[算法进阶]TMPGEnc v2.58注册算法分析-基于堆栈的简单虚拟机 v1.0
1.History
这个目标是05年5.1前后,看雪论坛的好好学习找我的,我断断续续搞了1年半,最后终于做出keygen
了。
本还想进一步研究的,可惜没有太多时间,连台电脑都还买不起。本想等买了电脑来庆祝的,现在想申请
CUG I [免试],
感觉拿不出像样的东西,暂且拿出来混个精华,希望不辱CUG的名号。这个教材就当作1.0版本吧,如果以
后再有研究
再修改。
2.虚拟机
虚拟机主要可分为 基于堆栈的虚拟机和 基于寄存器的虚拟机.
TMPGEnc 进入虚拟机的代码为:
VM Engine的代码为:
3. 反汇编VM代码
基本思路i就是将VM代码反汇编出来,然后看这个给予堆栈的虚拟机的代码(不是X86汇编了)。
我写的一个很简单的反汇编的代码如下:
4.阅读“汇编”代码:
void VMCode()
{
HANDLE hVMcode;//VM code
HANDLE hDatad;
BYTE buf1CRC32[8419]; //8418=1020*8+258,1020/6=170
char VMCodeLine[100];
BOOL iread;
int i,LineNUm=0;
int iVMcode;
DWORD VMdata;
DWORD dwSize;
DWORD BytesWritten;
hVMcode=CreateFile("VMCode.txt",GENERIC_WRITE,0,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
hDatad=CreateFile("Datad.dat",GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_READONLY,NULL);
memset(buf1CRC32,0,8419);
memset(VMCodeLine,0,100);
iread=ReadFile(hDatad,buf1CRC32,8419,&dwSize,NULL);
CloseHandle(hDatad);
//LineNUm: VMcode Data
for(i=0;i < 8419;i++)
{
iVMcode=buf1CRC32[i];
switch(iVMcode)
{
case 1:
VMdata=(buf1CRC32[i+4] << 24) | (buf1CRC32[i+1] << 16) | (buf1CRC32[i+2] << 8) | (buf1CRC32[i+3]);
wsprintf(VMCodeLine,"%d: PUSH64 %8x",LineNUm,VMdata);
if (LineNUm<100)
{
VMCodeLine[19]=0x0D;
VMCodeLine[20]=0x0A;
VMCodeLine[21]=0;
WriteFile(hVMcode,VMCodeLine,22,&BytesWritten,NULL);
}
else if(LineNUm<1000)
{
VMCodeLine[20]=0x0D;
VMCodeLine[21]=0x0A;
VMCodeLine[22]=0;
WriteFile(hVMcode,VMCodeLine,23,&BytesWritten,NULL);
}
else
{
VMCodeLine[21]=0x0D;
VMCodeLine[22]=0x0A;
VMCodeLine[23]=0;
WriteFile(hVMcode,VMCodeLine,24,&BytesWritten,NULL);
}
i=i+4;
LineNUm++;
break;
case 2:
wsprintf(VMCodeLine,"%d: PUSH64_2",LineNUm);
VMCodeLine[13]=0x0D;
VMCodeLine[14]=0x0A;
VMCodeLine[15]=0;
WriteFile(hVMcode,VMCodeLine,16,&BytesWritten,NULL);
LineNUm++;
break;
case 3:
wsprintf(VMCodeLine,"%d: Pop64_push64",LineNUm);
VMCodeLine[17]=0x0D;
VMCodeLine[18]=0x0A;
VMCodeLine[19]=0;
WriteFile(hVMcode,VMCodeLine,20,&BytesWritten,NULL);
LineNUm++;
break;
case 4:
wsprintf(VMCodeLine,"%d: Pop64_pop64",LineNUm);
VMCodeLine[16]=0x0D;
VMCodeLine[17]=0x0A;
VMCodeLine[18]=0;
WriteFile(hVMcode,VMCodeLine,19,&BytesWritten,NULL);
LineNUm++;
break;
case 5:
wsprintf(VMCodeLine,"%d: Pop64_Byte_push64",LineNUm);
VMCodeLine[22]=0x0D;
VMCodeLine[23]=0x0A;
VMCodeLine[24]=0;
WriteFile(hVMcode,VMCodeLine,25,&BytesWritten,NULL);
LineNUm++;
break;
case 6:
wsprintf(VMCodeLine,"%d: Pop64_push64_Byte",LineNUm);
VMCodeLine[23]=0x0D;
VMCodeLine[24]=0x0A;
VMCodeLine[25]=0;
WriteFile(hVMcode,VMCodeLine,26,&BytesWritten,NULL);
LineNUm++;
break;
case 7:
wsprintf(VMCodeLine,"%d: Pop64_push64_Word",LineNUm);
VMCodeLine[23]=0x0D;
VMCodeLine[24]=0x0A;
VMCodeLine[25]=0;
WriteFile(hVMcode,VMCodeLine,26,&BytesWritten,NULL);
LineNUm++;
break;
case 8:
wsprintf(VMCodeLine,"%d: Pop64_push64_DWord",LineNUm);
VMCodeLine[24]=0x0D;
VMCodeLine[25]=0x0A;
VMCodeLine[26]=0;
WriteFile(hVMcode,VMCodeLine,27,&BytesWritten,NULL);
LineNUm++;
break;
case 9:
VMdata=(buf1CRC32[i+4] << 24) | (buf1CRC32[i+1] << 16) | (buf1CRC32[i+2] << 8) | (buf1CRC32[i+3]);
wsprintf(VMCodeLine,"%d: Goto %8d",LineNUm,VMdata);
if (LineNUm<100)
{
VMCodeLine[18]=0x0D;
VMCodeLine[19]=0x0A;
VMCodeLine[20]=0;
WriteFile(hVMcode,VMCodeLine,21,&BytesWritten,NULL);
}
else if(LineNUm<1000)
{
VMCodeLine[19]=0x0D;
VMCodeLine[20]=0x0A;
VMCodeLine[21]=0;
WriteFile(hVMcode,VMCodeLine,22,&BytesWritten,NULL);
}
else
{
VMCodeLine[20]=0x0D;
VMCodeLine[21]=0x0A;
VMCodeLine[22]=0;
WriteFile(hVMcode,VMCodeLine,23,&BytesWritten,NULL);
}
i=i+4;
LineNUm++;
break;
case 0xA:
wsprintf(VMCodeLine,"%d: Pop64_pop64_Add_push64",LineNUm);
VMCodeLine[28]=0x0D;
VMCodeLine[29]=0x0A;
VMCodeLine[30]=0;
WriteFile(hVMcode,VMCodeLine,31,&BytesWritten,NULL);
LineNUm++;
break;
case 0xB:
wsprintf(VMCodeLine,"%d: Pop64_pop64_Mul_push64",LineNUm);
VMCodeLine[28]=0x0D;
VMCodeLine[29]=0x0A;
VMCodeLine[30]=0;
WriteFile(hVMcode,VMCodeLine,31,&BytesWritten,NULL);
LineNUm++;
break;
case 0xC:
wsprintf(VMCodeLine,"%d: Pop64_pop64_Div_push64",LineNUm);
VMCodeLine[28]=0x0D;
VMCodeLine[29]=0x0A;
VMCodeLine[30]=0;
WriteFile(hVMcode,VMCodeLine,31,&BytesWritten,NULL);
LineNUm++;
break;
case 0xD:
wsprintf(VMCodeLine,"%d: Pop64_pop64_And_push64",LineNUm);
VMCodeLine[27]=0x0D;
VMCodeLine[28]=0x0A;
VMCodeLine[29]=0;
WriteFile(hVMcode,VMCodeLine,30,&BytesWritten,NULL);
LineNUm++;
break;
case 0xE:
wsprintf(VMCodeLine,"%d: Pop64_pop64_Or_push64",LineNUm);
VMCodeLine[26]=0x0D;
VMCodeLine[27]=0x0A;
VMCodeLine[28]=0;
WriteFile(hVMcode,VMCodeLine,29,&BytesWritten,NULL);
LineNUm++;
break;
case 0xF:
wsprintf(VMCodeLine,"%d: Pop64_pop64_Xor_push64",LineNUm);
VMCodeLine[27]=0x0D;
VMCodeLine[28]=0x0A;
VMCodeLine[29]=0;
WriteFile(hVMcode,VMCodeLine,30,&BytesWritten,NULL);
LineNUm++;
break;
case 0x10:
wsprintf(VMCodeLine,"%d: Pop64_pop64_Shl_push64",LineNUm);
VMCodeLine[27]=0x0D;
VMCodeLine[28]=0x0A;
VMCodeLine[29]=0;
WriteFile(hVMcode,VMCodeLine,30,&BytesWritten,NULL);
LineNUm++;
break;
case 0x11:
wsprintf(VMCodeLine,"%d: Pop64_pop64_Shr_push64",LineNUm);
VMCodeLine[27]=0x0D;
VMCodeLine[28]=0x0A;
VMCodeLine[29]=0;
WriteFile(hVMcode,VMCodeLine,30,&BytesWritten,NULL);
LineNUm++;
break;
case 0x12:
wsprintf(VMCodeLine,"%d: Pop64_pop64_Sete_push64",LineNUm);
VMCodeLine[28]=0x0D;
VMCodeLine[29]=0x0A;
VMCodeLine[30]=0;
WriteFile(hVMcode,VMCodeLine,31,&BytesWritten,NULL);
LineNUm++;
break;
case 0x13:
wsprintf(VMCodeLine,"%d: Pop64_pop64_Setb_push64",LineNUm);
VMCodeLine[28]=0x0D;
VMCodeLine[29]=0x0A;
VMCodeLine[30]=0;
WriteFile(hVMcode,VMCodeLine,31,&BytesWritten,NULL);
LineNUm++;
break;
case 0x14:
wsprintf(VMCodeLine,"%d: Pop64_pop64_Setbe_push64",LineNUm);
VMCodeLine[29]=0x0D;
VMCodeLine[30]=0x0A;
VMCodeLine[31]=0;
WriteFile(hVMcode,VMCodeLine,32,&BytesWritten,NULL);
LineNUm++;
break;
default:
wsprintf(VMCodeLine,"%d: VMend",LineNUm);
VMCodeLine[11]=0x0D;
VMCodeLine[12]=0x0A;
VMCodeLine[13]=0;
WriteFile(hVMcode,VMCodeLine,14,&BytesWritten,NULL);
LineNUm++;
break;
}
}
CloseHandle(hVMcode);
}
下面是反汇编出来的虚拟机汇编代码,估计只有我一个人看得懂。:)
要想写注册机就得看懂上面的算法,我是一行一行看的,不知道有没有更好的办法,或许是去找作者要源码吧。:)代码:
BaseAddr:00127490
0: PUSH64 43 //index of pSerial
1: Pop64_push64 //压入pSerial
2: PUSH64 50
3: Pop64_pop64 //第一次pop的作index,第二次pop的作数据,保存数据
//00127710 E4 F4 12 00 00 00 00 00 漪......
4: PUSH64 50
5: Pop64_push64 //pop64_pop64的逆运算
6: Pop64_Byte_push64 //弹出pSerial,然后取一个byte,18,即注册码长度,压入堆栈
7: PUSH64 3f //即63
8: Pop64_pop64_Setbe_push64 //18<3F,al=1
9: PUSH64 0
10: Pop64_pop64_Sete_push64 //al=0
11: PUSH64 40 //比较的结果所存放地址的index
12: Pop64_pop64 //保存比较结果
13: PUSH64 50
14: Pop64_push64 //
15: Pop64_Byte_push64 //弹出pSerial,然后取一个byte,18,即注册码长度,压入堆栈
16: PUSH64 5d //保存长度18的index,
17: Pop64_pop64 //保存长度
18: PUSH64 50
19: Pop64_push64
20: Pop64_Byte_push64 //再次压入长度
21: PUSH64 51
22: Pop64_pop64 //保存长度
23: PUSH64 50
24: Pop64_push64 //压入pSerial
25: PUSH64 1
26: Pop64_pop64_Add_push64 //指针加1,pSerial+1,指向第一个字符
27: PUSH64 50
28: Pop64_pop64 //保存取出的字符
29: PUSH64 5d
30: PUSH64 1
31: Pop64_pop64_Add_push64 //5d+1=5E,压入5E
32: PUSH64 4f //index
33: Pop64_pop64 //保存5E到index(4F)处
34: PUSH64 50 //循环开始**************
35: Pop64_push64 //压入pSerial
36: Pop64_Byte_push64 //取第一个字符54'T'
37: PUSH64 4f
38: Pop64_push64 //5E保存到4F处
39: Pop64_pop64 //54'T'保存到5E处
40: PUSH64 4f
41: Pop64_push64
42: PUSH64 1
43: Pop64_pop64_Add_push64 //5E+1=5F
44: PUSH64 4f
45: Pop64_pop64 //5F保存到4F处
46: PUSH64 50
47: Pop64_push64
48: PUSH64 1
49: Pop64_pop64_Add_push64 //pSerial+2
50: PUSH64 50
51: Pop64_pop64 //保存指针到index50处
52: PUSH64 51
53: Pop64_push64
54: PUSH64 1
55: PUSH64 ffffffff
56: Pop64_pop64_Mul_push64 //1*FFFFFFFF=FFFFFFFF,
57: Pop64_pop64_Add_push64 //+(-1),18-1=17
58: PUSH64 51
59: Pop64_pop64 //保存17到51处
60: PUSH64 51
61: Pop64_push64 //取出长度17
62: PUSH64 0
63: Pop64_pop64_Setbe_push64 //长度到0了吗,17>0,al=0
64: PUSH64 0
65: Pop64_pop64_Sete_push64 //相等,al=1
66: Goto 34 //循环,就是jne**************
这个循环的结果:
%%%%%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+5D*8
00127778 18 00 00 00 00 00 00 00 .......
00127780 54 00 00 00 00 00 00 00 T.......
00127788 45 00 00 00 00 00 00 00 E.......
00127790 32 00 00 00 00 00 00 00 2.......
00127798 35 00 00 00 00 00 00 00 5.......
001277A0 2D 00 00 00 00 00 00 00 -.......
001277A8 50 00 00 00 00 00 00 00 P.......
001277B0 4B 00 00 00 00 00 00 00 K.......
001277B8 4E 00 00 00 00 00 00 00 N.......
001277C0 42 00 00 00 00 00 00 00 B.......
001277C8 2D 00 00 00 00 00 00 00 -.......
001277D0 4E 00 00 00 00 00 00 00 N.......
001277D8 50 00 00 00 00 00 00 00 P.......
001277E0 38 00 00 00 00 00 00 00 8.......
001277E8 50 00 00 00 00 00 00 00 P.......
001277F0 2D 00 00 00 00 00 00 00 -.......
001277F8 53 00 00 00 00 00 00 00 S.......
00127800 52 00 00 00 00 00 00 00 R.......
00127808 50 00 00 00 00 00 00 00 P.......
00127810 56 00 00 00 00 00 00 00 V.......
00127818 2D 00 00 00 00 00 00 00 -.......
00127820 53 00 00 00 00 00 00 00 S.......
00127828 46 00 00 00 00 00 00 00 F.......
00127830 57 00 00 00 00 00 00 00 W.......
00127838 36 00 00 00 00 00 00 00 6.......
00127840 00 00 00 00 00 00 00 00 ........
%%%%%%%%%%%%%%%%%%%%%%%%
67: PUSH64 5d
68: PUSH64 4f
69: Pop64_pop64 //保存5D到4F处
70: PUSH64 4f
71: Pop64_push64 //取出5D
72: PUSH64 1
73: Pop64_pop64_Add_push64 //5D+1=5E
74: Pop64_push64 //取出5E指向的数据,压入堆栈
75: PUSH64 4f
76: Pop64_push64 //取出4F指向的数据,压入堆栈
77: Pop64_push64 //取出5D指向数据0,压入堆栈
78: PUSH64 0
79: Pop64_pop64_Setbe_push64 //长度18>0,al=0
80: PUSH64 40
81: Pop64_pop64 //保存0到40处
82: PUSH64 2
83: PUSH64 51
84: Pop64_pop64 //保存2到51处
85: PUSH64 4f //@@@@@@@@@@@@@@@@@Loop begin
86: Pop64_push64
87: PUSH64 51
88: Pop64_push64
89: Pop64_pop64_Add_push64 //5D+2=5F
90: Pop64_push64 //取5F指向的字符45'E'
91: PUSH64 4f
92: Pop64_push64 //取出4F指向的5D,pSerial
93: PUSH64 51
94: Pop64_push64 //取出51指向的2,i
95: Pop64_pop64_Add_push64 //5D+2=5F
96: PUSH64 1
97: PUSH64 ffffffff
98: Pop64_pop64_Mul_push64
99: Pop64_pop64_Add_push64 //5F-1=5E
100: Pop64_pop64 //取出的字符45'E'保存到5E处,5F处移到5E处,后移
101: PUSH64 51
102: Pop64_push64
103: PUSH64 1
104: Pop64_pop64_Add_push64 //计数器i+1
105: PUSH64 51
106: Pop64_pop64 //保存计数器
107: PUSH64 51
108: Pop64_push64 //取出计数器
109: PUSH64 4f
110: Pop64_push64 //4F->5D
111: Pop64_push64 //5D->18
112: Pop64_pop64_Setbe_push64 //3<18,al=1
113: Goto 85 //@@@@@@@@@@@@@@@@@@@@Loop End
%%%%%%%%%%%%%%%%%%%%%%%%%%
循环之后:
00127778 18 00 00 00 00 00 00 00 .......
00127780 45 00 00 00 00 00 00 00 E.......
00127788 32 00 00 00 00 00 00 00 2.......
00127790 35 00 00 00 00 00 00 00 5.......
00127798 2D 00 00 00 00 00 00 00 -.......
001277A0 50 00 00 00 00 00 00 00 P.......
001277A8 4B 00 00 00 00 00 00 00 K.......
001277B0 4E 00 00 00 00 00 00 00 N.......
001277B8 42 00 00 00 00 00 00 00 B.......
001277C0 2D 00 00 00 00 00 00 00 -.......
001277C8 4E 00 00 00 00 00 00 00 N.......
001277D0 50 00 00 00 00 00 00 00 P.......
001277D8 38 00 00 00 00 00 00 00 8.......
001277E0 50 00 00 00 00 00 00 00 P.......
001277E8 2D 00 00 00 00 00 00 00 -.......
001277F0 53 00 00 00 00 00 00 00 S.......
001277F8 52 00 00 00 00 00 00 00 R.......
00127800 50 00 00 00 00 00 00 00 P.......
00127808 56 00 00 00 00 00 00 00 V.......
00127810 2D 00 00 00 00 00 00 00 -.......
00127818 53 00 00 00 00 00 00 00 S.......
00127820 46 00 00 00 00 00 00 00 F.......
00127828 57 00 00 00 00 00 00 00 W.......
00127830 36 00 00 00 00 00 00 00 6.......
00127838 36 00 00 00 00 00 00 00 6.......
%%%%%%%%%%%%%%%%%%%%%%%%%%
114: PUSH64 4f
115: Pop64_push64 //4F->5D
116: Pop64_push64 //5D->18
117: PUSH64 1
118: PUSH64 ffffffff
119: Pop64_pop64_Mul_push64
120: Pop64_pop64_Add_push64 //18-1=17
121: PUSH64 4f
122: Pop64_push64 //4F->5D
123: Pop64_pop64 //保存17到5D处
124: PUSH64 47
125: Pop64_pop64 //保存54到47处
126: PUSH64 5d
127: PUSH64 4f
128: Pop64_pop64 //保存5D到4F处
129: PUSH64 4f
130: Pop64_push64 //4F->5D
131: PUSH64 1
132: Pop64_pop64_Add_push64 //5D+1=5E
133: Pop64_push64 //5E指向的数据45'E'
134: PUSH64 4f
135: Pop64_push64 //4F->5D
136: Pop64_push64 //5D->长度17
137: PUSH64 0
138: Pop64_pop64_Setbe_push64 //17>0,al=0
139: PUSH64 40
140: Pop64_pop64 //保存0到40处
141: PUSH64 2
142: PUSH64 51
143: Pop64_pop64 //保存2到51处
144: PUSH64 4f //@@@@@@@@@@@@@@@Loop begin
145: Pop64_push64 //4F->5D
146: PUSH64 51
147: Pop64_push64 //取出计数器i(2)
148: Pop64_pop64_Add_push64 //5D+2=5F
149: Pop64_push64 //取出5F指向的字符32'2'
150: PUSH64 4f
151: Pop64_push64 //4F->5D
152: PUSH64 51
153: Pop64_push64 //取出计数器i(2)
154: Pop64_pop64_Add_push64 //5D+2=5F
155: PUSH64 1
156: PUSH64 ffffffff
157: Pop64_pop64_Mul_push64
158: Pop64_pop64_Add_push64 //5F-1=5E
159: Pop64_pop64
160: PUSH64 51
161: Pop64_push64
162: PUSH64 1
163: Pop64_pop64_Add_push64 //i+1
164: PUSH64 51
165: Pop64_pop64
166: PUSH64 51
167: Pop64_push64
168: PUSH64 4f
169: Pop64_push64
170: Pop64_push64
171: Pop64_pop64_Setbe_push64 //3<17,al=1
172: Goto 144 @@@@@@@@@@@@@@@@@@@@Loop End
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
循环后的结果:
00127778 17 00 00 00 00 00 00 00 .......
00127780 32 00 00 00 00 00 00 00 2.......
00127788 35 00 00 00 00 00 00 00 5.......
00127790 2D 00 00 00 00 00 00 00 -.......
00127798 50 00 00 00 00 00 00 00 P.......
001277A0 4B 00 00 00 00 00 00 00 K.......
001277A8 4E 00 00 00 00 00 00 00 N.......
001277B0 42 00 00 00 00 00 00 00 B.......
001277B8 2D 00 00 00 00 00 00 00 -.......
001277C0 4E 00 00 00 00 00 00 00 N.......
001277C8 50 00 00 00 00 00 00 00 P.......
001277D0 38 00 00 00 00 00 00 00 8.......
001277D8 50 00 00 00 00 00 00 00 P.......
001277E0 2D 00 00 00 00 00 00 00 -.......
001277E8 53 00 00 00 00 00 00 00 S.......
001277F0 52 00 00 00 00 00 00 00 R.......
001277F8 50 00 00 00 00 00 00 00 P.......
00127800 56 00 00 00 00 00 00 00 V.......
00127808 2D 00 00 00 00 00 00 00 -.......
00127810 53 00 00 00 00 00 00 00 S.......
00127818 46 00 00 00 00 00 00 00 F.......
00127820 57 00 00 00 00 00 00 00 W.......
00127828 36 00 00 00 00 00 00 00 6.......
00127830 36 00 00 00 00 00 00 00 6.......
00127838 36 00 00 00 00 00 00 00 6.......
00127840 00 00 00 00 00 00 00 00 ........
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
173: PUSH64 4f
174: Pop64_push64
175: Pop64_push64
176: PUSH64 1
177: PUSH64 ffffffff
178: Pop64_pop64_Mul_push64
179: Pop64_pop64_Add_push64
180: PUSH64 4f
181: Pop64_push64
182: Pop64_pop64
183: PUSH64 48 //
184: Pop64_pop64 //保存到48处
185: PUSH64 5d
186: PUSH64 4f
187: Pop64_pop64
188: PUSH64 4f
189: Pop64_push64
190: PUSH64 1
191: Pop64_pop64_Add_push64
192: Pop64_push64
193: PUSH64 4f
194: Pop64_push64
195: Pop64_push64
196: PUSH64 0
197: Pop64_pop64_Setbe_push64
198: PUSH64 40
199: Pop64_pop64
200: PUSH64 2
201: PUSH64 51
202: Pop64_pop64
203: PUSH64 4f //@@@@@@@@@@@@@@Loop Begin
204: Pop64_push64
205: PUSH64 51
206: Pop64_push64
207: Pop64_pop64_Add_push64
208: Pop64_push64
209: PUSH64 4f
210: Pop64_push64
211: PUSH64 51
212: Pop64_push64
213: Pop64_pop64_Add_push64
214: PUSH64 1
215: PUSH64 ffffffff
216: Pop64_pop64_Mul_push64
217: Pop64_pop64_Add_push64
218: Pop64_pop64
219: PUSH64 51
220: Pop64_push64
221: PUSH64 1
222: Pop64_pop64_Add_push64
223: PUSH64 51
224: Pop64_pop64
225: PUSH64 51
226: Pop64_push64
227: PUSH64 4f
228: Pop64_push64
229: Pop64_push64
230: Pop64_pop64_Setbe_push64
231: Goto 203 @@@@@@@@@@@@@@Loop End
//这个循环和上面那段循环相同
%%%%%%%%%%%%%%%%%%%%%%%%%%
00127778 16 00 00 00 00 00 00 00 .......
00127780 35 00 00 00 00 00 00 00 5.......
00127788 2D 00 00 00 00 00 00 00 -.......
00127790 50 00 00 00 00 00 00 00 P.......
00127798 4B 00 00 00 00 00 00 00 K.......
001277A0 4E 00 00 00 00 00 00 00 N.......
001277A8 42 00 00 00 00 00 00 00 B.......
001277B0 2D 00 00 00 00 00 00 00 -.......
001277B8 4E 00 00 00 00 00 00 00 N.......
001277C0 50 00 00 00 00 00 00 00 P.......
001277C8 38 00 00 00 00 00 00 00 8.......
001277D0 50 00 00 00 00 00 00 00 P.......
001277D8 2D 00 00 00 00 00 00 00 -.......
001277E0 53 00 00 00 00 00 00 00 S.......
001277E8 52 00 00 00 00 00 00 00 R.......
001277F0 50 00 00 00 00 00 00 00 P.......
001277F8 56 00 00 00 00 00 00 00 V.......
00127800 2D 00 00 00 00 00 00 00 -.......
00127808 53 00 00 00 00 00 00 00 S.......
00127810 46 00 00 00 00 00 00 00 F.......
00127818 57 00 00 00 00 00 00 00 W.......
00127820 36 00 00 00 00 00 00 00 6.......
00127828 36 00 00 00 00 00 00 00 6.......
00127830 36 00 00 00 00 00 00 00 6.......
00127838 36 00 00 00 00 00 00 00 6.......
00127840 00 00 00 00 00 00 00 00 ........
%%%%%%%%%%%%%%%%%%%%%%%%%%%
232: PUSH64 4f
233: Pop64_push64
234: Pop64_push64
235: PUSH64 1
236: PUSH64 ffffffff
237: Pop64_pop64_Mul_push64
238: Pop64_pop64_Add_push64
239: PUSH64 4f
240: Pop64_push64
241: Pop64_pop64 //15保存到5D处
242: PUSH64 30
243: PUSH64 ffffffff
244: Pop64_pop64_Mul_push64
-30
00125398 FFFFFFD0
0012539C FFFFFFFF
245: Pop64_pop64_Add_push64 //32-30=2
246: PUSH64_2 //取出栈顶数据,压入
247: PUSH64 0
248: Pop64_pop64_Setb_push64 //2>0,al=0
249: PUSH64 0
250: Pop64_pop64_Sete_push64 //0=0,al=1
251: PUSH64 0
252: Pop64_pop64_Sete_push64 //1!=0,al=0
253: PUSH64 40
254: Pop64_pop64 //结果0保存到40处
255: PUSH64_2
256: PUSH64 9 //再与9相比较
257: Pop64_pop64_Setbe_push64 //2<9,al=1
258: PUSH64 0
259: Pop64_pop64_Sete_push64 //1!=0,al=0
260: PUSH64 40
261: Pop64_pop64 //结果0保存到40处
262: PUSH64 a
263: Pop64_pop64_Mul_push64 //2*10
264: PUSH64 5d
265: PUSH64 4f
266: Pop64_pop64 //4F->5D
267: PUSH64 4f
268: Pop64_push64 //取出5D
269: PUSH64 1
270: Pop64_pop64_Add_push64 //5D+1=5E
271: Pop64_push64 //取出5E指向的字符35'5'
272: PUSH64 4f
273: Pop64_push64 //4F->5D
274: Pop64_push64 //5D->长度15
275: PUSH64 0
276: Pop64_pop64_Setbe_push64 //15>0,al=0
277: PUSH64 40
278: Pop64_pop64 //保存到40处
279: PUSH64 2
280: PUSH64 51
281: Pop64_pop64
282: PUSH64 4f //@@@@@@@@@@@Loop begin
283: Pop64_push64
284: PUSH64 51
285: Pop64_push64
286: Pop64_pop64_Add_push64
287: Pop64_push64
288: PUSH64 4f
289: Pop64_push64
290: PUSH64 51
291: Pop64_push64
292: Pop64_pop64_Add_push64
293: PUSH64 1
294: PUSH64 ffffffff
295: Pop64_pop64_Mul_push64
296: Pop64_pop64_Add_push64
297: Pop64_pop64
298: PUSH64 51
299: Pop64_push64
300: PUSH64 1
301: Pop64_pop64_Add_push64
302: PUSH64 51
303: Pop64_pop64
304: PUSH64 51
305: Pop64_push64
306: PUSH64 4f
307: Pop64_push64
308: Pop64_push64
309: Pop64_pop64_Setbe_push64
310: Goto 282 //Loop END
//同上
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
00127778 15 00 00 00 00 00 00 00 .......
00127780 2D 00 00 00 00 00 00 00 -.......
00127788 50 00 00 00 00 00 00 00 P.......
00127790 4B 00 00 00 00 00 00 00 K.......
00127798 4E 00 00 00 00 00 00 00 N.......
001277A0 42 00 00 00 00 00 00 00 B.......
001277A8 2D 00 00 00 00 00 00 00 -.......
001277B0 4E 00 00 00 00 00 00 00 N.......
001277B8 50 00 00 00 00 00 00 00 P.......
001277C0 38 00 00 00 00 00 00 00 8.......
001277C8 50 00 00 00 00 00 00 00 P.......
001277D0 2D 00 00 00 00 00 00 00 -.......
001277D8 53 00 00 00 00 00 00 00 S.......
001277E0 52 00 00 00 00 00 00 00 R.......
001277E8 50 00 00 00 00 00 00 00 P.......
001277F0 56 00 00 00 00 00 00 00 V.......
001277F8 2D 00 00 00 00 00 00 00 -.......
00127800 53 00 00 00 00 00 00 00 S.......
00127808 46 00 00 00 00 00 00 00 F.......
00127810 57 00 00 00 00 00 00 00 W.......
00127818 36 00 00 00 00 00 00 00 6.......
00127820 36 00 00 00 00 00 00 00 6.......
00127828 36 00 00 00 00 00 00 00 6.......
00127830 36 00 00 00 00 00 00 00 6.......
00127838 36 00 00 00 00 00 00 00 6.......
00127840 00 00 00 00 00 00 00 00 ........
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
311: PUSH64 4f
312: Pop64_push64
313: Pop64_push64
314: PUSH64 1
315: PUSH64 ffffffff
316: Pop64_pop64_Mul_push64
317: Pop64_pop64_Add_push64
318: PUSH64 4f
319: Pop64_push64
320: Pop64_pop64
321: PUSH64 30
322: PUSH64 ffffffff
323: Pop64_pop64_Mul_push64
324: Pop64_pop64_Add_push64
325: PUSH64_2
326: PUSH64 0
327: Pop64_pop64_Setb_push64
328: PUSH64 0
329: Pop64_pop64_Sete_push64
330: PUSH64 0
331: Pop64_pop64_Sete_push64
332: PUSH64 40
333: Pop64_pop64
334: PUSH64_2
335: PUSH64 9
336: Pop64_pop64_Setbe_push64
337: PUSH64 0
338: Pop64_pop64_Sete_push64
339: PUSH64 40
340: Pop64_pop64 //上面一段同上,看是否在数字0-9之间
341: Pop64_pop64_Add_push64 //20+5=25(0x19)
342: PUSH64 49
343: Pop64_pop64 //保存到49处
//d ebp+0FFFF7FE0+47*8
001276C8 54 00 00 00 00 00 00 00 45 00 00 00 00 00 00 00 T.......E.......
001276D8 19 00 00 00 00 00 00 00 .......
344: PUSH64 47 //
345: Pop64_push64 //取出47指向的字符54'T'
346: PUSH64 48
347: Pop64_push64 //取出48指向的字符45'E'
348: Pop64_pop64_Mul_push64 //54*45=16A4
349: PUSH64 49
350: Pop64_push64 //取出版本号19
351: PUSH64 1
352: Pop64_pop64_Add_push64 //19+1=1A
353: Pop64_pop64_Mul_push64 //16A4*1A=24CA8
354: PUSH64 56
355: Pop64_pop64 //保存到56处
356: PUSH64 dd
357: PUSH64 1
358: Pop64_pop64_Add_push64 //DD+1=DE
359: PUSH64 4f
360: Pop64_pop64 //DE保存到4F处
361: PUSH64 41
362: PUSH64 51
363: Pop64_pop64 //41保存到51处
364: PUSH64 51 //@@@@@@@@@@@@@@Loop Begin
365: Pop64_push64 //取出51->41
366: PUSH64 4f
367: Pop64_push64 //4F->DE
368: Pop64_pop64 //41保存到DE处
369: PUSH64 4f
370: Pop64_push64 //4F->DE
371: PUSH64 1
372: Pop64_pop64_Add_push64 //DE+1=DF
373: PUSH64 4f
374: Pop64_pop64 //DF保存到4F处
375: PUSH64 51
376: Pop64_push64 //51->41
377: PUSH64 1
378: Pop64_pop64_Add_push64 //41+1=42
379: PUSH64 51
380: Pop64_pop64 //42保存到51处
381: PUSH64 51
382: Pop64_push64 //取出51->42
383: PUSH64 5a //
384: Pop64_pop64_Setbe_push64 //42<5A,al=1
385: Goto 364 //@@@@@@@@@@@@@@@Loop End
//5A即字符Z,41即字符A
%%%%%%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+0DE*8
00127B80 41 00 00 00 00 00 00 00 42 00 00 00 00 00 00 00 A.......B.......
00127B90 43 00 00 00 00 00 00 00 44 00 00 00 00 00 00 00 C.......D.......
00127BA0 45 00 00 00 00 00 00 00 46 00 00 00 00 00 00 00 E.......F.......
00127BB0 47 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 G.......H.......
00127BC0 49 00 00 00 00 00 00 00 4A 00 00 00 00 00 00 00 I.......J.......
00127BD0 4B 00 00 00 00 00 00 00 4C 00 00 00 00 00 00 00 K.......L.......
00127BE0 4D 00 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 M.......N.......
00127BF0 4F 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00 O.......P.......
00127C00 51 00 00 00 00 00 00 00 52 00 00 00 00 00 00 00 Q.......R.......
00127C10 53 00 00 00 00 00 00 00 54 00 00 00 00 00 00 00 S.......T.......
00127C20 55 00 00 00 00 00 00 00 56 00 00 00 00 00 00 00 U.......V.......
00127C30 57 00 00 00 00 00 00 00 58 00 00 00 00 00 00 00 W.......X.......
00127C40 59 00 00 00 00 00 00 00 5A 00 00 00 00 00 00 00 Y.......Z.......
00127C50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
%%%%%%%%%%%%%%%%%%%%%%%%%
386: PUSH64 32
387: PUSH64 51
388: Pop64_pop64 //32保存到51处
389: PUSH64 51 //@@@@@@@@@@@@@Loop Begin
390: Pop64_push64
391: PUSH64 4f
392: Pop64_push64 //4F指向F8,F8-DE=1A(26)
393: Pop64_pop64
394: PUSH64 4f
395: Pop64_push64
396: PUSH64 1
397: Pop64_pop64_Add_push64 //F8+1=F9
398: PUSH64 4f
399: Pop64_pop64
400: PUSH64 51
401: Pop64_push64
402: PUSH64 1
403: Pop64_pop64_Add_push64 //32+1=33
404: PUSH64 51
405: Pop64_pop64
406: PUSH64 51
407: Pop64_push64
408: PUSH64 39
409: Pop64_pop64_Setbe_push64 //33<39,al=1
410: Goto 389 //@@@@@@@@@@@@@@loop end
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+0DE*8
00127B80 41 00 00 00 00 00 00 00 42 00 00 00 00 00 00 00 A.......B.......
00127B90 43 00 00 00 00 00 00 00 44 00 00 00 00 00 00 00 C.......D.......
00127BA0 45 00 00 00 00 00 00 00 46 00 00 00 00 00 00 00 E.......F.......
00127BB0 47 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 G.......H.......
00127BC0 49 00 00 00 00 00 00 00 4A 00 00 00 00 00 00 00 I.......J.......
00127BD0 4B 00 00 00 00 00 00 00 4C 00 00 00 00 00 00 00 K.......L.......
00127BE0 4D 00 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 M.......N.......
00127BF0 4F 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00 O.......P.......
00127C00 51 00 00 00 00 00 00 00 52 00 00 00 00 00 00 00 Q.......R.......
00127C10 53 00 00 00 00 00 00 00 54 00 00 00 00 00 00 00 S.......T.......
00127C20 55 00 00 00 00 00 00 00 56 00 00 00 00 00 00 00 U.......V.......
00127C30 57 00 00 00 00 00 00 00 58 00 00 00 00 00 00 00 W.......X.......
00127C40 59 00 00 00 00 00 00 00 5A 00 00 00 00 00 00 00 Y.......Z.......
00127C50 32 00 00 00 00 00 00 00 33 00 00 00 00 00 00 00 2.......3.......
00127C60 34 00 00 00 00 00 00 00 35 00 00 00 00 00 00 00 4.......5.......
00127C70 36 00 00 00 00 00 00 00 37 00 00 00 00 00 00 00 6.......7.......
00127C80 38 00 00 00 00 00 00 00 39 00 00 00 00 00 00 00 8.......9.......
00127C90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
411: PUSH64 dd
412: PUSH64 1
413: Pop64_pop64_Add_push64 //DD+1=DE
414: PUSH64 4f
415: Pop64_pop64 //DE保存到4F处
416: PUSH64 11d
417: PUSH64 1
418: Pop64_pop64_Add_push64 //11D+1=11E
419: PUSH64 50
420: Pop64_pop64 //11E保存到50处
421: PUSH64 0
422: PUSH64 51
423: Pop64_pop64 //0保存到51处
424: PUSH64 56 //@@@@@@@@@@@@Loop begin 1
425: Pop64_push64 //56->0024CA8
426: PUSH64 3
427: Pop64_pop64_And_push64 //0024CA8 and 3=0
428: PUSH64 51
429: Pop64_push64 //51->0
430: Pop64_pop64_Mul_push64 //0*0=0
431: PUSH64 98b2
432: Pop64_pop64_Xor_push64 //0 Xor 98B2=98B2
433: PUSH64 57
434: Pop64_pop64 //98B2保存到57处
435: PUSH64 56
436: Pop64_push64
437: PUSH64 2
438: Pop64_pop64_Shr_push64 //00024CA8 >> 2=0000932A
439: PUSH64 56
440: Pop64_push64
441: PUSH64 3
442: Pop64_pop64_And_push64 //0024CA8 and 3=0
443: PUSH64 17
444: Pop64_pop64_Shl_push64 // 0 << 17=0
445: Pop64_pop64_Or_push64 //932A or 0=932A
446: PUSH64 56
447: Pop64_pop64 //932A保存到56处
448: PUSH64 0
449: PUSH64 52
450: Pop64_pop64 //0保存到52处
451: PUSH64 52 //@@@@@@@@@@@@@@Loop begin2
452: Pop64_push64 //取出52处的0
453: PUSH64 57
454: Pop64_push64 //取出57处的98B2
455: Pop64_pop64_Add_push64 //0+98B2=98B2
456: PUSH64_2 //压入栈顶的98B2
457: PUSH64 22
458: Pop64_pop64_Div_push64 //98B2/22=47D,余数98B2-22*47D=18,保存商47D
459: PUSH64 22
460: Pop64_pop64_Mul_push64 //47D*22=0000989A
461: PUSH64 ffffffff
462: Pop64_pop64_Mul_push64
463: Pop64_pop64_Add_push64 //98B2-989A=18,得到余数
464: PUSH64 58
465: Pop64_pop64 //余数保存到58处
466: PUSH64 58
467: Pop64_push64 //取出58指向的余数18
468: PUSH64 50
469: Pop64_push64 //取出50指向的余数11E
470: Pop64_pop64_Add_push64 //11E+18=136
471: Pop64_push64 //取出136指向的值
d ebp+0FFFF7FE0+136*8
00127E40 00 00 00 00 00 00 00 00 ........
472: PUSH64 0
473: Pop64_pop64_Sete_push64 //al=1
474: PUSH64 0
475: Pop64_pop64_Sete_push64 //al=0
476: Goto 493 //jne,没跳
477: PUSH64 51
478: Pop64_push64 //51指向00,01
479: PUSH64 4f
480: Pop64_push64 //4F指向DE
481: Pop64_pop64_Add_push64 //00+DE=DE
482: Pop64_push64 //取出DE处的41'A'
483: PUSH64 58
484: Pop64_push64 //取出58处的18,余数
485: PUSH64 50
486: Pop64_push64 //取出58处的11E
487: Pop64_pop64_Add_push64 //11E+18=136
488: Pop64_pop64 //保存41'A'到136
489: PUSH64 0
490: PUSH64 0
491: Pop64_pop64_Sete_push64 //0=0,al=1
492: Goto 504 //jne,跳出内层循环
493: PUSH64 52
494: Pop64_push64
495: PUSH64 1
496: Pop64_pop64_Add_push64
497: PUSH64 52
498: Pop64_pop64
499: PUSH64 52
500: Pop64_push64
501: PUSH64 22
502: Pop64_pop64_Setb_push64
503: Goto 451 //@@@@@@@@@@@@@@loop end 2
504: PUSH64 51
505: Pop64_push64 //取出51处的计数器i
506: PUSH64 1
507: Pop64_pop64_Add_push64 //i+1
508: PUSH64 51
509: Pop64_pop64 //保存i
510: PUSH64 51
511: Pop64_push64
512: PUSH64 22 //计数器的上限,34=26+8
513: Pop64_pop64_Setb_push64
514: Goto 424 //@@@@@@@@@@@@@@loop end 1
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
00127D80 4E 00 00 00 00 00 00 00 N.......
00127D88 46 00 00 00 00 00 00 00 F.......
00127D90 4F 00 00 00 00 00 00 00 O.......
00127D98 50 00 00 00 00 00 00 00 P.......
00127DA0 52 00 00 00 00 00 00 00 R.......
00127DA8 54 00 00 00 00 00 00 00 T.......
00127DB0 53 00 00 00 00 00 00 00 S.......
00127DB8 55 00 00 00 00 00 00 00 U.......
00127DC0 49 00 00 00 00 00 00 00 I.......
00127DC8 51 00 00 00 00 00 00 00 Q.......
00127DD0 57 00 00 00 00 00 00 00 W.......
00127DD8 58 00 00 00 00 00 00 00 X.......
00127DE0 59 00 00 00 00 00 00 00 Y.......
00127DE8 56 00 00 00 00 00 00 00 V.......
00127DF0 5A 00 00 00 00 00 00 00 Z.......
00127DF8 32 00 00 00 00 00 00 00 2.......
00127E00 33 00 00 00 00 00 00 00 3.......
00127E08 35 00 00 00 00 00 00 00 5.......
00127E10 34 00 00 00 00 00 00 00 4.......
00127E18 36 00 00 00 00 00 00 00 6.......
00127E20 37 00 00 00 00 00 00 00 7.......
00127E28 38 00 00 00 00 00 00 00 8.......
00127E30 42 00 00 00 00 00 00 00 B.......
00127E38 39 00 00 00 00 00 00 00 9.......
00127E40 41 00 00 00 00 00 00 00 A.......
00127E48 45 00 00 00 00 00 00 00 E.......
00127E50 44 00 00 00 00 00 00 00 D.......
00127E58 47 00 00 00 00 00 00 00 G.......
00127E60 43 00 00 00 00 00 00 00 C.......
00127E68 48 00 00 00 00 00 00 00 H.......
00127E70 4A 00 00 00 00 00 00 00 J.......
00127E78 4B 00 00 00 00 00 00 00 K.......
00127E80 4C 00 00 00 00 00 00 00 L.......
00127E88 4D 00 00 00 00 00 00 00 M.......
00127E90 00 00 00 00 00 00 00 00 ........
11E+余数作index
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
515: PUSH64 5d
516: PUSH64 4f
517: Pop64_pop64 //5D保存到4F处
518: PUSH64 4f
519: Pop64_push64
520: PUSH64 1
521: Pop64_pop64_Add_push64 //5D+1=5E
522: Pop64_push64
523: PUSH64 4f
524: Pop64_push64 //4F->5D
525: Pop64_push64 //5D->14
526: PUSH64 0
527: Pop64_pop64_Setbe_push64 //14>0,al=0
528: PUSH64 40
529: Pop64_pop64 //保存0到40处
530: PUSH64 2
531: PUSH64 51
532: Pop64_pop64 //2保存到51
533: PUSH64 4f //@@@@@@@@@@@@@Loop begin
534: Pop64_push64 //取出4F->5D
535: PUSH64 51
536: Pop64_push64 //取出51->02
537: Pop64_pop64_Add_push64 //5D+02=5F
538: Pop64_push64
539: PUSH64 4f
540: Pop64_push64
541: PUSH64 51
542: Pop64_push64
543: Pop64_pop64_Add_push64
544: PUSH64 1
545: PUSH64 ffffffff
546: Pop64_pop64_Mul_push64
547: Pop64_pop64_Add_push64 ;5F-1=5E
548: Pop64_pop64 ;50'p'存入5E
549: PUSH64 51
550: Pop64_push64
551: PUSH64 1
552: Pop64_pop64_Add_push64
553: PUSH64 51
554: Pop64_pop64
555: PUSH64 51
556: Pop64_push64
557: PUSH64 4f
558: Pop64_push64
559: Pop64_push64
560: Pop64_pop64_Setbe_push64
561: Goto 533 //@@@@@@@@@@@@@Loop end
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+5D*8
00127778 14 00 00 00 00 00 00 00 .......
00127780 50 00 00 00 00 00 00 00 P.......
00127788 4B 00 00 00 00 00 00 00 K.......
00127790 4E 00 00 00 00 00 00 00 N.......
00127798 42 00 00 00 00 00 00 00 B.......
001277A0 2D 00 00 00 00 00 00 00 -.......
001277A8 4E 00 00 00 00 00 00 00 N.......
001277B0 50 00 00 00 00 00 00 00 P.......
001277B8 38 00 00 00 00 00 00 00 8.......
001277C0 50 00 00 00 00 00 00 00 P.......
001277C8 2D 00 00 00 00 00 00 00 -.......
001277D0 53 00 00 00 00 00 00 00 S.......
001277D8 52 00 00 00 00 00 00 00 R.......
001277E0 50 00 00 00 00 00 00 00 P.......
001277E8 56 00 00 00 00 00 00 00 V.......
001277F0 2D 00 00 00 00 00 00 00 -.......
001277F8 53 00 00 00 00 00 00 00 S.......
00127800 46 00 00 00 00 00 00 00 F.......
00127808 57 00 00 00 00 00 00 00 W.......
00127810 36 00 00 00 00 00 00 00 6.......
00127818 36 00 00 00 00 00 00 00 6.......
00127820 36 00 00 00 00 00 00 00 6.......
00127828 36 00 00 00 00 00 00 00 6.......
00127830 36 00 00 00 00 00 00 00 6.......
00127838 36 00 00 00 00 00 00 00 6.......
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
562: PUSH64 4f
563: Pop64_push64 //4F->5D
564: Pop64_push64 //5D->长度14
565: PUSH64 1
566: PUSH64 ffffffff
567: Pop64_pop64_Mul_push64
568: Pop64_pop64_Add_push64
569: PUSH64 4f
570: Pop64_push64
571: Pop64_pop64 //保存长度13到5D
572: PUSH64 2d
573: Pop64_pop64_Sete_push64 //20=20,al=01
574: PUSH64 0
575: Pop64_pop64_Sete_push64 //al=0
576: PUSH64 40
577: Pop64_pop64 //保存到40
578: PUSH64 9d
579: PUSH64 4f
580: Pop64_pop64 //9D保存到4F
581: PUSH64 0
582: PUSH64 4f
583: Pop64_push64 //取4F处的9D
584: Pop64_pop64 //0存入到9D
585: PUSH64 5d
586: PUSH64 4f
587: Pop64_pop64 //5D存入4F处
588: PUSH64 4f
589: Pop64_push64
590: PUSH64 1
591: Pop64_pop64_Add_push64 //5D+1=5E
592: Pop64_push64 //取出5E指向的50'P'
593: PUSH64 4f
594: Pop64_push64
595: Pop64_push64
596: PUSH64 0
597: Pop64_pop64_Setbe_push64
598: PUSH64 40
599: Pop64_pop64
600: PUSH64 2
601: PUSH64 51
602: Pop64_pop64
603: PUSH64 4f //@@@@@@@@@@@@@@@Loop Begin
604: Pop64_push64
605: PUSH64 51
606: Pop64_push64
607: Pop64_pop64_Add_push64
608: Pop64_push64
609: PUSH64 4f
610: Pop64_push64
611: PUSH64 51
612: Pop64_push64
613: Pop64_pop64_Add_push64
614: PUSH64 1
615: PUSH64 ffffffff
616: Pop64_pop64_Mul_push64
617: Pop64_pop64_Add_push64
618: Pop64_pop64
619: PUSH64 51
620: Pop64_push64
621: PUSH64 1
622: Pop64_pop64_Add_push64
623: PUSH64 51
624: Pop64_pop64
625: PUSH64 51
626: Pop64_push64
627: PUSH64 4f
628: Pop64_push64
629: Pop64_push64
630: Pop64_pop64_Setbe_push64
631: Goto 603 //@@@@@@@@@@@@@@@Loop end
%%%%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+5D*8
00127778 13 00 00 00 00 00 00 00 .......
00127780 4B 00 00 00 00 00 00 00 K.......
00127788 4E 00 00 00 00 00 00 00 N.......
00127790 42 00 00 00 00 00 00 00 B.......
00127798 2D 00 00 00 00 00 00 00 -.......
001277A0 4E 00 00 00 00 00 00 00 N.......
001277A8 50 00 00 00 00 00 00 00 P.......
001277B0 38 00 00 00 00 00 00 00 8.......
001277B8 50 00 00 00 00 00 00 00 P.......
001277C0 2D 00 00 00 00 00 00 00 -.......
001277C8 53 00 00 00 00 00 00 00 S.......
001277D0 52 00 00 00 00 00 00 00 R.......
001277D8 50 00 00 00 00 00 00 00 P.......
001277E0 56 00 00 00 00 00 00 00 V.......
001277E8 2D 00 00 00 00 00 00 00 -.......
001277F0 53 00 00 00 00 00 00 00 S.......
001277F8 46 00 00 00 00 00 00 00 F.......
00127800 57 00 00 00 00 00 00 00 W.......
00127808 36 00 00 00 00 00 00 00 6.......
00127810 36 00 00 00 00 00 00 00 6.......
00127818 36 00 00 00 00 00 00 00 6.......
00127820 36 00 00 00 00 00 00 00 6.......
00127828 36 00 00 00 00 00 00 00 6.......
00127830 36 00 00 00 00 00 00 00 6.......
00127838 36 00 00 00 00 00 00 00 6.......
00127840 00 00 00 00 00 00 00 00 ........
%%%%%%%%%%%%%%%%%%%%%%%
632: PUSH64 4f
633: Pop64_push64
634: Pop64_push64
635: PUSH64 1
636: PUSH64 ffffffff
637: Pop64_pop64_Mul_push64
638: Pop64_pop64_Add_push64
639: PUSH64 4f
640: Pop64_push64
641: Pop64_pop64 //保存长度12到5D
642: PUSH64 9d
643: PUSH64 4f
644: Pop64_pop64 //保存9D到4F
645: PUSH64 4f
646: Pop64_push64 //4F->9D
647: Pop64_push64 //9D->00
648: PUSH64 1
649: Pop64_pop64_Add_push64 //00+01=01
650: PUSH64 4f
651: Pop64_push64
652: Pop64_pop64 //保存01到9D
653: PUSH64 4f
654: Pop64_push64
655: PUSH64 4f
656: Pop64_push64 //保存9D到4F
657: Pop64_push64 //保存01到9D
658: Pop64_pop64_Add_push64 //9D+1=9E
659: Pop64_pop64 //保存1到9E
660: PUSH64 5d
661: PUSH64 4f
662: Pop64_pop64 //把5D存入4F
663: PUSH64 4f
664: Pop64_push64
665: PUSH64 1
666: Pop64_pop64_Add_push64 //5D+1=5E
667: Pop64_push64 //取5E指向的字符4B'K'
668: PUSH64 4f
669: Pop64_push64
670: Pop64_push64
671: PUSH64 0
672: Pop64_pop64_Setbe_push64
673: PUSH64 40
674: Pop64_pop64
675: PUSH64 2
676: PUSH64 51
677: Pop64_pop64
678: PUSH64 4f //@@@@@@@@@@@@@@@loop begin
679: Pop64_push64
680: PUSH64 51
681: Pop64_push64
682: Pop64_pop64_Add_push64
683: Pop64_push64
684: PUSH64 4f
685: Pop64_push64
686: PUSH64 51
687: Pop64_push64
688: Pop64_pop64_Add_push64
689: PUSH64 1
690: PUSH64 ffffffff
691: Pop64_pop64_Mul_push64
692: Pop64_pop64_Add_push64
693: Pop64_pop64
694: PUSH64 51
695: Pop64_push64
696: PUSH64 1
697: Pop64_pop64_Add_push64
698: PUSH64 51
699: Pop64_pop64
700: PUSH64 51
701: Pop64_push64
702: PUSH64 4f
703: Pop64_push64
704: Pop64_push64
705: Pop64_pop64_Setbe_push64
706: Goto 678 //@@@@@@@@@@@@@@@loop end
%%%%%%%%%%%%%%%%%%%%%%%%%%%%
00127778 12 00 00 00 00 00 00 00 .......
00127780 4E 00 00 00 00 00 00 00 N.......
00127788 42 00 00 00 00 00 00 00 B.......
00127790 2D 00 00 00 00 00 00 00 -.......
00127798 4E 00 00 00 00 00 00 00 N.......
001277A0 50 00 00 00 00 00 00 00 P.......
001277A8 38 00 00 00 00 00 00 00 8.......
001277B0 50 00 00 00 00 00 00 00 P.......
001277B8 2D 00 00 00 00 00 00 00 -.......
001277C0 53 00 00 00 00 00 00 00 S.......
001277C8 52 00 00 00 00 00 00 00 R.......
001277D0 50 00 00 00 00 00 00 00 P.......
001277D8 56 00 00 00 00 00 00 00 V.......
001277E0 2D 00 00 00 00 00 00 00 -.......
001277E8 53 00 00 00 00 00 00 00 S.......
001277F0 46 00 00 00 00 00 00 00 F.......
001277F8 57 00 00 00 00 00 00 00 W.......
00127800 36 00 00 00 00 00 00 00 6.......
00127808 36 00 00 00 00 00 00 00 6.......
00127810 36 00 00 00 00 00 00 00 6.......
00127818 36 00 00 00 00 00 00 00 6.......
00127820 36 00 00 00 00 00 00 00 6.......
00127828 36 00 00 00 00 00 00 00 6.......
00127830 36 00 00 00 00 00 00 00 6.......
00127838 36 00 00 00 00 00 00 00 6.......
00127840 00 00 00 00 00 00 00 00 ........
%%%%%%%%%%%%%%%%%%%%%%%%%%%%
707: PUSH64 4f
708: Pop64_push64
709: Pop64_push64
710: PUSH64 1
711: PUSH64 ffffffff
712: Pop64_pop64_Mul_push64
713: Pop64_pop64_Add_push64
714: PUSH64 4f
715: Pop64_push64
716: Pop64_pop64
717: PUSH64 9d
718: PUSH64 4f
719: Pop64_pop64
720: PUSH64 4f
721: Pop64_push64
722: Pop64_push64
723: PUSH64 1
724: Pop64_pop64_Add_push64
725: PUSH64 4f
726: Pop64_push64
727: Pop64_pop64
728: PUSH64 4f
729: Pop64_push64
730: PUSH64 4f
731: Pop64_push64
732: Pop64_push64
733: Pop64_pop64_Add_push64
734: Pop64_pop64
735: PUSH64 5d
736: PUSH64 4f
737: Pop64_pop64
738: PUSH64 4f
739: Pop64_push64
740: PUSH64 1
741: Pop64_pop64_Add_push64
742: Pop64_push64
743: PUSH64 4f
744: Pop64_push64
745: Pop64_push64
746: PUSH64 0
747: Pop64_pop64_Setbe_push64
748: PUSH64 40
749: Pop64_pop64
750: PUSH64 2
751: PUSH64 51
752: Pop64_pop64
753: PUSH64 4f //@@@@@@@@@Loop begin
754: Pop64_push64
755: PUSH64 51
756: Pop64_push64
757: Pop64_pop64_Add_push64
758: Pop64_push64
759: PUSH64 4f
760: Pop64_push64
761: PUSH64 51
762: Pop64_push64
763: Pop64_pop64_Add_push64
764: PUSH64 1
765: PUSH64 ffffffff
766: Pop64_pop64_Mul_push64
767: Pop64_pop64_Add_push64
768: Pop64_pop64
769: PUSH64 51
770: Pop64_push64
771: PUSH64 1
772: Pop64_pop64_Add_push64
773: PUSH64 51
774: Pop64_pop64
775: PUSH64 51
776: Pop64_push64
777: PUSH64 4f
778: Pop64_push64
779: Pop64_push64
780: Pop64_pop64_Setbe_push64
781: Goto 753 //@@@@@@@@@Loop end
782: PUSH64 4f
783: Pop64_push64
784: Pop64_push64
785: PUSH64 1
786: PUSH64 ffffffff
787: Pop64_pop64_Mul_push64
788: Pop64_pop64_Add_push64
789: PUSH64 4f
790: Pop64_push64
791: Pop64_pop64
792: PUSH64 9d
793: PUSH64 4f
794: Pop64_pop64
795: PUSH64 4f
796: Pop64_push64
797: Pop64_push64
798: PUSH64 1
799: Pop64_pop64_Add_push64
800: PUSH64 4f
801: Pop64_push64
802: Pop64_pop64
803: PUSH64 4f
804: Pop64_push64
805: PUSH64 4f
806: Pop64_push64
807: Pop64_push64
808: Pop64_pop64_Add_push64
809: Pop64_pop64
810: PUSH64 5d
811: PUSH64 4f
812: Pop64_pop64
813: PUSH64 4f
814: Pop64_push64
815: PUSH64 1
816: Pop64_pop64_Add_push64
817: Pop64_push64
818: PUSH64 4f
819: Pop64_push64
820: Pop64_push64
821: PUSH64 0
822: Pop64_pop64_Setbe_push64
823: PUSH64 40
824: Pop64_pop64
825: PUSH64 2
826: PUSH64 51
827: Pop64_pop64
828: PUSH64 4f
829: Pop64_push64
830: PUSH64 51
831: Pop64_push64
832: Pop64_pop64_Add_push64
833: Pop64_push64
834: PUSH64 4f
835: Pop64_push64
836: PUSH64 51
837: Pop64_push64
838: Pop64_pop64_Add_push64
839: PUSH64 1
840: PUSH64 ffffffff
841: Pop64_pop64_Mul_push64
842: Pop64_pop64_Add_push64
843: Pop64_pop64
844: PUSH64 51
845: Pop64_push64
846: PUSH64 1
847: Pop64_pop64_Add_push64
848: PUSH64 51
849: Pop64_pop64
850: PUSH64 51
851: Pop64_push64
852: PUSH64 4f
853: Pop64_push64
854: Pop64_push64
855: Pop64_pop64_Setbe_push64
856: Goto 828 //@@@@@@@@@@@
857: PUSH64 4f
858: Pop64_push64
859: Pop64_push64
860: PUSH64 1
861: PUSH64 ffffffff
862: Pop64_pop64_Mul_push64
863: Pop64_pop64_Add_push64
864: PUSH64 4f
865: Pop64_push64
866: Pop64_pop64
867: PUSH64 9d
868: PUSH64 4f
869: Pop64_pop64
870: PUSH64 4f
871: Pop64_push64
872: Pop64_push64
873: PUSH64 1
874: Pop64_pop64_Add_push64
875: PUSH64 4f
876: Pop64_push64
877: Pop64_pop64
878: PUSH64 4f
879: Pop64_push64
880: PUSH64 4f
881: Pop64_push64
882: Pop64_push64
883: Pop64_pop64_Add_push64
884: Pop64_pop64
885: PUSH64 5d
886: PUSH64 4f
887: Pop64_pop64
888: PUSH64 4f
889: Pop64_push64
890: PUSH64 1
891: Pop64_pop64_Add_push64
892: Pop64_push64
893: PUSH64 4f
894: Pop64_push64
895: Pop64_push64
896: PUSH64 0
897: Pop64_pop64_Setbe_push64
898: PUSH64 40
899: Pop64_pop64
900: PUSH64 2
901: PUSH64 51
902: Pop64_pop64
903: PUSH64 4f
904: Pop64_push64
905: PUSH64 51
906: Pop64_push64
907: Pop64_pop64_Add_push64
908: Pop64_push64
909: PUSH64 4f
910: Pop64_push64
911: PUSH64 51
912: Pop64_push64
913: Pop64_pop64_Add_push64
914: PUSH64 1
915: PUSH64 ffffffff
916: Pop64_pop64_Mul_push64
917: Pop64_pop64_Add_push64
918: Pop64_pop64
919: PUSH64 51
920: Pop64_push64
921: PUSH64 1
922: Pop64_pop64_Add_push64
923: PUSH64 51
924: Pop64_pop64
925: PUSH64 51
926: Pop64_push64
927: PUSH64 4f
928: Pop64_push64
929: Pop64_push64
930: Pop64_pop64_Setbe_push64
931: Goto 903 //@@@@@@@@@@@@@@@
932: PUSH64 4f
933: Pop64_push64
934: Pop64_push64
935: PUSH64 1
936: PUSH64 ffffffff
937: Pop64_pop64_Mul_push64
938: Pop64_pop64_Add_push64
939: PUSH64 4f
940: Pop64_push64
941: Pop64_pop64
942: PUSH64 2d
943: Pop64_pop64_Sete_push64
944: PUSH64 0
945: Pop64_pop64_Sete_push64
946: PUSH64 40
947: Pop64_pop64
948: PUSH64 5d
949: PUSH64 4f
950: Pop64_pop64
951: PUSH64 4f
952: Pop64_push64
953: PUSH64 1
954: Pop64_pop64_Add_push64
955: Pop64_push64
956: PUSH64 4f
957: Pop64_push64
958: Pop64_push64
959: PUSH64 0
960: Pop64_pop64_Setbe_push64
961: PUSH64 40
962: Pop64_pop64
963: PUSH64 2
964: PUSH64 51
965: Pop64_pop64
966: PUSH64 4f
967: Pop64_push64
968: PUSH64 51
969: Pop64_push64
970: Pop64_pop64_Add_push64
971: Pop64_push64
972: PUSH64 4f
973: Pop64_push64
974: PUSH64 51
975: Pop64_push64
976: Pop64_pop64_Add_push64
977: PUSH64 1
978: PUSH64 ffffffff
979: Pop64_pop64_Mul_push64
980: Pop64_pop64_Add_push64
981: Pop64_pop64
982: PUSH64 51
983: Pop64_push64
984: PUSH64 1
985: Pop64_pop64_Add_push64
986: PUSH64 51
987: Pop64_pop64
988: PUSH64 51
989: Pop64_push64
990: PUSH64 4f
991: Pop64_push64
992: Pop64_push64
993: Pop64_pop64_Setbe_push64
994: Goto 966 //@@@@@@@@@@@@@@@@
995: PUSH64 4f
996: Pop64_push64
997: Pop64_push64
998: PUSH64 1
999: PUSH64 ffffffff
1000: Pop64_pop64_Mul_push64
1001: Pop64_pop64_Add_push64
1002: PUSH64 4f
1003: Pop64_push6
1004: Pop64_pop6
1005: PUSH64 9d
1006: PUSH64 4f
1007: Pop64_pop6
1008: PUSH64 4f
1009: Pop64_push6
1010: Pop64_push6
1011: PUSH64 1
1012: Pop64_pop64_Add_push64
1013: PUSH64 4f
1014: Pop64_push6
1015: Pop64_pop6
1016: PUSH64 4f
1017: Pop64_push6
1018: PUSH64 4f
1019: Pop64_push6
1020: Pop64_push6
1021: Pop64_pop64_Add_push64
1022: Pop64_pop6
1023: PUSH64 5d
1024: PUSH64 4f
1025: Pop64_pop6
1026: PUSH64 4f
1027: Pop64_push6
1028: PUSH64 1
1029: Pop64_pop64_Add_push64
1030: Pop64_push6
1031: PUSH64 4f
1032: Pop64_push6
1033: Pop64_push6
1034: PUSH64 0
1035: Pop64_pop64_Setbe_push6
1036: PUSH64 40
1037: Pop64_pop6
1038: PUSH64 2
1039: PUSH64 51
1040: Pop64_pop6
1041: PUSH64 4f
1042: Pop64_push6
1043: PUSH64 51
1044: Pop64_push6
1045: Pop64_pop64_Add_push64
1046: Pop64_push6
1047: PUSH64 4f
1048: Pop64_push6
1049: PUSH64 51
1050: Pop64_push6
1051: Pop64_pop64_Add_push64
1052: PUSH64 1
1053: PUSH64 ffffffff
1054: Pop64_pop64_Mul_push64
1055: Pop64_pop64_Add_push64
1056: Pop64_pop6
1057: PUSH64 51
1058: Pop64_push6
1059: PUSH64 1
1060: Pop64_pop64_Add_push64
1061: PUSH64 51
1062: Pop64_pop6
1063: PUSH64 51
1064: Pop64_push6
1065: PUSH64 4f
1066: Pop64_push6
1067: Pop64_push6
1068: Pop64_pop64_Setbe_push6
1069: Goto 1041 //@@@@@@@@@@@@@@@
%%%%%%%%%%%%%%%%%%%%%%%%%%%
00127978 06 00 00 00 00 00 00 00 .......
00127980 50 00 00 00 00 00 00 00 P.......
00127988 4B 00 00 00 00 00 00 00 K.......
00127990 4E 00 00 00 00 00 00 00 N.......
00127998 42 00 00 00 00 00 00 00 B.......
001279A0 4E 00 00 00 00 00 00 00 N.......
001279A8 50 00 00 00 00 00 00 00 P.......
001279B0 00 00 00 00 00 00 00 00 ........
TE25-PKNB-NP8P-SRPV-SFW6
%%%%%%%%%%%%%%%%%%%%%%%%%%%
1070: PUSH64 4f
1071: Pop64_push6
1072: Pop64_push6
1073: PUSH64 1
1074: PUSH64 ffffffff
1075: Pop64_pop64_Mul_push64
1076: Pop64_pop64_Add_push64
1077: PUSH64 4f
1078: Pop64_push6
1079: Pop64_pop6
1080: PUSH64 9d
1081: PUSH64 4f
1082: Pop64_pop6
1083: PUSH64 4f
1084: Pop64_push6
1085: Pop64_push6
1086: PUSH64 1
1087: Pop64_pop64_Add_push64
1088: PUSH64 4f
1089: Pop64_push6
1090: Pop64_pop6
1091: PUSH64 4f
1092: Pop64_push6
1093: PUSH64 4f
1094: Pop64_push6
1095: Pop64_push6
1096: Pop64_pop64_Add_push64
1097: Pop64_pop6
1098: PUSH64 0
1099: PUSH64 5b //把0存入5B处
1100: Pop64_pop6
1101: PUSH64 0
1102: PUSH64 5a //把0存入5A处
1103: Pop64_pop6
1104: PUSH64 1
1105: PUSH64 51
1106: Pop64_pop6 //把1存入51处,这是计数器
1107: PUSH64 1
1108: PUSH64 59
1109: Pop64_pop6 //把1存入59处
1110: PUSH64 ffffffff //@@@@@@@@@@@Loop begin 1
1111: PUSH64 5c
1112: Pop64_pop6 //把-1存到5C处
1113: PUSH64 0
1114: PUSH64 52
1115: Pop64_pop6 //把0存到52
1116: PUSH64 52 //@@@@@@@@@@@Loop begin 2
1117: Pop64_push6
1118: PUSH64 5a
1119: Pop64_push6 //取出5A处的61
1120: Pop64_pop64_Add_push64 //0+61=61
1121: PUSH64 51
1122: Pop64_push6 //取出计数器i(1-6)
1123: PUSH64 7
1124: Pop64_pop64_Mul_push64 //i*7,6*7=2A
1125: Pop64_pop64_Add_push64 //61+2A=8B
1126: PUSH64_2
1127: PUSH64 22
1128: Pop64_pop64_Div_push64 //8B/22=4
1129: PUSH64 22
1130: Pop64_pop64_Mul_push64
1131: PUSH64 ffffffff
1132: Pop64_pop64_Mul_push64
1133: Pop64_pop64_Add_push64 //余数8B-22*4=3
1134: PUSH64 1
1135: Pop64_pop64_Add_push64 //3+1=4
1136: PUSH64 11d
1137: Pop64_pop64_Add_push64 //4+11D=121
1138: Pop64_push6 //取出121指向的50'P'
//查表
%%%%%%%%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+11e*8
00127D80 4E 00 00 00 00 00 00 00 46 00 00 00 00 00 00 00 N.......F.......
00127D90 4F 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00 O.......P.......
00127DA0 52 00 00 00 00 00 00 00 54 00 00 00 00 00 00 00 R.......T.......
00127DB0 53 00 00 00 00 00 00 00 55 00 00 00 00 00 00 00 S.......U.......
00127DC0 49 00 00 00 00 00 00 00 51 00 00 00 00 00 00 00 I.......Q.......
00127DD0 57 00 00 00 00 00 00 00 58 00 00 00 00 00 00 00 W.......X.......
00127DE0 59 00 00 00 00 00 00 00 56 00 00 00 00 00 00 00 Y.......V.......
00127DF0 5A 00 00 00 00 00 00 00 32 00 00 00 00 00 00 00 Z.......2.......
00127E00 33 00 00 00 00 00 00 00 35 00 00 00 00 00 00 00 3.......5.......
00127E10 34 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00 4.......6.......
00127E20 37 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 7.......8.......
00127E30 42 00 00 00 00 00 00 00 39 00 00 00 00 00 00 00 B.......9.......
00127E40 41 00 00 00 00 00 00 00 45 00 00 00 00 00 00 00 A.......E.......
00127E50 44 00 00 00 00 00 00 00 47 00 00 00 00 00 00 00 D.......G.......
00127E60 43 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 C.......H.......
00127E70 4A 00 00 00 00 00 00 00 4B 00 00 00 00 00 00 00 J.......K.......
00127E80 4C 00 00 00 00 00 00 00 4D 00 00 00 00 00 00 00 L.......M.......
00127E90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
对34取模,用余数来查表
d ebp+0FFFF7FE0+09D*8
00127978 06 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00 .......P.......
00127988 4B 00 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 K.......N.......
00127998 42 00 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 B.......N.......
001279A8 50 00 00 00 00 00 00 00 P.......
%%%%%%%%%%%%%%%%%%%%%%%%%%%
1139: PUSH64 9d
1140: PUSH64 51
1141: Pop64_push6 //取51处的计数器i
1142: Pop64_pop64_Add_push64 //9D+i,9D+6=A3
1143: Pop64_push6 //取A3处的50'P'
1144: Pop64_pop64_Sete_push6 //p=p,al=1
1145: PUSH64 0
1146: Pop64_pop64_Sete_push6 //al=0
1147: Goto 1156 //al=0不跳,向后@@@@@@@@@@@@@@@@@@@@@@@@@@
1148: PUSH64 52
1149: Pop64_push6 //取出52处的0
1150: PUSH64 5c
1151: Pop64_pop6 //保存到5C中
1152: PUSH64 0
1153: PUSH64 0
1154: Pop64_pop64_Sete_push6 //al=1
1155: Goto 1167 //al=1,跳了,向后@@@@@@@@
1156: PUSH64 52
1157: Pop64_push6
1158: PUSH64 1
1159: Pop64_pop64_Add_push64 ;+1
1160: PUSH64 52
1161: Pop64_pop6
1162: PUSH64 52
1163: Pop64_push6
1164: PUSH64 22
1165: Pop64_pop64_Setb_push6
1166: Goto 1116 //向前//@@@@@@@@@@@Loop begin 2
1167: PUSH64 5c
1168: Pop64_push6 //取出5C处的0
1169: PUSH64 0
1170: Pop64_pop64_Setb_push6 //1>0,al=0
1171: PUSH64 40
1172: Pop64_pop6 //0保存到40处
1173: PUSH64 5b
1174: Pop64_push6 //取出5B处的00103D48(i=5),0024A158(i=6)
1175: PUSH64 5c
1176: Pop64_push6 //取出5C处的1(i=5),0(i=6)
1177: PUSH64 59
1178: Pop64_push6 //取出59处的00146410(i=5),02B54A20(i=6)
1179: Pop64_pop64_Mul_push64 //146410*1=146410(i=5),0*02B54A20=0(i=6)
1180: Pop64_pop64_Add_push64 //00103D48+00146410=0024A158(i=5),24A158+0=24A158(i=6)
1181: PUSH64 5b
1182: Pop64_pop6 //保存0024A158到5B处
1183: PUSH64 5a
1184: Pop64_push6 //取出5A处的00000020
1185: PUSH64 3
1186: Pop64_pop64_Mul_push64 //20*3=60
1187: PUSH64 5c
1188: Pop64_push6 //取出5C处的1
1189: Pop64_pop64_Add_push64 //60+1=61
1190: PUSH64_2
1191: PUSH64 64
1192: Pop64_pop64_Div_push64 //61/64=0,余61
1193: PUSH64 64
1194: Pop64_pop64_Mul_push64 //0*64=0
1195: PUSH64 ffffffff
1196: Pop64_pop64_Mul_push64
1197: Pop64_pop64_Add_push64 //得到余数61
1198: PUSH64 5a
1199: Pop64_pop6 //保存到5A处
1200: PUSH64 59
1201: Pop64_push6 //取出59处的00146410
1202: PUSH64 22
1203: Pop64_pop64_Mul_push64 //00146410 *22=2B54A20
1204: PUSH64 59
1205: Pop64_pop6 //保存2B54A20到59处
1206: PUSH64 51
1207: Pop64_push6 //取出51处的计数器i(5)
1208: PUSH64 1
1209: Pop64_pop64_Add_push64 //加1
1210: PUSH64 51
1211: Pop64_pop6 //保存计数器
1212: PUSH64 51
1213: Pop64_push6
1214: PUSH64 9d
1215: Pop64_push6 //取出9D处的6
1216: Pop64_pop64_Setbe_push6
1217: Goto 1110 //@@@@@@@@@@@@Loop end 1,<=6的时候跳上去循环
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+050*8
00127710 1E 01 00 00 00 00 00 00 07 00 00 00 00 00 00 00 .............
00127720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00127730 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00127740 00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00 .T&..........
00127750 17 00 00 00 00 00 00 00 40 D8 13 5C 00 00 00 00 .......@?\....
00127760 5B 00 00 00 00 00 00 00 58 A1 24 00 00 00 00 00 [.......X?.....
00127770 00 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 ................
00127780 38 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00 8.......P.......
00127790 2D 00 00 00 00 00 00 00 53 00 00 00 00 00 00 00 -.......S.......
001277A0 52 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00 R.......P.......
001277B0 56 00 00 00 00 00 00 00 2D 00 00 00 00 00 00 00 V.......-.......
001277C0 53 00 00 00 00 00 00 00 46 00 00 00 00 00 00 00 S.......F.......
001277D0 57 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00 W.......6.......
001277E0 36 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00 6.......6.......
001277F0 36 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00 6.......6.......
00127800 36 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00 6.......6.......
00127810 36 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00 6.......6.......
00127820 36 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00 6.......6.......
00127830 36 00 00 00 00 00 00 00 36 00 00 00 00 00 00 00 6.......6.......
00127840 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
1218: PUSH64 5b
1219: Pop64_push6 //取5B处的24A158
1220: PUSH64_2
1221: PUSH64_2
1222: PUSH64 258
1223: Pop64_pop64_Div_push64 //24A158/258=FA1
1224: PUSH64 258
1225: Pop64_pop64_Mul_push64
1226: PUSH64 ffffffff
1227: Pop64_pop64_Mul_push64
1228: Pop64_pop64_Add_push64 //24A158-258*FA1=0
1229: PUSH64 45
1230: Pop64_pop6 //余数保存在45处
1231: PUSH64 258
1232: Pop64_pop64_Div_push64 //24A158/258=FA1
1233: PUSH64_2
1234: PUSH64_2
1235: PUSH64 7d0
1236: Pop64_pop64_Div_push64 //FA1/7D0=2
1237: PUSH64 7d0
1238: Pop64_pop64_Mul_push64
1239: PUSH64 ffffffff
1240: Pop64_pop64_Mul_push64
1241: Pop64_pop64_Add_push64 //FA1-7D0*2=1
1242: PUSH64 4b
1243: Pop64_pop6 //保存1到4B处
1244: PUSH64 7d0
1245: Pop64_pop64_Div_push64 //FA1/7D0=2
1246: PUSH64 4a
1247: Pop64_pop6 //保存2到4A处
1248: PUSH64 9d
1249: PUSH64 4f
1250: Pop64_pop6 //9D存入到4F
1251: PUSH64 0
1252: PUSH64 4f
1253: Pop64_push6 //取4F处的9D
1254: Pop64_pop6 //0保存到9D处
1255: PUSH64 5d
1256: PUSH64 4f
1257: Pop64_pop6 //5D保存到4F
1258: PUSH64 4f
1259: Pop64_push6 //取出4F->5D
1260: PUSH64 1
1261: Pop64_pop64_Add_push64 //5D+1=5E
1262: Pop64_push6 //取出5E指向的38'8'
1263: PUSH64 4f
1264: Pop64_push6
1265: Pop64_push6
1266: PUSH64 0
1267: Pop64_pop64_Setbe_push6
1268: PUSH64 40
1269: Pop64_pop6
1270: PUSH64 2
1271: PUSH64 51
1272: Pop64_pop6
1273: PUSH64 4f //@@@@@@@@@@@@@loop begin
1274: Pop64_push6
1275: PUSH64 51
1276: Pop64_push6
1277: Pop64_pop64_Add_push64
1278: Pop64_push6
1279: PUSH64 4f
1280: Pop64_push6
1281: PUSH64 51
1282: Pop64_push6
1283: Pop64_pop64_Add_push64
1284: PUSH64 1
1285: PUSH64 ffffffff
1286: Pop64_pop64_Mul_push64
1287: Pop64_pop64_Add_push64
1288: Pop64_pop6
1289: PUSH64 51
1290: Pop64_push6
1291: PUSH64 1
1292: Pop64_pop64_Add_push64
1293: PUSH64 51
1294: Pop64_pop6
1295: PUSH64 51
1296: Pop64_push6
1297: PUSH64 4f
1298: Pop64_push6
1299: Pop64_push6
1300: Pop64_pop64_Setbe_push6
1301: Goto 1273 //@@@@@@@@@@@@@8 loop end
%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%
1302: PUSH64 4f
1303: Pop64_push6
1304: Pop64_push6
1305: PUSH64 1
1306: PUSH64 ffffffff
1307: Pop64_pop64_Mul_push64
1308: Pop64_pop64_Add_push64
1309: PUSH64 4f
1310: Pop64_push6
1311: Pop64_pop6
1312: PUSH64 9d
1313: PUSH64 4f
1314: Pop64_pop6
1315: PUSH64 4f
1316: Pop64_push6
1317: Pop64_push6
1318: PUSH64 1
1319: Pop64_pop64_Add_push64
1320: PUSH64 4f
1321: Pop64_push6
1322: Pop64_pop6
1323: PUSH64 4f
1324: Pop64_push6
1325: PUSH64 4f
1326: Pop64_push6
1327: Pop64_push6
1328: Pop64_pop64_Add_push64
1329: Pop64_pop6
1330: PUSH64 5d
1331: PUSH64 4f
1332: Pop64_pop6
1333: PUSH64 4f
1334: Pop64_push6
1335: PUSH64 1
1336: Pop64_pop64_Add_push64
1337: Pop64_push6
1338: PUSH64 4f
1339: Pop64_push6
1340: Pop64_push6
1341: PUSH64 0
1342: Pop64_pop64_Setbe_push6
1343: PUSH64 40
1344: Pop64_pop6
1345: PUSH64 2
1346: PUSH64 51
1347: Pop64_pop6
1348: PUSH64 4f
1349: Pop64_push6
1350: PUSH64 51
1351: Pop64_push6
1352: Pop64_pop64_Add_push64
1353: Pop64_push6
1354: PUSH64 4f
1355: Pop64_push6
1356: PUSH64 51
1357: Pop64_push6
1358: Pop64_pop64_Add_push64
1359: PUSH64 1
1360: PUSH64 ffffffff
1361: Pop64_pop64_Mul_push64
1362: Pop64_pop64_Add_push64
1363: Pop64_pop6
1364: PUSH64 51
1365: Pop64_push6
1366: PUSH64 1
1367: Pop64_pop64_Add_push64
1368: PUSH64 51
1369: Pop64_pop6
1370: PUSH64 51
1371: Pop64_push6
1372: PUSH64 4f
1373: Pop64_push6
1374: Pop64_push6
1375: Pop64_pop64_Setbe_push6
1376: Goto 1348 //@@@@@@@@@@@@@@@@@@@@@@@p
1377: PUSH64 4f
1378: Pop64_push6
1379: Pop64_push6
1380: PUSH64 1
1381: PUSH64 ffffffff
1382: Pop64_pop64_Mul_push64
1383: Pop64_pop64_Add_push64
1384: PUSH64 4f
1385: Pop64_push6
1386: Pop64_pop6
1387: PUSH64 9d
1388: PUSH64 4f
1389: Pop64_pop6
1390: PUSH64 4f
1391: Pop64_push6
1392: Pop64_push6
1393: PUSH64 1
1394: Pop64_pop64_Add_push64
1395: PUSH64 4f
1396: Pop64_push6
1397: Pop64_pop6
1398: PUSH64 4f
1399: Pop64_push6
1400: PUSH64 4f
1401: Pop64_push6
1402: Pop64_push6
1403: Pop64_pop64_Add_push64
1404: Pop64_pop6
1405: PUSH64 5d
1406: PUSH64 4f
1407: Pop64_pop6
1408: PUSH64 4f
1409: Pop64_push6
1410: PUSH64 1
1411: Pop64_pop64_Add_push64
1412: Pop64_push6
1413: PUSH64 4f
1414: Pop64_push6
1415: Pop64_push6
1416: PUSH64 0
1417: Pop64_pop64_Setbe_push6
1418: PUSH64 40
1419: Pop64_pop6
1420: PUSH64 2
1421: PUSH64 51
1422: Pop64_pop6
1423: PUSH64 4f
1424: Pop64_push6
1425: PUSH64 51
1426: Pop64_push6
1427: Pop64_pop64_Add_push64
1428: Pop64_push6
1429: PUSH64 4f
1430: Pop64_push6
1431: PUSH64 51
1432: Pop64_push6
1433: Pop64_pop64_Add_push64
1434: PUSH64 1
1435: PUSH64 ffffffff
1436: Pop64_pop64_Mul_push64
1437: Pop64_pop64_Add_push64
1438: Pop64_pop6
1439: PUSH64 51
1440: Pop64_push6
1441: PUSH64 1
1442: Pop64_pop64_Add_push64
1443: PUSH64 51
1444: Pop64_pop6
1445: PUSH64 51
1446: Pop64_push6
1447: PUSH64 4f
1448: Pop64_push6
1449: Pop64_push6
1450: Pop64_pop64_Setbe_push6
1451: Goto 1423 //@@@@@@@@@@@@@@-
1452: PUSH64 4f
1453: Pop64_push6
1454: Pop64_push6
1455: PUSH64 1
1456: PUSH64 ffffffff
1457: Pop64_pop64_Mul_push64
1458: Pop64_pop64_Add_push64
1459: PUSH64 4f
1460: Pop64_push6
1461: Pop64_pop6
1462: PUSH64 2d //-
1463: Pop64_pop64_Sete_push6
1464: PUSH64 0
1465: Pop64_pop64_Sete_push6
1466: PUSH64 40
1467: Pop64_pop6
1468: PUSH64 5d
1469: PUSH64 4f
1470: Pop64_pop6
1471: PUSH64 4f
1472: Pop64_push6
1473: PUSH64 1
1474: Pop64_pop64_Add_push64
1475: Pop64_push6
1476: PUSH64 4f
1477: Pop64_push6
1478: Pop64_push6
1479: PUSH64 0
1480: Pop64_pop64_Setbe_push6
1481: PUSH64 40
1482: Pop64_pop6
1483: PUSH64 2
1484: PUSH64 51
1485: Pop64_pop6
1486: PUSH64 4f
1487: Pop64_push6
1488: PUSH64 51
1489: Pop64_push6
1490: Pop64_pop64_Add_push64
1491: Pop64_push6
1492: PUSH64 4f
1493: Pop64_push6
1494: PUSH64 51
1495: Pop64_push6
1496: Pop64_pop64_Add_push64
1497: PUSH64 1
1498: PUSH64 ffffffff
1499: Pop64_pop64_Mul_push64
1500: Pop64_pop64_Add_push64
1501: Pop64_pop6
1502: PUSH64 51
1503: Pop64_push6
1504: PUSH64 1
1505: Pop64_pop64_Add_push64
1506: PUSH64 51
1507: Pop64_pop6
1508: PUSH64 51
1509: Pop64_push6
1510: PUSH64 4f
1511: Pop64_push6
1512: Pop64_push6
1513: Pop64_pop64_Setbe_push6
1514: Goto 1486 //@@@@@@@@@@@@@@
1515: PUSH64 4f
1516: Pop64_push6
1517: Pop64_push6
1518: PUSH64 1
1519: PUSH64 ffffffff
1520: Pop64_pop64_Mul_push64
1521: Pop64_pop64_Add_push64
1522: PUSH64 4f
1523: Pop64_push6
1524: Pop64_pop6
1525: PUSH64 9d
1526: PUSH64 4f
1527: Pop64_pop6
1528: PUSH64 4f
1529: Pop64_push6
1530: Pop64_push6
1531: PUSH64 1
1532: Pop64_pop64_Add_push64
1533: PUSH64 4f
1534: Pop64_push6
1535: Pop64_pop6
1536: PUSH64 4f
1537: Pop64_push6
1538: PUSH64 4f
1539: Pop64_push6
1540: Pop64_push6
1541: Pop64_pop64_Add_push64
1542: Pop64_pop6
1543: PUSH64 5d
1544: PUSH64 4f
1545: Pop64_pop6
1546: PUSH64 4f
1547: Pop64_push6
1548: PUSH64 1
1549: Pop64_pop64_Add_push64
1550: Pop64_push6
1551: PUSH64 4f
1552: Pop64_push6
1553: Pop64_push6
1554: PUSH64 0
1555: Pop64_pop64_Setbe_push6
1556: PUSH64 40
1557: Pop64_pop6
1558: PUSH64 2
1559: PUSH64 51
1560: Pop64_pop6
1561: PUSH64 4f
1562: Pop64_push6
1563: PUSH64 51
1564: Pop64_push6
1565: Pop64_pop64_Add_push64
1566: Pop64_push6
1567: PUSH64 4f
1568: Pop64_push6
1569: PUSH64 51
1570: Pop64_push6
1571: Pop64_pop64_Add_push64
1572: PUSH64 1
1573: PUSH64 ffffffff
1574: Pop64_pop64_Mul_push64
1575: Pop64_pop64_Add_push64
1576: Pop64_pop6
1577: PUSH64 51
1578: Pop64_push6
1579: PUSH64 1
1580: Pop64_pop64_Add_push64
1581: PUSH64 51
1582: Pop64_pop6
1583: PUSH64 51
1584: Pop64_push6
1585: PUSH64 4f
1586: Pop64_push6
1587: Pop64_push6
1588: Pop64_pop64_Setbe_push6
1589: Goto 1561 //@@@@@@@@@@@@@@
1590: PUSH64 4f
1591: Pop64_push6
1592: Pop64_push6
1593: PUSH64 1
1594: PUSH64 ffffffff
1595: Pop64_pop64_Mul_push64
1596: Pop64_pop64_Add_push64
1597: PUSH64 4f
1598: Pop64_push6
1599: Pop64_pop6
1600: PUSH64 9d
1601: PUSH64 4f
1602: Pop64_pop6
1603: PUSH64 4f
1604: Pop64_push6
1605: Pop64_push6
1606: PUSH64 1
1607: Pop64_pop64_Add_push64
1608: PUSH64 4f
1609: Pop64_push6
1610: Pop64_pop6
1611: PUSH64 4f
1612: Pop64_push6
1613: PUSH64 4f
1614: Pop64_push6
1615: Pop64_push6
1616: Pop64_pop64_Add_push64
1617: Pop64_pop6
1618: PUSH64 5d
1619: PUSH64 4f
1620: Pop64_pop6
1621: PUSH64 4f
1622: Pop64_push6
1623: PUSH64 1
1624: Pop64_pop64_Add_push64
1625: Pop64_push6
1626: PUSH64 4f
1627: Pop64_push6
1628: Pop64_push6
1629: PUSH64 0
1630: Pop64_pop64_Setbe_push6
1631: PUSH64 40
1632: Pop64_pop6
1633: PUSH64 2
1634: PUSH64 51
1635: Pop64_pop6
1636: PUSH64 4f
1637: Pop64_push6
1638: PUSH64 51
1639: Pop64_push6
1640: Pop64_pop64_Add_push64
1641: Pop64_push6
1642: PUSH64 4f
1643: Pop64_push6
1644: PUSH64 51
1645: Pop64_push6
1646: Pop64_pop64_Add_push64
1647: PUSH64 1
1648: PUSH64 ffffffff
1649: Pop64_pop64_Mul_push64
1650: Pop64_pop64_Add_push64
1651: Pop64_pop6
1652: PUSH64 51
1653: Pop64_push6
1654: PUSH64 1
1655: Pop64_pop64_Add_push64
1656: PUSH64 51
1657: Pop64_pop6
1658: PUSH64 51
1659: Pop64_push6
1660: PUSH64 4f
1661: Pop64_push6
1662: Pop64_push6
1663: Pop64_pop64_Setbe_push6
1664: Goto 1636 //@@@@@@@@@@@@@@@
%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%
1665: PUSH64 4f
1666: Pop64_push6
1667: Pop64_push6
1668: PUSH64 1
1669: PUSH64 ffffffff
1670: Pop64_pop64_Mul_push64
1671: Pop64_pop64_Add_push64
1672: PUSH64 4f
1673: Pop64_push6
1674: Pop64_pop6
1675: PUSH64 9d
1676: PUSH64 4f
1677: Pop64_pop6
1678: PUSH64 4f
1679: Pop64_push6
1680: Pop64_push6
1681: PUSH64 1
1682: Pop64_pop64_Add_push64
1683: PUSH64 4f
1684: Pop64_push6
1685: Pop64_pop6
1686: PUSH64 4f
1687: Pop64_push6
1688: PUSH64 4f
1689: Pop64_push6
1690: Pop64_push6
1691: Pop64_pop64_Add_push64
1692: Pop64_pop6
1693: PUSH64 5d
1694: PUSH64 4f
1695: Pop64_pop6
1696: PUSH64 4f
1697: Pop64_push6
1698: PUSH64 1
1699: Pop64_pop64_Add_push64
1700: Pop64_push6
1701: PUSH64 4f
1702: Pop64_push6
1703: Pop64_push6
1704: PUSH64 0
1705: Pop64_pop64_Setbe_push6
1706: PUSH64 40
1707: Pop64_pop6
1708: PUSH64 2
1709: PUSH64 51
1710: Pop64_pop6
1711: PUSH64 4f
1712: Pop64_push6
1713: PUSH64 51
1714: Pop64_push6
1715: Pop64_pop64_Add_push64
1716: Pop64_push6
1717: PUSH64 4f
1718: Pop64_push6
1719: PUSH64 51
1720: Pop64_push6
1721: Pop64_pop64_Add_push64
1722: PUSH64 1
1723: PUSH64 ffffffff
1724: Pop64_pop64_Mul_push64
1725: Pop64_pop64_Add_push64
1726: Pop64_pop6
1727: PUSH64 51
1728: Pop64_push6
1729: PUSH64 1
1730: Pop64_pop64_Add_push64
1731: PUSH64 51
1732: Pop64_pop6
1733: PUSH64 51
1734: Pop64_push6
1735: PUSH64 4f
1736: Pop64_push6
1737: Pop64_push6
1738: Pop64_pop64_Setbe_push6
1739: Goto 1711 //@@@@@@@@@@@@@@@@@@@@@@@
1740: PUSH64 4f
1741: Pop64_push6
1742: Pop64_push6
1743: PUSH64 1
1744: PUSH64 ffffffff
1745: Pop64_pop64_Mul_push64
1746: Pop64_pop64_Add_push64
1747: PUSH64 4f
1748: Pop64_push6
1749: Pop64_pop6
1750: PUSH64 9d
1751: PUSH64 4f
1752: Pop64_pop6
1753: PUSH64 4f
1754: Pop64_push6
1755: Pop64_push6
1756: PUSH64 1
1757: Pop64_pop64_Add_push64
1758: PUSH64 4f
1759: Pop64_push6
1760: Pop64_pop6
1761: PUSH64 4f
1762: Pop64_push6
1763: PUSH64 4f
1764: Pop64_push6
1765: Pop64_push6
1766: Pop64_pop64_Add_push64
1767: Pop64_pop6
1768: PUSH64 5d
1769: PUSH64 4f
1770: Pop64_pop6
1771: PUSH64 4f
1772: Pop64_push6
1773: PUSH64 1
1774: Pop64_pop64_Add_push64
1775: Pop64_push6
1776: PUSH64 4f
1777: Pop64_push6
1778: Pop64_push6
1779: PUSH64 0
1780: Pop64_pop64_Setbe_push6
1781: PUSH64 40
1782: Pop64_pop6
1783: PUSH64 2
1784: PUSH64 51
1785: Pop64_pop6
1786: PUSH64 4f
1787: Pop64_push6
1788: PUSH64 51
1789: Pop64_push6
1790: Pop64_pop64_Add_push64
1791: Pop64_push6
1792: PUSH64 4f
1793: Pop64_push6
1794: PUSH64 51
1795: Pop64_push6
1796: Pop64_pop64_Add_push64
1797: PUSH64 1
1798: PUSH64 ffffffff
1799: Pop64_pop64_Mul_push64
1800: Pop64_pop64_Add_push64
1801: Pop64_pop6
1802: PUSH64 51
1803: Pop64_push6
1804: PUSH64 1
1805: Pop64_pop64_Add_push64
1806: PUSH64 51
1807: Pop64_pop6
1808: PUSH64 51
1809: Pop64_push6
1810: PUSH64 4f
1811: Pop64_push6
1812: Pop64_push6
1813: Pop64_pop64_Setbe_push6
1814: Goto 1786 //@@@@@@@@@@@@@@@@@@
1815: PUSH64 4f
1816: Pop64_push6
1817: Pop64_push6
1818: PUSH64 1
1819: PUSH64 ffffffff
1820: Pop64_pop64_Mul_push64
1821: Pop64_pop64_Add_push64
1822: PUSH64 4f
1823: Pop64_push6
1824: Pop64_pop6
1825: PUSH64 2d //-
1826: Pop64_pop64_Sete_push6
1827: PUSH64 0
1828: Pop64_pop64_Sete_push6
1829: PUSH64 40
1830: Pop64_pop6
1831: PUSH64 5d
1832: PUSH64 4f
1833: Pop64_pop6
1834: PUSH64 4f
1835: Pop64_push6
1836: PUSH64 1
1837: Pop64_pop64_Add_push64
1838: Pop64_push6
1839: PUSH64 4f
1840: Pop64_push6
1841: Pop64_push6
1842: PUSH64 0
1843: Pop64_pop64_Setbe_push6
1844: PUSH64 40
1845: Pop64_pop6
1846: PUSH64 2
1847: PUSH64 51
1848: Pop64_pop6
1849: PUSH64 4f
1850: Pop64_push6
1851: PUSH64 51
1852: Pop64_push6
1853: Pop64_pop64_Add_push64
1854: Pop64_push6
1855: PUSH64 4f
1856: Pop64_push6
1857: PUSH64 51
1858: Pop64_push6
1859: Pop64_pop64_Add_push64
1860: PUSH64 1
1861: PUSH64 ffffffff
1862: Pop64_pop64_Mul_push64
1863: Pop64_pop64_Add_push64
1864: Pop64_pop6
1865: PUSH64 51
1866: Pop64_push6
1867: PUSH64 1
1868: Pop64_pop64_Add_push64
1869: PUSH64 51
1870: Pop64_pop6
1871: PUSH64 51
1872: Pop64_push6
1873: PUSH64 4f
1874: Pop64_push6
1875: Pop64_push6
1876: Pop64_pop64_Setbe_push6
1877: Goto 1849 //@@@@@@@@@@@@@@@@@@@@
1878: PUSH64 4f
1879: Pop64_push6
1880: Pop64_push6
1881: PUSH64 1
1882: PUSH64 ffffffff
1883: Pop64_pop64_Mul_push64
1884: Pop64_pop64_Add_push64
1885: PUSH64 4f
1886: Pop64_push6
1887: Pop64_pop6
1888: PUSH64 9d
1889: PUSH64 4f
1890: Pop64_pop6
1891: PUSH64 4f
1892: Pop64_push6
1893: Pop64_push6
1894: PUSH64 1
1895: Pop64_pop64_Add_push64
1896: PUSH64 4f
1897: Pop64_push6
1898: Pop64_pop6
1899: PUSH64 4f
1900: Pop64_push6
1901: PUSH64 4f
1902: Pop64_push6
1903: Pop64_push6
1904: Pop64_pop64_Add_push64
1905: Pop64_pop6
1906: PUSH64 5d
1907: PUSH64 4f
1908: Pop64_pop6
1909: PUSH64 4f
1910: Pop64_push6
1911: PUSH64 1
1912: Pop64_pop64_Add_push64
1913: Pop64_push6
1914: PUSH64 4f
1915: Pop64_push6
1916: Pop64_push6
1917: PUSH64 0
1918: Pop64_pop64_Setbe_push6
1919: PUSH64 40
1920: Pop64_pop6
1921: PUSH64 2
1922: PUSH64 51
1923: Pop64_pop6
1924: PUSH64 4f
1925: Pop64_push6
1926: PUSH64 51
1927: Pop64_push6
1928: Pop64_pop64_Add_push64
1929: Pop64_push6
1930: PUSH64 4f
1931: Pop64_push6
1932: PUSH64 51
1933: Pop64_push6
1934: Pop64_pop64_Add_push64
1935: PUSH64 1
1936: PUSH64 ffffffff
1937: Pop64_pop64_Mul_push64
1938: Pop64_pop64_Add_push64
1939: Pop64_pop6
1940: PUSH64 51
1941: Pop64_push6
1942: PUSH64 1
1943: Pop64_pop64_Add_push64
1944: PUSH64 51
1945: Pop64_pop6
1946: PUSH64 51
1947: Pop64_push6
1948: PUSH64 4f
1949: Pop64_push6
1950: Pop64_push6
1951: Pop64_pop64_Setbe_push6
1952: Goto 1924 //@@@@@@@@@@@@@@@@@@@@@
1953: PUSH64 4f
1954: Pop64_push6
1955: Pop64_push6
1956: PUSH64 1
1957: PUSH64 ffffffff
1958: Pop64_pop64_Mul_push64
1959: Pop64_pop64_Add_push64
1960: PUSH64 4f
1961: Pop64_push6
1962: Pop64_pop6
1963: PUSH64 9d
1964: PUSH64 4f
1965: Pop64_pop6
1966: PUSH64 4f
1967: Pop64_push6
1968: Pop64_push6
1969: PUSH64 1
1970: Pop64_pop64_Add_push64
1971: PUSH64 4f
1972: Pop64_push6
1973: Pop64_pop6
1974: PUSH64 4f
1975: Pop64_push6
1976: PUSH64 4f
1977: Pop64_push6
1978: Pop64_push6
1979: Pop64_pop64_Add_push64
1980: Pop64_pop6
1981: PUSH64 5d
1982: PUSH64 4f
1983: Pop64_pop6
1984: PUSH64 4f
1985: Pop64_push6
1986: PUSH64 1
1987: Pop64_pop64_Add_push64
1988: Pop64_push6
1989: PUSH64 4f
1990: Pop64_push6
1991: Pop64_push6
1992: PUSH64 0
1993: Pop64_pop64_Setbe_push6
1994: PUSH64 40
1995: Pop64_pop6
1996: PUSH64 2
1997: PUSH64 51
1998: Pop64_pop6
1999: PUSH64 4f
2000: Pop64_push6
2001: PUSH64 51
2002: Pop64_push6
2003: Pop64_pop64_Add_push64
2004: Pop64_push6
2005: PUSH64 4f
2006: Pop64_push6
2007: PUSH64 51
2008: Pop64_push6
2009: Pop64_pop64_Add_push64
2010: PUSH64 1
2011: PUSH64 ffffffff
2012: Pop64_pop64_Mul_push64
2013: Pop64_pop64_Add_push64
2014: Pop64_pop6
2015: PUSH64 51
2016: Pop64_push6
2017: PUSH64 1
2018: Pop64_pop64_Add_push64
2019: PUSH64 51
2020: Pop64_pop6
2021: PUSH64 51
2022: Pop64_push6
2023: PUSH64 4f
2024: Pop64_push6
2025: Pop64_push6
2026: Pop64_pop64_Setbe_push6
2027: Goto 1999 //@@@@@@@@@@@@@@@@@@
2028: PUSH64 4f
2029: Pop64_push6
2030: Pop64_push6
2031: PUSH64 1
2032: PUSH64 ffffffff
2033: Pop64_pop64_Mul_push64
2034: Pop64_pop64_Add_push64
2035: PUSH64 4f
2036: Pop64_push6
2037: Pop64_pop6
2038: PUSH64 9d
2039: PUSH64 4f
2040: Pop64_pop6
2041: PUSH64 4f
2042: Pop64_push6
2043: Pop64_push6
2044: PUSH64 1
2045: Pop64_pop64_Add_push64
2046: PUSH64 4f
2047: Pop64_push6
2048: Pop64_pop6
2049: PUSH64 4f
2050: Pop64_push6
2051: PUSH64 4f
2052: Pop64_push6
2053: Pop64_push6
2054: Pop64_pop64_Add_push64
2055: Pop64_pop6
2056: PUSH64 5d
2057: PUSH64 4f
2058: Pop64_pop6
2059: PUSH64 4f
2060: Pop64_push6
2061: PUSH64 1
2062: Pop64_pop64_Add_push64
2063: Pop64_push6
2064: PUSH64 4f
2065: Pop64_push6
2066: Pop64_push6
2067: PUSH64 0
2068: Pop64_pop64_Setbe_push6
2069: PUSH64 40
2070: Pop64_pop6
2071: PUSH64 2
2072: PUSH64 51
2073: Pop64_pop6
2074: PUSH64 4f
2075: Pop64_push6
2076: PUSH64 51
2077: Pop64_push6
2078: Pop64_pop64_Add_push64
2079: Pop64_push6
2080: PUSH64 4f
2081: Pop64_push6
2082: PUSH64 51
2083: Pop64_push6
2084: Pop64_pop64_Add_push64
2085: PUSH64 1
2086: PUSH64 ffffffff
2087: Pop64_pop64_Mul_push64
2088: Pop64_pop64_Add_push64
2089: Pop64_pop6
2090: PUSH64 51
2091: Pop64_push6
2092: PUSH64 1
2093: Pop64_pop64_Add_push64
2094: PUSH64 51
2095: Pop64_pop6
2096: PUSH64 51
2097: Pop64_push6
2098: PUSH64 4f
2099: Pop64_push6
2100: Pop64_push6
2101: Pop64_pop64_Setbe_push6
2102: Goto 2074 //@@@@@@@@@@@@@@@@@@@@@@
%%%%%%%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+09D*8
00127978 0A 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 ........8.......
00127988 50 00 00 00 00 00 00 00 53 00 00 00 00 00 00 00 P.......S.......
00127998 52 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00 R.......P.......
001279A8 56 00 00 00 00 00 00 00 53 00 00 00 00 00 00 00 V.......S.......
001279B8 46 00 00 00 00 00 00 00 57 00 00 00 00 00 00 00 F.......W.......
001279C8 36 00 00 00 00 00 00 00 6.......
TE25-PKNB-NP8P-SRPV-SFW6
最后10个字符
%%%%%%%%%%%%%%%%%%%%%%%%%%%
2103: PUSH64 4f
2104: Pop64_push6
2105: Pop64_push6
2106: PUSH64 1
2107: PUSH64 ffffffff
2108: Pop64_pop64_Mul_push64
2109: Pop64_pop64_Add_push64
2110: PUSH64 4f
2111: Pop64_push6
2112: Pop64_pop6
2113: PUSH64 9d
2114: PUSH64 4f
2115: Pop64_pop6
2116: PUSH64 4f
2117: Pop64_push6
2118: Pop64_push6
2119: PUSH64 1
2120: Pop64_pop64_Add_push64
2121: PUSH64 4f
2122: Pop64_push6
2123: Pop64_pop6
2124: PUSH64 4f
2125: Pop64_push6
2126: PUSH64 4f
2127: Pop64_push6
2128: Pop64_push6
2129: Pop64_pop64_Add_push64
2130: Pop64_pop6
2131: PUSH64 5d
2132: Pop64_push6
2133: PUSH64 40
2134: Pop64_pop6
2135: PUSH64 0
2136: PUSH64 5b
2137: Pop64_pop6
2138: PUSH64 0
2139: PUSH64 5a
2140: Pop64_pop6
2141: PUSH64 1
2142: PUSH64 51
2143: Pop64_pop6
2144: PUSH64 1
2145: PUSH64 59
2146: Pop64_pop6
2147: PUSH64 ffffffff //@@@@@@@Loop begin 1
2148: PUSH64 5c
2149: Pop64_pop6
2150: PUSH64 0
2151: PUSH64 52
2152: Pop64_pop6
2153: PUSH64 52 //@@@@@@@Loop begin 2
2154: Pop64_push6
2155: PUSH64 5a
2156: Pop64_push6
2157: Pop64_pop64_Add_push64
2158: PUSH64 51
2159: Pop64_push6
2160: PUSH64 7
2161: Pop64_pop64_Mul_push64
2162: Pop64_pop64_Add_push64
2163: PUSH64_2
2164: PUSH64 22
2165: Pop64_pop64_Div_push64
2166: PUSH64 22
2167: Pop64_pop64_Mul_push64
2168: PUSH64 ffffffff
2169: Pop64_pop64_Mul_push64
2170: Pop64_pop64_Add_push64 //得到余数
2171: PUSH64 1
2172: Pop64_pop64_Add_push64
2173: PUSH64 11d
2174: Pop64_pop64_Add_push64
2175: Pop64_push6 //查表
2176: PUSH64 9d
2177: PUSH64 51
2178: Pop64_push6
2179: Pop64_pop64_Add_push64
2180: Pop64_push6
2181: Pop64_pop64_Sete_push6
2182: PUSH64 0
2183: Pop64_pop64_Sete_push6
2184: Goto 2193 //
2185: PUSH64 52
2186: Pop64_push6
2187: PUSH64 5c
2188: Pop64_pop6
2189: PUSH64 0
2190: PUSH64 0
2191: Pop64_pop64_Sete_push6
2192: Goto 2204 //跳出循环
2193: PUSH64 52
2194: Pop64_push6
2195: PUSH64 1
2196: Pop64_pop64_Add_push64
2197: PUSH64 52
2198: Pop64_pop6
2199: PUSH64 52
2200: Pop64_push6
2201: PUSH64 22
2202: Pop64_pop64_Setb_push6
2203: Goto 2153 //@@@@@@Loop end 2
2204: PUSH64 5c
2205: Pop64_push6
2206: PUSH64 0
2207: Pop64_pop64_Setb_push6
2208: PUSH64 40
2209: Pop64_pop6
2210: PUSH64 5b
2211: Pop64_push6
2212: PUSH64 5c
2213: Pop64_push6
2214: PUSH64 59
2215: Pop64_push6
2216: Pop64_pop64_Mul_push64
2217: Pop64_pop64_Add_push64
2218: PUSH64 5b
2219: Pop64_pop6
2220: PUSH64 5a
2221: Pop64_push6
2222: PUSH64 3
2223: Pop64_pop64_Mul_push64
2224: PUSH64 5c
2225: Pop64_push6
2226: Pop64_pop64_Add_push64
2227: PUSH64_2
2228: PUSH64 64
2229: Pop64_pop64_Div_push64
2230: PUSH64 64
2231: Pop64_pop64_Mul_push64
2232: PUSH64 ffffffff
2233: Pop64_pop64_Mul_push64
2234: Pop64_pop64_Add_push64
2235: PUSH64 5a
2236: Pop64_pop6
2237: PUSH64 59
2238: Pop64_push6
2239: PUSH64 22
2240: Pop64_pop64_Mul_push64
2241: PUSH64 59
2242: Pop64_pop6
2243: PUSH64 51
2244: Pop64_push6
2245: PUSH64 1
2246: Pop64_pop64_Add_push64
2247: PUSH64 51
2248: Pop64_pop6
2249: PUSH64 51
2250: Pop64_push6
2251: PUSH64 9d
2252: Pop64_push6
2253: Pop64_pop64_Setbe_push6
2254: Goto 2147 //@@@@@@Loop end 1
//结果:---------------------------------------------------------------------
%%%%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+050*8
00127710 1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 ...... .......
00127720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00127730 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00127740 00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00 .T&..........
00127750 17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00 ........f.
00127760 33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00 3.......`V??..
00127770 00 00 00 00 00 00 00 00 ........
%%%%%%%%%%%%%%%%%%%%%%%%
2255: PUSH64 5b
2256: Pop64_push6 //取5b指向的000017BB:3FBC5660
2257: PUSH64_2
2258: PUSH64_2
2259: PUSH64 31
2260: Pop64_pop64_Div_push64 //000017BB:3FBC5660 /31=7B:FC138460
2261: PUSH64 31
2262: Pop64_pop64_Mul_push64
2263: PUSH64 ffffffff
2264: Pop64_pop64_Mul_push64
2265: Pop64_pop64_Add_push64 //17BB3FBC5660-31*7BFC138460=0
2266: PUSH64 46
2267: Pop64_pop6 //0保存到46处
2268: PUSH64 31
2269: Pop64_pop64_Div_push64 //000017BB:3FBC5660 /31=7B:FC138460
2270: PUSH64_2
2271: PUSH64_2
2272: PUSH64 98009680
2273: Pop64_pop64_Div_push64 //7BFC138460 /00989680=D003
2274: PUSH64 98009680
2275: Pop64_pop64_Mul_push64
2276: PUSH64 ffffffff
2277: Pop64_pop64_Mul_push64
2278: Pop64_pop64_Add_push64 //7BFC138460-989680*D003=1C0E0
2279: PUSH64 4c
2280: Pop64_pop6 //保存1C0E0到4C处
2281: PUSH64 98009680
2282: Pop64_pop64_Div_push64 //7BFC138460 /00989680=D003
2283: PUSH64 4d
2284: Pop64_pop6 //保存到4D处
2285: PUSH64 4a
2286: Pop64_push6 //取出4A处的02
2287: PUSH64 4d
2288: Pop64_push6 //取出4D处的D003
2289: PUSH64 3f
2290: Pop64_pop64_And_push6 //D003 and 3F=03
2291: Pop64_pop64_Xor_push6 //2 Xor 3=1
2292: PUSH64 4a
2293: Pop64_pop6 //保存到4A处
2294: PUSH64 0
2295: PUSH64 1
2296: PUSH64 ffffffff
2297: Pop64_pop64_Mul_push64
2298: Pop64_pop64_Add_push64
2299: PUSH64 4e
2300: Pop64_pop6 //保存-1到4E处
2301: PUSH64 4e
2302: PUSH64 45
2303: Pop64_push6 //取出0
2304: PUSH64 10 --------
2305: PUSH64 53
2306: Pop64_pop6 //保存10到53
2307: PUSH64 54
2308: Pop64_pop6 //保存0到54
2309: PUSH64 4f
2310: Pop64_pop6 //保存4E到4F
2311: PUSH64 4f //@@@@@@@
2312: Pop64_push6 //4F->4E
2313: Pop64_push6 //4E->-1
2314: PUSH64 8000
2315: Pop64_pop64_And_push6 //FFFFFFFF And 8000=8000
2316: PUSH64 0
2317: Pop64_pop64_Sete_push6 //al=0
2318: PUSH64 0
2319: Pop64_pop64_Sete_push6 //al=1
2320: PUSH64 55
2321: Pop64_pop6 //保存1到55处
2322: PUSH64 4f
2323: Pop64_push6 //4F->4E
2324: Pop64_push6 //4E->-1
2325: PUSH64 1
2326: Pop64_pop64_Shl_push6 //FFFFFFFF <<1= FFFFFFFE
2327: PUSH64 ffff
2328: Pop64_pop64_And_push6 //FFFE
2329: PUSH64 4f
2330: Pop64_push6 //4F->4E
2331: Pop64_pop6 //保存FFFE到4E处
2332: PUSH64 55
2333: Pop64_push6 //取出55处的1
2334: PUSH64 0
2335: Pop64_pop64_Sete_push6 //al=0
2336: PUSH64 54
2337: Pop64_push6 //取出54处的0
2338: PUSH64 1
2339: PUSH64 53
2340: Pop64_push6 //取53处的10
2341: PUSH64 1
2342: PUSH64 ffffffff
2343: Pop64_pop64_Mul_push64
2344: Pop64_pop64_Add_push64 //10-1=0F
2345: Pop64_pop64_Shl_push6 //1<<F=8000
2346: Pop64_pop64_And_push6 //0 and 8000 =0 ,base[54] and 8000
2347: PUSH64 0
2348: Pop64_pop64_Sete_push6 //al=1
2349: PUSH64 0
2350: Pop64_pop64_Sete_push6 //al=0
2351: Pop64_pop64_Xor_push6 //0 Xor 0=0,55处1反得0
2352: PUSH64 0
2353: Pop64_pop64_Sete_push6 //al=1
2354: PUSH64 0
2355: Pop64_pop64_Sete_push6 //al=0
2356: Goto 2365 //al=0,no jump
2357: PUSH64 4f
2358: Pop64_push6 //4F->4E
2359: Pop64_push6 //4E->FFFE
2360: PUSH64 8005
2361: Pop64_pop64_Xor_push6 //FFFE Xor 8005=7FFB
2362: PUSH64 4f
2363: Pop64_push6 //4F->4E
2364: Pop64_pop6 //保存7FFB到4E
2365: PUSH64 53
2366: Pop64_push6 //取53处的10
2367: PUSH64 1
2368: PUSH64 ffffffff
2369: Pop64_pop64_Mul_push64
2370: Pop64_pop64_Add_push64 //10-1=0F
2371: PUSH64 53
2372: Pop64_pop6 //0F保存到53
2373: PUSH64 53
2374: Pop64_push6 //取出53处的0F
2375: PUSH64 0
2376: Pop64_pop64_Setbe_push6 //F>0,al=0
2377: PUSH64 0
2378: Pop64_pop64_Sete_push6 //al=1
2379: Goto 2311 //@@@@@@@@@@@
%%%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+4a*8
001276E0 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ..............
001276F0 E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00 嗬.....?.....
00127700 EC FF 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 ?......N.......
00127710 1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 ...... .......
00127720 00 00 00 00 00 00 00 00 0E 00 00 00 00 00 00 00 ...............
00127730 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ...............
00127740 00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00 .T&..........
00127750 17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00 ........f.
00127760 33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00 3.......`V??..
00127770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
%%%%%%%%%%%%%%%%%%%%%%
2380: PUSH64 4e
2381: PUSH64 46 //参数
2382: Pop64_push6
2383: PUSH64 8 //参数 ------
2384: PUSH64 53
2385: Pop64_pop6
2386: PUSH64 54
2387: Pop64_pop6
2388: PUSH64 4f
2389: Pop64_pop6
2390: PUSH64 4f //
2391: Pop64_push6
2392: Pop64_push6
2393: PUSH64 8000
2394: Pop64_pop64_And_push6
2395: PUSH64 0
2396: Pop64_pop64_Sete_push6
2397: PUSH64 0
2398: Pop64_pop64_Sete_push6
2399: PUSH64 55
2400: Pop64_pop6
2401: PUSH64 4f
2402: Pop64_push6
2403: Pop64_push6
2404: PUSH64 1
2405: Pop64_pop64_Shl_push6
2406: PUSH64 ffff
2407: Pop64_pop64_And_push6
2408: PUSH64 4f
2409: Pop64_push6
2410: Pop64_pop6
2411: PUSH64 55
2412: Pop64_push6
2413: PUSH64 0
2414: Pop64_pop64_Sete_push6
2415: PUSH64 54
2416: Pop64_push6
2417: PUSH64 1
2418: PUSH64 53
2419: Pop64_push6
2420: PUSH64 1
2421: PUSH64 ffffffff
2422: Pop64_pop64_Mul_push64
2423: Pop64_pop64_Add_push64
2424: Pop64_pop64_Shl_push6
2425: Pop64_pop64_And_push6
2426: PUSH64 0
2427: Pop64_pop64_Sete_push6
2428: PUSH64 0
2429: Pop64_pop64_Sete_push6
2430: Pop64_pop64_Xor_push6
2431: PUSH64 0
2432: Pop64_pop64_Sete_push6
2433: PUSH64 0
2434: Pop64_pop64_Sete_push6
2435: Goto 2444
2436: PUSH64 4f
2437: Pop64_push6
2438: Pop64_push6
2439: PUSH64 8005
2440: Pop64_pop64_Xor_push6
2441: PUSH64 4f
2442: Pop64_push6
2443: Pop64_pop6
2444: PUSH64 53
2445: Pop64_push6
2446: PUSH64 1
2447: PUSH64 ffffffff
2448: Pop64_pop64_Mul_push64
2449: Pop64_pop64_Add_push64
2450: PUSH64 53
2451: Pop64_pop6
2452: PUSH64 53
2453: Pop64_push6
2454: PUSH64 0
2455: Pop64_pop64_Setbe_push6
2456: PUSH64 0
2457: Pop64_pop64_Sete_push6
2458: Goto 2390 //@@@@@@@@@@@@@@@
%%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+4a*8
001276E0 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ..............
001276F0 E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00 嗬.....?.....
00127700 03 8E 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 ?.....N.......
00127710 1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 ...... .......
00127720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00127730 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ...............
00127740 00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00 .T&..........
00127750 17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00 ........f.
00127760 33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00 3.......`V??..
00127770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
%%%%%%%%%%%%%%%%%%%%%
2459: PUSH64 4e
2460: PUSH64 47
2461: Pop64_push6
2462: PUSH64 8
2463: PUSH64 53
2464: Pop64_pop6
2465: PUSH64 54
2466: Pop64_pop6
2467: PUSH64 4f
2468: Pop64_pop6
2469: PUSH64 4f //
2470: Pop64_push6
2471: Pop64_push6
2472: PUSH64 8000
2473: Pop64_pop64_And_push6
2474: PUSH64 0
2475: Pop64_pop64_Sete_push6
2476: PUSH64 0
2477: Pop64_pop64_Sete_push6
2478: PUSH64 55
2479: Pop64_pop6
2480: PUSH64 4f
2481: Pop64_push6
2482: Pop64_push6
2483: PUSH64 1
2484: Pop64_pop64_Shl_push6
2485: PUSH64 ffff
2486: Pop64_pop64_And_push6
2487: PUSH64 4f
2488: Pop64_push6
2489: Pop64_pop6
2490: PUSH64 55
2491: Pop64_push6
2492: PUSH64 0
2493: Pop64_pop64_Sete_push6
2494: PUSH64 54
2495: Pop64_push6
2496: PUSH64 1
2497: PUSH64 53
2498: Pop64_push6
2499: PUSH64 1
2500: PUSH64 ffffffff
2501: Pop64_pop64_Mul_push64
2502: Pop64_pop64_Add_push64
2503: Pop64_pop64_Shl_push6
2504: Pop64_pop64_And_push6
2505: PUSH64 0
2506: Pop64_pop64_Sete_push6
2507: PUSH64 0
2508: Pop64_pop64_Sete_push6
2509: Pop64_pop64_Xor_push6
2510: PUSH64 0
2511: Pop64_pop64_Sete_push6
2512: PUSH64 0
2513: Pop64_pop64_Sete_push6
2514: Goto 2523
2515: PUSH64 4f
2516: Pop64_push6
2517: Pop64_push6
2518: PUSH64 8005
2519: Pop64_pop64_Xor_push6
2520: PUSH64 4f
2521: Pop64_push6
2522: Pop64_pop6
2523: PUSH64 53
2524: Pop64_push6
2525: PUSH64 1
2526: PUSH64 ffffffff
2527: Pop64_pop64_Mul_push64
2528: Pop64_pop64_Add_push64
2529: PUSH64 53
2530: Pop64_pop6
2531: PUSH64 53
2532: Pop64_push6
2533: PUSH64 0
2534: Pop64_pop64_Setbe_push6
2535: PUSH64 0
2536: Pop64_pop64_Sete_push6
2537: Goto 2469 //@@@@@@@@@@@@@@
%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+4a*8
001276E0 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ..............
001276F0 E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00 嗬.....?.....
00127700 DF 81 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 ......N.......
00127710 1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 ...... .......
00127720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00127730 54 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 T..............
00127740 00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00 .T&..........
00127750 17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00 ........f.
00127760 33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00 3.......`V??..
00127770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
%%%%%%%%%%%%%%%%%%%%
2538: PUSH64 4e
2539: PUSH64 48
2540: Pop64_push6
2541: PUSH64 8
2542: PUSH64 53
2543: Pop64_pop6
2544: PUSH64 54
2545: Pop64_pop6
2546: PUSH64 4f
2547: Pop64_pop6
2548: PUSH64 4f //
2549: Pop64_push6
2550: Pop64_push6
2551: PUSH64 8000
2552: Pop64_pop64_And_push6
2553: PUSH64 0
2554: Pop64_pop64_Sete_push6
2555: PUSH64 0
2556: Pop64_pop64_Sete_push6
2557: PUSH64 55
2558: Pop64_pop6
2559: PUSH64 4f
2560: Pop64_push6
2561: Pop64_push6
2562: PUSH64 1
2563: Pop64_pop64_Shl_push6
2564: PUSH64 ffff
2565: Pop64_pop64_And_push6
2566: PUSH64 4f
2567: Pop64_push6
2568: Pop64_pop6
2569: PUSH64 55
2570: Pop64_push6
2571: PUSH64 0
2572: Pop64_pop64_Sete_push6
2573: PUSH64 54
2574: Pop64_push6
2575: PUSH64 1
2576: PUSH64 53
2577: Pop64_push6
2578: PUSH64 1
2579: PUSH64 ffffffff
2580: Pop64_pop64_Mul_push64
2581: Pop64_pop64_Add_push64
2582: Pop64_pop64_Shl_push6
2583: Pop64_pop64_And_push6
2584: PUSH64 0
2585: Pop64_pop64_Sete_push6
2586: PUSH64 0
2587: Pop64_pop64_Sete_push6
2588: Pop64_pop64_Xor_push6
2589: PUSH64 0
2590: Pop64_pop64_Sete_push6
2591: PUSH64 0
2592: Pop64_pop64_Sete_push6
2593: Goto 2602
2594: PUSH64 4f
2595: Pop64_push6
2596: Pop64_push6
2597: PUSH64 8005
2598: Pop64_pop64_Xor_push6
2599: PUSH64 4f
2600: Pop64_push6
2601: Pop64_pop6
2602: PUSH64 53
2603: Pop64_push6
2604: PUSH64 1
2605: PUSH64 ffffffff
2606: Pop64_pop64_Mul_push64
2607: Pop64_pop64_Add_push64
2608: PUSH64 53
2609: Pop64_pop6
2610: PUSH64 53
2611: Pop64_push6
2612: PUSH64 0
2613: Pop64_pop64_Setbe_push6
2614: PUSH64 0
2615: Pop64_pop64_Sete_push6
2616: Goto 2548 //@@@@@@@@@@@@@@@@@@@
%%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+4a*8
001276E0 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ..............
001276F0 E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00 嗬.....?.....
00127700 9B 5D 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 ......N.......
00127710 1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 ...... .......
00127720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00127730 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E...............
00127740 00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00 .T&..........
00127750 17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00 ........f.
00127760 33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00 3.......`V??..
00127770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
%%%%%%%%%%%%%%%%%%%%%
2617: PUSH64 4e
2618: PUSH64 49
2619: Pop64_push6
2620: PUSH64 8
2621: PUSH64 53
2622: Pop64_pop6
2623: PUSH64 54
2624: Pop64_pop6
2625: PUSH64 4f
2626: Pop64_pop6
2627: PUSH64 4f //
2628: Pop64_push6
2629: Pop64_push6
2630: PUSH64 8000
2631: Pop64_pop64_And_push6
2632: PUSH64 0
2633: Pop64_pop64_Sete_push6
2634: PUSH64 0
2635: Pop64_pop64_Sete_push6
2636: PUSH64 55
2637: Pop64_pop6
2638: PUSH64 4f
2639: Pop64_push6
2640: Pop64_push6
2641: PUSH64 1
2642: Pop64_pop64_Shl_push6
2643: PUSH64 ffff
2644: Pop64_pop64_And_push6
2645: PUSH64 4f
2646: Pop64_push6
2647: Pop64_pop6
2648: PUSH64 55
2649: Pop64_push6
2650: PUSH64 0
2651: Pop64_pop64_Sete_push6
2652: PUSH64 54
2653: Pop64_push6
2654: PUSH64 1
2655: PUSH64 53
2656: Pop64_push6
2657: PUSH64 1
2658: PUSH64 ffffffff
2659: Pop64_pop64_Mul_push64
2660: Pop64_pop64_Add_push64
2661: Pop64_pop64_Shl_push6
2662: Pop64_pop64_And_push6
2663: PUSH64 0
2664: Pop64_pop64_Sete_push6
2665: PUSH64 0
2666: Pop64_pop64_Sete_push6
2667: Pop64_pop64_Xor_push6
2668: PUSH64 0
2669: Pop64_pop64_Sete_push6
2670: PUSH64 0
2671: Pop64_pop64_Sete_push6
2672: Goto 2681
2673: PUSH64 4f
2674: Pop64_push6
2675: Pop64_push6
2676: PUSH64 8005
2677: Pop64_pop64_Xor_push6
2678: PUSH64 4f
2679: Pop64_push6
2680: Pop64_pop6
2681: PUSH64 53
2682: Pop64_push6
2683: PUSH64 1
2684: PUSH64 ffffffff
2685: Pop64_pop64_Mul_push64
2686: Pop64_pop64_Add_push64
2687: PUSH64 53
2688: Pop64_pop6
2689: PUSH64 53
2690: Pop64_push6
2691: PUSH64 0
2692: Pop64_pop64_Setbe_push6
2693: PUSH64 0
2694: Pop64_pop64_Sete_push6
2695: Goto 2627 //@@@@@@@@@@@@@@@@@
%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+4a*8
001276E0 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ..............
001276F0 E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00 嗬.....?.....
00127700 98 9A 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 ......N.......
00127710 1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 ...... .......
00127720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00127730 19 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ..............
00127740 00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00 .T&..........
00127750 17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00 ........f.
00127760 33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00 3.......`V??..
00127770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
%%%%%%%%%%%%%%%%
2696: PUSH64 4e
2697: PUSH64 4a
2698: Pop64_push6
2699: PUSH64 8
2700: PUSH64 53
2701: Pop64_pop6
2702: PUSH64 54
2703: Pop64_pop6
2704: PUSH64 4f
2705: Pop64_pop6
2706: PUSH64 4f //
2707: Pop64_push6
2708: Pop64_push6
2709: PUSH64 8000
2710: Pop64_pop64_And_push6
2711: PUSH64 0
2712: Pop64_pop64_Sete_push6
2713: PUSH64 0
2714: Pop64_pop64_Sete_push6
2715: PUSH64 55
2716: Pop64_pop6
2717: PUSH64 4f
2718: Pop64_push6
2719: Pop64_push6
2720: PUSH64 1
2721: Pop64_pop64_Shl_push6
2722: PUSH64 ffff
2723: Pop64_pop64_And_push6
2724: PUSH64 4f
2725: Pop64_push6
2726: Pop64_pop6
2727: PUSH64 55
2728: Pop64_push6
2729: PUSH64 0
2730: Pop64_pop64_Sete_push6
2731: PUSH64 54
2732: Pop64_push6
2733: PUSH64 1
2734: PUSH64 53
2735: Pop64_push6
2736: PUSH64 1
2737: PUSH64 ffffffff
2738: Pop64_pop64_Mul_push64
2739: Pop64_pop64_Add_push64
2740: Pop64_pop64_Shl_push6
2741: Pop64_pop64_And_push6
2742: PUSH64 0
2743: Pop64_pop64_Sete_push6
2744: PUSH64 0
2745: Pop64_pop64_Sete_push6
2746: Pop64_pop64_Xor_push6
2747: PUSH64 0
2748: Pop64_pop64_Sete_push6
2749: PUSH64 0
2750: Pop64_pop64_Sete_push6
2751: Goto 2760
2752: PUSH64 4f
2753: Pop64_push6
2754: Pop64_push6
2755: PUSH64 8005
2756: Pop64_pop64_Xor_push6
2757: PUSH64 4f
2758: Pop64_push6
2759: Pop64_pop6
2760: PUSH64 53
2761: Pop64_push6
2762: PUSH64 1
2763: PUSH64 ffffffff
2764: Pop64_pop64_Mul_push64
2765: Pop64_pop64_Add_push64
2766: PUSH64 53
2767: Pop64_pop6
2768: PUSH64 53
2769: Pop64_push6
2770: PUSH64 0
2771: Pop64_pop64_Setbe_push6
2772: PUSH64 0
2773: Pop64_pop64_Sete_push6
2774: Goto 2706 //@@@@@@@@@@@@
%%%%%%%%%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+4a*8
001276E0 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ..............
001276F0 E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00 嗬.....?.....
00127700 59 1B 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 Y......N.......
00127710 1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 ...... .......
00127720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00127730 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...............
00127740 00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00 .T&..........
00127750 17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00 ........f.
00127760 33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00 3.......`V??..
00127770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
%%%%%%%%%%%%%%%%%%%%%%%%%%
2775: PUSH64 4e
2776: PUSH64 4b
2777: Pop64_push6
2778: PUSH64 10
2779: PUSH64 53
2780: Pop64_pop6
2781: PUSH64 54
2782: Pop64_pop6
2783: PUSH64 4f
2784: Pop64_pop6
2785: PUSH64 4f //
2786: Pop64_push6
2787: Pop64_push6
2788: PUSH64 8000
2789: Pop64_pop64_And_push6
2790: PUSH64 0
2791: Pop64_pop64_Sete_push6
2792: PUSH64 0
2793: Pop64_pop64_Sete_push6
2794: PUSH64 55
2795: Pop64_pop6
2796: PUSH64 4f
2797: Pop64_push6
2798: Pop64_push6
2799: PUSH64 1
2800: Pop64_pop64_Shl_push6
2801: PUSH64 ffff
2802: Pop64_pop64_And_push6
2803: PUSH64 4f
2804: Pop64_push6
2805: Pop64_pop6
2806: PUSH64 55
2807: Pop64_push6
2808: PUSH64 0
2809: Pop64_pop64_Sete_push6
2810: PUSH64 54
2811: Pop64_push6
2812: PUSH64 1
2813: PUSH64 53
2814: Pop64_push6
2815: PUSH64 1
2816: PUSH64 ffffffff
2817: Pop64_pop64_Mul_push64
2818: Pop64_pop64_Add_push64
2819: Pop64_pop64_Shl_push6
2820: Pop64_pop64_And_push6
2821: PUSH64 0
2822: Pop64_pop64_Sete_push6
2823: PUSH64 0
2824: Pop64_pop64_Sete_push6
2825: Pop64_pop64_Xor_push6
2826: PUSH64 0
2827: Pop64_pop64_Sete_push6
2828: PUSH64 0
2829: Pop64_pop64_Sete_push6
2830: Goto 2839
2831: PUSH64 4f
2832: Pop64_push6
2833: Pop64_push6
2834: PUSH64 8005
2835: Pop64_pop64_Xor_push6
2836: PUSH64 4f
2837: Pop64_push6
2838: Pop64_pop6
2839: PUSH64 53
2840: Pop64_push6
2841: PUSH64 1
2842: PUSH64 ffffffff
2843: Pop64_pop64_Mul_push64
2844: Pop64_pop64_Add_push64
2845: PUSH64 53
2846: Pop64_pop6
2847: PUSH64 53
2848: Pop64_push6
2849: PUSH64 0
2850: Pop64_pop64_Setbe_push6
2851: PUSH64 0
2852: Pop64_pop64_Sete_push6
2853: Goto 2785 //@@@@@@@@@@@@@@@@@@
%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+4a*8
001276E0 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ..............
001276F0 E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00 嗬.....?.....
00127700 D3 DB 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 盂......N.......
00127710 1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 ...... .......
00127720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00127730 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...............
00127740 00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00 .T&..........
00127750 17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00 ........f.
00127760 33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00 3.......`V??..
00127770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
%%%%%%%%%%%%%%%%%%
2854: PUSH64 4e
2855: PUSH64 4c
2856: Pop64_push6
2857: PUSH64 20
2858: PUSH64 53
2859: Pop64_pop6
2860: PUSH64 54
2861: Pop64_pop6
2862: PUSH64 4f
2863: Pop64_pop6
2864: PUSH64 4f //
2865: Pop64_push6
2866: Pop64_push6
2867: PUSH64 8000
2868: Pop64_pop64_And_push6
2869: PUSH64 0
2870: Pop64_pop64_Sete_push6
2871: PUSH64 0
2872: Pop64_pop64_Sete_push6
2873: PUSH64 55
2874: Pop64_pop6
2875: PUSH64 4f
2876: Pop64_push6
2877: Pop64_push6
2878: PUSH64 1
2879: Pop64_pop64_Shl_push6
2880: PUSH64 ffff
2881: Pop64_pop64_And_push6
2882: PUSH64 4f
2883: Pop64_push6
2884: Pop64_pop6
2885: PUSH64 55
2886: Pop64_push6
2887: PUSH64 0
2888: Pop64_pop64_Sete_push6
2889: PUSH64 54
2890: Pop64_push6
2891: PUSH64 1
2892: PUSH64 53
2893: Pop64_push6
2894: PUSH64 1
2895: PUSH64 ffffffff
2896: Pop64_pop64_Mul_push64
2897: Pop64_pop64_Add_push64
2898: Pop64_pop64_Shl_push6
2899: Pop64_pop64_And_push6
2900: PUSH64 0
2901: Pop64_pop64_Sete_push6
2902: PUSH64 0
2903: Pop64_pop64_Sete_push6
2904: Pop64_pop64_Xor_push6
2905: PUSH64 0
2906: Pop64_pop64_Sete_push6
2907: PUSH64 0
2908: Pop64_pop64_Sete_push6
2909: Goto 2918
2910: PUSH64 4f
2911: Pop64_push6
2912: Pop64_push6
2913: PUSH64 8005
2914: Pop64_pop64_Xor_push6
2915: PUSH64 4f
2916: Pop64_push6
2917: Pop64_pop6
2918: PUSH64 53
2919: Pop64_push6
2920: PUSH64 1
2921: PUSH64 ffffffff
2922: Pop64_pop64_Mul_push64
2923: Pop64_pop64_Add_push64
2924: PUSH64 53
2925: Pop64_pop6
2926: PUSH64 53
2927: Pop64_push6
2928: PUSH64 0
2929: Pop64_pop64_Setbe_push6
2930: PUSH64 0
2931: Pop64_pop64_Sete_push6
2932: Goto 2864 //@@@@@@@@@@@@@@@@@@
%%%%%%%%%%%%%%%%%%
d ebp+0FFFF7FE0+4a*8
001276E0 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ..............
001276F0 E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00 嗬.....?.....
00127700 03 D0 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 ?.....N.......
00127710 1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 ...... .......
00127720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00127730 E0 C0 01 00 00 00 00 00 01 00 00 00 00 00 00 00 嗬............
00127740 00 54 26 01 00 00 00 00 F0 98 00 00 00 00 00 00 .T&..........
00127750 17 00 00 00 00 00 00 00 00 84 B6 66 8A 55 07 00 ........f.
00127760 33 00 00 00 00 00 00 00 60 56 BC 3F BB 17 00 00 3.......`V??..
00127770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
%%%%%%%%%%%%%%%%%%
2933: PUSH64 4e
2934: Pop64_push6 //
2935: PUSH64 4d
2936: Pop64_push6
2937: Pop64_pop64_Sete_push6 //D003=D003,al=1
2938: PUSH64 0
2939: Pop64_pop64_Sete_push6 //al=0
2940: PUSH64 40
2941: Pop64_pop6 //保存0到40处
2942: PUSH64 45
2943: Pop64_push6 //取45处的0
2944: PUSH64 44
2945: Pop64_push6 //取44处的12F5E7
d ebp+0FFFF7FE0+44*8
001276B0 E7 F5 12 00 00 00 00 00 00 00 00 00 00 00 00 00 珲.............
001276C0 00 00 00 00 00 00 00 00 54 00 00 00 00 00 00 00 ........T.......
001276D0 45 00 00 00 00 00 00 00 19 00 00 00 00 00 00 00 E..............
001276E0 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ..............
001276F0 E0 C0 01 00 00 00 00 00 03 D0 00 00 00 00 00 00 嗬.....?.....
4C,到这里结束
00127700 03 D0 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 ?.....N.......
00127710 1E 01 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 ...... .......
00127720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00127730 E0 C0 01 00 00 00 00 00 01 00 00 00 00 00 00 00 嗬............
最终结果
0012F5E7 00 00 00 54 45 19 01 01 00 E0 C0 01 00 ...TE.嗬.
2946: PUSH64 0
2947: Pop64_pop64_Add_push64 //0012F5E7+0=0012F5E7,这是结果的地址
2948: Pop64_push64_Word //*****word1,开始保存结果 ,0
2949: PUSH64 46
2950: Pop64_push6 //取46处的0
2951: PUSH64 44
2952: Pop64_push6 //取44处的12F5E7
2953: PUSH64 2
2954: Pop64_pop64_Add_push64 //地址加2
2955: Pop64_push64_Byte //*****byte1,0
2956: PUSH64 47
2957: Pop64_push6 //取47处的
2958: PUSH64 44
2959: Pop64_push6
2960: PUSH64 3
2961: Pop64_pop64_Add_push64
2962: Pop64_push64_Byte //*****byte2
2963: PUSH64 48
2964: Pop64_push6
2965: PUSH64 44
2966: Pop64_push6
2967: PUSH64 4
2968: Pop64_pop64_Add_push64
2969: Pop64_push64_Byte //*****byte3
2970: PUSH64 49
2971: Pop64_push6
2972: PUSH64 44
2973: Pop64_push6
2974: PUSH64 5
2975: Pop64_pop64_Add_push64
2976: Pop64_push64_Byte //*****byte4
2977: PUSH64 4a
2978: Pop64_push6
2979: PUSH64 44
2980: Pop64_push6
2981: PUSH64 6
2982: Pop64_pop64_Add_push64
2983: Pop64_push64_Byte //******byte5
2984: PUSH64 4b
2985: Pop64_push6
2986: PUSH64 44
2987: Pop64_push6
2988: PUSH64 7
2989: Pop64_pop64_Add_push64
2990: Pop64_push64_Word //********word2
2991: PUSH64 4c
2992: Pop64_push6
2993: PUSH64 44
2994: Pop64_push6
2995: PUSH64 9
2996: Pop64_pop64_Add_push64
2997: Pop64_push64_DWord //*****DWord
2998: VMend
5.注册机
检查注册码的结果保存在一个结构里面:
校验注册码的代码的c实现:代码:
typedef struct result
{
unsigned short Time; //45
//30959(1990.1),Not equal with 30E0B,
//00030959=199001
//0030E0B=200203,等于200203时要检验黑名单
char a ; //46
// ;<=0,设为0
char t ; //47
//54'T'
char e ; //48
//45'E'
char v ; //49
//19=25,版本号为2.5,
char flag ; //4A
//1,为1表示true
unsigned short c; //4B
//01,01F4,2,63,3E8,7CF
//;为1时,直接去比较时间是否为200203
//;2《=x《=63 good boy
//;63《x《1F4 bad boy
//;1F4《=x《=3E7 good boy
//;3E8《=x《=7CF good boy
//;》7CF bad boy
//;为其他值时,时间必须不等于200203
int remainder ; //4C
//0001C0E0 ,必须不在黑名单内
} RESULT;
算注册码调用kegen()就行了代码:
init_tab('T','E',(char)0x19);
base5B=calc_result( serial);
r.Time= (unsigned short)(base5B % 0x258);//0x258=600
sang= (unsigned short)(base5B / 0x258);
r.flag= (char)(sang / 0x7D0);//0x7D0=2000
r.c=sang % 0x7D0;
base5B=calc_result( serial2);
a=base5B / 0x31;
r.a=(char)(base5B % 0x31);//0
base4D=(unsigned long)(a /0x00989680);//CheckSum
r.remainder=(int)(a % 0x00989680);
r.flag=(char)(r.flag ^ (base4D & 0x3F));
if (CheckSum(r)==base4D)
{
MessageBox(hDlg,"CheckSum OK.","CheckSum",0);
}
代码:
void keygen(void)
{
RESULT r;
unsigned long iCheckSum;
UINT64 temp,base5B;
int flag;
char *p=serials;
BOOL bOK;
r.Time=0;
r.a=0;
r.t='T';
r.e='E';
r.v=(char)0x19;//2.5
r.flag=1;
r.c=1;
do
{
r.remainder= (GetTickCount() * rand()) % 0x00989680;//生成随机数
//r.remainder=0x1C0E0;
iCheckSum=CheckSum(r);
temp=r.remainder+((INT64)(iCheckSum))*0x00989680;
base5B=temp*0x31;
//base5B=0x000017bb3fbc5660;
//判断base5B的合法性
bOK=GetSerial(p,12,23,base5B);
if(bOK)
{
flag=(iCheckSum & 0x3F) ^ (r.flag);
temp=r.c+ flag * 0x7D0;
base5B=temp*0x258;
bOK= GetSerial(p,5,11,base5B);
}
}while(!bOK);
bOK=!bOK;
}
其他代码:
代码:
// TE25-PKNB-NP8P-SRPV-SFW6
// 00 00 00 54 45 19 01 01 00 E0 C0 01 00
// [45] 46 47 48 49 4A [4B ] [4C]
//[43]:存放序列号地址PSerial
//[44]:存放结果的地址,pResult,12F5E7
//[45]:base[45]=base[5B] mod 258
//[46]: base[46]=base[5B] mod 31
//[4A]:base[4A]=sang / 7D0,base[4A]=base[4A] Xor (base[4D] and 3F)=1
//sang=base[5B]/258
//[4B]:base[4B]=sang mod 7D0
//[4C]: base[4C]=a mod 常数,7BFC138460-989680*D003=1C0E0,保存到4C,
//a=base[5B]/31的商
//[4D]:CRCsum, base[4D]=a/常数,7BFC138460 /00989680=D003 ,保存到4D
//*********Result由Base[5B]而来
//[4E]:CRCsum,初始化为-1
//[4F]:base[4F]=4E,指向4E
//[50]:存放43,ppSerial
//[51]:计数器i
//[52]:计数器j
//[53]:base[53]=10(8,20),初始化
//[54]:base[54]=0(base[45]),数据,求CRC16
//[55]:base[55]存放[4E]的TopBit
//[56]:base[56]=16A4(即T*E)*1A(19+1)=24CA8 切入点
//[57]:base[57]=(base[51] *(base[56] and 3)) xor 0x98B2 //0x98B2 is constant
//[58]:保存余数
//[59]:base[59]=base[59] *22
//[5A]:base[5A]=(base[5A]*3 +base[5C]) mod 64
//[5B]:base[5B]=base[5C] * base[59] + base[5B],************
//[5C]:base[5C],比较的结果,0或1
//[5D]:保存长度
//5D-43+1=1B(27)
//[5E]:无此变量
void init_tab(char t,char e,char v)
//t='T',e='E',v='\19'(2.5)
{
char *str="ABCDEFGHIJKLMNOPQRSTUVWXYZ23456789";
char aa[35]={0};
char *str2=aa;//"ABCDEFGHIJKLMNOPQRSTUVWXYZ23456789";
//str2="NFOPRTSUIQWXYVZ2354678B9AEDGCHJKLM"
int base56,base57,base58;
int i,j;
base56=t*e*(v+1);
for (i=0;i<0x22;i++)
{
base57=(i *(base56 & 3)) ^ 0x98B2 ; //0x98B2 is constant
base56=(base56 >>2) | ((base56 & 3) << 0x17);
for (j=0;j<0x22;j++)
{
base58=(base57+j) % 0x22; //base58可能会产生冲突
if (*(str2+base58)==0)
{
*(str2+base58)=*(str+i);
break;
}
}
}
printf("str2=%s\n",str2);
}
UINT64 calc_result(const char serial[])
//serial[]={(char)0x6,'P','K','N','B','N','P'}
//serial[] 06 50 4B 4E 42 4E 50
//P K N B N P
{
int base5C;
UINT64 base59=1,base5A=0,base5B=0;
int i,j;
int index;
char *str2="NFOPRTSUIQWXYVZ2354678B9AEDGCHJKLM";
//34中取6个数的排列P(34,6)=(34*33*32*31*30*29)=968330880
for (i=1;i<=serial[0];i++)
{
base5C=-1;
for (j=0;j<0x22;j++)
{
index=(int)(((base5A + j)+i *7) % 0x22) ;
//非顺序查找,base5C为查找成功所需要的次数
if (*(str2+index) == serial[i])
{
base5C=j;
}
}////base5C=1E(i=1),15(i=2)
base5B=base5C * base59 + base5B;
base5A=(base5A*3 +base5C) % 0x64;
base59=base59 * 0x22; //22^5=2B54A20
}
//51-5C
//00127718 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
//00127728 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
//00127738 00 00 00 00 00 00 00 00 00 54 26 01 00 00 00 00 .........T&.....
//00127748 F0 98 00 00 00 00 00 00 17 00 00 00 00 00 00 00 ..............
//00127758 40 D8 13 5C 00 00 00 00 5B 00 00 00 00 00 00 00 @?\....[.......
//00127768 58 A1 24 00 00 00 00 00 00 00 00 00 00 00 00 00 X?.............
index=0;
return base5B;
}
unsigned long CheckSum(RESULT r)
{
unsigned long remainder = 0xFFFF;
int byte;
unsigned char bit;
unsigned char message[13]={'\0','\0','\0','T', 'E', (char)0x19, '\01', '\01','\0',0xE0, 0xC0,0x01,'\0'};
unsigned const char *p =message;
int TopBit,flag;
int i,j;
int Time=0;
char c=0;
int d=1;
int e=r.remainder;//e=0x1C0E0;
for(i=16;i>0;i--)
{
if( (remainder & 0x8000) )
TopBit=1;
else
TopBit=0;
if ((Time) & (1 << (i-1) ))
flag=1;
else
flag=0;
remainder=(remainder << 1 ) & 0xFFFF;
if (! ((!TopBit) ^ flag))
remainder=remainder ^ 0x8005;
//7FFB,FFF6,7FE9,FFD2,7FA1,FF42,7E81,FD02
//7A01,F402,6801,D002,2001,4002,8004,800D
}
for (j=2;j<7;j++)
{
for(i=8;i>0;i--)
{
if( (remainder & 0x8000) )
TopBit=1;
else
TopBit=0;
if ((message[j]) & (1 << (i-1) ))
flag=1;
else
flag=0;
remainder=(remainder << 1 ) & 0xFFFF;
if (! ((!TopBit) ^ flag))
remainder=remainder ^ 0x8005;
//801F,803B,8073,80E3,81C3,8383,8703,8E03
//9C03,3806,700C,E018(^0x8005=0x601D),
}
}
for(i=16;i>0;i--)
{
if( (remainder & 0x8000) )
TopBit=1;
else
TopBit=0;
if ((d) & (1 << (i-1) ))
flag=1;
else
flag=0;
remainder=(remainder << 1 ) & 0xFFFF;
if (! ((!TopBit) ^ flag))
remainder=remainder ^ 0x8005;
}
for(i=32;i>0;i--)
{
if( (remainder & 0x8000) )
TopBit=1;
else
TopBit=0;
if ((e) & (1 << (i-1) ))
flag=1;
else
flag=0;
remainder=(remainder << 1 ) & 0xFFFF;
if (! ((!TopBit) ^ flag))
remainder=remainder ^ 0x8005;
}
return remainder;
}
BOOL GetSerial(char *pSerial,int iStart, int iEnd,UINT64 base5B)
//
{
const char * str2="NFOPRTSUIQWXYVZ2354678B9AEDGCHJKLM";
int i,j,k,index=-1;
UINT64 pow=1;//base59
UINT64 base5A=0;
int base5C[25]={-1};
int aa=0;
if (iEnd==23)
aa=2;
if(iEnd==11)
aa=1;
for (i=iEnd-aa;i>iStart;i--)
{
pow*=0x22;
}
//base5B 0x000017bb3fbc5660
// a 0x0000007bfc138460
// e,9,2,17,10,1b,1a,14,e,0
//base5B=0x000017bb3fbc5660;
for (i=iEnd;i>=iStart;i--)
{
if ((i+1)%5!=0)
{
base5C[i]=(int)(base5B / pow);
if(base5C[i]>=0x22)
return false;
base5B=base5B % pow;
pow/=0x22;
}
if ((i==iStart) && (base5B!=0))
{
return false;
}
}
k=1;
for (i=iStart;i<=iEnd;i++)
{
//解base5A=(base5A*3 +base5C) % 0x64;
//注意左右两边的base5A不相等
//base5A的初始值为0,
//第二次:base5A=base5C % 0x64;
//又0<=basc5C<0x22,故base5A=base5C
//第三次:base5A=base5C
//
//
//base5A: 0,
//base5C:
if ((i+1)%5==0)
{
*(pSerial+i)='-';
i++;
}
index=(int)(((base5A + base5C[i])+k *7) % 0x22) ;
base5A=(base5A*3 +base5C[i]) % 0x64;
*(pSerial+i)=*(str2+index);
k++;
}
return true;
}
其他代码:
idb文件:
TMPGEnc.IDB.BY.winndy.rar
注册机源码放出来:
TMPGEnc PLUS.Keygen.By.winndy.zip
反汇编出来的代码:
反汇编出来的VMCode.By.winndy.zip
