160 - 40 DaNiEl-RJ.1
生活随笔
收集整理的這篇文章主要介紹了
160 - 40 DaNiEl-RJ.1
小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.
環(huán)境
Windows xp sp3
工具
1.exeinfo PE
2.ollydbg
查殼
無殼Delphi程序
測試:
按照說明點到這個注冊窗口。
OD載入搜字符串,直接可以定位到這里
0042D4A8 /. 55 push ebp 0042D4A9 |. 8BEC mov ebp,esp 0042D4AB |. 33C9 xor ecx,ecx 0042D4AD |. 51 push ecx 0042D4AE |. 51 push ecx 0042D4AF |. 51 push ecx 0042D4B0 |. 51 push ecx 0042D4B1 |. 53 push ebx 0042D4B2 |. 56 push esi 0042D4B3 |. 57 push edi 0042D4B4 |. 8BF0 mov esi,eax 0042D4B6 |. 33C0 xor eax,eax 0042D4B8 |. 55 push ebp 0042D4B9 |. 68 B2D54200 push DaNiEl-R.0042D5B2 0042D4BE |. 64:FF30 push dword ptr fs:[eax] 0042D4C1 |. 64:8920 mov dword ptr fs:[eax],esp 0042D4C4 |. 8D55 F8 lea edx,[local.2] 0042D4C7 |. 8B86 DC010000 mov eax,dword ptr ds:[esi+0x1DC] 0042D4CD |. E8 8EC9FEFF call DaNiEl-R.00419E60 ; 讀入name 0042D4D2 |. 837D F8 00 cmp [local.2],0x0 0042D4D6 |. 74 14 je XDaNiEl-R.0042D4EC 0042D4D8 |. 8D55 F4 lea edx,[local.3] 0042D4DB |. 8B86 E0010000 mov eax,dword ptr ds:[esi+0x1E0] 0042D4E1 |. E8 7AC9FEFF call DaNiEl-R.00419E60 ; 讀入serial 0042D4E6 |. 837D F4 00 cmp [local.3],0x0 0042D4EA |. 75 0F jnz XDaNiEl-R.0042D4FB 0042D4EC |> B8 C8D54200 mov eax,DaNiEl-R.0042D5C8 ; ASCII "One of the fields is empty!" 0042D4F1 |. E8 02FCFFFF call DaNiEl-R.0042D0F8 0042D4F6 |. E9 8C000000 jmp DaNiEl-R.0042D587 0042D4FB |> BB 01000000 mov ebx,0x1 0042D500 |. 8D55 F8 lea edx,[local.2] 0042D503 |. 8B86 DC010000 mov eax,dword ptr ds:[esi+0x1DC] 0042D509 |. E8 52C9FEFF call DaNiEl-R.00419E60 0042D50E |. 8B45 F8 mov eax,[local.2] 0042D511 |. E8 AA62FDFF call DaNiEl-R.004037C0 0042D516 |. 8BF8 mov edi,eax 0042D518 |. 8D45 FC lea eax,[local.1] 0042D51B |. E8 2460FDFF call DaNiEl-R.00403544 0042D520 |. 3BFB cmp edi,ebx 0042D522 |. 7C 32 jl XDaNiEl-R.0042D556 0042D524 |> 8D55 F8 /lea edx,[local.2] 0042D527 |. 8B86 DC010000 |mov eax,dword ptr ds:[esi+0x1DC] 0042D52D |. E8 2EC9FEFF |call DaNiEl-R.00419E60 ; 讀入name 0042D532 |. 8B45 F8 |mov eax,[local.2] 0042D535 |. 33D2 |xor edx,edx 0042D537 |. 8A5418 FF |mov dl,byte ptr ds:[eax+ebx-0x1] 0042D53B |. 83C2 05 |add edx,0x5 ; 對name上每一個位加上5 0042D53E |. 8D45 F0 |lea eax,[local.4] 0042D541 |. E8 A261FDFF |call DaNiEl-R.004036E8 0042D546 |. 8B55 F0 |mov edx,[local.4] 0042D549 |. 8D45 FC |lea eax,[local.1] ; 結果存到這里 0042D54C |. E8 7762FDFF |call DaNiEl-R.004037C8 0042D551 |. 43 |inc ebx 0042D552 |. 3BFB |cmp edi,ebx 0042D554 |.^ 7D CE \jge XDaNiEl-R.0042D524 0042D556 |> 8D55 F8 lea edx,[local.2] 0042D559 |. 8B86 E0010000 mov eax,dword ptr ds:[esi+0x1E0] 0042D55F |. E8 FCC8FEFF call DaNiEl-R.00419E60 0042D564 |. 8B45 F8 mov eax,[local.2] ; 輸入的serial 0042D567 |. 8B55 FC mov edx,[local.1] ; name + 5 的結果 0042D56A |. E8 6163FDFF call DaNiEl-R.004038D0 ; 判斷是否相同而已 0042D56F |. 75 0C jnz XDaNiEl-R.0042D57D 0042D571 |. B8 ECD54200 mov eax,DaNiEl-R.0042D5EC ; ASCII "Congratz cracker! hehehe" 0042D576 |. E8 7DFBFFFF call DaNiEl-R.0042D0F8 0042D57B |. EB 0A jmp XDaNiEl-R.0042D587 0042D57D |> B8 10D64200 mov eax,DaNiEl-R.0042D610 ; ASCII "No no no! :( Try again!" 0042D582 |. E8 71FBFFFF call DaNiEl-R.0042D0F8 0042D587 |> 33C0 xor eax,eax 0042D589 |. 5A pop edx 0042D58A |. 59 pop ecx 0042D58B |. 59 pop ecx 0042D58C |. 64:8910 mov dword ptr fs:[eax],edx 0042D58F |. 68 B9D54200 push DaNiEl-R.0042D5B9 0042D594 |> 8D45 F0 lea eax,[local.4] 0042D597 |. E8 A85FFDFF call DaNiEl-R.00403544 0042D59C |. 8D45 F4 lea eax,[local.3] 0042D59F |. BA 02000000 mov edx,0x2 0042D5A4 |. E8 BF5FFDFF call DaNiEl-R.00403568 0042D5A9 |. 8D45 FC lea eax,[local.1] 0042D5AC |. E8 935FFDFF call DaNiEl-R.00403544 0042D5B1 \. C3 retn看出對輸入沒有長度判斷,所以可以:
總結
以上是生活随笔為你收集整理的160 - 40 DaNiEl-RJ.1的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 金耳钉多少钱啊?
- 下一篇: “千里一扬音”下一句是什么