捕鱼达人资源解密
最近闲的没事,找来的捕鱼达人来剖析了下资源加密算法,仅为喜好研究,并无他意。
首先,PEID 载入发现是 tElock 0.98b1 -> tE! 为了俭省时间,直接脱壳机脱。。。
脱壳后发现,软件是用 Microsoft Visual C++ 7.0 [Debug] debug 表示是 debug 形式编译的程序
然后我们OD载入程序,开端剖析资源加密算法。
载入后停留在
0043DEE6 > 55 push ebp
0043DEE7 8BEC mov ebp,esp
0043DEE9 6A FF push -1
0043DEEB 68 403C4400 push fish1.00443C40
0043DEF0 68 D6E04300 push <jmp.&MSVCRT._except_handler3>
0043DEF5 64:A1 00000000 mov eax,dword ptr fs:[0]
0043DEFB 50 push eax
0043DEFC 64:8925 00000000 mov dword ptr fs:[0],esp
0043DF03 83EC 68 sub esp,68
0043DF06 53 push ebx
0043DF07 56 push esi
0043DF08 57 push edi
0043DF09 8965 E8 mov dword ptr ss:[ebp-18],esp
0043DF0C 33DB xor ebx,ebx
0043DF0E 895D FC mov dword ptr ss:[ebp-4],ebx
0043DF11 6A 02 push 2
0043DF13 FF15 CC004400 call dword ptr ds:[<&MSVCRT.__set_app_type>] ; msvcrt.__set_app_type
0043DF19 59 pop ecx
0043DF1A 830D 88644400 FF or dword ptr ds:[446488],FFFFFFFF
0043DF21 830D 8C644400 FF or dword ptr ds:[44648C],FFFFFFFF
0043DF28 FF15 C8004400 call dword ptr ds:[<&MSVCRT.__p__fmode>] ; msvcrt.__p__fmode
0043DF2E 8B0D 5C644400 mov ecx,dword ptr ds:[44645C]
0043DF34 8908 mov dword ptr ds:[eax],ecx
0043DF36 FF15 C4004400 call dword ptr ds:[<&MSVCRT.__p__commode>] ; msvcrt.__p__commode
由于读取资源文件,肯定要读取文件,我们从读取文件的函数下断点。
00401770 55 push ebp
00401771 8BEC mov ebp,esp
00401773 83EC 48 sub esp,48
00401776 53 push ebx
00401777 56 push esi
00401778 57 push edi
00401779 833D F0174500 0A cmp dword ptr ds:[4517F0],0A
00401780 75 14 jnz short fish--.00401796
00401782 68 E4224400 push fish--.004422E4 ; reach max number of open file //n//n
00401787 E8 F4CB0200 call fish--.0042E380
0040178C 83C4 04 add esp,4
0040178F 33C0 xor eax,eax
00401791 E9 AF000000 jmp fish--.00401845
00401796 C745 FC 00000000 mov dword ptr ss:[ebp-4],0
0040179D EB 09 jmp short fish--.004017A8
0040179F 8B45 FC mov eax,dword ptr ss:[ebp-4]
004017A2 83C0 01 add eax,1
004017A5 8945 FC mov dword ptr ss:[ebp-4],eax
004017A8 837D FC 0A cmp dword ptr ss:[ebp-4],0A
004017AC 7D 11 jge short fish--.004017BF
004017AE 8B45 FC mov eax,dword ptr ss:[ebp-4]
004017B1 833C85 9C174500 0>cmp dword ptr ds:[eax*4+45179C],0
004017B9 75 02 jnz short fish--.004017BD
004017BB EB 02 jmp short fish--.004017BF
004017BD ^ EB E0 jmp short fish--.0040179F
004017BF 837D FC 0A cmp dword ptr ss:[ebp-4],0A
004017C3 75 11 jnz short fish--.004017D6
004017C5 68 CC224400 push fish--.004422CC ; can/'t find idle file //n//n
004017CA E8 B1CB0200 call fish--.0042E380
004017CF 83C4 04 add esp,4
004017D2 33C0 xor eax,eax
004017D4 EB 6F jmp short fish--.00401845
004017D6 8A45 0C mov al,byte ptr ss:[ebp+C]
004017D9 8845 F8 mov byte ptr ss:[ebp-8],al
004017DC C645 F9 62 mov byte ptr ss:[ebp-7],62
004017E0 C645 FA 00 mov byte ptr ss:[ebp-6],0
004017E4 68 60B74400 push fish--.0044B760 ; dy;
004017E9 E8 02210300 call fish--.004338F0
004017EE 83C4 04 add esp,4
004017F1 50 push eax
004017F2 68 60B74400 push fish--.0044B760 ; dy;
004017F7 8B45 08 mov eax,dword ptr ss:[ebp+8]
004017FA 50 push eax
004017FB 68 C0224400 push fish--.004422C0 ; fish.xli //发现读取 fish.xli
00401800 E8 0B280000 call fish--.00404010
00401805 83C4 10 add esp,10
00401808 A3 EC174500 mov dword ptr ds:[4517EC],eax
0040180D C705 F4174500 000>mov dword ptr ds:[4517F4],0
00401817 833D EC174500 00 cmp dword ptr ds:[4517EC],0
0040181E 74 23 je short fish--.00401843
00401820 8B45 FC mov eax,dword ptr ss:[ebp-4]
00401823 C70485 9C174500 0>mov dword ptr ds:[eax*4+45179C],1
0040182E A1 F0174500 mov eax,dword ptr ds:[4517F0]
00401833 83C0 01 add eax,1
00401836 A3 F0174500 mov dword ptr ds:[4517F0],eax
0040183B 8B45 FC mov eax,dword ptr ss:[ebp-4]
0040183E 83C0 01 add eax,1
00401841 EB 02 jmp short fish--.00401845
00401843 33C0 xor eax,eax
00401845 5F pop edi
00401846 5E pop esi
00401847 5B pop ebx
00401848 8BE5 mov esp,ebp
0040184A 5D pop ebp
0040184B C3 retn
剖析读取背景
004238B1 68 B0684400 push fish--.004468B0 ; res/fish/images/bg1.png
004238B6 A1 14D44400 mov eax,dword ptr ds:[44D414]
004238BB 50 push eax
004238BC E8 2F14FEFF call fish--.00404CF0
004238C1 83C4 18 add esp,18
004238C4 85C0 test eax,eax
004238C6 75 07 jnz short fish--.004238CF
004238C8 33C0 xor eax,eax
004238CA E9 205C0000 jmp fish--.004294EF
004238CF A1 14D44400 mov eax,dword ptr ds:[44D414]
004238D4 C700 00050000 mov dword ptr ds:[eax],500
004238DA A1 14D44400 mov eax,dword ptr ds:[44D414]
004238DF C740 04 D0020000 mov dword ptr ds:[eax+4],2D0
004238E6 A1 88774800 mov eax,dword ptr ds:[487788]
004238EB 83C0 01 add eax,1
004238EE A3 88774800 mov dword ptr ds:[487788],eax
004238F3 833D 84774800 00 cmp dword ptr ds:[487784],0
004238FA 74 06 je short fish--.00423902
004238FC FF15 84774800 call dword ptr ds:[487784]
00423902 6A 00 push 0
00423904 6A 00 push 0
00423906 6A 00 push 0
00423908 6A 00 push 0
0042390A 68 98684400 push fish--.00446898 ; res/fish/images/bg2.png
0042390F A1 4CD44400 mov eax,dword ptr ds:[44D44C]
00423914 50 push eax
00423915 E8 D613FEFF call fish--.00404CF0
0042391A 83C4 18 add esp,18
0042391D 85C0 test eax,eax
0042391F 75 07 jnz short fish--.00423928
00423921 33C0 xor eax,eax
00423923 E9 C75B0000 jmp fish--.004294EF
00423928 A1 4CD44400 mov eax,dword ptr ds:[44D44C]
0042392D C700 00050000 mov dword ptr ds:[eax],500
00423933 A1 4CD44400 mov eax,dword ptr ds:[44D44C]
00423938 C740 04 D0020000 mov dword ptr ds:[eax+4],2D0
0042393F A1 88774800 mov eax,dword ptr ds:[487788]
00423944 83C0 01 add eax,1
00423947 A3 88774800 mov dword ptr ds:[487788],eax
0042394C 833D 84774800 00 cmp dword ptr ds:[487784],0
00423953 74 06 je short fish--.0042395B
00423955 FF15 84774800 call dword ptr ds:[487784]
0042395B 6A 00 push 0
0042395D 6A 00 push 0
0042395F 6A 00 push 0
00423961 6A 00 push 0
00423963 68 80684400 push fish--.00446880 ; res/fish/images/bg3.png
00423968 A1 84D44400 mov eax,dword ptr ds:[44D484]
0042396D 50 push eax
0042396E E8 7D13FEFF call fish--.00404CF0
00423973 83C4 18 add esp,18
00423976 85C0 test eax,eax
00423978 75 07 jnz short fish--.00423981
0042397A 33C0 xor eax,eax
0042397C E9 6E5B0000 jmp fish--.004294EF
00423981 A1 84D44400 mov eax,dword ptr ds:[44D484]
00423986 C700 00050000 mov dword ptr ds:[eax],500
0042398C A1 84D44400 mov eax,dword ptr ds:[44D484]
00423991 C740 04 D0020000 mov dword ptr ds:[eax+4],2D0
00423998 A1 88774800 mov eax,dword ptr ds:[487788]
0042399D 83C0 01 add eax,1
004239A0 A3 88774800 mov dword ptr ds:[487788],eax
004239A5 833D 84774800 00 cmp dword ptr ds:[487784],0
004239AC 74 06 je short fish--.004239B4
004239AE FF15 84774800 call dword ptr ds:[487784]
004239B4 6A 00 push 0
004239B6 6A 00 push 0
004239B8 6A 00 push 0
004239BA 6A 00 push 0
004239BC 68 68684400 push fish--.00446868 ; res/fish/images/bg4.png
004239C1 A1 BCD44400 mov eax,dword ptr ds:[44D4BC]
004239C6 50 push eax
004239C7 E8 2413FEFF call fish--.00404CF0
004239CC 83C4 18 add esp,18
004239CF 85C0 test eax,eax
004239D1 75 07 jnz short fish--.004239DA
004239D3 33C0 xor eax,eax
004239D5 E9 155B0000 jmp fish--.004294EF
004239DA A1 BCD44400 mov eax,dword ptr ds:[44D4BC]
004239DF C700 00050000 mov dword ptr ds:[eax],500
004239E5 A1 BCD44400 mov eax,dword ptr ds:[44D4BC]
004239EA C740 04 D0020000 mov dword ptr ds:[eax+4],2D0
004239F1 A1 88774800 mov eax,dword ptr ds:[487788]
004239F6 83C0 01 add eax,1
004239F9 A3 88774800 mov dword ptr ds:[487788],eax
004239FE 833D 84774800 00 cmp dword ptr ds:[487784],0
00423A05 74 06 je short fish--.00423A0D
00423A07 FF15 84774800 call dword ptr ds:[487784]
00423A0D 6A 00 push 0
00423A0F 6A 00 push 0
00423A11 6A 00 push 0
00423A13 6A 00 push 0
00423A15 68 48684400 push fish--.00446848 ; res/fish/images/emplacement.png
00423A1A A1 F4D44400 mov eax,dword ptr ds:[44D4F4]
00423A1F 50 push eax
00423A20 E8 CB12FEFF call fish--.00404CF0
00423A25 83C4 18 add esp,18
00423A28 85C0 test eax,eax
00423A2A 75 07 jnz short fish--.00423A33
00423A2C 33C0 xor eax,eax
00423A2E E9 BC5A0000 jmp fish--.004294EF
00423A33 A1 F4D44400 mov eax,dword ptr ds:[44D4F4]
00423A38 C700 00010000 mov dword ptr ds:[eax],100
00423A3E A1 F4D44400 mov eax,dword ptr ds:[44D4F4]
00423A43 C740 04 60000000 mov dword ptr ds:[eax+4],60
00423A4A A1 88774800 mov eax,dword ptr ds:[487788]
00423A4F 83C0 01 add eax,1
00423A52 A3 88774800 mov dword ptr ds:[487788],eax
00423A57 833D 84774800 00 cmp dword ptr ds:[487784],0
00423A5E 74 06 je short fish--.00423A66
00423A60 FF15 84774800 call dword ptr ds:[487784]
00423A66 6A 00 push 0
00423A68 6A 00 push 0
00423A6A 6A 00 push 0
00423A6C 6A 00 push 0
00423A6E 68 2C684400 push fish--.0044682C ; res/fish/images/coin.png
00423A73 A1 2CD54400 mov eax,dword ptr ds:[44D52C]
00423A78 50 push eax
00423A79 E8 7212FEFF call fish--.00404CF0
00423A7E 83C4 18 add esp,18
00423A81 85C0 test eax,eax
00423A83 75 07 jnz short fish--.00423A8C
00423A85 33C0 xor eax,eax
00423A87 E9 635A0000 jmp fish--.004294EF
00423A8C A1 2CD54400 mov eax,dword ptr ds:[44D52C]
00423A91 C700 E2030000 mov dword ptr ds:[eax],3E2
00423A97 A1 2CD54400 mov eax,dword ptr ds:[44D52C]
00423A9C C740 04 E0030000 mov dword ptr ds:[eax+4],3E0
00423AA3 A1 2CD54400 mov eax,dword ptr ds:[44D52C]
00423AA8 C740 0C 11000000 mov dword ptr ds:[eax+C],11
00423AAF A1 88774800 mov eax,dword ptr ds:[487788]
00423AB4 83C0 01 add eax,1
00423AB7 A3 88774800 mov dword ptr ds:[487788],eax
00423ABC 833D 84774800 00 cmp dword ptr ds:[487784],0
00423AC3 74 06 je short fish--.00423ACB
00423AC5 FF15 84774800 call dword ptr ds:[487784]
00423ACB 6A 00 push 0
00423ACD 6A 00 push 0
00423ACF 6A 00 push 0
00423AD1 6A 00 push 0
00423AD3 68 F4264400 push fish--.004426F4 ; res/fish/images/bubble.png
00423AD8 A1 64D54400 mov eax,dword ptr ds:[44D564]
00423ADD 50 push eax
00423ADE E8 0D12FEFF call fish--.00404CF0
00423AE3 83C4 18 add esp,18
00423AE6 85C0 test eax,eax
00423AE8 75 07 jnz short fish--.00423AF1
00423AEA 33C0 xor eax,eax
00423AEC E9 FE590000 jmp fish--.004294EF
00423AF1 A1 64D54400 mov eax,dword ptr ds:[44D564]
00423AF6 C700 00010000 mov dword ptr ds:[eax],100
00423AFC A1 64D54400 mov eax,dword ptr ds:[44D564]
00423B01 C740 04 00010000 mov dword ptr ds:[eax+4],100
00423B08 A1 64D54400 mov eax,dword ptr ds:[44D564]
00423B0D C740 0C 11000000 mov dword ptr ds:[eax+C],11
00423B14 A1 88774800 mov eax,dword ptr ds:[487788]
00423B19 83C0 01 add eax,1
00423B1C A3 88774800 mov dword ptr ds:[487788],eax
00423B21 833D 84774800 00 cmp dword ptr ds:[487784],0
00423B28 74 06 je short fish--.00423B30
00423B2A FF15 84774800 call dword ptr ds:[487784]
00423B30 6A 00 push 0
好了,就说到这里,大家有兴味能够本人剖析下,这个还是比拟好剖析的。
标签:
上一篇:深海捕鱼/捕鱼达人游戏简介
下一篇:36棋牌的捕鱼达人游戏不错