1.SDK程序，直接用IDA打开，看看字符串

.rdata:004080CC Caption         db 'Success!',0         ; DATA XREF: sub_4013B0+2DF7o

00401190  |.  A1 B0804000   MOV     EAX, DWORD PTR DS:[0x4080B0]     ;  这里构建一个表
00401195  |.  8945 9C       MOV     [LOCAL.25], EAX
00401198  |.  8B0D B4804000 MOV     ECX, DWORD PTR DS:[0x4080B4]
0040119E  |.  894D A0       MOV     [LOCAL.24], ECX
004011A1  |.  66:8B15 B8804>MOV     DX, WORD PTR DS:[0x4080B8]
004011A8  |.  66:8955 A4    MOV     WORD PTR SS:[EBP-0x5C], DX
004011AC  |.  8D05 AC114000 LEA     EAX, DWORD PTR DS:[0x4011AC]
004011B2  |.  83C0 10       ADD     EAX, 0x10
004011B5  |.  50            PUSH    EAX
004011B6  \.  C3            RETN

00401204   .  51            PUSH    ECX
00401205   .  E8 E6300000   CALL    <Crackme._strlen>                ;  求注册码长度
0040120A   .  83C4 04       ADD     ESP, 0x4
0040120D   .  8945 B4       MOV     DWORD PTR SS:[EBP-0x4C], EAX
00401210   .  837D B4 0D    CMP     DWORD PTR SS:[EBP-0x4C], 0xD
00401214   .  0F8C 11010000 JL      Crackme.0040132B                 ;  小于0xD失败
0040121A   .  C745 AC 00000>MOV     DWORD PTR SS:[EBP-0x54], 0x0
00401221   .  C745 B0 0D000>MOV     DWORD PTR SS:[EBP-0x50], 0xD
00401228   .  EB 09         JMP     SHORT Crackme.00401233
0040122A   >  8B55 B0       MOV     EDX, DWORD PTR SS:[EBP-0x50]
0040122D   .  83C2 01       ADD     EDX, 0x1
00401230   .  8955 B0       MOV     DWORD PTR SS:[EBP-0x50], EDX
00401233   >  8B45 B0       MOV     EAX, DWORD PTR SS:[EBP-0x50]
00401236   .  3B45 B4       CMP     EAX, DWORD PTR SS:[EBP-0x4C]
00401239   .  7D 27         JGE     SHORT Crackme.00401262
0040123B   .  8B4D 0C       MOV     ECX, DWORD PTR SS:[EBP+0xC]
0040123E   .  034D B0       ADD     ECX, DWORD PTR SS:[EBP-0x50]
00401241   .  0FBE11        MOVSX   EDX, BYTE PTR DS:[ECX]
00401244   .  83FA 30       CMP     EDX, 0x30
00401247   .  7C 0E         JL      SHORT Crackme.00401257
00401249   .  8B45 0C       MOV     EAX, DWORD PTR SS:[EBP+0xC]
0040124C   .  0345 B0       ADD     EAX, DWORD PTR SS:[EBP-0x50]
0040124F   .  0FBE08        MOVSX   ECX, BYTE PTR DS:[EAX]
00401252   .  83F9 39       CMP     ECX, 0x39
00401255   .  7E 09         JLE     SHORT Crackme.00401260           ;  长度大于0xD 则判断szPass[0xD:] 0xD后边的是否是全数字
00401257   >  C745 AC 01000>MOV     DWORD PTR SS:[EBP-0x54], 0x1
0040125E   .  EB 02         JMP     SHORT Crackme.00401262
00401260   >^ EB C8         JMP     SHORT Crackme.0040122A
00401262   >  837D AC 00    CMP     DWORD PTR SS:[EBP-0x54], 0x0
00401266   .  0F85 BF000000 JNZ     Crackme.0040132B
0040126C   .  C745 B0 00000>MOV     DWORD PTR SS:[EBP-0x50], 0x0
00401273   .  EB 09         JMP     SHORT Crackme.0040127E
00401275   >  8B55 B0       MOV     EDX, DWORD PTR SS:[EBP-0x50]
00401278   .  83C2 01       ADD     EDX, 0x1
0040127B   .  8955 B0       MOV     DWORD PTR SS:[EBP-0x50], EDX
0040127E   >  837D B0 08    CMP     DWORD PTR SS:[EBP-0x50], 0x8
00401282   .  7F 1F         JG      SHORT Crackme.004012A3
00401284   .  8B45 0C       MOV     EAX, DWORD PTR SS:[EBP+0xC]
00401287   .  0345 B0       ADD     EAX, DWORD PTR SS:[EBP-0x50]
0040128A   .  0FBE08        MOVSX   ECX, BYTE PTR DS:[EAX]
0040128D   .  8B55 B0       MOV     EDX, DWORD PTR SS:[EBP-0x50]
00401290   .  0FBE4415 9C   MOVSX   EAX, BYTE PTR SS:[EBP+EDX-0x64]
00401295   .  33C8          XOR     ECX, EAX
00401297   .  83E9 41       SUB     ECX, 0x41
0040129A   .  8B55 B0       MOV     EDX, DWORD PTR SS:[EBP-0x50]
0040129D   .  894C95 B8     MOV     DWORD PTR SS:[EBP+EDX*4-0x48], E>
004012A1   .^ EB D2         JMP     SHORT Crackme.00401275           ;  前九位每一位与表1xor然后减去0x41 生成表2
004012A3   >  837D B8 01    CMP     DWORD PTR SS:[EBP-0x48], 0x1
004012A7   .  7F 07         JG      SHORT Crackme.004012B0
004012A9   .  C745 AC 01000>MOV     DWORD PTR SS:[EBP-0x54], 0x1
004012B0   >  C745 B0 00000>MOV     DWORD PTR SS:[EBP-0x50], 0x0
004012B7   .  EB 09         JMP     SHORT Crackme.004012C2
004012B9   >  8B45 B0       MOV     EAX, DWORD PTR SS:[EBP-0x50]
004012BC   .  83C0 01       ADD     EAX, 0x1
004012BF   .  8945 B0       MOV     DWORD PTR SS:[EBP-0x50], EAX
004012C2   >  837D B0 08    CMP     DWORD PTR SS:[EBP-0x50], 0x8
004012C6   .  7D 1B         JGE     SHORT Crackme.004012E3
004012C8   .  8B4D B0       MOV     ECX, DWORD PTR SS:[EBP-0x50]
004012CB   .  8B55 B0       MOV     EDX, DWORD PTR SS:[EBP-0x50]
004012CE   .  8B448D B8     MOV     EAX, DWORD PTR SS:[EBP+ECX*4-0x4>
004012D2   .  3B4495 BC     CMP     EAX, DWORD PTR SS:[EBP+EDX*4-0x4>
004012D6   .  7C 09         JL      SHORT Crackme.004012E1
004012D8   .  C745 AC 01000>MOV     DWORD PTR SS:[EBP-0x54], 0x1
004012DF   .  EB 02         JMP     SHORT Crackme.004012E3
004012E1   >^ EB D6         JMP     SHORT Crackme.004012B9           ;  这个循环判断表2是否是升序排列
004012E3   >  837D AC 00    CMP     DWORD PTR SS:[EBP-0x54], 0x0
004012E7   .  75 42         JNZ     SHORT Crackme.0040132B
004012E9   .  C745 A8 01000>MOV     DWORD PTR SS:[EBP-0x58], 0x1
004012F0   .  C745 B0 00000>MOV     DWORD PTR SS:[EBP-0x50], 0x0
004012F7   .  EB 09         JMP     SHORT Crackme.00401302
004012F9   >  8B4D B0       MOV     ECX, DWORD PTR SS:[EBP-0x50]
004012FC   .  83C1 01       ADD     ECX, 0x1
004012FF   .  894D B0       MOV     DWORD PTR SS:[EBP-0x50], ECX
00401302   >  837D B0 09    CMP     DWORD PTR SS:[EBP-0x50], 0x9
00401306   .  7D 10         JGE     SHORT Crackme.00401318
00401308   .  8B55 B0       MOV     EDX, DWORD PTR SS:[EBP-0x50]
0040130B   .  8B45 A8       MOV     EAX, DWORD PTR SS:[EBP-0x58]
0040130E   .  0FAF4495 B8   IMUL    EAX, DWORD PTR SS:[EBP+EDX*4-0x4>;  表2 9个数连乘
00401313   .  8945 A8       MOV     DWORD PTR SS:[EBP-0x58], EAX
00401316   .^ EB E1         JMP     SHORT Crackme.004012F9
00401318   >  B9 86204C0D   MOV     ECX, 0xD4C2086                   ;  要等于这个数 触发除以0异常 才能继续
0040131D   .  2B4D A8       SUB     ECX, DWORD PTR SS:[EBP-0x58]
00401320   .  B8 64000000   MOV     EAX, 0x64
00401325   .  99            CDQ
00401326   .  F7F9          IDIV    ECX

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！