【破文标题】菜鸟的第一次破文
【破文作者】minepime
【破解工具】OD+在线计算器
【破解平台】D'xp
【软件名称】crackmes.de
【软件大小】94.0KB
【破解声明】第一次破文出手 紧张
------------------------------------------------------------------------
【破解过程】从GetDlgItemTextA或者参考字符串wuww you've cracked this mofo! :)下手
004011F2 /$ 55 push ebp ; 下断在这
004011F3 |. 8BEC mov ebp, esp
004011F5 |. 53 push ebx
004011F6 |. 51 push ecx
004011F7 |. 52 push edx
004011F8 |. 56 push esi
004011F9 |. 57 push edi
004011FA |. 6A 1E push 1E ; /Count = 1E (30.)
004011FC |. 68 A0624000 push 004062A0 ; |Buffer = hackereh.004062A0
00401201 |. 68 E9030000 push 3E9 ; |ControlID = 3E9 (1001.)
00401206 |. FF75 08 push dword ptr [ebp+8] ; |hWnd
00401209 |. E8 06010000 call <jmp.&user32.GetDlgItemTextA> ; \GetDlgItemTextA
0040120E |. 83F8 01 cmp eax, 1 ; 用户名在0X1-0X18
00401211 |. 0F82 90000000 jb 004012A7
00401217 |. 83F8 18 cmp eax, 18
0040121A |. 77 77 ja short 00401293
0040121C |. 8BD8 mov ebx, eax
0040121E |. 33C9 xor ecx, ecx
00401220 |. 33C0 xor eax, eax
00401222 |. BF A0624000 mov edi, 004062A0
00401227 |. BA DEC0ADDE mov edx, DEADC0DE ; edx= DEADC0DE
0040122C |> 0FBE0439 /movsx eax, byte ptr [ecx+edi] ; eax=用户名每一位
00401230 |. 03C2 |add eax, edx ; eax=eax+edx
00401232 |. 69C0 66060000 |imul eax, eax, 666 ; eax=eax*0X666
00401238 |. 03D0 |add edx, eax ; edx=edx+eax
0040123A |. 2D 77070000 |sub eax, 777 ; eax=eax-0X777
0040123F |. 41 |inc ecx
00401240 |. 3BCB |cmp ecx, ebx
00401242 |.^ 75 E8 \jnz short 0040122C
00401244 |. 8BD8 mov ebx, eax
00401246 |. 33C0 xor eax, eax
00401248 |. 53 push ebx ; /<%u>
00401249 |. 68 8E614000 push 0040618E ; |%u
0040124E |. 68 02624000 push 00406202 ; |s = hackereh.00406202
00401253 |. E8 92000000 call <jmp.&user32.wsprintfA> ; \wsprintfA
00401258 |. 83C4 0C add esp, 0C
0040125B |. 6A 1E push 1E ; /Count = 1E (30.)
0040125D |. 68 B8624000 push 004062B8 ; |Buffer = hackereh.004062B8
00401262 |. 68 EA030000 push 3EA ; |ControlID = 3EA (1002.)
00401267 |. FF75 08 push dword ptr [ebp+8] ; |hWnd
0040126A |. E8 A5000000 call <jmp.&user32.GetDlgItemTextA> ; \GetDlgItemTextA
0040126F |. 83F8 01 cmp eax, 1
00401272 |. 72 33 jb short 004012A7
00401274 |. 33C9 xor ecx, ecx
00401276 |. B9 B8624000 mov ecx, 004062B8
0040127B |. 51 push ecx ; /String2 => ""
0040127C |. 68 02624000 push 00406202 ; |String1 = ""
00401281 |. E8 E8000000 call <jmp.&kernel32.lstrcmpA> ; \lstrcmpA
00401286 |. 75 4B jnz short 004012D3
00401288 |. EB 33 jmp short 004012BD
0040128A |> 5F pop edi
0040128B |. 5E pop esi
0040128C |. 5A pop edx
0040128D |. 59 pop ecx
0040128E |. 5B pop ebx
0040128F |. C9 leave
00401290 |. C2 0400 retn 4
00401293 |> 68 17604000 push 00406017 ; /not more than 24 characters
00401298 |. 68 E9030000 push 3E9 ; |ControlID = 3E9 (1001.)
0040129D |. FF75 08 push dword ptr [ebp+8] ; |hWnd
004012A0 |. E8 8D000000 call <jmp.&user32.SetDlgItemTextA> ; \SetDlgItemTextA
004012A5 |.^ EB E3 jmp short 0040128A
004012A7 |> 6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
004012A9 |. 68 47604000 push 00406047 ; |hackereh@!!
004012AE |. 68 D0614000 push 004061D0 ; |you must enter a name and a serial!
004012B3 |. FF75 08 push dword ptr [ebp+8] ; |hOwner
004012B6 |. E8 6B000000 call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004012BB |.^ EB CD jmp short 0040128A
004012BD |> 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
004012BF |. 68 47604000 push 00406047 ; |hackereh@!!
004012C4 |. 68 91614000 push 00406191 ; |wuww you've cracked this mofo! :)
004012C9 |. FF75 08 push dword ptr [ebp+8] ; |hOwner
004012CC |. E8 55000000 call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004012D1 |.^ EB B7 jmp short 0040128A
004012D3 |> 6A 30 push 30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL
004012D5 |. 68 47604000 push 00406047 ; |hackereh@!!
004012DA |. 68 B3614000 push 004061B3 ; |badboy, try harder buddy! :(
004012DF |. FF75 08 push dword ptr [ebp+8] ; |hOwner
004012E2 |. E8 3F000000 call <jmp.&user32.MessageBoxA> ; \MessageBoxA
生成真码后 转换为10进制无符号整数 %u
一组可用的注册码 minepime
2156994871
注册机源码如下 VC++6.0测试通过
#include<stdio.h>
#include<string.h>
int main()
{
char ch[255];
unsigned long tempeax,tempedx=0XDEADC0DE;
unsigned int i=0;
printf("Please Enter Your Name:\n");
printf(" ");
scanf("%s",ch);
while(strlen(ch)<1||strlen(ch)>0X18){
printf("Your Length Of Name Should Be between 1 And 0X18");
scanf("%s",ch);
}
for(;i<strlen(ch);i++){
tempeax=ch[i]&0Xff;
tempeax=tempeax+tempedx;
tempeax=tempeax*0X666;
tempedx=tempedx+tempeax;
tempeax=tempeax-0X777;
}
printf("%u",tempeax);
printf("\nCrackEd By minepime\n");
return 0;
}
------------------------------------------------------------------------
【破解总结】这个crackme没什么难度适合像我这样的新手 初次写破文有点紧张
------------------------------------------------------------------------
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
上传的附件:
