-
-
[分享]<<发两个简简单单的CrackMe,大家玩玩?>> 的破文
-
发表于: 2007-6-7 18:23
-
标 题: 【原创】<<发两个简简单单的CrackMe,大家玩玩?>> 的破文【分享】
作 者: 个人兴趣(LEON)
时 间: 2007-06-7,18:24
链 接: http://bbs.pediy.com/showthread.php?t=45944
老算法了....
0049D14E |. 8D55 FC lea edx, dword ptr [ebp-4]
0049D151 |. 8B83 DC020000 mov eax, dword ptr [ebx+2DC]
0049D157 |. E8 3038F9FF call 0043098C //取注册名内容
0049D15C |. 8B55 FC mov edx, dword ptr [ebp-4] //注册名内容放入EAX
0049D15F |. B8 F0084A00 mov eax, 004A08F0
0049D164 |. E8 4B6AF6FF call 00403BB4
0049D169 |. 8D55 F8 lea edx, dword ptr [ebp-8]
0049D16C |. 8B83 D8020000 mov eax, dword ptr [ebx+2D8]
0049D172 |. E8 1538F9FF call 0043098C //取注册码内容
0049D177 |. 8B55 F8 mov edx, dword ptr [ebp-8] //注册码内容放进EDX
0049D17A |. B8 F4084A00 mov eax, 004A08F4
0049D17F |. E8 306AF6FF call 00403BB4
0049D184 |. 8D55 F4 lea edx, dword ptr [ebp-C]
0049D187 |. A1 F0084A00 mov eax, dword ptr [4A08F0]
0049D18C |. E8 FBFEFFFF call 0049D08C //跟进
0049D191 |. 8B45 F4 mov eax, dword ptr [ebp-C]
0049D194 |. 8B15 F4084A00 mov edx, dword ptr [4A08F4] 转换完的注册名连在一起放进edx
0049D19A |. E8 516DF6FF call 00403EF0 //很明显,比较
0049D19F |. 75 17 jnz short 0049D1B8
0049D1A1 |. 6A 00 push 0 ; /Arg1 = 00000000
0049D1A3 |. 66:8B0D FCD14>mov cx, word ptr [49D1FC] ; |
0049D1AA |. B2 02 mov dl, 2 ; |
0049D1AC |. B8 08D24900 mov eax, 0049D208 ; |恭喜,注册成功了!
0049D1B1 |. E8 C6A2FBFF call 0045747C ; \破解我3.0045747C
0049D1B6 |. EB 15 jmp short 0049D1CD
0049D1B8 |> 6A 00 push 0 ; /Arg1 = 00000000
0049D1BA |. 66:8B0D FCD14>mov cx, word ptr [49D1FC] ; |
0049D1C1 |. B2 01 mov dl, 1 ; |
0049D1C3 |. B8 24D24900 mov eax, 0049D224 ; |加油,注册不成功!
0049D1C8 |. E8 AFA2FBFF call 0045747C ; \破解我3.0045747C
! CALL 0049D08C !
0049D08C /$ 55 push ebp
0049D08D |. 8BEC mov ebp, esp
0049D08F |. 83C4 F8 add esp, -8
0049D092 |. 53 push ebx
0049D093 |. 56 push esi
0049D094 |. 33C9 xor ecx, ecx
0049D096 |. 894D F8 mov dword ptr [ebp-8], ecx
0049D099 |. 8BF2 mov esi, edx
0049D09B |. 8945 FC mov dword ptr [ebp-4], eax
0049D09E |. 8B45 FC mov eax, dword ptr [ebp-4]
0049D0A1 |. E8 EE6EF6FF call 00403F94
0049D0A6 |. 33C0 xor eax, eax
0049D0A8 |. 55 push ebp
0049D0A9 |. 68 14D14900 push 0049D114
0049D0AE |. 64:FF30 push dword ptr fs:[eax]
0049D0B1 |. 64:8920 mov dword ptr fs:[eax], esp
0049D0B4 |. 8D45 FC lea eax, dword ptr [ebp-4]
0049D0B7 |. BA 2CD14900 mov edx, 0049D12C ; acafeel //acafeel放进EDX
0049D0BC |. E8 276DF6FF call 00403DE8 //这个我看是把注册名和字符串acafeel连在一起的
0049D0C1 |. BB 01000000 mov ebx, 1
0049D0C6 |> 8B45 FC /mov eax, dword ptr [ebp-4] //注册名&acafeel 连接在一起放进eax
0049D0C9 |. 0FB64418 FF |movzx eax, byte ptr [eax+ebx-1] //取注册名的ASCII码放进eax
0049D0CE |. C1E0 02 |shl eax, 2 //算术左移2
0049D0D1 |. 83E8 02 |sub eax, 2 //eax-2
0049D0D4 |. B9 1B000000 |mov ecx, 1B //ecx=1B
0049D0D9 |. 99 |cdq
0049D0DA |. F7F9 |idiv ecx //AX除去ecx,商回送AX,余数回送DX, (字运算).
0049D0DC |. 8BC2 |mov eax, edx //余数放进eax
0049D0DE |. 83C0 4F |add eax, 4F //余数+4F
0049D0E1 |. 8D55 F8 |lea edx, dword ptr [ebp-8]
0049D0E4 |. E8 1FB5F6FF |call 00408608 //16位的注册名转换为十进制的(l变成104)
0049D0E9 |. 8B55 F8 |mov edx, dword ptr [ebp-8]
0049D0EC |. 8BC6 |mov eax, esi
0049D0EE |. E8 F56CF6FF |call 00403DE8 //把每次的用户名转换后连在一起104xxxxxxxxxxxxxxxx
0049D0F3 |. 43 |inc ebx //每次加1
0049D0F4 |. 83FB 08 |cmp ebx, 8
0049D0F7 |.^ 75 CD \jnz short 0049D0C6
0049D0F9 |. 33C0 xor eax, eax
0049D0FB |. 5A pop edx
0049D0FC |. 59 pop ecx
0049D0FD |. 59 pop ecx
0049D0FE |. 64:8910 mov dword ptr fs:[eax], edx
0049D101 |. 68 1BD14900 push 0049D11B
0049D106 |> 8D45 F8 lea eax, dword ptr [ebp-8]
0049D109 |. BA 02000000 mov edx, 2
0049D10E |. E8 716AF6FF call 00403B84
0049D113 \. C3 retn
call 00408608 :
00408608 /$ 83C4 F8 add esp, -8
0040860B |. 6A 00 push 0 ; /Arg1 = 00000000
0040860D |. 894424 04 mov dword ptr [esp+4], eax ; | //注册码第放进 [esp+4]的地方
00408611 |. C64424 08 00 mov byte ptr [esp+8], 0 ; |
00408616 |. 8D4C24 04 lea ecx, dword ptr [esp+4] ; | //[esp+4]!
0040861A |. 8BC2 mov eax, edx ; | //0013FD94放进 eax
0040861C |. BA 34864000 mov edx, 00408634 ; |ASCII "%d" //%D学C的应该知道的吧?
00408621 |. E8 460B0000 call 0040916C ; \破解我3.0040916C
00408626 |. 59 pop ecx
00408627 |. 5A pop edx
00408628 \. C3 retn
00408629 00 db 00
0040862A 00 db 00
0040862B 00 db 00
0040862C . FFFFFFFF dd FFFFFFFF
00408630 . 02000000 dd 00000002
00408634 . 25 64 00 ascii "%d",0
00408637 00 db 00
00408638 /$ 53 push ebx
00408639 |. 56 push esi
0040863A |. 83C4 F4 add esp, -0C
0040863D |. 8BD8 mov ebx, eax
0040863F |. 8BD4 mov edx, esp
00408641 |. 8BC3 mov eax, ebx
00408643 |. E8 30A5FFFF call 00402B78
00408648 |. 8BF0 mov esi, eax
0040864A |. 833C24 00 cmp dword ptr [esp], 0
0040864E |. 74 19 je short 00408669
00408650 |. 895C24 04 mov dword ptr [esp+4], ebx
00408654 |. C64424 08 0B mov byte ptr [esp+8], 0B
00408659 |. 8D5424 04 lea edx, dword ptr [esp+4]
0040865D |. A1 94FB4900 mov eax, dword ptr [49FB94]
00408662 |. 33C9 xor ecx, ecx
00408664 |. E8 47FBFFFF call 004081B0
00408669 |> 8BC6 mov eax, esi
0040866B |. 83C4 0C add esp, 0C
0040866E |. 5E pop esi
0040866F |. 5B pop ebx
00408670 \. C3 retn
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
|
|
兄弟,如果一定要写,还是写[破解我4]吧?
|
|
|
兄弟看看是不是这样子,破文不会写,算法看不懂,基本是猜的
 |
|
|
|
|
|
|
|
|
|
|
|
|
