-
-
[原创]签到题wp
-
发表于: 2022-5-18 12:12 3123
-
ida打开,check的消息处理有一段乱码,估计被加密了。
动态调试,如果输入了正确的序列号,代码就会被解密。接着再反编译,思路就很明确了。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 | int __cdecl sub_401340(HWND hDlg) { int result; / / eax int Value; / / [esp + 20h ] [ebp - 3B8h ] int v3; / / [esp + 2Ch ] [ebp - 3ACh ] int v4; / / [esp + 34h ] [ebp - 3A4h ] signed int v5; / / [esp + 38h ] [ebp - 3A0h ] int v6; / / [esp + 3Ch ] [ebp - 39Ch ] HWND hWnd; / / [esp + 4Ch ] [ebp - 38Ch ] HWND hWnda; / / [esp + 4Ch ] [ebp - 38Ch ] char Buffer ; / / [esp + 54h ] [ebp - 384h ] BYREF char v10[ 199 ]; / / [esp + 55h ] [ebp - 383h ] BYREF CHAR v11; / / [esp + 11Ch ] [ebp - 2BCh ] BYREF char v12[ 199 ]; / / [esp + 11Dh ] [ebp - 2BBh ] BYREF char v13[ 36 ]; / / [esp + 1E4h ] [ebp - 1F4h ] BYREF int v14[ 50 ]; / / [esp + 208h ] [ebp - 1D0h ] BYREF CHAR String; / / [esp + 2D0h ] [ebp - 108h ] BYREF char v16[ 199 ]; / / [esp + 2D1h ] [ebp - 107h ] BYREF char v17[ 16 ]; / / [esp + 398h ] [ebp - 40h ] BYREF char Destination; / / [esp + 3A8h ] [ebp - 30h ] BYREF int v19; / / [esp + 3A9h ] [ebp - 2Fh ] int v20; / / [esp + 3ADh ] [ebp - 2Bh ] int v21; / / [esp + 3B1h ] [ebp - 27h ] int v22; / / [esp + 3B5h ] [ebp - 23h ] __int16 v23; / / [esp + 3B9h ] [ebp - 1Fh ] char v24; / / [esp + 3BBh ] [ebp - 1Dh ] CPPEH_RECORD ms_exc; / / [esp + 3C0h ] [ebp - 18h ] v11 = 0 ; memset(v12, 0 , sizeof(v12)); LOBYTE(v14[ 0 ]) = 0 ; memset((char * )v14 + 1 , 0 , 0xC7u ); Buffer = 0 ; memset(v10, 0 , sizeof(v10)); String = 0 ; memset(v16, 0 , sizeof(v16)); strcpy(v17, "www.pediy.com" ); Destination = 0 ; v19 = 0 ; v20 = 0 ; v21 = 0 ; v22 = 0 ; v23 = 0 ; v24 = 0 ; strcpy(v13, "23456781ABCDEFGHJKLMNPQRSTUVWXYZ" ); v5 = GetDlgItemTextA(hDlg, 1001 , &String, 201 ); v6 = GetDlgItemTextA(hDlg, 1000 , &v11, 201 ); if ( v5 > 14 || v6 = = 0 ) { SetDlgItemTextA(hDlg, 1001 , "Wrong Serial!" ); hWnd = GetDlgItem(hDlg, 1014 ); EnableWindow(hWnd, 0 ); result = 0 ; } else { v14[ 0 ] = * (_DWORD * )&v16[ 9 ]; v3 = sub_4034AD(( int )v14); / / 序列号的后四位 if ( dword_413000 ) sub_4017E0(loc_4015D2, &loc_401767 - (_UNKNOWN * )loc_4015D2, v3); / / 解密代码 ms_exc.registration.TryLevel = 0 ; Value = sub_401260(&v11, v6); strncpy(&Destination, &String, v5 - 4 ); _ultoa(Value, & Buffer , 10 ); dword_413000 = 0 ; v4 = strcmp(& Buffer , &Destination); / / Buffer 即序列号的前十位 if ( v4 ) v4 = v4 < 0 ? - 1 : 1 ; if ( v4 ) SetDlgItemTextA(hDlg, 1001 , "Wrong Serial!" ); else SetDlgItemTextA(hDlg, 1001 , "Success!" ); / / 成功 hWnda = GetDlgItem(hDlg, 1014 ); EnableWindow(hWnda, 0 ); ms_exc.registration.TryLevel = - 2 ; result = 0 ; } return result; } |
直接在x64dbg把buffer提取出来,后面加1212
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
最后于 2022-5-22 09:16
被wx_123456编辑
,原因:
赞赏
看原图
赞赏
雪币:
留言: