資料轉換器 V8.6 通用版演算法分析
看雪資料發表於2015-11-15
標 題:資料轉換器 V8.6 通用版演算法分析
發信人:wzh123
時 間:2003/06/09 08:29pm
詳細資訊:
資料轉換器 V8.6 通用版演算法分析
分析者: wzh123
軟體大小: 1508 KB
軟體語言: 簡體中文
軟體類別: 國產軟體 / 共享版 / 資料庫類
應用平臺: Win9x/NT/2000/XP
軟體介紹:
資料轉換器(通用版)是一個可以對各種資料庫進行處理的軟體,是為專業人員量身定製的專用工具。非專業人員使用資料轉換器可以處理一般的資料問題,而專業人員採用資料專換器更是如虎添翼,可以更快更好的進行應用軟體的開發。
作者申明:只是學習,無其他目的。
本人剛剛學破解,錯誤在所難免,寫的也很亂,請各位包涵,也請各位高手指教
這個軟體是delphi編的,屬於明碼比較,演算法不難,但是要弄清演算法,就要跟進多個call中,要有耐心。
機器碼:6ED363VT(好眼熟耶,其實就是硬碟id)
註冊版本:正式版
使用者名稱:wzh123
註冊碼:a234567890
先脫殼,反編譯後,很容易找到核心地方,以下的分析以我的註冊資訊為例,大家可以根據自己的情況算
出注冊碼。
.............省略
:0075070C FF92CC000000 call dword ptr [edx+000000CC]
:00750712 8BD0 mov edx, eax
:00750714 8BC3 mov eax, ebx
:00750716 59 pop ecx
:00750717 E8E0000000 call 007507FC-------關鍵call(1),追入
:0075071C 84C0 test al, al
:0075071E 741D je 0075073D---------不能跳
:00750720 33C9 xor ecx, ecx
* Possible StringData Ref from Code Obj ->"單機版"
|
:00750722 BACC077500 mov edx, 007507CC
:00750727 8BC3 mov eax, ebx
:00750729 E88E010000 call 007508BC
:0075072E 33D2 xor edx, edx
:00750730 8B8354030000 mov eax, dword ptr [ebx+00000354]
:00750736 8B08 mov ecx, dword ptr [eax]
:00750738 FF5164 call [ecx+64]
:0075073B EB0A jmp 00750747
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0075071E(C)
|
* Possible StringData Ref from Code Obj ->"註冊資訊不正確,請仔細檢查!"
|
:0075073D B8DC077500 mov eax, 007507DC
:00750742 E8B5D20000 call 0075D9FC
----------------------------關鍵call(1)-----------------------------
.............省略
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00750839(C)
|
:0075085F 8D45F4 lea eax, dword ptr [ebp-0C]
:00750862 50 push eax
:00750863 B901000000 mov ecx, 00000001
:00750868 8B550C mov edx, dword ptr[ebp+0C]---edx中為使用者名稱,我的為"wzh123"
:0075086B 8B45FC mov eax, dword ptr[ebp-04]----eax中為硬碟id,我的為"6ED363VT"
:0075086E E8A9B10000 call 0075BA1C--------關鍵call(2),演算法,追入
:00750873 8B45F4 mov eax, dword ptr [ebp-0C]----------真碼
:00750876 8B5508 mov edx, dword ptr [ebp+08]----------假碼
:00750879 E84A44CBFF call 00404CC8------------------------比較
:0075087E 7502 jne 00750882-------------------------不等就跳
:00750880 B301 mov bl, 01---------------------------不跳成功
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0075083B(U), :00750859(C), :0075085D(U), :0075087E(C)
|
:00750882 33C0 xor eax, eax
:00750884 5A pop edx
:00750885 59 pop ecx
:00750886 59 pop ecx
:00750887 648910 mov dword ptr fs:[eax], edx
:0075088A 68B1087500 push 007508B1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:007508AF(U)
|
:0075088F 8D45F4 lea eax, dword ptr [ebp-0C]
:00750892 BA03000000 mov edx, 00000003
:00750897 E84440CBFF call 004048E0
:0075089C 8D4508 lea eax, dword ptr [ebp+08]
:0075089F BA02000000 mov edx, 00000002
:007508A4 E83740CBFF call 004048E0
:007508A9 C3 ret
---------------------------關鍵call(2),演算法-----------------------------------------
........................省略
:0075BA67 BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0075BA89(C)
|
:0075BA6C 8D55E8 lea edx, dword ptr [ebp-18]
:0075BA6F 8B45FC mov eax, dword ptr [ebp-04]
硬碟id,"6ED363VT"-->eax
:0075BA72 0FB64418FF movzx eax, byte ptr [eax+ebw-01]
依次取"6ED363VT"-->eax
:0075BA77 E8D0E1CAFF call 00409C4C--------------------關鍵call(3)
:0075BA7C 8B55E8 mov edx, dword ptr [ebp-18]
-------1、edx=54
-------2、edx=69
-------3、edx=68
-------4、edx=51
-------5、edx=54
-------6、edx=51
-------7、edx=86
-------8、edx=84
-------得到一組數"5469685154518684"
:0075BA7F 8D45F0 lea eax, dword ptr [ebp-10]
:0075BA82 E8FD90CAFF call 00404B84
:0075BA87 43 inc ebx
:0075BA88 4E dec esi
:0075BA89 75E1 jne 0075BA6C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0075BA65(C)
|
:0075BA8B 8B45F8 mov eax, dword ptr [ebp-08]
:0075BA8E E8E990CAFF call 00404B7C
:0075BA93 8BF0 mov esi, eax
:0075BA95 85F6 test esi, esi
:0075BA97 7E3F jle 0075BAD8
:0075BA99 BB01000000 mov ebx, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0075BAD6(C)
|
:0075BA9E 8D55E4 lea edx, dword ptr [ebp-1C]
:0075BAA1 8B45F8 mov eax, dword ptr [ebp-08]
"wzh123"-->eax
:0075BAA4 0FB64418FF movzx eax, byte ptr [eax+ebw-01]
依次取"wzh123"-->eax
:0075BAA9 E89EE1CAFF call 00409C4C 關鍵call(3),演算法同上
:0075BAAE 8B55E4 mov edx, dword ptr [ebp-1C]
-------1、edx=119
-------2、edx=122
-------3、edx=104
-------4、edx=49
-------5、edx=50
-------6、edx=51
-------得到一組數"119122104495051"
:0075BAB1 8D45F0 lea eax, dword ptr [ebp-10]
:0075BAB4 E8CB90CAFF call 00404B84
:0075BAB9 8D55E0 lea edx, dword ptr [ebp-20]
:0075BABC 8B45F8 mov eax, dword ptr [ebp-08]
:0075BABF 0FB64418FF movzx eax, byte ptr [eax+ebw-01]
:0075BAC4 E883E1CAFF call 00409C4C------------又來一遍,這裡應該是對中文字串進行處理,我沒有追了,有興趣的兄弟可以跟一下
:0075BAC9 8B55E0 mov edx, dword ptr [ebp-20]
:0075BACC 8D45EC lea eax, dword ptr [ebp-14]
:0075BACF E8B090CAFF call 00404B84
:0075BAD4 43 inc ebx
:0075BAD5 4E dec esi
:0075BAD6 75C6 jne 0075BA9E-------------向上迴圈
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0075BA97(C)
|
:0075BAD8 8D45F4 lea eax, dword ptr [ebp-0C]
:0075BADB 50 push eax
:0075BADC 8B45F0 mov eax, dword ptr [ebp-10] 這裡,將對機器碼與使用者名稱進行運算得到的兩組數連起來"5469685154518684119122104495051"---->eax
:0075BADF E89890CAFF call 00404B7C
取字串的長度,我這裡為0x1F-->eax
:0075BAE4 8BD0 mov edx, eax 0x1F-->eax
:0075BAE6 83EA0A sub edx, 0000000A edx=0x1F-0xA=0x15
:0075BAE9 B90A000000 mov ecx, 0000000A 0xA-->ecx
:0075BAEE 8B45F0 mov eax, dword ptr [ebp-10] "5469685154518684119122104495051"---->eax
:0075BAF1 E8E692CAFF call 00404DDC----------------關鍵call(6),追入
:0075BAF6 83EF01 sub edi, 00000001
:0075BAF9 720B jb 0075BB06
:0075BAFB 0F84D0000000 je 0075BBD1 我的在這裡會跳下去
:0075BB01 E933020000 jmp 0075BD39
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0075BAF9(C)
| 這裡我沒有跟,可能是因為我在註冊時選擇了完全正式版,如果選擇的是學習版,也許會走到這裡,這只是我的猜測,也許有誤,請指正。
* Possible StringData Ref from Code Obj ->"JLH-"
|
:0075BB06 6870BD7500 push 0075BD70
:0075BB0B 8D45DC lea eax, dword ptr [ebp-24]
:0075BB0E 8B55F0 mov edx, dword ptr [ebp-10]
:0075BB11 8A5201 mov dl, byte ptr [edx+01]
:0075BB14 E88B8FCAFF call 00404AA4
:0075BB19 FF75DC push [ebp-24]
:0075BB1C 8D45D8 lea eax, dword ptr [ebp-28]
:0075BB1F 8B55F0 mov edx, dword ptr [ebp-10]
:0075BB22 8A5203 mov dl, byte ptr [edx+03]
:0075BB25 E87A8FCAFF call 00404AA4
:0075BB2A FF75D8 push [ebp-28]
:0075BB2D 8D45D4 lea eax, dword ptr [ebp-2C]
:0075BB30 8B55F0 mov edx, dword ptr [ebp-10]
:0075BB33 8A5205 mov dl, byte ptr [edx+05]
:0075BB36 E8698FCAFF call 00404AA4
:0075BB3B FF75D4 push [ebp-2C]
:0075BB3E 8D45D0 lea eax, dword ptr [ebp-30]
:0075BB41 8B55F0 mov edx, dword ptr [ebp-10]
:0075BB44 8A5207 mov dl, byte ptr [edx+07]
:0075BB47 E8588FCAFF call 00404AA4
:0075BB4C FF75D0 push [ebp-30]
:0075BB4F 8D45CC lea eax, dword ptr [ebp-34]
:0075BB52 8B55F0 mov edx, dword ptr [ebp-10]
:0075BB55 8A5209 mov dl, byte ptr [edx+09]
:0075BB58 E8478FCAFF call 00404AA4
:0075BB5D FF75CC push [ebp-34]
* Possible StringData Ref from Code Obj ->"-SOFT-"
|
:0075BB60 6880BD7500 push 0075BD80
:0075BB65 8D45C8 lea eax, dword ptr [ebp-38]
:0075BB68 8B55F4 mov edx, dword ptr [ebp-0C]
:0075BB6B 8A5201 mov dl, byte ptr [edx+01]
:0075BB6E E8318FCAFF call 00404AA4
:0075BB73 FF75C8 push [ebp-38]
:0075BB76 8D45C4 lea eax, dword ptr [ebp-3C]
:0075BB79 8B55F4 mov edx, dword ptr [ebp-0C]
:0075BB7C 8A5203 mov dl, byte ptr [edx+03]
:0075BB7F E8208FCAFF call 00404AA4
:0075BB84 FF75C4 push [ebp-3C]
:0075BB87 8D45C0 lea eax, dword ptr [ebp-40]
:0075BB8A 8B55F4 mov edx, dword ptr [ebp-0C]
:0075BB8D 8A5205 mov dl, byte ptr [edx+05]
:0075BB90 E80F8FCAFF call 00404AA4
:0075BB95 FF75C0 push [ebp-40]
:0075BB98 8D45BC lea eax, dword ptr [ebp-44]
:0075BB9B 8B55F4 mov edx, dword ptr [ebp-0C]
:0075BB9E 8A5207 mov dl, byte ptr [edx+07]
:0075BBA1 E8FE8ECAFF call 00404AA4
:0075BBA6 FF75BC push [ebp-44]
:0075BBA9 8D45B8 lea eax, dword ptr [ebp-48]
:0075BBAC 8B55F4 mov edx, dword ptr [ebp-0C]
:0075BBAF 8A5209 mov dl, byte ptr [edx+09]
:0075BBB2 E8ED8ECAFF call 00404AA4
:0075BBB7 FF75B8 push [ebp-48]
* Possible StringData Ref from Code Obj ->"-WARE0"
|
:0075BBBA 6890BD7500 push 0075BD90
:0075BBBF 8B4508 mov eax, dword ptr [ebp+08]
:0075BBC2 BA0D000000 mov edx, 0000000D
:0075BBC7 E87090CAFF call 00404C3C
:0075BBCC E968010000 jmp 0075BD39
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0075BAFB(C)
|
* Possible StringData Ref from Code Obj ->"JLH-"
|
:0075BBD1 6870BD7500 push 0075BD70
跳到這裡,JLH-入棧,即註冊碼的第一部分
:0075BBD6 8D45B4 lea eax, dword ptr [ebp-4C]
:0075BBD9 8B55F0 mov edx, dword ptr[ebp-10]
"5469685154518684119122104495051"---->edx
:0075BBDC 8A12 mov dl, byte ptr [edx]
取字串的第一位即"5"->dl
:0075BBDE E8C18ECAFF call 00404AA4
:0075BBE3 FF75B4 push [ebp-4C]
:0075BBE6 8D45B0 lea eax, dword ptr [ebp-50]
:0075BBE9 8B55F0 mov edx, dword ptr [ebp-10]
:0075BBEC 8A5202 mov dl, byte ptr [edx+02]
取字串的第三位即"6"->dl
:0075BBEF E8B08ECAFF call 00404AA4
:0075BBF4 FF75B0 push [ebp-50]
:0075BBF7 8D45AC lea eax, dword ptr [ebp-54]
:0075BBFA 8B55F0 mov edx, dword ptr [ebp-10]
:0075BBFD 8A5204 mov dl, byte ptr [edx+04]
取字串的第五位即"6"->dl
:0075BC00 E89F8ECAFF call 00404AA4
:0075BC05 FF75AC push [ebp-54]
:0075BC08 8D45A8 lea eax, dword ptr [ebp-58]
:0075BC0B 8B55F0 mov edx, dword ptr [ebp-10]
:0075BC0E 8A5206 mov dl, byte ptr [edx+06]
取字串的第七位即"5"->dl
:0075BC11 E88E8ECAFF call 00404AA4
:0075BC16 FF75A8 push [ebp-58]
:0075BC19 8D45A4 lea eax, dword ptr [ebp-5C]
:0075BC1C 8B55F0 mov edx, dword ptr [ebp-10]
:0075BC1F 8A5208 mov dl, byte ptr [edx+08]
取字串的第九位即"5"->dl
:0075BC22 E87D8ECAFF call 00404AA4
:0075BC27 FF75A4 push [ebp-5C]
-----------------------這一段是將字串"5469685154518684119122104495051"的第1、3、
5、7、9位取出得到註冊碼的第二部分,最終得到JLH-56655
* Possible StringData Ref from Code Obj ->"-SOFT-"
|
:0075BC2A 6880BD7500 push 0075BD80 -SOFT-入棧
:0075BC2F 8D45A0 lea eax, dword ptr [ebp-60]
:0075BC32 8B55F4 mov edx, dword ptr [ebp-0C]
"2210449505"(關鍵call(6)中的分析)-->edx
:0075BC35 8A12 mov dl, byte ptr [edx]
取字串的第一位即"2"->dl
:0075BC37 E8688ECAFF call 00404AA4
:0075BC3C FF75A0 push [ebp-60]
:0075BC3F 8D459C lea eax, dword ptr [ebp-64]
:0075BC42 8B55F4 mov edx, dword ptr [ebp-0C]
:0075BC45 8A5202 mov dl, byte ptr [edx+02]
取字串的第三位即"1"->dl
:0075BC48 E8578ECAFF call 00404AA4
:0075BC4D FF759C push [ebp-64]
:0075BC50 8D4598 lea eax, dword ptr [ebp-68]
:0075BC53 8B55F4 mov edx, dword ptr [ebp-0C]
:0075BC56 8A5204 mov dl, byte ptr [edx+04]
取字串的第五位即"4"->dl
:0075BC59 E8468ECAFF call 00404AA4
:0075BC5E FF7598 push [ebp-68]
:0075BC61 8D4594 lea eax, dword ptr [ebp-6C]
:0075BC64 8B55F4 mov edx, dword ptr [ebp-0C]
:0075BC67 8A5206 mov dl, byte ptr [edx+06]
取字串的第七位即"9"->dl
:0075BC6A E8358ECAFF call 00404AA4
:0075BC6F FF7594 push [ebp-6C]
:0075BC72 8D4590 lea eax, dword ptr [ebp-70]
:0075BC75 8B55F4 mov edx, dword ptr [ebp-0C]
:0075BC78 8A5208 mov dl, byte ptr [edx+08]
取字串的第九位即"0"->dl
:0075BC7B E8248ECAFF call 00404AA4
:0075BC80 FF7590 push [ebp-70]
---------------這一段是將字串"22104495050"的第1、3、5、7、9位取出得到註冊碼的第三、四部分,最終得到JLH-56655-SOFT-21490
* Possible StringData Ref from Code Obj ->"-WARE1-"
|
:0075BC83 68A0BD7500 push 0075BDA0 -WARE1-入棧
:0075BC88 8D458C lea eax, dword ptr [ebp-74]
:0075BC8B 8B55EC mov edx, dword ptr [ebp-14]
將對使用者名稱進行運算得到的數"119122104495051"-->edx
:0075BC8E 8A5207 mov dl, byte ptr [edx+07]
取字串的第八位即"0"->dl
:0075BC91 E80E8ECAFF call 00404AA4
:0075BC96 FF758C push [ebp-74]
:0075BC99 8D4588 lea eax, dword ptr [ebp-78]
:0075BC9C 8B55EC mov edx, dword ptr [ebp-14]
:0075BC9F 8A5204 mov dl, byte ptr [edx+04]
取字串的第五位即"2"->dl
:0075BCA2 E8FD8DCAFF call 00404AA4
:0075BCA7 FF7588 push [ebp-78]
:0075BCAA 8D4584 lea eax, dword ptr [ebp-7C]
:0075BCAD 8B55EC mov edx, dword ptr [ebp-14]
:0075BCB0 8A5206 mov dl, byte ptr [edx+06]
取字串的第七位即"1"->dl
:0075BCB3 E8EC8DCAFF call 00404AA4
:0075BCB8 FF7584 push [ebp-7C]
:0075BCBB 8D4580 lea eax, dword ptr [ebp-80]
:0075BCBE 8B55EC mov edx, dword ptr [ebp-14]
:0075BCC1 8A5203 mov dl, byte ptr [edx+03]
取字串的第四位即"1"->dl
:0075BCC4 E8DB8DCAFF call 00404AA4
:0075BCC9 FF7580 push [ebp-80]
:0075BCCC 8D857CFFFFFF lea eax, dword ptr [ebp+FFFFFF7C]
:0075BCD2 8B55EC mov edx, dword ptr [ebp-14]
:0075BCD5 8A5201 mov dl, byte ptr [edx+01]
取字串的第二位即"1"->dl
:0075BCD8 E8C78DCAFF call 00404AA4
:0075BCDD FFB57CFFFFFF push dword ptr [ebp+FFFFFF7C]
:0075BCE3 8D8578FFFFFF lea eax, dword ptr [ebp+FFFFFF78]
:0075BCE9 8B55EC mov edx, dword ptr [ebp-14]
:0075BCEC 8A5202 mov dl, byte ptr [edx+02]
取字串的第三位即"9"->dl
:0075BCEF E8B08DCAFF call 00404AA4
:0075BCF4 FFB578FFFFFF push dword ptr [ebp+FFFFFF78]
:0075BCFA 8D8574FFFFFF lea eax, dword ptr [ebp+FFFFFF74]
:0075BD00 8B55EC mov edx, dword ptr [ebp-14]
:0075BD03 8A12 mov dl, byte ptr [edx]
取字串的第一位即"1"->dl
:0075BD05 E89A8DCAFF call 00404AA4
:0075BD0A FFB574FFFFFF push dword ptr [ebp+FFFFFF74]
:0075BD10 8D8570FFFFFF lea eax, dword ptr [ebp+FFFFFF70]
:0075BD16 8B55EC mov edx, dword ptr [ebp-14]
:0075BD19 8A5201 mov dl, byte ptr [edx+01]
取字串的第二位即"1"->dl
:0075BD1C E8838DCAFF call 00404AA4
:0075BD21 FFB570FFFFFF push dword ptr [ebp+FFFFFF70]
--------------這一段是將字串"119122104495051"的第8、5、7、4、2、3、1、2位取出得到註冊碼的第五、六部分,最終得到JLH-56655-SOFT-21490-WARE1-02111911
* Possible StringData Ref from Code Obj ->"-SL"
|
:0075BD27 68B0BD7500 push 0075BDB0 -SL入棧,即為註冊碼的第七部分
:0075BD2C 8B4508 mov eax, dword ptr [ebp+08]
:0075BD2F BA16000000 mov edx, 00000016
:0075BD34 E8038FCAFF call 00404C3C
----------------------------------------最終得到註冊碼"JLH-56655-SOFT-21490-WARE1-02111911-SL"
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0075BB01(U), :0075BBCC(U)
|
:0075BD39 33C0 xor eax, eax
:0075BD3B 5A pop edx
:0075BD3C 59 pop ecx
:0075BD3D 59 pop ecx
:0075BD3E 648910 mov dword ptr fs:[eax], edx
:0075BD41 685EBD7500 push 0075BD5E
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0075BD5C(U)
|
:0075BD46 8D8570FFFFFF lea eax, dword ptr [ebp+FFFFFF70]
:0075BD4C BA24000000 mov edx, 00000024
:0075BD51 E88A8BCAFF call 004048E0
:0075BD56 C3 ret
---------------------------------關鍵call(3)------------------------------------
:00409C4C 56 push esi
:00409C4D 89E6 mov esi, esp
:00409C4F 83EC10 sub esp, 00000010
:00409C52 31C9 xor ecx, ecx
:00409C54 52 push edx
:00409C55 31D2 xor edx, edx
:00409C57 E8A4FFFFFF call 00409C00-------------------關鍵call(4),追入
:00409C5C 89F2 mov edx, esi
:00409C5E 58 pop eax
:00409C5F E848ADFFFF call 004049AC
:00409C64 83C410 add esp, 00000010
:00409C67 5E pop esi
:00409C68 C3 ret
--------------------------------關鍵call(4)-------------------------------------
:00409C00 08C9 or cl, cl
:00409C02 7517 jne 00409C1B
:00409C04 09C0 or eax, eax
:00409C06 790E jns 00409C16
:00409C08 F7D8 neg eax
:00409C0A E807000000 call 00409C16--------------------關鍵call(5),追入
:00409C0F B02D mov al, 2D
:00409C11 41 inc ecx
:00409C12 4E dec esi
:00409C13 8806 mov byte ptr [esi], al
:00409C15 C3 ret
--------------------------------關鍵call(5)--------------------------------------
:00409C16 B90A000000 mov ecx, 0000000A 0xA-->ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409C02(C)
|
:00409C1B 52 push edx
:00409C1C 56 push esi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409C31(C)
|
:00409C1D 31D2 xor edx, edx edx清零
:00409C1F F7F1 div ecx--------舉例,如取我的硬碟id"6ED363VT"第一位6(0x36)
--------1、0x36(6)/0xA,eax=0x5,edx=0x4
--------2、0x5/0xA,eax=0x0,edx=0x5
:00409C21 4E dec esi
:00409C22 80C230 add dl, 30
--------1、dl=0x34(4)
--------2、dl=0x35(5)
--------這兩位連起來得到一個數"54",餘下的數依此類推;將硬碟id"6ED363VT"進行運算後,得到一組數5469685154518684
:00409C25 80FA3A cmp dl, 3A-------與0x3A比較
:00409C28 7203 jb 00409C2D------小於就跳
:00409C2A 80C207 add dl, 07-------否則dl+7
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409C28(C)
|
:00409C2D 8816 mov byte ptr [esi], dl
:00409C2F 09C0 or eax, eax------------eax為零嗎?
:00409C31 75EA jne 00409C1D-----------沒除盡就向上迴圈
:00409C33 59 pop ecx
:00409C34 5A pop edx
:00409C35 29F1 sub ecx, esi
:00409C37 29CA sub edx, ecx
:00409C39 7610 jbe 00409C4B
:00409C3B 01D1 add ecx, edx
:00409C3D B030 mov al, 30
:00409C3F 29D6 sub esi, edx
:00409C41 EB03 jmp 00409C46
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409C47(C)
|
:00409C43 880432 mov byte ptr [edx+esi], al
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409C41(U)
|
:00409C46 4A dec edx
:00409C47 75FA jne 00409C43
:00409C49 8806 mov byte ptr [esi], al
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409C39(C)
|
:00409C4B C3 ret
--------------------------------關鍵call(6)-------------------------------------
:00404DDC 53 push ebx
:00404DDD 85C0 test eax, eax eax為零嗎?我這裡
eax="5469685154518684119122104495051"
:00404DDF 742D je 00404E0E 等於零跳 ,我這裡不跳
:00404DE1 8B58FC mov ebx, dword ptr [eax-04] 字串的長度,我這裡為0x1F-->ebx
:00404DE4 85DB test ebx, ebx
:00404DE6 7426 je 00404E0E 等於零跳 ,我這裡不跳
:00404DE8 4A dec edx edx=0x15-0x1=0x14(見上)
:00404DE9 7C1B jl 00404E06 小於零跳,我這裡不跳
:00404DEB 39DA cmp edx, ebx 0x14:0x1F
:00404DED 7D1F jge 00404E0E 大於等於跳,我這裡不跳
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404E08(U)
|
:00404DEF 29D3 sub ebx, edx ebx=1F-14=0xB
:00404DF1 85C9 test ecx, ecx ecx=0xA(見上)
:00404DF3 7C19 jl 00404E0E 小於零跳,我這裡不跳
:00404DF5 39D9 cmp ecx, ebx 0xA:0xB
:00404DF7 7F11 jg 00404E0A 大於等於跳,我這裡不跳
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404E0C(U)
|
:00404DF9 01C2 add edx, eax 將字串"5469685154518684119122104495051"從
第edx位開始賦給edx,我這裡為"22104495051"
:00404DFB 8B442408 mov eax, dword ptr [esp+08]
:00404DFF E8A8FBFFFF call 004049AC
:00404E04 EB11 jmp 00404E17 這裡跳出去了
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404DE9(C) 從這裡開始,我都沒有跟了,大家可以看看
|
:00404E06 31D2 xor edx, edx 從00404DE9跳來,edx清零
:00404E08 EBE5 jmp 00404DEF 跳上去迴圈
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404DF7(C)
|
:00404E0A 89D9 mov ecx, ebx 從00404DF7跳來,ebx-->ecx
:00404E0C EBEB jmp 00404DF9 跳上去迴圈
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00404DDF(C), :00404DE6(C), :00404DED(C), :00404DF3(C)
|
:00404E0E 8B442408 mov eax, dword ptr [esp+08]
:00404E12 E8A5FAFFFF call 004048BC
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404E04(U)
|
:00404E17 5B pop ebx
:00404E18 C20400 ret 0004
總結:
機器碼:6ED363VT(好眼熟耶,其實就是硬碟id)
註冊版本:正式版
使用者名稱:wzh123
註冊碼:JLH-56655-SOFT-21490-WARE1-02111911-SL
--------------------------------------------------------------------------------
©2000-2005 PEdiy.com All rights reserved.
By KanXue Studio
相關文章
- 定時器時間資料轉換子程式分析 (轉)2007-12-10定時器
- JavaScript資料型別分析及其轉換2021-09-09JavaScript資料型別
- Windows Phone 資料繫結轉換器2014-02-28Windows
- 分析家資料批量轉換器暴力破解手記 (3千字)2001-09-07
- 機器學習-- 資料轉換2018-11-17機器學習
- 資料庫轉換工具,不同資料庫之前任意轉換2020-08-07資料庫
- 資料型別轉換2018-12-29資料型別
- Hive資料格式轉換2019-01-08Hive
- 資料類新轉換2024-07-14
- Stimulsoft Reports如何建立新的資料轉換、編輯資料轉換2021-04-25
- mysql4.1資料轉換指南(轉)2007-08-09MySql
- layui tree資料格式轉換2019-11-19UI
- 什麼是資料轉換?2018-12-03
- JavaScript 資料型別轉換2018-12-19JavaScript資料型別
- 【Java】資料型別轉換2020-10-20Java資料型別
- javascript資料型別轉換2018-06-12JavaScript資料型別
- 資料型別的轉換2017-10-10資料型別
- 避免資料型別轉換2014-01-17資料型別
- 資料型別轉換圖2015-02-27資料型別
- oracle 資料型別轉換2012-12-17Oracle資料型別
- JS資料型別轉換2012-12-12JS資料型別
- 資料集轉換JSON2024-07-04JSON
- 資料型別及轉換2024-06-07資料型別
- Map 轉json資料,json資料轉換為Map2016-06-17JSON
- voc資料集轉換成coco資料集2024-04-27
- Oracle資料庫資料物件分析(轉)2007-08-13Oracle資料庫物件
- D/A轉換器2016-05-09
- Cxf - 轉換器2014-04-19
- 2、java資料型別轉換2020-08-11Java資料型別
- JS資料型別的轉換2019-04-03JS資料型別
- JavaScript 基本資料型別轉換2022-01-22JavaScript資料型別
- 頁面資料賦值轉換2020-12-02賦值
- js parseInt()資料型別轉換2017-03-29JS資料型別
- Qt 資料型別的轉換2015-01-19QT資料型別
- python資料型別轉換2013-06-27Python資料型別
- char(16)列的資料轉換2010-07-07
- 資料型別,型別轉換2024-04-08資料型別
- siebel切換資料來源【轉】2024-07-20