能力值:
( LV2,RANK:10 )
|
-
-
2 楼
 不会哈哈
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
我的思路呀~我查看这文件是C#呀~没研究过~
我说说而已~
先用od载入~不管它已经运行了~
嘿嘿~然后用F12暂停法~再加alt+k~
下来自己摸索咯~
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
我试试这样 。。。
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
这下惨了。。。alt+k之后我就不会了。。。水平不够。。。能不能再讲点。。。
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
lz~用net反编译工具~
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
OD可以的 上面高手做过了 。。。可是我水平不够。。。
|
能力值:
( LV2,RANK:10 )
|
-
-
8 楼
再次请教。。。
|
能力值:
( LV2,RANK:10 )
|
-
-
9 楼
.locals init (valuetype [mscorlib]System.DateTime V_0,
string V_1,
string V_2,
string V_3,
string V_4,
string V_5,
string V_6,
bool V_7)
IL_0000: nop
IL_0001: ldloca.s V_0
IL_0003: initobj [mscorlib]System.DateTime
IL_0009: call valuetype [mscorlib]System.DateTime [mscorlib]System.DateTime::get_Now()
IL_000e: stloc.0
IL_000f: ldstr bytearray (97 5B E2 6C 0C FF 60 4F 7D 59 05 5E ) // .[.l..`O}Y.^
IL_0014: call class [mscorlib]System.Text.Encoding [mscorlib]System.Text.Encoding::get_Default()
IL_0019: ldnull
IL_001a: ldnull
IL_001b: call string Kaka.DES::DESEncoder(string,
class [mscorlib]System.Text.Encoding,
uint8[],
uint8[])
IL_0020: stloc.1
IL_0021: ldloc.1
IL_0022: call class [mscorlib]System.Text.Encoding [mscorlib]System.Text.Encoding::get_Default()
IL_0027: ldnull
IL_0028: ldnull
IL_0029: call string Kaka.DES::DESDecoder(string,
class [mscorlib]System.Text.Encoding,
uint8[],
uint8[])
IL_002e: stloc.2
IL_002f: ldstr bytearray (68 51 16 4E 4C 75 BA 4E 11 6C FD 90 E5 77 53 90 // hQ.NLu.N.l...wS.
11 62 2F 66 05 5E E5 54 66 55 ) // .b/f.^.TfU
IL_0034: call class [mscorlib]System.Text.Encoding [mscorlib]System.Text.Encoding::get_Default()
IL_0039: ldnull
IL_003a: ldnull
IL_003b: call string Kaka.DES::DESEncoder(string,
class [mscorlib]System.Text.Encoding,
uint8[],
uint8[])
IL_0040: stloc.3
IL_0041: ldloc.3
IL_0042: call class [mscorlib]System.Text.Encoding [mscorlib]System.Text.Encoding::get_Default()
IL_0047: ldnull
IL_0048: ldnull
IL_0049: call string Kaka.DES::DESDecoder(string,
class [mscorlib]System.Text.Encoding,
uint8[],
uint8[])
IL_004e: stloc.s V_4
IL_0050: ldloca.s V_0
IL_0052: constrained. [mscorlib]System.DateTime
IL_0058: callvirt instance string [mscorlib]System.Object::ToString()
IL_005d: call class [mscorlib]System.Text.Encoding [mscorlib]System.Text.Encoding::get_Default()
IL_0062: ldnull
IL_0063: ldnull
IL_0064: call string Kaka.DES::DESEncoder(string,
class [mscorlib]System.Text.Encoding,
uint8[],
uint8[])
IL_0069: stloc.s V_5
IL_006b: ldloc.s V_5
IL_006d: call class [mscorlib]System.Text.Encoding [mscorlib]System.Text.Encoding::get_Default()
IL_0072: ldnull
IL_0073: ldnull
IL_0074: call string Kaka.DES::DESEncoder(string,
class [mscorlib]System.Text.Encoding,
uint8[],
uint8[])
IL_0079: stloc.s V_6
IL_007b: ldarg.0
IL_007c: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox Kaka.Form1::textBox1
IL_0081: callvirt instance string [System.Windows.Forms]System.Windows.Forms.Control::get_Text()
IL_0086: ldloc.1
IL_0087: ldloc.2
IL_0088: call string [mscorlib]System.String::Concat(string,
string)
IL_008d: callvirt instance bool [mscorlib]System.String::Equals(string)
IL_0092: brfalse.s IL_00ac
IL_0094: ldarg.0
IL_0095: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox Kaka.Form1::textBox2
IL_009a: ldloc.3
IL_009b: ldloc.s V_4
IL_009d: call string [mscorlib]System.String::Concat(string,
string)
IL_00a2: callvirt instance bool [mscorlib]System.Object::Equals(object)
IL_00a7: ldc.i4.0
IL_00a8: ceq
IL_00aa: br.s IL_00ad
IL_00ac: ldc.i4.1
IL_00ad: stloc.s V_7
IL_00af: ldloc.s V_7
IL_00b1: brtrue.s IL_00c2
IL_00b3: nop
IL_00b4: ldstr bytearray (EF 55 0C FF 0D 4E 19 95 0C FF 0D 4E 19 95 84 76 // .U...N.....N...v
D0 8F 14 6C 0C FF A9 8B 60 4F 1C 73 F9 5B 86 4E ) // ...l....`O.s.[.N
IL_00b9: call valuetype [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(string)
IL_00be: pop
IL_00bf: nop
IL_00c0: br.s IL_0100
IL_00c2: ldarg.0
IL_00c3: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox Kaka.Form1::textBox2
IL_00c8: callvirt instance string [System.Windows.Forms]System.Windows.Forms.Control::get_Text()
IL_00cd: ldloc.s V_5
IL_00cf: ldloc.s V_6
IL_00d1: call string [mscorlib]System.String::Concat(string,
string)
IL_00d6: callvirt instance bool [mscorlib]System.String::Equals(string)
IL_00db: ldc.i4.0
IL_00dc: ceq
IL_00de: stloc.s V_7
IL_00e0: ldloc.s V_7
IL_00e2: brtrue.s IL_00f3
IL_00e4: nop
IL_00e5: ldstr bytearray (EF 55 0C FF 0D 4E 19 95 0C FF 0D 4E 19 95 84 76 // .U...N.....N...v
D0 8F 14 6C 0C FF C8 53 A9 8B 60 4F 1C 73 F9 5B // ...l...S..`O.s.[
86 4E ) // .N
IL_00ea: call valuetype [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(string)
IL_00ef: pop
IL_00f0: nop
IL_00f1: br.s IL_0100
IL_00f3: nop
IL_00f4: ldstr bytearray (60 4F 9C 67 36 71 7D 59 C2 70 ) // `O.g6q}Y.p
IL_00f9: call valuetype [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(string)
IL_00fe: pop
IL_00ff: nop
IL_0100: ret
} // end of method Form1::button1_Click
分析下上面的代码 你就知道了
|
能力值:
( LV2,RANK:10 )
|
-
-
10 楼
.NET的 不用OD
|
能力值:
( LV2,RANK:10 )
|
-
-
11 楼
IL_00db: ldc.i4.0
IL_00dc: ceq
IL_00de: stloc.s V_7
IL_00e0: ldloc.s V_7
IL_00e2: brtrue.s IL_00f3 //爆破的关键点。
OD分析的关键部分:
00D708FF 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
00D70902 837D E4 00 CMP DWORD PTR SS:[EBP-1C],0
00D70906 75 11 JNZ SHORT 00D70919 //这里是关键点
00D70908 90 NOP
00D70909 8B0D CC6B2E02 MOV ECX,DWORD PTR DS:[22E6BCC]
00D7090F E8 74E34F7A CALL System_W.7B26EC88
爆破效果
|
能力值:
( LV5,RANK:60 )
|
-
-
12 楼
通过查看调用堆栈,进行回溯定位代码
|
能力值:
( LV2,RANK:140 )
|
-
-
13 楼
这都是些啥玩意儿? :)
+++++++++++++++++++++++++++++++
宗波,你好帅
全世界人民都知道我是帅哥啦
嗯,不错,不错的运气,让你猜对了
嗯,不错,不错的运气,又让你猜对了
你果然好烂
+++++++++++++++++++++++++++++++
|
能力值:
( LV2,RANK:10 )
|
-
-
14 楼
好像OD载入程序是在程序开头加了断点的吧((我猜猜猜)),也许程序自己把程序入口处OD设置的断点OVER了吧
|
