Gif2swf V2.1,把Gif文件转化成Flash动画
没有加壳,VC++6.0的作品
/Name:dnpf
Code:14604005
①
* Possible Reference to Dialog: DialogID_0090, CONTROL_ID:03E9, ""
|
:0040413A 68E9030000 push 000003E9
:0040413F 56 push esi
* Possible Reference to Dialog: DialogID_0090
|
:00404140 6890000000 push 00000090
:00404145 8BC8 mov ecx, eax
:00404147 E8E4FEFFFF call 00404030
:0040414C 8BF0 mov esi, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404138(C)
|
:0040414E 8B06 mov eax, dword ptr [esi]
:00404150 8BCE mov ecx, esi
:00404152 C7442418FFFFFFFF mov [esp+18], FFFFFFFF
:0040415A FF90C0000000 call dword ptr [eax+000000C0]
:00404160 85F6 test esi, esi
:00404162 8BD8 mov ebx, eax
:00404164 7409 je 0040416F
:00404166 8B16 mov edx, dword ptr [esi]
:00404168 6A01 push 00000001
:0040416A 8BCE mov ecx, esi
:0040416C FF5204 call [edx+04]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404164(C)
|
:0040416F 83FB01 cmp ebx, 00000001
:00404172 0F85AD000000 jne 00404225
:00404178 E8B3F5FFFF call 00403730---------------------------------------------->关键,进入!
:0040417D 85C0 test eax, eax---------------------------------------------->EAX作标志
:0040417F 7463 je 004041E4------------------------------------------------>跳到出错框
:00404181 6A00 push 00000000
:00404183 8BCF mov ecx, edi
:00404185 891D6CC54100 mov dword ptr [0041C56C], ebx
* Reference To: MFC42.Ordinal:0A55, Ord:0A55h
|
:0040418B E81AB30000 Call 0040F4AA
:00404190 A168C54100 mov eax, dword ptr [0041C568]
:00404195 85C0 test eax, eax
:00404197 742B je 004041C4
:00404199 A1E03A4100 mov eax, dword ptr [00413AE0]
:0040419E 6A00 push 00000000
:004041A0 6A00 push 00000000
:004041A2 6810010000 push 00000110
:004041A7 50 push eax
* Reference To: USER32.SendMessageA, Ord:0214h
|
:004041A8 FF1500044100 Call dword ptr [00410400]
:004041AE 6A40 push 00000040
* Possible StringData Ref from Data Obj ->"祝贺"
|
:004041B0 6800374100 push 00413700
* Possible StringData Ref from Data Obj ->"GIF2SWF已经成功注册!"
|
:004041B5 68D4364100 push 004136D4
:004041BA 6A00 push 00000000
* Reference To: USER32.MessageBoxA, Ord:01BEh
|
:004041BC FF15FC034100 Call dword ptr [004103FC]
:004041C2 EB61 jmp 00404225
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404197(C)
|
:004041C4 6A40 push 00000040
* Possible StringData Ref from Data Obj ->"祝贺"
|
:004041C6 6800374100 push 00413700
* Possible StringData Ref from Data Obj ->"GIF2SWF已经成功注册!"
|
:004041CB 68D4364100 push 004136D4
:004041D0 6A00 push 00000000
* Reference To: USER32.MessageBoxA, Ord:01BEh
|
:004041D2 FF15FC034100 Call dword ptr [004103FC]
:004041D8 6A00 push 00000000
:004041DA E871F0FFFF call 00403250
:004041DF 83C404 add esp, 00000004
:004041E2 EB41 jmp 00404225
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040417F(C)
|
:004041E4 6A30 push 00000030
* Possible StringData Ref from Data Obj ->"注册"
|
:004041E6 68C4364100 push 004136C4
* Possible StringData Ref from Data Obj ->"您输入了不正确的姓名或序列号码
请再试一次!"
|
:004041EB 6878364100 push 00413678
:004041F0 8BCF mov ecx, edi
* Reference To: MFC42.Ordinal:1080, Ord:1080h
|
:004041F2 E8ADB20000 Call 0040F4A4------------------------------------------------>出错提示
:004041F7 EB2C jmp 00404225------------------------------------------------->返回
*************************************************************
②
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004079D4(C)
|
:004079DF 83FF01 cmp edi, 00000001
:004079E2 5F pop edi
:004079E3 0F85A5000000 jne 00407A8E
:004079E9 E842BDFFFF call 00403730------------------------------------>关键,进入!
:004079EE 85C0 test eax, eax
:004079F0 0F8485000000 je 00407A7B-------------------------------------->跳到出错
:004079F6 6A00 push 00000000
:004079F8 8BCB mov ecx, ebx
:004079FA C7056CC5410001000000 mov dword ptr [0041C56C], 00000001
* Reference To: MFC42.Ordinal:0A55, Ord:0A55h
|
:00407A04 E8A17A0000 Call 0040F4AA
:00407A09 A168C54100 mov eax, dword ptr [0041C568]
:00407A0E 85C0 test eax, eax
:00407A10 743A je 00407A4C
:00407A12 A1E03A4100 mov eax, dword ptr [00413AE0]
:00407A17 6A00 push 00000000
:00407A19 6A00 push 00000000
:00407A1B 6810010000 push 00000110
:00407A20 50 push eax
* Reference To: USER32.SendMessageA, Ord:0214h
|
:00407A21 FF1500044100 Call dword ptr [00410400]
:00407A27 6A40 push 00000040
* Possible StringData Ref from Data Obj ->"祝贺"
|
:00407A29 6800374100 push 00413700
* Possible StringData Ref from Data Obj ->"GIF2SWF已经成功注册!"
|
:00407A2E 68D4364100 push 004136D4
:00407A33 6A00 push 00000000
* Reference To: USER32.MessageBoxA, Ord:01BEh
|
:00407A35 FF15FC034100 Call dword ptr [004103FC]
:00407A3B 5E pop esi
:00407A3C 5B pop ebx
:00407A3D 8B4C2404 mov ecx, dword ptr [esp+04]
:00407A41 64890D00000000 mov dword ptr fs:[00000000], ecx
:00407A48 83C410 add esp, 00000010
:00407A4B C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00407A10(C)
|
:00407A4C 6A40 push 00000040
* Possible StringData Ref from Data Obj ->"祝贺"
|
:00407A4E 6800374100 push 00413700
* Possible StringData Ref from Data Obj ->"GIF2SWF已经成功注册!"
|
:00407A53 68D4364100 push 004136D4
:00407A58 6A00 push 00000000
* Reference To: USER32.MessageBoxA, Ord:01BEh
|
:00407A5A FF15FC034100 Call dword ptr [004103FC]
:00407A60 6A00 push 00000000
:00407A62 E8E9B7FFFF call 00403250
:00407A67 83C404 add esp, 00000004
:00407A6A 5E pop esi
:00407A6B 5B pop ebx
:00407A6C 8B4C2404 mov ecx, dword ptr [esp+04]
:00407A70 64890D00000000 mov dword ptr fs:[00000000], ecx
:00407A77 83C410 add esp, 00000010
:00407A7A C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004079F0(C)
|
:00407A7B 6A30 push 00000030
* Possible StringData Ref from Data Obj ->"注册"
|
:00407A7D 68C4364100 push 004136C4
* Possible StringData Ref from Data Obj ->"您输入了不正确的姓名或序列号码
请再试一次!"
|
:00407A82 6878364100 push 00413678
:00407A87 8BCB mov ecx, ebx
* Reference To: MFC42.Ordinal:1080, Ord:1080h
|
:00407A89 E8167A0000 Call 0040F4A4
***************************************************************
③验证过程
00403730 /$ 6A FF PUSH -1
00403732 |. 68 F8F94000 PUSH GIF2SWF.0040F9F8--------------------->SE handler installation
00403737 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0040373D |. 50 PUSH EAX
0040373E |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
00403745 |. 83EC 08 SUB ESP,8
00403748 |. 51 PUSH ECX
00403749 |. 8BCC MOV ECX,ESP
0040374B |. 896424 04 MOV DWORD PTR SS:[ESP+4],ESP
0040374F |. 68 D83A4100 PUSH GIF2SWF.00413AD8
00403754 |. E8 27BD0000 CALL <JMP.&MFC42.#535>-------------------->取得序列号
00403759 |. 51 PUSH ECX
0040375A |. C74424 18 000>MOV DWORD PTR SS:[ESP+18],0
00403762 |. 8BCC MOV ECX,ESP
00403764 |. 896424 0C MOV DWORD PTR SS:[ESP+C],ESP
00403768 |. 68 DC3A4100 PUSH GIF2SWF.00413ADC
0040376D |. E8 0EBD0000 CALL <JMP.&MFC42.#535>-------------------->取得用户名
00403772 |. C74424 18 FFF>MOV DWORD PTR SS:[ESP+18],-1
0040377A |. E8 31FEFFFF CALL GIF2SWF.004035B0--------------------->关键,进入!
0040377F |. 83C4 08 ADD ESP,8
00403782 |. 85C0 TEST EAX,EAX------------------------------>作标志(影响返回的值)
00403784 |. 75 44 JNZ SHORT GIF2SWF.004037CA---------------->不为零则返回(后续出错)
00403786 |. B9 DC3A4100 MOV ECX,GIF2SWF.00413ADC
0040378B |. E8 EABC0000 CALL <JMP.&MFC42.#4171>
00403790 |. 50 PUSH EAX
00403791 |. 68 6C354100 PUSH GIF2SWF.0041356C---------------------->ASCII "RegisteredUserName"
00403796 |. E8 F5FCFFFF CALL GIF2SWF.00403490
0040379B |. 83C4 08 ADD ESP,8
0040379E |. B9 D83A4100 MOV ECX,GIF2SWF.00413AD8
004037A3 |. E8 D2BC0000 CALL <JMP.&MFC42.#4171>
004037A8 |. 50 PUSH EAX
004037A9 |. 68 58354100 PUSH GIF2SWF.00413558---------------------->ASCII "RegisteredUserKey"
004037AE |. E8 DDFCFFFF CALL GIF2SWF.00403490
004037B3 |. 83C4 08 ADD ESP,8
004037B6 |. B8 01000000 MOV EAX,1
004037BB |. 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8]
004037BF |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
004037C6 |. 83C4 14 ADD ESP,14
004037C9 |. C3 RETN
004037CA |> 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8]
004037CE |. 33C0 XOR EAX,EAX
004037D0 |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
004037D7 |. 83C4 14 ADD ESP,14
004037DA . C3 RETN
___________________________________________________________________
004035B0 /$ 6A FF PUSH -1
004035B2 |. 68 E0F94000 PUSH GIF2SWF.0040F9E0------------------------>SE handler installation
004035B7 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
004035BD |. 50 PUSH EAX
004035BE |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
004035C5 |. 83EC 68 SUB ESP,68
004035C8 |. 53 PUSH EBX
004035C9 |. 56 PUSH ESI
004035CA |. 57 PUSH EDI
004035CB |. 8D8C24 840000>LEA ECX,DWORD PTR SS:[ESP+84]
004035D2 |. C74424 7C 010>MOV DWORD PTR SS:[ESP+7C],1
004035DA |. E8 B7BD0000 CALL <JMP.&MFC42.#4204>----------------------->用户名转换为大写
004035DF |. 8D8C24 840000>LEA ECX,DWORD PTR SS:[ESP+84]----------------->PGg
004035E6 |. E8 8FBE0000 CALL <JMP.&MFC42.#4171>
004035EB |. 8D8C24 880000>LEA ECX,DWORD PTR SS:[ESP+88]
004035F2 |. 8BF0 MOV ESI,EAX
004035F4 |. E8 81BE0000 CALL <JMP.&MFC42.#4171>----------------------->取得注册码
004035F9 |. 8BD8 MOV EBX,EAX----------------------------------->EBX=EAX=注册码
004035FB |. 8BFE MOV EDI,ESI----------------------------------->EDI=ESI=用户名(大写)
004035FD |. 83C9 FF OR ECX,FFFFFFFF------------------------------->ECX=FFFFFFFF
00403600 |. 33C0 XOR EAX,EAX----------------------------------->EAX=0
00403602 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]------------------>判断用户名的长度
00403604 |. F7D1 NOT ECX
00403606 |. 49 DEC ECX
00403607 |. 895C24 0C MOV DWORD PTR SS:[ESP+C],EBX
0040360B |. 0F84 DC000000 JE GIF2SWF.004036ED-------------------------->用户名长度为零则跳
00403611 |. 8BFB MOV EDI,EBX
00403613 |. 83C9 FF OR ECX,FFFFFFFF
00403616 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00403618 |. F7D1 NOT ECX
0040361A |. 49 DEC ECX
0040361B |. 0F84 CC000000 JE GIF2SWF.004036ED-------------------------->注册码长度为零则跳
00403621 |. 55 PUSH EBP
00403622 |. 8BFE MOV EDI,ESI-----------------------------------
00403624 |. 83C9 FF OR ECX,FFFFFFFF |
00403627 |. 33ED XOR EBP,EBP ----------->清零为存放注册码 |---------------------->!!!!
00403629 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI] |再取用户名的长度
0040362B |. F7D1 NOT ECX |
0040362D |. 49 DEC ECX---------------------------------------/
0040362E |. 83F9 20 CMP ECX,20------------------------------------>用户名长度与32比较
00403631 |. 7E 05 JLE SHORT GIF2SWF.00403638-------------------->小于等于则跳
00403633 |. B9 20000000 MOV ECX,20
00403638 |> 33F6 XOR ESI,ESI
0040363A |. 85C9 TEST ECX,ECX
0040363C |. 7E 28 JLE SHORT GIF2SWF.00403666
0040363E |> 8B8424 880000>/MOV EAX,DWORD PTR SS:[ESP+88]--------------->用户名(大写)
00403645 |. 8A1C06 |MOV BL,BYTE PTR DS:[ESI+EAX]---------------->取用户名首位的ASCII值
00403648 |. B8 F73E1600 |MOV EAX,163EF7
0040364D |. 0FBEFB |MOVSX EDI,BL
00403650 |. 99 |CDQ
00403651 |. F7FF |IDIV EDI------------------------------------>163EF7/44(因为我输入的是DNPF)
00403653 |. 0FBED3 |MOVSX EDX,BL
00403656 |. 03C6 |ADD EAX,ESI
00403658 |. 0FAFC2 |IMUL EAX,EDX
0040365B |. 03E8 |ADD EBP,EAX--------------------------------->运算之后的总和存于EBP
0040365D |. 46 |INC ESI
0040365E |. 3BF1 |CMP ESI,ECX
00403660 |.^ 7C DC JL SHORT GIF2SWF.0040363E
00403662 |. 8B5C24 10 MOV EBX,DWORD PTR SS:[ESP+10]---------------->输入的注册码
00403666 |> 81C5 EDD98500 ADD EBP,85D9ED------------------------------->加法之后即为真注册码
0040366C |. 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+14]
00403670 |. 55 PUSH EBP ; /<%i>-------------->真注册码
00403671 |. 68 54354100 PUSH GIF2SWF.00413554 ; |format = "%i"
00403676 |. 50 PUSH EAX ; |s
00403677 |. FF15 6C034100 CALL DWORD PTR DS:[<&MSVCRT.sprintf>] ; sprintf
0040367D |. 83C4 0C ADD ESP,0C
00403680 |. 8BF3 MOV ESI,EBX
00403682 |. 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+14]
00403686 |. 5D POP EBP
00403687 |> 8A10 /MOV DL,BYTE PTR DS:[EAX]
00403689 |. 8A1E |MOV BL,BYTE PTR DS:[ESI]
0040368B |. 8ACA |MOV CL,DL
0040368D |. 3AD3 |CMP DL,BL
0040368F |. 75 1E |JNZ SHORT GIF2SWF.004036AF
00403691 |. 84C9 |TEST CL,CL
00403693 |. 74 16 |JE SHORT GIF2SWF.004036AB
00403695 |. 8A50 01 |MOV DL,BYTE PTR DS:[EAX+1]
00403698 |. 8A5E 01 |MOV BL,BYTE PTR DS:[ESI+1]
0040369B |. 8ACA |MOV CL,DL
0040369D |. 3AD3 |CMP DL,BL
0040369F |. 75 0E |JNZ SHORT GIF2SWF.004036AF
004036A1 |. 83C0 02 |ADD EAX,2
004036A4 |. 83C6 02 |ADD ESI,2
004036A7 |. 84C9 |TEST CL,CL
004036A9 |.^ 75 DC JNZ SHORT GIF2SWF.00403687
004036AB |> 33F6 XOR ESI,ESI
004036AD |. EB 05 JMP SHORT GIF2SWF.004036B4
004036AF |> 1BF6 SBB ESI,ESI
004036B1 |. 83DE FF SBB ESI,-1
004036B4 |> 8D8C24 840000>LEA ECX,DWORD PTR SS:[ESP+84]
004036BB |. C64424 7C 00 MOV BYTE PTR SS:[ESP+7C],0
004036C0 |. E8 B9BC0000 CALL <JMP.&MFC42.#800>
004036C5 |. 8D8C24 880000>LEA ECX,DWORD PTR SS:[ESP+88]
004036CC |. C74424 7C FFF>MOV DWORD PTR SS:[ESP+7C],-1
004036D4 |. E8 A5BC0000 CALL <JMP.&MFC42.#800>
004036D9 |. 8BC6 MOV EAX,ESI
004036DB |. 5F POP EDI
004036DC |. 5E POP ESI
004036DD |. 5B POP EBX
004036DE |. 8B4C24 68 MOV ECX,DWORD PTR SS:[ESP+68]
004036E2 |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
004036E9 |. 83C4 74 ADD ESP,74
004036EC |. C3 RETN
004036ED |> 8D8C24 840000>LEA ECX,DWORD PTR SS:[ESP+84]
004036F4 |. C64424 7C 00 MOV BYTE PTR SS:[ESP+7C],0
004036F9 |. E8 80BC0000 CALL <JMP.&MFC42.#800>
004036FE |. 8D8C24 880000>LEA ECX,DWORD PTR SS:[ESP+88]
00403705 |. C74424 7C FFF>MOV DWORD PTR SS:[ESP+7C],-1
0040370D |. E8 6CBC0000 CALL <JMP.&MFC42.#800>
00403712 |. 8B4C24 74 MOV ECX,DWORD PTR SS:[ESP+74]
00403716 |. 5F POP EDI
00403717 |. 5E POP ESI
00403718 |. B8 01000000 MOV EAX,1
0040371D |. 5B POP EBX
0040371E |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
00403725 |. 83C4 74 ADD ESP,74
00403728 . C3 RETN