crackcode代码分享笔记(一) -pc6资讯

您的位置：首页 → 精文荟萃 → 破解文章 → crackcode代码分享笔记(一)

crackcode代码分享笔记(一) 时间：2004/10/15 0:59:00来源：本站整理作者：蓝点我要评论(0): 　今天有些失眠，睡不着，所以闲着也是闲着。今天刚把crackcode下了，挺小的才11.5k。
把它反汇编了。想慢慢的把程序从头读一遍，估计不会很难吧！：）今天还行，看了一点点，
先和大家分享。我的汇编语言也学的马虎，如果你们觉注释还能看得过去的，就将就将！
:00401000 53 push ebx
:00401001 55 push ebp
:00401002 56 push esi
:00401003 57 push edi
:00401004 6A00 push 00000000

* Possible StringData Ref from Data Obj ->"Crackcode 2000 -- Author:Ru Feng "
->"(http:\\ocqpat.163.net)"
|
:00401006 68AC624000 push 004062AC

* Possible StringData Ref from Data Obj ->"Thank you for using the Crackcode!Let "
->"us make the keygen so easy!"
|
:0040100B 6868624000 push 00406268
:00401010 6A00 push 00000000

* Reference To: USER32.MessageBoxA, Ord:0000h
|
:00401012 FF15C0504000 Call dword ptr [004050C0]
              ^^^^^^^^^^^^^^－－－》显示作者的堂堂大名。
:00401018 BE20A44000 mov esi, 0040A420
:0040101D BF04010000 mov edi, 00000104
:00401022 56 push esi
:00401023 57 push edi

* Reference To: KERNEL32.GetCurrentDirectoryA, Ord:0000h
|
:00401024 FF1504504000 Call dword ptr [00405004]
              ^^^^^^^^^^^^^^^－－－》取得当前的路径。

* Possible StringData Ref from Data Obj ->"CRACKCODE.INI"
|
:0040102A 68DC604000 push 004060DC

* Possible StringData Ref from Data Obj ->"\"
|
:0040102F 6864624000 push 00406264
:00401034 56 push esi
:00401035 E8360A0000 call 00401A70
:0040103A 59 pop ecx
:0040103B 59 pop ecx
:0040103C 50 push eax
:0040103D E82E0A0000 call 00401A70
:00401042 59 pop ecx
:00401043 BD50674000 mov ebp, 00406750
:00401048 59 pop ecx
^^^^^^^^^^^^^^^^－－》以上这段代码实现一个函数
strcat（）比如获得当前路径为C:\crackcode；那么
结果这段代码合并为：c:\crackcode\crackcode.ini

来看看00401A70中的代码：
:00401A70 8B4C2404 mov ecx, dword ptr [esp+04]
                      ^^^^^^^^－－－》ECX获得指向路径字符串
              ECX=40A620
:00401A74 57 push edi
:00401A75 F7C103000000 test ecx, 00000003
:00401A7B 740F je 00401A8C

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401A8A(C)
|
:00401A7D 8A01 mov al, byte ptr [ecx]
:00401A7F 41 inc ecx
:00401A80 84C0 test al, al
:00401A82 743B je 00401ABF
:00401A84 F7C103000000 test ecx, 00000003
:00401A8A 75F1 jne 00401A7D

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401A7B(C), :00401AA2(C), :00401ABD(U)
|
:00401A8C 8B01 mov eax, dword ptr [ecx]
:00401A8E BAFFFEFE7E mov edx, 7EFEFEFF
:00401A93 03D0 add edx, eax
:00401A95 83F0FF xor eax, FFFFFFFF
:00401A98 33C2 xor eax, edx
:00401A9A 83C104 add ecx, 00000004
:00401A9D A900010181 test eax, 81010100
:00401AA2 74E8 je 00401A8C
              ^^^^^^^^^^^^^^^^－－》这段代码是循环取四个字符
              确定到那四个字符为结尾
:00401AA4 8B41FC mov eax, dword ptr [ecx-04]
:00401AA7 84C0 test al, al
:00401AA9 7423 je 00401ACE
:00401AAB 84E4 test ah, ah
:00401AAD 741A je 00401AC9
:00401AAF A90000FF00 test eax, 00FF0000
:00401AB4 740E je 00401AC4
:00401AB6 A9000000FF test eax, FF000000
:00401ABB 7402 je 00401ABF
:00401ABD EBCD jmp 00401A8C
              ^^^^^^^^^^^^^^^－－》这段代码为确定最后四个字符
              中有多少个字符。分别跳到下面相应的程序
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401A82(C), :00401ABB(C)
|
:00401ABF 8D79FF lea edi, dword ptr [ecx-01]
:00401AC2 EB0D jmp 00401AD1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401AB4(C)
|
:00401AC4 8D79FE lea edi, dword ptr [ecx-02]
:00401AC7 EB08 jmp 00401AD1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401AAD(C)
|
:00401AC9 8D79FD lea edi, dword ptr [ecx-03]
:00401ACC EB03 jmp 00401AD1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401AA9(C)
|
＝＝＝＝＝＝＝＝＝＝＝＝＝＝下面的代码和也以上代码相似，不再作解释＝＝＝＝＝＝＝
:00401ACE 8D79FC lea edi, dword ptr [ecx-04]

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401A65(U), :00401AC2(U), :00401AC7(U), :00401ACC(U)
|
:00401AD1 8B4C240C mov ecx, dword ptr [esp+0C]
:00401AD5 F7C103000000 test ecx, 00000003
:00401ADB 7419 je 00401AF6

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401AED(C)
|
:00401ADD 8A11 mov dl, byte ptr [ecx]
:00401ADF 41 inc ecx
:00401AE0 84D2 test dl, dl
:00401AE2 7464 je 00401B48
:00401AE4 8817 mov byte ptr [edi], dl
:00401AE6 47 inc edi
:00401AE7 F7C103000000 test ecx, 00000003
:00401AED 75EE jne 00401ADD
:00401AEF EB05 jmp 00401AF6

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401B0E(C), :00401B28(U)
|
:00401AF1 8917 mov dword ptr [edi], edx
:00401AF3 83C704 add edi, 00000004

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401ADB(C), :00401AEF(U)
|
:00401AF6 BAFFFEFE7E mov edx, 7EFEFEFF
:00401AFB 8B01 mov eax, dword ptr [ecx]
:00401AFD 03D0 add edx, eax
:00401AFF 83F0FF xor eax, FFFFFFFF
:00401B02 33C2 xor eax, edx
:00401B04 8B11 mov edx, dword ptr [ecx]
:00401B06 83C104 add ecx, 00000004
:00401B09 A900010181 test eax, 81010100
:00401B0E 74E1 je 00401AF1
:00401B10 84D2 test dl, dl
:00401B12 7434 je 00401B48
:00401B14 84F6 test dh, dh
:00401B16 7427 je 00401B3F
:00401B18 F7C20000FF00 test edx, 00FF0000
:00401B1E 7412 je 00401B32
:00401B20 F7C2000000FF test edx, FF000000
:00401B26 7402 je 00401B2A
:00401B28 EBC7 jmp 00401AF1

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

小结：希望大家能不能帮我解答，以上代码中不明白的地方。

1、:00401A75 F7C103000000 test ecx, 00000003 －－》为什么要TEST??

2 对以下代码中为什么要加上7EFEFEFF 然后再XOR FFFFFFFF，能不能告诉我原因？
:00401A8C 8B01 mov eax, dword ptr [ecx]
:00401A8E BAFFFEFE7E mov edx, 7EFEFEFF
:00401A93 03D0 add edx, eax
:00401A95 83F0FF xor eax, FFFFFFFF
:00401A98 33C2 xor eax, edx
:00401A9A 83C104 add ecx, 00000004
:00401A9D A900010181 test eax, 81010100
:00401AA2 74E8 je 00401A8C

谢谢大家的帮助！！

今天就到这里，就到这里。。。。。。

文章评论

查看所有0条评论>>

热门文章 去除winrar注册框方法