这是12年写的文章,非常弱智,本来不想发,但是想想以后可能有新手需要还是发吧
|
MFC写的垃圾CRACKME
OD反出来的代码
0040147D 90 NOP
0040147E 90 NOP 0040147F 90 NOP 00401480 . 6A FF PUSH -1 00401482 . 68 581A4000 PUSH CrackMe.00401A58 ; SE handler installation 00401487 . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 0040148D . 50 PUSH EAX 0040148E . 64:8925 000000>MOV DWORD PTR FS:[0],ESP 00401495 . 51 PUSH ECX 00401496 . 57 PUSH EDI 00401497 . 6A 00 PUSH 0 00401499 . 6A 00 PUSH 0 0040149B . 8BF9 MOV EDI,ECX 0040149D . 68 30304000 PUSH CrackMe.00403030 ; ASCII "flag!!!"(我特意在这里弹个信息框,我为了提示自己按钮事件的代码是从这里开始的!) 004014A2 . E8 E3020000 CALL <JMP.&MFC42.#4224> ; MessageBox("flag!!!"); 004014A7 . 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4] 004014AB . E8 AA020000 CALL <JMP.&MFC42.#540> 004014B0 . 68 E8030000 PUSH 3E8 ; push 编辑框ID 004014B5 . 8BCF MOV ECX,EDI 004014B7 . C74424 14 0000>MOV DWORD PTR SS:[ESP+14],0 004014BF . E8 C0020000 CALL <JMP.&MFC42.#3092> ; h1=GetDlgItem(IDC_EDIT1);//取得编辑框句柄 004014C4 . 85C0 TEST EAX,EAX 004014C6 . 74 68 JE SHORT CrackMe.00401530 ; 如果h1为0则跳到00401530 004014C8 . 53 PUSH EBX ; h1不为0就从这里开始往下走 004014C9 . 8D4C24 08 LEA ECX,DWORD PTR SS:[ESP+8] ; 将一个局部变量给ecx以便把ecx压入堆栈 004014CD . 56 PUSH ESI 004014CE . 51 PUSH ECX 004014CF . 8BC8 MOV ECX,EAX 004014D1 . E8 A8020000 CALL <JMP.&MFC42.#3874> ; h1->GetWindowText(s1);//得到字符串 004014D6 . 6A 06 PUSH 6 004014D8 . 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10] 004014DC . E8 97020000 CALL <JMP.&MFC42.#2915> ; a=s1.GetBuffer(6);//转为char 004014E1 . BE 28304000 MOV ESI,CrackMe.00403028 ; ASCII "123456" 004014E6 > 8A10 MOV DL,BYTE PTR DS:[EAX] ; 从这里开始应该是把C的库函数strcmp给弄过来了 004014E8 . 8A1E MOV BL,BYTE PTR DS:[ESI] ; 有时间看看人家的strcmp是怎么实现的! 004014EA . 8ACA MOV CL,DL 004014EC . 3AD3 CMP DL,BL 004014EE . 75 1E JNZ SHORT CrackMe.0040150E 004014F0 . 84C9 TEST CL,CL 004014F2 . 74 16 JE SHORT CrackMe.0040150A 004014F4 . 8A50 01 MOV DL,BYTE PTR DS:[EAX+1] 004014F7 . 8A5E 01 MOV BL,BYTE PTR DS:[ESI+1] 004014FA . 8ACA MOV CL,DL 004014FC . 3AD3 CMP DL,BL 004014FE . 75 0E JNZ SHORT CrackMe.0040150E 00401500 . 83C0 02 ADD EAX,2 00401503 . 83C6 02 ADD ESI,2 00401506 . 84C9 TEST CL,CL 00401508 .^75 DC JNZ SHORT CrackMe.004014E6 0040150A > 33C0 XOR EAX,EAX 0040150C . EB 05 JMP SHORT CrackMe.00401513 0040150E > 1BC0 SBB EAX,EAX 00401510 . 83D8 FF SBB EAX,-1 00401513 > 5E POP ESI 00401514 . 5B POP EBX 00401515 . 85C0 TEST EAX,EAX 00401517 . 6A 00 PUSH 0 00401519 . 6A 00 PUSH 0 0040151B . 75 07 JNZ SHORT CrackMe.00401524 ; 上面应该是把C的库函数strcmp给弄过来了,在这里(不为0跳到no) 0040151D . 68 24304000 PUSH CrackMe.00403024 ; ASCII "yes" 00401522 . EB 05 JMP SHORT CrackMe.00401529 00401524 > 68 20304000 PUSH CrackMe.00403020 ; ASCII "no" 00401529 > 8BCF MOV ECX,EDI 0040152B . E8 5A020000 CALL <JMP.&MFC42.#4224> ; 真会省的!只用了一个MessageBox!要知道我们用C++是写了两次啊! 00401530 > 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4] ; 在遥远的上面的JE跳到这里来,然后就不关我们事啦 00401534 . C74424 10 FFFF>MOV DWORD PTR SS:[ESP+10],-1 0040153C . E8 0D020000 CALL <JMP.&MFC42.#800> 00401541 . 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8] 00401545 . 5F POP EDI 00401546 . 64:890D 000000>MOV DWORD PTR FS:[0],ECX 0040154D . 83C4 10 ADD ESP,10 00401550 . C3 RETN ; 看,在上面再处理一下后事,这个事件就退出了 00401551 90 NOP 00401552 90 NOP 00401553 90 NOP
每学一种新技术都有新的HELLO WORLD!
|
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
