标 题: 【原创】robey-- Delphi写的一个CrackMe起初以为是加强版的注册机
作 者: szjohn
时 间: 2010-07-09
链 接: Crakme URL--> http://bbs.pediy.com/showthread.php?t=116442
过HS郁闷的蛋痛,那个简单的Crackme 分析 ,大牛飘过.
直接找WEILECOME :
004514E8 /. 55 push ebp
004514E9 |. 8BEC mov ebp,esp
004514EB |. 6A 00 push 0
004514ED |. 6A 00 push 0
004514EF |. 6A 00 push 0
004514F1 |. 53 push ebx
004514F2 |. 56 push esi
004514F3 |. 8BF0 mov esi,eax
004514F5 |. 33C0 xor eax,eax
004514F7 |. 55 push ebp
004514F8 |. 68 B3154500 push CMNO1.004515B3
004514FD |. 64:FF30 push dword ptr fs:[eax]
00451500 |. 64:8920 mov dword ptr fs:[eax],esp
00451503 |. 8D55 FC lea edx,[local.1]
00451506 |. 8B86 00030000 mov eax,dword ptr ds:[esi+300]
0045150C |. E8 DBF1FDFF call CMNO1.004306EC
00451511 |. BB 01000000 mov ebx,1
00451516 |. 8B45 FC mov eax,[local.1] ; 取得用户名 :szjohn
00451519 |. E8 B22BFBFF call CMNO1.004040D0
0045151E |. 8BD0 mov edx,eax ; 用户名:len
00451520 |. 85D2 test edx,edx
00451522 |. 7E 16 jle short CMNO1.0045153A ; 比较用户名长度小于等于0跳
00451524 |. B8 01000000 mov eax,1
00451529 |> 8B4D FC /mov ecx,[local.1]
0045152C |. 0FB64C01 FF |movzx ecx,byte ptr ds:[ecx+eax-1] ; 取得用户名每个字符
00451531 |. 0FAFC8 |imul ecx,eax ; 每个字符与EAX相乘
00451534 |. 03D9 |add ebx,ecx ; 结果放到EBX
00451536 |. 40 |inc eax ; EAX++
00451537 |. 4A |dec edx ; EDX--
00451538 |.^ 75 EF \jnz short CMNO1.00451529 ; 注意如果用户名长度小于等于0跳到这里
0045153A |> 8BC3 mov eax,ebx ; EAX=EBX
0045153C |. C1E0 10 shl eax,10 ; EAX<<10
0045153F |. 2BC3 sub eax,ebx ; eax=eax-ebx
00451541 |. 8BD8 mov ebx,eax ; ebx=eax
00451543 |. 8BC3 mov eax,ebx
00451545 |. 33D2 xor edx,edx ; edx=0
00451547 |. 52 push edx
00451548 |. 50 push eax
00451549 |. 8D45 F8 lea eax,[local.2]
0045154C |. E8 EB66FBFF call CMNO1.00407C3C
00451551 |. 8D55 F4 lea edx,[local.3]
00451554 |. 8B86 04030000 mov eax,dword ptr ds:[esi+304]
0045155A |. E8 8DF1FDFF call CMNO1.004306EC
0045155F |. 8B55 F4 mov edx,[local.3] ; 这里存放用户输入REGCODE
00451562 |. 8B45 F8 mov eax,[local.2] ; 这里存放计算后的REGCODE
00451565 |. E8 7663FBFF call CMNO1.004078E0 ; 比较,也是爆破关键CALL
0045156A |. 85C0 test eax,eax
0045156C |. 75 12 jnz short CMNO1.00451580 ; 爆破关键点
0045156E |. 8B86 1C030000 mov eax,dword ptr ds:[esi+31C]
00451574 |. BA C8154500 mov edx,CMNO1.004515C8 ; ASCII "Wellcome!!"
00451579 |. E8 9EF1FDFF call CMNO1.0043071C
0045157E |. EB 10 jmp short CMNO1.00451590
00451580 |> 8B86 1C030000 mov eax,dword ptr ds:[esi+31C]
00451586 |. BA DC154500 mov edx,CMNO1.004515DC ; ASCII "Error,Please trying again!!"
0045158B |. E8 8CF1FDFF call CMNO1.0043071C
00451590 |> 33C0 xor eax,eax
00451592 |. 5A pop edx
00451593 |. 59 pop ecx
00451594 |. 59 pop ecx
00451595 |. 64:8910 mov dword ptr fs:[eax],edx
00451598 |. 68 BA154500 push CMNO1.004515BA
0045159D |> 8D45 F4 lea eax,[local.3]
004515A0 |. E8 6B28FBFF call CMNO1.00403E10
004515A5 |. 8D45 F8 lea eax,[local.2]
004515A8 |. BA 02000000 mov edx,2
004515AD |. E8 8228FBFF call CMNO1.00403E34
VC 注册机代码:
void CalcRegcode(CString strUserName)
{
int iLen = strUserName.GetLength();
int n=1;
int iRegcoded=1;
for(int i=0;i<iLen;i++,n++)
{
iRegcoded+=strUserName.GetAt(i)*n;
}
iRegcoded=(iRegcoded<<0x10)-iRegcoded;
m_strRegCode.Format(L"%d",iRegcoded);
}
注册机代码见附件
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
上传的附件: