1.检测pe信息
peid没打开,估计是64位,用IDA Pro 64打开。
2.IDA查看
很容易定位到
INT_PTR __fastcall sub_140001340(HWND a1, int a2, unsigned __int16 a3)
{
int v3; // ebx
unsigned __int16 v4; // si
HWND v5; // rdi
int v6; // ebx
int v7; // ebx
UINT snLen; // ebx
CHAR *v10; // rdx
HICON v11; // rax
HWND v12; // rax
CHAR wrong[16]; // [rsp+30h] [rbp-D0h]
__int64 right; // [rsp+48h] [rbp-B8h]
CHAR SN; // [rsp+60h] [rbp-A0h]
char v16; // [rsp+61h] [rbp-9Fh]
char v17; // [rsp+62h] [rbp-9Eh]
char v18; // [rsp+63h] [rbp-9Dh]
char v19; // [rsp+64h] [rbp-9Ch]
char v20; // [rsp+65h] [rbp-9Bh]
CHAR String; // [rsp+D0h] [rbp-30h]
v3 = a2;
v4 = a3;
v5 = a1;
memset(&String, 0, 0x50ui64);
memset(&SN, 0, 0x64ui64);
strcpy((char *)&right, "恭喜你!成功!");
strcpy(wrong, "序列号错误,再来一次!");
v6 = v3 - 16;
if ( !v6 )
{
DestroyWindow(v5);
return 0i64;
}
v7 = v6 - 256;
if ( !v7 )
{
v11 = LoadIconA(hInstance, (LPCSTR)0x70);
SendMessageA(v5, 0x80u, 1ui64, (LPARAM)v11);
SendDlgItemMessageA(v5, 1000, 0xC5u, 0x50ui64, 0i64);
v12 = GetDlgItem(v5, 1000);
SetFocus(v12);
return 0i64;
}
if ( v7 != 1 )
return 0i64;
if ( v4 == 1002 )
{
SendMessageA(v5, 0x10u, 0i64, 0i64);
return 1i64;
}
if ( v4 != 1013 )
{
if ( v4 == 1014 || v4 == 40002 )
{
DialogBoxParamA(hInstance, (LPCSTR)0x67, v5, (DLGPROC)DialogFunc, 0i64);
return 1i64;
}
return 1i64;
}
snLen = GetDlgItemTextA(v5, 1000, &String, 81);
GetDlgItemTextA(v5, 1000, &SN, 101);
if ( snLen != '\x06' || SN != '6' || v16 != 'E' || v17 != 'w' || v18 != 'i' || v19 != '9' || v20 != 'H' )
v10 = wrong;
else
v10 = (CHAR *)&right;
lstrcpyA((LPSTR)&String1, v10);
DialogBoxParamA(hInstance, (LPCSTR)0x79, v5, (DLGPROC)sub_1400012E0, 0i64);// IPDialogFunc参数发送WM_SETTEXT显示对应的提示信息
return 1i64;
}
容易得出 SN = "6Ewi9H"
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
