奇门遁甲算法分析
-
输入:1111111-2222222
下断点:BPX HMEMCPY
PMODULE到达下面.............
:00407A1B 8D4C2410 lea ecx, dword ptr [esp+10]
:00407A1F 6A08 push 00000008
:00407A21 51 push ecx
:00407A22 6878040000 push 00000478
:00407A27 56 push esi
:00407A28 FFD7 call edi
:00407A2A 8D542410 lea edx, dword ptr [esp+10]
:00407A2E 8D442408 lea eax, dword ptr [esp+08]
:00407A32 52 push edx
:00407A33 50 push eax
:00407A34 E887FEFFFF call 004078C0------------------>关键CALL
:00407A39 83C408 add esp, 00000008
:00407A3C 84C0 test al, al-------------------->成功与否的标志
:00407A3E 7460 je 00407AA0-------------------->不能跳
* Possible StringData Ref from Data Obj ->"wb"
|
:00407A40 6874E34000 push 0040E374
* Possible StringData Ref from Data Obj ->"signup.dat"
|
:00407A45 68E4054100 push 004105E4
:00407A4A E81F080000 call 0040826E
:00407A4F 8BF8 mov edi, eax
:00407A51 8D4C2410 lea ecx, dword ptr [esp+10]
:00407A55 57 push edi
:00407A56 51 push ecx
:00407A57 E8AF070000 call 0040820B
:00407A5C 57 push edi
* Possible StringData Ref from Data Obj ->"
"
|
:00407A5D 685CE34000 push 0040E35C
:00407A62 E8A4070000 call 0040820B
:00407A67 8D542428 lea edx, dword ptr [esp+28]
:00407A6B 57 push edi
:00407A6C 52 push edx
:00407A6D E899070000 call 0040820B
:00407A72 57 push edi
:00407A73 E83D070000 call 004081B5
:00407A78 83C424 add esp, 00000024
:00407A7B 6A30 push 00000030
* Possible StringData Ref from Data Obj ->"提示"
|
:00407A7D 6858E24000 push 0040E258
* Possible StringData Ref from Data Obj ->"注册成功!软件需要关闭以更新设置,请按“确定”"
->"键关闭程序。"
|
:00407A82 68A8054100 push 004105A8
:00407A87 56 push esi
* Reference To: USER32.MessageBoxA, Ord:01BEh
|
:00407A88 FF1538D14000 Call dword ptr [0040D138]
:00407A8E 6A00 push 00000000
* Reference To: USER32.PostQuitMessage, Ord:01E0h
|
:00407A90 FF1534D14000 Call dword ptr [0040D134]
:00407A96 5F pop edi
:00407A97 33C0 xor eax, eax
:00407A99 5E pop esi
:00407A9A 83C410 add esp, 00000010
:00407A9D C21000 ret 0010
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00407A3E(C)
|
:00407AA0 6A10 push 00000010
* Possible StringData Ref from Data Obj ->"错误"
|
:00407AA2 6888E24000 push 0040E288
* Possible StringData Ref from Data Obj ->"无效注册码!"
|
:00407AA7 6898054100 push 00410598
:00407AAC 56 push esi
=========================================================================================
F8进入关键CALL.............
0167:004078C0 SUB ESP,BYTE +18
0167:004078C3 PUSH EBX
0167:004078C4 PUSH ESI
0167:004078C5 PUSH EDI
0167:004078C6 CALL 00407890
0167:004078CB MOV EBX,EAX
0167:004078CD LEA EAX,[ESP+0C]
0167:004078D1 MOV ECX,EBX
0167:004078D3 PUSH BYTE +24
0167:004078D5 XOR ECX,76523F93
0167:004078DB PUSH EAX
0167:004078DC PUSH ECX
0167:004078DD CALL 0040C493-------------------->得出第一框的正确注册码(要进入)
0167:004078E2 MOV EDI,EAX
0167:004078E4 OR ECX,BYTE -01
0167:004078E7 XOR EAX,EAX
0167:004078E9 LEA EDX,[ESP+20]
0167:004078ED REPNE SCASB
0167:004078EF NOT ECX
0167:004078F1 SUB EDI,ECX
0167:004078F3 PUSH BYTE +24
0167:004078F5 MOV EAX,ECX
0167:004078F7 MOV ESI,EDI
0167:004078F9 MOV EDI,EDX
0167:004078FB SHR ECX,02
0167:004078FE REP MOVSD
0167:00407900 MOV ECX,EAX
0167:00407902 AND ECX,BYTE +03
0167:00407905 REP MOVSB
0167:00407907 LEA ECX,[ESP+1C]
0167:0040790B NOT EBX
0167:0040790D PUSH ECX
0167:0040790E PUSH EBX
0167:0040790F CALL 0040C493------------------->得出第二框的正确注册码(好好看看和第一框的算法CALL一样啊!)
0167:00407914 MOV EDI,EAX
0167:00407916 OR ECX,BYTE -01
0167:00407919 XOR EAX,EAX
0167:0040791B ADD ESP,BYTE +18
0167:0040791E REPNE SCASB
0167:00407920 NOT ECX
0167:00407922 SUB EDI,ECX
0167:00407924 LEA EDX,[ESP+1C]
0167:00407928 MOV EAX,ECX
0167:0040792A MOV ESI,EDI
0167:0040792C MOV EDI,EDX
0167:0040792E SHR ECX,02
0167:00407931 REP MOVSD
0167:00407933 MOV ECX,EAX
0167:00407935 LEA EAX,[ESP+14]
0167:00407939 AND ECX,BYTE +03
0167:0040793C REP MOVSB
0167:0040793E MOV ESI,[ESP+28]--------->开始比较第一框
0167:00407942 MOV DL,[EAX]
0167:00407944 MOV BL,[ESI]
0167:00407946 MOV CL,DL
0167:00407948 CMP DL,BL
0167:0040794A JNZ 0040796A
0167:0040794C TEST CL,CL
0167:0040794E JZ 00407966
0167:00407950 MOV DL,[EAX+01]
0167:00407953 MOV BL,[ESI+01]
0167:00407956 MOV CL,DL
0167:00407958 CMP DL,BL
0167:0040795A JNZ 0040796A
0167:0040795C ADD EAX,BYTE +02
0167:0040795F ADD ESI,BYTE +02
0167:00407962 TEST CL,CL
0167:00407964 JNZ 00407942------------>循环
0167:00407966 XOR EAX,EAX
0167:00407968 JMP SHORT 0040796F
0167:0040796A SBB EAX,EAX
0167:0040796C SBB EAX,BYTE -01
0167:0040796F TEST EAX,EAX
0167:00407971 JNZ 004079B5
0167:00407973 MOV ESI,[ESP+2C]--------->开始比较第二框
0167:00407977 LEA EAX,[ESP+1C]
0167:0040797B MOV DL,[EAX]
0167:0040797D MOV BL,[ESI]
0167:0040797F MOV CL,DL
0167:00407981 CMP DL,BL
0167:00407983 JNZ 004079A3
0167:00407985 TEST CL,CL
0167:00407987 JZ 0040799F
0167:00407989 MOV DL,[EAX+01]
0167:0040798C MOV BL,[ESI+01]
0167:0040798F MOV CL,DL
0167:00407991 CMP DL,BL
0167:00407993 JNZ 004079A3
0167:00407995 ADD EAX,BYTE +02
0167:00407998 ADD ESI,BYTE +02
0167:0040799B TEST CL,CL
0167:0040799D JNZ 0040797B------------->循环
0167:0040799F XOR EAX,EAX
0167:004079A1 JMP SHORT 004079A8
0167:004079A3 SBB EAX,EAX
0167:004079A5 SBB EAX,BYTE -01
0167:004079A8 TEST EAX,EAX
0167:004079AA JNZ 004079B5
0167:004079AC POP EDI
0167:004079AD POP ESI
0167:004079AE MOV AL,01
0167:004079B0 POP EBX
0167:004079B1 ADD ESP,BYTE +18
0167:004079B4 RET
0167:004079B5 POP EDI
0167:004079B6 POP ESI
0167:004079B7 XOR AL,AL
0167:004079B9 POP EBX
0167:004079BA ADD ESP,BYTE +18
===========================================
0167:0040C493 PUSH EBP
0167:0040C494 MOV EBP,ESP
0167:0040C496 XOR EAX,EAX
0167:0040C498 CMP DWORD [EBP+10],BYTE +0A
0167:0040C49C JNZ 0040C4A6
0167:0040C49E CMP [EBP+08],EAX
0167:0040C4A1 JNL 0040C4A6
0167:0040C4A3 PUSH BYTE +01
0167:0040C4A5 POP EAX
0167:0040C4A6 PUSH EAX
0167:0040C4A7 PUSH DWORD [EBP+10]
0167:0040C4AA PUSH DWORD [EBP+0C]
0167:0040C4AD PUSH DWORD [EBP+08]
0167:0040C4B0 CALL 0040C437------------->算法关键CALL
0167:0040C4B5 MOV EAX,[EBP+0C]
0167:0040C4B8 ADD ESP,BYTE +10
0167:0040C4BB POP EBP
0167:0040C4BC RET
--------------------------------------------
F8进入算法关键CALL........
0167:0040C437 PUSH EBP
0167:0040C438 MOV EBP,ESP
0167:0040C43A CMP DWORD [EBP+14],BYTE +00
0167:0040C43E MOV ECX,[EBP+0C]
0167:0040C441 PUSH EBX
0167:0040C442 PUSH ESI
0167:0040C443 PUSH EDI
0167:0040C444 JZ 0040C451
0167:0040C446 MOV ESI,[EBP+08]
0167:0040C449 MOV BYTE [ECX],2D
0167:0040C44C INC ECX
0167:0040C44D NEG ESI
0167:0040C44F JMP SHORT 0040C454
0167:0040C451 MOV ESI,[EBP+08]
0167:0040C454 MOV EDI,ECX
0167:0040C456 MOV EAX,ESI---------------->EAX=ESI
0167:0040C458 XOR EDX,EDX---------------->EDX=0
0167:0040C45A DIV DWORD [EBP+10]--------->
0167:0040C45D MOV EAX,ESI---------------->EAX=ESI
0167:0040C45F MOV EBX,EDX---------------->EBX=EDX
0167:0040C461 XOR EDX,EDX---------------->EDX=0
0167:0040C463 DIV DWORD [EBP+10]--------->
0167:0040C466 CMP EBX,BYTE +09----------->
0167:0040C469 MOV ESI,EAX---------------->
0167:0040C46B JNA 0040C472--------------->
0167:0040C46D ADD BL,57------------------>BL=BL+&H57
0167:0040C470 JMP SHORT 0040C475
0167:0040C472 ADD BL,30------------------>BL=BL+&H30
0167:0040C475 MOV [ECX],BL--------------->BL存入ECX中
0167:0040C477 INC ECX-------------------->ECX内存地址加1
0167:0040C478 TEST ESI,ESI---------------->
0167:0040C47A JA 0040C456--------------->
0167:0040C47C AND BYTE [ECX],00
0167:0040C47F DEC ECX
0167:0040C480 MOV DL,[EDI]
0167:0040C482 MOV AL,[ECX]
0167:0040C484 MOV [ECX],DL
0167:0040C486 MOV [EDI],AL
0167:0040C488 DEC ECX
0167:0040C489 INC EDI
0167:0040C48A CMP EDI,ECX
0167:0040C48C JC 0040C480
0167:0040C48E POP EDI
0167:0040C48F POP ESI
0167:0040C490 POP EBX
0167:0040C491 POP EBP
0167:0040C492 RET
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>