004011A9 movsx ebx, byte ptr [edx+eax] ; bl = eax° char of the password 004011AD add ecx, ebx ; ecx is the partial sum of the password's chars 004011AF movsx ebx, byte ptr [edx+eax] 004011B3 cmp ebx, 30h ; each chars of the password must be >= 0x30 004011B6 jl short loc_4011C1 004011B8 movsx ebx, byte ptr [edx+eax] 004011BC cmp ebx, 39h ; and == than 0x12C 004011D3 jge short loc_4011DA 004011D5 mov al, 1 ; otherwise...you will fail the mission:(( ... 004011DA movsx ebx, byte ptr [edx+eax-1] ; some simple operation... 004011DF xor ecx, ebx 004011E1 movsx ebx, byte ptr [edx+eax-4] 004011E6 xor ecx, ebx 004011E8 movsx eax, byte ptr [edx+eax-6] 004011ED xor ecx, eax 004011EF cmp ecx, 239h ; ecx must be 0x239 004011F5 jnz short loc_4011FC ; if so: ok!;)...otherwise: you fail:( 004011F7 xor eax, eax 它的时间找到正确的序列。 很容易,你可以在手。我选择:0000959009 逸岸:(6 *0x30)+0x35+(3*0x39)=量0x120+0x35+0xAB=0x209 :(((0x209 XOR0x39)XOR0x39)异或0x39)=0x239 这是可能(右)密码(您可以使用5000909009 或0000909239或5555050880,你想要什么...) OK,最后一个任务 |