北京理工大学信息安全与对抗竞赛---crackme01分析
只是从crackme的情况来看,这次的题目没有成信院的难。
首先,E-Debug Events找到按钮事件。
1 004010A1 /. 55 push ebp 2 004010A2 |. 8BEC mov ebp, esp 3 004010A4 |. 81EC 08000000 sub esp, 8 4 004010AA |. 6A FF push -1 5 004010AC |. 6A 08 push 8 6 004010AE |. 68 02000116 push 16010002 7 004010B3 |. 68 01000152 push 52010001 8 004010B8 |. E8 00010000 call 004011BD ; 获取用户输入的注册码 9 004010BD |. 83C4 10 add esp, 10 10 004010C0 |. 8945 FC mov dword ptr [ebp-4], eax 11 004010C3 |. 68 4C9B4600 push 00469B4C ; ASCII "Manson" 12 004010C8 |. FF75 FC push dword ptr [ebp-4] ; 假码入栈 13 004010CB |. E8 34FFFFFF call 00401004 ; 比较 14 004010D0 |. 83C4 08 add esp, 8 15 004010D3 |. 83F8 00 cmp eax, 0 ; 结果 16 004010D6 |. B8 00000000 mov eax, 0 17 004010DB |. 0F94C0 sete al 18 004010DE |. 8945 F8 mov dword ptr [ebp-8], eax ; 比较结果放入某个位置 19 004010E1 |. 8B5D FC mov ebx, dword ptr [ebp-4] 20 004010E4 |. 85DB test ebx, ebx 21 004010E6 |. 74 09 je short 004010F1 22 004010E8 |. 53 push ebx 23 004010E9 |. E8 C9000000 call 004011B7 24 004010EE |. 83C4 04 add esp, 4 25 004010F1 |> 837D F8 00 cmp dword ptr [ebp-8], 0 26 004010F5 |. 0F84 35000000 je 00401130 ; 关键跳 27 004010FB |. 6A 00 push 0 28 004010FD |. 6A 00 push 0 29 004010FF |. 6A 00 push 0 30 00401101 |. 68 01030080 push 80000301 31 00401106 |. 6A 00 push 0 32 00401108 |. 68 00000000 push 0 33 0040110D |. 68 04000080 push 80000004 34 00401112 |. 6A 00 push 0 35 00401114 |. 68 539B4600 push 00469B53 36 00401119 |. 68 03000000 push 3 37 0040111E |. BB 00134000 mov ebx, 00401300 38 00401123 |. E8 89000000 call 004011B1 39 00401128 |. 83C4 28 add esp, 28 40 0040112B |. E9 30000000 jmp 00401160 41 00401130 |> 6A 00 push 0 42 00401132 |. 6A 00 push 0 43 00401134 |. 6A 00 push 0 44 00401136 |. 68 01030080 push 80000301 45 0040113B |. 6A 00 push 0 46 0040113D |. 68 10000000 push 10 47 00401142 |. 68 04000080 push 80000004 48 00401147 |. 6A 00 push 0 49 00401149 |. 68 5C9B4600 push 00469B5C 50 0040114E |. 68 03000000 push 3 51 00401153 |. BB 00134000 mov ebx, 00401300 52 00401158 |. E8 54000000 call 004011B1 53 0040115D |. 83C4 28 add esp, 28 54 00401160 |> 8BE5 mov esp, ebp 55 00401162 |. 5D pop ebp 56 00401163 \. C3 retn
直接就是明码比较,所以很简单。