lesson14021.htm

为所有对破解感兴趣的朋友准备的礼物。希望大家能够喜欢。

          :004013F2 46                
          &nbsp; &nbsp; &nbsp; inc esi <br>
          :004013F3 EBED&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jmp 004013E2 <br>
          :004013F5 81F734120000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; xor 
          edi, 00001234&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
          :004013FB 8BDF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; mov ebx, edi&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; ----把处理后的放入EBX <br>
          :004013FD C3&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; ret <br>
          <br>
          模拟运算: <br>
          输入姓名:zxem <br>
          输入密码:123456 <br>
          我们可以看到(1)处算出的EDI=144, (2)处为EDI=573C. <br>
          我们知道密码的处理中为乘10再类加.所以从EDI=573C反推真密码,如下: <br>
          XOR&nbsp; 573C, 1234 得到4508, <br>
          而4508换成10进制为17672 <br>
          所以真的密码为:17672 <br>
          <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 
          &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;ZXEM 2000.3.20 
      
  </table>
</div>
<div id="KB9Parent" class="parent"> <span class="p9"><a href="#" onClick="expandIt('KB9'); return false"> 
  5、习题五 答案</a> </span></div>
<div id="KB9Child" class="child"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  <table width="100%" align="center" cellspacing="0">
    <tr bgcolor="#EFEFEF"> 
      <td height="28"> 
        <p class="p9">bpx hmemcpy设断来到： <br>
          &nbsp; &nbsp; :00427B7E E80DE2FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; call 00415D90 <br>
          &nbsp; &nbsp; :00427B83 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; mov eax, dword ptr [ebp-04] <br>
          &nbsp; &nbsp; :00427B86 50&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; push eax <br>
          &nbsp; &nbsp; :00427B87 8D55F8&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; lea edx, dword ptr [ebp-08] <br>
          &nbsp; &nbsp; :00427B8A 8B83DC010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebx+000001DC] <br>
          &nbsp; &nbsp; :00427B90 E8FBE1FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; call 00415D90 <br>
          &nbsp; &nbsp; :00427B95 8B45F8&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; mov eax, dword ptr [ebp-08] <br>
          &nbsp; &nbsp; :00427B98 5A&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pop edx;;在这D EDX你将看到姓名、你输入号码、正确号码 
          <br>
          &nbsp; &nbsp; :00427B99 E882FEFFFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; call 00427A20&nbsp; &nbsp; &nbsp; ;; 比较序列号设置旗标 <br>
          &nbsp; &nbsp; :00427B9E 3D4E61BC00&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; cmp eax, 00BC614E&nbsp; ;; eax与BC614E比较 <br>
          &nbsp; &nbsp; :00427BA3 7D1E&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; jge 00427BC3&nbsp; &nbsp; &nbsp; &nbsp; 
          ;; 如大于或等于则"Correct" <br>
          你也可进入 :00427B99 的CALL，来到： <br>
          &nbsp; &nbsp; :00427AF6 8B45F4&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; mov eax, dword ptr [ebp-0C]&nbsp; ;; 正确 serial 
          <br>
          &nbsp; &nbsp; :00427AF9 8B55F8&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; mov edx, dword ptr [ebp-08]&nbsp; ;; 输入 serial 
          <br>
          &nbsp; &nbsp; :00427AFC E8BFBDFDFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; call 004038C0&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; ;; 比较它们 
      
  </table>
</div>
<div id="KB10Parent" class="parent"> <a href="#" onClick="expandIt('KB10'); return false"> 
  <span class="p9">6、习题六 答案</span></a> </div>
<div id="KB10Child" class="child"> <span class="p9">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  </span>
  <table width="100%" align="center" cellspacing="-">
    <tr bgcolor="#EFEFEF"> 
      <td height="28"> 
        <p class="p9">用W32Dasm打开程序，利用串式参考（String Data References）分析，看到"Well done"，双击来到： 
          <br>
          <br>
          * Possible StringData Ref from Code Obj ->"Delphi" &lt;---这可能是第一个序列号 
          <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br>
          :00421DC1 BA201F4200&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          mov edx, 00421F20 <br>
          :00421DC6 E8A916FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00403474&lt;---比较我们第一个序列号，就是"Delphi" <br>
          :00421DCB 0F8522010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jne 
          00421EF3&lt;---不相等跳走 <br>
          :00421DD1 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421DD4 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421DDA E879FAFEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421DDF 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421DE2 E84117FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00403528 <br>
          :00421DE7 E89437FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00405580 <br>
          :00421DEC 83F809&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; cmp eax, 00000009&lt;---比较第个序列号是否是9位数？ <br>
          :00421DEF 0F85FE000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jne 
          00421EF3&lt;---不相等则跳走 <br>
          :00421DF5 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421DF8 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421DFE E855FAFEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E03 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E06 803848&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; cmp byte ptr [eax], 48&lt;---比较第一字符是否是048h <br>
          :00421E09 0F85E4000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jne 
          00421EF3 <br>
          :00421E0F 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421E12 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421E18 E83BFAFEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E1D 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E20 80780165&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+01], 65&lt;---比较第二字符是否是 065h <br>
          :00421E24 0F85C9000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jne 
          00421EF3 <br>
          :00421E2A 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421E2D 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421E33 E820FAFEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E38 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E3B 8078026C&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+02], 6C&lt;---比较第三字符是否是 06Ch <br>
          :00421E3F 0F85AE000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jne 
          00421EF3 <br>
          :00421E45 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421E48 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421E4E E805FAFEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E53 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E56 8078036C&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+03], 6C&lt;---比较第四字符是否是 06Ch <br>
          :00421E5A 0F8593000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jne 
          00421EF3 <br>
          :00421E60 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421E63 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421E69 E8EAF9FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E6E 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E71 80780466&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+04], 66&lt;---比较第五字符是否是066h <br>
          :00421E75 757C&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 00421EF3 <br>
          :00421E77 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421E7A 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421E80 E8D3F9FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E85 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E88 8078056F&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+05], 6F&lt;---比较第六字符是否是06Fh <br>
          :00421E8C 7565&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 00421EF3 <br>
          :00421E8E 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421E91 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421E97 E8BCF9FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E9C 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E9F 80780672&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+06], 72&lt;---比较第七字符是否是 072h <br>
          :00421EA3 754E&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 00421EF3 <br>
          :00421EA5 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421EA8 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421EAE E8A5F9FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421EB3 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421EB6 80780767&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+07], 67&lt;---比较第八字符是否是 067h <br>
          :00421EBA 7537&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 00421EF3 <br>
          :00421EBC 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421EBF 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421EC5 E88EF9FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421ECA 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421ECD 80780865&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+08], 65&lt;---比较第九字符是否是065h <br>