标签:
【破文标题】[MD5变形算法练习] AutoRun Design Specialty算法分析
【破文作者】静心学习
【作者邮箱】sharept@qq.com
【作者主页】http://www.cnblogs.com/dacainiao/
【破解工具】OD, DEDE, IDA
【破解平台】xp sp3
【软件名称】AutoRun Design Specialty
【软件大小】6.98MB
【原版下载】http://www.alleysoft.com/autorundesignspecialty/ARDSSetup90.exe
【保护方式】无壳
【软件简介】一款专业的所见即所得的光盘自启动程序制作工具。软件支持多种启动屏幕画面,可插入图片、声音、HTML和RTF文档。内建了媒体播放器和RTF阅读器,可在程序启动时播放AVI视频和RTF文档
。软件内置了许多模板,可根据需要调用和修改。
【破解声明】初学密码学,跟着看雪前辈们的脚步学习,错误之处敬请诸位前辈不吝赐教。
------------------------------------------------------------------------
【破解过程】程序无壳,Delphi编写的,使用DEDE可以很快定位到关键点。
输入注册信息:
Name: jingxinxuexi
Serial: 002
Code: 123456789
00571ADB |. 53 PUSH EBX 00571ADC |. 56 PUSH ESI 00571ADD |. 57 PUSH EDI 00571ADE |. 8BD8 MOV EBX, EAX 00571AE0 |. 33C0 XOR EAX, EAX 00571AE2 |. 55 PUSH EBP 00571AE3 |. 68 A71C5700 PUSH <AutoRunD.loc_571CA7> 00571AE8 |. 64:FF30 PUSH DWORD PTR FS:[EAX] 00571AEB |. 64:8920 MOV DWORD PTR FS:[EAX], ESP 00571AEE |. 8D55 FC LEA EDX, [LOCAL.1] 00571AF1 |. 8B83 1C030000 MOV EAX, DWORD PTR DS:[EBX+0x31C] 00571AF7 |. E8 C8D7F0FF CALL <AutoRunD.sub_47F2C4> 00571AFC |. 8D55 F8 LEA EDX, [LOCAL.2] 00571AFF |. 8B83 20030000 MOV EAX, DWORD PTR DS:[EBX+0x320] 00571B05 |. E8 BAD7F0FF CALL <AutoRunD.sub_47F2C4> 00571B0A |. 8D55 F4 LEA EDX, [LOCAL.3] 00571B0D |. 8B83 18030000 MOV EAX, DWORD PTR DS:[EBX+0x318] 00571B13 |. E8 ACD7F0FF CALL <AutoRunD.sub_47F2C4> 00571B18 |. 8D45 F0 LEA EAX, [LOCAL.4] 00571B1B |. 50 PUSH EAX 00571B1C |. B9 03000000 MOV ECX, 0x3 00571B21 |. BA 01000000 MOV EDX, 0x1 00571B26 |. 8B45 F8 MOV EAX, [LOCAL.2] ; //S 00571B29 |. E8 4EFFECFF CALL <AutoRunD.sub_441A7C> 00571B2E |. 8B45 F0 MOV EAX, [LOCAL.4] 00571B31 |. BA C01C5700 MOV EDX, <AutoRunD.dword_571CC0> ; ASCII "002" 00571B36 |. E8 CD2CE9FF CALL <AutoRunD.sub_404808> 00571B3B |. 0F85 26010000 JNZ <AutoRunD.loc_571C67> ; //Serial必须为002 00571B41 |. 8D45 D4 LEA EAX, [LOCAL.11] 00571B44 |. 8B4D FC MOV ECX, [LOCAL.1] ; //用户名 00571B47 |. 8B55 F8 MOV EDX, [LOCAL.2] 00571B4A |. E8 B92BE9FF CALL <AutoRunD.sub_404708> 00571B4F |. 8B45 D4 MOV EAX, [LOCAL.11] 00571B52 |. 8D55 D8 LEA EDX, [LOCAL.10] 00571B55 |. E8 0AF4FFFF CALL <AutoRunD.sub_570F64> ; //算法CALL, 002用户名 00571B5A |. 8D45 D8 LEA EAX, [LOCAL.10] 00571B5D |. 8D55 E8 LEA EDX, [LOCAL.6] 00571B60 |. E8 67F2FFFF CALL <AutoRunD.sub_570DCC> 00571B65 |. 8B45 E8 MOV EAX, [LOCAL.6] 00571B68 |. 8D55 EC LEA EDX, [LOCAL.5] 00571B6B |. E8 946DE9FF CALL <AutoRunD.sub_408904> 00571B70 |. 8B45 EC MOV EAX, [LOCAL.5] 00571B73 |. 8B55 F4 MOV EDX, [LOCAL.3] 00571B76 |. E8 8D2CE9FF CALL <AutoRunD.sub_404808> 00571B7B |. 74 1D JE SHORT <AutoRunD.loc_571B9A> ; //关键跳 00571B7D |. 6A 40 PUSH 0x40 00571B7F |. B9 C41C5700 MOV ECX, <AutoRunD.aInformation_2> ; ASCII "Information" 00571B84 |. BA D01C5700 MOV EDX, <AutoRunD.aPleaseInputNam> ; ASCII "Please input Name,Serial,Code again." 00571B89 |. A1 70895F00 MOV EAX, DWORD PTR DS:[<off_5F8970>] 00571B8E |. 8B00 MOV EAX, DWORD PTR DS:[EAX] 00571B90 |. E8 D7EDF2FF CALL <AutoRunD.sub_4A096C> 00571B95 |. E9 E5000000 JMP <AutoRunD.loc_571C7F> 00571B9A >|> 8D45 D0 LEA EAX, [LOCAL.12] ; loc_571B9A 00571B9D |. E8 52540600 CALL <AutoRunD.sub_5D6FF4> 00571BA2 |. 8D45 D0 LEA EAX, [LOCAL.12] 00571BA5 |. BA 001D5700 MOV EDX, <AutoRunD.aAutorunds_ini> ; ASCII "\AutoRunDS.ini"
通过分析,Serial必须为002,然后将002拼接用户名,进入算法CALL(CALL 00570F64):
算法CALL的第2个子CALL可以看到对MD5_Init的初始化(CALL 00570FD8):
00570FD8 >/$ C700 E1FADFDD MOV DWORD PTR DS:[EAX], 0xDDDFFAE1 ; sub_570FD8 00570FDE |. C740 04 32ADD>MOV DWORD PTR DS:[EAX+0x4], 0xABDEAD32 00570FE5 |. C740 08 F3DCB>MOV DWORD PTR DS:[EAX+0x8], 0x98BADCF3 00570FEC |. C740 0C 30073>MOV DWORD PTR DS:[EAX+0xC], 0x10320730 ; //4个初始常量已变形 00570FF3 |. 33D2 XOR EDX, EDX 00570FF5 |. 8950 10 MOV DWORD PTR DS:[EAX+0x10], EDX 00570FF8 |. 33D2 XOR EDX, EDX 00570FFA |. 8950 14 MOV DWORD PTR DS:[EAX+0x14], EDX 00570FFD |. 83C0 18 ADD EAX, 0x18 00571000 |. BA 40000000 MOV EDX, 0x40 00571005 |. E8 A265E9FF CALL <AutoRunD.sub_4075AC> 0057100A \. C3 RETN
通过分析,数据的填充方式没有变化,还是1后面全是0,MD5_Final函数已经变形(CALL 005710F4):
00571129 |. 8903 MOV DWORD PTR DS:[EBX], EAX ; //a 0057112B |. 8B4424 04 MOV EAX, DWORD PTR SS:[ESP+0x4] 0057112F |. 8B40 04 MOV EAX, DWORD PTR DS:[EAX+0x4] 00571132 |. 8906 MOV DWORD PTR DS:[ESI], EAX ; //b 00571134 |. 8B4424 04 MOV EAX, DWORD PTR SS:[ESP+0x4] 00571138 |. 8B40 08 MOV EAX, DWORD PTR DS:[EAX+0x8] 0057113B |. 8907 MOV DWORD PTR DS:[EDI], EAX ; //c 0057113D |. 8B4424 04 MOV EAX, DWORD PTR SS:[ESP+0x4] 00571141 |. 8B40 0C MOV EAX, DWORD PTR DS:[EAX+0xC] 00571144 |. 8945 00 MOV DWORD PTR SS:[EBP], EAX ; //d 00571147 |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 0057114A |. 50 PUSH EAX ; //push d 0057114B |. 8B4424 1C MOV EAX, DWORD PTR SS:[ESP+0x1C] ; //第一组32位数据 0057114F |. 50 PUSH EAX 00571150 |. 6A 01 PUSH 0x1 ; //移位次数 00571152 |. 68 AD3B1232 PUSH 0x32123BAD ; //ti 00571157 |. 8BC3 MOV EAX, EBX ; //a地址 00571159 |. 8B0F MOV ECX, DWORD PTR DS:[EDI] ; //c 0057115B |. 8B16 MOV EDX, DWORD PTR DS:[ESI] ; //b 0057115D |. E8 32FDFFFF CALL <AutoRunD.sub_570E94>
CALL <AutoRunD.sub_570E94>:
00570E94 >/$ 55 PUSH EBP ; sub_570E94 00570E95 |. 8BEC MOV EBP, ESP 00570E97 |. 53 PUSH EBX 00570E98 |. 56 PUSH ESI 00570E99 |. 57 PUSH EDI 00570E9A |. 8BF9 MOV EDI, ECX ; //c 00570E9C |. 8BF2 MOV ESI, EDX ; //b 00570E9E |. 8BD8 MOV EBX, EAX ; //a地址 00570EA0 |. 8B4D 14 MOV ECX, [ARG.4] ; //d 00570EA3 |. 8BD7 MOV EDX, EDI ; //c 00570EA5 |. 8BC6 MOV EAX, ESI ; //b 00570EA7 |. E8 9CFFFFFF CALL <AutoRunD.sub_570E48> ; //(c & b) | (d & (~b)) 00570EAC |. 0345 10 ADD EAX, [ARG.3] ; //第一组32位数据 F(b,c,d)+Mj 00570EAF |. 0345 08 ADD EAX, [ARG.1] ; //+ti F(b,c,d)+Mj+ti 00570EB2 |. 0103 ADD DWORD PTR DS:[EBX], EAX ; //a + F(b,c,d)+Mj+ti 00570EB4 |. 8BC3 MOV EAX, EBX 00570EB6 |. 8A55 0C MOV DL, BYTE PTR SS:[EBP+0xC] ; //移位1 00570EB9 |. E8 B6FFFFFF CALL <AutoRunD.sub_570E74> 00570EBE |. 0133 ADD DWORD PTR DS:[EBX], ESI ; //a += b + (a + F(b,c,d)+Mj+ti << 1) 00570EC0 |. 5F POP EDI 00570EC1 |. 5E POP ESI 00570EC2 |. 5B POP EBX 00570EC3 |. 5D POP EBP 00570EC4 \. C2 1000 RETN 0x10
后面的4轮运算的变形:
0057114A |. 50 PUSH EAX ; //push d 0057114B |. 8B4424 1C MOV EAX, DWORD PTR SS:[ESP+0x1C] ; //第一组32位数据 0057114F |. 50 PUSH EAX 00571150 |. 6A 01 PUSH 0x1 ; //移位次数 00571152 |. 68 AD3B1232 PUSH 0x32123BAD ; //ti 00571157 |. 8BC3 MOV EAX, EBX ; //a地址 00571159 |. 8B0F MOV ECX, DWORD PTR DS:[EDI] ; //c 0057115B |. 8B16 MOV EDX, DWORD PTR DS:[ESI] ; //b 0057115D |. E8 32FDFFFF CALL <AutoRunD.sub_570E94> 00571162 |. 8B07 MOV EAX, DWORD PTR DS:[EDI] ; //c 00571164 |. 50 PUSH EAX 00571165 |. 8B4424 20 MOV EAX, DWORD PTR SS:[ESP+0x20] ; //第二组32位数据 00571169 |. 50 PUSH EAX 0057116A |. 6A 0A PUSH 0xA ; //移位次数 0057116C |. 68 CBDE4A43 PUSH 0x434ADECB ; //ti 00571171 |. 8BC5 MOV EAX, EBP 00571173 |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 00571175 |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 00571177 |. E8 18FDFFFF CALL <AutoRunD.sub_570E94> 0057117C |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 0057117E |. 50 PUSH EAX 0057117F |. 8B4424 24 MOV EAX, DWORD PTR SS:[ESP+0x24] 00571183 |. 50 PUSH EAX 00571184 |. 6A 15 PUSH 0x15 00571186 |. 68 DB702024 PUSH 0x242070DB 0057118B |. 8BC7 MOV EAX, EDI 0057118D |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 0057118F |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 00571192 |. E8 FDFCFFFF CALL <AutoRunD.sub_570E94> 00571197 |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 00571199 |. 50 PUSH EAX 0057119A |. 8B4424 28 MOV EAX, DWORD PTR SS:[ESP+0x28] 0057119E |. 50 PUSH EAX 0057119F |. 6A 16 PUSH 0x16 005711A1 |. 68 CDCA1312 PUSH 0x1213CACD 005711A6 |. 8BC6 MOV EAX, ESI 005711A8 |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 005711AB |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 005711AD |. E8 E2FCFFFF CALL <AutoRunD.sub_570E94> 005711B2 |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 005711B5 |. 50 PUSH EAX 005711B6 |. 8B4424 2C MOV EAX, DWORD PTR SS:[ESP+0x2C] 005711BA |. 50 PUSH EAX 005711BB |. 6A 01 PUSH 0x1 005711BD |. 68 AF0F7CF5 PUSH 0xF57C0FAF 005711C2 |. 8BC3 MOV EAX, EBX 005711C4 |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 005711C6 |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 005711C8 |. E8 C7FCFFFF CALL <AutoRunD.sub_570E94> 005711CD |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 005711CF |. 50 PUSH EAX 005711D0 |. 8B4424 30 MOV EAX, DWORD PTR SS:[ESP+0x30] 005711D4 |. 50 PUSH EAX 005711D5 |. 6A 0B PUSH 0xB 005711D7 |. 68 2AC68747 PUSH 0x4787C62A 005711DC |. 8BC5 MOV EAX, EBP 005711DE |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 005711E0 |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 005711E2 |. E8 ADFCFFFF CALL <AutoRunD.sub_570E94> 005711E7 |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 005711E9 |. 50 PUSH EAX 005711EA |. 8B4424 34 MOV EAX, DWORD PTR SS:[ESP+0x34] 005711EE |. 50 PUSH EAX 005711EF |. 6A 15 PUSH 0x15 005711F1 |. 68 134630A8 PUSH 0xA8304613 005711F6 |. 8BC7 MOV EAX, EDI 005711F8 |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 005711FA |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 005711FD |. E8 92FCFFFF CALL <AutoRunD.sub_570E94> 00571202 |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 00571204 |. 50 PUSH EAX 00571205 |. 8B4424 38 MOV EAX, DWORD PTR SS:[ESP+0x38] 00571209 |. 50 PUSH EAX 0057120A |. 6A 16 PUSH 0x16 0057120C |. 68 019546FD PUSH 0xFD469501 00571211 |. 8BC6 MOV EAX, ESI 00571213 |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 00571216 |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 00571218 |. E8 77FCFFFF CALL <AutoRunD.sub_570E94> 0057121D |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 00571220 |. 50 PUSH EAX 00571221 |. 8B4424 3C MOV EAX, DWORD PTR SS:[ESP+0x3C] 00571225 |. 50 PUSH EAX 00571226 |. 6A 01 PUSH 0x1 00571228 |. 68 D8988069 PUSH 0x698098D8 0057122D |. 8BC3 MOV EAX, EBX 0057122F |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 00571231 |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 00571233 |. E8 5CFCFFFF CALL <AutoRunD.sub_570E94> 00571238 |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 0057123A |. 50 PUSH EAX 0057123B |. 8B4424 40 MOV EAX, DWORD PTR SS:[ESP+0x40] 0057123F |. 50 PUSH EAX 00571240 |. 6A 0B PUSH 0xB 00571242 |. 68 AFF7448B PUSH 0x8B44F7AF 00571247 |. 8BC5 MOV EAX, EBP 00571249 |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 0057124B |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 0057124D |. E8 42FCFFFF CALL <AutoRunD.sub_570E94> 00571252 |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 00571254 |. 50 PUSH EAX 00571255 |. 8B4424 44 MOV EAX, DWORD PTR SS:[ESP+0x44] 00571259 |. 50 PUSH EAX 0057125A |. 6A 15 PUSH 0x15 0057125C |. 68 B15BFFFF PUSH 0xFFFF5BB1 00571261 |. 8BC7 MOV EAX, EDI 00571263 |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 00571265 |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 00571268 |. E8 27FCFFFF CALL <AutoRunD.sub_570E94> 0057126D |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 0057126F |. 50 PUSH EAX 00571270 |. 8B4424 48 MOV EAX, DWORD PTR SS:[ESP+0x48] 00571274 |. 50 PUSH EAX 00571275 |. 6A 16 PUSH 0x16 00571277 |. 68 4AC5DAEA PUSH 0xEADAC54A 0057127C |. 8BC6 MOV EAX, ESI 0057127E |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 00571281 |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 00571283 |. E8 0CFCFFFF CALL <AutoRunD.sub_570E94> 00571288 |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 0057128B |. 50 PUSH EAX 0057128C |. 8B4424 4C MOV EAX, DWORD PTR SS:[ESP+0x4C] 00571290 |. 50 PUSH EAX 00571291 |. 6A 01 PUSH 0x1 00571293 |. 68 2211906B PUSH 0x6B901122 00571298 |. 8BC3 MOV EAX, EBX 0057129A |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 0057129C |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 0057129E |. E8 F1FBFFFF CALL <AutoRunD.sub_570E94> 005712A3 |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 005712A5 |. 50 PUSH EAX 005712A6 |. 8B4424 50 MOV EAX, DWORD PTR SS:[ESP+0x50] 005712AA |. 50 PUSH EAX 005712AB |. 6A 0B PUSH 0xB 005712AD |. 68 937198FD PUSH 0xFD987193 005712B2 |. 8BC5 MOV EAX, EBP 005712B4 |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 005712B6 |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 005712B8 |. E8 D7FBFFFF CALL <AutoRunD.sub_570E94> 005712BD |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 005712BF |. 50 PUSH EAX 005712C0 |. 8B4424 54 MOV EAX, DWORD PTR SS:[ESP+0x54] 005712C4 |. 50 PUSH EAX 005712C5 |. 6A 15 PUSH 0x15 005712C7 |. 68 8E4379A6 PUSH 0xA679438E 005712CC |. 8BC7 MOV EAX, EDI 005712CE |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 005712D0 |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 005712D3 |. E8 BCFBFFFF CALL <AutoRunD.sub_570E94> 005712D8 |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 005712DA |. 50 PUSH EAX 005712DB |. 8B4424 58 MOV EAX, DWORD PTR SS:[ESP+0x58] 005712DF |. 50 PUSH EAX 005712E0 |. 6A 16 PUSH 0x16 005712E2 |. 68 2108B449 PUSH 0x49B40821 005712E7 |. 8BC6 MOV EAX, ESI 005712E9 |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 005712EC |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 005712EE |. E8 A1FBFFFF CALL <AutoRunD.sub_570E94> 005712F3 |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 005712F6 |. 50 PUSH EAX 005712F7 |. 8B4424 20 MOV EAX, DWORD PTR SS:[ESP+0x20] 005712FB |. 50 PUSH EAX 005712FC |. 6A 06 PUSH 0x6 005712FE |. 68 62251EF6 PUSH 0xF61E2562 00571303 |. 8BC3 MOV EAX, EBX 00571305 |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 00571307 |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 00571309 |. E8 BAFBFFFF CALL <AutoRunD.sub_570EC8> 0057130E |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 00571310 |. 50 PUSH EAX 00571311 |. 8B4424 34 MOV EAX, DWORD PTR SS:[ESP+0x34] 00571315 |. 50 PUSH EAX 00571316 |. 6A 09 PUSH 0x9 00571318 |. 68 40B340C0 PUSH 0xC040B340 0057131D |. 8BC5 MOV EAX, EBP 0057131F |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 00571321 |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 00571323 |. E8 A0FBFFFF CALL <AutoRunD.sub_570EC8> 00571328 |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 0057132A |. 50 PUSH EAX 0057132B |. 8B4424 48 MOV EAX, DWORD PTR SS:[ESP+0x48] 0057132F |. 50 PUSH EAX 00571330 |. 6A 0A PUSH 0xA 00571332 |. 68 515A5E26 PUSH 0x265E5A51 00571337 |. 8BC7 MOV EAX, EDI 00571339 |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 0057133B |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 0057133E |. E8 85FBFFFF CALL <AutoRunD.sub_570EC8> 00571343 |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 00571345 |. 50 PUSH EAX 00571346 |. 8B4424 1C MOV EAX, DWORD PTR SS:[ESP+0x1C] 0057134A |. 50 PUSH EAX 0057134B |. 6A 14 PUSH 0x14 0057134D |. 68 AAC7B6E9 PUSH 0xE9B6C7AA 00571352 |. 8BC6 MOV EAX, ESI 00571354 |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 00571357 |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 00571359 |. E8 6AFBFFFF CALL <AutoRunD.sub_570EC8> 0057135E |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 00571361 |. 50 PUSH EAX 00571362 |. 8B4424 30 MOV EAX, DWORD PTR SS:[ESP+0x30] 00571366 |. 50 PUSH EAX 00571367 |. 6A 06 PUSH 0x6 00571369 |. 68 335522AA PUSH 0xAA225533 0057136E |. 8BC3 MOV EAX, EBX 00571370 |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 00571372 |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 00571374 |. E8 4FFBFFFF CALL <AutoRunD.sub_570EC8> 00571379 |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 0057137B |. 50 PUSH EAX 0057137C |. 8B4424 44 MOV EAX, DWORD PTR SS:[ESP+0x44] 00571380 |. 50 PUSH EAX 00571381 |. 6A 09 PUSH 0x9 00571383 |. 68 53144402 PUSH 0x2441453 00571388 |. 8BC5 MOV EAX, EBP 0057138A |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 0057138C |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 0057138E |. E8 35FBFFFF CALL <AutoRunD.sub_570EC8> 00571393 |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 00571395 |. 50 PUSH EAX 00571396 |. 8B4424 58 MOV EAX, DWORD PTR SS:[ESP+0x58] 0057139A |. 50 PUSH EAX 0057139B |. 6A 08 PUSH 0x8 0057139D |. 68 22AA66BB PUSH 0xBB66AA22 005713A2 |. 8BC7 MOV EAX, EDI 005713A4 |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 005713A6 |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 005713A9 |. E8 1AFBFFFF CALL <AutoRunD.sub_570EC8> 005713AE |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 005713B0 |. 50 PUSH EAX 005713B1 |. 8B4424 2C MOV EAX, DWORD PTR SS:[ESP+0x2C] 005713B5 |. 50 PUSH EAX 005713B6 |. 6A 14 PUSH 0x14 005713B8 |. 68 BAAC3434 PUSH 0x3434ACBA 005713BD |. 8BC6 MOV EAX, ESI 005713BF |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 005713C2 |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 005713C4 |. E8 FFFAFFFF CALL <AutoRunD.sub_570EC8> 005713C9 |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 005713CC |. 50 PUSH EAX 005713CD |. 8B4424 40 MOV EAX, DWORD PTR SS:[ESP+0x40] 005713D1 |. 50 PUSH EAX 005713D2 |. 6A 06 PUSH 0x6 005713D4 |. 68 E6CDE121 PUSH 0x21E1CDE6 005713D9 |. 8BC3 MOV EAX, EBX 005713DB |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 005713DD |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 005713DF |. E8 E4FAFFFF CALL <AutoRunD.sub_570EC8> 005713E4 |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 005713E6 |. 50 PUSH EAX 005713E7 |. 8B4424 54 MOV EAX, DWORD PTR SS:[ESP+0x54] 005713EB |. 50 PUSH EAX 005713EC |. 6A 09 PUSH 0x9 005713EE |. 68 D60737C3 PUSH 0xC33707D6 005713F3 |. 8BC5 MOV EAX, EBP 005713F5 |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 005713F7 |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 005713F9 |. E8 CAFAFFFF CALL <AutoRunD.sub_570EC8> 005713FE |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 00571400 |. 50 PUSH EAX 00571401 |. 8B4424 28 MOV EAX, DWORD PTR SS:[ESP+0x28] 00571405 |. 50 PUSH EAX 00571406 |. 6A 0A PUSH 0xA 00571408 |. 68 870DD5F4 PUSH 0xF4D50D87 0057140D |. 8BC7 MOV EAX, EDI 0057140F |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 00571411 |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 00571414 |. E8 AFFAFFFF CALL <AutoRunD.sub_570EC8> 00571419 |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 0057141B |. 50 PUSH EAX 0057141C |. 8B4424 3C MOV EAX, DWORD PTR SS:[ESP+0x3C] 00571420 |. 50 PUSH EAX 00571421 |. 6A 14 PUSH 0x14 00571423 |. 68 ED145A45 PUSH 0x455A14ED 00571428 |. 8BC6 MOV EAX, ESI 0057142A |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 0057142D |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 0057142F |. E8 94FAFFFF CALL <AutoRunD.sub_570EC8> 00571434 |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 00571437 |. 50 PUSH EAX 00571438 |. 8B4424 50 MOV EAX, DWORD PTR SS:[ESP+0x50] 0057143C |. 50 PUSH EAX 0057143D |. 6A 06 PUSH 0x6 0057143F |. 68 05E9E3A9 PUSH 0xA9E3E905 00571444 |. 8BC3 MOV EAX, EBX 00571446 |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 00571448 |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 0057144A |. E8 79FAFFFF CALL <AutoRunD.sub_570EC8> 0057144F |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 00571451 |. 50 PUSH EAX 00571452 |. 8B4424 24 MOV EAX, DWORD PTR SS:[ESP+0x24] 00571456 |. 50 PUSH EAX 00571457 |. 6A 09 PUSH 0x9 00571459 |. 68 F8A3EFFC PUSH 0xFCEFA3F8 0057145E |. 8BC5 MOV EAX, EBP 00571460 |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 00571462 |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 00571464 |. E8 5FFAFFFF CALL <AutoRunD.sub_570EC8> 00571469 |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 0057146B |. 50 PUSH EAX 0057146C |. 8B4424 38 MOV EAX, DWORD PTR SS:[ESP+0x38] 00571470 |. 50 PUSH EAX 00571471 |. 6A 0A PUSH 0xA 00571473 |. 68 D9026F67 PUSH 0x676F02D9 00571478 |. 8BC7 MOV EAX, EDI 0057147A |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 0057147C |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 0057147F |. E8 44FAFFFF CALL <AutoRunD.sub_570EC8> 00571484 |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 00571486 |. 50 PUSH EAX 00571487 |. 8B4424 4C MOV EAX, DWORD PTR SS:[ESP+0x4C] 0057148B |. 50 PUSH EAX 0057148C |. 6A 14 PUSH 0x14 0057148E |. 68 8A4C2A8D PUSH 0x8D2A4C8A 00571493 |. 8BC6 MOV EAX, ESI 00571495 |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 00571498 |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 0057149A |. E8 29FAFFFF CALL <AutoRunD.sub_570EC8> 0057149F |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 005714A2 |. 50 PUSH EAX 005714A3 |. 8B4424 30 MOV EAX, DWORD PTR SS:[ESP+0x30] 005714A7 |. 50 PUSH EAX 005714A8 |. 6A 04 PUSH 0x4 005714AA |. 68 4239FAFF PUSH 0xFFFA3942 005714AF |. 8BC3 MOV EAX, EBX 005714B1 |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 005714B3 |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 005714B5 |. E8 42FAFFFF CALL <AutoRunD.sub_570EFC> 005714BA |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 005714BC |. 50 PUSH EAX 005714BD |. 8B4424 3C MOV EAX, DWORD PTR SS:[ESP+0x3C] 005714C1 |. 50 PUSH EAX 005714C2 |. 6A 0B PUSH 0xB 005714C4 |. 68 81F67187 PUSH 0x8771F681 005714C9 |. 8BC5 MOV EAX, EBP 005714CB |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 005714CD |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 005714CF |. E8 28FAFFFF CALL <AutoRunD.sub_570EFC> 005714D4 |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 005714D6 |. 50 PUSH EAX 005714D7 |. 8B4424 48 MOV EAX, DWORD PTR SS:[ESP+0x48] 005714DB |. 50 PUSH EAX 005714DC |. 6A 45 PUSH 0x45 005714DE |. 68 22619D6D PUSH 0x6D9D6122 005714E3 |. 8BC7 MOV EAX, EDI 005714E5 |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 005714E7 |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 005714EA |. E8 0DFAFFFF CALL <AutoRunD.sub_570EFC> 005714EF |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 005714F1 |. 50 PUSH EAX 005714F2 |. 8B4424 54 MOV EAX, DWORD PTR SS:[ESP+0x54] 005714F6 |. 50 PUSH EAX 005714F7 |. 6A 17 PUSH 0x17 005714F9 |. 68 0C38E5FD PUSH 0xFDE5380C 005714FE |. 8BC6 MOV EAX, ESI 00571500 |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 00571503 |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 00571505 |. E8 F2F9FFFF CALL <AutoRunD.sub_570EFC> 0057150A |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 0057150D |. 50 PUSH EAX 0057150E |. 8B4424 20 MOV EAX, DWORD PTR SS:[ESP+0x20] 00571512 |. 50 PUSH EAX 00571513 |. 6A 04 PUSH 0x4 00571515 |. 68 44EABEA4 PUSH 0xA4BEEA44 0057151A |. 8BC3 MOV EAX, EBX 0057151C |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 0057151E |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 00571520 |. E8 D7F9FFFF CALL <AutoRunD.sub_570EFC> 00571525 |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 00571527 |. 50 PUSH EAX 00571528 |. 8B4424 2C MOV EAX, DWORD PTR SS:[ESP+0x2C] 0057152C |. 50 PUSH EAX 0057152D |. 6A 0B PUSH 0xB 0057152F |. 68 A9CFDE4B PUSH 0x4BDECFA9 00571534 |. 8BC5 MOV EAX, EBP 00571536 |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 00571538 |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 0057153A |. E8 BDF9FFFF CALL <AutoRunD.sub_570EFC> 0057153F |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 00571541 |. 50 PUSH EAX 00571542 |. 8B4424 38 MOV EAX, DWORD PTR SS:[ESP+0x38] 00571546 |. 50 PUSH EAX 00571547 |. 6A 13 PUSH 0x13 00571549 |. 68 604BBBF6 PUSH 0xF6BB4B60 0057154E |. 8BC7 MOV EAX, EDI 00571550 |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 00571552 |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 00571555 |. E8 A2F9FFFF CALL <AutoRunD.sub_570EFC> 0057155A |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 0057155C |. 50 PUSH EAX 0057155D |. 8B4424 44 MOV EAX, DWORD PTR SS:[ESP+0x44] 00571561 |. 50 PUSH EAX 00571562 |. 6A 17 PUSH 0x17 00571564 |. 68 70BCBFBE PUSH 0xBEBFBC70 00571569 |. 8BC6 MOV EAX, ESI 0057156B |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 0057156E |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 00571570 |. E8 87F9FFFF CALL <AutoRunD.sub_570EFC> 00571575 |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 00571578 |. 50 PUSH EAX 00571579 |. 8B4424 50 MOV EAX, DWORD PTR SS:[ESP+0x50] 0057157D |. 50 PUSH EAX 0057157E |. 6A 03 PUSH 0x3 00571580 |. 68 C67E9B28 PUSH 0x289B7EC6 00571585 |. 8BC3 MOV EAX, EBX 00571587 |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 00571589 |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 0057158B |. E8 6CF9FFFF CALL <AutoRunD.sub_570EFC> 00571590 |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 00571592 |. 50 PUSH EAX 00571593 |. 8B4424 1C MOV EAX, DWORD PTR SS:[ESP+0x1C] 00571597 |. 50 PUSH EAX 00571598 |. 6A 0B PUSH 0xB 0057159A |. 68 FA27A1EA PUSH 0xEAA127FA 0057159F |. 8BC5 MOV EAX, EBP 005715A1 |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 005715A3 |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 005715A5 |. E8 52F9FFFF CALL <AutoRunD.sub_570EFC> 005715AA |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 005715AC |. 50 PUSH EAX 005715AD |. 8B4424 28 MOV EAX, DWORD PTR SS:[ESP+0x28] 005715B1 |. 50 PUSH EAX 005715B2 |. 6A 13 PUSH 0x13 005715B4 |. 68 8530EFD4 PUSH 0xD4EF3085 005715B9 |. 8BC7 MOV EAX, EDI 005715BB |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 005715BD |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 005715C0 |. E8 37F9FFFF CALL <AutoRunD.sub_570EFC> 005715C5 |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 005715C7 |. 50 PUSH EAX 005715C8 |. 8B4424 34 MOV EAX, DWORD PTR SS:[ESP+0x34] 005715CC |. 50 PUSH EAX 005715CD |. 6A 17 PUSH 0x17 005715CF |. 68 051D8804 PUSH 0x4881D05 005715D4 |. 8BC6 MOV EAX, ESI 005715D6 |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 005715D9 |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 005715DB |. E8 1CF9FFFF CALL <AutoRunD.sub_570EFC> 005715E0 |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 005715E3 |. 50 PUSH EAX 005715E4 |. 8B4424 40 MOV EAX, DWORD PTR SS:[ESP+0x40] 005715E8 |. 50 PUSH EAX 005715E9 |. 6A 0D PUSH 0xD 005715EB |. 68 39D0D4D9 PUSH 0xD9D4D039 005715F0 |. 8BC3 MOV EAX, EBX 005715F2 |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 005715F4 |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 005715F6 |. E8 01F9FFFF CALL <AutoRunD.sub_570EFC> 005715FB |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 005715FD |. 50 PUSH EAX 005715FE |. 8B4424 4C MOV EAX, DWORD PTR SS:[ESP+0x4C] 00571602 |. 50 PUSH EAX 00571603 |. 6A 0B PUSH 0xB 00571605 |. 68 E599DBE6 PUSH 0xE6DB99E5 0057160A |. 8BC5 MOV EAX, EBP 0057160C |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 0057160E |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 00571610 |. E8 E7F8FFFF CALL <AutoRunD.sub_570EFC> 00571615 |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 00571617 |. 50 PUSH EAX 00571618 |. 8B4424 58 MOV EAX, DWORD PTR SS:[ESP+0x58] 0057161C |. 50 PUSH EAX 0057161D |. 6A 13 PUSH 0x13 0057161F |. 68 F87CA21F PUSH 0x1FA27CF8 00571624 |. 8BC7 MOV EAX, EDI 00571626 |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 00571628 |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 0057162B |. E8 CCF8FFFF CALL <AutoRunD.sub_570EFC> 00571630 |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 00571632 |. 50 PUSH EAX 00571633 |. 8B4424 24 MOV EAX, DWORD PTR SS:[ESP+0x24] 00571637 |. 50 PUSH EAX 00571638 |. 6A 17 PUSH 0x17 0057163A |. 68 6556ACC4 PUSH 0xC4AC5665 0057163F |. 8BC6 MOV EAX, ESI 00571641 |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 00571644 |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 00571646 |. E8 B1F8FFFF CALL <AutoRunD.sub_570EFC> 0057164B |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 0057164E |. 50 PUSH EAX 0057164F |. 8B4424 1C MOV EAX, DWORD PTR SS:[ESP+0x1C] 00571653 |. 50 PUSH EAX 00571654 |. 6A 06 PUSH 0x6 00571656 |. 68 442229F4 PUSH 0xF4292244 0057165B |. 8BC3 MOV EAX, EBX 0057165D |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 0057165F |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 00571661 |. E8 CAF8FFFF CALL <AutoRunD.sub_570F30> 00571666 |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 00571668 |. 50 PUSH EAX 00571669 |. 8B4424 38 MOV EAX, DWORD PTR SS:[ESP+0x38] 0057166D |. 50 PUSH EAX 0057166E |. 6A 0A PUSH 0xA 00571670 |. 68 97FF2A43 PUSH 0x432AFF97 00571675 |. 8BC5 MOV EAX, EBP 00571677 |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 00571679 |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 0057167B |. E8 B0F8FFFF CALL <AutoRunD.sub_570F30> 00571680 |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 00571682 |. 50 PUSH EAX 00571683 |. 8B4424 54 MOV EAX, DWORD PTR SS:[ESP+0x54] 00571687 |. 50 PUSH EAX 00571688 |. 6A 0F PUSH 0xF 0057168A |. 68 A72394AB PUSH 0xAB9423A7 0057168F |. 8BC7 MOV EAX, EDI 00571691 |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 00571693 |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 00571696 |. E8 95F8FFFF CALL <AutoRunD.sub_570F30> 0057169B |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 0057169D |. 50 PUSH EAX 0057169E |. 8B4424 30 MOV EAX, DWORD PTR SS:[ESP+0x30] 005716A2 |. 50 PUSH EAX 005716A3 |. 6A 1D PUSH 0x1D 005716A5 |. 68 39A093FC PUSH 0xFC93A039 005716AA |. 8BC6 MOV EAX, ESI 005716AC |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 005716AF |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 005716B1 |. E8 7AF8FFFF CALL <AutoRunD.sub_570F30> 005716B6 |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 005716B9 |. 50 PUSH EAX 005716BA |. 8B4424 4C MOV EAX, DWORD PTR SS:[ESP+0x4C] 005716BE |. 50 PUSH EAX 005716BF |. 6A 06 PUSH 0x6 005716C1 |. 68 C3595B65 PUSH 0x655B59C3 005716C6 |. 8BC3 MOV EAX, EBX 005716C8 |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 005716CA |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 005716CC |. E8 5FF8FFFF CALL <AutoRunD.sub_570F30> 005716D1 |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 005716D3 |. 50 PUSH EAX 005716D4 |. 8B4424 28 MOV EAX, DWORD PTR SS:[ESP+0x28] 005716D8 |. 50 PUSH EAX 005716D9 |. 6A 0A PUSH 0xA 005716DB |. 68 92CC0C8F PUSH 0x8F0CCC92 005716E0 |. 8BC5 MOV EAX, EBP 005716E2 |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 005716E4 |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 005716E6 |. E8 45F8FFFF CALL <AutoRunD.sub_570F30> 005716EB |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 005716ED |. 50 PUSH EAX 005716EE |. 8B4424 44 MOV EAX, DWORD PTR SS:[ESP+0x44] 005716F2 |. 50 PUSH EAX 005716F3 |. 6A 0F PUSH 0xF 005716F5 |. 68 7DF4EFFF PUSH 0xFFEFF47D 005716FA |. 8BC7 MOV EAX, EDI 005716FC |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 005716FE |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 00571701 |. E8 2AF8FFFF CALL <AutoRunD.sub_570F30> 00571706 |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 00571708 |. 50 PUSH EAX 00571709 |. 8B4424 20 MOV EAX, DWORD PTR SS:[ESP+0x20] 0057170D |. 50 PUSH EAX 0057170E |. 6A 1D PUSH 0x1D 00571710 |. 68 D15D8485 PUSH 0x85845DD1 00571715 |. 8BC6 MOV EAX, ESI 00571717 |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 0057171A |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 0057171C |. E8 0FF8FFFF CALL <AutoRunD.sub_570F30> 00571721 |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 00571724 |. 50 PUSH EAX 00571725 |. 8B4424 3C MOV EAX, DWORD PTR SS:[ESP+0x3C] 00571729 |. 50 PUSH EAX 0057172A |. 6A 06 PUSH 0x6 0057172C |. 68 4F7EA86F PUSH 0x6FA87E4F 00571731 |. 8BC3 MOV EAX, EBX 00571733 |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 00571735 |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 00571737 |. E8 F4F7FFFF CALL <AutoRunD.sub_570F30> 0057173C |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 0057173E |. 50 PUSH EAX 0057173F |. 8B4424 58 MOV EAX, DWORD PTR SS:[ESP+0x58] 00571743 |. 50 PUSH EAX 00571744 |. 6A 0A PUSH 0xA 00571746 |. 68 E0E62CFE PUSH 0xFE2CE6E0 0057174B |. 8BC5 MOV EAX, EBP 0057174D |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 0057174F |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 00571751 |. E8 DAF7FFFF CALL <AutoRunD.sub_570F30> 00571756 |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 00571758 |. 50 PUSH EAX 00571759 |. 8B4424 34 MOV EAX, DWORD PTR SS:[ESP+0x34] 0057175D |. 50 PUSH EAX 0057175E |. 6A 12 PUSH 0x12 00571760 |. 68 144301A3 PUSH 0xA3014314 00571765 |. 8BC7 MOV EAX, EDI 00571767 |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 00571769 |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 0057176C |. E8 BFF7FFFF CALL <AutoRunD.sub_570F30> 00571771 |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 00571773 |. 50 PUSH EAX 00571774 |. 8B4424 50 MOV EAX, DWORD PTR SS:[ESP+0x50] 00571778 |. 50 PUSH EAX 00571779 |. 6A 1D PUSH 0x1D 0057177B |. 68 A111084E PUSH 0x4E0811A1 00571780 |. 8BC6 MOV EAX, ESI 00571782 |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 00571785 |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 00571787 |. E8 A4F7FFFF CALL <AutoRunD.sub_570F30> 0057178C |. 8B45 00 MOV EAX, DWORD PTR SS:[EBP] 0057178F |. 50 PUSH EAX 00571790 |. 8B4424 2C MOV EAX, DWORD PTR SS:[ESP+0x2C] 00571794 |. 50 PUSH EAX 00571795 |. 6A 06 PUSH 0x6 00571797 |. 68 827E53F7 PUSH 0xF7537E82 0057179C |. 8BC3 MOV EAX, EBX 0057179E |. 8B0F MOV ECX, DWORD PTR DS:[EDI] 005717A0 |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 005717A2 |. E8 89F7FFFF CALL <AutoRunD.sub_570F30> 005717A7 |. 8B07 MOV EAX, DWORD PTR DS:[EDI] 005717A9 |. 50 PUSH EAX 005717AA |. 8B4424 48 MOV EAX, DWORD PTR SS:[ESP+0x48] 005717AE |. 50 PUSH EAX 005717AF |. 6A 0A PUSH 0xA 005717B1 |. 68 35F23ABD PUSH 0xBD3AF235 005717B6 |. 8BC5 MOV EAX, EBP 005717B8 |. 8B0E MOV ECX, DWORD PTR DS:[ESI] 005717BA |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 005717BC |. E8 6FF7FFFF CALL <AutoRunD.sub_570F30> 005717C1 |. 8B06 MOV EAX, DWORD PTR DS:[ESI] 005717C3 |. 50 PUSH EAX 005717C4 |. 8B4424 24 MOV EAX, DWORD PTR SS:[ESP+0x24] 005717C8 |. 50 PUSH EAX 005717C9 |. 6A 19 PUSH 0x19 005717CB |. 68 BBD2D72A PUSH 0x2AD7D2BB 005717D0 |. 8BC7 MOV EAX, EDI 005717D2 |. 8B0B MOV ECX, DWORD PTR DS:[EBX] 005717D4 |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 005717D7 |. E8 54F7FFFF CALL <AutoRunD.sub_570F30> 005717DC |. 8B03 MOV EAX, DWORD PTR DS:[EBX] 005717DE |. 50 PUSH EAX 005717DF |. 8B4424 40 MOV EAX, DWORD PTR SS:[ESP+0x40] 005717E3 |. 50 PUSH EAX 005717E4 |. 6A 1D PUSH 0x1D 005717E6 |. 68 91D386EB PUSH 0xEB86D391 005717EB |. 8BC6 MOV EAX, ESI 005717ED |. 8B4D 00 MOV ECX, DWORD PTR SS:[EBP] 005717F0 |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 005717F2 |. E8 39F7FFFF CALL <AutoRunD.sub_570F30> 005717F7 |. 8B4424 04 MOV EAX, DWORD PTR SS:[ESP+0x4] 005717FB |. 8B13 MOV EDX, DWORD PTR DS:[EBX] 005717FD |. 0110 ADD DWORD PTR DS:[EAX], EDX 005717FF |. 8B4424 04 MOV EAX, DWORD PTR SS:[ESP+0x4] 00571803 |. 8B16 MOV EDX, DWORD PTR DS:[ESI] 00571805 |. 0150 04 ADD DWORD PTR DS:[EAX+0x4], EDX 00571808 |. 8B4424 04 MOV EAX, DWORD PTR SS:[ESP+0x4] 0057180C |. 8B17 MOV EDX, DWORD PTR DS:[EDI] 0057180E |. 0150 08 ADD DWORD PTR DS:[EAX+0x8], EDX 00571811 |. 8B4424 04 MOV EAX, DWORD PTR SS:[ESP+0x4] 00571815 |. 8B55 00 MOV EDX, DWORD PTR SS:[EBP] 00571818 |. 0150 0C ADD DWORD PTR DS:[EAX+0xC], EDX 0057181B |. 83C4 58 ADD ESP, 0x58 0057181E |. 5D POP EBP 0057181F |. 5F POP EDI 00571820 |. 5E POP ESI 00571821 |. 5B POP EBX 00571822 \. C3 RETN
然后将得到的16字节MD5值小写字母转换成大写:
00408921 |. 85DB TEST EBX, EBX 00408923 |. 74 15 JE SHORT <AutoRunD.loc_40893A> 00408925 >|> 8A02 /MOV AL, BYTE PTR DS:[EDX] ; loc_408925 00408927 |. 3C 61 |CMP AL, 0x61 00408929 |. 72 06 |JB SHORT <AutoRunD.loc_408931> 0040892B |. 3C 7A |CMP AL, 0x7A 0040892D |. 77 02 |JA SHORT <AutoRunD.loc_408931> 0040892F |. 2C 20 |SUB AL, 0x20 00408931 >|> 8806 |MOV BYTE PTR DS:[ESI], AL ; loc_408931 00408933 |. 42 |INC EDX 00408934 |. 46 |INC ESI 00408935 |. 4B |DEC EBX 00408936 |. 85DB |TEST EBX, EBX 00408938 |.^ 75 EB \JNZ SHORT <AutoRunD.loc_408925>
00571B6B |. E8 946DE9FF CALL <AutoRunD.sub_408904> ; //转换大小写 00571B70 |. 8B45 EC MOV EAX, [LOCAL.5] 00571B73 |. 8B55 F4 MOV EDX, [LOCAL.3] 00571B76 |. E8 8D2CE9FF CALL <AutoRunD.sub_404808> ; //MD5和注册码比较 00571B7B |. 74 1D JE SHORT <AutoRunD.loc_571B9A> ; //相等则跳,注册成功
------------------------------------------------------------------------
【破解总结】软件使用变形MD5算法,对MD5的初始化的4个常量进行了变化,以及MD5 4轮运算的移位位数和ti值,然后将计算后得到的16字节MD5值中的小写字母转换成大写即为注册码。
软件的Serial必须为002
已知所有变形的地方,修改标准MD5的源码即可写出注册机。
注册信息保存在安装目录下的AutoRunDS.ini中。
------------------------------------------------------------------------
【版权声明】无
[MD5变形算法练习] AutoRun Design Specialty算法分析
标签:
原文地址:http://www.cnblogs.com/dacainiao/p/5554480.html
