thisistest Posted December 14, 2008 Share Posted December 14, 2008 一、取掉NAG窗口BP MessageBoxA00445077 . 8945 FC MOV DWORD PTR [EBP-4], EAX0044507A . 8B45 FC MOV EAX, DWORD PTR [EBP-4]0044507D . 66:83B8 D2020>CMP WORD PTR [EAX+2D2], 000445085 74 49 JE SHORT 004450D0 ; 此处改为JMP00445087 . 33C0 XOR EAX, EAX00445089 . 55 PUSH EBP0044508A . 68 B1504400 PUSH 004450B10044508F . 64:FF30 PUSH DWORD PTR FS:[EAX]00445092 . 64:8920 MOV DWORD PTR FS:[EAX], ESP00445095 . 8B5D FC MOV EBX, DWORD PTR [EBP-4]00445098 . 8B55 FC MOV EDX, DWORD PTR [EBP-4]0044509B . 8B83 D4020000 MOV EAX, DWORD PTR [EBX+2D4]004450A1 . FF93 D0020000 CALL DWORD PTR [EBX+2D0] ; 是唤出NAG窗口004450A7 . 33C0 XOR EAX, EAX004450A9 . 5A POP EDX004450AA . 59 POP ECX004450AB . 59 POP ECX004450AC . 64:8910 MOV DWORD PTR FS:[EAX], EDX004450AF . EB 1F JMP SHORT 004450D0004450B1 .^ E9 AAE4FBFF JMP 00403560004450B6 . 8B45 FC MOV EAX, DWORD PTR [EBP-4]004450B9 . 66:BE ADFF MOV SI, 0FFAD004450BD . E8 12E2FBFF CALL 004032D4004450C2 . 84C0 TEST AL, AL004450C4 . 75 05 JNZ SHORT 004450CB004450C6 . E8 A9E7FBFF CALL 00403874004450CB > E8 F8E7FBFF CALL 004038C8004450D0 > 8B45 FC MOV EAX, DWORD PTR [EBP-4]004450D3 . F680 F4020000>TEST BYTE PTR [EAX+2F4], 2二、多开窗口BP CreateMutexA7C80E9CF > 8BFF MOV EDI, EDI ; ntdll.7C9302087C80E9D1 55 PUSH EBP7C80E9D2 8BEC MOV EBP, ESP7C80E9D4 51 PUSH ECX7C80E9D5 51 PUSH ECX7C80E9D6 56 PUSH ESI7C80E9D7 33F6 XOR ESI, ESI7C80E9D9 3975 10 CMP DWORD PTR [EBP+10], ESI堆桩:0012FF88 00405DE3 /CALL 到 CreateMutexA 来自 dumped.00405DDE0012FF8C 00000000 |pSecurity = NULL0012FF90 00000000 |InitialOwner = FALSE0012FF94 0044DF00 \MutexName = "OnlyOne"0012FF98 /0012FFC00012FF9C |0044DEAF 返回到 dumped.0044DEAF 来自 dumped.00405DC80012FFA0 |00000000CTRL+G:44DEAF0044DEAF . 8BD8 MOV EBX, EAX0044DEB1 . 85DB TEST EBX, EBX0044DEB3 . 74 42 JE SHORT 0044DEF70044DEB5 . 85DB TEST EBX, EBX0044DEB7 . 74 14 JE SHORT 0044DECD0044DEB9 . E8 AA7FFBFF CALL <JMP.&kernel32.GetLastError> ; [GetLastError0044DEBE . 3D B7000000 CMP EAX, 0B70044DEC3 75 08 JNZ SHORT 0044DECD ; 此处改为JMP0044DEC5 . 53 PUSH EBX ; /hObject0044DEC6 . E8 D57EFBFF CALL <JMP.&kernel32.CloseHandle> ; \CloseHandle0044DECB . EB 2A JMP SHORT 0044DEF70044DECD > 8B0D A4F04400 MOV ECX, DWORD PTR [44F0A4] ; dumped.00450BD40044DED3 . A1 C8EF4400 MOV EAX, DWORD PTR [44EFC8]0044DED8 . 8B00 MOV EAX, DWORD PTR [EAX]0044DEDA . 8B15 18DA4400 MOV EDX, DWORD PTR [44DA18] ; dumped.0044DA640044DEE0 . E8 C7E4FFFF CALL 0044C3ACCrackMe2.rar Link to comment Share on other sites More sharing options...
blaCke Posted December 14, 2008 Share Posted December 14, 2008 unpacked unpacked.rar Link to comment Share on other sites More sharing options...
Teddy Rogers Posted December 15, 2008 Share Posted December 15, 2008 The [crackme] tag has been added to your topic title.Please remember to follow and adhere to the topic title format - thankyou![This is an automated reply] Link to comment Share on other sites More sharing options...
Teddy Rogers Posted December 15, 2008 Share Posted December 15, 2008 thisistest, can you please start using the correct topic title format other wise I will start putting your topics in to the Trashcan. Thank you... Ted. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now