站长资讯通告:
eLib2.01算法分析
//////////////////////////////////////////////////////////////////////////
:00465A70 83FA1D cmp edx, 0000001D //比较注册码长度是否29位
:00465A73 7423 je 00465A98
:00465A75 33C0 xor eax, eax
:00465A77 BA02000000 mov edx, 00000002
:00465A7C 50 push eax
:00465A7D 8D450C lea eax, dword ptr [ebp+0C]
:00465A80 FF4DF4 dec [ebp-0C]
:00465A83 E8E8A40B00 call 0051FF70
:00465A88 58 pop eax
:00465A89 8B55D8 mov edx, dword ptr [ebp-28]
:00465A8C 64891500000000 mov dword ptr fs:[00000000], edx
:00465A93 E9EF000000 jmp 00465B87
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00465A73(C)
|
:00465A98 6A06 push 00000006
:00465A9A 8D4D0C lea ecx, dword ptr [ebp+0C]
:00465A9D 51 push ecx
:00465A9E E839A20B00 call 0051FCDC
:00465AA3 83C408 add esp, 00000008
:00465AA6 8D450C lea eax, dword ptr [ebp+0C]
:00465AA9 E816A70B00 call 005201C4 //取出假注册码
:00465AAE 8B550C mov edx, dword ptr [ebp+0C]
:00465AB1 83C205 add edx, 00000005
:00465AB4 0FBE0A movsx ecx, byte ptr [edx]
:00465AB7 83F92D cmp ecx, 0000002D //比较第六位是否'-'
:00465ABA 756C jne 00465B28
:00465ABC 6A0C push 0000000C
:00465ABE 8D450C lea eax, dword ptr [ebp+0C]
:00465AC1 50 push eax
:00465AC2 E815A20B00 call 0051FCDC
:00465AC7 83C408 add esp, 00000008
:00465ACA 8D450C lea eax, dword ptr [ebp+0C]
:00465ACD E8F2A60B00 call 005201C4
:00465AD2 8B550C mov edx, dword ptr [ebp+0C]
:00465AD5 83C20B add edx, 0000000B
:00465AD8 0FBE0A movsx ecx, byte ptr [edx]
:00465ADB 83F92D cmp ecx, 0000002D//比较第12位是否'-'
:00465ADE 7548 jne 00465B28
:00465AE0 6A12 push 00000012
:00465AE2 8D450C lea eax, dword ptr [ebp+0C]
:00465AE5 50 push eax
:00465AE6 E8F1A10B00 call 0051FCDC
:00465AEB 83C408 add esp, 00000008
:00465AEE 8D450C lea eax, dword ptr [ebp+0C]
:00465AF1 E8CEA60B00 call 005201C4
:00465AF6 8B550C mov edx, dword ptr [ebp+0C]
:00465AF9 83C211 add edx, 00000011
:00465AFC 0FBE0A movsx ecx, byte ptr [edx]
:00465AFF 83F92D cmp ecx, 0000002D //比较第18位是否'-'
:00465B02 7524 jne 00465B28
:00465B04 6A18 push 00000018
:00465B06 8D450C lea eax, dword ptr [ebp+0C]
:00465B09 50 push eax
:00465B0A E8CDA10B00 call 0051FCDC
:00465B0F 83C408 add esp, 00000008
:00465B12 8D450C lea eax, dword ptr [ebp+0C]
:00465B15 E8AAA60B00 call 005201C4
:00465B1A 8B550C mov edx, dword ptr [ebp+0C]
:00465B1D 83C217 add edx, 00000017
:00465B20 0FBE0A movsx ecx, byte ptr [edx]
:00465B23 83F92D cmp ecx, 0000002D //比较第24位是否'-'
:00465B26 7420 je 00465B48 //跳!!
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00465ABA(C), :00465ADE(C), :00465B02(C)
|
:00465B28 33C0 xor eax, eax
:00465B2A BA02000000 mov edx, 00000002
:00465B2F 50 push eax
:00465B30 8D450C lea eax, dword ptr [ebp+0C]
:00465B33 FF4DF4 dec [ebp-0C]
:00465B36 E835A40B00 call 0051FF70
:00465B3B 58 pop eax
:00465B3C 8B55D8 mov edx, dword ptr [ebp-28]
:00465B3F 64891500000000 mov dword ptr fs:[00000000], edx
:00465B46 EB3F jmp 00465B87
//////////////////////////////////////////////////////////////////////////
:00465A70 83FA1D cmp edx, 0000001D //比较注册码长度是否29位
:00465A73 7423 je 00465A98
:00465A75 33C0 xor eax, eax
:00465A77 BA02000000 mov edx, 00000002
:00465A7C 50 push eax
:00465A7D 8D450C lea eax, dword ptr [ebp+0C]
:00465A80 FF4DF4 dec [ebp-0C]
:00465A83 E8E8A40B00 call 0051FF70
:00465A88 58 pop eax
:00465A89 8B55D8 mov edx, dword ptr [ebp-28]
:00465A8C 64891500000000 mov dword ptr fs:[00000000], edx
:00465A93 E9EF000000 jmp 00465B87
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00465A73(C)
|
:00465A98 6A06 push 00000006
:00465A9A 8D4D0C lea ecx, dword ptr [ebp+0C]
:00465A9D 51 push ecx
:00465A9E E839A20B00 call 0051FCDC
:00465AA3 83C408 add esp, 00000008
:00465AA6 8D450C lea eax, dword ptr [ebp+0C]
:00465AA9 E816A70B00 call 005201C4 //取出假注册码
:00465AAE 8B550C mov edx, dword ptr [ebp+0C]
:00465AB1 83C205 add edx, 00000005
:00465AB4 0FBE0A movsx ecx, byte ptr [edx]
:00465AB7 83F92D cmp ecx, 0000002D //比较第六位是否'-'
:00465ABA 756C jne 00465B28
:00465ABC 6A0C push 0000000C
:00465ABE 8D450C lea eax, dword ptr [ebp+0C]
:00465AC1 50 push eax
:00465AC2 E815A20B00 call 0051FCDC
:00465AC7 83C408 add esp, 00000008
:00465ACA 8D450C lea eax, dword ptr [ebp+0C]
:00465ACD E8F2A60B00 call 005201C4
:00465AD2 8B550C mov edx, dword ptr [ebp+0C]
:00465AD5 83C20B add edx, 0000000B
:00465AD8 0FBE0A movsx ecx, byte ptr [edx]
:00465ADB 83F92D cmp ecx, 0000002D//比较第12位是否'-'
:00465ADE 7548 jne 00465B28
:00465AE0 6A12 push 00000012
:00465AE2 8D450C lea eax, dword ptr [ebp+0C]
:00465AE5 50 push eax
:00465AE6 E8F1A10B00 call 0051FCDC
:00465AEB 83C408 add esp, 00000008
:00465AEE 8D450C lea eax, dword ptr [ebp+0C]
:00465AF1 E8CEA60B00 call 005201C4
:00465AF6 8B550C mov edx, dword ptr [ebp+0C]
:00465AF9 83C211 add edx, 00000011
:00465AFC 0FBE0A movsx ecx, byte ptr [edx]
:00465AFF 83F92D cmp ecx, 0000002D //比较第18位是否'-'
:00465B02 7524 jne 00465B28
:00465B04 6A18 push 00000018
:00465B06 8D450C lea eax, dword ptr [ebp+0C]
:00465B09 50 push eax
:00465B0A E8CDA10B00 call 0051FCDC
:00465B0F 83C408 add esp, 00000008
:00465B12 8D450C lea eax, dword ptr [ebp+0C]
:00465B15 E8AAA60B00 call 005201C4
:00465B1A 8B550C mov edx, dword ptr [ebp+0C]
:00465B1D 83C217 add edx, 00000017
:00465B20 0FBE0A movsx ecx, byte ptr [edx]
:00465B23 83F92D cmp ecx, 0000002D //比较第24位是否'-'
:00465B26 7420 je 00465B48 //跳!!
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00465ABA(C), :00465ADE(C), :00465B02(C)
|
:00465B28 33C0 xor eax, eax
:00465B2A BA02000000 mov edx, 00000002
:00465B2F 50 push eax
:00465B30 8D450C lea eax, dword ptr [ebp+0C]
:00465B33 FF4DF4 dec [ebp-0C]
:00465B36 E835A40B00 call 0051FF70
:00465B3B 58 pop eax
:00465B3C 8B55D8 mov edx, dword ptr [ebp-28]
:00465B3F 64891500000000 mov dword ptr fs:[00000000], edx
:00465B46 EB3F jmp 00465B87
