[原创] 第二部分比赛[第十回]CrackMe破解提交-6)PEDIY Crackme竞赛2009-看雪论坛-安全社区|非营利性质技术交流社区

[原创] 第二部分比赛[第十回]CrackMe破解提交

发表于: 2009-9-16 19:55 18558

[原创] 第二部分比赛[第十回]CrackMe破解提交

不死神鸟

2009-9-16 19:55

18558

0040118A    55          push ebp
0040118B    8BEC       mov    ebp, esp
0040118D    81EC 04010000 sub    esp, 104
00401193    56          push esi
00401194    8D85 FCFEFFFF lea    eax, dword ptr [ebp-104]
0040119A    6A 64       push 64
0040119C    50          push eax
0040119D    6A 6E       push 6E
0040119F    FF35 98854700 push dword ptr [478598]
004011A5    FF15 08514700 call dword ptr [<&USER32.LoadStringA>>;  USER32.LoadStringA
004011AB    8B45 0C    mov    eax, dword ptr [ebp+C]
004011AE    48          dec    eax
004011AF    0F84 EB010000 je    004013A0
004011B5    48          dec    eax
004011B6    0F84 CF010000 je    0040138B
004011BC    83E8 0D    sub    eax, 0D
004011BF    0F84 67010000 je    0040132C
004011C5    2D 02010000 sub    eax, 102
004011CA    0F84 15010000 je    004012E5
004011D0    48          dec    eax
004011D1    48          dec    eax
004011D2    74 17       je    short 004011EB
004011D4    FF75 14    push dword ptr [ebp+14]
004011D7    FF75 10    push dword ptr [ebp+10]
004011DA    FF75 0C    push dword ptr [ebp+C]
004011DD    FF75 08    push dword ptr [ebp+8]
004011E0    FF15 BC504700 call dword ptr [<&USER32.DefWindowPro>;  USER32.DefWindowProcA
004011E6    E9 C6010000 jmp    004013B1
004011EB    53          push ebx
004011EC    57          push edi
004011ED    FF75 08    push dword ptr [ebp+8]
004011F0    FF15 C0504700 call dword ptr [<&USER32.GetDC>]    ;  USER32.GetDC
004011F6    8BF0       mov    esi, eax
004011F8    8D45 A0    lea    eax, dword ptr [ebp-60]
004011FB    50          push eax
004011FC    56          push esi
004011FD    FF15 10504700 call dword ptr [<&GDI32.GetTextMetric>;  GDI32.GetTextMetricsA
00401203    8305 9C854700>add    dword ptr [47859C], 32
0040120A    A1 9C854700 mov    eax, dword ptr [47859C]
0040120F    05 96000000 add    eax, 96
00401214    6A 78       push 78
00401216    8945 F8    mov    dword ptr [ebp-8], eax
00401219    8B45 A0    mov    eax, dword ptr [ebp-60]
0040121C    5B          pop    ebx
0040121D    03C3       add    eax, ebx
0040121F    68 EB0F5A00 push 5A0FEB
00401224    56          push esi
00401225    895D F0    mov    dword ptr [ebp-10], ebx
00401228    895D F4    mov    dword ptr [ebp-C], ebx
0040122B    8945 FC    mov    dword ptr [ebp-4], eax
0040122E    FF15 00504700 call dword ptr [<&GDI32.SetTextColor>>;  GDI32.SetTextColor
00401234    6A 01       push 1
00401236    56          push esi
00401237    FF15 04504700 call dword ptr [<&GDI32.SetBkMode>] ;  GDI32.SetBkMode
0040123D    8065 E0 00 and    byte ptr [ebp-20], 0
00401241    33C0       xor    eax, eax
00401243    8D7D E1    lea    edi, dword ptr [ebp-1F]
00401246    6A 10       push 10
00401248    AB          stos dword ptr es:[edi]
00401249    AB          stos dword ptr es:[edi]
0040124A    AB          stos dword ptr es:[edi]
0040124B    66:AB       stos word ptr es:[edi]
0040124D    AA          stos byte ptr es:[edi]
0040124E    8D45 E0    lea    eax, dword ptr [ebp-20]
00401251    50          push eax
00401252    6A 6A       push 6A
00401254    FF35 98854700 push dword ptr [478598]
0040125A    FF15 08514700 call dword ptr [<&USER32.LoadStringA>>;  USER32.LoadStringA
00401260    8D45 F0    lea    eax, dword ptr [ebp-10]
00401263    6A 04       push 4
00401265    50          push eax
00401266    8D45 E0    lea    eax, dword ptr [ebp-20]
00401269    6A FF       push -1
0040126B    50          push eax
0040126C    56          push esi
0040126D    FF15 C4504700 call dword ptr [<&USER32.DrawTextA>]  ;  USER32.DrawTextA
00401273    8B45 A0    mov    eax, dword ptr [ebp-60]
00401276    C745 F4 96000>mov    dword ptr [ebp-C], 96
0040127D    05 96000000 add    eax, 96
00401282    8945 FC    mov    dword ptr [ebp-4], eax
00401285    8D45 D8    lea    eax, dword ptr [ebp-28]
00401288    50          push eax
00401289    8D45 E0    lea    eax, dword ptr [ebp-20]
0040128C    50          push eax
0040128D    E8 7E010700 call 00471410
00401292    59          pop    ecx
00401293    50          push eax
00401294    8D45 E0    lea    eax, dword ptr [ebp-20]
00401297    50          push eax
00401298    56          push esi
00401299    FF15 08504700 call dword ptr [<&GDI32.GetTextExtent>;  GDI32.GetTextExtentPoint32A
0040129F    A1 9C854700 mov    eax, dword ptr [47859C]
004012A4    3B45 D8    cmp    eax, dword ptr [ebp-28]
004012A7    7E 2B       jle    short 004012D4
004012A9    8325 9C854700>and    dword ptr [47859C], 0
004012B0    68 9B80EB00 push 0EB809B
004012B5    56          push esi
004012B6    FF15 00504700 call dword ptr [<&GDI32.SetTextColor>>;  GDI32.SetTextColor
004012BC    8D45 E0    lea    eax, dword ptr [ebp-20]
004012BF    50          push eax
004012C0    E8 4B010700 call 00471410
004012C5    59          pop    ecx
004012C6    50          push eax
004012C7    8D45 E0    lea    eax, dword ptr [ebp-20]
004012CA    50          push eax
004012CB    53          push ebx
004012CC    53          push ebx
004012CD    56          push esi
004012CE    FF15 0C504700 call dword ptr [<&GDI32.TextOutA>] ;  GDI32.TextOutA
004012D4    56          push esi
004012D5    FF75 08    push dword ptr [ebp+8]
004012D8    FF15 C8504700 call dword ptr [<&USER32.ReleaseDC>]  ;  USER32.ReleaseDC
004012DE    5F          pop    edi
004012DF    5B          pop    ebx
004012E0    E9 CA000000 jmp    004013AF
004012E5    0FB745 10    movzx eax, word ptr [ebp+10]
004012E9    83E8 68    sub    eax, 68
004012EC    74 21       je    short 0040130F
004012EE    48          dec    eax
004012EF    74 10       je    short 00401301
004012F1    FF75 14    push dword ptr [ebp+14]
004012F4    FF75 10    push dword ptr [ebp+10]
004012F7    68 11010000 push 111
004012FC ^ E9 DCFEFFFF jmp    004011DD
00401301    FF75 08    push dword ptr [ebp+8]
00401304    FF15 CC504700 call dword ptr [<&USER32.DestroyWindo>;  USER32.DestroyWindow
0040130A    E9 A0000000 jmp    004013AF
0040130F    6A 00       push 0
00401311    68 B6134000 push 004013B6
00401316    FF75 08    push dword ptr [ebp+8]
00401319    6A 67       push 67
0040131B    FF35 98854700 push dword ptr [478598]
00401321    FF15 E8504700 call dword ptr [<&USER32.DialogBoxPar>;  USER32.DialogBoxParamA
00401327    E9 83000000 jmp    004013AF
0040132C    8D85 60FFFFFF lea    eax, dword ptr [ebp-A0]
00401332    50          push eax
00401333    FF75 08    push dword ptr [ebp+8]
00401336    FF15 D0504700 call dword ptr [<&USER32.BeginPaint>] ;  USER32.BeginPaint
0040133C    8BF0       mov    esi, eax
0040133E    8D45 F0    lea    eax, dword ptr [ebp-10]
00401341    50          push eax
00401342    FF75 08    push dword ptr [ebp+8]
00401345    FF15 D4504700 call dword ptr [<&USER32.GetClientRec>;  USER32.GetClientRect
0040134B    68 3CFF3C00 push 3CFF3C
00401350    56          push esi
00401351    FF15 00504700 call dword ptr [<&GDI32.SetTextColor>>;  GDI32.SetTextColor
00401357    8D45 F0    lea    eax, dword ptr [ebp-10]
0040135A    6A 01       push 1
0040135C    50          push eax
0040135D    8D85 FCFEFFFF lea    eax, dword ptr [ebp-104]
00401363    50          push eax
00401364    E8 A7000700 call 00471410
00401369    59          pop    ecx
0040136A    50          push eax
0040136B    8D85 FCFEFFFF lea    eax, dword ptr [ebp-104]
00401371    50          push eax
00401372    56          push esi
00401373    FF15 C4504700 call dword ptr [<&USER32.DrawTextA>]  ;  USER32.DrawTextA
00401379    8D85 60FFFFFF lea    eax, dword ptr [ebp-A0]
0040137F    50          push eax
00401380    FF75 08    push dword ptr [ebp+8]
00401383    FF15 D8504700 call dword ptr [<&USER32.EndPaint>] ;  USER32.EndPaint
00401389    EB 24       jmp    short 004013AF
0040138B    6A 01       push 1
0040138D    FF75 08    push dword ptr [ebp+8]
00401390    FF15 DC504700 call dword ptr [<&USER32.KillTimer>]  ;  USER32.KillTimer
00401396    6A 00       push 0
00401398    FF15 E0504700 call dword ptr [<&USER32.PostQuitMess>;  USER32.PostQuitMessage
0040139E    EB 0F       jmp    short 004013AF
004013A0    6A 00       push 0
004013A2    6A 64       push 64
004013A4    6A 01       push 1
004013A6    FF75 08    push dword ptr [ebp+8]
004013A9    FF15 E4504700 call dword ptr [<&USER32.SetTimer>] ;  USER32.SetTimer
004013AF    33C0       xor    eax, eax
004013B1    5E          pop    esi
004013B2    C9          leave
004013B3    C2 1000    retn 10

00407CBA  |$  B8 01000000 mov    eax, 1
00407CBF  \>  C3          retn

0046411F  /$  B8 9A089183 mov    eax, 8391089A
00464124  \>  C3          retn

[培训]科锐软件逆向54期预科班、正式班开始火爆招生报名啦！！！

上传的附件：

a6.rar （504.16kb，17次下载）

收藏・1

免费・0

支持

最新回复 (2)
不死神鸟雪币： 9 活跃值： (157) 能力值： ( LV12，RANK：200 ) 在线值：发帖 105 回帖 757 粉丝 1 关注私信	不死神鸟 1 2 楼用户名：1 注册码：1 2009-9-22 23:25 0
hawking 雪币： 1969 活跃值： (46) 能力值： (RANK：550 ) 在线值：发帖 37 回帖 519 粉丝 6 关注私信	hawking 12 3 楼时长：487 Min 得分：39.08 2009-9-23 18:42 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

不死神鸟

105

发帖

757

回帖

200

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
不死神鸟雪币： 9 活跃值： (157) 能力值： ( LV12，RANK：200 ) 在线值：发帖 105 回帖 757 粉丝 1 关注私信	不死神鸟 1 2 楼用户名：1 注册码：1 2009-9-22 23:25 0
hawking 雪币： 1969 活跃值： (46) 能力值： (RANK：550 ) 在线值：发帖 37 回帖 519 粉丝 6 关注私信	hawking 12 3 楼时长：487 Min 得分：39.08 2009-9-23 18:42 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复