.key:软件应用程序注册后创建的通用许可证文件,存储了一个以纯文本格式保存的加密密钥或注册信息,以证明购买了该程序的合法副本。
在程序目录下创建CRACKME3.KEY文件,文件内容设置为abcdefghijklmnopqrstuvwxyz。
CTRL+F2重新加载程序,调试运行。
call Cruehead.00401311
F7 单步步入调试函数内部信息
0x004020F9 处理完序列号累加值存放内存位置处
简易序列号产生器:
# serial = "abcdefghijklmn"
# serial = "zyflovelovegyn"
serial = "wanao@yahoo.cn" #构造序列号前14个字符
pojie = []
sum = 0
for i in range(18): #初始化pojie列表(破解)
pojie.append(0)
for i in range(len(serial)): #序列号前14个字符与ABCDEFGHIJKLMN逐位字符异或
sum = sum + (ord(serial[i]) ^ (65 + i))
print(hex(sum))
for i in range(14):
pojie[i] = serial[i] #将前十四个字符存储到pojie列表中
print(pojie)
key = hex(sum ^ 0x12345678).replace('0x','') #sum值异或0x12345678,去除hex获得的字符中0x
print(key)
print(isinstance(key,str))
#key值12345424(小端序)
#问题:如何将12345424字符串中取出24 54 34 12,变为十六进制,以ASCII形式存储进.key后缀文件中
#利用截取+字符拼接方式取出0x24和0x54,再转为字符形式存到下面的文件里
pojie[17] = chr(int(('0x'+key[0:2]),16))
pojie[16] = chr(int(('0x'+key[2:4]),16))
pojie[15] = chr(int(('0x'+key[4:6]),16))
pojie[14] = chr(int(('0x'+key[6:8]),16))
out = ''.join(pojie)
print(out)
with open("C:\CRACKME3.KEY", "wb+") as f:
f.write(bytes(out.encode()))
f.close()
or eax,eax
je short Cruehead.004010BF
判断eax是否为0,等价于cmp eax,0
or指令比cmp指令短
or:The OF and CF flags are cleared; the SF, ZF, and PF flags are set according to the result. The state of the AF flag is undefined.
cmp:The CF, OF, SF, ZF, AF, and PF flags are set according to the result.
GetModuleHandleA
Retrieves a module handle for the specified module. The module must have been loaded by the calling process.
CreateFileA
Creates or opens a file or I/O device. The most commonly used I/O devices are as follows: file, file stream, directory, physical disk, volume, console buffer, tape drive, communications resource, mailslot, and pipe. The function returns a handle that can be used to access the file or device for various types of I/O depending on the file or device and the flags and attributes specified.
ReadFile
Reads data from the specified file or input/output (I/O) device. Reads occur at the position specified by the file pointer if supported by the device.
FindWindowA
Retrieves a handle to the top-level window whose class name and window name match the specified strings. This function does not search child windows. This function does not perform a case-sensitive search.
Retrieve 检索
LoadIconA
Loads the specified icon resource from the executable (.exe) file associated with an application instance.
LoadCursorA
Loads the specified cursor resource from the executable (.EXE) file associated with an application instance.
cursor 游标,光标
RegisterClassA
Registers a window class for subsequent use in calls to the CreateWindow or CreateWindowEx function.
subsequent 随后的,后来的
CreateWindowExA
Creates an overlapped, pop-up, or child window with an extended window style; otherwise, this function is identical to the CreateWindow function.
ShowWindow
Sets the specified window's show state.
UpdateWindow
The UpdateWindow function updates the client area of the specified window by sending a WM_PAINT message to the window if the window's update region is not empty. The function sends a WM_PAINT message directly to the window procedure of the specified window, bypassing the application queue. If the update region is empty, no message is sent.
GetMessageA
Retrieves a message from the calling thread's message queue. The function dispatches incoming sent messages until a posted message is available for retrieval.
dispatches 派遣
TranslateMessage
Translates virtual-key messages into character messages. The character messages are posted to the calling thread's message queue, to be read the next time the thread calls the GetMessage or PeekMessage function.
DispatchMessageA
Dispatches a message to a window procedure. It is typically used to dispatch a message retrieved by the GetMessage function.
ExitProcess
Ends the calling process and all its threads.