好友 阅读权限 40
听众 最后登录 1970-1-1
小试锋芒
发表于 2013-12-22 12:39
CM是什么?Crackme是什么?这是什么东西?楼主发的什么?
他们都是一些公开给别人尝试破解的小程序,制作 Crackme 的人可能是程序员,想测试一下自己的软件保护技术,也可能是一位 Cracker,想挑战一下其它 Cracker 的破解实力,也可能是一些正在学习破解的人,自己编一些小程序给自己破解,KeyGenMe是要求别人做出它的 keygen (序号产生器), ReverseMe 要求别人把它的算法做出逆向分析, UnpackMe 是要求别人把它成功脱壳,本版块禁止回复非技术无关水贴。
本帖最后由 小试锋芒 于 2013-12-22 12:42 编辑 [AppleScript] 纯文本查看 复制代码
0046803C > 55 push ebp ; Unit1.TForm1.btn1Click
0046803D 8BEC mov ebp,esp
0046803F B9 06000000 mov ecx,6
00468044 6A 00 push 0
00468046 6A 00 push 0
00468048 49 dec ecx
00468049 ^ 75 F9 jnz short Project1.00468044
0046804B 53 push ebx
0046804C 56 push esi
0046804D 57 push edi
0046804E 8BD8 mov ebx,eax
00468050 33C0 xor eax,eax
00468052 55 push ebp
00468053 68 25824600 push Project1.00468225
00468058 64:FF30 push dword ptr fs:[eax]
0046805B 64:8920 mov dword ptr fs:[eax],esp
0046805E 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
00468061 8B83 F8020000 mov eax,dword ptr ds:[ebx+2F8]
00468067 E8 ECADFCFF call <Project1.Controls.TControl.GetText> ; 取用户名
0046806C 837D D4 00 cmp dword ptr ss:[ebp-2C],0
00468070 0F84 87010000 je Project1.004681FD
00468076 8D55 D0 lea edx,dword ptr ss:[ebp-30]
00468079 8B83 00030000 mov eax,dword ptr ds:[ebx+300]
0046807F E8 D4ADFCFF call <Project1.Controls.TControl.GetText> ; 取密码
00468084 837D D0 00 cmp dword ptr ss:[ebp-30],0
00468088 0F84 6F010000 je Project1.004681FD
0046808E 8D55 FC lea edx,dword ptr ss:[ebp-4]
00468091 8B83 F8020000 mov eax,dword ptr ds:[ebx+2F8]
00468097 E8 BCADFCFF call <Project1.Controls.TControl.GetText>
0046809C 8D45 F8 lea eax,dword ptr ss:[ebp-8]
0046809F 8B55 FC mov edx,dword ptr ss:[ebp-4]
004680A2 E8 79BEF9FF call <Project1.System.@LStrLAsg>
004680A7 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004680AA 8B55 F8 mov edx,dword ptr ss:[ebp-8]
004680AD E8 6EBEF9FF call <Project1.System.@LStrLAsg>
004680B2 8D45 F0 lea eax,dword ptr ss:[ebp-10]
004680B5 8B55 F4 mov edx,dword ptr ss:[ebp-C]
004680B8 E8 63BEF9FF call <Project1.System.@LStrLAsg>
004680BD 8D45 EC lea eax,dword ptr ss:[ebp-14]
004680C0 8B55 F4 mov edx,dword ptr ss:[ebp-C]
004680C3 E8 58BEF9FF call <Project1.System.@LStrLAsg>
004680C8 8D55 E8 lea edx,dword ptr ss:[ebp-18]
004680CB 8B83 00030000 mov eax,dword ptr ds:[ebx+300]
004680D1 E8 82ADFCFF call <Project1.Controls.TControl.GetText>
004680D6 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
004680D9 8B55 E8 mov edx,dword ptr ss:[ebp-18]
004680DC E8 3FBEF9FF call <Project1.System.@LStrLAsg>
004680E1 8D45 E0 lea eax,dword ptr ss:[ebp-20]
004680E4 8B55 E4 mov edx,dword ptr ss:[ebp-1C]
004680E7 E8 34BEF9FF call <Project1.System.@LStrLAsg>
004680EC 8D45 DC lea eax,dword ptr ss:[ebp-24]
004680EF 8B55 E0 mov edx,dword ptr ss:[ebp-20]
004680F2 E8 29BEF9FF call <Project1.System.@LStrLAsg>
004680F7 8D45 D8 lea eax,dword ptr ss:[ebp-28]
004680FA 8B55 E4 mov edx,dword ptr ss:[ebp-1C]
004680FD E8 1EBEF9FF call <Project1.System.@LStrLAsg>
00468102 8B45 FC mov eax,dword ptr ss:[ebp-4]
00468105 8038 35 cmp byte ptr ds:[eax],35 ; 用户名[1] = 5
00468108 0F85 EF000000 jnz Project1.004681FD
0046810E 33C0 xor eax,eax
00468110 55 push ebp
00468111 68 2C814600 push Project1.0046812C
00468116 64:FF30 push dword ptr fs:[eax]
00468119 64:8920 mov dword ptr fs:[eax],esp
0046811C 3E:0000 add byte ptr ds:[eax],al ; 触发异常
0046811F 33C0 xor eax,eax
00468121 5A pop edx
00468122 59 pop ecx
00468123 59 pop ecx
00468124 64:8910 mov dword ptr fs:[eax],edx
00468127 E9 D1000000 jmp Project1.004681FD ; 跳向失败
0046812C ^ E9 A7B4F9FF jmp <Project1.System.@HandleAnyException> ; 这里下断
00468131 8B45 FC mov eax,dword ptr ss:[ebp-4]
00468134 8078 02 50 cmp byte ptr ds:[eax+2],50 ; 用户名[3] = P
00468138 0F85 BA000000 jnz Project1.004681F8
0046813E 33C0 xor eax,eax
00468140 55 push ebp
00468141 68 61814600 push Project1.00468161
00468146 64:FF30 push dword ptr fs:[eax]
00468149 64:8920 mov dword ptr fs:[eax],esp
0046814C 8B45 DC mov eax,dword ptr ss:[ebp-24] ; 密码
0046814F E8 88FDF9FF call <Project1.SysUtils.StrToInt> ; 字符串转整形
00468154 33C0 xor eax,eax
00468156 5A pop edx
00468157 59 pop ecx
00468158 59 pop ecx
00468159 64:8910 mov dword ptr fs:[eax],edx
0046815C E9 97000000 jmp Project1.004681F8 ; 跳向失败
00468161 ^ E9 72B4F9FF jmp <Project1.System.@HandleAnyException>
00468166 8B45 F8 mov eax,dword ptr ss:[ebp-8]
00468169 8078 01 32 cmp byte ptr ds:[eax+1],32 ; 用户名[2] = 2
0046816D 0F85 80000000 jnz Project1.004681F3
00468173 33C0 xor eax,eax
00468175 55 push ebp
00468176 68 93814600 push Project1.00468193
0046817B 64:FF30 push dword ptr fs:[eax]
0046817E 64:8920 mov dword ptr fs:[eax],esp
00468181 8B45 F8 mov eax,dword ptr ss:[ebp-8] ; 用户名
00468184 E8 53FDF9FF call <Project1.SysUtils.StrToInt> ; 字符串转整形
00468189 33C0 xor eax,eax
0046818B 5A pop edx
0046818C 59 pop ecx
0046818D 59 pop ecx
0046818E 64:8910 mov dword ptr fs:[eax],edx
00468191 EB 60 jmp short Project1.004681F3
00468193 ^ E9 40B4F9FF jmp <Project1.System.@HandleAnyException>
00468198 8B45 F4 mov eax,dword ptr ss:[ebp-C]
0046819B 8078 04 4A cmp byte ptr ds:[eax+4],4A ; 用户名[5] = J
0046819F 75 4D jnz short Project1.004681EE
004681A1 33C0 xor eax,eax
004681A3 55 push ebp
004681A4 68 C1814600 push Project1.004681C1
004681A9 64:FF30 push dword ptr fs:[eax]
004681AC 64:8920 mov dword ptr fs:[eax],esp
004681AF 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
004681B2 E8 25FDF9FF call <Project1.SysUtils.StrToInt>
004681B7 33C0 xor eax,eax
004681B9 5A pop edx
004681BA 59 pop ecx
004681BB 59 pop ecx
004681BC 64:8910 mov dword ptr fs:[eax],edx
004681BF EB 2D jmp short Project1.004681EE
004681C1 ^ E9 12B4F9FF jmp <Project1.System.@HandleAnyException>
004681C6 8B45 F0 mov eax,dword ptr ss:[ebp-10]
004681C9 8078 03 6F cmp byte ptr ds:[eax+3],6F ; 用户名[4] = o
004681CD 75 1A jnz short Project1.004681E9
004681CF 8B45 EC mov eax,dword ptr ss:[ebp-14]
004681D2 8078 06 65 cmp byte ptr ds:[eax+6],65 ; 用户名[7] = e
004681D6 75 11 jnz short Project1.004681E9
004681D8 8B45 F4 mov eax,dword ptr ss:[ebp-C]
004681DB 8078 05 69 cmp byte ptr ds:[eax+5],69 ; 用户名[6] = i
004681DF 75 08 jnz short Project1.004681E9
004681E1 8B45 DC mov eax,dword ptr ss:[ebp-24]
004681E4 E8 0BFCFFFF call <Project1.Unit1.sub_00467DF4> ; F7进去
004681E9 E8 52B7F9FF call <Project1.System.@DoneExcept>
004681EE E8 4DB7F9FF call <Project1.System.@DoneExcept>
004681F3 E8 48B7F9FF call <Project1.System.@DoneExcept>
004681F8 E8 43B7F9FF call <Project1.System.@DoneExcept>
004681FD 33C0 xor eax,eax
004681FF 5A pop edx
00468200 59 pop ecx
00468201 59 pop ecx
00468202 64:8910 mov dword ptr fs:[eax],edx
00468205 68 2C824600 push Project1.0046822C
0046820A 8D45 D0 lea eax,dword ptr ss:[ebp-30]
0046820D BA 02000000 mov edx,2
00468212 E8 95BCF9FF call <Project1.System.@LStrArrayClr>
00468217 8D45 D8 lea eax,dword ptr ss:[ebp-28]
0046821A BA 0A000000 mov edx,0A
0046821F E8 88BCF9FF call <Project1.System.@LStrArrayClr>
00468224 C3 retn
00468225 ^ E9 62B6F9FF jmp <Project1.System.@HandleFinally>
0046822A ^ EB DE jmp short Project1.0046820A
0046822C 5F pop edi
0046822D 5E pop esi
0046822E 5B pop ebx
0046822F 8BE5 mov esp,ebp
00468231 5D pop ebp
00468232 C3 retn [AppleScript] 纯文本查看 复制代码
00467DF4 > $ 55 push ebp ; Unit1.sub_00467DF4
00467DF5 . 8BEC mov ebp,esp
00467DF7 . B9 09000000 mov ecx,9
00467DFC > 6A 00 push 0
00467DFE . 6A 00 push 0
00467E00 . 49 dec ecx
00467E01 . 75 52 jnz short Project1.00467E55 ; 跳向一个地方,很蹊跷! [AppleScript] 纯文本查看 复制代码
00467DF4 > $ 55 push ebp ; Unit1.sub_00467DF4
00467DF5 . 8BEC mov ebp,esp
00467DF7 . B9 09000000 mov ecx,9
00467DFC > 6A 00 push 0
00467DFE . 6A 00 push 0
00467E00 . 49 dec ecx
00467E01 .^ 75 F9 jnz short Project1.00467DFC ; 跳向正确地址 [AppleScript] 纯文本查看 复制代码
00468234 > 53 push ebx ; Unit1.TForm1.tmr1Timer
00468235 56 push esi
00468236 51 push ecx
00468237 B8 3C804600 mov eax,<Project1.Unit1.TForm1.btn1Click>
0046823C BA 58020000 mov edx,258
00468241 E8 4AFAFFFF call <Project1.Unit1.sub_00467C90>
00468246 48 dec eax
00468247 75 2D jnz short Project1.00468276
00468249 E8 9EDCF9FF call <Project1.Windows.kernel32.GetCurrentP>; jmp to kernel32.GetCurrentProcess
0046824E 8BD8 mov ebx,eax
00468250 54 push esp
00468251 6A 40 push 40
00468253 68 E8030000 push 3E8
00468258 BE F47D4600 mov esi,<Project1.Unit1.sub_00467DF4>
0046825D 56 push esi
0046825E 53 push ebx
0046825F E8 E8DDF9FF call <Project1.Windows.kernel32.VirtualProt>; jmp to kernel32.VirtualProtectEx
00468264 54 push esp
00468265 6A 05 push 5
00468267 68 20A74600 push Project1.0046A720
0046826C 83C6 0E add esi,0E
0046826F 56 push esi
00468270 53 push ebx
00468271 E8 F6DDF9FF call <Project1.Windows.kernel32.WriteProces>; jmp to kernel32.WriteProcessMemory
00468276 BE F47D4600 mov esi,<Project1.Unit1.sub_00467DF4>
0046827B 8BC6 mov eax,esi
0046827D BA 64000000 mov edx,64
00468282 E8 09FAFFFF call <Project1.Unit1.sub_00467C90>
00468287 48 dec eax
00468288 75 2C jnz short Project1.004682B6
0046828A E8 5DDCF9FF call <Project1.Windows.kernel32.GetCurrentP>; jmp to kernel32.GetCurrentProcess
0046828F 8BD8 mov ebx,eax
00468291 54 push esp
00468292 6A 40 push 40
00468294 68 E8030000 push 3E8
00468299 68 F47D4600 push <Project1.Unit1.sub_00467DF4>
0046829E 53 push ebx
0046829F E8 A8DDF9FF call <Project1.Windows.kernel32.VirtualProt>; jmp to kernel32.VirtualProtectEx
004682A4 54 push esp
004682A5 6A 05 push 5
004682A7 68 20A74600 push Project1.0046A720
004682AC 83C6 0E add esi,0E
004682AF 56 push esi
004682B0 53 push ebx
004682B1 E8 B6DDF9FF call <Project1.Windows.kernel32.WriteProces>; jmp to kernel32.WriteProcessMemory
004682B6 5A pop edx
004682B7 5E pop esi
004682B8 5B pop ebx
004682B9 C3 retn [AppleScript] 纯文本查看 复制代码
00467C90 >/$ 55 push ebp ; Unit1.sub_00467C90
00467C91 |. 8BEC mov ebp,esp
00467C93 |. 83C4 F4 add esp,-0C
00467C96 |. 8955 F8 mov [local.2],edx
00467C99 |. 8945 FC mov [local.1],eax
00467C9C |. FC cld
00467C9D |. 8B7D FC mov edi,[local.1]
00467CA0 |. 8B4D F8 mov ecx,[local.2] ; 检测的内容大小为0x258个字节
00467CA3 |. B0 CC mov al,0CC ; 检测CC断点!!!
00467CA5 |. F2:AE repne scas byte ptr es:[edi] ; 检测的内容是0046803C开始的位置
00467CA7 |. 75 09 jnz short Project1.00467CB2
00467CA9 |. C745 F4 01000>mov [local.3],1
00467CB0 |. EB 07 jmp short Project1.00467CB9
00467CB2 |> C745 F4 00000>mov [local.3],0
00467CB9 |> 8B45 F4 mov eax,[local.3]
00467CBC |. 8BE5 mov esp,ebp
00467CBE |. 5D pop ebp
00467CBF \. C3 retn [AppleScript] 纯文本查看 复制代码
00467DF4 > 55 push ebp ; Unit1.sub_00467DF4
00467DF5 8BEC mov ebp,esp
00467DF7 B9 09000000 mov ecx,9
00467DFC 6A 00 push 0
00467DFE 6A 00 push 0
00467E00 49 dec ecx
00467E01 ^ 75 F9 jnz short Project1.00467DFC ; 跳向一个地方,很蹊跷!
00467E03 53 push ebx
00467E04 56 push esi
00467E05 57 push edi
00467E06 8945 FC mov dword ptr ss:[ebp-4],eax
00467E09 8B45 FC mov eax,dword ptr ss:[ebp-4]
00467E0C E8 27C5F9FF call <Project1.System.@LStrAddRef>
00467E11 33C0 xor eax,eax
00467E13 55 push ebp
00467E14 68 2B804600 push Project1.0046802B
00467E19 64:FF30 push dword ptr fs:[eax]
00467E1C 64:8920 mov dword ptr fs:[eax],esp
00467E1F 33C0 xor eax,eax
00467E21 55 push ebp
00467E22 68 F97F4600 push Project1.00467FF9
00467E27 64:FF30 push dword ptr fs:[eax]
00467E2A 64:8920 mov dword ptr fs:[eax],esp
00467E2D 8D55 DC lea edx,dword ptr ss:[ebp-24]
00467E30 8B45 FC mov eax,dword ptr ss:[ebp-4] ; 取密码
00467E33 E8 88C7FEFF call <Project1._Unit58.sub_004545C0> ; MD5加密一次
00467E38 8B45 DC mov eax,dword ptr ss:[ebp-24]
00467E3B 8D55 E0 lea edx,dword ptr ss:[ebp-20]
00467E3E E8 7DC7FEFF call <Project1._Unit58.sub_004545C0> ; MD5加密两次
00467E43 8B45 E0 mov eax,dword ptr ss:[ebp-20]
00467E46 8D55 F8 lea edx,dword ptr ss:[ebp-8]
00467E49 E8 72C7FEFF call <Project1._Unit58.sub_004545C0> ; MD5加密三次 ,结果计为M
00467E4E 8D45 E8 lea eax,dword ptr ss:[ebp-18]
00467E51 8B55 F8 mov edx,dword ptr ss:[ebp-8]
00467E54 E8 C7C0F9FF call <Project1.System.@LStrLAsg>
00467E59 8D45 F0 lea eax,dword ptr ss:[ebp-10]
00467E5C 8B55 E8 mov edx,dword ptr ss:[ebp-18]
00467E5F E8 BCC0F9FF call <Project1.System.@LStrLAsg>
00467E64 8D45 EC lea eax,dword ptr ss:[ebp-14]
00467E67 8B55 F8 mov edx,dword ptr ss:[ebp-8]
00467E6A E8 B1C0F9FF call <Project1.System.@LStrLAsg>
00467E6F 8D45 D8 lea eax,dword ptr ss:[ebp-28]
00467E72 8B55 F8 mov edx,dword ptr ss:[ebp-8]
00467E75 8A52 1D mov dl,byte ptr ds:[edx+1D] ; M[30]
00467E78 8850 01 mov byte ptr ds:[eax+1],dl
00467E7B C600 01 mov byte ptr ds:[eax],1
00467E7E 8D55 D8 lea edx,dword ptr ss:[ebp-28]
00467E81 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
00467E84 E8 AFABF9FF call <Project1.System.@PStrCpy>
00467E89 8D45 D0 lea eax,dword ptr ss:[ebp-30]
00467E8C 8B55 F8 mov edx,dword ptr ss:[ebp-8]
00467E8F 8A52 1E mov dl,byte ptr ds:[edx+1E] ; M[31]
00467E92 8850 01 mov byte ptr ds:[eax+1],dl
00467E95 C600 01 mov byte ptr ds:[eax],1
00467E98 8D55 D0 lea edx,dword ptr ss:[ebp-30]
00467E9B 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
00467E9E B1 02 mov cl,2
00467EA0 E8 63ABF9FF call <Project1.System.@PStrNCat>
00467EA5 8D55 D4 lea edx,dword ptr ss:[ebp-2C] ; M[30]+M[31]
00467EA8 8D45 CC lea eax,dword ptr ss:[ebp-34]
00467EAB E8 88ABF9FF call <Project1.System.@PStrCpy>
00467EB0 8D45 D0 lea eax,dword ptr ss:[ebp-30]
00467EB3 8B55 F8 mov edx,dword ptr ss:[ebp-8]
00467EB6 8A52 1F mov dl,byte ptr ds:[edx+1F] ; M[32]
00467EB9 8850 01 mov byte ptr ds:[eax+1],dl
00467EBC C600 01 mov byte ptr ds:[eax],1
00467EBF 8D55 D0 lea edx,dword ptr ss:[ebp-30]
00467EC2 8D45 CC lea eax,dword ptr ss:[ebp-34]
00467EC5 B1 03 mov cl,3
00467EC7 E8 3CABF9FF call <Project1.System.@PStrNCat>
00467ECC 8D55 CC lea edx,dword ptr ss:[ebp-34] ; M[30]+M[31]+M[32]
00467ECF 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
00467ED2 E8 15C2F9FF call <Project1.System.@LStrFromString>
00467ED7 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
00467EDA E8 FDFFF9FF call <Project1.SysUtils.StrToInt> ; 字符串转整形
00467EDF 83F8 6E cmp eax,6E ; 比较,必须是0x6E
00467EE2 0F85 07010000 jnz Project1.00467FEF
00467EE8 8D45 F4 lea eax,dword ptr ss:[ebp-C]
00467EEB 8B55 EC mov edx,dword ptr ss:[ebp-14]
00467EEE E8 2DC0F9FF call <Project1.System.@LStrLAsg>
00467EF3 8D45 C8 lea eax,dword ptr ss:[ebp-38]
00467EF6 8B55 F4 mov edx,dword ptr ss:[ebp-C]
00467EF9 8A52 02 mov dl,byte ptr ds:[edx+2] ; M[3]
00467EFC E8 6FC1F9FF call <Project1.System.@LStrFromChar>
00467F01 8B45 C8 mov eax,dword ptr ss:[ebp-38]
00467F04 E8 D3FFF9FF call <Project1.SysUtils.StrToInt> ; 字符串转整形
00467F09 83F8 04 cmp eax,4 ; <=4
00467F0C 7E 15 jle short Project1.00467F23
00467F0E 8B45 F8 mov eax,dword ptr ss:[ebp-8]
00467F11 E8 72FEFFFF call <Project1.Unit1.sub_00467D88>
00467F16 33C0 xor eax,eax
00467F18 5A pop edx
00467F19 59 pop ecx
00467F1A 59 pop ecx
00467F1B 64:8910 mov dword ptr fs:[eax],edx
00467F1E E9 E0000000 jmp Project1.00468003 ; 跳向失败!
00467F23 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
00467F26 8B55 EC mov edx,dword ptr ss:[ebp-14]
00467F29 8A52 05 mov dl,byte ptr ds:[edx+5] ; M[6]
00467F2C E8 3FC1F9FF call <Project1.System.@LStrFromChar>
00467F31 8B45 C4 mov eax,dword ptr ss:[ebp-3C]
00467F34 E8 A3FFF9FF call <Project1.SysUtils.StrToInt> ; 字符串转整形
00467F39 83F8 05 cmp eax,5 ; >=5
00467F3C 7D 15 jge short Project1.00467F53
00467F3E 8B45 F0 mov eax,dword ptr ss:[ebp-10]
00467F41 E8 42FEFFFF call <Project1.Unit1.sub_00467D88>
00467F46 33C0 xor eax,eax
00467F48 5A pop edx
00467F49 59 pop ecx
00467F4A 59 pop ecx
00467F4B 64:8910 mov dword ptr fs:[eax],edx
00467F4E E9 B0000000 jmp Project1.00468003
00467F53 8D45 D8 lea eax,dword ptr ss:[ebp-28]
00467F56 8B55 EC mov edx,dword ptr ss:[ebp-14]
00467F59 8A52 04 mov dl,byte ptr ds:[edx+4] ; M[5]
00467F5C 8850 01 mov byte ptr ds:[eax+1],dl
00467F5F C600 01 mov byte ptr ds:[eax],1
00467F62 8D55 D8 lea edx,dword ptr ss:[ebp-28]
00467F65 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
00467F68 E8 CBAAF9FF call <Project1.System.@PStrCpy>
00467F6D 8D45 D0 lea eax,dword ptr ss:[ebp-30]
00467F70 8B55 EC mov edx,dword ptr ss:[ebp-14]
00467F73 8A52 05 mov dl,byte ptr ds:[edx+5] ; M[6]
00467F76 8850 01 mov byte ptr ds:[eax+1],dl
00467F79 C600 01 mov byte ptr ds:[eax],1
00467F7C 8D55 D0 lea edx,dword ptr ss:[ebp-30]
00467F7F 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
00467F82 B1 02 mov cl,2
00467F84 E8 7FAAF9FF call <Project1.System.@PStrNCat>
00467F89 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
00467F8C 8D45 CC lea eax,dword ptr ss:[ebp-34]
00467F8F E8 A4AAF9FF call <Project1.System.@PStrCpy>
00467F94 8D45 D0 lea eax,dword ptr ss:[ebp-30]
00467F97 8B55 EC mov edx,dword ptr ss:[ebp-14]
00467F9A 8A52 06 mov dl,byte ptr ds:[edx+6] ; M[7]
00467F9D 8850 01 mov byte ptr ds:[eax+1],dl
00467FA0 C600 01 mov byte ptr ds:[eax],1
00467FA3 8D55 D0 lea edx,dword ptr ss:[ebp-30]
00467FA6 8D45 CC lea eax,dword ptr ss:[ebp-34]
00467FA9 B1 03 mov cl,3
00467FAB E8 58AAF9FF call <Project1.System.@PStrNCat>
00467FB0 8D55 CC lea edx,dword ptr ss:[ebp-34] ; M[5]+M[6]+M[7]
00467FB3 8D45 C0 lea eax,dword ptr ss:[ebp-40]
00467FB6 E8 31C1F9FF call <Project1.System.@LStrFromString>
00467FBB 8B45 C0 mov eax,dword ptr ss:[ebp-40]
00467FBE E8 19FFF9FF call <Project1.SysUtils.StrToInt> ; 字符串转整形
00467FC3 3D C6030000 cmp eax,3C6 ; =0x3C6
00467FC8 75 25 jnz short Project1.00467FEF
00467FCA 8D4D B8 lea ecx,dword ptr ss:[ebp-48]
00467FCD BA 04000000 mov edx,4
00467FD2 B8 6B4F0000 mov eax,4F6B
00467FD7 E8 D8FEF9FF call <Project1.SysUtils.IntToHex>
00467FDC 8B45 B8 mov eax,dword ptr ss:[ebp-48]
00467FDF 8D55 BC lea edx,dword ptr ss:[ebp-44]
00467FE2 E8 D9FCFFFF call <Project1.Unit1.sub_00467CC0>
00467FE7 8B45 BC mov eax,dword ptr ss:[ebp-44]
00467FEA E8 89F7FBFF call <Project1.Dialogs.ShowMessage> ; 提示ok!
00467FEF 33C0 xor eax,eax
00467FF1 5A pop edx
00467FF2 59 pop ecx
00467FF3 59 pop ecx
00467FF4 64:8910 mov dword ptr fs:[eax],edx
00467FF7 EB 0A jmp short Project1.00468003
00467FF9 ^ E9 DAB5F9FF jmp <Project1.System.@HandleAnyException>
00467FFE E8 3DB9F9FF call <Project1.System.@DoneExcept>
00468003 33C0 xor eax,eax
00468005 5A pop edx
00468006 59 pop ecx
00468007 59 pop ecx
00468008 64:8910 mov dword ptr fs:[eax],edx
0046800B 68 32804600 push Project1.00468032
00468010 8D45 B8 lea eax,dword ptr ss:[ebp-48]
00468013 BA 05000000 mov edx,5
00468018 E8 8FBEF9FF call <Project1.System.@LStrArrayClr>
0046801D 8D45 DC lea eax,dword ptr ss:[ebp-24]
00468020 BA 09000000 mov edx,9
00468025 E8 82BEF9FF call <Project1.System.@LStrArrayClr>
0046802A C3 retn
0046802B ^ E9 5CB8F9FF jmp <Project1.System.@HandleFinally>
00468030 ^ EB DE jmp short Project1.00468010
00468032 5F pop edi
00468033 5E pop esi
00468034 5B pop ebx
00468035 8BE5 mov esp,ebp
00468037 5D pop ebp
00468038 C3 retn [Delphi] 纯文本查看 复制代码
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, Menus, jpeg, ExtCtrls, Buttons, md5;
type
TForm1 = class(TForm)
img1: TImage;
grp1: TGroupBox;
lbl1: TLabel;
lbl2: TLabel;
Edit1: TEdit;
btn1: TBitBtn;
lbl3: TLabel;
procedure btn1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.btn1Click(Sender: TObject);
var
md5 : MD5Digest;
M : string;
isOk : Boolean;
a,b,c,d,i: Integer;
begin
isOk := False;
i := 0;
while (i < 40000000) and (isOk = False) do
begin
md5 := MD5String('f'+IntToStr(i));
m := MD5Print(md5);
md5 := MD5String(m);
m := MD5Print(md5);
md5 := MD5String(m);
m := MD5Print(md5);
try
a := StrToInt(M[30] + M[31] + M[32]);
b := StrToInt(M[5] + M[6] + M[7]);
c := StrToInt(M[3]);
d := StrToInt(M[6]);
if (a = $6E) and (b = $3C6) and (d>=5) and (c<=4) then
begin
Edit1.Text := 'f'+IntToStr(i);
isOk := True;
end
else
begin
i := i+1;
end;
except
i := i + 1;
end;
end;
if isOk = False then ShowMessage('没找到!');
end;
end. 总结: 1、要能顺利调试完整个程序,需要触发多个异常,并且调试时需要在HandleAnyException处下断,才能继续分析下去。 2、程序用到了检测CC断点的来动态改变程序的验证流程,需要特别注意。 3、MD5算法无法逆向,所以当穷举的时候,是需要时间和运气的。
查看全部评分
[复制链接]
发表于 2013-12-22 12:39
发表于 2013-12-22 13:20
发表于 2013-12-22 12:50
小白虚心学习之......