简单Crackme分析
本帖最后由 CracKingMe 于 2015-6-8 13:48 编辑下载地址:http://www.crackmes.de/users/mucki/crackme2/
工具:OD
OD运行账号 key
API断点GetWubdowTextA
来到关键地
<div class="blockcode"><blockquote>004011BB 55 push ebp
004011BC 8BEC mov ebp,esp
004011BE 57 push edi
004011BF 56 push esi
004011C0 53 push ebx
004011C1 6A 32 push 32
004011C3 68 84624000 push crackme2.00406284
004011C8 6A 01 push 1
004011CA FF75 08 push dword ptr ss:
004011CD E8 16020000 call <jmp.&user32.GetDlgItemTextA>
004011D2 64:8B15 18000000 mov edx,dword ptr fs:
004011D9 8B52 30 mov edx,dword ptr ds:
004011DC 0FB652 02 movzx edx,byte ptr ds:
004011E0 83F8 00 cmp eax,0
004011E3 7F 11 jg short crackme2.004011F6
004011E5 68 D8604000 push crackme2.004060D8
004011EA 6A 01 push 1
004011EC FF75 08 push dword ptr ss:
004011EF E8 0C020000 call <jmp.&user32.SetDlgItemTextA>
004011F4 ^ EB CB jmp short crackme2.004011C1
004011F6 8D35 84624000 lea esi,dword ptr ds:
004011FC 33C9 xor ecx,ecx ; ecx=0
004011FE 0FBE06 movsx eax,byte ptr ds: ; eax= esi name[]1
00401201 8BD8 mov ebx,eax ; ebx=eax
00401203 2BF2 sub esi,edx ; esi-=ebx
00401205 C1E0 04 shl eax,4 ; eax=eax左移4
00401208 C1EB 05 shr ebx,5 ; ebx右移5
0040120B 33C3 xor eax,ebx ; eax异或ebx
0040120D 83C0 26 add eax,26 ; eax=eax+26
00401210 33C1 xor eax,ecx ; eax异或ecx
00401212 03C8 add ecx,eax ; ecx=ecx+eax
00401214 46 inc esi ; name[]指针指向下一位
00401215 803E 00 cmp byte ptr ds:,0 ;
00401218 ^ 75 E4 jnz short crackme2.004011FE ; 循环
0040121A B8 EF0D0C00 mov eax,0C0DEF ; 结束
0040121F 2BC1 sub eax,ecx ; eax-=ecx
00401221 0FAFC0 imul eax,eax ; eax=eax*eax;
00401224 50 push eax ; eax入栈
00401225 51 push ecx ; ecx入栈
00401226 68 E1604000 push crackme2.004060E1 ; ASCII "CM2-%lX-%lX"
0040122B 68 B6624000 push crackme2.004062B6 ; ASCII "CM2-959-6e2507e4"
00401230 E8 9B010000 call <jmp.&user32.wsprintfA> ; "CM2-ecx-eax"
00401235 6A 4B push 4B
00401237 68 B1604000 push crackme2.004060B1 ; ASCII "King"
0040123C 6A 02 push 2
0040123E FF75 08 push dword ptr ss:
00401241 E8 A2010000 call <jmp.&user32.GetDlgItemTextA>
00401246 68 B1604000 push crackme2.004060B1 ; ASCII "King"
0040124B 68 B6624000 push crackme2.004062B6 ; ASCII "CM2-959-6e2507e4"
00401250 E8 DB010000 call <jmp.&kernel32.lstrcmpA>
00401255 75 16 jnz short crackme2.0040126D
00401257 6A 00 push 0
00401259 68 00604000 push crackme2.00406000
0040125E 68 3D604000 push crackme2.0040603D
00401263 FF75 08 push dword ptr ss:
00401266 E8 89010000 call <jmp.&user32.MessageBoxA>
0040126B EB 14 jmp short crackme2.00401281
0040126D 6A 10 push 10
0040126F 68 00604000 push crackme2.00406000
00401274 68 60604000 push crackme2.00406060
00401279 FF75 08 push dword ptr ss:
0040127C E8 73010000 call <jmp.&user32.MessageBoxA>
00401281 5B pop ebx
00401282 5E pop esi
00401283 5F pop edi
00401284 C9 leave
00401285 C2 0400 retn 4
注册机:
感谢l楼猪的教程!!! 很不错的教程,辛苦了 谢谢大牛的分享。 楼主大爱!谢谢分享! 感谢大佬的分享 嗯 谢谢大佬指点 请问,现在还能用么?
页:
[1]
2