160cm之007 逆向分析 by cqr2287
这个软件跟上次一样,要求注册按钮禁用并且另一个按钮显示出来。看看帮助再说。
00442CC8 .B8 FC2C4400 mov eax,aLoNg3x_.00442CFC ;ASCII "The purpose of this CrackMe v. 2.00 by aLoNg3x is to MAKE INVISIBLE the buttons in order to see the "
00442CCD .E8 9EF8FFFF call aLoNg3x_.00442570
00442CD2 .B8 BC2D4400 mov eax,aLoNg3x_.00442DBC ;Nota: if the buttons does NOT become invisible, then you have NOT cracked this Crackme :)
00442CD7 .E8 94F8FFFF call aLoNg3x_.00442570
00442CDC .B8 202E4400 mov eax,aLoNg3x_.00442E20 ;If you need some helps e-mail me or if you solve this protection please write me your solution. Many thanks
00442CE1 .E8 8AF8FFFF call aLoNg3x_.00442570
00442CE6 .B8 942E4400 mov eax,aLoNg3x_.00442E94 ;CrackMe v. 2.00 written by "aLoNg3x" E-MAIL: along3x@geocities.com URL: http://along3x.cjb.net ; member of "Ringzer0" URL: http://ringzer0.cjb.net
00442CEB .E8 80F8FFFF call aLoNg3x_.00442570
00442CF0 .C3 retn
ok
static/image/hrline/2.gif
上dede。
(小生大神的dede真多,我目前用了3个了)
again(要显示的按钮)4430bc
注册按钮:442f28.
其他两个不用跟了,都跟这个无关。
先跟注册的 。
下段,运行,输入用户名,注册。
00442F64|. /74 37 je short aLoNg3x_.00442F9D
00442F66|. |B8 38304400 mov eax,aLoNg3x_.00443038 ;You MUST insert a valid Long Integer Value in the Code Editor... Thank you :)
没错,这应该跳。继续跟踪。
00442F9F 90 nop
00442FA0 90 nop
00442FA1|.8D55 F8 lea edx,
00442FA4|.8B83 D8020000 mov eax,dword ptr ds:
00442FAA|.E8 9102FEFF call aLoNg3x_.00423240
00442FAF|.8B4D F8 mov ecx,
00442FB2|.8BD6 mov edx,esi
00442FB4|.A1 30584400 mov eax,dword ptr ds:
00442FB9|.E8 EAF9FFFF call aLoNg3x_.004429A8
00442FBE|.84C0 test al,al
00442FC0|.74 30 je short aLoNg3x_.00442FF2
00442FC2|.33D2 xor edx,edx
00442FC4|.8B83 CC020000 mov eax,dword ptr ds:
00442FCA|.E8 6101FEFF call aLoNg3x_.00423130
00442FCF|.B2 01 mov dl,0x1
00442FD1|.8B83 E8020000 mov eax,dword ptr ds:
00442FD7|.E8 5401FEFF call aLoNg3x_.00423130
00442FDC|.33D2 xor edx,edx
00442FDE|.8B83 D8020000 mov eax,dword ptr ds:
00442FE4|.8B08 mov ecx,dword ptr ds:
00442FE6|.FF51 60 call dword ptr ds:
00442FE9|.33C0 xor eax,eax
00442FEB|.A3 30584400 mov dword ptr ds:,eax
00442FF0|.EB 1A jmp short aLoNg3x_.0044300C
00442FF2|>33C0 xor eax,eax
00442FF4|.A3 30584400 mov dword ptr ds:,eax
00442FF9|.EB 11 jmp short aLoNg3x_.0044300C
00442FFB|>B8 9C304400 mov eax,aLoNg3x_.0044309C ;Please... The Code Must be > 0
nop本来是jle,被我nop了。因为直接跳到错误了。
00442FC0|. /74 30 je short aLoNg3x_.00442FF2
此时eax是0.我们不知道je该不该跳。下个断。让他跳看看。
没用。那就不跳。
yeah。
那么je是关键跳。好,爆破成功。
等会。没完,again还要跟踪呢。
跟踪它。
004430BC push ebp
004430BD mov ebp,esp
004430BF push 0
004430C1 push 0
004430C3 push 0
004430C5 push ebx
004430C6 push esi
004430C7 mov ebx,eax
004430C9 xor eax,eax
004430CB push ebp
004430CC push 44322D
004430D1 push dword ptr fs:
004430D4 mov dword ptr fs:,esp
004430D7 lea edx,
004430DA mov eax,dword ptr ; TPrincipale.Codice:TEdit
004430E0 call TControl.GetText
004430E5 mov eax,dword ptr
004430E8 lea edx,
004430EB call @ValLong
004430F0 mov esi,eax
004430F2 cmp dword ptr ,0
>004430F6 je 00443132
004430F8 mov eax,443244; 'You MUST insert a valid Long Integer Value in the Code Editor... Thank you :)'
004430FD call ShowMessage
00443102 lea edx,
00443105 mov eax,dword ptr ; TPrincipale.Codice:TEdit
0044310B call TControl.GetText
00443110 mov eax,dword ptr
00443113 call 00442A8C
00443118 mov ,eax; gvar_00445830
0044311D mov edx,44329C; '0'
00443122 mov eax,dword ptr ; TPrincipale.Codice:TEdit
00443128 call TControl.SetText
>0044312D jmp 0044320F
00443132 test esi,esi
>00443134 jle 004431FE
0044313A lea edx,
0044313D mov eax,dword ptr ; TPrincipale.Nome:TEdit
00443143 call TControl.GetText
00443148 mov ecx,dword ptr
0044314B mov edx,esi
0044314D mov eax,; 0x0 gvar_00445830
00443152 call 004429A8
00443157 test al,al
>00443159 je 004431CE
0044315B xor edx,edx
跟上面一个差不多。nopje
现在,爆破完成。
static/image/hrline/2.gif
下面追码。
我们知道,上方je是关键。那么我们回溯,找到了4429a8这里。非常可疑
跟踪。
在442a55处,ebx返回0.上面就是关键代码,下段即可有算法。
static/image/hrline/2.gif
007分析好了。下回008
感慨:
1、小生的dede好多
2、dede被小生改的好厉害!
你的个性签名说的我都不敢碰了 你不觉得你应该告诉新手怎么用dede么???
你还真有耐心玩这些cm 什么crackmes.de 楼主发布软件经常带病毒,下载请小心!{:301_1009:}这句话怎么弄? 赞个。。。。。 感谢分享,学习了
页:
[1]