kkbblzq的CM简单分析
【文章标题】kkbblzq的CM简单分析【作者名称】samisgod
【电子邮箱】21gh@163.com
【个人主页】http://svcore.com
【QQ 号码】21519897
【下载地址】http://bbs.52pojie.cn/viewthread.php?tid=39222
取特征码
00401F0B|> \6A FF push -1
00401F0D|.6A 08 push 8
00401F0F|.68 0C000116 push 1601000C
00401F14|.68 02000152 push 52010002
00401F19|.E8 FD1C0000 call 00403C1B ;
00401F1E|.83C4 10 add esp,10
00401F21|.8945 E0 mov ,eax
00401F24|.6A 01 push 1 ; /Arg3 = 00000001
00401F26|.8D45 E4 lea eax, ; |
00401F29|.50 push eax ; |Arg2 = FFFFFFFF
00401F2A|.8D45 E0 lea eax, ; |
00401F2D|.50 push eax ; |Arg1 = FFFFFFFF
00401F2E|.E8 600C0000 call 00402B93 ; \取特征字转换后,本机得1334219047
计算-1 (得注册码)
00401F9B|.8945 E4 mov ,eax
00401F9E|.8955 E8 mov ,edx
00401FA1|.DD45 E4 fld qword ptr ss: ;特征码(1334219047)
00401FA4|.DC05 DE0E4700 fadd qword ptr ds: ;+49346
00401FAA|.DD5D DC fstp qword ptr ss:
00401FAD|.DD45 DC fld qword ptr ss:
00401FB0|.DC25 E60E4700 fsub qword ptr ds: ;-12
00401FB6|.DD5D D4 fstp qword ptr ss:
00401FB9|.DD45 D4 fld qword ptr ss:
00401FBC|.DC05 EE0E4700 fadd qword ptr ds: ;+87856
00401FC2|.DD5D CC fstp qword ptr ss:
00401FC5|.DD45 CC fld qword ptr ss:
00401FC8|.DC25 F60E4700 fsub qword ptr ds: ;-56511
00401FCE|.DD5D C4 fstp qword ptr ss:
00401FD1|.DD45 C4 fld qword ptr ss:
00401FD4|.DC05 FE0E4700 fadd qword ptr ds: ;+587766
00401FDA|.DD5D BC fstp qword ptr ss:
00401FDD|.DD45 BC fld qword ptr ss:
00401FE0|.DC25 060F4700 fsub qword ptr ds: ;-11744
00401FE6|.DD5D B4 fstp qword ptr ss:
00401FE9|.DD45 B4 fld qword ptr ss: ;(整合后为+656701)
00401FEC >|.E8 F7F1FFFF call 004011E8 ;lzq_CM_-.004011E8
00401FF1|.A3 9CDD4900 mov dword ptr ds:,eax
00401FF6|.68 01030080 push 80000301
00401FFB|.6A 00 push 0
00401FFD|.FF35 9CDD4900 push dword ptr ds:
00402003|.68 01000000 push 1
00402008|.BB F0474000 mov ebx,4047F0
0040200D|.E8 031C0000 call 00403C15 ;转字串(1334875748)
00402012|.83C4 10 add esp,10 ;记为code1
00402064|> \50 push eax
00402065|.68 01000000 push 1
0040206A|.B8 01000000 mov eax,1
0040206F|.BB 70C54400 mov ebx,44C570
00402074|.E8 BA1B0000 call 00403C33 ;MD5(code1)
00402079|.83C4 10 add esp,10 ;记为MD5n1
00402106|> \50 push eax
00402107|.68 01000000 push 1
0040210C|.B8 01000000 mov eax,1
00402111|.BB 70C54400 mov ebx,44C570
00402116|.E8 181B0000 call 00403C33 ;MD5(1334219047)
0040211B|.83C4 10 add esp,10 ;记为MD5n2
0040211E|.8945 D4 mov ,eax
00402121|.8B5D D8 mov ebx, ;lzq_CM_-.004A9ED8
00402124|.85DB test ebx,ebx
00402126|.74 09 je short 00402131 ;lzq_CM_-.00402131
00402128|.53 push ebx
00402129|.E8 DB1A0000 call 00403C09 ;lzq_CM_-.00403C09
0040212E|.83C4 04 add esp,4
00402131|>FF75 D4 push ; /Arg2 = 00A357F8 ASCII "d鮃"
00402134|.FF75 E0 push ; |Arg1 = 004A9ED8
00402137|.B9 02000000 mov ecx,2 ; |
0040213C >|.E8 2EEFFFFF call 0040106F ; \MD5拼接
00402141|.83C4 08 add esp,8 ;得MD5n1+MD5n2
00402144|.8945 D0 mov ,eax
计算2 (得验证码)
004021A3|.8945 E4 mov ,eax
004021A6|.8955 E8 mov ,edx
004021A9|.DD45 E4 fld qword ptr ss: ;code1
004021AC >|.DC05 0E0F4700 fadd qword ptr ds: ;+4626
004021B2|.DD5D DC fstp qword ptr ss:
004021B5|.DD45 DC fld qword ptr ss:
004021B8|.DC25 160F4700 fsub qword ptr ds: ;-65
004021BE|.DD5D D4 fstp qword ptr ss: ;(+4561)
004021C1|.68 01060080 push 80000601
004021C6|.FF75 D8 push ;lzq_CM_-.004A9ED8
004021C9|.FF75 D4 push
004021CC|.68 01000000 push 1
004021D1|.BB F0474000 mov ebx,4047F0
004021D6|.E8 3A1A0000 call 00403C15 ;转字符串
0040222D|> \50 push eax
0040222E|.68 01000000 push 1
00402233|.B8 01000000 mov eax,1
00402238|.BB 70C54400 mov ebx,44C570
0040223D|.E8 F1190000 call 00403C33 ;MD5(code2)
00402242|.83C4 10 add esp,10
总体上讲难度比较低,适合新手练手之用
不再多做解释,相信都能看懂
页:
[1]