首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 社区
  2. 软件逆向
    3. 发新帖
[求助]怪异语言PowerBASIC/Win 8.00写出来的软件(智取数字3)
发表于: 2006-12-11 15:24 8999

[求助]怪异语言PowerBASIC/Win 8.00写出来的软件(智取数字3)

ehjxld 活跃值
2006-12-11 15:24
8999
用peid检测为aspack2.12加壳 ESP脱壳后。显示为PowerBASIC/Win 8.00

不知道这种语言写的程序干如何下手。破解!

找了下百度等搜索都没找到相关资料!!

软件下载地址:
http://www.qshxgzs.com/download.asp

怪异语言PowerBASIC/Win 8.00写出来的软件(智取数字3)

[课程]Android-CTF解题方法汇总!

收藏
免费 0
支持
分享
最新回复 (11)
caierhuan
雪    币: 279
活跃值: (60)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
私信
2
ASPack 2.12 -> Alexey Solodovnikov
+
VFP加密
PowerBASIC/Win 8.00显示不对
2007-2-14 22:44
0
yunfeng
雪    币: 269
活跃值: (51)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
3
最初由 caierhuan 发布
ASPack 2.12 -> Alexey Solodovnikov
+
VFP加密
PowerBASIC/Win 8.00显示不对

请教一下,你是怎样看出来是用VFP加密的?
2007-2-15 20:42
0
bfqyygy
雪    币: 338
活跃值: (10)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
4
网络验证.要爆有些不太现实!
2007-2-15 22:30
0
forgot
雪    币: 6075
活跃值: (2236)
能力值: (RANK:1060 )
在线值:
发帖
回帖
粉丝
私信
5
这语言好像是明哥哥的
2007-2-15 22:51
0
wwzc
雪    币: 224
活跃值: (33)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
6
部分主文件代码
SET SYSMENU TO
_SCREEN. = ""
SET TALK OFF
SET ESCAPE OFF
SET SAFETY OFF
SET NOTIFY OFF
SET DEBUG OFF
SET ECHO OFF
SET DELETED ON
SET CENTURY ON
SET DATE YMD
SET EXCLUSIVE OFF
= "help.chm"
IF FILE()
   set help to &helpfile
ELSE
   SET HELP OFF
ENDIF
IF FILE("b.txt")
   ERASE b.txt
ENDIF
SET CLOCK STATUS
SET HOURS TO 24
SET CLASSLIB TO cplibs ADDITIVE
SET PROCEDURE TO sys_prog , tool_prog , sys_prog , cp_prog  ADDITIVE
_SCREEN. = .T.
_SCREEN. = "cp3.ico"
= SYS(2023)
= SYS(2023)
= SYS(2023)
= SYS(2023)
ON ERROR do ERRORMSG with error(),program(),mes????
2007-2-19 12:08
0
china
雪    币: 3515
活跃值: (4042)
能力值: (RANK:215 )
在线值:
发帖
回帖
粉丝
私信
7
语言好像不是明明的,本来就有这个POWEBASIC吧,以前明明给偶介绍过。
2007-2-19 12:15
0
wwzc
雪    币: 224
活跃值: (33)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
8
有人要全部就发出来了、
是用powerbasic写的加密软件加密的具体是那一种看不出来。SET SYSMENU TO
_SCREEN.caption = ""
SET TALK OFF
SET ESCAPE OFF
SET SAFETY OFF
SET NOTIFY OFF
SET DEBUG OFF
SET ECHO OFF
SET DELETED ON
SET CENTURY ON
SET DATE YMD
SET EXCLUSIVE OFF
helpfile = "help.chm"
IF FILE(HELPFILE)
   set help to &helpfile
ELSE
   SET HELP OFF
ENDIF
IF FILE("b.txt")
   ERASE b.txt
ENDIF
SET CLOCK STATUS
SET HOURS TO 24
SET CLASSLIB TO cplibs ADDITIVE
SET PROCEDURE TO sys_prog , tool_prog , sys_prog , cp_prog  ADDITIVE
_SCREEN.autocenter = .T.
_SCREEN.icon = "cp3.ico"
tmpfiles = SYS(2023)
sortwork = SYS(2023)
progwork = SYS(2023)
editwork = SYS(2023)
ON ERROR do ERRORMSG with error(),program(),message(),message(1),lineno()
ON SHUTDOWN do shutdown
DO sys_mem
ccurrentprocedure = SYS(16,1)
npathstart = AT(":",CCURRENTPROCEDURE)-1
nlenofpath = RAT("\",CCURRENTPROCEDURE)-(NPATHSTART)
SET DEFAULT TO (SUBSTR(CCURRENTPROCEDURE,NPATHSTART,NLENOFPATH))
IF NOT FILE("reg.ini")
   RUN /n REGSVR32 /s '"'+curdir()+'teechart.ocx"'
ENDIF
maincaption = SHOW_SOFTNAME
DECLARE INTEGER FindWindow IN win32api STRING, STRING
hwnd = FINDWINDOW(0,MAINCAPTION)
IF HWND <> 0
   _SCREEN.caption = MAINCAPTION
   MESSAGEBOX("    本程序已经运行或已存在后台进程,请查看任务栏及查看系统进程!",64,"消息")
   ON SHUTDOWN quit
   QUIT
   RETURN .F.
ENDIF
_SCREEN.caption = MAINCAPTION
SET PATH TO dat
DO checkzc
DO checkdb
sysmsg = "『欢迎使用《智取数字3》软件』"
DO FORM oldface NAME oldface
DO getuserset
DO o_welcome WITH u_welcome,""
IF NOT U_WELCOME
   SET CURSOR OFF
   INKEY(1)
   SET CURSOR ON
ENDIF
_SCREEN.windowstate = 2
_SCREEN.visible = .T.
SET MESSAGE TO SYSMSG
DO MAINMENU.mpr
DO toolbars
IF NOT U_WELCOME
   SET CURSOR OFF
   INKEY(1)
   SET CURSOR ON
ENDIF
startform.release
RELEASE startform,loginform
SET MESSAGE TO SYSMSG
IF S_AUTODOWN
   DO getonline
ENDIF
IF S_NEEDPWD
   DO showform WITH "loginpwd"
ENDIF
IF KJDATA_F????
   DO getonline
ENDIF
IF VAL((.F.,)) < 1
   MESSAGEBOX("暂时无法使用软件,您的软件可能遇到以下情况之一:"+CHR(13)+CHR(13)+"    1、您试用本软件超过30天,请在注册后使用本软件,增加试用请联系博众网。"+CHR(13)+"    2、您可能重装了操作系统,请重新输入我们分配给您的验证码进行注册验证。"+CHR(13)+"    3、您可能购买的是限时版,软件使用期限已到,请续费后再继续使用。"+CHR(13)+"    4、其他未知原因,请与博众网(www.qshx.com)联系处理。",64,"消息")
    = "12345"
    = "12345"
    = "12345"
    = "12345"
    = "12345"
    = ""
   ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","regcode1",)
   ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","regcode2",)
   ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","regcode3",)
   ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","regcode4",)
   ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","regcode5",)
   ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","systemnum",)
    = "0"
   ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","regcode6",)
   IF FILE("reg.ini")
      ERASE reg.ini
   ENDIF
   DO showform WITH "reginfo2"
   ON SHUTDOWN quit
   QUIT
ENDIF
ON ERROR do ERRORMSG with error(),program(),message(),message(1),lineno()
READ EVENTS
2007-2-19 19:53
0
dmdmdm
雪    币: 204
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
9
反编译是错的
2007-2-21 00:46
0
wwzc
雪    币: 224
活跃值: (33)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
10
引用   反编译是错的。
由于水平有限,还请dmdmdm指正。
2007-2-21 11:11
0
dmdmdm
雪    币: 204
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
11
可能是你fxp的原因,我也只能从内存中抓出部分代码.
IF VAL(JM(.F., R_NUM6))<1
MESSAGEBOX('暂时无法使用软件,您的软件可能遇到以下情况之一:'+CHR(13)+CHR(13)+'    1、您试用本软件超过30天,请在注册后使用本软件,增加试用请联系博众网。'+CHR(13)+'    2、您可能重装了操作系统,请重新输入我们分配给您的验证码进行注册验证。'+CHR(13)+'    3、您可能购买的是限时版,软件使用期限已到,请续费后再继续使用。'+CHR(13)+'    4、其他未知原因,请与博众网(www.qshx.com)联系处理。', 64, '消息')
R_NUM1 = JM(.T., '12345')
R_NUM2 = JM(.T., '12345')
R_NUM3 = JM(.T., '12345')
R_NUM4 = JM(.T., '12345')
R_NUM5 = JM(.T., '12345')
R_YZM = JM(.T., '')
REG_CZ('write', 'SOFTWARE\Microsoft\Windows\CurrentVersion\Setup', 'regcode1', R_NUM1)
REG_CZ('write', 'SOFTWARE\Microsoft\Windows\CurrentVersion\Setup', 'regcode2', R_NUM2)
REG_CZ('write', 'SOFTWARE\Microsoft\Windows\CurrentVersion\Setup', 'regcode3', R_NUM3)
REG_CZ('write', 'SOFTWARE\Microsoft\Windows\CurrentVersion\Setup', 'regcode4', R_NUM4)
REG_CZ('write', 'SOFTWARE\Microsoft\Windows\CurrentVersion\Setup', 'regcode5', R_NUM5)
REG_CZ('write', 'SOFTWARE\Microsoft\Windows\CurrentVersion\Setup', 'systemnum', R_YZM)
R_NUM6 = JM(.T., "0")
2007-2-21 11:51
0
wwzc
雪    币: 224
活跃值: (33)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
12
说得对前面脱壳时中间有24字节的垃圾串。
正确的prg应该是这样的。
SET SYSMENU TO
_SCREEN.caption = ""
SET TALK OFF
SET ESCAPE OFF
SET SAFETY OFF
SET NOTIFY OFF
SET DEBUG OFF
SET ECHO OFF
SET DELETED ON
SET CENTURY ON
SET DATE YMD
SET EXCLUSIVE OFF
helpfile = "help.chm"
IF FILE(HELPFILE)
   set help to &helpfile
ELSE
   SET HELP OFF
ENDIF
IF FILE("b.txt")
   ERASE b.txt
ENDIF
SET CLOCK STATUS
SET HOURS TO 24
SET CLASSLIB TO cplibs ADDITIVE
SET PROCEDURE TO sys_prog , tool_prog , sys_prog , cp_prog  ADDITIVE
_SCREEN.autocenter = .T.
_SCREEN.icon = "cp3.ico"
tmpfiles = SYS(2023)
sortwork = SYS(2023)
progwork = SYS(2023)
editwork = SYS(2023)
ON ERROR do ERRORMSG with error(),program(),message(),message(1),lineno()
ON KEY LABEL F12 DO FULL_SCREEN.PRG
ON SHUTDOWN do shutdown
DO sys_mem
ccurrentprocedure = SYS(16,1)
npathstart = AT(":",CCURRENTPROCEDURE)-1
nlenofpath = RAT("\",CCURRENTPROCEDURE)-(NPATHSTART)
SET DEFAULT TO (SUBSTR(CCURRENTPROCEDURE,NPATHSTART,NLENOFPATH))
IF NOT FILE("reg.ini")
   RUN /n REGSVR32 /s '"'+curdir()+'teechart.ocx"'
ENDIF
maincaption = SHOW_SOFTNAME
DECLARE INTEGER FindWindow IN win32api STRING, STRING
hwnd = FINDWINDOW(0,MAINCAPTION)
IF HWND <> 0
   _SCREEN.caption = MAINCAPTION
   MESSAGEBOX("    本程序已经运行或已存在后台进程,请查看任务栏及查看系统进程!",64,"消息")
   ON SHUTDOWN quit
   QUIT
   RETURN .F.
ENDIF
_SCREEN.caption = MAINCAPTION
SET PATH TO dat
DO checkzc
DO checkdb
sysmsg = "『欢迎使用《智取数字3》软件』"
DO FORM oldface NAME oldface
DO getuserset
DO o_welcome WITH u_welcome,""
IF NOT U_WELCOME
   SET CURSOR OFF
   INKEY(1)
   SET CURSOR ON
ENDIF
_SCREEN.windowstate = 2
_SCREEN.visible = .T.
SET MESSAGE TO SYSMSG
DO MAINMENU.mpr
DO toolbars
IF NOT U_WELCOME
   SET CURSOR OFF
   INKEY(1)
   SET CURSOR ON
ENDIF
startform.release
RELEASE startform,loginform
SET MESSAGE TO SYSMSG
IF S_AUTODOWN
   DO getonline
ENDIF
IF S_NEEDPWD
   DO showform WITH "loginpwd"
ENDIF
IF KJDATA_FIRSTTIME
   DO getonline
ENDIF
IF VAL(JM(.F.,R_NUM6)) < 1
   MESSAGEBOX("暂时无法使用软件,您的软件可能遇到以下情况之一:"+CHR(13)+CHR(13)+"    1、您试用本软件超过30天,请在注册后使用本软件,增加试用请联系博众网。"+CHR(13)+"    2、您可能重装了操作系统,请重新输入我们分配给您的验证码进行注册验证。"+CHR(13)+"    3、您可能购买的是限时版,软件使用期限已到,请续费后再继续使用。"+CHR(13)+"    4、其他未知原因,请与博众网(www.qshx.com)联系处理。",64,"消息")
   r_num1 = jm(.T.,"12345")
   r_num2 = jm(.T.,"12345")
   r_num3 = jm(.T.,"12345")
   r_num4 = jm(.T.,"12345")
   r_num5 = jm(.T.,"12345")
   r_yzm = jm(.T.,"")
   REG_CZ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","regcode1",R_NUM1)
   REG_CZ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","regcode2",R_NUM2)
   REG_CZ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","regcode3",R_NUM3)
   REG_CZ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","regcode4",R_NUM4)
   REG_CZ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","regcode5",R_NUM5)
   REG_CZ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","systemnum",R_YZM)
   r_num6 = jm(.T.,"0")
   REG_CZ("write","SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","regcode6",R_NUM6)
   IF FILE("reg.ini")
      ERASE reg.ini
   ENDIF
   DO showform WITH "reginfo2"
   ON SHUTDOWN quit
   QUIT
ENDIF
ON ERROR do ERRORMSG with error(),program(),message(),message(1),lineno()
READ EVENTS
没有权限。fxp文件无法上传
2007-2-21 12:08
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//