一个简单CM
CM下载:链接: http://pan.baidu.com/s/1qW7EA9u 密码: vw6z
CM长这样:https://www.52hb.com/forum.php?mod=image&aid=1132&size=300x300&key=b806e05c32c16d4e&nocache=yes&type=fixnone
无壳,OD输入后CtrL+G 401000到程序领空,然后CtrL+B 输入FF55FC5F5E 到易语言按按钮事件断点下断,
然后到CM界面输入假码点注册,断下后F7进CALL到下面代码 F8一直跟就行
004014E3/.55 push ebp
004014E4|.8BEC mov ebp,esp
004014E6|.81EC 40000000 sub esp,0x40
004014EC|.68 00000000 push 0x0
004014F1|.BB E02E4000 mov ebx,00402EE0
004014F6|.E8 6D0F0000 call 00402468
004014FB|.83C4 04 add esp,0x4
004014FE|.8945 F4 mov ,eax
00401501|.DB45 F4 fild
00401504|.DD5D F4 fstp qword ptr ss:
00401507|.68 01060080 push 0x80000601
0040150C|.FF75 F8 push
0040150F|.FF75 F4 push
00401512|.68 01000000 push 0x1
00401517|.BB 70254000 mov ebx,00402570
0040151C|.E8 470F0000 call 00402468
00401521|.83C4 10 add esp,0x10
00401524|.8945 EC mov ,eax
00401527|.8955 F0 mov ,edx
0040152A|.DD45 EC fld qword ptr ss:
0040152D|.DC05 63124700 fadd qword ptr ds:
00401533|.DD5D E4 fstp qword ptr ss:
00401536|.DD45 E4 fld qword ptr ss:
00401539|.DC25 6B124700 fsub qword ptr ds:
0040153F|.DD5D DC fstp qword ptr ss:
00401542|.DD45 DC fld qword ptr ss:
00401545|.DC05 73124700 fadd qword ptr ds:
0040154B|.DD5D D4 fstp qword ptr ss:
0040154E|.DD45 D4 fld qword ptr ss:
00401551|.DC25 7B124700 fsub qword ptr ds:
00401557|.DD5D CC fstp qword ptr ss:
0040155A|.68 01060080 push 0x80000601
0040155F|.FF75 D0 push
00401562|.FF75 CC push
00401565|.68 01000000 push 0x1
0040156A|.BB 90294000 mov ebx,00402990
0040156F|.E8 F40E0000 call 00402468 ; 这个是计算真码的CALL
00401574|.83C4 10 add esp,0x10
00401577|.8945 C8 mov ,eax
0040157A|.6A FF push -0x1
0040157C|.6A 08 push 0x8
0040157E|.68 52690116 push 0x16016952
00401583|.68 39690152 push 0x52016939
00401588|.E8 E70E0000 call 00402474 ; 这个是获取假码的CALL
0040158D|.83C4 10 add esp,0x10
00401590|.8945 C4 mov ,eax
00401593|.8B45 C8 mov eax,
00401596|.50 push eax
00401597|.FF75 C4 push
0040159A|.E8 A7FEFFFF call 00401446 ; 这个是真假码比较的CALL
0040159F|.83C4 08 add esp,0x8
004015A2|.83F8 00 cmp eax,0x0
004015A5|.B8 00000000 mov eax,0x0
004015AA|.0F94C0 sete al
004015AD|.8945 C0 mov ,eax
004015B0|.8B5D C4 mov ebx,
004015B3|.85DB test ebx,ebx
004015B5|.74 09 je short 004015C0
004015B7|.53 push ebx
004015B8|.E8 930E0000 call 00402450
004015BD|.83C4 04 add esp,0x4
004015C0|>8B5D C8 mov ebx,
004015C3|.85DB test ebx,ebx
004015C5|.74 09 je short 004015D0
004015C7|.53 push ebx
004015C8|.E8 830E0000 call 00402450
004015CD|.83C4 04 add esp,0x4
004015D0|>837D C0 00 cmp ,0x0
004015D4|.0F84 A3000000 je 0040167D ; 这个是关键跳,Nop即可爆破
004015DA|.6A 00 push 0x0
004015DC|.6A 00 push 0x0
004015DE|.6A 00 push 0x0
004015E0|.68 01030080 push 0x80000301
004015E5|.6A 00 push 0x0
004015E7|.68 00000000 push 0x0
004015EC|.68 04000080 push 0x80000004
004015F1|.6A 00 push 0x0
004015F3|.A1 C8164900 mov eax,dword ptr ds:[0x4916>
004015F8|.85C0 test eax,eax
{:5_121:}牛逼 膜拜大神。 欢迎加入吾爱汇编论坛。
感谢分享,再简单的CM的我也都没有一个玩透的= =哎
cm学习了{:6_207:}
小强 发表于 2014-10-10 23:21
牛逼 膜拜大神。
别笑我这种菜鸟了{:5_191:}
旁观者 发表于 2014-10-11 22:05
别笑我这种菜鸟了
{:5_188:}我什么都不会.
Dean 发表于 2014-10-11 15:47
感谢分享,再简单的CM的我也都没有一个玩透的= =哎
整个CM就只有那么一点东西{:5_188:}
wzio 发表于 2014-10-11 19:35
cm学习了
{:6_210:}
本帖最后由 rain灿 于 2014-10-11 23:32 编辑
算法:
机器码 = 取硬盘特征字()
编辑框1.内容 = 到文本 (机器码 + 2756060484071)
页:
[1]
2