[作者:S.M]
这是Fpc大哥主页上新的crackme,我来捧个场!
用softice。下bpx
hmemcpy.来到以下的地方:
0040181A CMP
EBX, 00000014 ---比较注册码的个数(应为20个)
所以填:1234567890asdfghjklp
0040181D
JE 00401845
* Referenced by
a (U)nconditional or (C)onditional Jumo at
Address:
|:0040181D
00401845 lea esi,
dword ptr [ebp-60]
* Referenced by a (U)nconditional
or (C)onditional Jumo at
Address:
|:004018CB
00401848 push esi
---将姓名放入堆栈
00401849
xor eax, eax
0040184B mov
esi, dword ptr [ebp-38]
0040184E
add esi, dword ptr [ebp-40]
00401851
lea edi, dword ptr [ebp-74]
00401854 xor ebx, ebx
00401856
xor ecx, ecx
---清零,准备记数。
* Referenced by a (U)nconditional
or (C)onditional Jumo at
Address:
|:00401891
00401858
cmp ecx, 00000044 ---68次循环?(好多呀!)
0040185B ja 00401893
....
....
....
00401861 push
ebx
00401862 mov eax, ecx
00401864
push 00000004 \
00401866 pop ebx
/ ebx==4
....
00401868 idiv
ebx 有符号除
0040186A
test edx, edx
0040186c jge
00401870 余数大于等于0时跳
0040186E
not edx
* Referenced by
a (U)nconditional or (C)onditional Jumo at
Address:
|:0040186C
00401870 push
edx
00401871 mov eax, ecx
00401873 push 000000011
\
00401875 pop ebx
/ ebx==11;
....
00401877 idiv
ebx
00401879 test
edx, edx
0040187b jge
0040187F
0040187d
not edx
* Referenced
by a (U)nconditional or (C)onditional Jumo at
Address:
|:0040187b
0040187F mov
eax, edx
00401881 pop
edx
00401882 mov dl,
byte ptr [edi+edx] ----假注册码
00401885 mov
al, byte ptr [esi+eax]
----- (Who
is the Devil?)
00401888 xor
al, bl 按位加。
0040188A pop
ebx
0040188b rol
ebx, 5 ---右移5位
00401890
inc ecx
00401891 jmp
00401858
* Referenced by
a (U)nconditional or (C)onditional Jumo at
Address:
|:0040185b
00401893 xor
ecx, ecx
00401895 pop
esi
00401896 lea edi, dword
ptr [ebp+FFFFFF68]
* Referenced by a (U)nconditional
or (C)onditional Jumo at Address:
|:004018C2
0040189C mov eax, ebx
0040189E
push 000000020
\
004018A0 pop ebx
/ebx==20
....
004018A2
idiv ebx
004018A4 test
edx, edx
004018A6 jge
004018AA
004018A8 not
edx
* Referenced by a (U)nconditional
or (C)onditional Jumo at
Address:
|:004018A6
004018AA mov edx, eax
004018AC mov dl, byte
ptr [edi+edx]
004018AF mov
al, byte ptr [esi+ecx]
004018B2 test
al, al
004018B4 je
004018d5 ---移完跳出循环
....
....
....
....
004018BA cmp
al, dl ---一位一位比较姓名。
004018BC jne 004018D0
--不对就跳。
004018BE inc
ecx --ecx加一
004018BF
cmp ecx, 00000003
004018C2
jl 0040189C ----3个为一组循环比较
004018C4 add edi, 00000003
004018C7 add dword
ptr [ebp-40],00000004
004018CB jmp
00401848
随意填了姓名:SMSMSMSM.在004018BA比较处下?dl。即为注册码。
得姓名:MQDRBHLJT 注册码:123456789asdfghjklp
关了程序,再打开。重新填入,准备欣赏一下,结果提示错误。
不会吧!这也会错。重新跟踪,发现MQDRBH部分不变,看来后面的部分
是随机的。
填MQDRBH.成功!!!!Fpc大哥做了一个小小的陷阱!^__^
Fpc大哥加我吧。QQ:5537188
- 标 题:Fpc大哥crackme的破解。 (4千字)
- 作 者:S.M
- 时 间:2001-9-22 16:29:30
- 链 接:http://bbs.pediy.com