-
-
[旧帖] [原创]小分析 0.00雪花
-
发表于: 2013-3-9 21:01
-
00401135 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00401137 |. 8A15 A8A14000 MOV DL,BYTE PTR DS:[40A1A8]
0040113D |. F7D1 NOT ECX
0040113F |. 49 DEC ECX
00401140 |. 885424 18 MOV BYTE PTR SS:[ESP+18],DL
00401144 |. 83F9 08 CMP ECX,8 ; 长度=8?
00401147 |. 75 62 JNZ SHORT CrackMe0.004011AB ; 长度不等于8至错误提示
00401149 |. 8D7C24 10 LEA EDI,DWORD PTR SS:[ESP+10]
0040114D |. 83C9 FF OR ECX,FFFFFFFF
00401150 |. 33DB XOR EBX,EBX
00401152 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
上面代码首先检测输入的字符长度,如果不等于8就提示注册码错误!等于8的话才继续...
0040115F |. 2BE8 SUB EBP,EAX
00401161 |> 8D741C 10 /LEA ESI,DWORD PTR SS:[ESP+EBX+10]
00401165 |. B9 1A000000 |MOV ECX,1A
0040116A |. 0FBE042E |MOVSX EAX,BYTE PTR DS:[ESI+EBP]
0040116E |. 83E8 2F |SUB EAX,2F
00401171 |. 99 |CDQ
00401172 |. F7F9 |IDIV ECX
00401174 |. 52 |PUSH EDX ; edx=(输入字符ASCII码-0x2f)%0x1A
00401175 |. E8 E6010000 |CALL CrackMe0.00401360 ; eax=edx+0x41
0040117A |. 8A0E |MOV CL,BYTE PTR DS:[ESI]
0040117C |. 83C4 04 |ADD ESP,4
0040117F |. 3AC1 |CMP AL,CL ; 与ADGNWKQU
00401181 |. 75 28 |JNZ SHORT CrackMe0.004011AB
00401183 |. 8D7C24 10 |LEA EDI,DWORD PTR SS:[ESP+10]
00401187 |. 83C9 FF |OR ECX,FFFFFFFF
0040118A |. 33C0 |XOR EAX,EAX
0040118C |. 43 |INC EBX
0040118D |. F2:AE |REPNE SCAS BYTE PTR ES:[EDI]
0040118F |. F7D1 |NOT ECX
00401191 |. 49 |DEC ECX
00401192 |. 3BD9 |CMP EBX,ECX
00401194 |.^7C CB \JL SHORT CrackMe0.00401161
00401196 |. 68 98A14000 PUSH CrackMe0.0040A198 ; ASCII "Right?
"
分析得到字符运算公式:(输入字符ASCII码-0x2f)%0x1A+0x41=与ADGNWKQU字符一一相等
分析结果为:cfiV_SY]
00401137 |. 8A15 A8A14000 MOV DL,BYTE PTR DS:[40A1A8]
0040113D |. F7D1 NOT ECX
0040113F |. 49 DEC ECX
00401140 |. 885424 18 MOV BYTE PTR SS:[ESP+18],DL
00401144 |. 83F9 08 CMP ECX,8 ; 长度=8?
00401147 |. 75 62 JNZ SHORT CrackMe0.004011AB ; 长度不等于8至错误提示
00401149 |. 8D7C24 10 LEA EDI,DWORD PTR SS:[ESP+10]
0040114D |. 83C9 FF OR ECX,FFFFFFFF
00401150 |. 33DB XOR EBX,EBX
00401152 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
上面代码首先检测输入的字符长度,如果不等于8就提示注册码错误!等于8的话才继续...
0040115F |. 2BE8 SUB EBP,EAX
00401161 |> 8D741C 10 /LEA ESI,DWORD PTR SS:[ESP+EBX+10]
00401165 |. B9 1A000000 |MOV ECX,1A
0040116A |. 0FBE042E |MOVSX EAX,BYTE PTR DS:[ESI+EBP]
0040116E |. 83E8 2F |SUB EAX,2F
00401171 |. 99 |CDQ
00401172 |. F7F9 |IDIV ECX
00401174 |. 52 |PUSH EDX ; edx=(输入字符ASCII码-0x2f)%0x1A
00401175 |. E8 E6010000 |CALL CrackMe0.00401360 ; eax=edx+0x41
0040117A |. 8A0E |MOV CL,BYTE PTR DS:[ESI]
0040117C |. 83C4 04 |ADD ESP,4
0040117F |. 3AC1 |CMP AL,CL ; 与ADGNWKQU
00401181 |. 75 28 |JNZ SHORT CrackMe0.004011AB
00401183 |. 8D7C24 10 |LEA EDI,DWORD PTR SS:[ESP+10]
00401187 |. 83C9 FF |OR ECX,FFFFFFFF
0040118A |. 33C0 |XOR EAX,EAX
0040118C |. 43 |INC EBX
0040118D |. F2:AE |REPNE SCAS BYTE PTR ES:[EDI]
0040118F |. F7D1 |NOT ECX
00401191 |. 49 |DEC ECX
00401192 |. 3BD9 |CMP EBX,ECX
00401194 |.^7C CB \JL SHORT CrackMe0.00401161
00401196 |. 68 98A14000 PUSH CrackMe0.0040A198 ; ASCII "Right?
"
分析得到字符运算公式:(输入字符ASCII码-0x2f)%0x1A+0x41=与ADGNWKQU字符一一相等
分析结果为:cfiV_SY]
|
|
|---|---|
