英格驾驶员考试学习系统 2015 版 追码分析
本帖最后由 JZL 于 2015-12-15 17:54 编辑功能限制,提示关键词:
本功能需要注册才能使用,购买电话
在OD中搜索字符串:
在提示的上面有个跳转进来,同时上方有一个jmp可以跳过未注册提示。
来到关键call
0045B0D8 FFD3 CALL NEAR EBX
0045B0DA E9 1A110000 JMP 0045C1F9
0045B0DF E8 AC5D0300 CALL 00490E90 ; 关键call,真假码验证段
00490E90 55 PUSH EBP
00490E91 8BEC MOV EBP, ESP
……
00490FCC .E8 4FF6FFFF CALL 00490620 ;真码EAX=00167944, (UNICODE "haEaDaYbaaoalbGdlcDchaEaDaYbaaoalbGdlcCc")
……
00490FE3 .FF51 2C CALL NEAR DWORD PTR DS: ;把真码MD5加密
……
00490FFB 8B4D CC MOV ECX, DWORD PTR SS:
00490FFE 51 PUSH ECX
00490FFF 8B55 D8 MOV EDX, DWORD PTR SS:
00491002 52 PUSH EDX
00491003 FF15 08114000 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaStrCmp>] ; 这个Cmp就是比较函数,推测应该是真假码比较。
……
00491082 C3 RETN
0045B0E4 66:85C0 TEST AX, AX
0045B0E7 0F84 6C020000 JE 0045B359
……
我追到算法段也没搞明白,机器码 00000000000000000001真码 之间是什么关系。
真码的生成似乎也只和 00000000000000000001有关。
各位有兴趣的,分析下,顺带着给我讲下这算法过程。
本帖最后由 Dxer 于 2015-12-15 20:13 编辑
机器码7bXbubHaSb7b6aWc2dUd0bXbZbEaVb2bvaXcVdSd7bXbubHaSb7b6aWc2dUd0bXbZbEaVb2bvaXcWdSd参与运算,你只要得到类似这串“haEaDaYbaaoalbGdlcDchaEaDaYbaaoalbGdlcCc”字符的东西记下,然后MD5后得到的值就是转大写就是激活码 你自己试试 Dxer 发表于 2015-12-15 20:02
机器码7bXbubHaSb7b6aWc2dUd0bXbZbEaVb2bvaXcVdSd7bXbubHaSb7b6aWc2dUd0bXbZbEaVb2bvaXcWdSd参与运算,你只 ...
这个码我是找到了。我不明白怎么从机器码到注册码的 JZL 发表于 2015-12-15 20:37
这个码我是找到了。我不明白怎么从机器码到注册码的
你说的没错大小写26个字母0-9参与运算得到特殊字符串。我做了一个内存注册机。明天给你测试下 本帖最后由 landwind 于 2015-12-15 21:32 编辑
根据楼主方法,直接找到码了......
算是第一次找到吧....以前就只会暴力jmp
记录下了几个值
试了下8bJaDaZbSbXbUagc就是我马子
0018F8D0 00634144UNICODE "D41D8CD98F00B204E9800998ECF8427E"
0018F8CC 00620904UNICODE "W501DGAV"
0018F8C8 00623324UNICODE "8bJaDaZbSbXbUagc"
0018F8C4 006341ACUNICODE "7C859038B066C560C61D320A2B4D2DEF"
Dxer 发表于 2015-12-15 20:53
你说的没错大小写26个字母0-9参与运算得到特殊字符串。我做了一个内存注册机。明天给你测试下
咱们说说机器码怎么运算成注册码,追码我知道,我就是想搞明白机器码转到注册码的过程 这个vipCrack分析过算法吧~ 楼主搜索一下
https://www.chinapyg.com/thread-72887-1-1.html 谢谢了。辛苦了。收藏了。 JZL 发表于 2015-12-15 21:38
咱们说说机器码怎么运算成注册码,追码我知道,我就是想搞明白机器码转到注册码的过程
详情请看VIp妹子的:https://www.chinapyg.com/thread-72887-1-1.html
第一段激活码前一部分字符串获得:
00490A62 > /3BBD 10FFFFFF CMP EDI, DWORD PTR SS: ;激活码字符串循环开始
00490A68 . |0F8F 77010000 JG 小车科目.00490BE5
00490A6E . |8B45 C0 MOV EAX, DWORD PTR SS:
00490A71 . |3BC3 CMP EAX, EBX
00490A73 . |74 18 JE SHORT 小车科目.00490A8D
00490A75 . |66:8338 01 CMP WORD PTR DS:, 0x1
00490A79 . |75 12 JNZ SHORT 小车科目.00490A8D
00490A7B . |8BF7 MOV ESI, EDI
00490A7D . |2B70 14 SUB ESI, DWORD PTR DS:
00490A80 . |3B70 10 CMP ESI, DWORD PTR DS:
00490A83 . |72 10 JB SHORT 小车科目.00490A95
00490A85 . |FF15 04114000 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__>;MSVBVM60.__vbaGenerateBoundsError
00490A8B . |EB 08 JMP SHORT 小车科目.00490A95
00490A8D > |FF15 04114000 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__>;MSVBVM60.__vbaGenerateBoundsError
00490A93 . |8BF0 MOV ESI, EAX
00490A95 > |8B4D D4 MOV ECX, DWORD PTR SS:
00490A98 . |51 PUSH ECX ; /String
00490A99 . |FF15 2C104000 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__>; \__vbaLenBstr
00490A9F . |8BD8 MOV EBX, EAX
00490AA1 . |8B4D C0 MOV ECX, DWORD PTR SS:
00490AA4 . |8B51 0C MOV EDX, DWORD PTR DS:
00490AA7 . |33C0 XOR EAX, EAX
00490AA9 . |8A0432 MOV AL, BYTE PTR DS:
00490AAC . |99 CDQ
00490AAD . |F7FB IDIV EBX
00490AAF . |8BF0 MOV ESI, EAX
00490AB1 . |85C9 TEST ECX, ECX
00490AB3 . |74 18 JE SHORT 小车科目.00490ACD
00490AB5 . |66:8339 01 CMP WORD PTR DS:, 0x1
00490AB9 . |75 12 JNZ SHORT 小车科目.00490ACD
00490ABB . |8BDF MOV EBX, EDI
00490ABD . |2B59 14 SUB EBX, DWORD PTR DS:
00490AC0 . |3B59 10 CMP EBX, DWORD PTR DS:
00490AC3 . |72 10 JB SHORT 小车科目.00490AD5
00490AC5 . |FF15 04114000 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__>;MSVBVM60.__vbaGenerateBoundsError
00490ACB . |EB 08 JMP SHORT 小车科目.00490AD5
00490ACD > |FF15 04114000 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__>;MSVBVM60.__vbaGenerateBoundsError
00490AD3 . |8BD8 MOV EBX, EAX
00490AD5 > |8B45 D4 MOV EAX, DWORD PTR SS:
00490AD8 . |50 PUSH EAX ; /String
00490AD9 . |FF15 2C104000 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__>; \__vbaLenBstr
00490ADF . |8BC8 MOV ECX, EAX
00490AE1 . |8B55 C0 MOV EDX, DWORD PTR SS:
00490AE4 . |8B42 0C MOV EAX, DWORD PTR DS:
00490AE7 . |33D2 XOR EDX, EDX
00490AE9 . |8A1418 MOV DL, BYTE PTR DS:
00490AEC . |8BC2 MOV EAX, EDX
00490AEE . |99 CDQ
00490AEF . |F7F9 IDIV ECX
00490AF1 . |C745 B8 01000>MOV DWORD PTR SS:, 0x1
00490AF8 . |C745 B0 02000>MOV DWORD PTR SS:, 0x2
00490AFF . |8D45 D4 LEA EAX, DWORD PTR SS:
00490B02 . |8985 64FFFFFF MOV DWORD PTR SS:, EAX
00490B08 . |C785 5CFFFFFF>MOV DWORD PTR SS:, 0x4008
00490B12 . |8D4D B0 LEA ECX, DWORD PTR SS:
00490B15 . |51 PUSH ECX ; /Length8
00490B16 . |83C2 01 ADD EDX, 0x1 ; |
00490B19 . |0F80 64010000 JO 小车科目.00490C83 ; |
00490B1F . |52 PUSH EDX ; |Start
00490B20 . |8D95 5CFFFFFF LEA EDX, DWORD PTR SS: ; |
00490B26 . |52 PUSH EDX ; |dString8
00490B27 . |8D45 A0 LEA EAX, DWORD PTR SS: ; |
00490B2A . |50 PUSH EAX ; |RetBUFFER
00490B2B . |8B1D E8104000 MOV EBX, DWORD PTR DS:[<&MSVBVM60.#r>; |MSVBVM60.rtcMidCharVar
00490B31 . |FFD3 CALL NEAR EBX ; \rtcMidCharVar
00490B33 . |C745 98 01000>MOV DWORD PTR SS:, 0x1
00490B3A . |C745 90 02000>MOV DWORD PTR SS:, 0x2
00490B41 . |8D4D D4 LEA ECX, DWORD PTR SS:
00490B44 . |898D 44FFFFFF MOV DWORD PTR SS:, ECX
00490B4A . |C785 3CFFFFFF>MOV DWORD PTR SS:, 0x4008
00490B54 . |8D55 90 LEA EDX, DWORD PTR SS:
00490B57 . |52 PUSH EDX ; /Length8
00490B58 . |83C6 01 ADD ESI, 0x1 ; |
00490B5B . |0F80 22010000 JO 小车科目.00490C83 ; |
00490B61 . |56 PUSH ESI ; |Start
00490B62 . |8D85 3CFFFFFF LEA EAX, DWORD PTR SS: ; |
00490B68 . |50 PUSH EAX ; |dString8
00490B69 . |8D4D 80 LEA ECX, DWORD PTR SS: ; |
00490B6C . |51 PUSH ECX ; |RetBUFFER
00490B6D . |FFD3 CALL NEAR EBX ; \rtcMidCharVar
00490B6F . |8D55 A0 LEA EDX, DWORD PTR SS:
00490B72 . |52 PUSH EDX ; /var18
00490B73 . |8D45 80 LEA EAX, DWORD PTR SS: ; |
00490B76 . |50 PUSH EAX ; |var28
00490B77 . |8D8D 70FFFFFF LEA ECX, DWORD PTR SS: ; |
00490B7D . |51 PUSH ECX ; |saveto8
00490B7E . |FF15 44124000 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__>; \__vbaVarAdd
00490B84 . |50 PUSH EAX
00490B85 . |FF15 28104000 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__>;MSVBVM60.__vbaStrVarMove
00490B8B . |8BD0 MOV EDX, EAX
00490B8D . |8D4D C8 LEA ECX, DWORD PTR SS:
00490B90 . |8B35 80124000 MOV ESI, DWORD PTR DS:[<&MSVBVM60.__>;MSVBVM60.__vbaStrMove
00490B96 . |FFD6 CALL NEAR ESI ;<&MSVBVM60.__vbaStrMove>
00490B98 . |8D95 70FFFFFF LEA EDX, DWORD PTR SS:
00490B9E . |52 PUSH EDX
00490B9F . |8D45 80 LEA EAX, DWORD PTR SS:
00490BA2 . |50 PUSH EAX
00490BA3 . |8D4D A0 LEA ECX, DWORD PTR SS:
00490BA6 . |51 PUSH ECX
00490BA7 . |8D55 90 LEA EDX, DWORD PTR SS:
00490BAA . |52 PUSH EDX
00490BAB . |8D45 B0 LEA EAX, DWORD PTR SS:
00490BAE . |50 PUSH EAX
00490BAF . |6A 05 PUSH 0x5
00490BB1 . |FF15 30104000 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__>;MSVBVM60.__vbaFreeVarList
00490BB7 . |83C4 18 ADD ESP, 0x18
00490BBA . |8B4D C4 MOV ECX, DWORD PTR SS:
00490BBD . |51 PUSH ECX
00490BBE . |8B55 C8 MOV EDX, DWORD PTR SS:
00490BC1 . |52 PUSH EDX ; /String
00490BC2 . |FF15 5C104000 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__>; \__vbaStrCat
00490BC8 . |8BD0 MOV EDX, EAX
00490BCA . |8D4D C4 LEA ECX, DWORD PTR SS:
00490BCD . |FFD6 CALL NEAR ESI
00490BCF . |B8 01000000 MOV EAX, 0x1
00490BD4 . |03C7 ADD EAX, EDI
00490BD6 . |0F80 A7000000 JO 小车科目.00490C83
00490BDC . |8BF8 MOV EDI, EAX
00490BDE . |33DB XOR EBX, EBX
00490BE0 .^\E9 7DFEFFFF JMP 小车科目.00490A62
00490BE5 >8B55 C4 MOV EDX, DWORD PTR SS: ;这里得到激活码的字符串(没有转MD5前的)
第二段转MD5激活码部分:
00479690/$53 PUSH EBX ;验证算法部分
00479691|.56 PUSH ESI
00479692|.57 PUSH EDI
00479693|.6A 00 PUSH 0x0 ; |lBoundn = 0x0
00479695|.6A 09 PUSH 0x9 ; |uBoundn = 0x9
00479697|.6A 01 PUSH 0x1 ; |TotalArray = 0x1
00479699|.6A 11 PUSH 0x11 ; |vBType = Byte
0047969B|.68 5CC04700 PUSH 小车科目.0047C05C ; |RetADDR = 小车科目.0047C05C
004796A0|.6A 01 PUSH 0x1 ; |VAlign = BYTE
004796A2|.68 80000000 PUSH 0x80 ; |Arg1 = 0x80
004796A7|.FF15 4C114000 CALL NEAR DWORD PTR DS:[<&MSVBVM60.__>; \__vbaRedim
004796AD|.A1 5CC04700 MOV EAX, DWORD PTR DS:
004796B2|.83C4 1C ADD ESP, 0x1C
004796B5|.85C0 TEST EAX, EAX
004796B7|.74 1C JE SHORT 小车科目.004796D5
004796B9|.66:8338 01 CMP WORD PTR DS:, 0x1
004796BD|.75 16 JNZ SHORT 小车科目.004796D5
004796BF|.8B70 14 MOV ESI, DWORD PTR DS:
004796C2|.8B48 10 MOV ECX, DWORD PTR DS:
004796C5|.8B1D 04114000 MOV EBX, DWORD PTR DS:[<&MSVBVM60.__>;MSVBVM60.__vbaGenerateBoundsError
004796CB|.F7DE NEG ESI
004796CD|.3BF1 CMP ESI, ECX
004796CF|.72 0E JB SHORT 小车科目.004796DF
004796D1|.FFD3 CALL NEAR EBX ;<&MSVBVM60.__vbaGenerateBoundsError>
004796D3|.EB 0A JMP SHORT 小车科目.004796DF
004796D5|>8B1D 04114000 MOV EBX, DWORD PTR DS:[<&MSVBVM60.__>;MSVBVM60.__vbaGenerateBoundsError
004796DB|.FFD3 CALL NEAR EBX ;<&MSVBVM60.__vbaGenerateBoundsError>
004796DD|.8BF0 MOV ESI, EAX
004796DF|>8B3D 5C114000 MOV EDI, DWORD PTR DS:[<&MSVBVM60.__>;MSVBVM60.__vbaUI1I2
004796E5|.B9 41000000 MOV ECX, 0x41
004796EA|.FFD7 CALL NEAR EDI ;<&MSVBVM60.__vbaUI1I2>
004796EC|.8B0D 5CC04700 MOV ECX, DWORD PTR DS:
004796F2|.8B51 0C MOV EDX, DWORD PTR DS:
004796F5|.880432 MOV BYTE PTR DS:, AL
004796F8|.A1 5CC04700 MOV EAX, DWORD PTR DS:
004796FD|.85C0 TEST EAX, EAX
004796FF|.74 1B JE SHORT 小车科目.0047971C
00479701|.66:8338 01 CMP WORD PTR DS:, 0x1
00479705|.75 15 JNZ SHORT 小车科目.0047971C
00479707|.8B50 14 MOV EDX, DWORD PTR DS:
0047970A|.8B48 10 MOV ECX, DWORD PTR DS:
0047970D|.BE 01000000 MOV ESI, 0x1
00479712|.2BF2 SUB ESI, EDX
00479714|.3BF1 CMP ESI, ECX
00479716|.72 08 JB SHORT 小车科目.00479720
00479718|.FFD3 CALL NEAR EBX
0047971A|.EB 04 JMP SHORT 小车科目.00479720
0047971C|>FFD3 CALL NEAR EBX
0047971E|.8BF0 MOV ESI, EAX
00479720|>B9 2C000000 MOV ECX, 0x2C
00479725|.FFD7 CALL NEAR EDI
00479727|.8B0D 5CC04700 MOV ECX, DWORD PTR DS:
0047972D|.8B51 0C MOV EDX, DWORD PTR DS:
00479730|.880432 MOV BYTE PTR DS:, AL
00479733|.A1 5CC04700 MOV EAX, DWORD PTR DS:
00479738|.85C0 TEST EAX, EAX
0047973A|.74 1B JE SHORT 小车科目.00479757
0047973C|.66:8338 01 CMP WORD PTR DS:, 0x1
00479740|.75 15 JNZ SHORT 小车科目.00479757
00479742|.8B50 14 MOV EDX, DWORD PTR DS:
00479745|.8B48 10 MOV ECX, DWORD PTR DS:
00479748|.BE 02000000 MOV ESI, 0x2
0047974D|.2BF2 SUB ESI, EDX
0047974F|.3BF1 CMP ESI, ECX
00479751|.72 08 JB SHORT 小车科目.0047975B
00479753|.FFD3 CALL NEAR EBX
00479755|.EB 04 JMP SHORT 小车科目.0047975B
00479757|>FFD3 CALL NEAR EBX
00479759|.8BF0 MOV ESI, EAX
0047975B|>B9 17000000 MOV ECX, 0x17
00479760|.FFD7 CALL NEAR EDI
00479762|.8B0D 5CC04700 MOV ECX, DWORD PTR DS:
00479768|.8B51 0C MOV EDX, DWORD PTR DS:
0047976B|.880432 MOV BYTE PTR DS:, AL
0047976E|.A1 5CC04700 MOV EAX, DWORD PTR DS:
00479773|.85C0 TEST EAX, EAX
00479775|.74 1B JE SHORT 小车科目.00479792
00479777|.66:8338 01 CMP WORD PTR DS:, 0x1
0047977B|.75 15 JNZ SHORT 小车科目.00479792
0047977D|.8B50 14 MOV EDX, DWORD PTR DS:
00479780|.8B48 10 MOV ECX, DWORD PTR DS:
00479783|.BE 03000000 MOV ESI, 0x3
00479788|.2BF2 SUB ESI, EDX
0047978A|.3BF1 CMP ESI, ECX
0047978C|.72 08 JB SHORT 小车科目.00479796
0047978E|.FFD3 CALL NEAR EBX
00479790|.EB 04 JMP SHORT 小车科目.00479796
00479792|>FFD3 CALL NEAR EBX
00479794|.8BF0 MOV ESI, EAX
00479796|>B9 4A000000 MOV ECX, 0x4A
0047979B|.FFD7 CALL NEAR EDI
0047979D|.8B0D 5CC04700 MOV ECX, DWORD PTR DS:
004797A3|.8B51 0C MOV EDX, DWORD PTR DS:
004797A6|.880432 MOV BYTE PTR DS:, AL
004797A9|.A1 5CC04700 MOV EAX, DWORD PTR DS:
004797AE|.85C0 TEST EAX, EAX
004797B0|.74 1B JE SHORT 小车科目.004797CD
004797B2|.66:8338 01 CMP WORD PTR DS:, 0x1
004797B6|.75 15 JNZ SHORT 小车科目.004797CD
004797B8|.8B50 14 MOV EDX, DWORD PTR DS:
004797BB|.8B48 10 MOV ECX, DWORD PTR DS:
004797BE|.BE 04000000 MOV ESI, 0x4
004797C3|.2BF2 SUB ESI, EDX
004797C5|.3BF1 CMP ESI, ECX
004797C7|.72 08 JB SHORT 小车科目.004797D1
004797C9|.FFD3 CALL NEAR EBX
004797CB|.EB 04 JMP SHORT 小车科目.004797D1
004797CD|>FFD3 CALL NEAR EBX
004797CF|.8BF0 MOV ESI, EAX
004797D1|>B9 30000000 MOV ECX, 0x30
004797D6|.FFD7 CALL NEAR EDI
004797D8|.8B0D 5CC04700 MOV ECX, DWORD PTR DS:
004797DE|.8B51 0C MOV EDX, DWORD PTR DS:
004797E1|.880432 MOV BYTE PTR DS:, AL
004797E4|.A1 5CC04700 MOV EAX, DWORD PTR DS:
004797E9|.85C0 TEST EAX, EAX
004797EB|.74 1B JE SHORT 小车科目.00479808
004797ED|.66:8338 01 CMP WORD PTR DS:, 0x1
004797F1|.75 15 JNZ SHORT 小车科目.00479808
004797F3|.8B50 14 MOV EDX, DWORD PTR DS:
004797F6|.8B48 10 MOV ECX, DWORD PTR DS:
004797F9|.BE 05000000 MOV ESI, 0x5
004797FE|.2BF2 SUB ESI, EDX
00479800|.3BF1 CMP ESI, ECX
00479802|.72 08 JB SHORT 小车科目.0047980C
00479804|.FFD3 CALL NEAR EBX
00479806|.EB 04 JMP SHORT 小车科目.0047980C
00479808|>FFD3 CALL NEAR EBX
0047980A|.8BF0 MOV ESI, EAX
0047980C|>B9 3E000000 MOV ECX, 0x3E
00479811|.FFD7 CALL NEAR EDI
00479813|.8B0D 5CC04700 MOV ECX, DWORD PTR DS:
00479819|.8B51 0C MOV EDX, DWORD PTR DS:
0047981C|.880432 MOV BYTE PTR DS:, AL
0047981F|.A1 5CC04700 MOV EAX, DWORD PTR DS:
00479824|.85C0 TEST EAX, EAX
00479826|.74 1B JE SHORT 小车科目.00479843
00479828|.66:8338 01 CMP WORD PTR DS:, 0x1
0047982C|.75 15 JNZ SHORT 小车科目.00479843
0047982E|.8B50 14 MOV EDX, DWORD PTR DS:
00479831|.8B48 10 MOV ECX, DWORD PTR DS:
00479834|.BE 06000000 MOV ESI, 0x6
00479839|.2BF2 SUB ESI, EDX
0047983B|.3BF1 CMP ESI, ECX
0047983D|.72 08 JB SHORT 小车科目.00479847
0047983F|.FFD3 CALL NEAR EBX
00479841|.EB 04 JMP SHORT 小车科目.00479847
00479843|>FFD3 CALL NEAR EBX
00479845|.8BF0 MOV ESI, EAX
00479847|>B9 97000000 MOV ECX, 0x97
0047984C|.FFD7 CALL NEAR EDI
0047984E|.8B0D 5CC04700 MOV ECX, DWORD PTR DS:
00479854|.8B51 0C MOV EDX, DWORD PTR DS:
00479857|.880432 MOV BYTE PTR DS:, AL
0047985A|.A1 5CC04700 MOV EAX, DWORD PTR DS:
0047985F|.85C0 TEST EAX, EAX
00479861|.74 1B JE SHORT 小车科目.0047987E
00479863|.66:8338 01 CMP WORD PTR DS:, 0x1
00479867|.75 15 JNZ SHORT 小车科目.0047987E
00479869|.8B50 14 MOV EDX, DWORD PTR DS:
0047986C|.8B48 10 MOV ECX, DWORD PTR DS:
0047986F|.BE 07000000 MOV ESI, 0x7
00479874|.2BF2 SUB ESI, EDX
00479876|.3BF1 CMP ESI, ECX
00479878|.72 08 JB SHORT 小车科目.00479882
0047987A|.FFD3 CALL NEAR EBX
0047987C|.EB 04 JMP SHORT 小车科目.00479882
0047987E|>FFD3 CALL NEAR EBX
00479880|.8BF0 MOV ESI, EAX
00479882|>B9 D4000000 MOV ECX, 0xD4
00479887|.FFD7 CALL NEAR EDI
00479889|.8B0D 5CC04700 MOV ECX, DWORD PTR DS:
0047988F|.8B51 0C MOV EDX, DWORD PTR DS:
00479892|.880432 MOV BYTE PTR DS:, AL
00479895|.A1 5CC04700 MOV EAX, DWORD PTR DS:
0047989A|.85C0 TEST EAX, EAX
0047989C|.74 1B JE SHORT 小车科目.004798B9
0047989E|.66:8338 01 CMP WORD PTR DS:, 0x1
004798A2|.75 15 JNZ SHORT 小车科目.004798B9
004798A4|.8B50 14 MOV EDX, DWORD PTR DS:
004798A7|.8B48 10 MOV ECX, DWORD PTR DS:
004798AA|.BE 08000000 MOV ESI, 0x8
004798AF|.2BF2 SUB ESI, EDX
004798B1|.3BF1 CMP ESI, ECX
004798B3|.72 08 JB SHORT 小车科目.004798BD
004798B5|.FFD3 CALL NEAR EBX
004798B7|.EB 04 JMP SHORT 小车科目.004798BD
004798B9|>FFD3 CALL NEAR EBX
004798BB|.8BF0 MOV ESI, EAX
004798BD|>B9 7B000000 MOV ECX, 0x7B
004798C2|.FFD7 CALL NEAR EDI
004798C4|.8B0D 5CC04700 MOV ECX, DWORD PTR DS:
004798CA|.8B51 0C MOV EDX, DWORD PTR DS:
004798CD|.880432 MOV BYTE PTR DS:, AL
004798D0|.A1 5CC04700 MOV EAX, DWORD PTR DS:
004798D5|.85C0 TEST EAX, EAX
004798D7|.74 1B JE SHORT 小车科目.004798F4
004798D9|.66:8338 01 CMP WORD PTR DS:, 0x1
004798DD|.75 15 JNZ SHORT 小车科目.004798F4
004798DF|.8B50 14 MOV EDX, DWORD PTR DS:
004798E2|.8B48 10 MOV ECX, DWORD PTR DS:
004798E5|.BE 09000000 MOV ESI, 0x9
004798EA|.2BF2 SUB ESI, EDX
004798EC|.3BF1 CMP ESI, ECX
004798EE|.72 08 JB SHORT 小车科目.004798F8
004798F0|.FFD3 CALL NEAR EBX
004798F2|.EB 04 JMP SHORT 小车科目.004798F8
004798F4|>FFD3 CALL NEAR EBX
004798F6|.8BF0 MOV ESI, EAX
004798F8|>B9 89000000 MOV ECX, 0x89
004798FD|.FFD7 CALL NEAR EDI
004798FF|.8B0D 5CC04700 MOV ECX, DWORD PTR DS:
00479905|.5F POP EDI
00479906|.8B51 0C MOV EDX, DWORD PTR DS:
00479909|.880432 MOV BYTE PTR DS:, AL
0047990C|.5E POP ESI
0047990D|.5B POP EBX
0047990E\.C3 RETN
大神,真厉害
页:
[1]
2