-
-
[旧帖]
:eek:请老师们看看一下这样.Net程序能不能爆破 (附有il代码)
0.00雪花
-
发表于:
2010-4-24 02:05
5711
-
[旧帖] :eek:请老师们看看一下这样.Net程序能不能爆破 (附有il代码)
0.00雪花
实在看不懂il代码,请老师们帮忙看看这个程序的爆破点在哪里,原程序Xenocode加的壳 下面是关键代码:
.locals init (
[System.Management]System.Management.ManagementClass class1,
[System.Management]System.Management.ManagementObjectCollection collection1,
int32 num1,
[System.Management]System.Management.ManagementObject obj1,
string text1,
[System.Management]System.Management.ManagementObjectCollection/[System.Management]ManagementObjectEnumerator enumerator1)
L_0000: ldstr "usp10.dll"
L_0005: call bool [mscorlib]System.IO.File::Exists(string)
L_000a: brtrue.s L_0018
L_000c: ldstr "lpk.dll"
L_0011: call bool [mscorlib]System.IO.File::Exists(string)
L_0016: brfalse.s L_0029
L_0018: ldstr "有插件!"
L_001d: call [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(string)
L_0022: pop
L_0023: call void [System.Windows.Forms]System.Windows.Forms.Application::Exit()
L_0028: ret
L_0029: ldstr "Win32_DiskDrive"
L_002e: newobj instance void [System.Management]System.Management.ManagementClass::.ctor(string)
L_0033: stloc.0
L_0034: ldloc.0
L_0035: callvirt instance [System.Management]System.Management.ManagementObjectCollection [System.Management]System.Management.ManagementClass::GetInstances()
L_003a: stloc.1
L_003b: ldc.i4.0
L_003c: stloc.2
L_003d: ldloc.1
L_003e: callvirt instance [System.Management]System.Management.ManagementObjectCollection/[System.Management]ManagementObjectEnumerator [System.Management]System.Management.ManagementObjectCollection::GetEnumerator()
L_0043: stloc.s V_5
L_0045: br.s L_007A
L_0047: ldloc.s V_5
L_0049: callvirt instance [System.Management]System.Management.ManagementBaseObject [System.Management]System.Management.ManagementObjectCollection/[System.Management]ManagementObjectEnumerator::get_Current()
L_004e: castclass [System.Management]System.Management.ManagementObject
L_0053: stloc.3
L_0054: ldloc.2
L_0055: brtrue.s L_0076
L_0057: ldloc.3
L_0058: callvirt instance [System.Management]System.Management.PropertyDataCollection [System.Management]System.Management.ManagementBaseObject::get_Properties()
L_005d: ldstr "Model"
L_0062: callvirt instance [System.Management]System.Management.PropertyData [System.Management]System.Management.PropertyDataCollection::get_Item(string)
L_0067: callvirt instance object [System.Management]System.Management.PropertyData::get_Value()
L_006c: castclass string
L_0071: stsfld string 工具.Asp::xa03ee6786d458552
L_0076: ldloc.2
L_0077: ldc.i4.1
L_0078: add
L_0079: stloc.2
L_007a: ldloc.s V_5
L_007c: callvirt instance bool [System.Management]System.Management.ManagementObjectCollection/[System.Management]ManagementObjectEnumerator::MoveNext()
L_0081: brtrue.s L_0047
L_0083: leave.s L_0091
L_0085: ldloc.s V_5
L_0087: brfalse.s L_0090
L_0089: ldloc.s V_5
L_008b: callvirt instance void [mscorlib]System.IDisposable::Dispose()
L_0090: endfinally
L_0091: ldarg.0
L_0092: ldfld [System.Windows.Forms]System.Windows.Forms.TextBox 工具.datang2::x91fd2779e100bc40
L_0097: callvirt instance string [System.Windows.Forms]System.Windows.Forms.Control::get_Text()
L_009c: ldstr ""
L_00a1: call bool string::op_Inequality(string, string)
L_00a6: brfalse L_02BC
L_00ab: ldarg.0
L_00ac: ldc.i4.2
L_00ad: ldc.i4.1
L_00ae: ldc.i4.6
L_00af: newobj instance void [System]System.Net.Sockets.Socket::.ctor([System]System.Net.Sockets.AddressFamily, [System]System.Net.Sockets.SocketType, [System]System.Net.Sockets.ProtocolType)
L_00b4: stfld [System]System.Net.Sockets.Socket 工具.datang2::s
L_00b9: ldarg.0
L_00ba: ldsfld string 工具.Asp::x486d11064bbffbdc
L_00bf: call [System]System.Net.IPAddress [System]System.Net.IPAddress::Parse(string)
L_00c4: stfld [System]System.Net.IPAddress 工具.datang2::serverIP
L_00c9: ldarg.0
L_00ca: ldfld [System]System.Net.Sockets.Socket 工具.datang2::s
L_00cf: ldarg.0
L_00d0: ldfld [System]System.Net.IPAddress 工具.datang2::serverIP
L_00d5: ldc.i4 1017
L_00da: callvirt instance void [System]System.Net.Sockets.Socket::Connect([System]System.Net.IPAddress, int32)
L_00df: ldsfld string 工具.Asp::x486d11064bbffbdc
L_00e4: stsfld string 工具.Asp::xcec3be2f50177818
L_00e9: leave.s L_00F9
L_00eb: pop
L_00ec: ldstr "连接服务器失败,请登录主页下载最新版。"
L_00f1: call [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(string)
L_00f6: pop
L_00f7: leave.s L_00F9
L_00f9: ldarg.0
L_00fa: ldarg.0
L_00fb: ldfld [System]System.Net.Sockets.Socket 工具.datang2::s
L_0100: newobj instance void [System]System.Net.Sockets.NetworkStream::.ctor([System]System.Net.Sockets.Socket)
L_0105: stfld [System]System.Net.Sockets.NetworkStream 工具.datang2::ns
L_010a: ldarg.0
L_010b: ldarg.0
L_010c: ldfld [System]System.Net.Sockets.NetworkStream 工具.datang2::ns
L_0111: newobj instance void [mscorlib]System.IO.StreamReader::.ctor([mscorlib]System.IO.Stream)
L_0116: stfld [mscorlib]System.IO.StreamReader 工具.datang2::sr
L_011b: ldarg.0
L_011c: ldarg.0
L_011d: ldfld [System]System.Net.Sockets.NetworkStream 工具.datang2::ns
L_0122: newobj instance void [mscorlib]System.IO.StreamWriter::.ctor([mscorlib]System.IO.Stream)
L_0127: stfld [mscorlib]System.IO.StreamWriter 工具.datang2::sw
L_012c: ldarg.0
L_012d: ldfld [mscorlib]System.IO.StreamWriter 工具.datang2::sw
L_0132: ldarg.0
L_0133: ldfld [System.Windows.Forms]System.Windows.Forms.TextBox 工具.datang2::x91fd2779e100bc40
L_0138: callvirt instance string [System.Windows.Forms]System.Windows.Forms.Control::get_Text()
L_013d: callvirt instance string object::ToString()
L_0142: callvirt instance string string::Trim()
L_0147: ldstr "#"
L_014c: ldarg.0
L_014d: ldfld [System.Windows.Forms]System.Windows.Forms.TextBox 工具.datang2::x91fd2779e100bc40
L_0152: callvirt instance string [System.Windows.Forms]System.Windows.Forms.Control::get_Text()
L_0157: callvirt instance string object::ToString()
L_015c: callvirt instance string string::Trim()
L_0161: ldsfld string 工具.Asp::xa03ee6786d458552
L_0166: call string string::Concat(string, string)
L_016b: call string 工具.Asp::xfc3d52884c79b56b(string)
L_0170: call string string::Concat(string, string, string)
L_0175: callvirt instance void [mscorlib]System.IO.TextWriter::WriteLine(string)
L_017a: ldarg.0
L_017b: ldfld [mscorlib]System.IO.StreamWriter 工具.datang2::sw
L_0180: callvirt instance void [mscorlib]System.IO.TextWriter::Flush()
L_0185: ldarg.0
L_0186: ldfld [mscorlib]System.IO.StreamReader 工具.datang2::sr
L_018b: callvirt instance string [mscorlib]System.IO.TextReader::ReadLine()
L_0190: stloc.s V_4
L_0192: ldarg.0
L_0193: ldfld [System.Windows.Forms]System.Windows.Forms.Label 工具.datang2::label2
L_0198: ldstr "提示:"
L_019d: ldloc.s V_4
L_019f: call string string::Concat(string, string)
L_01a4: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_01a9: ldloc.s V_4
L_01ab: ldstr "验证通过,欢迎使用本软件。"
L_01b0: call bool string::op_Equality(string, string)
L_01b5: brfalse.s L_0201
L_01b7: ldc.i4.1
L_01b8: stsfld bool 工具.Asp::x645d0ad1b6a0e398
L_01bd: ldarg.0
L_01be: ldfld [System.Windows.Forms]System.Windows.Forms.Button 工具.datang2::x59c90f5c34f95c5b
L_01c3: ldstr "已注册为商业版"
L_01c8: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_01cd: ldarg.0
L_01ce: ldfld [System.Windows.Forms]System.Windows.Forms.Button 工具.datang2::x59c90f5c34f95c5b
L_01d3: ldc.i4.0
L_01d4: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Enabled(bool)
L_01d9: ldarg.0
L_01da: ldfld [System.Windows.Forms]System.Windows.Forms.TextBox 工具.datang2::x91fd2779e100bc40
L_01df: ldc.i4.1
L_01e0: callvirt instance void [System.Windows.Forms]System.Windows.Forms.TextBoxBase::set_ReadOnly(bool)
L_01e5: ldarg.0
L_01e6: ldfld [System.Windows.Forms]System.Windows.Forms.TextBox 工具.datang2::x91fd2779e100bc40
L_01eb: call [System.Drawing]System.Drawing.Color [System.Drawing]System.Drawing.Color::get_Red()
L_01f0: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_BackColor([System.Drawing]System.Drawing.Color)
L_01f5: ldarg.0
L_01f6: ldc.i4.1
L_01f7: stfld bool 工具.datang2::by
L_01fc: br L_027E
L_0201: ldloc.s V_4
L_0203: ldstr "验证失败,请购买正版软件。"
L_0208: call bool string::op_Equality(string, string)
L_020d: brfalse.s L_027E
L_020f: ldc.i4.0
L_0210: stsfld bool 工具.Asp::x645d0ad1b6a0e398
L_0215: ldarg.0
L_0216: ldfld [System.Windows.Forms]System.Windows.Forms.TextBox 工具.datang2::x91fd2779e100bc40
L_021b: callvirt instance string [System.Windows.Forms]System.Windows.Forms.Control::get_Text()
L_0220: callvirt instance string object::ToString()
L_0225: callvirt instance string string::Trim()
L_022a: ldsfld string 工具.Asp::xa03ee6786d458552
L_022f: call string string::Concat(string, string)
L_0234: call string 工具.Asp::xfc3d52884c79b56b(string)
L_0239: ldc.i4.1
L_023a: call void [System.Windows.Forms]System.Windows.Forms.Clipboard::SetDataObject(object, bool)
L_023f: ldstr "机器码:"
L_0244: ldarg.0
L_0245: ldfld [System.Windows.Forms]System.Windows.Forms.TextBox 工具.datang2::x91fd2779e100bc40
L_024a: callvirt instance string [System.Windows.Forms]System.Windows.Forms.Control::get_Text()
L_024f: callvirt instance string object::ToString()
L_0254: callvirt instance string string::Trim()
L_0259: ldsfld string 工具.Asp::xa03ee6786d458552
L_025e: call string string::Concat(string, string)
L_0263: call string 工具.Asp::xfc3d52884c79b56b(string)
L_0268: ldstr " 请按Ctrl+V快捷键机器码复制到QQ聊天框并发送给官方销售QQ进行注册。"
L_026d: call string string::Concat(string, string, string)
L_0272: ldstr "注册方式:"
L_0277: ldc.i4.0
L_0278: call [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(string, string, [System.Windows.Forms]System.Windows.Forms.MessageBoxButtons)
L_027d: pop
L_027e: leave.s L_0283
L_0280: pop
L_0281: leave.s L_0283
L_0283: ldarg.0
L_0284: ldfld [mscorlib]System.IO.StreamReader 工具.datang2::sr
L_0289: callvirt instance void [mscorlib]System.IO.TextReader::Close()
L_028e: ldarg.0
L_028f: ldfld [mscorlib]System.IO.StreamWriter 工具.datang2::sw
L_0294: callvirt instance void [mscorlib]System.IO.TextWriter::Close()
L_0299: ldarg.0
L_029a: ldfld [System]System.Net.Sockets.NetworkStream 工具.datang2::ns
L_029f: callvirt instance void [mscorlib]System.IO.Stream::Close()
L_02a4: ldarg.0
L_02a5: ldfld [System]System.Net.Sockets.Socket 工具.datang2::s
L_02aa: ldc.i4.2
L_02ab: callvirt instance void [System]System.Net.Sockets.Socket::Shutdown([System]System.Net.Sockets.SocketShutdown)
L_02b0: ldarg.0
L_02b1: ldfld [System]System.Net.Sockets.Socket 工具.datang2::s
L_02b6: callvirt instance void [System]System.Net.Sockets.Socket::Close()
L_02bb: ret
L_02bc: ldstr "请先输入您的QQ号码!"
L_02c1: ldstr "提示"
L_02c6: ldc.i4.0
L_02c7: ldc.i4.s 48
L_02c9: call [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(string, string, [System.Windows.Forms]System.Windows.Forms.MessageBoxButtons, [System.Windows.Forms]System.Windows.Forms.MessageBoxIcon)
L_02ce: pop
L_02cf: ret
.try L_0045 to L_0085 finally handler L_0085 to L_0091
.try L_00c9 to L_00eb catch [mscorlib]System.Exception handler L_00eb to L_00f9
.try L_00f9 to L_0280 catch [mscorlib]System.Exception handler L_0280 to L_0283
请老师们指点下这样的程序能不能爆破,爆破点在哪里?
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
