160 - 37 CyberBlade.1

其他 2018-06-18 11:20:56 阅读次数: 2

环境
Windows xp sp3

工具
1.exeinfo PE
2.ollydbg

查壳
OD载入是VB程序。

测试

OD载入直接搜字符串。
这个是当输入为空时会弹出消息框告诉你要输入9个字符。

0040E005   > \8B4D E4       mov ecx,dword ptr ss:[ebp-0x1C]
0040E008   .  51            push ecx
0040E009   .  68 4C344000   push CyberBla.0040344C
0040E00E   .  FF15 28114100 call dword ptr ds:[<&MSVBVM50.__vbaStrCm>;  MSVBVM50.__vbaStrCmp
0040E014   .  8BF0          mov esi,eax
0040E016   .  8D4D E4       lea ecx,dword ptr ss:[ebp-0x1C]
0040E019   .  F7DE          neg esi
0040E01B   .  1BF6          sbb esi,esi
0040E01D   .  46            inc esi
0040E01E   .  F7DE          neg esi
0040E020   .  FF15 8C114100 call dword ptr ds:[<&MSVBVM50.__vbaFreeS>;  MSVBVM50.__vbaFreeStr
0040E026   .  8D4D E0       lea ecx,dword ptr ss:[ebp-0x20]
0040E029   .  FF15 90114100 call dword ptr ds:[<&MSVBVM50.__vbaFreeO>;  MSVBVM50.__vbaFreeObj
0040E02F   .  66:3BF7       cmp si,di
0040E032   .  74 7D         je XCyberBla.0040E0B1
0040E034   .  BF 0A000000   mov edi,0xA
0040E039   .  BB 04000280   mov ebx,0x80020004
0040E03E   .  897D A0       mov dword ptr ss:[ebp-0x60],edi
0040E041   .  897D B0       mov dword ptr ss:[ebp-0x50],edi
0040E044   .  8B3D 78114100 mov edi,dword ptr ds:[<&MSVBVM50.__vbaVa>;  MSVBVM50.__vbaVarDup
0040E04A   .  BE 08000000   mov esi,0x8
0040E04F   .  8D55 80       lea edx,dword ptr ss:[ebp-0x80]
0040E052   .  8D4D C0       lea ecx,dword ptr ss:[ebp-0x40]
0040E055   .  895D A8       mov dword ptr ss:[ebp-0x58],ebx
0040E058   .  895D B8       mov dword ptr ss:[ebp-0x48],ebx
0040E05B   .  C745 88 EC344>mov dword ptr ss:[ebp-0x78],CyberBla.004>;  UNICODE "Error"
0040E062   .  8975 80       mov dword ptr ss:[ebp-0x80],esi
0040E065   .  FFD7          call edi                                 ;  <&MSVBVM50.__vbaVarDup>
0040E067   .  8D55 90       lea edx,dword ptr ss:[ebp-0x70]
0040E06A   .  8D4D D0       lea ecx,dword ptr ss:[ebp-0x30]
0040E06D   .  C745 98 94344>mov dword ptr ss:[ebp-0x68],CyberBla.004>;  UNICODE "You have to enter an 9 number key first."
0040E074   .  8975 90       mov dword ptr ss:[ebp-0x70],esi
0040E077   .  FFD7          call edi
0040E079   .  8D55 A0       lea edx,dword ptr ss:[ebp-0x60]
0040E07C   .  8D45 B0       lea eax,dword ptr ss:[ebp-0x50]
0040E07F   .  52            push edx
0040E080   .  8D4D C0       lea ecx,dword ptr ss:[ebp-0x40]
0040E083   .  50            push eax
0040E084   .  51            push ecx
0040E085   .  8D55 D0       lea edx,dword ptr ss:[ebp-0x30]
0040E088   .  6A 40         push 0x40
0040E08A   .  52            push edx
0040E08B   .  FF15 04114100 call dword ptr ds:[<&MSVBVM50.#595>]     ;  MSVBVM50.rtcMsgBox

这里比较

0040E0EB   .  51            push ecx                                 ;  输入的serial存进来
0040E0EC   .  FF15 5C114100 call dword ptr ds:[<&MSVBVM50.__vbaR8Str>;  MSVBVM50.__vbaR8Str
0040E0F2   .  DB43 4C       fild dword ptr ds:[ebx+0x4C]             ;  这里会有一个值
0040E0F5   .  DD9D 38FFFFFF fstp qword ptr ss:[ebp-0xC8]
0040E0FB   .  DCA5 38FFFFFF fsub qword ptr ss:[ebp-0xC8]             ;  输入的serial与上面的值相减
0040E101   .  DFE0          fstsw ax
0040E103   .  A8 0D         test al,0xD
0040E105   .  0F85 EB030000 jnz CyberBla.0040E4F6
0040E10B   .  FF15 14114100 call dword ptr ds:[<&MSVBVM50.__vbaFpR8>>;  MSVBVM50.__vbaFpR8
0040E111   .  DC1D 08104000 fcomp qword ptr ds:[0x401008]            ;  将上面的结果与0比较
0040E117   .  DFE0          fstsw ax                                 ;  相等的话下面的跳转不实现,弹出正确消息框框
0040E119   .  F6C4 40       test ah,0x40
0040E11C   .  74 05         je XCyberBla.0040E123
0040E11E   .  BF 01000000   mov edi,0x1
0040E123   >  8D4D E4       lea ecx,dword ptr ss:[ebp-0x1C]
0040E126   .  FF15 8C114100 call dword ptr ds:[<&MSVBVM50.__vbaFreeS>;  MSVBVM50.__vbaFreeStr
0040E12C   .  8D4D E0       lea ecx,dword ptr ss:[ebp-0x20]
0040E12F   .  FF15 90114100 call dword ptr ds:[<&MSVBVM50.__vbaFreeO>;  MSVBVM50.__vbaFreeObj
0040E135   .  F7DF          neg edi
0040E137   .  66:85FF       test di,di
0040E13A   .  0F84 2C010000 je CyberBla.0040E26C
0040E140   .  BB 04000280   mov ebx,0x80020004
0040E145   .  BF 0A000000   mov edi,0xA
0040E14A   .  BE 08000000   mov esi,0x8
0040E14F   .  8D55 80       lea edx,dword ptr ss:[ebp-0x80]
0040E152   .  8D4D C0       lea ecx,dword ptr ss:[ebp-0x40]
0040E155   .  895D A8       mov dword ptr ss:[ebp-0x58],ebx
0040E158   .  897D A0       mov dword ptr ss:[ebp-0x60],edi
0040E15B   .  895D B8       mov dword ptr ss:[ebp-0x48],ebx
0040E15E   .  897D B0       mov dword ptr ss:[ebp-0x50],edi
0040E161   .  C745 88 5C354>mov dword ptr ss:[ebp-0x78],CyberBla.004>;  UNICODE "Correct password"
0040E168   .  8975 80       mov dword ptr ss:[ebp-0x80],esi
0040E16B   .  FF15 78114100 call dword ptr ds:[<&MSVBVM50.__vbaVarDu>;  MSVBVM50.__vbaVarDup
0040E171   .  8D55 90       lea edx,dword ptr ss:[ebp-0x70]
0040E174   .  8D4D D0       lea ecx,dword ptr ss:[ebp-0x30]
0040E177   .  C745 98 FC344>mov dword ptr ss:[ebp-0x68],CyberBla.004>;  UNICODE "Not bad, you have found the correct password."
0040E17E   .  8975 90       mov dword ptr ss:[ebp-0x70],esi
0040E181   .  FF15 78114100 call dword ptr ds:[<&MSVBVM50.__vbaVarDu>;  MSVBVM50.__vbaVarDup
0040E187   .  8D55 A0       lea edx,dword ptr ss:[ebp-0x60]
0040E18A   .  8D45 B0       lea eax,dword ptr ss:[ebp-0x50]
0040E18D   .  52            push edx
0040E18E   .  8D4D C0       lea ecx,dword ptr ss:[ebp-0x40]
0040E191   .  50            push eax
0040E192   .  51            push ecx
0040E193   .  8D55 D0       lea edx,dword ptr ss:[ebp-0x30]
0040E196   .  6A 40         push 0x40
0040E198   .  52            push edx
0040E199   .  FF15 04114100 call dword ptr ds:[<&MSVBVM50.#595>]     ;  MSVBVM50.rtcMsgBox

其实就是明文比较:315751288

猜你喜欢

转载自blog.csdn.net/goodnameused/article/details/78729737
37
今日推荐
手把手教你用 LangChain 实现大模型 Agent
外星人入侵(python)
超全的免费chatGPT列表【建议收藏】
52.2k star! 自己部署gpt4free, 免费使用各种GPT
2024年 (第十届)全国大学生统计建模大赛优秀论文解析——中国经济发展与碳排放库兹涅茨曲线的验证研究
【自动驾驶技术】自动驾驶汽车AI芯片汇总——NVIDIA篇
7个免费的ChatGPT网站,给大家送上
Angular v18 正式发布!
【VMware】 vCenter Converter standalone 6.6.0正式版下载
开源日报 | Angular v18;大模型价格战下的推理优化;Mistral AI以开源模型瞄准美国市场;硅谷有自己的鲁迅
数学建模Matlab之数据预处理方法
充电桩---ISO15118协议详细介绍
周排行
慧测学习课件
Mscordacwks.dll/SOS.dll 调试归档
关于深度学习人工智能模型的探讨(二)(7)
Stop Using the text-indent:-9999px
Least Common Multiple(HDU - 1019 )
Comparator接口的使用方法--例子
修改framework Camera的API,旋转摄像头
机器学习时代的“大数据+”:数据平台的设计与搭建
vue 项目部署到nginx
webstorm 常用插件集合
每日归档
更多
2024-05-29(65)
2024-05-28(2)
2024-05-27(56)
2024-05-26(6)
2024-05-25(68)
2024-05-24(65)
2024-05-23(9)
2024-05-22(41)
2024-05-21(8)
2024-05-20(36)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022