[讨论]关于算法,请你分析-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [讨论]关于算法,请你分析 0.00雪花

发表于: 2008-9-5 10:42 2395

[旧帖] [讨论]关于算法,请你分析 0.00雪花

csoop

活跃值

2008-9-5 10:42

2395

这过程应该是关于算法的，我汇编不好，请高手帮忙分析

0046EC64  /$  55          push ebp
0046EC65  |.  8BEC       mov    ebp, esp
0046EC67  |.  83C4 C8    add    esp, -38
0046EC6A  |.  8945 FC    mov    dword ptr [ebp-4], eax
0046EC6D  |.  8B45 FC    mov    eax, dword ptr [ebp-4]
0046EC70  |.  E8 A75AF9FF call 0040471C
0046EC75  |.  33C0       xor    eax, eax
0046EC77  |.  55          push ebp
0046EC78  |.  68 C9ED4600 push 0046EDC9
0046EC7D  |.  64:FF30    push dword ptr fs:[eax]
0046EC80  |.  64:8920    mov    dword ptr fs:[eax], esp
0046EC83  |.  33C0       xor    eax, eax
0046EC85  |.  8945 F8    mov    dword ptr [ebp-8], eax
0046EC88  |.  8B45 FC    mov    eax, dword ptr [ebp-4]
0046EC8B  |.  E8 A458F9FF call 00404534
0046EC90  |.  83F8 10    cmp    eax, 10          -------------------------------------这里是检证注册码是否是16位
0046EC93    0F8C 1A010000 jl    0046EDB3
0046EC99  |.  8B45 FC    mov    eax, dword ptr [ebp-4]
0046EC9C  |.  E8 9358F9FF call 00404534
0046ECA1  |.  83F8 10    cmp    eax, 10       -------------------------------------这里是检证注册码是否是16位
0046ECA4  |.  0F8F 09010000 jg    0046EDB3
0046ECAA  |.  8B45 FC    mov    eax, dword ptr [ebp-4]
0046ECAD  |.  BA E0ED4600 mov    edx, 0046EDE0                   ;  1163659294813585
0046ECB2  |.  E8 C159F9FF call 00404678
0046ECB7  |.  0F84 F6000000 je    0046EDB3
0046ECBD  |.  8B45 FC    mov    eax, dword ptr [ebp-4]
0046ECC0  |.  BA FCED4600 mov    edx, 0046EDFC                   ;  0386848021608060
0046ECC5  |.  E8 AE59F9FF call 00404678
0046ECCA  |.  0F84 E3000000 je    0046EDB3
0046ECD0  |.  8B45 FC    mov    eax, dword ptr [ebp-4]
0046ECD3  |.  BA 18EE4600 mov    edx, 0046EE18                   ;  8319e4005f00pyg0
0046ECD8  |.  E8 9B59F9FF call 00404678
0046ECDD  |.  0F84 D0000000 je    0046EDB3
0046ECE3  |.  8B45 FC    mov    eax, dword ptr [ebp-4]
0046ECE6  |.  BA 34EE4600 mov    edx, 0046EE34                   ;  0566838690673180
0046ECEB  |.  E8 8859F9FF call 00404678
0046ECF0  |.  0F84 BD000000 je    0046EDB3
0046ECF6  |.  8B45 FC    mov    eax, dword ptr [ebp-4]
0046ECF9  |.  BA 50EE4600 mov    edx, 0046EE50                   ;  0386748036909760
0046ECFE  |.  E8 7559F9FF call 00404678
0046ED03  |.  0F84 AA000000 je    0046EDB3
0046ED09  |.  8B45 FC    mov    eax, dword ptr [ebp-4]
0046ED0C  |.  BA 6CEE4600 mov    edx, 0046EE6C                   ;  sflsky7dgh1a5i18
0046ED11  |.  E8 6259F9FF call 00404678
0046ED16  |.  0F84 97000000 je    0046EDB3
0046ED1C  |.  33C0       xor    eax, eax
0046ED1E  |.  8945 DC    mov    dword ptr [ebp-24], eax
0046ED21  |>  8B45 FC    /mov    eax, dword ptr [ebp-4]
0046ED24  |.  8B55 DC    |mov    edx, dword ptr [ebp-24]
0046ED27  |.  8A0410       |mov    al, byte ptr [eax+edx]
0046ED2A  |.  E8 EDFEFFFF |call 0046EC1C
0046ED2F  |.  8B55 DC    |mov    edx, dword ptr [ebp-24]
0046ED32  |.  884415 CB    |mov    byte ptr [ebp+edx-35], al
0046ED36  |.  FF45 DC    |inc    dword ptr [ebp-24]
0046ED39  |.  837D DC 10 |cmp    dword ptr [ebp-24], 10
0046ED3D  |.^ 75 E2       \jnz    short 0046ED21
0046ED3F  |.  33C0       xor    eax, eax
0046ED41  |.  8945 E0    mov    dword ptr [ebp-20], eax
0046ED44  |>  8B45 E0    /mov    eax, dword ptr [ebp-20]
0046ED47  |.  03C0       |add    eax, eax
0046ED49  |.  8A4405 CC    |mov    al, byte ptr [ebp+eax-34]
0046ED4D  |.  C1E0 04    |shl    eax, 4
0046ED50  |.  8B55 E0    |mov    edx, dword ptr [ebp-20]
0046ED53  |.  03D2       |add    edx, edx
0046ED55  |.  024415 CB    |add    al, byte ptr [ebp+edx-35]
0046ED59  |.  8B55 E0    |mov    edx, dword ptr [ebp-20]
0046ED5C  |.  884415 EF    |mov    byte ptr [ebp+edx-11], al
0046ED60  |.  FF45 E0    |inc    dword ptr [ebp-20]
0046ED63  |.  837D E0 09 |cmp    dword ptr [ebp-20], 9
0046ED67  |.^ 75 DB       \jnz    short 0046ED44
0046ED69  |.  8A45 F2    mov    al, byte ptr [ebp-E]
0046ED6C  |.  3245 EF    xor    al, byte ptr [ebp-11]
0046ED6F  |.  8845 E6    mov    byte ptr [ebp-1A], al
0046ED72  |.  8A45 F0    mov    al, byte ptr [ebp-10]
0046ED75  |.  3245 F6    xor    al, byte ptr [ebp-A]
0046ED78  |.  8845 E7    mov    byte ptr [ebp-19], al
0046ED7B  |.  8A45 F1    mov    al, byte ptr [ebp-F]
0046ED7E  |.  3245 F4    xor    al, byte ptr [ebp-C]
0046ED81  |.  8845 E8    mov    byte ptr [ebp-18], al
0046ED84  |.  8A45 F5    mov    al, byte ptr [ebp-B]
0046ED87  |.  3245 F3    xor    al, byte ptr [ebp-D]
0046ED8A  |.  8845 E9    mov    byte ptr [ebp-17], al
0046ED8D  |.  807D E6 38 cmp    byte ptr [ebp-1A], 38
0046ED91  |.  75 1B       jnz    short 0046EDAE
0046ED93  |.  807D E7 6E cmp    byte ptr [ebp-19], 6E
0046ED97  |.  75 15       jnz    short 0046EDAE
0046ED99  |.  807D E8 4E cmp    byte ptr [ebp-18], 4E
0046ED9D  |.  75 0F       jnz    short 0046EDAE
0046ED9F  |.  807D E9 1A cmp    byte ptr [ebp-17], 1A
0046EDA3  |.  75 09       jnz    short 0046EDAE
0046EDA5  |.  C745 F8 FFFFF>mov    dword ptr [ebp-8], -1
0046EDAC  |.  EB 05       jmp    short 0046EDB3
0046EDAE  |>  33C0       xor    eax, eax
0046EDB0  |.  8945 F8    mov    dword ptr [ebp-8], eax
0046EDB3  |>  33C0       xor    eax, eax
0046EDB5  |.  5A          pop    edx
0046EDB6  |.  59          pop    ecx
0046EDB7  |.  59          pop    ecx
0046EDB8  |.  64:8910    mov    dword ptr fs:[eax], edx
0046EDBB  |.  68 D0ED4600 push 0046EDD0
0046EDC0  |>  8D45 FC    lea    eax, dword ptr [ebp-4]
0046EDC3  |.  E8 B454F9FF call 0040427C
0046EDC8  \.  C3          retn
0046EDC9 .^ E9 D64EF9FF jmp    00403CA4
0046EDCE .^ EB F0       jmp    short 0046EDC0
0046EDD0 .  8B45 F8    mov    eax, dword ptr [ebp-8]
0046EDD3 .  8BE5       mov    esp, ebp
0046EDD5 .  5D          pop    ebp
0046EDD6 .  C3          retn

[课程]FART 脱壳王！加量不加价！FART作者讲授！

收藏・0

免费・0

支持

分享

最新回复 (1)

雪币： 200

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

回帖

粉丝

关注

csoop: 2 楼

call 00404678过程代码

00404678  /$  53          push ebx
00404679  |.  56          push esi
0040467A  |.  57          push edi
0040467B  |.  89C6       mov    esi, eax
0040467D  |.  89D7       mov    edi, edx
0040467F  |.  39D0       cmp    eax, edx
00404681  |.  0F84 8F000000 je    00404716
00404687  |.  85F6       test esi, esi
00404689  |.  74 68       je    short 004046F3
0040468B  |.  85FF       test edi, edi
0040468D  |.  74 6B       je    short 004046FA
0040468F  |.  8B46 FC    mov    eax, dword ptr [esi-4]
00404692  |.  8B57 FC    mov    edx, dword ptr [edi-4]
00404695  |.  29D0       sub    eax, edx
00404697  |.  77 02       ja    short 0040469B
00404699  |.  01C2       add    edx, eax
0040469B  |>  52          push edx
0040469C  |.  C1EA 02    shr    edx, 2
0040469F  |.  74 26       je    short 004046C7
004046A1  |>  8B0E       /mov    ecx, dword ptr [esi]
004046A3  |.  8B1F       |mov    ebx, dword ptr [edi]
004046A5  |.  39D9       |cmp    ecx, ebx
004046A7  |.  75 58       |jnz    short 00404701
004046A9  |.  4A          |dec    edx
004046AA  |.  74 15       |je    short 004046C1
004046AC  |.  8B4E 04    |mov    ecx, dword ptr [esi+4]
004046AF  |.  8B5F 04    |mov    ebx, dword ptr [edi+4]
004046B2  |.  39D9       |cmp    ecx, ebx
004046B4  |.  75 4B       |jnz    short 00404701
004046B6  |.  83C6 08    |add    esi, 8
004046B9  |.  83C7 08    |add    edi, 8
004046BC  |.  4A          |dec    edx
004046BD  |.^ 75 E2       \jnz    short 004046A1
004046BF  |.  EB 06       jmp    short 004046C7
004046C1  |>  83C6 04    add    esi, 4
004046C4  |.  83C7 04    add    edi, 4
004046C7  |>  5A          pop    edx
004046C8  |.  83E2 03    and    edx, 3
004046CB  |.  74 22       je    short 004046EF
004046CD  |.  8B0E       mov    ecx, dword ptr [esi]
004046CF  |.  8B1F       mov    ebx, dword ptr [edi]
004046D1  |.  38D9       cmp    cl, bl
004046D3  |.  75 41       jnz    short 00404716
004046D5  |.  4A          dec    edx
004046D6  |.  74 17       je    short 004046EF
004046D8  |.  38FD       cmp    ch, bh
004046DA  |.  75 3A       jnz    short 00404716
004046DC  |.  4A          dec    edx
004046DD  |.  74 10       je    short 004046EF
004046DF  |.  81E3 0000FF00 and    ebx, 0FF0000
004046E5  |.  81E1 0000FF00 and    ecx, 0FF0000
004046EB  |.  39D9       cmp    ecx, ebx
004046ED  |.  75 27       jnz    short 00404716
004046EF  |>  01C0       add    eax, eax
004046F1  |.  EB 23       jmp    short 00404716
004046F3  |>  8B57 FC    mov    edx, dword ptr [edi-4]
004046F6  |.  29D0       sub    eax, edx
004046F8  |.  EB 1C       jmp    short 00404716
004046FA  |>  8B46 FC    mov    eax, dword ptr [esi-4]
004046FD  |.  29D0       sub    eax, edx
004046FF  |.  EB 15       jmp    short 00404716
00404701  |>  5A          pop    edx
00404702  |.  38D9       cmp    cl, bl
00404704  |.  75 10       jnz    short 00404716
00404706  |.  38FD       cmp    ch, bh
00404708  |.  75 0C       jnz    short 00404716
0040470A  |.  C1E9 10    shr    ecx, 10
0040470D  |.  C1EB 10    shr    ebx, 10
00404710  |.  38D9       cmp    cl, bl
00404712  |.  75 02       jnz    short 00404716
00404714  |.  38FD       cmp    ch, bh
00404716  |>  5F          pop    edi
00404717  |.  5E          pop    esi
00404718  |.  5B          pop    ebx
00404719  \.  C3          retn

2008-9-5 14:23

0

返回

csoop

发帖

回帖

RANK

他的文章

看雪公众号

专注于PC、移动、智能设备安全研究及逆向工程的开发者社区

//