电脑学习大全

本文格式为Word版下载后可任意编辑和复制第第页电脑学习大全

第二章crackme

标题:到ddxia那里下载的ACiD_BuRN2的crackme不知在那入手？。(空)

发信人:庐之小得味

时间:2000-5-2715:25:31

回复：

标题:部分解决(2千字)

发信人:冰毒

时间:2000-5-281:48:39

具体信息:

运行程序,Nag显示几秒消逝.主界面消失.输入Name,Firstname,Company项,面对注册码输入窗.注册码分三段,任凭填入几个数字,但是register的按钮是灰的.Hmm?程序对输入的注册做实时比较.只有注册码正确时,按钮才会生效.

问题是如何设断点.试了好几个,找到一个好用的:bpx__vbar8str.设断,F5.立刻弹回softice.跟过一阵子,还是没有头绪.不过,见到一些浮点运算操作指令.于是试着下WF指令,打开浮点寄存器窗.于是演出开头了.

不断地按F5,每次挡住时F12返回VB5的DLL,你就会在寄存器窗里见到一些数字,其中有输入的注册码.试着转变姓,名,公司名和注册码,在softice下跟踪比较,发觉有些数字是固定的:

444,777,111,27,5.而且数字的显示特别有规律.先显示输入的注册码,然后一个两位数,再就是444或777或111,再就是27,接着清空.再开头下一轮,循环往复.急躁分析一番以后,解决了.不过,去除Nag不胜利,有些象WinRAM-Booster2000的Nag.不知哪位可以搞定.另外提到的

anti-smartcheckfunction因没装Smartcheck不能测试.谁有爱好,可以一试,并贴出结果.

以下是大致过程:

1.输入name:Breakfirstname:Icecompany:China,Password:123456789

2.切进softice,bpx__vbar8str并下指令WF

3.F5,softice立刻中断,F12,此时ST0=123

4.F5,F12,此时ST0=66(name第一个字母的ASCII码值,10进制),ST1=123

5.F5,F12,此时ST0=444(Magicnumber),ST1=66,ST2=123

6.F5,先不按F12,ST0=29304

7.F12,ST0=27(今日是27号),ST1=29304,ST2=123

8.F10向下

pre

014F:0F0FDFCBFMULPST(1),ST-ST0*ST1=791208

014F:0F0FDFCDXOREAX,EAX

014F:0F0FDFCFMOVAL,[ESI]

014F:0F0FDFD1INCESI

014F:0F0FDFD2JMPNEAR[EAX*4+0F0FED94]

再向下

014F:0F0FD73BCALL`MSVBVM50!__vbaI4Str`

014F:0F0FD740PUSHEAX-5(本月月份)

014F:0F0FD741XOREAX,EAX

014F:0F0FD743MOVAL,[ESI]

014F:0F0FD745INCESI

9.连续F10

014F:0F0FE001POPECX-5(月份)

014F:0F0FE002POPEAX-C12A8h=791208(乘积)

014F:0F0FE003CDQ

014F:0F0FE004IDIVECX-EAX/ECX

014F:0F0FE006PUSHEAX-158241

014F:0F0FE007XOREAX,EAX

014F:0F0FE009MOVAL,[ESI]

014F:0F0FE00BINCESI

.

.

014F:0F1065F1CALL0F0FEC1E-F8进

014F:0F1065F6JMP0F0FEA9D

看到

014F:0F0FEC1EFXCH-交换ST0和ST1的值

014F:0F0FEC20FCOMPP-比较

014F:0F0FEC22FNSTSWAX

014F:0F0FEC24TESTAL,0D

/pre

10.Password的第2,3两部分算法一样,只是Magicnumber分别为777和111.

重新输入:15824130629340159现在按钮可按了,Congratulation!

冰毒写于2000年5月27日

标题:blowfish大虾，请问能否解决掉此pcode的NAG？(5千字)

发信人:zest

时间:2022-4-261:35:29

具体信息:

blowfish大虾，请问能否解决掉此pcode的NAG？

见《论坛精华II》中：“ACiD_BuRN2的crackme”

/~ddxia/crackme/ACiD_BuRN2.zip

我去除了其anti-smartcheck功能如下：

用exdec反编译之：

Proc:42c318

42C148:f5LitI4:0x4e78(...N)

42C14D:04FLdRfVarlocal_0098

42C150:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C155:04FLdRfVarlocal_0098

42C158:f5LitI4:0x5585(...U)

42C15D:04FLdRfVarlocal_00A8

42C160:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C165:04FLdRfVarlocal_00A8

42C168:Lead0/efConcatVar

42C16C:f5LitI4:0x4d77(...M)

42C171:04FLdRfVarlocal_00C8

42C174:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C179:04FLdRfVarlocal_00C8

42C17C:Lead0/efConcatVar

42C180:f5LitI4:0x4569(...E)

42C185:04FLdRfVarlocal_00E8

42C188:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C18D:04FLdRfVarlocal_00E8

42C190:Lead0/efConcatVar

42C194:f5LitI4:0x4771(...G)

42C199:04FLdRfVarlocal_0108

42C19C:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C1A1:04FLdRfVarlocal_0108

42C1A4:Lead0/efConcatVar

42C1A8:f5LitI4:0x4165(...A)

42C1AD:04FLdRfVarlocal_0128

42C1B0:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C1B5:04FLdRfVarlocal_0128

42C1B8:Lead0/efConcatVar

42C1BC:3aLitVarStr:(local_0148)

42C1C1:Lead0/efConcatVar

42C1C5:f5LitI4:0x5383(...S)

42C1CA:04FLdRfVarlocal_0168

42C1CD:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C1D2:04FLdRfVarlocal_0168

42C1D5:Lead0/efConcatVar

42C1D9:f5LitI4:0x4d77(...M)

42C1DE:04FLdRfVarlocal_0188

42C1E1:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C1E6:04FLdRfVarlocal_0188

42C1E9:Lead0/efConcatVar

42C1ED:f5LitI4:0x4165(...A)

42C1F2:04FLdRfVarlocal_01A8

42C1F5:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C1FA:04FLdRfVarlocal_01A8

42C1FD:Lead0/efConcatVar

42C201:f5LitI4:0x5282(...R)

42C206:04FLdRfVarlocal_01C8

42C209:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C20E:04FLdRfVarlocal_01C8

42C211:Lead0/efConcatVar

42C215:f5LitI4:0x5484(...T)

42C21A:04FLdRfVarlocal_01E8

42C21D:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C222:04FLdRfVarlocal_01E8

42C225:Lead0/efConcatVar

42C229:f5LitI4:0x4367(...C)

42C22E:04FLdRfVarlocal_0208

42C231:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C236:04FLdRfVarlocal_0208

42C239:Lead0/efConcatVar

42C23D:f5LitI4:0x4872(...H)

42C242:04FLdRfVarlocal_0228

42C245:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C24A:04FLdRfVarlocal_0228

42C24D:Lead0/efConcatVar

42C251:f5LitI4:0x4569(...E)

42C256:04FLdRfVarlocal_0248

42C259:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C25E:04FLdRfVarlocal_0248

42C261:Lead0/efConcatVar

42C265:f5LitI4:0x4367(...C)

42C26A:04FLdRfVarlocal_0268

42C26D:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C272:04FLdRfVarlocal_0268

42C275:Lead0/efConcatVar

42C279:f5LitI4:0x4b75(...K)

42C27E:04FLdRfVarlocal_0288

42C281:0aImpAdCallFPR4:_rtcVarBstrFromAnsi

42C286:04FLdRfVarlocal_0288

42C289:Lead0/efConcatVar

42C28D:60CStrVarTmp

42C28E:31FStStrlocal_0088

42C291:36FFreeVar

42C2D4:4bOnErrorGoto

42C2D7:27LitVar_Missing

42C2DA:04FLdRfVarlocal_0088

42C2DD:4dCVarRef:(local_0148)4008

42C2E2:0aImpAdCallFPR4:_rtcAppActivate

42C2E7:35FFree1Varlocal_0098

42C2EA:63LitVar_TRUE

42C2ED:1bLitStr:%{F4}

42C2F0:0aImpAdCallFPR4:_rtcSendKeys

42C2F5:35FFree1Varlocal_0098

42C2F8:63LitVar_TRUE

42C2FB:1bLitStr:%{Y}

42C2FE:0aImpAdCallFPR4:_rtcSendKeys

42C303:35FFree1Varlocal_0098

42C306:63LitVar_TRUE

42C309:1bLitStr:%{J}

42C30C:0aImpAdCallFPR4:_rtcSendKeys

42C311:35FFree1Var