好友
阅读权限10
听众
最后登录1970-1-1
|
冰河洗剑
发表于 2012-1-3 00:58
【文章标题】: 一款网页模板小偷软件的注册分析(算法+注册机源码)
【文章作者】: suredwang
【作者邮箱】: suredwang@126.com
【软件名称】: 网页模板小偷
【软件大小】: 865KB
【下载地址】: 自己搜索下载
【加壳方式】: ASPack 2.12 -> Alexey Solodovnikov
【保护方式】: 加壳外加机器码多重注册
【编写语言】: Microsoft Visual C++ 6.0
【使用工具】: OD PEID AspackDie1.41
【操作平台】: windowXP
【软件介绍】: 只需输入单个网页的URL地址,即可在C盘生成对应文件
【作者声明】: 本人实在是个小小菜鸟,只是感兴趣,研究各种加密软件方法,没有其他目的。失误之处敬请诸位大侠赐教! 这是本人第一次发主帖,好多规则不懂,错误难免,请大家多多包涵!
--------------------------------------------------------------------------------
【详细过程】
分析说明:ASPack 2.12的壳用ESP定律就可以简单脱之,本人因时间关系直接借用大侠的脱壳工具AspackDie1.41脱之试运行正常,用PEID再查发现是用Microsoft Visual C++ 6.0语言编写
打开程序点注册软件,在注册码处任意输入字符点注册按钮出现“注册失败”提示框,然后用OD载入如下
004D8AC3 >/$ 55 push ebp ; (initial cpu selection)
004D8AC4 |. 8BEC mov ebp, esp
004D8AC6 |. 6A FF push -1
004D8AC8 |. 68 E8127500 push 007512E8
004D8ACD |. 68 1CDB4D00 push 004DDB1C ; SE 处理程序安装
004D8AD2 |. 64:A1 0000000>mov eax, dword ptr fs:[0]
004D8AD8 |. 50 push eax
004D8AD9 |. 64:8925 00000>mov dword ptr fs:[0], esp
004D8AE0 |. 83EC 58 sub esp, 58
004D8AE3 |. 53 push ebx
004D8AE4 |. 56 push esi
004D8AE5 |. 57 push edi
004D8AE6 |. 8965 E8 mov dword ptr [ebp-18], esp
004D8AE9 |. FF15 64025100 call dword ptr [<&KERNEL32.GetVersion>; kernel32.GetVersion
004D8AEF |. 33D2 xor edx, edx
004D8AF1 |. 8AD4 mov dl, ah
004D8AF3 |. 8915 002A7B00 mov dword ptr [7B2A00], edx
004D8AF9 |. 8BC8 mov ecx, eax
004D8AFB |. 81E1 FF000000 and ecx, 0FF
004D8B01 |. 890D FC297B00 mov dword ptr [7B29FC], ecx
点右键查找字符串“注册失败”发现有多处调用,并其中充杂了“恭喜你已注册”,“恭喜,注册成功”“恭喜,注册成功,您现在需要重打开软件!”等大约四五十条之多,呵呵,很明显,是注册代码多重复制才会这样的,看来作者为防止别人爆破,可谓用心良苦啊。既然这样那只好先静态分析,追踪关键CALL
任意点开一个“恭喜你”向上慢慢追踪,发现好多重复CALL和代码,找到“0043C6BF . E8 CC010000 call 0043C890”,
0043C668 . 68 04000080 push 80000004
0043C66D . 6A 00 push 0
0043C66F . 68 39E35600 push 0056E339 ; 注册码
0043C674 . 68 04000080 push 80000004
0043C679 . 6A 00 push 0
0043C67B . A1 EC7A7700 mov eax, dword ptr [777AEC]
0043C680 . 85C0 test eax, eax
0043C682 . 75 05 jnz short 0043C689
0043C684 . B8 623E5100 mov eax, 00513E62
0043C689 > 50 push eax
0043C68A . 68 04000080 push 80000004
0043C68F . 6A 00 push 0
0043C691 . A1 E87A7700 mov eax, dword ptr [777AE8]
0043C696 . 85C0 test eax, eax
0043C698 . 75 05 jnz short 0043C69F
0043C69A . B8 623E5100 mov eax, 00513E62
0043C69F > 50 push eax
0043C6A0 . 68 04000000 push 4
0043C6A5 . BB 00A64500 mov ebx, 0045A600
0043C6AA . E8 26B40100 call 00457AD5
0043C6AF . 83C4 34 add esp, 34
0043C6B2 . 8945 FC mov dword ptr [ebp-4], eax
0043C6B5 . FF35 F07A7700 push dword ptr [777AF0]
0043C6BB . 8D45 FC lea eax, dword ptr [ebp-4]
0043C6BE . 50 push eax
0043C6BF . E8 CC010000 call 0043C890 ,关键CALL 右键跟随可以发现是注册码算法,此处可下断
0043C6C4 . 8945 F8 mov dword ptr [ebp-8], eax
0043C6C7 . 8B5D FC mov ebx, dword ptr [ebp-4]
0043C6CA . 85DB test ebx, ebx
0043C6CC . 74 09 je short 0043C6D7
0043C6CE . 53 push ebx
0043C6CF . E8 0DB40100 call 00457AE1
0043C6D4 . 83C4 04 add esp, 4
0043C6D7 > 8B45 F8 mov eax, dword ptr [ebp-8]
0043C6DA . E9 00000000 jmp 0043C6DF
0043C6DF > 8BE5 mov esp, ebp
0043C6E1 . 5D pop ebp
0043C6E2 . C3 retn
F9运行程序 进入注册界面,任意输入注册码(为方便边调试边讲解用真码“9816163181845450363698181871430njhbgvfwa30motherlslslsls”点注册按钮
0043C6BF . E8 CC010000 call 0043C890 在此处断下
0043C6C4 . 8945 F8 mov dword ptr [ebp-8], eax
0043C6C7 . 8B5D FC mov ebx, dword ptr [ebp-4]
0043C6CA . 85DB test ebx, ebx
0043C6CC . 74 09 je short 0043C6D7
0043C6CE . 53 push ebx
0043C6CF . E8 0DB40100 call 00457AE1
0043C6D4 . 83C4 04 add esp, 4
0043C6D7 > 8B45 F8 mov eax, dword ptr [ebp-8]
0043C6DA . E9 00000000 jmp 0043C6DF
0043C6DF > 8BE5 mov esp, ebp
0043C6E1 . 5D pop ebp
0043C6E2 . C3 retn
0043C6E3 /$ 55 push ebp
0043C6E4 |. 8BEC mov ebp, esp
F7进入" call 0043C890" 如下:
0043C890 $ 55 push ebp 按F8单步运行
0043C891 . 8BEC mov ebp, esp
0043C893 . 81EC 70000000 sub esp, 70
0043C899 . C745 FC 00000>mov dword ptr [ebp-4], 0 储存地址
0043C8A0 . C745 F8 00000>mov dword ptr [ebp-8], 0
0043C8A7 . C745 F4 00000>mov dword ptr [ebp-C], 0
0043C8AE . C745 F0 00000>mov dword ptr [ebp-10], 0
0043C8B5 . C745 EC 00000>mov dword ptr [ebp-14], 0
0043C8BC . C745 E8 00000>mov dword ptr [ebp-18], 0
0043C8C3 . C745 E4 00000>mov dword ptr [ebp-1C], 0
0043C8CA . C745 E0 00000>mov dword ptr [ebp-20], 0
0043C8D1 . C745 DC 00000>mov dword ptr [ebp-24], 0
0043C8D8 . C745 D8 00000>mov dword ptr [ebp-28], 0
0043C8DF . C745 D4 00000>mov dword ptr [ebp-2C], 0
0043C8E6 . C745 D0 00000>mov dword ptr [ebp-30], 0
0043C8ED . C745 CC 00000>mov dword ptr [ebp-34], 0
0043C8F4 . C745 C8 00000>mov dword ptr [ebp-38], 0
0043C8FB . C745 C4 00000>mov dword ptr [ebp-3C], 0
0043C902 . C745 C0 00000>mov dword ptr [ebp-40], 0
0043C909 . E8 2FFCFFFF call 0043C53D 取得机器码 “19277955486”
0043C90E . 8945 BC mov dword ptr [ebp-44], eax
0043C911 . 8B45 BC mov eax, dword ptr [ebp-44]
0043C914 . 50 push eax
0043C915 . 8B5D FC mov ebx, dword ptr [ebp-4]
0043C918 . 85DB test ebx, ebx
0043C91A . 74 09 je short 0043C925
0043C91C . 53 push ebx
0043C91D . E8 BFB10100 call 00457AE1
0043C922 . 83C4 04 add esp, 4
0043C925 > 58 pop eax
0043C926 . 8945 FC mov dword ptr [ebp-4], eax
0043C929 . C745 F8 00000>mov dword ptr [ebp-8], 0
0043C930 . 68 04000080 push 80000004
0043C935 . 6A 00 push 0
0043C937 . 8B45 FC mov eax, dword ptr [ebp-4]
0043C93A . 85C0 test eax, eax
0043C93C . 75 05 jnz short 0043C943
0043C93E . B8 623E5100 mov eax, 00513E62
0043C943 > 50 push eax
0043C944 . 68 01000000 push 1
0043C949 . BB C0894500 mov ebx, 004589C0
0043C94E . E8 82B10100 call 00457AD5
0043C953 . 83C4 10 add esp, 10
0043C956 . 8945 B8 mov dword ptr [ebp-48], eax
0043C959 . 8955 BC mov dword ptr [ebp-44], edx
0043C95C . DD45 B8 fld qword ptr [ebp-48]
0043C95F . DC35 AB405100 fdiv qword ptr [5140AB]
0043C965 . DD5D B0 fstp qword ptr [ebp-50] 机器码运算
0043C968 . 68 01060080 push 80000601
0043C96D . FF75 B4 push dword ptr [ebp-4C]
0043C970 . FF75 B0 push dword ptr [ebp-50]
0043C973 . 68 01000000 push 1
0043C978 . BB C0804500 mov ebx, 004580C0
0043C97D . E8 53B10100 call 00457AD5 机器码除以9 十六进制表示
0043C982 . 83C4 10 add esp, 10
0043C985 . 8945 F4 mov dword ptr [ebp-C], eax
0043C988 . 68 01030080 push 80000301
0043C98D . 6A 00 push 0
0043C98F . FF75 F4 push dword ptr [ebp-C]
0043C992 . 68 01000000 push 1
0043C997 . BB 20964500 mov ebx, 00459620
0043C99C . E8 34B10100 call 00457AD5 由十六进制转为十进制 “2141995054”
0043C9A1 . 83C4 10 add esp, 10
0043C9A4 . 8945 BC mov dword ptr [ebp-44], eax
0043C9A7 . 68 01030080 push 80000301
0043C9AC . 6A 00 push 0
0043C9AE . 68 01000000 push 1
0043C9B3 . 68 01030080 push 80000301
0043C9B8 . 6A 00 push 0
0043C9BA . 68 01000000 push 1
0043C9BF . 68 04000080 push 80000004
0043C9C4 . 6A 00 push 0
0043C9C6 . 8B45 BC mov eax, dword ptr [ebp-44]
0043C9C9 . 85C0 test eax, eax
0043C9CB . 75 05 jnz short 0043C9D2
0043C9CD . B8 623E5100 mov eax, 00513E62
0043C9D2 > 50 push eax
0043C9D3 . 68 03000000 push 3
0043C9D8 . BB 10844500 mov ebx, 00458410
0043C9DD . E8 F3B00100 call 00457AD5
0043C9E2 . 83C4 28 add esp, 28
0043C9E5 . 8945 B8 mov dword ptr [ebp-48], eax
0043C9E8 . 8B5D BC mov ebx, dword ptr [ebp-44]
0043C9EB . 85DB test ebx, ebx
0043C9ED . 74 09 je short 0043C9F8
0043C9EF . 53 push ebx
0043C9F0 . E8 ECB00100 call 00457AE1
0043C9F5 . 83C4 04 add esp, 4
0043C9F8 > 68 04000080 push 80000004
0043C9FD . 6A 00 push 0
0043C9FF . 8B45 B8 mov eax, dword ptr [ebp-48]
0043CA02 . 85C0 test eax, eax
0043CA04 . 75 05 jnz short 0043CA0B
0043CA06 . B8 623E5100 mov eax, 00513E62
0043CA0B > 50 push eax
0043CA0C . 68 01000000 push 1
0043CA11 . BB C0894500 mov ebx, 004589C0
0043CA16 . E8 BAB00100 call 00457AD5
0043CA1B . 83C4 10 add esp, 10
0043CA1E . 8945 B0 mov dword ptr [ebp-50], eax
0043CA21 . 8955 B4 mov dword ptr [ebp-4C], edx
0043CA24 . 8B5D B8 mov ebx, dword ptr [ebp-48]
0043CA27 . 85DB test ebx, ebx
0043CA29 . 74 09 je short 0043CA34
0043CA2B . 53 push ebx
0043CA2C . E8 B0B00100 call 00457AE1
0043CA31 . 83C4 04 add esp, 4
0043CA34 > DD45 B0 fld qword ptr [ebp-50]
0043CA37 . E8 C956FCFF call 00402105 ; 取机器码第一位
0043CA3C . 8945 F0 mov dword ptr [ebp-10], eax
0043CA3F . 6A 01 push 1
0043CA41 . FF75 F0 push dword ptr [ebp-10]
0043CA44 . E8 E7120000 call 0043DD30 ; 取 常数 “9 ”
0043CA49 . 8945 B4 mov dword ptr [ebp-4C], eax
0043CA4C . DB45 B4 fild dword ptr [ebp-4C] ; 转到堆栈
0043CA4F . DD5D B4 fstp qword ptr [ebp-4C]
0043CA52 . DD45 B4 fld qword ptr [ebp-4C] ; 机器码第一位
0043CA55 . DB45 F0 fild dword ptr [ebp-10]
0043CA58 . DD5D AC fstp qword ptr [ebp-54]
0043CA5B . DC4D AC fmul qword ptr [ebp-54]
0043CA5E . DB45 0C fild dword ptr [ebp+C] ; 算出常数 十六进制 “65 ” 十进制为101
0043CA61 . DD5D A4 fstp qword ptr [ebp-5C]
0043CA64 . DC4D A4 fmul qword ptr [ebp-5C] ; 各位相乘
0043CA67 . DD5D 9C fstp qword ptr [ebp-64]
0043CA6A . 68 01060080 push 80000601
0043CA6F . FF75 A0 push dword ptr [ebp-60]
0043CA72 . FF75 9C push dword ptr [ebp-64]
0043CA75 . 68 01000000 push 1
0043CA7A . BB 20964500 mov ebx, 00459620
0043CA7F . E8 51B00100 call 00457AD5 ; 结果转化十进制并转化字符串
0043CA84 . 83C4 10 add esp, 10
0043CA87 . 8945 98 mov dword ptr [ebp-68], eax
0043CA8A . FF75 98 push dword ptr [ebp-68]
0043CA8D . 68 B3405100 push 005140B3 ; “ 98 ”字符串
0043CA92 . B9 02000000 mov ecx, 2
0043CA97 . E8 2A46FCFF call 004010C6
0043CA9C . 83C4 08 add esp, 8
0043CA9F . 8945 94 mov dword ptr [ebp-6C], eax
0043CAA2 . 8B5D 98 mov ebx, dword ptr [ebp-68]
0043CAA5 . 85DB test ebx, ebx
0043CAA7 . 74 09 je short 0043CAB2
0043CAA9 . 53 push ebx
0043CAAA . E8 32B00100 call 00457AE1
0043CAAF . 83C4 04 add esp, 4
0043CAB2 > 8B45 94 mov eax, dword ptr [ebp-6C]
0043CAB5 . 50 push eax
0043CAB6 . 8B5D EC mov ebx, dword ptr [ebp-14]
0043CAB9 . 85DB test ebx, ebx
0043CABB . 74 09 je short 0043CAC6
0043CABD . 53 push ebx
0043CABE . E8 1EB00100 call 00457AE1
0043CAC3 . 83C4 04 add esp, 4
0043CAC6 > 58 pop eax
0043CAC7 . 8945 EC mov dword ptr [ebp-14], eax
0043CACA . 68 01030080 push 80000301
0043CACF . 6A 00 push 0
0043CAD1 . 68 03000000 push 3
0043CAD6 . 68 04000080 push 80000004
0043CADB . 6A 00 push 0
0043CADD . 8B45 EC mov eax, dword ptr [ebp-14]
0043CAE0 . 85C0 test eax, eax
0043CAE2 . 75 05 jnz short 0043CAE9
0043CAE4 . B8 623E5100 mov eax, 00513E62
0043CAE9 > 50 push eax
0043CAEA . 68 02000000 push 2
0043CAEF . BB 80834500 mov ebx, 00458380
0043CAF4 . E8 DCAF0100 call 00457AD5
0043CAF9 . 83C4 1C add esp, 1C
0043CAFC . 8945 BC mov dword ptr [ebp-44], eax
0043CAFF . 8B45 BC mov eax, dword ptr [ebp-44]
0043CB02 . 50 push eax
0043CB03 . 8B5D E8 mov ebx, dword ptr [ebp-18]
0043CB06 . 85DB test ebx, ebx
0043CB08 . 74 09 je short 0043CB13
0043CB0A . 53 push ebx
0043CB0B . E8 D1AF0100 call 00457AE1
0043CB10 . 83C4 04 add esp, 4
0043CB13 > 58 pop eax
0043CB14 . 8945 E8 mov dword ptr [ebp-18], eax
0043CB17 . 68 02000080 push 80000002
0043CB1C . 6A 00 push 0
0043CB1E . 68 00000000 push 0
0043CB23 . 6A 00 push 0
0043CB25 . 6A 00 push 0
0043CB27 . 6A 00 push 0
0043CB29 . 68 04000080 push 80000004
0043CB2E . 6A 00 push 0
0043CB30 . 8B45 E8 mov eax, dword ptr [ebp-18]
0043CB33 . 85C0 test eax, eax
0043CB35 . 75 05 jnz short 0043CB3C
0043CB37 . B8 623E5100 mov eax, 00513E62
0043CB3C > 50 push eax
0043CB3D . 68 04000080 push 80000004
0043CB42 . 6A 00 push 0
0043CB44 . 8B5D 08 mov ebx, dword ptr [ebp+8]
0043CB47 . 8B03 mov eax, dword ptr [ebx] ; 取 注册码
0043CB49 . 85C0 test eax, eax
0043CB4B . 75 05 jnz short 0043CB52
0043CB4D . B8 623E5100 mov eax, 00513E62
0043CB52 > 50 push eax
0043CB53 . 68 04000000 push 4
0043CB58 . BB 70864500 mov ebx, 00458670
0043CB5D . E8 73AF0100 call 00457AD5 ; 取得字符串在注册码的位数
0043CB62 . 83C4 34 add esp, 34
0043CB65 . 8945 B8 mov dword ptr [ebp-48], eax
0043CB68 . 837D B8 FF cmp dword ptr [ebp-48], -1
0043CB6C . 0F84 03000000 je 0043CB75 ; 关键跳 跳就死
0043CB72 . FF45 F8 inc dword ptr [ebp-8]
0043CB75 > 68 01030080 push 80000301
0043CB7A . 6A 00 push 0
0043CB7C . FF75 F4 push dword ptr [ebp-C]
0043CB7F . 68 01000000 push 1
0043CB84 . BB 20964500 mov ebx, 00459620
0043CB89 . E8 47AF0100 call 00457AD5 ; 再取机器码
0043CB8E . 83C4 10 add esp, 10
0043CB91 . 8945 BC mov dword ptr [ebp-44], eax
0043CB94 . 68 01030080 push 80000301
0043CB99 . 6A 00 push 0
0043CB9B . 68 01000000 push 1
0043CBA0 . 68 01030080 push 80000301
0043CBA5 . 6A 00 push 0
0043CBA7 . 68 02000000 push 2
0043CBAC . 68 04000080 push 80000004
0043CBB1 . 6A 00 push 0
0043CBB3 . 8B45 BC mov eax, dword ptr [ebp-44]
0043CBB6 . 85C0 test eax, eax
0043CBB8 . 75 05 jnz short 0043CBBF
0043CBBA . B8 623E5100 mov eax, 00513E62
0043CBBF > 50 push eax
0043CBC0 . 68 03000000 push 3
0043CBC5 . BB 10844500 mov ebx, 00458410
0043CBCA . E8 06AF0100 call 00457AD5
0043CBCF . 83C4 28 add esp, 28
0043CBD2 . 8945 B8 mov dword ptr [ebp-48], eax
0043CBD5 . 8B5D BC mov ebx, dword ptr [ebp-44]
0043CBD8 . 85DB test ebx, ebx
0043CBDA . 74 09 je short 0043CBE5
0043CBDC . 53 push ebx
0043CBDD . E8 FFAE0100 call 00457AE1
0043CBE2 . 83C4 04 add esp, 4
0043CBE5 > 68 04000080 push 80000004
0043CBEA . 6A 00 push 0
0043CBEC . 8B45 B8 mov eax, dword ptr [ebp-48]
0043CBEF . 85C0 test eax, eax
0043CBF1 . 75 05 jnz short 0043CBF8
0043CBF3 . B8 623E5100 mov eax, 00513E62
0043CBF8 > 50 push eax
0043CBF9 . 68 01000000 push 1
0043CBFE . BB C0894500 mov ebx, 004589C0
0043CC03 . E8 CDAE0100 call 00457AD5
0043CC08 . 83C4 10 add esp, 10
0043CC0B . 8945 B0 mov dword ptr [ebp-50], eax
0043CC0E . 8955 B4 mov dword ptr [ebp-4C], edx
0043CC11 . 8B5D B8 mov ebx, dword ptr [ebp-48]
0043CC14 . 85DB test ebx, ebx
0043CC16 . 74 09 je short 0043CC21
0043CC18 . 53 push ebx
0043CC19 . E8 C3AE0100 call 00457AE1
0043CC1E . 83C4 04 add esp, 4
0043CC21 > DD45 B0 fld qword ptr [ebp-50] ; 取机器码第2位
0043CC24 . E8 DC54FCFF call 00402105
0043CC29 . 8945 F0 mov dword ptr [ebp-10], eax
0043CC2C . 6A 01 push 1
0043CC2E . FF75 F0 push dword ptr [ebp-10]
0043CC31 . E8 7E130000 call 0043DFB4
0043CC36 . 8945 BC mov dword ptr [ebp-44], eax ; 取常数 7
0043CC39 . DB45 0C fild dword ptr [ebp+C]
0043CC3C . DD5D B4 fstp qword ptr [ebp-4C]
0043CC3F . DD45 B4 fld qword ptr [ebp-4C] ; 常数 十六进制 65
0043CC42 . DC05 60405100 fadd qword ptr [514060] ; 加 1
0043CC48 . DD5D AC fstp qword ptr [ebp-54]
0043CC4B . DB45 BC fild dword ptr [ebp-44]
0043CC4E . DD5D A4 fstp qword ptr [ebp-5C]
0043CC51 . DD45 A4 fld qword ptr [ebp-5C]
0043CC54 . DB45 F0 fild dword ptr [ebp-10]
0043CC57 . DD5D 9C fstp qword ptr [ebp-64]
0043CC5A . DC4D 9C fmul qword ptr [ebp-64]
0043CC5D . DC4D AC fmul qword ptr [ebp-54]
0043CC60 . DD5D 94 fstp qword ptr [ebp-6C] ; 相乘结果 放入堆栈
0043CC63 . 68 01060080 push 80000601
0043CC68 . FF75 98 push dword ptr [ebp-68]
0043CC6B . FF75 94 push dword ptr [ebp-6C]
0043CC6E . 68 01000000 push 1
0043CC73 . BB 20964500 mov ebx, 00459620
0043CC78 . E8 58AE0100 call 00457AD5 ; 结果转为十进制字符串
0043CC7D . 83C4 10 add esp, 10
0043CC80 . 8945 90 mov dword ptr [ebp-70], eax
0043CC83 . 8B45 90 mov eax, dword ptr [ebp-70]
0043CC86 . 50 push eax
0043CC87 . 8B5D E4 mov ebx, dword ptr [ebp-1C]
0043CC8A . 85DB test ebx, ebx
0043CC8C . 74 09 je short 0043CC97
0043CC8E . 53 push ebx
0043CC8F . E8 4DAE0100 call 00457AE1
0043CC94 . 83C4 04 add esp, 4
0043CC97 > 58 pop eax
0043CC98 . 8945 E4 mov dword ptr [ebp-1C], eax
0043CC9B . 68 02000080 push 80000002
0043CCA0 . 6A 00 push 0
0043CCA2 . 68 00000000 push 0
0043CCA7 . 6A 00 push 0
0043CCA9 . 6A 00 push 0
0043CCAB . 6A 00 push 0
0043CCAD . 68 04000080 push 80000004
0043CCB2 . 6A 00 push 0
0043CCB4 . 8B45 E4 mov eax, dword ptr [ebp-1C]
0043CCB7 . 85C0 test eax, eax
0043CCB9 . 75 05 jnz short 0043CCC0
0043CCBB . B8 623E5100 mov eax, 00513E62
0043CCC0 > 50 push eax
0043CCC1 . 68 04000080 push 80000004
0043CCC6 . 6A 00 push 0
0043CCC8 . 8B5D 08 mov ebx, dword ptr [ebp+8]
0043CCCB . 8B03 mov eax, dword ptr [ebx] ; 取 注册码
0043CCCD . 85C0 test eax, eax
0043CCCF . 75 05 jnz short 0043CCD6
0043CCD1 . B8 623E5100 mov eax, 00513E62
0043CCD6 > 50 push eax
0043CCD7 . 68 04000000 push 4
0043CCDC . BB 70864500 mov ebx, 00458670
0043CCE1 . E8 EFAD0100 call 00457AD5 ; 取得字符串在注册码的位数
0043CCE6 . 83C4 34 add esp, 34
0043CCE9 . 8945 B8 mov dword ptr [ebp-48], eax
0043CCEC . 837D B8 FF cmp dword ptr [ebp-48], -1
0043CCF0 . 0F84 03000000 je 0043CCF9 ; 关键跳 跳就死
0043CCF6 . FF45 F8 inc dword ptr [ebp-8]
0043CCF9 > 68 01030080 push 80000301
0043CCFE . 6A 00 push 0
0043CD00 . FF75 F4 push dword ptr [ebp-C]
0043CD03 . 68 01000000 push 1
0043CD08 . BB 20964500 mov ebx, 00459620
0043CD0D . E8 C3AD0100 call 00457AD5
0043CD12 . 83C4 10 add esp, 10
0043CD15 . 8945 BC mov dword ptr [ebp-44], eax
0043CD18 . 68 01030080 push 80000301
0043CD1D . 6A 00 push 0
0043CD1F . 68 01000000 push 1
0043CD24 . 68 01030080 push 80000301
0043CD29 . 6A 00 push 0
0043CD2B . 68 03000000 push 3
0043CD30 . 68 04000080 push 80000004
0043CD35 . 6A 00 push 0
0043CD37 . 8B45 BC mov eax, dword ptr [ebp-44]
0043CD3A . 85C0 test eax, eax
0043CD3C . 75 05 jnz short 0043CD43
0043CD3E . B8 623E5100 mov eax, 00513E62
0043CD43 > 50 push eax
0043CD44 . 68 03000000 push 3
0043CD49 . BB 10844500 mov ebx, 00458410
0043CD4E . E8 82AD0100 call 00457AD5
0043CD53 . 83C4 28 add esp, 28
0043CD56 . 8945 B8 mov dword ptr [ebp-48], eax
0043CD59 . 8B5D BC mov ebx, dword ptr [ebp-44]
0043CD5C . 85DB test ebx, ebx
0043CD5E . 74 09 je short 0043CD69
0043CD60 . 53 push ebx
0043CD61 . E8 7BAD0100 call 00457AE1
0043CD66 . 83C4 04 add esp, 4
0043CD69 > 68 04000080 push 80000004
0043CD6E . 6A 00 push 0
0043CD70 . 8B45 B8 mov eax, dword ptr [ebp-48]
0043CD73 . 85C0 test eax, eax
0043CD75 . 75 05 jnz short 0043CD7C
0043CD77 . B8 623E5100 mov eax, 00513E62
0043CD7C > 50 push eax
0043CD7D . 68 01000000 push 1
0043CD82 . BB C0894500 mov ebx, 004589C0
0043CD87 . E8 49AD0100 call 00457AD5
0043CD8C . 83C4 10 add esp, 10
0043CD8F . 8945 B0 mov dword ptr [ebp-50], eax
0043CD92 . 8955 B4 mov dword ptr [ebp-4C], edx
0043CD95 . 8B5D B8 mov ebx, dword ptr [ebp-48]
0043CD98 . 85DB test ebx, ebx
0043CD9A . 74 09 je short 0043CDA5
0043CD9C . 53 push ebx
0043CD9D . E8 3FAD0100 call 00457AE1
0043CDA2 . 83C4 04 add esp, 4
0043CDA5 > DD45 B0 fld qword ptr [ebp-50]
0043CDA8 . E8 5853FCFF call 00402105
0043CDAD . 8945 F0 mov dword ptr [ebp-10], eax
0043CDB0 . 6A 01 push 1
0043CDB2 . FF75 F0 push dword ptr [ebp-10]
0043CDB5 . E8 5C170000 call 0043E516
0043CDBA . 8945 B4 mov dword ptr [ebp-4C], eax
0043CDBD . DB45 B4 fild dword ptr [ebp-4C]
0043CDC0 . DD5D B4 fstp qword ptr [ebp-4C]
0043CDC3 . DD45 B4 fld qword ptr [ebp-4C]
0043CDC6 . DB45 F0 fild dword ptr [ebp-10]
0043CDC9 . DD5D AC fstp qword ptr [ebp-54]
0043CDCC . DC4D AC fmul qword ptr [ebp-54]
0043CDCF . DB45 0C fild dword ptr [ebp+C]
0043CDD2 . DD5D A4 fstp qword ptr [ebp-5C]
0043CDD5 . DC4D A4 fmul qword ptr [ebp-5C]
0043CDD8 . DD5D 9C fstp qword ptr [ebp-64]
0043CDDB . 68 01060080 push 80000601
0043CDE0 . FF75 A0 push dword ptr [ebp-60]
0043CDE3 . FF75 9C push dword ptr [ebp-64]
0043CDE6 . 68 01000000 push 1
0043CDEB . BB 20964500 mov ebx, 00459620
0043CDF0 . E8 E0AC0100 call 00457AD5
0043CDF5 . 83C4 10 add esp, 10
0043CDF8 . 8945 98 mov dword ptr [ebp-68], eax
0043CDFB . 8B45 98 mov eax, dword ptr [ebp-68]
0043CDFE . 50 push eax
0043CDFF . 8B5D E0 mov ebx, dword ptr [ebp-20]
0043CE02 . 85DB test ebx, ebx
0043CE04 . 74 09 je short 0043CE0F
0043CE06 . 53 push ebx
0043CE07 . E8 D5AC0100 call 00457AE1
0043CE0C . 83C4 04 add esp, 4
0043CE0F > 58 pop eax
0043CE10 . 8945 E0 mov dword ptr [ebp-20], eax
0043CE13 . 68 02000080 push 80000002
0043CE18 . 6A 00 push 0
0043CE1A . 68 00000000 push 0
0043CE1F . 6A 00 push 0
0043CE21 . 6A 00 push 0
0043CE23 . 6A 00 push 0
0043CE25 . 68 04000080 push 80000004
0043CE2A . 6A 00 push 0
0043CE2C . 8B45 E0 mov eax, dword ptr [ebp-20]
0043CE2F . 85C0 test eax, eax
0043CE31 . 75 05 jnz short 0043CE38
0043CE33 . B8 623E5100 mov eax, 00513E62
0043CE38 > 50 push eax
0043CE39 . 68 04000080 push 80000004
0043CE3E . 6A 00 push 0
0043CE40 . 8B5D 08 mov ebx, dword ptr [ebp+8]
0043CE43 . 8B03 mov eax, dword ptr [ebx]
0043CE45 . 85C0 test eax, eax
0043CE47 . 75 05 jnz short 0043CE4E
0043CE49 . B8 623E5100 mov eax, 00513E62
0043CE4E > 50 push eax
0043CE4F . 68 04000000 push 4
0043CE54 . BB 70864500 mov ebx, 00458670
0043CE59 . E8 77AC0100 call 00457AD5
0043CE5E . 83C4 34 add esp, 34
0043CE61 . 8945 B8 mov dword ptr [ebp-48], eax
0043CE64 . 837D B8 FF cmp dword ptr [ebp-48], -1
0043CE68 . 0F84 03000000 je 0043CE71
0043CE6E . FF45 F8 inc dword ptr [ebp-8]
0043CE71 > 68 01030080 push 80000301
0043CE76 . 6A 00 push 0
0043CE78 . FF75 F4 push dword ptr [ebp-C]
0043CE7B . 68 01000000 push 1
0043CE80 . BB 20964500 mov ebx, 00459620
0043CE85 . E8 4BAC0100 call 00457AD5
0043CE8A . 83C4 10 add esp, 10
0043CE8D . 8945 BC mov dword ptr [ebp-44], eax
0043CE90 . 68 01030080 push 80000301
0043CE95 . 6A 00 push 0
0043CE97 . 68 01000000 push 1
0043CE9C . 68 01030080 push 80000301
0043CEA1 . 6A 00 push 0
0043CEA3 . 68 04000000 push 4
0043CEA8 . 68 04000080 push 80000004
0043CEAD . 6A 00 push 0
0043CEAF . 8B45 BC mov eax, dword ptr [ebp-44]
0043CEB2 . 85C0 test eax, eax
0043CEB4 . 75 05 jnz short 0043CEBB
0043CEB6 . B8 623E5100 mov eax, 00513E62
0043CEBB > 50 push eax
0043CEBC . 68 03000000 push 3
0043CEC1 . BB 10844500 mov ebx, 00458410
0043CEC6 . E8 0AAC0100 call 00457AD5
0043CECB . 83C4 28 add esp, 28
0043CECE . 8945 B8 mov dword ptr [ebp-48], eax
0043CED1 . 8B5D BC mov ebx, dword ptr [ebp-44]
0043CED4 . 85DB test ebx, ebx
0043CED6 . 74 09 je short 0043CEE1
0043CED8 . 53 push ebx
0043CED9 . E8 03AC0100 call 00457AE1
0043CEDE . 83C4 04 add esp, 4
0043CEE1 > 68 04000080 push 80000004
0043CEE6 . 6A 00 push 0
0043CEE8 . 8B45 B8 mov eax, dword ptr [ebp-48]
0043CEEB . 85C0 test eax, eax
0043CEED . 75 05 jnz short 0043CEF4
0043CEEF . B8 623E5100 mov eax, 00513E62
0043CEF4 > 50 push eax
0043CEF5 . 68 01000000 push 1
0043CEFA . BB C0894500 mov ebx, 004589C0
0043CEFF . E8 D1AB0100 call 00457AD5
0043CF04 . 83C4 10 add esp, 10
0043CF07 . 8945 B0 mov dword ptr [ebp-50], eax
0043CF0A . 8955 B4 mov dword ptr [ebp-4C], edx
0043CF0D . 8B5D B8 mov ebx, dword ptr [ebp-48]
0043CF10 . 85DB test ebx, ebx
0043CF12 . 74 09 je short 0043CF1D
0043CF14 . 53 push ebx
0043CF15 . E8 C7AB0100 call 00457AE1
0043CF1A . 83C4 04 add esp, 4
0043CF1D > DD45 B0 fld qword ptr [ebp-50]
0043CF20 . E8 E051FCFF call 00402105
0043CF25 . 8945 F0 mov dword ptr [ebp-10], eax
0043CF28 . 6A 01 push 1
0043CF2A . FF75 F0 push dword ptr [ebp-10]
0043CF2D . E8 25170000 call 0043E657
0043CF32 . 8945 B4 mov dword ptr [ebp-4C], eax
0043CF35 . DB45 B4 fild dword ptr [ebp-4C]
0043CF38 . DD5D B4 fstp qword ptr [ebp-4C]
0043CF3B . DD45 B4 fld qword ptr [ebp-4C]
0043CF3E . DB45 F0 fild dword ptr [ebp-10]
0043CF41 . DD5D AC fstp qword ptr [ebp-54]
0043CF44 . DC4D AC fmul qword ptr [ebp-54]
0043CF47 . DD5D A4 fstp qword ptr [ebp-5C]
0043CF4A . 68 01060080 push 80000601
0043CF4F . FF75 A8 push dword ptr [ebp-58]
0043CF52 . FF75 A4 push dword ptr [ebp-5C]
0043CF55 . 68 01000000 push 1
0043CF5A . BB 20964500 mov ebx, 00459620
0043CF5F . E8 71AB0100 call 00457AD5
0043CF64 . 83C4 10 add esp, 10
0043CF67 . 8945 A0 mov dword ptr [ebp-60], eax
0043CF6A . 8B45 A0 mov eax, dword ptr [ebp-60]
0043CF6D . 50 push eax
0043CF6E . 8B5D DC mov ebx, dword ptr [ebp-24]
0043CF71 . 85DB test ebx, ebx
0043CF73 . 74 09 je short 0043CF7E
0043CF75 . 53 push ebx
0043CF76 . E8 66AB0100 call 00457AE1
0043CF7B . 83C4 04 add esp, 4
0043CF7E > 58 pop eax
0043CF7F . 8945 DC mov dword ptr [ebp-24], eax
0043CF82 . 68 02000080 push 80000002
0043CF87 . 6A 00 push 0
0043CF89 . 68 00000000 push 0
0043CF8E . 6A 00 push 0
0043CF90 . 6A 00 push 0
0043CF92 . 6A 00 push 0
0043CF94 . 68 04000080 push 80000004
0043CF99 . 6A 00 push 0
0043CF9B . 8B45 DC mov eax, dword ptr [ebp-24]
0043CF9E . 85C0 test eax, eax
0043CFA0 . 75 05 jnz short 0043CFA7
0043CFA2 . B8 623E5100 mov eax, 00513E62
0043CFA7 > 50 push eax
0043CFA8 . 68 04000080 push 80000004
0043CFAD . 6A 00 push 0
0043CFAF . 8B5D 08 mov ebx, dword ptr [ebp+8]
0043CFB2 . 8B03 mov eax, dword ptr [ebx]
0043CFB4 . 85C0 test eax, eax
0043CFB6 . 75 05 jnz short 0043CFBD
0043CFB8 . B8 623E5100 mov eax, 00513E62
0043CFBD > 50 push eax
0043CFBE . 68 04000000 push 4
0043CFC3 . BB 70864500 mov ebx, 00458670
0043CFC8 . E8 08AB0100 call 00457AD5
0043CFCD . 83C4 34 add esp, 34
0043CFD0 . 8945 B8 mov dword ptr [ebp-48], eax
0043CFD3 . 837D B8 FF cmp dword ptr [ebp-48], -1
0043CFD7 . 0F84 03000000 je 0043CFE0
0043CFDD . FF45 F8 inc dword ptr [ebp-8]
0043CFE0 > 68 01030080 push 80000301
0043CFE5 . 6A 00 push 0
0043CFE7 . FF75 F4 push dword ptr [ebp-C]
0043CFEA . 68 01000000 push 1
0043CFEF . BB 20964500 mov ebx, 00459620
0043CFF4 . E8 DCAA0100 call 00457AD5
0043CFF9 . 83C4 10 add esp, 10
0043CFFC . 8945 BC mov dword ptr [ebp-44], eax
0043CFFF . 68 01030080 push 80000301
0043D004 . 6A 00 push 0
0043D006 . 68 01000000 push 1
0043D00B . 68 01030080 push 80000301
0043D010 . 6A 00 push 0
0043D012 . 68 05000000 push 5
0043D017 . 68 04000080 push 80000004
0043D01C . 6A 00 push 0
0043D01E . 8B45 BC mov eax, dword ptr [ebp-44]
0043D021 . 85C0 test eax, eax
0043D023 . 75 05 jnz short 0043D02A
0043D025 . B8 623E5100 mov eax, 00513E62
0043D02A > 50 push eax
0043D02B . 68 03000000 push 3
0043D030 . BB 10844500 mov ebx, 00458410
0043D035 . E8 9BAA0100 call 00457AD5
0043D03A . 83C4 28 add esp, 28
0043D03D . 8945 B8 mov dword ptr [ebp-48], eax
0043D040 . 8B5D BC mov ebx, dword ptr [ebp-44]
0043D043 . 85DB test ebx, ebx
0043D045 . 74 09 je short 0043D050
0043D047 . 53 push ebx
0043D048 . E8 94AA0100 call 00457AE1
0043D04D . 83C4 04 add esp, 4
0043D050 > 68 04000080 push 80000004
0043D055 . 6A 00 push 0
0043D057 . 8B45 B8 mov eax, dword ptr [ebp-48]
0043D05A . 85C0 test eax, eax
0043D05C . 75 05 jnz short 0043D063
0043D05E . B8 623E5100 mov eax, 00513E62
0043D063 > 50 push eax
0043D064 . 68 01000000 push 1
0043D069 . BB C0894500 mov ebx, 004589C0
0043D06E . E8 62AA0100 call 00457AD5
0043D073 . 83C4 10 add esp, 10
0043D076 . 8945 B0 mov dword ptr [ebp-50], eax
0043D079 . 8955 B4 mov dword ptr [ebp-4C], edx
0043D07C . 8B5D B8 mov ebx, dword ptr [ebp-48]
0043D07F . 85DB test ebx, ebx
0043D081 . 74 09 je short 0043D08C
0043D083 . 53 push ebx
0043D084 . E8 58AA0100 call 00457AE1
0043D089 . 83C4 04 add esp, 4
0043D08C > DD45 B0 fld qword ptr [ebp-50]
0043D08F . E8 7150FCFF call 00402105
0043D094 . 8945 F0 mov dword ptr [ebp-10], eax
0043D097 . 6A 01 push 1
0043D099 . FF75 F0 push dword ptr [ebp-10]
0043D09C . E8 D24C0000 call 00441D73
0043D0A1 . 8945 B4 mov dword ptr [ebp-4C], eax
0043D0A4 . DB45 B4 fild dword ptr [ebp-4C]
0043D0A7 . DD5D B4 fstp qword ptr [ebp-4C]
0043D0AA . DD45 B4 fld qword ptr [ebp-4C]
0043D0AD . DB45 F0 fild dword ptr [ebp-10]
0043D0B0 . DD5D AC fstp qword ptr [ebp-54]
0043D0B3 . DC4D AC fmul qword ptr [ebp-54]
0043D0B6 . DB45 0C fild dword ptr [ebp+C]
0043D0B9 . DD5D A4 fstp qword ptr [ebp-5C]
0043D0BC . DC4D A4 fmul qword ptr [ebp-5C]
0043D0BF . DD5D 9C fstp qword ptr [ebp-64]
0043D0C2 . 68 01060080 push 80000601
0043D0C7 . FF75 A0 push dword ptr [ebp-60]
0043D0CA . FF75 9C push dword ptr [ebp-64]
0043D0CD . 68 01000000 push 1
0043D0D2 . BB 20964500 mov ebx, 00459620
0043D0D7 . E8 F9A90100 call 00457AD5
0043D0DC . 83C4 10 add esp, 10
0043D0DF . 8945 98 mov dword ptr [ebp-68], eax
0043D0E2 . 8B45 98 mov eax, dword ptr [ebp-68]
0043D0E5 . 50 push eax
0043D0E6 . 8B5D D8 mov ebx, dword ptr [ebp-28]
0043D0E9 . 85DB test ebx, ebx
0043D0EB . 74 09 je short 0043D0F6
0043D0ED . 53 push ebx
0043D0EE . E8 EEA90100 call 00457AE1
0043D0F3 . 83C4 04 add esp, 4
0043D0F6 > 58 pop eax
0043D0F7 . 8945 D8 mov dword ptr [ebp-28], eax
0043D0FA . 68 02000080 push 80000002
0043D0FF . 6A 00 push 0
0043D101 . 68 00000000 push 0
0043D106 . 6A 00 push 0
0043D108 . 6A 00 push 0
0043D10A . 6A 00 push 0
0043D10C . 68 04000080 push 80000004
0043D111 . 6A 00 push 0
0043D113 . 8B45 D8 mov eax, dword ptr [ebp-28]
0043D116 . 85C0 test eax, eax
0043D118 . 75 05 jnz short 0043D11F
0043D11A . B8 623E5100 mov eax, 00513E62
0043D11F > 50 push eax
0043D120 . 68 04000080 push 80000004
0043D125 . 6A 00 push 0
0043D127 . 8B5D 08 mov ebx, dword ptr [ebp+8]
0043D12A . 8B03 mov eax, dword ptr [ebx]
0043D12C . 85C0 test eax, eax
0043D12E . 75 05 jnz short 0043D135
0043D130 . B8 623E5100 mov eax, 00513E62
0043D135 > 50 push eax
0043D136 . 68 04000000 push 4
0043D13B . BB 70864500 mov ebx, 00458670
0043D140 . E8 90A90100 call 00457AD5
0043D145 . 83C4 34 add esp, 34
0043D148 . 8945 B8 mov dword ptr [ebp-48], eax
0043D14B . 837D B8 FF cmp dword ptr [ebp-48], -1
0043D14F . 0F84 03000000 je 0043D158
0043D155 . FF45 F8 inc dword ptr [ebp-8]
0043D158 > 68 01030080 push 80000301
0043D15D . 6A 00 push 0
0043D15F . FF75 F4 push dword ptr [ebp-C]
0043D162 . 68 01000000 push 1
0043D167 . BB 20964500 mov ebx, 00459620
0043D16C . E8 64A90100 call 00457AD5
0043D171 . 83C4 10 add esp, 10
0043D174 . 8945 BC mov dword ptr [ebp-44], eax
0043D177 . 68 01030080 push 80000301
0043D17C . 6A 00 push 0
0043D17E . 68 01000000 push 1
0043D183 . 68 01030080 push 80000301
0043D188 . 6A 00 push 0
0043D18A . 68 06000000 push 6
0043D18F . 68 04000080 push 80000004
0043D194 . 6A 00 push 0
0043D196 . 8B45 BC mov eax, dword ptr [ebp-44]
0043D199 . 85C0 test eax, eax
0043D19B . 75 05 jnz short 0043D1A2
0043D19D . B8 623E5100 mov eax, 00513E62
0043D1A2 > 50 push eax
0043D1A3 . 68 03000000 push 3
0043D1A8 . BB 10844500 mov ebx, 00458410
0043D1AD . E8 23A90100 call 00457AD5
0043D1B2 . 83C4 28 add esp, 28
0043D1B5 . 8945 B8 mov dword ptr [ebp-48], eax
0043D1B8 . 8B5D BC mov ebx, dword ptr [ebp-44]
0043D1BB . 85DB test ebx, ebx
0043D1BD . 74 09 je short 0043D1C8
0043D1BF . 53 push ebx
0043D1C0 . E8 1CA90100 call 00457AE1
0043D1C5 . 83C4 04 add esp, 4
0043D1C8 > 68 04000080 push 80000004
0043D1CD . 6A 00 push 0
0043D1CF . 8B45 B8 mov eax, dword ptr [ebp-48]
0043D1D2 . 85C0 test eax, eax
0043D1D4 . 75 05 jnz short 0043D1DB
0043D1D6 . B8 623E5100 mov eax, 00513E62
0043D1DB > 50 push eax
0043D1DC . 68 01000000 push 1
0043D1E1 . BB C0894500 mov ebx, 004589C0
0043D1E6 . E8 EAA80100 call 00457AD5
0043D1EB . 83C4 10 add esp, 10
0043D1EE . 8945 B0 mov dword ptr [ebp-50], eax
0043D1F1 . 8955 B4 mov dword ptr [ebp-4C], edx
0043D1F4 . 8B5D B8 mov ebx, dword ptr [ebp-48]
0043D1F7 . 85DB test ebx, ebx
0043D1F9 . 74 09 je short 0043D204
0043D1FB . 53 push ebx
0043D1FC . E8 E0A80100 call 00457AE1
0043D201 . 83C4 04 add esp, 4
0043D204 > DD45 B0 fld qword ptr [ebp-50]
0043D207 . E8 F94EFCFF call 00402105
0043D20C . 8945 F0 mov dword ptr [ebp-10], eax
0043D20F . 6A 01 push 1
0043D211 . FF75 F0 push dword ptr [ebp-10]
0043D214 . E8 A44F0000 call 004421BD
0043D219 . 8945 B4 mov dword ptr [ebp-4C], eax
0043D21C . DB45 B4 fild dword ptr [ebp-4C]
0043D21F . DD5D B4 fstp qword ptr [ebp-4C]
0043D222 . DD45 B4 fld qword ptr [ebp-4C]
0043D225 . DB45 F0 fild dword ptr [ebp-10]
0043D228 . DD5D AC fstp qword ptr [ebp-54]
0043D22B . DC4D AC fmul qword ptr [ebp-54]
0043D22E . DB45 0C fild dword ptr [ebp+C]
0043D231 . DD5D A4 fstp qword ptr [ebp-5C]
0043D234 . DC4D A4 fmul qword ptr [ebp-5C]
0043D237 . DD5D 9C fstp qword ptr [ebp-64]
0043D23A . 68 01060080 push 80000601
0043D23F . FF75 A0 push dword ptr [ebp-60]
0043D242 . FF75 9C push dword ptr [ebp-64]
0043D245 . 68 01000000 push 1
0043D24A . BB 20964500 mov ebx, 00459620
0043D24F . E8 81A80100 call 00457AD5
0043D254 . 83C4 10 add esp, 10
0043D257 . 8945 98 mov dword ptr [ebp-68], eax
0043D25A . 8B45 98 mov eax, dword ptr [ebp-68]
0043D25D . 50 push eax
0043D25E . 8B5D D4 mov ebx, dword ptr [ebp-2C]
0043D261 . 85DB test ebx, ebx
0043D263 . 74 09 je short 0043D26E
0043D265 . 53 push ebx
0043D266 . E8 76A80100 call 00457AE1
0043D26B . 83C4 04 add esp, 4
0043D26E > 58 pop eax
0043D26F . 8945 D4 mov dword ptr [ebp-2C], eax
0043D272 . 68 02000080 push 80000002
0043D277 . 6A 00 push 0
0043D279 . 68 00000000 push 0
0043D27E . 6A 00 push 0
0043D280 . 6A 00 push 0
0043D282 . 6A 00 push 0
0043D284 . 68 04000080 push 80000004
0043D289 . 6A 00 push 0
0043D28B . 8B45 D4 mov eax, dword ptr [ebp-2C]
0043D28E . 85C0 test eax, eax
0043D290 . 75 05 jnz short 0043D297
0043D292 . B8 623E5100 mov eax, 00513E62
0043D297 > 50 push eax
0043D298 . 68 04000080 push 80000004
0043D29D . 6A 00 push 0
0043D29F . 8B5D 08 mov ebx, dword ptr [ebp+8]
0043D2A2 . 8B03 mov eax, dword ptr [ebx]
0043D2A4 . 85C0 test eax, eax
0043D2A6 . 75 05 jnz short 0043D2AD
0043D2A8 . B8 623E5100 mov eax, 00513E62
0043D2AD > 50 push eax
0043D2AE . 68 04000000 push 4
0043D2B3 . BB 70864500 mov ebx, 00458670
0043D2B8 . E8 18A80100 call 00457AD5
0043D2BD . 83C4 34 add esp, 34
0043D2C0 . 8945 B8 mov dword ptr [ebp-48], eax
0043D2C3 . 837D B8 FF cmp dword ptr [ebp-48], -1
0043D2C7 . 0F84 03000000 je 0043D2D0
0043D2CD . FF45 F8 inc dword ptr [ebp-8]
0043D2D0 > E8 4E550000 call 00442823 ; 以下几个CALL为上面算法复制直接跳到下面
0043D2D5 . E8 51580000 call 00442B2B
0043D2DA . E8 545B0000 call 00442E33
0043D2DF . E8 575E0000 call 0044313B ; 这是软件作者为防爆破的障眼法,呵呵
0043D2E4 . E8 5A610000 call 00443443
0043D2E9 . E8 5D640000 call 0044374B
0043D2EE . E8 60670000 call 00443A53
0043D2F3 . E8 636A0000 call 00443D5B
0043D2F8 . E8 666D0000 call 00444063
0043D2FD . E8 69700000 call 0044436B
0043D302 . E8 6C730000 call 00444673
0043D307 . E8 6F760000 call 0044497B
0043D30C . E8 72790000 call 00444C83
0043D311 . 68 B6405100 push 005140B6 ; 7 固定字符串
0043D316 . FF75 EC push dword ptr [ebp-14]
0043D319 . B9 02000000 mov ecx, 2
0043D31E . E8 A33DFCFF call 004010C6
0043D323 . 83C4 08 add esp, 8
0043D326 . 8945 BC mov dword ptr [ebp-44], eax
0043D329 . 8B45 BC mov eax, dword ptr [ebp-44]
0043D32C . 50 push eax
0043D32D . 8B5D EC mov ebx, dword ptr [ebp-14]
0043D330 . 85DB test ebx, ebx
0043D332 . 74 09 je short 0043D33D
0043D334 . 53 push ebx
0043D335 . E8 A7A70100 call 00457AE1
0043D33A . 83C4 04 add esp, 4
0043D33D > 58 pop eax
0043D33E . 8945 EC mov dword ptr [ebp-14], eax
0043D341 . 68 01030080 push 80000301
0043D346 . 6A 00 push 0
0043D348 . FF75 F4 push dword ptr [ebp-C]
0043D34B . 68 01000000 push 1
0043D350 . BB 20964500 mov ebx, 00459620
0043D355 . E8 7BA70100 call 00457AD5
0043D35A . 83C4 10 add esp, 10
0043D35D . 8945 BC mov dword ptr [ebp-44], eax
0043D360 . 68 01030080 push 80000301
0043D365 . 6A 00 push 0
0043D367 . 68 01000000 push 1
0043D36C . 68 01030080 push 80000301
0043D371 . 6A 00 push 0
0043D373 . 68 08000000 push 8
0043D378 . 68 04000080 push 80000004
0043D37D . 6A 00 push 0
0043D37F . 8B45 BC mov eax, dword ptr [ebp-44]
0043D382 . 85C0 test eax, eax
0043D384 . 75 05 jnz short 0043D38B
0043D386 . B8 623E5100 mov eax, 00513E62
0043D38B > 50 push eax
0043D38C . 68 03000000 push 3
0043D391 . BB 10844500 mov ebx, 00458410
0043D396 . E8 3AA70100 call 00457AD5
0043D39B . 83C4 28 add esp, 28
0043D39E . 8945 B8 mov dword ptr [ebp-48], eax
0043D3A1 . 8B5D BC mov ebx, dword ptr [ebp-44]
0043D3A4 . 85DB test ebx, ebx
0043D3A6 . 74 09 je short 0043D3B1
0043D3A8 . 53 push ebx
0043D3A9 . E8 33A70100 call 00457AE1
0043D3AE . 83C4 04 add esp, 4
0043D3B1 > 68 04000080 push 80000004
0043D3B6 . 6A 00 push 0
0043D3B8 . 8B45 B8 mov eax, dword ptr [ebp-48]
0043D3BB . 85C0 test eax, eax
0043D3BD . 75 05 jnz short 0043D3C4
0043D3BF . B8 623E5100 mov eax, 00513E62
0043D3C4 > 50 push eax
0043D3C5 . 68 01000000 push 1
0043D3CA . BB C0894500 mov ebx, 004589C0
0043D3CF . E8 01A70100 call 00457AD5
0043D3D4 . 83C4 10 add esp, 10
0043D3D7 . 8945 B0 mov dword ptr [ebp-50], eax
0043D3DA . 8955 B4 mov dword ptr [ebp-4C], edx
0043D3DD . 8B5D B8 mov ebx, dword ptr [ebp-48]
0043D3E0 . 85DB test ebx, ebx
0043D3E2 . 74 09 je short 0043D3ED
0043D3E4 . 53 push ebx
0043D3E5 . E8 F7A60100 call 00457AE1
0043D3EA . 83C4 04 add esp, 4
0043D3ED > DD45 B0 fld qword ptr [ebp-50]
0043D3F0 . E8 104DFCFF call 00402105
0043D3F5 . 8945 F0 mov dword ptr [ebp-10], eax
0043D3F8 . 6A 01 push 1
0043D3FA . FF75 F0 push dword ptr [ebp-10]
0043D3FD . E8 897B0000 call 00444F8B
0043D402 . 8945 B4 mov dword ptr [ebp-4C], eax
0043D405 . DB45 B4 fild dword ptr [ebp-4C]
0043D408 . DD5D B4 fstp qword ptr [ebp-4C]
0043D40B . DD45 B4 fld qword ptr [ebp-4C]
0043D40E . DB45 F0 fild dword ptr [ebp-10]
0043D411 . DD5D AC fstp qword ptr [ebp-54]
0043D414 . DC4D AC fmul qword ptr [ebp-54]
0043D417 . DB45 0C fild dword ptr [ebp+C]
0043D41A . DD5D A4 fstp qword ptr [ebp-5C]
0043D41D . DC4D A4 fmul qword ptr [ebp-5C]
0043D420 . DD5D 9C fstp qword ptr [ebp-64]
0043D423 . 68 01060080 push 80000601
0043D428 . FF75 A0 push dword ptr [ebp-60]
0043D42B . FF75 9C push dword ptr [ebp-64]
0043D42E . 68 01000000 push 1
0043D433 . BB 20964500 mov ebx, 00459620
0043D438 . E8 98A60100 call 00457AD5
0043D43D . 83C4 10 add esp, 10
0043D440 . 8945 98 mov dword ptr [ebp-68], eax
0043D443 . 8B45 98 mov eax, dword ptr [ebp-68]
0043D446 . 50 push eax
0043D447 . 8B5D D0 mov ebx, dword ptr [ebp-30]
0043D44A . 85DB test ebx, ebx
0043D44C . 74 09 je short 0043D457
0043D44E . 53 push ebx
0043D44F . E8 8DA60100 call 00457AE1
0043D454 . 83C4 04 add esp, 4
0043D457 > 58 pop eax
0043D458 . 8945 D0 mov dword ptr [ebp-30], eax
0043D45B . 68 02000080 push 80000002
0043D460 . 6A 00 push 0
0043D462 . 68 00000000 push 0
0043D467 . 6A 00 push 0
0043D469 . 6A 00 push 0
0043D46B . 6A 00 push 0
0043D46D . 68 04000080 push 80000004
0043D472 . 6A 00 push 0
0043D474 . 8B45 D0 mov eax, dword ptr [ebp-30]
0043D477 . 85C0 test eax, eax
0043D479 . 75 05 jnz short 0043D480
0043D47B . B8 623E5100 mov eax, 00513E62
0043D480 > 50 push eax
0043D481 . 68 04000080 push 80000004
0043D486 . 6A 00 push 0
0043D488 . 8B5D 08 mov ebx, dword ptr [ebp+8]
0043D48B . 8B03 mov eax, dword ptr [ebx]
0043D48D . 85C0 test eax, eax
0043D48F . 75 05 jnz short 0043D496
0043D491 . B8 623E5100 mov eax, 00513E62
0043D496 > 50 push eax
0043D497 . 68 04000000 push 4
0043D49C . BB 70864500 mov ebx, 00458670
0043D4A1 . E8 2FA60100 call 00457AD5
0043D4A6 . 83C4 34 add esp, 34
0043D4A9 . 8945 B8 mov dword ptr [ebp-48], eax
0043D4AC . 837D B8 FF cmp dword ptr [ebp-48], -1
0043D4B0 . 0F84 03000000 je 0043D4B9
0043D4B6 . FF45 F8 inc dword ptr [ebp-8]
0043D4B9 > 68 01030080 push 80000301
0043D4BE . 6A 00 push 0
0043D4C0 . FF75 F4 push dword ptr [ebp-C]
0043D4C3 . 68 01000000 push 1
0043D4C8 . BB 20964500 mov ebx, 00459620
0043D4CD . E8 03A60100 call 00457AD5
0043D4D2 . 83C4 10 add esp, 10
0043D4D5 . 8945 BC mov dword ptr [ebp-44], eax
0043D4D8 . 68 01030080 push 80000301
0043D4DD . 6A 00 push 0
0043D4DF . 68 01000000 push 1
0043D4E4 . 68 01030080 push 80000301
0043D4E9 . 6A 00 push 0
0043D4EB . 68 09000000 push 9
0043D4F0 . 68 04000080 push 80000004
0043D4F5 . 6A 00 push 0
0043D4F7 . 8B45 BC mov eax, dword ptr [ebp-44]
0043D4FA . 85C0 test eax, eax
0043D4FC . 75 05 jnz short 0043D503
0043D4FE . B8 623E5100 mov eax, 00513E62
0043D503 > 50 push eax
0043D504 . 68 03000000 push 3
0043D509 . BB 10844500 mov ebx, 00458410
0043D50E . E8 C2A50100 call 00457AD5
0043D513 . 83C4 28 add esp, 28
0043D516 . 8945 B8 mov dword ptr [ebp-48], eax
0043D519 . 8B5D BC mov ebx, dword ptr [ebp-44]
0043D51C . 85DB test ebx, ebx
0043D51E . 74 09 je short 0043D529
0043D520 . 53 push ebx
0043D521 . E8 BBA50100 call 00457AE1
0043D526 . 83C4 04 add esp, 4
0043D529 > 68 04000080 push 80000004
0043D52E . 6A 00 push 0
0043D530 . 8B45 B8 mov eax, dword ptr [ebp-48]
0043D533 . 85C0 test eax, eax
0043D535 . 75 05 jnz short 0043D53C
0043D537 . B8 623E5100 mov eax, 00513E62
0043D53C > 50 push eax
0043D53D . 68 01000000 push 1
0043D542 . BB C0894500 mov ebx, 004589C0
0043D547 . E8 89A50100 call 00457AD5
0043D54C . 83C4 10 add esp, 10
0043D54F . 8945 B0 mov dword ptr [ebp-50], eax
0043D552 . 8955 B4 mov dword ptr [ebp-4C], edx
0043D555 . 8B5D B8 mov ebx, dword ptr [ebp-48]
0043D558 . 85DB test ebx, ebx
0043D55A . 74 09 je short 0043D565
0043D55C . 53 push ebx
0043D55D . E8 7FA50100 call 00457AE1
0043D562 . 83C4 04 add esp, 4
0043D565 > DD45 B0 fld qword ptr [ebp-50]
0043D568 . E8 984BFCFF call 00402105
0043D56D . 8945 F0 mov dword ptr [ebp-10], eax
0043D570 . 6A 01 push 1
0043D572 . FF75 F0 push dword ptr [ebp-10]
0043D575 . E8 1D810000 call 00445697
0043D57A . 8945 B4 mov dword ptr [ebp-4C], eax
0043D57D . DB45 B4 fild dword ptr [ebp-4C]
0043D580 . DD5D B4 fstp qword ptr [ebp-4C]
0043D583 . DD45 B4 fld qword ptr [ebp-4C]
0043D586 . DB45 F0 fild dword ptr [ebp-10]
0043D589 . DD5D AC fstp qword ptr [ebp-54]
0043D58C . DC4D AC fmul qword ptr [ebp-54]
0043D58F . DD5D A4 fstp qword ptr [ebp-5C]
0043D592 . 68 01060080 push 80000601
0043D597 . FF75 A8 push dword ptr [ebp-58]
0043D59A . FF75 A4 push dword ptr [ebp-5C]
0043D59D . 68 01000000 push 1
0043D5A2 . BB 20964500 mov ebx, 00459620
0043D5A7 . E8 29A50100 call 00457AD5
0043D5AC . 83C4 10 add esp, 10
0043D5AF . 8945 A0 mov dword ptr [ebp-60], eax
0043D5B2 . 8B45 A0 mov eax, dword ptr [ebp-60]
0043D5B5 . 50 push eax
0043D5B6 . 8B5D CC mov ebx, dword ptr [ebp-34]
0043D5B9 . 85DB test ebx, ebx
0043D5BB . 74 09 je short 0043D5C6
0043D5BD . 53 push ebx
0043D5BE . E8 1EA50100 call 00457AE1
0043D5C3 . 83C4 04 add esp, 4
0043D5C6 > 58 pop eax
0043D5C7 . 8945 CC mov dword ptr [ebp-34], eax
0043D5CA . 68 02000080 push 80000002
0043D5CF . 6A 00 push 0
0043D5D1 . 68 00000000 push 0
0043D5D6 . 6A 00 push 0
0043D5D8 . 6A 00 push 0
0043D5DA . 6A 00 push 0
0043D5DC . 68 04000080 push 80000004
0043D5E1 . 6A 00 push 0
0043D5E3 . 8B45 CC mov eax, dword ptr [ebp-34]
0043D5E6 . 85C0 test eax, eax
0043D5E8 . 75 05 jnz short 0043D5EF
0043D5EA . B8 623E5100 mov eax, 00513E62
0043D5EF > 50 push eax
0043D5F0 . 68 04000080 push 80000004
0043D5F5 . 6A 00 push 0
0043D5F7 . 8B5D 08 mov ebx, dword ptr [ebp+8]
0043D5FA . 8B03 mov eax, dword ptr [ebx]
0043D5FC . 85C0 test eax, eax
0043D5FE . 75 05 jnz short 0043D605
0043D600 . B8 623E5100 mov eax, 00513E62
0043D605 > 50 push eax
0043D606 . 68 04000000 push 4
0043D60B . BB 70864500 mov ebx, 00458670
0043D610 . E8 C0A40100 call 00457AD5
0043D615 . 83C4 34 add esp, 34
0043D618 . 8945 B8 mov dword ptr [ebp-48], eax
0043D61B . 837D B8 FF cmp dword ptr [ebp-48], -1
0043D61F . 0F84 03000000 je 0043D628
0043D625 . FF45 F8 inc dword ptr [ebp-8]
0043D628 > 68 B8405100 push 005140B8 ; njhbgvfwa 固定字符串
0043D62D . FF75 CC push dword ptr [ebp-34]
0043D630 . B9 02000000 mov ecx, 2
0043D635 . E8 8C3AFCFF call 004010C6
0043D63A . 83C4 08 add esp, 8
0043D63D . 8945 BC mov dword ptr [ebp-44], eax
0043D640 . 68 02000080 push 80000002
0043D645 . 6A 00 push 0
0043D647 . 68 00000000 push 0
0043D64C . 6A 00 push 0
0043D64E . 6A 00 push 0
0043D650 . 6A 00 push 0
0043D652 . 68 04000080 push 80000004
0043D657 . 6A 00 push 0
0043D659 . 8B45 BC mov eax, dword ptr [ebp-44]
0043D65C . 85C0 test eax, eax
0043D65E . 75 05 jnz short 0043D665
0043D660 . B8 623E5100 mov eax, 00513E62
0043D665 > 50 push eax
0043D666 . 68 04000080 push 80000004
0043D66B . 6A 00 push 0
0043D66D . 8B5D 08 mov ebx, dword ptr [ebp+8]
0043D670 . 8B03 mov eax, dword ptr [ebx]
0043D672 . 85C0 test eax, eax
0043D674 . 75 05 jnz short 0043D67B
0043D676 . B8 623E5100 mov eax, 00513E62
0043D67B > 50 push eax
0043D67C . 68 04000000 push 4
0043D681 . BB 70864500 mov ebx, 00458670
0043D686 . E8 4AA40100 call 00457AD5
0043D68B . 83C4 34 add esp, 34
0043D68E . 8945 B8 mov dword ptr [ebp-48], eax
0043D691 . 8B5D BC mov ebx, dword ptr [ebp-44]
0043D694 . 85DB test ebx, ebx
0043D696 . 74 09 je short 0043D6A1
0043D698 . 53 push ebx
0043D699 . E8 43A40100 call 00457AE1
0043D69E . 83C4 04 add esp, 4
0043D6A1 > 837D B8 FF cmp dword ptr [ebp-48], -1
0043D6A5 . 0F84 03000000 je 0043D6AE
0043D6AB . FF45 F8 inc dword ptr [ebp-8]
0043D6AE > 68 01030080 push 80000301
0043D6B3 . 6A 00 push 0
0043D6B5 . FF75 F4 push dword ptr [ebp-C]
0043D6B8 . 68 01000000 push 1
0043D6BD . BB 20964500 mov ebx, 00459620
0043D6C2 . E8 0EA40100 call 00457AD5
0043D6C7 . 83C4 10 add esp, 10
0043D6CA . 8945 BC mov dword ptr [ebp-44], eax
0043D6CD . 68 01030080 push 80000301
0043D6D2 . 6A 00 push 0
0043D6D4 . 68 01000000 push 1
0043D6D9 . 68 01030080 push 80000301
0043D6DE . 6A 00 push 0
0043D6E0 . 68 0A000000 push 0A
0043D6E5 . 68 04000080 push 80000004
0043D6EA . 6A 00 push 0
0043D6EC . 8B45 BC mov eax, dword ptr [ebp-44]
0043D6EF . 85C0 test eax, eax
0043D6F1 . 75 05 jnz short 0043D6F8
0043D6F3 . B8 623E5100 mov eax, 00513E62
0043D6F8 > 50 push eax
0043D6F9 . 68 03000000 push 3
0043D6FE . BB 10844500 mov ebx, 00458410
0043D703 . E8 CDA30100 call 00457AD5
0043D708 . 83C4 28 add esp, 28
0043D70B . 8945 B8 mov dword ptr [ebp-48], eax
0043D70E . 8B5D BC mov ebx, dword ptr [ebp-44]
0043D711 . 85DB test ebx, ebx
0043D713 . 74 09 je short 0043D71E
0043D715 . 53 push ebx
0043D716 . E8 C6A30100 call 00457AE1
0043D71B . 83C4 04 add esp, 4
0043D71E > 68 04000080 push 80000004
0043D723 . 6A 00 push 0
0043D725 . 8B45 B8 mov eax, dword ptr [ebp-48]
0043D728 . 85C0 test eax, eax
0043D72A . 75 05 jnz short 0043D731
0043D72C . B8 623E5100 mov eax, 00513E62
0043D731 > 50 push eax
0043D732 . 68 01000000 push 1
0043D737 . BB C0894500 mov ebx, 004589C0
0043D73C . E8 94A30100 call 00457AD5
0043D741 . 83C4 10 add esp, 10
0043D744 . 8945 B0 mov dword ptr [ebp-50], eax
0043D747 . 8955 B4 mov dword ptr [ebp-4C], edx
0043D74A . 8B5D B8 mov ebx, dword ptr [ebp-48]
0043D74D . 85DB test ebx, ebx
0043D74F . 74 09 je short 0043D75A
0043D751 . 53 push ebx
0043D752 . E8 8AA30100 call 00457AE1
0043D757 . 83C4 04 add esp, 4
0043D75A > DD45 B0 fld qword ptr [ebp-50]
0043D75D . E8 A349FCFF call 00402105
0043D762 . 8945 F0 mov dword ptr [ebp-10], eax
0043D765 . 6A 01 push 1
0043D767 . FF75 F0 push dword ptr [ebp-10]
0043D76A . E8 C1050000 call 0043DD30
0043D76F . 8945 B4 mov dword ptr [ebp-4C], eax
0043D772 . DB45 B4 fild dword ptr [ebp-4C]
0043D775 . DD5D B4 fstp qword ptr [ebp-4C]
0043D778 . DD45 B4 fld qword ptr [ebp-4C]
0043D77B . DB45 F0 fild dword ptr [ebp-10]
0043D77E . DD5D AC fstp qword ptr [ebp-54]
0043D781 . DC4D AC fmul qword ptr [ebp-54]
0043D784 . DB45 0C fild dword ptr [ebp+C]
0043D787 . DD5D A4 fstp qword ptr [ebp-5C]
0043D78A . DC4D A4 fmul qword ptr [ebp-5C]
0043D78D . DD5D 9C fstp qword ptr [ebp-64]
0043D790 . 68 01060080 push 80000601
0043D795 . FF75 A0 push dword ptr [ebp-60]
0043D798 . FF75 9C push dword ptr [ebp-64]
0043D79B . 68 01000000 push 1
0043D7A0 . BB 20964500 mov ebx, 00459620
0043D7A5 . E8 2BA30100 call 00457AD5
0043D7AA . 83C4 10 add esp, 10
0043D7AD . 8945 98 mov dword ptr [ebp-68], eax
0043D7B0 . 8B45 98 mov eax, dword ptr [ebp-68]
0043D7B3 . 50 push eax
0043D7B4 . 8B5D C8 mov ebx, dword ptr [ebp-38]
0043D7B7 . 85DB test ebx, ebx
0043D7B9 . 74 09 je short 0043D7C4
0043D7BB . 53 push ebx
0043D7BC . E8 20A30100 call 00457AE1
0043D7C1 . 83C4 04 add esp, 4
0043D7C4 > 58 pop eax
0043D7C5 . 8945 C8 mov dword ptr [ebp-38], eax
0043D7C8 . 68 02000080 push 80000002
0043D7CD . 6A 00 push 0
0043D7CF . 68 00000000 push 0
0043D7D4 . 6A 00 push 0
0043D7D6 . 6A 00 push 0
0043D7D8 . 6A 00 push 0
0043D7DA . 68 04000080 push 80000004
0043D7DF . 6A 00 push 0
0043D7E1 . 8B45 C8 mov eax, dword ptr [ebp-38]
0043D7E4 . 85C0 test eax, eax
0043D7E6 . 75 05 jnz short 0043D7ED
0043D7E8 . B8 623E5100 mov eax, 00513E62
0043D7ED > 50 push eax
0043D7EE . 68 04000080 push 80000004
0043D7F3 . 6A 00 push 0
0043D7F5 . 8B5D 08 mov ebx, dword ptr [ebp+8]
0043D7F8 . 8B03 mov eax, dword ptr [ebx]
0043D7FA . 85C0 test eax, eax
0043D7FC . 75 05 jnz short 0043D803
0043D7FE . B8 623E5100 mov eax, 00513E62
0043D803 > 50 push eax
0043D804 . 68 04000000 push 4
0043D809 . BB 70864500 mov ebx, 00458670
0043D80E . E8 C2A20100 call 00457AD5
0043D813 . 83C4 34 add esp, 34
0043D816 . 8945 B8 mov dword ptr [ebp-48], eax
0043D819 . 837D B8 FF cmp dword ptr [ebp-48], -1
0043D81D . 0F84 03000000 je 0043D826
0043D823 . FF45 F8 inc dword ptr [ebp-8]
0043D826 > 68 C2405100 push 005140C2 ; motherlslslsls 固定字符串
0043D82B . FF75 CC push dword ptr [ebp-34]
0043D82E . B9 02000000 mov ecx, 2
0043D833 . E8 8E38FCFF call 004010C6
0043D838 . 83C4 08 add esp, 8
0043D83B . 8945 BC mov dword ptr [ebp-44], eax
0043D83E . 68 02000080 push 80000002
0043D843 . 6A 00 push 0
0043D845 . 68 00000000 push 0
0043D84A . 6A 00 push 0
0043D84C . 6A 00 push 0
0043D84E . 6A 00 push 0
0043D850 . 68 04000080 push 80000004
0043D855 . 6A 00 push 0
0043D857 . 8B45 BC mov eax, dword ptr [ebp-44]
0043D85A . 85C0 test eax, eax
0043D85C . 75 05 jnz short 0043D863
0043D85E . B8 623E5100 mov eax, 00513E62
0043D863 > 50 push eax
0043D864 . 68 04000080 push 80000004
0043D869 . 6A 00 push 0
0043D86B . 8B5D 08 mov ebx, dword ptr [ebp+8]
0043D86E . 8B03 mov eax, dword ptr [ebx]
0043D870 . 85C0 test eax, eax
0043D872 . 75 05 jnz short 0043D879
0043D874 . B8 623E5100 mov eax, 00513E62
0043D879 > 50 push eax
0043D87A . 68 04000000 push 4
0043D87F . BB 70864500 mov ebx, 00458670
0043D884 . E8 4CA20100 call 00457AD5
0043D889 . 83C4 34 add esp, 34
0043D88C . 8945 B8 mov dword ptr [ebp-48], eax
0043D88F . 8B5D BC mov ebx, dword ptr [ebp-44]
0043D892 . 85DB test ebx, ebx
0043D894 . 74 09 je short 0043D89F
0043D896 . 53 push ebx
0043D897 . E8 45A20100 call 00457AE1
0043D89C . 83C4 04 add esp, 4
0043D89F > 837D B8 FF cmp dword ptr [ebp-48], -1
0043D8A3 . 0F84 03000000 je 0043D8AC
0043D8A9 . FF45 F8 inc dword ptr [ebp-8]
0043D8AC > FF75 D8 push dword ptr [ebp-28]
0043D8AF . FF75 DC push dword ptr [ebp-24]
0043D8B2 . FF75 E0 push dword ptr [ebp-20]
0043D8B5 . B9 03000000 mov ecx, 3
0043D8BA . E8 0738FCFF call 004010C6
0043D8BF . 83C4 0C add esp, 0C
0043D8C2 . 8945 BC mov dword ptr [ebp-44], eax
0043D8C5 . 68 02000080 push 80000002
0043D8CA . 6A 00 push 0
0043D8CC . 68 00000000 push 0
0043D8D1 . 6A 00 push 0
0043D8D3 . 6A 00 push 0
0043D8D5 . 6A 00 push 0
0043D8D7 . 68 04000080 push 80000004
0043D8DC . 6A 00 push 0
0043D8DE . 8B45 BC mov eax, dword ptr [ebp-44]
0043D8E1 . 85C0 test eax, eax
0043D8E3 . 75 05 jnz short 0043D8EA
0043D8E5 . B8 623E5100 mov eax, 00513E62
0043D8EA > 50 push eax
0043D8EB . 68 04000080 push 80000004
由于算法相同,重复太多,在此不再赘述。
--------------------------------------------------------------------------------
【经验总结】
本软件使用大量算法复制和重复计算,以及许多花指令让爆破者望而却步,想来这也不失为一种简单易行的加密方法,其实
算法并不复杂,只要揪住有用的那些代码可以简化不少,如前面相乘的那组常数,如果跟进去算法较复杂,但直接由结果看
去就是用974325869这个固定字符串作乘数,记得前一段时间讨论的有相似的一款取名软件也是用同样算法,只不过换了个
常数罢了。算法总结如下:
机器码除以9得数 (当机器码不足10位时后面可加个数补充) 101乘第一位乘9=A 101加1 乘第二位乘7=B 101乘第三
位乘4=C 第四位乘3=D 101乘第五位乘2=E 101乘第六位乘5=F 加7 101乘第八位乘8=G 第九位乘6=H 101乘第十位
乘9=I
注册码 = 98 + C + D + E + F + G + I + 98 + A + B + H+njhbgvfwa +H+motherlslslsls
注册成功后,会在D盘根目录下生成一个注册文件,删除后变为试用版,好了,算法分析出来了,注册机代码就很简单了,用VB编写下
Private Sub CmdStart_Click()
txt1 = Text1.Text
If Len(txt1) > 10 Then
txt2 = txt1 / 9
txt3 = Mid(txt2, 3, 1) * 101 * 4
txt4 = Mid(txt2, 4, 1) * 3
txt5 = Mid(txt2, 5, 1) * 101 * 2
txt6 = Mid(txt2, 6, 1) * 101 * 5
txt8 = Mid(txt2, 8, 1) * 101 * 8
txt9 = Mid(txt2, 9, 1) * 6
txt10 = Mid(txt2, 10, 1) * 9 * 101
txt11 = Mid(txt2, 1, 1) * 9 * 101
txt12 = Mid(txt2, 2, 1) * 7 * 102
Text2 = "98" & txt3 & txt4 & txt5 & txt6 & txt8 & txt10 & "98" & txt11 & txt12 & txt9 & "njhbgvfwa" & txt9 &
"motherlslslsls"
Else: Text2 = "你的机器码不符合要求,请在后面加上“1”"
End If
End Sub
破解说明:本人实在是一个菜鸟,只懂得皮毛,实为爱好,上面分析有错误的地方,请各位大侠不要见笑。非常感谢看雪版
主提供我们学习的平台,非常感谢!
--------------------------------------------------------------------------------
【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
2012年01月01日 00:23:18
大牛算法分析非常详细!!!!大家可以学学思路!
|
|