简单图片转换工具分析
本帖最后由 CracKingMe 于 2015-6-11 21:39 编辑按钮事件调试工具 OD
<div class="blockcode"><blockquote>004D31D8 .55 push ebp
004D31D9 .8BEC mov ebp, esp
004D31DB .B9 10000000 mov ecx, 0x10
004D31E0 >6A 00 push 0x0
004D31E2 .6A 00 push 0x0
004D31E4 .49 dec ecx
004D31E5 .^ 75 F9 jnz short 004D31E0
004D31E7 .53 push ebx
004D31E8 .56 push esi
004D31E9 .57 push edi
004D31EA .8BD8 mov ebx, eax
004D31EC .33C0 xor eax, eax
004D31EE .55 push ebp
004D31EF .68 BE354D00 push 004D35BE
004D31F4 .64:FF30 push dword ptr fs:
004D31F7 .64:8920 mov dword ptr fs:, esp
004D31FA .8D55 E0 lea edx, dword ptr
004D31FD .8B83 00030000 mov eax, dword ptr
004D3203 .E8 9C0DF7FF call 00443FA4 ;用户名
004D3208 .837D E0 00 cmp dword ptr , 0x0 ;crackingme (不为空)
004D320C .75 15 jnz short 004D3223
004D320E .8B83 00030000 mov eax, dword ptr
004D3214 .BA D4354D00 mov edx, 004D35D4 ;Fill in your UserCode
004D3219 .E8 B60DF7FF call 00443FD4
004D321E .E9 41030000 jmp 004D3564
004D3223 >8D55 DC lea edx, dword ptr
004D3226 .8B83 04030000 mov eax, dword ptr
004D322C .E8 730DF7FF call 00443FA4
004D3231 .837D DC 00 cmp dword ptr , 0x0 ;码
004D3235 .75 15 jnz short 004D324C ;ASCII "aaaaaaaaaaa")假码
004D3237 .8B83 04030000 mov eax, dword ptr
004D323D .BA F4354D00 mov edx, 004D35F4 ;Fill in Serial Number
004D3242 .E8 8D0DF7FF call 00443FD4
004D3247 .E9 18030000 jmp 004D3564
004D324C >8D55 D8 lea edx, dword ptr
004D324F .8B83 00030000 mov eax, dword ptr
004D3255 .E8 4A0DF7FF call 00443FA4 ;NAME
004D325A .8B45 D8 mov eax, dword ptr ;ASCII "crackingme"
004D325D .8A00 mov al, byte ptr
004D325F .8845 FF mov byte ptr , al
004D3262 .8D55 D4 lea edx, dword ptr
004D3265 .8B83 00030000 mov eax, dword ptr
004D326B .E8 340DF7FF call 00443FA4
004D3270 .8B45 D4 mov eax, dword ptr
004D3273 .8A40 01 mov al, byte ptr
004D3276 .8845 FE mov byte ptr , al
004D3279 .8D55 D0 lea edx, dword ptr
004D327C .8B83 00030000 mov eax, dword ptr
004D3282 .E8 1D0DF7FF call 00443FA4
004D3287 .8B45 D0 mov eax, dword ptr
004D328A .8A40 02 mov al, byte ptr
004D328D .8845 FD mov byte ptr , al
004D3290 .8D55 CC lea edx, dword ptr
004D3293 .8B83 00030000 mov eax, dword ptr
004D3299 .E8 060DF7FF call 00443FA4
004D329E .8B45 CC mov eax, dword ptr
004D32A1 .8A40 03 mov al, byte ptr
004D32A4 .8845 FC mov byte ptr , al
004D32A7 .8D55 C8 lea edx, dword ptr
004D32AA .8B83 00030000 mov eax, dword ptr
004D32B0 .E8 EF0CF7FF call 00443FA4
004D32B5 .8B45 C8 mov eax, dword ptr
004D32B8 .8A40 04 mov al, byte ptr
004D32BB .8845 FB mov byte ptr , al
004D32BE .8D55 C4 lea edx, dword ptr
004D32C1 .8B83 00030000 mov eax, dword ptr
004D32C7 .E8 D80CF7FF call 00443FA4
004D32CC .8B45 C4 mov eax, dword ptr
004D32CF .8A40 05 mov al, byte ptr
004D32D2 .0FB675 FF movzx esi, byte ptr
004D32D6 .83EE 02 sub esi, 0x2
004D32D9 .33D2 xor edx, edx
004D32DB .8A55 FE mov dl, byte ptr
004D32DE .83EA 06 sub edx, 0x6
004D32E1 .33C9 xor ecx, ecx
004D32E3 .8A4D FD mov cl, byte ptr
004D32E6 .83C1 03 add ecx, 0x3
004D32E9 .894D F4 mov dword ptr , ecx
004D32EC .33C9 xor ecx, ecx
004D32EE .8A4D FC mov cl, byte ptr
004D32F1 .49 dec ecx
004D32F2 .894D F0 mov dword ptr , ecx
004D32F5 .0FB67D FB movzx edi, byte ptr
004D32F9 .47 inc edi
004D32FA .25 FF000000 and eax, 0xFF
004D32FF .83C0 03 add eax, 0x3
004D3302 .8BCE mov ecx, esi
004D3304 .884D EF mov byte ptr , cl
004D3307 .8855 EE mov byte ptr , dl
004D330A .8A55 F4 mov dl, byte ptr
004D330D .8855 ED mov byte ptr , dl
004D3310 .8A55 F0 mov dl, byte ptr
004D3313 .8855 EC mov byte ptr , dl
004D3316 .8BD7 mov edx, edi
004D3318 .8855 EB mov byte ptr , dl
004D331B .8845 EA mov byte ptr , al
004D331E .8D45 B8 lea eax, dword ptr
004D3321 .8A55 EE mov dl, byte ptr
004D3324 .8850 01 mov byte ptr , dl
004D3327 .C600 01 mov byte ptr , 0x1
004D332A .8D55 B8 lea edx, dword ptr
004D332D .8D45 B4 lea eax, dword ptr
004D3330 .E8 E3FBF2FF call 00402F18
004D3335 .8D45 B0 lea eax, dword ptr
004D3338 .8A55 EA mov dl, byte ptr
004D333B .8850 01 mov byte ptr , dl
004D333E .C600 01 mov byte ptr , 0x1
004D3341 .8D55 B0 lea edx, dword ptr
004D3344 .8D45 B4 lea eax, dword ptr
004D3347 .B1 02 mov cl, 0x2
004D3349 .E8 9AFBF2FF call 00402EE8
004D334E .8D55 B4 lea edx, dword ptr
004D3351 .8D45 BC lea eax, dword ptr ;ll
004D3354 .E8 AB14F3FF call 00404804
004D3359 .FF75 BC push dword ptr
004D335C .8D55 AC lea edx, dword ptr
004D335F .8BC7 mov eax, edi
004D3361 .E8 2259F3FF call 00408C88
004D3366 .FF75 AC push dword ptr ;108
004D3369 .8D45 A8 lea eax, dword ptr
004D336C .8A55 ED mov dl, byte ptr ;d
004D336F .E8 1414F3FF call 00404788
004D3374 .FF75 A8 push dword ptr
004D3377 .8D55 A4 lea edx, dword ptr
004D337A .8BC6 mov eax, esi
004D337C .E8 0759F3FF call 00408C88
004D3381 .FF75 A4 push dword ptr ;97
004D3384 .8D45 A0 lea eax, dword ptr
004D3387 .8A55 EB mov dl, byte ptr ;l
004D338A .E8 F913F3FF call 00404788
004D338F .FF75 A0 push dword ptr
004D3392 .8D45 9C lea eax, dword ptr
004D3395 .8A55 EF mov dl, byte ptr ;a
004D3398 .E8 EB13F3FF call 00404788
004D339D .FF75 9C push dword ptr
004D33A0 .8D45 98 lea eax, dword ptr
004D33A3 .8A55 EC mov dl, byte ptr ;b
004D33A6 .E8 DD13F3FF call 00404788
004D33AB .FF75 98 push dword ptr
004D33AE .8D45 C0 lea eax, dword ptr
004D33B1 .BA 07000000 mov edx, 0x7
004D33B6 .E8 6515F3FF call 00404920 ;合并上面字符串
004D33BB .8B55 C0 mov edx, dword ptr ;结果
004D33BE .8B83 08030000 mov eax, dword ptr
004D33C4 .E8 0B0CF7FF call 00443FD4
004D33C9 .8D45 94 lea eax, dword ptr
004D33CC .50 push eax
004D33CD .8D55 90 lea edx, dword ptr
004D33D0 .8B83 04030000 mov eax, dword ptr
004D33D6 .E8 C90BF7FF call 00443FA4 ;假码
004D33DB .8B45 90 mov eax, dword ptr
004D33DE .B9 08000000 mov ecx, 0x8
004D33E3 .BA 01000000 mov edx, 0x1
004D33E8 .E8 EFA5F6FF call 0043D9DC ;截取前八位假码
004D33ED .8B45 94 mov eax, dword ptr
004D33F0 .50 push eax
004D33F1 .8D45 8C lea eax, dword ptr
004D33F4 .50 push eax
004D33F5 .8D55 88 lea edx, dword ptr
004D33F8 .8B83 08030000 mov eax, dword ptr
004D33FE .E8 A10BF7FF call 00443FA4 ;真码
004D3403 .8B45 88 mov eax, dword ptr ;(ASCII "ll108d97lab")
004D3406 .B9 08000000 mov ecx, 0x8
004D340B .BA 01000000 mov edx, 0x1
004D3410 .E8 C7A5F6FF call 0043D9DC ;截取前八位与假码对比
004D3415 .8B55 8C mov edx, dword ptr ;ASCII "ll108d97"
004D3418 .58 pop eax
004D3419 .E8 8615F3FF call 004049A4
004D341E 0F85 10010000 jnz 004D3534 ;关键跳 改JE实现爆破
004D3424 .8B83 FC020000 mov eax, dword ptr
004D342A .BA 14364D00 mov edx, 004D3614 ;Congratulation! Registration is successful!
004D342F .E8 A00BF7FF call 00443FD4
004D3434 .A1 E0DA4D00 mov eax, dword ptr ;帼M
004D3439 .8B00 mov eax, dword ptr
004D343B .8B80 64030000 mov eax, dword ptr
004D3441 .BA 48364D00 mov edx, 004D3648 ;Registered
004D3446 .E8 0526F8FF call 00455A50
004D344B .8B83 0C030000 mov eax, dword ptr
004D3451 .33D2 xor edx, edx
004D3453 .8B08 mov ecx, dword ptr
004D3455 .FF51 64 call dword ptr
004D3458 .8B83 10030000 mov eax, dword ptr
004D345E .BA 5C364D00 mov edx, 004D365C ;Close
004D3463 .E8 6C0BF7FF call 00443FD4
004D3468 .A1 24DA4D00 mov eax, dword ptr
004D346D .C600 00 mov byte ptr , 0x0
004D3470 .B2 01 mov dl, 0x1
004D3472 .A1 84C14700 mov eax, dword ptr ;辛G
004D3477 .E8 088EFAFF call 0047C284
004D347C .8945 E4 mov dword ptr , eax
004D347F .33C0 xor eax, eax
004D3481 .55 push ebp
004D3482 .68 2D354D00 push 004D352D
004D3487 .64:FF30 push dword ptr fs:
004D348A .64:8920 mov dword ptr fs:, esp
004D348D .BA 02000080 mov edx, 0x80000002
004D3492 .8B45 E4 mov eax, dword ptr
004D3495 .E8 8A8EFAFF call 0047C324
004D349A .33C9 xor ecx, ecx
004D349C .BA 6C364D00 mov edx, 004D366C ;\Software\Liangzhu\ptcs
004D34A1 .8B45 E4 mov eax, dword ptr
004D34A4 .E8 BB8FFAFF call 0047C464
004D34A9 .84C0 test al, al
004D34AB .74 31 je short 004D34DE
004D34AD .8D55 84 lea edx, dword ptr
004D34B0 .83C8 FF or eax, 0xFFFFFFFF
004D34B3 .E8 D057F3FF call 00408C88
004D34B8 .8B4D 84 mov ecx, dword ptr
004D34BB .BA 8C364D00 mov edx, 004D368C ;registered
004D34C0 .8B45 E4 mov eax, dword ptr
004D34C3 .E8 3891FAFF call 0047C600
004D34C8 .A1 E0DA4D00 mov eax, dword ptr ;帼M
004D34CD .8B00 mov eax, dword ptr
004D34CF .8B80 64030000 mov eax, dword ptr
004D34D5 .33D2 xor edx, edx
004D34D7 .E8 3826F8FF call 00455B14
004D34DC .EB 39 jmp short 004D3517
004D34DE >BA 6C364D00 mov edx, 004D366C ;\Software\Liangzhu\ptcs
004D34E3 .8B45 E4 mov eax, dword ptr
004D34E6 .E8 9D8EFAFF call 0047C388
004D34EB .BA 6C364D00 mov edx, 004D366C ;\Software\Liangzhu\ptcs
004D34F0 .B1 01 mov cl, 0x1
004D34F2 .8B45 E4 mov eax, dword ptr
004D34F5 .E8 6A8FFAFF call 0047C464
004D34FA .8D55 80 lea edx, dword ptr
004D34FD .B8 01000000 mov eax, 0x1
004D3502 .E8 8157F3FF call 00408C88
004D3507 .8B4D 80 mov ecx, dword ptr
004D350A .BA 8C364D00 mov edx, 004D368C ;registered
004D350F .8B45 E4 mov eax, dword ptr
004D3512 .E8 E990FAFF call 0047C600
004D3517 >33C0 xor eax, eax
004D3519 .5A pop edx
004D351A .59 pop ecx
004D351B .59 pop ecx
004D351C .64:8910 mov dword ptr fs:, edx
004D351F .68 64354D00 push 004D3564
004D3524 >8B45 E4 mov eax, dword ptr
004D3527 .E8 6802F3FF call 00403794
004D352C .C3 retn
004D352D .^ E9 F609F3FF jmp 00403F28
004D3532 .^ EB F0 jmp short 004D3524
004D3534 >8B83 FC020000 mov eax, dword ptr
004D353A .BA A0364D00 mov edx, 004D36A0 ;Sorry!Your UserCode or SerialNumber is wrong!
004D353F .E8 900AF7FF call 00443FD4
004D3544 .8B83 00030000 mov eax, dword ptr
004D354A .BA D8364D00 mov edx, 004D36D8 ;Try again
004D354F .E8 800AF7FF call 00443FD4
004D3554 .8B83 04030000 mov eax, dword ptr
004D355A .BA D8364D00 mov edx, 004D36D8 ;Try again
004D355F .E8 700AF7FF call 00443FD4
004D3564 >33C0 xor eax, eax
004D3566 .5A pop edx
004D3567 .59 pop ecx
004D3568 .59 pop ecx
004D3569 .64:8910 mov dword ptr fs:, edx
004D356C .68 C5354D00 push 004D35C5
004D3571 >8D45 80 lea eax, dword ptr
004D3574 .BA 02000000 mov edx, 0x2
004D3579 .E8 4E10F3FF call 004045CC
004D357E .8D45 88 lea eax, dword ptr
004D3581 .E8 2210F3FF call 004045A8
004D3586 .8D45 8C lea eax, dword ptr
004D3589 .E8 1A10F3FF call 004045A8
004D358E .8D45 90 lea eax, dword ptr
004D3591 .E8 1210F3FF call 004045A8
004D3596 .8D45 94 lea eax, dword ptr
004D3599 .BA 07000000 mov edx, 0x7
004D359E .E8 2910F3FF call 004045CC
004D35A3 .8D45 BC lea eax, dword ptr
004D35A6 .BA 02000000 mov edx, 0x2
004D35AB .E8 1C10F3FF call 004045CC
004D35B0 .8D45 C4 lea eax, dword ptr
004D35B3 .BA 08000000 mov edx, 0x8
004D35B8 .E8 0F10F3FF call 004045CC
004D35BD .C3 retn
crackingme
ll108d97
我记得还是去年看的一篇基础算法文章,我算法等于白痴,能看明白不知道啥意思怎么表达。
软件地址:http://soft.hao123.com/soft/appid/7276.html
果然是简单分析。。 Shark恒 发表于 2015-6-11 13:14
果然是简单分析。。
代码我怎么只看到一小段? 谢谢分享辛苦 谢谢分享辛苦原理很重要 谢谢楼主分析了哈哈哈哈{:5_121:} 适合新手学习 楼主的分析属于精简版的,过于精辟{:5_123:} tony2526 发表于 2015-6-11 16:33
楼主的分析属于精简版的,过于精辟
恩 我忘记是从哪里看到的文章了,反正我电脑里有这个一个算法基础分析软件,就拿来了 太简单一点吧,用的什么调试工具