一个爆破练习的CRACKME。根据字符串提示,在0042DCC2 这里设断。F9,输入“yinguilin”和“1234567890”点Check。我们来到了这里:
0042DCB7 |. A1 58F74200 mov eax,dword ptr ds:[42F758]
0042DCBC |. 3B05 60F74200 cmp eax,dword ptr ds:[42F760]
0042DCC2 |. 75 17 jnz short CRKME4.0042DCDB
0042DCC4 |. 6A 00 push 0 ; /Arg1 = 00000000
0042DCC6 |. 66:8B0D 1CDD4200 mov cx,word ptr ds:[42DD1C] ; |
0042DCCD |. B2 02 mov dl,2 ; |
0042DCCF |. B8 A0DD4200 mov eax,CRKME4.0042DDA0 ; |ASCII "Good Serial, Thanks For trying this Crackme bY nIabI !"
0042DCD4 |. E8 67F1FFFF call CRKME4.0042CE40 ; \CRKME4.0042CE40
0042DCD9 |. EB 15 jmp short CRKME4.0042DCF0
0042DCDB |> 6A 00 push 0 ; /Arg1 = 00000000
0042DCDD |. 66:8B0D 1CDD4200 mov cx,word ptr ds:[42DD1C] ; |
0042DCE4 |. B2 02 mov dl,2 ; |
0042DCE6 |. B8 E0DD4200 mov eax,CRKME4.0042DDE0 ; |ASCII "Bad Name Or Serial Number !!!!!"
0042DCEB |. E8 50F1FFFF call CRKME4.0042CE40 ; \CRKME4.0042CE40
0042DCC2是个关键跳。75改74后爆破成功。我们先看此时的寄存器:
EAX E4EDC454
ECX 0012F988
EDX 00000000
EBX 00D22218
ESP 0012F990
EBP 0012F9B0
ESI 0042F75C CRKME4.0042F75C
EDI 0042F764 CRKME4.0042F764
EIP 0042DCC2 CRKME4.0042DCC2
C 0 ES 0023 32bit 0(FFFFFFFF)
P 1 CS 001B 32bit 0(FFFFFFFF)
A 0 SS 0023 32bit 0(FFFFFFFF)
Z 0 DS 0023 32bit 0(FFFFFFFF)
S 1 FS 003B 32bit 7FFDF000(FFF)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_SUCCESS (00000000)
EFL 00000286 (NO,NB,NE,A,S,PE,L,LE)
ST0 empty -UNORM E688 00000000 8089442C
ST1 empty +UNORM 0049 0000004A E1279838
ST2 empty -1.4557146359015119360e-881
ST3 empty -2.3446090995181465600e-1734
ST4 empty 0.0000000000002159420e-4933
ST5 empty +UNORM 4FBC 00006770 8088FCE3
ST6 empty 1.0000000000000000000
ST7 empty 1.0000000000000000000
3 2 1 0 E S P U O Z D I
FST 4020 Cond 1 0 0 0 Err 0 0 1 0 0 0 0 0 (EQ)
FCW 1372 Prec NEAR,64 Mask 1 1 0 0 1 0
现在的问题是我想追出它的注册码。可是在0042DCBC这里的比较。此时的寄存器EAX是E4EDC454换算成十进制的值是“3840787540”,用这个码注册却不成功。
请高手看看这个程序,问题出在什么地方。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课