【目 标】:diablo 2oo2’s crackme 2
【工 具】:ida 4.7
【任 务】:算法分析
【操作平台】:windows 2003 server
【作 者】: loveboom[dfcg][fcg][us]
【相关链接】: 见附件
【简要说明】: 用ida再分析一篇简单的算法。
【详细过程】:
因为crackme是用masm写的,所以非常方便分析的。这次目标用yoda加了壳,怎么脱壳我就不说了,很简单的。脱壳后,用ida分析一下结果就出来了:
code:00401028 dialogfunc: ; data xref: start+eo
code:00401028 push ebp
code:00401029 mov ebp, esp
code:0040102b cmp dword ptr [ebp+0ch], 111h
code:00401032 jnz loc_401245
code:00401038 mov eax, [ebp+10h] ; case eax==wm_command
code:0040103b cmp ax, 65h
code:0040103f jnz loc_40125d
code:00401045 pusha ; case ax==idc_btn_checkreg
code:00401046 mov byte ptr ds:ucase_buffer, 53h ; "sjkazbvtecgidfng"
code:0040104d mov byte ptr ds:ucase_buffer+1, 4ah
code:00401054 mov byte ptr ds:ucase_buffer+2, 4bh
code:0040105b mov byte ptr ds:ucase_buffer+3, 41h
code:00401062 mov byte ptr ds:ucase_buffer+4, 5ah
code:00401069 mov byte ptr ds:ucase_buffer+5, 42h
code:00401070 mov byte ptr ds:ucase_buffer+6, 56h
code:00401077 mov byte ptr ds:ucase_buffer+7, 54h
code:0040107e mov byte ptr ds:ucase_buffer+8, 45h
code:00401085 mov byte ptr ds:ucase_buffer+9, 43h
code:0040108c mov byte ptr ds:ucase_buffer+0ah, 47h
code:00401093 mov byte ptr ds:ucase_buffer+0bh, 49h
code:0040109a mov byte ptr ds:ucase_buffer+0ch, 44h
code:004010a1 mov byte ptr ds:ucase_buffer+0dh, 46h
code:004010a8 mov byte ptr ds:ucase_buffer+0eh, 4eh
