好友
阅读权限10
听众
最后登录1970-1-1
|
本帖最后由 torjan 于 2011-11-19 15:41 编辑
这是别人求破解的一个段函数,耐心看了很久终于写出源代码了,错误之处请指出。(原帖地址http://www.52pojie.cn/thread-119571-1-1.html)004096E0 /$ 55 push ebp
004096E1 |. 8BEC mov ebp,esp
004096E3 |. 83EC 0C sub esp,0xC //int i, j;
004096E6 |. 33D2 xor edx,edx //val = 0;
004096E8 |. 53 push ebx
004096E9 |. 57 push edi
004096EA |. 3BC2 cmp eax,edx
004096EC |. 0F84 09010000 je Lstj.004097FB //if(arg3 == NULL) return 0;我们把eax看作arg3
004096F2 |. 8BC8 mov ecx,eax
004096F4 |. 8D79 01 lea edi,dword ptr ds:[ecx+0x1]
004096F7 |> 8A19 / mov bl,byte ptr ds:[ecx]
004096F9 |. 41 | inc ecx
004096FA |. 84DB | test bl,bl
004096FC |.^ 75 F9 \ jnz XLstj.004096F7
004096FE |. 2BCF sub ecx,edi
00409700 |. 83F9 01 cmp ecx,0x1
00409703 |. 0F82 F2000000 jb Lstj.004097FB //if (strlen(arg3) == 0) return 0;
00409709 |. 56 push esi
0040970A |. 33F6 xor esi,esi //k = 0;
0040970C |. 8955 F8 mov [local.2],edx //j = 0;
0040970F |. 3955 08 cmp [arg.1],edx
00409712 |. 0F84 DA000000 je Lstj.004097F2 //if (arg1 == NULL) return 0;
00409718 |. 8B4D 0C mov ecx,[arg.2]
0040971B |. 3BCA cmp ecx,edx
0040971D |. 0F84 CF000000 je Lstj.004097F2 //if (arg2 == NULL) return 0;
00409723 |. 8955 FC mov [local.1],edx //i = 0;
00409726 |. 8D79 01 lea edi,dword ptr ds:[ecx+0x1]
00409729 |. 8DA424 000000>lea esp,dword ptr ss:[esp]
00409730 |> 8A19 / mov bl,byte ptr ds:[ecx]
00409732 |. 41 | inc ecx
00409733 |. 84DB | test bl,bl
00409735 |.^ 75 F9 \ jnz XLstj.00409730
00409737 |. 2BCF sub ecx,edi
00409739 |. 0F84 A2000000 je Lstj.004097E1 //if (strlen(arg2) == 0) {arg1[j] = 0; return 0;}
0040973F |. 90 nop
00409740 |> 8B7D FC / mov edi,[local.1]
00409743 |. 8B5D 0C | mov ebx,[arg.2]
00409746 |. 8A1C1F | mov bl,byte ptr ds:[edi+ebx] // arg2[i]
00409749 |. B9 A8374700 | mov ecx,Lstj.004737A8 //全局字符串变量:g_str ; ASCII "123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz[]"
0040974E |. 80FB 30 | cmp bl,0x30
00409751 |. 74 05 | je XLstj.00409758
00409753 |> 41 |/ inc ecx
00409754 |. 3819 || cmp byte ptr ds:[ecx],bl
00409756 |.^ 75 FB |\ jnz XLstj.00409753 //在全局变量g_str中寻找arg2[i]的位置,我们记为 pos
00409758 |> 83E7 03 | and edi,0x3
0040975B |. 74 37 | je XLstj.00409794 // if (i % 4 == 0)
0040975D |. 0FBE1C06 | movsx ebx,byte ptr ds:[esi+eax] //arg3[k]
00409761 |. 81EB A8374700 |sub ebx,Lstj.004737A8 ; ASCII "123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz[]"
00409767 |. 03D9 | add ebx,ecx // arg3[k] + pos
00409769 |. B9 04000000 |mov ecx,0x4
0040976E |. 2BCF | sub ecx,edi // 4 - i%4
00409770 |. 83E3 3F | and ebx,0x3F // (arg3[k] + pos) & 63
00409773 |. 03C9 add ecx,ecx //(4 - i%4)*2
00409775 |. D3E3 shl ebx,cl // [(arg3[k] + pos) & 63] << [(4 - i%4)*2]
00409777 |. 46 | inc esi //k++
00409778 |. 0BD3 | or edx,ebx // val = val | ( [(arg3[k] + pos) & 63] << [(4 - i%4)*2] )
0040977A |. 803C06 00 | cmp byte ptr ds:[esi+eax],0x0
0040977E |. 75 02 | jnz XLstj.00409782
00409780 |. 33F6 | xor esi,esi // if (arg3[k] == 0) k = 0;
00409782 |> 8B4D F8 | mov ecx,[local.2]
00409785 |. 8B7D 08 | mov edi,[arg.1]
00409788 |. 881439 | mov byte ptr ds:[ecx+edi],dl //arg1[j] = val;
0040978B |. 41 | inc ecx
0040978C |. 894D F8 | mov [local.2],ecx // j++
0040978F |. C1EA 08 | shr edx,0x8 //val = 0;
00409792 |. EB 18 | jmp XLstj.004097AC
00409794 |> 0FBE1406 | movsx edx,byte ptr ds:[esi+eax] // arg3[k];
00409798 |. 81EA A8374700 |sub edx,Lstj.004737A8 ; ASCII "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz[]"
0040979E |. 03D1 | add edx,ecx // arg3[k] + pos
004097A0 |. 46 | inc esi // k++
004097A1 |. 83E2 3F | and edx,0x3F // val = (arg3[k] + pos)& 63;
004097A4 |. 803C06 00 | cmp byte ptr ds:[esi+eax],0x0
004097A8 |. 75 02 | jnz XLstj.004097AC
004097AA |. 33F6 | xor esi,esi // if(arg3[k] == 0) k = 0;
004097AC |> 8B4D 0C | mov ecx,[arg.2]
004097AF |. FF45 FC | inc [local.1] //i++
004097B2 |. 8D79 01 | lea edi,dword ptr ds:[ecx+0x1]
004097B5 |> 8A19 |/ mov bl,byte ptr ds:[ecx]
004097B7 |. 41 | |inc ecx
004097B8 |. 84DB || test bl,bl
004097BA |.^ 75 F9 |\ jnz XLstj.004097B5
004097BC |. 2BCF | sub ecx,edi
004097BE |. 394D FC | cmp [local.1],ecx
004097C1 |.^ 0F82 79FFFFFF \jb Lstj.00409740 //if (i < strlen(arg2))
004097C7 |. 85D2 test edx,edx
004097C9 |. 74 16 je XLstj.004097E1
004097CB |. 8B45 F8 mov eax,[local.2]
004097CE |. 8B4D 08 mov ecx,[arg.1]
004097D1 |. 881408 mov byte ptr ds:[eax+ecx],dl //arg1[j] = val;
004097D4 |. 5E pop esi
004097D5 |. 40 inc eax
004097D6 |. 8BD1 mov edx,ecx
004097D8 |. 5F pop edi
004097D9 |. 881C10 mov byte ptr ds:[eax+edx],bl //arg1[j+1] = 0;
004097DC |. 5B pop ebx
004097DD |. 8BE5 mov esp,ebp
004097DF |. 5D pop ebp
004097E0 |. C3 retn
004097E1 |> 8B45 F8 mov eax,[local.2]
004097E4 |. 8B55 08 mov edx,[arg.1]
004097E7 |. 5E pop esi
004097E8 |. 5F pop edi
004097E9 |. C60410 00 mov byte ptr ds:[eax+edx],0x0
004097ED |. 5B pop ebx
004097EE |. 8BE5 mov esp,ebp
004097F0 |. 5D pop ebp
004097F1 |. C3 retn //arg1[j] = 0; return 0;
004097F2 |> 5E pop esi
004097F3 |. 5F pop edi
004097F4 |. 33C0 xor eax,eax
004097F6 |. 5B pop ebx
004097F7 |. 8BE5 mov esp,ebp
004097F9 |. 5D pop ebp
004097FA |. C3 retn //return 0;
004097FB |> 5F pop edi
004097FC |. 33C0 xor eax,eax
004097FE |. 5B pop ebx
004097FF |. 8BE5 mov esp,ebp
00409801 |. 5D pop ebp
00409802 \. C3 retn //return 0;
由于只有这段函数,不能得到原来的软件,个人猜测应该都是ASCII "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz[]"
根据分析,用C写了源代码char g_str[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz[]";
int Function1(char *arg1, char *arg2, char *agr3)
{
int j, i, k, val, pos;
j = 0;
i = 0;
k = 0;
val = 0;
pos = 0;
if (arg3 == NULL
|| strlen(arg3) == 0
|| arg1 == NULL
|| arg2 == NULL)
return 0;
if (strlen(arg2) == 0)
{
arg1[j] = 0;
return 0;
}
do
{
pos = Function2(arg2[i]);
if (i % 4 == 0)
{
val = (arg3[k] + pos)&63;
if (arg3[++k] == 0)
k = 0;
}
else
{
val |= ( ((arg3[k] + pos)&63 ) << ( (4 - i%4)*2 ) );
if (arg3[++k] == 0)
k = 0;
arg1[j++] = val;
val = 0;
}
i++;
}while(i < strlen(arg2));
if (val != 0)
arg1[j++] = val;
arg1[j] = 0;
return j;
}
int Function2(char str)
{
int i = 0;
while(str != g_str[i])
i++;
return i;
}
还有就是我想请问下,发帖代码怎么编辑格式才不会乱?
|
免费评分
-
查看全部评分
|
发表于 2011-11-19 15:36
|
发表于 2011-11-21 09:24
发表于 2011-11-27 17:49
