能力值:
( LV2,RANK:10 )
|
-
-
4 楼
用户名:makeme
SVN-5987-3411-5005-LC
用户名
0045A343 |> /33DB /xor ebx,ebx ; EDX肯定作为算一个的最后数
0045A345 |. |8A19 |mov bl,byte ptr ds:[ecx] ; 取用户名第一位转换成ANSL
0045A347 |. |015D EC |add dword ptr ss:[ebp-14],ebx ; 依次和转换成asul的值相加
0045A34A |. |8BC6 |mov eax,esi ; 每一次循环+1
0045A34C |. |25 03000080 |and eax,80000003
0045A351 |. |79 05 |jns short Project1.0045A358
0045A353 |. |48 |dec eax
0045A354 |. |83C8 FC |or eax,FFFFFFFC
0045A357 |. |40 |inc eax
0045A358 |> |83E8 01 |sub eax,1 ; EAX-1; Switch (cases 0..3)
0045A35B |. |72 28 |jb short Project1.0045A385 ; 大于3就跳了
0045A35D |. |74 08 |je short Project1.0045A367
0045A35F |. |48 |dec eax ; 这里也减1
0045A360 |. |74 0D |je short Project1.0045A36F
0045A362 |. |48 |dec eax ; 这里也减1 //相当清O了
0045A363 |. |74 14 |je short Project1.0045A379
0045A365 |. |EB 29 |jmp short Project1.0045A390
0045A367 |> |0FAFDE |imul ebx,esi ; 1和第一位相乘; Case 1 of switch 0045A358
0045A36A |. |295D E8 |sub dword ptr ss:[ebp-18],ebx ; 1和第一位相减
0045A36D |. |EB 21 |jmp short Project1.0045A390
0045A36F |> |035D E8 |add ebx,dword ptr ss:[ebp-18] ; Case 2 of switch 0045A358
0045A372 |. |33DE |xor ebx,esi
0045A374 |. |895D E8 |mov dword ptr ss:[ebp-18],ebx
0045A377 |. |EB 17 |jmp short Project1.0045A390
0045A379 |> |8B45 E8 |mov eax,dword ptr ss:[ebp-18] ; Case 3 of switch 0045A358
0045A37C |. |F7EB |imul ebx
0045A37E |. |2BC6 |sub eax,esi
0045A380 |. |8945 E8 |mov dword ptr ss:[ebp-18],eax
0045A383 |. |EB 0B |jmp short Project1.0045A390
0045A385 |> |8B45 E8 |mov eax,dword ptr ss:[ebp-18] ; Case 0 of switch 0045A358
0045A388 |. |99 |cdq
0045A389 |. |F7FB |idiv ebx
0045A38B |. |03D6 |add edx,esi
0045A38D |. |8955 E8 |mov dword ptr ss:[ebp-18],edx
0045A390 |> |46 |inc esi ; 1+1; Default case of switch 0045A358
0045A391 |. |41 |inc ecx ; EAX+1
0045A392 |. |4F |dec edi ; 减少一次循环
0045A393 |.^\75 AE \jnz short Project1.0045A343 ; 为0就不循环了 //最终的结果为20C
假码算法
0045A449 |. 85FF test edi,edi ; 给予15次
0045A44B |. 0F8E B7010000 jle Project1.0045A608 ; 小于或等于才跳
0045A451 |. BE 01000000 mov esi,1
0045A456 |. 8D9D E9FDFFFF lea ebx,dword ptr ss:[ebp-217] ; 取假码装进EBX
0045A45C |> 803B 2D /cmp byte ptr ds:[ebx],2D ; 取第一位转换成ANSL和2D比较
0045A45F |. 75 3C |jnz short Project1.0045A49D ; 这里必须要跳
0045A461 |. 8D85 B8FAFFFF |lea eax,dword ptr ss:[ebp-548]
0045A467 |. 8D95 E8FBFFFF |lea edx,dword ptr ss:[ebp-418] ; 取假码放到0012F210
0045A46D |. E8 32A0FAFF |call Project1.004044A4
0045A472 |. 8D85 B8FAFFFF |lea eax,dword ptr ss:[ebp-548]
0045A478 |. BA 58A74500 |mov edx,Project1.0045A758 ; -
0045A47D |. E8 86A0FAFF |call Project1.00404508
0045A482 |. 8B95 B8FAFFFF |mov edx,dword ptr ss:[ebp-548]
0045A488 |. 8D85 E8FBFFFF |lea eax,dword ptr ss:[ebp-418]
0045A48E |. B9 FF000000 |mov ecx,0FF
0045A493 |. E8 44A0FAFF |call Project1.004044DC
0045A498 |. E9 62010000 |jmp Project1.0045A5FF
0045A49D |> 8BC6 |mov eax,esi
0045A49F |. 99 |cdq ; 这里希望高手解释一下~
0045A4A0 |. F77D F4 |idiv dword ptr ss:[ebp-C]
0045A4A3 |. 8B45 F4 |mov eax,dword ptr ss:[ebp-C]
0045A4A6 |. 2BC2 |sub eax,edx ; F-2=?
0045A4A8 |. 0FB68405 E8FCFFFF |movzx eax,byte ptr ss:[ebp+eax-318] ; 分别把内存地址的数字以ASUL值转换出来传送
0045A4B0 |. 33C6 |xor eax,esi ; 在和ESI疑惑
0045A4B2 |. 8945 FC |mov dword ptr ss:[ebp-4],eax ; 把疑惑的值放进内存中
0045A4B5 |. 8BC6 |mov eax,esi
0045A4B7 |. B9 03000000 |mov ecx,3
0045A4BC |. 99 |cdq
0045A4BD |. F7F9 |idiv ecx
0045A4BF |. 8BCA |mov ecx,edx
0045A4C1 |. D365 FC |shl dword ptr ss:[ebp-4],cl ; 移位
0045A4C4 |. 8BC6 |mov eax,esi
0045A4C6 |. 25 01000080 |and eax,80000001
0045A4CB |. 79 05 |jns short Project1.0045A4D2
0045A4CD |. 48 |dec eax
0045A4CE |. 83C8 FE |or eax,FFFFFFFE
0045A4D1 |. 40 |inc eax
0045A4D2 |> 48 |dec eax
0045A4D3 |. 75 08 |jnz short Project1.0045A4DD
0045A4D5 |. 8B45 EC |mov eax,dword ptr ss:[ebp-14]
0045A4D8 |. 0945 FC |or dword ptr ss:[ebp-4],eax
0045A4DB |. EB 06 |jmp short Project1.0045A4E3
0045A4DD |> 8B45 E8 |mov eax,dword ptr ss:[ebp-18]
0045A4E0 |. 0945 FC |or dword ptr ss:[ebp-4],eax ; 移位后的值和EAX的值疑惑
0045A4E3 |> 8B45 FC |mov eax,dword ptr ss:[ebp-4] ; 值在传到EAX
0045A4E6 |. 99 |cdq
0045A4E7 |. 33C2 |xor eax,edx ; 为122
0045A4E9 |. 2BC2 |sub eax,edx ; FFFFFFFF-122= 122+1
0045A4EB |. 8BC8 |mov ecx,eax
0045A4ED |. 81F1 00100000 |xor ecx,1000 ; 123+1000
0045A4F3 |. 8BC6 |mov eax,esi
0045A4F5 |. 99 |cdq
0045A4F6 |. F77D F0 |idiv dword ptr ss:[ebp-10]
0045A4F9 |. 33C0 |xor eax,eax
0045A4FB |. 8A8415 E9FAFFFF |mov al,byte ptr ss:[ebp+edx-517] ; 79 ('y')
0045A502 |. 33C8 |xor ecx,eax
0045A504 |. 894D FC |mov dword ptr ss:[ebp-4],ecx ; 放到上面“移位的内存中”
0045A507 |. 8B45 FC |mov eax,dword ptr ss:[ebp-4]
0045A50A |. 99 |cdq
0045A50B |. 33C2 |xor eax,edx
0045A50D |. 2BC2 |sub eax,edx
0045A50F |. 8945 FC |mov dword ptr ss:[ebp-4],eax
0045A512 |. 8B45 FC |mov eax,dword ptr ss:[ebp-4]
0045A515 |. 50 |push eax
0045A516 |. 8345 FC 64 |add dword ptr ss:[ebp-4],64
0045A51A |. 8375 FC 00 |xor dword ptr ss:[ebp-4],0
0045A51E |. 90 |nop
0045A51F |. 90 |nop
0045A520 |. 90 |nop
0045A521 |. 8365 FC 64 |and dword ptr ss:[ebp-4],64 ; 1270
0045A525 |. 58 |pop eax
0045A526 |. 8945 FC |mov dword ptr ss:[ebp-4],eax ; 把1173最后两位放到AL 73为S
0045A529 |. 8A03 |mov al,byte ptr ds:[ebx] ; 堆栈 ds:[0012F411]=61 ('a') 放到AL
0045A52B |. 3C 61 |cmp al,61 ; AL和61比较,就是假码第一位
0045A52D |. 75 67 |jnz short Project1.0045A596 ; 不等才跳
0045A52F |. 8D85 B4FAFFFF |lea eax,dword ptr ss:[ebp-54C]
0045A535 |. 8D95 E8FBFFFF |lea edx,dword ptr ss:[ebp-418]
0045A53B |. E8 649FFAFF |call Project1.004044A4
0045A540 |. 8D85 B4FAFFFF |lea eax,dword ptr ss:[ebp-54C]
0045A546 |. 50 |push eax
0045A547 |. 8B45 FC |mov eax,dword ptr ss:[ebp-4] ; 把1173放到EAX
0045A54A |. B9 1A000000 |mov ecx,1A
0045A54F |. 99 |cdq
0045A550 |. F7F9 |idiv ecx
0045A552 |. 83C2 41 |add edx,41 ; 循环多少次与41相加
0045A555 |. 8D85 ACFAFFFF |lea eax,dword ptr ss:[ebp-554]
0045A55B |. 8850 01 |mov byte ptr ds:[eax+1],dl ; 取BL数据放到内存中
0045A55E |. C600 01 |mov byte ptr ds:[eax],1
0045A561 |. 8D95 ACFAFFFF |lea edx,dword ptr ss:[ebp-554]
0045A567 |. 8D85 B0FAFFFF |lea eax,dword ptr ss:[ebp-550]
0045A56D |. E8 329FFAFF |call Project1.004044A4
0045A572 |. 8B95 B0FAFFFF |mov edx,dword ptr ss:[ebp-550]
0045A578 |. 58 |pop eax
0045A579 |. E8 8A9FFAFF |call Project1.00404508
0045A57E |. 8B95 B4FAFFFF |mov edx,dword ptr ss:[ebp-54C]
0045A584 |. 8D85 E8FBFFFF |lea eax,dword ptr ss:[ebp-418]
0045A58A |. B9 FF000000 |mov ecx,0FF
0045A58F |. E8 489FFAFF |call Project1.004044DC
0045A594 |. EB 69 |jmp short Project1.0045A5FF
0045A596 |> 3C 31 |cmp al,31
0045A598 |. 75 65 |jnz short Project1.0045A5FF
0045A59A |. 8D85 A8FAFFFF |lea eax,dword ptr ss:[ebp-558]
0045A5A0 |. 8D95 E8FBFFFF |lea edx,dword ptr ss:[ebp-418]
0045A5A6 |. E8 F99EFAFF |call Project1.004044A4
0045A5AB |. 8D85 A8FAFFFF |lea eax,dword ptr ss:[ebp-558]
0045A5B1 |. 50 |push eax
0045A5B2 |. 8B45 FC |mov eax,dword ptr ss:[ebp-4]
0045A5B5 |. B9 0A000000 |mov ecx,0A
0045A5BA |. 99 |cdq
0045A5BB |. F7F9 |idiv ecx
0045A5BD |. 83C2 30 |add edx,30
0045A5C0 |. 8D85 ACFAFFFF |lea eax,dword ptr ss:[ebp-554]
0045A5C6 |. 8850 01 |mov byte ptr ds:[eax+1],dl
0045A5C9 |. C600 01 |mov byte ptr ds:[eax],1
0045A5CC |. 8D95 ACFAFFFF |lea edx,dword ptr ss:[ebp-554]
0045A5D2 |. 8D85 A4FAFFFF |lea eax,dword ptr ss:[ebp-55C]
0045A5D8 |. E8 C79EFAFF |call Project1.004044A4
0045A5DD |. 8B95 A4FAFFFF |mov edx,dword ptr ss:[ebp-55C]
0045A5E3 |. 58 |pop eax
0045A5E4 |. E8 1F9FFAFF |call Project1.00404508
0045A5E9 |. 8B95 A8FAFFFF |mov edx,dword ptr ss:[ebp-558]
0045A5EF |. 8D85 E8FBFFFF |lea eax,dword ptr ss:[ebp-418]
0045A5F5 |. B9 FF000000 |mov ecx,0FF
0045A5FA |. E8 DD9EFAFF |call Project1.004044DC
0045A5FF |> 46 |inc esi
0045A600 |. 43 |inc ebx ; 假码头减一
0045A601 |. 4F |dec edi ; 循环次数-1
0045A602 |.^ 0F85 54FEFFFF \jnz Project1.0045A45C
//本人愚蠢,不知道注册码是怎么给出的 那些值都是从内存中弄出的~ //用户名和算出来的注册码是相对应的~
0045A640 |. /75 0C jnz short Project1.0045A64E //爆破点
0045A642 |. |B8 64A74500 mov eax,Project1.0045A764
0045A647 |. |E8 D009FDFF call Project1.0042B01C
0045A64C |. |EB 0A jmp short Project1.0045A658
0045A64E |> \B8 7CA74500 mov eax,Project1.0045A77C
0045A653 |. E8 C409FDFF call Project1.0042B01C
希望高手来指教一下,指点一下~
|
玩下
