;P ;P
前面两个参数入栈,然后就是经典的Call比较函数。哇靠~真好玩
下载来,学习
我只能爆破,看不懂算法啊
原帖由 mwdir1025 于 2006-10-19 21:16 发表 https://www.chinapyg.com/images/common/back.gif
我只能爆破,看不懂算法啊
同是天涯沦落人/:02
呃,不知道是我的问题还是CrackMe的问题...真是有些意外!~~~
两框内容相等就OK了
原来如此/:L
0040421C/$53 PUSH EBX
0040421D|.56 PUSH ESI
0040421E|.57 PUSH EDI
0040421F|.89C6 MOV ESI,EAX ;试练码进ESI
00404221|.89D7 MOV EDI,EDX ;用户名进EDI
00404223|.39D0 CMP EAX,EDX ;比较试练码是否与用户名相等~
00404225|.0F84 8F000000 JE crackme.004042BA ;等就挂~
0040422B|.85F6 TEST ESI,ESI ;试练码有没有填?
0040422D|.74 68 JE SHORT crackme.00404297 ;没填就挂~
0040422F|.85FF TEST EDI,EDI ;用户名有没有填?
00404231|.74 6B JE SHORT crackme.0040429E ;没填那能注册成功呀?
00404233|.8B46 FC MOV EAX,DWORD PTR DS: ;试练码位数进EAX
00404236|.8B57 FC MOV EDX,DWORD PTR DS: ;用户名位数进EDX
00404239|.29D0 SUB EAX,EDX ;试练码减去用户名的位数
0040423B|.77 02 JA SHORT crackme.0040423F ;大于跳~
0040423D|.01C2 ADD EDX,EAX
0040423F|>52 PUSH EDX ;跳来这~
00404240|.C1EA 02 SHR EDX,2 ;EDX右移2位~
00404243|.74 26 JE SHORT crackme.0040426B ;等0跳~
00404245|>8B0E /MOV ECX,DWORD PTR DS:
00404247|.8B1F |MOV EBX,DWORD PTR DS:
00404249|.39D9 |CMP ECX,EBX
0040424B|.75 58 |JNZ SHORT crackme.004042A5
0040424D|.4A |DEC EDX
0040424E|.74 15 |JE SHORT crackme.00404265 ;跳就OVER!
00404250|.8B4E 04 |MOV ECX,DWORD PTR DS:
00404253|.8B5F 04 |MOV EBX,DWORD PTR DS:
00404256|.39D9 |CMP ECX,EBX
00404258|.75 4B |JNZ SHORT crackme.004042A5
0040425A|.83C6 08 |ADD ESI,8
0040425D|.83C7 08 |ADD EDI,8
00404260|.4A |DEC EDX
00404261|.^ 75 E2 \JNZ SHORT crackme.00404245
00404263|.EB 06 JMP SHORT crackme.0040426B
00404265|>83C6 04 ADD ESI,4
00404268|.83C7 04 ADD EDI,4
0040426B|>5A POP EDX ;弹出用户名位数~
0040426C|.83E2 03 AND EDX,3 ;与3位与~
0040426F|.74 22 JE SHORT crackme.00404293
00404271|.8B0E MOV ECX,DWORD PTR DS:
00404273|.8B1F MOV EBX,DWORD PTR DS:
00404275|.38D9 CMP CL,BL ;用户名与试练码第一位相同~
00404277|.75 41 JNZ SHORT crackme.004042BA ;不等跳,OVER!
00404279|.4A DEC EDX
0040427A|.74 17 JE SHORT crackme.00404293
0040427C|.38FD CMP CH,BH ;第二位相同~
0040427E|.75 3A JNZ SHORT crackme.004042BA
00404280|.4A DEC EDX ;试练码第5位等于0
00404281|.74 10 JE SHORT crackme.00404293
00404283|.81E3 0000FF00 AND EBX,0FF0000
00404289|.81E1 0000FF00 AND ECX,0FF0000
0040428F|.39D9 CMP ECX,EBX
00404291|.75 27 JNZ SHORT crackme.004042BA
00404293|>01C0 ADD EAX,EAX ;跳来这,挂!
00404295|.EB 23 JMP SHORT crackme.004042BA
00404297|>8B57 FC MOV EDX,DWORD PTR DS:
0040429A|.29D0 SUB EAX,EDX
0040429C|.EB 1C JMP SHORT crackme.004042BA
0040429E|>8B46 FC MOV EAX,DWORD PTR DS:
004042A1|.29D0 SUB EAX,EDX
004042A3|.EB 15 JMP SHORT crackme.004042BA
004042A5|>5A POP EDX
004042A6|.38D9 CMP CL,BL
004042A8|.75 10 JNZ SHORT crackme.004042BA
004042AA|.38FD CMP CH,BH
004042AC|.75 0C JNZ SHORT crackme.004042BA
004042AE|.C1E9 10 SHR ECX,10
004042B1|.C1EB 10 SHR EBX,10
004042B4|.38D9 CMP CL,BL
004042B6|.75 02 JNZ SHORT crackme.004042BA
004042B8|.38FD CMP CH,BH
004042BA|>5F POP EDI
004042BB|.5E POP ESI
004042BC|.5B POP EBX
004042BD\.C3 RETN[
大大粗心了,好像比较的不是注册码和用户名本身吧,是他们的地址比较吧?只要用户名和注册码相等就可以了!汗,没细看这是n年前的贴了!
[ 本帖最后由 taburiss 于 2007-8-9 11:07 编辑 ]
只要用户名和注册码相同就可以了,太阴了