最近对逆向分析技术有了了解。。非常感兴趣。
分析一个例子吧。。
什么功能都没有。。练手的东西。。呵
提示错误信息是:Incorrect try again!
载入OD直接查找这个字符串。。。下断点
0040155C |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C] ; strlen这个函数的参数
0040155F |. 50 PUSH EAX ; /压栈
00401560 |. FF15 04204000 CALL DWORD PTR DS:[<&KERNEL32.lstrlenA>] ; \lstrlenA
00401566 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
00401569 |. 837D F0 01 CMP DWORD PTR SS:[EBP-10],1 ; 返回跟1比较
0040156D |. 73 16 JNB SHORT CRACKME.00401585 ; 不小于1向下跳
0040156F |. 6A 40 PUSH 40
00401571 |. 68 2C304000 PUSH CRACKME.0040302C ; crackme
00401576 |. 68 34304000 PUSH CRACKME.00403034 ; enter registration number
0040157B |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]
0040157E |. E8 7B050000 CALL <JMP.&MFC42.#4224_?MessageBoxA@CWnd@@QAEHPBD0I@Z>
00401583 |. EB 3C JMP SHORT CRACKME.004015C1
00401585 |> 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C] ; strcmp的第一个参数
00401588 |. 51 PUSH ECX ; /String2
00401589 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C] ; |第二个参数
0040158C |. 52 PUSH EDX ; |String1
0040158D |. FF15 00204000 CALL DWORD PTR DS:[<&KERNEL32.lstrcmpA>] ; \lstrcmpA
00401593 |. 85C0 TEST EAX,EAX
00401595 75 16 JNZ SHORT CRACKME.004015AD ; 关键跳
00401597 |. 6A 40 PUSH 40
00401599 |. 68 50304000 PUSH CRACKME.00403050 ; crackme
0040159E |. 68 58304000 PUSH CRACKME.00403058 ; correct way to go!!
004015A3 |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]
004015A6 |. E8 53050000 CALL <JMP.&MFC42.#4224_?MessageBoxA@CWnd@@QAEHPBD0I@Z>
004015AB |. EB 14 JMP SHORT CRACKME.004015C1
004015AD |> 6A 40 PUSH 40
004015AF |. 68 6C304000 PUSH CRACKME.0040306C ; crackme
004015B4 |. 68 74304000 PUSH CRACKME.00403074 ; incorrect try again!!
004015B9 |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]
004015BC |. E8 3D050000 CALL <JMP.&MFC42.#4224_?MessageBoxA@CWnd@@QAEHPBD0I@Z>
004015C1 |> 8BE5 MOV ESP,EBP
004015C3 |. 5D POP EBP
004015C4 \. C3 RETN
