能力值:
( LV2,RANK:10 )
|
-
-
[求助]求个DSA的X值
附上几组签名值
h(m)=6DBC0496E0BA6A02A5BE42DDF05B4676B93B75AE
r=462863B2874C5A2547134405C6B33A10F0E55A93 s=6122D24A53E11B802627674714952713E74B3786
r=1D94BEC9E00E793C92880347960D7FE91EFEF834 s=6C0E5F36B0F3C271D80F28C1819361622DE089B6
r=82AD657B8BA1BBF1B926D8432E890A45B57CA52E s=0B2ED80349BA7DCB97F9D57708C58755733E9891
r=7B741B43898601C7218D9BBDA10F7C92ACDC7083 s=8F420A4124D1EA6F5835B4713781C09CD79A1807
r=4C51A76CCB1D1F0375666014FEBD6624F167ED50 s=119A7FFD385F8C6CD981EF7D149A483F9D94F21F
|
能力值:
( LV2,RANK:10 )
|
-
-
|
能力值:
( LV2,RANK:10 )
|
-
-
|
能力值:
( LV2,RANK:10 )
|
-
-
|
能力值:
( LV2,RANK:10 )
|
-
-
|
能力值:
( LV2,RANK:10 )
|
-
-
[原创]QVod 5.12 去除工具浮窗的Patch DLL
不要这么复杂吧。
bp ShowWindow
alt+f9
修改函数入口为 retn 04
over。
004F295D $ C2 0400 RETN 4 004F2960 . 83EC 10 SUB ESP,10 004F2963 . 53 PUSH EBX 004F2964 . 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8] 004F2967 . 56 PUSH ESI 004F2968 . 57 PUSH EDI 004F2969 . 33FF XOR EDI,EDI 004F296B . 83FB 05 CMP EBX,5 004F296E . 8BF1 MOV ESI,ECX 004F2970 . 74 4A JE SHORT QvodPlay.004F29BC 004F2972 . 3BDF CMP EBX,EDI 004F2974 . 74 46 JE SHORT QvodPlay.004F29BC 004F2976 . 57 PUSH EDI 004F2977 . E8 5EE1FEFF CALL QvodPlay.004E0ADA 004F297C . 3938 CMP DWORD PTR DS:[EAX],EDI 004F297E . 0F84 04010000 JE QvodPlay.004F2A88 004F2984 . 8B86 B8120000 MOV EAX,DWORD PTR DS:[ESI+12B8] 004F298A . 83C0 04 ADD EAX,4 004F298D . FF30 PUSH DWORD PTR DS:[EAX] ; /hWnd 004F298F . FF15 D4955900 CALL DWORD PTR DS:[<&USER32.IsWindow>] ; \IsWindow 004F2995 . 85C0 TEST EAX,EAX 004F2997 . 0F84 EB000000 JE QvodPlay.004F2A88 004F299D . 81C3 187FFFFF ADD EBX,FFFF7F18 004F29A3 . 83FB 24 CMP EBX,24 004F29A6 . 0F87 DC000000 JA QvodPlay.004F2A88 004F29AC . 8B8E B8120000 MOV ECX,DWORD PTR DS:[ESI+12B8] 004F29B2 . E8 CF23FFFF CALL QvodPlay.004E4D86 004F29B7 . E9 CC000000 JMP QvodPlay.004F2A88 004F29BC > 39BE B8120000 CMP DWORD PTR DS:[ESI+12B8],EDI 004F29C2 . 0F85 A3000000 JNZ QvodPlay.004F2A6B 004F29C8 . 68 BC010000 PUSH 1BC 004F29CD . E8 966D0700 CALL QvodPlay.00569768 004F29D2 . 3BC7 CMP EAX,EDI 004F29D4 . 59 POP ECX 004F29D5 . 74 09 JE SHORT QvodPlay.004F29E0 004F29D7 . 8BC8 MOV ECX,EAX 004F29D9 . E8 BCECFFFF CALL QvodPlay.004F169A 004F29DE . EB 02 JMP SHORT QvodPlay.004F29E2 004F29E0 > 33C0 XOR EAX,EAX 004F29E2 > 3BC7 CMP EAX,EDI 004F29E4 . 8986 B8120000 MOV DWORD PTR DS:[ESI+12B8],EAX 004F29EA . 74 07 JE SHORT QvodPlay.004F29F3 004F29EC . 05 68010000 ADD EAX,168 004F29F1 . EB 02 JMP SHORT QvodPlay.004F29F5 004F29F3 > 33C0 XOR EAX,EAX 004F29F5 > 6A 01 PUSH 1 004F29F7 . 50 PUSH EAX 004F29F8 . E8 13E8FBFF CALL QvodPlay.004B1210 004F29FD . 59 POP ECX 004F29FE . 59 POP ECX 004F29FF . 8B8E B8120000 MOV ECX,DWORD PTR DS:[ESI+12B8] 004F2A05 . 8981 7C010000 MOV DWORD PTR DS:[ECX+17C],EAX 004F2A0B . 57 PUSH EDI ; /Arg7 004F2A0C . 51 PUSH ECX ; |Arg6 004F2A0D . 8BC6 MOV EAX,ESI ; | 004F2A0F . F7D8 NEG EAX ; | 004F2A11 . 1BC0 SBB EAX,EAX ; | 004F2A13 . 8D96 B4000000 LEA EDX,DWORD PTR DS:[ESI+B4] ; | 004F2A19 . 23C2 AND EAX,EDX ; | 004F2A1B . 8981 80010000 MOV DWORD PTR DS:[ECX+180],EAX ; | 004F2A21 . 8BC4 MOV EAX,ESP ; | 004F2A23 . 57 PUSH EDI ; |Arg5 004F2A24 . 68 00000086 PUSH 86000000 ; |Arg4 = 86000000 004F2A29 . 8938 MOV DWORD PTR DS:[EAX],EDI ; | 004F2A2B . 57 PUSH EDI ; |Arg3 004F2A2C . 51 PUSH ECX ; |Arg2 004F2A2D . 8BC4 MOV EAX,ESP ; | 004F2A2F . 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10] ; | 004F2A32 . 897D F0 MOV DWORD PTR SS:[EBP-10],EDI ; | 004F2A35 . 897D F4 MOV DWORD PTR SS:[EBP-C],EDI ; | 004F2A38 . 897D F8 MOV DWORD PTR SS:[EBP-8],EDI ; | 004F2A3B . 897D FC MOV DWORD PTR SS:[EBP-4],EDI ; | 004F2A3E . 8908 MOV DWORD PTR DS:[EAX],ECX ; | 004F2A40 . 8B8E B8120000 MOV ECX,DWORD PTR DS:[ESI+12B8] ; | 004F2A46 . 57 PUSH EDI ; |Arg1 004F2A47 . E8 7F79FFFF CALL QvodPlay.004EA3CB ; \QvodPlay.004EA3CB 004F2A4C . 8B86 B8120000 MOV EAX,DWORD PTR DS:[ESI+12B8] 004F2A52 . 6A 03 PUSH 3 ; /Flags = SWP_NOSIZE|SWP_NOMOVE 004F2A54 . 57 PUSH EDI ; |Height 004F2A55 . 57 PUSH EDI ; |Width 004F2A56 . 57 PUSH EDI ; |Y 004F2A57 . 57 PUSH EDI ; |X 004F2A58 . 6A FF PUSH -1 ; |InsertAfter = HWND_TOPMOST 004F2A5A . FF70 04 PUSH DWORD PTR DS:[EAX+4] ; |hWnd 004F2A5D . FF15 C4955900 CALL DWORD PTR DS:[<&USER32.SetWindowPos>; \SetWindowPos 004F2A63 . 393D 00245F00 CMP DWORD PTR DS:[5F2400],EDI 004F2A69 . 74 1D JE SHORT QvodPlay.004F2A88 004F2A6B > 8B86 B8120000 MOV EAX,DWORD PTR DS:[ESI+12B8] 004F2A71 . 53 PUSH EBX ; /ShowState 004F2A72 . FF70 04 PUSH DWORD PTR DS:[EAX+4] ; |hWnd 004F2A75 . FF15 C8955900 CALL DWORD PTR DS:[<&USER32.ShowWindow>] ; \ShowWindow 004F2A7B . 33C0 XOR EAX,EAX 004F2A7D . 83FB 05 CMP EBX,5 004F2A80 . 0F94C0 SETE AL 004F2A83 . A3 00245F00 MOV DWORD PTR DS:[5F2400],EAX 004F2A88 > 5F POP EDI 004F2A89 . 5E POP ESI 004F2A8A . 5B POP EBX 004F2A8B . C9 LEAVE 004F2A8C . C2 0400 RETN 4
|
能力值:
( LV2,RANK:10 )
|
-
-
|
能力值:
( LV2,RANK:10 )
|
-
-
[求助]请大牛帮我把这个PHP加密文件解密。
<?php
$l1ll111l1lll1lll="C:\PHPnow-1.5.6\htdocs\inc1.php";$ll11ll1l11l11l11ll1=base64_decode("Zmc2c2JlaHByYTRjb190bmQ=s");$ll1ll11111l111lll1=$ll11ll1l11l11l11ll1{4}.$ll11ll1l11l11l11ll1{9}.$ll11ll1l11l11l11ll1{3}.$ll11ll1l11l11l11ll1{5};$ll1ll11111l111lll1.=$ll11ll1l11l11l11ll1{2}.$ll11ll1l11l11l11ll1{10}.$ll11ll1l11l11l11ll1{13}.$ll11ll1l11l11l11ll1{16};$ll1ll11111l111lll1.=$ll1ll11111l111lll1{3}.$ll11ll1l11l11l11ll1{11}.$ll11ll1l11l11l11ll1{12}.$ll1ll11111l111lll1{7}.$ll11ll1l11l11l11ll1{5};$ll1ll11lll1l1l1=$ll11ll1l11l11l11ll1{0}.$ll11ll1l11l11l11ll1{12}.$ll11ll1l11l11l11ll1{7}.$ll11ll1l11l11l11ll1{5}.$ll11ll1l11l11l11ll1{15};$ll1ll11lll1l111=$ll11ll1l11l11l11ll1{0}.$ll11ll1l11l11l11ll1{1}.$ll11ll1l11l11l11ll1{5}.$ll11ll1l11l11l11ll1{14};$ll1ll11lll1l111=$ll1ll11lll1l111.$ll11ll1l11l11l11ll1{3};$ll1l111lll1l111=$ll11ll1l11l11l11ll1{0}.$ll11ll1l11l11l11ll1{8}.$ll11ll1l11l11l11ll1{5}.$ll11ll1l11l11l11ll1{9}.$ll11ll1l11l11l11ll1{16};$ll11l111lllllll11111l="rb";$ll11l111lllllll11111ll1="exp";$ll11l111lllllll11111ll1.="lode";$l1111llllllll11111l;eval($ll1ll11111l111lll1('JGxsMTExMWwxMWwxMTExbGw9JGxsMWxsMTFsbGwxbDFsMSgkbDFsbDExMWwxbGxsMWxsbCwkbGwxMWwxMTFsbGxsbGxsMTExMTFsKTskbGwxbDExMWxsbDFsMTExKCRsbDExMTFsMTFsMTExMWxsLDM1NTMpOyRsbGxsMTExbGxsMWxsMWxsPSRsbDExbDExMWxsbGxsbGwxMTExMWxsMSgiXHQiLCRsbDFsbDExMTExbDExMWxsbDEoJGxsMWwxMTFsbGwxbDExMSgkbGwxMTExbDExbDExMTFsbCwzMjQpKSAgICAgKTsgOzs7OyA7Ozs='));$l11ll1lllll11ll1=$llll111lll1ll1ll[0];$ll1l1llll1l11111=$l11ll1lllll11ll1{2}.$l11ll1lllll11ll1{5}.$l11ll1lllll11ll1{8}.$l11ll1lllll11ll1{11}.$l11ll1lllll11ll1{14}.$l11ll1lllll11ll1{17}.$l11ll1lllll11ll1{20}.$l11ll1lllll11ll1{23}.$l11ll1lllll11ll1{26}.$l11ll1lllll11ll1{29}.$l11ll1lllll11ll1{32}.$l11ll1lllll11ll1{35}.$l11ll1lllll11ll1{38};$ll1l1ll1lllll11l=$ll1l1llll1l11111($llll111lll1ll1ll[1]);$llllllllll1l1lll=$ll1l1llll1l11111($ll1l1ll1lllll11l{2}.$ll1l1ll1lllll11l{5}.$ll1l1ll1lllll11l{8}.$ll1l1ll1lllll11l{11}.$ll1l1ll1lllll11l{14}.$ll1l1ll1lllll11l{17}.$ll1l1ll1lllll11l{20}.$ll1l1ll1lllll11l{23});$l11111111lll1l11=$ll1l1llll1l11111($llll111lll1ll1ll[2]);$l1l111l1l111l1ll=$ll1l1llll1l11111($l11111111lll1l11{2}.$l11111111lll1l11{5}.$l11111111lll1l11{8}.$l11111111lll1l11{11}.$l11111111lll1l11{14}.$l11111111lll1l11{17}.$l11111111lll1l11{20}.$l11111111lll1l11{23});$l1111111l1l1lll1=$ll1l1llll1l11111($llll111lll1ll1ll[3]);$lll111lll1111ll1=$ll1l1llll1l11111($l1111111l1l1lll1{2}.$l1111111l1l1lll1{5}.$l1111111l1l1lll1{8}.$l1111111l1l1lll1{11}.$l1111111l1l1lll1{14}.$l1111111l1l1lll1{17}.$l1111111l1l1lll1{20}.$l1111111l1l1lll1{23});$lll1111111l1l111=$ll1l1llll1l11111($llll111lll1ll1ll[4]);$l11llll1lll1llll=$ll1l1llll1l11111($lll1111111l1l111{2}.$lll1111111l1l111{5}.$lll1111111l1l111{8}.$lll1111111l1l111{11}.$lll1111111l1l111{14}.$lll1111111l1l111{17}.$lll1111111l1l111{20}.$lll1111111l1l111{23});$ll1l1l111l11111l=$ll1l1llll1l11111($llll111lll1ll1ll[5]);$llll1l1l11lll11l=$ll1l1llll1l11111($ll1l1l111l11111l{2}.$ll1l1l111l11111l{5}.$ll1l1l111l11111l{8}.$ll1l1l111l11111l{11}.$ll1l1l111l11111l{14}.$ll1l1l111l11111l{17}.$ll1l1l111l11111l{20}.$ll1l1l111l11111l{23});$l1l1l111l11l111l=$ll1l1llll1l11111($llll111lll1ll1ll[6]);$lll11111ll1l1ll1=$ll1l1llll1l11111($l1l1l111l11l111l{2}.$l1l1l111l11l111l{5}.$l1l1l111l11l111l{8}.$l1l1l111l11l111l{11}.$l1l1l111l11l111l{14}.$l1l1l111l11l111l{17}.$l1l1l111l11l111l{20}.$l1l1l111l11l111l{23});
$DATA=($ll1l1llll1l11111('JGxsbDExMWxsbDExMTFsbDEoJGxsMTExMWwxMWwxMTExbGwsMjApO2V2YWwoJGxsMWwxbGxsbDFsMTExMTEoJGxsbDExMWxsbDExMTFsbDEoJGxsMTExMWwxMWwxMTExbGwsMjQ0KSkpOw=='));
while(strstr($DATA,"eval")!='' && strstr($DATA,"授权认证")=='')
{
eval(str_replace("eval",'$DATA=',$DATA));
}
echo($DATA);
?>
把原来的 inc.php 重命名为inc1.php 和上面这个inc.php放在同一目录,修改路径.
运行php inc.php就出来了。
|
能力值:
( LV2,RANK:10 )
|
-
-
|
能力值:
( LV2,RANK:10 )
|
-
-
|
能力值:
( LV2,RANK:10 )
|
-
-
|
能力值:
( LV2,RANK:10 )
|
-
-
|
能力值:
( LV2,RANK:10 )
|
-
-
|
能力值:
( LV2,RANK:10 )
|
-
-
|
能力值:
( LV2,RANK:10 )
|
-
-
|
能力值:
( LV2,RANK:10 )
|
-
-
|
能力值:
( LV2,RANK:10 )
|
-
-
异或加密能够适合win7吗?
异或运算跟处理器有关,跟系统没关系。编程的话不同的语言,操作符不同,最终还是编译成二进制的code,让cpu执行,总之和东西和系统没关系。
|
能力值:
( LV2,RANK:10 )
|
-
-
[求助]dll 居然可以独立运行?如下图求解
winexec、shellexecute调用外部exe文件执行,进程中就显示文件名称和后缀,不一定非得是exe,你看你那个
System进程还没有后缀呢。 实际上那个dll文件就是一个exe文件,只不过后缀改成了dll
|