Crackme 20
来源:互联网 发布:ipad儿童游戏 6岁 知乎 编辑:程序博客网 时间:2024/05/24 06:28
首先用PEID检测一下
有壳wwPack32 经典壳,现在接触的带壳程序不多,上次直接脱壳软件搞定,这次跟着教程手动搞了一下
首先单步调试找到跨段跳转
跳入之后下断点(一般跳入之后就是程序开始的地方),但里面的没有反汇编代码,看着比较难受。
首先脱壳
脱壳之后打不开,我看有的题解上脱壳后可以打开····
利用PEID查看什么程序编写
利用dede反编译没有什么成果,直接利用IDR分析Delphi
Unit1::TForm1.Button1Click 0044A2E8 push ebp 0044A2E9 mov ebp,esp 0044A2EB xor ecx,ecx 0044A2ED push ecx 0044A2EE push ecx 0044A2EF push ecx 0044A2F0 push ecx 0044A2F1 push ebx 0044A2F2 push esi 0044A2F3 mov ebx,eax 0044A2F5 xor eax,eax 0044A2F7 push ebp 0044A2F8 push 44A3E4 0044A2FD push dword ptr fs:[eax] 0044A300 mov dword ptr fs:[eax],esp 0044A303 lea edx,[ebp-4] 0044A306 mov eax,dword ptr [ebx+2C8]; TForm1.Edit2:TEdit 0044A30C call TControl.GetText 0044A311 mov eax,dword ptr [ebp-4] 0044A314 call StrToInt 0044A319 mov esi,eax 0044A31B mov eax,dword ptr [ebp-4] 0044A31E call StrToInt64 0044A323 push edx 0044A324 push eax 0044A325 mov eax,esi 0044A327 cdq 0044A328 add eax,dword ptr [esp] 0044A32B adc edx,dword ptr [esp+4] 0044A32F add esp,8 0044A332 push edx 0044A333 push eax 0044A334 mov eax,esi 0044A336 cdq 0044A337 add eax,dword ptr [esp] 0044A33A adc edx,dword ptr [esp+4] 0044A33E add esp,8 0044A341 push edx 0044A342 push eax 0044A343 lea edx,[ebp-8] 0044A346 mov eax,6 0044A34B call IntToHex 0044A350 mov edx,dword ptr [ebp-8] 0044A353 mov eax,dword ptr [ebx+2CC]; TForm1.Edit3:TEdit 0044A359 call TControl.SetText 0044A35E lea edx,[ebp-0C] 0044A361 mov eax,dword ptr [ebx+2CC]; TForm1.Edit3:TEdit 0044A367 call TControl.GetText 0044A36C mov eax,dword ptr [ebp-0C] 0044A36F push eax 0044A370 lea edx,[ebp-10] 0044A373 mov eax,dword ptr [ebx+2F0]; TForm1.Label1:TLabel 0044A379 call TControl.GetText 0044A37E mov edx,dword ptr [ebp-10] 0044A381 pop eax 0044A382 call @LStrCmp>0044A387 jne 0044A398 0044A389 mov dl,1 0044A38B mov eax,dword ptr [ebx+2FC]; TForm1.Label2:TLabel 0044A391 call TControl.SetVisible>0044A396 jmp 0044A3A9 0044A398 mov eax,dword ptr [ebx+2D4]; TForm1.Label6:TLabel 0044A39E mov edx,dword ptr [eax+34]; TLabel.Top:Integer 0044A3A1 sub edx,0A 0044A3A4 call TControl.SetTop 0044A3A9 mov eax,dword ptr [ebx+2D4]; TForm1.Label6:TLabel 0044A3AF cmp dword ptr [eax+34],32; TLabel.Top:Integer>0044A3B3 jge 0044A3BC 0044A3B5 mov eax,ebx 0044A3B7 call TCustomForm.Close 0044A3BC xor eax,eax 0044A3BE pop edx 0044A3BF pop ecx 0044A3C0 pop ecx 0044A3C1 mov dword ptr fs:[eax],edx 0044A3C4 push 44A3EB 0044A3C9 lea eax,[ebp-10] 0044A3CC mov edx,2 0044A3D1 call @LStrArrayClr 0044A3D6 lea eax,[ebp-8] 0044A3D9 mov edx,2 0044A3DE call @LStrArrayClr 0044A3E3 ret<0044A3E4 jmp @HandleFinally<0044A3E9 jmp 0044A3C9 0044A3EB pop esi 0044A3EC pop ebx 0044A3ED mov esp,ebp 0044A3EF pop ebp 0044A3F0 ret
分析算法
0044A30C |. E8 FBA0FDFF CALL 3.0042440C ; name string0044A311 |. 8B45 FC MOV EAX,[LOCAL.1]0044A314 |. E8 EFD6FBFF CALL 3.00407A08 ; strtoint0044A319 |. 8BF0 MOV ESI,EAX0044A31B |. 8B45 FC MOV EAX,[LOCAL.1]0044A31E |. E8 5DD7FBFF CALL 3.00407A800044A323 |. 52 PUSH EDX0044A324 |. 50 PUSH EAX0044A325 |. 8BC6 MOV EAX,ESI0044A327 |. 99 CDQ0044A328 |. 030424 ADD EAX,DWORD PTR SS:[ESP] ; 0x7b + 0x7b0044A32B |. 135424 04 ADC EDX,DWORD PTR SS:[ESP+4]0044A32F |. 83C4 08 ADD ESP,80044A332 |. 52 PUSH EDX0044A333 |. 50 PUSH EAX0044A334 |. 8BC6 MOV EAX,ESI0044A336 |. 99 CDQ0044A337 |. 030424 ADD EAX,DWORD PTR SS:[ESP] ; 0x7b + 0xf60044A33A |. 135424 04 ADC EDX,DWORD PTR SS:[ESP+4]0044A33E |. 83C4 08 ADD ESP,80044A341 |. 52 PUSH EDX ; /Arg20044A342 |. 50 PUSH EAX ; |Arg10044A343 |. 8D55 F8 LEA EDX,[LOCAL.2] ; |0044A346 |. B8 06000000 MOV EAX,6 ; |0044A34B |. E8 78D6FBFF CALL 3.004079C8 ; \int to hex0044A350 |. 8B55 F8 MOV EDX,[LOCAL.2]0044A353 |. 8B83 CC020000 MOV EAX,DWORD PTR DS:[EBX+2CC]0044A359 |. E8 DEA0FDFF CALL 3.0042443C0044A35E |. 8D55 F4 LEA EDX,[LOCAL.3]0044A361 |. 8B83 CC020000 MOV EAX,DWORD PTR DS:[EBX+2CC]0044A367 |. E8 A0A0FDFF CALL 3.0042440C0044A36C |. 8B45 F4 MOV EAX,[LOCAL.3]0044A36F |. 50 PUSH EAX0044A370 |. 8D55 F0 LEA EDX,[LOCAL.4]0044A373 |. 8B83 F0020000 MOV EAX,DWORD PTR DS:[EBX+2F0]0044A379 |. E8 8EA0FDFF CALL 3.0042440C0044A37E |. 8B55 F0 MOV EDX,[LOCAL.4]0044A381 |. 58 POP EAX0044A382 >|. E8 6198FBFF CALL 3.00403BE8 ; strcmp
写出注册机
s = '0x3e74984b'print int(s,16)/3
0 0
- Crackme 20
- Triangle CrackMe
- CrackMe-crackhead
- crackme 网站
- Crackme 1
- Crackme 2
- Crackme 3
- Crackme 4
- Crackme 21
- Crackme 22
- Crackme 23
- Crackme 5
- Crackme 24
- Crackme 25
- Crackme 26
- Crackme 28
- Crackme 29
- Crackme 30
- static和final关键字
- windows程序设计读书笔记一
- bzoj 2132 经典二分图的最小割
- 1007. To and Fro
- 今日所学-------二级联动菜单
- Crackme 20
- 何为"IOE"、"去IOE"
- ubuntu 切换root用户方法
- Anaconda+tensorflow1.0安装
- python os模块简介
- D3D11地形渲染教程十八之TerrainTextureLayer
- 阿里云建站-CV小站
- java同步 异步 多线程
- POJ 3549 GSM phone 英文少