- UID
- 79728
注册时间2014-11-12
阅读权限30
最后登录1970-1-1
龙战于野
TA的每日心情 | 郁闷
2018-1-26 16:44 |
|---|
签到天数: 149 天 [LV.7]常住居民III
|
本帖最后由 MOD 于 2014-11-18 20:22 编辑
以 Invalid registration number 为关键字,搜索
004223DD . E8 DE050000 CALL 004229C0 ; 从下面几行可以看出,这验证注册码的call ,如果eax不等于0x9D,注册码为假
004223E2 . 83C4 08 ADD ESP, 8
004223E5 . 3D 9D000000 CMP EAX, 9D
004223EA . 75 09 JNZ SHORT 004223F5
004223EC . 8BCE MOV ECX, ESI
004223EE . E8 CD1B0200 CALL 00443FC0
004223F3 . EB 21 JMP SHORT 00422416
004223F5 > 6A 00 PUSH 0
004223F7 . 6A 30 PUSH 30
004223F9 . 68 849F4800 PUSH 00489F84 ; Invalid registration number.
进入 CALL 004229C0
004229C0 |. 6A FF PUSH -1
…………………………
00422A04 |. E8 E7FBFFFF CALL 004225F0 ; 决定最终的返回值 eax
00422A09 |. 8D4C24 04 LEA ECX, [ESP+4]
00422A0D |. 8BF0 MOV ESI, EAX
00422A0F |. C74424 20 FFF>MOV DWORD PTR [ESP+20], -1
00422A17 |. E8 84FBFFFF CALL 004225A0
00422A1C |. 8B4C24 18 MOV ECX, [ESP+18]
00422A20 |. 8BC6 MOV EAX, ESI
00422A22 |. 64:890D 00000>MOV FS:[0], ECX
00422A29 |. 5E POP ESI
00422A2A |. 83C4 20 ADD ESP, 20
00422A2D \. C3 RETN
进入 CALL 004225F0
004225F0 |. 6A FF PUSH -1
004225F2 |. 68 78914600 PUSH 00469178 ; SE 处理程序安装
004225F7 |. 64:A1 0000000>MOV EAX, FS:[0]
004225FD |. 50 PUSH EAX
004225FE |. 64:8925 00000>MOV FS:[0], ESP
00422605 |. 51 PUSH ECX
00422606 |. 55 PUSH EBP
00422607 |. 56 PUSH ESI
00422608 |. 57 PUSH EDI
00422609 |. 8BE9 MOV EBP, ECX
0042260B |. 8B45 00 MOV EAX, [EBP]
0042260E |. 83CE FF OR ESI, FFFFFFFF
00422611 |. 3BC6 CMP EAX, ESI
00422613 |. C74424 18 000>MOV DWORD PTR [ESP+18], 0
0042261B |. 75 05 JNZ SHORT 00422622
0042261D |. 3975 04 CMP [EBP+4], ESI
00422620 |. 74 50 JE SHORT 00422672
00422622 |> 8D4C24 20 LEA ECX, [ESP+20]
00422626 |. E8 F3E60100 CALL 00440D1E
0042262B |. 8D4C24 20 LEA ECX, [ESP+20]
0042262F |. E8 9EE60100 CALL 00440CD2
00422634 |. 8B4424 20 MOV EAX, [ESP+20] ; 堆栈 SS:[0012F55C]=00AF3F70, (ASCII "1234567890123")
00422638 |. 8378 F8 0D CMP DWORD PTR [EAX-8], 0D ; 判断注册码位数 要求0xD 即13位
0042263C |. 75 34 JNZ SHORT 00422672
0042263E |. 53 PUSH EBX
0042263F |. 8D4C24 10 LEA ECX, [ESP+10]
00422643 |. 6A 02 PUSH 2
00422645 |. 51 PUSH ECX
00422646 |. 8D4C24 2C LEA ECX, [ESP+2C]
0042264A |. E8 50E20100 CALL 0044089F
0042264F |. 8B00 MOV EAX, [EAX] ; 堆栈 DS:[0012F548]=00AF3FC0, (ASCII "12")
00422651 |. 68 EC9F4800 PUSH 00489FEC ; PT
00422656 |. 50 PUSH EAX ; 前两位要求是PT
00422657 |. E8 BCE80000 CALL 00430F18
0042265C |. 83C4 08 ADD ESP, 8
0042265F |. 8D4C24 10 LEA ECX, [ESP+10]
00422663 |. 85C0 TEST EAX, EAX
00422665 |. 0F95C3 SETNE BL
00422668 |. E8 6E5B0200 CALL 004481DB
0042266D |. 84DB TEST BL, BL
0042266F |. 5B POP EBX
00422670 |. 74 23 JE SHORT 00422695
00422672 |> 8D4C24 20 LEA ECX, [ESP+20]
00422676 |. 897424 18 MOV [ESP+18], ESI
0042267A |. E8 5C5B0200 CALL 004481DB
0042267F |. 8BC6 MOV EAX, ESI
00422681 |. 5F POP EDI
00422682 |. 5E POP ESI
00422683 |. 5D POP EBP
00422684 |. 8B4C24 04 MOV ECX, [ESP+4]
00422688 |. 64:890D 00000>MOV FS:[0], ECX
0042268F |. 83C4 10 ADD ESP, 10
00422692 |. C2 0400 RETN 4
00422695 |> 6A 04 PUSH 4
00422697 |. 8D5424 10 LEA EDX, [ESP+10]
0042269B |. 6A 02 PUSH 2
0042269D |. 52 PUSH EDX
0042269E |. 8D4C24 2C LEA ECX, [ESP+2C]
004226A2 |. E8 E6E00100 CALL 0044078D
004226A7 |. 8B00 MOV EAX, [EAX] ; 堆栈 DS:[0012F548]=00AF3FC0, (ASCII "1234")
004226A9 |. 50 PUSH EAX
004226AA |. E8 5EE80000 CALL 00430F0D
004226AF |. 83C4 04 ADD ESP, 4
004226B2 |. 8D4C24 0C LEA ECX, [ESP+C] ; 堆栈地址=0012F548
004226B6 |. 8BF0 MOV ESI, EAX ; EAX=000004D2 即1234的16进制
004226B8 |. E8 1E5B0200 CALL 004481DB
004226BD |. 8D4424 0C LEA EAX, [ESP+C]
004226C1 |. 6A 06 PUSH 6
004226C3 |. 50 PUSH EAX
004226C4 |. 8D4C24 28 LEA ECX, [ESP+28] ; 堆栈地址=0012F55C ASCII "PT12345678901"
004226C8 |. E8 9DE00100 CALL 0044076A
004226CD |. 8B00 MOV EAX, [EAX] ; 堆栈 DS:[0012F548]=00AF3FC0, (ASCII "5678901")
004226CF |. 50 PUSH EAX
004226D0 |. E8 38E80000 CALL 00430F0D
004226D5 |. 83C4 04 ADD ESP, 4
004226D8 |. 8D4C24 0C LEA ECX, [ESP+C] ; 堆栈地址=0012F548
004226DC |. 8BF8 MOV EDI, EAX
004226DE |. E8 F85A0200 CALL 004481DB
004226E3 |. 81FE B0FCFFFF CMP ESI, -350 ; ESI要等于-350 即第二到第六位 等于-350
004226E9 |. 75 08 JNZ SHORT 004226F3 ; 这个不能实现
004226EB 81FF 058BF9FF CMP EDI, FFF98B05 ; FFF98B05即 -423163
004226F1 |. 74 77 JE SHORT 0042276A ; 这个要实现,eax的值就为0x9D 了
004226F3 |> 8B45 00 MOV EAX, [EBP]
004226F6 |. B9 E8030000 MOV ECX, 3E8
004226FB |. F7D8 NEG EAX
004226FD |. 99 CDQ
004226FE |. F7F9 IDIV ECX
00422700 |. 3BF2 CMP ESI, EDX
00422702 |. 74 28 JE SHORT 0042272C
00422704 |. 8D4C24 20 LEA ECX, [ESP+20]
00422708 |. C74424 18 FFF>MOV DWORD PTR [ESP+18], -1
00422710 |. E8 C65A0200 CALL 004481DB
00422715 |. 5F POP EDI
00422716 |. 5E POP ESI
00422717 |. 83C8 FF OR EAX, FFFFFFFF
0042271A |. 5D POP EBP
0042271B |. 8B4C24 04 MOV ECX, [ESP+4]
0042271F |. 64:890D 00000>MOV FS:[0], ECX
00422726 |. 83C4 10 ADD ESP, 10
00422729 |. C2 0400 RETN 4
0042272C |> 8B45 04 MOV EAX, [EBP+4]
0042272F |. 8D14C5 000000>LEA EDX, [EAX*8]
00422736 |. 2BD0 SUB EDX, EAX
00422738 |. D1E2 SHL EDX, 1
0042273A |. 2BD0 SUB EDX, EAX
0042273C |. F7DA NEG EDX
0042273E |. 3BFA CMP EDI, EDX
00422740 |. 74 28 JE SHORT 0042276A
00422742 |. 8D4C24 20 LEA ECX, [ESP+20]
00422746 |. C74424 18 FFF>MOV DWORD PTR [ESP+18], -1
0042274E |. E8 885A0200 CALL 004481DB
00422753 |. 5F POP EDI
00422754 |. 5E POP ESI
00422755 |. 83C8 FF OR EAX, FFFFFFFF
00422758 |. 5D POP EBP
00422759 |. 8B4C24 04 MOV ECX, [ESP+4]
0042275D |. 64:890D 00000>MOV FS:[0], ECX
00422764 |. 83C4 10 ADD ESP, 10
00422767 |. C2 0400 RETN 4
0042276A |> 8D4C24 20 LEA ECX, [ESP+20]
0042276E |. C74424 18 FFF>MOV DWORD PTR [ESP+18], -1
00422776 |. E8 605A0200 CALL 004481DB
0042277B |. 8B4C24 10 MOV ECX, [ESP+10]
0042277F |. 5F POP EDI
00422780 |. 5E POP ESI
00422781 |. B8 9D000000 MOV EAX, 9D
00422786 |. 5D POP EBP
00422787 |. 64:890D 00000>MOV FS:[0], ECX
0042278E |. 83C4 10 ADD ESP, 10
00422791 \. C2 0400 RETN 4
Order Number:20141118
Registration Number:PT-848-423163
|
评分
-
查看全部评分
|
IP卡
发表于 2014-11-18 15:42:24
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2014-11-18 19:50:10
楼主
发表于 2014-11-20 11:00:37
发表于 2014-11-20 19:16:41
发表于 2014-11-22 11:21:06