一个写的很菜的Crack,大多时间都在混淆吧。。。(小菜)
小菜的Crack。。。。 本帖最后由 solly 于 2020-12-31 14:55 编辑0040124E .33C0 xor eax,eax
00401250 .33F6 xor esi,esi
00401252 .8985 64FEFFFF mov dword ptr ss:,eax
00401258 .8985 58FEFFFF mov dword ptr ss:,eax
0040125E .89B5 5CFEFFFF mov dword ptr ss:,esi
00401264 .8985 68FEFFFF mov dword ptr ss:,eax
0040126A .8985 60FEFFFF mov dword ptr ss:,eax
00401270 .8975 FC mov dword ptr ss:,esi
00401273 .89B5 98FEFFFF mov dword ptr ss:,esi
00401279 .C785 9CFEFFFF 0F000000 mov dword ptr ss:,0xF
00401283 .8885 88FEFFFF mov byte ptr ss:,al
00401289 .C645 FC 01 mov byte ptr ss:,0x1
0040128D .BA 00424000 mov edx,Crack.00404200 ;"请输入注册码"
00401292 .8B0D 74404000 mov ecx,dword ptr ds:[<&MSVCP140.std::cout>] ;msvcp140.std::cout
00401298 .E8 030B0000 call Crack.00401DA0
0040129D .8B0D 68404000 mov ecx,dword ptr ds:[<&MSVCP140.std::cin>] ;msvcp140.std::cin
004012A3 .8D95 88FEFFFF lea edx,dword ptr ss:
004012A9 .E8 C2110000 call Crack.00402470
004012AE .83BD 98FEFFFF 0A cmp dword ptr ss:,0xA ;len == 10 ??
004012B5 .74 1B je short Crack.004012D2
004012B7 .8B0D 74404000 mov ecx,dword ptr ds:[<&MSVCP140.std::cout>] ;msvcp140.std::cout
004012BD .8D95 6CFEFFFF lea edx,dword ptr ss:
004012C3 .C785 6CFEFFFF CAA7B0DC mov dword ptr ss:,0xDCB0A7CA ;"失败"
004012CD .E8 CE0A0000 call Crack.00401DA0
004012D2 >8D7D ED lea edi,dword ptr ss:
004012D5 .BB 9B000000 mov ebx,0x9B
004012DA .66:0f1f4400 00 nop word ptr ds:
004012E0 >B8 CDCCCCCC mov eax,0xCCCCCCCD ;/10
004012E5 .4F dec edi ;(n / 10) * 4
004012E6 .F7E3 mul ebx
004012E8 .C1EA 03 shr edx,0x3 ;(n / 10) * 5
004012EB .8AC2 mov al,dl ;((n / 10) * 10
004012ED .C0E0 02 shl al,0x2 ;n - (n /10) * 10
004012F0 .8D0C10 lea ecx,dword ptr ds:
004012F3 .02C9 add cl,cl
004012F5 .2AD9 sub bl,cl
004012F7 .80C3 30 add bl,0x30
004012FA .881F mov byte ptr ds:,bl
004012FC .8BDA mov ebx,edx
004012FE .85DB test ebx,ebx
00401300 .^ 75 DE jnz short Crack.004012E0
00401302 .8D45 ED lea eax,dword ptr ss:
00401305 .899D C8FEFFFF mov dword ptr ss:,ebx ;len = 0
0040130B .C785 CCFEFFFF 0F000000 mov dword ptr ss:,0xF
00401315 .889D B8FEFFFF mov byte ptr ss:,bl ;buff = '\0'
0040131B .3BF8 cmp edi,eax
0040131D .74 15 je short Crack.00401334
0040131F .2BC7 sub eax,edi
00401321 .8D8D B8FEFFFF lea ecx,dword ptr ss: ;dst
00401327 .50 push eax ;len = 3
00401328 .57 push edi ;"155"
00401329 .E8 F2070000 call <Crack.String::new(char *, int size)>
0040132E .8B9D C8FEFFFF mov ebx,dword ptr ss:
00401334 >C645 FC 02 mov byte ptr ss:,0x2
00401338 .8D8D E8FEFFFF lea ecx,dword ptr ss:
0040133E .6A 04 push 0x4
00401340 .68 10424000 push Crack.00404210 ;"zero"
00401345 .C785 F8FEFFFF 00000000 mov dword ptr ss:,0x0
0040134F .C785 FCFEFFFF 0F000000 mov dword ptr ss:,0xF
00401359 .C685 E8FEFFFF 00 mov byte ptr ss:,0x0
00401360 .E8 BB070000 call <Crack.String::new(char *, int size)>
00401365 .C645 FC 03 mov byte ptr ss:,0x3
00401369 .8D8D 00FFFFFF lea ecx,dword ptr ss:
0040136F .6A 03 push 0x3
00401371 .68 18424000 push Crack.00404218 ;"one"
00401376 .C785 10FFFFFF 00000000 mov dword ptr ss:,0x0
00401380 .C785 14FFFFFF 0F000000 mov dword ptr ss:,0xF
0040138A .C685 00FFFFFF 00 mov byte ptr ss:,0x0
00401391 .E8 8A070000 call <Crack.String::new(char *, int size)>
00401396 .C645 FC 04 mov byte ptr ss:,0x4
0040139A .8D8D 18FFFFFF lea ecx,dword ptr ss:
004013A0 .6A 03 push 0x3
004013A2 .68 1C424000 push Crack.0040421C ;"two"
004013A7 .C785 28FFFFFF 00000000 mov dword ptr ss:,0x0
004013B1 .C785 2CFFFFFF 0F000000 mov dword ptr ss:,0xF
004013BB .C685 18FFFFFF 00 mov byte ptr ss:,0x0
004013C2 .E8 59070000 call <Crack.String::new(char *, int size)>
004013C7 .C645 FC 05 mov byte ptr ss:,0x5
004013CB .8D8D 30FFFFFF lea ecx,dword ptr ss:
004013D1 .6A 05 push 0x5
004013D3 .68 20424000 push Crack.00404220 ;"three"
004013D8 .C785 40FFFFFF 00000000 mov dword ptr ss:,0x0
004013E2 .C785 44FFFFFF 0F000000 mov dword ptr ss:,0xF
004013EC .C685 30FFFFFF 00 mov byte ptr ss:,0x0
004013F3 .E8 28070000 call <Crack.String::new(char *, int size)>
004013F8 .C645 FC 06 mov byte ptr ss:,0x6
004013FC .8D8D 48FFFFFF lea ecx,dword ptr ss:
00401402 .6A 04 push 0x4
00401404 .68 28424000 push Crack.00404228 ;"four"
00401409 .C785 58FFFFFF 00000000 mov dword ptr ss:,0x0
00401413 .C785 5CFFFFFF 0F000000 mov dword ptr ss:,0xF
0040141D .C685 48FFFFFF 00 mov byte ptr ss:,0x0
00401424 .E8 F7060000 call <Crack.String::new(char *, int size)>
00401429 .C645 FC 07 mov byte ptr ss:,0x7
0040142D .8D8D 60FFFFFF lea ecx,dword ptr ss:
00401433 .6A 04 push 0x4
00401435 .68 30424000 push Crack.00404230 ;"five"
0040143A .C785 70FFFFFF 00000000 mov dword ptr ss:,0x0
00401444 .C785 74FFFFFF 0F000000 mov dword ptr ss:,0xF
0040144E .C685 60FFFFFF 00 mov byte ptr ss:,0x0
00401455 .E8 C6060000 call <Crack.String::new(char *, int size)>
0040145A .C645 FC 08 mov byte ptr ss:,0x8
0040145E .8D8D 78FFFFFF lea ecx,dword ptr ss:
00401464 .6A 03 push 0x3
00401466 .68 38424000 push Crack.00404238 ;"six"
0040146B .C745 88 00000000 mov dword ptr ss:,0x0
00401472 .C745 8C 0F000000 mov dword ptr ss:,0xF
00401479 .C685 78FFFFFF 00 mov byte ptr ss:,0x0
00401480 .E8 9B060000 call <Crack.String::new(char *, int size)>
00401485 .C645 FC 09 mov byte ptr ss:,0x9
00401489 .8D4D 90 lea ecx,dword ptr ss:
0040148C .6A 05 push 0x5
0040148E .68 3C424000 push Crack.0040423C ;"seven"
00401493 .C745 A0 00000000 mov dword ptr ss:,0x0
0040149A .C745 A4 0F000000 mov dword ptr ss:,0xF
004014A1 .C645 90 00 mov byte ptr ss:,0x0
004014A5 .E8 76060000 call <Crack.String::new(char *, int size)>
004014AA .C645 FC 0A mov byte ptr ss:,0xA
004014AE .8D4D A8 lea ecx,dword ptr ss:
004014B1 .6A 05 push 0x5
004014B3 .68 44424000 push Crack.00404244 ;"eight"
004014B8 .C745 B8 00000000 mov dword ptr ss:,0x0
004014BF .C745 BC 0F000000 mov dword ptr ss:,0xF
004014C6 .C645 A8 00 mov byte ptr ss:,0x0
004014CA .E8 51060000 call <Crack.String::new(char *, int size)>
004014CF .C645 FC 0B mov byte ptr ss:,0xB
004014D3 .8D4D C0 lea ecx,dword ptr ss:
004014D6 .6A 04 push 0x4
004014D8 .68 4C424000 push Crack.0040424C ;"nine"
004014DD .C745 D0 00000000 mov dword ptr ss:,0x0
004014E4 .C745 D4 0F000000 mov dword ptr ss:,0xF
004014EB .C645 C0 00 mov byte ptr ss:,0x0
004014EF .E8 2C060000 call <Crack.String::new(char *, int size)>
004014F4 .BF 01000000 mov edi,0x1 ;int i = 1
004014F9 .C645 FC 0C mov byte ptr ss:,0xC
004014FD .8B8D B8FEFFFF mov ecx,dword ptr ss: ;"155"
00401503 .3BDF cmp ebx,edi
00401505 .76 7C jbe short Crack.00401583
00401507 .66:0f1f8400 00000000 nop word ptr ds: ;start loop
00401510 >83BD CCFEFFFF 10 cmp dword ptr ss:,0x10 ;"155".max_len
00401517 .8D85 B8FEFFFF lea eax,dword ptr ss: ;"155"
0040151D .0F43C1 cmovnb eax,ecx
00401520 .0FBE0438 movsx eax,byte ptr ds: ;"155"
00401524 .83E8 30 sub eax,0x30 ;int idx = "155" - 0x30
00401527 .8D0440 lea eax,dword ptr ds:
0040152A .8D84C5 E8FEFFFF lea eax,dword ptr ss: ;String, j = idx * 24
00401531 .50 push eax
00401532 .3BB5 68FEFFFF cmp esi,dword ptr ss:
00401538 .74 12 je short Crack.0040154C
0040153A .8BCE mov ecx,esi
0040153C .E8 1F050000 call <Crack.String::copy()>
00401541 .83C6 18 add esi,0x18
00401544 .89B5 5CFEFFFF mov dword ptr ss:,esi
0040154A .EB 1E jmp short Crack.0040156A
0040154C >56 push esi
0040154D .8D8D 58FEFFFF lea ecx,dword ptr ss:
00401553 .E8 880A0000 call Crack.00401FE0
00401558 .8B85 60FEFFFF mov eax,dword ptr ss:
0040155E .8BB5 5CFEFFFF mov esi,dword ptr ss:
00401564 .8985 68FEFFFF mov dword ptr ss:,eax
0040156A >8B8D B8FEFFFF mov ecx,dword ptr ss:
00401570 .47 inc edi ;i++
00401571 .3BFB cmp edi,ebx
00401573 .^ 72 9B jb short Crack.00401510 ;if i<"155".len goto loop
00401575 .8B85 58FEFFFF mov eax,dword ptr ss:
0040157B .8985 64FEFFFF mov dword ptr ss:,eax ;string
00401581 .EB 02 jmp short Crack.00401585
00401583 >33C0 xor eax,eax
00401585 >50 push eax
00401586 .8D8D 70FEFFFF lea ecx,dword ptr ss:
0040158C .E8 CF040000 call <Crack.String::copy()>
00401591 .C645 FC 0D mov byte ptr ss:,0xD
00401595 .8D8D D0FEFFFF lea ecx,dword ptr ss:
0040159B .6A 06 push 0x6
0040159D .68 54424000 push Crack.00404254 ;"louzhu"
004015A2 .C785 E0FEFFFF 00000000 mov dword ptr ss:,0x0
004015AC .C785 E4FEFFFF 0F000000 mov dword ptr ss:,0xF
004015B6 .C685 D0FEFFFF 00 mov byte ptr ss:,0x0
004015BD .E8 5E050000 call <Crack.String::new(char *, int size)>
004015C2 .C645 FC 0E mov byte ptr ss:,0xE
004015C6 .B8 FFFFFF7F mov eax,0x7FFFFFFF ;MAX_INT
004015CB .8B8D E0FEFFFF mov ecx,dword ptr ss: ;"louzhu".len = 6
004015D1 .2BC1 sub eax,ecx
004015D3 .8B95 80FEFFFF mov edx,dword ptr ss: ;"five".len = 4
004015D9 .3BC2 cmp eax,edx
004015DB .0F82 96030000 jb Crack.00401977
004015E1 .83BD E4FEFFFF 10 cmp dword ptr ss:,0x10
004015E8 .8D85 D0FEFFFF lea eax,dword ptr ss: ;"louzhu"
004015EE .8D9D 70FEFFFF lea ebx,dword ptr ss: ;"five"
004015F4 .BF 0F000000 mov edi,0xF
004015F9 .0F4385 D0FEFFFF cmovnb eax,dword ptr ss:
00401600 .83BD 84FEFFFF 10 cmp dword ptr ss:,0x10
00401607 .8985 54FEFFFF mov dword ptr ss:,eax
0040160D .0F439D 70FEFFFF cmovnb ebx,dword ptr ss:
00401614 .03D1 add edx,ecx ;"louzhufive".len = 6 + 4 = 10
00401616 .899D 50FEFFFF mov dword ptr ss:,ebx ;"five"
0040161C .8D9D A0FEFFFF lea ebx,dword ptr ss: ; == 6
00401622 .8995 6CFEFFFF mov dword ptr ss:,edx ;edx = 10
00401628 .3BD7 cmp edx,edi
0040162A .0F86 8B000000 jbe Crack.004016BB
00401630 .8BFA mov edi,edx
00401632 .83CF 0F or edi,0xF
00401635 .81FF FFFFFF7F cmp edi,0x7FFFFFFF
0040163B .76 32 jbe short Crack.0040166F
0040163D .BF FFFFFF7F mov edi,0x7FFFFFFF
00401642 .B9 23000080 mov ecx,0x80000023
00401647 >51 push ecx
00401648 .E8 69110000 call Crack.004027B6
0040164D .83C4 04 add esp,0x4
00401650 .85C0 test eax,eax
00401652 .0F84 F1020000 je Crack.00401949
00401658 .8B8D E0FEFFFF mov ecx,dword ptr ss:
0040165E .8D58 23 lea ebx,dword ptr ds:
00401661 .8B95 6CFEFFFF mov edx,dword ptr ss:
00401667 .83E3 E0 and ebx,-0x20
0040166A .8943 FC mov dword ptr ds:,eax
0040166D .EB 40 jmp short Crack.004016AF
0040166F >B8 16000000 mov eax,0x16
00401674 .3BF8 cmp edi,eax
00401676 .0F42F8 cmovb edi,eax
00401679 .8D47 01 lea eax,dword ptr ds:
0040167C .3D 00100000 cmp eax,0x1000
00401681 .72 0D jb short Crack.00401690
00401683 .8D48 23 lea ecx,dword ptr ds:
00401686 .3BC8 cmp ecx,eax
00401688 .0F86 EE020000 jbe Crack.0040197C
0040168E .^ EB B7 jmp short Crack.00401647
00401690 >85C0 test eax,eax
00401692 .74 19 je short Crack.004016AD
00401694 .50 push eax
00401695 .E8 1C110000 call Crack.004027B6
0040169A .8B8D E0FEFFFF mov ecx,dword ptr ss:
004016A0 .83C4 04 add esp,0x4
004016A3 .8B95 6CFEFFFF mov edx,dword ptr ss: ;ntdll_1n.7DEE1ECD
004016A9 .8BD8 mov ebx,eax
004016AB .EB 02 jmp short Crack.004016AF
004016AD >33DB xor ebx,ebx
004016AF >8B85 54FEFFFF mov eax,dword ptr ss:
004016B5 .899D A0FEFFFF mov dword ptr ss:,ebx
004016BB >51 push ecx ; /n
004016BC .50 push eax ; |src
004016BD .53 push ebx ; |dest
004016BE .8995 B0FEFFFF mov dword ptr ss:,edx ; |
004016C4 .89BD B4FEFFFF mov dword ptr ss:,edi ; |
004016CA .E8 501F0000 call <jmp.&VCRUNTIME140.memcpy> ; \memcpy
004016CF .FFB5 80FEFFFF push dword ptr ss: ; /n
004016D5 .8B85 E0FEFFFF mov eax,dword ptr ss: ; |
004016DB .FFB5 50FEFFFF push dword ptr ss: ; |src
004016E1 .03C3 add eax,ebx ; |
004016E3 .50 push eax ; |dest
004016E4 .E8 361F0000 call <jmp.&VCRUNTIME140.memcpy> ; \memcpy
004016E9 .8B85 6CFEFFFF mov eax,dword ptr ss: ;len = 10
004016EF .8D8D A0FEFFFF lea ecx,dword ptr ss: ;"louzhufive"
004016F5 .8BBD 88FEFFFF mov edi,dword ptr ss:
004016FB .8D95 88FEFFFF lea edx,dword ptr ss: ;sn
00401701 .83C4 18 add esp,0x18
00401704 .C60403 00 mov byte ptr ds:,0x0
00401708 .83BD B4FEFFFF 10 cmp dword ptr ss:,0x10
0040170F .8B9D 98FEFFFF mov ebx,dword ptr ss: ;len = 10
00401715 .0F438D A0FEFFFF cmovnb ecx,dword ptr ss:
0040171C .83BD 9CFEFFFF 10 cmp dword ptr ss:,0x10
00401723 .0F43D7 cmovnb edx,edi
00401726 .3B9D B0FEFFFF cmp ebx,dword ptr ss: ;"louzhufive".len == sn.len ??
0040172C .75 59 jnz short Crack.00401787
0040172E .83EB 04 sub ebx,0x4
00401731 .72 11 jb short Crack.00401744
00401733 >8B02 mov eax,dword ptr ds: ;sn == "louzhufive"
00401735 .3B01 cmp eax,dword ptr ds: ;compare
00401737 .75 10 jnz short Crack.00401749
00401739 .83C2 04 add edx,0x4
0040173C .83C1 04 add ecx,0x4
0040173F .83EB 04 sub ebx,0x4
00401742 .^ 73 EF jnb short Crack.00401733
00401744 >83FB FC cmp ebx,-0x4
00401747 .74 34 je short Crack.0040177D
00401749 >8A02 mov al,byte ptr ds:
0040174B .3A01 cmp al,byte ptr ds:
0040174D .75 27 jnz short Crack.00401776
0040174F .83FB FD cmp ebx,-0x3
00401752 .74 29 je short Crack.0040177D
00401754 .8A42 01 mov al,byte ptr ds:
00401757 .3A41 01 cmp al,byte ptr ds:
0040175A .75 1A jnz short Crack.00401776
0040175C .83FB FE cmp ebx,-0x2
0040175F .74 1C je short Crack.0040177D
00401761 .8A42 02 mov al,byte ptr ds:
00401764 .3A41 02 cmp al,byte ptr ds:
00401767 .75 0D jnz short Crack.00401776
00401769 .83FB FF cmp ebx,-0x1
0040176C .74 0F je short Crack.0040177D
0040176E .8A42 03 mov al,byte ptr ds:
00401771 .3A41 03 cmp al,byte ptr ds:
00401774 .74 07 je short Crack.0040177D
00401776 >1BC0 sbb eax,eax ;error
00401778 .83C8 01 or eax,0x1
0040177B .EB 02 jmp short Crack.0040177F
0040177D >33C0 xor eax,eax ;OK
0040177F >85C0 test eax,eax
00401781 .75 04 jnz short Crack.00401787
00401783 .B3 01 mov bl,0x1 ;OK
00401785 .EB 02 jmp short Crack.00401789
00401787 >32DB xor bl,bl ;error
00401789 >8B85 B4FEFFFF mov eax,dword ptr ss:
0040178F .83F8 10 cmp eax,0x10
00401792 .72 31 jb short Crack.004017C5
00401794 .8B95 A0FEFFFF mov edx,dword ptr ss:
0040179A .8D48 01 lea ecx,dword ptr ds:
0040179D .8BC2 mov eax,edx
0040179F .81F9 00100000 cmp ecx,0x1000
004017A5 .72 14 jb short Crack.004017BB
004017A7 .8B52 FC mov edx,dword ptr ds:
004017AA .83C1 23 add ecx,0x23
004017AD .2BC2 sub eax,edx
004017AF .83C0 FC add eax,-0x4
004017B2 .83F8 1F cmp eax,0x1F
004017B5 .0F87 8E010000 ja Crack.00401949
004017BB >51 push ecx
004017BC .52 push edx
004017BD .E8 39110000 call Crack.004028FB
004017C2 .83C4 08 add esp,0x8
004017C5 >84DB test bl,bl ;isOK == 1 ??
004017C7 .74 1B je short Crack.004017E4
004017C9 .8B0D 74404000 mov ecx,dword ptr ds:[<&MSVCP140.std::cout>] ;msvcp140.std::cout
004017CF .8D95 6CFEFFFF lea edx,dword ptr ss:
004017D5 .C785 6CFEFFFF B3C9B9A6 mov dword ptr ss:,0xA6B9C9B3 ;"成功"
004017DF .E8 BC050000 call Crack.00401DA0
004017E4 >68 5C424000 push Crack.0040425C ; /command = "pause"
004017E9 .FF15 28414000 call dword ptr ds:[<&api-ms-win-crt-runtime-l1-1-0.system>] ; \system
004017EF .C645 FC 0D mov byte ptr ss:,0xD
004017F3 .83C4 04 add esp,0x4
不愿鞠躬车马前 发表于 2020-12-31 13:17
我的我的,第一个判断是字符串长度9而正确的长度确没有达到9.。。。导致大家出不来。。。并且也把里面的不 ...
好象有两个问题:
1、长度9,与后面对不上。
2、0x9B,也就是 "155",太小了,生成不了4个数组元素,产生内存访问错误。 输入正确他就会跳出成功,输入错误就会跳出失败 最好上个正确的图 用IDA F5大法401220函数之后不知道干啥了,找不到成功的字符串:
int sub_401220()
{
int v0; // esi
char *v1; // edi
unsigned int v2; // ebx
unsigned int v3; // edi
void **v4; // ecx
void **v5; // eax
char *v6; // edi
char *v7; // ecx
char *v8; // edx
unsigned int v9; // ebx
bool v10; // cf
unsigned __int8 v11; // al
unsigned __int8 v12; // al
unsigned __int8 v13; // al
int v14; // eax
_BYTE *v15; // ecx
int v16; // edx
int v17; // ecx
char *v18; // eax
unsigned int v19; // ecx
char *v21; //
void *v22; //
int v23; //
int v24; //
int v25; //
int v26; //
void *v27; //
unsigned int v28; //
void *v29; //
unsigned int v30; //
void *v31; //
unsigned int v32; //
void *v33; //
unsigned int v34; //
void *Memory; //
int v36; //
unsigned int v37; //
void *v38; //
int v39; //
unsigned int v40; //
void *v41; //
unsigned int v42; //
unsigned int v43; //
void *Dst; //
unsigned int v45; //
unsigned int v46; //
char Src; //
int v48; //
int v49; //
char v50; //
int v51; //
int v52; //
char v53; //
int v54; //
int v55; //
char v56; //
int v57; //
int v58; //
char v59; //
int v60; //
int v61; //
char v62; //
int v63; //
int v64; //
char v65; //
int v66; //
int v67; //
char v68; //
int v69; //
int v70; //
char v71; //
int v72; //
int v73; //
char v74; //
int v75; //
int v76; //
char v77; //
int v78; //
v22 = 0;
v0 = 0;
v25 = 0;
v23 = 0;
v24 = 0;
v78 = 0;
v42 = 0;
v43 = 15;
LOBYTE(v41) = 0;
LOBYTE(v78) = 1;
sub_401D40(std::cout, "请输入注册码");
sub_402410(std::cin, &v41);
if ( v42 != 9 )
{
v26 = -592402486;
sub_401D40(std::cout, (const char *)&v26);
}
v1 = v77;
v2 = 155;
do
{
*--v1 = v2 % 0xA + 48;
v2 /= 0xAu;
}
while ( v2 );
v45 = 0;
v46 = 15;
LOBYTE(Dst) = 0;
if ( v1 != v77 )
{
sub_401AC0(&Dst, v1, v77 - v1);
v2 = v45;
}
LOBYTE(v78) = 2;
v48 = 0;
v49 = 15;
Src = 0;
sub_401AC0(Src, "zero", 4u);
LOBYTE(v78) = 3;
v51 = 0;
v52 = 15;
v50 = 0;
sub_401AC0(&v50, "one", 3u);
LOBYTE(v78) = 4;
v54 = 0;
v55 = 15;
v53 = 0;
sub_401AC0(&v53, "two", 3u);
LOBYTE(v78) = 5;
v57 = 0;
v58 = 15;
v56 = 0;
sub_401AC0(&v56, "three", 5u);
LOBYTE(v78) = 6;
v60 = 0;
v61 = 15;
v59 = 0;
sub_401AC0(&v59, "破你麻痹", 8u);
LOBYTE(v78) = 7;
v63 = 0;
v64 = 15;
v62 = 0;
sub_401AC0(&v62, "five", 4u);
LOBYTE(v78) = 8;
v66 = 0;
v67 = 15;
v65 = 0;
sub_401AC0(&v65, "six6666", 7u);
LOBYTE(v78) = 9;
v69 = 0;
v70 = 15;
v68 = 0;
sub_401AC0(&v68, "seven", 5u);
LOBYTE(v78) = 10;
v72 = 0;
v73 = 15;
v71 = 0;
sub_401AC0(&v71, &unk_40424C, 0xFu);
LOBYTE(v78) = 11;
v75 = 0;
v76 = 15;
v74 = 0;
sub_401AC0(&v74, "哈哈哈哈", 8u);
v3 = 1;
LOBYTE(v78) = 12;
v4 = (void **)Dst;
if ( v2 <= 1 )
{
v6 = 0;
}
else
{
do
{
v5 = &Dst;
if ( v46 >= 0x10 )
v5 = v4;
v21 = &Src;
if ( v0 == v25 )
{
sub_401F80((int *)&v22, v0, v21);
v0 = v23;
v25 = v24;
}
else
{
sub_401A00(v21);
v0 += 24;
v23 = v0;
}
v4 = (void **)Dst;
++v3;
}
while ( v3 < v2 );
v6 = (char *)v22;
}
sub_401A00(v6);
LOBYTE(v78) = 13;
sub_401A00(v6 + 24);
LOBYTE(v78) = 14;
sub_401A00(v6 + 48);
LOBYTE(v78) = 15;
sub_401A00(v6 + 96);
LOBYTE(v78) = 16;
sub_401A00(v6 + 120);
LOBYTE(v78) = 17;
v36 = 0;
v37 = 15;
LOBYTE(Memory) = 0;
sub_401AC0(&Memory, &unk_404268, 0xAu);
LOBYTE(v78) = 18;
v7 = (char *)&v38;
v8 = (char *)&v41;
if ( v40 >= 0x10 )
v7 = (char *)v38;
if ( v43 >= 0x10 )
v8 = (char *)v41;
if ( v42 == v39 )
{
v9 = v42 - 4;
if ( v42 < 4 )
{
LABEL_24:
if ( v9 == -4 )
goto LABEL_33;
}
else
{
while ( *(_DWORD *)v8 == *(_DWORD *)v7 )
{
v8 += 4;
v7 += 4;
v10 = v9 < 4;
v9 -= 4;
if ( v10 )
goto LABEL_24;
}
}
v10 = (unsigned __int8)*v8 < (unsigned __int8)*v7;
if ( *v8 != *v7
|| v9 != -3
&& ((v11 = v8, v10 = v11 < (unsigned __int8)v7, v11 != v7)
|| v9 != -2
&& ((v12 = v8, v10 = v12 < (unsigned __int8)v7, v12 != v7)
|| v9 != -1 && (v13 = v8, v10 = v13 < (unsigned __int8)v7, v13 != v7))) )
{
v14 = -v10 | 1;
goto LABEL_34;
}
LABEL_33:
v14 = 0;
LABEL_34:
if ( !v14 )
{
v26 = -1497773645;
sub_401D40(std::cout, (const char *)&v26);
}
}
system("pause");
LOBYTE(v78) = 17;
if ( v37 >= 0x10 )
{
v15 = Memory;
if ( v37 + 1 >= 0x1000 )
{
v15 = (_BYTE *)*((_DWORD *)Memory - 1);
v16 = v37 + 36;
if ( (unsigned int)((_BYTE *)Memory - v15 - 4) > 0x1F )
goto LABEL_71;
}
sub_40289B(v15);
}
LOBYTE(v78) = 16;
if ( v34 >= 0x10 )
{
v15 = v33;
if ( v34 + 1 >= 0x1000 )
{
v15 = (_BYTE *)*((_DWORD *)v33 - 1);
v16 = v34 + 36;
if ( (unsigned int)((_BYTE *)v33 - v15 - 4) > 0x1F )
goto LABEL_71;
}
sub_40289B(v15);
}
LOBYTE(v78) = 15;
if ( v32 >= 0x10 )
{
v15 = v31;
if ( v32 + 1 >= 0x1000 )
{
v15 = (_BYTE *)*((_DWORD *)v31 - 1);
v16 = v32 + 36;
if ( (unsigned int)((_BYTE *)v31 - v15 - 4) > 0x1F )
goto LABEL_71;
}
sub_40289B(v15);
}
LOBYTE(v78) = 14;
if ( v30 >= 0x10 )
{
v15 = v29;
if ( v30 + 1 >= 0x1000 )
{
v15 = (_BYTE *)*((_DWORD *)v29 - 1);
v16 = v30 + 36;
if ( (unsigned int)((_BYTE *)v29 - v15 - 4) > 0x1F )
goto LABEL_71;
}
sub_40289B(v15);
}
LOBYTE(v78) = 13;
if ( v28 >= 0x10 )
{
v15 = v27;
if ( v28 + 1 >= 0x1000 )
{
v15 = (_BYTE *)*((_DWORD *)v27 - 1);
v16 = v28 + 36;
if ( (unsigned int)((_BYTE *)v27 - v15 - 4) > 0x1F )
goto LABEL_71;
}
sub_40289B(v15);
}
LOBYTE(v78) = 12;
if ( v40 >= 0x10 )
{
v16 = (int)v38;
if ( v40 + 1 >= 0x1000 )
{
v16 = *((_DWORD *)v38 - 1);
v15 = (_BYTE *)(v40 + 36);
if ( (unsigned int)((char *)v38 - v16 - 4) > 0x1F )
goto LABEL_71;
}
sub_40289B((void *)v16);
}
LOBYTE(v78) = 2;
sub_402786(Src, 24, 10, sub_4019B0);
if ( v46 >= 0x10 )
{
v16 = (int)Dst;
if ( v46 + 1 >= 0x1000 )
{
v16 = *((_DWORD *)Dst - 1);
v15 = (_BYTE *)(v46 + 36);
if ( (unsigned int)((char *)Dst - v16 - 4) > 0x1F )
goto LABEL_71;
}
sub_40289B((void *)v16);
}
if ( v43 < 0x10 )
goto LABEL_68;
v16 = (int)v41;
if ( v43 + 1 >= 0x1000 )
{
v16 = *((_DWORD *)v41 - 1);
v15 = (_BYTE *)(v43 + 36);
if ( (unsigned int)((char *)v41 - v16 - 4) > 0x1F )
{
LABEL_71:
invalid_parameter_noinfo_noreturn(v15, v16);
LABEL_72:
sub_40289B(v6);
return 0;
}
}
sub_40289B((void *)v16);
LABEL_68:
if ( v6 )
{
sub_4022C0(v6, v0, v17);
v16 = (signed int)((unsigned __int64)(715827883i64 * (v25 - (signed int)v6)) >> 32) >> 2;
v18 = v6;
v19 = 24 * ((v25 - (signed int)v6) / 24);
if ( v19 < 0x1000 )
goto LABEL_72;
v6 = (char *)*((_DWORD *)v6 - 1);
v15 = (_BYTE *)(v19 + 35);
if ( (unsigned int)(v18 - v6 - 4) <= 0x1F )
goto LABEL_72;
goto LABEL_71;
}
return 0;
} 好歹给个成功截图吧,输入任意9位数就直接闪退了 看到6楼的字符串,就不想试了 请楼主尽快补上成功的截图
(虽然6楼字符串有了。。。) 爆破算不算
关键位置
还是看了6楼的字符串,你又想要人破 ,然后你又在里面搞个字符串骂人家啥意思 我的我的,第一个判断是字符串长度9而正确的长度确没有达到9.。。。导致大家出不来。。。并且也把里面的不好的话去除了,起初发给朋友玩那时候没注意,,,。。这版更新了,应该很简单。附上成功截图。
页:
[1]
2