首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 软件逆向
    3. 发新帖
[原创]数据结构在.net反流程混淆中的应用[看雪学院2006金秋读书季]
发表于: 2006-11-7 12:52 30151

[原创]数据结构在.net反流程混淆中的应用[看雪学院2006金秋读书季]

tankaiha 活跃值
29
2006-11-7 12:52
30151

数据结构是计算机专业的必修课,但抽象的概念有时让人觉得它难以运用,也有人认为它太基础而不去重视。下面就来看看数据结构在解决实际问题中的作用。

问题描述:
    .net平台下的一种软件保护方式叫流程混淆,类似win32下的花指令,主要功能是改变程序流程,添加垃圾代码,增大分析难度。.net中的许多反编译软件可以直接将源代码解码成高级语言(如C#、VB.net)格式,而流程混淆可以使解码失败,或者解码出的结果错误百出。
    先看一个被混淆的crackme的代码片段,Reflector直接解码为C#,输出如下:

private void x85601834555fb7d5()
{
      this.x3d9c937c1f3cf311 = new TextBox();
      if (-1 != 0)
      {
      Label_0652:
            this.x6020c4e7a1cc0f6b = new TextBox();
            this.xf5622c25220a6c23 = new Label();
            if (0 != 0)
            {
                  goto Label_0490;
            }
            this.x9001f8afc870fc4c = new Label();
            if (0 != 0)
            {
                  goto Label_0342;
            }
            if (0xff != 0)
            {
                  if (0 == 0)
                  {
                        do
                        {
                              if (0 != 0)
                              {
                                    goto Label_0113;
                              }
                              if (0 != 0)
                              {
                                    goto Label_02BF;
                              }
                              if (-2147483648 == 0)
                              {
                                    goto Label_05D3;
                              }
                              this.xde320a064856d64c = new Button();
                              this.x1ae679ea6e03596b = new Button();
                        }
                        while (0 != 0);
                  }
            }
            else
            {
                  goto Label_0652;
            }
            if (0x7fffffff != 0)
            {
                  goto Label_05F2;
            }
            goto Label_0578;
      }

问题分析:
    看一下被混淆方法的IL代码会更清楚原理,IL代码片段如下:
      L_0668: br.s L_0634
      L_066a: ldc.i4.0
      L_066b: brfalse.s L_0624
      L_066d: ldc.i4 2147483647    //恒成立的跳转
      L_0672: brtrue L_05f2
      L_0677: br L_0578    //直接跳转
      L_067c: br L_0015    //直接跳转
      L_0681: ret

    代码中被添加了很多br(跳转),以及恒成立的判断跳转。这样,程序就被拆分成很多小块,执行时跳来跳去,造成静态分析的困难。试想一个上万行的函数,被拆分成数百个小块,执行时前后跳转,静态分析还如何进行?

解决方法:
    怎么反流程混淆,很自然地,我们想到将br进行连接,将恒成立的跳转去除。(不同的流程混淆软件有不同的特征,注意收集。)对于代码很多的方法,手工进行处理是不现实的,因此必须编程实现。一个简单的反混淆器,无须用到编译原理的知识,我们需要的是数据结构,下面就介绍下怎么将数据结构的知识用在反混淆器的编写上。

树的构造:
    分析一下IL代码,我们可以将其分为三大类(暂不考虑switch指令):不跳转(继续运行),判断跳转(如brtrue,brfalse)和直接跳转(br和br.s)。

public enum JumpType
{
      NoJump,
      BooleanJump,
      DirectJump
}
    很自然地,我们想到了二叉树。每个结点代表一条(和多条)指令,对于直接跳转和非跳转指令,该结点只有一个子结点;对于判断跳转,每个结点有两个子结点,分别代表跳转目标和下一条指令。基本构造如下:


程序中,我们可以为结点构造如下的类:
public class ILNode
{
      public ILNode();

      public List<ILLine> ilblk;    //代码块
      public ILNode left;    //指向左结点
      public ILNode right;    //指向右结点
}

程序的实现:
    附件中给出我编写的简单反混淆器,可以用Reflector直接查看源码。程序工作流程:

1.产生指令表:既产生一张包含所有IL指令的表,用于读入源代码时进行比较。表中每个IL指令的格式用一个结构表示。

public struct OpCodeTypeInfo
{
      public string name;        //指令名称
      public JumpType jumptype;    //跳转类型
      public bool hasoprand;        //是否有操作数
      public OpCodeTypeInfo(string n, JumpType jtp, bool oprand);//初始化方法
}

2.读入所有的源代码。(由于没有实现完整的词法,语法和语义分析,因此只读入标准的ildasm反编译代码,且必须包含行号。)
private static bool ReadSource(string src)

每一行源代码,用一个结构来表示:
public struct ILLine
{
      public int lable;        //行号
      public string opcode;    //指令
      public string oprand;    //操作数
      public int size;        //大小(用于计算行号,未使用)
      public JumpType jumpType;    //(代码的类型)
}

3.构建二叉树:将有读入的源码进行树构造,结果是产生如上图的二叉树,所有的代码都在树结点中。
private static bool MakeBTree()
private static ILNode ReadSrcIntoNode(int idx)
    在这一步中已经完成了对恒成立判断跳转的处理。

4.对树结点进行优化:主要是边接br块。
private static bool SecondOptimise(ILNode ilnode)

5.输出反混淆结果:按一定顺序遍历二叉树,生成代码。这是这种反混淆方法的通用之处所在,也是其弱点。编译器将高级语言编译成IL时,通常有一定的顺序。如果要完全还原源程序,必须对不同编译器生成的不同代码块有所了解(比如if、while的编码方法),而我们直接按照先右子树,后左子树的顺序进行输出,既无法完全还原源代码,但在一定程度上又做到了通用,因为无论是MS还是别的编译器生成的IL代码,都可以解决。
private static string OutputTree(ILNode ilnode)

反混淆结果:
    使用时,将某个方法的IL代码全部复制到DeFlowOb.exe中,输出后将反混淆代码覆盖源程序。在SDK中用ilasm编译。
    用Reflector载入附件中的crackme,分别对比反混淆前后的x85601834555fb7d5方法,可以看到效果。

   

小结:
    这个小程序还有很多可扩展的地方,比如加入try-catch-finally块的处理(同样可以利用树,不过不是二叉树),加入特定编译块的处理(比如判断while(){}块)。
    数据结构在程序开发中的运用很广泛,在逆向工程中也是一样。只要多想,便可以学有所用。抛砖引玉,希望更多人将自己的知识灵活运用,编写出更好的工具。


[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

上传的附件:
收藏
免费 7
支持
分享
最新回复 (43)
tankaiha
雪    币: 5275
活跃值: (456)
能力值: (RANK:1170 )
在线值:
发帖
回帖
粉丝
私信
2
汗,想发在调试论坛的
2006-11-7 13:08
0
kanxue
雪    币: 47147
活跃值: (20460)
能力值: (RANK:350 )
在线值:
发帖
回帖
粉丝
私信
3
最初由 tankaiha 发布
汗,想发在调试论坛的

我开始也纳闷,正在考虑移不移。;)
tankaiha 现在对.net越来越熟悉了,更难得可贵的,还带动大家写了这么多.net文章。
2006-11-7 13:09
0
china
雪    币: 3689
活跃值: (4247)
能力值: (RANK:215 )
在线值:
发帖
回帖
粉丝
私信
4
支持tankaiha。
2006-11-7 13:15
0
newsearch
雪    币: 257
活跃值: (369)
能力值: ( LV12,RANK:370 )
在线值:
发帖
回帖
粉丝
私信
5
好好学习一下,顶
2006-11-7 13:18
0
dreaman
雪    币: 1316
活跃值: (512)
能力值: ( LV12,RANK:450 )
在线值:
发帖
回帖
粉丝
私信
6
顶一把,经典。
2006-11-7 15:30
0
binbinbin
雪    币: 405
活跃值: (10)
能力值: ( LV9,RANK:1130 )
在线值:
发帖
回帖
粉丝
私信
7
.net太特殊了,不懂。纯支持个人气、。。
2006-11-7 17:06
0
Isaiah
雪    币: 331
活跃值: (56)
能力值: ( LV13,RANK:410 )
在线值:
发帖
回帖
粉丝
私信
8
来一个编译原理的~~~强烈顶!
2006-11-7 18:22
0
rick
雪    币: 288
活跃值: (112)
能力值: ( LV12,RANK:290 )
在线值:
发帖
回帖
粉丝
私信
9
有局部变量的处理起来更麻烦。。。。。。
2006-11-7 20:03
0
快雪时晴
雪    币: 370
活跃值: (15)
能力值: ( LV9,RANK:170 )
在线值:
发帖
回帖
粉丝
私信
10
每一篇都很独
大家决不能放过的好文章
2006-11-7 22:56
0
海风月影
雪    币: 7309
活跃值: (3788)
能力值: (RANK:1130 )
在线值:
发帖
回帖
粉丝
私信
11
这么快就搞定了,牛人
2006-11-7 23:08
0
huweiqi
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
12
强烈支持。不如做个reflector的plugin吧。
2006-11-8 08:46
0
tankaiha
雪    币: 5275
活跃值: (456)
能力值: (RANK:1170 )
在线值:
发帖
回帖
粉丝
私信
13
最初由 huweiqi 发布
强烈支持。不如做个reflector的plugin吧。


此建议具有很强的指导性和可操作性,嘿嘿
2006-11-8 09:47
0
baibai
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
14
老tan看了你的文章获益匪浅阿 ,我现在也在搞.net呵呵,下次到你的论坛去看看是不是你的ccl都改成了.net写的了 老tan下次多出点.net的
2006-11-27 17:11
0
angelcom
雪    币: 205
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
15
太激动了 我刚好开始学习IL 看到如此好文 获益匪浅啊
2007-3-3 20:12
0
oooooooo
雪    币: 207
活跃值: (12)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
16
谢谢楼主,学习,学习...
2007-3-5 01:50
0
windtrace
雪    币: 4441
活跃值: (805)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
17
楼主太猛了,这文章不是我这级别的人看的
2007-3-5 16:42
0
widesoft
雪    币: 179
活跃值: (26)
能力值: ( LV5,RANK:75 )
在线值:
发帖
回帖
粉丝
私信
18
顶。。学习中
2007-3-6 11:53
0
鸡蛋壳
雪    币: 427
活跃值: (412)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
19
反过来数据结构可以写出效率很好的混淆.
2007-3-6 17:18
0
claudedb
雪    币: 221
活跃值: (10)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
20
使用deflowob进行反混淆从来没有成功过


就算是对本文提供的crakeme也一样

都是出现
“Error occurs when optimise
Error Msg is:
System.ArgumentOutOfRangeException: 索引超出范围。必须为非负值并小于集合大小。
参数名: index
   在 System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)
   在 System.ThrowHelper.ThrowArgumentOutOfRangeException()
   在 System.Collections.Generic.List`1.get_Item(Int32 index)
   在 DeFlowOb.DeFlow.SecondOptimise(ILNode ilnode)”

这样的提示,不知道问题出在哪……
2007-5-28 16:36
0
tankaiha
雪    币: 5275
活跃值: (456)
能力值: (RANK:1170 )
在线值:
发帖
回帖
粉丝
私信
21
当初只为试验,没有采用完整的编译代码,因此对输入的IL要求比较严格。

现在这个程序不再更新,小组的dreaman正在利用椎栈机编写.net的反编译和反混淆软件。

:)
2007-5-28 20:44
0
claudedb
雪    币: 221
活跃值: (10)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
22
那么应该按照什么格式才可以?
问题是直接使用crackme的程序都不行啊

dreaman写的东西有打算公开么?
这种软件还是比较有用处的
2007-5-29 10:47
0
tankaiha
雪    币: 5275
活跃值: (456)
能力值: (RANK:1170 )
在线值:
发帖
回帖
粉丝
私信
23
他最近忙得没空写吧

输入格式要求:
1、纯IL代码,不加方法头和括号
2、不支持try catch等
3、多行代码合并成一行写
如: call method1(int32,
                  string)

写在一行里 call method1(int32,string)

试试,应该差不多了。
2007-5-29 18:36
0
claudedb
雪    币: 221
活跃值: (10)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
24
就是对你例子中说的x85601834555fb7d5()

我使用如下的il码不行
L_0000: ldarg.0 
L_0001: newobj instance void [System.Windows.Forms]System.Windows.Forms.TextBox::.ctor()
L_0006: stfld class [System.Windows.Forms]System.Windows.Forms.TextBox crackme1.Form1::x3d9c937c1f3cf311
L_000b: ldc.i4 -1
L_0010: brtrue L_0652
L_0015: ldc.i4.0 
L_0016: brtrue L_02d0
L_001b: ldarg.0 
L_001c: ldc.i4.0 
L_001d: call instance void [System.Windows.Forms]System.Windows.Forms.Control::ResumeLayout(bool)
L_0022: ldarg.0 
L_0023: call instance void [System.Windows.Forms]System.Windows.Forms.Control::PerformLayout()
L_0028: br L_0681
L_002d: ldarg.0 
L_002e: ldstr "Form1"
L_0033: call instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_0038: ldarg.0 
L_0039: ldarg.0 
L_003a: ldftn instance void crackme1.Form1::x80c5917e13d6bc71(object, class [mscorlib]System.EventArgs)
L_0040: newobj instance void [mscorlib]System.EventHandler::.ctor(object, native int)
L_0045: call instance void [System.Windows.Forms]System.Windows.Forms.Form::add_Load(class [mscorlib]System.EventHandler)
L_004a: br L_00e1
L_004f: ldarg.0 
L_0050: call instance class [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_0055: ldarg.0 
L_0056: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox crackme1.Form1::x6020c4e7a1cc0f6b
L_005b: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_0060: ldarg.0 
L_0061: call instance class [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_0066: ldarg.0 
L_0067: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox crackme1.Form1::x3d9c937c1f3cf311
L_006c: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_0071: br.s L_00dc
L_0073: ldarg.0 
L_0074: call instance class [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_0079: ldarg.0 
L_007a: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::xf5622c25220a6c23
L_007f: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_0084: ldc.i4.0 
L_0085: brtrue L_0490
L_008a: br.s L_00d7
L_008c: ldarg.0 
L_008d: call instance class [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_0092: ldarg.0 
L_0093: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x9001f8afc870fc4c
L_0098: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_009d: ldc.i4.0 
L_009e: brtrue.s L_00f9
L_00a0: br.s L_00bb
L_00a2: ldc.i4.0 
L_00a3: brtrue L_0578
L_00a8: ldarg.0 
L_00a9: call instance class [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_00ae: ldarg.0 
L_00af: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::xde320a064856d64c
L_00b4: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_00b9: br.s L_008c
L_00bb: br.s L_00d0
L_00bd: ldarg.0 
L_00be: call instance class [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_00c3: ldarg.0 
L_00c4: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x1ae679ea6e03596b
L_00c9: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_00ce: br.s L_00a2
L_00d0: ldc.i4 8
L_00d5: brtrue.s L_0073
L_00d7: br L_004f
L_00dc: br L_002d
L_00e1: ldc.i4 3
L_00e6: brtrue.s L_0102
L_00e8: ldarg.0 
L_00e9: call instance class [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_00ee: ldarg.0 
L_00ef: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x90baa23478571135
L_00f4: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_00f9: ldc.i4 3
L_00fe: brfalse.s L_00e8
L_0100: br.s L_00bd
L_0102: ldc.i4.0 
L_0103: brfalse L_05b0
L_0108: br L_0578
L_010d: ldc.i4.0 
L_010e: brtrue L_04f4
L_0113: ldarg.0 
L_0114: call instance class [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_0119: ldarg.0 
L_011a: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x7e52e8715f121f0d
L_011f: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control/ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_0124: br L_01a6
L_0129: ldarg.0 
L_012a: ldc.i4.1 
L_012b: call instance void [System.Windows.Forms]System.Windows.Forms.ContainerControl::set_AutoScaleMode(valuetype [System.Windows.Forms]System.Windows.Forms.AutoScaleMode)
L_0130: ldarg.0 
L_0131: ldc.i4 0x124
L_0136: ldc.i4 0x9d
L_013b: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32, int32)
L_0140: call instance void [System.Windows.Forms]System.Windows.Forms.Form::set_ClientSize(valuetype [System.Drawing]System.Drawing.Size)
L_0145: br.s L_0181
L_0147: ldarg.0 
L_0148: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x7e52e8715f121f0d
L_014d: ldc.i4.1 
L_014e: callvirt instance void [System.Windows.Forms]System.Windows.Forms.ButtonBase::set_UseVisualStyleBackColor(bool)
L_0153: ldarg.0 
L_0154: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x7e52e8715f121f0d
L_0159: ldarg.0 
L_015a: ldftn instance void crackme1.Form1::x1a515b59dfb2dab9(object, class [mscorlib]System.EventArgs)
L_0160: newobj instance void [mscorlib]System.EventHandler::.ctor(object, native int)
L_0165: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::add_Click(class [mscorlib]System.EventHandler)
L_016a: ldarg.0 
L_016b: ldc.r4 6
L_0170: ldc.r4 12
L_0175: newobj instance void [System.Drawing]System.Drawing.SizeF::.ctor(float32, float32)
L_017a: call instance void [System.Windows.Forms]System.Windows.Forms.ContainerControl::set_AutoScaleDimensions(valuetype [System.Drawing]System.Drawing.SizeF)
L_017f: br.s L_0129
L_0181: br.s L_01a1
L_0183: ldarg.0 
L_0184: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x7e52e8715f121f0d
L_0189: ldc.i4.7 
L_018a: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_018f: ldarg.0 
L_0190: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x7e52e8715f121f0d
L_0195: ldstr "\u5220\u9664\u6ce8\u518c\u4fe1\u606f"
L_019a: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_019f: br.s L_0147
L_01a1: br L_010d
L_01a6: br.s L_01d3
L_01a8: ldarg.0 
L_01a9: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x7e52e8715f121f0d
L_01ae: ldc.i4.s 0x68
L_01b0: ldc.i4.s 0x1b
L_01b2: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32, int32)
L_01b7: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_01bc: ldc.i4 1
L_01c1: brfalse L_02d0
L_01c6: ldc.i4.0 
L_01c7: brtrue L_04e0
L_01cc: ldc.i4 -2
L_01d1: brtrue.s L_0183
L_01d3: ldc.i4.0 
L_01d4: brfalse L_0283
L_01d9: br L_025f
L_01de: ldarg.0 
L_01df: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x7e52e8715f121f0d
L_01e4: ldstr "button3"
L_01e9: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_01ee: br.s L_025d
L_01f0: ldarg.0 
L_01f1: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x90baa23478571135
L_01f6: ldc.i4.6 
L_01f7: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_01fc: ldarg.0 
L_01fd: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x90baa23478571135
L_0202: ldstr "Crackme No.1 By Inraining"
L_0207: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_020c: ldarg.0 
L_020d: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x7e52e8715f121f0d
L_0212: ldc.i4 0xb7
L_0217: ldc.i4.s 0x77
L_0219: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32, int32)
L_021e: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_0223: br.s L_0258
L_0225: ldarg.0 
L_0226: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x90baa23478571135
L_022b: ldstr "label3"
L_0230: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_0235: ldarg.0 
L_0236: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x90baa23478571135
L_023b: ldc.i4 0x9b
L_0240: ldc.i4.s 12
L_0242: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32, int32)
L_0247: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_024c: ldc.i4 1
L_0251: brfalse L_03ca
L_0256: br.s L_01f0
L_0258: br L_01de
L_025d: br.s L_027d
L_025f: ldc.i4 0xff
L_0264: brfalse L_01de
L_0269: ldarg.0 
L_026a: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x90baa23478571135
L_026f: ldc.i4.7 
L_0270: ldc.i4.5 
L_0271: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32, int32)
L_0276: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_027b: br.s L_0225
L_027d: ldc.i4.0 
L_027e: brfalse L_01a8
L_0283: ldc.i4 0xff
L_0288: brtrue L_05ab
L_028d: br L_0578
L_0292: ldarg.0 
L_0293: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x1ae679ea6e03596b
L_0298: ldarg.0 
L_0299: ldftn instance void crackme1.Form1::xe6ce85794560f647(object, class [mscorlib]System.EventArgs)
L_029f: newobj instance void [mscorlib]System.EventHandler::.ctor(object, native int)
L_02a4: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::add_Click(class [mscorlib]System.EventHandler)
L_02a9: ldc.i4.0 
L_02aa: brtrue.s L_02d0
L_02ac: ldarg.0 
L_02ad: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x90baa23478571135
L_02b2: ldc.i4.1 
L_02b3: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_AutoSize(bool)
L_02b8: ldc.i4 1
L_02bd: brtrue.s L_02ce
L_02bf: ldarg.0 
L_02c0: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x1ae679ea6e03596b
L_02c5: ldc.i4.1 
L_02c6: callvirt instance void [System.Windows.Forms]System.Windows.Forms.ButtonBase::set_UseVisualStyleBackColor(bool)
L_02cb: ldc.i4.0 
L_02cc: brfalse.s L_0292
L_02ce: br.s L_02e3
L_02d0: ldarg.0 
L_02d1: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x1ae679ea6e03596b
L_02d6: ldstr "\u53d6\u6d88"
L_02db: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_02e0: ldc.i4.0 
L_02e1: brfalse.s L_02bf
L_02e3: ldc.i4 0xff
L_02e8: brtrue.s L_02f7
L_02ea: ldc.i4 15
L_02ef: brfalse L_05c8
L_02f4: ldc.i4.0 
L_02f5: brfalse.s L_02d0
L_02f7: ldc.i4.0 
L_02f8: brfalse L_04d1
L_02fd: br L_04ae
L_0302: ldarg.0 
L_0303: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x1ae679ea6e03596b
L_0308: ldc.i4.s 0x3b
L_030a: ldc.i4.s 0x1b
L_030c: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32, int32)
L_0311: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_0316: ldarg.0 
L_0317: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x1ae679ea6e03596b
L_031c: ldc.i4.5 
L_031d: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_0322: br.s L_038d
L_0324: ldarg.0 
L_0325: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x1ae679ea6e03596b
L_032a: ldstr "button2"
L_032f: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_0334: br.s L_0388
L_0336: ldarg.0 
L_0337: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::xde320a064856d64c
L_033c: ldc.i4.1 
L_033d: callvirt instance void [System.Windows.Forms]System.Windows.Forms.ButtonBase::set_UseVisualStyleBackColor(bool)
L_0342: ldarg.0 
L_0343: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::xde320a064856d64c
L_0348: ldarg.0 
L_0349: ldftn instance void crackme1.Form1::x328c0b730b0ebcd7(object, class [mscorlib]System.EventArgs)
L_034f: newobj instance void [mscorlib]System.EventHandler::.ctor(object, native int)
L_0354: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::add_Click(class [mscorlib]System.EventHandler)
L_0359: ldarg.0 
L_035a: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x1ae679ea6e03596b
L_035f: ldc.i4.s 0x67
L_0361: ldc.i4.s 120
L_0363: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32, int32)
L_0368: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_036d: br.s L_0381
L_036f: ldarg.0 
L_0370: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::xde320a064856d64c
L_0375: ldstr "\u786e\u5b9a"
L_037a: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_037f: br.s L_0336
L_0381: ldc.i4 15
L_0386: brtrue.s L_0324
L_0388: br L_0302
L_038d: br.s L_03e3
L_038f: ldarg.0 
L_0390: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::xde320a064856d64c
L_0395: ldc.i4.4 
L_0396: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_039b: ldc.i4 0x7fffffff
L_03a0: brfalse.s L_0342
L_03a2: br.s L_03de
L_03a4: ldc.i4.0 
L_03a5: brtrue L_02bf
L_03aa: ldc.i4 -2
L_03af: brfalse L_0084
L_03b4: ldarg.0 
L_03b5: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::xde320a064856d64c
L_03ba: ldc.i4.s 0x35
L_03bc: ldc.i4.s 0x1c
L_03be: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32, int32)
L_03c3: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_03c8: br.s L_03dc
L_03ca: ldarg.0 
L_03cb: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::xde320a064856d64c
L_03d0: ldstr "button1"
L_03d5: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_03da: br.s L_03a4
L_03dc: br.s L_038f
L_03de: br L_036f
L_03e3: ldc.i4 -2
L_03e8: brtrue L_04cc
L_03ed: ldc.i4.0 
L_03ee: brfalse L_04ae
L_03f3: br.s L_041b
L_03f5: ldarg.0 
L_03f6: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x9001f8afc870fc4c
L_03fb: ldstr "Password:"
L_0400: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_0405: ldarg.0 
L_0406: ldfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::xde320a064856d64c
L_040b: ldc.i4.s 0x20
L_040d: ldc.i4.s 0x77
L_040f: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32, int32)
L_0414: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_0419: br.s L_0443
L_041b: ldarg.0 
L_041c: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x9001f8afc870fc4c
L_0421: ldc.i4.s 0x3b
L_0423: ldc.i4.s 12
L_0425: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32, int32)
L_042a: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_042f: ldarg.0 
L_0430: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x9001f8afc870fc4c
L_0435: ldc.i4.3 
L_0436: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_043b: ldc.i4.0 
L_043c: brtrue L_00bd
L_0441: br.s L_03f5
L_0443: br L_04c2
L_0448: ldarg.0 
L_0449: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x9001f8afc870fc4c
L_044e: ldstr "label2"
L_0453: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_0458: br.s L_04bd
L_045a: ldarg.0 
L_045b: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x9001f8afc870fc4c
L_0460: ldc.i4.1 
L_0461: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_AutoSize(bool)
L_0466: ldarg.0 
L_0467: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x9001f8afc870fc4c
L_046c: ldc.i4.s 0x26
L_046e: ldc.i4.s 0x4f
L_0470: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32, int32)
L_0475: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_047a: br.s L_04b8
L_047c: ldarg.0 
L_047d: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::xf5622c25220a6c23
L_0482: ldc.i4.s 0x3b
L_0484: ldc.i4.s 12
L_0486: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32, int32)
L_048b: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_0490: ldarg.0 
L_0491: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::xf5622c25220a6c23
L_0496: ldc.i4.2 
L_0497: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_049c: ldarg.0 
L_049d: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::xf5622c25220a6c23
L_04a2: ldstr "Username:"
L_04a7: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_04ac: br.s L_04b6
L_04ae: ldc.i4.0 
L_04af: brtrue L_055b
L_04b4: br.s L_047c
L_04b6: br.s L_045a
L_04b8: br L_0448
L_04bd: br L_041b
L_04c2: ldc.i4 -2147483648
L_04c7: brtrue L_03ca
L_04cc: br L_02ea
L_04d1: ldc.i4.0 
L_04d2: brfalse.s L_0506
L_04d4: ldarg.0 
L_04d5: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::xf5622c25220a6c23
L_04da: ldc.i4.1 
L_04db: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_AutoSize(bool)
L_04e0: ldarg.0 
L_04e1: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::xf5622c25220a6c23
L_04e6: ldc.i4.s 0x26
L_04e8: ldc.i4.s 40
L_04ea: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32, int32)
L_04ef: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_04f4: ldarg.0 
L_04f5: ldfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::xf5622c25220a6c23
L_04fa: ldstr "label1"
L_04ff: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_0504: br.s L_04ae
L_0506: br L_05a6
L_050b: ldarg.0 
L_050c: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox crackme1.Form1::x6020c4e7a1cc0f6b
L_0511: ldc.i4.1 
L_0512: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_0517: br L_059c
L_051c: ldarg.0 
L_051d: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox crackme1.Form1::x6020c4e7a1cc0f6b
L_0522: ldstr "textBox2"
L_0527: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_052c: ldarg.0 
L_052d: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox crackme1.Form1::x6020c4e7a1cc0f6b
L_0532: ldc.i4 0xb8
L_0537: ldc.i4.s 0x15
L_0539: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32, int32)
L_053e: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_0543: br.s L_0571
L_0545: ldarg.0 
L_0546: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox crackme1.Form1::x3d9c937c1f3cf311
L_054b: ldc.i4.0 
L_054c: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_0551: ldc.i4 2
L_0556: brfalse L_0073
L_055b: ldarg.0 
L_055c: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox crackme1.Form1::x6020c4e7a1cc0f6b
L_0561: ldc.i4.s 0x67
L_0563: ldc.i4.s 70
L_0565: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32, int32)
L_056a: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_056f: br.s L_051c
L_0571: ldc.i4 0xff
L_0576: brtrue.s L_0596
L_0578: ldarg.0 
L_0579: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox crackme1.Form1::x3d9c937c1f3cf311
L_057e: ldc.i4 0xb9
L_0583: ldc.i4.s 0x15
L_0585: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32, int32)
L_058a: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_058f: ldc.i4 8
L_0594: brtrue.s L_0545
L_0596: ldc.i4.0 
L_0597: brfalse L_050b
L_059c: ldc.i4 0x7fffffff
L_05a1: brtrue L_04d4
L_05a6: br L_025f
L_05ab: br L_00e8
L_05b0: br L_067c
L_05b5: ldarg.0 
L_05b6: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox crackme1.Form1::x3d9c937c1f3cf311
L_05bb: ldstr "textBox1"
L_05c0: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_05c5: ldc.i4.0 
L_05c6: brfalse.s L_05ef
L_05c8: ldarg.0 
L_05c9: newobj instance void [System.Windows.Forms]System.Windows.Forms.Button::.ctor()
L_05ce: stfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x7e52e8715f121f0d
L_05d3: ldarg.0 
L_05d4: call instance void [System.Windows.Forms]System.Windows.Forms.Control::SuspendLayout()
L_05d9: ldarg.0 
L_05da: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox crackme1.Form1::x3d9c937c1f3cf311
L_05df: ldc.i4.s 0x67
L_05e1: ldc.i4.s 0x1f
L_05e3: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32, int32)
L_05e8: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_05ed: br.s L_05b5
L_05ef: ldc.i4.0 
L_05f0: brfalse.s L_05ff
L_05f2: ldarg.0 
L_05f3: newobj instance void [System.Windows.Forms]System.Windows.Forms.Label::.ctor()
L_05f8: stfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x90baa23478571135
L_05fd: br.s L_05c8
L_05ff: br L_0677
L_0604: ldc.i4 -2147483648
L_0609: brfalse.s L_05d3
L_060b: ldarg.0 
L_060c: newobj instance void [System.Windows.Forms]System.Windows.Forms.Button::.ctor()
L_0611: stfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::xde320a064856d64c
L_0616: ldarg.0 
L_0617: newobj instance void [System.Windows.Forms]System.Windows.Forms.Button::.ctor()
L_061c: stfld class [System.Windows.Forms]System.Windows.Forms.Button crackme1.Form1::x1ae679ea6e03596b
L_0621: ldc.i4.0 
L_0622: brfalse.s L_0632
L_0624: ldc.i4.0 
L_0625: brtrue L_0113
L_062a: ldc.i4.0 
L_062b: brtrue L_02bf
L_0630: br.s L_0604
L_0632: br.s L_066d
L_0634: ldc.i4.0 
L_0635: brtrue L_0490
L_063a: ldarg.0 
L_063b: newobj instance void [System.Windows.Forms]System.Windows.Forms.Label::.ctor()
L_0640: stfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::x9001f8afc870fc4c
L_0645: ldc.i4.0 
L_0646: brtrue L_0342
L_064b: ldc.i4 0xff
L_0650: brtrue.s L_066a
L_0652: ldarg.0 
L_0653: newobj instance void [System.Windows.Forms]System.Windows.Forms.TextBox::.ctor()
L_0658: stfld class [System.Windows.Forms]System.Windows.Forms.TextBox crackme1.Form1::x6020c4e7a1cc0f6b
L_065d: ldarg.0 
L_065e: newobj instance void [System.Windows.Forms]System.Windows.Forms.Label::.ctor()
L_0663: stfld class [System.Windows.Forms]System.Windows.Forms.Label crackme1.Form1::xf5622c25220a6c23
L_0668: br.s L_0634
L_066a: ldc.i4.0 
L_066b: brfalse.s L_0624
L_066d: ldc.i4 0x7fffffff
L_0672: brtrue L_05f2
L_0677: br L_0578
L_067c: br L_0015
L_0681: ret
2007-5-30 08:51
0
claudedb
雪    币: 221
活跃值: (10)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
25
补充说明下:

论坛上自动分行了
实际上是不分行的
2007-5-30 08:56
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//