crackcode程式碼分享筆記(一) (8千字)

crackcode程式碼分享筆記(一)
今天有些失眠，睡不著，所以閒著也是閒著。今天剛把crackcode下了，挺小的才11.5k。
把它反彙編了。想慢慢的把程式從頭讀一遍，估計不會很難吧！：）今天還行，看了一點點，
先和大家分享。我的組合語言也學的馬虎，如果你們覺註釋還能看得過去的，就將就將！
:00401000 53 push ebx
:00401001 55 push ebp
:00401002 56 push esi
:00401003 57 push edi
:00401004 6A00 push 00000000

* Possible StringData Ref from Data Obj ->"Crackcode 2000 -- Author:Ru Feng "
->"(http:\\ocqpat.163.net)"
|
:00401006 68AC624000 push 004062AC

* Possible StringData Ref from Data Obj ->"Thank you for using the Crackcode!Let "
->"us make the keygen so easy!"
|
:0040100B 6868624000 push 00406268
:00401010 6A00 push 00000000

* Reference To: USER32.MessageBoxA, Ord:0000h
|
:00401012 FF15C0504000 Call dword ptr [004050C0]
              ^^^^^^^^^^^^^^－－－》顯示作者的堂堂大名。
:00401018 BE20A44000 mov esi, 0040A420
:0040101D BF04010000 mov edi, 00000104
:00401022 56 push esi
:00401023 57 push edi

* Reference To: KERNEL32.GetCurrentDirectoryA, Ord:0000h
|
:00401024 FF1504504000 Call dword ptr [00405004]
              ^^^^^^^^^^^^^^^－－－》取得當前的路徑。

* Possible StringData Ref from Data Obj ->"CRACKCODE.INI"
|
:0040102A 68DC604000 push 004060DC

* Possible StringData Ref from Data Obj ->"\"
|
:0040102F 6864624000 push 00406264
:00401034 56 push esi
:00401035 E8360A0000 call 00401A70
:0040103A 59 pop ecx
:0040103B 59 pop ecx
:0040103C 50 push eax
:0040103D E82E0A0000 call 00401A70
:00401042 59 pop ecx
:00401043 BD50674000 mov ebp, 00406750
:00401048 59 pop ecx
^^^^^^^^^^^^^^^^－－》以上這段程式碼實現一個函式
strcat（）比如獲得當前路徑為C:\crackcode；那麼
結果這段程式碼合併為：c:\crackcode\crackcode.ini

來看看00401A70中的程式碼：
:00401A70 8B4C2404 mov ecx, dword ptr [esp+04]
                      ^^^^^^^^－－－》ECX獲得指向路徑字串
              ECX=40A620
:00401A74 57 push edi
:00401A75 F7C103000000 test ecx, 00000003
:00401A7B 740F je 00401A8C

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401A8A(C)
|
:00401A7D 8A01 mov al, byte ptr [ecx]
:00401A7F 41 inc ecx
:00401A80 84C0 test al, al
:00401A82 743B je 00401ABF
:00401A84 F7C103000000 test ecx, 00000003
:00401A8A 75F1 jne 00401A7D

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401A7B(C), :00401AA2(C), :00401ABD(U)
|
:00401A8C 8B01 mov eax, dword ptr [ecx]
:00401A8E BAFFFEFE7E mov edx, 7EFEFEFF
:00401A93 03D0 add edx, eax
:00401A95 83F0FF xor eax, FFFFFFFF
:00401A98 33C2 xor eax, edx
:00401A9A 83C104 add ecx, 00000004
:00401A9D A900010181 test eax, 81010100
:00401AA2 74E8 je 00401A8C
              ^^^^^^^^^^^^^^^^－－》這段程式碼是迴圈取四個字元
              確定到那四個字元為結尾
:00401AA4 8B41FC mov eax, dword ptr [ecx-04]
:00401AA7 84C0 test al, al
:00401AA9 7423 je 00401ACE
:00401AAB 84E4 test ah, ah
:00401AAD 741A je 00401AC9
:00401AAF A90000FF00 test eax, 00FF0000
:00401AB4 740E je 00401AC4
:00401AB6 A9000000FF test eax, FF000000
:00401ABB 7402 je 00401ABF
:00401ABD EBCD jmp 00401A8C
              ^^^^^^^^^^^^^^^－－》這段程式碼為確定最後四個字元
              中有多少個字元。分別跳到下面相應的程式
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401A82(C), :00401ABB(C)
|
:00401ABF 8D79FF lea edi, dword ptr [ecx-01]
:00401AC2 EB0D jmp 00401AD1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401AB4(C)
|
:00401AC4 8D79FE lea edi, dword ptr [ecx-02]
:00401AC7 EB08 jmp 00401AD1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401AAD(C)
|
:00401AC9 8D79FD lea edi, dword ptr [ecx-03]
:00401ACC EB03 jmp 00401AD1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401AA9(C)
|
＝＝＝＝＝＝＝＝＝＝＝＝＝＝下面的程式碼和也以上程式碼相似，不再作解釋＝＝＝＝＝＝＝
:00401ACE 8D79FC lea edi, dword ptr [ecx-04]

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401A65(U), :00401AC2(U), :00401AC7(U), :00401ACC(U)
|
:00401AD1 8B4C240C mov ecx, dword ptr [esp+0C]
:00401AD5 F7C103000000 test ecx, 00000003
:00401ADB 7419 je 00401AF6

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401AED(C)
|
:00401ADD 8A11 mov dl, byte ptr [ecx]
:00401ADF 41 inc ecx
:00401AE0 84D2 test dl, dl
:00401AE2 7464 je 00401B48
:00401AE4 8817 mov byte ptr [edi], dl
:00401AE6 47 inc edi
:00401AE7 F7C103000000 test ecx, 00000003
:00401AED 75EE jne 00401ADD
:00401AEF EB05 jmp 00401AF6

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401B0E(C), :00401B28(U)
|
:00401AF1 8917 mov dword ptr [edi], edx
:00401AF3 83C704 add edi, 00000004

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401ADB(C), :00401AEF(U)
|
:00401AF6 BAFFFEFE7E mov edx, 7EFEFEFF
:00401AFB 8B01 mov eax, dword ptr [ecx]
:00401AFD 03D0 add edx, eax
:00401AFF 83F0FF xor eax, FFFFFFFF
:00401B02 33C2 xor eax, edx
:00401B04 8B11 mov edx, dword ptr [ecx]
:00401B06 83C104 add ecx, 00000004
:00401B09 A900010181 test eax, 81010100
:00401B0E 74E1 je 00401AF1
:00401B10 84D2 test dl, dl
:00401B12 7434 je 00401B48
:00401B14 84F6 test dh, dh
:00401B16 7427 je 00401B3F
:00401B18 F7C20000FF00 test edx, 00FF0000
:00401B1E 7412 je 00401B32
:00401B20 F7C2000000FF test edx, FF000000
:00401B26 7402 je 00401B2A
:00401B28 EBC7 jmp 00401AF1

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

小結：希望大家能不能幫我解答，以上程式碼中不明白的地方。

1、:00401A75 F7C103000000 test ecx, 00000003 －－》為什麼要TEST??

2 對以下程式碼中為什麼要加上7EFEFEFF 然後再XOR FFFFFFFF，能不能告訴我原因？
:00401A8C 8B01 mov eax, dword ptr [ecx]
:00401A8E BAFFFEFE7E mov edx, 7EFEFEFF
:00401A93 03D0 add edx, eax
:00401A95 83F0FF xor eax, FFFFFFFF
:00401A98 33C2 xor eax, edx
:00401A9A 83C104 add ecx, 00000004
:00401A9D A900010181 test eax, 81010100
:00401AA2 74E8 je 00401A8C

謝謝大家的幫助！！

今天就到這裡，就到這裡。。。。。。（待續）豆豆蝦
                      2001.8.9 23：36完成
                      歷時：1個小時。

crackcode程式碼分享筆記(一) (8千字)

相關文章