当前位置: 首页 > news >正文

PIDGen!DecodeProdKey函数分析之四个断点

news 2025/8/17 15:51:07

DecodeProdKey函数分析之四个断点


++lpstrEncodedCharsCurr;
chCurEncoded = *lpstrEncodedCharsCurr;        //Breakpoint 9    
}

1: kd> bl
0 e Disable Clear  77e62c11     0001 (0001) kernel32!BaseProcessStart
1 e Disable Clear  01002440     0001 (0001) pgentest!WinMain
2 e Disable Clear  001b:0040154f     0001 (0001) PIDGen!DecodeProdKey+0xf7
3 e Disable Clear  00401ba9     0001 (0001) PIDGen!PIDGenA
4 e Disable Clear  00401c53     0001 (0001) PIDGen!PIDGenW
5 e Disable Clear  0040165b     0001 (0001) PIDGen!PIDGenRc
6 e Disable Clear  00401458     0001 (0001) PIDGen!DecodeProdKey
7 e Disable Clear  001b:00401563     0001 (0001) PIDGen!DecodeProdKey+0x10b
8 e Disable Clear  001b:0040157c     0001 (0001) PIDGen!DecodeProdKey+0x124
9 e Disable Clear  001b:0040159c     0001 (0001) PIDGen!DecodeProdKey+0x144

1: kd> bd 2
1: kd> bd 7
1: kd> bd 8

1: kd> g
Breakpoint 9 hit
eax=0000000a ebx=00000001 ecx=0006fbaf edx=0000015f esi=00000008 edi=0006fe39
eip=0040159c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x144:
001b:0040159c 8a0f            mov     cl,byte ptr [edi]     ds:0023:0006fe39=2d
1: kd> db 0023:0006fe39
0023:0006fe39  2d 50 50 58 46 54 2d 44-52 50 59 33 00 6e 64 6c -PPXFT-DRPY3.ndl
0023:0006fe49  65 64 45 78 63 65 00 74-69 6f 6e 46 69 6c 74 65 edExce.tionFilte
0023:0006fe59  72 00 00 00 00 00 00 98-01 3f 00 96 05 02 00 0f r........?......
0023:0006fe69  00 00 00 18 00 00 00 10-02 00 00 d8 d9 da db 02 ................
0023:0006fe79  00 00 00 60 35 3f 00 a8-27 18 00 b8 27 18 00 d0 ...`5?..'...'...
0023:0006fe89  94 e9 77 01 01 00 00 c8-6d 00 00 a0 25 18 00 40 ..w.....m...%..@
0023:0006fe99  fe 06 00 a5 74 e6 77 00-00 00 00 34 fe 06 00 00 ....t.w....4....
0023:0006fea9  00 00 00 b0 ff 06 00 b0-30 f9 77 58 12 f2 77 ff ........0.wX..w.
1: kd> g
Breakpoint 9 hit
eax=0000000a ebx=00000001 ecx=0006fb2d edx=0000015f esi=00000008 edi=0006fe3a
eip=0040159c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x144:
001b:0040159c 8a0f            mov     cl,byte ptr [edi]     ds:0023:0006fe3a=50
1: kd> g
Breakpoint 9 hit
eax=00000001 ebx=00000001 ecx=0006fbb0 edx=0000001e esi=00000009 edi=0006fe3b
eip=0040159c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x144:
001b:0040159c 8a0f            mov     cl,byte ptr [edi]     ds:0023:0006fe3b=50
1: kd> g
Breakpoint 9 hit
eax=00000000 ebx=00000001 ecx=0006fbb1 edx=00000003 esi=0000000a edi=0006fe3c
eip=0040159c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x144:
001b:0040159c 8a0f            mov     cl,byte ptr [edi]     ds:0023:0006fe3c=58
1: kd> g
Breakpoint 9 hit
eax=00000002 ebx=00000001 ecx=0006fbb1 edx=00000048 esi=0000000a edi=0006fe3d
eip=0040159c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x144:
001b:0040159c 8a0f            mov     cl,byte ptr [edi]     ds:0023:0006fe3d=46
1: kd> db 0023:0006fe3d
0023:0006fe3d  46 54 2d 44 52 50 59 33-00 6e 64 6c 65 64 45 78 FT-DRPY3.ndledEx
0023:0006fe4d  63 65 00 74 69 6f 6e 46-69 6c 74 65 72 00 00 00 ce.tionFilter...
0023:0006fe5d  00 00 00 98 01 3f 00 96-05 02 00 0f 00 00 00 18 .....?..........
0023:0006fe6d  00 00 00 10 02 00 00 d8-d9 da db 02 00 00 00 60 ...............`
0023:0006fe7d  35 3f 00 a8 27 18 00 b8-27 18 00 d0 94 e9 77 01 5?..'...'.....w.
0023:0006fe8d  01 00 00 c8 6d 00 00 a0-25 18 00 40 fe 06 00 a5 ....m...%..@....
0023:0006fe9d  74 e6 77 00 00 00 00 34-fe 06 00 00 00 00 00 b0 t.w....4........
0023:0006fead  ff 06 00 b0 30 f9 77 58-12 f2 77 ff ff ff ff 71 ....0.wX..w....q
1: kd> g
Breakpoint 9 hit
eax=00000000 ebx=00000001 ecx=0006fbb2 edx=00000006 esi=0000000b edi=0006fe3e
eip=0040159c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x144:
001b:0040159c 8a0f            mov     cl,byte ptr [edi]     ds:0023:0006fe3e=54
1: kd> g
Breakpoint 9 hit
eax=00000005 ebx=00000001 ecx=0006fbb2 edx=000000a5 esi=0000000b edi=0006fe3f
eip=0040159c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x144:
001b:0040159c 8a0f            mov     cl,byte ptr [edi]     ds:0023:0006fe3f=2d
1: kd> g
Breakpoint 9 hit
eax=00000005 ebx=00000001 ecx=0006fb2d edx=000000a5 esi=0000000b edi=0006fe40
eip=0040159c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x144:
001b:0040159c 8a0f            mov     cl,byte ptr [edi]     ds:0023:0006fe40=44
1: kd> g
Breakpoint 9 hit
eax=00000000 ebx=00000001 ecx=0006fbb3 edx=0000000f esi=0000000c edi=0006fe41
eip=0040159c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x144:
001b:0040159c 8a0f            mov     cl,byte ptr [edi]     ds:0023:0006fe41=52
1: kd> g
Breakpoint 9 hit
eax=0000000b ebx=00000001 ecx=0006fbb3 edx=00000177 esi=0000000c edi=0006fe42
eip=0040159c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x144:
001b:0040159c 8a0f            mov     cl,byte ptr [edi]     ds:0023:0006fe42=50
1: kd> g
Breakpoint 9 hit
eax=00000001 ebx=00000001 ecx=0006fbb4 edx=00000021 esi=0000000d edi=0006fe43
eip=0040159c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x144:
001b:0040159c 8a0f            mov     cl,byte ptr [edi]     ds:0023:0006fe43=59
1: kd> db 0023:0006fe43
0023:0006fe43  59 33 00 6e 64 6c 65 64-45 78 63 65 00 74 69 6f Y3.ndledExce.tio
0023:0006fe53  6e 46 69 6c 74 65 72 00-00 00 00 00 00 98 01 3f nFilter........?
0023:0006fe63  00 96 05 02 00 0f 00 00-00 18 00 00 00 10 02 00 ................
0023:0006fe73  00 d8 d9 da db 02 00 00-00 60 35 3f 00 a8 27 18 .........`5?..'.
0023:0006fe83  00 b8 27 18 00 d0 94 e9-77 01 01 00 00 c8 6d 00 ..'.....w.....m.
0023:0006fe93  00 a0 25 18 00 40 fe 06-00 a5 74 e6 77 00 00 00 ..%..@....t.w...
0023:0006fea3  00 34 fe 06 00 00 00 00-00 b0 ff 06 00 b0 30 f9 .4............0.
0023:0006feb3  77 58 12 f2 77 ff ff ff-ff 71 4d f3 77 5a 67 f3 wX..w....qM.wZg.
1: kd> dv
lpstrEncodedChars = 0x0006fe28 "PXGBD-G3CCB-G8DB8-PPXFT-DRPY3"
pbPublicKey = 0x004040e4 "l???"
cbPublicKey = 0n364
lpstrDigits = 0x0006fb8c "BCDFGHJKMPQRTVWXY2346789"
pbBinCdKey = 0x0006fc24 ""
cbBinCdKey = 0n16
iByteCnt = 0n15
dwBinData = 0xffffffff
abDecodedBytes = unsigned char [64] "???"


1: kd> dx -r1 (*((PIDGen!unsigned char (*)[64])0x6fba8))
(*((PIDGen!unsigned char (*)[64])0x6fba8))                 [Type: unsigned char [64]]
[0]              : 0x91 [Type: unsigned char]
[1]              : 0x3d [Type: unsigned char]
[2]              : 0x14 [Type: unsigned char]
[3]              : 0x60 [Type: unsigned char]
[4]              : 0xf6 [Type: unsigned char]
[5]              : 0xa4 [Type: unsigned char]
[6]              : 0x2b [Type: unsigned char]
[7]              : 0xc4 [Type: unsigned char]
[8]              : 0xb [Type: unsigned char]
[9]              : 0x7 [Type: unsigned char]
[10]             : 0x99 [Type: unsigned char]
[11]             : 0x80 [Type: unsigned char]
[12]             : 0x19 [Type: unsigned char]
[13]             : 0x1 [Type: unsigned char]
[14]             : 0x0 [Type: unsigned char]


1: kd> g
Breakpoint 9 hit
eax=00000000 ebx=00000001 ecx=0006fbb5 edx=00000003 esi=0000000e edi=0006fe44
eip=0040159c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x144:
001b:0040159c 8a0f            mov     cl,byte ptr [edi]     ds:0023:0006fe44=33
1: kd> db 0023:0006fe44
0023:0006fe44  33 00 6e 64 6c 65 64 45-78 63 65 00 74 69 6f 6e 3.ndledExce.tion
0023:0006fe54  46 69 6c 74 65 72 00 00-00 00 00 00 98 01 3f 00 Filter........?.
0023:0006fe64  96 05 02 00 0f 00 00 00-18 00 00 00 10 02 00 00 ................
0023:0006fe74  d8 d9 da db 02 00 00 00-60 35 3f 00 a8 27 18 00 ........`5?..'..
0023:0006fe84  b8 27 18 00 d0 94 e9 77-01 01 00 00 c8 6d 00 00 .'.....w.....m..
0023:0006fe94  a0 25 18 00 40 fe 06 00-a5 74 e6 77 00 00 00 00 .%..@....t.w....
0023:0006fea4  34 fe 06 00 00 00 00 00-b0 ff 06 00 b0 30 f9 77 4............0.w
0023:0006feb4  58 12 f2 77 ff ff ff ff-71 4d f3 77 5a 67 f3 77 X..w....qM.wZg.w

第二部分:


while (lpstrDigits[iDigits] != chCurEncoded && TEXT('\0') != lpstrDigits[iDigits])
{
++iDigits;                        //Breakpoint 2        
}

                if (TEXT('\0') == lpstrDigits[iDigits])
{
fOk = FALSE;
}
else
{
iDecodedBytes = 0;                        //Breakpoint 7
unsigned int i = (unsigned int)iDigits;
while (iDecodedBytes <= iDecodedBytesMax)
{
i += iBase * abDecodedBytes[iDecodedBytes];
abDecodedBytes[iDecodedBytes] = (unsigned char)i;
i /= 256;
++iDecodedBytes;                        //Breakpoint 8
}
if (i != 0)
{


1: kd> be 2
1: kd> be 7
1: kd> be 8
1: kd> g
Breakpoint 2 hit
eax=00000000 ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=00000001 ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=00000002 ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=00000003 ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=00000004 ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=00000005 ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=00000006 ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=00000007 ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=00000008 ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=00000009 ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=0000000a ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=0000000b ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=0000000c ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=0000000d ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=0000000e ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=0000000f ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=00000010 ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 2 hit
eax=00000011 ebx=00000001 ecx=0006fb33 edx=0006fb8c esi=0000000e edi=0006fe44
eip=0040154f esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0xf7:
001b:0040154f 40              inc     eax
1: kd> g
Breakpoint 7 hit
eax=00000012 ebx=00000001 ecx=0006fb8c edx=0006fb33 esi=0000000e edi=0006fe44
eip=00401563 esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
PIDGen!DecodeProdKey+0x10b:
001b:00401563 33f6            xor     esi,esi
1: kd> g
Breakpoint 8 hit
eax=0000000f ebx=00000001 ecx=0006fba8 edx=000001f8 esi=00000000 edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000207
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 8 hit
eax=00000012 ebx=00000001 ecx=0006fba9 edx=0000024f esi=00000001 edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000207
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 8 hit
eax=00000015 ebx=00000001 ecx=0006fbaa edx=000002af esi=00000002 edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000203
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 8 hit
eax=00000000 ebx=00000001 ecx=0006fbab edx=00000003 esi=00000003 edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 8 hit
eax=00000002 ebx=00000001 ecx=0006fbac edx=0000004b esi=00000004 edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 8 hit
eax=0000000b ebx=00000001 ecx=0006fbad edx=00000165 esi=00000005 edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 8 hit
eax=00000002 ebx=00000001 ecx=0006fbae edx=00000045 esi=00000006 edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 8 hit
eax=00000009 ebx=00000001 ecx=0006fbaf edx=0000012c esi=00000007 edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 8 hit
eax=00000002 ebx=00000001 ecx=0006fbb0 edx=0000004e esi=00000008 edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 8 hit
eax=0000000f ebx=00000001 ecx=0006fbb1 edx=000001fb esi=00000009 edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000207
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 8 hit
eax=00000008 ebx=00000001 ecx=0006fbb2 edx=00000108 esi=0000000a edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 8 hit
eax=00000001 ebx=00000001 ecx=0006fbb3 edx=0000002a esi=0000000b edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 8 hit
eax=00000009 ebx=00000001 ecx=0006fbb4 edx=0000012c esi=0000000c edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 8 hit
eax=00000002 ebx=00000001 ecx=0006fbb5 edx=0000004e esi=0000000d edi=0006fe44
eip=0040157c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x124:
001b:0040157c 46              inc     esi
1: kd> g
Breakpoint 9 hit
eax=00000002 ebx=00000001 ecx=0006fbb5 edx=0000004e esi=0000000e edi=0006fe45
eip=0040159c esp=0006fb6c ebp=0006fbec iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
PIDGen!DecodeProdKey+0x144:
001b:0040159c 8a0f            mov     cl,byte ptr [edi]     ds:0023:0006fe45=00
1: kd> dv
lpstrEncodedChars = 0x0006fe28 "PXGBD-G3CCB-G8DB8-PPXFT-DRPY3"
pbPublicKey = 0x004040e4 "l???"
cbPublicKey = 0n364
lpstrDigits = 0x0006fb8c "BCDFGHJKMPQRTVWXY2346789"
pbBinCdKey = 0x0006fc24 ""
cbBinCdKey = 0n16
iByteCnt = 0n15
dwBinData = 0xffffffff
abDecodedBytes = unsigned char [64] "???"
abDecodedPid = unsigned char [4] ""
fOk = 0n1
iDecodedBytesMax = 0n14
achDigits = char [25] "BCDFGHJKMPQRTVWXY2346789"
1: kd> dx -r1 (*((PIDGen!unsigned char (*)[64])0x6fba8))
(*((PIDGen!unsigned char (*)[64])0x6fba8))                 [Type: unsigned char [64]]
[0]              : 0xd2 [Type: unsigned char]
[1]              : 0x87 [Type: unsigned char]
[2]              : 0x8a [Type: unsigned char]
[3]              : 0x2d [Type: unsigned char]
[4]              : 0x58 [Type: unsigned char]
[5]              : 0x2a [Type: unsigned char]
[6]              : 0x33 [Type: unsigned char]
[7]              : 0x62 [Type: unsigned char]
[8]              : 0x79 [Type: unsigned char]
[9]              : 0xda [Type: unsigned char]
[10]             : 0x4f [Type: unsigned char]
[11]             : 0x58 [Type: unsigned char]
[12]             : 0x61 [Type: unsigned char]
[13]             : 0x79 [Type: unsigned char]
[14]             : 0x2 [Type: unsigned char]

第三部分:

        if (fOk)
{
// at this point abDecodedBytes is filled with the binary data

            // if the caller wants it, return the binary representation
if (NULL != pbBinCdKey && 0 < cbBinCdKey)
{
ZeroMemory(pbBinCdKey, cbBinCdKey);
CopyMemory(pbBinCdKey, abDecodedBytes, MIN((int)cbBinCdKey, sizeof(abDecodedBytes)));
}


第三部分A:


ZeroMemory(pbBinCdKey, cbBinCdKey);
1: kd> dv
lpstrEncodedChars = 0x0006fe28 "PXGBD-G3CCB-G8DB8-PPXFT-DRPY3"
pbPublicKey = 0x004040e4 "l???"
cbPublicKey = 0n364
lpstrDigits = 0x0006fb8c "BCDFGHJKMPQRTVWXY2346789"
pbBinCdKey = 0x0006fc24 ""

1: kd> db 0x0006fc24
0006fc24  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
0006fc34  e0 40 40 00 c7 7e 00 01-b0 25 3f 00 78 fc 06 00  .@@..~...%?.x...

第三部分B:
CopyMemory(pbBinCdKey, abDecodedBytes, MIN((int)cbBinCdKey, sizeof(abDecodedBytes)));

1: kd> db 0x0006fc24
0006fc24  d2 87 8a 2d 58 2a 33 62-79 da 4f 58 61 79 02 00  ...-X*3by.OXay..

http://www.dtcms.com/a/335272.html

相关文章:

  • 【大模型应用开发 3.RAG技术应用与Faiss向量数据库】
  • 【leetcode】12. 整数转罗马数字
  • 关于“双指针法“的总结
  • 【Python】Python爬虫学习路线
  • “openfeign“调用接口上传文件报错:Failed to deleted temporary file used for part [file]
  • c++11扩展(c++11并发库)
  • 在职老D渗透日记day18:sqli-labs靶场通关(第26关)get报错注入 过滤or和and基础上又过滤了空格和注释符 ‘闭合 手动注入
  • echarts 画一个饼图,并且外围有一个旋转动画
  • linux下程序运行一段时间无端崩溃/被杀死,或者内存占用一直增大。linux的坑
  • 11.web api 2
  • 模式匹配自动机全面理论分析
  • AI短视频爆火?记录AIGC在影视制作场景的实践教程
  • 大模拟 Major
  • 随机整数列表处理:偶数索引降序排序
  • jd-hotkey探测热点key
  • 流量分析服务一审构成非法经营罪二审改判:数据服务的法律边界
  • 电路方案分析(二十二)适用于音频应用的25-50W反激电源方案
  • ethernet_input到应用层处理简单分析
  • 5 索引的操作
  • K8s核心组件全解析
  • 如何使用嵌入模型创建本地知识库Demo
  • 三、memblock 内存分配器
  • 深入理解文件硬链接、软链接与引用计数的那些事
  • 机器学习相关算法:回溯算法 贪心算法 回归算法(线性回归) 算法超参数 多项式时间 朴素贝叶斯分类算法
  • 超详细yolo8/11-pose人体姿态全流程概述:配置环境、数据标注、训练、验证/预测、onnx部署(c++/python)详解
  • 8.16、8.17 JavaWeb(MyBatis P116-P134)
  • 【网络与爬虫 00】试读
  • lcx、netcat、powercat--安装、使用
  • 【RH134知识点问答题】第 10 章:控制启动过程
  • 深入浅出OpenGL的glDrawArray函数