您的位置:首页 > 其它

160个练手CrackMe-047

2017-12-30 17:35 309 查看

1、无壳

2、提供KeyFile

00401057   .  A3 AF214000   mov dword ptr ds:[0x4021AF],eax          ; |
0040105C   .  6A 00         push 0x0                                 ; |/hTemplateFile = NULL
0040105E   .  68 6F214000   push DueList_.0040216F                   ; ||Attributes = READONLY|HIDDEN|SYSTEM|ARCHIVE|TEMPORARY|402048
00401063   .  6A 03         push 0x3                                 ; ||Mode = OPEN_EXISTING
00401065   .  6A 00         push 0x0                                 ; ||pSecurity = NULL
00401067   .  6A 03         push 0x3                                 ; ||ShareMode = FILE_SHARE_READ|FILE_SHARE_WRITE
00401069   .  68 000000C0   push 0xC0000000                          ; ||Access = GENERIC_READ|GENERIC_WRITE
0040106E   .  68 79204000   push DueList_.00402079                   ; ||FileName = "due-cm2.dat"
00401073   .  E8 0B020000   call <jmp.&KERNEL32.CreateFileA>         ; |\CreateFileA


文件名为:due-cm2.dat

004010AE   .  85C0          test eax,eax
004010B0   .  75 02         jnz XDueList_.004010B4
004010B2   .  EB 43         jmp XDueList_.004010F7
004010B4   >  33DB          xor ebx,ebx
004010B6   .  33F6          xor esi,esi
004010B8   .  833D 73214000>cmp dword ptr ds:[0x402173],0x12         ;  key长度是 0x12
004010BF   .  7C 36         jl XDueList_.004010F7
004010C1   >  8A83 1A214000 mov al,byte ptr ds:[ebx+0x40211A]
004010C7   .  3C 00         cmp al,0x0
004010C9   .  74 08         je XDueList_.004010D3
004010CB   .  3C 01         cmp al,0x1
004010CD   .  75 01         jnz XDueList_.004010D0
004010CF   .  46            inc esi
004010D0   >  43            inc ebx
004010D1   .^ EB EE         jmp XDueList_.004010C1
004010D3   >  83FE 02       cmp esi,0x2                              ;  遇到0x00之前要有两个0x01
004010D6   .  7C 1F         jl XDueList_.004010F7
004010D8   .  33F6          xor esi,esi
004010DA   .  33DB          xor ebx,ebx
004010DC   >  8A83 1A214000 mov al,byte ptr ds:[ebx+0x40211A]
004010E2   .  3C 00         cmp al,0x0
004010E4   .  74 09         je XDueList_.004010EF
004010E6   .  3C 01         cmp al,0x1
004010E8   .  74 05         je XDueList_.004010EF
004010EA   .  03F0          add esi,eax
004010EC   .  43            inc ebx
004010ED   .^ EB ED         jmp XDueList_.004010DC
004010EF   >  81FE D5010000 cmp esi,0x1D5                            ;  遇到0x01之前要使sum = 0x1D5
004010F5   .  74 1D         je XDueList_.00401114
004010F7   >  6A 00         push 0x0                                 ; |/Style = MB_OK|MB_APPLMODAL
004010F9   .  68 01204000   push DueList_.00402001                   ; ||Title = "Duelist's Crackme #2"
004010FE   .  68 86204000   push DueList_.00402086                   ; ||Text = "Your current keyfile is invalid... Please obtain a valid one from the software author!"
00401103   .  6A 00         push 0x0                                 ; ||hOwner = NULL
00401105   .  E8 5D020000   call <jmp.&USER32.MessageBoxA>           ; |\MessageBoxA
0040110A   .  E8 AA010000   call <jmp.&KERNEL32.ExitProcess>         ; \ExitProcess
0040110F   .  E9 AE000000   jmp DueList_.004011C2
00401114   >  33F6          xor esi,esi
00401116   >  43            inc ebx
00401117   .  8A83 1A214000 mov al,byte ptr ds:[ebx+0x40211A]
0040111D   .  3C 00         cmp al,0x0
0040111F   .  74 18         je XDueList_.00401139
00401121   .  3C 01         cmp al,0x1
00401123   .  74 14         je XDueList_.00401139
00401125   .  83FE 0F       cmp esi,0xF                              ;  要有一个小于0x0F
00401128   .  73 0F         jnb XDueList_.00401139
0040112A   .  3286 1A214000 xor al,byte ptr ds:[esi+0x40211A]
00401130   .  8986 60214000 mov dword ptr ds:[esi+0x402160],eax
00401136   .  46            inc esi
00401137   .^ EB DD         jmp XDueList_.00401116
00401139   >  43            inc ebx
0040113A   .  33F6          xor esi,esi
0040113C   >  8A83 1A214000 mov al,byte ptr ds:[ebx+0x40211A]
00401142   .  3C 00         cmp al,0x0
00401144   .  74 09         je XDueList_.0040114F
00401146   .  3C 01         cmp al,0x1
00401148   .^ 74 F2         je XDueList_.0040113C
0040114A   .  03F0          add esi,eax
0040114C   .  43            inc ebx
0040114D   .^ EB ED         jmp XDueList_.0040113C                   ;  0x00之前要使sum = 0x1B2
0040114F   >  81FE B2010000 cmp esi,0x1B2
00401155    ^ 75 A0         jnz XDueList_.004010F7
00401157   .  6A 00         push 0x0                                 ; /lParam = NULL
00401159   .  68 C9114000   push DueList_.004011C9                   ; |DlgProc = DueList_.004011C9
0040115E   .  6A 00         push 0x0                                 ; |hOwner = NULL
00401160   .  6A 05         push 0x5                                 ; |pTemplate = 5
00401162   .  FF35 77214000 push dword ptr ds:[0x402177]             ; |hInst = NULL
00401168   .  E8 42020000   call <jmp.&USER32.DialogBoxParamA>       ; \DialogBoxParamA


3、Serail

综合上面几个条件

FF D6 01 01 FF B3 00 00 00 00 00 00 00 00 00 00 00 00 00


内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签:  CrackMe
相关文章推荐
新的分享
章节导航