39 lines
2.5 KiB
Markdown
39 lines
2.5 KiB
Markdown
|
1. 直接看Main函数
|
|||
|
|
|
|||
|
|
```assembly
|
|||
|
|
00401000 | 68 FFE77648 | push 4876E7FF |
|
|||
|
|
00401005 | E8 56000000 | call am0kcm_2.401060 |
|
|||
|
|
0040100A | 83C4 04 | add esp,4 |
|
|||
|
|
0040100D | E8 58000000 | call <am0kcm_2.random> |
|
|||
|
|
00401012 | 99 | cdq |
|
|||
|
|
00401013 | 3D FFE77648 | cmp eax,4876E7FF | <--
|
|||
|
|
00401018 | 75 1E | jne <am0kcm_2.Fail> |
|
|||
|
|
0040101A | 83FA 17 | cmp edx,17 | <--
|
|||
|
|
0040101D | 75 19 | jne <am0kcm_2.Fail> |
|
|||
|
|
0040101F | 6A 00 | push 0 |
|
|||
|
|
00401021 | 68 98504000 | push am0kcm_2.405098 | 405098:"Good Job"
|
|||
|
|
00401026 | 68 68504000 | push am0kcm_2.405068 | 405068:"You re one the good way to become a cracker ;)"
|
|||
|
|
0040102B | 6A 00 | push 0 |
|
|||
|
|
0040102D | FF15 94404000 | call dword ptr ds:[<MessageBoxA>] |
|
|||
|
|
00401033 | 33C0 | xor eax,eax |
|
|||
|
|
00401035 | C2 1000 | ret 10 |
|
|||
|
|
00401038 | 6A 00 | push 0 |
|
|||
|
|
0040103A | 68 60504000 | push am0kcm_2.405060 | 405060:"Bad Job"
|
|||
|
|
0040103F | 68 30504000 | push am0kcm_2.405030 | 405030:"Hehe, don't stop trying :P\nStill not cracked.."
|
|||
|
|
00401044 | 6A 00 | push 0 |
|
|||
|
|
00401046 | FF15 94404000 | call dword ptr ds:[<MessageBoxA>] |
|
|||
|
|
0040104C | 33C0 | xor eax,eax |
|
|||
|
|
0040104E | C2 1000 | ret 10 |
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
`00401013`和`0040101A` 这两个的比较结果永远不会相等
|
|||
|
|
|
|||
|
|
2. 要么NOP掉两个jne跳转,要么jne改je
|
|||
|
|
|
|||
|
|
这里我选择后者
|
|||
|
|
|
|||
|
|
```assembly
|
|||
|
|
00401018 | 74 1E | je <am0kcm_2.Fail> |
|
|||
|
|
0040101A | 83FA 17 | cmp edx,17 |
|
|||
|
|
0040101D | 74 19 | je <am0kcm_2.Fail> |
|
|||
|
|
```
|