帝国cms网站公告怎么做,网站未建设的情况说明书,淄博手机网站建设公司,设计公司怎么开环境#xff1a;
windows xp sp3 工具#xff1a;
Ollydbg#xff0c;exeinfope 用exeinfope查壳#xff1a; 没有壳#xff0c;vc编译的 运行后第一步#xff0c;随便输入个”12345“#xff0c;弹出一个错误消息框。 OD载入后直接搜索错误消息框的字符串#xff0c…环境
windows xp sp3 工具
Ollydbgexeinfope 用exeinfope查壳 没有壳vc编译的 运行后第一步随便输入个”12345“弹出一个错误消息框。 OD载入后直接搜索错误消息框的字符串发现字符串也不多 文本字串参考位于 Brad_Sob:.text
地址 反汇编 文本字串
00401571 push Brad_Sob.0040302C ASCII CrackMe
00401576 push Brad_Sob.00403034 ASCII Enter Registration Number
00401595 jnz XBrad_Sob.004015AD (初始 CPU 选择)
00401599 push Brad_Sob.00403050 ASCII CrackMe
0040159E push Brad_Sob.00403058 ASCII Correct way to go!!
004015AF push Brad_Sob.0040306C ASCII CrackMe
004015B4 push Brad_Sob.00403074 ASCII Incorrect try again!!
00401CE5 push 0x10000 UNICODE ::::\一眼看到错误信息所在位置在反汇编窗口跟随。 00401512 /. 55 push ebp
00401513 |. 8BEC mov ebp,esp
00401515 |. 83EC 20 sub esp,0x20
00401518 |. 894D E0 mov [local.8],ecx
0040151B |. 66:A1 5C31400mov ax,word ptr ds:[0x40315C]
00401521 |. 66:8945 F4 mov word ptr ss:[ebp-0xC],ax
00401525 |. 33C9 xor ecx,ecx
00401527 |. 894D F6 mov dword ptr ss:[ebp-0xA],ecx
0040152A |. 894D FA mov dword ptr ss:[ebp-0x6],ecx
0040152D |. 8B15 20304000 mov edx,dword ptr ds:[0x403020]
00401533 |. 8955 E4 mov [local.7],edx
00401536 |. A1 24304000 mov eax,dword ptr ds:[0x403024]
0040153B |. 8945 E8 mov [local.6],eax
0040153E |. 66:8B0D 28304mov cx,word ptr ds:[0x403028]
00401545 |. 66:894D EC mov word ptr ss:[ebp-0x14],cx
00401549 |. 6A 0A push 0xA
0040154B |. 8D55 F4 lea edx,[local.3]
0040154E |. 52 push edx
0040154F |. 68 E8030000 push 0x3E8
00401554 |. 8B4D E0 mov ecx,[local.8]
00401557 |. E8 A8050000 call jmp.MFC42.#3098 ; 这里是读取输入的serial
0040155C |. 8D45 F4 lea eax,[local.3]
0040155F |. 50 push eax ; /String
00401560 |. FF15 04204000 call dword ptr ds:[KERNEL32.lstrlenA] ; \lstrlenA
00401566 |. 8945 F0 mov [local.4],eax
00401569 |. 837D F0 01 cmp [local.4],0x1 ; 比较输入的serial长度
0040156D |. 73 16 jnb XBrad_Sob.00401585
0040156F |. 6A 40 push 0x40
00401571 |. 68 2C304000 push Brad_Sob.0040302C ; ASCII CrackMe
00401576 |. 68 34304000 push Brad_Sob.00403034 ; ASCII Enter Registration Number
0040157B |. 8B4D E0 mov ecx,[local.8]
0040157E |. E8 7B050000 call jmp.MFC42.#4224
00401583 |. EB 3C jmp XBrad_Sob.004015C1
00401585 | 8D4D E4 lea ecx,[local.7] ; 直接就是字符串明文比较
00401588 |. 51 push ecx ; /String2
00401589 |. 8D55 F4 lea edx,[local.3] ; |
0040158C |. 52 push edx ; |String1
0040158D |. FF15 00204000 call dword ptr ds:[KERNEL32.lstrcmpA] ; \lstrcmpA
00401593 |. 85C0 test eax,eax
00401595 |. 75 16 jnz XBrad_Sob.004015AD
00401597 |. 6A 40 push 0x40
00401599 |. 68 50304000 push Brad_Sob.00403050 ; ASCII CrackMe
0040159E |. 68 58304000 push Brad_Sob.00403058 ; ASCII Correct way to go!!
004015A3 |. 8B4D E0 mov ecx,[local.8]
004015A6 |. E8 53050000 call jmp.MFC42.#4224
004015AB |. EB 14 jmp XBrad_Sob.004015C1
004015AD | 6A 40 push 0x40
004015AF |. 68 6C304000 push Brad_Sob.0040306C ; ASCII CrackMe
004015B4 |. 68 74304000 push Brad_Sob.00403074 ; ASCII Incorrect try again!!
004015B9 |. 8B4D E0 mov ecx,[local.8]
004015BC |. E8 3D050000 call jmp.MFC42.#4224
004015C1 | 8BE5 mov esp,ebp
004015C3 |. 5D pop ebp
004015C4 \. C3 retn单步跟一下就可以发现真正的serial了。
serialBrD-SoB
