好友
阅读权限10
听众
最后登录1970-1-1
|
kills
发表于 2009-12-5 22:31
【文章标题】: 一款小CM的分析
【文章作者】: kills
【下载地址】: http://kissis.5d6d.com/thread-241-1-1.html
【保护方式】: 序列号
【使用工具】: PEID OD
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
PS:只给菜鸟点帮助,特别简单,别见笑.
首先Peid查壳 无壳 疑似E Language OD跑起程序 ALT+M ....
一路F8 到CLD查字符串~
地址 反汇编 文本字串
00415909 push CM6_0by_.00409133 . const Ё wrong!
00415966 push CM6_0by_.00409145 输入正确,您的破解得分为 /跟进到这里
004159CA push CM6_0by_.0040915D 错误...继续努力1
00415A03 push CM6_0by_.0040916E 错误...继续努力2
00415A3C push CM6_0by_.0040917F 错误...继续努力3
00415A75 push CM6_0by_.00409190 错误...继续努力4
00415AAE push CM6_0by_.004091A1 错误...继续努力5
00415AE7 push CM6_0by_.004091B2 您的能力十分不理想...
00415DD7 mov eax,CM6_0by_.00409DE7 4108
00415EDC push CM6_0by_.00409DF4 0x
00416145 mov eax,CM6_0by_.00409E00 3FC0
00416A90 mov eax,CM6_0by_.0040CF06 7078
00416ABA mov eax,CM6_0by_.0040CF0B kernel32.dll
00416AD4 mov eax,CM6_0by_.0040CF18 DeleteCriticalSection,LeaveCriticalSection,EnterCriticalSection,InitializeCriticalSection,VirtualFree,VirtualAlloc,LocalFree ,LocalAlloc,GetVersion,GetCurrentThreadId,WideCharToMultiByte,GetThreadLocale,GetStartupInfoA,GetModuleFileNameA,GetLocaleInfoA,Ge
00416C29 mov eax,CM6_0by_.0040D087 70D8
00416C53 mov eax,CM6_0by_.0040D08C user32.dll
00416C6D mov eax,CM6_0by_.0040D097 GetKeyboardType,MessageBoxA,CharNextA
00416DC2 mov eax,CM6_0by_.0040D0BD 70E8
00416DEC mov eax,CM6_0by_.0040D0C2 advapi32.dll
00416E06 mov eax,CM6_0by_.0040D0CF RegQueryValueExA,RegOpenKeyExA,RegCloseKey
00416F5B mov eax,CM6_0by_.0040D0FA 70F8
00416F85 mov eax,CM6_0by_.0040CF0B kernel32.dll
00416F9F mov eax,CM6_0by_.0040D0FF TlsSetValue,TlsGetValue,TlsFree,TlsAlloc,LocalFree,LocalAlloc
004170F4 mov eax,CM6_0by_.0040D13D 7114
0041711E mov eax,CM6_0by_.0040CF0B kernel32.dll
00417138 mov eax,CM6_0by_.0040D142 WriteProcessMemory,VirtualFreeEx,VirtualAllocEx,VirtualAlloc,SizeofResource,SetThreadContext,ResumeThread,ReadProcessMemory ,ReadFile,LockResource,LoadResource,LoadLibraryA,GetThreadContext,GetProcAddress,GetModuleHandleA,GetFileSize,GetCurrentProcess,Fre
0041734B mov eax,CM6_0by_.0040D29B ,
00417D0F cld (Initial CPU selection)
跟进后来到这里
00415911 E8 6DFEFFFF call CM6_0by_.00415783
00415916 83C4 08 add esp,8
00415919 83F8 00 cmp eax,0
0041591C B8 00000000 mov eax,0
00415921 0F94C0 sete al
00415924 8945 F8 mov dword ptr ss:[ebp-8],eax
00415927 8B5D FC mov ebx,dword ptr ss:[ebp-4]
0041592A 85DB test ebx,ebx
0041592C 74 09 je short CM6_0by_.00415937
0041592E 53 push ebx
0041592F E8 33240000 call CM6_0by_.00417D67
00415934 83C4 04 add esp,4
00415937 837D F8 00 cmp dword ptr ss:[ebp-8],0
0041593B 0F84 7A000000 je CM6_0by_.004159BB // 从这里跳 如果输入不对 跳到004159CA 68 5D914000 push CM6_0by_.0040915D ; 错误...继续努力1 所以NOP掉就可以搞定了
00415941 68 01030080 push 80000301
00415946 6A 00 push 0
00415948 FF35 200DE200 push dword ptr ds:[E20D20]
0041594E 68 01000000 push 1
00415953 BB 68010000 mov ebx,168
00415958 E8 1C240000 call CM6_0by_.00417D79
0041595D 83C4 10 add esp,10
00415960 8945 FC mov dword ptr ss:[ebp-4],eax
00415963 FF75 FC push dword ptr ss:[ebp-4]
00415966 68 45914000 push CM6_0by_.00409145 ; 输入正确,您的破解得分为 //向上找找跳转
0041596B B9 02000000 mov ecx,2
00415970 E8 16FFFFFF call CM6_0by_.0041588B
00415975 83C4 08 add esp,8
00415978 8945 F8 mov dword ptr ss:[ebp-8],eax
0041597B 8B5D FC mov ebx,dword ptr ss:[ebp-4]
0041597E 85DB test ebx,ebx
00415980 74 09 je short CM6_0by_.0041598B
00415982 53 push ebx
00415983 E8 DF230000 call CM6_0by_.00417D67
00415988 83C4 04 add esp,4
0041598B 6A 00 push 0
0041598D FF75 F8 push dword ptr ss:[ebp-8]
00415990 6A FF push -1
00415992 6A 08 push 8
00415994 68 08000116 push 16010008
00415999 68 01000152 push 52010001
0041599E E8 E8230000 call CM6_0by_.00417D8B
004159A3 83C4 18 add esp,18
004159A6 8B5D F8 mov ebx,dword ptr ss:[ebp-8]
004159A9 85DB test ebx,ebx
004159AB 74 09 je short CM6_0by_.004159B6
004159AD 53 push ebx
004159AE E8 B4230000 call CM6_0by_.00417D67
004159B3 83C4 04 add esp,4
004159B6 E9 4C010000 jmp CM6_0by_.00415B07
004159BB 833D 200DE200 6>cmp dword ptr ds:[E20D20],64
004159C2 0F85 2C000000 jnz CM6_0by_.004159F4
004159C8 6A 00 push 0
004159CA 68 5D914000 push CM6_0by_.0040915D ; 错误...继续努力1
004159CF 6A FF push -1
004159D1 6A 08 push 8
004159D3 68 08000116 push 16010008
004159D8 68 01000152 push 52010001
004159DD E8 A9230000 call CM6_0by_.00417D8B
004159E2 83C4 18 add esp,18
004159E5 C705 200DE200 5>mov dword ptr ds:[E20D20],50
004159EF E9 13010000 jmp CM6_0by_.00415B07
004159F4 833D 200DE200 5>cmp dword ptr ds:[E20D20],50
004159FB 0F85 2C000000 jnz CM6_0by_.00415A2D
00415A01 6A 00 push 0
00415A03 68 6E914000 push CM6_0by_.0040916E ; 错误...继续努力2
00415A08 6A FF push -1
00415A0A 6A 08 push 8
00415A0C 68 08000116 push 16010008
00415A11 68 01000152 push 52010001
00415A16 E8 70230000 call CM6_0by_.00417D8B
00415A1B 83C4 18 add esp,18
00415A1E C705 200DE200 3>mov dword ptr ds:[E20D20],3C
00415A28 E9 DA000000 jmp CM6_0by_.00415B07
00415A2D 833D 200DE200 3>cmp dword ptr ds:[E20D20],3C
00415A34 0F85 2C000000 jnz CM6_0by_.00415A66
00415A3A 6A 00 push 0
00415A3C 68 7F914000 push CM6_0by_.0040917F ; 错误...继续努力3
00415A41 6A FF push -1
00415A43 6A 08 push 8
00415A45 68 08000116 push 16010008
00415A4A 68 01000152 push 52010001
00415A4F E8 37230000 call CM6_0by_.00417D8B
00415A54 83C4 18 add esp,18
00415A57 C705 200DE200 2>mov dword ptr ds:[E20D20],28
00415A61 E9 A1000000 jmp CM6_0by_.00415B07
00415A66 833D 200DE200 2>cmp dword ptr ds:[E20D20],28
00415A6D 0F85 2C000000 jnz CM6_0by_.00415A9F
00415A73 6A 00 push 0
00415A75 68 90914000 push CM6_0by_.00409190 ; 错误...继续努力4
00415A7A 6A FF push -1
00415A7C 6A 08 push 8
00415A7E 68 08000116 push 16010008
00415A83 68 01000152 push 52010001
00415A88 E8 FE220000 call CM6_0by_.00417D8B
00415A8D 83C4 18 add esp,18
00415A90 C705 200DE200 1>mov dword ptr ds:[E20D20],14
00415A9A E9 68000000 jmp CM6_0by_.00415B07
00415A9F 833D 200DE200 1>cmp dword ptr ds:[E20D20],14
00415AA6 0F85 2C000000 jnz CM6_0by_.00415AD8
00415AAC 6A 00 push 0
00415AAE 68 A1914000 push CM6_0by_.004091A1 ; 错误...继续努力5
00415AB3 6A FF push -1
00415AB5 6A 08 push 8
00415AB7 68 08000116 push 16010008
00415ABC 68 01000152 push 52010001
00415AC1 E8 C5220000 call CM6_0by_.00417D8B
00415AC6 83C4 18 add esp,18
00415AC9 C705 200DE200 0>mov dword ptr ds:[E20D20],0
00415AD3 E9 2F000000 jmp CM6_0by_.00415B07
00415AD8 833D 200DE200 0>cmp dword ptr ds:[E20D20],0
00415ADF 0F85 22000000 jnz CM6_0by_.00415B07
00415AE5 6A 00 push 0
00415AE7 68 B2914000 push CM6_0by_.004091B2 ; 您的能力十分不理想...
00415AEC 6A FF push -1
00415AEE 6A 08 push 8
00415AF0 68 08000116 push 16010008
00415AF5 68 01000152 push 52010001
00415AFA E8 8C220000 call CM6_0by_.00417D8B
00415AFF 83C4 18 add esp,18
00415B02 E9 00000000 jmp CM6_0by_.00415B07
00415B07 8BE5 mov esp,ebp
00415B09 5D pop ebp
00415B0A C3 retn
【经验总结】
CM很简单,适合新手. 见笑见笑.
--------------------------------------------------------------------------------
【版权声明】: 本文原创于52pojie技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
2009年12月05日 22:28
|
|
免费评分
-
查看全部评分
|
