新手的crackme!
为了让新手更快的熟悉各工具,这里有很简单的CRACKME,不限工具和方式。至于ASM方面的知识,基础教学板块部分有,或者也可以在网络上找!
个人认为还是循序渐进的好! 支持一下,顶!!!!!!! 各位,这个CRACKME搞定没有? 真晕,这个CRACKME的源码被我删了。本来想发VB源码的! 注册用户名是固定的哦^_^
注册码满足特定长度(12)和位的关系(第5 ,12位)! 偶还是新手好难哦怎么晋级啊 那么你的目的到底是学习,还是晋级?
我来顶一下
004027A4 68 A0000>PUSH 0A0004027A9 68 BC1E4>PUSH 新手1.00401EBC
004027AE 57 PUSH EDI
004027AF 50 PUSH EAX
004027B0 FF15 241>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004027B6 8B4D D8MOV ECX,DWORD PTR SS:[EBP-28]
004027B9 51 PUSH ECX
004027BA 68 D01E4>PUSH 新手1.00401ED0
004027BF FF15 541>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaStrCmp>] ; MSVBVM60.__vbaStrCmp <----看看输入了用户名了没有
004027C5 8B55 DCMOV EDX,DWORD PTR SS:[EBP-24]
004027C8 8BF8 MOV EDI,EAX
004027CA F7DF NEG EDI
004027CC 1BFF SBB EDI,EDI
004027CE 52 PUSH EDX
004027CF 47 INC EDI
004027D0 68 D01E4>PUSH 新手1.00401ED0
004027D5 F7DF NEG EDI
004027D7 FF15 541>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaStrCmp>] ; MSVBVM60.__vbaStrCmp 〈----看看输入了注册码
004027DD F7D8 NEG EAX
004027DF 1BC0 SBB EAX,EAX
004027E1 8D4D DCLEA ECX,DWORD PTR SS:[EBP-24]
004027E4 40 INC EAX
004027E5 F7D8 NEG EAX
004027E7 0BF8 OR EDI,EAX
004027E9 8D45 D8LEA EAX,DWORD PTR SS:[EBP-28]
004027EC 50 PUSH EAX
004027ED 51 PUSH ECX
004027EE 6A 02 PUSH 2
004027F0 FF15 8C1>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
004027F6 8D55 D0LEA EDX,DWORD PTR SS:[EBP-30]
004027F9 8D45 D4LEA EAX,DWORD PTR SS:[EBP-2C]
004027FC 52 PUSH EDX
004027FD 50 PUSH EAX
004027FE 6A 02 PUSH 2
00402800 FF15 1C1>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaFreeObjList>] ; MSVBVM60.__vbaFreeObjList
00402806 83C4 18ADD ESP,18
00402809 66:3BFBCMP DI,BX
0040280C 0F84 8C0>JE 新手1.0040289E <-------------没跳走就表示没有输入名字或注册码
00402812 8B35 A01>MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
00402818 B9 04000>MOV ECX,80020004
0040281D 894D 98MOV DWORD PTR SS:[EBP-68],ECX
00402820 B8 0A000>MOV EAX,0A
00402825 894D A8MOV DWORD PTR SS:[EBP-58],ECX
00402828 BF 08000>MOV EDI,8
0040282D 8D95 40F>LEA EDX,DWORD PTR SS:[EBP-C0]
00402833 8D4D B0LEA ECX,DWORD PTR SS:[EBP-50]
00402836 8945 90MOV DWORD PTR SS:[EBP-70],EAX
00402839 8945 A0MOV DWORD PTR SS:[EBP-60],EAX
0040283C C785 48F>MOV DWORD PTR SS:[EBP-B8],新手1.00401EFC
00402846 89BD 40F>MOV DWORD PTR SS:[EBP-C0],EDI
0040284C FFD6 CALL NEAR ESI
0040284E 8D95 50F>LEA EDX,DWORD PTR SS:[EBP-B0]
00402854 8D4D C0LEA ECX,DWORD PTR SS:[EBP-40]
00402857 C785 58F>MOV DWORD PTR SS:[EBP-A8],新手1.00401ED8
00402861 89BD 50F>MOV DWORD PTR SS:[EBP-B0],EDI
00402867 FFD6 CALL NEAR ESI
00402869 8D4D 90LEA ECX,DWORD PTR SS:[EBP-70]
0040286C 8D55 A0LEA EDX,DWORD PTR SS:[EBP-60]
0040286F 51 PUSH ECX
00402870 8D45 B0LEA EAX,DWORD PTR SS:[EBP-50]
00402873 52 PUSH EDX
00402874 50 PUSH EAX
00402875 8D4D C0LEA ECX,DWORD PTR SS:[EBP-40]
00402878 6A 10 PUSH 10
0040287A 51 PUSH ECX
0040287B FF15 301>CALL NEAR DWORD PTR DS:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox <----“不是吧,你没有名字,注册码!“
00402881 8D55 90LEA EDX,DWORD PTR SS:[EBP-70]
00402884 8D45 A0LEA EAX,DWORD PTR SS:[EBP-60]
00402887 52 PUSH EDX
00402888 8D4D B0LEA ECX,DWORD PTR SS:[EBP-50]
0040288B 50 PUSH EAX
0040288C 8D55 C0LEA EDX,DWORD PTR SS:[EBP-40]
0040288F 51 PUSH ECX
00402890 52 PUSH EDX
00402891 6A 04 PUSH 4
00402893 FF15 101>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
00402899 E9 BF020>JMP 新手1.00402B5D
0040289E 8B06 MOV EAX,DWORD PTR DS:[ESI]
004028A0 56 PUSH ESI
004028A1 FF90 040>CALL NEAR DWORD PTR DS:[EAX+304]
004028A7 8D4D D4LEA ECX,DWORD PTR SS:[EBP-2C]
004028AA 50 PUSH EAX
004028AB 51 PUSH ECX
004028AC FF15 2C1>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
004028B2 8BF8 MOV EDI,EAX
004028B4 8D45 DCLEA EAX,DWORD PTR SS:[EBP-24]
004028B7 50 PUSH EAX
004028B8 57 PUSH EDI
004028B9 8B17 MOV EDX,DWORD PTR DS:[EDI]
004028BB FF92 A00>CALL NEAR DWORD PTR DS:[EDX+A0]
004028C1 3BC3 CMP EAX,EBX
004028C3 DBE2 FCLEX
004028C5 7D 12 JGE SHORT 新手1.004028D9
004028C7 68 A0000>PUSH 0A0
004028CC 68 BC1E4>PUSH 新手1.00401EBC
004028D1 57 PUSH EDI
004028D2 50 PUSH EAX
004028D3 FF15 241>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
004028D9 8B45 DCMOV EAX,DWORD PTR SS:[EBP-24]
004028DC 8D4D C0LEA ECX,DWORD PTR SS:[EBP-40]
004028DF 8D55 B0LEA EDX,DWORD PTR SS:[EBP-50]
004028E2 51 PUSH ECX
004028E3 52 PUSH EDX
004028E4 895D DCMOV DWORD PTR SS:[EBP-24],EBX
004028E7 8945 C8MOV DWORD PTR SS:[EBP-38],EAX
004028EA C745 C0 >MOV DWORD PTR SS:[EBP-40],8
004028F1 FF15 441>CALL NEAR DWORD PTR DS:[<&MSVBVM60.#524>] ; MSVBVM60.rtcRightTrimVar
004028F7 8D45 B0LEA EAX,DWORD PTR SS:[EBP-50]
004028FA 50 PUSH EAX
004028FB FF15 081>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaStrVarMove>] ; MSVBVM60.__vbaStrVarMove
00402901 8BD0 MOV EDX,EAX
00402903 8D4D E4LEA ECX,DWORD PTR SS:[EBP-1C]
00402906 FF15 A81>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0040290C 8D4D D4LEA ECX,DWORD PTR SS:[EBP-2C]
0040290F FF15 B81>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00402915 8B3D 101>MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0040291B 8D4D B0LEA ECX,DWORD PTR SS:[EBP-50]
0040291E 8D55 C0LEA EDX,DWORD PTR SS:[EBP-40]
00402921 51 PUSH ECX
00402922 52 PUSH EDX
00402923 6A 02 PUSH 2
00402925 FFD7 CALL NEAR EDI
00402927 8B06 MOV EAX,DWORD PTR DS:[ESI]
00402929 83C4 0CADD ESP,0C
0040292C 56 PUSH ESI
0040292D FF90 080>CALL NEAR DWORD PTR DS:[EAX+308]
00402933 8D4D D4LEA ECX,DWORD PTR SS:[EBP-2C]
00402936 50 PUSH EAX
00402937 51 PUSH ECX
00402938 FF15 2C1>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
0040293E 8BF0 MOV ESI,EAX
00402940 8D45 DCLEA EAX,DWORD PTR SS:[EBP-24]
00402943 50 PUSH EAX
00402944 56 PUSH ESI
00402945 8B16 MOV EDX,DWORD PTR DS:[ESI]
00402947 FF92 A00>CALL NEAR DWORD PTR DS:[EDX+A0]
0040294D 3BC3 CMP EAX,EBX
0040294F DBE2 FCLEX
00402951 7D 12 JGE SHORT 新手1.00402965
00402953 68 A0000>PUSH 0A0
00402958 68 BC1E4>PUSH 新手1.00401EBC
0040295D 56 PUSH ESI
0040295E 50 PUSH EAX
0040295F FF15 241>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
00402965 8B45 DCMOV EAX,DWORD PTR SS:[EBP-24]
00402968 8D4D C0LEA ECX,DWORD PTR SS:[EBP-40]
0040296B 8D55 B0LEA EDX,DWORD PTR SS:[EBP-50]
0040296E 51 PUSH ECX
0040296F 52 PUSH EDX
00402970 895D DCMOV DWORD PTR SS:[EBP-24],EBX
00402973 8945 C8MOV DWORD PTR SS:[EBP-38],EAX
00402976 C745 C0 >MOV DWORD PTR SS:[EBP-40],8
0040297D FF15 441>CALL NEAR DWORD PTR DS:[<&MSVBVM60.#524>] ; MSVBVM60.rtcRightTrimVar
00402983 8D45 B0LEA EAX,DWORD PTR SS:[EBP-50]
00402986 50 PUSH EAX
00402987 FF15 081>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaStrVarMove>] ; MSVBVM60.__vbaStrVarMove
0040298D 8BD0 MOV EDX,EAX
0040298F 8D4D E0LEA ECX,DWORD PTR SS:[EBP-20]
00402992 FF15 A81>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
00402998 8D4D D4LEA ECX,DWORD PTR SS:[EBP-2C]
0040299B FF15 B81>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
004029A1 8D4D B0LEA ECX,DWORD PTR SS:[EBP-50]
004029A4 8D55 C0LEA EDX,DWORD PTR SS:[EBP-40]
004029A7 51 PUSH ECX
004029A8 52 PUSH EDX
004029A9 6A 02 PUSH 2
004029AB FFD7 CALL NEAR EDI
004029AD 8B45 E4MOV EAX,DWORD PTR SS:[EBP-1C]
004029B0 83C4 0CADD ESP,0C
004029B3 50 PUSH EAX
004029B4 68 0C1F4>PUSH 新手1.00401F0C ; UNICODE "dongfangqingshi" 〈---注册名必须是它。
004029B9 FF15 541>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaStrCmp>] ; MSVBVM60.__vbaStrCmp
004029BF 85C0 TEST EAX,EAX
004029C1 0F85 990>JNZ 新手1.00402B60 <------跳走就完了。名字不正确。
004029C7 8B4D E0MOV ECX,DWORD PTR SS:[EBP-20]
004029CA 51 PUSH ECX
004029CB FF15 0C1>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaLenBstr>] ; MSVBVM60.__vbaLenBstr <---取得长度
004029D1 8BC8 MOV ECX,EAX
004029D3 FF15 6C1>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaUI1I4>] ; MSVBVM60.__vbaUI1I4
004029D9 3C 0C CMP AL,0C <----------------------------------------------------------注册码必须等于12位
004029DB 0F85 7F0>JNZ 新手1.00402B60 <----------------------------------------------------------不相等就跳走。
004029E1 8B35 481>MOV ESI,DWORD PTR DS:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
004029E7 8D55 E0LEA EDX,DWORD PTR SS:[EBP-20]
004029EA 8D45 C0LEA EAX,DWORD PTR SS:[EBP-40]
004029ED 8995 58F>MOV DWORD PTR SS:[EBP-A8],EDX
004029F3 50 PUSH EAX
004029F4 8D8D 50F>LEA ECX,DWORD PTR SS:[EBP-B0]
004029FA 6A 0C PUSH 0C <----------------- 12 参数
004029FC 8D55 B0LEA EDX,DWORD PTR SS:[EBP-50]
004029FF 51 PUSH ECX
00402A00 52 PUSH EDX
00402A01 C745 C8 >MOV DWORD PTR SS:[EBP-38],1
00402A08 C745 C0 >MOV DWORD PTR SS:[EBP-40],2
00402A0F C785 50F>MOV DWORD PTR SS:[EBP-B0],4008
00402A19 FFD6 CALL NEAR ESI ; MSVBVM60.rtcMidCharVar
00402A1B B8 01000>MOV EAX,1
00402A20 8D4D 90LEA ECX,DWORD PTR SS:[EBP-70]
00402A23 8985 38F>MOV DWORD PTR SS:[EBP-C8],EAX
00402A29 8945 98MOV DWORD PTR SS:[EBP-68],EAX
00402A2C 8D45 E0LEA EAX,DWORD PTR SS:[EBP-20]
00402A2F 51 PUSH ECX
00402A30 8985 28F>MOV DWORD PTR SS:[EBP-D8],EAX
00402A36 8D95 20F>LEA EDX,DWORD PTR SS:[EBP-E0]
00402A3C 6A 05 PUSH 5 <--------------------------- 5 参数
00402A3E 8D45 80LEA EAX,DWORD PTR SS:[EBP-80]
00402A41 52 PUSH EDX
00402A42 50 PUSH EAX
00402A43 C785 30F>MOV DWORD PTR SS:[EBP-D0],8002
00402A4D C745 90 >MOV DWORD PTR SS:[EBP-70],2
00402A54 C785 20F>MOV DWORD PTR SS:[EBP-E0],4008
00402A5E FFD6 CALL NEAR ESI ; MSVBVM60.rtcMidCharVar
00402A60 8B35 9C1>MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaVarCmpEq>] ; MSVBVM60.__vbaVarCmpEq
00402A66 8D4D B0LEA ECX,DWORD PTR SS:[EBP-50]
00402A69 8D95 30F>LEA EDX,DWORD PTR SS:[EBP-D0]
00402A6F 51 PUSH ECX
00402A70 8D45 A0LEA EAX,DWORD PTR SS:[EBP-60]
00402A73 52 PUSH EDX
00402A74 50 PUSH EAX
00402A75 C785 08F>MOV DWORD PTR SS:[EBP-F8],3
00402A7F C785 00F>MOV DWORD PTR SS:[EBP-100],8002
00402A89 FFD6 CALL NEAR ESI ; MSVBVM60.__vbaVarCmpEq
00402A8B 8D4D 80LEA ECX,DWORD PTR SS:[EBP-80]
00402A8E 50 PUSH EAX
00402A8F 8D95 00F>LEA EDX,DWORD PTR SS:[EBP-100]
00402A95 51 PUSH ECX
00402A96 8D85 70F>LEA EAX,DWORD PTR SS:[EBP-90]
00402A9C 52 PUSH EDX
00402A9D 50 PUSH EAX
00402A9E FFD6 CALL NEAR ESI
00402AA0 8D8D 60F>LEA ECX,DWORD PTR SS:[EBP-A0]
00402AA6 50 PUSH EAX
00402AA7 51 PUSH ECX
00402AA8 FF15 641>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaVarAnd>] ; MSVBVM60.__vbaVarAnd <---连接
00402AAE 50 PUSH EAX
00402AAF FF15 3C1>CALL NEAR DWORD PTR DS:[<&MSVBVM60.__vbaBoolVarNull>] ; MSVBVM60.__vbaBoolVarNull
00402AB5 8BF0 MOV ESI,EAX
00402AB7 8D55 80LEA EDX,DWORD PTR SS:[EBP-80]
00402ABA 8D45 90LEA EAX,DWORD PTR SS:[EBP-70]
00402ABD 52 PUSH EDX
00402ABE 8D4D B0LEA ECX,DWORD PTR SS:[EBP-50]
00402AC1 50 PUSH EAX
00402AC2 8D55 C0LEA EDX,DWORD PTR SS:[EBP-40]
00402AC5 51 PUSH ECX
00402AC6 52 PUSH EDX
00402AC7 6A 04 PUSH 4
00402AC9 FFD7 CALL NEAR EDI ; MSVBVM60.__vbaFreeVarList
00402ACB 83C4 14ADD ESP,14
00402ACE 66:3BF3CMP SI,BX
00402AD1 0F84 890>JE 新手1.00402B60 〈--------------关键跳转了。跳就完。不跳才是。
00402AD7 8B35 A01>MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
00402ADD B9 04000>MOV ECX,80020004
00402AE2 894D 98MOV DWORD PTR SS:[EBP-68],ECX
00402AE5 B8 0A000>MOV EAX,0A
00402AEA 894D A8MOV DWORD PTR SS:[EBP-58],ECX
00402AED 8D95 40F>LEA EDX,DWORD PTR SS:[EBP-C0]
00402AF3 8D4D B0LEA ECX,DWORD PTR SS:[EBP-50]
00402AF6 8945 90MOV DWORD PTR SS:[EBP-70],EAX
00402AF9 8945 A0MOV DWORD PTR SS:[EBP-60],EAX
00402AFC C785 48F>MOV DWORD PTR SS:[EBP-B8],新手1.00401F90
00402B06 C785 40F>MOV DWORD PTR SS:[EBP-C0],8
00402B10 FFD6 CALL NEAR ESI
00402B12 8D95 50F>LEA EDX,DWORD PTR SS:[EBP-B0]
00402B18 8D4D C0LEA ECX,DWORD PTR SS:[EBP-40]
00402B1B C785 58F>MOV DWORD PTR SS:[EBP-A8],新手1.00401F30
00402B25 C785 50F>MOV DWORD PTR SS:[EBP-B0],8
00402B2F FFD6 CALL NEAR ESI
00402B31 8D45 90LEA EAX,DWORD PTR SS:[EBP-70]
00402B34 8D4D A0LEA ECX,DWORD PTR SS:[EBP-60]
00402B37 50 PUSH EAX
00402B38 8D55 B0LEA EDX,DWORD PTR SS:[EBP-50]
00402B3B 51 PUSH ECX
00402B3C 52 PUSH EDX
00402B3D 8D45 C0LEA EAX,DWORD PTR SS:[EBP-40]
00402B40 6A 40 PUSH 40
00402B42 50 PUSH EAX
00402B43 FF15 301>CALL NEAR DWORD PTR DS:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox <-----成功了!
00402B49 8D4D 90LEA ECX,DWORD PTR SS:[EBP-70]
不就是使用了 VB 的 Mid 函数嘛。 恩,不错
很准确!加分!
顺便问一下,你好像是看雪里面的,是不是? Originally posted by 东方青石 at 2005-6-6 10:14 PM:
恩,不错
很准确!加分!
顺便问一下,你好像是看雪里面的,是不是?
哦!你认识我? 呵呵,我是在看雪混的,无名鼠辈。
页:
[1]
2