TA的每日心情 | 开心
2015-8-23 23:49 |
|---|
签到天数: 27 天 [LV.4]偶尔看看III
|
本帖最后由 GGLHY 于 2011-1-24 09:56 编辑
简单任务之某视频录制软件的算法分析
(赶材料,熬夜用OD提神!于是有了本作!:sleepy: ) 请方家指正!
直接来到:
00570A27 |. E8 9C2EEEFF CALL ScreenRe.004538C8
00570A2C |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 假码
00570A2F |. E8 60FDFFFF CALL ScreenRe.00570794 ; 算法CALL,把钥匙拿来,俺要进去参观参观
00570794 /$ 55 PUSH EBP
00570795 |. 8BEC MOV EBP,ESP
省略部分代码
005707A8 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 假码
005707AB |. E8 3C3EE9FF CALL ScreenRe.004045EC
005707B0 |. 33C0 XOR EAX,EAX
005707B2 |. 55 PUSH EBP
省略部分代码
005707BE |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 假码
005707C1 |. E8 363EE9FF CALL ScreenRe.004045FC
005707C6 |. E8 258AE9FF CALL ScreenRe.004091F0
005707CB |. 83F8 17 CMP EAX,17 ; 假码长度与17H(23)比较
005707CE |. 74 0A JE SHORT ScreenRe.005707DA ; 呵呵,该不该跳呢?
005707D0 |. BB 01000000 MOV EBX,1 ; 不跳则EBX置1,接着下面就无条件跳了
005707D5 |. E9 7C010000 JMP ScreenRe.00570956 ; 这里直接跳向EAX清零了,悲剧的开始
005707DA |> B2 01 MOV DL,1 ; 跳的话,DL置1
005707DC |. A1 10644100 MOV EAX,DWORD PTR DS:[416410]
005707E1 |. E8 162BE9FF CALL ScreenRe.004032FC
005707E6 |. 8BD8 MOV EBX,EAX
005707E8 |. 8BCB MOV ECX,EBX
005707EA |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; 假码
005707ED |. B0 2D MOV AL,2D ; 呵呵,注意这里的“2D”!这让你想到了什么?
005707EF |. E8 D4FEFFFF CALL ScreenRe.005706C8 ; 这个CALL是得到假码被“-”分成几部分!!!
005707F4 |. 8BC3 MOV EAX,EBX
005707F6 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
005707F8 |. FF52 14 CALL DWORD PTR DS:[EDX+14] ;
005707FB |. 83F8 04 CMP EAX,4 ; 是4部分吗?
005707FE |. 74 0A JE SHORT ScreenRe.0057080A
00570800 |. BB 01000000 MOV EBX,1 ; 不是4部分则EBX置1
00570805 |. E9 4C010000 JMP ScreenRe.00570956 ; 接着这里直接跳向EAX清零了,悲剧又开始了
0057080A |> 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
0057080D |. 33D2 XOR EDX,EDX
0057080F |. 8BC3 MOV EAX,EBX
00570811 |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
00570813 |. FF56 0C CALL DWORD PTR DS:[ESI+C]
00570816 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; 假码第一部分,设为S1
00570819 |. E8 DE3DE9FF CALL ScreenRe.004045FC
0057081E |. E8 CD89E9FF CALL ScreenRe.004091F0
00570823 |. 83F8 05 CMP EAX,5 ; S1的长度与5比较
00570826 |. 0F85 25010000 JNZ ScreenRe.00570951 ; 不等就跳向给EBX赋值为1的地方了,是杯具啊
0057082C |. 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
0057082F |. BA 01000000 MOV EDX,1
00570834 |. 8BC3 MOV EAX,EBX
00570836 |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
00570838 |. FF56 0C CALL DWORD PTR DS:[ESI+C]
0057083B |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; 假码第2部分S2
0057083E |. E8 B93DE9FF CALL ScreenRe.004045FC
00570843 |. E8 A889E9FF CALL ScreenRe.004091F0
00570848 |. 83F8 05 CMP EAX,5 ; S2的长度与5比较
0057084B |. 0F85 00010000 JNZ ScreenRe.00570951 ; 不等就跳向给EBX赋值为1的地方了,又是杯具
00570851 |. 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
00570854 |. BA 02000000 MOV EDX,2
00570859 |. 8BC3 MOV EAX,EBX
0057085B |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
0057085D |. FF56 0C CALL DWORD PTR DS:[ESI+C]
00570860 |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C] ; 假码第3部分S3
00570863 |. E8 943DE9FF CALL ScreenRe.004045FC
00570868 |. E8 8389E9FF CALL ScreenRe.004091F0
0057086D |. 83F8 05 CMP EAX,5 ; S3的长度与5比较
00570870 |. 0F85 DB000000 JNZ ScreenRe.00570951 ; 不等就跳向给EBX赋值为1的地方了,还是杯具
00570876 |. 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00570879 |. BA 03000000 MOV EDX,3 ; EDX=3
0057087E |. 8BC3 MOV EAX,EBX
00570880 |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
00570882 |. FF56 0C CALL DWORD PTR DS:[ESI+C]
00570885 |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; 假码第4部分S4
00570888 |. E8 6F3DE9FF CALL ScreenRe.004045FC
0057088D |. E8 5E89E9FF CALL ScreenRe.004091F0
00570892 |. 83F8 05 CMP EAX,5 ; S4的长度与5比较
00570895 |. 0F85 B6000000 JNZ ScreenRe.00570951 ; 不等就跳向给EBX赋值为1的地方了,一样是杯具
0057089B |. 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0057089E |. 33D2 XOR EDX,EDX
005708A0 |. 8BC3 MOV EAX,EBX
005708A2 |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
005708A4 |. FF56 0C CALL DWORD PTR DS:[ESI+C]
005708A7 |. FF75 DC PUSH DWORD PTR SS:[EBP-24] ; S1
005708AA |. 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
005708AD |. BA 01000000 MOV EDX,1
005708B2 |. 8BC3 MOV EAX,EBX
005708B4 |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
005708B6 |. FF56 0C CALL DWORD PTR DS:[ESI+C]
005708B9 |. FF75 D8 PUSH DWORD PTR SS:[EBP-28] ; S2
005708BC |. 68 88095700 PUSH ScreenRe.00570988 ; ASCII "zhuoxin"
005708C1 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
005708C4 |. BA 03000000 MOV EDX,3
005708C9 |. E8 EE3BE9FF CALL ScreenRe.004044BC
005708CE |. 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
005708D1 |. BA 03000000 MOV EDX,3
005708D6 |. 8BC3 MOV EAX,EBX
005708D8 |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
005708DA |. FF56 0C CALL DWORD PTR DS:[ESI+C]
005708DD |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C] ; S3
005708E0 |. 50 PUSH EAX
005708E1 |. 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
005708E4 |. BA 02000000 MOV EDX,2
005708E9 |. 8BC3 MOV EAX,EBX
005708EB |. 8B18 MOV EBX,DWORD PTR DS:[EAX]
005708ED |. FF53 0C CALL DWORD PTR DS:[EBX+C]
005708F0 |. 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30] ; S4
005708F3 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
005708F6 |. 59 POP ECX
005708F7 |. E8 4C3BE9FF CALL ScreenRe.00404448
005708FC |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
005708FF |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; S1S2zhuoxin
00570902 |. E8 4DFDFFFF CALL ScreenRe.00570654
00570907 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; S1S2zhuoxin的标准MD5结果(大写),设为Z
0057090A |. E8 ED3CE9FF CALL ScreenRe.004045FC
0057090F |. 8BD0 MOV EDX,EAX ; Z
00570911 |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
00570914 |. E8 FF39E9FF CALL ScreenRe.00404318
00570919 |. 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]
0057091C |. 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
0057091F |. BA 0A000000 MOV EDX,0A ; 呵呵,注意这里的0A,记住它=10
00570924 |. E8 E322ECFF CALL ScreenRe.00432C0C
00570929 |. 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34] ; Z的前10位
0057092C |. E8 CB3CE9FF CALL ScreenRe.004045FC
00570931 |. 50 PUSH EAX ; Z的前10位
00570932 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; S3S4相连
00570935 |. E8 C23CE9FF CALL ScreenRe.004045FC
0057093A |. 8BD0 MOV EDX,EAX ; S3S4相连
0057093C |. 58 POP EAX ; Z的前10位
0057093D |. E8 8A89E9FF CALL ScreenRe.004092CC ; 聪明的你一定猜出来程序准备干什么了!
00570942 |. 85C0 TEST EAX,EAX ; EAX为0吗?
00570944 |. 75 04 JNZ SHORT ScreenRe.0057094A ; 不为零则不是洗具了!呵呵
00570946 |. 33DB XOR EBX,EBX ; 成功的钥匙!
00570948 |. EB 0C JMP SHORT ScreenRe.00570956
0057094A |> BB 01000000 MOV EBX,1 ; EBX又被置1且EAX接着又被清零,哎!
0057094F |. EB 05 JMP SHORT ScreenRe.00570956
00570951 |> BB 01000000 MOV EBX,1
00570956 |> 33C0 XOR EAX,EAX
省略部分代码
0057096B |. E8 D437E9FF CALL ScreenRe.00404144
00570970 \. C3 RETN
00570971 .^ E9 0A31E9FF JMP ScreenRe.00403A80
00570976 .^ EB EB JMP SHORT ScreenRe.00570963
00570978 . 8BC3 MOV EAX,EBX ; 记得这里ebx的值吗,是不是个爆破点呢?哈哈
0057097A . 5E POP ESI
0057097B . 5B POP EBX
0057097C . 8BE5 MOV ESP,EBP
0057097E . 5D POP EBP
0057097F . C3 RETN
00570A34 |. 48 DEC EAX ; EAX的值非常重要,更关键的是上面CALL中决定EAX的EBX哦!
00570A35 |. 75 2F JNZ SHORT ScreenRe.00570A66 ; 关键跳!
省略部分代码
00570A5A |. BA A80A5700 MOV EDX,ScreenRe.00570AA8 ; "Invalid Code",这不用我说吧
00570A5F |. E8 1037E9FF CALL ScreenRe.00404174
小结:
1.根据005707CB处的CMP EAX,17,我们知道注册码长度要23位;
2.根据005707ED处的MOV AL,2D ,我们知道注册码可能含有“-”;
3.根据005707FB处的CMP EAX,4 ,我们知道注册码分为4部分;
4.根据4个CMP EAX,5 ,我们知道注册码的4部分应该为5位;
OK,算法总结:
--------------------------------------------------------------------------------------------
1.23位注册码由3个“-”把余下的20位平分为4部分,分设为S1、S2、S3、S4;
2.S1连S2再连固定字符串“zhuoxin”,取MD5值转大写,设为Z;
3.Z的1-5位=S3
且
Z的6-10位=S4
则软件注册成功!
---------------------------------------------------------------------------------------------
注册信息保存在:HKEY_CURRENT_USER\Software\***\ScreenRecorder下
附上简单的VB注册机源码:
Private Sub Command1_Click()
Dim Z, T As String
Randomize
S = Rnd(1)
T = MD5(Str(S))
Q = UCase(MD5(Mid(T, 1, 10) & "zhuoxin"))
Z = Mid(T, 1, 5) & "-" & Mid(T, 6, 5) & "-" & Mid(Q, 1, 5) & "-" & Mid(Q, 6, 5)
Text1.Text = Z
End Sub
Private Sub Command2_Click()
Unload Me
End Sub
敬请指正!
没优化,将就用呵呵!!!
=================================================================================================
一点题外话:
关于注册码的格式,例如是判断注册码是不是4部分这些问题,其实大家只要改变下注册码的形式(比如加上或减去“-”)就能很直观的在005707FB处的CMP EAX,4这里知道输入的格式对不对了。因此,我们应该充分发挥“大胆假设,小心求证”的精神为指导,就能节约出许多时间和精力了!
当然,如果你很想去看看,我也就顺便把初次OD时的注释贴上来,希望能对你有些帮助!
005707EF |. E8 D4FEFFFF CALL ScreenRe.005706C8 ; 这个CALL是得到假码被“-”分成几部分!
F7进入:
005706C8 /$ 55 PUSH EBP
005706C9 |. 8BEC MOV EBP,ESP
005706CB |. 51 PUSH ECX
005706CC |. 53 PUSH EBX
005706CD |. 56 PUSH ESI
005706CE |. 8BF1 MOV ESI,ECX
005706D0 |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX ; 假码
005706D3 |. 8BD8 MOV EBX,EAX
005706D5 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 假码
005706D8 |. E8 0F3FE9FF CALL ScreenRe.004045EC
005706DD |. 33C0 XOR EAX,EAX
005706DF |. 55 PUSH EBP
005706E0 |. 68 33075700 PUSH ScreenRe.00570733
005706E5 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
005706E8 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
005706EB |. 85F6 TEST ESI,ESI
005706ED |. 75 14 JNZ SHORT ScreenRe.00570703
005706EF |. B9 34000000 MOV ECX,34
005706F4 |. BA 48075700 MOV EDX,ScreenRe.00570748 ; ASCII "E:\VideoRecorder\ScreenRecorder_cn\Register.pas"
005706F9 |. B8 80075700 MOV EAX,ScreenRe.00570780 ; ASCII "Assertion failure"
005706FE |. E8 7939E9FF CALL ScreenRe.0040407C
00570703 |> 8BC6 MOV EAX,ESI
00570705 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
00570707 |. FF52 44 CALL DWORD PTR DS:[EDX+44]
0057070A |. 8BD3 MOV EDX,EBX
0057070C |. 8BC6 MOV EAX,ESI
0057070E |. E8 C99EEAFF CALL ScreenRe.0041A5DC
00570713 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; 假码
00570716 |. 8BC6 MOV EAX,ESI
00570718 |. E8 2F9DEAFF CALL ScreenRe.0041A44C ;这里再F7
0057071D |. 33C0 XOR EAX,EAX
0057071F |. 5A POP EDX
00570720 |. 59 POP ECX
00570721 |. 59 POP ECX
00570722 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
00570725 |. 68 3A075700 PUSH ScreenRe.0057073A
0057072A |> 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0057072D |. E8 EE39E9FF CALL ScreenRe.00404120
00570732 \. C3 RETN
00570733 .^ E9 4833E9FF JMP ScreenRe.00403A80
00570738 .^ EB F0 JMP SHORT ScreenRe.0057072A
0570718 |. E8 2F9DEAFF CALL ScreenRe.0041A44C ;这里再F7,我们接着进入
0041A44C /$ 55 PUSH EBP
0041A44D |. 8BEC MOV EBP,ESP
0041A44F |. 83C4 F4 ADD ESP,-0C
0041A452 |. 53 PUSH EBX
0041A453 |. 56 PUSH ESI
0041A454 |. 57 PUSH EDI
0041A455 |. 33C9 XOR ECX,ECX
0041A457 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
0041A45A |. 8BDA MOV EBX,EDX ; 假码1598753046abcdefghijklm
0041A45C |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0041A45F |. 8D75 F8 LEA ESI,DWORD PTR SS:[EBP-8]
0041A462 |. 33C0 XOR EAX,EAX
0041A464 |. 55 PUSH EBP
0041A465 |. 68 9BA54100 PUSH ScreenRe.0041A59B
0041A46A |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0041A46D |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0041A470 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0041A473 |. E8 64F2FFFF CALL ScreenRe.004196DC
0041A478 |. 33C0 XOR EAX,EAX
0041A47A |. 55 PUSH EBP
0041A47B |. 68 7EA54100 PUSH ScreenRe.0041A57E
0041A480 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0041A483 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0041A486 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0041A489 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
0041A48B |. FF52 44 CALL DWORD PTR DS:[EDX+44]
0041A48E |. 8BC3 MOV EAX,EBX ; 假码
0041A490 |. E8 67A1FEFF CALL ScreenRe.004045FC
0041A495 |. 8906 MOV DWORD PTR DS:[ESI],EAX ; 假码
0041A497 |. EB 0A JMP SHORT ScreenRe.0041A4A3
0041A499 |> 8B06 /MOV EAX,DWORD PTR DS:[ESI]
0041A49B |. 50 |PUSH EAX ; /pCurrentChar
0041A49C |. E8 B7C6FEFF |CALL <JMP.&user32.CharNextA> ; \CharNextA
0041A4A1 |. 8906 |MOV DWORD PTR DS:[ESI],EAX
0041A4A3 |> 8B06 MOV EAX,DWORD PTR DS:[ESI] ; 假码
0041A4A5 |. 8A00 |MOV AL,BYTE PTR DS:[EAX] ; 依次取假码ASC到AL
0041A4A7 |. 48 |DEC EAX ; asc - 1
0041A4A8 |. 2C 20 |SUB AL,20 ; (asc - 1) - 20
0041A4AA |.^ 72 ED \JB SHORT ScreenRe.0041A499
0041A4AC |. E9 AB000000 JMP ScreenRe.0041A55C
0041A4B1 |> 8B45 FC /MOV EAX,DWORD PTR SS:[EBP-4]
0041A4B4 |. E8 0B010000 |CALL ScreenRe.0041A5C4
0041A4B9 |. 3AD8 |CMP BL,AL ; 依次取的假码的ASC
0041A4BB |. 75 16 |JNZ SHORT ScreenRe.0041A4D3
0041A4BD |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
0041A4C0 |. E8 FF000000 |CALL ScreenRe.0041A5C4
0041A4C5 |. 8BD0 |MOV EDX,EAX
0041A4C7 |. 8D4D F4 |LEA ECX,DWORD PTR SS:[EBP-C]
0041A4CA |. 8BC6 |MOV EAX,ESI
0041A4CC |. E8 6FE1FEFF |CALL ScreenRe.00408640
0041A4D1 |. EB 31 |JMP SHORT ScreenRe.0041A504
0041A4D3 |> 8B3E |MOV EDI,DWORD PTR DS:[ESI] ; 假码
0041A4D5 |. EB 0A |JMP SHORT ScreenRe.0041A4E1
0041A4D7 |> 8B06 |/MOV EAX,DWORD PTR DS:[ESI]
0041A4D9 |. 50 ||PUSH EAX ; /pCurrentChar
0041A4DA |. E8 79C6FEFF ||CALL <JMP.&user32.CharNextA> ; \CharNextA
0041A4DF |. 8906 ||MOV DWORD PTR DS:[ESI],EAX
0041A4E1 |> 8B06 | MOV EAX,DWORD PTR DS:[ESI] ; 假码
0041A4E3 |. 8A18 ||MOV BL,BYTE PTR DS:[EAX] ; 依次取假码ASC到AL
0041A4E5 |. 80FB 20 ||CMP BL,20 ; 是 20 吗?
0041A4E8 |. 76 0C ||JBE SHORT ScreenRe.0041A4F6
0041A4EA |. 8B45 FC ||MOV EAX,DWORD PTR SS:[EBP-4]
0041A4ED |. E8 BA000000 ||CALL ScreenRe.0041A5AC
0041A4F2 |. 3AD8 ||CMP BL,AL ; 是“-”吗?
0041A4F4 |.^ 75 E1 |\JNZ SHORT ScreenRe.0041A4D7 ; 这个小循环是判断假码中的“-”
0041A4F6 |> 8B0E |MOV ECX,DWORD PTR DS:[ESI]
0041A4F8 |. 2BCF |SUB ECX,EDI
0041A4FA |. 8D45 F4 |LEA EAX,DWORD PTR SS:[EBP-C]
0041A4FD |. 8BD7 |MOV EDX,EDI
0041A4FF |. E8 0C9DFEFF |CALL ScreenRe.00404210
0041A504 |> 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C] ; 假码中第一个“-”之前的部分(如果有“-”的话)
0041A507 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
0041A50A |. 8B08 |MOV ECX,DWORD PTR DS:[EAX]
0041A50C |. FF51 38 |CALL DWORD PTR DS:[ECX+38]
0041A50F |. EB 0A |JMP SHORT ScreenRe.0041A51B
0041A511 |> 8B06 |/MOV EAX,DWORD PTR DS:[ESI]
0041A513 |. 50 ||PUSH EAX ; /pCurrentChar
0041A514 |. E8 3FC6FEFF ||CALL <JMP.&user32.CharNextA> ; \CharNextA
0041A519 |. 8906 ||MOV DWORD PTR DS:[ESI],EAX
0041A51B |> 8B06 | MOV EAX,DWORD PTR DS:[ESI] ; 假码第一个“-”(含)后面的部分
0041A51D |. 8A00 ||MOV AL,BYTE PTR DS:[EAX]
0041A51F |. 48 ||DEC EAX
0041A520 |. 2C 20 ||SUB AL,20
0041A522 |.^ 72 ED |\JB SHORT ScreenRe.0041A511
0041A524 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
0041A527 |. E8 80000000 |CALL ScreenRe.0041A5AC
0041A52C |. 8B16 |MOV EDX,DWORD PTR DS:[ESI] ; 假码第一个“-”(含)后面的部分
0041A52E |. 3A02 |CMP AL,BYTE PTR DS:[EDX] ; “-”:假码第一个“-”(含)后面的部分的第一位是“-“吗?
0041A530 |. 75 2A |JNZ SHORT ScreenRe.0041A55C
0041A532 |. 8B3E |MOV EDI,DWORD PTR DS:[ESI]
0041A534 |. 57 |PUSH EDI ; /pCurrentChar
0041A535 |. E8 1EC6FEFF |CALL <JMP.&user32.CharNextA> ; \CharNextA
0041A53A |. 8038 00 |CMP BYTE PTR DS:[EAX],0 ; 假码第一个“-”后面第一位假码为空吗?
0041A53D |. 75 0A |JNZ SHORT ScreenRe.0041A549
0041A53F |. 33D2 |XOR EDX,EDX
0041A541 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
0041A544 |. 8B08 |MOV ECX,DWORD PTR DS:[EAX]
0041A546 |. FF51 38 |CALL DWORD PTR DS:[ECX+38]
0041A549 |> 8B06 |/MOV EAX,DWORD PTR DS:[ESI]
0041A54B |. 50 ||PUSH EAX ; /pCurrentChar
0041A54C |. E8 07C6FEFF ||CALL <JMP.&user32.CharNextA> ; \CharNextA
0041A551 |. 8906 ||MOV DWORD PTR DS:[ESI],EAX
0041A553 |. 8B06 ||MOV EAX,DWORD PTR DS:[ESI]
0041A555 |. 8A00 ||MOV AL,BYTE PTR DS:[EAX]
0041A557 |. 48 ||DEC EAX
0041A558 |. 2C 20 ||SUB AL,20
0041A55A |.^ 72 ED |\JB SHORT ScreenRe.0041A549
0041A55C |> 8B06 MOV EAX,DWORD PTR DS:[ESI] ; 假码中”-“后面的部分
0041A55E |. 8A18 |MOV BL,BYTE PTR DS:[EAX] ; 依次取假码"-"后面部分的ASC到BL
0041A560 |. 84DB |TEST BL,BL
0041A562 |.^ 0F85 49FFFFFF \JNZ ScreenRe.0041A4B1
0041A568 |. 33C0 XOR EAX,EAX
0041A56A |. 5A POP EDX
0041A56B |. 59 POP ECX
0041A56C |. 59 POP ECX
0041A56D |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0041A570 |. 68 85A54100 PUSH ScreenRe.0041A585
0041A575 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0041A578 |. E8 1BF2FFFF CALL ScreenRe.00419798
0041A57D \. C3 RETN
0041A57E .^ E9 FD94FEFF JMP ScreenRe.00403A80
0041A583 .^ EB F0 JMP SHORT ScreenRe.0041A575
0041A585 . 33C0 XOR EAX,EAX
省略部分代码
0041A5A4 . 5B POP EBX
0041A5A5 . 8BE5 MOV ESP,EBP
0041A5A7 . 5D POP EBP
0041A5A8 . C3 RETN |
评分
-
查看全部评分
|
[复制链接]
IP卡
发表于 2011-1-22 01:58:47
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2011-1-22 13:36:34
楼主
发表于 2011-1-22 19:51:10
发表于 2011-1-23 11:15:33
发表于 2011-1-25 19:46:11
发表于 2011-3-14 14:30:31