破解CrackMe3(cff2k) (2千字)

关注+2004-10-15作者：蓝点

CrackMe下载
破解CrackMe3(cff2k):
这个程序有点那个,和它的上一个版本(CrackMe2)差不了多少,(可能也是加了壳吧,只是用来反静态分析...)说实在,它只有一个NUM.和一个NAME找到它们一点也不难.它还有点怪怪的,那个NAME在一打开程序就有提示了.和正确的差不了多少,那个NAME是Unregistered->Registed User,NUM.是754-GFX-IER-954->GFX-754-IER-954. (搞到我一开始还以为是什么用输入的和开始的比较判断是否输入了NAME和NUM.原来是我想多了...其实它一点也不复杂...):
用BPX GETWINDOWTEXTA不行,GETDLGITEMTEXTA也不行...我只好用HMEMCPY.按几次F12后,再在程序的领空里跳出几个CALL,就可以到这里:
...果然,直接用W32DASM找不到要用的代码了,那就脱壳...
O,又是用UPX V1.01...
好了:
:00440EDC B9C80F4400 mov ecx, 00440FC8
:00440EE1 BAD80F4400 mov edx, 00440FD8
:00440EE6 A1442C4400 mov eax, dword ptr [00442C44]
:00440EEB 8B00 mov eax, dword ptr [eax]
:00440EED E876C1FFFF call 0043D068 /*这个CALL是取得NAME*/
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00440ED8(C)
|
:00440EF2 8D55FC lea edx, dword ptr [ebp-04]
:00440EF5 8B83C8020000 mov eax, dword ptr [ebx+000002C8]
:00440EFB E820FFFDFF call 00420E20 /*这个CALL是取得NUM.*/
...
按几下F10会到这里:
:00440F2C 8B45FC mov eax, dword ptr [ebp-04]
:00440F2F BA14104400 mov edx, 00441014 /*用D可以找到你想要的:-)*/
:00440F34 E8F32BFCFF call 00403B2C /*这个CALL是比较NAME进去*/
:00440F39 7551 jne 00440F8C
...
那个CALL:
* Referenced by a CALL at Addresses:
|:0040D5CF , :004118B9 , :0041FF12 , :0041FF9D , :00420BDB
|:00420E78 , :0042B74B , :0042BD51 , :0042BEC1 , :0042C035
|:0042ED51 , :0042EE15 , :0042F1F0 , :0042F2AF , :0042F70A
|:0042F92A , :0042FE95 , :00430053 , :0043D6B7 , :00440F34
|:00440F51
|
:00403B2C 53 push ebx
:00403B2D 56 push esi
:00403B2E 57 push edi
:00403B2F 89C6 mov esi, eax
:00403B31 89D7 mov edi, edx
:00403B33 39D0 cmp eax, edx /*用D可见到你输入的NAME,和正确的NAME*/
:00403B35 0F848F000000 je 00403BCA
:00403B3B 85F6 test esi, esi
:00403B3D 7468 je 00403BA7
:00403B3F 85FF test edi, edi
:00403B41 746B je 00403BAE
...
NAME就OK了.不过这是里有点我不明白的,在这段后面还有一段,是对你输入的NAME一个字符一个字符的比较,那是为何?不懂...

之后到这里:
:00440F49 8B45FC mov eax, dword ptr [ebp-04]
:00440F4C BA2C104400 mov edx, 0044102C/*用D EDX,和D EAX就可以见到输入的NUM.和正确的NUM.了*/
:00440F51 E8D62BFCFF call 00403B2C /*这个CALL是比较NUM.*/
...

NAME:Registed User
NUM.:GFX-754-IER-954

OK!

Vitamin C[抗坏血酸].2002.2.4.HY.GD.CHI.