eLib2.01算法分析
//////////////////////////////////////////////////////////////////////////
:00465A70 83FA1D
cmp edx, 0000001D //比较注册码长度是否29位
:00465A73 7423
je 00465A98
:00465A75 33C0
xor eax, eax
:00465A77 BA02000000 mov edx,
00000002
:00465A7C 50
push eax
:00465A7D 8D450C
lea eax, dword ptr [ebp+0C]
:00465A80
FF4DF4 dec [ebp-0C]
:00465A83 E8E8A40B00 call
0051FF70
:00465A88 58
pop eax
:00465A89 8B55D8
mov edx, dword ptr [ebp-28]
:00465A8C
64891500000000 mov dword ptr fs:[00000000],
edx
:00465A93 E9EF000000
jmp 00465B87
* Referenced by a (U)nconditional or (C)onditional Jump
at Address:
|:00465A73(C)
|
:00465A98 6A06
push 00000006
:00465A9A
8D4D0C lea ecx,
dword ptr [ebp+0C]
:00465A9D 51
push ecx
:00465A9E E839A20B00
call 0051FCDC
:00465AA3 83C408
add esp, 00000008
:00465AA6
8D450C lea eax,
dword ptr [ebp+0C]
:00465AA9 E816A70B00
call 005201C4 //取出假注册码
:00465AAE 8B550C
mov edx, dword ptr [ebp+0C]
:00465AB1
83C205 add edx,
00000005
:00465AB4 0FBE0A
movsx ecx, byte ptr [edx]
:00465AB7 83F92D
cmp ecx, 0000002D //比较第六位是否'-'
:00465ABA 756C
jne 00465B28
:00465ABC 6A0C
push 0000000C
:00465ABE 8D450C
lea eax, dword ptr [ebp+0C]
:00465AC1
50
push eax
:00465AC2 E815A20B00
call 0051FCDC
:00465AC7 83C408
add esp, 00000008
:00465ACA 8D450C
lea eax, dword ptr [ebp+0C]
:00465ACD
E8F2A60B00 call 005201C4
:00465AD2 8B550C
mov edx, dword ptr [ebp+0C]
:00465AD5 83C20B
add edx, 0000000B
:00465AD8 0FBE0A
movsx ecx, byte ptr [edx]
:00465ADB 83F92D
cmp ecx, 0000002D//比较第12位是否'-'
:00465ADE 7548
jne 00465B28
:00465AE0 6A12
push 00000012
:00465AE2 8D450C
lea eax, dword ptr [ebp+0C]
:00465AE5 50
push eax
:00465AE6 E8F1A10B00
call 0051FCDC
:00465AEB 83C408
add esp, 00000008
:00465AEE 8D450C
lea eax, dword ptr [ebp+0C]
:00465AF1 E8CEA60B00
call 005201C4
:00465AF6 8B550C
mov edx, dword ptr [ebp+0C]
:00465AF9
83C211 add edx,
00000011
:00465AFC 0FBE0A
movsx ecx, byte ptr [edx]
:00465AFF 83F92D
cmp ecx, 0000002D //比较第18位是否'-'
:00465B02 7524
jne 00465B28
:00465B04 6A18
push 00000018
:00465B06 8D450C
lea eax, dword ptr [ebp+0C]
:00465B09
50
push eax
:00465B0A E8CDA10B00
call 0051FCDC
:00465B0F 83C408
add esp, 00000008
:00465B12 8D450C
lea eax, dword ptr [ebp+0C]
:00465B15
E8AAA60B00 call 005201C4
:00465B1A 8B550C
mov edx, dword ptr [ebp+0C]
:00465B1D 83C217
add edx, 00000017
:00465B20 0FBE0A
movsx ecx, byte ptr [edx]
:00465B23 83F92D
cmp ecx, 0000002D //比较第24位是否'-'
:00465B26 7420
je 00465B48 //跳!!
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00465ABA(C), :00465ADE(C), :00465B02(C)
|
:00465B28 33C0
xor eax, eax
:00465B2A BA02000000 mov edx,
00000002
:00465B2F 50
push eax
:00465B30 8D450C
lea eax, dword ptr [ebp+0C]
:00465B33
FF4DF4 dec [ebp-0C]
:00465B36 E835A40B00 call
0051FF70
:00465B3B 58
pop eax
:00465B3C 8B55D8
mov edx, dword ptr [ebp-28]
:00465B3F
64891500000000 mov dword ptr fs:[00000000],
edx
:00465B46 EB3F
jmp 00465B87
* Referenced by a (U)nconditional or (C)onditional
Jump at Address:
|:00465B26(C)
|
:00465B48 8B4D0C
mov ecx, dword ptr [ebp+0C]
:00465B4B 85C9
test ecx, ecx
:00465B4D 7405
je 00465B54
:00465B4F 8B450C
mov eax, dword ptr [ebp+0C]
:00465B52
EB05 jmp
00465B59//再跳!!
* Referenced by a (U)nconditional or (C)onditional Jump
at Address:
|:00465B4D(C)
|
:00465B54 B896345400
mov eax, 00543496
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00465B52(U)
|
:00465B59 50
push eax
:00465B5A 53
push ebx
:00465B5B E8C0F9FFFF
call 00465520//进去!!!
:00465B60 83C408
add esp, 00000008
:00465B63 85C0
test eax, eax
:00465B65 0F94C0
sete al
: :
============================00465520
BEGIN============================
//////////////////////////////////////////////////////////////////////
:00465520 55
push ebp
:00465521 8BEC
mov ebp, esp
:00465523 83C48C
add esp, FFFFFF8C
:00465526 53
push ebx
:00465527 8B5D0C
mov ebx, dword ptr [ebp+0C]
:0046552A 53
push ebx
:0046552B E8C8FD0A00
call 005152F8
:00465530 59
pop ecx
:00465531 83F81D
cmp eax, 0000001D
:00465534 740A
je 00465540
:00465536 B801000000
mov eax, 00000001
:0046553B E98C040000
jmp 004659CC
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00465534(C)
|
:00465540 0FBE5305
movsx edx, byte ptr [ebx+05]
:00465544 83FA2D
cmp edx, 0000002D
:00465547 751B
jne 00465564
:00465549 0FBE4B0B movsx
ecx, byte ptr [ebx+0B]
:0046554D 83F92D
cmp ecx, 0000002D
:00465550 7512
jne 00465564
:00465552
0FBE4311 movsx eax, byte
ptr [ebx+11]
:00465556 83F82D
cmp eax, 0000002D
:00465559 7509
jne 00465564
:0046555B 0FBE5317
movsx edx, byte ptr [ebx+17]
:0046555F 83FA2D
cmp edx, 0000002D
:00465562 740A
je 0046556E
===============比较6,12,18,24各位是否'-',注册码长度是否29位=========
/////////////////////////////////////////////////////////////////////
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00465547(C),
:00465550(C), :00465559(C)
|
:00465564 B802000000
mov eax, 00000002
:00465569 E95E040000
jmp 004659CC
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00465562(C)
|
:0046556E 6A05
push 00000005
:00465570 53
push ebx
:00465571 8D55F8
lea edx, dword ptr [ebp-08]
:00465574 52
push edx
:00465575 E82EFC0A00
call 005151A8
:0046557A 83C40C
add esp, 0000000C
:0046557D 6A05
push 00000005
:0046557F
8D4B06 lea ecx,
dword ptr [ebx+06]
:00465582 51
push ecx
:00465583 8D45F0
lea eax, dword ptr [ebp-10]
:00465586 50
push eax
:00465587 E81CFC0A00
call 005151A8
:0046558C 83C40C
add esp, 0000000C
:0046558F 6A05
push 00000005
:00465591
8D530C lea edx,
dword ptr [ebx+0C]
:00465594 52
push edx
:00465595 8D4DE8
lea ecx, dword ptr [ebp-18]
:00465598 51
push ecx
:00465599 E80AFC0A00
call 005151A8
:0046559E 83C40C
add esp, 0000000C
:004655A1 6A05
push 00000005
:004655A3
8D4312 lea eax,
dword ptr [ebx+12]
:004655A6 50
push eax
:004655A7 8D55E0
lea edx, dword ptr [ebp-20]
:004655AA 52
push edx
:004655AB E8F8FB0A00
call 005151A8
:004655B0 83C40C
add esp, 0000000C
:004655B3 6A05
push 00000005
:004655B5
83C318 add ebx,
00000018
:004655B8 53
push ebx
:004655B9 8D45D8
lea eax, dword ptr [ebp-28]
:004655BC
50
push eax
:004655BD E8E6FB0A00
call 005151A8
:004655C2 83C40C
add esp, 0000000C
:004655C5 33D2
xor edx, edx
:004655C7 8D45F0
lea eax, dword ptr [ebp-10]
===========将6,12,18,24位的'-'去掉组成SN1,SN2,SN3,SN4四个数========
////////////////////////////////////////////////////////////////////
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004655E6(C)
|
:004655CA 0FBE08
movsx ecx, byte ptr [eax]
:004655CD 83F930
cmp ecx, 00000030
:004655D0
7C05 jl 004655D7
:004655D2 83F939
cmp ecx, 00000039
:004655D5 7E0A
jle 004655E1
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004655D0(C)
|
:004655D7 B803000000
mov eax, 00000003
:004655DC E9EB030000
jmp 004659CC
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:004655D5(C)
|
:004655E1 42
inc edx
:004655E2 40
inc eax
:004655E3 83FA05
cmp edx, 00000005
:004655E6
7CE2 jl 004655CA
==================比较SN2各位是否全部是数字==========================
//////////////////////////////////////////////////////////////////////
:004655E8 0FBE55E9
movsx edx, byte ptr [ebp-17] //SN3.2
:004655EC 0FBE4DEA
movsx ecx, byte ptr [ebp-16] //SN3.3
:004655F0
03D2 add
edx, edx //SN3.2=2*SN3.2
:004655F2 0FBE45E8
movsx eax, byte ptr [ebp-18] //SN3.1
:004655F6 8D1492
lea edx, dword ptr [edx+4*edx]//SN3.2=SN3.2+4*SN3.2
:004655F9 83C0D0
add eax, FFFFFFD0 //SN3.1=SN3.1-$30
:004655FC 03D1
add edx, ecx //SN3.2=SN3.2+SN3.3
:004655FE 0FBE4DEB
movsx ecx, byte ptr [ebp-15] //SN3.4
:00465602 8BD9
mov ebx, ecx
:00465604 81C2F0FDFFFF
add edx, FFFFFDF0 //SN3.2=SN3.2-$210
:0046560A 0FBE4DEC
movsx ecx, byte ptr [ebp-14]//SN3.5
:0046560E 03DB
add ebx, ebx
//SN3.4=SN3.4*2
:00465610 8D1C9B
lea ebx, dword ptr [ebx+4*ebx]//SN3.4=SN3.4+4*SN3.4
:00465613 03D9
add ebx, ecx
//SN3.4=SN3.4+SN3.5
:00465615 81C3F0FDFFFF
add ebx, FFFFFDF0 //SN3.4=SN3.4-$210
:0046561B 85C0
test eax, eax
:0046561D 7C17
jl 00465636
:0046561F 83F809
cmp eax, 00000009
:00465622 7F12
jg 00465636
===================SN3.1-$30要在[1-9]范围==============
///////////////////////////////////////////////////////
:00465624 85D2
test edx, edx
:00465626 7C0E
jl 00465636
:00465628 83FA0C
cmp edx, 0000000C
:0046562B 7F09
jg 00465636
============(10*SN3.2+SN3.3)-$210要在[1-$C]范围========
///////////////////////////////////////////////////////
:0046562D 85DB
test ebx, ebx
:0046562F 7C05
jl 00465636
:00465631 83FB1F
cmp ebx, 0000001F
:00465634 7E0A
jle 00465640
===========(10*SN3.4+SN3.5)-$210要在[1-$1F]范围=========
////////////////////////////////////////////////////////
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0046561D(C), :00465622(C), :00465626(C), :0046562B(C), :0046562F(C)
|
:00465636 B804000000 mov eax,
00000004
:0046563B E98C030000
jmp 004659CC
* Referenced by a (U)nconditional or (C)onditional Jump
at Address:
|:00465634(C)
|
:00465640 0FBE55F8
movsx edx, byte ptr [ebp-08]//SN1.1
:00465644
0FBE45F0 movsx eax, byte
ptr [ebp-10]//SN2.1
:00465648 03D0
add edx, eax
//SN1.1=SN1.1+SN2.1
:0046564A 0FBE4DE8
movsx ecx, byte ptr [ebp-18]//SN3.1
:0046564E
03D1 add
edx, ecx //SN1.1=SN1.1+SN3.1
:00465650 42
inc edx
//SN1.1=SN1.1+1
:00465651 8955C4
mov dword ptr [ebp-3C], edx
:00465654 DB45C4
fild dword ptr [ebp-3C]
//把SN1.1装入浮点寄存器
:00465657 83C4F8
add esp, FFFFFFF8
:0046565A DD1C24
fstp qword ptr [esp]//SN1.1进栈
:0046565D
E8BA490B00 call 0051A01C
//将ST(O)按弧度计算SN1.1=SIN(SN1.1)
:00465662 83C408
add esp, 00000008
:00465665
83C4F8 add esp,
FFFFFFF8
:00465668 DD1C24
fstp qword ptr [esp]
:0046566B E8D4350B00
call 00518C44 //SN1.1=ABS(ST(SN1.1))
:00465670 83C408
add esp, 00000008
:00465673 D80DD4594600
fmul dword ptr [004659D4]//SN1.1=SN1.1*1101
:00465679 E8EE350B00
call 00518C6C
//将SN1.1取整并转化成十六进制
:0046567E B91A000000
mov ecx, 0000001A
:00465683 99
cdq
:00465684 F7F9
idiv ecx
//EDX=SN1.1 MOD $1A
:00465686 80C241
add dl, 41
//EDX=EDX+$41
======================================================================================
SN4.1=(HEX(INT(ABS(SIN(SN1.1+SN2.1+SN3.1+1))*1101)) MOD $1A)+$41
///////////////////////////////////////////////////////////////////////////////////////
:00465689 8855D0
mov byte ptr [ebp-30], dl
:0046568C 0FBE45F9
movsx eax, byte ptr [ebp-07]//SN1.2
:00465690 0FBE55F1
movsx edx, byte ptr [ebp-0F]//SN2.2
:00465694 03C2
add eax, edx
:00465696 0FBE4DE9 movsx
ecx, byte ptr [ebp-17]//SN3.2
:0046569A 03C1
add eax, ecx
:0046569C 83C002
add eax, 00000002
:0046569F
8945C0 mov dword
ptr [ebp-40], eax
:004656A2 DB45C0
fild dword ptr [ebp-40]
:004656A5 83C4F8
add esp, FFFFFFF8
:004656A8
DD1C24 fstp qword
ptr [esp]
:004656AB E86C490B00
call 0051A01C
:004656B0 83C408
add esp, 00000008
:004656B3 83C4F8
add esp, FFFFFFF8
:004656B6 DD1C24
fstp qword ptr [esp]
:004656B9 E886350B00 call 00518C44
:004656BE 83C408
add esp, 00000008
:004656C1 D80DD8594600
fmul dword ptr [004659D8] //SN1.2=SN1.2*1019
:004656C7 E8A0350B00
call 00518C6C
:004656CC B91A000000
mov ecx, 0000001A
:004656D1 99
cdq
:004656D2 F7F9
idiv ecx
:004656D4 80C241
add dl, 41
======================================================================================
SN4.2=(HEX(INT(ABS(SIN(SN1.2+SN2.2+SN3.2+2))*1101) MOD $1A)+$41
//////////////////////////////////////////////////////////////////////////////////////
:004656D7 8855D1
mov byte ptr [ebp-2F], dl
:004656DA 0FBE45FA
movsx eax, byte ptr [ebp-06]//SN1.3
:004656DE 0FBE55F2
movsx edx, byte ptr [ebp-0E]//SN2.3
:004656E2 03C2
add eax, edx
:004656E4 0FBE4DEA
movsx ecx, byte ptr [ebp-16]//SN3.3
:004656E8 03C1
add eax, ecx
:004656EA 83C003
add eax, 00000003
:004656ED 8945BC
mov dword ptr [ebp-44], eax
:004656F0 DB45BC
fild dword ptr [ebp-44]
:004656F3 83C4F8
add esp, FFFFFFF8
:004656F6 DD1C24
fstp q
- 标 题:eLib2.01算法分析 (31千字)
- 作 者:ssljx
- 时 间:2002-3-25
17:36:37
- 链 接:http://bbs.pediy.com