进入主界面,输入1234,点击check按钮,根据错误提示定位:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
0040157E |. E8 7B050000 call <jmp.&MFC42.#CWnd::MessageBoxA_4224>
00401583 |. EB 3C jmp short Brad_Sob.004015C1
00401585 |> 8D4D E4 lea ecx,[local.7] ; <BrD-SoB>
00401588 |. 51 push ecx ; /String2 = 00008124 ???
00401589 |. 8D55 F4 lea edx,[local.3] ; |输入的1234
0040158C |. 52 push edx ; |String1 = "��"
0040158D |. FF15 00204000 call dword ptr ds:[<&KERNEL32.lstrcmpA>] ; \lstrcmpA
00401593 |. 85C0 test eax,eax
00401595 |. 75 16 jnz short Brad_Sob.004015AD
00401597 |. 6A 40 push 0x40
00401599 |. 68 50304000 push Brad_Sob.00403050 ; CrackMe
0040159E |. 68 58304000 push Brad_Sob.00403058 ; Correct way to go!!
004015A3 |. 8B4D E0 mov ecx,[local.8]
004015A6 |. E8 53050000 call <jmp.&MFC42.#CWnd::MessageBoxA_4224>
004015AB |. EB 14 jmp short Brad_Sob.004015C1
004015AD |> 6A 40 push 0x40
004015AF |. 68 6C304000 push Brad_Sob.0040306C ; CrackMe
004015B4 |. 68 74304000 push Brad_Sob.00403074 ; Incorrect try again!!
004015B9 |. 8B4D E0 mov ecx,[local.8]
004015BC |. E8 3D050000 call <jmp.&MFC42.#CWnd::MessageBoxA_4224>; 错误提示
004015C1 |> 8BE5 mov esp,ebp
004015C3 |. 5D pop ebp
004015C4 \. C3 retn
|
简单分析得出定值:<BrD-SoB>