1、无壳,VC
2、搜字符串
004014CE . 8DBE A0000000 lea edi,dword ptr ds:[esi+0xA0]
004014D4 . 8BCF mov ecx,edi
004014D6 . E8 6F030000 call <jmp.&MFC42.#3876> ; len(Name)
004014DB . 8B1D FC214000 mov ebx,dword ptr ds:[<&USER32.PostQuitM>; USER32.PostQuitMessage
004014E1 . 83F8 05 cmp eax,0x5 ; <= 5 ;失败
004014E4 . 7E 50 jle XCoSH_2.00401536
004014E6 . 8D6E 60 lea ebp,dword ptr ds:[esi+0x60]
004014E9 . 8BCD mov ecx,ebp
004014EB . E8 5A030000 call <jmp.&MFC42.#3876> ; len(Serial)
004014F0 . 83F8 05 cmp eax,0x5 ; <= 5 ;失败
004014F3 . 7E 41 jle XCoSH_2.00401536
004014F5 . 8D86 E0000000 lea eax,dword ptr ds:[esi+0xE0]
004014FB . 8BCF mov ecx,edi
004014FD . 50 push eax
004014FE . E8 41030000 call <jmp.&MFC42.#3874> ; Name
00401503 . 8DBE E4000000 lea edi,dword ptr ds:[esi+0xE4]
00401509 . 8BCD mov ecx,ebp
0040150B . 57 push edi
0040150C . E8 33030000 call <jmp.&MFC42.#3874>
00401511 . 8B07 mov eax,dword ptr ds:[edi]
00401513 . 8038 36 cmp byte ptr ds:[eax],0x36 ; 6
00401516 . 75 1E jnz XCoSH_2.00401536
00401518 . 8078 01 32 cmp byte ptr ds:[eax+0x1],0x32 ; 2
0040151C . 75 18 jnz XCoSH_2.00401536
0040151E . 8078 02 38 cmp byte ptr ds:[eax+0x2],0x38 ; 8
00401522 . 75 12 jnz XCoSH_2.00401536
00401524 . 8078 03 37 cmp byte ptr ds:[eax+0x3],0x37 ; 7
00401528 . 75 0C jnz XCoSH_2.00401536
0040152A . 8078 04 2D cmp byte ptr ds:[eax+0x4],0x2D ; -
0040152E . 75 06 jnz XCoSH_2.00401536
00401530 . 8078 05 41 cmp byte ptr ds:[eax+0x5],0x41 ; A
00401534 . 74 17 je XCoSH_2.0040154D ; 跳向成功
00401536 > 6A 00 push 0x0
00401538 . 68 64304000 push CoSH_2.00403064 ; ERROR
0040153D . 68 38304000 push CoSH_2.00403038 ; One of the Details you entered was wrong
00401542 . 8BCE mov ecx,esi
00401544 . E8 F5020000 call <jmp.&MFC42.#4224>
Name和Serial长度都要大于5,Name随意,Serial固定。
Serial:6287-A