004010C9 /$ 56 push esi ; F2
在教程上说在这下断点,为什么要在这下断点,这里又表示的是什么?
全:
00401099 |. 6A 0A push 0A ; /Count = A (10.)
0040109B |. 68 44304000 push 00403044 ; |Buffer = crackme.00403044
004010A0 |. 68 B80B0000 push 0BB8 ; |ControlID = BB8 (3000.)
004010A5 |. FF35 54304000 push dword ptr [403054] ; |hWnd = NULL
004010AB |. E8 D2000000 call <jmp.&USER32.GetDlgItemTextA> ; \GetDlgItemTextA
004010B0 |. E8 14000000 call 004010C9
004010B5 |> EB 09 jmp short 004010C0
004010B7 |> B8 00000000 mov eax, 0 ; Default case of switch 0040104F
004010BC |. C9 leave
004010BD |. C2 1000 retn 10
004010C0 |> B8 01000000 mov eax, 1
004010C5 |. C9 leave
004010C6 \. C2 1000 retn 10
004010C9 /$ 56 push esi ; F2
为什么要在这下断点
004010CA |. 57 push edi
004010CB |. 51 push ecx
004010CC |. 33F6 xor esi, esi
004010CE |. 33FF xor edi, edi
004010D0 |. B9 08000000 mov ecx, 8
004010D5 |. BE 44304000 mov esi, 00403044
004010DA |> 8036 32 /xor byte ptr [esi], 32
004010DD |. 46 |inc esi
004010DE |.^ E2 FA \loopd short 004010DA
004010E0 |. BE 44304000 mov esi, 00403044
004010E5 |. B9 04000000 mov ecx, 4
004010EA |> 8A06 /mov al, byte ptr [esi]
004010EC |. 8A5E 01 |mov bl, byte ptr [esi+1]
004010EF |. 32C3 |xor al, bl
004010F1 |. 8887 4C304000 |mov byte ptr [edi+40304C], al
004010F7 |. 83C6 02 |add esi, 2
004010FA |. 47 |inc edi
004010FB |.^ E2 ED \loopd short 004010EA
004010FD |. BE 4C304000 mov esi, 0040304C
00401102 |. 8A06 mov al, byte ptr [esi]
00401104 |. 8A5E 01 mov bl, byte ptr [esi+1]
00401107 |. 32C3 xor al, bl
00401109 |. 8A5E 02 mov bl, byte ptr [esi+2]
0040110C |. 8A4E 03 mov cl, byte ptr [esi+3]
0040110F |. 32D9 xor bl, cl
00401111 |. 32C3 xor al, bl
00401113 |. B9 08000000 mov ecx, 8
00401118 |. BE 44304000 mov esi, 00403044
0040111D |> 3006 /xor byte ptr [esi], al
0040111F |. 46 |inc esi
00401120 |.^ E2 FB \loopd short 0040111D
00401122 |. B9 08000000 mov ecx, 8
00401127 |. BE 44304000 mov esi, 00403044
0040112C |. BF 08304000 mov edi, 00403008
00401131 |> 8A06 /mov al, byte ptr [esi]
00401133 |. 3A07 |cmp al, byte ptr [edi]
00401135 |. 75 1D |jnz short 00401154
00401137 |. 46 |inc esi
00401138 |. 47 |inc edi
00401139 |.^ E2 F6 \loopd short 00401131
0040113B |. 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
0040113D |. 68 35304000 push 00403035 ; |crackme 1.0
00401142 |. 68 10304000 push 00403010 ; |good work cracker
00401147 |. FF35 54304000 push dword ptr [403054] ; |hOwner = NULL
0040114D |. E8 3C000000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
00401152 |. EB 17 jmp short 0040116B
00401154 |> 6A 30 push 30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL
00401156 |. 68 35304000 push 00403035 ; |crackme 1.0
0040115B |. 68 22304000 push 00403022 ; |bad serial, sorry!
这是失败的地方
00401160 |. FF35 54304000 push dword ptr [403054] ; |hOwner = NULL
00401166 |. E8 23000000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
0040116B |> 5F pop edi
0040116C |. 5E pop esi
0040116D |. 59 pop ecx
0040116E \. C3 retn
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!