blowfish´óϺ£¬ÇëÎÊÄÜ·ñ½â¾öµô´ËpcodeµÄNAG£¿
¼û¡¶ÂÛ̳¾«»ªII¡·ÖУº¡°ACiD_BuRN2µÄcrackme¡±
http://go6.163.com/~ddxia/crackme/ACiD_BuRN2.zip
ÎÒÈ¥³ýÁËÆäanti-smartcheck¹¦ÄÜÈçÏ£º
ÓÃexdec·´±àÒëÖ®£º
Proc: 42c318
42C148: f5 LitI4: 0x4e 78 (...N)
42C14D: 04 FLdRfVar local_0098
42C150: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C155: 04 FLdRfVar local_0098
42C158: f5 LitI4: 0x55 85 (...U)
42C15D: 04 FLdRfVar local_00A8
42C160: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C165: 04 FLdRfVar local_00A8
42C168: Lead0/ef ConcatVar
42C16C: f5 LitI4: 0x4d 77 (...M)
42C171: 04 FLdRfVar local_00C8
42C174: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C179: 04 FLdRfVar local_00C8
42C17C: Lead0/ef ConcatVar
42C180: f5 LitI4: 0x45 69 (...E)
42C185: 04 FLdRfVar local_00E8
42C188: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C18D: 04 FLdRfVar local_00E8
42C190: Lead0/ef ConcatVar
42C194: f5 LitI4: 0x47 71 (...G)
42C199: 04 FLdRfVar local_0108
42C19C: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C1A1: 04 FLdRfVar local_0108
42C1A4: Lead0/ef ConcatVar
42C1A8: f5 LitI4: 0x41 65 (...A)
42C1AD: 04 FLdRfVar local_0128
42C1B0: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C1B5: 04 FLdRfVar local_0128
42C1B8: Lead0/ef ConcatVar
42C1BC: 3a LitVarStr: ( local_0148 )
42C1C1: Lead0/ef ConcatVar
42C1C5: f5 LitI4: 0x53 83 (...S)
42C1CA: 04 FLdRfVar local_0168
42C1CD: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C1D2: 04 FLdRfVar local_0168
42C1D5: Lead0/ef ConcatVar
42C1D9: f5 LitI4: 0x4d 77 (...M)
42C1DE: 04 FLdRfVar local_0188
42C1E1: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C1E6: 04 FLdRfVar local_0188
42C1E9: Lead0/ef ConcatVar
42C1ED: f5 LitI4: 0x41 65 (...A)
42C1F2: 04 FLdRfVar local_01A8
42C1F5: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C1FA: 04 FLdRfVar local_01A8
42C1FD: Lead0/ef ConcatVar
42C201: f5 LitI4: 0x52 82 (...R)
42C206: 04 FLdRfVar local_01C8
42C209: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C20E: 04 FLdRfVar local_01C8
42C211: Lead0/ef ConcatVar
42C215: f5 LitI4: 0x54 84 (...T)
42C21A: 04 FLdRfVar local_01E8
42C21D: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C222: 04 FLdRfVar local_01E8
42C225: Lead0/ef ConcatVar
42C229: f5 LitI4: 0x43 67 (...C)
42C22E: 04 FLdRfVar local_0208
42C231: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C236: 04 FLdRfVar local_0208
42C239: Lead0/ef ConcatVar
42C23D: f5 LitI4: 0x48 72 (...H)
42C242: 04 FLdRfVar local_0228
42C245: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C24A: 04 FLdRfVar local_0228
42C24D: Lead0/ef ConcatVar
42C251: f5 LitI4: 0x45 69 (...E)
42C256: 04 FLdRfVar local_0248
42C259: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C25E: 04 FLdRfVar local_0248
42C261: Lead0/ef ConcatVar
42C265: f5 LitI4: 0x43 67 (...C)
42C26A: 04 FLdRfVar local_0268
42C26D: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C272: 04 FLdRfVar local_0268
42C275: Lead0/ef ConcatVar
42C279: f5 LitI4: 0x4b 75 (...K)
42C27E: 04 FLdRfVar local_0288
42C281: 0a ImpAdCallFPR4: _rtcVarBstrFromAnsi
42C286: 04 FLdRfVar local_0288
42C289: Lead0/ef ConcatVar
42C28D: 60 CStrVarTmp
42C28E: 31 FStStr local_0088
42C291: 36 FFreeVar
42C2D4: 4b OnErrorGoto
42C2D7: 27 LitVar_Missing
42C2DA: 04 FLdRfVar local_0088
42C2DD: 4d CVarRef: ( local_0148 ) 4008
42C2E2: 0a ImpAdCallFPR4: _rtcAppActivate
42C2E7: 35 FFree1Var local_0098
42C2EA: 63 LitVar_TRUE
42C2ED: 1b LitStr: %{F4}
42C2F0: 0a ImpAdCallFPR4: _rtcSendKeys
42C2F5: 35 FFree1Var local_0098
42C2F8: 63 LitVar_TRUE
42C2FB: 1b LitStr: %{Y}
42C2FE: 0a ImpAdCallFPR4: _rtcSendKeys
42C303: 35 FFree1Var local_0098
42C306: 63 LitVar_TRUE
42C309: 1b LitStr: %{J}
42C30C: 0a ImpAdCallFPR4: _rtcSendKeys
42C311: 35 FFree1Var local_0098
42C314: 1e Branch: 42c2d7
42C317: 13 ExitProcHresult
ÉÏÊö¹¦Äܼì²â´ËcrackmeÊÇ·ñÓÃsmartcheck¼ÓÔØ£¬Èç¼ÓÔØÔòÓÃalt+F4¹Ø±Õ¡£
ÎÒÓÃhiewÕÒ42C148°Ñf5¸ÄΪ13¼´ExitProcHresult¿ÉÈ¥³ýÆäanti-smartcheck¹¦ÄÜ¡£
ÓÃsmartcheck±È½ÏÈÝÒ׸ú×Ù³ö×¢²áÂ룬Ҳ¿É¿´¿´±ù¶¾´óϺµÄÎÄÕ¡£
µ«´ËNAG²»ÖªÈçºÎKILL£¬ÓÃexdecÕÒ²»µ½ÈκÎÏßË÷£¬smartcheck¸ú×ÙÒ²&*^%&#$^
ÎÒÈ¥³ý²»ÁË£¬ÇóÖúÓÚ´óϺ£¡
±ê Ìâ:×îTUUUUUUUUUUUUUUUUUµÄ°ì·¨£¡ (1ǧ×Ö)
·¢ÐÅÈË:zest
ʱ ¼ä:2001-4-26 22:45:07
ÏêϸÐÅÏ¢:
===============================================================================
Ò»¡¢È¥³ýACiD_BuRN2's crackmeµÄNAGʱ¼äÑÓ³Ù
ÓÃbpx settimer¸ú×Ù£º
ÐÞ¸Äcrackme
Offset 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
00041056 01 00 42 00 24 00 FF 01 1F 00 00 00 02 06 00 54 ..B.$.ÿ........T
00041072 69 6D 65 72 31 00 0B 03 A0 0F 00 00 07 F0 00 00 imer1...?...?.
~~~~~
00041088 00 08 78 00 00 00 FF 02 02 04 00 00 06 00 00 00 ..x...ÿ.........
00041104 54 CD 40 00 07 00 00 00 B0 CC 40 00 07 00 00 00 TÍ@.....°Ì@.....
00041120 64 CC 40 00 07 00 00 00 20 CC 40 00 56 42 35 21 dÌ@..... Ì@.VB5!
00041136 8C 0E 76 62 35 66 72 2E 64 6C 6C 00 00 00 00 00 ?vb5fr.dll.....
0FA0Ϊ4ÃëÑÓ³Ù£¬¿É¸ÄΪ0001Ìå»áÒ»ÏÂ˲ʱ¸Ð£¬Èç¸ÄΪ0000ÔòNAG²»Ïûʧ¡£
===============================================================================
¶þ¡¢È¥³ýACiD_BuRN2's crackmeµÄNAGÏÔʾ
ÓÃbpx showwindow¸ú×Ù£º
λÓÚmsvbvm50.dllÖÐ
0167:782785C6 56 PUSH ESI
0167:782785C7 57 PUSH EDI
0167:782785C8 8B74240C MOV ESI,[ESP+0C]
0167:782785CC FF742410 PUSH DWORD [ESP+10]---->ÖÃ0ºóNAGÏûʧ
0167:782785D0 FF7634 PUSH DWORD [ESI+34]
0167:782785D3 FF15E4142578 CALL `USER32!ShowWindow`
0167:782785D9 8BF8 MOV EDI,EAX
0167:782785DB 8B442410 MOV EAX,[ESP+10]
µ«²»ÖªµÀÐ޸ijÌÐòºÎ´¦£¬¿É×÷patch!?
===============================================================================
ZEST
±ê Ìâ:¹þ¹þ£¬²»Ä±¶øºÏ£¡ (208×Ö)
·¢ÐÅÈË:blowfish
ʱ ¼ä:2001-4-26 23:30:09
ÏêϸÐÅÏ¢:
żҲÊÇÓÃSetTimer( )£¬Ò²ÊÇÕÒµ½000FA0£¬¶øÇÒÕâ¸öÖµÔÚÎļþÖÐÖ»³öÏÖ¹ýÒ»´Î¡£¸Ä³É1»¹ÊÇÄÜ¿´¼û´°¿ÚÒ»ÉÁ¡£
×ܵÄÀ´ËµÕâpcode»¹ÊÇÍêÈ«½âÊÍÐ͵ģ¬Î¢Èí¾ÍÊDz»¹«²¼ÕâpcodeÖ¸ÁîµÄ×ÊÁÏ¡£
¹þ¹þ£¬¸ãÁË°ëÌ죬Ҳ¿ì12µãÁË£¬»Ø¼Ò˯¾õÈ¥ÂÞ£¡