首页
社区
课程
招聘
[求助]请看看算法
发表于: 2008-10-21 11:36 9828

[求助]请看看算法

2008-10-21 11:36
9828
005641A0    55              push    ebp
005641A1    8BEC            mov     ebp, esp
005641A3    83EC 10         sub     esp, 10
005641A6    B8 CCCCCCCC     mov     eax, CCCCCCCC
005641AB    8945 F0         mov     dword ptr [ebp-10], eax
005641AE    8945 F4         mov     dword ptr [ebp-C], eax
005641B1    8945 F8         mov     dword ptr [ebp-8], eax
005641B4    8945 FC         mov     dword ptr [ebp-4], eax
005641B7    8B45 0C         mov     eax, dword ptr [ebp+C]
005641BA    0FB608          movzx   ecx, byte ptr [eax]
005641BD    C1E1 18         shl     ecx, 18
005641C0    8B55 0C         mov     edx, dword ptr [ebp+C]
005641C3    0FB642 01       movzx   eax, byte ptr [edx+1]
005641C7    C1E0 10         shl     eax, 10
005641CA    0BC8            or      ecx, eax
005641CC    8B55 0C         mov     edx, dword ptr [ebp+C]
005641CF    0FB642 02       movzx   eax, byte ptr [edx+2]
005641D3    C1E0 08         shl     eax, 8
005641D6    0BC8            or      ecx, eax
005641D8    8B55 0C         mov     edx, dword ptr [ebp+C]
005641DB    0FB642 03       movzx   eax, byte ptr [edx+3]
005641DF    0BC8            or      ecx, eax
005641E1    894D F8         mov     dword ptr [ebp-8], ecx
005641E4    8B4D 0C         mov     ecx, dword ptr [ebp+C]
005641E7    0FB651 04       movzx   edx, byte ptr [ecx+4]
005641EB    C1E2 18         shl     edx, 18
005641EE    8B45 0C         mov     eax, dword ptr [ebp+C]
005641F1    0FB648 05       movzx   ecx, byte ptr [eax+5]
005641F5    C1E1 10         shl     ecx, 10
005641F8    0BD1            or      edx, ecx
005641FA    8B45 0C         mov     eax, dword ptr [ebp+C]
005641FD    0FB648 06       movzx   ecx, byte ptr [eax+6]
00564201    C1E1 08         shl     ecx, 8
00564204    0BD1            or      edx, ecx
00564206    8B45 0C         mov     eax, dword ptr [ebp+C]
00564209    0FB648 07       movzx   ecx, byte ptr [eax+7]
0056420D    0BD1            or      edx, ecx
0056420F    8955 F4         mov     dword ptr [ebp-C], edx
00564212    8B55 F4         mov     edx, dword ptr [ebp-C]
00564215    C1EA 04         shr     edx, 4
00564218    3355 F8         xor     edx, dword ptr [ebp-8]
0056421B    81E2 0F0F0F0F   and     edx, 0F0F0F0F
00564221    8955 F0         mov     dword ptr [ebp-10], edx
00564224    8B45 F8         mov     eax, dword ptr [ebp-8]
00564227    3345 F0         xor     eax, dword ptr [ebp-10]
0056422A    8945 F8         mov     dword ptr [ebp-8], eax
0056422D    8B4D F0         mov     ecx, dword ptr [ebp-10]
00564230    C1E1 04         shl     ecx, 4
00564233    334D F4         xor     ecx, dword ptr [ebp-C]
00564236    894D F4         mov     dword ptr [ebp-C], ecx
00564239    8B55 F4         mov     edx, dword ptr [ebp-C]
0056423C    3355 F8         xor     edx, dword ptr [ebp-8]
0056423F    81E2 10101010   and     edx, 10101010
00564245    8955 F0         mov     dword ptr [ebp-10], edx
00564248    8B45 F8         mov     eax, dword ptr [ebp-8]
0056424B    3345 F0         xor     eax, dword ptr [ebp-10]
0056424E    8945 F8         mov     dword ptr [ebp-8], eax
00564251    8B4D F4         mov     ecx, dword ptr [ebp-C]
00564254    334D F0         xor     ecx, dword ptr [ebp-10]
00564257    894D F4         mov     dword ptr [ebp-C], ecx
0056425A    8B55 F8         mov     edx, dword ptr [ebp-8]
0056425D    83E2 0F         and     edx, 0F
00564260    8B0495 F8905D00 mov     eax, dword ptr [edx*4+5D90F8]
00564267    C1E0 03         shl     eax, 3
0056426A    8B4D F8         mov     ecx, dword ptr [ebp-8]
0056426D    C1E9 08         shr     ecx, 8
00564270    83E1 0F         and     ecx, 0F
00564273    8B148D F8905D00 mov     edx, dword ptr [ecx*4+5D90F8]
0056427A    C1E2 02         shl     edx, 2
0056427D    0BC2            or      eax, edx
0056427F    8B4D F8         mov     ecx, dword ptr [ebp-8]
00564282    C1E9 10         shr     ecx, 10
00564285    83E1 0F         and     ecx, 0F
00564288    8B148D F8905D00 mov     edx, dword ptr [ecx*4+5D90F8]
0056428F    D1E2            shl     edx, 1
00564291    0BC2            or      eax, edx
00564293    8B4D F8         mov     ecx, dword ptr [ebp-8]
00564296    C1E9 18         shr     ecx, 18
00564299    83E1 0F         and     ecx, 0F
0056429C    0B048D F8905D00 or      eax, dword ptr [ecx*4+5D90F8]
005642A3    8B55 F8         mov     edx, dword ptr [ebp-8]
005642A6    C1EA 05         shr     edx, 5
005642A9    83E2 0F         and     edx, 0F
005642AC    8B0C95 F8905D00 mov     ecx, dword ptr [edx*4+5D90F8]
005642B3    C1E1 07         shl     ecx, 7
005642B6    0BC1            or      eax, ecx
005642B8    8B55 F8         mov     edx, dword ptr [ebp-8]
005642BB    C1EA 0D         shr     edx, 0D
005642BE    83E2 0F         and     edx, 0F
005642C1    8B0C95 F8905D00 mov     ecx, dword ptr [edx*4+5D90F8]
005642C8    C1E1 06         shl     ecx, 6
005642CB    0BC1            or      eax, ecx
005642CD    8B55 F8         mov     edx, dword ptr [ebp-8]
005642D0    C1EA 15         shr     edx, 15
005642D3    83E2 0F         and     edx, 0F
005642D6    8B0C95 F8905D00 mov     ecx, dword ptr [edx*4+5D90F8]
005642DD    C1E1 05         shl     ecx, 5
005642E0    0BC1            or      eax, ecx
005642E2    8B55 F8         mov     edx, dword ptr [ebp-8]
005642E5    C1EA 1D         shr     edx, 1D
005642E8    83E2 0F         and     edx, 0F
005642EB    8B0C95 F8905D00 mov     ecx, dword ptr [edx*4+5D90F8]
005642F2    C1E1 04         shl     ecx, 4
005642F5    0BC1            or      eax, ecx
005642F7    8945 F8         mov     dword ptr [ebp-8], eax
005642FA    8B55 F4         mov     edx, dword ptr [ebp-C]
005642FD    D1EA            shr     edx, 1
005642FF    83E2 0F         and     edx, 0F
00564302    8B0495 38915D00 mov     eax, dword ptr [edx*4+5D9138]
00564309    C1E0 03         shl     eax, 3
0056430C    8B4D F4         mov     ecx, dword ptr [ebp-C]
0056430F    C1E9 09         shr     ecx, 9
00564312    83E1 0F         and     ecx, 0F
00564315    8B148D 38915D00 mov     edx, dword ptr [ecx*4+5D9138]
0056431C    C1E2 02         shl     edx, 2
0056431F    0BC2            or      eax, edx
00564321    8B4D F4         mov     ecx, dword ptr [ebp-C]
00564324    C1E9 11         shr     ecx, 11
00564327    83E1 0F         and     ecx, 0F
0056432A    8B148D 38915D00 mov     edx, dword ptr [ecx*4+5D9138]
00564331    D1E2            shl     edx, 1
00564333    0BC2            or      eax, edx
00564335    8B4D F4         mov     ecx, dword ptr [ebp-C]
00564338    C1E9 19         shr     ecx, 19
0056433B    83E1 0F         and     ecx, 0F
0056433E    0B048D 38915D00 or      eax, dword ptr [ecx*4+5D9138]
00564345    8B55 F4         mov     edx, dword ptr [ebp-C]
00564348    C1EA 04         shr     edx, 4
0056434B    83E2 0F         and     edx, 0F
0056434E    8B0C95 38915D00 mov     ecx, dword ptr [edx*4+5D9138]
00564355    C1E1 07         shl     ecx, 7
00564358    0BC1            or      eax, ecx
0056435A    8B55 F4         mov     edx, dword ptr [ebp-C]
0056435D    C1EA 0C         shr     edx, 0C
00564360    83E2 0F         and     edx, 0F
00564363    8B0C95 38915D00 mov     ecx, dword ptr [edx*4+5D9138]
0056436A    C1E1 06         shl     ecx, 6
0056436D    0BC1            or      eax, ecx
0056436F    8B55 F4         mov     edx, dword ptr [ebp-C]
00564372    C1EA 14         shr     edx, 14
00564375    83E2 0F         and     edx, 0F
00564378    8B0C95 38915D00 mov     ecx, dword ptr [edx*4+5D9138]
0056437F    C1E1 05         shl     ecx, 5
00564382    0BC1            or      eax, ecx
00564384    8B55 F4         mov     edx, dword ptr [ebp-C]
00564387    C1EA 1C         shr     edx, 1C
0056438A    83E2 0F         and     edx, 0F
0056438D    8B0C95 38915D00 mov     ecx, dword ptr [edx*4+5D9138]
00564394    C1E1 04         shl     ecx, 4
00564397    0BC1            or      eax, ecx
00564399    8945 F4         mov     dword ptr [ebp-C], eax
0056439C    8B55 F8         mov     edx, dword ptr [ebp-8]
0056439F    81E2 FFFFFF0F   and     edx, 0FFFFFFF
005643A5    8955 F8         mov     dword ptr [ebp-8], edx
005643A8    8B45 F4         mov     eax, dword ptr [ebp-C]
005643AB    25 FFFFFF0F     and     eax, 0FFFFFFF
005643B0    8945 F4         mov     dword ptr [ebp-C], eax
005643B3    C745 FC 0000000>mov     dword ptr [ebp-4], 0
005643BA    EB 09           jmp     short 005643C5
005643BC    8B4D FC         mov     ecx, dword ptr [ebp-4]           ; 开头
005643BF    83C1 01         add     ecx, 1
005643C2    894D FC         mov     dword ptr [ebp-4], ecx
005643C5    837D FC 10      cmp     dword ptr [ebp-4], 10
005643C9    0F8D BB020000   jge     0056468A
005643CF    837D FC 02      cmp     dword ptr [ebp-4], 2
005643D3    7C 0C           jl      short 005643E1
005643D5    837D FC 08      cmp     dword ptr [ebp-4], 8
005643D9    74 06           je      short 005643E1
005643DB    837D FC 0F      cmp     dword ptr [ebp-4], 0F
005643DF    75 2E           jnz     short 0056440F
005643E1    8B55 F8         mov     edx, dword ptr [ebp-8]
005643E4    D1E2            shl     edx, 1
005643E6    8B45 F8         mov     eax, dword ptr [ebp-8]
005643E9    C1E8 1B         shr     eax, 1B
005643EC    0BD0            or      edx, eax
005643EE    81E2 FFFFFF0F   and     edx, 0FFFFFFF
005643F4    8955 F8         mov     dword ptr [ebp-8], edx
005643F7    8B4D F4         mov     ecx, dword ptr [ebp-C]
005643FA    D1E1            shl     ecx, 1
005643FC    8B55 F4         mov     edx, dword ptr [ebp-C]
005643FF    C1EA 1B         shr     edx, 1B
00564402    0BCA            or      ecx, edx
00564404    81E1 FFFFFF0F   and     ecx, 0FFFFFFF
0056440A    894D F4         mov     dword ptr [ebp-C], ecx
0056440D    EB 2D           jmp     short 0056443C
0056440F    8B45 F8         mov     eax, dword ptr [ebp-8]
00564412    C1E0 02         shl     eax, 2
00564415    8B4D F8         mov     ecx, dword ptr [ebp-8]
00564418    C1E9 1A         shr     ecx, 1A
0056441B    0BC1            or      eax, ecx
0056441D    25 FFFFFF0F     and     eax, 0FFFFFFF
00564422    8945 F8         mov     dword ptr [ebp-8], eax
00564425    8B55 F4         mov     edx, dword ptr [ebp-C]
00564428    C1E2 02         shl     edx, 2
0056442B    8B45 F4         mov     eax, dword ptr [ebp-C]
0056442E    C1E8 1A         shr     eax, 1A
00564431    0BD0            or      edx, eax
00564433    81E2 FFFFFF0F   and     edx, 0FFFFFFF
00564439    8955 F4         mov     dword ptr [ebp-C], edx
0056443C    8B4D F8         mov     ecx, dword ptr [ebp-8]
0056443F    C1E1 04         shl     ecx, 4
00564442    81E1 00000024   and     ecx, 24000000                    ; 老地方?
00564448    8B55 F8         mov     edx, dword ptr [ebp-8]
0056444B    C1E2 1C         shl     edx, 1C
0056444E    81E2 00000010   and     edx, 10000000
00564454    0BCA            or      ecx, edx
00564456    8B45 F8         mov     eax, dword ptr [ebp-8]
00564459    C1E0 0E         shl     eax, 0E
0056445C    25 00000008     and     eax, 8000000
00564461    0BC8            or      ecx, eax
00564463    8B55 F8         mov     edx, dword ptr [ebp-8]
00564466    C1E2 12         shl     edx, 12
00564469    81E2 00000802   and     edx, 2080000
0056446F    0BCA            or      ecx, edx
00564471    8B45 F8         mov     eax, dword ptr [ebp-8]
00564474    C1E0 06         shl     eax, 6
00564477    25 00000001     and     eax, 1000000
0056447C    0BC8            or      ecx, eax
0056447E    8B55 F8         mov     edx, dword ptr [ebp-8]
00564481    C1E2 09         shl     edx, 9
00564484    81E2 00002000   and     edx, 200000
0056448A    0BCA            or      ecx, edx
0056448C    8B45 F8         mov     eax, dword ptr [ebp-8]
0056448F    D1E8            shr     eax, 1
00564491    25 00001000     and     eax, 100000
00564496    0BC8            or      ecx, eax
00564498    8B55 F8         mov     edx, dword ptr [ebp-8]
0056449B    C1E2 0A         shl     edx, 0A
0056449E    81E2 00000400   and     edx, 40000
005644A4    0BCA            or      ecx, edx
005644A6    8B45 F8         mov     eax, dword ptr [ebp-8]
005644A9    C1E0 02         shl     eax, 2
005644AC    25 00000200     and     eax, 20000
005644B1    0BC8            or      ecx, eax
005644B3    8B55 F8         mov     edx, dword ptr [ebp-8]
005644B6    C1EA 0A         shr     edx, 0A
005644B9    81E2 00000100   and     edx, 10000
005644BF    0BCA            or      ecx, edx
005644C1    8B45 F4         mov     eax, dword ptr [ebp-C]
005644C4    C1E8 0D         shr     eax, 0D
005644C7    25 00200000     and     eax, 2000
005644CC    0BC8            or      ecx, eax
005644CE    8B55 F4         mov     edx, dword ptr [ebp-C]
005644D1    C1EA 04         shr     edx, 4
005644D4    81E2 00100000   and     edx, 1000
005644DA    0BCA            or      ecx, edx
005644DC    8B45 F4         mov     eax, dword ptr [ebp-C]
005644DF    C1E0 06         shl     eax, 6
005644E2    25 00080000     and     eax, 800
005644E7    0BC8            or      ecx, eax
005644E9    8B55 F4         mov     edx, dword ptr [ebp-C]
005644EC    D1EA            shr     edx, 1
005644EE    81E2 00040000   and     edx, 400
005644F4    0BCA            or      ecx, edx
005644F6    8B45 F4         mov     eax, dword ptr [ebp-C]
005644F9    C1E8 0E         shr     eax, 0E
005644FC    25 00020000     and     eax, 200
00564501    0BC8            or      ecx, eax
00564503    8B55 F4         mov     edx, dword ptr [ebp-C]
00564506    81E2 00010000   and     edx, 100
0056450C    0BCA            or      ecx, edx
0056450E    8B45 F4         mov     eax, dword ptr [ebp-C]
00564511    C1E8 05         shr     eax, 5
00564514    83E0 20         and     eax, 20
00564517    0BC8            or      ecx, eax
00564519    8B55 F4         mov     edx, dword ptr [ebp-C]
0056451C    C1EA 0A         shr     edx, 0A
0056451F    83E2 10         and     edx, 10
00564522    0BCA            or      ecx, edx
00564524    8B45 F4         mov     eax, dword ptr [ebp-C]
00564527    C1E8 03         shr     eax, 3
0056452A    83E0 08         and     eax, 8
0056452D    0BC8            or      ecx, eax
0056452F    8B55 F4         mov     edx, dword ptr [ebp-C]
00564532    C1EA 12         shr     edx, 12
00564535    83E2 04         and     edx, 4
00564538    0BCA            or      ecx, edx
0056453A    8B45 F4         mov     eax, dword ptr [ebp-C]
0056453D    C1E8 1A         shr     eax, 1A
00564540    83E0 02         and     eax, 2
00564543    0BC8            or      ecx, eax
00564545    8B55 F4         mov     edx, dword ptr [ebp-C]
00564548    C1EA 18         shr     edx, 18
0056454B    83E2 01         and     edx, 1
0056454E    0BCA            or      ecx, edx
00564550    8B45 08         mov     eax, dword ptr [ebp+8]
00564553    8908            mov     dword ptr [eax], ecx
00564555    8B4D 08         mov     ecx, dword ptr [ebp+8]
00564558    83C1 04         add     ecx, 4
0056455B    894D 08         mov     dword ptr [ebp+8], ecx
0056455E    8B55 F8         mov     edx, dword ptr [ebp-8]
00564561    C1E2 0F         shl     edx, 0F
00564564    81E2 00000020   and     edx, 20000000
0056456A    8B45 F8         mov     eax, dword ptr [ebp-8]
0056456D    C1E0 11         shl     eax, 11
00564570    25 00000010     and     eax, 10000000
00564575    0BD0            or      edx, eax
00564577    8B4D F8         mov     ecx, dword ptr [ebp-8]
0056457A    C1E1 0A         shl     ecx, 0A
0056457D    81E1 00000008   and     ecx, 8000000
00564583    0BD1            or      edx, ecx
00564585    8B45 F8         mov     eax, dword ptr [ebp-8]
00564588    C1E0 16         shl     eax, 16
0056458B    25 00000004     and     eax, 4000000
00564590    0BD0            or      edx, eax
00564592    8B4D F8         mov     ecx, dword ptr [ebp-8]
00564595    C1E9 02         shr     ecx, 2
00564598    81E1 00000002   and     ecx, 2000000
0056459E    0BD1            or      edx, ecx
005645A0    8B45 F8         mov     eax, dword ptr [ebp-8]
005645A3    D1E0            shl     eax, 1
005645A5    25 00000001     and     eax, 1000000
005645AA    0BD0            or      edx, eax
005645AC    8B4D F8         mov     ecx, dword ptr [ebp-8]
005645AF    C1E1 10         shl     ecx, 10
005645B2    81E1 00002000   and     ecx, 200000
005645B8    0BD1            or      edx, ecx
005645BA    8B45 F8         mov     eax, dword ptr [ebp-8]
005645BD    C1E0 0B         shl     eax, 0B
005645C0    25 00001000     and     eax, 100000
005645C5    0BD0            or      edx, eax
005645C7    8B4D F8         mov     ecx, dword ptr [ebp-8]
005645CA    C1E1 03         shl     ecx, 3
005645CD    81E1 00000800   and     ecx, 80000
005645D3    0BD1            or      edx, ecx
005645D5    8B45 F8         mov     eax, dword ptr [ebp-8]
005645D8    C1E8 06         shr     eax, 6
005645DB    25 00000400     and     eax, 40000
005645E0    0BD0            or      edx, eax
005645E2    8B4D F8         mov     ecx, dword ptr [ebp-8]
005645E5    C1E1 0F         shl     ecx, 0F
005645E8    81E1 00000200   and     ecx, 20000
005645EE    0BD1            or      edx, ecx
005645F0    8B45 F8         mov     eax, dword ptr [ebp-8]
005645F3    C1E8 04         shr     eax, 4
005645F6    25 00000100     and     eax, 10000
005645FB    0BD0            or      edx, eax
005645FD    8B4D F4         mov     ecx, dword ptr [ebp-C]
00564600    C1E9 02         shr     ecx, 2
00564603    81E1 00200000   and     ecx, 2000
00564609    0BD1            or      edx, ecx
0056460B    8B45 F4         mov     eax, dword ptr [ebp-C]
0056460E    C1E0 08         shl     eax, 8
00564611    25 00100000     and     eax, 1000
00564616    0BD0            or      edx, eax
00564618    8B4D F4         mov     ecx, dword ptr [ebp-C]
0056461B    C1E9 0E         shr     ecx, 0E
0056461E    81E1 08080000   and     ecx, 808
00564624    0BD1            or      edx, ecx
00564626    8B45 F4         mov     eax, dword ptr [ebp-C]
00564629    C1E8 09         shr     eax, 9
0056462C    25 00040000     and     eax, 400
00564631    0BD0            or      edx, eax
00564633    8B4D F4         mov     ecx, dword ptr [ebp-C]
00564636    81E1 00020000   and     ecx, 200
0056463C    0BD1            or      edx, ecx
0056463E    8B45 F4         mov     eax, dword ptr [ebp-C]
00564641    C1E0 07         shl     eax, 7
00564644    25 00010000     and     eax, 100
00564649    0BD0            or      edx, eax
0056464B    8B4D F4         mov     ecx, dword ptr [ebp-C]
0056464E    C1E9 07         shr     ecx, 7
00564651    83E1 20         and     ecx, 20
00564654    0BD1            or      edx, ecx
00564656    8B45 F4         mov     eax, dword ptr [ebp-C]
00564659    C1E8 03         shr     eax, 3
0056465C    83E0 11         and     eax, 11
0056465F    0BD0            or      edx, eax
00564661    8B4D F4         mov     ecx, dword ptr [ebp-C]
00564664    C1E1 02         shl     ecx, 2
00564667    83E1 04         and     ecx, 4
0056466A    0BD1            or      edx, ecx
0056466C    8B45 F4         mov     eax, dword ptr [ebp-C]
0056466F    C1E8 15         shr     eax, 15
00564672    83E0 02         and     eax, 2
00564675    0BD0            or      edx, eax
00564677    8B4D 08         mov     ecx, dword ptr [ebp+8]
0056467A    8911            mov     dword ptr [ecx], edx
0056467C    8B55 08         mov     edx, dword ptr [ebp+8]
0056467F    83C2 04         add     edx, 4
00564682    8955 08         mov     dword ptr [ebp+8], edx
00564685  ^ E9 32FDFFFF     jmp     005643BC                         ; 循环?
0056468A    33C0            xor     eax, eax
0056468C    8BE5            mov     esp, ebp
0056468E    5D              pop     ebp
0056468F    C3              retn


[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 0
支持
分享
最新回复 (22)
雪    币: 214
活跃值: (46)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
2
恩,我看了。中文注释非常简练深邃而又有力。
2008-10-21 11:47
0
雪    币: 200
活跃值: (46)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
大哥别笑话我啦。。。
2008-10-21 11:49
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
这是个啥意思?
2008-10-21 14:20
0
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
唉。。。。。
2008-10-21 17:34
0
雪    币: 293
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
6
试一下IDA的Hex-Ray,可能分析起来方便一点。

int __cdecl sub_40101B(DWORD *a1, BYTE *a2)
{
  int v3; // edx@8
  unsigned int v4; // eax@8
  int v5; // ecx@8
  int v6; // edx@8
  int v7; // eax@8
  int v8; // ecx@8
  unsigned int v9; // edx@8
  int v10; // ecx@8
  int v11; // eax@8
  int v12; // edx@8
  int v13; // ecx@8
  unsigned int v14; // eax@8
  int v15; // edx@8
  int v16; // ecx@8
  unsigned int v17; // eax@8
  unsigned int v18; // [sp+0h] [bp-10h]@1
  DWORD v19; // [sp+4h] [bp-Ch]@1
  DWORD v20; // [sp+8h] [bp-8h]@1
  signed int round; // [sp+Ch] [bp-4h]@1

  v18 = 0xCCCCCCCCu;
  v19 = 0xCCCCCCCCu;
  v20 = 0xCCCCCCCCu;
  round = 0xCCCCCCCCu;
  v20 = *(a2 + 3) | (*(a2 + 2) << 8) | (*(a2 + 1) << 16) | (*a2 << 24);
  v19 = *(a2 + 7) | (*(a2 + 6) << 8) | (*(a2 + 5) << 16) | (*(a2 + 4) << 24);
  *(DWORD *)((char *)&v19 + 2) = (v20 ^ (v19 >> 4)) & 0xF0F0F0F;
  v20 ^= 0xCCCCCCCCu;
  v19 ^= 0xCCCCCCC0u;
  *(DWORD *)((char *)&v19 + 2) = (v20 ^ v19) & 0x10101010;
  v20 ^= 0xCCCCCCCCu;
  v19 ^= 0xCCCCCCCCu;
  v20 = 16 * dwTable_5D90F8[(v20 >> 29) & 0xF] | 32 * dwTable_5D90F8[(v20 >> 21) & 0xF] | (dwTable_5D90F8[(v20 >> 13) & 0xF] << 6) | (dwTable_5D90F8[(v20 >> 5) & 0xF] << 7) | dwTable_5D90F8[(v20 >> 24) & 0xF] | 2 * dwTable_5D90F8[(v20 >> 16) & 0xF] | 4 * dwTable_5D90F8[(v20 >> 8) & 0xF] | 8 * dwTable_5D90F8[v20 & 0xF];
  v19 = 16 * dwTable_5D9138[v19 >> 28] | 32 * dwTable_5D9138[(v19 >> 20) & 0xF] | (dwTable_5D9138[(unsigned __int16)((_WORD)v19 >> 12)] << 6) | (dwTable_5D9138[(unsigned __int8)((_BYTE)v19 >> 4)] << 7) | dwTable_5D9138[(v19 >> 25) & 0xF] | 2 * dwTable_5D9138[(v19 >> 17) & 0xF] | 4 * dwTable_5D9138[(v19 >> 9) & 0xF] | 8 * dwTable_5D9138[(v19 >> 1) & 0xF];
  v20 &= 0xFFFFFFFu;
  v19 &= 0xFFFFFFFu;
  round = 0;
  while ( round < 16 )
  {
    if ( round >= 2 && round != 8 && round != 15 )
    {
      v20 = ((v20 >> 26) | 4 * v20) & 0xFFFFFFF;
      v19 = ((v19 >> 26) | 4 * v19) & 0xFFFFFFF;
    }
    else
    {
      v20 = ((v20 >> 27) | 2 * v20) & 0xFFFFFFF;
      v19 = ((v19 >> 27) | 2 * v19) & 0xFFFFFFF;
    }
    v3 = v20 << 9;
    v4 = v20 >> 1;
    v5 = v4 & 0x100000 | v3 & 0x200000 | (v20 << 6) & 0x1000000 | (v20 << 18) & 0x2080000 | (v20 << 14) & 0x8000000 | (v20 << 28) & 0x10000000 | 16 * v20 & 0x24000000;
    v6 = v20 << 10;
    v7 = 4 * v20;
    v8 = v7 & 0x20000 | v6 & 0x40000 | v5;
    v9 = v20 >> 10;
    *a1 = (v19 >> 24) & 1 | (v19 >> 26) & 2 | (v19 >> 18) & 4 | (v19 >> 3) & 8 | (v19 >> 10) & 0x10 | (v19 >> 5) & 0x20 | v19 & 0x100 | (v19 >> 14) & 0x200 | (v19 >> 1) & 0x400 | ((_WORD)v19 << 6) & 0x800 | (v19 >> 4) & 0x1000 | (v19 >> 13) & 0x2000 | v9 & 0x10000 | v8;
    ++a1;
    v10 = v20 << 16;
    v11 = v20 << 11;
    v12 = v11 & 0x100000 | v10 & 0x200000 | 2 * v20 & 0x1000000 | (v20 >> 2) & 0x2000000 | (v20 << 22) & 0x4000000 | (v20 << 10) & 0x8000000 | (v20 << 17) & 0x10000000 | (v20 << 15) & 0x20000000;
    v13 = 8 * v20;
    v14 = v20 >> 6;
    v15 = v14 & 0x40000 | v13 & 0x80000 | v12;
    v16 = v20 << 15;
    v17 = v20 >> 4;
    *a1 = (v19 >> 21) & 2 | 4 * (_BYTE)v19 & 4 | (v19 >> 3) & 0x11 | (v19 >> 7) & 0x20 | ((_WORD)v19 << 7) & 0x100 | v19 & 0x200 | (v19 >> 9) & 0x400 | (v19 >> 14) & 0x808 | ((_WORD)v19 << 8) & 0x1000 | (v19 >> 2) & 0x2000 | v17 & 0x10000 | v16 & 0x20000 | v15;
    ++a1;
    ++round;
  }
  return 0;
}
2008-10-21 19:03
0
雪    币: 2110
活跃值: (21)
能力值: (RANK:260 )
在线值:
发帖
回帖
粉丝
7
我不敢确定

动态跟踪到这里时,看到1234567890abcdef fedcba0987654321这样的数没有?

用KANAL试试看。

有可能是某著名信息摘要算法。

我看过一个与这个不太一样但类似的,所以有点怀疑
我看的那个编译优化得高,除ESP外,所有寄存器都作运算了。

KANAL对方常见的加密算法识别很准。试过KANAL没准就知道了
2008-10-21 19:05
0
雪    币: 200
活跃值: (46)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
8
跟到这里没发现貌似密匙的内容....
V2.3 未找到已知的加密签名
2008-10-21 20:29
0
雪    币: 200
活跃值: (46)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
9
icersg
谢谢,我试试
2008-10-21 20:30
0
雪    币:
能力值: (RANK: )
在线值:
发帖
回帖
粉丝
10
感觉象DES.
把dwTable_5D9138和dwTable_5D90F8这两个表贴上来看看, 应该是0x40大小.
2008-10-21 20:52
0
雪    币: 200
活跃值: (46)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
11
实在不是我的能力之所及...
跟踪了一整天,快疯了,汇编知识不够,只发现程序将密文分成0x80每段处理,再按4位循环解一次,没能找到密钥和解密后的明文。

程序中读取一个加密过的INI配置文档 Dominator.dat。
哪位前辈能能帮忙分析出解密算法定当重谢。
上传的附件:
2008-10-21 22:18
0
雪    币: 204
活跃值: (13)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
12
应该是DES.查查10楼说的2张表的内容
2008-10-21 22:50
0
雪    币: 200
活跃值: (46)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
13
IDA查么?
2008-10-21 23:01
0
雪    币: 204
活跃值: (13)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
14
运行od到这些代码附近,然后在数据区找到表的地址,把数据复制出来就ok了.
2008-10-22 00:05
0
雪    币: 200
活跃值: (46)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
15
这个代码运行了好几次,我试试
2008-10-22 00:11
0
雪    币: 200
活跃值: (46)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
16
005D90D8  40 10 04 10 00 10 04 00 00 10 04 00 40 10 00 00  @....@..
005D90E8  40 10 00 00 40 00 04 00 00 00 00 10 00 10 04 10  @..@......

005D90F8  00 00 00 00 01 00 00 00 00 01 00 00 01 01 00 00  ............
005D9108  00 00 01 00 01 00 01 00 00 01 01 00 01 01 01 00  ........
005D9118  00 00 00 01 01 00 00 01 00 01 00 01 01 01 00 01  ........
005D9128  00 00 01 01 01 00 01 01 00 01 01 01 01 01 01 01  ....
005D9138  00 00 00 00 00 00 00 01 00 00 01 00 00 00 01 01  ............
005D9148  00 01 00 00 00 01 00 01 00 01 01 00 00 01 01 01  ........
005D9158  01 00 00 00 01 00 00 01 01 00 01 00 01 00 01 01  ........
005D9168  01 01 00 00 01 01 00 01 01 01 01 00 01 01 01 01  ....

005D9178  17 5A 25 57 A5 10 02 07 18 72 97 EE 94 A4 A6 AD  Z%W?r楊敜Ν
005D9188  19 8B 23 12 A6 4B F1 9F 2F BA DD EF 96 E1 D3 73  ?駸/狠飽嵊s

确实是0x40大小,合起来0x80
这个CALL每次处理完密文也刚好是0x80

能确定是DES?那密钥应该怎么找?
2008-10-22 00:18
0
雪    币: 8209
活跃值: (4518)
能力值: ( LV15,RANK:2473 )
在线值:
发帖
回帖
粉丝
17
什么算法都不了解的话,是有点不好搞的

楼主不如先把DES的原理学习一下,并顺便试验一下
然后再与这个的实际问题对比分析,相信会有所收获的
2008-10-22 08:48
0
雪    币: 200
活跃值: (46)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
18
谢谢ccfer,临时抱佛脚把DES的资料看了几遍。

DES是64位明文,64位密钥按规则移位,16次迭加。

64位正好是0x40大小,我可以把上面005D90F8和005D9138理解为子密钥么?
2008-10-22 12:01
0
雪    币: 200
活跃值: (46)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
19
又是一天,白点蜡,出血请大大帮忙解此题。。。哪位菩萨恩公有时间请Q我,1029637099
2008-10-22 18:31
0
雪    币:
能力值: (RANK: )
在线值:
发帖
回帖
粉丝
20
如果是DES的话, 贴出的这一段并不是全部, 应该只是最后一步. 005D90F8之前还有N个0x40大小的表呢.
另外, 看到xEngine.dll里有 "LZO real-time data compression library." 这样的字符串, 于是很XE的猜想那个所谓"加密过的INI配置文档" Dominator.dat, 可能只是简单的用LZO压缩过的.
2008-10-22 21:28
0
雪    币: 200
活跃值: (46)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
21
应该是对称算法.上一版本明文的INI我是有的,SIZE差不多.另外LZO可能是通信用途.
我能QQ和您聊一聊么
2008-10-22 22:40
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
22
IDA有这么好用吗?我好像不怎么会用。呵呵
2008-10-22 23:48
0
雪    币: 200
活跃值: (46)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
23
没人可以解么?
2008-10-23 21:05
0
游客
登录 | 注册 方可回帖
返回
//