看看问题出在哪里？？-软件逆向-看雪-安全社区|安全招聘|kanxue.com

看看问题出在哪里？？

发表于: 2005-1-1 23:59 3596

看看问题出在哪里？？

夏雨

2005-1-1 23:59

3596

这是我跟踪的代码，到最后就跳走了，我也跟到了我输入的错误码，可就是无法找到真正的密码，老大们看看用什么方可以找到真正的密码，由于我太菜，最好花点时间说的详细些。我没SOFTICE，用TRW2000或OLLYBDG都行，是不是要追进CALL去才行，谢了。
00401041 .  8BEC             mov ebp,esp
00401043 .  81EC BC000000    sub esp,0BC
00401049 .  53             push ebx
0040104A .  56             push esi
0040104B .  57             push edi
0040104C .  8DBD 44FFFFFF    lea edi,dword ptr ss:[ebp-BC]
00401052 .  B9 2F000000    mov ecx,2F
00401057 .  B8 CCCCCCCC    mov eax,CCCCCCCC
0040105C .  F3:AB          rep stos dword ptr es:[edi]
0040105E .  66:A1 A8864200 mov ax,word ptr ds:[4286A8]
00401064 .  66:8945 FC       mov word ptr ss:[ebp-4],ax
00401068 .  66:8B0D A4864200  mov cx,word ptr ds:[4286A4]
0040106F .  66:894D F8       mov word ptr ss:[ebp-8],cx
00401073 .  66:8B15 A0864200  mov dx,word ptr ds:[4286A0]
0040107A .  66:8955 F4       mov word ptr ss:[ebp-C],dx
0040107E .  A0 A2864200    mov al,byte ptr ds:[4286A2]
00401083 .  8845 F6          mov byte ptr ss:[ebp-A],al
00401086 .  8D4D FC          lea ecx,dword ptr ss:[ebp-4]
00401089 .  51             push ecx                         ; /Arg1
0040108A .  E8 C1400000    call 12-20.00405150             ; \12-20.00405150
0040108F .  83C4 04          add esp,4
00401092 .  8BF0             mov esi,eax
00401094 .  8D55 F8          lea edx,dword ptr ss:[ebp-8]
00401097 .  52             push edx                         ; /Arg1
00401098 .  E8 B3400000    call 12-20.00405150             ; \12-20.00405150
0040109D .  83C4 04          add esp,4
004010A0 .  03F0             add esi,eax
004010A2 .  8D45 F4          lea eax,dword ptr ss:[ebp-C]
004010A5 .  50             push eax                         ; /Arg1
004010A6 .  E8 A5400000    call 12-20.00405150             ; \12-20.00405150
004010AB .  83C4 04          add esp,4
004010AE .  6BC0 03          imul eax,eax,3
004010B1 .  03F0             add esi,eax
004010B3 .  8975 F0          mov dword ptr ss:[ebp-10],esi
004010B6 .  68 54864200    push 12-20.00428654             ; /Arg1 = 00428654
004010BB .  B9 58CA4200    mov ecx,12-20.0042CA58          ; |
004010C0 .  E8 0B1C0000    call 12-20.00402CD0             ; \12-20.00402CD0
004010C5 .  68 0F104000    push 12-20.0040100F
004010CA .  68 44864200    push 12-20.00428644             ; /Arg1 = 00428644
004010CF .  B9 58CA4200    mov ecx,12-20.0042CA58          ; |
004010D4 .  E8 F71B0000    call 12-20.00402CD0             ; \12-20.00402CD0
004010D9 .  8BC8             mov ecx,eax
004010DB .  E8 25FFFFFF    call 12-20.00401005
004010E0 .  68 0F104000    push 12-20.0040100F
004010E5 .  68 34864200    push 12-20.00428634             ; /Arg1 = 00428634
004010EA .  B9 58CA4200    mov ecx,12-20.0042CA58          ; |
004010EF .  E8 DC1B0000    call 12-20.00402CD0             ; \12-20.00402CD0
004010F4 .  8BC8             mov ecx,eax
004010F6 .  E8 0AFFFFFF    call 12-20.00401005
004010FB .  68 0F104000    push 12-20.0040100F
00401100 .  68 D8854200    push 12-20.004285D8             ; /Arg1 = 004285D8
00401105 .  B9 58CA4200    mov ecx,12-20.0042CA58          ; |
0040110A .  E8 C11B0000    call 12-20.00402CD0             ; \12-20.00402CD0
0040110F .  8BC8             mov ecx,eax
00401111 .  E8 EFFEFFFF    call 12-20.00401005
00401116 .  68 0F104000    push 12-20.0040100F
0040111B .  68 7C854200    push 12-20.0042857C             ; /Arg1 = 0042857C
00401120 .  B9 58CA4200    mov ecx,12-20.0042CA58          ; |
00401125 .  E8 A61B0000    call 12-20.00402CD0             ; \12-20.00402CD0
0040112A .  8BC8             mov ecx,eax
0040112C .  E8 D4FEFFFF    call 12-20.00401005
00401131 .  68 0F104000    push 12-20.0040100F
00401136 .  68 20854200    push 12-20.00428520             ; /Arg1 = 00428520
0040113B .  B9 58CA4200    mov ecx,12-20.0042CA58          ; |
00401140 .  E8 8B1B0000    call 12-20.00402CD0             ; \12-20.00402CD0
00401145 .  8BC8             mov ecx,eax
00401147 .  E8 B9FEFFFF    call 12-20.00401005
0040114C >  B9 01000000    mov ecx,1
00401151 .  85C9             test ecx,ecx
00401153 .  0F84 04070000    je 12-20.0040185D
00401159 .  8D55 E4          lea edx,dword ptr ss:[ebp-1C]
0040115C .  52             push edx                         ; /Arg1
0040115D .  B9 08CA4200    mov ecx,12-20.0042CA08          ; |
00401162 .  E8 F9110000    call 12-20.00402360             ; \12-20.00402360
00401167 .  8D45 E4          lea eax,dword ptr ss:[ebp-1C]
0040116A .  50             push eax                         ; /Arg1
0040116B .  E8 E03F0000    call 12-20.00405150             ; \12-20.00405150
00401170 .  83C4 04          add esp,4
00401173 .  83F8 01          cmp eax,1
00401176 .  0F85 73040000    jnz 12-20.004015EF
0040117C .  C745 8C 14000000  mov dword ptr ss:[ebp-74],14
00401183 .  C745 88 0C000000  mov dword ptr ss:[ebp-78],0C
0040118A .  68 0F104000    push 12-20.0040100F
0040118F .  68 F4844200    push 12-20.004284F4             ; /Arg1 = 004284F4
00401194 .  B9 58CA4200    mov ecx,12-20.0042CA58          ; |
00401199 .  E8 321B0000    call 12-20.00402CD0             ; \12-20.00402CD0
0040119E .  8BC8             mov ecx,eax
004011A0 .  E8 60FEFFFF    call 12-20.00401005
004011A5 .  8D4D AC          lea ecx,dword ptr ss:[ebp-54]
004011A8 .  51             push ecx                         ; /Arg1
004011A9 .  B9 08CA4200    mov ecx,12-20.0042CA08          ; |
004011AE .  E8 AD110000    call 12-20.00402360             ; \12-20.00402360
004011B3 .  8D55 AC          lea edx,dword ptr ss:[ebp-54]
004011B6 .  52             push edx                         ; /Arg1
004011B7 .  E8 943F0000    call 12-20.00405150             ; \12-20.00405150
004011BC .  83C4 04          add esp,4
004011BF .  8945 A8          mov dword ptr ss:[ebp-58],eax
004011C2 .  8B45 A8          mov eax,dword ptr ss:[ebp-58]
004011C5 .  2B45 8C          sub eax,dword ptr ss:[ebp-74]
004011C8 .  99             cdq
004011C9 .  F77D 88          idiv dword ptr ss:[ebp-78]
004011CC .  8945 A8          mov dword ptr ss:[ebp-58],eax
004011CF .  8B45 A8          mov eax,dword ptr ss:[ebp-58]
004011D2 .  99             cdq
004011D3 .  B9 40420F00    mov ecx,0F4240
004011D8 .  F7F9             idiv ecx
004011DA .  8BC2             mov eax,edx
004011DC .  99             cdq
004011DD .  B9 A0860100    mov ecx,186A0
004011E2 .  F7F9             idiv ecx
004011E4 .  8945 D0          mov dword ptr ss:[ebp-30],eax
004011E7 .  8B45 A8          mov eax,dword ptr ss:[ebp-58]
004011EA .  99             cdq
004011EB .  B9 80969800    mov ecx,989680
004011F0 .  F7F9             idiv ecx
004011F2 .  8945 CC          mov dword ptr ss:[ebp-34],eax
004011F5 .  8B45 A8          mov eax,dword ptr ss:[ebp-58]
004011F8 .  99             cdq
004011F9 .  B9 10270000    mov ecx,2710
004011FE .  F7F9             idiv ecx
00401200 .  8BC2             mov eax,edx
00401202 .  99             cdq
00401203 .  B9 E8030000    mov ecx,3E8
00401208 .  F7F9             idiv ecx
0040120A .  8945 C8          mov dword ptr ss:[ebp-38],eax
0040120D .  8B45 A8          mov eax,dword ptr ss:[ebp-58]
00401210 .  99             cdq
00401211 .  B9 64000000    mov ecx,64
00401216 .  F7F9             idiv ecx
00401218 .  8BC2             mov eax,edx
0040121A .  99             cdq
0040121B .  B9 0A000000    mov ecx,0A
00401220 .  F7F9             idiv ecx
00401222 .  8945 C4          mov dword ptr ss:[ebp-3C],eax
00401225 .  8B45 A8          mov eax,dword ptr ss:[ebp-58]
00401228 .  99             cdq
00401229 .  B9 80969800    mov ecx,989680
0040122E .  F7F9             idiv ecx
00401230 .  8BC2             mov eax,edx
00401232 .  99             cdq
00401233 .  B9 40420F00    mov ecx,0F4240
00401238 .  F7F9             idiv ecx
0040123A .  8945 C0          mov dword ptr ss:[ebp-40],eax
0040123D .  8B45 A8          mov eax,dword ptr ss:[ebp-58]
00401240 .  99             cdq
00401241 .  B9 A0860100    mov ecx,186A0
00401246 .  F7F9             idiv ecx
00401248 .  8BC2             mov eax,edx
0040124A .  99             cdq
0040124B .  B9 10270000    mov ecx,2710
00401250 .  F7F9             idiv ecx
00401252 .  8945 B4          mov dword ptr ss:[ebp-4C],eax
00401255 .  8B45 A8          mov eax,dword ptr ss:[ebp-58]
00401258 .  99             cdq
00401259 .  B9 E8030000    mov ecx,3E8
0040125E .  F7F9             idiv ecx
00401260 .  8BC2             mov eax,edx
00401262 .  99             cdq
00401263 .  B9 64000000    mov ecx,64
00401268 .  F7F9             idiv ecx
0040126A .  8945 B8          mov dword ptr ss:[ebp-48],eax
0040126D .  8B45 A8          mov eax,dword ptr ss:[ebp-58]
00401270 .  99             cdq
00401271 .  B9 0A000000    mov ecx,0A
00401276 .  F7F9             idiv ecx
00401278 .  8955 BC          mov dword ptr ss:[ebp-44],edx
0040127B .  8B55 D0          mov edx,dword ptr ss:[ebp-30]
0040127E .  69D2 E8030000    imul edx,edx,3E8
00401284 .  8B45 CC          mov eax,dword ptr ss:[ebp-34]
00401287 .  6BC0 64          imul eax,eax,64
0040128A .  0345 C4          add eax,dword ptr ss:[ebp-3C]
0040128D .  8B4D C8          mov ecx,dword ptr ss:[ebp-38]
00401290 .  6BC9 0A          imul ecx,ecx,0A
00401293 .  03C2             add eax,edx
00401295 .  03C8             add ecx,eax
00401297 .  8B55 F0          mov edx,dword ptr ss:[ebp-10]
0040129A .  8D8411 6CF4FFFF lea eax,dword ptr ds:[ecx+edx-B94>
004012A1 .  8945 A4          mov dword ptr ss:[ebp-5C],eax
004012A4 .  8B4D C0          mov ecx,dword ptr ss:[ebp-40]
004012A7 .  69C9 E8030000    imul ecx,ecx,3E8
004012AD .  8B55 BC          mov edx,dword ptr ss:[ebp-44]
004012B0 .  6BD2 64          imul edx,edx,64
004012B3 .  0355 B4          add edx,dword ptr ss:[ebp-4C]
004012B6 .  8B45 B8          mov eax,dword ptr ss:[ebp-48]
004012B9 .  6BC0 0A          imul eax,eax,0A
004012BC .  03D1             add edx,ecx
004012BE .  8D8C10 6CF4FFFF lea ecx,dword ptr ds:[eax+edx-B94>
004012C5 .  894D A0          mov dword ptr ss:[ebp-60],ecx
004012C8 .  8B55 A4          mov edx,dword ptr ss:[ebp-5C]
004012CB .  3B55 A0          cmp edx,dword ptr ss:[ebp-60]
004012CE .  0F85 EB020000    jnz 12-20.004015BF

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)

收藏・0

免费・0

支持

最新回复 (5)
夏雨雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 49 粉丝 0 关注私信	夏雨 2 楼详细说明： 00401041 . 8BEC mov ebp,esp 00401043 . 81EC BC000000 sub esp,0BC 00401049 . 53 push ebx 0040104A . 56 push esi 0040104B . 57 push edi 0040104C . 8DBD 44FFFFFF lea edi,dword ptr ss:[ebp-BC] 00401052 . B9 2F000000 mov ecx,2F 00401057 . B8 CCCCCCCC mov eax,CCCCCCCC 0040105C . F3:AB rep stos dword ptr es:[edi] 0040105E . 66:A1 A8864200 mov ax,word ptr ds:[4286A8] 00401064 . 66:8945 FC mov word ptr ss:[ebp-4],ax 00401068 . 66:8B0D A4864200 mov cx,word ptr ds:[4286A4] 0040106F . 66:894D F8 mov word ptr ss:[ebp-8],cx 00401073 . 66:8B15 A0864200 mov dx,word ptr ds:[4286A0] 0040107A . 66:8955 F4 mov word ptr ss:[ebp-C],dx 0040107E . A0 A2864200 mov al,byte ptr ds:[4286A2] 00401083 . 8845 F6 mov byte ptr ss:[ebp-A],al 00401086 . 8D4D FC lea ecx,dword ptr ss:[ebp-4] 00401089 . 51 push ecx ; /Arg1 0040108A . E8 C1400000 call 12-20.00405150 ; \12-20.00405150 0040108F . 83C4 04 add esp,4 00401092 . 8BF0 mov esi,eax 00401094 . 8D55 F8 lea edx,dword ptr ss:[ebp-8] 00401097 . 52 push edx ; /Arg1 00401098 . E8 B3400000 call 12-20.00405150 ; \12-20.00405150 0040109D . 83C4 04 add esp,4 004010A0 . 03F0 add esi,eax 004010A2 . 8D45 F4 lea eax,dword ptr ss:[ebp-C] 004010A5 . 50 push eax ; /Arg1 004010A6 . E8 A5400000 call 12-20.00405150 ; \12-20.00405150 004010AB . 83C4 04 add esp,4 004010AE . 6BC0 03 imul eax,eax,3 004010B1 . 03F0 add esi,eax 004010B3 . 8975 F0 mov dword ptr ss:[ebp-10],esi 004010B6 . 68 54864200 push 12-20.00428654 ; /Arg1 = 00428654 004010BB . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 004010C0 . E8 0B1C0000 call 12-20.00402CD0 ; \12-20.00402CD0 004010C5 . 68 0F104000 push 12-20.0040100F 004010CA . 68 44864200 push 12-20.00428644 ; /Arg1 = 00428644 004010CF . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 004010D4 . E8 F71B0000 call 12-20.00402CD0 ; \12-20.00402CD0 004010D9 . 8BC8 mov ecx,eax 004010DB . E8 25FFFFFF call 12-20.00401005 004010E0 . 68 0F104000 push 12-20.0040100F 004010E5 . 68 34864200 push 12-20.00428634 ; /Arg1 = 00428634 004010EA . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 004010EF . E8 DC1B0000 call 12-20.00402CD0 ; \12-20.00402CD0 004010F4 . 8BC8 mov ecx,eax 004010F6 . E8 0AFFFFFF call 12-20.00401005 004010FB . 68 0F104000 push 12-20.0040100F 00401100 . 68 D8854200 push 12-20.004285D8 ; /Arg1 = 004285D8 00401105 . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 0040110A . E8 C11B0000 call 12-20.00402CD0 ; \12-20.00402CD0 0040110F . 8BC8 mov ecx,eax 00401111 . E8 EFFEFFFF call 12-20.00401005 00401116 . 68 0F104000 push 12-20.0040100F 0040111B . 68 7C854200 push 12-20.0042857C ; /Arg1 = 0042857C 00401120 . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 00401125 . E8 A61B0000 call 12-20.00402CD0 ; \12-20.00402CD0 0040112A . 8BC8 mov ecx,eax 0040112C . E8 D4FEFFFF call 12-20.00401005 00401131 . 68 0F104000 push 12-20.0040100F 00401136 . 68 20854200 push 12-20.00428520 ; /Arg1 = 00428520 0040113B . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 00401140 . E8 8B1B0000 call 12-20.00402CD0 ; \12-20.00402CD0 00401145 . 8BC8 mov ecx,eax 00401147 . E8 B9FEFFFF call 12-20.00401005 0040114C > B9 01000000 mov ecx,1 00401151 . 85C9 test ecx,ecx 00401153 . 0F84 04070000 je 12-20.0040185D 00401159 . 8D55 E4 lea edx,dword ptr ss:[ebp-1C] 0040115C . 52 push edx ; /Arg1 0040115D . B9 08CA4200 mov ecx,12-20.0042CA08 ; \| 00401162 . E8 F9110000 call 12-20.00402360 //要求输入1才继续运行输密码 ; \12-20.00402360 00401167 . 8D45 E4 lea eax,dword ptr ss:[ebp-1C] 0040116A . 50 push eax ; /Arg1 0040116B . E8 E03F0000 call 12-20.00405150 ; \12-20.00405150 00401170 . 83C4 04 add esp,4 00401173 . 83F8 01 cmp eax,1 00401176 . 0F85 73040000 jnz 12-20.004015EF 0040117C . C745 8C 14000000 mov dword ptr ss:[ebp-74],14 00401183 . C745 88 0C000000 mov dword ptr ss:[ebp-78],0C 0040118A . 68 0F104000 push 12-20.0040100F 0040118F . 68 F4844200 push 12-20.004284F4 ; /Arg1 = 004284F4 00401194 . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 00401199 . E8 321B0000 call 12-20.00402CD0 ; \12-20.00402CD0 0040119E . 8BC8 mov ecx,eax 004011A0 . E8 60FEFFFF call 12-20.00401005 004011A5 . 8D4D AC lea ecx,dword ptr ss:[ebp-54] 004011A8 . 51 push ecx ; /Arg1 004011A9 . B9 08CA4200 mov ecx,12-20.0042CA08 ; \| 004011AE . E8 AD110000 call 12-20.00402360 //要求输密码 ; \12-20.00402360 004011B3 . 8D55 AC lea edx,dword ptr ss:[ebp-54]//现在EDX值为所输入密码 004011B6 . 52 push edx ; /Arg1 004011B7 . E8 943F0000 call 12-20.00405150 ; \12-20.00405150 004011BC . 83C4 04 add esp,4 004011BF . 8945 A8 mov dword ptr ss:[ebp-58],eax 004011C2 . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 004011C5 . 2B45 8C sub eax,dword ptr ss:[ebp-74] 004011C8 . 99 cdq 004011C9 . F77D 88 idiv dword ptr ss:[ebp-78] 004011CC . 8945 A8 mov dword ptr ss:[ebp-58],eax 004011CF . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 004011D2 . 99 cdq 004011D3 . B9 40420F00 mov ecx,0F4240 004011D8 . F7F9 idiv ecx 004011DA . 8BC2 mov eax,edx 004011DC . 99 cdq 004011DD . B9 A0860100 mov ecx,186A0 004011E2 . F7F9 idiv ecx 004011E4 . 8945 D0 mov dword ptr ss:[ebp-30],eax 004011E7 . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 004011EA . 99 cdq 004011EB . B9 80969800 mov ecx,989680 004011F0 . F7F9 idiv ecx 004011F2 . 8945 CC mov dword ptr ss:[ebp-34],eax 004011F5 . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 004011F8 . 99 cdq 004011F9 . B9 10270000 mov ecx,2710 004011FE . F7F9 idiv ecx 00401200 . 8BC2 mov eax,edx 00401202 . 99 cdq 00401203 . B9 E8030000 mov ecx,3E8 00401208 . F7F9 idiv ecx 0040120A . 8945 C8 mov dword ptr ss:[ebp-38],eax 0040120D . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 00401210 . 99 cdq 00401211 . B9 64000000 mov ecx,64 00401216 . F7F9 idiv ecx 00401218 . 8BC2 mov eax,edx 0040121A . 99 cdq 0040121B . B9 0A000000 mov ecx,0A 00401220 . F7F9 idiv ecx 00401222 . 8945 C4 mov dword ptr ss:[ebp-3C],eax 00401225 . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 00401228 . 99 cdq 00401229 . B9 80969800 mov ecx,989680 0040122E . F7F9 idiv ecx 00401230 . 8BC2 mov eax,edx 00401232 . 99 cdq 00401233 . B9 40420F00 mov ecx,0F4240 00401238 . F7F9 idiv ecx 0040123A . 8945 C0 mov dword ptr ss:[ebp-40],eax 0040123D . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 00401240 . 99 cdq 00401241 . B9 A0860100 mov ecx,186A0 00401246 . F7F9 idiv ecx 00401248 . 8BC2 mov eax,edx 0040124A . 99 cdq 0040124B . B9 10270000 mov ecx,2710 00401250 . F7F9 idiv ecx 00401252 . 8945 B4 mov dword ptr ss:[ebp-4C],eax 00401255 . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 00401258 . 99 cdq 00401259 . B9 E8030000 mov ecx,3E8 0040125E . F7F9 idiv ecx 00401260 . 8BC2 mov eax,edx 00401262 . 99 cdq 00401263 . B9 64000000 mov ecx,64 00401268 . F7F9 idiv ecx 0040126A . 8945 B8 mov dword ptr ss:[ebp-48],eax 0040126D . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 00401270 . 99 cdq 00401271 . B9 0A000000 mov ecx,0A 00401276 . F7F9 idiv ecx 00401278 . 8955 BC mov dword ptr ss:[ebp-44],edx 0040127B . 8B55 D0 mov edx,dword ptr ss:[ebp-30] 0040127E . 69D2 E8030000 imul edx,edx,3E8 00401284 . 8B45 CC mov eax,dword ptr ss:[ebp-34] 00401287 . 6BC0 64 imul eax,eax,64 0040128A . 0345 C4 add eax,dword ptr ss:[ebp-3C] 0040128D . 8B4D C8 mov ecx,dword ptr ss:[ebp-38] 00401290 . 6BC9 0A imul ecx,ecx,0A 00401293 . 03C2 add eax,edx 00401295 . 03C8 add ecx,eax 00401297 . 8B55 F0 mov edx,dword ptr ss:[ebp-10] 0040129A . 8D8411 6CF4FFFF lea eax,dword ptr ds:[ecx+edx-B94> 004012A1 . 8945 A4 mov dword ptr ss:[ebp-5C],eax 004012A4 . 8B4D C0 mov ecx,dword ptr ss:[ebp-40] 004012A7 . 69C9 E8030000 imul ecx,ecx,3E8 004012AD . 8B55 BC mov edx,dword ptr ss:[ebp-44] 004012B0 . 6BD2 64 imul edx,edx,64 004012B3 . 0355 B4 add edx,dword ptr ss:[ebp-4C] 004012B6 . 8B45 B8 mov eax,dword ptr ss:[ebp-48] 004012B9 . 6BC0 0A imul eax,eax,0A 004012BC . 03D1 add edx,ecx 004012BE . 8D8C10 6CF4FFFF lea ecx,dword ptr ds:[eax+edx-B94> 004012C5 . 894D A0 mov dword ptr ss:[ebp-60],ecx 004012C8 . 8B55 A4 mov edx,dword ptr ss:[ebp-5C] 004012CB . 3B55 A0 cmp edx,dword ptr ss:[ebp-60]//在此EDX已经不是密码值 004012CE . 0F85 EB020000 jnz 12-20.004015BF 2005-1-2 00:12 0
夏雨雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 49 粉丝 0 关注私信	夏雨 3 楼让我费解的是为什么在最后比较的不是我输入的密码，如果不是我输入的密码，为什么比较后就成为关键的跳转？（因为输入正确的密码在这时不跳转）实行爆破后。能够显示内容，但关键数字与我输入的密码相关联，所以只有找到真正密码才算成功，这对我这个初学者来说可成大难题了，呵菜死了。 2005-1-2 00:27 0
夏雨雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 49 粉丝 0 关注私信	夏雨 4 楼指导一下呀 2005-1-2 22:47 0
jdpack 雪币： 207 活跃值： (10) 能力值： ( LV4，RANK：50 ) 在线值：发帖 8 回帖 131 粉丝 0 关注私信	jdpack 1 5 楼 F(输入的密码)=标准码 2005-1-2 23:09 0
夏雨雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 49 粉丝 0 关注私信	夏雨 6 楼指导一下呀 2005-1-3 08:48 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

夏雨

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (5)
夏雨雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 49 粉丝 0 关注私信	夏雨 2 楼详细说明： 00401041 . 8BEC mov ebp,esp 00401043 . 81EC BC000000 sub esp,0BC 00401049 . 53 push ebx 0040104A . 56 push esi 0040104B . 57 push edi 0040104C . 8DBD 44FFFFFF lea edi,dword ptr ss:[ebp-BC] 00401052 . B9 2F000000 mov ecx,2F 00401057 . B8 CCCCCCCC mov eax,CCCCCCCC 0040105C . F3:AB rep stos dword ptr es:[edi] 0040105E . 66:A1 A8864200 mov ax,word ptr ds:[4286A8] 00401064 . 66:8945 FC mov word ptr ss:[ebp-4],ax 00401068 . 66:8B0D A4864200 mov cx,word ptr ds:[4286A4] 0040106F . 66:894D F8 mov word ptr ss:[ebp-8],cx 00401073 . 66:8B15 A0864200 mov dx,word ptr ds:[4286A0] 0040107A . 66:8955 F4 mov word ptr ss:[ebp-C],dx 0040107E . A0 A2864200 mov al,byte ptr ds:[4286A2] 00401083 . 8845 F6 mov byte ptr ss:[ebp-A],al 00401086 . 8D4D FC lea ecx,dword ptr ss:[ebp-4] 00401089 . 51 push ecx ; /Arg1 0040108A . E8 C1400000 call 12-20.00405150 ; \12-20.00405150 0040108F . 83C4 04 add esp,4 00401092 . 8BF0 mov esi,eax 00401094 . 8D55 F8 lea edx,dword ptr ss:[ebp-8] 00401097 . 52 push edx ; /Arg1 00401098 . E8 B3400000 call 12-20.00405150 ; \12-20.00405150 0040109D . 83C4 04 add esp,4 004010A0 . 03F0 add esi,eax 004010A2 . 8D45 F4 lea eax,dword ptr ss:[ebp-C] 004010A5 . 50 push eax ; /Arg1 004010A6 . E8 A5400000 call 12-20.00405150 ; \12-20.00405150 004010AB . 83C4 04 add esp,4 004010AE . 6BC0 03 imul eax,eax,3 004010B1 . 03F0 add esi,eax 004010B3 . 8975 F0 mov dword ptr ss:[ebp-10],esi 004010B6 . 68 54864200 push 12-20.00428654 ; /Arg1 = 00428654 004010BB . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 004010C0 . E8 0B1C0000 call 12-20.00402CD0 ; \12-20.00402CD0 004010C5 . 68 0F104000 push 12-20.0040100F 004010CA . 68 44864200 push 12-20.00428644 ; /Arg1 = 00428644 004010CF . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 004010D4 . E8 F71B0000 call 12-20.00402CD0 ; \12-20.00402CD0 004010D9 . 8BC8 mov ecx,eax 004010DB . E8 25FFFFFF call 12-20.00401005 004010E0 . 68 0F104000 push 12-20.0040100F 004010E5 . 68 34864200 push 12-20.00428634 ; /Arg1 = 00428634 004010EA . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 004010EF . E8 DC1B0000 call 12-20.00402CD0 ; \12-20.00402CD0 004010F4 . 8BC8 mov ecx,eax 004010F6 . E8 0AFFFFFF call 12-20.00401005 004010FB . 68 0F104000 push 12-20.0040100F 00401100 . 68 D8854200 push 12-20.004285D8 ; /Arg1 = 004285D8 00401105 . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 0040110A . E8 C11B0000 call 12-20.00402CD0 ; \12-20.00402CD0 0040110F . 8BC8 mov ecx,eax 00401111 . E8 EFFEFFFF call 12-20.00401005 00401116 . 68 0F104000 push 12-20.0040100F 0040111B . 68 7C854200 push 12-20.0042857C ; /Arg1 = 0042857C 00401120 . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 00401125 . E8 A61B0000 call 12-20.00402CD0 ; \12-20.00402CD0 0040112A . 8BC8 mov ecx,eax 0040112C . E8 D4FEFFFF call 12-20.00401005 00401131 . 68 0F104000 push 12-20.0040100F 00401136 . 68 20854200 push 12-20.00428520 ; /Arg1 = 00428520 0040113B . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 00401140 . E8 8B1B0000 call 12-20.00402CD0 ; \12-20.00402CD0 00401145 . 8BC8 mov ecx,eax 00401147 . E8 B9FEFFFF call 12-20.00401005 0040114C > B9 01000000 mov ecx,1 00401151 . 85C9 test ecx,ecx 00401153 . 0F84 04070000 je 12-20.0040185D 00401159 . 8D55 E4 lea edx,dword ptr ss:[ebp-1C] 0040115C . 52 push edx ; /Arg1 0040115D . B9 08CA4200 mov ecx,12-20.0042CA08 ; \| 00401162 . E8 F9110000 call 12-20.00402360 //要求输入1才继续运行输密码 ; \12-20.00402360 00401167 . 8D45 E4 lea eax,dword ptr ss:[ebp-1C] 0040116A . 50 push eax ; /Arg1 0040116B . E8 E03F0000 call 12-20.00405150 ; \12-20.00405150 00401170 . 83C4 04 add esp,4 00401173 . 83F8 01 cmp eax,1 00401176 . 0F85 73040000 jnz 12-20.004015EF 0040117C . C745 8C 14000000 mov dword ptr ss:[ebp-74],14 00401183 . C745 88 0C000000 mov dword ptr ss:[ebp-78],0C 0040118A . 68 0F104000 push 12-20.0040100F 0040118F . 68 F4844200 push 12-20.004284F4 ; /Arg1 = 004284F4 00401194 . B9 58CA4200 mov ecx,12-20.0042CA58 ; \| 00401199 . E8 321B0000 call 12-20.00402CD0 ; \12-20.00402CD0 0040119E . 8BC8 mov ecx,eax 004011A0 . E8 60FEFFFF call 12-20.00401005 004011A5 . 8D4D AC lea ecx,dword ptr ss:[ebp-54] 004011A8 . 51 push ecx ; /Arg1 004011A9 . B9 08CA4200 mov ecx,12-20.0042CA08 ; \| 004011AE . E8 AD110000 call 12-20.00402360 //要求输密码 ; \12-20.00402360 004011B3 . 8D55 AC lea edx,dword ptr ss:[ebp-54]//现在EDX值为所输入密码 004011B6 . 52 push edx ; /Arg1 004011B7 . E8 943F0000 call 12-20.00405150 ; \12-20.00405150 004011BC . 83C4 04 add esp,4 004011BF . 8945 A8 mov dword ptr ss:[ebp-58],eax 004011C2 . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 004011C5 . 2B45 8C sub eax,dword ptr ss:[ebp-74] 004011C8 . 99 cdq 004011C9 . F77D 88 idiv dword ptr ss:[ebp-78] 004011CC . 8945 A8 mov dword ptr ss:[ebp-58],eax 004011CF . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 004011D2 . 99 cdq 004011D3 . B9 40420F00 mov ecx,0F4240 004011D8 . F7F9 idiv ecx 004011DA . 8BC2 mov eax,edx 004011DC . 99 cdq 004011DD . B9 A0860100 mov ecx,186A0 004011E2 . F7F9 idiv ecx 004011E4 . 8945 D0 mov dword ptr ss:[ebp-30],eax 004011E7 . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 004011EA . 99 cdq 004011EB . B9 80969800 mov ecx,989680 004011F0 . F7F9 idiv ecx 004011F2 . 8945 CC mov dword ptr ss:[ebp-34],eax 004011F5 . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 004011F8 . 99 cdq 004011F9 . B9 10270000 mov ecx,2710 004011FE . F7F9 idiv ecx 00401200 . 8BC2 mov eax,edx 00401202 . 99 cdq 00401203 . B9 E8030000 mov ecx,3E8 00401208 . F7F9 idiv ecx 0040120A . 8945 C8 mov dword ptr ss:[ebp-38],eax 0040120D . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 00401210 . 99 cdq 00401211 . B9 64000000 mov ecx,64 00401216 . F7F9 idiv ecx 00401218 . 8BC2 mov eax,edx 0040121A . 99 cdq 0040121B . B9 0A000000 mov ecx,0A 00401220 . F7F9 idiv ecx 00401222 . 8945 C4 mov dword ptr ss:[ebp-3C],eax 00401225 . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 00401228 . 99 cdq 00401229 . B9 80969800 mov ecx,989680 0040122E . F7F9 idiv ecx 00401230 . 8BC2 mov eax,edx 00401232 . 99 cdq 00401233 . B9 40420F00 mov ecx,0F4240 00401238 . F7F9 idiv ecx 0040123A . 8945 C0 mov dword ptr ss:[ebp-40],eax 0040123D . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 00401240 . 99 cdq 00401241 . B9 A0860100 mov ecx,186A0 00401246 . F7F9 idiv ecx 00401248 . 8BC2 mov eax,edx 0040124A . 99 cdq 0040124B . B9 10270000 mov ecx,2710 00401250 . F7F9 idiv ecx 00401252 . 8945 B4 mov dword ptr ss:[ebp-4C],eax 00401255 . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 00401258 . 99 cdq 00401259 . B9 E8030000 mov ecx,3E8 0040125E . F7F9 idiv ecx 00401260 . 8BC2 mov eax,edx 00401262 . 99 cdq 00401263 . B9 64000000 mov ecx,64 00401268 . F7F9 idiv ecx 0040126A . 8945 B8 mov dword ptr ss:[ebp-48],eax 0040126D . 8B45 A8 mov eax,dword ptr ss:[ebp-58] 00401270 . 99 cdq 00401271 . B9 0A000000 mov ecx,0A 00401276 . F7F9 idiv ecx 00401278 . 8955 BC mov dword ptr ss:[ebp-44],edx 0040127B . 8B55 D0 mov edx,dword ptr ss:[ebp-30] 0040127E . 69D2 E8030000 imul edx,edx,3E8 00401284 . 8B45 CC mov eax,dword ptr ss:[ebp-34] 00401287 . 6BC0 64 imul eax,eax,64 0040128A . 0345 C4 add eax,dword ptr ss:[ebp-3C] 0040128D . 8B4D C8 mov ecx,dword ptr ss:[ebp-38] 00401290 . 6BC9 0A imul ecx,ecx,0A 00401293 . 03C2 add eax,edx 00401295 . 03C8 add ecx,eax 00401297 . 8B55 F0 mov edx,dword ptr ss:[ebp-10] 0040129A . 8D8411 6CF4FFFF lea eax,dword ptr ds:[ecx+edx-B94> 004012A1 . 8945 A4 mov dword ptr ss:[ebp-5C],eax 004012A4 . 8B4D C0 mov ecx,dword ptr ss:[ebp-40] 004012A7 . 69C9 E8030000 imul ecx,ecx,3E8 004012AD . 8B55 BC mov edx,dword ptr ss:[ebp-44] 004012B0 . 6BD2 64 imul edx,edx,64 004012B3 . 0355 B4 add edx,dword ptr ss:[ebp-4C] 004012B6 . 8B45 B8 mov eax,dword ptr ss:[ebp-48] 004012B9 . 6BC0 0A imul eax,eax,0A 004012BC . 03D1 add edx,ecx 004012BE . 8D8C10 6CF4FFFF lea ecx,dword ptr ds:[eax+edx-B94> 004012C5 . 894D A0 mov dword ptr ss:[ebp-60],ecx 004012C8 . 8B55 A4 mov edx,dword ptr ss:[ebp-5C] 004012CB . 3B55 A0 cmp edx,dword ptr ss:[ebp-60]//在此EDX已经不是密码值 004012CE . 0F85 EB020000 jnz 12-20.004015BF 2005-1-2 00:12 0
夏雨雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 49 粉丝 0 关注私信	夏雨 3 楼让我费解的是为什么在最后比较的不是我输入的密码，如果不是我输入的密码，为什么比较后就成为关键的跳转？（因为输入正确的密码在这时不跳转）实行爆破后。能够显示内容，但关键数字与我输入的密码相关联，所以只有找到真正密码才算成功，这对我这个初学者来说可成大难题了，呵菜死了。 2005-1-2 00:27 0
夏雨雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 49 粉丝 0 关注私信	夏雨 4 楼指导一下呀 2005-1-2 22:47 0
jdpack 雪币： 207 活跃值： (10) 能力值： ( LV4，RANK：50 ) 在线值：发帖 8 回帖 131 粉丝 0 关注私信	jdpack 1 5 楼 F(输入的密码)=标准码 2005-1-2 23:09 0
夏雨雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 49 粉丝 0 关注私信	夏雨 6 楼指导一下呀 2005-1-3 08:48 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复