算法专题快来了,加紧学习------>找了个MD5 CM分析了一下

wangwei1978 · 发表于 2015-6-6 19:04:37

本帖最后由 wangwei1978 于 2015-6-6 19:04 编辑

.text:00401A94 push 12Ch ; cchMax
.text:00401A99 push offset String1 ; lpString
.text:00401A9E push 64h ; nIDDlgItem
.text:00401AA0 push [ebp+hWnd] ; hDlg
.text:00401AA3 call GetDlgItemTextA ; 这个CM只判断是否有输入
.text:00401AA8 or eax, eax ; 判断用户名是否为空
.text:00401AAA jnz short loc_401AC5 ; 注意这个PUSH eax，eax保存在是用户名的长度
.text:00401AAC push 0 ; uType
.text:00401AAE push offset aOoohInputError ; "oooH input Error"
.text:00401AB3 push offset aYourNamePlease ; "Your name please !!!"
.text:00401AB8 push 0 ; hWnd
.text:00401ABA call MessageBoxA
.text:00401ABF leave
.text:00401AC0 retn 10h
.text:00401AC3 ; ---------------------------------------------------------------------------
.text:00401AC3 jmp short loc_401AF8
.text:00401AC5 ; ---------------------------------------------------------------------------
.text:00401AC5
.text:00401AC5 loc_401AC5: ; CODE XREF: DialogFunc+9Bj
.text:00401AC5 push eax ; 注意这个PUSH eax，eax保存在是用户名的长度
.text:00401AC6 push 12Ch ; cchMax
.text:00401ACB push offset byte_409CF8 ; lpString
.text:00401AD0 push 0C8h ; nIDDlgItem
.text:00401AD5 push [ebp+hWnd] ; hDlg
.text:00401AD8 call GetDlgItemTextA ; 判断注册是否为空
.text:00401ADD or eax, eax
.text:00401ADF jnz short loc_401AF8
.text:00401AE1 push 0 ; uType
.text:00401AE3 push offset aOoohInputError ; "oooH input Error"
.text:00401AE8 push offset aWhereIsDaSeria ; "Where is Da serial DuDe ?"
.text:00401AED push 0 ; hWnd
.text:00401AEF call MessageBoxA
.text:00401AF4 leave
.text:00401AF5 retn 10h
.text:00401AF8 ; ---------------------------------------------------------------------------
.text:00401AF8
.text:00401AF8 loc_401AF8: ; CODE XREF: DialogFunc+B4j
.text:00401AF8 ; DialogFunc+D0j
.text:00401AF8 push offset String2 ; "BytePtr [e!]"
.text:00401AFD push offset String1 ; lpString1
.text:00401B02 call lstrcatA ; 用户名与上面字符拼接起来
.text:00401B07 pop eax ; 记得上面PUSH eax现在又POP eax，
.text:00401B08 push offset dword_4056A8 ; unk_4056A8 是个缓存区
.text:00401B0D push eax ; eax 是用户名长度
.text:00401B0E push offset String1 ; 指向拼接后的字串
.text:00401B13 call sub_401000 ; MD5函数
.text:00401B18 call sub_401B79 ; 格式MD5算出的字串
.text:00401B1D push offset byte_4079D0 ; lpString2
.text:00401B22 push offset byte_409CF8 ; lpString1
.text:00401B27 call lstrcmpA ; 与假码比较
.text:00401B2C test eax, eax
.text:00401B2E jnz short loc_401B45
.text:00401B30 push 0 ; uType
.text:00401B32 push offset aGoodWork ; "Good Work"
.text:00401B37 push offset aGoodSerialNowS ; "Good serial, Now send your Tut & KeyGen"...
.text:00401B3C push 0 ; hWnd
.text:00401B3E call MessageBoxA
.text:00401B43 jmp short loc_401B73
.text:00401B45 ; ---------------------------------------------------------------------------
.text:00401B45
.text:00401B45 loc_401B45: ; CODE XREF: DialogFunc+11Fj
.text:00401B45 push 0 ; uType
.text:00401B47 push offset aFatalError ; "Fatal Error"
.text:00401B4C push offset aHmmmNotLikeThi ; "hmmm not like this DuDe Try again...."
.text:00401B51 push 0 ; hWnd
.text:00401B53 call MessageBoxA
.text:00401B58 xor eax, eax
.text:00401B5A leave
.text:00401B5B retn 10h

复制代码

看看00401000代码,看汇编挺累 F5吧!

void __stdcall __spoils<ecx> sub_401000(int a1, unsigned int a2, int a3)
{
void *v3; // edi@1
unsigned int v4; // edx@1
int v5; // edi@3
unsigned int v6; // eax@3
signed __int64 v7; // rax@3
int v8; // edx@3
int v9; // edi@3
int v10; // esi@3
int v11; // ST20_4@4
int v12; // ST1C_4@4
int v13; // ST18_4@4
int v14; // eax@4
int v15; // ST24_4@4
int v16; // eax@4
int v17; // ST18_4@4
int v18; // eax@4
int v19; // ST1C_4@4
int v20; // eax@4
int v21; // ST20_4@4
int v22; // eax@4
int v23; // ST24_4@4
int v24; // eax@4
int v25; // ST18_4@4
int v26; // eax@4
int v27; // ST1C_4@4
int v28; // eax@4
int v29; // ST20_4@4
int v30; // eax@4
int v31; // ST24_4@4
int v32; // eax@4
int v33; // ST18_4@4
int v34; // eax@4
int v35; // ST1C_4@4
int v36; // eax@4
int v37; // ST20_4@4
int v38; // eax@4
int v39; // ST24_4@4
int v40; // eax@4
int v41; // ST18_4@4
int v42; // eax@4
int v43; // ST1C_4@4
int v44; // eax@4
int v45; // ST20_4@4
int v46; // eax@4
int v47; // ST24_4@4
int v48; // eax@4
int v49; // ST18_4@4
int v50; // eax@4
int v51; // ST1C_4@4
int v52; // eax@4
int v53; // ST20_4@4
int v54; // eax@4
int v55; // ST24_4@4
int v56; // eax@4
int v57; // ST18_4@4
int v58; // eax@4
int v59; // ST1C_4@4
int v60; // eax@4
int v61; // ST20_4@4
int v62; // eax@4
int v63; // ST24_4@4
int v64; // eax@4
int v65; // ST18_4@4
int v66; // eax@4
int v67; // ST1C_4@4
int v68; // eax@4
int v69; // ST20_4@4
int v70; // eax@4
int v71; // ST24_4@4
int v72; // eax@4
int v73; // ST18_4@4
int v74; // eax@4
int v75; // ST1C_4@4
int v76; // eax@4
int v77; // ST20_4@4
int v78; // eax@4
int v79; // ST24_4@4
int v80; // eax@4
int v81; // ST18_4@4
int v82; // eax@4
int v83; // ST1C_4@4
int v84; // eax@4
int v85; // ST20_4@4
int v86; // eax@4
int v87; // ST24_4@4
int v88; // eax@4
int v89; // ST18_4@4
int v90; // eax@4
int v91; // ST1C_4@4
int v92; // eax@4
int v93; // ST20_4@4
int v94; // eax@4
int v95; // ST24_4@4
int v96; // eax@4
int v97; // ST18_4@4
int v98; // eax@4
int v99; // ST1C_4@4
int v100; // eax@4
int v101; // ST20_4@4
int v102; // eax@4
int v103; // ST24_4@4
int v104; // eax@4
int v105; // ST18_4@4
int v106; // eax@4
int v107; // ST1C_4@4
int v108; // eax@4
int v109; // ST20_4@4
int v110; // eax@4
int v111; // ST24_4@4
int v112; // eax@4
int v113; // ST18_4@4
int v114; // eax@4
int v115; // ST1C_4@4
int v116; // eax@4
int v117; // ST20_4@4
int v118; // eax@4
int v119; // ST24_4@4
int v120; // eax@4
int v121; // ST18_4@4
int v122; // eax@4
int v123; // ST1C_4@4
int v124; // eax@4
int v125; // ST20_4@4
int v126; // eax@4
int v127; // ST24_4@4
int v128; // eax@4
int v129; // ST18_4@4
int v130; // eax@4
int v131; // ST1C_4@4
int v132; // eax@4
int v133; // ST20_4@4
int v134; // eax@4
int v135; // ST24_4@4
int v136; // eax@4
int v137; // ST18_4@4
int v138; // eax@4
int v139; // ST1C_4@4
int v140; // eax@4
signed int v141; // ecx@5
int v142; // eax@6
char v143; // t1@6
int v144; // [sp+1Ch] [bp+Ch]@3
v3 = (void *)(a2 + 1 + a1);
*((char *)v3 - 1) = -128;
v4 = 64 - (a2 + 1) % 0x40;
if ( v4 < 8 )
v4 += 64;
memset(v3, 0, v4);
v5 = (int)((char *)v3 + v4);
v6 = a2;
v144 = v4 + 1 + a2;
v7 = 8i64 * v6;
*(_DWORD *)(v5 - 8) = v7;
*(_DWORD *)(v5 - 4) = HIDWORD(v7);
v8 = v144;
v9 = a1;
v10 = a3;
*(_DWORD *)a3 = 1732584193;
*(_DWORD *)(a3 + 4) = -271733879;
*(_DWORD *)(a3 + 8) = -1732584194;
*(_DWORD *)(a3 + 12) = 271733878;
do
{
v11 = *(_DWORD *)(a3 + 4);
v12 = *(_DWORD *)(a3 + 8);
v13 = *(_DWORD *)(a3 + 12);
v14 = __ROL4__(*(_DWORD *)v9 + *(_DWORD *)a3 + (v11 & v12 | v13 & ~v11) - 680876936, 7);
v15 = v11 + v14;
v16 = __ROL4__(*(_DWORD *)(v9 + 4) + v13 + ((v11 + v14) & v11 | v12 & ~(v11 + v14)) - 389564586, 12);
v17 = v15 + v16;
v18 = __ROL4__(*(_DWORD *)(v9 + 8) + v12 + ((v15 + v16) & v15 | v11 & ~(v15 + v16)) + 606105819, 17);
v19 = v17 + v18;
v20 = __ROL4__(*(_DWORD *)(v9 + 12) + v11 + ((v17 + v18) & v17 | v15 & ~(v17 + v18)) - 1044525330, 22);
v21 = v19 + v20;
v22 = __ROL4__(*(_DWORD *)(v9 + 16) + v15 + ((v19 + v20) & v19 | v17 & ~(v19 + v20)) - 176418897, 7);
v23 = v21 + v22;
v24 = __ROL4__(*(_DWORD *)(v9 + 20) + v17 + ((v21 + v22) & v21 | v19 & ~(v21 + v22)) + 1200080426, 12);
v25 = v23 + v24;
v26 = __ROL4__(*(_DWORD *)(v9 + 24) + v19 + ((v23 + v24) & v23 | v21 & ~(v23 + v24)) - 1473231341, 17);
v27 = v25 + v26;
v28 = __ROL4__(*(_DWORD *)(v9 + 28) + v21 + ((v25 + v26) & v25 | v23 & ~(v25 + v26)) - 45705983, 22);
v29 = v27 + v28;
v30 = __ROL4__(*(_DWORD *)(v9 + 32) + v23 + ((v27 + v28) & v27 | v25 & ~(v27 + v28)) + 1770035416, 7);
v31 = v29 + v30;
v32 = __ROL4__(*(_DWORD *)(v9 + 36) + v25 + ((v29 + v30) & v29 | v27 & ~(v29 + v30)) - 1958414417, 12);
v33 = v31 + v32;
v34 = __ROL4__(*(_DWORD *)(v9 + 40) + v27 + ((v31 + v32) & v31 | v29 & ~(v31 + v32)) - 42063, 17);
v35 = v33 + v34;
v36 = __ROL4__(*(_DWORD *)(v9 + 44) + v29 + ((v33 + v34) & v33 | v31 & ~(v33 + v34)) - 1990404162, 22);
v37 = v35 + v36;
v38 = __ROL4__(*(_DWORD *)(v9 + 48) + v31 + ((v35 + v36) & v35 | v33 & ~(v35 + v36)) + 1804603682, 7);
v39 = v37 + v38;
v40 = __ROL4__(*(_DWORD *)(v9 + 52) + v33 + ((v37 + v38) & v37 | v35 & ~(v37 + v38)) - 40341101, 12);
v41 = v39 + v40;
v42 = __ROL4__(*(_DWORD *)(v9 + 56) + v35 + ((v39 + v40) & v39 | v37 & ~(v39 + v40)) - 1502002290, 17);
v43 = v41 + v42;
v44 = __ROL4__(*(_DWORD *)(v9 + 60) + v37 + ((v41 + v42) & v41 | v39 & ~(v41 + v42)) + 1236535329, 22);
v45 = v43 + v44;
v46 = __ROL4__(*(_DWORD *)(v9 + 4) + v39 + (v43 & ~v41 | v41 & (v43 + v44)) - 165796510, 5);
v47 = v45 + v46;
v48 = __ROL4__(*(_DWORD *)(v9 + 24) + v41 + (v45 & ~v43 | v43 & (v45 + v46)) - 1069501632, 9);
v49 = v47 + v48;
v50 = __ROL4__(*(_DWORD *)(v9 + 44) + v43 + (v47 & ~v45 | v45 & (v47 + v48)) + 643717713, 14);
v51 = v49 + v50;
v52 = __ROL4__(*(_DWORD *)v9 + v45 + (v49 & ~v47 | v47 & (v49 + v50)) - 373897302, 20);
v53 = v51 + v52;
v54 = __ROL4__(*(_DWORD *)(v9 + 20) + v47 + (v51 & ~v49 | v49 & (v51 + v52)) - 701558691, 5);
v55 = v53 + v54;
v56 = __ROL4__(*(_DWORD *)(v9 + 40) + v49 + (v53 & ~v51 | v51 & (v53 + v54)) + 38016083, 9);
v57 = v55 + v56;
v58 = __ROL4__(*(_DWORD *)(v9 + 60) + v51 + (v55 & ~v53 | v53 & (v55 + v56)) - 660478335, 14);
v59 = v57 + v58;
v60 = __ROL4__(*(_DWORD *)(v9 + 16) + v53 + (v57 & ~v55 | v55 & (v57 + v58)) - 405537848, 20);
v61 = v59 + v60;
v62 = __ROL4__(*(_DWORD *)(v9 + 36) + v55 + (v59 & ~v57 | v57 & (v59 + v60)) + 568446438, 5);
v63 = v61 + v62;
v64 = __ROL4__(*(_DWORD *)(v9 + 56) + v57 + (v61 & ~v59 | v59 & (v61 + v62)) - 1019803690, 9);
v65 = v63 + v64;
v66 = __ROL4__(*(_DWORD *)(v9 + 12) + v59 + (v63 & ~v61 | v61 & (v63 + v64)) - 187363961, 14);
v67 = v65 + v66;
v68 = __ROL4__(*(_DWORD *)(v9 + 32) + v61 + (v65 & ~v63 | v63 & (v65 + v66)) + 1163531501, 20);
v69 = v67 + v68;
v70 = __ROL4__(*(_DWORD *)(v9 + 52) + v63 + (v67 & ~v65 | v65 & (v67 + v68)) - 1444681467, 5);
v71 = v69 + v70;
v72 = __ROL4__(*(_DWORD *)(v9 + 8) + v65 + (v69 & ~v67 | v67 & (v69 + v70)) - 51403784, 9);
v73 = v71 + v72;
v74 = __ROL4__(*(_DWORD *)(v9 + 28) + v67 + (v71 & ~v69 | v69 & (v71 + v72)) + 1735328473, 14);
v75 = v73 + v74;
v76 = __ROL4__(*(_DWORD *)(v9 + 48) + v69 + (v73 & ~v71 | v71 & (v73 + v74)) - 1926607734, 20);
v77 = v75 + v76;
v78 = __ROL4__(*(_DWORD *)(v9 + 20) + v71 + (v73 ^ v75 ^ (v75 + v76)) - 378558, 4);
v79 = v77 + v78;
v80 = __ROL4__(*(_DWORD *)(v9 + 32) + v73 + (v75 ^ v77 ^ (v77 + v78)) - 2022574463, 11);
v81 = v79 + v80;
v82 = __ROL4__(*(_DWORD *)(v9 + 44) + v75 + (v77 ^ v79 ^ (v79 + v80)) + 1839030562, 16);
v83 = v81 + v82;
v84 = __ROL4__(*(_DWORD *)(v9 + 56) + v77 + (v79 ^ v81 ^ (v81 + v82)) - 35309556, 23);
v85 = v83 + v84;
v86 = __ROL4__(*(_DWORD *)(v9 + 4) + v79 + (v81 ^ v83 ^ (v83 + v84)) - 1530992060, 4);
v87 = v85 + v86;
v88 = __ROL4__(*(_DWORD *)(v9 + 16) + v81 + (v83 ^ v85 ^ (v85 + v86)) + 1272893353, 11);
v89 = v87 + v88;
v90 = __ROL4__(*(_DWORD *)(v9 + 28) + v83 + (v85 ^ v87 ^ (v87 + v88)) - 155497632, 16);
v91 = v89 + v90;
v92 = __ROL4__(*(_DWORD *)(v9 + 40) + v85 + (v87 ^ v89 ^ (v89 + v90)) - 1094730640, 23);
v93 = v91 + v92;
v94 = __ROL4__(*(_DWORD *)(v9 + 52) + v87 + (v89 ^ v91 ^ (v91 + v92)) + 681279174, 4);
v95 = v93 + v94;
v96 = __ROL4__(*(_DWORD *)v9 + v89 + (v91 ^ v93 ^ (v93 + v94)) - 358537222, 11);
v97 = v95 + v96;
v98 = __ROL4__(*(_DWORD *)(v9 + 12) + v91 + (v93 ^ v95 ^ (v95 + v96)) - 722521979, 16);
v99 = v97 + v98;
v100 = __ROL4__(*(_DWORD *)(v9 + 24) + v93 + (v95 ^ v97 ^ (v97 + v98)) + 76029189, 23);
v101 = v99 + v100;
v102 = __ROL4__(*(_DWORD *)(v9 + 36) + v95 + (v97 ^ v99 ^ (v99 + v100)) - 640364487, 4);
v103 = v101 + v102;
v104 = __ROL4__(*(_DWORD *)(v9 + 48) + v97 + (v99 ^ v101 ^ (v101 + v102)) - 421815835, 11);
v105 = v103 + v104;
v106 = __ROL4__(*(_DWORD *)(v9 + 60) + v99 + (v101 ^ v103 ^ (v103 + v104)) + 530742520, 16);
v107 = v105 + v106;
v108 = __ROL4__(*(_DWORD *)(v9 + 8) + v101 + (v103 ^ v105 ^ (v105 + v106)) - 995338651, 23);
v109 = v107 + v108;
v110 = __ROL4__(*(_DWORD *)v9 + v103 + (v107 ^ (~v105 | (v107 + v108))) - 198630844, 6);
v111 = v109 + v110;
v112 = __ROL4__(*(_DWORD *)(v9 + 28) + v105 + (v109 ^ (~v107 | (v109 + v110))) + 1126891415, 10);
v113 = v111 + v112;
v114 = __ROL4__(*(_DWORD *)(v9 + 56) + v107 + (v111 ^ (~v109 | (v111 + v112))) - 1416354905, 15);
v115 = v113 + v114;
v116 = __ROL4__(*(_DWORD *)(v9 + 20) + v109 + (v113 ^ (~v111 | (v113 + v114))) - 57434055, 21);
v117 = v115 + v116;
v118 = __ROL4__(*(_DWORD *)(v9 + 48) + v111 + (v115 ^ (~v113 | (v115 + v116))) + 1700485571, 6);
v119 = v117 + v118;
v120 = __ROL4__(*(_DWORD *)(v9 + 12) + v113 + (v117 ^ (~v115 | (v117 + v118))) - 1894986606, 10);
v121 = v119 + v120;
v122 = __ROL4__(*(_DWORD *)(v9 + 40) + v115 + (v119 ^ (~v117 | (v119 + v120))) - 1051523, 15);
v123 = v121 + v122;
v124 = __ROL4__(*(_DWORD *)(v9 + 4) + v117 + (v121 ^ (~v119 | (v121 + v122))) - 2054922799, 21);
v125 = v123 + v124;
v126 = __ROL4__(*(_DWORD *)(v9 + 32) + v119 + (v123 ^ (~v121 | (v123 + v124))) + 1873313359, 6);
v127 = v125 + v126;
v128 = __ROL4__(*(_DWORD *)(v9 + 60) + v121 + (v125 ^ (~v123 | (v125 + v126))) - 30611744, 10);
v129 = v127 + v128;
v130 = __ROL4__(*(_DWORD *)(v9 + 24) + v123 + (v127 ^ (~v125 | (v127 + v128))) - 1560198380, 15);
v131 = v129 + v130;
v132 = __ROL4__(*(_DWORD *)(v9 + 52) + v125 + (v129 ^ (~v127 | (v129 + v130))) + 1309151649, 21);
v133 = v131 + v132;
v134 = __ROL4__(*(_DWORD *)(v9 + 16) + v127 + (v131 ^ (~v129 | (v131 + v132))) - 145523070, 6);
v135 = v133 + v134;
v136 = __ROL4__(*(_DWORD *)(v9 + 44) + v129 + (v133 ^ (~v131 | (v133 + v134))) - 1120210379, 10);
v137 = v135 + v136;
v138 = __ROL4__(*(_DWORD *)(v9 + 8) + v131 + (v135 ^ (~v133 | (v135 + v136))) + 718787259, 15);
v139 = v137 + v138;
v140 = __ROL4__(*(_DWORD *)(v9 + 36) + v133 + (v137 ^ (~v135 | (v137 + v138))) - 343485551, 21);
*(_DWORD *)a3 += v135;
*(_DWORD *)(a3 + 4) += v139 + v140;
*(_DWORD *)(a3 + 8) += v139;
*(_DWORD *)(a3 + 12) += v137;
v9 += 64;
v8 -= 64;
}
while ( v8 );
v141 = 4;
do
{
v142 = *(_DWORD *)v10;
LOBYTE(v142) = BYTE1(v142);
BYTE1(v142) = *(_DWORD *)v10;
v142 = __ROL4__(v142, 16);
v143 = v142;
LOBYTE(v142) = BYTE1(v142);
BYTE1(v142) = v143;
*(_DWORD *)v10 = v142;
v10 += 4;
--v141;
}
while ( v141 );
}

复制代码

看起来是MD5的算法了.这样的要么自己实现,要不把它提取出吧

MD5 proc _buffer,len,_szName ; CODE XREF: DialogFunc+104p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
add esp, 0FFFFFFF0h
push eax
push ebx
push ecx
push edx
push edi
push esi
mov edi, [ebp+arg_0]
mov eax, [ebp+arg_4]
inc eax
add edi, eax
mov byte ptr [edi-1], 80h
xor edx, edx
mov ebx, 40h
div ebx
neg edx
add edx, 40h
cmp edx, 8
jnb short loc_40102F
add edx, 40h
loc_40102F: ; CODE XREF: sub_401000+2Aj
mov ecx, edx
xor al, al
rep stosb
mov eax, [ebp+arg_4]
inc edx
add [ebp+arg_4], edx
xor edx, edx
mov ebx, 8
mul ebx
mov [edi-8], eax
mov [edi-4], edx
mov edx, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_8]
mov dword ptr [esi], 67452301h
mov dword ptr [esi+4], 0EFCDAB89h
mov dword ptr [esi+8], 98BADCFEh
mov dword ptr [esi+0Ch], 10325476h
loc_40106F: ; CODE XREF: sub_401000+9BFj
mov eax, [esi]
mov [ebp+var_4], eax
mov eax, [esi+4]
mov [ebp+var_8], eax
mov eax, [esi+8]
mov [ebp+var_C], eax
mov eax, [esi+0Ch]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_4]
add eax, [edi]
add eax, 0D76AA478h
mov cl, 7
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_10]
add eax, [edi+4]
add eax, 0E8C7B756h
mov cl, 0Ch
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_C]
add eax, [edi+8]
add eax, 242070DBh
mov cl, 11h
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_8]
add eax, [edi+0Ch]
add eax, 0C1BDCEEEh
mov cl, 16h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_4]
add eax, [edi+10h]
add eax, 0F57C0FAFh
mov cl, 7
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_10]
add eax, [edi+14h]
add eax, 4787C62Ah
mov cl, 0Ch
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_C]
add eax, [edi+18h]
add eax, 0A8304613h
mov cl, 11h
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_8]
add eax, [edi+1Ch]
add eax, 0FD469501h
mov cl, 16h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_4]
add eax, [edi+20h]
add eax, 698098D8h
mov cl, 7
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_10]
add eax, [edi+24h]
add eax, 8B44F7AFh
mov cl, 0Ch
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_C]
add eax, [edi+28h]
add eax, 0FFFF5BB1h
mov cl, 11h
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_8]
add eax, [edi+2Ch]
add eax, 895CD7BEh
mov cl, 16h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_4]
add eax, [edi+30h]
add eax, 6B901122h
mov cl, 7
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_10]
add eax, [edi+34h]
add eax, 0FD987193h
mov cl, 0Ch
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_C]
add eax, [edi+38h]
add eax, 0A679438Eh
mov cl, 11h
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
and ebx, eax
not eax
and eax, ecx
or eax, ebx
add eax, [ebp+var_8]
add eax, [edi+3Ch]
add eax, 49B40821h
mov cl, 16h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_4]
add eax, [edi+4]
add eax, 0F61E2562h
mov cl, 5
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_10]
add eax, [edi+18h]
add eax, 0C040B340h
mov cl, 9
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_C]
add eax, [edi+2Ch]
add eax, 265E5A51h
mov cl, 0Eh
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_8]
add eax, [edi]
add eax, 0E9B6C7AAh
mov cl, 14h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_4]
add eax, [edi+14h]
add eax, 0D62F105Dh
mov cl, 5
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_10]
add eax, [edi+28h]
add eax, 2441453h
mov cl, 9
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_C]
add eax, [edi+3Ch]
add eax, 0D8A1E681h
mov cl, 0Eh
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_8]
add eax, [edi+10h]
add eax, 0E7D3FBC8h
mov cl, 14h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_4]
add eax, [edi+24h]
add eax, 21E1CDE6h
mov cl, 5
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_10]
add eax, [edi+38h]
add eax, 0C33707D6h
mov cl, 9
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_C]
add eax, [edi+0Ch]
add eax, 0F4D50D87h
mov cl, 0Eh
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_8]
add eax, [edi+20h]
add eax, 455A14EDh
mov cl, 14h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_4]
add eax, [edi+34h]
add eax, 0A9E3E905h
mov cl, 5
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_10]
add eax, [edi+8]
add eax, 0FCEFA3F8h
mov cl, 9
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_C]
add eax, [edi+1Ch]
add eax, 676F02D9h
mov cl, 0Eh
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
and eax, ecx
not ecx
and ecx, ebx
or eax, ecx
add eax, [ebp+var_8]
add eax, [edi+30h]
add eax, 8D2A4C8Ah
mov cl, 14h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_4]
add eax, [edi+14h]
add eax, 0FFFA3942h
mov cl, 4
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_10]
add eax, [edi+20h]
add eax, 8771F681h
mov cl, 0Bh
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_C]
add eax, [edi+2Ch]
add eax, 6D9D6122h
mov cl, 10h
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_8]
add eax, [edi+38h]
add eax, 0FDE5380Ch
mov cl, 17h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_4]
add eax, [edi+4]
add eax, 0A4BEEA44h
mov cl, 4
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_10]
add eax, [edi+10h]
add eax, 4BDECFA9h
mov cl, 0Bh
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_C]
add eax, [edi+1Ch]
add eax, 0F6BB4B60h
mov cl, 10h
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_8]
add eax, [edi+28h]
add eax, 0BEBFBC70h
mov cl, 17h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_4]
add eax, [edi+34h]
add eax, 289B7EC6h
mov cl, 4
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_10]
add eax, [edi]
add eax, 0EAA127FAh
mov cl, 0Bh
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_C]
add eax, [edi+0Ch]
add eax, 0D4EF3085h
mov cl, 10h
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_8]
add eax, [edi+18h]
add eax, 4881D05h
mov cl, 17h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_4]
add eax, [edi+24h]
add eax, 0D9D4D039h
mov cl, 4
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_10]
add eax, [edi+30h]
add eax, 0E6DB99E5h
mov cl, 0Bh
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_C]
add eax, [edi+3Ch]
add eax, 1FA27CF8h
mov cl, 10h
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
xor eax, ebx
xor eax, ecx
add eax, [ebp+var_8]
add eax, [edi+8]
add eax, 0C4AC5665h
mov cl, 17h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_4]
add eax, [edi]
add eax, 0F4292244h
mov cl, 6
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_10]
add eax, [edi+1Ch]
add eax, 432AFF97h
mov cl, 0Ah
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_C]
add eax, [edi+38h]
add eax, 0AB9423A7h
mov cl, 0Fh
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_8]
add eax, [edi+14h]
add eax, 0FC93A039h
mov cl, 15h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_4]
add eax, [edi+30h]
add eax, 655B59C3h
mov cl, 6
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_10]
add eax, [edi+0Ch]
add eax, 8F0CCC92h
mov cl, 0Ah
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_C]
add eax, [edi+28h]
add eax, 0FFEFF47Dh
mov cl, 0Fh
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_8]
add eax, [edi+4]
add eax, 85845DD1h
mov cl, 15h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_4]
add eax, [edi+20h]
add eax, 6FA87E4Fh
mov cl, 6
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_10]
add eax, [edi+3Ch]
add eax, 0FE2CE6E0h
mov cl, 0Ah
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_C]
add eax, [edi+18h]
add eax, 0A3014314h
mov cl, 0Fh
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_8]
add eax, [edi+34h]
add eax, 4E0811A1h
mov cl, 15h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [ebp+var_C]
mov ecx, [ebp+var_10]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_4]
add eax, [edi+10h]
add eax, 0F7537E82h
mov cl, 6
rol eax, cl
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ebx, [ebp+var_8]
mov ecx, [ebp+var_C]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_10]
add eax, [edi+2Ch]
add eax, 0BD3AF235h
mov cl, 0Ah
rol eax, cl
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ebx, [ebp+var_4]
mov ecx, [ebp+var_8]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_C]
add eax, [edi+8]
add eax, 2AD7D2BBh
mov cl, 0Fh
rol eax, cl
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ebx, [ebp+var_10]
mov ecx, [ebp+var_4]
not ecx
or eax, ecx
xor eax, ebx
add eax, [ebp+var_8]
add eax, [edi+24h]
add eax, 0EB86D391h
mov cl, 15h
rol eax, cl
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
add [esi], eax
mov eax, [ebp+var_8]
add [esi+4], eax
mov eax, [ebp+var_C]
add [esi+8], eax
mov eax, [ebp+var_10]
add [esi+0Ch], eax
add edi, 40h
sub edx, 40h
jnz loc_40106F
mov ecx, 4
loc_4019CA: ; CODE XREF: sub_401000+9D8j
mov eax, [esi]
xchg al, ah
rol eax, 10h
xchg al, ah
mov [esi], eax
add esi, 4
loop loc_4019CA
pop esi
pop edi
pop edx
pop ecx
pop ebx
pop eax
leave
retn 0Ch
MD5 endp

复制代码

.text:00401B18 call sub_401B79 ; 格式MD5算出的字串去这个函数看看吧!

void __spoils<ecx> sub_401B79()
{
int v0; // ebx@1
v0 = dword_4056A8[1]; // 取出MD5算岀的第2组数据
wsprintfA(byte_4079D0, a_8x, v0 ^ dword_4056A8[0]); // 第一组和第二组 XOR 并格化保存到 byte_4079D0
v0 ^= 0xFBD0099u;
wsprintfA(&byte_4079D0[8], a_8x, v0); // 第一组与0xFBD0099u XOR 并格化保存到 byte_4079D0[8]
wsprintfA(&byte_4079D0[16], a_8x, v0 ^ dword_4056A8[2]);//第一组与第三组XOR 并格化保存到 byte_4079D0[16]
wsprintfA(&byte_4079D0[24], a_8x, dword_4056A8[3]); // 第四组格化保存到 byte_4079D0[24]
}

复制代码

也提取一下代码,偷懒

; =============== S U B R O U T I N E =======================================
sub_401B79 proc near ; CODE XREF: DialogFunc+109p
pusha
mov edi, offset byte_4079D0
mov esi, offset unk_4056A8
mov eax, [esi]
mov ebx, [esi+4]
xor eax, ebx
push eax
push offset a_8x ; "%.8X"
push edi ; LPSTR
call wsprintfA
add esp, 0Ch
add edi, 8
xor ebx, 0FBD0099h
push ebx
push offset a_8x ; "%.8X"
push edi ; LPSTR
call wsprintfA
add esp, 0Ch
mov ecx, [esi+8]
xor ecx, ebx
add edi, 8
push ecx
push offset a_8x ; "%.8X"
push edi ; LPSTR
call wsprintfA
add esp, 0Ch
xor ebx, 0B0C0A09h
mov edx, [esi+0Ch]
add edi, 8
push edx
push offset a_8x ; "%.8X"
push edi ; LPSTR
call wsprintfA
add esp, 0Ch
popa
retn
sub_401B79 endp

复制代码

自已建个工程把代码贴进入去.

把CM和我的工程文件打包.希望0基础一起学习进步

email123 · 发表于 2015-6-6 20:31:48

太感谢了，收藏学习{:soso_e179:}

A00 · 发表于 2015-6-7 16:30:01

不错呢，学习了

		自动登录	找回密码
密码			加入我们

[原创] 算法专题快来了,加紧学习------>找了个MD5 CM分析了一下

本帖子中包含更多资源

评分