關(guān)鍵代碼段分析：

00401528??|.?68?00010000????PUSH?100????????????????????????????????????????????????? ;?/Count?=?100?(256.)
0040152D??|.?8D85?00FFFFFF??LEA?EAX,DWORD?PTR?SS:[EBP-100]???????????;?|? eax = ebp -100;? // 在棧上申請(qǐng)100DWord的數(shù)組空間，存放name
00401533??|.?50?????????????PUSH?EAX????????????????????????????????

00401534??|.?6A?65??????????PUSH?65?????????????????????????????????????????????????????? ??;?|ControlID?=?65?(101.)
00401536??|.?FF75?08????????PUSH?DWORD?PTR?SS:[EBP+8]??????????????????????? ;?|hWnd
00401539??|.?E8?FA010000????CALL?<JMP.&USER32.GetDlgItemTextA>???????;?\GetDlgItemTextA

// 把參數(shù)壓入棧中，調(diào)用 GetDlgItemTextA 函數(shù)? 轉(zhuǎn)換成高級(jí)語(yǔ)言是：

// GetDlgItemTextA(hwnd, 0x65/*IDC_BUTTON*/, buffer, 100/*sizeof(bufffer)*/ );

0040153E??|.?89C3???????????MOV?EBX,EAX????????????????????????????????????????????????????????????//ebx = eax = GetDlgItemTextA的返回值? ， 取得的字符串的長(zhǎng)度
00401540??|.?09DB???????????OR?EBX,EBX????????????????????????????????????????????????????????????? //判斷長(zhǎng)度是否為空
00401542??|.?75?04??????????JNZ?SHORT?unpacked.00401548???????????????????????????????? //用戶名不空就跳，否則就掛
00401544??|.?31C0???????????XOR?EAX,EAX???????????????????????????????????????????????????????????//??????????
00401546??|.?EB?50??????????JMP?SHORT?unpacked.00401598????????????????????????????????? //函數(shù)結(jié)束的地址。

?

00401548??|>?BF?BC020000????MOV?EDI,2BC?????????????????????????????
0040154D??|.?BE?30000000????MOV?ESI,30
00401552??|.?B8?48000000????MOV?EAX,48
00401557??|.?99?????????????CDQ
00401558??|.?F7FB???????????IDIV?EBX?????????????????????????????????????????????????????? //ebx 存放的是Namelength
0040155A??|.?29C6???????????SUB?ESI,EAX
0040155C??|.?8D34B6?????????LEA?ESI,DWORD?PTR?DS:[ESI+ESI*4]?
0040155F??|.?29F7???????????SUB?EDI,ESI
00401561??|.?6BFF?6B????????IMUL?EDI,EDI,6B
00401564??|.?81EF?6CCF0000??SUB?EDI,0CF6C

?

?//EDI=(2bc-(30-48/namelen)*5)*6b-cf6c,得出的EDI必須在190-2300之間，否則就掛
0040156A??|.?81FF?00230000??CMP?EDI,2300??????????????????????????

00401570??|.?7F?08??????????JG?SHORT?unpacked.0040157A??????????????????????.
00401572??|.?81FF?90010000??CMP?EDI,190?????????????????????????????
00401578??|.?7D?04??????????JGE?SHORT?unpacked.0040157E
0040157A??|>?31C0???????????XOR?EAX,EAX

?//? edi? > 190? && edi <=2300

?

明天繼續(xù)

?

?

?

?

?

轉(zhuǎn)載于:https://www.cnblogs.com/herso/archive/2009/04/01/1427560.html

總結(jié)

以上是生活随笔為你收集整理的逆向--- crackme6的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。