電腦學(xué)習(xí)大全

本文格式為Word版下載后可任意編輯和復(fù)制第第頁(yè)電腦學(xué)習(xí)大全

第二章crackme

標(biāo)題:到ddxia那里下載的ACiD_BuRN2的crackme不知在那入手？。(空)

發(fā)信人:廬之小得味

時(shí)間:2000-5-2715:25:31

回復(fù)：

標(biāo)題:部分解決(2千字)

發(fā)信人:冰毒

時(shí)間:2000-5-281:48:39

具體信息:

運(yùn)行程序,Nag顯示幾秒消逝.主界面消失.輸入Name,Firstname,Company項(xiàng),面對(duì)注冊(cè)碼輸入窗.注冊(cè)碼分三段,任憑填入幾個(gè)數(shù)字,但是register的按鈕是灰的.Hmm?程序?qū)斎氲淖?cè)做實(shí)時(shí)比較.只有注冊(cè)碼正確時(shí),按鈕才會(huì)生效.

問題是如何設(shè)斷點(diǎn).試了好幾個(gè),找到一個(gè)好用的:bpx__vbar8str.設(shè)斷,F5.立刻彈回softice.跟過一陣子,還是沒有頭緒.不過,見到一些浮點(diǎn)運(yùn)算操作指令.于是試著下WF指令,打開浮點(diǎn)寄存器窗.于是演出開頭了.

不斷地按F5,每次擋住時(shí)F12返回VB5的DLL,你就會(huì)在寄存器窗里見到一些數(shù)字,其中有輸入的注冊(cè)碼.試著轉(zhuǎn)變姓,名,公司名和注冊(cè)碼,在softice下跟蹤比較,發(fā)覺有些數(shù)字是固定的:

444,777,111,27,5.而且數(shù)字的顯示特別有規(guī)律.先顯示輸入的注冊(cè)碼,然后一個(gè)兩位數(shù),再就是444或777或111,再就是27,接著清空.再開頭下一輪,循環(huán)往復(fù).急躁分析一番以后,解決了.不過,去除Nag不勝利,有些象WinRAM-Booster2000的Nag.不知哪位可以搞定.另外提到的

anti-smartcheckfunction因沒裝Smartcheck不能測(cè)試.誰有愛好,可以一試,并貼出結(jié)果.

以下是大致過程:

1.輸入name:Breakfirstname:Icecompany:China,Password:123456789

2.切進(jìn)softice,bpx__vbar8str并下指令WF

3.F5,softice立刻中斷,F12,此時(shí)ST0=123

4.F5,F12,此時(shí)ST0=66(name第一個(gè)字母的ASCII碼值,10進(jìn)制),ST1=123

5.F5,F12,此時(shí)ST0=444(Magicnumber),ST1=66,ST2=123

6.F5,先不按F12,ST0=29304

7.F12,ST0=27(今日是27號(hào)),ST1=29304,ST2=123

8.F10向下

pre

014F:0F0FDFCBFMULPST(1),ST-ST0*ST1=791208

014F:0F0FDFCDXOREAX,EAX

014F:0F0FDFCFMOVAL,[ESI]

014F:0F0FDFD1INCESI

014F:0F0FDFD2JMPNEAR[EAX*4+0F0FED94]

再向下

014F:0F0FD73BCALL`MSVBVM50!__vbaI4Str`

014F:0F0FD740PUSHEAX-5(本月月份)

014F:0F0FD741XOREAX,EAX

014F:0F0FD743MOVAL,[ESI]

014F:0F0FD745INCESI

9.連續(xù)F10

014F:0F0FE001POPECX-5(月份)

014F:0F0FE002POPEAX-C12A8h=791208(乘積)

014F:0F0FE003CDQ

014F:0F0FE004IDIVECX-EAX/ECX

014F:0F0FE006PUSHEAX-158241

014F:0F0FE007XOREAX,EAX

014F:0F0FE009MOVAL,[ESI]

014F:0F0FE00BINCESI

.

.

014F:0F1065F1CALL0F0FEC1E-F8進(jìn)

014F:0F1065F6JMP0F0FEA9D

看到

014F:0F0FEC1EFXCH-交換ST0和ST1的值

014F:0F0FEC20FCOMPP-比較

014F:0F0FEC22FNSTSWAX

014F:0F0FEC24TESTAL,0D

/pre

10.Password的第2,3兩部分算法一樣,只是Magicnumber分別為777和111.

重新輸入:15824130629340159現(xiàn)在按鈕可按了,Congratulation!

冰毒寫于2000年5月27日

標(biāo)題:blowfish大蝦，請(qǐng)問能否解決掉此pcode的NAG？(5千字)

發(fā)信人:zest

時(shí)間:2022-4-261:35:29

具體信息:

blowfish大蝦，請(qǐng)問能否解決掉此pcode的NAG？

見《論壇精華II》中：“ACiD_BuRN2的crackme”

/~ddxia/crackme/ACiD_BuRN2.zip

我去除了其anti-smartcheck功能如下：

用exdec反編譯之：

Proc:42c318

42C148:f5LitI4:0x4e78(...N)

42C14D:04FLdRfVarlocal_0098

42C150:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C155:04FLdRfVarlocal_0098

42C158:f5LitI4:0x5585(...U)

42C15D:04FLdRfVarlocal_00A8

42C160:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C165:04FLdRfVarlocal_00A8

42C168:Lead0/efConcatVar

42C16C:f5LitI4:0x4d77(...M)

42C171:04FLdRfVarlocal_00C8

42C174:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C179:04FLdRfVarlocal_00C8

42C17C:Lead0/efConcatVar

42C180:f5LitI4:0x4569(...E)

42C185:04FLdRfVarlocal_00E8

42C188:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C18D:04FLdRfVarlocal_00E8

42C190:Lead0/efConcatVar

42C194:f5LitI4:0x4771(...G)

42C199:04FLdRfVarlocal_0108

42C19C:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C1A1:04FLdRfVarlocal_0108

42C1A4:Lead0/efConcatVar

42C1A8:f5LitI4:0x4165(...A)

42C1AD:04FLdRfVarlocal_0128

42C1B0:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C1B5:04FLdRfVarlocal_0128

42C1B8:Lead0/efConcatVar

42C1BC:3aLitVarStr:(local_0148)

42C1C1:Lead0/efConcatVar

42C1C5:f5LitI4:0x5383(...S)

42C1CA:04FLdRfVarlocal_0168

42C1CD:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C1D2:04FLdRfVarlocal_0168

42C1D5:Lead0/efConcatVar

42C1D9:f5LitI4:0x4d77(...M)

42C1DE:04FLdRfVarlocal_0188

42C1E1:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C1E6:04FLdRfVarlocal_0188

42C1E9:Lead0/efConcatVar

42C1ED:f5LitI4:0x4165(...A)

42C1F2:04FLdRfVarlocal_01A8

42C1F5:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C1FA:04FLdRfVarlocal_01A8

42C1FD:Lead0/efConcatVar

42C201:f5LitI4:0x5282(...R)

42C206:04FLdRfVarlocal_01C8

42C209:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C20E:04FLdRfVarlocal_01C8

42C211:Lead0/efConcatVar

42C215:f5LitI4:0x5484(...T)

42C21A:04FLdRfVarlocal_01E8

42C21D:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C222:04FLdRfVarlocal_01E8

42C225:Lead0/efConcatVar

42C229:f5LitI4:0x4367(...C)

42C22E:04FLdRfVarlocal_0208

42C231:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C236:04FLdRfVarlocal_0208

42C239:Lead0/efConcatVar

42C23D:f5LitI4:0x4872(...H)

42C242:04FLdRfVarlocal_0228

42C245:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C24A:04FLdRfVarlocal_0228

42C24D:Lead0/efConcatVar

42C251:f5LitI4:0x4569(...E)

42C256:04FLdRfVarlocal_0248

42C259:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C25E:04FLdRfVarlocal_0248

42C261:Lead0/efConcatVar

42C265:f5LitI4:0x4367(...C)

42C26A:04FLdRfVarlocal_0268

42C26D:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C272:04FLdRfVarlocal_0268

42C275:Lead0/efConcatVar

42C279:f5LitI4:0x4b75(...K)

42C27E:04FLdRfVarlocal_0288

42C281:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C286:04FLdRfVarlocal_0288

42C289:Lead0/efConcatVar

42C28D:60CStrVarTmp

42C28E:31FStStrlocal_0088

42C291:36FFreeVar

42C2D4:4bOnErrorGoto

42C2D7:27LitVar_Missing

42C2DA:04FLdRfVarlocal_0088

42C2DD:4dCVarRef:(local_0148)4008

42C2E2:0aImpAdCallFPR4:_rtcAppActivate

42C2E7:35FFree1Varlocal_0098

42C2EA:63LitVar_TRUE

42C2ED:1bLitStr:%{F4}

42C2F0:0aImpAdCallFPR4:_rtcSendKeys

42C2F5:35FFree1Varlocal_0098

42C2F8:63LitVar_TRUE

42C2FB:1bLitStr:%{Y}

42C2FE:0aImpAdCallFPR4:_rtcSendKeys

42C303:35FFree1Varlocal_0098

42C306:63LitVar_TRUE

42C309:1bLitStr:%{J}

42C30C:0aImpAdCallFPR4:_rtcSendKeys

42C311:35FFree1Var