【吾爱2013CM大赛解答】-- 2013CM_无邪-- 无邪分析
【文章标题】: 【吾爱2013CM大赛解答】-- 2013CM_无邪-- 无邪分析【文章作者】: 苏紫方璇
【编写语言】: 易语言
--------------------------------------------------------------------------------
【详细过程】
由于是易语言的程序,直接下易语言事件断点
程序断下后
然后F8单步跟下去,会发现程序依次取真注册名和输入的注册名比较,然后取真码和输入的假码比较,如此往复N次
004010A1/.55 push ebp
004010A2|.8BEC mov ebp,esp
004010A4|.81EC 1C000000 sub esp,0x1C
004010AA|.68 010100A0 push 0xA0000101
004010AF|.6A 00 push 0x0
004010B1|.68 50AB4600 push 2013CM_?0046AB50
004010B6|.68 01000000 push 0x1
004010BB|.BB 501B4000 mov ebx,2013CM_?00401B50
004010C0|.E8 15090000 call 2013CM_?004019DA ;真注册名
004010C5|.83C4 10 add esp,0x10
004010C8|.8945 FC mov ,eax
004010CB|.6A FF push -0x1
004010CD|.6A 08 push 0x8
004010CF|.68 04000116 push 0x16010004
004010D4|.68 01000152 push 0x52010001
004010D9|.E8 02090000 call 2013CM_?004019E0 ;注册名
004010DE|.83C4 10 add esp,0x10
004010E1|.8945 F8 mov ,eax
004010E4|.8B45 FC mov eax,
004010E7|.50 push eax
004010E8|.FF75 F8 push
004010EB|.E8 14FFFFFF call 2013CM_?00401004 ;比较
004010F0|.83C4 08 add esp,0x8
004010F3|.83F8 00 cmp eax,0x0
004010F6|.B8 00000000 mov eax,0x0
004010FB|.0F94C0 sete al
004010FE|.8945 F4 mov ,eax
00401101|.8B5D F8 mov ebx,
00401104|.85DB test ebx,ebx
00401106|.74 09 je X2013CM_?00401111
00401108|.53 push ebx
00401109|.E8 C0080000 call 2013CM_?004019CE
0040110E|.83C4 04 add esp,0x4
00401111|>8B5D FC mov ebx,
00401114|.85DB test ebx,ebx
00401116|.74 09 je X2013CM_?00401121
00401118|.53 push ebx
00401119|.E8 B0080000 call 2013CM_?004019CE
0040111E|.83C4 04 add esp,0x4
00401121|>837D F4 00 cmp ,0x0
00401125|.0F84 88000000 je 2013CM_?004011B3 ;关键跳
0040112B|.68 010100A0 push 0xA0000101
00401130|.6A 00 push 0x0
00401132|.68 6DAB4600 push 2013CM_?0046AB6D
00401137|.68 01000000 push 0x1
0040113C|.BB 501B4000 mov ebx,2013CM_?00401B50
00401141|.E8 94080000 call 2013CM_?004019DA ;真注册码
00401146|.83C4 10 add esp,0x10
00401149|.8945 F0 mov ,eax
0040114C|.6A FF push -0x1
0040114E|.6A 08 push 0x8
00401150|.68 05000116 push 0x16010005
00401155|.68 01000152 push 0x52010001
0040115A|.E8 81080000 call 2013CM_?004019E0 ;假码
0040115F|.83C4 10 add esp,0x10
00401162|.8945 EC mov ,eax
00401165|.8B45 F0 mov eax,
00401168|.50 push eax
00401169|.FF75 EC push
0040116C|.E8 93FEFFFF call 2013CM_?00401004 ;比较
00401171|.83C4 08 add esp,0x8
00401174|.83F8 00 cmp eax,0x0
00401177|.B8 00000000 mov eax,0x0
0040117C|.0F94C0 sete al
0040117F|.8945 E8 mov ,eax
00401182|.8B5D EC mov ebx,
00401185|.85DB test ebx,ebx
00401187|.74 09 je X2013CM_?00401192
00401189|.53 push ebx
0040118A|.E8 3F080000 call 2013CM_?004019CE
0040118F|.83C4 04 add esp,0x4
00401192|>8B5D F0 mov ebx,
00401195|.85DB test ebx,ebx
00401197|.74 09 je X2013CM_?004011A2
00401199|.53 push ebx
0040119A|.E8 2F080000 call 2013CM_?004019CE
0040119F|.83C4 04 add esp,0x4
004011A2|>837D E8 00 cmp ,0x0
004011A6|.0F84 07000000 je 2013CM_?004011B3
004011AC|.B8 01000000 mov eax,0x1
004011B1|.EB 02 jmp X2013CM_?004011B5
004011B3|>33C0 xor eax,eax
004011B5|>85C0 test eax,eax
004011B7|.0F84 82050000 je 2013CM_?0040173F ;关键跳
综上所述
真注册名:asduiashdihasdjkanksd
真注册码:sadsadasdsafaffdsfadasd
--------------------------------------------------------------------------------
{:1_937:}基本解题思路一样
页:
[1]