CrackMe提供者:baby2008
原帖:
http://bbs.pediy.com/showthread.php?t=8558
工具:od,winhex
平台:winxpsp3
原帖处已有高手破文分析,依惯例仍然给出我的学习记录:
00459840 /. 55 push ebp
00459841 |. 8BEC mov ebp, esp
00459843 |. 33C9 xor ecx, ecx
00459845 |. 51 push ecx
00459846 |. 51 push ecx
00459847 |. 51 push ecx
00459848 |. 51 push ecx
00459849 |. 51 push ecx
0045984A |. 53 push ebx
0045984B |. 8BD8 mov ebx, eax
0045984D |. 33C0 xor eax, eax
0045984F |. 55 push ebp
00459850 |. 68 1A994500 push 0045991A
00459855 |. 64:FF30 push dword ptr fs:[eax]
00459858 |. 64:8920 mov dword ptr fs:[eax], esp
0045985B |. 8D55 FC lea edx, dword ptr [ebp-4]
0045985E |. 8B83 1C030000 mov eax, dword ptr [ebx+31C]
00459864 |. E8 4FA7FDFF call 00433FB8
00459869 |. 8B45 FC mov eax, dword ptr [ebp-4]
0045986C |. 50 push eax
0045986D |. 8D55 F8 lea edx, dword ptr [ebp-8]
00459870 |. 8B83 18030000 mov eax, dword ptr [ebx+318]
00459876 |. E8 59D1FFFF call 004569D4
0045987B |. 8B45 F8 mov eax, dword ptr [ebp-8]
0045987E |. 50 push eax
0045987F |. 8D55 F4 lea edx, dword ptr [ebp-C]
00459882 |. 8B83 04030000 mov eax, dword ptr [ebx+304]
00459888 |. E8 2BA7FDFF call 00433FB8
0045988D |. 8B45 F4 mov eax, dword ptr [ebp-C]
00459890 |. 50 push eax
00459891 |. 8D55 F0 lea edx, dword ptr [ebp-10]
00459894 |. 8B83 00030000 mov eax, dword ptr [ebx+300]
0045989A |. E8 19A7FDFF call 00433FB8
0045989F |. 8B45 F0 mov eax, dword ptr [ebp-10]
004598A2 |. 50 push eax
004598A3 |. 8D55 EC lea edx, dword ptr [ebp-14]
004598A6 |. 8B83 FC020000 mov eax, dword ptr [ebx+2FC]
004598AC |. E8 07A7FDFF call 00433FB8
004598B1 |. 8B45 EC mov eax, dword ptr [ebp-14]
004598B4 |. 50 push eax
004598B5 |. E8 1AFEFFFF call <jmp.&Serial.MyCheck_CheckRegCode2>
004598BA |. 48 dec eax
004598BB 75 1A jnz short 004598D7 ;此处爆破
把文件偏移0x58CBB处字节751A改为9090即可
初次接触Dephi框架程序,至发帖为止尚未分析清楚框架结构,爆破采取的是捕获MessageBoxA函数断点,然后回推的笨办法。
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
