- UID
- 4300
注册时间2005-11-4
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 开心
2022-7-9 18:18 |
|---|
签到天数: 12 天 [LV.3]偶尔看看II
|
算法关键call内容
0057C5E0 /$ 55 push ebp
0057C5E1 |. 8BEC mov ebp, esp
0057C5E3 |. 51 push ecx
0057C5E4 |. B9 04000000 mov ecx, 4
0057C5E9 |> 6A 00 /push 0
0057C5EB |. 6A 00 |push 0
0057C5ED |. 49 |dec ecx
0057C5EE |.^ 75 F9 \jnz short 0057C5E9
0057C5F0 |. 51 push ecx
0057C5F1 |. 874D FC xchg dword ptr [ebp-4], ecx
0057C5F4 |. 53 push ebx
0057C5F5 |. 56 push esi
0057C5F6 |. 57 push edi
0057C5F7 |. 8BF9 mov edi, ecx
0057C5F9 |. 8955 FC mov dword ptr [ebp-4], edx
0057C5FC |. 8B45 FC mov eax, dword ptr [ebp-4]
0057C5FF |. E8 A489E8FF call 00404FA8
0057C604 |. 33C0 xor eax, eax
0057C606 |. 55 push ebp
0057C607 |. 68 A1C75700 push 0057C7A1
0057C60C |. 64:FF30 push dword ptr fs:[eax]
0057C60F |. 64:8920 mov dword ptr fs:[eax], esp
0057C612 |. 8BC7 mov eax, edi
0057C614 |. E8 DF84E8FF call 00404AF8
0057C619 |. 8B45 FC mov eax, dword ptr [ebp-4]
0057C61C |. E8 9787E8FF call 00404DB8
0057C621 |. 8BF0 mov esi, eax
0057C623 |. 85F6 test esi, esi
0057C625 |. 7E 26 jle short 0057C64D
0057C627 |. BB 01000000 mov ebx, 1
0057C62C |> 8D4D EC /lea ecx, dword ptr [ebp-14] \
0057C62F |. 8B45 FC |mov eax, dword ptr [ebp-4] \
0057C632 |. 0FB64418 FF |movzx eax, byte ptr [eax+ebx-1] |
0057C637 |. 33D2 |xor edx, edx |
0057C639 |. E8 AADAE8FF |call 0040A0E8 这个call在循环取硬件码的ascii的hex 。经典的for循环。
0057C63E |. 8B55 EC |mov edx, dword ptr [ebp-14] |
0057C641 |. 8D45 F8 |lea eax, dword ptr [ebp-8] |
0057C644 |. E8 7787E8FF |call 00404DC0 |
0057C649 |. 43 |inc ebx |
0057C64A |. 4E |dec esi |
0057C64B |.^ 75 DF \jnz short 0057C62C /
0057C64D |> 8B45 F8 mov eax, dword ptr [ebp-8] 堆栈 ss:[0012FD8C]=018C7FF8, (ASCII "3551463247485943")
eax=00000002
跳转来自 0057C625 把取得的结果赋值给eax ,
0057C650 |. E8 6387E8FF call 00404DB8
0057C655 |. 8BF0 mov esi, eax
0057C657 |. 85F6 test esi, esi
0057C659 |. 7E 2C jle short 0057C687
0057C65B |. BB 01000000 mov ebx, 1
0057C660 |> 8B45 F8 /mov eax, dword ptr [ebp-8]
0057C663 |. E8 5087E8FF |call 00404DB8
0057C668 |. 2BC3 |sub eax, ebx
0057C66A |. 8B55 F8 |mov edx, dword ptr [ebp-8]
0057C66D |. 8A1402 |mov dl, byte ptr [edx+eax]
0057C670 |. 8D45 E8 |lea eax, dword ptr [ebp-18]
0057C673 |. E8 6886E8FF |call 00404CE0
0057C678 |. 8B55 E8 |mov edx, dword ptr [ebp-18]
0057C67B |. 8D45 F4 |lea eax, dword ptr [ebp-C]
0057C67E |. E8 3D87E8FF |call 00404DC0
0057C683 |. 43 |inc ebx
0057C684 |. 4E |dec esi
0057C685 |.^ 75 D9 \jnz short 0057C660
0057C687 |> 8D45 F8 lea eax, dword ptr [ebp-8]
0057C68A |. 50 push eax
0057C68B |. B9 04000000 mov ecx, 4
0057C690 |. BA 01000000 mov edx, 1
0057C695 |. 8B45 F4 mov eax, dword ptr [ebp-C]
0057C698 |. E8 7B89E8FF call 00405018
0057C69D |. 8D45 F4 lea eax, dword ptr [ebp-C]
0057C6A0 |. 50 push eax
0057C6A1 |. B9 04000000 mov ecx, 4
0057C6A6 |. BA 05000000 mov edx, 5
0057C6AB |. 8B45 F4 mov eax, dword ptr [ebp-C]
0057C6AE |. E8 6589E8FF call 00405018
0057C6B3 |. 8B45 F8 mov eax, dword ptr [ebp-8]
0057C6B6 |. E8 FD86E8FF call 00404DB8
0057C6BB |. 83F8 04 cmp eax, 4
0057C6BE |. 7D 2F jge short 0057C6EF
0057C6C0 |. 8B45 F8 mov eax, dword ptr [ebp-8]
0057C6C3 |. E8 F086E8FF call 00404DB8
0057C6C8 |. 8BD8 mov ebx, eax
0057C6CA |. 83FB 03 cmp ebx, 3
0057C6CD |. 7F 20 jg short 0057C6EF
0057C6CF |> 8D4D E4 /lea ecx, dword ptr [ebp-1C]
0057C6D2 |. 8BC3 |mov eax, ebx
0057C6D4 |. C1E0 02 |shl eax, 2
0057C6D7 |. 33D2 |xor edx, edx
0057C6D9 |. E8 0ADAE8FF |call 0040A0E8
0057C6DE |. 8B55 E4 |mov edx, dword ptr [ebp-1C]
0057C6E1 |. 8D45 F8 |lea eax, dword ptr [ebp-8]
0057C6E4 |. E8 D786E8FF |call 00404DC0
0057C6E9 |. 43 |inc ebx
0057C6EA |. 83FB 04 |cmp ebx, 4
0057C6ED |.^ 75 E0 \jnz short 0057C6CF
0057C6EF |> 8B45 F4 mov eax, dword ptr [ebp-C]
0057C6F2 |. E8 C186E8FF call 00404DB8
0057C6F7 |. 83F8 04 cmp eax, 4
0057C6FA |. 7D 2F jge short 0057C72B
0057C6FC |. 8B45 F4 mov eax, dword ptr [ebp-C]
0057C6FF |. E8 B486E8FF call 00404DB8
0057C704 |. 8BD8 mov ebx, eax
0057C706 |. 83FB 03 cmp ebx, 3
0057C709 |. 7F 20 jg short 0057C72B
0057C70B |> 8D4D E0 /lea ecx, dword ptr [ebp-20]
0057C70E |. 8BC3 |mov eax, ebx
0057C710 |. C1E0 02 |shl eax, 2
0057C713 |. 33D2 |xor edx, edx
0057C715 |. E8 CED9E8FF |call 0040A0E8
0057C71A |. 8B55 E0 |mov edx, dword ptr [ebp-20]
0057C71D |. 8D45 F4 |lea eax, dword ptr [ebp-C]
0057C720 |. E8 9B86E8FF |call 00404DC0
0057C725 |. 43 |inc ebx
0057C726 |. 83FB 04 |cmp ebx, 4
0057C729 |.^ 75 E0 \jnz short 0057C70B
0057C72B |> 8D45 F0 lea eax, dword ptr [ebp-10]
0057C72E |. BA B8C75700 mov edx, 0057C7B8 ; mpw456ei878
0057C733 |. E8 5884E8FF call 00404B90
0057C738 |. 8D45 DC lea eax, dword ptr [ebp-24]
0057C73B |. 50 push eax
0057C73C |. B9 04000000 mov ecx, 4
0057C741 |. BA 01000000 mov edx, 1
0057C746 |. 8B45 F0 mov eax, dword ptr [ebp-10]
0057C749 |. E8 CA88E8FF call 00405018
0057C74E |. FF75 DC push dword ptr [ebp-24]
0057C751 |. 68 CCC75700 push 0057C7CC ; -
0057C756 |. FF75 F8 push dword ptr [ebp-8]
0057C759 |. 8D45 D8 lea eax, dword ptr [ebp-28]
0057C75C |. 50 push eax
0057C75D |. B9 05000000 mov ecx, 5
0057C762 |. BA 05000000 mov edx, 5
0057C767 |. 8B45 F0 mov eax, dword ptr [ebp-10]
0057C76A |. E8 A988E8FF call 00405018
0057C76F |. FF75 D8 push dword ptr [ebp-28]
0057C772 |. 68 CCC75700 push 0057C7CC ; -
0057C777 |. FF75 F4 push dword ptr [ebp-C]
0057C77A |. 8BC7 mov eax, edi
0057C77C |. BA 06000000 mov edx, 6
0057C781 |. E8 F286E8FF call 00404E78
0057C786 |. 33C0 xor eax, eax
0057C788 |. 5A pop edx
0057C789 |. 59 pop ecx
0057C78A |. 59 pop ecx
0057C78B |. 64:8910 mov dword ptr fs:[eax], edx
0057C78E |. 68 A8C75700 push 0057C7A8
0057C793 |> 8D45 D8 lea eax, dword ptr [ebp-28]
0057C796 |. BA 0A000000 mov edx, 0A
0057C79B |. E8 7C83E8FF call 00404B1C
0057C7A0 \. C3 retn
这段代码
0057C650 |. E8 6387E8FF call 00404DB8
0057C655 |. 8BF0 mov esi, eax
0057C657 |. 85F6 test esi, esi
0057C659 |. 7E 2C jle short 0057C687
0057C65B |. BB 01000000 mov ebx, 1
0057C660 |> 8B45 F8 /mov eax, dword ptr [ebp-8]
0057C663 |. E8 5087E8FF |call 00404DB8
0057C668 |. 2BC3 |sub eax, ebx
0057C66A |. 8B55 F8 |mov edx, dword ptr [ebp-8]
0057C66D |. 8A1402 |mov dl, byte ptr [edx+eax]
0057C670 |. 8D45 E8 |lea eax, dword ptr [ebp-18]
0057C673 |. E8 6886E8FF |call 00404CE0
0057C678 |. 8B55 E8 |mov edx, dword ptr [ebp-18]
0057C67B |. 8D45 F4 |lea eax, dword ptr [ebp-C]
0057C67E |. E8 3D87E8FF |call 00404DC0
0057C683 |. 43 |inc ebx
0057C684 |. 4E |dec esi
0057C685 |.^ 75 D9 \jnz short 0057C660
把3551463247485943 反转成 "3495847423641553"
粗跟踪到这里
0057C72B |> 8D45 F0 lea eax, dword ptr [ebp-10]
0057C72E |. BA B8C75700 mov edx, 0057C7B8 ; mpw456ei878
明显的传入一个固定值
0057C733 |. E8 5884E8FF call 00404B90
0057C738 |. 8D45 DC lea eax, dword ptr [ebp-24]
0057C73B |. 50 push eax
0057C73C |. B9 04000000 mov ecx, 4
0057C741 |. BA 01000000 mov edx, 1
0057C746 |. 8B45 F0 mov eax, dword ptr [ebp-10]
0057C749 |. E8 CA88E8FF call 00405018
0057C74E |. FF75 DC push dword ptr [ebp-24]
0057C751 |. 68 CCC75700 push 0057C7CC ; -
0057C756 |. FF75 F8 push dword ptr [ebp-8]
0057C759 |. 8D45 D8 lea eax, dword ptr [ebp-28]
0057C75C |. 50 push eax
0057C75D |. B9 05000000 mov ecx, 5
0057C762 |. BA 05000000 mov edx, 5
0057C767 |. 8B45 F0 mov eax, dword ptr [ebp-10]
0057C76A |. E8 A988E8FF call 00405018
0057C76F |. FF75 D8 push dword ptr [ebp-28]
0057C772 |. 68 CCC75700 push 0057C7CC ; -
0057C777 |. FF75 F4 push dword ptr [ebp-C]
0057C77A |. 8BC7 mov eax, edi
0057C77C |. BA 06000000 mov edx, 6
0057C781 |. E8 F286E8FF call 00404E78
0057C786 |. 33C0 xor eax, eax
这里是取3495847423641553这个字符串的前1-4放进一个变量v1 取5-8防进另一个变量v2,取mpw456ei878的前4放进一个变量v3,取5-9放进一个变量v4。然后用“-”连接v3-v1-v2-v4;连接后的字符串就是注册码。
时间仓促写的有点乱。请各位海涵。
小笨鸟10斤了 ^ ^ |
|
IP卡
发表于 2008-9-22 09:21:25
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2008-9-22 12:43:35
发表于 2008-9-22 16:25:10
发表于 2008-9-26 06:51:51