一个重启验证的追码过程与OD注释记录
今天闲来无事,看大家讨论下面这个帖子挺热闹,我也下载来分析分析。悬赏求助链接:https://www.52hb.com/thread-51398-1-1.html
OD注释粗糙不堪,见谅。本想只是随便看看,所以记录注释过程很随意。发布时也没加以修饰。
(本文无技术含量,因为简单没消耗时间,忙里偷闲玩一玩)
**** Hidden Message *****
输入真码后:
重启软件后:
代码分析及备注如下:
0044476C/$55 push ebp
0044476D|.8BEC mov ebp,esp
0044476F|.81EC 84000000 sub esp,0x84
00444775|.C745 FC 00000>mov ,0x0
0044477C|.C745 F8 00000>mov ,0x0
00444783|.90 nop
00444784|.90 nop
00444785|.90 nop
00444786|.90 nop
00444787|.90 nop
00444788|.90 nop
00444789|.90 nop
0044478A|.FF05 144C2303 inc dword ptr ds:
00444790|.33C9 xor ecx,ecx
00444792|.90 nop
00444793|.90 nop
00444794|.90 nop
00444795|.90 nop
00444796|.90 nop
00444797|.90 nop
00444798|.90 nop
00444799|.90 nop
0044479A|.90 nop
0044479B|.90 nop
0044479C|.90 nop
0044479D|.8D45 FC lea eax,
004447A0|.8BD8 mov ebx,eax
004447A2|>41 /inc ecx
004447A3|.51 |push ecx ;计次循环
004447A4|.53 |push ebx ;局部变量1
004447A5|.890B |mov dword ptr ds:,ecx ;局部变量1,赋值为1,疑似计次循环变量
004447A7|.83F9 06 |cmp ecx,0x6 ;比较循环次数
004447AA|.0F8F 44040000 |jg pep3a.00444BF4 ;大于6次,跳出循环
004447B0|.6A FF |push -0x1
004447B2|.6A 08 |push 0x8
004447B4|.68 94320116 |push 0x16013294
004447B9|.68 02000152 |push 0x52010002
004447BE|.E8 66210000 |call pep3a.00446929 ;获取假码
004447C3|.83C4 10 |add esp,0x10
004447C6|.8945 F4 |mov ,eax ;假码给局部变量3
004447C9|.90 |nop
004447CA|.90 |nop
004447CB|.90 |nop
004447CC|.90 |nop
004447CD|.90 |nop
004447CE|.90 |nop
004447CF|.90 |nop
004447D0|.90 |nop
004447D1|.90 |nop
004447D2|.90 |nop
004447D3|.90 |nop
004447D4|.90 |nop
004447D5|.90 |nop
004447D6|.90 |nop
004447D7|.90 |nop
004447D8|.68 01030080 |push 0x80000301
004447DD|.6A 00 |push 0x0
004447DF|.90 |nop
004447E0|.90 |nop
004447E1|.90 |nop
004447E2|.68 01000000 |push 0x1
004447E7|.68 01030080 |push 0x80000301
004447EC|.6A 00 |push 0x0
004447EE|.90 |nop
004447EF|.90 |nop
004447F0|.90 |nop
004447F1|.FF75 FC |push
004447F4|.68 04000080 |push 0x80000004
004447F9|.6A 00 |push 0x0
004447FB|.90 |nop
004447FC|.90 |nop
004447FD|.90 |nop
004447FE|.8B45 F4 |mov eax, ;假码给EAX
00444801|.85C0 |test eax,eax ;eax是否为空
00444803|.75 05 |jnz short pep3a.0044480A
00444805|.B8 67F04F00 |mov eax,pep3a.004FF067
0044480A|>50 |push eax ;假码压栈
0044480B|.68 03000000 |push 0x3 ;3入栈,3是何物?待观察
00444810|.BB 806E4400 |mov ebx,pep3a.00446E80 ;什么东西给了ebx?
00444815|.E8 F1200000 |call pep3a.0044690B ;拿到假码第一字节
0044481A|.83C4 28 |add esp,0x28
0044481D|.8945 F0 |mov ,eax ;假码第一自己给变量4
00444820|.8B5D F4 |mov ebx, ;假码晚上六位,给ebx
00444823|.85DB |test ebx,ebx ;假码是否为空
00444825|.74 09 |je short pep3a.00444830
00444827|.53 |push ebx ;完整假码入栈
00444828|.E8 CC200000 |call pep3a.004468F9
0044482D|.83C4 04 |add esp,0x4
00444830|>90 |nop
00444831|.90 |nop
00444832|.90 |nop
00444833|.90 |nop
00444834|.90 |nop
00444835|.90 |nop
00444836|.90 |nop
00444837|.68 01040080 |push 0x80000401
0044483C|.90 |nop
0044483D|.90 |nop
0044483E|.90 |nop
0044483F|.90 |nop
00444840|.90 |nop
00444841|.90 |nop
00444842|.90 |nop
00444843|.90 |nop
00444844|.90 |nop
00444845|.90 |nop
00444846|.90 |nop
00444847|.FF35 044B2303 |push dword ptr ds:
0044484D|.FF35 004B2303 |push dword ptr ds:
00444853|.68 01000000 |push 0x1
00444858|.BB 80794400 |mov ebx,pep3a.00447980
0044485D|.E8 A9200000 |call pep3a.0044690B ;返回字符串2144832131,待观察这个字符串的作用
00444862|.83C4 10 |add esp,0x10
00444865|.8945 EC |mov ,eax ;字符串给了变量5
00444868|.90 |nop
00444869|.90 |nop
0044486A|.90 |nop
0044486B|.90 |nop
0044486C|.90 |nop
0044486D|.90 |nop
0044486E|.90 |nop
0044486F|.90 |nop
00444870|.90 |nop
00444871|.90 |nop
00444872|.90 |nop
00444873|.90 |nop
00444874|.90 |nop
00444875|.90 |nop
00444876|.68 01030080 |push 0x80000301
0044487B|.6A 00 |push 0x0
0044487D|.90 |nop
0044487E|.90 |nop
0044487F|.90 |nop
00444880|.90 |nop
00444881|.90 |nop
00444882|.90 |nop
00444883|.90 |nop
00444884|.90 |nop
00444885|.90 |nop
00444886|.90 |nop
00444887|.90 |nop
00444888|.68 02000000 |push 0x2
0044488D|.68 04000080 |push 0x80000004
00444892|.6A 00 |push 0x0
00444894|.90 |nop
00444895|.90 |nop
00444896|.90 |nop
00444897|.8B45 EC |mov eax,
0044489A|.85C0 |test eax,eax
0044489C|.75 05 |jnz short pep3a.004448A3
0044489E|.B8 67F04F00 |mov eax,pep3a.004FF067
004448A3|>50 |push eax ;2144832131压栈
004448A4|.68 02000000 |push 0x2 ;2,压栈
004448A9|.BB 306E4400 |mov ebx,pep3a.00446E30
004448AE|.E8 58200000 |call pep3a.0044690B ;返回“31”,ASCII码表为1
004448B3|.83C4 1C |add esp,0x1C
004448B6|.8945 E8 |mov ,eax ;31给变量6
004448B9|.8B5D EC |mov ebx, ;2144832131字符串给ebx
004448BC|.85DB |test ebx,ebx ;pep3a.00446E80
004448BE|.74 09 |je short pep3a.004448C9
004448C0|.53 |push ebx ;奇怪字符串2144832131压栈
004448C1|.E8 33200000 |call pep3a.004468F9 ;返回1
004448C6|.83C4 04 |add esp,0x4
004448C9|>90 |nop
004448CA|.90 |nop
004448CB|.90 |nop
004448CC|.90 |nop
004448CD|.90 |nop
004448CE|.90 |nop
004448CF|.90 |nop
004448D0|.90 |nop
004448D1|.68 04000080 |push 0x80000004
004448D6|.6A 00 |push 0x0
004448D8|.90 |nop
004448D9|.90 |nop
004448DA|.90 |nop
004448DB|.90 |nop
004448DC|.8B45 E8 |mov eax, ;31给EAX
004448DF|.85C0 |test eax,eax
004448E1|.75 05 |jnz short pep3a.004448E8
004448E3|.B8 67F04F00 |mov eax,pep3a.004FF067
004448E8|>50 |push eax ;31压栈
004448E9|.68 01000000 |push 0x1
004448EE|.BB 50724400 |mov ebx,pep3a.00447250
004448F3|.E8 13200000 |call pep3a.0044690B ;返回0
004448F8|.83C4 10 |add esp,0x10
004448FB|.8945 E0 |mov ,eax ;0给变量8
004448FE|.8955 E4 |mov ,edx ;403F0000给了变量7,不知道403F0000是什么
00444901|.8B5D E8 |mov ebx, ;31给EBX
00444904|.85DB |test ebx,ebx ;pep3a.00446E80
00444906|.74 09 |je short pep3a.00444911
00444908|.53 |push ebx ;pep3a.00446E80
00444909|.E8 EB1F0000 |call pep3a.004468F9 ;返回1
0044490E|.83C4 04 |add esp,0x4
00444911|>90 |nop
00444912|.90 |nop
00444913|.90 |nop
00444914|.90 |nop
00444915|.90 |nop
00444916|.90 |nop
00444917|.DF2D 004B2303 |fild qword ptr ds:
0044491D|.DD5D D8 |fstp qword ptr ss:
00444920|.DD45 D8 |fld qword ptr ss:
00444923|.DC4D E0 |fmul qword ptr ss:
00444926|.DD5D D0 |fstp qword ptr ss:
00444929|.90 |nop
0044492A|.90 |nop
0044492B|.90 |nop
0044492C|.90 |nop
0044492D|.90 |nop
0044492E|.90 |nop
0044492F|.90 |nop
00444930|.90 |nop
00444931|.68 01030080 |push 0x80000301
00444936|.6A 00 |push 0x0
00444938|.90 |nop
00444939|.90 |nop
0044493A|.90 |nop
0044493B|.68 02000000 |push 0x2
00444940|.DD45 D0 |fld qword ptr ss:
00444943|.E8 46CFFBFF |call pep3a.0040188E ;EAX返回7B19C5DD
00444948|.68 01030080 |push 0x80000301
0044494D|.6A 00 |push 0x0
0044494F|.90 |nop
00444950|.90 |nop
00444951|.90 |nop
00444952|.50 |push eax
00444953|.68 02000000 |push 0x2
00444958|.BB B0A54400 |mov ebx,pep3a.0044A5B0
0044495D|.E8 A91F0000 |call pep3a.0044690B ;EAX返回EC671774
00444962|.83C4 1C |add esp,0x1C
00444965|.8945 CC |mov ,eax ;EC671774给变量13
00444968|.90 |nop
00444969|.90 |nop
0044496A|.90 |nop
0044496B|.90 |nop
0044496C|.90 |nop
0044496D|.90 |nop
0044496E|.68 01030080 |push 0x80000301
00444973|.6A 00 |push 0x0
00444975|.90 |nop
00444976|.90 |nop
00444977|.90 |nop
00444978|.68 07000000 |push 0x7
0044497D|.68 01030080 |push 0x80000301
00444982|.6A 00 |push 0x0
00444984|.90 |nop
00444985|.90 |nop
00444986|.90 |nop
00444987|.90 |nop
00444988|.68 03000000 |push 0x3
0044498D|.68 04000080 |push 0x80000004
00444992|.6A 00 |push 0x0
00444994|.90 |nop
00444995|.90 |nop
00444996|.90 |nop
00444997|.68 C9B65800 |push pep3a.0058B6C9 ;ASCII "13889307303"
0044499C|.68 03000000 |push 0x3
004449A1|.BB 806E4400 |mov ebx,pep3a.00446E80
004449A6|.E8 601F0000 |call pep3a.0044690B ;又返回一字符串8893073
004449AB|.83C4 28 |add esp,0x28
004449AE|.8945 C8 |mov ,eax ;8893073给变量14
004449B1|.90 |nop
004449B2|.90 |nop
004449B3|.90 |nop
004449B4|.90 |nop
004449B5|.90 |nop
004449B6|.90 |nop
004449B7|.90 |nop
004449B8|.68 04000080 |push 0x80000004
004449BD|.6A 00 |push 0x0
004449BF|.90 |nop
004449C0|.90 |nop
004449C1|.90 |nop
004449C2|.90 |nop
004449C3|.8B45 C8 |mov eax,
004449C6|.85C0 |test eax,eax
004449C8|.75 05 |jnz short pep3a.004449CF
004449CA|.B8 67F04F00 |mov eax,pep3a.004FF067
004449CF|>50 |push eax
004449D0|.68 01000000 |push 0x1
004449D5|.BB 50724400 |mov ebx,pep3a.00447250
004449DA|.E8 2C1F0000 |call pep3a.0044690B ;EAX返回20000000
004449DF|.83C4 10 |add esp,0x10
004449E2|.8945 C0 |mov ,eax ;20000000给变量16
004449E5|.8955 C4 |mov ,edx ;4160F652给变量15
004449E8|.8B5D C8 |mov ebx, ;变量14奇怪数字8893073给ebx
004449EB|.85DB |test ebx,ebx ;pep3a.00446E80
004449ED|.74 09 |je short pep3a.004449F8
004449EF|.53 |push ebx ;8893073压栈
004449F0|.E8 041F0000 |call pep3a.004468F9 ;EAX返回1
004449F5|.83C4 04 |add esp,0x4
004449F8|>90 |nop
004449F9|.90 |nop
004449FA|.90 |nop
004449FB|.90 |nop
004449FC|.90 |nop
004449FD|.90 |nop
004449FE|.DB45 CC |fild
00444A01|.DD5D B8 |fstp qword ptr ss:
00444A04|.DD45 B8 |fld qword ptr ss:
00444A07|.DC45 C0 |fadd qword ptr ss:
00444A0A|.DD5D B0 |fstp qword ptr ss:
00444A0D|.90 |nop
00444A0E|.90 |nop
00444A0F|.90 |nop
00444A10|.90 |nop
00444A11|.DD45 B0 |fld qword ptr ss:
00444A14|.E8 75CEFBFF |call pep3a.0040188E ;EAX返回ECEECA05
00444A19|.90 |nop
00444A1A|.90 |nop
00444A1B|.90 |nop
00444A1C|.68 01030080 |push 0x80000301
00444A21|.6A 00 |push 0x0
00444A23|.90 |nop
00444A24|.90 |nop
00444A25|.90 |nop
00444A26|.90 |nop
00444A27|.50 |push eax
00444A28|.68 01030080 |push 0x80000301
00444A2D|.6A 00 |push 0x0
00444A2F|.90 |nop
00444A30|.90 |nop
00444A31|.90 |nop
00444A32|.FF35 004B2303 |push dword ptr ds:
00444A38|.68 02000000 |push 0x2
00444A3D|.BB F06B4400 |mov ebx,pep3a.00446BF0
00444A42|.E8 C41E0000 |call pep3a.0044690B ;EAX返回93394086
00444A47|.83C4 1C |add esp,0x1C
00444A4A|.8945 AC |mov ,eax ;93394086给变量21
00444A4D|.90 |nop
00444A4E|.90 |nop
00444A4F|.90 |nop
00444A50|.90 |nop
00444A51|.90 |nop
00444A52|.90 |nop
00444A53|.90 |nop
00444A54|.68 01030080 |push 0x80000301
00444A59|.6A 00 |push 0x0
00444A5B|.90 |nop
00444A5C|.90 |nop
00444A5D|.90 |nop
00444A5E|.FF75 AC |push
00444A61|.68 01000000 |push 0x1
00444A66|.BB 80794400 |mov ebx,pep3a.00447980
00444A6B|.E8 9B1E0000 |call pep3a.0044690B ;返回数值 -1824964474
00444A70|.83C4 10 |add esp,0x10
00444A73|.8945 A8 |mov ,eax ;-1824964474数值给变量22
00444A76|.90 |nop
00444A77|.90 |nop
00444A78|.90 |nop
00444A79|.90 |nop
00444A7A|.90 |nop
00444A7B|.90 |nop
00444A7C|.90 |nop
00444A7D|.90 |nop
00444A7E|.DB45 FC |fild
00444A81|.DD5D A0 |fstp qword ptr ss:
00444A84|.DD45 A0 |fld qword ptr ss:
00444A87|.DC05 98F04F00 |fadd qword ptr ds:
00444A8D|.DD5D 98 |fstp qword ptr ss:
00444A90|.90 |nop
00444A91|.90 |nop
00444A92|.90 |nop
00444A93|.90 |nop
00444A94|.90 |nop
00444A95|.90 |nop
00444A96|.68 01030080 |push 0x80000301
00444A9B|.6A 00 |push 0x0
00444A9D|.90 |nop
00444A9E|.90 |nop
00444A9F|.90 |nop
00444AA0|.90 |nop
00444AA1|.68 01000000 |push 0x1
00444AA6|.DD45 98 |fld qword ptr ss:
00444AA9|.E8 E0CDFBFF |call pep3a.0040188E ;返回2
00444AAE|.68 01030080 |push 0x80000301
00444AB3|.6A 00 |push 0x0
00444AB5|.90 |nop
00444AB6|.90 |nop
00444AB7|.90 |nop
00444AB8|.90 |nop
00444AB9|.50 |push eax
00444ABA|.68 04000080 |push 0x80000004
00444ABF|.6A 00 |push 0x0
00444AC1|.90 |nop
00444AC2|.90 |nop
00444AC3|.90 |nop
00444AC4|.8B45 A8 |mov eax, ;-1824964474给EAX
00444AC7|.85C0 |test eax,eax
00444AC9|.75 05 |jnz short pep3a.00444AD0
00444ACB|.B8 67F04F00 |mov eax,pep3a.004FF067
00444AD0|>50 |push eax ;-1824964474压栈
00444AD1|.68 03000000 |push 0x3 ;3压栈
00444AD6|.BB 806E4400 |mov ebx,pep3a.00446E80
00444ADB|.E8 2B1E0000 |call pep3a.0044690B ;返回05FAB030,内容为1,第二次05FAB190,内容为8,第三次05FAB080,内容为2第四次05FAB1E0,内容为4,第五次05FAB0D0,内容为9,第六次05FAB060,内容为6
00444AE0|.83C4 28 |add esp,0x28
00444AE3|.8945 94 |mov ,eax ;1给变量27
00444AE6|.8B5D A8 |mov ebx, ;-1824964474给ebx
00444AE9|.85DB |test ebx,ebx ;pep3a.00446E80
00444AEB|.74 09 |je short pep3a.00444AF6
00444AED|.53 |push ebx ;-1824964474压栈
00444AEE|.E8 061E0000 |call pep3a.004468F9 ;返回1
00444AF3|.83C4 04 |add esp,0x4
00444AF6|>90 |nop
00444AF7|.90 |nop
00444AF8|.90 |nop
00444AF9|.90 |nop
00444AFA|.90 |nop
00444AFB|.90 |nop
00444AFC|.90 |nop
00444AFD|.68 02000080 |push 0x80000002
00444B02|.6A 00 |push 0x0
00444B04|.90 |nop
00444B05|.90 |nop
00444B06|.90 |nop
00444B07|.68 01000000 |push 0x1
00444B0C|.68 04000080 |push 0x80000004
00444B11|.6A 00 |push 0x0
00444B13|.90 |nop
00444B14|.90 |nop
00444B15|.90 |nop
00444B16|.8B45 94 |mov eax, ;刚才05FAB030里的1给EAX
00444B19|.85C0 |test eax,eax
00444B1B|.75 05 |jnz short pep3a.00444B22
00444B1D|.B8 67F04F00 |mov eax,pep3a.004FF067
00444B22|>50 |push eax ;05FAB030的1压栈
00444B23|.68 04000080 |push 0x80000004
00444B28|.6A 00 |push 0x0
00444B2A|.90 |nop
00444B2B|.90 |nop
00444B2C|.90 |nop
00444B2D|.8B45 F0 |mov eax, ;假码第一位K,给EAX
00444B30|.85C0 |test eax,eax
00444B32|.75 05 |jnz short pep3a.00444B39
00444B34|.B8 67F04F00 |mov eax,pep3a.004FF067
00444B39|>50 |push eax ;K压栈
00444B3A|.68 03000000 |push 0x3
00444B3F|.BB 90784400 |mov ebx,pep3a.00447890
00444B44|.E8 C21D0000 |call pep3a.0044690B ;返回1
00444B49|.83C4 28 |add esp,0x28
00444B4C|.8945 90 |mov ,eax ;1给变量28
00444B4F|.8B5D F0 |mov ebx, ;假码第一位给EBX
00444B52|.85DB |test ebx,ebx ;pep3a.00446E80
00444B54|.74 09 |je short pep3a.00444B5F
00444B56|.53 |push ebx ;pep3a.00446E80
00444B57|.E8 9D1D0000 |call pep3a.004468F9 ;返回1
00444B5C|.83C4 04 |add esp,0x4
00444B5F|>8B5D 94 |mov ebx,
00444B62|.85DB |test ebx,ebx ;pep3a.00446E80
00444B64|.74 09 |je short pep3a.00444B6F
00444B66|.53 |push ebx ;pep3a.00446E80
00444B67|.E8 8D1D0000 |call pep3a.004468F9
00444B6C|.83C4 04 |add esp,0x4
00444B6F|>90 |nop
00444B70|.90 |nop
00444B71|.90 |nop
00444B72|.90 |nop
00444B73|.90 |nop
00444B74|.90 |nop
00444B75|.90 |nop
00444B76|.837D 90 00 |cmp ,0x0
00444B7A|.B8 00000000 |mov eax,0x0
00444B7F|.0F94C0 |sete al
00444B82|.8945 8C |mov ,eax
00444B85|.90 |nop
00444B86|.90 |nop
00444B87|.90 |nop
00444B88|.90 |nop
00444B89|.90 |nop
00444B8A|.90 |nop
00444B8B|.90 |nop
00444B8C|.68 02000080 |push 0x80000002
00444B91|.6A 00 |push 0x0
00444B93|.90 |nop
00444B94|.90 |nop
00444B95|.90 |nop
00444B96|.90 |nop
00444B97|.90 |nop
00444B98|.90 |nop
00444B99|.90 |nop
00444B9A|.90 |nop
00444B9B|.90 |nop
00444B9C|.90 |nop
00444B9D|.90 |nop
00444B9E|.FF75 8C |push ;pep3a.00461D25
00444BA1|.68 01000000 |push 0x1
00444BA6|.BB 50724400 |mov ebx,pep3a.00447250
00444BAB|.E8 5B1D0000 |call pep3a.0044690B
00444BB0|.83C4 10 |add esp,0x10
00444BB3|.90 |nop
00444BB4|.90 |nop
00444BB5|.90 |nop
00444BB6|.90 |nop
00444BB7|.8985 7CFFFFFF |mov ,eax
00444BBD|.8955 80 |mov ,edx
00444BC0|.DD85 7CFFFFFF |fld qword ptr ss:
00444BC6|.E8 C3CCFBFF |call pep3a.0040188E
00444BCB|.90 |nop
00444BCC|.90 |nop
00444BCD|.90 |nop
00444BCE|.90 |nop
00444BCF|.33C9 |xor ecx,ecx
00444BD1|>41 |/inc ecx
00444BD2|.51 ||push ecx
00444BD3|.50 ||push eax
00444BD4|.3BC8 ||cmp ecx,eax
00444BD6|.0F8F 0E000000 ||jg pep3a.00444BEA
00444BDC|.90 ||nop
00444BDD|.90 ||nop
00444BDE|.90 ||nop
00444BDF|.90 ||nop
00444BE0|.90 ||nop
00444BE1|.90 ||nop
00444BE2|.90 ||nop
00444BE3|.FF45 F8 ||inc
00444BE6|.58 ||pop eax
00444BE7|.59 ||pop ecx
00444BE8|.^ EB E7 |\jmp short pep3a.00444BD1
00444BEA|>83C4 08 |add esp,0x8
00444BED|.5B |pop ebx ;pep3a.00446E80
00444BEE|.59 |pop ecx
00444BEF|.^ E9 AEFBFFFF \jmp pep3a.004447A2
00444BF4|>83C4 08 add esp,0x8
00444BF7|.90 nop
00444BF8|.90 nop
00444BF9|.90 nop
00444BFA|.90 nop
00444BFB|.90 nop
00444BFC|.90 nop
00444BFD|.90 nop
00444BFE|.90 nop
00444BFF|.90 nop
00444C00|.90 nop
00444C01|.90 nop
00444C02|.90 nop
00444C03|.90 nop
00444C04|.90 nop
00444C05|.90 nop
00444C06|.837D F8 06 cmp ,0x6
00444C0A|.0F85 69010000 jnz pep3a.00444D79 ;重启验证关键跳
00444C10|.6A FF push -0x1
00444C12|.6A 08 push 0x8
00444C14|.68 94320116 push 0x16013294
00444C19|.68 02000152 push 0x52010002
00444C1E|.E8 061D0000 call pep3a.00446929
00444C23|.83C4 10 add esp,0x10
00444C26|.8945 F4 mov ,eax
00444C29|.90 nop
00444C2A|.90 nop
00444C2B|.90 nop
00444C2C|.90 nop
00444C2D|.90 nop
00444C2E|.90 nop
00444C2F|.68 04000080 push 0x80000004
00444C34|.6A 00 push 0x0
00444C36|.90 nop
00444C37|.90 nop
00444C38|.90 nop
00444C39|.90 nop
00444C3A|.8B45 F4 mov eax,
00444C3D|.85C0 test eax,eax
00444C3F|.75 05 jnz short pep3a.00444C46
00444C41|.B8 67F04F00 mov eax,pep3a.004FF067
00444C46|>50 push eax
00444C47|.68 01000000 push 0x1
00444C4C|.BB E0774400 mov ebx,pep3a.004477E0
00444C51|.E8 B51C0000 call pep3a.0044690B
00444C56|.83C4 10 add esp,0x10
00444C59|.8945 F0 mov ,eax
00444C5C|.8B5D F4 mov ebx,
00444C5F|.85DB test ebx,ebx ;pep3a.00446E80
00444C61|.74 09 je short pep3a.00444C6C
00444C63|.53 push ebx ;pep3a.00446E80
00444C64|.E8 901C0000 call pep3a.004468F9
00444C69|.83C4 04 add esp,0x4
00444C6C|>90 nop
00444C6D|.90 nop
00444C6E|.90 nop
00444C6F|.90 nop
00444C70|.90 nop
00444C71|.90 nop
00444C72|.90 nop
00444C73|.90 nop
00444C74|.68 05000080 push 0x80000005
00444C79|.6A 00 push 0x0
00444C7B|.90 nop
00444C7C|.90 nop
00444C7D|.90 nop
00444C7E|.90 nop
00444C7F|.8B45 F0 mov eax,
00444C82|.85C0 test eax,eax
00444C84|.75 05 jnz short pep3a.00444C8B
00444C86|.B8 48F04F00 mov eax,pep3a.004FF048
00444C8B|>50 push eax
00444C8C|.68 04000080 push 0x80000004
00444C91|.6A 00 push 0x0
00444C93|.90 nop
00444C94|.90 nop
00444C95|.90 nop
00444C96|.68 A4B65800 push pep3a.0058B6A4 ;ASCII "Network\mca"
00444C9B|.68 01030080 push 0x80000301
00444CA0|.6A 00 push 0x0
00444CA2|.90 nop
00444CA3|.90 nop
00444CA4|.90 nop
00444CA5|.90 nop
00444CA6|.68 03000000 push 0x3
00444CAB|.68 03000000 push 0x3
00444CB0|.BB A0814400 mov ebx,pep3a.004481A0
00444CB5|.E8 511C0000 call pep3a.0044690B
00444CBA|.83C4 28 add esp,0x28
00444CBD|.8B5D F0 mov ebx,
00444CC0|.85DB test ebx,ebx ;pep3a.00446E80
00444CC2|.74 09 je short pep3a.00444CCD
00444CC4|.53 push ebx ;pep3a.00446E80
00444CC5|.E8 2F1C0000 call pep3a.004468F9
00444CCA|.83C4 04 add esp,0x4
00444CCD|>90 nop
00444CCE|.90 nop
00444CCF|.90 nop
00444CD0|.90 nop
00444CD1|.90 nop
00444CD2|.90 nop
00444CD3|.90 nop
00444CD4|.90 nop
00444CD5|.90 nop
00444CD6|.90 nop
00444CD7|.90 nop
00444CD8|.90 nop
00444CD9|.90 nop
00444CDA|.90 nop
00444CDB|.6A 00 push 0x0
00444CDD|.90 nop
00444CDE|.90 nop
00444CDF|.90 nop
00444CE0|.90 nop
00444CE1|.68 67F04F00 push pep3a.004FF067
00444CE6|.6A FF push -0x1
00444CE8|.6A 08 push 0x8
00444CEA|.68 94320116 push 0x16013294
00444CEF|.68 02000152 push 0x52010002
00444CF4|.E8 181C0000 call pep3a.00446911
00444CF9|.83C4 18 add esp,0x18
00444CFC|.90 nop
00444CFD|.90 nop
00444CFE|.90 nop
00444CFF|.90 nop
00444D00|.90 nop
00444D01|.90 nop
00444D02|.6A 00 push 0x0
00444D04|.90 nop
00444D05|.90 nop
00444D06|.90 nop
00444D07|.68 01000000 push 0x1
00444D0C|.6A FF push -0x1
00444D0E|.6A 05 push 0x5
00444D10|.68 8F320116 push 0x1601328F
00444D15|.68 02000152 push 0x52010002
00444D1A|.E8 F21B0000 call pep3a.00446911
00444D1F|.83C4 18 add esp,0x18
00444D22|.90 nop
00444D23|.90 nop
00444D24|.90 nop
00444D25|.6A 00 push 0x0
00444D27|.6A 00 push 0x0
00444D29|.6A 00 push 0x0
00444D2B|.68 01030080 push 0x80000301
00444D30|.6A 00 push 0x0
00444D32|.90 nop
00444D33|.90 nop
00444D34|.90 nop
00444D35|.90 nop
00444D36|.90 nop
00444D37|.90 nop
00444D38|.90 nop
00444D39|.90 nop
00444D3A|.90 nop
00444D3B|.90 nop
00444D3C|.90 nop
00444D3D|.68 00000000 push 0x0
00444D42|.68 04000080 push 0x80000004
00444D47|.6A 00 push 0x0
00444D49|.90 nop
00444D4A|.90 nop
00444D4B|.90 nop
00444D4C|.68 C5748B02 push pep3a.028B74C5 ;ASCII "注册成功!请重启小太阳点读软件开始学习!"
00444D51|.68 03000000 push 0x3
00444D56|.BB 60824400 mov ebx,pep3a.00448260
00444D5B|.E8 AB1B0000 call pep3a.0044690B
00444D60|.83C4 28 add esp,0x28
00444D63|.90 nop
00444D64|.90 nop
00444D65|.90 nop
00444D66|.90 nop
00444D67|.90 nop
00444D68|.90 nop
00444D69|.90 nop
00444D6A|.6A 00 push 0x0
00444D6C|.E8 B21B0000 call pep3a.00446923
00444D71|.83C4 04 add esp,0x4
00444D74|.E9 9E030000 jmp pep3a.00445117
00444D79|>90 nop
00444D7A|.90 nop
00444D7B|.90 nop
00444D7C|.90 nop
00444D7D|.90 nop
00444D7E|.90 nop
00444D7F|.90 nop
00444D80|.833D 144C2303>cmp dword ptr ds:,0x5
00444D87|.0F8E 88020000 jle pep3a.00445015
00444D8D|.90 nop
00444D8E|.90 nop
00444D8F|.90 nop
00444D90|.90 nop
00444D91|.90 nop
00444D92|.90 nop
00444D93|.90 nop
00444D94|.68 01030080 push 0x80000301
00444D99|.6A 00 push 0x0
00444D9B|.90 nop
00444D9C|.90 nop
00444D9D|.90 nop
00444D9E|.FF35 144C2303 push dword ptr ds:
00444DA4|.68 01000000 push 0x1
00444DA9|.BB 80794400 mov ebx,pep3a.00447980
00444DAE|.E8 581B0000 call pep3a.0044690B
00444DB3|.83C4 10 add esp,0x10
00444DB6|.8945 F4 mov ,eax
00444DB9|.90 nop
00444DBA|.90 nop
00444DBB|.90 nop
00444DBC|.90 nop
00444DBD|.90 nop
00444DBE|.90 nop
00444DBF|.90 nop
00444DC0|.90 nop
00444DC1|.68 01030080 push 0x80000301
00444DC6|.6A 00 push 0x0
00444DC8|.90 nop
00444DC9|.90 nop
00444DCA|.90 nop
00444DCB|.68 01000000 push 0x1
00444DD0|.68 04000080 push 0x80000004
00444DD5|.6A 00 push 0x0
00444DD7|.90 nop
00444DD8|.90 nop
00444DD9|.90 nop
00444DDA|.68 14F04F00 push pep3a.004FF014 ;ASCII "13949999857"
00444DDF|.68 05000080 push 0x80000005
00444DE4|.6A 00 push 0x0
00444DE6|.90 nop
00444DE7|.90 nop
00444DE8|.90 nop
00444DE9|.68 6DF04F00 push pep3a.004FF06D
00444DEE|.68 03000000 push 0x3
00444DF3|.B8 05000000 mov eax,0x5
00444DF8|.BB B0414D00 mov ebx,pep3a.004D41B0
00444DFD|.E8 1B1B0000 call pep3a.0044691D
00444E02|.83C4 28 add esp,0x28
00444E05|.8945 F0 mov ,eax
00444E08|.90 nop
00444E09|.90 nop
00444E0A|.90 nop
00444E0B|.90 nop
00444E0C|.90 nop
00444E0D|.90 nop
00444E0E|.90 nop
00444E0F|.90 nop
00444E10|.90 nop
00444E11|.90 nop
00444E12|.90 nop
00444E13|.90 nop
00444E14|.90 nop
00444E15|.90 nop
00444E16|.90 nop
00444E17|.68 05000080 push 0x80000005
00444E1C|.6A 00 push 0x0
00444E1E|.90 nop
00444E1F|.90 nop
00444E20|.90 nop
00444E21|.8B45 F0 mov eax,
00444E24|.85C0 test eax,eax
00444E26|.75 05 jnz short pep3a.00444E2D
00444E28|.B8 48F04F00 mov eax,pep3a.004FF048
00444E2D|>50 push eax
00444E2E|.68 01000000 push 0x1
00444E33|.BB 80794400 mov ebx,pep3a.00447980
00444E38|.E8 CE1A0000 call pep3a.0044690B
00444E3D|.83C4 10 add esp,0x10
00444E40|.8945 EC mov ,eax
00444E43|.8B5D F0 mov ebx,
00444E46|.85DB test ebx,ebx ;pep3a.00446E80
00444E48|.74 09 je short pep3a.00444E53
00444E4A|.53 push ebx ;pep3a.00446E80
00444E4B|.E8 A91A0000 call pep3a.004468F9
00444E50|.83C4 04 add esp,0x4
00444E53|>90 nop
00444E54|.90 nop
00444E55|.90 nop
00444E56|.90 nop
00444E57|.90 nop
00444E58|.90 nop
00444E59|.90 nop
00444E5A|.90 nop
00444E5B|.90 nop
00444E5C|.90 nop
00444E5D|.90 nop
00444E5E|.68 EE748B02 push pep3a.028B74EE ;购买注册码使用软件!
00444E63|.90 nop
00444E64|.90 nop
00444E65|.90 nop
00444E66|.FF75 EC push
00444E69|.90 nop
00444E6A|.90 nop
00444E6B|.90 nop
00444E6C|.90 nop
00444E6D|.68 03758B02 push pep3a.028B7503 ;ASCII "次。请到"
00444E72|.90 nop
00444E73|.90 nop
00444E74|.90 nop
00444E75|.90 nop
00444E76|.FF75 F4 push
00444E79|.90 nop
00444E7A|.90 nop
00444E7B|.90 nop
00444E7C|.68 0C758B02 push pep3a.028B750C ;ASCII "你已经错误输入注册码"
00444E81|.B9 05000000 mov ecx,0x5
00444E86|.E8 E4C1FBFF call pep3a.0040106F
00444E8B|.83C4 14 add esp,0x14
00444E8E|.8945 E8 mov ,eax
00444E91|.8B5D F4 mov ebx,
00444E94|.85DB test ebx,ebx ;pep3a.00446E80
00444E96|.74 09 je short pep3a.00444EA1
00444E98|.53 push ebx ;pep3a.00446E80
00444E99|.E8 5B1A0000 call pep3a.004468F9
00444E9E|.83C4 04 add esp,0x4
00444EA1|>8B5D EC mov ebx,
00444EA4|.85DB test ebx,ebx ;pep3a.00446E80
00444EA6|.74 09 je short pep3a.00444EB1
00444EA8|.53 push ebx ;pep3a.00446E80
00444EA9|.E8 4B1A0000 call pep3a.004468F9
00444EAE|.83C4 04 add esp,0x4
00444EB1|>90 nop
00444EB2|.90 nop
00444EB3|.90 nop
00444EB4|.90 nop
00444EB5|.90 nop
00444EB6|.90 nop
00444EB7|.90 nop
00444EB8|.90 nop
00444EB9|.68 04000080 push 0x80000004
00444EBE|.6A 00 push 0x0
00444EC0|.90 nop
00444EC1|.90 nop
00444EC2|.90 nop
00444EC3|.68 21758B02 push pep3a.028B7521 ;ASCII "请注册使用!"
00444EC8|.68 01030080 push 0x80000301
00444ECD|.6A 00 push 0x0
00444ECF|.90 nop
00444ED0|.90 nop
00444ED1|.90 nop
00444ED2|.90 nop
00444ED3|.68 00000000 push 0x0
00444ED8|.68 04000080 push 0x80000004
00444EDD|.6A 00 push 0x0
00444EDF|.90 nop
00444EE0|.90 nop
00444EE1|.90 nop
00444EE2|.8B45 E8 mov eax,
00444EE5|.85C0 test eax,eax
00444EE7|.75 05 jnz short pep3a.00444EEE
00444EE9|.B8 67F04F00 mov eax,pep3a.004FF067
00444EEE|>50 push eax
00444EEF|.68 03000000 push 0x3
00444EF4|.BB 60824400 mov ebx,pep3a.00448260
00444EF9|.E8 0D1A0000 call pep3a.0044690B
00444EFE|.83C4 28 add esp,0x28
00444F01|.8B5D E8 mov ebx,
00444F04|.85DB test ebx,ebx ;pep3a.00446E80
00444F06|.74 09 je short pep3a.00444F11
00444F08|.53 push ebx ;pep3a.00446E80
00444F09|.E8 EB190000 call pep3a.004468F9
00444F0E|.83C4 04 add esp,0x4
00444F11|>90 nop
00444F12|.90 nop
00444F13|.90 nop
00444F14|.90 nop
00444F15|.90 nop
00444F16|.90 nop
00444F17|.68 01030080 push 0x80000301
00444F1C|.6A 00 push 0x0
00444F1E|.90 nop
00444F1F|.90 nop
00444F20|.90 nop
00444F21|.90 nop
00444F22|.90 nop
00444F23|.90 nop
00444F24|.90 nop
00444F25|.90 nop
00444F26|.90 nop
00444F27|.90 nop
00444F28|.90 nop
00444F29|.68 01000000 push 0x1
00444F2E|.68 04000080 push 0x80000004
00444F33|.6A 00 push 0x0
00444F35|.90 nop
00444F36|.90 nop
00444F37|.90 nop
00444F38|.68 14F04F00 push pep3a.004FF014 ;ASCII "13949999857"
00444F3D|.68 05000080 push 0x80000005
00444F42|.6A 00 push 0x0
00444F44|.90 nop
00444F45|.90 nop
00444F46|.90 nop
00444F47|.90 nop
00444F48|.90 nop
00444F49|.90 nop
00444F4A|.90 nop
00444F4B|.90 nop
00444F4C|.90 nop
00444F4D|.90 nop
00444F4E|.90 nop
00444F4F|.68 6DF04F00 push pep3a.004FF06D
00444F54|.68 03000000 push 0x3
00444F59|.B8 05000000 mov eax,0x5
00444F5E|.BB B0414D00 mov ebx,pep3a.004D41B0
00444F63|.E8 B5190000 call pep3a.0044691D
00444F68|.83C4 28 add esp,0x28
00444F6B|.8945 F4 mov ,eax
00444F6E|.90 nop
00444F6F|.90 nop
00444F70|.90 nop
00444F71|.90 nop
00444F72|.90 nop
00444F73|.90 nop
00444F74|.90 nop
00444F75|.90 nop
00444F76|.90 nop
00444F77|.90 nop
00444F78|.90 nop
00444F79|.90 nop
00444F7A|.90 nop
00444F7B|.90 nop
00444F7C|.68 05000080 push 0x80000005
00444F81|.6A 00 push 0x0
00444F83|.90 nop
00444F84|.90 nop
00444F85|.90 nop
00444F86|.90 nop
00444F87|.8B45 F4 mov eax,
00444F8A|.85C0 test eax,eax
00444F8C|.75 05 jnz short pep3a.00444F93
00444F8E|.B8 48F04F00 mov eax,pep3a.004FF048
00444F93|>50 push eax
00444F94|.68 01000000 push 0x1
00444F99|.BB 80794400 mov ebx,pep3a.00447980
00444F9E|.E8 68190000 call pep3a.0044690B
00444FA3|.83C4 10 add esp,0x10
00444FA6|.8945 F0 mov ,eax
00444FA9|.8B5D F4 mov ebx,
00444FAC|.85DB test ebx,ebx ;pep3a.00446E80
00444FAE|.74 09 je short pep3a.00444FB9
00444FB0|.53 push ebx ;pep3a.00446E80
00444FB1|.E8 43190000 call pep3a.004468F9
00444FB6|.83C4 04 add esp,0x4
00444FB9|>90 nop
00444FBA|.90 nop
00444FBB|.90 nop
00444FBC|.90 nop
00444FBD|.90 nop
00444FBE|.90 nop
00444FBF|.68 04000080 push 0x80000004
00444FC4|.6A 00 push 0x0
00444FC6|.90 nop
00444FC7|.90 nop
00444FC8|.90 nop
00444FC9|.90 nop
00444FCA|.8B45 F0 mov eax,
00444FCD|.85C0 test eax,eax
00444FCF|.75 05 jnz short pep3a.00444FD6
00444FD1|.B8 67F04F00 mov eax,pep3a.004FF067
00444FD6|>50 push eax
00444FD7|.68 01000000 push 0x1
00444FDC|.B8 04000000 mov eax,0x4
00444FE1|.BB E0254D00 mov ebx,pep3a.004D25E0
00444FE6|.E8 32190000 call pep3a.0044691D
00444FEB|.83C4 10 add esp,0x10
00444FEE|.8B5D F0 mov ebx,
00444FF1|.85DB test ebx,ebx ;pep3a.00446E80
00444FF3|.74 09 je short pep3a.00444FFE
00444FF5|.53 push ebx ;pep3a.00446E80
00444FF6|.E8 FE180000 call pep3a.004468F9
00444FFB|.83C4 04 add esp,0x4
00444FFE|>90 nop
00444FFF|.90 nop
00445000|.90 nop
00445001|.90 nop
00445002|.90 nop
00445003|.90 nop
00445004|.90 nop
00445005|.90 nop
00445006|.6A 00 push 0x0
00445008|.E8 16190000 call pep3a.00446923
0044500D|.83C4 04 add esp,0x4
00445010|.E9 02010000 jmp pep3a.00445117
00445015|>90 nop
00445016|.90 nop
00445017|.90 nop
00445018|.90 nop
00445019|.90 nop
0044501A|.90 nop
0044501B|.90 nop
0044501C|.90 nop
0044501D|.68 01030080 push 0x80000301
00445022|.6A 00 push 0x0
00445024|.90 nop
00445025|.90 nop
00445026|.90 nop
00445027|.90 nop
00445028|.90 nop
00445029|.90 nop
0044502A|.90 nop
0044502B|.90 nop
0044502C|.90 nop
0044502D|.90 nop
0044502E|.90 nop
0044502F|.FF35 144C2303 push dword ptr ds:
00445035|.68 01000000 push 0x1
0044503A|.BB 80794400 mov ebx,pep3a.00447980
0044503F|.E8 C7180000 call pep3a.0044690B
00445044|.83C4 10 add esp,0x10
00445047|.8945 F4 mov ,eax
0044504A|.90 nop
0044504B|.90 nop
0044504C|.90 nop
0044504D|.90 nop
0044504E|.90 nop
0044504F|.90 nop
00445050|.90 nop
00445051|.90 nop
00445052|.90 nop
00445053|.90 nop
00445054|.68 2E758B02 push pep3a.028B752E ;ASCII "。"
00445059|.90 nop
0044505A|.90 nop
0044505B|.90 nop
0044505C|.90 nop
0044505D|.FF75 F4 push
00445060|.90 nop
00445061|.90 nop
00445062|.90 nop
00445063|.90 nop
00445064|.68 31758B02 push pep3a.028B7531 ;ASCII "错误次数"
00445069|.B9 03000000 mov ecx,0x3
0044506E|.E8 FCBFFBFF call pep3a.0040106F
00445073|.83C4 0C add esp,0xC
00445076|.8945 F0 mov ,eax
00445079|.8B5D F4 mov ebx,
0044507C|.85DB test ebx,ebx ;pep3a.00446E80
0044507E|.74 09 je short pep3a.00445089
00445080|.53 push ebx ;pep3a.00446E80
00445081|.E8 73180000 call pep3a.004468F9
00445086|.83C4 04 add esp,0x4
00445089|>90 nop
0044508A|.90 nop
0044508B|.90 nop
0044508C|.90 nop
0044508D|.90 nop
0044508E|.90 nop
0044508F|.90 nop
00445090|.68 04000080 push 0x80000004
00445095|.6A 00 push 0x0
00445097|.90 nop
00445098|.90 nop
00445099|.90 nop
0044509A|.90 nop
0044509B|.8B45 F0 mov eax,
0044509E|.85C0 test eax,eax
004450A0|.75 05 jnz short pep3a.004450A7
004450A2|.B8 67F04F00 mov eax,pep3a.004FF067
004450A7|>50 push eax
004450A8|.68 01030080 push 0x80000301
004450AD|.6A 00 push 0x0
004450AF|.90 nop
004450B0|.90 nop
004450B1|.90 nop
004450B2|.68 00000000 push 0x0
004450B7|.68 04000080 push 0x80000004
004450BC|.6A 00 push 0x0
004450BE|.90 nop
004450BF|.90 nop
004450C0|.90 nop
004450C1|.68 3A758B02 push pep3a.028B753A ;ASCII "你输入的注册码错误。请重新认真输入注册码!"
004450C6|.68 03000000 push 0x3
004450CB|.BB 60824400 mov ebx,pep3a.00448260
004450D0|.E8 36180000 call pep3a.0044690B
004450D5|.83C4 28 add esp,0x28
004450D8|.8B5D F0 mov ebx,
004450DB|.85DB test ebx,ebx ;pep3a.00446E80
004450DD|.74 09 je short pep3a.004450E8
004450DF|.53 push ebx ;pep3a.00446E80
004450E0|.E8 14180000 call pep3a.004468F9
004450E5|.83C4 04 add esp,0x4
004450E8|>90 nop
004450E9|.90 nop
004450EA|.90 nop
004450EB|.90 nop
004450EC|.90 nop
004450ED|.90 nop
004450EE|.90 nop
004450EF|.6A 00 push 0x0
004450F1|.90 nop
004450F2|.90 nop
004450F3|.90 nop
004450F4|.90 nop
004450F5|.90 nop
004450F6|.90 nop
004450F7|.90 nop
004450F8|.90 nop
004450F9|.90 nop
004450FA|.90 nop
004450FB|.90 nop
004450FC|.68 67F04F00 push pep3a.004FF067
00445101|.6A FF push -0x1
00445103|.6A 08 push 0x8
00445105|.68 94320116 push 0x16013294
0044510A|.68 02000152 push 0x52010002
0044510F|.E8 FD170000 call pep3a.00446911
00445114|.83C4 18 add esp,0x18
00445117|>8BE5 mov esp,ebp
00445119|.5D pop ebp
0044511A\.C3 retn
恒大出山了。。 进来看看学习 感谢恒大追码演示,可以写全软件通杀追码补丁了
该类学习软件,6位注册码算法是相同的,其他代码有些差异
原来真码一直在CALL上,却没有引起重视 来学习一波 我以为看错发帖人了呢 米开朗琪罗 发表于 2021-7-5 19:58
恒大出山了。。
瞎玩玩,哈哈 大彩笔 发表于 2021-7-5 20:28
我以为看错发帖人了呢
哈哈哈,潜水好久了,出来冒冒泡 残渣小翁 发表于 2021-7-5 20:10
来学习一波
谦虚了啊 192939 发表于 2021-7-5 20:04
感谢恒大追码演示,可以写全软件通杀追码补丁了
该类学习软件,6位注册码算法是相同的,其他代码有些差 ...
我也没仔细分析他的具体算法,就是走了一遍流程,观察了一下。找了个真码就发帖了{:6_225:}