160个练手CrackMe-045
2017-12-29 00:25
330 查看
1、Delphi 2程序,无壳
2、定位按钮事件
DerkDe貌似不支持,OD载入,搜不到字符串,反编译窗口右击查找二进制字串,搜TForm1。事件地址很明显。00421D2C . /B41D4200 dd Dope2112.00421DB4 00421D30 . |0C db 0C 00421D31 . |42 75 74 74 6F 6E 32 43 6C >ascii "Button2Click" 00421D3D |13 db 13 00421D3E |00 db 00 00421D3F . |C01D4200 dd Dope2112.00421DC0 00421D43 . |0C db 0C 00421D44 . |42 75 74 74 6F 6E 33 43 6C >ascii "Button3Click" 00421D50 |13 db 13 00421D51 |00 db 00 00421D52 . |C81D4200 dd Dope2112.00421DC8 00421D56 . |0C db 0C 00421D57 . |42 75 74 74 6F 6E 31 43 6C >ascii "Button1Click" 00421D63 |12 db 12 00421D64 |00 db 00 00421D65 . |941E4200 dd Dope2112.00421E94 00421D69 . |0B db 0B 00421D6A . |54 69 6D 65 72 31 54 69 6D >ascii "Timer1Timer" 00421D75 |11 db 11 00421D76 |00 db 00 00421D77 . |7C1F4200 dd Dope2112.00421F7C 00421D7B . |0A db 0A 00421D7C . |46 6F 72 6D 43 72 65 61 74 >ascii "FormCreate" 00421D86 . |06 db 06 00421D87 . |54 46 6F 72 6D 31 ascii "TForm1" 00421D8D |02 db 02
Check按钮的地址是 00421DCB
下断
00421DC8 /. 55 push ebp ; check 00421DC9 |. 8BEC mov ebp,esp 00421DCB |. 6A 00 push 0x0 00421DCD |. 6A 00 push 0x0 00421DCF |. 6A 00 push 0x0 00421DD1 |. 53 push ebx 00421DD2 |. 56 push esi 00421DD3 |. 57 push edi 00421DD4 |. 8BF0 mov esi,eax 00421DD6 |. 33C0 xor eax,eax 00421DD8 |. 55 push ebp 00421DD9 |. 68 861E4200 push Dope2112.00421E86 00421DDE |. 64:FF30 push dword ptr fs:[eax] 00421DE1 |. 64:8920 mov dword ptr fs:[eax],esp 00421DE4 |. BB 37000000 mov ebx,0x37 00421DE9 |. 8D55 F8 lea edx,[local.2] 00421DEC |. 8B86 B0010000 mov eax,dword ptr ds:[esi+0x1B0] 00421DF2 |. E8 89FAFEFF call Dope2112.00411880 00421DF7 |. 8D55 FC lea edx,[local.1] 00421DFA |. 8B86 AC010000 mov eax,dword ptr ds:[esi+0x1AC] 00421E00 |. E8 7BFAFEFF call Dope2112.00411880 00421E05 |. 8B45 FC mov eax,[local.1] ; Name 00421E08 |. E8 5715FEFF call Dope2112.00403364 00421E0D |. 83F8 04 cmp eax,0x4 00421E10 |. 7D 0C jge XDope2112.00421E1E 00421E12 |. A1 64464200 mov eax,dword ptr ds:[0x424664] 00421E17 |. E8 C8BAFFFF call Dope2112.0041D8E4 00421E1C |. EB 4D jmp XDope2112.00421E6B 00421E1E |> 8B45 FC mov eax,[local.1] 00421E21 |. E8 3E15FEFF call Dope2112.00403364 00421E26 |. 85C0 test eax,eax 00421E28 |. 7C 14 jl XDope2112.00421E3E 00421E2A |. 40 inc eax 00421E2B |. 33D2 xor edx,edx 00421E2D |> 8B4D FC /mov ecx,[local.1] 00421E30 |. 0FB64C11 FF |movzx ecx,byte ptr ds:[ecx+edx-0x1] 00421E35 |. C1E1 09 |shl ecx,0x9 ; ebx += Name[i] << 9 00421E38 |. 03D9 |add ebx,ecx 00421E3A |. 42 |inc edx 00421E3B |. 48 |dec eax 00421E3C |.^ 75 EF \jnz XDope2112.00421E2D 00421E3E |> 8D55 F4 lea edx,[local.3] 00421E41 |. 8BC3 mov eax,ebx 00421E43 |. E8 E834FEFF call Dope2112.00405330 00421E48 |. 8B45 F4 mov eax,[local.3] ; Key 00421E4B |. 8B55 F8 mov edx,[local.2] 00421E4E |. E8 2116FEFF call Dope2112.00403474 ; strcmp 00421E53 |. 75 0C jnz XDope2112.00421E61 00421E55 |. A1 68464200 mov eax,dword ptr ds:[0x424668] 00421E5A |. E8 85BAFFFF call Dope2112.0041D8E4 00421E5F |. EB 0A jmp XDope2112.00421E6B 00421E61 |> A1 64464200 mov eax,dword ptr ds:[0x424664] 00421E66 |. E8 79BAFFFF call Dope2112.0041D8E4 00421E6B |> 33C0 xor eax,eax 00421E6D |. 5A pop edx 00421E6E |. 59 pop ecx 00421E6F |. 59 pop ecx 00421E70 |. 64:8910 mov dword ptr fs:[eax],edx 00421E73 |. 68 8D1E4200 push Dope2112.00421E8D 00421E78 |> 8D45 F4 lea eax,[local.3] 00421E7B |. BA 03000000 mov edx,0x3 00421E80 |. E8 8B13FEFF call Dope2112.00403210 00421E85 \. C3 retn 00421E86 .^ E9 E50FFEFF jmp Dope2112.00402E70 00421E8B .^ EB EB jmp XDope2112.00421E78 00421E8D . 5F pop edi 00421E8E . 5E pop esi 00421E8F . 5B pop ebx 00421E90 . 8BE5 mov esp,ebp 00421E92 . 5D pop ebp 00421E93 . C3 retn
3、注册机
>>> def keygen(name): ebx = 0x37 for i in name: ebx += ord(i) << 0x9 return ebx >>> keygen('123456') 158263
相关文章推荐
- 160个练手CrackMe-021
- 160个练手CrackMe-028
- 160个练手CrackMe-034
- 160个练手CrackMe-051
- 160个练手CrackMe-009
- 160个练手CrackMe-029
- 160个练手CrackMe-030
- 160个练手CrackMe-035
- 160个练手CrackMe-041
- 160个练手CrackMe-052
- 160个练手CrackMe-022
- 160个练手CrackMe-036
- 160个练手CrackMe-042
- 160个练手CrackMe-001
- 160个练手CrackMe-010
- 160个练手CrackMe-037
- 160个练手CrackMe-043
- 160个练手CrackMe-011
- 160个练手CrackMe-023
- 160个练手CrackMe-044