刺激战场
六合彩
贵宾厅
  • 2494阅读
  • 0回复

8 初级篇综合运用实例--赌博机 [复制链接]

上一主题 下一主题
离线啊冲
 

只看楼主 倒序阅读 使用道具 楼主  发表于: 2014-07-26
— 本帖被 啊冲 执行加亮操作(2014-07-26) —
零起点跟我学逆向C语言
啊冲 QQ109688759


初级篇综合运用实例--赌博机

VC6中的代码如下:

#include <stdio.h>
#include <stdlib.h>
#include <conio.h>
#include <time.h>
int a,b,c,bet,BetMoney;
int PlayerMoney=1000,DealerMoney=1000;
char ch;

void ShowToScreen()
{
    printf("        欢迎使用赌博机1.0\n");
    printf("*******************************************\n");
    printf("123貂子\n");
    printf("规则啥的都不打了大家自己看视频\n");
}
int GetBet()
{
    int BetType;
    printf("请选择下注方式:");
    printf("1大,2小,3");
    printf("请下注");
    scanf("%d",&BetType);
    if ((BetType==1)||(BetType==2)||(BetType==3))
    {
        return BetType;
    }
    else
    {
        return 1;
    }
}
int GetAmount()
{
    int BetMoney;
    printf("您要押多少元宝(最少10个,最多100个):");
    scanf("%d",&BetMoney);
    if (BetMoney<10)
    {
        BetMoney=10;
    }
    if (BetMoney>100)
    {
        BetMoney=100;
    }
    return BetMoney;
}
void Throw()
{
    printf("欢迎您体验赌博机,按键盘任意键掷出骰子");
    getchar();
    srand(time(0));
    while(!kbhit())
    {
        a=rand()%6+1;
        b=rand()%6+1;
        c=rand()%6+1;
        system("cls");
        printf("骰子在转动......\n");
        printf("第一骰子是:%d \n第二骰子是:%d \n第三骰子是:%d\n",a,b,c);
    }

}
int Judge(int a,int b,int c)
{
    if (a==b&&a==c)
    {
        return 3;
    }
    if (a+b+c>10)
    {
        return 1;
    }
    if (a+b+c<11)
    {
        return 2;
    }
}
void MoneyCalc()
{
    if (Judge(a,b,c)==3)
    {
        if (bet==3)
        {
            BetMoney*=10;
            PlayerMoney+=BetMoney;
            DealerMoney-=BetMoney;
            printf("豹子,10倍赔率,您赢了庄家%d元宝,您现在有%d元宝,庄家有%d元宝\n",BetMoney,PlayerMoney,DealerMoney);
        }
        else
        {
            BetMoney*=10;
            PlayerMoney-=BetMoney;
            DealerMoney+=BetMoney;
            printf("豹子,10倍赔率,你输了%d元宝,您现在有%d元宝,庄家有%d元宝\n",BetMoney,PlayerMoney,DealerMoney);
        }
        
    }
    if (Judge(a,b,c)==1)
    {
        if (bet==1)
        {
            BetMoney*=2;
            PlayerMoney+=BetMoney;
            DealerMoney-=BetMoney;
            printf(",2倍赔率,您赢了庄家%d元宝,您现在有%d元宝,庄家有%d元宝\n",BetMoney,PlayerMoney,DealerMoney);
        }
        else
        {
            BetMoney*=2;
            PlayerMoney-=BetMoney;
            DealerMoney+=BetMoney;
            printf(",2倍赔率,你输了%d元宝,您现在有%d元宝,庄家有%d元宝\n",BetMoney,PlayerMoney,DealerMoney);
        }
    }
    if (Judge(a,c,b)==2)
    {
        if (bet==2)
        {
            BetMoney*=2;
            PlayerMoney+=BetMoney;
            DealerMoney-=BetMoney;
            printf(",2倍赔率,您赢了庄家%d元宝,您现在有%d元宝,庄家有%d元宝\n",BetMoney,PlayerMoney,DealerMoney);
        }
        else
        {
            BetMoney*=2;
            PlayerMoney-=BetMoney;
            DealerMoney+=BetMoney;
            printf(",2倍赔率,你输了%d元宝,您现在有%d元宝,庄家有%d元宝\n",BetMoney,PlayerMoney,DealerMoney);
        }

    }
}
int check(int pm,int dm)
{
    if (pm<=0)
    {
        if (pm==0)
        {
            printf("您输光所有的钱,被赶出赌场!\n");
        }
        else
        {
            printf("现在您欠庄家%d元宝,如果您不能在三日内还清欠款,那么后果将不堪设想。\n",abs(pm));
        }
        return 0;
    }
    if (dm<=0)
    {
        if (dm==0)
        {
            printf("庄家输光所有的钱,他不想再和你赌了!\n");
        }
        else
        {
            printf("现在庄家欠您%d元宝,如果他不能在三日内还清欠款,那么赌场将抵押给您。\n",abs(dm));
        }
        return 0;
    }
    return 1;
}
int main()
{
    ShowToScreen();
    int CheckMoney;
    while(1)
    {
        if (PlayerMoney<10)
        {
            printf("您没有10个元宝,不能继续赌博. \n");
            break;
        }
        if (DealerMoney<10)
        {
            printf("庄家中足10个元宝,没有资格继续赌博。\n");
            break;
        }
        bet=GetBet();
repeat:BetMoney=GetAmount();
        if (BetMoney>PlayerMoney)
        {
            printf("您没有这么多元宝,请重新输入. \n");
            goto repeat;
        }
        if (BetMoney>DealerMoney)
        {
            printf("庄家没有这么多元宝,他要求您重新下注. \n");
            goto repeat;
        }

        Throw();
        MoneyCalc();
        getchar();
        CheckMoney=check(PlayerMoney,DealerMoney);
        if (CheckMoney==0)
        break;
        printf("继续玩么(退出请按q键,继续请按其它键)\n");
        getch();
        ch=getch();
        if (ch=='q') break;
    }

    getchar();
    return 0;
}

VC6反汇编模式下:

162:  int main()
163:  {
004017E0   push        ebp
004017E1   mov         ebp,esp
004017E3   sub         esp,4Ch
004017E6   push        ebx
004017E7   push        esi
004017E8   push        edi
004017E9   lea         edi,[ebp-4Ch]
004017EC   mov         ecx,13h
004017F1   mov         eax,0CCCCCCCCh
004017F6   rep stos    dword ptr [edi]
164:      ShowToScreen();
004017F8   call        @ILT+10(ShowToScreen) (0040100f)
165:      int CheckMoney;
166:      while(1)
004017FD   mov         eax,1
00401802   test        eax,eax
00401804   je          repeat+0E5h (0040192f)
167:      {
168:          if (PlayerMoney<10)
0040180A   cmp         dword ptr [PlayerMoney (0042ba40)],0Ah
00401811   jge         main+45h (00401825)
169:          {
170:              printf("您没有10个元宝,不能继续赌博. \n");
00401813   push        offset string "\xc4\xfa\xc3\xbb\xd3\xd010\xb8\xf6\xd4\xaa\xb1\xa6\xa3\xac\xb2\xbb\xc4\xd
00401818   call        printf (004019a0)
0040181D   add         esp,4
171:              break;
00401820   jmp         repeat+0E5h (0040192f)
172:          }
173:          if (DealerMoney<10)
00401825   cmp         dword ptr [DealerMoney (0042ba44)],0Ah
0040182C   jge         main+60h (00401840)
174:          {
175:              printf("庄家中足10个元宝,没有资格继续赌博。\n");
0040182E   push        offset string "\xd7\xaf\xbc\xd2\xd6\xd0\xd7\xe310\xb8\xf6\xd4\xaa\xb1\xa6\xa3\xac\xc3\xb
00401833   call        printf (004019a0)
00401838   add         esp,4
176:              break;
0040183B   jmp         repeat+0E5h (0040192f)
177:          }
178:          bet=GetBet();
00401840   call        @ILT+0(GetBet) (00401005)
00401845   mov         [bet (0042f1d8)],eax
179:  repeat:BetMoney=GetAmount();
0040184A   call        @ILT+20(GetAmount) (00401019)
0040184F   mov         [BetMoney (0042f1ec)],eax
180:          if (BetMoney>PlayerMoney)
00401854   mov         ecx,dword ptr [BetMoney (0042f1ec)]
0040185A   cmp         ecx,dword ptr [PlayerMoney (0042ba40)]
00401860   jle         repeat+27h (00401871)
181:          {
182:              printf("您没有这么多元宝,请重新输入. \n");
00401862   push        offset string "\xc4\xfa\xc3\xbb\xd3\xd0\xd5\xe2\xc3\xb4\xb6\xe0\xd4\xaa\xb1\xa6\xa3\xac\
00401867   call        printf (004019a0)
0040186C   add         esp,4
183:              goto repeat;
0040186F   jmp         repeat (0040184a)
184:          }
185:          if (BetMoney>DealerMoney)
00401871   mov         edx,dword ptr [BetMoney (0042f1ec)]
00401877   cmp         edx,dword ptr [DealerMoney (0042ba44)]
0040187D   jle         repeat+44h (0040188e)
186:          {
187:              printf("庄家没有这么多元宝,他要求您重新下注. \n");
0040187F   push        offset string "\xd7\xaf\xbc\xd2\xc3\xbb\xd3\xd0\xd5\xe2\xc3\xb4\xb6\xe0\xd4\xaa\xb1\xa6\
00401884   call        printf (004019a0)
00401889   add         esp,4
188:              goto repeat;
0040188C   jmp         repeat (0040184a)
189:          }
190:
191:          Throw();
0040188E   call        @ILT+35(Throw) (00401028)
192:          MoneyCalc();
00401893   call        @ILT+30(MoneyCalc) (00401023)
193:          getchar();
00401898   mov         eax,[__iob+4 (0042ba54)]
0040189D   sub         eax,1
004018A0   mov         [__iob+4 (0042ba54)],eax
004018A5   cmp         dword ptr [__iob+4 (0042ba54)],0
004018AC   jl          repeat+85h (004018cf)
004018AE   mov         ecx,dword ptr [__iob (0042ba50)]
004018B4   movsx       edx,byte ptr [ecx]
004018B7   and         edx,0FFh
004018BD   mov         dword ptr [ebp-8],edx
004018C0   mov         eax,[__iob (0042ba50)]
004018C5   add         eax,1
004018C8   mov         [__iob (0042ba50)],eax
004018CD   jmp         repeat+95h (004018df)
004018CF   push        offset __iob (0042ba50)
004018D4   call        _filbuf (00401da0)
004018D9   add         esp,4
004018DC   mov         dword ptr [ebp-8],eax
194:          CheckMoney=check(PlayerMoney,DealerMoney);
004018DF   mov         ecx,dword ptr [DealerMoney (0042ba44)]
004018E5   push        ecx
004018E6   mov         edx,dword ptr [PlayerMoney (0042ba40)]
004018EC   push        edx
004018ED   call        @ILT+5(check) (0040100a)
004018F2   add         esp,8
004018F5   mov         dword ptr [ebp-4],eax
195:          if (CheckMoney==0)
004018F8   cmp         dword ptr [ebp-4],0
004018FC   jne         repeat+0B6h (00401900)
196:          break;
004018FE   jmp         repeat+0E5h (0040192f)
197:          printf("继续玩么(退出请按q键,继续请按其它键)\n");
00401900   push        offset string "\xbc\xcc\xd0\xf8\xcd\xe6\xc3\xb4\xa3\xa8\xcd\xcb\xb3\xf6\xc7\xeb\xb0\xb4q
00401905   call        printf (004019a0)
0040190A   add         esp,4
198:          getch();
0040190D   call        _getch (00412cd0)
199:          ch=getch();
00401912   call        _getch (00412cd0)
00401917   mov         [ch (0042f1e8)],al
200:          if (ch=='q') break;
0040191C   movsx       eax,byte ptr [ch (0042f1e8)]
00401923   cmp         eax,71h
00401926   jne         repeat+0E0h (0040192a)
00401928   jmp         repeat+0E5h (0040192f)
201:      }
0040192A   jmp         main+1Dh (004017fd)
202:
203:      getchar();
0040192F   mov         ecx,dword ptr [__iob+4 (0042ba54)]
00401935   sub         ecx,1
00401938   mov         dword ptr [__iob+4 (0042ba54)],ecx
0040193E   cmp         dword ptr [__iob+4 (0042ba54)],0
00401945   jl          repeat+11Fh (00401969)
00401947   mov         edx,dword ptr [__iob (0042ba50)]
0040194D   movsx       eax,byte ptr [edx]
00401950   and         eax,0FFh
00401955   mov         dword ptr [ebp-0Ch],eax
00401958   mov         ecx,dword ptr [__iob (0042ba50)]
0040195E   add         ecx,1
00401961   mov         dword ptr [__iob (0042ba50)],ecx
00401967   jmp         repeat+12Fh (00401979)
00401969   push        offset __iob (0042ba50)
0040196E   call        _filbuf (00401da0)
00401973   add         esp,4
00401976   mov         dword ptr [ebp-0Ch],eax
204:      return 0;
00401979   xor         eax,eax
205:  }
0040197B   pop         edi
0040197C   pop         esi
0040197D   pop         ebx
0040197E   add         esp,4Ch
00401981   cmp         ebp,esp
00401983   call        __chkesp (00401a20)
00401988   mov         esp,ebp
0040198A   pop         ebp
0040198B   ret


ShowToScreen函数

10:   {
00401060   push        ebp
00401061   mov         ebp,esp
00401063   sub         esp,40h
00401066   push        ebx
00401067   push        esi
00401068   push        edi
00401069   lea         edi,[ebp-40h]
0040106C   mov         ecx,10h
00401071   mov         eax,0CCCCCCCCh
00401076   rep stos    dword ptr [edi]
11:       printf("        欢迎使用赌博机1.0\n");
00401078   push        offset string "        \xbb\xb6\xd3\xad\xca\xb9\xd3\xc3\xb6\xc4\xb2\xa9\xbb\xfa1.0\n" (0
0040107D   call        printf (004019a0)
00401082   add         esp,4
12:       printf("*******************************************\n");
00401085   push        offset string "********************************"... (00429058)
0040108A   call        printf (004019a0)
0040108F   add         esp,4
13:       printf("123貂子\n");
00401092   push        offset string "1\xb4\xf3 2\xd0\xa1 3\xf5\xf5\xd7\xd3\n" (00429044)
00401097   call        printf (004019a0)
0040109C   add         esp,4
14:       printf("规则啥的都不打了大家自己看视频\n");
0040109F   push        offset string "\xb9\xe6\xd4\xf2\xc9\xb6\xb5\xc4\xb6\xbc\xb2\xbb\xb4\xf2\xc1\xcb\xb4\xf3\
004010A4   call        printf (004019a0)
004010A9   add         esp,4
15:   }
004010AC   pop         edi
004010AD   pop         esi
004010AE   pop         ebx
004010AF   add         esp,40h
004010B2   cmp         ebp,esp
004010B4   call        __chkesp (00401a20)
004010B9   mov         esp,ebp
004010BB   pop         ebp
004010BC   ret

GetBet函数
17:   {
004010E0   push        ebp
004010E1   mov         ebp,esp
004010E3   sub         esp,44h
004010E6   push        ebx
004010E7   push        esi
004010E8   push        edi
004010E9   lea         edi,[ebp-44h]
004010EC   mov         ecx,11h
004010F1   mov         eax,0CCCCCCCCh
004010F6   rep stos    dword ptr [edi]
18:       int BetType;
19:       printf("请选择下注方式:");
004010F8   push        offset string "\xc7\xeb\xd1\xa1\xd4\xf1\xcf\xc2\xd7\xa2\xb7\xbd\xca\xbd\xa3\xba" (004290
004010FD   call        printf (004019a0)
00401102   add         esp,4
20:       printf("1大,2小,3");
00401105   push        offset string "1\xb4\xf3\xa3\xac2\xd0\xa1\xa3\xac3\xb1\xaa" (004290bc)
0040110A   call        printf (004019a0)
0040110F   add         esp,4
21:       printf("请下注");
00401112   push        offset string "\xc7\xeb\xcf\xc2\xd7\xa2" (004290b4)
00401117   call        printf (004019a0)
0040111C   add         esp,4
22:       scanf("%d",&BetType);
0040111F   lea         eax,[ebp-4]
00401122   push        eax
00401123   push        offset string "%d" (004290b0)
00401128   call        scanf (00401a60)
0040112D   add         esp,8
23:       if ((BetType==1)||(BetType==2)||(BetType==3))
00401130   cmp         dword ptr [ebp-4],1
00401134   je          GetBet+62h (00401142)
00401136   cmp         dword ptr [ebp-4],2
0040113A   je          GetBet+62h (00401142)
0040113C   cmp         dword ptr [ebp-4],3
00401140   jne         GetBet+67h (00401147)
24:       {
25:           return BetType;
00401142   mov         eax,dword ptr [ebp-4]
00401145   jmp         GetBet+6Ch (0040114c)
26:       }
27:       else
28:       {
29:           return 1;
00401147   mov         eax,1
30:       }
31:   }
0040114C   pop         edi
0040114D   pop         esi
0040114E   pop         ebx
0040114F   add         esp,44h
00401152   cmp         ebp,esp
00401154   call        __chkesp (00401a20)
00401159   mov         esp,ebp
0040115B   pop         ebp
0040115C   ret

GetAmount函数

33:   {
00401180   push        ebp
00401181   mov         ebp,esp
00401183   sub         esp,44h
00401186   push        ebx
00401187   push        esi
00401188   push        edi
00401189   lea         edi,[ebp-44h]
0040118C   mov         ecx,11h
00401191   mov         eax,0CCCCCCCCh
00401196   rep stos    dword ptr [edi]
34:       int BetMoney;
35:       printf("您要押多少元宝(最少10个,最多100个):");
00401198   push        offset string "\xc4\xfa\xd2\xaa\xd1\xba\xb6\xe0\xc9\xd9\xd4\xaa\xb1\xa6\xa3\xa8\xd7\xee\
0040119D   call        printf (004019a0)
004011A2   add         esp,4
36:       scanf("%d",&BetMoney);
004011A5   lea         eax,[ebp-4]
004011A8   push        eax
004011A9   push        offset string "%d" (004290b0)
004011AE   call        scanf (00401a60)
004011B3   add         esp,8
37:       if (BetMoney<10)
004011B6   cmp         dword ptr [ebp-4],0Ah
004011BA   jge         GetAmount+43h (004011c3)
38:       {
39:           BetMoney=10;
004011BC   mov         dword ptr [ebp-4],0Ah
40:       }
41:       if (BetMoney>100)
004011C3   cmp         dword ptr [ebp-4],64h
004011C7   jle         GetAmount+50h (004011d0)
42:       {
43:           BetMoney=100;
004011C9   mov         dword ptr [ebp-4],64h
44:       }
45:       return BetMoney;
004011D0   mov         eax,dword ptr [ebp-4]
46:   }
004011D3   pop         edi
004011D4   pop         esi
004011D5   pop         ebx
004011D6   add         esp,44h
004011D9   cmp         ebp,esp
004011DB   call        __chkesp (00401a20)
004011E0   mov         esp,ebp
004011E2   pop         ebp
004011E3   ret

Throw函数

48:   {
00401200   push        ebp
00401201   mov         ebp,esp
00401203   sub         esp,44h
00401206   push        ebx
00401207   push        esi
00401208   push        edi
00401209   lea         edi,[ebp-44h]
0040120C   mov         ecx,11h
00401211   mov         eax,0CCCCCCCCh
00401216   rep stos    dword ptr [edi]
49:       printf("欢迎您体验赌博机,按键盘任意键掷出骰子");
00401218   push        offset string "\xbb\xb6\xd3\xad\xc4\xfa\xcc\xe5\xd1\xe9\xb6\xc4\xb2\xa9\xbb\xfa\xa3\xac\
0040121D   call        printf (004019a0)
00401222   add         esp,4
50:       getchar();
00401225   mov         eax,[__iob+4 (0042ba54)]
0040122A   sub         eax,1
0040122D   mov         [__iob+4 (0042ba54)],eax
00401232   cmp         dword ptr [__iob+4 (0042ba54)],0
00401239   jl          Throw+5Ch (0040125c)
0040123B   mov         ecx,dword ptr [__iob (0042ba50)]
00401241   movsx       edx,byte ptr [ecx]
00401244   and         edx,0FFh
0040124A   mov         dword ptr [ebp-4],edx
0040124D   mov         eax,[__iob (0042ba50)]
00401252   add         eax,1
00401255   mov         [__iob (0042ba50)],eax
0040125A   jmp         Throw+6Ch (0040126c)
0040125C   push        offset __iob (0042ba50)
00401261   call        _filbuf (00401da0)
00401266   add         esp,4
00401269   mov         dword ptr [ebp-4],eax
51:       srand(time(0));
0040126C   push        0
0040126E   call        time (00401c10)
00401273   add         esp,4
00401276   push        eax
00401277   call        srand (00401bd0)
0040127C   add         esp,4
52:       while(!kbhit())
0040127F   call        _kbhit (00412e50)
00401284   test        eax,eax
00401286   jne         Throw+10Eh (0040130e)
53:       {
54:           a=rand()%6+1;
0040128C   call        rand (00401be0)
00401291   cdq
00401292   mov         ecx,6
00401297   idiv        eax,ecx
00401299   add         edx,1
0040129C   mov         dword ptr [a (0042f1dc)],edx
55:           b=rand()%6+1;
004012A2   call        rand (00401be0)
004012A7   cdq
004012A8   mov         ecx,6
004012AD   idiv        eax,ecx
004012AF   add         edx,1
004012B2   mov         dword ptr [b (0042f1e0)],edx
56:           c=rand()%6+1;
004012B8   call        rand (00401be0)
004012BD   cdq
004012BE   mov         ecx,6
004012C3   idiv        eax,ecx
004012C5   add         edx,1
004012C8   mov         dword ptr [c (0042f1e4)],edx
57:           system("cls");
004012CE   push        offset string "cls" (00429168)
004012D3   call        system (00401ac0)
004012D8   add         esp,4
58:           printf("骰子在转动......\n");
004012DB   push        offset string "\xf7\xbb\xd7\xd3\xd4\xda\xd7\xaa\xb6\xaf......\n" (00429150)
004012E0   call        printf (004019a0)
004012E5   add         esp,4
59:           printf("第一骰子是:%d \n第二骰子是:%d \n第三骰子是:%d\n",a,b,c);
004012E8   mov         edx,dword ptr [c (0042f1e4)]
004012EE   push        edx
004012EF   mov         eax,[b (0042f1e0)]
004012F4   push        eax
004012F5   mov         ecx,dword ptr [a (0042f1dc)]
004012FB   push        ecx
004012FC   push        offset string "\xb5\xda\xd2\xbb\xf7\xbb\xd7\xd3\xca\xc7\xa3\xba%d \n\xb5\xda\xb6\xfe\xf7
00401301   call        printf (004019a0)
00401306   add         esp,10h
60:       }
00401309   jmp         Throw+7Fh (0040127f)
61:
62:   }
0040130E   pop         edi
0040130F   pop         esi
00401310   pop         ebx
00401311   add         esp,44h
00401314   cmp         ebp,esp
00401316   call        __chkesp (00401a20)
0040131B   mov         esp,ebp
0040131D   pop         ebp
0040131E   ret

MoneyCalc函数

79:   {
004013F0   push        ebp
004013F1   mov         ebp,esp
004013F3   sub         esp,40h
004013F6   push        ebx
004013F7   push        esi
004013F8   push        edi
004013F9   lea         edi,[ebp-40h]
004013FC   mov         ecx,10h
00401401   mov         eax,0CCCCCCCCh
00401406   rep stos    dword ptr [edi]
80:       if (Judge(a,b,c)==3)
00401408   mov         eax,[c (0042f1e4)]
0040140D   push        eax
0040140E   mov         ecx,dword ptr [b (0042f1e0)]
00401414   push        ecx
00401415   mov         edx,dword ptr [a (0042f1dc)]
0040141B   push        edx
0040141C   call        @ILT+15(Judge) (00401014)
00401421   add         esp,0Ch
00401424   cmp         eax,3
00401427   jne         MoneyCalc+0ECh (004014dc)
81:       {
82:           if (bet==3)
0040142D   cmp         dword ptr [bet (0042f1d8)],3
00401434   jne         MoneyCalc+9Ah (0040148a)
83:           {
84:               BetMoney*=10;
00401436   mov         eax,[BetMoney (0042f1ec)]
0040143B   imul        eax,eax,0Ah
0040143E   mov         [BetMoney (0042f1ec)],eax
85:               PlayerMoney+=BetMoney;
00401443   mov         ecx,dword ptr [PlayerMoney (0042ba40)]
00401449   add         ecx,dword ptr [BetMoney (0042f1ec)]
0040144F   mov         dword ptr [PlayerMoney (0042ba40)],ecx
86:               DealerMoney-=BetMoney;
00401455   mov         edx,dword ptr [DealerMoney (0042ba44)]
0040145B   sub         edx,dword ptr [BetMoney (0042f1ec)]
00401461   mov         dword ptr [DealerMoney (0042ba44)],edx
87:               printf("豹子,10倍赔率,您赢了庄家%d元宝,您现在有%d元宝,庄家有%d元宝\n",BetMoney,PlayerMoney,DealerMoney);
00401467   mov         eax,[DealerMoney (0042ba44)]
0040146C   push        eax
0040146D   mov         ecx,dword ptr [PlayerMoney (0042ba40)]
00401473   push        ecx
00401474   mov         edx,dword ptr [BetMoney (0042f1ec)]
0040147A   push        edx
0040147B   push        offset string "\xb1\xaa\xd7\xd3,10\xb1\xb6\xc5\xe2\xc2\xca\xa3\xac\xc4\xfa\xd3\xae\xc1\x
00401480   call        printf (004019a0)
00401485   add         esp,10h
88:           }
89:           else
00401488   jmp         MoneyCalc+0ECh (004014dc)
90:           {
91:               BetMoney*=10;
0040148A   mov         eax,[BetMoney (0042f1ec)]
0040148F   imul        eax,eax,0Ah
00401492   mov         [BetMoney (0042f1ec)],eax
92:               PlayerMoney-=BetMoney;
00401497   mov         ecx,dword ptr [PlayerMoney (0042ba40)]
0040149D   sub         ecx,dword ptr [BetMoney (0042f1ec)]
004014A3   mov         dword ptr [PlayerMoney (0042ba40)],ecx
93:               DealerMoney+=BetMoney;
004014A9   mov         edx,dword ptr [DealerMoney (0042ba44)]
004014AF   add         edx,dword ptr [BetMoney (0042f1ec)]
004014B5   mov         dword ptr [DealerMoney (0042ba44)],edx
94:               printf("豹子,10倍赔率,你输了%d元宝,您现在有%d元宝,庄家有%d元宝\n",BetMoney,PlayerMoney,DealerMoney);
004014BB   mov         eax,[DealerMoney (0042ba44)]
004014C0   push        eax
004014C1   mov         ecx,dword ptr [PlayerMoney (0042ba40)]
004014C7   push        ecx
004014C8   mov         edx,dword ptr [BetMoney (0042f1ec)]
004014CE   push        edx
004014CF   push        offset string "\xb1\xaa\xd7\xd3,10\xb1\xb6\xc5\xe2\xc2\xca\xa3\xac\xc4\xe3\xca\xe4\xc1\x
004014D4   call        printf (004019a0)
004014D9   add         esp,10h
95:           }
96:
97:       }
98:       if (Judge(a,b,c)==1)
004014DC   mov         eax,[c (0042f1e4)]
004014E1   push        eax
004014E2   mov         ecx,dword ptr [b (0042f1e0)]
004014E8   push        ecx
004014E9   mov         edx,dword ptr [a (0042f1dc)]
004014EF   push        edx
004014F0   call        @ILT+15(Judge) (00401014)
004014F5   add         esp,0Ch
004014F8   cmp         eax,1
004014FB   jne         MoneyCalc+1BEh (004015ae)
99:       {
100:          if (bet==1)
00401501   cmp         dword ptr [bet (0042f1d8)],1
00401508   jne         MoneyCalc+16Dh (0040155d)
101:          {
102:              BetMoney*=2;
0040150A   mov         eax,[BetMoney (0042f1ec)]
0040150F   shl         eax,1
00401511   mov         [BetMoney (0042f1ec)],eax
103:              PlayerMoney+=BetMoney;
00401516   mov         ecx,dword ptr [PlayerMoney (0042ba40)]
0040151C   add         ecx,dword ptr [BetMoney (0042f1ec)]
00401522   mov         dword ptr [PlayerMoney (0042ba40)],ecx
104:              DealerMoney-=BetMoney;
00401528   mov         edx,dword ptr [DealerMoney (0042ba44)]
0040152E   sub         edx,dword ptr [BetMoney (0042f1ec)]
00401534   mov         dword ptr [DealerMoney (0042ba44)],edx
105:              printf(",2倍赔率,您赢了庄家%d元宝,您现在有%d元宝,庄家有%d元宝\n",BetMoney,PlayerMoney,DealerMoney);
0040153A   mov         eax,[DealerMoney (0042ba44)]
0040153F   push        eax
00401540   mov         ecx,dword ptr [PlayerMoney (0042ba40)]
00401546   push        ecx
00401547   mov         edx,dword ptr [BetMoney (0042f1ec)]
0040154D   push        edx
0040154E   push        offset string "\xb4\xf3,2\xb1\xb6\xc5\xe2\xc2\xca\xa3\xac\xc4\xfa\xd3\xae\xc1\xcb\xd7\xa
00401553   call        printf (004019a0)
00401558   add         esp,10h
106:          }
107:          else
0040155B   jmp         MoneyCalc+1BEh (004015ae)
108:          {
109:              BetMoney*=2;
0040155D   mov         eax,[BetMoney (0042f1ec)]
00401562   shl         eax,1
00401564   mov         [BetMoney (0042f1ec)],eax
110:              PlayerMoney-=BetMoney;
00401569   mov         ecx,dword ptr [PlayerMoney (0042ba40)]
0040156F   sub         ecx,dword ptr [BetMoney (0042f1ec)]
00401575   mov         dword ptr [PlayerMoney (0042ba40)],ecx
111:              DealerMoney+=BetMoney;
0040157B   mov         edx,dword ptr [DealerMoney (0042ba44)]
00401581   add         edx,dword ptr [BetMoney (0042f1ec)]
00401587   mov         dword ptr [DealerMoney (0042ba44)],edx
112:              printf(",2倍赔率,你输了%d元宝,您现在有%d元宝,庄家有%d元宝\n",BetMoney,PlayerMoney,DealerMoney);
0040158D   mov         eax,[DealerMoney (0042ba44)]
00401592   push        eax
00401593   mov         ecx,dword ptr [PlayerMoney (0042ba40)]
00401599   push        ecx
0040159A   mov         edx,dword ptr [BetMoney (0042f1ec)]
004015A0   push        edx
004015A1   push        offset string "\xb4\xf3,2\xb1\xb6\xc5\xe2\xc2\xca\xa3\xac\xc4\xe3\xca\xe4\xc1\xcb%d\xd4\
004015A6   call        printf (004019a0)
004015AB   add         esp,10h
113:          }
114:      }
115:      if (Judge(a,c,b)==2)
004015AE   mov         eax,[b (0042f1e0)]
004015B3   push        eax
004015B4   mov         ecx,dword ptr [c (0042f1e4)]
004015BA   push        ecx
004015BB   mov         edx,dword ptr [a (0042f1dc)]
004015C1   push        edx
004015C2   call        @ILT+15(Judge) (00401014)
004015C7   add         esp,0Ch
004015CA   cmp         eax,2
004015CD   jne         MoneyCalc+290h (00401680)
116:      {
117:          if (bet==2)
004015D3   cmp         dword ptr [bet (0042f1d8)],2
004015DA   jne         MoneyCalc+23Fh (0040162f)
118:          {
119:              BetMoney*=2;
004015DC   mov         eax,[BetMoney (0042f1ec)]
004015E1   shl         eax,1
004015E3   mov         [BetMoney (0042f1ec)],eax
120:              PlayerMoney+=BetMoney;
004015E8   mov         ecx,dword ptr [PlayerMoney (0042ba40)]
004015EE   add         ecx,dword ptr [BetMoney (0042f1ec)]
004015F4   mov         dword ptr [PlayerMoney (0042ba40)],ecx
121:              DealerMoney-=BetMoney;
004015FA   mov         edx,dword ptr [DealerMoney (0042ba44)]
00401600   sub         edx,dword ptr [BetMoney (0042f1ec)]
00401606   mov         dword ptr [DealerMoney (0042ba44)],edx
122:              printf(",2倍赔率,您赢了庄家%d元宝,您现在有%d元宝,庄家有%d元宝\n",BetMoney,PlayerMoney,DealerMoney);
0040160C   mov         eax,[DealerMoney (0042ba44)]
00401611   push        eax
00401612   mov         ecx,dword ptr [PlayerMoney (0042ba40)]
00401618   push        ecx
00401619   mov         edx,dword ptr [BetMoney (0042f1ec)]
0040161F   push        edx
00401620   push        offset string "\xd0\xa1,2\xb1\xb6\xc5\xe2\xc2\xca\xa3\xac\xc4\xfa\xd3\xae\xc1\xcb\xd7\xa
00401625   call        printf (004019a0)
0040162A   add         esp,10h
123:          }
124:          else
0040162D   jmp         MoneyCalc+290h (00401680)
125:          {
126:              BetMoney*=2;
0040162F   mov         eax,[BetMoney (0042f1ec)]
00401634   shl         eax,1
00401636   mov         [BetMoney (0042f1ec)],eax
127:              PlayerMoney-=BetMoney;
0040163B   mov         ecx,dword ptr [PlayerMoney (0042ba40)]
00401641   sub         ecx,dword ptr [BetMoney (0042f1ec)]
00401647   mov         dword ptr [PlayerMoney (0042ba40)],ecx
128:              DealerMoney+=BetMoney;
0040164D   mov         edx,dword ptr [DealerMoney (0042ba44)]
00401653   add         edx,dword ptr [BetMoney (0042f1ec)]
00401659   mov         dword ptr [DealerMoney (0042ba44)],edx
129:              printf(",2倍赔率,你输了%d元宝,您现在有%d元宝,庄家有%d元宝\n",BetMoney,PlayerMoney,DealerMoney);
0040165F   mov         eax,[DealerMoney (0042ba44)]
00401664   push        eax
00401665   mov         ecx,dword ptr [PlayerMoney (0042ba40)]
0040166B   push        ecx
0040166C   mov         edx,dword ptr [BetMoney (0042f1ec)]
00401672   push        edx
00401673   push        offset string "\xd0\xa1,2\xb1\xb6\xc5\xe2\xc2\xca\xa3\xac\xc4\xe3\xca\xe4\xc1\xcb%d\xd4\
00401678   call        printf (004019a0)
0040167D   add         esp,10h
130:          }
131:
132:      }
133:  }
00401680   pop         edi
00401681   pop         esi
00401682   pop         ebx
00401683   add         esp,40h
00401686   cmp         ebp,esp
00401688   call        __chkesp (00401a20)
0040168D   mov         esp,ebp
0040168F   pop         ebp
00401690   ret

以上就是反汇编的全部代码,可真够长的。我们若想只通过反汇编代码而将所有C语言翻译回来可真是够难的,但如果分部分逐一细看也不是不可能。下面咱们就分析一下main函数吧。
其中上汇编命令我们都熟了,只是代码很长要分析出结构和每个函数中的语句块。

我们看到while(1)
mov eax,1
test eax,eax
je XXXXXXXX比较长的跳转

if xxxxxxx
cmp XXXXXXXX
jge XXXXXXX

printf语句是要看其上面PUSH的个数和下面ADD ESP的数值。

break就是直接是jmp,猜测一下如果上下没有关联就是单纯的JMP可能就是break编译的。

子程序call的调用要看其是否传入了参数,如果之前没有PUSH那就是无参CALL,而CALL后是否对EAX进行操作就可以看到CALL的返回值。而即没有之前的PUSH,又没用到之后的EAX,那可能就是个VOID的无参函数(CALL)。

jmp不一定都是break,也可能是goto语句。

getchar函数开始命令是
mov eax,xxxxxxx
sub eax,1
cmp xxxxxxxx
jl xxxxxxxx
结尾处是
call        _filbuf
add esp,4
mov xxxxxxxx,eax
一共10多条语句的样子

其它函数仔细分析也不难得出结果。下面再来看下RELEASEMAIN函数样子。

先看下整体结构



具体代码分段截图





从结构流程图我们可以看到,整个代码中有一层大循环,内含一个小循环,另外开始处还有两条分支语句,最后结尾处还有两条分支语句,结构大体上还是能够了解的。最后再让我们见识一下伟大的“伪代码”的功能吧:

int __cdecl main(int argc, const char **argv, const char **envp)
{
  int v3; // eax@5
  char v4; // sf@9
  char v5; // sf@18
  int result; // eax@19
  _UNKNOWN *v7; // [sp-4h] [bp-8h]@15
  int v8; // [sp+0h] [bp-4h]@6

  sub_401000();
  while ( 1 )
  {
    if ( dword_40A030 < 10 )
    {
      v7 = &unk_40A3E0;
      goto LABEL_17;
    }
    if ( dword_40A034 < 10 )
      break;
    dword_40D1A0 = sub_401040();
    while ( 1 )
    {
      while ( 1 )
      {
        v3 = sub_4010A0();
        dword_40D1B4 = v3;
        if ( v3 <= dword_40A030 )
          break;
        sub_401550(&unk_40A454, v8);
      }
      if ( v3 <= dword_40A034 )
        break;
      sub_401550(&unk_40A42C, v8);
    }
    sub_4010E0();
    sub_4011F0();
    v4 = File._cnt-- - 1 < 0;
    if ( v4 )
      _filbuf(&File);
    else
      File._ptr = (char *)((_DWORD)File._ptr + 1);
    if ( sub_4013C0(dword_40A030, dword_40A034) )
    {
      sub_401550(&unk_40A400, v8);
      _getch();
      byte_40D1B0 = _getch();
      if ( byte_40D1B0 != 113 )
        continue;
    }
    goto LABEL_18;
  }
  v7 = &unk_40A3B8;
LABEL_17:
  sub_401550(v7, v8);
LABEL_18:
  v5 = File._cnt-- - 1 < 0;
  if ( v5 )
  {
    _filbuf(&File);
    result = 0;
  }
  else
  {
    File._ptr = (char *)((_DWORD)File._ptr + 1);
    result = 0;
  }
  return result;
}

虽然与我们的原代码有很多不同之处,但是整体结构还是很像的,这样非常方便我们人工逆向出原来的代码,相信在IDA的帮助下我们的逆向功夫会更上一层楼。

咱们的课程结束了,我的笔记也要结束了。在发笔记的过程中有人提出:C语言太基础了。我理解的意思是学这东西没啥大用,即使是逆向C也没啥大用。但是看的不如做的感受深,经过这么多节课的逆向C我还是颇有收获的,首先是对C语言更加熟悉,另外从底层了解了VC++6.0的编译方式,最起码各节课中的代码在反汇编过程中我都更加深入的了解了。我发笔记也是想与初学者分享一下,高手就去打酱油好了。最后,老师领进门,成绩在个人,感谢范老师!祝大家在新的一年里:学习进步,步步高升!
善者 慈悲心常在 无怨无恨 以苦为乐
默认压缩密码www.hifyl.com
文件分享密码问题:http://www.hifyl.com/read-htm-tid-4444.html
快速回复
限100 字节
批量上传需要先选择文件,再选择上传
 
上一个 下一个