160个练手CrackMe-047
2017-12-30 17:35
309 查看
1、无壳
2、提供KeyFile
00401057 . A3 AF214000 mov dword ptr ds:[0x4021AF],eax ; | 0040105C . 6A 00 push 0x0 ; |/hTemplateFile = NULL 0040105E . 68 6F214000 push DueList_.0040216F ; ||Attributes = READONLY|HIDDEN|SYSTEM|ARCHIVE|TEMPORARY|402048 00401063 . 6A 03 push 0x3 ; ||Mode = OPEN_EXISTING 00401065 . 6A 00 push 0x0 ; ||pSecurity = NULL 00401067 . 6A 03 push 0x3 ; ||ShareMode = FILE_SHARE_READ|FILE_SHARE_WRITE 00401069 . 68 000000C0 push 0xC0000000 ; ||Access = GENERIC_READ|GENERIC_WRITE 0040106E . 68 79204000 push DueList_.00402079 ; ||FileName = "due-cm2.dat" 00401073 . E8 0B020000 call <jmp.&KERNEL32.CreateFileA> ; |\CreateFileA
文件名为:due-cm2.dat
004010AE . 85C0 test eax,eax 004010B0 . 75 02 jnz XDueList_.004010B4 004010B2 . EB 43 jmp XDueList_.004010F7 004010B4 > 33DB xor ebx,ebx 004010B6 . 33F6 xor esi,esi 004010B8 . 833D 73214000>cmp dword ptr ds:[0x402173],0x12 ; key长度是 0x12 004010BF . 7C 36 jl XDueList_.004010F7 004010C1 > 8A83 1A214000 mov al,byte ptr ds:[ebx+0x40211A] 004010C7 . 3C 00 cmp al,0x0 004010C9 . 74 08 je XDueList_.004010D3 004010CB . 3C 01 cmp al,0x1 004010CD . 75 01 jnz XDueList_.004010D0 004010CF . 46 inc esi 004010D0 > 43 inc ebx 004010D1 .^ EB EE jmp XDueList_.004010C1 004010D3 > 83FE 02 cmp esi,0x2 ; 遇到0x00之前要有两个0x01 004010D6 . 7C 1F jl XDueList_.004010F7 004010D8 . 33F6 xor esi,esi 004010DA . 33DB xor ebx,ebx 004010DC > 8A83 1A214000 mov al,byte ptr ds:[ebx+0x40211A] 004010E2 . 3C 00 cmp al,0x0 004010E4 . 74 09 je XDueList_.004010EF 004010E6 . 3C 01 cmp al,0x1 004010E8 . 74 05 je XDueList_.004010EF 004010EA . 03F0 add esi,eax 004010EC . 43 inc ebx 004010ED .^ EB ED jmp XDueList_.004010DC 004010EF > 81FE D5010000 cmp esi,0x1D5 ; 遇到0x01之前要使sum = 0x1D5 004010F5 . 74 1D je XDueList_.00401114 004010F7 > 6A 00 push 0x0 ; |/Style = MB_OK|MB_APPLMODAL 004010F9 . 68 01204000 push DueList_.00402001 ; ||Title = "Duelist's Crackme #2" 004010FE . 68 86204000 push DueList_.00402086 ; ||Text = "Your current keyfile is invalid... Please obtain a valid one from the software author!" 00401103 . 6A 00 push 0x0 ; ||hOwner = NULL 00401105 . E8 5D020000 call <jmp.&USER32.MessageBoxA> ; |\MessageBoxA 0040110A . E8 AA010000 call <jmp.&KERNEL32.ExitProcess> ; \ExitProcess 0040110F . E9 AE000000 jmp DueList_.004011C2 00401114 > 33F6 xor esi,esi 00401116 > 43 inc ebx 00401117 . 8A83 1A214000 mov al,byte ptr ds:[ebx+0x40211A] 0040111D . 3C 00 cmp al,0x0 0040111F . 74 18 je XDueList_.00401139 00401121 . 3C 01 cmp al,0x1 00401123 . 74 14 je XDueList_.00401139 00401125 . 83FE 0F cmp esi,0xF ; 要有一个小于0x0F 00401128 . 73 0F jnb XDueList_.00401139 0040112A . 3286 1A214000 xor al,byte ptr ds:[esi+0x40211A] 00401130 . 8986 60214000 mov dword ptr ds:[esi+0x402160],eax 00401136 . 46 inc esi 00401137 .^ EB DD jmp XDueList_.00401116 00401139 > 43 inc ebx 0040113A . 33F6 xor esi,esi 0040113C > 8A83 1A214000 mov al,byte ptr ds:[ebx+0x40211A] 00401142 . 3C 00 cmp al,0x0 00401144 . 74 09 je XDueList_.0040114F 00401146 . 3C 01 cmp al,0x1 00401148 .^ 74 F2 je XDueList_.0040113C 0040114A . 03F0 add esi,eax 0040114C . 43 inc ebx 0040114D .^ EB ED jmp XDueList_.0040113C ; 0x00之前要使sum = 0x1B2 0040114F > 81FE B2010000 cmp esi,0x1B2 00401155 ^ 75 A0 jnz XDueList_.004010F7 00401157 . 6A 00 push 0x0 ; /lParam = NULL 00401159 . 68 C9114000 push DueList_.004011C9 ; |DlgProc = DueList_.004011C9 0040115E . 6A 00 push 0x0 ; |hOwner = NULL 00401160 . 6A 05 push 0x5 ; |pTemplate = 5 00401162 . FF35 77214000 push dword ptr ds:[0x402177] ; |hInst = NULL 00401168 . E8 42020000 call <jmp.&USER32.DialogBoxParamA> ; \DialogBoxParamA
3、Serail
综合上面几个条件FF D6 01 01 FF B3 00 00 00 00 00 00 00 00 00 00 00 00 00
相关文章推荐
- 160个练手CrackMe-008
- 160个练手CrackMe-020
- 160个练手CrackMe-027
- 160个练手CrackMe-033
- 160个练手CrackMe-051
- 160个练手CrackMe-021
- 160个练手CrackMe-028
- 160个练手CrackMe-034
- 160个练手CrackMe-009
- 160个练手CrackMe-029
- 160个练手CrackMe-052
- 160个练手CrackMe-030
- 160个练手CrackMe-035
- 160个练手CrackMe-041
- 160个练手CrackMe-022
- 160个练手CrackMe-036
- 160个练手CrackMe-042
- 160个练手CrackMe-010
- 160个练手CrackMe-037
- 160个练手CrackMe-043