📄 lesson14021.htm
字号:
:00421ED1 7520
jne 00421EF3 <br>
将这些ASCII转换成为: <br>
Hellforge <br>
小结:第一序列号是Delphi <br>
第一序列号是Hellforge
</table>
</div>
<div id="KB11Parent" class="parent"> <a href="#" onClick="expandIt('KB11'); return false" class="p9">
7、习题七 答案</a> </div>
<div id="KB11Child" class="child">
<table width="100%" align="center" cellspacing="0">
<tr bgcolor="#EFEFEF">
<td height="28">
<p class="p9">用W32Dasm打开程序,利用串式参考(String Data References)分析,看到"REGISTERED!",双击来到:
<br>
* Referenced by a CALL at Address: <br>
|:004012BA <br>
| <br>
:00401520 83EC10
sub esp, 00000010 <br>
:00401523 8B0D70974000 mov
ecx, dword ptr [00409770] <br>
:00401529 030DAC974000 add
ecx, dword ptr [004097AC] <br>
:0040152F 53
push ebx <br>
:00401530 56
push esi <br>
:00401531 81F9FFFFFF7F cmp
ecx, 7FFFFFFF <br>
:00401537 57
push edi <br>
:00401538 7606
jbe 00401540 <br>
:0040153A 81E9FFFFFF7F sub
ecx, 7FFFFFFF <br>
<br>
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
<br>
|:00401538(C) <br>
| <br>
:00401540 890D70974000 mov
dword ptr [00409770], ecx <br>
:00401546 390D88974000 cmp
dword ptr [00409788], ecx ;注意这里 <br>
:0040154C 7563
jne 004015B1 <br>
:0040154E 8D44240C
lea eax, dword ptr [esp+0C] <br>
<br>
* Possible StringData Ref from Data Obj ->"REGISTERED!" <br>
| <br>
:00401552 686C844000
push 0040846C <br>
:00401557 50
push eax <br>
<br>
通过用W32DASM分析后,我们用SOFTICE来调试,输入: <br>
姓名:toye 公司:toye 序列号:12345678 <br>
bpx hmemcpy <br>
来到::00401546 下命令:? ECX 看到::00401546 <br>
这就是序列号。
</table>
</div>
<div id="KB12Parent" class="parent"> <a href="#" onClick="expandIt('KB12'); return false" class="p9">
8、习题八 答案</a></div>
<div id="KB12Child" class="child">
<table width="100%" align="center" cellspacing="0">
<tr bgcolor="#EFEFEF">
<td height="28">
<p class="p9">破解lesson1402-ex-12 <br>
如果输入的姓名少于6个字,就无法被拦截。(我也是试出来的) <br>
<br>
:0040156B E828030000
Call 00401898 <br>
:00401570 33C0
xor eax, eax <br>
:00401572 33DB
xor ebx, ebx <br>
:00401574 33C9
xor ecx, ecx <br>
:00401576 B901000000
mov ecx, 00000001 <br>
:0040157B 33D2
xor edx, edx <br>
:0040157D 8B45E4
mov eax, dword ptr [ebp-1C] ----把姓名放入EAX <br>
<br>
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
<br>
|:0040158B(C) <br>
| <br>
:00401580 8A18
mov bl, byte ptr [eax] ----对姓名进行处理(1)
<br>
:00401582 32D9
xor bl, cl <br>
:00401584 8818
mov byte ptr [eax], bl <br>
:00401586 41
inc ecx <br>
:00401587 40
inc eax <br>
:00401588 803800
cmp byte ptr [eax], 00 <br>
:0040158B 75F3
jne 00401580 <br>
:0040158D 33C0
xor eax, eax <br>
:0040158F 33DB
xor ebx, ebx <br>
:00401591 33C9
xor ecx, ecx <br>
:00401593 B90A000000
mov ecx, 0000000A <br>
:00401598 33D2
xor edx, edx <br>
:0040159A 8B45F0
mov eax, dword ptr [ebp-10] ----把输入的密码放入EAX <br>
<br>
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
<br>
|:004015A8(C) <br>
| <br>
:0040159D 8A18
mov bl, byte ptr [eax] ----对密码进行处理(2)
<br>
:0040159F 32D9
xor bl, cl <br>
:004015A1 8818
mov byte ptr [eax], bl <br>
:004015A3 41
inc ecx <br>
:004015A4 40
inc eax <br>
:004015A5 803800
cmp byte ptr [eax], 00 <br>
:004015A8 75F3
jne 0040159D <br>
:004015AA 8B45E4
mov eax, dword ptr [ebp-1C] ----处理后的姓名放入EAX <br>
:004015AD 8B55F0
mov edx, dword ptr [ebp-10] ----处理后的密码放入EBX <br>
<br>
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
<br>
|:004015BF(C) <br>
| <br>
:004015B0 33C9
xor ecx, ecx <br>
:004015B2 8A18
mov bl, byte ptr [eax] <br>
:004015B4 8A0A
mov cl, byte ptr [edx] <br>
:004015B6 3AD9
cmp bl, cl
----进行比较 <br>
:004015B8 7509
jne 004015C3 <br>
:004015BA 40
inc eax <br>
:004015BB 42
inc edx <br>
:004015BC 803800
cmp byte ptr [eax], 00 <br>
:004015BF 75EF
jne 004015B0 <br>
:004015C1 EB16
jmp 004015D9 <br>
<br>
模拟运行: <br>
姓名:zxemzx <br>
密码: 123456 <br>
<br>
处理姓名: <br>
7A 78
65 6D 7A 78 <br>
XOR 1 2 3
4 5 6 <br>
7B 7A
66 69 7F 7E <br>
处理密码: <br>
31 32
33 34 35 36 <br>
XOR A B C
D E F <br>
3B 39
3F 39 3B 39 <br>
由姓名反推正确的密码: <br>
7B 7A
66 69 7F 7E <br>
XOR A B C
D E F <br>
71 71
6A 64 71 71 <br>
查表的: q q j d
q q <br>
<br>
所以正确的密码为:qqjdqq <br>
ZXEM 2000.3.23
</table>
</div>
<div id="KB13Parent" class="parent"> <a href="#" onClick="expandIt('KB13'); return false" class="p9">
9、习题九 答案</a> </div>
<div id="KB13Child" class="child"> ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -