272 . F7D1 NOT ECX
00402274 . 0BCB OR ECX,EBX
00402276 . 33C8 XOR ECX,EAX
00402278 . 03CD ADD ECX,EBP
0040227A . 8B6E 58 MOV EBP,DWORD PTR DS:[ESI+58] ; C1[22]
0040227D . 8D940A 97FF2A>LEA EDX,DWORD PTR DS:[EDX+ECX+432AFF97]
00402284 . 8BCA MOV ECX,EDX
00402286 . C1E9 16 SHR ECX,16
00402289 . C1E2 0A SHL EDX,0A
0040228C . 0BCA OR ECX,EDX
0040228E . 8BD0 MOV EDX,EAX
00402290 . 03CB ADD ECX,EBX
00402292 . F7D2 NOT EDX
00402294 . 0BD1 OR EDX,ECX
00402296 . 33D3 XOR EDX,EBX
00402298 . 03D5 ADD EDX,EBP
0040229A . 8B6E 34 MOV EBP,DWORD PTR DS:[ESI+34] ; C1[13]
0040229D . 8DBC17 A72394>LEA EDI,DWORD PTR DS:[EDI+EDX+AB9423A7]
004022A4 . 8BD7 MOV EDX,EDI
004022A6 . C1EA 11 SHR EDX,11
004022A9 . C1E7 0F SHL EDI,0F
004022AC . 0BD7 OR EDX,EDI
004022AE . 8BFB MOV EDI,EBX
004022B0 . 03D1 ADD EDX,ECX
004022B2 . F7D7 NOT EDI
004022B4 . 0BFA OR EDI,EDX
004022B6 . 33F9 XOR EDI,ECX
004022B8 . 03FD ADD EDI,EBP
004022BA . 8B6E 50 MOV EBP,DWORD PTR DS:[ESI+50] ; C1[20]
004022BD . 8D8438 39A093>LEA EAX,DWORD PTR DS:[EAX+EDI+FC93A039]
004022C4 . 8BF8 MOV EDI,EAX
004022C6 . C1E7 15 SHL EDI,15
004022C9 . C1E8 0B SHR EAX,0B
004022CC . 0BF8 OR EDI,EAX
004022CE . 8BC1 MOV EAX,ECX
004022D0 . 03FA ADD EDI,EDX
004022D2 . F7D0 NOT EAX
004022D4 . 0BC7 OR EAX,EDI
004022D6 . 33C2 XOR EAX,EDX
004022D8 . 03C5 ADD EAX,EBP
004022DA . 8B6E 2C MOV EBP,DWORD PTR DS:[ESI+2C] ; C1[11]
004022DD . 8D8403 C3595B>LEA EAX,DWORD PTR DS:[EBX+EAX+655B59C3]
004022E4 . 8BD8 MOV EBX,EAX
004022E6 . C1EB 1A SHR EBX,1A
004022E9 . C1E0 06 SHL EAX,6
004022EC . 0BD8 OR EBX,EAX
004022EE . 8BC2 MOV EAX,EDX
004022F0 . 03DF ADD EBX,EDI
004022F2 . F7D0 NOT EAX
004022F4 . 0BC3 OR EAX,EBX
004022F6 . 33C7 XOR EAX,EDI
004022F8 . 03C5 ADD EAX,EBP
004022FA . 8B6E 48 MOV EBP,DWORD PTR DS:[ESI+48] ; C1[18]
004022FD . 8D8401 92CC0C>LEA EAX,DWORD PTR DS:[ECX+EAX+8F0CCC92]
00402304 . 8BC8 MOV ECX,EAX
00402306 . C1E9 16 SHR ECX,16
00402309 . C1E0 0A SHL EAX,0A
0040230C . 0BC8 OR ECX,EAX
0040230E . 8BC7 MOV EAX,EDI
00402310 . 03CB ADD ECX,EBX
00402312 . F7D0 NOT EAX
00402314 . 0BC1 OR EAX,ECX
00402316 . 33C3 XOR EAX,EBX
00402318 . 03C5 ADD EAX,EBP
0040231A . 8D8402 7DF4EF>LEA EAX,DWORD PTR DS:[EDX+EAX+FFEFF47D]
00402321 . 8BD0 MOV EDX,EAX
00402323 . C1EA 11 SHR EDX,11
00402326 . C1E0 0F SHL EAX,0F
00402329 . 0BD0 OR EDX,EAX
0040232B . 8BC3 MOV EAX,EBX
0040232D . 03D1 ADD EDX,ECX
0040232F . 8B6E 24 MOV EBP,DWORD PTR DS:[ESI+24] ; C1[9]
00402332 . 6A 15 PUSH 15 ; 参数1
00402334 . F7D0 NOT EAX
00402336 . 0BC2 OR EAX,EDX
00402338 . 33C1 XOR EAX,ECX
0040233A . 03C5 ADD EAX,EBP
0040233C . 8B6E 40 MOV EBP,DWORD PTR DS:[ESI+40] ; C1[16]
0040233F . 8DBC07 D15D84>LEA EDI,DWORD PTR DS:[EDI+EAX+85845DD1]
00402346 . 8BC7 MOV EAX,EDI
00402348 . C1E0 15 SHL EAX,15
0040234B . C1EF 0B SHR EDI,0B
0040234E . 0BC7 OR EAX,EDI
00402350 . 8BF9 MOV EDI,ECX
00402352 . 03C2 ADD EAX,EDX
00402354 . F7D7 NOT EDI
00402356 . 0BF8 OR EDI,EAX
00402358 . 894424 14 MOV DWORD PTR SS:[ESP+14],EAX ; 临时变量n4
0040235C . 33FA XOR EDI,EDX
0040235E . 03FD ADD EDI,EBP
00402360 . 8B6E 5C MOV EBP,DWORD PTR DS:[ESI+5C] ; C1[23]
00402363 . 8D9C3B 4F7EA8>LEA EBX,DWORD PTR DS:[EBX+EDI+6FA87E4F]
0040236A . 8BFB MOV EDI,EBX
0040236C . C1EF 1A SHR EDI,1A
0040236F . C1E3 06 SHL EBX,6
00402372 . 0BFB OR EDI,EBX
00402374 . 8BDA MOV EBX,EDX
00402376 . 03F8 ADD EDI,EAX
00402378 . F7D3 NOT EBX
0040237A . 0BDF OR EBX,EDI
0040237C . 897C24 18 MOV DWORD PTR SS:[ESP+18],EDI ; 临时变量n3
00402380 . 33D8 XOR EBX,EAX
00402382 . 03DD ADD EBX,EBP
00402384 . 8B6E 38 MOV EBP,DWORD PTR DS:[ESI+38] ; C1[14]
00402387 . F7D0 NOT EAX
00402389 . 8D8C19 E0E62C>LEA ECX,DWORD PTR DS:[ECX+EBX+FE2CE6E0]
00402390 . 8BD9 MOV EBX,ECX
00402392 . C1EB 16 SHR EBX,16
00402395 . C1E1 0A SHL ECX,0A
00402398 . 0BD9 OR EBX,ECX
0040239A . 03DF ADD EBX,EDI
0040239C . 0BC3 OR EAX,EBX
0040239E . 895C24 20 MOV DWORD PTR SS:[ESP+20],EBX ; 临时变量n1
004023A2 . 33C7 XOR EAX,EDI
004023A4 . 03C5 ADD EAX,EBP
004023A6 . 8D8402 144301>LEA EAX,DWORD PTR DS:[EDX+EAX+A3014314]
004023AD . 8BC8 MOV ECX,EAX
004023AF . C1E9 11 SHR ECX,11
004023B2 . C1E0 0F SHL EAX,0F
004023B5 . 0BC8 OR ECX,EAX
004023B7 . 8B46 54 MOV EAX,DWORD PTR DS:[ESI+54] ; C1[21]
004023BA . 05 A111084E ADD EAX,4E0811A1
004023BF . 03CB ADD ECX,EBX
004023C1 . 50 PUSH EAX ; 参数2
004023C2 . 57 PUSH EDI ; 参数3
004023C3 . 53 PUSH EBX ; 参数4
004023C4 . 894C24 28 MOV DWORD PTR SS:[ESP+28],ECX ; 临时变量n2
004023C8 . 51 PUSH ECX ; 参数5
004023C9 . 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24] ; 取临时变量n4地址
004023CD . 51 PUSH ECX ; 参数6
004023CE . 68 C0244000 PUSH MD5Crack.004024C0
004023D3 . E8 08010000 CALL MD5Crack.004024E0 ; 该Call的作用是通过传递有指针的参数来改变指针变量的值//见下面蓝色代码,对应函数fun2
004024E0 /$ 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14] ; EAX取参数3
004024E4 |. 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10] ; ECX取参数4
004024E8 |. 53 PUSH EBX
004024E9 |. 56 PUSH ESI
004024EA |. 8B7424 14 MOV ESI,DWORD PTR SS:[ESP+14] ; ESI取参数5
004024EE |. 57 PUSH EDI
004024EF |. 50 PUSH EAX ; 参数3入栈(调用Call中的参数1)
004024F0 |. 51 PUSH ECX ; 参数4入栈(调用Call中的参数2)
004024F1 |. 56 PUSH ESI ; 参数5入栈(调用Call中的参数3)
004024F2 |. FF5424 1C CALL DWORD PTR SS:[ESP+1C] ; 计算Call,F7跟进(返回值送EAX) //见下面绿色代码,对应函数fun1
004024C0 . 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+C] ; EAX取参数1
004024C4 . 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4] ; ECX取参数3
004024C8 . F7D0 NOT EAX ; 对EAX求反
004024CA . 0BC1 OR EAX,ECX ; EAX与ECX进行或运算
004024CC . 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8] ; ECX再次取参数2
004024D0 . 33C1 XOR EAX,ECX ; EAX与ECX异或
004024D2 . C3 RET
// 004024F6 |. 8B5424 20 MOV EDX,DWORD PTR SS:[ESP+20] ; EDX取参数6(地址)
004024FA |. 8B7C24 34 MOV EDI,DWORD PTR SS:[ESP+34] ; EDI取参数1
004024FE |. 83C4 0C ADD ESP,0C
00402501 |. 8B0A MOV ECX,DWORD PTR DS:[EDX] ; ECX取得参数6(地址)中值
00402503 |. 03C1 ADD EAX,ECX
00402505 |. 8B4C24 24 MOV ECX,DWORD PTR SS:[ESP+24] ; ECX取参数2
00402509 |. 03C1 ADD EAX,ECX
0040250B |. B9 20000000 MOV ECX,20
00402510 |. 2BCF SUB ECX,EDI
00402512 |. 8BD8 MOV EBX,EAX
00402514 |. D3EB SHR EBX,CL
00402516 |. 8BCF MOV ECX,EDI
00402518 |. 5F POP EDI
00402519 |. D3E0 SHL EAX,CL
0040251B |. 0BD8 OR EBX,EAX
0040251D |. 03DE ADD EBX,ESI
0040251F |. 5E POP ESI
00402520 |. 891A MOV DWORD PTR DS:[EDX],EBX ; 返回值送参数6指针地址指向的内存
00402522 |. 5B POP EBX
00402523 \. C3 RET
//
004023D8 . 8B56 30 MOV EDX,DWORD PTR DS:[ESI+30] ; C1[12]
004023DB . 8B4424 38 MOV EAX,DWORD PTR SS:[ESP+38] ; 取临时变量n1
004023DF . 8B4C24 34 MOV ECX,DWORD PTR SS:[ESP+34] ; 取临时变量n2
004023E3 . 81EA 7E81AC08 SUB EDX,8AC817E
004023E9 . 6A 06 PUSH 6 ; 参数1
004023EB . 52 PUSH EDX ; 参数2
004023EC . 8B5424 34 MOV EDX,DWORD PTR SS:[ESP+34] ; 取临时变量n4
004023F0 . 50 PUSH EAX ; 参数3
004023F1 . 51 PUSH ECX ; 参数4
004023F2 . 8D4424 40 LEA EAX,DWORD PTR SS:[ESP+40] ; 取临时变量n3地址
004023F6 . 52 PUSH EDX ; 参数5
004023F7 . 50 PUSH EAX ; 参数6
004023F8 . 68 C0244000 PUSH MD5Crack.004024C0
004023FD . E8 DE000000 CALL MD5Crack.004024E0 ; qqq
00402402 . 8B4E 4C MOV ECX,DWORD PTR DS:[ESI+4C] ; C1[19]
00402405 . 8B5424 50 MOV EDX,DWORD PTR SS:[ESP+50] ; 取临时变量n2
00402409 . 81E9 CB0DC542 SUB ECX,42C50DCB
0040240F . 6A 0A PUSH 0A ; 参数1
00402411 . 51 PUSH ECX ; 参数2
00402412 . 52 PUSH EDX ; 参数3
00402413 . 8B4424 54 MOV EAX,DWORD PTR SS:[ESP+54] ; 取临时变量n4
00402417 . 8B4C24 58 MOV ECX,DWORD PTR SS:[ESP+58] ; 取临时变量n3
0040241B . 50 PUSH EAX ; 参数4
0040241C . 8D5424 64 LEA EDX,DWORD PTR SS:[ESP+64] ; 取临时变量n1地址
00402420 . 51 PUSH ECX ; 参数5
00402421 . 52 PUSH EDX ; 参数6
00402422 . 68 C0244000 PUSH MD5Crack.004024C0
00402427 . E8 B4000000 CALL MD5Crack.004024E0
0040242C . 8B46 28 MOV EAX,DWORD PTR DS:[ESI+28] ; C1[10]
0040242F . 8B4C24 64 MOV ECX,DWORD PTR SS:[ESP+64] ; 取临时变量n4
00402433 . 8B5424 68 MOV EDX,DWORD PTR SS:[ESP+68] ; 取临时变量n3
00402437 . 83C4 54 ADD ESP,54
0040243A . 05 BBD2D72A ADD EAX,2AD7D2BB
0040243F . 6A 0F PUSH 0F ; 参数1
00402441 . 50 PUSH EAX ; 参数2
00402442 . 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24] ; 取临时变量n1
00402446 . 51 PUSH ECX ; 参数3
00402447 . 52 PUSH EDX ; 参数4
00402448 . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28] ; 取临时变量n2地址
0040244C . 50 PUSH EAX ; 参数5
0040244D . 51 PUSH ECX ; 参数6
0040244E . 68 C0244000 PUSH MD5Crack.004024C0
00402453 . E8 88000000 CALL MD5Crack.004024E0
00402458 . 8B56 44 MOV EDX,DWORD PTR DS:[ESI+44] ; C1[17]
0040245B . 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+30] ; 取临时变量n3
0040245F . 8B4C24 38 MOV ECX,DWORD PTR SS:[ESP+38] ; 取临时变量n1
00402463 . 81EA 6F2C7914 SUB EDX,14792C6F
00402469 . 6A 15 PUSH 15 ; 参数1
0040246B . 52 PUSH EDX ; 参数2
0040246C . 8B5424 3C MOV EDX,DWORD PTR SS:[ESP+3C] ; 取临时变量n2
00402470 . 50 PUSH EAX ; 参数3
00402471 . 51 PUSH ECX ; 参数4
00402472 . 8D4424 3C LEA EAX,DWORD PTR SS:[ESP+3C] ; 取临时变量n4地址
00402476 . 52 PUSH EDX ; 参数5
00402477 . 50 PUSH EAX ; 参数6
00402478 . 68 C0244000 PUSH MD5Crack.004024C0
0040247D . E8 5E000000 CALL MD5Crack.004024E0
00402482 . 8B4C24 4C MOV ECX,DWORD PTR SS:[ESP+4C] ; 取临时变量n3
00402486 . 8B5E 08 MOV EBX,DWORD PTR DS:[ESI+8] ; 取数组c[2]值
00402489 . 8B4424 50 MOV EAX,DWORD PTR SS:[ESP+50] ; 取临时变量n2
0040248D . 8B5424 48 MOV EDX,DWORD PTR SS:[ESP+48] ; 取临时变量n4
00402491 . 8B7E 0C MOV EDI,DWORD PTR DS:[ESI+C] ; 取数组c1[3]值
00402494 . 03D9 ADD EBX,ECX ; b=b+c
00402496 . 8B4E 10 MOV ECX,DWORD PTR DS:[ESI+10] ; 取数组c1[4]值
00402499 . 83C4 38 ADD ESP,38
0040249C . 03C8 ADD ECX,EAX ; c=c+a
0040249E . 8B46 14 MOV EAX,DWORD PTR DS:[ESI+14] ; 取数组c1[5]值
004024A1 . 894E 10 MOV DWORD PTR DS:[ESI+10],ECX ; 向数组c1[4]写入数据
004024A4 . 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+1C] ; 取临时变量n1
004024A8 . 03FA ADD EDI,EDX ; di=di+d
004024AA . 03C1 ADD EAX,ECX ; a=a+c
004024AC . 897E 0C MOV DWORD PTR DS:[ESI+C],EDI ; 向数组c1[3]写入数据
004024AF . 895E 08 MOV DWORD PTR DS:[ESI+8],EBX ; 向数组c1[2]写入数据
004024B2 . 8946 14 MOV DWORD PTR DS:[ESI+14],EAX ; 向数组c1[5]写入数据
004024B5 . 5F POP EDI
004024B6 . 5E POP ESI
004024B7 . 5D POP EBP
004024B8 . 5B POP EBX
004024B9 . 83C4 10 ADD ESP,10
004024BC . C3 RET
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)