寻找固定值
我知道这是个固定值比较的CRACKME。。。但是 不知道怎么看固定值(除了HEX)。。。。。高手帮忙。。。。
分析如下:
00402230 > \55 push ebp ///注册
00402231 .8BEC mov ebp, esp
00402233 .83EC 0C sub esp, 0C
00402236 .68 E6104000 push <jmp.&MSVBVM60.__vbaExceptHandle>;SE 句柄安装
0040223B .64:A1 0000000>mov eax, dword ptr fs:
。。。。。。。。。。。(忽略看不懂的东西)
004023B8 .FF15 18104000 call dword ptr [<&MSVBVM60.__vbaHresu>;MSVBVM60.__vbaHresultCheckObj
004023BE >8B45 D8 mov eax, dword ptr
004023C1 .50 push eax
004023C2 .FF15 34104000 call dword ptr [<&MSVBVM60.__vbaCyStr>;MSVBVM60.__vbaCyStr
004023C8 .8D4D D8 lea ecx, dword ptr
004023CB .8BF0 mov esi, eax
004023CD .8BFA mov edi, edx
004023CF .FF15 A0104000 call dword ptr [<&MSVBVM60.__vbaFreeS>;MSVBVM60.__vbaFreeStr
004023D5 .8D4D D4 lea ecx, dword ptr
004023D8 .FF15 9C104000 call dword ptr [<&MSVBVM60.__vbaFreeO>;MSVBVM60.__vbaFreeObj
004023DE .3B75 E4 cmp esi, dword ptr ///注册码比较(固定值)
004023E1 75 7D jnz short 00402460 ///爆破地址
004023E3 .3B7D E8 cmp edi, dword ptr
004023E6 75 78 jnz short 00402460 ////爆破地址
004023E8 .8B35 84104000 mov esi, dword ptr [<&MSVBVM60.__vba>;MSVBVM60.__vbaVarDup
004023EE .B9 04000280 mov ecx, 80020004
004023F3 .894D 9C mov dword ptr , ecx
004023F6 .B8 0A000000 mov eax, 0A
004023FB .894D AC mov dword ptr , ecx
004023FE .BF 08000000 mov edi, 8
00402403 .8D95 74FFFFFF lea edx, dword ptr
00402409 .8D4D B4 lea ecx, dword ptr
0040240C .8945 94 mov dword ptr , eax
0040240F .8945 A4 mov dword ptr , eax
00402412 .C785 7CFFFFFF>mov dword ptr , 00401C38 ;ASCII "m`淯"
0040241C .89BD 74FFFFFF mov dword ptr , edi
00402422 .FFD6 call esi ;<&MSVBVM60.__vbaVarDup>
00402424 .8D55 84 lea edx, dword ptr
00402427 .8D4D C4 lea ecx, dword ptr
0040242A .C745 8C 241C4>mov dword ptr , 00401C24
00402431 .897D 84 mov dword ptr , edi
00402434 .FFD6 call esi
00402436 .8D4D 94 lea ecx, dword ptr
00402439 .8D55 A4 lea edx, dword ptr
0040243C .51 push ecx
0040243D .8D45 B4 lea eax, dword ptr
00402440 .52 push edx
00402441 .50 push eax
00402442 .8D4D C4 lea ecx, dword ptr
00402445 .6A 40 push 40
00402447 .51 push ecx
00402448 .FF15 24104000 call dword ptr [<&MSVBVM60.#595>] ;MSVBVM60.rtcMsgBox ////正确对话框
0040244E .8D55 94 lea edx, dword ptr
00402451 .8D45 A4 lea eax, dword ptr
00402454 .52 push edx
00402455 .8D4D B4 lea ecx, dword ptr
00402458 .50 push eax
00402459 .8D55 C4 lea edx, dword ptr
0040245C .51 push ecx
0040245D .52 push edx
0040245E .EB 76 jmp short 004024D6
00402460 >8B35 84104000 mov esi, dword ptr [<&MSVBVM60.__vba>;MSVBVM60.__vbaVarDup
00402466 .B9 04000280 mov ecx, 80020004
0040246B .894D 9C mov dword ptr , ecx
0040246E .B8 0A000000 mov eax, 0A
00402473 .894D AC mov dword ptr , ecx
00402476 .BF 08000000 mov edi, 8
0040247B .8D95 74FFFFFF lea edx, dword ptr
00402481 .8D4D B4 lea ecx, dword ptr
00402484 .8945 94 mov dword ptr , eax
00402487 .8945 A4 mov dword ptr , eax
0040248A .C785 7CFFFFFF>mov dword ptr , 00401C18 ;ASCII "鵞",CR,"Nw?
00402494 .89BD 74FFFFFF mov dword ptr , edi
0040249A .FFD6 call esi ;<&MSVBVM60.__vbaVarDup>
0040249C .C745 8C 441C4>mov dword ptr , 00401C44
004024A3 >8D55 84 lea edx, dword ptr
004024A6 .8D4D C4 lea ecx, dword ptr
004024A9 .897D 84 mov dword ptr , edi
004024AC .FFD6 call esi
004024AE .8D45 94 lea eax, dword ptr
004024B1 .8D4D A4 lea ecx, dword ptr
004024B4 .50 push eax
004024B5 .8D55 B4 lea edx, dword ptr
004024B8 .51 push ecx
004024B9 .52 push edx
004024BA .8D45 C4 lea eax, dword ptr
004024BD .6A 40 push 40
004024BF .50 push eax
004024C0 .FF15 24104000 call dword ptr [<&MSVBVM60.#595>] ;错误对话框
004024C6 .8D4D 94 lea ecx, dword ptr
004024C9 .8D55 A4 lea edx, dword ptr
004024CC .51 push ecx
004024CD .8D45 B4 lea eax, dword ptr 固定值是1234567890,我用smartcheck得出的。
页:
[1]