微慑信息网

[原创] 一个简单Crackme的肤浅分析

【文章标题】: 一个简单Crackme的肤浅分析
【文章作者】: matriXcrac
【下载地址】: 附件
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
——————————————————————————–
【详细过程】
00401013 |. E8 85000000 CALL crackme.0040109D //跟入,判断文件名是否test.txt
00401018 |. 74 32 JE SHORT crackme.0040104C
0040101A |. A3 44304000 MOV DWORD PTR DS:[403044],EAX
0040101F |. 8005 50304000>ADD BYTE PTR DS:[403050],1
00401026 |. E8 9D000000 CALL crackme.004010C8
0040102B |. 75 1F JNZ SHORT crackme.0040104C
0040102D |. A3 72304000 MOV DWORD PTR DS:[403072],EAX
00401032 |. E8 A2000000 CALL crackme.004010D9
00401037 |. 83F8 01 CMP EAX,1
0040103A |. 74 09 JE SHORT crackme.00401045
0040103C |. 8005 50304000>ADD BYTE PTR DS:[403050],1
00401043 |. EB 07 JMP SHORT crackme.0040104C
00401045 |> E8 C9000000 CALL crackme.00401113
0040104A |. EB 4A JMP SHORT crackme.00401096
0040104C |> 8D3D 34304000 LEA EDI,DWORD PTR DS:[403034]
00401052 |. E8 E6000000 CALL crackme.0040113D
00401057 |. 8D3D 51304000 LEA EDI,DWORD PTR DS:[403051]
0040105D |. E8 DB000000 CALL crackme.0040113D
00401062 |. 6A 00 PUSH 0
00401064 |. A0 50304000 MOV AL,BYTE PTR DS:[403050]
00401069 |. 66:0FB6C0 MOVZX AX,AL
0040106D |. 66:50 PUSH AX
0040106F |. 68 51304000 PUSH crackme.00403051 ; /Format = "Dqqnq.hm.sdrs.$kt"
00401074 |. 68 63304000 PUSH crackme.00403063 ; |s = crackme.00403063
00401079 |. E8 D6000000 CALL ; wsprintfA
0040107E |. 83C4 0C ADD ESP,0C
00401081 |. 6A 10 PUSH 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
00401083 |. 68 34304000 PUSH crackme.00403034 ; |Title = "DQQNQ "
00401088 |. 68 63304000 PUSH crackme.00403063 ; |Text = ""
0040108D |. 6A 00 PUSH 0 ; |hOwner = NULL
0040108F |. E8 C6000000 CALL ; MessageBoxA
00401094 |. EB 00 JMP SHORT crackme.00401096
00401096 |> 6A 00 PUSH 0 ; /ExitCode = 0
00401098 . E8 C9000000 CALL ; ExitProcess
0040109D /$ 8D3D 3B304000 LEA EDI,DWORD PTR DS:[40303B]
004010A3 |. E8 95000000 CALL crackme.0040113D //解密sdrs-ses为test.txt。解密方式A->B [A的ASCII值+1->B的ASCII值]
004010A8 |. 6A 00 PUSH 0 ; /hTemplateFile = NULL
004010AA |. 68 80000000 PUSH 80 ; |Attributes = NORMAL
004010AF |. 6A 03 PUSH 3 ; |Mode = OPEN_EXISTING
004010B1 |. 6A 00 PUSH 0 ; |pSecurity = NULL
004010B3 |. 6A 01 PUSH 1 ; |ShareMode = FILE_SHARE_READ
004010B5 |. 68 00000080 PUSH 80000000 ; |Access = GENERIC_READ
004010BA |. 68 3B304000 PUSH crackme.0040303B ; |FileName = "sdrs-sws"
004010BF |. E8 9C000000 CALL ; CreateFileA
004010C4 |. 83F8 FF CMP EAX,-1
004010C7 . C3 RETN
004010C8 /$ 6A 00 PUSH 0 ; /pFileSizeHigh = NULL
004010CA |. FF35 44304000 PUSH DWORD PTR DS:[403044] ; |hFile = NULL
004010D0 |. E8 97000000 CALL ; GetFileSize
004010D5 |. 83F8 0A CMP EAX,0A //判断文件大小是否为10字节
004010D8 . C3 RETN
004010D9 /$ 6A 00 PUSH 0 ; /pOverlapped = NULL
004010DB |. 68 88304000 PUSH crackme.00403088 ; |pBytesRead = crackme.00403088
004010E0 |. 6A 04 PUSH 4 ; |BytesToRead = 4
004010E2 |. 68 7E304000 PUSH crackme.0040307E ; |Buffer = crackme.0040307E
004010E7 |. FF35 44304000 PUSH DWORD PTR DS:[403044] ; |hFile = NULL
004010ED |. E8 86000000 CALL ; ReadFile
004010F2 |. 803D 7E304000>CMP BYTE PTR DS:[40307E],2D //判断第一字节是否为“-”
004010F9 74 04 JE SHORT crackme.004010FF
004010FB |. 33C0 XOR EAX,EAX
004010FD |. EB 13 JMP SHORT crackme.00401112
004010FF |> 803D 7F304000>CMP BYTE PTR DS:[40307F],30 //判断第二字节是否为“0”
00401106 |. 74 04 JE SHORT crackme.0040110C
00401108 |. 33C0 XOR EAX,EAX
0040110A |. EB 06 JMP SHORT crackme.00401112
———————————————
Dqqnq.hm.sdrs.$kt->Error in test %lu
sdrs-sws->test.txt
——————————————————————————–
【版权声明】: 本文纯属技术交流,.转载请注明作者并保持文章的完整, 谢谢!
2007年08月12日 15:48:15
点击下载此文件

本文标题:[原创] 一个简单Crackme的肤浅分析
本文链接:
(转载请附上本文链接)
http://vulsee.com/archives/vulsee_2007/0813_497.html
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » [原创] 一个简单Crackme的肤浅分析
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

微慑信息网 专注工匠精神

访问我们联系我们