XXXXX转换大师 算法分析 菜鸟找自信:)
【文章标题】: XXXXX转换大师 算法分析 菜鸟找自信:)【文章作者】: wuhanqi
【软件名称】: 都说了只是找自信而已!
【下载地址】: 自己搜索下载
【使用工具】: PEiD,OD.
【作者声明】: 菜鸟一个..
--------------------------------------------------------------------------------
【详细过程】
004BF640/$55 PUSH EBP
004BF641|.8BEC MOV EBP,ESP
004BF643|.51 PUSH ECX
004BF644|.B9 04000000 MOV ECX,4
004BF649|>6A 00 /PUSH 0
004BF64B|.6A 00 |PUSH 0
004BF64D|.49 |DEC ECX
004BF64E|.^ 75 F9 \JNZ SHORT 004BF649
004BF650|.51 PUSH ECX
004BF651|.874D FC XCHG DWORD PTR SS:,ECX
004BF654|.53 PUSH EBX
004BF655|.56 PUSH ESI
004BF656|.57 PUSH EDI
004BF657|.8BF9 MOV EDI,ECX
004BF659|.8955 FC MOV DWORD PTR SS:,EDX
004BF65C|.8B45 FC MOV EAX,DWORD PTR SS:
004BF65F|.E8 3858F4FF CALL 00404E9C
004BF664|.33C0 XOR EAX,EAX
004BF666|.55 PUSH EBP
004BF667|.68 01F84B00 PUSH 004BF801
004BF66C|.64:FF30 PUSH DWORD PTR FS:
004BF66F|.64:8920 MOV DWORD PTR FS:,ESP
004BF672|.8BC7 MOV EAX,EDI
004BF674|.E8 7353F4FF CALL 004049EC
004BF679|.8B45 FC MOV EAX,DWORD PTR SS: ;用户名到eax
004BF67C|.E8 2B56F4FF CALL 00404CAC ;算用户名位数
004BF681|.8BF0 MOV ESI,EAX ;位数到esi
004BF683|.85F6 TEST ESI,ESI ;是否输入。没输入就跳。
004BF685|.7E 26 JLE SHORT 004BF6AD
004BF687|.BB 01000000 MOV EBX,1 ;ebx=1
004BF68C|>8D4D EC /LEA ECX,DWORD PTR SS:
004BF68F|.8B45 FC |MOV EAX,DWORD PTR SS: ;用户名到eax
004BF692|.0FB64418 FF |MOVZX EAX,BYTE PTR DS: ;逐位取用户名ASCII码
004BF697|.33D2 |XOR EDX,EDX
004BF699|.E8 6AABF4FF |CALL 0040A208 ;把ASCII码放到堆栈里
004BF69E|.8B55 EC |MOV EDX,DWORD PTR SS:
004BF6A1|.8D45 F8 |LEA EAX,DWORD PTR SS:
004BF6A4|.E8 0B56F4FF |CALL 00404CB4 ;把ASCII码首尾相连,结果记为A
004BF6A9|.43 |INC EBX
004BF6AA|.4E |DEC ESI
004BF6AB|.^ 75 DF \JNZ SHORT 004BF68C
004BF6AD|>8B45 F8 MOV EAX,DWORD PTR SS: ;A到eax
004BF6B0|.E8 F755F4FF CALL 00404CAC ;计算A的位数到eax
004BF6B5|.8BF0 MOV ESI,EAX ;eax到esi
004BF6B7|.85F6 TEST ESI,ESI ;比较是否大于零
004BF6B9|.7E 2C JLE SHORT 004BF6E7
004BF6BB|.BB 01000000 MOV EBX,1 ;ebx=1
004BF6C0|>8B45 F8 /MOV EAX,DWORD PTR SS: ;A到eax
004BF6C3|.E8 E455F4FF |CALL 00404CAC
004BF6C8|.2BC3 |SUB EAX,EBX ;eax-ebx
004BF6CA|.8B55 F8 |MOV EDX,DWORD PTR SS: ;从最后一位开始逐位取ASCII码
004BF6CD|.8A1402 |MOV DL,BYTE PTR DS:
004BF6D0|.8D45 E8 |LEA EAX,DWORD PTR SS:
004BF6D3|.E8 FC54F4FF |CALL 00404BD4 ;取得的ASCII码到堆栈里了
004BF6D8|.8B55 E8 |MOV EDX,DWORD PTR SS:
004BF6DB|.8D45 F4 |LEA EAX,DWORD PTR SS:
004BF6DE|.E8 D155F4FF |CALL 00404CB4 ;把取到的ASCII码倒序排列
004BF6E3|.43 |INC EBX
004BF6E4|.4E |DEC ESI
004BF6E5|.^ 75 D9 \JNZ SHORT 004BF6C0
004BF6E7|>8D45 F8 LEA EAX,DWORD PTR SS:
004BF6EA|.50 PUSH EAX
004BF6EB|.B9 04000000 MOV ECX,4 ;ecx=4
004BF6F0|.BA 01000000 MOV EDX,1 ;edx=1
004BF6F5|.8B45 F4 MOV EAX,DWORD PTR SS: ;倒序好的ASCII码到eax
004BF6F8|.E8 0F58F4FF CALL 00404F0C ;取其前四位
004BF6FD|.8D45 F4 LEA EAX,DWORD PTR SS:
004BF700|.50 PUSH EAX
004BF701|.B9 04000000 MOV ECX,4 ;ecx=4
004BF706|.BA 05000000 MOV EDX,5 ;edx=5
004BF70B|.8B45 F4 MOV EAX,DWORD PTR SS: ;倒序好的ASCII码到eax
004BF70E|.E8 F957F4FF CALL 00404F0C ;取其从第五位开始的四位
004BF713|.8B45 F8 MOV EAX,DWORD PTR SS: ;1-4位入栈
004BF716|.E8 9155F4FF CALL 00404CAC ;计算位数
004BF71B|.83F8 04 CMP EAX,4 ;看看是不是四位
004BF71E|.7D 2F JGE SHORT 004BF74F ;是的话就闪人
004BF720|.8B45 F8 MOV EAX,DWORD PTR SS:
004BF723|.E8 8455F4FF CALL 00404CAC
004BF728|.8BD8 MOV EBX,EAX
004BF72A|.83FB 03 CMP EBX,3
004BF72D|.7F 20 JG SHORT 004BF74F
004BF72F|>8D4D E4 /LEA ECX,DWORD PTR SS:
004BF732|.8BC3 |MOV EAX,EBX
004BF734|.C1E0 02 |SHL EAX,2
004BF737|.33D2 |XOR EDX,EDX
004BF739|.E8 CAAAF4FF |CALL 0040A208
004BF73E|.8B55 E4 |MOV EDX,DWORD PTR SS:
004BF741|.8D45 F8 |LEA EAX,DWORD PTR SS:
004BF744|.E8 6B55F4FF |CALL 00404CB4
004BF749|.43 |INC EBX
004BF74A|.83FB 04 |CMP EBX,4
004BF74D|.^ 75 E0 \JNZ SHORT 004BF72F
004BF74F|>8B45 F4 MOV EAX,DWORD PTR SS: ;取其5-9位
004BF752|.E8 5555F4FF CALL 00404CAC ;计算位数
004BF757|.83F8 04 CMP EAX,4 ;看看是不是四位
004BF75A|.7D 2F JGE SHORT 004BF78B ;是的话就闪人
004BF75C|.8B45 F4 MOV EAX,DWORD PTR SS:
004BF75F|.E8 4855F4FF CALL 00404CAC
004BF764|.8BD8 MOV EBX,EAX
004BF766|.83FB 03 CMP EBX,3
004BF769|.7F 20 JG SHORT 004BF78B
004BF76B|>8D4D E0 /LEA ECX,DWORD PTR SS:
004BF76E|.8BC3 |MOV EAX,EBX
004BF770|.C1E0 02 |SHL EAX,2
004BF773|.33D2 |XOR EDX,EDX
004BF775|.E8 8EAAF4FF |CALL 0040A208
004BF77A|.8B55 E0 |MOV EDX,DWORD PTR SS:
004BF77D|.8D45 F4 |LEA EAX,DWORD PTR SS:
004BF780|.E8 2F55F4FF |CALL 00404CB4
004BF785|.43 |INC EBX
004BF786|.83FB 04 |CMP EBX,4
004BF789|.^ 75 E0 \JNZ SHORT 004BF76B
004BF78B|>8D45 F0 LEA EAX,DWORD PTR SS:
004BF78E|.BA 18F84B00 MOV EDX,004BF818 ;出现固定字串"lenomp4888"
004BF793|.E8 EC52F4FF CALL 00404A84 ;压栈了
004BF798|.8D45 DC LEA EAX,DWORD PTR SS:
004BF79B|.50 PUSH EAX
004BF79C|.B9 04000000 MOV ECX,4
004BF7A1|.BA 01000000 MOV EDX,1
004BF7A6|.8B45 F0 MOV EAX,DWORD PTR SS:
004BF7A9|.E8 5E57F4FF CALL 00404F0C ;代码差不多.取固定字串1-4位
004BF7AE|.FF75 DC PUSH DWORD PTR SS: ;压栈
004BF7B1|.68 2CF84B00 PUSH 004BF82C ;压固定字符"-"
004BF7B6|.FF75 F8 PUSH DWORD PTR SS: ;压倒序好的ASCII码1-4位入栈
004BF7B9|.8D45 D8 LEA EAX,DWORD PTR SS:
004BF7BC|.50 PUSH EAX
004BF7BD|.B9 05000000 MOV ECX,5
004BF7C2|.BA 05000000 MOV EDX,5
004BF7C7|.8B45 F0 MOV EAX,DWORD PTR SS:
004BF7CA|.E8 3D57F4FF CALL 00404F0C ;取固定字串5-9位
004BF7CF|.FF75 D8 PUSH DWORD PTR SS: ;压栈
004BF7D2|.68 2CF84B00 PUSH 004BF82C ;压固定字符"-"
004BF7D7|.FF75 F4 PUSH DWORD PTR SS: ;压倒序好的ASCII码5-9位入栈
004BF7DA|.8BC7 MOV EAX,EDI
004BF7DC|.BA 06000000 MOV EDX,6
004BF7E1|.E8 8655F4FF CALL 00404D6C ;相连就是正确注册码.
004BF7E6|.33C0 XOR EAX,EAX
004BF7E8|.5A POP EDX
004BF7E9|.59 POP ECX
004BF7EA|.59 POP ECX
004BF7EB|.64:8910 MOV DWORD PTR FS:,EDX
004BF7EE|.68 08F84B00 PUSH 004BF808
004BF7F3|>8D45 D8 LEA EAX,DWORD PTR SS:
004BF7F6|.BA 0A000000 MOV EDX,0A
004BF7FB|.E8 1052F4FF CALL 00404A10
004BF800\.C3 RETN
004BF801 .^ E9 464BF4FF JMP 0040434C
004BF806 .^ EB EB JMP SHORT 004BF7F3
004BF808 .5F POP EDI
004BF809 .5E POP ESI
004BF80A .5B POP EBX
004BF80B .8BE5 MOV ESP,EBP
004BF80D .5D POP EBP
004BF80E .C3 RETN
【经验总结】
这么简单的算法..纯粹找自信用..
论坛积分规则变了..NEWbie日子苦咯..
--------------------------------------------------------------------------------
【版权声明】: 没啥版权...
2009年07月29日 23:56:45 不是视频转换大师把,呵呵,没有看到好多jmp么 偶来学习的想楼主致敬
页:
[1]