模版小偷:一款网页模板小偷软件的注册分析(算法+注册机源码) 2024-04-19 13:19:19 0 0 【文章作者】: suredwang 【作者邮箱】: suredwang@126.com 【软件名称】: 网页模板小偷 【软件大小】: 865KB 【下载地址】: 自己搜索下载 【加壳方式】: ASPack 2.12 -> Alexey Solodovnikov 【保护方式】: 加壳外加机器码多重注册 【编写语言】: Microsoft Visual C++ 6.0 【使用工具】: OD PEID AspackDie1.41 【操作平台】: windowXP 【软件介绍】: 只需输入单个网页的URL地址,即可在C盘生成对应文件 【作者声明】: 本人实在是个小小菜鸟,只是感兴趣,研究各种加密软件方法,没有其他目的。失误之处敬请诸位大侠赐教! 这是本人第一次发主帖,好多规则不懂,错误难免,请大家多多包涵! -------------------------------------------------------------------------------- 【详细过程】 分析说明:ASPack 2.12的壳用ESP定律就可以简单脱之,本人因时间关系直接借用大侠的脱壳工具AspackDie1.41脱之试运行正常,用PEID再查发现是用Microsoft Visual C++ 6.0语言编写 打开程序点注册软件,在注册码处任意输入字符点注册按钮出现“注册失败”提示框,然后用OD载入如下 004D8AC3 >/$ 55 push ebp ; (initial cpu selection) 004D8AC4 |. 8BEC mov ebp, esp 004D8AC6 |. 6A FF push -1 004D8AC8 |. 68 E8127500 push 007512E8 004D8ACD |. 68 1CDB4D00 push 004DDB1C ; SE 处理程序安装 004D8AD2 |. 64:A1 0000000>mov eax, dword ptr fs:[0] 004D8AD8 |. 50 push eax 004D8AD9 |. 64:8925 00000>mov dword ptr fs:[0], esp 004D8AE0 |. 83EC 58 sub esp, 58 004D8AE3 |. 53 push ebx 004D8AE4 |. 56 push esi 004D8AE5 |. 57 push edi 004D8AE6 |. 8965 E8 mov dword ptr [ebp-18], esp 004D8AE9 |. FF15 64025100 call dword ptr [<&KERNEL32.GetVersion>; kernel32.GetVersion 004D8AEF |. 33D2 xor edx, edx 004D8AF1 |. 8AD4 mov dl, ah 004D8AF3 |. 8915 002A7B00 mov dword ptr [7B2A00], edx 004D8AF9 |. 8BC8 mov ecx, eax 004D8AFB |. 81E1 FF000000 and ecx, 0FF 004D8B01 |. 890D FC297B00 mov dword ptr [7B29FC], ecx 点右键查找字符串“注册失败”发现有多处调用,并其中充杂了“恭喜你已注册”,“恭喜,注册成功”“恭喜,注册成功,您现在需要重打开软件!”等大约四五十条之多,呵呵,很明显,是注册代码多重复制才会这样的,看来作者为防止别人爆破,可谓用心良苦啊。既然这样那只好先静态分析,追踪关键CALL 任意点开一个“恭喜你”向上慢慢追踪,发现好多重复CALL和代码,找到“0043C6BF . E8 CC010000 call 0043C890”, 0043C668 . 68 04000080 push 80000004 0043C66D . 6A 00 push 0 0043C66F . 68 39E35600 push 0056E339 ; 注册码 0043C674 . 68 04000080 push 80000004 0043C679 . 6A 00 push 0 0043C67B . A1 EC7A7700 mov eax, dword ptr [777AEC] 0043C680 . 85C0 test eax, eax 0043C682 . 75 05 jnz short 0043C689 0043C684 . B8 623E5100 mov eax, 00513E62 0043C689 > 50 push eax 0043C68A . 68 04000080 push 80000004 0043C68F . 6A 00 push 0 0043C691 . A1 E87A7700 mov eax, dword ptr [777AE8] 0043C696 . 85C0 test eax, eax 0043C698 . 75 05 jnz short 0043C69F 0043C69A . B8 623E5100 mov eax, 00513E62 0043C69F > 50 push eax 0043C6A0 . 68 04000000 push 4 0043C6A5 . BB 00A64500 mov ebx, 0045A600 0043C6AA . E8 26B40100 call 00457AD5 0043C6AF . 83C4 34 add esp, 34 0043C6B2 . 8945 FC mov dword ptr [ebp-4], eax 0043C6B5 . FF35 F07A7700 push dword ptr [777AF0] 0043C6BB . 8D45 FC lea eax, dword ptr [ebp-4] 0043C6BE . 50 push eax 0043C6BF . E8 CC010000 call 0043C890 ,关键CALL 右键跟随可以发现是注册码算法,此处可下断 0043C6C4 . 8945 F8 mov dword ptr [ebp-8], eax 0043C6C7 . 8B5D FC mov ebx, dword ptr [ebp-4] 0043C6CA . 85DB test ebx, ebx 0043C6CC . 74 09 je short 0043C6D7 0043C6CE . 53 push ebx 0043C6CF . E8 0DB40100 call 00457AE1 0043C6D4 . 83C4 04 add esp, 4 0043C6D7 > 8B45 F8 mov eax, dword ptr [ebp-8] 0043C6DA . E9 00000000 jmp 0043C6DF 0043C6DF > 8BE5 mov esp, ebp 0043C6E1 . 5D pop ebp 0043C6E2 . C3 retn F9运行程序 进入注册界面,任意输入注册码(为方便边调试边讲解用真码“9816163181845450363698181871430njhbgvfwa30motherlslslsls”点注册按钮 0043C6BF . E8 CC010000 call 0043C890 在此处断下 0043C6C4 . 8945 F8 mov dword ptr [ebp-8], eax 0043C6C7 . 8B5D FC mov ebx, dword ptr [ebp-4] 0043C6CA . 85DB test ebx, ebx 0043C6CC . 74 09 je short 0043C6D7 0043C6CE . 53 push ebx 0043C6CF . E8 0DB40100 call 00457AE1 0043C6D4 . 83C4 04 add esp, 4 0043C6D7 > 8B45 F8 mov eax, dword ptr [ebp-8] 0043C6DA . E9 00000000 jmp 0043C6DF 0043C6DF > 8BE5 mov esp, ebp 0043C6E1 . 5D pop ebp 0043C6E2 . C3 retn 0043C6E3 /$ 55 push ebp 0043C6E4 |. 8BEC mov ebp, esp F7进入" call 0043C890" 如下: 0043C890 $ 55 push ebp 按F8单步运行 0043C891 . 8BEC mov ebp, esp 0043C893 . 81EC 70000000 sub esp, 70 0043C899 . C745 FC 00000>mov dword ptr [ebp-4], 0 储存地址 0043C8A0 . C745 F8 00000>mov dword ptr [ebp-8], 0 0043C8A7 . C745 F4 00000>mov dword ptr [ebp-C], 0 0043C8AE . C745 F0 00000>mov dword ptr [ebp-10], 0 0043C8B5 . C745 EC 00000>mov dword ptr [ebp-14], 0 0043C8BC . C745 E8 00000>mov dword ptr [ebp-18], 0 0043C8C3 . C745 E4 00000>mov dword ptr [ebp-1C], 0 0043C8CA . C745 E0 00000>mov dword ptr [ebp-20], 0 0043C8D1 . C745 DC 00000>mov dword ptr [ebp-24], 0 0043C8D8 . C745 D8 00000>mov dword ptr [ebp-28], 0 0043C8DF . C745 D4 00000>mov dword ptr [ebp-2C], 0 0043C8E6 . C745 D0 00000>mov dword ptr [ebp-30], 0 0043C8ED . C745 CC 00000>mov dword ptr [ebp-34], 0 0043C8F4 . C745 C8 00000>mov dword ptr [ebp-38], 0 0043C8FB . C745 C4 00000>mov dword ptr [ebp-3C], 0 0043C902 . C745 C0 00000>mov dword ptr [ebp-40], 0 0043C909 . E8 2FFCFFFF call 0043C53D 取得机器码 “19277955486” 0043C90E . 8945 BC mov dword ptr [ebp-44], eax 0043C911 . 8B45 BC mov eax, dword ptr [ebp-44] 0043C914 . 50 push eax 0043C915 . 8B5D FC mov ebx, dword ptr [ebp-4] 0043C918 . 85DB test ebx, ebx 0043C91A . 74 09 je short 0043C925 0043C91C . 53 push ebx 0043C91D . E8 BFB10100 call 00457AE1 0043C922 . 83C4 04 add esp, 4 0043C925 > 58 pop eax 0043C926 . 8945 FC mov dword ptr [ebp-4], eax 0043C929 . C745 F8 00000>mov dword ptr [ebp-8], 0 0043C930 . 68 04000080 push 80000004 0043C935 . 6A 00 push 0 0043C937 . 8B45 FC mov eax, dword ptr [ebp-4] 0043C93A . 85C0 test eax, eax 0043C93C . 75 05 jnz short 0043C943 0043C93E . B8 623E5100 mov eax, 00513E62 0043C943 > 50 push eax 0043C944 . 68 01000000 push 1 0043C949 . BB C0894500 mov ebx, 004589C0 0043C94E . E8 82B10100 call 00457AD5 0043C953 . 83C4 10 add esp, 10 0043C956 . 8945 B8 mov dword ptr [ebp-48], eax 0043C959 . 8955 BC mov dword ptr [ebp-44], edx 0043C95C . DD45 B8 fld qword ptr [ebp-48] 0043C95F . DC35 AB405100 fdiv qword ptr [5140AB] 0043C965 . DD5D B0 fstp qword ptr [ebp-50] 机器码运算 0043C968 . 68 01060080 push 80000601 0043C96D . FF75 B4 push dword ptr [ebp-4C] 0043C970 . FF75 B0 push dword ptr [ebp-50] 0043C973 . 68 01000000 push 1 0043C978 . BB C0804500 mov ebx, 004580C0 0043C97D . E8 53B10100 call 00457AD5 机器码除以9 十六进制表示 0043C982 . 83C4 10 add esp, 10 0043C985 . 8945 F4 mov dword ptr [ebp-C], eax 0043C988 . 68 01030080 push 80000301 0043C98D . 6A 00 push 0 0043C98F . FF75 F4 push dword ptr [ebp-C] 0043C992 . 68 01000000 push 1 0043C997 . BB 20964500 mov ebx, 00459620 0043C99C . E8 34B10100 call 00457AD5 由十六进制转为十进制 “2141995054” 0043C9A1 . 83C4 10 add esp, 10 0043C9A4 . 8945 BC mov dword ptr [ebp-44], eax 0043C9A7 . 68 01030080 push 80000301 0043C9AC . 6A 00 push 0 0043C9AE . 68 01000000 push 1 0043C9B3 . 68 01030080 push 80000301 0043C9B8 . 6A 00 push 0 0043C9BA . 68 01000000 push 1 0043C9BF . 68 04000080 push 80000004 0043C9C4 . 6A 00 push 0 0043C9C6 . 8B45 BC mov eax, dword ptr [ebp-44] 0043C9C9 . 85C0 test eax, eax 0043C9CB . 75 05 jnz short 0043C9D2 0043C9CD . B8 623E5100 mov eax, 00513E62 0043C9D2 > 50 push eax 0043C9D3 . 68 03000000 push 3 0043C9D8 . BB 10844500 mov ebx, 00458410 0043C9DD . E8 F3B00100 call 00457AD5 0043C9E2 . 83C4 28 add esp, 28 0043C9E5 . 8945 B8 mov dword ptr [ebp-48], eax 0043C9E8 . 8B5D BC mov ebx, dword ptr [ebp-44] 0043C9EB . 85DB test ebx, ebx 0043C9ED . 74 09 je short 0043C9F8 0043C9EF . 53 push ebx 0043C9F0 . E8 ECB00100 call 00457AE1 0043C9F5 . 83C4 04 add esp, 4 0043C9F8 > 68 04000080 push 80000004 0043C9FD . 6A 00 push 0 0043C9FF . 8B45 B8 mov eax, dword ptr [ebp-48] 0043CA02 . 85C0 test eax, eax 0043CA04 . 75 05 jnz short 0043CA0B 0043CA06 . B8 623E5100 mov eax, 00513E62 0043CA0B > 50 push eax 0043CA0C . 68 01000000 push 1 0043CA11 . BB C0894500 mov ebx, 004589C0 0043CA16 . E8 BAB00100 call 00457AD5 0043CA1B . 83C4 10 add esp, 10 0043CA1E . 8945 B0 mov dword ptr [ebp-50], eax 0043CA21 . 8955 B4 mov dword ptr [ebp-4C], edx 0043CA24 . 8B5D B8 mov ebx, dword ptr [ebp-48] 0043CA27 . 85DB test ebx, ebx 0043CA29 . 74 09 je short 0043CA34 0043CA2B . 53 push ebx 0043CA2C . E8 B0B00100 call 00457AE1 0043CA31 . 83C4 04 add esp, 4 0043CA34 > DD45 B0 fld qword ptr [ebp-50] 0043CA37 . E8 C956FCFF call 00402105 ; 取机器码第一位 0043CA3C . 8945 F0 mov dword ptr [ebp-10], eax 0043CA3F . 6A 01 push 1 0043CA41 . FF75 F0 push dword ptr [ebp-10] 0043CA44 . E8 E7120000 call 0043DD30 ; 取 常数 “9 ” 0043CA49 . 8945 B4 mov dword ptr [ebp-4C], eax 0043CA4C . DB45 B4 fild dword ptr [ebp-4C] ; 转到堆栈 0043CA4F . DD5D B4 fstp qword ptr [ebp-4C] 0043CA52 . DD45 B4 fld qword ptr [ebp-4C] ; 机器码第一位 0043CA55 . DB45 F0 fild dword ptr [ebp-10] 0043CA58 . DD5D AC fstp qword ptr [ebp-54] 0043CA5B . DC4D AC fmul qword ptr [ebp-54] 0043CA5E . DB45 0C fild dword ptr [ebp+C] ; 算出常数 十六进制 “65 ” 十进制为101 0043CA61 . DD5D A4 fstp qword ptr [ebp-5C] 0043CA64 . DC4D A4 fmul qword ptr [ebp-5C] ; 各位相乘 0043CA67 . DD5D 9C fstp qword ptr [ebp-64] 0043CA6A . 68 01060080 push 80000601 0043CA6F . FF75 A0 push dword ptr [ebp-60] 0043CA72 . FF75 9C push dword ptr [ebp-64] 0043CA75 . 68 01000000 push 1 0043CA7A . BB 20964500 mov ebx, 00459620 0043CA7F . E8 51B00100 call 00457AD5 ; 结果转化十进制并转化字符串 0043CA84 . 83C4 10 add esp, 10 0043CA87 . 8945 98 mov dword ptr [ebp-68], eax 0043CA8A . FF75 98 push dword ptr [ebp-68] 0043CA8D . 68 B3405100 push 005140B3 ; “98 ”字符串 0043CA92 . B9 02000000 mov ecx, 2 0043CA97 . E8 2A46FCFF call 004010C6 0043CA9C . 83C4 08 add esp, 8 0043CA9F . 8945 94 mov dword ptr [ebp-6C], eax 0043CAA2 . 8B5D 98 mov ebx, dword ptr [ebp-68] 0043CAA5 . 85DB test ebx, ebx 0043CAA7 . 74 09 je short 0043CAB2 0043CAA9 . 53 push ebx 0043CAAA . E8 32B00100 call 00457AE1 0043CAAF . 83C4 04 add esp, 4 0043CAB2 > 8B45 94 mov eax, dword ptr [ebp-6C] 0043CAB5 . 50 push eax 0043CAB6 . 8B5D EC mov ebx, dword ptr [ebp-14] 0043CAB9 . 85DB test ebx, ebx 0043CABB . 74 09 je short 0043CAC6 0043CABD . 53 push ebx 0043CABE . E8 1EB00100 call 00457AE1 0043CAC3 . 83C4 04 add esp, 4 0043CAC6 > 58 pop eax 0043CAC7 . 8945 EC mov dword ptr [ebp-14], eax 0043CACA . 68 01030080 push 80000301 0043CACF . 6A 00 push 0 0043CAD1 . 68 03000000 push 3 0043CAD6 . 68 04000080 push 80000004 0043CADB . 6A 00 push 0 0043CADD . 8B45 EC mov eax, dword ptr [ebp-14] 0043CAE0 . 85C0 test eax, eax 0043CAE2 . 75 05 jnz short 0043CAE9 0043CAE4 . B8 623E5100 mov eax, 00513E62 0043CAE9 > 50 push eax 0043CAEA . 68 02000000 push 2 0043CAEF . BB 80834500 mov ebx, 00458380 0043CAF4 . E8 DCAF0100 call 00457AD5 0043CAF9 . 83C4 1C add esp, 1C 0043CAFC . 8945 BC mov dword ptr [ebp-44], eax 0043CAFF . 8B45 BC mov eax, dword ptr [ebp-44] 0043CB02 . 50 push eax 0043CB03 . 8B5D E8 mov ebx, dword ptr [ebp-18] 0043CB06 . 85DB test ebx, ebx 0043CB08 . 74 09 je short 0043CB13 0043CB0A . 53 push ebx 0043CB0B . E8 D1AF0100 call 00457AE1 0043CB10 . 83C4 04 add esp, 4 0043CB13 > 58 pop eax 0043CB14 . 8945 E8 mov dword ptr [ebp-18], eax 0043CB17 . 68 02000080 push 80000002 0043CB1C . 6A 00 push 0 0043CB1E . 68 00000000 push 0 0043CB23 . 6A 00 push 0 0043CB25 . 6A 00 push 0 0043CB27 . 6A 00 push 0 0043CB29 . 68 04000080 push 80000004 0043CB2E . 6A 00 push 0 0043CB30 . 8B45 E8 mov eax, dword ptr [ebp-18] 0043CB33 . 85C0 test eax, eax 0043CB35 . 75 05 jnz short 0043CB3C 0043CB37 . B8 623E5100 mov eax, 00513E62 0043CB3C > 50 push eax 0043CB3D . 68 04000080 push 80000004 0043CB42 . 6A 00 push 0 0043CB44 . 8B5D 08 mov ebx, dword ptr [ebp+8] 0043CB47 . 8B03 mov eax, dword ptr [ebx] ; 取 注册码 0043CB49 . 85C0 test eax, eax 0043CB4B . 75 05 jnz short 0043CB52 0043CB4D . B8 623E5100 mov eax, 00513E62 0043CB52 > 50 push eax 0043CB53 . 68 04000000 push 4 0043CB58 . BB 70864500 mov ebx, 00458670 0043CB5D . E8 73AF0100 call 00457AD5 ; 取得字符串在注册码的位数 0043CB62 . 83C4 34 add esp, 34 0043CB65 . 8945 B8 mov dword ptr [ebp-48], eax 0043CB68 . 837D B8 FF cmp dword ptr [ebp-48], -1 0043CB6C . 0F84 03000000 je 0043CB75 ; 关键跳 跳就死 0043CB72 . FF45 F8 inc dword ptr [ebp-8] 0043CB75 > 68 01030080 push 80000301 0043CB7A . 6A 00 push 0 0043CB7C . FF75 F4 push dword ptr [ebp-C] 0043CB7F . 68 01000000 push 1 0043CB84 . BB 20964500 mov ebx, 00459620 0043CB89 . E8 47AF0100 call 00457AD5 ; 再取机器码 0043CB8E . 83C4 10 add esp, 10 0043CB91 . 8945 BC mov dword ptr [ebp-44], eax 0043CB94 . 68 01030080 push 80000301 0043CB99 . 6A 00 push 0 0043CB9B . 68 01000000 push 1 0043CBA0 . 68 01030080 push 80000301 0043CBA5 . 6A 00 push 0 0043CBA7 . 68 02000000 push 2 0043CBAC . 68 04000080 push 80000004 0043CBB1 . 6A 00 push 0 0043CBB3 . 8B45 BC mov eax, dword ptr [ebp-44] 0043CBB6 . 85C0 test eax, eax 0043CBB8 . 75 05 jnz short 0043CBBF 0043CBBA . B8 623E5100 mov eax, 00513E62 0043CBBF > 50 push eax 0043CBC0 . 68 03000000 push 3 0043CBC5 . BB 10844500 mov ebx, 00458410 0043CBCA . E8 06AF0100 call 00457AD5 0043CBCF . 83C4 28 add esp, 28 0043CBD2 . 8945 B8 mov dword ptr [ebp-48], eax 0043CBD5 . 8B5D BC mov ebx, dword ptr [ebp-44] 0043CBD8 . 85DB test ebx, ebx 0043CBDA . 74 09 je short 0043CBE5 0043CBDC . 53 push ebx 0043CBDD . E8 FFAE0100 call 00457AE1 0043CBE2 . 83C4 04 add esp, 4 0043CBE5 > 68 04000080 push 80000004 0043CBEA . 6A 00 push 0 0043CBEC . 8B45 B8 mov eax, dword ptr [ebp-48] 0043CBEF . 85C0 test eax, eax 0043CBF1 . 75 05 jnz short 0043CBF8 0043CBF3 . B8 623E5100 mov eax, 00513E62 0043CBF8 > 50 push eax 0043CBF9 . 68 01000000 push 1 0043CBFE . BB C0894500 mov ebx, 004589C0 0043CC03 . E8 CDAE0100 call 00457AD5 0043CC08 . 83C4 10 add esp, 10 0043CC0B . 8945 B0 mov dword ptr [ebp-50], eax 0043CC0E . 8955 B4 mov dword ptr [ebp-4C], edx 0043CC11 . 8B5D B8 mov ebx, dword ptr [ebp-48] 0043CC14 . 85DB test ebx, ebx 0043CC16 . 74 09 je short 0043CC21 0043CC18 . 53 push ebx 0043CC19 . E8 C3AE0100 call 00457AE1 0043CC1E . 83C4 04 add esp, 4 0043CC21 > DD45 B0 fld qword ptr [ebp-50] ; 取机器码第2位 0043CC24 . E8 DC54FCFF call 00402105 0043CC29 . 8945 F0 mov dword ptr [ebp-10], eax 0043CC2C . 6A 01 push 1 0043CC2E . FF75 F0 push dword ptr [ebp-10] 0043CC31 . E8 7E130000 call 0043DFB4 0043CC36 . 8945 BC mov dword ptr [ebp-44], eax ; 取常数7 0043CC39 . DB45 0C fild dword ptr [ebp+C] 0043CC3C . DD5D B4 fstp qword ptr [ebp-4C] 0043CC3F . DD45 B4 fld qword ptr [ebp-4C] ; 常数 十六进制65 0043CC42 . DC05 60405100 fadd qword ptr [514060] ; 加1 0043CC48 . DD5D AC fstp qword ptr [ebp-54] 0043CC4B . DB45 BC fild dword ptr [ebp-44] 0043CC4E . DD5D A4 fstp qword ptr [ebp-5C] 0043CC51 . DD45 A4 fld qword ptr [ebp-5C] 0043CC54 . DB45 F0 fild dword ptr [ebp-10] 0043CC57 . DD5D 9C fstp qword ptr [ebp-64] 0043CC5A . DC4D 9C fmul qword ptr [ebp-64] 0043CC5D . DC4D AC fmul qword ptr [ebp-54] 0043CC60 . DD5D 94 fstp qword ptr [ebp-6C] ; 相乘结果 放入堆栈 0043CC63 . 68 01060080 push 80000601 0043CC68 . FF75 98 push dword ptr [ebp-68] 0043CC6B . FF75 94 push dword ptr [ebp-6C] 0043CC6E . 68 01000000 push 1 0043CC73 . BB 20964500 mov ebx, 00459620 0043CC78 . E8 58AE0100 call 00457AD5 ; 结果转为十进制字符串 0043CC7D . 83C4 10 add esp, 10 0043CC80 . 8945 90 mov dword ptr [ebp-70], eax 0043CC83 . 8B45 90 mov eax, dword ptr [ebp-70] 0043CC86 . 50 push eax 0043CC87 . 8B5D E4 mov ebx, dword ptr [ebp-1C] 0043CC8A . 85DB test ebx, ebx 0043CC8C . 74 09 je short 0043CC97 0043CC8E . 53 push ebx 0043CC8F . E8 4DAE0100 call 00457AE1 0043CC94 . 83C4 04 add esp, 4 0043CC97 > 58 pop eax 0043CC98 . 8945 E4 mov dword ptr [ebp-1C], eax 0043CC9B . 68 02000080 push 80000002 0043CCA0 . 6A 00 push 0 0043CCA2 . 68 00000000 push 0 0043CCA7 . 6A 00 push 0 0043CCA9 . 6A 00 push 0 0043CCAB . 6A 00 push 0 0043CCAD . 68 04000080 push 80000004 0043CCB2 . 6A 00 push 0 0043CCB4 . 8B45 E4 mov eax, dword ptr [ebp-1C] 0043CCB7 . 85C0 test eax, eax 0043CCB9 . 75 05 jnz short 0043CCC0 0043CCBB . B8 623E5100 mov eax, 00513E62 0043CCC0 > 50 push eax 0043CCC1 . 68 04000080 push 80000004 0043CCC6 . 6A 00 push 0 0043CCC8 . 8B5D 08 mov ebx, dword ptr [ebp+8] 0043CCCB . 8B03 mov eax, dword ptr [ebx] ; 取 注册码 0043CCCD . 85C0 test eax, eax 0043CCCF . 75 05 jnz short 0043CCD6 0043CCD1 . B8 623E5100 mov eax, 00513E62 0043CCD6 > 50 push eax 0043CCD7 . 68 04000000 push 4 0043CCDC . BB 70864500 mov ebx, 00458670 0043CCE1 . E8 EFAD0100 call 00457AD5 ; 取得字符串在注册码的位数 0043CCE6 . 83C4 34 add esp, 34 0043CCE9 . 8945 B8 mov dword ptr [ebp-48], eax 0043CCEC . 837D B8 FF cmp dword ptr [ebp-48], -1 0043CCF0 . 0F84 03000000 je 0043CCF9 ; 关键跳 跳就死 0043CCF6 . FF45 F8 inc dword ptr [ebp-8] 0043CCF9 > 68 01030080 push 80000301 0043CCFE . 6A 00 push 0 0043CD00 . FF75 F4 push dword ptr [ebp-C] 0043CD03 . 68 01000000 push 1 0043CD08 . BB 20964500 mov ebx, 00459620 0043CD0D . E8 C3AD0100 call 00457AD5 0043CD12 . 83C4 10 add esp, 10 0043CD15 . 8945 BC mov dword ptr [ebp-44], eax 0043CD18 . 68 01030080 push 80000301 0043CD1D . 6A 00 push 0 0043CD1F . 68 01000000 push 1 0043CD24 . 68 01030080 push 80000301 0043CD29 . 6A 00 push 0 0043CD2B . 68 03000000 push 3 0043CD30 . 68 04000080 push 80000004 0043CD35 . 6A 00 push 0 0043CD37 . 8B45 BC mov eax, dword ptr [ebp-44] 0043CD3A . 85C0 test eax, eax 0043CD3C . 75 05 jnz short 0043CD43 0043CD3E . B8 623E5100 mov eax, 00513E62 0043CD43 > 50 push eax 0043CD44 . 68 03000000 push 3 0043CD49 . BB 10844500 mov ebx, 00458410 0043CD4E . E8 82AD0100 call 00457AD5 0043CD53 . 83C4 28 add esp, 28 0043CD56 . 8945 B8 mov dword ptr [ebp-48], eax 0043CD59 . 8B5D BC mov ebx, dword ptr [ebp-44] 0043CD5C . 85DB test ebx, ebx 0043CD5E . 74 09 je short 0043CD69 0043CD60 . 53 push ebx 0043CD61 . E8 7BAD0100 call 00457AE1 0043CD66 . 83C4 04 add esp, 4 0043CD69 > 68 04000080 push 80000004 0043CD6E . 6A 00 push 0 0043CD70 . 8B45 B8 mov eax, dword ptr [ebp-48] 0043CD73 . 85C0 test eax, eax 0043CD75 . 75 05 jnz short 0043CD7C 0043CD77 . B8 623E5100 mov eax, 00513E62 0043CD7C > 50 push eax 0043CD7D . 68 01000000 push 1 0043CD82 . BB C0894500 mov ebx, 004589C0 0043CD87 . E8 49AD0100 call 00457AD5 0043CD8C . 83C4 10 add esp, 10 0043CD8F . 8945 B0 mov dword ptr [ebp-50], eax 0043CD92 . 8955 B4 mov dword ptr [ebp-4C], edx 0043CD95 . 8B5D B8 mov ebx, dword ptr [ebp-48] 0043CD98 . 85DB test ebx, ebx 0043CD9A . 74 09 je short 0043CDA5 0043CD9C . 53 push ebx 0043CD9D . E8 3FAD0100 call 00457AE1 0043CDA2 . 83C4 04 add esp, 4 0043CDA5 > DD45 B0 fld qword ptr [ebp-50] 0043CDA8 . E8 5853FCFF call 00402105 0043CDAD . 8945 F0 mov dword ptr [ebp-10], eax 0043CDB0 . 6A 01 push 1 0043CDB2 . FF75 F0 push dword ptr [ebp-10] 0043CDB5 . E8 5C170000 call 0043E516 0043CDBA . 8945 B4 mov dword ptr [ebp-4C], eax 0043CDBD . DB45 B4 fild dword ptr [ebp-4C] 0043CDC0 . DD5D B4 fstp qword ptr [ebp-4C] 0043CDC3 . DD45 B4 fld qword ptr [ebp-4C] 0043CDC6 . DB45 F0 fild dword ptr [ebp-10] 0043CDC9 . DD5D AC fstp qword ptr [ebp-54] 0043CDCC . DC4D AC fmul qword ptr [ebp-54] 0043CDCF . DB45 0C fild dword ptr [ebp+C] 0043CDD2 . DD5D A4 fstp qword ptr [ebp-5C] 0043CDD5 . DC4D A4 fmul qword ptr [ebp-5C] 0043CDD8 . DD5D 9C fstp qword ptr [ebp-64] 0043CDDB . 68 01060080 push 80000601 0043CDE0 . FF75 A0 push dword ptr [ebp-60] 0043CDE3 . FF75 9C push dword ptr [ebp-64] 0043CDE6 . 68 01000000 push 1 0043CDEB . BB 20964500 mov ebx, 00459620 0043CDF0 . E8 E0AC0100 call 00457AD5 0043CDF5 . 83C4 10 add esp, 10 0043CDF8 . 8945 98 mov dword ptr [ebp-68], eax 0043CDFB . 8B45 98 mov eax, dword ptr [ebp-68] 0043CDFE . 50 push eax 0043CDFF . 8B5D E0 mov ebx, dword ptr [ebp-20] 0043CE02 . 85DB test ebx, ebx 0043CE04 . 74 09 je short 0043CE0F 0043CE06 . 53 push ebx 0043CE07 . E8 D5AC0100 call 00457AE1 0043CE0C . 83C4 04 add esp, 4 0043CE0F > 58 pop eax 0043CE10 . 8945 E0 mov dword ptr [ebp-20], eax 0043CE13 . 68 02000080 push 80000002 0043CE18 . 6A 00 push 0 0043CE1A . 68 00000000 push 0 0043CE1F . 6A 00 push 0 0043CE21 . 6A 00 push 0 0043CE23 . 6A 00 push 0 0043CE25 . 68 04000080 push 80000004 0043CE2A . 6A 00 push 0 0043CE2C . 8B45 E0 mov eax, dword ptr [ebp-20] 0043CE2F . 85C0 test eax, eax 0043CE31 . 75 05 jnz short 0043CE38 0043CE33 . B8 623E5100 mov eax, 00513E62 0043CE38 > 50 push eax 0043CE39 . 68 04000080 push 80000004 0043CE3E . 6A 00 push 0 0043CE40 . 8B5D 08 mov ebx, dword ptr [ebp+8] 0043CE43 . 8B03 mov eax, dword ptr [ebx] 0043CE45 . 85C0 test eax, eax 0043CE47 . 75 05 jnz short 0043CE4E 0043CE49 . B8 623E5100 mov eax, 00513E62 0043CE4E > 50 push eax 0043CE4F . 68 04000000 push 4 0043CE54 . BB 70864500 mov ebx, 00458670 0043CE59 . E8 77AC0100 call 00457AD5 0043CE5E . 83C4 34 add esp, 34 0043CE61 . 8945 B8 mov dword ptr [ebp-48], eax 0043CE64 . 837D B8 FF cmp dword ptr [ebp-48], -1 0043CE68 . 0F84 03000000 je 0043CE71 0043CE6E . FF45 F8 inc dword ptr [ebp-8] 0043CE71 > 68 01030080 push 80000301 0043CE76 . 6A 00 push 0 0043CE78 . FF75 F4 push dword ptr [ebp-C] 0043CE7B . 68 01000000 push 1 0043CE80 . BB 20964500 mov ebx, 00459620 0043CE85 . E8 4BAC0100 call 00457AD5 0043CE8A . 83C4 10 add esp, 10 0043CE8D . 8945 BC mov dword ptr [ebp-44], eax 0043CE90 . 68 01030080 push 80000301 0043CE95 . 6A 00 push 0 0043CE97 . 68 01000000 push 1 0043CE9C . 68 01030080 push 80000301 0043CEA1 . 6A 00 push 0 0043CEA3 . 68 04000000 push 4 0043CEA8 . 68 04000080 push 80000004 0043CEAD . 6A 00 push 0 0043CEAF . 8B45 BC mov eax, dword ptr [ebp-44] 0043CEB2 . 85C0 test eax, eax 0043CEB4 . 75 05 jnz short 0043CEBB 0043CEB6 . B8 623E5100 mov eax, 00513E62 0043CEBB > 50 push eax 0043CEBC . 68 03000000 push 3 0043CEC1 . BB 10844500 mov ebx, 00458410 0043CEC6 . E8 0AAC0100 call 00457AD5 0043CECB . 83C4 28 add esp, 28 0043CECE . 8945 B8 mov dword ptr [ebp-48], eax 0043CED1 . 8B5D BC mov ebx, dword ptr [ebp-44] 0043CED4 . 85DB test ebx, ebx 0043CED6 . 74 09 je short 0043CEE1 0043CED8 . 53 push ebx 0043CED9 . E8 03AC0100 call 00457AE1 0043CEDE . 83C4 04 add esp, 4 0043CEE1 > 68 04000080 push 80000004 0043CEE6 . 6A 00 push 0 0043CEE8 . 8B45 B8 mov eax, dword ptr [ebp-48] 0043CEEB . 85C0 test eax, eax 0043CEED . 75 05 jnz short 0043CEF4 0043CEEF . B8 623E5100 mov eax, 00513E62 0043CEF4 > 50 push eax 0043CEF5 . 68 01000000 push 1 0043CEFA . BB C0894500 mov ebx, 004589C0 0043CEFF . E8 D1AB0100 call 00457AD5 0043CF04 . 83C4 10 add esp, 10 0043CF07 . 8945 B0 mov dword ptr [ebp-50], eax 0043CF0A . 8955 B4 mov dword ptr [ebp-4C], edx 0043CF0D . 8B5D B8 mov ebx, dword ptr [ebp-48] 0043CF10 . 85DB test ebx, ebx 0043CF12 . 74 09 je short 0043CF1D 0043CF14 . 53 push ebx 0043CF15 . E8 C7AB0100 call 00457AE1 0043CF1A . 83C4 04 add esp, 4 0043CF1D > DD45 B0 fld qword ptr [ebp-50] 0043CF20 . E8 E051FCFF call 00402105 0043CF25 . 8945 F0 mov dword ptr [ebp-10], eax 0043CF28 . 6A 01 push 1 0043CF2A . FF75 F0 push dword ptr [ebp-10] 0043CF2D . E8 25170000 call 0043E657 0043CF32 . 8945 B4 mov dword ptr [ebp-4C], eax 0043CF35 . DB45 B4 fild dword ptr [ebp-4C] 0043CF38 . DD5D B4 fstp qword ptr [ebp-4C] 0043CF3B . DD45 B4 fld qword ptr [ebp-4C] 0043CF3E . DB45 F0 fild dword ptr [ebp-10] 0043CF41 . DD5D AC fstp qword ptr [ebp-54] 0043CF44 . DC4D AC fmul qword ptr [ebp-54] 0043CF47 . DD5D A4 fstp qword ptr [ebp-5C] 0043CF4A . 68 01060080 push 80000601 0043CF4F . FF75 A8 push dword ptr [ebp-58] 0043CF52 . FF75 A4 push dword ptr [ebp-5C] 0043CF55 . 68 01000000 push 1 0043CF5A . BB 20964500 mov ebx, 00459620 0043CF5F . E8 71AB0100 call 00457AD5 0043CF64 . 83C4 10 add esp, 10 0043CF67 . 8945 A0 mov dword ptr [ebp-60], eax 0043CF6A . 8B45 A0 mov eax, dword ptr [ebp-60] 0043CF6D . 50 push eax 0043CF6E . 8B5D DC mov ebx, dword ptr [ebp-24] 0043CF71 . 85DB test ebx, ebx 0043CF73 . 74 09 je short 0043CF7E 0043CF75 . 53 push ebx 0043CF76 . E8 66AB0100 call 00457AE1 0043CF7B . 83C4 04 add esp, 4 0043CF7E > 58 pop eax 0043CF7F . 8945 DC mov dword ptr [ebp-24], eax 0043CF82 . 68 02000080 push 80000002 0043CF87 . 6A 00 push 0 0043CF89 . 68 00000000 push 0 0043CF8E . 6A 00 push 0 0043CF90 . 6A 00 push 0 0043CF92 . 6A 00 push 0 0043CF94 . 68 04000080 push 80000004 0043CF99 . 6A 00 push 0 0043CF9B . 8B45 DC mov eax, dword ptr [ebp-24] 0043CF9E . 85C0 test eax, eax 0043CFA0 . 75 05 jnz short 0043CFA7 0043CFA2 . B8 623E5100 mov eax, 00513E62 0043CFA7 > 50 push eax 0043CFA8 . 68 04000080 push 80000004 0043CFAD . 6A 00 push 0 0043CFAF . 8B5D 08 mov ebx, dword ptr [ebp+8] 0043CFB2 . 8B03 mov eax, dword ptr [ebx] 0043CFB4 . 85C0 test eax, eax 0043CFB6 . 75 05 jnz short 0043CFBD 0043CFB8 . B8 623E5100 mov eax, 00513E62 0043CFBD > 50 push eax 0043CFBE . 68 04000000 push 4 0043CFC3 . BB 70864500 mov ebx, 00458670 0043CFC8 . E8 08AB0100 call 00457AD5 0043CFCD . 83C4 34 add esp, 34 0043CFD0 . 8945 B8 mov dword ptr [ebp-48], eax 0043CFD3 . 837D B8 FF cmp dword ptr [ebp-48], -1 0043CFD7 . 0F84 03000000 je 0043CFE0 0043CFDD . FF45 F8 inc dword ptr [ebp-8] 0043CFE0 > 68 01030080 push 80000301 0043CFE5 . 6A 00 push 0 0043CFE7 . FF75 F4 push dword ptr [ebp-C] 0043CFEA . 68 01000000 push 1 0043CFEF . BB 20964500 mov ebx, 00459620 0043CFF4 . E8 DCAA0100 call 00457AD5 0043CFF9 . 83C4 10 add esp, 10 0043CFFC . 8945 BC mov dword ptr [ebp-44], eax 0043CFFF . 68 01030080 push 80000301 0043D004 . 6A 00 push 0 0043D006 . 68 01000000 push 1 0043D00B . 68 01030080 push 80000301 0043D010 . 6A 00 push 0 0043D012 . 68 05000000 push 5 0043D017 . 68 04000080 push 80000004 0043D01C . 6A 00 push 0 0043D01E . 8B45 BC mov eax, dword ptr [ebp-44] 0043D021 . 85C0 test eax, eax 0043D023 . 75 05 jnz short 0043D02A 0043D025 . B8 623E5100 mov eax, 00513E62 0043D02A > 50 push eax 0043D02B . 68 03000000 push 3 0043D030 . BB 10844500 mov ebx, 00458410 0043D035 . E8 9BAA0100 call 00457AD5 0043D03A . 83C4 28 add esp, 28 0043D03D . 8945 B8 mov dword ptr [ebp-48], eax 0043D040 . 8B5D BC mov ebx, dword ptr [ebp-44] 0043D043 . 85DB test ebx, ebx 0043D045 . 74 09 je short 0043D050 0043D047 . 53 push ebx 0043D048 . E8 94AA0100 call 00457AE1 0043D04D . 83C4 04 add esp, 4 0043D050 > 68 04000080 push 80000004 0043D055 . 6A 00 push 0 0043D057 . 8B45 B8 mov eax, dword ptr [ebp-48] 0043D05A . 85C0 test eax, eax 0043D05C . 75 05 jnz short 0043D063 0043D05E . B8 623E5100 mov eax, 00513E62 0043D063 > 50 push eax 0043D064 . 68 01000000 push 1 0043D069 . BB C0894500 mov ebx, 004589C0 0043D06E . E8 62AA0100 call 00457AD5 0043D073 . 83C4 10 add esp, 10 0043D076 . 8945 B0 mov dword ptr [ebp-50], eax 0043D079 . 8955 B4 mov dword ptr [ebp-4C], edx 0043D07C . 8B5D B8 mov ebx, dword ptr [ebp-48] 0043D07F . 85DB test ebx, ebx 0043D081 . 74 09 je short 0043D08C 0043D083 . 53 push ebx 0043D084 . E8 58AA0100 call 00457AE1 0043D089 . 83C4 04 add esp, 4 0043D08C > DD45 B0 fld qword ptr [ebp-50] 0043D08F . E8 7150FCFF call 00402105 0043D094 . 8945 F0 mov dword ptr [ebp-10], eax 0043D097 . 6A 01 push 1 0043D099 . FF75 F0 push dword ptr [ebp-10] 0043D09C . E8 D24C0000 call 00441D73 0043D0A1 . 8945 B4 mov dword ptr [ebp-4C], eax 0043D0A4 . DB45 B4 fild dword ptr [ebp-4C] 0043D0A7 . DD5D B4 fstp qword ptr [ebp-4C] 0043D0AA . DD45 B4 fld qword ptr [ebp-4C] 0043D0AD . DB45 F0 fild dword ptr [ebp-10] 0043D0B0 . DD5D AC fstp qword ptr [ebp-54] 0043D0B3 . DC4D AC fmul qword ptr [ebp-54] 0043D0B6 . DB45 0C fild dword ptr [ebp+C] 0043D0B9 . DD5D A4 fstp qword ptr [ebp-5C] 0043D0BC . DC4D A4 fmul qword ptr [ebp-5C] 0043D0BF . DD5D 9C fstp qword ptr [ebp-64] 0043D0C2 . 68 01060080 push 80000601 0043D0C7 . FF75 A0 push dword ptr [ebp-60] 0043D0CA . FF75 9C push dword ptr [ebp-64] 0043D0CD . 68 01000000 push 1 0043D0D2 . BB 20964500 mov ebx, 00459620 0043D0D7 . E8 F9A90100 call 00457AD5 0043D0DC . 83C4 10 add esp, 10 0043D0DF . 8945 98 mov dword ptr [ebp-68], eax 0043D0E2 . 8B45 98 mov eax, dword ptr [ebp-68] 0043D0E5 . 50 push eax 0043D0E6 . 8B5D D8 mov ebx, dword ptr [ebp-28] 0043D0E9 . 85DB test ebx, ebx 0043D0EB . 74 09 je short 0043D0F6 0043D0ED . 53 push ebx 0043D0EE . E8 EEA90100 call 00457AE1 0043D0F3 . 83C4 04 add esp, 4 0043D0F6 > 58 pop eax 0043D0F7 . 8945 D8 mov dword ptr [ebp-28], eax 0043D0FA . 68 02000080 push 80000002 0043D0FF . 6A 00 push 0 0043D101 . 68 00000000 push 0 0043D106 . 6A 00 push 0 0043D108 . 6A 00 push 0 0043D10A . 6A 00 push 0 0043D10C . 68 04000080 push 80000004 0043D111 . 6A 00 push 0 0043D113 . 8B45 D8 mov eax, dword ptr [ebp-28] 0043D116 . 85C0 test eax, eax 0043D118 . 75 05 jnz short 0043D11F 0043D11A . B8 623E5100 mov eax, 00513E62 0043D11F > 50 push eax 0043D120 . 68 04000080 push 80000004 0043D125 . 6A 00 push 0 0043D127 . 8B5D 08 mov ebx, dword ptr [ebp+8] 0043D12A . 8B03 mov eax, dword ptr [ebx] 0043D12C . 85C0 test eax, eax 0043D12E . 75 05 jnz short 0043D135 0043D130 . B8 623E5100 mov eax, 00513E62 0043D135 > 50 push eax 0043D136 . 68 04000000 push 4 0043D13B . BB 70864500 mov ebx, 00458670 0043D140 . E8 90A90100 call 00457AD5 0043D145 . 83C4 34 add esp, 34 0043D148 . 8945 B8 mov dword ptr [ebp-48], eax 0043D14B . 837D B8 FF cmp dword ptr [ebp-48], -1 0043D14F . 0F84 03000000 je 0043D158 0043D155 . FF45 F8 inc dword ptr [ebp-8] 0043D158 > 68 01030080 push 80000301 0043D15D . 6A 00 push 0 0043D15F . FF75 F4 push dword ptr [ebp-C] 0043D162 . 68 01000000 push 1 0043D167 . BB 20964500 mov ebx, 00459620 0043D16C . E8 64A90100 call 00457AD5 0043D171 . 83C4 10 add esp, 10 0043D174 . 8945 BC mov dword ptr [ebp-44], eax 0043D177 . 68 01030080 push 80000301 0043D17C . 6A 00 push 0 0043D17E . 68 01000000 push 1 0043D183 . 68 01030080 push 80000301 0043D188 . 6A 00 push 0 0043D18A . 68 06000000 push 6 0043D18F . 68 04000080 push 80000004 0043D194 . 6A 00 push 0 0043D196 . 8B45 BC mov eax, dword ptr [ebp-44] 0043D199 . 85C0 test eax, eax 0043D19B . 75 05 jnz short 0043D1A2 0043D19D . B8 623E5100 mov eax, 00513E62 0043D1A2 > 50 push eax 0043D1A3 . 68 03000000 push 3 0043D1A8 . BB 10844500 mov ebx, 00458410 0043D1AD . E8 23A90100 call 00457AD5 0043D1B2 . 83C4 28 add esp, 28 0043D1B5 . 8945 B8 mov dword ptr [ebp-48], eax 0043D1B8 . 8B5D BC mov ebx, dword ptr [ebp-44] 0043D1BB . 85DB test ebx, ebx 0043D1BD . 74 09 je short 0043D1C8 0043D1BF . 53 push ebx 0043D1C0 . E8 1CA90100 call 00457AE1 0043D1C5 . 83C4 04 add esp, 4 0043D1C8 > 68 04000080 push 80000004 0043D1CD . 6A 00 push 0 0043D1CF . 8B45 B8 mov eax, dword ptr [ebp-48] 0043D1D2 . 85C0 test eax, eax 0043D1D4 . 75 05 jnz short 0043D1DB 0043D1D6 . B8 623E5100 mov eax, 00513E62 0043D1DB > 50 push eax 0043D1DC . 68 01000000 push 1 0043D1E1 . BB C0894500 mov ebx, 004589C0 0043D1E6 . E8 EAA80100 call 00457AD5 0043D1EB . 83C4 10 add esp, 10 0043D1EE . 8945 B0 mov dword ptr [ebp-50], eax 0043D1F1 . 8955 B4 mov dword ptr [ebp-4C], edx 0043D1F4 . 8B5D B8 mov ebx, dword ptr [ebp-48] 0043D1F7 . 85DB test ebx, ebx 0043D1F9 . 74 09 je short 0043D204 0043D1FB . 53 push ebx 0043D1FC . E8 E0A80100 call 00457AE1 0043D201 . 83C4 04 add esp, 4 0043D204 > DD45 B0 fld qword ptr [ebp-50] 0043D207 . E8 F94EFCFF call 00402105 0043D20C . 8945 F0 mov dword ptr [ebp-10], eax 0043D20F . 6A 01 push 1 0043D211 . FF75 F0 push dword ptr [ebp-10] 0043D214 . E8 A44F0000 call 004421BD 0043D219 . 8945 B4 mov dword ptr [ebp-4C], eax 0043D21C . DB45 B4 fild dword ptr [ebp-4C] 0043D21F . DD5D B4 fstp qword ptr [ebp-4C] 0043D222 . DD45 B4 fld qword ptr [ebp-4C] 0043D225 . DB45 F0 fild dword ptr [ebp-10] 0043D228 . DD5D AC fstp qword ptr [ebp-54] 0043D22B . DC4D AC fmul qword ptr [ebp-54] 0043D22E . DB45 0C fild dword ptr [ebp+C] 0043D231 . DD5D A4 fstp qword ptr [ebp-5C] 0043D234 . DC4D A4 fmul qword ptr [ebp-5C] 0043D237 . DD5D 9C fstp qword ptr [ebp-64] 0043D23A . 68 01060080 push 80000601 0043D23F . FF75 A0 push dword ptr [ebp-60] 0043D242 . FF75 9C push dword ptr [ebp-64] 0043D245 . 68 01000000 push 1 0043D24A . BB 20964500 mov ebx, 00459620 0043D24F . E8 81A80100 call 00457AD5 0043D254 . 83C4 10 add esp, 10 0043D257 . 8945 98 mov dword ptr [ebp-68], eax 0043D25A . 8B45 98 mov eax, dword ptr [ebp-68] 0043D25D . 50 push eax 0043D25E . 8B5D D4 mov ebx, dword ptr [ebp-2C] 0043D261 . 85DB test ebx, ebx 0043D263 . 74 09 je short 0043D26E 0043D265 . 53 push ebx 0043D266 . E8 76A80100 call 00457AE1 0043D26B . 83C4 04 add esp, 4 0043D26E > 58 pop eax 0043D26F . 8945 D4 mov dword ptr [ebp-2C], eax 0043D272 . 68 02000080 push 80000002 0043D277 . 6A 00 push 0 0043D279 . 68 00000000 push 0 0043D27E . 6A 00 push 0 0043D280 . 6A 00 push 0 0043D282 . 6A 00 push 0 0043D284 . 68 04000080 push 80000004 0043D289 . 6A 00 push 0 0043D28B . 8B45 D4 mov eax, dword ptr [ebp-2C] 0043D28E . 85C0 test eax, eax 0043D290 . 75 05 jnz short 0043D297 0043D292 . B8 623E5100 mov eax, 00513E62 0043D297 > 50 push eax 0043D298 . 68 04000080 push 80000004 0043D29D . 6A 00 push 0 0043D29F . 8B5D 08 mov ebx, dword ptr [ebp+8] 0043D2A2 . 8B03 mov eax, dword ptr [ebx] 0043D2A4 . 85C0 test eax, eax 0043D2A6 . 75 05 jnz short 0043D2AD 0043D2A8 . B8 623E5100 mov eax, 00513E62 0043D2AD > 50 push eax 0043D2AE . 68 04000000 push 4 0043D2B3 . BB 70864500 mov ebx, 00458670 0043D2B8 . E8 18A80100 call 00457AD5 0043D2BD . 83C4 34 add esp, 34 0043D2C0 . 8945 B8 mov dword ptr [ebp-48], eax 0043D2C3 . 837D B8 FF cmp dword ptr [ebp-48], -1 0043D2C7 . 0F84 03000000 je 0043D2D0 0043D2CD . FF45 F8 inc dword ptr [ebp-8] 0043D2D0 > E8 4E550000 call 00442823 ; 以下几个CALL为上面算法复制直接跳到下面 0043D2D5 . E8 51580000 call 00442B2B 0043D2DA . E8 545B0000 call 00442E33 0043D2DF . E8 575E0000 call 0044313B ; 这是软件作者为防爆破的障眼法,呵呵 0043D2E4 . E8 5A610000 call 00443443 0043D2E9 . E8 5D640000 call 0044374B 0043D2EE . E8 60670000 call 00443A53 0043D2F3 . E8 636A0000 call 00443D5B 0043D2F8 . E8 666D0000 call 00444063 0043D2FD . E8 69700000 call 0044436B 0043D302 . E8 6C730000 call 00444673 0043D307 . E8 6F760000 call 0044497B 0043D30C . E8 72790000 call 00444C83 0043D311 . 68 B6405100 push 005140B6 ; 7 固定字符串 0043D316 . FF75 EC push dword ptr [ebp-14] 0043D319 . B9 02000000 mov ecx, 2 0043D31E . E8 A33DFCFF call 004010C6 0043D323 . 83C4 08 add esp, 8 0043D326 . 8945 BC mov dword ptr [ebp-44], eax 0043D329 . 8B45 BC mov eax, dword ptr [ebp-44] 0043D32C . 50 push eax 0043D32D . 8B5D EC mov ebx, dword ptr [ebp-14] 0043D330 . 85DB test ebx, ebx 0043D332 . 74 09 je short 0043D33D 0043D334 . 53 push ebx 0043D335 . E8 A7A70100 call 00457AE1 0043D33A . 83C4 04 add esp, 4 0043D33D > 58 pop eax 0043D33E . 8945 EC mov dword ptr [ebp-14], eax 0043D341 . 68 01030080 push 80000301 0043D346 . 6A 00 push 0 0043D348 . FF75 F4 push dword ptr [ebp-C] 0043D34B . 68 01000000 push 1 0043D350 . BB 20964500 mov ebx, 00459620 0043D355 . E8 7BA70100 call 00457AD5 0043D35A . 83C4 10 add esp, 10 0043D35D . 8945 BC mov dword ptr [ebp-44], eax 0043D360 . 68 01030080 push 80000301 0043D365 . 6A 00 push 0 0043D367 . 68 01000000 push 1 0043D36C . 68 01030080 push 80000301 0043D371 . 6A 00 push 0 0043D373 . 68 08000000 push 8 0043D378 . 68 04000080 push 80000004 0043D37D . 6A 00 push 0 0043D37F . 8B45 BC mov eax, dword ptr [ebp-44] 0043D382 . 85C0 test eax, eax 0043D384 . 75 05 jnz short 0043D38B 0043D386 . B8 623E5100 mov eax, 00513E62 0043D38B > 50 push eax 0043D38C . 68 03000000 push 3 0043D391 . BB 10844500 mov ebx, 00458410 0043D396 . E8 3AA70100 call 00457AD5 0043D39B . 83C4 28 add esp, 28 0043D39E . 8945 B8 mov dword ptr [ebp-48], eax 0043D3A1 . 8B5D BC mov ebx, dword ptr [ebp-44] 0043D3A4 . 85DB test ebx, ebx 0043D3A6 . 74 09 je short 0043D3B1 0043D3A8 . 53 push ebx 0043D3A9 . E8 33A70100 call 00457AE1 0043D3AE . 83C4 04 add esp, 4 0043D3B1 > 68 04000080 push 80000004 0043D3B6 . 6A 00 push 0 0043D3B8 . 8B45 B8 mov eax, dword ptr [ebp-48] 0043D3BB . 85C0 test eax, eax 0043D3BD . 75 05 jnz short 0043D3C4 0043D3BF . B8 623E5100 mov eax, 00513E62 0043D3C4 > 50 push eax 0043D3C5 . 68 01000000 push 1 0043D3CA . BB C0894500 mov ebx, 004589C0 0043D3CF . E8 01A70100 call 00457AD5 0043D3D4 . 83C4 10 add esp, 10 0043D3D7 . 8945 B0 mov dword ptr [ebp-50], eax 0043D3DA . 8955 B4 mov dword ptr [ebp-4C], edx 0043D3DD . 8B5D B8 mov ebx, dword ptr [ebp-48] 0043D3E0 . 85DB test ebx, ebx 0043D3E2 . 74 09 je short 0043D3ED 0043D3E4 . 53 push ebx 0043D3E5 . E8 F7A60100 call 00457AE1 0043D3EA . 83C4 04 add esp, 4 0043D3ED > DD45 B0 fld qword ptr [ebp-50] 0043D3F0 . E8 104DFCFF call 00402105 0043D3F5 . 8945 F0 mov dword ptr [ebp-10], eax 0043D3F8 . 6A 01 push 1 0043D3FA . FF75 F0 push dword ptr [ebp-10] 0043D3FD . E8 897B0000 call 00444F8B 0043D402 . 8945 B4 mov dword ptr [ebp-4C], eax 0043D405 . DB45 B4 fild dword ptr [ebp-4C] 0043D408 . DD5D B4 fstp qword ptr [ebp-4C] 0043D40B . DD45 B4 fld qword ptr [ebp-4C] 0043D40E . DB45 F0 fild dword ptr [ebp-10] 0043D411 . DD5D AC fstp qword ptr [ebp-54] 0043D414 . DC4D AC fmul qword ptr [ebp-54] 0043D417 . DB45 0C fild dword ptr [ebp+C] 0043D41A . DD5D A4 fstp qword ptr [ebp-5C] 0043D41D . DC4D A4 fmul qword ptr [ebp-5C] 0043D420 . DD5D 9C fstp qword ptr [ebp-64] 0043D423 . 68 01060080 push 80000601 0043D428 . FF75 A0 push dword ptr [ebp-60] 0043D42B . FF75 9C push dword ptr [ebp-64] 0043D42E . 68 01000000 push 1 0043D433 . BB 20964500 mov ebx, 00459620 0043D438 . E8 98A60100 call 00457AD5 0043D43D . 83C4 10 add esp, 10 0043D440 . 8945 98 mov dword ptr [ebp-68], eax 0043D443 . 8B45 98 mov eax, dword ptr [ebp-68] 0043D446 . 50 push eax 0043D447 . 8B5D D0 mov ebx, dword ptr [ebp-30] 0043D44A . 85DB test ebx, ebx 0043D44C . 74 09 je short 0043D457 0043D44E . 53 push ebx 0043D44F . E8 8DA60100 call 00457AE1 0043D454 . 83C4 04 add esp, 4 0043D457 > 58 pop eax 0043D458 . 8945 D0 mov dword ptr [ebp-30], eax 0043D45B . 68 02000080 push 80000002 0043D460 . 6A 00 push 0 0043D462 . 68 00000000 push 0 0043D467 . 6A 00 push 0 0043D469 . 6A 00 push 0 0043D46B . 6A 00 push 0 0043D46D . 68 04000080 push 80000004 0043D472 . 6A 00 push 0 0043D474 . 8B45 D0 mov eax, dword ptr [ebp-30] 0043D477 . 85C0 test eax, eax 0043D479 . 75 05 jnz short 0043D480 0043D47B . B8 623E5100 mov eax, 00513E62 0043D480 > 50 push eax 0043D481 . 68 04000080 push 80000004 0043D486 . 6A 00 push 0 0043D488 . 8B5D 08 mov ebx, dword ptr [ebp+8] 0043D48B . 8B03 mov eax, dword ptr [ebx] 0043D48D . 85C0 test eax, eax 0043D48F . 75 05 jnz short 0043D496 0043D491 . B8 623E5100 mov eax, 00513E62 0043D496 > 50 push eax 0043D497 . 68 04000000 push 4 0043D49C . BB 70864500 mov ebx, 00458670 0043D4A1 . E8 2FA60100 call 00457AD5 0043D4A6 . 83C4 34 add esp, 34 0043D4A9 . 8945 B8 mov dword ptr [ebp-48], eax 0043D4AC . 837D B8 FF cmp dword ptr [ebp-48], -1 0043D4B0 . 0F84 03000000 je 0043D4B9 0043D4B6 . FF45 F8 inc dword ptr [ebp-8] 0043D4B9 > 68 01030080 push 80000301 0043D4BE . 6A 00 push 0 0043D4C0 . FF75 F4 push dword ptr [ebp-C] 0043D4C3 . 68 01000000 push 1 0043D4C8 . BB 20964500 mov ebx, 00459620 0043D4CD . E8 03A60100 call 00457AD5 0043D4D2 . 83C4 10 add esp, 10 0043D4D5 . 8945 BC mov dword ptr [ebp-44], eax 0043D4D8 . 68 01030080 push 80000301 0043D4DD . 6A 00 push 0 0043D4DF . 68 01000000 push 1 0043D4E4 . 68 01030080 push 80000301 0043D4E9 . 6A 00 push 0 0043D4EB . 68 09000000 push 9 0043D4F0 . 68 04000080 push 80000004 0043D4F5 . 6A 00 push 0 0043D4F7 . 8B45 BC mov eax, dword ptr [ebp-44] 0043D4FA . 85C0 test eax, eax 0043D4FC . 75 05 jnz short 0043D503 0043D4FE . B8 623E5100 mov eax, 00513E62 0043D503 > 50 push eax 0043D504 . 68 03000000 push 3 0043D509 . BB 10844500 mov ebx, 00458410 0043D50E . E8 C2A50100 call 00457AD5 0043D513 . 83C4 28 add esp, 28 0043D516 . 8945 B8 mov dword ptr [ebp-48], eax 0043D519 . 8B5D BC mov ebx, dword ptr [ebp-44] 0043D51C . 85DB test ebx, ebx 0043D51E . 74 09 je short 0043D529 0043D520 . 53 push ebx 0043D521 . E8 BBA50100 call 00457AE1 0043D526 . 83C4 04 add esp, 4 0043D529 > 68 04000080 push 80000004 0043D52E . 6A 00 push 0 0043D530 . 8B45 B8 mov eax, dword ptr [ebp-48] 0043D533 . 85C0 test eax, eax 0043D535 . 75 05 jnz short 0043D53C 0043D537 . B8 623E5100 mov eax, 00513E62 0043D53C > 50 push eax 0043D53D . 68 01000000 push 1 0043D542 . BB C0894500 mov ebx, 004589C0 0043D547 . E8 89A50100 call 00457AD5 0043D54C . 83C4 10 add esp, 10 0043D54F . 8945 B0 mov dword ptr [ebp-50], eax 0043D552 . 8955 B4 mov dword ptr [ebp-4C], edx 0043D555 . 8B5D B8 mov ebx, dword ptr [ebp-48] 0043D558 . 85DB test ebx, ebx 0043D55A . 74 09 je short 0043D565 0043D55C . 53 push ebx 0043D55D . E8 7FA50100 call 00457AE1 0043D562 . 83C4 04 add esp, 4 0043D565 > DD45 B0 fld qword ptr [ebp-50] 0043D568 . E8 984BFCFF call 00402105 0043D56D . 8945 F0 mov dword ptr [ebp-10], eax 0043D570 . 6A 01 push 1 0043D572 . FF75 F0 push dword ptr [ebp-10] 0043D575 . E8 1D810000 call 00445697 0043D57A . 8945 B4 mov dword ptr [ebp-4C], eax 0043D57D . DB45 B4 fild dword ptr [ebp-4C] 0043D580 . DD5D B4 fstp qword ptr [ebp-4C] 0043D583 . DD45 B4 fld qword ptr [ebp-4C] 0043D586 . DB45 F0 fild dword ptr [ebp-10] 0043D589 . DD5D AC fstp qword ptr [ebp-54] 0043D58C . DC4D AC fmul qword ptr [ebp-54] 0043D58F . DD5D A4 fstp qword ptr [ebp-5C] 0043D592 . 68 01060080 push 80000601 0043D597 . FF75 A8 push dword ptr [ebp-58] 0043D59A . FF75 A4 push dword ptr [ebp-5C] 0043D59D . 68 01000000 push 1 0043D5A2 . BB 20964500 mov ebx, 00459620 0043D5A7 . E8 29A50100 call 00457AD5 0043D5AC . 83C4 10 add esp, 10 0043D5AF . 8945 A0 mov dword ptr [ebp-60], eax 0043D5B2 . 8B45 A0 mov eax, dword ptr [ebp-60] 0043D5B5 . 50 push eax 0043D5B6 . 8B5D CC mov ebx, dword ptr [ebp-34] 0043D5B9 . 85DB test ebx, ebx 0043D5BB . 74 09 je short 0043D5C6 0043D5BD . 53 push ebx 0043D5BE . E8 1EA50100 call 00457AE1 0043D5C3 . 83C4 04 add esp, 4 0043D5C6 > 58 pop eax 0043D5C7 . 8945 CC mov dword ptr [ebp-34], eax 0043D5CA . 68 02000080 push 80000002 0043D5CF . 6A 00 push 0 0043D5D1 . 68 00000000 push 0 0043D5D6 . 6A 00 push 0 0043D5D8 . 6A 00 push 0 0043D5DA . 6A 00 push 0 0043D5DC . 68 04000080 push 80000004 0043D5E1 . 6A 00 push 0 0043D5E3 . 8B45 CC mov eax, dword ptr [ebp-34] 0043D5E6 . 85C0 test eax, eax 0043D5E8 . 75 05 jnz short 0043D5EF 0043D5EA . B8 623E5100 mov eax, 00513E62 0043D5EF > 50 push eax 0043D5F0 . 68 04000080 push 80000004 0043D5F5 . 6A 00 push 0 0043D5F7 . 8B5D 08 mov ebx, dword ptr [ebp+8] 0043D5FA . 8B03 mov eax, dword ptr [ebx] 0043D5FC . 85C0 test eax, eax 0043D5FE . 75 05 jnz short 0043D605 0043D600 . B8 623E5100 mov eax, 00513E62 0043D605 > 50 push eax 0043D606 . 68 04000000 push 4 0043D60B . BB 70864500 mov ebx, 00458670 0043D610 . E8 C0A40100 call 00457AD5 0043D615 . 83C4 34 add esp, 34 0043D618 . 8945 B8 mov dword ptr [ebp-48], eax 0043D61B . 837D B8 FF cmp dword ptr [ebp-48], -1 0043D61F . 0F84 03000000 je 0043D628 0043D625 . FF45 F8 inc dword ptr [ebp-8] 0043D628 > 68 B8405100 push 005140B8 ; njhbgvfwa 固定字符串 0043D62D . FF75 CC push dword ptr [ebp-34] 0043D630 . B9 02000000 mov ecx, 2 0043D635 . E8 8C3AFCFF call 004010C6 0043D63A . 83C4 08 add esp, 8 0043D63D . 8945 BC mov dword ptr [ebp-44], eax 0043D640 . 68 02000080 push 80000002 0043D645 . 6A 00 push 0 0043D647 . 68 00000000 push 0 0043D64C . 6A 00 push 0 0043D64E . 6A 00 push 0 0043D650 . 6A 00 push 0 0043D652 . 68 04000080 push 80000004 0043D657 . 6A 00 push 0 0043D659 . 8B45 BC mov eax, dword ptr [ebp-44] 0043D65C . 85C0 test eax, eax 0043D65E . 75 05 jnz short 0043D665 0043D660 . B8 623E5100 mov eax, 00513E62 0043D665 > 50 push eax 0043D666 . 68 04000080 push 80000004 0043D66B . 6A 00 push 0 0043D66D . 8B5D 08 mov ebx, dword ptr [ebp+8] 0043D670 . 8B03 mov eax, dword ptr [ebx] 0043D672 . 85C0 test eax, eax 0043D674 . 75 05 jnz short 0043D67B 0043D676 . B8 623E5100 mov eax, 00513E62 0043D67B > 50 push eax 0043D67C . 68 04000000 push 4 0043D681 . BB 70864500 mov ebx, 00458670 0043D686 . E8 4AA40100 call 00457AD5 0043D68B . 83C4 34 add esp, 34 0043D68E . 8945 B8 mov dword ptr [ebp-48], eax 0043D691 . 8B5D BC mov ebx, dword ptr [ebp-44] 0043D694 . 85DB test ebx, ebx 0043D696 . 74 09 je short 0043D6A1 0043D698 . 53 push ebx 0043D699 . E8 43A40100 call 00457AE1 0043D69E . 83C4 04 add esp, 4 0043D6A1 > 837D B8 FF cmp dword ptr [ebp-48], -1 0043D6A5 . 0F84 03000000 je 0043D6AE 0043D6AB . FF45 F8 inc dword ptr [ebp-8] 0043D6AE > 68 01030080 push 80000301 0043D6B3 . 6A 00 push 0 0043D6B5 . FF75 F4 push dword ptr [ebp-C] 0043D6B8 . 68 01000000 push 1 0043D6BD . BB 20964500 mov ebx, 00459620 0043D6C2 . E8 0EA40100 call 00457AD5 0043D6C7 . 83C4 10 add esp, 10 0043D6CA . 8945 BC mov dword ptr [ebp-44], eax 0043D6CD . 68 01030080 push 80000301 0043D6D2 . 6A 00 push 0 0043D6D4 . 68 01000000 push 1 0043D6D9 . 68 01030080 push 80000301 0043D6DE . 6A 00 push 0 0043D6E0 . 68 0A000000 push 0A 0043D6E5 . 68 04000080 push 80000004 0043D6EA . 6A 00 push 0 0043D6EC . 8B45 BC mov eax, dword ptr [ebp-44] 0043D6EF . 85C0 test eax, eax 0043D6F1 . 75 05 jnz short 0043D6F8 0043D6F3 . B8 623E5100 mov eax, 00513E62 0043D6F8 > 50 push eax 0043D6F9 . 68 03000000 push 3 0043D6FE . BB 10844500 mov ebx, 00458410 0043D703 . E8 CDA30100 call 00457AD5 0043D708 . 83C4 28 add esp, 28 0043D70B . 8945 B8 mov dword ptr [ebp-48], eax 0043D70E . 8B5D BC mov ebx, dword ptr [ebp-44] 0043D711 . 85DB test ebx, ebx 0043D713 . 74 09 je short 0043D71E 0043D715 . 53 push ebx 0043D716 . E8 C6A30100 call 00457AE1 0043D71B . 83C4 04 add esp, 4 0043D71E > 68 04000080 push 80000004 0043D723 . 6A 00 push 0 0043D725 . 8B45 B8 mov eax, dword ptr [ebp-48] 0043D728 . 85C0 test eax, eax 0043D72A . 75 05 jnz short 0043D731 0043D72C . B8 623E5100 mov eax, 00513E62 0043D731 > 50 push eax 0043D732 . 68 01000000 push 1 0043D737 . BB C0894500 mov ebx, 004589C0 0043D73C . E8 94A30100 call 00457AD5 0043D741 . 83C4 10 add esp, 10 0043D744 . 8945 B0 mov dword ptr [ebp-50], eax 0043D747 . 8955 B4 mov dword ptr [ebp-4C], edx 0043D74A . 8B5D B8 mov ebx, dword ptr [ebp-48] 0043D74D . 85DB test ebx, ebx 0043D74F . 74 09 je short 0043D75A 0043D751 . 53 push ebx 0043D752 . E8 8AA30100 call 00457AE1 0043D757 . 83C4 04 add esp, 4 0043D75A > DD45 B0 fld qword ptr [ebp-50] 0043D75D . E8 A349FCFF call 00402105 0043D762 . 8945 F0 mov dword ptr [ebp-10], eax 0043D765 . 6A 01 push 1 0043D767 . FF75 F0 push dword ptr [ebp-10] 0043D76A . E8 C1050000 call 0043DD30 0043D76F . 8945 B4 mov dword ptr [ebp-4C], eax 0043D772 . DB45 B4 fild dword ptr [ebp-4C] 0043D775 . DD5D B4 fstp qword ptr [ebp-4C] 0043D778 . DD45 B4 fld qword ptr [ebp-4C] 0043D77B . DB45 F0 fild dword ptr [ebp-10] 0043D77E . DD5D AC fstp qword ptr [ebp-54] 0043D781 . DC4D AC fmul qword ptr [ebp-54] 0043D784 . DB45 0C fild dword ptr [ebp+C] 0043D787 . DD5D A4 fstp qword ptr [ebp-5C] 0043D78A . DC4D A4 fmul qword ptr [ebp-5C] 0043D78D . DD5D 9C fstp qword ptr [ebp-64] 0043D790 . 68 01060080 push 80000601 0043D795 . FF75 A0 push dword ptr [ebp-60] 0043D798 . FF75 9C push dword ptr [ebp-64] 0043D79B . 68 01000000 push 1 0043D7A0 . BB 20964500 mov ebx, 00459620 0043D7A5 . E8 2BA30100 call 00457AD5 0043D7AA . 83C4 10 add esp, 10 0043D7AD . 8945 98 mov dword ptr [ebp-68], eax 0043D7B0 . 8B45 98 mov eax, dword ptr [ebp-68] 0043D7B3 . 50 push eax 0043D7B4 . 8B5D C8 mov ebx, dword ptr [ebp-38] 0043D7B7 . 85DB test ebx, ebx 0043D7B9 . 74 09 je short 0043D7C4 0043D7BB . 53 push ebx 0043D7BC . E8 20A30100 call 00457AE1 0043D7C1 . 83C4 04 add esp, 4 0043D7C4 > 58 pop eax 0043D7C5 . 8945 C8 mov dword ptr [ebp-38], eax 0043D7C8 . 68 02000080 push 80000002 0043D7CD . 6A 00 push 0 0043D7CF . 68 00000000 push 0 0043D7D4 . 6A 00 push 0 0043D7D6 . 6A 00 push 0 0043D7D8 . 6A 00 push 0 0043D7DA . 68 04000080 push 80000004 0043D7DF . 6A 00 push 0 0043D7E1 . 8B45 C8 mov eax, dword ptr [ebp-38] 0043D7E4 . 85C0 test eax, eax 0043D7E6 . 75 05 jnz short 0043D7ED 0043D7E8 . B8 623E5100 mov eax, 00513E62 0043D7ED > 50 push eax 0043D7EE . 68 04000080 push 80000004 0043D7F3 . 6A 00 push 0 0043D7F5 . 8B5D 08 mov ebx, dword ptr [ebp+8] 0043D7F8 . 8B03 mov eax, dword ptr [ebx] 0043D7FA . 85C0 test eax, eax 0043D7FC . 75 05 jnz short 0043D803 0043D7FE . B8 623E5100 mov eax, 00513E62 0043D803 > 50 push eax 0043D804 . 68 04000000 push 4 0043D809 . BB 70864500 mov ebx, 00458670 0043D80E . E8 C2A20100 call 00457AD5 0043D813 . 83C4 34 add esp, 34 0043D816 . 8945 B8 mov dword ptr [ebp-48], eax 0043D819 . 837D B8 FF cmp dword ptr [ebp-48], -1 0043D81D . 0F84 03000000 je 0043D826 0043D823 . FF45 F8 inc dword ptr [ebp-8] 0043D826 > 68 C2405100 push 005140C2 ; motherlslslsls 固定字符串 0043D82B . FF75 CC push dword ptr [ebp-34] 0043D82E . B9 02000000 mov ecx, 2 0043D833 . E8 8E38FCFF call 004010C6 0043D838 . 83C4 08 add esp, 8 0043D83B . 8945 BC mov dword ptr [ebp-44], eax 0043D83E . 68 02000080 push 80000002 0043D843 . 6A 00 push 0 0043D845 . 68 00000000 push 0 0043D84A . 6A 00 push 0 0043D84C . 6A 00 push 0 0043D84E . 6A 00 push 0 0043D850 . 68 04000080 push 80000004 0043D855 . 6A 00 push 0 0043D857 . 8B45 BC mov eax, dword ptr [ebp-44] 0043D85A . 85C0 test eax, eax 0043D85C . 75 05 jnz short 0043D863 0043D85E . B8 623E5100 mov eax, 00513E62 0043D863 > 50 push eax 0043D864 . 68 04000080 push 80000004 0043D869 . 6A 00 push 0 0043D86B . 8B5D 08 mov ebx, dword ptr [ebp+8] 0043D86E . 8B03 mov eax, dword ptr [ebx] 0043D870 . 85C0 test eax, eax 0043D872 . 75 05 jnz short 0043D879 0043D874 . B8 623E5100 mov eax, 00513E62 0043D879 > 50 push eax 0043D87A . 68 04000000 push 4 0043D87F . BB 70864500 mov ebx, 00458670 0043D884 . E8 4CA20100 call 00457AD5 0043D889 . 83C4 34 add esp, 34 0043D88C . 8945 B8 mov dword ptr [ebp-48], eax 0043D88F . 8B5D BC mov ebx, dword ptr [ebp-44] 0043D892 . 85DB test ebx, ebx 0043D894 . 74 09 je short 0043D89F 0043D896 . 53 push ebx 0043D897 . E8 45A20100 call 00457AE1 0043D89C . 83C4 04 add esp, 4 0043D89F > 837D B8 FF cmp dword ptr [ebp-48], -1 0043D8A3 . 0F84 03000000 je 0043D8AC 0043D8A9 . FF45 F8 inc dword ptr [ebp-8] 0043D8AC > FF75 D8 push dword ptr [ebp-28] 0043D8AF . FF75 DC push dword ptr [ebp-24] 0043D8B2 . FF75 E0 push dword ptr [ebp-20] 0043D8B5 . B9 03000000 mov ecx, 3 0043D8BA . E8 0738FCFF call 004010C6 0043D8BF . 83C4 0C add esp, 0C 0043D8C2 . 8945 BC mov dword ptr [ebp-44], eax 0043D8C5 . 68 02000080 push 80000002 0043D8CA . 6A 00 push 0 0043D8CC . 68 00000000 push 0 0043D8D1 . 6A 00 push 0 0043D8D3 . 6A 00 push 0 0043D8D5 . 6A 00 push 0 0043D8D7 . 68 04000080 push 80000004 0043D8DC . 6A 00 push 0 0043D8DE . 8B45 BC mov eax, dword ptr [ebp-44] 0043D8E1 . 85C0 test eax, eax 0043D8E3 . 75 05 jnz short 0043D8EA 0043D8E5 . B8 623E5100 mov eax, 00513E62 0043D8EA > 50 push eax 0043D8EB . 68 04000080 push 80000004 由于算法相同,重复太多,在此不再赘述。 www.hx95.com -------------------------------------------------------------------------------- 【经验总结】 本软件使用大量算法复制和重复计算,以及许多花指令让爆破者望而却步,想来这也不失为一种简单易行的加密方法,其实 算法并不复杂,只要揪住有用的那些代码可以简化不少,如前面相乘的那组常数,如果跟进去算法较复杂,但直接由结果看 去就是用974325869这个固定字符串作乘数,记得前一段时间讨论的有相似的一款取名软件也是用同样算法,只不过换了个 常数罢了。算法总结如下: 机器码除以9得数 (当机器码不足10位时后面可加个数补充) 101乘第一位乘9=A 101加1 乘第二位乘7=B 101乘第三 位乘4=C 第四位乘3=D 101乘第五位乘2=E 101乘第六位乘5=F 加7 101乘第八位乘8=G 第九位乘6=H 101乘第十位 乘9=I 注册码= 98 + C + D + E + F + G + I + 98 + A + B + H+njhbgvfwa +H+motherlslslsls 注册成功后,会在D盘根目录下生成一个注册文件,删除后变为试用版,好了,算法分析出来了,注册机代码就很简单了,用VB编写下 Private Sub CmdStart_Click() txt1 = Text1.Text If Len(txt1) > 10 Then txt2 = txt1 / 9 txt3 = Mid(txt2, 3, 1) * 101 * 4 txt4 = Mid(txt2, 4, 1) * 3 txt5 = Mid(txt2, 5, 1) * 101 * 2 txt6 = Mid(txt2, 6, 1) * 101 * 5 txt8 = Mid(txt2, 8, 1) * 101 * 8 txt9 = Mid(txt2, 9, 1) * 6 txt10 = Mid(txt2, 10, 1) * 9 * 101 txt11 = Mid(txt2, 1, 1) * 9 * 101 txt12 = Mid(txt2, 2, 1) * 7 * 102 Text2 = "98" & txt3 & txt4 & txt5 & txt6 & txt8 & txt10 & "98" & txt11 & txt12 & txt9 & "njhbgvfwa" & txt9 & "motherlslslsls" Else: Text2 = "你的机器码不符合要求,请在后面加上“1”" End If End Sub 破解说明:本人实在是一个菜鸟,只懂得皮毛,实为爱好,上面分析有错误的地方,请各位大侠不要见笑。非常感谢看雪版 主提供我们学习的平台,非常感谢! -------------------------------------------------------------------------------- 【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢! 2012年01月01日 00:23:18本文来源:华夏联盟网[http://www.hx95.com] 收藏(0)