一个电子白板程序的浮点运算学习
本帖最后由 crackvip 于 2015-5-31 18:49 编辑因为是国产软件,所以就不详细公布
注册算法在一个DLL里面
这里记录一下
6E082850 >6A FF PUSH -0x1 ; 取取了机器码
6E082852 68 7C44096E PUSH RegModul.6E09447C
6E082857 64:A1 00000000MOV EAX, DWORD PTR FS:
6E08285D 50 PUSH EAX
6E08285E 83EC 2C SUB ESP, 0x2C
6E082861 A1 9CB0096E MOV EAX, DWORD PTR DS:
6E082866 33C4 XOR EAX, ESP
6E082868 894424 28 MOV DWORD PTR SS:[ESP+0x28], EAX
6E08286C 53 PUSH EBX
6E08286D 55 PUSH EBP
6E08286E 56 PUSH ESI ; 机器码入栈
6E08286F 57 PUSH EDI
6E082870 A1 9CB0096E MOV EAX, DWORD PTR DS:
6E082875 33C4 XOR EAX, ESP
6E082877 50 PUSH EAX
6E082878 8D4424 40 LEA EAX, DWORD PTR SS:[ESP+0x40]
6E08287C 64:A3 00000000MOV DWORD PTR FS:, EAX
6E082882 8B4C24 54 MOV ECX, DWORD PTR SS:[ESP+0x54] ; 机器码到ECX
6E082886 8B7C24 50 MOV EDI, DWORD PTR SS:[ESP+0x50]
6E08288A 33D2 XOR EDX, EDX
6E08288C 897C24 20 MOV DWORD PTR SS:[ESP+0x20], EDI
6E082890 895424 24 MOV DWORD PTR SS:[ESP+0x24], EDX
6E082894 3BCA CMP ECX, EDX
6E082896 75 19 JNZ SHORT RegModul.6E0828B1
6E082898 68 1468096E PUSH RegModul.6E096814
6E08289D 8D4F 04 LEA ECX, DWORD PTR DS:[EDI+0x4]
6E0828A0 FF15 4851096E CALL NEAR DWORD PTR DS:[<&MSVCP90.std>; msvcp90.std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >
6E0828A6 C707 2478096E MOV DWORD PTR DS:[EDI], RegModul.6E0>; P3
6E0828AC E9 FB030000 JMP RegModul.6E082CAC
6E0828B1 33C0 XOR EAX, EAX
6E0828B3 894424 29 MOV DWORD PTR SS:[ESP+0x29], EAX
6E0828B7 894424 2D MOV DWORD PTR SS:[ESP+0x2D], EAX
6E0828BB 894424 31 MOV DWORD PTR SS:[ESP+0x31], EAX
6E0828BF 894424 35 MOV DWORD PTR SS:[ESP+0x35], EAX
6E0828C3 A1 283C0A6E MOV EAX, DWORD PTR DS:
6E0828C8 33F6 XOR ESI, ESI
6E0828CA 33ED XOR EBP, EBP
6E0828CC 885424 28 MOV BYTE PTR SS:[ESP+0x28], DL
6E0828D0 897424 14 MOV DWORD PTR SS:[ESP+0x14], ESI
6E0828D4 83F8 0A CMP EAX, 0xA
6E0828D7 0F87 9B000000 JA RegModul.6E082978
6E0828DD FF2485 D02C086E JMP NEAR DWORD PTR DS:[EAX*4+0x6E082>
6E0828E4 BE 03000000 MOV ESI, 0x3
6E0828E9 8D6E 01 LEA EBP, DWORD PTR DS:[ESI+0x1]
6E0828EC 8D56 02 LEA EDX, DWORD PTR DS:[ESI+0x2]
6E0828EF E9 80000000 JMP RegModul.6E082974
6E0828F4 BE 06000000 MOV ESI, 0x6
6E0828F9 8D6E 01 LEA EBP, DWORD PTR DS:[ESI+0x1]
6E0828FC 8D56 02 LEA EDX, DWORD PTR DS:[ESI+0x2]
6E0828FF EB 73 JMP SHORT RegModul.6E082974
6E082901 BE 0D000000 MOV ESI, 0xD
6E082906 8D6E 01 LEA EBP, DWORD PTR DS:[ESI+0x1] ; E
6E082909 8D56 02 LEA EDX, DWORD PTR DS:[ESI+0x2] ; F
6E08290C EB 66 JMP SHORT RegModul.6E082974
6E08290E BE 19000000 MOV ESI, 0x19
6E082913 8D6E 04 LEA EBP, DWORD PTR DS:[ESI+0x4]
6E082916 8D56 06 LEA EDX, DWORD PTR DS:[ESI+0x6]
6E082919 EB 59 JMP SHORT RegModul.6E082974
6E08291B BE 23000000 MOV ESI, 0x23
6E082920 8D6E 08 LEA EBP, DWORD PTR DS:[ESI+0x8]
6E082923 8D56 05 LEA EDX, DWORD PTR DS:[ESI+0x5]
6E082926 EB 4C JMP SHORT RegModul.6E082974
6E082928 BE 1F000000 MOV ESI, 0x1F
6E08292D 8D6E 0B LEA EBP, DWORD PTR DS:[ESI+0xB]
6E082930 8D56 F8 LEA EDX, DWORD PTR DS:[ESI-0x8]
6E082933 EB 3F JMP SHORT RegModul.6E082974
6E082935 BE 0B000000 MOV ESI, 0xB
6E08293A 8D6E 15 LEA EBP, DWORD PTR DS:[ESI+0x15]
6E08293D 8D56 1A LEA EDX, DWORD PTR DS:[ESI+0x1A]
6E082940 EB 32 JMP SHORT RegModul.6E082974
6E082942 BE 0F000000 MOV ESI, 0xF
6E082947 8D6E 01 LEA EBP, DWORD PTR DS:[ESI+0x1]
6E08294A 8D56 0B LEA EDX, DWORD PTR DS:[ESI+0xB]
6E08294D EB 25 JMP SHORT RegModul.6E082974
6E08294F BE 12000000 MOV ESI, 0x12
6E082954 8D6E F4 LEA EBP, DWORD PTR DS:[ESI-0xC]
6E082957 8D56 0A LEA EDX, DWORD PTR DS:[ESI+0xA]
6E08295A EB 18 JMP SHORT RegModul.6E082974
6E08295C BE 0C000000 MOV ESI, 0xC
6E082961 8D6E 01 LEA EBP, DWORD PTR DS:[ESI+0x1]
6E082964 8D56 1A LEA EDX, DWORD PTR DS:[ESI+0x1A]
6E082967 EB 0B JMP SHORT RegModul.6E082974
6E082969 BE 13000000 MOV ESI, 0x13
6E08296E 8D6E 02 LEA EBP, DWORD PTR DS:[ESI+0x2]
6E082971 8D56 0D LEA EDX, DWORD PTR DS:[ESI+0xD]
6E082974 897424 14 MOV DWORD PTR SS:[ESP+0x14], ESI ; 这里是将ESI传入,ESI=D
6E082978 8BC1 MOV EAX, ECX
6E08297A 8D48 01 LEA ECX, DWORD PTR DS:[EAX+0x1] ; 机器码的第1位
6E08297D 8D49 00 LEA ECX, DWORD PTR DS:[ECX]
6E082980 8A18 MOV BL, BYTE PTR DS:[EAX] ; 第一位ASCII到BL
6E082982 40 INC EAX
6E082983 84DB TEST BL, BL
6E082985^ 75 F9 JNZ SHORT RegModul.6E082980
6E082987 2BC1 SUB EAX, ECX ; 取机器码长度
6E082989 8BD8 MOV EBX, EAX ; 长度到EBX
6E08298B 0F84 88020000 JE RegModul.6E082C19
6E082991 BF 01000000 MOV EDI, 0x1 ; 初始下计数器
6E082996 3BDF CMP EBX, EDI ; 判断是否取完
6E082998 897C24 18 MOV DWORD PTR SS:[ESP+0x18], EDI
6E08299C 0F8C CF000000 JL RegModul.6E082A71
6E0829A2 DB4424 14 FILD DWORD PTR SS:[ESP+0x14] ; 传到ST0
6E0829A6 D95C24 14 FSTP DWORD PTR SS:[ESP+0x14] ; 到st7
6E0829AA 8B4424 54 MOV EAX, DWORD PTR SS:[ESP+0x54] ; 假码到EAX
6E0829AE 0FBE4C38 FF MOVSX ECX, BYTE PTR DS:[EAX+EDI-0x1] ; 第1位到ECX
6E0829B3 894C24 1C MOV DWORD PTR SS:[ESP+0x1C], ECX
6E0829B7 51 PUSH ECX
6E0829B8 DB4424 20 FILD DWORD PTR SS:[ESP+0x20] ; 第i位的ASCII到ST0,32位长度
6E0829BC D91C24 FSTP DWORD PTR SS:[ESP] ; st0到st7
6E0829BF E8 6CFDFFFF CALL RegModul.6E082730 ; 开方
6E0829C4 8B5424 58 MOV EDX, DWORD PTR SS:[ESP+0x58] ; 机器码到EDX
6E0829C8 D95C24 20 FSTP DWORD PTR SS:[ESP+0x20] ; st0清零
6E0829CC 0FBE443A FF MOVSX EAX, BYTE PTR DS:[EDX+EDI-0x1] ; 还是第i位
6E0829D1 DB4424 1C FILD DWORD PTR SS:[ESP+0x1C] ; esp+0x1c,这个是i吗?是的
6E0829D5 894424 28 MOV DWORD PTR SS:[ESP+0x28], EAX ; ASCII到【ESP+0x28】
6E0829D9 0FAFC7 IMUL EAX, EDI ; eax*edi ,EAX为每位的ASCII,EDI为I
6E0829DC D95C24 1C FSTP DWORD PTR SS:[ESP+0x1C] ; ST0清零
6E0829E0 D94424 1C FLD DWORD PTR SS:[ESP+0x1C] ; 还原为1(还原为i?)是的
6E0829E4 D84C24 20 FMUL DWORD PTR SS:[ESP+0x20] ; 相乘,i*上面开方的数
6E0829E8 DC05 5078096E FADD QWORD PTR DS: ; 相加,=1
6E0829EE 0FAFC7 IMUL EAX, EDI ; 再相乘,eax为ASCII,edi为i,ASCII*i
6E0829F1 894424 20 MOV DWORD PTR SS:[ESP+0x20], EAX
6E0829F5 83C4 04 ADD ESP, 0x4 ; 下面的这个ESP+0x1C=ESP+0x20,因为这里ESP+0x4了
6E0829F8 DA4C24 1C FIMUL DWORD PTR SS:[ESP+0x1C] ; 再相乘,ST0*【esp+1c】里的值为第i位ASCII*i*i
6E0829FC D84424 14 FADD DWORD PTR SS:[ESP+0x14] ; 相加 392 +13,加上上一回算来的ESI
6E082A00 E8 7B130100 CALL RegModul.6E093D80 ; 将ST0的值到ST7 并传到EAX
6E082A05 DB4424 24 FILD DWORD PTR SS:[ESP+0x24] ; 将【esp+0x24】的数据压入栈顶,也就是第i位的ASCII
6E082A09 99 CDQ ; edx清零
6E082A0A B9 A0860100 MOV ECX, 0x186A0 ; 除0x186A0
6E082A0F F7F9 IDIV ECX ; 商放EAX=0,余数放EDX=195
6E082A11 51 PUSH ECX
6E082A12 D91C24 FSTP DWORD PTR SS:[ESP] ; st0清零,st7=原来的ST0,第i位ASCII?
6E082A15 8BF2 MOV ESI, EDX ; 余数到ESI
6E082A17 897424 18 MOV DWORD PTR SS:[ESP+0x18], ESI ; esi 到【ESP+0X18】
6E082A1B E8 E0390000 CALL RegModul.6E086400 ; 这个函数要跟一下,第一轮是2401=0x961
6E082A20 D84C24 1C FMUL DWORD PTR SS:[ESP+0x1C] ; St0 * i
6E082A24 83C4 04 ADD ESP, 0x4
6E082A27 E8 54130100 CALL RegModul.6E093D80 ; St0 到EAX
6E082A2C DB4424 14 FILD DWORD PTR SS:[ESP+0x14] ; 这里是EDX的值,上一回的余数
6E082A30 8BD7 MOV EDX, EDI
6E082A32 0FAFD5 IMUL EDX, EBP ;上回EBP的值 *i=i*ebp
6E082A35 D95C24 14 FSTP DWORD PTR SS:[ESP+0x14] ; st0清零
6E082A39 D94424 14 FLD DWORD PTR SS:[ESP+0x14]
6E082A3D 03C2 ADD EAX, EDX ; 上面相乘后的数 再加上浮点计算出来的数,(i* )+上回的ST0
6E082A3F 99 CDQ
6E082A40 B9 A0860100 MOV ECX, 0x186A0 ; 又是相除
6E082A45 F7F9 IDIV ECX
6E082A47 51 PUSH ECX
6E082A48 D91C24 FSTP DWORD PTR SS:[ESP]
6E082A4B 8BEA MOV EBP, EDX ; edx到ebp,第二回的余数
6E082A4D E8 DEFCFFFF CALL RegModul.6E082730 ; 开方运算
6E082A52 83C4 04 ADD ESP, 0x4
6E082A55 E8 26130100 CALL RegModul.6E093D80 ; 把ST7的整数给EAX
6E082A5A 03C5 ADD EAX, EBP ; EAX=EAX+EBP,开方运算后的值,再加上上回的余数
6E082A5C 99 CDQ
6E082A5D B9 A0860100 MOV ECX, 0x186A0 ; 还是除0x186A0
6E082A62 47 INC EDI ; 计算器+1
6E082A63 F7F9 IDIV ECX ; 余数放到EDX
6E082A65 3BFB CMP EDI, EBX
6E082A67 897C24 18 MOV DWORD PTR SS:[ESP+0x18], EDI ; edi为计数器
6E082A6B^ 0F8E 39FFFFFF JLE RegModul.6E0829AA
6E082A71 8D46 1F LEA EAX, DWORD PTR DS:[ESI+0x1F] ; 算出ESI的值
6E082A74 25 7F000080 AND EAX, 0x8000007F ; 算出一个7
6E082A79 79 05 JNS SHORT RegModul.6E082A80
6E082A7B 48 DEC EAX ; 下面的计算只跟ESI,EBP,EDX有关
6E082A7C 83C8 80 OR EAX, 0xFFFFFF80
6E082A7F 40 INC EAX
6E082A80 8D4E 20 LEA ECX, DWORD PTR DS:[ESI+0x20] ; +20
6E082A83 81E1 7F000080 AND ECX, 0x8000007F
6E082A89 884424 28 MOV BYTE PTR SS:[ESP+0x28], AL
6E082A8D 79 05 JNS SHORT RegModul.6E082A94
6E082A8F 49 DEC ECX
6E082A90 83C9 80 OR ECX, 0xFFFFFF80
6E082A93 41 INC ECX
6E082A94 8D46 27 LEA EAX, DWORD PTR DS:[ESI+0x27] ; +27
6E082A97 25 7F000080 AND EAX, 0x8000007F
6E082A9C 884C24 29 MOV BYTE PTR SS:[ESP+0x29], CL
6E082AA0 79 05 JNS SHORT RegModul.6E082AA7
6E082AA2 48 DEC EAX
6E082AA3 83C8 80 OR EAX, 0xFFFFFF80
6E082AA6 40 INC EAX
6E082AA7 8D4E 3A LEA ECX, DWORD PTR DS:[ESI+0x3A] ; +3A
6E082AAA 81E1 7F000080 AND ECX, 0x8000007F
6E082AB0 884424 2A MOV BYTE PTR SS:[ESP+0x2A], AL
6E082AB4 79 05 JNS SHORT RegModul.6E082ABB
6E082AB6 49 DEC ECX
6E082AB7 83C9 80 OR ECX, 0xFFFFFF80
6E082ABA 41 INC ECX
6E082ABB 83C6 5F ADD ESI, 0x5F
6E082ABE 8BC6 MOV EAX, ESI
6E082AC0 25 7F000080 AND EAX, 0x8000007F
6E082AC5 884C24 2B MOV BYTE PTR SS:[ESP+0x2B], CL
6E082AC9 79 05 JNS SHORT RegModul.6E082AD0
6E082ACB 48 DEC EAX
6E082ACC 83C8 80 OR EAX, 0xFFFFFF80
6E082ACF 40 INC EAX
6E082AD0 8D8D 9C000000 LEA ECX, DWORD PTR SS:[EBP+0x9C]
6E082AD6 81E1 7F000080 AND ECX, 0x8000007F
6E082ADC 884424 2C MOV BYTE PTR SS:[ESP+0x2C], AL
6E082AE0 79 05 JNS SHORT RegModul.6E082AE7
6E082AE2 49 DEC ECX
6E082AE3 83C9 80 OR ECX, 0xFFFFFF80
6E082AE6 41 INC ECX
6E082AE7 8D85 F7000000 LEA EAX, DWORD PTR SS:[EBP+0xF7]
6E082AED 25 7F000080 AND EAX, 0x8000007F
6E082AF2 884C24 2D MOV BYTE PTR SS:[ESP+0x2D], CL
6E082AF6 79 05 JNS SHORT RegModul.6E082AFD
6E082AF8 48 DEC EAX
6E082AF9 83C8 80 OR EAX, 0xFFFFFF80
6E082AFC 40 INC EAX
6E082AFD 8D8D 76010000 LEA ECX, DWORD PTR SS:[EBP+0x176]
6E082B03 81E1 7F000080 AND ECX, 0x8000007F
6E082B09 884424 2E MOV BYTE PTR SS:[ESP+0x2E], AL
6E082B0D 79 05 JNS SHORT RegModul.6E082B14
6E082B0F 49 DEC ECX
6E082B10 83C9 80 OR ECX, 0xFFFFFF80
6E082B13 41 INC ECX
6E082B14 8D85 1F020000 LEA EAX, DWORD PTR SS:[EBP+0x21F]
6E082B1A 25 7F000080 AND EAX, 0x8000007F
6E082B1F 884C24 2F MOV BYTE PTR SS:[ESP+0x2F], CL
6E082B23 79 05 JNS SHORT RegModul.6E082B2A
6E082B25 48 DEC EAX
6E082B26 83C8 80 OR EAX, 0xFFFFFF80
6E082B29 40 INC EAX
6E082B2A 81C5 F8020000 ADD EBP, 0x2F8
6E082B30 8BCD MOV ECX, EBP
6E082B32 81E1 7F000080 AND ECX, 0x8000007F
6E082B38 884424 30 MOV BYTE PTR SS:[ESP+0x30], AL
6E082B3C 79 05 JNS SHORT RegModul.6E082B43
6E082B3E 49 DEC ECX
6E082B3F 83C9 80 OR ECX, 0xFFFFFF80
6E082B42 41 INC ECX
6E082B43 8D82 07040000 LEA EAX, DWORD PTR DS:[EDX+0x407]
6E082B49 25 7F000080 AND EAX, 0x8000007F
6E082B4E 884C24 31 MOV BYTE PTR SS:[ESP+0x31], CL
6E082B52 79 05 JNS SHORT RegModul.6E082B59
6E082B54 48 DEC EAX
6E082B55 83C8 80 OR EAX, 0xFFFFFF80
6E082B58 40 INC EAX
6E082B59 8D8A 52050000 LEA ECX, DWORD PTR DS:[EDX+0x552]
6E082B5F 81E1 7F000080 AND ECX, 0x8000007F
6E082B65 884424 32 MOV BYTE PTR SS:[ESP+0x32], AL
6E082B69 79 05 JNS SHORT RegModul.6E082B70
6E082B6B 49 DEC ECX
6E082B6C 83C9 80 OR ECX, 0xFFFFFF80
6E082B6F 41 INC ECX
6E082B70 8D82 DF060000 LEA EAX, DWORD PTR DS:[EDX+0x6DF]
6E082B76 25 7F000080 AND EAX, 0x8000007F
6E082B7B 884C24 33 MOV BYTE PTR SS:[ESP+0x33], CL
6E082B7F 79 05 JNS SHORT RegModul.6E082B86
6E082B81 48 DEC EAX
6E082B82 83C8 80 OR EAX, 0xFFFFFF80
6E082B85 40 INC EAX
6E082B86 8D8A B4080000 LEA ECX, DWORD PTR DS:[EDX+0x8B4]
6E082B8C 81E1 7F000080 AND ECX, 0x8000007F
6E082B92 884424 34 MOV BYTE PTR SS:[ESP+0x34], AL
6E082B96 79 05 JNS SHORT RegModul.6E082B9D
6E082B98 49 DEC ECX
6E082B99 83C9 80 OR ECX, 0xFFFFFF80
6E082B9C 41 INC ECX
6E082B9D 8D82 D70A0000 LEA EAX, DWORD PTR DS:[EDX+0xAD7]
6E082BA3 25 7F000080 AND EAX, 0x8000007F
6E082BA8 884C24 35 MOV BYTE PTR SS:[ESP+0x35], CL
6E082BAC 79 05 JNS SHORT RegModul.6E082BB3
6E082BAE 48 DEC EAX
6E082BAF 83C8 80 OR EAX, 0xFFFFFF80
6E082BB2 40 INC EAX
6E082BB3 81C2 4E0D0000 ADD EDX, 0xD4E
6E082BB9 81E2 7F000080 AND EDX, 0x8000007F
6E082BBF 884424 36 MOV BYTE PTR SS:[ESP+0x36], AL
6E082BC3 79 05 JNS SHORT RegModul.6E082BCA
6E082BC5 4A DEC EDX
6E082BC6 83CA 80 OR EDX, 0xFFFFFF80
6E082BC9 42 INC EDX
6E082BCA 885424 37 MOV BYTE PTR SS:[ESP+0x37], DL ; dl =1e
6E082BCE 33D2 XOR EDX, EDX
6E082BD0 C64424 38 00 MOV BYTE PTR SS:[ESP+0x38], 0x0
6E082BD5 33C9 XOR ECX, ECX
6E082BD7 8A4414 28 MOV AL, BYTE PTR SS:[ESP+EDX+0x28] ; 逐个判断是不是可显示的字符,A-Z,a-z,0-9
6E082BDB 3C 30 CMP AL, 0x30 ; 0
6E082BDD 7C 04 JL SHORT RegModul.6E082BE3
6E082BDF 3C 39 CMP AL, 0x39 ; 9
6E082BE1 7E 29 JLE SHORT RegModul.6E082C0C
6E082BE3 3C 41 CMP AL, 0x41 ; A
6E082BE5 7C 04 JL SHORT RegModul.6E082BEB
6E082BE7 3C 5A CMP AL, 0x5A ; Z
6E082BE9 7E 21 JLE SHORT RegModul.6E082C0C
6E082BEB 3C 61 CMP AL, 0x61 ; a
6E082BED 7C 04 JL SHORT RegModul.6E082BF3
6E082BEF 3C 7A CMP AL, 0x7A ; z
6E082BF1 7E 19 JLE SHORT RegModul.6E082C0C
6E082BF3 0FBEC0 MOVSX EAX, AL
6E082BF6 8D4408 1F LEA EAX, DWORD PTR DS:[EAX+ECX+0x1F] ; 如果不是数字也不是字母,则相加,现加1F
6E082BFA 25 7F000080 AND EAX, 0x8000007F
6E082BFF 79 05 JNS SHORT RegModul.6E082C06
6E082C01 48 DEC EAX
6E082C02 83C8 80 OR EAX, 0xFFFFFF80
6E082C05 40 INC EAX
6E082C06 884414 28 MOV BYTE PTR SS:[ESP+EDX+0x28], AL
6E082C0A^ EB CB JMP SHORT RegModul.6E082BD7 ; 取到字母则递增
6E082C0C 83C1 07 ADD ECX, 0x7 ; ECX+7
6E082C0F 42 INC EDX
6E082C10 83F9 70 CMP ECX, 0x70 ; 判断是否为16位长度
6E082C13^ 7C C2 JL SHORT RegModul.6E082BD7 ; 循环
6E082C15 8B7C24 20 MOV EDI, DWORD PTR SS:[ESP+0x20]
6E082C19 8D4F 04 LEA ECX, DWORD PTR DS:[EDI+0x4]
6E082C1C FF15 4451096E CALL NEAR DWORD PTR DS:[<&MSVCP90.std>; msvcp90.std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >
6E082C22 8D4424 28 LEA EAX, DWORD PTR SS:[ESP+0x28]
6E082C26 C74424 48 00000>MOV DWORD PTR SS:[ESP+0x48], 0x0
6E082C2E C707 2478096E MOV DWORD PTR DS:[EDI], RegModul.6E0>; P3
6E082C34 8D50 01 LEA EDX, DWORD PTR DS:[EAX+0x1]
6E082C37 8A08 MOV CL, BYTE PTR DS:[EAX]
6E082C39 40 INC EAX
6E082C3A 84C9 TEST CL, CL
6E082C3C^ 75 F9 JNZ SHORT RegModul.6E082C37
6E082C3E 2BC2 SUB EAX, EDX
6E082C40 8BE8 MOV EBP, EAX
6E082C42 74 68 JE SHORT RegModul.6E082CAC
6E082C44 8B1D AC50096E MOV EBX, DWORD PTR DS:[<&KERNEL32.Mu>; kernel32.MultiByteToWideChar
6E082C4A 6A 00 PUSH 0x0
6E082C4C 6A 00 PUSH 0x0
6E082C4E 55 PUSH EBP
6E082C4F 8D4C24 34 LEA ECX, DWORD PTR SS:[ESP+0x34]
6E082C53 51 PUSH ECX
6E082C54 6A 01 PUSH 0x1
6E082C56 6A 00 PUSH 0x0
6E082C58 FFD3 CALL NEAR EBX
6E082C5A 8BF0 MOV ESI, EAX
6E082C5C 85F6 TEST ESI, ESI
6E082C5E 74 4C JE SHORT RegModul.6E082CAC
6E082C60 33C9 XOR ECX, ECX
6E082C62 8D46 01 LEA EAX, DWORD PTR DS:[ESI+0x1]
6E082C65 BA 02000000 MOV EDX, 0x2
6E082C6A F7E2 MUL EDX
6E082C6C 0F90C1 SETO CL
6E082C6F F7D9 NEG ECX
6E082C71 0BC8 OR ECX, EAX
6E082C73 51 PUSH ECX
6E082C74 E8 AB650000 CALL <JMP.&mfc90u.#operator new[]_265>
6E082C79 83C4 04 ADD ESP, 0x4
6E082C7C 56 PUSH ESI
6E082C7D 8BF8 MOV EDI, EAX
6E082C7F 57 PUSH EDI
6E082C80 55 PUSH EBP
6E082C81 8D4424 34 LEA EAX, DWORD PTR SS:[ESP+0x34]
6E082C85 50 PUSH EAX
6E082C86 6A 01 PUSH 0x1
6E082C88 6A 00 PUSH 0x0
6E082C8A FFD3 CALL NEAR EBX
6E082C8C 8B7424 20 MOV ESI, DWORD PTR SS:[ESP+0x20] ; 到此算码完成,明码比较
6E082C90 33C9 XOR ECX, ECX
6E082C92 57 PUSH EDI
6E082C93 68 AC67096E PUSH RegModul.6E0967AC ; %s
6E082C98 66:890C47 MOV WORD PTR DS:[EDI+EAX*2], CX
6E082C9C E8 7F420000 CALL RegModul.6E086F20
6E082CA1 57 PUSH EDI
==========================================
机器码:13352272490531
00000031,EDX=00000983,EBP=0000096F,ESI=00000195
00000033,EDX=0000276B,EBP=00002730,ESI=00000DC2
00000033,EDX=00009480,EBP=0000940B,ESI=000035F6
00000035,EDX=0000F636,EBP=0000F570,ESI=000099BC
00000032,EDX=00006947,EBP=00006824,ESI=00014B40
00000032,EDX=000125CA,EBP=000124D0,ESI=0000F5F7
00000037,EDX=0000B391,EBP=0000B347,ESI=000015C0
00000032,EDX=000155A3,EBP=00015478,ESI=00015EBB
00000034,EDX=0000234B,EBP=00002248,ESI=0001071D
00000039,EDX=00004F54,EBP=00004F1A,ESI=00000D45
00000030,EDX=0000BCC1,EBP=0000BBDE,ESI=0000CA7A
00000035,EDX=00002AF5,EBP=00002A54,ESI=0000665F
00000033,EDX=00012474,EBP=000123B9,ESI=000088B9
00000031,EDX=00013650,EBP=0001352C,ESI=00014F25
0,44,D
1,45,E
2,4C,L
3,47,G
4,7A,z
5,48,H
6,6C,l
7,72,r
8,4B,K
9,7A,z
10,57,W
11,7A,z
12,6E,n
13,78,x
14,30,0
15,36,6
DELGzHlrKzWznx06
==========================================
前排学习 不明觉厉,你们这些大牛能不能不要这么屌? GGLHY 发表于 2015-5-31 19:20
前排学习
GG大牛好。
楼主是高手啊。分析很详细 膜拜大娘的算法分析 我只能呵呵了,收藏下来再说 本帖最后由 menglv 于 2015-6-1 18:06 编辑
这个怎么看起来像特定的算法注册?
不好意思,是我看错了。
强!
找位置学习了{:soso_e100:}
页:
[1]
2