[反汇编练习] 160个CrackMe之021
[反汇编练习] 160个CrackMe之021.
本系列文章的目的是从一个没有任何经验的新手的角度(其实就是我自己),一步步尝试将160个CrackMe全部破解,如果可以,通过任何方式写出一个类似于注册机的东西。
其中,文章中按照如下逻辑编排(解决如下问题):
1、使用什么环境和工具
2、程序分析
3、思路分析和破解流程
4、注册机的探索
----------------------------------
提醒各位看客: 如果文章中的逻辑看不明白,那你一定是没有亲手操刀!OD中的跳转提示很强大,只要你跟踪了,不用怎么看代码就理解了!
----------------------------------
1、工具和环境:
WinXP SP3 + 52Pojie六周年纪念版OD + PEID + 汇编金手指。
160个CrackMe的打包文件。
下载地址: http://pan.baidu.com/s/1xUWOY 密码: jbnq
注:
1、Win7系统对于模块和程序开启了随机初始地址的功能,会给分析带来很大的负担,所以不建议使用Win7进行分析。
2、以上工具都是在52PoJie论坛下的原版程序,NOD32不报毒,个人承诺绝对不会进行任何和木马病毒相关内容。
2、程序分析:
想要破解一个程序,必须先了解这个程序。所以,在破解过程中,对最初程序的分析很重要,他可以帮助我们理解作者的目的和意图,特别是对于注册码的处理细节,从而方便我们反向跟踪和推导。
和上一节一样,打开CHM,选择第21个Cabeca.exe,保存下来。运行程序,程序界面如下:
3、思路分析和破解流程
有信息框,老办法。
PEID查看: Borland Delphi 3.0
和以前的一样,直接上步骤:
1、打开OD,将exe拖到OD窗口中,等程序暂停后,直接点击运行按钮(F9),不用理会。
2、在exe中输入伪码:bbdxf 12345 67890。点击OK按钮,弹出错误信息框,不要关闭。
3、在OD中点击暂停按钮(Ctrl+F12),再点击堆栈K按钮(Ctrl+K),可以看到当前堆栈情况。
然后,。。。。。
不对,它是Delphi程序,虽然定位到了位置,但问题是大部分函数和Call根本不知道什么意思。所以,应该是这样子的:
1、使用IDR打开程序分析:
窗口信息:
按钮事件信息:
Unit1::TForm1.Button1Click0042D3C4 push ebp0042D3C5 mov ebp,esp0042D3C7 xor ecx,ecx0042D3C9 push ecx0042D3CA push ecx0042D3CB push ecx0042D3CC push ecx0042D3CD push ebx0042D3CE mov ebx,eax0042D3D0 xor eax,eax0042D3D2 push ebp0042D3D3 push 42D5AD0042D3D8 push dword ptr fs:[eax]0042D3DB mov dword ptr fs:[eax],esp0042D3DE cmp dword ptr ds:[42F714],0; gvar_0042F714
>0042D3E5 je 0042D42C0042D3E7 cmp dword ptr ds:[42F718],0; gvar_0042F718
>0042D3EE je 0042D42C0042D3F0 lea edx,[ebp-4]0042D3F3 mov eax,dword ptr [ebx+1E0]; TForm1.Edit1:TEdit0042D3F9 call TControl.GetText0042D3FE cmp dword ptr [ebp-4],0
>0042D402 je 0042D42C0042D404 lea edx,[ebp-8]0042D407 mov eax,dword ptr [ebx+1E4]; TForm1.Edit2:TEdit0042D40D call TControl.GetText0042D412 cmp dword ptr [ebp-8],0
>0042D416 je 0042D42C0042D418 lea edx,[ebp-0C]0042D41B mov eax,dword ptr [ebx+1EC]; TForm1.Edit3:TEdit0042D421 call TControl.GetText0042D426 cmp dword ptr [ebp-0C],0
>0042D42A jne 0042D4700042D42C mov eax,42D5C4; 'Fill all boxes first dumb!'0042D431 call ShowMessage0042D436 xor eax,eax0042D438 mov [0042F714],eax; gvar_0042F7140042D43D xor eax,eax0042D43F mov [0042F718],eax; gvar_0042F7180042D444 xor edx,edx0042D446 mov eax,dword ptr [ebx+1E0]; TForm1.Edit1:TEdit0042D44C call TControl.SetText0042D451 xor edx,edx0042D453 mov eax,dword ptr [ebx+1E4]; TForm1.Edit2:TEdit0042D459 call TControl.SetText0042D45E xor edx,edx0042D460 mov eax,dword ptr [ebx+1EC]; TForm1.Edit3:TEdit0042D466 call TControl.SetText
>0042D46B jmp 0042D58A0042D470 cmp dword ptr ds:[42F714],0; gvar_0042F714
>0042D477 je 0042D4E50042D479 cmp dword ptr ds:[42F718],0; gvar_0042F718
>0042D480 je 0042D4E50042D482 lea edx,[ebp-10]0042D485 mov eax,[0042F714]; 0x0 gvar_0042F7140042D48A call IntToStr0042D48F mov eax,dword ptr [ebp-10]0042D492 push eax0042D493 lea edx,[ebp-4]0042D496 mov eax,dword ptr [ebx+1E4]; TForm1.Edit2:TEdit0042D49C call TControl.GetText0042D4A1 mov edx,dword ptr [ebp-4]0042D4A4 pop eax0042D4A5 call @LStrCmp
>0042D4AA jne 0042D4E50042D4AC lea edx,[ebp-10]0042D4AF mov eax,[0042F718]; 0x0 gvar_0042F7180042D4B4 call IntToStr0042D4B9 mov eax,dword ptr [ebp-10]0042D4BC push eax0042D4BD lea edx,[ebp-4]0042D4C0 mov eax,dword ptr [ebx+1EC]; TForm1.Edit3:TEdit0042D4C6 call TControl.GetText0042D4CB mov edx,dword ptr [ebp-4]0042D4CE pop eax0042D4CF call @LStrCmp
>0042D4D4 jne 0042D4E50042D4D6 mov eax,42D5E8; 'Hmmm.... Cracked... Congratulations idiot! :-)'0042D4DB call ShowMessage
>0042D4E0 jmp 0042D58A0042D4E5 cmp dword ptr ds:[42F714],0; gvar_0042F714
>0042D4EC je 0042D5210042D4EE cmp dword ptr ds:[42F718],0; gvar_0042F718
>0042D4F5 je 0042D5210042D4F7 lea edx,[ebp-10]0042D4FA mov eax,[0042F714]; 0x0 gvar_0042F7140042D4FF call IntToStr0042D504 mov eax,dword ptr [ebp-10]0042D507 push eax0042D508 lea edx,[ebp-4]0042D50B mov eax,dword ptr [ebx+1E4]; TForm1.Edit2:TEdit0042D511 call TControl.GetText0042D516 mov edx,dword ptr [ebp-4]0042D519 pop eax0042D51A call @LStrCmp
>0042D51F jne 0042D54B0042D521 lea edx,[ebp-10]0042D524 mov eax,[0042F718]; 0x0 gvar_0042F7180042D529 call IntToStr0042D52E mov eax,dword ptr [ebp-10]0042D531 push eax0042D532 lea edx,[ebp-4]0042D535 mov eax,dword ptr [ebx+1EC]; TForm1.Edit3:TEdit0042D53B call TControl.GetText0042D540 mov edx,dword ptr [ebp-4]0042D543 pop eax0042D544 call @LStrCmp
>0042D549 je 0042D58A0042D54B mov eax,42D620; 'Nice try... but is incorrect... Dumb..'0042D550 call ShowMessage0042D555 xor eax,eax0042D557 mov [0042F714],eax; gvar_0042F7140042D55C xor eax,eax0042D55E mov [0042F718],eax; gvar_0042F7180042D563 xor edx,edx0042D565 mov eax,dword ptr [ebx+1E0]; TForm1.Edit1:TEdit0042D56B call TControl.SetText0042D570 xor edx,edx0042D572 mov eax,dword ptr [ebx+1E4]; TForm1.Edit2:TEdit0042D578 call TControl.SetText0042D57D xor edx,edx0042D57F mov eax,dword ptr [ebx+1EC]; TForm1.Edit3:TEdit0042D585 call TControl.SetText0042D58A xor eax,eax0042D58C pop edx0042D58D pop ecx0042D58E pop ecx0042D58F mov dword ptr fs:[eax],edx0042D592 push 42D5B40042D597 lea eax,[ebp-10]0042D59A call @LStrClr0042D59F lea eax,[ebp-0C]0042D5A2 mov edx,30042D5A7 call @LStrArrayClr0042D5AC ret
<0042D5AD jmp @HandleFinally
<0042D5B2 jmp 0042D5970042D5B4 pop ebx0042D5B5 mov esp,ebp0042D5B7 pop ebp0042D5B8 ret
我们在OD中进行分析:
0042D3C4 /. 55 push ebp ; // Try按钮点击
0042D3C5 |. 8BEC mov ebp,esp
0042D3C7 |. 33C9 xor ecx,ecx
0042D3C9 |. 51 push ecx
0042D3CA |. 51 push ecx
0042D3CB |. 51 push ecx
0042D3CC |. 51 push ecx
0042D3CD |. 53 push ebx
0042D3CE |. 8BD8 mov ebx,eax
0042D3D0 |. 33C0 xor eax,eax
0042D3D2 |. 55 push ebp
0042D3D3 |. 68 ADD54200 push 0042D5AD
0042D3D8 |. 64:FF30 push dword ptr fs:[eax]
0042D3DB |. 64:8920 mov dword ptr fs:[eax],esp
0042D3DE |. 833D 14F74200>cmp dword ptr ds:[0x42F714],0x0
0042D3E5 |. 74 45 je short 0042D42C
0042D3E7 |. 833D 18F74200>cmp dword ptr ds:[0x42F718],0x0
0042D3EE |. 74 3C je short 0042D42C
0042D3F0 |. 8D55 FC lea edx,[local.1]
0042D3F3 |. 8B83 E0010000 mov eax,dword ptr ds:[ebx+0x1E0] ; TForm1.Edit1:TEdit
0042D3F9 |. E8 E2C9FEFF call 00419DE0 ; TControl.GetText
0042D3FE |. 837D FC 00 cmp [local.1],0x0 ; // "bbdxf"
0042D402 |. 74 28 je short 0042D42C
0042D404 |. 8D55 F8 lea edx,[local.2]
0042D407 |. 8B83 E4010000 mov eax,dword ptr ds:[ebx+0x1E4] ; TForm1.Edit2:TEdit
0042D40D |. E8 CEC9FEFF call 00419DE0 ; TControl.GetText
0042D412 |. 837D F8 00 cmp [local.2],0x0 ; // "12345"
0042D416 |. 74 14 je short 0042D42C
0042D418 |. 8D55 F4 lea edx,[local.3]
0042D41B |. 8B83 EC010000 mov eax,dword ptr ds:[ebx+0x1EC] ; TForm1.Edit3:TEdit
0042D421 |. E8 BAC9FEFF call 00419DE0 ; TControl.GetText
0042D426 |. 837D F4 00 cmp [local.3],0x0 ; // "67890"
0042D42A |. 75 44 jnz short 0042D470
0042D42C |> B8 C4D54200 mov eax,0042D5C4 ; ASCII 46,"ill all boxes first dumb!"
0042D431 |. E8 56F6FFFF call 0042CA8C
0042D436 |. 33C0 xor eax,eax
0042D438 |. A3 14F74200 mov dword ptr ds:[0x42F714],eax
0042D43D |. 33C0 xor eax,eax
0042D43F |. A3 18F74200 mov dword ptr ds:[0x42F718],eax
0042D444 |. 33D2 xor edx,edx
0042D446 |. 8B83 E0010000 mov eax,dword ptr ds:[ebx+0x1E0] ; TForm1.Edit1:TEdit
0042D44C |. E8 BFC9FEFF call 00419E10 ; TControl.SetText
0042D451 |. 33D2 xor edx,edx
0042D453 |. 8B83 E4010000 mov eax,dword ptr ds:[ebx+0x1E4] ; TForm1.Edit2:TEdit
0042D459 |. E8 B2C9FEFF call 00419E10 ; TControl.SetText
0042D45E |. 33D2 xor edx,edx
0042D460 |. 8B83 EC010000 mov eax,dword ptr ds:[ebx+0x1EC] ; TForm1.Edit3:TEdit
0042D466 |. E8 A5C9FEFF call 00419E10 ; TControl.SetText
0042D46B |. E9 1A010000 jmp 0042D58A
0042D470 |> 833D 14F74200>cmp dword ptr ds:[0x42F714],0x0 ; ds:[0042F714]=00005F2A
0042D477 |. 74 6C je short 0042D4E5
0042D479 |. 833D 18F74200>cmp dword ptr ds:[0x42F718],0x0 ; ds:[0042F718]=0000040B
0042D480 |. 74 63 je short 0042D4E5
0042D482 |. 8D55 F0 lea edx,[local.4] ; // edx = 0x0012F9A0
0042D485 |. A1 14F74200 mov eax,dword ptr ds:[0x42F714] ; ds:[0042F714]=00005F2A
0042D48A |. E8 C190FDFF call 00406550 ; IntToStr
0042D48F |. 8B45 F0 mov eax,[local.4] ; 0x5F2A 转换为 (ASCII "24362")
0042D492 |. 50 push eax
0042D493 |. 8D55 FC lea edx,[local.1] ; // "bbdxf"
0042D496 |. 8B83 E4010000 mov eax,dword ptr ds:[ebx+0x1E4] ; TForm1.Edit2:TEdit
0042D49C |. E8 3FC9FEFF call 00419DE0 ; TControl.GetText
0042D4A1 |. 8B55 FC mov edx,[local.1] ; // "12345"
0042D4A4 |. 58 pop eax ; // eax = "24362"
0042D4A5 |. E8 2664FDFF call 004038D0 ; @LStrCmp
0042D4AA 90 nop ; // 第一个关键跳转
0042D4AB 90 nop
0042D4AC |. 8D55 F0 lea edx,[local.4] ; // "24362"
0042D4AF |. A1 18F74200 mov eax,dword ptr ds:[0x42F718] ; [0042F718]=0000040B = 1035
0042D4B4 |. E8 9790FDFF call 00406550 ; IntToStr
0042D4B9 |. 8B45 F0 mov eax,[local.4] ; // eax = (ASCII "1035")
0042D4BC |. 50 push eax
0042D4BD |. 8D55 FC lea edx,[local.1] ; // "12345"
0042D4C0 |. 8B83 EC010000 mov eax,dword ptr ds:[ebx+0x1EC] ; TForm1.Edit3:TEdit
0042D4C6 |. E8 15C9FEFF call 00419DE0 ; TControl.GetText
0042D4CB |. 8B55 FC mov edx,[local.1] ; // edx = "67890"
0042D4CE |. 58 pop eax ; // eax = "1035"
0042D4CF |. E8 FC63FDFF call 004038D0 ; @LStrCmp
0042D4D4 |. 75 0F jnz short 0042D4E5 ; // 第二个关键跳转
0042D4D6 |. B8 E8D54200 mov eax,0042D5E8 ; ASCII 48,"mmm.... Cracked... Congratulations idiot! :-)"
0042D4DB |. E8 ACF5FFFF call 0042CA8C ; ShowMessage
发现,文本比较的位置是:
0042D51A call @LStrCmp
0042D544 call @LStrCmp
之后有两个关键跳转,我们如果爆破就很简单,修改两个关键跳转,使用NOP填充:
jnz short 0042D4E5
jnz short 0042D4E5
4、注册机的探索
在OD分析的时候其实已经把注册码的生成算法弄出来了,但是我们发现,其中涉及到好几个【常量值】,但是这些【常量】都很特殊,当我们将Name改变时,这些【常量值】也发生了变化,SO,说明【常量】也不是固定的,应该是通过Name算出来的。
继续查看IDR分析,找到了一个Name的事件:
Unit1::TForm1.Edit1KeyPress0042CE30 xor edx,edx0042CE32 mov dl,byte ptr [ecx]0042CE34 add edx,0FFFFFFF80042CE37 cmp edx,72
>0042CE3A ja 0042D3C00042CE40 mov dl,byte ptr [edx+42CE4D]0042CE46 jmp dword ptr [edx*4+42CEC0]0042CE4D db 530042CE4E db 00042CE4F db 00042CE50 db 00042CE51 db 00042CE52 db 00042CE53 db 00042CE54 db 00042CE55 db 00042CE56 db 00042CE57 db 00042CE58 db 00042CE59 db 00042CE5A db 00042CE5B db 00042CE5C db 00042CE5D db 00042CE5E db 00042CE5F db 00042CE60 db 00042CE61 db 00042CE62 db 00042CE63 db 00042CE64 db 00042CE65 db 00042CE66 db 00042CE67 db 00042CE68 db 00042CE69 db 00042CE6A db 00042CE6B db 00042CE6C db 00042CE6D db 00042CE6E db 00042CE6F db 00042CE70 db 00042CE71 db 00042CE72 db 00042CE73 db 00042CE74 db 00042CE75 db 00042CE76 db 00042CE77 db 00042CE78 db 00042CE79 db 00042CE7A db 00042CE7B db 00042CE7C db 00042CE7D db 00042CE7E db 00042CE7F db 00042CE80 db 00042CE81 db 00042CE82 db 00042CE83 db 00042CE84 db 00042CE85 db 00042CE86 db 270042CE87 db 280042CE88 db 290042CE89 db 300042CE8A db 310042CE8B db 320042CE8C db 330042CE8D db 340042CE8E db 350042CE8F db 360042CE90 db 370042CE91 db 380042CE92 db 390042CE93 db 400042CE94 db 410042CE95 db 420042CE96 db 430042CE97 db 440042CE98 db 450042CE99 db 460042CE9A db 470042CE9B db 480042CE9C db 500042CE9D db 490042CE9E db 510042CE9F db 520042CEA0 db 00042CEA1 db 00042CEA2 db 00042CEA3 db 00042CEA4 db 00042CEA5 db 00042CEA6 db 10042CEA7 db 20042CEA8 db 30042CEA9 db 40042CEAA db 50042CEAB db 60042CEAC db 70042CEAD db 80042CEAE db 90042CEAF db 100042CEB0 db 110042CEB1 db 120042CEB2 db 130042CEB3 db 140042CEB4 db 150042CEB5 db 160042CEB6 db 170042CEB7 db 180042CEB8 db 190042CEB9 db 200042CEBA db 210042CEBB db 220042CEBC db 240042CEBD db 230042CEBE db 250042CEBF db 260042CEC0 dd 42D3C00042CEC4 dd 42CF980042CEC8 dd 42CFAA0042CECC dd 42CFBC0042CED0 dd 42CFD10042CED4 dd 42CFE60042CED8 dd 42CFF80042CEDC dd 42D00A0042CEE0 dd 42D01C0042CEE4 dd 42D02E0042CEE8 dd 42D0400042CEEC dd 42D0550042CEF0 dd 42D0670042CEF4 dd 42D07C0042CEF8 dd 42D08E0042CEFC dd 42D0A00042CF00 dd 42D0B50042CF04 dd 42D0CA0042CF08 dd 42D0DF0042CF0C dd 42D0F40042CF10 dd 42D1050042CF14 dd 42D1170042CF18 dd 42D1290042CF1C dd 42D13B0042CF20 dd 42D14D0042CF24 dd 42D15F0042CF28 dd 42D1710042CF2C dd 42D1860042CF30 dd 42D19B0042CF34 dd 42D1AD0042CF38 dd 42D1C20042CF3C dd 42D1D70042CF40 dd 42D1EC0042CF44 dd 42D2010042CF48 dd 42D2160042CF4C dd 42D22B0042CF50 dd 42D2400042CF54 dd 42D2550042CF58 dd 42D26A0042CF5C dd 42D27F0042CF60 dd 42D2940042CF64 dd 42D2A90042CF68 dd 42D2BE0042CF6C dd 42D2D30042CF70 dd 42D2E80042CF74 dd 42D2FD0042CF78 dd 42D3120042CF7C dd 42D3270042CF80 dd 42D33C0042CF84 dd 42D3510042CF88 dd 42D3660042CF8C dd 42D37B0042CF90 dd 42D3900042CF94 dd 42D3A50042CF98 add dword ptr ds:[42F714],427; gvar_0042F7140042CFA2 add dword ptr ds:[42F718],79; gvar_0042F7180042CFA9 ret0042CFAA add dword ptr ds:[42F714],6BC; gvar_0042F7140042CFB4 add dword ptr ds:[42F718],6F; gvar_0042F7180042CFBB ret0042CFBC add dword ptr ds:[42F714],491; gvar_0042F7140042CFC6 add dword ptr ds:[42F718],2E2; gvar_0042F7180042CFD0 ret0042CFD1 add dword ptr ds:[42F714],474D; gvar_0042F7140042CFDB add dword ptr ds:[42F718],2FA; gvar_0042F7180042CFE5 ret0042CFE6 add dword ptr ds:[42F714],400; gvar_0042F7140042CFF0 add dword ptr ds:[42F718],0E; gvar_0042F7180042CFF7 ret0042CFF8 add dword ptr ds:[42F714],6D0; gvar_0042F7140042D002 add dword ptr ds:[42F718],0D; gvar_0042F7180042D009 ret0042D00A add dword ptr ds:[42F714],67D; gvar_0042F7140042D014 add dword ptr ds:[42F718],0C; gvar_0042F7180042D01B ret0042D01C add dword ptr ds:[42F714],750; gvar_0042F7140042D026 add dword ptr ds:[42F718],0B; gvar_0042F7180042D02D ret0042D02E add dword ptr ds:[42F714],43C; gvar_0042F7140042D038 add dword ptr ds:[42F718],63; gvar_0042F7180042D03F ret0042D040 add dword ptr ds:[42F714],764; gvar_0042F7140042D04A add dword ptr ds:[42F718],378; gvar_0042F7180042D054 ret0042D055 add dword ptr ds:[42F714],0C0; gvar_0042F7140042D05F add dword ptr ds:[42F718],4D; gvar_0042F7180042D066 ret0042D067 add dword ptr ds:[42F714],277D; gvar_0042F7140042D071 add dword ptr ds:[42F718],22B; gvar_0042F7180042D07B ret0042D07C add dword ptr ds:[42F714],81E; gvar_0042F7140042D086 add dword ptr ds:[42F718],5A; gvar_0042F7180042D08D ret0042D08E add dword ptr ds:[42F714],0E07; gvar_0042F7140042D098 add dword ptr ds:[42F718],62; gvar_0042F7180042D09F ret0042D0A0 add dword ptr ds:[42F714],8E; gvar_0042F7140042D0AA add dword ptr ds:[42F718],1D2C; gvar_0042F7180042D0B4 ret0042D0B5 add dword ptr ds:[42F714],9A670; gvar_0042F7140042D0BF add dword ptr ds:[42F718],8C7F3; gvar_0042F7180042D0C9 ret0042D0CA add dword ptr ds:[42F714],0D57; gvar_0042F7140042D0D4 add dword ptr ds:[42F718],288; gvar_0042F7180042D0DE ret0042D0DF add dword ptr ds:[42F714],5FEB; gvar_0042F7140042D0E9 add dword ptr ds:[42F718],21A; gvar_0042F7180042D0F3 ret0042D0F4 add dword ptr ds:[42F714],8B0; gvar_0042F7140042D0FE inc dword ptr ds:[42F718]; gvar_0042F7180042D104 ret0042D105 add dword ptr ds:[42F714],4BB; gvar_0042F7140042D10F add dword ptr ds:[42F718],40; gvar_0042F7180042D116 ret0042D117 add dword ptr ds:[42F714],8C2; gvar_0042F7140042D121 add dword ptr ds:[42F718],4B; gvar_0042F7180042D128 ret0042D129 add dword ptr ds:[42F714],1CA6; gvar_0042F7140042D133 add dword ptr ds:[42F718],4E; gvar_0042F7180042D13A ret0042D13B add dword ptr ds:[42F714],395; gvar_0042F7140042D145 add dword ptr ds:[42F718],26; gvar_0042F7180042D14C ret0042D14D add dword ptr ds:[42F714],251E; gvar_0042F7140042D157 add dword ptr ds:[42F718],5; gvar_0042F7180042D15E ret0042D15F add dword ptr ds:[42F714],2D13; gvar_0042F7140042D169 add dword ptr ds:[42F718],8; gvar_0042F7180042D170 ret0042D171 add dword ptr ds:[42F714],1900; gvar_0042F7140042D17B add dword ptr ds:[42F718],1C8; gvar_0042F7180042D185 ret0042D186 add dword ptr ds:[42F714],428; gvar_0042F7140042D190 add dword ptr ds:[42F718],1610; gvar_0042F7180042D19A ret0042D19B add dword ptr ds:[42F714],0B1630; gvar_0042F7140042D1A5 add dword ptr ds:[42F718],2; gvar_0042F7180042D1AC ret0042D1AD add dword ptr ds:[42F714],0D86; gvar_0042F7140042D1B7 add dword ptr ds:[42F718],270F; gvar_0042F7180042D1C1 ret0042D1C2 add dword ptr ds:[42F714],11A4; gvar_0042F7140042D1CC add dword ptr ds:[42F718],46FF33C; gvar_0042F7180042D1D6 ret0042D1D7 add dword ptr ds:[42F714],11F0A; gvar_0042F7140042D1E1 add dword ptr ds:[42F718],8B3C; gvar_0042F7180042D1EB ret0042D1EC add dword ptr ds:[42F714],3CC2; gvar_0042F7140042D1F6 add dword ptr ds:[42F718],8618; gvar_0042F7180042D200 ret0042D201 add dword ptr ds:[42F714],3E1A8; gvar_0042F7140042D20B add dword ptr ds:[42F718],6C81C; gvar_0042F7180042D215 ret0042D216 add dword ptr ds:[42F714],91E4; gvar_0042F7140042D220 add dword ptr ds:[42F718],27E945; gvar_0042F7180042D22A ret0042D22B add dword ptr ds:[42F714],6B42; gvar_0042F7140042D235 add dword ptr ds:[42F718],2FC7C3; gvar_0042F7180042D23F ret0042D240 add dword ptr ds:[42F714],516A4; gvar_0042F7140042D24A add dword ptr ds:[42F718],0B8F47C; gvar_0042F7180042D254 ret0042D255 add dword ptr ds:[42F714],4345A; gvar_0042F7140042D25F add dword ptr ds:[42F718],115C7; gvar_0042F7180042D269 ret0042D26A add dword ptr ds:[42F714],1BFDD9; gvar_0042F7140042D274 add dword ptr ds:[42F718],12B54; gvar_0042F7180042D27E ret0042D27F add dword ptr ds:[42F714],286D; gvar_0042F7140042D289 add dword ptr ds:[42F718],0B348C; gvar_0042F7180042D293 ret0042D294 add dword ptr ds:[42F714],401; gvar_0042F7140042D29E add dword ptr ds:[42F718],357CE174; gvar_0042F7180042D2A8 ret0042D2A9 add dword ptr ds:[42F714],674; gvar_0042F7140042D2B3 add dword ptr ds:[42F718],317CD7; gvar_0042F7180042D2BD ret0042D2BE add dword ptr ds:[42F714],9C; gvar_0042F7140042D2C8 add dword ptr ds:[42F718],7DD834; gvar_0042F7180042D2D2 ret0042D2D3 add dword ptr ds:[42F714],156; gvar_0042F7140042D2DD add dword ptr ds:[42F718],39CD0; gvar_0042F7180042D2E7 ret0042D2E8 add dword ptr ds:[42F714],8627; gvar_0042F7140042D2F2 add dword ptr ds:[42F718],0BF44A; gvar_0042F7180042D2FC ret0042D2FD add dword ptr ds:[42F714],748190; gvar_0042F7140042D307 add dword ptr ds:[42F718],854686; gvar_0042F7180042D311 ret0042D312 add dword ptr ds:[42F714],0A568; gvar_0042F7140042D31C add dword ptr ds:[42F718],13220; gvar_0042F7180042D326 ret0042D327 add dword ptr ds:[42F714],15592; gvar_0042F7140042D331 add dword ptr ds:[42F718],302E; gvar_0042F7180042D33B ret0042D33C add dword ptr ds:[42F714],1DD9; gvar_0042F7140042D346 add dword ptr ds:[42F718],1C43; gvar_0042F7180042D350 ret0042D351 add dword ptr ds:[42F714],266A; gvar_0042F7140042D35B add dword ptr ds:[42F718],2BA96C08; gvar_0042F7180042D365 ret0042D366 add dword ptr ds:[42F714],3CC0; gvar_0042F7140042D370 add dword ptr ds:[42F718],4EFC8; gvar_0042F7180042D37A ret0042D37B add dword ptr ds:[42F714],8311; gvar_0042F7140042D385 add dword ptr ds:[42F718],1C46; gvar_0042F7180042D38F ret0042D390 add dword ptr ds:[42F714],0CE1B; gvar_0042F7140042D39A add dword ptr ds:[42F718],0B1664; gvar_0042F7180042D3A4 ret0042D3A5 xor edx,edx0042D3A7 mov eax,dword ptr [eax+1E0]; TForm1.Edit1:TEdit0042D3AD call TControl.SetText0042D3B2 xor eax,eax0042D3B4 mov [0042F714],eax; gvar_0042F7140042D3B9 xor eax,eax0042D3BB mov [0042F718],eax; gvar_0042F7180042D3C0 ret
这看起来很乱,不管他,到OD中分析一下:
0042CE30 . 33D2 xor edx,edx ; // 每输入一个字符就进行处理
0042CE32 . 8A11 mov dl,byte ptr ds:[ecx] ; // dl 存放字符的ANSII
0042CE34 . 83C2 F8 add edx,-0x8 ; Switch (cases 8..7A)
0042CE37 . 83FA 72 cmp edx,0x72
0042CE3A . 0F87 80050000 ja 0042D3C0 ; // ANSII码值大于0x80则直接返回
0042CE40 . 8A92 4DCE4200 mov dl,byte ptr ds:[edx+0x42CE4D]
0042CE46 . FF2495 C0CE42>jmp dword ptr ds:[edx*4+0x42CEC0] ; Cabeca.0042CFF8
头部,进行了一个Switch(),然后跟踪[edx+0x42CE4D]的指针,对应不同的操作,edx范围从8到0x7A,看下0x42CE4D的内容:
db 0x42ce4d
db 0x42cebf
0042CE4D 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5...............
0042CE5D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0042CE6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0042CE7D 00 00 00 00 00 00 00 00 00 1B 1C 1D 1E 1F 20 21 ......... !
0042CE8D 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 32 "#$%&'()*+,-./02
0042CE9D 31 33 34 00 00 00 00 00 00 01 02 03 04 05 06 07 134......
0042CEAD 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 18 .. ..
0042CEBD 17 19 1A
这些应该是一个数组,存放着递增的值,然后根据计算后的指针,指向下面的跳转:
0042CEC0 . /C0D34200 dd Cabeca.0042D3C0 ; Switch table used at 0042CE46
0042CEC4 . |98CF4200 dd Cabeca.0042CF98
0042CEC8 . |AACF4200 dd Cabeca.0042CFAA
0042CECC . |BCCF4200 dd Cabeca.0042CFBC
0042CED0 . |D1CF4200 dd Cabeca.0042CFD1
0042CED4 . |E6CF4200 dd Cabeca.0042CFE6
0042CED8 . |F8CF4200 dd Cabeca.0042CFF8
0042CEDC . |0AD04200 dd Cabeca.0042D00A
0042CEE0 . |1CD04200 dd Cabeca.0042D01C
0042CEE4 . |2ED04200 dd Cabeca.0042D02E
0042CEE8 . |40D04200 dd Cabeca.0042D040
0042CEEC . |55D04200 dd Cabeca.0042D055
0042CEF0 . |67D04200 dd Cabeca.0042D067
0042CEF4 . |7CD04200 dd Cabeca.0042D07C
0042CEF8 . |8ED04200 dd Cabeca.0042D08E
0042CEFC . |A0D04200 dd Cabeca.0042D0A0
0042CF00 . |B5D04200 dd Cabeca.0042D0B5
0042CF04 . |CAD04200 dd Cabeca.0042D0CA
0042CF08 . |DFD04200 dd Cabeca.0042D0DF
0042CF0C . |F4D04200 dd Cabeca.0042D0F4
0042CF10 . |05D14200 dd Cabeca.0042D105
0042CF14 . |17D14200 dd Cabeca.0042D117
0042CF18 . |29D14200 dd Cabeca.0042D129
0042CF1C . |3BD14200 dd Cabeca.0042D13B
0042CF20 . |4DD14200 dd Cabeca.0042D14D
0042CF24 . |5FD14200 dd Cabeca.0042D15F
0042CF28 . |71D14200 dd Cabeca.0042D171
0042CF2C . |86D14200 dd Cabeca.0042D186
0042CF30 . |9BD14200 dd Cabeca.0042D19B
0042CF34 . |ADD14200 dd Cabeca.0042D1AD
0042CF38 . |C2D14200 dd Cabeca.0042D1C2
0042CF3C . |D7D14200 dd Cabeca.0042D1D7
0042CF40 . |ECD14200 dd Cabeca.0042D1EC
0042CF44 . |01D24200 dd Cabeca.0042D201
0042CF48 . |16D24200 dd Cabeca.0042D216
0042CF4C . |2BD24200 dd Cabeca.0042D22B
0042CF50 . |40D24200 dd Cabeca.0042D240
0042CF54 . |55D24200 dd Cabeca.0042D255
0042CF58 . |6AD24200 dd Cabeca.0042D26A
0042CF5C . |7FD24200 dd Cabeca.0042D27F
0042CF60 . |94D24200 dd Cabeca.0042D294
0042CF64 . |A9D24200 dd Cabeca.0042D2A9
0042CF68 . |BED24200 dd Cabeca.0042D2BE
0042CF6C . |D3D24200 dd Cabeca.0042D2D3
0042CF70 . |E8D24200 dd Cabeca.0042D2E8
0042CF74 . |FDD24200 dd Cabeca.0042D2FD
0042CF78 . |12D34200 dd Cabeca.0042D312
0042CF7C . |27D34200 dd Cabeca.0042D327
0042CF80 . |3CD34200 dd Cabeca.0042D33C
0042CF84 . |51D34200 dd Cabeca.0042D351
0042CF88 . |66D34200 dd Cabeca.0042D366
0042CF8C . |7BD34200 dd Cabeca.0042D37B
0042CF90 . |90D34200 dd Cabeca.0042D390
0042CF94 . |A5D34200 dd Cabeca.0042D3A5
0042CF98 > \8105 14F74200>add dword ptr ds:[0x42F714],0x427 ; Case 61 of switch 0042CE34
0042CFA2 . 8305 18F74200>add dword ptr ds:[0x42F718],0x79
0042CFA9 . C3 retn
0042CFAA > 8105 14F74200>add dword ptr ds:[0x42F714],0x6BC ; Case 62 of switch 0042CE34
0042CFB4 . 8305 18F74200>add dword ptr ds:[0x42F718],0x6F
0042CFBB . C3 retn
0042CFBC > 8105 14F74200>add dword ptr ds:[0x42F714],0x491 ; Case 63 of switch 0042CE34
0042CFC6 . 8105 18F74200>add dword ptr ds:[0x42F718],0x2E2
0042CFD0 . C3 retn
0042CFD1 > 8105 14F74200>add dword ptr ds:[0x42F714],0x474D ; Case 64 of switch 0042CE34
0042CFDB . 8105 18F74200>add dword ptr ds:[0x42F718],0x2FA
0042CFE5 . C3 retn
0042CFE6 > 8105 14F74200>add dword ptr ds:[0x42F714],0x400 ; Case 65 of switch 0042CE34
0042CFF0 . 8305 18F74200>add dword ptr ds:[0x42F718],0xE
0042CFF7 . C3 retn
0042CFF8 > 8105 14F74200>add dword ptr ds:[0x42F714],0x6D0 ; Case 66 of switch 0042CE34
0042D002 . 8305 18F74200>add dword ptr ds:[0x42F718],0xD
0042D009 . C3 retn
0042D00A > 8105 14F74200>add dword ptr ds:[0x42F714],0x67D ; Case 67 of switch 0042CE34
0042D014 . 8305 18F74200>add dword ptr ds:[0x42F718],0xC
0042D01B . C3 retn
0042D01C > 8105 14F74200>add dword ptr ds:[0x42F714],0x750 ; Case 68 of switch 0042CE34
0042D026 . 8305 18F74200>add dword ptr ds:[0x42F718],0xB
0042D02D . C3 retn
0042D02E > 8105 14F74200>add dword ptr ds:[0x42F714],0x43C ; Case 69 of switch 0042CE34
0042D038 . 8305 18F74200>add dword ptr ds:[0x42F718],0x63
0042D03F . C3 retn
0042D040 > 8105 14F74200>add dword ptr ds:[0x42F714],0x764 ; Case 6A of switch 0042CE34
0042D04A . 8105 18F74200>add dword ptr ds:[0x42F718],0x378
0042D054 . C3 retn
0042D055 > 8105 14F74200>add dword ptr ds:[0x42F714],0xC0 ; Case 6B of switch 0042CE34
0042D05F . 8305 18F74200>add dword ptr ds:[0x42F718],0x4D
0042D066 . C3 retn
0042D067 > 8105 14F74200>add dword ptr ds:[0x42F714],0x277D ; Case 6C of switch 0042CE34
0042D071 . 8105 18F74200>add dword ptr ds:[0x42F718],0x22B
0042D07B . C3 retn
0042D07C > 8105 14F74200>add dword ptr ds:[0x42F714],0x81E ; Case 6D of switch 0042CE34
0042D086 . 8305 18F74200>add dword ptr ds:[0x42F718],0x5A
0042D08D . C3 retn
0042D08E > 8105 14F74200>add dword ptr ds:[0x42F714],0xE07 ; Case 6E of switch 0042CE34
0042D098 . 8305 18F74200>add dword ptr ds:[0x42F718],0x62
0042D09F . C3 retn
0042D0A0 > 8105 14F74200>add dword ptr ds:[0x42F714],0x8E ; Case 6F of switch 0042CE34
0042D0AA . 8105 18F74200>add dword ptr ds:[0x42F718],0x1D2C
0042D0B4 . C3 retn
0042D0B5 > 8105 14F74200>add dword ptr ds:[0x42F714],0x9A670 ; Case 70 of switch 0042CE34
0042D0BF . 8105 18F74200>add dword ptr ds:[0x42F718],0x8C7F3
0042D0C9 . C3 retn
0042D0CA > 8105 14F74200>add dword ptr ds:[0x42F714],0xD57 ; Case 71 of switch 0042CE34
0042D0D4 . 8105 18F74200>add dword ptr ds:[0x42F718],0x288
0042D0DE . C3 retn
0042D0DF > 8105 14F74200>add dword ptr ds:[0x42F714],0x5FEB ; Case 72 of switch 0042CE34
0042D0E9 . 8105 18F74200>add dword ptr ds:[0x42F718],0x21A
0042D0F3 . C3 retn
0042D0F4 > 8105 14F74200>add dword ptr ds:[0x42F714],0x8B0 ; Case 73 of switch 0042CE34
0042D0FE . FF05 18F74200 inc dword ptr ds:[0x42F718]
0042D104 . C3 retn
0042D105 > 8105 14F74200>add dword ptr ds:[0x42F714],0x4BB ; Case 74 of switch 0042CE34
0042D10F . 8305 18F74200>add dword ptr ds:[0x42F718],0x40
0042D116 . C3 retn
0042D117 > 8105 14F74200>add dword ptr ds:[0x42F714],0x8C2 ; Case 75 of switch 0042CE34
0042D121 . 8305 18F74200>add dword ptr ds:[0x42F718],0x4B
0042D128 . C3 retn
0042D129 > 8105 14F74200>add dword ptr ds:[0x42F714],0x1CA6 ; Case 76 of switch 0042CE34
0042D133 . 8305 18F74200>add dword ptr ds:[0x42F718],0x4E
0042D13A . C3 retn
0042D13B > 8105 14F74200>add dword ptr ds:[0x42F714],0x395 ; Case 78 of switch 0042CE34
0042D145 . 8305 18F74200>add dword ptr ds:[0x42F718],0x26
0042D14C . C3 retn
0042D14D > 8105 14F74200>add dword ptr ds:[0x42F714],0x251E ; Case 77 of switch 0042CE34
0042D157 . 8305 18F74200>add dword ptr ds:[0x42F718],0x5
0042D15E . C3 retn
0042D15F > 8105 14F74200>add dword ptr ds:[0x42F714],0x2D13 ; Case 79 of switch 0042CE34
0042D169 . 8305 18F74200>add dword ptr ds:[0x42F718],0x8
0042D170 . C3 retn
0042D171 > 8105 14F74200>add dword ptr ds:[0x42F714],0x1900 ; Case 7A of switch 0042CE34
0042D17B . 8105 18F74200>add dword ptr ds:[0x42F718],0x1C8
0042D185 . C3 retn
0042D186 > 8105 14F74200>add dword ptr ds:[0x42F714],0x428 ; Case 41 of switch 0042CE34
0042D190 . 8105 18F74200>add dword ptr ds:[0x42F718],0x1610
0042D19A . C3 retn
0042D19B > 8105 14F74200>add dword ptr ds:[0x42F714],0xB1630 ; Case 42 of switch 0042CE34
0042D1A5 . 8305 18F74200>add dword ptr ds:[0x42F718],0x2
0042D1AC . C3 retn
0042D1AD > 8105 14F74200>add dword ptr ds:[0x42F714],0xD86 ; Case 43 of switch 0042CE34
0042D1B7 . 8105 18F74200>add dword ptr ds:[0x42F718],0x270F
0042D1C1 . C3 retn
0042D1C2 > 8105 14F74200>add dword ptr ds:[0x42F714],0x11A4 ; Case 44 of switch 0042CE34
0042D1CC . 8105 18F74200>add dword ptr ds:[0x42F718],0x46FF33C
0042D1D6 . C3 retn
0042D1D7 > 8105 14F74200>add dword ptr ds:[0x42F714],0x11F0A ; Case 45 of switch 0042CE34
0042D1E1 . 8105 18F74200>add dword ptr ds:[0x42F718],0x8B3C
0042D1EB . C3 retn
0042D1EC > 8105 14F74200>add dword ptr ds:[0x42F714],0x3CC2 ; Case 46 of switch 0042CE34
0042D1F6 . 8105 18F74200>add dword ptr ds:[0x42F718],0x8618
0042D200 . C3 retn
0042D201 > 8105 14F74200>add dword ptr ds:[0x42F714],0x3E1A8 ; Case 47 of switch 0042CE34
0042D20B . 8105 18F74200>add dword ptr ds:[0x42F718],0x6C81C
0042D215 . C3 retn
0042D216 > 8105 14F74200>add dword ptr ds:[0x42F714],0x91E4 ; Case 48 of switch 0042CE34
0042D220 . 8105 18F74200>add dword ptr ds:[0x42F718],0x27E945
0042D22A . C3 retn
0042D22B > 8105 14F74200>add dword ptr ds:[0x42F714],0x6B42 ; Case 49 of switch 0042CE34
0042D235 . 8105 18F74200>add dword ptr ds:[0x42F718],0x2FC7C3
0042D23F . C3 retn
0042D240 > 8105 14F74200>add dword ptr ds:[0x42F714],0x516A4 ; Case 4A of switch 0042CE34
0042D24A . 8105 18F74200>add dword ptr ds:[0x42F718],0xB8F47C
0042D254 . C3 retn
0042D255 > 8105 14F74200>add dword ptr ds:[0x42F714],0x4345A ; Case 4B of switch 0042CE34
0042D25F . 8105 18F74200>add dword ptr ds:[0x42F718],0x115C7
0042D269 . C3 retn
0042D26A > 8105 14F74200>add dword ptr ds:[0x42F714],0x1BFDD9 ; Case 4C of switch 0042CE34
0042D274 . 8105 18F74200>add dword ptr ds:[0x42F718],0x12B54
0042D27E . C3 retn
0042D27F > 8105 14F74200>add dword ptr ds:[0x42F714],0x286D ; Case 4D of switch 0042CE34
0042D289 . 8105 18F74200>add dword ptr ds:[0x42F718],0xB348C
0042D293 . C3 retn
0042D294 > 8105 14F74200>add dword ptr ds:[0x42F714],0x401 ; Case 4E of switch 0042CE34
0042D29E . 8105 18F74200>add dword ptr ds:[0x42F718],0x357CE174
0042D2A8 . C3 retn
0042D2A9 > 8105 14F74200>add dword ptr ds:[0x42F714],0x674 ; Case 4F of switch 0042CE34
0042D2B3 . 8105 18F74200>add dword ptr ds:[0x42F718],0x317CD7
0042D2BD . C3 retn
0042D2BE > 8105 14F74200>add dword ptr ds:[0x42F714],0x9C ; Case 50 of switch 0042CE34
0042D2C8 . 8105 18F74200>add dword ptr ds:[0x42F718],0x7DD834
0042D2D2 . C3 retn
0042D2D3 > 8105 14F74200>add dword ptr ds:[0x42F714],0x156 ; Case 51 of switch 0042CE34
0042D2DD . 8105 18F74200>add dword ptr ds:[0x42F718],0x39CD0
0042D2E7 . C3 retn
0042D2E8 > 8105 14F74200>add dword ptr ds:[0x42F714],0x8627 ; Case 52 of switch 0042CE34
0042D2F2 . 8105 18F74200>add dword ptr ds:[0x42F718],0xBF44A
0042D2FC . C3 retn
0042D2FD > 8105 14F74200>add dword ptr ds:[0x42F714],0x748190 ; Case 53 of switch 0042CE34
0042D307 . 8105 18F74200>add dword ptr ds:[0x42F718],0x854686
0042D311 . C3 retn
0042D312 > 8105 14F74200>add dword ptr ds:[0x42F714],0xA568 ; Case 54 of switch 0042CE34
0042D31C . 8105 18F74200>add dword ptr ds:[0x42F718],0x13220
0042D326 . C3 retn
0042D327 > 8105 14F74200>add dword ptr ds:[0x42F714],0x15592 ; Case 55 of switch 0042CE34
0042D331 . 8105 18F74200>add dword ptr ds:[0x42F718],0x302E
0042D33B . C3 retn
0042D33C > 8105 14F74200>add dword ptr ds:[0x42F714],0x1DD9 ; Case 56 of switch 0042CE34
0042D346 . 8105 18F74200>add dword ptr ds:[0x42F718],0x1C43
0042D350 . C3 retn
0042D351 > 8105 14F74200>add dword ptr ds:[0x42F714],0x266A ; Case 58 of switch 0042CE34
0042D35B . 8105 18F74200>add dword ptr ds:[0x42F718],0x2BA96C08
0042D365 . C3 retn
0042D366 > 8105 14F74200>add dword ptr ds:[0x42F714],0x3CC0 ; Case 57 of switch 0042CE34
0042D370 . 8105 18F74200>add dword ptr ds:[0x42F718],0x4EFC8
0042D37A . C3 retn
0042D37B > 8105 14F74200>add dword ptr ds:[0x42F714],0x8311 ; Case 59 of switch 0042CE34
0042D385 . 8105 18F74200>add dword ptr ds:[0x42F718],0x1C46
0042D38F . C3 retn
0042D390 > 8105 14F74200>add dword ptr ds:[0x42F714],0xCE1B ; Case 5A of switch 0042CE34
0042D39A . 8105 18F74200>add dword ptr ds:[0x42F718],0xB1664
0042D3A4 . C3 retn
0042D3A5 > 33D2 xor edx,edx ; Case 8 of switch 0042CE34
0042D3A7 . 8B80 E0010000 mov eax,dword ptr ds:[eax+0x1E0]
0042D3AD . E8 5ECAFEFF call 00419E10
0042D3B2 . 33C0 xor eax,eax
0042D3B4 . A3 14F74200 mov dword ptr ds:[0x42F714],eax
0042D3B9 . 33C0 xor eax,eax
0042D3BB . A3 18F74200 mov dword ptr ds:[0x42F718],eax
0042D3C0 > C3 retn ; Default case of switch 0042CE34
到这里就悲剧了!这么多case,虽然每个都执行的加法,但是每个加的值都不同,然后将计算后的值作为后面那个算法的常量值处理。
它大概就是这样的:
int na,nb;
char cInput = xx;
swith( cInput )
{case 8:na+=10;nb+=34;break;....case 0x71:na+=10;nb+=34;break;defaultbreak;}
大概就是这样了,又被耍了!
BY 笨笨D幸福
转载于:https://www.cnblogs.com/bbdxf/p/3813869.html
[反汇编练习] 160个CrackMe之021相关推荐
- [反汇编练习] 160个CrackMe之024
[反汇编练习] 160个CrackMe之024. 本系列文章的目的是从一个没有任何经验的新手的角度(其实就是我自己),一步步尝试将160个CrackMe全部破解,如果可以,通过任何方式写出一个类似于注 ...
- [反汇编练习] 160个CrackMe之023
[反汇编练习] 160个CrackMe之023. 本系列文章的目的是从一个没有任何经验的新手的角度(其实就是我自己),一步步尝试将160个CrackMe全部破解,如果可以,通过任何方式写出一个类似于注 ...
- [反汇编练习]160个CrackMe之001
[反汇编练习] 160个CrackMe之001. 本系列文章的目的是从一个没有任何经验的新手的角度(其实就是我自己),一步步尝试将160个CrackMe全部破解,如果可以,通过任何方式写出一个类似于注 ...
- [反汇编练习] 160个CrackMe之025
[反汇编练习] 160个CrackMe之025. 本系列文章的目的是从一个没有任何经验的新手的角度(其实就是我自己),一步步尝试将160个CrackMe全部破解,如果可以,通过任何方式写出一个类似于注 ...
- [反汇编练习] 160个CrackMe之033
[反汇编练习] 160个CrackMe之033. 本系列文章的目的是从一个没有任何经验的新手的角度(其实就是我自己),一步步尝试将160个CrackMe全部破解,如果可以,通过任何方式写出一个类似于注 ...
- [反汇编练习] 160个CrackMe之004
[反汇编练习] 160个CrackMe之004. 本系列文章的目的是从一个没有任何经验的新手的角度(其实就是我自己),一步步尝试将160个CrackMe全部破解,如果可以,通过任何方式写出一个类似于注 ...
- Crackme006 - 全新160个CrackMe学习系列(图文|视频|注册机源码)
知乎:逆向驿站 原文链接 CrackMe006 | 难度适中适合练手 |160个CrackMe深度解析(图文+视频+注册机源码) crackme006,依然是delphi的,而且没壳子,条线比较清晰, ...
- 视频+图文+注册+机源码 | 160个CrackMe深度解析合集 | 逆向破解入门
全部合集的获取请关注微信公众号:逆向驿站 回复:160 即可获得其余合集 以下是示例文章 160个CrackMe深度解析合集-001 提倡"刨根问底",拒绝"浅尝辄止&q ...
- Crackme006 - 全新160个CrackMe深度解析系列(图文+视频+注册机源码)
原文链接 CrackMe006 | 难度适中适合练手 |160个CrackMe深度解析(图文+视频+注册机源码) crackme006,依然是delphi的,而且没壳子,条线比较清晰,算法也不难,非常 ...
最新文章
- MusicXML 3.0 (7) - 连线、延音线
- 基础数学:关于二次无理数
- Lua的继承(利用setmetatable)
- MySQL空密码用户清理
- SDUT - Mountain Subsequences(dp)
- 使用Azure轻松实现Teams App的全球合规性
- leetcode7 整数反转
- 使用Fiddler4抓取微信小程序请求
- 在蚂蚁金服工作是一种什么体验
- 08——<use><defs>标签创建图形引用
- Docker容器实现跨宿主机通信
- 【目标跟踪 MOT】JDE - Towards Real-Time Multi-Object Tracking
- 设计模式08—模板方法模式
- 编译原理陈火旺第三版第七章课后题答案
- MySQL 临时目录
- silverlight 无法启动调试 数据无效
- ccf 201612-3 权限查询(100分)
- 计算机科学的四大领域,计算机科学CS四大名校解析
- 开发板Linux手指滑动方向,移动应用滑动屏幕方向判断解决方案,JS判断手势方向...
- 第一个PWA程序-聊天室
热门文章
- Java中的finalize方法
- 计算机网络实验(思科模拟器Cisco Packet Tracer)配置静态路由使三台pc机网络互通
- 中国平安增持华夏幸福5.69%股权 看好长期战略协同
- AI路径查找器的使用
- java 中 IO 的流的种类及BIO、NIO、AIO 有什么区别?
- 业务团队如何在日常工作中做稳定性?涵盖事前、事中、事后的方方面面
- mysql中where语句的不等于操作
- MIFI与随身wifi、wifi共享软件,玩坏wifi的几种方法
- c++ sleep函数 linux,sleep()函数 | C/C++程序员之家
- 如何区分光接入网OLT, ONU, ODN,ONT?