从国外网站下的一个CM,类DOS界面的

qq513701092

从国外论坛上下载的一个CM，感觉很不错
没看到过类似的CM，跟大家分享下




不好意识，刚才忘记传了
现在OK

絕戀de煩神

CM呢？怎么看不到CM啊？

qq513701092

******************************************************
******************************************************
888 .d8888b.888
888d88PY88b 888
888888888 888
88888b.888d888 888888 888888.d88b.88888b.
88888b 888P888888 888 .88P d8PY8b 888 88b
888888 888 888888 888888K88888888 888888
888 d88P 888 Y88bd88P 888 88bY8b. 888888
88888P 888 Y8888P 888888bY8888888888
******************************************************
******************************************************


STAGE 1
*******

Enter Password To Continue : 1

Stage 1 completed!


STAGE 2
*******


Name [2<=chars<=10] : 2

Serial : 3

Stage 2 Completed!


STAGE 3
*******

Console nag... lol ...Remove Me!

Stage 3 Completed if you don&#39;t see nag!



Hope you had fun ;)

中文翻译：

第一阶段
*******

输入密码要继续： 1

第一阶段完成！


第2阶段
*******


名称[ 2 “ =字符” = 10 ] ： 2

序号： 3

第2阶段完成！


第3阶段
*******

控制台唠叨...上海...删除我！

第3阶段完成，如果您看不到那！



希望你的乐趣; ）

絕戀de煩神

中文翻译好烂啊。都看不明白。5555

creantan

看看。。。。。 [s:40][s:40][s:40]


Stage1:PaSSw0rD

Stage2: Name:1M
Serial:123
Stage3:
004014D6C70424 643240>mov dword ptr [esp], 00403264
004014DDE8 AE050000 call<jmp.&msvcrt.printf>
004014E2|.E8 F9040000 call<jmp.&msvcrt._getch>//NOP

絕戀de煩神

第一阶段：

004013B4|.8D45 D8lea eax,[local.10]; |把试练码送给EAX
004013B7|.890424 mov dword ptr ss:[esp],eax; |把试练码送给[ESP]
004013BA|.E8 B1060000call <jmp.&msvcrt.strlen> ; \取试练码的长度
004013BF|.83F8 08cmp eax,8 ;试练码长度和8比较
004013C2|.74 05je short CrackMe#.004013C9;不相等就GAME OVER
004013C4|.E9 2C010000jmp CrackMe#.004014F5
004013C9|>C745 F4 00000000 mov [local.3],0
004013D0|>837D F4 07 /cmp [local.3],7;[ebp-C]的值和7比较
004013D4|.7F 20|jg short CrackMe#.004013F6 ;大于就跳
004013D6|.8D45 F8|lea eax,[local.2]
004013D9|.0345 F4|add eax,[local.3]
004013DC|.8D50 E0|lea edx,dword ptr ds:[eax-20]
004013DF|.8D45 F8|lea eax,[local.2]
004013E2|.0345 F4|add eax,[local.3]
004013E5|.83E8 20|sub eax,20 ;EAX－20＝试练码的地址
004013E8|.0FB600 |movzx eax,byte ptr ds:[eax];逐位取试练码的ASCII值给EAX
004013EB|.FEC0 |inc al ;AL+1
004013ED|.8802 |mov byte ptr ds:[edx],al ;把AL的值覆盖原来的地方
004013EF|.8D45 F4|lea eax,[local.3]
004013F2|.FF00 |inc dword ptr ds:[eax] ;[EAX]+1
004013F4|.^ EB DA\jmp short CrackMe#.004013D0;循环计算

总结：
1、试练码要8位，逐位取试练码的ASCII值+1进行变异。
2、变异后的试练码和QbTTx1sE比较。

第二阶段：

00401480|> /8D45 B8/lea eax,[local.18] ; |把用户名的地址送给EAX
00401483|. |890424 |mov dword ptr ss:[esp],eax ; |把用户名送给[esp]
00401486|. |E8 E5050000|call <jmp.&msvcrt.strlen>; \取用户名长度
0040148B|. |3945 F4|cmp [local.3],eax;[ebp-c]和用户名长度比较
0040148E|. |77 1A|ja short CrackMe#.004014AA ;大于就跳
00401490|. |8D45 F8|lea eax,[local.2]
00401493|. |0345 F4|add eax,[local.3]
00401496|. |83E8 40|sub eax,40
00401499|. |0FBE00 |movsx eax,byte ptr ds:[eax];逐位取用户名ASCII值给EAX
0040149C|. |0345 B4|add eax,[local.19] ;EAX+[ebp-4c]的值
0040149F|. |48 |dec eax;EAX-1
004014A0|. |8945 B4|mov [local.19],eax ;把EAX的值送给[ebp-4c]
004014A3|. |8D45 F4|lea eax,[local.3]
004014A6|. |FF00 |inc dword ptr ds:[eax] ;[eax]+1
004014A8|.^\EB D6\jmp short CrackMe#.00401480;循环计算
004014AA|>8B45 B4mov eax,[local.19]; |||||上面计算好的结果送给EAX
004014AD|.3B45 B0cmp eax,[local.20]; |||||EAX的值和试练码的16进制比较
004014B0|.75 43jnz short CrackMe#.004014F5 ; |||||不相等就GAME OVER

总结：
1、用户名要大于2位且小于10位。
2、逐位取用户名ASCII值累加，每加一次减一。
3、最后结果要和输入的试练码16进制相等。

第三阶段：

004014D6|.C70424 64324000mov dword ptr ss:[esp],CrackMe#.0>; ||console nag... lol ...remove me!\n
004014DD|.E8 AE050000call <jmp.&msvcrt.printf> ; |\printf
004014E2|.E8 F9040000call <jmp.&msvcrt._getch> ; |[_getch

总结：第三阶段只要让程序不输出console nag... lol ...remove me!就可以了。所以就要把上面的代码NOP。

zapline

int __cdecl main(int argc, const char **argv, const char *envp)
{
signed int v4; // [sp+1Ch] [bp-5Ch]@1
size_t v5; // [sp+6Ch] [bp-Ch]@1
int v6; // [sp+40h] [bp-38h]@1
int v7; // [sp+44h] [bp-34h]@1
char v8; // [sp+48h] [bp-30h]@1
char v9; // [sp+49h] [bp-2Fh]@1
int v10; // [sp+2Ch] [bp-4Ch]@1
int v11; // [sp+28h] [bp-50h]@1
char v12; // [sp+50h] [bp-28h]@1
_BYTE v13[8]; // [sp+70h] [bp-8h]@5
char v14; // [sp+30h] [bp-48h]@7

v4 = 16;
__main();
v5 = 0;
v6 = dword_403000;
v7 = dword_403004;
v8 = byte_403008;
v9 = 0;
v10 = 0;
v11 = 0;
printf("******************************************************\n");
printf("******************************************************\n");
printf("888 .d8888b.888\n");
printf("888d88PY88b 888\n");
printf("888888888 888\n");
printf("88888b.888d888 888888 888888.d88b.88888b.\n");
printf("88888b 888P888888 888 .88P d8PY8b 888 88b\n");
printf("888888 888 888888 888888K88888888 888888\n");
printf("888 d88P 888 Y88bd88P 888 88bY8b. 888888\n");
printf("88888P 888 Y8888P 888888bY8888888888\n");
printf("******************************************************\n");
printf("******************************************************\n");
printf("\n\nSTAGE 1\n");
printf("*******\n\n");
printf("Enter Password To Continue : ");
scanf("%s", &v12);
if ( strlen(&v12) != 8 )
goto LABEL_16;
v5 = 0;
while ( (signed int)v5 <= 7 )
++v13[v5++ - 32];
if ( strcmp(&v12, (const char *)&v6) )
goto LABEL_16;
printf("\nStage 1 completed!");
printf("\n\n\nSTAGE 2\n");
printf("*******\n\n");
printf("\nName [2<=chars<=10] : ");
scanf("%s", &v14);
printf("\nSerial : ");
scanf("%d", &v11);
v5 = 0;
while ( v5 <= strlen(&v14) )
v10 = v10 + v13[v5++ - 64] - 1;
if ( v10 != v11 )
{
LABEL_16:
printf("\nSomething went wrong...\n\nPress Any Key To Quit");
getch();
}
else
{
printf("\nStage 2 Completed!\n");
printf("\n\nSTAGE 3\n");
printf("*******\n\n");
printf("Console nag... lol ...Remove Me!\n");
getch();
printf("\nStage 3 Completed if you don&#39;t see nag!\n");
}
printf("\n\n\nHope you had fun ;)\n\n\n");
getch();
return 0;
}

F5太厉害了！