-
-
[原创]ctf第9题部分分析
-
发表于: 2016-11-18 21:00 2770
-
00403160 /> \55 push ebp
00403161 |. 8BEC mov ebp,esp
00403163 |. 81EC C0030000 sub esp,0x3C0
00403169 |. 53 push ebx
0040316A |. 56 push esi
0040316B |. 57 push edi
0040316C |. 51 push ecx
0040316D |. 8DBD 40FCFFFF lea edi,[local.240]
00403173 |. B9 F0000000 mov ecx,0xF0
00403178 |. B8 CCCCCCCC mov eax,0xCCCCCCCC
0040317D |. F3:AB rep stos dword ptr es:[edi]
0040317F |. 59 pop ecx
00403180 |. 894D FC mov [local.1],ecx
00403183 |. 6A 01 push 0x1
00403185 |. 8B4D FC mov ecx,[local.1]
00403188 |. E8 FE280800 call Crackme2.00485A8B
0040318D |. 8B4D FC mov ecx,[local.1]
00403190 |. 83C1 5C add ecx,0x5C
00403193 |. E8 A2030D00 call Crackme2.004D353A ; 试炼码出现在EAX位
00403198 |. 8945 F8 mov [local.2],eax
0040319B |. C745 F4 00000000 mov [local.3],0x0
004031A2 |. EB 09 jmp short Crackme2.004031AD
004031A4 |> 8B45 F4 /mov eax,[local.3]
004031A7 |. 83C0 01 |add eax,0x1
004031AA |. 8945 F4 |mov [local.3],eax
004031AD |> 8B4D F8 mov ecx,[local.2]
004031B0 |. 034D F4 |add ecx,[local.3]
004031B3 |. 0FBE11 |movsx edx,byte ptr ds:[ecx]
004031B6 |. 85D2 |test edx,edx
004031B8 |. 74 02 |je short Crackme2.004031BC
004031BA |.^ EB E8 \jmp short Crackme2.004031A4
004031BC |> 837D F4 17 cmp [local.3],0x17 ; 比较试炼码是否为23位
004031C0 |. 74 05 je short Crackme2.004031C7
004031C2 |. E9 CE090000 jmp Crackme2.00403B95
004031C7 |> B9 10000000 mov ecx,0x10 ; 无效垃圾代码开始分割线----------------------------
004031CC |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
004031D1 |. 8D7D B0 lea edi,[local.20]
004031D4 |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
004031D6 |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
004031D7 |. B9 10000000 mov ecx,0x10
004031DC |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
004031E1 |. 8DBD 6CFFFFFF lea edi,[local.37]
004031E7 |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
004031E9 |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
004031EA |. B9 10000000 mov ecx,0x10
004031EF |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
004031F4 |. 8DBD 28FFFFFF lea edi,[local.54]
004031FA |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
004031FC |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
004031FD |. B9 10000000 mov ecx,0x10
00403202 |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
00403207 |. 8DBD E4FEFFFF lea edi,[local.71]
0040320D |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
0040320F |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
00403210 |. B9 10000000 mov ecx,0x10
00403215 |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
0040321A |. 8DBD A0FEFFFF lea edi,[local.88]
00403220 |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
00403222 |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
00403223 |. B9 10000000 mov ecx,0x10
00403228 |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
0040322D |. 8DBD 5CFEFFFF lea edi,[local.105]
00403233 |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
00403235 |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
00403236 |. B9 10000000 mov ecx,0x10
0040323B |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
00403240 |. 8DBD 18FEFFFF lea edi,[local.122]
00403246 |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
00403248 |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
00403249 |. C785 14FEFFFF 00>mov [local.123],0x0
00403253 |. C745 F4 00000000 mov [local.3],0x0
0040325A |. EB 09 jmp short Crackme2.00403265
0040325C |> 8B45 F4 /mov eax,[local.3]
0040325F |. 83C0 01 |add eax,0x1
00403262 |. 8945 F4 |mov [local.3],eax
00403265 |> 837D F4 05 cmp [local.3],0x5
00403269 |. 7D 1E |jge short Crackme2.00403289
0040326B |. 8B8D 14FEFFFF |mov ecx,[local.123]
00403271 |. 6BC9 1A |imul ecx,ecx,0x1A
00403274 |. 8B55 F8 |mov edx,[local.2]
00403277 |. 0355 F4 |add edx,[local.3]
0040327A |. 0FBE02 |movsx eax,byte ptr ds:[edx]
0040327D |. 8D4C01 9F |lea ecx,dword ptr ds:[ecx+eax-0x61]
00403281 |. 898D 14FEFFFF |mov [local.123],ecx
00403287 |.^ EB D3 \jmp short Crackme2.0040325C
00403289 |> C785 10FEFFFF 40>mov [local.124],0xF4240
00403293 |. C745 F4 00000000 mov [local.3],0x0
0040329A |> 83BD 14FEFFFF 00 /cmp [local.123],0x0
004032A1 |. 74 49 |je short Crackme2.004032EC
004032A3 |. 8B85 14FEFFFF |mov eax,[local.123]
004032A9 |. 99 |cdq
004032AA |. F7BD 10FEFFFF |idiv [local.124]
004032B0 |. 83C0 30 |add eax,0x30
004032B3 |. 8B55 F4 |mov edx,[local.3]
004032B6 |. 884415 E9 |mov byte ptr ss:[ebp+edx-0x17],al
004032BA |. 8B85 14FEFFFF |mov eax,[local.123]
004032C0 |. 99 |cdq
004032C1 |. F7BD 10FEFFFF |idiv [local.124]
004032C7 |. 8995 14FEFFFF |mov [local.123],edx
004032CD |. 8B85 10FEFFFF |mov eax,[local.124]
004032D3 |. 99 |cdq
004032D4 |. B9 0A000000 |mov ecx,0xA
004032D9 |. F7F9 |idiv ecx
004032DB |. 8985 10FEFFFF |mov [local.124],eax
004032E1 |. 8B55 F4 |mov edx,[local.3]
004032E4 |. 83C2 01 |add edx,0x1
004032E7 |. 8955 F4 |mov [local.3],edx
004032EA |.^ EB AE \jmp short Crackme2.0040329A
004032EC |> C785 0CFEFFFF 00>mov [local.125],0x0
004032F6 |. C745 F4 07000000 mov [local.3],0x7
004032FD |. EB 09 jmp short Crackme2.00403308
004032FF |> 8B45 F4 /mov eax,[local.3]
00403302 |. 83C0 01 |add eax,0x1
00403305 |. 8945 F4 |mov [local.3],eax
00403308 |> 837D F4 0C cmp [local.3],0xC
0040330C |. 7D 1E |jge short Crackme2.0040332C
0040330E |. 8B8D 0CFEFFFF |mov ecx,[local.125]
00403314 |. 6BC9 1A |imul ecx,ecx,0x1A
00403317 |. 8B55 F8 |mov edx,[local.2]
0040331A |. 0355 F4 |add edx,[local.3]
0040331D |. 0FBE02 |movsx eax,byte ptr ds:[edx]
00403320 |. 8D4C01 9F |lea ecx,dword ptr ds:[ecx+eax-0x61]
00403324 |. 898D 0CFEFFFF |mov [local.125],ecx
0040332A |.^ EB D3 \jmp short Crackme2.004032FF
0040332C |> C785 10FEFFFF 40>mov [local.124],0xF4240
00403336 |. C745 F4 00000000 mov [local.3],0x0
0040333D |> 83BD 0CFEFFFF 00 /cmp [local.125],0x0
00403344 |. 74 49 |je short Crackme2.0040338F
00403346 |. 8B85 0CFEFFFF |mov eax,[local.125]
0040334C |. 99 |cdq
0040334D |. F7BD 10FEFFFF |idiv [local.124]
00403353 |. 83C0 30 |add eax,0x30
00403356 |. 8B55 F4 |mov edx,[local.3]
00403359 |. 884415 A5 |mov byte ptr ss:[ebp+edx-0x5B],al
0040335D |. 8B85 0CFEFFFF |mov eax,[local.125]
00403363 |. 99 |cdq
00403364 |. F7BD 10FEFFFF |idiv [local.124]
0040336A |. 8995 0CFEFFFF |mov [local.125],edx
00403370 |. 8B85 10FEFFFF |mov eax,[local.124]
00403376 |. 99 |cdq
00403377 |. B9 0A000000 |mov ecx,0xA
0040337C |. F7F9 |idiv ecx
0040337E |. 8985 10FEFFFF |mov [local.124],eax
00403384 |. 8B55 F4 |mov edx,[local.3]
00403387 |. 83C2 01 |add edx,0x1
0040338A |. 8955 F4 |mov [local.3],edx
0040338D |.^ EB AE \jmp short Crackme2.0040333D
0040338F |> C785 08FEFFFF 00>mov [local.126],0x0
00403399 |. C745 F4 10000000 mov [local.3],0x10
004033A0 |. EB 09 jmp short Crackme2.004033AB
004033A2 |> 8B45 F4 /mov eax,[local.3]
004033A5 |. 83C0 01 |add eax,0x1
004033A8 |. 8945 F4 |mov [local.3],eax
004033AB |> 837D F4 17 cmp [local.3],0x17
004033AF |. 7D 1E |jge short Crackme2.004033CF
004033B1 |. 8B8D 08FEFFFF |mov ecx,[local.126]
004033B7 |. 6BC9 1A |imul ecx,ecx,0x1A
004033BA |. 8B55 F8 |mov edx,[local.2]
004033BD |. 0355 F4 |add edx,[local.3]
004033C0 |. 0FBE02 |movsx eax,byte ptr ds:[edx]
004033C3 |. 8D4C01 9F |lea ecx,dword ptr ds:[ecx+eax-0x61]
004033C7 |. 898D 08FEFFFF |mov [local.126],ecx
004033CD |.^ EB D3 \jmp short Crackme2.004033A2
004033CF |> C785 10FEFFFF 00>mov [local.124],0x5F5E100
004033D9 |. C745 F4 00000000 mov [local.3],0x0
004033E0 |> 83BD 08FEFFFF 00 /cmp [local.126],0x0
004033E7 |. 74 4C |je short Crackme2.00403435
004033E9 |. 8B85 08FEFFFF |mov eax,[local.126]
004033EF |. 99 |cdq
004033F0 |. F7BD 10FEFFFF |idiv [local.124]
004033F6 |. 83C0 30 |add eax,0x30
004033F9 |. 8B55 F4 |mov edx,[local.3]
004033FC |. 888415 5FFFFFFF |mov byte ptr ss:[ebp+edx-0xA1],al
00403403 |. 8B85 08FEFFFF |mov eax,[local.126]
00403409 |. 99 |cdq
0040340A |. F7BD 10FEFFFF |idiv [local.124]
00403410 |. 8995 08FEFFFF |mov [local.126],edx
00403416 |. 8B85 10FEFFFF |mov eax,[local.124]
0040341C |. 99 |cdq
0040341D |. B9 0A000000 |mov ecx,0xA
00403422 |. F7F9 |idiv ecx
00403424 |. 8985 10FEFFFF |mov [local.124],eax
0040342A |. 8B55 F4 |mov edx,[local.3]
0040342D |. 83C2 01 |add edx,0x1
00403430 |. 8955 F4 |mov [local.3],edx
00403433 |.^ EB AB \jmp short Crackme2.004033E0
00403435 |> C785 04FEFFFF 00>mov [local.127],0x0
0040343F |. C745 F4 15000000 mov [local.3],0x15
00403446 |. EB 09 jmp short Crackme2.00403451
00403448 |> 8B45 F4 /mov eax,[local.3]
0040344B |. 83C0 01 |add eax,0x1
0040344E |. 8945 F4 |mov [local.3],eax
00403451 |> 837D F4 17 cmp [local.3],0x17
00403455 |. 7D 1E |jge short Crackme2.00403475
00403457 |. 8B8D 04FEFFFF |mov ecx,[local.127]
0040345D |. 6BC9 1A |imul ecx,ecx,0x1A
00403460 |. 8B55 F8 |mov edx,[local.2]
00403463 |. 0355 F4 |add edx,[local.3]
00403466 |. 0FBE02 |movsx eax,byte ptr ds:[edx]
00403469 |. 8D4C01 9F |lea ecx,dword ptr ds:[ecx+eax-0x61]
0040346D |. 898D 04FEFFFF |mov [local.127],ecx
00403473 |.^ EB D3 \jmp short Crackme2.00403448
00403475 |> C785 10FEFFFF 64>mov [local.124],0x64
0040347F |. C745 F4 00000000 mov [local.3],0x0
00403486 |> 83BD 04FEFFFF 00 /cmp [local.127],0x0
0040348D |. 74 4C |je short Crackme2.004034DB
0040348F |. 8B85 04FEFFFF |mov eax,[local.127]
00403495 |. 99 |cdq
00403496 |. F7BD 10FEFFFF |idiv [local.124]
0040349C |. 83C0 30 |add eax,0x30
0040349F |. 8B55 F4 |mov edx,[local.3]
004034A2 |. 888415 21FFFFFF |mov byte ptr ss:[ebp+edx-0xDF],al
004034A9 |. 8B85 04FEFFFF |mov eax,[local.127]
004034AF |. 99 |cdq
004034B0 |. F7BD 10FEFFFF |idiv [local.124]
004034B6 |. 8995 04FEFFFF |mov [local.127],edx
004034BC |. 8B85 10FEFFFF |mov eax,[local.124]
004034C2 |. 99 |cdq
004034C3 |. B9 0A000000 |mov ecx,0xA
004034C8 |. F7F9 |idiv ecx
004034CA |. 8985 10FEFFFF |mov [local.124],eax
004034D0 |. 8B55 F4 |mov edx,[local.3]
004034D3 |. 83C2 01 |add edx,0x1
004034D6 |. 8955 F4 |mov [local.3],edx
004034D9 |.^ EB AB \jmp short Crackme2.00403486
004034DB |> 8B45 F8 mov eax,[local.2] ; 试炼码给EAX
004034DE |. 8A48 05 mov cl,byte ptr ds:[eax+0x5]
004034E1 |. 888D DEFEFFFF mov byte ptr ss:[ebp-0x122],cl
004034E7 |. 8B55 F8 mov edx,[local.2]
004034EA |. 8A42 06 mov al,byte ptr ds:[edx+0x6]
004034ED |. 8885 DFFEFFFF mov byte ptr ss:[ebp-0x121],al
004034F3 |. 8B4D F8 mov ecx,[local.2]
004034F6 |. 8A51 0C mov dl,byte ptr ds:[ecx+0xC]
004034F9 |. 8895 9AFEFFFF mov byte ptr ss:[ebp-0x166],dl
004034FF |. 8B45 F8 mov eax,[local.2]
00403502 |. 8A48 0D mov cl,byte ptr ds:[eax+0xD]
00403505 |. 888D 9BFEFFFF mov byte ptr ss:[ebp-0x165],cl
0040350B |. 8B55 F8 mov edx,[local.2]
0040350E |. 8A42 0E mov al,byte ptr ds:[edx+0xE]
00403511 |. 8885 56FEFFFF mov byte ptr ss:[ebp-0x1AA],al
00403517 |. 8B4D F8 mov ecx,[local.2]
0040351A |. 8A51 0F mov dl,byte ptr ds:[ecx+0xF]
0040351D |. 8895 57FEFFFF mov byte ptr ss:[ebp-0x1A9],dl
00403523 |. 8B45 F8 mov eax,[local.2]
00403526 |. 0FBE48 0E movsx ecx,byte ptr ds:[eax+0xE]
0040352A |. 83E9 30 sub ecx,0x30
0040352D |. 6BC9 0A imul ecx,ecx,0xA
00403530 |. 8B55 F8 mov edx,[local.2]
00403533 |. 0FBE42 0F movsx eax,byte ptr ds:[edx+0xF]
00403537 |. 8D4C01 D0 lea ecx,dword ptr ds:[ecx+eax-0x30]
0040353B |. 898D 00FEFFFF mov [local.128],ecx
00403541 |. 8D95 F8FDFFFF lea edx,[local.130]
00403547 |. 52 push edx
00403548 |. E8 12DBFFFF call Crackme2.0040105F
0040354D |. 83C4 04 add esp,0x4
00403550 |. 8D85 F0FDFFFF lea eax,[local.132]
00403556 |. 50 push eax
00403557 |. E8 03DBFFFF call Crackme2.0040105F
0040355C |. 83C4 04 add esp,0x4
0040355F |. 8D8D E8FDFFFF lea ecx,[local.134]
00403565 |. 51 push ecx
00403566 |. E8 F4DAFFFF call Crackme2.0040105F
0040356B |. 83C4 04 add esp,0x4
0040356E |. 8D55 B0 lea edx,[local.20]
00403571 |. 52 push edx
00403572 |. E8 CFDAFFFF call Crackme2.00401046
00403577 |. 83C4 04 add esp,0x4
0040357A |. 50 push eax
0040357B |. 8D85 F8FDFFFF lea eax,[local.130]
00403581 |. 50 push eax
00403582 |. E8 C9DAFFFF call Crackme2.00401050
00403587 |. 83C4 08 add esp,0x8
0040358A |. 8D8D A0FEFFFF lea ecx,[local.88]
00403590 |. 51 push ecx
00403591 |. E8 B0DAFFFF call Crackme2.00401046
00403596 |. 83C4 04 add esp,0x4
00403599 |. 50 push eax
0040359A |. 8D95 F0FDFFFF lea edx,[local.132]
004035A0 |. 52 push edx
004035A1 |. E8 AADAFFFF call Crackme2.00401050
004035A6 |. 83C4 08 add esp,0x8
004035A9 |. C685 F8FDFFFF 01 mov byte ptr ss:[ebp-0x208],0x1
004035B0 |. C685 F0FDFFFF 01 mov byte ptr ss:[ebp-0x210],0x1
004035B7 |. 8D85 E8FDFFFF lea eax,[local.134]
004035BD |. 50 push eax
004035BE |. 8D8D F0FDFFFF lea ecx,[local.132]
004035C4 |. 51 push ecx
004035C5 |. 8D95 F8FDFFFF lea edx,[local.130]
004035CB |. 52 push edx
004035CC |. E8 66DAFFFF call Crackme2.00401037
004035D1 |. 83C4 0C add esp,0xC
004035D4 |. 8B85 ECFDFFFF mov eax,[local.133]
004035DA |. 50 push eax
004035DB |. E8 CADAFFFF call Crackme2.004010AA
004035E0 |. 83C4 04 add esp,0x4
004035E3 |. 8985 E4FDFFFF mov [local.135],eax
004035E9 |. 8D8D F8FDFFFF lea ecx,[local.130]
004035EF |. 51 push ecx
004035F0 |. E8 6ADAFFFF call Crackme2.0040105F
004035F5 |. 83C4 04 add esp,0x4
004035F8 |. 8D95 F0FDFFFF lea edx,[local.132]
004035FE |. 52 push edx
004035FF |. E8 5BDAFFFF call Crackme2.0040105F
00403604 |. 83C4 04 add esp,0x4
00403607 |. 8D85 E8FDFFFF lea eax,[local.134]
0040360D |. 50 push eax
0040360E |. E8 4CDAFFFF call Crackme2.0040105F
00403613 |. 83C4 04 add esp,0x4
00403616 |. 8D8D 6CFFFFFF lea ecx,[local.37]
0040361C |. 51 push ecx
0040361D |. E8 24DAFFFF call Crackme2.00401046
00403622 |. 83C4 04 add esp,0x4
00403625 |. 50 push eax
00403626 |. 8D95 F8FDFFFF lea edx,[local.130]
0040362C |. 52 push edx
0040362D |. E8 1EDAFFFF call Crackme2.00401050
00403632 |. 83C4 08 add esp,0x8
00403635 |. 8D85 5CFEFFFF lea eax,[local.105]
0040363B |. 50 push eax
0040363C |. E8 05DAFFFF call Crackme2.00401046
00403641 |. 83C4 04 add esp,0x4
00403644 |. 50 push eax
00403645 |. 8D8D F0FDFFFF lea ecx,[local.132]
0040364B |. 51 push ecx
0040364C |. E8 FFD9FFFF call Crackme2.00401050
00403651 |. 83C4 08 add esp,0x8
00403654 |. C685 F8FDFFFF 01 mov byte ptr ss:[ebp-0x208],0x1
0040365B |. C685 F0FDFFFF 01 mov byte ptr ss:[ebp-0x210],0x1
00403662 |. 8D95 E8FDFFFF lea edx,[local.134]
00403668 |. 52 push edx
00403669 |. 8D85 F0FDFFFF lea eax,[local.132]
0040366F |. 50 push eax
00403670 |. 8D8D F8FDFFFF lea ecx,[local.130]
00403676 |. 51 push ecx
00403677 |. E8 BBD9FFFF call Crackme2.00401037
0040367C |. 83C4 0C add esp,0xC
0040367F |. 8B95 ECFDFFFF mov edx,[local.133]
00403685 |. 52 push edx
00403686 |. E8 1FDAFFFF call Crackme2.004010AA
0040368B |. 83C4 04 add esp,0x4
0040368E |. 8985 E0FDFFFF mov [local.136],eax
00403694 |. 8D85 F8FDFFFF lea eax,[local.130]
0040369A |. 50 push eax
0040369B |. E8 BFD9FFFF call Crackme2.0040105F
004036A0 |. 83C4 04 add esp,0x4
004036A3 |. 8D8D F0FDFFFF lea ecx,[local.132]
004036A9 |. 51 push ecx
004036AA |. E8 B0D9FFFF call Crackme2.0040105F
004036AF |. 83C4 04 add esp,0x4
004036B2 |. 8D95 E8FDFFFF lea edx,[local.134]
004036B8 |. 52 push edx
004036B9 |. E8 A1D9FFFF call Crackme2.0040105F
004036BE |. 83C4 04 add esp,0x4
004036C1 |. 8D85 28FFFFFF lea eax,[local.54]
004036C7 |. 50 push eax
004036C8 |. E8 79D9FFFF call Crackme2.00401046
004036CD |. 83C4 04 add esp,0x4
004036D0 |. 50 push eax
004036D1 |. 8D8D F8FDFFFF lea ecx,[local.130]
004036D7 |. 51 push ecx
004036D8 |. E8 73D9FFFF call Crackme2.00401050
004036DD |. 83C4 08 add esp,0x8
004036E0 |. 8D95 18FEFFFF lea edx,[local.122]
004036E6 |. 52 push edx
004036E7 |. E8 5AD9FFFF call Crackme2.00401046
004036EC |. 83C4 04 add esp,0x4
004036EF |. 50 push eax
004036F0 |. 8D85 F0FDFFFF lea eax,[local.132]
004036F6 |. 50 push eax
004036F7 |. E8 54D9FFFF call Crackme2.00401050
004036FC |. 83C4 08 add esp,0x8
004036FF |. C685 F8FDFFFF 01 mov byte ptr ss:[ebp-0x208],0x1
00403706 |. C685 F0FDFFFF 01 mov byte ptr ss:[ebp-0x210],0x1
0040370D |. 8D8D E8FDFFFF lea ecx,[local.134]
00403713 |. 51 push ecx
00403714 |. 8D95 F0FDFFFF lea edx,[local.132]
0040371A |. 52 push edx
0040371B |. 8D85 F8FDFFFF lea eax,[local.130]
00403721 |. 50 push eax
00403722 |. E8 10D9FFFF call Crackme2.00401037
00403727 |. 83C4 0C add esp,0xC
0040372A |. 8B8D ECFDFFFF mov ecx,[local.133]
00403730 |. 51 push ecx
00403731 |. E8 74D9FFFF call Crackme2.004010AA
00403736 |. 83C4 04 add esp,0x4
00403739 |. 8985 DCFDFFFF mov [local.137],eax
0040373F |. B9 10000000 mov ecx,0x10
00403744 |. BE 48745B00 mov esi,Crackme2.005B7448 ; 0000000000000000000000000000000000000000000000000000000000000001
00403749 |. 8DBD 98FDFFFF lea edi,[local.154]
0040374F |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
00403751 |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
00403752 |. 8D95 F8FDFFFF lea edx,[local.130]
00403758 |. 52 push edx
00403759 |. E8 01D9FFFF call Crackme2.0040105F
0040375E |. 83C4 04 add esp,0x4
00403761 |. 8D85 F0FDFFFF lea eax,[local.132]
00403767 |. 50 push eax
00403768 |. E8 F2D8FFFF call Crackme2.0040105F
0040376D |. 83C4 04 add esp,0x4
00403770 |. 8D8D E8FDFFFF lea ecx,[local.134]
00403776 |. 51 push ecx
00403777 |. E8 E3D8FFFF call Crackme2.0040105F
0040377C |. 83C4 04 add esp,0x4
0040377F |. 8D95 E4FEFFFF lea edx,[local.71]
00403785 |. 52 push edx
00403786 |. E8 BBD8FFFF call Crackme2.00401046
0040378B |. 83C4 04 add esp,0x4
0040378E |. 50 push eax
0040378F |. 8D85 F8FDFFFF lea eax,[local.130]
00403795 |. 50 push eax
00403796 |. E8 B5D8FFFF call Crackme2.00401050
0040379B |. 83C4 08 add esp,0x8
0040379E |. 8D8D 98FDFFFF lea ecx,[local.154]
004037A4 |. 51 push ecx
004037A5 |. E8 9CD8FFFF call Crackme2.00401046
004037AA |. 83C4 04 add esp,0x4
004037AD |. 50 push eax
004037AE |. 8D95 F0FDFFFF lea edx,[local.132]
004037B4 |. 52 push edx
004037B5 |. E8 96D8FFFF call Crackme2.00401050
004037BA |. 83C4 08 add esp,0x8
004037BD |. C685 F8FDFFFF 01 mov byte ptr ss:[ebp-0x208],0x1
004037C4 |. C685 F0FDFFFF 01 mov byte ptr ss:[ebp-0x210],0x1
004037CB |. C745 F4 00000000 mov [local.3],0x0
004037D2 |. EB 09 jmp short Crackme2.004037DD
004037D4 |> 8B45 F4 /mov eax,[local.3]
004037D7 |. 83C0 01 |add eax,0x1
004037DA |. 8945 F4 |mov [local.3],eax
004037DD |> 8B4D F4 mov ecx,[local.3]
004037E0 |. 3B8D 00FEFFFF |cmp ecx,[local.128]
004037E6 |. 7D 35 |jge short Crackme2.0040381D
004037E8 |. 8D95 E8FDFFFF |lea edx,[local.134]
004037EE |. 52 |push edx
004037EF |. 8D85 F0FDFFFF |lea eax,[local.132]
004037F5 |. 50 |push eax
004037F6 |. 8D8D F8FDFFFF |lea ecx,[local.130]
004037FC |. 51 |push ecx
004037FD |. E8 35D8FFFF |call Crackme2.00401037
00403802 |. 83C4 0C |add esp,0xC
00403805 |. 8D95 F0FDFFFF |lea edx,[local.132]
0040380B |. 52 |push edx
0040380C |. 8D85 E8FDFFFF |lea eax,[local.134]
00403812 |. 50 |push eax
00403813 |. E8 F2D7FFFF |call Crackme2.0040100A
00403818 |. 83C4 08 |add esp,0x8
0040381B |.^ EB B7 \jmp short Crackme2.004037D4
0040381D |> 8B8D ECFDFFFF mov ecx,[local.133]
00403823 |. 51 push ecx
00403824 |. E8 81D8FFFF call Crackme2.004010AA
00403829 |. 83C4 04 add esp,0x4
0040382C |. 8985 94FDFFFF mov [local.155],eax
00403832 |. C685 94FCFFFF 00 mov byte ptr ss:[ebp-0x36C],0x0
00403839 |. B9 3F000000 mov ecx,0x3F
0040383E |. 33C0 xor eax,eax
00403840 |. 8DBD 95FCFFFF lea edi,dword ptr ss:[ebp-0x36B]
00403846 |. F3:AB rep stos dword ptr es:[edi]
00403848 |. 66:AB stos word ptr es:[edi]
0040384A |. AA stos byte ptr es:[edi]
0040384B |. C785 90FCFFFF 00>mov [local.220],0x0
00403855 |. C785 8CFCFFFF 00>mov [local.221],0x0
0040385F |> 8B95 E4FDFFFF /mov edx,[local.135]
00403865 |. 0395 90FCFFFF |add edx,[local.220]
0040386B |. 0FBE02 |movsx eax,byte ptr ds:[edx]
0040386E |. 83F8 30 |cmp eax,0x30
00403871 |. 75 11 |jnz short Crackme2.00403884
00403873 |. 8B8D 90FCFFFF |mov ecx,[local.220]
00403879 |. 83C1 01 |add ecx,0x1
0040387C |. 898D 90FCFFFF |mov [local.220],ecx
00403882 |.^ EB DB \jmp short Crackme2.0040385F
00403884 |> C745 F4 00000000 mov [local.3],0x0
0040388B |. EB 09 jmp short Crackme2.00403896
0040388D |> 8B55 F4 /mov edx,[local.3]
00403890 |. 83C2 01 |add edx,0x1
00403893 |. 8955 F4 |mov [local.3],edx
00403896 |> 8B85 90FCFFFF mov eax,[local.220]
0040389C |. 0345 F4 |add eax,[local.3]
0040389F |. 8B8D E4FDFFFF |mov ecx,[local.135]
004038A5 |. 0FBE1401 |movsx edx,byte ptr ds:[ecx+eax]
004038A9 |. 85D2 |test edx,edx
004038AB |. 74 24 |je short Crackme2.004038D1
004038AD |. 8B85 90FCFFFF |mov eax,[local.220]
004038B3 |. 0345 F4 |add eax,[local.3]
004038B6 |. 8B8D 8CFCFFFF |mov ecx,[local.221]
004038BC |. 034D F4 |add ecx,[local.3]
004038BF |. 8B95 E4FDFFFF |mov edx,[local.135]
004038C5 |. 8A0402 |mov al,byte ptr ds:[edx+eax]
004038C8 |. 88840D 94FCFFFF |mov byte ptr ss:[ebp+ecx-0x36C],al
004038CF |.^ EB BC \jmp short Crackme2.0040388D
004038D1 |> 8B4D F4 mov ecx,[local.3]
004038D4 |. 8B95 8CFCFFFF mov edx,[local.221]
004038DA |. 8D440A FF lea eax,dword ptr ds:[edx+ecx-0x1]
004038DE |. 8985 8CFCFFFF mov [local.221],eax
004038E4 |. C785 90FCFFFF 00>mov [local.220],0x0
004038EE |> 8B8D E0FDFFFF /mov ecx,[local.136]
004038F4 |. 038D 90FCFFFF |add ecx,[local.220]
004038FA |. 0FBE11 |movsx edx,byte ptr ds:[ecx]
004038FD |. 83FA 30 |cmp edx,0x30
00403900 |. 75 11 |jnz short Crackme2.00403913
00403902 |. 8B85 90FCFFFF |mov eax,[local.220]
00403908 |. 83C0 01 |add eax,0x1
0040390B |. 8985 90FCFFFF |mov [local.220],eax
00403911 |.^ EB DB \jmp short Crackme2.004038EE
00403913 |> C745 F4 00000000 mov [local.3],0x0
0040391A |. EB 09 jmp short Crackme2.00403925
0040391C |> 8B4D F4 /mov ecx,[local.3]
0040391F |. 83C1 01 |add ecx,0x1
00403922 |. 894D F4 |mov [local.3],ecx
00403925 |> 8B95 90FCFFFF mov edx,[local.220]
0040392B |. 0355 F4 |add edx,[local.3]
0040392E |. 8B85 E0FDFFFF |mov eax,[local.136]
00403934 |. 0FBE0C10 |movsx ecx,byte ptr ds:[eax+edx]
00403938 |. 85C9 |test ecx,ecx
0040393A |. 74 24 |je short Crackme2.00403960
0040393C |. 8B95 90FCFFFF |mov edx,[local.220]
00403942 |. 0355 F4 |add edx,[local.3]
00403945 |. 8B85 8CFCFFFF |mov eax,[local.221]
0040394B |. 0345 F4 |add eax,[local.3]
0040394E |. 8B8D E0FDFFFF |mov ecx,[local.136]
00403954 |. 8A1411 |mov dl,byte ptr ds:[ecx+edx]
00403957 |. 889405 94FCFFFF |mov byte ptr ss:[ebp+eax-0x36C],dl
0040395E |.^ EB BC \jmp short Crackme2.0040391C
00403960 |> 8B45 F4 mov eax,[local.3]
00403963 |. 8B8D 8CFCFFFF mov ecx,[local.221]
00403969 |. 8D5401 FF lea edx,dword ptr ds:[ecx+eax-0x1]
0040396D |. 8995 8CFCFFFF mov [local.221],edx
00403973 |. C785 90FCFFFF 00>mov [local.220],0x0
0040397D |> 8B85 DCFDFFFF /mov eax,[local.137]
00403983 |. 0385 90FCFFFF |add eax,[local.220]
00403989 |. 0FBE08 |movsx ecx,byte ptr ds:[eax]
0040398C |. 83F9 30 |cmp ecx,0x30
0040398F |. 75 11 |jnz short Crackme2.004039A2
00403991 |. 8B95 90FCFFFF |mov edx,[local.220]
00403997 |. 83C2 01 |add edx,0x1
0040399A |. 8995 90FCFFFF |mov [local.220],edx
004039A0 |.^ EB DB \jmp short Crackme2.0040397D
004039A2 |> C745 F4 00000000 mov [local.3],0x0
004039A9 |. EB 09 jmp short Crackme2.004039B4
004039AB |> 8B45 F4 /mov eax,[local.3]
004039AE |. 83C0 01 |add eax,0x1
004039B1 |. 8945 F4 |mov [local.3],eax
004039B4 |> 8B8D 90FCFFFF mov ecx,[local.220]
004039BA |. 034D F4 |add ecx,[local.3]
004039BD |. 8B95 DCFDFFFF |mov edx,[local.137]
004039C3 |. 0FBE040A |movsx eax,byte ptr ds:[edx+ecx]
004039C7 |. 85C0 |test eax,eax
004039C9 |. 74 24 |je short Crackme2.004039EF
004039CB |. 8B8D 90FCFFFF |mov ecx,[local.220]
004039D1 |. 034D F4 |add ecx,[local.3]
004039D4 |. 8B95 8CFCFFFF |mov edx,[local.221]
004039DA |. 0355 F4 |add edx,[local.3]
004039DD |. 8B85 DCFDFFFF |mov eax,[local.137]
004039E3 |. 8A0C08 |mov cl,byte ptr ds:[eax+ecx]
004039E6 |. 888C15 94FCFFFF |mov byte ptr ss:[ebp+edx-0x36C],cl
004039ED |.^ EB BC \jmp short Crackme2.004039AB
004039EF |> 8B55 F4 mov edx,[local.3]
004039F2 |. 8B85 8CFCFFFF mov eax,[local.221]
004039F8 |. 8D4C10 FF lea ecx,dword ptr ds:[eax+edx-0x1]
004039FC |. 898D 8CFCFFFF mov [local.221],ecx
00403A02 |. C785 90FCFFFF 00>mov [local.220],0x0
00403A0C |> 8B95 94FDFFFF /mov edx,[local.155]
00403A12 |. 0395 90FCFFFF |add edx,[local.220]
00403A18 |. 0FBE02 |movsx eax,byte ptr ds:[edx]
00403A1B |. 83F8 30 |cmp eax,0x30
00403A1E |. 75 11 |jnz short Crackme2.00403A31
00403A20 |. 8B8D 90FCFFFF |mov ecx,[local.220]
00403A26 |. 83C1 01 |add ecx,0x1
00403A29 |. 898D 90FCFFFF |mov [local.220],ecx
00403A2F |.^ EB DB \jmp short Crackme2.00403A0C
00403A31 |> C745 F4 00000000 mov [local.3],0x0
00403A38 |. EB 09 jmp short Crackme2.00403A43
00403A3A |> 8B55 F4 /mov edx,[local.3]
00403A3D |. 83C2 01 |add edx,0x1
00403A40 |. 8955 F4 |mov [local.3],edx
00403A43 |> 8B85 90FCFFFF mov eax,[local.220]
00403A49 |. 0345 F4 |add eax,[local.3]
00403A4C |. 8B8D 94FDFFFF |mov ecx,[local.155]
00403A52 |. 0FBE1401 |movsx edx,byte ptr ds:[ecx+eax]
00403A56 |. 85D2 |test edx,edx
00403A58 |. 74 24 |je short Crackme2.00403A7E
00403A5A |. 8B85 90FCFFFF |mov eax,[local.220]
00403A60 |. 0345 F4 |add eax,[local.3]
00403A63 |. 8B8D 8CFCFFFF |mov ecx,[local.221]
00403A69 |. 034D F4 |add ecx,[local.3]
00403A6C |. 8B95 94FDFFFF |mov edx,[local.155]
00403A72 |. 8A0402 |mov al,byte ptr ds:[edx+eax]
00403A75 |. 88840D 94FCFFFF |mov byte ptr ss:[ebp+ecx-0x36C],al
00403A7C |.^ EB BC \jmp short Crackme2.00403A3A
00403A7E |> 8B8D 8CFCFFFF mov ecx,[local.221]
00403A84 |. 034D F4 add ecx,[local.3]
00403A87 |. C6840D 93FCFFFF >mov byte ptr ss:[ebp+ecx-0x36D],0x0
00403A8F |. C785 88FCFFFF 01>mov [local.222],0x1
00403A99 |. C785 84FCFFFF 00>mov [local.223],0x0
00403AA3 |. C785 84FCFFFF 00>mov [local.223],0x0
00403AAD |. EB 0F jmp short Crackme2.00403ABE ; 无效垃圾代码结束分割线----------------------------
00403AAF |> 8B95 84FCFFFF /mov edx,[local.223]
00403AB5 |. 83C2 01 |add edx,0x1
00403AB8 |. 8995 84FCFFFF |mov [local.223],edx ; 明码保存了注册码
00403ABE |> A1 7C805D00 mov eax,dword ptr ds:[0x5D807C] ; 57AEA642D24E4080B23177BFCC40814EB73DBD01E92480C85C3C4046662C10000
00403AC3 |. 0385 84FCFFFF |add eax,[local.223]
00403AC9 |. 0FBE08 |movsx ecx,byte ptr ds:[eax]
00403ACC |. 85C9 |test ecx,ecx
00403ACE |. 74 02 |je short Crackme2.00403AD2
00403AD0 |.^ EB DD \jmp short Crackme2.00403AAF
00403AD2 |> C785 80FCFFFF 00>mov [local.224],0x0
00403ADC |. C785 80FCFFFF 00>mov [local.224],0x0
00403AE6 |. EB 0F jmp short Crackme2.00403AF7
00403AE8 |> 8B95 80FCFFFF /mov edx,[local.224]
00403AEE |. 83C2 01 |add edx,0x1
00403AF1 |. 8995 80FCFFFF |mov [local.224],edx
00403AF7 |> A1 7C805D00 mov eax,dword ptr ds:[0x5D807C] ; 57AEA642D24E4080B23177BFCC40814EB73DBD01E92480C85C3C4046662C10000
00403AFC |. 0385 80FCFFFF |add eax,[local.224]
00403B02 |. 0FBE08 |movsx ecx,byte ptr ds:[eax]
00403B05 |. 85C9 |test ecx,ecx
00403B07 |. 74 02 |je short Crackme2.00403B0B
00403B09 |.^ EB DD \jmp short Crackme2.00403AE8
00403B0B |> 8B95 84FCFFFF mov edx,[local.223]
00403B11 |. 3B95 80FCFFFF cmp edx,[local.224]
00403B17 |. 74 0C je short Crackme2.00403B25
00403B19 |. C785 88FCFFFF 00>mov [local.222],0x0
00403B23 |. EB 4A jmp short Crackme2.00403B6F
00403B25 |> C745 F4 00000000 mov [local.3],0x0
00403B2C |. EB 09 jmp short Crackme2.00403B37
00403B2E |> 8B45 F4 /mov eax,[local.3]
00403B31 |. 83C0 01 |add eax,0x1
00403B34 |. 8945 F4 |mov [local.3],eax
00403B37 |> 8B4D F4 mov ecx,[local.3]
00403B3A |. 0FBE940D 94FCFFF>|movsx edx,byte ptr ss:[ebp+ecx-0x36C] ; AFE00C9AC8
00403B42 |. 85D2 |test edx,edx
00403B44 |. 74 29 |je short Crackme2.00403B6F
00403B46 |. 8B45 F4 |mov eax,[local.3]
00403B49 |. 0FBE8C05 94FCFFF>|movsx ecx,byte ptr ss:[ebp+eax-0x36C]
00403B51 |. 8B15 7C805D00 |mov edx,dword ptr ds:[0x5D807C] ; 57AEA642D24E4080B23177BFCC40814EB73DBD01E92480C85C3C4046662C10000
00403B57 |. 0355 F4 |add edx,[local.3] ; 如果输入的23位试炼码中含有以下字符串中的匹配就会注册成功,此题应该属于多解,不知是否违规
00403B5A |. 0FBE02 |movsx eax,byte ptr ds:[edx]
00403B5D |. 3BC8 |cmp ecx,eax
00403B5F |. 74 0C |je short Crackme2.00403B6D
00403B61 |. C785 88FCFFFF 00>|mov [local.222],0x0
00403B6B |. EB 02 |jmp short Crackme2.00403B6F
00403B6D |>^ EB BF \jmp short Crackme2.00403B2E
00403B6F |> 83BD 88FCFFFF 01 cmp [local.222],0x1
00403B76 |. 75 1D jnz short Crackme2.00403B95
00403B78 |. 8BF4 mov esi,esp ; 下面是注册成功后的标志
00403B7A |. 6A 00 push 0x0 ; /Style = MB_OK|MB_APPLMODAL
00403B7C |. 68 34745B00 push Crackme2.005B7434 ; |Congratulations
00403B81 |. 68 28745B00 push Crackme2.005B7428 ; |Success!
00403B86 |. 6A 00 push 0x0 ; |hOwner = NULL
00403B88 |. FF15 2C2D5F00 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA
00403B8E |. 3BF4 cmp esi,esp
00403B90 |. E8 1BBB0100 call Crackme2.0041F6B0
00403B95 |> 5F pop edi
00403B96 |. 5E pop esi
00403B97 |. 5B pop ebx
00403B98 |. 81C4 C0030000 add esp,0x3C0
00403B9E |. 3BEC cmp ebp,esp
00403BA0 |. E8 0BBB0100 call Crackme2.0041F6B0
00403BA5 |. 8BE5 mov esp,ebp
00403BA7 |. 5D pop ebp
00403BA8 \. C3 retn
00403161 |. 8BEC mov ebp,esp
00403163 |. 81EC C0030000 sub esp,0x3C0
00403169 |. 53 push ebx
0040316A |. 56 push esi
0040316B |. 57 push edi
0040316C |. 51 push ecx
0040316D |. 8DBD 40FCFFFF lea edi,[local.240]
00403173 |. B9 F0000000 mov ecx,0xF0
00403178 |. B8 CCCCCCCC mov eax,0xCCCCCCCC
0040317D |. F3:AB rep stos dword ptr es:[edi]
0040317F |. 59 pop ecx
00403180 |. 894D FC mov [local.1],ecx
00403183 |. 6A 01 push 0x1
00403185 |. 8B4D FC mov ecx,[local.1]
00403188 |. E8 FE280800 call Crackme2.00485A8B
0040318D |. 8B4D FC mov ecx,[local.1]
00403190 |. 83C1 5C add ecx,0x5C
00403193 |. E8 A2030D00 call Crackme2.004D353A ; 试炼码出现在EAX位
00403198 |. 8945 F8 mov [local.2],eax
0040319B |. C745 F4 00000000 mov [local.3],0x0
004031A2 |. EB 09 jmp short Crackme2.004031AD
004031A4 |> 8B45 F4 /mov eax,[local.3]
004031A7 |. 83C0 01 |add eax,0x1
004031AA |. 8945 F4 |mov [local.3],eax
004031AD |> 8B4D F8 mov ecx,[local.2]
004031B0 |. 034D F4 |add ecx,[local.3]
004031B3 |. 0FBE11 |movsx edx,byte ptr ds:[ecx]
004031B6 |. 85D2 |test edx,edx
004031B8 |. 74 02 |je short Crackme2.004031BC
004031BA |.^ EB E8 \jmp short Crackme2.004031A4
004031BC |> 837D F4 17 cmp [local.3],0x17 ; 比较试炼码是否为23位
004031C0 |. 74 05 je short Crackme2.004031C7
004031C2 |. E9 CE090000 jmp Crackme2.00403B95
004031C7 |> B9 10000000 mov ecx,0x10 ; 无效垃圾代码开始分割线----------------------------
004031CC |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
004031D1 |. 8D7D B0 lea edi,[local.20]
004031D4 |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
004031D6 |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
004031D7 |. B9 10000000 mov ecx,0x10
004031DC |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
004031E1 |. 8DBD 6CFFFFFF lea edi,[local.37]
004031E7 |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
004031E9 |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
004031EA |. B9 10000000 mov ecx,0x10
004031EF |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
004031F4 |. 8DBD 28FFFFFF lea edi,[local.54]
004031FA |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
004031FC |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
004031FD |. B9 10000000 mov ecx,0x10
00403202 |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
00403207 |. 8DBD E4FEFFFF lea edi,[local.71]
0040320D |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
0040320F |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
00403210 |. B9 10000000 mov ecx,0x10
00403215 |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
0040321A |. 8DBD A0FEFFFF lea edi,[local.88]
00403220 |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
00403222 |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
00403223 |. B9 10000000 mov ecx,0x10
00403228 |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
0040322D |. 8DBD 5CFEFFFF lea edi,[local.105]
00403233 |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
00403235 |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
00403236 |. B9 10000000 mov ecx,0x10
0040323B |. BE 98745B00 mov esi,Crackme2.005B7498 ; 0000000000000000000000000000000000000000000000000000000000000000
00403240 |. 8DBD 18FEFFFF lea edi,[local.122]
00403246 |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
00403248 |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
00403249 |. C785 14FEFFFF 00>mov [local.123],0x0
00403253 |. C745 F4 00000000 mov [local.3],0x0
0040325A |. EB 09 jmp short Crackme2.00403265
0040325C |> 8B45 F4 /mov eax,[local.3]
0040325F |. 83C0 01 |add eax,0x1
00403262 |. 8945 F4 |mov [local.3],eax
00403265 |> 837D F4 05 cmp [local.3],0x5
00403269 |. 7D 1E |jge short Crackme2.00403289
0040326B |. 8B8D 14FEFFFF |mov ecx,[local.123]
00403271 |. 6BC9 1A |imul ecx,ecx,0x1A
00403274 |. 8B55 F8 |mov edx,[local.2]
00403277 |. 0355 F4 |add edx,[local.3]
0040327A |. 0FBE02 |movsx eax,byte ptr ds:[edx]
0040327D |. 8D4C01 9F |lea ecx,dword ptr ds:[ecx+eax-0x61]
00403281 |. 898D 14FEFFFF |mov [local.123],ecx
00403287 |.^ EB D3 \jmp short Crackme2.0040325C
00403289 |> C785 10FEFFFF 40>mov [local.124],0xF4240
00403293 |. C745 F4 00000000 mov [local.3],0x0
0040329A |> 83BD 14FEFFFF 00 /cmp [local.123],0x0
004032A1 |. 74 49 |je short Crackme2.004032EC
004032A3 |. 8B85 14FEFFFF |mov eax,[local.123]
004032A9 |. 99 |cdq
004032AA |. F7BD 10FEFFFF |idiv [local.124]
004032B0 |. 83C0 30 |add eax,0x30
004032B3 |. 8B55 F4 |mov edx,[local.3]
004032B6 |. 884415 E9 |mov byte ptr ss:[ebp+edx-0x17],al
004032BA |. 8B85 14FEFFFF |mov eax,[local.123]
004032C0 |. 99 |cdq
004032C1 |. F7BD 10FEFFFF |idiv [local.124]
004032C7 |. 8995 14FEFFFF |mov [local.123],edx
004032CD |. 8B85 10FEFFFF |mov eax,[local.124]
004032D3 |. 99 |cdq
004032D4 |. B9 0A000000 |mov ecx,0xA
004032D9 |. F7F9 |idiv ecx
004032DB |. 8985 10FEFFFF |mov [local.124],eax
004032E1 |. 8B55 F4 |mov edx,[local.3]
004032E4 |. 83C2 01 |add edx,0x1
004032E7 |. 8955 F4 |mov [local.3],edx
004032EA |.^ EB AE \jmp short Crackme2.0040329A
004032EC |> C785 0CFEFFFF 00>mov [local.125],0x0
004032F6 |. C745 F4 07000000 mov [local.3],0x7
004032FD |. EB 09 jmp short Crackme2.00403308
004032FF |> 8B45 F4 /mov eax,[local.3]
00403302 |. 83C0 01 |add eax,0x1
00403305 |. 8945 F4 |mov [local.3],eax
00403308 |> 837D F4 0C cmp [local.3],0xC
0040330C |. 7D 1E |jge short Crackme2.0040332C
0040330E |. 8B8D 0CFEFFFF |mov ecx,[local.125]
00403314 |. 6BC9 1A |imul ecx,ecx,0x1A
00403317 |. 8B55 F8 |mov edx,[local.2]
0040331A |. 0355 F4 |add edx,[local.3]
0040331D |. 0FBE02 |movsx eax,byte ptr ds:[edx]
00403320 |. 8D4C01 9F |lea ecx,dword ptr ds:[ecx+eax-0x61]
00403324 |. 898D 0CFEFFFF |mov [local.125],ecx
0040332A |.^ EB D3 \jmp short Crackme2.004032FF
0040332C |> C785 10FEFFFF 40>mov [local.124],0xF4240
00403336 |. C745 F4 00000000 mov [local.3],0x0
0040333D |> 83BD 0CFEFFFF 00 /cmp [local.125],0x0
00403344 |. 74 49 |je short Crackme2.0040338F
00403346 |. 8B85 0CFEFFFF |mov eax,[local.125]
0040334C |. 99 |cdq
0040334D |. F7BD 10FEFFFF |idiv [local.124]
00403353 |. 83C0 30 |add eax,0x30
00403356 |. 8B55 F4 |mov edx,[local.3]
00403359 |. 884415 A5 |mov byte ptr ss:[ebp+edx-0x5B],al
0040335D |. 8B85 0CFEFFFF |mov eax,[local.125]
00403363 |. 99 |cdq
00403364 |. F7BD 10FEFFFF |idiv [local.124]
0040336A |. 8995 0CFEFFFF |mov [local.125],edx
00403370 |. 8B85 10FEFFFF |mov eax,[local.124]
00403376 |. 99 |cdq
00403377 |. B9 0A000000 |mov ecx,0xA
0040337C |. F7F9 |idiv ecx
0040337E |. 8985 10FEFFFF |mov [local.124],eax
00403384 |. 8B55 F4 |mov edx,[local.3]
00403387 |. 83C2 01 |add edx,0x1
0040338A |. 8955 F4 |mov [local.3],edx
0040338D |.^ EB AE \jmp short Crackme2.0040333D
0040338F |> C785 08FEFFFF 00>mov [local.126],0x0
00403399 |. C745 F4 10000000 mov [local.3],0x10
004033A0 |. EB 09 jmp short Crackme2.004033AB
004033A2 |> 8B45 F4 /mov eax,[local.3]
004033A5 |. 83C0 01 |add eax,0x1
004033A8 |. 8945 F4 |mov [local.3],eax
004033AB |> 837D F4 17 cmp [local.3],0x17
004033AF |. 7D 1E |jge short Crackme2.004033CF
004033B1 |. 8B8D 08FEFFFF |mov ecx,[local.126]
004033B7 |. 6BC9 1A |imul ecx,ecx,0x1A
004033BA |. 8B55 F8 |mov edx,[local.2]
004033BD |. 0355 F4 |add edx,[local.3]
004033C0 |. 0FBE02 |movsx eax,byte ptr ds:[edx]
004033C3 |. 8D4C01 9F |lea ecx,dword ptr ds:[ecx+eax-0x61]
004033C7 |. 898D 08FEFFFF |mov [local.126],ecx
004033CD |.^ EB D3 \jmp short Crackme2.004033A2
004033CF |> C785 10FEFFFF 00>mov [local.124],0x5F5E100
004033D9 |. C745 F4 00000000 mov [local.3],0x0
004033E0 |> 83BD 08FEFFFF 00 /cmp [local.126],0x0
004033E7 |. 74 4C |je short Crackme2.00403435
004033E9 |. 8B85 08FEFFFF |mov eax,[local.126]
004033EF |. 99 |cdq
004033F0 |. F7BD 10FEFFFF |idiv [local.124]
004033F6 |. 83C0 30 |add eax,0x30
004033F9 |. 8B55 F4 |mov edx,[local.3]
004033FC |. 888415 5FFFFFFF |mov byte ptr ss:[ebp+edx-0xA1],al
00403403 |. 8B85 08FEFFFF |mov eax,[local.126]
00403409 |. 99 |cdq
0040340A |. F7BD 10FEFFFF |idiv [local.124]
00403410 |. 8995 08FEFFFF |mov [local.126],edx
00403416 |. 8B85 10FEFFFF |mov eax,[local.124]
0040341C |. 99 |cdq
0040341D |. B9 0A000000 |mov ecx,0xA
00403422 |. F7F9 |idiv ecx
00403424 |. 8985 10FEFFFF |mov [local.124],eax
0040342A |. 8B55 F4 |mov edx,[local.3]
0040342D |. 83C2 01 |add edx,0x1
00403430 |. 8955 F4 |mov [local.3],edx
00403433 |.^ EB AB \jmp short Crackme2.004033E0
00403435 |> C785 04FEFFFF 00>mov [local.127],0x0
0040343F |. C745 F4 15000000 mov [local.3],0x15
00403446 |. EB 09 jmp short Crackme2.00403451
00403448 |> 8B45 F4 /mov eax,[local.3]
0040344B |. 83C0 01 |add eax,0x1
0040344E |. 8945 F4 |mov [local.3],eax
00403451 |> 837D F4 17 cmp [local.3],0x17
00403455 |. 7D 1E |jge short Crackme2.00403475
00403457 |. 8B8D 04FEFFFF |mov ecx,[local.127]
0040345D |. 6BC9 1A |imul ecx,ecx,0x1A
00403460 |. 8B55 F8 |mov edx,[local.2]
00403463 |. 0355 F4 |add edx,[local.3]
00403466 |. 0FBE02 |movsx eax,byte ptr ds:[edx]
00403469 |. 8D4C01 9F |lea ecx,dword ptr ds:[ecx+eax-0x61]
0040346D |. 898D 04FEFFFF |mov [local.127],ecx
00403473 |.^ EB D3 \jmp short Crackme2.00403448
00403475 |> C785 10FEFFFF 64>mov [local.124],0x64
0040347F |. C745 F4 00000000 mov [local.3],0x0
00403486 |> 83BD 04FEFFFF 00 /cmp [local.127],0x0
0040348D |. 74 4C |je short Crackme2.004034DB
0040348F |. 8B85 04FEFFFF |mov eax,[local.127]
00403495 |. 99 |cdq
00403496 |. F7BD 10FEFFFF |idiv [local.124]
0040349C |. 83C0 30 |add eax,0x30
0040349F |. 8B55 F4 |mov edx,[local.3]
004034A2 |. 888415 21FFFFFF |mov byte ptr ss:[ebp+edx-0xDF],al
004034A9 |. 8B85 04FEFFFF |mov eax,[local.127]
004034AF |. 99 |cdq
004034B0 |. F7BD 10FEFFFF |idiv [local.124]
004034B6 |. 8995 04FEFFFF |mov [local.127],edx
004034BC |. 8B85 10FEFFFF |mov eax,[local.124]
004034C2 |. 99 |cdq
004034C3 |. B9 0A000000 |mov ecx,0xA
004034C8 |. F7F9 |idiv ecx
004034CA |. 8985 10FEFFFF |mov [local.124],eax
004034D0 |. 8B55 F4 |mov edx,[local.3]
004034D3 |. 83C2 01 |add edx,0x1
004034D6 |. 8955 F4 |mov [local.3],edx
004034D9 |.^ EB AB \jmp short Crackme2.00403486
004034DB |> 8B45 F8 mov eax,[local.2] ; 试炼码给EAX
004034DE |. 8A48 05 mov cl,byte ptr ds:[eax+0x5]
004034E1 |. 888D DEFEFFFF mov byte ptr ss:[ebp-0x122],cl
004034E7 |. 8B55 F8 mov edx,[local.2]
004034EA |. 8A42 06 mov al,byte ptr ds:[edx+0x6]
004034ED |. 8885 DFFEFFFF mov byte ptr ss:[ebp-0x121],al
004034F3 |. 8B4D F8 mov ecx,[local.2]
004034F6 |. 8A51 0C mov dl,byte ptr ds:[ecx+0xC]
004034F9 |. 8895 9AFEFFFF mov byte ptr ss:[ebp-0x166],dl
004034FF |. 8B45 F8 mov eax,[local.2]
00403502 |. 8A48 0D mov cl,byte ptr ds:[eax+0xD]
00403505 |. 888D 9BFEFFFF mov byte ptr ss:[ebp-0x165],cl
0040350B |. 8B55 F8 mov edx,[local.2]
0040350E |. 8A42 0E mov al,byte ptr ds:[edx+0xE]
00403511 |. 8885 56FEFFFF mov byte ptr ss:[ebp-0x1AA],al
00403517 |. 8B4D F8 mov ecx,[local.2]
0040351A |. 8A51 0F mov dl,byte ptr ds:[ecx+0xF]
0040351D |. 8895 57FEFFFF mov byte ptr ss:[ebp-0x1A9],dl
00403523 |. 8B45 F8 mov eax,[local.2]
00403526 |. 0FBE48 0E movsx ecx,byte ptr ds:[eax+0xE]
0040352A |. 83E9 30 sub ecx,0x30
0040352D |. 6BC9 0A imul ecx,ecx,0xA
00403530 |. 8B55 F8 mov edx,[local.2]
00403533 |. 0FBE42 0F movsx eax,byte ptr ds:[edx+0xF]
00403537 |. 8D4C01 D0 lea ecx,dword ptr ds:[ecx+eax-0x30]
0040353B |. 898D 00FEFFFF mov [local.128],ecx
00403541 |. 8D95 F8FDFFFF lea edx,[local.130]
00403547 |. 52 push edx
00403548 |. E8 12DBFFFF call Crackme2.0040105F
0040354D |. 83C4 04 add esp,0x4
00403550 |. 8D85 F0FDFFFF lea eax,[local.132]
00403556 |. 50 push eax
00403557 |. E8 03DBFFFF call Crackme2.0040105F
0040355C |. 83C4 04 add esp,0x4
0040355F |. 8D8D E8FDFFFF lea ecx,[local.134]
00403565 |. 51 push ecx
00403566 |. E8 F4DAFFFF call Crackme2.0040105F
0040356B |. 83C4 04 add esp,0x4
0040356E |. 8D55 B0 lea edx,[local.20]
00403571 |. 52 push edx
00403572 |. E8 CFDAFFFF call Crackme2.00401046
00403577 |. 83C4 04 add esp,0x4
0040357A |. 50 push eax
0040357B |. 8D85 F8FDFFFF lea eax,[local.130]
00403581 |. 50 push eax
00403582 |. E8 C9DAFFFF call Crackme2.00401050
00403587 |. 83C4 08 add esp,0x8
0040358A |. 8D8D A0FEFFFF lea ecx,[local.88]
00403590 |. 51 push ecx
00403591 |. E8 B0DAFFFF call Crackme2.00401046
00403596 |. 83C4 04 add esp,0x4
00403599 |. 50 push eax
0040359A |. 8D95 F0FDFFFF lea edx,[local.132]
004035A0 |. 52 push edx
004035A1 |. E8 AADAFFFF call Crackme2.00401050
004035A6 |. 83C4 08 add esp,0x8
004035A9 |. C685 F8FDFFFF 01 mov byte ptr ss:[ebp-0x208],0x1
004035B0 |. C685 F0FDFFFF 01 mov byte ptr ss:[ebp-0x210],0x1
004035B7 |. 8D85 E8FDFFFF lea eax,[local.134]
004035BD |. 50 push eax
004035BE |. 8D8D F0FDFFFF lea ecx,[local.132]
004035C4 |. 51 push ecx
004035C5 |. 8D95 F8FDFFFF lea edx,[local.130]
004035CB |. 52 push edx
004035CC |. E8 66DAFFFF call Crackme2.00401037
004035D1 |. 83C4 0C add esp,0xC
004035D4 |. 8B85 ECFDFFFF mov eax,[local.133]
004035DA |. 50 push eax
004035DB |. E8 CADAFFFF call Crackme2.004010AA
004035E0 |. 83C4 04 add esp,0x4
004035E3 |. 8985 E4FDFFFF mov [local.135],eax
004035E9 |. 8D8D F8FDFFFF lea ecx,[local.130]
004035EF |. 51 push ecx
004035F0 |. E8 6ADAFFFF call Crackme2.0040105F
004035F5 |. 83C4 04 add esp,0x4
004035F8 |. 8D95 F0FDFFFF lea edx,[local.132]
004035FE |. 52 push edx
004035FF |. E8 5BDAFFFF call Crackme2.0040105F
00403604 |. 83C4 04 add esp,0x4
00403607 |. 8D85 E8FDFFFF lea eax,[local.134]
0040360D |. 50 push eax
0040360E |. E8 4CDAFFFF call Crackme2.0040105F
00403613 |. 83C4 04 add esp,0x4
00403616 |. 8D8D 6CFFFFFF lea ecx,[local.37]
0040361C |. 51 push ecx
0040361D |. E8 24DAFFFF call Crackme2.00401046
00403622 |. 83C4 04 add esp,0x4
00403625 |. 50 push eax
00403626 |. 8D95 F8FDFFFF lea edx,[local.130]
0040362C |. 52 push edx
0040362D |. E8 1EDAFFFF call Crackme2.00401050
00403632 |. 83C4 08 add esp,0x8
00403635 |. 8D85 5CFEFFFF lea eax,[local.105]
0040363B |. 50 push eax
0040363C |. E8 05DAFFFF call Crackme2.00401046
00403641 |. 83C4 04 add esp,0x4
00403644 |. 50 push eax
00403645 |. 8D8D F0FDFFFF lea ecx,[local.132]
0040364B |. 51 push ecx
0040364C |. E8 FFD9FFFF call Crackme2.00401050
00403651 |. 83C4 08 add esp,0x8
00403654 |. C685 F8FDFFFF 01 mov byte ptr ss:[ebp-0x208],0x1
0040365B |. C685 F0FDFFFF 01 mov byte ptr ss:[ebp-0x210],0x1
00403662 |. 8D95 E8FDFFFF lea edx,[local.134]
00403668 |. 52 push edx
00403669 |. 8D85 F0FDFFFF lea eax,[local.132]
0040366F |. 50 push eax
00403670 |. 8D8D F8FDFFFF lea ecx,[local.130]
00403676 |. 51 push ecx
00403677 |. E8 BBD9FFFF call Crackme2.00401037
0040367C |. 83C4 0C add esp,0xC
0040367F |. 8B95 ECFDFFFF mov edx,[local.133]
00403685 |. 52 push edx
00403686 |. E8 1FDAFFFF call Crackme2.004010AA
0040368B |. 83C4 04 add esp,0x4
0040368E |. 8985 E0FDFFFF mov [local.136],eax
00403694 |. 8D85 F8FDFFFF lea eax,[local.130]
0040369A |. 50 push eax
0040369B |. E8 BFD9FFFF call Crackme2.0040105F
004036A0 |. 83C4 04 add esp,0x4
004036A3 |. 8D8D F0FDFFFF lea ecx,[local.132]
004036A9 |. 51 push ecx
004036AA |. E8 B0D9FFFF call Crackme2.0040105F
004036AF |. 83C4 04 add esp,0x4
004036B2 |. 8D95 E8FDFFFF lea edx,[local.134]
004036B8 |. 52 push edx
004036B9 |. E8 A1D9FFFF call Crackme2.0040105F
004036BE |. 83C4 04 add esp,0x4
004036C1 |. 8D85 28FFFFFF lea eax,[local.54]
004036C7 |. 50 push eax
004036C8 |. E8 79D9FFFF call Crackme2.00401046
004036CD |. 83C4 04 add esp,0x4
004036D0 |. 50 push eax
004036D1 |. 8D8D F8FDFFFF lea ecx,[local.130]
004036D7 |. 51 push ecx
004036D8 |. E8 73D9FFFF call Crackme2.00401050
004036DD |. 83C4 08 add esp,0x8
004036E0 |. 8D95 18FEFFFF lea edx,[local.122]
004036E6 |. 52 push edx
004036E7 |. E8 5AD9FFFF call Crackme2.00401046
004036EC |. 83C4 04 add esp,0x4
004036EF |. 50 push eax
004036F0 |. 8D85 F0FDFFFF lea eax,[local.132]
004036F6 |. 50 push eax
004036F7 |. E8 54D9FFFF call Crackme2.00401050
004036FC |. 83C4 08 add esp,0x8
004036FF |. C685 F8FDFFFF 01 mov byte ptr ss:[ebp-0x208],0x1
00403706 |. C685 F0FDFFFF 01 mov byte ptr ss:[ebp-0x210],0x1
0040370D |. 8D8D E8FDFFFF lea ecx,[local.134]
00403713 |. 51 push ecx
00403714 |. 8D95 F0FDFFFF lea edx,[local.132]
0040371A |. 52 push edx
0040371B |. 8D85 F8FDFFFF lea eax,[local.130]
00403721 |. 50 push eax
00403722 |. E8 10D9FFFF call Crackme2.00401037
00403727 |. 83C4 0C add esp,0xC
0040372A |. 8B8D ECFDFFFF mov ecx,[local.133]
00403730 |. 51 push ecx
00403731 |. E8 74D9FFFF call Crackme2.004010AA
00403736 |. 83C4 04 add esp,0x4
00403739 |. 8985 DCFDFFFF mov [local.137],eax
0040373F |. B9 10000000 mov ecx,0x10
00403744 |. BE 48745B00 mov esi,Crackme2.005B7448 ; 0000000000000000000000000000000000000000000000000000000000000001
00403749 |. 8DBD 98FDFFFF lea edi,[local.154]
0040374F |. F3:A5 rep movs dword ptr es:[edi],dword ptr ds>
00403751 |. A4 movs byte ptr es:[edi],byte ptr ds:[esi]
00403752 |. 8D95 F8FDFFFF lea edx,[local.130]
00403758 |. 52 push edx
00403759 |. E8 01D9FFFF call Crackme2.0040105F
0040375E |. 83C4 04 add esp,0x4
00403761 |. 8D85 F0FDFFFF lea eax,[local.132]
00403767 |. 50 push eax
00403768 |. E8 F2D8FFFF call Crackme2.0040105F
0040376D |. 83C4 04 add esp,0x4
00403770 |. 8D8D E8FDFFFF lea ecx,[local.134]
00403776 |. 51 push ecx
00403777 |. E8 E3D8FFFF call Crackme2.0040105F
0040377C |. 83C4 04 add esp,0x4
0040377F |. 8D95 E4FEFFFF lea edx,[local.71]
00403785 |. 52 push edx
00403786 |. E8 BBD8FFFF call Crackme2.00401046
0040378B |. 83C4 04 add esp,0x4
0040378E |. 50 push eax
0040378F |. 8D85 F8FDFFFF lea eax,[local.130]
00403795 |. 50 push eax
00403796 |. E8 B5D8FFFF call Crackme2.00401050
0040379B |. 83C4 08 add esp,0x8
0040379E |. 8D8D 98FDFFFF lea ecx,[local.154]
004037A4 |. 51 push ecx
004037A5 |. E8 9CD8FFFF call Crackme2.00401046
004037AA |. 83C4 04 add esp,0x4
004037AD |. 50 push eax
004037AE |. 8D95 F0FDFFFF lea edx,[local.132]
004037B4 |. 52 push edx
004037B5 |. E8 96D8FFFF call Crackme2.00401050
004037BA |. 83C4 08 add esp,0x8
004037BD |. C685 F8FDFFFF 01 mov byte ptr ss:[ebp-0x208],0x1
004037C4 |. C685 F0FDFFFF 01 mov byte ptr ss:[ebp-0x210],0x1
004037CB |. C745 F4 00000000 mov [local.3],0x0
004037D2 |. EB 09 jmp short Crackme2.004037DD
004037D4 |> 8B45 F4 /mov eax,[local.3]
004037D7 |. 83C0 01 |add eax,0x1
004037DA |. 8945 F4 |mov [local.3],eax
004037DD |> 8B4D F4 mov ecx,[local.3]
004037E0 |. 3B8D 00FEFFFF |cmp ecx,[local.128]
004037E6 |. 7D 35 |jge short Crackme2.0040381D
004037E8 |. 8D95 E8FDFFFF |lea edx,[local.134]
004037EE |. 52 |push edx
004037EF |. 8D85 F0FDFFFF |lea eax,[local.132]
004037F5 |. 50 |push eax
004037F6 |. 8D8D F8FDFFFF |lea ecx,[local.130]
004037FC |. 51 |push ecx
004037FD |. E8 35D8FFFF |call Crackme2.00401037
00403802 |. 83C4 0C |add esp,0xC
00403805 |. 8D95 F0FDFFFF |lea edx,[local.132]
0040380B |. 52 |push edx
0040380C |. 8D85 E8FDFFFF |lea eax,[local.134]
00403812 |. 50 |push eax
00403813 |. E8 F2D7FFFF |call Crackme2.0040100A
00403818 |. 83C4 08 |add esp,0x8
0040381B |.^ EB B7 \jmp short Crackme2.004037D4
0040381D |> 8B8D ECFDFFFF mov ecx,[local.133]
00403823 |. 51 push ecx
00403824 |. E8 81D8FFFF call Crackme2.004010AA
00403829 |. 83C4 04 add esp,0x4
0040382C |. 8985 94FDFFFF mov [local.155],eax
00403832 |. C685 94FCFFFF 00 mov byte ptr ss:[ebp-0x36C],0x0
00403839 |. B9 3F000000 mov ecx,0x3F
0040383E |. 33C0 xor eax,eax
00403840 |. 8DBD 95FCFFFF lea edi,dword ptr ss:[ebp-0x36B]
00403846 |. F3:AB rep stos dword ptr es:[edi]
00403848 |. 66:AB stos word ptr es:[edi]
0040384A |. AA stos byte ptr es:[edi]
0040384B |. C785 90FCFFFF 00>mov [local.220],0x0
00403855 |. C785 8CFCFFFF 00>mov [local.221],0x0
0040385F |> 8B95 E4FDFFFF /mov edx,[local.135]
00403865 |. 0395 90FCFFFF |add edx,[local.220]
0040386B |. 0FBE02 |movsx eax,byte ptr ds:[edx]
0040386E |. 83F8 30 |cmp eax,0x30
00403871 |. 75 11 |jnz short Crackme2.00403884
00403873 |. 8B8D 90FCFFFF |mov ecx,[local.220]
00403879 |. 83C1 01 |add ecx,0x1
0040387C |. 898D 90FCFFFF |mov [local.220],ecx
00403882 |.^ EB DB \jmp short Crackme2.0040385F
00403884 |> C745 F4 00000000 mov [local.3],0x0
0040388B |. EB 09 jmp short Crackme2.00403896
0040388D |> 8B55 F4 /mov edx,[local.3]
00403890 |. 83C2 01 |add edx,0x1
00403893 |. 8955 F4 |mov [local.3],edx
00403896 |> 8B85 90FCFFFF mov eax,[local.220]
0040389C |. 0345 F4 |add eax,[local.3]
0040389F |. 8B8D E4FDFFFF |mov ecx,[local.135]
004038A5 |. 0FBE1401 |movsx edx,byte ptr ds:[ecx+eax]
004038A9 |. 85D2 |test edx,edx
004038AB |. 74 24 |je short Crackme2.004038D1
004038AD |. 8B85 90FCFFFF |mov eax,[local.220]
004038B3 |. 0345 F4 |add eax,[local.3]
004038B6 |. 8B8D 8CFCFFFF |mov ecx,[local.221]
004038BC |. 034D F4 |add ecx,[local.3]
004038BF |. 8B95 E4FDFFFF |mov edx,[local.135]
004038C5 |. 8A0402 |mov al,byte ptr ds:[edx+eax]
004038C8 |. 88840D 94FCFFFF |mov byte ptr ss:[ebp+ecx-0x36C],al
004038CF |.^ EB BC \jmp short Crackme2.0040388D
004038D1 |> 8B4D F4 mov ecx,[local.3]
004038D4 |. 8B95 8CFCFFFF mov edx,[local.221]
004038DA |. 8D440A FF lea eax,dword ptr ds:[edx+ecx-0x1]
004038DE |. 8985 8CFCFFFF mov [local.221],eax
004038E4 |. C785 90FCFFFF 00>mov [local.220],0x0
004038EE |> 8B8D E0FDFFFF /mov ecx,[local.136]
004038F4 |. 038D 90FCFFFF |add ecx,[local.220]
004038FA |. 0FBE11 |movsx edx,byte ptr ds:[ecx]
004038FD |. 83FA 30 |cmp edx,0x30
00403900 |. 75 11 |jnz short Crackme2.00403913
00403902 |. 8B85 90FCFFFF |mov eax,[local.220]
00403908 |. 83C0 01 |add eax,0x1
0040390B |. 8985 90FCFFFF |mov [local.220],eax
00403911 |.^ EB DB \jmp short Crackme2.004038EE
00403913 |> C745 F4 00000000 mov [local.3],0x0
0040391A |. EB 09 jmp short Crackme2.00403925
0040391C |> 8B4D F4 /mov ecx,[local.3]
0040391F |. 83C1 01 |add ecx,0x1
00403922 |. 894D F4 |mov [local.3],ecx
00403925 |> 8B95 90FCFFFF mov edx,[local.220]
0040392B |. 0355 F4 |add edx,[local.3]
0040392E |. 8B85 E0FDFFFF |mov eax,[local.136]
00403934 |. 0FBE0C10 |movsx ecx,byte ptr ds:[eax+edx]
00403938 |. 85C9 |test ecx,ecx
0040393A |. 74 24 |je short Crackme2.00403960
0040393C |. 8B95 90FCFFFF |mov edx,[local.220]
00403942 |. 0355 F4 |add edx,[local.3]
00403945 |. 8B85 8CFCFFFF |mov eax,[local.221]
0040394B |. 0345 F4 |add eax,[local.3]
0040394E |. 8B8D E0FDFFFF |mov ecx,[local.136]
00403954 |. 8A1411 |mov dl,byte ptr ds:[ecx+edx]
00403957 |. 889405 94FCFFFF |mov byte ptr ss:[ebp+eax-0x36C],dl
0040395E |.^ EB BC \jmp short Crackme2.0040391C
00403960 |> 8B45 F4 mov eax,[local.3]
00403963 |. 8B8D 8CFCFFFF mov ecx,[local.221]
00403969 |. 8D5401 FF lea edx,dword ptr ds:[ecx+eax-0x1]
0040396D |. 8995 8CFCFFFF mov [local.221],edx
00403973 |. C785 90FCFFFF 00>mov [local.220],0x0
0040397D |> 8B85 DCFDFFFF /mov eax,[local.137]
00403983 |. 0385 90FCFFFF |add eax,[local.220]
00403989 |. 0FBE08 |movsx ecx,byte ptr ds:[eax]
0040398C |. 83F9 30 |cmp ecx,0x30
0040398F |. 75 11 |jnz short Crackme2.004039A2
00403991 |. 8B95 90FCFFFF |mov edx,[local.220]
00403997 |. 83C2 01 |add edx,0x1
0040399A |. 8995 90FCFFFF |mov [local.220],edx
004039A0 |.^ EB DB \jmp short Crackme2.0040397D
004039A2 |> C745 F4 00000000 mov [local.3],0x0
004039A9 |. EB 09 jmp short Crackme2.004039B4
004039AB |> 8B45 F4 /mov eax,[local.3]
004039AE |. 83C0 01 |add eax,0x1
004039B1 |. 8945 F4 |mov [local.3],eax
004039B4 |> 8B8D 90FCFFFF mov ecx,[local.220]
004039BA |. 034D F4 |add ecx,[local.3]
004039BD |. 8B95 DCFDFFFF |mov edx,[local.137]
004039C3 |. 0FBE040A |movsx eax,byte ptr ds:[edx+ecx]
004039C7 |. 85C0 |test eax,eax
004039C9 |. 74 24 |je short Crackme2.004039EF
004039CB |. 8B8D 90FCFFFF |mov ecx,[local.220]
004039D1 |. 034D F4 |add ecx,[local.3]
004039D4 |. 8B95 8CFCFFFF |mov edx,[local.221]
004039DA |. 0355 F4 |add edx,[local.3]
004039DD |. 8B85 DCFDFFFF |mov eax,[local.137]
004039E3 |. 8A0C08 |mov cl,byte ptr ds:[eax+ecx]
004039E6 |. 888C15 94FCFFFF |mov byte ptr ss:[ebp+edx-0x36C],cl
004039ED |.^ EB BC \jmp short Crackme2.004039AB
004039EF |> 8B55 F4 mov edx,[local.3]
004039F2 |. 8B85 8CFCFFFF mov eax,[local.221]
004039F8 |. 8D4C10 FF lea ecx,dword ptr ds:[eax+edx-0x1]
004039FC |. 898D 8CFCFFFF mov [local.221],ecx
00403A02 |. C785 90FCFFFF 00>mov [local.220],0x0
00403A0C |> 8B95 94FDFFFF /mov edx,[local.155]
00403A12 |. 0395 90FCFFFF |add edx,[local.220]
00403A18 |. 0FBE02 |movsx eax,byte ptr ds:[edx]
00403A1B |. 83F8 30 |cmp eax,0x30
00403A1E |. 75 11 |jnz short Crackme2.00403A31
00403A20 |. 8B8D 90FCFFFF |mov ecx,[local.220]
00403A26 |. 83C1 01 |add ecx,0x1
00403A29 |. 898D 90FCFFFF |mov [local.220],ecx
00403A2F |.^ EB DB \jmp short Crackme2.00403A0C
00403A31 |> C745 F4 00000000 mov [local.3],0x0
00403A38 |. EB 09 jmp short Crackme2.00403A43
00403A3A |> 8B55 F4 /mov edx,[local.3]
00403A3D |. 83C2 01 |add edx,0x1
00403A40 |. 8955 F4 |mov [local.3],edx
00403A43 |> 8B85 90FCFFFF mov eax,[local.220]
00403A49 |. 0345 F4 |add eax,[local.3]
00403A4C |. 8B8D 94FDFFFF |mov ecx,[local.155]
00403A52 |. 0FBE1401 |movsx edx,byte ptr ds:[ecx+eax]
00403A56 |. 85D2 |test edx,edx
00403A58 |. 74 24 |je short Crackme2.00403A7E
00403A5A |. 8B85 90FCFFFF |mov eax,[local.220]
00403A60 |. 0345 F4 |add eax,[local.3]
00403A63 |. 8B8D 8CFCFFFF |mov ecx,[local.221]
00403A69 |. 034D F4 |add ecx,[local.3]
00403A6C |. 8B95 94FDFFFF |mov edx,[local.155]
00403A72 |. 8A0402 |mov al,byte ptr ds:[edx+eax]
00403A75 |. 88840D 94FCFFFF |mov byte ptr ss:[ebp+ecx-0x36C],al
00403A7C |.^ EB BC \jmp short Crackme2.00403A3A
00403A7E |> 8B8D 8CFCFFFF mov ecx,[local.221]
00403A84 |. 034D F4 add ecx,[local.3]
00403A87 |. C6840D 93FCFFFF >mov byte ptr ss:[ebp+ecx-0x36D],0x0
00403A8F |. C785 88FCFFFF 01>mov [local.222],0x1
00403A99 |. C785 84FCFFFF 00>mov [local.223],0x0
00403AA3 |. C785 84FCFFFF 00>mov [local.223],0x0
00403AAD |. EB 0F jmp short Crackme2.00403ABE ; 无效垃圾代码结束分割线----------------------------
00403AAF |> 8B95 84FCFFFF /mov edx,[local.223]
00403AB5 |. 83C2 01 |add edx,0x1
00403AB8 |. 8995 84FCFFFF |mov [local.223],edx ; 明码保存了注册码
00403ABE |> A1 7C805D00 mov eax,dword ptr ds:[0x5D807C] ; 57AEA642D24E4080B23177BFCC40814EB73DBD01E92480C85C3C4046662C10000
00403AC3 |. 0385 84FCFFFF |add eax,[local.223]
00403AC9 |. 0FBE08 |movsx ecx,byte ptr ds:[eax]
00403ACC |. 85C9 |test ecx,ecx
00403ACE |. 74 02 |je short Crackme2.00403AD2
00403AD0 |.^ EB DD \jmp short Crackme2.00403AAF
00403AD2 |> C785 80FCFFFF 00>mov [local.224],0x0
00403ADC |. C785 80FCFFFF 00>mov [local.224],0x0
00403AE6 |. EB 0F jmp short Crackme2.00403AF7
00403AE8 |> 8B95 80FCFFFF /mov edx,[local.224]
00403AEE |. 83C2 01 |add edx,0x1
00403AF1 |. 8995 80FCFFFF |mov [local.224],edx
00403AF7 |> A1 7C805D00 mov eax,dword ptr ds:[0x5D807C] ; 57AEA642D24E4080B23177BFCC40814EB73DBD01E92480C85C3C4046662C10000
00403AFC |. 0385 80FCFFFF |add eax,[local.224]
00403B02 |. 0FBE08 |movsx ecx,byte ptr ds:[eax]
00403B05 |. 85C9 |test ecx,ecx
00403B07 |. 74 02 |je short Crackme2.00403B0B
00403B09 |.^ EB DD \jmp short Crackme2.00403AE8
00403B0B |> 8B95 84FCFFFF mov edx,[local.223]
00403B11 |. 3B95 80FCFFFF cmp edx,[local.224]
00403B17 |. 74 0C je short Crackme2.00403B25
00403B19 |. C785 88FCFFFF 00>mov [local.222],0x0
00403B23 |. EB 4A jmp short Crackme2.00403B6F
00403B25 |> C745 F4 00000000 mov [local.3],0x0
00403B2C |. EB 09 jmp short Crackme2.00403B37
00403B2E |> 8B45 F4 /mov eax,[local.3]
00403B31 |. 83C0 01 |add eax,0x1
00403B34 |. 8945 F4 |mov [local.3],eax
00403B37 |> 8B4D F4 mov ecx,[local.3]
00403B3A |. 0FBE940D 94FCFFF>|movsx edx,byte ptr ss:[ebp+ecx-0x36C] ; AFE00C9AC8
00403B42 |. 85D2 |test edx,edx
00403B44 |. 74 29 |je short Crackme2.00403B6F
00403B46 |. 8B45 F4 |mov eax,[local.3]
00403B49 |. 0FBE8C05 94FCFFF>|movsx ecx,byte ptr ss:[ebp+eax-0x36C]
00403B51 |. 8B15 7C805D00 |mov edx,dword ptr ds:[0x5D807C] ; 57AEA642D24E4080B23177BFCC40814EB73DBD01E92480C85C3C4046662C10000
00403B57 |. 0355 F4 |add edx,[local.3] ; 如果输入的23位试炼码中含有以下字符串中的匹配就会注册成功,此题应该属于多解,不知是否违规
00403B5A |. 0FBE02 |movsx eax,byte ptr ds:[edx]
00403B5D |. 3BC8 |cmp ecx,eax
00403B5F |. 74 0C |je short Crackme2.00403B6D
00403B61 |. C785 88FCFFFF 00>|mov [local.222],0x0
00403B6B |. EB 02 |jmp short Crackme2.00403B6F
00403B6D |>^ EB BF \jmp short Crackme2.00403B2E
00403B6F |> 83BD 88FCFFFF 01 cmp [local.222],0x1
00403B76 |. 75 1D jnz short Crackme2.00403B95
00403B78 |. 8BF4 mov esi,esp ; 下面是注册成功后的标志
00403B7A |. 6A 00 push 0x0 ; /Style = MB_OK|MB_APPLMODAL
00403B7C |. 68 34745B00 push Crackme2.005B7434 ; |Congratulations
00403B81 |. 68 28745B00 push Crackme2.005B7428 ; |Success!
00403B86 |. 6A 00 push 0x0 ; |hOwner = NULL
00403B88 |. FF15 2C2D5F00 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA
00403B8E |. 3BF4 cmp esi,esp
00403B90 |. E8 1BBB0100 call Crackme2.0041F6B0
00403B95 |> 5F pop edi
00403B96 |. 5E pop esi
00403B97 |. 5B pop ebx
00403B98 |. 81C4 C0030000 add esp,0x3C0
00403B9E |. 3BEC cmp ebp,esp
00403BA0 |. E8 0BBB0100 call Crackme2.0041F6B0
00403BA5 |. 8BE5 mov esp,ebp
00403BA7 |. 5D pop ebp
00403BA8 \. C3 retn
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
赞赏
|
|
|---|---|
|
|
赞赏
雪币:
留言:
