Jump to content
Tuts 4 You

[crackme] from pyg crackme


thisistest

Recommended Posts

一、取掉NAG窗口

BP MessageBoxA

00445077 . 8945 FC MOV DWORD PTR [EBP-4], EAX

0044507A . 8B45 FC MOV EAX, DWORD PTR [EBP-4]

0044507D . 66:83B8 D2020>CMP WORD PTR [EAX+2D2], 0

00445085 74 49 JE SHORT 004450D0 ; 此处改为JMP

00445087 . 33C0 XOR EAX, EAX

00445089 . 55 PUSH EBP

0044508A . 68 B1504400 PUSH 004450B1

0044508F . 64:FF30 PUSH DWORD PTR FS:[EAX]

00445092 . 64:8920 MOV DWORD PTR FS:[EAX], ESP

00445095 . 8B5D FC MOV EBX, DWORD PTR [EBP-4]

00445098 . 8B55 FC MOV EDX, DWORD PTR [EBP-4]

0044509B . 8B83 D4020000 MOV EAX, DWORD PTR [EBX+2D4]

004450A1 . FF93 D0020000 CALL DWORD PTR [EBX+2D0] ; 是唤出NAG窗口

004450A7 . 33C0 XOR EAX, EAX

004450A9 . 5A POP EDX

004450AA . 59 POP ECX

004450AB . 59 POP ECX

004450AC . 64:8910 MOV DWORD PTR FS:[EAX], EDX

004450AF . EB 1F JMP SHORT 004450D0

004450B1 .^ E9 AAE4FBFF JMP 00403560

004450B6 . 8B45 FC MOV EAX, DWORD PTR [EBP-4]

004450B9 . 66:BE ADFF MOV SI, 0FFAD

004450BD . E8 12E2FBFF CALL 004032D4

004450C2 . 84C0 TEST AL, AL

004450C4 . 75 05 JNZ SHORT 004450CB

004450C6 . E8 A9E7FBFF CALL 00403874

004450CB > E8 F8E7FBFF CALL 004038C8

004450D0 > 8B45 FC MOV EAX, DWORD PTR [EBP-4]

004450D3 . F680 F4020000>TEST BYTE PTR [EAX+2F4], 2

二、多开窗口

BP CreateMutexA

7C80E9CF > 8BFF MOV EDI, EDI ; ntdll.7C930208

7C80E9D1 55 PUSH EBP

7C80E9D2 8BEC MOV EBP, ESP

7C80E9D4 51 PUSH ECX

7C80E9D5 51 PUSH ECX

7C80E9D6 56 PUSH ESI

7C80E9D7 33F6 XOR ESI, ESI

7C80E9D9 3975 10 CMP DWORD PTR [EBP+10], ESI

堆桩:

0012FF88 00405DE3 /CALL 到 CreateMutexA 来自 dumped.00405DDE

0012FF8C 00000000 |pSecurity = NULL

0012FF90 00000000 |InitialOwner = FALSE

0012FF94 0044DF00 \MutexName = "OnlyOne"

0012FF98 /0012FFC0

0012FF9C |0044DEAF 返回到 dumped.0044DEAF 来自 dumped.00405DC8

0012FFA0 |00000000

CTRL+G:44DEAF

0044DEAF . 8BD8 MOV EBX, EAX

0044DEB1 . 85DB TEST EBX, EBX

0044DEB3 . 74 42 JE SHORT 0044DEF7

0044DEB5 . 85DB TEST EBX, EBX

0044DEB7 . 74 14 JE SHORT 0044DECD

0044DEB9 . E8 AA7FFBFF CALL <JMP.&kernel32.GetLastError> ; [GetLastError

0044DEBE . 3D B7000000 CMP EAX, 0B7

0044DEC3 75 08 JNZ SHORT 0044DECD ; 此处改为JMP

0044DEC5 . 53 PUSH EBX ; /hObject

0044DEC6 . E8 D57EFBFF CALL <JMP.&kernel32.CloseHandle> ; \CloseHandle

0044DECB . EB 2A JMP SHORT 0044DEF7

0044DECD > 8B0D A4F04400 MOV ECX, DWORD PTR [44F0A4] ; dumped.00450BD4

0044DED3 . A1 C8EF4400 MOV EAX, DWORD PTR [44EFC8]

0044DED8 . 8B00 MOV EAX, DWORD PTR [EAX]

0044DEDA . 8B15 18DA4400 MOV EDX, DWORD PTR [44DA18] ; dumped.0044DA64

0044DEE0 . E8 C7E4FFFF CALL 0044C3AC

CrackMe2.rar

Link to comment

The [crackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Link to comment

thisistest, can you please start using the correct topic title format other wise I will start putting your topics in to the Trashcan. Thank you... :thumbs:

Ted.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...