【详细过程】
用peid查壳,无壳,运行,收集足够信息用OD载入,通过bp GetDlgItemTextA下断点,断点在USER32领空下,
从堆栈区Follow in Disassembler找到 call 调用函数地址为[004010B0],果断F7跟进
004010B0 |. E8 14000000 CALL crackme.004010C9
004010B5 |> EB 09 JMP SHORT crackme.004010C0
004010B7 |> B8 00000000 MOV EAX,0
004010BC |. C9 LEAVE
004010BD |. C2 1000 RET 10
004010C0 |> B8 01000000 MOV EAX,1
004010C5 |. C9 LEAVE
004010C6 /. C2 1000 RET 10
004010C9 /$ 56 PUSH ESI
004010CA |. 57 PUSH EDI
004010CB |. 51 PUSH ECX
004010CC |. 33F6 XOR ESI,ESI
004010CE |. 33FF XOR EDI,EDI
004010D0 |. B9 08000000 MOV ECX,8 ;定义循环次数
004010D5 |. BE 44304000 MOV ESI,crackme.00403044