当前位置：首页 > news >正文

pidgen!DecodeProdKey函数分析之iDecodedBytesMax

news 2025/8/17 14:26:47

第一部分：
else
{
iDecodedBytes = 0;
unsigned int i = (unsigned int)iDigits;
while (iDecodedBytes <= iDecodedBytesMax)
{
i += iBase * abDecodedBytes[iDecodedBytes];
abDecodedBytes[iDecodedBytes] = (unsigned char)i;
i /= 256;
++iDecodedBytes;
}

if (i != 0)
{

if (iDecodedBytes < sizeof(abDecodedBytes))
{
abDecodedBytes[iDecodedBytes] = (unsigned char)i;
iDecodedBytesMax = iDecodedBytes;
}

第二部分：

1: kd> dv iDecodedBytesMax
iDecodedBytesMax = 0n6

1: kd> dv   abDecodedBytes
abDecodedBytes = unsigned char [64] "???"
1: kd> dx -r1 (*((PIDGen!unsigned char (*)[64])0x6fba8))
(*((PIDGen!unsigned char (*)[64])0x6fba8))                 [Type: unsigned char [64]]
[0]              : 0x12 [Type: unsigned char]
[1]              : 0x9b [Type: unsigned char]
[2]              : 0x6 [Type: unsigned char]
[3]              : 0x55 [Type: unsigned char]
[4]              : 0xdb [Type: unsigned char]
[5]              : 0xb5 [Type: unsigned char]
[6]              : 0xe1 [Type: unsigned char]
[7]              : 0x0 [Type: unsigned char]
[8]              : 0x0 [Type: unsigned char]

1: kd> p
Breakpoint 8 hit
eax=00000004 ebx=00000001 ecx=0006fbae edx=0000009c esi=00000006 edi=0006fe36
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000203
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> p
eax=00000004 ebx=00000001 ecx=0006fbae edx=0000009c esi=00000007 edi=0006fe36
eip=0040157d esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000203
PIDGen!DecodeProdKey+0x125:
001b:0040157d 3b759c          cmp     esi,dword ptr [ebp-64h] ss:0023:0006fb88=00000006

i /= 256; eax=00000004

++iDecodedBytes;esi=00000007

1: kd> dv abDecodedBytes
abDecodedBytes = unsigned char [64] "???"
sizeof(abDecodedBytes)=64=0x40

第三部分：

1: kd> p
eax=00000004 ebx=00000001 ecx=0006fbae edx=0000009c esi=00000007 edi=0006fe36
eip=00401584 esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x12c:
001b:00401584 7413            je      PIDGen!DecodeProdKey+0x141 (00401599) [br=0]
1: kd> p
eax=00000004 ebx=00000001 ecx=0006fbae edx=0000009c esi=00000007 edi=0006fe36
eip=00401586 esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x12e:
001b:00401586 83fe40          cmp     esi,40h

1: kd> p
eax=00000004 ebx=00000001 ecx=0006fbae edx=0000009c esi=00000007 edi=0006fe36
eip=00401589 esp=0006fb6c ebp=0006fbec iopl=0         nv up ei ng nz na po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000283
PIDGen!DecodeProdKey+0x131:
001b:00401589 7309            jae     PIDGen!DecodeProdKey+0x13c (00401594) [br=0]
1: kd> p
eax=00000004 ebx=00000001 ecx=0006fbae edx=0000009c esi=00000007 edi=0006fe36
eip=0040158b esp=0006fb6c ebp=0006fbec iopl=0         nv up ei ng nz na po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000283
PIDGen!DecodeProdKey+0x133:
001b:0040158b 884435bc        mov     byte ptr [ebp+esi-44h],al ss:0023:0006fbaf=00

eax=00000004
0023:0006fbaf

1: kd> dx -r1 (*((PIDGen!unsigned char (*)[64])0x6fba8))
(*((PIDGen!unsigned char (*)[64])0x6fba8))                 [Type: unsigned char [64]]
[0]              : 0x12 [Type: unsigned char]   0x6fba8
[1]              : 0x9b [Type: unsigned char]   0x6fba9
[2]              : 0x6 [Type: unsigned char]   0x6fbaa
[3]              : 0x55 [Type: unsigned char]   0x6fbab
[4]              : 0xdb [Type: unsigned char]   0x6fbac
[5]              : 0xb5 [Type: unsigned char]   0x6fbad
[6]              : 0xe1 [Type: unsigned char]   0x6fbae
[7]              : 0x0 [Type: unsigned char]   0x6fbaf
[8]              : 0x0 [Type: unsigned char]

1: kd> dv abDecodedBytes
abDecodedBytes = unsigned char [64] "???"
1: kd> dx -r1 (*((PIDGen!unsigned char (*)[64])0x6fba8))
(*((PIDGen!unsigned char (*)[64])0x6fba8))                 [Type: unsigned char [64]]
[0]              : 0x12 [Type: unsigned char]
[1]              : 0x9b [Type: unsigned char]
[2]              : 0x6 [Type: unsigned char]
[3]              : 0x55 [Type: unsigned char]
[4]              : 0xdb [Type: unsigned char]
[5]              : 0xb5 [Type: unsigned char]
[6]              : 0xe1 [Type: unsigned char]
[7]              : 0x4 [Type: unsigned char]

第四部分：

iDecodedBytesMax = iDecodedBytes;

1: kd> p
eax=00000004 ebx=00000001 ecx=0006fbae edx=0000009c esi=00000007 edi=0006fe36
eip=0040158f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei ng nz na po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000283
PIDGen!DecodeProdKey+0x137:
001b:0040158f 89759c          mov     dword ptr [ebp-64h],esi ss:0023:0006fb88=00000006

1: kd> dv iDecodedBytesMax
iDecodedBytesMax = 0n6

1: kd> dd 0006fbec-64h
0006fb88 00000006

1: kd> p
eax=00000004 ebx=00000001 ecx=0006fbae edx=0000009c esi=00000007 edi=0006fe36
eip=00401592 esp=0006fb6c ebp=0006fbec iopl=0         nv up ei ng nz na po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000283
PIDGen!DecodeProdKey+0x13a:
001b:00401592 eb05            jmp     PIDGen!DecodeProdKey+0x141 (00401599)

1: kd> dv iDecodedBytesMax
iDecodedBytesMax = 0n7
1: kd> dd 0006fbec-64h
0006fb88 00000007

查看全文

http://www.dtcms.com/a/335218.html