首页
社区
课程
招聘
[CrackMe]abexcm5的分析
发表于: 2011-2-1 14:56 7745

[CrackMe]abexcm5的分析

2011-2-1 14:56
7745

【破文标题】abexcm5的分析
【破文作者】FCrane
【作者邮箱】delcpp@gmail.com
【破解工具】OD
【破解平台】windows xp sp3
【软件名称】abexcm5.exe
【软件大小】8K
【保护方式】无
【软件简介】软件来自FpX的CrackMe
【破解说明】非常简单的一个Crackme,高手请无视....
------------------------------------------------------------------------------------------------
【破解过程】

0040106C  |> \6A 25         push    25                               ; /Count = 25 (37.)
0040106E  |.  68 24234000   push    00402324                         ; |Buffer = abexcm5.00402324
00401073  |.  6A 68         push    68                               ; |ControlID = 68 (104.)
00401075  |.  FF75 08       push    dword ptr [ebp+8]                ; |hWnd
00401078  |.  E8 F4000000   call    <jmp.&USER32.GetDlgItemTextA>    ; \GetDlgItemTextA
0040107D  |.  6A 00         push    0                                ; /pFileSystemNameSize = NULL
0040107F  |.  6A 00         push    0                                ; |pFileSystemNameBuffer = NULL
00401081  |.  68 C8204000   push    004020C8                         ; |pFileSystemFlags = abexcm5.004020C8
00401086  |.  68 90214000   push    00402190                         ; |pMaxFilenameLength = abexcm5.00402190
0040108B  |.  68 94214000   push    00402194                         ; |pVolumeSerialNumber = abexcm5.00402194
00401090  |.  6A 32         push    32                               ; |MaxVolumeNameSize = 32 (50.)
00401092  |.  68 5C224000   push    0040225C                         ; |VolumeNameBuffer = abexcm5.0040225C //此处获取盘符
00401097  |.  6A 00         push    0                                ; |RootPathName = NULL
00401099  |.  E8 B5000000   call    <jmp.&KERNEL32.GetVolumeInformat>; \GetVolumeInformationA
0040109E  |.  68 F3234000   push    004023F3                         ; /StringToAdd = "4562-ABEX"
004010A3  |.  68 5C224000   push    0040225C                         ; |ConcatString = "" //盘符在此处使用
004010A8  |.  E8 94000000   call    <jmp.&KERNEL32.lstrcatA>         ; \lstrcatA    //字符串合并
004010AD  |.  B2 02         mov     dl, 2
004010AF  |>  8305 5C224000>/add     dword ptr [40225C], 1
004010B6  |.  8305 5D224000>|add     dword ptr [40225D], 1
004010BD  |.  8305 5E224000>|add     dword ptr [40225E], 1
004010C4  |.  8305 5F224000>|add     dword ptr [40225F], 1
004010CB  |.  FECA          |dec     dl
004010CD  |.^ 75 E0         \jnz     short 004010AF
004010CF  |.  68 FD234000   push    004023FD                         ; /StringToAdd = "L2C-5781"
004010D4  |.  68 00204000   push    00402000                         ; |ConcatString = ""
004010D9  |.  E8 63000000   call    <jmp.&KERNEL32.lstrcatA>         ; \lstrcatA       //字符串合并
004010DE  |.  68 5C224000   push    0040225C                         ; /StringToAdd = ""
004010E3  |.  68 00204000   push    00402000                         ; |ConcatString = ""
004010E8  |.  E8 54000000   call    <jmp.&KERNEL32.lstrcatA>         ; \lstrcatA     //字符串再合并,得到正确的注册码
004010ED  |.  68 24234000   push    00402324                         ; /String2 = ""
004010F2  |.  68 00204000   push    00402000                         ; |String1 = ""
004010F7  |.  E8 51000000   call    <jmp.&KERNEL32.lstrcmpiA>        ; \lstrcmpiA  //比较输入的字符串和计算出的注册码
004010FC  |.  83F8 00       cmp     eax, 0
004010FF  |.  74 16         je      short 00401117
00401101  |.  6A 00         push    0                                ; /Style = MB_OK|MB_APPLMODAL
00401103  |.  68 34244000   push    00402434                         ; |Title = "Error!"
00401108  |.  68 3B244000   push    0040243B                         ; |Text = "The serial you entered is not correct!"
0040110D  |.  FF75 08       push    dword ptr [ebp+8]                ; |hOwner
00401110  |.  E8 56000000   call    <jmp.&USER32.MessageBoxA>        ; \MessageBoxA
00401115  |.  EB 16         jmp     short 0040112D
00401117  |>  6A 00         push    0                                ; /Style = MB_OK|MB_APPLMODAL
00401119  |.  68 06244000   push    00402406                         ; |Title = "Well Done!"
0040111E  |.  68 11244000   push    00402411                         ; |Text = "Yep, you entered a correct serial!"
00401123  |.  FF75 08       push    dword ptr [ebp+8]                ; |hOwner
00401126  |.  E8 40000000   call    <jmp.&USER32.MessageBoxA>        ; \MessageBoxA
0040112B  |.  EB 00         jmp     short 0040112D
0040112D  |$  6A 00         push    0                                ; /Result = 0
0040112F  |.  FF75 08       push    dword ptr [ebp+8]                ; |hWnd
00401132  |.  E8 22000000   call    <jmp.&USER32.EndDialog>          ; \EndDialog
00401137  |.  C9            leave
00401138  \.  C2 1000       retn    10

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 7
支持
分享
最新回复 (6)
雪    币: 517
活跃值: (64)
能力值: ( LV8,RANK:130 )
在线值:
发帖
回帖
粉丝
2
最好能附上Crackme (它也不大
2011-2-1 18:06
0
雪    币: 277
活跃值: (45)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
3
额。。把CrackMe附上,小哥~
2011-2-1 18:10
0
雪    币: 4022
活跃值: (92)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
4
附上CrackMe..
有兴趣的朋友们可以练练手...
爆破就没啥意思了
很简单...
尝试自己写一下很重要。
上传的附件:
2011-2-1 19:24
0
雪    币: 225
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
xiexiwe 谢谢大牛
2011-2-1 19:27
0
雪    币: 81
活跃值: (25)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
6
厉害,开始学习算法了…
2011-2-5 01:51
0
雪    币: 333
活跃值: (46)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
7
GetVolumeInformation
2011-2-5 12:34
0
游客
登录 | 注册 方可回帖
返回
//