飘云阁转一个七彩的CrackMe - Powered by Discuz! Archiver

夜冷风 发表于 2008-10-31 09:14:58

LS的好强大啊!!/:013 /:013 /:013 /:013

冷血书生 发表于 2008-11-4 09:27:39

text:004010C8             mov edi, GetDlgItemTextA
.text:004010CE             add esp, 18h
.text:004010D1             push 0C6h          ; cchMax
.text:004010D6             push offset String ; lpString
.text:004010DB             push 3E9h          ; nIDDlgItem
.text:004010E0             push esi          ; hDlg
.text:004010E1             call edi ; GetDlgItemTextA
.text:004010E3             test eax, eax
.text:004010E5             jnz short loc_401138 ; 输入用户名吗？
.text:004010E7             push 400h
.text:004010EC             push eax
.text:004010ED             lea eax,
.text:004010F1             push eax
.text:004010F2             call sub_403C20
.text:004010F7             mov cl, byte_40AC80
.text:004010FD             add esp, 0Ch
.text:00401100             test cl, cl
.text:00401102             jz    short loc_401122
.text:00401104             xor eax, eax
.text:00401106             jmp short loc_401110
.text:00401106 ; ---------------------------------------------------------------------------
.text:00401108             align 10h
.text:00401110
.text:00401110 loc_401110:                         ; CODE XREF: DialogFunc+C6j
.text:00401110                                     ; DialogFunc+E0j
.text:00401110             xor cl, 78h
.text:00401113             mov , cl
.text:00401117             mov cl, byte_40AC81
.text:0040111D             inc eax
.text:0040111E             test cl, cl
.text:00401120             jnz short loc_401110
.text:00401122
.text:00401122 loc_401122:                         ; CODE XREF: DialogFunc+C2j
.text:00401122                                     ; DialogFunc+12Bj ...
.text:00401122             push 0             ; uType
.text:00401124             lea ecx,
.text:00401128             push ecx          ; lpCaption
.text:00401129             mov edx, ecx
.text:0040112B             push edx          ; lpText
.text:0040112C             push esi          ; hWnd
.text:0040112D             call MessageBoxA ; 没输入就提示你
.text:00401133             jmp loc_40121A
.text:00401138 ; ---------------------------------------------------------------------------
.text:00401138
.text:00401138 loc_401138:                         ; CODE XREF: DialogFunc+A5j
.text:00401138             push 0C6h          ; cchMax
.text:0040113D             push offset byte_40B800 ; lpString
.text:00401142             push 3EDh          ; nIDDlgItem
.text:00401147             push esi          ; hDlg
.text:00401148             call edi ; GetDlgItemTextA
.text:0040114A             cmp eax, 10h    ; 注册码够16位了吗？
.text:0040114D             jz    short loc_401184
.text:0040114F             push 400h
.text:00401154             lea eax,
.text:00401158             push 0
.text:0040115A             push eax
.text:0040115B             call sub_403C20
.text:00401160             mov cl, byte_40ACA8
.text:00401166             add esp, 0Ch
.text:00401169             test cl, cl
.text:0040116B             jz    short loc_401122
.text:0040116D             xor eax, eax
.text:0040116F             nop
.text:00401170
.text:00401170 loc_401170:                         ; CODE XREF: DialogFunc+140j
.text:00401170             xor cl, 78h
.text:00401173             mov , cl
.text:00401177             mov cl, byte_40ACA9
.text:0040117D             inc eax
.text:0040117E             test cl, cl
.text:00401180             jnz short loc_401170
.text:00401182             jmp short loc_401122
.text:00401184 ; ---------------------------------------------------------------------------
.text:00401184
.text:00401184 loc_401184:                         ; CODE XREF: DialogFunc+10Dj
.text:00401184             mov eax, hEvent
.text:00401189             push eax          ; hEvent
.text:0040118A             call SetEvent
.text:00401190             jmp loc_40121A
.text:00401195 ; ---------------------------------------------------------------------------
.text:00401195
.text:00401195 loc_401195:                         ; CODE XREF: DialogFunc+4Dj
.text:00401195                                     ; DialogFunc+56j
.text:00401195             push ecx          ; nResult
.text:00401196             push esi          ; hDlg
.text:00401197             call EndDialog
.text:0040119D             jmp short loc_40121A
.text:0040119F ; ---------------------------------------------------------------------------
.text:0040119F
.text:0040119F loc_40119F:                         ; CODE XREF: DialogFunc+47j
.text:0040119F             cmp eax, 3ECh
.text:004011A4             jz    short loc_4011AA
.text:004011A6
.text:004011A6 loc_4011A6:                         ; CODE XREF: DialogFunc+32j
.text:004011A6                                     ; DialogFunc+61j
.text:004011A6             xor eax, eax
.text:004011A8             jmp short loc_40121F
.text:004011AA ; ---------------------------------------------------------------------------
.text:004011AA
.text:004011AA loc_4011AA:                         ; CODE XREF: DialogFunc+164j
.text:004011AA             mov ecx, hInstance
.text:004011B0             push 0             ; dwInitParam
.text:004011B2             push offset sub_401240 ; lpDialogFunc
.text:004011B7             push esi          ; hWndParent
.text:004011B8             push 67h          ; lpTemplateName
.text:004011BA             push ecx          ; hInstance
.text:004011BB             call DialogBoxParamA
.text:004011C1             jmp short loc_40121A
.text:004011C3 ; ---------------------------------------------------------------------------
.text:004011C3
.text:004011C3 loc_4011C3:                         ; CODE XREF: DialogFunc+29j
.text:004011C3             mov edx, hInstance
.text:004011C9             push ebx
.text:004011CA             push 66h          ; lpIconName
.text:004011CC             push edx          ; hInstance
.text:004011CD             call LoadIconA
.text:004011D3             mov ebx, SendMessageA
.text:004011D9             mov edi, eax
.text:004011DB             push edi          ; lParam
.text:004011DC             push 1             ; wParam
.text:004011DE             push 80h          ; Msg
.text:004011E3             push esi          ; hWnd
.text:004011E4             call ebx ; SendMessageA
.text:004011E6             push edi          ; lParam
.text:004011E7             push 0             ; wParam
.text:004011E9             push 80h          ; Msg
.text:004011EE             push esi          ; hWnd
.text:004011EF             call ebx ; SendMessageA
.text:004011F1             push offset aIawenCrackMeO ; "iawen的Crack Me之?
.text:004011F6             push esi          ; hWnd
.text:004011F7             call SetWindowTextA
.text:004011FD             call sub_4012B0
.text:00401202             lea eax,
.text:00401206             push eax          ; lpThreadId
.text:00401207             push 0             ; dwCreationFlags
.text:00401209             push esi          ; lpParameter
.text:0040120A             push offset suanfa ; lpStartAddress
.text:0040120F             push 0             ; dwStackSize
.text:00401211             push 0             ; lpThreadAttributes
.text:00401213             call CreateThread 创建线程，算法核心！
.text:00401219             pop ebx
.text:0040121A
.text:0040121A loc_40121A:                         ; CODE XREF: DialogFunc+F3j
.text:0040121A                                     ; DialogFunc+150j ...
.text:0040121A             mov eax, 1
.text:0040121F
.text:0040121F loc_40121F:                         ; CODE XREF: DialogFunc+168j
.text:0040121F             mov ecx,
.text:00401226             pop edi
.text:00401227             pop esi
.text:00401228             xor ecx, esp
.text:0040122A             call sub_401670
.text:0040122F             add esp, 408h
.text:00401235             retn 10h
.text:00401235 DialogFunc    endp

页: 1 [2]

飘云阁's Archiver