微慑信息网

[原创] [OCN]学员毕业考试Crackme破解过程记录

0046682B |> /8B45 F8 /MOV EAX,DWORD PTR SS:[EBP-8] ; 分组放入EAX
0046682E |. |0FB67C08 FF |MOVZX EDI,BYTE PTR DS:[EAX+ECX-1] ; EDI存放每组字符assic
00466833 |. |8BC7 |MOV EAX,EDI 68放入EAX
00466835 |. |C1E0 03 |SHL EAX,3 SHL 68,3=340=EAX
00466838 |. |33D2 |XOR EDX,EDX
0046683A |. |0345 E8 |ADD EAX,DWORD PTR SS:[EBP-18]
0046683D |. |1355 EC |ADC EDX,DWORD PTR SS:[EBP-14]
00466840 |. |52 |PUSH EDX
00466841 |. |50 |PUSH EAX
00466842 |. |8BC7 |MOV EAX,EDI
00466844 |. |03C0 |ADD EAX,EAX 68+68=D0
00466846 |. |8D0440 |LEA EAX,DWORD PTR DS:[EAX+EAX*2] DO×3=270放入EAX
00466849 |. |33D2 |XOR EDX,EDX
0046684B |. |030424 |ADD EAX,DWORD PTR SS:[ESP] 340+270=5b0放入EAX
0046684E |. |135424 04 |ADC EDX,DWORD PTR SS:[ESP+4]
00466852 |. |83C4 08 |ADD ESP,8
00466855 |. |8945 E8 |MOV DWORD PTR SS:[EBP-18],EAX
00466858 |. |8955 EC |MOV DWORD PTR SS:[EBP-14],EDX
0046685B |. |41 |INC ECX
0046685C |. |4B |DEC EBX
0046685D |.^75 CC JNZ SHORT unpacked.0046682B
//////////////////////////////////////////////////////////////////////////////////////////////
0046682B |> /8B45 F8 /MOV EAX,DWORD PTR SS:[EBP-8] ; 分组放入EAX
0046682E |. |0FB67C08 FF |MOVZX EDI,BYTE PTR DS:[EAX+ECX-1] ; EDI存放每组字符assic
00466833 |. |8BC7 |MOV EAX,EDI 6B放入EAX
00466835 |. |C1E0 03 |SHL EAX,3 SHL 6B,3=358=EAX
00466838 |. |33D2 |XOR EDX,EDX
0046683A |. |0345 E8 |ADD EAX,DWORD PTR SS:[EBP-18] 358+5B0=908 放入EAX
0046683D |. |1355 EC |ADC EDX,DWORD PTR SS:[EBP-14]
00466840 |. |52 |PUSH EDX
00466841 |. |50 |PUSH EAX
00466842 |. |8BC7 |MOV EAX,EDI
00466844 |. |03C0 |ADD EAX,EAX 6B+6B=D6
00466846 |. |8D0440 |LEA EAX,DWORD PTR DS:[EAX+EAX*2] D6×3=282放入EAX
00466849 |. |33D2 |XOR EDX,EDX
0046684B |. |030424 |ADD EAX,DWORD PTR SS:[ESP] 908+282=B8A放入EAX
0046684E |. |135424 04 |ADC EDX,DWORD PTR SS:[ESP+4]
00466852 |. |83C4 08 |ADD ESP,8
00466855 |. |8945 E8 |MOV DWORD PTR SS:[EBP-18],EAX
00466858 |. |8955 EC |MOV DWORD PTR SS:[EBP-14],EDX
0046685B |. |41 |INC ECX
0046685C |. |4B |DEC EBX
0046685D |.^75 CC JNZ SHORT unpacked.0046682B
//////////////////////////////////////////////////////////////////////////////////////////////
0046682B |> /8B45 F8 /MOV EAX,DWORD PTR SS:[EBP-8] ; 分组放入EAX
0046682E |. |0FB67C08 FF |MOVZX EDI,BYTE PTR DS:[EAX+ECX-1] ; EDI存放每组字符assic
00466833 |. |8BC7 |MOV EAX,EDI 79放入EAX
00466835 |. |C1E0 03 |SHL EAX,3 SHL 79,3=3C8=EAX
00466838 |. |33D2 |XOR EDX,EDX
0046683A |. |0345 E8 |ADD EAX,DWORD PTR SS:[EBP-18] 3C8+B8A=F52 放入EAX
0046683D |. |1355 EC |ADC EDX,DWORD PTR SS:[EBP-14]
00466840 |. |52 |PUSH EDX
00466841 |. |50 |PUSH EAX
00466842 |. |8BC7 |MOV EAX,EDI
00466844 |. |03C0 |ADD EAX,EAX 79+79=F2
00466846 |. |8D0440 |LEA EAX,DWORD PTR DS:[EAX+EAX*2] F2×3=2D6放入EAX
00466849 |. |33D2 |XOR EDX,EDX
0046684B |. |030424 |ADD EAX,DWORD PTR SS:[ESP] F52+2D6=1228放入EAX
0046684E |. |135424 04 |ADC EDX,DWORD PTR SS:[ESP+4]
00466852 |. |83C4 08 |ADD ESP,8
00466855 |. |8945 E8 |MOV DWORD PTR SS:[EBP-18],EAX
00466858 |. |8955 EC |MOV DWORD PTR SS:[EBP-14],EDX
0046685B |. |41 |INC ECX
0046685C |. |4B |DEC EBX
0046685D |.^75 CC JNZ SHORT unpacked.0046682B
MTIzNDU=
MTIy0DY1
///////////////////////////////////////////////////
004666D8 |. /74 4F JE SHORT unpacked.00466729
004666DA |> |33C0 /XOR EAX,EAX
004666DC |. |8A03 |MOV AL,BYTE PTR DS:[EBX] ; 取注册码第一位放入EAX
004666DE |. |C1E0 08 |SHL EAX,8 shl 31,8 =3100 =eax
004666E1 |. |43 |INC EBX
004666E2 |. |33D2 |XOR EDX,EDX
004666E4 |. |8A13 |MOV DL,BYTE PTR DS:[EBX] ; 取第二位假注册码 放入EDX
004666E6 |. |0BC2 |OR EAX,EDX 3100 or 32 =3132 =EAX
004666E8 |. |C1E0 08 |SHL EAX,8 EAX=313200
004666EB |. |43 |INC EBX
004666EC |. |33D2 |XOR EDX,EDX
004666EE |. |8A13 |MOV DL,BYTE PTR DS:[EBX] ` 取第三位假注册码 放入EDX
004666F0 |. |0BC2 |OR EAX,EDX 313200 or 33 =00313233 =eax
004666F2 |. |43 |INC EBX
004666F3 |. |8BD0 |MOV EDX,EAX
004666F5 |. |83E2 3F |AND EDX,3F 00313233 and 3F=33 =EDX
004666F8 |. |8A1417 |MOV DL,BYTE PTR DS:[EDI+EDX]
004666FB |. |8851 03 |MOV BYTE PTR DS:[ECX+3],DL
004666FE |. |C1E8 06 |SHR EAX,6 SHR 00313233,6=0000C4C8 =eax
00466701 |. |8BD0 |MOV EDX,EAX
00466703 |. |83E2 3F |AND EDX,3F 0000C4C8 and 3F =8 =EDX
00466706 |. |8A1417 |MOV DL,BYTE PTR DS:[EDI+EDX]
00466709 |. |8851 02 |MOV BYTE PTR DS:[ECX+2],DL
0046670C |. |C1E8 06 |SHR EAX,6 0000C4C8 SHR 6 =00000313 =EDX
0046670F |. |8BD0 |MOV EDX,EAX
00466711 |. |83E2 3F |AND EDX,3F 00000313 and 3f =00000013 =edx
00466714 |. |8A1417 |MOV DL,BYTE PTR DS:[EDI+EDX]
00466717 |. |8851 01 |MOV BYTE PTR DS:[ECX+1],DL
0046671A |. |C1E8 06 |SHR EAX,6 00000313 SHR 6 =c =eax
0046671D |. |8A0407 |MOV AL,BYTE PTR DS:[EDI+EAX] 4D(M)放入EAX
00466720 |. |8801 |MOV BYTE PTR DS:[ECX],AL
00466722 |. |83C1 04 |ADD ECX,4
00466725 |. |3BF3 |CMP ESI,EBX
00466727 |.^|75 B1 JNZ SHORT unpacked.004666DA
///////////////////////////////////////////////////////
ECX 00B758E4 ASCII "LTIz,[E"—->"MTIz,[E"—->"MTIz,[U"—>"MTIz,DU"—>"MTIzNDU"
EDX 00000054
EBX 00B758AB ASCII "45"
ESP 0012FBA0
EBP 00000003
ESI 00B758AB ASCII "45"
////////////////////////////////////////////////////////
0046675C |> 33C0 XOR EAX,EAX ; Case 2 of switch 00466730
0046675E |. 8A03 MOV AL,BYTE PTR DS:[EBX] ; "34"放入EAX
00466760 |. 43 INC EBX
00466761 |. C1E0 08 SHL EAX,8 ; EAX=3400
00466764 |. 33D2 XOR EDX,EDX
00466766 |. 8A13 MOV DL,BYTE PTR DS:[EBX] ; 35 放入EDX
00466768 |. 0BC2 or EAX,EDX ; EAX=3435
0046676A |. C1E0 02 SHL EAX,2 ; EAX=D0D4
0046676D |. 8BD0 MOV EDX,EAX
0046676F |. 83E2 3F AND EDX,3F ; EDX=0014
00466772 |. 8A1417 MOV DL,BYTE PTR DS:[EDI+EDX] ; 55(U)放入EDX
00466775 |. 8851 02 MOV BYTE PTR DS:[ECX+2],DL
00466778 |. C1E8 06 SHR EAX,6 ; EAX=343
0046677B |. 8BD0 MOV EDX,EAX
0046677D |. 83E2 3F AND EDX,3F ; EDX=3
00466780 |. 8A1417 MOV DL,BYTE PTR DS:[EDI+EDX] ; 44(D)放入EDX
00466783 |. 8851 01 MOV BYTE PTR DS:[ECX+1],DL
00466786 |. C1E8 06 SHR EAX,6 ; EAX=0000000D
00466789 |. 8A0407 MOV AL,BYTE PTR DS:[EDI+EAX] ; 4E(N)放入EAX
0046678C |. 8801 MOV BYTE PTR DS:[ECX],AL
0046678E |. C641 03 3D MOV BYTE PTR DS:[ECX+3],3D MTIzNDU=
///////////////////////////////////////////////////
122865:
004666DC |. |8A03 |MOV AL,BYTE PTR DS:[EBX] ; 取注册码第一位放入EAX 31
004666DE |. |C1E0 08 |SHL EAX,8 shl 31,8 =3100 =eax
004666E1 |. |43 |INC EBX
004666E2 |. |33D2 |XOR EDX,EDX
004666E4 |. |8A13 |MOV DL,BYTE PTR DS:[EBX] ; 取第二位假注册码 放入EDX 32
004666E6 |. |0BC2 |OR EAX,EDX 3100 or 32 =3132 =EAX
004666E8 |. |C1E0 08 |SHL EAX,8 EAX=313200
004666EB |. |43 |INC EBX
004666EC |. |33D2 |XOR EDX,EDX
004666EE |. |8A13 |MOV DL,BYTE PTR DS:[EBX] ` 取第三位假注册码 放入EDX 32
004666F0 |. |0BC2 |OR EAX,EDX 313200 or 32 =00313232 =eax
004666F2 |. |43 |INC EBX
004666F3 |. |8BD0 |MOV EDX,EAX
004666F5 |. |83E2 3F |AND EDX,3F 00313232 and 3F=32 =EDX
004666F8 |. |8A1417 |MOV DL,BYTE PTR DS:[EDI+EDX] 79(y)放入EDX
004666FB |. |8851 03 |MOV BYTE PTR DS:[ECX+3],DL
004666FE |. |C1E8 06 |SHR EAX,6 SHR 00313232,6=0000C4C8 =eax
00466701 |. |8BD0 |MOV EDX,EAX
00466703 |. |83E2 3F |AND EDX,3F 0000C4C8 and 3F =8 =EDX
00466706 |. |8A1417 |MOV DL,BYTE PTR DS:[EDI+EDX] 49(I)放入EDX
00466709 |. |8851 02 |MOV BYTE PTR DS:[ECX+2],DL
0046670C |. |C1E8 06 |SHR EAX,6 0000C4C8 SHR 6 =00000313 =EDX
0046670F |. |8BD0 |MOV EDX,EAX
00466711 |. |83E2 3F |AND EDX,3F 00000313 and 3f =00000013 =edx
00466714 |. |8A1417 |MOV DL,BYTE PTR DS:[EDI+EDX]
00466717 |. |8851 01 |MOV BYTE PTR DS:[ECX+1],DL
0046671A |. |C1E8 06 |SHR EAX,6 00000313 SHR 6 =c =eax
0046671D |. |8A0407 |MOV AL,BYTE PTR DS:[EDI+EAX] 4D(M)放入EAX
00466720 |. |8801 |MOV BYTE PTR DS:[ECX],AL
00466722 |. |83C1 04 |ADD ECX,4
00466725 |. |3BF3 |CMP ESI,EBX
00466727 |.^|75 B1 JNZ SHORT unpacked.004666DA
///////////////////////////////////////////////////////
004666DC |. 8A03 |MOV AL,BYTE PTR DS:[EBX] ; 取注册码第一位放入EAX38
004666DE |. C1E0 08 |SHL EAX,8 EAX=3800
004666E1 |. 43 |INC EBX
004666E2 |. 33D2 |XOR EDX,EDX
004666E4 |. 8A13 |MOV DL,BYTE PTR DS:[EBX] ; 取第二位假注册码 放入EDX36
004666E6 |. 0BC2 |OR EAX,EDX EAX=003836
004666E8 |. C1E0 08 |SHL EAX,8 ; EAX=313200
004666EB |. 43 |INC EBX
004666EC |. 33D2 |XOR EDX,EDX
004666EE |. 8A13 |MOV DL,BYTE PTR DS:[EBX] ; 取第三位假注册码 放入EDX35
004666F0 |. 0BC2 |OR EAX,EDX 00383635
004666F2 |. 43 |INC EBX
004666F3 |. 8BD0 |MOV EDX,EAX
004666F5 |. 83E2 3F |AND EDX,3F EDX=35
004666F8 |. 8A1417 |MOV DL,BYTE PTR DS:[EDI+EDX] ; 放 31 到EDX
004666FB |. 8851 03 |MOV BYTE PTR DS:[ECX+3],DL
004666FE |. C1E8 06 |SHR EAX,6 00383635,6=E0D8=EAX
00466701 |. 8BD0 |MOV EDX,EAX
00466703 |. 83E2 3F |AND EDX,3F ; 0000E0D8 and 3F =18 =EDX
00466706 |. 8A1417 |MOV DL,BYTE PTR DS:[EDI+EDX] ; 放 59(Y) 到EDX
00466709 |. 8851 02 |MOV BYTE PTR DS:[ECX+2],DL
0046670C |. C1E8 06 |SHR EAX,6 0000E0D8,6=EAX=00000383
0046670F |. 8BD0 |MOV EDX,EAX
00466711 |. 83E2 3F |AND EDX,3F EDX=3
00466714 |. 8A1417 |MOV DL,BYTE PTR DS:[EDI+EDX] ; 44(D)放入EDX
00466717 |. 8851 01 |MOV BYTE PTR DS:[ECX+1],DL
0046671A |. C1E8 06 |SHR EAX,6 EAX=0000000E
0046671D |. 8A0407 |MOV AL,BYTE PTR DS:[EDI+EAX] ; 4F(O)放入EAX
00466720 |. 8801 |MOV BYTE PTR DS:[ECX],AL
00466722 |. 83C1 04 |ADD ECX,4
00466725 |. 3BF3 |CMP ESI,EBX
00466727 |.^ 75 B1 JNZ SHORT unpacked.004666DA
MTIy0DY1

赞(0) 打赏
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » [原创] [OCN]学员毕业考试Crackme破解过程记录

评论 抢沙发

微慑信息网 专注工匠精神

微慑信息网-VulSee.com-关注前沿安全态势,聚合网络安全漏洞信息,分享安全文档案例

访问我们联系我们

觉得文章有用就打赏一下文章作者

非常感谢你的打赏,我们将继续提供更多优质内容,让我们一起创建更加美好的网络世界!

支付宝扫一扫打赏

微信扫一扫打赏

登录

找回密码

注册