明码比较,比较简单的crackme delphi 程序。利用按钮事件很容易找到算法call,用asm 编写注册机很简单直接抄代码。
[Asm] 纯文本查看 复制代码 00421DCD |. 6A 00 push 0x0
00421DCF |. 6A 00 push 0x0
00421DD1 |. 53 push ebx
00421DD2 |. 56 push esi
00421DD3 |. 57 push edi
00421DD4 |. 8BF0 mov esi,eax
00421DD6 |. 33C0 xor eax,eax
00421DD8 |. 55 push ebp
00421DD9 |. 68 861E4200 push Dope2112.00421E86
00421DDE |. 64:FF30 push dword ptr fs:[eax]
00421DE1 |. 64:8920 mov dword ptr fs:[eax],esp
00421DE4 |. BB 37000000 mov ebx,0x37
00421DE9 |. 8D55 F8 lea edx,[local.2]
00421DEC |. 8B86 B0010000 mov eax,dword ptr ds:[esi+0x1B0]
00421DF2 |. E8 89FAFEFF call Dope2112.00411880
00421DF7 |. 8D55 FC lea edx,[local.1] ; ;用户名长度
00421DFA |. 8B86 AC010000 mov eax,dword ptr ds:[esi+0x1AC]
00421E00 |. E8 7BFAFEFF call Dope2112.00411880
00421E05 |. 8B45 FC mov eax,[local.1]
00421E08 |. E8 5715FEFF call Dope2112.00403364
00421E0D |. 83F8 04 cmp eax,0x4
00421E10 |. 7D 0C jge short Dope2112.00421E1E
00421E12 |. A1 64464200 mov eax,dword ptr ds:[0x424664]
00421E17 |. E8 C8BAFFFF call Dope2112.0041D8E4
00421E1C |. EB 4D jmp short Dope2112.00421E6B
00421E1E |> 8B45 FC mov eax,[local.1]
00421E21 |. E8 3E15FEFF call Dope2112.00403364
00421E26 |. 85C0 test eax,eax
00421E28 |. 7C 14 jl short Dope2112.00421E3E
00421E2A |. 40 inc eax
00421E2B |. 33D2 xor edx,edx
00421E2D |> 8B4D FC /mov ecx,[local.1]
00421E30 |. 0FB64C11 FF |movzx ecx,byte ptr ds:[ecx+edx-0x1] ; ;取用户名
00421E35 |. C1E1 09 |shl ecx,0x9
00421E38 |. 03D9 |add ebx,ecx
00421E3A |. 42 |inc edx
00421E3B |. 48 |dec eax
00421E3C |.^ 75 EF \jnz short Dope2112.00421E2D
00421E3E |> 8D55 F4 lea edx,[local.3]
00421E41 |. 8BC3 mov eax,ebx ; ;十六进制明码
00421E43 |. E8 E834FEFF call Dope2112.00405330
ebx 值转换为十进制就是密码。
asm 代码
[Asm] 纯文本查看 复制代码 Reg Proc hWin:dword
mov ebx,37h
inc eax
xor edx,edx
_00421E2d:
mov ecx,offset username
movzx ecx,byte ptr [ecx+edx-1]
shl ecx,9
add ebx,ecx
inc edx
dec eax
jnz _00421E2d
ret
Reg endp
radasm 工程文件
45a.7z
(9.13 KB, 下载次数: 16)
| 
发表于 2016-5-25 20:55
