码迷,mamicode.com
首页 > 编程语言 > 详细

[MD5算法练习] MD5CrackMe算法分析

时间:2016-06-01 22:42:15      阅读:351      评论:0      收藏:0      [点我收藏+]

标签:

【破文标题】[MD5算法练习] MD5CrackMe算法分析
【破文作者】静心学习
【作者邮箱】sharept@qq.com
【作者主页】http://www.cnblogs.com/dacainiao/
【破解工具】OD
【破解平台】xp sp3
【软件名称】MD5CrackMe
【软件大小】72KB
【原版下载】http://pan.baidu.com/share/link?shareid=1620370201&uk=892352529
【保护方式】无壳
【软件简介】一个MD5算法练习的CrackMe
【破解声明】初学密码学,跟着看雪前辈们的脚步学习,错误之处敬请诸位前辈不吝赐教。
------------------------------------------------------------------------
【破解过程】程序VC编写,无壳,使用bp MessageBox断点,可以很快找到算法验证。

00402864 . 68 00010000 PUSH 0x100 ; /Count = 100 (256.)
00402869 . 51 PUSH ECX ; |Buffer
0040286A . 68 E8030000 PUSH 0x3E8 ; |ControlID = 3E8 (1000.)
0040286F . 56 PUSH ESI ; |hWnd
00402870 . FFD5 CALL NEAR EBP ; \GetDlgItemTextA
00402872 . 8DBC24 0C0100>LEA EDI, DWORD PTR SS:[ESP+0x10C]
00402879 . 83C9 FF OR ECX, 0xFFFFFFFF
0040287C . 33C0 XOR EAX, EAX
0040287E . F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00402880 . F7D1 NOT ECX
00402882 . 49 DEC ECX
00402883 . 83F9 01 CMP ECX, 0x1
00402886 . 73 1F JNB SHORT MD5Crack.004028A7
00402888 . 6A 40 PUSH 0x40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
0040288A . 68 A4D14000 PUSH MD5Crack.0040D1A4 ; |Title = "注册提示"
0040288F . 68 8CD14000 PUSH MD5Crack.0040D18C ; |Text = "用户名不能为空请输入!"
00402894 . 56 PUSH ESI ; |hOwner
00402895 . FF15 D4B04000 CALL NEAR DWORD PTR DS:[<&USER32.MessageBoxA>] ; \MessageBoxA
0040289B . 5F POP EDI
0040289C . 5E POP ESI
0040289D . 33C0 XOR EAX, EAX
0040289F . 5D POP EBP
004028A0 . 81C4 00030000 ADD ESP, 0x300
004028A6 . C3 RETN
004028A7 > 8D5424 0C LEA EDX, DWORD PTR SS:[ESP+0xC]
004028AB . 68 00010000 PUSH 0x100
004028B0 . 52 PUSH EDX
004028B1 . 68 07040000 PUSH 0x407
004028B6 . 56 PUSH ESI
004028B7 . FFD5 CALL NEAR EBP ; user32.GetDlgItemTextA
004028B9 . 8D7C24 0C LEA EDI, DWORD PTR SS:[ESP+0xC]
004028BD . 83C9 FF OR ECX, 0xFFFFFFFF
004028C0 . 33C0 XOR EAX, EAX
004028C2 . F2:AE REPNE SCAS BYTE PTR ES:[EDI]
004028C4 . F7D1 NOT ECX
004028C6 . 49 DEC ECX
004028C7 . 83F9 01 CMP ECX, 0x1
004028CA . 73 1F JNB SHORT MD5Crack.004028EB
004028CC . 6A 40 PUSH 0x40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
004028CE . 68 A4D14000 PUSH MD5Crack.0040D1A4 ; |Title = "注册提示"
004028D3 . 68 74D14000 PUSH MD5Crack.0040D174 ; |Text = "注册码不能为空请输入!"
004028D8 . 56 PUSH ESI ; |hOwner
004028D9 . FF15 D4B04000 CALL NEAR DWORD PTR DS:[<&USER32.MessageBoxA>] ; \MessageBoxA
004028DF . 5F POP EDI
004028E0 . 5E POP ESI
004028E1 . 33C0 XOR EAX, EAX
004028E3 . 5D POP EBP
004028E4 . 81C4 00030000 ADD ESP, 0x300
004028EA . C3 RETN
004028EB > 8D8424 0C0200>LEA EAX, DWORD PTR SS:[ESP+0x20C]
004028F2 . 6A 00 PUSH 0x0
004028F4 . 8D8C24 100100>LEA ECX, DWORD PTR SS:[ESP+0x110]
004028FB . 50 PUSH EAX
004028FC . 51 PUSH ECX
004028FD . E8 FEFCFFFF CALL MD5Crack.00402600 ; //算法call
00402902 . 8D9424 180200>LEA EDX, DWORD PTR SS:[ESP+0x218] ; //32位MD5
00402909 . 8D4424 18 LEA EAX, DWORD PTR SS:[ESP+0x18] ; //注册码
0040290D . 52 PUSH EDX
0040290E . 50 PUSH EAX
0040290F . E8 CCFDFFFF CALL MD5Crack.004026E0
00402914 . 83C4 14 ADD ESP, 0x14
00402917 . 83F8 01 CMP EAX, 0x1 ; //返回值为1注册成功
0040291A . 6A 40 PUSH 0x40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
0040291C . 68 A4D14000 PUSH MD5Crack.0040D1A4 ; |Title = "注册提示"
00402921 . 75 18 JNZ SHORT MD5Crack.0040293B ; |
00402923 . 68 60D14000 PUSH MD5Crack.0040D160 ; |Text = "恭喜你,注册码正确!"
00402928 . 56 PUSH ESI ; |hOwner
00402929 . FF15 D4B04000 CALL NEAR DWORD PTR DS:[<&USER32.MessageBoxA>] ; \MessageBoxA
0040292F . 5F POP EDI
00402930 . 5E POP ESI
00402931 . 33C0 XOR EAX, EAX
00402933 . 5D POP EBP
00402934 . 81C4 00030000 ADD ESP, 0x300
0040293A . C3 RETN
0040293B > 68 48D14000 PUSH MD5Crack.0040D148 ; |Text = "注册码错误,继续加油!"
00402940 . 56 PUSH ESI ; |hOwner
00402941 . FF15 D4B04000 CALL NEAR DWORD PTR DS:[<&USER32.MessageBoxA>] ; \MessageBoxA
00402947 . 5F POP EDI
00402948 . 5E POP ESI
00402949 . 33C0 XOR EAX, EAX
0040294B . 5D POP EBP
0040294C . 81C4 00030000 ADD ESP, 0x300
00402952 . C3 RETN
00402953 > 8B0D 6C014100 MOV ECX, DWORD PTR DS:[0x41016C] ; MD5Crack.00400000; Case 110 (WM_INITDIALOG) of switch 0040280B
00402959 . 68 9A000000 PUSH 0x9A ; /RsrcName = 154.
0040295E . 51 PUSH ECX ; |hInst => 00400000
0040295F . FF15 D8B04000 CALL NEAR DWORD PTR DS:[<&USER32.LoadIconA>] ; \LoadIconA
00402965 . 8B9424 100300>MOV EDX, DWORD PTR SS:[ESP+0x310]
0040296C . 50 PUSH EAX ; /lParam
0040296D . 6A 01 PUSH 0x1 ; |wParam = 0x1
0040296F . 68 80000000 PUSH 0x80 ; |Message = WM_SETICON
00402974 . 52 PUSH EDX ; |hWnd
00402975 . A3 68014100 MOV DWORD PTR DS:[0x410168], EAX ; |
0040297A . FF15 DCB04000 CALL NEAR DWORD PTR DS:[<&USER32.SendMessageA>] ; \SendMessageA
00402980 . 5F POP EDI
00402981 . 5E POP ESI
00402982 . 33C0 XOR EAX, EAX
00402984 . 5D POP EBP
00402985 . 81C4 00030000 ADD ESP, 0x300
0040298B . C3 RETN

 

跟进算法CALL 00402600:

00402600 /$ 6A FF PUSH -0x1
00402602 |. 68 A8A14000 PUSH MD5Crack.0040A1A8 ; SE 处理程序安装
00402607 |. 64:A1 0000000>MOV EAX, DWORD PTR FS:[0]
0040260D |. 50 PUSH EAX
0040260E |. 64:8925 00000>MOV DWORD PTR FS:[0], ESP
00402615 |. 81EC 2C010000 SUB ESP, 0x12C
0040261B |. 53 PUSH EBX
0040261C |. 55 PUSH EBP
0040261D |. 56 PUSH ESI
0040261E |. 57 PUSH EDI
0040261F |. 8D8C24 DC0000>LEA ECX, DWORD PTR SS:[ESP+0xDC]
00402626 |. E8 15F2FFFF CALL MD5Crack.00401840 ; //MD5_Init
0040262B |. 8BAC24 540100>MOV EBP, DWORD PTR SS:[ESP+0x154]
00402632 |. 33C0 XOR EAX, EAX
00402634 |. 3BE8 CMP EBP, EAX
00402636 |. 898424 440100>MOV DWORD PTR SS:[ESP+0x144], EAX
0040263D |. 8DB424 DC0000>LEA ESI, DWORD PTR SS:[ESP+0xDC]
00402644 |. 74 04 JE SHORT MD5Crack.0040264A
00402646 |. 8B7424 10 MOV ESI, DWORD PTR SS:[ESP+0x10]
0040264A |> 884424 14 MOV BYTE PTR SS:[ESP+0x14], AL
0040264E |. B9 10000000 MOV ECX, 0x10
00402653 |. 33C0 XOR EAX, EAX
00402655 |. 8D7C24 15 LEA EDI, DWORD PTR SS:[ESP+0x15]
00402659 |. F3:AB REP STOS DWORD PTR ES:[EDI]
0040265B |. 8B06 MOV EAX, DWORD PTR DS:[ESI]
0040265D |. 8BCE MOV ECX, ESI
0040265F |. FF50 0C CALL NEAR DWORD PTR DS:[EAX+0xC] ; //MD5_Init
00402662 |. 8B9424 4C0100>MOV EDX, DWORD PTR SS:[ESP+0x14C]
00402669 |. 83C9 FF OR ECX, 0xFFFFFFFF
0040266C |. 8BFA MOV EDI, EDX
0040266E |. 33C0 XOR EAX, EAX
00402670 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00402672 |. 8B1E MOV EBX, DWORD PTR DS:[ESI]
00402674 |. F7D1 NOT ECX
00402676 |. 49 DEC ECX
00402677 |. 51 PUSH ECX
00402678 |. 52 PUSH EDX
00402679 |. 8BCE MOV ECX, ESI
0040267B |. FF53 04 CALL NEAR DWORD PTR DS:[EBX+0x4] ; //1. 用户名 2. 长度
0040267E |. 8B16 MOV EDX, DWORD PTR DS:[ESI]
00402680 |. 8D4424 14 LEA EAX, DWORD PTR SS:[ESP+0x14]
00402684 |. 50 PUSH EAX
00402685 |. 8BCE MOV ECX, ESI
00402687 |. FF52 08 CALL NEAR DWORD PTR DS:[EDX+0x8] ; //Buff
0040268A |. B9 20000000 MOV ECX, 0x20
0040268F |. 33C0 XOR EAX, EAX
00402691 |. 8D7C24 59 LEA EDI, DWORD PTR SS:[ESP+0x59]
00402695 |. C64424 58 00 MOV BYTE PTR SS:[ESP+0x58], 0x0
0040269A |. F3:AB REP STOS DWORD PTR ES:[EDI]
0040269C |. 5F POP EDI
0040269D |. 5E POP ESI
0040269E |. 85ED TEST EBP, EBP
004026A0 |. 5D POP EBP
004026A1 |. 5B POP EBX
004026A2 |. 75 14 JNZ SHORT MD5Crack.004026B8
004026A4 |. 8D4C24 48 LEA ECX, DWORD PTR SS:[ESP+0x48] ; //空Buff
004026A8 |. 8D5424 04 LEA EDX, DWORD PTR SS:[ESP+0x4] ; //新MD5
004026AC |. 51 PUSH ECX
004026AD |. 6A 10 PUSH 0x10
004026AF |. 52 PUSH EDX
004026B0 |. E8 DBFEFFFF CALL MD5Crack.00402590
004026B5 |. 83C4 0C ADD ESP, 0xC
004026B8 |> 8B8C24 400100>MOV ECX, DWORD PTR SS:[ESP+0x140]
004026BF |. 8D4424 48 LEA EAX, DWORD PTR SS:[ESP+0x48]
004026C3 |. 50 PUSH EAX ; /String2
004026C4 |. 51 PUSH ECX ; |String1
004026C5 |. FF15 00B04000 CALL NEAR DWORD PTR DS:[<&KERNEL32.lstrcpyA>] ; \lstrcpyA
004026CB |. 8B8C24 2C0100>MOV ECX, DWORD PTR SS:[ESP+0x12C]
004026D2 |. 64:890D 00000>MOV DWORD PTR FS:[0], ECX
004026D9 |. 81C4 38010000 ADD ESP, 0x138
004026DF \. C3 RETN

 

在算法call的子call 00402626中可以看到MD5_Init:

00401840 /$ 8BC1 MOV EAX, ECX
00401842 |. 33C9 XOR ECX, ECX
00401844 |. 8848 04 MOV BYTE PTR DS:[EAX+0x4], CL
00401847 |. C700 F0B04000 MOV DWORD PTR DS:[EAX], MD5Crack.0040B0F0
0040184D |. C740 08 01234>MOV DWORD PTR DS:[EAX+0x8], 0x67452301
00401854 |. C740 0C 89ABC>MOV DWORD PTR DS:[EAX+0xC], 0xEFCDAB89
0040185B |. C740 10 FEDCB>MOV DWORD PTR DS:[EAX+0x10], 0x98BADCFE
00401862 |. C740 14 76543>MOV DWORD PTR DS:[EAX+0x14], 0x10325476
00401869 |. 8948 18 MOV DWORD PTR DS:[EAX+0x18], ECX
0040186C |. 8948 1C MOV DWORD PTR DS:[EAX+0x1C], ECX
0040186F \. C3 RETN

 

在算法call的子call 00402687 |. FF52 08 CALL NEAR DWORD PTR DS:[EDX+0x8] ; //MD5_Final
可以看到标准MD5:
00401BEB . FF52 10 CALL NEAR DWORD PTR DS:[EDX+0x10] ; //MD5_Final

00401C60 . 83EC 10 SUB ESP, 0x10
00401C63 . 53 PUSH EBX
00401C64 . 55 PUSH EBP
00401C65 . 56 PUSH ESI
00401C66 . 8BF1 MOV ESI, ECX
00401C68 . 57 PUSH EDI
00401C69 . 8B5E 14 MOV EBX, DWORD PTR DS:[ESI+0x14]
00401C6C . 8B56 10 MOV EDX, DWORD PTR DS:[ESI+0x10]
00401C6F . 8B7E 0C MOV EDI, DWORD PTR DS:[ESI+0xC]
00401C72 . 8B6E 08 MOV EBP, DWORD PTR DS:[ESI+0x8]
00401C75 . 8B46 20 MOV EAX, DWORD PTR DS:[ESI+0x20] ; //取出4个初始常量
00401C78 . 8BCB MOV ECX, EBX ; //计算数据位用户名
00401C7A . 33CA XOR ECX, EDX
00401C7C . 23CF AND ECX, EDI
00401C7E . 33CB XOR ECX, EBX
00401C80 . 03CD ADD ECX, EBP
00401C82 . 8BEA MOV EBP, EDX
00401C84 . 33EF XOR EBP, EDI
00401C86 . 8D8C01 78A46A>LEA ECX, DWORD PTR DS:[ECX+EAX+0xD76AA478]
00401C8D . 8BC1 MOV EAX, ECX
00401C8F . C1E8 19 SHR EAX, 0x19
00401C92 . C1E1 07 SHL ECX, 0x7
00401C95 . 0BC1 OR EAX, ECX
00401C97 . 8B4E 24 MOV ECX, DWORD PTR DS:[ESI+0x24]
00401C9A . 03C7 ADD EAX, EDI
00401C9C . 23E8 AND EBP, EAX
00401C9E . 33EA XOR EBP, EDX
00401CA0 . 03E9 ADD EBP, ECX
00401CA2 . 8D9C2B 56B7C7>LEA EBX, DWORD PTR DS:[EBX+EBP+0xE8C7B756]
00401CA9 . 8BEF MOV EBP, EDI
00401CAB . 8BCB MOV ECX, EBX
00401CAD . 33E8 XOR EBP, EAX
00401CAF . C1E9 14 SHR ECX, 0x14
00401CB2 . C1E3 0C SHL EBX, 0xC
00401CB5 . 0BCB OR ECX, EBX
00401CB7 . 8B5E 28 MOV EBX, DWORD PTR DS:[ESI+0x28]
00401CBA . 03C8 ADD ECX, EAX
00401CBC . 23E9 AND EBP, ECX
00401CBE . 33EF XOR EBP, EDI
00401CC0 . 03EB ADD EBP, EBX
00401CC2 . 8D9C2A DB7020>LEA EBX, DWORD PTR DS:[EDX+EBP+0x242070DB]
00401CC9 . 8BE9 MOV EBP, ECX
00401CCB . 8BD3 MOV EDX, EBX
00401CCD . 33E8 XOR EBP, EAX
00401CCF . C1EA 0F SHR EDX, 0xF
00401CD2 . C1E3 11 SHL EBX, 0x11
00401CD5 . 0BD3 OR EDX, EBX
00401CD7 . 8B5E 2C MOV EBX, DWORD PTR DS:[ESI+0x2C]
00401CDA . 03D1 ADD EDX, ECX
00401CDC . 23EA AND EBP, EDX
00401CDE . 33E8 XOR EBP, EAX
00401CE0 . 03EB ADD EBP, EBX
00401CE2 . 8D9C2F EECEBD>LEA EBX, DWORD PTR DS:[EDI+EBP+0xC1BDCEEE]
00401CE9 . 8BE9 MOV EBP, ECX
00401CEB . 8BFB MOV EDI, EBX
00401CED . 33EA XOR EBP, EDX
00401CEF . C1E7 16 SHL EDI, 0x16
00401CF2 . C1EB 0A SHR EBX, 0xA
00401CF5 . 0BFB OR EDI, EBX
00401CF7 . 8B5E 30 MOV EBX, DWORD PTR DS:[ESI+0x30]
00401CFA . 03FA ADD EDI, EDX
00401CFC . 23EF AND EBP, EDI
00401CFE . 33E9 XOR EBP, ECX
00401D00 . 03EB ADD EBP, EBX
00401D02 . 8D8428 AF0F7C>LEA EAX, DWORD PTR DS:[EAX+EBP+0xF57C0FAF]
00401D09 . 8BEA MOV EBP, EDX
00401D0B . 8BD8 MOV EBX, EAX
00401D0D . 33EF XOR EBP, EDI
00401D0F . C1EB 19 SHR EBX, 0x19
00401D12 . C1E0 07 SHL EAX, 0x7
00401D15 . 0BD8 OR EBX, EAX
00401D17 . 8B46 34 MOV EAX, DWORD PTR DS:[ESI+0x34]
00401D1A . 03DF ADD EBX, EDI
00401D1C . 23EB AND EBP, EBX
00401D1E . 33EA XOR EBP, EDX
00401D20 . 03E8 ADD EBP, EAX
00401D22 . 8D8C29 2AC687>LEA ECX, DWORD PTR DS:[ECX+EBP+0x4787C62A]
00401D29 . 8BC1 MOV EAX, ECX
00401D2B . C1E8 14 SHR EAX, 0x14
00401D2E . C1E1 0C SHL ECX, 0xC
00401D31 . 0BC1 OR EAX, ECX
00401D33 . 03C3 ADD EAX, EBX
00401D35 . 8B4E 38 MOV ECX, DWORD PTR DS:[ESI+0x38]
00401D38 . 8BEF MOV EBP, EDI
00401D3A . 33EB XOR EBP, EBX
00401D3C . 23E8 AND EBP, EAX
00401D3E . 33EF XOR EBP, EDI
00401D40 . 03E9 ADD EBP, ECX
00401D42 . 8D942A 134630>LEA EDX, DWORD PTR DS:[EDX+EBP+0xA8304613]
00401D49 . 8BE8 MOV EBP, EAX
00401D4B . 8BCA MOV ECX, EDX
00401D4D . 33EB XOR EBP, EBX
00401D4F . C1E9 0F SHR ECX, 0xF
00401D52 . C1E2 11 SHL EDX, 0x11
00401D55 . 0BCA OR ECX, EDX
00401D57 . 8B56 3C MOV EDX, DWORD PTR DS:[ESI+0x3C]
00401D5A . 03C8 ADD ECX, EAX
00401D5C . 23E9 AND EBP, ECX
00401D5E . 33EB XOR EBP, EBX
00401D60 . 03EA ADD EBP, EDX
00401D62 . 8DBC2F 019546>LEA EDI, DWORD PTR DS:[EDI+EBP+0xFD469501]
00401D69 . 8BE8 MOV EBP, EAX
00401D6B . 8BD7 MOV EDX, EDI
00401D6D . 33E9 XOR EBP, ECX
00401D6F . C1E2 16 SHL EDX, 0x16
00401D72 . C1EF 0A SHR EDI, 0xA
00401D75 . 0BD7 OR EDX, EDI
00401D77 . 8B7E 40 MOV EDI, DWORD PTR DS:[ESI+0x40]
00401D7A . 03D1 ADD EDX, ECX
00401D7C . 23EA AND EBP, EDX
00401D7E . 33E8 XOR EBP, EAX
00401D80 . 03EF ADD EBP, EDI
00401D82 . 8D9C2B D89880>LEA EBX, DWORD PTR DS:[EBX+EBP+0x698098D8]
00401D89 . 8BE9 MOV EBP, ECX
00401D8B . 8BFB MOV EDI, EBX
00401D8D . 33EA XOR EBP, EDX
00401D8F . C1EF 19 SHR EDI, 0x19
00401D92 . C1E3 07 SHL EBX, 0x7
00401D95 . 0BFB OR EDI, EBX
00401D97 . 8B5E 44 MOV EBX, DWORD PTR DS:[ESI+0x44]
00401D9A . 03FA ADD EDI, EDX
00401D9C . 23EF AND EBP, EDI
00401D9E . 33E9 XOR EBP, ECX
00401DA0 . 03EB ADD EBP, EBX
00401DA2 . 8D8428 AFF744>LEA EAX, DWORD PTR DS:[EAX+EBP+0x8B44F7AF]
00401DA9 . 8BEA MOV EBP, EDX
00401DAB . 8BD8 MOV EBX, EAX
00401DAD . 33EF XOR EBP, EDI
00401DAF . C1EB 14 SHR EBX, 0x14
00401DB2 . C1E0 0C SHL EAX, 0xC
00401DB5 . 0BD8 OR EBX, EAX
00401DB7 . 8B46 48 MOV EAX, DWORD PTR DS:[ESI+0x48]
00401DBA . 03DF ADD EBX, EDI
00401DBC . 23EB AND EBP, EBX
00401DBE . 33EA XOR EBP, EDX
00401DC0 . 03E8 ADD EBP, EAX
00401DC2 . 8D8C29 B15BFF>LEA ECX, DWORD PTR DS:[ECX+EBP+0xFFFF5BB1]
00401DC9 . 8BEB MOV EBP, EBX
00401DCB . 8BC1 MOV EAX, ECX
00401DCD . 33EF XOR EBP, EDI
00401DCF . C1E8 0F SHR EAX, 0xF
00401DD2 . C1E1 11 SHL ECX, 0x11
00401DD5 . 0BC1 OR EAX, ECX
00401DD7 . 8B4E 4C MOV ECX, DWORD PTR DS:[ESI+0x4C]
00401DDA . 03C3 ADD EAX, EBX
00401DDC . 23E8 AND EBP, EAX
00401DDE . 33EF XOR EBP, EDI
00401DE0 . 03E9 ADD EBP, ECX
00401DE2 . 8D942A BED75C>LEA EDX, DWORD PTR DS:[EDX+EBP+0x895CD7BE]
00401DE9 . 8BEB MOV EBP, EBX
00401DEB . 8BCA MOV ECX, EDX
00401DED . 33E8 XOR EBP, EAX
00401DEF . C1E1 16 SHL ECX, 0x16
00401DF2 . C1EA 0A SHR EDX, 0xA
00401DF5 . 0BCA OR ECX, EDX
00401DF7 . 8B56 50 MOV EDX, DWORD PTR DS:[ESI+0x50]
00401DFA . 03C8 ADD ECX, EAX
00401DFC . 23E9 AND EBP, ECX
00401DFE . 33EB XOR EBP, EBX
00401E00 . 03EA ADD EBP, EDX
00401E02 . 8DBC2F 221190>LEA EDI, DWORD PTR DS:[EDI+EBP+0x6B901122]
00401E09 . 8BD7 MOV EDX, EDI
00401E0B . C1EA 19 SHR EDX, 0x19
00401E0E . C1E7 07 SHL EDI, 0x7
00401E11 . 0BD7 OR EDX, EDI
00401E13 . 8B7E 54 MOV EDI, DWORD PTR DS:[ESI+0x54]
00401E16 . 8BE8 MOV EBP, EAX
00401E18 . 03D1 ADD EDX, ECX
00401E1A . 33E9 XOR EBP, ECX
00401E1C . 23EA AND EBP, EDX
00401E1E . 33E8 XOR EBP, EAX
00401E20 . 03EF ADD EBP, EDI
00401E22 . 8B7E 58 MOV EDI, DWORD PTR DS:[ESI+0x58]
00401E25 . 8D9C2B 937198>LEA EBX, DWORD PTR DS:[EBX+EBP+0xFD987193]
00401E2C . 8BEB MOV EBP, EBX
00401E2E . C1ED 14 SHR EBP, 0x14
00401E31 . C1E3 0C SHL EBX, 0xC
00401E34 . 0BEB OR EBP, EBX
00401E36 . 8BD9 MOV EBX, ECX
00401E38 . 03EA ADD EBP, EDX
00401E3A . 33DA XOR EBX, EDX
00401E3C . 23DD AND EBX, EBP
00401E3E . 33D9 XOR EBX, ECX
00401E40 . 03DF ADD EBX, EDI
00401E42 . 8D8418 8E4379>LEA EAX, DWORD PTR DS:[EAX+EBX+0xA679438E]
00401E49 . 8BDD MOV EBX, EBP
00401E4B . 8BF8 MOV EDI, EAX
00401E4D . 33DA XOR EBX, EDX
00401E4F . C1EF 0F SHR EDI, 0xF
00401E52 . C1E0 11 SHL EAX, 0x11
00401E55 . 0BF8 OR EDI, EAX
00401E57 . 8B46 5C MOV EAX, DWORD PTR DS:[ESI+0x5C]
00401E5A . 03FD ADD EDI, EBP
00401E5C . 23DF AND EBX, EDI
00401E5E . 33DA XOR EBX, EDX
00401E60 . 03D8 ADD EBX, EAX
00401E62 . 8D8C19 2108B4>LEA ECX, DWORD PTR DS:[ECX+EBX+0x49B40821]
00401E69 . 8B5E 24 MOV EBX, DWORD PTR DS:[ESI+0x24]
00401E6C . 8BC1 MOV EAX, ECX
00401E6E . C1E0 16 SHL EAX, 0x16
00401E71 . C1E9 0A SHR ECX, 0xA
00401E74 . 0BC1 OR EAX, ECX
00401E76 . 8BCF MOV ECX, EDI
00401E78 . 03C7 ADD EAX, EDI
00401E7A . 33C8 XOR ECX, EAX
00401E7C . 23CD AND ECX, EBP
00401E7E . 33CF XOR ECX, EDI
00401E80 . 03CB ADD ECX, EBX
00401E82 . 8B5E 38 MOV EBX, DWORD PTR DS:[ESI+0x38]
00401E85 . 8D940A 62251E>LEA EDX, DWORD PTR DS:[EDX+ECX+0xF61E2562]
00401E8C . 8BCA MOV ECX, EDX
00401E8E . C1E9 1B SHR ECX, 0x1B
00401E91 . C1E2 05 SHL EDX, 0x5
00401E94 . 0BCA OR ECX, EDX
00401E96 . 8BD0 MOV EDX, EAX
00401E98 . 03C8 ADD ECX, EAX
00401E9A . 33D1 XOR EDX, ECX
00401E9C . 23D7 AND EDX, EDI
00401E9E . 33D0 XOR EDX, EAX
00401EA0 . 03D3 ADD EDX, EBX
00401EA2 . 8DAC2A 40B340>LEA EBP, DWORD PTR DS:[EDX+EBP+0xC040B340]
00401EA9 . 8BD5 MOV EDX, EBP
00401EAB . C1EA 17 SHR EDX, 0x17
00401EAE . C1E5 09 SHL EBP, 0x9
00401EB1 . 0BD5 OR EDX, EBP
00401EB3 . 8B6E 4C MOV EBP, DWORD PTR DS:[ESI+0x4C]
00401EB6 . 03D1 ADD EDX, ECX
00401EB8 . 8BDA MOV EBX, EDX
00401EBA . 33D9 XOR EBX, ECX
00401EBC . 23D8 AND EBX, EAX
00401EBE . 33D9 XOR EBX, ECX
00401EC0 . 03DD ADD EBX, EBP
00401EC2 . 8B6E 20 MOV EBP, DWORD PTR DS:[ESI+0x20]
00401EC5 . 8DBC1F 515A5E>LEA EDI, DWORD PTR DS:[EDI+EBX+0x265E5A51]
00401ECC . 8BDF MOV EBX, EDI
00401ECE . C1EB 12 SHR EBX, 0x12
00401ED1 . C1E7 0E SHL EDI, 0xE
00401ED4 . 0BDF OR EBX, EDI
00401ED6 . 8BFA MOV EDI, EDX
00401ED8 . 03DA ADD EBX, EDX
00401EDA . 33FB XOR EDI, EBX
00401EDC . 23F9 AND EDI, ECX
00401EDE . 33FA XOR EDI, EDX
00401EE0 . 03FD ADD EDI, EBP
00401EE2 . 8D8438 AAC7B6>LEA EAX, DWORD PTR DS:[EAX+EDI+0xE9B6C7AA]
00401EE9 . 8B6E 34 MOV EBP, DWORD PTR DS:[ESI+0x34]
00401EEC . 8BF8 MOV EDI, EAX
00401EEE . C1E7 14 SHL EDI, 0x14
00401EF1 . C1E8 0C SHR EAX, 0xC
00401EF4 . 0BF8 OR EDI, EAX
00401EF6 . 8BC3 MOV EAX, EBX
00401EF8 . 03FB ADD EDI, EBX
00401EFA . 33C7 XOR EAX, EDI
00401EFC . 23C2 AND EAX, EDX
00401EFE . 33C3 XOR EAX, EBX
00401F00 . 03C5 ADD EAX, EBP
00401F02 . 8B6E 48 MOV EBP, DWORD PTR DS:[ESI+0x48]
00401F05 . 8D8C01 5D102F>LEA ECX, DWORD PTR DS:[ECX+EAX+0xD62F105D]
00401F0C . 8BC1 MOV EAX, ECX
00401F0E . C1E8 1B SHR EAX, 0x1B
00401F11 . C1E1 05 SHL ECX, 0x5
00401F14 . 0BC1 OR EAX, ECX
00401F16 . 8BCF MOV ECX, EDI
00401F18 . 03C7 ADD EAX, EDI
00401F1A . 33C8 XOR ECX, EAX
00401F1C . 23CB AND ECX, EBX
00401F1E . 33CF XOR ECX, EDI
00401F20 . 03CD ADD ECX, EBP
00401F22 . 8B6E 5C MOV EBP, DWORD PTR DS:[ESI+0x5C]
00401F25 . 8D940A 531444>LEA EDX, DWORD PTR DS:[EDX+ECX+0x2441453]
00401F2C . 8BCA MOV ECX, EDX
00401F2E . C1E9 17 SHR ECX, 0x17
00401F31 . C1E2 09 SHL EDX, 0x9
00401F34 . 0BCA OR ECX, EDX
00401F36 . 03C8 ADD ECX, EAX
00401F38 . 8BD1 MOV EDX, ECX
00401F3A . 33D0 XOR EDX, EAX
00401F3C . 23D7 AND EDX, EDI
00401F3E . 33D0 XOR EDX, EAX
00401F40 . 03D5 ADD EDX, EBP
00401F42 . 8B6E 30 MOV EBP, DWORD PTR DS:[ESI+0x30]
00401F45 . 8D9C13 81E6A1>LEA EBX, DWORD PTR DS:[EBX+EDX+0xD8A1E681]
00401F4C . 8BD3 MOV EDX, EBX
00401F4E . C1EA 12 SHR EDX, 0x12
00401F51 . C1E3 0E SHL EBX, 0xE
00401F54 . 0BD3 OR EDX, EBX
00401F56 . 8BD9 MOV EBX, ECX
00401F58 . 03D1 ADD EDX, ECX
00401F5A . 33DA XOR EBX, EDX
00401F5C . 23D8 AND EBX, EAX
00401F5E . 33D9 XOR EBX, ECX
00401F60 . 03DD ADD EBX, EBP
00401F62 . 8B6E 44 MOV EBP, DWORD PTR DS:[ESI+0x44]
00401F65 . 8DBC1F C8FBD3>LEA EDI, DWORD PTR DS:[EDI+EBX+0xE7D3FBC8]
00401F6C . 8BDF MOV EBX, EDI
00401F6E . C1E3 14 SHL EBX, 0x14
00401F71 . C1EF 0C SHR EDI, 0xC
00401F74 . 0BDF OR EBX, EDI
00401F76 . 8BFA MOV EDI, EDX
00401F78 . 03DA ADD EBX, EDX
00401F7A . 33FB XOR EDI, EBX
00401F7C . 23F9 AND EDI, ECX
00401F7E . 33FA XOR EDI, EDX
00401F80 . 03FD ADD EDI, EBP
00401F82 . 8B6E 58 MOV EBP, DWORD PTR DS:[ESI+0x58]
00401F85 . 8D8438 E6CDE1>LEA EAX, DWORD PTR DS:[EAX+EDI+0x21E1CDE6]
00401F8C . 8BF8 MOV EDI, EAX
00401F8E . C1EF 1B SHR EDI, 0x1B
00401F91 . C1E0 05 SHL EAX, 0x5
00401F94 . 0BF8 OR EDI, EAX
00401F96 . 8BC3 MOV EAX, EBX
00401F98 . 03FB ADD EDI, EBX
00401F9A . 33C7 XOR EAX, EDI
00401F9C . 23C2 AND EAX, EDX
00401F9E . 33C3 XOR EAX, EBX
00401FA0 . 03C5 ADD EAX, EBP
00401FA2 . 8D8C01 D60737>LEA ECX, DWORD PTR DS:[ECX+EAX+0xC33707D6]
00401FA9 . 8BC1 MOV EAX, ECX
00401FAB . C1E8 17 SHR EAX, 0x17
00401FAE . C1E1 09 SHL ECX, 0x9
00401FB1 . 0BC1 OR EAX, ECX
00401FB3 . 03C7 ADD EAX, EDI
00401FB5 . 8BC8 MOV ECX, EAX
00401FB7 . 33CF XOR ECX, EDI
00401FB9 . 23CB AND ECX, EBX
00401FBB . 8B6E 2C MOV EBP, DWORD PTR DS:[ESI+0x2C]
00401FBE . 33CF XOR ECX, EDI
00401FC0 . 03CD ADD ECX, EBP
00401FC2 . 8B6E 40 MOV EBP, DWORD PTR DS:[ESI+0x40]
00401FC5 . 8D940A 870DD5>LEA EDX, DWORD PTR DS:[EDX+ECX+0xF4D50D87]
00401FCC . 8BCA MOV ECX, EDX
00401FCE . C1E9 12 SHR ECX, 0x12
00401FD1 . C1E2 0E SHL EDX, 0xE
00401FD4 . 0BCA OR ECX, EDX
00401FD6 . 8BD0 MOV EDX, EAX
00401FD8 . 03C8 ADD ECX, EAX
00401FDA . 33D1 XOR EDX, ECX
00401FDC . 23D7 AND EDX, EDI
00401FDE . 33D0 XOR EDX, EAX
00401FE0 . 03D5 ADD EDX, EBP
00401FE2 . 8B6E 54 MOV EBP, DWORD PTR DS:[ESI+0x54]
00401FE5 . 8D9C13 ED145A>LEA EBX, DWORD PTR DS:[EBX+EDX+0x455A14ED]
00401FEC . 8BD3 MOV EDX, EBX
00401FEE . C1E2 14 SHL EDX, 0x14
00401FF1 . C1EB 0C SHR EBX, 0xC
00401FF4 . 0BD3 OR EDX, EBX
00401FF6 . 8BD9 MOV EBX, ECX
00401FF8 . 03D1 ADD EDX, ECX
00401FFA . 33DA XOR EBX, EDX
00401FFC . 23D8 AND EBX, EAX
00401FFE . 33D9 XOR EBX, ECX
00402000 . 03DD ADD EBX, EBP
00402002 . 8B6E 28 MOV EBP, DWORD PTR DS:[ESI+0x28]
00402005 . 8DBC1F 05E9E3>LEA EDI, DWORD PTR DS:[EDI+EBX+0xA9E3E905]
0040200C . 8BDF MOV EBX, EDI
0040200E . C1EB 1B SHR EBX, 0x1B
00402011 . C1E7 05 SHL EDI, 0x5
00402014 . 0BDF OR EBX, EDI
00402016 . 8BFA MOV EDI, EDX
00402018 . 03DA ADD EBX, EDX
0040201A . 33FB XOR EDI, EBX
0040201C . 23F9 AND EDI, ECX
0040201E . 33FA XOR EDI, EDX
00402020 . 03FD ADD EDI, EBP
00402022 . 8B6E 3C MOV EBP, DWORD PTR DS:[ESI+0x3C]
00402025 . 8D8438 F8A3EF>LEA EAX, DWORD PTR DS:[EAX+EDI+0xFCEFA3F8]
0040202C . 8BF8 MOV EDI, EAX
0040202E . C1EF 17 SHR EDI, 0x17
00402031 . C1E0 09 SHL EAX, 0x9
00402034 . 0BF8 OR EDI, EAX
00402036 . 03FB ADD EDI, EBX
00402038 . 8BC7 MOV EAX, EDI
0040203A . 33C3 XOR EAX, EBX
0040203C . 23C2 AND EAX, EDX
0040203E . 33C3 XOR EAX, EBX
00402040 . 03C5 ADD EAX, EBP
00402042 . 8D8C01 D9026F>LEA ECX, DWORD PTR DS:[ECX+EAX+0x676F02D9]
00402049 . 8BC7 MOV EAX, EDI
0040204B . 8BE9 MOV EBP, ECX
0040204D . C1ED 12 SHR EBP, 0x12
00402050 . C1E1 0E SHL ECX, 0xE
00402053 . 0BE9 OR EBP, ECX
00402055 . 8B4E 50 MOV ECX, DWORD PTR DS:[ESI+0x50]
00402058 . 03EF ADD EBP, EDI
0040205A . 33C5 XOR EAX, EBP
0040205C . 894424 1C MOV DWORD PTR SS:[ESP+0x1C], EAX
00402060 . 23C3 AND EAX, EBX
00402062 . 33C7 XOR EAX, EDI
00402064 . 03C1 ADD EAX, ECX
00402066 . 8B4C24 1C MOV ECX, DWORD PTR SS:[ESP+0x1C]
0040206A . 8D9402 8A4C2A>LEA EDX, DWORD PTR DS:[EDX+EAX+0x8D2A4C8A]
00402071 . 8BC2 MOV EAX, EDX
00402073 . C1E0 14 SHL EAX, 0x14
00402076 . C1EA 0C SHR EDX, 0xC
00402079 . 0BC2 OR EAX, EDX
0040207B . 8B56 34 MOV EDX, DWORD PTR DS:[ESI+0x34]
0040207E . 03C5 ADD EAX, EBP
00402080 . 33C8 XOR ECX, EAX
00402082 . 03CA ADD ECX, EDX
00402084 . 8BD5 MOV EDX, EBP
00402086 . 8D9C0B 4239FA>LEA EBX, DWORD PTR DS:[EBX+ECX+0xFFFA3942]
0040208D . 8BCB MOV ECX, EBX
0040208F . C1E9 1C SHR ECX, 0x1C
00402092 . C1E3 04 SHL EBX, 0x4
00402095 . 0BCB OR ECX, EBX
00402097 . 03C8 ADD ECX, EAX
00402099 . 8B5E 40 MOV EBX, DWORD PTR DS:[ESI+0x40]
0040209C . 33D0 XOR EDX, EAX
0040209E . 33D1 XOR EDX, ECX
004020A0 . 03D3 ADD EDX, EBX
004020A2 . 8B5E 4C MOV EBX, DWORD PTR DS:[ESI+0x4C]
004020A5 . 8DBC17 81F671>LEA EDI, DWORD PTR DS:[EDI+EDX+0x8771F681]
004020AC . 8BD7 MOV EDX, EDI
004020AE . C1EA 15 SHR EDX, 0x15
004020B1 . C1E7 0B SHL EDI, 0xB
004020B4 . 0BD7 OR EDX, EDI
004020B6 . 03D1 ADD EDX, ECX
004020B8 . 8BFA MOV EDI, EDX
004020BA . 33F8 XOR EDI, EAX
004020BC . 33F9 XOR EDI, ECX
004020BE . 03FB ADD EDI, EBX
004020C0 . 8BDA MOV EBX, EDX
004020C2 . 8DAC2F 22619D>LEA EBP, DWORD PTR DS:[EDI+EBP+0x6D9D6122]
004020C9 . 8BFD MOV EDI, EBP
004020CB . C1EF 10 SHR EDI, 0x10
004020CE . C1E5 10 SHL EBP, 0x10
004020D1 . 0BFD OR EDI, EBP
004020D3 . 03FA ADD EDI, EDX
004020D5 . 33DF XOR EBX, EDI
004020D7 . 8BEB MOV EBP, EBX
004020D9 . 33E9 XOR EBP, ECX
004020DB . 036E 58 ADD EBP, DWORD PTR DS:[ESI+0x58]
004020DE . 8DAC28 0C38E5>LEA EBP, DWORD PTR DS:[EAX+EBP+0xFDE5380C]
004020E5 . 8BC5 MOV EAX, EBP
004020E7 . C1E0 17 SHL EAX, 0x17
004020EA . C1ED 09 SHR EBP, 0x9
004020ED . 0BC5 OR EAX, EBP
004020EF . 8B6E 24 MOV EBP, DWORD PTR DS:[ESI+0x24]
004020F2 . 03C7 ADD EAX, EDI
004020F4 . 33D8 XOR EBX, EAX
004020F6 . 03DD ADD EBX, EBP
004020F8 . 8B6E 30 MOV EBP, DWORD PTR DS:[ESI+0x30]
004020FB . 8D9C19 44EABE>LEA EBX, DWORD PTR DS:[ECX+EBX+0xA4BEEA44]
00402102 . 8BCB MOV ECX, EBX
00402104 . C1E9 1C SHR ECX, 0x1C
00402107 . C1E3 04 SHL EBX, 0x4
0040210A . 0BCB OR ECX, EBX
0040210C . 8BDF MOV EBX, EDI
0040210E . 03C8 ADD ECX, EAX
00402110 . 33D8 XOR EBX, EAX
00402112 . 33D9 XOR EBX, ECX
00402114 . 03DD ADD EBX, EBP
00402116 . 8B6E 3C MOV EBP, DWORD PTR DS:[ESI+0x3C]
00402119 . 8D9C1A A9CFDE>LEA EBX, DWORD PTR DS:[EDX+EBX+0x4BDECFA9]
00402120 . 8BD3 MOV EDX, EBX
00402122 . C1EA 15 SHR EDX, 0x15
00402125 . C1E3 0B SHL EBX, 0xB
00402128 . 0BD3 OR EDX, EBX
0040212A . 03D1 ADD EDX, ECX
0040212C . 8BDA MOV EBX, EDX
0040212E . 33D8 XOR EBX, EAX
00402130 . 33D9 XOR EBX, ECX
00402132 . 03DD ADD EBX, EBP
00402134 . 8D9C1F 604BBB>LEA EBX, DWORD PTR DS:[EDI+EBX+0xF6BB4B60]
0040213B . 8BFB MOV EDI, EBX
0040213D . C1EF 10 SHR EDI, 0x10
00402140 . C1E3 10 SHL EBX, 0x10
00402143 . 0BFB OR EDI, EBX
00402145 . 8BDA MOV EBX, EDX
00402147 . 03FA ADD EDI, EDX
00402149 . 33DF XOR EBX, EDI
0040214B . 8BEB MOV EBP, EBX
0040214D . 33E9 XOR EBP, ECX
0040214F . 036E 48 ADD EBP, DWORD PTR DS:[ESI+0x48]
00402152 . 8DAC28 70BCBF>LEA EBP, DWORD PTR DS:[EAX+EBP+0xBEBFBC70]
00402159 . 8BC5 MOV EAX, EBP
0040215B . C1E0 17 SHL EAX, 0x17
0040215E . C1ED 09 SHR EBP, 0x9
00402161 . 0BC5 OR EAX, EBP
00402163 . 8B6E 54 MOV EBP, DWORD PTR DS:[ESI+0x54]
00402166 . 03C7 ADD EAX, EDI
00402168 . 33D8 XOR EBX, EAX
0040216A . 03DD ADD EBX, EBP
0040216C . 8D9C19 C67E9B>LEA EBX, DWORD PTR DS:[ECX+EBX+0x289B7EC6]
00402173 . 8BCB MOV ECX, EBX
00402175 . C1E9 1C SHR ECX, 0x1C
00402178 . C1E3 04 SHL EBX, 0x4
0040217B . 8B6E 20 MOV EBP, DWORD PTR DS:[ESI+0x20]
0040217E . 0BCB OR ECX, EBX
00402180 . 8BDF MOV EBX, EDI
00402182 . 03C8 ADD ECX, EAX
00402184 . 33D8 XOR EBX, EAX
00402186 . 33D9 XOR EBX, ECX
00402188 . 03DD ADD EBX, EBP
0040218A . 8B6E 2C MOV EBP, DWORD PTR DS:[ESI+0x2C]
0040218D . 8D9C1A FA27A1>LEA EBX, DWORD PTR DS:[EDX+EBX+0xEAA127FA]
00402194 . 8BD3 MOV EDX, EBX
00402196 . C1E3 0B SHL EBX, 0xB
00402199 . C1EA 15 SHR EDX, 0x15
0040219C . 0BD3 OR EDX, EBX
0040219E . 03D1 ADD EDX, ECX
004021A0 . 8BDA MOV EBX, EDX
004021A2 . 33D8 XOR EBX, EAX
004021A4 . 33D9 XOR EBX, ECX
004021A6 . 03DD ADD EBX, EBP
004021A8 . 8D9C1F 8530EF>LEA EBX, DWORD PTR DS:[EDI+EBX+0xD4EF3085]
004021AF . 8BFB MOV EDI, EBX
004021B1 . C1EF 10 SHR EDI, 0x10
004021B4 . C1E3 10 SHL EBX, 0x10
004021B7 . 0BFB OR EDI, EBX
004021B9 . 8BDA MOV EBX, EDX
004021BB . 03FA ADD EDI, EDX
004021BD . 33DF XOR EBX, EDI
004021BF . 8BEB MOV EBP, EBX
004021C1 . 33E9 XOR EBP, ECX
004021C3 . 036E 38 ADD EBP, DWORD PTR DS:[ESI+0x38]
004021C6 . 8DAC28 051D88>LEA EBP, DWORD PTR DS:[EAX+EBP+0x4881D05]
004021CD . 8BC5 MOV EAX, EBP
004021CF . C1E0 17 SHL EAX, 0x17
004021D2 . C1ED 09 SHR EBP, 0x9
004021D5 . 0BC5 OR EAX, EBP
004021D7 . 8B6E 44 MOV EBP, DWORD PTR DS:[ESI+0x44]
004021DA . 03C7 ADD EAX, EDI
004021DC . 33D8 XOR EBX, EAX
004021DE . 03DD ADD EBX, EBP
004021E0 . 8B6E 50 MOV EBP, DWORD PTR DS:[ESI+0x50]
004021E3 . 8D9C19 39D0D4>LEA EBX, DWORD PTR DS:[ECX+EBX+0xD9D4D039]
004021EA . 8BCB MOV ECX, EBX
004021EC . C1E9 1C SHR ECX, 0x1C
004021EF . C1E3 04 SHL EBX, 0x4
004021F2 . 0BCB OR ECX, EBX
004021F4 . 8BDF MOV EBX, EDI
004021F6 . 03C8 ADD ECX, EAX
004021F8 . 33D8 XOR EBX, EAX
004021FA . 33D9 XOR EBX, ECX
004021FC . 03DD ADD EBX, EBP
004021FE . 8B6E 5C MOV EBP, DWORD PTR DS:[ESI+0x5C]
00402201 . 8D9C1A E599DB>LEA EBX, DWORD PTR DS:[EDX+EBX+0xE6DB99E5]
00402208 . 8BD3 MOV EDX, EBX
0040220A . C1EA 15 SHR EDX, 0x15
0040220D . C1E3 0B SHL EBX, 0xB
00402210 . 0BD3 OR EDX, EBX
00402212 . 03D1 ADD EDX, ECX
00402214 . 8BDA MOV EBX, EDX
00402216 . 33D8 XOR EBX, EAX
00402218 . 33D9 XOR EBX, ECX
0040221A . 03DD ADD EBX, EBP
0040221C . 8B6E 28 MOV EBP, DWORD PTR DS:[ESI+0x28]
0040221F . 8D9C1F F87CA2>LEA EBX, DWORD PTR DS:[EDI+EBX+0x1FA27CF8]
00402226 . 8BFB MOV EDI, EBX
00402228 . C1EF 10 SHR EDI, 0x10
0040222B . C1E3 10 SHL EBX, 0x10
0040222E . 0BFB OR EDI, EBX
00402230 . 8BDA MOV EBX, EDX
00402232 . 03FA ADD EDI, EDX
00402234 . 33DF XOR EBX, EDI
00402236 . 33D9 XOR EBX, ECX
00402238 . 03DD ADD EBX, EBP
0040223A . 8D9C18 6556AC>LEA EBX, DWORD PTR DS:[EAX+EBX+0xC4AC5665]
00402241 . 8BC3 MOV EAX, EBX
00402243 . C1E0 17 SHL EAX, 0x17
00402246 . C1EB 09 SHR EBX, 0x9
00402249 . 0BC3 OR EAX, EBX
0040224B . 8BDA MOV EBX, EDX
0040224D . 03C7 ADD EAX, EDI
0040224F . F7D3 NOT EBX
00402251 . 0BD8 OR EBX, EAX
00402253 . 33DF XOR EBX, EDI
00402255 . 8B6E 20 MOV EBP, DWORD PTR DS:[ESI+0x20]
00402258 . 03DD ADD EBX, EBP
0040225A . 8B6E 3C MOV EBP, DWORD PTR DS:[ESI+0x3C]
0040225D . 8D8C19 442229>LEA ECX, DWORD PTR DS:[ECX+EBX+0xF4292244]
00402264 . 8BD9 MOV EBX, ECX
00402266 . C1EB 1A SHR EBX, 0x1A
00402269 . C1E1 06 SHL ECX, 0x6
0040226C . 0BD9 OR EBX, ECX
0040226E . 8BCF MOV ECX, EDI
00402270 . 03D8 ADD EBX, EAX
00402272 . F7D1 NOT ECX
00402274 . 0BCB OR ECX, EBX
00402276 . 33C8 XOR ECX, EAX
00402278 . 03CD ADD ECX, EBP
0040227A . 8B6E 58 MOV EBP, DWORD PTR DS:[ESI+0x58]
0040227D . 8D940A 97FF2A>LEA EDX, DWORD PTR DS:[EDX+ECX+0x432AFF97]
00402284 . 8BCA MOV ECX, EDX
00402286 . C1E9 16 SHR ECX, 0x16
00402289 . C1E2 0A SHL EDX, 0xA
0040228C . 0BCA OR ECX, EDX
0040228E . 8BD0 MOV EDX, EAX
00402290 . 03CB ADD ECX, EBX
00402292 . F7D2 NOT EDX
00402294 . 0BD1 OR EDX, ECX
00402296 . 33D3 XOR EDX, EBX
00402298 . 03D5 ADD EDX, EBP
0040229A . 8B6E 34 MOV EBP, DWORD PTR DS:[ESI+0x34]
0040229D . 8DBC17 A72394>LEA EDI, DWORD PTR DS:[EDI+EDX+0xAB9423A7]
004022A4 . 8BD7 MOV EDX, EDI
004022A6 . C1EA 11 SHR EDX, 0x11
004022A9 . C1E7 0F SHL EDI, 0xF
004022AC . 0BD7 OR EDX, EDI
004022AE . 8BFB MOV EDI, EBX
004022B0 . 03D1 ADD EDX, ECX
004022B2 . F7D7 NOT EDI
004022B4 . 0BFA OR EDI, EDX
004022B6 . 33F9 XOR EDI, ECX
004022B8 . 03FD ADD EDI, EBP
004022BA . 8B6E 50 MOV EBP, DWORD PTR DS:[ESI+0x50]
004022BD . 8D8438 39A093>LEA EAX, DWORD PTR DS:[EAX+EDI+0xFC93A039]
004022C4 . 8BF8 MOV EDI, EAX
004022C6 . C1E7 15 SHL EDI, 0x15
004022C9 . C1E8 0B SHR EAX, 0xB
004022CC . 0BF8 OR EDI, EAX
004022CE . 8BC1 MOV EAX, ECX
004022D0 . 03FA ADD EDI, EDX
004022D2 . F7D0 NOT EAX
004022D4 . 0BC7 OR EAX, EDI
004022D6 . 33C2 XOR EAX, EDX
004022D8 . 03C5 ADD EAX, EBP
004022DA . 8B6E 2C MOV EBP, DWORD PTR DS:[ESI+0x2C]
004022DD . 8D8403 C3595B>LEA EAX, DWORD PTR DS:[EBX+EAX+0x655B59C3]
004022E4 . 8BD8 MOV EBX, EAX
004022E6 . C1EB 1A SHR EBX, 0x1A
004022E9 . C1E0 06 SHL EAX, 0x6
004022EC . 0BD8 OR EBX, EAX
004022EE . 8BC2 MOV EAX, EDX
004022F0 . 03DF ADD EBX, EDI
004022F2 . F7D0 NOT EAX
004022F4 . 0BC3 OR EAX, EBX
004022F6 . 33C7 XOR EAX, EDI
004022F8 . 03C5 ADD EAX, EBP
004022FA . 8B6E 48 MOV EBP, DWORD PTR DS:[ESI+0x48]
004022FD . 8D8401 92CC0C>LEA EAX, DWORD PTR DS:[ECX+EAX+0x8F0CCC92]
00402304 . 8BC8 MOV ECX, EAX
00402306 . C1E9 16 SHR ECX, 0x16
00402309 . C1E0 0A SHL EAX, 0xA
0040230C . 0BC8 OR ECX, EAX
0040230E . 8BC7 MOV EAX, EDI
00402310 . 03CB ADD ECX, EBX
00402312 . F7D0 NOT EAX
00402314 . 0BC1 OR EAX, ECX
00402316 . 33C3 XOR EAX, EBX
00402318 . 03C5 ADD EAX, EBP
0040231A . 8D8402 7DF4EF>LEA EAX, DWORD PTR DS:[EDX+EAX+0xFFEFF47D]
00402321 . 8BD0 MOV EDX, EAX
00402323 . C1EA 11 SHR EDX, 0x11
00402326 . C1E0 0F SHL EAX, 0xF
00402329 . 0BD0 OR EDX, EAX
0040232B . 8BC3 MOV EAX, EBX
0040232D . 03D1 ADD EDX, ECX
0040232F . 8B6E 24 MOV EBP, DWORD PTR DS:[ESI+0x24]
00402332 . 6A 15 PUSH 0x15
00402334 . F7D0 NOT EAX
00402336 . 0BC2 OR EAX, EDX
00402338 . 33C1 XOR EAX, ECX
0040233A . 03C5 ADD EAX, EBP
0040233C . 8B6E 40 MOV EBP, DWORD PTR DS:[ESI+0x40]
0040233F . 8DBC07 D15D84>LEA EDI, DWORD PTR DS:[EDI+EAX+0x85845DD1]
00402346 . 8BC7 MOV EAX, EDI
00402348 . C1E0 15 SHL EAX, 0x15
0040234B . C1EF 0B SHR EDI, 0xB
0040234E . 0BC7 OR EAX, EDI
00402350 . 8BF9 MOV EDI, ECX
00402352 . 03C2 ADD EAX, EDX
00402354 . F7D7 NOT EDI
00402356 . 0BF8 OR EDI, EAX
00402358 . 894424 14 MOV DWORD PTR SS:[ESP+0x14], EAX
0040235C . 33FA XOR EDI, EDX
0040235E . 03FD ADD EDI, EBP
00402360 . 8B6E 5C MOV EBP, DWORD PTR DS:[ESI+0x5C]
00402363 . 8D9C3B 4F7EA8>LEA EBX, DWORD PTR DS:[EBX+EDI+0x6FA87E4F]
0040236A . 8BFB MOV EDI, EBX
0040236C . C1EF 1A SHR EDI, 0x1A
0040236F . C1E3 06 SHL EBX, 0x6
00402372 . 0BFB OR EDI, EBX
00402374 . 8BDA MOV EBX, EDX
00402376 . 03F8 ADD EDI, EAX
00402378 . F7D3 NOT EBX
0040237A . 0BDF OR EBX, EDI
0040237C . 897C24 18 MOV DWORD PTR SS:[ESP+0x18], EDI
00402380 . 33D8 XOR EBX, EAX
00402382 . 03DD ADD EBX, EBP
00402384 . 8B6E 38 MOV EBP, DWORD PTR DS:[ESI+0x38]
00402387 . F7D0 NOT EAX
00402389 . 8D8C19 E0E62C>LEA ECX, DWORD PTR DS:[ECX+EBX+0xFE2CE6E0]
00402390 . 8BD9 MOV EBX, ECX
00402392 . C1EB 16 SHR EBX, 0x16
00402395 . C1E1 0A SHL ECX, 0xA
00402398 . 0BD9 OR EBX, ECX
0040239A . 03DF ADD EBX, EDI
0040239C . 0BC3 OR EAX, EBX
0040239E . 895C24 20 MOV DWORD PTR SS:[ESP+0x20], EBX
004023A2 . 33C7 XOR EAX, EDI
004023A4 . 03C5 ADD EAX, EBP
004023A6 . 8D8402 144301>LEA EAX, DWORD PTR DS:[EDX+EAX+0xA3014314]
004023AD . 8BC8 MOV ECX, EAX
004023AF . C1E9 11 SHR ECX, 0x11
004023B2 . C1E0 0F SHL EAX, 0xF
004023B5 . 0BC8 OR ECX, EAX
004023B7 . 8B46 54 MOV EAX, DWORD PTR DS:[ESI+0x54]
004023BA . 05 A111084E ADD EAX, 0x4E0811A1
004023BF . 03CB ADD ECX, EBX
004023C1 . 50 PUSH EAX
004023C2 . 57 PUSH EDI
004023C3 . 53 PUSH EBX
004023C4 . 894C24 28 MOV DWORD PTR SS:[ESP+0x28], ECX
004023C8 . 51 PUSH ECX
004023C9 . 8D4C24 24 LEA ECX, DWORD PTR SS:[ESP+0x24]
004023CD . 51 PUSH ECX
004023CE . 68 C0244000 PUSH MD5Crack.004024C0
004023D3 . E8 08010000 CALL MD5Crack.004024E0
004023D8 . 8B56 30 MOV EDX, DWORD PTR DS:[ESI+0x30]
004023DB . 8B4424 38 MOV EAX, DWORD PTR SS:[ESP+0x38]
004023DF . 8B4C24 34 MOV ECX, DWORD PTR SS:[ESP+0x34]
004023E3 . 81EA 7E81AC08 SUB EDX, 0x8AC817E
004023E9 . 6A 06 PUSH 0x6
004023EB . 52 PUSH EDX
004023EC . 8B5424 34 MOV EDX, DWORD PTR SS:[ESP+0x34]
004023F0 . 50 PUSH EAX
004023F1 . 51 PUSH ECX
004023F2 . 8D4424 40 LEA EAX, DWORD PTR SS:[ESP+0x40]
004023F6 . 52 PUSH EDX
004023F7 . 50 PUSH EAX
004023F8 . 68 C0244000 PUSH MD5Crack.004024C0
004023FD . E8 DE000000 CALL MD5Crack.004024E0
00402402 . 8B4E 4C MOV ECX, DWORD PTR DS:[ESI+0x4C]
00402405 . 8B5424 50 MOV EDX, DWORD PTR SS:[ESP+0x50]
00402409 . 81E9 CB0DC542 SUB ECX, 0x42C50DCB
0040240F . 6A 0A PUSH 0xA
00402411 . 51 PUSH ECX
00402412 . 52 PUSH EDX
00402413 . 8B4424 54 MOV EAX, DWORD PTR SS:[ESP+0x54]
00402417 . 8B4C24 58 MOV ECX, DWORD PTR SS:[ESP+0x58]
0040241B . 50 PUSH EAX
0040241C . 8D5424 64 LEA EDX, DWORD PTR SS:[ESP+0x64]
00402420 . 51 PUSH ECX
00402421 . 52 PUSH EDX
00402422 . 68 C0244000 PUSH MD5Crack.004024C0
00402427 . E8 B4000000 CALL MD5Crack.004024E0
0040242C . 8B46 28 MOV EAX, DWORD PTR DS:[ESI+0x28]
0040242F . 8B4C24 64 MOV ECX, DWORD PTR SS:[ESP+0x64]
00402433 . 8B5424 68 MOV EDX, DWORD PTR SS:[ESP+0x68]
00402437 . 83C4 54 ADD ESP, 0x54
0040243A . 05 BBD2D72A ADD EAX, 0x2AD7D2BB
0040243F . 6A 0F PUSH 0xF
00402441 . 50 PUSH EAX
00402442 . 8B4424 24 MOV EAX, DWORD PTR SS:[ESP+0x24]
00402446 . 51 PUSH ECX
00402447 . 52 PUSH EDX
00402448 . 8D4C24 28 LEA ECX, DWORD PTR SS:[ESP+0x28]
0040244C . 50 PUSH EAX
0040244D . 51 PUSH ECX
0040244E . 68 C0244000 PUSH MD5Crack.004024C0
00402453 . E8 88000000 CALL MD5Crack.004024E0
00402458 . 8B56 44 MOV EDX, DWORD PTR DS:[ESI+0x44]
0040245B . 8B4424 30 MOV EAX, DWORD PTR SS:[ESP+0x30]
0040245F . 8B4C24 38 MOV ECX, DWORD PTR SS:[ESP+0x38]
00402463 . 81EA 6F2C7914 SUB EDX, 0x14792C6F
00402469 . 6A 15 PUSH 0x15
0040246B . 52 PUSH EDX
0040246C . 8B5424 3C MOV EDX, DWORD PTR SS:[ESP+0x3C]
00402470 . 50 PUSH EAX
00402471 . 51 PUSH ECX
00402472 . 8D4424 3C LEA EAX, DWORD PTR SS:[ESP+0x3C]
00402476 . 52 PUSH EDX
00402477 . 50 PUSH EAX
00402478 . 68 C0244000 PUSH MD5Crack.004024C0
0040247D . E8 5E000000 CALL MD5Crack.004024E0
00402482 . 8B4C24 4C MOV ECX, DWORD PTR SS:[ESP+0x4C]
00402486 . 8B5E 08 MOV EBX, DWORD PTR DS:[ESI+0x8]
00402489 . 8B4424 50 MOV EAX, DWORD PTR SS:[ESP+0x50]
0040248D . 8B5424 48 MOV EDX, DWORD PTR SS:[ESP+0x48]
00402491 . 8B7E 0C MOV EDI, DWORD PTR DS:[ESI+0xC]
00402494 . 03D9 ADD EBX, ECX
00402496 . 8B4E 10 MOV ECX, DWORD PTR DS:[ESI+0x10]
00402499 . 83C4 38 ADD ESP, 0x38
0040249C . 03C8 ADD ECX, EAX
0040249E . 8B46 14 MOV EAX, DWORD PTR DS:[ESI+0x14]
004024A1 . 894E 10 MOV DWORD PTR DS:[ESI+0x10], ECX
004024A4 . 8B4C24 1C MOV ECX, DWORD PTR SS:[ESP+0x1C]
004024A8 . 03FA ADD EDI, EDX
004024AA . 03C1 ADD EAX, ECX
004024AC . 897E 0C MOV DWORD PTR DS:[ESI+0xC], EDI
004024AF . 895E 08 MOV DWORD PTR DS:[ESI+0x8], EBX
004024B2 . 8946 14 MOV DWORD PTR DS:[ESI+0x14], EAX
004024B5 . 5F POP EDI
004024B6 . 5E POP ESI
004024B7 . 5D POP EBP
004024B8 . 5B POP EBX
004024B9 . 83C4 10 ADD ESP, 0x10
004024BC . C3 RETN
004024BD 90 NOP
004024BE 90 NOP
004024BF 90 NOP
004024C0 . 8B4424 0C MOV EAX, DWORD PTR SS:[ESP+0xC]
004024C4 . 8B4C24 04 MOV ECX, DWORD PTR SS:[ESP+0x4]
004024C8 . F7D0 NOT EAX
004024CA . 0BC1 OR EAX, ECX
004024CC . 8B4C24 08 MOV ECX, DWORD PTR SS:[ESP+0x8]
004024D0 . 33C1 XOR EAX, ECX
004024D2 . C3 RETN

 

最后将16字节MD5值变换成32字节的算法CALL在 004026B0 |. E8 DBFEFFFF CALL MD5Crack.00402590

00402590 /$ 8B4424 08 MOV EAX, DWORD PTR SS:[ESP+0x8]
00402594 |. 53 PUSH EBX
00402595 |. 8B5C24 08 MOV EBX, DWORD PTR SS:[ESP+0x8]
00402599 |. 55 PUSH EBP
0040259A |. 8B6C24 14 MOV EBP, DWORD PTR SS:[ESP+0x14]
0040259E |. 85C0 TEST EAX, EAX
004025A0 |. C645 00 00 MOV BYTE PTR SS:[EBP], 0x0
004025A4 |. 7E 4D JLE SHORT MD5Crack.004025F3
004025A6 |. 56 PUSH ESI
004025A7 |. 57 PUSH EDI
004025A8 |. 894424 1C MOV DWORD PTR SS:[ESP+0x1C], EAX
004025AC |> 8A0B /MOV CL, BYTE PTR DS:[EBX]
004025AE |. 8D4424 14 |LEA EAX, DWORD PTR SS:[ESP+0x14]
004025B2 |. 50 |PUSH EAX
004025B3 |. 51 |PUSH ECX
004025B4 |. E8 A7FFFFFF |CALL MD5Crack.00402560 ; //取MD5的第1字节,分别取出高低4位作为下标查表
004025B9 |. 8D7C24 1C |LEA EDI, DWORD PTR SS:[ESP+0x1C] ; //查表结果放入新Buff
004025BD |. 83C9 FF |OR ECX, 0xFFFFFFFF
004025C0 |. 33C0 |XOR EAX, EAX
004025C2 |. 83C4 08 |ADD ESP, 0x8
004025C5 |. F2:AE |REPNE SCAS BYTE PTR ES:[EDI]
004025C7 |. F7D1 |NOT ECX
004025C9 |. 2BF9 |SUB EDI, ECX
004025CB |. 8BF7 |MOV ESI, EDI
004025CD |. 8BD1 |MOV EDX, ECX
004025CF |. 8BFD |MOV EDI, EBP
004025D1 |. 83C9 FF |OR ECX, 0xFFFFFFFF
004025D4 |. F2:AE |REPNE SCAS BYTE PTR ES:[EDI]
004025D6 |. 8BCA |MOV ECX, EDX
004025D8 |. 4F |DEC EDI
004025D9 |. C1E9 02 |SHR ECX, 0x2
004025DC |. F3:A5 |REP MOVS DWORD PTR ES:[EDI], DWORD PTR DS:[ESI]
004025DE |. 8B4424 1C |MOV EAX, DWORD PTR SS:[ESP+0x1C]
004025E2 |. 8BCA |MOV ECX, EDX
004025E4 |. 83E1 03 |AND ECX, 0x3
004025E7 |. 43 |INC EBX
004025E8 |. 48 |DEC EAX
004025E9 |. F3:A4 |REP MOVS BYTE PTR ES:[EDI], BYTE PTR DS:[ESI]
004025EB |. 894424 1C |MOV DWORD PTR SS:[ESP+0x1C], EAX
004025EF |.^ 75 BB \JNZ SHORT MD5Crack.004025AC
004025F1 |. 5F POP EDI ; //将16字节的MD5转换成32字节的
004025F2 |. 5E POP ESI
004025F3 |> 5D POP EBP
004025F4 |. 5B POP EBX
004025F5 \. C3 RETN

 

最后注册码和转换后32字节的MD5比较:

004026E0 /$ 81EC 00020000 SUB ESP, 0x200
004026E6 |. 56 PUSH ESI
004026E7 |. 57 PUSH EDI
004026E8 |. B9 3F000000 MOV ECX, 0x3F
004026ED |. 33C0 XOR EAX, EAX
004026EF |. 8D7C24 09 LEA EDI, DWORD PTR SS:[ESP+0x9]
004026F3 |. C64424 08 00 MOV BYTE PTR SS:[ESP+0x8], 0x0
004026F8 |. F3:AB REP STOS DWORD PTR ES:[EDI]
004026FA |. 66:AB STOS WORD PTR ES:[EDI]
004026FC |. AA STOS BYTE PTR ES:[EDI]
004026FD |. B9 3F000000 MOV ECX, 0x3F
00402702 |. 33C0 XOR EAX, EAX
00402704 |. 8DBC24 090100>LEA EDI, DWORD PTR SS:[ESP+0x109]
0040270B |. C68424 080100>MOV BYTE PTR SS:[ESP+0x108], 0x0
00402713 |. F3:AB REP STOS DWORD PTR ES:[EDI]
00402715 |. 66:AB STOS WORD PTR ES:[EDI]
00402717 |. 8B35 00B04000 MOV ESI, DWORD PTR DS:[<&KERNEL32.lstrcpyA>] ; kernel32.lstrcpyA
0040271D |. 8D4C24 08 LEA ECX, DWORD PTR SS:[ESP+0x8]
00402721 |. AA STOS BYTE PTR ES:[EDI]
00402722 |. 8B8424 0C0200>MOV EAX, DWORD PTR SS:[ESP+0x20C]
00402729 |. 50 PUSH EAX ; /String2
0040272A |. 51 PUSH ECX ; |String1
0040272B |. FFD6 CALL NEAR ESI ; \lstrcpyA
0040272D |. 8B9424 100200>MOV EDX, DWORD PTR SS:[ESP+0x210]
00402734 |. 8D8424 080100>LEA EAX, DWORD PTR SS:[ESP+0x108]
0040273B |. 52 PUSH EDX ; /String2
0040273C |. 50 PUSH EAX ; |String1
0040273D |. FFD6 CALL NEAR ESI ; \lstrcpyA
0040273F |. 8DBC24 080100>LEA EDI, DWORD PTR SS:[ESP+0x108]
00402746 |. 83C9 FF OR ECX, 0xFFFFFFFF
00402749 |. 33C0 XOR EAX, EAX
0040274B |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
0040274D |. F7D1 NOT ECX
0040274F |. 49 DEC ECX ; //MD5长度
00402750 |. 8D7C24 08 LEA EDI, DWORD PTR SS:[ESP+0x8]
00402754 |. 8BD1 MOV EDX, ECX
00402756 |. 83C9 FF OR ECX, 0xFFFFFFFF
00402759 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
0040275B |. F7D1 NOT ECX
0040275D |. 49 DEC ECX ; //注册码长度
0040275E |. 3BCA CMP ECX, EDX
00402760 |. 75 40 JNZ SHORT MD5Crack.004027A2 ; //两者长度不等直接返回0
00402762 |. 8D7C24 08 LEA EDI, DWORD PTR SS:[ESP+0x8]
00402766 |. 83C9 FF OR ECX, 0xFFFFFFFF
00402769 |. 33D2 XOR EDX, EDX
0040276B |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
0040276D |. F7D1 NOT ECX
0040276F |. 49 DEC ECX
00402770 |. 74 22 JE SHORT MD5Crack.00402794
00402772 |> 8A4414 08 /MOV AL, BYTE PTR SS:[ESP+EDX+0x8]
00402776 |. 8A8C14 080100>|MOV CL, BYTE PTR SS:[ESP+EDX+0x108]
0040277D |. 3AC1 |CMP AL, CL
0040277F |. 75 21 |JNZ SHORT MD5Crack.004027A2
00402781 |. 8D7C24 08 |LEA EDI, DWORD PTR SS:[ESP+0x8]
00402785 |. 83C9 FF |OR ECX, 0xFFFFFFFF ; //按字节比较
00402788 |. 33C0 |XOR EAX, EAX
0040278A |. 42 |INC EDX
0040278B |. F2:AE |REPNE SCAS BYTE PTR ES:[EDI]
0040278D |. F7D1 |NOT ECX
0040278F |. 49 |DEC ECX
00402790 |. 3BD1 |CMP EDX, ECX
00402792 |.^ 72 DE \JB SHORT MD5Crack.00402772
00402794 |> 5F POP EDI
00402795 |. B8 01000000 MOV EAX, 0x1 ; //都相等返回为1
0040279A |. 5E POP ESI
0040279B |. 81C4 00020000 ADD ESP, 0x200
004027A1 |. C3 RETN
004027A2 |> 5F POP EDI
004027A3 |. 33C0 XOR EAX, EAX
004027A5 |. 5E POP ESI
004027A6 |. 81C4 00020000 ADD ESP, 0x200
004027AC \. C3 RETN

------------------------------------------------------------------------
【破解总结】软件使用标准MD5算法对输入的用户名进行计算,将计算后的16字节MD5值转换成32字节即为真正地注册码。
------------------------------------------------------------------------
【版权声明】无

[MD5算法练习] MD5CrackMe算法分析

标签:

原文地址:http://www.cnblogs.com/dacainiao/p/5551226.html
(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
分享档案
更多>
2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)
周排行
mamicode.com排行更多图片
更多
友情链接
兰亭集智   国之画   百度统计   站长统计   阿里云   chrome插件   新版天听网
关于我们 - 联系我们 - 留言反馈
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!