chenx221/Reverse
1
0
Fork 0
Code Pull Requests Activity

Compare commits

base: chenx221:2b985b575b72b8608720227ff9e64558c344e03e
Branches Tags
chenx221:main
...
compare: chenx221:f7dd91e33f105e760177469832e113d295d9449f
Branches Tags
chenx221:main

4 Commits
2b985b575b ... f7dd91e33f

Author SHA1 Message Date
Chenx221
f7dd91e33f
solved new crackme 2024-09-22 12:40:11 +08:00
Chenx221
5f2813c0a2
solved new crackme 2024-09-22 09:35:50 +08:00
Chenx221
a1b861b87a
solved new crackme 2024-09-22 09:23:01 +08:00
Chenx221
905c459177
solved new crackme 2024-09-22 09:17:55 +08:00
13 changed files with 414 additions and 0 deletions
Show Stats Expand all files Collapse all files

BIN
ac178_cm1/Crackme_01.exe Normal file
View File

Binary file not shown.

BIN
ac178_cm1/Crackme_01_Patched.exe Normal file
View File

Binary file not shown.

16
ac178_cm1/Readme First please.txt Normal file
View File

@ -0,0 +1,16 @@
YoYo Dwed..
This are my first crackme that are written in Win 32 Assembler (MASM)
I hace quitted Hellforge, The Cracking Answer and The Norwegioan Underground E-Zine Yesterday only for learning Win 32 Assembler and it are a good choice for mee. Since my tutorials sux too much atm. and I'm are not good in cracking so i will instead learn Codin, and the best part, it are in Win 32 Assembler :)
So, U will only need one "Bpx MessageBoxa" on this little crackme.. It suc alot but it are still mine so don't mess it up please.. Try tu use so many tools as you can and learn to crack in new ways, that are the coolest thing to do...
But now, it are time to work on a GFX to my girlfriend, cya dweds...
Greeting's goes to: LaZaRuS, Mercution, Dark wolf, Falcon, Eternal-Bliss, Birna Janes, MagicRalph, EP-180, ^AlX^, Cobb, Potsmoke, Acidfusion, Marton, Andd all who have helped me directly or indirectly....
U can fun this crackme from AcidCool.cjb.net and Crackmes.cjb.net
Acid_Cool_178 Design Company For crackers And Coder's.. :) (LOL)
Acid_Cool_178@hotmail.com

35
ac178_cm1/solve.md Normal file
View File

@ -0,0 +1,35 @@
只有三个弹窗
```
00401000 | 6A 00 | push 0 |
00401002 | 68 00304000 | push crackme_01.403000 | 403000:"Acid_Cool_178's"
00401007 | 68 10304000 | push crackme_01.403010 | 403010:"Win32Asm Crackme 1"
0040100C | 6A 00 | push 0 |
0040100E | E8 2D000000 | call <JMP.&_MessageBoxA@16> |
00401013 | 6A 00 | push 0 |
00401015 | 68 23304000 | push crackme_01.403023 | 403023:"Greetings goes too all my friends.."
0040101A | 68 47304000 | push crackme_01.403047 | 403047:"Hellforge, tCA, FHCF, DQF and the rest..."
0040101F | 6A 00 | push 0 |
00401021 | E8 1A000000 | call <JMP.&_MessageBoxA@16> |
00401026 | 6A 00 | push 0 |
00401028 | 68 71304000 | push crackme_01.403071 | 403071:"Remove Me!"
0040102D | 68 7C304000 | push crackme_01.40307C | 40307C:"NAG NAG"
00401032 | 6A 00 | push 0 |
00401034 | E8 07000000 | call <JMP.&_MessageBoxA@16> |
00401039 | 6A 00 | push 0 |
0040103B | E8 06000000 | call <JMP.&ExitProcess> |
00401040 | FF25 08204000 | jmp dword ptr ds:[<MessageBoxA>] |
00401046 | FF25 00204000 | jmp dword ptr ds:[<ExitProcess>] |
```
1. 去掉第三个NAG弹窗patch
```
00401026 | 6A 00 | push 0 |
00401026 | EB 11 | jmp crackme_01.401039 |
```

BIN
ac_exdec_03_b/AC_ExDec_03_B.exe Normal file
View File

Binary file not shown.

BIN
ac_exdec_03_b/AC_ExDec_03_B_Patched.exe Normal file
View File

Binary file not shown.

123
ac_exdec_03_b/Hellforge.nfo Normal file
View File

@ -0,0 +1,123 @@
²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²
²±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±²
²±°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°±²
²±° °±²
²±° ÛÛÛÛÛÛÛÛ ÛÛÛÛÛÛÛÛ ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ °±²
²±° Û Û Û Û Û Û °±²
²±° Û ÛÛÛÛ Û Û ÛÛÛÛ Û Û ÛÛÛÛÛÛÛÛÛÛÛÛÛÛ Û °±²
²±° Û ÛÛÛÛ Û Û ÛÛÛÛ Û Û ÛÛÛÛÛ Û °±²
²±° Û ÛÛÛÛ Û Û ÛÛÛÛ Û Û ÛÛÛÛÛ ÛÛÛÛÛÛÛÛÛÛ °±²
²±° Û ÛÛÛÛ Û Û ÛÛÛÛ Û Û ÛÛÛÛÛ Û °±²
²±° Û ÛÛÛÛ Û Û ÛÛÛÛ Û Û ÛÛÛÛÛ Û °±²
²±° Û ÛÛÛÛ ÛÛÛÛÛÛ ÛÛÛÛ Û Û ÛÛÛÛÛ ÛÛÛÛÛÛ °±²
²±° Û ÛÛÛÛ ÛÛÛÛ Û Û ÛÛÛÛÛ Û °±²
²±° Û ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ Û Û ÛÛÛÛÛÛÛÛÛÛÛ Û °±²
²±° Û ÛÛÛÛ ÛÛÛÛ Û Û ÛÛÛÛÛ Û °±²
²±° Û ÛÛÛÛ ÛÛÛÛÛÛ ÛÛÛÛ Û Û ÛÛÛÛÛ ÛÛÛÛÛÛ °±²
²±° Û ÛÛÛÛ Û Û ÛÛÛÛ Û Û ÛÛÛÛÛ Û °±²
²±° Û ÛÛÛÛ Û Û ÛÛÛÛ Û Û ÛÛÛÛÛ Û °±²
²±° Û ÛÛÛÛ Û Û ÛÛÛÛ Û Û ÛÛÛÛÛ Û °±²
²±° Û ÛÛÛÛ Û Û ÛÛÛÛ Û Û ÛÛÛÛÛ Û °±²
²±° Û ÛÛÛÛ Û Û ÛÛÛÛ Û Û ÛÛÛÛÛ Û °±²
²±° Û Û Û Û Û Û °±²
²±° ÛÛÛÛÛÛÛÛ ÛÛÛÛÛÛÛÛ ÛÛÛÛÛÛÛÛÛÛÛ °±²
²±° °±²
²±° °±²
²±° ÛÛ ÛÛ ÛÛÛÛÛ Û Û ÛÛÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛÛ ÛÛÛÛÛ °±²
²±° ÛÛ ÛÛ Û Û Û Û Û Û Û Û Û Û °±²
²±° ÛÛÛÛÛ ÛÛÛ Û Û ÛÛÛ Û Û ÛÛÛ Û ÛÛÛ ÛÛÛ °±²
²±° ÛÛ ÛÛ Û Û Û Û Û Û Û Û Û Û Û °±²
²±° ÛÛ ÛÛ ÛÛÛÛÛ ÛÛÛÛ ÛÛÛÛ Û ÛÛÛ Û Û ÛÛÛ ÛÛÛÛÛ °±²
²±° °±²
²±° visit http://www.HForge.cjb.net °±²
²±° °±²
²±°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°±²
²±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±²
²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²
²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²
² ²
² proudly presents: ExDec Crackme 3 B ²
² ²
²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²
±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
± ±
± [ ] Utility [ ] Crack [ ] Serial [ ] Keyfile ±
± [ ] Tutorial [x] Crackme [ ] Other ±
± ±
± The HF-Member to fullfill this task: Acid_Cool_178 ±
± ±
±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
° °
° Abut easyer than the last crackme in the 3 Series.. °
° Enable the button and send me you solution.. °
° Made in pure P-Code :)) °
° °
° °
° Send you solution to Acid_Cool_178@hotmail.com °
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
Û Û
Û Members of Hellforge and their function: Û
Û Û
Û abductor group leader,cracker,coder (delphi&asm) Û
Û Mercution prez,web-master,graphix Û
Û ManKind cracker,coder (c,vb) Û
Û Acid_Cool_178 cracker,coder (asm&vb),graphix Û
Û BiSHoP cracker,coder (asm&vb),graphix Û
Û Seifer cracker,coder (c) Û
Û roy cracker,coder (delphi&asm) Û
Û TheUltra Bot-Master Û
Û Û
Û Trial Members: Û
Û Û
Û Dark Wolf cracker,coder (vb),graphix Û
Û Û
Û If you want to become a member of Hellforge, too, Visit our Û
Û webpage and learn how to become one. The rules are real Û
Û simple. Û
Û Û
ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
Û Û
Û Greetz go out to: LaZaRuS - Eternal Bliss - ManKind - Falcon Û
Û Mercution - BiSHoP - Dark Wolf - +DaFixer Û
Û The Analyst - DaVinci - Marton - Subsonic Û
Û NaRRoW - Eddie Van Camper - Borna Janes Û
Û CD_Knight - NeO'X'QuiCk - czDrillard Û
Û SeVanD02k - ZuleikaH - Yoke - DnNuke Û
Û Seifer - R!SC - +Tsehp - StealthFighter Û
Û Û
ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
° °
° Don't forget to buy the software you use illegally. If you °
° don't buy it I want you to remove all knowledge or crackz °
° you got from Hellforge from your PC and use the trial °
° version of the program you wanted to use illegally. Don't °
° blame us for your stupidness if the police catches you. °
° Don't forget:Possesing Crackz is not illegal, using them is. °
° °
° That should not be a homily, but a wish from me to support °
° the programmers that make us happy with their cool programs °
° every day but don't get a registration for them. °
° I know what I'm talking about. °
° °
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
I have stolen the old HF NFO file beacuse it had to be done,
I will now and for ever use THIS NFO in all my files !!!
Acid_Cool_178

21
ac_exdec_03_b/solve.md Normal file
View File

@ -0,0 +1,21 @@
p-code
vbdec
消失的按钮
1. 恢复按钮
Owner: AC_ExDec_03_B.Form_Load
Offset: 401FE0
Org: F40021
Patch: 1E1400
2. 去除嘲讽信息(可选)
Owner: AC_ExDec_03_B.Form_Unload (Cancel As Integer)
Offset: 4020F8
Org: 27FCFE
Patch: 1E3100

BIN
ac_exdex_02_a/AC_Crackme_02_A.exe Normal file
View File

Binary file not shown.

22
ac_exdex_02_a/solve.md Normal file
View File

@ -0,0 +1,22 @@
p-code
vbdec
1. 找key
```
401D50 0F 0003 VCallAd Crackme.Text1
401D53 19 70FF FStAdFunc var_90
401D56 08 70FF FLdPr var_90
401D59 0D A0000000 VCallHresult _TextBox Get _Default
401D5E 3E 6CFF FLdZeroAd var_94
401D61 31 74FF FStStr var_8C
401D64 1A 70FF FFree1Ad var_90
401D67 1B 0100 LitStr str_4017F4='ExDec_Roxx'
401D6A 43 78FF FStStrCopy var_88
401D6D 6C 78FF ILdRf [var_88]
401D70 6C 74FF ILdRf [var_8C]
401D73 FB30 EqStr
```
显然key="ExDec_Roxx"

BIN
accessme/accessme.exe Normal file
View File

Binary file not shown.

8
accessme/readme.txt Normal file
View File

@ -0,0 +1,8 @@
Wooglepies' AccessME 1
Level: 2/10
In order to crack this one you'll have to find the correct
username/passwords to an account. Patching in order to make it
display a successful login session is NOT allowed.
Good luck.

189
accessme/solve.md Normal file
View File

@ -0,0 +1,189 @@
找用户名和密码
检测od(OLLYDBG.EXE)
| username | password |
| -------- | --------- |
| Karl | TWE-3265 |
| Erik | TWE-2132 |
| admin | allaccess |
经过整理的判断逻辑
```c#
string name="user input";
string password="user input";
string true_pwd="";
string process_name = "OLLYDBG.EXE";
string[] usernames = {"Karl","Erik","admin"};
string[] passwords = {"TWE-3265","TWE-2132","allaccess"};
if(!checkProcess(process_name)){ //checkProcess检测到时返回True
int index = Array.IndexOf(usernames, name);
if(index >= 0 && index+1<=5){
true_pwd = passwords[index];
if(true_pwd.Equals(password)){
//SUCCESS
}else{
//FAIL
//密码不匹配
}
}else{
//FAIL
//查无此号
}
}else{
//FAIL
//检测到调试器运行中
}
```
Main: 004014E1 (以下为部分内容)
```assembly
004016D1 | 8D85 A8FEFFFF | lea eax,dword ptr ss:[ebp-158] |
004016D7 | 894424 04 | mov dword ptr ss:[esp+4],eax | [esp+04]:_scanf+18
004016DB | C70424 55304000 | mov dword ptr ss:[esp],accessme.403055 | [esp]:"OLLYDBG.EXE", 403055:"%s"
004016E2 | E8 09060000 | call <JMP.&_printf> |
004016E7 | C74424 04 30414000 | mov dword ptr ss:[esp+4],accessme.404130 | [esp+04]:_scanf+18, 404130:"admin"
004016EF | C70424 55304000 | mov dword ptr ss:[esp],accessme.403055 | [esp]:"OLLYDBG.EXE", 403055:"%s"
004016F6 | E8 E5050000 | call <JMP.&_scanf> |
004016FB | C74424 04 30414000 | mov dword ptr ss:[esp+4],accessme.404130 | [esp+04]:_scanf+18, 404130:"admin"
00401703 | C70424 58304000 | mov dword ptr ss:[esp],accessme.403058 | [esp]:"OLLYDBG.EXE", 403058:"Enter password for account '%s': "
0040170A | E8 E1050000 | call <JMP.&_printf> |
0040170F | C74424 04 A0404000 | mov dword ptr ss:[esp+4],accessme.4040A0 | [esp+04]:_scanf+18, 4040A0:"admin"
00401717 | C70424 55304000 | mov dword ptr ss:[esp],accessme.403055 | [esp]:"OLLYDBG.EXE", 403055:"%s"
0040171E | E8 BD050000 | call <JMP.&_scanf> |
00401723 | 8D85 98FEFFFF | lea eax,dword ptr ss:[ebp-168] |
00401729 | 894424 08 | mov dword ptr ss:[esp+8],eax | [esp+08]:__input_l
0040172D | C74424 04 A0404000 | mov dword ptr ss:[esp+4],accessme.4040A0 | [esp+04]:_scanf+18, 4040A0:"admin"
00401735 | C70424 30414000 | mov dword ptr ss:[esp],accessme.404130 | [esp]:"OLLYDBG.EXE", 404130:"admin"
0040173C | E8 CFFCFFFF | call <accessme.Check> |
00401741 | A3 14404000 | mov dword ptr ds:[404014],eax |
00401746 | 833D 14404000 05 | cmp dword ptr ds:[404014],5 |
0040174D | 75 0E | jne accessme.40175D |
0040174F | C70424 7A304000 | mov dword ptr ss:[esp],accessme.40307A | success
00401756 | E8 95050000 | call <JMP.&_printf> |
0040175B | EB 0C | jmp accessme.401769 |
0040175D | C70424 94304000 | mov dword ptr ss:[esp],accessme.403094 | fail
00401764 | E8 87050000 | call <JMP.&_printf> |
00401769 | E8 62050000 | call <JMP.&__getch> |
0040176E | C70424 BB304000 | mov dword ptr ss:[esp],accessme.4030BB | [esp]:"OLLYDBG.EXE", 4030BB:"cls"
00401775 | E8 46050000 | call <JMP.&_system> |
0040177A | E8 62FDFFFF | call accessme.4014E1 |
0040177F | B8 00000000 | mov eax,0 |
00401784 | C9 | leave |
00401785 | C3 | ret |
```
Check: 00401410
```assembly
00401410 | 55 | push ebp | check username & password
00401411 | 89E5 | mov ebp,esp |
00401413 | 83EC 18 | sub esp,18 |
00401416 | C705 10404000 000000 | mov dword ptr ds:[404010],0 |
00401420 | 8B45 08 | mov eax,dword ptr ss:[ebp+8] | [ebp+08]:name
00401423 | 890424 | mov dword ptr ss:[esp],eax | [esp]:"OLLYDBG.EXE"
00401426 | E8 15090000 | call <JMP.&_strlen> |
0040142B | 3905 10404000 | cmp dword ptr ds:[404010],eax |
00401431 | 73 22 | jae accessme.401455 |
00401433 | 8B45 08 | mov eax,dword ptr ss:[ebp+8] | [ebp+08]:"admin"
00401436 | 0305 10404000 | add eax,dword ptr ds:[404010] |
0040143C | 0FBE00 | movsx eax,byte ptr ds:[eax] |
0040143F | 0305 70404000 | add eax,dword ptr ds:[404070] |
00401445 | 83C0 25 | add eax,25 |
00401448 | A3 70404000 | mov dword ptr ds:[404070],eax |
0040144D | FF05 10404000 | inc dword ptr ds:[404010] |
00401453 | EB CB | jmp accessme.401420 | 将name每个字符的ascii相加起来(每一个还要额外+0x25)
00401455 | 8B45 08 | mov eax,dword ptr ss:[ebp+8] | [ebp+08]:"admin"
00401458 | 890424 | mov dword ptr ss:[esp],eax | [esp]:"OLLYDBG.EXE"
0040145B | E8 E0080000 | call <JMP.&_strlen> |
00401460 | 89C2 | mov edx,eax | length
00401462 | A1 70404000 | mov eax,dword ptr ds:[404070] | 上一步的运算结果
00401467 | 0FAFC2 | imul eax,edx | *
0040146A | A3 70404000 | mov dword ptr ds:[404070],eax |
0040146F | 8B45 10 | mov eax,dword ptr ss:[ebp+10] | [ebp+10]:"OLLYDBG.EXE"
00401472 | 890424 | mov dword ptr ss:[esp],eax | [esp]:"OLLYDBG.EXE"
00401475 | E8 BBFEFFFF | call <accessme._checkProcess> |
0040147A | 85C0 | test eax,eax |
0040147C | 75 10 | jne accessme.40148E |
0040147E | 8B45 08 | mov eax,dword ptr ss:[ebp+8] | [ebp+08]:"admin"
00401481 | 890424 | mov dword ptr ss:[esp],eax | [esp]:"OLLYDBG.EXE"
00401484 | E8 07FEFFFF | call <accessme.IsUsernameExists> |
00401489 | A3 90404000 | mov dword ptr ds:[404090],eax |
0040148E | 833D 90404000 05 | cmp dword ptr ds:[404090],5 |
00401495 | 7E 10 | jle accessme.4014A7 |
00401497 | A1 90404000 | mov eax,dword ptr ds:[404090] |
0040149C | 0305 70404000 | add eax,dword ptr ds:[404070] |
004014A2 | 8945 FC | mov dword ptr ss:[ebp-4],eax |
004014A5 | EB 35 | jmp accessme.4014DC |
004014A7 | 8B15 90404000 | mov edx,dword ptr ds:[404090] | edx:_KiFastSystemCallRet@0
004014AD | 89D0 | mov eax,edx | edx:_KiFastSystemCallRet@0
004014AF | C1E0 04 | shl eax,4 |
004014B2 | 01D0 | add eax,edx | edx:_KiFastSystemCallRet@0
004014B4 | C1E0 03 | shl eax,3 |
004014B7 | 0305 80404000 | add eax,dword ptr ds:[404080] |
004014BD | 83C0 40 | add eax,40 | find password
004014C0 | 894424 04 | mov dword ptr ss:[esp+4],eax | [esp+04]:_scanf+18
004014C4 | 8B45 0C | mov eax,dword ptr ss:[ebp+C] | [ebp+0C]:"admin"
004014C7 | 890424 | mov dword ptr ss:[esp],eax | [esp]:"OLLYDBG.EXE"
004014CA | E8 61080000 | call <JMP.&_strcmp> |
004014CF | 85C0 | test eax,eax |
004014D1 | 75 09 | jne accessme.4014DC |
004014D3 | C745 FC 05000000 | mov dword ptr ss:[ebp-4],5 | 返回5代表成功
004014DA | EB 00 | jmp accessme.4014DC |
004014DC | 8B45 FC | mov eax,dword ptr ss:[ebp-4] |
004014DF | C9 | leave |
004014E0 | C3 | ret |
```
_checkProcess: 00401335 内容就不放了
IsUsernameExists: 00401290
```assembly
00401290 | 55 | push ebp |
00401291 | 89E5 | mov ebp,esp |
00401293 | 83EC 18 | sub esp,18 |
00401296 | C705 10404000 000000 | mov dword ptr ds:[404010],0 |
004012A0 | 8B45 08 | mov eax,dword ptr ss:[ebp+8] | [ebp+08]:"admin"
004012A3 | 890424 | mov dword ptr ss:[esp],eax | [esp]:"OLLYDBG.EXE"
004012A6 | E8 950A0000 | call <JMP.&_strlen> |
004012AB | 3905 10404000 | cmp dword ptr ds:[404010],eax |
004012B1 | 73 75 | jae accessme.401328 |
004012B3 | 8B45 08 | mov eax,dword ptr ss:[ebp+8] | [ebp+08]:"admin"
004012B6 | 0305 10404000 | add eax,dword ptr ds:[404010] |
004012BC | 0FBE00 | movsx eax,byte ptr ds:[eax] |
004012BF | 0305 70404000 | add eax,dword ptr ds:[404070] |
004012C5 | 05 DE000000 | add eax,DE |
004012CA | A3 70404000 | mov dword ptr ds:[404070],eax |
004012CF | C705 B0414000 010000 | mov dword ptr ds:[4041B0],1 |
004012D9 | 833D B0414000 03 | cmp dword ptr ds:[4041B0],3 |
004012E0 | 7F 3B | jg accessme.40131D |
004012E2 | 8B15 B0414000 | mov edx,dword ptr ds:[4041B0] | edx:_KiFastSystemCallRet@0
004012E8 | 89D0 | mov eax,edx | edx:_KiFastSystemCallRet@0
004012EA | C1E0 04 | shl eax,4 |
004012ED | 01D0 | add eax,edx | edx:_KiFastSystemCallRet@0
004012EF | C1E0 03 | shl eax,3 |
004012F2 | 0305 80404000 | add eax,dword ptr ds:[404080] |
004012F8 | 894424 04 | mov dword ptr ss:[esp+4],eax | [esp+04]:_scanf+18
004012FC | 8B45 08 | mov eax,dword ptr ss:[ebp+8] | [ebp+08]:"admin"
004012FF | 890424 | mov dword ptr ss:[esp],eax | [esp]:"OLLYDBG.EXE"
00401302 | E8 290A0000 | call <JMP.&_strcmp> | 匹配用户名
00401307 | 85C0 | test eax,eax |
00401309 | 75 0A | jne accessme.401315 |
0040130B | A1 B0414000 | mov eax,dword ptr ds:[4041B0] |
00401310 | 8945 FC | mov dword ptr ss:[ebp-4],eax |
00401313 | EB 1B | jmp accessme.401330 |
00401315 | FF05 B0414000 | inc dword ptr ds:[4041B0] |
0040131B | EB BC | jmp accessme.4012D9 |
0040131D | FF05 10404000 | inc dword ptr ds:[404010] |
00401323 | E9 78FFFFFF | jmp accessme.4012A0 |
00401328 | A1 70404000 | mov eax,dword ptr ds:[404070] |
0040132D | 8945 FC | mov dword ptr ss:[ebp-4],eax |
00401330 | 8B45 FC | mov eax,dword ptr ss:[ebp-4] |
00401333 | C9 | leave |
00401334 | C3 | ret |
```