能力值:
( LV2,RANK:10 )
|
-
-
2 楼
tease大哥有时间的话 关注下……
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
这是 使用 Xenocode 壳压缩的
1.rar
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
Thanks 我再分析看看
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
注册关键点在这,如何去处理这些无法识别的串呢?
例如这一句
RegistryKey key = Registry.CurrentUser.OpenSubKey(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("njfdgmmdcmdefmkeambfklifelpffgggcjngakehkklhojcickjipiajdhhjckojmjfkjjmkjidlpiklcjbm", 0x419b355a)), true);
中的x1110bdd110cdcea4._xaacba899487bce8c ,什么东东?
private void Form1_Load(object sender, EventArgs e) { try { x7bd3a541d5154cce xbdadcce; string str; ManagementObjectSearcher searcher; string str2; RegistryKey key = Registry.CurrentUser.OpenSubKey(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("njfdgmmdcmdefmkeambfklifelpffgggcjngakehkklhojcickjipiajdhhjckojmjfkjjmkjidlpiklcjbm", 0x419b355a)), true); goto Label_019D; Label_0025: foreach (ManagementObject obj2 in searcher.Get()) { str2 = obj2[string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("dflechcfmgjfnfagmfhghgogegfhnfmhnfdibdkijebj", 0x4fca4b03))].ToString(); } goto Label_0082; if (0 != 0) { goto Label_0117; } Label_0082:; if (!(str2.ToUpper() != str.ToUpper().Split(new char[] { '|' })[0])) { goto Label_026B; } MessageBox.Show(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("ccpadmkpfdickemenbkehdempbifjhdfnbhfammfccmfbhdeopcgpjoebbda", 0x3e9a23a))); if (4 != 0) { base.Close(); goto Label_026B; } Label_00DC: MessageBox.Show(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("ibijjldilcbljbojlognaeflkcefcbiofoepfmpmkpnnljjmnaoh", 0x59bf2b30))); base.Close(); Label_00FC: searcher = new ManagementObjectSearcher(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("fklkejclijjloiamjihmhjomagfnhgmnkfdonhkogibpaiiplhpplegaphnaoiebajlbcfccoejcihadgghdfiodphfeahmepgdfkhkfhhbgahigahpg", 0x654dab52))); Label_0117: str2 = string.Empty; goto Label_0153; Label_0120: key.Close(); if (DateTime.Parse(str.Split(new char[] { '|' })[1]) >= DateTime.Now) { goto Label_00FC; } goto Label_00DC; Label_0153: if (2 != 0) { goto Label_0025; } Label_015A: str = key.GetValue(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("hknbalecpjlcgjcdhkjd", 0x5bcb1d3a))).ToString(); str = xbdadcce.DesDecrypt(str, string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("fhdoohkolhbpehipldppncgakcnaadebnclbdcccccjcecadhbhdjeodgefepameffdfodkflebg", 0x932e30d))); goto Label_0120; Label_019D: xbdadcce = new x7bd3a541d5154cce(); goto Label_015A; } catch { MessageBox.Show(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("fmhlcpnobemmmpinnjemkbjhcanamfiaaamadkbbfabbefipbohbcidaephl", 0x3b50571d))); base.Close(); goto Label_026B; } if (15 != 0) { goto Label_026B; } goto Label_0200; Label_01E3: if (this.autoopen == 1) { goto Label_025D; } if (3 != 0) { } return; Label_0200: this.checkautoopen.Checked = true; if (1 == 0) { goto Label_0256; } this.startThread(); if (0 != 0) { goto Label_01E3; } return; Label_0220: this.UidTimer.Enabled = true; goto Label_0200; Label_0256: if (-2147483648 != 0) { goto Label_0220; } Label_025D: if (this.refreshuid()) { this.listBox1.Items.Add(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("pfdgaooeaeffonlhcdhikbpffjigebngndac", 0x5368e954))); goto Label_0256; } if (0 == 0) { goto Label_0220; } Label_026B: path = Application.StartupPath + string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("mkdejlkejlbfokifkkpfkkggkkngakehlklhbjci", 0x21c4350)) + DateTime.Now.ToString().Replace(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("bjlc", 0x2ff72b71)), "").Replace(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("fgno", 0x6983ed2b)), "") + string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("plliplcjeljjihakllhkmlokflfl", 0x498a8b53)); if (!this.init()) { MessageBox.Show(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("ohlejckfbhkfadcgechkdifhehalnejcaenlgabkichkdkgemkneikefnjlfnjcgijjgmfahpjhhakohjjfijkbpfbcomfmpcciainlpdiebejmcjefcjbdcgdbdkcgcegeemgifmpfo", 0x6c78f961))); base.Close(); } goto Label_01E3; }
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
反编译后 Form1_Load中直接ret 然后编译回来可以爆掉它
字符看不懂 算法
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
你应该先学会退壳,这些是典型Xenocode 加密的字符
|
|
|