CM 有人玩吗?
本帖最后由 UnRegister 于 2013-5-16 17:59 编辑+++++++++++++++++++++++++++++
又到了一个失眠的夜,等待你!来!!!!
大爷来嘛。玩一把,不要钱,锻炼身体啦!
+++++++++++++++++++++++++++++++++
更新文件:
深夜的沙发极度好做!! 83 7D D8 01
cmp dword ptr , 1
表示弱智!解不出! 本帖最后由 fywy 于 2013-5-16 09:03 编辑
算法部分:
00402908|> /837D EC FF /cmp ,-0x1
0040290C|. |0F84 A0010000 |je CM_by破?00402AB2
00402912|. |8D45 E0 |lea eax,
00402915|. |8BD8 |mov ebx,eax
00402917|. |B9 01000000 |mov ecx,0x1
0040291C|> |51 |/push ecx
0040291D|. |53 ||push ebx
0040291E|. |890B ||mov dword ptr ds:,ecx
00402920|. |83F9 10 ||cmp ecx,0x10
00402923|. |0F8F F0000000 ||jg CM_by破?00402A19
00402929|. |8B5D DC ||mov ebx,
0040292C|. |E8 E2F1FFFF ||call CM_by破?00401B13
00402931|. |53 ||push ebx
00402932|. |51 ||push ecx
00402933|. |8B45 E0 ||mov eax,
00402936|. |48 ||dec eax
00402937|. |79 0D ||jns XCM_by破?00402946
00402939|. |68 04000000 ||push 0x4
0040293E|. |E8 B8240000 ||call CM_by破?00404DFB
00402943|. |83C4 04 ||add esp,0x4
00402946|> |59 ||pop ecx
00402947|. |5B ||pop ebx
00402948|. |3BC1 ||cmp eax,ecx
0040294A|. |7C 0D ||jl XCM_by破?00402959
0040294C|. |68 01000000 ||push 0x1
00402951|. |E8 A5240000 ||call CM_by破?00404DFB
00402956|. |83C4 04 ||add esp,0x4
00402959|> |C1E0 02 ||shl eax,0x2
0040295C|. |03D8 ||add ebx,eax
0040295E|. |895D C8 ||mov ,ebx
00402961|. |68 010300A0 ||push 0xA0000301
00402966|. |6A 00 ||push 0x0
00402968|. |8D45 EC ||lea eax,
0040296B|. |50 ||push eax
0040296C|. |68 01030080 ||push 0x80000301
00402971|. |6A 00 ||push 0x0
00402973|. |68 03000000 ||push 0x3
00402978|. |68 05000080 ||push 0x80000005
0040297D|. |6A 00 ||push 0x0
0040297F|. |8B5D 0C ||mov ebx,
00402982|. |8B03 ||mov eax,dword ptr ds:
00402984|. |85C0 ||test eax,eax
00402986|. |75 05 ||jnz XCM_by破?0040298D
00402988|. |B8 D72F4700 ||mov eax,CM_by破?00472FD7
0040298D|> |50 ||push eax
0040298E|. |68 03000000 ||push 0x3
00402993|. |BB 10564000 ||mov ebx,CM_by破?00405610
00402998|. |E8 64240000 ||call CM_by破?00404E01
0040299D|. |83C4 28 ||add esp,0x28
004029A0|. |8945 BC ||mov ,eax
004029A3|. |8955 C0 ||mov ,edx
004029A6|. |894D C4 ||mov ,ecx
004029A9|. |8B4D C4 ||mov ecx,
004029AC|. |8B55 C0 ||mov edx,
004029AF|. |8B45 BC ||mov eax,
004029B2|. |81F9 01010080 ||cmp ecx,0x80000101 ;Switch (cases 80000101..80000601)
004029B8|. |75 07 ||jnz XCM_by破?004029C1
004029BA|. |25 FF000000 ||and eax,0xFF ;Case 80000101 of switch 004029B2
004029BF|. |EB 4B ||jmp XCM_by破?00402A0C
004029C1|> |81F9 01020080 ||cmp ecx,0x80000201
004029C7|. |75 03 ||jnz XCM_by破?004029CC
004029C9|. |98 ||cwde ;Case 80000201 of switch 004029B2
004029CA|. |EB 40 ||jmp XCM_by破?00402A0C
004029CC|> |81F9 01030080 ||cmp ecx,0x80000301
004029D2|. |74 38 ||je XCM_by破?00402A0C
004029D4|. |81F9 01040080 ||cmp ecx,0x80000401
004029DA|. |74 30 ||je XCM_by破?00402A0C
004029DC|. |8945 B4 ||mov ,eax
004029DF|. |81F9 01050080 ||cmp ecx,0x80000501
004029E5|. |74 15 ||je XCM_by破?004029FC
004029E7|. |81F9 01060080 ||cmp ecx,0x80000601
004029ED|. |74 12 ||je XCM_by破?00402A01
004029EF|. |68 02000000 ||push 0x2 ;Default case of switch 004029B2
004029F4|. |E8 02240000 ||call CM_by破?00404DFB
004029F9|. |83C4 04 ||add esp,0x4
004029FC|> |D945 B4 ||fld ;Case 80000501 of switch 004029B2
004029FF|. |EB 06 ||jmp XCM_by破?00402A07
00402A01|> |8955 B8 ||mov ,edx ;Case 80000601 of switch 004029B2
00402A04|. |DD45 B4 ||fld qword ptr ss:
00402A07|> |E8 82EBFFFF ||call CM_by破?0040158E
00402A0C|> |8B5D C8 ||mov ebx, ;Cases 80000301,80000401 of switch 004029B2
00402A0F|. |8903 ||mov dword ptr ds:,eax
00402A11|. |5B ||pop ebx
00402A12|. |59 ||pop ecx
00402A13|. |41 ||inc ecx
00402A14|.^|E9 03FFFFFF |\jmp CM_by破?0040291C
00402A19|> |83C4 08 |add esp,0x8
00402A1C|. |8B45 FC |mov eax,
00402A1F|. |8945 D8 |mov ,eax
00402A22|. |8B45 F8 |mov eax,
00402A25|. |8945 D4 |mov ,eax
00402A28|. |8B45 F4 |mov eax,
00402A2B|. |8945 D0 |mov ,eax
00402A2E|. |8B45 F0 |mov eax,
00402A31|. |8945 CC |mov ,eax
00402A34|. |8D45 DC |lea eax,
00402A37|. |50 |push eax
00402A38|. |8D45 CC |lea eax,
00402A3B|. |50 |push eax
00402A3C|. |8D45 D0 |lea eax,
00402A3F|. |50 |push eax
00402A40|. |8D45 D4 |lea eax,
00402A43|. |50 |push eax
00402A44|. |8D45 D8 |lea eax,
00402A47|. |50 |push eax
00402A48|. |FF75 08 |push
00402A4B|. |8B0424 |mov eax,dword ptr ss:
00402A4E|. |8B00 |mov eax,dword ptr ds:
00402A50|. |8B00 |mov eax,dword ptr ds:
00402A52|. |FF50 44 |call dword ptr ds:
00402A55|. |FF75 D8 |push
00402A58|. |FF75 FC |push
00402A5B|. |FF75 08 |push
00402A5E|. |8B0424 |mov eax,dword ptr ss:
00402A61|. |8B00 |mov eax,dword ptr ds:
00402A63|. |8B00 |mov eax,dword ptr ds:
00402A65|. |FF50 14 |call dword ptr ds:
00402A68|. |8945 FC |mov ,eax
00402A6B|. |FF75 D4 |push
00402A6E|. |FF75 F8 |push
00402A71|. |FF75 08 |push
00402A74|. |8B0424 |mov eax,dword ptr ss:
00402A77|. |8B00 |mov eax,dword ptr ds:
00402A79|. |8B00 |mov eax,dword ptr ds:
00402A7B|. |FF50 14 |call dword ptr ds:
00402A7E|. |8945 F8 |mov ,eax
00402A81|. |FF75 D0 |push
00402A84|. |FF75 F4 |push
00402A87|. |FF75 08 |push
00402A8A|. |8B0424 |mov eax,dword ptr ss:
00402A8D|. |8B00 |mov eax,dword ptr ds:
00402A8F|. |8B00 |mov eax,dword ptr ds:
00402A91|. |FF50 14 |call dword ptr ds:
00402A94|. |8945 F4 |mov ,eax
00402A97|. |FF75 CC |push
00402A9A|. |FF75 F0 |push
00402A9D|. |FF75 08 |push
00402AA0|. |8B0424 |mov eax,dword ptr ss:
00402AA3|. |8B00 |mov eax,dword ptr ds:
00402AA5|. |8B00 |mov eax,dword ptr ds:
00402AA7|. |FF50 14 |call dword ptr ds:
00402AAA|. |8945 F0 |mov ,eax
00402AAD|.^\E9 56FEFFFF \jmp CM_by破?00402908
00402AB2|>FF75 FC push
00402AB5|.FF75 08 push
00402AB8|.8B0424 mov eax,dword ptr ss:
00402ABB|.8B00 mov eax,dword ptr ds:
00402ABD|.8B00 mov eax,dword ptr ds:
00402ABF|.FF50 1C call dword ptr ds:
00402AC2|.8945 C8 mov ,eax
00402AC5|.FF75 F8 push
00402AC8|.FF75 08 push
00402ACB|.8B0424 mov eax,dword ptr ss:
00402ACE|.8B00 mov eax,dword ptr ds:
00402AD0|.8B00 mov eax,dword ptr ds:
00402AD2|.FF50 1C call dword ptr ds:
主要看几个call的算法及取数
452F9EEE5D001588A6972126A3673AC6
D3Z452F9EEE5D001588A6972126A3673AC6
D3Z452F9EEE5D001588A6972126A3673AC6E55
爆破关键:
本帖最后由 NanQiao 于 2013-5-16 09:52 编辑
鱼油路过!!! 本帖最后由 刹话 于 2013-5-16 11:10 编辑
做了个内存注册机