请坚持看懂每一个asm指令~
坚持看懂每一个asm指令~
直接拖进黑匣子,随便选几个然后check.
暗黑(の。。是然后,这几天暗黑把我玩晕了)
Your registration info is invalid... Please support shareware authors by buying software!
我晕,这CRACKME还真会开玩笑..
看看入口知道是可敬可爱的ASM写的..^_^
一路小跑来到某地:(可以看看它离401000入口有多近)
00401162 A1 62214000 mov eax,dword ptr ds:[402162]
00401167 6BC0 4D imul eax,eax,4D
0040116A 3D 6654F300 cmp eax,0F35466
0040116F 75 20 jnz short due-cm3.00401191
00401171 68 00200000 push 2000
00401176 68 01204000 push due-cm3.00402001 ; ASCII "Duelist's Crackme #3"
0040117B 68 17204000 push due-cm3.00402017 ; ASCII "Congratulations! Please send a screenshot of your solution to duelist@beer.com!"
00401180 6A 00 push 0
00401182 E8 55010000 call <jmp.&USER32.MessageBoxA>
00401187 B8 01000000 mov eax,1
0040118C ^ E9 69FFFFFF jmp due-cm3.004010FA
00401191 68 00200000 push 2000
00401196 68 01204000 push due-cm3.00402001 ; ASCII "Duelist's Crackme #3"
0040119B 68 68204000 push due-cm3.00402068 ; ASCII "Your registration info is invalid... Please support shareware authors by buying software!"
004011A0 6A 00 push 0
004011A2 E8 35010000 call <jmp.&USER32.MessageBoxA>
发现是这样判断
if(result*result*4d=0F35466?1:0)
printf("Congratulations! Please send a screenshot of your solution to duelist@beer.com");
else
printf("Your registration info is invalid... Please support shareware authors by buying software!");
の.
那就分析这个result是怎么来到的吧
在00401162查找参考对象(就是查找本领空调用这行的代码的地址。。晕晕乎乎了....)
(为什么在这儿查找是因为发现上面是个循环,最后一个JMP的目标在老前面,这是一种.の..第9感吧?^_^)
得到
参考位于 due-cm3:CODE 到 00401162,项目 0
地址=00401131
反汇编=je short due-cm3.00401162
果然,附近就是算法循环
程序流程是
if (i=0;table[i]!=4d;i++)
if (!IsDlgButtonChecked)
buffer=buffer+table[i]*table[i+1]*i;
if(result*result*4d=0F35466?1:0)
printf("Congratulations! Please send a screenshot of your solution to duelist@beer.com");
else
printf("Your registration info is invalid... Please support shareware authors by buying software!");
这样稍稍计算就可以得到正确的框...答案就卖个关子,自己算方程式吧:-)
爆破点也很容易就找到了0040116F 75 20 jnz short due-cm3.00401191