x86反汇编练习-20161120
来源:互联网 发布:niconico网络连接失败 编辑:程序博客网 时间:2024/06/08 02:39
前言
前几天逆向cm时,IDA签名没加妥当, 结果将strtol当成作者写的函数追进去了, 杯具。
逆出来后,也没意识到是strtol(const char *nptr, char **endptr, 0x10) .
直到看了别人的分析报告, 才知道。 看来IDA签名还是重要的.
就当做了一次反汇编练习,也行,穷举出来了.
抠反汇编代码后,只要将自己需要的流程还原就行.
穷举注册机
// hw.cpp : Defines the entry point for the console application.//#include "stdafx.h"#include <windows.h>#include <stdlib.h>#include <stdio.h>#include <math.h>#include <crtdbg.h>const char szCharSet[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'/*,'a', 'b', 'c', 'd', 'e', 'f', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z','A', 'B', 'C', 'D', 'E', 'F', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'*/ };// 用户输入的字符*2作为索引在数组中取内容// 011ECC7B |. 0FB70448 |movzx eax,word ptr ds:[eax+ecx*2] ; 表地址011FE4B8 + Ascii字符作为索引*2BYTE ucAryKeyBufForRegSn[1800] = { 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x28, 0x00, 0x28, 0x00, 0x28, 0x00, 0x28, 0x00, 0x28, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x48, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x10, 0x00, 0x10, // '1'取的是0x62位置的WORD 0x0084 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x81, 0x00, 0x81, 0x00, 0x81, 0x00, 0x81, 0x00, 0x81, 0x00, 0x81, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x82, 0x00, 0x82, 0x00, 0x82, 0x00, 0x82, 0x00, 0x82, 0x00, 0x82, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x28, 0x00, 0x28, 0x00, 0x28, 0x00, 0x28, 0x00, 0x28, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x48, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x84, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x81, 0x01, 0x81, 0x01, 0x81, 0x01, 0x81, 0x01, 0x81, 0x01, 0x81, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x82, 0x01, 0x82, 0x01, 0x82, 0x01, 0x82, 0x01, 0x82, 0x01, 0x82, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x08, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x10, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x10, 0x00, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 0x8F, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 0xBF, 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF, 0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 0x7F, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 0x8F, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 0xBF, 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF, 0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 0x8F, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 0xBF, 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF, 0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F, 0x60, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x7B, 0x7C, 0x7D, 0x7E, 0x7F, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 0x8F, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 0xBF, 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF, 0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF};DWORD dword_428C48 = 0;DWORD dword_428C50 = 0;DWORD dword_428C58 = 0;char g_szRegSn[0x100] = {'\0'};DWORD fnCalcRegSn_40CBFB(const char* pcRegSn);const char g_szCharSet[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'};int main(int argc, char* argv[]){ unsigned __int64 ullRetryCnt = 0; DWORD nLenAryCharSet = sizeof(g_szCharSet); DWORD dwLoop1 = 0; DWORD dwLoop2 = 0; DWORD dwLoop3 = 0; DWORD dwLoop4 = 0; DWORD dwLoop5 = 0; DWORD dwLoop6 = 0; DWORD dwLoop7 = 0; DWORD dwLoop8 = 0; DWORD dwRegSnHash = 0; char szRegSnToCalc[0x10] = {'\0'}; // char c1 = '1'; // WORD* pBuf = (WORD*)(ucAryKeyBufForRegSn + c1 * 2); // WORD w1 = *pBuf; // printf("%x\r\n", w1); // TrustMe12345678 for (dwLoop1 = 0; dwLoop1 < nLenAryCharSet; dwLoop1++) { for (dwLoop2 = 0; dwLoop2 < nLenAryCharSet; dwLoop2++) { for (dwLoop3 = 0; dwLoop3 < nLenAryCharSet; dwLoop3++) { for (dwLoop4 = 0; dwLoop4 < nLenAryCharSet; dwLoop4++) { for (dwLoop5 = 0; dwLoop5 < nLenAryCharSet; dwLoop5++) { for (dwLoop6 = 0; dwLoop6 < nLenAryCharSet; dwLoop6++) { for (dwLoop7 = 0; dwLoop7 < nLenAryCharSet; dwLoop7++) { for (dwLoop8 = 0; dwLoop8 < nLenAryCharSet; dwLoop8++) { szRegSnToCalc[0] = g_szCharSet[dwLoop1]; szRegSnToCalc[1] = g_szCharSet[dwLoop2]; szRegSnToCalc[2] = g_szCharSet[dwLoop3]; szRegSnToCalc[3] = g_szCharSet[dwLoop4]; szRegSnToCalc[4] = g_szCharSet[dwLoop5]; szRegSnToCalc[5] = g_szCharSet[dwLoop6]; szRegSnToCalc[6] = g_szCharSet[dwLoop7]; szRegSnToCalc[7] = g_szCharSet[dwLoop8]; szRegSnToCalc[8] = '\0'; dwRegSnHash = fnCalcRegSn_40CBFB(szRegSnToCalc); if (dwRegSnHash == 0x133A1FA) { printf("regSn = %s\r\n", szRegSnToCalc); // 20161018, 至此一个注册码 // 那么完整的注册码为 TrustMe20161018 // 我在工程中见过这个立即数(20161018), 居然没去试一下, 那些搞得飞快的兄弟,可能是用TrustMe+20161018直接去试验的 ::MessageBox(NULL, "找到注册码", "成功", MB_OK); } else { ullRetryCnt++; if (ullRetryCnt > 10000) { ullRetryCnt = 0; printf("retry regSn... = %s\r\n", szRegSnToCalc); } } } } } } } } } } system("pause"); return 0;}DWORD fnCalcRegSn_40CBFB(const char* pcRegSn){ // 算法已经跟出来了 DWORD dwTmp = 0; DWORD dw_eax = 0; DWORD dw_ebx = 0; DWORD dw_ecx = 0; DWORD dw_edx = 0; DWORD dw_esi = 0; DWORD dw_edi = 0; DWORD dwVar24 = 0; DWORD dwVar1C = 0; DWORD dwVar18 = 0; DWORD dwVar14 = 0; DWORD dwVar10 = 0; DWORD dwVarC = 0; DWORD dwVar8 = 0; BYTE bVar1 = 0; DWORD dwParam10 = 0x0; DWORD dwParam14 = 0xA; DWORD dwParam18 = 0; // 011ECBFB >/$ 55 push ebp ; fnCalcRegSn_40CBFB // 011ECBFC |. 8BEC mov ebp,esp ; 最终算注册码的地方 // 011ECBFE |. 83EC 24 sub esp,0x24 // 011ECC01 |. 8D4D DC lea ecx,dword ptr ss:[ebp-0x24] // 011ECC04 |. FF75 08 push dword ptr ss:[ebp+0x8] // 011ECC07 |. E8 C6C9FFFF call <CrackMe4.fnSetKeyToClass_4095D2> // 011ECC0C |. 8B45 10 mov eax,dword ptr ss:[ebp+0x10] dw_eax = (DWORD)pcRegSn; // 011ECC0F |. 85C0 test eax,eax // 011ECC11 |. 74 05 je short <CrackMe4.loc_40CC18> ; 跳转已实现 // 011ECC13 |. 8B4D 0C mov ecx,dword ptr ss:[ebp+0xC] // 011ECC16 |. 8908 mov dword ptr ds:[eax],ecx // 011ECC18 >|> 8B45 0C mov eax,dword ptr ss:[ebp+0xC] ; loc_40CC18 // 011ECC1B |. 53 push ebx // 011ECC1C |. 56 push esi // 011ECC1D |. 57 push edi // 011ECC1E |. 85C0 test eax,eax // 011ECC20 |. 74 11 je short <CrackMe4.loc_40CC33> // 011ECC22 |. 8B7D 14 mov edi,dword ptr ss:[ebp+0x14] ; A dw_edi = 0xA; // 011ECC25 |. 85FF test edi,edi // 011ECC27 |. 74 1F je short <CrackMe4.loc_40CC48> // 011ECC29 |. 83FF 02 cmp edi,0x2 // 011ECC2C |. 7C 05 jl short <CrackMe4.loc_40CC33> // 011ECC2E |. 83FF 24 cmp edi,0x24 // 011ECC31 |. 7E 15 jle short <CrackMe4.loc_40CC48> ; 跳转实现 // 011ECC33 >|> E8 90D8FFFF call <CrackMe4.fnTls_40A4C8> ; loc_40CC33 // 011ECC38 |. C700 16000000 mov dword ptr ds:[eax],0x16 // 011ECC3E |. E8 65030000 call <CrackMe4.sub_40CFA8> // 011ECC43 |. E9 C1010000 jmp <CrackMe4.loc_40CE09> // 011ECC48 >|> 8B7D DC mov edi,dword ptr ss:[ebp-0x24] ; loc_40CC48 01206FC8 // 011ECC4B |. 8D70 01 lea esi,dword ptr ds:[eax+0x1] ; 数字RegSn第2个字符地址 dw_esi = (DWORD)(pcRegSn + 1); // 011ECC4E |. 33DB xor ebx,ebx // 011ECC50 |. 895D F4 mov dword ptr ss:[ebp-0xC],ebx ; 0 dwVarC = 0; // 011ECC53 |. 8A18 mov bl,byte ptr ds:[eax] ; 数字RegSn第一个字符'1' dw_ebx = (DWORD)(*(char*)dw_eax); do { // 011ECC55 >|> 837F 74 01 /cmp dword ptr ds:[edi+0x74],0x1 ; loc_40CC55 1 // 011ECC59 |. 7E 17 |jle short <CrackMe4.loc_40CC72> ; 跳转实现 // 011ECC5B |. 8D45 DC |lea eax,dword ptr ss:[ebp-0x24] // 011ECC5E |. 50 |push eax // 011ECC5F |. 0FB6C3 |movzx eax,bl // 011ECC62 |. 6A 08 |push 0x8 // 011ECC64 |. 50 |push eax // 011ECC65 |. E8 2E750000 |call <CrackMe4.sub_414198> // 011ECC6A |. 8B7D DC |mov edi,dword ptr ss:[ebp-0x24] // 011ECC6D |. 83C4 0C |add esp,0xC // 011ECC70 |. EB 10 |jmp short <CrackMe4.loc_40CC82> // 011ECC72 >|> 8B87 90000000 |mov eax,dword ptr ds:[edi+0x90] ; loc_40CC72 eax = 011FE4B8 dw_eax = (DWORD)&ucAryKeyBufForRegSn[0]; // 011ECC78 |. 0FB6CB |movzx ecx,bl ; 第一个字符 '1' dw_ecx = dw_ebx; // 011ECC7B |. 0FB70448 |movzx eax,word ptr ds:[eax+ecx*2] ; 表地址011FE4B8 + Ascii字符作为索引*2 dw_eax = (DWORD)(*(WORD*)(dw_eax + dw_ecx * 2)); // 011ECC7F |. 83E0 08 |and eax,0x8 ; 与8后, x084为0 dw_eax &= 8; // 011ECC82 >|> 85C0 |test eax,eax ; loc_40CC82 // 011ECC84 |. 74 05 |je short <CrackMe4.loc_40CC8B> ; 跳转已经实现 // 011ECC86 |. 8A1E |mov bl,byte ptr ds:[esi] // 011ECC88 |. 46 |inc esi // 011ECC89 |.^ EB CA \jmp short <CrackMe4.loc_40CC55> if (0 == dw_eax) { break; } dw_ebx = (DWORD)(*(BYTE*)dw_esi); } while (1); // 011ECC8B >|> 8B45 18 mov eax,dword ptr ss:[ebp+0x18] ; eax = 0 // 011ECC8E |. 885D FF mov byte ptr ss:[ebp-0x1],bl ; bl是第一个字符 dw_eax = dwParam18; bVar1 = (BYTE)dw_ebx; // 011ECC91 |. 80FB 2D cmp bl,0x2D if (bVar1 == 0x2D) { // 011ECC94 |. 75 0B jnz short <CrackMe4.loc_40CCA1> ; 跳转已经实现 // 011ECC96 |. 83C8 02 or eax,0x2 // 011ECC99 >|> 8A0E mov cl,byte ptr ds:[esi] ; loc_40CC99 // 011ECC9B |. 46 inc esi // 011ECC9C |. 884D FF mov byte ptr ss:[ebp-0x1],cl // 011ECC9F |. EB 08 jmp short <CrackMe4.loc_40CCA9> } else if (bVar1 == 0x2B) { // 011ECCA1 >|> 80FB 2B cmp bl,0x2B ; loc_40CCA1 // 011ECCA4 |.^ 74 F3 je short <CrackMe4.loc_40CC99> ; 跳转未实现 // 011ECC99 >|> 8A0E mov cl,byte ptr ds:[esi] ; loc_40CC99 // 011ECC9B |. 46 inc esi // 011ECC9C |. 884D FF mov byte ptr ss:[ebp-0x1],cl // 011ECC9F |. EB 08 jmp short <CrackMe4.loc_40CCA9> } else { // 011ECCA6 |. 8A4D FF mov cl,byte ptr ss:[ebp-0x1] ; 第一个字符 dw_ecx = (DWORD)bVar1; } // 011ECCA9 >|> 8B7D 14 mov edi,dword ptr ss:[ebp+0x14] ; A dw_edi = dwParam14; // 011ECCAC |. 8B5D F4 mov ebx,dword ptr ss:[ebp-0xC] ; 0 dw_ebx = dwVarC; // 011ECCAF |. 8945 F8 mov dword ptr ss:[ebp-0x8],eax ; 0 dwVar8 = dw_eax; do { if ((int)dw_edi < 0) { } else if ((int)dw_edi == 1) { } else if ((int)dw_edi > 0x24) { } else { // 011ECCB2 |. 85FF test edi,edi ; A // 011ECCB4 |. 0F88 43010000 js <CrackMe4.loc_40CDFD> ; not jump // 011ECCBA |. 83FF 01 cmp edi,0x1 // 011ECCBD |. 0F84 3A010000 je <CrackMe4.loc_40CDFD> ; not jump // 011ECCC3 |. 83FF 24 cmp edi,0x24 // 011ECCC6 |. 0F8F 31010000 jg <CrackMe4.loc_40CDFD> ; not jump // 011ECCCC |. 85FF test edi,edi if (dw_edi == 0) { // 011ECCCE |. 75 1D jnz short <CrackMe4.loc_40CCED> ; jump // 011ECCD0 |. 80F9 30 cmp cl,0x30 if (dw_ecx != 0x30) { // 011ECCD3 |. 74 05 je short <CrackMe4.loc_40CCDA> // 011ECCD5 |. 6A 0A push 0xA // 011ECCD7 >|> 5F pop edi ; loc_40CCD7 // 011ECCD8 |. EB 30 jmp short <CrackMe4.loc_40CD0A> dw_edi = 0xA; } else { // 011ECCDA >|> 8A06 mov al,byte ptr ds:[esi] ; loc_40CCDA dw_eax = (int)(*(char*)dw_esi); if ((dw_eax != 0x78) && (dw_eax != 0x58)) { // 011ECCDC |. 3C 78 cmp al,0x78 // 011ECCDE |. 74 08 je short <CrackMe4.loc_40CCE8> // 011ECCE0 |. 3C 58 cmp al,0x58 // 011ECCE2 |. 74 04 je short <CrackMe4.loc_40CCE8> // 011ECCE4 |. 6A 08 push 0x8 // 011ECCE6 |.^ EB EF jmp short <CrackMe4.loc_40CCD7> dw_edi = 0x8; } // 011ECCE8 >|> 6A 10 push 0x10 ; loc_40CCE8 // 011ECCEA |. 5F pop edi dw_edi = 0x10; // 011ECCEB |. EB 0A jmp short <CrackMe4.loc_40CCF7> // 011ECCF7 >|> 8A06 mov al,byte ptr ds:[esi] ; loc_40CCF7 dw_eax = (int)(*(BYTE*)dw_esi); if ((dw_eax == 0x78) || (dw_eax == 0x58)) { // 011ECCF9 |. 3C 78 cmp al,0x78 // 011ECCFB |. 74 04 je short <CrackMe4.loc_40CD01> // 011ECCFD |. 3C 58 cmp al,0x58 // 011ECCFF |. 75 09 jnz short <CrackMe4.loc_40CD0A> // 011ECD01 >|> 8A4E 01 mov cl,byte ptr ds:[esi+0x1] ; loc_40CD01 // 011ECD04 |. 83C6 02 add esi,0x2 // 011ECD07 |. 884D FF mov byte ptr ss:[ebp-0x1],cl dw_ecx = (DWORD)(*(BYTE*)(dw_esi + 1)); dw_esi += 2; bVar1 = (BYTE)dw_ecx; } } } else { // 011ECCED >|> 83FF 10 cmp edi,0x10 ; loc_40CCED // 011ECCF0 |. 75 18 jnz short <CrackMe4.loc_40CD0A> ; jmp // 011ECCF2 |. 80F9 30 cmp cl,0x30 // 011ECCF5 |. 75 13 jnz short <CrackMe4.loc_40CD0A> if ((dw_edi == 0x10) || ((BYTE)dw_ecx == 0x30)) { // 011ECCF7 >|> 8A06 mov al,byte ptr ds:[esi] ; loc_40CCF7 dw_eax = (int)(*(BYTE*)dw_esi); if ((dw_eax == 0x78) || (dw_eax == 0x58)) { // 011ECCF9 |. 3C 78 cmp al,0x78 // 011ECCFB |. 74 04 je short <CrackMe4.loc_40CD01> // 011ECCFD |. 3C 58 cmp al,0x58 // 011ECCFF |. 75 09 jnz short <CrackMe4.loc_40CD0A> // 011ECD01 >|> 8A4E 01 mov cl,byte ptr ds:[esi+0x1] ; loc_40CD01 // 011ECD04 |. 83C6 02 add esi,0x2 // 011ECD07 |. 884D FF mov byte ptr ss:[ebp-0x1],cl dw_ecx = (DWORD)(*(BYTE*)(dw_esi + 1)); dw_esi += 2; bVar1 = (BYTE)dw_ecx; } } } // 011ECD0A >|> 83C8 FF or eax,-0x1 ; eax = 0 => 0xffffffff dw_eax |= 0xffffffff; // 011ECD0D |. 33D2 xor edx,edx dw_edx = 0; // 011ECD0F |. F7F7 div edi ; eax = 0xffffffff, edi = a dwTmp = dw_eax; dw_eax = dwTmp / dw_edi; dw_edx = dwTmp % dw_edi; // 011ECD11 |. 8945 F4 mov dword ptr ss:[ebp-0xC],eax ; eax = 0x19999999, edx = 5 dwVarC = dw_eax; // 011ECD14 |. 8B45 DC mov eax,dword ptr ss:[ebp-0x24] dw_eax = dwVar24; // 011ECD17 |. 8955 F0 mov dword ptr ss:[ebp-0x10],edx dwVar10 = dw_edx; // 011ECD1A |. 8B55 F8 mov edx,dword ptr ss:[ebp-0x8] dw_edx = dwVar8; // 011ECD1D |. 8B80 90000000 mov eax,dword ptr ds:[eax+0x90] ; 取KeyBuf首地址 dw_eax = (DWORD)&ucAryKeyBufForRegSn[0]; // 011ECD23 |. 8945 EC mov dword ptr ss:[ebp-0x14],eax dwVar14 = dw_eax; do { // 011ECD26 >|> 0FB6C9 /movzx ecx,cl ; 第一个字符 // 011ECD29 |. 0FB70448 |movzx eax,word ptr ds:[eax+ecx*2] ; 看起来像将字符串变成数字串 dw_eax = (DWORD)(*(WORD*)(dw_eax + dw_ecx * 2)); // 011ECD2D |. 8BC8 |mov ecx,eax ; 最后一个字符\0取出的是x020 dw_ecx = dw_eax; // 011ECD2F |. 83E1 04 |and ecx,0x4 ; ecx = 84 => 4 dw_ecx &= 0x4; // 011ECD32 |. 74 09 |je short <CrackMe4.loc_40CD3D> ; not jump,最后一个\0跳 if (dw_ecx != 0) { // 011ECD34 |. 0FBE45 FF |movsx eax,byte ptr ss:[ebp-0x1] ; 第一个字符 dw_eax = (DWORD)bVar1; // 011ECD38 |. 83E8 30 |sub eax,0x30 ; '1' to 1 dw_eax -= 0x30; // 011ECD3B |. EB 1A |jmp short <CrackMe4.loc_40CD57> } else { // 完全模拟算法不现实, 现在已经算完了,直接返回ebx return dw_ebx; // 011ECD3D >|> 25 03010000 |and eax,0x103 ; loc_40CD3D dw_eax &= 0x103; // 011ECD42 |. 74 44 |je short <CrackMe4.loc_40CD88> ; \0流程跳 if (0 == dw_eax) { goto LOC_40CD88; } // 011ECD44 |. 8A4D FF |mov cl,byte ptr ss:[ebp-0x1] dw_ecx = (DWORD)bVar1; // _ASSERT(0); // 数字字符串流程不来这,先放一下 // 011ECD47 |. 8D41 9F |lea eax,dword ptr ds:[ecx-0x61] // 011ECD4A |. 3C 19 |cmp al,0x19 // 011ECD4C |. 0FBEC1 |movsx eax,cl // 011ECD4F |. 77 03 |ja short <CrackMe4.loc_40CD54> // 011ECD51 |. 83E8 20 |sub eax,0x20 // 011ECD54 >|> 83C0 C9 |add eax,-0x37 ; loc_40CD54 } // 011ECD57 >|> 3BC7 |cmp eax,edi ; cmp 1, 0xa // 011ECD59 |. 73 2D |jnb short <CrackMe4.loc_40CD88> ; not jump if (dw_eax < dw_edi) { // 011ECD5B |. 8B4D F4 |mov ecx,dword ptr ss:[ebp-0xC] ; 0x19999999 to ecx dw_ecx = dwVarC; // 011ECD5E |. 83CA 08 |or edx,0x8 ; edx = 0 to 8 dw_edx |= 0x8; // 011ECD61 |. 3BD9 |cmp ebx,ecx ; cmp 0, 0x19999999 // 011ECD63 |. 72 13 |jb short <CrackMe4.loc_40CD78> ; jmp if (dw_ebx >= dw_ecx) { // 011ECD65 |. 75 05 |jnz short <CrackMe4.loc_40CD6C> if (dw_ebx == dw_ecx) { // 011ECD67 |. 3B45 F0 |cmp eax,dword ptr ss:[ebp-0x10] // 011ECD6A |. 76 0C |jbe short <CrackMe4.loc_40CD78> if (dw_eax <= dwVar10) { // 011ECD78 >|> 0FAFDF |imul ebx,edi ; imul 0, 0xa dw_ebx = dw_ebx * dw_edi; // 011ECD7B |. 03D8 |add ebx,eax ; add 0, 1 dw_ebx += dw_eax; } } else { // 011ECD6C >|> 8B45 10 |mov eax,dword ptr ss:[ebp+0x10] ; loc_40CD6C dw_eax = (DWORD)pcRegSn; // 011ECD6F |. 83CA 04 |or edx,0x4 dw_edx |= 0x4; // 011ECD72 |. 85C0 |test eax,eax // 011ECD74 |. 74 15 |je short <CrackMe4.loc_40CD8B> if (0 == dw_eax) { break; } // 011ECD76 |. EB 05 |jmp short <CrackMe4.loc_40CD7D> } } else { // 011ECD78 >|> 0FAFDF |imul ebx,edi ; imul 0, 0xa dw_ebx = dw_ebx * dw_edi; // 011ECD7B |. 03D8 |add ebx,eax ; add 0, 1 dw_ebx += dw_eax; } // 011ECD7D >|> 8A0E |mov cl,byte ptr ds:[esi] ; loc_40CD7D dw_ecx = (DWORD)(*(BYTE*)dw_esi); // 011ECD7F |. 46 |inc esi ; 指向下一个字符 dw_esi++; // 011ECD80 |. 8B45 EC |mov eax,dword ptr ss:[ebp-0x14] ; KeyBuf首地址 dw_eax = dwVar14; // 011ECD83 |. 884D FF |mov byte ptr ss:[ebp-0x1],cl ; 保存第2个字符 bVar1 = (BYTE)dw_ecx; // 011ECD86 |.^ EB 9E \jmp short <CrackMe4.loc_40CD26> ; 跳上去了 } } while (1);LOC_40CD88: // 011ECD88 >|> 8B45 10 mov eax,dword ptr ss:[ebp+0x10] ; ebx = 00BC614E, 算完了 dw_eax = dwParam10; // 011ECD8B >|> 4E dec esi ; loc_40CD8B dw_esi--; // 011ECD8C |. 8955 F8 mov dword ptr ss:[ebp-0x8],edx ; edx = 8 // 011ECD8F |. 8955 F8 mov dword ptr ss:[ebp-0x8],edx dwVar8 = dw_edx; // 011ECD92 |. F6C2 08 test dl,0x8 ; 8个字符 // 011ECD95 |. 75 0B jnz short <CrackMe4.loc_40CDA2> ; jump if (0x8 == dw_edx) { // 011ECD97 |. 85C0 test eax,eax // 011ECD99 |. 74 03 je short <CrackMe4.loc_40CD9E> if (0 != dw_eax) { // 011ECD9B |. 8B75 0C mov esi,dword ptr ss:[ebp+0xC] dw_esi = dwVarC; } // 011ECD9E >|> 33DB xor ebx,ebx ; loc_40CD9E dw_ebx = dw_ebx; // 011ECDA0 |. EB 49 jmp short <CrackMe4.loc_40CDEB> } else { // 011ECDA2 >|> BF FFFFFF7F mov edi,0x7FFFFFFF ; edit = 0xfffffff dw_edi = 0x7FFFFFFF; // 011ECDA7 |. F6C2 04 test dl,0x4 ; dl = 8 // 011ECDAA |. 75 1C jnz short <CrackMe4.loc_40CDC8> ; not jump if (1 == dw_edx) { // 011ECDAC |. F6C2 01 test dl,0x1 // 011ECDAF |. 75 3A jnz short <CrackMe4.loc_40CDEB> ; not jump // 011ECDB1 |. 8BC2 mov eax,edx dw_eax = dw_edx; // 011ECDB3 |. 83E0 02 and eax,0x2 ; eax = 8 => 0 dw_eax &= 0x2; // 011ECDB6 |. 74 08 je short <CrackMe4.loc_40CDC0> ; jmp if (0 != dw_eax) { // 011ECDB8 |. 81FB 00000080 cmp ebx,0x80000000 // 011ECDBE |. 77 08 ja short <CrackMe4.loc_40CDC8> if (dw_ebx > 0x80000000) { goto LOC_40CDC8; } } // 011ECDC0 >|> 85C0 test eax,eax ; loc_40CDC0 // 011ECDC2 |. 75 27 jnz short <CrackMe4.loc_40CDEB> ; not jump if (0 != dw_eax) { goto LOC_40CDEB; } else if (dw_ebx <= dw_edi) { // 011ECDC4 |. 3BDF cmp ebx,edi ; ebx = 00BC614E, edi = 7FFFFFFF // 011ECDC6 |. 76 23 jbe short <CrackMe4.loc_40CDEB> ; jmp goto LOC_40CDEB; } goto LOC_40CDC8; } else if (4 != dw_edx) {LOC_40CDC8: _ASSERT(0); // 数字字符串逻辑没有走到这里 // 011ECDC8 >|> E8 FBD6FFFF call <CrackMe4.fnTls_40A4C8> ; loc_40CDC8 // 011ECDCD |. 8B55 F8 mov edx,dword ptr ss:[ebp-0x8] // 011ECDD0 |. C700 22000000 mov dword ptr ds:[eax],0x22 // 011ECDD6 |. F6C2 01 test dl,0x1 // 011ECDD9 |. 74 05 je short <CrackMe4.loc_40CDE0> // 011ECDDB |. 83CB FF or ebx,-0x1 // 011ECDDE |. EB 0B jmp short <CrackMe4.loc_40CDEB> // 011ECDE0 >|> F6C2 02 test dl,0x2 ; loc_40CDE0 // 011ECDE3 |. 6A 00 push 0x0 // 011ECDE5 |. 5B pop ebx // 011ECDE6 |. 0F95C3 setne bl // 011ECDE9 |. 03DF add ebx,edi } }LOC_40CDEB: // 011ECDEB >|> 8B45 10 mov eax,dword ptr ss:[ebp+0x10] ; 0 dw_eax = (DWORD)pcRegSn; // 011ECDEE |. 85C0 test eax,eax // 011ECDF0 |. 74 02 je short <CrackMe4.loc_40CDF4> ; jmp if (0 != dw_eax) { // 011ECDF2 |. 8930 mov dword ptr ds:[eax],esi } // 011ECDF4 >|> F6C2 02 test dl,0x2 ; edx = 8 // 011ECDF7 |. 74 12 je short <CrackMe4.loc_40CE0B> ; jmp if (2 == dw_edx) { goto LOC_40CE0B; } // 011ECDF9 |. F7DB neg ebx dw_ebx = ~dw_ebx; if (0 != dw_edx) { // 011ECDFB |. EB 0E jmp short <CrackMe4.loc_40CE0B> goto LOC_40CE0B; } } // 011ECDFD >|> 8B45 10 mov eax,dword ptr ss:[ebp+0x10] ; loc_40CDFD dw_eax = (DWORD)pcRegSn; if (0 != dw_eax) { // 011ECE00 |. 85C0 test eax,eax // 011ECE02 |. 74 05 je short <CrackMe4.loc_40CE09> // 011ECE04 |. 8B4D 0C mov ecx,dword ptr ss:[ebp+0xC] // 011ECE07 |. 8908 mov dword ptr ds:[eax],ecx dw_ecx = dwVarC; } // 011ECE09 >|> 33DB xor ebx,ebx ; loc_40CE09 dw_ebx = 0; } while (0);LOC_40CE0B: if (dwVar18 != 0) { // 这里是更新类中的变量, 不用翻译 // 011ECE0B >|> 807D E8 00 cmp byte ptr ss:[ebp-0x18],0x0 ; 0 // 011ECE0F |. 74 07 je short <CrackMe4.loc_40CE18> ; jmp // 011ECE11 |. 8B4D E4 mov ecx,dword ptr ss:[ebp-0x1C] dw_ecx = dwVar1C; // 011ECE14 |. 8361 70 FD and dword ptr ds:[ecx+0x70],-0x3 } // 011ECE18 >|> 5F pop edi ; loc_40CE18 // 011ECE19 |. 5E pop esi // 011ECE1A |. 8BC3 mov eax,ebx dw_eax = dw_ebx; // 011ECE1C |. 5B pop ebx // 011ECE1D |. 8BE5 mov esp,ebp // 011ECE1F |. 5D pop ebp // 011ECE20 \. C3 retn return dw_eax;}
0 0
- x86反汇编练习-20161120
- linux x86 ELF 反汇编
- X86反汇编简要说明
- ARM反汇编练习
- 反汇编练习-20170111
- 反汇编练习-20170113
- 反汇编练习-20170121
- 反汇编练习20170311
- 反汇编练习-2016-1130
- 反汇编练习2017-0123
- 反汇编练习-20170124a
- 反汇编练习20170312a
- x86机器码识别及其反汇编算法
- x86机器码识别及其反汇编算法
- x86结构机器码识别及其反汇编
- 反汇编基本原理与x86指令构造
- 反汇编基本原理与x86指令构造
- 三 练习反汇编C语言程序
- NetWork——描述一次完整的网络请求过程
- Js获取图片的真实大小
- Percona监控工具初探
- android 混淆配置 实例实战项目讲解
- libgdx之瓦片地图(TiledMap)
- x86反汇编练习-20161120
- iterm2 lrzsz
- bzoj 1036
- 安卓Studio和sdk制作点9图片
- apache common Lang包StringUtils系列(二)
- 关于我
- oracle 创建同义词
- Gson基本操作,JsonObject,JsonArray,String,JavaBean,List互转
- NOIP2016普及组总结