System commander 8 演算法分析
【破文標題】 System commander 8 演算法分析
【破文作者】 daxia2002
【作者郵箱】 daxia2002@126.com
【使用工具】 Peid,Ollydbg,ida
【破解平臺】 Win2000/XP
【軟體名稱】 system commander 8
【下載地址】 http://www.v-com.com
【軟體大小】9.53MB
【保護方式】無。
【破解目的】研究軟體的演算法
【破解宣告】我是一隻小菜鳥,偶得一點心得,願與大家分享:)
【破解內容】
啟動安裝程式,輸入使用者名稱:“dx”、公司名:“ml”、註冊碼:第一欄固定的灰色資訊“SC8”,大概是system commander 8的簡寫;第二欄輸入“111111”,字元長度6位,程式友好的給限制了;第三欄輸入“2222222”,字元長度7位,程式也友好的給限制了;第四欄輸入“3333”,字元長度4位,程式還是友好的給限制了。點選“下一步”按鈕,提示“The Serila is incorrect.please reenter it.”,早在預料之中,嘿嘿。
好了啟動Olldby,選擇“檔案”->“附加”,在附加視窗裡,選中視窗名為“System Commander”,點選“附加”按鈕,好了Olldby已附加上了,中斷在系統空間,在程式碼視窗右鍵->“檢視”->“console”切換到程式控制元件,F9執行一下。
下斷點bp MessageBoxA,重新輸入偽註冊碼“SC8-111111-2222222-3333”,點選“下一步”,被ollydbg斷了下來,老辦法,ALT+K開啟呼叫堆疊視窗:
呼叫堆疊
地址 堆疊 例程 / 引數 呼叫來自 Frame
0012E9B4 004461CF USER32.MessageBoxA console.004461C9 0012EAE8
0012E9B8 000C04CE hOwner = 000C04CE ('Customer Information',class='#32770',paren
0012E9BC 00A34170 Text = "The serial number is incorrect. Please re-enter it."
0012E9C0 00A32490 Title = "System Commander"
0012E9C4 00000030 Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL
0012EAEC 00446220 Maybe console.00446117 console.0044621A 0012EAE8
0012EAF0 00A34170 Arg1 = 00A34170 ASCII "The serial number is incorrect. Please
0012EAF4 00000030 Arg2 = 00000030
0012EAF8 0000EF5F Arg3 = 0000EF5F
0012EB00 00446270 console.004461FE console.0044626B 0012EAFC
0012EB04 00A34170 Arg1 = 00A34170 ASCII "The serial number is incorrect. Please
0012EB08 00000030 Arg2 = 00000030
0012EB0C 0000EF5F Arg3 = 0000EF5F
0012EB28 0042211E console.00446236 console.00422119 0012EB24
0012EB2C 0000EF5F Arg1 = 0000EF5F
0012EB30 00000030 Arg2 = 00000030
0012EB34 FFFFFFFF Arg3 = FFFFFFFF
堆疊友好顯示呼叫來自console.00422119,雙擊跳轉到00422119:
0042207A > /8A10 mov dl,byte ptr ds:[eax]
0042207C . |8A1E mov bl,byte ptr ds:[esi]
0042207E . |8ACA mov cl,dl
00422080 . |3AD3 cmp dl,bl
00422082 . |75 1E jnz short console.004220A2
00422084 . |84C9 test cl,cl
00422086 . |74 16 je short console.0042209E
00422088 . |8A50 01 mov dl,byte ptr ds:[eax+1]
0042208B . |8A5E 01 mov bl,byte ptr ds:[esi+1]
0042208E . |8ACA mov cl,dl
00422090 . |3AD3 cmp dl,bl
00422092 . |75 0E jnz short console.004220A2
00422094 . |83C0 02 add eax,2
00422097 . |83C6 02 add esi,2
0042209A . |84C9 test cl,cl
0042209C .^\75 DC jnz short console.0042207A
0042209E > 33C0 xor eax,eax
004220A0 . EB 05 jmp short console.004220A7
004220A2 > 1BC0 sbb eax,eax
004220A4 . 83D8 FF sbb eax,-1
004220A7 > 85C0 test eax,eax
004220A9 . 74 7C je short console.00422127
004220AB . 8D7424 70 lea esi,dword ptr ss:[esp+70]
004220AF . 8D4424 14 lea eax,dword ptr ss:[esp+14]
004220B3 > 8A10 mov dl,byte ptr ds:[eax]
004220B5 . 8A1E mov bl,byte ptr ds:[esi]
004220B7 . 8ACA mov cl,dl
004220B9 . 3AD3 cmp dl,bl
004220BB . 75 1E jnz short console.004220DB
004220BD . 84C9 test cl,cl
004220BF . 74 16 je short console.004220D7
004220C1 . 8A50 01 mov dl,byte ptr ds:[eax+1]
004220C4 . 8A5E 01 mov bl,byte ptr ds:[esi+1]
004220C7 . 8ACA mov cl,dl
004220C9 . 3AD3 cmp dl,bl
004220CB . 75 0E jnz short console.004220DB
004220CD . 83C0 02 add eax,2
004220D0 . 83C6 02 add esi,2
004220D3 . 84C9 test cl,cl
004220D5 .^ 75 DC jnz short console.004220B3
004220D7 > 33C0 xor eax,eax
004220D9 . EB 05 jmp short console.004220E0
004220DB > 1BC0 sbb eax,eax
004220DD . 83D8 FF sbb eax,-1
004220E0 > 85C0 test eax,eax
004220E2 . 74 43 je short console.00422127
004220E4 . 8B7424 20 mov esi,dword ptr ss:[esp+20]
004220E8 . 68 60C44600 push console.0046C460
004220ED . 8BCE mov ecx,esi
004220EF . E8 6CD30100 call console.0043F460
004220F4 . 8B4C24 28 mov ecx,dword ptr ss:[esp+28]
004220F8 . 68 60C44600 push console.0046C460
004220FD . E8 5ED30100 call console.0043F460
00422102 . 8B4C24 24 mov ecx,dword ptr ss:[esp+24]
00422106 . 68 60C44600 push console.0046C460
0042210B . E8 50D30100 call console.0043F460
00422110 . 6A FF push -1
00422112 . 6A 30 push 30
00422114 . 68 5FEF0000 push 0EF5F
00422119 . E8 18410200 call console.00446236 //我們來到這裡,向上很容易發現,004220E0處進行判斷,可以爆破了。
0042211E . 8BCE mov ecx,esi
00422120 . E8 8AD40100 call console.0043F5AF
00422125 . EB 2C jmp short console.00422153
我們用winrar直接展開安裝包,ida來智慧分析一下程式console.exe,跳轉到上面過程的起始處00421dc0:
.text:00421DC0 6A FF push 0FFFFFFFFh
.text:00421DC2 68 C6 37 45 00 push offset loc_4537C6
.text:00421DC7 64 A1 00 00 00 00 mov eax, large fs:0
.text:00421DCD 50 push eax
.text:00421DCE 64 89 25 00 00 00+mov large fs:0, esp
.text:00421DD5 81 EC 90 00 00 00 sub esp, 90h
.text:00421DDB A1 00 8F 46 00 mov eax, off_468F00
.text:00421DE0 53 push ebx
.text:00421DE1 55 push ebp
.text:00421DE2 56 push esi
.text:00421DE3 8B E9 mov ebp, ecx
.text:00421DE5 89 44 24 10 mov [esp+10h], eax
.text:00421DE9 C7 84 24 A4 00 00+mov dword ptr [esp+0A4h], 0
.text:00421DF4 89 44 24 0C mov [esp+0Ch], eax
.text:00421DF8 C6 84 24 A4 00 00+mov byte ptr [esp+0A4h], 1
.text:00421E00 E8 A9 BE 02 00 call ?AfxGetModuleState@@YGPAVAFX_MODULE_STATE@@XZ ; AfxGetModuleState(void)
.text:00421E05 8B 58 04 mov ebx, [eax+4]
.text:00421E08 6A 01 push 1
.text:00421E0A 8B CD mov ecx, ebp
.text:00421E0C E8 1B CA 01 00 call sub_43E82C
.text:00421E11 8D 44 24 10 lea eax, [esp+10h]
.text:00421E15 8B CD mov ecx, ebp
.text:00421E17 50 push eax
.text:00421E18 68 FA 03 00 00 push 3FAh
.text:00421E1D E8 93 B3 01 00 call sub_43D1B5 //取得輸入的使用者名稱
.text:00421E22 8D 4C 24 0C lea ecx, [esp+0Ch]
.text:00421E26 51 push ecx
.text:00421E27 68 FB 03 00 00 push 3FBh
.text:00421E2C 8B CD mov ecx, ebp
.text:00421E2E E8 82 B3 01 00 call sub_43D1B5 //取得輸入公司的名稱
.text:00421E33 8B 54 24 10 mov edx, [esp+10h]
.text:00421E37 68 60 C4 46 00 push offset ValueName
.text:00421E3C 52 push edx
.text:00421E3D E8 37 95 00 00 call __mbscmp //比較輸入的使用者名稱是否為空
.text:00421E42 83 C4 08 add esp, 8
.text:00421E45 85 C0 test eax, eax
.text:00421E47 75 15 jnz short loc_421E5E //不為空跳到421E5E繼續
.text:00421E49 6A FF push 0FFFFFFFFh
.text:00421E4B 6A 30 push 30h
.text:00421E4D 68 62 EF 00 00 push 0EF62h
.text:00421E52 E8 DF 43 02 00 call sub_446236
.text:00421E57 68 FA 03 00 00 push 3FAh
.text:00421E5C EB 29 jmp short loc_421E87
.text:00421E5E ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
.text:00421E5E
.text:00421E5E loc_421E5E: ; CODE XREF: .text:00421E47j
.text:00421E5E 8B 54 24 0C mov edx, [esp+0Ch]
.text:00421E62 68 60 C4 46 00 push offset ValueName
.text:00421E67 52 push edx
.text:00421E68 E8 0C 95 00 00 call __mbscmp //比較輸入的公司名是否為空
.text:00421E6D 83 C4 08 add esp, 8
.text:00421E70 85 C0 test eax, eax
.text:00421E72 75 31 jnz short loc_421EA5 //不為空跳到421EA5繼續
.text:00421E74 6A FF push 0FFFFFFFFh
.text:00421E76 6A 30 push 30h
.text:00421E78 68 60 EF 00 00 push 0EF60h
.text:00421E7D E8 B4 43 02 00 call sub_446236
.text:00421E82 68 FB 03 00 00 push 3FBh
.text:00421E87
.text:00421E87 loc_421E87: ; CODE XREF: .text:00421E5Cj
.text:00421E87 8B CD mov ecx, ebp
.text:00421E89 E8 4A D4 01 00 call sub_43F2D8
.text:00421E8E 8B 40 1C mov eax, [eax+1Ch]
.text:00421E91 8B 4D 1C mov ecx, [ebp+1Ch]
.text:00421E94 6A 01 push 1
.text:00421E96 50 push eax
.text:00421E97 6A 28 push 28h
.text:00421E99 51 push ecx
.text:00421E9A FF 15 C4 55 45 00 call ds:SendMessageA
.text:00421EA0 E9 AE 02 00 00 jmp loc_422153
.text:00421EA5 ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
.text:00421EA5
.text:00421EA5 loc_421EA5: ; CODE XREF: .text:00421E72j
.text:00421EA5 57 push edi
.text:00421EA6 8D 54 24 3C lea edx, [esp+3Ch]
.text:00421EAA 6A 1E push 1Eh
.text:00421EAC 52 push edx //儲存註冊碼第一欄“SC8”的記憶體地址
.text:00421EAD 8D 8D FC 00 00 00 lea ecx, [ebp+0FCh]
.text:00421EB3 E8 CF D5 01 00 call sub_43F487 //取得註冊碼第一欄內容,這裡為:“SC8”
.text:00421EB8 8D 44 24 5C lea eax, [esp+5Ch]
.text:00421EBC 8D 8D 38 01 00 00 lea ecx, [ebp+138h]
.text:00421EC2 6A 0A push 0Ah
.text:00421EC4 50 push eax //儲存註冊碼第二欄“111111”的記憶體地址
.text:00421EC5 89 4C 24 2C mov [esp+2Ch], ecx
.text:00421EC9 E8 B9 D5 01 00 call sub_43F487 //取得註冊碼第二欄內容,這裡為:“111111”
.text:00421ECE 8D 54 24 68 lea edx, [esp+68h]
.text:00421ED2 8D 8D 74 01 00 00 lea ecx, [ebp+174h]
.text:00421ED8 6A 0A push 0Ah
.text:00421EDA 52 push edx //儲存註冊碼第三欄“2222222”的記憶體地址
.text:00421EDB 89 4C 24 34 mov [esp+34h], ecx
.text:00421EDF E8 A3 D5 01 00 call sub_43F487 //取得註冊碼第三欄內容,這裡為:“2222222”
.text:00421EE4 8D 44 24 18 lea eax, [esp+18h]
.text:00421EE8 8D 8D C0 00 00 00 lea ecx, [ebp+0C0h]
.text:00421EEE 6A 0A push 0Ah
.text:00421EF0 50 push eax //儲存註冊碼第四欄“3333”的記憶體地址
.text:00421EF1 89 4C 24 30 mov [esp+30h], ecx
.text:00421EF5 E8 8D D5 01 00 call sub_43F487 //取得註冊碼第四欄內容,這裡為:“3333”
.text:00421EFA 83 C9 FF or ecx, 0FFFFFFFFh
.text:00421EFD BF 38 86 46 00 mov edi, offset asc_468638 ; "-"
.text:00421F02 33 C0 xor eax, eax
.text:00421F04 8D 54 24 3C lea edx, [esp+3Ch]
.text:00421F08 F2 AE repne scasb
.text:00421F0A F7 D1 not ecx
.text:00421F0C 2B F9 sub edi, ecx
.text:00421F0E 8B F7 mov esi, edi
.text:00421F10 8B FA mov edi, edx
.text:00421F12 8B D1 mov edx, ecx
.text:00421F14 83 C9 FF or ecx, 0FFFFFFFFh
.text:00421F17 F2 AE repne scasb
.text:00421F19 8B CA mov ecx, edx
.text:00421F1B 4F dec edi
.text:00421F1C C1 E9 02 shr ecx, 2
.text:00421F1F F3 A5 rep movsd
.text:00421F21 8B CA mov ecx, edx
.text:00421F23 8D 54 24 3C lea edx, [esp+3Ch]
.text:00421F27 83 E1 03 and ecx, 3
.text:00421F2A F3 A4 rep movsb
.text:00421F2C 8D 7C 24 5C lea edi, [esp+5Ch]
.text:00421F30 83 C9 FF or ecx, 0FFFFFFFFh
.text:00421F33 F2 AE repne scasb
.text:00421F35 F7 D1 not ecx
.text:00421F37 2B F9 sub edi, ecx
.text:00421F39 8B F7 mov esi, edi
.text:00421F3B 8B FA mov edi, edx
.text:00421F3D 8B D1 mov edx, ecx
.text:00421F3F 83 C9 FF or ecx, 0FFFFFFFFh
.text:00421F42 F2 AE repne scasb
.text:00421F44 8B CA mov ecx, edx
.text:00421F46 4F dec edi
.text:00421F47 C1 E9 02 shr ecx, 2
.text:00421F4A F3 A5 rep movsd
.text:00421F4C 8B CA mov ecx, edx
.text:00421F4E 8D 54 24 3C lea edx, [esp+3Ch]
.text:00421F52 83 E1 03 and ecx, 3
.text:00421F55 F3 A4 rep movsb
.text:00421F57 BF 38 86 46 00 mov edi, offset asc_468638 ; "-"
.text:00421F5C 83 C9 FF or ecx, 0FFFFFFFFh
.text:00421F5F F2 AE repne scasb
.text:00421F61 F7 D1 not ecx
.text:00421F63 2B F9 sub edi, ecx
.text:00421F65 8B F7 mov esi, edi
.text:00421F67 8B FA mov edi, edx
.text:00421F69 8B D1 mov edx, ecx
.text:00421F6B 83 C9 FF or ecx, 0FFFFFFFFh
.text:00421F6E F2 AE repne scasb
.text:00421F70 8B CA mov ecx, edx
.text:00421F72 4F dec edi
.text:00421F73 C1 E9 02 shr ecx, 2
.text:00421F76 F3 A5 rep movsd
.text:00421F78 8B CA mov ecx, edx
.text:00421F7A 8D 54 24 3C lea edx, [esp+3Ch]
.text:00421F7E 83 E1 03 and ecx, 3
.text:00421F81 F3 A4 rep movsb
.text:00421F83 8D 7C 24 68 lea edi, [esp+68h]
.text:00421F87 83 C9 FF or ecx, 0FFFFFFFFh
.text:00421F8A F2 AE repne scasb
.text:00421F8C F7 D1 not ecx
.text:00421F8E 2B F9 sub edi, ecx
.text:00421F90 8B F7 mov esi, edi
.text:00421F92 8B FA mov edi, edx
.text:00421F94 8B D1 mov edx, ecx
.text:00421F96 83 C9 FF or ecx, 0FFFFFFFFh
.text:00421F99 F2 AE repne scasb
.text:00421F9B 8B CA mov ecx, edx
.text:00421F9D 4F dec edi
.text:00421F9E C1 E9 02 shr ecx, 2
.text:00421FA1 F3 A5 rep movsd
.text:00421FA3 8B CA mov ecx, edx
.text:00421FA5 8D 94 24 80 00 00+lea edx, [esp+80h]
.text:00421FAC 83 E1 03 and ecx, 3
.text:00421FAF F3 A4 rep movsb
.text:00421FB1 83 C9 FF or ecx, 0FFFFFFFFh
.text:00421FB4 8D 7C 24 3C lea edi, [esp+3Ch]
.text:00421FB8 F2 AE repne scasb
.text:00421FBA F7 D1 not ecx
.text:00421FBC 2B F9 sub edi, ecx
.text:00421FBE 8B C1 mov eax, ecx
.text:00421FC0 8B F7 mov esi, edi
.text:00421FC2 C1 E9 02 shr ecx, 2
.text:00421FC5 8B FA mov edi, edx
.text:00421FC7 8D 54 24 3C lea edx, [esp+3Ch]
.text:00421FCB F3 A5 rep movsd
.text:00421FCD 8B C8 mov ecx, eax
.text:00421FCF 33 C0 xor eax, eax
.text:00421FD1 83 E1 03 and ecx, 3
.text:00421FD4 F3 A4 rep movsb
.text:00421FD6 BF 38 86 46 00 mov edi, offset asc_468638 ; "-"
.text:00421FDB 83 C9 FF or ecx, 0FFFFFFFFh
.text:00421FDE F2 AE repne scasb
.text:00421FE0 F7 D1 not ecx
.text:00421FE2 2B F9 sub edi, ecx
.text:00421FE4 8B F7 mov esi, edi
.text:00421FE6 8B FA mov edi, edx
.text:00421FE8 8B D1 mov edx, ecx
.text:00421FEA 83 C9 FF or ecx, 0FFFFFFFFh
.text:00421FED F2 AE repne scasb
.text:00421FEF 8B CA mov ecx, edx
.text:00421FF1 4F dec edi
.text:00421FF2 C1 E9 02 shr ecx, 2
.text:00421FF5 F3 A5 rep movsd
.text:00421FF7 8B CA mov ecx, edx
.text:00421FF9 8D 54 24 3C lea edx, [esp+3Ch]
.text:00421FFD 83 E1 03 and ecx, 3
.text:00422000 F3 A4 rep movsb
.text:00422002 8D 7C 24 18 lea edi, [esp+18h]
.text:00422006 83 C9 FF or ecx, 0FFFFFFFFh
.text:00422009 F2 AE repne scasb
.text:0042200B F7 D1 not ecx
.text:0042200D 2B F9 sub edi, ecx
.text:0042200F 8B F7 mov esi, edi
.text:00422011 8B FA mov edi, edx
.text:00422013 8B D1 mov edx, ecx
.text:00422015 83 C9 FF or ecx, 0FFFFFFFFh
.text:00422018 F2 AE repne scasb
.text:0042201A 8B CA mov ecx, edx
.text:0042201C 4F dec edi
.text:0042201D C1 E9 02 shr ecx, 2
.text:00422020 F3 A5 rep movsd
.text:00422022 8B CA mov ecx, edx
.text:00422024 8D 44 24 74 lea eax, [esp+74h]
.text:00422028 83 E1 03 and ecx, 3
.text:0042202B 50 push eax
.text:0042202C F3 A4 rep movsb
//以上是把註冊碼1,2,3欄連線成:“SC8-111111-2222222”
.text:0042202E 8D 4C 24 34 lea ecx, [esp+34h]
.text:00422032 8D 94 24 84 00 00+lea edx, [esp+84h] //edx指向“SC8-111111-2222222”
.text:00422039 51 push ecx
.text:0042203A 52 push edx
.text:0042203B 8B CD mov ecx, ebp
.text:0042203D E8 9E FC FF FF call sub_421CE0 //關鍵的call,進入
{
sub_421CE0 proc near ; CODE XREF: .text:0042203Dp
.text:00421CE0
.text:00421CE0 var_48= byte ptr -48h
.text:00421CE0 var_18= dword ptr -18h
.text:00421CE0 arg_0= dword ptr 4
.text:00421CE0 arg_4= dword ptr 8
.text:00421CE0 arg_8= dword ptr 0Ch
.text:00421CE0
.text:00421CE0 83 EC 18 sub esp, 18h
.text:00421CE3 B9 06 00 00 00 mov ecx, 6
.text:00421CE8 53 push ebx
.text:00421CE9 8B 5C 24 20 mov ebx, [esp+1Ch+arg_0] //ebx指向輸入引數“SC8-111111-2222222”
.text:00421CED 56 push esi
.text:00421CEE 57 push edi
.text:00421CEF BE 20 86 46 00 mov esi, offset aRhtlmwyaefXjpk ; "RHTLMWYAEF XJPKCG"
//esi指向字串表:"RHTLMWYAEF XJPKCG"
.text:00421CF4 8D 7C 24 0C lea edi, [esp+24h+var_18]
.text:00421CF8 F3 A5 rep movsd
.text:00421CFA 53 push ebx ; char * //ebx指向“SC8-111111-2222222”入C
.text:00421CFB E8 21 82 01 00 call __strupr //把“SC8-111111-2222222”轉成大寫
.text:00421D00 8B FB mov edi, ebx
.text:00421D02 83 C9 FF or ecx, 0FFFFFFFFh
.text:00421D05 33 C0 xor eax, eax
.text:00421D07 83 C4 04 add esp, 4
.text:00421D0A F2 AE repne scasb
.text:00421D0C F7 D1 not ecx
.text:00421D0E 49 dec ecx
.text:00421D0F BE 01 00 00 00 mov esi, 1 //esi=1
.text:00421D14 8B F9 mov edi, ecx //edi為“SC8-111111-2222222”長度值
.text:00421D16 0F 84 8F 00 00 00 jz loc_421DAB
.text:00421D1C 33 D2 xor edx, edx
.text:00421D1E 85 FF test edi, edi
.text:00421D20 7E 2F jle short loc_421D51 //長度為0則結束
.text:00421D22 55 push ebp
.text:00421D23
.text:00421D23 loc_421D23: ; CODE XREF: sub_421CE0+6Ej
.text:00421D23 8A 03 mov al, [ebx] //al為ebx指向的第i個字元
.text:00421D25 8B CA mov ecx, edx //這裡ecx=edx=0
.text:00421D27 81 E1 07 00 00 80 and ecx, 80000007h //ecx=ecx and 80000007h
.text:00421D2D 79 05 jns short loc_421D34 //ecx>0 則跳到loc_421D34
.text:00421D2F 49 dec ecx //否則ecx--
.text:00421D30 83 C9 F8 or ecx, 0FFFFFFF8h //ecx=ecx or 0FFFFFFF8h
.text:00421D33 41 inc ecx //ecx++
.text:00421D34
.text:00421D34 loc_421D34: ; CODE XREF: sub_421CE0+4Dj
.text:00421D34 66 0F BE E8 movsx bp, al //bp=al
.text:00421D38 D3 E5 shl ebp, cl //ebp=ebp 左移cl位
.text:00421D3A 33 F5 xor esi, ebp //esi=esi xor ebp
.text:00421D3C A8 01 test al, 1
.text:00421D3E 74 04 jz short loc_421D44 //判斷(al and 1)的結果為0則跳到loc_421D44
.text:00421D40 03 F6 add esi, esi //否則esi=esi+esi
.text:00421D42 EB 06 jmp short loc_421D4A
.text:00421D44 ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
.text:00421D44
.text:00421D44 loc_421D44: ; CODE XREF: sub_421CE0+5Ej
.text:00421D44 81 F6 AD DE 00 00 xor esi, 0DEADh //esi=esi xor 0DEADh
.text:00421D4A
.text:00421D4A loc_421D4A: ; CODE XREF: sub_421CE0+62j
.text:00421D4A 43 inc ebx //ebx++
.text:00421D4B 42 inc edx //edx++
.text:00421D4C 3B D7 cmp edx, edi //比較dx與edi(為“SC8-111111-2222222”長度值)
.text:00421D4E 7C D3 jl short loc_421D23 //小於則繼續迴圈比較
.text:00421D50 5D pop ebp
.text:00421D51
.text:00421D51 loc_421D51: ; CODE XREF: sub_421CE0+40j
.text:00421D51 8B 7C 24 2C mov edi, [esp+24h+arg_4]
.text:00421D55 81 E6 FF FF 00 00 and esi, 0FFFFh //esi=esi and 0FFFFh(esi為上面迴圈處理的中間結果資料)
.text:00421D5B 56 push esi //esi入C
.text:00421D5C 68 18 86 46 00 push offset a04x ; "%04X"
.text:00421D61 57 push edi
.text:00421D62 E8 8D 8C 00 00 call _sprintf //把esi轉成長度為4位的16進位制資料,儲存到[edi]="AFE3"
.text:00421D67 83 C4 0C add esp, 0Ch
.text:00421D6A 81 F6 D1 BA 00 00 xor esi, 0BAD1h //esi=esi xor 0BAD1h
.text:00421D70 56 push esi //esi入C
.text:00421D71 8B 74 24 34 mov esi, [esp+28h+arg_8]
.text:00421D75 68 18 86 46 00 push offset a04x ; "%04X"
.text:00421D7A 56 push esi
.text:00421D7B E8 74 8C 00 00 call _sprintf //把esi轉成長度為4位的16進位制資料,儲存到[esi]="1532"
.text:00421D80 83 C4 0C add esp, 0Ch
.text:00421D83 33 C0 xor eax, eax //eax=0
.text:00421D85
.text:00421D85 loc_421D85: ; CODE XREF: sub_421CE0+B5j
.text:00421D85 0F BE 0C 38 movsx ecx, byte ptr [eax+edi] //ecx指向[edi]第i個字元
.text:00421D89 40 inc eax //eax++
.text:00421D8A 8A 54 0C DC mov dl, [esp+ecx+24h+var_48] //取得字串表"RHTLMWYAEF XJPKCG"中對應的字元
.text:00421D8E 83 F8 04 cmp eax, 4 //判斷是否處理完
.text:00421D91 88 54 38 FF mov [eax+edi-1], dl //將取得的字元儲存回去
.text:00421D95 7C EE jl short loc_421D85 //迴圈處理,處理完後[edi]="XGCL"
.text:00421D97 33 C0 xor eax, eax
.text:00421D99
.text:00421D99 loc_421D99: ; CODE XREF: sub_421CE0+C9j
.text:00421D99 0F BE 0C 30 movsx ecx, byte ptr [eax+esi] //ecx指向[esi]第i個字元
.text:00421D9D 40 inc eax
.text:00421D9E 8A 54 0C DC mov dl, [esp+ecx+24h+var_48] //取得字串表"RHTLMWYAEF XJPKCG"中對應的字元
.text:00421DA2 83 F8 04 cmp eax, 4 //判斷是否處理完
.text:00421DA5 88 54 30 FF mov [eax+esi-1], dl //將取得的字元儲存回去
.text:00421DA9 7C EE jl short loc_421D99 //迴圈處理,處理完後[esi]="HWLT"
.text:00421DAB
.text:00421DAB loc_421DAB: ; CODE XREF: sub_421CE0+36j
.text:00421DAB 5F pop edi
.text:00421DAC 5E pop esi
.text:00421DAD 5B pop ebx
.text:00421DAE 83 C4 18 add esp, 18h
.text:00421DB1 C2 0C 00 retn 0Ch
.text:00421DB1 sub_421CE0 endp
}
.text:00422042 8B 83 39 01 00 00 mov eax, [ebx+139h]
.text:00422048 85 C0 test eax, eax
.text:0042204A 74 25 jz short loc_422071
.text:0042204C 8D 7C 24 30 lea edi, [esp+30h]
.text:00422050 83 C9 FF or ecx, 0FFFFFFFFh
.text:00422053 33 C0 xor eax, eax
.text:00422055 8D 54 24 18 lea edx, [esp+18h]
.text:00422059 F2 AE repne scasb
.text:0042205B F7 D1 not ecx
.text:0042205D 2B F9 sub edi, ecx
.text:0042205F 8B C1 mov eax, ecx
.text:00422061 8B F7 mov esi, edi
.text:00422063 8B FA mov edi, edx
.text:00422065 C1 E9 02 shr ecx, 2
.text:00422068 F3 A5 rep movsd
.text:0042206A 8B C8 mov ecx, eax
.text:0042206C 83 E1 03 and ecx, 3
.text:0042206F F3 A4 rep movsb
.text:00422071
.text:00422071 loc_422071: ; CODE XREF: .text:0042204Aj
.text:00422071 8D 74 24 30 lea esi, [esp+30h] //esi指向"XGCL"
.text:00422075 8D 44 24 18 lea eax, [esp+18h] //eax指向"3333"
.text:00422079 5F pop edi
.text:0042207A
.text:0042207A loc_42207A: ; CODE XREF: .text:0042209Cj
.text:0042207A 8A 10 mov dl, [eax] //dl指向字元"3333"第1個字元
.text:0042207C 8A 1E mov bl, [esi] //bl指向字元"XGCL"第1個字元
.text:0042207E 8A CA mov cl, dl //cl=dl
.text:00422080 3A D3 cmp dl, bl //比較dl,bl
.text:00422082 75 1E jnz short loc_4220A2 //不等結束
.text:00422084 84 C9 test cl, cl //測試cl是否為0
.text:00422086 74 16 jz short loc_42209E //為0結束
.text:00422088 8A 50 01 mov dl, [eax+1] //dl指向字元"3333"第2個字元
.text:0042208B 8A 5E 01 mov bl, [esi+1] //bl指向字元"XGCL"第2個字元
.text:0042208E 8A CA mov cl, dl
.text:00422090 3A D3 cmp dl, bl //比較dl,bl
.text:00422092 75 0E jnz short loc_4220A2
.text:00422094 83 C0 02 add eax, 2
.text:00422097 83 C6 02 add esi, 2
.text:0042209A 84 C9 test cl, cl 測試cl是否為0
.text:0042209C 75 DC jnz short loc_42207A //不為0跳回繼續比較下面2個字元
.text:0042209E
.text:0042209E loc_42209E: ; CODE XREF: .text:00422086j
.text:0042209E 33 C0 xor eax, eax //都相等後,由00422086跳到這裡,eax=0
.text:004220A0 EB 05 jmp short loc_4220A7
.text:004220A2 ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
.text:004220A2
.text:004220A2 loc_4220A2: ; CODE XREF: .text:00422082j
.text:004220A2 ; .text:00422092j
.text:004220A2 1B C0 sbb eax, eax
.text:004220A4 83 D8 FF sbb eax, 0FFFFFFFFh
.text:004220A7
.text:004220A7 loc_4220A7: ; CODE XREF: .text:004220A0j
.text:004220A7 85 C0 test eax, eax
.text:004220A9 74 7C jz short loc_422127 //跳到loc_422127
.text:004220AB 8D 74 24 70 lea esi, [esp+70h]
.text:004220AF 8D 44 24 14 lea eax, [esp+14h]
.text:004220B3
.text:004220B3 loc_4220B3: ; CODE XREF: .text:004220D5j
.text:004220B3 8A 10 mov dl, [eax]
.text:004220B5 8A 1E mov bl, [esi]
.text:004220B7 8A CA mov cl, dl
.text:004220B9 3A D3 cmp dl, bl
.text:004220BB 75 1E jnz short loc_4220DB
.text:004220BD 84 C9 test cl, cl
.text:004220BF 74 16 jz short loc_4220D7
.text:004220C1 8A 50 01 mov dl, [eax+1]
.text:004220C4 8A 5E 01 mov bl, [esi+1]
.text:004220C7 8A CA mov cl, dl
.text:004220C9 3A D3 cmp dl, bl
.text:004220CB 75 0E jnz short loc_4220DB
.text:004220CD 83 C0 02 add eax, 2
.text:004220D0 83 C6 02 add esi, 2
.text:004220D3 84 C9 test cl, cl
.text:004220D5 75 DC jnz short loc_4220B3
.text:004220D7
.text:004220D7 loc_4220D7: ; CODE XREF: .text:004220BFj
.text:004220D7 33 C0 xor eax, eax
.text:004220D9 EB 05 jmp short loc_4220E0
.text:004220DB ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
.text:004220DB
.text:004220DB loc_4220DB: ; CODE XREF: .text:004220BBj
.text:004220DB ; .text:004220CBj
.text:004220DB 1B C0 sbb eax, eax
.text:004220DD 83 D8 FF sbb eax, 0FFFFFFFFh
.text:004220E0
.text:004220E0 loc_4220E0: ; CODE XREF: .text:004220D9j
.text:004220E0 85 C0 test eax, eax
.text:004220E2 74 43 jz short loc_422127
.text:004220E4 8B 74 24 20 mov esi, [esp+20h]
.text:004220E8 68 60 C4 46 00 push offset ValueName
.text:004220ED 8B CE mov ecx, esi
.text:004220EF E8 6C D3 01 00 call sub_43F460
.text:004220F4 8B 4C 24 28 mov ecx, [esp+28h]
.text:004220F8 68 60 C4 46 00 push offset ValueName
.text:004220FD E8 5E D3 01 00 call sub_43F460
.text:00422102 8B 4C 24 24 mov ecx, [esp+24h]
.text:00422106 68 60 C4 46 00 push offset ValueName
.text:0042210B E8 50 D3 01 00 call sub_43F460
.text:00422110 6A FF push 0FFFFFFFFh
.text:00422112 6A 30 push 30h
.text:00422114 68 5F EF 00 00 push 0EF5Fh
.text:00422119 E8 18 41 02 00 call sub_446236
.text:0042211E 8B CE mov ecx, esi
.text:00422120 E8 8A D4 01 00 call sub_43F5AF
.text:00422125 EB 2C jmp short loc_422153
.text:00422127 ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
.text:00422127
.text:00422127 loc_422127: ; CODE XREF: .text:004220A9j
.text:00422127 ; .text:004220E2j
.text:00422127 8D 44 24 7C lea eax, [esp+7Ch]
.text:0042212B 8D 8D B4 00 00 00 lea ecx, [ebp+0B4h]
.text:00422131 50 push eax
.text:00422132 E8 AC E6 01 00 call ??4CString@@QAEABV0@PBD@Z ; CString::operator=(char const *)
.text:00422137 8D 4C 24 14 lea ecx, [esp+14h]
.text:0042213B 51 push ecx
.text:0042213C 8D 8D B8 00 00 00 lea ecx, [ebp+0B8h]
.text:00422142 E8 9C E6 01 00 call ??4CString@@QAEABV0@PBD@Z ; CString::operator=(char const *)
.text:00422147 68 1F 04 00 00 push 41Fh
.text:0042214C 8B CD mov ecx, ebp
.text:0042214E E8 3B E0 01 00 call sub_44018E
.text:00422153
.text:00422153 loc_422153: ; CODE XREF: .text:00421EA0j
.text:00422153 ; .text:00422125j
.text:00422153 8D 4C 24 0C lea ecx, [esp+0Ch]
.text:00422157 C6 84 24 A4 00 00+mov byte ptr [esp+0A4h], 0
.text:0042215F E8 42 E5 01 00 call sub_4406A6
.text:00422164 8D 4C 24 10 lea ecx, [esp+10h]
.text:00422168 C7 84 24 A4 00 00+mov dword ptr [esp+0A4h], 0FFFFFFFFh
.text:00422173 E8 2E E5 01 00 call sub_4406A6
.text:00422178 8B 8C 24 9C 00 00+mov ecx, [esp+9Ch]
.text:0042217F 5E pop esi
.text:00422180 5D pop ebp
.text:00422181 5B pop ebx
.text:00422182 64 89 0D 00 00 00+mov large fs:0, ecx
.text:00422189 81 C4 9C 00 00 00 add esp, 9Ch
.text:0042218F C3 retn
序號產生器就不寫了,可用的一組註冊碼“SC8-111111-2222222-XGCL”。
寫的好累人,謝謝您耐心看完。
daxia2002 於2004-7-17
相關文章
- Windows System Optimizer V3.1演算法分析2015-11-15Windows演算法
- TS 分析字串實現 Commander.js 自動強型別2022-11-24字串JS型別
- commander.js基本用法2019-03-15JS
- 簡單演算法:迷你網路電視演算法分析 (8千字)2015-11-15演算法
- System State 轉儲分析案例一則2016-04-13
- Linux 裡的Norton Commander (轉)2007-12-07Linux
- system表空間不足的問題分析2015-09-21
- 玩轉Total Commander也不難(轉)2007-08-11
- Screen Demo Maker
V3.0註冊演算法分析 (8千字)2002-09-10演算法
- system表空間不足的問題分析(二)2016-02-10
- win10 double commander如何安裝_win10系統double commander安裝步驟【圖文】2020-04-15Win10
- 演算法進階(8): EM演算法2020-12-22演算法
- 8種排序演算法2019-03-21排序演算法
- 演算法分析2024-10-09演算法
- GSview V4.12 for Windows註冊演算法分析 -
OCG (8千字)2015-11-15ViewWindows演算法
- 如何在Total Commander中使用命令列2008-10-24命令列
- LINUX核心分析。82016-07-30Linux
- 【演算法】8皇后問題2012-09-29演算法
- 雙視窗檔案管理器Commander One2022-06-17
- 如何使用Commander One Mac來壓縮檔案?2020-10-06Mac
- 暴力破解windows Commander 4.52 (5千字)2001-02-19Windows
- 用隱藏引數為Windows Commander提速(轉)2007-08-11Windows
- 生成式藝術和演算法創作07 L-system2018-11-23演算法
- 雪花演算法對System.currentTimeMillis()優化真的有用麼?2021-11-30演算法優化
- 以太坊原始碼分析(8)區塊分析2018-05-13原始碼
- System2024-03-21
- 菜鳥破解錄之 GIF Construction Set Pro及演算法分析
(8千字)2000-09-01Struct演算法
- 機器學習演算法筆記之8:聚類演算法2020-04-06機器學習演算法筆記聚類
- jdk8:垃圾回收演算法2018-08-05JDK演算法
- 【演算法練習】(8)眾數2018-03-02演算法
- CRAX Commander for Mac(雙窗格檔案管理器)2022-02-09Mac
- 註冊你的Windows Commander 4.51 (6千字)2000-09-11Windows
- 註冊你的Windows Commander 4.52(6千字)2001-03-22Windows
- 註冊你的Windows Commander 4.54 (5千字)2001-09-14Windows
- \淡破windows commander Ver4.5 (2千字)2000-08-01Windows
- 通過system state dump分析WAITED TOO LONG FOR A ROW CACHE ENQUEUE2015-05-02AIENQ
- 加解密演算法分析2020-06-29解密演算法
- 如何分析排序演算法2022-06-16排序演算法