【吾爱2013CM大赛解答】--2013CM_无邪-- 无邪 CM分析
【文章标题】: 吾爱2013CM大赛解答--2013CM_无邪-- 无邪 CM分析【文章作者】: Crack_Qs
【作者主页】: www.reversesec.com
【软件名称】: 2013CM_无邪-- 无邪
【下载地址】: 自己搜索下载
【作者声明】: 我是打酱油的,失误之处敬请诸位大侠赐教! 技术支持:Peace、kido
--------------------------------------------------------------------------------
【详细过程】
004010A1/.55 push ebp
004010A2|.8BEC mov ebp,esp
004010A4|.81EC 1C000000 sub esp,0x1C
004010AA|.68 010100A0 push 0xA0000101
004010AF|.6A 00 push 0x0
004010B1|.68 50AB4600 push 2013CM_?0046AB50
004010B6|.68 01000000 push 0x1
004010BB|.BB 501B4000 mov ebx,2013CM_?00401B50
004010C0|.E8 15090000 call 2013CM_?004019DA ;取ASCII "asduiashdihasdjkanksd"
004010C5|.83C4 10 add esp,0x10
004010C8|.8945 FC mov ,eax
004010CB|.6A FF push -0x1
004010CD|.6A 08 push 0x8
004010CF|.68 04000116 push 0x16010004
004010D4|.68 01000152 push 0x52010001
004010D9|.E8 02090000 call 2013CM_?004019E0 ;取用户名
004010DE|.83C4 10 add esp,0x10
004010E1|.8945 F8 mov ,eax
004010E4|.8B45 FC mov eax,
004010E7|.50 push eax
004010E8|.FF75 F8 push
004010EB|.E8 14FFFFFF call 2013CM_?00401004 ;比较
004010F0|.83C4 08 add esp,0x8
004010F3|.83F8 00 cmp eax,0x0
004010F6|.B8 00000000 mov eax,0x0
004010FB|.0F94C0 sete al
004010FE|.8945 F4 mov ,eax
00401101|.8B5D F8 mov ebx,
00401104|.85DB test ebx,ebx
00401106|.74 09 je X2013CM_?00401111
00401108|.53 push ebx
00401109|.E8 C0080000 call 2013CM_?004019CE
0040110E|.83C4 04 add esp,0x4
00401111|>8B5D FC mov ebx,
00401114|.85DB test ebx,ebx
00401116|.74 09 je X2013CM_?00401121
00401118|.53 push ebx
00401119|.E8 B0080000 call 2013CM_?004019CE
0040111E|.83C4 04 add esp,0x4
00401121|>837D F4 00 cmp ,0x0
00401125 0F84 88000000 je 2013CM_?004011B3 ;nop
0040112B|.68 010100A0 push 0xA0000101
00401130|.6A 00 push 0x0
00401132|.68 6DAB4600 push 2013CM_?0046AB6D
00401137|.68 01000000 push 0x1
0040113C|.BB 501B4000 mov ebx,2013CM_?00401B50
00401141|.E8 94080000 call 2013CM_?004019DA ;取 ASCII "sadsadasdsafaffdsfadasd"
00401146|.83C4 10 add esp,0x10
00401149|.8945 F0 mov ,eax
0040114C|.6A FF push -0x1
0040114E|.6A 08 push 0x8
00401150|.68 05000116 push 0x16010005
00401155|.68 01000152 push 0x52010001
0040115A|.E8 81080000 call 2013CM_?004019E0 ;取假码
0040115F|.83C4 10 add esp,0x10
00401162|.8945 EC mov ,eax
00401165|.8B45 F0 mov eax,
00401168|.50 push eax
00401169|.FF75 EC push
0040116C|.E8 93FEFFFF call 2013CM_?00401004 ;比较
00401171|.83C4 08 add esp,0x8
004011A2|> \837D E8 00 cmp ,0x0
004011A6|.0F84 07000000 je 2013CM_?004011B3 ;nop
004011AC|.B8 01000000 mov eax,0x1 ;给eax赋值1
004011B1|.EB 02 jmp X2013CM_?004011B5
004011B3|>33C0 xor eax,eax
004011B5|>85C0 test eax,eax
004011B7|.0F84 82050000 je 2013CM_?0040173F
00401229|. /74 09 je X2013CM_?00401234
0040122B|. |53 push ebx
0040122C|. |E8 9D070000 call 2013CM_?004019CE
00401231|. |83C4 04 add esp,0x4
00401234|> \837D F4 00 cmp ,0x0
00401238|.0F84 88000000 je 2013CM_?004012C6 ;nop
004012B5|> \837D E8 00 cmp ,0x0
004012B9|.0F84 07000000 je 2013CM_?004012C6 ;nop
004012BF|.B8 01000000 mov eax,0x1 ;给eax 1
004012C4|.EB 02 jmp X2013CM_?004012C8
004012C6|>33C0 xor eax,eax
0040133E|.53 push ebx
0040133F|.E8 8A060000 call 2013CM_?004019CE
00401344|.83C4 04 add esp,0x4
00401347|>837D F4 00 cmp ,0x0
0040134B|.0F84 88000000 je 2013CM_?004013D9 ;nop
004013C8|> \837D E8 00 cmp ,0x0 ;nop
004013CC|.0F84 07000000 je 2013CM_?004013D9
004013D2|.B8 01000000 mov eax,0x1 ;eax 1
004013D7|.EB 02 jmp X2013CM_?004013DB
004013D9|>33C0 xor eax,eax
004013DB|>85C0 test eax,eax
00401451|.53 push ebx
00401452|.E8 77050000 call 2013CM_?004019CE
00401457|.83C4 04 add esp,0x4
0040145A|>837D F4 00 cmp ,0x0
0040145E|.0F84 88000000 je 2013CM_?004014EC ;nop
004014DB|> \837D E8 00 cmp ,0x0
004014DF|.0F84 07000000 je 2013CM_?004014EC ;nop
004014E5|.B8 01000000 mov eax,0x1 ;eax 1
004014EA|.EB 02 jmp X2013CM_?004014EE
004014EC|>33C0 xor eax,eax
00401564|.53 push ebx
00401565|.E8 64040000 call 2013CM_?004019CE
0040156A|.83C4 04 add esp,0x4
0040156D|>837D F4 00 cmp ,0x0
00401571|.0F84 88000000 je 2013CM_?004015FF ;nop
004015EE|> \837D E8 00 cmp ,0x0
004015F2|.0F84 07000000 je 2013CM_?004015FF ;nop
004015F8|.B8 01000000 mov eax,0x1 ;eax 1
004015FD|.EB 02 jmp X2013CM_?00401601
004015FF|>33C0 xor eax,eax
00401677|.53 push ebx
00401678|.E8 51030000 call 2013CM_?004019CE
0040167D|.83C4 04 add esp,0x4
00401680|>837D F4 00 cmp ,0x0
00401684|.0F84 88000000 je 2013CM_?00401712 ;nop
00401701|> \837D E8 00 cmp ,0x0
00401705|.0F84 07000000 je 2013CM_?00401712 ;nop
0040170B|.B8 01000000 mov eax,0x1 ;eax 1
00401710|.EB 02 jmp X2013CM_?00401714
00401712|>33C0 xor eax,eax
--------------------------------------------------------------------------------
【经验总结】
就是反复比较
--------------------------------------------------------------------------------
【版权声明】: 本文原创于Crack_Qs, 转载请注明作者并保持文章的完整, 谢谢!
2013年12月15日 17:03:34
页:
[1]