0051A898 53 push ebx ; 注册码前身:
0051A899 56 push esi
0051A89A 57 push edi
0051A89B 55 push ebp
0051A89C 8BF9 mov edi,ecx
0051A89E 8BEA mov ebp,edx
0051A8A0 8BF0 mov esi,eax
0051A8A2 8B46 10 mov eax,dword ptr ds:[esi+0x10]
0051A8A5 C1E8 03 shr eax,0x3
0051A8A8 83E0 3F and eax,0x3F
0051A8AB 8BD7 mov edx,edi ; 机器码+9gxcwljnxz位长度:0x26
0051A8AD C1E2 03 shl edx,0x3 ; 长度左移0x3位,相当于长度*2^3次方,
0051A8B0 0156 10 add dword ptr ds:[esi+0x10],edx ; 0x18FCC4地址保存计算结果,!!第2次计算过来,累计求和
0051A8B3 3B56 10 cmp edx,dword ptr ds:[esi+0x10]
0051A8B6 76 03 jbe short CrackZWT.0051A8BB
0051A8B8 FF46 14 inc dword ptr ds:[esi+0x14]
0051A8BB 8BD7 mov edx,edi ; 将长度重新初始化Edx,继续位移操作
0051A8BD C1EA 1D shr edx,0x1D ; 执行右移操作,0x1d
0051A8C0 0156 14 add dword ptr ds:[esi+0x14],edx ; 开始新的Dword空间保存edx的值
0051A8C3 BB 40000000 mov ebx,0x40 ; EBx赋值0x40///0d64
0051A8C8 2BD8 sub ebx,eax
0051A8CA 3BDF cmp ebx,edi
0051A8CC 77 32 ja short CrackZWT.0051A900
0051A8CE 8D4406 18 lea eax,dword ptr ds:[esi+eax+0x18]
0051A8D2 8BCB mov ecx,ebx
0051A8D4 8BD5 mov edx,ebp
0051A8D6 E8 25D1EEFF call CrackZWT.00407A00 ; 此Call作用是交换EAX,EDX
0051A8DB 8BD6 mov edx,esi
0051A8DD 8D46 18 lea eax,dword ptr ds:[esi+0x18] ; 将机器码与泽文党的地址传给EAX
0051A8E0 E8 4FF8FFFF call CrackZWT.0051A134
0051A8E5 EB 0E jmp short CrackZWT.0051A8F5
0051A8E7 8BD6 mov edx,esi
0051A8E9 8D441D 00 lea eax,dword ptr ss:[ebp+ebx]
0051A8ED E8 42F8FFFF call CrackZWT.0051A134
0051A8F2 83C3 40 add ebx,0x40
0051A8F5 8D43 3F lea eax,dword ptr ds:[ebx+0x3F]
0051A8F8 3BF8 cmp edi,eax
0051A8FA ^ 77 EB ja short CrackZWT.0051A8E7
0051A8FC 33C0 xor eax,eax
0051A8FE EB 02 jmp short CrackZWT.0051A902
0051A900 33DB xor ebx,ebx
0051A902 8D4406 18 lea eax,dword ptr ds:[esi+eax+0x18] ; ESi+eax*0x18,,0x18其中0x10=0123456789ABCDEFFEDCBA9876543210,,0x8的内容为,上段计算的左移与右移的数据。0x130/0x0
0051A906 8BCF mov ecx,edi
0051A908 2BCB sub ecx,ebx
0051A90A 8D541D 00 lea edx,dword ptr ss:[ebp+ebx]
0051A90E E8 EDD0EEFF call CrackZWT.00407A00