新概念英语句霸 2 算法分析
-
下载页面:http://www.en2000.com/download.htm
软件大小:5M
【软件简介】:新概念英语句霸2是用一种用新思维、新概念来学习英语句型的学习软件。它采用著名的“艾滨豪斯遗忘曲线”原理,采用听,说,读,写,记等方法,并结合动画人物指导,复读,录音对比等软件功能,根据人体记忆曲线反复刺激记忆,以达到牢记所学句型的目的。软件中包含"英语900句","走遍美国”等众多学习英语的优秀教材做为学习对象,正式版的用户还可以赠送"新概念英语(1-4册)的全部课文的句库和新概念英语的真人语音予以学习。
【软件限制】:NAG、功能限制。
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、PEiD、UnAspacka、W32Dasm 9.0白金版
—————————————————————————————————
【过 程】:
呵呵,朋友用U盘拿来这个东东要我看看,我看了一下说明,告诉他即使破解了也无法从其主页下载词库的,朋友说起码没有NAG了吧,我只好勉强试试了。哎,这个程序的算法已经超出了我的能力范围,我根本无法搞定,仅仅是简单分析 。见笑了。
新概念英语句霸.exe 是ASPack 2.12壳,用UnAspacka脱之。534K->1.38M。Delphi编写。
注册名:fly
申请码:58122273
试炼码:13572468-90ABCDEF
程序要求重启验证,注册码保存在注册表中,于是在反汇编代码里查找"RegNumOne",很容易就找到核心。
—————————————————————————————————
* Possible StringData Ref from Code Obj ->"JuBaPath"
|
:0050680A BAF06A5000 mov edx, 00506AF0
:0050680F E868B0F3FF call 0044187C
:00506814 8D85C4FDFFFF lea eax, dword ptr [ebp+FFFFFDC4]
:0050681A 50 push eax
:0050681B 8D95C0FDFFFF lea edx, dword ptr [ebp+FFFFFDC0]
:00506821 A120CD5100 mov eax, dword ptr [0051CD20]
:00506826 8B00 mov eax, dword ptr [eax]
====>EAX=58122273 呵呵,申请码
:00506828 E8AF96FFFF call 004FFEDC
====>核心CALL!进入!
:0050682D 8B85C0FDFFFF mov eax, dword ptr [ebp+FFFFFDC0]
====>EAX=5D7B911B1AC3AD53
:00506833 B908000000 mov ecx, 00000008
:00506838 BA01000000 mov edx, 00000001
:0050683D E8DAE7EFFF call 0040501C
:00506842 8B85C4FDFFFF mov eax, dword ptr [ebp+FFFFFDC4]
:00506848 50 push eax
:00506849 8D8DBCFDFFFF lea ecx, dword ptr [ebp+FFFFFDBC]
:0050684F A12CD05100 mov eax, dword ptr [0051D02C]
:00506854 8B00 mov eax, dword ptr [eax]
* Possible StringData Ref from Code Obj ->"RegNumOne"
|
:00506856 BA046B5000 mov edx, 00506B04
:0050685B E848B0F3FF call 004418A8
:00506860 8B95BCFDFFFF mov edx, dword ptr [ebp+FFFFFDBC]
====>EDX=13572468
:00506866 58 pop eax
====>EAX=5D7B911B
:00506867 E89CE6EFFF call 00404F08
====>比较前8位注册码
:0050686C 7564 jne 005068D2
====>跳则OVER!
:0050686E 8D85B8FDFFFF lea eax, dword ptr [ebp+FFFFFDB8]
:00506874 50 push eax
:00506875 8D95B4FDFFFF lea edx, dword ptr [ebp+FFFFFDB4]
:0050687B A120CD5100 mov eax, dword ptr [0051CD20]
:00506880 8B00 mov eax, dword ptr [eax]
:00506882 E85596FFFF call 004FFEDC
:00506887 8B85B4FDFFFF mov eax, dword ptr [ebp+FFFFFDB4]
:0050688D B908000000 mov ecx, 00000008
:00506892 BA09000000 mov edx, 00000009
:00506897 E880E7EFFF call 0040501C
:0050689C 8B85B8FDFFFF mov eax, dword ptr [ebp+FFFFFDB8]
:005068A2 50 push eax
:005068A3 8D8DB0FDFFFF lea ecx, dword ptr [ebp+FFFFFDB0]
:005068A9 A12CD05100 mov eax, dword ptr [0051D02C]
:005068AE 8B00 mov eax, dword ptr [eax]
* Possible StringData Ref from Code Obj ->"RegNumTwo"
|
:005068B0 BA186B5000 mov edx, 00506B18
:005068B5 E8EEAFF3FF call 004418A8
:005068BA 8B95B0FDFFFF mov edx, dword ptr [ebp+FFFFFDB0]
====>EDX=90ABCDEF
:005068C0 58 pop eax
====>EAX=1AC3AD53
:005068C1 E842E6EFFF call 00404F08
====>比较后8位注册码
:005068C6 750A jne 005068D2
====>跳则OVER!
:005068C8 A168CF5100 mov eax, dword ptr [0051CF68]
:005068CD C60001 mov byte ptr [eax], 01
====>置1则OK!
:005068D0 EB08 jmp 005068DA
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0050686C(C), :005068C6(C)
|
:005068D2 A168CF5100 mov eax, dword ptr [0051CF68]
:005068D7 C60000 mov byte ptr [eax], 00
====>置0则OVER! 爆破点!
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0050668E(C), :005068D0(U)
|
:005068DA A168CF5100 mov eax, dword ptr [0051CF68]
:005068DF 803800 cmp byte ptr [eax], 00
====>比较
:005068E2 750F jne 005068F3
====>不跳则OVER!
:005068E4 A168CA5100 mov eax, dword ptr [0051CA68]
:005068E9 8B00 mov eax, dword ptr [eax]
:005068EB 8B10 mov edx, dword ptr [eax]
:005068ED FF92EC000000 call dword ptr [edx+000000EC]
—————————————————————————————————
进入核心CALL:00506828 call 004FFEDC
* Referenced by a CALL at Addresses:
|:00506828 , :00506882
|
:004FFEDC 55 push ebp
:004FFEDD 8BEC mov ebp, esp
:004FFEDF 83C4C4 add esp, FFFFFFC4
:004FFEE2 53 push ebx
:004FFEE3 56 push esi
:004FFEE4 57 push edi
:004FFEE5 33C9 xor ecx, ecx
:004FFEE7 894DC8 mov dword ptr [ebp-38], ecx
:004FFEEA 894DC4 mov dword ptr [ebp-3C], ecx
:004FFEED 894DF4 mov dword ptr [ebp-0C], ecx
:004FFEF0 894DDC mov dword ptr [ebp-24], ecx
:004FFEF3 8955F8 mov dword ptr [ebp-08], edx
:004FFEF6 8945FC mov dword ptr [ebp-04], eax
:004FFEF9 8B45FC mov eax, dword ptr [ebp-04]
====>EAX=58122273 呵呵,申请码
:004FFEFC E8AB50F0FF call 00404FAC
====>取申请码长度
:004FFF01 33C0 xor eax, eax
:004FFF03 55 push ebp
:004FFF04 68B0005000 push 005000B0
:004FFF09 64FF30 push dword ptr fs:[eax]
:004FFF0C 648920 mov dword ptr fs:[eax], esp
:004FFF0F 8D45F4 lea eax, dword ptr [ebp-0C]
:004FFF12 8B55FC mov edx, dword ptr [ebp-04]
:004FFF15 E87A4CF0FF call 00404B94
:004FFF1A 8D45F4 lea eax, dword ptr [ebp-0C]
* Possible StringData Ref from Code Obj ->"1234567"
|
:004FFF1D BAC8005000 mov edx, 005000C8
====>EDX=1234567
:004FFF22 E89D4EF0FF call 00404DC4
:004FFF27 8D45F4 lea eax, dword ptr [ebp-0C]
:004FFF2A BA08000000 mov edx, 00000008
:004FFF2F E81452F0FF call 00405148
:004FFF34 C745CC516F8550 mov [ebp-34], 50856F51
====>[ebp-34]=50856F51 呵呵,程序给的固定值
:004FFF3B C745D061722F84 mov [ebp-30], 842F7261
====>[ebp-30]=842F7261 呵呵,程序给的固定值
:004FFF42 C745D46265E742 mov [ebp-2C], 42E76562
====>[ebp-2C]=42E76562 呵呵,程序给的固定值
:004FFF49 C745D8706E676E mov [ebp-28], 6E676E70
====>[ebp-28]=6E676E70 呵呵,程序给的固定值
:004FFF50 33C9 xor ecx, ecx
:004FFF52 B004 mov al, 04
====>AL=04
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004FFF68(C)
|
:004FFF54 33D2 xor edx, edx
:004FFF56 8AD0 mov dl, al
====>DL=AL
:004FFF58 8B5DF4 mov ebx, dword ptr [ebp-0C]
====>EBX=58122273
:004FFF5B 0FB65413FF movzx edx, byte ptr [ebx+edx-01]
1、 ====>EDX=32
2、 ====>EDX=31
3、 ====>EDX=38
4、 ====>EDX=35
:004FFF60 03CA add ecx, edx
1、 ====>ECX=00000000 + 00000032=00000032
2、 ====>ECX=00003200 + 00000031=00003231
3、 ====>ECX=00323100 + 00000038=00323138
:004FFF62 C1E108 shl ecx, 08
1、 ====>ECX=00000032 SHL 08=00003200
2、 ====>ECX=00003231 SHL 08=00323100
3、 ====>ECX=00323138 SHL 08=32313800
:004FFF65 48 dec eax
====>EAX减1
:004FFF66 3C01 cmp al, 01
:004FFF68 75EA jne 004FFF54
====>循环倒序取前3位运算
:004FFF6A 8B45F4 mov eax, dword ptr [ebp-0C]
====>EAX=58122273
:004FFF6D 0FB600 movzx eax, byte ptr [eax]
4、 ====>EDX=35
:004FFF70 03C8 add ecx, eax
4、 ====>ECX=32313800 + 00000035=32313835
:004FFF72 33F6 xor esi, esi
:004FFF74 B008 mov al, 08
====>AL=08
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004FFF8A(C)
|
:004FFF76 33D2 xor edx, edx
:004FFF78 8AD0 mov dl, al
====>DL=AL
:004FFF7A 8B5DF4 mov ebx, dword ptr [ebp-0C]
====>EBX=58122273
:004FFF7D 0FB65413FF movzx edx, byte ptr [ebx+edx-01]
5、 ====>EDX=33
6、 ====>EDX=37
7、 ====>EDX=32
:004FFF82 03F2 add esi, edx
5、 ====>ESI=00000000 + 00000033=00000033
6、 ====>ESI=00003300 + 00000037=00003337
7、 ====>ESI=00333700 + 00000032=00333732
:004FFF84 C1E608 shl esi, 08
5、 ====>ESI=00000033 SHL 08=00003300
6、 ====>ESI=00003337 SHL 08=00333700
7、 ====>ESI=00333732 SHL 08=33373200
:004FFF87 48 dec eax
:004FFF88 3C05 cmp al, 05
:004FFF8A 75EA jne 004FFF76
====>循环倒序取最后3位运算
:004FFF8C 8B45F4 mov eax, dword ptr [ebp-0C]
====>EAX=58122273
:004FFF8F 0FB64004 movzx eax, byte ptr [eax+04]
8、 ====>EDX=32
:004FFF93 03F0 add esi, eax
8、 ====>ESI=33373200 + 00000032=33373232
:004FFF95 33FF xor edi, edi
:004FFF97 B020 mov al, 20
====>AL=20
====>下面进行“疯狂”循环了。^-^ ^-^
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004FFFD5(C)
|
:004FFF99 81C7F93103D9 add edi, D90331F9
====>EDI=00000000 + D90331F9=D90331F9
:004FFF9F 8BD6 mov edx, esi
====>EDX=ESI
:004FFFA1 C1E204 shl edx, 04
====>EDX=33373232 SHL 04=33732320
:004FFFA4 03CA add ecx, edx
====>ECX=32313835 + 33732320=65A45B55
:004FFFA6 8B55CC mov edx, dword ptr [ebp-34]
====>EDX=50856F51 呵呵,程序给的固定值
:004FFFA9 33D6 xor edx, esi
====>EDX=50856F51 XOR 33373232=63B25D63
:004FFFAB 03CA add ecx, edx
====>ECX=65A45B55 + 63B25D63=C956B8B8
:004FFFAD 8BD6 mov edx, esi
====>EDX=ESI
:004FFFAF C1EA05 shr edx, 05
====>EDX=33373232 SHR 05=0199B991
:004FFFB2 33D7 xor edx, edi
====>EDX=0199B991 XOR D90331F9=D89A8868
:004FFFB4 03CA add ecx, edx
====>ECX=C956B8B8 + D89A8868=A1F14120
:004FFFB6 034DD0 add ecx, dword ptr [ebp-30]
====>ECX=A1F14120 + 842F7261=2620B381
:004FFFB9 8BD1 mov edx, ecx
====>EDX=ECX=2620B381
:004FFFBB C1E204 shl edx, 04
====>EDX=2620B381 SHL 04=620B3810
:004FFFBE 03F2 add esi, edx
====>ESI=33373232 + 620B3810=95426A42
:004FFFC0 8B55D4 mov edx, dword ptr [ebp-2C]
====>EDX=42E76562
:004FFFC3 33D1 xor edx, ecx
====>EDX=42E76562 XOR 2620B381=64C7D6E3
:004FFFC5 03F2 add esi, edx
====>ESI=95426A42 + 64C7D6E3=FA0A4125
:004FFFC7 8BD1 mov edx, ecx
====>EDX=ECX=2620B381
:004FFFC9 C1EA05 shr edx, 05
====>EDX=2620B381 SHL 05=0131059C
:004FFFCC 33D7 xor edx, edi
====>EDX=0131059C XOR D90331F9=D8323465
:004FFFCE 03F2 add esi, edx
====>ESI=FA0A4125 + D8323465=D23C758A
:004FFFD0 0375D8 add esi, dword ptr [ebp-28]
====>ESI=D23C758A + 6E676E70=40A3E3FA
:004FFFD3 FEC8 dec al
====>AL减1
:004FFFD5 75C2 jne 004FFF99
====>呵呵,循环32次呀!
不记这些了,否则这种笨方法会使我吐血的。呵呵。循环结束后的主要结果如下:
====>EDI=20663F20
====>ESI=DAD08191
====>ECX=CA1CE260
====>EDX=2636D833
:004FFFD7 8BC1 mov eax, ecx
====>EAX=ECX=CA1CE260
:004FFFD9 25FFFFFF3F and eax, 3FFFFFFF
====>EAX=CA1CE260 AND 3FFFFFFF=0A1CE260
:004FFFDE 83C002 add eax, 00000002
====>EAX=0A1CE260 + 00000002=0A1CE262
:004FFFE1 33D2 xor edx, edx
:004FFFE3 8945E8 mov dword ptr [ebp-18], eax
====>[ebp-18]=EAX=0A1CE262
:004FFFE6 8955EC mov dword ptr [ebp-14], edx
====>[ebp-14]=EDX=0
:004FFFE9 8BC1 mov eax, ecx
====>EAX=ECX=CA1CE260
:004FFFEB C1E81E shr eax, 1E
====>EAX=CA1CE260 SHR 1E=00000003
:004FFFEE 055000F824 add eax, 24F80050
====>EAX=00000003 + 24F80050=24F80053
:004FFFF3 83C002 add eax, 00000002
====>EAX=24F80053 + 00000002=24F80055
:004FFFF6 33D2 xor edx, edx
:004FFFF8 8945E0 mov dword ptr [ebp-20], eax
====>[ebp-20]=EAX=24F80055
:004FFFFB 8955E4 mov dword ptr [ebp-1C], edx
====>[ebp-1C]=EDX=0
:004FFFFE FF75EC push [ebp-14]
:00500001 FF75E8 push [ebp-18]
:00500004 6A00 push 00000000
:00500006 68F9862C00 push 002C86F9
:0050000B 6A00 push 00000000
:0050000D 68E3A0AA69 push 69AAA0E3
:00500012 E8B9000000 call 005000D0
====>算法CALL !进入!以0A1CE262为参数运算前8位注册码
:00500017 8945E8 mov dword ptr [ebp-18], eax
====>[ebp-18]=EAX=5D7B911B
:0050001A 8955EC mov dword ptr [ebp-14], edx
:0050001D FF75E4 push [ebp-1C]
:00500020 FF75E0 push [ebp-20]
:00500023 6A00 push 00000000
:00500025 68F9862C00 push 002C86F9
:0050002A 6A00 push 00000000
:0050002C 68E3A0AA69 push 69AAA0E3
:00500031 E89A000000 call 005000D0
====>算法CALL ! 以24F80055为参数运算后8位注册码
:00500036 8945E0 mov dword ptr [ebp-20], eax
====>[ebp-20]=EAX=1AC3AD53
:00500039 8955E4 mov dword ptr [ebp-1C], edx
:0050003C FF75E4 push [ebp-1C]
:0050003F FF75E0 push [ebp-20]
:00500042 8D55C8 lea edx, dword ptr [ebp-38]
:00500045 B808000000 mov eax, 00000008
:0050004A E85598F0FF call 004098A4
:0050004F 8B45C8 mov eax, dword ptr [ebp-38]
:00500052 50 push eax
:00500053 FF75EC push [ebp-14]
:00500056 FF75E8 push [ebp-18]
:00500059 8D55C4 lea edx, dword ptr [ebp-3C]
:0050005C B808000000 mov eax, 00000008
:00500061 E83E98F0FF call 004098A4
:00500066 8B55C4 mov edx, dword ptr [ebp-3C]
:00500069 8D45DC lea eax, dword ptr [ebp-24]
:0050006C 59 pop ecx
:0050006D E8964DF0FF call 00404E08
:00500072 8B45F8 mov eax, dword ptr [ebp-08]
:00500075 8B55DC mov edx, dword ptr [ebp-24]
:00500078 E8D34AF0FF call 00404B50
:0050007D 33C0 xor eax, eax
:0050007F 5A pop edx
:00500080 59 pop ecx
:00500081 59 pop ecx
:00500082 648910 mov dword ptr fs:[eax], edx
:00500085 68B7005000 push 005000B7
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005000B5(U)
|
:0050008A 8D45C4 lea eax, dword ptr [ebp-3C]
:0050008D BA02000000 mov edx, 00000002
:00500092 E8894AF0FF call 00404B20
:00500097 8D45DC lea eax, dword ptr [ebp-24]
:0050009A E85D4AF0FF call 00404AFC
:0050009F 8D45F4 lea eax, dword ptr [ebp-0C]
:005000A2 E8554AF0FF call 00404AFC
:005000A7 8D45FC lea eax, dword ptr [ebp-04]
:005000AA E84D4AF0FF call 00404AFC
:005000AF C3 ret
—————————————————————————————————
进入算法CALL:00500012 call 005000D0
* Referenced by a CALL at Addresses:
|:00500012 , :00500031
|
:005000D0 55 push ebp
:005000D1 8BEC mov ebp, esp
:005000D3 83C4E0 add esp, FFFFFFE0
:005000D6 8B4518 mov eax, dword ptr [ebp+18]
:005000D9 8945F0 mov dword ptr [ebp-10], eax
====>[ebp-10]=EAX=0A1CE262
:005000DC 8B451C mov eax, dword ptr [ebp+1C]
:005000DF 8945F4 mov dword ptr [ebp-0C], eax
:005000E2 8B4510 mov eax, dword ptr [ebp+10]
:005000E5 8945E8 mov dword ptr [ebp-18], eax
====>[ebp-18]=EAX=002C86F9
:005000E8 8B4514 mov eax, dword ptr [ebp+14]
:005000EB 8945EC mov dword ptr [ebp-14], eax
:005000EE C745E001000000 mov [ebp-20], 00000001
:005000F5 C745E400000000 mov [ebp-1C], 00000000
:005000FC E986000000 jmp 00500187
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0050018B(C), :00500195(C)
|
:00500101 6A00 push 00000000
:00500103 6A02 push 00000002
:00500105 8B45E8 mov eax, dword ptr [ebp-18]
:00500108 8B55EC mov edx, dword ptr [ebp-14]
:0050010B E8505AF0FF call 00405B60
:00500110 83FA00 cmp edx, 00000000
:00500113 753E jne 00500153
:00500115 83F800 cmp eax, 00000000
:00500118 7539 jne 00500153
:0050011A 6A00 push 00000000
:0050011C 6A02 push 00000002
:0050011E 8B45E8 mov eax, dword ptr [ebp-18]
:00500121 8B55EC mov edx, dword ptr [ebp-14]
:00500124 E8BB59F0FF call 00405AE4
====>子运算CALL 1
:00500129 8945E8 mov dword ptr [ebp-18], eax
:0050012C 8955EC mov dword ptr [ebp-14], edx
:0050012F FF750C push [ebp+0C]
:00500132 FF7508 push [ebp+08]
:00500135 FF75F4 push [ebp-0C]
:00500138 FF75F0 push [ebp-10]
:0050013B 8B45F0 mov eax, dword ptr [ebp-10]
:0050013E 8B55F4 mov edx, dword ptr [ebp-0C]
:00500141 E87A59F0FF call 00405AC0
====>子运算CALL 2
:00500146 E8155AF0FF call 00405B60
====>子运算CALL 3
:0050014B 8945F0 mov dword ptr [ebp-10], eax
:0050014E 8955F4 mov dword ptr [ebp-0C], edx
:00500151 EB34 jmp 00500187
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00500113(C), :00500118(C)
|
:00500153 8B45E8 mov eax, dword ptr [ebp-18]
====>EAX=[ebp-18]=002C86F9
:00500156 8B55EC mov edx, dword ptr [ebp-14]
:00500159 83E801 sub eax, 00000001
====>EAX=002C86F9 - 1=002C86F8
:0050015C 83DA00 sbb edx, 00000000
:0050015F 8945E8 mov dword ptr [ebp-18], eax
====>[ebp-18]=EAX
:00500162 8955EC mov dword ptr [ebp-14], edx
:00500165 FF750C push [ebp+0C]
:00500168 FF7508 push [ebp+08]
:0050016B FF75E4 push [ebp-1C]
:0050016E FF75E0 push [ebp-20]
:00500171 8B45F0 mov eax, dword ptr [ebp-10]
====>EAX=[ebp-10]=0A1CE262
:00500174 8B55F4 mov edx, dword ptr [ebp-0C]
:00500177 E84459F0FF call 00405AC0
====>子运算CALL 2
:0050017C E8DF59F0FF call 00405B60
====>子运算CALL 3
:00500181 8945E0 mov dword ptr [ebp-20], eax
====>[ebp-20]=EAX=0A1CE262
====>循环结束后EAX=5D7B911B 呵呵,这就是注册码的前8位了!
:00500184 8955E4 mov dword ptr [ebp-1C], edx
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:005000FC(U), :00500151(U)
|
:00500187 837DEC00 cmp dword ptr [ebp-14], 00000000
:0050018B 0F8570FFFFFF jne 00500101
:00500191 837DE800 cmp dword ptr [ebp-18], 00000000
====>[ebp-18]=002C86F9
:00500195 0F8566FFFFFF jne 00500101
====>呵呵,疯狂循环直至002C86F9为0!
:0050019B 8B45E0 mov eax, dword ptr [ebp-20]
:0050019E 8945F8 mov dword ptr [ebp-08], eax
:005001A1 8B45E4 mov eax, dword ptr [ebp-1C]
:005001A4 8945FC mov dword ptr [ebp-04], eax
:005001A7 8B45F8 mov eax, dword ptr [ebp-08]
:005001AA 8B55FC mov edx, dword ptr [ebp-04]
:005001AD 8BE5 mov esp, ebp
:005001AF 5D pop ebp
:005001B0 C21800 ret 0018
---------------------------------------------------
进入子运算CALL 1:00500124 call 00405AE4
* Referenced by a CALL at Addresses:
|:00405C6F , :0041636F , :00500124
|
:00405AE4 55 push ebp
:00405AE5 53 push ebx
:00405AE6 56 push esi
:00405AE7 57 push edi
:00405AE8 31FF xor edi, edi
:00405AEA 8B5C2414 mov ebx, dword ptr [esp+14]
:00405AEE 8B4C2418 mov ecx, dword ptr [esp+18]
:00405AF2 09C9 or ecx, ecx
:00405AF4 7508 jne 00405AFE
:00405AF6 09D2 or edx, edx
:00405AF8 745C je 00405B56
:00405AFA 09DB or ebx, ebx
:00405AFC 7458 je 00405B56
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405AF4(C)
|
:00405AFE 09D2 or edx, edx
:00405B00 790A jns 00405B0C
:00405B02 F7DA neg edx
:00405B04 F7D8 neg eax
:00405B06 83DA00 sbb edx, 00000000
:00405B09 83CF01 or edi, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405B00(C)
|
:00405B0C 09C9 or ecx, ecx
:00405B0E 790A jns 00405B1A
:00405B10 F7D9 neg ecx
:00405B12 F7DB neg ebx
:00405B14 83D900 sbb ecx, 00000000
:00405B17 83F701 xor edi, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405B0E(C)
|
:00405B1A 89CD mov ebp, ecx
:00405B1C B940000000 mov ecx, 00000040
:00405B21 57 push edi
:00405B22 31FF xor edi, edi
:00405B24 31F6 xor esi, esi
:00405B26 D1E0 shl eax, 1
:00405B28 D1D2 rcl edx, 1
:00405B2A D1D6 rcl esi, 1
:00405B2C D1D7 rcl edi, 1
:00405B2E 39EF cmp edi, ebp
:00405B30 720B jb 00405B3D
:00405B32 7704 ja 00405B38
:00405B34 39DE cmp esi, ebx
:00405B36 7205 jb 00405B3D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405B32(C)
|
:00405B38 29DE sub esi, ebx
:00405B3A 19EF sbb edi, ebp
:00405B3C 40 inc eax
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00405B30(C), :00405B36(C)
|
:00405B3D E2E7 loop 00405B26
:00405B3F 5B pop ebx
:00405B40 F7C301000000 test ebx, 00000001
:00405B46 7407 je 00405B4F
:00405B48 F7DA neg edx
:00405B4A F7D8 neg eax
:00405B4C 83DA00 sbb edx, 00000000
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00405B46(C), :00405B5A(U)
|
:00405B4F 5F pop edi
:00405B50 5E pop esi
:00405B51 5B pop ebx
:00405B52 5D pop ebp
:00405B53 C20800 ret 0008
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00405AF8(C), :00405AFC(C)
|
:00405B56 F7F3 div ebx
:00405B58 31D2 xor edx, edx
:00405B5A EBF3 jmp 00405B4F
:00405B5C C3 ret
---------------------------------------------------
进入子运算CALL 2: call 00405AC0
* Referenced by a CALL at Addresses:
|:00405E95 , :00409F6F , :00409F89 , :00416318 , :00440B51
|:00500141 , :00500177
|
:00405AC0 52 push edx
:00405AC1 50 push eax
:00405AC2 8B442410 mov eax, dword ptr [esp+10]
:00405AC6 F72424 mul dword ptr [esp]
:00405AC9 89C1 mov ecx, eax
:00405ACB 8B442404 mov eax, dword ptr [esp+04]
:00405ACF F764240C mul [esp+0C]
:00405AD3 01C1 add ecx, eax
:00405AD5 8B0424 mov eax, dword ptr [esp]
:00405AD8 F764240C mul [esp+0C]
:00405ADC 01CA add edx, ecx
:00405ADE 59 pop ecx
:00405ADF 59 pop ecx
:00405AE0 C20800 ret 0008
---------------------------------------------------
进入子运算CALL 3: call 00405B60
* Referenced by a CALL at Addresses:
|:00405C4A , :0041638B , :0050010B , :00500146 , :0050017C
|
:00405B60 55 push ebp
:00405B61 53 push ebx
:00405B62 56 push esi
:00405B63 57 push edi
:00405B64 31FF xor edi, edi
:00405B66 8B5C2414 mov ebx, dword ptr [esp+14]
:00405B6A 8B4C2418 mov ecx, dword ptr [esp+18]
:00405B6E 09C9 or ecx, ecx
:00405B70 7508 jne 00405B7A
:00405B72 09D2 or edx, edx
:00405B74 745D je 00405BD3
:00405B76 09DB or ebx, ebx
:00405B78 7459 je 00405BD3
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405B70(C)
|
:00405B7A 09D2 or edx, edx
:00405B7C 790A jns 00405B88
:00405B7E F7DA neg edx
:00405B80 F7D8 neg eax
:00405B82 83DA00 sbb edx, 00000000
:00405B85 83CF01 or edi, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405B7C(C)
|
:00405B88 09C9 or ecx, ecx
:00405B8A 7907 jns 00405B93
:00405B8C F7D9 neg ecx
:00405B8E F7DB neg ebx
:00405B90 83D900 sbb ecx, 00000000
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405B8A(C)
|
:00405B93 89CD mov ebp, ecx
:00405B95 B940000000 mov ecx, 00000040
:00405B9A 57 push edi
:00405B9B 31FF xor edi, edi
:00405B9D 31F6 xor esi, esi
:00405B9F D1E0 shl eax, 1
:00405BA1 D1D2 rcl edx, 1
:00405BA3 D1D6 rcl esi, 1
:00405BA5 D1D7 rcl edi, 1
:00405BA7 39EF cmp edi, ebp
:00405BA9 720B jb 00405BB6
:00405BAB 7704 ja 00405BB1
:00405BAD 39DE cmp esi, ebx
:00405BAF 7205 jb 00405BB6
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405BAB(C)
|
:00405BB1 29DE sub esi, ebx
:00405BB3 19EF sbb edi, ebp
:00405BB5 40 inc eax
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00405BA9(C), :00405BAF(C)
|
:00405BB6 E2E7 loop 00405B9F
:00405BB8 89F0 mov eax, esi
:00405BBA 89FA mov edx, edi
:00405BBC 5B pop ebx
:00405BBD F7C301000000 test ebx, 00000001
:00405BC3 7
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据
人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>