ClockWise V3.25c（2）

进入关键CALL：42F557 call 0042F5AA
* Referenced by a CALL at Addresses:
|:0042F4D1 , :0042F557
|
:0042F5AA 55 push ebp
:0042F5AB 8BEC mov ebp, esp
:0042F5AD 83EC24 sub esp, 00000024
:0042F5B0 53 push ebx
:0042F5B1 56 push esi
:0042F5B2 57 push edi
:0042F5B3 894DDC mov dword ptr [ebp-24], ecx
:0042F5B6 90 nop
:0042F5B7 90 nop
:0042F5B8 90 nop
:0042F5B9 90 nop
:0042F5BA C745F800000000 mov [ebp-08], 00000000
:0042F5C1 90 nop
:0042F5C2 90 nop
:0042F5C3 90 nop
:0042F5C4 90 nop
:0042F5C5 90 nop
:0042F5C6 90 nop
:0042F5C7 90 nop
:0042F5C8 90 nop
:0042F5C9 C745FC00000000 mov [ebp-04], 00000000
:0042F5D0 C745E800000000 mov [ebp-18], 00000000
:0042F5D7 8B4DDC mov ecx, dword ptr [ebp-24]
:0042F5DA 83C160 add ecx, 00000060
:0042F5DD E86E3BFDFF call 00403150
:0042F5E2 8945F4 mov dword ptr [ebp-0C], eax
:0042F5E5 837DF400 cmp dword ptr [ebp-0C], 00000000
====>Name没填？

:0042F5E9 0F8486020000 je 0042F875
====>跳则OVER！

:0042F5EF 8B4DDC mov ecx, dword ptr [ebp-24]
:0042F5F2 83C168 add ecx, 00000068
:0042F5F5 E8563BFDFF call 00403150
:0042F5FA 85C0 test eax, eax
====>序列号没填？

:0042F5FC 0F8E73020000 jle 0042F875
====>跳则OVER！

:0042F602 8B4DDC mov ecx, dword ptr [ebp-24]
:0042F605 83C164 add ecx, 00000064
:0042F608 E8433BFDFF call 00403150
:0042F60D 83F805 cmp eax, 00000005
====>注册码应＞5位

:0042F610 0F8E5F020000 jle 0042F875
====>跳则OVER！

:0042F616 8B4DDC mov ecx, dword ptr [ebp-24]
:0042F619 83C168 add ecx, 00000068
:0042F61C E87FFFFEFF call 0041F5A0
:0042F621 50 push eax
====>EAX=1234

:0042F622 E8BCFE0000 call 0043F4E3
====>将1234转换为16进制值表示。下面进行诸多检测！

:0042F627 83C404 add esp, 00000004
:0042F62A 8945FC mov dword ptr [ebp-04], eax
====>[ebp-04]=EAX=4D2（H）=1234（D）

:0042F62D 837DFC01 cmp dword ptr [ebp-04], 00000001
====>不能小于1

:0042F631 7263 jb 0042F696
====>跳则OVER！

:0042F633 817DFC2C010000 cmp dword ptr [ebp-04], 0000012C
====>或者≤12C(H)

:0042F63A 7609 jbe 0042F645
:0042F63C 817DFCE8030000 cmp dword ptr [ebp-04], 000003E8
====>或者≥3E8(H)

:0042F643 7251 jb 0042F696
====>跳则OVER！
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F63A(C)
|
:0042F645 817DFCC4090000 cmp dword ptr [ebp-04], 000009C4
====>或者＜9C4(H)

:0042F64C 7609 jbe 0042F657
:0042F64E 817DFC88130000 cmp dword ptr [ebp-04], 00001388
====>或者≥1388(H)

:0042F655 723F jb 0042F696
====>跳则OVER！
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F64C(C)
|
:0042F657 817DFC401F0000 cmp dword ptr [ebp-04], 00001F40
====>或者≤1F40(H)

:0042F65E 7609 jbe 0042F669
:0042F660 817DFC67270000 cmp dword ptr [ebp-04], 00002767
====>或者≥2767(H)

:0042F667 722D jb 0042F696
====>跳则OVER！

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F65E(C)
|
:0042F669 817DFC162A0000 cmp dword ptr [ebp-04], 00002A16
====>或者≤2A16(H)

:0042F670 7609 jbe 0042F67B
:0042F672 817DFC532A0000 cmp dword ptr [ebp-04], 00002A53
====>或者≥2A53(H)

:0042F679 721B jb 0042F696
====>跳则OVER！

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F670(C)
|
:0042F67B 817DFCE02E0000 cmp dword ptr [ebp-04], 00002EE0
====>或者≤2EE0(H)

:0042F682 7609 jbe 0042F68D
:0042F684 817DFC204E0000 cmp dword ptr [ebp-04], 00004E20
====>或者≥4E20(H)

:0042F68B 7209 jb 0042F696
====>跳则OVER！

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F682(C)
|
:0042F68D 817DFCF0550000 cmp dword ptr [ebp-04], 000055F0
====>或者≤55F0(H)

:0042F694 760C jbe 0042F6A2
====>应跳！

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0042F631(C), :0042F643(C), :0042F655(C), :0042F667(C), :0042F679(C)
|:0042F68B(C)
====>跳到这儿就OVER了！

:0042F696 C745F800000000 mov [ebp-08], 00000000
:0042F69D E9D3010000 jmp 0042F875
====>跳向OVER！

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F694(C)
|
:0042F6A2 C745EC00000000 mov [ebp-14], 00000000
:0042F6A9 EB09 jmp 0042F6B4

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F6E2(U)
|
:0042F6AB 8B45EC mov eax, dword ptr [ebp-14]
:0042F6AE 83C001 add eax, 00000001
:0042F6B1 8945EC mov dword ptr [ebp-14], eax

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042F6A9(U)
|
:0042F6B4 8B4DEC mov ecx, dword ptr [ebp-14]
:0042F6B7 3B4DF4 cmp ecx, dword ptr [ebp-0C]
====>循环NAME的位数次！

:0042F6BA 7D28 jge 0042F6E4
:0042F6BC 8B75EC mov esi, dword ptr [ebp-14]
:0042F6BF 83C601 add esi, 00000001
:0042F6C2 8B55EC mov edx, dword ptr [ebp-14]
:0042F6C5 52 push edx
:0042F6C6 8B4DDC mov ecx, dword ptr [ebp-24]
:0042F6C9 83C160 add ecx, 00000060
:0042F6CC E8DF3AFDFF call 004031B0
====>依次取NAME字符的HEX值
:0042F6D1 0FBEC0 movsx eax, al
1、 ====>EAX=66
2、 ====>EAX=6C
3、 ====>EAX=79

:0042F6D4 0FAFF0 imul esi, eax
1、 ====>ESI=1 * 66=66
2、 ====>ESI=2 * 6C=D8
3、 ====>ESI=3 * 79=16B

:0042F6D7 0375F4 add esi, dword ptr [ebp-0C]
1、 ====>ESI=66 + 3=69
2、 ====>ESI=D8 + 3=DB
3、 ====>ESI=16B + 3=16E

:0042F6DA 8B4DE8 mov ecx, dword ptr [ebp-18]
1、 ====>ECX=00
2、 ====>ECX=69
3、 ====>ECX=144

:0042F6DD 03CE add ecx, esi
1、 ====>ECX=00 + 69=69
2、 ====>ECX=69 + DB=144
3、 ====>ECX=144 + 16E=2B2

:0042F6DF 894DE8 mov dword ptr [ebp-18], ecx
1、 ====>[ebp-18]=ECX=69
2、 ====>[ebp-18]=ECX=144
2、 ====>[ebp-18]=ECX=2B2

:0042F6E2 EBC7 jmp 0042F6AB
====>跳上去继续循环

ClockWise V3.25c（3）：【上一篇】
ClockWise V3.25c（1）：【下一篇】