[SHA-1算法练习] sha1crackme算法分析

【破文标题】[SHA-1算法练习] sha1crackme算法分析
【破文作者】静心学习
【作者邮箱】[email protected]
【作者主页】http://www.cnblogs.com/dacainiao/
【破解工具】OD, DEDE, IDA
【破解平台】xp sp3
【软件名称】sha1crackme
【软件大小】66KB
【原版下载】http://bbs.pediy.com/showthread.php?t=131765
【保护方式】无壳
【软件简介】一个sha1算法练习的crackme。
【破解声明】初学密码学,跟着看雪前辈们的脚步学习,错误之处敬请诸位前辈不吝赐教。
------------------------------------------------------------------------
【破解过程】程序Delphi编写的,使用Bp MessageBoxA可以很快找到入口点。

程序代码不是很长:

004055A7 |. 8D45 F8 LEA EAX, [LOCAL.2]
004055AA |. 8B4D F8 MOV ECX, [LOCAL.2] ; //注册码
004055AD |. BA 98564000 MOV EDX, sha1crac.00405698 ; UNICODE "0"
004055B2 |. E8 B5D9FFFF CALL sha1crac.00402F6C ; //拼接
004055B7 |. 83C9 FF OR ECX, 0xFFFFFFFF
004055BA |. 837D F4 00 CMP [LOCAL.3], 0x0
004055BE |. 75 08 JNZ SHORT sha1crac.004055C8
004055C0 |. 837D F0 1E CMP [LOCAL.4], 0x1E
004055C4 |. 77 53 JA SHORT sha1crac.00405619
004055C6 |. EB 02 JMP SHORT sha1crac.004055CA
004055C8 |> 7F 4F JG SHORT sha1crac.00405619
004055CA |> 8D45 FC LEA EAX, [LOCAL.1]
004055CD |. 8B4D FC MOV ECX, [LOCAL.1] ; //用户名
004055D0 |. BA A4564000 MOV EDX, sha1crac.004056A4 ; //DiKeN
004055D5 |. E8 92D9FFFF CALL sha1crac.00402F6C
004055DA |. 8B45 FC MOV EAX, [LOCAL.1]
004055DD |. E8 3ED9FFFF CALL sha1crac.00402F20
004055E2 |. 99 CDQ
004055E3 |. 8945 F0 MOV [LOCAL.4], EAX
004055E6 |. 8955 F4 MOV [LOCAL.3], EDX
004055E9 |. 8D45 D4 LEA EAX, [LOCAL.11]
004055EC |. 8B4D FC MOV ECX, [LOCAL.1]
004055EF |. BA 04000000 MOV EDX, 0x4
004055F4 |. E8 0FFDFFFF CALL sha1crac.00405308
004055F9 |. B8 04000000 MOV EAX, 0x4
004055FE |. 8D55 D8 LEA EDX, [LOCAL.10]
00405601 |> 8B0A /MOV ECX, DWORD PTR DS:[EDX]
00405603 |. 314D D4 |XOR [LOCAL.11], ECX ; //SHA-1 hash,只处理前4字节
00405606 |. 83C2 04 |ADD EDX, 0x4
00405609 |. 48 |DEC EAX
0040560A |.^ 75 F5 \JNZ SHORT sha1crac.00405601
0040560C |. 8B45 F8 MOV EAX, [LOCAL.2] ; //注册码
0040560F |. E8 88EBFFFF CALL sha1crac.0040419C
00405614 |. 8BC8 MOV ECX, EAX
00405616 |. 334D D4 XOR ECX, [LOCAL.11] ; //相同为0,不同为1
00405619 |> 85C9 TEST ECX, ECX
0040561B |. 75 29 JNZ SHORT sha1crac.00405646
0040561D |. 837D F4 00 CMP [LOCAL.3], 0x0
00405621 |. 75 08 JNZ SHORT sha1crac.0040562B
00405623 |. 837D F0 04 CMP [LOCAL.4], 0x4
00405627 |. 76 1D JBE SHORT sha1crac.00405646
00405629 |. EB 02 JMP SHORT sha1crac.0040562D
0040562B |> 7E 19 JLE SHORT sha1crac.00405646
0040562D |> 6A 00 PUSH 0x0 ; /Style = MB_OK|MB_APPLMODAL
0040562F |. 68 AC564000 PUSH sha1crac.004056AC ; |Title = "OK"
00405634 |. 68 AC564000 PUSH sha1crac.004056AC ; |Text = "OK"
00405639 |. A1 0C754000 MOV EAX, DWORD PTR DS:[0x40750C] ; |
0040563E |. 50 PUSH EAX ; |hOwner => 004504FA (‘Crackme only SHA1 - DiKeN‘,class=‘MyWindowClass‘)
0040563F |. E8 E0E9FFFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
00405644 |. EB 17 JMP SHORT sha1crac.0040565D
00405646 |> 6A 00 PUSH 0x0 ; /Style = MB_OK|MB_APPLMODAL
00405648 |. 68 B0564000 PUSH sha1crac.004056B0 ; |Title = "No"
0040564D |. 68 B0564000 PUSH sha1crac.004056B0 ; |Text = "No"
00405652 |. A1 0C754000 MOV EAX, DWORD PTR DS:[0x40750C] ; |
00405657 |. 50 PUSH EAX ; |hOwner => 004504FA (‘Crackme only SHA1 - DiKeN‘,class=‘MyWindowClass‘)
00405658 |. E8 C7E9FFFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
0040565D |> 33C0 XOR EAX, EAX
0040565F |. 5A POP EDX
00405660 |. 59 POP ECX
00405661 |. 59 POP ECX
00405662 |. 64:8910 MOV DWORD PTR FS:[EAX], EDX
00405665 |. 68 7F564000 PUSH sha1crac.0040567F
0040566A |> 8D45 F8 LEA EAX, [LOCAL.2]
0040566D |. BA 02000000 MOV EDX, 0x2
00405672 |. E8 B5D7FFFF CALL sha1crac.00402E2C
00405677 \. C3 RETN

首先会对输入的用户名和注册码信息做一个拼接004055B2 CALL sha1crac.00402F6C:
用户名前加上DiKeN
注册码前加上0

然后进行SHA-1的hash运算004055F4 CALL sha1crac.00405308:

00405308 /$ 55 PUSH EBP
00405309 |. 8BEC MOV EBP, ESP
0040530B |. 83C4 A4 ADD ESP, -0x5C
0040530E |. 53 PUSH EBX
0040530F |. 56 PUSH ESI
00405310 |. 57 PUSH EDI
00405311 |. 33DB XOR EBX, EBX
00405313 |. 895D E4 MOV [LOCAL.7], EBX
00405316 |. 894D FC MOV [LOCAL.1], ECX ; //存放用户名
00405319 |. 8BF2 MOV ESI, EDX
0040531B |. 8BD8 MOV EBX, EAX
0040531D |. 8B45 FC MOV EAX, [LOCAL.1]
00405320 |. E8 BBDCFFFF CALL sha1crac.00402FE0
00405325 |. 8D7D A4 LEA EDI, [LOCAL.23]
00405328 |. 33C0 XOR EAX, EAX
0040532A |. 55 PUSH EBP
0040532B |. 68 EB544000 PUSH sha1crac.004054EB
00405330 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
00405333 |. 64:8920 MOV DWORD PTR FS:[EAX], ESP
00405336 |. C703 01234567 MOV DWORD PTR DS:[EBX], 0x67452301 ; //初始化H0~H5
0040533C |. C743 04 89ABCDEF MOV DWORD PTR DS:[EBX+0x4], 0xEFCDAB89
00405343 |. C743 08 FEDCBA98 MOV DWORD PTR DS:[EBX+0x8], 0x98BADCFE
0040534A |. C743 0C 76543210 MOV DWORD PTR DS:[EBX+0xC], 0x10325476
00405351 |. C743 10 F0E1D2C3 MOV DWORD PTR DS:[EBX+0x10], 0xC3D2E1F0

子CALL 004054C8 CALL sha1crac.00404254为sha1_transform:

00404254 /$ 53 PUSH EBX
00404255 |. 56 PUSH ESI
00404256 |. 57 PUSH EDI
00404257 |. 55 PUSH EBP
00404258 |. 81C4 B8FEFFFF ADD ESP, -0x148
0040425E |. 891424 MOV DWORD PTR SS:[ESP], EDX
00404261 |. 8D5424 08 LEA EDX, DWORD PTR SS:[ESP+0x8]
00404265 |. 92 XCHG EAX, EDX
00404266 |. E8 B5FFFFFF CALL sha1crac.00404220 ; //生成W16~W79
0040426B |. 8B0424 MOV EAX, DWORD PTR SS:[ESP]
0040426E |. 8B00 MOV EAX, DWORD PTR DS:[EAX] ; //取H0~H5 H0 a
00404270 |. 8B1424 MOV EDX, DWORD PTR SS:[ESP]
00404273 |. 8B52 04 MOV EDX, DWORD PTR DS:[EDX+0x4] ; //H1 b
00404276 |. 8B0C24 MOV ECX, DWORD PTR SS:[ESP]
00404279 |. 8B49 08 MOV ECX, DWORD PTR DS:[ECX+0x8] ; //H2 c
0040427C |. 8B1C24 MOV EBX, DWORD PTR SS:[ESP]
0040427F |. 8B5B 0C MOV EBX, DWORD PTR DS:[EBX+0xC] ; //H3 d
00404282 |. 8B3424 MOV ESI, DWORD PTR SS:[ESP]
00404285 |. 8B76 10 MOV ESI, DWORD PTR DS:[ESI+0x10] ; //H4 e
00404288 |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI ; //e
0040428C |. 8BF0 MOV ESI, EAX ; //a
0040428E |. C1E6 05 SHL ESI, 0x5 ; //a << 5
00404291 |. 8BF8 MOV EDI, EAX
00404293 |. C1EF 1B SHR EDI, 0x1B ; //a >> 0x1B (27)
00404296 |. 0BF7 OR ESI, EDI ; //(a << 5) | (a >> 0x1B) #define S(n,x) (((x)<<n) | ((x)>>(32-n)))
00404298 |. 8BFB MOV EDI, EBX ; //d
0040429A |. 33F9 XOR EDI, ECX ; //d ^ c
0040429C |. 23FA AND EDI, EDX ; //(d ^ c) & b
0040429E |. 33FB XOR EDI, EBX ; //((d ^ c) & b) ^ d
004042A0 |. 03F7 ADD ESI, EDI ; //(a << 5) | (a >> 0x1B) + ((d ^ c) & b) ^ d
004042A2 |. 037424 08 ADD ESI, DWORD PTR SS:[ESP+0x8] ; //((a << 5) | (a >> 0x1B) + ((d ^ c) & b) ^ d) + W
004042A6 |. 81C6 9979825A ADD ESI, 0x5A827999 ; //((a << 5) | (a >> 0x1B) + ((d ^ c) & b) ^ d) + W + 0x5A827999
004042AC |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI ; //e + ((a << 5) | (a >> 0x1B) + ((d ^ c) & b) ^ d) + W + 0x5A827999
004042B0 |. 8BF2 MOV ESI, EDX
004042B2 |. C1EE 02 SHR ESI, 0x2 ; //b >> 2
004042B5 |. C1E2 1E SHL EDX, 0x1E ; //b << 30
004042B8 |. 0BF2 OR ESI, EDX ; //(b >> 2) | (b << 30)
004042BA |. 8BD6 MOV EDX, ESI
004042BC |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4] ; //e
004042C0 |. C1E6 05 SHL ESI, 0x5
004042C3 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004042C7 |. C1EF 1B SHR EDI, 0x1B ; temp = 0x5a827999 + ((b&c)|((~b)&d)) + (((a)<<5) | ((a)>>(32-5)) + e + 当前数据)
004042CA |. 0BF7 OR ESI, EDI ; temp = 0x5A827999 + ((d ^ c) & b) ^ d) + ((a << 5) | ((a >> 0x1B) + e + 当前数据)
004042CC |. 8BF9 MOV EDI, ECX ; 结果相同
004042CE |. 33FA XOR EDI, EDX
004042D0 |. 23F8 AND EDI, EAX
004042D2 |. 33F9 XOR EDI, ECX
004042D4 |. 03F7 ADD ESI, EDI
004042D6 |. 037424 0C ADD ESI, DWORD PTR SS:[ESP+0xC]
004042DA |. 81C6 9979825A ADD ESI, 0x5A827999
004042E0 |. 03DE ADD EBX, ESI
004042E2 |. 8BF0 MOV ESI, EAX
004042E4 |. C1EE 02 SHR ESI, 0x2
004042E7 |. C1E0 1E SHL EAX, 0x1E
004042EA |. 0BF0 OR ESI, EAX
004042EC |. 8BC6 MOV EAX, ESI
004042EE |. 8BF3 MOV ESI, EBX
004042F0 |. C1E6 05 SHL ESI, 0x5
004042F3 |. 8BFB MOV EDI, EBX
004042F5 |. C1EF 1B SHR EDI, 0x1B
004042F8 |. 0BF7 OR ESI, EDI
004042FA |. 8BFA MOV EDI, EDX
004042FC |. 33F8 XOR EDI, EAX
004042FE |. 237C24 04 AND EDI, DWORD PTR SS:[ESP+0x4]
00404302 |. 33FA XOR EDI, EDX
00404304 |. 03F7 ADD ESI, EDI
00404306 |. 037424 10 ADD ESI, DWORD PTR SS:[ESP+0x10]
0040430A |. 81C6 9979825A ADD ESI, 0x5A827999
00404310 |. 03CE ADD ECX, ESI
00404312 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404316 |. C1EE 02 SHR ESI, 0x2
00404319 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
0040431D |. C1E7 1E SHL EDI, 0x1E
00404320 |. 0BF7 OR ESI, EDI
00404322 |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
00404326 |. 8BF1 MOV ESI, ECX
00404328 |. C1E6 05 SHL ESI, 0x5
0040432B |. 8BF9 MOV EDI, ECX
0040432D |. C1EF 1B SHR EDI, 0x1B
00404330 |. 0BF7 OR ESI, EDI
00404332 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404336 |. 33F8 XOR EDI, EAX
00404338 |. 23FB AND EDI, EBX
0040433A |. 33F8 XOR EDI, EAX
0040433C |. 03F7 ADD ESI, EDI
0040433E |. 037424 14 ADD ESI, DWORD PTR SS:[ESP+0x14]
00404342 |. 81C6 9979825A ADD ESI, 0x5A827999
00404348 |. 03D6 ADD EDX, ESI
0040434A |. 8BF3 MOV ESI, EBX
0040434C |. C1EE 02 SHR ESI, 0x2
0040434F |. C1E3 1E SHL EBX, 0x1E
00404352 |. 0BF3 OR ESI, EBX
00404354 |. 8BDE MOV EBX, ESI
00404356 |. 8BF2 MOV ESI, EDX
00404358 |. C1E6 05 SHL ESI, 0x5
0040435B |. 8BFA MOV EDI, EDX
0040435D |. C1EF 1B SHR EDI, 0x1B
00404360 |. 0BF7 OR ESI, EDI
00404362 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404366 |. 33FB XOR EDI, EBX
00404368 |. 23F9 AND EDI, ECX
0040436A |. 337C24 04 XOR EDI, DWORD PTR SS:[ESP+0x4]
0040436E |. 03F7 ADD ESI, EDI
00404370 |. 037424 18 ADD ESI, DWORD PTR SS:[ESP+0x18]
00404374 |. 81C6 9979825A ADD ESI, 0x5A827999
0040437A |. 03C6 ADD EAX, ESI
0040437C |. 8BF1 MOV ESI, ECX
0040437E |. C1EE 02 SHR ESI, 0x2
00404381 |. C1E1 1E SHL ECX, 0x1E
00404384 |. 0BF1 OR ESI, ECX
00404386 |. 8BCE MOV ECX, ESI
00404388 |. 8BF0 MOV ESI, EAX
0040438A |. C1E6 05 SHL ESI, 0x5
0040438D |. 8BF8 MOV EDI, EAX
0040438F |. C1EF 1B SHR EDI, 0x1B
00404392 |. 0BF7 OR ESI, EDI
00404394 |. 8BFB MOV EDI, EBX
00404396 |. 33F9 XOR EDI, ECX
00404398 |. 23FA AND EDI, EDX
0040439A |. 33FB XOR EDI, EBX
0040439C |. 03F7 ADD ESI, EDI
0040439E |. 037424 1C ADD ESI, DWORD PTR SS:[ESP+0x1C]
004043A2 |. 81C6 9979825A ADD ESI, 0x5A827999
004043A8 |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
004043AC |. 8BF2 MOV ESI, EDX
004043AE |. C1EE 02 SHR ESI, 0x2
004043B1 |. C1E2 1E SHL EDX, 0x1E
004043B4 |. 0BF2 OR ESI, EDX
004043B6 |. 8BD6 MOV EDX, ESI
004043B8 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
004043BC |. C1E6 05 SHL ESI, 0x5
004043BF |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004043C3 |. C1EF 1B SHR EDI, 0x1B
004043C6 |. 0BF7 OR ESI, EDI
004043C8 |. 8BF9 MOV EDI, ECX
004043CA |. 33FA XOR EDI, EDX
004043CC |. 23F8 AND EDI, EAX
004043CE |. 33F9 XOR EDI, ECX
004043D0 |. 03F7 ADD ESI, EDI
004043D2 |. 037424 20 ADD ESI, DWORD PTR SS:[ESP+0x20]
004043D6 |. 81C6 9979825A ADD ESI, 0x5A827999
004043DC |. 03DE ADD EBX, ESI
004043DE |. 8BF0 MOV ESI, EAX
004043E0 |. C1EE 02 SHR ESI, 0x2
004043E3 |. C1E0 1E SHL EAX, 0x1E
004043E6 |. 0BF0 OR ESI, EAX
004043E8 |. 8BC6 MOV EAX, ESI
004043EA |. 8BF3 MOV ESI, EBX
004043EC |. C1E6 05 SHL ESI, 0x5
004043EF |. 8BFB MOV EDI, EBX
004043F1 |. C1EF 1B SHR EDI, 0x1B
004043F4 |. 0BF7 OR ESI, EDI
004043F6 |. 8BFA MOV EDI, EDX
004043F8 |. 33F8 XOR EDI, EAX
004043FA |. 237C24 04 AND EDI, DWORD PTR SS:[ESP+0x4]
004043FE |. 33FA XOR EDI, EDX
00404400 |. 03F7 ADD ESI, EDI
00404402 |. 037424 24 ADD ESI, DWORD PTR SS:[ESP+0x24]
00404406 |. 81C6 9979825A ADD ESI, 0x5A827999
0040440C |. 03CE ADD ECX, ESI
0040440E |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404412 |. C1EE 02 SHR ESI, 0x2
00404415 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404419 |. C1E7 1E SHL EDI, 0x1E
0040441C |. 0BF7 OR ESI, EDI
0040441E |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
00404422 |. 8BF1 MOV ESI, ECX
00404424 |. C1E6 05 SHL ESI, 0x5
00404427 |. 8BF9 MOV EDI, ECX
00404429 |. C1EF 1B SHR EDI, 0x1B
0040442C |. 0BF7 OR ESI, EDI
0040442E |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404432 |. 33F8 XOR EDI, EAX
00404434 |. 23FB AND EDI, EBX
00404436 |. 33F8 XOR EDI, EAX
00404438 |. 03F7 ADD ESI, EDI
0040443A |. 037424 28 ADD ESI, DWORD PTR SS:[ESP+0x28]
0040443E |. 81C6 9979825A ADD ESI, 0x5A827999
00404444 |. 03D6 ADD EDX, ESI
00404446 |. 8BF3 MOV ESI, EBX
00404448 |. C1EE 02 SHR ESI, 0x2
0040444B |. C1E3 1E SHL EBX, 0x1E
0040444E |. 0BF3 OR ESI, EBX
00404450 |. 8BDE MOV EBX, ESI
00404452 |. 8BF2 MOV ESI, EDX
00404454 |. C1E6 05 SHL ESI, 0x5
00404457 |. 8BFA MOV EDI, EDX
00404459 |. C1EF 1B SHR EDI, 0x1B
0040445C |. 0BF7 OR ESI, EDI
0040445E |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404462 |. 33FB XOR EDI, EBX
00404464 |. 23F9 AND EDI, ECX
00404466 |. 337C24 04 XOR EDI, DWORD PTR SS:[ESP+0x4]
0040446A |. 03F7 ADD ESI, EDI
0040446C |. 037424 2C ADD ESI, DWORD PTR SS:[ESP+0x2C]
00404470 |. 81C6 9979825A ADD ESI, 0x5A827999
00404476 |. 03C6 ADD EAX, ESI
00404478 |. 8BF1 MOV ESI, ECX
0040447A |. C1EE 02 SHR ESI, 0x2
0040447D |. C1E1 1E SHL ECX, 0x1E
00404480 |. 0BF1 OR ESI, ECX
00404482 |. 8BCE MOV ECX, ESI
00404484 |. 8BF0 MOV ESI, EAX
00404486 |. C1E6 05 SHL ESI, 0x5
00404489 |. 8BF8 MOV EDI, EAX
0040448B |. C1EF 1B SHR EDI, 0x1B
0040448E |. 0BF7 OR ESI, EDI
00404490 |. 8BFB MOV EDI, EBX
00404492 |. 33F9 XOR EDI, ECX
00404494 |. 23FA AND EDI, EDX
00404496 |. 33FB XOR EDI, EBX
00404498 |. 03F7 ADD ESI, EDI
0040449A |. 037424 30 ADD ESI, DWORD PTR SS:[ESP+0x30]
0040449E |. 81C6 9979825A ADD ESI, 0x5A827999
004044A4 |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
004044A8 |. 8BF2 MOV ESI, EDX
004044AA |. C1EE 02 SHR ESI, 0x2
004044AD |. C1E2 1E SHL EDX, 0x1E
004044B0 |. 0BF2 OR ESI, EDX
004044B2 |. 8BD6 MOV EDX, ESI
004044B4 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
004044B8 |. C1E6 05 SHL ESI, 0x5
004044BB |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004044BF |. C1EF 1B SHR EDI, 0x1B
004044C2 |. 0BF7 OR ESI, EDI
004044C4 |. 8BF9 MOV EDI, ECX
004044C6 |. 33FA XOR EDI, EDX
004044C8 |. 23F8 AND EDI, EAX
004044CA |. 33F9 XOR EDI, ECX
004044CC |. 03F7 ADD ESI, EDI
004044CE |. 037424 34 ADD ESI, DWORD PTR SS:[ESP+0x34]
004044D2 |. 81C6 9979825A ADD ESI, 0x5A827999
004044D8 |. 03DE ADD EBX, ESI
004044DA |. 8BF0 MOV ESI, EAX
004044DC |. C1EE 02 SHR ESI, 0x2
004044DF |. C1E0 1E SHL EAX, 0x1E
004044E2 |. 0BF0 OR ESI, EAX
004044E4 |. 8BC6 MOV EAX, ESI
004044E6 |. 8BF3 MOV ESI, EBX
004044E8 |. C1E6 05 SHL ESI, 0x5
004044EB |. 8BFB MOV EDI, EBX
004044ED |. C1EF 1B SHR EDI, 0x1B
004044F0 |. 0BF7 OR ESI, EDI
004044F2 |. 8BFA MOV EDI, EDX
004044F4 |. 33F8 XOR EDI, EAX
004044F6 |. 237C24 04 AND EDI, DWORD PTR SS:[ESP+0x4]
004044FA |. 33FA XOR EDI, EDX
004044FC |. 03F7 ADD ESI, EDI
004044FE |. 037424 38 ADD ESI, DWORD PTR SS:[ESP+0x38]
00404502 |. 81C6 9979825A ADD ESI, 0x5A827999
00404508 |. 03CE ADD ECX, ESI
0040450A |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
0040450E |. C1EE 02 SHR ESI, 0x2
00404511 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404515 |. C1E7 1E SHL EDI, 0x1E
00404518 |. 0BF7 OR ESI, EDI
0040451A |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
0040451E |. 8BF1 MOV ESI, ECX
00404520 |. C1E6 05 SHL ESI, 0x5
00404523 |. 8BF9 MOV EDI, ECX
00404525 |. C1EF 1B SHR EDI, 0x1B
00404528 |. 0BF7 OR ESI, EDI
0040452A |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
0040452E |. 33F8 XOR EDI, EAX
00404530 |. 23FB AND EDI, EBX
00404532 |. 33F8 XOR EDI, EAX
00404534 |. 03F7 ADD ESI, EDI
00404536 |. 037424 3C ADD ESI, DWORD PTR SS:[ESP+0x3C]
0040453A |. 81C6 9979825A ADD ESI, 0x5A827999
00404540 |. 03D6 ADD EDX, ESI
00404542 |. 8BF3 MOV ESI, EBX
00404544 |. C1EE 02 SHR ESI, 0x2
00404547 |. C1E3 1E SHL EBX, 0x1E
0040454A |. 0BF3 OR ESI, EBX
0040454C |. 8BDE MOV EBX, ESI
0040454E |. 8BF2 MOV ESI, EDX
00404550 |. C1E6 05 SHL ESI, 0x5
00404553 |. 8BFA MOV EDI, EDX
00404555 |. C1EF 1B SHR EDI, 0x1B
00404558 |. 0BF7 OR ESI, EDI
0040455A |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
0040455E |. 33FB XOR EDI, EBX
00404560 |. 23F9 AND EDI, ECX
00404562 |. 337C24 04 XOR EDI, DWORD PTR SS:[ESP+0x4]
00404566 |. 03F7 ADD ESI, EDI
00404568 |. 037424 40 ADD ESI, DWORD PTR SS:[ESP+0x40]
0040456C |. 81C6 9979825A ADD ESI, 0x5A827999
00404572 |. 03C6 ADD EAX, ESI
00404574 |. 8BF1 MOV ESI, ECX
00404576 |. C1EE 02 SHR ESI, 0x2
00404579 |. C1E1 1E SHL ECX, 0x1E
0040457C |. 0BF1 OR ESI, ECX
0040457E |. 8BCE MOV ECX, ESI
00404580 |. 8BF0 MOV ESI, EAX
00404582 |. C1E6 05 SHL ESI, 0x5
00404585 |. 8BF8 MOV EDI, EAX
00404587 |. C1EF 1B SHR EDI, 0x1B
0040458A |. 0BF7 OR ESI, EDI
0040458C |. 8BFB MOV EDI, EBX
0040458E |. 33F9 XOR EDI, ECX
00404590 |. 23FA AND EDI, EDX
00404592 |. 33FB XOR EDI, EBX
00404594 |. 03F7 ADD ESI, EDI
00404596 |. 037424 44 ADD ESI, DWORD PTR SS:[ESP+0x44]
0040459A |. 81C6 9979825A ADD ESI, 0x5A827999
004045A0 |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
004045A4 |. 8BF2 MOV ESI, EDX
004045A6 |. C1EE 02 SHR ESI, 0x2
004045A9 |. C1E2 1E SHL EDX, 0x1E
004045AC |. 0BF2 OR ESI, EDX
004045AE |. 8BD6 MOV EDX, ESI
004045B0 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
004045B4 |. C1E6 05 SHL ESI, 0x5
004045B7 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004045BB |. C1EF 1B SHR EDI, 0x1B
004045BE |. 0BF7 OR ESI, EDI
004045C0 |. 8BF9 MOV EDI, ECX
004045C2 |. 33FA XOR EDI, EDX
004045C4 |. 23F8 AND EDI, EAX
004045C6 |. 33F9 XOR EDI, ECX
004045C8 |. 03F7 ADD ESI, EDI
004045CA |. 037424 48 ADD ESI, DWORD PTR SS:[ESP+0x48]
004045CE |. 81C6 9979825A ADD ESI, 0x5A827999
004045D4 |. 03DE ADD EBX, ESI
004045D6 |. 8BF0 MOV ESI, EAX
004045D8 |. C1EE 02 SHR ESI, 0x2
004045DB |. C1E0 1E SHL EAX, 0x1E
004045DE |. 0BF0 OR ESI, EAX
004045E0 |. 8BC6 MOV EAX, ESI
004045E2 |. 8BF3 MOV ESI, EBX
004045E4 |. C1E6 05 SHL ESI, 0x5
004045E7 |. 8BFB MOV EDI, EBX
004045E9 |. C1EF 1B SHR EDI, 0x1B
004045EC |. 0BF7 OR ESI, EDI
004045EE |. 8BFA MOV EDI, EDX
004045F0 |. 33F8 XOR EDI, EAX
004045F2 |. 237C24 04 AND EDI, DWORD PTR SS:[ESP+0x4]
004045F6 |. 33FA XOR EDI, EDX
004045F8 |. 03F7 ADD ESI, EDI
004045FA |. 037424 4C ADD ESI, DWORD PTR SS:[ESP+0x4C]
004045FE |. 81C6 9979825A ADD ESI, 0x5A827999
00404604 |. 03CE ADD ECX, ESI
00404606 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
0040460A |. C1EE 02 SHR ESI, 0x2
0040460D |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404611 |. C1E7 1E SHL EDI, 0x1E
00404614 |. 0BF7 OR ESI, EDI
00404616 |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
0040461A |. 8BF1 MOV ESI, ECX
0040461C |. C1E6 05 SHL ESI, 0x5
0040461F |. 8BF9 MOV EDI, ECX
00404621 |. C1EF 1B SHR EDI, 0x1B
00404624 |. 0BF7 OR ESI, EDI
00404626 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
0040462A |. 33F8 XOR EDI, EAX
0040462C |. 23FB AND EDI, EBX
0040462E |. 33F8 XOR EDI, EAX
00404630 |. 03F7 ADD ESI, EDI
00404632 |. 037424 50 ADD ESI, DWORD PTR SS:[ESP+0x50]
00404636 |. 81C6 9979825A ADD ESI, 0x5A827999
0040463C |. 03D6 ADD EDX, ESI
0040463E |. 8BF3 MOV ESI, EBX
00404640 |. C1EE 02 SHR ESI, 0x2
00404643 |. C1E3 1E SHL EBX, 0x1E
00404646 |. 0BF3 OR ESI, EBX
00404648 |. 8BDE MOV EBX, ESI
0040464A |. 8BF2 MOV ESI, EDX
0040464C |. C1E6 05 SHL ESI, 0x5
0040464F |. 8BFA MOV EDI, EDX
00404651 |. C1EF 1B SHR EDI, 0x1B
00404654 |. 0BF7 OR ESI, EDI
00404656 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
0040465A |. 33FB XOR EDI, EBX
0040465C |. 23F9 AND EDI, ECX
0040465E |. 337C24 04 XOR EDI, DWORD PTR SS:[ESP+0x4]
00404662 |. 03F7 ADD ESI, EDI
00404664 |. 037424 54 ADD ESI, DWORD PTR SS:[ESP+0x54]
00404668 |. 81C6 9979825A ADD ESI, 0x5A827999
0040466E |. 03C6 ADD EAX, ESI
00404670 |. 8BF1 MOV ESI, ECX
00404672 |. C1EE 02 SHR ESI, 0x2
00404675 |. C1E1 1E SHL ECX, 0x1E
00404678 |. 0BF1 OR ESI, ECX
0040467A |. 8BCE MOV ECX, ESI
0040467C |. 8BF0 MOV ESI, EAX
0040467E |. C1E6 05 SHL ESI, 0x5
00404681 |. 8BF8 MOV EDI, EAX
00404683 |. C1EF 1B SHR EDI, 0x1B
00404686 |. 0BF7 OR ESI, EDI
00404688 |. 8BFA MOV EDI, EDX
0040468A |. 33FB XOR EDI, EBX
0040468C |. 33F9 XOR EDI, ECX
0040468E |. 03F7 ADD ESI, EDI
00404690 |. 037424 58 ADD ESI, DWORD PTR SS:[ESP+0x58]
00404694 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
0040469A |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
0040469E |. 8BF2 MOV ESI, EDX
004046A0 |. C1EE 02 SHR ESI, 0x2
004046A3 |. C1E2 1E SHL EDX, 0x1E
004046A6 |. 0BF2 OR ESI, EDX
004046A8 |. 8BD6 MOV EDX, ESI
004046AA |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
004046AE |. C1E6 05 SHL ESI, 0x5
004046B1 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004046B5 |. C1EF 1B SHR EDI, 0x1B
004046B8 |. 0BF7 OR ESI, EDI
004046BA |. 8BF8 MOV EDI, EAX
004046BC |. 33F9 XOR EDI, ECX
004046BE |. 33FA XOR EDI, EDX
004046C0 |. 03F7 ADD ESI, EDI
004046C2 |. 037424 5C ADD ESI, DWORD PTR SS:[ESP+0x5C]
004046C6 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
004046CC |. 03DE ADD EBX, ESI
004046CE |. 8BF0 MOV ESI, EAX
004046D0 |. C1EE 02 SHR ESI, 0x2
004046D3 |. C1E0 1E SHL EAX, 0x1E
004046D6 |. 0BF0 OR ESI, EAX
004046D8 |. 8BC6 MOV EAX, ESI
004046DA |. 8BF3 MOV ESI, EBX
004046DC |. C1E6 05 SHL ESI, 0x5
004046DF |. 8BFB MOV EDI, EBX
004046E1 |. C1EF 1B SHR EDI, 0x1B
004046E4 |. 0BF7 OR ESI, EDI
004046E6 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004046EA |. 33FA XOR EDI, EDX
004046EC |. 33F8 XOR EDI, EAX
004046EE |. 03F7 ADD ESI, EDI
004046F0 |. 037424 60 ADD ESI, DWORD PTR SS:[ESP+0x60]
004046F4 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
004046FA |. 03CE ADD ECX, ESI
004046FC |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404700 |. C1EE 02 SHR ESI, 0x2
00404703 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404707 |. C1E7 1E SHL EDI, 0x1E
0040470A |. 0BF7 OR ESI, EDI
0040470C |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
00404710 |. 8BF1 MOV ESI, ECX
00404712 |. C1E6 05 SHL ESI, 0x5
00404715 |. 8BF9 MOV EDI, ECX
00404717 |. C1EF 1B SHR EDI, 0x1B
0040471A |. 0BF7 OR ESI, EDI
0040471C |. 8BFB MOV EDI, EBX
0040471E |. 33F8 XOR EDI, EAX
00404720 |. 337C24 04 XOR EDI, DWORD PTR SS:[ESP+0x4]
00404724 |. 03F7 ADD ESI, EDI
00404726 |. 037424 64 ADD ESI, DWORD PTR SS:[ESP+0x64]
0040472A |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
00404730 |. 03D6 ADD EDX, ESI
00404732 |. 8BF3 MOV ESI, EBX
00404734 |. C1EE 02 SHR ESI, 0x2
00404737 |. C1E3 1E SHL EBX, 0x1E
0040473A |. 0BF3 OR ESI, EBX
0040473C |. 8BDE MOV EBX, ESI
0040473E |. 8BF2 MOV ESI, EDX
00404740 |. C1E6 05 SHL ESI, 0x5
00404743 |. 8BFA MOV EDI, EDX
00404745 |. C1EF 1B SHR EDI, 0x1B
00404748 |. 0BF7 OR ESI, EDI
0040474A |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
0040474E |. 33F9 XOR EDI, ECX
00404750 |. 33FB XOR EDI, EBX
00404752 |. 03F7 ADD ESI, EDI
00404754 |. 037424 68 ADD ESI, DWORD PTR SS:[ESP+0x68]
00404758 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
0040475E |. 03C6 ADD EAX, ESI
00404760 |. 8BF1 MOV ESI, ECX
00404762 |. C1EE 02 SHR ESI, 0x2
00404765 |. C1E1 1E SHL ECX, 0x1E
00404768 |. 0BF1 OR ESI, ECX
0040476A |. 8BCE MOV ECX, ESI
0040476C |. 8BF0 MOV ESI, EAX
0040476E |. C1E6 05 SHL ESI, 0x5
00404771 |. 8BF8 MOV EDI, EAX
00404773 |. C1EF 1B SHR EDI, 0x1B
00404776 |. 0BF7 OR ESI, EDI
00404778 |. 8BFA MOV EDI, EDX
0040477A |. 33FB XOR EDI, EBX
0040477C |. 33F9 XOR EDI, ECX
0040477E |. 03F7 ADD ESI, EDI
00404780 |. 037424 6C ADD ESI, DWORD PTR SS:[ESP+0x6C]
00404784 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
0040478A |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
0040478E |. 8BF2 MOV ESI, EDX
00404790 |. C1EE 02 SHR ESI, 0x2
00404793 |. C1E2 1E SHL EDX, 0x1E
00404796 |. 0BF2 OR ESI, EDX
00404798 |. 8BD6 MOV EDX, ESI
0040479A |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
0040479E |. C1E6 05 SHL ESI, 0x5
004047A1 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004047A5 |. C1EF 1B SHR EDI, 0x1B
004047A8 |. 0BF7 OR ESI, EDI
004047AA |. 8BF8 MOV EDI, EAX
004047AC |. 33F9 XOR EDI, ECX
004047AE |. 33FA XOR EDI, EDX
004047B0 |. 03F7 ADD ESI, EDI
004047B2 |. 037424 70 ADD ESI, DWORD PTR SS:[ESP+0x70]
004047B6 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
004047BC |. 03DE ADD EBX, ESI
004047BE |. 8BF0 MOV ESI, EAX
004047C0 |. C1EE 02 SHR ESI, 0x2
004047C3 |. C1E0 1E SHL EAX, 0x1E
004047C6 |. 0BF0 OR ESI, EAX
004047C8 |. 8BC6 MOV EAX, ESI
004047CA |. 8BF3 MOV ESI, EBX
004047CC |. C1E6 05 SHL ESI, 0x5
004047CF |. 8BFB MOV EDI, EBX
004047D1 |. C1EF 1B SHR EDI, 0x1B
004047D4 |. 0BF7 OR ESI, EDI
004047D6 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004047DA |. 33FA XOR EDI, EDX
004047DC |. 33F8 XOR EDI, EAX
004047DE |. 03F7 ADD ESI, EDI
004047E0 |. 037424 74 ADD ESI, DWORD PTR SS:[ESP+0x74]
004047E4 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
004047EA |. 03CE ADD ECX, ESI
004047EC |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
004047F0 |. C1EE 02 SHR ESI, 0x2
004047F3 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004047F7 |. C1E7 1E SHL EDI, 0x1E
004047FA |. 0BF7 OR ESI, EDI
004047FC |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
00404800 |. 8BF1 MOV ESI, ECX
00404802 |. C1E6 05 SHL ESI, 0x5
00404805 |. 8BF9 MOV EDI, ECX
00404807 |. C1EF 1B SHR EDI, 0x1B
0040480A |. 0BF7 OR ESI, EDI
0040480C |. 8BFB MOV EDI, EBX
0040480E |. 33F8 XOR EDI, EAX
00404810 |. 337C24 04 XOR EDI, DWORD PTR SS:[ESP+0x4]
00404814 |. 03F7 ADD ESI, EDI
00404816 |. 037424 78 ADD ESI, DWORD PTR SS:[ESP+0x78]
0040481A |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
00404820 |. 03D6 ADD EDX, ESI
00404822 |. 8BF3 MOV ESI, EBX
00404824 |. C1EE 02 SHR ESI, 0x2
00404827 |. C1E3 1E SHL EBX, 0x1E
0040482A |. 0BF3 OR ESI, EBX
0040482C |. 8BDE MOV EBX, ESI
0040482E |. 8BF2 MOV ESI, EDX
00404830 |. C1E6 05 SHL ESI, 0x5
00404833 |. 8BFA MOV EDI, EDX
00404835 |. C1EF 1B SHR EDI, 0x1B
00404838 |. 0BF7 OR ESI, EDI
0040483A |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
0040483E |. 33F9 XOR EDI, ECX
00404840 |. 33FB XOR EDI, EBX
00404842 |. 03F7 ADD ESI, EDI
00404844 |. 037424 7C ADD ESI, DWORD PTR SS:[ESP+0x7C]
00404848 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
0040484E |. 03C6 ADD EAX, ESI
00404850 |. 8BF1 MOV ESI, ECX
00404852 |. C1EE 02 SHR ESI, 0x2
00404855 |. C1E1 1E SHL ECX, 0x1E
00404858 |. 0BF1 OR ESI, ECX
0040485A |. 8BCE MOV ECX, ESI
0040485C |. 8BF0 MOV ESI, EAX
0040485E |. C1E6 05 SHL ESI, 0x5
00404861 |. 8BF8 MOV EDI, EAX
00404863 |. C1EF 1B SHR EDI, 0x1B
00404866 |. 0BF7 OR ESI, EDI
00404868 |. 8BFA MOV EDI, EDX
0040486A |. 33FB XOR EDI, EBX
0040486C |. 33F9 XOR EDI, ECX
0040486E |. 03F7 ADD ESI, EDI
00404870 |. 03B424 80000000 ADD ESI, DWORD PTR SS:[ESP+0x80]
00404877 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
0040487D |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
00404881 |. 8BF2 MOV ESI, EDX
00404883 |. C1EE 02 SHR ESI, 0x2
00404886 |. C1E2 1E SHL EDX, 0x1E
00404889 |. 0BF2 OR ESI, EDX
0040488B |. 8BD6 MOV EDX, ESI
0040488D |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404891 |. C1E6 05 SHL ESI, 0x5
00404894 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404898 |. C1EF 1B SHR EDI, 0x1B
0040489B |. 0BF7 OR ESI, EDI
0040489D |. 8BF8 MOV EDI, EAX
0040489F |. 33F9 XOR EDI, ECX
004048A1 |. 33FA XOR EDI, EDX
004048A3 |. 03F7 ADD ESI, EDI
004048A5 |. 03B424 84000000 ADD ESI, DWORD PTR SS:[ESP+0x84]
004048AC |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
004048B2 |. 03DE ADD EBX, ESI
004048B4 |. 8BF0 MOV ESI, EAX
004048B6 |. C1EE 02 SHR ESI, 0x2
004048B9 |. C1E0 1E SHL EAX, 0x1E
004048BC |. 0BF0 OR ESI, EAX
004048BE |. 8BC6 MOV EAX, ESI
004048C0 |. 8BF3 MOV ESI, EBX
004048C2 |. C1E6 05 SHL ESI, 0x5
004048C5 |. 8BFB MOV EDI, EBX
004048C7 |. C1EF 1B SHR EDI, 0x1B
004048CA |. 0BF7 OR ESI, EDI
004048CC |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004048D0 |. 33FA XOR EDI, EDX
004048D2 |. 33F8 XOR EDI, EAX
004048D4 |. 03F7 ADD ESI, EDI
004048D6 |. 03B424 88000000 ADD ESI, DWORD PTR SS:[ESP+0x88]
004048DD |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
004048E3 |. 03CE ADD ECX, ESI
004048E5 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
004048E9 |. C1EE 02 SHR ESI, 0x2
004048EC |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004048F0 |. C1E7 1E SHL EDI, 0x1E
004048F3 |. 0BF7 OR ESI, EDI
004048F5 |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
004048F9 |. 8BF1 MOV ESI, ECX
004048FB |. C1E6 05 SHL ESI, 0x5
004048FE |. 8BF9 MOV EDI, ECX
00404900 |. C1EF 1B SHR EDI, 0x1B
00404903 |. 0BF7 OR ESI, EDI
00404905 |. 8BFB MOV EDI, EBX
00404907 |. 33F8 XOR EDI, EAX
00404909 |. 337C24 04 XOR EDI, DWORD PTR SS:[ESP+0x4]
0040490D |. 03F7 ADD ESI, EDI
0040490F |. 03B424 8C000000 ADD ESI, DWORD PTR SS:[ESP+0x8C]
00404916 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
0040491C |. 03D6 ADD EDX, ESI
0040491E |. 8BF3 MOV ESI, EBX
00404920 |. C1EE 02 SHR ESI, 0x2
00404923 |. C1E3 1E SHL EBX, 0x1E
00404926 |. 0BF3 OR ESI, EBX
00404928 |. 8BDE MOV EBX, ESI
0040492A |. 8BF2 MOV ESI, EDX
0040492C |. C1E6 05 SHL ESI, 0x5
0040492F |. 8BFA MOV EDI, EDX
00404931 |. C1EF 1B SHR EDI, 0x1B
00404934 |. 0BF7 OR ESI, EDI
00404936 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
0040493A |. 33F9 XOR EDI, ECX
0040493C |. 33FB XOR EDI, EBX
0040493E |. 03F7 ADD ESI, EDI
00404940 |. 03B424 90000000 ADD ESI, DWORD PTR SS:[ESP+0x90]
00404947 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
0040494D |. 03C6 ADD EAX, ESI
0040494F |. 8BF1 MOV ESI, ECX
00404951 |. C1EE 02 SHR ESI, 0x2
00404954 |. C1E1 1E SHL ECX, 0x1E
00404957 |. 0BF1 OR ESI, ECX
00404959 |. 8BCE MOV ECX, ESI
0040495B |. 8BF0 MOV ESI, EAX
0040495D |. C1E6 05 SHL ESI, 0x5
00404960 |. 8BF8 MOV EDI, EAX
00404962 |. C1EF 1B SHR EDI, 0x1B
00404965 |. 0BF7 OR ESI, EDI
00404967 |. 8BFA MOV EDI, EDX
00404969 |. 33FB XOR EDI, EBX
0040496B |. 33F9 XOR EDI, ECX
0040496D |. 03F7 ADD ESI, EDI
0040496F |. 03B424 94000000 ADD ESI, DWORD PTR SS:[ESP+0x94]
00404976 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
0040497C |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
00404980 |. 8BF2 MOV ESI, EDX
00404982 |. C1EE 02 SHR ESI, 0x2
00404985 |. C1E2 1E SHL EDX, 0x1E
00404988 |. 0BF2 OR ESI, EDX
0040498A |. 8BD6 MOV EDX, ESI
0040498C |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404990 |. C1E6 05 SHL ESI, 0x5
00404993 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404997 |. C1EF 1B SHR EDI, 0x1B
0040499A |. 0BF7 OR ESI, EDI
0040499C |. 8BF8 MOV EDI, EAX
0040499E |. 33F9 XOR EDI, ECX
004049A0 |. 33FA XOR EDI, EDX
004049A2 |. 03F7 ADD ESI, EDI
004049A4 |. 03B424 98000000 ADD ESI, DWORD PTR SS:[ESP+0x98]
004049AB |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
004049B1 |. 03DE ADD EBX, ESI
004049B3 |. 8BF0 MOV ESI, EAX
004049B5 |. C1EE 02 SHR ESI, 0x2
004049B8 |. C1E0 1E SHL EAX, 0x1E
004049BB |. 0BF0 OR ESI, EAX
004049BD |. 8BC6 MOV EAX, ESI
004049BF |. 8BF3 MOV ESI, EBX
004049C1 |. C1E6 05 SHL ESI, 0x5
004049C4 |. 8BFB MOV EDI, EBX
004049C6 |. C1EF 1B SHR EDI, 0x1B
004049C9 |. 0BF7 OR ESI, EDI
004049CB |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004049CF |. 33FA XOR EDI, EDX
004049D1 |. 33F8 XOR EDI, EAX
004049D3 |. 03F7 ADD ESI, EDI
004049D5 |. 03B424 9C000000 ADD ESI, DWORD PTR SS:[ESP+0x9C]
004049DC |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
004049E2 |. 03CE ADD ECX, ESI
004049E4 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
004049E8 |. C1EE 02 SHR ESI, 0x2
004049EB |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004049EF |. C1E7 1E SHL EDI, 0x1E
004049F2 |. 0BF7 OR ESI, EDI
004049F4 |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
004049F8 |. 8BF1 MOV ESI, ECX
004049FA |. C1E6 05 SHL ESI, 0x5
004049FD |. 8BF9 MOV EDI, ECX
004049FF |. C1EF 1B SHR EDI, 0x1B
00404A02 |. 0BF7 OR ESI, EDI
00404A04 |. 8BFB MOV EDI, EBX
00404A06 |. 33F8 XOR EDI, EAX
00404A08 |. 337C24 04 XOR EDI, DWORD PTR SS:[ESP+0x4]
00404A0C |. 03F7 ADD ESI, EDI
00404A0E |. 03B424 A0000000 ADD ESI, DWORD PTR SS:[ESP+0xA0]
00404A15 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
00404A1B |. 03D6 ADD EDX, ESI
00404A1D |. 8BF3 MOV ESI, EBX
00404A1F |. C1EE 02 SHR ESI, 0x2
00404A22 |. C1E3 1E SHL EBX, 0x1E
00404A25 |. 0BF3 OR ESI, EBX
00404A27 |. 8BDE MOV EBX, ESI
00404A29 |. 8BF2 MOV ESI, EDX
00404A2B |. C1E6 05 SHL ESI, 0x5
00404A2E |. 8BFA MOV EDI, EDX
00404A30 |. C1EF 1B SHR EDI, 0x1B
00404A33 |. 0BF7 OR ESI, EDI
00404A35 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404A39 |. 33F9 XOR EDI, ECX
00404A3B |. 33FB XOR EDI, EBX
00404A3D |. 03F7 ADD ESI, EDI
00404A3F |. 03B424 A4000000 ADD ESI, DWORD PTR SS:[ESP+0xA4]
00404A46 |. 81C6 A1EBD96E ADD ESI, 0x6ED9EBA1
00404A4C |. 03C6 ADD EAX, ESI
00404A4E |. 8BF1 MOV ESI, ECX
00404A50 |. C1EE 02 SHR ESI, 0x2
00404A53 |. C1E1 1E SHL ECX, 0x1E
00404A56 |. 0BF1 OR ESI, ECX
00404A58 |. 8BCE MOV ECX, ESI
00404A5A |. 8BF0 MOV ESI, EAX
00404A5C |. C1E6 05 SHL ESI, 0x5
00404A5F |. 8BF8 MOV EDI, EAX
00404A61 |. C1EF 1B SHR EDI, 0x1B
00404A64 |. 0BF7 OR ESI, EDI
00404A66 |. 8BF9 MOV EDI, ECX
00404A68 |. 23FA AND EDI, EDX
00404A6A |. 8BE9 MOV EBP, ECX
00404A6C |. 0BEA OR EBP, EDX
00404A6E |. 23EB AND EBP, EBX
00404A70 |. 0BFD OR EDI, EBP
00404A72 |. 03F7 ADD ESI, EDI
00404A74 |. 03B424 A8000000 ADD ESI, DWORD PTR SS:[ESP+0xA8]
00404A7B |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404A81 |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
00404A85 |. 8BF2 MOV ESI, EDX
00404A87 |. C1EE 02 SHR ESI, 0x2
00404A8A |. C1E2 1E SHL EDX, 0x1E
00404A8D |. 0BF2 OR ESI, EDX
00404A8F |. 8BD6 MOV EDX, ESI
00404A91 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404A95 |. C1E6 05 SHL ESI, 0x5
00404A98 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404A9C |. C1EF 1B SHR EDI, 0x1B
00404A9F |. 0BF7 OR ESI, EDI
00404AA1 |. 8BFA MOV EDI, EDX
00404AA3 |. 23F8 AND EDI, EAX
00404AA5 |. 8BEA MOV EBP, EDX
00404AA7 |. 0BE8 OR EBP, EAX
00404AA9 |. 23E9 AND EBP, ECX
00404AAB |. 0BFD OR EDI, EBP
00404AAD |. 03F7 ADD ESI, EDI
00404AAF |. 03B424 AC000000 ADD ESI, DWORD PTR SS:[ESP+0xAC]
00404AB6 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404ABC |. 03DE ADD EBX, ESI
00404ABE |. 8BF0 MOV ESI, EAX
00404AC0 |. C1EE 02 SHR ESI, 0x2
00404AC3 |. C1E0 1E SHL EAX, 0x1E
00404AC6 |. 0BF0 OR ESI, EAX
00404AC8 |. 8BC6 MOV EAX, ESI
00404ACA |. 8BF3 MOV ESI, EBX
00404ACC |. C1E6 05 SHL ESI, 0x5
00404ACF |. 8BFB MOV EDI, EBX
00404AD1 |. C1EF 1B SHR EDI, 0x1B
00404AD4 |. 0BF7 OR ESI, EDI
00404AD6 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404ADA |. 23F8 AND EDI, EAX
00404ADC |. 8B6C24 04 MOV EBP, DWORD PTR SS:[ESP+0x4]
00404AE0 |. 0BE8 OR EBP, EAX
00404AE2 |. 23EA AND EBP, EDX
00404AE4 |. 0BFD OR EDI, EBP
00404AE6 |. 03F7 ADD ESI, EDI
00404AE8 |. 03B424 B0000000 ADD ESI, DWORD PTR SS:[ESP+0xB0]
00404AEF |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404AF5 |. 03CE ADD ECX, ESI
00404AF7 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404AFB |. C1EE 02 SHR ESI, 0x2
00404AFE |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404B02 |. C1E7 1E SHL EDI, 0x1E
00404B05 |. 0BF7 OR ESI, EDI
00404B07 |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
00404B0B |. 8BF1 MOV ESI, ECX
00404B0D |. C1E6 05 SHL ESI, 0x5
00404B10 |. 8BF9 MOV EDI, ECX
00404B12 |. C1EF 1B SHR EDI, 0x1B
00404B15 |. 0BF7 OR ESI, EDI
00404B17 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404B1B |. 23FB AND EDI, EBX
00404B1D |. 8B6C24 04 MOV EBP, DWORD PTR SS:[ESP+0x4]
00404B21 |. 0BEB OR EBP, EBX
00404B23 |. 23E8 AND EBP, EAX
00404B25 |. 0BFD OR EDI, EBP
00404B27 |. 03F7 ADD ESI, EDI
00404B29 |. 03B424 B4000000 ADD ESI, DWORD PTR SS:[ESP+0xB4]
00404B30 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404B36 |. 03D6 ADD EDX, ESI
00404B38 |. 8BF3 MOV ESI, EBX
00404B3A |. C1EE 02 SHR ESI, 0x2
00404B3D |. C1E3 1E SHL EBX, 0x1E
00404B40 |. 0BF3 OR ESI, EBX
00404B42 |. 8BDE MOV EBX, ESI
00404B44 |. 8BF2 MOV ESI, EDX
00404B46 |. C1E6 05 SHL ESI, 0x5
00404B49 |. 8BFA MOV EDI, EDX
00404B4B |. C1EF 1B SHR EDI, 0x1B
00404B4E |. 0BF7 OR ESI, EDI
00404B50 |. 8BFB MOV EDI, EBX
00404B52 |. 23F9 AND EDI, ECX
00404B54 |. 8BEB MOV EBP, EBX
00404B56 |. 0BE9 OR EBP, ECX
00404B58 |. 236C24 04 AND EBP, DWORD PTR SS:[ESP+0x4]
00404B5C |. 0BFD OR EDI, EBP
00404B5E |. 03F7 ADD ESI, EDI
00404B60 |. 03B424 B8000000 ADD ESI, DWORD PTR SS:[ESP+0xB8]
00404B67 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404B6D |. 03C6 ADD EAX, ESI
00404B6F |. 8BF1 MOV ESI, ECX
00404B71 |. C1EE 02 SHR ESI, 0x2
00404B74 |. C1E1 1E SHL ECX, 0x1E
00404B77 |. 0BF1 OR ESI, ECX
00404B79 |. 8BCE MOV ECX, ESI
00404B7B |. 8BF0 MOV ESI, EAX
00404B7D |. C1E6 05 SHL ESI, 0x5
00404B80 |. 8BF8 MOV EDI, EAX
00404B82 |. C1EF 1B SHR EDI, 0x1B
00404B85 |. 0BF7 OR ESI, EDI
00404B87 |. 8BF9 MOV EDI, ECX
00404B89 |. 23FA AND EDI, EDX
00404B8B |. 8BE9 MOV EBP, ECX
00404B8D |. 0BEA OR EBP, EDX
00404B8F |. 23EB AND EBP, EBX
00404B91 |. 0BFD OR EDI, EBP
00404B93 |. 03F7 ADD ESI, EDI
00404B95 |. 03B424 BC000000 ADD ESI, DWORD PTR SS:[ESP+0xBC]
00404B9C |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404BA2 |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
00404BA6 |. 8BF2 MOV ESI, EDX
00404BA8 |. C1EE 02 SHR ESI, 0x2
00404BAB |. C1E2 1E SHL EDX, 0x1E
00404BAE |. 0BF2 OR ESI, EDX
00404BB0 |. 8BD6 MOV EDX, ESI
00404BB2 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404BB6 |. C1E6 05 SHL ESI, 0x5
00404BB9 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404BBD |. C1EF 1B SHR EDI, 0x1B
00404BC0 |. 0BF7 OR ESI, EDI
00404BC2 |. 8BFA MOV EDI, EDX
00404BC4 |. 23F8 AND EDI, EAX
00404BC6 |. 8BEA MOV EBP, EDX
00404BC8 |. 0BE8 OR EBP, EAX
00404BCA |. 23E9 AND EBP, ECX
00404BCC |. 0BFD OR EDI, EBP
00404BCE |. 03F7 ADD ESI, EDI
00404BD0 |. 03B424 C0000000 ADD ESI, DWORD PTR SS:[ESP+0xC0]
00404BD7 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404BDD |. 03DE ADD EBX, ESI
00404BDF |. 8BF0 MOV ESI, EAX
00404BE1 |. C1EE 02 SHR ESI, 0x2
00404BE4 |. C1E0 1E SHL EAX, 0x1E
00404BE7 |. 0BF0 OR ESI, EAX
00404BE9 |. 8BC6 MOV EAX, ESI
00404BEB |. 8BF3 MOV ESI, EBX
00404BED |. C1E6 05 SHL ESI, 0x5
00404BF0 |. 8BFB MOV EDI, EBX
00404BF2 |. C1EF 1B SHR EDI, 0x1B
00404BF5 |. 0BF7 OR ESI, EDI
00404BF7 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404BFB |. 23F8 AND EDI, EAX
00404BFD |. 8B6C24 04 MOV EBP, DWORD PTR SS:[ESP+0x4]
00404C01 |. 0BE8 OR EBP, EAX
00404C03 |. 23EA AND EBP, EDX
00404C05 |. 0BFD OR EDI, EBP
00404C07 |. 03F7 ADD ESI, EDI
00404C09 |. 03B424 C4000000 ADD ESI, DWORD PTR SS:[ESP+0xC4]
00404C10 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404C16 |. 03CE ADD ECX, ESI
00404C18 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404C1C |. C1EE 02 SHR ESI, 0x2
00404C1F |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404C23 |. C1E7 1E SHL EDI, 0x1E
00404C26 |. 0BF7 OR ESI, EDI
00404C28 |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
00404C2C |. 8BF1 MOV ESI, ECX
00404C2E |. C1E6 05 SHL ESI, 0x5
00404C31 |. 8BF9 MOV EDI, ECX
00404C33 |. C1EF 1B SHR EDI, 0x1B
00404C36 |. 0BF7 OR ESI, EDI
00404C38 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404C3C |. 23FB AND EDI, EBX
00404C3E |. 8B6C24 04 MOV EBP, DWORD PTR SS:[ESP+0x4]
00404C42 |. 0BEB OR EBP, EBX
00404C44 |. 23E8 AND EBP, EAX
00404C46 |. 0BFD OR EDI, EBP
00404C48 |. 03F7 ADD ESI, EDI
00404C4A |. 03B424 C8000000 ADD ESI, DWORD PTR SS:[ESP+0xC8]
00404C51 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404C57 |. 03D6 ADD EDX, ESI
00404C59 |. 8BF3 MOV ESI, EBX
00404C5B |. C1EE 02 SHR ESI, 0x2
00404C5E |. C1E3 1E SHL EBX, 0x1E
00404C61 |. 0BF3 OR ESI, EBX
00404C63 |. 8BDE MOV EBX, ESI
00404C65 |. 8BF2 MOV ESI, EDX
00404C67 |. C1E6 05 SHL ESI, 0x5
00404C6A |. 8BFA MOV EDI, EDX
00404C6C |. C1EF 1B SHR EDI, 0x1B
00404C6F |. 0BF7 OR ESI, EDI
00404C71 |. 8BFB MOV EDI, EBX
00404C73 |. 23F9 AND EDI, ECX
00404C75 |. 8BEB MOV EBP, EBX
00404C77 |. 0BE9 OR EBP, ECX
00404C79 |. 236C24 04 AND EBP, DWORD PTR SS:[ESP+0x4]
00404C7D |. 0BFD OR EDI, EBP
00404C7F |. 03F7 ADD ESI, EDI
00404C81 |. 03B424 CC000000 ADD ESI, DWORD PTR SS:[ESP+0xCC]
00404C88 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404C8E |. 03C6 ADD EAX, ESI
00404C90 |. 8BF1 MOV ESI, ECX
00404C92 |. C1EE 02 SHR ESI, 0x2
00404C95 |. C1E1 1E SHL ECX, 0x1E
00404C98 |. 0BF1 OR ESI, ECX
00404C9A |. 8BCE MOV ECX, ESI
00404C9C |. 8BF0 MOV ESI, EAX
00404C9E |. C1E6 05 SHL ESI, 0x5
00404CA1 |. 8BF8 MOV EDI, EAX
00404CA3 |. C1EF 1B SHR EDI, 0x1B
00404CA6 |. 0BF7 OR ESI, EDI
00404CA8 |. 8BF9 MOV EDI, ECX
00404CAA |. 23FA AND EDI, EDX
00404CAC |. 8BE9 MOV EBP, ECX
00404CAE |. 0BEA OR EBP, EDX
00404CB0 |. 23EB AND EBP, EBX
00404CB2 |. 0BFD OR EDI, EBP
00404CB4 |. 03F7 ADD ESI, EDI
00404CB6 |. 03B424 D0000000 ADD ESI, DWORD PTR SS:[ESP+0xD0]
00404CBD |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404CC3 |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
00404CC7 |. 8BF2 MOV ESI, EDX
00404CC9 |. C1EE 02 SHR ESI, 0x2
00404CCC |. C1E2 1E SHL EDX, 0x1E
00404CCF |. 0BF2 OR ESI, EDX
00404CD1 |. 8BD6 MOV EDX, ESI
00404CD3 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404CD7 |. C1E6 05 SHL ESI, 0x5
00404CDA |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404CDE |. C1EF 1B SHR EDI, 0x1B
00404CE1 |. 0BF7 OR ESI, EDI
00404CE3 |. 8BFA MOV EDI, EDX
00404CE5 |. 23F8 AND EDI, EAX
00404CE7 |. 8BEA MOV EBP, EDX
00404CE9 |. 0BE8 OR EBP, EAX
00404CEB |. 23E9 AND EBP, ECX
00404CED |. 0BFD OR EDI, EBP
00404CEF |. 03F7 ADD ESI, EDI
00404CF1 |. 03B424 D4000000 ADD ESI, DWORD PTR SS:[ESP+0xD4]
00404CF8 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404CFE |. 03DE ADD EBX, ESI
00404D00 |. 8BF0 MOV ESI, EAX
00404D02 |. C1EE 02 SHR ESI, 0x2
00404D05 |. C1E0 1E SHL EAX, 0x1E
00404D08 |. 0BF0 OR ESI, EAX
00404D0A |. 8BC6 MOV EAX, ESI
00404D0C |. 8BF3 MOV ESI, EBX
00404D0E |. C1E6 05 SHL ESI, 0x5
00404D11 |. 8BFB MOV EDI, EBX
00404D13 |. C1EF 1B SHR EDI, 0x1B
00404D16 |. 0BF7 OR ESI, EDI
00404D18 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404D1C |. 23F8 AND EDI, EAX
00404D1E |. 8B6C24 04 MOV EBP, DWORD PTR SS:[ESP+0x4]
00404D22 |. 0BE8 OR EBP, EAX
00404D24 |. 23EA AND EBP, EDX
00404D26 |. 0BFD OR EDI, EBP
00404D28 |. 03F7 ADD ESI, EDI
00404D2A |. 03B424 D8000000 ADD ESI, DWORD PTR SS:[ESP+0xD8]
00404D31 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404D37 |. 03CE ADD ECX, ESI
00404D39 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404D3D |. C1EE 02 SHR ESI, 0x2
00404D40 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404D44 |. C1E7 1E SHL EDI, 0x1E
00404D47 |. 0BF7 OR ESI, EDI
00404D49 |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
00404D4D |. 8BF1 MOV ESI, ECX
00404D4F |. C1E6 05 SHL ESI, 0x5
00404D52 |. 8BF9 MOV EDI, ECX
00404D54 |. C1EF 1B SHR EDI, 0x1B
00404D57 |. 0BF7 OR ESI, EDI
00404D59 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404D5D |. 23FB AND EDI, EBX
00404D5F |. 8B6C24 04 MOV EBP, DWORD PTR SS:[ESP+0x4]
00404D63 |. 0BEB OR EBP, EBX
00404D65 |. 23E8 AND EBP, EAX
00404D67 |. 0BFD OR EDI, EBP
00404D69 |. 03F7 ADD ESI, EDI
00404D6B |. 03B424 DC000000 ADD ESI, DWORD PTR SS:[ESP+0xDC]
00404D72 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404D78 |. 03D6 ADD EDX, ESI
00404D7A |. 8BF3 MOV ESI, EBX
00404D7C |. C1EE 02 SHR ESI, 0x2
00404D7F |. C1E3 1E SHL EBX, 0x1E
00404D82 |. 0BF3 OR ESI, EBX
00404D84 |. 8BDE MOV EBX, ESI
00404D86 |. 8BF2 MOV ESI, EDX
00404D88 |. C1E6 05 SHL ESI, 0x5
00404D8B |. 8BFA MOV EDI, EDX
00404D8D |. C1EF 1B SHR EDI, 0x1B
00404D90 |. 0BF7 OR ESI, EDI
00404D92 |. 8BFB MOV EDI, EBX
00404D94 |. 23F9 AND EDI, ECX
00404D96 |. 8BEB MOV EBP, EBX
00404D98 |. 0BE9 OR EBP, ECX
00404D9A |. 236C24 04 AND EBP, DWORD PTR SS:[ESP+0x4]
00404D9E |. 0BFD OR EDI, EBP
00404DA0 |. 03F7 ADD ESI, EDI
00404DA2 |. 03B424 E0000000 ADD ESI, DWORD PTR SS:[ESP+0xE0]
00404DA9 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404DAF |. 03C6 ADD EAX, ESI
00404DB1 |. 8BF1 MOV ESI, ECX
00404DB3 |. C1EE 02 SHR ESI, 0x2
00404DB6 |. C1E1 1E SHL ECX, 0x1E
00404DB9 |. 0BF1 OR ESI, ECX
00404DBB |. 8BCE MOV ECX, ESI
00404DBD |. 8BF0 MOV ESI, EAX
00404DBF |. C1E6 05 SHL ESI, 0x5
00404DC2 |. 8BF8 MOV EDI, EAX
00404DC4 |. C1EF 1B SHR EDI, 0x1B
00404DC7 |. 0BF7 OR ESI, EDI
00404DC9 |. 8BF9 MOV EDI, ECX
00404DCB |. 23FA AND EDI, EDX
00404DCD |. 8BE9 MOV EBP, ECX
00404DCF |. 0BEA OR EBP, EDX
00404DD1 |. 23EB AND EBP, EBX
00404DD3 |. 0BFD OR EDI, EBP
00404DD5 |. 03F7 ADD ESI, EDI
00404DD7 |. 03B424 E4000000 ADD ESI, DWORD PTR SS:[ESP+0xE4]
00404DDE |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404DE4 |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
00404DE8 |. 8BF2 MOV ESI, EDX
00404DEA |. C1EE 02 SHR ESI, 0x2
00404DED |. C1E2 1E SHL EDX, 0x1E
00404DF0 |. 0BF2 OR ESI, EDX
00404DF2 |. 8BD6 MOV EDX, ESI
00404DF4 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404DF8 |. C1E6 05 SHL ESI, 0x5
00404DFB |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404DFF |. C1EF 1B SHR EDI, 0x1B
00404E02 |. 0BF7 OR ESI, EDI
00404E04 |. 8BFA MOV EDI, EDX
00404E06 |. 23F8 AND EDI, EAX
00404E08 |. 8BEA MOV EBP, EDX
00404E0A |. 0BE8 OR EBP, EAX
00404E0C |. 23E9 AND EBP, ECX
00404E0E |. 0BFD OR EDI, EBP
00404E10 |. 03F7 ADD ESI, EDI
00404E12 |. 03B424 E8000000 ADD ESI, DWORD PTR SS:[ESP+0xE8]
00404E19 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404E1F |. 03DE ADD EBX, ESI
00404E21 |. 8BF0 MOV ESI, EAX
00404E23 |. C1EE 02 SHR ESI, 0x2
00404E26 |. C1E0 1E SHL EAX, 0x1E
00404E29 |. 0BF0 OR ESI, EAX
00404E2B |. 8BC6 MOV EAX, ESI
00404E2D |. 8BF3 MOV ESI, EBX
00404E2F |. C1E6 05 SHL ESI, 0x5
00404E32 |. 8BFB MOV EDI, EBX
00404E34 |. C1EF 1B SHR EDI, 0x1B
00404E37 |. 0BF7 OR ESI, EDI
00404E39 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404E3D |. 23F8 AND EDI, EAX
00404E3F |. 8B6C24 04 MOV EBP, DWORD PTR SS:[ESP+0x4]
00404E43 |. 0BE8 OR EBP, EAX
00404E45 |. 23EA AND EBP, EDX
00404E47 |. 0BFD OR EDI, EBP
00404E49 |. 03F7 ADD ESI, EDI
00404E4B |. 03B424 EC000000 ADD ESI, DWORD PTR SS:[ESP+0xEC]
00404E52 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404E58 |. 03CE ADD ECX, ESI
00404E5A |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404E5E |. C1EE 02 SHR ESI, 0x2
00404E61 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404E65 |. C1E7 1E SHL EDI, 0x1E
00404E68 |. 0BF7 OR ESI, EDI
00404E6A |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
00404E6E |. 8BF1 MOV ESI, ECX
00404E70 |. C1E6 05 SHL ESI, 0x5
00404E73 |. 8BF9 MOV EDI, ECX
00404E75 |. C1EF 1B SHR EDI, 0x1B
00404E78 |. 0BF7 OR ESI, EDI
00404E7A |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404E7E |. 23FB AND EDI, EBX
00404E80 |. 8B6C24 04 MOV EBP, DWORD PTR SS:[ESP+0x4]
00404E84 |. 0BEB OR EBP, EBX
00404E86 |. 23E8 AND EBP, EAX
00404E88 |. 0BFD OR EDI, EBP
00404E8A |. 03F7 ADD ESI, EDI
00404E8C |. 03B424 F0000000 ADD ESI, DWORD PTR SS:[ESP+0xF0]
00404E93 |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404E99 |. 03D6 ADD EDX, ESI
00404E9B |. 8BF3 MOV ESI, EBX
00404E9D |. C1EE 02 SHR ESI, 0x2
00404EA0 |. C1E3 1E SHL EBX, 0x1E
00404EA3 |. 0BF3 OR ESI, EBX
00404EA5 |. 8BDE MOV EBX, ESI
00404EA7 |. 8BF2 MOV ESI, EDX
00404EA9 |. C1E6 05 SHL ESI, 0x5
00404EAC |. 8BFA MOV EDI, EDX
00404EAE |. C1EF 1B SHR EDI, 0x1B
00404EB1 |. 0BF7 OR ESI, EDI
00404EB3 |. 8BFB MOV EDI, EBX
00404EB5 |. 23F9 AND EDI, ECX
00404EB7 |. 8BEB MOV EBP, EBX
00404EB9 |. 0BE9 OR EBP, ECX
00404EBB |. 236C24 04 AND EBP, DWORD PTR SS:[ESP+0x4]
00404EBF |. 0BFD OR EDI, EBP
00404EC1 |. 03F7 ADD ESI, EDI
00404EC3 |. 03B424 F4000000 ADD ESI, DWORD PTR SS:[ESP+0xF4]
00404ECA |. 81C6 DCBC1B8F ADD ESI, 0x8F1BBCDC
00404ED0 |. 03C6 ADD EAX, ESI
00404ED2 |. 8BF1 MOV ESI, ECX
00404ED4 |. C1EE 02 SHR ESI, 0x2
00404ED7 |. C1E1 1E SHL ECX, 0x1E
00404EDA |. 0BF1 OR ESI, ECX
00404EDC |. 8BCE MOV ECX, ESI
00404EDE |. 8BF0 MOV ESI, EAX
00404EE0 |. C1E6 05 SHL ESI, 0x5
00404EE3 |. 8BF8 MOV EDI, EAX
00404EE5 |. C1EF 1B SHR EDI, 0x1B
00404EE8 |. 0BF7 OR ESI, EDI
00404EEA |. 8BFA MOV EDI, EDX
00404EEC |. 33FB XOR EDI, EBX
00404EEE |. 33F9 XOR EDI, ECX
00404EF0 |. 03F7 ADD ESI, EDI
00404EF2 |. 03B424 F8000000 ADD ESI, DWORD PTR SS:[ESP+0xF8]
00404EF9 |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
00404EFF |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
00404F03 |. 8BF2 MOV ESI, EDX
00404F05 |. C1EE 02 SHR ESI, 0x2
00404F08 |. C1E2 1E SHL EDX, 0x1E
00404F0B |. 0BF2 OR ESI, EDX
00404F0D |. 8BD6 MOV EDX, ESI
00404F0F |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404F13 |. C1E6 05 SHL ESI, 0x5
00404F16 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404F1A |. C1EF 1B SHR EDI, 0x1B
00404F1D |. 0BF7 OR ESI, EDI
00404F1F |. 8BF8 MOV EDI, EAX
00404F21 |. 33F9 XOR EDI, ECX
00404F23 |. 33FA XOR EDI, EDX
00404F25 |. 03F7 ADD ESI, EDI
00404F27 |. 03B424 FC000000 ADD ESI, DWORD PTR SS:[ESP+0xFC]
00404F2E |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
00404F34 |. 03DE ADD EBX, ESI
00404F36 |. 8BF0 MOV ESI, EAX
00404F38 |. C1EE 02 SHR ESI, 0x2
00404F3B |. C1E0 1E SHL EAX, 0x1E
00404F3E |. 0BF0 OR ESI, EAX
00404F40 |. 8BC6 MOV EAX, ESI
00404F42 |. 8BF3 MOV ESI, EBX
00404F44 |. C1E6 05 SHL ESI, 0x5
00404F47 |. 8BFB MOV EDI, EBX
00404F49 |. C1EF 1B SHR EDI, 0x1B
00404F4C |. 0BF7 OR ESI, EDI
00404F4E |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404F52 |. 33FA XOR EDI, EDX
00404F54 |. 33F8 XOR EDI, EAX
00404F56 |. 03F7 ADD ESI, EDI
00404F58 |. 03B424 00010000 ADD ESI, DWORD PTR SS:[ESP+0x100]
00404F5F |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
00404F65 |. 03CE ADD ECX, ESI
00404F67 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00404F6B |. C1EE 02 SHR ESI, 0x2
00404F6E |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404F72 |. C1E7 1E SHL EDI, 0x1E
00404F75 |. 0BF7 OR ESI, EDI
00404F77 |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
00404F7B |. 8BF1 MOV ESI, ECX
00404F7D |. C1E6 05 SHL ESI, 0x5
00404F80 |. 8BF9 MOV EDI, ECX
00404F82 |. C1EF 1B SHR EDI, 0x1B
00404F85 |. 0BF7 OR ESI, EDI
00404F87 |. 8BFB MOV EDI, EBX
00404F89 |. 33F8 XOR EDI, EAX
00404F8B |. 337C24 04 XOR EDI, DWORD PTR SS:[ESP+0x4]
00404F8F |. 03F7 ADD ESI, EDI
00404F91 |. 03B424 04010000 ADD ESI, DWORD PTR SS:[ESP+0x104]
00404F98 |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
00404F9E |. 03D6 ADD EDX, ESI
00404FA0 |. 8BF3 MOV ESI, EBX
00404FA2 |. C1EE 02 SHR ESI, 0x2
00404FA5 |. C1E3 1E SHL EBX, 0x1E
00404FA8 |. 0BF3 OR ESI, EBX
00404FAA |. 8BDE MOV EBX, ESI
00404FAC |. 8BF2 MOV ESI, EDX
00404FAE |. C1E6 05 SHL ESI, 0x5
00404FB1 |. 8BFA MOV EDI, EDX
00404FB3 |. C1EF 1B SHR EDI, 0x1B
00404FB6 |. 0BF7 OR ESI, EDI
00404FB8 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00404FBC |. 33F9 XOR EDI, ECX
00404FBE |. 33FB XOR EDI, EBX
00404FC0 |. 03F7 ADD ESI, EDI
00404FC2 |. 03B424 08010000 ADD ESI, DWORD PTR SS:[ESP+0x108]
00404FC9 |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
00404FCF |. 03C6 ADD EAX, ESI
00404FD1 |. 8BF1 MOV ESI, ECX
00404FD3 |. C1EE 02 SHR ESI, 0x2
00404FD6 |. C1E1 1E SHL ECX, 0x1E
00404FD9 |. 0BF1 OR ESI, ECX
00404FDB |. 8BCE MOV ECX, ESI
00404FDD |. 8BF0 MOV ESI, EAX
00404FDF |. C1E6 05 SHL ESI, 0x5
00404FE2 |. 8BF8 MOV EDI, EAX
00404FE4 |. C1EF 1B SHR EDI, 0x1B
00404FE7 |. 0BF7 OR ESI, EDI
00404FE9 |. 8BFA MOV EDI, EDX
00404FEB |. 33FB XOR EDI, EBX
00404FED |. 33F9 XOR EDI, ECX
00404FEF |. 03F7 ADD ESI, EDI
00404FF1 |. 03B424 0C010000 ADD ESI, DWORD PTR SS:[ESP+0x10C]
00404FF8 |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
00404FFE |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
00405002 |. 8BF2 MOV ESI, EDX
00405004 |. C1EE 02 SHR ESI, 0x2
00405007 |. C1E2 1E SHL EDX, 0x1E
0040500A |. 0BF2 OR ESI, EDX
0040500C |. 8BD6 MOV EDX, ESI
0040500E |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00405012 |. C1E6 05 SHL ESI, 0x5
00405015 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00405019 |. C1EF 1B SHR EDI, 0x1B
0040501C |. 0BF7 OR ESI, EDI
0040501E |. 8BF8 MOV EDI, EAX
00405020 |. 33F9 XOR EDI, ECX
00405022 |. 33FA XOR EDI, EDX
00405024 |. 03F7 ADD ESI, EDI
00405026 |. 03B424 10010000 ADD ESI, DWORD PTR SS:[ESP+0x110]
0040502D |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
00405033 |. 03DE ADD EBX, ESI
00405035 |. 8BF0 MOV ESI, EAX
00405037 |. C1EE 02 SHR ESI, 0x2
0040503A |. C1E0 1E SHL EAX, 0x1E
0040503D |. 0BF0 OR ESI, EAX
0040503F |. 8BC6 MOV EAX, ESI
00405041 |. 8BF3 MOV ESI, EBX
00405043 |. C1E6 05 SHL ESI, 0x5
00405046 |. 8BFB MOV EDI, EBX
00405048 |. C1EF 1B SHR EDI, 0x1B
0040504B |. 0BF7 OR ESI, EDI
0040504D |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00405051 |. 33FA XOR EDI, EDX
00405053 |. 33F8 XOR EDI, EAX
00405055 |. 03F7 ADD ESI, EDI
00405057 |. 03B424 14010000 ADD ESI, DWORD PTR SS:[ESP+0x114]
0040505E |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
00405064 |. 03CE ADD ECX, ESI
00405066 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
0040506A |. C1EE 02 SHR ESI, 0x2
0040506D |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00405071 |. C1E7 1E SHL EDI, 0x1E
00405074 |. 0BF7 OR ESI, EDI
00405076 |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
0040507A |. 8BF1 MOV ESI, ECX
0040507C |. C1E6 05 SHL ESI, 0x5
0040507F |. 8BF9 MOV EDI, ECX
00405081 |. C1EF 1B SHR EDI, 0x1B
00405084 |. 0BF7 OR ESI, EDI
00405086 |. 8BFB MOV EDI, EBX
00405088 |. 33F8 XOR EDI, EAX
0040508A |. 337C24 04 XOR EDI, DWORD PTR SS:[ESP+0x4]
0040508E |. 03F7 ADD ESI, EDI
00405090 |. 03B424 18010000 ADD ESI, DWORD PTR SS:[ESP+0x118]
00405097 |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
0040509D |. 03D6 ADD EDX, ESI
0040509F |. 8BF3 MOV ESI, EBX
004050A1 |. C1EE 02 SHR ESI, 0x2
004050A4 |. C1E3 1E SHL EBX, 0x1E
004050A7 |. 0BF3 OR ESI, EBX
004050A9 |. 8BDE MOV EBX, ESI
004050AB |. 8BF2 MOV ESI, EDX
004050AD |. C1E6 05 SHL ESI, 0x5
004050B0 |. 8BFA MOV EDI, EDX
004050B2 |. C1EF 1B SHR EDI, 0x1B
004050B5 |. 0BF7 OR ESI, EDI
004050B7 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004050BB |. 33F9 XOR EDI, ECX
004050BD |. 33FB XOR EDI, EBX
004050BF |. 03F7 ADD ESI, EDI
004050C1 |. 03B424 1C010000 ADD ESI, DWORD PTR SS:[ESP+0x11C]
004050C8 |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
004050CE |. 03C6 ADD EAX, ESI
004050D0 |. 8BF1 MOV ESI, ECX
004050D2 |. C1EE 02 SHR ESI, 0x2
004050D5 |. C1E1 1E SHL ECX, 0x1E
004050D8 |. 0BF1 OR ESI, ECX
004050DA |. 8BCE MOV ECX, ESI
004050DC |. 8BF0 MOV ESI, EAX
004050DE |. C1E6 05 SHL ESI, 0x5
004050E1 |. 8BF8 MOV EDI, EAX
004050E3 |. C1EF 1B SHR EDI, 0x1B
004050E6 |. 0BF7 OR ESI, EDI
004050E8 |. 8BFA MOV EDI, EDX
004050EA |. 33FB XOR EDI, EBX
004050EC |. 33F9 XOR EDI, ECX
004050EE |. 03F7 ADD ESI, EDI
004050F0 |. 03B424 20010000 ADD ESI, DWORD PTR SS:[ESP+0x120]
004050F7 |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
004050FD |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
00405101 |. 8BF2 MOV ESI, EDX
00405103 |. C1EE 02 SHR ESI, 0x2
00405106 |. C1E2 1E SHL EDX, 0x1E
00405109 |. 0BF2 OR ESI, EDX
0040510B |. 8BD6 MOV EDX, ESI
0040510D |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00405111 |. C1E6 05 SHL ESI, 0x5
00405114 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00405118 |. C1EF 1B SHR EDI, 0x1B
0040511B |. 0BF7 OR ESI, EDI
0040511D |. 8BF8 MOV EDI, EAX
0040511F |. 33F9 XOR EDI, ECX
00405121 |. 33FA XOR EDI, EDX
00405123 |. 03F7 ADD ESI, EDI
00405125 |. 03B424 24010000 ADD ESI, DWORD PTR SS:[ESP+0x124]
0040512C |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
00405132 |. 03DE ADD EBX, ESI
00405134 |. 8BF0 MOV ESI, EAX
00405136 |. C1EE 02 SHR ESI, 0x2
00405139 |. C1E0 1E SHL EAX, 0x1E
0040513C |. 0BF0 OR ESI, EAX
0040513E |. 8BC6 MOV EAX, ESI
00405140 |. 8BF3 MOV ESI, EBX
00405142 |. C1E6 05 SHL ESI, 0x5
00405145 |. 8BFB MOV EDI, EBX
00405147 |. C1EF 1B SHR EDI, 0x1B
0040514A |. 0BF7 OR ESI, EDI
0040514C |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00405150 |. 33FA XOR EDI, EDX
00405152 |. 33F8 XOR EDI, EAX
00405154 |. 03F7 ADD ESI, EDI
00405156 |. 03B424 28010000 ADD ESI, DWORD PTR SS:[ESP+0x128]
0040515D |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
00405163 |. 03CE ADD ECX, ESI
00405165 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00405169 |. C1EE 02 SHR ESI, 0x2
0040516C |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00405170 |. C1E7 1E SHL EDI, 0x1E
00405173 |. 0BF7 OR ESI, EDI
00405175 |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
00405179 |. 8BF1 MOV ESI, ECX
0040517B |. C1E6 05 SHL ESI, 0x5
0040517E |. 8BF9 MOV EDI, ECX
00405180 |. C1EF 1B SHR EDI, 0x1B
00405183 |. 0BF7 OR ESI, EDI
00405185 |. 8BFB MOV EDI, EBX
00405187 |. 33F8 XOR EDI, EAX
00405189 |. 337C24 04 XOR EDI, DWORD PTR SS:[ESP+0x4]
0040518D |. 03F7 ADD ESI, EDI
0040518F |. 03B424 2C010000 ADD ESI, DWORD PTR SS:[ESP+0x12C]
00405196 |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
0040519C |. 03D6 ADD EDX, ESI
0040519E |. 8BF3 MOV ESI, EBX
004051A0 |. C1EE 02 SHR ESI, 0x2
004051A3 |. C1E3 1E SHL EBX, 0x1E
004051A6 |. 0BF3 OR ESI, EBX
004051A8 |. 8BDE MOV EBX, ESI
004051AA |. 8BF2 MOV ESI, EDX
004051AC |. C1E6 05 SHL ESI, 0x5
004051AF |. 8BFA MOV EDI, EDX
004051B1 |. C1EF 1B SHR EDI, 0x1B
004051B4 |. 0BF7 OR ESI, EDI
004051B6 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004051BA |. 33F9 XOR EDI, ECX
004051BC |. 33FB XOR EDI, EBX
004051BE |. 03F7 ADD ESI, EDI
004051C0 |. 03B424 30010000 ADD ESI, DWORD PTR SS:[ESP+0x130]
004051C7 |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
004051CD |. 03C6 ADD EAX, ESI
004051CF |. 8BF1 MOV ESI, ECX
004051D1 |. C1EE 02 SHR ESI, 0x2
004051D4 |. C1E1 1E SHL ECX, 0x1E
004051D7 |. 0BF1 OR ESI, ECX
004051D9 |. 8BCE MOV ECX, ESI
004051DB |. 8BF0 MOV ESI, EAX
004051DD |. C1E6 05 SHL ESI, 0x5
004051E0 |. 8BF8 MOV EDI, EAX
004051E2 |. C1EF 1B SHR EDI, 0x1B
004051E5 |. 0BF7 OR ESI, EDI
004051E7 |. 8BFA MOV EDI, EDX
004051E9 |. 33FB XOR EDI, EBX
004051EB |. 33F9 XOR EDI, ECX
004051ED |. 03F7 ADD ESI, EDI
004051EF |. 03B424 34010000 ADD ESI, DWORD PTR SS:[ESP+0x134]
004051F6 |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
004051FC |. 017424 04 ADD DWORD PTR SS:[ESP+0x4], ESI
00405200 |. 8BF2 MOV ESI, EDX
00405202 |. C1EE 02 SHR ESI, 0x2
00405205 |. C1E2 1E SHL EDX, 0x1E
00405208 |. 0BF2 OR ESI, EDX
0040520A |. 8BD6 MOV EDX, ESI
0040520C |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00405210 |. C1E6 05 SHL ESI, 0x5
00405213 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
00405217 |. C1EF 1B SHR EDI, 0x1B
0040521A |. 0BF7 OR ESI, EDI
0040521C |. 8BF8 MOV EDI, EAX
0040521E |. 33F9 XOR EDI, ECX
00405220 |. 33FA XOR EDI, EDX
00405222 |. 03F7 ADD ESI, EDI
00405224 |. 03B424 38010000 ADD ESI, DWORD PTR SS:[ESP+0x138]
0040522B |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
00405231 |. 03DE ADD EBX, ESI
00405233 |. 8BF0 MOV ESI, EAX
00405235 |. C1EE 02 SHR ESI, 0x2
00405238 |. C1E0 1E SHL EAX, 0x1E
0040523B |. 0BF0 OR ESI, EAX
0040523D |. 8BC6 MOV EAX, ESI
0040523F |. 8BF3 MOV ESI, EBX
00405241 |. C1E6 05 SHL ESI, 0x5
00405244 |. 8BFB MOV EDI, EBX
00405246 |. C1EF 1B SHR EDI, 0x1B
00405249 |. 0BF7 OR ESI, EDI
0040524B |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
0040524F |. 33FA XOR EDI, EDX
00405251 |. 33F8 XOR EDI, EAX
00405253 |. 03F7 ADD ESI, EDI
00405255 |. 03B424 3C010000 ADD ESI, DWORD PTR SS:[ESP+0x13C]
0040525C |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
00405262 |. 03CE ADD ECX, ESI
00405264 |. 8B7424 04 MOV ESI, DWORD PTR SS:[ESP+0x4]
00405268 |. C1EE 02 SHR ESI, 0x2
0040526B |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
0040526F |. C1E7 1E SHL EDI, 0x1E
00405272 |. 0BF7 OR ESI, EDI
00405274 |. 897424 04 MOV DWORD PTR SS:[ESP+0x4], ESI
00405278 |. 8BF1 MOV ESI, ECX
0040527A |. C1E6 05 SHL ESI, 0x5
0040527D |. 8BF9 MOV EDI, ECX
0040527F |. C1EF 1B SHR EDI, 0x1B
00405282 |. 0BF7 OR ESI, EDI
00405284 |. 8BFB MOV EDI, EBX
00405286 |. 33F8 XOR EDI, EAX
00405288 |. 337C24 04 XOR EDI, DWORD PTR SS:[ESP+0x4]
0040528C |. 03F7 ADD ESI, EDI
0040528E |. 03B424 40010000 ADD ESI, DWORD PTR SS:[ESP+0x140]
00405295 |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
0040529B |. 03D6 ADD EDX, ESI
0040529D |. 8BF3 MOV ESI, EBX
0040529F |. C1EE 02 SHR ESI, 0x2
004052A2 |. C1E3 1E SHL EBX, 0x1E
004052A5 |. 0BF3 OR ESI, EBX
004052A7 |. 8BDE MOV EBX, ESI
004052A9 |. 8BF2 MOV ESI, EDX
004052AB |. C1E6 05 SHL ESI, 0x5
004052AE |. 8BFA MOV EDI, EDX
004052B0 |. C1EF 1B SHR EDI, 0x1B
004052B3 |. 0BF7 OR ESI, EDI
004052B5 |. 8B7C24 04 MOV EDI, DWORD PTR SS:[ESP+0x4]
004052B9 |. 33F9 XOR EDI, ECX
004052BB |. 33FB XOR EDI, EBX
004052BD |. 03F7 ADD ESI, EDI
004052BF |. 03B424 44010000 ADD ESI, DWORD PTR SS:[ESP+0x144]
004052C6 |. 81C6 D6C162CA ADD ESI, 0xCA62C1D6
004052CC |. 03C6 ADD EAX, ESI
004052CE |. 8BF1 MOV ESI, ECX
004052D0 |. C1EE 02 SHR ESI, 0x2
004052D3 |. C1E1 1E SHL ECX, 0x1E
004052D6 |. 0BF1 OR ESI, ECX
004052D8 |. 8BCE MOV ECX, ESI
004052DA |. 8B3424 MOV ESI, DWORD PTR SS:[ESP]
004052DD |. 0106 ADD DWORD PTR DS:[ESI], EAX ; //更新H0~H5
004052DF |. 8B0424 MOV EAX, DWORD PTR SS:[ESP]
004052E2 |. 0150 04 ADD DWORD PTR DS:[EAX+0x4], EDX
004052E5 |. 8B0424 MOV EAX, DWORD PTR SS:[ESP]
004052E8 |. 0148 08 ADD DWORD PTR DS:[EAX+0x8], ECX
004052EB |. 8B0424 MOV EAX, DWORD PTR SS:[ESP]
004052EE |. 0158 0C ADD DWORD PTR DS:[EAX+0xC], EBX
004052F1 |. 8B0424 MOV EAX, DWORD PTR SS:[ESP]
004052F4 |. 8B5424 04 MOV EDX, DWORD PTR SS:[ESP+0x4]
004052F8 |. 0150 10 ADD DWORD PTR DS:[EAX+0x10], EDX
004052FB |. 81C4 48010000 ADD ESP, 0x148
00405301 |. 5D POP EBP
00405302 |. 5F POP EDI
00405303 |. 5E POP ESI
00405304 |. 5B POP EBX
00405305 \. C3 RETN

对生成的20位SHA-1 hash的前4字节与SHA-1 hash的后面的16字节,依次做4字节的异或:

hash[0~3] ^= hash[4~7] 
hash[0~3] ^= hash[8~11] 
hash[0~3] ^= hash[12~15] 
hash[0~3] ^= hash[16~19]

004055F9 |. B8 04000000 MOV EAX, 0x4
004055FE |. 8D55 D8 LEA EDX, [LOCAL.10]
00405601 |> 8B0A /MOV ECX, DWORD PTR DS:[EDX]
00405603 |. 314D D4 |XOR [LOCAL.11], ECX ; //SHA-1 hash,只处理前4字节
00405606 |. 83C2 04 |ADD EDX, 0x4
00405609 |. 48 |DEC EAX
0040560A |.^ 75 F5 \JNZ SHORT sha1crac.00405601

然后处理注册码信息,将注册码从个位到最到位一次累加:

004041CF |. E8 4CEDFFFF CALL sha1crac.00402F20 ; //取注册码长度
004041D4 |. 8BC8 MOV ECX, EAX
004041D6 |. 41 INC ECX
004041D7 |. 33D2 XOR EDX, EDX
004041D9 |. B8 01000000 MOV EAX, 0x1
004041DE |> 03D2 /ADD EDX, EDX ; //edx = edx + edx
004041E0 |. 8D1492 |LEA EDX, DWORD PTR DS:[EDX+EDX*4] ; //edx = edx + edx * 4
004041E3 |. 8B5D F8 |MOV EBX, [LOCAL.2] ; //上面相当于edx = edx + edx * 2 * 4 = edx + edx * (2^4) = edx + edx * 0x10
004041E6 |. 0FB65C03 FF |MOVZX EBX, BYTE PTR DS:[EBX+EAX-0x1] ; //取1位注册码
004041EB |. 03D3 |ADD EDX, EBX ; //edx = edx + 取出的1位注册码
004041ED |. 83EA 30 |SUB EDX, 0x30 ; //edx = edx - 0x30
004041F0 |. 40 |INC EAX
004041F1 |. 3BC8 |CMP ECX, EAX ; //循环条件
004041F3 |.^ 75 E9 \JNZ SHORT sha1crac.004041DE

将最终的注册码累加和与上面用户名hash处理完的前4字节做异或操作,结果为0即注册成功:

00405614 |. 8BC8 MOV ECX, EAX ; //注册码累加和
00405616 |. 334D D4 XOR ECX, [LOCAL.11] ; //SHA-1 hash首地址
00405619 |> 85C9 TEST ECX, ECX
0040561B |. 75 29 JNZ SHORT sha1crac.00405646 ; //结果为0,则注册成功
0040561D |. 837D F4 00 CMP [LOCAL.3], 0x0
00405621 |. 75 08 JNZ SHORT sha1crac.0040562B
00405623 |. 837D F0 04 CMP [LOCAL.4], 0x4
00405627 |. 76 1D JBE SHORT sha1crac.00405646
00405629 |. EB 02 JMP SHORT sha1crac.0040562D
0040562B |> 7E 19 JLE SHORT sha1crac.00405646
0040562D |> 6A 00 PUSH 0x0 ; /Style = MB_OK|MB_APPLMODAL
0040562F |. 68 AC564000 PUSH sha1crac.004056AC ; |Title = "OK"
00405634 |. 68 AC564000 PUSH sha1crac.004056AC ; |Text = "OK"
00405639 |. A1 0C754000 MOV EAX, DWORD PTR DS:[0x40750C] ; |
0040563E |. 50 PUSH EAX ; |hOwner => 004504FA (‘Crackme only SHA1 - DiKeN‘,class=‘MyWindowClass‘)
0040563F |. E8 E0E9FFFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
00405644 |. EB 17 JMP SHORT sha1crac.0040565D
00405646 |> 6A 00 PUSH 0x0 ; /Style = MB_OK|MB_APPLMODAL
00405648 |. 68 B0564000 PUSH sha1crac.004056B0 ; |Title = "No"
0040564D |. 68 B0564000 PUSH sha1crac.004056B0 ; |Text = "No"
00405652 |. A1 0C754000 MOV EAX, DWORD PTR DS:[0x40750C] ; |
00405657 |. 50 PUSH EAX ; |hOwner => 004504FA (‘Crackme only SHA1 - DiKeN‘,class=‘MyWindowClass‘)
00405658 |. E8 C7E9FFFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA

XOR:相同为0,不同为1,说明注册码的 累加和 == 用户名hash异或后的前4字节,即注册成功。
------------------------------------------------------------------------
【破解总结】软件使用SHA-1算法,对用户名进行hash计算,计算前会在用户名前拼接上DiKeN,然后计算hash,结果的前4字节与SHA-1 hash的后面的16字节,依次做4字节的异或,转换成10进制即为正确注册码。

hash的方式有
hash[0~3] ^= hash[4~7]
hash[0~3] ^= hash[8~11]
hash[0~3] ^= hash[12~15]
hash[0~3] ^= hash[16~19]

最终hash[0~3]转换成10进制即注册码。

写注册机的时间注意大小尾方式。
------------------------------------------------------------------------
【版权声明】无

时间: 2024-09-28 08:15:58

[SHA-1算法练习] sha1crackme算法分析的相关文章

[CRC32算法练习] CRC32CrackMe算法分析

[破文标题][CRC32算法练习] CRC32CrackMe算法分析[破文作者]静心学习[作者邮箱][email protected][作者主页]http://www.cnblogs.com/dacainiao/[破解工具]OD, DEDE, IDA[破解平台]xp sp3[软件名称]CRC32CrackMe[软件大小]40KB[原版下载]http://bbs.pediy.com/attachment.php?attachmentid=6579&d=1183561716[保护方式]无壳[软件简介

[MD5算法练习] MD5CrackMe算法分析

[破文标题][MD5算法练习] MD5CrackMe算法分析[破文作者]静心学习[作者邮箱][email protected][作者主页]http://www.cnblogs.com/dacainiao/[破解工具]OD[破解平台]xp sp3[软件名称]MD5CrackMe[软件大小]72KB[原版下载]http://pan.baidu.com/share/link?shareid=1620370201&uk=892352529[保护方式]无壳[软件简介]一个MD5算法练习的CrackMe[破

普林斯顿公开课 算法1-1:算法分析

为什么要分析算法 分析算法能够预測算法的性能,比較算法之间的优劣,保证算法的正确性,理解算法的理论基础. 成功算法的样例 离散傅立叶变换,假设使用暴力方法,那么算法的复杂度是是N^2,假设使用FFT高速傅立叶变换能够实现O(N logN)复杂度 N-body模拟:使用Barnes-hut算法能够将复杂度减少到N logN 顺便发一张N-body模拟的炫图 Barnes-Hut算法示意图 算法分析的步骤 观察问题的特征和想到得到的结果 依据观察结果提出如果 使用如果来预測可能发生的情况 检測预測结

算法简介及算法分析

算法简介及算法分析 算法简介 算法的定义: 算法是对特定问题求解步骤的一种描述,是指令的有限序列.(所以说只要满足上述条件,即使很简单的一个循环也是算法) 算法具备5个特征: 输入 输出 有穷性 确定性 可行性 什么是好算法: 正确性 鲁棒性 简单性 抽象分级 高效性 算法分析: 高效性是评价一个算法是否是好算法的重要标准,那么我们怎么判断算法是否高效呢?有的人说,把算法用程序语言实现一下,再输入多个测试数据实际检测运行速度(时间频度)和空间开销就好了呗!这种事后统计的方法并不能准确检测,它牵扯

[SHA-1算法练习] SHACrackMe算法分析

[破文标题][SHA-1算法练习] SHACrackMe算法分析[破文作者]静心学习[作者邮箱][email protected][作者主页]http://www.cnblogs.com/dacainiao/[破解工具]OD[破解平台]xp sp3[软件名称]SHACrackMe[软件大小]148KB[原版下载]http://bbs.pediy.com/attachment.php?attachmentid=6581&d=1183561734[保护方式]无壳[软件简介]一个SHA-1的算法练习C

javascript数据结构与算法--基本排序算法分析

javascript中的基本排序算法 对计算机中存储的数据执行的两种最常见操作是排序和检索,排序和检索算法对于前端开发尤其重要,对此我会对这两种算法做深入的研究,而不会和书上一样只是会贴代码而已,下面我会一步步从自己的理解的思路来一步步学习各个排序的思想.不过这些算法依赖于javascript中的数组来存储数据.最后我会来测试下基本算法(冒泡排序,选择排序,插入排序)的那个效率更高! 下面啊,我们先可以来封装常规数组操作的函数,比如:插入新数据,显示数组数据,还有交换数组元素等操作来调用不同的排

数据结构算法1------算法和算法分析

最近面试iOS实习生.几次都是败在数据结构算法上面了.决定重新捡起大学的课本,复习一下数据结构算法相关知识. 1.反转一个链表.循环算法.               1     List   reverse(List   l)   {       2     if(!l)   return   l;       3         list   cur   =   l.next;       4     list   pre   =   l;       5     list   tmp;  

[数据结构与算法]常用排序算法分析与实现:第二部分

声明:原创作品,转载时请注明文章来自SAP师太技术博客:www.cnblogs.com/jiangzhengjun,并以超链接形式标明文章原始出处,否则将追究法律责任!原文链接:http://www.cnblogs.com/jiangzhengjun/p/4289948.html 交换排序 冒泡排序 将最后一个元素与倒数第二个元素对比,如果最后一个元素比倒数第二个小,则交换两个元素的位置,再用倒数第二个元素与倒数第三个元数对比,直到比到第一个元素,这样经过第一趟排序后得到第一个最小元素.如此反复

[数据结构与算法]常用排序算法分析与实现:第一部分

声明:原创作品,转载时请注明文章来自SAP师太技术博客:www.cnblogs.com/jiangzhengjun,并以超链接形式标明文章原始出处,否则将追究法律责任!原文链接:http://www.cnblogs.com/jiangzhengjun/p/4289903.html 插入排序 直接插入排序.希尔排序 选择排序 简单选择排序.堆排序 交换排序 冒泡排序.快速排序 归并排序 基数排序 排序基类 1 package sort; 2 3 import java.util.Arrays; 4