# 分析
00FC128D . call CFPL.00FC1870 ; 检测用户名和密码是否一致
00FC1292 . add esp,0x8
00FC1295 . test al,al ; 用户名和密码需要不一致
00FC1297 . jnz short CFPL.00FC12F2
00FC1299 . mov ecx,dword ptr ss:[ebp] ; 用 户 名
00FC129C . mov ebx,dword ptr ds:[ecx-0xC] ; 长度
00FC129F . cmp ebx,0x8
00FC12A2 . jl short CFPL.00FC12F2 ; 不小于8
00FC12A4 . xor eax,eax
00FC12A6 . test ebx,ebx
00FC12A8 . jle short CFPL.00FC12E2
00FC12AA . lea edx,dword ptr ds:[ebx-0x1] ; 长度减一
00FC12AD . lea edi,dword ptr ds:[ebx+ebw-0x2] ; 长度+长度-2
00FC12B1 > test eax,eax
00FC12B3 . jl short CFPL.00FC1304
00FC12B5 . mov esi,dword ptr ss:[ebp] ; 用户名
00FC12B8 . cmp eax,dword ptr ds:[esi-0xC] ; 长度
00FC12BB . jg short CFPL.00FC1304
00FC12BD . test edx,edx ; 减一的
00FC12BF . jl short CFPL.00FC1304
00FC12C1 . mov ecx,dword ptr ss:[esp+0x14]
00FC12C5 . add ecx,0x7C
00FC12C8 . mov ecx,dword ptr ds:[ecx] ; 密码
00FC12CA . cmp edx,dword ptr ds:[ecx-0xC] ; 长度
00FC12CD . jg short CFPL.00FC1304
00FC12CF . mov si,word ptr ds:[esi+eax*2]
00FC12D3 . cmp si,word ptr ds:[edi+ecx]
00FC12D7 . jnz short CFPL.00FC12F2
00FC12D9 . inc eax
00FC12DA . sub edi,0x2
00FC12DD . dec edx
00FC12DE . cmp eax,ebx
00FC12E0 .^ jl short CFPL.00FC12B1
00FC12E2 > mov eax,dword ptr ds:[0x10055C0]
00FC12E7 . test eax,eax
00FC12E9 . je short CFPL.00FC12F2
00FC12EB . push eax ; /hEvent = 00000104 (window)
00FC12EC . call dword ptr ds:[<&KERNEL32.SetEvent>] ; \SetEvent
00FC12F2 > >cmp dword ptr ds:[0x1002A64],0x0
00FC12F9 .^ jnz CFPL.00FC1240
00FC12FF . pop esi
00FC1300 . pop ebp
00FC1301 . pop ebx
00FC1302 > pop edi
00FC1303 . retn
分析得出用户名和密码是相反顺序
|