请高手帮助看看,小第在破解中碰到以下算法,反汇编后看不明白,请大家指点。
(1)
:004011BF 50 push :004011C0 E89B3F0000 call 00405160 转移到(2)
----------------
(2)
:00405160 55 push ebp
:00405161 8BEC mov ebp, esp
:00405163 8B4508 mov eax, dword ptr [ebp+08]
:00405166 50 push eax
:00405167 E8F4FEFFFF call 00405060 转移到(3)
:0040516C 83C404 add esp, 00000004
:0040516F 5D pop ebp
:00405170 C3 ret -->回到(1)
-----------------
(3)
* Referenced by a CALL at Address:
|:00405167
|
:00405060 55 push ebp
:00405061 8BEC mov ebp, esp
:00405063 83EC14 sub esp, 00000014
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004050AE(U)
|
:00405066 833D10C3420001 cmp dword ptr [0042C310], 00000001
:0040506D 7E17 jle 00405086 不等则跳
:0040506F 6A08 push 00000008
:00405071 8B4508 mov eax, dword ptr [ebp+08]
:00405074 33C9 xor ecx, ecx
:00405076 8A08 mov cl, byte ptr [eax]
:00405078 51 push ecx
:00405079 E832460000 call 004096B0 ========
:0040507E 83C408 add esp, 00000008
:00405081 8945F0 mov dword ptr [ebp-10], eax
:00405084 EB19 jmp 0040509F ---------
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040506D(C)
|
:00405086 8B5508 mov edx, dword ptr [ebp+08]
:00405089 33C0 xor eax, eax
:0040508B 8A02 mov al, byte ptr [edx]
* Possible StringData Ref from Data Obj ->" ((((( "
->" H"
|
:0040508D 8B0D04C14200 mov ecx, dword ptr [0042C104]
:00405093 33D2 xor edx, edx
:00405095 668B1441 mov dx, word ptr [ecx+2*eax]
:00405099 83E208 and edx, 00000008
:0040509C 8955F0 mov dword ptr [ebp-10], edx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405084(U)
|
:0040509F 837DF000 cmp dword ptr [ebp-10], 00000000
:004050A3 740B je 004050B0 ---------
:004050A5 8B4508 mov eax, dword ptr [ebp+08]
:004050A8 83C001 add eax, 00000001
:004050AB 894508 mov dword ptr [ebp+08], eax
:004050AE EBB6 jmp 00405066 --------
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004050A3(C)
|
:004050B0 8B4D08 mov ecx, dword ptr [ebp+08]
:004050B3 33D2 xor edx, edx
:004050B5 8A11 mov dl, byte ptr [ecx]
:004050B7 8955FC mov dword ptr [ebp-04], edx
:004050BA 8B4508 mov eax, dword ptr [ebp+08]
:004050BD 83C001 add eax, 00000001
:004050C0 894508 mov dword ptr [ebp+08], eax
:004050C3 8B4DFC mov ecx, dword ptr [ebp-04]
:004050C6 894DF4 mov dword ptr [ebp-0C], ecx
:004050C9 837DFC2D cmp dword ptr [ebp-04], 0000002D
:004050CD 7406 je 004050D5 --------》 《1》
:004050CF 837DFC2B cmp dword ptr [ebp-04], 0000002B
:004050D3 7513 jne 004050E8 --------》 《2》
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004050CD(C)
|
:004050D5 8B5508 mov edx, dword ptr [ebp+08] 《1》
:004050D8 33C0 xor eax, eax
:004050DA 8A02 mov al, byte ptr [edx]
:004050DC 8945FC mov dword ptr [ebp-04], eax
:004050DF 8B4D08 mov ecx, dword ptr [ebp+08]
:004050E2 83C101 add ecx, 00000001
:004050E5 894D08 mov dword ptr [ebp+08], ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004050D3(C)
|
:004050E8 C745F800000000 mov [ebp-08], 00000000 《2》
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405149(U)
|
:004050EF 833D10C3420001 cmp dword ptr [0042C310], 00000001 《B》
:004050F6 7E13 jle 0040510B 《3》
:004050F8 6A04 push 00000004
:004050FA 8B55FC mov edx, dword ptr [ebp-04]
:004050FD 52 push edx
:004050FE E8AD450000 call 004096B0
:00405103 83C408 add esp, 00000008
:00405106 8945EC mov dword ptr [ebp-14], eax
:00405109 EB15 jmp 00405120 《4》
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004050F6(C)
|
:0040510B 8B45FC mov eax, dword ptr [ebp-04] 《3》
* Possible StringData Ref from Data Obj ->" ((((( "
->" H"
|
:0040510E 8B0D04C14200 mov ecx, dword ptr [0042C104]
:00405114 33D2 xor edx, edx
:00405116 668B1441 mov dx, word ptr [ecx+2*eax]
:0040511A 83E204 and edx, 00000004
:0040511D 8955EC mov dword ptr [ebp-14], edx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405109(U)
|
:00405120 837DEC00 cmp dword ptr [ebp-14], 00000000 《4》
:00405124 7425 je 0040514B 《5》
:00405126 8B45F8 mov eax, dword ptr [ebp-08]
:00405129 6BC00A imul eax, 0000000A
:0040512C 8B4DFC mov ecx, dword ptr [ebp-04]
:0040512F 8D5408D0 lea edx, dword ptr [eax+ecx-30]
:00405133 8955F8 mov dword ptr [ebp-08], edx
:00405136 8B4508 mov eax, dword ptr [ebp+08]
:00405139 33C9 xor ecx, ecx
:0040513B 8A08 mov cl, byte ptr [eax]
:0040513D 894DFC mov dword ptr [ebp-04], ecx
:00405140 8B5508 mov edx, dword ptr [ebp+08]
:00405143 83C201 add edx, 00000001
:00405146 895508 mov dword ptr [ebp+08], edx 循环很多次 查d edx=从78787878逐步缩小到一位
:00405149 EBA4 jmp 004050EF 〈B〉
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405124(C)
|
:0040514B 837DF42D cmp dword ptr [ebp-0C], 0000002D 《5》
:0040514F 7507 jne 00405158 《6》
:00405151 8B45F8 mov eax, dword ptr [ebp-08]
:00405154 F7D8 neg eax
:00405156 EB03 jmp 0040515B 《7》
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040514F(C)
|
:00405158 8B45F8 mov eax, dword ptr [ebp-08] 《6》
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405156(U)
|
:0040515B 8BE5 mov esp, ebp 《7》
:0040515D 5D pop ebp
:0040515E C3 ret -->返回到(2)结束
:0040515F CC int 03
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
