160个CrackMe之036

cjt included in 逆向
  382 words One minute 

进入主界面,输入123456,点击CHECK按钮,根据错误提示定位:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

00521684   > \8B4D E8       mov ecx,dword ptr ss:[ebp-0x18]                    ;  user32.77D2C1D5
00521687   .  51            push ecx                                           ;  123456
00521688   .  68 60054500   push cupofcof.00450560                             ;  ..........
0052168D   .  FF15 F8405200 call dword ptr ds:[<&MSVBVM50.__vbaStrCmp>]        ;  msvbvm50.__vbaStrCmp
00521693   .  8BF0          mov esi,eax
00521695   .  8D4D E8       lea ecx,dword ptr ss:[ebp-0x18]
00521698   .  F7DE          neg esi
0052169A   .  1BF6          sbb esi,esi
0052169C   .  F7DE          neg esi
0052169E   .  F7DE          neg esi
005216A0   .  FF15 4C415200 call dword ptr ds:[<&MSVBVM50.__vbaFreeStr>]       ;  msvbvm50.__vbaFreeStr
005216A6   .  8D4D E4       lea ecx,dword ptr ss:[ebp-0x1C]
005216A9   .  FF15 50415200 call dword ptr ds:[<&MSVBVM50.__vbaFreeObj>]       ;  msvbvm50.__vbaFreeObj
005216AF   .  66:3BF7       cmp si,di
005216B2   .  74 6E         je short cupofcof.00521722
005216B4   .  B9 04000280   mov ecx,0x80020004
005216B9   .  B8 0A000000   mov eax,0xA
005216BE   .  894D AC       mov dword ptr ss:[ebp-0x54],ecx
005216C1   .  894D BC       mov dword ptr ss:[ebp-0x44],ecx
005216C4   .  894D CC       mov dword ptr ss:[ebp-0x34],ecx
005216C7   .  8D55 94       lea edx,dword ptr ss:[ebp-0x6C]
005216CA   .  8D4D D4       lea ecx,dword ptr ss:[ebp-0x2C]
005216CD   .  8945 A4       mov dword ptr ss:[ebp-0x5C],eax
005216D0   .  8945 B4       mov dword ptr ss:[ebp-0x4C],eax
005216D3   .  8945 C4       mov dword ptr ss:[ebp-0x3C],eax
005216D6   .  C745 9C 7C054>mov dword ptr ss:[ebp-0x64],cupofcof.0045057C      ;  Incorrect password
005216DD   .  C745 94 08000>mov dword ptr ss:[ebp-0x6C],0x8
005216E4   .  FF15 38415200 call dword ptr ds:[<&MSVBVM50.__vbaVarDup>]        ;  msvbvm50.__vbaVarDup
005216EA   .  8D55 A4       lea edx,dword ptr ss:[ebp-0x5C]
005216ED   .  8D45 B4       lea eax,dword ptr ss:[ebp-0x4C]
005216F0   .  52            push edx                                           ;  ntdll.KiFastSystemCallRet
005216F1   .  8D4D C4       lea ecx,dword ptr ss:[ebp-0x3C]
005216F4   .  50            push eax
005216F5   .  51            push ecx
005216F6   .  8D55 D4       lea edx,dword ptr ss:[ebp-0x2C]
005216F9   .  6A 10         push 0x10
005216FB   .  52            push edx                                           ;  ntdll.KiFastSystemCallRet
005216FC   .  FF15 E0405200 call dword ptr ds:[<&MSVBVM50.#rtcMsgBox_595>]     ;  错误提示框

分析可以得固定key:..........

Updated on 2023-08-04 
CC BY-NC 4.0
160个CrackMe
Back | Home
0%