-
-
BC++程序逆向
-
发表于: 2009-7-3 23:23
-
程序无壳 BC++写的 无需注册
问题的关键就在于一部分数据的计算处理。读取一个配置文件,然后保存文件,软件会根据配置信息算出后面的32字节数据(现在的问题是不算了 始终是0),现在就想搞清楚怎么算出来的……
关键代码
附件是源程序及说明和我分析的udd文件
算法分析.rar
问题的关键就在于一部分数据的计算处理。读取一个配置文件,然后保存文件,软件会根据配置信息算出后面的32字节数据(现在的问题是不算了 始终是0),现在就想搞清楚怎么算出来的……
关键代码
00408114 /. 55 push ebp ; to file按钮事件(保存文件)
00408115 |. 8BEC mov ebp,esp
00408117 |. 83C4 CC add esp,-34
0040811A |. 53 push ebx
0040811B |. 56 push esi
0040811C |. 8BD8 mov ebx,eax
0040811E |. B8 B4BB4700 mov eax,ReadEE.0047BBB4
00408123 |. E8 004A0600 call ReadEE.0046CB28
00408128 |. 53 push ebx
00408129 |. E8 F2D7FFFF call ReadEE.00405920 ; 读取内容(个人认为数据的处理就在此,但能力有限,分析不出来)
0040812E |. 59 pop ecx
0040812F |. 84C0 test al,al
00408131 |. 75 2E jnz short ReadEE.00408161
00408133 |. A1 74154800 mov eax,dword ptr ds:[481574]
00408138 |. 6A 34 push 34
0040813A |. B9 51A24700 mov ecx,ReadEE.0047A251
0040813F |. BA 38A24700 mov edx,ReadEE.0047A238 ; ASCII "Continue saving to file?"
00408144 |. 8B00 mov eax,dword ptr ds:[eax]
00408146 |. E8 89F00600 call ReadEE.004771D4
0040814B |. 83F8 07 cmp eax,7
0040814E |. 75 11 jnz short ReadEE.00408161
00408150 |. 8B55 D4 mov edx,[local.11]
00408153 |. 64:8915 00000>mov dword ptr fs:[0],edx
0040815A |. 8BC2 mov eax,edx
0040815C |. E9 E6000000 jmp ReadEE.00408247
00408161 |> 8B83 74050000 mov eax,dword ptr ds:[ebx+574]
00408167 |. 8B10 mov edx,dword ptr ds:[eax]
00408169 |. FF52 3C call dword ptr ds:[edx+3C] ; 弹出保存对话框
0040816C |. 84C0 test al,al
0040816E |. 0F84 C9000000 je ReadEE.0040823D
00408174 |. 66:C745 E4 14>mov word ptr ss:[ebp-1C],14
0040817A |. 33C9 xor ecx,ecx
0040817C |. 894D FC mov [local.1],ecx
0040817F |. 8D55 FC lea edx,[local.1]
00408182 |. FF45 F0 inc [local.4]
00408185 |. 8B83 74050000 mov eax,dword ptr ds:[ebx+574]
0040818B |. E8 201E0500 call ReadEE.00459FB0 ; 获取窗口句柄
00408190 |. 8D45 FC lea eax,[local.1]
00408193 |. 8B00 mov eax,dword ptr ds:[eax]
00408195 |. E8 06220100 call ReadEE.0041A3A0 ; 创建文件
0040819A |. 8BF0 mov esi,eax
0040819C |. FF4D F0 dec [local.4]
0040819F |. 8D45 FC lea eax,[local.1]
004081A2 |. BA 02000000 mov edx,2
004081A7 |. E8 94F10600 call ReadEE.00477340
004081AC |. 66:C745 E4 08>mov word ptr ss:[ebp-1C],8
004081B2 |. C645 D3 55 mov byte ptr ss:[ebp-2D],55
004081B6 |. 8D4D CC lea ecx,[local.13]
004081B9 |. 51 push ecx
004081BA |. E8 19B30600 call ReadEE.004734D8
004081BF |. 59 pop ecx
004081C0 |. 8D55 D3 lea edx,dword ptr ss:[ebp-2D]
004081C3 |. B9 01000000 mov ecx,1
004081C8 |. 8BC6 mov eax,esi
004081CA |. E8 29220100 call ReadEE.0041A3F8 ; 写入第一字节
004081CF |. 8D55 CC lea edx,[local.13]
004081D2 |. B9 04000000 mov ecx,4
004081D7 |. 8BC6 mov eax,esi
004081D9 |. E8 1A220100 call ReadEE.0041A3F8 ; 写入4字节
004081DE |. 8D93 80050000 lea edx,dword ptr ds:[ebx+580]
004081E4 |. B9 80000000 mov ecx,80
004081E9 |. 8BC6 mov eax,esi
004081EB |. E8 08220100 call ReadEE.0041A3F8 ; 写入128字节
004081F0 |. C645 D3 AA mov byte ptr ss:[ebp-2D],0AA
004081F4 |. 8D55 D3 lea edx,dword ptr ss:[ebp-2D]
004081F7 |. B9 01000000 mov ecx,1
004081FC |. 8BC6 mov eax,esi
004081FE |. E8 F5210100 call ReadEE.0041A3F8 ; 写入1字节
00408203 |. 8BC6 mov eax,esi
00408205 |. E8 5E220100 call ReadEE.0041A468 ; 关闭文件
0040820A |. 66:C745 E4 20>mov word ptr ss:[ebp-1C],20
00408210 |. BA 52A24700 mov edx,ReadEE.0047A252 ; ASCII "Write to file OK!"
00408215 |. 8D45 F8 lea eax,[local.2]
00408218 |. E8 C7EF0600 call ReadEE.004771E4
0040821D |. FF45 F0 inc [local.4]
00408220 |. 8B00 mov eax,dword ptr ds:[eax]
00408222 |. E8 B12B0500 call ReadEE.0045ADD8
00408227 |. FF4D F0 dec [local.4]
0040822A |. 8D45 F8 lea eax,[local.2]
0040822D |. BA 02000000 mov edx,2
00408232 |. E8 09F10600 call ReadEE.00477340
00408237 |. 66:C745 E4 00>mov word ptr ss:[ebp-1C],0
0040823D |> 8B4D D4 mov ecx,[local.11]
00408240 |. 64:890D 00000>mov dword ptr fs:[0],ecx
00408247 |> 5E pop esi
00408248 |. 5B pop ebx
00408249 |. 8BE5 mov esp,ebp
0040824B |. 5D pop ebp
0040824C \. C3 retn
附件是源程序及说明和我分析的udd文件
算法分析.rar
