超级电脑伴侣 V1.12
用户名:powerboy
机器码:1181312697122788555
注册码:2149539941815962387068573381168434743
软件的注册算法部分用到了一些不常用的运算指令(只是我见的比较少)用到了立方和进位循环的指令,算法
流程不是很麻烦!脱壳后可以用DEDE很容易找到算法的部分!
(最近正在从98平台转移到XP下进行破解发现DEDE和OLLYDBG真的很方便,以前在98下基本只用SICE,根本没有发现他们的长处.通过这段时间的使用深有体会阿~!在这里感谢写DEDE的xxxx和汉化OLLYDBGxxxxx兄弟的劳动!)
004D3E68 55
push ebp
004D3E69 8BEC
mov ebp, esp
004D3E6B 33C9
xor ecx, ecx
004D3E6D 51
push ecx
004D3E6E 51
push
ecx
004D3E6F 51
push ecx
004D3E70 51
push ecx
004D3E71
51 push
ecx
004D3E72 51
push ecx
004D3E73 51
push ecx
004D3E74 51
push ecx
004D3E75 53
push ebx
004D3E76
56 push
esi
004D3E77 8BD8
mov ebx, eax
004D3E79 33C0
xor eax, eax
004D3E7B 55
push ebp
004D3E7C 6825404D00
push $004D4025
***** TRY
|
004D3E81 64FF30 push
dword ptr fs:[eax]
004D3E84 648920
mov fs:[eax], esp
004D3E87
8D55FC lea
edx, [ebp-$04]
* Reference to control edRegCode : TEdit
|
004D3E8A 8B8320030000 mov
eax, [ebx+$0320]
|
004D3E90 E8DB4DF9FF
call 00468C70
004D3E95 8B45FC
mov eax, [ebp-$04]
004D3E98 50
push eax
004D3E99 8D55F4
lea edx, [ebp-$0C]
*
Reference to control edRegID : TEdit
|
004D3E9C 8B831C030000
mov eax, [ebx+$031C]
|
004D3EA2 E8C94DF9FF call
00468C70
004D3EA7 8B45F4
mov eax, [ebp-$0C]
004D3EAA 50
push eax
004D3EAB 8D55F0
lea edx, [ebp-$10]
* Reference to control edRegName : TEdit
|
004D3EAE 8B8318030000 mov
eax, [ebx+$0318]
|
004D3EB4 E8B74DF9FF
call 00468C70
004D3EB9 8B45F0
mov eax, [ebp-$10]
004D3EBC 8D4DF8
lea ecx, [ebp-$08]
004D3EBF 5A
pop edx
* Reference
to : TfrmReg._PROC_004D36C0()
|
004D3EC0 E8FBF7FFFF
call 004D36C0 //算法的部分
004D3EC5 8B55F8
mov edx, [ebp-$08]//正确的注册码
004D3EC8 58
pop eax
//错误的注册码
011CD3AC 32 31 34 39 35 33 39 39
21495399
011CD3B4 34 31 38 31 35 39 36 32 41815962
011CD3BC
33 38 37 30 36 38 35 37 38706857
011CD3C4 33 33 38 31 31 36 38
34 33811684
011CD3CC 33 34 37 34 33 00 D2 E9 34743.议7
|
004D3EC9 E8760EF3FF
call 00404D44 //比较
004D3ECE 0F85E1000000
jnz 004D3FB5
004D3ED4 B201
mov dl, $01 //注册标志
004D3ED6 A11CB24300
mov eax, dword ptr [$0043B21C]
|
004D3EDB E83C74F6FF
call 0043B31C
004D3EE0 8BF0
mov esi, eax
004D3EE2
BA02000080 mov edx, $80000002
004D3EE7 8BC6
mov eax, esi
|
004D3EE9 E8CE74F6FF
call 0043B3BC
004D3EEE
B101 mov
cl, $01
* Possible String Reference to: 'SOFTWARE\Super Computer Companion'//保存注册码
|
004D3EF0 BA3C404D00
mov edx, $004D403C
004D3EF5 8BC6
mov eax, esi
|
004D3EF7 E82875F6FF call
0043B424
004D3EFC 84C0
test al, al
004D3EFE 7441
jz 004D3F41
004D3F00 8D55EC
lea edx, [ebp-$14]
* Reference to control edRegName : TEdit
|
004D3F03 8B8318030000 mov
eax, [ebx+$0318]
|
004D3F09 E8624DF9FF
call 00468C70
004D3F0E 8B4DEC
mov ecx, [ebp-$14]
* Possible String Reference to: 'Register'
|
004D3F11
BA68404D00 mov edx, $004D4068
004D3F16 8BC6
mov eax, esi
|
004D3F18 E86B79F6FF
call 0043B888
004D3F1D
8D55E8 lea
edx, [ebp-$18]
* Reference to control edRegCode : TEdit
|
004D3F20 8B8320030000 mov
eax, [ebx+$0320]
|
004D3F26 E8454DF9FF
call 00468C70
004D3F2B 8B4DE8
mov ecx, [ebp-$18]
* Possible String Reference to: 'RegCode'
|
004D3F2E
BA7C404D00 mov edx, $004D407C
004D3F33 8BC6
mov eax, esi
|
004D3F35 E84E79F6FF
call 0043B888
004D3F3A
8BC6 mov
eax, esi
|
004D3F3C E84B74F6FF
call 0043B38C
004D3F41 8BC3
mov eax, ebx
* Reference to : TApplication._PROC_004856EC()
|
004D3F43
E8A417FBFF call 004856EC
004D3F48 A1FC3C5000 mov
eax, dword ptr [$00503CFC]
004D3F4D 8B00
mov eax, [eax]
004D3F4F
8B8084030000 mov eax, [eax+$0384]
004D3F55 33D2
xor edx, edx
|
004D3F57 E8E86EFAFF
call 0047AE44
004D3F5C
A1FC3C5000 mov eax, dword
ptr [$00503CFC]
004D3F61 8B00
mov eax, [eax]
004D3F63 C780A0060000FFFFFFFF
mov dword ptr [eax+$06A0], $FFFFFFFF
* Possible String
Reference to: '确定'
|
004D3F6D 688C404D00
push $004D408C
004D3F72 6A00
push $00
004D3F74
6A01 push
$01
004D3F76 6A00
push $00
004D3F78 6A00
push $00
004D3F7A
8D55E4 lea
edx, [ebp-$1C]
004D3F7D A1803E5000
mov eax, dword ptr [$00503E80]
004D3F82 8B00
mov eax,
[eax]
* Reference to : TApplication._PROC_004887A0()
|
004D3F84
E81748FBFF call 004887A0
004D3F89 8D45E4
lea eax, [ebp-$1C]
* Possible String Reference to: '-注册成功'
|
004D3F8C BA9C404D00
mov edx, $004D409C
|
004D3F91 E86A0CF3FF
call 00404C00
004D3F96
8B55E4 mov
edx, [ebp-$1C]
004D3F99 33C9
xor ecx, ecx
* Possible String Reference
to: ' 感谢你对超级**伴侣的支持!希?
|
颐堑姆衲芄皇鼓懵狻?
|
004D3F9B B8B0404D00
mov eax, $004D40B0
|
004D3FA0 E89F53FFFF
call 004C9344
004D3FA5
8BC3 mov
eax, ebx
* Reference to : TApplication._PROC_0048554C()
|
004D3FA7 E8A015FBFF call
0048554C
004D3FAC 8BC6
mov eax, esi
|
004D3FAE
E871FBF2FF call 00403B24
004D3FB3 EB38
jmp 004D3FED
* Possible String Reference to: '确定'
|
004D3FB5 688C404D00
push $004D408C
004D3FBA 6A00
push $00
004D3FBC 6A01
push $01
004D3FBE 6A00
push $00
004D3FC0 6A00
push $00
004D3FC2 8D55E0
lea edx, [ebp-$20]
004D3FC5 A1803E5000 mov
eax, dword ptr [$00503E80]
004D3FCA 8B00
mov eax, [eax]
* Reference to : TApplication._PROC_004887A0()
|
004D3FCC E8CF47FBFF
call 004887A0
004D3FD1
8D45E0 lea
eax, [ebp-$20]
* Possible String Reference to: '-输入错误'
|
004D3FD4
BAF8404D00 mov edx, $004D40F8
|
004D3FD9 E8220CF3FF
call 00404C00
004D3FDE 8B55E0
mov edx, [ebp-$20]
004D3FE1
33C9 xor
ecx, ecx
* Possible String Reference to: ' 注册码错误,请重新输入注册码!'
|
004D3FE3 B80C414D00
mov eax, $004D410C
|
004D3FE8 E85753FFFF
call 004C9344
004D3FED
33C0 xor
eax, eax
004D3FEF 5A
pop edx
004D3FF0 59
pop ecx
004D3FF1 59
pop ecx
004D3FF2 648910
mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '^[嬪]?
|
004D3FF5
682C404D00 push $004D402C
004D3FFA 8D45E0
lea eax, [ebp-$20]
004D3FFD BA02000000
mov edx, $00000002
|
004D4002
E85509F3FF call 0040495C
004D4007 8D45E8
lea eax, [ebp-$18]
004D400A BA04000000
mov edx, $00000004
|
004D400F
E84809F3FF call 0040495C
004D4014 8D45F8
lea eax, [ebp-$08]
|
004D4017 E81C09F3FF
call 00404938
004D401C
8D45FC lea
eax, [ebp-$04]
|
004D401F E81409F3FF
call 00404938
004D4024 C3
ret
004D4025
E98E02F3FF jmp 004042B8
004D402A EBCE
jmp 004D3FFA
****** END
|
004D402C
5E pop
esi
004D402D 5B
pop ebx
004D402E 8BE5
mov esp, ebp
004D4030 5D
pop ebp
004D4031 C3
ret
=========================================================================
算法流程:
首先对用户名的每位进行处理,然后分别保存成10进制在连接;
powerboy-> B0 AC AF 96
9A 7F 7F 7A
变10进制连接:176172175150154127127122
在最后连接机器码:176172175150154127127122+1181312697122788555
1761721751501541271271221181312697122788555然后对这个新字符串进行运算
从第1位开始取5位变成十六进制
17617->$44D1
然后进行3次方运算EAX保存低8位,EDX保存高8位
LF($44D1)=4F905B39971:
EAX=05B39971;EDX=000004F9
ESI=000053F7,EAX=0B7D772E,ECX=0,EDI=0,EDX=0,EBX=00006ECB
然后进行一次进位循环左移64位RCL(LF($44D1))=21495($53F7)
保存最后的高位数据,最后把每次运算的结果变10进制在连接;
$53F7=21495
21495 3994 18 1596 23870 6857 3381 16843 4743
004D36C0 /$ 55 PUSH EBP
004D36C1
|. 8BEC MOV EBP,ESP
004D36C3 |. 51
PUSH ECX
004D36C4 |. B9 0B000000
MOV ECX,0B
004D36C9 |> 6A 00
/PUSH 0
004D36CB |. 6A 00 |PUSH 0
004D36CD |. 49 |DEC ECX
004D36CE |.^75 F9 \JNZ SHORT 1.004D36C9
004D36D0 |. 874D FC XCHG DWORD PTR SS:[EBP-4],ECX
004D36D3 |. 53 PUSH EBX
004D36D4 |. 56 PUSH ESI
004D36D5
|. 8BD9 MOV EBX,ECX
004D36D7 |. 8955
F8 MOV DWORD PTR SS:[EBP-8],EDX
004D36DA
|. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004D36DD
|. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004D36E0
|. E8 0317F3FF CALL 1.00404DE8
004D36E5 |. 8B45 F8
MOV EAX,DWORD PTR SS:[EBP-8]
004D36E8 |. E8 FB16F3FF
CALL 1.00404DE8
004D36ED |. 33C0
XOR EAX,EAX
004D36EF |. 55
PUSH EBP
004D36F0 |. 68 18394D00 PUSH 1.004D3918
004D36F5 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004D36F8 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004D36FB |. 8BC3 MOV EAX,EBX
004D36FD |. E8 3612F3FF CALL 1.00404938
004D3702
|. C745 F0 CB6E00>MOV DWORD PTR SS:[EBP-10],6ECB
004D3709 |. C745 F4
000000>MOV DWORD PTR SS:[EBP-C],0
004D3710 |. C745 E0 606D00>MOV DWORD
PTR SS:[EBP-20],6D60
004D3717 |. C745 E4 000000>MOV DWORD PTR SS:[EBP-1C],0
004D371E |. FF75 E4 PUSH DWORD PTR SS:[EBP-1C]
; /Arg2
004D3721 |. FF75
E0 PUSH DWORD PTR SS:[EBP-20]
; |Arg1
004D3724 |. E8 D3FEFFFF CALL
1.004D35FC
; \1.004D35FC
004D3729 |. 8945 E8
MOV DWORD PTR SS:[EBP-18],EAX
004D372C |. 8955 EC
MOV DWORD PTR SS:[EBP-14],EDX
004D372F |. 8D4D
CC LEA ECX,DWORD PTR SS:[EBP-34]
004D3732
|. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
004D3735
|. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004D3738
|. E8 EB010000 CALL 1.004D3928
//对机器码进行运算
004D373D
|. E9 0C010000 JMP 1.004D384E
004D3742 |> 8D45 C8
/LEA EAX,DWORD PTR SS:[EBP-38]
004D3745 |. 50
|PUSH EAX
004D3746 |. FF75 F4
|PUSH DWORD PTR SS:[EBP-C]
; /Arg2
004D3749 |. FF75 F0
|PUSH DWORD PTR SS:[EBP-10] ;
|Arg1
004D374C |. 8D45 C4 |LEA EAX,DWORD
PTR SS:[EBP-3C] ; |
004D374F |. E8
185DF3FF |CALL 1.0040946C
; \1.0040946C
004D3754 |.
8B45 C4 |MOV EAX,DWORD PTR SS:[EBP-3C]
004D3757
|. E8 9C14F3FF |CALL 1.00404BF8
004D375C |. 8BC8
|MOV ECX,EAX
004D375E |. BA 01000000
|MOV EDX,1
004D3763 |. 8B45 CC |MOV
EAX,DWORD PTR SS:[EBP-34]
004D3766 |. E8 ED16F3FF |CALL
1.00404E58
//取5位
004D376B |. 8B45 C8
|MOV EAX,DWORD PTR SS:[EBP-38]
//
004D376E |. E8 495DF3FF |CALL 1.004094BC
//将十进制->十六进制
004D3773 |. 99 |CDQ
004D3774
|. 8945 D8 |MOV DWORD PTR SS:[EBP-28],EAX
004D3777
|. 8955 DC |MOV DWORD PTR SS:[EBP-24],EDX
004D377A
|. 8B45 D8 |MOV EAX,DWORD PTR SS:[EBP-28]
004D377D
|. 8B55 DC |MOV EDX,DWORD PTR SS:[EBP-24]
004D3780
|. 3B55 F4 |CMP EDX,DWORD PTR SS:[EBP-C]
004D3783 |. 75 07 |JNZ SHORT 1.004D378C
004D3785 |. 3B45 F0 |CMP EAX,DWORD PTR SS:[EBP-10]
//和28363比较大于则跳
004D3788 |. 72 65
|JB SHORT 1.004D37EF
004D378A |. EB 02
|JMP SHORT 1.004D378E
004D378C |> 7C 61
|JL SHORT 1.004D37EF
004D378E |>
8D45 C0 |LEA EAX,DWORD PTR SS:[EBP-40]
004D3791
|. 50 |PUSH EAX
004D3792 |.
FF75 F4 |PUSH DWORD PTR SS:[EBP-C]
; /Arg2
004D3795 |. FF75 F0
|PUSH DWORD PTR SS:[EBP-10]
; |Arg1
004D3798 |. 8D45 BC |LEA
EAX,DWORD PTR SS:[EBP-44] ; |
004D379B
|. E8 CC5CF3FF |CALL 1.0040946C
; \1.0040946C
004D37A0
|. 8B45 BC |MOV EAX,DWORD PTR SS:[EBP-44]
004D37A3
|. E8 5014F3FF |CALL 1.00404BF8
004D37A8 |. 8BC8
|MOV ECX,EAX
004D37AA |. 49
|DEC ECX
004D37AB |. BA 01000000
|MOV EDX,1
004D37B0 |. 8B45 CC |MOV
EAX,DWORD PTR SS:[EBP-34]
004D37B3 |. E8 A016F3FF |CALL
1.00404E58
004D37B8 |. 8B45 C0 |MOV EAX,DWORD
PTR SS:[EBP-40]
004D37BB |. E8 FC5CF3FF |CALL 1.004094BC
004D37C0 |. 99 |CDQ
004D37C1
|. 8945 D8 |MOV DWORD PTR SS:[EBP-28],EAX
004D37C4
|. 8955 DC |MOV DWORD PTR SS:[EBP-24],EDX
004D37C7
|. FF75 F4 |PUSH DWORD PTR SS:[EBP-C]
; /Arg2
004D37CA |. FF75 F0
|PUSH DWORD PTR SS:[EBP-10]
; |Arg1
004D37CD |. 8D45 B8
|LEA EAX,DWORD PTR SS:[EBP-48] ; |
004D37D0
|. E8 975CF3FF |CALL 1.0040946C
; \1.0040946C
004D37D5
|. 8B45 B8 |MOV EAX,DWORD PTR SS:[EBP-48]
004D37D8
|. E8 1B14F3FF |CALL 1.00404BF8
004D37DD |. 8BC8
|MOV ECX,EAX
004D37DF |. 49
|DEC ECX
004D37E0 |. 8D45 CC
|LEA EAX,DWORD PTR SS:[EBP-34]
004D37E3 |. BA 01000000
|MOV EDX,1
004D37E8 |. E8 AB16F3FF |CALL 1.00404E98
004D37ED |. EB 25 |JMP SHORT 1.004D3814
004D37EF |> FF75 F4 |PUSH DWORD PTR SS:[EBP-C]
; /Arg2
004D37F2 |. FF75
F0 |PUSH DWORD PTR SS:[EBP-10]
; |Arg1
004D37F5 |. 8D45 B4
|LEA EAX,DWORD PTR SS:[EBP-4C]
; |
004D37F8 |. E8 6F5CF3FF |CALL 1.0040946C
; \1.0040946C
004D37FD |. 8B45 B4 |MOV EAX,DWORD PTR SS:[EBP-4C]
004D3800 |. E8 F313F3FF |CALL 1.00404BF8
004D3805
|. 8BC8 |MOV ECX,EAX
004D3807 |.
8D45 CC |LEA EAX,DWORD PTR SS:[EBP-34]
004D380A
|. BA 01000000 |MOV EDX,1
004D380F |. E8 8416F3FF
|CALL 1.00404E98
004D3814 |> FF75 F4
|PUSH DWORD PTR SS:[EBP-C]
004D3817 |. FF75 F0
|PUSH DWORD PTR SS:[EBP-10]
004D381A |. FF75 DC
|PUSH DWORD PTR SS:[EBP-24]
; /Arg4
004D381D |. FF75 D8 |PUSH
DWORD PTR SS:[EBP-28] ; |Arg3
004D3820 |. FF75 EC |PUSH DWORD PTR SS:[EBP-14]
; |Arg2
004D3823 |. FF75
E8 |PUSH DWORD PTR SS:[EBP-18]
; |Arg1
004D3826 |. E8 45FEFFFF
|CALL 1.004D3670
; \1.004D3670//立方运算
004D382B |. E8 2021F3FF
|CALL 1.00405950
//进位循环左移64位(RCL)
004D3830 |. 8945 D0
|MOV DWORD PTR SS:[EBP-30],EAX
004D3833 |. 8955
D4 |MOV DWORD PTR SS:[EBP-2C],EDX
004D3836
|. FF75 D4 |PUSH DWORD PTR SS:[EBP-2C]
; /Arg2
004D3839 |. FF75 D0
|PUSH DWORD PTR SS:[EBP-30]
; |Arg1
004D383C |. 8D45 B0
|LEA EAX,DWORD PTR SS:[EBP-50] ; |
004D383F
|. E8 285CF3FF |CALL 1.0040946C
; \1.0040946C
004D3844
|. 8B55 B0 |MOV EDX,DWORD PTR SS:[EBP-50]
004D3847
|. 8BC3 |MOV EAX,EBX
004D3849 |.
E8 B213F3FF |CALL 1.00404C00
004D384E |> FF75 F4
PUSH DWORD PTR SS:[EBP-C]
; /Arg2
004D3851 |. FF75 F0
|PUSH DWORD PTR SS:[EBP-10] ;
|Arg1
004D3854 |. 8D45 AC |LEA EAX,DWORD
PTR SS:[EBP-54] ; |
004D3857 |. E8
105CF3FF |CALL 1.0040946C
; \1.0040946C
004D385C |.
8B45 AC |MOV EAX,DWORD PTR SS:[EBP-54]
004D385F
|. E8 9413F3FF |CALL 1.00404BF8
004D3864 |. 8BF0
|MOV ESI,EAX
004D3866 |. 8B45 CC
|MOV EAX,DWORD PTR SS:[EBP-34]
004D3869 |. E8
8A13F3FF |CALL 1.00404BF8
004D386E |. 3BF0
|CMP ESI,EAX
004D3870 |.^0F8E CCFEFFFF \JLE
1.004D3742
004D3876 |. 8B45 CC MOV EAX,DWORD
PTR SS:[EBP-34]
004D3879 |. E8 7A13F3FF CALL 1.00404BF8
004D387E |. 85C0 TEST EAX,EAX
004D3880 |. 74 49 JE SHORT 1.004D38CB
004D3882 |. 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34]
004D3885 |. E8 325CF3FF CALL 1.004094BC
004D388A
|. 99 CDQ
004D388B |. 8945
D8 MOV DWORD PTR SS:[EBP-28],EAX
004D388E
|. 8955 DC MOV DWORD PTR SS:[EBP-24],EDX
004D3891
|. FF75 F4 PUSH DWORD PTR SS:[EBP-C]
004D3894
|. FF75 F0 PUSH DWORD PTR SS:[EBP-10]
004D3897
|. FF75 DC PUSH DWORD PTR SS:[EBP-24]
; /Arg4
004D389A |. FF75 D8
PUSH DWORD PTR SS:[EBP-28]
; |Arg3
004D389D |. FF75 EC
PUSH DWORD PTR SS:[EBP-14] ; |Arg2
004D38A0 |. FF75 E8 PUSH DWORD PTR SS:[EBP-18]
; |Arg1
004D38A3 |. E8 C8FDFFFF
CALL 1.004D3670
; \1.004D3670
004D38A8 |. E8 A320F3FF
CALL 1.00405950
//最后剩下的也进行一次同样的运算
004D38AD |. 8945 D0 MOV
DWORD PTR SS:[EBP-30],EAX
004D38B0 |. 8955 D4
MOV DWORD PTR SS:[EBP-2C],EDX
004D38B3 |. FF75 D4
PUSH DWORD PTR SS:[EBP-2C]
; /Arg2
004D38B6 |. FF75 D0 PUSH DWORD PTR
SS:[EBP-30] ; |Arg1
004D38B9
|. 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58]
; |
004D38BC |. E8 AB5BF3FF
CALL 1.0040946C
; \1.0040946C
004D38C1 |. 8B55 A8
MOV EDX,DWORD PTR SS:[EBP-58]
004D38C4 |. 8BC3
MOV EAX,EBX
004D38C6 |. E8 3513F3FF
CALL 1.00404C00
004D38CB |> 8B03
MOV EAX,DWORD PTR DS:[EBX]
004D38CD |. E8 2613F3FF
CALL 1.00404BF8
004D38D2 |. 83F8 28 CMP
EAX,28
004D38D5 |. 7E 19 JLE SHORT
1.004D38F0
004D38D7 |. 8D4D A4 LEA ECX,DWORD
PTR SS:[EBP-5C]
004D38DA |. 8B03
MOV EAX,DWORD PTR DS:[EBX]
004D38DC |. BA 28000000 MOV
EDX,28
004D38E1 |. E8 BE3FF6FF CALL 1.004378A4
004D38E6
|. 8B55 A4 MOV EDX,DWORD PTR SS:[EBP-5C]
004D38E9
|. 8BC3 MOV EAX,EBX
004D38EB |. E8
9C10F3FF CALL 1.0040498C
004D38F0 |> 33C0
XOR EAX,EAX
004D38F2 |. 5A
POP EDX
004D38F3 |. 59
POP ECX
004D38F4 |. 59
POP ECX
004D38F5 |. 64:8910 MOV DWORD
PTR FS:[EAX],EDX
004D38F8 |. 68 1F394D00 PUSH 1.004D391F
004D38FD |> 8D45 A4 LEA EAX,DWORD PTR SS:[EBP-5C]
004D3900 |. BA 0B000000 MOV EDX,0B
004D3905
|. E8 5210F3FF CALL 1.0040495C
004D390A |. 8D45 F8
LEA EAX,DWORD PTR SS:[EBP-8]
004D390D |. BA 02000000
MOV EDX,2
004D3912 |. E8 4510F3FF CALL 1.0040495C
004D3917 \. C3 RETN
----------------------------------------------------------------
对机器码的运算......
004D3928 /$ 55 PUSH EBP
004D3929 |. 8BEC MOV EBP,ESP
004D392B
|. 6A 00 PUSH 0
004D392D |. 6A 00
PUSH 0
004D392F |. 6A 00
PUSH 0
004D3931 |. 6A 00
PUSH 0
004D3933 |. 6A 00 PUSH 0
004D3935 |. 53 PUSH EBX
004D3936
|. 56 PUSH ESI
004D3937 |.
57 PUSH EDI
004D3938 |. 8BF9
MOV EDI,ECX
004D393A |. 8955 F8
MOV DWORD PTR SS:[EBP-8],EDX
004D393D |. 8945 FC
MOV DWORD PTR SS:[EBP-4],EAX
004D3940 |. 8B45
FC MOV EAX,DWORD PTR SS:[EBP-4]
004D3943
|. E8 A014F3FF CALL 1.00404DE8
004D3948 |. 8B45 F8
MOV EAX,DWORD PTR SS:[EBP-8]
004D394B |. E8 9814F3FF
CALL 1.00404DE8
004D3950 |. 33C0
XOR EAX,EAX
004D3952 |. 55
PUSH EBP
004D3953 |. 68 FA394D00 PUSH 1.004D39FA
004D3958 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004D395B |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004D395E |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004D3961 |. E8 D20FF3FF CALL 1.00404938
004D3966
|. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
004D3969
|. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004D396C
|. E8 E7FAFFFF CALL 1.004D3458 //对用户名进行运算1
powerboy->011CD340
B0 AC AF 96 9A 7F 7F 7A 艾瘱?z AF
004D3971 |. 8B45 FC
MOV EAX,DWORD PTR SS:[EBP-4]
004D3974 |. E8 7F12F3FF
CALL 1.00404BF8
004D3979 |. 8BD8
MOV EBX,EAX
004D397B |. 85DB
TEST EBX,EBX
004D397D |. 7E 42 JLE
SHORT 1.004D39C1
004D397F |. BE 01000000 MOV ESI,1
//对上面产生的数值进行计算
004D3984 |> 8D55 EC /LEA EDX,DWORD PTR SS:[EBP-14]
004D3987 |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
004D398A |. 0FB64430 FF |MOVZX EAX,BYTE PTR DS:[EAX+ESI-1]//取BO
004D398F |. E8 EC59F3FF |CALL 1.00409380
//变十进制B0->176
004D3994
|. 8B55 EC |MOV EDX,DWORD PTR SS:[EBP-14]
004D3997
|. 8D45 F4 |LEA EAX,DWORD PTR SS:[EBP-C]
004D399A
|. E8 6112F3FF |CALL 1.00404C00
//相连
004D399F |. 46
|INC ESI
004D39A0 |. 4B
|DEC EBX
004D39A1 |.^75 E1
\JNZ SHORT 1.004D3984
004D39A3 |. EB 1C
JMP SHORT 1.004D39C1
004D39A5 |> 8B55 F4
/MOV EDX,DWORD PTR SS:[EBP-C]
004D39A8 |. B8 103A4D00
|MOV EAX,1.004D3A10
004D39AD |. E8 8A15F3FF |CALL
1.00404F3C
004D39B2 |. 8BD0 |MOV
EDX,EAX
004D39B4 |. 8D45 F4 |LEA EAX,DWORD
PTR SS:[EBP-C]
004D39B7 |. B9 01000000 |MOV ECX,1
004D39BC |. E8 D714F3FF |CALL 1.00404E98
004D39C1
|> 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]//
EDX=176172175150154127127122
004D39C4 |. B8 103A4D00 |MOV EAX,1.004D3A10
004D39C9 |. E8 6E15F3FF |CALL 1.00404F3C
004D39CE
|. 85C0 |TEST EAX,EAX
004D39D0 |.^7F
D3 \JG SHORT 1.004D39A5
004D39D2
|. 8BC7 MOV EAX,EDI
004D39D4 |. 8B4D
F8 MOV ECX,DWORD PTR SS:[EBP-8]
004D39D7
|. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
004D39DA
|. E8 6512F3FF CALL 1.00404C44
004D39DF |. 33C0
XOR EAX,EAX
004D39E1 |. 5A
POP EDX
004D39E2 |. 59
POP ECX
004D39E3 |. 59
POP ECX
004D39E4 |. 64:8910
MOV DWORD PTR FS:[EAX],EDX
004D39E7 |. 68 013A4D00 PUSH
1.004D3A01
004D39EC |> 8D45 EC LEA EAX,DWORD
PTR SS:[EBP-14]
004D39EF |. BA 05000000 MOV EDX,5
004D39F4 |. E8 630FF3FF CALL 1.0040495C
004D39F9
\. C3 RETN
VAR
NAME,SN,C:STRING;
LENNAME,A,B:INTEGER;
BEGIN
NAME:=EDIT1.TEXT;
LENNAME:=LENGTH(NAME);
FOR A:=1 TO LENNAME DO
BEGIN
B:=LENNAME;
B:=(B*B)-(A*A)+1;
C:=C+INTTOSTR(B+ORD(NAME[A]));
END;
C:=C+EDIT2.TEXT;//连接机器码生成计算用的新字符串
----------------------------------------------------------------
对用户名的处理....
004D3458 /$ 55 PUSH EBP
004D3459 |. 8BEC MOV EBP,ESP
004D345B
|. 83C4 EC ADD ESP,-14
004D345E |. 53
PUSH EBX
004D345F |. 56
PUSH ESI
004D3460 |. 57
PUSH EDI
004D3461 |. 33C9
XOR ECX,ECX
004D3463 |. 894D EC
MOV DWORD PTR SS:[EBP-14],ECX
004D3466 |. 894D F0
MOV DWORD PTR SS:[EBP-10],ECX
004D3469 |. 8955 F8
MOV DWORD PTR SS:[EBP-8],EDX
004D346C |. 8945 FC
MOV DWORD PTR SS:[EBP-4],EAX
004D346F |. 8B45
FC MOV EAX,DWORD PTR SS:[EBP-4]
004D3472
|. E8 7119F3FF CALL 1.00404DE8
004D3477 |. 33C0
XOR EAX,EAX
004D3479 |. 55
PUSH EBP
004D347A |. 68 01354D00
PUSH 1.004D3501
004D347F |. 64:FF30
PUSH DWORD PTR FS:[EAX]
004D3482 |. 64:8920
MOV DWORD PTR FS:[EAX],ESP
004D3485 |. 8D45 F0
LEA EAX,DWORD PTR SS:[EBP-10]
004D3488 |. E8 AB14F3FF
CALL 1.00404938
004D348D |. 8B45 FC
MOV EAX,DWORD PTR SS:[EBP-4]
004D3490 |. E8 6317F3FF CALL
1.00404BF8
004D3495 |. 8BF0 MOV ESI,EAX
004D3497 |. 8BFE MOV EDI,ESI
004D3499 |. 85FF TEST EDI,EDI
004D349B
|. 7E 36 JLE SHORT 1.004D34D3
004D349D
|. BB 01000000 MOV EBX,1
004D34A2 |> 8BC6
/MOV EAX,ESI
//用户名长度
004D34A4 |. F7EE
|IMUL ESI
//平方
004D34A6 |. 8BD3
|MOV EDX,EBX
//EDX=EBX
004D34A8 |. 0FAFD3 |IMUL EDX,EBX
//EDX=EDX*EBX;又平方
004D34AB |. 2BC2 |SUB EAX,EDX
//EAX=EAX-EDX
004D34AD
|. 40 |INC EAX
//EAX=EAX+1
004D34AE
|. 8945 F4 |MOV DWORD PTR SS:[EBP-C],EAX
//[EBP-C]=EAX
004D34B1 |. 8D45 EC |LEA EAX,DWORD
PTR SS:[EBP-14]
004D34B4 |. 8B55 FC |MOV
EDX,DWORD PTR SS:[EBP-4] //EDX=NAME
004D34B7 |. 0FB6541A
FF |MOVZX EDX,BYTE PTR DS:[EDX+EBX-1]//取用户名
004D34BC |.
0355 F4 |ADD EDX,DWORD PTR SS:[EBP-C]
//EDX=EDX+[EBP-C]
004D34BF |. E8 5C16F3FF |CALL 1.00404B20
//保存EDX
004D34C4
|. 8B55 EC |MOV EDX,DWORD PTR SS:[EBP-14]
004D34C7
|. 8D45 F0 |LEA EAX,DWORD PTR SS:[EBP-10]
004D34CA
|. E8 3117F3FF |CALL 1.00404C00
004D34CF |. 43
|INC EBX
//EBX=EBX+1
004D34D0 |. 4F
|DEC EDI
//EDI=EDI-1
004D34D1 |.^75 CF
\JNZ SHORT 1.004D34A2
004D34D3 |> 8B45
F8 MOV EAX,DWORD PTR SS:[EBP-8]
004D34D6
|. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
004D34D9
|. E8 AE14F3FF CALL 1.0040498C
004D34DE |. 33C0
XOR EAX,EAX
004D34E0 |. 5A
POP EDX
004D34E1 |. 59
POP ECX
004D34E2 |. 59
POP ECX
004D34E3 |. 64:8910
MOV DWORD PTR FS:[EAX],EDX
004D34E6 |. 68 08354D00 PUSH
1.004D3508
004D34EB |> 8D45 EC LEA EAX,DWORD
PTR SS:[EBP-14]
004D34EE |. BA 02000000 MOV EDX,2
004D34F3 |. E8 6414F3FF CALL 1.0040495C
004D34F8
|. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004D34FB
|. E8 3814F3FF CALL 1.00404938
004D3500 \. C3
RETN
=========================================================================
立方的运算
004D3670 /$ 55
PUSH EBP
004D3671 |. 8BEC MOV EBP,ESP
004D3673 |. 83C4 F0 ADD ESP,-10
004D3676
|. 53 PUSH EBX
004D3677 |.
8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
004D367A
|. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
004D367D
|. 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14]
004D3680
|. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
004D3683
|. 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]
004D3686
|. 4B DEC EBX
004D3687 |.
85DB TEST EBX,EBX
004D3689 |. 7E
1A JLE SHORT 1.004D36A5
004D368B
|> FF75 14 /PUSH DWORD PTR SS:[EBP+14]
004D368E
|. FF75 10 |PUSH DWORD PTR SS:[EBP+10]
004D3691
|. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
004D3694
|. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
004D3697
|. E8 1422F3FF |CALL 1.004058B0 //A=A*A
004D369C |. 8945 F0 |MOV DWORD PTR SS:[EBP-10],EAX
004D369F |. 8955 F4 |MOV DWORD PTR SS:[EBP-C],EDX
004D36A2 |. 4B |DEC EBX
//EBX=2所以为立方
004D36A3 |.^75
E6 \JNZ SHORT 1.004D368B
004D36A5
|> 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004D36A8
|. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
004D36AB
|. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004D36AE
|. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004D36B1
|. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004D36B4
|. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004D36B7
|. 5B POP EBX
004D36B8 |.
8BE5 MOV ESP,EBP
004D36BA |. 5D
POP EBP
004D36BB \. C2 1000
RETN 10
---------------------------------------------------------
A=A*A.........
004058B0 /$ 52
PUSH EDX
004058B1 |. 50
PUSH EAX
004058B2 |. 8B4424 10 MOV EAX,DWORD PTR
SS:[ESP+10]
004058B6 |. F72424 MUL DWORD
PTR SS:[ESP]
004058B9 |. 89C1 MOV
ECX,EAX
004058BB |. 8B4424 04 MOV EAX,DWORD PTR
SS:[ESP+4]
004058BF |. F76424 0C MUL DWORD PTR
SS:[ESP+C]
004058C3 |. 01C1 ADD ECX,EAX
004058C5 |. 8B0424 MOV EAX,DWORD PTR SS:[ESP]
004058C8 |. F76424 0C MUL DWORD PTR SS:[ESP+C]
004058CC |. 01CA ADD EDX,ECX
004058CE |. 59 POP ECX
004058CF
|. 59 POP ECX
004058D0 \.
C2 0800 RETN 8
=====================================================================================
进位循环的运算...
计算前
LF($44D1)=4F905B39971: EAX=05B39971;EDX=000004F9
计算后
ESI=000053F7,EAX=0B7D772E,ECX=0,EDI=0,EDX=0,EBX=00006ECB
00405950 /$ 55 PUSH EBP
00405951
|. 53 PUSH EBX
00405952 |.
56 PUSH ESI
00405953 |. 57
PUSH EDI
00405954 |. 31FF
XOR EDI,EDI
00405956 |. 8B5C24 14
MOV EBX,DWORD PTR SS:[ESP+14]
0040595A |. 8B4C24 18
MOV ECX,DWORD PTR SS:[ESP+18]
0040595E |. 09C9
OR ECX,ECX
00405960 |. 75 08
JNZ SHORT 1.0040596A
00405962 |. 09D2
OR EDX,EDX
00405964 |. 74 5D
JE SHORT 1.004059C3
00405966 |. 09DB
OR EBX,EBX
00405968 |. 74 59
JE SHORT 1.004059C3
0040596A |> 09D2
OR EDX,EDX
0040596C |. 79 0A
JNS SHORT 1.00405978
0040596E |. F7DA
NEG EDX
00405970 |. F7D8 NEG EAX
00405972 |. 83DA 00 SBB EDX,0
00405975
|. 83CF 01 OR EDI,1
00405978 |> 09C9
OR ECX,ECX
0040597A |. 79 07
JNS SHORT 1.00405983
0040597C |. F7D9
NEG ECX
0040597E |. F7DB
NEG EBX
00405980 |. 83D9 00 SBB ECX,0
00405983 |> 89CD MOV EBP,ECX
00405985 |. B9 40000000 MOV ECX,40
0040598A |. 57
PUSH EDI
0040598B |. 31FF
XOR EDI,EDI
0040598D |. 31F6
XOR ESI,ESI //循环计算64次
0040598F |> D1E0 /SHL EAX,1
//EAX=EAX SHL 1
00405991 |. D1D2
|RCL EDX,1
//EDX=EDX RCL 1
00405993 |. D1D6
|RCL ESI,1 //ESI=ESI RCL 1
00405995 |. D1D7 |RCL EDI,1
//EDI=EDI RCL 1
00405997 |. 39EF
|CMP EDI,EBP //EBP=28363
00405999 |. 72 0B |JB SHORT 1.004059A6
0040599B |. 77 04 |JA SHORT 1.004059A1
0040599D |. 39DE |CMP ESI,EBX
0040599F |. 72 05 |JB SHORT 1.004059A6
004059A1 |> 29DE |SUB ESI,EBX
//ESI=ESI-EBX
004059A3 |. 19EF
|SBB EDI,EBP
004059A5 |. 40
|INC EAX
004059A6 |>^E2 E7
\LOOPD SHORT 1.0040598F//EBX作为循环的标志
004059A8 |. 89F0
MOV EAX,ESI
//EAX=ESI
004059AA |. 89FA MOV EDX,EDI
004059AC |. 5B POP EBX
004059AD |. F7C3 01000000 TEST EBX,1
004059B3 |. 74 07
JE SHORT 1.004059
004059B5 |. F7DA
NEG EDX
004059B7 |. F7D8
NEG EAX
004059B9 |. 83DA 00
SBB EDX,0
004059BC |> 5F POP
EDI
004059BD |. 5E POP ESI
004059BE |. 5B POP EBX
004059BF |. 5D POP EBP
004059C0
|. C2 0800 RETN 8
004059C3 |> F7F3
DIV EBX
004059C5 |. 92
XCHG EAX,EDX
004059C6 |. 31D2
XOR EDX,EDX
004059C8 \.^EB F2
JMP SHORT 1.004059BC
004059CA . C3
RETN
很可惜进位循环的部分我不能用编程模拟(水平太差,也没有时间思考...)所以注册机不能完成.
不知道各位谁有时间可以跟踪一下然后给出进位循环的源码^_^谢了!
这几日单位的事情非常之多,而且工作压力还特别的大~!所以想找一个软件分析一下,作为松弛神经的方法.
不知道各位有什么好的办法给自己减压啊!告诉小弟几招阿~小弟不胜感激~!
- 标 题:超级电脑伴侣 V1.12算法流程,另有问题请教大家! (32千字)
- 作 者:PowerBoy
- 时 间:2003-5-30 21:04:31
- 链 接:http://bbs.pediy.com