能力值:
(RANK:210 )
2 楼
已更新
能力值:
( LV12,RANK:980 )
3 楼
This had better be worth it.
构思还不错:)
能力值:
( LV9,RANK:570 )
4 楼
这个,楼主的东东不会很难吧
能力值:
(RANK:210 )
5 楼
csjwaman不错,写个流程
能力值:
( LV9,RANK:570 )
6 楼
被楼主弄的很是郁闷
看到后面,稀里糊涂的
暴了先!
那位达人分析出来了,给个思路呀!当然,更期待Nooby达人的公布!嘿嘿!
cm02破解:
cm02cr.rar经过 40 分钟的奋战,才发现,原来用自己的爆破版本来分析是很容易的呀,呵呵!
eax=0040303D (cm02.0040303D), ASCII "Tuvwxyz`.~!@#$%^&*()_+|\=-></?':;}{[ ]",LF
eax=00403031 (cm02.00403031), ASCII "hijklmnopqrsTuvwxyz`.~!@#$%^&*()_+|\=-></?':;}{[ ]",LF
eax=00403032 (cm02.00403032), ASCII "ijklmnopqrsTuvwxyz`.~!@#$%^&*()_+|\=-></?':;}{[ ]",LF
eax=0040303C (cm02.0040303C), ASCII "sTuvwxyz`.~!@#$%^&*()_+|\=-></?':;}{[ ]",LF
eax=00403061 (cm02.00403061), ASCII " ]",LF
eax=00403031 (cm02.00403031), ASCII "hijklmnopqrsTuvwxyz`.~!@#$%^&*()_+|\=-></?':;}{[ ]",LF
eax=0040302A (cm02.0040302A), ASCII "abdcefghijklmnopqrsTuvwxyz`.~!@#$%^&*()_+|\=-></?':;}{[ ]",LF
eax=0040302C (cm02.0040302C), ASCII "dcefghijklmnopqrsTuvwxyz`.~!@#$%^&*()_+|\=-></?':;}{[ ]",LF
堆栈 ss:[0012F7A8]=00403061 (cm02.00403061), ASCII " ]",LF
堆栈 ss:[0012F7D0]=0040302B (cm02.0040302B), ASCII "bdcefghijklmnopqrsTuvwxyz`.~!@#$%^&*()_+|\=-></?':;}{[ ]",LF
堆栈地址=0012F792, (ASCII "etter be worth it.")
加起来就是:This had better be worth it.
上传的附件:
能力值:
(RANK:210 )
7 楼
这个暴的可以的!
// cmDlg.cpp : implementation file
//
#include "stdafx.h"
#include "cm.h"
#include "cmDlg.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
char txtBuf[] = "\x1f\nABCDEFGHabdcefghijklmnopqrsTuvwxyz`.~!@#$%^&*()_+|\\=-></?':;}{[ ]\n";
char txtBuf2[] = "\x1f\nabcdefghABCDEFGHIJKLMNOPQRStUVWXYZ`.~!@#$%^&*()_+|\\=-></?':;}{[ ]\n";
bool failed = false;
/////////////////////////////////////////////////////////////////////////////
// CCmDlg dialog
CCmDlg::CCmDlg(CWnd* pParent /*=NULL*/)
: CDialog(CCmDlg::IDD, pParent)
{
//{{AFX_DATA_INIT(CCmDlg)
// NOTE: the ClassWizard will add member initialization here
//}}AFX_DATA_INIT
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CCmDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CCmDlg)
// NOTE: the ClassWizard will add DDX and DDV calls here
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CCmDlg, CDialog)
//{{AFX_MSG_MAP(CCmDlg)
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CCmDlg message handlers
BOOL CCmDlg::OnInitDialog()
{
CDialog::OnInitDialog();
SetIcon(m_hIcon, TRUE); // Set big icon
SetIcon(m_hIcon, FALSE); // Set small icon
// TODO: Add extra initialization here
return TRUE; // return TRUE unless you set the focus to a control
}
// If you add a minimize button to your dialog, you will need the code below
// to draw the icon. For MFC applications using the document/view model,
// this is automatically done for you by the framework.
void CCmDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // device context for painting
SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
// Center icon in client rectangle
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// Draw the icon
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}
HCURSOR CCmDlg::OnQueryDragIcon()
{
return (HCURSOR) m_hIcon;
}
void CCmDlg::OnOK()
{
if (!failed)
{
char tmpBuf[30] = "";
int sizemagic = sizeof(tmpBuf);
this->GetDlgItemText(IDC_EDIT1, tmpBuf, sizemagic);
int i = 0;
__try
{
RaiseException(1, 0, 0, NULL);
}
__except(1)
{
__try
{
RaiseException(1, 0, 0, NULL);
}
__except(1)
{
char joke[] = "\x0不能到这里,再继续么意义鸟~~\n"; //这句话release不包含。
long ptr = (long)txtBuf;
long ptr2;
ptr+=20;
ptr*=10;
ptr-=100;
ptr/=5;
ptr-=20;
ptr/=2;
ptr--;
if(memcmp((char*)(ptr2=ptr+sizemagic),&tmpBuf[i],1)==0)
{
__try
{
i++;
ptr*=2;
ptr+=36;
ptr/=2;
ptr+=20;
ptr*=10;
ptr-=100;
ptr/=5;
ptr-=20;
ptr/=2;
i = IDC_EDIT1 / memcmp((char*)ptr,&tmpBuf[i],1);
}
__except(1)
{
__try
{
i++;
ptr++;
ptr*=2;
ptr/=2;
ptr+=20;
ptr*=10;
ptr-=100;
ptr/=5;
ptr-=20;
ptr/=2;
i = IDC_EDIT1 / memcmp((char*)ptr,&tmpBuf[i],1);
}
__except(1)
{
__try
{
i++;
ptr2+=20;
ptr2*=10;
ptr2-=100;
ptr2/=5;
ptr2-=20;
ptr2/=2;
i = IDC_EDIT1 / memcmp((char*)--ptr2,&tmpBuf[i],1);
}
__except(1)
{
__try
{
i++;
ptr2+=30;
ptr2*=2;
ptr2+=16;
ptr2/=2;
i = IDC_EDIT1 / memcmp((char*)--ptr2,&tmpBuf[i],1);
}
__except(1)
{
__try
{
i++;
ptr+=20;
ptr*=10;
ptr-=100;
ptr/=5;
ptr-=20;
ptr/=2;
i = IDC_EDIT1 / memcmp((char*)--ptr,&tmpBuf[i],1);
}
__except(1)
{
__try
{
i++;
ptr-=7;
ptr+=20;
ptr*=10;
ptr-=100;
ptr/=5;
ptr-=20;
ptr/=2;
i = IDC_EDIT1 / memcmp((char*)ptr,&tmpBuf[i],1);
}
__except(1)
{
__try
{
i++;
ptr+=2;
ptr+=20;
ptr*=10;
ptr-=100;
ptr/=5;
ptr-=20;
ptr/=2;
i = IDC_EDIT1 / memcmp((char*)ptr,&tmpBuf[i],1);
}
__except(1)
{
__try
{
i++;
ptr+=20;
ptr*=10;
ptr-=100;
ptr/=5;
ptr-=20;
ptr/=2;
i = IDC_EDIT1 / memcmp((char*)ptr2,&tmpBuf[i],1);
}
__except(1)
{
__try
{
i++;
ptr2+=20;
ptr2*=10;
ptr2-=100;
ptr2/=5;
ptr2-=20;
ptr2/=2;
i = IDC_EDIT1 / memcmp((char*)--ptr,&tmpBuf[i],1);
}
__except(1)
{
char final[] = "\x1f\netter be worth it.";
i++;
if(memcmp(&tmpBuf[i],&final[2],sizeof(&final)-2)==0)
{
char greeting[] = "\x1f\n恭喜你!";
char greeting2[] = "\x1f\n成功";
::MessageBox(NULL,&greeting[2],&greeting2[2],0);
CDialog::OnOK();
}
}
}
}
}
}
}
}
}
}
}
}
}
long ptr3 = (long)txtBuf2;
ptr3+=2;
if(strncmp((char*)ptr3,tmpBuf,8)== 0)
{
char greeting3[] = "\x1f\n这个素假的。。偶耍你的:)";
char greeting4[] = "\x1f\n失败";
::MessageBox(NULL,&greeting3[2],&greeting4[2],0);
}
failed = true;
}
}
能力值:
(RANK:210 )
8 楼
用SEH跳转来执行代码,OD跟飞的原因:上了调试器,一步步跟,会跑到调试器的SEH链里去。不会返回程序正常处理异常
代码比较小,直接找SEH入口下断可能好点
能力值:
(RANK:210 )
9 楼
连续2个空的RaiseException,给大家足够的提示了吧~
能力值:
(RANK:10 )
10 楼
acafeel 厉害呀!
原来密码就是:This had better be worth it.
能力值:
(RANK:210 )
11 楼
acafeel的cm比较猛
能力值:
( LV9,RANK:290 )
12 楼
能力值:
(RANK:210 )
13 楼
句子么。。总有个句号咯。。输错一次要重来ctrl+f2了~ acafeel来个破文吧,源码在一边参考