能力值:
( LV2,RANK:10 )
|
-
-
2 楼
好大,就看看,看看
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
嗯,跟上次一个样。点过没反应!~~那情形别提多像木马了…………
0040899A >/$ 55 push ebp
0040899B |. 8BEC mov ebp, esp
0040899D |. 6A FF push -1
0040899F |. 68 40D34000 push 0040D340
004089A4 |. 68 D28A4000 push <jmp.&msvcrt._except_handler3> ; SE 处理程序安装
004089A9 |. 64:A1 0000000>mov eax, dword ptr fs:[0]
004089AF |. 50 push eax
004089B0 |. 64:8925 00000>mov dword ptr fs:[0], esp
004089B7 |. 83EC 20 sub esp, 20
004089BA |. 53 push ebx
004089BB |. 56 push esi
004089BC |. 57 push edi
004089BD |. 8965 E8 mov dword ptr [ebp-18], esp
004089C0 |. 8365 FC 00 and dword ptr [ebp-4], 0
004089C4 |. 6A 01 push 1
004089C6 |. FF15 A0C14000 call dword ptr [<&msvcrt.__set_app_ty>; msvcrt.__set_app_type
004089CC |. 59 pop ecx
004089CD |. 830D ACF84000>or dword ptr [40F8AC], FFFFFFFF
004089D4 |. 830D B0F84000>or dword ptr [40F8B0], FFFFFFFF
004089DB |. FF15 ACC14000 call dword ptr [<&msvcrt.__p__fmode>] ; msvcrt.__p__fmode
004089E1 |. 8B0D B4F74000 mov ecx, dword ptr [40F7B4]
004089E7 |. 8908 mov dword ptr [eax], ecx
004089E9 |. FF15 A8C14000 call dword ptr [<&msvcrt.__p__commode>; msvcrt.__p__commode
004089EF |. 8B0D B0F74000 mov ecx, dword ptr [40F7B0]
004089F5 |. 8908 mov dword ptr [eax], ecx
004089F7 |. A1 8CC14000 mov eax, dword ptr [<&msvcrt._adjust>
004089FC |. 8B00 mov eax, dword ptr [eax]
004089FE |. A3 A8F84000 mov dword ptr [40F8A8], eax
00408A03 |. E8 C9000000 call 00408AD1
00408A08 |. 833D 90E24000>cmp dword ptr [40E290], 0
00408A0F |. 75 0C jnz short 00408A1D
00408A11 |. 68 CE8A4000 push 00408ACE
00408A16 |. FF15 A4C14000 call dword ptr [<&msvcrt.__setusermat>; msvcrt.__setusermatherr
00408A1C |. 59 pop ecx
00408A1D |> E8 9A000000 call 00408ABC
00408A22 |. 68 0CE04000 push 0040E00C
00408A27 |. 68 08E04000 push 0040E008
00408A2C |. E8 85000000 call <jmp.&msvcrt._initterm>
00408A31 |. A1 ACF74000 mov eax, dword ptr [40F7AC]
00408A36 |. 8945 D8 mov dword ptr [ebp-28], eax
00408A39 |. 8D45 D8 lea eax, dword ptr [ebp-28]
00408A3C |. 50 push eax
00408A3D |. FF35 A8F74000 push dword ptr [40F7A8]
00408A43 |. 8D45 E0 lea eax, dword ptr [ebp-20]
00408A46 |. 50 push eax
00408A47 |. 8D45 D4 lea eax, dword ptr [ebp-2C]
00408A4A |. 50 push eax
00408A4B |. 8D45 E4 lea eax, dword ptr [ebp-1C]
00408A4E |. 50 push eax
00408A4F |. FF15 9CC14000 call dword ptr [<&msvcrt.__getmainarg>; msvcrt.__getmainargs
00408A55 |. 68 04E04000 push 0040E004
00408A5A |. 68 00E04000 push 0040E000
00408A5F |. E8 52000000 call <jmp.&msvcrt._initterm>
00408A64 |. FF15 98C14000 call dword ptr [<&msvcrt.__p___initen>; msvcrt.__p___initenv
00408A6A |. 8B4D E0 mov ecx, dword ptr [ebp-20]
00408A6D |. 8908 mov dword ptr [eax], ecx
00408A6F |. FF75 E0 push dword ptr [ebp-20]
00408A72 |. FF75 D4 push dword ptr [ebp-2C]
00408A75 |. FF75 E4 push dword ptr [ebp-1C]
00408A78 |. E8 8385FFFF call 00401000
00408A7D |. 83C4 30 add esp, 30
00408A80 |. 8945 DC mov dword ptr [ebp-24], eax
00408A83 |. 50 push eax ; /status
00408A84 |. FF15 94C14000 call dword ptr [<&msvcrt.exit>] ; \exit
这里竟然有个退出!~怪不得无法运行~
|
能力值:
![]()
(RANK:210 )
|
-
-
5 楼
木马到不是,他perlapp编译的时候没有带上所需的库,
use Prima;
use Prima::Classes;
use Prima::Buttons;
use Prima::InputLine;
package Form1Window;
use vars qw(@ISA);
@ISA = qw(Prima::MainWindow);
sub profile_default
{
my $def = $_[ 0]-> SUPER::profile_default;
my %prf = (
backColor => 0x000000,
origin => [ 692, 427],
name => 'Form1',
sizeMin => [ 509, 110],
font => {name => 'Trebuchet MS', size => 9, style => 0, pitch => fp::Default},
size => [ 509, 118],
sizeMax => [ 509, 110],
sizeDontCare => 0,
taskListed => 0,
onTop => 1,
text => 'Crack Me',
borderIcons => bi::TitleBar,
borderStyle => bs::Single,
originDontCare => 0,
centered => 1,
designScale => [ 6, 13],
);
@$def{keys %prf} = values %prf;
return $def;
}
sub init
{
my $self = shift;
my %instances = map {$_ => {}} qw();
my %profile = $self-> SUPER::init(@_);
my %names = ( q(Form1) => $self);
$self-> lock;
$names{InputLine1} = $names{Form1}-> insert( qq(Prima::InputLine) =>
autoSelect => 1,
origin => [ 4, 50],
name => 'InputLine1',
onChange => sub { $input = $_[0]->text;
$input = crypt(BAGGIO,$input);},
font => {name => 'Trebuchet MS', size => 9, style => 0, pitch => fp::Variable},
size => [ 500, 54],
maxLen => 150,
text => 'Crack Me',
alignment => ta::Center,
centered => 0,
);
$names{Button1} = $names{Form1}-> insert( qq(Prima::Button) =>
borderWidth => 9,
text => 'Crack Me',
origin => [ 200, 8],
name => 'Button1',
font => {name => 'Trebuchet MS', size => 9, style => 0, pitch => fp::Variable},
onClick => sub {use Sys::Hostname;
use Socket;
my($_)=inet_ntoa((gethostbyname(hostname))[4]);
@addr = split /\./;
foreach $para (@addr) {
$ip .= "$para";
}
$regcode = $ip ^ 127000;
$regcode = sprintf("%b",$regcode);
$regcode++;
$regcode = crypt(BAGGIO,$regcode);
if($input eq "$regcode"){
use Win32;
Win32::MsgBox("Right!! How Can You Do That", 0, "Winner");
exit;
}else{
exit;
}
},
size => [ 96, 36],
);
$self-> unlock;
return %profile;
}
package Form1Auto;
use Prima::Application;
Form1Window-> create;
run Prima;
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
原来如此。让偶想起了E语言。哈~~
楼上高人的代码是如何得出的呀??偶到目前只会用OD的说。
|
能力值:
( LV2,RANK:10 )
|
-
-
8 楼
...Nooby 大師把代碼都貼出來了,
那有什麼好玩=^=
另外請教一下Nooby,
請問怎樣反編譯PerlApp包裝的PE文件?
實在太強了.
另外,如行避免
"编译的时候没有带上所需的库"?
我只學了大半年Perl, 所以懂得的不多, 請賜教.
為了方便, 用Perl, 結果被高手連代碼也貼了出來==", 下次還是回到C++吧T.T .
|
能力值:
![]()
(RANK:210 )
|
-
-
9 楼
perl是解释语言,perlapp只是把你的perl程序压缩后放在资源里面,执行的时候会解压的。
00405276 |. 83C4 0C |add esp, 0C
00405279 |. 8945 F0 |mov dword ptr [ebp-10], eax
0040527C |. 85C0 |test eax, eax
0040527E |. 0F84 83000000 |je 00405307
00405284 |. 68 5CCF4000 |push 0040CF5C ; ASCII "script"
00405289 |. 50 |push eax
0040528A |. 8B03 |mov eax, dword ptr [ebx]
0040528C |. FF30 |push dword ptr [eax]
0040528E |. E8 CBEFFFFF |call 0040425E
00405293 |. 83C4 0C |add esp, 0C
00405296 |. 8943 24 |mov dword ptr [ebx+24], eax
00405299 |. 85C0 |test eax, eax
0040529B |. 0F84 32020000 |je 004054D3
004052A1 |. 68 50CF4000 |push 0040CF50 ; /s = "hashline"
004052A6 |. FF75 F0 |push dword ptr [ebp-10] ; |/s
004052A9 |. E8 38360000 |call <jmp.&MSVCRT.strlen> ; |\strlen
004052AE |. 8BD8 |mov ebx, eax ; |
004052B0 |. C70424 40CF40>|mov dword ptr [esp], 0040CF40 ; |ASCII "-e#line 1 ""%s"""
004052B7 |. E8 2A360000 |call <jmp.&MSVCRT.strlen> ; \strlen
004052BC |. 59 |pop ecx
004052BD |. 03D8 |add ebx, eax
004052BF |. 53 |push ebx
004052C0 |. E8 46EEFFFF |call 0040410B
这个地方0040528E call 0040425E 就是解压的过程,直接f8过了以后eax里面就是你的源代码了。
对于perlapp包含lib的问题,应该在生成文件的时候添加那些附加的库,否则到别的没perl环境的系统上就啥都不显示了。
|
能力值:
( LV2,RANK:10 )
|
-
-
10 楼
棣主你的PART1 和 PART2 有啥分别呀
下那个才对呀..................
|
能力值:
( LV2,RANK:10 )
|
-
-
12 楼
太有趣了,
現在去用Perl App包幾個Perl程序試試.
謝謝您的指導
請問有沒有比這個更好的方法?
======================================================
在OD按右鍵 >> 'Ultra String Reference' >> 尋找 Uncode >> Ctrl-F >> "script"
======================================================
另外有沒有方法可聯絡您?
|
能力值:
( LV2,RANK:10 )
|
-
-
13 楼
另外我的算法如下,
1> 先取得IP,
2> 把分隔IP段的'.'去掉,再存入變數$regcode
3> 把$regcode 與 127000(就是local 127.0.0.0)進行XOR運算
4> 將$regcode轉作二進制
如何改善這算法?
|
能力值:
( LV2,RANK:10 )
|
-
-
16 楼
貌似有壳UPolyX v0.5,我把它脱了。。 脱壳后大小与原文件相同,咋回事?
|
