[原创]体验IDA Hex-Rays F5的强大

Eddy 发布于2010-7-29 19:7:59 分类: 技术心得 已浏览loading 网友评论0条 我要评论

论坛里下载的一个小玩意儿,OD跟踪调试得到算法核心call,IDA中F5得到核心call的代码如下:

int __stdcall text_402D30(int a1, int a2)
{
  signed int v2; // ebx@1
  int v3; // ebp@1
  int v4; // esi@1
  int v5; // eax@3
  int v6; // edi@3
  int v7; // esi@3
  int v8; // edx@5
  int v9; // eax@11
  int v10; // eax@13
  int v11; // edx@15
  int v13; // esi@1
  __int16 v14; // ax@1
  int Str; // [sp+14h] [bp-4h]@1
  signed int v17; // [sp+10h] [bp-8h]@1

  v3 = a1;
  v2 = 0;
  v13 = *(_BYTE *)(a1 + 9);
  v14 = *(_WORD *)(a1 + 10);
  Str = 0;
  v4 = v13 & 0x80000003;
  v17 = 0;
  LOWORD(Str) = v14;
  if ( v4 < 0 )
    v4 = ((v4 - 1) | 0xFFFFFFFC) + 1;
  v7 = v4 + 1;
  v5 = atoi((const char *)&Str);
  v6 = v5 - 1;
  a1 = v5;
  if ( v5 - 1 < 12 )
  {
    do
    {
      if ( v2 >= 7 )
      {
        v17 += *(_BYTE *)(v6 + v3);
      }
      else
      {
        v8 = abs(*(_BYTE *)(v6 + v3) << v7) % 15;
        if ( v8 <= 9 )
          *(_BYTE *)(v2 + a2) = (_BYTE)v8 + 48;
        else
          *(_BYTE *)(v2 + a2) = (_BYTE)v8 + 65;
      }
      ++v2;
      ++v6;
    }
    while ( v6 < 12 );
    v5 = a1;
  }
  v9 = v5 - 2;
  if ( v9 >= 0 )
  {
    a1 = v9 + 1;
    do
    {
      v10 = *(_BYTE *)(v6 + v3);
      if ( v2 <= 7 )
      {
        v11 = abs(v10 << v7) % 19;
        if ( v11 <= 9 )
          *(_BYTE *)(v2 + a2) = (_BYTE)v11 + 48;
        else
          *(_BYTE *)(v2 + a2) = (_BYTE)v11 + 65;
      }
      else
      {
        v17 += v10;
      }
      ++v2;
    }
    while ( a1-- != 1 );
  }
  *(_BYTE *)(a2 + 7) = v17 % 13 + 65;
  return 0;
}

VC编写核心算法,dll源代码如下:

#include "reglc.h"
#include <stdlib.h>
#include <windows.h>

BOOL APIENTRY DllMain( HANDLE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
      )
{
    return TRUE;
}

int __stdcall getregcode(int a1, int a2)
{
 signed int v2; // ebx@1
 int v3; // ebp@1
 int v4; // esi@1
 int v5; // eax@3
 int v6; // edi@3
 int v7; // esi@3
 int v8; // edx@5
 int v9; // eax@11
 int v10; // eax@13
 int v11; // edx@15
 int v13; // esi@1
 __int16 v14; // ax@1
 int Str; // [sp+14h] [bp-4h]@1
 signed int v17; // [sp+10h] [bp-8h]@1
 
 v3 = a1;
 v2 = 0;
 v13 = *(BYTE *)(a1 + 9);
 v14 = *(WORD *)(a1 + 10);
 Str = 0;
 v4 = v13 & 0x80000003;
 v17 = 0;
 Str = v14;
 if ( v4 < 0 )
  v4 = ((v4 - 1) | 0xFFFFFFFC) + 1;
 v7 = v4 + 1;
 v5 = atoi((const char *)&Str);
 v6 = v5 - 1;
 a1 = v5;
 if ( v5 - 1 < 12 )
 {
  do
  {
   if ( v2 >= 7 )
   {
    v17 += *(BYTE *)(v6 + v3);
   }
   else
   {
    v8 = abs(*(BYTE *)(v6 + v3) << v7) % 15;
    if ( v8 <= 9 )
     *(BYTE *)(v2 + a2) = (BYTE)v8 + 48;
    else
     *(BYTE *)(v2 + a2) = (BYTE)v8 + 65;
   }
   ++v2;
   ++v6;
  }
  while ( v6 < 12 );
  v5 = a1;
 }
 v9 = v5 - 2;
 if ( v9 >= 0 )
 {
  a1 = v9 + 1;
  do
  {
   v10 = *(BYTE *)(v6 + v3);
   if ( v2 <= 7 )
   {
    v11 = abs(v10 << v7) % 19;
    if ( v11 <= 9 )
     *(BYTE *)(v2 + a2) = (BYTE)v11 + 48;
    else
     *(BYTE *)(v2 + a2) = (BYTE)v11 + 65;
   }
   else
   {
    v17 += v10;
   }
   ++v2;
  }
  while ( a1-- != 1 );
 }
 *(BYTE *)(a2 + 7) = v17 % 13 + 65;
 return 0;
}

在def文件中声明导出函数

EXPORTS getregcode

编译得到reg.dll文件。

VB编写注册机,代码如下:

Option Explicit
Private Declare Function getregcode Lib "reg.dll" (ByVal mcode As String, _
                    ByVal rcode As String) As Long
Private Sub Command1_Click()
Dim mcode As String, regcode As String
regcode = Space(255)
mcode = Trim(Text1)
getregcode mcode, regcode
Text2 = regcode
End Sub

OK,收工!

已经有(0)位网友发表了评论,你也评一评吧!
原创文章如转载,请注明:转载自Eddy Blog
原文地址:http://www.rrgod.com/technique/468.html     欢迎订阅Eddy Blog

关于 IDA  Hex-Rays  F5  算法分析  的相关文章

到目前为止,已经有0位网友留下了痕迹。
记住我的信息,下次不用再输入 欢迎给Eddy Blog留言