环境
Windows xp sp3
工具
1.exeinfo PE
2.ollydbg
查壳
无壳Delphi程序
测试:
按照说明点到这个注册窗口。
OD载入搜字符串,直接可以定位到这里
0042D4A8 /. 55 push ebp
0042D4A9 |. 8BEC mov ebp,esp
0042D4AB |. 33C9 xor ecx,ecx
0042D4AD |. 51 push ecx
0042D4AE |. 51 push ecx
0042D4AF |. 51 push ecx
0042D4B0 |. 51 push ecx
0042D4B1 |. 53 push ebx
0042D4B2 |. 56 push esi
0042D4B3 |. 57 push edi
0042D4B4 |. 8BF0 mov esi,eax
0042D4B6 |. 33C0 xor eax,eax
0042D4B8 |. 55 push ebp
0042D4B9 |. 68 B2D54200 push DaNiEl-R.0042D5B2
0042D4BE |. 64:FF30 push dword ptr fs:[eax]
0042D4C1 |. 64:8920 mov dword ptr fs:[eax],esp
0042D4C4 |. 8D55 F8 lea edx,[local.2]
0042D4C7 |. 8B86 DC010000 mov eax,dword ptr ds:[esi+0x1DC]
0042D4CD |. E8 8EC9FEFF call DaNiEl-R.00419E60 ; 读入name
0042D4D2 |. 837D F8 00 cmp [local.2],0x0
0042D4D6 |. 74 14 je XDaNiEl-R.0042D4EC
0042D4D8 |. 8D55 F4 lea edx,[local.3]
0042D4DB |. 8B86 E0010000 mov eax,dword ptr ds:[esi+0x1E0]
0042D4E1 |. E8 7AC9FEFF call DaNiEl-R.00419E60 ; 读入serial
0042D4E6 |. 837D F4 00 cmp [local.3],0x0
0042D4EA |. 75 0F jnz XDaNiEl-R.0042D4FB
0042D4EC |> B8 C8D54200 mov eax,DaNiEl-R.0042D5C8 ; ASCII "One of the fields is empty!"
0042D4F1 |. E8 02FCFFFF call DaNiEl-R.0042D0F8
0042D4F6 |. E9 8C000000 jmp DaNiEl-R.0042D587
0042D4FB |> BB 01000000 mov ebx,0x1
0042D500 |. 8D55 F8 lea edx,[local.2]
0042D503 |. 8B86 DC010000 mov eax,dword ptr ds:[esi+0x1DC]
0042D509 |. E8 52C9FEFF call DaNiEl-R.00419E60
0042D50E |. 8B45 F8 mov eax,[local.2]
0042D511 |. E8 AA62FDFF call DaNiEl-R.004037C0
0042D516 |. 8BF8 mov edi,eax
0042D518 |. 8D45 FC lea eax,[local.1]
0042D51B |. E8 2460FDFF call DaNiEl-R.00403544
0042D520 |. 3BFB cmp edi,ebx
0042D522 |. 7C 32 jl XDaNiEl-R.0042D556
0042D524 |> 8D55 F8 /lea edx,[local.2]
0042D527 |. 8B86 DC010000 |mov eax,dword ptr ds:[esi+0x1DC]
0042D52D |. E8 2EC9FEFF |call DaNiEl-R.00419E60 ; 读入name
0042D532 |. 8B45 F8 |mov eax,[local.2]
0042D535 |. 33D2 |xor edx,edx
0042D537 |. 8A5418 FF |mov dl,byte ptr ds:[eax+ebx-0x1]
0042D53B |. 83C2 05 |add edx,0x5 ; 对name上每一个位加上5
0042D53E |. 8D45 F0 |lea eax,[local.4]
0042D541 |. E8 A261FDFF |call DaNiEl-R.004036E8
0042D546 |. 8B55 F0 |mov edx,[local.4]
0042D549 |. 8D45 FC |lea eax,[local.1] ; 结果存到这里
0042D54C |. E8 7762FDFF |call DaNiEl-R.004037C8
0042D551 |. 43 |inc ebx
0042D552 |. 3BFB |cmp edi,ebx
0042D554 |.^ 7D CE \jge XDaNiEl-R.0042D524
0042D556 |> 8D55 F8 lea edx,[local.2]
0042D559 |. 8B86 E0010000 mov eax,dword ptr ds:[esi+0x1E0]
0042D55F |. E8 FCC8FEFF call DaNiEl-R.00419E60
0042D564 |. 8B45 F8 mov eax,[local.2] ; 输入的serial
0042D567 |. 8B55 FC mov edx,[local.1] ; name + 5 的结果
0042D56A |. E8 6163FDFF call DaNiEl-R.004038D0 ; 判断是否相同而已
0042D56F |. 75 0C jnz XDaNiEl-R.0042D57D
0042D571 |. B8 ECD54200 mov eax,DaNiEl-R.0042D5EC ; ASCII "Congratz cracker! hehehe"
0042D576 |. E8 7DFBFFFF call DaNiEl-R.0042D0F8
0042D57B |. EB 0A jmp XDaNiEl-R.0042D587
0042D57D |> B8 10D64200 mov eax,DaNiEl-R.0042D610 ; ASCII "No no no! :( Try again!"
0042D582 |. E8 71FBFFFF call DaNiEl-R.0042D0F8
0042D587 |> 33C0 xor eax,eax
0042D589 |. 5A pop edx
0042D58A |. 59 pop ecx
0042D58B |. 59 pop ecx
0042D58C |. 64:8910 mov dword ptr fs:[eax],edx
0042D58F |. 68 B9D54200 push DaNiEl-R.0042D5B9
0042D594 |> 8D45 F0 lea eax,[local.4]
0042D597 |. E8 A85FFDFF call DaNiEl-R.00403544
0042D59C |. 8D45 F4 lea eax,[local.3]
0042D59F |. BA 02000000 mov edx,0x2
0042D5A4 |. E8 BF5FFDFF call DaNiEl-R.00403568
0042D5A9 |. 8D45 FC lea eax,[local.1]
0042D5AC |. E8 935FFDFF call DaNiEl-R.00403544
0042D5B1 \. C3 retn看出对输入没有长度判断,所以可以:
)
![Unicode与JavaScript详解 [很好的文章转]](http://pic.xiahunao.cn/Unicode与JavaScript详解 [很好的文章转])
