由于逆向技术太白菜。所以要多练习。本文是以软件的算法分析,没什么技术含量。纯属小菜练手。高手飘过吧。
CODE:0055176C _TFrmRegPass_Button1Click proc near ; CODE XREF: _TFrmRegPass_Edit1KeyPress+5p
CODE:0055176C ; DATA XREF: CODE:00551697o
CODE:0055176C
CODE:0055176C var_24 = dword ptr -24h
CODE:0055176C pszInputKey = dword ptr -20h
CODE:0055176C pszMachineId = dword ptr -1Ch
CODE:0055176C pAryTempKey_1 = byte ptr -18h
CODE:0055176C pszTempKey_2 = dword ptr -8
CODE:0055176C pszRealKey = dword ptr -4
CODE:0055176C
CODE:0055176C push ebp
CODE:0055176D mov ebp, esp
CODE:0055176F mov ecx, 4
CODE:00551774
CODE:00551774 loc_551774: ; CODE XREF: _TFrmRegPass_Button1Click+Dj
CODE:00551774 push 0
CODE:00551776 push 0
CODE:00551778 dec ecx
CODE:00551779 jnz short loc_551774
CODE:0055177B push ecx
CODE:0055177C push ebx
CODE:0055177D mov ebx, eax
CODE:0055177F xor eax, eax
CODE:00551781 push ebp
CODE:00551782 push offset loc_551837 ; 异常处理
CODE:00551787 push dword ptr fs:[eax]
CODE:0055178A mov fs:[eax], esp
CODE:0055178D lea eax, [ebp+pszMachineId]
CODE:00551790 call __get_machine_id ; 获得文本框的硬件ID
CODE:00551795 mov eax, [ebp+pszMachineId] ; 传入参数
CODE:00551798 lea edx, [ebp+pAryTempKey_1] ; 传出参数
CODE:0055179B call __account_key_1 ; 第一次key计算
CODE:005517A0 lea eax, [ebp+pAryTempKey_1] ; IN
CODE:005517A3 lea edx, [ebp+pszTempKey_2] ; OUT
CODE:005517A6 call __account_key_2 ; 第二次是把第一次计算得到的int n[4]数组转成字符串
CODE:005517AB mov eax, [ebp+pszTempKey_2] ; IN
CODE:005517AE lea edx, [ebp+pszRealKey] ; OUT
CODE:005517B1 call __account_key_3 ; 最终注册码
CODE:005517B6 lea edx, [ebp+pszInputKey]
CODE:005517B9 mov eax, [ebx+304h]
CODE:005517BF call __get_user_input ; 获得用户输入
CODE:005517C4 mov eax, [ebp+pszInputKey]
CODE:005517C7 mov edx, [ebp+pszRealKey]
CODE:005517CA call __strcmp ; 假码和真码比较
CODE:005517CF jnz short Jmp_To_False
CODE:005517D1 mov eax, offset _str_________________4.Text
CODE:005517D6 call __Dialogs_ShowMessage
CODE:005517DB lea edx, [ebp+var_24]
CODE:005517DE mov eax, [ebx+304h]
CODE:005517E4 call __get_user_input
CODE:005517E9 mov eax, [ebp+var_24]
CODE:005517EC call @TIdTCPConnection@GetInternalResponse_0 ; TIdTCPConnection::GetInternalResponse
CODE:005517F1 mov dword ptr [ebx+24Ch], 1
CODE:005517FB jmp short loc_551807
CODE:005517FD ; ---------------------------------------------------------------------------
CODE:005517FD
CODE:005517FD Jmp_To_False: ; CODE XREF: _TFrmRegPass_Button1Click+63j
CODE:005517FD mov eax, offset _str___________.Text
CODE:00551802 call __Dialogs_ShowMessage
CODE:00551807
CODE:00551807 loc_551807: ; CODE XREF: _TFrmRegPass_Button1Click+8Fj
CODE:00551807 xor eax, eax
CODE:00551809 pop edx
CODE:0055180A pop ecx
CODE:0055180B pop ecx
CODE:0055180C mov fs:[eax], edx
CODE:0055180F push offset loc_55183E
CODE:00551814
CODE:00551814 loc_551814: ; CODE XREF: _TFrmRegPass_Button1Click+D0j
CODE:00551814 lea eax, [ebp+var_24]
CODE:00551817 mov edx, 2
CODE:0055181C call __LStrArrayClr
CODE:00551821 lea eax, [ebp+pszMachineId]
CODE:00551824 call __LStrClr
CODE:00551829 lea eax, [ebp+pszTempKey_2]
CODE:0055182C mov edx, 2
CODE:00551831 call __LStrArrayClr
CODE:00551836 retn
CODE:00551837 ; ---------------------------------------------------------------------------
CODE:00551837
CODE:00551837 loc_551837: ; DATA XREF: _TFrmRegPass_Button1Click+16o
CODE:00551837 jmp unknown_libname_75 ; BDS 2005-2006 and Delphi6-7 Visual Component Library
CODE:0055183C ; ---------------------------------------------------------------------------
CODE:0055183C jmp short loc_551814
CODE:0055183E ; ---------------------------------------------------------------------------
CODE:0055183E
CODE:0055183E loc_55183E: ; CODE XREF: _TFrmRegPass_Button1Click+CAj
CODE:0055183E ; DATA XREF: _TFrmRegPass_Button1Click+A3o
CODE:0055183E pop ebx
CODE:0055183F mov esp, ebp
CODE:00551841 pop ebp
CODE:00551842 retn
CODE:00551842 _TFrmRegPass_Button1Click endp
void Account_Key(string sId,string& sRealKey)
{
int nAry[16] = {0};
Account_Key_1(sId, nAry);
string si2a;
Account_Key_2(si2a,(char*)&nAry);
Account_Key_3(sRealKey,si2a);
}
CODE:0054C80C __account_key_1 proc near ; CODE XREF: sub_54DE3C+39p
CODE:0054C80C ; _TFrmRegPass_Button1Click+2Fp
CODE:0054C80C
CODE:0054C80C stMachine = byte ptr -5Ch
CODE:0054C80C pszInStr = dword ptr -4
CODE:0054C80C
CODE:0054C80C push ebp
CODE:0054C80D mov ebp, esp
CODE:0054C80F add esp, 0FFFFFFA4h
CODE:0054C812 push ebx
CODE:0054C813 mov ebx, edx ; pOut
CODE:0054C815 mov [ebp+pszInStr], eax
CODE:0054C818 mov eax, [ebp+pszInStr]
CODE:0054C81B call __LStrAddRef ; 引用计数
CODE:0054C820 xor eax, eax
CODE:0054C822 push ebp
CODE:0054C823 push offset loc_54C872 ; 注册异常函数
CODE:0054C828 push dword ptr fs:[eax]
CODE:0054C82B mov fs:[eax], esp
CODE:0054C82E lea eax, [ebp+stMachine]
CODE:0054C831 call __Struct_Init ; st_machine结构体初始化 = {0x61234509,0xEFCD5B89,0x13BA7CFE,0x18325476,0,0,""}
CODE:0054C836 mov eax, [ebp+pszInStr]
CODE:0054C839 call __get_str_lenth ; delphi字符串格式是:字符串长度+字符串
CODE:0054C83E push eax ; string lenth
CODE:0054C83F mov eax, [ebp+pszInStr]
CODE:0054C842 call __LStrToPChar
CODE:0054C847 mov edx, eax
CODE:0054C849 lea eax, [ebp+stMachine]
CODE:0054C84C pop ecx ; 字符串的长度
CODE:0054C84D call __Struct_Edit_1 ; 结构体中数据运算
CODE:0054C852 mov edx, ebx
CODE:0054C854 lea eax, [ebp+stMachine]
CODE:0054C857 call __Matrix_Account ; 第一次返回的key的计算函数
CODE:0054C85C xor eax, eax
CODE:0054C85E pop edx
CODE:0054C85F pop ecx
CODE:0054C860 pop ecx
CODE:0054C861 mov fs:[eax], edx
CODE:0054C864 push offset loc_54C879
CODE:0054C869
CODE:0054C869 loc_54C869: ; CODE XREF: __account_key_1+6Bj
CODE:0054C869 lea eax, [ebp+pszInStr]
CODE:0054C86C call __LStrClr
CODE:0054C871 retn
CODE:0054C872 ; ---------------------------------------------------------------------------
CODE:0054C872
CODE:0054C872 loc_54C872: ; DATA XREF: __account_key_1+17o
CODE:0054C872 jmp unknown_libname_75 ; BDS 2005-2006 and Delphi6-7 Visual Component Library
CODE:0054C877 ; ---------------------------------------------------------------------------
CODE:0054C877 jmp short loc_54C869
CODE:0054C879 ; ---------------------------------------------------------------------------
CODE:0054C879
CODE:0054C879 loc_54C879: ; CODE XREF: __account_key_1+65j
CODE:0054C879 ; DATA XREF: __account_key_1+58o
CODE:0054C879 pop ebx
CODE:0054C87A mov esp, ebp
CODE:0054C87C pop ebp
CODE:0054C87D retn
CODE:0054C87D __account_key_1 endp
void Account_Key_1(string sId, int* pAry)
{
//初始化结构体
tagKey stKey = {0x61234509,0xEFCD5B89,0x13BA7CFE,0x18325476,0,0,""};
int nLenth = sId.length();
Struct_Edit_1((char*)&stKey,(char*)sId.c_str(),nLenth);
Matrix_Account(stKey,pAry);
memcpy(pAry, &stKey, 16);
}
CODE:0054C880 __account_key_2 proc near ; CODE XREF: sub_54DE3C+44p
CODE:0054C880 ; _TFrmRegPass_Button1Click+3Ap
CODE:0054C880
CODE:0054C880 var_18 = dword ptr -18h
CODE:0054C880 var_14 = dword ptr -14h
CODE:0054C880 pnAry = byte ptr -10h
CODE:0054C880
CODE:0054C880 push ebp
CODE:0054C881 mov ebp, esp
CODE:0054C883 add esp, 0FFFFFFE8h
CODE:0054C886 push ebx
CODE:0054C887 push esi
CODE:0054C888 push edi
CODE:0054C889 xor ecx, ecx
CODE:0054C88B mov [ebp+var_14], ecx
CODE:0054C88E mov [ebp+var_18], ecx
CODE:0054C891 mov esi, eax
CODE:0054C893 lea edi, [ebp+pnAry]
CODE:0054C896 movsd ; 数组拷贝
CODE:0054C897 movsd ; dword ptr:[esi] -> dword ptr:[edi]
CODE:0054C898 movsd
CODE:0054C899 movsd
CODE:0054C89A mov edi, edx
CODE:0054C89C xor eax, eax
CODE:0054C89E push ebp
CODE:0054C89F push offset loc_54C91B ; int
CODE:0054C8A4 push dword ptr fs:[eax] ; int
CODE:0054C8A7 mov fs:[eax], esp
CODE:0054C8AA mov eax, edi
CODE:0054C8AC call __LStrClr
CODE:0054C8B1 mov bl, 10h
CODE:0054C8B3 lea esi, [ebp+pnAry] ;
CODE:0054C8B3 ; do
CODE:0054C8B3 ; {
CODE:0054C8B3 ; }while(--16)
CODE:0054C8B6
CODE:0054C8B6 loc_54C8B6: ; CODE XREF: __account_key_2+7Ej
CODE:0054C8B6 push dword ptr [edi] ; int to string; int数组转成字符串
CODE:0054C8B8 lea eax, [ebp+var_14]
CODE:0054C8BB xor edx, edx
CODE:0054C8BD mov dl, [esi]
CODE:0054C8BF shr edx, 4
CODE:0054C8C2 and edx, 0Fh
CODE:0054C8C5 mov dl, ds:byte_557F54[edx]
CODE:0054C8CB call __itoa ; BDS 2005-2006 and Delphi6-7 Visual Component Library
CODE:0054C8D0 push [ebp+var_14] ; int
CODE:0054C8D3 lea eax, [ebp+var_18]
CODE:0054C8D6 mov dl, [esi]
CODE:0054C8D8 and dl, 0Fh
CODE:0054C8DB and edx, 0FFh
CODE:0054C8E1 mov dl, ds:byte_557F54[edx]
CODE:0054C8E7 call __itoa ; BDS 2005-2006 and Delphi6-7 Visual Component Library
CODE:0054C8EC push [ebp+var_18]
CODE:0054C8EF mov eax, edi
CODE:0054C8F1 mov edx, 3
CODE:0054C8F6 call __strcat ;字符串连接
CODE:0054C8FB inc esi
CODE:0054C8FC dec bl
CODE:0054C8FE jnz short loc_54C8B6
CODE:0054C900 xor eax, eax
CODE:0054C902 pop edx
CODE:0054C903 pop ecx
CODE:0054C904 pop ecx
CODE:0054C905 mov fs:[eax], edx
CODE:0054C908 push offset loc_54C922
CODE:0054C90D
CODE:0054C90D loc_54C90D: ; CODE XREF: __account_key_2+A0j
CODE:0054C90D lea eax, [ebp+var_18]
CODE:0054C910 mov edx, 2
CODE:0054C915 call __LStrArrayClr
CODE:0054C91A retn
CODE:0054C91B ; ---------------------------------------------------------------------------
CODE:0054C91B
CODE:0054C91B loc_54C91B: ; DATA XREF: __account_key_2+1Fo
CODE:0054C91B jmp unknown_libname_75 ; BDS 2005-2006 and Delphi6-7 Visual Component Library
CODE:0054C920 ; ---------------------------------------------------------------------------
CODE:0054C920 jmp short loc_54C90D
CODE:0054C922 ; ---------------------------------------------------------------------------
CODE:0054C922
CODE:0054C922 loc_54C922: ; CODE XREF: __account_key_2+9Aj
CODE:0054C922 ; DATA XREF: __account_key_2+88o
CODE:0054C922 pop edi
CODE:0054C923 pop esi
CODE:0054C924 pop ebx
CODE:0054C925 mov esp, ebp
CODE:0054C927 pop ebp
CODE:0054C928 retn
CODE:0054C928 __account_key_2 endp
void Account_Key_2(string& sKey, char* pAry)
{
for (int n = 0; n < 16; n++)
{
char buffer[5] = {0};
//itoa(unsigned char(pAry[n]),buffer,16);
sprintf_s(buffer,"%02x",unsigned char(pAry[n]));
sKey += buffer;
}
}
CODE:0054D3FC __account_key_3 proc near ; CODE XREF: sub_54DE3C+4Fp
CODE:0054D3FC ; _TFrmRegPass_Button1Click+45p
CODE:0054D3FC
CODE:0054D3FC var_C = dword ptr -0Ch
CODE:0054D3FC pszTempBuffer = dword ptr -8
CODE:0054D3FC pszInStr = dword ptr -4
CODE:0054D3FC
CODE:0054D3FC push ebp
CODE:0054D3FD mov ebp, esp
CODE:0054D3FF push 0
CODE:0054D401 push 0
CODE:0054D403 push 0
CODE:0054D405 push ebx
CODE:0054D406 push esi
CODE:0054D407 push edi
CODE:0054D408 mov edi, edx
CODE:0054D40A mov [ebp+pszInStr], eax
CODE:0054D40D mov eax, [ebp+pszInStr]
CODE:0054D410 call __LStrAddRef
CODE:0054D415 xor eax, eax
CODE:0054D417 push ebp ; int
CODE:0054D418 push offset loc_54D4AF ; char *
CODE:0054D41D push dword ptr fs:[eax] ; int
CODE:0054D420 mov fs:[eax], esp
CODE:0054D423 lea edx, [ebp+pszTempBuffer]
CODE:0054D426 mov eax, [ebp+pszInStr]
CODE:0054D429 call __clean_letter_from_str ; 去除字符串中的字母(a b c d e f)
CODE:0054D42E mov edx, [ebp+pszTempBuffer]
CODE:0054D431 lea eax, [ebp+pszInStr]
CODE:0054D434 call __LStrLAsg ; eax中字符串和edx做交换
CODE:0054D439 mov eax, edi
CODE:0054D43B call __LStrClr
CODE:0054D440 mov eax, [ebp+pszInStr]
CODE:0054D443 call __get_str_lenth
CODE:0054D448 mov esi, eax
CODE:0054D44A test esi, esi
CODE:0054D44C jle short loc_54D482
CODE:0054D44E mov ebx, 1 ;
CODE:0054D44E ; do
CODE:0054D44E ; {
CODE:0054D44E ; //key算法
CODE:0054D44E ; }while(--string_lenth)
CODE:0054D453
CODE:0054D453 loc_54D453: ; CODE XREF: __account_key_3+84j
CODE:0054D453 mov eax, ebx
CODE:0054D455 and eax, 80000001h ; % 2
CODE:0054D45A jns short loc_54D461
CODE:0054D45C dec eax
CODE:0054D45D or eax, 0FFFFFFFEh
CODE:0054D460 inc eax
CODE:0054D461
CODE:0054D461 loc_54D461: ; CODE XREF: __account_key_3+5Ej
CODE:0054D461 test eax, eax
CODE:0054D463 jnz short loc_54D47E ; % 2不等于0则跳
CODE:0054D465 lea eax, [ebp+var_C]
CODE:0054D468 mov edx, [ebp+pszInStr]
CODE:0054D46B mov dl, [edx+ebx-1]
CODE:0054D46F call __itoa ; BDS 2005-2006 and Delphi6-7 Visual Component Library
CODE:0054D474 mov edx, [ebp+var_C]
CODE:0054D477 mov eax, edi
CODE:0054D479 call __LStrCat
CODE:0054D47E
CODE:0054D47E loc_54D47E: ; CODE XREF: __account_key_3+67j
CODE:0054D47E inc ebx
CODE:0054D47F dec esi
CODE:0054D480 jnz short loc_54D453
CODE:0054D482
CODE:0054D482 loc_54D482: ; CODE XREF: __account_key_3+50j
CODE:0054D482 push edi
CODE:0054D483 mov eax, [edi]
CODE:0054D485 mov ecx, 0Ch
CODE:0054D48A mov edx, 1
CODE:0054D48F call __LStrCopy
CODE:0054D494 xor eax, eax
CODE:0054D496 pop edx
CODE:0054D497 pop ecx
CODE:0054D498 pop ecx
CODE:0054D499 mov fs:[eax], edx
CODE:0054D49C push offset loc_54D4B6
CODE:0054D4A1
CODE:0054D4A1 loc_54D4A1: ; CODE XREF: __account_key_3+B8j
CODE:0054D4A1 lea eax, [ebp+var_C]
CODE:0054D4A4 mov edx, 3
CODE:0054D4A9 call __LStrArrayClr
CODE:0054D4AE retn
CODE:0054D4AF ; ---------------------------------------------------------------------------
CODE:0054D4AF
CODE:0054D4AF ; char loc_54D4AF
CODE:0054D4AF loc_54D4AF: ; DATA XREF: __account_key_3+1Co
CODE:0054D4AF jmp unknown_libname_75 ; BDS 2005-2006 and Delphi6-7 Visual Component Library
CODE:0054D4B4 ; ---------------------------------------------------------------------------
CODE:0054D4B4 jmp short loc_54D4A1
CODE:0054D4B6 ; ---------------------------------------------------------------------------
CODE:0054D4B6
CODE:0054D4B6 loc_54D4B6: ; CODE XREF: __account_key_3+B2j
CODE:0054D4B6 ; DATA XREF: __account_key_3+A0o
CODE:0054D4B6 pop edi
CODE:0054D4B7 pop esi
CODE:0054D4B8 pop ebx
CODE:0054D4B9 mov esp, ebp
CODE:0054D4BB pop ebp
CODE:0054D4BC retn
CODE:0054D4BC __account_key_3 endp
void Account_Key_3(string& sRealKey, string sKey)
{
string sTempKey;
int nLenth = sKey.length();
int n;
for ( n = 0; n < nLenth; n++)
{
switch (sKey[n])
{
case '0':
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
sTempKey += sKey[n];
break;
default:
break;
}
}
nLenth = sTempKey.length();
if ( nLenth > 0)
{
int nTemp = 1;
char* pTempKey = (char*)sTempKey.c_str();
do
{
if ( (nTemp % 2) == 0 )
{
char c = *(char*)(pTempKey + nTemp - 1);
sRealKey += c;
}
nTemp++;
nLenth--;
} while (nLenth);
}
}
CODE:0054C718 __Struct_Edit_1 proc near ; CODE XREF: __Matrix_Account+42p
CODE:0054C718 ; __Matrix_Account+50p ...
CODE:0054C718 push ebx
CODE:0054C719 push esi
CODE:0054C71A push edi
CODE:0054C71B push ebp
CODE:0054C71C mov edi, ecx ; 参数,长度
CODE:0054C71E mov ebp, edx ; 参数
CODE:0054C720 mov esi, eax ; 参数,p
CODE:0054C722 mov eax, [esi+st_machine.nUnknow_5]
CODE:0054C725 shr eax, 3
CODE:0054C728 and eax, 3Fh
CODE:0054C72B mov edx, edi
CODE:0054C72D shl edx, 3 ; * 8
CODE:0054C730 add [esi+st_machine.nUnknow_5], edx
CODE:0054C733 cmp edx, [esi+st_machine.nUnknow_5]
CODE:0054C736 jbe short loc_54C73B
CODE:0054C738 inc dword ptr [esi+14h]
CODE:0054C73B
CODE:0054C73B loc_54C73B: ; CODE XREF: __Struct_Edit_1+1Ej
CODE:0054C73B mov edx, edi
CODE:0054C73D shr edx, 1Dh ; >> 29
CODE:0054C740 add [esi+14h], edx
CODE:0054C743 mov ebx, 40h
CODE:0054C748 sub ebx, eax
CODE:0054C74A cmp ebx, edi
CODE:0054C74C ja short loc_54C780 ; >
CODE:0054C74E lea eax, [esi+eax+18h]
CODE:0054C752 mov ecx, ebx
CODE:0054C754 mov edx, ebp
CODE:0054C756 call __memcpy
CODE:0054C75B mov edx, esi
CODE:0054C75D lea eax, [esi+18h]
CODE:0054C760 call struct_account
CODE:0054C765 jmp short loc_54C775
CODE:0054C767 ; ---------------------------------------------------------------------------
CODE:0054C767
CODE:0054C767 loc_54C767: ; CODE XREF: __Struct_Edit_1+62j
CODE:0054C767 mov edx, esi
CODE:0054C769 lea eax, [ebp+ebx+0]
CODE:0054C76D call struct_account
CODE:0054C772 add ebx, 40h
CODE:0054C775
CODE:0054C775 loc_54C775: ; CODE XREF: __Struct_Edit_1+4Dj
CODE:0054C775 lea eax, [ebx+3Fh]
CODE:0054C778 cmp edi, eax
CODE:0054C77A ja short loc_54C767
CODE:0054C77C xor eax, eax
CODE:0054C77E jmp short loc_54C782
CODE:0054C780 ; ---------------------------------------------------------------------------
CODE:0054C780
CODE:0054C780 loc_54C780: ; CODE XREF: __Struct_Edit_1+34j
CODE:0054C780 xor ebx, ebx
CODE:0054C782
CODE:0054C782 loc_54C782: ; CODE XREF: __Struct_Edit_1+66j
CODE:0054C782 lea eax, [esi+eax+st_machine.szMachineId]
CODE:0054C786 mov ecx, edi
CODE:0054C788 sub ecx, ebx
CODE:0054C78A lea edx, [ebp+ebx+0] ; user input string
CODE:0054C78E call __memcpy
CODE:0054C793 pop ebp
CODE:0054C794 pop edi
CODE:0054C795 pop esi
CODE:0054C796 pop ebx
CODE:0054C797 retn
CODE:0054C797 __Struct_Edit_1 endp
//pv1 = eax, pv2 = edx, nLenth = ecx
void Struct_Edit_1(char* pv1, char* pv2,int nLenth)
{
int v2 = (*(DWORD*)(pv1 + 16) >> 3) & 0x3F;
*(DWORD*)(pv1 + 16) += 8 * nLenth;
if ( 8 * nLenth > *(DWORD*)(pv1 + 16) )
++*(DWORD*)(pv1 + 20);
*(DWORD*)(pv1 + 20) += nLenth >> 29;
int v5 = 64 - v2;
if ( v5 <= nLenth )
{
memcpy((void*)(pv1 + v2 + 0x18),pv2,v5);
Struct_Account(pv1, pv1+0x18);
//_memcpy();
//ary_account();
while ( nLenth > v5 + 63 )
{
Struct_Account(pv1, pv2 + v5);
//ary_account();
v5 += 64;
}
v2 = 0;
}
else
{
v5 = 0;
}
memcpy(pv1+v2+0x18, pv2+v5, nLenth - v5);
}
CODE:0054BFB4 struct_account proc near ; CODE XREF: __Struct_Edit_1+48p
CODE:0054BFB4 ; __Struct_Edit_1+55p
CODE:0054BFB4
CODE:0054BFB4 push ebx
CODE:0054BFB5 push esi
CODE:0054BFB6 push edi
CODE:0054BFB7 push ebp
CODE:0054BFB8 add esp, 0FFFFFFA8h
CODE:0054BFBB mov [esp+4], edx
CODE:0054BFBF mov [esp], eax
CODE:0054BFC2 lea ebx, [esp+8]
CODE:0054BFC6 lea esi, [esp+0Ch]
CODE:0054BFCA lea edi, [esp+10h]
CODE:0054BFCE lea ebp, [esp+14h]
CODE:0054BFD2 lea edx, [esp+18h]
CODE:0054BFD6 mov ecx, 40h
CODE:0054BFDB mov eax, [esp]
CODE:0054BFDE call Account_Func_1
CODE:0054BFE3 mov eax, [esp+4]
CODE:0054BFE7 mov eax, [eax]
CODE:0054BFE9 mov [ebx], eax
CODE:0054BFEB mov eax, [esp+4]
CODE:0054BFEF mov eax, [eax+4]
CODE:0054BFF2 mov [esi], eax
CODE:0054BFF4 mov eax, [esp+4]
CODE:0054BFF8 mov eax, [eax+8]
CODE:0054BFFB mov [edi], eax
CODE:0054BFFD mov eax, [esp+4]
CODE:0054C001 mov eax, [eax+0Ch]
CODE:0054C004 mov [ebp+0], eax
CODE:0054C007 mov eax, [ebp+0]
CODE:0054C00A push eax
CODE:0054C00B mov eax, [esp+1Ch]
CODE:0054C00F push eax
CODE:0054C010 push 7
CODE:0054C012 push 0D76AA478h
CODE:0054C017 mov eax, ebx
CODE:0054C019 mov ecx, [edi]
CODE:0054C01B mov edx, [esi]
CODE:0054C01D call Account_Func_2
……(省略)
CODE:0054C1B3 mov eax, [ebp+0]
CODE:0054C1B6 push eax
CODE:0054C1B7 mov eax, [esp+20h]
CODE:0054C1BB push eax
CODE:0054C1BC push 5
CODE:0054C1BE push 0F61E2562h
CODE:0054C1C3 mov eax, ebx
CODE:0054C1C5 mov ecx, [edi]
CODE:0054C1C7 mov edx, [esi]
CODE:0054C1C9 call Account_Func_5
……(省略)
CODE:0054C35F mov eax, [ebp+0]
CODE:0054C362 push eax
CODE:0054C363 mov eax, [esp+30h]
CODE:0054C367 push eax
CODE:0054C368 push 4
CODE:0054C36A push 0FFFA3942h
CODE:0054C36F mov eax, ebx
CODE:0054C371 mov ecx, [edi]
CODE:0054C373 mov edx, [esi]
CODE:0054C375 call Account_Func_7
……(省略)
CODE:0054C50B mov eax, [ebp+0]
CODE:0054C50E push eax
CODE:0054C50F mov eax, [esp+1Ch]
CODE:0054C513 push eax
CODE:0054C514 push 6
CODE:0054C516 push 0F4292244h
CODE:0054C51B mov eax, ebx
CODE:0054C51D mov ecx, [edi]
CODE:0054C51F mov edx, [esi]
CODE:0054C521 call Account_Func_9
……(省略)
CODE:0054C6B7 mov eax, [esp+4]
CODE:0054C6BB mov edx, [ebx]
CODE:0054C6BD add [eax], edx
CODE:0054C6BF mov eax, [esp+4]
CODE:0054C6C3 mov edx, [esi]
CODE:0054C6C5 add [eax+4], edx
CODE:0054C6C8 mov eax, [esp+4]
CODE:0054C6CC mov edx, [edi]
CODE:0054C6CE add [eax+8], edx
CODE:0054C6D1 mov eax, [esp+4]
CODE:0054C6D5 mov edx, [ebp+0]
CODE:0054C6D8 add [eax+0Ch], edx
CODE:0054C6DB add esp, 58h
CODE:0054C6DE pop ebp
CODE:0054C6DF pop edi
CODE:0054C6E0 pop esi
CODE:0054C6E1 pop ebx
CODE:0054C6E2 retn
CODE:0054C6E2 struct_account endp
void Struct_Account(char* pEdx, char* pEax)
{
int nAry[22] = {0};
nAry[1] = (int)pEdx;
nAry[0] = (int)pEax;
Account_Func_1((int*)nAry[0], (int*)&nAry[6],0x40);
nAry[2] = *(int*)pEdx;
nAry[3] = *(int*)(pEdx + 4);
nAry[4] = *(int*)(pEdx + 8);
nAry[5] = *(int*)(pEdx + 0xC);
Account_Func_2( 0x0D76AA478, 7, nAry[6], nAry[5], &nAry[2], nAry[4], nAry[3]);
……(省略)
Account_Func_5( 0xF61E2562, 5, nAry[7], nAry[5], &nAry[2], nAry[4], nAry[3]);
……(省略)
Account_Func_7( 0xFFFA3942, 4, nAry[11], nAry[5], &nAry[2], nAry[4], nAry[3]);
……(省略)
Account_Func_9( 0xF4292244, 6, nAry[6], nAry[5], &nAry[2], nAry[4], nAry[3]);
……(省略)
*(DWORD*)pEdx += nAry[2];
*(DWORD*)(pEdx + 4) += nAry[3];
*(DWORD*)(pEdx + 8) += nAry[4];
*(DWORD*)(pEdx + 0xC) += nAry[5];
}
CODE:0054BF40 Account_Func_1 proc near ; CODE XREF: struct_account+2Ap
CODE:0054BF40 push ebx
CODE:0054BF41 shr ecx, 2
CODE:0054BF44 test ecx, ecx
CODE:0054BF46 jbe short loc_54BF73
CODE:0054BF48 loc_54BF48: ; CODE XREF: Account_Func_1+31j
CODE:0054BF48 xor ebx, ebx
CODE:0054BF4A mov bl, [eax]
CODE:0054BF4C mov [edx], ebx
CODE:0054BF4E inc eax
CODE:0054BF4F xor ebx, ebx
CODE:0054BF51 mov bl, [eax]
CODE:0054BF53 shl ebx, 8
CODE:0054BF56 or [edx], ebx
CODE:0054BF58 inc eax
CODE:0054BF59 xor ebx, ebx
CODE:0054BF5B mov bl, [eax]
CODE:0054BF5D shl ebx, 10h
CODE:0054BF60 or [edx], ebx
CODE:0054BF62 inc eax
CODE:0054BF63 xor ebx, ebx
CODE:0054BF65 mov bl, [eax]
CODE:0054BF67 shl ebx, 18h
CODE:0054BF6A or [edx], ebx
CODE:0054BF6C inc eax
CODE:0054BF6D add edx, 4
CODE:0054BF70 dec ecx
CODE:0054BF71 jnz short loc_54BF48
CODE:0054BF73 loc_54BF73: ; CODE XREF: Account_Func_1+6j
CODE:0054BF73 pop ebx
CODE:0054BF74 retn
CODE:0054BF74 Account_Func_1 endp
void Account_Func_1(int* pEax, int* pEdx, int nEcx)
{
int i, v4;
for ( i = nEcx >> 2; i; --i )
{
*(DWORD*)pEdx = *(unsigned char*)pEax;
v4 = (int)pEax + 1;
*(DWORD*)pEdx |= *(unsigned char*)v4 << 8;
v4++;
*(DWORD*)pEdx |= *(unsigned char*)v4 << 16;
v4++;
*(DWORD*)pEdx |= *(unsigned char*)v4 << 24;
pEax = (int*)(v4 + 1);
//edx += 4;
pEdx++;
}
}
CODE:0054BE70 Account_Func_2 proc near ; CODE XREF: struct_account+69p
CODE:0054BE70 ; struct_account+83p ...
CODE:0054BE70
CODE:0054BE70 arg_0 = dword ptr 8
CODE:0054BE70 arg_4 = byte ptr 0Ch
CODE:0054BE70 arg_8 = dword ptr 10h
CODE:0054BE70 arg_C = dword ptr 14h
CODE:0054BE70
CODE:0054BE70 push ebp
CODE:0054BE71 mov ebp, esp
CODE:0054BE73 push ebx
CODE:0054BE74 push esi
CODE:0054BE75 push edi
CODE:0054BE76 mov edi, ecx
CODE:0054BE78 mov esi, edx
CODE:0054BE7A mov ebx, eax
CODE:0054BE7C mov ecx, [ebp+arg_C]
CODE:0054BE7F mov edx, edi
CODE:0054BE81 mov eax, esi
CODE:0054BE83 call Account_Func_3
CODE:0054BE88 add eax, [ebp+arg_8]
CODE:0054BE8B add eax, [ebp+arg_0]
CODE:0054BE8E add [ebx], eax
CODE:0054BE90 mov eax, ebx
CODE:0054BE92 mov dl, [ebp+arg_4]
CODE:0054BE95 call Account_Func_4
CODE:0054BE9A add [ebx], esi
CODE:0054BE9C pop edi
CODE:0054BE9D pop esi
CODE:0054BE9E pop ebx
CODE:0054BE9F pop ebp
CODE:0054BEA0 retn 10h
CODE:0054BEA0 Account_Func_2 endp
void Account_Func_2(unsigned int n, char m, unsigned int i, unsigned int j, int* nEax, int nEcx, int nEdx)
{
//*(_DWORD *)v9 += a3 + a5 + Account_Func_3(a2, ecx0, a6);
*nEax += i + n + Account_Func_3( nEdx, nEcx, j);
Account_Func_4( (int)nEax, m);
*nEax += nEdx;
}
CODE:0054BE24 Account_Func_3 proc near ; CODE XREF: Account_Func_2+13p
CODE:0054BE24 and edx, eax
CODE:0054BE26 not eax
CODE:0054BE28 and ecx, eax
CODE:0054BE2A or edx, ecx
CODE:0054BE2C mov eax, edx
CODE:0054BE2E retn
CODE:0054BE2E Account_Func_3 endp
int Account_Func_3(int nEax, int nEdx, int nEcx)
{
return ~nEax & nEcx | nEax & nEdx;
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
