{"id":380,"date":"2018-04-13T23:19:04","date_gmt":"2018-04-13T15:19:04","guid":{"rendered":"https:\/\/flandre-scarlet.moe\/blog\/?p=380"},"modified":"2019-05-14T00:46:41","modified_gmt":"2019-05-13T16:46:41","slug":"crackme-%e5%8f%8d%e6%b1%87%e7%bc%96%e7%bb%83%e4%b9%a0%e4%b9%8b-005","status":"publish","type":"post","link":"https:\/\/flandre-scarlet.moe\/blog\/380\/","title":{"rendered":"CrackMe \u53cd\u6c47\u7f16\u7ec3\u4e60\u4e4b 005"},"content":{"rendered":"<p>\u4f5c\u4e3a\u7ec3\u624b\u7684 160 \u4e2a CrackMe \u7cfb\u5217\u6574\u7406\u5206\u6790<br \/>\n<!--more--><\/p>\n<p>CrackMe \u6765\u6e90\uff1a<a href=\"https:\/\/www.52pojie.cn\/thread-709699-1-1.html\" rel=\"noopener noreferrer\" target=\"_blank\">\u3010\u53cd\u6c47\u7f16\u7ec3\u4e60\u3011160\u4e2aCrackME\u7d22\u5f15\u76ee\u5f551~160\u5efa\u8bae\u6536\u85cf\u5907\u7528<\/a><\/p>\n<\/p>\n<h1>005<\/h1>\n<p>005 \u6bd4 004 \u590d\u6742\u4e86\u771f\u4e0d\u662f\u4e00\u70b9\u534a\u70b9\uff0c\u6d41\u7a0b\u4e00\u73af\u5957\u7740\u4e00\u73af\u3002\u3002\u3002\u6709\u4e86 004 \u7684\u6559\u8bad\uff0c\u8fd9\u6b21\u76f4\u63a5\u62d6 dede, \u53d1\u73b0\u6709 upx \u7684\u58f3\uff0c\u624b\u8131\u4e86\u4e00\u4e0b\u53d1\u73b0 dede \u6254\u8bc6\u522b\u4e0d\u4e86\uff08\u533a\u6bb5\u6ca1\u8fd8\u539f\u5427\uff09\uff0c\u4e0d\u8fc7\u6ca1\u5173\u7cfb\uff0c\u53ef\u4ee5\u76f4\u63a5\u7528 hex \u7f16\u8f91\u5668\u6253\u5f00\u67e5\u627e\u4e8b\u4ef6\u51fd\u6570\u5730\u5740\uff0c\u5b57\u7b26\u4e32\u524d4\u5b57\u8282\u5c31\u662f\u51fd\u6570\u7684\u5730\u5740\u4e86\u3002<img decoding=\"async\" src=\"https:\/\/flandre-scarlet.moe\/blog\/wp-content\/uploads\/2018\/04\/crackme-05-1.png\" alt=\"\u67e5\u627e\u4e8b\u4ef6\u5904\u7406\u51fd\u6570\" \/><\/br>\u4e0d\u8fc7\u5728\u4e0b\u65ad\u4e4b\u524d\uff0c\u5148\u641c\u7d22\u4e00\u4e0b\u5b57\u7b26\u4e32\uff0c\u9a6c\u4e0a\u5c31\u53d1\u73b0\u4e86\u8fd9\u4e2a\uff0c<img decoding=\"async\" src=\"https:\/\/flandre-scarlet.moe\/blog\/wp-content\/uploads\/2018\/04\/crackme-05-2.png\" alt=\"\u5b57\u7b26\u4e32\" \/><\/br>\u5b9a\u4f4d\u5230\u51fd\u6570\u91cc\u53d1\u73b0\u51fd\u6570\u524d\u90e8\u6709\u51e0\u4e2a\u8df3\u8f6c\uff0c\u7206\u7834\u53ea\u8981\u628a\u8fd9\u91cc\u5e72\u6389\u5c31\u597d\u4e86\uff0c\u7684\u786e\u5f88\u7b80\u5355\u3002<img decoding=\"async\" src=\"https:\/\/flandre-scarlet.moe\/blog\/wp-content\/uploads\/2018\/04\/crackme-05-3.png\" alt=\"\u6ce8\u518c\u5904\" \/><\/br>\u4e0d\u8fc7\u975e\u7206\u7834\u5c31\u8981\u6574\u7406\u8fd9\u4e2a\u86cb\u75bc\u7684\u6ce8\u518c\u6d41\u7a0b\u4e86\uff01<\/p>\n<p>\u89c2\u5bdf\u8fd9\u51e0\u4e2a\u53d8\u91cf\uff0c\u901a\u8fc7\u6ce8\u518c\u9700\u8981\uff1a<\/p>\n<ol>\n<li>esi+0x304 \u4e0d\u7b49\u4e8e 0xc34<\/li>\n<li>esi+0x308 \u4e0d\u7b49\u4e8e 0x230d<\/li>\n<li>esi+0x310 \u7b49\u4e8e   0xf94<\/li>\n<li>esi+0x314 \u7b49\u4e8e   esi+0x318<\/li>\n<li>esi+0x31c \u4e0d\u7b49\u4e8e 0x3e7<\/li>\n<\/ol>\n<p>\u63a5\u4e0b\u6765\u901a\u8fc7\u67e5\u627e\u5b9a\u4f4d\u5bf9\u5404\u4e2a\u53d8\u91cf\u7684\u8d4b\u503c\u70b9\uff0c\u53ef\u4ee5\u76f4\u63a5\u5728 OD \u4e2d\u641c\u7d22 0x308\u30010x310 \u7b49\u504f\u79fb\u5e38\u91cf\uff0c\u6536\u96c6\u4e86\u4e00\u901a\u540e\u7ed3\u679c\u5982\u4e0b\uff1a<\/p>\n<ul>\n<li>\u521d\u59cb\u5316\uff1a0x304=0xc34(\u6709\u6761\u4ef6), 0x308=0x28e, 0x30c=0x9, 0x314=0xb, 0x318=0x0\u3002<\/li>\n<li>esi+0x308: \u8fdb\u5165 Button1MouseDown 5\u6b21\uff0c\u4f7f\u5176\u4ece 0x28e \u7d2f\u52a0(\u6bcf\u6b21+3)\u5230 0x29d\uff0c\u6ce8\u610f\u8981\u53f3\u952e\u70b9\u51fb\u3002<img decoding=\"async\" src=\"https:\/\/flandre-scarlet.moe\/blog\/wp-content\/uploads\/2018\/04\/crackme-05-4.png\" alt=\"\u70b9\u51fb\u6ce8\u518c\u6309\u94ae\" \/><\/li>\n<li>esi+0x30c: \u901a\u8fc7 Edit2DblClick \u8fdb\u884c\u8d4b\u503c\uff0c\u8be5\u51fd\u6570\u540c\u65f6\u4f1a\u6821\u9a8c\u7528\u6237\u540d\u548c\u5bc6\u7801\uff0c\u800c\u4e14\u8d4b\u7684\u503c\u662f\u7ecf\u8fc7\u5904\u7406\u7684 GetDiskFreeSpaceEx \u8fd4\u56de\u503c\uff08\u7528\u6237\u540d\u957f\u5ea6\u4e5f\u4f1a\u4ea7\u751f\u5f71\u54cd\uff09\uff0c\u5728\u4e0b\u9762\u79fb\u52a8\u9f20\u6807\u51fd\u6570\u91cc\u53ef\u4ee5\u770b\u5230\u5b83\u7684\u53d6\u503c\u8303\u56f4\u662f 0~3\u3002<img decoding=\"async\" src=\"https:\/\/flandre-scarlet.moe\/blog\/wp-content\/uploads\/2018\/04\/crackme-05-5.png\" alt=\"0x30c\u53d6\u503c\" \/><\/li>\n<li>esi+0x310: \u5728 MouseMove \u4e8b\u4ef6\u4e2d\u5148\u9f20\u6807(\u4ece\u7a97\u53e3\u5916)\u79fb\u52a8\u5230\u53f3\u4e0b\u89d2\uff0c\u7136\u540e(\u4ece\u7a97\u53e3\u5916)\u79fb\u52a8\u5230\u5de6\u4e0b\u89d2\uff0c\u4f7f\u5176\u8d4b\u503c\u4e3a 0xf94\u3002<img decoding=\"async\" src=\"https:\/\/flandre-scarlet.moe\/blog\/wp-content\/uploads\/2018\/04\/crackme-05-6.png\" alt=\"mousemove\" \/><\/li>\n<li>esi+0x314: \u5728 MouseMove \u4e8b\u4ef6\u91cc\u7531 0x30c \u7684\u503c\u8fdb\u884c\u521d\u59cb\u5316\uff0c\u5bf9\u5e94\u6709 4 \u79cd\u4e0d\u540c\u7684\u503c\u3002<\/li>\n<li>esi+0x318: \u901a\u8fc7\u70b9\u51fb\u51e0\u5f20\u4e09\u5b57\u7ecf\u56fe\u50cf\u4f1a\u4f7f\u8be5\u53d8\u91cf\u7d2f\u52a0\u4e00\u4e2a\u503c\uff0c\u51d1\u6210\u548c 0x314 \u4e00\u6837\u5373\u53ef\u3002<\/li>\n<li>\u53e6\u5916\u5de6\u952e\u70b9\u6ce8\u518c\u4f1a\u4f7f 0x308 \u53d8\u4e3a 0x230d\uff0c\u5e76\u4e14\u65e0\u6cd5\u6062\u590d\uff0c\u9700\u8981\u91cd\u65b0\u8fd0\u884c\u7a0b\u5e8f\u3002<\/li>\n<\/ul>\n<p>\u4e00\u5f00\u59cb\u6ca1\u627e\u5230 Edit2\uff0c \u77e5\u9053\u5e94\u8be5\u505a\u4e86\u624b\u811a\u4f46\u662f\u6ca1\u60f3\u5230\u90a3\u4e2a\u8ff7\u4e4b\u5b57\u7b26\u4e32\u5c45\u7136\u771f\u7684\u662f\u4e2a\u8def\u5f84\uff0c\u8981\u51c6\u5907\u597d\u6587\u4ef6\uff0c\u540e\u6765\u627e\u4e86\u627e\u5927\u795e\u7684\u5206\u6790\u624d\u77e5\u9053\u8981\u8fd9\u4e48\u505a _(\u00b7\u03c9\u00b7\u300d\u2220)_\uff0c\u7136\u540e Edit2 \u5c31\u51fa\u6765\u4e86\uff0c\u540c\u65f6\u8fd9\u4e5f\u662f\u7a81\u7834 0x304 \u6821\u9a8c\u7684\u5730\u65b9\u3002\n<\/p>\n<p>\u6700\u540e\u603b\u7ed3\u4e00\u4e0b\u6d41\u7a0b\uff1a<\/p>\n<ol>\n<li>\u51c6\u5907\u597d\u6587\u4ef6 X:\\ajj.126.c0m\\j\\o\\j\\o\\ok.txt\uff0c\u5185\u5bb9\u4e3a &#8221; ajj\u5199\u7684CKme\u771f\u70c2!&#8221;\uff0c\u6ce8\u610f\u524d\u9762\u6709\u4e2a\u7a7a\u683c\u800c\u4e14\u6700\u540e\u6709\u4e24\u4e2a\u4e0d\u53ef\u6253\u5370\u5b57\u7b26 0xff 0xff\uff0c\u624b\u52a8\u6dfb\u52a0\u5427\u3002<\/li>\n<li>\u53f3\u952e\u70b9\u51fb\u6ce8\u518c\u6309\u94ae5\u6b21\uff0c\u53cc\u51fb\u56fe\u50cf\u63a7\u4ef6\u7a7a\u767d\u5904\u6fc0\u6d3b\u6ce8\u518c\u7801\u8f93\u5165\u6846\u3002\uff08\u53cc\u51fb\u7a7a\u767d\u5904\u65f6\u8981\u6c42 0x308 \u7b49\u4e8e 0x29d\uff09<\/li>\n<li>\u7528\u6237\u540d\uff1a\u957f\u5ea6\u4e3a3\u7684\u500d\u6570\uff0c\u7559\u7a7a\u4e5f\u884c\uff1b\u6ce8\u518c\u7801\uff1a\u957f\u5ea6\u4e3a8\uff0c\u7b2c\u4e8c\u4e2a\u5b57\u7b26\u4e3a\u4e0b\u5212\u7ebf\uff0c\u7b2c\u516d\u4e2a\u5b57\u7b26\u4e3a\u82f1\u6587\u9017\u53f7\u3002\u7136\u540e\u53cc\u51fb\u6ce8\u518c\u7801\u8f93\u5165\u6846\u3002<\/li>\n<li>\u663e\u793a\u201c\u6027\u76f8\u8fd1\u201d\u56fe\u50cf\u65f6\u5c06\u9f20\u6807\u4ece\u7a97\u53e3\u5916\u53f3\u4e0b\u89d2\u79fb\u5165\u7a97\u53e3\u3002<\/li>\n<li>\u663e\u793a\u201c\u6027\u672c\u5584\u201d\u56fe\u50cf\u65f6\u5c06\u9f20\u6807\u4ece\u7a97\u53e3\u5916\u5de6\u4e0b\u89d2\u79fb\u5165\u7a97\u53e3\u3002<\/li>\n<li>\u6839\u636e\u7b2c 3 \u6b65\u521d\u59cb\u5316 0x30c \u7684\u60c5\u51b5\uff08\u67094\u79cd\u503c\uff09\uff0c\u5206\u522b\u7528\u5de6\u952e\u6216\u53f3\u952e\u70b9\u51fb\u56fe\u50cf1~4, \u4f7f 0x318 \u7d2f\u52a0\u81f3 0x314\u3002\u6211\u7684\u60c5\u51b5\u662f 0x30c \u4e3a 4\uff08\u8f93\u5165\u7684\u7528\u6237\u540d\u957f\u5ea6\u4e5f\u6709\u5f71\u54cd\uff09, 0x314 \u88ab\u8bbe\u7f6e\u4e3a 0xdf, \u53ea\u8981\u53f3\u952e\u70b9\u51fb\u56fe\u56db 8 \u6b21\uff0c\u5de6\u952e 1 \u6b21\u5373\u53ef(0x7 + 0x1b * 8 = 0xdf)\u3002<\/li>\n<li>\u64cd\u4f5c\u5b8c\u6210\u540e\u5b9a\u65f6\u5668\u4f1a\u81ea\u52a8\u5c06\u6309\u94ae\u6587\u5b57\u5237\u65b0\u4e3a\u201c\u6ce8\u518c\u4e86\u201d\uff08\u4e0d\u8981\u5de6\u952e\u70b9\u6ce8\u518c\u8fd9\u4e2a\u6309\u94ae\uff0c\u70b9\u4e86\u4f1a\u5bfc\u81f4 0x308 \u65e0\u6cd5\u901a\u8fc7\u6821\u9a8c\uff0c\u4e5f\u662f\u4e2a\u5751\uff09\u3002<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>\u4f5c\u4e3a\u7ec3\u624b\u7684 160 \u4e2a CrackMe \u7cfb\u5217\u6574\u7406\u5206\u6790&#8230; <\/p>\n<div class=\"read-more navbutton\"><a href=\"https:\/\/flandre-scarlet.moe\/blog\/380\/\">\u9605\u8bfb\u66f4\u591a<i class=\"fa fa-angle-double-right\"><\/i><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31],"tags":[32,33],"class_list":["post-380","post","type-post","status-publish","format-standard","hentry","category-reverse-engineering","tag-crackme","tag-33"],"_links":{"self":[{"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/posts\/380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/comments?post=380"}],"version-history":[{"count":0,"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/posts\/380\/revisions"}],"wp:attachment":[{"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/media?parent=380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/categories?post=380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/flandre-scarlet.moe\/blog\/wp-json\/wp\/v2\/tags?post=380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}