- UID
- 76030
注册时间2014-6-5
阅读权限30
最后登录1970-1-1
龙战于野
TA的每日心情 | 慵懒 2015-8-14 00:08 |
---|
签到天数: 25 天 [LV.4]偶尔看看III
|
这是当时调试分析的笔记,看得懂的则看,看不懂勿怪。。大牛们就飘过了。。
- =======================以下为算法CALL===============================
- 004083B0 /$ 6A FF PUSH -0x1 ; 这里是算法3
- 004083B2 |. 68 A73B4200 PUSH USBRecov.00423BA7
- 004083B7 |. 64:A1 0000000>MOV EAX, DWORD PTR FS:[0]
- 004083BD |. 50 PUSH EAX
- 004083BE |. 81EC B0000000 SUB ESP, 0xB0
- 004083C4 |. 53 PUSH EBX
- 004083C5 |. 56 PUSH ESI
- 004083C6 |. A1 80BD4300 MOV EAX, DWORD PTR DS:[0x43BD80]
- 004083CB |. 33C4 XOR EAX, ESP
- 004083CD |. 50 PUSH EAX
- 004083CE |. 8D8424 BC0000>LEA EAX, DWORD PTR SS:[ESP+0xBC]
- 004083D5 |. 64:A3 0000000>MOV DWORD PTR FS:[0], EAX
- 004083DB |. C78424 C40000>MOV DWORD PTR SS:[ESP+0xC4], 0x0
- 004083E6 |. C74424 1C 000>MOV DWORD PTR SS:[ESP+0x1C], 0x0
- 004083EE |. C78424 C40000>MOV DWORD PTR SS:[ESP+0xC4], 0x2 ; 下面为加入特征字串
- 004083F9 |. 6A 38 PUSH 0x38 ; 8
- 004083FB |. 8D8424 D40000>LEA EAX, DWORD PTR SS:[ESP+0xD4]
- 00408402 |. 50 PUSH EAX
- 00408403 |. 8D4C24 34 LEA ECX, DWORD PTR SS:[ESP+0x34]
- 00408407 |. 51 PUSH ECX
- 00408408 |. E8 E3C8FFFF CALL USBRecov.00404CF0
- 0040840D |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x3
- 00408415 |. 6A 62 PUSH 0x62 ; b
- 00408417 |. 50 PUSH EAX
- 00408418 |. 8D5424 5C LEA EDX, DWORD PTR SS:[ESP+0x5C]
- 0040841C |. 52 PUSH EDX
- 0040841D |. E8 CEC8FFFF CALL USBRecov.00404CF0
- 00408422 |. C68424 DC0000>MOV BYTE PTR SS:[ESP+0xDC], 0x4
- 0040842A |. 6A 33 PUSH 0x33 ; 3
- 0040842C |. 50 PUSH EAX
- 0040842D |. 8D4424 58 LEA EAX, DWORD PTR SS:[ESP+0x58]
- 00408431 |. 50 PUSH EAX
- 00408432 |. E8 B9C8FFFF CALL USBRecov.00404CF0
- 00408437 |. C68424 E80000>MOV BYTE PTR SS:[ESP+0xE8], 0x5
- 0040843F |. 6A 7A PUSH 0x7A ; z
- 00408441 |. 50 PUSH EAX
- 00408442 |. 8D4C24 4C LEA ECX, DWORD PTR SS:[ESP+0x4C]
- 00408446 |. 51 PUSH ECX
- 00408447 |. E8 A4C8FFFF CALL USBRecov.00404CF0
- 0040844C |. C68424 F40000>MOV BYTE PTR SS:[ESP+0xF4], 0x6
- 00408454 |. 6A 6F PUSH 0x6F ; o
- 00408456 |. 50 PUSH EAX
- 00408457 |. 8D9424 8C0000>LEA EDX, DWORD PTR SS:[ESP+0x8C]
- 0040845E |. 52 PUSH EDX
- 0040845F |. E8 8CC8FFFF CALL USBRecov.00404CF0
- 00408464 |. 83C4 3C ADD ESP, 0x3C
- 00408467 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x8
- 0040846F |. 8D4C24 20 LEA ECX, DWORD PTR SS:[ESP+0x20]
- 00408473 |. E8 784A0000 CALL USBRecov.0040CEF0
- 00408478 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x9
- 00408480 |. 8D4C24 38 LEA ECX, DWORD PTR SS:[ESP+0x38]
- 00408484 |. E8 674A0000 CALL USBRecov.0040CEF0
- 00408489 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xA
- 00408491 |. 8D4C24 48 LEA ECX, DWORD PTR SS:[ESP+0x48]
- 00408495 |. E8 564A0000 CALL USBRecov.0040CEF0
- 0040849A |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xB
- 004084A2 |. 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+0x2C]
- 004084A6 |. E8 454A0000 CALL USBRecov.0040CEF0
- 004084AB |. 8B4424 58 MOV EAX, DWORD PTR SS:[ESP+0x58]
- 004084AF |. 85C0 TEST EAX, EAX ; 用户名加上特征字串,这里加上的是8b3zo
- 004084B1 |. 74 05 JE SHORT USBRecov.004084B8 ; ASCII "CrackVip8b3zo"
- 004084B3 |. 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8]
- 004084B6 |. EB 07 JMP SHORT USBRecov.004084BF
- 004084B8 |> 33C9 XOR ECX, ECX
- 004084BA |. B8 E03E4300 MOV EAX, USBRecov.00433EE0
- 004084BF |> 51 PUSH ECX
- 004084C0 |. 50 PUSH EAX
- 004084C1 |. E8 2AE6FFFF CALL USBRecov.00406AF0 ; 变换算法,使用户名加密
- 004084C6 |. 51 PUSH ECX
- 004084C7 |. 8D4424 60 LEA EAX, DWORD PTR SS:[ESP+0x60]
- 004084CB |. 8BCC MOV ECX, ESP
- 004084CD |. 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP
- 004084D1 |. 50 PUSH EAX
- 004084D2 |. E8 E9490000 CALL USBRecov.0040CEC0
- 004084D7 |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0xC
- 004084DF |. 8D8C24 AC0000>LEA ECX, DWORD PTR SS:[ESP+0xAC]
- 004084E6 |. 51 PUSH ECX
- 004084E7 |. C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0xB
- 004084EF |. E8 4CE5FFFF CALL USBRecov.00406A40
- 004084F4 |. C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0xD ; 下面为加入特征字串
- 004084FC |. 6A 63 PUSH 0x63 ; c
- 004084FE |. 8D9424 F00000>LEA EDX, DWORD PTR SS:[ESP+0xF0]
- 00408505 |. 52 PUSH EDX
- 00408506 |. 8D4424 38 LEA EAX, DWORD PTR SS:[ESP+0x38]
- 0040850A |. 50 PUSH EAX
- 0040850B |. E8 E0C7FFFF CALL USBRecov.00404CF0
- 00408510 |. C68424 E00000>MOV BYTE PTR SS:[ESP+0xE0], 0xE
- 00408518 |. 6A 36 PUSH 0x36 ; 6
- 0040851A |. 50 PUSH EAX
- 0040851B |. 8D4C24 5C LEA ECX, DWORD PTR SS:[ESP+0x5C]
- 0040851F |. 51 PUSH ECX
- 00408520 |. E8 CBC7FFFF CALL USBRecov.00404CF0
- 00408525 |. C68424 EC0000>MOV BYTE PTR SS:[ESP+0xEC], 0xF
- 0040852D |. 6A 65 PUSH 0x65 ; e
- 0040852F |. 50 PUSH EAX
- 00408530 |. 8D5424 78 LEA EDX, DWORD PTR SS:[ESP+0x78]
- 00408534 |. 52 PUSH EDX
- 00408535 |. E8 B6C7FFFF CALL USBRecov.00404CF0
- 0040853A |. C68424 F80000>MOV BYTE PTR SS:[ESP+0xF8], 0x10
- 00408542 |. 6A 74 PUSH 0x74 ; t
- 00408544 |. 50 PUSH EAX
- 00408545 |. 8D4424 68 LEA EAX, DWORD PTR SS:[ESP+0x68]
- 00408549 |. 50 PUSH EAX
- 0040854A |. E8 A1C7FFFF CALL USBRecov.00404CF0
- 0040854F |. 83C4 40 ADD ESP, 0x40
- 00408552 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x11
- 0040855A |. 6A 65 PUSH 0x65 ; e
- 0040855C |. 50 PUSH EAX
- 0040855D |. 8D4C24 68 LEA ECX, DWORD PTR SS:[ESP+0x68]
- 00408561 |. 51 PUSH ECX
- 00408562 |. E8 89C7FFFF CALL USBRecov.00404CF0 ; 邮箱加入特征字串c6ete
- 00408567 |. 83C4 0C ADD ESP, 0xC
- 0040856A |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x13
- 00408572 |. 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+0x2C]
- 00408576 |. E8 75490000 CALL USBRecov.0040CEF0
- 0040857B |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x14
- 00408583 |. 8D4C24 48 LEA ECX, DWORD PTR SS:[ESP+0x48]
- 00408587 |. E8 64490000 CALL USBRecov.0040CEF0
- 0040858C |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x15
- 00408594 |. 8D4C24 38 LEA ECX, DWORD PTR SS:[ESP+0x38]
- 00408598 |. E8 53490000 CALL USBRecov.0040CEF0
- 0040859D |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x16
- 004085A5 |. 8D4C24 20 LEA ECX, DWORD PTR SS:[ESP+0x20]
- 004085A9 |. E8 42490000 CALL USBRecov.0040CEF0
- 004085AE |. 8B4424 64 MOV EAX, DWORD PTR SS:[ESP+0x64]
- 004085B2 |. 85C0 TEST EAX, EAX
- 004085B4 |. 74 05 JE SHORT USBRecov.004085BB
- 004085B6 |. 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8]
- 004085B9 |. EB 07 JMP SHORT USBRecov.004085C2
- 004085BB |> 33C9 XOR ECX, ECX
- 004085BD |. B8 E03E4300 MOV EAX, USBRecov.00433EE0
- 004085C2 |> 51 PUSH ECX
- 004085C3 |. 50 PUSH EAX
- 004085C4 |. E8 27E5FFFF CALL USBRecov.00406AF0 ; 变形算法
- 004085C9 |. 51 PUSH ECX
- 004085CA |. 8D5424 6C LEA EDX, DWORD PTR SS:[ESP+0x6C]
- 004085CE |. 8BCC MOV ECX, ESP
- 004085D0 |. 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP
- 004085D4 |. 52 PUSH EDX
- 004085D5 |. E8 E6480000 CALL USBRecov.0040CEC0
- 004085DA |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x17
- 004085E2 |. 8D8424 9C0000>LEA EAX, DWORD PTR SS:[ESP+0x9C]
- 004085E9 |. 50 PUSH EAX
- 004085EA |. C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x16
- 004085F2 |. E8 49E4FFFF CALL USBRecov.00406A40 ; MD5
- 004085F7 |. 83C4 10 ADD ESP, 0x10
- 004085FA |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x18
- 00408602 |. 6A FF PUSH -0x1
- 00408604 |. 68 E03E4300 PUSH USBRecov.00433EE0
- 00408609 |. 8D4C24 18 LEA ECX, DWORD PTR SS:[ESP+0x18]
- 0040860D |. E8 0E520000 CALL USBRecov.0040D820
- 00408612 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x19
- 0040861A |. 68 BC91E911 PUSH 0x11E991BC ; 这个是什么数字,转成数字后是300519868,经过分析这里为软
- 件特征
- 0040861F |. 8D4C24 14 LEA ECX, DWORD PTR SS:[ESP+0x14]
- 00408623 |. E8 E8530000 CALL USBRecov.0040DA10 ; 取其中的后面8位数字?
- 00408628 |. 6A FF PUSH -0x1
- 0040862A |. 68 E03E4300 PUSH USBRecov.00433EE0
- 0040862F |. 8D4C24 74 LEA ECX, DWORD PTR SS:[ESP+0x74]
- 00408633 |. E8 E8510000 CALL USBRecov.0040D820
- 00408638 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1A ; 再加上特征字串
- 00408640 |. 6A 6B PUSH 0x6B ; k
- 00408642 |. 50 PUSH EAX
- 00408643 |. 8D8C24 800000>LEA ECX, DWORD PTR SS:[ESP+0x80]
- 0040864A |. 51 PUSH ECX
- 0040864B |. E8 A0C6FFFF CALL USBRecov.00404CF0
- 00408650 |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x1B
- 00408658 |. 6A 72 PUSH 0x72 ; r
- 0040865A |. 50 PUSH EAX
- 0040865B |. 8D5424 34 LEA EDX, DWORD PTR SS:[ESP+0x34]
- 0040865F |. 52 PUSH EDX
- 00408660 |. E8 8BC6FFFF CALL USBRecov.00404CF0
- 00408665 |. C68424 DC0000>MOV BYTE PTR SS:[ESP+0xDC], 0x1C
- 0040866D |. 6A 78 PUSH 0x78 ; x
- 0040866F |. 50 PUSH EAX
- 00408670 |. 8D4424 58 LEA EAX, DWORD PTR SS:[ESP+0x58]
- 00408674 |. 50 PUSH EAX
- 00408675 |. E8 76C6FFFF CALL USBRecov.00404CF0
- 0040867A |. C68424 E80000>MOV BYTE PTR SS:[ESP+0xE8], 0x1D
- 00408682 |. 6A 35 PUSH 0x35 ; 5
- 00408684 |. 50 PUSH EAX
- 00408685 |. 8D4C24 74 LEA ECX, DWORD PTR SS:[ESP+0x74]
- 00408689 |. 51 PUSH ECX
- 0040868A |. E8 61C6FFFF CALL USBRecov.00404CF0
- 0040868F |. B3 1E MOV BL, 0x1E ; 长度吗?30
- 00408691 |. 889C24 F40000>MOV BYTE PTR SS:[ESP+0xF4], BL
- 00408698 |. 6A 6C PUSH 0x6C ; l
- 0040869A |. 50 PUSH EAX
- 0040869B |. 8D5424 64 LEA EDX, DWORD PTR SS:[ESP+0x64]
- 0040869F |. 52 PUSH EDX
- 004086A0 |. E8 4BC6FFFF CALL USBRecov.00404CF0
- 004086A5 |. 83C4 3C ADD ESP, 0x3C
- 004086A8 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1F
- 004086B0 |. 50 PUSH EAX
- 004086B1 |. 8D4C24 14 LEA ECX, DWORD PTR SS:[ESP+0x14]
- 004086B5 |. E8 16500000 CALL USBRecov.0040D6D0
- 004086BA |. 889C24 C40000>MOV BYTE PTR SS:[ESP+0xC4], BL
- 004086C1 |. 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+0x2C]
- 004086C5 |. E8 26480000 CALL USBRecov.0040CEF0
- 004086CA |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1D
- 004086D2 |. 8D4C24 48 LEA ECX, DWORD PTR SS:[ESP+0x48]
- 004086D6 |. E8 15480000 CALL USBRecov.0040CEF0
- 004086DB |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1C
- 004086E3 |. 8D4C24 38 LEA ECX, DWORD PTR SS:[ESP+0x38]
- 004086E7 |. E8 04480000 CALL USBRecov.0040CEF0
- 004086EC |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1B
- 004086F4 |. 8D4C24 20 LEA ECX, DWORD PTR SS:[ESP+0x20]
- 004086F8 |. E8 F3470000 CALL USBRecov.0040CEF0
- 004086FD |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1A
- 00408705 |. 8D4C24 78 LEA ECX, DWORD PTR SS:[ESP+0x78]
- 00408709 |. E8 E2470000 CALL USBRecov.0040CEF0
- 0040870E |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x19
- 00408716 |. 8D4C24 6C LEA ECX, DWORD PTR SS:[ESP+0x6C]
- 0040871A |. E8 D1470000 CALL USBRecov.0040CEF0 ; 上面的字串,再加特征码,这个特征码是固定的
- 0040871F |. 8B4424 14 MOV EAX, DWORD PTR SS:[ESP+0x14] ; ASCII "300519868krx5l"
- 00408723 |. 85C0 TEST EAX, EAX
- 00408725 |. 74 05 JE SHORT USBRecov.0040872C
- 00408727 |. 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8]
- 0040872A |. EB 07 JMP SHORT USBRecov.00408733
- 0040872C |> 33C9 XOR ECX, ECX
- 0040872E |. B8 E03E4300 MOV EAX, USBRecov.00433EE0
- 00408733 |> 51 PUSH ECX
- 00408734 |. 50 PUSH EAX
- 00408735 |. E8 B6E3FFFF CALL USBRecov.00406AF0
- 0040873A |. 51 PUSH ECX
- 0040873B |. 8D4424 1C LEA EAX, DWORD PTR SS:[ESP+0x1C]
- 0040873F |. 8BCC MOV ECX, ESP
- 00408741 |. 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP
- 00408745 |. 50 PUSH EAX
- 00408746 |. E8 75470000 CALL USBRecov.0040CEC0
- 0040874B |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x20
- 00408753 |. 8D8C24 B80000>LEA ECX, DWORD PTR SS:[ESP+0xB8]
- 0040875A |. 51 PUSH ECX
- 0040875B |. C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x19
- 00408763 |. E8 D8E2FFFF CALL USBRecov.00406A40 ; MD5运算
- 00408768 |. C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x21
- 00408770 |. 83C4 04 ADD ESP, 0x4
- 00408773 |. 8D9424 B80000>LEA EDX, DWORD PTR SS:[ESP+0xB8]
- 0040877A |. 8BCC MOV ECX, ESP
- 0040877C |. 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP
- 00408780 |. 52 PUSH EDX
- 00408781 |. E8 3A470000 CALL USBRecov.0040CEC0 ; 刚刚取到的MD5值
- 00408786 |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x22
- 0040878E |. 68 1C494300 PUSH USBRecov.0043491C ; -
- 00408793 |. 83EC 0C SUB ESP, 0xC
- 00408796 |. 8BF4 MOV ESI, ESP
- 00408798 |. 89A424 B80000>MOV DWORD PTR SS:[ESP+0xB8], ESP
- 0040879F |. 83EC 0C SUB ESP, 0xC
- 004087A2 |. 8D8424 B80000>LEA EAX, DWORD PTR SS:[ESP+0xB8]
- 004087A9 |. 8BCC MOV ECX, ESP
- 004087AB |. 89A424 E00000>MOV DWORD PTR SS:[ESP+0xE0], ESP
- 004087B2 |. 50 PUSH EAX
- 004087B3 |. E8 08470000 CALL USBRecov.0040CEC0
- 004087B8 |. B3 23 MOV BL, 0x23
- 004087BA |. 889C24 EC0000>MOV BYTE PTR SS:[ESP+0xEC], BL
- 004087C1 |. 68 1C494300 PUSH USBRecov.0043491C ; -
- 004087C6 |. 83EC 0C SUB ESP, 0xC
- 004087C9 |. 8D9424 D80000>LEA EDX, DWORD PTR SS:[ESP+0xD8]
- 004087D0 |. 8BCC MOV ECX, ESP
- 004087D2 |. 896424 7C MOV DWORD PTR SS:[ESP+0x7C], ESP
- 004087D6 |. 52 PUSH EDX
- 004087D7 |. E8 E4460000 CALL USBRecov.0040CEC0
- 004087DC |. C68424 FC0000>MOV BYTE PTR SS:[ESP+0xFC], 0x24
- 004087E4 |. 8D8424 B00000>LEA EAX, DWORD PTR SS:[ESP+0xB0]
- 004087EB |. 50 PUSH EAX
- 004087EC |. 889C24 000100>MOV BYTE PTR SS:[ESP+0x100], BL
- 004087F3 |. E8 B894FFFF CALL USBRecov.00401CB0
- 004087F8 |. 83C4 14 ADD ESP, 0x14
- 004087FB |. C68424 EC0000>MOV BYTE PTR SS:[ESP+0xEC], 0x25
- 00408803 |. 50 PUSH EAX
- 00408804 |. B3 26 MOV BL, 0x26 ; 26?
- 00408806 |. 56 PUSH ESI
- 00408807 |. 889C24 F40000>MOV BYTE PTR SS:[ESP+0xF4], BL
- 0040880E |. E8 1D94FFFF CALL USBRecov.00401C30
- 00408813 |. 83C4 14 ADD ESP, 0x14
- 00408816 |. C68424 E00000>MOV BYTE PTR SS:[ESP+0xE0], 0x27
- 0040881E |. 8D8C24 880000>LEA ECX, DWORD PTR SS:[ESP+0x88]
- 00408825 |. 51 PUSH ECX
- 00408826 |. 889C24 E40000>MOV BYTE PTR SS:[ESP+0xE4], BL
- 0040882D |. E8 7E94FFFF CALL USBRecov.00401CB0
- 00408832 |. 83C4 14 ADD ESP, 0x14
- 00408835 |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x28
- 0040883D |. 8BB424 D80000>MOV ESI, DWORD PTR SS:[ESP+0xD8]
- 00408844 |. 50 PUSH EAX
- 00408845 |. 56 PUSH ESI
- 00408846 |. C68424 D80000>MOV BYTE PTR SS:[ESP+0xD8], 0x2A
- 0040884E |. E8 DD93FFFF CALL USBRecov.00401C30
- 00408853 |. 83C4 14 ADD ESP, 0x14
- 00408856 |. BB 01000000 MOV EBX, 0x1
- 0040885B |. 895C24 1C MOV DWORD PTR SS:[ESP+0x1C], EBX
- 0040885F |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x29
- 00408867 |. 8D4C24 6C LEA ECX, DWORD PTR SS:[ESP+0x6C]
- 0040886B |. E8 80460000 CALL USBRecov.0040CEF0
- 00408870 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x21
- 00408878 |. 8D4C24 78 LEA ECX, DWORD PTR SS:[ESP+0x78]
- 0040887C |. E8 6F460000 CALL USBRecov.0040CEF0
- 00408881 |. 83EC 0C SUB ESP, 0xC
- 00408884 |. 8BCC MOV ECX, ESP
- 00408886 |. 896424 50 MOV DWORD PTR SS:[ESP+0x50], ESP
- 0040888A |. 56 PUSH ESI
- 0040888B |. E8 30460000 CALL USBRecov.0040CEC0
- 00408890 |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x2B
- 00408898 |. 8D9424 900000>LEA EDX, DWORD PTR SS:[ESP+0x90]
- 0040889F |. 52 PUSH EDX
- 004088A0 |. C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x21
- 004088A8 |. E8 93E1FFFF CALL USBRecov.00406A40 ; 再MD5
- 004088AD |. 83C4 10 ADD ESP, 0x10
- 004088B0 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x2C
- 004088B8 |. 8D8424 840000>LEA EAX, DWORD PTR SS:[ESP+0x84]
- 004088BF |. 50 PUSH EAX
- 004088C0 |. 8BCE MOV ECX, ESI
- 004088C2 |. E8 29470000 CALL USBRecov.0040CFF0
- 004088C7 |. 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4]
- 004088CA |. 85C0 TEST EAX, EAX
- 004088CC |. 74 12 JE SHORT USBRecov.004088E0
- 004088CE |. 8378 F8 08 CMP DWORD PTR DS:[EAX-0x8], 0x8
- 004088D2 |. 7C 0C JL SHORT USBRecov.004088E0
- 004088D4 |. 6A 07 PUSH 0x7 ; 第7个替换
- 004088D6 |. 8BCE MOV ECX, ESI
- 004088D8 |. E8 D3440000 CALL USBRecov.0040CDB0
- 004088DD |. C600 2D MOV BYTE PTR DS:[EAX], 0x2D ; -
- 004088E0 |> 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4]
- 004088E3 |. 85C0 TEST EAX, EAX
- 004088E5 |. 74 12 JE SHORT USBRecov.004088F9
- 004088E7 |. 8378 F8 10 CMP DWORD PTR DS:[EAX-0x8], 0x10
- 004088EB |. 7C 0C JL SHORT USBRecov.004088F9
- 004088ED |. 6A 0F PUSH 0xF ; 第F(15)个替换-
- 004088EF |. 8BCE MOV ECX, ESI
- 004088F1 |. E8 BA440000 CALL USBRecov.0040CDB0
- 004088F6 |. C600 2D MOV BYTE PTR DS:[EAX], 0x2D
- 004088F9 |> 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4]
- 004088FC |. 85C0 TEST EAX, EAX
- 004088FE |. 74 12 JE SHORT USBRecov.00408912
- 00408900 |. 8378 F8 18 CMP DWORD PTR DS:[EAX-0x8], 0x18
- 00408904 |. 7C 0C JL SHORT USBRecov.00408912
- 00408906 |. 6A 17 PUSH 0x17 ; 第0x17个位置替换-
- 00408908 |. 8BCE MOV ECX, ESI
- 0040890A |. E8 A1440000 CALL USBRecov.0040CDB0
- 0040890F |. C600 2D MOV BYTE PTR DS:[EAX], 0x2D ; -
- 00408912 |> 8BCE MOV ECX, ESI
- 00408914 |. E8 F74A0000 CALL USBRecov.0040D410
- 00408919 |. 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4]
- 0040891C |. 85C0 TEST EAX, EAX
- 0040891E |. 74 05 JE SHORT USBRecov.00408925
- 00408920 |. 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8]
- 00408923 |. EB 02 JMP SHORT USBRecov.00408927
- 00408925 |> 33C9 XOR ECX, ECX
- 00408927 |> 85C0 TEST EAX, EAX
- 00408929 |. 75 05 JNZ SHORT USBRecov.00408930
- 0040892B |. B8 E03E4300 MOV EAX, USBRecov.00433EE0
- 00408930 |> 51 PUSH ECX
- 00408931 |. 50 PUSH EAX
- 00408932 |. E8 D9E1FFFF CALL USBRecov.00406B10 ; 替换字串0为E
- 00408937 |. 83C4 08 ADD ESP, 0x8
- 0040893A |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x21
- 00408942 |. 8D8C24 840000>LEA ECX, DWORD PTR SS:[ESP+0x84]
- 00408949 |. E8 A2450000 CALL USBRecov.0040CEF0
- 0040894E |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x19
- 00408956 |. 8D8C24 AC0000>LEA ECX, DWORD PTR SS:[ESP+0xAC]
- 0040895D |. E8 8E450000 CALL USBRecov.0040CEF0
- 00408962 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x18
- 0040896A |. 8D4C24 10 LEA ECX, DWORD PTR SS:[ESP+0x10]
- 0040896E |. E8 7D450000 CALL USBRecov.0040CEF0
- 00408973 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x16
- 0040897B |. 8D8C24 900000>LEA ECX, DWORD PTR SS:[ESP+0x90]
- 00408982 |. E8 69450000 CALL USBRecov.0040CEF0
- 00408987 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xD
- 0040898F |. 8D4C24 60 LEA ECX, DWORD PTR SS:[ESP+0x60]
- 00408993 |. E8 58450000 CALL USBRecov.0040CEF0
- 00408998 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xB
- 004089A0 |. 8D8C24 A00000>LEA ECX, DWORD PTR SS:[ESP+0xA0]
- 004089A7 |. E8 44450000 CALL USBRecov.0040CEF0
- 004089AC |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x2
- 004089B4 |. 8D4C24 54 LEA ECX, DWORD PTR SS:[ESP+0x54]
- 004089B8 |. E8 33450000 CALL USBRecov.0040CEF0
- 004089BD |. 889C24 C40000>MOV BYTE PTR SS:[ESP+0xC4], BL
- 004089C4 |. 8D8C24 D00000>LEA ECX, DWORD PTR SS:[ESP+0xD0]
- 004089CB |. E8 20450000 CALL USBRecov.0040CEF0
- 004089D0 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x0
- 004089D8 |. 8D8C24 DC0000>LEA ECX, DWORD PTR SS:[ESP+0xDC]
- 004089DF |. E8 0C450000 CALL USBRecov.0040CEF0
- 004089E4 |. 8BC6 MOV EAX, ESI
- 004089E6 |. 8B8C24 BC0000>MOV ECX, DWORD PTR SS:[ESP+0xBC]
- 004089ED |. 64:890D 00000>MOV DWORD PTR FS:[0], ECX
- 004089F4 |. 59 POP ECX
- 004089F5 |. 5E POP ESI
- 004089F6 |. 5B POP EBX
- 004089F7 |. 81C4 BC000000 ADD ESP, 0xBC
- 004089FD \. C3 RETN
复制代码
$+28 > 00A62C54 ASCII "1E32A25-7B2D9E4-6D62B8C-559A2E63"
0012ED58 00A62C54 ASCII "E62E51E-E85C1D2-2BCF48C-791D4946"
>0012ED58 00A62C54 ASCII "E62E51E-E85C1D2-2BCF48C-791D4946"
>
CrackVip
CrackVip@qq.com
E62E51E-E85C1D2-2BCF48C-791D4946
EAX 00000000
ECX 00433EE1 USBRecov.00433EE1
EDX 00A6449D ASCII "4ce6db3d030f90eea1d40f4c5c56b4f"
EAX 0012F0B0
ECX 00433EE1 USBRecov.00433EE1
EDX 00A64E65 ASCII "5a3523cd7106b9552b874cb26c99e71"
EAX 0012F014
ECX 00434965 USBRecov.00434965
EDX 00A64509 ASCII "4cb26c99e71"
EAX 0012F014
ECX 00434939 USBRecov.00434939
EDX 00A6450D ASCII "6c99e71"
软件版本特征码
4415=<2<ov|1h
========MD5======================
d2c1cc6258f65227e7835fc416191e3f (32)
58f65227e7835fc4 (16)
**me
hehe112233@qq.com
4444444-3333333-2222222-1111111
EAX 0012F0B0
ECX 00433EE1 USBRecov.00433EE1
EDX 00A64E7D ASCII ""
bf3820b3ea6c781ac9c608dc403d24f
EAX 0012EDC0
ECX 00433EE1 USBRecov.00433EE1
"9d0a5d0ff71be8dbf5ac618ba3195db"
堆栈 SS:[0012ECAC]=00A64B34, (ASCII "1111111-2222222c6ete300519868")
EAX=0012ECA8
5555555)6666666g2apa74415=<2<
-----》》》》MD5
a6853cdc095af227aabca40cccf15655
a6853cdc095af227aabca40cccf15655
" dc095af227aabca40cccf15655"
在第7位加入-,并转大写
ASCII "A6853C-C095AF227"
=============================================================
用户名加上特征字串------>>>ASCII "CrackVip8b3zo"
然后异或算法,得到加密后的字串 ASCII "GvegoRmt<f7~k"
该特征码MD5后
fbbbb696856b99fe30fa649668386e8f (32)
856b99fe30fa6496 (16)
============================================================
邮箱加上特征码------------->>>>>>>>>>crackvip@qq.comc6ete
然后与4异或算法,得到加密后的字串 ASCII "gvegormtDuu*gkig2apa"
该特征码MD5后
f14df3a3320192d94f106b6d306bdd1a (32)
320192d94f106b6d (16)
=============================================================
固定特征码字串
> 00A64E24 ASCII "300519868krx5l"
然后与4异或算法,得到加密后的字串 ASCII "74415=<2<ov|1h"
MD5后
fa10413a614948270e60f748774e9f83 (32)
614948270e60f748 (16)
==============================================================
将前面三组MD5中间加“-”号,再次进行MD5(全部为小写)
fbbbb696856b99fe30fa649668386e8f-f14df3a3320192d94f106b6d306bdd1a-fa10413a614948270e60f748774e9f83
$-70 > 00A647C4 ASCII "fbbbb696856b99fe30fa649668386e8f-f14df3a3320192d94f106b6d306bdd1a-fa10413a614948270e60f748774e9f83"
MD5后
2ae431a6f3aa183cd826dfcc518079f9 (32)
f3aa183cd826dfcc (16)
ASCII "2AE431A-F3AA183-D826DFC-518E79F9"
|
评分
-
查看全部评分
|