-
-
[原创]看雪2016 第二十九题 CrackMe逆向分析
-
发表于: 2016-12-31 22:47 4519
-
crackme采用多线程,分步骤解码方式,最终需要解密一段代码再运行并弹出提示消息框。反调试为CRC校验,具体逆向步骤如下:
IDA 打开crackerme,发现 GetDlgItemTextA,查找参考并来到 sub_4012E7
v3 = 0; v4 = 8; v5 = &sn; v6 = (unsigned __int8)sn; while ( v4 ) { v3 += v6; LOBYTE(v6) = *++v5; --v4; } if ( (_BYTE)v6 ) result = (char *)MessageBoxA(hWnd, err, err, 0); else result = sub_401B0A(v3);
char *__stdcall sub_401B0A(int a1) { char *result; // eax@2 if ( dword_403037 ) { ++byte_403C99; switch ( a1 ) { case 0x566: result = (char *)sub_401DA0(); break; case 0x79A: result = (char *)sub_401DC1(); break; case 0x86B: result = sub_401E16(); break; case 0x5D5: result = (char *)sub_401DE2(); break; case 0x325: result = (char *)sub_401DE2(); break; default: byte_403C99 = 0; result = (char *)MessageBoxA(0, err, err, 0); break; } } else { result = (char *)MessageBoxA(0, err, err, 0); } return result; }
a3 = 8; while ( a3 ) { v8 += v11; *v10++ = v11 ^ 0x66; ++v9; --a3; LOBYTE(v11) = *v9; }
if ( v8 == 0x353 ) { v12 = 12; goto LABEL_18; } if ( v8 == 0x325 ) { v12 = 4; goto LABEL_18; } if ( v8 == 0x29B ) break; if ( v8 == 0x363 ) { v12 = 20; LABEL_18: v13 = (char *)&dword_4032F1 + v12; LOWORD(v12) = *(_WORD *)((char *)&unk_403BEA + 7); a3 = v12 << 16; LOWORD(a3) = *(_WORD *)((char *)&unk_403BEA + 9) + a3; ((void (__stdcall *)(_DWORD))a3)(*(_DWORD *)v13); }
赞赏
他的文章
- [原创]C++类成员指针调用 4303
- [原创]VMP3.2授权分析 53737
- [原创]看雪CTF2017 第十二题分析 5047
- [原创]看雪CTF2017 第十一题分析 6201
- [原创]看雪CTF2017 第十题分析 5795
看原图
赞赏
雪币:
留言: