[算法进阶]TMPGEnc v2.58注册算法分析-基于堆栈的简单虚拟机 v1.0

1.History

这个目标是05年5.1前后，看雪论坛的好好学习找我的，我断断续续搞了1年半，最后终于做出keygen

CUG I [免试]，

2.虚拟机

虚拟机主要可分为 基于堆栈的虚拟机和 基于寄存器的虚拟机.

TMPGEnc 进入虚拟机的代码为：

VM Engine的代码为：

3. 反汇编VM代码
基本思路i就是将VM代码反汇编出来，然后看这个给予堆栈的虚拟机的代码（不是X86汇编了）。

```void VMCode()    {                 HANDLE hVMcode;//VM code                 HANDLE hDatad;                 BYTE buf1CRC32[8419]; //8418=1020*8+258,1020/6=170                 char VMCodeLine[100];                 BOOL iread;                 int i,LineNUm=0;                 int iVMcode;                 DWORD VMdata;                 DWORD dwSize;                 DWORD BytesWritten;                                  hVMcode=CreateFile("VMCode.txt",GENERIC_WRITE,0,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);                 hDatad=CreateFile("Datad.dat",GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_READONLY,NULL);                 memset(buf1CRC32,0,8419);                 memset(VMCodeLine,0,100);                 iread=ReadFile(hDatad,buf1CRC32,8419,&dwSize,NULL);                 CloseHandle(hDatad);                                  //LineNUm: VMcode Data                 for(i=0;i < 8419;i++)                 {                         iVMcode=buf1CRC32[i];                         switch(iVMcode)                         {                         case 1:                                 VMdata=(buf1CRC32[i+4] << 24) | (buf1CRC32[i+1] << 16) | (buf1CRC32[i+2] << 8) | (buf1CRC32[i+3]);                                 wsprintf(VMCodeLine,"%d:        PUSH64 %8x",LineNUm,VMdata);                                 if (LineNUm<100)                                 {                                         VMCodeLine[19]=0x0D;                                         VMCodeLine[20]=0x0A;                                         VMCodeLine[21]=0;                                         WriteFile(hVMcode,VMCodeLine,22,&BytesWritten,NULL);                                 }                                  else if(LineNUm<1000)                                 {                                         VMCodeLine[20]=0x0D;                                         VMCodeLine[21]=0x0A;                                         VMCodeLine[22]=0;                                         WriteFile(hVMcode,VMCodeLine,23,&BytesWritten,NULL);                                 }                                 else                                 {                                         VMCodeLine[21]=0x0D;                                         VMCodeLine[22]=0x0A;                                         VMCodeLine[23]=0;                                         WriteFile(hVMcode,VMCodeLine,24,&BytesWritten,NULL);                                 }                                                                                                   i=i+4;                                 LineNUm++;                                 break;                         case 2:                                 wsprintf(VMCodeLine,"%d:        PUSH64_2",LineNUm);                                 VMCodeLine[13]=0x0D;                                 VMCodeLine[14]=0x0A;                                 VMCodeLine[15]=0;                                 WriteFile(hVMcode,VMCodeLine,16,&BytesWritten,NULL);                                                                  LineNUm++;                                 break;                         case 3:                                 wsprintf(VMCodeLine,"%d:        Pop64_push64",LineNUm);                                 VMCodeLine[17]=0x0D;                                 VMCodeLine[18]=0x0A;                                 VMCodeLine[19]=0;                                 WriteFile(hVMcode,VMCodeLine,20,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 4:                                 wsprintf(VMCodeLine,"%d:        Pop64_pop64",LineNUm);                                 VMCodeLine[16]=0x0D;                                 VMCodeLine[17]=0x0A;                                 VMCodeLine[18]=0;                                 WriteFile(hVMcode,VMCodeLine,19,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 5:                                 wsprintf(VMCodeLine,"%d:        Pop64_Byte_push64",LineNUm);                                 VMCodeLine[22]=0x0D;                                 VMCodeLine[23]=0x0A;                                 VMCodeLine[24]=0;                                 WriteFile(hVMcode,VMCodeLine,25,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 6:                                 wsprintf(VMCodeLine,"%d:        Pop64_push64_Byte",LineNUm);                                 VMCodeLine[23]=0x0D;                                 VMCodeLine[24]=0x0A;                                 VMCodeLine[25]=0;                                 WriteFile(hVMcode,VMCodeLine,26,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 7:                                 wsprintf(VMCodeLine,"%d:        Pop64_push64_Word",LineNUm);                                 VMCodeLine[23]=0x0D;                                 VMCodeLine[24]=0x0A;                                 VMCodeLine[25]=0;                                 WriteFile(hVMcode,VMCodeLine,26,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 8:                                 wsprintf(VMCodeLine,"%d:        Pop64_push64_DWord",LineNUm);                                 VMCodeLine[24]=0x0D;                                 VMCodeLine[25]=0x0A;                                 VMCodeLine[26]=0;                                 WriteFile(hVMcode,VMCodeLine,27,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 9:                                 VMdata=(buf1CRC32[i+4] << 24) | (buf1CRC32[i+1] << 16) | (buf1CRC32[i+2] << 8) | (buf1CRC32[i+3]);                                 wsprintf(VMCodeLine,"%d:        Goto %8d",LineNUm,VMdata);                                 if (LineNUm<100)                                 {                                         VMCodeLine[18]=0x0D;                                         VMCodeLine[19]=0x0A;                                         VMCodeLine[20]=0;                                         WriteFile(hVMcode,VMCodeLine,21,&BytesWritten,NULL);                                 }                                  else if(LineNUm<1000)                                 {                                         VMCodeLine[19]=0x0D;                                         VMCodeLine[20]=0x0A;                                         VMCodeLine[21]=0;                                         WriteFile(hVMcode,VMCodeLine,22,&BytesWritten,NULL);                                 }                                 else                                 {                                         VMCodeLine[20]=0x0D;                                         VMCodeLine[21]=0x0A;                                         VMCodeLine[22]=0;                                         WriteFile(hVMcode,VMCodeLine,23,&BytesWritten,NULL);                                 }                                 i=i+4;                                 LineNUm++;                                 break;                         case 0xA:                                 wsprintf(VMCodeLine,"%d:        Pop64_pop64_Add_push64",LineNUm);                                 VMCodeLine[28]=0x0D;                                 VMCodeLine[29]=0x0A;                                 VMCodeLine[30]=0;                                 WriteFile(hVMcode,VMCodeLine,31,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 0xB:                                 wsprintf(VMCodeLine,"%d:        Pop64_pop64_Mul_push64",LineNUm);                                 VMCodeLine[28]=0x0D;                                 VMCodeLine[29]=0x0A;                                 VMCodeLine[30]=0;                                 WriteFile(hVMcode,VMCodeLine,31,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 0xC:                                 wsprintf(VMCodeLine,"%d:        Pop64_pop64_Div_push64",LineNUm);                                 VMCodeLine[28]=0x0D;                                 VMCodeLine[29]=0x0A;                                 VMCodeLine[30]=0;                                 WriteFile(hVMcode,VMCodeLine,31,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 0xD:                                 wsprintf(VMCodeLine,"%d:        Pop64_pop64_And_push64",LineNUm);                                 VMCodeLine[27]=0x0D;                                 VMCodeLine[28]=0x0A;                                 VMCodeLine[29]=0;                                 WriteFile(hVMcode,VMCodeLine,30,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 0xE:                                 wsprintf(VMCodeLine,"%d:        Pop64_pop64_Or_push64",LineNUm);                                 VMCodeLine[26]=0x0D;                                 VMCodeLine[27]=0x0A;                                 VMCodeLine[28]=0;                                 WriteFile(hVMcode,VMCodeLine,29,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 0xF:                                 wsprintf(VMCodeLine,"%d:        Pop64_pop64_Xor_push64",LineNUm);                                 VMCodeLine[27]=0x0D;                                 VMCodeLine[28]=0x0A;                                 VMCodeLine[29]=0;                                 WriteFile(hVMcode,VMCodeLine,30,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 0x10:                                 wsprintf(VMCodeLine,"%d:        Pop64_pop64_Shl_push64",LineNUm);                                 VMCodeLine[27]=0x0D;                                 VMCodeLine[28]=0x0A;                                 VMCodeLine[29]=0;                                 WriteFile(hVMcode,VMCodeLine,30,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 0x11:                                 wsprintf(VMCodeLine,"%d:        Pop64_pop64_Shr_push64",LineNUm);                                 VMCodeLine[27]=0x0D;                                 VMCodeLine[28]=0x0A;                                 VMCodeLine[29]=0;                                 WriteFile(hVMcode,VMCodeLine,30,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 0x12:                                 wsprintf(VMCodeLine,"%d:        Pop64_pop64_Sete_push64",LineNUm);                                 VMCodeLine[28]=0x0D;                                 VMCodeLine[29]=0x0A;                                 VMCodeLine[30]=0;                                 WriteFile(hVMcode,VMCodeLine,31,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 0x13:                                 wsprintf(VMCodeLine,"%d:        Pop64_pop64_Setb_push64",LineNUm);                                 VMCodeLine[28]=0x0D;                                 VMCodeLine[29]=0x0A;                                 VMCodeLine[30]=0;                                 WriteFile(hVMcode,VMCodeLine,31,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         case 0x14:                                 wsprintf(VMCodeLine,"%d:        Pop64_pop64_Setbe_push64",LineNUm);                                 VMCodeLine[29]=0x0D;                                 VMCodeLine[30]=0x0A;                                 VMCodeLine[31]=0;                                 WriteFile(hVMcode,VMCodeLine,32,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         default:                                 wsprintf(VMCodeLine,"%d:        VMend",LineNUm);                                 VMCodeLine[11]=0x0D;                                 VMCodeLine[12]=0x0A;                                 VMCodeLine[13]=0;                                 WriteFile(hVMcode,VMCodeLine,14,&BytesWritten,NULL);                                 LineNUm++;                                 break;                         }                                                                            }                                  CloseHandle(hVMcode);    }```
4.阅读“汇编”
下面是反汇编出来的虚拟机汇编代码，估计只有我一个人看得懂。：）

```BaseAddr:00127490 0:        PUSH64       43   //index of pSerial 1:        Pop64_push64      //压入pSerial 2:        PUSH64       50  3:        Pop64_pop64      //第一次pop的作index，第二次pop的作数据，保存数据 //00127710  E4 F4 12 00 00 00 00 00                          漪...... 4:        PUSH64       50  5:        Pop64_push64    //pop64_pop64的逆运算 6:        Pop64_Byte_push64  //弹出pSerial，然后取一个byte，18，即注册码长度，压入堆栈 7:        PUSH64       3f //即63 8:        Pop64_pop64_Setbe_push64  //18<3F,al=1 9:        PUSH64        0            10:        Pop64_pop64_Sete_push64   //al=0 11:        PUSH64       40           //比较的结果所存放地址的index 12:        Pop64_pop64               //保存比较结果 13:        PUSH64       50 14:        Pop64_push64              // 15:        Pop64_Byte_push64         //弹出pSerial，然后取一个byte，18，即注册码长度，压入堆栈 16:        PUSH64       5d           //保存长度18的index, 17:        Pop64_pop64               //保存长度 18:        PUSH64       50 19:        Pop64_push64  20:        Pop64_Byte_push64         //再次压入长度 21:        PUSH64       51 22:        Pop64_pop64                //保存长度 23:        PUSH64       50 24:        Pop64_push64               //压入pSerial 25:        PUSH64        1 26:        Pop64_pop64_Add_push64     //指针加1，pSerial+1,指向第一个字符 27:        PUSH64       50 28:        Pop64_pop64                //保存取出的字符 29:        PUSH64       5d 30:        PUSH64        1 31:        Pop64_pop64_Add_push64     //5d+1=5E,压入5E 32:        PUSH64       4f            //index 33:        Pop64_pop64                //保存5E到index(4F)处 34:        PUSH64       50            //循环开始************** 35:        Pop64_push64               //压入pSerial 36:        Pop64_Byte_push64          //取第一个字符54'T' 37:        PUSH64       4f 38:        Pop64_push64              //5E保存到4F处 39:        Pop64_pop64               //54'T'保存到5E处 40:        PUSH64       4f 41:        Pop64_push64  42:        PUSH64        1 43:        Pop64_pop64_Add_push64  //5E+1=5F 44:        PUSH64       4f 45:        Pop64_pop64             //5F保存到4F处 46:        PUSH64       50 47:        Pop64_push64  48:        PUSH64        1 49:        Pop64_pop64_Add_push64  //pSerial+2 50:        PUSH64       50 51:        Pop64_pop64             //保存指针到index50处 52:        PUSH64       51 53:        Pop64_push64  54:        PUSH64        1 55:        PUSH64 ffffffff 56:        Pop64_pop64_Mul_push64  //1*FFFFFFFF=FFFFFFFF,  57:        Pop64_pop64_Add_push64  //+(-1),18-1=17 58:        PUSH64       51 59:        Pop64_pop64             //保存17到51处 60:        PUSH64       51 61:        Pop64_push64            //取出长度17 62:        PUSH64        0 63:        Pop64_pop64_Setbe_push64 //长度到0了吗,17>0,al=0 64:        PUSH64        0 65:        Pop64_pop64_Sete_push64  //相等，al＝1 66:        Goto       34            //循环，就是jne************** 这个循环的结果： %%%%%%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+5D*8 00127778  18 00 00 00 00 00 00 00  ....... 00127780  54 00 00 00 00 00 00 00  T....... 00127788  45 00 00 00 00 00 00 00  E....... 00127790  32 00 00 00 00 00 00 00  2....... 00127798  35 00 00 00 00 00 00 00  5....... 001277A0  2D 00 00 00 00 00 00 00  -....... 001277A8  50 00 00 00 00 00 00 00  P....... 001277B0  4B 00 00 00 00 00 00 00  K....... 001277B8  4E 00 00 00 00 00 00 00  N....... 001277C0  42 00 00 00 00 00 00 00  B....... 001277C8  2D 00 00 00 00 00 00 00  -....... 001277D0  4E 00 00 00 00 00 00 00  N....... 001277D8  50 00 00 00 00 00 00 00  P....... 001277E0  38 00 00 00 00 00 00 00  8....... 001277E8  50 00 00 00 00 00 00 00  P....... 001277F0  2D 00 00 00 00 00 00 00  -....... 001277F8  53 00 00 00 00 00 00 00  S....... 00127800  52 00 00 00 00 00 00 00  R....... 00127808  50 00 00 00 00 00 00 00  P....... 00127810  56 00 00 00 00 00 00 00  V....... 00127818  2D 00 00 00 00 00 00 00  -....... 00127820  53 00 00 00 00 00 00 00  S....... 00127828  46 00 00 00 00 00 00 00  F....... 00127830  57 00 00 00 00 00 00 00  W....... 00127838  36 00 00 00 00 00 00 00  6....... 00127840  00 00 00 00 00 00 00 00  ........ %%%%%%%%%%%%%%%%%%%%%%%% 67:        PUSH64       5d 68:        PUSH64       4f 69:        Pop64_pop64              //保存5D到4F处 70:        PUSH64       4f 71:        Pop64_push64             //取出5D 72:        PUSH64        1 73:        Pop64_pop64_Add_push64  //5D+1=5E 74:        Pop64_push64            //取出5E指向的数据，压入堆栈 75:        PUSH64       4f 76:        Pop64_push64            //取出4F指向的数据，压入堆栈 77:        Pop64_push64            //取出5D指向数据0，压入堆栈 78:        PUSH64        0 79:        Pop64_pop64_Setbe_push64 //长度18>0,al=0 80:        PUSH64       40 81:        Pop64_pop64              //保存0到40处 82:        PUSH64        2 83:        PUSH64       51        84:        Pop64_pop64              //保存2到51处 85:        PUSH64       4f          //@@@@@@@@@@@@@@@@@Loop begin 86:        Pop64_push64  87:        PUSH64       51 88:        Pop64_push64  89:        Pop64_pop64_Add_push64   //5D+2=5F 90:        Pop64_push64             //取5F指向的字符45'E' 91:        PUSH64       4f 92:        Pop64_push64             //取出4F指向的5D，pSerial 93:        PUSH64       51 94:        Pop64_push64             //取出51指向的2，i 95:        Pop64_pop64_Add_push64   //5D+2=5F   96:        PUSH64        1 97:        PUSH64 ffffffff 98:        Pop64_pop64_Mul_push64  99:        Pop64_pop64_Add_push64  //5F-1=5E 100:        Pop64_pop64             //取出的字符45'E'保存到5E处，5F处移到5E处，后移 101:        PUSH64       51 102:        Pop64_push64 103:        PUSH64        1 104:        Pop64_pop64_Add_push64  //计数器i+1 105:        PUSH64       51 106:        Pop64_pop64             //保存计数器 107:        PUSH64       51 108:        Pop64_push64            //取出计数器 109:        PUSH64       4f 110:        Pop64_push64           //4F->5D 111:        Pop64_push64           //5D->18 112:        Pop64_pop64_Setbe_push64 //3<18,al=1 113:        Goto       85          //@@@@@@@@@@@@@@@@@@@@Loop End %%%%%%%%%%%%%%%%%%%%%%%%%% 循环之后： 00127778  18 00 00 00 00 00 00 00  ....... 00127780  45 00 00 00 00 00 00 00  E....... 00127788  32 00 00 00 00 00 00 00  2....... 00127790  35 00 00 00 00 00 00 00  5....... 00127798  2D 00 00 00 00 00 00 00  -....... 001277A0  50 00 00 00 00 00 00 00  P....... 001277A8  4B 00 00 00 00 00 00 00  K....... 001277B0  4E 00 00 00 00 00 00 00  N....... 001277B8  42 00 00 00 00 00 00 00  B....... 001277C0  2D 00 00 00 00 00 00 00  -....... 001277C8  4E 00 00 00 00 00 00 00  N....... 001277D0  50 00 00 00 00 00 00 00  P....... 001277D8  38 00 00 00 00 00 00 00  8....... 001277E0  50 00 00 00 00 00 00 00  P....... 001277E8  2D 00 00 00 00 00 00 00  -....... 001277F0  53 00 00 00 00 00 00 00  S....... 001277F8  52 00 00 00 00 00 00 00  R....... 00127800  50 00 00 00 00 00 00 00  P....... 00127808  56 00 00 00 00 00 00 00  V....... 00127810  2D 00 00 00 00 00 00 00  -....... 00127818  53 00 00 00 00 00 00 00  S....... 00127820  46 00 00 00 00 00 00 00  F....... 00127828  57 00 00 00 00 00 00 00  W....... 00127830  36 00 00 00 00 00 00 00  6....... 00127838  36 00 00 00 00 00 00 00  6....... %%%%%%%%%%%%%%%%%%%%%%%%%% 114:        PUSH64       4f 115:        Pop64_push64            //4F->5D 116:        Pop64_push64            //5D->18 117:        PUSH64        1 118:        PUSH64 ffffffff 119:        Pop64_pop64_Mul_push64  120:        Pop64_pop64_Add_push64 //18-1=17 121:        PUSH64       4f 122:        Pop64_push64           //4F->5D 123:        Pop64_pop64            //保存17到5D处 124:        PUSH64       47 125:        Pop64_pop64           //保存54到47处 126:        PUSH64       5d 127:        PUSH64       4f 128:        Pop64_pop64          //保存5D到4F处 129:        PUSH64       4f 130:        Pop64_push64         //4F->5D 131:        PUSH64        1 132:        Pop64_pop64_Add_push64  //5D+1=5E 133:        Pop64_push64        //5E指向的数据45'E' 134:        PUSH64       4f      135:        Pop64_push64        //4F->5D 136:        Pop64_push64        //5D->长度17 137:        PUSH64        0 138:        Pop64_pop64_Setbe_push64  //17>0,al=0 139:        PUSH64       40 140:        Pop64_pop64        //保存0到40处 141:        PUSH64        2 142:        PUSH64       51 143:        Pop64_pop64        //保存2到51处 144:        PUSH64       4f   //@@@@@@@@@@@@@@@Loop begin 145:        Pop64_push64      //4F->5D 146:        PUSH64       51 147:        Pop64_push64      //取出计数器i(2) 148:        Pop64_pop64_Add_push64 //5D+2=5F 149:        Pop64_push64          //取出5F指向的字符32'2' 150:        PUSH64       4f     151:        Pop64_push64    //4F->5D 152:        PUSH64       51 153:        Pop64_push64      //取出计数器i(2) 154:        Pop64_pop64_Add_push64 //5D+2=5F 155:        PUSH64        1 156:        PUSH64 ffffffff 157:        Pop64_pop64_Mul_push64  158:        Pop64_pop64_Add_push64 //5F-1=5E 159:        Pop64_pop64 160:        PUSH64       51 161:        Pop64_push64 162:        PUSH64        1 163:        Pop64_pop64_Add_push64 //i+1 164:        PUSH64       51 165:        Pop64_pop64 166:        PUSH64       51 167:        Pop64_push64 168:        PUSH64       4f 169:        Pop64_push64 170:        Pop64_push64 171:        Pop64_pop64_Setbe_push64  //3<17,al=1 172:        Goto      144   @@@@@@@@@@@@@@@@@@@@Loop End %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 循环后的结果： 00127778  17 00 00 00 00 00 00 00  ....... 00127780  32 00 00 00 00 00 00 00  2....... 00127788  35 00 00 00 00 00 00 00  5....... 00127790  2D 00 00 00 00 00 00 00  -....... 00127798  50 00 00 00 00 00 00 00  P....... 001277A0  4B 00 00 00 00 00 00 00  K....... 001277A8  4E 00 00 00 00 00 00 00  N....... 001277B0  42 00 00 00 00 00 00 00  B....... 001277B8  2D 00 00 00 00 00 00 00  -....... 001277C0  4E 00 00 00 00 00 00 00  N....... 001277C8  50 00 00 00 00 00 00 00  P....... 001277D0  38 00 00 00 00 00 00 00  8....... 001277D8  50 00 00 00 00 00 00 00  P....... 001277E0  2D 00 00 00 00 00 00 00  -....... 001277E8  53 00 00 00 00 00 00 00  S....... 001277F0  52 00 00 00 00 00 00 00  R....... 001277F8  50 00 00 00 00 00 00 00  P....... 00127800  56 00 00 00 00 00 00 00  V....... 00127808  2D 00 00 00 00 00 00 00  -....... 00127810  53 00 00 00 00 00 00 00  S....... 00127818  46 00 00 00 00 00 00 00  F....... 00127820  57 00 00 00 00 00 00 00  W....... 00127828  36 00 00 00 00 00 00 00  6....... 00127830  36 00 00 00 00 00 00 00  6....... 00127838  36 00 00 00 00 00 00 00  6....... 00127840  00 00 00 00 00 00 00 00  ........ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 173:        PUSH64       4f 174:        Pop64_push64 175:        Pop64_push64 176:        PUSH64        1 177:        PUSH64 ffffffff 178:        Pop64_pop64_Mul_push64  179:        Pop64_pop64_Add_push64  180:        PUSH64       4f 181:        Pop64_push64 182:        Pop64_pop64 183:        PUSH64       48          // 184:        Pop64_pop64              //保存到48处 185:        PUSH64       5d 186:        PUSH64       4f 187:        Pop64_pop64 188:        PUSH64       4f 189:        Pop64_push64 190:        PUSH64        1 191:        Pop64_pop64_Add_push64  192:        Pop64_push64 193:        PUSH64       4f 194:        Pop64_push64 195:        Pop64_push64 196:        PUSH64        0 197:        Pop64_pop64_Setbe_push64 198:        PUSH64       40 199:        Pop64_pop64 200:        PUSH64        2 201:        PUSH64       51 202:        Pop64_pop64 203:        PUSH64       4f            //@@@@@@@@@@@@@@Loop Begin 204:        Pop64_push64 205:        PUSH64       51 206:        Pop64_push64 207:        Pop64_pop64_Add_push64  208:        Pop64_push64 209:        PUSH64       4f 210:        Pop64_push64 211:        PUSH64       51 212:        Pop64_push64 213:        Pop64_pop64_Add_push64  214:        PUSH64        1 215:        PUSH64 ffffffff 216:        Pop64_pop64_Mul_push64  217:        Pop64_pop64_Add_push64  218:        Pop64_pop64 219:        PUSH64       51 220:        Pop64_push64 221:        PUSH64        1 222:        Pop64_pop64_Add_push64  223:        PUSH64       51 224:        Pop64_pop64 225:        PUSH64       51 226:        Pop64_push64 227:        PUSH64       4f 228:        Pop64_push64 229:        Pop64_push64 230:        Pop64_pop64_Setbe_push64 231:        Goto      203       @@@@@@@@@@@@@@Loop End //这个循环和上面那段循环相同 %%%%%%%%%%%%%%%%%%%%%%%%%% 00127778  16 00 00 00 00 00 00 00  ....... 00127780  35 00 00 00 00 00 00 00  5....... 00127788  2D 00 00 00 00 00 00 00  -....... 00127790  50 00 00 00 00 00 00 00  P....... 00127798  4B 00 00 00 00 00 00 00  K....... 001277A0  4E 00 00 00 00 00 00 00  N....... 001277A8  42 00 00 00 00 00 00 00  B....... 001277B0  2D 00 00 00 00 00 00 00  -....... 001277B8  4E 00 00 00 00 00 00 00  N....... 001277C0  50 00 00 00 00 00 00 00  P....... 001277C8  38 00 00 00 00 00 00 00  8....... 001277D0  50 00 00 00 00 00 00 00  P....... 001277D8  2D 00 00 00 00 00 00 00  -....... 001277E0  53 00 00 00 00 00 00 00  S....... 001277E8  52 00 00 00 00 00 00 00  R....... 001277F0  50 00 00 00 00 00 00 00  P....... 001277F8  56 00 00 00 00 00 00 00  V....... 00127800  2D 00 00 00 00 00 00 00  -....... 00127808  53 00 00 00 00 00 00 00  S....... 00127810  46 00 00 00 00 00 00 00  F....... 00127818  57 00 00 00 00 00 00 00  W....... 00127820  36 00 00 00 00 00 00 00  6....... 00127828  36 00 00 00 00 00 00 00  6....... 00127830  36 00 00 00 00 00 00 00  6....... 00127838  36 00 00 00 00 00 00 00  6....... 00127840  00 00 00 00 00 00 00 00  ........ %%%%%%%%%%%%%%%%%%%%%%%%%%% 232:        PUSH64       4f 233:        Pop64_push64 234:        Pop64_push64 235:        PUSH64        1 236:        PUSH64 ffffffff 237:        Pop64_pop64_Mul_push64  238:        Pop64_pop64_Add_push64      239:        PUSH64       4f 240:        Pop64_push64 241:        Pop64_pop64           //15保存到5D处 242:        PUSH64       30 243:        PUSH64 ffffffff 244:        Pop64_pop64_Mul_push64  -30 00125398   FFFFFFD0 0012539C   FFFFFFFF 245:        Pop64_pop64_Add_push64 //32-30=2 246:        PUSH64_2               //取出栈顶数据，压入 247:        PUSH64        0 248:        Pop64_pop64_Setb_push64 //2>0,al=0 249:        PUSH64        0 250:        Pop64_pop64_Sete_push64 //0=0,al=1 251:        PUSH64        0 252:        Pop64_pop64_Sete_push64 //1!=0,al=0 253:        PUSH64       40 254:        Pop64_pop64             //结果0保存到40处 255:        PUSH64_2 256:        PUSH64        9         //再与9相比较 257:        Pop64_pop64_Setbe_push64 //2<9,al=1 258:        PUSH64        0 259:        Pop64_pop64_Sete_push64  //1!=0,al=0 260:        PUSH64       40 261:        Pop64_pop64              //结果0保存到40处 262:        PUSH64        a 263:        Pop64_pop64_Mul_push64   //2*10 264:        PUSH64       5d 265:        PUSH64       4f     266:        Pop64_pop64             //4F->5D 267:        PUSH64       4f 268:        Pop64_push64            //取出5D 269:        PUSH64        1 270:        Pop64_pop64_Add_push64  //5D+1=5E 271:        Pop64_push64            //取出5E指向的字符35'5' 272:        PUSH64       4f 273:        Pop64_push64            //4F->5D 274:        Pop64_push64            //5D->长度15 275:        PUSH64        0 276:        Pop64_pop64_Setbe_push64 //15>0,al=0 277:        PUSH64       40 278:        Pop64_pop64              //保存到40处 279:        PUSH64        2 280:        PUSH64       51 281:        Pop64_pop64 282:        PUSH64       4f            //@@@@@@@@@@@Loop begin 283:        Pop64_push64 284:        PUSH64       51 285:        Pop64_push64 286:        Pop64_pop64_Add_push64  287:        Pop64_push64 288:        PUSH64       4f 289:        Pop64_push64 290:        PUSH64       51 291:        Pop64_push64 292:        Pop64_pop64_Add_push64  293:        PUSH64        1 294:        PUSH64 ffffffff 295:        Pop64_pop64_Mul_push64  296:        Pop64_pop64_Add_push64  297:        Pop64_pop64 298:        PUSH64       51 299:        Pop64_push64 300:        PUSH64        1 301:        Pop64_pop64_Add_push64  302:        PUSH64       51 303:        Pop64_pop64 304:        PUSH64       51 305:        Pop64_push64 306:        PUSH64       4f 307:        Pop64_push64 308:        Pop64_push64 309:        Pop64_pop64_Setbe_push64 310:        Goto      282           //Loop END //同上 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 00127778  15 00 00 00 00 00 00 00  ....... 00127780  2D 00 00 00 00 00 00 00  -....... 00127788  50 00 00 00 00 00 00 00  P....... 00127790  4B 00 00 00 00 00 00 00  K....... 00127798  4E 00 00 00 00 00 00 00  N....... 001277A0  42 00 00 00 00 00 00 00  B....... 001277A8  2D 00 00 00 00 00 00 00  -....... 001277B0  4E 00 00 00 00 00 00 00  N....... 001277B8  50 00 00 00 00 00 00 00  P....... 001277C0  38 00 00 00 00 00 00 00  8....... 001277C8  50 00 00 00 00 00 00 00  P....... 001277D0  2D 00 00 00 00 00 00 00  -....... 001277D8  53 00 00 00 00 00 00 00  S....... 001277E0  52 00 00 00 00 00 00 00  R....... 001277E8  50 00 00 00 00 00 00 00  P....... 001277F0  56 00 00 00 00 00 00 00  V....... 001277F8  2D 00 00 00 00 00 00 00  -....... 00127800  53 00 00 00 00 00 00 00  S....... 00127808  46 00 00 00 00 00 00 00  F....... 00127810  57 00 00 00 00 00 00 00  W....... 00127818  36 00 00 00 00 00 00 00  6....... 00127820  36 00 00 00 00 00 00 00  6....... 00127828  36 00 00 00 00 00 00 00  6....... 00127830  36 00 00 00 00 00 00 00  6....... 00127838  36 00 00 00 00 00 00 00  6....... 00127840  00 00 00 00 00 00 00 00  ........ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 311:        PUSH64       4f 312:        Pop64_push64 313:        Pop64_push64 314:        PUSH64        1 315:        PUSH64 ffffffff 316:        Pop64_pop64_Mul_push64  317:        Pop64_pop64_Add_push64  318:        PUSH64       4f 319:        Pop64_push64 320:        Pop64_pop64 321:        PUSH64       30 322:        PUSH64 ffffffff 323:        Pop64_pop64_Mul_push64  324:        Pop64_pop64_Add_push64  325:        PUSH64_2 326:        PUSH64        0 327:        Pop64_pop64_Setb_push64 328:        PUSH64        0 329:        Pop64_pop64_Sete_push64 330:        PUSH64        0 331:        Pop64_pop64_Sete_push64 332:        PUSH64       40 333:        Pop64_pop64 334:        PUSH64_2 335:        PUSH64        9 336:        Pop64_pop64_Setbe_push64 337:        PUSH64        0 338:        Pop64_pop64_Sete_push64 339:        PUSH64       40 340:        Pop64_pop64              //上面一段同上，看是否在数字0-9之间 341:        Pop64_pop64_Add_push64   //20+5=25(0x19) 342:        PUSH64       49 343:        Pop64_pop64              //保存到49处 //d ebp+0FFFF7FE0+47*8 001276C8  54 00 00 00 00 00 00 00 45 00 00 00 00 00 00 00  T.......E....... 001276D8  19 00 00 00 00 00 00 00                          ....... 344:        PUSH64       47          // 345:        Pop64_push64             //取出47指向的字符54'T' 346:        PUSH64       48 347:        Pop64_push64             //取出48指向的字符45'E' 348:        Pop64_pop64_Mul_push64   //54*45=16A4 349:        PUSH64       49 350:        Pop64_push64             //取出版本号19 351:        PUSH64        1 352:        Pop64_pop64_Add_push64   //19+1=1A 353:        Pop64_pop64_Mul_push64   //16A4*1A=24CA8 354:        PUSH64       56 355:        Pop64_pop64              //保存到56处 356:        PUSH64       dd 357:        PUSH64        1 358:        Pop64_pop64_Add_push64   //DD+1=DE 359:        PUSH64       4f 360:        Pop64_pop64              //DE保存到4F处 361:        PUSH64       41 362:        PUSH64       51 363:        Pop64_pop64              //41保存到51处 364:        PUSH64       51          //@@@@@@@@@@@@@@Loop Begin 365:        Pop64_push64             //取出51->41 366:        PUSH64       4f 367:        Pop64_push64             //4F->DE 368:        Pop64_pop64              //41保存到DE处 369:        PUSH64       4f 370:        Pop64_push64             //4F->DE 371:        PUSH64        1 372:        Pop64_pop64_Add_push64   //DE+1=DF 373:        PUSH64       4f 374:        Pop64_pop64              //DF保存到4F处 375:        PUSH64       51 376:        Pop64_push64             //51->41 377:        PUSH64        1 378:        Pop64_pop64_Add_push64   //41+1=42 379:        PUSH64       51 380:        Pop64_pop64              //42保存到51处 381:        PUSH64       51 382:        Pop64_push64             //取出51->42 383:        PUSH64       5a          // 384:        Pop64_pop64_Setbe_push64  //42<5A,al=1 385:        Goto      364            //@@@@@@@@@@@@@@@Loop End //5A即字符Z，41即字符A %%%%%%%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+0DE*8 00127B80  41 00 00 00 00 00 00 00 42 00 00 00 00 00 00 00  A.......B....... 00127B90  43 00 00 00 00 00 00 00 44 00 00 00 00 00 00 00  C.......D....... 00127BA0  45 00 00 00 00 00 00 00 46 00 00 00 00 00 00 00  E.......F....... 00127BB0  47 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00  G.......H....... 00127BC0  49 00 00 00 00 00 00 00 4A 00 00 00 00 00 00 00  I.......J....... 00127BD0  4B 00 00 00 00 00 00 00 4C 00 00 00 00 00 00 00  K.......L....... 00127BE0  4D 00 00 00 00 00 00 00 4E 00 00 00 00 00 00 00  M.......N....... 00127BF0  4F 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00  O.......P....... 00127C00  51 00 00 00 00 00 00 00 52 00 00 00 00 00 00 00  Q.......R....... 00127C10  53 00 00 00 00 00 00 00 54 00 00 00 00 00 00 00  S.......T....... 00127C20  55 00 00 00 00 00 00 00 56 00 00 00 00 00 00 00  U.......V....... 00127C30  57 00 00 00 00 00 00 00 58 00 00 00 00 00 00 00  W.......X....... 00127C40  59 00 00 00 00 00 00 00 5A 00 00 00 00 00 00 00  Y.......Z....... 00127C50  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ %%%%%%%%%%%%%%%%%%%%%%%%% 386:        PUSH64       32 387:        PUSH64       51 388:        Pop64_pop64           //32保存到51处 389:        PUSH64       51       //@@@@@@@@@@@@@Loop Begin 390:        Pop64_push64 391:        PUSH64       4f 392:        Pop64_push64         //4F指向F8，F8-DE=1A(26) 393:        Pop64_pop64 394:        PUSH64       4f 395:        Pop64_push64 396:        PUSH64        1 397:        Pop64_pop64_Add_push64  //F8+1=F9 398:        PUSH64       4f 399:        Pop64_pop64 400:        PUSH64       51 401:        Pop64_push64 402:        PUSH64        1 403:        Pop64_pop64_Add_push64  //32+1=33 404:        PUSH64       51 405:        Pop64_pop64 406:        PUSH64       51 407:        Pop64_push64 408:        PUSH64       39 409:        Pop64_pop64_Setbe_push64 //33<39,al=1 410:        Goto      389   //@@@@@@@@@@@@@@loop end %%%%%%%%%%%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+0DE*8 00127B80  41 00 00 00 00 00 00 00 42 00 00 00 00 00 00 00  A.......B....... 00127B90  43 00 00 00 00 00 00 00 44 00 00 00 00 00 00 00  C.......D....... 00127BA0  45 00 00 00 00 00 00 00 46 00 00 00 00 00 00 00  E.......F....... 00127BB0  47 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00  G.......H....... 00127BC0  49 00 00 00 00 00 00 00 4A 00 00 00 00 00 00 00  I.......J....... 00127BD0  4B 00 00 00 00 00 00 00 4C 00 00 00 00 00 00 00  K.......L....... 00127BE0  4D 00 00 00 00 00 00 00 4E 00 00 00 00 00 00 00  M.......N....... 00127BF0  4F 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00  O.......P....... 00127C00  51 00 00 00 00 00 00 00 52 00 00 00 00 00 00 00  Q.......R....... 00127C10  53 00 00 00 00 00 00 00 54 00 00 00 00 00 00 00  S.......T....... 00127C20  55 00 00 00 00 00 00 00 56 00 00 00 00 00 00 00  U.......V....... 00127C30  57 00 00 00 00 00 00 00 58 00 00 00 00 00 00 00  W.......X....... 00127C40  59 00 00 00 00 00 00 00 5A 00 00 00 00 00 00 00  Y.......Z....... 00127C50  32 00 00 00 00 00 00 00 33 00 00 00 00 00 00 00  2.......3....... 00127C60  34 00 00 00 00 00 00 00 35 00 00 00 00 00 00 00  4.......5....... 00127C70  36 00 00 00 00 00 00 00 37 00 00 00 00 00 00 00  6.......7....... 00127C80  38 00 00 00 00 00 00 00 39 00 00 00 00 00 00 00  8.......9....... 00127C90  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ %%%%%%%%%%%%%%%%%%%%%%%%%%%%% 411:        PUSH64       dd 412:        PUSH64        1 413:        Pop64_pop64_Add_push64  //DD+1=DE 414:        PUSH64       4f 415:        Pop64_pop64             //DE保存到4F处 416:        PUSH64      11d 417:        PUSH64        1 418:        Pop64_pop64_Add_push64 //11D+1=11E 419:        PUSH64       50 420:        Pop64_pop64           //11E保存到50处 421:        PUSH64        0 422:        PUSH64       51 423:        Pop64_pop64           //0保存到51处 424:        PUSH64       56       //@@@@@@@@@@@@Loop begin 1 425:        Pop64_push64          //56->0024CA8 426:        PUSH64        3 427:        Pop64_pop64_And_push64  //0024CA8 and 3=0 428:        PUSH64       51 429:        Pop64_push64           //51->0 430:        Pop64_pop64_Mul_push64  //0*0=0 431:        PUSH64     98b2 432:        Pop64_pop64_Xor_push64  //0 Xor 98B2＝98B2 433:        PUSH64       57 434:        Pop64_pop64            //98B2保存到57处 435:        PUSH64       56 436:        Pop64_push64 437:        PUSH64        2 438:        Pop64_pop64_Shr_push64  //00024CA8 >> 2=0000932A 439:        PUSH64       56 440:        Pop64_push64 441:        PUSH64        3 442:        Pop64_pop64_And_push64  //0024CA8 and 3=0 443:        PUSH64       17 444:        Pop64_pop64_Shl_push64  // 0 << 17=0  445:        Pop64_pop64_Or_push64   //932A or 0=932A 446:        PUSH64       56 447:        Pop64_pop64             //932A保存到56处 448:        PUSH64        0 449:        PUSH64       52 450:        Pop64_pop64            //0保存到52处 451:        PUSH64       52        //@@@@@@@@@@@@@@Loop begin2 452:        Pop64_push64           //取出52处的0 453:        PUSH64       57 454:        Pop64_push64           //取出57处的98B2 455:        Pop64_pop64_Add_push64 //0+98B2=98B2 456:        PUSH64_2               //压入栈顶的98B2 457:        PUSH64       22 458:        Pop64_pop64_Div_push64 //98B2/22=47D,余数98B2-22*47D=18,保存商47D 459:        PUSH64       22 460:        Pop64_pop64_Mul_push64 //47D*22=0000989A 461:        PUSH64 ffffffff 462:        Pop64_pop64_Mul_push64  463:        Pop64_pop64_Add_push64 //98B2-989A=18，得到余数 464:        PUSH64       58 465:        Pop64_pop64           //余数保存到58处 466:        PUSH64       58 467:        Pop64_push64          //取出58指向的余数18 468:        PUSH64       50 469:        Pop64_push64          //取出50指向的余数11E 470:        Pop64_pop64_Add_push64 //11E+18=136 471:        Pop64_push64           //取出136指向的值 d ebp+0FFFF7FE0+136*8 00127E40  00 00 00 00 00 00 00 00                          ........ 472:        PUSH64        0 473:        Pop64_pop64_Sete_push64  //al=1 474:        PUSH64        0 475:        Pop64_pop64_Sete_push64  //al=0 476:        Goto      493            //jne，没跳 477:        PUSH64       51 478:        Pop64_push64            //51指向00,01 479:        PUSH64       4f 480:        Pop64_push64            //4F指向DE 481:        Pop64_pop64_Add_push64  //00+DE=DE 482:        Pop64_push64            //取出DE处的41'A' 483:        PUSH64       58 484:        Pop64_push64            //取出58处的18，余数 485:        PUSH64       50 486:        Pop64_push64            //取出58处的11E 487:        Pop64_pop64_Add_push64  //11E+18=136 488:        Pop64_pop64             //保存41'A'到136 489:        PUSH64        0 490:        PUSH64        0 491:        Pop64_pop64_Sete_push64 //0=0，al=1 492:        Goto      504           //jne,跳出内层循环 493:        PUSH64       52 494:        Pop64_push64 495:        PUSH64        1 496:        Pop64_pop64_Add_push64  497:        PUSH64       52 498:        Pop64_pop64 499:        PUSH64       52 500:        Pop64_push64 501:        PUSH64       22 502:        Pop64_pop64_Setb_push64 503:        Goto      451        //@@@@@@@@@@@@@@loop end 2 504:        PUSH64       51      505:        Pop64_push64          //取出51处的计数器i 506:        PUSH64        1 507:        Pop64_pop64_Add_push64  //i+1 508:        PUSH64       51 509:        Pop64_pop64             //保存i 510:        PUSH64       51 511:        Pop64_push64 512:        PUSH64       22        //计数器的上限，34=26+8 513:        Pop64_pop64_Setb_push64 514:        Goto      424      //@@@@@@@@@@@@@@loop end 1 %%%%%%%%%%%%%%%%%%%%%%%%%%%%% 00127D80  4E 00 00 00 00 00 00 00  N....... 00127D88  46 00 00 00 00 00 00 00  F....... 00127D90  4F 00 00 00 00 00 00 00  O....... 00127D98  50 00 00 00 00 00 00 00  P....... 00127DA0  52 00 00 00 00 00 00 00  R....... 00127DA8  54 00 00 00 00 00 00 00  T....... 00127DB0  53 00 00 00 00 00 00 00  S....... 00127DB8  55 00 00 00 00 00 00 00  U....... 00127DC0  49 00 00 00 00 00 00 00  I....... 00127DC8  51 00 00 00 00 00 00 00  Q....... 00127DD0  57 00 00 00 00 00 00 00  W....... 00127DD8  58 00 00 00 00 00 00 00  X....... 00127DE0  59 00 00 00 00 00 00 00  Y....... 00127DE8  56 00 00 00 00 00 00 00  V....... 00127DF0  5A 00 00 00 00 00 00 00  Z....... 00127DF8  32 00 00 00 00 00 00 00  2....... 00127E00  33 00 00 00 00 00 00 00  3....... 00127E08  35 00 00 00 00 00 00 00  5....... 00127E10  34 00 00 00 00 00 00 00  4....... 00127E18  36 00 00 00 00 00 00 00  6....... 00127E20  37 00 00 00 00 00 00 00  7....... 00127E28  38 00 00 00 00 00 00 00  8....... 00127E30  42 00 00 00 00 00 00 00  B....... 00127E38  39 00 00 00 00 00 00 00  9....... 00127E40  41 00 00 00 00 00 00 00  A....... 00127E48  45 00 00 00 00 00 00 00  E....... 00127E50  44 00 00 00 00 00 00 00  D....... 00127E58  47 00 00 00 00 00 00 00  G....... 00127E60  43 00 00 00 00 00 00 00  C....... 00127E68  48 00 00 00 00 00 00 00  H....... 00127E70  4A 00 00 00 00 00 00 00  J....... 00127E78  4B 00 00 00 00 00 00 00  K....... 00127E80  4C 00 00 00 00 00 00 00  L....... 00127E88  4D 00 00 00 00 00 00 00  M....... 00127E90  00 00 00 00 00 00 00 00  ........ 11E+余数作index %%%%%%%%%%%%%%%%%%%%%%%%%%%%% 515:        PUSH64       5d 516:        PUSH64       4f 517:        Pop64_pop64            //5D保存到4F处 518:        PUSH64       4f 519:        Pop64_push64 520:        PUSH64        1 521:        Pop64_pop64_Add_push64  //5D+1=5E 522:        Pop64_push64 523:        PUSH64       4f 524:        Pop64_push64           //4F->5D 525:        Pop64_push64           //5D->14 526:        PUSH64        0 527:        Pop64_pop64_Setbe_push64  //14>0,al=0 528:        PUSH64       40 529:        Pop64_pop64               //保存0到40处 530:        PUSH64        2 531:        PUSH64       51 532:        Pop64_pop64              //2保存到51 533:        PUSH64       4f          //@@@@@@@@@@@@@Loop begin 534:        Pop64_push64             //取出4F->5D 535:        PUSH64       51 536:        Pop64_push64             //取出51->02 537:        Pop64_pop64_Add_push64   //5D+02=5F 538:        Pop64_push64 539:        PUSH64       4f 540:        Pop64_push64 541:        PUSH64       51 542:        Pop64_push64 543:        Pop64_pop64_Add_push64  544:        PUSH64        1 545:        PUSH64 ffffffff 546:        Pop64_pop64_Mul_push64  547:        Pop64_pop64_Add_push64  ;5F-1=5E 548:        Pop64_pop64             ;50'p'存入5E 549:        PUSH64       51 550:        Pop64_push64 551:        PUSH64        1 552:        Pop64_pop64_Add_push64  553:        PUSH64       51 554:        Pop64_pop64 555:        PUSH64       51 556:        Pop64_push64 557:        PUSH64       4f 558:        Pop64_push64 559:        Pop64_push64 560:        Pop64_pop64_Setbe_push64 561:        Goto      533           //@@@@@@@@@@@@@Loop end %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+5D*8 00127778  14 00 00 00 00 00 00 00  ....... 00127780  50 00 00 00 00 00 00 00  P....... 00127788  4B 00 00 00 00 00 00 00  K....... 00127790  4E 00 00 00 00 00 00 00  N....... 00127798  42 00 00 00 00 00 00 00  B....... 001277A0  2D 00 00 00 00 00 00 00  -....... 001277A8  4E 00 00 00 00 00 00 00  N....... 001277B0  50 00 00 00 00 00 00 00  P....... 001277B8  38 00 00 00 00 00 00 00  8....... 001277C0  50 00 00 00 00 00 00 00  P....... 001277C8  2D 00 00 00 00 00 00 00  -....... 001277D0  53 00 00 00 00 00 00 00  S....... 001277D8  52 00 00 00 00 00 00 00  R....... 001277E0  50 00 00 00 00 00 00 00  P....... 001277E8  56 00 00 00 00 00 00 00  V....... 001277F0  2D 00 00 00 00 00 00 00  -....... 001277F8  53 00 00 00 00 00 00 00  S....... 00127800  46 00 00 00 00 00 00 00  F....... 00127808  57 00 00 00 00 00 00 00  W....... 00127810  36 00 00 00 00 00 00 00  6....... 00127818  36 00 00 00 00 00 00 00  6....... 00127820  36 00 00 00 00 00 00 00  6....... 00127828  36 00 00 00 00 00 00 00  6....... 00127830  36 00 00 00 00 00 00 00  6....... 00127838  36 00 00 00 00 00 00 00  6....... %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 562:        PUSH64       4f 563:        Pop64_push64         //4F->5D 564:        Pop64_push64         //5D->长度14 565:        PUSH64        1 566:        PUSH64 ffffffff 567:        Pop64_pop64_Mul_push64  568:        Pop64_pop64_Add_push64  569:        PUSH64       4f 570:        Pop64_push64 571:        Pop64_pop64        //保存长度13到5D 572:        PUSH64       2d 573:        Pop64_pop64_Sete_push64 //20=20，al=01 574:        PUSH64        0 575:        Pop64_pop64_Sete_push64 //al=0 576:        PUSH64       40 577:        Pop64_pop64            //保存到40 578:        PUSH64       9d 579:        PUSH64       4f 580:        Pop64_pop64           //9D保存到4F 581:        PUSH64        0 582:        PUSH64       4f 583:        Pop64_push64         //取4F处的9D 584:        Pop64_pop64          //0存入到9D 585:        PUSH64       5d 586:        PUSH64       4f 587:        Pop64_pop64         //5D存入4F处 588:        PUSH64       4f 589:        Pop64_push64 590:        PUSH64        1 591:        Pop64_pop64_Add_push64  //5D+1=5E 592:        Pop64_push64            //取出5E指向的50'P' 593:        PUSH64       4f 594:        Pop64_push64 595:        Pop64_push64 596:        PUSH64        0 597:        Pop64_pop64_Setbe_push64 598:        PUSH64       40 599:        Pop64_pop64 600:        PUSH64        2 601:        PUSH64       51 602:        Pop64_pop64 603:        PUSH64       4f        //@@@@@@@@@@@@@@@Loop Begin 604:        Pop64_push64 605:        PUSH64       51 606:        Pop64_push64 607:        Pop64_pop64_Add_push64  608:        Pop64_push64 609:        PUSH64       4f 610:        Pop64_push64 611:        PUSH64       51 612:        Pop64_push64 613:        Pop64_pop64_Add_push64  614:        PUSH64        1 615:        PUSH64 ffffffff 616:        Pop64_pop64_Mul_push64  617:        Pop64_pop64_Add_push64  618:        Pop64_pop64 619:        PUSH64       51 620:        Pop64_push64 621:        PUSH64        1 622:        Pop64_pop64_Add_push64  623:        PUSH64       51 624:        Pop64_pop64 625:        PUSH64       51 626:        Pop64_push64 627:        PUSH64       4f 628:        Pop64_push64 629:        Pop64_push64 630:        Pop64_pop64_Setbe_push64 631:        Goto      603       //@@@@@@@@@@@@@@@Loop end %%%%%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+5D*8 00127778  13 00 00 00 00 00 00 00  ....... 00127780  4B 00 00 00 00 00 00 00  K....... 00127788  4E 00 00 00 00 00 00 00  N....... 00127790  42 00 00 00 00 00 00 00  B....... 00127798  2D 00 00 00 00 00 00 00  -....... 001277A0  4E 00 00 00 00 00 00 00  N....... 001277A8  50 00 00 00 00 00 00 00  P....... 001277B0  38 00 00 00 00 00 00 00  8....... 001277B8  50 00 00 00 00 00 00 00  P....... 001277C0  2D 00 00 00 00 00 00 00  -....... 001277C8  53 00 00 00 00 00 00 00  S....... 001277D0  52 00 00 00 00 00 00 00  R....... 001277D8  50 00 00 00 00 00 00 00  P....... 001277E0  56 00 00 00 00 00 00 00  V....... 001277E8  2D 00 00 00 00 00 00 00  -....... 001277F0  53 00 00 00 00 00 00 00  S....... 001277F8  46 00 00 00 00 00 00 00  F....... 00127800  57 00 00 00 00 00 00 00  W....... 00127808  36 00 00 00 00 00 00 00  6....... 00127810  36 00 00 00 00 00 00 00  6....... 00127818  36 00 00 00 00 00 00 00  6....... 00127820  36 00 00 00 00 00 00 00  6....... 00127828  36 00 00 00 00 00 00 00  6....... 00127830  36 00 00 00 00 00 00 00  6....... 00127838  36 00 00 00 00 00 00 00  6....... 00127840  00 00 00 00 00 00 00 00  ........ %%%%%%%%%%%%%%%%%%%%%%% 632:        PUSH64       4f 633:        Pop64_push64 634:        Pop64_push64 635:        PUSH64        1 636:        PUSH64 ffffffff 637:        Pop64_pop64_Mul_push64  638:        Pop64_pop64_Add_push64  639:        PUSH64       4f 640:        Pop64_push64 641:        Pop64_pop64        //保存长度12到5D 642:        PUSH64       9d 643:        PUSH64       4f 644:        Pop64_pop64      //保存9D到4F 645:        PUSH64       4f 646:        Pop64_push64     //4F->9D 647:        Pop64_push64     //9D->00 648:        PUSH64        1 649:        Pop64_pop64_Add_push64  //00+01=01 650:        PUSH64       4f 651:        Pop64_push64 652:        Pop64_pop64     //保存01到9D 653:        PUSH64       4f 654:        Pop64_push64 655:        PUSH64       4f 656:        Pop64_push64    //保存9D到4F 657:        Pop64_push64    //保存01到9D 658:        Pop64_pop64_Add_push64 //9D+1=9E 659:        Pop64_pop64    //保存1到9E 660:        PUSH64       5d 661:        PUSH64       4f 662:        Pop64_pop64    //把5D存入4F 663:        PUSH64       4f 664:        Pop64_push64 665:        PUSH64        1 666:        Pop64_pop64_Add_push64  //5D+1=5E 667:        Pop64_push64            //取5E指向的字符4B'K' 668:        PUSH64       4f 669:        Pop64_push64 670:        Pop64_push64 671:        PUSH64        0 672:        Pop64_pop64_Setbe_push64 673:        PUSH64       40 674:        Pop64_pop64 675:        PUSH64        2 676:        PUSH64       51 677:        Pop64_pop64 678:        PUSH64       4f        //@@@@@@@@@@@@@@@loop begin 679:        Pop64_push64 680:        PUSH64       51 681:        Pop64_push64 682:        Pop64_pop64_Add_push64  683:        Pop64_push64 684:        PUSH64       4f 685:        Pop64_push64 686:        PUSH64       51 687:        Pop64_push64 688:        Pop64_pop64_Add_push64  689:        PUSH64        1 690:        PUSH64 ffffffff 691:        Pop64_pop64_Mul_push64  692:        Pop64_pop64_Add_push64  693:        Pop64_pop64 694:        PUSH64       51 695:        Pop64_push64 696:        PUSH64        1 697:        Pop64_pop64_Add_push64  698:        PUSH64       51 699:        Pop64_pop64 700:        PUSH64       51 701:        Pop64_push64 702:        PUSH64       4f 703:        Pop64_push64 704:        Pop64_push64 705:        Pop64_pop64_Setbe_push64 706:        Goto      678           //@@@@@@@@@@@@@@@loop end %%%%%%%%%%%%%%%%%%%%%%%%%%%% 00127778  12 00 00 00 00 00 00 00  ....... 00127780  4E 00 00 00 00 00 00 00  N....... 00127788  42 00 00 00 00 00 00 00  B....... 00127790  2D 00 00 00 00 00 00 00  -....... 00127798  4E 00 00 00 00 00 00 00  N....... 001277A0  50 00 00 00 00 00 00 00  P....... 001277A8  38 00 00 00 00 00 00 00  8....... 001277B0  50 00 00 00 00 00 00 00  P....... 001277B8  2D 00 00 00 00 00 00 00  -....... 001277C0  53 00 00 00 00 00 00 00  S....... 001277C8  52 00 00 00 00 00 00 00  R....... 001277D0  50 00 00 00 00 00 00 00  P....... 001277D8  56 00 00 00 00 00 00 00  V....... 001277E0  2D 00 00 00 00 00 00 00  -....... 001277E8  53 00 00 00 00 00 00 00  S....... 001277F0  46 00 00 00 00 00 00 00  F....... 001277F8  57 00 00 00 00 00 00 00  W....... 00127800  36 00 00 00 00 00 00 00  6....... 00127808  36 00 00 00 00 00 00 00  6....... 00127810  36 00 00 00 00 00 00 00  6....... 00127818  36 00 00 00 00 00 00 00  6....... 00127820  36 00 00 00 00 00 00 00  6....... 00127828  36 00 00 00 00 00 00 00  6....... 00127830  36 00 00 00 00 00 00 00  6....... 00127838  36 00 00 00 00 00 00 00  6....... 00127840  00 00 00 00 00 00 00 00  ........ %%%%%%%%%%%%%%%%%%%%%%%%%%%% 707:        PUSH64       4f 708:        Pop64_push64 709:        Pop64_push64 710:        PUSH64        1 711:        PUSH64 ffffffff 712:        Pop64_pop64_Mul_push64  713:        Pop64_pop64_Add_push64  714:        PUSH64       4f 715:        Pop64_push64 716:        Pop64_pop64 717:        PUSH64       9d 718:        PUSH64       4f 719:        Pop64_pop64 720:        PUSH64       4f 721:        Pop64_push64 722:        Pop64_push64 723:        PUSH64        1 724:        Pop64_pop64_Add_push64  725:        PUSH64       4f 726:        Pop64_push64 727:        Pop64_pop64 728:        PUSH64       4f 729:        Pop64_push64 730:        PUSH64       4f 731:        Pop64_push64 732:        Pop64_push64 733:        Pop64_pop64_Add_push64  734:        Pop64_pop64 735:        PUSH64       5d 736:        PUSH64       4f 737:        Pop64_pop64 738:        PUSH64       4f 739:        Pop64_push64 740:        PUSH64        1 741:        Pop64_pop64_Add_push64  742:        Pop64_push64 743:        PUSH64       4f 744:        Pop64_push64 745:        Pop64_push64 746:        PUSH64        0 747:        Pop64_pop64_Setbe_push64 748:        PUSH64       40 749:        Pop64_pop64 750:        PUSH64        2 751:        PUSH64       51 752:        Pop64_pop64 753:        PUSH64       4f          //@@@@@@@@@Loop begin 754:        Pop64_push64 755:        PUSH64       51 756:        Pop64_push64 757:        Pop64_pop64_Add_push64  758:        Pop64_push64 759:        PUSH64       4f 760:        Pop64_push64 761:        PUSH64       51 762:        Pop64_push64 763:        Pop64_pop64_Add_push64  764:        PUSH64        1 765:        PUSH64 ffffffff 766:        Pop64_pop64_Mul_push64  767:        Pop64_pop64_Add_push64  768:        Pop64_pop64 769:        PUSH64       51 770:        Pop64_push64 771:        PUSH64        1 772:        Pop64_pop64_Add_push64  773:        PUSH64       51 774:        Pop64_pop64 775:        PUSH64       51 776:        Pop64_push64 777:        PUSH64       4f 778:        Pop64_push64 779:        Pop64_push64 780:        Pop64_pop64_Setbe_push64 781:        Goto      753        //@@@@@@@@@Loop end 782:        PUSH64       4f 783:        Pop64_push64 784:        Pop64_push64 785:        PUSH64        1 786:        PUSH64 ffffffff 787:        Pop64_pop64_Mul_push64  788:        Pop64_pop64_Add_push64  789:        PUSH64       4f 790:        Pop64_push64 791:        Pop64_pop64 792:        PUSH64       9d 793:        PUSH64       4f 794:        Pop64_pop64 795:        PUSH64       4f 796:        Pop64_push64 797:        Pop64_push64 798:        PUSH64        1 799:        Pop64_pop64_Add_push64  800:        PUSH64       4f 801:        Pop64_push64 802:        Pop64_pop64 803:        PUSH64       4f 804:        Pop64_push64 805:        PUSH64       4f 806:        Pop64_push64 807:        Pop64_push64 808:        Pop64_pop64_Add_push64  809:        Pop64_pop64 810:        PUSH64       5d 811:        PUSH64       4f 812:        Pop64_pop64 813:        PUSH64       4f 814:        Pop64_push64 815:        PUSH64        1 816:        Pop64_pop64_Add_push64  817:        Pop64_push64 818:        PUSH64       4f 819:        Pop64_push64 820:        Pop64_push64 821:        PUSH64        0 822:        Pop64_pop64_Setbe_push64 823:        PUSH64       40 824:        Pop64_pop64 825:        PUSH64        2 826:        PUSH64       51 827:        Pop64_pop64 828:        PUSH64       4f 829:        Pop64_push64 830:        PUSH64       51 831:        Pop64_push64 832:        Pop64_pop64_Add_push64  833:        Pop64_push64 834:        PUSH64       4f 835:        Pop64_push64 836:        PUSH64       51 837:        Pop64_push64 838:        Pop64_pop64_Add_push64  839:        PUSH64        1 840:        PUSH64 ffffffff 841:        Pop64_pop64_Mul_push64  842:        Pop64_pop64_Add_push64  843:        Pop64_pop64 844:        PUSH64       51 845:        Pop64_push64 846:        PUSH64        1 847:        Pop64_pop64_Add_push64  848:        PUSH64       51 849:        Pop64_pop64 850:        PUSH64       51 851:        Pop64_push64 852:        PUSH64       4f 853:        Pop64_push64 854:        Pop64_push64 855:        Pop64_pop64_Setbe_push64 856:        Goto      828   //@@@@@@@@@@@ 857:        PUSH64       4f 858:        Pop64_push64 859:        Pop64_push64 860:        PUSH64        1 861:        PUSH64 ffffffff 862:        Pop64_pop64_Mul_push64  863:        Pop64_pop64_Add_push64  864:        PUSH64       4f 865:        Pop64_push64 866:        Pop64_pop64 867:        PUSH64       9d 868:        PUSH64       4f 869:        Pop64_pop64 870:        PUSH64       4f 871:        Pop64_push64 872:        Pop64_push64 873:        PUSH64        1 874:        Pop64_pop64_Add_push64  875:        PUSH64       4f 876:        Pop64_push64 877:        Pop64_pop64 878:        PUSH64       4f 879:        Pop64_push64 880:        PUSH64       4f 881:        Pop64_push64 882:        Pop64_push64 883:        Pop64_pop64_Add_push64  884:        Pop64_pop64 885:        PUSH64       5d 886:        PUSH64       4f 887:        Pop64_pop64 888:        PUSH64       4f 889:        Pop64_push64 890:        PUSH64        1 891:        Pop64_pop64_Add_push64  892:        Pop64_push64 893:        PUSH64       4f 894:        Pop64_push64 895:        Pop64_push64 896:        PUSH64        0 897:        Pop64_pop64_Setbe_push64 898:        PUSH64       40 899:        Pop64_pop64 900:        PUSH64        2 901:        PUSH64       51 902:        Pop64_pop64 903:        PUSH64       4f 904:        Pop64_push64 905:        PUSH64       51 906:        Pop64_push64 907:        Pop64_pop64_Add_push64  908:        Pop64_push64 909:        PUSH64       4f 910:        Pop64_push64 911:        PUSH64       51 912:        Pop64_push64 913:        Pop64_pop64_Add_push64  914:        PUSH64        1 915:        PUSH64 ffffffff 916:        Pop64_pop64_Mul_push64  917:        Pop64_pop64_Add_push64  918:        Pop64_pop64 919:        PUSH64       51 920:        Pop64_push64 921:        PUSH64        1 922:        Pop64_pop64_Add_push64  923:        PUSH64       51 924:        Pop64_pop64 925:        PUSH64       51 926:        Pop64_push64 927:        PUSH64       4f 928:        Pop64_push64 929:        Pop64_push64 930:        Pop64_pop64_Setbe_push64 931:        Goto      903         //@@@@@@@@@@@@@@@ 932:        PUSH64       4f 933:        Pop64_push64 934:        Pop64_push64 935:        PUSH64        1 936:        PUSH64 ffffffff 937:        Pop64_pop64_Mul_push64  938:        Pop64_pop64_Add_push64  939:        PUSH64       4f 940:        Pop64_push64 941:        Pop64_pop64 942:        PUSH64       2d 943:        Pop64_pop64_Sete_push64 944:        PUSH64        0 945:        Pop64_pop64_Sete_push64 946:        PUSH64       40 947:        Pop64_pop64 948:        PUSH64       5d 949:        PUSH64       4f 950:        Pop64_pop64 951:        PUSH64       4f 952:        Pop64_push64 953:        PUSH64        1 954:        Pop64_pop64_Add_push64  955:        Pop64_push64 956:        PUSH64       4f 957:        Pop64_push64 958:        Pop64_push64 959:        PUSH64        0 960:        Pop64_pop64_Setbe_push64 961:        PUSH64       40 962:        Pop64_pop64 963:        PUSH64        2 964:        PUSH64       51 965:        Pop64_pop64 966:        PUSH64       4f 967:        Pop64_push64 968:        PUSH64       51 969:        Pop64_push64 970:        Pop64_pop64_Add_push64  971:        Pop64_push64 972:        PUSH64       4f 973:        Pop64_push64 974:        PUSH64       51 975:        Pop64_push64 976:        Pop64_pop64_Add_push64  977:        PUSH64        1 978:        PUSH64 ffffffff 979:        Pop64_pop64_Mul_push64  980:        Pop64_pop64_Add_push64  981:        Pop64_pop64 982:        PUSH64       51 983:        Pop64_push64 984:        PUSH64        1 985:        Pop64_pop64_Add_push64  986:        PUSH64       51 987:        Pop64_pop64 988:        PUSH64       51 989:        Pop64_push64 990:        PUSH64       4f 991:        Pop64_push64 992:        Pop64_push64 993:        Pop64_pop64_Setbe_push64 994:        Goto      966         //@@@@@@@@@@@@@@@@ 995:        PUSH64       4f 996:        Pop64_push64 997:        Pop64_push64 998:        PUSH64        1 999:        PUSH64 ffffffff 1000:        Pop64_pop64_Mul_push64 1001:        Pop64_pop64_Add_push64 1002:        PUSH64       4f 1003:        Pop64_push6 1004:        Pop64_pop6 1005:        PUSH64       9d 1006:        PUSH64       4f 1007:        Pop64_pop6 1008:        PUSH64       4f 1009:        Pop64_push6 1010:        Pop64_push6 1011:        PUSH64        1 1012:        Pop64_pop64_Add_push64 1013:        PUSH64       4f 1014:        Pop64_push6 1015:        Pop64_pop6 1016:        PUSH64       4f 1017:        Pop64_push6 1018:        PUSH64       4f 1019:        Pop64_push6 1020:        Pop64_push6 1021:        Pop64_pop64_Add_push64 1022:        Pop64_pop6 1023:        PUSH64       5d 1024:        PUSH64       4f 1025:        Pop64_pop6 1026:        PUSH64       4f 1027:        Pop64_push6 1028:        PUSH64        1 1029:        Pop64_pop64_Add_push64 1030:        Pop64_push6 1031:        PUSH64       4f 1032:        Pop64_push6 1033:        Pop64_push6 1034:        PUSH64        0 1035:        Pop64_pop64_Setbe_push6 1036:        PUSH64       40 1037:        Pop64_pop6 1038:        PUSH64        2 1039:        PUSH64       51 1040:        Pop64_pop6 1041:        PUSH64       4f 1042:        Pop64_push6 1043:        PUSH64       51 1044:        Pop64_push6 1045:        Pop64_pop64_Add_push64 1046:        Pop64_push6 1047:        PUSH64       4f 1048:        Pop64_push6 1049:        PUSH64       51 1050:        Pop64_push6 1051:        Pop64_pop64_Add_push64 1052:        PUSH64        1 1053:        PUSH64 ffffffff 1054:        Pop64_pop64_Mul_push64 1055:        Pop64_pop64_Add_push64 1056:        Pop64_pop6 1057:        PUSH64       51 1058:        Pop64_push6 1059:        PUSH64        1 1060:        Pop64_pop64_Add_push64 1061:        PUSH64       51 1062:        Pop64_pop6 1063:        PUSH64       51 1064:        Pop64_push6 1065:        PUSH64       4f 1066:        Pop64_push6 1067:        Pop64_push6 1068:        Pop64_pop64_Setbe_push6 1069:        Goto     1041     //@@@@@@@@@@@@@@@ %%%%%%%%%%%%%%%%%%%%%%%%%%% 00127978  06 00 00 00 00 00 00 00  ....... 00127980  50 00 00 00 00 00 00 00  P....... 00127988  4B 00 00 00 00 00 00 00  K....... 00127990  4E 00 00 00 00 00 00 00  N....... 00127998  42 00 00 00 00 00 00 00  B....... 001279A0  4E 00 00 00 00 00 00 00  N....... 001279A8  50 00 00 00 00 00 00 00  P....... 001279B0  00 00 00 00 00 00 00 00  ........ TE25-PKNB-NP8P-SRPV-SFW6 %%%%%%%%%%%%%%%%%%%%%%%%%%% 1070:        PUSH64       4f 1071:        Pop64_push6 1072:        Pop64_push6 1073:        PUSH64        1 1074:        PUSH64 ffffffff 1075:        Pop64_pop64_Mul_push64 1076:        Pop64_pop64_Add_push64 1077:        PUSH64       4f 1078:        Pop64_push6 1079:        Pop64_pop6 1080:        PUSH64       9d 1081:        PUSH64       4f 1082:        Pop64_pop6 1083:        PUSH64       4f 1084:        Pop64_push6 1085:        Pop64_push6 1086:        PUSH64        1 1087:        Pop64_pop64_Add_push64 1088:        PUSH64       4f 1089:        Pop64_push6 1090:        Pop64_pop6 1091:        PUSH64       4f 1092:        Pop64_push6 1093:        PUSH64       4f 1094:        Pop64_push6 1095:        Pop64_push6 1096:        Pop64_pop64_Add_push64 1097:        Pop64_pop6 1098:        PUSH64        0 1099:        PUSH64       5b      //把0存入5B处 1100:        Pop64_pop6 1101:        PUSH64        0 1102:        PUSH64       5a     //把0存入5A处 1103:        Pop64_pop6 1104:        PUSH64        1 1105:        PUSH64       51 1106:        Pop64_pop6         //把1存入51处，这是计数器 1107:        PUSH64        1 1108:        PUSH64       59 1109:        Pop64_pop6         //把1存入59处 1110:        PUSH64 ffffffff        //@@@@@@@@@@@Loop begin 1 1111:        PUSH64       5c     1112:        Pop64_pop6           //把-1存到5C处 1113:        PUSH64        0 1114:        PUSH64       52 1115:        Pop64_pop6           //把0存到52 1116:        PUSH64       52         //@@@@@@@@@@@Loop begin 2        1117:        Pop64_push6 1118:        PUSH64       5a 1119:        Pop64_push6             //取出5A处的61 1120:        Pop64_pop64_Add_push64  //0+61=61 1121:        PUSH64       51  1122:        Pop64_push6             //取出计数器i(1-6) 1123:        PUSH64        7 1124:        Pop64_pop64_Mul_push64  //i*7,6*7=2A 1125:        Pop64_pop64_Add_push64  //61+2A=8B 1126:        PUSH64_2 1127:        PUSH64       22 1128:        Pop64_pop64_Div_push64  //8B/22=4 1129:        PUSH64       22 1130:        Pop64_pop64_Mul_push64 1131:        PUSH64 ffffffff 1132:        Pop64_pop64_Mul_push64 1133:        Pop64_pop64_Add_push64  //余数8B-22*4=3 1134:        PUSH64        1 1135:        Pop64_pop64_Add_push64  //3+1=4 1136:        PUSH64      11d 1137:        Pop64_pop64_Add_push64  //4+11D=121 1138:        Pop64_push6             //取出121指向的50'P' //查表 %%%%%%%%%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+11e*8 00127D80  4E 00 00 00 00 00 00 00 46 00 00 00 00 00 00 00  N.......F....... 00127D90  4F 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00  O.......P....... 00127DA0  52 00 00 00 00 00 00 00 54 00 00 00 00 00 00 00  R.......T....... 00127DB0  53 00 00 00 00 00 00 00 55 00 00 00 00 00 00 00  S.......U....... 00127DC0  49 00 00 00 00 00 00 00 51 00 00 00 00 00 00 00  I.......Q....... 00127DD0  57 00 00 00 00 00 00 00 58 00 00 00 00 00 00 00  W.......X....... 00127DE0  59 00 00 00 00 00 00 00 56 00 00 00 00 00 00 00  Y.......V....... 00127DF0  5A 00 00 00 00 00 00 00 32 00 00 00 00 00 00 00  Z.......2....... 00127E00  33 00 00 00 00 00 00 00 35 00 00 00 00 00 00 00  3.......5....... 00127E10  34 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00  4.......6....... 00127E20  37 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00  7.......8....... 00127E30  42 00 00 00 00 00 00 00 39 00 00 00 00 00 00 00  B.......9....... 00127E40  41 00 00 00 00 00 00 00 45 00 00 00 00 00 00 00  A.......E....... 00127E50  44 00 00 00 00 00 00 00 47 00 00 00 00 00 00 00  D.......G....... 00127E60  43 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00  C.......H....... 00127E70  4A 00 00 00 00 00 00 00 4B 00 00 00 00 00 00 00  J.......K....... 00127E80  4C 00 00 00 00 00 00 00 4D 00 00 00 00 00 00 00  L.......M....... 00127E90  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 对34取模，用余数来查表 d ebp+0FFFF7FE0+09D*8 00127978  06 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00  .......P....... 00127988  4B 00 00 00 00 00 00 00 4E 00 00 00 00 00 00 00  K.......N....... 00127998  42 00 00 00 00 00 00 00 4E 00 00 00 00 00 00 00  B.......N....... 001279A8  50 00 00 00 00 00 00 00                          P....... %%%%%%%%%%%%%%%%%%%%%%%%%%% 1139:        PUSH64       9d 1140:        PUSH64       51          1141:        Pop64_push6            //取51处的计数器i 1142:        Pop64_pop64_Add_push64 //9D+i，9D+6=A3 1143:        Pop64_push6            //取A3处的50'P' 1144:        Pop64_pop64_Sete_push6 //p=p，al=1 1145:        PUSH64        0 1146:        Pop64_pop64_Sete_push6 //al=0 1147:        Goto     1156         //al=0不跳，向后@@@@@@@@@@@@@@@@@@@@@@@@@@ 1148:        PUSH64       52 1149:        Pop64_push6           //取出52处的0 1150:        PUSH64       5c 1151:        Pop64_pop6           //保存到5C中 1152:        PUSH64        0 1153:        PUSH64        0 1154:        Pop64_pop64_Sete_push6 //al=1 1155:        Goto     1167       //al=1，跳了，向后@@@@@@@@ 1156:        PUSH64       52 1157:        Pop64_push6 1158:        PUSH64        1 1159:        Pop64_pop64_Add_push64    ;+1 1160:        PUSH64       52 1161:        Pop64_pop6 1162:        PUSH64       52 1163:        Pop64_push6 1164:        PUSH64       22 1165:        Pop64_pop64_Setb_push6 1166:        Goto     1116     //向前//@@@@@@@@@@@Loop begin 2 1167:        PUSH64       5c 1168:        Pop64_push6              //取出5C处的0 1169:        PUSH64        0 1170:        Pop64_pop64_Setb_push6   //1>0,al=0 1171:        PUSH64       40 1172:        Pop64_pop6               //0保存到40处 1173:        PUSH64       5b           1174:        Pop64_push6              //取出5B处的00103D48(i=5)，0024A158(i=6) 1175:        PUSH64       5c           1176:        Pop64_push6             //取出5C处的1(i=5),0(i=6) 1177:        PUSH64       59 1178:        Pop64_push6             //取出59处的00146410(i=5),02B54A20(i=6) 1179:        Pop64_pop64_Mul_push64  //146410*1=146410(i=5),0*02B54A20=0(i=6) 1180:        Pop64_pop64_Add_push64  //00103D48+00146410=0024A158(i=5),24A158+0=24A158(i=6) 1181:        PUSH64       5b 1182:        Pop64_pop6              //保存0024A158到5B处 1183:        PUSH64       5a 1184:        Pop64_push6             //取出5A处的00000020 1185:        PUSH64        3 1186:        Pop64_pop64_Mul_push64  //20*3=60 1187:        PUSH64       5c 1188:        Pop64_push6            //取出5C处的1 1189:        Pop64_pop64_Add_push64 //60+1=61 1190:        PUSH64_2 1191:        PUSH64       64  1192:        Pop64_pop64_Div_push64 //61/64=0，余61 1193:        PUSH64       64 1194:        Pop64_pop64_Mul_push64  //0*64=0 1195:        PUSH64 ffffffff 1196:        Pop64_pop64_Mul_push64   1197:        Pop64_pop64_Add_push64 //得到余数61 1198:        PUSH64       5a 1199:        Pop64_pop6            //保存到5A处 1200:        PUSH64       59      1201:        Pop64_push6           //取出59处的00146410       1202:        PUSH64       22 1203:        Pop64_pop64_Mul_push64  //00146410 *22=2B54A20 1204:        PUSH64       59 1205:        Pop64_pop6             //保存2B54A20到59处 1206:        PUSH64       51 1207:        Pop64_push6           //取出51处的计数器i(5) 1208:        PUSH64        1 1209:        Pop64_pop64_Add_push64  //加1 1210:        PUSH64       51 1211:        Pop64_pop6             //保存计数器 1212:        PUSH64       51 1213:        Pop64_push6 1214:        PUSH64       9d 1215:        Pop64_push6           //取出9D处的6 1216:        Pop64_pop64_Setbe_push6 1217:        Goto     1110         //@@@@@@@@@@@@Loop end 1，<=6的时候跳上去循环 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+050*8 00127710  1E 01 00 00 00 00 00 00 07 00 00 00 00 00 00 00  ............. 00127720  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 00127730  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 00127740  00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00  .T&.......... 00127750  17 00 00 00 00 00 00 00 40 D8 13 5C 00 00 00 00  .......@?\.... 00127760  5B 00 00 00 00 00 00 00 58 A1 24 00 00 00 00 00  [.......X?..... 00127770  00 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00  ................ 00127780  38 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00  8.......P....... 00127790  2D 00 00 00 00 00 00 00 53 00 00 00 00 00 00 00  -.......S....... 001277A0  52 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00  R.......P....... 001277B0  56 00 00 00 00 00 00 00 2D 00 00 00 00 00 00 00  V.......-....... 001277C0  53 00 00 00 00 00 00 00 46 00 00 00 00 00 00 00  S.......F....... 001277D0  57 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00  W.......6....... 001277E0  36 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00  6.......6....... 001277F0  36 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00  6.......6....... 00127800  36 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00  6.......6....... 00127810  36 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00  6.......6....... 00127820  36 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00  6.......6....... 00127830  36 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00  6.......6....... 00127840  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 1218:        PUSH64       5b 1219:        Pop64_push6           //取5B处的24A158 1220:        PUSH64_2 1221:        PUSH64_2 1222:        PUSH64      258 1223:        Pop64_pop64_Div_push64 //24A158/258=FA1 1224:        PUSH64      258 1225:        Pop64_pop64_Mul_push64 1226:        PUSH64 ffffffff 1227:        Pop64_pop64_Mul_push64 1228:        Pop64_pop64_Add_push64 //24A158-258*FA1=0 1229:        PUSH64       45 1230:        Pop64_pop6             //余数保存在45处 1231:        PUSH64      258 1232:        Pop64_pop64_Div_push64 //24A158/258=FA1 1233:        PUSH64_2 1234:        PUSH64_2 1235:        PUSH64      7d0 1236:        Pop64_pop64_Div_push64 //FA1/7D0=2 1237:        PUSH64      7d0 1238:        Pop64_pop64_Mul_push64 1239:        PUSH64 ffffffff 1240:        Pop64_pop64_Mul_push64 1241:        Pop64_pop64_Add_push64 //FA1-7D0*2=1 1242:        PUSH64       4b 1243:        Pop64_pop6             //保存1到4B处 1244:        PUSH64      7d0 1245:        Pop64_pop64_Div_push64  //FA1/7D0=2 1246:        PUSH64       4a 1247:        Pop64_pop6              //保存2到4A处 1248:        PUSH64       9d 1249:        PUSH64       4f 1250:        Pop64_pop6              //9D存入到4F 1251:        PUSH64        0 1252:        PUSH64       4f 1253:        Pop64_push6             //取4F处的9D 1254:        Pop64_pop6              //0保存到9D处 1255:        PUSH64       5d 1256:        PUSH64       4f 1257:        Pop64_pop6              //5D保存到4F 1258:        PUSH64       4f 1259:        Pop64_push6             //取出4F->5D 1260:        PUSH64        1 1261:        Pop64_pop64_Add_push64  //5D+1=5E 1262:        Pop64_push6             //取出5E指向的38'8' 1263:        PUSH64       4f 1264:        Pop64_push6 1265:        Pop64_push6 1266:        PUSH64        0 1267:        Pop64_pop64_Setbe_push6 1268:        PUSH64       40 1269:        Pop64_pop6 1270:        PUSH64        2 1271:        PUSH64       51 1272:        Pop64_pop6 1273:        PUSH64       4f             //@@@@@@@@@@@@@loop begin 1274:        Pop64_push6 1275:        PUSH64       51 1276:        Pop64_push6 1277:        Pop64_pop64_Add_push64 1278:        Pop64_push6 1279:        PUSH64       4f 1280:        Pop64_push6 1281:        PUSH64       51 1282:        Pop64_push6 1283:        Pop64_pop64_Add_push64 1284:        PUSH64        1 1285:        PUSH64 ffffffff 1286:        Pop64_pop64_Mul_push64 1287:        Pop64_pop64_Add_push64 1288:        Pop64_pop6 1289:        PUSH64       51 1290:        Pop64_push6 1291:        PUSH64        1 1292:        Pop64_pop64_Add_push64 1293:        PUSH64       51 1294:        Pop64_pop6 1295:        PUSH64       51 1296:        Pop64_push6 1297:        PUSH64       4f 1298:        Pop64_push6 1299:        Pop64_push6 1300:        Pop64_pop64_Setbe_push6 1301:        Goto     1273            //@@@@@@@@@@@@@8 loop end  %%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%% 1302:        PUSH64       4f 1303:        Pop64_push6 1304:        Pop64_push6 1305:        PUSH64        1 1306:        PUSH64 ffffffff 1307:        Pop64_pop64_Mul_push64 1308:        Pop64_pop64_Add_push64 1309:        PUSH64       4f 1310:        Pop64_push6 1311:        Pop64_pop6 1312:        PUSH64       9d 1313:        PUSH64       4f 1314:        Pop64_pop6 1315:        PUSH64       4f 1316:        Pop64_push6 1317:        Pop64_push6 1318:        PUSH64        1 1319:        Pop64_pop64_Add_push64 1320:        PUSH64       4f 1321:        Pop64_push6 1322:        Pop64_pop6 1323:        PUSH64       4f 1324:        Pop64_push6 1325:        PUSH64       4f 1326:        Pop64_push6 1327:        Pop64_push6 1328:        Pop64_pop64_Add_push64 1329:        Pop64_pop6 1330:        PUSH64       5d 1331:        PUSH64       4f 1332:        Pop64_pop6 1333:        PUSH64       4f 1334:        Pop64_push6 1335:        PUSH64        1 1336:        Pop64_pop64_Add_push64 1337:        Pop64_push6 1338:        PUSH64       4f 1339:        Pop64_push6 1340:        Pop64_push6 1341:        PUSH64        0 1342:        Pop64_pop64_Setbe_push6 1343:        PUSH64       40 1344:        Pop64_pop6 1345:        PUSH64        2 1346:        PUSH64       51 1347:        Pop64_pop6 1348:        PUSH64       4f 1349:        Pop64_push6 1350:        PUSH64       51 1351:        Pop64_push6 1352:        Pop64_pop64_Add_push64 1353:        Pop64_push6 1354:        PUSH64       4f 1355:        Pop64_push6 1356:        PUSH64       51 1357:        Pop64_push6 1358:        Pop64_pop64_Add_push64 1359:        PUSH64        1 1360:        PUSH64 ffffffff 1361:        Pop64_pop64_Mul_push64 1362:        Pop64_pop64_Add_push64 1363:        Pop64_pop6 1364:        PUSH64       51 1365:        Pop64_push6 1366:        PUSH64        1 1367:        Pop64_pop64_Add_push64 1368:        PUSH64       51 1369:        Pop64_pop6 1370:        PUSH64       51 1371:        Pop64_push6 1372:        PUSH64       4f 1373:        Pop64_push6 1374:        Pop64_push6 1375:        Pop64_pop64_Setbe_push6 1376:        Goto     1348            //@@@@@@@@@@@@@@@@@@@@@@@p 1377:        PUSH64       4f 1378:        Pop64_push6 1379:        Pop64_push6 1380:        PUSH64        1 1381:        PUSH64 ffffffff 1382:        Pop64_pop64_Mul_push64 1383:        Pop64_pop64_Add_push64 1384:        PUSH64       4f 1385:        Pop64_push6 1386:        Pop64_pop6 1387:        PUSH64       9d 1388:        PUSH64       4f 1389:        Pop64_pop6 1390:        PUSH64       4f 1391:        Pop64_push6 1392:        Pop64_push6 1393:        PUSH64        1 1394:        Pop64_pop64_Add_push64 1395:        PUSH64       4f 1396:        Pop64_push6 1397:        Pop64_pop6 1398:        PUSH64       4f 1399:        Pop64_push6 1400:        PUSH64       4f 1401:        Pop64_push6 1402:        Pop64_push6 1403:        Pop64_pop64_Add_push64 1404:        Pop64_pop6 1405:        PUSH64       5d 1406:        PUSH64       4f 1407:        Pop64_pop6 1408:        PUSH64       4f 1409:        Pop64_push6 1410:        PUSH64        1 1411:        Pop64_pop64_Add_push64 1412:        Pop64_push6 1413:        PUSH64       4f 1414:        Pop64_push6 1415:        Pop64_push6 1416:        PUSH64        0 1417:        Pop64_pop64_Setbe_push6 1418:        PUSH64       40 1419:        Pop64_pop6 1420:        PUSH64        2 1421:        PUSH64       51 1422:        Pop64_pop6 1423:        PUSH64       4f 1424:        Pop64_push6 1425:        PUSH64       51 1426:        Pop64_push6 1427:        Pop64_pop64_Add_push64 1428:        Pop64_push6 1429:        PUSH64       4f 1430:        Pop64_push6 1431:        PUSH64       51 1432:        Pop64_push6 1433:        Pop64_pop64_Add_push64 1434:        PUSH64        1 1435:        PUSH64 ffffffff 1436:        Pop64_pop64_Mul_push64 1437:        Pop64_pop64_Add_push64 1438:        Pop64_pop6 1439:        PUSH64       51 1440:        Pop64_push6 1441:        PUSH64        1 1442:        Pop64_pop64_Add_push64 1443:        PUSH64       51 1444:        Pop64_pop6 1445:        PUSH64       51 1446:        Pop64_push6 1447:        PUSH64       4f 1448:        Pop64_push6 1449:        Pop64_push6 1450:        Pop64_pop64_Setbe_push6 1451:        Goto     1423          //@@@@@@@@@@@@@@- 1452:        PUSH64       4f 1453:        Pop64_push6 1454:        Pop64_push6 1455:        PUSH64        1 1456:        PUSH64 ffffffff 1457:        Pop64_pop64_Mul_push64 1458:        Pop64_pop64_Add_push64 1459:        PUSH64       4f 1460:        Pop64_push6 1461:        Pop64_pop6 1462:        PUSH64       2d              //- 1463:        Pop64_pop64_Sete_push6 1464:        PUSH64        0 1465:        Pop64_pop64_Sete_push6 1466:        PUSH64       40 1467:        Pop64_pop6 1468:        PUSH64       5d 1469:        PUSH64       4f 1470:        Pop64_pop6 1471:        PUSH64       4f 1472:        Pop64_push6 1473:        PUSH64        1 1474:        Pop64_pop64_Add_push64 1475:        Pop64_push6 1476:        PUSH64       4f 1477:        Pop64_push6 1478:        Pop64_push6 1479:        PUSH64        0 1480:        Pop64_pop64_Setbe_push6 1481:        PUSH64       40 1482:        Pop64_pop6 1483:        PUSH64        2 1484:        PUSH64       51 1485:        Pop64_pop6 1486:        PUSH64       4f 1487:        Pop64_push6 1488:        PUSH64       51 1489:        Pop64_push6 1490:        Pop64_pop64_Add_push64 1491:        Pop64_push6 1492:        PUSH64       4f 1493:        Pop64_push6 1494:        PUSH64       51 1495:        Pop64_push6 1496:        Pop64_pop64_Add_push64 1497:        PUSH64        1 1498:        PUSH64 ffffffff 1499:        Pop64_pop64_Mul_push64 1500:        Pop64_pop64_Add_push64 1501:        Pop64_pop6 1502:        PUSH64       51 1503:        Pop64_push6 1504:        PUSH64        1 1505:        Pop64_pop64_Add_push64 1506:        PUSH64       51 1507:        Pop64_pop6 1508:        PUSH64       51 1509:        Pop64_push6 1510:        PUSH64       4f 1511:        Pop64_push6 1512:        Pop64_push6 1513:        Pop64_pop64_Setbe_push6 1514:        Goto     1486          //@@@@@@@@@@@@@@ 1515:        PUSH64       4f 1516:        Pop64_push6 1517:        Pop64_push6 1518:        PUSH64        1 1519:        PUSH64 ffffffff 1520:        Pop64_pop64_Mul_push64 1521:        Pop64_pop64_Add_push64 1522:        PUSH64       4f 1523:        Pop64_push6 1524:        Pop64_pop6 1525:        PUSH64       9d 1526:        PUSH64       4f 1527:        Pop64_pop6 1528:        PUSH64       4f 1529:        Pop64_push6 1530:        Pop64_push6 1531:        PUSH64        1 1532:        Pop64_pop64_Add_push64 1533:        PUSH64       4f 1534:        Pop64_push6 1535:        Pop64_pop6 1536:        PUSH64       4f 1537:        Pop64_push6 1538:        PUSH64       4f 1539:        Pop64_push6 1540:        Pop64_push6 1541:        Pop64_pop64_Add_push64 1542:        Pop64_pop6 1543:        PUSH64       5d 1544:        PUSH64       4f 1545:        Pop64_pop6 1546:        PUSH64       4f 1547:        Pop64_push6 1548:        PUSH64        1 1549:        Pop64_pop64_Add_push64 1550:        Pop64_push6 1551:        PUSH64       4f 1552:        Pop64_push6 1553:        Pop64_push6 1554:        PUSH64        0 1555:        Pop64_pop64_Setbe_push6 1556:        PUSH64       40 1557:        Pop64_pop6 1558:        PUSH64        2 1559:        PUSH64       51 1560:        Pop64_pop6 1561:        PUSH64       4f 1562:        Pop64_push6 1563:        PUSH64       51 1564:        Pop64_push6 1565:        Pop64_pop64_Add_push64 1566:        Pop64_push6 1567:        PUSH64       4f 1568:        Pop64_push6 1569:        PUSH64       51 1570:        Pop64_push6 1571:        Pop64_pop64_Add_push64 1572:        PUSH64        1 1573:        PUSH64 ffffffff 1574:        Pop64_pop64_Mul_push64 1575:        Pop64_pop64_Add_push64 1576:        Pop64_pop6 1577:        PUSH64       51 1578:        Pop64_push6 1579:        PUSH64        1 1580:        Pop64_pop64_Add_push64 1581:        PUSH64       51 1582:        Pop64_pop6 1583:        PUSH64       51 1584:        Pop64_push6 1585:        PUSH64       4f 1586:        Pop64_push6 1587:        Pop64_push6 1588:        Pop64_pop64_Setbe_push6 1589:        Goto     1561           //@@@@@@@@@@@@@@ 1590:        PUSH64       4f 1591:        Pop64_push6 1592:        Pop64_push6 1593:        PUSH64        1 1594:        PUSH64 ffffffff 1595:        Pop64_pop64_Mul_push64 1596:        Pop64_pop64_Add_push64 1597:        PUSH64       4f 1598:        Pop64_push6 1599:        Pop64_pop6 1600:        PUSH64       9d 1601:        PUSH64       4f 1602:        Pop64_pop6 1603:        PUSH64       4f 1604:        Pop64_push6 1605:        Pop64_push6 1606:        PUSH64        1 1607:        Pop64_pop64_Add_push64 1608:        PUSH64       4f 1609:        Pop64_push6 1610:        Pop64_pop6 1611:        PUSH64       4f 1612:        Pop64_push6 1613:        PUSH64       4f 1614:        Pop64_push6 1615:        Pop64_push6 1616:        Pop64_pop64_Add_push64 1617:        Pop64_pop6 1618:        PUSH64       5d 1619:        PUSH64       4f 1620:        Pop64_pop6 1621:        PUSH64       4f 1622:        Pop64_push6 1623:        PUSH64        1 1624:        Pop64_pop64_Add_push64 1625:        Pop64_push6 1626:        PUSH64       4f 1627:        Pop64_push6 1628:        Pop64_push6 1629:        PUSH64        0 1630:        Pop64_pop64_Setbe_push6 1631:        PUSH64       40 1632:        Pop64_pop6 1633:        PUSH64        2 1634:        PUSH64       51 1635:        Pop64_pop6 1636:        PUSH64       4f 1637:        Pop64_push6 1638:        PUSH64       51 1639:        Pop64_push6 1640:        Pop64_pop64_Add_push64 1641:        Pop64_push6 1642:        PUSH64       4f 1643:        Pop64_push6 1644:        PUSH64       51 1645:        Pop64_push6 1646:        Pop64_pop64_Add_push64 1647:        PUSH64        1 1648:        PUSH64 ffffffff 1649:        Pop64_pop64_Mul_push64 1650:        Pop64_pop64_Add_push64 1651:        Pop64_pop6 1652:        PUSH64       51 1653:        Pop64_push6 1654:        PUSH64        1 1655:        Pop64_pop64_Add_push64 1656:        PUSH64       51 1657:        Pop64_pop6 1658:        PUSH64       51 1659:        Pop64_push6 1660:        PUSH64       4f 1661:        Pop64_push6 1662:        Pop64_push6 1663:        Pop64_pop64_Setbe_push6 1664:        Goto     1636                //@@@@@@@@@@@@@@@ %%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%% 1665:        PUSH64       4f 1666:        Pop64_push6 1667:        Pop64_push6 1668:        PUSH64        1 1669:        PUSH64 ffffffff 1670:        Pop64_pop64_Mul_push64 1671:        Pop64_pop64_Add_push64 1672:        PUSH64       4f 1673:        Pop64_push6 1674:        Pop64_pop6 1675:        PUSH64       9d 1676:        PUSH64       4f 1677:        Pop64_pop6 1678:        PUSH64       4f 1679:        Pop64_push6 1680:        Pop64_push6 1681:        PUSH64        1 1682:        Pop64_pop64_Add_push64 1683:        PUSH64       4f 1684:        Pop64_push6 1685:        Pop64_pop6 1686:        PUSH64       4f 1687:        Pop64_push6 1688:        PUSH64       4f 1689:        Pop64_push6 1690:        Pop64_push6 1691:        Pop64_pop64_Add_push64 1692:        Pop64_pop6 1693:        PUSH64       5d 1694:        PUSH64       4f 1695:        Pop64_pop6 1696:        PUSH64       4f 1697:        Pop64_push6 1698:        PUSH64        1 1699:        Pop64_pop64_Add_push64 1700:        Pop64_push6 1701:        PUSH64       4f 1702:        Pop64_push6 1703:        Pop64_push6 1704:        PUSH64        0 1705:        Pop64_pop64_Setbe_push6 1706:        PUSH64       40 1707:        Pop64_pop6 1708:        PUSH64        2 1709:        PUSH64       51 1710:        Pop64_pop6 1711:        PUSH64       4f 1712:        Pop64_push6 1713:        PUSH64       51 1714:        Pop64_push6 1715:        Pop64_pop64_Add_push64 1716:        Pop64_push6 1717:        PUSH64       4f 1718:        Pop64_push6 1719:        PUSH64       51 1720:        Pop64_push6 1721:        Pop64_pop64_Add_push64 1722:        PUSH64        1 1723:        PUSH64 ffffffff 1724:        Pop64_pop64_Mul_push64 1725:        Pop64_pop64_Add_push64 1726:        Pop64_pop6 1727:        PUSH64       51 1728:        Pop64_push6 1729:        PUSH64        1 1730:        Pop64_pop64_Add_push64 1731:        PUSH64       51 1732:        Pop64_pop6 1733:        PUSH64       51 1734:        Pop64_push6 1735:        PUSH64       4f 1736:        Pop64_push6 1737:        Pop64_push6 1738:        Pop64_pop64_Setbe_push6 1739:        Goto     1711              //@@@@@@@@@@@@@@@@@@@@@@@ 1740:        PUSH64       4f 1741:        Pop64_push6 1742:        Pop64_push6 1743:        PUSH64        1 1744:        PUSH64 ffffffff 1745:        Pop64_pop64_Mul_push64 1746:        Pop64_pop64_Add_push64 1747:        PUSH64       4f 1748:        Pop64_push6 1749:        Pop64_pop6 1750:        PUSH64       9d 1751:        PUSH64       4f 1752:        Pop64_pop6 1753:        PUSH64       4f 1754:        Pop64_push6 1755:        Pop64_push6 1756:        PUSH64        1 1757:        Pop64_pop64_Add_push64 1758:        PUSH64       4f 1759:        Pop64_push6 1760:        Pop64_pop6 1761:        PUSH64       4f 1762:        Pop64_push6 1763:        PUSH64       4f 1764:        Pop64_push6 1765:        Pop64_push6 1766:        Pop64_pop64_Add_push64 1767:        Pop64_pop6 1768:        PUSH64       5d 1769:        PUSH64       4f 1770:        Pop64_pop6 1771:        PUSH64       4f 1772:        Pop64_push6 1773:        PUSH64        1 1774:        Pop64_pop64_Add_push64 1775:        Pop64_push6 1776:        PUSH64       4f 1777:        Pop64_push6 1778:        Pop64_push6 1779:        PUSH64        0 1780:        Pop64_pop64_Setbe_push6 1781:        PUSH64       40 1782:        Pop64_pop6 1783:        PUSH64        2 1784:        PUSH64       51 1785:        Pop64_pop6 1786:        PUSH64       4f 1787:        Pop64_push6 1788:        PUSH64       51 1789:        Pop64_push6 1790:        Pop64_pop64_Add_push64 1791:        Pop64_push6 1792:        PUSH64       4f 1793:        Pop64_push6 1794:        PUSH64       51 1795:        Pop64_push6 1796:        Pop64_pop64_Add_push64 1797:        PUSH64        1 1798:        PUSH64 ffffffff 1799:        Pop64_pop64_Mul_push64 1800:        Pop64_pop64_Add_push64 1801:        Pop64_pop6 1802:        PUSH64       51 1803:        Pop64_push6 1804:        PUSH64        1 1805:        Pop64_pop64_Add_push64 1806:        PUSH64       51 1807:        Pop64_pop6 1808:        PUSH64       51 1809:        Pop64_push6 1810:        PUSH64       4f 1811:        Pop64_push6 1812:        Pop64_push6 1813:        Pop64_pop64_Setbe_push6 1814:        Goto     1786            //@@@@@@@@@@@@@@@@@@ 1815:        PUSH64       4f 1816:        Pop64_push6 1817:        Pop64_push6 1818:        PUSH64        1 1819:        PUSH64 ffffffff 1820:        Pop64_pop64_Mul_push64 1821:        Pop64_pop64_Add_push64 1822:        PUSH64       4f 1823:        Pop64_push6 1824:        Pop64_pop6 1825:        PUSH64       2d         //- 1826:        Pop64_pop64_Sete_push6 1827:        PUSH64        0 1828:        Pop64_pop64_Sete_push6 1829:        PUSH64       40 1830:        Pop64_pop6 1831:        PUSH64       5d 1832:        PUSH64       4f 1833:        Pop64_pop6 1834:        PUSH64       4f 1835:        Pop64_push6 1836:        PUSH64        1 1837:        Pop64_pop64_Add_push64 1838:        Pop64_push6 1839:        PUSH64       4f 1840:        Pop64_push6 1841:        Pop64_push6 1842:        PUSH64        0 1843:        Pop64_pop64_Setbe_push6 1844:        PUSH64       40 1845:        Pop64_pop6 1846:        PUSH64        2 1847:        PUSH64       51 1848:        Pop64_pop6 1849:        PUSH64       4f 1850:        Pop64_push6 1851:        PUSH64       51 1852:        Pop64_push6 1853:        Pop64_pop64_Add_push64 1854:        Pop64_push6 1855:        PUSH64       4f 1856:        Pop64_push6 1857:        PUSH64       51 1858:        Pop64_push6 1859:        Pop64_pop64_Add_push64 1860:        PUSH64        1 1861:        PUSH64 ffffffff 1862:        Pop64_pop64_Mul_push64 1863:        Pop64_pop64_Add_push64 1864:        Pop64_pop6 1865:        PUSH64       51 1866:        Pop64_push6 1867:        PUSH64        1 1868:        Pop64_pop64_Add_push64 1869:        PUSH64       51 1870:        Pop64_pop6 1871:        PUSH64       51 1872:        Pop64_push6 1873:        PUSH64       4f 1874:        Pop64_push6 1875:        Pop64_push6 1876:        Pop64_pop64_Setbe_push6 1877:        Goto     1849              //@@@@@@@@@@@@@@@@@@@@ 1878:        PUSH64       4f 1879:        Pop64_push6 1880:        Pop64_push6 1881:        PUSH64        1 1882:        PUSH64 ffffffff 1883:        Pop64_pop64_Mul_push64 1884:        Pop64_pop64_Add_push64 1885:        PUSH64       4f 1886:        Pop64_push6 1887:        Pop64_pop6 1888:        PUSH64       9d 1889:        PUSH64       4f 1890:        Pop64_pop6 1891:        PUSH64       4f 1892:        Pop64_push6 1893:        Pop64_push6 1894:        PUSH64        1 1895:        Pop64_pop64_Add_push64 1896:        PUSH64       4f 1897:        Pop64_push6 1898:        Pop64_pop6 1899:        PUSH64       4f 1900:        Pop64_push6 1901:        PUSH64       4f 1902:        Pop64_push6 1903:        Pop64_push6 1904:        Pop64_pop64_Add_push64 1905:        Pop64_pop6 1906:        PUSH64       5d 1907:        PUSH64       4f 1908:        Pop64_pop6 1909:        PUSH64       4f 1910:        Pop64_push6 1911:        PUSH64        1 1912:        Pop64_pop64_Add_push64 1913:        Pop64_push6 1914:        PUSH64       4f 1915:        Pop64_push6 1916:        Pop64_push6 1917:        PUSH64        0 1918:        Pop64_pop64_Setbe_push6 1919:        PUSH64       40 1920:        Pop64_pop6 1921:        PUSH64        2 1922:        PUSH64       51 1923:        Pop64_pop6 1924:        PUSH64       4f 1925:        Pop64_push6 1926:        PUSH64       51 1927:        Pop64_push6 1928:        Pop64_pop64_Add_push64 1929:        Pop64_push6 1930:        PUSH64       4f 1931:        Pop64_push6 1932:        PUSH64       51 1933:        Pop64_push6 1934:        Pop64_pop64_Add_push64 1935:        PUSH64        1 1936:        PUSH64 ffffffff 1937:        Pop64_pop64_Mul_push64 1938:        Pop64_pop64_Add_push64 1939:        Pop64_pop6 1940:        PUSH64       51 1941:        Pop64_push6 1942:        PUSH64        1 1943:        Pop64_pop64_Add_push64 1944:        PUSH64       51 1945:        Pop64_pop6 1946:        PUSH64       51 1947:        Pop64_push6 1948:        PUSH64       4f 1949:        Pop64_push6 1950:        Pop64_push6 1951:        Pop64_pop64_Setbe_push6 1952:        Goto     1924            //@@@@@@@@@@@@@@@@@@@@@ 1953:        PUSH64       4f 1954:        Pop64_push6 1955:        Pop64_push6 1956:        PUSH64        1 1957:        PUSH64 ffffffff 1958:        Pop64_pop64_Mul_push64 1959:        Pop64_pop64_Add_push64 1960:        PUSH64       4f 1961:        Pop64_push6 1962:        Pop64_pop6 1963:        PUSH64       9d 1964:        PUSH64       4f 1965:        Pop64_pop6 1966:        PUSH64       4f 1967:        Pop64_push6 1968:        Pop64_push6 1969:        PUSH64        1 1970:        Pop64_pop64_Add_push64 1971:        PUSH64       4f 1972:        Pop64_push6 1973:        Pop64_pop6 1974:        PUSH64       4f 1975:        Pop64_push6 1976:        PUSH64       4f 1977:        Pop64_push6 1978:        Pop64_push6 1979:        Pop64_pop64_Add_push64 1980:        Pop64_pop6 1981:        PUSH64       5d 1982:        PUSH64       4f 1983:        Pop64_pop6 1984:        PUSH64       4f 1985:        Pop64_push6 1986:        PUSH64        1 1987:        Pop64_pop64_Add_push64 1988:        Pop64_push6 1989:        PUSH64       4f 1990:        Pop64_push6 1991:        Pop64_push6 1992:        PUSH64        0 1993:        Pop64_pop64_Setbe_push6 1994:        PUSH64       40 1995:        Pop64_pop6 1996:        PUSH64        2 1997:        PUSH64       51 1998:        Pop64_pop6 1999:        PUSH64       4f 2000:        Pop64_push6 2001:        PUSH64       51 2002:        Pop64_push6 2003:        Pop64_pop64_Add_push64 2004:        Pop64_push6 2005:        PUSH64       4f 2006:        Pop64_push6 2007:        PUSH64       51 2008:        Pop64_push6 2009:        Pop64_pop64_Add_push64 2010:        PUSH64        1 2011:        PUSH64 ffffffff 2012:        Pop64_pop64_Mul_push64 2013:        Pop64_pop64_Add_push64 2014:        Pop64_pop6 2015:        PUSH64       51 2016:        Pop64_push6 2017:        PUSH64        1 2018:        Pop64_pop64_Add_push64 2019:        PUSH64       51 2020:        Pop64_pop6 2021:        PUSH64       51 2022:        Pop64_push6 2023:        PUSH64       4f 2024:        Pop64_push6 2025:        Pop64_push6 2026:        Pop64_pop64_Setbe_push6 2027:        Goto     1999               //@@@@@@@@@@@@@@@@@@ 2028:        PUSH64       4f 2029:        Pop64_push6 2030:        Pop64_push6 2031:        PUSH64        1 2032:        PUSH64 ffffffff 2033:        Pop64_pop64_Mul_push64 2034:        Pop64_pop64_Add_push64 2035:        PUSH64       4f 2036:        Pop64_push6 2037:        Pop64_pop6 2038:        PUSH64       9d 2039:        PUSH64       4f 2040:        Pop64_pop6 2041:        PUSH64       4f 2042:        Pop64_push6 2043:        Pop64_push6 2044:        PUSH64        1 2045:        Pop64_pop64_Add_push64 2046:        PUSH64       4f 2047:        Pop64_push6 2048:        Pop64_pop6 2049:        PUSH64       4f 2050:        Pop64_push6 2051:        PUSH64       4f 2052:        Pop64_push6 2053:        Pop64_push6 2054:        Pop64_pop64_Add_push64 2055:        Pop64_pop6 2056:        PUSH64       5d 2057:        PUSH64       4f 2058:        Pop64_pop6 2059:        PUSH64       4f 2060:        Pop64_push6 2061:        PUSH64        1 2062:        Pop64_pop64_Add_push64 2063:        Pop64_push6 2064:        PUSH64       4f 2065:        Pop64_push6 2066:        Pop64_push6 2067:        PUSH64        0 2068:        Pop64_pop64_Setbe_push6 2069:        PUSH64       40 2070:        Pop64_pop6 2071:        PUSH64        2 2072:        PUSH64       51 2073:        Pop64_pop6 2074:        PUSH64       4f 2075:        Pop64_push6 2076:        PUSH64       51 2077:        Pop64_push6 2078:        Pop64_pop64_Add_push64 2079:        Pop64_push6 2080:        PUSH64       4f 2081:        Pop64_push6 2082:        PUSH64       51 2083:        Pop64_push6 2084:        Pop64_pop64_Add_push64 2085:        PUSH64        1 2086:        PUSH64 ffffffff 2087:        Pop64_pop64_Mul_push64 2088:        Pop64_pop64_Add_push64 2089:        Pop64_pop6 2090:        PUSH64       51 2091:        Pop64_push6 2092:        PUSH64        1 2093:        Pop64_pop64_Add_push64 2094:        PUSH64       51 2095:        Pop64_pop6 2096:        PUSH64       51 2097:        Pop64_push6 2098:        PUSH64       4f 2099:        Pop64_push6 2100:        Pop64_push6 2101:        Pop64_pop64_Setbe_push6 2102:        Goto     2074               //@@@@@@@@@@@@@@@@@@@@@@ %%%%%%%%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+09D*8 00127978  0A 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00  ........8....... 00127988  50 00 00 00 00 00 00 00 53 00 00 00 00 00 00 00  P.......S....... 00127998  52 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00  R.......P....... 001279A8  56 00 00 00 00 00 00 00 53 00 00 00 00 00 00 00  V.......S....... 001279B8  46 00 00 00 00 00 00 00 57 00 00 00 00 00 00 00  F.......W....... 001279C8  36 00 00 00 00 00 00 00                          6....... TE25-PKNB-NP8P-SRPV-SFW6 最后10个字符 %%%%%%%%%%%%%%%%%%%%%%%%%%% 2103:        PUSH64       4f 2104:        Pop64_push6 2105:        Pop64_push6 2106:        PUSH64        1 2107:        PUSH64 ffffffff 2108:        Pop64_pop64_Mul_push64 2109:        Pop64_pop64_Add_push64 2110:        PUSH64       4f 2111:        Pop64_push6 2112:        Pop64_pop6 2113:        PUSH64       9d 2114:        PUSH64       4f 2115:        Pop64_pop6 2116:        PUSH64       4f 2117:        Pop64_push6 2118:        Pop64_push6 2119:        PUSH64        1 2120:        Pop64_pop64_Add_push64 2121:        PUSH64       4f 2122:        Pop64_push6 2123:        Pop64_pop6 2124:        PUSH64       4f 2125:        Pop64_push6 2126:        PUSH64       4f 2127:        Pop64_push6 2128:        Pop64_push6 2129:        Pop64_pop64_Add_push64 2130:        Pop64_pop6 2131:        PUSH64       5d 2132:        Pop64_push6 2133:        PUSH64       40 2134:        Pop64_pop6 2135:        PUSH64        0 2136:        PUSH64       5b 2137:        Pop64_pop6 2138:        PUSH64        0 2139:        PUSH64       5a 2140:        Pop64_pop6 2141:        PUSH64        1 2142:        PUSH64       51 2143:        Pop64_pop6 2144:        PUSH64        1 2145:        PUSH64       59 2146:        Pop64_pop6 2147:        PUSH64 ffffffff              //@@@@@@@Loop begin 1 2148:        PUSH64       5c 2149:        Pop64_pop6 2150:        PUSH64        0 2151:        PUSH64       52 2152:        Pop64_pop6 2153:        PUSH64       52              //@@@@@@@Loop begin 2 2154:        Pop64_push6 2155:        PUSH64       5a 2156:        Pop64_push6 2157:        Pop64_pop64_Add_push64 2158:        PUSH64       51 2159:        Pop64_push6 2160:        PUSH64        7 2161:        Pop64_pop64_Mul_push64 2162:        Pop64_pop64_Add_push64 2163:        PUSH64_2 2164:        PUSH64       22 2165:        Pop64_pop64_Div_push64 2166:        PUSH64       22                 2167:        Pop64_pop64_Mul_push64 2168:        PUSH64 ffffffff 2169:        Pop64_pop64_Mul_push64 2170:        Pop64_pop64_Add_push64       //得到余数 2171:        PUSH64        1 2172:        Pop64_pop64_Add_push64 2173:        PUSH64      11d 2174:        Pop64_pop64_Add_push64 2175:        Pop64_push6                  //查表 2176:        PUSH64       9d 2177:        PUSH64       51 2178:        Pop64_push6 2179:        Pop64_pop64_Add_push64 2180:        Pop64_push6 2181:        Pop64_pop64_Sete_push6 2182:        PUSH64        0 2183:        Pop64_pop64_Sete_push6 2184:        Goto     2193             // 2185:        PUSH64       52 2186:        Pop64_push6 2187:        PUSH64       5c 2188:        Pop64_pop6 2189:        PUSH64        0 2190:        PUSH64        0 2191:        Pop64_pop64_Sete_push6 2192:        Goto     2204            //跳出循环        2193:        PUSH64       52 2194:        Pop64_push6 2195:        PUSH64        1 2196:        Pop64_pop64_Add_push64 2197:        PUSH64       52 2198:        Pop64_pop6 2199:        PUSH64       52 2200:        Pop64_push6 2201:        PUSH64       22 2202:        Pop64_pop64_Setb_push6 2203:        Goto     2153            //@@@@@@Loop end 2 2204:        PUSH64       5c 2205:        Pop64_push6 2206:        PUSH64        0 2207:        Pop64_pop64_Setb_push6 2208:        PUSH64       40 2209:        Pop64_pop6 2210:        PUSH64       5b 2211:        Pop64_push6 2212:        PUSH64       5c 2213:        Pop64_push6 2214:        PUSH64       59 2215:        Pop64_push6 2216:        Pop64_pop64_Mul_push64 2217:        Pop64_pop64_Add_push64 2218:        PUSH64       5b 2219:        Pop64_pop6 2220:        PUSH64       5a 2221:        Pop64_push6 2222:        PUSH64        3 2223:        Pop64_pop64_Mul_push64 2224:        PUSH64       5c 2225:        Pop64_push6 2226:        Pop64_pop64_Add_push64 2227:        PUSH64_2 2228:        PUSH64       64 2229:        Pop64_pop64_Div_push64 2230:        PUSH64       64 2231:        Pop64_pop64_Mul_push64 2232:        PUSH64 ffffffff 2233:        Pop64_pop64_Mul_push64 2234:        Pop64_pop64_Add_push64 2235:        PUSH64       5a 2236:        Pop64_pop6 2237:        PUSH64       59 2238:        Pop64_push6 2239:        PUSH64       22 2240:        Pop64_pop64_Mul_push64 2241:        PUSH64       59 2242:        Pop64_pop6 2243:        PUSH64       51 2244:        Pop64_push6 2245:        PUSH64        1 2246:        Pop64_pop64_Add_push64 2247:        PUSH64       51 2248:        Pop64_pop6 2249:        PUSH64       51 2250:        Pop64_push6 2251:        PUSH64       9d 2252:        Pop64_push6 2253:        Pop64_pop64_Setbe_push6 2254:        Goto     2147              //@@@@@@Loop end 1 //结果：--------------------------------------------------------------------- %%%%%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+050*8 00127710  1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00  ...... ....... 00127720  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 00127730  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 00127740  00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00  .T&.......... 00127750  17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00  ........f. 00127760  33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00  3.......`V??.. 00127770  00 00 00 00 00 00 00 00                          ........                    %%%%%%%%%%%%%%%%%%%%%%%% 2255:        PUSH64       5b 2256:        Pop64_push6         //取5b指向的000017BB:3FBC5660 2257:        PUSH64_2 2258:        PUSH64_2 2259:        PUSH64       31 2260:        Pop64_pop64_Div_push64   //000017BB:3FBC5660 /31=7B:FC138460 2261:        PUSH64       31 2262:        Pop64_pop64_Mul_push64 2263:        PUSH64 ffffffff 2264:        Pop64_pop64_Mul_push64 2265:        Pop64_pop64_Add_push64  //17BB3FBC5660-31*7BFC138460=0 2266:        PUSH64       46 2267:        Pop64_pop6              //0保存到46处 2268:        PUSH64       31 2269:        Pop64_pop64_Div_push64  //000017BB:3FBC5660 /31=7B:FC138460 2270:        PUSH64_2 2271:        PUSH64_2 2272:        PUSH64 98009680 2273:        Pop64_pop64_Div_push64 //7BFC138460 /00989680=D003 2274:        PUSH64 98009680 2275:        Pop64_pop64_Mul_push64 2276:        PUSH64 ffffffff 2277:        Pop64_pop64_Mul_push64 2278:        Pop64_pop64_Add_push64 //7BFC138460-989680*D003=1C0E0 2279:        PUSH64       4c 2280:        Pop64_pop6             //保存1C0E0到4C处 2281:        PUSH64 98009680 2282:        Pop64_pop64_Div_push64 //7BFC138460 /00989680=D003 2283:        PUSH64       4d 2284:        Pop64_pop6             //保存到4D处 2285:        PUSH64       4a 2286:        Pop64_push6            //取出4A处的02 2287:        PUSH64       4d 2288:        Pop64_push6            //取出4D处的D003 2289:        PUSH64       3f 2290:        Pop64_pop64_And_push6  //D003 and 3F=03 2291:        Pop64_pop64_Xor_push6  //2 Xor 3=1 2292:        PUSH64       4a 2293:        Pop64_pop6             //保存到4A处 2294:        PUSH64        0 2295:        PUSH64        1 2296:        PUSH64 ffffffff 2297:        Pop64_pop64_Mul_push64 2298:        Pop64_pop64_Add_push64 2299:        PUSH64       4e 2300:        Pop64_pop6           //保存-1到4E处 2301:        PUSH64       4e 2302:        PUSH64       45 2303:        Pop64_push6          //取出0 2304:        PUSH64       10                      -------- 2305:        PUSH64       53 2306:        Pop64_pop6           //保存10到53 2307:        PUSH64       54 2308:        Pop64_pop6           //保存0到54 2309:        PUSH64       4f 2310:        Pop64_pop6           //保存4E到4F 2311:        PUSH64       4f                        //@@@@@@@ 2312:        Pop64_push6             //4F->4E 2313:        Pop64_push6             //4E->-1 2314:        PUSH64     8000 2315:        Pop64_pop64_And_push6   //FFFFFFFF And 8000=8000 2316:        PUSH64        0 2317:        Pop64_pop64_Sete_push6  //al=0 2318:        PUSH64        0 2319:        Pop64_pop64_Sete_push6  //al=1 2320:        PUSH64       55 2321:        Pop64_pop6              //保存1到55处 2322:        PUSH64       4f 2323:        Pop64_push6            //4F->4E  2324:        Pop64_push6            //4E->-1 2325:        PUSH64        1 2326:        Pop64_pop64_Shl_push6  //FFFFFFFF <<1= FFFFFFFE 2327:        PUSH64     ffff 2328:        Pop64_pop64_And_push6  //FFFE 2329:        PUSH64       4f 2330:        Pop64_push6            //4F->4E  2331:        Pop64_pop6             //保存FFFE到4E处 2332:        PUSH64       55 2333:        Pop64_push6            //取出55处的1 2334:        PUSH64        0 2335:        Pop64_pop64_Sete_push6  //al=0 2336:        PUSH64       54 2337:        Pop64_push6            //取出54处的0 2338:        PUSH64        1           2339:        PUSH64       53 2340:        Pop64_push6          //取53处的10 2341:        PUSH64        1 2342:        PUSH64 ffffffff 2343:        Pop64_pop64_Mul_push64 2344:        Pop64_pop64_Add_push64  //10-1=0F 2345:        Pop64_pop64_Shl_push6   //1<<F=8000 2346:        Pop64_pop64_And_push6   //0 and 8000 =0 ，base[54] and 8000 2347:        PUSH64        0 2348:        Pop64_pop64_Sete_push6  //al=1 2349:        PUSH64        0 2350:        Pop64_pop64_Sete_push6  //al=0 2351:        Pop64_pop64_Xor_push6   //0 Xor 0=0,55处1反得0 2352:        PUSH64        0 2353:        Pop64_pop64_Sete_push6  //al=1 2354:        PUSH64        0 2355:        Pop64_pop64_Sete_push6  //al=0 2356:        Goto     2365           //al=0,no jump 2357:        PUSH64       4f 2358:        Pop64_push6             //4F->4E 2359:        Pop64_push6             //4E->FFFE 2360:        PUSH64     8005 2361:        Pop64_pop64_Xor_push6   //FFFE Xor 8005=7FFB 2362:        PUSH64       4f 2363:        Pop64_push6             //4F->4E 2364:        Pop64_pop6              //保存7FFB到4E 2365:        PUSH64       53 2366:        Pop64_push6             //取53处的10 2367:        PUSH64        1 2368:        PUSH64 ffffffff 2369:        Pop64_pop64_Mul_push64 2370:        Pop64_pop64_Add_push64 //10-1=0F 2371:        PUSH64       53 2372:        Pop64_pop6             //0F保存到53 2373:        PUSH64       53 2374:        Pop64_push6            //取出53处的0F 2375:        PUSH64        0 2376:        Pop64_pop64_Setbe_push6 //F>0,al=0 2377:        PUSH64        0 2378:        Pop64_pop64_Sete_push6  //al=1 2379:        Goto     2311             //@@@@@@@@@@@ %%%%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+4a*8 001276E0  01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  .............. 001276F0  E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00  嗬.....?..... 00127700  EC FF 00 00 00 00 00 00 4E 00 00 00 00 00 00 00  ?......N....... 00127710  1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00  ...... ....... 00127720  00 00 00 00 00 00 00 00 0E 00 00 00 00 00 00 00  ............... 00127730  00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ............... 00127740  00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00  .T&.......... 00127750  17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00  ........f. 00127760  33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00  3.......`V??.. 00127770  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ %%%%%%%%%%%%%%%%%%%%%% 2380:        PUSH64       4e 2381:        PUSH64       46               //参数 2382:        Pop64_push6 2383:        PUSH64        8               //参数  ------ 2384:        PUSH64       53 2385:        Pop64_pop6 2386:        PUSH64       54 2387:        Pop64_pop6 2388:        PUSH64       4f 2389:        Pop64_pop6 2390:        PUSH64       4f             // 2391:        Pop64_push6 2392:        Pop64_push6 2393:        PUSH64     8000 2394:        Pop64_pop64_And_push6 2395:        PUSH64        0 2396:        Pop64_pop64_Sete_push6 2397:        PUSH64        0 2398:        Pop64_pop64_Sete_push6 2399:        PUSH64       55 2400:        Pop64_pop6 2401:        PUSH64       4f 2402:        Pop64_push6 2403:        Pop64_push6 2404:        PUSH64        1 2405:        Pop64_pop64_Shl_push6 2406:        PUSH64     ffff 2407:        Pop64_pop64_And_push6 2408:        PUSH64       4f 2409:        Pop64_push6 2410:        Pop64_pop6 2411:        PUSH64       55 2412:        Pop64_push6 2413:        PUSH64        0 2414:        Pop64_pop64_Sete_push6 2415:        PUSH64       54 2416:        Pop64_push6 2417:        PUSH64        1 2418:        PUSH64       53 2419:        Pop64_push6 2420:        PUSH64        1 2421:        PUSH64 ffffffff 2422:        Pop64_pop64_Mul_push64 2423:        Pop64_pop64_Add_push64 2424:        Pop64_pop64_Shl_push6 2425:        Pop64_pop64_And_push6 2426:        PUSH64        0 2427:        Pop64_pop64_Sete_push6 2428:        PUSH64        0 2429:        Pop64_pop64_Sete_push6 2430:        Pop64_pop64_Xor_push6 2431:        PUSH64        0 2432:        Pop64_pop64_Sete_push6 2433:        PUSH64        0 2434:        Pop64_pop64_Sete_push6 2435:        Goto     2444  2436:        PUSH64       4f 2437:        Pop64_push6 2438:        Pop64_push6 2439:        PUSH64     8005 2440:        Pop64_pop64_Xor_push6 2441:        PUSH64       4f 2442:        Pop64_push6 2443:        Pop64_pop6 2444:        PUSH64       53 2445:        Pop64_push6 2446:        PUSH64        1 2447:        PUSH64 ffffffff 2448:        Pop64_pop64_Mul_push64 2449:        Pop64_pop64_Add_push64 2450:        PUSH64       53 2451:        Pop64_pop6 2452:        PUSH64       53 2453:        Pop64_push6 2454:        PUSH64        0 2455:        Pop64_pop64_Setbe_push6 2456:        PUSH64        0 2457:        Pop64_pop64_Sete_push6 2458:        Goto     2390            //@@@@@@@@@@@@@@@ %%%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+4a*8 001276E0  01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  .............. 001276F0  E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00  嗬.....?..... 00127700  03 8E 00 00 00 00 00 00 4E 00 00 00 00 00 00 00  ?.....N....... 00127710  1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00  ...... ....... 00127720  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 00127730  00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ............... 00127740  00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00  .T&.......... 00127750  17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00  ........f. 00127760  33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00  3.......`V??.. 00127770  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ %%%%%%%%%%%%%%%%%%%%% 2459:        PUSH64       4e 2460:        PUSH64       47 2461:        Pop64_push6 2462:        PUSH64        8 2463:        PUSH64       53 2464:        Pop64_pop6 2465:        PUSH64       54 2466:        Pop64_pop6 2467:        PUSH64       4f 2468:        Pop64_pop6 2469:        PUSH64       4f            // 2470:        Pop64_push6 2471:        Pop64_push6 2472:        PUSH64     8000 2473:        Pop64_pop64_And_push6 2474:        PUSH64        0 2475:        Pop64_pop64_Sete_push6 2476:        PUSH64        0 2477:        Pop64_pop64_Sete_push6 2478:        PUSH64       55 2479:        Pop64_pop6 2480:        PUSH64       4f 2481:        Pop64_push6 2482:        Pop64_push6 2483:        PUSH64        1 2484:        Pop64_pop64_Shl_push6 2485:        PUSH64     ffff 2486:        Pop64_pop64_And_push6 2487:        PUSH64       4f 2488:        Pop64_push6 2489:        Pop64_pop6 2490:        PUSH64       55 2491:        Pop64_push6 2492:        PUSH64        0 2493:        Pop64_pop64_Sete_push6 2494:        PUSH64       54 2495:        Pop64_push6 2496:        PUSH64        1 2497:        PUSH64       53 2498:        Pop64_push6 2499:        PUSH64        1 2500:        PUSH64 ffffffff 2501:        Pop64_pop64_Mul_push64 2502:        Pop64_pop64_Add_push64 2503:        Pop64_pop64_Shl_push6 2504:        Pop64_pop64_And_push6 2505:        PUSH64        0 2506:        Pop64_pop64_Sete_push6 2507:        PUSH64        0 2508:        Pop64_pop64_Sete_push6 2509:        Pop64_pop64_Xor_push6 2510:        PUSH64        0 2511:        Pop64_pop64_Sete_push6 2512:        PUSH64        0 2513:        Pop64_pop64_Sete_push6 2514:        Goto     2523  2515:        PUSH64       4f 2516:        Pop64_push6 2517:        Pop64_push6 2518:        PUSH64     8005 2519:        Pop64_pop64_Xor_push6 2520:        PUSH64       4f 2521:        Pop64_push6 2522:        Pop64_pop6 2523:        PUSH64       53 2524:        Pop64_push6 2525:        PUSH64        1 2526:        PUSH64 ffffffff 2527:        Pop64_pop64_Mul_push64 2528:        Pop64_pop64_Add_push64 2529:        PUSH64       53 2530:        Pop64_pop6 2531:        PUSH64       53 2532:        Pop64_push6 2533:        PUSH64        0 2534:        Pop64_pop64_Setbe_push6 2535:        PUSH64        0 2536:        Pop64_pop64_Sete_push6 2537:        Goto     2469              //@@@@@@@@@@@@@@ %%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+4a*8 001276E0  01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  .............. 001276F0  E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00  嗬.....?..... 00127700  DF 81 00 00 00 00 00 00 4E 00 00 00 00 00 00 00  ......N....... 00127710  1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00  ...... ....... 00127720  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 00127730  54 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  T.............. 00127740  00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00  .T&.......... 00127750  17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00  ........f. 00127760  33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00  3.......`V??.. 00127770  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ %%%%%%%%%%%%%%%%%%%% 2538:        PUSH64       4e 2539:        PUSH64       48 2540:        Pop64_push6 2541:        PUSH64        8 2542:        PUSH64       53 2543:        Pop64_pop6 2544:        PUSH64       54 2545:        Pop64_pop6 2546:        PUSH64       4f 2547:        Pop64_pop6 2548:        PUSH64       4f               // 2549:        Pop64_push6 2550:        Pop64_push6 2551:        PUSH64     8000 2552:        Pop64_pop64_And_push6 2553:        PUSH64        0 2554:        Pop64_pop64_Sete_push6 2555:        PUSH64        0 2556:        Pop64_pop64_Sete_push6 2557:        PUSH64       55 2558:        Pop64_pop6 2559:        PUSH64       4f 2560:        Pop64_push6 2561:        Pop64_push6 2562:        PUSH64        1 2563:        Pop64_pop64_Shl_push6 2564:        PUSH64     ffff 2565:        Pop64_pop64_And_push6 2566:        PUSH64       4f 2567:        Pop64_push6 2568:        Pop64_pop6 2569:        PUSH64       55 2570:        Pop64_push6 2571:        PUSH64        0 2572:        Pop64_pop64_Sete_push6 2573:        PUSH64       54 2574:        Pop64_push6 2575:        PUSH64        1 2576:        PUSH64       53 2577:        Pop64_push6 2578:        PUSH64        1 2579:        PUSH64 ffffffff 2580:        Pop64_pop64_Mul_push64 2581:        Pop64_pop64_Add_push64 2582:        Pop64_pop64_Shl_push6 2583:        Pop64_pop64_And_push6 2584:        PUSH64        0 2585:        Pop64_pop64_Sete_push6 2586:        PUSH64        0 2587:        Pop64_pop64_Sete_push6 2588:        Pop64_pop64_Xor_push6 2589:        PUSH64        0 2590:        Pop64_pop64_Sete_push6 2591:        PUSH64        0 2592:        Pop64_pop64_Sete_push6 2593:        Goto     2602  2594:        PUSH64       4f 2595:        Pop64_push6 2596:        Pop64_push6 2597:        PUSH64     8005 2598:        Pop64_pop64_Xor_push6 2599:        PUSH64       4f 2600:        Pop64_push6 2601:        Pop64_pop6 2602:        PUSH64       53 2603:        Pop64_push6 2604:        PUSH64        1 2605:        PUSH64 ffffffff 2606:        Pop64_pop64_Mul_push64 2607:        Pop64_pop64_Add_push64 2608:        PUSH64       53 2609:        Pop64_pop6 2610:        PUSH64       53 2611:        Pop64_push6 2612:        PUSH64        0 2613:        Pop64_pop64_Setbe_push6 2614:        PUSH64        0 2615:        Pop64_pop64_Sete_push6 2616:        Goto     2548            //@@@@@@@@@@@@@@@@@@@ %%%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+4a*8 001276E0  01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  .............. 001276F0  E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00  嗬.....?..... 00127700  9B 5D 00 00 00 00 00 00 4E 00 00 00 00 00 00 00  ......N....... 00127710  1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00  ...... ....... 00127720  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 00127730  45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  E............... 00127740  00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00  .T&.......... 00127750  17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00  ........f. 00127760  33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00  3.......`V??.. 00127770  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ %%%%%%%%%%%%%%%%%%%%% 2617:        PUSH64       4e 2618:        PUSH64       49 2619:        Pop64_push6 2620:        PUSH64        8 2621:        PUSH64       53 2622:        Pop64_pop6 2623:        PUSH64       54 2624:        Pop64_pop6 2625:        PUSH64       4f 2626:        Pop64_pop6 2627:        PUSH64       4f               // 2628:        Pop64_push6 2629:        Pop64_push6 2630:        PUSH64     8000 2631:        Pop64_pop64_And_push6 2632:        PUSH64        0 2633:        Pop64_pop64_Sete_push6 2634:        PUSH64        0 2635:        Pop64_pop64_Sete_push6 2636:        PUSH64       55 2637:        Pop64_pop6 2638:        PUSH64       4f 2639:        Pop64_push6 2640:        Pop64_push6 2641:        PUSH64        1 2642:        Pop64_pop64_Shl_push6 2643:        PUSH64     ffff 2644:        Pop64_pop64_And_push6 2645:        PUSH64       4f 2646:        Pop64_push6 2647:        Pop64_pop6 2648:        PUSH64       55 2649:        Pop64_push6 2650:        PUSH64        0 2651:        Pop64_pop64_Sete_push6 2652:        PUSH64       54 2653:        Pop64_push6 2654:        PUSH64        1 2655:        PUSH64       53 2656:        Pop64_push6 2657:        PUSH64        1 2658:        PUSH64 ffffffff 2659:        Pop64_pop64_Mul_push64 2660:        Pop64_pop64_Add_push64 2661:        Pop64_pop64_Shl_push6 2662:        Pop64_pop64_And_push6 2663:        PUSH64        0 2664:        Pop64_pop64_Sete_push6 2665:        PUSH64        0 2666:        Pop64_pop64_Sete_push6 2667:        Pop64_pop64_Xor_push6 2668:        PUSH64        0 2669:        Pop64_pop64_Sete_push6 2670:        PUSH64        0 2671:        Pop64_pop64_Sete_push6 2672:        Goto     2681  2673:        PUSH64       4f 2674:        Pop64_push6 2675:        Pop64_push6 2676:        PUSH64     8005 2677:        Pop64_pop64_Xor_push6 2678:        PUSH64       4f 2679:        Pop64_push6 2680:        Pop64_pop6 2681:        PUSH64       53 2682:        Pop64_push6 2683:        PUSH64        1 2684:        PUSH64 ffffffff 2685:        Pop64_pop64_Mul_push64 2686:        Pop64_pop64_Add_push64 2687:        PUSH64       53 2688:        Pop64_pop6 2689:        PUSH64       53 2690:        Pop64_push6 2691:        PUSH64        0 2692:        Pop64_pop64_Setbe_push6 2693:        PUSH64        0 2694:        Pop64_pop64_Sete_push6 2695:        Goto     2627            //@@@@@@@@@@@@@@@@@ %%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+4a*8 001276E0  01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  .............. 001276F0  E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00  嗬.....?..... 00127700  98 9A 00 00 00 00 00 00 4E 00 00 00 00 00 00 00  ......N....... 00127710  1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00  ...... ....... 00127720  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 00127730  19 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  .............. 00127740  00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00  .T&.......... 00127750  17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00  ........f. 00127760  33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00  3.......`V??.. 00127770  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ %%%%%%%%%%%%%%%% 2696:        PUSH64       4e 2697:        PUSH64       4a 2698:        Pop64_push6 2699:        PUSH64        8 2700:        PUSH64       53 2701:        Pop64_pop6 2702:        PUSH64       54 2703:        Pop64_pop6 2704:        PUSH64       4f 2705:        Pop64_pop6 2706:        PUSH64       4f                 // 2707:        Pop64_push6 2708:        Pop64_push6 2709:        PUSH64     8000 2710:        Pop64_pop64_And_push6 2711:        PUSH64        0 2712:        Pop64_pop64_Sete_push6 2713:        PUSH64        0 2714:        Pop64_pop64_Sete_push6 2715:        PUSH64       55 2716:        Pop64_pop6 2717:        PUSH64       4f 2718:        Pop64_push6 2719:        Pop64_push6 2720:        PUSH64        1 2721:        Pop64_pop64_Shl_push6 2722:        PUSH64     ffff 2723:        Pop64_pop64_And_push6 2724:        PUSH64       4f 2725:        Pop64_push6 2726:        Pop64_pop6 2727:        PUSH64       55 2728:        Pop64_push6 2729:        PUSH64        0 2730:        Pop64_pop64_Sete_push6 2731:        PUSH64       54 2732:        Pop64_push6 2733:        PUSH64        1 2734:        PUSH64       53 2735:        Pop64_push6 2736:        PUSH64        1 2737:        PUSH64 ffffffff 2738:        Pop64_pop64_Mul_push64 2739:        Pop64_pop64_Add_push64 2740:        Pop64_pop64_Shl_push6 2741:        Pop64_pop64_And_push6 2742:        PUSH64        0 2743:        Pop64_pop64_Sete_push6 2744:        PUSH64        0 2745:        Pop64_pop64_Sete_push6 2746:        Pop64_pop64_Xor_push6 2747:        PUSH64        0 2748:        Pop64_pop64_Sete_push6 2749:        PUSH64        0 2750:        Pop64_pop64_Sete_push6 2751:        Goto     2760  2752:        PUSH64       4f 2753:        Pop64_push6 2754:        Pop64_push6 2755:        PUSH64     8005 2756:        Pop64_pop64_Xor_push6 2757:        PUSH64       4f 2758:        Pop64_push6 2759:        Pop64_pop6 2760:        PUSH64       53 2761:        Pop64_push6 2762:        PUSH64        1 2763:        PUSH64 ffffffff 2764:        Pop64_pop64_Mul_push64 2765:        Pop64_pop64_Add_push64 2766:        PUSH64       53 2767:        Pop64_pop6 2768:        PUSH64       53 2769:        Pop64_push6 2770:        PUSH64        0 2771:        Pop64_pop64_Setbe_push6 2772:        PUSH64        0 2773:        Pop64_pop64_Sete_push6 2774:        Goto     2706             //@@@@@@@@@@@@ %%%%%%%%%%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+4a*8 001276E0  01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  .............. 001276F0  E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00  嗬.....?..... 00127700  59 1B 00 00 00 00 00 00 4E 00 00 00 00 00 00 00  Y......N....... 00127710  1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00  ...... ....... 00127720  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 00127730  01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ............... 00127740  00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00  .T&.......... 00127750  17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00  ........f. 00127760  33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00  3.......`V??.. 00127770  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ %%%%%%%%%%%%%%%%%%%%%%%%%% 2775:        PUSH64       4e 2776:        PUSH64       4b 2777:        Pop64_push6 2778:        PUSH64       10 2779:        PUSH64       53 2780:        Pop64_pop6 2781:        PUSH64       54 2782:        Pop64_pop6 2783:        PUSH64       4f 2784:        Pop64_pop6 2785:        PUSH64       4f            // 2786:        Pop64_push6 2787:        Pop64_push6 2788:        PUSH64     8000 2789:        Pop64_pop64_And_push6 2790:        PUSH64        0 2791:        Pop64_pop64_Sete_push6 2792:        PUSH64        0 2793:        Pop64_pop64_Sete_push6 2794:        PUSH64       55 2795:        Pop64_pop6 2796:        PUSH64       4f 2797:        Pop64_push6 2798:        Pop64_push6 2799:        PUSH64        1 2800:        Pop64_pop64_Shl_push6 2801:        PUSH64     ffff 2802:        Pop64_pop64_And_push6 2803:        PUSH64       4f 2804:        Pop64_push6 2805:        Pop64_pop6 2806:        PUSH64       55 2807:        Pop64_push6 2808:        PUSH64        0 2809:        Pop64_pop64_Sete_push6 2810:        PUSH64       54 2811:        Pop64_push6 2812:        PUSH64        1 2813:        PUSH64       53 2814:        Pop64_push6 2815:        PUSH64        1 2816:        PUSH64 ffffffff 2817:        Pop64_pop64_Mul_push64 2818:        Pop64_pop64_Add_push64 2819:        Pop64_pop64_Shl_push6 2820:        Pop64_pop64_And_push6 2821:        PUSH64        0 2822:        Pop64_pop64_Sete_push6 2823:        PUSH64        0 2824:        Pop64_pop64_Sete_push6 2825:        Pop64_pop64_Xor_push6 2826:        PUSH64        0 2827:        Pop64_pop64_Sete_push6 2828:        PUSH64        0 2829:        Pop64_pop64_Sete_push6 2830:        Goto     2839  2831:        PUSH64       4f 2832:        Pop64_push6 2833:        Pop64_push6 2834:        PUSH64     8005 2835:        Pop64_pop64_Xor_push6 2836:        PUSH64       4f 2837:        Pop64_push6 2838:        Pop64_pop6 2839:        PUSH64       53 2840:        Pop64_push6 2841:        PUSH64        1 2842:        PUSH64 ffffffff 2843:        Pop64_pop64_Mul_push64 2844:        Pop64_pop64_Add_push64 2845:        PUSH64       53 2846:        Pop64_pop6 2847:        PUSH64       53 2848:        Pop64_push6 2849:        PUSH64        0 2850:        Pop64_pop64_Setbe_push6 2851:        PUSH64        0 2852:        Pop64_pop64_Sete_push6 2853:        Goto     2785               //@@@@@@@@@@@@@@@@@@ %%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+4a*8 001276E0  01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  .............. 001276F0  E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00  嗬.....?..... 00127700  D3 DB 00 00 00 00 00 00 4E 00 00 00 00 00 00 00  盂......N....... 00127710  1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00  ...... ....... 00127720  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 00127730  01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ............... 00127740  00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00  .T&.......... 00127750  17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00  ........f. 00127760  33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00  3.......`V??.. 00127770  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ %%%%%%%%%%%%%%%%%% 2854:        PUSH64       4e 2855:        PUSH64       4c 2856:        Pop64_push6 2857:        PUSH64       20 2858:        PUSH64       53 2859:        Pop64_pop6 2860:        PUSH64       54 2861:        Pop64_pop6 2862:        PUSH64       4f 2863:        Pop64_pop6 2864:        PUSH64       4f             // 2865:        Pop64_push6 2866:        Pop64_push6 2867:        PUSH64     8000 2868:        Pop64_pop64_And_push6 2869:        PUSH64        0 2870:        Pop64_pop64_Sete_push6 2871:        PUSH64        0 2872:        Pop64_pop64_Sete_push6 2873:        PUSH64       55 2874:        Pop64_pop6 2875:        PUSH64       4f 2876:        Pop64_push6 2877:        Pop64_push6 2878:        PUSH64        1 2879:        Pop64_pop64_Shl_push6 2880:        PUSH64     ffff 2881:        Pop64_pop64_And_push6 2882:        PUSH64       4f 2883:        Pop64_push6 2884:        Pop64_pop6 2885:        PUSH64       55 2886:        Pop64_push6 2887:        PUSH64        0 2888:        Pop64_pop64_Sete_push6 2889:        PUSH64       54 2890:        Pop64_push6 2891:        PUSH64        1 2892:        PUSH64       53 2893:        Pop64_push6 2894:        PUSH64        1 2895:        PUSH64 ffffffff 2896:        Pop64_pop64_Mul_push64 2897:        Pop64_pop64_Add_push64 2898:        Pop64_pop64_Shl_push6 2899:        Pop64_pop64_And_push6 2900:        PUSH64        0 2901:        Pop64_pop64_Sete_push6 2902:        PUSH64        0 2903:        Pop64_pop64_Sete_push6 2904:        Pop64_pop64_Xor_push6 2905:        PUSH64        0 2906:        Pop64_pop64_Sete_push6 2907:        PUSH64        0 2908:        Pop64_pop64_Sete_push6 2909:        Goto     2918  2910:        PUSH64       4f 2911:        Pop64_push6 2912:        Pop64_push6 2913:        PUSH64     8005 2914:        Pop64_pop64_Xor_push6 2915:        PUSH64       4f 2916:        Pop64_push6 2917:        Pop64_pop6 2918:        PUSH64       53 2919:        Pop64_push6 2920:        PUSH64        1 2921:        PUSH64 ffffffff 2922:        Pop64_pop64_Mul_push64 2923:        Pop64_pop64_Add_push64 2924:        PUSH64       53 2925:        Pop64_pop6 2926:        PUSH64       53 2927:        Pop64_push6 2928:        PUSH64        0 2929:        Pop64_pop64_Setbe_push6 2930:        PUSH64        0 2931:        Pop64_pop64_Sete_push6 2932:        Goto     2864                //@@@@@@@@@@@@@@@@@@ %%%%%%%%%%%%%%%%%% d ebp+0FFFF7FE0+4a*8 001276E0  01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  .............. 001276F0  E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00  嗬.....?..... 00127700  03 D0 00 00 00 00 00 00 4E 00 00 00 00 00 00 00  ?.....N....... 00127710  1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00  ...... ....... 00127720  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 00127730  E0 C0 01 00 00 00 00 00 01 00 00 00 00 00 00 00  嗬............ 00127740  00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00  .T&.......... 00127750  17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00  ........f. 00127760  33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00  3.......`V??.. 00127770  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ %%%%%%%%%%%%%%%%%% 2933:        PUSH64       4e 2934:        Pop64_push6         // 2935:        PUSH64       4d 2936:        Pop64_push6 2937:        Pop64_pop64_Sete_push6  //D003=D003，al=1 2938:        PUSH64        0 2939:        Pop64_pop64_Sete_push6  //al=0 2940:        PUSH64       40 2941:        Pop64_pop6              //保存0到40处 2942:        PUSH64       45 2943:        Pop64_push6             //取45处的0 2944:        PUSH64       44 2945:        Pop64_push6             //取44处的12F5E7 d ebp+0FFFF7FE0+44*8 001276B0  E7 F5 12 00 00 00 00 00 00 00 00 00 00 00 00 00  珲............. 001276C0  00 00 00 00 00 00 00 00 54 00 00 00 00 00 00 00  ........T....... 001276D0  45 00 00 00 00 00 00 00 19 00 00 00 00 00 00 00  E.............. 001276E0  01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  .............. 001276F0  E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00  嗬.....?.....           4C，到这里结束 00127700  03 D0 00 00 00 00 00 00 4E 00 00 00 00 00 00 00  ?.....N....... 00127710  1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00  ...... ....... 00127720  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 00127730  E0 C0 01 00 00 00 00 00 01 00 00 00 00 00 00 00  嗬............ 最终结果 0012F5E7  00 00 00 54 45 19 01 01 00 E0 C0 01 00           ...TE.嗬. 2946:        PUSH64        0 2947:        Pop64_pop64_Add_push64         //0012F5E7+0=0012F5E7，这是结果的地址 2948:        Pop64_push64_Word              //*****word1,开始保存结果 ，0 2949:        PUSH64       46 2950:        Pop64_push6                    //取46处的0 2951:        PUSH64       44 2952:        Pop64_push6                     //取44处的12F5E7      2953:        PUSH64        2 2954:        Pop64_pop64_Add_push64         //地址加2 2955:        Pop64_push64_Byte             //*****byte1，0 2956:        PUSH64       47 2957:        Pop64_push6                   //取47处的 2958:        PUSH64       44 2959:        Pop64_push6 2960:        PUSH64        3 2961:        Pop64_pop64_Add_push64 2962:        Pop64_push64_Byte             //*****byte2 2963:        PUSH64       48 2964:        Pop64_push6 2965:        PUSH64       44 2966:        Pop64_push6 2967:        PUSH64        4 2968:        Pop64_pop64_Add_push64 2969:        Pop64_push64_Byte            //*****byte3 2970:        PUSH64       49 2971:        Pop64_push6 2972:        PUSH64       44 2973:        Pop64_push6 2974:        PUSH64        5 2975:        Pop64_pop64_Add_push64 2976:        Pop64_push64_Byte           //*****byte4 2977:        PUSH64       4a 2978:        Pop64_push6 2979:        PUSH64       44 2980:        Pop64_push6 2981:        PUSH64        6 2982:        Pop64_pop64_Add_push64 2983:        Pop64_push64_Byte          //******byte5 2984:        PUSH64       4b 2985:        Pop64_push6 2986:        PUSH64       44 2987:        Pop64_push6 2988:        PUSH64        7 2989:        Pop64_pop64_Add_push64 2990:        Pop64_push64_Word         //********word2 2991:        PUSH64       4c 2992:        Pop64_push6 2993:        PUSH64       44 2994:        Pop64_push6 2995:        PUSH64        9 2996:        Pop64_pop64_Add_push64 2997:        Pop64_push64_DWord       //*****DWord 2998:        VMend```

5.注册机

```typedef struct result {         unsigned short Time; //45         //30959(1990.1),Not equal with 30E0B,         //00030959=199001         //0030E0B=200203,等于200203时要检验黑名单         char  a ;           //46         // ;<=0，设为0         char  t  ;            //47         //54'T'         char  e  ;            //48         //45'E'         char  v  ;            //49         //19＝25，版本号为2.5，         char  flag ;          //4A         //1,为1表示true         unsigned short   c;   //4B         //01,01F4,2,63,3E8,7CF         //；为1时，直接去比较时间是否为200203         //；2《＝x《＝63   good boy         //；63《x《1F4 bad boy         //；1F4《＝x《＝3E7 good boy         //；3E8《＝x《＝7CF good boy         //；》7CF bad boy         //；为其他值时，时间必须不等于200203                  int  remainder ;           //4C         //0001C0E0 ,必须不在黑名单内 } RESULT;```

```                        init_tab('T','E',(char)0x19);                         base5B=calc_result( serial);                         r.Time= (unsigned short)(base5B % 0x258);//0x258=600                         sang= (unsigned short)(base5B / 0x258);                         r.flag= (char)(sang / 0x7D0);//0x7D0=2000                         r.c=sang % 0x7D0;                                                  base5B=calc_result( serial2);                         a=base5B / 0x31;                         r.a=(char)(base5B % 0x31);//0                         base4D=(unsigned long)(a /0x00989680);//CheckSum                         r.remainder=(int)(a % 0x00989680);                         r.flag=(char)(r.flag ^ (base4D & 0x3F));                                                  if (CheckSum(r)==base4D)                         {                                 MessageBox(hDlg,"CheckSum OK.","CheckSum",0);                         }```

```void keygen(void) {         RESULT r;         unsigned long iCheckSum;         UINT64 temp,base5B;         int flag;                  char *p=serials;         BOOL bOK;         r.Time=0;         r.a=0;         r.t='T';         r.e='E';         r.v=(char)0x19;//2.5         r.flag=1;         r.c=1;         do         {         r.remainder= (GetTickCount() * rand()) % 0x00989680;//生成随机数         //r.remainder=0x1C0E0;         iCheckSum=CheckSum(r);         temp=r.remainder+((INT64)(iCheckSum))*0x00989680;         base5B=temp*0x31;         //base5B=0x000017bb3fbc5660;                  //判断base5B的合法性         bOK=GetSerial(p,12,23,base5B);                  if(bOK)         {                          flag=(iCheckSum & 0x3F) ^ (r.flag);         temp=r.c+ flag * 0x7D0;         base5B=temp*0x258;         bOK= GetSerial(p,5,11,base5B);         }         }while(!bOK);         bOK=!bOK; }```

```//  TE25-PKNB-NP8P-SRPV-SFW6 //  00 00 00 54 45 19 01 01 00 E0 C0 01 00 //  [45]  46 47 48 49 4A [4B ]   [4C] //[43]：存放序列号地址PSerial //[44]：存放结果的地址，pResult，12F5E7 //[45]:base[45]=base[5B] mod 258 //[46]:  base[46]=base[5B] mod 31 //[4A]:base[4A]=sang / 7D0,base[4A]=base[4A] Xor (base[4D] and 3F)=1                 //sang=base[5B]/258 //[4B]:base[4B]=sang mod 7D0 //[4C]:        base[4C]=a mod 常数，7BFC138460-989680*D003=1C0E0，保存到4C,                        //a=base[5B]/31的商 //[4D]:CRCsum, base[4D]=a/常数，7BFC138460 /00989680=D003       ，保存到4D //*********Result由Base[5B]而来 //[4E]:CRCsum,初始化为-1 //[4F]:base[4F]=4E，指向4E //[50]:存放43，ppSerial //[51]:计数器i //[52]:计数器j //[53]:base[53]=10(8,20)，初始化 //[54]:base[54]=0(base[45])，数据，求CRC16 //[55]:base[55]存放[4E]的TopBit //[56]:base[56]=16A4(即T*E)*1A(19+1)=24CA8          切入点 //[57]:base[57]=(base[51] *(base[56] and 3)) xor 0x98B2   //0x98B2 is constant //[58]:保存余数 //[59]:base[59]=base[59] *22 //[5A]:base[5A]=(base[5A]*3 +base[5C]) mod 64 //[5B]:base[5B]=base[5C] * base[59] + base[5B]，************ //[5C]:base[5C]，比较的结果，0或1 //[5D]:保存长度 //5D-43+1=1B(27) //[5E]:无此变量 void init_tab(char t,char e,char v)               //t='T',e='E',v='\19'(2.5) {   char *str="ABCDEFGHIJKLMNOPQRSTUVWXYZ23456789";   char aa[35]={0};   char *str2=aa;//"ABCDEFGHIJKLMNOPQRSTUVWXYZ23456789";   //str2="NFOPRTSUIQWXYVZ2354678B9AEDGCHJKLM"   int base56,base57,base58;   int i,j;      base56=t*e*(v+1);      for (i=0;i<0x22;i++)   {           base57=(i *(base56 & 3)) ^ 0x98B2 ;  //0x98B2 is constant           base56=(base56 >>2) | ((base56 & 3) << 0x17);           for (j=0;j<0x22;j++)           {                   base58=(base57+j) % 0x22;  //base58可能会产生冲突                   if (*(str2+base58)==0)                   {                           *(str2+base58)=*(str+i);                           break;                   }                              }   }   printf("str2=%s\n",str2);    } UINT64 calc_result(const char serial[]) //serial[]={(char)0x6,'P','K','N','B','N','P'} //serial[] 06 50 4B 4E 42 4E 50             //P   K  N  B  N  P {         int base5C;         UINT64 base59=1,base5A=0,base5B=0;         int i,j;         int index;         char *str2="NFOPRTSUIQWXYVZ2354678B9AEDGCHJKLM";         //34中取6个数的排列P(34,6)=(34*33*32*31*30*29)=968330880                  for (i=1;i<=serial[0];i++)         {                 base5C=-1;                 for (j=0;j<0x22;j++)                 {                         index=(int)(((base5A + j)+i *7) % 0x22) ;                         //非顺序查找，base5C为查找成功所需要的次数                         if (*(str2+index) == serial[i])                         {                                 base5C=j;                                 }                                          }////base5C=1E(i=1),15(i=2)                 base5B=base5C * base59 + base5B;                 base5A=(base5A*3 +base5C) % 0x64;                 base59=base59 * 0x22; //22^5=2B54A20         }              //51-5C         //00127718  07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................         //00127728  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................         //00127738  00 00 00 00 00 00 00 00 00 54 26 01 00 00 00 00  .........T&.....         //00127748  F0 98 00 00 00 00 00 00 17 00 00 00 00 00 00 00  ..............         //00127758  40 D8 13 5C 00 00 00 00 5B 00 00 00 00 00 00 00  @?\....[.......         //00127768  58 A1 24 00 00 00 00 00 00 00 00 00 00 00 00 00  X?.............         index=0;         return base5B;                  } unsigned long CheckSum(RESULT r) {     unsigned long  remainder = 0xFFFF;         int            byte;         unsigned char  bit;         unsigned  char  message[13]={'\0','\0','\0','T', 'E', (char)0x19, '\01', '\01','\0',0xE0, 0xC0,0x01,'\0'};         unsigned const char *p =message;         int                 TopBit,flag;         int                 i,j;         int          Time=0;         char         c=0;         int          d=1;         int          e=r.remainder;//e=0x1C0E0;         for(i=16;i>0;i--)            {                             if( (remainder & 0x8000) )                           TopBit=1;            else                         TopBit=0;            if ((Time) & (1 << (i-1) ))                          flag=1;            else                          flag=0;                                                                         remainder=(remainder << 1 ) & 0xFFFF;                 if (! ((!TopBit) ^ flag))                         remainder=remainder ^ 0x8005;             //7FFB,FFF6,7FE9,FFD2,7FA1,FF42,7E81,FD02                 //7A01,F402,6801,D002,2001,4002,8004,800D         }         for (j=2;j<7;j++)         {                                  for(i=8;i>0;i--)                            {                                                             if( (remainder & 0x8000) )                                           TopBit=1;                            else                                         TopBit=0;                                                             if ((message[j]) & (1 << (i-1) ))                                      flag=1;                            else                                       flag=0;                                                                                    remainder=(remainder << 1 ) & 0xFFFF;                                 if (! ((!TopBit) ^ flag))                                    remainder=remainder ^ 0x8005;                                 //801F,803B,8073,80E3,81C3,8383,8703,8E03                                 //9C03,3806,700C,E018(^0x8005=0x601D),                                                             }     }         for(i=16;i>0;i--)            {                             if( (remainder & 0x8000) )                           TopBit=1;            else                         TopBit=0;            if ((d) & (1 << (i-1) ))                          flag=1;            else                          flag=0;                                                                         remainder=(remainder << 1 ) & 0xFFFF;                 if (! ((!TopBit) ^ flag))                         remainder=remainder ^ 0x8005;                         }         for(i=32;i>0;i--)            {                             if( (remainder & 0x8000) )                           TopBit=1;            else                         TopBit=0;            if ((e) & (1 << (i-1) ))                          flag=1;            else                          flag=0;                                                                         remainder=(remainder << 1 ) & 0xFFFF;                 if (! ((!TopBit) ^ flag))                         remainder=remainder ^ 0x8005;                         }      return remainder;    } BOOL GetSerial(char *pSerial,int iStart, int iEnd,UINT64 base5B) // {         const char * str2="NFOPRTSUIQWXYVZ2354678B9AEDGCHJKLM";         int i,j,k,index=-1;         UINT64 pow=1;//base59         UINT64 base5A=0;         int base5C[25]={-1};         int aa=0;         if (iEnd==23)                 aa=2;         if(iEnd==11)                 aa=1;         for (i=iEnd-aa;i>iStart;i--)         {                 pow*=0x22;         }                  //base5B        0x000017bb3fbc5660     //     a    0x0000007bfc138460     //      e,9,2,17,10,1b,1a,14,e,0                  //base5B=0x000017bb3fbc5660;         for (i=iEnd;i>=iStart;i--)         {                 if ((i+1)%5!=0)                 {                         base5C[i]=(int)(base5B / pow);                         if(base5C[i]>=0x22)                                 return false;                         base5B=base5B % pow;                         pow/=0x22;                 }                                  if ((i==iStart) && (base5B!=0))                 {                         return false;                 }                  }                  k=1;         for (i=iStart;i<=iEnd;i++)         {                                                           //解base5A=(base5A*3 +base5C) % 0x64;                 //注意左右两边的base5A不相等                 //base5A的初始值为0，                 //第二次：base5A=base5C % 0x64;                 //又0<=basc5C<0x22，故base5A=base5C                 //第三次:base5A=base5C                 //                 //                 //base5A: 0,                   //base5C:                                  if ((i+1)%5==0)                 {                         *(pSerial+i)='-';                         i++;                 }                  index=(int)(((base5A + base5C[i])+k *7) % 0x22) ;                 base5A=(base5A*3 +base5C[i]) % 0x64;                 *(pSerial+i)=*(str2+index);                 k++;                                  }                  return true; }```

idb文件：
TMPGEnc.IDB.BY.winndy.rar

TMPGEnc PLUS.Keygen.By.winndy.zip