验证逻辑:
if ( (signed __int64)v5 <= 96000 && (signed __int64)v5 >= 90000 )
{
...
dwIoControlCode = 0x222041;
...
v7 = DeviceIoControl(hDevice, dwIoControlCode, &InBuffer, 0x107u, &OutBuffer, 0x400u, &BytesReturned, 0i64);
if ( !v7 )
{
MessageBoxW(0i64, L"wrong!", L"err", 0);
return 0i64;
}
}
输入数SN的范围在90000~96000之间,通过DeviceIoControl与驱动交互
InBuffer:
F0 F8 2C 00 00 00 00 00 //
50 20 99 3F 01 00 00 00 //
E0 1F 00 00 00 00 00 00 //pid
62 64 01 00 00 00 00 00 //SN
EB 18 //一段可执行代码
00 00 00 00 00 00 00 00
08 00 00 00 00 00 00 00
60 6B 99 3F 01 00 00 00 //
55 48 8B EC E8 01 00 00 00 90 48 8B C4 48 C7 C1 10 00 00 00 48 33 D2 48 F7 F1 83 FA 00 75 17 48
8B 04 24 48 89 44 24 F8 48 8B 44 24 08 48 89 04 24 48 8D 64 24 F8 48 8B 0C 24 48 8B 51 DF 48 83
FA 00 74 04 48 89 55 08 48 8B 51 E7 48 83 FA 00 48 BA 2D 7F 6C 43 F6 7F 00 00 48 B8 CE 7F 6C 43
F6 7F 00 00 9C 48 2B C2 9D 74 17 48 8D 51 DD 48 8D 14 10 48 8B 41 E7 48 8D 04 10 48 8B 49 EF 51
FF D0 48 8B E5 5D C3
00 00 00 00
E8 59 0D 6D 80 3C A2 78 15 87 16 16 07 26 68 55 7F 12 F1 EF F9 A1 9C E8 EA 9C 90 F4 9F 3A A8 8C //一段密文
27 47 79 F6 DC 20 7F 86 ED 34 7E F7 1C 55 6B F6 EF F2 2A 7A F0 44 50 8A 9B E1 C4 E1 45 90 2B 0E
CF AF
[注意]看雪招聘,专注安全领域的专业人才平台!