您的位置:首页 > 其它

160个练手CrackMe-037

2017-12-04 14:20 316 查看

1、VB,无壳

2、VB Decompiler + OD

定位Check按钮事件,搜索字符串,找到“Correct password”。

0040E137   .  66:85FF       test di,di
0040E13A   .  0F84 2C010000 je CyberBla.0040E26C                     ;  关键跳转
0040E140   .  BB 04000280   mov ebx,0x80020004
0040E145   .  BF 0A000000   mov edi,0xA
0040E14A   .  BE 08000000   mov esi,0x8
0040E14F   .  8D55 80       lea edx,dword ptr ss:[ebp-0x80]
0040E152   .  8D4D C0       lea ecx,dword ptr ss:[ebp-0x40]
0040E155   .  895D A8       mov dword ptr ss:[ebp-0x58],ebx
0040E158   .  897D A0       mov dword ptr ss:[ebp-0x60],edi
0040E15B   .  895D B8       mov dword ptr ss:[ebp-0x48],ebx
0040E15E   .  897D B0       mov dword ptr ss:[ebp-0x50],edi
0040E161   .  C745 88 5C354>mov dword ptr ss:[ebp-0x78],CyberBla.004>;  Correct password
0040E168   .  8975 80       mov dword ptr ss:[ebp-0x80],esi
0040E16B   .  FF15 78114100 call dword ptr ds:[<&MSVBVM50.__vbaVarDu>;  MSVBVM50.__vbaVarDup
0040E171   .  8D55 90       lea edx,dword ptr ss:[ebp-0x70]
0040E174   .  8D4D D0       lea ecx,dword ptr ss:[ebp-0x30]
0040E177   .  C745 98 FC344>mov dword ptr ss:[ebp-0x68],CyberBla.004>;  Not bad, you have found the correct password.
0040E17E   .  8975 90       mov dword ptr ss:[ebp-0x70],esi
0040E181   .  FF15 78114100 call dword ptr ds:[<&MSVBVM50.__vbaVarDu>;  MSVBVM50.__vbaVarDup
0040E187   .  8D55 A0       lea edx,dword ptr ss:[ebp-0x60]


di != 0 则弹出成功信息框。

向上查找004E11E处,有赋值。

0040E0E8   > \8B4D E4       mov ecx,dword ptr ss:[ebp-0x1C]
0040E0EB   .  51            push ecx                                 ;  输入的Serial转为浮点数
0040E0EC   .  FF15 5C114100 call dword ptr ds:[<&MSVBVM50.__vbaR8Str>;  MSVBVM50.__vbaR8Str
0040E0F2   .  DB43 4C       fild dword ptr ds:[ebx+0x4C]             ;  push正确的key
0040E0F5   .  DD9D 38FFFFFF fstp qword ptr ss:[ebp-0xC8]
0040E0FB   .  DCA5 38FFFFFF fsub qword ptr ss:[ebp-0xC8]             ;  Serial - key
0040E101   .  DFE0          fstsw ax
0040E103   .  A8 0D         test al,0xD
0040E105   .  0F85 EB030000 jnz CyberBla.0040E4F6
0040E10B   .  FF15 14114100 call dword ptr ds:[<&MSVBVM50.__vbaFpR8>>;  MSVBVM50.__vbaFpR8
0040E111   .  DC1D 08104000 fcomp qword ptr ds:[0x401008]            ;  与0.0比较
0040E117   .  DFE0          fstsw ax
0040E119   .  F6C4 40       test ah,0x40                             ;  相应位是1则对edi赋值
0040E11C   .  74 05         je XCyberBla.0040E123
0040E11E   .  BF 01000000   mov edi,0x1                              ;  edi赋值
0040E123   >  8D4D E4       lea ecx,dword ptr ss:[ebp-0x1C]
0040E126   .  FF15 8C114100 call dword ptr ds:[<&MSVBVM50.__vbaFreeS>;  MSVBVM50.__vbaFreeStr
0040E12C   .  8D4D E0       lea ecx,dword ptr ss:[ebp-0x20]
0040E12F   .  FF15 90114100 call dword ptr ds:[<&MSVBVM50.__vbaFreeO>;  MSVBVM50.__vbaFreeObj
0040E135   .  F7DF          neg edi
0040E137   .  66:85FF       test di,di
0040E13A   .  0F84 2C010000 je CyberBla.0040E26C                     ;  关键跳转
0040E140   .  BB 04000280   mov ebx,0x80020004


在0040E0F2下断,运行到这,查看提示信息,十进制 3157561288,就是密码。

内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签:  CrackMe
相关文章推荐
新的分享
章节导航