-
-
第二题
-
发表于:
2015-1-23 17:27
1908
-
//先解密libcrackme.so的导出函数jolin
void decryptJolin(LPCTSTR lpFile)
{
HANDLE hFile = INVALID_HANDLE_VALUE;
HANDLE hMapping = NULL;
PBYTE pvFile = NULL;
DWORD dwFileSize = 0;
DWORD dwFileSizeHigh = 0;
hFile = CreateFile(lpFile, GENERIC_ALL, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
return;
}
do
{
dwFileSize = GetFileSize(hFile, &dwFileSizeHigh);
hMapping = CreateFileMapping(hFile, NULL, PAGE_READWRITE, 0, 0, NULL);
if (hMapping == NULL)
{
break;
}
pvFile = (PBYTE)MapViewOfFile(hMapping, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0);
if (pvFile == NULL)
{
break;
}
if (dwFileSizeHigh != 0)
{
break;
}
if (dwFileSize < 8)
{
break;
}
PBYTE pBuf = pvFile + 0x1720;
PBYTE pKey = pvFile + 0x5004;
for (int i= 0; i < 212; i++)
{
pBuf[i] ^= pKey[i % 108];
}
} while (0);
if (pvFile != NULL)
{
UnmapViewOfFile(pvFile);
}
if (hMapping != NULL)
{
CloseHandle(hMapping);
}
if (hFile != INVALID_HANDLE_VALUE)
{
CloseHandle(hFile);
}
}
int main(int argc, char* argv[])
{
decryptJolin("libcrackme.so");
return 0;
}
//jolin函数功能, 修改off_628C处的字符串(验证码)
[培训]科锐软件逆向54期预科班、正式班开始火爆招生报名啦!!!
