求助,最近在分析一个软件的时候,遇到点麻烦,
算法是从1循环到12,计算出12位注册码,
可我计算出来的前11位完全正确,第十二位却不正常,特求助各位大侠支招,不知道我哪里弄错了,
软件的算法分析如下:
004058AB 53 push ebx
004058AC 56 push esi
004058AD 57 push edi ; ntdll.7C930208
004058AE 894D F4 mov dword ptr ss:[ebp-C],ecx
004058B1 8955 F8 mov dword ptr ss:[ebp-8],edx ; ntdll.KiFastSystemCallRet
004058B4 8945 FC mov dword ptr ss:[ebp-4],eax
004058B7 8B45 FC mov eax,dword ptr ss:[ebp-4]
004058BA E8 D9B8FFFF call 00401198 ; <jmp.&rtl60.System::LStrAddRef>
004058BF 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; kernel32.7C817070
004058C2 E8 D1B8FFFF call 00401198 ; <jmp.&rtl60.System::LStrAddRef>
004058C7 8B45 F4 mov eax,dword ptr ss:[ebp-C] ; kernel32.7C839AC0
004058CA E8 C9B8FFFF call 00401198 ; <jmp.&rtl60.System::LStrAddRef>
004058CF 8B45 0C mov eax,dword ptr ss:[ebp+C]
004058D2 E8 C1B8FFFF call 00401198 ; <jmp.&rtl60.System::LStrAddRef>
004058D7 33C0 xor eax,eax
004058D9 55 push ebp
004058DA 68 F95B4000 push 405BF9
004058DF 64:FF30 push dword ptr fs:[eax]
004058E2 64:8920 mov dword ptr fs:[eax],esp
004058E5 8D45 F0 lea eax,dword ptr ss:[ebp-10]
004058E8 E8 4BB8FFFF call 00401138 ; <jmp.&rtl60.System::LStrClr>
004058ED 33F6 xor esi,esi
004058EF BB 01000000 mov ebx,1
004058F4 8B45 FC mov eax,dword ptr ss:[ebp-4]
004058F7 807C18 FF 2D cmp byte ptr ds:[eax+ebx-1],2D
004058FC 74 1A je short 00405918 ; kqdump_.00405918
004058FE 8D45 EC lea eax,dword ptr ss:[ebp-14]
00405901 8B55 FC mov edx,dword ptr ss:[ebp-4]
00405904 8A541A FF mov dl,byte ptr ds:[edx+ebx-1]
00405908 E8 4BB8FFFF call 00401158 ; <jmp.&rtl60.System::LStrFromChar>
0040590D 8B55 EC mov edx,dword ptr ss:[ebp-14]
00405910 8D45 F0 lea eax,dword ptr ss:[ebp-10]
00405913 E8 60B8FFFF call 00401178 ; <jmp.&rtl60.System::LStrCat>
00405918 43 inc ebx
00405919 83FB 10 cmp ebx,10
0040591C ^ 75 D6 jnz short 004058F4 ; kqdump_.004058F4
0040591E 8D45 FC lea eax,dword ptr ss:[ebp-4]
00405921 8B55 F0 mov edx,dword ptr ss:[ebp-10]
00405924 E8 27B8FFFF call 00401150 ; <jmp.&rtl60.System::LStrLAsg>
00405929 8D45 F0 lea eax,dword ptr ss:[ebp-10]
0040592C E8 07B8FFFF call 00401138 ; <jmp.&rtl60.System::LStrClr>
00405931 837D F4 00 cmp dword ptr ss:[ebp-C],0
00405935 75 0D jnz short 00405944 ; kqdump_.00405944
00405937 8D45 F4 lea eax,dword ptr ss:[ebp-C]
0040593A BA 145C4000 mov edx,405C14 ; F
0040593F E8 0CB8FFFF call 00401150 ; <jmp.&rtl60.System::LStrLAsg>
00405944 FF75 F4 push dword ptr ss:[ebp-C] ; kernel32.7C839AC0
00405947 FF75 0C push dword ptr ss:[ebp+C]
0040594A FF75 F8 push dword ptr ss:[ebp-8] ; kernel32.7C817070
0040594D FF75 F4 push dword ptr ss:[ebp-C] ; kernel32.7C839AC0
00405950 FF75 0C push dword ptr ss:[ebp+C]
00405953 68 205C4000 push 405C20 ; 厦门市
00405958 FF75 0C push dword ptr ss:[ebp+C]
0040595B FF75 F4 push dword ptr ss:[ebp-C] ; kernel32.7C839AC0
0040595E FF75 F8 push dword ptr ss:[ebp-8] ; kernel32.7C817070
00405961 FF75 0C push dword ptr ss:[ebp+C]
00405964 FF75 F4 push dword ptr ss:[ebp-C] ; kernel32.7C839AC0
00405967 8D45 F8 lea eax,dword ptr ss:[ebp-8]
0040596A BA 0B000000 mov edx,0B ; //长度
0040596F E8 14B8FFFF call 00401188 ; <jmp.&rtl60.System::LStrCatN>
00405974 BB 01000000 mov ebx,1 ; //EBX=1
00405979 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; //连接后的字符串地址送给EAX
0040597C E8 EFB7FFFF call 00401170 ; <jmp.&rtl60.System::LStrLen>
00405981 2BC3 sub eax,ebx ; //长度-EBX
00405983 8B55 F8 mov edx,dword ptr ss:[ebp-8] ; //连接后的字符串地址送给EAX
00405986 0FB67C02 FC movzx edi,byte ptr ds:[edx+eax-4] ; //取LEN-EBX-4位ASCII值送给EDI
0040598B 8B45 F4 mov eax,dword ptr ss:[ebp-C] ; //注册类型地址送给EAX
0040598E 0FB600 movzx eax,byte ptr ds:[eax] ; //取注册类型ASCII值
00405991 03F0 add esi,eax
00405993 46 inc esi ; //ASCII[注册类型]+ESI+1
00405994 03FE add edi,esi ; //EDI = STR_ASCII[0](注册类型)+ESI+1+STR_ASCII[ LEN-EBX-4 ]
00405996 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; kernel32.7C817070
00405999 E8 D2B7FFFF call 00401170 ; <jmp.&rtl60.System::LStrLen>
0040599E 2BC3 sub eax,ebx
004059A0 8B55 F8 mov edx,dword ptr ss:[ebp-8] ; kernel32.7C817070
004059A3 0FB64402 FD movzx eax,byte ptr ds:[edx+eax-3]
004059A8 03F8 add edi,eax ; // EDI += STR_ASCII[ LEN-EBX-3]
004059AA 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; kernel32.7C817070
004059AD E8 BEB7FFFF call 00401170 ; <jmp.&rtl60.System::LStrLen>
004059B2 2BC3 sub eax,ebx
004059B4 8B55 F8 mov edx,dword ptr ss:[ebp-8] ; kernel32.7C817070
004059B7 0FB64402 FE movzx eax,byte ptr ds:[edx+eax-2]
004059BC 03F8 add edi,eax ; // EDI += STR_ ASCII[ LEN-EBX-2]
004059BE 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; kernel32.7C817070
004059C1 E8 AAB7FFFF call 00401170 ; <jmp.&rtl60.System::LStrLen>
004059C6 2BC3 sub eax,ebx
004059C8 8B55 F8 mov edx,dword ptr ss:[ebp-8] ; kernel32.7C817070
004059CB 0FB64402 FF movzx eax,byte ptr ds:[edx+eax-1]
004059D0 03F8 add edi,eax ; // EDI += STR_ ASCII[ LEN-EBX-1]
004059D2 8D45 E8 lea eax,dword ptr ss:[ebp-18]
004059D5 50 push eax
004059D6 8BC3 mov eax,ebx
004059D8 B9 07000000 mov ecx,7
004059DD 99 cdq
004059DE F7F9 idiv ecx
004059E0 8BCA mov ecx,edx ; ntdll.KiFastSystemCallRet
004059E2 41 inc ecx
004059E3 BA 01000000 mov edx,1
004059E8 8B45 FC mov eax,dword ptr ss:[ebp-4] ; //机器码送EAX
004059EB E8 C0B7FFFF call 004011B0 ; <jmp.&rtl60.System::LStrCopy>
004059F0 8B45 E8 mov eax,dword ptr ss:[ebp-18]
004059F3 E8 10BDFFFF call 00401708 ; <jmp.&rtl60.Sysutils::StrToInt>
004059F8 0FAFF8 imul edi,eax ; //EDI = EDI * atoi( jqm.left ( (ebx%7)+1 ) )
004059FB 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; kernel32.7C817070
004059FE E8 6DB7FFFF call 00401170 ; <jmp.&rtl60.System::LStrLen>
00405A03 2BC3 sub eax,ebx
00405A05 8B55 F8 mov edx,dword ptr ss:[ebp-8] ; kernel32.7C817070
00405A08 0FB64402 FF movzx eax,byte ptr ds:[edx+eax-1]
00405A0D BA 0D000000 mov edx,0D
00405A12 2BD3 sub edx,ebx
00405A14 8B4D FC mov ecx,dword ptr ss:[ebp-4] ; //机器码地址送给ECX
00405A17 0FB65411 FF movzx edx,byte ptr ds:[ecx+edx-1]
00405A1C 03C2 add eax,edx ; // EAX = STR_ASCII [ LEN - EBX -1] + JQM_ASCII [12-EBX]
00405A1E 8B55 F8 mov edx,dword ptr ss:[ebp-8] ; kernel32.7C817070
00405A21 0FB6541A FF movzx edx,byte ptr ds:[edx+ebx-1]
00405A26 8B4D F8 mov ecx,dword ptr ss:[ebp-8] ; kernel32.7C817070
00405A29 0FB64C19 0B movzx ecx,byte ptr ds:[ecx+ebx+B]
00405A2E 03D1 add edx,ecx ; //EDX = STR_ASCII [ EBX-1] + STR_ASCII [EBX+11]
00405A30 F7EA imul edx ; //EAX = EAX * EDX
00405A32 03F8 add edi,eax ; //EDI = EDI + EAX
00405A34 8BF7 mov esi,edi ; // ESI = EDI
00405A36 8B45 0C mov eax,dword ptr ss:[ebp+C] ; // "0804","0805","0806"// 一共有4组注册码
00405A39 E8 32B7FFFF call 00401170 ; <jmp.&rtl60.System::LStrLen>
00405A3E 83F8 04 cmp eax,4 ; //与4比较
00405A41 7C 3F jl short 00405A82 ; //小于则跳//下面这一段不参于第一组注册码运算
00405A43 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
00405A46 8B55 0C mov edx,dword ptr ss:[ebp+C] ; // ”0804“或”0805“ 或”0806“ 地址送给EDX
00405A49 8A52 03 mov dl,byte ptr ds:[edx+3] ; // dl = str1_ ascii[3]
00405A4C E8 07B7FFFF call 00401158 ; <jmp.&rtl60.System::LStrFromChar>
00405A51 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
00405A54 E8 AFBCFFFF call 00401708 ; //转换为整数值
00405A59 F7EB imul ebx ; ebx = ebx * (char) (str1_ascii[3])
00405A5B 8B55 0C mov edx,dword ptr ss:[ebp+C]
00405A5E 0FB652 01 movzx edx,byte ptr ds:[edx+1] ; //edx = str1_ascii[1]
00405A62 8B4D F4 mov ecx,dword ptr ss:[ebp-C] ; kernel32.7C839AC0
00405A65 0FB609 movzx ecx,byte ptr ds:[ecx] ; // ecx = str_ascii[0]
00405A68 0FAFD1 imul edx,ecx ; //edx = edx * ecx = str1_ascii[1]* str_ascii[0]
00405A6B 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
00405A6E 0FB609 movzx ecx,byte ptr ds:[ecx] ; // ecx = str_ascii[0]
00405A71 03F1 add esi,ecx ; //esi += str_ascii[0]
00405A73 03D6 add edx,esi ; edx += esi
00405A75 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
00405A78 0FB649 02 movzx ecx,byte ptr ds:[ecx+2] ; // ecx = str_ascii[2]
00405A7C 03D1 add edx,ecx ; //edx += str_ascii[2]
00405A7E 03C2 add eax,edx ; //eax += edx
00405A80 8BF0 mov esi,eax ; //esi = eax
00405A82 8D45 E0 lea eax,dword ptr ss:[ebp-20] ; //上面这一段不参于第一组注册码运算
00405A85 50 push eax
00405A86 B9 04000000 mov ecx,4
00405A8B BA 01000000 mov edx,1
00405A90 8B45 FC mov eax,dword ptr ss:[ebp-4] ; //取机器码前4位转换成十进制数
00405A93 E8 18B7FFFF call 004011B0 ; <jmp.&rtl60.System::LStrCopy>
00405A98 8B45 E0 mov eax,dword ptr ss:[ebp-20]
00405A9B E8 68BCFFFF call 00401708 ; <jmp.&rtl60.Sysutils::StrToInt>
00405AA0 8BF8 mov edi,eax ; // EDI = atoi ( jqm.left(4))
00405AA2 8B45 FC mov eax,dword ptr ss:[ebp-4]
00405AA5 E8 C6B6FFFF call 00401170 ; <jmp.&rtl60.System::LStrLen>
00405AAA 50 push eax
00405AAB 8BC3 mov eax,ebx
00405AAD 5A pop edx ; kernel32.7C817067
00405AAE 8BCA mov ecx,edx ; ntdll.KiFastSystemCallRet
00405AB0 99 cdq
00405AB1 F7F9 idiv ecx ; // ebx % len1
00405AB3 8B45 FC mov eax,dword ptr ss:[ebp-4]
00405AB6 0FB64410 FF movzx eax,byte ptr ds:[eax+edx-1]
00405ABB 8BD6 mov edx,esi
00405ABD 0FAFD3 imul edx,ebx
00405AC0 03C2 add eax,edx ; ntdll.KiFastSystemCallRet
00405AC2 8B55 F8 mov edx,dword ptr ss:[ebp-8] ; kernel32.7C817070
00405AC5 0FB6541A FF movzx edx,byte ptr ds:[edx+ebx-1]
00405ACA F7EA imul edx ; //EAX = (ESI * EBX + JQM_ASCII[EBX%LEN1-1]) * STR_ASCII[EBX-1]
00405ACC 0FAFF8 imul edi,eax ; //这里取有符号低位值 EDI = EAX * EDI = (ESI * EBX + JQM_ASCII[EBX%LEN1-1]) * STR_ASCII[EBX-1] * atoi ( jqm.left(4))
00405ACF 03F7 add esi,edi ; //ESI = ESI + EDI
00405AD1 8D45 DC lea eax,dword ptr ss:[ebp-24]
00405AD4 50 push eax
00405AD5 8BC3 mov eax,ebx
00405AD7 B9 07000000 mov ecx,7
00405ADC 99 cdq
00405ADD F7F9 idiv ecx ; // EBX % 7
00405ADF 8BCA mov ecx,edx ; ntdll.KiFastSystemCallRet
00405AE1 41 inc ecx ; // EBX % 7 +1
00405AE2 BA 01000000 mov edx,1
00405AE7 8B45 FC mov eax,dword ptr ss:[ebp-4]
00405AEA E8 C1B6FFFF call 004011B0 ; <jmp.&rtl60.System::LStrCopy>
00405AEF 8B45 DC mov eax,dword ptr ss:[ebp-24]
00405AF2 E8 11BCFFFF call 00401708 ; // atoi ( jqm.left( ebx%7 +1 ) )
00405AF7 03F0 add esi,eax ; //esi = esi + atoi(jqm.left(ebx%7 +1))
00405AF9 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; kernel32.7C817070
00405AFC 0FB60418 movzx eax,byte ptr ds:[eax+ebx]
00405B00 03F0 add esi,eax ; //esi += str_ascii[ebx]
00405B02 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; kernel32.7C817070
00405B05 0FB64418 01 movzx eax,byte ptr ds:[eax+ebx+1]
00405B0A 03F0 add esi,eax ; //esi += str_ascii[ebx+1]
00405B0C 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; kernel32.7C817070
00405B0F 0FB64418 02 movzx eax,byte ptr ds:[eax+ebx+2]
00405B14 03F0 add esi,eax ; //esi += str_ascii[ebx+2]
00405B16 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; kernel32.7C817070
00405B19 0FB64418 03 movzx eax,byte ptr ds:[eax+ebx+3]
00405B1E 03F0 add esi,eax ; //esi += str_ascii[ebx+3]
00405B20 8D45 D8 lea eax,dword ptr ss:[ebp-28]
00405B23 50 push eax
00405B24 B9 0A000000 mov ecx,0A
00405B29 BA 05000000 mov edx,5
00405B2E 8B45 FC mov eax,dword ptr ss:[ebp-4]
00405B31 E8 7AB6FFFF call 004011B0 ; <jmp.&rtl60.System::LStrCopy>
00405B36 8B45 D8 mov eax,dword ptr ss:[ebp-28] ; ntdll.7C930208
00405B39 E8 CABBFFFF call 00401708 ; <jmp.&rtl60.Sysutils::StrToInt>
00405B3E 8BF8 mov edi,eax ; //edi = atoi( jqm.mid(4,10))
00405B40 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; kernel32.7C817070
00405B43 0FB64418 0B movzx eax,byte ptr ds:[eax+ebx+B]
00405B48 0FAFF8 imul edi,eax ; // edi = atoi( jqm.mid(4,10)) * str_ascii[ebx +b]
00405B4B 8B45 FC mov eax,dword ptr ss:[ebp-4]
00405B4E E8 1DB6FFFF call 00401170 ; <jmp.&rtl60.System::LStrLen>
00405B53 50 push eax
00405B54 8BC3 mov eax,ebx
00405B56 5A pop edx ; kernel32.7C817067
00405B57 8BCA mov ecx,edx ; ntdll.KiFastSystemCallRet
00405B59 99 cdq
00405B5A F7F9 idiv ecx
00405B5C 52 push edx ; ntdll.KiFastSystemCallRet
00405B5D 8B45 FC mov eax,dword ptr ss:[ebp-4]
00405B60 E8 0BB6FFFF call 00401170 ; <jmp.&rtl60.System::LStrLen>
00405B65 5A pop edx ; // ebx%len1
00405B66 2BC2 sub eax,edx ; // len1 - ebx%len
00405B68 8B55 FC mov edx,dword ptr ss:[ebp-4]
00405B6B 0FB64402 FF movzx eax,byte ptr ds:[edx+eax-1] ; //jqm_ascii[ len - ebx%len -1]
00405B70 0FAFF8 imul edi,eax ; // edi = atoi( jqm.mid(4,10)) * str_ascii[ebx +b] * jqm_ascii[ len - ebx%len -1]
00405B73 03F7 add esi,edi ; // esi += edi
00405B75 8BC6 mov eax,esi
00405B77 99 cdq
00405B78 33C2 xor eax,edx ; ntdll.KiFastSystemCallRet
00405B7A 2BC2 sub eax,edx ; //这两行取绝对值
00405B7C B9 0A000000 mov ecx,0A
00405B81 99 cdq
00405B82 F7F9 idiv ecx
00405B84 8BF2 mov esi,edx ; // esi = abs(esi) %10
00405B86 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
00405B89 8BD6 mov edx,esi
00405B8B 80C2 30 add dl,30 ; //+48,将ASCII值转换为数字
00405B8E E8 C5B5FFFF call 00401158 ; <jmp.&rtl60.System::LStrFromChar>
00405B93 8B55 D4 mov edx,dword ptr ss:[ebp-2C] ; kernel32.7C817067
00405B96 8D45 F0 lea eax,dword ptr ss:[ebp-10]
00405B99 E8 DAB5FFFF call 00401178 ; <jmp.&rtl60.System::LStrCat>
00405B9E 83FB 0C cmp ebx,0C
00405BA1 7D 1B jge short 00405BBE ; kqdump_.00405BBE
00405BA3 8BC3 mov eax,ebx
00405BA5 B9 03000000 mov ecx,3
00405BAA 99 cdq
00405BAB F7F9 idiv ecx
00405BAD 85D2 test edx,edx ; ntdll.KiFastSystemCallRet
00405BAF 75 0D jnz short 00405BBE ; kqdump_.00405BBE
00405BB1 8D45 F0 lea eax,dword ptr ss:[ebp-10]
00405BB4 BA 305C4000 mov edx,405C30 ; -
00405BB9 E8 BAB5FFFF call 00401178 ; <jmp.&rtl60.System::LStrCat>
00405BBE 43 inc ebx
00405BBF 83FB 0D cmp ebx,0D
00405BC2 ^ 0F85 B1FDFFFF jnz 00405979 ; kqdump_.00405979
00405BC8 8B45 08 mov eax,dword ptr ss:[ebp+8] ; kqdump_.<模块入口点>
00405BCB 8B4D F0 mov ecx,dword ptr ss:[ebp-10]
00405BCE 8B55 F4 mov edx,dword ptr ss:[ebp-C] ; kernel32.7C839AC0
00405BD1 E8 AAB5FFFF call 00401180 ; <jmp.&rtl60.System::LStrCat3>
00405BD6 33C0 xor eax,eax
00405BD8 5A pop edx ; kernel32.7C817067
00405BD9 59 pop ecx ; kernel32.7C817067
00405BDA 59 pop ecx ; kernel32.7C817067
00405BDB 64:8910 mov dword ptr fs:[eax],edx ; ntdll.KiFastSystemCallRet
00405BDE 68 005C4000 push 405C00
00405BE3 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
00405BE6 BA 0B000000 mov edx,0B
00405BEB E8 50B5FFFF call 00401140 ; <jmp.&rtl60.System::LStrArrayClr>
00405BF0 8D45 0C lea eax,dword ptr ss:[ebp+C]
00405BF3 E8 40B5FFFF call 00401138 ; <jmp.&rtl60.System::LStrClr>
00405BF8 C3 retn
00405BF9 ^ E9 12B5FFFF jmp 00401110 ; <jmp.&rtl60.System::HandleFinally>
00405BFE ^ EB E3 jmp short 00405BE3 ; kqdump_.00405BE3
00405C00 5F pop edi ; kernel32.7C817067
00405C01 5E pop esi ; kernel32.7C817067
00405C02 5B pop ebx ; kernel32.7C817067
00405C03 8BE5 mov esp,ebp
00405C05 5D pop ebp ; kernel32.7C817067
00405C06 C2 0800 retn 8
我的机机源码如下:
void C人力资源系统注册机V20Dlg::OnBnClickedOk()
{
CString _yhm;//定义公司名
CString _jqm;//定义机器码
CString _zcm1,_zcm2;//定义注册类型及注册码
GetDlgItemText(IDC_EDIT1,_yhm);//取公司名
GetDlgItemText(IDC_EDIT2,_jqm);//取机器码
GetDlgItemText(IDC_EDIT3,_zcm1);//取注册类型
if (_yhm.GetLength()<1)//较验用户名是否输入
{
MessageBox("请输入用户名(公司名)!");
return;
}
if (_jqm.GetLength()<1)//较验机器码是否输入
{
MessageBox("请输入机器码!");
return;
}
if (_zcm1.GetLength() != 1)//注册版本类型有效性较验
{
MessageBox("请正确输入1位注册版本类型!");
return;
}
if (!(_zcm1 == "B" || _zcm1 == "F" || _zcm1 == "H" || _zcm1 == "P" || _zcm1 == "N" || _zcm1 == "S" || _zcm1 == "J"))
{
MessageBox("您输入的版本类型不是有效版本!");
return;
}
CString _str = _zcm1 + _yhm + _zcm1 + "厦门市" + _zcm1 + _yhm + _zcm1;//连接字符串
int _str_len = _str.GetLength();//定义并取字符串长度
unsigned int _str_ascii[100]={0};//定义ASCII值数组,准备取ASCII值
for (int i = 0;i < _str_len;i++)//循环取ASCII值(中英文都有)
{
_str_ascii[i] = _str.GetAt(i);
_str_ascii[i] = LOBYTE(_str_ascii[i]);
}
_jqm.Remove('-');//清除机器码中的-号
int _jqm_len = _jqm.GetLength();//定义并取机器码长度值
unsigned int _jqm_ascii[20] = {0};//定义机器码ASCII值数组
for ( int i = 0 ; i < _jqm_len ; i++ )//循环取机器码的ASCII值
{
_jqm_ascii[i] = (int)_jqm[i];
}
CString _str_tmp;
DWORD _esi = 0;
DWORD _edi = 0;//定义寄存器
for (int i = 1;i < 13;i++)
{
_edi = _str_ascii[0] + _esi + 1 + _str_ascii[ _str_len-i-4 ];//_str_ascii[0],就是注册类型的ASCII码
_edi += _str_ascii[ _str_len-i-3];
_edi += _str_ascii[ _str_len-i-2];
_edi += _str_ascii[ _str_len-i-1];
_edi = _edi * atoi( _jqm.Left( (i%7) + 1 ) ) ;
_edi = _edi + (_str_ascii [ _str_len - i -1] + _jqm_ascii [12-i])*(_str_ascii [ i-1] + _str_ascii [i+11]);
_esi = _edi;
//下面这行错了,
//_edi = (_esi * i + _jqm_ascii[i%_jqm_len-1]) * (_str_ascii[i-1]);
//改成
if(_esi != 12)
_edi = (_esi * i + _jqm_ascii[i%_jqm_len-1]) * (_str_ascii[i-1]);
else
_edi = (_esi * i )* (_str_ascii[i-1]);
_edi = _edi * atoi( _jqm.Left(4));
_esi = _esi + _edi;
_esi = _esi + atoi(_jqm.Left(i%7 +1));
_esi += _str_ascii[i];
_esi += _str_ascii[i+1];
_esi += _str_ascii[i+2];
_esi += _str_ascii[i+3];
_edi = atoi( _jqm.Mid(4,10)) * _str_ascii[i + 11] * _jqm_ascii[ _jqm_len - i%_jqm_len -1];
_esi = labs(_esi + _edi);
_esi = _esi % 10;
_zcm2 += (char)(_esi + 48);
}
_zcm2 = _zcm2.Mid(0,3) + "-" + _zcm2.Mid(3,3) + "-" + _zcm2.Mid(6,3) + "-" +_zcm2.Mid(9);
SetDlgItemText(IDC_EDIT4,_zcm2);
}
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
