新CrackMe160之027 - CRACK1

about介绍中可知是delphi写的,直接用IDR查看源码

 crackme::TForm1.Button1Click
 0042D510    push       ebp
 0042D511    mov        ebp,esp
 0042D513    push       0
 0042D515    push       ebx
 0042D516    mov        ebx,eax
 0042D518    xor        eax,eax
 0042D51A    push       ebp
 0042D51B    push       42D57B
 0042D520    push       dword ptr fs:[eax]
 0042D523    mov        dword ptr fs:[eax],esp
 0042D526    lea        edx,[ebp-4]
 0042D529    mov        eax,dword ptr [ebx+1DC]; TForm1.Edit1:TEdit
 0042D52F    call       TControl.GetText
 0042D534    mov        eax,dword ptr [ebp-4]
 0042D537    mov        edx,42D590; 'Benadryl'
 0042D53C    call       @LStrCmp
>0042D541    je         0042D555
 0042D543    mov        edx,42D5A4; 'Wrong Code DUDE'
 0042D548    mov        eax,dword ptr [ebx+1E8]; TForm1.Edit2:TEdit
 0042D54E    call       TControl.SetText
>0042D553    jmp        0042D565
 0042D555    mov        edx,42D5BC; 'Thanks you made it'
 0042D55A    mov        eax,dword ptr [ebx+1E8]; TForm1.Edit2:TEdit
 0042D560    call       TControl.SetText
 0042D565    xor        eax,eax
 0042D567    pop        edx
 0042D568    pop        ecx
 0042D569    pop        ecx
 0042D56A    mov        dword ptr fs:[eax],edx
 0042D56D    push       42D582
 0042D572    lea        eax,[ebp-4]
 0042D575    call       @LStrClr
 0042D57A    ret
<0042D57B    jmp        @HandleFinally
<0042D580    jmp        0042D572
 0042D582    pop        ebx
 0042D583    pop        ecx
 0042D584    pop        ebp
 0042D585    ret

一眼看到了固定串“Benadryl”,输入测试成功~ 搞定

 
 
本节高手录制的视频,点击前往查看

 
 
 

使用的工具连接(工具有点多有点大,可以先下OD,其它的后面慢慢下) 点击前往下载

下面是我的OD的界面布局,我觉得这4个是最常用的界面,其它的我基本上没用到~
OD界面布局

posted @ 2024-12-10 09:10  hankerstudio  阅读(3)  评论(0)    收藏  举报