Flash Desktop 2003 v1.0 -建立Flash動感桌面桌布
Flash Desktop 2003 v1.0 -建立Flash動感桌面桌布
軟體版本:
v1.0
軟體型別: 精品軟體
執行環境: Win9x/WinME/Win2000/WinXP
介面語言: English
Flash Desktop
可以幫助你快速的用Flash動畫建立動感的Windows桌面桌布,程式介面友好,非常容易使用,支援直接把轉換好的動態桌面製作為EXE格式的自解壓檔案來讓你的朋友和你一起分享!你是否厭倦了靜止的桌面,那麼快來到Flash
Desktop的世界,來體驗漂亮生動的動態桌面世界吧!
【作者宣告】:本人是個初學者,只是感興趣,可能我的表述不正確。敬請諸位大俠賜教!
【破解工具】:0llydbg v1.09cn TRW2000
V1.2
―――――――――――――――――――――――――――――――――
【過 程】:
這個軟體是在天天論壇裡看到的
,發現軟體的註冊碼好像是老外的不爽.就下了自己跟了跟.安裝後執行程式,出現註冊提示框,習慣的填使用者名稱 :fxyang 試驗碼: 789456123012
註冊出現"Your Registration information have been recorded.
In order to
validate the registration information, Flash Desktop need to be restarted."提示後就退出.是個重起效驗型的.脫殼,用0llydbg跟蹤了好幾次,就是沒有發現使用者名稱和試驗碼比較後進入註冊提示框...改比較跳轉後程式飛了.真TMD
後來想想--註冊碼的計算可能是在填資訊後進行的.於是用TRW2000 跟蹤 ,下bpx hmemcpy 中斷後來到如下:
0040FC31
MOV EAX, DWORD PTR DS:[EDX]
0040FC33 MOV
EDX, DWORD PTR DS:[EBX+2E0]
0040FC39 MOV DWORD PTR DS:[EAX+530],
EDX
0040FC3F MOV ECX, DWORD PTR DS:[EBX+2E8]
0040FC45
MOV DWORD PTR DS:[EAX+534], ECX
0040FC4B ADD
EAX, 4C4
0040FC50 PUSH EAX
; /Arg1
0040FC51 CALL
FlashD.004028A4 ; \計算註冊碼的call
0040FC56
POP ECX
0040FC57 PUSH 40
0040FC59
PUSH FlashD.004C6AE4 ;
ASCII "Flash Desktop"
0040FC5E PUSH FlashD.004C6A2B
; ASCII "Your Registration information have been recorded.In order to validate the registration information, Flash Desktop need to be restarted.
===================================================
CALL
FlashD.004028A4 ; \計算註冊碼的call
|
|
004029C3
CALL FlashD.0046EA14
004029C8 LEA
ECX, [LOCAL.5]
004029CB XOR EDX, EDX
004029CD
MOV EAX, DWORD PTR DS:[ECX]
004029CF LEA
ECX, [LOCAL.6]
004029D2 PUSH EAX
004029D3
PUSH EBX
004029D4 MOV
[LOCAL.6], EDX
004029D7 PUSH ECX
004029D8 INC
DWORD PTR DS:[ESI+1C]
004029DB
CALL FlashD.004022F8 <==第一次計算的CALL
004029E0 ADD ESP, 0C
004029E3 LEA
EAX, [LOCAL.6]
004029E6 PUSH EAX
004029E7 XOR
EDX, EDX
004029E9 MOV [LOCAL.7], EDX
004029EC
LEA EDX, [LOCAL.7]
004029EF INC DWORD
PTR DS:[ESI+1C]
004029F2 MOV EAX, DWORD PTR DS:[EBX+70]
004029F5
CALL FlashD.0046EA14
004029FA LEA
EDX, [LOCAL.7]
004029FD POP EAX
004029FE CALL
FlashD.004ABE90
00402A03 PUSH EAX
00402A04
DEC DWORD PTR DS:[ESI+1C]
00402A07 LEA
EAX, [LOCAL.7]
00402A0A MOV EDX, 2
00402A0F
CALL FlashD.004ABD94
***************************************************************
第一次計算
004022F8
PUSH EBP
004022F8 /$ 55
PUSH EBP
004022F9 |. 8BEC
MOV EBP, ESP
004022FB |. 83C4
8C ADD ESP, -74
004022FE |. B8
00264C00 MOV EAX, FlashD.004C2600
00402303 |. 53
PUSH EBX
00402304 |.
56 PUSH ESI
00402305
|. 57 PUSH EDI
00402306
|. 8B5D 0C MOV EBX, [ARG.2]
00402309
|. E8 EAF90900 CALL FlashD.004A1CF8
0040230E
|. C745 D4 01000>MOV [LOCAL.11], 1
00402315 |.
8D55 10 LEA EDX, [ARG.3]
00402318
|. 8D45 10 LEA EAX, [ARG.3]
0040231B
|. E8 4C990A00 CALL FlashD.004ABC6C
00402320
|. FF45 D4 INC [LOCAL.11]
00402323
|. 66:C745 C8 08>MOV WORD PTR SS:[EBP-38], 8
00402329
|. 33C0 XOR EAX, EAX
0040232B
|> C74483 18 FFF>/MOV DWORD PTR DS:[EBX+EAX*4+18],
-1
00402333 |. 40 |INC
EAX
00402334 |. 83F8 10 |CMP
EAX, 10
00402337 |.^ 7C F2
\JL SHORT FlashD.0040232B
00402339 |. 66:C745
C8 08>MOV WORD PTR SS:[EBP-38], 8
0040233F |. BF
01000000 MOV EDI, 1
00402344 |. 33C0
XOR EAX, EAX
00402346 |. 8945
B4 MOV [LOCAL.19], EAX
00402349 |>
66:C745 C8 08>/MOV WORD PTR SS:[EBP-38], 8
0040234F
|. BE 01000000 |MOV ESI, 1
00402354 |.
EB 2A |JMP SHORT FlashD.00402380
00402356
|> 8975 B0 |/MOV [LOCAL.20],
ESI
00402359 |. 8B45 B0 ||MOV
EAX, [LOCAL.20]
0040235C |. 50
||PUSH EAX
0040235D |. 8D55 10
||LEA EDX, [ARG.3]
00402360 |. 52
||PUSH EDX
00402361 |.
E8 4A980A00 ||CALL FlashD.004ABBB0
00402366 |. 83C4 08
||ADD ESP, 8
00402369 |. 8D45 10
||LEA EAX, [ARG.3]
0040236C |. E8 039C0A00
||CALL FlashD.004ABF74
00402371 |. 8B55 B0
||MOV EDX, [LOCAL.20]
00402374 |.
0355 10 ||ADD EDX, [ARG.3]
00402377
|. 4A ||DEC
EDX
00402378 |. 0FBE0A ||MOVSX
ECX, BYTE PTR DS:[EDX]
0040237B |. 014D B4
||ADD [LOCAL.19], ECX
0040237E |. 03F7
||ADD ESI, EDI
00402380 |> 837D
10 00 | CMP [ARG.3], 0
00402384 |. 74
08 ||JE SHORT FlashD.0040238E
00402386
|. 8B45 10 ||MOV EAX, [ARG.3]
00402389
|. 8B50 FC ||MOV EDX, DWORD PTR
DS:[EAX-4]
0040238C |. EB 02 ||JMP
SHORT FlashD.00402390
0040238E |> 33D2
||XOR EDX, EDX
00402390 |>
42 ||INC EDX
00402391
|. 3BF2 ||CMP ESI,
EDX
00402393 |.^ 7C C1 |\JL
SHORT FlashD.00402356
00402395 |. 8365 B4 0F |AND
[LOCAL.19], 0F
00402399 |. 837D B4 03 |CMP
[LOCAL.19], 3
0040239D |. 7D 21
|JGE SHORT FlashD.004023C0
0040239F |. 33C0
|XOR EAX, EAX
004023A1 |.
8945 B4 |MOV [LOCAL.19], EAX
004023A4
|. 47 |INC
EDI
004023A5 |. 837D 10 00 |CMP [ARG.3],
0
004023A9 |. 74 08 |JE
SHORT FlashD.004023B3
004023AB |. 8B4D 10
|MOV ECX, [ARG.3]
004023AE |. 8B41 FC
|MOV EAX, DWORD PTR DS:[ECX-4]
004023B1 |. EB
02 |JMP SHORT FlashD.004023B5
004023B3
|> 33C0 |XOR EAX,
EAX
004023B5 |> 3BF8 |CMP
EDI, EAX
004023B7 |.^ 7C 90
\JL SHORT FlashD.00402349
004023B9 |. C745
B4 03000>MOV [LOCAL.19], 3
004023C0 |> 66:C745
C8 08>MOV WORD PTR SS:[EBP-38], 8
004023C6 |. 33FF
XOR EDI, EDI
004023C8 |.
BE 01000000 MOV ESI, 1
004023CD |. E9
FC000000 JMP FlashD.004024CE
004023D2 |> 66:C745
C8 20>/MOV WORD PTR SS:[EBP-38], 20
004023D8 |. 33C0
|XOR EAX, EAX
004023DA |.
8945 F8 |MOV [LOCAL.2], EAX
004023DD
|. 8D4D F8 |LEA ECX, [LOCAL.2]
004023E0
|. FF45 D4 |INC [LOCAL.11]
004023E3
|. 8D54BB 74 |LEA EDX, DWORD PTR DS:[EBX+EDI*4+74>
004023E7
|. 8D45 10 |LEA EAX, [ARG.3]
004023EA
|. E8 FD990A00 |CALL FlashD.004ABDEC
004023EF
|. 66:C745 C8 14>|MOV WORD PTR SS:[EBP-38], 14
004023F5
|. 33D2 |XOR EDX,
EDX
004023F7 |. 8955 AC |MOV
[LOCAL.21], EDX
004023FA |> BF 01000000 |/MOV
EDI, 1
004023FF |> C745 A8 01000>||MOV
[LOCAL.22], 1
00402406 |. 66:C745 C8 14>||MOV
WORD PTR SS:[EBP-38], 14
0040240C |. EB 2E
||JMP SHORT FlashD.0040243C
0040240E |> 8B45
A8 ||/MOV EAX, [LOCAL.22]
00402411 |.
8945 A4 |||MOV [LOCAL.23], EAX
00402414
|. 8B55 A4 |||MOV EDX, [LOCAL.23]
00402417
|. 52 |||PUSH EDX
00402418 |. 8D4D F8 |||LEA
ECX, [LOCAL.2]
0040241B |.
51 |||PUSH ECX
0040241C
|. E8 8F970A00 |||CALL FlashD.004ABBB0
00402421 |. 83C4 08
|||ADD ESP, 8
00402424 |. 8D45 F8
|||LEA EAX, [LOCAL.2]
00402427 |. E8
489B0A00 |||CALL FlashD.004ABF74
0040242C |. 8B55
A4 |||MOV EDX, [LOCAL.23]
0040242F |.
0355 F8 |||ADD EDX, [LOCAL.2]
00402432
|. 4A |||DEC
EDX
00402433 |. 0FBE0A |||MOVSX
ECX, BYTE PTR DS:[EDX]
00402436 |. 014D AC
|||ADD [LOCAL.21], ECX <==各位的hex值相加
00402439
|. 017D A8 |||ADD [LOCAL.22], EDI
0040243C
|> 837D F8 00 || CMP [LOCAL.2], 0
00402440
|. 74 08 |||JE SHORT
FlashD.0040244A
00402442 |. 8B45 F8 |||MOV
EAX, [LOCAL.2]
00402445 |. 8B50 FC
|||MOV EDX, DWORD PTR DS:[EAX-4]
00402448 |. EB
02 |||JMP SHORT FlashD.0040244C
0040244A
|> 33D2 |||XOR
EDX, EDX
0040244C |> 42 |||INC
EDX
0040244D |. 3B55 A8 |||CMP
EDX, [LOCAL.22]
00402450 |.^ 7F BC
||\JG SHORT FlashD.0040240E
00402452 |. 8365
AC 0F ||AND [LOCAL.21], 0F
<==相加的值取最後一位
00402456 |. 66:C745 C8 14>||MOV
WORD PTR SS:[EBP-38], 14
0040245C |. B8 01000000 ||MOV
EAX, 1
00402461 |> 8B5483 18 ||/MOV
EDX, DWORD PTR DS:[EBX+EAX*4+>
00402465 |. 83FA FF
|||CMP EDX, -1
00402468 |. 74 44
|||JE SHORT FlashD.004024AE
0040246A
|. 3B55 AC |||CMP EDX, [LOCAL.21]
0040246D
|. 75 34 |||JNZ SHORT FlashD.004024A3
0040246F
|. 33C0 |||XOR EAX,
EAX
00402471 |. 8945 AC |||MOV
[LOCAL.21], EAX
00402474 |. 47
|||INC EDI
00402475 |. 837D F8 00 |||CMP
[LOCAL.2], 0
00402479 |. 74 08
|||JE SHORT FlashD.00402483
0040247B |. 8B4D
F8 |||MOV ECX, [LOCAL.2]
0040247E |.
8B41 FC |||MOV EAX, DWORD PTR DS:[ECX-4]
00402481
|. EB 02 |||JMP SHORT FlashD.00402485
00402483
|> 33C0 |||XOR
EAX, EAX
00402485 |> 3BF8 |||CMP
EDI, EAX
00402487 |.^ 0F8C 72FFFFFF |||JL
FlashD.004023FF
0040248D |. 8B44B3 14 |||MOV
EAX, DWORD PTR DS:[EBX+ESI*4+>
00402491 |. 40
|||INC EAX
00402492
|. 8944B3 18 |||MOV DWORD PTR DS:[EBX+ESI*4+18],
>
00402496 |. 83F8 0F |||CMP
EAX, 0F
00402499 |. 7E 13 |||JLE
SHORT FlashD.004024AE
0040249B |. 33D2
|||XOR EDX, EDX
0040249D |. 8954B3 18
|||MOV DWORD PTR DS:[EBX+ESI*4+18], >
004024A1
|. EB 0B |||JMP SHORT FlashD.004024AE
004024A3
|> 40 |||INC
EAX
004024A4 |. 83F8 10 |||CMP
EAX, 10
004024A7 |.^ 7C B8 ||\JL
SHORT FlashD.00402461
004024A9 |.^ E9 4CFFFFFF |\JMP
FlashD.004023FA
004024AE |> 8B45 AC
|MOV EAX, [LOCAL.21]
004024B1 |. 8944B3 18
|MOV DWORD PTR DS:[EBX+ESI*4+18], EA>
004024B5 |.
8BF8 |MOV EDI, EAX
004024B7
|. FF4D D4 |DEC [LOCAL.11]
004024BA
|. 8D45 F8 |LEA EAX, [LOCAL.2]
004024BD
|. BA 02000000 |MOV EDX, 2
004024C2 |.
E8 CD980A00 |CALL FlashD.004ABD94
004024C7 |.
66:C745 C8 08>|MOV WORD PTR SS:[EBP-38], 8
004024CD
|. 46 |INC
ESI
004024CE |> 8B4D B4 MOV
ECX, [LOCAL.19]
004024D1 |. 41
|INC ECX
004024D2 |. 3BF1
|CMP ESI, ECX
004024D4 |.^ 0F8C F8FEFFFF
\JL FlashD.004023D2
004024DA |. C745 A0 01000>MOV
[LOCAL.24], 1
004024E1 |. 66:C745 C8 08>MOV
WORD PTR SS:[EBP-38], 8
004024E7 |. E9 31010000 JMP
FlashD.0040261D
==============================================
以上演算法總結:
由於計算方法重複並且複雜,我只能說個基本的流程
把使用者名稱和各個字串連線後把各位的hex值相加 ==>DS:[EBP-54]設位 M1
然後把
M1 AND 0F <==相加的值取最後一位
一共計算24組
|
004024EC
/XOR EAX, EAX
004024EE |MOV [LOCAL.25],
EAX
004024F1 |MOV WORD PTR SS:[EBP-38], 8
004024F7 |MOV
ESI, 1
004024FC |JMP SHORT FlashD.00402520
004024FE
|/MOV EDI, ESI
00402500 ||PUSH EDI
00402501 ||LEA EAX, [ARG.3]
00402504 ||PUSH EAX
00402505 ||CALL FlashD.004ABBB0
0040250A ||ADD ESP, 8
0040250D
||LEA EAX, [ARG.3]
00402510 ||CALL FlashD.004ABF74
00402515
||ADD EDI, [ARG.3]
00402518 ||DEC EDI
00402519
||MOVSX EDX, BYTE PTR DS:[EDI]
0040251C ||ADD
[LOCAL.25], EDX
;
//使用者名稱的各位的hex值 相加==>SS:[12F478]=028D
0040251F ||INC
ESI
00402520 | CMP [ARG.3], 0
00402524 ||JE
SHORT FlashD.0040252E
00402526 ||MOV ECX,
[ARG.3]
00402529 ||MOV EAX, DWORD PTR DS:[ECX-4]
0040252C
||JMP SHORT FlashD.00402530
0040252E ||XOR
EAX, EAX
00402530 ||INC EAX
00402531 ||CMP
ESI, EAX
00402533 |\JL SHORT FlashD.004024FE
00402535
|MOV EDX, [LOCAL.24]
00402538 |MOV
EAX, DWORD PTR DS:[EBX+EDX*4+18>; EAX=0B
0040253C |SHL
EAX, 2
0040253F |ADD EAX, EBX
00402541 |ADD
EAX, 74
00402544 |CMP DWORD PTR DS:[EAX],
0
00402547 |JE SHORT FlashD.00402550
00402549
|MOV EDX, DWORD PTR DS:[EAX]
0040254B |MOV
ECX, DWORD PTR DS:[EDX-4]
0040254E |JMP SHORT FlashD.00402552
00402550
|XOR ECX, ECX
00402552 |MOV [LOCAL.26],
ECX
00402555 |MOV WORD PTR SS:[EBP-38], 8
0040255B |CMP
[ARG.3], 0
0040255F |JE SHORT FlashD.00402569
00402561
|MOV EDX, [ARG.3]
00402564 |MOV EDX,
DWORD PTR DS:[EDX-4]
00402567 |JMP SHORT FlashD.0040256B
00402569
|XOR EDX, EDX
0040256B |MOV EAX, [LOCAL.24]
0040256E
|MOV EAX, DWORD PTR DS:[EBX+EAX*4+18>
00402572 |SHL
EAX, 2
00402575 |ADD EAX, EBX
00402577
|ADD EAX, 74
0040257A |CMP DWORD PTR
DS:[EAX], 0
0040257D |JE SHORT FlashD.00402586
0040257F
|MOV ECX, DWORD PTR DS:[EAX]
00402581 |MOV
EAX, DWORD PTR DS:[ECX-4]
00402584 |JMP SHORT FlashD.00402588
00402586
|XOR EAX, EAX
00402588 |CMP EDX, EAX
0040258A
|JGE SHORT FlashD.0040259F
0040258C |CMP
[ARG.3], 0
00402590 |JE SHORT FlashD.0040259A
00402592
|MOV EDX, [ARG.3]
; EDX<==SS:[12F4EC]=00DB3BA4,(ASCII
"fxyang")
00402595
|MOV ECX, DWORD PTR DS:[EDX-4] ; ECX=6
00402598
|JMP SHORT FlashD.0040259C
0040259A |XOR
ECX, ECX
0040259C |MOV [LOCAL.26], ECX
0040259F |MOV
ESI, 1
004025A4 |JMP SHORT FlashD.00402601
004025A6
|/MOV [LOCAL.27], ESI
004025A9 ||MOV
EAX, [LOCAL.27]
004025AC ||PUSH EAX
004025AD
||LEA EDX, [ARG.3]
004025B0 ||PUSH EDX
004025B1
||CALL FlashD.004ABBB0
004025B6 ||ADD ESP, 8
004025B9 ||LEA
EAX, [ARG.3]
004025BC ||CALL FlashD.004ABF74
004025C1
||MOV EDX, [LOCAL.27]
004025C4 ||ADD
EDX, [ARG.3]
004025C7 ||DEC EDX
004025C8 ||MOV
CL, BYTE PTR DS:[EDX]
004025CA ||PUSH ECX
004025CB
||MOV EAX, [LOCAL.24]
004025CE ||MOV
EDI, DWORD PTR DS:[EBX+EAX*4+1>
004025D2 ||MOV [LOCAL.28],
ESI
004025D5 ||SHL EDI, 2
004025D8 ||MOV
EAX, [LOCAL.28]
004025DB ||ADD EDI, EBX
004025DD
||PUSH EAX
004025DE ||ADD
EDI, 74
004025E1 ||PUSH EDI
004025E2
||CALL FlashD.004ABBB0
004025E7 ||ADD ESP, 8
004025EA ||MOV
EAX, EDI
004025EC ||CALL FlashD.004ABF74
004025F1
||MOV EDX, DWORD PTR DS:[EDI]
004025F3 ||ADD
EDX, [LOCAL.28]
004025F6 ||DEC EDX
004025F7 ||POP
ECX
004025F8 ||AND CL, BYTE PTR DS:[EDX]
-------------------------------------
以上演算法總結:
由於計算方法重複並且複雜,我只能說個基本的流程
使用者名稱的各位的hex值 AND ICC_PROGRES_CLASS的各位的hex值
ApplyChngesMuliByteoideChar
AND fxyang
繼續,一共12組
004025FA
|. 0FBEC1 ||MOVSX EAX, CL
004025FD
|. 0145 9C ||ADD [LOCAL.25], EAX
; 上面的值在SS:[12F478]中累加
00402600 |. 46
||INC ESI
00402601 |> 8B55
98 | MOV EDX, [LOCAL.26] ; EDX=6
00402604
|. 42 ||INC
EDX
00402605 |. 3BF2 ||CMP
ESI, EDX
00402607 |.^ 7C 9D |\JL
SHORT FlashD.004025A6
00402609 |. F645 9C 01
|TEST BYTE PTR SS:[EBP-64], 1; SS:[12F478]=11
0040260D
|. 0F95C1 |SETNE CL
00402610
|. 83E1 01 |AND ECX, 1
00402613
|. 8B45 A0 |MOV EAX, [LOCAL.24]
00402616
|. 884C03 08 |MOV BYTE PTR DS:[EBX+EAX+8],
CL
0040261A |. FF45 A0 |INC
[LOCAL.24]
0040261D |> 8B55 B4 MOV
EDX, [LOCAL.19]
00402620 |. 42
|INC EDX
00402621 |. 3B55 A0
|CMP EDX, [LOCAL.24]
00402624 |.^
0F8F C2FEFFFF \JG FlashD.004024EC
0040262A |. 66:C745
C8 2C>MOV WORD PTR SS:[EBP-38], 2C
00402630 |. 8D55
10 LEA EDX, [ARG.3]
00402633 |. 8D45
FC LEA EAX, [LOCAL.1]
00402636 |.
E8 31960A00 CALL FlashD.004ABC6C
0040263B |.
FF45 D4 INC [LOCAL.11]
0040263E |.
66:C745 C8 08>MOV WORD PTR SS:[EBP-38], 8
00402644 |.
BE 01000000 MOV ESI, 1
00402649 |. E9
F3010000 JMP FlashD.00402841
0040264E |> 66:C745
C8 44>/MOV WORD PTR SS:[EBP-38], 44
00402654 |. 8D54B3
74 |LEA EDX, DWORD PTR DS:[EBX+ESI*4+74>
00402658
|. 8D45 F4 |LEA EAX, [LOCAL.3]
0040265B
|. E8 0C960A00 |CALL FlashD.004ABC6C
00402660
|. FF45 D4 |INC [LOCAL.11]
00402663
|. 66:C745 C8 38>|MOV WORD PTR SS:[EBP-38], 38
00402669
|. 807C33 08 00 |CMP BYTE PTR DS:[EBX+ESI+8],
0
0040266E |. 0F84 BF000000 |JE FlashD.00402733
00402674
|. 66:C745 C8 50>|MOV WORD PTR SS:[EBP-38], 50
0040267A
|. BA 0A164C00 |MOV EDX, FlashD.004C160A
0040267F
|. 8D45 F0 |LEA EAX, [LOCAL.4]
00402682
|. E8 AD950A00 |CALL FlashD.004ABC34
00402687
|. FF45 D4 |INC [LOCAL.11]
0040268A
|. 8D55 F0 |LEA EDX, [LOCAL.4]
0040268D
|. 8D45 F4 |LEA EAX, [LOCAL.3]
00402690
|. E8 2F970A00 |CALL FlashD.004ABDC4
00402695
|. FF4D D4 |DEC [LOCAL.11]
00402698
|. 8D45 F0 |LEA EAX, [LOCAL.4]
0040269B
|. BA 02000000 |MOV EDX, 2
004026A0 |.
E8 EF960A00 |CALL FlashD.004ABD94
004026A5 |.
8D4CB3 74 |LEA ECX, DWORD PTR DS:[EBX+ESI*4+74>
004026A9
|. 894D 8C |MOV [LOCAL.29], ECX
004026AC
|. 8B45 8C |MOV EAX, [LOCAL.29]
004026AF
|. 8338 00 |CMP DWORD PTR DS:[EAX],
0
004026B2 |. 74 0A |JE
SHORT FlashD.004026BE
004026B4 |. 8B55 8C
|MOV EDX, [LOCAL.29]
004026B7 |. 8B0A
|MOV ECX, DWORD PTR DS:[EDX]
; ECX<== DS:[D92B34]=00D95104,(ASCII "ExtractFilePath(ParamStr(0))"
004026B9
|. 8B79 FC |MOV EDI, DWORD PTR
DS:[ECX-4]
004026BC |. EB 02
|JMP SHORT FlashD.004026C0
004026BE |>
33FF |XOR EDI, EDI
004026C0
|> 47 |INC
EDI
004026C1 |. 66:C745 C8 38>|MOV WORD PTR SS:[EBP-38],
38
004026C7 |. 85FF |TEST
EDI, EDI
004026C9 |. 7E 68 |JLE
SHORT FlashD.00402733
004026CB |> 66:C745 C8 5C>|/MOV
WORD PTR SS:[EBP-38], 5C
004026D1 |. 33C0
||XOR EAX, EAX
004026D3 |. 8D55
EC ||LEA EDX, [LOCAL.5]
004026D6 |.
8945 EC ||MOV [LOCAL.5], EAX
004026D9
|. 52 ||PUSH EDX
004026DA |. FF45 D4 ||INC
[LOCAL.11]
004026DD
|. 8BD7 ||MOV EDX,
EDI
004026DF
|. 8D44B3 74 ||LEA EAX, DWORD PTR DS:[EBX+ESI*4+7>
004026E3
|. B9 01000000 ||MOV ECX, 1
004026E8 |. E8 67990A00
||CALL FlashD.004AC054
004026ED |. 8D55 EC ||LEA
EDX, [LOCAL.5]
004026F0 |. 33C0
||XOR EAX, EAX
004026F2 |. 8945 E8
||MOV [LOCAL.6], EAX
004026F5 |. 8D4D E8
||LEA ECX, [LOCAL.6]
004026F8 |. FF45
D4 ||INC [LOCAL.11]
004026FB |. 8D45
F4 ||LEA EAX, [LOCAL.3]
004026FE |.
E8 E9960A00 ||CALL FlashD.004ABDEC
00402703 |.
8D55 E8 ||LEA EDX, [LOCAL.6]
00402706
|. 8D45 F4 ||LEA EAX, [LOCAL.3]
00402709
|. E8 B6960A00 ||CALL FlashD.004ABDC4
0040270E
|. FF4D D4 ||DEC [LOCAL.11]
00402711
|. 8D45 E8 ||LEA EAX, [LOCAL.6]
00402714
|. BA 02000000 ||MOV EDX, 2
00402719 |.
E8 76960A00 ||CALL FlashD.004ABD94
0040271E |.
FF4D D4 ||DEC [LOCAL.11]
00402721
|. 8D45 EC ||LEA EAX, [LOCAL.5]
00402724
|. BA 02000000 ||MOV EDX, 2
00402729 |.
E8 66960A00 ||CALL FlashD.004ABD94
0040272E |.
4F ||DEC EDI
0040272F
|. 85FF ||TEST EDI,
EDI
00402731 |.^ 7F 98 |\JG
SHORT FlashD.004026CB
00402733 |> 837CB3 18 04 |CMP
DWORD PTR DS:[EBX+ESI*4+18], 4
00402738 |. 7D 4C
|JGE SHORT FlashD.00402786
0040273A
|. 66:C745 C8 68>|MOV WORD PTR SS:[EBP-38], 68
00402740
|. 8B4CB3 18 |MOV ECX, DWORD PTR DS:[EBX+ESI*4+18>
00402744
|. 51 |PUSH ECX
00402745 |. 8B43 68 |MOV
EAX, DWORD PTR DS:[EBX+68]
00402748 |. 50
|PUSH EAX
00402749
|. 33C0 |XOR EAX,
EAX
0040274B |. 8B55 F4 |MOV EDX,
[LOCAL.3]
0040274E
|. 52 |PUSH EDX
0040274F |. 8D55 E4 |LEA
EDX, [LOCAL.7]
00402752 |. 8B4D FC |MOV
ECX, [LOCAL.1]
00402755
|. 51 |PUSH ECX
00402756 |. 53
|PUSH EBX
00402757 |. 8945
E4 |MOV [LOCAL.7], EAX
0040275A |. 52
|PUSH EDX
0040275B |. FF45
D4 |INC [LOCAL.11]
0040275E |. E8 EDEFFFFF |CALL
FlashD.00401750
00402763 |. 83C4
18 |ADD ESP, 18
00402766 |. 8D55
E4 |LEA EDX, [LOCAL.7]
00402769 |.
8D45 FC |LEA EAX, [LOCAL.1]
0040276C
|. E8 53960A00 |CALL FlashD.004ABDC4
00402771
|. FF4D D4 |DEC [LOCAL.11]
00402774
|. 8D45 E4 |LEA EAX, [LOCAL.7]
00402777
|. BA 02000000 |MOV EDX, 2
0040277C |.
E8 13960A00 |CALL FlashD.004ABD94
00402781 |.
E9 A4000000 |JMP FlashD.0040282A
00402786 |>
837CB3 18 08 |CMP DWORD PTR DS:[EBX+ESI*4+18], 8
0040278B
|. 7D 4C |JGE SHORT FlashD.004027D9
0040278D
|. 66:C745 C8 74>|MOV WORD PTR SS:[EBP-38], 74
00402793
|. 8B4CB3 18 |MOV ECX, DWORD PTR DS:[EBX+ESI*4+18>
00402797
|ADD ECX, -4
0040279A |PUSH ECX
0040279B |MOV EAX, DWORD PTR DS:[EBX+68]
0040279E |PUSH EAX
0040279F
|XOR EAX, EAX
004027A1 |MOV EDX, [LOCAL.3]
; |00DB3C7C ))0(rtSmaraP(htaPeliFtcartxE
004027A4 |PUSH
EDX
004027A5 |LEA EDX, [LOCAL.8]
004027A8 |MOV
ECX, [LOCAL.1] ; |00DB3BA4 fxyang
004027AB
|PUSH ECX
004027AC |PUSH
EBX
004027AD |MOV [LOCAL.8], EAX
004027B0 |PUSH
EDX
004027B1 |INC [LOCAL.11]
004027B4 |CALL
FlashD.00401A58
004027B9
|ADD ESP, 18
004027BC |LEA EDX, [LOCAL.8]
004027BF
|LEA EAX, [LOCAL.1]
004027C2 |CALL FlashD.004ABDC4
004027C7
|DEC [LOCAL.11]
004027CA |LEA EAX,
[LOCAL.8]
004027CD |MOV EDX, 2
004027D2 |CALL
FlashD.004ABD94
004027D7 |JMP SHORT FlashD.0040282A
004027D9
|CMP DWORD PTR DS:[EBX+ESI*4+18], 0C
004027DE |JGE
SHORT FlashD.0040282A
004027E0 |MOV WORD
PTR SS:[EBP-38], 80
004027E6 |MOV ECX, DWORD PTR DS:[EBX+ESI*4+18>
004027EA
|ADD ECX, -8
004027ED |PUSH ECX
004027EE
|MOV EAX, DWORD PTR DS:[EBX+68]
004027F1 |PUSH
EAX
004027F2 |XOR EAX, EAX
004027F4 |MOV
EDX, [LOCAL.3]
004027F7
|PUSH EDX
004027F8 |LEA EDX,
[LOCAL.9]
004027FB |MOV
ECX, [LOCAL.1]
---------------------------------------
上面計算的12組值得到下面的字串:
; |ECX<==SS:[12F4D8]=00DB3CFC,(ASCII "8GZI898GZI89")
004027FE
|PUSH ECX
004027FF |PUSH EBX
00402800
|MOV [LOCAL.9], EAX
00402803 |PUSH EDX
00402804 |INC
[LOCAL.11]
00402807
|CALL FlashD.00401EC0
0040280C |ADD ESP, 18
0040280F |LEA
EDX, [LOCAL.9]
00402812 |LEA EAX, [LOCAL.1]
00402815
|CALL FlashD.004ABDC4
0040281A |DEC
[LOCAL.11]
0040281D |LEA EAX, [LOCAL.9]
00402820 |MOV
EDX, 2
00402825 |CALL FlashD.004ABD94
0040282A
|DEC [LOCAL.11]
0040282D |LEA EAX,
[LOCAL.3]
00402830 |MOV EDX, 2
00402835 |CALL
FlashD.004ABD94
0040283A |MOV WORD PTR SS:[EBP-38],
8
00402840 |INC ESI
00402841 MOV
ECX, [LOCAL.19]
00402844 |INC ECX
00402845 |CMP
ESI, ECX
00402847 \JL FlashD.0040264E
0040284D
>MOV WORD PTR SS:[EBP-38], 8C
00402853 LEA
EDX, [LOCAL.1]
00402856 MOV EAX, [ARG.1]
00402859
CALL FlashD.004ABDC4
0040285E MOV EAX,
[ARG.1]
00402861 MOV EDX, 2
00402866 MOV
WORD PTR SS:[EBP-38], 98
0040286C PUSH EAX
0040286D
LEA EAX, [LOCAL.1]
00402870 DEC [LOCAL.11]
00402873
CALL FlashD.004ABD94
00402878 DEC [LOCAL.11]
0040287B
LEA EAX, [ARG.3]
0040287E MOV EDX,
2
00402883 CALL FlashD.004ABD94
00402888 POP
EAX
00402889 MOV WORD PTR SS:[EBP-38], 8C
0040288F
INC [LOCAL.11]
00402892 MOV EDX, [LOCAL.18]
00402895
MOV DWORD PTR FS:[0], EDX
0040289C POP
EDI
0040289D POP ESI
0040289E POP
EBX
0040289F MOV ESP, EBP
004028A1 POP
EBP
004028A2 RETN
***************************************************************
00401A58
/$ 55 PUSH EBP
00401A59
|. 8BEC MOV EBP, ESP
00401A5B
|. 83C4 98 ADD ESP, -68
00401A5E
|. B8 E4234C00 MOV EAX, FlashD.004C23E4
00401A63
|. 53 PUSH EBX
00401A64
|. 56 PUSH ESI
00401A65
|. 57 PUSH EDI
00401A66
|. 8B7D 0C MOV EDI, [ARG.2]
00401A69
|. E8 8A020A00 CALL FlashD.004A1CF8
00401A6E
|. C745 F4 02000>MOV [LOCAL.3], 2
00401A75 |.
8D55 14 LEA EDX, [ARG.4]
00401A78
|. 8D45 14 LEA EAX, [ARG.4]
00401A7B
|. E8 ECA10A00 CALL FlashD.004ABC6C
00401A80
|. FF45 F4 INC [LOCAL.3]
00401A83
|. 8D55 10 LEA EDX, [ARG.3]
00401A86
|. 66:C745 E8 08>MOV WORD PTR SS:[EBP-18], 8
00401A8C
|. 8D45 10 LEA EAX, [ARG.3]
00401A8F
|. E8 D8A10A00 CALL FlashD.004ABC6C
00401A94
|. FF45 F4 INC [LOCAL.3]
00401A97
|. BB 01000000 MOV EBX, 1
00401A9C |.
33F6 XOR ESI, ESI
00401A9E
|. 8B45 18 MOV EAX, [ARG.5]
00401AA1
|. 83C0 02 ADD EAX, 2
00401AA4
|. 50 PUSH EAX
00401AA5 |. E8 32F40900 CALL FlashD.004A0EDC
00401AAA |.
59 POP ECX
00401AAB
|. 8945 D4 MOV [LOCAL.11], EAX
00401AAE
|. F645 1C 03 TEST BYTE PTR SS:[EBP+1C],
3
00401AB2 |. 75 51 JNZ
SHORT FlashD.00401B05
00401AB4 |. C745 D0 01000>MOV
[LOCAL.12], 1
00401ABB |. EB 2D JMP
SHORT FlashD.00401AEA
00401ABD |> 8B55 D0
/MOV EDX, [LOCAL.12]
00401AC0 |. 8955
CC |MOV [LOCAL.13], EDX
00401AC3 |.
8B4D CC |MOV ECX, [LOCAL.13]
00401AC6
|. 51 |PUSH ECX
00401AC7 |. 8D45 10 |LEA
EAX, [ARG.3]
00401ACA
|. 50 |PUSH EAX
00401ACB |. E8 E0A00A00 |CALL FlashD.004ABBB0
00401AD0 |.
83C4 08 |ADD ESP, 8
00401AD3 |.
8D45 10 |LEA EAX, [ARG.3]
00401AD6
|. E8 99A40A00 |CALL FlashD.004ABF74
00401ADB
|. 8B55 CC |MOV EDX, [LOCAL.13]
00401ADE
|. 0355 10 |ADD EDX, [ARG.3]
00401AE1
|. 4A |DEC
EDX
00401AE2 |. 0FBE0A |MOVSX
ECX, BYTE PTR DS:[EDX]
00401AE5 |. 03F1
|ADD ESI, ECX
00401AE7 |. FF45 D0
|INC [LOCAL.12]
00401AEA |> 837D 10 00
CMP [ARG.3], 0
00401AEE |. 74 08
|JE SHORT FlashD.00401AF8
00401AF0
|. 8B45 10 |MOV EAX, [ARG.3]
00401AF3
|. 8B50 FC |MOV EDX, DWORD PTR
DS:[EAX-4]
00401AF6 |. EB 02 |JMP
SHORT FlashD.00401AFA
00401AF8 |> 33D2
|XOR EDX, EDX
00401AFA |> 42
|INC EDX
00401AFB |.
3B55 D0 |CMP EDX, [LOCAL.12]
00401AFE
|.^ 7F BD \JG SHORT FlashD.00401ABD
00401B00
|. E9 1D020000 JMP FlashD.00401D22
00401B05
|> 8B45 1C MOV EAX, [ARG.6]
00401B08
|. 83E0 03 AND EAX, 3
00401B0B
|. 48 DEC EAX
00401B0C
|. 0F85 A3000000 JNZ FlashD.00401BB5
00401B12 |.
C745 C8 01000>MOV [LOCAL.14], 1
00401B19 |. EB
2D JMP SHORT FlashD.00401B48
00401B1B
|> 8B4D C8 /MOV ECX, [LOCAL.14]
00401B1E
|. 894D C4 |MOV [LOCAL.15], ECX
00401B21
|. 8B45 C4 |MOV EAX, [LOCAL.15]
00401B24
|. 50 |PUSH EAX
00401B25 |. 8D55 10 |LEA
EDX, [ARG.3]
00401B28 |. 52 |PUSH
EDX
00401B29 |. E8 82A00A00
|CALL FlashD.004ABBB0
00401B2E |. 83C4 08 |ADD
ESP, 8
00401B31 |. 8D45 10 |LEA
EAX, [ARG.3]
00401B34 |. E8 3BA40A00 |CALL FlashD.004ABF74
00401B39
|. 8B55 C4 |MOV EDX, [LOCAL.15]
00401B3C
|. 0355 10 |ADD EDX, [ARG.3]
00401B3F
|. 4A |DEC
EDX
00401B40 |. 0FBE0A |MOVSX
ECX, BYTE PTR DS:[EDX]
00401B43 |. 03F1
|ADD ESI, ECX
00401B45 |. FF45 C8
|INC [LOCAL.14]
00401B48 |> 837D 10 00
CMP [ARG.3], 0
00401B4C |. 74 08
|JE SHORT FlashD.00401B56
00401B4E
|. 8B45 10 |MOV EAX, [ARG.3]
00401B51
|. 8B50 FC |MOV EDX, DWORD PTR
DS:[EAX-4]
00401B54 |. EB 02 |JMP
SHORT FlashD.00401B58
00401B56 |> 33D2
|XOR EDX, EDX
00401B58 |> 42
|INC EDX
00401B59 |.
3B55 C8 |CMP EDX, [LOCAL.14]
00401B5C
|.^ 7F BD \JG SHORT FlashD.00401B1B
00401B5E
|. C745 C0 01000>MOV [LOCAL.16], 1
00401B65 |.
66:C745 E8 08>MOV WORD PTR SS:[EBP-18], 8
00401B6B |.
EB 2D JMP SHORT FlashD.00401B9A
00401B6D
|> 8B45 C0 /MOV EAX, [LOCAL.16]
00401B70
|. 8945 BC |MOV [LOCAL.17], EAX
00401B73
|. 8B4D BC |MOV ECX, [LOCAL.17]
00401B76
|. 51 |PUSH ECX
00401B77 |. 8D45 14 |LEA
EAX, [ARG.4]
00401B7A
|. 50 |PUSH EAX
00401B7B |. E8 30A00A00 |CALL FlashD.004ABBB0
00401B80 |. 83C4 08
|ADD ESP, 8
00401B83 |. 8D45
14 |LEA EAX, [ARG.4]
00401B86 |. E8
E9A30A00 |CALL FlashD.004ABF74
00401B8B |. 8B55
BC |MOV EDX, [LOCAL.17]
00401B8E |.
0355 14 |ADD EDX, [ARG.4]
00401B91
|. 4A |DEC
EDX
00401B92 |. 0FBE0A |MOVSX
ECX, BYTE PTR DS:[EDX]
00401B95 |. 03F1
|ADD ESI, ECX
; //ESI<==fxyang和))0(rtSmaraP(htaPeliFtcartxE各位的hex值相加的和=c71
00401B97
|. FF45 C0 |INC [LOCAL.16]
00401B9A
|> 837D 14 00 CMP [ARG.4], 0
00401B9E
|. 74 08 |JE SHORT
FlashD.00401BA8
00401BA0 |. 8B45 14 |MOV
EAX, [ARG.4]
; 00DB3C7C ))0(rtSmaraP(htaPeliFtcartxE
00401BA3
|. 8B50 FC |MOV EDX, DWORD PTR
DS:[EAX-4]
00401BA6 |. EB 02 |JMP
SHORT FlashD.00401BAA
00401BA8 |> 33D2
|XOR EDX, EDX
00401BAA |> 42
|INC EDX
00401BAB |.
3B55 C0 |CMP EDX, [LOCAL.16]
00401BAE
|.^ 7F BD \JG SHORT FlashD.00401B6D
00401BB0
|. E9 6D010000 JMP FlashD.00401D22
00401BB5
|> 8B45 1C MOV EAX, [ARG.6]
00401BB8
|. 83E0 03 AND EAX, 3
00401BBB
|. 83F8 02 CMP EAX, 2
00401BBE
|. 0F85 AA000000 JNZ FlashD.00401C6E
00401BC4 |.
6A 01 PUSH 1
00401BC6
|. 8D4D 10 LEA ECX, [ARG.3]
00401BC9 |. 51
PUSH ECX
00401BCA
|. E8 E19F0A00 CALL FlashD.004ABBB0
00401BCF |. 83C4 08 ADD
ESP, 8
00401BD2 |. 8D45 10 LEA
EAX, [ARG.3]
00401BD5 |. E8 9AA30A00 CALL
FlashD.004ABF74
00401BDA |. 8B55 10
MOV EDX, [ARG.3]
00401BDD |. 8D45 14
LEA EAX, [ARG.4]
00401BE0 |. 8A0A
MOV CL, BYTE PTR DS:[EDX]
00401BE2
|. 51 PUSH ECX
00401BE3
|. 6A 01 PUSH 1
00401BE5 |. 50 PUSH
EAX
00401BE6 |. E8 C59F0A00
CALL FlashD.004ABBB0
00401BEB
|. 83C4 08 ADD ESP, 8
00401BEE
|. 8D45 14 LEA EAX, [ARG.4]
00401BF1
|. E8 7EA30A00 CALL FlashD.004ABF74
00401BF6
|. 8B55 14 MOV EDX, [ARG.4]
00401BF9
|. 59 POP ECX
00401BFA
|. 220A AND CL, BYTE
PTR DS:[EDX]
00401BFC |. 0FBEC1 MOVSX
EAX, CL
00401BFF |. 50
PUSH EAX
00401C00 |. 837D 10 00 CMP
[ARG.3], 0
00401C04 |. 74 08
JE SHORT FlashD.00401C0E
00401C06 |. 8B55
10 MOV EDX, [ARG.3]
00401C09 |. 8B72
FC MOV ESI, DWORD PTR DS:[EDX-4]
00401C0C
|. EB 02 JMP SHORT FlashD.00401C10
00401C0E
|> 33F6 XOR ESI,
ESI
00401C10 |> 56 PUSH
ESI
00401C11 |. 8D45 10
LEA EAX, [ARG.3]
00401C14 |. 50
PUSH EAX
00401C15 |. E8
969F0A00 CALL FlashD.004ABBB0
00401C1A |. 83C4 08
ADD ESP, 8
00401C1D |. 8D45 10
LEA EAX, [ARG.3]
00401C20 |. E8 4FA30A00 CALL
FlashD.004ABF74
00401C25 |. 0375 10
ADD ESI, [ARG.3]
00401C28 |. 4E
DEC ESI
00401C29 |. 8A16
MOV DL, BYTE PTR DS:[ESI]
00401C2B
|. 52 PUSH EDX
00401C2C
|. 837D 14 00 CMP [ARG.4], 0
00401C30
|. 74 08 JE SHORT
FlashD.00401C3A
00401C32 |. 8B4D 14 MOV
ECX, [ARG.4]
00401C35 |. 8B41 FC MOV
EAX, DWORD PTR DS:[ECX-4]
00401C38 |. EB 02
JMP SHORT FlashD.00401C3C
00401C3A |>
33C0 XOR EAX, EAX
00401C3C
|> 8945 B8 MOV [LOCAL.18], EAX
00401C3F
|. 8B55 B8 MOV EDX, [LOCAL.18]
00401C42
|. 52 PUSH EDX
00401C43 |. 8D4D 14 LEA
ECX, [ARG.4]
00401C46 |. 51 PUSH
ECX
00401C47 |. E8 649F0A00 CALL
FlashD.004ABBB0
00401C4C
|. 83C4 08 ADD ESP, 8
00401C4F
|. 8D45 14 LEA EAX, [ARG.4]
00401C52
|. E8 1DA30A00 CALL FlashD.004ABF74
00401C57
|. 8B55 B8 MOV EDX, [LOCAL.18]
00401C5A
|. 0355 14 ADD EDX, [ARG.4]
00401C5D
|. 4A DEC EDX
00401C5E
|. 59 POP ECX
00401C5F
|. 220A AND CL, BYTE
PTR DS:[EDX]
00401C61 |. 0FBEC1 MOVSX
EAX, CL
00401C64 |. 5A
POP EDX
00401C65 |. 03D0
ADD EDX, EAX
00401C67 |. 8BF2
MOV ESI, EDX
00401C69 |. E9
B4000000 JMP FlashD.00401D22
00401C6E |> 8B4D
1C MOV ECX, [ARG.6]
00401C71 |. 83E1
03 AND ECX, 3
00401C74 |. 83F9
03 CMP ECX, 3
00401C77 |. 0F85
A5000000 JNZ FlashD.00401D22
00401C7D |. 6A 01
PUSH 1
00401C7F |.
8D45 10 LEA EAX, [ARG.3]
00401C82 |.
50 PUSH EAX
00401C83 |. E8 289F0A00 CALL FlashD.004ABBB0
00401C88 |. 83C4
08 ADD ESP, 8
00401C8B |. 8D45
10 LEA EAX, [ARG.3]
00401C8E |. E8
E1A20A00 CALL FlashD.004ABF74
00401C93 |. 8B55
10 MOV EDX, [ARG.3]
00401C96 |. 8A0A
MOV CL, BYTE PTR DS:[EDX]
00401C98
|. 51 PUSH ECX
00401C99
|. 837D 14 00 CMP [ARG.4], 0
00401C9D
|. 74 08 JE SHORT
FlashD.00401CA7
00401C9F |. 8B45 14 MOV
EAX, [ARG.4]
00401CA2 |. 8B70 FC MOV
ESI, DWORD PTR DS:[EAX-4]
00401CA5 |. EB 02
JMP SHORT FlashD.00401CA9
00401CA7 |>
33F6 XOR ESI, ESI
00401CA9
|> 56 PUSH ESI
00401CAA |. 8D45 14 LEA
EAX, [ARG.4]
00401CAD
|. 50 PUSH EAX
00401CAE |. E8 FD9E0A00 CALL FlashD.004ABBB0
00401CB3 |. 83C4
08 ADD ESP, 8
00401CB6 |. 8D45
14 LEA EAX, [ARG.4]
00401CB9 |. E8
B6A20A00 CALL FlashD.004ABF74
00401CBE |. 0375
14 ADD ESI, [ARG.4]
00401CC1 |. 4E
DEC ESI
00401CC2 |.
5A POP EDX
00401CC3
|. 2216 AND DL, BYTE
PTR DS:[ESI]
00401CC5 |. 0FBECA MOVSX
ECX, DL
00401CC8 |. 51
PUSH ECX
00401CC9 |. 837D 10 00 CMP
[ARG.3], 0
00401CCD |. 74 08
JE SHORT FlashD.00401CD7
00401CCF |. 8B45
10 MOV EAX, [ARG.3]
00401CD2 |. 8B50
FC MOV EDX, DWORD PTR DS:[EAX-4]
00401CD5
|. EB 02 JMP SHORT FlashD.00401CD9
00401CD7
|> 33D2 XOR EDX,
EDX
00401CD9 |> 8955 B4 MOV
[LOCAL.19], EDX
00401CDC |. 8B45 B4 MOV
EAX, [LOCAL.19]
00401CDF |. 50
PUSH EAX
00401CE0 |. 8D4D
10 LEA ECX, [ARG.3]
00401CE3 |. 51
PUSH ECX
00401CE4
|. E8 C79E0A00 CALL FlashD.004ABBB0
00401CE9 |. 83C4 08
ADD ESP, 8
00401CEC |. 8D45
10 LEA EAX, [ARG.3]
00401CEF |. E8
80A20A00 CALL FlashD.004ABF74
00401CF4 |. 8B55
B4 MOV EDX, [LOCAL.19]
00401CF7 |.
8D45 14 LEA EAX, [ARG.4]
00401CFA
|. 0355 10 ADD EDX, [ARG.3]
00401CFD
|. 4A DEC EDX
00401CFE
|. 8A0A MOV CL, BYTE
PTR DS:[EDX]
00401D00 |. 51
PUSH ECX
00401D01 |. 6A 01
PUSH 1
00401D03 |. 50
PUSH EAX
00401D04
|. E8 A79E0A00 CALL FlashD.004ABBB0
00401D09 |. 83C4
08 ADD ESP, 8
00401D0C |. 8D45
14 LEA EAX, [ARG.4]
00401D0F |. E8
60A20A00 CALL FlashD.004ABF74
00401D14 |. 8B55
14 MOV EDX, [ARG.4]
00401D17 |. 59
POP ECX
00401D18 |.
220A AND CL, BYTE PTR DS:[EDX]
00401D1A
|. 0FBEC1 MOVSX EAX, CL
00401D1D
|. 5A POP EDX
00401D1E
|. 03D0 ADD EDX, EAX
00401D20
|. 8BF2 MOV ESI, EDX
00401D22
|> 81E6 FF000000 AND ESI, 0FF ; ESI=71<-這個值就是上面漫長計算的結果
00401D28 |. C745 B0 01000>MOV [LOCAL.20],
1
00401D2F |. 8B4D D4 MOV ECX,
[LOCAL.11]
00401D32 |. 8BC1 MOV
EAX, ECX
00401D34 |. 8945 98
MOV [LOCAL.26], EAX
00401D37 |. E9 91000000
JMP FlashD.00401DCD
00401D3C /CMP [ARG.3],
0
00401D40 |JE SHORT FlashD.00401D4A
00401D42
|MOV EDX, [ARG.3] ; EDX<==SS:[12F44C]=00DB3CBC,(ASCII
"fxyang")
00401D45 |MOV ECX, DWORD PTR DS:[EDX-4]
; ECX=6
00401D48 |JMP SHORT FlashD.00401D4C
00401D4A
|XOR ECX, ECX
00401D4C |CMP EBX, ECX
00401D4E
|JLE SHORT FlashD.00401D55
00401D50 |MOV
EBX, 1
00401D55 |MOV [LOCAL.23], EBX
00401D58 |MOV
EAX, [LOCAL.23]
00401D5B |PUSH EAX
00401D5C |LEA EDX, [ARG.3]
00401D5F |PUSH
EDX
00401D60 |CALL FlashD.004ABBB0
00401D65 |ADD
ESP, 8
00401D68 |LEA EAX, [ARG.3]
00401D6B
|CALL FlashD.004ABF74
00401D70 |MOV
EDX, [LOCAL.23]
00401D73 |ADD EDX, [ARG.3]
00401D76
|DEC EDX
00401D77 |MOVSX ECX, BYTE PTR DS:[EDX]
; ECX=66 ('f')
00401D7A |ADD
ECX, ESI
; ECX=71(上面的值)+66=d7
00401D7C |MOV
[LOCAL.22], ECX
00401D7F |MOV EAX, [LOCAL.22]
; EAX=D7
00401D82
|CDQ
00401D83 |XOR EAX, EDX
00401D85 |SUB
EAX, EDX
; EAX=D7 EDX=0
00401D87 |CMP
[ARG.4], 0
00401D8B |JE SHORT FlashD.00401D95
00401D8D
|MOV ECX, [ARG.4]
; ECX<==00DB3CD0 ))0(rtSmaraP(htaPeliFtcartxE
00401D90
|MOV EDX, DWORD PTR DS:[ECX-4]; EDX=1C
00401D93
|JMP SHORT FlashD.00401D97
00401D95 |XOR
EDX, EDX
00401D97 |MOV ECX, EDX
; ECX=1C
00401D99 |CDQ
00401D9A |IDIV
ECX ; EAX=D7
IDIV ECX=1C ==>EAX=07 EDX=13
00401D9C |INC EDX
; EDX=13+1=14
00401D9D
|MOV [LOCAL.21], EDX
00401DA0 |MOV
EAX, [LOCAL.21]
00401DA3 |PUSH EAX
00401DA4
|LEA EAX, [ARG.4]
00401DA7 |PUSH EAX
00401DA8 |CALL FlashD.004ABBB0
00401DAD |ADD ESP, 8
00401DB0
|LEA EAX, [ARG.4]
00401DB3 |CALL FlashD.004ABF74
00401DB8
|MOV EDX, [LOCAL.21] ; EDX=14
00401DBB
|MOV EAX, [LOCAL.26]
00401DBE |ADD
EDX, [ARG.4]
00401DC1 |DEC EDX
00401DC2 |INC
EBX
00401DC3 |MOV CL, BYTE PTR DS:[EDX] ; CL
<== DS:[DB3CE3]=69 ('i')
00401DC5 |MOV BYTE PTR DS:[EAX],
CL
; 用上面的方法在串))0(rtSmaraP(htaPeliFtcartxE中取值,得到新的字串==>DS:[DB3CA0]
00401DC7
|INC [LOCAL.20]
00401DCA |INC [LOCAL.26]
00401DCD
MOV EDX, [ARG.5]
00401DD0 |INC EDX
00401DD1
|CMP EDX, [LOCAL.20]
00401DD4 \JG FlashD.00401D3C
00401DDA
|. 8B4D D4 MOV ECX, [LOCAL.11]
00401DDD
|. 8B45 18 MOV EAX, [ARG.5]
00401DE0
|. C60401 00 MOV BYTE PTR DS:[ECX+EAX],
0
00401DE4 |. C745 A0 01000>MOV [LOCAL.24], 1
00401DEB
|. 66:C745 E8 08>MOV WORD PTR SS:[EBP-18], 8
00401DF1
|. 8B55 D4 MOV EDX, [LOCAL.11]
00401DF4
|. 8BDA MOV EBX, EDX
00401DF6
|. EB 35 JMP SHORT FlashD.00401E2D
00401DF8
|> 0FBE03 /MOVSX EAX, BYTE PTR
DS:[EBX]
00401DFB |. B9 24000000 |MOV ECX,
24
00401E00 |. 99 |CDQ
00401E01
|. F7F9 |IDIV ECX
00401E03
|. 8955 9C |MOV [LOCAL.25], EDX
00401E06
|. 8B45 9C |MOV EAX, [LOCAL.25]
00401E09
|. 99 |CDQ
00401E0A |.
33C2 |XOR EAX, EDX
00401E0C
|. 2BC2 |SUB EAX,
EDX
00401E0E |. 8BF0 |MOV
ESI, EAX
00401E10 |. 46
|INC ESI
00401E11 |. 56
|PUSH ESI
00401E12 |.
57 |PUSH EDI
00401E13 |. E8 989D0A00 |CALL FlashD.004ABBB0
00401E18 |.
83C4 08 |ADD ESP, 8
00401E1B |.
8BC7 |MOV EAX, EDI
00401E1D
|. E8 52A10A00 |CALL FlashD.004ABF74
00401E22
|. 0337 |ADD ESI,
DWORD PTR DS:[EDI]
00401E24 |. 4E
|DEC ESI
00401E25 |. 8A16
|MOV DL, BYTE PTR DS:[ESI]
00401E27 |. 8813
|MOV BYTE PTR DS:[EBX], DL
; DS:[DB3F06]<=="88GCBC6IC8CC"
00401E29
|. FF45 A0 |INC [LOCAL.24]
00401E2C
|. 43 |INC
EBX
00401E2D |> 8B4D 18 MOV
ECX, [ARG.5]
00401E30 |. 41
|INC ECX
00401E31 |. 3B4D A0
|CMP ECX, [LOCAL.24]
00401E34 |.^ 7F C2
\JG SHORT FlashD.00401DF8
00401E36
|. 66:C745 E8 14>MOV WORD PTR SS:[EBP-18], 14
00401E3C
|. 8D45 FC LEA EAX, [LOCAL.1]
00401E3F
|. 8B55 D4 MOV EDX, [LOCAL.11]
00401E42
|. E8 ED9D0A00 CALL FlashD.004ABC34
00401E47
|. FF45 F4 INC [LOCAL.3]
00401E4A
|. 66:C745 E8 08>MOV WORD PTR SS:[EBP-18], 8
00401E50
|. 8B4D D4 MOV ECX, [LOCAL.11]
00401E53
|. 51 PUSH ECX
00401E54 |. E8 BFEE0900 CALL FlashD.004A0D18
00401E59 |.
59 POP ECX
00401E5A
|. 8D55 FC LEA EDX, [LOCAL.1]
00401E5D
|. 66:C745 E8 20>MOV WORD PTR SS:[EBP-18], 20
00401E63
|. 8B45 08 MOV EAX, [ARG.1]
00401E66
|. E8 599F0A00 CALL FlashD.004ABDC4
00401E6B
|. 8B45 08 MOV EAX, [ARG.1]
00401E6E
|. BA 02000000 MOV EDX, 2
00401E73 |.
66:C745 E8 2C>MOV WORD PTR SS:[EBP-18], 2C
00401E79
|. 50 PUSH EAX
00401E7A
|. 8D45 FC LEA EAX, [LOCAL.1]
00401E7D
|. FF4D F4 DEC [LOCAL.3]
00401E80
|. E8 0F9F0A00 CALL FlashD.004ABD94
00401E85
|. FF4D F4 DEC [LOCAL.3]
00401E88
|. 8D45 10 LEA EAX, [ARG.3]
00401E8B
|. BA 02000000 MOV EDX, 2
00401E90 |.
E8 FF9E0A00 CALL FlashD.004ABD94
00401E95 |.
FF4D F4 DEC [LOCAL.3]
00401E98 |.
8D45 14 LEA EAX, [ARG.4]
00401E9B
|. BA 02000000 MOV EDX, 2
00401EA0 |.
E8 EF9E0A00 CALL FlashD.004ABD94
00401EA5 |.
58 POP EAX
00401EA6
|. 66:C745 E8 20>MOV WORD PTR SS:[EBP-18], 20
00401EAC
|. FF45 F4 INC [LOCAL.3]
00401EAF
|. 8B55 D8 MOV EDX, [LOCAL.10]
00401EB2
|. 64:8915 00000>MOV DWORD PTR FS:[0], EDX
00401EB9
|. 5F POP EDI
00401EBA
|. 5E POP ESI
00401EBB
|. 5B POP EBX
00401EBC
|. 8BE5 MOV ESP, EBP
00401EBE
|. 5D POP EBP
00401EBF
\. C3 RETN
-----------------------------------------
00401EC0
/$ 55 PUSH EBP
00401EC1
|. 8BEC MOV EBP, ESP
00401EC3
|. 83C4 9C ADD ESP, -64
00401EC6
|. B8 BC244C00 MOV EAX, FlashD.004C24BC
00401ECB
|. 53 PUSH EBX
00401ECC
|. 56 PUSH ESI
00401ECD
|. 57 PUSH EDI
00401ECE
|. E8 25FE0900 CALL FlashD.004A1CF8
00401ED3
|. C745 E4 02000>MOV [LOCAL.7], 2
00401EDA |.
8D55 14 LEA EDX, [ARG.4]
00401EDD
|. 8D45 14 LEA EAX, [ARG.4]
00401EE0
|. E8 879D0A00 CALL FlashD.004ABC6C
00401EE5
|. FF45 E4 INC [LOCAL.7]
00401EE8
|. 8D55 10 LEA EDX, [ARG.3]
00401EEB
|. 66:C745 D8 08>MOV WORD PTR SS:[EBP-28], 8
00401EF1
|. 8D45 10 LEA EAX, [ARG.3]
00401EF4
|. E8 739D0A00 CALL FlashD.004ABC6C
00401EF9
|. FF45 E4 INC [LOCAL.7]
00401EFC
|. 33C0 XOR EAX, EAX
00401EFE
|. 8945 C4 MOV [LOCAL.15], EAX
00401F01
|. 8D45 FC LEA EAX, [LOCAL.1]
00401F04
|. 66:C745 D8 14>MOV WORD PTR SS:[EBP-28], 14
00401F0A
|. BE 01000000 MOV ESI, 1
00401F0F |.
BF 01000000 MOV EDI, 1
00401F14 |. 8D55
14 LEA EDX, [ARG.4]
00401F17 |. E8
509D0A00 CALL FlashD.004ABC6C
00401F1C |. FF45
E4 INC [LOCAL.7]
00401F1F |. 66:C745
D8 08>MOV WORD PTR SS:[EBP-28], 8
00401F25 |. 8B55
18 MOV EDX, [ARG.5]
00401F28 |. 83C2
02 ADD EDX, 2
00401F2B |. 52
PUSH EDX
00401F2C
|. E8 ABEF0900 CALL FlashD.004A0EDC
00401F31 |. 59
POP ECX
00401F32 |.
8945 C0 MOV [LOCAL.16], EAX
00401F35
|. 8B4D 1C MOV ECX, [ARG.6]
00401F38
|. 83E1 03 AND ECX, 3
00401F3B
|. 83F9 02 CMP ECX, 2
00401F3E
|. 75 4A JNZ SHORT FlashD.00401F8A
00401F40
|. BB 01000000 MOV EBX, 1
00401F45 |.
EB 29 JMP SHORT FlashD.00401F70
00401F47
|> 895D BC /MOV [LOCAL.17],
EBX
00401F4A |. 8B45 BC |MOV
EAX, [LOCAL.17]
00401F4D |. 50
|PUSH EAX
00401F4E |. 8D55
10 |LEA EDX, [ARG.3]
00401F51 |. 52
|PUSH EDX
00401F52
|. E8 599C0A00 |CALL FlashD.004ABBB0
00401F57 |. 83C4 08
|ADD ESP, 8
00401F5A |. 8D45 10
|LEA EAX, [ARG.3]
00401F5D |. E8 12A00A00
|CALL FlashD.004ABF74
00401F62 |. 8B55 BC
|MOV EDX, [LOCAL.17]
00401F65 |. 0355
10 |ADD EDX, [ARG.3]
00401F68 |. 4A
|DEC EDX
00401F69 |.
0FBE0A |MOVSX ECX, BYTE PTR DS:[EDX]
00401F6C
|. 014D C4 |ADD [LOCAL.15], ECX
00401F6F
|. 43 |INC
EBX
00401F70 |> 837D 10 00 CMP [ARG.3],
0
00401F74 |. 74 08 |JE
SHORT FlashD.00401F7E
00401F76 |. 8B45 10
|MOV EAX, [ARG.3]
00401F79 |. 8B50 FC
|MOV EDX, DWORD PTR DS:[EAX-4]
00401F7C |. EB
02 |JMP SHORT FlashD.00401F80
00401F7E
|> 33D2 |XOR EDX,
EDX
00401F80 |> 42 |INC
EDX
00401F81 |. 3BDA
|CMP EBX, EDX
00401F83 |.^ 7C C2
\JL SHORT FlashD.00401F47
00401F85 |. E9
9F000000 JMP FlashD.00402029
00401F8A |> 8B45
1C MOV EAX, [ARG.6]
00401F8D |. 83E0
03 AND EAX, 3
00401F90 |. 83F8
03 CMP EAX, 3
00401F93 |. 0F85
90000000 JNZ FlashD.00402029
00401F99 |. BB 01000000
MOV EBX, 1
00401F9E |. EB 29
JMP SHORT FlashD.00401FC9
00401FA0 |>
895D B8 /MOV [LOCAL.18], EBX
00401FA3
|. 8B45 B8 |MOV EAX, [LOCAL.18]
00401FA6
|. 50 |PUSH EAX
00401FA7 |. 8D55 10 |LEA
EDX, [ARG.3]
00401FAA
|. 52 |PUSH EDX
00401FAB |. E8 009C0A00 |CALL FlashD.004ABBB0
00401FB0 |. 83C4
08 |ADD ESP, 8
00401FB3 |. 8D45
10 |LEA EAX, [ARG.3]
00401FB6 |. E8
B99F0A00 |CALL FlashD.004ABF74
00401FBB |. 8B55
B8 |MOV EDX, [LOCAL.18]
00401FBE |.
0355 10 |ADD EDX, [ARG.3]
00401FC1
|. 4A |DEC
EDX
00401FC2 |. 0FBE0A |MOVSX
ECX, BYTE PTR DS:[EDX]
00401FC5 |. 014D C4
|ADD [LOCAL.15], ECX
00401FC8 |. 43
|INC EBX
00401FC9 |> 837D
10 00 CMP [ARG.3], 0
00401FCD |. 74
08 |JE SHORT FlashD.00401FD7
00401FCF
|. 8B45 10 |MOV EAX, [ARG.3]
00401FD2
|. 8B50 FC |MOV EDX, DWORD PTR
DS:[EAX-4]
00401FD5 |. EB 02 |JMP
SHORT FlashD.00401FD9
00401FD7 |> 33D2
|XOR EDX, EDX
00401FD9 |> 42
|INC EDX
00401FDA |.
3BDA |CMP EBX, EDX
00401FDC
|.^ 7C C2 \JL SHORT FlashD.00401FA0
00401FDE
|. 66:C745 D8 08>MOV WORD PTR SS:[EBP-28], 8
00401FE4
|. BB 01000000 MOV EBX, 1
00401FE9 |.
EB 29 JMP SHORT FlashD.00402014
00401FEB
|> 895D B4 /MOV [LOCAL.19],
EBX
00401FEE |. 8B45 B4 |MOV
EAX, [LOCAL.19]
00401FF1 |. 50
|PUSH EAX
00401FF2 |. 8D55 14
|LEA EDX, [ARG.4]
00401FF5 |. 52
|PUSH EDX
00401FF6 |. E8 B59B0A00
|CALL FlashD.004ABBB0
00401FFB
|. 83C4 08 |ADD ESP, 8
00401FFE
|. 8D45 14 |LEA EAX, [ARG.4]
00402001
|. E8 6E9F0A00 |CALL FlashD.004ABF74
00402006
|. 8B55 B4 |MOV EDX, [LOCAL.19]
00402009
|. 0355 14 |ADD EDX, [ARG.4]
0040200C
|. 4A |DEC
EDX
0040200D |. 0FBE0A |MOVSX
ECX, BYTE PTR DS:[EDX]
00402010 |. 014D C4
|ADD [LOCAL.15], ECX
00402013 |. 43
|INC EBX
00402014 |> 837D
14 00 CMP [ARG.4], 0
00402018 |. 74
08 |JE SHORT FlashD.00402022
0040201A
|. 8B45 14 |MOV EAX, [ARG.4]
0040201D
|. 8B50 FC |MOV EDX, DWORD PTR
DS:[EAX-4]
00402020 |. EB 02 |JMP
SHORT FlashD.00402024
00402022 |> 33D2
|XOR EDX, EDX
00402024 |> 42
|INC EDX
00402025 |.
3BDA |CMP EBX, EDX
00402027
|.^ 7C C2 \JL SHORT FlashD.00401FEB
00402029
|> 8165 C4 FF000>AND [LOCAL.15], 0FF
; =48
00402030 |. 8B45 1C
MOV EAX, [ARG.6]
00402033 |. 83E0 03
AND EAX, 3
00402036 |. 25 01000080
AND EAX, 80000001
0040203B |. 79 05
JNS SHORT FlashD.00402042
0040203D |.
48 DEC EAX
0040203E
|. 83C8 FE OR EAX, FFFFFFFE
00402041
|. 40 INC EAX
00402042
|> 85C0 TEST EAX,
EAX
00402044 |. 0F84 B2000000 JE FlashD.004020FC
0040204A
|. 66:C745 D8 20>MOV WORD PTR SS:[EBP-28], 20
00402050
|. BA 09164C00 MOV EDX, FlashD.004C1609
00402055
|. 8D45 F4 LEA EAX, [LOCAL.3]
00402058
|. E8 D79B0A00 CALL FlashD.004ABC34
0040205D
|. FF45 E4 INC [LOCAL.7]
00402060
|. 8D55 F4 LEA EDX, [LOCAL.3]
00402063
|. 8D45 FC LEA EAX, [LOCAL.1]
00402066
|. E8 599D0A00 CALL FlashD.004ABDC4
0040206B
|. FF4D E4 DEC [LOCAL.7]
0040206E
|. 8D45 F4 LEA EAX, [LOCAL.3]
00402071
|. BA 02000000 MOV EDX, 2
00402076 |.
E8 199D0A00 CALL FlashD.004ABD94
0040207B |.
837D 14 00 CMP [ARG.4], 0
0040207F |.
74 08 JE SHORT FlashD.00402089
00402081
|. 8B4D 14 MOV ECX, [ARG.4]
00402084
|. 8B59 FC MOV EBX, DWORD PTR DS:[ECX-4]
00402087
|. EB 02 JMP SHORT FlashD.0040208B
00402089
|> 33DB XOR EBX,
EBX
0040208B |> 66:C745 D8 08>MOV WORD PTR
SS:[EBP-28], 8
00402091 |. 85DB TEST
EBX, EBX
00402093 |. 7E 67
JLE SHORT FlashD.004020FC
00402095 |> 66:C745
D8 2C>/MOV WORD PTR SS:[EBP-28], 2C
0040209B |. 33C0
|XOR EAX, EAX
0040209D |.
8D55 F0 |LEA EDX, [LOCAL.4]
004020A0
|. 8945 F0 |MOV [LOCAL.4], EAX
004020A3
|. 52 |PUSH EDX
004020A4 |. FF45 E4 |INC
[LOCAL.7]
004020A7
|. 8BD3 |MOV EDX,
EBX
004020A9
|. 8D45 14 |LEA EAX, [ARG.4]
004020AC |. B9
01000000 |MOV ECX, 1
004020B1 |. E8 9E9F0A00
|CALL FlashD.004AC054
004020B6
|. 8D55 F0 |LEA EDX, [LOCAL.4]
004020B9
|. 33C0 |XOR EAX,
EAX
004020BB |. 8945 EC |MOV
[LOCAL.5], EAX
004020BE |. 8D4D EC |LEA
ECX, [LOCAL.5]
004020C1 |. FF45 E4
|INC [LOCAL.7]
004020C4 |. 8D45 FC
|LEA EAX, [LOCAL.1]
004020C7 |. E8 209D0A00
|CALL FlashD.004ABDEC
004020CC |. 8D55 EC
|LEA EDX, [LOCAL.5]
004020CF |. 8D45
FC |LEA EAX, [LOCAL.1]
004020D2 |.
E8 ED9C0A00 |CALL FlashD.004ABDC4
004020D7 |.
FF4D E4 |DEC [LOCAL.7]
004020DA |.
8D45 EC |LEA EAX, [LOCAL.5]
004020DD
|. BA 02000000 |MOV EDX, 2
004020E2 |.
E8 AD9C0A00 |CALL FlashD.004ABD94
004020E7 |.
FF4D E4 |DEC [LOCAL.7]
004020EA |.
8D45 F0 |LEA EAX, [LOCAL.4]
004020ED
|. BA 02000000 |MOV EDX, 2
004020F2 |.
E8 9D9C0A00 |CALL FlashD.004ABD94
004020F7 |.
4B |DEC EBX
004020F8
|. 85DB |TEST EBX,
EBX
004020FA |.^ 7F 99 \JG
SHORT FlashD.00402095
004020FC |> C745 B0 01000>MOV
[LOCAL.20], 1
00402103 |. 66:C745 D8 08>MOV
WORD PTR SS:[EBP-28], 8
00402109 |. 8B4D C0
MOV ECX, [LOCAL.16]
0040210C |. 8BD9
MOV EBX, ECX
0040210E |. E9
E0000000 JMP FlashD.004021F3
00402113 |> 837D
10 00 /CMP [ARG.3], 0
00402117 |. 74
08 |JE SHORT FlashD.00402121
00402119
|. 8B45 10 |MOV EAX, [ARG.3]
0040211C
|. 8B50 FC |MOV EDX, DWORD PTR
DS:[EAX-4]
0040211F |. EB 02 |JMP
SHORT FlashD.00402123
00402121 |> 33D2
|XOR EDX, EDX
00402123 |> 3BF2
|CMP ESI, EDX
00402125 |.
7E 05 |JLE SHORT FlashD.0040212C
00402127
|. BE 01000000 |MOV ESI, 1
0040212C |>
837D 14 00 |CMP [ARG.4], 0
00402130 |.
74 08 |JE SHORT FlashD.0040213A
00402132
|. 8B45 14 |MOV EAX, [ARG.4]
00402135
|. 8B50 FC |MOV EDX, DWORD PTR
DS:[EAX-4]
00402138 |. EB 02 |JMP
SHORT FlashD.0040213C
0040213A |> 33D2
|XOR EDX, EDX
0040213C |> 3BFA
|CMP EDI, EDX
0040213E |.
7E 05 |JLE SHORT FlashD.00402145
00402140
|. BF 01000000 |MOV EDI, 1
00402145 |>
8B45 1C |MOV EAX, [ARG.6]
00402148
|. 83E0 03 |AND EAX, 3
0040214B
|. 83F8 02 |CMP EAX, 2
0040214E
|. 7D 4E |JGE SHORT FlashD.0040219E
00402150
|. 8975 AC |MOV [LOCAL.21], ESI
00402153
|. 8B55 AC |MOV EDX, [LOCAL.21]
00402156
|. 52 |PUSH EDX
00402157 |. 8D4D 10 |LEA
ECX, [ARG.3]
0040215A
|. 51 |PUSH ECX
0040215B |. E8 509A0A00 |CALL FlashD.004ABBB0
00402160 |. 83C4 08
|ADD ESP, 8
00402163 |. 8D45 10
|LEA EAX, [ARG.3]
00402166 |. E8 099E0A00
|CALL FlashD.004ABF74
0040216B |. 8B55 AC
|MOV EDX, [LOCAL.21]
0040216E |. 0355
10 |ADD EDX, [ARG.3]
00402171 |. 4A
|DEC EDX
00402172 |.
8A0A |MOV CL, BYTE PTR DS:[EDX]
00402174
|. 51 |PUSH ECX
00402175
|. 897D A8 |MOV [LOCAL.22], EDI
00402178
|. 8B45 A8 |MOV EAX, [LOCAL.22]
0040217B
|. 50 |PUSH EAX
0040217C |. 8D55 FC |LEA EDX,
[LOCAL.1]
0040217F
|. 52 |PUSH EDX
00402180 |. E8 2B9A0A00 |CALL FlashD.004ABBB0
00402185 |. 83C4 08
|ADD ESP, 8
00402188 |. 8D45 FC
|LEA EAX, [LOCAL.1]
0040218B |. E8 E49D0A00
|CALL FlashD.004ABF74
00402190 |. 8B55 A8
|MOV EDX, [LOCAL.22]
00402193 |. 0355
FC |ADD EDX, [LOCAL.1]
00402196 |.
4A |DEC EDX
00402197
|. 59 |POP
ECX
00402198 |. 020A |ADD
CL, BYTE PTR DS:[EDX] ; 用上面的值計算
0040219A |. 880B
|MOV BYTE PTR DS:[EBX], CL
0040219C
|. EB 4F |JMP SHORT FlashD.004021ED
0040219E
|> 8975 A4 |MOV [LOCAL.23],
ESI
004021A1 |. 8B45 A4 |MOV
EAX, [LOCAL.23]
004021A4 |. 50
|PUSH EAX
004021A5 |. 8D55 10
|LEA EDX, [ARG.3]
004021A8 |. 52
|PUSH EDX
004021A9 |. E8
029A0A00 |CALL FlashD.004ABBB0
004021AE
|. 83C4 08 |ADD ESP, 8
004021B1
|. 8D45 10 |LEA EAX, [ARG.3]
004021B4
|. E8 BB9D0A00 |CALL FlashD.004ABF74
004021B9
|. 8B55 A4 |MOV EDX, [LOCAL.23]
004021BC
|. 0355 10 |ADD EDX, [ARG.3]
004021BF
|. 4A |DEC
EDX
004021C0 |. 8A0A |MOV
CL, BYTE PTR DS:[EDX]
004021C2 |. 51
|PUSH ECX
004021C3 |. 897D A0
|MOV [LOCAL.24], EDI
004021C6 |. 8B45
A0 |MOV EAX, [LOCAL.24]
004021C9 |.
50 |PUSH EAX
004021CA |. 8D55 FC |LEA
EDX, [LOCAL.1]
004021CD
|. 52 |PUSH EDX
004021CE |. E8 DD990A00 |CALL FlashD.004ABBB0
004021D3 |. 83C4 08
|ADD ESP, 8
004021D6 |. 8D45 FC
|LEA EAX, [LOCAL.1]
004021D9 |. E8
969D0A00 |CALL FlashD.004ABF74
004021DE |. 8B55
A0 |MOV EDX, [LOCAL.24]
004021E1 |.
0355 FC |ADD EDX, [LOCAL.1]
004021E4
|. 4A |DEC
EDX
004021E5 |. 59 |POP
ECX
004021E6 |. 020A
|ADD CL, BYTE PTR DS:[EDX]
004021E8 |. 024D
C4 |ADD CL, BYTE PTR SS:[EBP-3C]
004021EB
|. 880B |MOV BYTE
PTR DS:[EBX], CL
004021ED |> 46
|INC ESI
004021EE |. 47
|INC EDI
004021EF |. FF45
B0 |INC [LOCAL.20]
004021F2 |. 43
|INC EBX
004021F3 |>
8B45 18 MOV EAX, [ARG.5]
004021F6
|. 40 |INC
EAX
004021F7 |. 3B45 B0 |CMP
EAX, [LOCAL.20]
004021FA |.^ 0F8F 13FFFFFF \JG FlashD.00402113
00402200
|. 8B55 C0 MOV EDX, [LOCAL.16]
; 用上面的值的地址 SS:[12F3FC]000DB3DF8
00402203
|. 8B4D 18 MOV ECX, [ARG.5]
00402206
|. C6040A 00 MOV BYTE PTR DS:[EDX+ECX],
0
0040220A |. 66:C745 D8 08>MOV WORD PTR SS:[EBP-28],
8
00402210 |. 8B45 C0 MOV EAX,
[LOCAL.16]
00402213 |. BF 01000000 MOV EDI,
1
00402218 |. 8BD8 MOV
EBX, EAX
0040221A |. EB 3A JMP
SHORT FlashD.00402256
0040221C /MOVSX EAX, BYTE
PTR DS:[EBX]
; 用上面的值 AC BA B8 9D BF C3 B4 97 B6 BA C1 AB 計算
0040221F
|MOV ECX, 24 ; ECX=24
00402224
|CDQ
00402225 |IDIV ECX
; EAX=AC IDIV ECX=24 ==>EAX=FE EDX=F4
00402227 |MOV
[LOCAL.25], EDX
0040222A |MOV EAX, [LOCAL.25]
; EAX=FFFFFFF4
0040222D |CDQ
0040222E |XOR
EAX, EDX ; EAX=FFFFFFF4 XOR
EDX=FFFFFFFF =
00402230 |SUB EAX, EDX
; EAX=0B-FFFFFFFF=C
00402232 |MOV ESI,
EAX
00402234 |INC ESI
00402235 |PUSH ESI
; /ESI=D
00402236 |MOV
EAX, [ARG.2]
00402239 |PUSH EAX
0040223A
|CALL FlashD.004ABBB0
0040223F |ADD ESP, 8
00402242 |MOV
EAX, [ARG.2]
00402245 |CALL FlashD.004ABF74
0040224A
|MOV EDX, [ARG.2]
0040224D |ADD ESI,
DWORD PTR DS:[EDX]
; ESI=0D+DS:[D92ABC]=00D927C,(ASCII "ABCDEFGHIGKLMNOPQRSTUVWSYZ1234567890")
0040224F
|DEC ESI
00402250 |MOV CL, BYTE PTR
DS:[ESI]
; 用上面的值做指標在ABCDEFGHIGKLMNOPQRSTUVWSYZ1234567890中取值
00402252 |MOV BYTE PTR DS:[EBX], CL
; CL=4D ('M')==>DS:[00DB3DF8]=="M9A24ZE8C92N"
00402254
|INC EDI
00402255 |INC EBX
00402256
MOV EAX, [ARG.5]
00402259 |INC EAX
0040225A
|CMP EDI, EAX
0040225C \JL SHORT
FlashD.0040221C
0040225E MOV WORD PTR SS:[EBP-28], 38
00402264
LEA EAX, [LOCAL.2]
00402267 MOV EDX,
[LOCAL.16]
; EDX<==SS:[12F3FC]=00DB3DF8,(ASCII "M9A24ZE8C92N")
0040226A
CALL FlashD.004ABC34
0040226F INC [LOCAL.7]
00402272
MOV WORD PTR SS:[EBP-28], 8
00402278 MOV
ECX, [LOCAL.16]
; ECX<==SS:[12F3FC]=00DB3DF8,(ASCII "M9A24ZE8C92N")
0040227B
PUSH ECX
0040227C CALL FlashD.004A0D18
00402281 POP
ECX
00402282 LEA EDX, [LOCAL.2]
00402285
MOV WORD PTR SS:[EBP-28], 44
0040228B MOV
EAX, [ARG.1]
0040228E CALL FlashD.004ABDC4
00402293
MOV EAX, [ARG.1]
00402296 MOV EDX,
2
0040229B MOV WORD PTR SS:[EBP-28], 50
004022A1 PUSH
EAX
004022A2 LEA EAX, [LOCAL.2]
004022A5
DEC [LOCAL.7]
004022A8 CALL FlashD.004ABD94
004022AD
DEC [LOCAL.7]
004022B0 LEA EAX, [LOCAL.1]
004022B3
MOV EDX, 2
004022B8 CALL FlashD.004ABD94
004022BD
DEC [LOCAL.7]
004022C0 LEA EAX, [ARG.3]
004022C3
MOV EDX, 2
004022C8 CALL FlashD.004ABD94
004022CD
DEC [LOCAL.7]
004022D0 LEA EAX, [ARG.4]
004022D3
MOV EDX, 2
004022D8 CALL FlashD.004ABD94
004022DD
POP EAX
004022DE MOV WORD PTR SS:[EBP-28],
44
004022E4 INC [LOCAL.7]
004022E7 MOV
EDX, [LOCAL.14]
004022EA MOV DWORD PTR FS:[0], EDX
004022F1
POP EDI
004022F2 POP ESI
004022F3
POP EBX
004022F4 MOV ESP, EBP
004022F6
POP EBP
004022F7 RETN
------------------------------------------
以上迴圈進行14次,在00402267 MOV EDX, [LOCAL.16]
;
EDX<==SS:[12F3FC]=00DB3DF8,(ASCII "M9A24ZE8C92N")
處 的字串就是正確的註冊碼
一個可用的註冊碼
使用者名稱:fxyang
註冊碼:APP1MKEBWC80
**********************************************************
由於註冊碼計算非常沉長,我無法完整的整理出來.so這篇破文對演算法沒有多大的意義
我只是想讓和我一樣的菜鳥少走我已走過的彎路.
fxyang[OCN]
2003.3.18
相關文章
- 用 PHP 動態建立 Flash 動畫 (轉)2007-12-12PHP動畫
- adobe flash建立按鈕並新增動作【Z】2011-03-30
- windows2003IE無法顯示flash2017-11-14Windows
- NAND Flash和NOR Flash的區別2020-11-02NaN
- NAND Flash2015-11-12NaN
- S3C2440從NAND Flash啟動和NOR FLASH啟動的問題2021-09-09S3NaN
- Mach Desktop HD for Mac(高畫質桌面動態桌布軟體) 啟用版2023-11-09Mac
- 網頁中引入flash及flash背景透明2010-12-03網頁
- 用ollydbg破《水芯 Flash播放器 v1.0》 (514字)2002-02-09播放器
- flash資料2018-11-14
- QT 播放 FLASH2013-07-28QT
- FLASH倉庫2005-06-05
- my flash website2007-09-01Web
- nor flash 和nand flash 傻傻分不清楚2014-11-06NaN
- 「更新」Macos動態桌面桌布:iWall2023-10-12Mac
- Dynamic Wallpaper for Mac 動態桌布桌面2022-05-30Mac
- 今年Flash大限將至,但Flash遊戲不該就此消失2020-02-17遊戲
- flash轉音訊軟體(thundersoft flash to audio converter)2020-12-17音訊
- Flash末日將近:谷歌明年停運Flash顯示廣告2017-07-03谷歌
- 每天學一點flash flash簡單加密講解(1)2007-07-30加密
- Android播放flash2017-11-15Android
- oracle Flash Revovery Area2014-08-10Oracle
- Flash驅動控制--晶片擦除(SPI協議)2024-06-19晶片協議
- ZYNQ FLASH+EMMC手動移植LINUX啟動2021-07-27Linux
- C# 設定桌面動態桌布2019-07-25C#
- 元素週期表動態桌面桌布2020-09-29
- Android WebView播放flash(判斷是否安裝flash外掛)2012-10-13AndroidWebView
- win10桌面動態桌布怎麼弄_win10桌面動態桌布怎麼設定2020-05-19Win10
- 動漫鬼刀MAC高清動態桌面桌布2020-10-21Mac
- 宏旺半導體科普SPI NAND Flash和SPI NOR Flash的區別2020-03-27NaN
- flash中心是流氓軟體嗎 flash中心有必要安裝嗎2022-04-01
- 網頁中載入flash時是指flash背景為透明【Z】2011-03-28網頁
- Flash Message For Laravel 52017-03-12Laravel
- Flash AS3.0實戰2013-12-04S3
- flash遊戲開發2013-06-15遊戲開發
- flash基礎應用2015-05-02
- Flash與Flex路在何方?2011-09-14Flex
- 設定Flash Recovery Area2009-05-19