004014DE   > \85C0          test eax,eax
004014E0   .  6A 00         push 0x0
004014E2   .  6A 00         push 0x0
004014E4   .  75 07         jnz XCrackMe.004014ED
004014E6   .  68 E0A04400   push CrackMe.0044A0E0                                      ;  success
004014EB   .  EB 05         jmp XCrackMe.004014F2
004014ED   >  68 D8A04400   push CrackMe.0044A0D8                                      ;  Done
004014F2   >  8BCF          mov ecx,edi
004014F4   .  E8 5E310200   call CrackMe.00424657
004014F9   .  8D4C24 08     lea ecx,dword ptr ss:[esp+0x8]
004014FD   .  C64424 1C 00  mov byte ptr ss:[esp+0x1C],0x0
00401502   .  E8 AB0C0200   call CrackMe.004221B2
00401507   .  8D4C24 0C     lea ecx,dword ptr ss:[esp+0xC]
0040150B   .  C74424 1C FFF>mov dword ptr ss:[esp+0x1C],-0x1
00401513   .  E8 9A0C0200   call CrackMe.004221B2
00401518   .  8B4C24 14     mov ecx,dword ptr ss:[esp+0x14]
0040151C   .  5F            pop edi
0040151D   .  64:890D 00000>mov dword ptr fs:[0],ecx
00401524   .  5E            pop esi
00401525   .  83C4 18       add esp,0x18
00401528   .  C3            retn

00401409  |.  5F            pop edi
0040140A  |.  64:890D 00000>mov dword ptr fs:[0],ecx
00401411  |.  5E            pop esi
00401412  |.  83C4 0C       add esp,0xC
00401415  \.  C3            retn

00401409  |.  5F            pop edi
0040140A  |.  64:890D 00000>mov dword ptr fs:[0],ecx
00401411  |.  5E            pop esi
00401412  |.  83C4 0C       add esp,0xC
00401415      5C            pop esp
00401416      E8 4A000000   call CrackMe.00401465

004014B0 call    sub_4225E2这个CALL。在这个CALL前面还有五个CALL,在有限的时间内，我们不可能跟进每个call看它干了啥。

.text:004014B5 loc_4014B5:             ; eax=K$q*a_+@Xt
.text:004014B5 mov     dl, [eax]
.text:004014B7 mov     cl, dl
.text:004014B9 cmp     dl, [esi]       ; esi="aaaaaaaa"
.text:004014BB jnz     short loc_4014D9

[培训]科锐逆向工程师培训第53期2025年7月8日开班！