【标题】：32bit Convert It 9.52.01破解手记(3)
【关键字】：C,破解,32,on,01,52,32bit,32bit,Convert,It,52,01
【来源】：网络

32bit Convert It 9.52.01破解手记(3)

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A06A(C) <===从这里开始循环结构
|
:0040A043 8BC1 mov eax, ecx
:0040A045 25FF000000 and eax, 000000FF
:0040A04A 8D3CC0 lea edi, dword ptr [eax+8*eax]
:0040A04D 03C6 add eax, esi
:0040A04F 8D0478 lea eax, dword ptr [eax+2*edi]
:0040A052 03D0 add edx, eax
:0040A054 80F960 cmp cl, 60
:0040A057 7305 jnb 0040A05E
:0040A059 83C215 add edx, 00000015
:0040A05C EB03 jmp 0040A061

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A057(C)
|
:0040A05E 83EA15 sub edx, 00000015

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A05C(U)
|
:0040A061 8A8E4DAB4400 mov cl, byte ptr [esi+0044AB4D]
:0040A067 46 inc esi
:0040A068 3ACB cmp cl, bl
:0040A06A 75D7 jne 0040A043
<===这一循环结构，对"newlaos32bit convert it"，进行初步计算
:0040A06C 89742410 mov dword ptr [esp+10], esi <===这个为整个字符串的长度17(十进制23个)
:0040A070 89542418 mov dword ptr [esp+18], edx <===这里上一循环计算出的结果(A213)

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A041(C)
|
:0040A074 B980000000 mov ecx, 00000080
:0040A079 33C0 xor eax, eax
:0040A07B BF4CB34400 mov edi, 0044B34C
:0040A080 52 push edx

* Possible StringData Ref from Data Obj ->"%06lu"
|
:0040A081 6854394400 push 00443954
:0040A086 684CB34400 push 0044B34C
:0040A08B F3 repz
:0040A08C AB stosd
:0040A08D E88BDD0000 call 00417E1D <===这里算出第一步的计算结果041491

* Reference To: KERNEL32.lstrlenA, Ord:0308h
|
:0040A092 8B2DC8314300 mov ebp, dword ptr [004331C8]
:0040A098 83C40C add esp, 0000000C
:0040A09B B900020000 mov ecx, 00000200
:0040A0A0 33C0 xor eax, eax
:0040A0A2 BF4CAB4400 mov edi, 0044AB4C
:0040A0A7 684CB34400 push 0044B34C
:0040A0AC F3 repz
:0040A0AD AB stosd
:0040A0AE 895C2414 mov dword ptr [esp+14], ebx
:0040A0B2 FFD5 call ebp
:0040A0B4 8B4C2410 mov ecx, dword ptr [esp+10]
:0040A0B8 3BC8 cmp ecx, eax
:0040A0BA 7D37 jge 0040A0F3

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A0F1(C) <===从这里开始循环结构
|
:0040A0BC 0FBE914CB34400 movsx edx, byte ptr [ecx+0044B34C] <===依次取出041491的每个值的ASC码值
:0040A0C3 03D1 add edx, ecx
:0040A0C5 8D044D4CAB4400 lea eax, dword ptr [2*ecx+0044AB4C]
:0040A0CC 52 push edx

* Possible StringData Ref from Data Obj ->"%02X"
|
:0040A0CD 684C394400 push 0044394C
:0040A0D2 50 push eax
:0040A0D3 E845DD0000 call 00417E1D <===每经过一次，计算出两位注册码
:0040A0D8 8B7C241C mov edi, dword ptr [esp+1C]
:0040A0DC 83C40C add esp, 0000000C
:0040A0DF 47 inc edi
:0040A0E0 684CB34400 push 0044B34C
:0040A0E5 897C2414 mov dword ptr [esp+14], edi
:0040A0E9 FFD5 call ebp
:0040A0EB 8B4C2410 mov ecx, dword ptr [esp+10]
:0040A0EF 3BC8 cmp ecx, eax <===循环6次
:0040A0F1 7CC9 jl 0040A0BC <===这个循环结构就算出最后的注册码
.......
.......
此处省略一段代码，与算法无关
.......
.......
:0040A16D F3 repz
:0040A16E A4 movsb
:0040A16F 5F pop edi
:0040A170 5E pop esi
:0040A171 5D pop ebp
:0040A172 5B pop ebx
:0040A173 59 pop ecx
:0040A174 C3 ret