首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. CTF对抗
    3. 发新帖
[原创]CRC32CrackMe算法分析
发表于: 2008-9-8 11:31 5934

[原创]CRC32CrackMe算法分析

PYGtianxj 活跃值
43
2008-9-8 11:31
5934
【破文标题】CRC32CrackMe算法分析
【破文作者】tianxj
【作者邮箱】[email]tianxj_2007@126.com[/email]
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD
【破解平台】D-Windows XP sp2
【软件名称】CRC32CrackMe
【原版下载】http://bbs.pediy.com/showthread.php?t=47488
【保护方式】注册码
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
            小菜鸟初学密码学,希望得到大侠的指点
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、运行程序,进行注册,输入错误的注册信息进行检测,有提示信息
"注册码错误,继续加油!"
**************************************************************
二、用PEiD对CRC32CrackMe.exe查壳,为 Microsoft Visual C++ 6.0
**************************************************************
三、运行OD,打开CRC32CrackMe.exe,右键—超级字串参考—查找ASCII.
发现"注册码错误,继续加油!"
==============================================================
0040126E   > \8BB424 10030000    MOV ESI,DWORD PTR SS:[ESP+310]           ;  Case A159 of switch 00401249
00401275   .  8B1D A4504000      MOV EBX,DWORD PTR DS:[<&USER32.GetDlgIte>;  USER32.GetDlgItemTextA
0040127B   .  8D8C24 0C010000    LEA ECX,DWORD PTR SS:[ESP+10C]
00401282   .  68 00010000        PUSH 100                                 ; /Count = 100 (256.)
00401287   .  51                 PUSH ECX                                 ; |Buffer
00401288   .  68 E8030000        PUSH 3E8                                 ; |ControlID = 3E8 (1000.)
0040128D   .  56                 PUSH ESI                                 ; |hWnd
0040128E   .  FFD3               CALL EBX                                 ; \GetDlgItemTextA
00401290   .  8DBC24 0C010000    LEA EDI,DWORD PTR SS:[ESP+10C]
00401297   .  83C9 FF            OR ECX,FFFFFFFF
0040129A   .  33C0               XOR EAX,EAX
0040129C   .  F2:AE              REPNE SCAS BYTE PTR ES:[EDI]
0040129E   .  F7D1               NOT ECX
004012A0   .  49                 DEC ECX
004012A1   .  83F9 01            CMP ECX,1
004012A4   .  73 1F              JNB SHORT CRC32Cra.004012C5              ;  //用户名长度大于等于1
004012A6   .  6A 40              PUSH 40                                  ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
004012A8   .  68 8C604000        PUSH CRC32Cra.0040608C                   ; |注册提示
004012AD   .  68 74604000        PUSH CRC32Cra.00406074                   ; |用户名不能为空请输入!
004012B2   .  56                 PUSH ESI                                 ; |hOwner
004012B3   .  FF15 A8504000      CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
004012B9   .  5F                 POP EDI
004012BA   .  5E                 POP ESI
004012BB   .  33C0               XOR EAX,EAX
004012BD   .  5B                 POP EBX
004012BE   .  81C4 00030000      ADD ESP,300
004012C4   .  C3                 RETN
004012C5   >  8D5424 0C          LEA EDX,DWORD PTR SS:[ESP+C]
004012C9   .  68 00010000        PUSH 100
004012CE   .  52                 PUSH EDX
004012CF   .  68 07040000        PUSH 407
004012D4   .  56                 PUSH ESI
004012D5   .  FFD3               CALL EBX
004012D7   .  8D7C24 0C          LEA EDI,DWORD PTR SS:[ESP+C]
004012DB   .  83C9 FF            OR ECX,FFFFFFFF
004012DE   .  33C0               XOR EAX,EAX
004012E0   .  F2:AE              REPNE SCAS BYTE PTR ES:[EDI]
004012E2   .  F7D1               NOT ECX
004012E4   .  49                 DEC ECX
004012E5   .  83F9 01            CMP ECX,1
004012E8   .  73 1F              JNB SHORT CRC32Cra.00401309              ;  //注册码长度大于等于1
004012EA   .  6A 40              PUSH 40                                  ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
004012EC   .  68 8C604000        PUSH CRC32Cra.0040608C                   ; |注册提示
004012F1   .  68 5C604000        PUSH CRC32Cra.0040605C                   ; |注册码不能为空请输入!
004012F6   .  56                 PUSH ESI                                 ; |hOwner
004012F7   .  FF15 A8504000      CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
004012FD   .  5F                 POP EDI
004012FE   .  5E                 POP ESI
004012FF   .  33C0               XOR EAX,EAX
00401301   .  5B                 POP EBX
00401302   .  81C4 00030000      ADD ESP,300
00401308   .  C3                 RETN
00401309   >  8D8424 0C020000    LEA EAX,DWORD PTR SS:[ESP+20C]
00401310   .  8D8C24 0C010000    LEA ECX,DWORD PTR SS:[ESP+10C]           ;  //用户名
00401317   .  50                 PUSH EAX
00401318   .  51                 PUSH ECX
00401319   .  E8 F2FDFFFF        CALL CRC32Cra.00401110                   ;  //算法CALL
0040131E   .  8D9424 14020000    LEA EDX,DWORD PTR SS:[ESP+214]           ;  //字符串2,即真码
00401325   .  8D4424 14          LEA EAX,DWORD PTR SS:[ESP+14]            ;  //假码
00401329   .  52                 PUSH EDX
0040132A   .  50                 PUSH EAX
0040132B   .  E8 D0FCFFFF        CALL CRC32Cra.00401000                   ;  //比较CALL
00401330   .  83C4 10            ADD ESP,10
00401333   .  83F8 01            CMP EAX,1
00401336   .  6A 40              PUSH 40                                  ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
00401338   .  68 8C604000        PUSH CRC32Cra.0040608C                   ; |注册提示
0040133D   .  75 18              JNZ SHORT CRC32Cra.00401357              ; |//关键跳转
0040133F   .  68 48604000        PUSH CRC32Cra.00406048                   ; |恭喜你,注册码正确!
00401344   .  56                 PUSH ESI                                 ; |hOwner
00401345   .  FF15 A8504000      CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
0040134B   .  5F                 POP EDI
0040134C   .  5E                 POP ESI
0040134D   .  33C0               XOR EAX,EAX
0040134F   .  5B                 POP EBX
00401350   .  81C4 00030000      ADD ESP,300
00401356   .  C3                 RETN
00401357   >  68 30604000        PUSH CRC32Cra.00406030                   ; |注册码错误,继续加油!
0040135C   .  56                 PUSH ESI                                 ; |hOwner
0040135D   .  FF15 A8504000      CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
00401363   .  5F                 POP EDI
00401364   .  5E                 POP ESI
00401365   .  33C0               XOR EAX,EAX
00401367   .  5B                 POP EBX
00401368   .  81C4 00030000      ADD ESP,300
0040136E   .  C3                 RETN
==============================================================
00401110  /$  83EC 0C            SUB ESP,0C
00401113  |.  56                 PUSH ESI
00401114  |.  57                 PUSH EDI
00401115  |.  E8 B6FFFFFF        CALL CRC32Cra.004010D0
0040111A  |.  8B7424 18          MOV ESI,DWORD PTR SS:[ESP+18]            ;  //用户名
0040111E  |.  83C9 FF            OR ECX,FFFFFFFF
00401121  |.  8BFE               MOV EDI,ESI                              ;  //用户名
00401123  |.  33C0               XOR EAX,EAX                              ;  //EAX=0
00401125  |.  83CA FF            OR EDX,FFFFFFFF                          ;  //EDX=FFFFFFFF
00401128  |.  F2:AE              REPNE SCAS BYTE PTR ES:[EDI]
0040112A  |.  F7D1               NOT ECX
0040112C  |.  49                 DEC ECX                                  ;  //用户名长度
0040112D  |.  85C9               TEST ECX,ECX
0040112F  |.  7E 1F              JLE SHORT CRC32Cra.00401150
00401131  |.  53                 PUSH EBX
00401132  |>  8BC2               /MOV EAX,EDX                             ;  //EAX=EDX
00401134  |.  33DB               |XOR EBX,EBX                             ;  //EBX=0
00401136  |.  8A1E               |MOV BL,BYTE PTR DS:[ESI]                ;  //逐位取用户名ASC值
00401138  |.  25 FF000000        |AND EAX,0FF                             ;  //EAX=EAX and 0FF
0040113D  |.  33C3               |XOR EAX,EBX                             ;  //EAX=EAX and EBX
0040113F  |.  C1EA 08            |SHR EDX,8                               ;  //EDX右移8位
00401142  |.  8B0485 20854000    |MOV EAX,DWORD PTR DS:[EAX*4+408520]     ;  //查表取数值
00401149  |.  33D0               |XOR EDX,EAX                             ;  //EDX=EDX xor EAX
0040114B  |.  46                 |INC ESI                                 ;  //ESI=ESI+1
0040114C  |.  49                 |DEC ECX                                 ;  //ECX=ECX-1
0040114D  |.^ 75 E3              \JNZ SHORT CRC32Cra.00401132             ;  //循环
0040114F  |.  5B                 POP EBX
00401150  |>  33C9               XOR ECX,ECX
00401152  |.  8D4424 08          LEA EAX,DWORD PTR SS:[ESP+8]
00401156  |.  894C24 09          MOV DWORD PTR SS:[ESP+9],ECX
0040115A  |.  6A 10              PUSH 10
0040115C  |.  F7D2               NOT EDX                                  ;  //EDX作非运算
0040115E  |.  894C24 11          MOV DWORD PTR SS:[ESP+11],ECX
00401162  |.  50                 PUSH EAX
00401163  |.  52                 PUSH EDX
00401164  |.  C64424 14 00       MOV BYTE PTR SS:[ESP+14],0
00401169  |.  884C24 1D          MOV BYTE PTR SS:[ESP+1D],CL
0040116D  |.  E8 24380000        CALL CRC32Cra.00404996                   ;  //EDX转小写字符形式,设为字符串1
00401172  |.  8D7C24 14          LEA EDI,DWORD PTR SS:[ESP+14]            ;  //字符串1
00401176  |.  83C9 FF            OR ECX,FFFFFFFF
00401179  |.  33C0               XOR EAX,EAX
0040117B  |.  83C4 0C            ADD ESP,0C
0040117E  |.  33F6               XOR ESI,ESI
00401180  |.  F2:AE              REPNE SCAS BYTE PTR ES:[EDI]
00401182  |.  F7D1               NOT ECX
00401184  |.  49                 DEC ECX
00401185  |.  74 25              JE SHORT CRC32Cra.004011AC
00401187  |>  0FBE4C34 08        /MOVSX ECX,BYTE PTR SS:[ESP+ESI+8]
0040118C  |.  51                 |PUSH ECX
0040118D  |.  E8 4E020000        |CALL CRC32Cra.004013E0
00401192  |.  884434 0C          |MOV BYTE PTR SS:[ESP+ESI+C],AL
00401196  |.  83C4 04            |ADD ESP,4
00401199  |.  8D7C24 08          |LEA EDI,DWORD PTR SS:[ESP+8]
0040119D  |.  83C9 FF            |OR ECX,FFFFFFFF
004011A0  |.  33C0               |XOR EAX,EAX
004011A2  |.  46                 |INC ESI
004011A3  |.  F2:AE              |REPNE SCAS BYTE PTR ES:[EDI]
004011A5  |.  F7D1               |NOT ECX
004011A7  |.  49                 |DEC ECX
004011A8  |.  3BF1               |CMP ESI,ECX
004011AA  |.^ 72 DB              \JB SHORT CRC32Cra.00401187              ;  //循环,字符串1转大写,设为字符串2
004011AC  |>  8B4424 1C          MOV EAX,DWORD PTR SS:[ESP+1C]
004011B0  |.  8D5424 08          LEA EDX,DWORD PTR SS:[ESP+8]             ;  //字符串2
004011B4  |.  52                 PUSH EDX                                 ; /String2
004011B5  |.  50                 PUSH EAX                                 ; |String1
004011B6  |.  FF15 00504000      CALL DWORD PTR DS:[<&KERNEL32.lstrcpyA>] ; \lstrcpyA
004011BC  |.  5F                 POP EDI
004011BD  |.  5E                 POP ESI
004011BE  |.  83C4 0C            ADD ESP,0C
004011C1  \.  C3                 RETN
==============================================================
一张巨大的密码表
00408520  00 00 00 00 96 30 07 77 2C 61 0E EE BA 51 09 99  ....?w,a詈Q.?
00408530  19 C4 6D 07 8F F4 6A 70 35 A5 63 E9 A3 95 64 9E  膍忯jp5椋昫?
00408540  32 88 DB 0E A4 B8 DC 79 1E E9 D5 E0 88 D9 D2 97  2堐じ躽檎鄨僖?
00408550  2B 4C B6 09 BD 7C B1 7E 07 2D B8 E7 91 1D BF 90  +L?絴眫-哥?繍
00408560  64 10 B7 1D F2 20 B0 6A 48 71 B9 F3 DE 41 BE 84  d??癹Hq贵轆緞
00408570  7D D4 DA 1A EB E4 DD 6D 51 B5 D4 F4 C7 85 D3 83  }在脘輒Q翟羟呌? 
00408580  56 98 6C 13 C0 A8 6B 64 7A F9 62 FD EC C9 65 8A  V榣括kdz鵥蒭?
00408590  4F 5C 01 14 D9 6C 06 63 63 3D 0F FA F5 0D 08 8D  O\賚cc=.?
004085A0  C8 20 6E 3B 5E 10 69 4C E4 41 60 D5 72 71 67 A2  ?n;^iL銩`誶qg?
004085B0  D1 E4 03 3C 47 D4 04 4B FD 85 0D D2 6B B5 0A A5  唁<G?K齾.襨??
004085C0  FA A8 B5 35 6C 98 B2 42 D6 C9 BB DB 40 F9 BC AC  ?l槻B稚慧@?
004085D0  E3 6C D8 32 75 5C DF 45 CF 0D D6 DC 59 3D D1 AB  鉲?u\逧?周Y=勋
004085E0  AC 30 D9 26 3A 00 DE 51 80 51 D7 C8 16 61 D0 BF  ??:.轖€Q兹a锌
004085F0  B5 F4 B4 21 23 C4 B3 56 99 95 BA CF 0F A5 BD B8  掉?#某V檿合ソ?
00408600  9E B8 02 28 08 88 05 5F B2 D9 0C C6 24 E9 0B B1  灨(?_操.???
00408610  87 7C 6F 2F 11 4C 68 58 AB 1D 61 C1 3D 2D 66 B6  噟o/LhX?a?-f?
00408620  90 41 DC 76 06 71 DB 01 BC 20 D2 98 2A 10 D5 EF  怉躹q??覙*诊
00408630  89 85 B1 71 1F B5 B6 06 A5 E4 BF 9F 33 D4 B8 E8  墔眖刀ヤ繜3愿?
00408640  A2 C9 07 78 34 F9 00 0F 8E A8 09 96 18 98 0E E1  ⑸x4?帹.???
00408650  BB 0D 6A 7F 2D 3D 6D 08 97 6C 64 91 01 5C 63 E6  ?j-=m條d?\c?
00408660  F4 51 6B 6B 62 61 6C 1C D8 30 65 85 4E 00 62 F2  鬛kkbal?e匩.b?
00408670  ED 95 06 6C 7B A5 01 1B C1 F4 08 82 57 C4 0F F5  頃l{?留俉??
00408680  C6 D9 B0 65 50 E9 B7 12 EA B8 BE 8B 7C 88 B9 FC  瀑癳P榉旮緥|埞?
00408690  DF 1D DD 62 49 2D DA 15 F3 7C D3 8C 65 4C D4 FB  ?輇I-?髚訉eL喳
004086A0  58 61 B2 4D CE 51 B5 3A 74 00 BC A3 E2 30 BB D4  Xa睲蜵?t.迹?辉
004086B0  41 A5 DF 4A D7 95 D8 3D 6D C4 D1 A4 FB F4 D6 D3  AミJ讜?m难糁?
004086C0  6A E9 69 43 FC D9 6E 34 46 88 67 AD D0 B8 60 DA  j閕Cn4F坓竊?
004086D0  73 2D 04 44 E5 1D 03 33 5F 4C 0A AA C9 7C 0D DD  s-D?3_L.|.?
004086E0  3C 71 05 50 AA 41 02 27 10 10 0B BE 86 20 0C C9  <qP狝'締 .?
004086F0  25 B5 68 57 B3 85 6F 20 09 D4 66 B9 9F E4 61 CE  %礹W硡o .詅篃鋋?
00408700  0E F9 DE 5E 98 C9 D9 29 22 98 D0 B0 B4 A8 D7 C7  ^樕?"樞按ㄗ?
00408710  17 3D B3 59 81 0D B4 2E 3B 5C BD B7 AD 6C BA C0  =砓??;\椒璴豪
00408720  20 83 B8 ED B6 B3 BF 9A 0C E2 B6 03 9A D2 B1 74   兏矶晨?舛氁眛
00408730  39 47 D5 EA AF 77 D2 9D 15 26 DB 04 83 16 DC 73  9G贞痺覞&??躶
00408740  12 0B 63 E3 84 3B 64 94 3E 6A 6D 0D A8 5A 6A 7A  c銊;d?jm.╖jz
00408750  0B CF 0E E4 9D FF 09 93 27 AE 00 0A B1 9E 07 7D  ?錆.??.睘}
00408760  44 93 0F F0 D2 A3 08 87 68 F2 01 1E FE C2 06 69  D?鹨?噃?i
00408770  5D 57 62 F7 CB 67 65 80 71 36 6C 19 E7 06 6B 6E  ]Wb魉ge€q6l?kn
00408780  76 1B D4 FE E0 2B D3 89 5A 7A DA 10 CC 4A DD 67  v轧?訅Zz?蘆輌
00408790  6F DF B9 F9 F9 EF BE 8E 43 BE B7 17 D5 8E B0 60  o吖锞嶤痉諑癭
004087A0  E8 A3 D6 D6 7E 93 D1 A1 C4 C2 D8 38 52 F2 DF 4F  瑁种~撗∧仑8R蜻O
004087B0  F1 67 BB D1 67 57 BC A6 DD 06 B5 3F 4B 36 B2 48  駁谎gW鸡??K6睭
004087C0  DA 2B 0D D8 4C 1B 0A AF F6 4A 03 36 60 7A 04 41  ?.豅.J6`zA
004087D0  C3 EF 60 DF 55 DF 67 A8 EF 8E 6E 31 79 BE 69 46  蔑`遀遟巒1y緄F
004087E0  8C B3 61 CB 1A 83 66 BC A0 D2 6F 25 36 E2 68 52  尦a?僨紶襬%6鈎R
004087F0  95 77 0C CC 03 47 0B BB B9 16 02 22 2F 26 05 55  晈.?G还"/&U
00408800  BE 3B BA C5 28 0B BD B2 92 5A B4 2B 04 6A B3 5C  ?号(讲抁?j砛
00408810  A7 FF D7 C2 31 CF D0 B5 8B 9E D9 2C 1D AE DE 5B  ?茁1闲祴炠,[
00408820  B0 C2 64 9B 26 F2 63 EC 9C A3 6A 75 0A 93 6D 02  奥d?騝鞙u.搈
00408830  A9 06 09 9C 3F 36 0E EB 85 67 07 72 13 57 00 05  ?.?6雲grW.
00408840  82 4A BF 95 14 7A B8 E2 AE 2B B1 7B 38 1B B6 0C  侸繒z糕?眥8?
00408850  9B 8E D2 92 0D BE D5 E5 B7 EF DC 7C 21 DF DB 0B  泿覓.菊宸镘|!咣
00408860  D4 D2 D3 86 42 E2 D4 F1 F8 B3 DD 68 6E 83 DA 1F  砸訂B庠聒齿hn冓
00408870  CD 16 BE 81 5B 26 B9 F6 E1 77 B0 6F 77 47 B7 18  ?緛[&滚醱皁wG?
00408880  E6 5A 08 88 70 6A 0F FF CA 3B 06 66 5C 0B 01 11  鎆坧j?f\
00408890  FF 9E 65 8F 69 AE 62 F8 D3 FF 6B 61 45 CF 6C 16  瀍廼産kaE蟣
004088A0  78 E2 0A A0 EE D2 0D D7 54 83 04 4E C2 B3 03 39  x?狀?譚?N鲁9
004088B0  61 26 67 A7 F7 16 60 D0 4D 47 69 49 DB 77 6E 3E  a&g`蠱GiI踳n>
004088C0  4A 6A D1 AE DC 5A D6 D9 66 0B DF 40 F0 3B D8 37  Jj旬躗仲f這??
004088D0  53 AE BC A9 C5 9E BB DE 7F CF B2 47 E9 FF B5 30  S┡灮?喜G??
004088E0  1C F2 BD BD 8A C2 BA CA 30 93 B3 53 A6 A3 B4 24  蚪綂潞?摮SΓ?
004088F0  05 36 D0 BA 93 06 D7 CD 29 57 DE 54 BF 67 D9 23  6泻?淄)W轙縢?
00408900  2E 7A 66 B3 B8 4A 61 C4 02 1B 68 5D 94 2B 6F 2A  .zf掣Ja?h]?o*
00408910  37 BE 0B B4 A1 8E 0C C3 1B DF 05 5A 8D EF 02 2D  7?础???Z嶏-

**************************************************************  
【破解总结】
--------------------------------------------------------------
【算法总结】
通过用户名运算查密码表的数值,循环运算得到的结果作非运算,即为注册码
--------------------------------------------------------------
【算法注册机】
用刘健英前辈的注册机编写器做算法注册机
KeyGen.rek
.const
.data
szHomePage db "http://www.chinapyg.com",0
szEmail    db "mailto:tianxj_2007@126.com",0
szErrMess  db "请输入用户名!",0
szXor16 db "%X",0
szBuffer db 50 dup (0)
DATA db 000h,000h,000h,000h,096h,030h,007h,077h,02Ch,061h,00Eh,0EEh,0BAh,051h,009h,099h
     db 019h,0C4h,06Dh,007h,08Fh,0F4h,06Ah,070h,035h,0A5h,063h,0E9h,0A3h,095h,064h,09Eh
     db 032h,088h,0DBh,00Eh,0A4h,0B8h,0DCh,079h,01Eh,0E9h,0D5h,0E0h,088h,0D9h,0D2h,097h
     db 02Bh,04Ch,0B6h,009h,0BDh,07Ch,0B1h,07Eh,007h,02Dh,0B8h,0E7h,091h,01Dh,0BFh,090h
     db 064h,010h,0B7h,01Dh,0F2h,020h,0B0h,06Ah,048h,071h,0B9h,0F3h,0DEh,041h,0BEh,084h
     db 07Dh,0D4h,0DAh,01Ah,0EBh,0E4h,0DDh,06Dh,051h,0B5h,0D4h,0F4h,0C7h,085h,0D3h,083h
     db 056h,098h,06Ch,013h,0C0h,0A8h,06Bh,064h,07Ah,0F9h,062h,0FDh,0ECh,0C9h,065h,08Ah
     db 04Fh,05Ch,001h,014h,0D9h,06Ch,006h,063h,063h,03Dh,00Fh,0FAh,0F5h,00Dh,008h,08Dh
     db 0C8h,020h,06Eh,03Bh,05Eh,010h,069h,04Ch,0E4h,041h,060h,0D5h,072h,071h,067h,0A2h
     db 0D1h,0E4h,003h,03Ch,047h,0D4h,004h,04Bh,0FDh,085h,00Dh,0D2h,06Bh,0B5h,00Ah,0A5h
     db 0FAh,0A8h,0B5h,035h,06Ch,098h,0B2h,042h,0D6h,0C9h,0BBh,0DBh,040h,0F9h,0BCh,0ACh
     db 0E3h,06Ch,0D8h,032h,075h,05Ch,0DFh,045h,0CFh,00Dh,0D6h,0DCh,059h,03Dh,0D1h,0ABh
     db 0ACh,030h,0D9h,026h,03Ah,000h,0DEh,051h,080h,051h,0D7h,0C8h,016h,061h,0D0h,0BFh
     db 0B5h,0F4h,0B4h,021h,023h,0C4h,0B3h,056h,099h,095h,0BAh,0CFh,00Fh,0A5h,0BDh,0B8h
     db 09Eh,0B8h,002h,028h,008h,088h,005h,05Fh,0B2h,0D9h,00Ch,0C6h,024h,0E9h,00Bh,0B1h
     db 087h,07Ch,06Fh,02Fh,011h,04Ch,068h,058h,0ABh,01Dh,061h,0C1h,03Dh,02Dh,066h,0B6h
     db 090h,041h,0DCh,076h,006h,071h,0DBh,001h,0BCh,020h,0D2h,098h,02Ah,010h,0D5h,0EFh
     db 089h,085h,0B1h,071h,01Fh,0B5h,0B6h,006h,0A5h,0E4h,0BFh,09Fh,033h,0D4h,0B8h,0E8h
     db 0A2h,0C9h,007h,078h,034h,0F9h,000h,00Fh,08Eh,0A8h,009h,096h,018h,098h,00Eh,0E1h
     db 0BBh,00Dh,06Ah,07Fh,02Dh,03Dh,06Dh,008h,097h,06Ch,064h,091h,001h,05Ch,063h,0E6h
     db 0F4h,051h,06Bh,06Bh,062h,061h,06Ch,01Ch,0D8h,030h,065h,085h,04Eh,000h,062h,0F2h
     db 0EDh,095h,006h,06Ch,07Bh,0A5h,001h,01Bh,0C1h,0F4h,008h,082h,057h,0C4h,00Fh,0F5h
     db 0C6h,0D9h,0B0h,065h,050h,0E9h,0B7h,012h,0EAh,0B8h,0BEh,08Bh,07Ch,088h,0B9h,0FCh
     db 0DFh,01Dh,0DDh,062h,049h,02Dh,0DAh,015h,0F3h,07Ch,0D3h,08Ch,065h,04Ch,0D4h,0FBh
     db 058h,061h,0B2h,04Dh,0CEh,051h,0B5h,03Ah,074h,000h,0BCh,0A3h,0E2h,030h,0BBh,0D4h
     db 041h,0A5h,0DFh,04Ah,0D7h,095h,0D8h,03Dh,06Dh,0C4h,0D1h,0A4h,0FBh,0F4h,0D6h,0D3h
     db 06Ah,0E9h,069h,043h,0FCh,0D9h,06Eh,034h,046h,088h,067h,0ADh,0D0h,0B8h,060h,0DAh
     db 073h,02Dh,004h,044h,0E5h,01Dh,003h,033h,05Fh,04Ch,00Ah,0AAh,0C9h,07Ch,00Dh,0DDh
     db 03Ch,071h,005h,050h,0AAh,041h,002h,027h,010h,010h,00Bh,0BEh,086h,020h,00Ch,0C9h
     db 025h,0B5h,068h,057h,0B3h,085h,06Fh,020h,009h,0D4h,066h,0B9h,09Fh,0E4h,061h,0CEh
     db 00Eh,0F9h,0DEh,05Eh,098h,0C9h,0D9h,029h,022h,098h,0D0h,0B0h,0B4h,0A8h,0D7h,0C7h
     db 017h,03Dh,0B3h,059h,081h,00Dh,0B4h,02Eh,03Bh,05Ch,0BDh,0B7h,0ADh,06Ch,0BAh,0C0h
     db 020h,083h,0B8h,0EDh,0B6h,0B3h,0BFh,09Ah,00Ch,0E2h,0B6h,003h,09Ah,0D2h,0B1h,074h
     db 039h,047h,0D5h,0EAh,0AFh,077h,0D2h,09Dh,015h,026h,0DBh,004h,083h,016h,0DCh,073h
     db 012h,00Bh,063h,0E3h,084h,03Bh,064h,094h,03Eh,06Ah,06Dh,00Dh,0A8h,05Ah,06Ah,07Ah
     db 00Bh,0CFh,00Eh,0E4h,09Dh,0FFh,009h,093h,027h,0AEh,000h,00Ah,0B1h,09Eh,007h,07Dh
     db 044h,093h,00Fh,0F0h,0D2h,0A3h,008h,087h,068h,0F2h,001h,01Eh,0FEh,0C2h,006h,069h
     db 05Dh,057h,062h,0F7h,0CBh,067h,065h,080h,071h,036h,06Ch,019h,0E7h,006h,06Bh,06Eh
     db 076h,01Bh,0D4h,0FEh,0E0h,02Bh,0D3h,089h,05Ah,07Ah,0DAh,010h,0CCh,04Ah,0DDh,067h
     db 06Fh,0DFh,0B9h,0F9h,0F9h,0EFh,0BEh,08Eh,043h,0BEh,0B7h,017h,0D5h,08Eh,0B0h,060h
     db 0E8h,0A3h,0D6h,0D6h,07Eh,093h,0D1h,0A1h,0C4h,0C2h,0D8h,038h,052h,0F2h,0DFh,04Fh
     db 0F1h,067h,0BBh,0D1h,067h,057h,0BCh,0A6h,0DDh,006h,0B5h,03Fh,04Bh,036h,0B2h,048h
     db 0DAh,02Bh,00Dh,0D8h,04Ch,01Bh,00Ah,0AFh,0F6h,04Ah,003h,036h,060h,07Ah,004h,041h
     db 0C3h,0EFh,060h,0DFh,055h,0DFh,067h,0A8h,0EFh,08Eh,06Eh,031h,079h,0BEh,069h,046h
     db 08Ch,0B3h,061h,0CBh,01Ah,083h,066h,0BCh,0A0h,0D2h,06Fh,025h,036h,0E2h,068h,052h
     db 095h,077h,00Ch,0CCh,003h,047h,00Bh,0BBh,0B9h,016h,002h,022h,02Fh,026h,005h,055h
     db 0BEh,03Bh,0BAh,0C5h,028h,00Bh,0BDh,0B2h,092h,05Ah,0B4h,02Bh,004h,06Ah,0B3h,05Ch
     db 0A7h,0FFh,0D7h,0C2h,031h,0CFh,0D0h,0B5h,08Bh,09Eh,0D9h,02Ch,01Dh,0AEh,0DEh,05Bh
     db 0B0h,0C2h,064h,09Bh,026h,0F2h,063h,0ECh,09Ch,0A3h,06Ah,075h,00Ah,093h,06Dh,002h
     db 0A9h,006h,009h,09Ch,03Fh,036h,00Eh,0EBh,085h,067h,007h,072h,013h,057h,000h,005h
     db 082h,04Ah,0BFh,095h,014h,07Ah,0B8h,0E2h,0AEh,02Bh,0B1h,07Bh,038h,01Bh,0B6h,00Ch
     db 09Bh,08Eh,0D2h,092h,00Dh,0BEh,0D5h,0E5h,0B7h,0EFh,0DCh,07Ch,021h,0DFh,0DBh,00Bh
     db 0D4h,0D2h,0D3h,086h,042h,0E2h,0D4h,0F1h,0F8h,0B3h,0DDh,068h,06Eh,083h,0DAh,01Fh
     db 0CDh,016h,0BEh,081h,05Bh,026h,0B9h,0F6h,0E1h,077h,0B0h,06Fh,077h,047h,0B7h,018h
     db 0E6h,05Ah,008h,088h,070h,06Ah,00Fh,0FFh,0CAh,03Bh,006h,066h,05Ch,00Bh,001h,011h
     db 0FFh,09Eh,065h,08Fh,069h,0AEh,062h,0F8h,0D3h,0FFh,06Bh,061h,045h,0CFh,06Ch,016h
     db 078h,0E2h,00Ah,0A0h,0EEh,0D2h,00Dh,0D7h,054h,083h,004h,04Eh,0C2h,0B3h,003h,039h
     db 061h,026h,067h,0A7h,0F7h,016h,060h,0D0h,04Dh,047h,069h,049h,0DBh,077h,06Eh,03Eh
     db 04Ah,06Ah,0D1h,0AEh,0DCh,05Ah,0D6h,0D9h,066h,00Bh,0DFh,040h,0F0h,03Bh,0D8h,037h
     db 053h,0AEh,0BCh,0A9h,0C5h,09Eh,0BBh,0DEh,07Fh,0CFh,0B2h,047h,0E9h,0FFh,0B5h,030h
     db 01Ch,0F2h,0BDh,0BDh,08Ah,0C2h,0BAh,0CAh,030h,093h,0B3h,053h,0A6h,0A3h,0B4h,024h
     db 005h,036h,0D0h,0BAh,093h,006h,0D7h,0CDh,029h,057h,0DEh,054h,0BFh,067h,0D9h,023h
     db 02Eh,07Ah,066h,0B3h,0B8h,04Ah,061h,0C4h,002h,01Bh,068h,05Dh,094h,02Bh,06Fh,02Ah
     db 037h,0BEh,00Bh,0B4h,0A1h,08Eh,00Ch,0C3h,01Bh,0DFh,005h,05Ah,08Dh,0EFh,002h,02Dh
.code
MOV ESI,EAX
OR ECX,0FFFFFFFFh
MOV EDI,ESI                  
XOR EAX,EAX                        
OR EDX,0FFFFFFFFh
REPNE SCAS BYTE PTR ES:[EDI]
NOT ECX
DEC ECX         
tianxj:
MOV EAX,EDX        
XOR EBX,EBX   
MOV BL,BYTE PTR DS:[ESI]
AND EAX,0FFh      
XOR EAX,EBX   
SHR EDX,8      
MOV EAX,DWORD PTR DS:[EAX*4+DATA]
XOR EDX,EAX            
INC ESI     
DEC ECX     
JNZ tianxj
NOT EDX
invoke wsprintf,addr szBuffer,addr szXor16,edx
lea eax,szBuffer
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及所有帮助过我的论坛兄弟姐妹们!
谢谢windrand提供这么好的学习资料
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (4)
Nooby
雪    币: 82
活跃值: (10)
能力值: (RANK:210 )
在线值:
发帖
回帖
粉丝
私信
2
沙发支持一下,消灭0回复
2008-9-8 12:26
0
linhanshi
雪    币: 97697
活跃值: (200839)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
support.
2008-9-8 12:29
0
ppt
雪    币: 209
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
ppt
4
帮小菜鸟顶一下,好文,学习下
2008-9-8 12:33
0
李东国
雪    币: 205
活跃值: (15)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
密码表如何使用的?好像没有看懂,晕啊
2008-9-10 14:09
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//