《使用OllyDbg从零开始Cracking 第十八章》由会员分享,可在线阅读,更多相关《使用OllyDbg从零开始Cracking 第十八章(11页珍藏版)》请在金锄头文库上搜索。
1、第十八章-序列号生成算法分析-Part3本章,我们将讨论Stzweiem提供的CrackMe,名字叫”crackme_4stz”。用OD加载它。曰祝 | x| *:| *:| 也 *= lIeImItIwIhMI/JkIbIr004583E5U04583E7加4昵:舟口U045835F00458364004583690045836E:U045S370004583760045837E:0045837DU04583S3U04583S8U045838D 跑斗5838F004583940458399U045839C iTiiTid匚口口口匚EESE:EC83C4 F4E:S 04824500E8 CC
2、DE:F口FF 口 CCPI54500SE:00E8 EC97FEFFSE:0D 9L:口E4Ei3i 口 CC口54500SE:00SE:15 847E450IES EC97FEFF 口 CC口E45008E!00E8 6098FEFFES 2E:E:4F口FF8D40 000000PUSH EBPMOU EBPPESP口匸i匚i ESP,-0CMOU EfiX:crack 00458204 匸:口LL crack me_ Ei04EiEF30nou EAXp DliJORD RTF: DS; E45口 riOU EAXp DliJORD RTF: DS; EE口幻UHLL crack me
3、u- u- u- u. o _u o o MMMHECXr DliJORD E口冷 DliJORD EFIX. DlilORDEDXp DliJORD00441B5CS: C45口透 口 HCDCEAXSf457E84RRRRTTTT ppppLiLi4bEy7C0O457ED0CHLL crack UU441 E:74hlOU EfiXp DliJORD RTF: DS: E45口 riOU E口XP DWORD RTF: DS: EE口幻CHLL crack me_ ii斗41E:F4COLL crackme_0S4037C4LE口 EfiXp DliJORD RTF: DS: EE口X
4、口匸i匚i E:?TE FTF: DS: EE口口 口L nn 口qt匚 口t口 n口匚口灯i 口i我们断在了入口点处,我们首先看一下API函数列表。 I I W J p I UTE FTF: DS: LE口口 口1_ TE RTF: DS: CEOXL 口L TE FTF: DS: EEOXlp 口L 卡TE FTF: DS: CEOXlp 口1_ TE FTF: DS: LE口口 口1_ TE FTF: DS: CEOXL 口L TE FTF: DS: EEOXlp 口L 卡TE FTF: DS: CEOXlp 口1_ TE FTF: DS: LE口口 口1_ TE FTF: DS: CE
5、OXL 口L TE FTF: DS: EEOXlp 口L 卡TE FTF: DS: CEOXlp 口1_ TE FTF: DS: LE口口 口1_ TE FTF: DS: CEOXL 口1Run traceNew origin here Ctrl+GrayGo toFollow in DumpSearch forFind references toViewASCIICopy to executable2! l L8. l 1- L. . LI?.LitiAnalysisQrr&口&:0 2Tl LRuritAppearance斗33?33333l me errc* rat0000000 0 l
6、 LErro r lL0123 456789 HE: CDEFUU1 LI 1 LU0012FFE4 0012FFEE: 0S12FFEC 0S12FFFS 0012FFF4 0012FFFE: 0S12FFFC7C8399F7CS16DE000000k000000EHFiFi000f004583E000000k3333diL程序中使用的字符串列表如下:t L .t JJ -.u -.4 c .t - .1 F TTTTTTTT u E s s s s s s s sName (label) in current module CtrlName in all modulesCommandCtr
7、lSequence of commandsCtrlConstantBinary stringCtrlAll inter modular callsAll commandsAll sequencesAll constantsAll switchesAll referenced text stringsUser-defined labelIM II sj ?J口ddressD isassemb LyTent string00401096ASCII Boolean004010IBASCII False00401021RSCII Ti-ue03401U2E口SCII FFL:har00401042AS
8、CII Integer0940105ARSCII Byte094010GERSCII MWordM09401032RSCII MStrLnqM09401088DD crackme .09401904RSCII 07PMTObjectM004010口EDD crackme U04010D4口SCII arZ-TObject004010D5ASCII FPT0bjectM09401UE2RSCII MT0bjectM004010E9DD crackme 004910D4RSCII 07PMTObjectM09401UF4RSCII MSystemM00401192RSCII MIUnknownM0
9、0401126ASCII FPSystemM00401178 crackme 004911C4ASCII llZ-TInterfacedObjectM00401190DD crackme .04911C4RSCII llZ-TInterfacedObjectM004011C5ASCII MTInterfacedObjecM00401 IDERSCII MtFF00402E04PUSH crackne .00402B84RSC11 MSOFTlilHRE-.Bor LandxDe Lph lRTLM00402B38PUSH crackne 34026口B口SCII FPFPUMaskUaLueM
10、00402B84OSC11 SOFTUJ口RExBor Land00402B94口 SCII M-.De L uh 汽 ETLS i00402BA0ASCII MFPUMaskUaLueR009403747MOU EBXpcrackme .0U4E903CRSCII 1- at 0000000000403890MOU ED:=P crackme 004E902CRSCII Runt ime errorat 000000000040382E:PUSH crackne 0045904C口SCII -Error00403830PUSH crackne 0345902匚RSCII Runt ime e
11、rrorat 00000000004038B7ASCII pTort ions 匚opyriq*00403SC7RSCII Mht (c) 19S3r99 Bm004038D7RSCII MorLandMR000404C99PUSH crackne .00494E08RSCII Mkernel32.dlLM00404C口曰PUSH crackne A0404E18口丸II FFGetLongFath怡帕口004S4E0RASCII FFkerneL32.dL LF000404E18RSCII MGetLongPathNameRM00404E28ASCII 900404E5CPUSH crack
12、ne .09404FE8RSC11 SoftwareEor LandLoca LesM00404E7OPUSH crackne 00495064RSC11 rrSoit: wareBor LandDe Lph lLoca Lem00404FE8ASCII FPSoftwarexBorLandMU0404FF8口SCII Locales00405004ASCII00405014RSCII r,De Lph LxLocaLesMF 9004UE1A4CMP DWORD RTF: DS: EE:X+4 P10096UNICODE RLLUSERSPROFILE=C:xDocunents and Se
13、tt ingsxAL L UsersM00405661MOU ED:=P crackme 00459964RSCII 20/1-0340587匚口SCII 00405886ASCII 勒铲疋貌似没有什么我们感兴趣的字符串,我们再来看看API函数列表。cHIIwlTIMIEF083C4 F4E:8 04乾4500 EE: CCDBF口FF Hl CC口E4E00E:E:0mE8 EC97FEFF:汨B匸i丸口斗甌| H1 CC口54500 8E:008E:1E 847E450I EE: EC97FEFFHl CC口E4E00E:E:0mE8 6098FEFFE8 2E:E:4FPlFF8040 00000000000000000000000000000000000000000000000000000000000000 0045E:37C.00457ED0C 竹忖r二UL 口口口口口口口口口口口口口口口eRRRRRRRRRRRRRRRR moTT
