160个CrackMe之008

1
2
3
4
5
6
7

中文搜索引擎
地址       反汇编                                    文本字符串
00401D74   push Andréna.00401A54                     SynTaX 2oo1
00401DD3   mov dword ptr ss:[ebp-0x84],Andréna.004   SuCCESFul !
00401DEB   mov dword ptr ss:[ebp-0x74],Andréna.004   RiCHtiG ! ...nun weiter zu CrackMe 2 !
00401E6D   mov dword ptr ss:[ebp-0x84],Andréna.004   leider NeiN !
00401E85   mov dword ptr ss:[ebp-0x74],Andréna.004   Leider Falsch !  Schau noch mal genau nach ...

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

00401D5A   .  3BC6          cmp eax,esi
00401D5C   .  7D 12         jge short Andréna.00401D70
00401D5E   .  68 A0000000   push 0xA0
00401D63   .  68 401A4000   push Andréna.00401A40
00401D68   .  57            push edi
00401D69   .  50            push eax
00401D6A   .  FF15 E4304000 call dword ptr ds:[<&MSVBVM50.__vbaHresultCheckO>;  msvbvm50.__vbaHresultCheckObj
00401D70   >  8B4D D8       mov ecx,dword ptr ss:[ebp-0x28]                  ;  输入的key:1234
00401D73   .  51            push ecx
00401D74   .  68 541A4000   push Andréna.00401A54                            ;  SynTaX 2oo1
00401D79   .  FF15 08314000 call dword ptr ds:[<&MSVBVM50.__vbaStrCmp>]      ;  msvbvm50.__vbaStrCmp
00401D7F   .  8BF8          mov edi,eax
00401D81   .  8D4D D8       lea ecx,dword ptr ss:[ebp-0x28]
00401D84   .  F7DF          neg edi
00401D86   .  1BFF          sbb edi,edi
00401D88   .  47            inc edi
00401D89   .  F7DF          neg edi
00401D8B   .  FF15 5C314000 call dword ptr ds:[<&MSVBVM50.__vbaFreeStr>]     ;  msvbvm50.__vbaFreeStr
00401D91   .  8D4D D4       lea ecx,dword ptr ss:[ebp-0x2C]
00401D94   .  FF15 60314000 call dword ptr ds:[<&MSVBVM50.__vbaFreeObj>]     ;  msvbvm50.__vbaFreeObj
00401D9A   .  66:3BFE       cmp di,si
00401D9D      0F84 A0000000 je Andréna.00401E43                              ;  关键的跳转
00401DA3   .  FF15 2C314000 call dword ptr ds:[<&MSVBVM50.#rtcBeep_534>]     ;  msvbvm50.rtcBeep
00401DA9   .  8B3D 48314000 mov edi,dword ptr ds:[<&MSVBVM50.__vbaVarDup>]   ;  msvbvm50.__vbaVarDup
00401DAF   .  B9 04000280   mov ecx,0x80020004
00401DB4   .  894D 9C       mov dword ptr ss:[ebp-0x64],ecx
00401DB7   .  B8 0A000000   mov eax,0xA
00401DBC   .  894D AC       mov dword ptr ss:[ebp-0x54],ecx
00401DBF   .  BB 08000000   mov ebx,0x8
00401DC4   .  8D95 74FFFFFF lea edx,dword ptr ss:[ebp-0x8C]
00401DCA   .  8D4D B4       lea ecx,dword ptr ss:[ebp-0x4C]
00401DCD   .  8945 94       mov dword ptr ss:[ebp-0x6C],eax
00401DD0   .  8945 A4       mov dword ptr ss:[ebp-0x5C],eax
00401DD3   .  C785 7CFFFFFF>mov dword ptr ss:[ebp-0x84],Andréna.00401AC4     ;  SuCCESFul !
00401DDD   .  899D 74FFFFFF mov dword ptr ss:[ebp-0x8C],ebx
00401DE3   .  FFD7          call edi                                         ;  <&MSVBVM50.__vbaVarDup>
00401DE5   .  8D55 84       lea edx,dword ptr ss:[ebp-0x7C]
00401DE8   .  8D4D C4       lea ecx,dword ptr ss:[ebp-0x3C]
00401DEB   .  C745 8C 701A4>mov dword ptr ss:[ebp-0x74],Andréna.00401A70     ;  RiCHtiG ! ...nun weiter zu CrackMe 2 !
00401DF2   .  895D 84       mov dword ptr ss:[ebp-0x7C],ebx
00401DF5   .  FFD7          call edi
00401DF7   .  8D55 94       lea edx,dword ptr ss:[ebp-0x6C]
00401DFA   .  8D45 A4       lea eax,dword ptr ss:[ebp-0x5C]
00401DFD   .  52            push edx                                         ;  ntdll.KiFastSystemCallRet
00401DFE   .  8D4D B4       lea ecx,dword ptr ss:[ebp-0x4C]
00401E01   .  50            push eax
00401E02   .  51            push ecx
00401E03   .  8D55 C4       lea edx,dword ptr ss:[ebp-0x3C]
00401E06   .  6A 30         push 0x30
00401E08   .  52            push edx                                         ;  ntdll.KiFastSystemCallRet
00401E09   .  FF15 F0304000 call dword ptr ds:[<&MSVBVM50.#rtcMsgBox_595>]   ;  msvbvm50.rtcMsgBox
00401E0F   .  8D95 44FFFFFF lea edx,dword ptr ss:[ebp-0xBC]
00401E15   .  8D4D DC       lea ecx,dword ptr ss:[ebp-0x24]
00401E18   .  8985 4CFFFFFF mov dword ptr ss:[ebp-0xB4],eax
00401E1E   .  C785 44FFFFFF>mov dword ptr ss:[ebp-0xBC],0x3
00401E28   .  FF15 D0304000 call dword ptr ds:[<&MSVBVM50.__vbaVarMove>]     ;  msvbvm50.__vbaVarMove
00401E2E   .  8D45 94       lea eax,dword ptr ss:[ebp-0x6C]
00401E31   .  8D4D A4       lea ecx,dword ptr ss:[ebp-0x5C]
00401E34   .  50            push eax
00401E35   .  8D55 B4       lea edx,dword ptr ss:[ebp-0x4C]
00401E38   .  51            push ecx
00401E39   .  8D45 C4       lea eax,dword ptr ss:[ebp-0x3C]
00401E3C   .  52            push edx                                         ;  ntdll.KiFastSystemCallRet
00401E3D   .  50            push eax
00401E3E   .  E9 95000000   jmp Andréna.00401ED8
00401E43   >  8B3D 48314000 mov edi,dword ptr ds:[<&MSVBVM50.__vbaVarDup>]   ;  msvbvm50.__vbaVarDup
00401E49   .  B9 04000280   mov ecx,0x80020004
00401E4E   .  894D 9C       mov dword ptr ss:[ebp-0x64],ecx
00401E51   .  B8 0A000000   mov eax,0xA
00401E56   .  894D AC       mov dword ptr ss:[ebp-0x54],ecx
00401E59   .  BB 08000000   mov ebx,0x8
00401E5E   .  8D95 74FFFFFF lea edx,dword ptr ss:[ebp-0x8C]
00401E64   .  8D4D B4       lea ecx,dword ptr ss:[ebp-0x4C]
00401E67   .  8945 94       mov dword ptr ss:[ebp-0x6C],eax
00401E6A   .  8945 A4       mov dword ptr ss:[ebp-0x5C],eax
00401E6D   .  C785 7CFFFFFF>mov dword ptr ss:[ebp-0x84],Andréna.00401B44     ;  leider NeiN !
00401E77   .  899D 74FFFFFF mov dword ptr ss:[ebp-0x8C],ebx
00401E7D   .  FFD7          call edi                                         ;  <&MSVBVM50.__vbaVarDup>
00401E7F   .  8D55 84       lea edx,dword ptr ss:[ebp-0x7C]
00401E82   .  8D4D C4       lea ecx,dword ptr ss:[ebp-0x3C]
00401E85   .  C745 8C E01A4>mov dword ptr ss:[ebp-0x74],Andréna.00401AE0     ;  Leider Falsch !  Schau noch mal genau nach ...
00401E8C   .  895D 84       mov dword ptr ss:[ebp-0x7C],ebx
00401E8F   .  FFD7          call edi