Ãû³Æ£ºMultiSQL 1.0
ÊÚȨ·½Ê½£º¹²Ïí£¨×¢²á·Ñ99ÃÀÔª£©
ϵͳ»ù±¾ÅäÖãºWindows 95/98/NT
×÷Õߣ¨¹«Ë¾£©£ºLegitima Software (http://www.legitima.com/)
Èí¼þ¼ò½é£ºÐÞ¸Ä×Ô¼ºµÄÊý¾Ý¿âµÄSQLÔ´´úÂ룬MultiSQL¶¼²»ÐèÒªÐÞÕýÌض¨Æ½Ì¨½Å±¾£¬ÄÚÖõÄ
Ô¤´¦Àí³ÌÐò£¬¿ÉÒÔÕë¶Ôÿһ¸öÄãÏëʹÄãµÄÊý¾Ý¿âÓõÄƽ̨£¬Éú³É²»Í¬°æ±¾µÄÌض¨½Å±¾¡£
×·×Ù£ºname:dahuilang
RN:01234567
ÏÖÔÚ¿ªÊ¼×·×ÙÕâ¸öÈí¼þ£¬Õâ¸öÈç¹ûʹÓÃÐ޸ĵķ½·¨¶ÔËü½øÐÐÆƽ⻹ÊǺܺÃÆƽâµÄ£¬Ëüû
Óмӿǣ¬ËùÒÔÖ»ÒªÐÞ¸ÄÁ½´¦¾Í¿ÉÒÔÁË¡£µ«ÊÇÄãÒªÊÇÏëµÃµ½Õâ¸öÈí¼þµÄ×¢²áÂë¾ÍÒ»¶¨Òª·ÖÎöËü
µÄËã·¨ÁË£¬Òª²»ÄãÊÇÎÞ·¨µÃµ½×¢²áÂëµÄ¡£
ÏÖÔÚʹÓÃbpx hmemcpyÀ´½øÐÐÀ¹½Ø³ÌÐò£¬Õâ¸ö³ÌÐòÏÖÔÚÓ¦µ±ÌáÒ»µãµÄÊÇ£¬Èç¹ûÄã×¢²áʧ°Ü
µÄ»°£¬ËüûÓÐÈκÎÌáʾ£¬ËùÒÔÕâÀïÖ»ºÃʹÓÃÊÔÁË¡£
:004575ED E87E78FDFF call 0042EE70
:004575F2 8B45FC mov eax, dword ptr [ebp-04] <-¼Óµ½Ö÷³ÌÐòÖÐ
:004575F5 50 push eax
:004575F6 8D55F8 lea edx, dword ptr [ebp-08] * Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045758A(C)
|
:004575F9 8B83E8020000 mov eax, dword ptr [ebx+000002E8]
:004575FF E86C78FDFF call 0042EE70
:00457604 8B55F8 mov edx, dword ptr [ebp-08]
:00457607 8B83EC020000 mov eax, dword ptr [ebx+000002EC]
:0045760D 59 pop ecx
:0045760E E845070000 call 00457D58
:00457613 48 dec eax
:00457614 2C02 sub al, 02
:00457616 7204 jb 0045761C
:00457618 741E je 00457638
:0045761A EB36 jmp 00457652 * Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00457616(C)
|
:0045761C 8B83EC020000 mov eax, dword ptr [ebx+000002EC]
:00457622 8B4854 mov ecx, dword ptr [eax+54]
:00457625 B201 mov dl, 01
:00457627 A1AC754000 mov eax, dword ptr [004075AC]
:0045762C E86736FBFF call 0040AC98
:00457631 E836C0FAFF call 0040366C * Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004575C7(C)
|
:00457636 EB1A jmp 00457652 * Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00457618(C)
|
:00457638 8B83EC020000 mov eax, dword ptr [ebx+000002EC]
:0045763E 8B4850 mov ecx, dword ptr [eax+50]
:00457641 B201 mov dl, 01
:00457643 A1AC754000 mov eax, dword ptr [004075AC]
:00457648 E84B36FBFF call 0040AC98
:0045764D E81AC0FAFF call 0040366C * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0045761A(U), :00457636(U)
|
:00457652 C7833402000001000000 mov dword ptr [ebx+00000234], 00000001
:0045765C 33C0 xor eax, eax
:0045765E 5A pop edx
:0045765F 59 pop ecx
:00457660 59 pop ecx
:00457661 648910 mov dword ptr fs:[eax], edx
:00457664 687E764500 push 0045767E * Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045767C(U)
|
:00457669 8D45F8 lea eax, dword ptr [ebp-08]
:0045766C BA02000000 mov edx, 00000002
:00457671 E866C5FAFF call 00403BDC
:00457676 C3 ret
³ÌÐò´ÓÉÏÃæµÄµØ·½³öÀ´ºó£¬ÔÚÏÂÃæ²»Ô¶´¦¾ÍÓÐÒ»¸öÓ»Ô¾µÄµØ·½£¬ÆäʵÕâ¸öµØ·½¾ÍÊǹؼüµÄ
±È½ÏµØ·½£¬Èç¹ûÏëʹÓÃÐ޸ķ½·¨ÕâÀォÊǵÚÒ»´¦Ð޸ĵĵط½£¬µ«ÊǽñÌìÔÚÕâÀïÏëµÃµ½×¢²áÂë
µÄ£¬ËùÒÔÖ»ºÃ½øÈëÄǸöcallÖС£
|:0045760E , :00457ECE
|
:00457D58 55 push ebp
:00457D59 8BEC mov ebp, esp
:00457D5B 81C4DCFEFFFF add esp, FFFFFEDC
:00457D61 53 push ebx
:00457D62 33DB xor ebx, ebx
:00457D64 899DDCFEFFFF mov dword ptr [ebp+FFFFFEDC], ebx
:00457D6A 894DF4 mov dword ptr [ebp-0C], ecx
:00457D6D 8955F8 mov dword ptr [ebp-08], edx
:00457D70 8945FC mov dword ptr [ebp-04], eax
:00457D73 8B45F8 mov eax, dword ptr [ebp-08]
:00457D76 E871C2FAFF call 00403FEC
:00457D7B 8B45F4 mov eax, dword ptr [ebp-0C]
:00457D7E E869C2FAFF call 00403FEC
:00457D83 33C0 xor eax, eax
:00457D85 55 push ebp
:00457D86 68AD7E4500 push 00457EAD
:00457D8B 64FF30 push dword ptr fs:[eax]
:00457D8E 648920 mov dword ptr fs:[eax], esp
:00457D91 8B45FC mov eax, dword ptr [ebp-04]
:00457D94 66C740260000 mov [eax+26], 0000
:00457D9A 8B45FC mov eax, dword ptr [ebp-04]
:00457D9D 66C740380000 mov [eax+38], 0000
:00457DA3 8B45FC mov eax, dword ptr [ebp-04]
:00457DA6 83C03C add eax, 0000003C
:00457DA9 E80ABEFAFF call 00403BB8
:00457DAE 837DF800 cmp dword ptr [ebp-08], 00000000 ***
:00457DB2 7509 jne 00457DBD
:00457DB4 C645F301 mov [ebp-0D], 01
:00457DB8 E9CA000000 jmp 00457E87
½øÈëºó½«À´µ½µÚÒ»±È½ÏµÄµØ·½***£¬ÕâÀïÊÇʲôÄØ£¿ÆäʵÕâÀïÊDZȽÏÄãµÄ×¢²áÂëÊÇ·ñΪ¿Õ
£¬Èç¹û²»Îª¿Õ¾ÍÏòϽøÐÐÁË£¬ËùÒÔÔÚÕâÀï²»Óû¨·ÑÌ«¶àµÄʱ¼äÀ´Ñо¿ËüÁË¡£
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00457DB2(C)
|
:00457DBD 8D85E0FEFFFF lea eax, dword ptr [ebp+FFFFFEE0]
:00457DC3 8B55F8 mov edx, dword ptr [ebp-08]
:00457DC6 B9FF000000 mov ecx, 000000FF
:00457DCB E844C0FAFF call 00403E14
:00457DD0 8D85E0FEFFFF lea eax, dword ptr [ebp+FFFFFEE0]
:00457DD6 8D55E2 lea edx, dword ptr [ebp-1E]
:00457DD9 B908000000 mov ecx, 00000008
:00457DDE E889F4FFFF call 0045726C
:00457DE3 8B45FC mov eax, dword ptr [ebp-04]
:00457DE6 668B4024 mov ax, word ptr [eax+24]
:00457DEA 50 push eax
:00457DEB 8D55EA lea edx, dword ptr [ebp-16]
:00457DEE 8D45E2 lea eax, dword ptr [ebp-1E]
:00457DF1 B908000000 mov ecx, 00000008
:00457DF6 E811F4FFFF call 0045720C
:00457DFB 8D45EA lea eax, dword ptr [ebp-16]
:00457DFE BA06000000 mov edx, 00000006
:00457E03 E848F3FFFF call 00457150
:00457E08 663B45F0 cmp ax, word ptr [ebp-10]
:00457E0C 7406 je 00457E14
:00457E0E C645F302 mov [ebp-0D], 02
:00457E12 EB73 jmp 00457E87 * Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00457E0C(C)
|
:00457E14 8D95DCFEFFFF lea edx, dword ptr [ebp+FFFFFEDC]
:00457E1A 8B45F4 mov eax, dword ptr [ebp-0C]
:00457E1D E8B204FBFF call 004082D4
:00457E22 8B85DCFEFFFF mov eax, dword ptr [ebp+FFFFFEDC]
:00457E28 E8CFC1FAFF call 00403FFC
:00457E2D 50 push eax
:00457E2E 8B45F4 mov eax, dword ptr [ebp-0C]
:00457E31 E802C0FAFF call 00403E38
:00457E36 8BD0 mov edx, eax
:00457E38 58 pop eax
:00457E39 E812F3FFFF call 00457150
:00457E3E 663B45EA cmp ax, word ptr [ebp-16]
:00457E42 7406 je 00457E4A
:00457E44 C645F303 mov [ebp-0D], 03
:00457E48 EB3D jmp 00457E87 * Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00457E42(C)
|
:00457E4A C645F300 mov [ebp-0D], 00
:00457E4E 668B45EC mov ax, word ptr [ebp-14]
:00457E52 8B55FC mov edx, dword ptr [ebp-04]
:00457E55 66894226 mov word ptr [edx+26], ax
:00457E59 668B45EE mov ax, word ptr [ebp-12]
:00457E5D 8B55FC mov edx, dword ptr [ebp-04]
:00457E60 66894238 mov word ptr [edx+38], ax
:00457E64 8B45FC mov eax, dword ptr [ebp-04]
:00457E67 C6403A00 mov [eax+3A], 00
:00457E6B 8B45FC mov eax, dword ptr [ebp-04]
:00457E6E 83C040 add eax, 00000040
:00457E71 8B55F4 mov edx, dword ptr [ebp-0C]
:00457E74 E893BDFAFF call 00403C0C
:00457E79 8B45FC mov eax, dword ptr [ebp-04]
:00457E7C 83C03C add eax, 0000003C
:00457E7F 8B55F8 mov edx, dword ptr [ebp-08]
:00457E82 E885BDFAFF call 00403C0C * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00457DB8(U), :00457E12(U), :00457E48(U)
|
:00457E87 33C0 xor eax, eax
:00457E89 5A pop edx
:00457E8A 59 pop ecx
:00457E8B 59 pop ecx
:00457E8C 648910 mov dword ptr fs:[eax], edx
:00457E8F 68B47E4500 push 00457EB4 * Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00457EB2(U)
|
:00457E94 8D85DCFEFFFF lea eax, dword ptr [ebp+FFFFFEDC]
:00457E9A E819BDFAFF call 00403BB8
:00457E9F 8D45F4 lea eax, dword ptr [ebp-0C]
:00457EA2 BA02000000 mov edx, 00000002
:00457EA7 E830BDFAFF call 00403BDC
:00457EAC C3 ret
ÔÚÕâ¶Î³ÌÐòÖУ¬Äã¿ÉÒԵõ½Á½¸ö±È½ÏµÄµØ·½£¬Èç¹ûÏëʹÓÃÐ޸ķ½·¨À´ÆƽâµÄ»°£¬¾Í½«ÕâÁ½
¸öµØ·½Ð޸ijÉjmp¾Í¿ÉÒÔÁË£¬ÒÔºó¾Í³ÉΪÁË×¢²á°æ±¾ÁË¡£¾ßÌåÐÞ¸ÄÎÒÏëÄãÒ»¶¨»á×öÁË£¬ÎÒ¾Í
²»¶à˵ÁË¡£
ÏÖÔÚÀ´·ÖÎöµÚÒ»±È½ÏµÄµØ·½£¬Õâ¸öÊÇʲôÄØ£¿
:00457DFE BA06000000 mov edx, 00000006
:00457E03 E848F3FFFF call 00457150
:00457E08 663B45F0 cmp ax, word ptr [ebp-10]
:00457E0C 7406 je 00457E14
:00457E0E C645F302 mov [ebp-0D], 02
:00457E12 EB73 jmp 00457E87
ÕâÀïÆäʵÊDZȽÏ×¢²áÂëµÄµØ·½£¬µ«ÊÇÊǽ«ÊäÈëµÄ×¢²áÂë¾¹ýÔËËãºóµÄ±È½Ï¹ý³Ì£¬¶ÔÓÚÆƽâ
ÕâÑùµÄ³ÌÐò£¬Ò»¶¨ÒªÖªµÀËüµÄÔËËã¹ý³Ì£¬Èç¹û²»ÖªµÀµÄ»°¾ÍûÓа취ÆƽâËüÁË¡£
½øÈëcall 00457150£º
:00457150 55 push ebp
:00457151 8BEC mov ebp, esp
:00457153 81C4F0FEFFFF add esp, FFFFFEF0
:00457159 53 push ebx
:0045715A 56 push esi
:0045715B 57 push edi
:0045715C 33C9 xor ecx, ecx
:0045715E 898DF4FEFFFF mov dword ptr [ebp+FFFFFEF4], ecx
:00457164 898DF0FEFFFF mov dword ptr [ebp+FFFFFEF0], ecx **
:0045716A 8955F8 mov dword ptr [ebp-08], edx
:0045716D 8945FC mov dword ptr [ebp-04], eax ***
:00457170 33C0 xor eax, eax
:00457172 55 push ebp
:00457173 68FC714500 push 004571FC
:00457178 64FF30 push dword ptr fs:[eax]
:0045717B 648920 mov dword ptr fs:[eax], esp
:0045717E 8DB5F8FEFFFF lea esi, dword ptr [ebp+FFFFFEF8]
:00457184 46 inc esi
:00457185 33FF xor edi, edi
:00457187 BB01000000 mov ebx, 00000001
:0045718C 3B5DF8 cmp ebx, dword ptr [ebp-08]
:0045718F 7F4D jg 004571DE * Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004571DC(C)
|
:00457191 66C7060000 mov word ptr [esi], 0000
:00457196 8D85F4FEFFFF lea eax, dword ptr [ebp+FFFFFEF4]
:0045719C 50 push eax
:0045719D 8D85F0FEFFFF lea eax, dword ptr [ebp+FFFFFEF0] ****
:004571A3 8B55FC mov edx, dword ptr [ebp-04]
:004571A6 E8C5CBFAFF call 00403D70
:004571AB 8B85F0FEFFFF mov eax, dword ptr [ebp+FFFFFEF0] *****
:004571B1 B902000000 mov ecx, 00000002
:004571B6 8BD3 mov edx, ebx
:004571B8 E883CEFAFF call 00404040
:004571BD 8B95F4FEFFFF mov edx, dword ptr [ebp+FFFFFEF4]
:004571C3 8D85F8FEFFFF lea eax, dword ptr [ebp+FFFFFEF8]
:004571C9 B9FF000000 mov ecx, 000000FF
:004571CE E841CCFAFF call 00403E14
:004571D3 66033E add di, word ptr [esi] ******
:004571D6 83C302 add ebx, 00000002
:004571D9 3B5DF8 cmp ebx, dword ptr [ebp-08]
:004571DC 7EB3 jle 00457191 * Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045718F(C)
|
:004571DE 33C0 xor eax, eax
:004571E0 5A pop edx
:004571E1 59 pop ecx
:004571E2 59 pop ecx
:004571E3 648910 mov dword ptr fs:[eax], edx
:004571E6 6803724500 push 00457203 * Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00457201(U)
|
:004571EB 8D85F0FEFFFF lea eax, dword ptr [ebp+FFFFFEF0]
:004571F1 BA02000000 mov edx, 00000002
:004571F6 E8E1C9FAFF call 00403BDC
:004571FB C3 ret
:004571FC E933C4FAFF jmp 00403634
:00457201 EBE8 jmp 004571EB
:00457203 8BC7 mov eax, edi
:00457205 5F pop edi
:00457206 5E pop esi
:00457207 5B pop ebx
:00457208 8BE5 mov esp, ebp
:0045720A 5D pop ebp
:0045720B C3 ret
ÏÖÔÚÎÒÒѾ½øÈëÕâ¸öcallÖÐÁË£¬ÔÚÕâ¸öÉÏÃæ¾ÍÊdzÌÐò·µ»ØµÄÖµµÄµØ·½£¬ÒòΪÔÚÕâ¸öcallÍâ
ÃæÊÇʹÓÃaxµÄÖµÀ´½øÐбȽϵģ¬ÄÇôÎҾ͹Ø×¢Õâ¸öaxµÄÖµ£¬ÉÏÃæÓн«ediÖµ¸øeaxµÄÓï¾ä£¬Ëù
ÒÔÔÚ³ÌÐòÖоÍҪעÒâÕâ¸öediµÄÖµÁË¡£
ÎÒʹÓÃ*À´±íʾ˵Ã÷µÄµØ·½£¬Ê×ÏÈ¿ÉÒÔ¿´µ½******Õâ¸öµØ·½¿ÉÒÔÐÞ¸ÄediµÄÖµ£¬¾¹ýÎÒ¶¯Ì¬
·ÖÎö£¬¿ÉÒÔÖªµÀÁË£¬ÔÚ*****µÄÖµ¾ö¶¨µÄesiµÄÖµ£¬¶øÔÚ*****µÄÖµÓÖÊÇÓÉ****µÄÖµµÃµ½µÄ£¬
ÎÒÒÔΪÕâ¸ö****µÄÖµÔÚÕâ¸öcallÖмÓÒÔÔËËãµÄ£¬µ«ÊÇ·ÖÎöºó·¢ÏÖÔÀ´²»ÊÇÔÚÕâ¸öcallÖÐÔËËã
µÄ£¬ÎªÊ²Ã´ÄØ£¿ÒòΪ****µÄµØ·½ÉϵÄÖµÊÇÓÉ***µÄÖµµÃµ½µÄ£¬¶øÕâ¸öÖµÊÇÓɳÌÐò½øÈëcallºó
´øÀ´µÄ£¬ËùÒÔËüÒ»¶¨ÊÇÕâ¸öcallÉÏÃæµÄÔËËã½á¹û¡£
µ«ÊÇÏÖÔÚÎÒÃÇ»¹ÊDz»Òª¼±ÓÚÕÒµ½ÉÏÃæµÄcall£¬ÏÈÀ´¿´Ò»¿´ÕâÀïÊÇʲôÑùµÄÔËËã¡£
¾¹ý¶¯Ì¬·ÖÎö¿ÉÒÔÖªµÀ£¬ÆäʵÕâÀïÊǽ«ÔÚ[ebp+FFFFFEF0]µÄÖµ¹²ÓÐ16λֵËÄλËÄλÏà¼ÓµÃ
µ½µÄdiÖµ£¬ÏÖÔÚÒ»¶¨Òª¼ÇסÕâµã¶ÔÒÔºóÔËÐкÜÓаïÖúµÄ¡£
ÏÖÔÚÔÙÀ´·ÖÎöÁíÒ»¸ö±È½ÏµÄµØ·½£¬ÒòΪÕâ¸öµØ·½Èç¹ûºó·ÖÎöµÄ»°£¬½«¶ÔÆƽâÓкܴóµÄ×è°
£¬ÏÖÔÚ¾ÍÀ´¿´Ò»¿´ËüÊÇʲô£¿
:00457E39 E812F3FFFF call 00457150
:00457E3E 663B45EA cmp ax, word ptr [ebp-16]
:00457E42 7406 je 00457E4A
:00457E44 C645F303 mov [ebp-0D], 03
:00457E48 EB3D jmp 00457E87
ÕâÊǵÚÈý¸ö±È½ÏµÄµØ·½£¬ÒòΪËüͬµÚ¶þ±È½ÏµÄµØ·½Ê¹ÓÃͬһ¸öº¯Êý£¬Õâ˵Ã÷ËüµÄÈë¿Ú²ÎÊý
²»Í¬£¬¶¯Ì¬·ÖÎöºó·¢ÏÖ£¬ÔÀ´ÕâÀïÈë¿Ú²ÎÊýÊÇʹÓÃnameµÄÖµÀ´ÎªÈë¿Ú²ÎÊý¡£ËüʹÓÃnameÔËÐÐ
ºóµÃµ½Ò»¸ö½á¹û£¬ÔÙͬǰÃæÌáµ½µÄ[ebp+FFFFFEF0]Ç°ËÄλֵ½øÐбȽϣ¬Èç¹ûÏàµÈ¾Í˵Ã÷µÄÕý
È·µÄ×¢²áÂëÁË¡£ËùÒÔÔÚÕâÀïÓ¦µ±ÊÇÏȵõ½Õâ¸öÖµ£¬Í¨¹ý¶¯Ì¬·ÖÎö£¬¿ÉÒÔÖªµÀÒÔnameΪÈë¿Ú²Î
ÊýµÄÖµÔËËã³öÀ´Îªax=315D£¬ËùÒÔÏÖÔÚÎÒÃǾͿÉÒԵõ½Ç°ËÄλÊýֵΪ315D£¬ÕâÑù¶ÔÂ𣿵½ÏÂ
Ãæ½éÉÜÔÙ˵ÁË¡£
ÏÖÔÚÊÇÈçºÎµÃµ½[ebp+FFFFFEF0]Õâ¸öÖµÁË£¬ÒòΪÕâ¸öÖµ¾ö¶¨ÁË×¢²áÂëµÄÕýÈ·Óë·ñ£¬ÄÇôËü
ÊÇÈçºÎµÃµ½µÄÄØ£¿ÕâÀï¾ÍÒª¿´ÏÂÃ棺
:00457DF6 E811F4FFFF call 0045720C
:00457DFB 8D45EA lea eax, dword ptr [ebp-16]
:00457DFE BA06000000 mov edx, 00000006
:00457E03 E848F3FFFF call 00457150
:00457E08 663B45F0 cmp ax, word ptr [ebp-10]
:00457E0C 7406 je 00457E14
:00457E0E C645F302 mov [ebp-0D], 02
:00457E12 EB73 jmp 00457E87
ÕâÀï¾ÍÊÇÇ°ÃæÌáµ½µÄ±È½ÏµØ·½£¬ÒòΪÎÒÔÚÇ°ÃæÒѾ˵¹ýÕâ¸öÖµÊÇÓÉÍâÃæµÄcall¼ÆËãµÄ½á¹û
£¬Í¨¹ý·ÖÎö£¬¾ÍÊÇcall 0045720C¼ÆËãµÄ½á¹û£¬ÏÖÔھͽøÈëÕâ¸öcallÖУ¬À´¿´Ò»¿´ÎÒΪʲô
Ҫ˵Õâ¸öÊÇÒ»¸öÊ®ÁùλµÄÖµ¡£
:0045720C 55 push ebp
:0045720D 8BEC mov ebp, esp
:0045720F 83C4F8 add esp, FFFFFFF8
:00457212 53 push ebx
:00457213 56 push esi
:00457214 8BF1 mov esi, ecx
:00457216 8955F8 mov dword ptr [ebp-08], edx
:00457219 8945FC mov dword ptr [ebp-04], eax
:0045721C 8B5D08 mov ebx, dword ptr [ebp+08]
:0045721F 8BCE mov ecx, esi
:00457221 8B55FC mov edx, dword ptr [ebp-04]
:00457224 8B45F8 mov eax, dword ptr [ebp-08]
:00457227 E87019FBFF call 00408B9C
:0045722C 4E dec esi
:0045722D 85F6 test esi, esi
:0045722F 7C31 jl 00457262
:00457231 46 inc esi
:00457232 33C0 xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00457260(C)
|
:00457234 8B55FC mov edx, dword ptr [ebp-04]
:00457237 8A1402 mov dl, byte ptr [edx+eax]
:0045723A 0FB7CB movzx ecx, bx
:0045723D C1E908 shr ecx, 08
:00457240 32D1 xor dl, cl
:00457242 8B4DF8 mov ecx, dword ptr [ebp-08]
:00457245 881401 mov byte ptr [ecx+eax], dl
:00457248 8B55FC mov edx, dword ptr [ebp-04]
:0045724B 0FB61402 movzx edx, byte ptr [edx+eax]
:0045724F 6603DA add bx, dx
:00457252 6669D36DCE imul dx, bx, CE6D
:00457257 6681C2BF58 add dx, 58BF
:0045725C 8BDA mov ebx, edx
:0045725E 40 inc eax
:0045725F 4E dec esi
:00457260 75D2 jne 00457234 * Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045722F(C)
|
:00457262 5E pop esi
:00457263 5B pop ebx
:00457264 59 pop ecx
:00457265 59 pop ecx
:00457266 5D pop ebp
:00457267 C20400 ret 0004
ÕâÀï¾ÍÊÇͨ¹ýÊäÈëµÄ×¢²áÂë¼ÆËã[ebp+FFFFFEF0]µÄÖµµØ·½£¬ÄÇôËüÊÇÈçºÎ¼ÆËãµÄÄØ£¿ÎÒÔÚ
Ç°Ãæ˵¹ýÕâ¸öÊÇÒ»¸öÊ®ÁùλµÄ×¢²áÂ룬ÈçºÎµÃµ½µÄÄØ£¿¾ÍÊÇͨ¹ýÕâ¸öesi¼ÆÊýÆ÷À´µÃµ½µÄ£¬
ÒòΪÎÒ½«×¢²áÂëÐÞ¸ÄÁ˼¸¸öλºó·¢ÏÖÕâ¸öesi¾ÍÊǵÈÓÚ8£¬ÎÒÃÇÿ´Î¼ÆËãµÄʱºòÈ¡Á½¸öÖµÀ´¼Æ
Ë㣬ËùÒÔÔÚÕâÀï¾Í¿ÉÒԵõ½×¢²áÂëµÄλÊýΪ16λ¡£
ÕâÀïÏÈÏò´ó¼Ò½âÊÍһϣ¬³ÌÐòµ½ÕâÀïÒѾ½«×¢²áÂë±äΪÕâ¸öÑùÁË¡£
[edx+eax]=01234567890123456 ÕâÀïÊÇָλÖÃÁË¡£
Ò²¾ÍÊÇdl=[edx+eax]
ÄÇôÕâ¸ödl=01¡£
ÏÖÔÚ¿ªÊ¼½éÉÜÔËÐС£
1 È¡dlÖµ£¬
2 µÃµ½ebxµÄ³õʼֵ=006D7DF5
3 ½«ebxÖµ¸øecx
4 ecx×óÒÆ8λ
5 dl=dl XOR cl
6 È¡ÔÀ´µÄebxÖµ¸øecx
7 ±£´ædl½á¹û£¨Õâ¸ö¾ÍÊÇÇ°ÃæÌáµ½[ebp+FFFFFEF0]µÄÖµ£©
8 È¡ÔÀ´µÄ[edx+eax]Öµ
9 bx=bx+dx
10 dx=bx*CE6D
11 dx=dx+58BF
12 bx=dx
13 ²é¿´¼ÆËãÆ÷µ½8ûÓУ¬Èç¹ûûµ½¼Óµ½1£¬Èç¹ûµ½ÁËÏòϽøÐÐ
ÉÏÃæ¾ÍÊÇÕâ¸öÈí¼þµÄÔËËã¹ý³Ì¡£ÕâÑùµÄÔËËãÈç¹ûÄã³£³£ÆƽâµÄ»°£¬Ò»¶¨²»»áÄ°ÉúµÄ¡£ËüÊÇ
ͨ¹ýÇ°Ò»¸öÖµÀ´¼ÆËãºóÒ»¸öÖµµÄ£¬ËùÒÔÕâÑùµÄ¼ÆËãͨ³£¶¼±È½ÏÂé·³£¬µ«ÊÇÕâÀï¿ÉÒÔÓкܼò±ã
µÄ·½·¨À´µÃµ½×¢²áÂëµÄ¡£
ÒòΪҪµÃµ½µÄdlÖµÊÇͨ¹ýͬclÖµXORºóµÃµ½µÄ¡£¶ø¶ÔÓÚÇ°ÃæÄǸö±È½Ï¹ý³ÌÈçÏ£º
:00457E03 E848F3FFFF call 00457150
:00457E08 663B45F0 cmp ax, word ptr [ebp-10]
:00457E0C 7406 je 00457E14
:00457E0E C645F302 mov [ebp-0D], 02
:00457E12 EB73 jmp 00457E87
ÕâÀïµÄaxֵΪ[ebp+FFFFFEF0]Ç°°ËλµÄºÍ£¬¶ø[ebp-10]ÊǺóÃæ°ËλµÄºÍ¡£¶øÔÚÇ°ÃæÓֵõ½
Ç°ËÄλһ¶¨ÒªÎª5D31£¨ÒòΪ³ÌÐòÊǽ«Á½¸öÖµ·´¹ýÀ´Ê¹Óõģ©¡£ËùÒÔÏÖÔھͿÉÒÔÏ뽫[ebp+FFF
FFEF0]Äܹ»Äܹ»µÃµ½ÏÂÃæÕâ¸öÖµ¾Í¿ÉÒÔÂú×ã×¢²áÌõ¼þµÄ¡£
[ebp+FFFFFEF0]=5D 31 00 00 00 00 5D 31
ÏÖÔÚ·ÖÎöһϾͿÉÒÔÖªµÀÕâÑùµÄÖµÒ»¶¨¿ÉÒԵõ½×¢²áµÄ¡£ÏÖÔÚÊÇÈçºÎµÃµ½Õâ¸öÖµÄØ£¿
:00457234 8B55FC mov edx, dword ptr [ebp-04]
:00457237 8A1402 mov dl, byte ptr [edx+eax]
:0045723A 0FB7CB movzx ecx, bx
:0045723D C1E908 shr ecx, 08
:00457240 32D1 xor dl, cl
:00457242 8B4DF8 mov ecx, dword ptr [ebp-08]
:00457245 881401 mov byte ptr [ecx+eax], dl
:00457248 8B55FC mov edx, dword ptr [ebp-04]
:0045724B 0FB61402 movzx edx, byte ptr [edx+eax]
:0045724F 6603DA add bx, dx
:00457252 6669D36DCE imul dx, bx, CE6D
:00457257 6681C2BF58 add dx, 58BF
:0045725C 8BDA mov ebx, edx
:0045725E 40 inc eax
:0045725F 4E dec esi
:00457260 75D2 jne 00457234 ÏÖÔÚʹÓö¯Ì¬·ÖÎöµÄ·½·¨×îºÃµÄ£¬ÒòΪÎÒ¾ÍÊÇʹÓö¯Ì¬·ÖÎöµÄ·½·¨µÃµ½×¢²áÂëµÄ¡£ÒòΪ³Ì
ÐòÊÇʹÓÃǰһλÀ´¼ÆËãºóһλµÄ·½·¨£¬ËùÒÔÖ»ÄÜÒ»¸öÒ»¸öµÃµ½×¢²áÂëµÄ¡£
±ÈÈçµÚÒ»¸öÇ°Á½Î»Îª£º
ebx×óÒÆ8λºóµÃµ½ÖµÎª7D£¬ÒòΪҪÇó½á¹ûΪ5D£¬ËùÒÔÓÐÏÂÃæµÄµÈʽ
5D=7D XOR ??
ÄÇôͨ¹ý·´²éÒì»ò±í¿ÉÒԵõ½??ֵΪ20¡£ÏÖÔÚ¾ÍÌø»ØwindowsÖУ¬½«Ç°Á½¸öÖµÉèΪ20ºó£¬
ÔÙÔËÐгÌÐò£¬¿ÉÒÔ¿´µ½µÚÒ»´Î¼ÆËãµÄ½á¹û±äΪÁË5D£¬ÏÖÔÚ¼ÇסµÚ¶þ´ÎÔËÐе½ÏÂÃæµÄdlÖµ
:00457240 32D1 xor dl, cl
ÒòΪÎÒÃÇҪͨ¹ýÕâ¸öÖµÀ´¼ÆËã×¢²áÂëµÄ¡£Õâ¸öֵΪED£¬ÓÖÓÐÏÂÃæµÈʽ£º
31=ED XOR ??
¿ÉÒԵõ½??ΪDC£¬Õâ¸ö×¢²áÂëµÄÇ°ËÄλ¾ÍÖªµÀÁËΪ20DC£¬¾ÍÕâÑù×îºó¿ÉÒÔÍêÈ«µÃµ½16λµÄ
×¢²áÂë¡£
ÕâÀïÆƽâÒ²¾Í½áÊøÁË¡£
Ï£Íû´ó¼ÒÄܹ»Ã÷°×ÆäÔÀí°É¡£
**************************
* name:dahuilang *
* RN:20DC929D427898C8 *
**************************
|
¡¶·ÉÌì²ÍÒûÓéÀÖ¹ÜÀíϵͳ¡·µÄ±©Á¦Æƽⷨ£º
chn-boy
1£©ÔÚ004A2A48´¦
¸Ä£º0F 85 8A 00 00 00 C7 05 74 2C 52 00 01 00 00 00
^^ ^^ ^^ ^^ ^^ ^^
Ϊ£º90 90 90 90 90 90
2£©ÔÚ004A1B29´¦
¸Ä£º74 04 33 C0 EB 0A 42 40 49 75 F1
^^
Ϊ£ºEB
È»ºó£¬Ëæ±ãÓÃÄãµÄÐÕÃûºÍ×ã¹»³¤µÄCode×¢²á£¬×¢²áÍêÒÔºó¹Ø±Õ³ÌÐò£¬ÖØÐÂÔËÐÐÄã¾Í¿ÉÒÔ
¿´µ½½á¹ûÁË¡£
¡¾Ëã·¨´úÂë·ÖÎö¡¿
´ËÈí¼þµÄ×¢²áÂëËã·¨ºÜ¸´ÔÓ£¨ÕæµÄ²»ÖªµÀÓÐûÓÐŪ¶®µÄ±ØÒª£¬ºÇºÇ£©¡£
¼ÙÉèÐÕÃûΪName ¼ò³Æ N ×Ö·û´®£»×¢²áÂëΪCode ¼ò³Æ C ×Ö·û´®£»ÁíÍâ´ËËã·¨»¹¸ù¾ÝC
µÃµ½ÁËÒ»¸ö KEY ¼ò³Æ K ×Ö·û´®¡£
ÁîC' = Fc(C) ¡ª¡ª ÆäÖÐ Fc()Ϊº¯ÊýÆäÒâÒåΪ£º½«×Ö·û´® C È¥µô '-'ºóÁ½Á½ºÏ²¢£¬Àý
È磺1234-56789012-3456 ºÏ
²¢³É 12 34 56 78 90 12 34 56£¨16½øÖÆ£©¹²°Ë¸ö×Ö½Ú¡£ÓÖÈ磺1a2b-3c4d5e6f-7g8h ºÏ²¢
³É£º1a 2b 3c 4d 5e 6f 7g 8h ¡£
Õâ¸öº¯ÊýÊÇ004A1AE3´¦µÄcall 004A187C ¡£
:004A1AD0 55 push ebp
:004A1AD1 8BEC mov ebp, esp
:004A1AD3 83C4F0 add esp, FFFFFFF0
:004A1AD6 53 push ebx
:004A1AD7 56 push esi
:004A1AD8 57 push edi
:004A1AD9 8BD9 mov ebx, ecx
:004A1ADB 8BF8 mov edi, eax
:004A1ADD 8B7508 mov esi, dword ptr [ebp+08]
:004A1AE0 8D45F0 lea eax, dword ptr [ebp-10]
:004A1AE3 E894FDFFFF call 004A187C <-- Fc()º¯Êý£¬ÔÚÕâÀïÏÂÖжϣ¬ÓÃdo "d eax; p;"¿ÉÒÔ¿´µ½C'×Ö·û´®
:004A1AE8 85C0 test eax, eax
:004A1AEA 7504 jne 004A1AF0
:004A1AEC 33C0 xor eax, eax
:004A1AEE EB49 jmp 004A1B39
ÁîK = Fk(C') = Fk(Fc(C)) ¡ª¡ª ÆäÖÐFk()µÄ¶¨ÒåÈçÏÂÃæ´úÂë¶Î£º
:004A1AF0 8BC6 mov eax, esi
:004A1AF2 8D55F0 lea edx, dword ptr [ebp-10]
:004A1AF5 E806FDFFFF call 004A1800 <-- Õâ¸öCallÊǸù¾ÝC'µÃµ½Ò»¸öKey£¬¼ò³ÆK×Ö·û´®
<-- ¾ßÌåµÄ¶¨ÒåΪ£º½«Fc(C)ºóÃæµÄ4¸ö×Ö½ÚµÄÖµ·Ö±ð*4+xxxx£¨xxxx±íʾ0x0004, 0x0404, 0x0804, 0x0C04£©£¬½«µÃµ½µÄÖµ
´ÓÒ»¸ö³¤¶ÈΪ1000HµÄ±íÖвéÕÒ³öÖµ½øÐмӺÍxorÔËË㣬µÃµ½µÄÖµ×÷ΪÈë¿Ú²ÎÊýÔÙ½øÐÐÔËË㣬¹²Ñ»·0x10´Î¡£´úÂëÈ磺
:004A14A6 C645F7F0 mov [ebp-09], F0
:004A14AA 8D75F0 lea esi, dword ptr [ebp-10]
:004A14AD 331E xor ebx, dword ptr [esi]
:004A14AF 8D95ACEFFFFF lea edx, dword ptr [ebp+FFFFEFAC]
:004A14B5 8BC3 mov eax, ebx
:004A14B7 E8D4FEFFFF call 004A1390 <-- ÔËËãÔÚÕâ¸öCallÖÐÔËÐÐ
:004A14BC 33F8 xor edi, eax
:004A14BE 8BC3 mov eax, ebx
:004A14C0 8BDF mov ebx, edi
:004A14C2 8BF8 mov edi, eax
:004A14C4 83EE04 sub esi, 00000004
:004A14C7 FE45F7 inc [ebp-09]
:004A14CA 75E1 jne 004A14AD
<-- Call 004A1390µÄ´úÂëΪ£º
:004A1390 56 push esi
:004A1391 57 push edi
:004A1392 81C404F0FFFF add esp, FFFFF004
:004A1398 50 push eax
:004A1399 83C4FC add esp, FFFFFFFC
:004A139C 8BF2 mov esi, edx
:004A139E 8D7C2404 lea edi, dword ptr [esp+04]
:004A13A2 B900040000 mov ecx, 00000400
:004A13A7 F3 repz
:004A13A8 A5 movsd
:004A13A9 890424 mov dword ptr [esp], eax
:004A13AC 8BC4 mov eax, esp
:004A13AE 33D2 xor edx, edx
:004A13B0 8A5003 mov dl, byte ptr [eax+03]
:004A13B3 8B549404 mov edx, dword ptr [esp+4*edx+04]
:004A13B7 33C9 xor ecx, ecx
:004A13B9 8A4802 mov cl, byte ptr [eax+02]
:004A13BC 03948C04040000 add edx, dword ptr [esp+4*ecx+00000404]
:004A13C3 33C9 xor ecx, ecx
:004A13C5 8A4801 mov cl, byte ptr [eax+01]
:004A13C8 33948C04080000 xor edx, dword ptr [esp+4*ecx+00000804]
:004A13CF 0FB600 movzx eax, byte ptr [eax]
:004A13D2 039484040C0000 add edx, dword ptr [esp+4*eax+00000C04]
:004A13D9 8BC2 mov eax, edx
:004A13DB 81C404100000 add esp, 00001004
:004A13E1 5F pop edi
:004A13E2 5E pop esi
:004A13E3 C3 ret
:004A1AFA 8903 mov dword ptr [ebx], eax
:004A1AFC 8B06 mov eax, dword ptr [esi]
ÏÂÃæµÄÒ»¸öCallÊǼÆËãÁíÒ»¸ö×Ö·û´®µÄ£¬¼Ù¶¨ÎªC''£¬¹²·ÖÈý²½×ߣºµÚÒ»²½£º¼ÆËã³öN'=
Fn(N)£»µÚ¶þ²½£ºÈ»ºó½«N'µÄÇ°3¸ö×Ö·û
ÓÃK×Ö·û´®µÄÇ°Èý¸ö×Ö·û´úÌ棬¼Ù¶¨ÎªN''=F3(K, N')=F3(Fk(C'), N')=F3(Fk(Fc(C)), Fn(N
))£»µÚÈý²½£º½«µÃµ½µÄN''×Ö·û´®°´ÕÕ
Fk()ÀàËƵķ½·¨Í¨¹ýÒ»¶¨Á¿µÄAddºÍxorÔËËãºó(Ò²Êǵ÷ÓÃÁËCall 004A1390£¬Ö»ÊDz»Í¬µÄÊäÈë
²ÎÊý£¬ÄÄÅÂÊÇ1bitµÄ²»Í¬Ò²»áµÃµ½Ò»¸ö
ÍêÈ«²»Í¬µÄÐÂ×Ö·û´®£¬Í´¿à)£¬µÃµ½C''£¬¿ÉÒÔÁîC''=F(N'')£¬ÄÇôÈç¹ûC'==C''£¬ÄÇô£¬Ò»
ÇоÍÊÇOK¡£ºÙºÙ
:004A1AFE 50 push eax
:004A1AFF 8B0B mov ecx, dword ptr [ebx]
:004A1B01 8D45F8 lea eax, dword ptr [ebp-08]
:004A1B04 8BD7 mov edx, edi
:004A1B06 E845FBFFFF call 004A1650 <-- Õâ¸öCallÊǸù¾ÝNºÍK×Ö·û´®µÃµ½
Ò»¸öеÄ×Ö·û´®C''=F0(N, K)
:004A1B0B 85C0 test eax, eax
:004A1B0D 7504 jne 004A1B13
:004A1B0F 33C0 xor eax, eax
:004A1B11 EB26 jmp 004A1B39
:004A1B13 8B0DC0F15100 mov ecx, dword ptr [0051F1C0]
:004A1B19 49 dec ecx
:004A1B1A 85C9 test ecx, ecx
:004A1B1C 7C16 jl 004A1B34
:004A1B1E 41 inc ecx
:004A1B1F 8D45F8 lea eax, dword ptr [ebp-08]
:004A1B22 8D55F0 lea edx, dword ptr [ebp-10]
:004A1B25 8A18 mov bl, byte ptr [eax] |
:004A1B27 3A1A cmp bl, byte ptr [edx] |
:004A1B29 EB04 jmp 004A1B2F |²»Óÿ´¾ÍÖªµÀÊÇÔڱȽÏÁ½¸öÔËËãºÃµÄ
:004A1B2B 33C0 xor eax, eax |еÄ×Ö·û´®£¬Æäʵ¾ÍÊÇÎÒÉÏÃæÌáµ½µÄ
:004A1B2D EB0A jmp 004A1B39 |ÄǸöC' ºÍ C''¡£ÏàµÈ¾ÍÊÇÁË
:004A1B2F 42 inc edx |
:004A1B30 40 inc eax |
:004A1B31 49 dec ecx |
:004A1B32 75F1 jne 004A1B25 |
:004A1B34 B801000000 mov eax, 00000001 <--¹Ø¼ü¾ÍÊÇÒªµÃµ½Õâ¸öEax=1£»
:004A1B39 5F pop edi
:004A1B3A 5E pop esi
:004A1B3B 5B pop ebx
:004A1B3C 8BE5 mov esp, ebp
:004A1B3E 5D pop ebp
:004A1B3F C20400 ret 0004
×îÖÕÄã»áµÃµ½Ò»¸ö±í´ïʽ C'==C'' ¼´ Fc(C)=F(N'')=F(F3(K, N'))=F(F3(Fk(Fc(C)), Fn(N
)))£¬ÄÇôËÄܸæËßÎÒÈçºÎ¸ù¾ÝÕâ¸ö±í´ïʽ
ÓÃNÇó³öCÀ´£¿
|