[求助]帮忙给下面的汇编做些解释，谢谢-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]帮忙给下面的汇编做些解释，谢谢 0.00雪花

发表于: 2009-3-30 07:09 2266

[旧帖] [求助]帮忙给下面的汇编做些解释，谢谢 0.00雪花

yoyoaa

2009-3-30 07:09

2266

刚学破解不久，对于汇编的一些语句还不是很熟悉，希望高手们能帮忙，把下面的句子做些解释。谢谢
00401EEF  /.  55          push ebp
00401EF0  |.  8BEC       mov ebp,esp
00401EF2  |.  83EC 24    sub esp,24
00401EF5  |.  57          push edi
00401EF6  |.  A1 34D34400 mov eax,dword ptr ds:[44D334]
00401EFB  |.  8945 E0    mov [local.8],eax
00401EFE  |.  B9 07000000 mov ecx,7
00401F03  |.  33C0       xor eax,eax
00401F05  |.  8D7D E4    lea edi,[local.7]
00401F08  |.  F3:AB       rep stos dword ptr es:[edi]
00401F0A  |.  8B4D 0C    mov ecx,[arg.2]
00401F0D  |.  894D DC    mov [local.9],ecx
00401F10  |.  837D DC 00 cmp [local.9],0
00401F14  |.  0F84 F6000000 je 外挂.00402010  //JE改JMP就可以出现提示激活成功，但是实际并没有成功，似乎在其他地方也做了验证，所以需要在这些代码里找出存放注册码的位置。找了半天没找出来，发出来，请大家帮帮忙。00401F1A  |.  837D DC 01 cmp [local.9],1
00401F1E  |.  74 05       je short 外挂.00401F25
00401F20  |.  E9 57010000 jmp 外挂.0040207C
00401F25  |>  6A 01       push 1                                  ; /NewValue = 1
00401F27  |.  68 BC2E4500 push 外挂.00452EBC                ; |pTarget = 外挂.00452EBC
00401F2C  |.  FF15 24F34300 call dword ptr ds:[<&kernel32.Interlocke>; \InterlockedExchange
00401F32  |.  8B15 542C4500 mov edx,dword ptr ds:[452C54]
00401F38  |.  81C2 000B0000 add edx,0B00
00401F3E  |.  52          push edx
00401F3F  |.  68 38D34400 push 外挂.0044D338                ;  激活成功，感谢支持
00401F44  |.  8D45 E0    lea eax,[local.8]
00401F47  |.  50          push eax
00401F48  |.  E8 9E670100 call 外挂.004186EB
00401F4D  |.  83C4 0C    add esp,0C
00401F50  |.  8D4D E0    lea ecx,[local.8]
00401F53  |.  51          push ecx
00401F54  |.  E8 17670100 call 外挂.00418670
00401F59  |.  83C4 04    add esp,4
00401F5C  |.  83F8 08    cmp eax,8
00401F5F  |.  76 46       jbe short 外挂.00401FA7
00401F61  |.  8D55 E0    lea edx,[local.8]
00401F64  |.  52          push edx
00401F65  |.  E8 06670100 call 外挂.00418670
00401F6A  |.  83C4 04    add esp,4
00401F6D  |.  C64405 DB 2A  mov byte ptr ss:[ebp+eax-25],2A
00401F72  |.  8D45 E0    lea eax,[local.8]
00401F75  |.  50          push eax
00401F76  |.  E8 F5660100 call 外挂.00418670
00401F7B  |.  83C4 04    add esp,4
00401F7E  |.  C64405 DA 2A  mov byte ptr ss:[ebp+eax-26],2A
00401F83  |.  8D4D E0    lea ecx,[local.8]
00401F86  |.  51          push ecx
00401F87  |.  E8 E4660100 call 外挂.00418670
00401F8C  |.  83C4 04    add esp,4
00401F8F  |.  C64405 D9 2A  mov byte ptr ss:[ebp+eax-27],2A
00401F94  |.  8D55 E0    lea edx,[local.8]
00401F97  |.  52          push edx
00401F98  |.  E8 D3660100 call 外挂.00418670
00401F9D  |.  83C4 04    add esp,4
00401FA0  |.  C64405 D8 2A  mov byte ptr ss:[ebp+eax-28],2A
00401FA5  |.  EB 22       jmp short 外挂.00401FC9
00401FA7  |>  8D45 E0    lea eax,[local.8]
00401FAA  |.  50          push eax
00401FAB  |.  E8 C0660100 call 外挂.00418670
00401FB0  |.  83C4 04    add esp,4
00401FB3  |.  C64405 DE 2A  mov byte ptr ss:[ebp+eax-22],2A
00401FB8  |.  8D4D E0    lea ecx,[local.8]
00401FBB  |.  51          push ecx
00401FBC  |.  E8 AF660100 call 外挂.00418670
00401FC1  |.  83C4 04    add esp,4
00401FC4  |.  C64405 DD 2A  mov byte ptr ss:[ebp+eax-23],2A
00401FC9  |>  8D55 E0    lea edx,[local.8]
00401FCC  |.  52          push edx
00401FCD  |.  8B0D C02E4500 mov ecx,dword ptr ds:[452EC0]
00401FD3  |.  81C1 1C090000 add ecx,91C
00401FD9  |.  E8 2FEC0200 call 外挂.00430C0D
00401FDE  |.  6A 00       push 0
00401FE0  |.  8B0D C02E4500 mov ecx,dword ptr ds:[452EC0]
00401FE6  |.  81C1 1C090000 add ecx,91C
00401FEC  |.  E8 88ED0200 call 外挂.00430D79
00401FF1  |.  837D 10 00 cmp [arg.3],0
00401FF5  |.  74 14       je short 外挂.0040200B
00401FF7  |.  6A 00       push 0
00401FF9  |.  68 40D34400 push 外挂.0044D340
00401FFE  |.  68 54D34400 push 外挂.0044D354
00402003  |.  8B4D 08    mov ecx,[arg.1]
00402006  |.  E8 EA090300 call 外挂.004329F5
0040200B  |>  E9 9C000000 jmp 外挂.004020AC
00402010  |>  6A 01       push 1                                  ; /NewValue = 1
00402012  |.  68 BC2E4500 push 外挂.00452EBC                ; |pTarget = 外挂.00452EBC
00402017  |.  FF15 24F34300 call dword ptr ds:[<&kernel32.Interlocke>; \InterlockedExchange
0040201D  |.  6A 00       push 0
0040201F  |.  6A 00       push 0
00402021  |.  68 00000010 push 10000000
00402026  |.  8B0D C02E4500 mov ecx,dword ptr ds:[452EC0]
0040202C  |.  81C1 1C090000 add ecx,91C
00402032  |.  E8 74EB0200 call 外挂.00430BAB
00402037  |.  6A 00       push 0
00402039  |.  8B0D C02E4500 mov ecx,dword ptr ds:[452EC0]
0040203F  |.  81C1 F40C0000 add ecx,0CF4
00402045  |.  E8 2FED0200 call 外挂.00430D79
0040204A  |.  68 78D34400 push 外挂.0044D378
0040204F  |.  8B0D C02E4500 mov ecx,dword ptr ds:[452EC0]
00402055  |.  81C1 F40C0000 add ecx,0CF4
0040205B  |.  E8 ADEB0200 call 外挂.00430C0D
00402060  |.  837D 10 00 cmp [arg.3],0
00402064  |.  74 14       je short 外挂.0040207A
00402066  |.  6A 00       push 0
00402068  |.  68 88D34400 push 外挂.0044D388                ;  激活成功
0040206D  |.  68 9CD34400 push 外挂.0044D39C
00402072  |.  8B4D 08    mov ecx,[arg.1]
00402075  |.  E8 7B090300 call 外挂.004329F5
0040207A  |>  EB 30       jmp short 外挂.004020AC
0040207C  |>  837D 10 00 cmp [arg.3],0
00402080  |.  74 16       je short 外挂.00402098
00402082  |.  6A 00       push 0
00402084  |.  68 C0D34400 push 外挂.0044D3C0
00402089  |.  68 D4D34400 push 外挂.0044D3D4
0040208E  |.  8B4D 08    mov ecx,[arg.1]
00402091  |.  E8 5F090300 call 外挂.004329F5
00402096  |.  EB 14       jmp short 外挂.004020AC
00402098  |>  6A 00       push 0
0040209A  |.  68 ECD34400 push 外挂.0044D3EC                ;  未激活
0040209F  |.  68 00D44400 push 外挂.0044D400                ;  未激活可免费使用部分功能
004020A4  |.  8B4D 08    mov ecx,[arg.1]
004020A7  |.  E8 49090300 call 外挂.004329F5
004020AC  |>  5F          pop edi
004020AD  |.  8BE5       mov esp,ebp
004020AF  |.  5D          pop ebp
004020B0  \.  C3          retn

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・0

免费・0

支持