160 - 18 Brad Soblesky.1
生活随笔
收集整理的這篇文章主要介紹了
160 - 18 Brad Soblesky.1
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
環境:
windows xp sp3
工具:
Ollydbg,exeinfope
用exeinfope查殼:
? ?沒有殼,vc編譯的
運行后第一步,隨便輸入個”12345“,彈出一個錯誤消息框。
OD載入后直接搜索錯誤消息框的字符串,發現字符串也不多
文本字串參考位于 Brad_Sob:.text 地址 反匯編 文本字串 00401571 push Brad_Sob.0040302C ASCII "CrackMe" 00401576 push Brad_Sob.00403034 ASCII "Enter Registration Number" 00401595 jnz XBrad_Sob.004015AD (初始 CPU 選擇) 00401599 push Brad_Sob.00403050 ASCII "CrackMe" 0040159E push Brad_Sob.00403058 ASCII "Correct way to go!!" 004015AF push Brad_Sob.0040306C ASCII "CrackMe" 004015B4 push Brad_Sob.00403074 ASCII "Incorrect try again!!" 00401CE5 push 0x10000 UNICODE "=::=::\"一眼看到錯誤信息所在位置,在反匯編窗口跟隨。 00401512 /. 55 push ebp 00401513 |. 8BEC mov ebp,esp 00401515 |. 83EC 20 sub esp,0x20 00401518 |. 894D E0 mov [local.8],ecx 0040151B |. 66:A1 5C31400>mov ax,word ptr ds:[0x40315C] 00401521 |. 66:8945 F4 mov word ptr ss:[ebp-0xC],ax 00401525 |. 33C9 xor ecx,ecx 00401527 |. 894D F6 mov dword ptr ss:[ebp-0xA],ecx 0040152A |. 894D FA mov dword ptr ss:[ebp-0x6],ecx 0040152D |. 8B15 20304000 mov edx,dword ptr ds:[0x403020] 00401533 |. 8955 E4 mov [local.7],edx 00401536 |. A1 24304000 mov eax,dword ptr ds:[0x403024] 0040153B |. 8945 E8 mov [local.6],eax 0040153E |. 66:8B0D 28304>mov cx,word ptr ds:[0x403028] 00401545 |. 66:894D EC mov word ptr ss:[ebp-0x14],cx 00401549 |. 6A 0A push 0xA 0040154B |. 8D55 F4 lea edx,[local.3] 0040154E |. 52 push edx 0040154F |. 68 E8030000 push 0x3E8 00401554 |. 8B4D E0 mov ecx,[local.8] 00401557 |. E8 A8050000 call <jmp.&MFC42.#3098> ; 這里是讀取輸入的serial 0040155C |. 8D45 F4 lea eax,[local.3] 0040155F |. 50 push eax ; /String 00401560 |. FF15 04204000 call dword ptr ds:[<&KERNEL32.lstrlenA>] ; \lstrlenA 00401566 |. 8945 F0 mov [local.4],eax 00401569 |. 837D F0 01 cmp [local.4],0x1 ; 比較輸入的serial長度 0040156D |. 73 16 jnb XBrad_Sob.00401585 0040156F |. 6A 40 push 0x40 00401571 |. 68 2C304000 push Brad_Sob.0040302C ; ASCII "CrackMe" 00401576 |. 68 34304000 push Brad_Sob.00403034 ; ASCII "Enter Registration Number" 0040157B |. 8B4D E0 mov ecx,[local.8] 0040157E |. E8 7B050000 call <jmp.&MFC42.#4224> 00401583 |. EB 3C jmp XBrad_Sob.004015C1 00401585 |> 8D4D E4 lea ecx,[local.7] ; 直接就是字符串明文比較 00401588 |. 51 push ecx ; /String2 00401589 |. 8D55 F4 lea edx,[local.3] ; | 0040158C |. 52 push edx ; |String1 0040158D |. FF15 00204000 call dword ptr ds:[<&KERNEL32.lstrcmpA>] ; \lstrcmpA 00401593 |. 85C0 test eax,eax 00401595 |. 75 16 jnz XBrad_Sob.004015AD 00401597 |. 6A 40 push 0x40 00401599 |. 68 50304000 push Brad_Sob.00403050 ; ASCII "CrackMe" 0040159E |. 68 58304000 push Brad_Sob.00403058 ; ASCII "Correct way to go!!" 004015A3 |. 8B4D E0 mov ecx,[local.8] 004015A6 |. E8 53050000 call <jmp.&MFC42.#4224> 004015AB |. EB 14 jmp XBrad_Sob.004015C1 004015AD |> 6A 40 push 0x40 004015AF |. 68 6C304000 push Brad_Sob.0040306C ; ASCII "CrackMe" 004015B4 |. 68 74304000 push Brad_Sob.00403074 ; ASCII "Incorrect try again!!" 004015B9 |. 8B4D E0 mov ecx,[local.8] 004015BC |. E8 3D050000 call <jmp.&MFC42.#4224> 004015C1 |> 8BE5 mov esp,ebp 004015C3 |. 5D pop ebp 004015C4 \. C3 retn
serial:<BrD-SoB>
總結
以上是生活随笔為你收集整理的160 - 18 Brad Soblesky.1的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: DNF练啥职业好
- 下一篇: 160 - 19 Brad Sobles