===========================================================
0043D193 . 66:8B45 DC MOV AX,WORD PTR SS:[EBP-24] ; 返回-1
0043D197 . 5F POP EDI
0043D198 . 5E POP ESI
0043D199 . 64:890D 000000>MOV DWORD PTR FS:[0],ECX
0043D1A0 . 5B POP EBX
0043D1A1 . 8BE5 MOV ESP,EBP
0043D1A3 . 5D POP EBP
0043D1A4 . C2 0800 RETN 8
到这里,算法分析就算完了,奇怪的是注册码有25位,这里虽然算法复杂,却只验证了4位(4,13,14,25),令人疑惑。我的试炼码是1111122222333334444455555, 根据这里的分析,改成1117122222338934444455551,居然也毫无问题地通过了。如果回到上层函数仔细观察,就会发现另外有一个函数进行了另一次像样的多的验证,但结果却没有用到。其代码如下:
0043A10B . 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ;名字(原来形式)
0043A10E . 8985 74FFFFFF MOV DWORD PTR SS:[EBP-8C],EAX
0043A114 . C785 6CFFFFFF >MOV DWORD PTR SS:[EBP-94],4008
0043A11E . 8D8D 6CFFFFFF LEA ECX,DWORD PTR SS:[EBP-94]
0043A124 . 51 PUSH ECX
0043A125 . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64]
0043A128 . 52 PUSH EDX
0043A129 . FF15 E8104000 CALL tcTrimVar ;去除空格
0043A12F . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
0043A132 . 50 PUSH EAX
0043A133 . 8D4D 8C LEA ECX,DWORD PTR SS:[EBP-74]
0043A136 . 51 PUSH ECX
0043A137 . FF15 84104000 CALL MSVBVM60.__vbaLenVar ;取得名字长度
0043A13D . 50 PUSH EAX
0043A13E . FF15 10124000 CALL MSVBVM60.__vbaI2Var ;转成整型 integer
0043A144 . 66:8985 38FFFF>MOV WORD PTR SS:[EBP-C8],AX
0043A14B . 66:C785 3CFFFF>MOV WORD PTR SS:[EBP-C4],1 ;所引增量为1
0043A154 . 66:C745 DC 010>MOV WORD PTR SS:[EBP-24],1 ;索引从1开始
0043A15A . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64]
0043A15D . FF15 2C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVar>]
0043A163 . EB 15 JMP SHORT CollegeB.0043A17A
0043A165 > 66:8B55 DC MOV DX,WORD PTR SS:[EBP-24] ;取索引
0043A169 . 66:0395 3CFFFF>ADD DX,WORD PTR SS:[EBP-C4] ;增1至下一个字符
0043A170 . 0F80 E7070000 JO CollegeB.0043A95D
0043A176 . 66:8955 DC MOV WORD PTR SS:[EBP-24],DX
0043A17A > 66:8B45 DC MOV AX,WORD PTR SS:[EBP-24] ;字符索引
0043A17E . 66:3B85 38FFFF>CMP AX,WORD PTR SS:[EBP-C8] ; 名字长度
0043A185 . 0F8F 0A020000 JG CollegeB.0043A395
0043A18B . C745 FC 040000>MOV DWORD PTR SS:[EBP-4],4
0043A192 . C745 A4 010000>MOV DWORD PTR SS:[EBP-5C],1
0043A199 . C745 9C 020000>MOV DWORD PTR SS:[EBP-64],2
0043A1A0 . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64]
0043A1A3 . 51 PUSH ECX ; variant类型,整数1
0043A1A4 . 0FBF55 DC MOVSX EDX,WORD PTR SS:[EBP-24]
0043A1A8 . 52 PUSH EDX
0043A1A9 . 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0043A1AC . 8B08 MOV ECX,DWORD PTR DS:[EAX]
0043A1AE . 51 PUSH ECX
0043A1AF . FF15 00114000 CALL rtcMidCharBStr ;取注册名字的一个字符
0043A1B5 . 8BD0 MOV EDX,EAX
0043A1B7 . 8D4D B4 LEA ECX,DWORD PTR SS:[EBP-4C]
0043A1BA . FF15 C8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0043A1C0 . 50 PUSH EAX
0043A1C1 . FF15 58104000 CALL MSVBVM60.rtcAnsivalueBstr ; 该字符的ascii
0043A1C7 . 66:8985 48FFFF>MOV WORD PTR SS:[EBP-B8],AX ; 存入[ebp-B8]
0043A1CE . C745 94 010000>MOV DWORD PTR SS:[EBP-6C],1
0043A1D5 . C745 8C 020000>MOV DWORD PTR SS:[EBP-74],2
0043A1DC . 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
0043A1DF . 52 PUSH EDX
0043A1E0 . 0FBF45 DC MOVSX EAX,WORD PTR SS:[EBP-24]
0043A1E4 . 50 PUSH EAX
0043A1E5 . 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0043A1E8 . 8B11 MOV EDX,DWORD PTR DS:[ECX]
0043A1EA . 52 PUSH EDX
0043A1EB . FF15 00114000 CALL rtcMidCharBStr ;取同一个字符
0043A1F1 . 8BD0 MOV EDX,EAX
0043A1F3 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0043A1F6 . FF15 C8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0043A1FC . 50 PUSH EAX
0043A1FD . FF15 58104000 CALL MSVBVM60.rtcAnsivalueBstr ; 该字符的ascii
0043A203 . 66:8985 44FFFF>MOV WORD PTR SS:[EBP-BC],AX ;存入此处
0043A20A . C745 84 010000>MOV DWORD PTR SS:[EBP-7C],1
0043A211 . C785 7CFFFFFF >MOV DWORD PTR SS:[EBP-84],2
0043A21B . 8D85 7CFFFFFF LEA EAX,DWORD PTR SS:[EBP-84]
0043A221 . 50 PUSH EAX
0043A222 . 0FBF4D DC MOVSX ECX,WORD PTR SS:[EBP-24]
0043A226 . 51 PUSH ECX
0043A227 . 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0043A22A . 8B02 MOV EAX,DWORD PTR DS:[EDX]
0043A22C . 50 PUSH EAX
0043A22D . FF15 00114000 CALL rtcMidCharBStr ;又来一遍(真笨)
0043A233 . 8BD0 MOV EDX,EAX
0043A235 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
0043A238 . FF15 C8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0043A23E . 50 PUSH EAX
0043A23F . FF15 58104000 CALL MSVBVM60.rtcAnsivalueBstr ; 该字符的ascii
0043A245 . 66:8985 40FFFF>MOV WORD PTR SS:[EBP-C0],AX ;存入此处
0043A24C . 66:8B8D 48FFFF>MOV CX,WORD PTR SS:[EBP-B8] ;第一遍取出的结果
0043A253 . 66:0FAF8D 44FF>IMUL CX,WORD PTR SS:[EBP-BC] ;乘以第二编的结果
0043A25B . 0F80 FC060000 JO CollegeB.0043A95D
0043A261 . 0FBFD1 MOVSX EDX,CX
0043A264 . 8995 08FFFFFF MOV DWORD PTR SS:[EBP-F8],EDX ;结果存在这里
0043A26A . DB85 08FFFFFF FILD DWORD PTR SS:[EBP-F8] ;作为整数载入
0043A270 . DD9D 00FFFFFF FSTP QWORD PTR SS:[EBP-100] ;存成浮点
0043A276 . DD45 D4 FLD QWORD PTR SS:[EBP-2C] ;加到总和中
0043A279 . DC85 00FFFFFF FADD QWORD PTR SS:[EBP-100]
0043A27F . DFE0 FSTSW AX
0043A281 . A8 0D TEST AL,0D
0043A283 . 0F85 CF060000 JNZ CollegeB.0043A958
0043A289 . DD9D F8FEFFFF FSTP QWORD PTR SS:[EBP-108] ;结果暂时存在此处
0043A28F . 68 00000040 PUSH 40000000
0043A294 . 6A 00 PUSH 0 ; 在堆栈上构成浮点数2.0
0043A296 . 0FBF85 40FFFFF>MOVSX EAX,WORD PTR SS:[EBP-C0] ;第三遍的结果
0043A29D . 8985 F4FEFFFF MOV DWORD PTR SS:[EBP-10C],EAX
0043A2A3 . DB85 F4FEFFFF FILD DWORD PTR SS:[EBP-10C] ;
0043A2A9 . DD9D ECFEFFFF FSTP QWORD PTR SS:[EBP-114] ;
0043A2AF . 8B8D F0FEFFFF MOV ECX,DWORD PTR SS:[EBP-110]
0043A2B5 . 51 PUSH ECX
0043A2B6 . 8B95 ECFEFFFF MOV EDX,DWORD PTR SS:[EBP-114]
0043A2BC . 52 PUSH EDX
0043A2BD . FF15 68124000 CALL MSVBVM60.__vbaPowerR8 ; 求平方
0043A2C3 . DC85 F8FEFFFF FADD QWORD PTR SS:[EBP-108] ;加到上面的结果中
0043A2C9 . DD5D D4 FSTP QWORD PTR SS:[EBP-2C] ; 总数存回[ebp-2c]
以上代码实际上计算x*x+x**2 = 2 * x**2
==============================================
0043A307 . C745 FC 050000>MOV DWORD PTR SS:[EBP-4],5
0043A30E . DD45 D4 FLD QWORD PTR SS:[EBP-2C] ;结果装入
0043A311 . FF15 A8124000 CALL MSVBVM60.__vbaFpI4 ;转成长整型
0043A317 . 8BF0 MOV ESI,EAX
0043A319 . 81E6 01000080 AND ESI,80000001 ;检查最高位和最低位
0043A31F . 79 05 JNS SHORT CollegeB.0043A326
0043A321 . 4E DEC ESI
0043A322 . 83CE FE OR ESI,FFFFFFFE
0043A325 . 46 INC ESI
0043A326 > F7DE NEG ESI
0043A328 . 1BF6 SBB ESI,ESI
0043A32A . F7DE NEG ESI ;最后反映的只是最低位,即奇偶位
0043A32C . DD45 D4 FLD QWORD PTR SS:[EBP-2C] ;再次装入运算结果
0043A32F . FF15 A8124000 CALL MSVBVM60.__vbaFpI4 ;再次转型(VB真笨得可以)
0043A335 . 99 CDQ ;符号扩展
0043A336 . B9 03000000 MOV ECX,3
0043A33B . F7F9 IDIV ECX ;除以3
0043A33D . F7DA NEG EDX ;余数变号
0043A33F . 1BD2 SBB EDX,EDX ;借位减
0043A341 . F7DA NEG EDX ;变号
0043A343 . 23F2 AND ESI,EDX ;和上面的结果按位与
0043A345 . 85F6 TEST ESI,ESI ;这里的条件是“奇数且不被3整除”
0043A347 . 75 40 JNZ SHORT CollegeB.0043A389 ;条件满足则继续
0043A349 . C745 FC 060000>MOV DWORD PTR SS:[EBP-4],6 ;这里不知道是什么标志
0043A350 . 66:8B55 DC MOV DX,WORD PTR SS:[EBP-24] ;条件不满足则取字符索引
0043A354 . 66:6BD2 03 IMUL DX,DX,3 ;乘以3
0043A358 . 0F80 FF050000 JO CollegeB.0043A95D
0043A35E . 0FBFC2 MOVSX EAX,DX ;并加到结果中
0043A361 . 8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX
0043A367 . DB85 E8FEFFFF FILD DWORD PTR SS:[EBP-118]
0043A36D . DD9D E0FEFFFF FSTP QWORD PTR SS:[EBP-120]
0043A373 . DD45 D4 FLD QWORD PTR SS:[EBP-2C]
0043A376 . DC85 E0FEFFFF FADD QWORD PTR SS:[EBP-120]
0043A37C . DD5D D4 FSTP QWORD PTR SS:[EBP-2C] ; ebp-2c again
0043A37F . DFE0 FSTSW AX
0043A381 . A8 0D TEST AL,0D
0043A383 . 0F85 CF050000 JNZ CollegeB.0043A958
0043A389 > C745 FC 080000>MOV DWORD PTR SS:[EBP-4],8
0043A390 .^E9 D0FDFFFF JMP CollegeB.0043A165 ;下一轮
以上代码从名字的第一个字符开始计算每一个字符的 2*x**2,并将结果相加。每一步的结果如果不满足条件
“奇数且不被3整除”就再加上当前索引值的3倍。直到每一个字符都处理完。结果存在[ebp-2c]处。
下面的代码又进行了一轮完全同样的计算,结果也完全相同,存在[ebp-44]处。令人费解的重复劳动。省略。接下去:
0043A626 > C745 FC 0F0000>MOV DWORD PTR SS:[EBP-4],0F
0043A62D . 8B4D C0 MOV ECX,DWORD PTR SS:[EBP-40]
0043A630 . 51 PUSH ECX
0043A631 . 8B55 BC MOV EDX,DWORD PTR SS:[EBP-44] ;取的(第二次计算)计算结果
0043A634 . 52 PUSH EDX
0043A635 . FF15 80114000 CALL [<&MSVBVM60.__vbaStrR8>] ;R8转成string
0043A63B . 8BD0 MOV EDX,EAX
0043A63D . 8D4D B4 LEA ECX,DWORD PTR SS:[EBP-4C]
0043A640 . FF15 C8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0043A646 . 50 PUSH EAX
0043A647 . FF15 D0114000 CALL rtcStrReverse ;字符串逆序
0043A64D . 8BD0 MOV EDX,EAX
0043A64F . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0043A652 . FF15 C8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]
0043A658 . 50 PUSH EAX
0043A659 . FF15 3C124000 CALL [<&MSVBVM60.__vbaR8Str>] ;转回R8
0043A65F . DC05 381B4000 FADD QWORD PTR DS:[401B38] ;加上此处的内定值 38473.0
0043A665 . DD5D BC FSTP QWORD PTR SS:[EBP-44] ;存回结果
.......................................
0043A685 . C745 FC 100000>MOV DWORD PTR SS:[EBP-4],10
0043A68C . 8B55 C0 MOV EDX,DWORD PTR SS:[EBP-40]
0043A68F . 52 PUSH EDX
0043A690 . 8B45 BC MOV EAX,DWORD PTR SS:[EBP-44]
0043A693 . 50 PUSH EAX
0043A694 . FF15 80114000 CALL [<&MSVBVM60.__vbaStrR8>] ;又转成字符串
0043A69A . 8BD0 MOV EDX,EAX
0043A69C . 8D4D B4 LEA ECX,DWORD PTR SS:[EBP-4C]
0043A69F . FF15 C8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]
0043A6A5 . 50 PUSH EAX
0043A6A6 . FF15 D0114000 CALL MSVBVM60.rtcStrReverse ;逆序
0043A6AC . 8BD0 MOV EDX,EAX
0043A6AE . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0043A6B1 . FF15 C8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]
0043A6B7 . 50 PUSH EAX
0043A6B8 . FF15 3C124000 CALL [<&MSVBVM60.__vbaR8Str>] ;又回到R8
0043A6BE . DCC0 FADD ST(0),ST(0) ;加倍
0043A6C0 . DD5D BC FSTP QWORD PTR SS:[EBP-44] ;存回
............................................
0043A6E0 . C745 FC 110000>MOV DWORD PTR SS:[EBP-4],11
0043A6E7 . 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ;取第一次计算结果
0043A6EA . 50 PUSH EAX
0043A6EB . 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0043A6EE . 51 PUSH ECX
0043A6EF . FF15 80114000 CALL MSVBVM60.__vbaStrR8 ;转成String
0043A6F5 . 8BD0 MOV EDX,EAX
0043A6F7 . 8D4D B4 LEA ECX,DWORD PTR SS:[EBP-4C]
0043A6FA . FF15 C8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]
0043A700 . 50 PUSH EAX
0043A701 . FF15 D0114000 CALL MSVBVM60.rtcStrReverse ;逆序
0043A707 . 8BD0 MOV EDX,EAX
0043A709 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0043A70C . FF15 C8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]
0043A712 . 50 PUSH EAX
0043A713 . FF15 3C124000 CALL MSVBVM60.__vbaR8Str ;转回R8
0043A719 . DD5D D4 FSTP QWORD PTR SS:[EBP-2C] ;存回
....................................................
0043A736 . 68 00000040 PUSH 40000000
0043A73B . 6A 00 PUSH 0 ; 浮点数 2.0
0043A73D . 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
0043A740 . 51 PUSH ECX
0043A741 . 8B55 D4 MOV EDX,DWORD PTR SS:[EBP-2C]
0043A744 . 52 PUSH EDX
0043A745 . FF15 68124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaPowerR8>] ; 结果平方
0043A74B . DD5D D4 FSTP QWORD PTR SS:[EBP-2C] ; 存回
0043A74E . C745 FC 130000>MOV DWORD PTR SS:[EBP-4],13
0043A755 . C745 A4 0C0000>MOV DWORD PTR SS:[EBP-5C],0C
0043A75C . C745 9C 020000>MOV DWORD PTR SS:[EBP-64],2
0043A763 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64] ; var type integer value 0C
0043A766 . 50 PUSH EAX
0043A767 . 6A 05 PUSH 5
0043A769 . 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] ;注册码
0043A76C . 8B11 MOV EDX,DWORD PTR DS:[ECX]
0043A76E . 52 PUSH EDX
0043A76F . FF15 00114000 CALL rtcMidCharBStr ;取注册码子串,从第5个字符开始,取0xC个字符
0043A775 . 8BD0 MOV EDX,EAX
0043A777 . 8D4D B4 LEA ECX,DWORD PTR SS:[EBP-4C]
0043A77A . FF15 C8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]
0043A780 . 50 PUSH EAX
0043A781 . FF15 3C124000 CALL [<&MSVBVM60.__vbaR8Str>] ; 转成R8
0043A787 . DD5D C4 FSTP QWORD PTR SS:[EBP-3C] ;存在 ebp-3C 处
===========================================
0043A79C . C745 FC 140000>MOV DWORD PTR SS:[EBP-4],14
0043A7A3 . DD45 C4 FLD QWORD PTR SS:[EBP-3C] ; 该子串表示的实数
0043A7A6 . DC05 301B4000 FADD QWORD PTR DS:[401B30] ;加上内定值 334.0
0043A7AC . DD5D C4 FSTP QWORD PTR SS:[EBP-3C] ;存回
0043A7AF . DFE0 FSTSW AX
0043A7B1 . A8 0D TEST AL,0D
0043A7B3 . 0F85 9F010000 JNZ CollegeB.0043A958
0043A7B9 . C745 FC 150000>MOV DWORD PTR SS:[EBP-4],15
0043A7C0 . 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]
0043A7C3 . 50 PUSH EAX
0043A7C4 . 8B4D C4 MOV ECX,DWORD PTR SS:[EBP-3C]
0043A7C7 . 51 PUSH ECX
0043A7C8 . FF15 80114000 CALL [<&MSVBVM60.__vbaStrR8>] ;转成String
0043A7CE . 8BD0 MOV EDX,EAX
0043A7D0 . 8D4D B4 LEA ECX,DWORD PTR SS:[EBP-4C]
0043A7D3 . FF15 C8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]
0043A7D9 . 50 PUSH EAX
0043A7DA . FF15 D0114000 CALL MSVBVM60.rtcStrReverse ;逆序
0043A7E0 . 8BD0 MOV EDX,EAX
0043A7E2 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0043A7E5 . FF15 C8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]
0043A7EB . 50 PUSH EAX
0043A7EC . FF15 3C124000 CALL MSVBVM60.__vbaR8Str ;转回R8
0043A7F2 . DD5D C4 FSTP QWORD PTR SS:[EBP-3C] ;存回
======================================
0043A808 . C745 FC 160000>MOV DWORD PTR SS:[EBP-4],16
0043A80F . DD45 C4 FLD QWORD PTR SS:[EBP-3C] ;装入结果
0043A812 . DC25 281B4000 FSUB QWORD PTR DS:[401B28] ; 减去内定值1032.0
0043A818 . DD5D C4 FSTP QWORD PTR SS:[EBP-3C] ; 存回
0043A81B . DFE0 FSTSW AX
0043A81D . A8 0D TEST AL,0D
0043A81F . 0F85 33010000 JNZ CollegeB.0043A958
0043A825 . C745 FC 170000>MOV DWORD PTR SS:[EBP-4],17
0043A82C . DD45 C4 FLD QWORD PTR SS:[EBP-3C] ; 这里的结果
0043A82F . DC5D D4 FCOMP QWORD PTR SS:[EBP-2C] ; 与[ebp-2c]处的结果作实数比较
0043A832 . DFE0 FSTSW AX
0043A834 . F6C4 40 TEST AH,40 ; 相等?
0043A837 . 74 0D JE SHORT CollegeB.0043A846 ; if not equal then jmp
0043A839 . C745 FC 180000>MOV DWORD PTR SS:[EBP-4],18
0043A840 . 66:C745 D0 FFF>MOV WORD PTR SS:[EBP-30],0FFFF ; 若相等则[ebp-30]=-1,看上去应该是成功标志
0043A846 > C745 FC 1A0000>MOV DWORD PTR SS:[EBP-4],1A ; 但随后的代码使之无论如何不为-1
0043A84D . 66:C785 28FFFF>MOV WORD PTR SS:[EBP-D8],4
0043A856 . 66:C785 2CFFFF>MOV WORD PTR SS:[EBP-D4],1
0043A85F . 66:C745 DC 010>MOV WORD PTR SS:[EBP-24],1
........................
..............
..........
0043A8F9 . C745 FC 200000>MOV DWORD PTR SS:[EBP-4],20
0043A900 . 66:C745 D0 000>MOV WORD PTR SS:[EBP-30],0
0043A906 > 9B WAIT
0043A907 . 68 41A94300 PUSH CollegeB.0043A941
0043A90C . EB 32 JMP SHORT CollegeB.0043A940
========================================
0043A940 > C3 RETN ; RET used as a jump to 0043A941
0043A941 > 66:8B45 D0 MOV AX,WORD PTR SS:[EBP-30] ; EBP-30 处为返回值
0043A945 . 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]
0043A948 . 64:890D 000000>MOV DWORD PTR FS:[0],ECX
0043A94F . 5F POP EDI
0043A950 . 5E POP ESI
0043A951 . 5B POP EBX
0043A952 . 8BE5 MOV ESP,EBP
0043A954 . 5D POP EBP
0043A955 . C2 0800 RETN 8
后记:这里虽然很象验证代码,但有点自相矛盾,而且最后也没有用到这里的任何结果。不解。
====================================================
【分析总结】
自己去总结吧,只要用第一段代码就行了。
====================================================
设为首页
加入收藏
总编信箱
投稿或申请专栏请先 [登 陆]
