¡¡¡¡ÍòÀﳤÕ÷µÚËIJ½£ºBookup 2000 Express Build30×¢²áËã·¨·ÖÎö
½âÃÜÕߣº³åÌì½£@pediy.com
¹¤¾ß£ºPEID 0.94£¬OllyICE 1.10
0. µ¼ÑÔ
¡¡¡¡BookupÊǸöÓÃÓÚÑо¿ºÍѧϰ¹ú¼ÊÏóÆ忪¾ÖµÄÈí¼þ£¬¾ÝÆä×÷Õß³ÆËû¿ÉÒÔ
±£Ö¤ÄãʹÓÃ9¸öÔÂÖ®ÄÚ£¬¹ú¼ÊÏóÆåˮƽÓÐÏÔÖøÌá¸ß£¬·ñÔòÈ«¶îÍË¿î¡£µ±È»£¬
Âô¹ÏµÄ¶¼ÊÇÍõÆÅ£¬ËûµÄ³ÌÐò¾¿¾¹ÔõôÑù£¬ÓõÄÈËÐÄÀïÃ÷°×¡£
¡¡¡¡ÍøÖ·£º
¡¡¡¡¡¡¡¡¡¡¡¡¡¡hxxp://www.bookup.com£¨×ÔÐиÄÕý£©
ÉÏÓмòÒ×£¨Express£©°æÏÂÔØ£¬²»¹ýÒªÇóÊäÈëµç×ÓÓʼþÖ®Àà¸öÈËÐÅÏ¢£¬Ëæ±ã
ÄóÔì¸öµØÖ·¾ÍÐÐÁË¡£Õâ¸ö³ÌÐòÈÔÈ»ÔÚ²»¶ÏµØÖØбàÒ룬×Ô´Ó1ÔÂÒÔÀ´£¬ÒѾ
ÖرàÒëÁË3´Î£¬ÓÉÄÇʱµÄBuild27¸üе½ÏÖÔÚµÄBuild30¡£Ã¿´Î±àÒ룬ע²áÂë
¶¼²»Ò»Ñù£¬ÉÏÒ»°æ±¾µÄ×¢²áÂëÎÞ·¨ÔÚÏÂÒ»°æ±¾ÖÐʹÓã¬ÕâÒ²¾ÍÊDZêÌâÖÐ×¢
Ã÷Êǵڼ¸´ÎBuildµÄÔÒò¡£Èç¹ûÄãÏÂÔصÄÊÇ×îеÄBuild£¬ÄÇôע²áËã·¨¿É
ÄÜ»á¸Ä±ä£¬Ö»ÄÜ×Ô¼º¸ú×¢²áÂëÁË¡£ºÃÔÚ¸ú×¢²áÂë±¾Éí±È½Ï¼òµ¥£¬Óò»ÁË°ë
¸öСʱµÄʱ¼ä£¬²»ÏóÕâÀï¸ãËã·¨·ÖÎö£¬Á½ÕßµÄÄѶÈÊDz»¿ÉͬÈÕ¶øÓïµÄ¡£
1. ½âÃÜ
¡¡¡¡(1) peid²é¿Ç£¬ÏÔʾBorland Delphi 4.0 - 5.0¡££¨»ÍâÒô£ºÈíÊÁ×ÓÓÖ
À´ÁË¡¡£©ÊÇÂð£¿ÄÇÄãÒ§Ò§¿´£¬ºÇºÇ£¡
¡¡¡¡(2) ÔËÐÐÔ³ÌÐò£¬ÊÔ×¢²á£¬ÒÔ±ãÁ˽â×¢²áÁ÷³Ì¡£×¢²áÂë¸ñʽÊÇ16×Ö·ûÐò
Áкţ¬Ã»ÓÐÓû§ÃûÐÅÏ¢£¬³ÊÏÖÐÎʽ£º
¡¡¡¡¡¡¡¡¡¡XXXX XXXX XXXX XXXX
Ëæ±ãÊäÈëÒ»×é×Ö·û£¬³öÏÖÌáʾÐÅÏ¢£º
¡¡¡¡¡¡¡¡¡¡The key was incorrect. The program will continue in Lite mode.
È»ºóODÔØÈ룬²éÕÒ´Ë×Ö´®£¬À´µ½£º
////////////////¡¡¡¡ÒÔÏÂÊÇ´úÂë¡¡¡¡///////////////
0050DABE . 8B45 FC mov eax, [ebp-4]
0050DAC1 . E8 56F2FFFF call 0050CD1C
0050DAC6 . 84C0 test al, al ; ·µ»Ø·Ç£°Îª×¢²á³É¹¦£¬£°ÎªÊ§°Ü
0050DAC8 . 74 11 je short 0050DADB ; ¹Ø¼üÌøת
0050DACA . 8B45 FC mov eax, [ebp-4]
0050DACD . E8 5EF1FFFF call 0050CC30
0050DAD2 . C605 80235500>mov byte ptr [552380], 1
0050DAD9 . EB 38 jmp short 0050DB13
0050DADB > 8B45 FC mov eax, [ebp-4]
0050DADE . E8 05F6FFFF call 0050D0E8
0050DAE3 . 84C0 test al, al
0050DAE5 . 74 17 je short 0050DAFE
0050DAE7 . 6A 00 push 0 ; /Arg1 = 00000000
0050DAE9 . 66:8B0D 34DB5>mov cx, [50DB34] ; |
0050DAF0 . B2 02 mov dl, 2 ; |
0050DAF2 . B8 5CDC5000 mov eax, 0050DC5C ; |ASCII "This key is for an older version. The program will continue in Lite mode."
0050DAF7 . E8 F8DAF4FF call 0045B5F4 ; \Bkup2kE.0045B5F4
0050DAFC . EB 15 jmp short 0050DB13
0050DAFE > 6A 00 push 0 ; /Arg1 = 00000000
0050DB00 . 66:8B0D 34DB5>mov cx, [50DB34] ; |
0050DB07 . B2 02 mov dl, 2 ; |
0050DB09 . B8 B0DC5000 mov eax, 0050DCB0 ; |ASCII "The key was incorrect. The program will continue in Lite mode."
0050DB0E . E8 E1DAF4FF call 0045B5F4 ; \Bkup2kE.0045B5F4
////////////////¡¡¡¡ÒÔÉÏÊÇ´úÂë¡¡¡¡///////////////
¹Ø¼üÌøתËƺõͦÈÝÒ×Õҵģ¬°¡£¡¿É½ÓÏÂÀ´¾Í·¸ÃÔºýÁË£¬ÔÚ0050DAC1Õâ¸öCALL
Ç°Ò»¾ä϶ϵ㣬¾¹È»Ê²Ã´¶¼Ã»ÓУ¬ÊäÈëµÄ¼ÙÂëÒ²²»ÖªµÀÄÄÈ¥ÁË¡£¸ú½ø¹ý³Ì
0050D0E8£¬Ò²ÊÇʲô¶¼Ã»ÕÒµ½¡£Ôõô»ØÊ£¿ÔÙÍùÇ°ÃæÕÒÕÒ£¬ÎÞÒâÖп´µ½Õâô
Ò»¾ä£º
0050D9CA . BA 9CDB5000 mov edx, 0050DB9C ; ASCII "5555444433332222"
ºÕºÕ¡«¡«Õâ¸ö"5555444433332222"µ¹ÊÇͦÏó×¢²áÂëµÄ£¬²»¹ÜÔõô˵£¬ÖÁÉÙ¸ñ
ʽÏà·ûÂï¡£½øÈëÔ³ÌÐòÊäÈëÕâ¸ö×Ö´®£¬³öÏÖÌáʾÐÅÏ¢£º
¡¡¡¡The temporary code was successfully installed. Please check your email in the next few days for your permanent code.
ÔÀ´ÕâÖ»ÊÇΪÁ˵Ⱥò×÷ÕßÓʼÄ×¢²áÂë¶øÂÔ΢ÑÓ³¤ÊÔÓÃÆÚÏÞµÄÁÙʱÂë¡£·´ÕýÔÝ
ʱ¸ú²»µ½×¢²áÂëÊÇÔõÑù´¦ÀíµÄ£¬²»·ÁÏȸú¸úÁÙʱÂë¿´¿´£º
////////////////¡¡¡¡ÒÔÏÂÊÇ´úÂë¡¡¡¡///////////////
0050DFBC /$ 55 push ebp
0050DFBD |. 8BEC mov ebp, esp
0050DFBF |. 83C4 D0 add esp, -30 ; ¾Ö²¿±äÁ¿¿Õ¼ädword*12
0050DFC2 |. 33D2 xor edx, edx
0050DFC4 |. 8955 F8 mov [ebp-8], edx
0050DFC7 |. 8945 FC mov [ebp-4], eax
0050DFCA |. 33C0 xor eax, eax
//´Ë¶Î´úÂëÂÔ
0050E079 |> \BA 18E25000 mov edx, 0050E218 ; ASCII "TemporaryCode build30"
0050E07E |. 8B45 E8 mov eax, [ebp-18]
0050E081 |. E8 762AF5FF call 00460AFC
0050E086 |. 84C0 test al, al ; ÅбðÊÇ·ñÊ×´ÎÊäÈëÁÙʱÂë
0050E088 |. 0F85 AA000000 jnz 0050E138
0050E08E |. E8 B9C3EFFF call 0040A44C ; Éú³É¸¡µãÊý
0050E093 |. DD5D D8 fstp qword ptr [ebp-28]
0050E096 |. 9B wait
0050E097 |. DD45 D8 fld qword ptr [ebp-28]
0050E09A |. D805 30E25000 fadd dword ptr [50E230] ; ds:[0050E230]=10.00000
0050E0A0 |. DD5D D0 fstp qword ptr [ebp-30]
0050E0A3 |. 9B wait
0050E0A4 |. FF75 DC push dword ptr [ebp-24] ; /Arg4
0050E0A7 |. FF75 D8 push dword ptr [ebp-28] ; |Arg3
0050E0AA |. FF75 D4 push dword ptr [ebp-2C] ; |Arg2
0050E0AD |. FF75 D0 push dword ptr [ebp-30] ; |Arg1
0050E0B0 |. 8D55 F0 lea edx, [ebp-10] ; |
0050E0B3 |. A1 BC805400 mov eax, [5480BC] ; |´Ë¹ý³ÌΪÉú³É×¢²áÂëµÄ¹ý³Ì
0050E0B8 |. E8 37E6F5FF call 0046C6F4 ; \Bkup2kE.0046C6F4
0050E0BD |. 8D4D F8 lea ecx, [ebp-8]
0050E0C0 |. 8D45 F0 lea eax, [ebp-10]
0050E0C3 |. BA 08000000 mov edx, 8
0050E0C8 |. E8 D731F5FF call 004612A4 ; ½«×¢²áÂëÓÉ16½øÖÆÊýֵת»¯ÎªASCII´®
0050E0CD |. 8B45 FC mov eax, [ebp-4]
0050E0D0 |. 05 B4080000 add eax, 8B4
0050E0D5 |. 8B55 F8 mov edx, [ebp-8] ; ´Ë´¦³öÏÖ×¢²áÂë
0050E0D8 |. E8 275DEFFF call 00403E04
////////////////¡¡¡¡ÒÔÉÏÊÇ´úÂë¡¡¡¡///////////////
µ±³ÌÐòÔËÐе½0050E0D5ÕâÒ»¾äʱ£¬edxÖгöÏÖÁËÒ»¸öÆæ¹ÖµÄ×Ö·û´®£¬¸ú×¢²á
Âë¸ñʽһÑù¡£ÓÃÕâ¸ö´®È¥¸ø³ÌÐò×¢²á£¬¾¹È»³É¹¦ÁË£¡Ôõô»áÕâÑù£¿°´ÕÕ³£
Àí£¬ÕâÖÖ×¢²á·½Ê½µÄÔÀí¶¼ÊÇÅж¨ÊäÈëµÄÄÚÈݾ¹ýijһÌض¨±ä»»ºó£¬ÊÇ·ñ
Âú×ãijһ×éÌض¨¹æÔò¡£Äª²»³ÉÕâ¸ö³ÌÐò¸ü¾ø£¬¾¹È»×Ô´ø×¢²á»ú£¿
¡¡¡¡È»¶øÕâÒ²Ö»ÊÇÍƲâµÄÒ»·½Ã棬±Ï¾¹ÉÏÃæÕâ¶Î´úÂëÖ»ÓÐÊäÈëµÄÊÇÁÙʱÂë
"5555444433332222"ʱ²Å»á±»Ö´Ðе½£¬Èç¹ûÊäÈëÆäËû¼ÙÂ룬ÔçÔÚ½øÈëÕâ¸ö
¹ý³ÌÒÔÇ°£¬Á÷³Ì¾ÍÒѾÌøµ½±ð´¦ÁË¡£Òò¶øÕâÀï³öÏÖµÄÒ²ÓпÉÄÜÖ»ÊÇÒ»¸ö³£
×Ö·û´®¶øÒÑ¡£ÎªÁËŪÃ÷°×ÕâÒ»µã£¬ÊäÈëÆäËû¼ÙÂëµÄʱºòͨ¹ýÐ޸ıê־λÈÃ
Á÷³Ì½øÈë´Ë¶Î´úÂ룬½á¹ûÊdzöÏÖµÄÕæÂë²»±ä¡££¨×¢£ºÔڼĴæÆ÷´°¿ÚÑ¡ÖÐij
Ò»±ê־λµÄÖµÓÒ»÷¼´¿ÉÐ޸ģ©
¡¡¡¡Õâô˵À´£¬ÕæÂë²¢²»ÒÀÀµÓÚÊäÈ룬ÄÇôËüÒÀÀµÓÚʲôÄØ£¿¸ú½ø004612A4
Õâ¸ö¹ý³Ì£¬·¢ÏÖËüÊÇ°ÑijһÄÚ´æµØÖ·´¦µÄ16½øÖÆÊýֵת»»³ÉASCII×Ö·û£¬±ã
ÐγÉÁËÔÚedxÖÐËù¿´µ½µÄ×¢²áÂë¡£¼ÇÏÂÕâ¸öÄÚ´æµØÖ·£º
qword ptr ss:[0012F9D8]£¬ÔÚÊý¾Ý´°¿ÚÖУ¨dsºÍss¹²ÓÃÒ»¸öÑ¡Ôñ×Ó£©×ªµ½
Õâ¸öµØÖ·£¬£¨×¢£ºÓÒ»÷Ñ¡Ôñ¡°×ªµ½¡ª¡ª£¾±í´ïʽ¡±ÊäÈë0012F9D8£©¿´³ÌÐò
ÊǺÎʱÍùÕâ¸öµØÖ·ÖÐдÈëÊý¾ÝµÄ£¬½á¹ûÀ´µ½£º
////////////////¡¡¡¡ÒÔÏÂÊÇ´úÂë¡¡¡¡///////////////
0046C6F4 /$ 55 push ebp
0046C6F5 |. 8BEC mov ebp, esp
0046C6F7 |. 83C4 F8 add esp, -8 ; ¾Ö²¿±äÁ¿¿Õ¼ädword*2
0046C6FA |. 8955 F8 mov [ebp-8], edx
0046C6FD |. 8945 FC mov [ebp-4], eax
0046C700 |. 8B45 F8 mov eax, [ebp-8] ; EAX=×¢²áÂë´æ·ÅµØÖ·
0046C703 |. 66:C700 CBA4 mov word ptr [eax], 0A4CB
0046C708 |. 8B45 F8 mov eax, [ebp-8]
0046C70B |. 66:C740 02 00>mov word ptr [eax+2], 0
0046C711 |. FF75 14 push dword ptr [ebp+14] ; /Arg2
0046C714 |. FF75 10 push dword ptr [ebp+10] ; |Arg1
0046C717 |. E8 74FFFFFF call 0046C690 ; \Bkup2kE.0046C690
0046C71C |. 8B55 F8 mov edx, [ebp-8]
0046C71F |. 66:8942 04 mov [edx+4], ax
0046C723 |. FF75 0C push dword ptr [ebp+C] ; /Arg2
0046C726 |. FF75 08 push dword ptr [ebp+8] ; |Arg1
0046C729 |. E8 62FFFFFF call 0046C690 ; \Bkup2kE.0046C690
0046C72E |. 8B55 F8 mov edx, [ebp-8]
0046C731 |. 66:8942 06 mov [edx+6], ax
0046C735 |. 8B55 F8 mov edx, [ebp-8] ; Èë¿Ú²ÎÊý1:[ebp-8]=0x0012f9d8=´æ·Å×¢²áÂëµÄÄÚ´æµØÖ·
0046C738 |. 8B45 FC mov eax, [ebp-4] ; Èë¿Ú²ÎÊý2:[ebp-4]=00546E24
0046C73B |. B1 01 mov cl, 1
0046C73D |. E8 0AF7FFFF call 0046BE4C
0046C742 |. 59 pop ecx
0046C743 |. 59 pop ecx
0046C744 |. 5D pop ebp
0046C745 \. C2 1000 retn 10
////////////////¡¡¡¡ÒÔÉÏÊÇ´úÂë¡¡¡¡///////////////
ÔÚµ÷ÓÃ004612A4´¦µÄ×Ö·ûת»»×Ó³ÌÐòÇ°×îºóÒ»´Î¶Ôqword ptr [0012F9D8]
дÈëÊý¾ÝÊÇÔÚ0046C73D´¦µÄcall 0046BE4CÓï¾ä£¬¸ú½øÕâ¸ö¹ý³ÌÖÐÒ»¿´£º
////////////////¡¡¡¡ÒÔÏÂÊÇ´úÂë¡¡¡¡///////////////
0046BE4C 55 push ebp
0046BE4D 8BEC mov ebp, esp
0046BE4F 83C4 D4 add esp, -2C ; ¾Ö²¿±äÁ¿¿Õ¼ädword*11
0046BE52 |. 884D F7 mov [ebp-9], cl ; cl=1
0046BE55 |. 8955 F8 mov [ebp-8], edx ; loc_2
0046BE58 |. 8945 FC mov [ebp-4], eax ; loc_1
0046BE5B |. 8B45 F8 mov eax, [ebp-8]
0046BE5E |. 8B00 mov eax, [eax]
0046BE60 |. 8945 EC mov [ebp-14], eax ; loc_5 = ×¢²áÂëÊ׸öË«×Ö£¨ÏÖΪ0x0000A4CB£©
0046BE63 |. 8B45 F8 mov eax, [ebp-8]
0046BE66 |. 8B40 04 mov eax, [eax+4]
0046BE69 |. 8945 E8 mov [ebp-18], eax ; loc_6 = ×¢²áÂëµÚ¶þ¸öË«×Ö
0046BE6C |. 33C0 xor eax, eax
0046BE6E |. 8945 E4 mov [ebp-1C], eax ; loc_7 = 0;
0046BE71 |> 8B45 EC /mov eax, [ebp-14] ; do
0046BE74 |. 8945 E0 |mov [ebp-20], eax ; loc_8 = loc_5;
0046BE77 |. 8B45 E4 |mov eax, [ebp-1C]
0046BE7A |. 8D0440 |lea eax, [eax+eax*2] ; eax=eax*3
0046BE7D |. 33D2 |xor edx, edx
0046BE7F |. 8A55 F7 |mov dl, [ebp-9]
0046BE82 |. 03D2 |add edx, edx
0046BE84 |. 8D1452 |lea edx, [edx+edx*2] ; edx=6
0046BE87 |. 8D14D5 B46D54>|lea edx, [edx*8+546DB4] ; edx=0x546de4
0046BE8E |. 8B0482 |mov eax, [edx+eax*4] ; [546de4]=3
0046BE91 |. 8B55 FC |mov edx, [ebp-4] ; edx=0x546e24
0046BE94 |. 8B0482 |mov eax, [edx+eax*4]
0046BE97 |. 8945 DC |mov [ebp-24], eax ; loc_9 = ?
0046BE9A |. 8B45 E4 |mov eax, [ebp-1C]
0046BE9D |. 8D0440 |lea eax, [eax+eax*2]
0046BEA0 |. 33D2 |xor edx, edx
0046BEA2 |. 8A55 F7 |mov dl, [ebp-9]
0046BEA5 |. 03D2 |add edx, edx
0046BEA7 |. 8D1452 |lea edx, [edx+edx*2]
0046BEAA |. 8D14D5 B46D54>|lea edx, [edx*8+546DB4]
0046BEB1 |. 8B4482 04 |mov eax, [edx+eax*4+4]
0046BEB5 |. 8B55 FC |mov edx, [ebp-4]
0046BEB8 |. 8B0482 |mov eax, [edx+eax*4]
0046BEBB |. 8945 D8 |mov [ebp-28], eax ; loc_10 = ?
0046BEBE |. 8B45 E4 |mov eax, [ebp-1C]
0046BEC1 |. 8D0440 |lea eax, [eax+eax*2]
0046BEC4 |. 33D2 |xor edx, edx
0046BEC6 |. 8A55 F7 |mov dl, [ebp-9]
0046BEC9 |. 03D2 |add edx, edx
0046BECB |. 8D1452 |lea edx, [edx+edx*2]
0046BECE |. 8D14D5 B46D54>|lea edx, [edx*8+546DB4]
0046BED5 |. 8B4482 08 |mov eax, [edx+eax*4+8]
0046BED9 |. 8B55 FC |mov edx, [ebp-4]
0046BEDC |. 8B0482 |mov eax, [edx+eax*4]
0046BEDF |. 8945 D4 |mov [ebp-2C], eax ; loc_11 = ?
0046BEE2 |. 8B45 D4 |mov eax, [ebp-2C]
0046BEE5 |. 0145 E0 |add [ebp-20], eax ; loc_8 = loc_8 + loc_11;
0046BEE8 |. 8B45 E0 |mov eax, [ebp-20]
0046BEEB |. 0145 D4 |add [ebp-2C], eax ; loc_11 = loc_11 + loc_8;
0046BEEE |. 8B45 E0 |mov eax, [ebp-20]
0046BEF1 |. C1E8 07 |shr eax, 7
0046BEF4 |. 3145 E0 |xor [ebp-20], eax ; loc_8 = loc_8 ^ (loc_8 >> 7);
0046BEF7 |. 8B45 E0 |mov eax, [ebp-20]
0046BEFA |. 0145 DC |add [ebp-24], eax ; loc_9 = loc_9 + loc_8;
0046BEFD |. 8B45 DC |mov eax, [ebp-24]
0046BF00 |. 0145 E0 |add [ebp-20], eax ; loc_8 = loc_8 + loc_9;
0046BF03 |. 8B45 DC |mov eax, [ebp-24]
0046BF06 |. C1E0 0D |shl eax, 0D
0046BF09 |. 3145 DC |xor [ebp-24], eax ; loc_9 = loc_9 ^ (loc_9 << 13);
0046BF0C |. 8B45 DC |mov eax, [ebp-24]
0046BF0F |. 0145 D8 |add [ebp-28], eax ; loc_10 = loc_10 + loc_9;
0046BF12 |. 8B45 D8 |mov eax, [ebp-28]
0046BF15 |. 0145 DC |add [ebp-24], eax ; loc_9 = loc_9 + loc_10;
0046BF18 |. 8B45 D8 |mov eax, [ebp-28]
0046BF1B |. C1E8 11 |shr eax, 11
0046BF1E |. 3145 D8 |xor [ebp-28], eax ; loc_10 = loc_10 ^ (loc_10 >> 17);
0046BF21 |. 8B45 D8 |mov eax, [ebp-28]
0046BF24 |. 0145 D4 |add [ebp-2C], eax ; loc_11 = loc_11 + loc_10;
0046BF27 |. 8B45 D4 |mov eax, [ebp-2C]
0046BF2A |. 0145 D8 |add [ebp-28], eax ; loc_10 = loc_10 + loc_11;
0046BF2D |. 8B45 D4 |mov eax, [ebp-2C]
0046BF30 |. C1E0 09 |shl eax, 9
0046BF33 |. 3145 D4 |xor [ebp-2C], eax ; loc_11 = loc_11 ^ (loc_11 << 9);
0046BF36 |. 8B45 D4 |mov eax, [ebp-2C]
0046BF39 |. 0145 E0 |add [ebp-20], eax ; loc_8 = loc_8 + loc_11;
0046BF3C |. 8B45 E0 |mov eax, [ebp-20]
0046BF3F |. 0145 D4 |add [ebp-2C], eax ; loc_11 = loc_11 + loc_8;
0046BF42 |. 8B45 E0 |mov eax, [ebp-20]
0046BF45 |. C1E8 03 |shr eax, 3
0046BF48 |. 3145 E0 |xor [ebp-20], eax ; loc_8 = loc_8 ^ (loc_8 >> 3);
0046BF4B |. 8B45 E0 |mov eax, [ebp-20]
0046BF4E |. 0145 DC |add [ebp-24], eax ; loc_9 = loc_9 + loc_8;
0046BF51 |. 8B45 DC |mov eax, [ebp-24]
0046BF54 |. C1E0 07 |shl eax, 7
0046BF57 |. 3145 DC |xor [ebp-24], eax ; loc_9 = loc_9 ^ (loc_9 << 7);
0046BF5A |. 8B45 DC |mov eax, [ebp-24]
0046BF5D |. 0145 D8 |add [ebp-28], eax ; loc_10 = loc_10 + loc_9;
0046BF60 |. 8B45 D4 |mov eax, [ebp-2C]
0046BF63 |. C1E8 0F |shr eax, 0F
0046BF66 |. 3145 D8 |xor [ebp-28], eax ; loc_10 = loc_10 ^ (loc_11 >> 15);
0046BF69 |. 8B45 D8 |mov eax, [ebp-28]
0046BF6C |. 0145 D4 |add [ebp-2C], eax ; loc_11 = loc_11 + loc_10;
0046BF6F |. 8B45 D4 |mov eax, [ebp-2C]
0046BF72 |. C1E0 0B |shl eax, 0B
0046BF75 |. 3145 D4 |xor [ebp-2C], eax ; loc_11 = loc_11 ^ (loc_11 << 11);
0046BF78 |. 8B45 E8 |mov eax, [ebp-18]
0046BF7B |. 3345 D4 |xor eax, [ebp-2C]
0046BF7E |. 8945 F0 |mov [ebp-10], eax ; loc_4 = loc_6 ^ loc_11;
0046BF81 |. 8B45 EC |mov eax, [ebp-14]
0046BF84 |. 8945 E8 |mov [ebp-18], eax ; loc_6 = loc_5;
0046BF87 |. 8B45 F0 |mov eax, [ebp-10]
0046BF8A |. 8945 EC |mov [ebp-14], eax ; loc_5 = loc_4;
0046BF8D |. FF45 E4 |inc dword ptr [ebp-1C] ; loc_7 = loc_7 + 1;
0046BF90 |. 837D E4 04 |cmp dword ptr [ebp-1C], 4 ; while(loc7 < 4);
0046BF94 |.^ 0F85 D7FEFFFF \jnz 0046BE71
0046BF9A |. 8B45 F8 mov eax, [ebp-8]
0046BF9D |. 8B55 E8 mov edx, [ebp-18] ; loc_6
0046BFA0 |. 8910 mov [eax], edx
0046BFA2 |. 8B45 F8 mov eax, [ebp-8]
0046BFA5 |. 8B55 EC mov edx, [ebp-14] ; loc_5
0046BFA8 |. 8950 04 mov [eax+4], edx
0046BFAB |. 8BE5 mov esp, ebp
0046BFAD |. 5D pop ebp
0046BFAE \. C3 retn
////////////////¡¡¡¡ÒÔÉÏÊÇ´úÂë¡¡¡¡///////////////
ÀÏÌ죬ÎÒ¿´µ½Õâ¶ÑÔËËãµÄµÚÒ»¸ö·´Ó¦ÊǼ¸ºõÍÂѪ£¬ËäÈ»×¢²áÂëµÄÖµ×îºóÊÇ
ÓÉloc_5ºÍloc_6Á½¸ö±äÁ¿Ð´ÈëµÄ£¬µ«ËüµÄÔËËã¹ý³ÌÖÐÓõ½ÁËloc_7£¨Ñ»·
¿ØÖƱäÁ¿£©µ½loc_11ÖÐËùÓеÄÖµ£¬Ã»Óа취¾«¼òµôһЩָÁÈç¹û½ö½öÊÇ
Ö¸Áî¶àЩҲ»¹°ÕÁË£¬¸üÄÕÈ˵ÄÊǶÁÈëloc_9µ½loc_11µÄÖµµÄʱºòÓÃÁËÁ½¼¶
¼Ä´æÆ÷¼ä½ÓÑ°Ö·£¬ÒªÖªµÀ£¬Ö¸ÕëÖµËæ±ãÐÞ¸ÄÒ»µã£¬ËùÖ¸ÏòµÄÄÚÈݾͿÉÄÜÏà
²îÊ®Íò°ËǧÀºÎ¿ö»¹ÊÇÁ½¼¶Ö¸Õ룡ÕâÒª´ÓºÎ¸úÆ𣿵½ÕâÀïÒѾÓÃÁËÎÒÒ»
ÕûÌìʱ¼ä£¬ÕæÓеãÏë¾Í´Ë·ÅÆú£¬Ë÷ÐÔÏÈȥ˯¾õÁË¡£
¡¡¡¡µÚ¶þÌì»ØÀ´£¬ÔÙ°´Í·ÌìµÄ·½·¨¸ú×¢²áÂ룬·¢ÏÖ×¢²áÂë±äÁË¡£¿´À´Èí¼þ
ÖÐȷʵÓиökeygen¹ý³Ì£¬¶ø²»½ö½öÊdz£Öµ×¢²áÂëÄÇô¼òµ¥£¡Í¬Ê±¾¹ýÒ»Ò¹
µÄÕûÀí˼·£¬¶ÔÓÚÄǸö¼Ä´æÆ÷¶þ¼¶Ñ°Ö·µÄÎÊÌâºÃ´õÓÐÁ˵ãÍ·Ð÷¡£Ê×ÏÈÕÒµ½
Ò»¼¶¼äÖ·ËùÔÚµÄÄÚ´æµØÖ·£º
loc_9 = [546e24+[546de4+loc_7*0C]*4]
loc_10 = [546e24+[546de4+loc_7*0C+4]*4]
loc_11 = [546e24+[546de4+loc_7*0C+8]*4]
ÓÉÓÚÑ»·¿ØÖƱäÁ¿loc_7´Ó0µ½3£¬Ò»¼¶¼äÖ·¾ÍÊÇ[546de4]µ½[546de4+2C]£¬
ÔÚÊý¾Ý´°¿ÚÖÐÕÒµ½ÕâƬÄڴ棺
00546DE4 03 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 .............
00546DF4 00 00 00 00 02 00 00 00 02 00 00 00 01 00 00 00 .............
00546E04 03 00 00 00 00 00 00 00 03 00 00 00 01 00 00 00 .............
ÉèÖÃÄÚ´æдÈë¶Ïµã£¬Ã»Óз¢ÏÖ³ÌÐòÍùÕâƬÄÚ´æÖÐдÈëÊý¾Ý£¬Ò²¾ÍÒâζ×ÅÕâ
ƬÄÚ´æµÄÖµÊÇһЩ³£Êý£¡ÔÙÒ»¿´Ã¿¸ödwordµÄÖµ¶¼²»³¬¹ý3£¬´úÈëµ½¶þ¼¶¼ä
Ö·µÄ±í´ïʽÖУ¬Ò²¾ÍÒâζ×Åloc_9µ½loc_11Ëù¶ÁÈ¡µÄÄÚÈÝÊÇÔÚ´Ó[546e24]
ÆðʼµÄ4¸ödwordÖУ¡Í¬ÑùÔÚÊý¾Ý´°¿ÚÖÐÕÒµ½ÕâƬÄڴ棺
00546E24 CC 20 0C 71 C5 18 27 FF 20 7F 86 F3 DC 15 A0 ED ?.q?'ÿ †ó?_?
ҲûÓз¢ÏÖ³ÌÐòÍùÆäÖÐдÈëÊý¾Ý£¡³¢ÊÔ°ÑÕâ4¸ödwordµÄÊýÖµÐ޸ģ¬¸ú³öµÄ
×¢²áÂë±ãÎÞЧÁË¡£Õâô˵£¬Õâ´®ÊýÖµ¿ÉÄÜÊÇijÖÖÃÜÔ¿¡£ÔÙ¿´0046BE60ºÍ
0046BE69Á½¾ä£¬ËµÃ÷ÁËÕâÕû¸ö¹ý³Ì¾ÍÊÇÓÃÕâ¸öÃÜÔ¿¶Ô×¢²áÂë´æ·ÅµÄÄÚ´æ½ø
Ðб任¡£»Øµ½¹ý³Ì0046C6F4Öп´±ä»»Ç°µÄÊý¾Ý£¬dword ptr [0012F9D8]µÄ
ÄÚÈݺÜÃ÷°×ÊÇ0000A4CB£¬¶ødword ptr [0012F9DC]ÓÉÁ½´Î¹ý³Ìµ÷ÓÃ
call 0046C690¸øÆ丳ֵ£¬¹ý³ÌµÄ²ÎÊý·Ö±ðÊÇqword ptr [0012F998]ºÍ
qword ptr [0012F990]¡£ÕâÁ½¸öqwordÊǸ¸¹ý³Ì´«µÝ½øÀ´µÄ²ÎÊý£¬»Øµ½¸¸
¹ý³Ì0050DFBCÖУ¬µÃÖªËüÃÇÔÀ´µÄµØÖ·ÊÇqword ptr ss:[0012F9C0]ºÍ
qword ptr ss:[0012F9B8]¡£¶ø0050E09AÒ»¾äÃ÷ÏԵرíÃ÷
qword ptr [0012F9B8]Ëù±íʾµÄ¸¡µãÊýÊÇqword ptr [0012F9C0]¼ÓÉÏ
10.00000£¨×¢Ò⣬[0050E230]ÈÔÊôÓÚ´úÂë¶Î£¬ÆäÖеÄÄÚÈݲ»¿ÉÄܱ»¸Äд£¬
ÎÞÒÉÊdz£Á¿¡££©ËùÒԹؼü¾ÍÔÚqword ptr [0012F9C0]µÄÄÚÈÝÊÇ´ÓʲôµØ·½
À´µÄ¡£ÈκÎÊÂÎïµÄ²úÉú×ÜÒªÓиöÔ´Í·£¬×ܲ»ÖÁÓÚƾ¿Õ±ä³öÒ»¸ö×¢²áÂëÀ´
°É£¡ËµÁËÄÇô¶à£¬»¹ÊÇÏȰѱäÁ¿Ö®¼äµÄÒÀÀµ¹ØϵС½áһϣº
×¢²áÂë¡¡ÒÀÀµÓÚ¡¡qword ptr ds:[0012F9D8]
qword ptr ds:[0012F9D8]¾¹ý³Ì0046BE4C±ä»»£¬±ä»»Ç°£º
dword ptr ds:[0012F9D8] = 0000A4CB
word ptr ds:[0012F9DC] ÒÀÀµÓÚqword ptr ss:[0012F998]£¨¾¹ý³Ì0046C690±ä»»£©
word ptr ds:[0012F9DE] ÒÀÀµÓÚqword ptr ss:[0012F990]£¨¾¹ý³Ì0046C690±ä»»£©
qword ptr ss:[0012F998] = qword ptr ss:[0012F9C0]
qword ptr ss:[0012F990] = qword ptr ss:[0012F9B8]
qword ptr ss:[0012F9B8] = qword ptr ss:[0012F9C0] fadd 10.00000
½Ó×ÅÍùÉÏ¿´£¬qword ptr [0012F9C0]µÄÖµÊÇ´Ó¸¡µã¶ÑÕ»ÖÐÀ³öÀ´µÄ£¬¶øÔÚ
0050E08EÕâ¸öcall֮ǰ£¬¸¡µã¶ÑÕ»»¹Êǿյġ£Õâ˵Ã÷qword ptr [0012F9C0]
µÄÖµ¾ÍÊÇÓÉÕâ¸öcallÉú³ÉµÄ¡£Õâ¸öcallÎÒÒѾ¸ú½øÈ¥¹ý£¬¾ßÌå¹ý³Ì¾Í²»Ð´
ÁË¡£Æä´óÖ²Ù×÷ÊÇÏȵ÷ÓÃGetLocalTimeÈ¡µÃ±¾µØ»úʱ¼ä£¬È»ºó¼ÆËã³ö×Ô´Ó¹«
Ôª1901ÄêÔªÔÂ1ÈÕ0ʱ0·Ö0ÃëÒÔÀ´µ½Õâ¸öʱ¼äΪֹËù¾ÀúµÄÌìÊý£¨²»×ãÒ»ÌìµÄ
²¿·ÖÒÔ¸¡µãСÊý±íʾ£©·µ»Øµ½¸¡µã¶ÑÕ»ÖС£
¡¡¡¡µ½´ËΪֹ£¬Õâ¸ö×¢²áÂëÉú³ÉµÄÁ÷³Ì»ù±¾ÈçÏ£º
¡¡¡¡qword_1 = (double)¹«Ôª1901ÄêÔªÔÂ1ÈÕ0ʱ0·Ö0ÃëÒÔÀ´µ½±¾µØ»úʱ¼äΪֹËù¾ÀúµÄÌìÊý
qword_2 = qword_1 + 10.00000
¡¡¡¡dword ptr qword_3 = 0000A4CB
word ptr qword_3+4 = sub_0046C690(qword_1)
word ptr qword_3+6 = sub_0046C690(qword_2)
sub_00468A4C(qword_3)
·µ»Øqword_3¡ª¡ª×¢²áÂë
È»¶øÎÒ¶Ô0046C690Õâ¸ö¹ý³ÌµÄ´¦ÀíÊÇÔõô»ØÊ»¹ÊDz»Á˽⣬×ÈÁдúÂëÈçÏ£º
////////////////¡¡¡¡ÒÔÏÂÊÇ´úÂë¡¡¡¡///////////////
0046C690 /$ 55 push ebp
0046C691 |. 8BEC mov ebp, esp
0046C693 |. 51 push ecx
0046C694 |. DD45 08 fld qword ptr [ebp+8]
0046C697 |. E8 E464F9FF call 00402B80
0046C69C |. 83FA 00 cmp edx, 0
0046C69F |. 75 03 jnz short 0046C6A4
0046C6A1 |. 83F8 00 cmp eax, 0
0046C6A4 |> 74 29 je short 0046C6CF ; EDX:EAX != 0
0046C6A6 |. DD45 08 fld qword ptr [ebp+8]
0046C6A9 |. E8 D264F9FF call 00402B80
0046C6AE |. 52 push edx
0046C6AF |. 50 push eax
0046C6B0 |. A1 B06D5400 mov eax, [546DB0] ; ds:[00546DB0]=000088F9
0046C6B5 |. 99 cdq
0046C6B6 |. 290424 sub [esp], eax
0046C6B9 |. 195424 04 sbb [esp+4], edx
0046C6BD |. 58 pop eax
0046C6BE |. 5A pop edx
0046C6BF |. 83FA 00 cmp edx, 0
0046C6C2 |. 75 09 jnz short 0046C6CD
0046C6C4 |. 3D FFFF0000 cmp eax, 0FFFF
0046C6C9 |. 76 0C jbe short 0046C6D7
0046C6CB |. EB 02 jmp short 0046C6CF ; »¨Ö¸Áî
0046C6CD |> 7E 08 jle short 0046C6D7
0046C6CF |> 66:C745 FE 00>mov word ptr [ebp-2], 0
0046C6D5 |. EB 13 jmp short 0046C6EA
0046C6D7 |> DD45 08 fld qword ptr [ebp+8]
0046C6DA |. E8 A164F9FF call 00402B80
0046C6DF |. 66:2B05 B06D5>sub ax, [546DB0]
0046C6E6 |. 66:8945 FE mov [ebp-2], ax
0046C6EA |> 66:8B45 FE mov ax, [ebp-2]
0046C6EE |. 59 pop ecx
0046C6EF |. 5D pop ebp
0046C6F0 \. C2 0800 retn 8
////////////////¡¡¡¡ÒÔÉÏÊÇ´úÂë¡¡¡¡///////////////
ÆäÖе÷ÓõÄ00402B80¹ý³Ì£º
////////////////¡¡¡¡ÒÔÏÂÊÇ´úÂë¡¡¡¡///////////////
00402B80 /$ 83EC 0C sub esp, 0C
00402B83 |. 9B wait
00402B84 |. D93C24 fstcw [esp]
00402B87 |. 9B wait
00402B88 |. D92D 28605400 fldcw [546028] ; ds:[00546028]=1F32
00402B8E |. DF7C24 04 fistp qword ptr [esp+4]
00402B92 |. 9B wait
00402B93 |. D92C24 fldcw [esp]
00402B96 |. 59 pop ecx
00402B97 |. 58 pop eax
00402B98 |. 5A pop edx ; EDX:EAX=±ä»»ºóµÄÊýÖµ
00402B99 \. C3 retn
////////////////¡¡¡¡ÒÔÉÏÊÇ´úÂë¡¡¡¡///////////////
½øÈëÕâ¸ö¹ý³ÌµÄʱºò¸¡µã¶ÑÕ»µÄst(0)»¹ÊǺúõÄÄǸöÌìÊýµÄÊýÖµ£¬ÖÐ;
Ö»ÊÇ°Ñ¿ØÖÆ×Ö¸ÄΪ1F32£¬Êä³ö½á¹û¾ÍÃæÄ¿È«·Ç£¬Ôõô¸ãµÄ¡£±ÉÈ˲»¶®FPU
µÄ¹¤×÷ÔÀí£¬ÓÐûÓÐÄÄλ¸ø½âÊÍһϣ¿
¡¡¡¡ÉÏÃæËù×ܽáµÄËã·¨Ö»ÊdzÌÐò¡°×Ô´ø¡±µÄ×¢²áËã·¨£¬ÖÁÓÚÈÎÒâÊäÈëÒ»
¸ö×¢²áÂ룬Åж¨ËüÊÇ·ñºÏ·¨µÄ´úÂëÔòûÓб»Éæ¼°¡££¨ÎåÌìµ±ÖÐÎÒÓÐÁ½Ìì
ÊÇÔÚÑо¿ÕâÊ£¬µ«ÁîÈËʧÍûµØÒ»ÎÞËù»ñ¡££©ËùÒÔ¿ÉÄÜ»áÓйÒһ©ÍòµÄÊÂ
·¢Éú¡£
¡¡¡¡(3)×¢²á»ú
¡¡¡¡Õâ¸ö×¢²áËã·¨ÃèÊöÆðÀ´Ì«ÍÏÄà´øË®£¬±ÉÈËÒÔΪ²»ÈçÖ±½Ó³éÈ¡ÉÏÃæËù
ÁеĻã±à´úÂëÀ´ÊµÏÖÒ»¸ö»ã±à×¢²á»ú¡££¨×È´ÓÂÔ£©
2. ¸ÐÑÔ
¡¡¡¡(1)²»Öª²»¾õ£¬ÎåÌì¹ýÈ¥ÁË¡¡
¡¡¡¡(2)¸öÈËÈÏΪ³ýÁ˸ú×Ô¼ºµÄ¹¤×÷Ïà¹ØµÄÈí¼þÒÔÍ⣬¾ßÌåÈí¼þ»¹ÊÇÉÙ½â
ΪÃî¡£Ò»¸öÈí¼þ±»½â¶àÁË£¬±£»¤´ëÊ©±ØÈ»ÏàÓ¦ÔöÇ¿£¬Ôö¼ÓÁ˺óÀ´µÄÈ˽â
ÃܵÄÄѶȡ£Èç¹ûÕâ¸öÈí¼þ¸úÄ㹤×÷Î޹أ¬Ö»ÊdzöÓÚÐËȤ¶øÆƽ⣬ÄÇÄã¸ü
ÊÇÔÚÆÆ»µ×ÊÔ´¡£×î½üÂÛ̳ÉÏÓÖÓв»ÉÙÈËÔÚ½â¹ú²úÈí¼þ£¬Òò´Ë˵Õâ¾ä»°±í
Ã÷Òâ¼û¡£