[Asm] 纯文本查看 复制代码
0040113B |. 83C4 20 |add esp,0x20
0040113E |. 33C0 |xor eax,eax
00401140 |> 8A4C04 14 |/mov cl,byte ptr ss:[esp+eax+0x14] ; 对name转移到12FF10处
00401144 |. 884C04 7C ||mov byte ptr ss:[esp+eax+0x7C],cl
00401148 |. 40 ||inc eax
00401149 |. 3ACB ||cmp cl,bl
0040114B |.^ 75 F3 |\jnz short CrackMe.00401140
0040114D |. 33C0 |xor eax,eax
0040114F |. 90 |nop
00401150 |> 8A4C04 44 |/mov cl,byte ptr ss:[esp+eax+0x44]
00401154 |. 888C04 AC0000>||mov byte ptr ss:[esp+eax+0xAC],cl
0040115B |. 40 ||inc eax
0040115C |. 3ACB ||cmp cl,bl
0040115E |.^ 75 F0 |\jnz short CrackMe.00401150 ; 将sn转移到12FF40处
00401160 |. 8D4424 14 |lea eax,dword ptr ss:[esp+0x14] ; EAX存储name地址
00401164 |. 8D50 01 |lea edx,dword ptr ds:[eax+0x1] ; EDX存储ancir,也即名字地址的下一位
00401167 |> 8A08 |/mov cl,byte ptr ds:[eax] ; 计算输入的name的长度
00401169 |. 40 ||inc eax
0040116A |. 3ACB ||cmp cl,bl
0040116C |.^ 75 F9 |\jnz short CrackMe.00401167
0040116E |. 2BC2 |sub eax,edx
00401170 |. 33C9 |xor ecx,ecx ; CrackMe.0040301A
00401172 |. 3BC3 |cmp eax,ebx ; 判断输入的name是否为空
00401174 |. 7E 0F |jle short CrackMe.00401185
00401176 |> 8A540C 14 |/mov dl,byte ptr ss:[esp+ecx+0x14]
0040117A |. F6D2 ||not dl ; 将name进行not操作
0040117C |. 88540C 14 ||mov byte ptr ss:[esp+ecx+0x14],dl
00401180 |. 41 ||inc ecx ; CrackMe.0040301A
00401181 |. 3BC8 ||cmp ecx,eax
00401183 |.^ 7C F1 |\jl short CrackMe.00401176
00401185 |> 8D4424 44 |lea eax,dword ptr ss:[esp+0x44]
00401189 |. 8D50 01 |lea edx,dword ptr ds:[eax+0x1]
0040118C |. 8D6424 00 |lea esp,dword ptr ss:[esp]
00401190 |> 8A08 |/mov cl,byte ptr ds:[eax] ; 计算输入的sn的长度
00401192 |. 40 ||inc eax
00401193 |. 3ACB ||cmp cl,bl
00401195 |.^ 75 F9 |\jnz short CrackMe.00401190
00401197 |. 2BC2 |sub eax,edx
00401199 |. 33C9 |xor ecx,ecx ; CrackMe.0040301A
0040119B |. 3BC3 |cmp eax,ebx ; 判断输入的sn长度是否为空
0040119D |. 7E 10 |jle short CrackMe.004011AF
0040119F |. 90 |nop
004011A0 |> 8A540C 44 |/mov dl,byte ptr ss:[esp+ecx+0x44]
004011A4 |. F6D2 ||not dl ; 进行逐位not操作
004011A6 |. 88540C 44 ||mov byte ptr ss:[esp+ecx+0x44],dl
004011AA |. 41 ||inc ecx ; CrackMe.0040301A
004011AB |. 3BC8 ||cmp ecx,eax
004011AD |.^ 7C F1 |\jl short CrackMe.004011A0
004011AF |> B9 18304000 |mov ecx,CrackMe.00403018 ; 即本埠 ->应该是变换后的答案name
004011B4 |. 8D4424 14 |lea eax,dword ptr ss:[esp+0x14] ; 这里EAX取的是变换后的name地址
004011B8 |> 8A10 |/mov dl,byte ptr ds:[eax]
004011BA |. 3A11 ||cmp dl,byte ptr ds:[ecx]
004011BC |. 75 1A ||jnz short CrackMe.004011D8 ; 关键的判断跳转
004011BE |. 3AD3 ||cmp dl,bl ; 判断是否逐字比较完毕
004011C0 |. 74 12 ||je short CrackMe.004011D4
004011C2 |. 8A50 01 ||mov dl,byte ptr ds:[eax+0x1]
004011C5 |. 3A51 01 ||cmp dl,byte ptr ds:[ecx+0x1]
004011C8 |. 75 0E ||jnz short CrackMe.004011D8 ; 关键的判断跳转
004011CA |. 83C0 02 ||add eax,0x2
004011CD |. 83C1 02 ||add ecx,0x2 ; 答案存储在ecx地址中
004011D0 |. 3AD3 ||cmp dl,bl
004011D2 |.^ 75 E4 |\jnz short CrackMe.004011B8
004011D4 |> 33C0 |xor eax,eax
004011D6 |. EB 05 |jmp short CrackMe.004011DD
004011D8 |> 1BC0 |sbb eax,eax
004011DA |. 83D8 FF |sbb eax,-0x1
004011DD |> 3BC3 |cmp eax,ebx
004011DF |. 75 38 |jnz short CrackMe.00401219
004011E1 |. B9 48304000 |mov ecx,CrackMe.00403048
004011E6 |. 8D4424 44 |lea eax,dword ptr ss:[esp+0x44]
004011EA |. 8D9B 00000000 |lea ebx,dword ptr ds:[ebx]
004011F0 |> 8A10 |/mov dl,byte ptr ds:[eax] ; 很显然这里就是对sn的比较
004011F2 |. 3A11 ||cmp dl,byte ptr ds:[ecx]
004011F4 |. 75 1A ||jnz short CrackMe.00401210 ; 关键判断跳转
004011F6 |. 3AD3 ||cmp dl,bl
004011F8 |. 74 12 ||je short CrackMe.0040120C
004011FA |. 8A50 01 ||mov dl,byte ptr ds:[eax+0x1]
004011FD |. 3A51 01 ||cmp dl,byte ptr ds:[ecx+0x1]
00401200 |. 75 0E ||jnz short CrackMe.00401210
00401202 |. 83C0 02 ||add eax,0x2
00401205 |. 83C1 02 ||add ecx,0x2
00401208 |. 3AD3 ||cmp dl,bl
0040120A |.^ 75 E4 |\jnz short CrackMe.004011F0