happytown"s crackme-01 简单分析
- 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
破解内容
代码:
00407ABD cmp word ptr ss:[ebp-1C],5 ; 比较用户名
00407AC2 jl CrackMe_.004081C4
00407AC8 cmp ax,0A ; 比较注册码
00407ACC jl CrackMe_.004081C4
00407AD2 mov esi,dword ptr ds:[<&MSVBVM60.#632>];MSVBVM60.rtcMidCharVar
00407AD8 lea eax,dword ptr ss:[ebp-18]
00407ADB lea ecx,dword ptr ss:[ebp-48]
00407ADE mov dword ptr ss:[ebp-80],eax
00407AE1 push ecx
00407AE2 lea edx,dword ptr ss:[ebp-88]
00407AE8 push 1
00407AEA lea eax,dword ptr ss:[ebp-58]
00407AED push edx
00407AEE push eax
00407AEF mov dword ptr ss:[ebp-40],1
00407AF6 mov dword ptr ss:[ebp-48],2
00407AFD mov dword ptr ss:[ebp-88],4008
00407B07 call esi
00407B09 mov edi,dword ptrds:[<&MSVBVM60.__vbaStrVa>;MSVBVM60.__vbaStrVarVal
00407B0F lea ecx,dword ptr ss:[ebp-58]
00407B12 lea edx,dword ptr ss:[ebp-30]
00407B15 push ecx
00407B16 push edx
00407B17 call edi
00407B19 push eax
00407B1A call dword ptr ds:[<&MSVBVM60.#516>];MSVBVM60.rtcAnsiValueBstr
00407B20 xor ecx,ecx
00407B22 cmp ax,70 ; 与70比较
00407B26 setne cl
00407B29 neg ecx
00407B2B mov dword ptr ss:[ebp-BC],ecx
00407B31 lea ecx,dword ptr ss:[ebp-30]
00407B34 call dwordptrds:[<&MSVBVM60.__vbaFreeStr>>;MSVBVM60.__vbaFreeStr
00407B3A lea edx,dword ptr ss:[ebp-58]
00407B3D lea eax,dword ptr ss:[ebp-48]
00407B40 push edx
00407B41 push eax
00407B42 push 2
00407B44 call dword ptrds:[<&MSVBVM60.__vbaFreeVarL>;MSVBVM60.__vbaFreeVarList
00407B4A add esp,0C
00407B4D cmp word ptr ss:[ebp-BC],bx
00407B54 jnz CrackMe_.004081C4 ; 不相等就OVER
00407B5A lea ecx,dword ptr ss:[ebp-18]
00407B5D lea edx,dword ptr ss:[ebp-48]
00407B60 mov dword ptr ss:[ebp-80],ecx
00407B63 push edx
00407B64 lea eax,dword ptr ss:[ebp-88]
00407B6A push 2
00407B6C lea ecx,dword ptr ss:[ebp-58]
00407B6F mov ebx,1
00407B74 push eax
00407B75 push ecx
00407B76 mov dword ptr ss:[ebp-40],ebx
00407B79 mov dword ptr ss:[ebp-48],2
00407B80 mov dword ptr ss:[ebp-88],4008
00407B8A call esi
00407B8C lea edx,dword ptr ss:[ebp-2C]
00407B8F lea eax,dword ptr ss:[ebp-68]
00407B92 mov dword ptr ss:[ebp-A0],edx
00407B98 push eax
00407B99 lea ecx,dword ptr ss:[ebp-A8]
00407B9F push ebx
00407BA0 lea edx,dword ptr ss:[ebp-78]
00407BA3 push ecx
00407BA4 push edx
00407BA5 mov dword ptr ss:[ebp-60],ebx
00407BA8 mov dword ptr ss:[ebp-68],2
00407BAF mov dword ptr ss:[ebp-A8],4008
00407BB9 call esi
00407BBB lea eax,dword ptr ss:[ebp-78]
00407BBE lea ecx,dword ptr ss:[ebp-34]
00407BC1 push eax
00407BC2 push ecx
00407BC3 call edi
00407BC5 push eax
00407BC6 call dword ptr ds:[<&MSVBVM60.#516>];MSVBVM60.rtcAnsiValueBstr
00407BCC mov bx,ax ; 取用户名
00407BCF lea edx,dword ptr ss:[ebp-58]
00407BD2 lea eax,dword ptr ss:[ebp-30]
00407BD5 push edx
00407BD6 push eax
00407BD7 call edi
00407BD9 push eax
00407BDA call dword ptr ds:[<&MSVBVM60.#516>];MSVBVM60.rtcAnsiValueBstr
00407BE0 xor ecx,ecx
00407BE2 cmp ax,bx ; 用户名和注册码比较
00407BE5 lea edx,dword ptr ss:[ebp-34]
00407BE8 lea eax,dword ptr ss:[ebp-30]
00407BEB setne cl
00407BEE push edx
00407BEF push eax
00407BF0 neg ecx
00407BF2 push 2
00407BF4 mov dword ptr ss:[ebp-BC],ecx
00407BFA call dword ptrds:[<&MSVBVM60.__vbaFreeStrL>;MSVBVM60.__vbaFreeStrList
00407C00 lea ecx,dword ptr ss:[ebp-78]
00407C03 lea edx,dword ptr ss:[ebp-68]
00407C06 push ecx
00407C07 lea eax,dword ptr ss:[ebp-58]
00407C0A push edx
00407C0B lea ecx,dword ptr ss:[ebp-48]
00407C0E push eax
00407C0F push ecx
00407C10 push 4
00407C12 call dword ptrds:[<&MSVBVM60.__vbaFreeVarL>;MSVBVM60.__vbaFreeVarList
00407C18 xor ebx,ebx
00407C1A add esp,20
00407C1D cmp word ptr ss:[ebp-BC],bx
00407C24 jnz CrackMe_.004081C4 ; 不相等继续OVER
00407C2A lea edx,dword ptr ss:[ebp-18]
00407C2D lea eax,dword ptr ss:[ebp-48]
00407C30 mov dword ptr ss:[ebp-80],edx
00407C33 push eax
00407C34 lea ecx,dword ptr ss:[ebp-88]
00407C3A push 3
00407C3C lea edx,dword ptr ss:[ebp-58]
00407C3F push ecx
00407C40 push edx
00407C41 mov dword ptr ss:[ebp-40],1
00407C48 mov dword ptr ss:[ebp-48],2
00407C4F mov dword ptr ss:[ebp-88],4008
00407C59 call esi
00407C5B lea eax,dword ptr ss:[ebp-58]
00407C5E lea ecx,dword ptr ss:[ebp-30]
00407C61 push eax
00407C62 push ecx
00407C63 call edi
00407C65 push eax
00407C66 call dword ptr ds:[<&MSVBVM60.#516>];MSVBVM60.rtcAnsiValueBstr
00407C6C xor edx,edx
00407C6E cmp ax,65 ; 第三位与65比较
00407C72 setne dl
00407C75 neg edx
00407C77 lea ecx,dword ptr ss:[ebp-30]
00407C7A mov dword ptr ss:[ebp-BC],edx
00407C80 call dwordptrds:[<&MSVBVM60.__vbaFreeStr>>;MSVBVM60.__vbaFreeStr
00407C86 lea eax,dword ptr ss:[ebp-58]
00407C89 lea ecx,dword ptr ss:[ebp-48]
00407C8C push eax
00407C8D push ecx
00407C8E push 2
00407C90 call dword ptrds:[<&MSVBVM60.__vbaFreeVarL>;MSVBVM60.__vbaFreeVarList
00407C96 add esp,0C
00407C99 cmp word ptr ss:[ebp-BC],bx
00407CA0 jnz CrackMe_.004081C4 ; 不相等继续OVER
00407CA6 lea edx,dword ptr ss:[ebp-18]
00407CA9 lea eax,dword ptr ss:[ebp-48]
00407CAC mov dword ptr ss:[ebp-80],edx
00407CAF push eax
00407CB0 lea ecx,dword ptr ss:[ebp-88]
00407CB6 push 4
00407CB8 lea edx,dword ptr ss:[ebp-58]
00407CBB mov ebx,1
00407CC0 push ecx
00407CC1 push edx
00407CC2 mov dword ptr ss:[ebp-40],ebx
00407CC5 mov dword ptr ss:[ebp-48],2
00407CCC mov dword ptr ss:[ebp-88],4008
00407CD6 call esi
00407CD8 lea eax,dword ptr ss:[ebp-2C]
00407CDB lea ecx,dword ptr ss:[ebp-68]
00407CDE mov dword ptr ss:[ebp-A0],eax
00407CE4 push ecx
00407CE5 lea edx,dword ptr ss:[ebp-A8]
00407CEB push 2
00407CED lea eax,dword ptr ss:[ebp-78]
00407CF0 push edx
00407CF1 push eax
00407CF2 mov dword ptr ss:[ebp-60],ebx
00407CF5 mov dword ptr ss:[ebp-68],2
00407CFC mov dword ptr ss:[ebp-A8],4008
00407D06 call esi
00407D08 lea ecx,dword ptr ss:[ebp-78]
00407D0B lea edx,dword ptr ss:[ebp-34]
00407D0E push ecx
00407D0F push edx
00407D10 call edi
00407D12 push eax
00407D13 call dword ptr ds:[<&MSVBVM60.#516>];MSVBVM60.rtcAnsiValueBstr
00407D19 mov bx,ax ; 用户名第二位
00407D1C lea eax,dword ptr ss:[ebp-58]
00407D1F lea ecx,dword ptr ss:[ebp-30]
00407D22 push eax
00407D23 push ecx
00407D24 call edi
00407D26 push eax
00407D27 call dword ptr ds:[<&MSVBVM60.#516>];MSVBVM60.rtcAnsiValueBstr
00407D2D xor edx,edx
00407D2F cmp ax,bx ; 与注册码第四位比较
00407D32 lea eax,dword ptr ss:[ebp-34]
00407D35 lea ecx,dword ptr ss:[ebp-30]
00407D38 setne dl
00407D3B push eax
00407D3C push ecx
00407D3D neg edx
00407D3F push 2
00407D41 mov dword ptr ss:[ebp-BC],edx
00407D47 call dword ptrds:[<&MSVBVM60.__vbaFreeStrL>;MSVBVM60.__vbaFreeStrList
00407D4D lea edx,dword ptr ss:[ebp-78]
00407D50 lea eax,dword ptr ss:[ebp-68]
00407D53 push edx
00407D54 lea ecx,dword ptr ss:[ebp-58]
00407D57 push eax
00407D58 lea edx,dword ptr ss:[ebp-48]
00407D5B push ecx
00407D5C push edx
00407D5D push 4
00407D5F call dword ptrds:[<&MSVBVM60.__vbaFreeVarL>;MSVBVM60.__vbaFreeVarList
00407D65 xor ebx,ebx
00407D67 add esp,20
00407D6A cmp word ptr ss:[ebp-BC],bx
00407D71 jnz CrackMe_.004081C4 ; 不相等继续OVER
00407D77 lea eax,dword ptr ss:[ebp-18]
00407D7A lea ecx,dword ptr ss:[ebp-48]
00407D7D mov dword ptr ss:[ebp-80],eax
00407D80 push ecx
00407D81 lea edx,dword ptr ss:[ebp-88]
00407D87 push 5
00407D89 lea eax,dword ptr ss:[ebp-58]
00407D8C push edx
00407D8D push eax
00407D8E mov dword ptr ss:[ebp-40],1
00407D95 mov dword ptr ss:[ebp-48],2
00407D9C mov dword ptr ss:[ebp-88],4008
00407DA6 call esi
00407DA8 lea ecx,dword ptr ss:[ebp-58]
00407DAB lea edx,dword ptr ss:[ebp-30]
00407DAE push ecx
00407DAF push edx
00407DB0 call edi
00407DB2 push eax
00407DB3 call dword ptr ds:[<&MSVBVM60.#516>];MSVBVM60.rtcAnsiValueBstr
00407DB9 xor ecx,ecx
00407DBB cmp ax,64 ; 第五位与64比较
00407DBF setne cl
00407DC2 neg ecx
00407DC4 mov dword ptr ss:[ebp-BC],ecx
00407DCA lea ecx,dword ptr ss:[ebp-30]
00407DCD call dwordptrds:[<&MSVBVM60.__vbaFreeStr>>;MSVBVM60.__vbaFreeStr
00407DD3 lea edx,dword ptr ss:[ebp-58]
00407DD6 lea eax,dword ptr ss:[ebp-48]
00407DD9 push edx
00407DDA push eax
00407DDB push 2
00407DDD call dword ptrds:[<&MSVBVM60.__vbaFreeVarL>;MSVBVM60.__vbaFreeVarList
-
TAGS:
- 作者:管理员 时间:2009-6-21 来源:网络 人气: