160 x Crackme 004 ajj.1

This crackme is a little wonderful, after entering name and serial, there is no then, then ...

After opening, after entering the pseudo code, nothing, no buttons, a pair of lose look.

Peid, take a look at the Delphi program:

First, with the Delphi artifact: DeDe:

After opening, find the process, hair line has a few processes, go to see:

00457BD0   53                     push    ebx00457BD1   8BD8                   mov     ebx, eax00457BD3   8D8310030000           lea     eax, [ebx+$0310]    * Possible String Reference to: ‘黑头Sun Bird‘；字符串    |    00457BD9   BA187C4500             mov     edx, $00457C1* Reference to: [email protected];|00457BDE   E86DBDFAFF             call    0040395000457BE3   8D8314030000           lea     eax, [ebx+$0314]    * Possible String Reference to: ‘dseloffc-012-OK‘；字符串    |    00457BE9   BA307C4500             mov     edx, $00457C30

Chkcode meaning is probably check the code bar, most likely, double-click into the RVA:
Found a lot of strcat,strclr such as string concatenation, processing functions, but in which, a closer look will find important clues:

00457D27   E81CB6FCFF             call    0042334800457D2C   8B45E0                 mov     eax, [ebp-$20]    00457D2F   8B9318030000           mov     edx, [ebx+$0318]* Reference to: [email protected];|00457D35   E852BFFAFF             call    00403C8C { 比较函数，这必然会是一个关键位置 } 00457D3A   750A                   jnz     00457D4600457D3C   C7830C0300003E000000   mov     dword ptr [ebx+$030C], $0000003E00457D46   8B830C030000           mov     eax, [ebx+$030C]    00457D4C   83C010                 add     eax, +$1000457D4F   8983FC020000           mov     [ebx+$02FC], eax    00457D55   83C023                 add     eax, +$2300457D58   898300030000           mov     [ebx+$0300], eax    00457D5E   33F6                   xor     esi, esi    00457D60   8D55D8                 lea     edx, [ebp-$28]

strcmp function Ah, OD ctrl+g past look:
Analyze the process of the program:

00457D2C  |.  8B45 E0       mov eax,[local.8]                        ;  ;name字符串00457D2F  |.  8B93 18030000 mov edx,dword ptr ds:[ebx+0x318]         ;  ;函数的参数部分00457D35  |.  E8 52BFFAFF   call CKme.00403C8C                       ;  ;strcmp函数的位置

See the Serila:

OK, go and try, enter name and Serila, and then click on one of the locations to succeed:

Look at this sister can also ...

Analysis algorithm:
Find the function of the head down: In the data section we have seen, the answer to the string, in Lenovo in the Dede we see the vast number of strcat

Understand, is actually a string concatenation operation, very simple, do not need to write the registration machine, if you do not believe, you can enter a different name attempt.

160 x Crackme 004 ajj.1